Values for content-security-policy:
upgrade-insecure-requests 7,845
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; 7,160
frame-ancestors 'self' 3,937
upgrade-insecure-requests; 2,865
frame-ancestors 'self'; 1,630
block-all-mixed-content 819
frame-ancestors 'none' 541
block-all-mixed-content; 500
block-all-mixed-content; frame-ancestors *; upgrade-insecure-requests; 397
frame-ancestors 'none'; 312
script-src 'self' 'unsafe-inline' 'unsafe-eval';object-src 'self';style-src 'self' 'unsafe-inline'; 235
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 204
default-src 'self' ws: wss: http: https: data: blob: 'unsafe-inline' 195
report-uri /report-csp-violation 146
frame-ancestors 'self' https://*.granicus.com https://platform.civicplus.com https://account.civicplus.com https://analytics.civicplus.com; img-src * data: blob:; worker-src * data: blob: 'unsafe-eval' 'unsafe-inline'; script-src * about: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob:; font-src * data:; default-src * 143
default-src https: data: 'unsafe-inline' 'unsafe-eval' 131
116
object-src 'none' 115
frame-ancestors 'self' https://*.ally.ac; 108
frame-ancestors 'self' http://webvisor.com 105
default-src 'self';     style-src 'unsafe-inline';     object-src 'none' 89
script-src 'self' blob: https://morris-server.de:8801 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; media-src 'self' data: blob: https://api.sparkassen-mediacenter.de https://sparkassen-mediacenter.de https://cdn.sparkassen-mediacenter.de 88
default-src * data: 'unsafe-eval' 'unsafe-inline' 81
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com 79
frame-ancestors * 79
self 70
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 70
img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com maps.gstatic.com maps.googleapis.com cbpssubscriber.mygov.in data:;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 62
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com; 61
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.baidu.com *.bing.com; 59
frame-ancestors 'self' godaddy.com *.godaddy.com 56
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.abt.s3.yandex.net *.ad-generation.jp *.adform.com *.adform.net *.adhouse.pro *.adlbelge.com *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnsafe.org *.adnxs.com *.adocean.pl *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.atombilisim.com.tr *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.binance.com *.bizzclick.com *.cashbackforex.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.dreamwater.com.tr *.dsp-media.eskimi.com *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jsdelivr.net *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.preply.com *.programattik.com *.protagcdn.com *.publisher-network.com *.pubmatic.com *.radyotelekom.com.tr *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.schema.org *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.static.hotjar.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.thalespirlanta.com *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.ttwstatic.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com ads.vidoomy.com api-maps.yandex.ru api.adnsafe.org buttons-config.sharethis.com c1.imgiz.com cdn.ampproject.org cdn.doubleverify.com cdn.id5-sync.com cdn.jsdelivr.net cdn.ravenjs.com cdn2.bildirt.com gdetr.hit.gemius.pl google.com googlesyndication.com invstatic101.creativecdn.com js.globalsun.io jscdn.greeter.me lidertv.radyotelekom.com.tr myvalice.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com pcode.yads.tech pghub.io platform-api.sharethis.com player.im pool-eu.creative-serving.com preply.com protagcdn.com script.4dex.io static-maps.yandex.ru static.cdn.pixad.com.tr tags.crwdcntrl.net testerparfum.com trgde.adocean.pl yastatic.net; 56
upgrade-insecure-requests;object-src 'none' 55
upgrade-insecure-requests; block-all-mixed-content 54
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests 52
default-src 'none' 51
frame-ancestors 'self' ; 46
frame-ancestors 'self' https://app.grovecms.org/ 45
frame-ancestors 'self' *.tsoftpanel.com *.paneltsoft.com; 45
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 39
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: data: blob: wss://realtimeeventfeeds.viafoura.co wss://sub.viafoura.co; media-src blob: data: https:; object-src https:; child-src https: data: blob:; upgrade-insecure-requests; block-all-mixed-content; 38
default-src 'self' http: https: data: blob: 'unsafe-inline' 37
report-uri /report-csp-violation; upgrade-insecure-requests 36
upgrade-insecure-requests; frame-ancestors 'self' 36
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https: 36
frame-ancestors 'self'; upgrade-insecure-requests 34
frame-ancestors 'self' https://*.cdn.ampproject.org/ https://bing-amp.com/ https://*.tm-aws.com/ https://*.tm-awx.com/; 34
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 34
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; 33
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 32
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 31
* 31
frame-ancestors 'self' https://my.oracle.com https://eeho.fa.us2.oraclecloud.com https://blogs.oracle.com *.khapps.com *.khapps.jp *.lsapps.oracle.com *.lsapps.oracle.jp 29
frame-ancestors 'self' ;upgrade-insecure-requests; 28
frame-ancestors 'self' https://*.akifast.com akifast.com 28
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 27
block-all-mixed-content; upgrade-insecure-requests; 27
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 26
frame-ancestors zyro.com *.zyro.com *.builder-preview.com *.zyro.space *.hostinger.com *.hostinger.io *.hostinger.in *.hostinger.co.uk 25
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'none'; img-src 'self' data: *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' 24
frame-ancestors 'self' continuum.epublishing.com *.continuum.epublishing.com 24
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=; 23
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 23
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 22
default-src 'self' wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https: http:; report-uri https://secure.booked.net/?page=stat&t=csp 22
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self' 22
base-uri 'self';default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';    script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';form-action * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';report-uri /post_report/;report-to default; 21
default-src https: data: 'unsafe-eval' 'unsafe-inline' blob: 21
frame-ancestors 'self' https://app.contentful.com 21
frame-ancestors 'self'; report-uri /report-csp-violation 21
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline' 21
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 21
form-action 'self' 20
frame-ancestors 'self' https://cms.scrippsdigital.com 20
default-src 'self' 'unsafe-inline' https://park.101datacenter.net  https://*.deviceatlascloud.com/ https://cs.deviceatlas-cdn.com data: 20
default-src 'self' 'unsafe-inline' 20
frame-ancestors 'self' https://dbwas.service.deutschebahn.com 20
frame-ancestors self 19
base-uri 'self' 19
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; 19
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval' 19
block-all-mixed-content; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 18
default-src 'self' 18
frame-ancestors none 18
upgrade-insecure-requests; block-all-mixed-content; 18
upgrade-insecure-requests;connect-src * 18
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 18
frame-ancestors 'self' https://*.studio.design https://studio.design https://studio.inc; 18
default-src https: wss: blob: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 18
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 17
frame-ancestors 'self' azeu.marketing.adobe.com 17
frame-ancestors 17
child-src * blob: 17
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *; 17
frame-ancestors 'self' https://chat.baidu.com http://mirror-chat.baidu.com https://fj-chat.baidu.com https://hba-chat.baidu.com https://hbe-chat.baidu.com https://njjs-chat.baidu.com https://nj-chat.baidu.com https://hna-chat.baidu.com https://hnb-chat.baidu.com http://debug.baidu-int.com; 17
frame-ancestors 'self' *.plentymarkets-cloud-de.com 17
frame-ancestors  'self' asia.espn.com:* asia.espnqa.com:* *.espn.com:* *.espnqa.com:* *.espnsb.com:* *.espnsb.com *.espn.co.uk *.espndeportes.espn.com *.espn.com.br *.espn.com.mx *.espn.com.ve *.espn.com.ar *.espn.com.co *.espnfc.com.au *.espn.com.au *.espn.in *.espn.com.sg *.espn.cl *.espn.ph *.espn.ph:* *.espn.com.pe *.espn.com.gt *.espn.com.do *.espn.com.ec *.espn.com.uy *.espn.com.pa *.espn.co.cr qa.abcnews.go.com preview.abcnews.go.com abc7ny.com abc7.com *.abcotvssb.com preview.goodmorningamerica.com http://*.espnqa.com:* http://*.espn.com:* *.abcotvssb.com *.abcnews.go.com *.abcnews.go.com:* http://*.abcnews.go.com:* abc30.com abc7news.com abc13.com abc7chicago.com 6abc.com abc11.com *.goodmorningamerica.com qa.abc7.com qa.abc30.com qa.abc7news.com qa.abc13.com qa.abc7chicago.com qa.6abc.com qa.abc7ny.com qa.abc11.com *.abcnews.go.com:* abcnews.go.com qa.secsports.com *.secsports.com https://*.espn.com:* *.espnqa.com:* 16
frame-ancestors 'self' *.google.com *.googleusercontent.com 16
upgrade-insecure-requests; report-uri https://o144486.ingest.sentry.io/api/5543380/security/?sentry_key=e66dfe54be8e47219dd8103b4deb2f1a&sentry_environment=policy_reports 16
frame-ancestors 'self' https://www.deco.cx 127.0.0.1:* localhost:* http://localhost:* http://127.0.0.1:* https://admin.deco.cx/ https://v0-admin.deco.cx/ https://play.deco.cx/ 16
base-uri 'self'; 15
img-src https: data:; upgrade-insecure-requests 15
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; connect-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; manifest-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; object-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; prefetch-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; style-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; form-action 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; worker-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 15
default-src 'self'; script-src 'self' 'unsafe-inline' 15
frame-ancestors https://web.telegram.org 15
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.teststagram.com *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.teststagram.com *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.teststagram.com *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://meta.privacy-gateway.cloudflare.com/relay;font-src *.teststagram.com *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net data: *.igsonar.com *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;block-all-mixed-content;upgrade-insecure-requests; 14
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 14
default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 14
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'none'; 14
frame-ancestors 'self' *.smartagent.app *.jdmesh.co *.choicestore.com http://localhost:* https://localhost:*; form-action https:; script-src https: 'unsafe-inline' 'unsafe-eval' 14
img-src * data:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none'; 14
block-all-mixed-content; frame-ancestors 'self' 14
default-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; font-src * 'self' data: 14
frame-ancestors 'self' https://epson.custhelp.com https://epson-es.custhelp.com https://epson-pt.custhelp.com 14
frame-ancestors 'self' xerox.com *.xerox.com carear.app 13
frame-ancestors 'self' http://webvisor.com http://*.webvisor.com 13
frame-ancestors iinet.net.au:* *.iinet.net.au:* westnet.com.au:* *.westnet.com.au:* tpg.com.au:* *.tpg.com.au:* tpgtelecom.com.au:* tpgtelecom.com.au:* *.tpgtelecom.com.au:* internode.on.net:* *.internode.on.net:*; 13
frame-ancestors 'self' ; base-uri 'self'; 13
upgrade-insecure-requests; frame-ancestors 'self'; 13
frame-ancestors 'self' https://app.storyblok.com 13
default-src 'none'; style-src 'unsafe-inline'; img-src data:; connect-src 'self' 13
frame-ancestors 'self' https://staging-app.boxoffice.com https://app.boxoffice.com 13
img-src 'self' *.twimg.com *.twitter.com img.youtube.com *.s3waas.gov.in secure.gravatar.com data: maps.gstatic.com maps.googleapis.com cbpssubscriber.mygov.in;connect-src 'self' *.s3waas.gov.in maps.googleapis.com www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 13
default-src blob: * 'unsafe-inline' 'unsafe-eval'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src * data: 'unsafe-inline'; 13
default-src https: wss:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; frame-ancestors 'self' https://michelin.clic2buy.com https://*.iadvize.com https://*.blueconic.net; worker-src blob: data: https:; font-src https: data:; script-src-elem 'unsafe-inline' 'unsafe-eval' * blob: 13
sandbox allow-same-origin allow-scripts allow-orientation-lock allow-pointer-lock allow-forms allow-popups allow-top-navigation-by-user-activation; 13
frame-src 'self'; frame-ancestors 'self'; object-src 'none'; 13
upgrade-insecure-requests;report-uri https://metrics.media-amazon.com/ 12
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data:; connect-src *; font-src * data:; upgrade-insecure-requests; block-all-mixed-content 12
default-src https: blob:; connect-src https: wss: blob:; font-src https: data:; frame-src https:; frame-ancestors 'self'; img-src https: blob: data:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; 12
default-src https: 'unsafe-eval' 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src * data: blob: ; base-uri 'self'; upgrade-insecure-requests; font-src https: 'unsafe-inline' data: 'unsafe-inline'; worker-src * blob:; 12
object-src 'none'; 12
frame-ancestors 'self' https://mycolorcoach-cpd.e-loreal.com 12
frame-ancestors 'self' https://testbaba.virtualcms.it 12
default-src https: wss: about: data: blob: 'unsafe-inline' 'unsafe-eval' 12
frame-ancestors http://*.interactcp.com https://*.interactcp.com 'self'; 12
frame-ancestors https://library.mulesoft.com https://resources.mulesoft.com 'self' 12
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net fw-cdn.com *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/ https:; manifest-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to cdn.jsdelivr.net *.freshdesk.com *.freshworks.com https://fonts.googleapis.com/css https://*.freshchat.com/; font-src 'self' fonts.gstatic.com cdn.livechatinc.com *.tawk.to; img-src 'self' cdn.jsdelivr.net tawk.link https: data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com; media-src 'self' data: cdn.databerjalan.com dataset.catgarong.com cdn.livechatinc.com youtube.com vimeo.com dailymotion.com twitch.com; object-src 'self' data:; connect-src 'self' data: cdn.databerjalan.com cdn.databerjalan.com cdn.livechat-files.com www.google-analytics.com unpkg.com *.tawk.to wss://*.tawk.to https: wss:; frame-src *.tawk.to https:; frame-ancestors 'self'; form-action 'self' *.tawk.to 12
upgrade-insecure-requests; frame-ancestors 'self' https://explore.bitdefender.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazon *.redditstatic.com *.roeyecdn.com *.unpkg.com *.googleadservices.com *.2checkout.com *.cookielaw.org *.criteo.com *.dwin1.com *.bitdefender.com *.bitdefender.biz *.bitdefender.net *.bitdefender.fr *.bitdefender.de *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.es *.bitdefender.it *.bitdefender.pt *.bitdefender.com.br *.bitdefender.ro *.bitdefender.nl *.bitdefender.be *.bitdefender.se *.bitdefender.co.jp bitdefender.co.jp bitdefender.applytojob.com *.adobe.com *.facebook.com *.facebook.net *.doubleclick.net *.adsrvr.org *.mathtag.com *.google.com *.google.ro *.flashtalking.com *.amazon-adsystem.com *.livechatinc.com *.twitter.com *.ads-twitter.com  *.cedexis.com *.cedexis-test.com *.youtube.com *.soundcloud.com *.hubspot.com *.cookiebot.com *.vimeo.com *.edgecastcdn.net *.linkedin.com *.hsforms.com *.hsforms.net *.cloudfront.net *.edgecastdns.net *.hotjar.com *.zanox.ws *.zanox.com *.usemax.de usemax.de dpm.de *.mdex.net mdex.net *.omniture.com widget.trustpilot.com *.2o7.net *.omtrdc.net *.demdex.net *.adobedtm.com api-eu.boldchat.com livechat-eu.boldchat.com *.youtube-nocookie.com *.instagram.com instawidget.net *.scarabresearch.com *.zenaps.com pixel.xonaz.com tags.dynamo.one *.redintelligence.net 20787700p.rfihub.com *.outgrow.us *.alchemer.com *.adyen.com *.paypal.com paypal.com ad.ad-srv.net fullstory.com ad4m.at *.googletagmanager.com bat.bing.com *.impactradius-event.com *.outbrain.com *.gartner.com *.gstatic.com *.licdn.com *.bizible.com *.clarity.ms *.demandbase.com *.hs-scripts.com *.sf14g.com *.hsadspixel.net *.hs-analytics.net *.hsleadflows.net *.hs-banner.com *.usemessages.com *.company-target.com *.techtarget.com *.privacyportal-de.onetrust.com *.geolocation.onetrust.com *.avads.net cdn.jsdelivr.net; 11
upgrade-insecure-requests; media-src https: blob:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data:; 11
frame-ancestors 'self' iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ 11
sandbox allow-scripts; default-src 'self'; img-src https:; style-src 'unsafe-inline'; script-src 'unsafe-inline'; report-uri http://csp.yahoo.com/beacon/csp?src=redirect 11
frame-ancestors 'self' *.nvidia.com https://widget.stackla.com https://app-sj14.marketo.com https://www.youtube.com https://www.quadro-selector.com http://player.youku.com https://player.youku.com https://live.nvidia-china.com https://www.google.com *.nvidia.cn https://events.rainfocus.com https://www.twitch.tv https://store.nvidia.ru https://store.nvidia.in *.geforcenow.com https://salespro.hpe.com https://hpe.seismic.com; 11
frame-ancestors 'none'; upgrade-insecure-requests 11
frame-ancestors 'self' adultmobile.com *.adultmobile.com babes.com *.babes.com babesnetwork.com *.babesnetwork.com bblmate.com *.bblmate.com biempire.com *.biempire.com bigstr.com *.bigstr.com blackmaleme.com *.blackmaleme.com brazzers.com *.brazzers.com brazzersnetwork.com *.brazzersnetwork.com bromo.com *.bromo.com bromonetwork.com *.bromonetwork.com cambb.xxx *.cambb.xxx cambuilder.com *.cambuilder.com camdevils.com *.camdevils.com camjab.com *.camjab.com camutik.com *.camutik.com clipeek.com *.clipeek.com czechhunter.com *.czechhunter.com danejones.com *.danejones.com debtdandy.com *.debtdandy.com deviante.com *.deviante.com devianthardcore.com *.devianthardcore.com digitalplayground.com *.digitalplayground.com digitalplaygroundnetwork.com *.digitalplaygroundnetwork.com dilfed.com *.dilfed.com dirtyscout.com *.dirtyscout.com doghousedigital.com *.doghousedigital.com dpmate.com *.dpmate.com erito.com *.erito.com eroticspice.com *.eroticspice.com extremetubemate.com *.extremetubemate.com fakehostel.com *.fakehostel.com fakehub.com *.fakehub.com faketaxi.com *.faketaxi.com familyhookups.com *.familyhookups.com familysinners.com *.familysinners.com forgivemefather.com *.forgivemefather.com gilfed.com *.gilfed.com girlgrind.com *.girlgrind.com hentaipros.com *.hentaipros.com hentaiprosnetwork.com *.hentaiprosnetwork.com hotgirlsgame.com *.hotgirlsgame.com househumpers.com *.househumpers.com iconmale.com *.iconmale.com iknowthatgirl.com *.iknowthatgirl.com kinkyspa.com *.kinkyspa.com lesbea.com *.lesbea.com letspostit.com *.letspostit.com liveporncams.xxx *.liveporncams.xxx loveherass.com *.loveherass.com maleaccess.com *.maleaccess.com men.com *.men.com mennetwork.com *.mennetwork.com menxposed.com *.menxposed.com metrohd.com *.metrohd.com milehighmedia.com *.milehighmedia.com milfed.com *.milfed.com mofos.com *.mofos.com mofosnetwork.com *.mofosnetwork.com momslickteens.com *.momslickteens.com nastycast.com *.nastycast.com noirmale.com *.noirmale.com nudecams.xxx *.nudecams.xxx nudeporncams.xxx *.nudeporncams.xxx onbrazzers.com *.onbrazzers.com onmofos.com *.onmofos.com papi.com *.papi.com prettydirtyteens.com *.prettydirtyteens.com privatamateure.com *.privatamateure.com propertysex.com *.propertysex.com publicagent.com *.publicagent.com realitydudes.com *.realitydudes.com realitydudesnetwork.com *.realitydudesnetwork.com realityjunkies.com *.realityjunkies.com realitykings.com *.realitykings.com rk.com *.rk.com seancody.com *.seancody.com seancodynetwork.com *.seancodynetwork.com sexapemate.com *.sexapemate.com sexroulettelive.net *.sexroulettelive.net sextubemate.com *.sextubemate.com sexworking.com *.sexworking.com sexyhub.com *.sexyhub.com shewillcheat.com *.shewillcheat.com spicevids.com *.spicevids.com spicevidsgay.com *.spicevidsgay.com squirted.com *.squirted.com sweetheartvideo.com *.sweetheartvideo.com sweetsinner.com *.sweetsinner.com taboomale.com *.taboomale.com teenslovehugecocks.com *.teenslovehugecocks.com trannytubemate.com *.trannytubemate.com transangels.com *.transangels.com transangelsnetwork.com *.transangelsnetwork.com transharder.com *.transharder.com transsensual.com *.transsensual.com trueamateurs.com *.trueamateurs.com twinkpop.com *.twinkpop.com twistedfamilies.com *.twistedfamilies.com twistys.com *.twistys.com twistysnetwork.com *.twistysnetwork.com vidsmate.com *.vidsmate.com voyr.com *.voyr.com whynotbi.com *.whynotbi.com; report-uri /api/csp-report; 11
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 11
frame-ancestors 'self' https://*.sitewrench.com https://*.speakcreative.com 11
frame-ancestors 'self' https://pge.segmanta.com https://www.babylist.com shop.pampers.com 11
frame-ancestors 'self' https://webvisor.com http://webvisor.com; 11
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' blob: data: https://*; media-src 'self' blob: data: https://*; frame-ancestors 'self'; report-uri /cspreporting.php; report-to csp-endpoint; 11
frame-ancestors 'self' https://metrika.yandex.ru/ 10
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist 10
default-src * data: blob: 'unsafe-eval' 'unsafe-inline' 10
object-src 'self' https://www.youtube.com/ https://www.3cx.com/;frame-src 'self' mailto: tel: https://3cx.com https://www.google.com https://cse.google.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://static.ads-twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com https://player.vimeo.com; frame-ancestors 'self' 10
default-src * 'self' blob:; script-src * 'self' blob: 'unsafe-inline'; style-src * 'self' blob: 'unsafe-inline'; img-src * 'self' blob: data:; font-src * 'self' blob: data:; media-src * 'self' blob: 10
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it 10
frame-ancestors none; 10
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * blob:; font-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data: blob:; frame-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' * data:; report-uri https://hyperia.report-uri.com; block-all-mixed-content; upgrade-insecure-requests 10
frame-ancestors 'self' https://aboutyou.content.aboutyou.cloud https://aboutyou.content.staging.aboutyou.cloud 10
frame-ancestors 'self'; report-uri csp-reports; report-to csp-endpoint; 10
default-src 'self'; object-src 'self' blob:; frame-ancestors 'self' flex.cybersource.com; worker-src blob: ; frame-src 'self' blob: *; media-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' api.brainsins.com mw.brainsins.com d2xkqxdy6ewr93.cloudfront.net *.cloudfront.net cdn.pushassist.com trc.taboola.com *.collect.igodigital.com resources.convious-app.com client.convious-app.com  cdn.taboola.com 510001631.collect.igodigital.com script.hotjar.com 510001630.collect.igodigital.com  static.hotjar.com launch-9151dc1e0eb6-development  mstat.acestream.net www.gstatic.com flex.cybersource.com pe-kw.store.kennywood.com pe-cp.store.castlepark.com www.google.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com  www.googletagmanager.com  www.google-analytics.com *.parquesreunidos.es assets.adobedtm.com amplify.review-alerts.com static-eu.payments-amazon.com maps.googleapis.com cdn.cookielaw.org geolocation.onetrust.com grpr.tt.omtrdc.net launch-9151dc1e0eb6-development cd.livechatin.com api-pre.adminos.parquesreunidos.com analytics.tiktok.com ts.tradetracker.net sleeknotecustomerscripts.sleeknote.com mstat.acestream.net pilaff-up.ru statusklic.info cdn.notifyon.com cdn.livechatinc.com eu5.bookingkit.de js.mollie.com www.paypal.com www.sandbox.paypal.com checkoutshopper-live.adyen.com sandbox.src.mastercard.com src.mastercard.com assets.secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com twimg.com publish.twitter.com platform.linkedin.com track.adform.net static.criteo.net tagmanager.google.com ssl.google-analytics.com ajax.aspnetcdn.com d2cmqkwo8rxlr9.cloudfront.net ad.doubleclick.net apis.google.com www.youtube.com platform.twitter.com s.ytimg.com syndication.twitter.com api.livechatinc.com www.googleoptimize.com  optimize.google.com trck.spoteffects.net i.realytics.io cdn-eu.realytics.net  pe-kw.store.kennywood.com pe-cp.store.castlepark.com pe-rwsydney.store.ragingwaterssydney.com.au pe-sps.store.splishsplash.com pe-sl.store.storylandnh.com pe-na.store.noahsarkwaterpark.com pe-sc.store.sandcastlewaterpark.com pe-wc.store.watercountry.com pe-rwsd.store.ragingwaters.com static.zdassets.com *.optimonk.com sdks.shopifycdn.com ajax.googleapis.com webchat.masvoz.es static.b-ite.com cs-assets.b-ite.com pixel.mathtag.com bat.bing.com cdn.jsdelivr.net farm.plista.com j01l4h3n.com diffuser-cdn.app-us1.com www.rvty.net *.clarity.ms 5mcl.fr *.adnxs.com static.tacdn.com prism.app-us1.com trackcmp.net www.jscache.com cdn.scratcher.io s2.adform.net cdn.leadfamly.com www.tripadvisor.com www.tripadvisor.fr cpi.mirabilandia.it www.opinator.com pe-iw.store.idlewild.com js.adsrvr.org tracker.marinsm.com pe-dw.store.dutchwonderland.com static.zuora.com pe-waw.store.emeraldpointe.com pe-rwsc.store.rwsac.com pe-mn.store.malibunorcross.com *.quantummetric.com t.contentsquare.net pe-bps.store.boomerspalmsprings.com cdn.smooch.io adventurelandresort.secure-cdn.na.accessoticketing.com pe-bv.store.boomersvista.com pe-rwsj.store.rwsplash.com pe-lc.store.lakecompounce.com pe-mm.store.mountasiamarietta.com app.mews.com apps.mews.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com pay.google.com easyway-webchat.s3.eu-north-1.amazonaws.com *.smooch.io sc-static.net tr.snapchat.com *.sprinklr.com apps.mypurecloud.ie surveydynamix.com apps.mypurecloud.com osm.klarnaservices.com js.klarna.com pagead2.googlesyndication.com static.sojern.com *.outbrain.com tib2.tropical-islands.de sla3.slagharen.com mir8.mirabilandia.it mib9.mirabeach.mirabilandia.it war5.parquewarner.com wab6.parquewarnerbeach.parquewarner.com pam4.parquedeatracciones.es mpg3.movieparkgermany.de mar7.marineland.fr zoo2.zoomadrid.com fau4.faunia.es bjl1.bobbejaanland.be bld2.bonbonland.dk dwo7.dutchwonderland.com bnp8.bonoparques.es tus1.tusenfryd.no swa4.selwo.es swm9.selwomarina.es teb6.telefericobenalmadena.com mxa8.atlantisaquarium-madrid.es bel7.belantis.de blk3.blackpoolzoo.org.uk bos6.sommarland.no bor5.oceanarium.co.uk aqs1.aquasplash.fr car1.cartaya.aquopolis.es cda2.costa-dorada.aquopolis.es cul3.cullera.aquopolis.es tor4.torrevieja.aquopolis.es vil5.villanueva.aquopolis.es slp2.sealifeparkhawaii.com ctp3.castlepark.com knw4.kennywood.com adp5.adventurelandresort.com lkc8.lakecompounce.com cnh1.cartoonnetworkhotel.com sct1.sandcastlewaterpark.com stl6.storylandnh.com sny5.splishsplash.com lsa6.livingshores.com rla9.ragingwaters.com syd7.ragingwaterssydney.com.au wco2.watercountry.com wep3.emeraldpointe.com noa8.noahsarkwaterpark.com idw7.idlewild.com webchat.digitalcx.com; style-src * 'unsafe-inline' blob:; font-src * data:; connect-src * 10
block-all-mixed-content;connect-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss:;default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: blob: wss: 'report-sample';font-src 'self' data: https: blob: wss: assets.msn.com assets2.msn.com assets.msn.cn assets2.msn.cn;frame-ancestors 'self' int1.msn.com ntp.msn.cn ntp.msn.com windows-int1.msn.com windows.msn.cn windows.msn.com www.bing.com www.msn.com mathsolver.microsoft.com mathsolver-dev.microsoft.com chrome-extension://lklfbkdigihjaaeamncibechhgalldgl;media-src 'self' https: blob:;report-to csp-endpoint;worker-src 'self' https: blob: 'report-sample'; 10
frame-ancestors 'self' *.hotmart.com *.buildstaging.com *.kpages.com.br *.klickpages.com.br sun.eduzz.com http://*.monetizze.com.br https://*.monetizze.com.br http://aporasal.net https://aporasal.net http://adf.ly https://adf.ly 10
default-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 10
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com swdlp.apple.com www.apple.com www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: *.apple.com *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com 9
frame-ancestors 'self' https://premiersupport.intel.com https://c0.avaamo.com *.intel.com; object-src 'self'; 9
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xnxx.com/csp-reports; report-to csp-endpoint 9
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; 9
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap:; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap:; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; connect-src self * 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; 9
frame-ancestors 'self' *.aftership.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.am-static.com *.automizely.com *.aftership.com *.automizely-analytics.com static.cloudflareinsights.com www.googletagmanager.com ws.zoominfo.com accounts.google.com www.google.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com snap.licdn.com connect.facebook.net static.ads-twitter.com bat.bing.com www.clarity.ms tracking.g2crowd.com www.gstatic.com www.gstatic.cn widget.freshworks.com client.crisp.chat app.storyblok.com www.recaptcha.net code.jquery.com *.hotjar.com j.6sc.co js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net js.hsadspixel.net *.tiktok.com *.ttwstatic.com; object-src 'none' 9
default-src * data: 'unsafe-eval' 'unsafe-inline' blob: 9
default-src * blob: data: cid:; img-src * data: blob: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 9
frame-ancestors 'self' *.vercel.app *.rivt.com rivt.com *.outsideapi.com outsideapi.com *.pocketoutdoormedia.com outsideinc.com pocketoutdoormedia.com *.outsideinc.com velopress.com *.velopress.com *.mycoloradoparks.com mycoloradoparks.com *.rockandice.com rockandice.com *.theboxmag.com theboxmag.com *.nationalparktrips.com nationalparktrips.com  *.nationalparktripsmedia.com nationalparktripsmedia.com *.betamtb.com betamtb.com *.mysmokymountainpark.com mysmokymountainpark.com *.myolympicpark.com myolympicpark.com *.climbing.com climbing.com *.backpacker.com backpacker.com *.podiumrunner.com podiumrunner.com *.skimag.com skimag.com myutahparks.com *.myutahparks.com *.mygrandcanyonpark.com mygrandcanyonpark.com *.oxygenmag.com oxygenmag.com *.triathlete.com triathlete.com velonews.com *.velonews.com muscleandperformance.com *.muscleandperformance.com *.outsidebusinessjournal.com outsidebusinessjournal.com snewsnet.com *.snewsnet.com gymclimber.com *.gymclimber.com livebeyoga.com *.yogajournal.com yogajournal.com *.livebeyoga.com womensrunning.com *.womensrunning.com trailrunnermag.com *.trailrunnermag.com outsideonline.com *.outsideonline.com *.betternutrition.com betternutrition.com vegetariantimes.com *.vegetariantimes.com cleaneating.com *.cleaneatingmag.com cleaneatingmag.com *.cleaneating.com *.thenaturx.com thenaturx.com *.yellowstonepark.com yellowstonepark.com *.myyellowstonepark.com myyellowstonepark.com myyosemitepark.com *.myyosemitepark.com *.rollmassif.com rollmassif.com *.getcairn.com getcairn.com *.athletereg.com athletereg.com *.finisherpix.com finisherpix.com *.pinkbike.com pinkbike.com *.pinkbike.org pinkbike.org *.bikereg.com bikereg.com *.runreg.com runreg.com *.trireg.com trireg.com *.skireg.com skireg.com *.pledgereg.com pledgereg.com *.gaiagps.com gaiagps.com *.trailforks.com trailforks.com 9
frame-ancestors 'self' devcue.diks.fi cue.media.fi http://jankko-importer.prod.media.fi http://jankko-importer.test.media.fi http://localhost:5000 http://cue.test:* http://cue.cue-web:* https://edit-nitrogen-cs-public-alb.diks.fi; 9
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self'; upgrade-insecure-requests; 9
frame-ancestors 'none'; connect-src 'self' http://127.0.0.1:*; default-src https: 'unsafe-inline' 9
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 9
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tags.creativecdn.com https://cdn.cquotient.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.dynamicyield.com https://empme11111.pcapredict.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.dwin1.com https://*.facebook.net https://*.bing.com https://*.criteo.net https://*.stylight.net https://*.linkfire.com  https://*.pinimg.com https://*.adsrvr.org https://sc-static.net https://*.tiktok.com https://*.kuponacdn.de https://*.ad-srv.net https://ad4m.at https://*.ad4m.at https://*.bounce-commerce.de https://*.usemaxserver.de https://*.soreto.com https://*.gsitrix.com https://*.snapchat.com https://*.clarity.ms https://*.criteo.com https://*.paypal.com https://*.scarabresearch.com https://*.cloudfront.net https://*.fatmedia.io https://*.payments-amazon.com https://hal9000.redintelligence.net https://*.klarnacdn.net https://*.adyen.com https://live.adyen.com https://www.googleadservices.com https://api.sovendus.com https://www.awin1.com https://*.sciencebehindecommerce.com https://*.amazonaws.com https://*.b-cdn.net https://*.klarnaservices.com https://*.cquotient.com https://www.glami.sk https://www.glami.cz https://creativecdn.com https://dmdi.pl https://emp-merchandising-gmbh.jobbase.io https://emp-merchandising-gmbh.onlyfy.jobs https://cdn.studentbeans.com/third-party/all.js https://amplify.outbrain.com/cp/obtp.js https://ai.trk42.net/ https://pixel.dmdi.pl/s/tr.js https://c.imedia.cz/js/retargeting.js https://*.osp.live https://widget.sendwise.sevensenders.com https://*.seznam.cz https://*.twitch.tv https://*.getback.ch http://*.static.getback.ch https://www.mainadv.com https://*.thebrighttag.com https://*.rubiconproject.com https://*.klarna.com https://*.pinterest.com https://*.kpcustomer.de blob:; 9
default-src https: http: wss: 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 9
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 9
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 9
frame-ancestors 'self' *.insparx.com *.insparx.org; 9
font-src *;img-src * data:; 9
frame-ancestors https://*.login.smartweb.test https://*.admin.shop-sftest.io https://*.webshop-admin.scannet.dk https://*.admin.hostedshop.io https://*.admin.hostedcms.io https://*.webshop.dandomain.dk 9
frame-ancestors 'self' https://omnidoctor.ru/ 9
upgrade-insecure-requests; frame-ancestors *.lumen.com *.lumentech.com *.brightspeed.com http://static.virtualroi.com/; 8
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com/analytics.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com https://munchkin.marketo.net https://app-abj.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://geoip-js.com https://ads.avocet.io https://trk.techtarget.com https://j.6sc.co/6si.min.js https://tags.srv.stackadapt.com https://ads.avct.cloud https://js.driftt.com https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.jsdelivr.net/simplemde/latest/simplemde.min.js https://cdn.jsdelivr.net/npm/@json-editor/json-editor@latest/dist/jsoneditor.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://go.affec.tv https://bat.bing.com/bat.js https://s7.addthis.com/js/300/addthis_widget.js https://m.addthis.com https://z.moatads.com https://cdn.jsdelivr.net/npm/datalist-polyfill@latest/datalist-polyfill.min.js https://snap.licdn.com https://tracking.g2crowd.com https://bat.bing.com https://connect.facebook.net https://tags.srv.stackadapt.com https://widget.spreaker.com *.visualwebsiteoptimizer.com app.vwo.com *.sharethis.com https://unpkg.com/dropzone@5/dist/min/dropzone.min.js  https://d1hgczpbubj217.cloudfront.net/video-widget/ https://www.youtube.com/ https://app-static.turtl.co/embed/turtl.embed.v1.js https://js.zi-scripts.com/zi-tag.js; object-src 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *; img-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *; media-src 'self'; frame-src 'self' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com *; child-src 'self' 'unsafe-inline' blob:; worker-src 'self' blob:; font-src 'self' 'unsafe-inline' data: *; connect-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; report-uri /report-csp-violation 8
frame-ancestors 'self' http://wa.aruba.it https://wa.aruba.it 8
default-src *;script-src 'self' resource://pdf.js 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net events.webnode.com js.stripe.com www.gstatic.com www.googleadservices.com www.googletagmanager.com bat.bing.com connect.facebook.net a.quora.com www.google-analytics.com googleads.g.doubleclick.net c.imedia.cz www.google.com www.google.de www.google.com.br cdn.inspectlet.com *.clarity.ms *.bing.com c.seznam.cz pagead2.googlesyndication.com s.yimg.jp cdn.euc-freshbots.ai blob: euc-widget.freshworks.com/widgets/101000002785.js euc-widget.freshworks.com/widgetBase/ b98.yahoo.co.jp https://s.pinimg.com https://track.adform.net https://s2.adform.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net www.gstatic.com js.stripe.com d11bh4d8fhuq47.cloudfront.net d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net use.typekit.net p.typekit.net cdn.euc-freshbots.ai euc-widget.freshworks.com/widgetBase/static/media/;img-src 'self' data: mediastream: blob: filesystem: *.teamblue.services d1rv23qj5kas56.cloudfront.net d3nn3278imm5nr.cloudfront.net du5rkdszt1kq5.cloudfront.net d11bh4d8fhuq47.cloudfront.net d1bz77arbww182.cloudfront.net d1me9yvfki5736.cloudfront.net d6scj24zvfbbo.cloudfront.net *.pbhom-cdnwnd.com *.cbaul-cdnwnd.com *.clvaw-cdnwnd.com www.webnode.com www.gstatic.com q.stripe.com bat.bing.com q.quora.com www.google.com www.google.cz www.google.de www.google.com.br www.google-analytics.com googleads.g.doubleclick.net cx.atdmt.com c.seznam.cz www.facebook.com www.googletagmanager.com *.clarity.ms *.bing.com *.webnode.com *.webnode.cz *.webnode.sk *.webnode.at *.webnode.es *.webnode.cl *.webnode.com.ve *.webnode.com.uy *.webnode.mx *.webnode.com.co *.webnode.co *.webnode.com.ar *.webnode.com.py *.webnode.bo *.webnode.do *.webnode.ec *.webnode.pe *.webnode.cr *.webnode.com.br *.webnode.pt *.webnode.it *.webnode.fr *.webnode.us *.webnode.in *.webnode.gr *.webnode.com.tr *.webnode.cn *.webnode.tw *.webnode.nl *.webnode.be *.webnode.jp *.webnode.hu *.webnode.ru *.webnode.com.ua *.webnode.se *.webnode.dk *.webnode.lv *.webnode.hr *.webnode.no *.webnode.co.uk *.webnode.vn *.webnode.ro *.webnode.cat *.webnode.kr *.webnode.fi ct.capterra.com d1di2lzuh97fh2.cloudfront.net duyn491kcolsw.cloudfront.net cdn.euc-freshbots.ai cdn.freshbots.ai fc-euc1-00-pics-bkt-00.s3.eu-central-1.amazonaws.com https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://ct.pinterest.com https://track.adform.net https://server.seadform.net/serving/cookie/;frame-ancestors 'self'; 8
script-src 'self' 8
frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 8
frame-ancestors 'self' http://localhost:* https://*.bustle.com https://*.bdg.com 8
object-src 'none'; base-uri 'self' 8
frame-ancestors 'self'; base-uri 'self' 8
frame-src * 8
default-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.oribi.io *.cookielaw.org *.onetrust.com *.zscalertwo.net *.googlesyndication.com *.linkedin.com *.hubspot.com *.optimizely.com http://cscmarketing-cscdbs-prod-container.azurewebsites.net/blog/wp-json/; script-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.zscalertwo.net 'sha256-uEVZG2aKtvTnCiyd6KE5c0iP+naoyXFMNU6NZqWfTzk=' 'sha256-FTZUkywTeCare2C/3qESeGwIijE/FJIJzHs4QajBqVU=' 'sha256-6EYFRGyxum0IwH2kLdixEkMnfVbkqBt14VQFi8BCJRA=' 'sha256-NEJOYgS3wIia+ss6EnB/d2Kk/XqlS6ES36GronXzmbs=' *.cookielaw.org *.onetrust.com *.googlesyndication.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.optimizely.com 'sha256-FYVcJ8j+aeiBImnoPSLVrA8jc6b/AUdJP0H7kMX8XRg='; style-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.hubspot.com; font-src 'self' dbsapp-test.azurewebsites.net cscmarketing-cscdbs-prod-container.azurewebsites.net *.cscdbs.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.googlesyndication.com *.hsforms.com *.doubleclick.net; object-src 'none' 8
upgrade-insecure-requests; base-uri 'self' 8
frame-ancestors 'self'; object-src 'none'; 8
default-src 'self'; 8
default-src 'self';  worker-src 'self' blob:;  script-src 'self' 'unsafe-eval' 'unsafe-inline'     https://www.jsctool.com     https://jsctool.com     https://*.optimizely.com     https://secure.pay1.de     https://www.img-bahn.de     https://cms.static-bahn.de     https://cms.static-bahn.de https://cdn.m-pathy.com https://dmp.adform.net https://zn0lxkzethotizctx-bahn.siteintercept.qualtrics.com https://*.adform.net https://m.exactag.com https://siteintercept.qualtrics.com     https://hcaptcha.com     https://*.hcaptcha.com     https://*.bahn.de     https://*.bahn.com     https://ucm-eu.verint-cdn.com;  connect-src 'self'     https://p11.techlab-cdn.com     https://www.jsctool.com     https://jsctool.com     https://assets.static-bahn.de     https://dmp.adform.net     https://siteintercept.qualtrics.com     https://logx.optimizely.com     https://*.optimizely.com     https://hcaptcha.com     https://*.hcaptcha.com     https://collect.tealiumiq.com     https://accounts.bahn.de     https://ucm-eu.verint-cdn.com     https://hoover-eu.verint-api.com     wss://hoover-eu.verint-api.com;  frame-src 'self'     https://cms.static-bahn.de     https://secure.pay1.de     https://hcaptcha.com     https://*.hcaptcha.com     https://*.bahn.de     https://www.abo-bahn.de     https://db.novafind.eu     https://kundenkarte-db.mvv-muenchen.de     https://transport.novafind.eu     https://db-streckenagent.hafas.de     https://a791773171.cdn.optimizely.com/     https://nextalert-db.nexterite.eu     https://s-bahn-muenchen-live.de     https://garantien-formular.cs100.force.com     https://accounts.bahn.de     https://db-bordgastronomie.de     https://ersatzkarte-dbregiobusnord.de     https://dbaw.specials-bahn.de     https://anreiseservice.specials-bahn.de     https://analytics.geops.de     https://*.sbahnm.geops.de     https://fipo.deutschebahn.com     https://fahrinfo.vbb.de     https://kdialog-garantie.cs174.force.com     https://regioforce.my.salesforce-sites.com     https://www.jugendticket-nds.de     https://ketchum.flyingspoon.de     https://a1.adform.net     https://dbstreckenagent.de     https://www.dbstreckenagent.de;  frame-ancestors 'self';  style-src 'self' https://www.jsctool.com https://jsctool.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline';  font-src 'self' data:;  img-src 'self'     https://www.awin1.com     https://partner-bahn.de     https://cm.g.doubleclick.net     https://fcmatch.google.com     https://fcmatch.youtube.com     https://dmp.adform.net     https://cdn.optimizely.com     https://*.qualtrics.com     https://assets.static-bahn.de     https://*.bahn.de     https://assets-ri.extranet.deutschebahn.com     https://cms.static-bahn.de     data:;  media-src 'self' https://assets.static-bahn.de https://*.bahn.de https://cms.static-bahn.de; 8
script-src 'self' 'unsafe-inline' 8
prefetch-src *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.hustler.com *.metartmoney.com *.google-analytics.com *.googletagmanager.com;default-src 'self' blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.hustler.com;connect-src 'self' blob: wss: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.zendesk.com *.atlassian.com *.atl-paas.net *.hustler.com *.metart.network *.google.com *.google-analytics.com *.googleapis.com *.doubleclick.net *.mixpanel.com *.metartmoney.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com api.ipify.org *.s3.eu-central-1.amazonaws.com *.hotjar.com *.hotjar.io;style-src 'self' blob: 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.googleapis.com fonts.gstatic.com platform.twitter.com *.twimg.com maxcdn.bootstrapcdn.com *.google.com *.hustler.com cdn.cookielaw.org *.visualwebsiteoptimizer.com *.vwo.com *.hotjar.com;font-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zopim.com fonts.gstatic.com *.googleapis.com ssl.p.jwpcdn.com maxcdn.bootstrapcdn.com *.hustler.com *.vwo.com *.hotjar.com;script-src 'self' 'unsafe-inline' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.zdassets.com *.atlassian.com *.zopim.com *.twitter.com *.twimg.com ssl.p.jwpcdn.com *.googletagmanager.com *.google-analytics.com cdn.mouseflow.com *.google.com cdn.polyfill.io *.hustler.com *.metart.network cdn.cookielaw.org code.jquery.com geolocation.onetrust.com *.mxpnl.com *.googleapis.com *.gstatic.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.adtng.com *.atsptp.com *.spartez-software.com *.hotjar.com;frame-src 'self' *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.twitter.com *.hustler.com *.youtube.com *.vimeo.com *.atlassian.net *.metartmoney.com *.visualwebsiteoptimizer.com *.vwo.com;img-src 'self' data: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.twimg.com *.twitter.com *.zopim.com jwpltx.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.google.com *.hustler.com *.browser-update.org browser-update.org *.visualwebsiteoptimizer.com *.vwo.com *.hustlerlive.com *.barelylegallive.com *.vscdns.com *.hotjar.com *.strpst.com;media-src 'self' data: blob: *.cachefly.net *.b-cdn.net *.metartnetwork.com *.metart.com *.nsimg.net *.hustler.com *.zdassets.com *.visualwebsiteoptimizer.com *.vwo.com;worker-src 'self' data: blob: wss:;object-src 'none' 8
frame-ancestors 'self' www.bookends.info *.bookends.info 8
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content: blob:; form-action *; upgrade-insecure-requests 8
default-src https: 'unsafe-inline' 'unsafe-eval' 8
worker-src 'self'; 8
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:; 8
default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://151.80.69.121 http://62.210.201.98 http://195.154.187.103 http://195.154.187.179 http://195.154.173.242 http://195.154.173.197 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 8
frame-ancestors 'self' *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 8
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data: 8
frame-ancestors 'self' cloudlogin.co *.cloudlogin.co; 8
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 8
frame-ancestors 'self' *; upgrade-insecure-requests; 8
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 8
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: 7
frame-ancestors 'self' *.jivosite.com *.jivosite.com/ bam.nr-data.net/ metrika.yandex.ru *.yandex.tld *.yandex.net webvisor.com *.webvisor.com http://*.webvisor.com http://webvisor.com https://*.webvisor.com http://webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net; form-action 'self' *.timeweb.ru *.timeweb.com *.timeweb.net timeweb.com timeweb.ru timeweb.net http://timeweb.com/; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.1c-bitrix.ru gw.timeweb.com https://smartcaptcha.yandexcloud.net smartcaptcha.yandexcloud.net https://cdn.mxpnl.com cdn.mxpnl.com *.jivo.ru *.jivosite.com *.jivosite.com/ *.timeweb.net *.timeweb.ru timeweb.eu vds-static.timeweb.com cloud.timeweb.com timeweb.cloud public-api.timeweb.com content.timeweb.com api.craftum.com api-v2.craftum.com *.yandex.ru yandex.ru wss://*.timeweb.ru wss://*.timeweb.net www.googletagmanager.com www.google-analytics.com disutgh7q0ncc.cloudfront.net eligibility.wootric.com wootric-eligibility.herokuapp.com facebook.com connect.facebook.net *.facebook.com mc.yandex.md mc.yandex.ru *.livetex.ru *.livetex.me stats.g.doubleclick.net *.google.com *.google.ru *.sendpulse.com data: vk.com *.vk.com dadata.ru *.dadata.ru *.hostings.info *.hosters.ru bitrix.info static.criteo.net *.push.world *.gstatic.com recreativ.ru sslwidget.criteo.com *.googleapis.com *.webpushs.com i.imgur.com ipic.su *.sendpulse.com www.youtube.com s.tmimgcdn.com cdn.jsdelivr.net mc.webvisor.org https://*.getsitecontrol.com yastatic.net *.witstroom.com metrika.yandex.ru *.yandex.tld *.yandex.net myreviews.dev https://myreviews.dev webvisor.com *.witstroom.com:8080 https://checks.botfaqtor.ru *.giphy.com *.giphy.com/ *.jivosite.com *.jivosite.com/ wss://*.jivosite.com https://www.googleoptimize.com/ blob: timeweb.com content.saas-support.com cdn.envybox.io whitesaas.com 7
base-uri 'none'; default-src 'self'; connect-src 'self' https: www.google-analytics.com fundingchoicesmessages.google.com pagead2.googlesyndication.com; font-src 'self' fonts.gstatic.com; frame-src 'self' https: googleads.g.doubleclick.net; img-src 'self' data: https:; media-src 'self' data: https:; object-src 'none'; prefetch-src dash.infinityfree.com forum.infinityfree.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https: www.google-analytics.com pagead2.googlesyndication.com www.google.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com cdnjs.cloudflare.com; worker-src 'none'; block-all-mixed-content; report-uri https://o881419.ingest.sentry.io/api/6108064/security/?sentry_key=53507701d302401b97c4a9ec903c141e 7
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 7
default-src http:; img-src * data:; script-src https:* http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline'; 7
default-src='self' 7
default-src * 'unsafe-inline' 'unsafe-eval' https: http: data: blob:; worker-src blob: 'self'; 7
object-src 'self' https://www.youtube.com/;frame-src 'self' mailto: tel: https://3cx.com https://player.vimeo.com/ https://vars.hotjar.com/ https://www.google.com https://cse.google.com https://services-sandbox.google-3cx.com https://services.3cx.com https://audioconverter.3cx.com https://login.3cx.com https://docs.google.com https://www.facebook.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.loom.com https://www.youtube.com https://www.youtube-nocookie.com/ https://www.googletagmanager.com; frame-ancestors 'self' 7
upgrade-insecure-requests;script-src * 'unsafe-eval' 'unsafe-inline';script-src-attr 'unsafe-inline';style-src * 'unsafe-inline';img-src * data:;font-src *;connect-src *;manifest-src data:;frame-ancestors 'self';form-action *;base-uri 'self';object-src 'none' 7
frame-ancestors 'self' https://*.adobe.com https://*.navisperformance.com 7
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; 7
default-src 'self' https://niccicms.raj.nic.in/ https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' 'unsafe-eval' data:; 7
block-all-mixed-content; frame-ancestors 'self'; upgrade-insecure-requests; 7
default-src 'self' 'self' data: 'self' blob: 'unsafe-inline' 'unsafe-eval' *; img-src 'self' blob: data: * 7
base-uri 'self';frame-ancestors 'self' 7
frame-ancestors 'self' https://secure.safecharge.com; 7
block-all-mixed-content; upgrade-insecure-requests 7
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com; 7
frame-ancestors 'self' *.mydukaan.io; 7
default-src 'self'; img-src 'self';script-src 'self' 'sha256-J+Y4l+yfxXd4cYzH9LhXUSHSb7zZu2bgddfCumVZJMo=';object-src 'none';form-action 'none';frame-src 'none';style-src 'self' 'sha256-OU0LTytxyR8kjQ+DRjRCDKhUAKEeH7rb0D5nBWOzRlQ=' 7
script-src 'self' https://static.cloudflareinsights.com https://stage-rotators-cdn.griffona.app https://cdnboost.net *.google-analytics.com; connect-src * 7
base-uri 'self'; report-uri https://csp-logging.m-operations.com/cspheaders; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.moosend.com *.moostaging.com cdn.transifex.com cdn.segment.com *.adroll.com fast.appcues.com widget.intercom.io www.google-analytics.com app.satismeter.com js.intercomcdn.com ajax.googleapis.com cdn.tiny.cloud social.uploadcare.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com pay.google.com songbird.cardinalcommerce.com songbirdstag.cardinalcommerce.com *.paypal.com kit.fontawesome.com storage.googleapis.com js.pusher.com labs.pathfix.com connect.facebook.net sitecoredelivr.sitecorecloud.io portal-staging.sitecore-staging.cloud portal.sitecorecloud.io; object-src 'none'; 7
default-src 'none'; connect-src 'self' *.licdn.com *.linkedin.com cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com snap.licdn.com www.googletagmanager.com/gtag/js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; media-src 'self' *.licdn.com *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com; frame-ancestors 'self' *.www.linkedin.com:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gg 6
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-top-navigation-by-user-activation; frame-ancestors 'self' *.huffpost.com *.huffingtonpost.com *.huffpost.net *.buzzfeed.com clients.opinary.com compass.pressekompass.net *.newsbreak.com *.newsbreakapp.com *.upday-content.com *.upday.com; report-uri https://huffpost.report-uri.com/r/d/csp/enforce; 6
script-src 'sha256-KXVenHG583A83LgYtdx9xEh45z4umJCe6yQqRczE4bs=' 'self' jobs.jobvite.com www.googletagmanager.com cdn.jwplayer.com ssl.p.jwpcdn.com; worker-src blob: 6
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://recaptcha-staging.corp.google.com/;report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport/allowlist;base-uri www.google.com 6
frame-ancestors 'self' *.ffxblue.com.au *.ffx.io *.smh.com.au *.theage.com.au *.brisbanetimes.com.au *.watoday.com.au *.cdn.ampproject.org *.platform.ink; upgrade-insecure-requests 6
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src data: https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; report-uri https://csp.nytimes.com/report; 6
connect-src * 6
upgrade-insecure-requests; frame-ancestors *.stern.de *.brigitte.de *.gala.de *.guj.digital *.guj.rocks *.eltern.de *.vip.de *.essen-und-trinken.de *.schoener-wohnen.de *.livingathome.de *.capital.de *.geo.de; frame-src *; 6
frame-ancestors 'self' app.storyblok.com 6
frame-ancestors 'self' https://console.dnspod.cn 6
frame-ancestors https://kpmg.experiencecloud.adobe.com https://assets.kpmg.com https://kpmg.com 6
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 6
default-src * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';img-src * 'self' data:;frame-ancestors none 6
frame-ancestors 'self' *.purpledshub.com 6
reflected-xss block 6
default-src 'self' wss://socket.24live.co https: data: blob: 'unsafe-inline' 'unsafe-eval' 6
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com d.la3-c2-ia7.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com pixel.byspotify.com unpkg.com img03.en25.com www.mczbf.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com; 6
frame-ancestors 'self' *.betssongroupaffiliates.com *.ptstaging.eu *.onegameslink.com 6
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none' 6
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://market.android.com https://clients2.google.com https://payments.sandbox.google.com https://payments.google.com https://maps.googleapis.com https://translate.googleapis.com https://translate.google.com https://support.google.com https://www.gstatic.cn https://families.google.com https://clients1.google.com https://myaccount.google.com https://accounts.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/PlayStoreUi/cspreport/allowlist 6
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com *.clevernt.com *.cleverwebserver.com 6
object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; 6
frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru 6
frame-ancestors *; 6
frame-ancestors *.df-automotive.de *.felgenshop.de 6
frame-src 'self' https://bahnhof-bot.deutschebahn.com/ https://ecm-mediathek-cdn.deutschebahn.com 6
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 6
frame-ancestors 'self' ersag.com.tr *.ersag.com.tr 6
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; 6
script-src * 'unsafe-inline' 'unsafe-eval' 6
connect-src http://ip-api.com/ 'self' https: data: 6
default-src 'self' *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com apis.google.com platform.twitter.com wiki-assets.sumin.wiki cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net cdn.syndication.twimg.com openlayers.org www.gstatic.cn hcaptcha.com *.hcaptcha.com bandcamp.com;  style-src 'self' data: 'unsafe-inline' miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net cdnjs.cloudflare.com platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com;  img-src blob: 'self' data: miraheze.org wikitide.org *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com *.dropboxstatic.com *.redd.it *.redditmedia.com mirrors.creativecommons.org www.gnu.org live.staticflikr.com cdn.pixabay.com cdn.geogebra.org docs.blender.org *.imgbox.com tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com na.llnet.sims3storee.cdn.ea.com *.fastly.net minotar.net db.onlinewebfonts.com openlayers.org discordapp.com imgbb.com postimages.org platform.twitter.com syndication.twitter.com img.newspapers.com cdn.smutstone.com storage.googleapis.com *.fbcdn.net i.ytimg.com *.imgbb.com simgbb.com *.simgbb.com ibb.co *.ibb.co *.postimages.org postimgs.org *.postimgs.org postimg.cc *.postimg.cc *.rbxcdn.com cms-imgp.jw-cdn.org;  font-src 'self' data: *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org;  media-src 'self' blob: *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net upload.wikimedia.org embed.nicovideo.jp *.youtube.com *.youtube-nocookie.com player.twitch.tv clips.twitch.tv player.vimeo.com apis.google.com bandcamp.com;  frame-src 'self' *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net www.google.com docs.google.com apis.google.com web.libera.chat snap.berkeley.edu *.youtube-nocookie.com www.youtube.com player.twitch.tv platform.twitter.com discord.com discordapp.com embed.nicovideo.jp syndication.twitter.com open.spotify.com www.gofundme.com archive.org w.soundcloud.com query.wikidata.org player.vimeo.com www.bing.com lucid.app scratch.mit.edu hcaptcha.com *.hcaptcha.com bandcamp.com;  connect-src 'self' *.miraheze.org *.mirabeta.org *.wikitide.org *.wikitide.net www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com; 6
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; child-src 'self' 6
default-src *; script-src * 'unsafe-eval' 'unsafe-inline' data: 'self'; style-src * 'unsafe-inline' 'self'; img-src * data:; font-src * data:; connect-src *; object-src *; frame-ancestors 'self' https://*.crawford.com https://crawford.com https://*.crawco.com https://crawco.com https://*.crawfordandcompany.com https://crawfordandcompany.com https://*.onelink-translations.com; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; report-uri https://bc18f182517eba201a0bfbb26a2a463a.report-uri.com/r/d/csp/wizard 6
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 6
script-src https: 'unsafe-inline' 'unsafe-eval' 6
frame-ancestors 'self' https://medium.com 6
frame-ancestors 'self' https://www.anglaisfacile.com https://www.francaisfacile.com https://www.tolearnenglish.com https://www.tolearnfrench.com https://www.allemandfacile.com https://www.espagnolfacile.com https://www.nlfacile.com https://www.italien-facile.com https://www.mesoutils.com https://www.mesexercices.com https://www.mathematiquesfaciles.com https://www.touslescours.com https://www.tolearnfrench.com https://*.tolearnfree.com; report-uri https://tolearnfree.report-uri.io/r/default/csp/enforce; base-uri 'self'; 6
script-src 'unsafe-inline' 'unsafe-eval' http: https: 6
img-src *; 6
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data: 6
img-src 'self' https: *.google-analytics.com *.analytics.google.com *.googletagmanager.com data:; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.quantserve.com *.quantcount.com *.quantcast.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.google.com dd.kelkoogroup.net kayak.kelkoo.fr kayak.leguide.com *.clarity.ms *.creativecdn.com *.inmobi.com *.tawk.to *.jsdelivr.net 'self' blob:; frame-src https: *.creativecdn.com; style-src 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.tawk.to; object-src 'none'; connect-src 'self' *.quantserve.com *.quantcount.com *.quantcast.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.google.com api-js.datadome.co *.clarity.ms *.creativecdn.com *.inmobi.com https://*.tawk.to wss://*.tawk.to *.jsdelivr.net 6
script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.tiktok.com vimeo.com www.vimeo.com www.youtube.com *.treasuredata.com snap.licdn.com connect.facebook.net tagmanager.google.com maps.googleapis.com www.googleadservices.com www.google-analytics.com www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.gstatic.com checkoutshopper-live.adyen.com *.cdn.adyen.com; object-src 'none' 6
style-src * 'self' 'unsafe-inline'; 6
; frame-ancestors 'self' 6
script-src-elem *.newrelic.com *.maxymiser.net *.googletagmanager.com *.oracleinfinity.io *.crazyegg.com *.facebook.net *.getblue.io *.air.tech *.google-analytics.com *.doubleclick.net *.kommunicate.io *.youtube.com *.soicos.com *.tiktok.com *.yandex.com *.onesignal.com onesignal.com *.verificado.ai https://cdn-mz-gj-vai.verificado.ai/widget/main.js *.google.com *.gstatic.com https://www.google.com/recaptcha/ *.googleadservices.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.lightwidget.com *.clarity.ms *.bing.com code.jquery.com stackpath.bootstrapcdn.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem fonts.googleapis.com *.kommunicate.io *.soicos.com *.verificado.ai *.cloudflare.com *.typekit.net https://www.google.com/recaptcha/ *.googletagmanager.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.crazyegg.com *.clarity.ms *.bing.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.googletagmanager.com *.facebook.com *.transbank.cl *.sabbi.cl *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.cardinalcommerce.com *.paypal.com *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.payulatam.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com *.weltpixel.com *.facebook.com https://web.facebook.com *.google.com *.cnetcontent.com *.vimeo.com https://event.getblue.io *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://notrack.indexado.pmbox.cloud https://emersya.com *.lightwidget.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://firalivepro.blob.core.windows.net/ https://fira-live-player-pro.azurewebsites.net/ https://20839951p.rfihub.com/ *.googletagmanager.com *.doubleclick.net *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.wufoo.com/ https://wufoo.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.soicos.com *.crazyegg.com *.verificado.ai https://komax-tracking.oms.linets.cl/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br mercadopago.cl/ *.clarity.ms *.bing.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net *.integration.komax.eclt.lnt.cl *.gstatic.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.syndigo.com *.syndigo.cloud *.google.com.co *.google.com.pa *.teads.tv *.gap.cl https://fichashppervasive.blob.core.windows.net *.komaxchile.cl/ *.kliper.cl/ https://dc.oracleinfinity.io/ https://s3.amazonaws.com/ https://stags.bluekai.com/ https://cm.g.doubleclick.net https://rrstatic.retailrocket.net/ https://mc.yandex.ru/ https://an.yandex.ru/ https://mc.yandex.md/ *.maxymiser.net *.komaxchile.cl *.bananarepublic.cl *.brooksbrothers.cl *.dcshoes.cl *.kipling.cl *.kivul.cl *.kliper.cl *.marmot.cl *.mammut.cl *.oldnavy.cl *.stoked.cl *.surprice.cl *.thenorthface.cl *.ugg.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io https://km-prod-s3-bucket.s3.amazonaws.com *.elfsight.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.google.cl *.google.com.pe *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.gap.com.pe news-oldnavy.cl *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com komax-files.s3.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.polyfill.io https://browser.sentry-cdn.com *.integration.komax.eclt.lnt.cl https://www.googletagmanager.com tagmanager.google.com cdn.cs.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.facebook.net *.connect.facebook.net *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.paypal.com *.bootstrapcdn.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com *.maxymiser.net/ *.kommunicate.io *.retailrocket.net *.oracleinfinity.io *.crazyegg.com *.komaxchile.cl *.oraclecloud.com *.onesignal.com https://onesignal.com/ *.googleoptimize.com *.lightwidget.com *.air.tech *.rfihub.net *.hicloud.com *.tiktok.com *.hotjar.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.elfsight.com https://mc.yandex.ru/ https://mc.yandex.md/ https://an.yandex.ru/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.nr-data.net unpkg.com *.soicos.com *.verificado.ai *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com code.jquery.com cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com tagmanager.google.com *.cloudflare.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com https://rrstatic.retailrocket.net/ https://widget.kommunicate.io/ *.fontawesome.com https://firalivepro.blob.core.windows.net *.brooksbrothers.cl/ https://*.komaxchile.cl *.bananarepublic.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io unsafe-inline *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com 'self' 'unsafe-inline'; object-src *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com 'self' 'unsafe-inline'; media-src *.adobe.com *.syndigo.com *.syndigo.cloud https://emersya.com *.bananarepublic.cl/ *.brooksbrothers.cl/ *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.kommunicate.io *.soicos.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com *.youtube.com youtube.com 'self' 'unsafe-inline'; manifest-src *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net https://*.ingest.sentry.io https://www.google-analytics.com wss://tm.filter:1502/ xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.google.com *.paypal.com *.pingdom.net *.woorank.com *.demdex.net *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv *.doubleclick.net *.kommunicate.io *.oracleinfinity.io *.oraclecloud.com *.tiktok.com https://mc.yandex.ru/ https://an.yandex.ru https://mc.yandex.md/ *.bananarepublic.cl/ *.brooksbrothers.cl *.dcshoes.cl/ *.gap.cl/ *.kipling.cl/ *.kivul.cl/ *.kliper.cl/ *.mammut.cl/ *.marmot.cl/ *.oldnavy.cl/ *.stoked.cl/ *.surprice.cl/ *.thenorthface.cl/ *.ugg.cl/ wss://socket2.kommunicate.io/ws *.maxymiser.net/ *.elfsight.com https://analytics.pangle-ads.com/ *.tenetcomm.com/ https://tenetcomm.com/ *.wufoo.com/ https://wufoo.com/ *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.crazyegg.com *.nr-data.net *.sentry.io *.facebook.net google.com *.soicos.com *.yandex.com *.verificado.ai *.amazonaws.com https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com  wss://*.zendesk.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.mercadolibre.com https://mercadopago.com.br *.mercadopago.com.br *.clarity.ms *.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com http: https: blob: 'self' 'unsafe-inline'; default-src *.maxymiser.net *.komaxchile.cl *.soicos.com *.crazyegg.com *.verificado.ai https://www.google.com/recaptcha/ *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.verificado.ai https://www.google.com/recaptcha/ *.soicos.com *.mercadopago.com.pe *.mercadopago.cl *.mercadopago.com *.mlstatic.com *.mercadolibre.com.br *.mercadolivre.com *.zendesk.com *.zdassets.com *.zdusercontent.com *.clarity.ms *.bing.com 'self' 'unsafe-inline'; 6
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com https://*.fonts.net; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://storage.cloud.kargo.com *.invocacdn.com pnapi.invoca.net *.invoca.net https://*.recaptcha.net  *.bridgestonetire.com hub.firestonecompleteautocare.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.jquery.com *.twitter.com *.ads-twitter.com https://assets.adobedtm.com/ https://www.google.com/recaptcha/ https://login.dotomi.com/ https://www.youtube.com/ https://*.cloudfront.net/ https://*.incontact.com/ https://*.dialogtech.com/; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' https://*.fonts.net data: 6
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *.pricespider.com *; img-src * 'self' data: https: blob: *.pricespider.com; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src *; 6
object-src 'self' 6
default-src 'none'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.adform.net *.adsrvr.org *.ads-twitter.com *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.awin1.com *.b2x-env.cloud apps.bazaarvoice.com *.bing.com *.clarity.ms *.cloudflare.com app.contentsquare.com t.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net digitizer.app *.dwin1.com *.g.doubleclick.net *.en25.com *.excentos.com nonce-csp-test *.facebook.net *.foxbase.de *.google-analytics.com *.googleadservices.com www.googleanalytics.com maps.googleapis.com www.googleoptimize.com *.googlesyndication.com www.googletagmanager.com *.google.com *.google.de *.gstatic.com *.guuru.com s.kelkoogroup.net *.kk-resources.com *.kpcustomer.de *.kuponacdn.de snap.licdn.com *.media01.eu *.newrelic.com bam.eu01.nr-data.net *.onetrust.com assets.oney.io *.openweathermap.org *.oracleinfinity.in *.outbrain.com *.pages02.net cdn.parcellab.com *.pinimg.com *.pinterest.com *.qualtrics.com lantern.roeyecdn.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.soundcloud.com *.sovendus.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com userprotect.de.stihl-dns.net *.dam.stihl.cloud *.teads.tv *.tealiumiq.com analytics.tiktok.com *.tiqcdn.com *.trkkn.com s.uicdn.com d.c.cdnsrv.de typekit.net *.typekit.net unpkg.com *.unpkg.com *.assistant.watson.appdomain.cloud sp.analytics.yahoo.com *.youtube.com *.youtube-nocookie.com *.ytimg.com s.yimg.com *.zemanta.com *.zenaps.com *.zenloop.com; connect-src 'self' adobeioruntime.net *.adobeioruntime.net *.adyen.com zenloop-website-overlay-production.s3.amazonaws.com *.bazaarvoice.com *.bing.com *.clarity.ms *.cloudflare.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.digitizer.app *.doubleclick.net d.c.cdnsrv.de *.excentos.com ext.nonstoppartner.net *.facebook.com *.foxbase.de *.google-analytics.com *.googleadservices.com *.googleapis.com pagead2.googlesyndication.com *.googletagmanager.com *.google.at *.google.be *.google.ch *.google.com *.google.de *.google.es *.google.fr *.google.gr *.google.hu *.google.it *.google.lu *.google.nl *.google.pl *.google.pt *.guuru.com s.kelkoogroup.net *.kk-resources.com *.linkedin.com *.media01.eu bam.eu01.nr-data.net *.omtrdc.net *.onetrust.com widget.oney.io *.oribi.io *.outbrain.com api.openweathermap.org *.parcellab.com *.pinterest.com *.qualtrics.com *.thesciencebehindecommerce.com *.sciencebehindecommerce.com *.seznam.cz *.solutenetwork.com *.sovendus.com *.sovendus-benefits.com *.sovendus-campaign.com *.sovendus-connect.com *.sovendus-network.com *.stihl.be *.stihl.de *.stihl.es *.stihl.fr *.stihl.lu *.stihl.nl *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com stihl-sso.com stihl.tui-servicelayers.io *.teads.tv collect.tealiumiq.com analytics.tiktok.com *.trkkn.com typekit.net *.typekit.net *.assistant.watson.appdomain.cloud stihlb2bdocuments.blob.core.windows.net s.yimg.com *.youtube-nocookie.com www.wepowerconnections.com *.zenloop.com login.microsoftonline.com graph.microsoft.com *.b2clogin.com; img-src 'self' *.ad-stir.com *.360yield.com *.3lift.com *.addthis.com *.adingo.jp *.admixer.co.kr *.adscale.de *.adform.net *.adnxs.com *.adtdp.com *.advertising.com *.adyen.com zenloop-assets.s3.eu-west-1.amazonaws.com *.eu-central-1.amazonaws.com *.ants.vn *.aralego.com *.atdmt.com *.awin1.com *.azureedge.net *.b2x-env.cloud *.bazaarvoice.com segment.prod.bidr.io *.bidswitch.net *.bing.com *.bluekai.com *.casalemedia.com *.clarity.ms *.clmbtech.com *.contentsquare.net *.cookielaw.org *.criteo.com *.criteo.net *.dable.io data: *.demdex.net *.dmxleo.com *.doubleclick.net *.dwin1.com *.e-planning.net *.emxdgt.com *.everesttech.net *.excentos.com *.facebook.com *.facebook.net *.fwnm.net *.foxbase.de *.google-analytics.com *.googleadservices.com maps.googleapis.com *.googlesyndication.com www.googletagmanager.com *.googleusercontent.com *.google.ad *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sv *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.kz *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mi *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tn *.google.tt *.google.vu *.google.ws *.guuru.com *.gstatic.com *.herrenseite.de *.id5-sync.com id5-sync.com event.tracker.inlabserving.com *.rediunid.imrworldwide.com *.ivitrack.com *.kargo.com s.kelkoogroup.net *.krxd.net *.liadm.com *.linkedin.com px.ads.linkedin.com *.mail.ru *.meba.kr *.media.net *.mediavine.com *.mediawallahscript.com *.mgid.com *.microad.jp *.nate.com *.omnitagjs.com *.omtrdc.net assets.oney.io *.openx.net *.outbrain.com *.pages02.net *.parcellab.com *.pinterest.com *.pinterest.de *.postrelease.com *.pubmatic.com *.qualtrics.com *.rambler.ru *.revcontent.com *.rlcdn.com lantern.roeye.com *.rubiconproject.com *.the.sciencebehindecommerce.com t.uimserv.de *.seadform.net *.seznam.cz *.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net *.socdm.com *.sovendus.com *.stickyadstv.com *.stihl.de *.stihl.fr *.stihl.be *.stihl.nl *.stihl.lu *.stihl.es *.stihl.pt *.stihl.at *.stihl.bg *.stihl.ca *.stihl.ch *.stihl.co.jp *.stihl.co.ke *.stihl.co.nz *.stihl.co.uk *.stihl.co.za *.stihl.com *.stihl.com.ar *.stihl.com.au *.stihl.com.br *.stihl.com.co *.stihl.com.cy *.stihl.com.fj *.stihl.com.mx *.stihl.cz *.stihl.dk *.stihl.fi *.stihl.gr *.stihl.hu *.stihl.in *.stihl.it *.stihl.nc *.stihl.no *.stihl.pe *.stihl.pl *.stihl.ro *.stihl.rs *.stihl.se *.stihl.ua *.stihl-importer.ie *.stihl-timbersports.com *.stihlusa.com dam.stihl.cloud t.co *.taboola.com *.tapad.com *.teads.tv *.tealiumiq.com *.thebrighttag.com *.toast.com *.tpmn.co.kr *.tremorhub.com *.turn.com *.twiago.com analytics.twitter.com typekit.net *.typekit.net *.windows.net storagetimbersportsdata.blob.core.windows.net *.yahoo.com *.yahoo.net *.yandex.ru *.yieldlab.net *.yieldmo.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.zemanta.com *.zenaps.com *.zenloop.com; style-src 'self' 'unsafe-inline' *.cookielaw.org digitizer.app *.excentos.com *.foxbase.de fonts.googleapis.com *.googletagmanager.com *.google.com *.onetrust.com *.sovendus.com cdn.parcellab.com; font-src 'self' zenloop-assets.s3.eu-west-1.amazonaws.com web-chat.global.assistant.watson.appdomain.cloud apps.bazaarvoice.com cdnjs.cloudflare.com data: *.excentos.com *.foxbase.de fonts.googleapis.com fonts.gstatic.com *.guuru.com assets.oney.io cdn.parcellab.com *.sovendus.com *.stihl.de typekit.net *.typekit.net *.zenloop.com; frame-src 'self' *.ad-srv.net *.adform.net track.adform.net *.adsrvr.org *.adyen.com *.awin1.com segment.prod.bidr.io *.cookielaw.org *.criteo.com *.criteo.net *.demdex.net *.doubleclick.net *.dwin1.com d.c.cdnsrv.de *.excentos.com *.facebook.com *.google.com *.guuru.com *.jaggaer.com *.kuponacdn.de pixel.mathtag.com my.matterport.com secure.img-cdn.mediaplex.com *.pinterest.de *.pinterest.fr *.pinterest.at *.pinterest.it *.pinterest.com *.pinterest.co.uk *.pinterest.ru *.pinterest.ch *.pinterest.es *.pinterest.se *.pinterest.ca *.pinterest.dk *.pinterest.jp *.pinterest.ie *.pinterest.pt *.qualtrics.com *.redintelligence.net *.the.sciencebehindecommerce.com *.soundcloud.com *.sovendus.com *.sovendus-benefits.com *.sovendus-campaign.com *.sovendus-connect.com *.sovendus-network.com static.stihl.com *.dam.stihl.cloud *.stihl-dns.net *.teads.tv e.video-cdn.net *.youtube.com *.youtube-nocookie.com *.zenaps.com; child-src 'self' blob: *.guuru.com 6
frame-ancestors 'self' *.facebook.com 6
; 6
block-all-mixed-content;upgrade-insecure-requests; 6
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xvideos.com/csp-reports; report-to csp-endpoint 5
default-src 'self' https:;                                              connect-src 'self' https:;                                              font-src 'self' https: data:;                                              frame-src 'self' https:;                                              img-src 'self' https: data:; media-src 'self' https:;                                              object-src 'self' https:;                                              script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;                                              style-src 'self' 'unsafe-inline' https:; 5
frame-ancestors 'self' https://*.rapid7.com 5
upgrade-insecure-requests; block-all-mixed-content; sandbox allow-modals allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-orientation-lock allow-pointer-lock; 5
upgrade-insecure-requests;report-uri /csp-violation-report-endpoint/ 5
script-src * 'self' 'unsafe-inline' 'unsafe-eval' wistia.com youtube.com blob: 5
frame-ancestors https://*.marketo.com 5
frame-ancestors 'self'; upgrade-insecure-requests; 5
frame-ancestors 'self'; base-uri 'self';upgrade-insecure-requests; 5
frame-ancestors https://oa.sheincorp.cn https://activity-admin.biz.sheincorp.cn https://csp.sheincorp.cn https://sqs-admin.biz.sheincorp.cn https://sqs-admin.biz.sheinbackend.com https://sqs-admin-gray01.biz.sheinbackend.com https://sqs-admin-eur.biz.sheinbackend.com https://grey-sqs-admin.biz.sheincorp.cn https://sqs-admin-gray01-eur.biz.sheinbackend.com https://ccc.biz.sheincorp.cn https://ccc-store.biz.sheincorp.cn https://ccc-store.shein.com *.shein.com https://www.shein.com.hk https://www.shein.com.vn https://www.shein.com.mx https://www.shein.co.uk https://www.shein.tw https://www.shein.se https://co.shein.com https://www.shein.com.co 5
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' 'unsafe-inline' *;img-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src 'self' *; connect-src 'self' *; object-src 'none' 5
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://*.streamlock.net/ https://*.ingest.sentry.io https://*.zeturf.com https://*.zeturf.be https://maps.googleapis.com https://zz.connextra.com https://*.clarity.ms https://*.bing.com https://www.facebook.com; frame-src 'self' https://consentcdn.cookiebot.com/ https://vision.prod.thebetmakers.com/ https://api-vcs-awstbmtst002.mugbookie.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://td.doubleclick.net https://www.facebook.com; img-src 'self' https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com/ https://www.google.fr https://www.google.com https://cdnjs.cloudflare.com https://maps.gstatic.com https://maps.googleapis.com https://*.googleusercontent.com data: https://*.zeturf.com https://*.zeturf.be https://*.ytimg.com https://zz.connextra.com https://*.adnxs.com https://*.bidr.io https://www.facebook.com https://connect.facebook.net https://*.cookiebot.com https://*.clarity.ms https://*.bing.com https://www.paypalobjects.com; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/ https://github.com https://*.zeturf.com https://*.zeturf.be; media-src 'self' https://*.streamlock.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.jsdelivr.net https://maps.googleapis.com https://*.cookiebot.com https://*.zeturf.com https://*.zeturf.be https://*.sentry-cdn.com https://connect.facebook.net https://static.ads-twitter.com https://zz.connextra.com https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://*.zeturf.com https://*.zeturf.be 5
frame-ancestors 'self' *.telekurier.at; 5
frame-ancestors 'self' https://bravenetmarketing.com https://manage.bravehost.com; 5
frame-ancestors 'self' letmedate.com www.letmedate.com 5
object-src 'none'; frame-ancestors 'self'; 5
default-src 'self'; connect-src 'self' *.authorize.net *.facebook.com stats.addtoany.com *.google-analytics.com cdn.cookielaw.org *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com stats.g.doubleclick.net *.clarity.ms *.mktoresp.com *.ziftsolutions.com *.ziftone.com *.ziftmarcom.com *.onetrust.com *.cookielaw.org *.newrelic.com bam.nr-data.net *.googlesyndication.com *.gstatic.com scout.salesloft.com cdn.linkedin.oribi.io *.mktoutil.com *.bonterratech.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com bat.bing.com *.convertexperiments.com *.linkedin.com aorta.clickagy.com hemsync.clickagy.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ct.capterra.com jsd-widget.atlassian.com; frame-src 'self' *.driftt.com *.doubleclick.net *.google.com players.brightcove.net *.youtube.com *.googletagmanager.com *.zensource.cloud vars.hotjar.com *.desire2learncapture.com *.everyaction.com *.mktoresp.com *.spotify.com *.googlesyndication.com tpc.googlesyndication.com *.googleads.com *.googleapis.com go.bonterratech.com hemsync.clickagy.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com; img-src 'self' data: *.bonterratech.com test-bonterra-corporate-v2.pantheonsite.io live-bonterra-corporate-v2.pantheonsite.io *.driftt.com maps.googleapis.com px.marchex.io *.facebook.com *.google.com *.gstatic.com cdn.rawgit.com raw.githubusercontent.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com zensource-salisbury.s3.amazonaws.com chat.mcsoftware.com *.timevaluecalculators.com *.ytimg.com *.ziftsolutions.com *.ziftone.com *.cookielaw.org *.googlesyndication.com www.google-analytics.com googleads.g.doubleclick.net www.google.com ad.doubleclick.net ade.googlesyndication.com *.bing.com px.ads.linkedin.com www.linkedin.com c.clarity.ms cdn.kimbia.com *.6sc.co *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.com.co *.google.co.cr *.google.com.cu *.google.cz *.google.com.do *.google.com.ec *.google.es *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat go.bonterratech.com *.clarity.ms *.linkedin.com *.google.ca ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.vimeo.com *.youtube.com *.spotify.com jsd-widget.atlassian.com; object-src 'self' *.oembed.com *.vimeo.com *.youtube.com jsd-widget.atlassian.com; script-src 'self' 'unsafe-eval' *.driftt.com *.authorize.net *.google.com cdnjs.cloudflare.com cdn.rawgit.com maps.googleapis.com rw1.marchex.io connect.facebook.net googleads.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.gstatic.com cdn.jsdelivr.net *.youtube.com *.vimeo.com s.ytimg.com *.googlesyndication.com *.hotjar.com unpkg.com *.timevaluecalculators.com *.w55c.net *.chatbeacon.io *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com cdn.cookielaw.org go.bonterratech.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.driftt.com munchkin.marketo.net *.ziftsolutions.com cdn.cookielaw.org widgets.kimbia.com cdn.kimbia.com *.newrelic.com go.everyaction.com *.googlesyndication.com snap.licdn.com bat.bing.com scout-cdn.salesloft.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net *.convertexperiments.com go.bonterratech.com www.googleadservices.com *.6sc.co ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com everyaction.widget.insent.ai ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com cdn-4.convertexperiments.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d8ejoa1fys2rk.cloudfront.net https://storage.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' fonts.googleapis.com tagmanager.google.com *.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com *.timevaluecalculators.com *.marketo.net *.everyaction.com *.mktoresp.com *.ziftsolutions.com *.driftt.com go.everyaction.com cdn.cookielaw.org go.bonterratech.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' go.everyaction.com fonts.googleapis.com *.ziftsolutions.com cdn.kimbia.com go.bonterratech.com ct.capterra.com learn.bonterratech.com jsd-widget.atlassian.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.bonterratech.com/report-uri/enforce 5
default-src 'self' vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.google-analytics.com www.googleadservices.com www.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.twimg.com cdn.ampproject.org www.googletagmanager.com *.googleapis.com *.heapanalytics.com heapanalytics.com *.fides-cdn.ethyca.com *.ethyca.com cdn.ethyca.com cdn.vercel-insights.com va.vercel-scripts.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;child-src *.youtube.com *.youtube-nocookie.com *.stripe.com www.google.com td.doubleclick.net github.com calendly.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;style-src 'self' 'unsafe-inline' *.googleapis.com heapanalytics.com vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;img-src * blob: data:;media-src 'self' videos.ctfassets.net user-images.githubusercontent.com replicate.delivery blob: data: vercel.com *.vercel.com *.vercel.sh vercel.live *.stripe.com twitter.com *.twitter.com *.github.com *.codesandbox.io wss://*.vercel.com localhost:* chrome-extension://*;connect-src data: *;font-src 'self' *.vercel.com *.gstatic.com vercel.live;worker-src 'self' *.vercel.com blob: 5
frame-ancestors 'self' *.ci360.sas.com app.contentstack.com 5
frame-ancestors 'self' https://betterhearing.lightning.force.com https://betterhearing--staging.sandbox.lightning.force.com; 5
frame-ancestors 'self' https://es.chevrolet.com 5
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self'; style-src 'self'; frame-src 'none'; frame-ancestors 'none'; form-action 'none' 5
connect-src 'self' data: *.google.com https://freegeoip.app *.plyr.io https://noembed.com *.googleapis.com *.rdstation.com.br *.ampproject.org *.shoptarget.com.br *.linximpulse.net *.retargeter.com.br *.shopconvert.com.br ckies.net *.shopback.net *.viacep.com.br viacep.com.br *.voxus.tv api.ipify.org *.loggly.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.facebook.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com  https://ampcid.google.com.br https://s.yimg.com https://bat.bing.com https://cdn-prod.securiti.ai https://app.securiti.ai https://notify.bugsnag.com/ https://dashboard.purplemetrics.com.br/ https://boards-api.greenhouse.io/ https://cdn.linkedin.oribi.io/ https://cdn.privacytools.com.br/ *.clarity.ms/collect https://analytics.tiktok.com/ https://api2.amplitude.com/2/httpapi https://app.splithero.com/api/sync; font-src 'self' data: *.gstatic.com script.hotjar.com https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com *.bizographics.com *.rawgit.com *.googleapis.com *.unpkg.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ytimg.com *.facebook.net *.cloudfront.net *.rdstation.com.br *.w3-edge.com *.reclameaqui.com.br *.ampproject.org *.novahaus.com.br *.shoptarget.com.br *.shopback.net *.shopconvert.com.br *.voxus.com.br targeting.voxus.tv *.omguk.com *.hotjar.com snap.licdn.com https://cdn.mouseflow.com https://bat.bing.com https://s.yimg.com https://*.tailtarget.com https://d.tailtarget.com https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br  https://cdn.jsdelivr.net/gh/davidmz/apng-canvas@v2.0.0/build/apng-canvas.min.js https://cdn.privacytools.com.br/ https://www.clarity.ms/ https://analytics.tiktok.com/ https://cdn.jsdelivr.net/npm/@amplitude/amplitude-js-gtm@3.3.0/dist/index.js https://cdn.amplitude.com/libs/marketing-analytics-browser-gtm-0.8.0-min.js.gz https://cdn.amplitude.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.shopback.net https://cdn-prod.securiti.ai https://dashboard.purplemetrics.com.br/widget/widget.css https://dashboard.purplemetrics.com.br/widget/styles.css https://cdn.privacytools.com.br/; img-src 'self' data: *.linx.com.br *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.com.br *.doubleclick.net *.gravatar.com *.w.org *.linkedin.com *.shopback.net *.adsymptotic.com cliente.linx.com.br *.adnxs.com smartbmc.com.br *.smartbmc.com.br *.googletagmanager.com https://frame-images.com https://www.gstatic.com https://bat.bing.com https://sp.analytics.yahoo.com https://*.tailtarget.com https://qr-code.ithemes.com https://*.purplemetrics.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.privacytools.com.br/; default-src https: 5
upgrade-insecure-requests; frame-ancestors 'self' analytics.google.com analytics.webtrends.com secure.minorhotels.com *.anantara.com *.anantara.com.cn *.avanihotels.com *.avanihotels.com.cn *.naladhu.com *.oakshotels.com *.niyama.com world.nh-hotels.com *.naladhu.com.cn *.niyama.com.cn *.nhhotels.com.cn *.telerain.com:* 5
frame-ancestors 'self' *.daysmartpayments.com http://localhost:4200/ 5
frame-ancestors 'self' https://cms.hanleywood.com 5
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' ;  object-src 'none' ;  frame-ancestors 'self' ;  base-uri 'self' ;  prefetch-src 'self' ;  img-src https: data: ; 5
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' app.optimizely.com; 5
frame-ancestors 'self' https://cdn.adkaora.space; 5
frame-ancestors 'self' https://*.kayak.com https://www.kayak.com.ar https://www.kayak.com.au https://www.kayak.bo https://www.kayak.com.br https://www.kayak.cat https://www.kayak.cl https://www.cn.kayak.com https://www.kayak.com.co https://www.kayak.co.cr https://www.kayak.dk https://www.kayak.com.do https://www.kayak.com.ec https://www.kayak.com.sv https://www.kayak.fr https://www.kayak.de https://www.kayak.com.gt https://www.kayak.com.hn https://www.kayak.com.hk https://www.kayak.co.in https://www.kayak.co.id https://www.kayak.ie https://www.kayak.it https://www.kayak.co.jp https://www.kayak.com.my https://www.kayak.com.mx https://www.kayak.nl https://www.kayak.com.ni https://www.kayak.no https://www.kayak.com.pa https://www.kayak.com.py https://www.kayak.com.pe https://www.kayak.com.ph https://www.kayak.pl https://www.kayak.pt https://www.kayak.com.pr https://www.en.kayak.sa https://www.kayak.sg https://www.kayak.co.kr https://www.kayak.es https://www.kayak.se https://www.kayak.ch https://www.kayak.co.th https://www.kayak.com.tr https://www.kayak.ae https://www.kayak.co.uk https://www.kayak.com.uy https://www.kayak.co.ve 5
base-uri 'self'; frame-ancestors 'self' 5
frame-ancestors media.kaufland.de media.kaufland.com wissen-kaufland.kcenter.usu.com kaufland.staffbase.com 'self' 5
frame-ancestors 'self' apac.marketing.adobe.com 5
script-src 'self' https://itunes.apple.com www.youtube.com https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.youtube-nocookie.com; font-src https://fonts.gstatic.com; 5
form-action 'self'; 5
default-src 'self' data: http: https: ws: wss:; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src 'unsafe-inline' 'unsafe-eval' http: https:; 5
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' 5
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 5
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' http://webvisor.com 5
default-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.fjordmail.no; 5
default-src *; font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; media-src * blob:; 5
default-src 'self' *.via-mobilis.com api.via-mobilis.com http://media.viamobilis.export.doorlinkenvoorraad.nl https://stockway.pro accounts.google.com www.google.com *.googleadservices.com *.trustpilot.com *.googlesyndication.com *.googletagservices.com *.static-viamobilis.com static-viamobilis.com *.ampproject.net https://acdn.adnxs.com/ *.doubleclick.net *.criteo.com *.youtube.com youtube.com *.komoot.de photon.kamoot.de *.komoot.io photon.komoot.io *.hotjar.com *.usersnap.com criteo.net *.criteo.net *.tawk.to cloud.panono.com poulalion.eu *.vimeo.com www.recaptcha.net *.facebook.com https://platform.twitter.com ; img-src * *.google-analytics.com *.googletagmanager.com data: blob: 'self' ; script-src * *.googleanalytics.com *.google-analytics.com *.googleoptimize.com https://photon.komoot.de/ https://my.via-mobilis.com/ 'unsafe-inline' 'unsafe-eval' data: blob:; style-src * 'self' 'unsafe-inline' https://static-viamobilis.com; font-src * data:; connect-src * data: 'self'; base-uri 'self' ; worker-src * data: blob: 5
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.verbraucherzentrale.de cdn.jsdelivr.net player.podigee-cdn.net cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com verbraucherzentrale-sachsen.cloud.purpleview.de https://www.verbraucherzentrale.de/ https://www.verbraucherzentrale.nrw/core/modules/ckeditor/ https://vimeo.com/ https://podcast-player.audiocon.de/  https://secure.spendenbank.de https://www.audiocon.de/ https://lebensmittel-reise.de/foodmap/ https://www.googletagmanager.com https://gemeinschaftsredaktion.de https://www.googleadservices.com https://googleads.g.doubleclick.net https://api.kns.codiac.de https://player.podigee-cdn.net/podcast-player https://cdn.podigee.com https://cdnjs.cloudflare.com https://code.highcharts.com https://cdn.podlove.org https://verbraucherzentrale.bryter.io https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://static.newsletter2go.com/ https://cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://app.bryter.io https://heizsystemvergleich.vz-nrw.de https://maps.googleapis.com https://www.helpmundo.de https://www.helpdirect.org https://rdr.kns.codiac.de https://empathy-portal.de/ https://matomo.verbraucherzentrale.de/ https://unpkg.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'unsafe-eval' *; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://secure.spendenbank.de https://matomo.verbraucherzentrale.de ton.twimg.com platform.twitter.com syndication.twitter.com https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://fonts.googleapis.com/ https://prod-bryter-assets.s3.eu-central-1.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.podlove.org https://rdr.kns.codiac.de https://www.verbraucherzentrale.nrw https://unpkg.com ; frame-ancestors 'self' *.verbraucherzentrale.de verbraucherzentrale.de vznrw-piwik.init-ag.de cdn.jsdelivr.net gemeinschaftsredaktion.de *.gemeinschaftsredaktion.de vzbv.de www.vzbv.de test.vzbv.de www.fakeshoperkennung.de www.fake-shop-erkennung.de www.verbraucherzentrale-niedersachsen.de www.verbraucherzentrale-niedersachsen.de; object-src 'self' cdn.jsdelivr.net  *.verbraucherzentrale.de; 5
frame-ancestors 'self'; object-src 'self' 5
frame-ancestors whitelabel.camspower.com cams.dnxlive.com 5
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr *.mapfre.cr; 5
require-trusted-types-for 'script';report-uri /recaptcha/challengepage/_/RecaptchaChallengePageUi/cspreport 5
default-src * 'unsafe-inline' 'unsafe-eval' 5
default-src * 'unsafe-inline' 'unsafe-eval'; 5
frame-ancestors 'none'; report-uri https://prod-bk-csp-service.rbictg.com/csp; report-to csp-endpoint 5
frame-ancestors 'self' http://admin.bonami.cz 5
frame-ancestors 'self' https://preview.plaece.nl 5
frame-ancestors 'self' *.deloitte.com; 5
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.sanity.io www.youtube.com www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com fonts.gstatic.com www.google-analytics.com www.googletagmanager.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk static.hotjar.com static.ads-twitter.co mwww.facebook.com dc.ads.linkedin.com t.co vars.hotjar.com in.hotjar.com p.adsymptotic.com analytics.twitter.com cdn.jsdelivr.net d1a1ax4tcp3m3j.cloudfront.net dqm.crownpeak.com geolocation.onetrust.com cdn.baycloud.com static.ads-twitter.com connect.facebook.net snap.licdn.com staticcontents.investisdigital.com script.hotjar.com maps.googleapis.com sc.lfeeder.com netlify-cdp-loader.netlify.app cd-prod.wdesk.com www.googleadservices.com assets.adobedtm.com unilever.d3.sc.omtrdc.net acdn.adnxs.com js-agent.newrelic.com bam.nr-data.net insight.adsrvr.org cdn.cookielaw.org *.demdex.net cm.everesttech.net c.evidon.com 5
report-to default 5
default-src  'self' https://*.dcube.cloud/ ;  script-src  'self'  'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag blob:  https://assets.dcube.cloud  https://*.wogaa.sg  https://assets.adobedtm.com  https://www.google-analytics.com  https://cdnjs.cloudflare.com  https://va.ecitizen.gov.sg  https://*.cloudfront.net  https://printjs-4de6.kxcdn.com  https://unpkg.com  https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net  https://connect.facebook.net  https://graph.facebook.com  https://facebook.com  https://www.facebook.com  https://*.googletagmanager.com https://*.licdn.com  https://webchat.vica.gov.sg  https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ;  object-src  'self' ;  style-src  'self'  'unsafe-inline' https://fonts.googleapis.com/  https://*.cloudfront.net  https://va.ecitizen.gov.sg  https://*.wogaa.sg  https://cdnjs.cloudflare.com  https://datagovsg.github.io  https://webchat.vica.gov.sg  https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ;  img-src  * ;  media-src  * ;  frame-src  https://form.gov.sg/  https://wogaa.demdex.net/  https://*.youtube.com  https://*.youtube-nocookie.com  https://*.vimeo.com  https://vimeo.com https://www.google.com  https://checkfirst.gov.sg  https://www.checkfirst.gov.sg  https://docs.google.com  https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ;  frame-ancestors  'none' ;  font-src  *  data: ;  connect-src  'self'  https://dpm.demdex.net  https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com  https://stats.g.doubleclick.net  https://*.wogaa.sg  https://va.ecitizen.gov.sg  https://ifaqs.flexanswer.com  https://*.cloudfront.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://wogadobeanalytics.sc.omtrdc.net  https://data.gov.sg  https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://authmiddleware.ap.sabio.cloud https://1v7dzgzjkk-*.algolianet.com/ ; 5
default-src 'none'; connect-src yandex.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.com https://fundingchoicesmessages.google.com  http://pagead2.googlesyndication.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net *.google-analytics.com https://clk.streamgo.ru 'report-sample'; font-src https://yastatic.net https://fonts.gstatic.com; frame-src https://yastatic.net https://*.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com 'report-sample'; img-src * data: 'report-sample'; manifest-src 'self'; media-src data: 'self' https://strm.yandex.ru https://*.strm.yandex.net https://cdn.streamgo.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yandex.ru https://yastatic.net https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.in https://adservice.google.co.jp https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.gh https://adservice.google.com.ng https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://adservice.google.sk https://adservice.google.sn https://adservice.google.tm https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com www.googletagmanager.com https://www.gstatic.com https://mc.yandex.ru https://mc.yandex.com 'report-sample'; style-src 'self' 'unsafe-inline' https://www.gstatic.com 'report-sample'; report-uri /csp-report.php 5
default-src 'self' *.idrive.com *.idrivesync.com  https://graph.facebook.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chatbot.com https://www.clarity.ms https://*.bing.com https://maxaccess-api.onlineada.workers.dev https://snap.licdn.com https://px.ads.linkedin.com https://cdn.jsdelivr.net https://js.zohocdn.com https://salesiq.zoho.com https://embed.tawk.to https://app.chatsupport.co https://*.zendesk.com https://static.zdassets.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://js.hcaptcha.com https://*.facebook.com https://bmrsignal.idrivelite.com https://*.google.com https://apis.google.com https://accounts.google.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://cdn.livechatinc.com https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://ajax.googleapis.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.google.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://js.stripe.com https://www.googletagmanager.com https://api.maxaccess.io; img-src https://* 'self' data: blob: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.tawk.to https://css.zohocdn.com https://tagmanager.google.com https://static.idriveonlinebackup.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com; font-src https://* https://fonts.gstatic.com data: ; object-src 'self' https://secure.livechatinc.com; frame-src https://* 'self' data: blob:; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; frame-ancestors 'self'; 5
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://i.checkmybus.com https://cdn.priv.center https://prod-origin.truendo.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.bstatic.com https://*.services.visualstudio.com https://script.crazyegg.com https://*.msecnd.net https://cdn.jsdelivr.net https://*.doubleclick.net https://securepubads.g.doubleclick.net https://adservice.google.de https://script.crazyegg.com https://tpc.googlesyndication.com https://*.google.com https://*.googleusercontent.com https://*.gstatic.com https://www.googleadservices.com https://cdn.ampproject.org https://*.facebook.net https://*.facebook.com https://*.fontawesome.com https://monitor.azure.com https://*.monitor.azure.com https://e-js.zonka.co https://www.clarity.ms https://unpkg.com; style-src 'self' 'unsafe-inline' https://i.checkmybus.com https://fonts.googleapis.com https://*.fontawesome.com https://accounts.google.com https://*.googletagmanager.com; frame-src 'self' https://*.googletagmanager.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.booking.com https://*.bstatic.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.google.com https://*.youtube.com/ https://*.facebook.com https://*.msecnd.net https://*.services.visualstudio.com https://e.zonka.co; worker-src 'self' blob: 'unsafe-eval' 'unsafe-inline' www.checkmybus.com; form-action 'self' www.checkmybus.com.ar www.checkmybus.com.br https://blog.checkmybus.com.br www.checkmybus.cz www.checkmybus.cl www.checkmybus.co www.checkmybus.de https://blog.checkmybus.de www.checkmybus.co.uk https://blog.checkmybus.co.uk www.checkmybus.com https://blog.checkmybus.com www.checkmybus.es https://blog.checkmybus.es www.checkmybus.fr https://blog.checkmybus.fr www.checkmybus.hr www.checkmybus.it https://blog.checkmybus.it www.checkmybus.my www.checkmybus.com.mx www.checkmybus.nl www.checkmybus.at www.checkmybus.pe www.checkmybus.pl https://blog.checkmybus.pl www.checkmybus.pt www.checkmybus.ch www.checkmybus.com.tr partner-bahn.de reiseauskunft.bahn.de; base-uri 'self' i.checkmybus.com 5
font-src 'none' 5
frame-ancestors 'self' https://*.getresponse.com 5
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au 5
policy-definition 5
unsafe-inline 5
frame-ancestors 'self' https://translate.google.com 5
script-src https://www.gstatic.com/ https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://www.gstatic.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ 'self' 'unsafe-inline'; default-src 'self'; frame-src https://docs.e-iepdata.com 'self'; font-src https://www.gstatic.com/ https://fonts.gstatic.com/ 'self'; img-src data: https: 'self'; connect-src https://*.e-iepdata.com https://www.gstatic.com/ https://csp.withgoogle.com https://translate.googleapis.com/ https://translate-pa.googleapis.com 'self'; 5
style-src https://www.paypal.com/ https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; base-uri 'self'; script-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ 'nonce-123b4d83f3394b2ecb4fa647ab27f551' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/ https://*.yodlee.com/ https://cdn.amplitude.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/; form-action * paypal://remittance/link-paypal-account https://*.xoom.com/ https://*.paypal.com/; frame-src *; img-src 'self' data: https:; connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://*.segment.io/ https://*.segment.com/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://www.paypalobjects.com/ https://*.preview.dev.paypalinc.com/;  worker-src 'self'; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; media-src https://ssl.gstatic.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; font-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; 5
frame-ancestors 'self' *.plentymarkets-cloud-ie.com 5
frame-ancestors 'self' https://gtranslate.io; 5
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: cdn.intersport.serv.si www.intersport.si intersport.si www.intersport.hr appleid.cdn-apple.com/appleauth/ applepay.cdn-apple.com *.cookiebot.com cdnjs.cloudflare.com ajax.googleapis.com fcm.googleapis.com fonts.googleapis.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.googleoptimize.com maps.googleapis.com maps.gstatic.com fonts.gstatic.com www.gstatic.com *.google.com google.com www.google.si www.google.de googleads.g.doubleclick.net stats.g.doubleclick.net omara.cdn-cnj.si img.cdn-cnj.si cpx.smind.si cpx.smind.hr cpx.smind.rs chimpstatic.com connect.facebook.net stats.g.doubleclick.net www.facebook.com *.creativecdn.com creativecdn.com *.paypal.com www.paypal.com www.paypalobjects.com platform.linkedin.com *.twitter.com *.pinterest.com www.youtube.com *.mercator.si maxcdn.bootstrapcdn.com secure.gravatar.com dts.cld.bz edge.fullstory.com fullstory.com rs.fullstory.com www.pimcore.org yoast.com *.braintreegateway.com *.braintree-api.com *.segmentify.com cdn.sgmntfy.com api.instacloud.io *.fna.fbcdn.net *.vimeo.com i.vimeocdn.com my.matterport.com my.mpskin.com graph.instagram.com *.cdninstagram.com cdn.crobox.io api.crobox.com; frame-ancestors 'self' blob: https://vr.intersport.si https://vr.intersport.hr https://vr.intersport.rs https://vr.intersport.ba https://vr.intersport.me; 5
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org:* https://cdnjs.cloudflare.com:*; worker-src 'self' blob:; script-src-elem 'self' http: https: 'unsafe-inline'; 5
default-src 'self' https://* data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob:; style-src 'self' 'unsafe-inline' https://*  data: blob:; frame-src 'self' https://*; frame-ancestors 'self';img-src 'self' https://* data: blob: ;media-src 'self' https://* data: blob: ;font-src 'self' https://* data: blob: 5
script-src 'self' 'unsafe-eval' blob: open.spotifycdn.com open-review.spotifycdn.com quicksilver.scdn.co www.google-analytics.com www.googletagmanager.com static.ads-twitter.com analytics.twitter.com s.pinimg.com sc-static.net https://www.google.com/recaptcha/ cdn.ravenjs.com connect.facebook.net www.gstatic.com sb.scorecardresearch.com pixel-static.spotify.com cdn.cookielaw.org geolocation.onetrust.com www.googleoptimize.com www.fastly-insights.com static.hotjar.com script.hotjar.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion/ https://analytics.tiktok.com/i18n/pixel/sdk.js https://analytics.tiktok.com/i18n/pixel/identify.js https://analytics.tiktok.com/i18n/pixel/config.js https://www.redditstatic.com/ads/pixel.js https://t.contentsquare.net/uxa/22f14577e19f3.js 'sha256-WfsTi7oVogdF9vq5d14s2birjvCglqWF842fyHhzoNw=' 'sha256-KRzjHxCdT8icNaDOqPBdY0AlKiIh5F8r4bnbe1PQwss=' 'sha256-Z5wh7XXSBR1+mTxLSPFhywCZJt77+uP1GikAgPIsu2s='; frame-ancestors 'self'; 4
frame-ancestors 'self' *.intuit.com 4
upgrade-insecure-requests; frame-ancestors 'self' https://stackexchange.com 4
frame-ancestors 'self' *.dynatrace.org *.dynatrace.com *.dynatrace.cn 4
frame-ancestors 'self' https://www.thomsonreuters.com 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://fp.zenaps.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.dwin1.com/ https://www.youtube.com/iframe_api https://s.ytimg.com https://assets.planethoster.com/ https://maps.googleapis.com/ https://ads2.adverline.com/ https://tags.dynamo.one/ https://smct.co/ https://apis.google.com/ https://widget.trustpilot.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://lantern.roeyecdn.com/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/; img-src 'self' www.facebook.com data: https://www.planethoster.com/ https://assets.planethoster.com/ https://maps.gstatic.com/ https://smct.co/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.ca/ https://www.google.fr/ https://www.google.be/ https://www.google.ch/ https://bat.bing.com/ https://lantern.roeye.com/ https://c.clarity.ms/; font-src 'self' data: fonts.gstatic.com https://assets.planethoster.com/; frame-src https://www.awin1.com/ https://www.zenaps.com/ https://ads2.adverline.com/ https://staticxx.facebook.com/ https://www.google.com/ https://www.facebook.com/ https://player.vimeo.com https://www.youtube.com/ https://tags.dynamo.one/ https://smct.co/ https://accounts.google.com/ https://widget.trustpilot.com/ https://td.doubleclick.net/; connect-src 'self' https://stats.g.doubleclick.net/ https://fp.zenaps.com/ https://assets.planethoster.com/ https://smct.co/ https://widget.trustpilot.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://bat.bing.com/ https://z.clarity.ms/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://assets.planethoster.com/; 4
frame-ancestors *.ivanti.com https://dash.cloudflare.com 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *; 4
default-src 'self' *.vidyard.com *.onetrust.com *.visualwebsiteoptimizer.com *.vwo.com;                     frame-ancestors 'self';                     form-action *;                     object-src 'none';                     base-uri 'none';                     style-src * 'unsafe-inline';                     script-src * 'unsafe-inline' 'unsafe-eval';                     img-src * 'unsafe-inline' 'unsafe-eval' data: blob:;                     connect-src *;                     worker-src * blob:;                     frame-src *;                     font-src * data:;                     media-src *; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 4
frame-ancestors na.amzheimdall.com delorean-na.amazon.com delorean-prod.corp.amazon.com delorean-na.sandbox.amazon.com delorean-sandbox.corp.amazon.com delorean-preprod.corp.amazon.com delorean-beta.corp.amazon.com delorean-alpha.corp.amazon.com potserviceui-gamma.vrsnl.com potserviceui-gamma.zappos.com potserviceui-gamma.6pm.com drive-render.corp.amazon.com cscentral-na-beta.vipinteg.amazon.com cscentral.amazon.com delorean-6pm-gamma.corp.amazon.com delorean-6pm-preprod.corp.amazon.com delorean-6pm-prod.corp.amazon.com delorean-6pm-na.amazon.com; report-uri /marty/api/csp-report 4
object-src 'self'; report-uri https://ayba8dhs.uriports.com/reports/report; report-to default 4
frame-ancestors 'self' *.cybersource.com *.salesforce.com *.force.com *.salesforce-sites.com ; form-action *.cybersource.com *.salesforce.com *.force.com 'self' *.salesforce-sites.com 4
frame-ancestors 'self' https://guides.opentext.com https://content.microfocus.com; default-src data: 'unsafe-inline' 'unsafe-eval' https:;style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src  https:; connect-src https:; object-src https:; child-src https:; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: legacy.questdiagnostics.com www.questdiagnostics.com *.scene7.com  tags.tiqcdn.com  www.googletagmanager.com www.youtube.com analytics.js *.google-analytics.com *.qualtrics.com img04.en25.com cdn.cookielaw.org maps.googleapis.com *.questdiagnostics.com *.demandbase.com js.hs-analytics.net secure.quantserve.com bs.serving-sys.com api.fouanalytics.com *.linkedin.com  *.licdn.com; connect-src 'self' *.scene7.com  target.questdiagnostics.com *.google-analytics.com stats.g.doubleclick.net *.qualtrics.com cdn.cookielaw.org *.onetrust.com maps.googleapis.com *.questdiagnostics.com dpm.demdex.net wss: directline.botframework.com api.company-target.com api.fouanalytics.com *.demandbase.com  *.linkedin.com  *.licdn.com; frame-ancestors 'self' *.questdiagnostics.com *.qdx.com 4
default-src 'self' https: blob:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://build.cloudbees.com;font-src 'self' https: data:;img-src 'self' https: data:;frame-ancestors 'self' https://*.contentful.com;object-src 'none';upgrade-insecure-requests 4
frame-ancestors 'self' https://nurture.solarwinds.com/ https://solarwinds.pathfactory.com/ https://orangematter.solarwinds.com/ https://thwack.solarwinds.com/ https://www.solarwinds.com/ https://try.solarwinds.com/ https://customerportal.solarwinds.com/ https://www.g2.com/ 4
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; worker-src blob:; object-src https://wnyc-project-prod.s3.amazonaws.com; frame-ancestors 'self' localhost *; media-src 'self' *; 4
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: wss://* http://* https://*; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rtx.com https://*.raytheon.com https://*.rtxapps.com blob: https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://*.crazyegg.com https://ipmeta.io https://*.licdn.com https://*.linkedin.com https://static.ads-twitter.com https://connect.facebook.net https://www.youtube.com https://www.googleadservices.com https://*.twimg.com https://*.twitter.com https://rockwellcollinsaerospace.us-7.evergage.com https://static.ctctcdn.com https://listgrowth.ctctcdn.com https://visitor2.constantcontact.com/api/v1/signup_forms/209bf8ea-ae37-4c00-b293-172a892f887b https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: data: https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/development/scripts/evergage.min.js  https://cdn.evgnet.com/beacon/rockwellcollinsaerospace/production/scripts/evergage.min.js;          img-src 'self' https://*.rtx.com data: www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.linkedin.com https://p.adsymptotic.com https://*.licdn.com https://t.co https://www.facebook.com https://*.twimg.com https://*.twitter.com https://static.ctctcdn.com https://*.siteimproveanalytics.io https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com https://*.ggpht.com data:;            style-src 'self' 'unsafe-inline' https://*.rtx.com https://*.raytheon.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.licdn.com https://*.twitter.com https://*.twimg.com https://static.ctctcdn.com;            font-src 'self' https://*.rtx.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;            frame-src 'self' https://app.prattwhitney.com https://*.twitter.com https://*.fls.doubleclick.net https://*.rtx.com https://*.youtube.com/ https://*.raytheon.com https://www.rockwellcollins.com https://*.salesforce.com *.google.com; upgrade-insecure-requests; block-all-mixed-content; worker-src blob: ; 4
default-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://js.adsrvr.org https://*.maerskline.com https://*.apmoller.net https://*.akamaihd.net https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.steelcentral.net *.mpstat.us *.akstat.io https://*.igodigital.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pub.s1.exacttarget.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.google-analytics.com https://*.cookieinformation.com https://www.datadoghq-browser-agent.com/datadog-rum-eu.js https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://*.contentsquare.com https://www.datadoghq-browser-agent.com/datadog-rum.js https://screencapture.kampyle.com https://screencapture-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://snap.licdn.com https://px.ads.linkedin.com https://connect.facebook.net https://www.facebook.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://*.decibelinsight.net https://*.decibel.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com; img-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://insight.adsrvr.org https://match.adsrvr.org https://*.maerskline.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://lh3.googleusercontent.com https://*.steelcentral.net https://*.vimeocdn.com https://*.youtube.com https://*.igodigital.com https://*.akamaihd.net https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://pixel.mathtag.com https://bs.serving-sys.com https://www.google.co.uk https://api.adsymptotic.com https://media-cdn.ipredictive.com https://*.linkedin.com https://*.facebook.com https://*.twitter.com https://vk.com https://mail.ru https://clickserve.dartsearch.net https://*.doubleclick.net https://*.google.dk https://secure.adnxs.com https://cs.adingo.jp https://admaym.com https://ih.adscale.de https://d.agkn.com https://ib.adnxs.com https://x.bidswitch.net https://stags.bluekai.com https://pix.btrll.com https://contextual.media.net https://dis.criteo.com https://e.nexac.com https://loadm.exelator.com https://cs.gssprt.jp https://global.ib-ibi.com https://ad.360yield.com https://dsum-sec.casalemedia.com https://beacon.krxd.net https://idsync.rlcdn.com https://ums.adtechus.com https://sync.adaptv.advertising.com https://us-u.openx.net https://simage2.pubmatic.com https://bh.contextweb.com https://idsync.reson8.com https://pixel.rubiconproject.com https://uipglob.semasio.net https://rtb-csync.smartadserver.com https://ad.sxp.smartclip.net https://sync.go.sonobi.com https://ce.lijit.com https://sync.search.spotxchange.com https://ads.stickyadstv.com https://delivery.swid.switchads.com https://aa.agkn.com https://ads.yahoo.com https://u3s.mathtag.com https://eu-u.openx.net https://serving.experianmarketingservices.digital https://uip.semasio.net https://fo-api.omnitagjs.com https://*.akstat.io https://*.bing.com https://*.virtualearth.net https://*.contentsquare.net https://screencaptue-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://*.salesforce.com https://*.force.com https://maersk.my.salesforce-sites.com; object-src 'self' ; style-src 'self' 'unsafe-inline' https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.apmoller.net https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.maerskline.com https://*.force.com https://*.bing.com https://*.virtualearth.net https://resources.digital-cloud.medallia.eu https://screencaptue-cdn.kampyle.com https://nebula-cdn.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com; frame-src https://*.maersk.com https://*.maersk.com.cn https://insight.adsrvr.org https://match.adsrvr.org https://*.maersk.io https://*.maerskline.com https://*.apmoller.net http://emanage.maerskline.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.google.com https://www.youtube.com/embed/ https://player.vimeo.com/video/ https://service.force.com https://*.cookieinformation.com https://*.youku.com/ https://*.force.com/  https://*.salesforce.com https://app.powerbi.com http://my.maerskline.com https://*.doubleclick.net https://reporting.damco.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud.medallia.eu https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com; font-src 'self' data: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.gstatic.com https://*.googleapis.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com; connect-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://maersk.my.salesforce-scrt.com https://chatbot-test-app.herokuapp.com https://maersk.my.site.com https://maersk.my.salesforce-sites.com wss://proxy2.scm.maersk.com; worker-src 'self' data: gap: https://*.maersk.com https://*.maersk.com.cn https://*.maersk.io https://*.maerskline.com https://*.apmoller.net https://*.go-mpulse.net https://*.salesforceliveagent.com https://*.force.com *.mpstat.us *.akstat.io https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://*.akamaihd.net https://*.igodigital.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://*.logs.datadoghq.eu https://100qrcey9nsltilmpwezagts.blob.core.windows.net https://*.cookieinformation.com https://*.bing.com https://*.virtualearth.net https://*.visualforce.com https://*.contentsquare.net https://stats.g.doubleclick.net https://resources.digital-cloud.medallia.eu https://ubt-lb.digital-cloud.medallia.eu https://sbt-prod.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://hcaptcha.com https://*.hcaptcha.com https://maersk.tradelens.com https://platform.tradelens.com https://clientstream.launchdarkly.com https://app.launchdarkly.com https://events.launchdarkly.com blob:; 4
frame-ancestors 'self' commander.weatherops.com 4
upgrade-insecure-requests;frame-ancestors 'self' https://www.medscape.com https://dusandbox.skipta.com https://doctorunite.com https://generationNP.com https://cardiologistconnect.com https://paunite.com https://cardiologistconnectsandbox.skipta.com https://next.brella.io/ https://www.staging.medscape.com/ https://www.skipta.com/ https://staging.medscape.com/ https://skipta.com/ https://medscape.com/ https://endocrinologistnation.com https://www.endocrinologistnation.com https://amgenicpsp.lightning.force.com/ 4
frame-ancestors *.npo.nl *.bijnpo.nl *.npotest.nl *.npoacc.nl 4
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
frame-ancestors 'self' https://webvisor.com https://awards.ratingruneta.ru 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.sanity.io/files/ https://analytics.twitter.com/ https://static.ads-twitter.com/uwt.js https://www.redditstatic.com/ads/pixel.js https://player.vimeo.com/api/player.js https://kantarinteractive.3mil-demo.co.uk/ https://media-cdn.ipredictive.com/js/cirt_v2.min.js https://go.in.kantar.com/ https://media-cdn.ipredictive.com/js/ https://www.googleadservices.com/ https://online2.superoffice.com/ https://snap.licdn.com/li.lms-analytics/ https://services.cognitoforms.com/scripts/ https://embedsocial.com/cdn/iframe.js https://embedsocial.com/embedscript/in.js https://view-awesome-table.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/pagead/conversion_async.js https://cdn.jotfor.ms/js/ https://js.jotform.com/ https://js.jotform.com/vendor/ https://cdn.jotfor.ms/static/ https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/ https://form.jotform.com/jsform/ https://js.hs-analytics.net/analytics/1598004900000/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com/3788602.js https://js.hscollectedforms.net/collectedforms.js https://forms.hsforms.com/ https://js.hs-scripts.com/3788602.js https://js.hsforms.net/forms/v2.js https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.js https://s.ytimg.com https://www.youtube.com/iframe_api https://pi.pardot.com/ https://go.tnsglobal.com/ https://preferences.kantarworldpanel.com/ https://go.millwardbrown.com/ https://www2.kantar.com https://consent.cookiebot.com/ https://cdn.saberfeedback.com https://feedback.saberfeedback.com/ https://www.youtube.com https://ssl.google-analytics.com/ga.js https://ajax.googleapis.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://ct.capterra.com/ https://gomedia.kantar.com/ https://ws.zoominfo.com/ https://e.infogram.com/ https://consentcdn.cookiebot.com https://player.podigee-cdn.net/ https://digitalpacemaker.podigee.io/ https://crm.zoho.eu/ https://crm.zohopublic.eu/ js-eu1.hsforms.net https://extend.vimeocdn.com https://79b5d9bf7db0483cbfe2471a3040bd31.js.ubembed.com/ https://assets.ubembed.com/ https://scripts.teamtailor-cdn.com siteimproveanalytics.com https://static.hotjar.com https://script.hotjar.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://go.kantarmarketplace.com https://js-na1.hsforms.net https://js-eu1.hsforms.net https://js.hsforms.net https://7f346aea2e09467584ee8045e9295981.js.ubembed.com https://www.cognitoforms.com/ https://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/analytics/ https://js-eu1.hubspot.com/web-interactives-embed.js https://js-eu1.hs-banner.com/26080127.js https://js-eu1.hscollectedforms.net/collectedforms.js; style-src 'self' 'unsafe-inline' https://cdn.sanity.io/files/ https://embedsocial.com/cdn/iframe-lightbox.min.css https://cdn.jotfor.ms/wizards/languageWizard/custom-dropdown/css/ https://cdn.jotfor.ms/css/styles/payment/ https://cdn.jotfor.ms/themes/CSS/ https://cdn.jotfor.ms/css/ https://cdn.jotfor.ms/css/styles/ https://cdn.jotfor.ms/static/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://euc-widget.freshworks.com https://app-static.turtl.co/embed/turtl.embed.v1.css https://feedback.saberfeedback.com/ https://cdn.saberfeedback.com https://tagmanager.google.com/ https://fast.fonts.net https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com; connect-src *; img-src 'self' data: https://668620654.privacysandbox.googleadservices.com/ https://405677348.privacysandbox.googleadservices.com/ https://pixel.tapad.com/  https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://stags.bluekai.com/ https://pixel.advertising.com/ https://dsum-sec.casalemedia.com/ https://eu-u.openx.net/ https://alb.reddit.com/ https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://simage2.pubmatic.com/ https://t.co/ https://ad.ipredictive.com/ https://www.google.co.za/pagead/1p-user-list/668928299/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.co.uk/ads/ https://events.jotform.com/ https://events.jotform.com/jsform/200924737274357/ https://cdn.jotfor.ms/ https://assets.turtl.co/covers/ https://www.google.co.za/ads/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://track.hubspot.com/ https://forms.hsforms.com/embed/v3/ https://forms.hubspot.com/outpost/formsnextembed/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ *.doubleclick.net https://www.google-analytics.com *.gstatic.com https://maps.googleapis.com https://assets.turtl.co/covers/5ef0c513e144c46e0f06dcca.jpg https://ct.capterra.com/ https://cdn.sanity.io/ https://media.glassdoor.com/ *.siteimproveanalytics.io https://static.hotjar.com https://script.hotjar.com https://forms-eu1.hsforms.com https://imgsct.cookiebot.com https://perf-eu1.hsforms.com/embed/v3/counters.gif https://track-eu1.hubspot.com/__ptq.gif; frame-src 'self' https://kantarinteractive.3mil-demo.co.uk/ https://www.mavens.co.uk/ https://11404277.fls.doubleclick.net/ https://app.livestorm.co/ https://app.powerbi.com/ https://newsletterform.z6.web.core.windows.net/ https://go.in.kantar.com/ http://mkt.kantar.com/ https://tns-portal.rexx-recruitment.com/ https://www.kantarlivefr.com/ https://online2.superoffice.com/ https://v.qq.com/ https://services.cognitoforms.com/f/ https://embedsocial.com/ https://view-awesome-table.com/ https://www.kantarworldpanel.com https://form.jotform.com/ https://submit.jotformeu.com/ https://app-widgets.jotform.io https://www3.kantarmedia.com/ https://datawrapper.dwcdn.net https://widgets.jotform.io/ https://www.kantarmarketplace.com/ https://preferences.kantarworldpanel.com/ https://html5-player.libsyn.com/ https://play.libsyn.com/ https://mkt.kantar.com/ https://forms.hsforms.com/ https://go.pardot.com/ https://go.na.kantar.com/ https://kantar.wd3.myworkdayjobs.com/ https://player.vimeo.com/ https://kantar.turtl.co/ https://www2.kantar.com/ https://staginglocal.kantarmarketplace.com https://go.kantarmarketplace.com/ https://www.youtube.com/iframe_api https://consentcdn.cookiebot.com/ https://go.millwardbrown.com/ https://www.google.com https://www.youtube.com https://apps.sitecore.net/ https://gomedia.kantar.com/ https://anchor.fm/ https://e.infogram.com/ https://player.podigee-cdn.net/ https://audionow.de/ cdn.jotfor.ms https://*.kantar.com/ forms-eu1.hsforms.com https://ktglbuc-my.sharepoint.com/ https://kantar.marketin.cn https://www.baidu.com/ https://forms.zohopublic.eu/ https://79b5d9bf7db0483cbfe2471a3040bd31.pages.ubembed.com https://vars.hotjar.com https://www2.kantar-xtel.com https://www.cognitoforms.com/ https://embed.acast.com/; frame-ancestors https://*.khapps.com https://*.khapps.jp; font-src 'self' data: https://cdn.sanity.io/files/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/ https://www.kantar.com/-/media/Themes/Kantar/Global/KantarMain/fonts/KantarBrown https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/fonts/ https://sites.kantarconsulting.com/toolbox/fonts/KantarBrownWeb-Regular.woff2 https://feedback.saberfeedback.com https://fonts.gstatic.com https://script.hotjar.com; media-src 'self' data: https://cdn.sanity.io/ https://vimeo.com/ 4
upgrade-insecure-requests; frame-ancestors 'none' 4
upgrade-insecure-requests; frame-ancestors *.gonitro.com *.live.com *.sharepoint.com 4
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://api.amplitude.com https://api2.amplitude.com  https://*.crazyegg.com wss://*.hotjar.com wss://*.qualified.com 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://*.zendesk.com https://*.myshopify.com https://teams.microsoft.com https://*.eloqua.com https://*.surveymonkey.com https://*.sharepoint.com https://*.worldpay.com https://*.cardinalcommerce.com https://*.office.com https://*.office365.com https://*.microsoft365.com; 4
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 4
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.vidyard.com *.google-analytics.com *.elliemae.com *.typekit.net *.eloqua.com *.crazyegg.com *.pingdom.net *.driftt.com *.drift.com *.vidyard.com *.tribl.io *.en25.com *.appspot.com *.facebook.net *.bing.com *.bizographics.com *.doubleclick.net *.linkedin.com *.facebook.com *.google.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.googleapis.com http://images.engage.elliemae.com/ *.gstatic.com *.myfonts.net *.googleadservices.com *.mapbox.com *.youtube.com *.vimeo.com *.swiftype.com *.jsdelivr.net *.disqus.com *.disquscdn.com disqus.com *.zoominfo.com *.pusher.com *.icemortgagetechnology.com *.pardot.com unpkg.com *.google.co.in www.googleoptimize.com cdn.cookielaw.org privacyportal.onetrust.com *.clickagy.com  *.demandbase.com match.prod.bidr.io id.rlcdn.com *.company-target.com vimeo.com *.licdn.com *.linkedin.oribi.io *.hsforms.com *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hs-scripts.com *.hsforms.net *.infogram.com 4
frame-ancestors dev.mwcbarcelona.com www.mwcbarcelona.com mwcbarcelona.com dev.mwc-africa.com www.mwc-africa.com mwc-africa.com dev.mwclasvegas.com www.mwclasvegas.com mwclasvegas.com dev.gsmaevents.com www.gsmaevents.com staging.gsmaevents.com gsmaevents.com gsma.force.com gsma.my.site.com 4
frame-ancestors 'self' https://www.renesas.cn http://www.renesas.cn https://icp.renesas.com http://icp.renesas.com https://icp.renesas.cn http://icp.renesas.cn http://www3.renesas.cn https://www3.renesas.cn 4
font-src 'self' 4
default-src blob: 'unsafe-eval' 'unsafe-inline' https: wss://lo2.msg.liveperson.net; img-src data: https:; font-src data: https: 4
default-src * 'unsafe-inline' 'unsafe-eval' data:; 4
frame-ancestors 'self' https://*.ariba.com https://*.micron.com https://*.iu.edu https://*.sciquest.com;object-src 'none'; 4
img-src 'self' cbpssubscriber.mygov.in img.youtube.com *.s3waas.gov.in secure.gravatar.com data: www.nic.in informatics.nic.in xn--m1bet4hqd2b.xn--h2brj9c xn--m1bet4hqd2b.xn--h2brj9c;connect-src 'self' *.s3waas.gov.in www.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src *;frame-src *;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in data: 4
frame-ancestors 'self'; object-src 'none' 4
worker-src blob: https://*.georgeson.com;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://content-assets.computershare.com https://ui.customsearch.ai https://s508159127.t.eloqua.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.evidon.com https://img03.en25.com https://js.adsrvr.org https://snap.licdn.com https://view.ceros.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://secure.quantserve.com https://*.pub.sfmc-content.com https://rules.quantcount.com https://*.adsrvr.org https://snap.licdn.com https://widget.trustpilot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.crazyegg.com https://bat.bing.com;connect-src https://www.googletagmanager.com https://www.google-analytics.com  https://ui.customsearch.ai  https://s508159127.t.eloqua.com https://*.evidon.com https://cdn.linkedin.oribi.io  https://siteintercept.qualtrics.com  https://rules.quantcount.com  https://pixel.quantcount.com https://stats.g.doubleclick.net https://*.crazyegg.com https://px.ads.linkedin.com https://content-images.computershare.com;img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://content-images.computershare.com data: https://content-images.computershare.com https://*.evidon.com https://px.ads.linkedin.com https://siteintercept.qualtrics.com https://pixel.quantcount.com https://pixel.quantserve.com https://pixel.rubiconproject.com https://*.adsrvr.org https://*.crazyegg.com https://secure.adnxs.com https://bat.bing.com https://bs.serving-sys.com;frame-src https://bc-unclaimedassets-uat.computershare.co.uk https://bc-unclaimedassets.computershare.co.uk https://view.ceros.com https://player.vimeo.com https://landing.computershare.com https://www.youtube.com https://www.military.com https://sls.co1.qualtrics.com https://*.pub.sfmc-content.com https://*.adsrvr.org https://widget.trustpilot.com https://*.pub.s6.sfmc-content.com https://8305233.fls.doubleclick.net https://www.canva.com https://*.crazyegg.com https://go.computershare-loan-services.com https://www.youtube-nocookie.com; 4
frame-ancestors 'self'; base-uri 'self'; 4
worker-src 'self' 4
object-src 'self'; 4
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://sbnation.coral.coralproject.net/api/graphql/live; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 4
default-src 'self' * data: blob:;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:;style-src 'self' * 'unsafe-inline';media-src 'self' * blob: 4
default-src 'none'; connect-src 'self' https://releases.grapheneos.org/; font-src 'self'; img-src 'self'; manifest-src 'self'; script-src 'self'; style-src 'self'; webrtc 'block'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; require-trusted-types-for 'script'; trusted-types 'none' 4
default-src 'none'; connect-src 'self' api.passwordpurgatory.com bloghelpers.troyhunt.com links.services.disqus.com syndication.twitter.com troyhunt.ghost.io *.google-analytics.com *.privacymanager.io; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src www.linkedin.com disqus.com c.disquscdn.com www.youtube.com player.vimeo.com twitter.com platform.twitter.com syndication.twitter.com omny.fm pastebin.com www.google.com; img-src 'self' c.disquscdn.com referrer.disqus.com syndication.twitter.com platform.twitter.com www.gravatar.com *.twimg.com data:; script-src 'self' passwordpurgatory.com c.disquscdn.com disqus.com troyhunt.disqus.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com syndication.twitter.com gist.github.com/troyhunt/ cdn.jsdelivr.net/ghost/ www.googletagmanager.com *.privacymanager.io www.google.com www.gstatic.com 'sha256-26FfYB0WAsKHsnA92jxqaHCDCNo7MV3NrLe1wgLwuI4=' 'sha256-4JqPqO/eQLWuWw1AE7dCvI9hPwiBcw0gy7uoLqS0ncg='; style-src 'self' 'unsafe-inline' c.disquscdn.com cdnjs.cloudflare.com platform.twitter.com ton.twimg.com assets-cdn.github.com github.githubassets.com fonts.googleapis.com; form-action *.twitter.com; media-src 'self'; prefetch-src 'self' c.disquscdn.com disqus.com; frame-ancestors 'self' troyhunt.ghost.io; upgrade-insecure-requests; report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 4
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'self'; report-uri https://vault.gostatera.com/collect/csp 4
default-src https: *.willistowerswatson *.wtwco data: blob: 'unsafe-eval' 'unsafe-inline' 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.everbridge.com https://*.everbridge.net https://*.g2crowd.com https://*.site.com https://*.salesforce-sites.com https://cdn.cookielaw.org https://*.onetrust.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://*.adsymptotic.com https://bestinenterpriseresilience.com https://*.bestinenterpriseresilience.com https://secure.adnxs.com https://*.cookiebot.com https://*.addtoany.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://*.hotjar.com https://*.hotjar.io https://www.g2.com  https://*.linkedin.com https://snap.licdn.com https://*.marketo.net https://*.marketwire.com https://*.marketo.com https://*.mktoresp.com https://*.mktoutil.com https://analytics.twitter.com https://static.ads-twitter.com https://*.driftt.com https://*.hotjar.com https://*.6sense.com https://*.6sc.co https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://www.comparably.com https://*.itcentralstation.com https://www.peerspot.com https://cdn.amcharts.com https://*.gravatar.com https://*.cdninstagram.com https://*.instagram.com https://player.simplecast.com https://*.vimeo.com https://vpn.seminolecountyfl.gov/ https://*.youtube.com https://*.ytimg.com https://*.zoominfo.com https://t.co/i/adsct https://*.gstatic.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.linkedin.oribi.io https://bat.bing.com https://c.bing.com https://*.clarity.ms https://*.adsrvr.org https://script.googleusercontent.com https://*.ziftsolutions.com https://*.ziftmarcom.com https://*.ziftone.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; media-src 'self' https://js.driftt.com; object-src 'self' https://*.everbridge.com;  style-src 'self' 'unsafe-inline' https://*.everbridge.com https://*.site.com https://*.force.com https://*.salesforce-sites.com https://fonts.googleapis.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googleoptimize.com https://www.googletagmanager.com https://tagmanager.google.com https://optimize.google.com https://www.google-analytics.com https://static.addtoany.com https://*.marketo.com https://*.ziftsolutions.com;  4
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com https://*.zdassets.com;  script-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com; connect-src https: 'unsafe-eval' 'unsafe-inline' data: blob: wss://*.pricespider.com http://*.pricespider.com wss://*.zopim.com https://*.zdassets.com; upgrade-insecure-requests; report-uri /csp.cgi; 4
frame-ancestors 'self' https://*.superoffice.com https://royalqueenseedssp.inone.useinsider.com 4
frame-ancestors 'self' *.umcchurches.org https://trinityoran.org https://enfieldum.org https://canaanum.org https://umclowell.org http://wesleychapelumcreidsville.org 4
frame-ancestors https://*.descartes.com https://*.folloze.com; report-uri /report-csp-violation 4
default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; 4
frame-ancestors 'self' *.affino.com; 4
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; base-uri 'self'; object-src 'self'; connect-src wss: https: 4
frame-ancestors 'self' *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 4
frame-ancestors http://*.almamedia.net https://*.almamedia.net https://login.leaddesk.com https://login-qed.leaddesk.com https://login-qed-fi1.leaddesk.com https://login-qed-fi2.leaddesk.com 4
object-src 'self' *.youtube.com; frame-ancestors 'self' 4
block-all-mixed-content; object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 4
https://miclarocorp.z01.azurefd.net https://fonts.googleapis.com 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' 4
frame-ancestors 'self' https://virtual-tours.msccruises.com; 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors: 'self' *.mheducation.com; 4
base-uri 'self'; frame-ancestors 'none'; report-uri /report-csp-violation 4
default-src 'self';media-src 'self' cdn.conversationalsdevelopment.nl/eneco/client/v2/sounds/beep.mp3;script-src 'self' 'unsafe-inline' 'unsafe-eval' script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js acdn.adnxs.com/dmp/up/pixie.js mktdplp102cdn.azureedge.net bat.bing.com cdn-dxp.enecogroup.com cdn.conversationalsdevelopment.nl api.seamly-app.com *.g.doubleclick.net svc.dynamics.com connect.facebook.net www.google-analytics.com www.googleadservices.com www.google.nl pagead2.googlesyndication.com www.google.com/recaptcha/api.js www.gstatic.com *.googletagmanager.com static.hotjar.com script.hotjar.com pixels.lemonpi.io snap.licdn.com/li.lms-analytics/insight.min.js snap.licdn.com/li.lms-analytics/insight.beta.min.js snap.licdn.com/li.lms-analytics/insight.old.min.js d10lpsik1i8c69.cloudfront.net tools.luckyorange.com s.pinimg.com ct.pinterest.com static.queue-it.net assets.queue-it.net eneco.queue-it.net www.reddit.com ads.reddit.com www.redditstatic.com tdn.r42tag.com api.salesfeed.com d3or5d0jdz94or.cloudfront.net static.ads-twitter.com w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net;connect-src 'self' wss: api.adcalls.nl *.in.applicationinsights.azure.com ib.adnxs.com bat.bing.com api.seamly-app.com api-digital.enecogroup.com ad.doubleclick.net stats.g.doubleclick.net bf53370xjr.bf.dynatrace.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com www.google.com adservice.google.com googleads.g.doubleclick.net stm.eneco.nl www.googletagmanager.com *.hotjar.com vc.hotjar.io d.lemonpi.io cdn.linkedin.oribi.io/partner/533658/domain/acc.eneco.nl/token cdn.linkedin.oribi.io/partner/533658/domain/eneco.nl/token px.ads.linkedin.com settings.luckyorange.com settings.luckyorange.net *.visitors.live pubsub.googleapis.com api.luckyorange.com ct.pinterest.com www.reddit.com www.redditstatic.com conversions-config.reddit.com d3or5d0jdz94or.cloudfront.net collect.kosi-analytics.io analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com api.usabilla.com;img-src 'self' data: ib.adnxs.com bat.bing.com cdn-dxp.enecogroup.com *.frontify.com lt45.net www.lt45.net www.rkn3.net rkn3.net ds1.nl www.ds1.nl *.fls.doubleclick.net ad.doubleclick.net *.g.doubleclick.net https://static.duurzaamwonen.eneco.nl https://edw-test.ams3.digitaloceanspaces.com www.facebook.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com www.google.nl ade.googlesyndication.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com script.hotjar.com d.lemonpi.io px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com d10lpsik1i8c69.cloudfront.net ct.pinterest.com www.reddit.com ads.reddit.com alb.reddit.com t.svtrd.com analytics.twitter.com t.co ads-twitter.com ads-api.twitter.com w.usabilla.com d6tizftlrpuof.cloudfront.net img.youtube.com;font-src 'self' cdn-dxp.enecogroup.com fonts.gstatic.com script.hotjar.com d6tizftlrpuof.cloudfront.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net;frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net td.doubleclick.net www.google.com vars.hotjar.com ct.pinterest.com t.svtrd.com d6tizftlrpuof.cloudfront.net *.youtube.com;child-src 'self' blob:;object-src 'none' 4
object-src 'none'; frame-ancestors 'self' 4
frame-ancestors https://sc10cm https://ih-sitecore-qa.hugoandcat.dev https://web-ih-sc-tst-cd-wus2.azurewebsites.net https://web-ih-sc-prd-cm-wus2.azurewebsites.net https://intermountain.dev.local 4
object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 4
default-src https: 'unsafe-inline' 'unsafe-eval' data: 4
require-trusted-types-for 'script';report-uri /_/PlayStoreUi/cspreport 4
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src 'self' https://hossa.inwx.com *.zammad.inwx.de ws: wss: *.google-analytics.com stats.g.doubleclick.net *.hossa.inwx.com; 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 4
default-src 'self' unsafe-inliv.es; style-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.googleapis.com cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' avatel.es *.avatel.es *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com connect.facebook.net analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleadservices.com *.doubleclick.net player.vimeo.com cdn.jsdelivr.net cdn-cookieyes.com; connect-src 'self' 'unsafe-inline' blob: avatel.es *.avatel.es clictv.es *.clictv.es *.googleapis.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.doubleclick.net *.facebook.com *.googlesyndication.com log.cookieyes.com https://cdn-cookieyes.com; img-src 'self' 'unsafe-inline' blob: data: avatel.es *.avatel.es secure.gravatar.com *.google.com *.google.es analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com *.googleapis.com maps.gstatic.com *.facebook.com correostelecom.es *.correostelecom.es *.doubleclick.net https://cdn-cookieyes.com; frame-src 'self' 'unsafe-inline' avatel.es *.avatel.es *.google.com *.doubleclick.net avatel.speedtestcustom.com *.facebook.com *.googletagmanager.com *.googlesyndication.com player.vimeo.com youtube.com *.youtube.com; font-src 'self' data: fonts.gstatic.com; 4
frame-ancestors 'self' https://onlinedegree.libf.ac.uk https://www.iu.de https://www.iu-dualesstudium.de https://www.iu-kombistudium.de https://www.iu-mystudium.de https://www.iu-group.com https://www.iu-careers.com https://www.iu.org https://www.iu-university.org https://www.iu-medicalschool.de https://www.iu-akademie.de https://app.storyblok.com https://www.iu-healthuniversity.de; 4
default-src 'self' data: blob:;script-src *.whatsapp.com *.whatsapp.net *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.twitter.com;style-src *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com 'self' data: blob:;connect-src *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net 'self' data: blob:;font-src *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net data: https://fonts.gstatic.com;img-src *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net 'self' data: blob: *.ytimg.com *.twitter.com;media-src *.fbcdn.net 'self' data: blob:;frame-src *.facebook.com *.whatsapp.com 'self' data: blob: https://*.youtube.com *.youtube-nocookie.com *.twitter.com;block-all-mixed-content;upgrade-insecure-requests; 4
frame-ancestors https://app.storyblok.com; 4
upgrade-insecure-requests; frame-ancestors 'self' https://www.domainsherpa.com; default-src 'self'; object-src 'none'; worker-src 'self'; frame-src 'self' https:; form-action 'self' https://www.paypal.com; font-src 'self' data: https://nameproscdn.com https://fonts.gstatic.com https://use.fontawesome.com; img-src 'self' data: https: blob:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://challenges.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://js.stripe.com https://www.google.com https://www.gstatic.com https://s.imgur.com https://platform.twitter.com https://cdn.syndication.twimg.com; style-src 'report-sample' 'self' 'unsafe-inline' https://nameproscdn.com https://platform.twitter.com; connect-src 'self' https://nameproscdn.com https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' https://nameproscdn.com 4
frame-ancestors https://cms-prod.brxm.grandvision.io 4
frame-ancestors 'self';frame-src 'self' data: youtube.com https://www.youtube.com youtu.be https://youtu.be embedsocial.com https://embedsocial.com livechat.messagebird.com https://livechat.messagebird.com/ ocw.messagebird.com/ https://ocw.messagebird.com/; 4
worker-src blob:;default-src 'self' http://www.ltgplc.com/ https://go.ltgplc.com https://go.to.peoplefluent.com https://pf-marketing.kzoplatform.com https://pf-customers.kzoplatform.com https://gomo.kzoplatform.com https://percolate.blogtalkradio.com https://www.blogtalkradio.com http://www.ltgplc.com/ https://go.ltgplc.com https://www.youtube.com https://go.pardot.com https://www.clickcease.com https://td.doubleclick.net;script-src-elem 'self' 'unsafe-inline' https://snap.licdn.com https://microapps.pf-labs.net https://go.to.peoplefluent.com https://ltg.breezy.hr https://pi.pardot.com/ https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://www.clickcease.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://www.youtube.com https://*.brilliantlocco.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://microapps.pf-labs.net https://cdn.inspectlet.com https://go.to.peoplefluent.com https://ltg.breezy.hr https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://pi.pardot.com https://go.ltgplc.com https://monitor.clickcease.com https://go.to.peoplefluent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://www.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.brilliantlocco.com;font-src 'self' data: https://ui.peoplefluent.com https://use.typekit.net https://fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://ui.peoplefluent.com https://microapps.pf-labs.net https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com;img-src 'self' data: https://d33wubrfki0l68.cloudfront.net https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.clarity.ms https://c.bing.com https://*.clarity.ms https://*.brilliantchap.com https://i.ytimg.com https://googleads.g.doubleclick.net https://*.brilliantlocco.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io;connect-src 'self' https://ltg.breezy.hr https://www.google-analytics.com https://go.to.peoplefluent.com https://stats.g.doubleclick.net https://monitor.clickcease.com https://region1.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clickcease.com https://adservice.google.com https://*.google.com https://cdn.linkedin.oribi.io https://s.clarity.ms https://*.clarity.ms https://*.brilliantchap.com https://*.api.sanity.io https://px.ads.linkedin.com https://*.brilliantlocco.com 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  style-src 'self' 'unsafe-inline'; img-src * data:; 4
none 4
frame-ancestors https://app.storyblok.com/ 4
default-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: data:; img-src data: https: blob: android-webview android-webview-video-poster:; font-src data: https:; connect-src *; media-src https: data: blob:; worker-src https: blob:; frame-src 'self' https:; frame-ancestors 'self'; upgrade-insecure-requests 4
default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; object-src 'none'; 4
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline'; 4
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; 4
frame-ancestors 'self' https://immobilier.jll.be https://events1.social27.com https://jll.maps.arcgis.com https://tools.jll.com https://journeys.jll.com https://qa-journeys.jll.com; 4
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:; 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: 4
default-src https: 4
base-uri 'self'; block-all-mixed-content; child-src 'self' blob:; connect-src 'self' *.force.com *.media.brightcove.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.tt.omtrdc.net *.eu.auth0.com *.usercentrics.eu adservice.google.com adservice.google.com api.dc.siemens.com assets.new.siemens.com blob: cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com cognito-identity.eu-west-1.amazonaws.com data.cdn.siemens.com dataplane.rum.eu-west-1.amazonaws.com dc.oracleinfinity.io dev.api.dc.siemens.com edge.api.brightcove.com geolocation.onetrust.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net metrics.brightcove.com www.siemens.com *.ingest.sentry.io privacyportal-eu.onetrust.com profiles.siemens.com searchapi.new.siemens.com secure.brightcove.com siemens.demdex.net siemens.sc.omtrdc.net siemensdigitalindustries.nanorep.co sts.eu-west-1.amazonaws.com tools.adlytics.net uat.api.dc.siemens.com visitor-services.nanorep.com w3.siemens.com www.facebook.com www.google.com www.google.com *.brapps.siemens.cloud *.brappsqa.siemens.cloud mktdplp102cdn.azureedge.net 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com *.virtualevent.siemens.com go.cuenect.de partnerinfo.siemens.at hitech.at www.siemens.at resource.finnchat.com api-fra.livechatinc.com ue2gfcryae.execute-api.eu-central-1.amazonaws.com sea-api.siemens.cloud sleeknotestaticcontent.sleeknote.com images.sleeknote.com dvt4t9p29wi8.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com www.hqs.sbt.siemens.com www.cdn.botfriendsx.com *.smooch.io wss://*.smooch.io d1p0l0wtisukf7.cloudfront.net author.new.siemens.com cdn.linkedin.oribi.io rs.eu1.fullstory.com cert-portal.siemens.com api.demandbase.com www.yousty.ch survey.adlytics.net ghsszvtech.execute-api.us-east-1.amazonaws.com participant.connect.us-east-1.amazonaws.com wss://tufsuyburufn.transport.connect.us-east-1.amazonaws.com gbs-emobility-chat.s3.us-east-1.amazonaws.com irpages2.eqs.com api.maze.co prompts.maze.co fairtouch.siemens.com cdn.fairtouch.siemens.com author.new.siemens.com community.siemens.com directline.botframework.com api.xcelerator.siemens.com api.marketplace.siemens.com public-apim.siemens.com reporting-hub.ryze-digital.de rqtchqd8nd.execute-api.eu-west-1.amazonaws.com wss://directline.botframework.com fkodf56x5k.execute-api.eu-west-1.amazonaws.com *.adyen.com *.xcelerator.siemens.com; default-src 'self' blob:; font-src 'self' cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com data: tools.adlytics.net script.hotjar.com www.cdn.botfriendsx.com reporting-hub.ryze-digital.de; frame-ancestors 'self' *.c2comms.cloud contentpath.siemens.com mc.contentpath.siemens.com resources.dc.siemens.com siemensfactoryautomation.pathfactory.com myaccount.lingotek.com; frame-src 'self' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu bid.g.doubleclick.net td.doubleclick.net cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com jobs.siemens-info.com pages.siemens-info.com playout.3qsdn.com sites.siemens-info.com tpc.googlesyndication.com www.facebook.com 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com secure-fra.livechatinc.com vars.hotjar.com *.c2comms.cloud *.siemens.com maestrobot.it-app.biz dvt4t9p29wi8.cloudfront.net *.adyen.com; img-src 'self' *.prod.boltdns.net *.siemens.com *.tt.omtrdc.net *.usercentrics.eu 825113843.privacysandbox.googleadservices.com ad.doubleclick.net adservice.google.com adservice.google.com android-webview-video-poster: blob: brightcove04pmdo-a.akamaihd.net cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com data: dc.ads.linkedin.com dc.oracleinfinity.io googleads.g.doubleclick.net metrics.brightcove.com px.ads.linkedin.com px4.ads.linkedin.com secure.adnxs.com siemens.mindsphere.io siemens.sc.omtrdc.net stats.adlytics.net t.co tr.outbrain.com trc.taboola.com www.facebook.com www.google.com www.google.com www.googletagmanager.com www.linkedin.com 322e30018b7e4846825041773c891f42.svc.dynamics.com e070f2c1c4514ee2b79becebacc0f9b2.svc.dynamics.com cdn.go.cuenect.net siemenscrm--c.vf.force.com siemenscrm.lightning.force.com siemenscrm.my.salesforce.com partnerinfo.siemens.at hitech.at baudoku.1000eyes.de cdn.livechatinc.com cdn.livechat-files.com analytics.sleeknote.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud *.smooch.io ib.adnxs.com maestrobot.it-app.biz www.blids.de analytics.twitter.com *.prescreen.io dvt4t9p29wi8.cloudfront.net reporting-hub.ryze-digital.de universe.send.microad.jp insight.adsrvr.org dq3yfnoirppqu.cloudfront.net *.adyen.com; manifest-src 'self' *.c2comms.cloud; media-src 'self' *.cf.brightcove.com *.media.brightcove.com assets.new.siemens.com blob: data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net secure.brightcove.com dvt4t9p29wi8.cloudfront.net; object-src players.brightcove.net w3.siemens.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.ste.dc.siemens.com *.usercentrics.eu ajax.googleapis.com analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com client.rum.us-east-1.amazonaws.com connect.facebook.net cookies.siemens.com d.oracleinfinity.io data.cdn.siemens.com dataplane.rum.eu-central-1.amazonaws.com geolocation.onetrust.com googleads.g.doubleclick.net img.en25.com jsd-widget.atlassian.com my.nanorep.com www.siemens.com players.brightcove.net profiles.siemens.com scripts.demandbase.com siemensdigitalindustries.nanorep.co snap.licdn.com static.ads-twitter.com tools.adlytics.net tpc.googlesyndication.com vjs.zencdn.net w3.siemens.com www.automation.siemens.com www.google.com www.google.com www.googleadservices.com www.googletagmanager.com mktdplp102cdn.azureedge.net wwwstage.siemens.com resource.finnchat.com cdn.livechatinc.com api.livechatinc.com api-fra.livechatinc.com secure-fra.livechatinc.com sleeknotecustomerscripts.sleeknote.com sleeknotestaticcontent.sleeknote.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud www.cdn.botfriendsx.com *.smooch.io 322e30018b7e4846825041773c891f42.svc.dynamics.com www.sfs.siemens.de *.virtualevent.siemens.com *.c2comms.cloud edge.eu1.fullstory.com snippet.maze.co reporting-hub.ryze-digital.de vi.ml314.com ml314.com; style-src 'self' 'unsafe-inline' *.force.com *.salesforce.com *.salesforceliveagent.com siemenscrm.my.salesforce-sites.com siemensint.my.salesforce-sites.com *.usercentrics.eu cdn.siemens-web.com *.c2comms.cloud cdn.siemens.com cdn.segment.com api.segment.io assets.new.siemens.com www.siemens.com profiles.siemens.com tools.adlytics.net w3.siemens.com static.hotjar.com script.hotjar.com botbuilder.siemens.cloud www.cdn.botfriendsx.com www.sfs.siemens.de reporting-hub.ryze-digital.de; upgrade-insecure-requests; worker-src 'self' 'unsafe-inline' blob:; report-uri https://w3.siemens.com/report?environment=siemenscom-prod&release=7128bcff; report-to commscloud 4
object-src 'self'; frame-ancestors 'self' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: yastatic.net cse.google.com ajax.googleapis.com php.pdc.nl www.google.com www.gstatic.com translate.googleapis.com translate.google.com maps.google.com maps.googleapis.com api.microsofttranslator.com; report-uri /cspreport 4
base-uri 'none'; default-src: 'none'; block-all-mixed-content 4
default-src 'self' https://*.abgemea.com https://fonts.googleapis.com https://use.fontawesome.com ws.sharethis.com unpkg.com https://maxcdn.bootstrapcdn.com dpm.demdex.net avisbudgetgroup.tt.omtrdc.net https://*.bing.com https://*.virtualearth.net; object-src *; img-src data: *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; font-src 'self' data: https://*.abgemea.com https://fonts.gstatic.com https://*.bing.com https://use.fontawesome.com https://*.virtualearth.net https://maxcdn.bootstrapcdn.com 4
Default-Src 'Self' 'Unsafe-Inline' 'Unsafe-Eval' 4
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.com.sg  *.interactivebrokers.com.hk  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  widgets.tipranks.com  site.recognia.com  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.ibkrcampus.com  ibkrcampus.com  www.ibkrguides.com  *.traderstation-international.com; 4
frame-ancestors 'self'; report-uri https://stoklasa.report-uri.io/r/default/csp/enforce 4
frame-ancestors 'self' https://app.contentful.com; 4
default-src 'self' https://edgestatic.azureedge.net https://*.microsoft.com; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.aspnetcdn.com https://az725175.vo.msecnd.net https://*.microsoft.com https://mem.gfx.ms https://edgestatic.azureedge.net https://js.monitor.azure.com https://mwf-service.akamaized.net https://*.clarity.ms https://*.bing.com http://*.bing.com https://*.adnxs.com https://connect.facebook.net https://snap.licdn.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://statics-marketingsites-wcus-ms-com.akamaized.net https://statics-marketingsites-eus-ms-com.akamaized.net https://statics-marketingsites-neu-ms-com.akamaized.net https://statics-marketingsites-eas-ms-com.akamaized.net https://edgestatic.azureedge.net; font-src 'self' data: https://*.microsoft.com http://c.s-microsoft.com https://c.s-microsoft.com https://edgestatic.azureedge.net; connect-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.bing.com https://*.clarity.ms https://js.monitor.azure.com https://edgestatic.azureedge.net https://consentreceiverfd-prod.azurefd.net https://cdn.linkedin.oribi.io https://*.linkedin.com https://boost.mediation.trafficmanager.net https://*.adnxs.com; frame-src 'self' http://*.microsoft.com https://*.microsoft.com https://*.msn.com https://*.msn.cn https://*.bing.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://*.microsoft.com https://*.bing.com chrome-untrusted://dual-search; img-src * data:; media-src 'self' https://edgestatic.azureedge.net 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.clarity.ms *.bing.com *.smooch.io smooch.io https://googleapis.com https://*.googleapis.com https://googletagmanager.com https://*.googletagmanager.com https://biano.sk https://*.biano.sk https://biano.cz https://*.biano.cz https://biano.hu https://*.biano.hu https://biano.ro https://*.biano.ro https://biano.hr https://*.biano.hr https://prefixbox.com https://*.prefixbox.com https://gstatic.com https://*.gstatic.com https://novynabytok.sk https://*.novynabytok.sk https://hezkynabytek.cz https://*.hezkynabytek.cz https://zondo.hu https://*.zondo.hu https://zondo.ro https://*.zondo.ro https://zondo.hr https://*.zondo.hr https://*.zdassets.com https://*.zopim.com https://prefixbox.com https://*.prefixbox.com https://hotjar.com https://*.hotjar.com https://hotjar.io https://*.hotjar.io https://google-analytics.com https://*.google-analytics.com https://clarity.ms https://*.clarity.ms https://*.doubleclick.net https://*.imedia.cz https://*.seznam.cz https://chimpstatic.com https://google.com https://*.google.com https://google.sk https://*.google.sk https://google.cz https://*.google.cz https://google.hu https://*.google.hu https://google.ro https://*.google.ro https://google.hr https://*.google.hr https://googleadservices.com https://*.googleadservices.com https://*.zopim.io https://meblemirjan.pl https://*.meblemirjan.pl https://youtube.com https://*.youtube.com https://creativecdn.com https://*.creativecdn.com https://zendesk.com https://*.zendesk.com https://sentry.io https://*.sentry.io https://*.amio.io *.getsitecontrol.com https://*.facebook.net https://www.facebook.com/ https://*.mailchimp.com https://*.list-manage.com https://*.cloudfront.net https://*.amazonaws.com https://*.ecomailapp.cz https://scaleflex.cloudimg.io; 4
default-src 'self';font-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com consent.trustarc.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com maxcdn.bootstrapcdn.com consent.trustarc.com *.google-analytics.com *.arkoselabs.com *.trustev.com mpsnare.iesnare.com https://ht.blackhawknetwork.com *.newrelic.com *.nr-data.net *.datadome.co *.captcha-delivery.com *.googletagmanager.com *.jquery.com *.cloudflare.com s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com *.sardine.ai;script-src-attr 'unsafe-inline';connect-src 'self' *.trustarc.com *.trustev.com *.google-analytics.com wss://mpsnare.iesnare.com *.nr-data.net stats.g.doubleclick.net *.datadome.co *.blackhawknetwork.com *.sardine.ai;img-src 'self' *.trustarc.com https://ht.blackhawknetwork.com www.google-analytics.com www.google.com data: s3.amazonaws.com testing.conversionteam.com *.blackhawknetwork.com;style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com;frame-src *;object-src 'none';media-src 'self' *.iesnare.com data:;frame-ancestors 'self' cardholder.jokercard.ca;base-uri 'self';form-action 'self';upgrade-insecure-requests 4
frame-ancestors 'self' https://apps-ide.marsx.dev 4
report-uri https://8200068e1bbb5c22d2e57dd38c2ddbcf.report-uri.com/r/t/csp/reportOnly; 4
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com https://www.googleadservices.com https://s45065.pcdn.co https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://*.talentbrew.com/ https://www.google.com https://www.googletagmanager.com/; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://s45065.pcdn.co https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://apply.talentbrew.io https://cdn.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://*.tmpwebeng.com https://assets.adobedtm.com https://app.survale.com https://www.google-analytics.com https://apply.talentbrew.io https://analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://www.facebook.com; font-src 'self' data: https://s45065.pcdn.co; frame-src 'self' blob: https://go.pardot.com https://www.youtube.com https://td.doubleclick.net https://s45361.p1717.sites.pressdns.com https://app.survale.com https://3969344.fls.doubleclick.net https://go.radancy.com; img-src 'self' data: https://i.ytimg.com https://ad.doubleclick.net https://s45065.pcdn.co https://www.google-analytics.com https://analytics.twitter.com https://cdn.cookielaw.org https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://t.co https://*.talentbrew.com https://www.facebook.com https://www.google.com; manifest-src 'self'; media-src 'self' https://*.talentbrew.com; worker-src 'self' blob: ; 4
style-src 'self' blob: 'unsafe-inline' *.google.com *.crazyegg.com *.googleapis.com *.salesforce-sites.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.googleanalytics.com *.pg.com *.bazaarvoice.com *.force.com *.pricespider.com *.lytics.io *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleoptimize.com *.crazyegg.com *.googleanalytics.com *.crwdcntrl.net *.googleadservices.com *.pg.com *.salesforce-sites.com *.salesforce.com *.my.salesforce.com *.criteo.com *.adform.net *.outbrain.com *.pypestream.com *.serving-sys.com *.tiktok.com *.youtube.com *.braun.com *.googletagmanager.com *.dynatrace.com dynatrace.com *.ads-twitter.com *.salesforceliveagent.com google.com gstatic.com *.gstatic.com *.google.com *.pypestream.eu *.force.com *.salesfoce.com *.cookielaw.org *.google-analytics.com *.facebook.net *.pricespider.com *.segment.com *.lytics.io *.jebbit.com pghub.io *.doubleclick.net *.crazyegg.com *.googleapis.com *.zeotap.com *.adsrvr.org *.iesnare.com *.ipify.org *.bazaarvoice.com *.moatads.com *.mapbox.com *.akamaihd.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.gstatic.com *.pg.com *.windows.net fonts.gstatic.com maxcdn.bootstrapcdn.com res.cloudinary.com data: feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.google.com *.crazyegg.com *.pricespider.com *.ctfassets.net ; default-src 'self' data: wss: *.twitch.tv *.azureedge.net *.flashtalking.com www.cashback-silkepil-et-accessoires.fr *.sor-braun.fr *.lightyearapi.com *.crazyegg.com *.google.com *.crwdcntrl.net *.youtube-nocookie.com youtube-nocookie.com pg-lex--dev.sandbox.my.salesforce-sites.com *.salesforce-sites.com *.analytics.google.com *.braun-concours-jenifer.fr *.concours-braun.fr *.offre-promotionnelle.fr *.pg.com *.criteo.com *.serving-sys.com *.serving-sys.com *.tiktok.com *.cashback-braun.fr *.cashbackipls2.fr *.cashbackshaverss2.fr *.satisfaitourembourse-braun.fr *.digital-promo.de *.dynatrace.com *.azure-api.net *.braun-ics.com *.braun.com *.braun.de *.youtube.com *.force.com *.doubleclick.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.adsrvr.org *.tapad.com *.segment.io *.segment.com *.lytics.io *.crazyegg.com *.googleapis.com *.zeotap.com *.facebook.com *.doubleclick.net *.jebbit.com *.windows.net geolocation-db.com *.onetrust.com *.iesnare.com *.bazaarvoice.com *.moatads.com *.mapbox.com *.pricespider.com *.akamaihd.net *.pg.com *.algolia.net *.contentful.com *.ctfassets.net feed.pghub.io ; 4
frame-ancestors 'self' *.hexia.io *.zigtools.nl 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.medcity.net https://youtube.com https://www.youtube.com https://*.googleapis.com https://*.google.com https://*.formstack.com *.doubleclick.net *.amazonaws.com *.cloudfront.net *.healthgrades.com *.undertone.com *.facebook.net *.facebook.com *.trkn.us *.jotform.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://translate.google.com https://fonts.gstatic.com https://www.gstatic.com https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.go-mpulse.net/ https://*.akstat.io/ https://*.akamaihd.net/ https://dc.hcafloridahealthcare.com https://dc.hcafloridaphysicians.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud; img-src 'self' data: https://*.stylelabs.io https://*.stylelabs.cloud https://*.stylelabsdemo.com https://*.stylelabsqa.com https://*.stylelabsdev.com https://*.dpxmedcity.net https://*.ytimg.com https://*.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://carelinkhca.my.salesforce-sites.com *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://*.s3.amazonaws.com https://*.hcadam.com https://*.hcadam-stage.com https://*.hcadam-qa.com https://*.hcadam-dev.com https://*.sitecorecontenthub.cloud; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net https://*.securiti.ai *.ehc.com *.ehcstaging.com *.dpxmedcity.net; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://*.dpxmedcity.net https://*.formstack.com https://*.clearstep.health *.crazyegg.com https://*.medcity.net *.doubleclick.net *.ehc.com *.ehcstaging.com *.dpxmedcity.net; frame-src 'self' 'unsafe-inline' https://*.clearstep.health *.ehc.com *.ehcstaging.com *.dpxmedcity.net https://www.youtube.com https://youtube.com *.crazyegg.com https://*.medcity.net *.doubleclick.net https://mammogramscreenbotcontainer.azurewebsites.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; upgrade-insecure-requests; block-all-mixed-content ; 4
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://rum-static.pingdom.net/ https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://app.qweb.nl https://*.google-analytics.com https://*.pingdom.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self' https://app.qweb.nl 4
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com http://webvisor.com 4
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 4
referrer no-referrer 4
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 4
frame-ancestors 'self' eu-app.contentstack.com/ app.contentstack.com/ 4
default-src 'self'; connect-src *; font-src 'self' data: fonts.gstatic.com *; frame-src *; img-src * blob: data:; media-src * blob:; object-src *; child-src blob:;worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 4
frame-ancestors 'self'; frame-src 'self' https://www.sitecdn.com braintreegateway.com assets.braintreegateway.com googletagmanager.com https://client.dropcatch.com https://*.paypal.com https://*.paypalobjects.com https://ssl.kaptcha.com; script-src 'self' https://*.paypal.com https://*.googletagmanager.com https://secure.dropcatch.com https://*.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.amazonaws.com https://*.braintreegateway.com https://*.braintree-api.com https://uilogging.tcdevops.com https://*.google-analytics.com https://translate.dropcatch.com https://client.dropcatch.com wss://rt.dropcatch.com 4
frame-ancestors 'self' https://flocktory.com https://*.flocktory.com http://webvisor.com http://*.webvisor.com https://metrika.yandex.ru https://mc.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net ; 4
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 4
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: archive.org web.archive.org web-static.archive.org wayback-api.archive.org analytics.archive.org pragma.archivelab.org 4
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; img-src 'self' data: https://api.cs.fail https://cs.fail https://api.csfail.net https://csfail.net https://api.csfail.pro https://csfail.pro https://api.csfail.org https://csfail.org https://csfail.live https://api.2cs.fail  https://2cs.fail https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://www.facebook.com https://s-static.ak.facebook.com https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.giphy.com https://t.me https://*.telegram-cdn.org https://*.cdn-telegram.org https://*.userapi.com https://*.googleusercontent.com https://*.fbcdn.net https://*.fbsbx.com https://avatars.mds.yandex.net https://flagcdn.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.intercomassets.eu https://*.intercomassets.com https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://tra.cker.club; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; frame-src https://widget.onramper.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://maps.googleapis.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://intercom-sheets.com https://intercom.help; frame-ancestors 'self' https://app.utorg.pro; connect-src 'self' data: wss://cs.fail/api/ws wss://csfail.net/api/ws wss://csfail.pro/api/ws wss://csfail.org/api/ws wss://csfail.live/api/ws https://api.cs.fail https://api.csfail.net https://api.csfail.pro https://api.csfail.org https://csfail.live https://*.giphy.com https://*.ingest.sentry.io wss://2cs.fail/api/ws https://api.2cs.fail https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.intercom.io wss://*.intercom.io wss://*.hotjar.com https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://tra.cker.club; object-src 'none'; 4
connect-src https: 'self'; img-src 'self' data: https://*; default-src blob: https: 'unsafe-inline' 'unsafe-eval' 4
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval' 4
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' https: data:; media-src 'self' https: data: blob:; object-src 'none'; font-src 'self' https: data:; default-src 'self' https: wss:; base-uri 'none'; 4
frame-ancestors 'self'; upgrade-insecure-requests; default-src 'self' https: data: http://adsys.insert.bg; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob: 'report-sample' www.glami.bg glamipixel.com; script-src-elem 'self' 'unsafe-inline' https: data:; style-src 'self' https: 'unsafe-inline'; img-src * data: blob:; base-uri 'self' www.glami.bg glamipixel.com; object-src 'self' blob:; connect-src 'self' https: wss: http://localhost:8001; report-uri /csp_log.php 4
require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport 4
frame-ancestors https://unileverbrazil.marketing.adobe.com https://unilever3.marketing.adobe.com https://unilever2.marketing.adobe.com https://unilever.marketing.adobe.com; 4
frame-ancestors https://customer.educations.com 4
frame-ancestors 'self' my.samsonite.test.frucon.net my.samsonite.staging.frucon.net my.samsonite.com *.narvar.com narvar.com *.integrations-narvar.com; base-uri 'self'; 4
block-all-mixed-content; frame-ancestors 'none'; 4
frame-ancestors 'self' https://saint-gobain.wmh-demos.com/; 4
default-src 'self' https: data: blob: https://ct.pinterest.com https://s.amazon-adsystem.com https://*.fls.doubleclick.net https://trends.revcontent.com https://static.criteo.net https://gum.criteo.com https://maps.google.com https://www.google.com https://cdnapisec.kaltura.com https://www.pravaler.com.br https://cruzeirodosul.postclickmarketing.com https://www.youtube.com https://www.facebook.com https://cdn.cookielaw.org https://fonts.gstatic.com https://*.googleusercontent.com https://ka-f.fontawesome.com; object-src 'none'; connect-src 'self' https: data: blob: https://hxdaii.unicid.edu.br https://api.shopback.net https://ckies.net https://click.retargeter.com.br https://*.shoptarget.com.br https://server-side-tagging-vuffe35pkq-rj.a.run.app https://biblioteca.cruzeirodosul.edu.br https://biblioteca.unicid.edu.br https://biblioteca.unifran.edu.br https://biblioteca.unipe.edu.br https://biblioteca.udf.edu.br https://biblioteca.modulo.edu.br https://biblioteca.fass.edu.br https://biblioteca.ceunsp.edu.br https://biblioteca.cesuca.edu.br https://biblioteca.fsg.edu.br https://biblioteca.brazcubas.edu.br https://biblioteca.up.edu.br https://ct.pinterest.com https://s.yimg.com https://suite.linximpulse.net https://cdn.linkedin.oribi.io https://sslwidget.criteo.com https://geolocation.onetrust.com https://onesignal.com https://csmetrics.hotjar.com wss://ws.hotjar.com https://vc.hotjar.io https://content.hotjar.io https://stats.g.doubleclick.net https://in.hotjar.com https://y.clarity.ms https://www.google.com.br https://analytics.google.com https://www.google-analytics.com https://cdn.cookielaw.org https://ka-f.fontawesome.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https: data: blob: https://analytics.tiktok.com https://100019114.collect.igodigital.com https://poscompra.shopconvert.com.br https://static.shopback.net https://app.shoptarget.com.br https://c.amazon-adsystem.com https://s.yimg.com https://s.pinimg.com https://suite.linximpulse.net https://sslwidget.criteo.com https://dynamic.criteo.com https://track.omguk.com https://snap.licdn.com https://ionfiles.scribblecdn.net https://widgets.ebscohost.com https://www.youtube.com https://script.hotjar.com https://www.google-analytics.com https://static.hotjar.com https://connect.facebook.net https://cdn.krxd.net https://www.clarity.ms https://googleads.g.doubleclick.net https://onesignal.com https://cdn.cookielaw.org https://kit.fontawesome.com https://*.googleusercontent.com https://cdn.onesignal.com https://www.googletagmanager.com; img-src 'self' https: data: blob: https://cruzeirodosulvirtual.com.br https://www.cruzeirodosulvirtual.com.br https://www.cruzeirodosul.edu.br https://www.unicid.edu.br https://www.unifran.edu.br https://www.unipe.edu.br https://www.udf.edu.br https://www.modulo.edu.br https://www.fass.edu.br https://www.ceunsp.edu.br https://www.cesuca.edu.br https://www.fsg.edu.br https://www.brazcubas.edu.br https://www.up.edu.br https://connect.facebook.net https://graph.facebook.com https://www.facebook.com https://ct.pinterest.com https://sp.analytics.yahoo.com https://dpm.demdex.net https://i6.liadm.com https://tags.bluekai.com https://dis.criteo.com https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://s.ad.smaato.net https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://exchange.mediavine.com https://i.liadm.com https://matching.ivitrack.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://gum.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://pixel.rubiconproject.com https://contextual.media.net https://secure.adnxs.com https://ib.adnxs.com https://cm.g.doubleclick.net https://x.bidswitch.net https://px.ads.linkedin.com https://c.bing.com https://*.googleusercontent.com https://c.clarity.ms https://res.cloudinary.com https://www.google.com https://www.google.com.br https://www.google-analytics.com https://www.googletagmanager.com https://noticias.cruzeirodosuleducacional.edu.br https://cdn.cookielaw.org https://immakers4ds10371783.o18.link; style-src 'unsafe-inline' 'self' https: data: blob: https://onesignal.com https://fonts.googleapis.com https://*.googleusercontent.com; frame-src https: https://*.kaltura.com https://ct.pinterest.com https://www.facebook.com https://gum.criteo.com https://s.amazon-adsystem.com https://*.fls.doubleclick.net https://simule.pravaler.com.br https://cadastro.creditouniversitario.com.br https://www.googletagmanager.com https://static.criteo.net 4
default-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; img-src 'self' https://marvel-b1-cdn.bc0a.com https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *; font-src 'self' data: 'unsafe-inline' https://fonts.gstatic.com https://use.typekit.net *; upgrade-insecure-requests; script-src https://play.vidyard.com https://www.facebook.com https://www.google-analytics.com https://www.google.com 'unsafe-inline' 'unsafe-eval' * blob:; block-all-mixed-content; 4
font-src data: https: 'self';connect-src data: https: wss: blob:;default-src 'unsafe-eval' 'unsafe-inline' data: https:;form-action https:;img-src 'self' data: https: blob:;media-src 'self';object-src 'none';script-src data: https: blob: 'unsafe-inline' 'unsafe-eval' id3.expertus.com.ua;style-src data: https: 'self' 'unsafe-inline' 4
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 4
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval'; 4
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 4
frame-ancestors 'self'; form-action 'self' 4
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 4
img-src * blob: data:;font-src * 4
default-src 'self' https:; font-src 'self' https:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: 4
default-src https: data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; 4
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://td.doubleclick.net https://fburl.com https://www.facebook.com https://connect.facebook.net; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com https://w.ladicdn.com https://s.ladicdn.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://w.ladicdn.com https://s.ladicdn.com; font-src data: https: https://fonts.gstatic.com https://w.ladicdn.com https://s.ladicdn.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://popupx.ladi.me https://*.ladi.me https://s.ladicdn.com https://g.ladicdn.com https://w.ladicdn.com https://*.ladicdn.com https://www.facebook.com https://*.facebook.com 4
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://www.youtube.com; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 4
base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.cloudflareinsights.com https://bat.bing.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.google.co.uk https://*.google.com https://bat.bing.com; connect-src 'self' https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://bat.bing.com; object-src 'none'; upgrade-insecure-requests; 4
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: ws: 4
'self' https://ajax.googleapis.com 4
default-src'self' 4
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src 'self' https://assets.guim.co.uk https://pasteup.guim.co.uk https://interactive.guim.co.uk https://dashboard.ophan.co.uk data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none'; base-uri 'none' 3
upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com  http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com  cdnjs.cloudflare.com https://community.cisco.com/; 3
frame-ancestors 'self' imdb.com *.imdb.com *.media-imdb.com withoutabox.com *.withoutabox.com amazon.com *.amazon.com amazon.co.uk *.amazon.co.uk amazon.de *.amazon.de translate.google.com images.google.com www.google.com www.google.co.uk search.aol.com bing.com www.bing.com 3
frame-ancestors 'self'   https://partner.tp-link.com https://partner-test.tp-link.com 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; 3
frame-ancestors https://*.mongodb.com 3
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net *.change.org change-production.s3.amazonaws.com change-public-stuff.s3.amazonaws.com *.google.ca *.googleadservices.com *.youtube.com *.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.recaptcha.net *.ytimg.com *.facebook.com *.facebook.net *.fbcdn.net fbrpc://* fb-messenger://* ajax.cdnjs.com cdnjs.cloudflare.com service.force.com *.salesforceliveagent.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.braintree-api.com *.stripe.com *.dlocal.com *.optimizely.com optimizely.s3.amazonaws.com cdn-assets-prod.s3.amazonaws.com px-cdn.net *.px-cdn.net *.px-client.net *.px-cloud.net pxchk.net *.pxchk.net p2a.co *.profitwell.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.messagebird.com secure.everyaction.com d3rse9xjbp8270.cloudfront.net *.ngpvan.com js2.verygoodvault.com *.cloudflarestream.com code.jquery.com cdn.embedly.com player.vimeo.com bat.bing.com soundcloud.com *.soundcloud.com www.instagram.com www.flickr.com *.staticflickr.com *.voteamerica.com *.jotform.com actionnetwork.org *.airbrake.io browser-update.org *.tiktok.com *.bannerbear.com ads.nextdoor.com flask.nextdoor.com *.maze.co us-central1-niftic-agency.cloudfunctions.net/change-starter-image us-central1-niftic-agency.cloudfunctions.net/openai/generate-draft us-central1-niftic-agency.cloudfunctions.net/openai/generate-image cdn.iframe.ly change.my.salesforce.com help.change.org; font-src 'self' data: *.change.org d18kwxxua7ik1y.cloudfront.net d22r54gnmuhwmk.cloudfront.net fonts.gstatic.com d3rse9xjbp8270.cloudfront.net; img-src * blob: data:; form-action 'self'; frame-ancestors 'self' 3
frame-ancestors 'self' http://content.servicenow.com https://content.servicenow.com https://your.servicenow.com https://servicenow.highspot.com https://partnerportalalphadev.service-now.com https://hidevidc.service-now.com 3
frame-ancestors 'self';img-src 'self' https://* data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* *.disneyplus.com:*;worker-src 'self' blob:;manifest-src 'self' *.disneyplus.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 3
frame-ancestors 'self' https://*.otto.de https://*.ottogroup.com https://og2gether.sharepoint.com; 3
report-uri /v1/csplog; block-all-mixed-content 3
base-uri 'self'; connect-src https://demo.synology.com:5001 https://*.demo.synology.com:5001 https://demo.synology.de:5001 https://*.demo.synology.de:5001 https://bat.bing.com https://mc.yandex.ru *.mouseflow.com https://in.hotjar.com/ https://vc.hotjar.io wss://*.hotjar.com/ analytics.twitter.com 'self' https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.synodev.com https://www.facebook.com https://graph.facebook.com https://analytics.synology.com https://px.adhigh.net/ https://api.mapbox.com https://*.clarity.ms https://api-fra.livechatinc.com https://fw-cdn.com https://src.fwusercontent.com https://synologyc2.myfreshworks.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net/ https://*.googletagmanager.com https://pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com https://lottie.host/ https://webec.synodev.com https://webec-cn.synodev.com https://webec.synology.com https://webec.synology.cn; default-src 'self'; font-src *.mouseflow.com 'self' data: https://synostatic.synology.com https://cdn.livechatinc.com https://themes.googleusercontent.com https://fonts.gstatic.com; frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com 'self' https://*.facebook.com; frame-src *.mouseflow.com https://vars.hotjar.com/ 'self' https://*.synology.com https://*.facebook.com https://staticxx.facebook.com https://px.adhigh.net/ https://player.youku.com/ https://synology.jobbase.io https://secure.livechatinc.com https://secure-fra.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://youtube.com https://www.youtube.com https://cse.google.com https://www.googletagmanager.com https://*.doubleclick.net https://optimize.google.com https://synoform.synology.com; img-src https://*.bing.com https://mc.yandex.ru https://alb.reddit.com *.mouseflow.com https://wcs.naver.com analytics.twitter.com https://t.co/ 'self' data: blob: https://*.synology.com https://global.download.synology.com https://cndl.synology.cn https://gallery.synology.com https://gallery.test.synology.inc https://global.synologydownload.com https://*.linkedin.com https://p.adsymptotic.com/d/px https://www.facebook.com https://api.mapbox.com https://*.clarity.ms https://c.bing.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://cdn.livechatinc.com https://api-fra.livechatinc.com https://cdn.livechat-files.com https://i.ytimg.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.google.com https://*.google.de https://*.google.com.tw https://*.gstatic.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com; media-src 'self' https://gallery.synology.com https://download.synology.com https://fileres.synology.com/ https://cdn.livechatinc.com https://api-fra.livechatinc.com; object-src 'none'; script-src https://demo.synology.com https://demo.synology.de https://bat.bing.com https://mc.yandex.ru https://www.redditstatic.com *.mouseflow.com https://static.hotjar.com https://script.hotjar.com/ https://wcs.naver.net/wcslog.js https://analytics.twitter.com https://static.ads-twitter.com https://t.co/i/adsct 'self' blob: 'unsafe-eval' https://snap.licdn.com https://www.linkedin.com/px/ https://px.ads.linkedin.com https://sjs.bizographics.com/insight.min.js 'nonce-b1556dea32e9d0cdbfed038fd7787275775ea40939c146a64e205bcb349ad02f' https://connect.facebook.net https://px.adhigh.net/ https://cdnjs.cloudflare.com https://synology.jobbase.io https://api.mapbox.com https://*.clarity.ms https://cdn.livechatinc.com https://code.jquery.com https://secure.livechatinc.com https://secure-fra.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com https://api-fra.livechatinc.com https://synology.onlyfy.jobs https://www.youtube.com fw-cdn.com https://*.freshsales.io https://synologyc2.myfreshworks.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cse.google.com https://clients1.google.com https://tagmanager.google.com https://www.gstatic.com https://*.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://www.gstatic.cn https://www.recaptcha.net https://*.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://synostatic.synodev.com https://synostatic.synology.com https://cdnjs.cloudflare.com https://api.mapbox.com https://cdn.livechat-files.com https://assets.freshsales.io https://www.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com 3
frame-src 'self' ms-windows-store: get.microsoft.com https: data:; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; img-src 'self' http://cps-static.rovicorp.com https: data: 3
frame-ancestors 'self' *.verizon.com *.verizonwireless.com *.vzwcorp.com; 3
frame-ancestors 'self' *.zdnet.com *.ampproject.org *.amp.cloudflare.com; default-src https: blob: 'unsafe-inline' 'unsafe-eval' data:; font-src https: blob: data:; img-src https: data: android-webview-video-poster: blob:; form-action https:; block-all-mixed-content; media-src https: blob: data:; 3
object-src *; script-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; 3
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net; style-src 'unsafe-inline' 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net; img-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net; connect-src 'self' *.hsadspixel.net *.hs-analytics.net *.hubapi.com *.hscta.net *.hubspot.com *.hs-sites.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotvideo.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com *.hubapi.com *.google.com *.gstatic.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.de *.googlesyndication.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn-cookieyes.com cookieyes.com *.cookieyes.com *.pingdom.net *.zdassets.com *.zendesk.com wss://*.zopim.com *.zopim.com *.key-systems.net 3
frame-ancestors 'self' *.bazaarvoice.com 3
default-src 'self' data:;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.fbcdn.net connect.facebook.net *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ gw.conversionsapigateway.com https://*.youtube.com;style-src 'self' 'unsafe-inline' data: *.fbcdn.net 'unsafe-eval' *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;connect-src blob: *.fbcdn.net www.meta.com *.www.meta.com www.facebook.com/tr/ secure.facebook.com/payments/generate_token *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ gw.conversionsapigateway.com;font-src data: *.fbcdn.net *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/;img-src 'self' blob: data: *.fbcdn.net *.fbsbx.com *.oculuscdn.com www.facebook.com/tr/ *.cdninstagram.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ gw.conversionsapigateway.com https://*.ytimg.com *.youtube.com;media-src blob: data: *.fbcdn.net *.cdninstagram.com *.oculuscdn.com;child-src blob: data: *.fbcdn.net;frame-src data: *.fbcdn.net www.facebook.com/tr/ www.meta.com/common/ *.www.meta.com/common/ *.fbsbx.com/ www.meta.com/tealium/ *.www.meta.com/tealium/ www.meta.com/payments/ *.www.meta.com/payments/ *.fbthirdpartypixel.com *.oculus.com www.meta.com/3ds2/ddc/ www.meta.com/3ds2/challenge_complete/ centinelapi.cardinalcommerce.com centinelapistag.cardinalcommerce.com gw.conversionsapigateway.com https://*.youtube.com;worker-src blob: data: *.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 3
default-src 'self' *.starbucks.com *.starbucks.ca; child-src 'self' *.starbucks.com *.starbucks.ca *.doubleclick.net *.optimizely.com *.trustarc.com; connect-src 'self' *.starbucks.com *.starbucks.ca https://fonts.gstatic.com *.akamaihd.net *.akstat.io *.doubleclick.net *.go-mpulse.net *.google-analytics.com *.googlevideo.com *.mparticle.com *.nr-data.net *.optimizely.com *.pinterest.com *.trustarc.com; font-src 'self' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com https://fonts.gstatic.com *.trustarc.com; img-src 'self' data: *.starbucks.com *.starbucks.ca https://*.gstatic.com *.adsrvr.org *.agkn.com *.akamaihd.net *.appcast.io *.bing.com *.doubleclick.net *.facebook.com *.ggpht.com *.google.com *.google-analytics.com *.googletagmanager.com *.mparticle.com *.nr-data.net *.pinterest.com *.snapchat.com *.trustarc.com *.truste.com *.videoamp.com *.xg4ken.com *.ytimg.com; manifest-src 'self' *.starbucks.com *.starbucks.ca; media-src 'self' blob: *.starbucks.com *.starbucks.ca *.youtube.com; frame-src 'self' *.optimizely.com *.trustarc.com *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.starbucks.com *.starbucks.ca cdnjs.com *.appcast.io *.bing.com *.doubleclick.net *.facebook.net *.go-mpulse.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.mparticle.com *.newrelic.com *.nr-data.net *.optimizely.com *.pinimg.com *.sc-static.net *.snapchat.com *.trustarc.com *.xg4ken.com; style-src 'self' 'unsafe-inline' *.starbucks.com *.starbucks.ca https://fonts.googleapis.com; report-uri /webhooks/csp-report; 3
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go2.grafana.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://x.clearbitjs.com https://app.clearbit.com https://munchkin.marketo.net https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com/ https://px.ads.linkedin.com https://www.linkedin.com https://fresnel.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://player.vimeo.com https://platform.twitter.com https://syndication.twitter.com https://api.twitter.com https://twitter.com https://static.hotjar.com https://in.hotjar.com https://script.hotjar.com https://www.googletagmanager.com/gtag/ *.googleadservices.com https://googleads.g.doubleclick.net/pagead/ https://static.doubleclick.net https://www.youtube.com https://www.eventbrite.com http://rsdk.grafana.com http://rsdk2.grafana.com https://heypal.chat https://www.heypal.chat https://pal-api-production.up.railway.app https://faro-collector-prod-us-central-0.grafana.net https://*.fullstory.com https://rsi.grafana.com https://cdn.mouseflow.com https://widget.intercom.io https://js.intercomcdn.com https://*.qualtrics.com https://js.zi-scripts.com https://tags.clickagy.com 3
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thebalancemoney.com 3
default-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.cloudflare.com www.yola.com unpkg.com       *.yolacdn.net polyfill.io cdn.ravenjs.com *.googleapis.com *.sharethis.com www.googleoptimize.com www.googletagmanager.com *.googleusercontent.com       *.gstatic.com secure.gravatar.com www.facebook.com www.google-analytics.com *.google.com *.yola.net *.yola.com *.yolaqa.com       stats.g.doubleclick.net *.fullstory.com s.w.org *.sitewit.com *.wikimedia.org www.youtube.com wp-themes.com *.sitebuilderhostqa.net       data: blob:;frame-ancestors 'self'; form-action 'self'; 3
frame-ancestors 'self' https://www.fortinet.com 3
frame-ancestors 'self' https://webvisor.com 3
default-src 'self' blob: data: *.6sc.co *.services.greenhouse.io *.intellimize.co *.intellimizeio.com *.greenhouse.io *.sitescdn.net *.sitescout.com *.driftt.com *.facebook.com *.doubleclick.net *.wistia.com *.bing.com *.ceros.com *.gstatic.com *.pagescdn.com *.youtube.com clickmeter.com *.clickmeter.com *.greenhouse.com *.fontawesome.com fast.wistia.net *.greenhouse.com *.services.greenhouse.com api.intellimize.co *.bigmarker.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com reddit.com cdn.evalato.com *.cdn.evalato.com;img-src 'self' blob: data: *.greenhouse.io *.6sc.co *.services.greenhouse.io *.b0e8.com *.g2.com *.linkedin.com *.google-analytics.com *.google.com *.bing.com *.adroll.com *.bizible.com *.taboola.com *.outbrain.com *.3lift.com *.sitescout.com *.driftt.com *.facebook.com *.adsymptotic.com *.rubiconproject.com *.casalemedia.com *.doubleclick.net *.pubmatic.com googletagmanager.com *.googletagmanager.com clarity.ms *.clarity.ms *.wistia.com *.rumiview.com *.kickfire.com *.bizibly.com grnhse-marketing-site-assets.s3.amazonaws.com *.capterra.com *.adnxs.com *.krxd.net *.gstatic.com *.cookielaw.org *.greenhouse.com *.services.greenhouse.com *.bidswitch.net *.openx.net ups.analytics.yahoo.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com *.reddit.com cdn.evalato.com *.cdn.evalato.com;script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.6sc.co *.services.greenhouse.io *.intellimize.co *.intellimizeio.com *.greenhouse.io *.sitescdn.net *.cookielaw.org *.b0e8.com polyfill.io *.polyfill.io googletagmanager.com *.googletagmanager.com unpkg.com *.unpkg.com *.googleadservices.com *.google-analytics.com *.licdn.com *.crazyegg.com *.clearbit.com *.clearbitjs.com *.ipify.org *.driftt.com *.adobedtm.com *.adroll.com appvizer.one *.appvizer.one *.pdst.fm pixel.ad *.pixel.ad *.bing.com *.bizible.com *.facebook.net *.marketo.net *.marketo.com clarity.ms *.clarity.ms *.doubleclick.net *.g2crowd.com *.sitescout.com *.wistia.com *.rumiview.com *.kickfire.com inline: *.unpkg.com *.polyfill.io *.sitescdn.net *.intellimize.co *.clearbitjs.com *.crazyegg.com *.licdn.com *.google-analytics.com *.googleadservices.com *.b0e8.com *.intellimizeio.com *.googletagmanager.com *.6sc.co *.pagescdn.com *.yext.com *.ceros.com view.ceros.com/scroll-proxy.min.js *.googleoptimize.com *.greenhouse.com *.fontawesome.com cdn.jsdelivr.net/npm/jquery@3.6.1/dist/jquery.min.js cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js fast.wistia.net cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.contentWindow.min.js *.greenhouse.com *.services.greenhouse.com 13016699.fls.doubleclick.net cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.min.js *.bigmarker.com ajax.googleapis.com web.cvent.com trk.crozdesk.com q.quora.com *.redditstatic.com/ads/pixel.js reddit.com cdn.evalato.com *.cdn.evalato.com js.qualified.com *.xingcdn.com;style-src *.greenhouse.io *.sitescdn.net 'unsafe-inline' 'self' *.greenhouse.com googletagmanager.com *.googletagmanager.com fonts.googleapis.com cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css fast.wistia.com fast.wistia.net unpkg.com/flickity@2/dist/flickity.min.css *.greenhouse.com *.services.greenhouse.com *.bigmarker.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com reddit.com cdn.evalato.com *.cdn.evalato.com;connect-src 'self' *.intellimize.co *.cookielaw.org *.onetrust.com *.yext-pixel.com *.6sc.co *.6sense.com *.g2.com *.crazyegg.com *.cloudfunctions.net appvizer.one *.appvizer.one *.google-analytics.com *.doubleclick.net *.adroll.com *.mktoresp.com *.clarity.ms analytics.google.com *.analytics.google.com *.googletagmanager.com *.wistia.com *.bing.com *.facebook.com *.litix.io *.clearbit.com *.adnxs.com *.sitescdn.net *.bing.com *.yext.com *.intellimize.com 750-iss-976.mktoutil.com *.greenhouse.io embedwistia-a.akamaihd.net *.oribi.io cdn.linkedin.oribi.io *.greenhouse.com *.fontawesome.com *.greenhouse.com *.services.greenhouse.com api.intellimize.co *.bigmarker.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com reddit.com cdn.evalato.com *.cdn.evalato.com wss://ws.qualified.com *.wistia.net grnhse-marketing-site-assets.s3.amazonaws.com *.xing.com;frame-src player.simplecast.com 117871812.intellimizeio.com go.greenhouse.io 9857173.fls.doubleclick.net pixel.sitescout.com view.ceros.com www.facebook.com js.driftt.com answers-embed.greenhouse.io.pagescdn.com boards.greenhouse.io *.g2.com *.greenhouse.io.pagescdn.com *.greenhouse.com *.clickmeter.com clickmeter.com embed.radiopublic.com 'self' go.greenhouse.com 13016699.fls.doubleclick.net api.intellimize.co *.bigmarker.com web.cvent.com redditstatic.com trk.crozdesk.com q.quora.com greenhouse.cventevents.com reddit.com cdn.evalato.com *.cdn.evalato.com 7480.evalato.com *.7480.evalato.com *.qualified.com;frame-ancestors support.greenhouse.io 'self'; 3
frame-ancestors 'self' https://*.adobe.com; 3
default-src 'self'; base-uri 'self'; child-src blob:; connect-src 'self' https: https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://func.bitwarden.com https://status.bitwarden.com https://us-central1-adaptive-growth.cloudfunctions.net https://pdf-convert.bitwarden.com https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://bitwarden.freshsales.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://bat.bing.com https://cdn.linkedin.oribi.io https://i.clarity.ms https://scout.salesloft.com https://script.crazyegg.com https://tattle.api.osano.com; img-src 'self' data: https: https://*.algolia.net https://images.ctfassets.net https://res.cloudinary.com https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://*.hsforms.com https://track.hubspot.com https://analytics.twitter.com https://t.co https://alb.reddit.com https://aorta.clickagy.com https://bat.bing.com https://i.vimeocdn.com https://id.rlcdn.com https://idsync.rlcdn.com https://insight.adsrvr.org https://px.ads.linkedin.com https://p.adsymptotic.com https://stags.bluekai.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; form-action 'self' https://forms.hsforms.com https://www.facebook.com; frame-ancestors 'none'; frame-src https://app.hubspot.com https://start.bitwarden.com https://*.doubleclick.net https://boards.greenhouse.io https://s.company-target.com https://docs.google.com https://forms.hsforms.com https://player.vimeo.com https://preview.widgets.ninetailed.io/ https://us02web.zoom.us https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://*.hs-sites.com; manifest-src 'self'; object-src 'none'; report-uri https://csp-report.browser-intake-us3-datadoghq.com/api/v2/logs?dd-api-key=pub41b0937554d4ab91e35c9ae62433371b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/ https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.hubspot.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://j.6sc.co https://tag.demandbase.com https://a.quora.com https://amplify.outbrain.com https://assets.freshsales.io https://bat.bing.com https://boards.greenhouse.io https://cdn.jsdelivr.net/npm/search-insights@2.0.4 https://cdn.pdst.fm https://cmp.osano.com https://connect.facebook.net https://mountain.com https://*.mountain.com https://extend.vimeocdn.com https://googleads.g.doubleclick.net https://libraries.hund.io https://ml314.com https://*.ml314.com https://player.vimeo.com https://plausible.io https://script.crazyegg.com https://scout-cdn.salesloft.com https://snap.licdn.com https://static.ads-twitter.com https://tag.clearbitscripts.com https://tags.clickagy.com https://js.usemessages.com https://ws.zoominfo.com https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.redditstatic.com https://x.clearbitjs.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://libraries.hund.io; worker-src 'self' blob: 3
frame-ancestors 'self' *.lycos.com 3
frame-ancestors 'self' *.ebscohost.com *.ebsco.com; report-uri /report-csp-violation; upgrade-insecure-requests 3
frame-ancestors 'self' https://nurture.solarwinds.com/ 3
frame-ancestors 'self' https://splytech.io https://*.splytech.io 3
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 3
frame-ancestors 'self' https://*.opera.com; upgrade-insecure-requests; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.smarty.com *.crazyegg.com solutions.invocacdn.com pnapi.invoca.net dev.visualwebsiteoptimizer.com ndn.statistinamics.com static.traversedlp.com api.traversedlp.com js.alocdn.com p.alocdn.com https://cableone1615402851.zendesk.com/ https://zendesk-eu.my.sentry.io fidelitycommunications.zendesk.com https://fidelitycommunications.referralrock.com/ https://apps.sitecore.net *.office.com *.google.com *.hsforms.com *.hsforms.net *.slgnt.us *.youtube.com www.googletagmanager.com support.sparklight.com static.zdassets.com maps.googleapis.com snapwidget.com fonts.googleapis.com ekr.zdassets.com maps.gstatic.com cableone.zendesk.com widget-mediator.zopim.com static.ada.support sparklight.ada.support rollout.ada.support sentry.io www.cableone.net wss://widget-mediator.zopim.com bat.bing.com *.google-analytics.com static.hotjar.com www.googleadservices.com connect.facebook.net cltgtstor001.blob.core.windows.net js.adsrvr.org *.fls.doubleclick.net *.g.doubleclick.net *.hotjar.com cdn.polyfill.io insight.adsrvr.org targetuscentral.slgnt.us *.speedtestcustom.com *.clarity.ms sparklight.slgnt.us code.jquery.com cdnjs.cloudflare.com woobox.com *.smartmove.us jsonip.com *.wufoo.com *.gstatic.com *.googleoptimize.com optimize.google.com wss://*.hotjar.com *.hotjar.io blob: dev.visualwebsiteoptimizer.com *.beacon.lynx.cognitivlabs.com;          style-src 'self' 'unsafe-inline' *.crazyegg.com https://fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com *.smartmove.us optimize.google.com;          img-src 'self' data: cableone1615402851.zendesk.com *.crazyegg.com dev.visualwebsiteoptimizer.com v2assets.zopim.io *.gstatic.com www.cableone.net www.sparklight.com *.fls.doubleclick.net www.facebook.com *.google-analytics.com *.google.com cableone.zendesk.com *.smartmove.us ctam.demdex.net *.googletagmanager.com *.clarity.ms *.bing.com *.hsforms.com *.doubleclick.net;          font-src 'self' 'unsafe-inline' https://fonts.gstatic.com use.fontawesome.com;          upgrade-insecure-requests;          block-all-mixed-content; 3
default-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none' 3
object-src 'none'; base-uri 'none'; frame-ancestors 'self'; upgrade-insecure-requests 3
frame-ancestors https://*.upwave.com 3
default-src data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.spareroom.co.uk *.spareroom.com *.spareroom.fr *.spareroom.net *.cookiepro.com *.apple.com *.apple-mapkit.com *.google-analytics.com *.trustpilot.com *.google.com *.google.co.uk *.googleapis.com *.youtube.com *.vimeo.com *.vimeocdn.com *.doubleclick.net *.facebook.net *.facebook.com *.rollbar.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.gstatic.com *.polyfill.io *.ytimg.com *.stripe.com *.paypal.com *.paypalobjects.com *.zendesk.com *.zdassets.com *.ideal-postcodes.co.uk *.postcodeanywhere.co.uk *.googleadservices.com *.zopim.com *.bing.com *.web.emea-1.jumio.ai *.netverify.com *.spareroom.id *.abercrombiekent.co.uk *.fontawesome.com *.honey.io *.erm-assets.com *.appartager.com *.onfido.com *.cloudfunctions.net *.onetrust.com 3
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data:; form-action 'self' *; frame-src 'self' *; 3
frame-ancestors 'self' https://*.refinitiv.com https://*.lseg.com; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.citi.com *.google.com *.qualtrics.com bat.bing.com ct.pinterest.com www.youtube.com cdn.plaid.com code.jquery.com pwm-image.trendmicro.com *.google-analytics.com js.adsrvr.org s.pinimg.com ui.powerreviews.com *.liveperson.com nexus.ensighten.com cdn.boomtrain.com lptag.liveperson.net s.yimg.com gc.kis.v2.scr.kaspersky-labs.com script.crazyegg.com maps.googleapis.com www.googletagmanager.com live.rezync.com mpsnare.iesnare.com negbar.ad-blocker.org video.limelight.com cdn.gbqofs.com ds-aksb-a.akamaihd.net googleads.g.doubleclick.net get663.com c1.rfihub.net www.adobetag.com c.tvpixel.com www.googleadservices.com tpc.googlesyndication.com bcdn-god.we-stats.com a.rfihub.com services-dev.sdiapi.com blob: p11.techlab-cdn.com; object-src 'none'; frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 3
frame-ancestors 'self' *.maxon.net 3
object-src 'none', frame-ancestors https://www.facebook.com 3
frame-ancestors  'self' 3
frame-ancestors 'self' https://uptime.betterstack.com https://logs.betterstack.com; 3
default-src 'self' *.youtube.com *.youtube-nocookie.com *.uni-erlangen.de *.uni-erlangen.org *.fau.de *.rrze.de *.fau.eu *.fau.tv *.br.de *.ardmediathek.de cdn2.fau.tv cdn2.video.uni-erlangen.de *.siteimprove.com *.vimeo.com ; script-src 'self' 'unsafe-inline' siteimproveanalytics.com *.siteimprove.net *.siteimprove.com *.youtube.com *.ytimg.com cdn.plyr.io *.br.de *.ardmediathek.de cdn2.fau.tv cdn2.video.uni-erlangen.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.gravatar.com *.uni-erlangen.de *.uni-erlangen.org *.fau.de *.fau.eu *.fau.tv *.siteimproveanalytics.io img.youtube.com live.staticflickr.com cdn.plyr.io cdn2.fau.tv; font-src 'self' data: public.slidesharecdn.com; connect-src 'self' *.siteimprove.com cdn.plyr.io 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://images.101datacenter.net https://*.101domain.com https://chat.livecustomer.com https://my.101domain.com https://*.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://www.youtube.com https://secure.campaigner.com https://connect.facebook.net https://*.kissmetrics.com https://*.googleapis.com https://*.facebook.com https://*.llnwd.net https://*.doubleclick.net https://*.infusionsoft.com https://*.google.bg https://d3pkntwtp2ukl5.cloudfront.net https://*.livechatinc.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.bing.com https://*.infusionsoft.app https://*.adsymptotic.com https://*.truste.com https://*.comodo.com https://*.trust-provider.com https://*.101d.dev https://*.101s.dev https://*.ytimg.com https://*.clarity.ms https://*.videodelivery.net https://*.devicevalidation.io https://cdn.livechat-files.com https://cdn.linkedin.oribi.io https://*.licdn.com https://*.cloudflareinsights.com https://code.createjs.com data: 3
default-src 'self' data: https://*.commerce.gov https://www.eda.gov https://eda.gov https://*.eda.gov https://unpkg.com https://*.basemaps.cartocdn.com https://*.vimeo.com https://*.googletagmanager.com https://polyfill.io https://www.googletagmanager.com https://*.mbda.gov https://*.d.commerce.gov https://content.govdelivery.com https://www.google-analytics.com https://use.fontawesome.com https://dap.digitalgov.gov https://*.twitter.com https://*.twimg.com https://*.youtube.com https://livestream.com https://*.livestream.com https://api.new.livestream.com https://emenuapps.ita.doc.gov https://rev-vbrick.uspto.gov https://*.facebook.com https://*.mapbox.com https://*.cloudflare.com https://*.tile.openstreetmap.org https://git.commerce.gov https://cdn.siteimprove.net https://youtube-nocookie.com https://translate.google.com https://www.gstatic.com https://fonts.gstatic.com https://app.powerbigov.us https://*.googleapis.com https://www.youtube-nocookie.com https://api.data.gov https://*.uspto.gov 'unsafe-inline' 'unsafe-eval' ;upgrade-insecure-requests; 3
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: 3
block-all-mixed-content;frame-ancestors *.mail.com 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3
default-src 'self' data: blob:; 3
frame-ancestors 'self' https://*.sella.it https://*.axerve.com https://*.gestpay.it https://*.coremedia.vm https://*.coremedia.cloud https://*.coremedia.io https://*.coremedia.com https://*.quickrun.io https://*.coremedia.rocks 3
upgrade-insecure-requests; default-src 'self' *.leuchtfeuer.com; frame-src 'self' *.consentmanager.net *.youtube.com *.youtube-nocookie.com *.altrulabs.com *.smartrecruiters.com *.equitystory.com *.conti-apps.de *.continental.com *.wowza.com livestream.com *.nc3-cdn.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.continental.com *.googleapis.com *.bing.com *.virtualearth.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.flockler.com *.flockler.systems *.continental.com *.google.com *.googleapis.com *.googletagmanager.com *.mouseflow.com *.bing.com *.virtualearth.net *.admiralcloud.com *.altrulabs.com *.smartrecruiters.com *.linkedin.com *.licdn.com *.analytics.google.com *.google-analytics.com *.trkkn.com unpkg.com *.consentmanager.net *.equitystory.com blob:; font-src 'self' data: *.continental.com *.bing.com *.admiralcloud.com *.altrulabs.com *.gstatic.com; connect-src 'self' *.flockler.com *.flockler.app *.continental.com *.leuchtfeuer.com *.admiralcloud.com *.bing.com *.virtualearth.net *.altrulabs.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.mouseflow.com *.consentmanager.net *.trkkn.com cdn.linkedin.oribi.io; img-src * data: *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.virtualearth.net; media-src * blob:; report-uri https://sentry.leuchtfeuer.com/api/13/security/?sentry_key=66362f3cb1034383abbd3702c8d1a340 3
upgrade-insecure-requests ; 3
default-src 'self' 'unsafe-inline' data: keyweb.de *.keyweb.de keyweb.3cx.eu:5001; script-src 'self' 'unsafe-inline' 'unsafe-eval' keyweb.de *.keyweb.de downloads-global.3cx.com *.youtube.com *.google.com *.gstatic.com;  img-src 'self' 'unsafe-inline' data:; frame-src 'self' keyweb.3cx.eu:5001 *.youtube.com chat.keyweb.de; 3
default-src 'none'; script-src acdn.adnxs.com cdn.admo.tv cstatic.weborama.fr dc.ads.linkedin.com developers.atinternet-solutions.com *.dom101.mapres *.dom101.intres *.dom101.prdres *.doubleclick.net d.turn.com *.evermaps.net *.facebook.net facebook.com *.gbpce.net *.googletagmanager.com *.googleadservices.com *.hcaptcha.com *.inbenta.io *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io marketing.adobe.com my.tealiumiq.com publicidees.com px.ads.linkedin.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.tiqcdn.com 'unsafe-inline' 'unsafe-eval' *.1bis.com *.myfeelback.com cdn.trustindex.io analytics.tiktok.com s2.adform.net track.adform.net *.adform.net *.bing.com *.teads.tv *.linkeo.com *.banquepopulaire.fr; connect-src *.dom101.mapres *.dom101.intres *.dom101.prdres *.inbenta.io *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.k-app.io *.omtrdc.net 'self' *.tealiumiq.com *.2o7.net *.hcaptcha.com cdn.linkedin.oribi.io adservice.google.com www.facebook.com *.prod.mycloud.intrabpce.fr google.com *.google.com analytics.tiktok.com px.ads.linkedin.com pagead2.googlesyndication.com gen-chat.i-bp.banquepopulaire.dev:8888 gen-widgets.hom.mycloud.intrabpce.fr gen-widgets.prod.mycloud.intrabpce.fr *.teads.tv *.banquepopulaire.fr; img-src data: cdn.admo.tv *.cloudimg.io cstatic.weborama.fr developers.atinternet-solutions.com *.doubleclick.net d.turn.com www.facebook.com www.google.fr www.google.com *.googletagmanager.com *.inbenta.com *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io *.omtrdc.net ib.adnxs.com publicidees.com *.hcaptcha.com r.turn.com secure.adnxs.com 'self' snap.licdn.com support.criteo.com *.myfeelback.com *.kxcdn.com www.linkedin.com dc.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com cdn.trustindex.io my.tealiumiq.com action.metaffiliation.com *.bing.com *.teads.tv *.linkeo.com *.banquepopulaire.fr; style-src fonts.googleapis.com *.inbenta.io 'self' *.hcaptcha.com 'unsafe-inline' *.kameleoon.eu *.kameleoon.com *.kameleoon.io *.k-app.io cdn.trustindex.io *.linkeo.com *.banquepopulaire.fr; font-src data: fonts.gstatic.com *.inbenta.io 'self'; frame-ancestors *.dom101.mapres *.dom101.intres *.dom101.prdres 'self' *.banquepopulaire.fr; frame-src https: *; report-uri https://www.csp.bpce.fr/v1/record; 3
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.com https://*.etracker.de https://*.jwpcdn.com https://customers.lmis.de http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://live.flyp.tv; style-src 'self' 'unsafe-inline' https://*.etracker.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; img-src 'self' data: https://sg.geodatenzentrum.de https://jwpltx.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com https://*.twimg.com; connect-src 'self' https://*.etracker.com https://*.etracker.de https://sg.geodatenzentrum.de https://*.jwpcdn.com http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; font-src 'self' data: https://*.jwpcdn.com; object-src 'self'; media-src 'self' https://*.streamfarm.net http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de https://*.flockler.com https://*.twimg.com; form-action 'self'; frame-src 'self' https://*.twitter.com https://vimeo.com https://player.vimeo.com https://customers.lmis.de https://vdi.p5.easire.com https://bmwi-batteriezellfertigung.interactive-scape.com https://de.digital https://preview-kaenef.bmwk.de https://live.flyp.tv; frame-ancestors 'self' http://*.bmwi.de https://*.bmwi.de http://*.bmwk.de https://*.bmwk.de; 3
frame-ancestors https://*.publons.com:* http://*.publons.com:* https://publons.com:* https://cortellis.com:* https://*.cortellis.com:* http://*.cortellis.com:* https://cortellis.cn:* https://*.cortellis.cn:* http://*.cortellis.cn:* https://*.clarivate.com:* http://*.clarivate.com:* https://*.dev-wos.com:* http://*.dev-wos.com:* https://*.endnote.com:* http://*.endnote.com:* https://*.myendnoteweb.com:* http://*.myendnoteweb.com:* https://myendnoteweb.com:* https://*.dev-cortellis.com:* http://*.dev-cortellis.com:* https://*.ezproxy.auckland.ac.nz:* http://*.ezproxy.auckland.ac.nz:* http://*.dev.oneplatform.build:* https://*.dev.oneplatform.build:* https://*.cptest.idm.oclc.org:* https://*.idm.oclc.org:* https://*.libproxy.albany.edu:* https://*.twu.edu:* http://*.dev-cortellis.cn:* https://*.dev-cortellis.cn:* http://webofscience.com:* https://webofscience.com:* http://*.webofscience.com:* https://*.webofscience.com:* https://*.proxy.lnu.se:* https://*.ub.oru.se:* https://*.griffith.edu.au:* https://*.uexternado.edu.co:* http://*.s3-website-us-west-2.amazonaws.com:* https://*.s3-website-us-west-2.amazonaws.com:* https://*.msu.edu:* https://*.library.nova.edu:* https://*.dev-scholarone.com:* https://*.clarivate.cn:* https://*.dev-incites.com:* https://*.targetsafety.info:* https://*.gethealthbase.com:* https://*.clarivate.net:* http://*.library.vanderbilt.edu:* https://*.library.vanderbilt.edu:*; sandbox allow-top-navigation allow-same-origin allow-scripts allow-popups allow-forms 3
frame-ancestors 'self' *.kaskus.co.id *.kaskus.id 3
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 3
frame-ancestors 'self' *.scot.nhs.uk *.nhsgrampian.org *.nhslothian.scot *.nhsggc.scot hcaptcha.com *.hcaptcha.com; upgrade-insecure-requests; report-to csp-endpoint; report-uri https://web-reports.scot.nhs.uk/api/v1/csp-report 3
frame-ancestors 'self' https://*.emerson.com https://*.emerson.cn https://*.emerson.co.jp https://*.emerson.kr https://*.ariba.com https://*.tradecentric.com https://mypunchoutsite.com https://*.coupahost.com https://*.determine.com https://*.gep.com https://emerson.pathfactory.com https://*.jaggaer.com https://*.sciquest.com 3
default-src 'self' https://brightdata.com wss://nexus-websocket-a.intercom.io wss://widget-mediator.zopim.com 'unsafe-inline' 'unsafe-eval' www.comeet.co data: *.googleapis.com *.googletagmanager.com *.google-analytics.com www.googleadservices.com *.googlesyndication.com www.pagespeed-mod.com assets.calendly.com calendly.com *.doubleclick.net http://ad.doubleclick.net *.youtube.com i.ytimg.com *.vwo.com *.visualwebsiteoptimizer.com widget.trustpilot.com *.zdassets.com brightdata.zendesk.com assets.brightdata.com *.userway.org cdn.mxpnl.com *.mxpnl.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com *.thesmilingelbows.com *.bing.com *.clarity.ms p.clarity.ms *.baidu.com *.lfeeder.com widget.intercom.io *.linkedin.com px.ads.linkedin.com js.intercomcdn.com api-iam.intercom.io *.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com api-js.mixpanel.com *.hsforms.net *.hsforms.com *.oribi.io *.gravatar.com cdn.jsdelivr.net cdnjs.cloudflare.com ajax.cloudflare.com code.jquery.com unpkg.com snap.licdn.com *.yandex.ru *.yandex.net *.yandex.com *.yandex.md *.yandex.by *.facebook.net *.facebook.com *.capterra.com *.netstar-inc.com *.gstatic.com yastatic.net cdn.datatables.net *.fleeq.io *.redditstatic.com *.6sc.co *.quora.com widget-mediator.zopim.com *.google.com *.google.ad *.google.ae *.google.com.tr *.google.co.il *.google.co.cr *.google.ca *.google.com.ua *.google.es *.google.co.in *.google.com.sg *.google.com.np *.google.com.mt *.google.de *.google.com.bd *.google.co.id *.google.it *.google.co.uk *.google.co.th  *.google.co.kr  *.google.fr *.google.co.za *.google.com.my *.google.com.co *.google.co.ve *.google.com.sa *.google.pt *.google.be *.google.cz *.google.co.ma *.google.com.br *.google.com.cy *.google.co.jp *.google.com.vn *.google.com.tw *.google.ro *.google.co.ke *.google.com.ng *.google.hu *.google.pl *.google.ie *.google.nl *.google.se *.google.com.do *.google.com.mx *.google.co.mz *.google.at *.google.com.ph *.google.ge *.google.com.au *.google.dz *.google.ch *.google.rs *.google.cn *.google.la *.google.by *.google.com.gt *.google.tn *.google.cl *.google.com.py *.google.ge *.google.com.ar *.google.lk *.google.com.kh *.google.ru *.google.com.mm *.google.az *.google.com.hk *.google.kz *.google.com.gh *.google.am *.google.me *.google.com.et *.google.no *.google.md *.google.com.pk *.google.bj *.google.com.af *.google.hr *.google.co.uz *.google.com.pa *.google.com.sv *.google.cm *.google.bg *.google.sk *.google.com.pr *.google.com.eg *.google.lu *.google.al *.google.si *.google.com.jm *.google.iq *.google.lu *.google.com.pe *.google.com.ec *.google.com.bo *.google.kg *.google.mu *.google.sn *.google.rw *.google.co.ug *.google.gr *.google.fi *.google.mk *.google.com.lb *.google.ee *.google.jo *.google.ba *.google.com.sv *.google.ps *.google.com.fj *.google.co.ao *.google.com.gi *.google.com.qa *.google.tt *.google.gy *.google.lt *.google.com.sv *.google.mg *.google.tm *.google.gm *.google.so *.google.cz *.google.co.tz *.google.com.uy *.google.bf *.google.vg *.google.com.cu *.google.sm *.google.com.bn *.google.hn *.google.ci *.google.com.na *.google.co.ls *.google.dk *.google.co.nz *.google.ht *.google.cv *.google.ne *.google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj *.comeet.com *.reddit.com *.6sense.com *.ipqualityscore.com *.debugbear.com *.g2crowd.com; frame-ancestors 'self'; worker-src blob:; report-uri https://brightdata.com/web_api/report_csp 3
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; block-all-mixed-content; 3
upgrade-insecure-requests;block-all-mixed-content 3
frame-src *; frame-ancestors 'self'; 3
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net; script-src 'self' 'unsafe-inline' affimvip.baidu.com static.lightning.force.com creaform.my.salesforce.com c.la1-core1.sfdc-58ktaz.salesforceliveagent.com creaform.my.site.com d.la1-core1.sfdc-58ktaz.salesforceliveagent.com chatai-cdn.ametek.com ametekpds.us17.list-manage.com mc.us17.list-manage.com static.addtoany.com fast.wistia.net wappass.baidu.com hmcdn.baidu.com fast.wistia.com static.zdassets.com affim.baidu.com safe.cdn.bcebos.com aifanfan.baidu.com a.omappapi.com go.zygo.com aff-im.cdn.bcebos.com cdnjs.cloudflare.com goutong.baidu.com player.youku.com hm.baidu.com js.hscollectedforms.net dmpstatic.cdn.bcebos.com sofire.bdstatic.com aiff.cdn.bcebos.com cdn.syndication.twimg.com api.twitter.com platform.twitter.com cdn.jsdelivr.net embed.tawk.to shopapi.dunkermotoren.de dwebshoptest.plan-software.de aff-im.cdn.bcebos.com ametekcdn2.azureedge.net ametekcdn.azureedge.net cdn.cookielaw.org go.phantomcamera.es go.phantomcameras.cn go.phantomcamera.fr wistia.com wistia.net go.ametekesp.com go.powervar.com go.precitech.com go.precitech.com.de *.creaform-engineering.com *.zygo.tw *.introtek.com *.alphasense.com *.egsautomation.de *.rtds.com *.skybitz.com *.ametek.com *.ametekweb.com go.sunpowerinc.com go.ameteksi.com go.ortec-online.com ajax.cloudflare.com static.cloudflareinsights.com facebook.com facebook.net connect.facebook.net googleads.g.doubleclick.net google-analytics.com www.google-analytics.com ssl.google-analytics.com google.com www.google.com support.google.com www.googleadservices.com fonts.googleapis.com ajax.googleapis.com maps.googleapis.com fonts.gstatic.com www.gstatic.com *.hsforms.com *.hsforms.net *.hs-analytics.net *.hs-scripts.com *.hsadspixel.net *.hubspot.com js.hscollectedforms.net t.sharethis.com code.jquery.com ws.sharethis.com info.ametek-land.com go.spectro.com twitter.com player.vimeo.com/api/ webtraxs.com youku.com youtube.com www.youtube.com go.techmfg.com go.techmfg.cn go.techmfg.de go.techmfg.jp go.techmfg.es chimpstatic.com cookie-cdn.cookiepro.com emip.ametek.com emipi.ametek.com geolocation.onetrust.com go.ametekaerospaceanddefense.com go.ametek-airtechnology.com go.ametekcalibration.cn go.ametekcalibration.com go.ametek-coining.com go.ametekfactoryautomation.com *.ametek-measurement.com go.ameteksfms.com go.ametekstc.com go.ametektest.cn go.ametektest.com go.ametektest.fr go.ametekusg.com go.brookfieldengineering.cn go.brookfieldengineering.com go.brookfieldengineering.de go.brookfieldengineering.in go.brookfieldengineering.uk go.drexelbrook.com go.emip.ametek.com go.fmhaerospace.com go.hughes-treitler.com go.hunterspringandreel.com go.pd-tech.com go.phantomcamera.de go.phantomhighspeed.com go.phantomcamera.fr go.phantomcameras.cn go.precitech.cn go.precitech.co.kr go.precitech.com.de go.precitech.jp go.precitech.tw go.rauland.com go.rauland.com go.spectro.de go.spectro.jp go.store.csiheat.com go.zygo.cn go.zygo.com.cn go.zygo.de go.zygo.jp *.zygo.kr go.zygo.sg go.zygo.th info.ametekland.com info.ametek-land.com info.ameteksurfacevision.com listadmin.ametek.com pardot1022173.ametek.com privacyportal.onetrust.com www.linkedin.com players.brightcove.net brightcvove.com brightinfo.com vjs.zencdn.net *.amazonaws.com js.hscta.net js.hs-banner.com js.hsleadflows.net analytics-eu.clickdimensions.com widgets.wp.com snap.licdn.com *.salesforceliveagent.com service.force.com bat.bing.com *.salesforce.com www.googletagmanager.com static.doubleclick.net fwww.surveymonkey.com fr.surveymonkey.com es.surveymonkey.com nl.surveymonkey.com de.surveymonkey.com jp.surveymonkey.com help.surveymonkey.com it.surveymonkey.com apply.surveymonkey.com pt.surveymonkey.com ru.surveymonkey.com sv.surveymonkey.com fi.surveymonkey.com da.surveymonkey.com zh.surveymonkey.com ko.surveymonkey.com no.surveymonkey.com tr.surveymonkey.com secure.surveymonkey.com contribute.surveymonkey.com fdeveloper.surveymonkey.com godaddy.surveymonkey.com linuxfoundation.surveymonkey.com eu.surveymonkey.com cx.surveymonkey.com investor.surveymonkey.com widget.surveymonkey.com engage.surveymonkey.com smenterprise.surveymonkey.com smaudience.surveymonkey.com blog.electiontracking.surveymonkey.com seattle.surveymonkey.com de.eu.surveymonkey.com uber.surveymonkey.com jpmc.surveymonkey.com en.surveymonkey.com ourstory.surveymonkey.com carerstrust.surveymonkey.com lp.surveymonkey.com demo.cx.surveymonkey.com cx-help.surveymonkey.com engage-help.surveymonkey.com images.surveymonkey.com kab.surveymonkey.com sgs.surveymonkey.com mobile.surveymonkey.com att.surveymonkey.com thearcus.surveymonkey.com winnipeg.surveymonkey.com petersburgmedicalcenter.surveymonkey.com cs.surveymonkey.com cy.surveymonkey.com el.surveymonkey.com ro.surveymonkey.com asm.surveymonkey.com cfchildren.surveymonkey.com ga.surveymonkey.com kooziegroup.surveymonkey.com mcafee.surveymonkey.com audience.surveymonkey.com fit.eu.surveymonkey.com click.outbound.surveymonkey.com secure.eu.surveymonkey.com anpost.eu.surveymonkey.com oesb.surveymonkey.com kla.surveymonkey.com nycdohmh.surveymonkey.com csl.surveymonkey.com wwww.surveymonkey.com blumenthalarts.surveymonkey.com api.surveymonkey.com labelmaster.surveymonkey.com thelynxgroup.surveymonkey.com try.surveymonkey.com assets01.surveymonkey.com lcoa.surveymonkey.com bnymellon.surveymonkey.com placer.surveymonkey.com ayuda.surveymonkey.com avon.surveymonkey.com auth0.surveymonkey.com maximus.surveymonkey.com sasb.surveymonkey.com nmhs.surveymonkey.com csp.surveymonkey.com strong365northwell.surveymonkey.com be.surveymonkey.com augustatech.surveymonkey.com woodplc.surveymonkey.com go.surveymonkey.com fr.eu.surveymonkey.com nychealthandhospitals.surveymonkey.com hca.surveymonkey.com nhl.surveymonkey.com slsnz.surveymonkey.com ds.surveymonkey.com ww.surveymonkey.com symplr.surveymonkey.com ca.surveymonkey.com aktionen.surveymonkey.com pncpa.surveymonkey.com seiu1021.surveymonkey.com kornferry.surveymonkey.com streetwisepartners.surveymonkey.com gamechange.surveymonkey.com jp.blog.surveymonkey.com google.surveymonkey.com styles.surveymonkey.com 222.surveymonkey.com pg.surveymonkey.com engineering.surveymonkey.com scitechinstitute.orgwww.surveymonkey.com surveymonkeysv.surveymonkey.com aide.surveymonkey.com levelaccess.surveymonkey.com roamrobotics.surveymonkey.com smonkey.surveymonkey.com resources.surveymonkey.com ar.surveymonkey.com bg.surveymonkey.com bs.surveymonkey.com et.surveymonkey.com hr.surveymonkey.com hu.surveymonkey.com id.surveymonkey.com is.surveymonkey.com lv.surveymonkey.com ms.surveymonkey.com pl.surveymonkey.com sk.surveymonkey.com sl.surveymonkey.com sr.surveymonkey.com th.surveymonkey.com tl.surveymonkey.com uk.surveymonkey.com vi.surveymonkey.com scfirststeps.surveymonkey.com www.qlzn6i1l.com secure.neck6bake.com go.universalanalyzers.com go.store.universalanalyzers.com cdn-images.mailchimp.com gallery.mailchimp.com downloads.mailchimp.com login.mailchimp.com kb.mailchimp.com blog.mailchimp.com us1.admin.mailchimp.com admin.mailchimp.com styleguide.mailchimp.com polyfill.mailchimp.com developer.mailchimp.com templates.mailchimp.com ux.mailchimp.com api.mailchimp.com connect.mailchimp.com us16.admin.mailchimp.com us19.admin.mailchimp.com us7.admin.mailchimp.com us17.admin.mailchimp.com us3.admin.mailchimp.com us10.admin.mailchimp.com us2.admin.mailchimp.com us11.admin.mailchimp.com us20.admin.mailchimp.com us4.admin.mailchimp.com us12.admin.mailchimp.com us18.admin.mailchimp.com us14.admin.mailchimp.com us8.admin.mailchimp.com apidocs.mailchimp.com us13.admin.mailchimp.com experts.mailchimp.com us1.api.mailchimp.com img.mailchimp.com us15.admin.mailchimp.com status.mailchimp.com us5.admin.mailchimp.com us6.admin.mailchimp.com us9.admin.mailchimp.com us1.mailchimp.com ls.mailchimp.com devs.mailchimp.com shopware.mailchimp.com postcards.mailchimp.com delivery.mailchimp.com plums.mailchimp.com linkedin.mailchimp.com mixpanel.mailchimp.com partner-assets.mailchimp.com patreon.mailchimp.com inspiration.mailchimp.com us11.mailchimp.com us9.mailchimp.com us16.mailchimp.com us19.mailchimp.com us20.mailchimp.com us15.mailchimp.com creative.mailchimp.com posthaste.mailchimp.com us3.mailchimp.com us6.mailchimp.com us4.mailchimp.com us12.mailchimp.com us14.mailchimp.com us2.mailchimp.com us12.api.mailchimp.com us10.mailchimp.com sopresto.mailchimp.com us17.mailchimp.com us7.mailchimp.com us18.mailchimp.com us13.mailchimp.com us8.mailchimp.com us20.api.mailchimp.com meowmart.mailchimp.com fastfives.mailchimp.com us2.api.mailchimp.com us5.mailchimp.com designlab.mailchimp.com us7.api.mailchimp.com img2.mailchimp.com us11.api.mailchimp.com us5.api.mailchimp.com us16.api.mailchimp.com sawa-usercontent.mailchimp.com us9.api.mailchimp.com docmakers.mailchimp.com us6.api.mailchimp.com help.mailchimp.com resources.mailchimp.com us15.api.mailchimp.com nonprofits.mailchimp.com m.mailchimp.com us4.api.mailchimp.com us19.api.mailchimp.com lurvin.mailchimp.com jungle.mailchimp.com us17.api.mailchimp.com us10.api.mailchimp.com us18.api.mailchimp.com us3.api.mailchimp.com privacyportal-cdn.onetrust.com privacyportal-eu-cdn.onetrust.com privacyportal-eu.onetrust.com www.onetrust.com privacyportal.onetrust.com cdn-ukwest.onetrust.com app.onetrust.com privacyportalde-cdn.onetrust.com geolocation.onetrust.com app-de.onetrust.com privacyportal-de.onetrust.com cdn-apac.onetrust.com app-eu.onetrust.com privacyportal-hulu-cdn.onetrust.com privacyportal-uk-cdn.onetrust.com cdn.onetrust.com privacyportal-uk.onetrust.com privacyportal-br-cdn.onetrust.com my.onetrust.com privacyportal-br.onetrust.com cruise-requests.my.onetrust.com privacyportal-na01-cdn.onetrust.com privacyportal-fr.onetrust.com iapp.onetrust.com sncf-portail.my.onetrust.com dpd-paris2.my.onetrust.com app.elq.onetrust.com tastemade-privacy.my.onetrust.com cdn-au.onetrust.com privacyportal-au.onetrust.com images.elq.onetrust.com allegion-privacy.my.onetrust.com privacyportal-ch.onetrust.com tcf.onetrust.com ggoutfitters-requests.my.onetrust.com privacyportal-apac.onetrust.com portal-verint.my.onetrust.com app-au.onetrust.com developer.onetrust.com uat-de.onetrust.com movado-privacy.my.onetrust.com privacyportal-allstate-cdn.onetrust.com proximospirits-privacy.my.onetrust.com free.onetrust.com privacy-portal-manpowergroup.my.onetrust.com privacyportal-discover-cdn.onetrust.com web.onetrust.com privacyportal-uat-cdn.onetrust.com privacyportal-uatde-cdn.onetrust.com info.onetrust.com support.onetrust.com chownow-requests.my.onetrust.com privacyportal-cisco-cdn.onetrust.com tv.onetrust.com data-protection-man-privacy.my.onetrust.com privacyportal-free-cdn.onetrust.com privacyportaluat.onetrust.com privacyportal-apac-cdn.onetrust.com privacyportal-free.onetrust.com smartfit-dsar.my.onetrust.com privacyportal-ch-cdn.onetrust.com privacyportaltrial-cdn.onetrust.com app-uk.onetrust.com app-apac.onetrust.com app-br.onetrust.com app-ca.onetrust.com app-ch.onetrust.com privacyportal-na01.onetrust.com lunagrill-requests.my.onetrust.com cbcfcu-requests.my.onetrust.com dropps-privacy.my.onetrust.com otcc-training.onetrust.com tdic-privacy.my.onetrust.com caire-requests.my.onetrust.com goodworldwide-requests.my.onetrust.com telteclgpd-privacy.my.onetrust.com privacyportaluatde.onetrust.com certain-requests.my.onetrust.com engieimpact-privacy.my.onetrust.com agriness-privacy.my.onetrust.com trial.onetrust.com ideas.onetrust.com lendico-privacy.my.onetrust.com go.pardot.com pi.pardot.com go.obcorp.com go.csiheat.com go.cardinaluhp.com go.barbenanalytical.com optinmonster.com cdn.datatables.net s7.addthis.com v1.addthisedge.com 'unsafe-eval'; style-src * 'unsafe-inline' creaform.my.site.com service.force.com ton.twimg.com platform.twitter.com ametekcdn2.azureedge.net ametekcdn.azureedge.net tagmanager.google.com fonts.googleapis.com; font-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net fonts.gstatic.com data:; img-src * 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net img.mailchimp.com img2.mailchimp.com images.surveymonkey.com images.elq.onetrust.com ssl.gstatic.com www.gstatic.com www.google-analytics.com googleads.g.doubleclick.net www.google.com data: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com; frame-src * 'unsafe-inline' service.force.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com/video/ ametekcdn2.azureedge.net ametekcdn.azureedge.net; connect-src * 'unsafe-inline' creaform.my.site.com ametekcdn2.azureedge.net ametekcdn.azureedge.net www.google-analytics.com cloudflareinsights.com; worker-src 'self' ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; media-src 'self' *.wistia.com aifanfan.baidu.com ametekcdn2.azureedge.net ametekcdn.azureedge.net blob:; object-src 'unsafe-inline' ametekcdn2.azureedge.net ametekcdn.azureedge.net aifanfan.baidu.com 'self' 3
frame-ancestors 'self' https://dato-plugin-3zrf.vercel.app https://factorial-next.admin.datocms.com *.factorial.be *.factorial.ch *.factorial.co *.factorial.fr *.factorial.it *.factorial.mx *.factorialhr.ar *.factorialhr.be *.factorialhr.ch *.factorialhr.cl *.factorialhr.co *.factorialhr.co.uk *.factorialhr.com.ar *.factorialhr.com.br *.factorialhr.de *.factorialhr.es *.factorialhr.fr *.factorialhr.it *.factorialhr.mx *.factorialhr.pt *.factorialhr.com 3
frame-ancestors https://www.check24.de/ https://finanzen.check24.de/ 'self' 3
frame-ancestors 'self' *.shift4shop.com *.3dcart.com *.3dcart.net *.3dc.local *.3dcart.co.uk *.3dcart.ca app.cyfe.com 3
default-src 'none'; media-src *; manifest-src 'none'; frame-src https://*.hushmail.com https://forms.hubspot.com https://*.hubspot.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://forms.hsforms.com https://*.google-analytics.com https://*.doubleclick.net https://hushforms.com https://widget.trustpilot.com https://vars.hotjar.com/ https://*.hs-sites.com https://fast.wistia.net https://www.hushmail.com 'self'; object-src 'self'; child-src 'self'; font-src https://*.hushmail.com https://fonts.gstatic.com https://script.hotjar.com 'self'; style-src https://*.hushmail.com https://hushforms.com https://fonts.googleapis.com 'self' 'unsafe-inline'; connect-src https://*.hushmail.com https://*.hubspot.com https://*.hsforms.net https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net https://frstre.com https://tapfiliate.com https://hushforms.com https://*.capterra.com https://*.google.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net https://beaconapi.helpscout.net wss://ws-helpscout.pusher.com https://sockjs-helpscout.pusher.com https://api.hubapi.com https://*.hotjar.com https://*.hotjar.io wss://ws18.hotjar.com 'self'; img-src * data:; script-src https://*.hushmail.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsforms.net https://js.usemessages.com https://forms.hubspot.com https://forms.hsforms.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.tapfiliate.com https://hushforms.com https://*.capterra.com https://widget.trustpilot.com https://beacon-v2.helpscout.net/ https://js.hs-banner.com https://js.hsadspixel.net https://*.hotjar.com https://js.hubspot.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.hushmail.com; report-uri /cspreport/ 3
frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' * 3
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://blueimp.github.io *.jquery.com *.toast.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com https://snap.licdn.com *.linkedin.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.toast.com *.linkedin.com *.googleapis.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com; img-src 'self' *.linkedin.com *.jsdelivr.net *.datatables.net *.cloudflare.com https://unpkg.com *.lh.pl *.googletagmanager.com *.facebook.net *.google-analytics.com *.doubleclick.net *.google.com *.gstatic.com www.googleadservices.com data: *.google.pl *.google.com *.google-analytics.com *.facebook.com; font-src 'self' *.gstatic.com; 3
upgrade-insecure-requests; frame-ancestors 'self' *.reforma.com *.elnorte.com *.mural.com.mx *.gruporeforma.com *.agenciareforma.com *.avisosdeocasion.com *.elviernesnocuesta.com aristeguinoticias.com *.ezproxy.iteso.mx *.udemproxy.elogim.com creative-preview-an.com ib.adnxs-simple.com mediation.adnxs.com http://intraneteditora http://intranetreforma http://intranetmural http://operacionesinternet; 3
frame-ancestors 'self' *.onbase.com *.hyland.com *.communitylive.com *.sharebase.com https://profiles.onbase.com https://hyland.highspot.com https://view-su2.highspot.com; 3
frame-ancestors 'self' *.vpro.nl:* *.human.nl *.vprobroadcast.com *.2doc.nl *.vprogids.nl *.brainwash.nl vpro.matomo.cloud omroephuman.matomo.cloud; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com js-cdn.dynatrace.com static.lightning.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com secure.force.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com *.googletagmanager.com *.bing.com *.adsrvr.org *.googleadservices.com *.google.de *.doubleclick.com; object-src 'none'; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at https://bf51204epo.bf.dynatrace.com/bf eu36.salesforce.com int-crm.my.salesforce.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com service.force.com *.salesforceliveagent.com *.googleapis.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com s7g10.scene7.com *.googletagmanager.com *.bing.com *.adsrvr.org *.googleadservices.com *.google.de *.google.com *.doubleclick.com *.doubleclick.net *.googlesyndication.com; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.salesforce.com EU36.force.com static.lightning.force.com secure.force.com *.salesforceliveagent.com *.cookielaw.org *.onetrust.com *.salesforce-sites.com *.gstatic.com s7g10.scene7.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at https://external-content.aldi-sued.de eu36.salesforce.com hofer.secure.force.com int-crm.my.salesforce.com EU17.salesforce.com EU17.force.com EU36.force.com static.lightning.force.com secure.force.com hofer.force.com *.salesforce-sites.com *.salesforce.com *.googletagmanager.com *.bing.com *.adsrvr.org *.questback.com *.doubleclick.net; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com https://aldigo.aldi-sued.de https://virtueller-rundgang.aldi-sued.de 3
script-src 'self' 'unsafe-inline' adobedtm.com t.contentsquare.net connect.facebook.net blob: http: https:; object-src 'none'; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/verily; 3
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:; worker-src blob:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=undefined&dd-evp-origin=content-security-policy&ddsource=csp-report 3
default-src 'self'; frame-src 'none'; connect-src 'self'; font-src 'self' data:; img-src 'self' data:; media-src data:; script-src 'self' 'unsafe-eval' 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-VA8O2hAdooB288EpSTrGLl7z3QikbWU9wwoebO/QaYk=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; form-action 'none'; 3
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.convertexperiments.com https://cdn.attn.tv https://www.dropbox.com https://edge.fullstory.com https://rs.fullstory.com/rec/integrations https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.clarity.ms https://*.hotjar.com https://*.hotjar.io https://www.paypal.com/sdk/js https://www.paypalobjects.com https://*.newrelic.com https://*.nr-data.net https://www.paypal.com/tagmanager/pptm.js; style-src 'self' 'unsafe-inline' https://*.typekit.net; img-src * data:; font-src 'self' https://*.typekit.net https://*.hotjar.com; connect-src 'self' https://*.drivethrurpg.com https://api.drivethrurpg.com https://*.attn.tv https://events.attentivemobile.com https://logs.convertexperiments.com/log https://*.metrics.convertexperiments.com https://api.dropboxapi.com https://edge.fullstory.com https://rs.fullstory.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.clarity.ms/collect https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.paypal.com/sdk/js https://*.paypal.com/xoplatform/logger/api/logger https://*.cloudfront.net https://*.nr-data.net https://*.newrelic.com; media-src *; object-src 'none'; child-src 'self' https://*.drivethrurpg.com https://*.attn.tv https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://vars.hotjar.com https://assets.braintreegateway.com https://*.paypal.com https://www.paypalobjects.com https://*.youtube.com https://*.cloudfront.net; frame-ancestors 'self' https://*.drivethrurpg.com; report-uri https://api.drivethrurpg.com/rpc/vBeta/feedback/csp_report; report-to csp-reports-endpoint 3
default-src 'self' flickrembed.com *.flickrembed.com *.jquery.com *.flickr.com *.twitter.com *.gstatic.com *.weloveiconfonts.com weloveiconfonts.com *.googletagmanager.com *.google-analytics.com *.youtube.com youtube.com *.ytimg.com *.google.com *.googlevideo.com *.googleapis.com *.facebook.net *.facebook.com *.doubleclick.net *.rss2json.com *.instagram.com *.googleservices.com *.office.com *.matterport.com *.cloudflare.com *.benchmarkemail.com *.renem.es *.openstreetmap.org *.opentopomap.org *.ign.es data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' blank;object-src 'self' blank; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am-assets.pl www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com accounts.google.com widget.helpcrunch.com connect.facebook.net stats.pusher.com secure.payu.com script.hotjar.com static.hotjar.com chat.dropped.net.pl js.pusher.com;style-src 'self' 'unsafe-inline' https://am-assets.pl fonts.googleapis.com accounts.google.com chat.dropped.net.pl; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.advantech.com *.advantech.com.cn static.zdassets.com static.hotjar.com cdnjs.cloudflare.com www.gstatic.com www.googletagmanager.com dev.visualwebsiteoptimizer.com js.hs-analytics.net script.hotjar.com www.google-analytics.com lpcdn.lpsnmedia.net dashboard.whoisvisiting.com snap.licdn.com va.v.liveperson.net connect.facebook.net accdn.lpsnmedia.net fast.wistia.com s7.addthis.com api.ipify.org www.google.com hm.baidu.com az416426.vo.msecnd.net player.polyv.net www.youtube.com www.clarity.ms kit.fontawesome.com cdn-cookieyes.com openfpcdn.io challenges.cloudflare.com app.vwo.com;                  img-src 'self' data: *.advantech.com *.advantech.com.cn *.visualwebsiteoptimizer.com advantechfiles.blob.core.windows.net advdownload.blob.core.windows.net app.vwo.com c.bing.com c.clarity.ms cdn-cookieyes.com chart.googleapis.com dashboard.whoisvisiting.com dev.visualwebsiteoptimizer.com embed-ssl.wistia.com fast.wistia.com fonts.gstatic.com googleads.g.doubleclick.net hm.baidu.com img.videocc.net px.ads.linkedin.com www.facebook.com www.google-analytics.com www.google.com www.google.com.tw www.googleadservices.com www.googletagmanager.com www.linkedin.com;                  style-src 'self' 'unsafe-inline' *.advantech.com *.advantech.com.cn fonts.googleapis.com dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com kit.fontawesome.com ka-p.fontawesome.com www.googletagmanager.com;                  font-src 'self' data: *.advantech.com *.advantech.com.cn fast.wistia.com fonts.gstatic.com script.hotjar.com ka-p.fontawesome.com;                  worker-src 'self' blob:;                  frame-ancestors 'self' *.advantech.com *.advantech.com.cn;                  object-src 'none'; 3
frame-ancestors 'self' https://*.autoalert.com https://service.force.com https://whatfix.com https://cdn.whatfix.com https://addons.whatfix.com https://events.whatfix.com https://videos.whatfix.com 3
frame-ancestors 'self' *.plentymarkets-cloud-hq.com *.myshopify.com *.plentymarkets.com *.digivent.stream 3
frame-ancestors 'self' https://thesource.amcnetworks.com https://www.amcnetworks.com; 3
frame-ancestors 'self' https://*.movavi.de https://*.movavi.com https://*.movavi.ru https://*.pdfchef.com https://*.screencapture.com https://*.movavivideosuite.com https://*.gecata.com https://*.movavi.id https://movavi.id https://*.videoconverter.com https://*.fastreel.com http://webvisor.com https://portal1.comm100.io; report-uri https://o474997.ingest.sentry.io/api/5707278/security/?sentry_key=25e22998a8224d34a8ffbc4cae02fc48&sentry_environment=production; report-to csp-endpoint 3
base-uri 'self'; object-src 'none'; frame-ancestors 'self'; 3
frame-ancestors *.acuitybrandslighting.net *.acuitybrands.com *.acuitybrands.ca *.acuitybrands.com.mx *.acuitybrandstoronto.com *.besalfund.org *.dglogik.com *.distech-controls.com *.eldoled.com *.iotaengineering.com *.ke2therm.com *.luminis.com *.mcclungfoundation.org; 3
default-src 'self' easy.gr *.easy.gr *.cookiebot.com *.tawk.to *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com *.youtube.com;script-src 'self' *.paypal.com *.paypalobjects.com *.braintreegateway.com easy.gr *.easy.gr *.youtube.com 'unsafe-inline' 'unsafe-eval' *.googleusercontent.com *.gstatic.com tippedjs.com fancyapps.com ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net cdn.jsdelivr.net *.google.com googleads.g.doubleclick.net stats.g.doubleclick.net *.google.com *.google.gr *.youtube.com unpkg.com;style-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net;img-src 'self' data: easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com cdn.jsdelivr.net *.google.gr *.google.nl *.paypalobjects.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com ;font-src 'self' easy.gr *.easy.gr 'unsafe-inline' ajax.googleapis.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.paypalobjects.com stats.g.doubleclick.net ;connect-src 'self' easy.gr *.easy.gr 'unsafe-inline' *.tawk.to wss://*.tawk.to  *.lottiefiles.com fonts.googleapis.com *.googleapis.com *.gstatic.com tagmanager.google.com www.googletagmanager.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.googleadservices.com googleadservices.com *.tawk.to *.facebook.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com *.paypal.com googleads.g.doubleclick.net stats.g.doubleclick.net google.com *.youtube.com *.googlesyndication.com ; frame-src 'self' easy.gr *.easy.gr  'unsafe-inline' *.paypal.com *.paypalobjects.com *.doubleclick.net *.cookiebot.com *.tawk.to ; 3
upgrade-insecure-requests; frame-ancestors 'self' ; report-uri https://cspreports.realpage.com/api/reports/save/violation; 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' https://www.local.ch 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none'; 3
default-src 'self' https://zendesk-eu.my.sentry.io https://sdk.twilio.com https://eventgw.twilio.com wss://nequi.zendesk.com wss://voice-js.roaming.twilio.com https://ajax.googleapis.com wss://api.smooch.io https://sdk.twilio.com https://zendesk-eu.my.sentry.io https://media.smooch.io https://api.smooch.io https://nequi.zendesk.com/ https://ekr.zendesk.com https://ekr.zdassets.com https://static.zdassets.com 'unsafe-inline' *.website-files.com cdn.jsdelivr.net https://ajax.googleapis.com fonts.googleapis.com blob:; script-src-elem 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com https://ajax.googleapis.com https://www.googletagservices.com/ https://securepubads.g.doubleclick.net/ http://127.0.0.1:5500/ https://us1.clevertap-prod.com/ https://static.elfsight.com/platform/platform.js https://cdn.jsdelivr.net/ https://static.ads-twitter.com https://tpc.googlesyndication.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://s.yimg.com https://www.google.com https://www.gstatic.com/ https://*.cloudfront.net/ https://*.website-files.com/ https://*.zdassets.com/ https://www.googletagmanager.com/; connect-src https://px.ads.linkedin.com 'self' https://widget-mediator.zopim.com https://zendesk-eu.my.sentry.io wss://voice-js.roaming.twilio.com wss://api.smooch.io https://sdk.twilio.com https://media.smooch.io https://api.smooch.io https://ekr.zendesk.com *.visualwebsiteoptimizer.com app.vwo.com https://securepubads.g.doubleclick.net/ https://nequi-colombia.webflow.io/ https://raw.githubusercontent.com https://ad.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://analytics.google.com https://*.nequi.com.co https://webflow-user-file-uploads-tmp-production.s3.amazonaws.com/ https://webflow.com/ https://s.yimg.com https://stats.g.doubleclick.net https://ekr.zdassets.com/ https://www.google-analytics.com https://nequi.zendesk.com/ https://zendesk-eu.my.sentry.io wss://widget-mediator.zopim.com; media-src https://cdn.prod.website-files.com/ https://assets-global.website-files.com/ https://static.zdassets.com; font-src https://assets.website-files.com https://fonts.gstatic.com data:; frame-src https://geo-nequi.puntored.co/ https://public.transacciones.com.co/ app.vwo.com *.visualwebsiteoptimizer.com https://cdn.embedly.com/ https://w.soundcloud.com/ https://accounts.google.com/ https://drive.google.com/ https://www.youtube.com/ https://www.instagram.com/ https://status.nequi.com.co/ https://www.google.com/ https://tpc.googlesyndication.com/ https://*.doubleclick.net/; img-src https://cdn.prod.website-files.com/ https://ad.doubleclick.net 'self' https://widget-mediator.zopim.com https://v2assets.zopim.io https://nequi.zendesk.com https://static.zdassets.com https://*.zdusercontent.com https://media.smooch.io https://accounts.zendesk.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.facebook.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google-analytics.com https://assets-global.website-files.com https://www.google.com https://analytics.twitter.com https://t.co https://www.google.com.co 3
default-src 'self' data: https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net https://consentcdn.cookiebot.com https://consent.cookiebot.com http://localhost:* ws://localhost:* https://quotes-7100-fundamentals-current.staging.api.stock3.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://as.stock3.com https://track.adform.net https://s1.adform.net https://s2.adform.net https://code.createjs.com https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://feed.goldencross.de https://cdn.adspirit.de https://kerlundcie.adspirit.de https://ad.doubleclick.net https://s0.2mdn.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.googletagservices.com; connect-src https://account.stock3.com https://stock3.com https://*.stock3.com https://*.guidants.com https://*.godmode-trader.de https://*.boerse-go.de https://*.guidants-trading.de https://*.brokerize.com wss://*.stock3.com wss://status.guidants.com wss://*.boerse-go.de wss://*.guidants-trading.de wss://*.brokerize.com https://*.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://consent.cookiebot.com https://mein.finanzen-zero.net https://mein.zero-staging.net https://mein.t5.zero-test.net http://localhost:* ws://localhost:* https://quotes-7100-fundamentals-current.staging.api.stock3.com https://track.adform.net https://googleads4.g.doubleclick.net https://pagead2.googlesyndication.com https://ade.googlesyndication.com; style-src 'unsafe-inline' 'self' https://data.boerse-go.de https://s1.adform.net https://s2.adform.net https://fonts.googleapis.com; frame-src https://account.stock3.com 'self' https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://modules.wikifolio.com https://tradematch.sgmarkets.com https://open.spotify.com https://embed.podcasts.apple.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://is.stock3.com https://c1.adform.net https://cdn.adspirit.de https://s0.2mdn.net https://tpc.googlesyndication.com https://c.bannerflow.net; img-src 'self' https: data: http://localhost:* ws://localhost:* https://quotes-7100-fundamentals-current.staging.api.stock3.com; font-src 'self' https://fonts.gstatic.com 3
default-src 'self' https: data:; frame-src 'self' ockto: https:; frame-ancestors 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: https:; font-src *; 3
default-src 'self' https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com https://*.soundcloud.com https://platform.instagram.com https://randomhouse.scnem.com https://sharingbox.rhspecial.de https://*.google.com https://www.youtube-nocookie.com https://s7.addthis.com https://www.facebook.com/ https://vars.hotjar.com/ https://cdn.podigee.com/ https://open.spotify.com https://platform.twitter.com https://syndication.twitter.com https://*.instagram.com https://*.pinterest.com https://*.pinterest.de *.epccm19.com; connect-src 'self' https://trc.taboola.com https://*.ex.co https://*.issuu.com https://*.digitalstores.net https://www.facebook.com https://*.penguinrandomhouse.de https://*.penguin.de https://*.randomhouse.de  https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.google-analytics.com https://*.g.doubleclick.net https://*.playbuzz.com  https://*.addthis.com  https://*.hotjar.com:* https://vc.hotjar.io:* https://*.hotjar.io wss://*.hotjar.com https://ct.pinterest.com https://*.pinterest.de https://book-base.de https://*.tiktok.com https://*.taboola.com *.epccm19.com *.outbrain.com *.bing.com maps.googleapis.com api.friendlycaptcha.com; font-src 'self' fonts.gstatic.com https://use.typekit.net/ https://cdn.podlove.org/ https://script.hotjar.com https://*.podigee.com; frame-ancestors 'self' https://open.spotify.com http://rhdemobilepreview:28080/ http://rhdemobilepreview:28081/ https://*.penguinrandomhouse.de/ ; frame-src 'self' https://*.ex.co https://tpc.googlesyndication.com https://*.penguinrandomhouse.de/ https://*.randomhouse.de https://*.penguin.de https://audionow.de/ https://open.spotify.com https://www.youtube-nocookie.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://s7.addthis.com/ https://s.pinimg.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com  https://ajax.googleapis.com maps.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com *.g.doubleclick.net https://*.g.doubleclick.net www.bic-media.com https://*.soundcloud.com https://platform.instagram.com https://randomhouse.scnem.com https://penguinrandomhouse.scnem2.com https://sharingbox.rhspecial.de  https://*.google.com  https://www.youtube-nocookie.com https://s7.addthis.com  https://cdn.podigee.com/  https://*.twitter.com https://*.instagram.com https://*.pinterest.com https://*.pinterest.de https://*.audionow.de https://book-base.de https://embed.plus.rtl.de *.epccm19.com; img-src 'self' data: www.google-analytics.com csi.gstatic.com https://maps.gstatic.com/mapfiles/ https://*.googleapis.com *.googleapis.com https://bat.bing.com https://static.ex.co https://randomhouse.scnem.com https://px.ads.linkedin.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com https://platform.twitter.com https://*.twimg.com https://penguinrandomhouse.scnem2.com https://*.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://*.pinterest.de https://cx.atdmt.com https://cs.lkqd.net https://maps.googleapis.com https://*.hotjar.com https://*.smartadserver.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://book-base.de https://tr.main.bid-prod.technical-service.net https://penguin.epccm19.com; manifest-src 'self' data: www.google-analytics.com csi.gstatic.com https://maps.gstatic.com/mapfiles/ https://*.googleapis.com *.googleapis.com https://bat.bing.com https://static.ex.co https://randomhouse.scnem.com https://px.ads.linkedin.com https://*.outbrain.com/ https://image.isu.pub www.googletagmanager.com *.g.doubleclick.net https://syndication.twitter.com https://o.twimg.com https://platform.twitter.com https://*.twimg.com https://penguinrandomhouse.scnem2.com https://*.randomhouse.de https://pixel.quantserve.com https://*.google.com https://www.google.at https://www.google.ch https://www.google.dk https://www.facebook.com https://www.googleadservices.com https://www.google.de https://*.g.doubleclick.net https://*.playbuzz.com https://www.google-analytics.com https://www.addthis.com https://*.pinterest.com https://*.pinterest.de https://cx.atdmt.com https://cs.lkqd.net https://maps.googleapis.com https://*.hotjar.com https://*.smartadserver.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://book-base.de https://tr.main.bid-prod.technical-service.net https://penguin.epccm19.com; media-src 'self' 10.4.91.62 *.penguinrandomhouse.de *.penguin.de https://book-base.de; object-src 'self' 10.4.91.62 *.penguinrandomhouse.de *.penguin.de; report-to /ContentSecurityPolicyReporter; script-src 'self' 'wasm-unsafe-eval' https://bat.bing.com https://trc.taboola.com https://static.ex.co https://cdn.taboola.com/libtrc/unip/1423689/tfa.js https://tpc.googlesyndication.com https://snap.licdn.com https://*.outbrain.com/ https://s.pinimg.com *.penguinrandomhouse.de *.penguin.de 'unsafe-eval' 'unsafe-inline' https://e.issuu.com/embed.js https://*.googleapis.com *.googleapis.com csi.gstatic.com www.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://platform.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://randomhouse.scnem.com  https://penguinrandomhouse.scnem2.com https://sharingbox.rhspecial.de https://secure.quantserve.com https://rules.quantcount.com  https://*.google.com https://www.google.de https://www.google.at https://www.google.ch https://www.gstatic.com https://connect.facebook.net  https://cdn.adrtx.net  https://vgrh.stage.digitalstores.net https://stage.digitalstores.net https://www.googleadservices.com https://*.penguinrandomhouse.de https://*.randomhouse.de https://*.penguin.de https://www.bic-media.com https://*.g.doubleclick.net https://www.facebook.com https://*.playbuzz.com https://cdnjs.cloudflare.com https://s7.addthis.com https://m.addthisedge.com https://v1.addthisedge.com https://v1.addthis.com https://m.addthis.com youtube.com  www.youtube.com https://youtube.com  https://www.youtube.com https://tagmanager.google.com https://s.ytimg.com https://*.podigee.com https://randomhouse.digitalstores.net/pbs.2.js https://cdn.podlove.org  https://*.hotjar.com https://www.instagram.com https://*.pinterest.com https://*.pinterest.de https://*.tiktok.com *.epccm19.com api.friendlycaptcha.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://platform.twitter.com https://*.twimg.com  https://res-format-story.playbuzz.com https://optimize.google.com https://*.typekit.net https://cdn.podlove.org/ https://*.podigee.com *.epccm19.com; worker-src * blob: 3
default-src https: wss: data: blob:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob:; font-src https: data:; worker-src blob:; report-uri /csp-report 3
default-src 'self'; img-src 'self' wss://*.caas4prd.worldline-solutions.com *.bing.com *.seadform.net *.caas4prd.worldline-solutions.com bit.ly *.blob.core.windows.net callexcellcdn.blob.core.windows.net *.googletagmanager.com *.tiktok.com *.googletagmanager *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.com *.googleadservices.net *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.google.com *.g.doubleclick.net *.vimeocdn.com *.vimeo.com dpm.demdex.net dev.day.com cm.everesttech.net worldline.sc.omtrdc.net worldlinesa.tt.omtrdc.net cdn.cookielaw.org www.gstatic.com *.linkedin.com *.adsymptotic.com *.scene7.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' wss://*.caas4prd.worldline-solutions.com *.caas4prd.worldline-solutions.com *.zdassets.com *.blob.core.windows.net *.callexcellcdn.blob.core.windows.net *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.zendesk.com cdnjs.cloudflare.com https://google.com *.doubleclick.net *.facebook.com *.g.doubleclick.net track.adform.net *.facebook.net assets.adobedtm.com cdn.cookielaw.org snap.licdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.cloudflare.com cdn.jsdelivr.net www.youtube.com ssl.p.jwpcdn.com assets-jpcust.jwpsrv.com *.cloudflare.com cdn.cookielaw.org files.cdn.leadfamly.com *.ytimg.com *.youtube.com *.jwpsrv.com *.jwpcdn.com *.hs-banner.com *.hscollectedforms.net *.hsadspixel.net *.hs-analytics.net *.hs-scripts.com *.salesfeed.com *.doubleclick.net *.pardot.com *.hotjar.io *.hotjar.com *.gstatic.com *.google.com *.worldline.com ajax.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.scene7.com; style-src 'self' 'unsafe-inline' *.worldline.com wss://*.caas4prd.worldline-solutions.com *.beanstream.com *.caas4prd.worldline-solutions.com *.worldline-solutions.com *.blob.core.windows.net *.fontawesome.com *.lytics.io https://google.com *.fontawesome.com fonts.google.com optimize.google.com play.google.com *.cloudflare.com ssl.p.jwpcdn.com *.googleapis.com *.caas4noprd.worldline-solutions.com *.cloudflare.com *.jwpcdn.com worldline.com maxcdn.bootstrapcdn.com *.scene7.com; connect-src 'self' 'unsafe-inline' wss://*.caas4prd.worldline-solutions.com *.friendlycaptcha.com *.mktoresp.com *.caas4prd.worldline-solutions.com callexcellcdn.blob.core.windows.net *.linkedin.com worldlinesa.tt.omtrdc.net *.zendesk.com wss://*.zopim.com *.hubspot.com *.hubapi.com *.zdassets.com *.cognigy.ai wss://*.cognigy.ai *.zendesk.com https://google.com *.tiktok.com *.googlesyndication.com *.doubleclick.net *.facebook.com www.googleadservices.com *.googleadservices.net *.googleadservices.com *.google.com *.google.be *.google.fr *.google.it *.google.es *.google.si *.google.sk *.google.cz *.google.lt *.google.lv *.google.ee *.google.tr *.google.gr *.google.co.uk *.google.hr *.google.hu *.google.nl *.google.pl *.google.ch *.google.de *.google.lu *.google.at *.google.co.in *.google.bg *.google.am *.g.doubleclick.net six.enterprisebot.co *.fontawesome *.hotjar.io *.spotify.com *.apple.com wss://*.caas4noprd.worldline-solutions.com *.worldline-solutions.com *.scene7.com worldlinesa.demdex.net dpm.demdex.net cdn.cookielaw.org privacyportal-eu.onetrust.com *.tt.omtrdc.net *.omtrdc.net wss://*.hotjar.com wss://ws4.hotjar.com geolocation.onetrust.com maps.googleapis.com *.blob.core.windows.net optanon.blob.core.windows.net cookies-data.onetrust.io vc.hotjar.io maps.googleapis.com ws21.hotjar.com *.doubleclick.net *.hotjar.com cdn.linkedin.oribi.io; base-uri 'self'; frame-src 'self' 'unsafe-inline' *.adform.net *.mktoresp.com *.beanstream.com *.zendesk.com *.zdassets.com www.actito.be *.doubleclick.net *.g.doubleclick.net *.spotify.com *.apple.com anchor.fm *.typeform.com *.doubleclick.net business.ingenico.com form.typeform.com files.cdn.leadfamly.com worldline.leadfamly.com *.brighttalk.com *.youtube.com *.hotjar.com *.worldline.com *.equensworldline.com *.google.com worldlinesa.demdex.net https://recaptcha.google.com/recaptcha/; object-src 'none'; font-src *; script-src-elem 'unsafe-inline' *; media-src 'self' data: blob: *.zdassets.com *.scene7.com; worker-src blob:; child-src blob:; frame-ancestors 'self' https://frontend-v2.ocularium.be; 3
default-src 'unsafe-inline' 'unsafe-eval' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src https: wss: data:; font-src 'self' https: data:; img-src 'self' data: blob: https: 3
default-src * blob:;connect-src 'self' 'unsafe-inline' https://px.ads.linkedin.com https://app.clearbit.com https://adservice.google.com  https://dev.visualwebsiteoptimizer.com https://cdn.bizible.com https://api.craftcms.com https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://analytics.google.com https://*.6sc.co https://*.6sense.com https://*.fullstory.com https://*.getkoala.com/ https://signalwire.com https://www.facebook.com wss://*.signalwire.com https://*.signalwire.com https://cdn.signalwire.com https://signalwire.s3-us-west-2.amazonaws.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://app.termly.io https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com  http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat;frame-src 'self' https://www.facebook.com https://js.stripe.com https://www.youtube.com https://youtube.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://app.termly.io https://vars.hotjar.com https://game.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;child-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;worker-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com blob:;style-src 'self' 'unsafe-inline' https://github.githubassets.com https://tagmanager.google.com https://stackpath.bootstrapcdn.com https://*.signalwire.com https://cdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com https://client.crisp.chat http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://x.clearbitjs.com https://www.youtube.com https://youtube.com https://tag.clearbitscripts.com  https://dev.visualwebsiteoptimizer.com https://cdn.bizible.com https://www.clickcease.com https://ajax.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://www.googleadservices.com https://tagmanager.google.com https://www.googletagmanager.com https://*.6sc.co https://*.6sense.com https://*.fullstory.com https://*.getkoala.com/ https://signalwire.com  https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://js.usemessages.com https://snap.licdn.com https://gist.github.com https://js.stripe.com https://*.signalwire.com https://cdn.signalwire.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://app.termly.io https://d3js.org https://cdn.jsdelivr.net https://munchkin.marketo.net https://262-hgr-311.mktoresp.com http://262-hgr-311.mktoweb.com https://262-hgr-311.mktoweb.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://client.crisp.chat https://settings.crisp.chat;font-src 'self' 'unsafe-inline' https://*.signalwire.com https://cdn.signalwire.com http://mcdn.signalwire.com https://mcdn.signalwire.com https://fonts.gstatic.com https://fonts.googleapis.com http://script.hotjar.com https://script.hotjar.com https://client.crisp.chat data:;img-src * data: 3
frame-src https://portal.exoscale.com/ https://push.getbeamer.com/ https://app.getbeamer.com/ https://changelog.exoscale.com/ 3
frame-src *; default-src * data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' blob:; frame-ancestors https://app.storyblok.com; 3
default-src self 'unsafe-inline' 'unsafe-eval' data: https://*.internetcomputer.org https://ic0.app https://fonts.gstatic.com https://fonts.googleapis.com https://status.internetcomputer.org https://*.basemaps.cartocdn.com 3
frame-ancestors 'self' https://get.succeed.net; 3
frame-ancestors 'self'; report-uri https://www.hitmanpro.com/en-us/report-uri/enforce 3
frame-ancestors 'self' secure.id.dbsdigibank.com;default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: impressions.onelink.me http://sin-col.eum-appdynamics.com http://cdn.appdynamics.com https://safe1.dbswiso.prd https://safe2.dbswiso.prd sin-col.eum-appdynamics.com cdn.appdynamics.com secure.id.dbsdigibank.com analytics.tiktok.com advertiser.inmobiapis.com offers-mobavenue.affise.com uads.infomo.net insight.adsrvr.org *.tt.omtrdc.net www.trinaxmind.com *.appsflyer.com  *.licdn.com  *.inmobicdn.net *.criteo.com *.criteo.net *.infomo.com *.torcai.com api-us.faceplusplus.com maps.gstatic.com *.googleapis.com *.ggpht.com v1.addthisedge.com v1.addthis.com tags.tiqcdn.com cdn-akamai.mookie1.com s7.adskom.com www.dbs.com dbsweb-u02-dbs8.uat.dbs.com  dbs.demdex.net dpm.demdex.net pixel.tapad.com tagmanager.google.com ssl.google-analytics.com ssp.adskom.com tag.perfectaudience.com js.adsrvr.org *.fls.doubleclick.net googleads.g.doubleclick.net secure-ds.serving-sys.com www.google-analytics.com analytics.google.com bs.serving-sys.com bcp.crwdcntrl.net www.googletagmanager.com stats.g.doubleclick.net www.googleadservices.com tags.crwdcntrl.net www.gstatic.com www.dbs.com.sg s.go-mpulse.net c.go-mpulse.net www.dbs.com maps.googleapis.com maps.gstatic.com chart.googleapis.com assets.adobedtm.com m.addthisedge.com s7.addthis.com graph.facebook.com www.linkedin.com api-public.addthis.com m.addthis.com www.dbs.com ds-aksb-a.akamaihd.net px.ads.linkedin.com sjs.bizographics.com cdnjs.cloudflare.com connect.facebook.net www.google.com fonts.googleapis.com bid.g.doubleclick.net dbs.sc.omtrdc.net www.youtube.com www.google.com.sg fonts.gstatic.com dbs.112.2o7.net www.facebook.com www.google.co.id ssl.gstatic.com *.fls.doubleclick.net *.akstat.io dpm.demdex.net dbs.sc.omtrdc.net http://www.dbs.com http://wwwak.dbs.id http://www.dbs.id data:; 3
default-src 'self' blob: data: *; style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; frame-ancestors 'self' https://xodo-web.sanity.studio; 3
script-src 'self' addtoany.com *.addtoany.com capitaland.my.site.com ipinfo.io *.google.com google.com *.maps.googleapis.com maps.googleapis.com *.googleapis.com googleapis.com *.developers.google.com developers.google.com *.baidu.com baidu.com *.hm.baidu.com hm.baidu.com *.api.map.baidu.com api.map.baidu.com *.z.moatads.com z.moatads.com *.google-analytics.com google-analytics.com *.addthis.com addthis.com *.addthisedge.com addthisedge.com *.cdn.polyfill.io cdn.polyfill.io *.recaptcha.net recaptcha.net *.gstatic.com gstatic.com *.gstatic.cn gstatic.cn *.googletagmanager.com googletagmanager.com *.consent.trustarc.com consent.trustarc.com *.js-agent.newrelic.com js-agent.newrelic.com *.nr-data.net nr-data.net *.googleadservices.com googleadservices.com *.doubleclick.net doubleclick.net *.licdn.com licdn.com *.snap.licdn.com snap.licdn.com *.tiktok.com tiktok.com *.analytics.tiktok.com analytics.tiktok.com *.facebook.net facebook.net *.connect.facebook.net connect.facebook.net *.facebook.com facebook.com *.ads-twitter.com ads-twitter.com *.static.ads-twitter.com static.ads-twitter.com *.bat.bing.com bat.bing.com *.tag.azame.net tag.azame.net *.analytics.twitter.com analytics.twitter.com *.bp-1c51.kxcdn.com bp-1c51.kxcdn.com *.secure.adnxs.com secure.adnxs.com *.googlesyndication.com googlesyndication.com *.triptease.io triptease.io *.onboard.triptease.io onboard.triptease.io *.secure-hotel-tracker.com secure-hotel-tracker.com *.egain.cloud egain.cloud *.ascottintl.egain.cloud ascottintl.egain.cloud *.criteo.net criteo.net *.static.criteo.net static.criteo.net *.gatag.it gatag.it *.ipinyou.com ipinyou.com *.stats.ipinyou.com stats.ipinyou.com *.youtube.com youtube.com *.toup.net toup.net *.googletraveladservices.com googletraveladservices.com *.mmtro.com mmtro.com *.affilired.com affilired.com *.hotelratematch.com hotelratematch.com *.sojern.com sojern.com *.line-scdn.net line-scdn.net *.yandex.ru yandex.ru *.dwin1.com dwin1.com *.yieldoptimizer.com yieldoptimizer.com *.awin1.com awin1.com *.veinteractive.com veinteractive.com *.ebtrk1.com ebtrk1.com *.qualitedesign.fr qualitedesign.fr *.adroll.com adroll.com *.nxtck.com nxtck.com *.tradedoubler.com tradedoubler.com *.yimg.jp yimg.jp *.123compare.me 123compare.me *.smartparity.com smartparity.com *.booklyng.com booklyng.com *.denomatic.com denomatic.com *.zenaps.com zenaps.com *.chinesean.com chinesean.com *.glopss.com glopss.com *.shareasale.com shareasale.com *.tradetracker.net tradetracker.net *.webgains.com webgains.com *.smct.co smct.co *.sp.analytics.yahoo.com sp.analytics.yahoo.com *.b91.yahoo.co.jp b91.yahoo.co.jp *.derbysoft.com derbysoft.com *.redirect.eqtracking.com redirect.eqtracking.com *.thehotelsnetwork.com thehotelsnetwork.com *.stackla.com stackla.com *.accesstrade.ne.jp accesstrade.ne.jp *.clarity.ms clarity.ms *.taboola.com taboola.com *.hybridtheory.com hybridtheory.com *.go.affec.tv go.affec.tv *.accesstrade.co.id accesstrade.co.id *.sojern.com sojern.com *.consent-pref.trustarc.com consent-pref.trustarc.com *.ailab.criteo.com ailab.criteo.com *.criteo.com criteo.com *.p.relay-t.io p.relay-t.io *.policies.google.com policies.google.com *.privacy.yahoo.co.jp privacy.yahoo.co.jp *.googleadservices.com googleadservices.com *.s.yimg.jp s.yimg.jp *.numberly.com numberly.com *.xandr.com xandr.com *.pinterest.com pinterest.com *.ir.baidu.com ir.baidu.com *.hm.baidu.com hm.baidu.com *.js.adsrvr.org js.adsrvr.org *.insight.adsrvr.org insight.adsrvr.org *.adsrvr.org adsrvr.org *.tawk.to tawk.to *.embed.tawk.to embed.tawk.to *.instagram.com instagram.com *.relay-t.io relay-t.io *.secure-relay.com secure-relay.com *.antvoice.com antvoice.com *.avads.net avads.net *.appsflyer.com appsflyer.com assets.adobedtm.com *.adobe.com adobe.com *.adobedc.net * ads.zalo.me ads.zalo.me * s.zzcdn.me s.zzcdn.me *bing.com bing.com *adroll.com adroll.com 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com 3
img-src 'self' data: https: 3
frame-ancestors 'self' http://dezshira.in/ https://www.china-briefing.com https://www.india-briefing.com https://www.vietnam-briefing.com https://www.aseanbriefing.com https://www.russia-briefing.com/ https://www.silkroadbriefing.com/ 3
frame-ancestors 'self' https://*.etracker.com 3
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 3
frame-ancestors 'self' https://*.xealth.io; 3
default-src 'self'; script-src https://cdnjs.cloudflare.com https://autosug.ebay.com https://suggestqueries.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://www.google.com https://s.flocdn.com https://*.s1search.co https://swurl.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src https://cdnjs.cloudflare.com 'unsafe-inline' 'self'; connect-src https://api.picclick.com https://www.google-analytics.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.s1search.co https://soflopxl.com https://swurl.com 'self'; img-src *; font-src https://cdnjs.cloudflare.com data: 'self'; 3
default-src blob: data: https: 'self'; script-src blob: https: 'self' 'unsafe-eval' 'unsafe-inline'; style-src blob: https: 'self' 'unsafe-inline'; media-src blob: https: 'self'; connect-src blob: https: 'self' 'unsafe-inline' wss://*.hotjar.com 3
frame-ancestors 'self' http://*.airtable.com https://*.therapybrands.com; 3
frame-ancestors 'self' https://event.on24.com/ https://insightsoftware.highspot.com/ 3
frame-ancestors  https://*.netinfo.bg/ 3
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 3
object-src 'self'; manifest-src 'self'; worker-src 'self' blob: https://customer-t79v13gisi5h8yrx.cloudflarestream.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self'; 3
default-src 'self' 'unsafe-inline' *.clarity.ms *.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.youtube.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.egencia.com.br *.egencia.com.ph *.egencia.mx *.egencia.ro *.marketo.com *.engagio.com *.googletagmanager.com *.google.com *.cookiebot.com *.google-analytics.com *.cloudfront.net *.googleapis.com *.licdn.com *.bing.com *.facebook.net *.adnxs.com *.googleadservices.com *.doubleclick.net *.joinsherpa.io *.wistia.net *.airpr.com *.marketo.net *.zdassets.com *.zopim.com *.demandbase.com *.zoominfo.com *.expedia.com *.googleoptimize.com *.clarity.ms *.wistia.com *.pathfactory.com *.hotjar.com *.cookielaw.org *.stackadapt.com qvdt3feo.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googleapis.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.marketo.com *.joinsherpa.io cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.pathfactory.com *.hotjar.com *.stackadapt.com; img-src 'self' 'unsafe-inline' *.amazonaws.com *.cloudfront.net *.googletagmanager.com *.google.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.egencia.co.il *.gstatic.com *.expedia.com *.google-analytics.com *.linkedin.com *.adsymptotic.com *.bing.com *.doubleclick.net *.facebook.com data: *.joinsherpa.io *.joinsherpa.com *.airpr.com *.zopim.io *.zoominfo.com *.clarity.ms *.wistia.com *.wistia.net *.pathfactory.com *.hotjar.com *.cookielaw.org *.google.co.uk tags.srv.stackadapt.com; media-src 'self' *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.com *.egencia.ca *.egencia.ro *.youtube.com *.wistia.com *.vimeo.com *.zdassets.com *.cloudfront.net blob:; frame-src *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.cookiebot.com *.marketo.com *.wistia.com *.doubleclick.net *.tableau.com *.joinsherpa.io *.cs107.force.com *.builder.salesforce-communities.com *.expedia.com *.google.com *.outgrow.us *.youtube.com *.vimeo.com fast.wistia.net *.hotjar.com www.google.com *.gstatic.com; frame-ancestors 'self' egencia.lookbookhq.com egencia.pathfactory.com *.egencia.com egencia--sitestudio.eu25.force.com; child-src *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca *.cookiebot.com *.marketo.com *.wistia.com *.doubleclick.net *.tableau.com *.joinsherpa.io *.cs107.force.com *.builder.salesforce-communities.com *.expedia.com *.google.com *.outgrow.us *.youtube.com *.vimeo.com fast.wistia.net *.hotjar.com www.google.com *.gstatic.com; font-src 'self' *.amazonaws.com *.cloudfront.net fonts.gstatic.com fonts.googleapis.com *.egencia.ae *.egencia.be *.egencia.ch *.egencia.cn *.egencia.co.il *.egencia.co.in *.egencia.co.nz *.egencia.co.uk *.egencia.co.za *.egencia.com.au *.egencia.com.br *.egencia.com.hk *.egencia.com.ph *.egencia.com.sg *.egencia.com.tr *.egencia.cz *.egencia.de *.egencia.dk *.egencia.es *.egencia.eu *.egencia.fi *.egencia.fr *.egencia.ie *.egencia.it *.egencia.mx *.egencia.nl *.egencia.no *.egencia.pl *.egencia.se *.egencia.ro *.egencia.com *.egencia.ca data: *.joinsherpa.io cdnjs.cloudflare.com *.pathfactory.com *.bootstrapcdn.com *.hotjar.com; connect-src 'self' *.google-analytics.com *.joinsherpa.io *.joinsherpa.com *.mktoresp.com *.zdassets.com *.zopim.com *.company-target.com wss://widget-mediator.zopim.com dpm.demdex.net *.expedia.com wss://*.iot.us-west-2.amazonaws.com *.clarity.ms *.ably.io *.ably-realtime.com  *.wistia.com *.wistia.net wss://*.ably.io *.cookiebot.com *.zoominfo.com *.pathfactory.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.cookielaw.org *.onetrust.com *.google.com *.doubleclick.net *.stackadapt.com; upgrade-insecure-requests 3
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data:; 3
form-action 'self' www.facebook.com; report-uri /_internal/security/report-csp-violation?gp-web=true; frame-ancestors 'self' 3
script-src 'unsafe-eval' 'self' blob: *.hcsctest.net *.hcsc.net 'sha256-uXvul1BzUGtLk4tj5Zg5gGJQDjBxPK2zm9gXj1WQBd4=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-roBKNtTORGqYTZrY132I7LjnRPmJRBYk0vsWsfTJfi8=' 'sha256-Hu+TB+7+tbK6BX5NWGt+0M+Bq+eQTLzu4mfAdMsLwio=' 'sha256-m6IeQPb422Ecu6vAsJ4XwC+Q4Bnlo5vWz/eAbO1BMMY=' 'sha256-SPsZXjscKwSgFBbdcFRAE/GR7YyFgkl7d5tVBREd+pE=' 'sha256-SDHTnkuO02em0DcuwqvF5tDafRm8LYNMnYP+a2QMeyA=' 'sha256-oFLLqxbCZekFnkJfG4JJcqpyCzBF/l8PMUBQFcUbeZ0=' 'sha256-faXCajxRfsxc0bae7+yr2K8V6v+j+fXiAfrDzmO7g4o=' 'sha256-GvTqW2N1yqVSPv2NunuZcmhuOzJPlyqjIbTCod/tAWo=' 'sha256-DmzNnZo/dKWxeeIrc7o2Qln6ZXMz6DCUkXbQ9r/1uBM=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-uXvul1BzUGtLk4tj5Zg5gGJQDjBxPK2zm9gXj1WQBd4=' *.decibelinsight.net *.twitter.com hcsctest.net *.bcbsil.com *.bcbstx.com *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.twitter.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com, worker-src 'self' blob: 3
font-src https: data: blob:; frame-ancestors 'self' medialibrarycdn.blueyonder.com cdn.blueyonder.com by-media-library.azureedge.net blueyonder.com; img-src https: data: blob:; default-src https: data: blob: wss:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; 3
frame-ancestors 'self' groupebpce.com *.groupebpce.com; 3
default-src * https: data: 'unsafe-inline' 'unsafe-eval'; 3
font-src fonts.gstatic.com use.typekit.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com https://media.flixcar.com https://media.flixfacts.com *.oppwa.com https://cdn.cs.1worldsync.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://credomatic.compassmerchantsolutions.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://staging.ptranz.com/api/spi/Conductor https://gateway.ptranz.com/api/spi/Conductor https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.twitter.com https://service.force.com/ https://h.online-metrix.net https://www.facebook.com/ https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net *.demdex.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com/ https://www.youtube.com https://www.facebook.com/ connect.facebook.net graph.facebook.com business.facebook.com *.twitter.com https://service.force.com/ https://h.online-metrix.net https://integracion.alignetsac.com https://eu-test.oppwa.com https://preaprobados.unicomer.com/ https://lacuracaoapps.com/ https://unicomer-ecuador-guayaquil.dispatchtrack.com/ https://unicomer-ecuador-quito.dispatchtrack.com/ https://ficohsa.pixelpay.app https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://ppipe.net https://vpayment.verifika.com https://media.flixcar.com https://hp.omnitok.com/ https://front-notrack.indexado.production.pmbox.cloud https://pagostest.datafast.com.ec https://eu-test.ppipe.net https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.v1.modern-life-interactive.com https://v1.modern-life-interactive.com hn.ficoposonline.com *.cloudfront.net https://notrack.indexado.pmbox.cloud media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io https://centinelapistag.cardinalcommerce.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com https://vpos.infonet.com.py/ https://vpos.infonet.com.py:8888/ https://centinelapi.cardinalcommerce.com https://centinelapi.cardinalcommerce.com/V1/Cruise/Collect 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://www.magezon.com https://www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu https://lcoimgprod-grupounicomer.netdna-ssl.com https://cmsuat.lacuracaonline.com https://maps.gstatic.com https://maps.googleapis.com/ *.online-metrix.net https://radioshackla-uat-grupounicomer.netdna-ssl.com https://log.pinterest.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://img.youtube.com https://unicomer--c.na100.visual.force.com https://unicomer--c.vf.force.com https://unicomer.lightning.force.com https://unicomer.my.salesforce.com https://unicomer--uat.sandbox.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec *.demoup.com https://media.flixcar.com https://rt.flix360.com https://event.syndigo.cloud https://event.webcollage.net https://fonts.gstatic.com https://www.googletagmanager.com https://d3np41mctoibfu.cloudfront.net https://media.flixfacts.com https://content.syndigo.com https://s3-sa-east-1.amazonaws.com *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.ggpht.com https://cdn.cs.1worldsync.com https://files.alquimio.cloud https://fichashppervasive.blob.core.windows.net *.cc.cnetcontent.com https://mycliplister.com/ *.igodigital.com/ https://grupounicomerhelp.zendesk.com https://static.zdassets.com *.zendesk.com/ media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com * www.googleadservices.com www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-ds.com www.googletagmanager.com *.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://service.force.com https://integracion.alignetsac.com https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://eu-test.oppwa.com https://gollo.force.com https://unicomer.my.site.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://vpayment.verifika.com https://unicomer--uat.sandbox.my.site.com https://media.flixcar.com https://www.googletagmanager.com https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx *.1worldsync.com media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io unsafe-inline assets.braintreegateway.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; object-src https://h.online-metrix.net *.oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com https://image.unicomermktg.com 'self' blob: *.demoup.com *.oppwa.com https://static.zdassets.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net * www.google-analytics.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobe.io performance.typekit.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com https://maps.googleapis.com https://service.force.com/ https://log.pinterest.com https://h.online-metrix.net https://gollotienda-uat-24-grupounicomer.netdna-ssl.com https://integracion.alignetsac.com https://eu-test.oppwa.com https://eu-prod.oppwa.com https://otpbk.datafast.com.ec https://oppwa.com *.placetopay.com https://3dsacs.placetopay.com https://eu-prod.ppipe.net *.ppipe.net *.alignet.io *.3dsecure.alignet.io *.googleads.g.doubleclick.net *.tpc.googlesyndication.com *.google.com.ec *.google.com *.google.it *.m.facebook.com *.media.flixcar.com *.google.co.ke *.google.es *.assets-jpcust.jwpsrv.com *.google.com.pe *.google.se *.google.co.in *.google.com.mx *.google.com.co *.adobedc.demdex.net *.pagead2.googlesyndication.com *.pos.baidu.com *.google.co.ve *.google.com.sv *.googletagmanager.com *.acs.api.alignet.io *.x3dsacs.placetopay.com *.authentication.cardinalcommerce.com/ThreeDSecure/V2_1_0/CReq *.geoissuer.cardinalcommerce.com/DeviceFingerprintWeb/V2/Browser/RenderMethodURL *.visa.acs.alignet.io/acs-authentication-rest/authentication *.otpbk.datafast.com.ec/OTPDFValida.aspx blob: media.flixcar.com media.flixfacts.com *.flix360.io *.flix360.com media.flixsyndication.net syndication.flix360.com content.jwplatform.com assets-jpcust.jwpsrv.com ssl.p.jwpcdn.com https://d3nkfb7815bs43.cloudfront.net http://d2m3ikv8mpgiy8.cloudfront.net d3np41mctoibfu.cloudfront.net media.pointandplace.com player.pointandplace.com t.pointandplace.com intent://arvr.google.com delivery-alpha.flix360.io delivery-beta.flix360.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com https://digital-gollo.cs24.force.com https://unicomer--digital.cs24.my.salesforce.com https://c.la1-c1cs-ph2.salesforceliveagent.com/content 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
block-all-mixed-content; default-src 'self' blob:; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.googletagmanager.com cdn.cookielaw.org *.sdworx.com *.pardot.com a458c8fcc5c8447d898446e84c87217b.js.ubembed.com www.google-analytics.com assets.ubembed.com cdn.landbot.io connect.facebook.net *.clarity.ms bat.bing.com snap.licdn.com *.firebaseio.com www.googleoptimize.com *.googleapis.com https://assets.calendly.com https://web103.reachmee.com https://tracking.intentsify.io https://sc.lfeeder.com https://secure.norm0care.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://static.landbot.io https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://secure.agile-company-365.com https://cdn.leadinfo.net https://form.jotform.com https://*.hotjar.com https://optimize.google.com my.visme.co https://*.skedify.io *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://*.jotform.ms https://*.jotform.com; style-src 'self' 'report-sample' 'unsafe-inline' data: *.typekit.net fonts.googleapis.com cdn.landbot.io *.googletagmanager.com https://assets.calendly.com https://plugin.skedify.io https://*.hotjar.com https://optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: blob: *.typekit.net cdn.cookielaw.org fonts.gstatic.com www.google-analytics.com *.googleapis.com https://px.ads.linkedin.com www.linkedin.com bat.bing.com www.facebook.com p.adsymptotic.com https://*.ads.linkedin.com https://*.gstatic.com https://assets.calendly.com i.ytimg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://tr-rc.lfeeder.com https://www.googletagmanager.com https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be https://*.hotjar.com https://optimize.google.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws *.sleeknote.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.jotform.ms https://*.jotform.com https://c.clarity.ms; font-src 'self' data: fonts.googleapis.com use.typekit.net https://use.typekit.net https://fonts.gstatic.com cdn.landbot.io https://*.hotjar.com *.sleeknote.com; connect-src 'self' *.ingest.sentry.io *.typekit.net fonts.gstatic.com *.onetrust.com *.googleapis.com cdn.cookielaw.org googleads.g.doubleclick.net www.google-analytics.com analytics.google.com stats.g.doubleclick.net *.pardot.com *.landbot.io *.sdworx.com *.clarity.ms wss://*.firebaseio.com *.firebaseio.com *.analytics.google.com https://*.algolia.net https://*.algolianet.com https://*.apm.eu-west-1.aws.cloud.es.io https://cdn.linkedin.oribi.io https://idx.liadm.com https://www.facebook.com https://ldynamicspublicapi.leadforensics.com https://collector.leadinfo.net https://api.leadinfo.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://a458c8fcc5c8447d898446e84c87217b.events.ubembed.com https://bat.bing.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws cdnjs.cloudflare.com *.sleeknote.com *.visualwebsiteoptimizer.com app.vwo.com https://px.ads.linkedin.com/wa/; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; frame-src *.firebaseio.com https://*.hotjar.com https://calendly.com go.sdworx.com https://www.youtube.com https://www.youtube-nocookie.com https://trainings.sdworx.de https://datawrapper.dwcdn.net https://survey.sdworx.com https://web103.reachmee.com https://www.videoask.com https://embed.acast.com https://a458c8fcc5c8447d898446e84c87217b.pages.ubembed.com https://www.google.com https://outlook.office365.com https://www.sd.be https://optimize.google.com https://form.jotform.com https://www.facebook.com my.visme.co https://eu-submit.jotform.com/ https://*.skedify.io *.sleeknote.com onsite-subscribe.getdrip.com app.vwo.com *.visualwebsiteoptimizer.com https://iswebb.com/ https://td.doubleclick.net/; worker-src 'self' blob:; media-src 'self' https://development-q5nzhaa-wz6c625n6znns.eu-5.platformsh.site https://acceptance-yfiuy3a-wz6c625n6znns.eu-5.platformsh.site https://sdworx-country-cms.prd.reference.be; 3
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com 3
frame-ancestors 'none';  block-all-mixed-content; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-src *; img-src * data: blob:; object-src 'self'; form-action *; frame-ancestors 'self' https://captcha.gecirtnotification.com 3
upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none' 3
frame-ancestors 'self' *.mexc.me *.mexc.com *.mexceu.com *.mexc.kr *.mexc.co sensors.xiaoxiame.com *.365huo.xyz *.mexc.fm *.mexc.in *.mexc.us *.greentreeone.com *.gdiii.xyz *.mcaketech.com 3
default-src https: data: 'unsafe-eval' 'unsafe-inline' 3
default-src https: data: 'unsafe-inline' 3
default-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com blob:; connect-src *; font-src 'self' data: https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com; frame-src *; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com blob: cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://assets.infopro-insight.com https://cdn.jsdelivr.net https://cdn.mathjax.org https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://polyfill.io https://unpkg.com https://www.google.com platform.instagram.com platform.twitter.com unpkg.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; form-action *; frame-ancestors 'self' 3
object-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 3
default-src https: wss: ws: data: blob: 'self'; script-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; style-src https: 'self' https://cache.exmoney.com 'unsafe-inline'; frame-src 'self' blob: https:; object-src 'self' blob:; 3
default-src https: data: 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' https://borisfx.com/documentation/silhouette/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2022/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2022.5/;, frame-ancestors 'self' https://borisfx.com/documentation/silhouette-2023/;, frame-ancestors 'self' https://borisfx.com/documentation/optics/; 3
connect-src 'self'   https://*.friendlycaptcha.com/ https://vimeo.com https://hcaptcha.com https://apm-web.index-education.com/ https://*.hcaptcha.com ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com http://*.datatables.net;default-src 'self'  ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com;frame-ancestors 'self' ;frame-src   *.index-education.france https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.openstreetmap.org http://*.index-education.net https://*.index-education.net *.hyperplanning.fr http://*.vimeo.com https://vimeo.com https://*.vimeo.com https://www.youtube.com https://*.index-education.com http://*.index-education.com http://index-education.com https://app.mailjet.com;media-src 'self'  https://*.vimeo.com https://vimeo.com https://*.index-education.com http://*.index-education.com;object-src 'self'  *.index-education.france *.index-education.com;script-src 'self'  'unsafe-inline' 'unsafe-eval' ndx.plus *.ndx.plus  https://hcaptcha.com https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr *.licdn.com *.tiny.cloud *.adobe.com *.cloudflare.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com *.datatables.net https://*.index-education.com http://*.index-education.com http://index-education.com https://app.mailjet.com;style-src 'self'  'unsafe-inline' https://hcaptcha.com ndx.plus *.ndx.plus https://*.hcaptcha.com https://static.scelliuspaiement.labanquepostale.fr https://*.index-education.com http://*.index-education.com;font-src 'self'  ndx.plus *.ndx.plus https://*.index-education.com http://*.index-education.com *.index-education.net data:;worker-src 'self' blob: https://*.index-education.com;img-src 'self'  https://*.index-education.com ndx.plus *.ndx.plus *.linkedin.com data:; 3
frame-ancestors 'self' https://app.storyblok.com; 3
img-src data: 'self' https: blob: https://www.facebook.com https://images.prismic.io https://content-eu-central-1.knowunity.com https://content-eu-central-1.knowunity.dev https://px.ads.linkedin.com/collect; font-src 'self'; connect-src *; object-src data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://connect.facebook.net https://apis.google.com https://www.google.com https://appleid.cdn-apple.com https://js.hcaptcha.com https://analytics.tiktok.com https://sc-static.net https://js.stripe.com https://cdnjs.cloudflare.com https://apps.elfsight.com https://static.elfsight.com https://accounts.google.com/gsi/client https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.clarity.ms https://tr.snapchat.com https://www.paypal.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; style-src-elem 'self' https://accounts.google.com/gsi/style 'unsafe-inline'; script-src-elem * 'unsafe-inline' blob: 'self'; media-src https: 'self'; worker-src blob:; frame-ancestors 'self'; frame-src https://www.youtube.com https://accounts.google.com https://newassets.hcaptcha.com https://appleid.apple.com https://js.stripe.com https://www.facebook.com https://drive.google.com/ https://tr.snapchat.com https://js.stripe.com https://hooks.stripe.com https://cloudflarestream.com https://customer-8ik8x9s31pwtfi7p.cloudflarestream.com https://accounts.google.com/gsi/ https://calendly.com https://www.sandbox.paypal.com https://www.paypal.com; 3
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 3
default-src https: 'unsafe-eval' 'unsafe-inline'; worker-src blob:; object-src 'none'; frame-ancestors 'none' 3
frame-src 'self' *.youtube.com static.addtoany.com td.doubleclick.net static.addtoany.com www.google.com sidebar.bugherd.com 18.134.245.132 *.issuu.com youtube.com *.hsforms.com issuu.com; object-src 'none';base-uri 'self' 3
default-src * https: data: blob: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 3
default-src 'unsafe-inline' 'unsafe-eval' data: blob: *; 3
frame-ancestors 'self'; frame-src  *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.yourhosting.nl *.freshdesk.com *.freshchat.com demo.arcade.software *.typeform.com *.hsforms.com *.doubleclick.net yoursitehulp.nl app.vwo.com *.versio.nl 3
frame-ancestors 'self' ia.ca *.ia.ca *.inalco.com *.ia.iafg.net *.iteslive.tv iplayerbridge://* 3
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; 3
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none' ; 3
frame-ancestors 'self' https://moderncampus.lookbookhq.com https://moderncampus.pathfactory.com https://resources.moderncampus.com http://moderncampus.lookbookhq.com http://moderncampus.pathfactory.com http://resources.moderncampus.com http://*.paperflite.com https://*.paperflite.com http://*.cleverstory.io https://*.cleverstory.io; 3
default-src https: *.hotjar.com *.hotjar.io *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: *.hotjar.com *.hotjar.io *.wistia.com *.tawk.to fonts.gstatic.com data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: *.hotjar.com *.hotjar.io *.tawk.to cdn.jsdelivr.net tawk.link *.iubenda.com *.wistia.com *.wistia.net data: 'self' 'unsafe-inline' 'unsafe-eval'; script-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com *.wistia.com *.wistia.net *.tawk.to cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src https: *.litix.io *.wistia.com *.tawk.to wss://*.tawk.to *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src https: 'self' blob: *.hotjar.com *.hotjar.io *.tawk.to fast.wistia.com fast.wistia.net; style-src blob: https: 'self' *.hotjar.com *.hotjar.io *.iubenda.com fast.wistia.com *.tawk.to fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; media-src * blob: data: https: *.wistia.com *.wistia.net 'self' 'unsafe-inline' 'unsafe-eval'; 3
manifest-src 'self'; 3
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 3
default-src 'self' *.googlesyndication.com;style-src 'unsafe-inline' *.livenationinternational.com *.googleapis.com *.monetate.net *.amondo.com tagmanager.google.com platform.twitter.com use.fontawesome.com rsms.me;img-src 'self' data: *.livenationinternational.com www.lntvglobal.com *.2mdn.net *.betrad.com *.celtra.com *.doubleverify.com *.evidon.com *.facebook.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.mgr.consensu.org *.monetate.net *.ticketm.net *.tmol.co *.quantserve.com *.youtube.com *.adzip.co *.twitter.com *.tiktokcdn.com *.scdn.co *.twimg.com *.analytics.google.com *.google-analytics.com ad.doubleclick.net ads.celtra.com adservice.google.com dt.adsafeprotected.com cache-ssl.celtra.com media.ticketmaster.com media.ticketmaster.co.uk pixel.adsafeprotected.com pixel.moatads.com px.moatads.com secure.adnxs.com tagmanager.google.com track.celtra.com www.google.co.uk www.google.com www.googletagmanager.com api.permutive.com cdn.permutive.com cdn.cookielaw.org insight.adsrvr.org match.adsrvr.org fxctag.com googlesync.permutive.com t.co tr.snapchat.com b97.yahoo.co.jp appboy-images.com braze-images.com cdn.braze.eu media.amondo.com static.amondo.com secure.adnxs.com match.adsrvr.org cm.g.doubleclick.net dpm.demdex.net image2.pubmatic.com d.turn.com sync.go.sonobi.com token.rubiconproject.com match.prod.bidr.io ad.360yield.com sync.smartadserver.com sync.1rx.io u.openx.net pixel.tapad.com sync.colossusssp.com ssum-sec.casalemedia.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livenationinternational.com *.2mdn.net *.bannersnack.com *.doubleverify.com *.evidon.com *.g.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.googletagservices.com *.gstatic.com *.lytics.io *.quantcount.com *.monetate.net *.universe.com *.adzip.co *.tiktok.com *.tiktokcdn.com *.amondo.com *.ad.gt geolocation.onetrust.com cdn.cookielaw.org cdn.ampproject.org cdn.polyfill.io ad.doubleclick.net ads.celtra.com adservice.google.co.uk adservice.google.com bam.nr-data.net cache-ssl.celtra.com connect.facebook.net evidon.mgr.consensu.org js-agent.newrelic.com pixel.adsafeprotected.com secure.adnxs.com secure.quantserve.com static.adsafeprotected.com tagmanager.google.com widget.ticketmaster.eu www.google-analytics.com www.googletagmanager.com z.moatads.com api.permutive.com cdn.permutive.com www.instagram.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com secure.wufoo.com static.ads-twitter.com js.adsrvr.org fxctag.com sc-static.net tag.lexer.io www.googleadservices.com s.yimg.jp b92.yahoo.co.jp js.appboycdn.com tag.durationmedia.net be.durationmedia.net stage-be.durationmedia.net stage-tag.durationmedia.net tpc.googlesyndication.com securepubads.g.doubleclick.net googleads.g.doubleclick.net pagead2.googlesyndication.com safeframe.googlesyndication.com cdn.confiant-integrations.net rumcdn.geoedge.be tr.snapchat.com id.hadron.ad.gt ad.gt cdn.hadronid.net;connect-src 'self' *.be.durationmedia.net *.doubleverify.com *.evidon.com *.g.doubleclick.net *.googleapis.com *.googlesyndication.com *.permutive.com *.tmol.co *.tmol.io *.prmutv.co *.analytics.google.com *.google-analytics.com *.amondo.com *.ad.gt be.durationmedia.net geolocation.onetrust.com cdn.cookielaw.org privacyportal.onetrust.com csi.gstatic.com vendorlist.consensu.org widget.ticketmaster.eu www.googletagmanager.com track.celtra.com analytics.google.com analytics.tiktok.com ib.adnxs.com www.google.com sdk.iad-05.braze.com durationmedia-d.openx.net rtb.openx.net u.openx.net js-sec.indexww.com dsum.casalemedia.com htlb.casalemedia.com ssp.theadx.com bid.contextweb.com bh.contextweb.com t.pubmatic.com hbopenbid.pubmatic.com ads.pubmatic.com image8.pubmatic.com ads.servenobid.com public.servenobid.com sync.1rx.io ap.lijit.com sync.adkernel.com id.hadron.ad.gt ad.gt cdn.hadronid.net adservice.google.com www.ticketmaster.co.uk www.ticketmaster.co.nz www.ticketmaster.com.au www.ticketmaster.de tr.snapchat.com;font-src *.livenationinternational.com fonts.gstatic.com widget.ticketmaster.eu use.fontawesome.com rsms.me static.amondo.com s3-res.amondo.com;frame-src *.2mdn.net *.bannersnack.com *.doubleverify.com *.dvtps.com *.evidon.com *.facebook.com *.fls.doubleclick.net *.googlesyndication.com *.googletagservices.com *.jebbit.com *.monetate.net *.ticketmaster.co.uk *.twitch.tv *.bilibili.com *.player.vimeo.com *.soundcloud.com *.instagram.com *.twitter.com *.spotify.com *.tiktok.com *.tiktokcdn.com *.youtube.com *.youtu.be cookies.onetrust.mgr.consensu.org music.163.com player.vimeo.com secureframe.doubleclick.net terriverhoeven.wufoo.com universe.queue-it.net v.qq.com www.google.com www.universe.com insight.adsrvr.org tr.snapchat.com static.amondo.com rsms.me td.doubleclick.net;media-src www.lntvglobal.com *.livenationinternational.com *.amondo.com;worker-src 'self' blob: 3
default-src https: 'unsafe-inline' 'unsafe-eval'; 3
default-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com fonts.static.com www.google-analytics.com; 3
default-src 'self' 'unsafe-inline'  https://download-video.akamaized.net https://vod-progressive.akamaized.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://www.talkable.com https://pm.w55c.net https://*.marketingcloudapis.com https://*.smartgiftit.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://player.vimeo.com https://*.cloudfront.net https://*.adyen.com https://*.cquotient.com https://cdn.builder.io https://*.yottaa.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://dev.movado.com https://id5-sync.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn.cookielaw.org https://cdn-swell-assets.yotpo.com; connect-src 'self' https://analytics.pangle-ads.com https://evt-eu.klarnaservices.com wss://*.inside-graph.com https://mvmt.7eer.net https://test.adyen.com/hpp/skipDetails wss://input.noibu.com https://www.facebook.com https://pubsub.googleapis.com https://*.noibu.com https://*.adyen.com https://www.talkable.com https://js.klarna.com https://api.cooladata.com https://*.inside-graph.com https://media.istockphoto.com https://*.appspot.com https://*.google.com.pk https://movado-item.smartgift-uat.net https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.tiktok.com https://*.marketingcloudapis.com https://*.fedex.com https://*.pulseidconnect.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://google.com https://cdn.acsbapp.com https://*.riskified.com https://*.onetrust.com https://api.honeybadger.io https://*.joinclyde.com https://*.equalweb.com https://*.criteo.com https://*.eum-appdynamics.com https://*.luckyorange.com wss://visitors.live wss://*.visitors.live https://*.amazonaws.com https://trail.grin.co https://static-na.payments-amazon.com https://maps.googleapis.com https://*.amazon.com  https://*.doubleclick.net https://*.pinterest.com https://*.yotpo.com https://*.taboola.com https://*.quantcount.com https://s.yimg.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.snapchat.com https://*.bing.com https://*.cloudfront.net https://*.google-analytics.com https://d1lu3pmaz2ilpx.cloudfront.net https://www.cloudflare.com https://cdn.cookielaw.org https://*.luckyorange.net https://*.cquotient.com https://*.builder.io https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.affirm.com https://*.yottaa.net https://*.listrakbi.com https://bl.listrakbi.com https://*.google.com https://google.com/pay https://evt-na.klarnaservices.com; img-src 'self' 'unsafe-inline' data: blob: https://*.facebook.com https://cfvod.kaltura.com https://beta.pulseidconnect.com https://dsp.adfarm1.adition.com https://movado.pulseidconnect.com https://c1.adform.net https://image8.pubmatic.com https://connect.facebook.net https://pixel.tapad.com https://sync.srv.stackadapt.com https://cdn-assets.affirm.com https://rtb.openx.net https://saas2.pulseidconnect.com https://id5-sync.com https://www.google.nl https://matching.ivitrack.com https://*.thebrighttag.com https://*.yieldlab.net https://cm.adform.net https://www.google.co.uk https://www.google.co.in https://prregcroab.icu https://tpcs.payu.in https://pixel-sync.sitescout.com https://prreqcroab.icu https://www.ojrq.net https://www.fossil.com https://sync-tm.everesttech.net https://ad.turn.com https://ws.rqtrk.eu https://live.rezync.com https://x.dlx.addthis.com https://adgen.socdm.com https://media.istockphoto.com https://sync.ipredictive.com https://api.brandbassador.com https://www.google.com.pk https://pm.w55c.net https://jelly.mdhv.io https://adx.dable.io https://www.talkable.com https://cdn.aralego.net https://bh.contextweb.com https://cs.adingo.jp https://idsync.rlcdn.com https://sync.aralego.com https://beacon.krxd.net https://*.ibytedtos.com https://*.amazonaws.com https://*.beamimpact.com https://*.smartgiftit.com https://match.prod.bidr.io https://public-prod-dspcookiematching.dmxleo.com https://www.googleadservices.com https://*.cooladata.com https://i6.liadm.com https://aa.agkn.com https://p.rfihub.com https://b1sync.zemanta.com https://sync.crwdcntrl.net https://d.turn.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://hb.yahoo.net https://tags.bluekai.com https://1f2e7.v.fwmrm.net https://match.adsrvr.org https://dpm.demdex.net https://secure.adnxs.com https://ib.adnxs.com https://s.ad.smaato.net https://match.sharethrough.com https://trends.revcontent.com https://simage2.pubmatic.com https://sync.outbrain.com https://jadserve.postrelease.com https://exchange.mediavine.com https://i.liadm.com https://ad.360yield.com https://ads.stickyadstv.com https://r.casalemedia.com https://*.criteo.com https://visitor.omnitagjs.com https://tg.socdm.com https://*.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://*.taboola.com https://rtb-csync.smartadserver.com https://pixel.rubiconproject.com https://contextual.media.net https://partner.mediawallahscript.com https://x.bidswitch.net https://*.googleapis.com https://track.linksynergy.com https://*.cloudfront.net https://*.pinterest.com https://*.twitter.com https://t.co https://*.riskified.com https://*.gstatic.com https://*.payments-amazon.com  https://m.media-amazon.com https://pixel.quantserve.com https://www.google-analytics.com https://*.tiktok.com https://www.facebook.com https://*.quantcount.com https://www.google.com https://*.bing.com https://listen.audiohook.com https://cdn.cookielaw.org https://mediacdn.espssl.com https://logs-01.loggly.com https://www.googletagmanager.com https://*.cquotient.com https://*.yotpo.com https://cdn.builder.io https://*.shopify.com https://*.doubleclick.net https://*.listrakbi.com https://bl.listrakbi.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://pay.google.com https://id5-sync.com https://*.pointmediatracker.com https://*.inside-graph.com https://*.bidr.io https://*.imrworldwide.com; style-src 'self' 'unsafe-inline' https://*.beamimpact.com https://*.tiktok.com https://*.inside-graph.com https://*.listrakbi.com https://prreqcroab.icu https://*.googleapis.com https://*.cloudfront.net https://*.smartgiftit.com https://*.riskified.com https://*.typeform.com https://www.talkable.com https://code.jquery.com https://mediacdn.espssl.com https://*.bootstrapcdn.com https://*.klarnacdn.net https://*.yotpo.com  https://cdnjs.cloudflare.com https://*.typekit.net https://www.google.com https://*.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cquotient.com https://us-sandbox-live.inside-graph.com; base-uri 'self'; form-action 'self' https://www.facebook.com https://*.adyen.com https://*.amazon.com https://*.paypal.com/; font-src 'self' data: https://cdn.builder.io https://x.klarnacdn.net https://*.espssl.com https://*.shopify.com https://*.yotpo.com https://cdn2.smartgiftit.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com  https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net https://cdnjs.cloudflare.com; frame-src 'self' https://*.youtube.com https://www.talkable.com https://tsdtocl.com https://*.self-veri.com https://*.eshopworld.com  https://*.api.commercecloud.salesforce.com https://*.inside-graph.com https://*.typeform.com https://*.affirm.com https://tapestry.tapad.com https://criteo-partners.tremorhub.com https://ade.clmbtech.com https://ad.tpmn.co.kr https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://aa.agkn.com https://live.rezync.com https://sync.crwdcntrl.net https://*.yahoo.net https://tags.bluekai.com https://*.criteo.net https://*.joinclyde.com https://*.criteo.com https://*.appdynamics.com https://www.facebook.com https://www.surveymonkey.com https://*.pinterest.com https://platform.twitter.com https://*.snapchat.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.google.com https://*.doubleclick.net https://*.linksynergy.com https://*.listrak.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.klarna.com https://*.equalweb.com https://www.googleadservices.com https://*.igodigital.com https://secure.quantserve.com https://s.pinimg.com https://api.sb.joinclyde.com https://api.joinclyde.com https://dynamic.criteo.com https://*.cloudfront.net https://widget.us.criteo.com https://www.google.nl/pagead https://www.google.nl https://sslwidget.criteo.com https://rules.quantcount.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://cdn.noibu.com https://*.tiktok.com https://cdn.appdynamics.com https://beacon.riskified.com https://ajax.googleapis.com https://cdn.cookielaw.org/scripttemplates https://www.google-analytics.com https://init.blackcrow.ai https://*.synchronycredit.com https://www.talkable.com https://pay.google.com https://*.appdynamics.com https://www.recaptcha.net https://*.affirm.com https://*.paypalobjects.com https://*.paypal.cn https://*.paypal.com https://*.ibytedtos.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.listrak.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://*.sandbox.eshopworld.com https://account.demandware.com https://*.api.commercecloud.salesforce.com https://*.riskified.com https://*.inside-graph.com https://embed.typeform.com https://*.yotpo.com https://d.impactradius-event.com https://*.listrakbi.com https://www.gstatic.com https://*.cquotient.com https://*.usablenet.com https://static-na.payments-amazon.com https://*.googleapis.com https://*.klarnaservices.com https://*.cloudflare.com https://www.google.com https://*.yottaa.com https://www.googleoptimize.com https://*.cookielaw.org https://*.movado.com https://*.googletagmanager.com https://*.oliviaburton.com https://*.concord.com https://*.concord.ch https://*.movadocompanystore.com https://*.collect.igodigital.com https://*.adyen.com https://*.mvmt.com https://*.klarna.com;script-src-elem 'self' 'unsafe-inline' https://*.youtube.com https://cdnapisec.kaltura.com https://*.equalweb.com https://*.ibytedtos.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://conoret.com https://www.talkable.com https://static.ads-twitter.com https://*.googletagmanager.com https://*.self-veri.com https://*.evgnet.com https://*.beamimpact.com https://*.tiktok.com https://*.smartgiftit.com https://*.marketingcloudapis.com https://*.pulseidconnect.com https://*.fedex.com https://*.salesforce.com https://*.thomsonreuters.com https://account.demandware.com https://acsbapp.com https://*.riskified.com https://*.klarnaservices.com https://*.cooladata.com https://oliviaburton.usablenet.com https://*.inside-graph.com https://*.typeform.com https://*.criteo.com https://*.igodigital.com https://init.blackcrow.ai https://cdn.noibu.com https://*.usedrop.io https://widget.surveymonkey.com https://www.googleadservices.com https://*.adyen.com https://www.google-analytics.com https://*.quantcount.com https://*.snapchat.com https://*.taboola.com https://api.ipify.org https://*.twitter.com https://bat.bing.com https://s.pinimg.com https://sc-static.net https://connect.facebook.net https://s.yimg.com https://cdn.pdst.fm https://googleads.g.doubleclick.net https://secure.quantserve.com https://code.jquery.com https://api.sb.joinclyde.com https://api.joinclyde.com https://*.appdynamics.com https://movado.usablenet.com https://*.builder.io https://d.impactradius-event.com https://*.cloudfront.net https://*.rakuten.com https://*.affirm.com https://*.yotpo.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://www.gstatic.com https://cdn.cookielaw.org https://www.googleoptimize.com https://cdn.yottaa.com https://*.google.com https://*.googleapis.com https://static-na.payments-amazon.com https://mvmtwatches.usablenet.com https://*.cquotient.com https://*.listrakbi.com https://bl.listrakbi.com https://*.listrak.com https://*.typekit.net  https://*.linksynergy.com https://*.klarna.com; style-src-elem 'self' 'unsafe-inline' https://*.inside-graph.com https://*.equalweb.com https://x.klarnacdn.net https://*.beamimpact.com https://*.riskified.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://embed.typeform.com https://www.talkable.com https://*.cloudfront.net https://us-sandbox-live.inside-graph.com https://*.yotpo.com https://maxcdn.bootstrapcdn.com https://mediacdn.espssl.com https://code.jquery.com https://fonts.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.typekit.net  https://*.linksynergy.com https://*.cloudflare.com https://*.listrakbi.com https://bl.listrakbi.com https://*.smartgiftit.com; report-uri https://test.adyen.com/hpp/skipDetails https://cdn.cookielaw.org/scripttemplates https://*.googleapis.com https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://cdn-swell-assets.yotpo.com; sandbox allow-forms allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox allow-modals allow-top-navigation allow-top-navigation-by-user-activation; frame-ancestors 'self' https://test.adyen.com/hpp/skipDetails https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch https://*.cookielaw.org https://*.googleapis.com https://*.yotpo.com; worker-src blob: 'self' https://*.commercecloud.salesforce.com https://staging-na02-movado.demandware.net https://*.movado.com https://*.mvmt.com https://*.movadocompanystore.com https://*.oliviaburton.com https://*.ebel.com https://*.concord.ch; 3
default-src *;child-src * blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data: blob: 3
frame-ancestors 'self'; upgrade-insecure-requests; frame-src 'self' insight.adsrvr.org *.demdex.net consent.cookiebot.com consentcdn.cookiebot.com *.youtube.com *.infrontfinance.com; connect-src 'self' *.doubleclick.net *.google.com *.googlesyndication.com cdn.linkedin.oribi.io 633-ybp-923.mktoresp.com analytics.funnelfuel.io *.linkedin.com static1.r66net.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net; img-src 'self' *.doubleclick.net *.linkedin.com ks.b26net.com bat.bing.com *.google.com  s.videostep.com dev.day.com secure.adnxs.com *.invibes.com *.demdex.net cm.everesttech.net assets.adobedtm.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data:; script-src *.infrontfinance.com *.googleadservices.com *.infront.co munchkin.marketo.net static.r66net.com *.doubleclick.net k.r66net.com u.videostep.com *.licdn.com analytics.funnelfuel.io bat.bing.com js.adsrvr.org *.adobeaemcloud.com documentcloud.adobe.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.google-analytics.com dqm.crownpeak.com consent.cookiebot.com consentcdn.cookiebot.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net assets.adobedtm.com *.demdex.net cm.everesttech.net 'self' 'unsafe-eval' 'unsafe-inline'; 3
frame-ancestors https://*.teknikproffset.se https://pj-guiding-content.sanity.studio 'self' 3
'self' ; 3
default-src https: wss: data: 'unsafe-inline' 'unsafe-eval' 3
report-uri https://o1077175.ingest.sentry.io/api/4505885719068672/security/?sentry_key=b6aebb41fe8678c142fa73198318922f 3
frame-ancestors 'self' shopmetrics.com *.shopmetrics.com gigspot.com *.gigspot.com *.velocity.online; object-src 'self'; report-uri https://training89.shopmetrics.com/CSPEndpoint.aspx; report-to default; 3
default-src 'self' data: ; child-src 'self' blob: ; img-src * data: blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://remote.captcha.com https://hcaptcha.com https://*.hcaptcha.com blob: ; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com ; base-uri 'none' ; font-src 'self' data: ; form-action 'self' ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com blob: ; frame-ancestors 'self' ; connect-src 'self' https://xmpp.contactoffice.com https://hcaptcha.com https://*.hcaptcha.com https://blockchain.info https://api.coinlayer.com https://api.friendlycaptcha.com ; 3
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 3
frame-ancestors 'self' *.azdev.direct *.adobe.com direct.lvh.me:8080 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 3
frame-ancestors 'self' https://accept.authorize.net 3
base-uri 'self'; style-src 'self' 'unsafe-inline' https://static.popmechanic.ru https://events.nethouse.ru *.jivo.ru *.jivosite.com; img-src 'self' https://res.cloudinary.com https://www.google-analytics.com https://tr.lfeeder.com https://www.google.ru https://tr-rc.lfeeder.com https://mc.yandex.ru *.jivo.ru *.jivosite.com data: blob:; connect-src 'self' https://stats.g.doubleclick.net https://res.cloudinary.com https://www.google-analytics.com https://analytics.google.com https://mc.yandex.ru https://*.mindbox.ru https://jivo-userdata.obs.ru-moscow-1.hc.sbercloud.ru wss://*.jivosite.com wss://*.jivo.ru *.jivo.ru *.jivosite.com; form-action 'self'; frame-ancestors 'self' *.jivo.ru *.jivosite.com https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://cloudinary.com https://*.cloudinary.com; child-src https://mc.yandex.ru; frame-src 'self' *.jivo.ru *.jivosite.com https://*.youtube.com https://mc.yandex.ru https://*.facebook.com https://*.marquiz.ru https://*.mindbox.ru https://*.popmechanic.ru/ https://kinescope.io/ https://cdn-static.egoiapp2.com https://*.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://events.nethouse.ru https://cloudinary.com https://*.cloudinary.com https://go.vooozer.com https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha; block-all-mixed-content; 3
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline';img-src * 'self' data:;frame-ancestors 'self' https://www.visma.com/ online.superoffice.com apps.risevision.com desktop.visma.com asp.visma.com hlasp.visma.com es-eu-dev-api01.episerver.net;worker-src * 'self' blob:;connect-src * 'self' blob:;font-src * 'self' data:;frame-src * 'self';media-src * 'self' blob:;object-src * 'self'; 3
default-src 'self' *.wistia.com *.hotjar.com www.google.com www.google.co.in pages.wcgclinical.com www.google-analytics.com *.doubleclick.net; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.cookielaw.org www.googletagmanager.com *.marketo.com *.marker.io pages.wcgclinical.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.hotjar.com unpkg.com *.unpkg.com *.marketo.net *.cloudfront.net *.mktoresp.com www.google.com *.cdntwrk.com snap.licdn.com *.wistia.com *.wistia.net wcgclinical.staging.wpengine.com widget.yeps.io www.buzzsprout.com gstatic.com *.gstatic.com pki.goog *.pki.goog *.google.com googleapis.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com pages.wcgclinical.com *.cdntwrk.com *.wcgclinical.com *.marketo.com; object-src 'self' *.wcgclinical.com *.wcgirb.com; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.cookielaw.org *.google-analytics.com *.linkedin.oribi.io *.onetrust.com *.doubleclick.net *.marker.io *.hotjar.io *.hotjar.com *.mktoresp.com *.hotjar.io *.wistia.com *.wistia.net fg8vvsvnieiv3ej16jby.litix.io *.yeps.io embedwistia-a.akamaihd.net; font-src 'self' fast.wistia.com fonts.gstatic.com data:; frame-src 'self' *.wcgclinical.com trinitymedia.ai *.trinitymedia.ai *.marker.io *.doubleclick.net *.hotjar.com *.google.com *.wistia.net *.wistia.com *.powerbi.com *.youtube.com *.vimeo.com wcgclinical.outgrow.us *.five9.com *.marketo.com www.buzzsprout.com data:; img-src 'self' www.wcgclinical.com www.wcgirb.com *.gravatar.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.in *.cdntwrk.co *.cdntwrk.com *.wistia.net *.wistia.com *.fdanews.com via.placeholder.com wcgclinical.staging.wpengine.com embedwistia-a.akamaihd.net wcgclinical.wpengine.com px.ads.linkedin.com *.cookielaw.org data:; media-src 'self' *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com data: blob:; worker-src 'self' blob:; 3
frame-ancestors 'self' https://www.totbarcelona.cat https://totbarcelona.cat https://vadevi.elmon.cat https://vadegust.cat https://www.vadegust.cat https://monesport.cat https://www.monesport.cat https://www.catorze.cat https://catorze.cat https://balearsvadegust.cat https://www.balearsvadegust.cat https://monterrassa.cat https://monplaneta.cat https://www.la-clau.net https://www.tornaveu.cat https://tornaveu.cat https://www.elmon.cat https://mundus.cat https://vermuts.es https://vinari.cat https://totbarcelona.elmon.cat https://la-clau.net https://diarilaveu.cat https://www.diarilaveu.cat https://diarilaveu.com https://www.diarilaveu.com https://laveupv.com https://www.laveupv.com https://balearsvadevi.cat https://www.balearsvadevi.cat https://elsingular.cat https://www.elsingular.cat https://mon.cat https://www.mon.cat; 3
frame-ancestors 'self' https://*.ziggo.nl https://*.vodafone.nl https://*.vfz-services.nl https://*.prod.aws.ziggo.io https://*.acc.aws.ziggo.io https://*.dev.aws.ziggo.io https://*.hollandsnieuwe.nl https://vodafoneziggo.portal.mobilewater.nl; 3
default-src * 'unsafe-eval' 'unsafe-inline' 'unsafe-dynamic' data: filesystem: about: blob: ws: wss: 3
default-src 'self' *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 3
frame-ancestors 'self'; base-uri 'self'; object-src 'none'; 3
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self'; 3
font-src 'self' https://webfonts.14v.de; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; upgrade-insecure-requests; object-src 'none'; worker-src 'self'; media-src 'self'; connect-src 'self' https://piwik.14v.de; manifest-src 'self'; prefetch-src 'none'; img-src 'self' data: *.w3.org; frame-src 'self'; child-src 'self'; style-src 'self' 'unsafe-inline'; block-all-mixed-content; script-src 'self' https://piwik.14v.de 'unsafe-inline'; report-uri /impressum/; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' * 3
style-src 'self' 'unsafe-inline' 3
frame-ancestors 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com feed.pghub.io pandg.tapad.com ; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.clarivate.com https://*.clarivate.com https://clarivate.com https://*.nr-data.net https://static.lightning.force.com https://*.clarity.ms https://*.salesforceliveagent.com https://analytics.decisionresourcesgroup.com https://analytics.twitter.com *.turtl.co https://app.gatedcontent.com https://app.icontact.com https://assets.vidyard.com https://assistant.woorank.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.bizible.com https://cdn.cookielaw.org https://cdn.jifo.co https://cdnjs.cloudflare.com https://clarivateanalytics.my.salesforce.com https://clarivateanalytics.my.site.com https://clarivatecommunities.force.com https://preview-clarivatecommunities.cs16.force.com https://code.jquery.com https://connect.facebook.net https://derwent.com https://dev.visualwebsiteoptimizer.com https://e.infogram.com https://embed.acast.com https://googleads.g.doubleclick.net https://img06.en25.com https://j.6sc.co https://js-agent.newrelic.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://play.vidyard.com https://public.flourish.studio https://publons.com https://s786780033.t.eloqua.com https://s.infogram.com https://scholaroneideas.secure.force.com https://script.hotjar.com https://secure.eloqua.com https://snap.licdn.com https://static.addtoany.com https://static.ads-twitter.com *.criteo.net https://static.doubleclick.net https://static.hotjar.com https://unpkg.com https://widget.sndcdn.com https://www.3blmedia.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com *.criteo.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://app.vwo.com https://*.googlesyndication.com https://*.zoominfo.com https://translate.google.com https://*.googleapis.com https://*.amcharts.com; frame-ancestors 'self' *.clarivate.com *.compumark.com *.compumark.cn 3
frame-ancestors https://*.myshopify.com https://admin.shopify.com 3
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src *; 3
SAMEORIGIN 3
frame-ancestors 'self' *.futuoa.com 3
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline' 3
'self' 3
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 3
font-src *.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.transbank.cl *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.newrelic.com *.herokuapp.com *.weltpixel.com *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.google.com.ar *.instagram.com *.cdninstagram.com *.gstatic.com www.iochile.cl *.facebook.com *.newrelic.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://*.woowup.com *.herokuapp.com *.instagram.com *.facebook.net *.newrelic.com *.google.com/ onesignal.com *.onesignal.com *.avada.io player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.herokuapp.com *.newrelic.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.doubleclick.com *.doubleclick.net *.newrelic.com https://get.geojs.io *.avada.io https://*.woowup.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 3
default-src https://optimize.google.com 'self'; font-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com 'self' data:; style-src https://fonts.google.com https://fonts.gstatic.com https://optimize.google.com https://www.gstatic.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src https://static3.santander.pl https://tmlead.pl https://optimize.google.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.facebook.com https://pixel.wp.pl https://my.tealiumiq.com https://*.googleapis.com https://adservice.google.com https://googleads.g.doubleclick.net https://maps.google.com https://user-event-tracker.crazyegg.com https://static3.bzwbk.pl https://collect.tealiumiq.com https://dentsu-tracking.com https://www.google.com https://aff.sendhub.pl https://www.webankieta.pl https://bat.bing.com https://rejestr.santander.pl static.yourcx.io https://www.google.pl https://maps.gstatic.com https://bankmozliwosci.santander.pl https://px.ads.linkedin.com https://www.googletagmanager.com https://google.com https://www.google-analytics.com https://app.revhunter.tech 'self' data:; frame-src https://www.figma.com https://invis.io https://optimize.google.com https://santanderleasing.pl opinia.santander.pl https://www.webankieta.pl https://www.facebook.com https://cloud.webankieta.pl https://santandertfi.pl https://netevent.tv https://projects.invisionapp.com https://doladuj-tutaj.autopay.pl https://tutajdoladuj.blue.pl https://datacloud.tealiumiq.com https://fundusze.santandertfi.pl https://a25315130017.cdn.optimizely.com *.doubleclick.net https://bank.santander.pl https://partner-it.com.pl https://www.youtube.com 'self'; script-src https://library.startquestion.com https://santanderleasing.pl https://optimize.google.com https://www.googleadservices.com https://stats.g.doubleclick.net https://pixel.wp.pl https://unpkg.com https://maps.googleapis.com https://santandertfi.pl https://my.tealiumiq.com https://static.site24x7rum.com https://app.startquestion.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://cdn.optimizely.com https://maps.google.com https://code.jquery.com https://www.gstatic.com https://www.youtube.com https://www.google.com https://connect.facebook.net https://www.googleoptimize.com https://analytics.tiktok.com https://tags.tiqcdn.com https://s.ytimg.com https://files.startquestion.com https://cloud.webankieta.pl https://snap.licdn.com https://bat.bing.com static.yourcx.io https://omnibot.santander.pl https://maps.gstatic.com https://santander-prod.stanusch.com https://fundusze.santandertfi.pl https://www.googletagmanager.com https://www.google-analytics.com https://files.webankieta.pl 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src https://aplikacje-pfrportal.pl https://analytics.tiktok.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.facebook.com https://my.tealiumiq.com https://maps.googleapis.com https://bat.bing.com https://adservice.google.com https://omnibot.santander.pl https://app.startquestion.com https://col.site24x7rum.com https://region1.analytics.google.com cf.santander.pl https://santander-prod.stanusch.com https://collect.tealiumiq.com https://www.google-analytics.com https://logx.optimizely.com https://www.startquestion.com https://errors.client.optimizely.com 'self' 3
object-src data: 'unsafe-eval' 3
img-src * data: blob:;base-uri 'self';worker-src 'self' blob:;manifest-src 'self';frame-src 'self' data: 3
base-uri 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' https: data: feed.pghub.io pandg.tapad.com ; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://www.youtube-nocookie.com https://consumersupport.pg.com https://*.google.com www.google-analytics.com https://*.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sbo.top *.sbobet.com *.sbobetex.com *.youtube.com *.ytimg.com *.cloudfront.net optimize.google.com *.google-analytics.com *.hotjar.com *.googletagmanager.com *.googleapis.com *.cdnnetworks.net *.edgecasts.net *.fasttrackcdn.net *.cdnrocket.net  *.speedysurfcdn.net *.cloudswiftcdn.net *.globalwavecdn.net *.acceleracloud.net *.quickroutecdn.net *.lightningspeedcdn.net *.stormshieldcdn.net *.rapidflarecdn.net *.velocitystream.net *.nexusaccelerate.net *.pacificrouter.com *.cdnhealthcare.net *.traveladventurescdn.net *.purseno.com *.syndication.twimg.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.gstatic.com *.geetest.com avplayer-cdn.sportradar.com *.userleap.com *.akamaized.net http://*.sbobet.com; worker-src 'self' blob:; report-uri https://csp.trackittk.net/z/7046ef45-99d6-447d-9ac3-6d42ae2a70fa https://csp.trackittk.net/z/44e4f334-51c5-4cdb-b5e0-b33b1ec85c9d 3
default-src 'self' *.noibu.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src 'self' api.addressy.com data: bat.bing.com *.onetrust.com cookies-data.onetrust.io cdn.cookielaw.org *.browser-intake-datadoghq.eu *.mcangelus.com *.mapbox.com *.google.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net res.cloudinary.com *.contentsquare.net *.facebook.com ct.pinterest.com rd.livesupportserver.de *.uk.auth0.com *.eu.auth0.com *.abtasty.com *.feefo.com *.noibu.com wss://*.noibu.com vc-service.saleago.com *.salesmanago.pl the.sciencebehindecommerce.com *.wepowerconnections.com sgtm.eurocamp.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mcangelus.com *.googletagmanager.com cdn.cookielaw.org media-library.cloudinary.com *.google-analytics.com *.google.com *.teads.tv bat.bing.com *.gstatic.com *.contentsquare.net *.trustpilot.com *.abtasty.com *.googleapis.com *.feefo.com dwin1.com *.awin1.com *.zenaps.com the.sciencebehindecommerce.com; script-src-elem 'self' 'unsafe-inline' wss: app.storyblok.com *.salesmanago.pl *.g.doubleclick.net *.doubleclick.net cdn.cookielaw.org *.googletagmanager.com *.google.com *.gstatic.com bat.bing.com p.teads.tv connect.facebook.net *.adalyser.com *.contentsquare.net tag.rmp.rakuten.com *.widgets.webengage.com c.webengage.com wsdk-files.webengage.com s.pinimg.com *.mcangelus.com *.google-analytics.com *.liveperson.net *.lpsnmedia.net *.googlesyndication.com rd.livesupportserver.de *.dwin1.com *.cleverpush.com inteliwise-client.s3-eu-west-1.amazonaws.com cdn.inteliwise.com *.app.inteliwi.se *.googleadservices.com *.trustpilot.com *.noibu.com *.realytics.io *.realytics.net *.teads.tv *.abtasty.com sslwidget.criteo.com *.feefo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.abtasty.com *.gstatic.com; frame-src 'self' https://* *.awin1.com *.zenaps.com; media-src 'self' res.cloudinary.com *.feefo.com *.vzaar.com; img-src 'self' res.cloudinary.com *.abtasty.com *.amazonaws.com *.feefo.com *.vzaar.com *.awin1.com *.zenaps.com blob: data: https:; font-src 'self' *.abtasty.com *.gstatic.com *.googleapis.com cdn.honey.io; frame-ancestors 'self' app.storyblok.com 3
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 3
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; object-src *; style-src * 'unsafe-inline'; img-src * data:;frame-src *;font-src * data:;connect-src * blob:;media-src * blob:;worker-src * blob:; 3
default-src  'self' https://*.dcube.cloud/ ;  script-src  'self'  'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag blob:  https://assets.dcube.cloud  https://*.wogaa.sg  https://assets.adobedtm.com  https://www.google-analytics.com  https://cdnjs.cloudflare.com  https://va.ecitizen.gov.sg  https://*.cloudfront.net  https://printjs-4de6.kxcdn.com  https://unpkg.com  https://unpkg.com/web-vitals https://wogadobeanalytics.sc.omtrdc.net  https://connect.facebook.net  https://graph.facebook.com  https://facebook.com  https://www.facebook.com  https://*.googletagmanager.com https://*.licdn.com  https://webchat.vica.gov.sg  https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ;  object-src  'self' ;  style-src  'self'  'unsafe-inline' https://fonts.googleapis.com/  https://*.cloudfront.net  https://va.ecitizen.gov.sg  https://*.wogaa.sg  https://cdnjs.cloudflare.com  https://datagovsg.github.io  https://webchat.vica.gov.sg  https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ;  img-src  * ;  media-src  * ;  frame-src  https://form.gov.sg/  https://wogaa.demdex.net/  https://*.youtube.com  https://*.youtube-nocookie.com  https://*.vimeo.com  https://vimeo.com https://www.google.com  https://checkfirst.gov.sg  https://www.checkfirst.gov.sg  https://docs.google.com  https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ;  frame-ancestors  'none' ;  font-src  *  data: ;  connect-src  'self'  https://dpm.demdex.net  https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com  https://stats.g.doubleclick.net  https://*.wogaa.sg  https://va.ecitizen.gov.sg  https://ifaqs.flexanswer.com  https://*.cloudfront.net  https://fonts.googleapis.com  https://cdnjs.cloudflare.com  https://wogadobeanalytics.sc.omtrdc.net  https://data.gov.sg  https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://authmiddleware.ap.sabio.cloud https://1v7dzgzjkk-1.algolianet.com/ ; 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 3
frame-ancestors 'self' *.storyblok.com; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' 'unsafe-hashes'; font-src * data: blob: 'unsafe-inline'; 3
frame-ancestors 'none'; default-src 'none'; script-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com https://cdn.ckeditor.com https://use.fontawesome.com https://cdn.jsdelivr.net 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.ckeditor.com; connect-src self * blob: https://*.connectiverx.com data: gap:; img-src * self 'unsafe-inline' blob: data: gap:; frame-src * self blob: data: gap:; worker-src blob: data: gap: 3
default-src 'unsafe-inline' 'unsafe-eval' data: blob: https: wss:; frame-ancestors 'self' 3
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *; style-src 'unsafe-inline' *; img-src 'self' data: *; connect-src *; frame-src 'self' *; font-src data: *; media-src *; worker-src 'self' blob: *; 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; 3
default-src https:; script-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src 'self' data: blob: filesystem: https: http: 'unsafe-inline'; worker-src 'self' blob: 3
connect-src 'self' at-cdn14.streamdiver.com https://verbund.matomo.cloud https://cdn.matomo.cloud/; font-src websitestoragedia.blob.core.windows.net; frame-src base.streamdiver.com 'self'; media-src 'self' data: blob: *;; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://verbund.matomo.cloud https://cdn.matomo.cloud/; style-src 'self' 'unsafe-inline'; default-src 'self'; img-src 'self' https://verbund.matomo.cloud https://cdn.matomo.cloud/ 3
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' 3
default-src * 'unsafe-inline' 'unsafe-eval' data: 3
default-src * blob: data: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors *; upgrade-insecure-requests; object-src 'none' 3
frame-ancestors 'self' http://duravit.com https://dna.duravit.com http://staffbase.com capacitor://duravit.com capacitor://staffbase.com localhost:*; 3
frame-ancestors 'self' http://*.elsevier.es/ 3
frame-ancestors 'self' pmt.honeywell.com ppe.sps.honeywell.com; 3
frame-ancestors 'self' *; 3
frame-ancestors 'self' https://drivmp--fullcopy.lightning.force.com https://drivmp--fullcopy.my.salesforce.com https://drivmp--fullcopy--c.visualforce.com https://drivmp.lightning.force.com https://drivmp.my.salesforce.com https://drivmp--c.visualforce.com https://drivmp--fullcopy.sandbox.lightning.force.com https://drivmp--fullcopy.sandbox.my.salesforce.com https://drivmp--fullcopy--c.sandbox.visualforce.com https://drivmp--fullcopy--c.sandbox.vf.force.com https://drivmp--c.vf.force.com 3
frame-ancestors 'self' weleda.sabio.de 3
frame-ancestors http://*.timeout.com https://*.timeout.com 'self' 3
... 3
frame-ancestors 'self' https://mcnk64xr71xx8t-v1mr4dcx1zk84.pub.sfmc-content.com 3
default-src 'self'; connect-src *; font-src 'self' data:; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 3
upgrade-insecure-requests; base-uri 'none'; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com wss://*.zohopublic.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; media-src 'self' blob: data: https:; 3
frame-ancestors https://app.pendo.io; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io;  font-src 'self' https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io  https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; frame-src 'self' https://app.pendo.io; worker-src 'self' 3
upgrade-insecure-requests; base-uri 'self'; 3
default-src 'self' blob:; img-src 'self' 'unsafe-eval' data: blob: stats.g.doubleclick.net *.trbo.com *.gstatic.com *.google.de *.google.com img.youtube.com *.eu-central-1.amazonaws.com *.bing.com *.clarity.ms photoservice.cloud *.google-analytics.com *.cdninstagram.com *.saal-digital.net *.saal-digital.com *.saal-digital.de *.photo-portal.shop http://localhost:60101 *.googleusercontent.com *.paypal.com *.paypalobjects.com *.hotjar.com *.facebook.com *.ytimg.com *.cookiepro.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.trbo.com *.saal-digital.net *.photo-portal.shop *.clarity.ms *.bing.com *.hotjar.com connect.facebook.net blob: *.cookiepro.com s3.eu-central-1.amazonaws.com photoservice.cloud *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.google.com *.paypalobjects.com *.paypal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.eu-central-1.amazonaws.com *.eu-central-1.amazonaws.com photoservice.cloud *.cookiepro.com fonts.googleapis.com *.hotjar.com *.saal-digital.net; font-src 'self' *.eu-central-1.amazonaws.com photoservice.cloud oam-software.com om.ssw-software.com *.gstatic.com *.paypalobjects.com *.hotjar.com; connect-src 'self' data: blob: *.dropboxapi.com *.eu-central-1.amazonaws.com photoservice.cloud *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.cookiepro.com *.googleusercontent.com http://localhost:60139 http://localhost:60600 http://localhost:60111 http://localhost:60101 http://localhost:49860 *.saal-digital.net *.photo-portal.shop *.saal-digital.net *.amazoncognito.com *.paypal.com *.clarity.ms c.bing.com *.hotjar.com *.hotjar.io wss://*.hotjar.com; frame-src *; object-src 'none'; 3
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 3
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; img-src 'self' data: https:; style-src 'self' https: 'unsafe-inline'; base-uri 'self'; form-action 'self' https:; worker-src 'self' https:; frame-src 'self' https: 3
frame-ancestors 'self' *.casinomodule.com *.playngonetwork.com *.comeoncasino.com; 3
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://statistikk.fnsp.no/ https://web-sdk-eu.aptrinsic.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ https://cdn.tiny.cloud https://www.cdisol.blog https://js.monitor.azure.com; object-src 'none'; manifest-src https://www.cdisol.blog; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/ https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net/ https://www.cdisol.blog; font-src 'self' data: https://fonts.gstatic.com/ https://dhm5hy2vn8l0l.cloudfront.net/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/; img-src 'self' data: https://*.nhn.no https://www.fnsp.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no https://sp.tinymce.com; media-src 'self' https://*.nhn.no https://www.ahus.no/ https://ahus.no https://www.betanienhospital.no/ https://betanienhospital.no/ https://www.betaniensykehus.no https://betaniensykehus.no https://www.diakonhjemmetsykehus.no https://diakonhjemmetsykehus.no https://fellesinnhold.hn.nhn.no/ https://www.finnmarkssykehuset.no https://finnmarkssykehuset.no https://www.haraldsplass.no/ https://haraldsplass.no/ https://www.hsr.as https://hsr.as https://www.helgelandssykehuset.no https://helgelandssykehuset.no https://www.helse-bergen.no https://helse-bergen.no https://www.helse-fonna.no https://helse-fonna.no https://www.helse-forde.no https://helse-forde.no https://www.helse-midt.no https://helse-midt.no https://www.helse-mr.no https://helse-mr.no https://www.helsenordikt.no https://helsenordikt.no https://www.helse-nord.no https://helse-nord.no https://www.hnt.no https://hnt.no https://www.helse-sorost.no https://helse-sorost.no https://www.helse-stavanger.no https://helse-stavanger.no https://www.helse-vest-ikt.no https://helse-vest-ikt.no https://www.helse-vest.no https://helse-vest.no https://www.helseplattformen.no https://helseplattformen.no https://www.hdo.no/ https://hdo.no/ https://www.hemit.no https://hemit.no https://www.lovisenbergsykehus.no https://lovisenbergsykehus.no https://www.luftambulanse.no https://luftambulanse.no https://www.martinahansen.no/ https://martinahansen.no/ https://www.jdps.no/ https://jdps.no/ https://www.olaviken.no https://olaviken.no https://www.nordlandssykehuset.no https://nordlandssykehuset.no https://www.nortrials.no/ https://nortrials.no/ https://www.nyemetoder.no/ https://nyemetoder.no/ https://www.oslo-universitetssykehus.no https://oslo-universitetssykehus.no https://www.pasientreiser.no https://pasientreiser.no https://www.revmatismesykehuset.no/ https://revmatismesykehuset.no/ https://www.saman.no https://saman.no https://www.sjukehusapoteka-vest.no https://sjukehusapoteka-vest.no https://www.solli.no https://solli.no https://www.sshf.no/ https://sshf.no/ https://sthf.no https://www.sthf.no https://www.spesialisthelsetjenesten.no https://spesialisthelsetjenesten.no https://www.stolav.no https://stolav.no https://www.sunnaas.no/ https://sunnaas.no/ https://www.sykehusapotekene.no https://sykehusapotekene.no https://www.sykehusapotek-nord.no https://sykehusapotek-nord.no https://www.sykehusapoteket.no https://sykehusapoteket.no https://www.sykehusbygg.no https://sykehusbygg.no https://www.sykehuset-ostfold.no https://sykehuset-ostfold.no https://siv.no/ https://www.siv.no/ https://www.sykehuset-innlandet.no https://sykehuset-innlandet.no https://www.sykehusinnkjop.no https://sykehusinnkjop.no https://www.sykehuspartner.no https://sykehuspartner.no https://www.unn.no https://unn.no https://www.vestreviken.no https://vestreviken.no https://bjorkeli.no https://www.bjorkeli.no; connect-src 'self' https://esp-eu.aptrinsic.com/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://pui.episerver.net/ https://dc.services.visualstudio.com/; frame-src 'self' https://dashboard.find.episerver.net/ https://uib.cloud.panopto.eu/ https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://vimeo.com/ https://youtu.be/ https://medfilm.se/ https://film.oslo-universitetssykehus.no/ https://ntnu.cloud.panopto.eu/ https://open.spotify.com/ https://podcasts.apple.com https://ekstranett.helse-midt.no/ https://app-fnsp-matomo-analytics-prod.azurewebsites.net/ https://fellesinnhold.fnsp.nhn.no https://fnsp.fnsp.nhn.no https://www.fnsp.no https://navikt.github.io https://acast.com/ https://www.acast.com/ https://hf02.totaldata.no/ https://players.brightcove.net/ https://*.fnsp.nhn.no; frame-ancestors 'self'; 3
Content-Security-Policy-Report-Only 3
frame-ancestors 'self' *.11freunde.de *; 3
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: filesystem: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 3
frame-ancestors cms.vistry.co.uk devcms.vistry.co.uk uatcms.vistry.co.uk 3
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stockholm *.stockholm.se *.usabilla.com *.imbox.io static.mediaflowpro.com *.inviewer.se https://bygglov-stockholm.humany.net/stadens-grafiska-profil/embed.js https://bygglov-stockholm.humany.net/stadens-grafiska-profil/widgets.js *.piwik.pro https://dl.episerver.net/; img-src data: 'self' *.stockholm *.stockholm.se *.cloudfront.net *.usabilla.com *.inviewer.se https://static.mediaflowpro.com https://bygglov-stockholm.humany.net https://humany.blob.core.windows.net/bygglov-stockholm/ *.piwik.pro https://dl.episerver.net/ blob:; style-src 'self' 'unsafe-inline' *.stockholm *.stockholm.se *.cloudfront.net https://fonts.googleapis.com static.mediaflowpro.com https://bygglov-stockholm.humany.net/stadens-grafiska-profil/widgets.css https://bygglov-stockholm.humany.net/ClientLibraries/Supplementary/font-awesome-4.7.0/css/font-awesome.min.css *.piwik.pro https://dl.episerver.net; connect-src 'self' *.stockholm *.stockholm.se https://api.usabilla.com/v2/f/24517d6aaae6 https://bygglov-stockholm.humany.net/testboten/conversations *.piwik.pro https://dservices-eu1.arcgis.com/81H0sgjoIWj6WxIM/arcgis/services/ https://gis.miljo.stockholm.se/server/services/Bilpooler_Stockholm_Stad/MapServer/WMSServer; font-src *.stockholm *.stockholm.se https://fonts.gstatic.com static.mediaflowpro.com https://bygglov-stockholm.humany.net/ClientLibraries/Supplementary/ https://dl.episerver.net; frame-src *.stockholm.se play.mediaflowpro.com play.mediaflow.com *.imbox.io ; frame-ancestors 'self' https://eu.opencitiesplanner.bentley.com http://localhost:9999; base-uri 'self'; form-action 'self'; 3
default-src 'self';     style-src 'self' 'unsafe-inline' *.adyen.com/ *.teads.tv/ *.hotjar.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.adobeaemcloud.com/ *.hotjar.io/ *.visualstudio.com/ *.bootstrapcdn.com/ *.briteverify.com/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.force.com/ *.google.com/ *.googleapis.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.mopinion.com/ *.myfonts.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.zencdn.net/;     script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js-agent.newrelic.com/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.addthisedge.com/ *.adobedtm.com/ *.ads-twitter.com/ *.adyen.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.chargebee.com/ *.commander1.com/ *.constant.co/ *.danone-dtc.net/ *.digital4danone.com/ *.doubleclick.net/ *.everestjs.net/ *.facebook.net/ *.force.com/ *.gbqofs.com/ *.gigya.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.googleadservices.com/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.monitor.azure.com/ *.mopinion.com/ *.onetrust.com/ *.outbrain.com/ *.pinterest.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.salesforce.com/ *.salesforceliveagent.com/ *.scene7.com/ *.sharethis.com *.tagcommander.com/ *.teads.tv/ *.theadex.com *.trustcommander.net/ *.trustpilot.com/ *.twitter.com *.visualstudio.com/ *.ytimg.com/ ct.captcha-delivery.com http://*.hotjar.com http://*.hotjar.io http://danone.d3.sc.omtrdc.net/ https://*.hotjar.com https://*.hotjar.io https://live2support.com/ https://s.pinimg.com/ https://sc-static.net/ js.datadome.co www.youtube.com/ *.tiktok.com/ *.jsdelivr.net/;     img-src 'self' data: *.adition.com/ *.hotjar.com/ *.hotjar.io/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.visualstudio.com/ *.adnxs.com/ *.adyen.com/ *.analytics.google.com/ *.assetsadobe.com/ *.assetsadobe2.com/ *.bing.com/ *.channelsight.com/ *.commander1.com/ *.cx.atdmt.com/ *.danone-dtc.net/ *.danone.com/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.everesttech.net/ *.facebook.com/ *.google-analytics.com/ *.google.co.uk/ *.google.com/ *.google.ie/ *.googleapis.com/ *.googletagmanager.com/ *.gstatic.com/ *.hotjar.com *.hotjar.io *.live2support.com/ *.lpsnmedia.net/ *.mookie1.com/ *.omtrdc.net/ *.onetrust.com/ *.outbrain.com/ *.postcodeanywhere.co.uk/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.trustcommander.net/ *.twitter.com/ *.visualstudio.com/ *.w3.org/ *.ytimg.com/ http://danonegroup-stage.neolane.net/ http://t.co/ https://ca-live.adyen.com/ https://cscoreproweustor.blob.core.windows.net/ https://ct.pinterest.com/ https://www.google.fr/ https://www.google.nl/;     frame-src 'self' *.algolia.net/ *.algolia.io/ *.addthis.com *.adsrvr.org/ *.adyen.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.amazon-adsystem.com/ *.briteverify.com *.channelsight.com/ *.chargebee.com/ *.cloudfront.net/ *.commander1.com/ *.constant.co/ *.demdex.net/ *.doubleclick.net/ *.facebook.com/ *.flockler.com/ *.force.com/ *.gigya.com/ *.google.com/ *.googleapis.com/ *.live2support.com/ *.liveperson.net/ *.lpsnmedia.net/ *.nutridrink.com.br/onde-encontrar/ *.onetrust.com/ *.proprofs.com/ *.salesforce-sites.com/ *.scene7.com/ *.sharethis.com/ *.spotify.com/ *.tagcommander.com/ *.teads.tv/ *.theadex.com/ *.tohklom.com/ *.trustcommander.net/ *.trustpilot.com *.vimeo.com/ *.visualstudio.com/ *.youtube.com geo.captcha-delivery.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://aax-eu.amazon-adsystem.com/ https://ketchapi.co.uk/ https://tr.snapchat.com/ www.youtube.com;     connect-src 'self' https://bam.eu01.nr-data.net/ *.algolia.net/ *.algolia.io/ *.addthis.com/ *.adyen.com/ *.teads.tv/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.analytics.google.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.aptaclub.co.uk/ *.aptashop.co.uk/ *.bing.com/ *.briteverify.com/ *.candgshop.co.uk/ *.cgbabyclub.co.uk/ *.channelsight.com/ *.commercetools.com/ *.danone-dtc.net/ *.demdex.net/ *.digital4danone.com/ *.doubleclick.net/ *.facebook.com/ *.force.com/ *.gbqofs.io/ *.google-analytics.com *.google-analytics.com/ *.googleapis.com/ *.live2support.com/ *.mopinion.com/ *.omtrdc.net/ *.onetrust.com/ *.privacy.trustcommander.net/ *.salesforce-sites.com/ *.scene7.com/ *.sentry.io/ *.sharethis.com/ *.snapchat.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ api-js.datadome.co http://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.com:* https://*.hotjar.io https://api.sphere.io/ https://ct.pinterest.com/ https://lasteventf-tm.everesttech.net/ https://privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ wss://*.hotjar.com *.tiktok.com/ *.google.com/;     font-src 'self' data: *.adyen.com/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.danone-dtc.net/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.googleapis.com/ *.gstatic.com/ *.gstatic.mopinion.com/ *.live2support.com/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ http://*.hotjar.com http://*.hotjar.io https://*.hotjar.com https://*.hotjar.io https://gstatic.mopinion.com/ https://vjs.zencdn.net/ *.google.com/;     media-src 'self' *.briteverify.com/ *.channelsight.com/ *.digital4danone.com/ *.linkedin.com/ *.licdn.com/ *.teads.tv/ *.googleapis.com/ *.adobeaemcloud.com/ *.hotjar.com/ *.hotjar.io/ *.visualstudio.com/ *.lpsnmedia.net/ *.onetrust.com/ *.pinterest.com/ *.salesforce-sites.com/ *.scene7.com/ *.teads.tv/ *.visualstudio.com/ *.youtube.com/ *.google.com/ 3
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gbqofs.io *.gbqofs.com *.google.com *.googletagmanager.com *.googleadservices.com *.evidon.com *.gstatic.com *.youtube.com *.facebook.net *.google-analytics.com *.cloudfront.net *.force.com *.salesforce.com *.salesforceliveagent.com *.sessioncam.com *.doubleclick.net cdn.jsdelivr.net *.cloudflare.com js.adsrvr.org snap.licdn.com t23.intelliad.de *.usabilla.com *.fusepump.com *.adimo.co *.googlesyndication.com *.newrelic.com *.licdn.com bam.nr-data.net secure.cavy9soho.com *.amazon-adsystem.com static.ads-twitter.com static.hotjar.com ict.infinity-tracking.net script.crazyegg.com *.brand-display.com *.pricespider.com *.ktxlytics.io *.bazaarvoice.com *.tiles.mapbox.com blob: d6tizftlrpuof.cloudfront.net *.amazonaws.com cdn.hypemarks.com cdn.cookielaw.org unpkg.com apps.nestle.co.uk ndeuprpromotheuseuwesta.z6.web.core.windows.net *.teads.tv cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.googleapis.com; frame-ancestors 'self'; connect-src 'self' *.gbqofs.io *.gbqofs.com *.google.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.evidon.com *.secure.force.com *.sessioncam.com *.fusepump.com *.amazonaws.com *.googlesyndication.com *.newrelic.com *.licdn.com bam.nr-data.net *.ktxlytics.io *.mapbox.com *.pricespider.com d6tizftlrpuof.cloudfront.net *.usabilla.com cdn.linkedin.oribi.io collect.analyze.ly cdn.growthbook.io cdn.cookielaw.org apps.nestle.co.uk *.teads.tv cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.googleapis.com *.linkedin.com; report-uri /report-csp-violation 3
connect-src https://*.ospito.nl https://*.googleapis.com https://*.gstatic.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.google.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleusercontent.com https://api.thegreenwebfoundation.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; 3
default-src 'self' https: data:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; img-src 'unsafe-inline' https: data: blob:; font-src 'unsafe-inline' https: data:; media-src 'unsafe-inline' blob: https:; worker-src blob:; frame-src 'unsafe-inline' https: data:; frame-ancestors 'unsafe-inline' https: data:; 3
font-src fonts.gstatic.com use.typekit.net https://www.gstatic.com https://fonts.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com use.fontawesome.com data: 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; frame-ancestors www.paypalobjects.com 'self'; form-action https://enews.dynatrap.com/ https://enews.terro.com/ https://enews.victorpest.com/ https://enews.havahart.com/ https://enews.mosquitomagnet.com/ https://enews.perkypet.com/ https://enews.saferbrand.com/ https://enews.zarebasystems.com/ https://enews.vlink.victorpest.com/ https://enews.woodstreambrands.ca/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src api.tiles.mapbox.com widget.freshworks.com *.usablenet.com *.udev1a.net https://fonts.googleapis.com/ https://*.typekit.net/ *.adobe.com fonts.googleapis.com *.sharethis.com unsafe-inline assets.braintreegateway.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com *.gstatic.com use.fontawesome.com cdn.listrakbi.com cdn.pricespider.com 'self' 'unsafe-inline'; script-src *.pricespider.com api.tiles.mapbox.com snap.licdn.com widget.freshworks.com *.usablenet.com *.udev1a.net https://www.google.com/ https://www.gstatic.com/ https://commerce.adobedtm.com/ https://app.jazz.co/ *.marketingcloudfx.com c.amazon-adsystem.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.sharethis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com *.gstatic.com js.klevu.com *.ksearchnet.com maps.googleapis.com *.googleapis.com *.maxmind.com services.listrak.com *.listrakbi.com *.tiktok.com *.bing.com *.hotjar.com connect.facebook.net wtbevents.pricespider.com locate.pricespider.com bam.nr-data.net js-agent.newrelic.com cdn.leadmanagerfx.com agent.marketingcloudfx.com use.fontawesome.com *.truevaultcdn.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src *.cdninstagram.com *.adobe.com player.vimeo.com download-video.akamaized.net 'self' 'unsafe-inline'; img-src bat.bing.com *.google.ca *.pricespider.com px.ads.linkedin.com *.cdninstagram.com *.mapbox.com   cdnjs.cloudflare.com  polaris.truevaultcdn.com https://samples.woodstream.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.sharethis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klevu.com *.ksearchnet.com flagpedia.net maps.gstatic.com www.facebook.com *.google.com *.usablenet.com www.dynatrap.com *.listrakbi.com www.gstatic.com www.zarebasystems.com maps.googleapis.com www.woodstream.com www.woodstreampartnerportal.com www.woodstreampartnerportal.ca www.terro.com www.victorpest.com www.havahart.com www.mosquitomagnet.com www.perkypet.com www.saferbrand.com vlink.victorpest.com www.woodstreambrands.ca storage.googleapis.com mediacdn.espssl.com *.woodstreampartnerportal.com s7d2.scene7.com data: 'self' 'unsafe-inline'; frame-src www.paypalobjects.com s.amazon-adsystem.com https://a40.usablenet.com/ https://ws-nameplate-printer.netlify.app/ services.listrak.com player.flipsnack.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com *.googleapis.com *.google.com *.weltpixel.com *.usablenet.com 'self' 'unsafe-inline'; connect-src stats.g.doubleclick.net content.hotjar.io *.hotjar.com bat.bing.com wss://*.hotjar.com/ *.mapbox.com cdn.linkedin.oribi.io widget.freshworks.com vc.hotjar.io woodstream.freshdesk.com https://commerce.adobedc.net/ https://commerce.adobe.io/ https://graph.instagram.com/ 'self' https://prod-29.westus.logic.azure.com/ *.webpagefx.org https://us-central1-ws-m2-dev-migration-map.cloudfunctions.net https://instagramfeed-lvc56rmsca-uc.a.run.app *.pricespider.com *.mapbox.com   cdnjs.cloudflare.com  https://pagead2.googlesyndication.com/ https://prod-180.westus.logic.azure.com/ googleads.g.doubleclick.net js.go2sdk.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.sharethis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klevu.com *.ksearchnet.com www.gstatic.com maps.googleapis.com *.googleapis.com *.mmapiws.com *.tiktok.com recs.listrakbi.com paypal.com bam.nr-data.net *.leadmanagerfx.com *.marketingcloudfx.com *.truevaultcdn.com 'self' 'unsafe-inline'; 3
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors * 3
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 3
frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 3
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 3
default-src 'self' *.google.com *.addthis.com *.brazenconnect.com *.youtube.com *.vimeo.com *.dvidshub.net *.military.com *.cloudfront.net; img-src 'self' data: *.sharethis.com *.bing.com *.clarity.com *.clarity.ms *.linkedin.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.storeimaging.com *.ytimg.com *.vimeocdn.com *.click2apply.net *.staticflickr.com *.cloudfront.net; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.googleapis.com *.fonts.net *.cloudfront.net *.brazenconnect.com; font-src 'self' *.jsdelivr.net *.gstatic.com *.fonts.net; script-src-elem 'self' 'unsafe-inline' *.sharethis.com *.clarity.com *.clarity.ms *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com *.licdn.com *.brazenconnect.com *.addthis.com *.moatads.com *.addthisedge.com *.military.com *.cloudfront.net *.vimeo.com; connect-src 'self' *.sharethis.com *.clarity.com *.clarity.ms *.googleapis.com *.google-analytics.com *.addthis.com *.brazenconnect.com *.linkedin.com *.linkedin.oribi.io *.luckyorange.com *.luckyorange.net wss://*.live *.doubleclick.net; form-action 'self' *.gdmissionsystems.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 3
frame-ancestors 'self' meisterdrucke.com meisterdrucke.de meisterdrucke.at; 3
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: *.videoly.co *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net; connect-src 'self' *.googletagmanager.com *.igodigital.com *.maxcdn.com *.polyfill.io *.facebook.net *.facebook.com *.searchnode.io *.omnisrc.com *.bitrec.io *.google.com *.google.ee *.google.fi *.google.lv *.google.lt *.google-analytics.com *.doubleclick.net *.soundestlink.com *.nr-data.net *.esto.ee *.hotjar.io *.cookieinformation.com *.searchnode.net *.bing.com *.googleapis.com *.googleadservices.com *.issuu.com; font-src 'self' *.gstatic.com data: *.123formbuilder.com *.issuu.com *.bootstrapcdn.com; frame-src 'self' *.123formbuilder.com *.facebook.com *.cookieinformation.com *.youtube.com *.youtube-nocookie.com *.issuu.com *.videoly.net *.cookiebot.com; img-src 'self' data: kotrynagroup.lt *.kotrynagroup.lt *.babycity.lt *.babycity.lv *.babycity.ee *.kidzone.lt *.kidzone.lv *.kidzone.ee *.kidzone.fi *.toycity.lt *.toycity.lv *.zaisluplaneta.lt *.jukukeskus.ee *.toysplanet.lv *.igodigital.com *.bing.com *.facebook.com *.google-analytics.com *.google.com *.google.lt *.google.lv *.google.ee *.google.fi *.ytimg.com *.videoly.co *.adnxs.com *.reddit.com *.googleapis.com *.gstatic.com *.youtube.com *.ckeditor.com *.doubleclick.net *.kotrynagroup.com *.googleadservices.com *.googletagmanager.com *.issuu.com *.wistia.com *.wistia.net *.cookiebot.com; media-src data:; script-src 'self' 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.nr-data.net *.google.com *.google.lt *.google.lv *.google.fi *.google.ee *.igodigital.com polyfill.io *.bitrec.com *.googletagmanager.com *.facebook.net *.searchnode.io *.google-analytics.com *.doubleclick.net *.hotjar.com *.bing.com *.youtube.com omnisrc.com *.sentry-cdn.com *.soundestlink.com omnisnippet1.com *.doubleclick.net *.newrelic.com *.videoly.co *.123formbuilder.com *.esto.ee *.redditstatic.com *.cookieinformation.com *.adnxs.com *.googleapis.com *.ckeditor.com *.jsdelivr.net *.googleadservices.com *.issuu.com *.youtube-nocookie.com *.ytimg.com *.videoly.net *.cookiebot.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.123formbuilder.com *.ckeditor.com *.jsdelivr.net *.issuu.com *.bootstrapcdn.com 3
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; 3
frame-ancestors self www.voetbalshop.nl 3
frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none'; script-src 'sha256-7/fy7EjXUskn9MLHbin/b0A7LQ32mACPQ2SdNj/O/vA=' 'unsafe-inline'; require-trusted-types-for 'script'; 3
base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; font-src 'self' data: *.cloudfront.net; form-action 'self'; frame-ancestors 'self'; img-src * data:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.cloudfront.net *.usabilla.com *.getback.ch; upgrade-insecure-requests 3
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 3
default-src 'self' https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; 3
frame-ancestors 'self' *.nokia.com *.ceros.com 3
default-src 'self'; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: http: https:; font-src 'self' http: https:; connect-src 'self' http: https:; frame-src 'self' http: https: 3
form-action https: 3
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 3
img-src * blob: data:; default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 3
default-src 'self'; img-src * data: 'unsafe-inline' blob:; style-src * 'unsafe-inline' blob:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; form-action *; media-src *.readspeaker.com *.streamlock.net storage.googleapis.com scribit-pro-hosting.storage.googleapis.com scribit-pro.storage.googleapis.com app.talkjs.com 'self' blob:; frame-src *; frame-ancestors 'self'; worker-src * 'unsafe-inline' blob:; 3
img-src 'self' * blob: data:;script-src 'self' https://static.line-scdn.net;default-src 'self' https://api.line.me;frame-src 'self' *;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 3
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https:; frame-src 'self' https:; font-src 'self' https:; connect-src 'self' https: wss:; frame-ancestors 'self' 3
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 3
frame-ancestors 'self';  report-uri /log/csp-violation 3
frame-ancestors 'self' *.recia.fr *.netocentre.fr netocentre.fr *.touraine-eschool.fr *.chercan.fr colleges41.fr *.colleges41.fr e-college.indre.fr *.e-college.indre.fr  mon-e-college.loiret.fr *.mon-e-college.loiret.fr *.colleges-eureliens.fr *.nextcloud.recia.aquaray.com 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.unica.vn www.googletagmanager.com connect.facebook.net web.facebook.com www.facebook.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.gstatic.com onesignal.com tpc.googlesyndication.com webpush.vn cdnjs.cloudflare.com accounts.google.com www.google.com www.youtube.com zoom.us source.zoom.us cdn.jsdelivr.net unpkg.com npmcdn.com translate.google.com sp.zalo.me analytics.tiktok.com w.ladicdn.com salekit.io za.zdn.vn embed.tawk.to cdn.tailwindcss.com ipinfo.io *.googleapis.com apis.google.com *.edubit.vn www.wiris.net edubit.live www.pdftron.com fchat.vn cdn.fchat.vn embed.ybai.me salekit.page player.vimeo.com livechat.fpt.ai www.misa.vn a.pancake.vn api.webcake.io zigzag.vn yoga.vn; worker-src 'self' blob:; 3
script-src 'self' 'unsafe-inline' blob: *.filadd.com *.fullstory.com *.googletagmanager.com *.googleadservices.com *.amplitude.com *.facebook.com *.facebook.net sibautomation.com onesignal.com cdn.onesignal.com *.sendinblue.com *.getgist.com *.mercadopago.com *.google-analytics.com *.jsdelivr.net *.cloudfront.net *.hotjar.com *.pagar.me *.googleapis.com *.google.com *.googleoptimize.com *.doubleclick.net *.sentry.io *.tiktok.com *.clare.ai *.luckyorange.com paperform.co *.rudderlabs.com *.heapanalytics.com *.highlight.run *.highlight.io unpkg.com *.webflow.com *.elfsight.com *.elfsightcdn.com *.krip.cl *.fontawesome.com *.sharethis.com *.mxpnl.com *.website-files.com wheelofpopups.com *.wheelofpopups.com 3
default-src * blob: data:; script-src 'sha256-0EzT5rjCdQIs7Zb99eHUlAOmKUanRXRrJoqJ+VYepto=' 'sha256-5CxqAdDXlHviOy7zxeRpMobzRK/JNpLvkS+k8Zj3L3A=' 'sha256-FIBGC/wl1Qfnh2Fb5NPFHmRty7BHJdDpWW1FZ8egppI=' 'sha256-UXYprBCAtnqoL5acf14iemip/+HI+gDFh92yyXkM3XI=' 'sha256-dKn2nAtwgzaaXC8ZM58hhldxNyeuu4qrzW4H9//9YMA=' 'sha256-i9nAf5M9USb+lB7ZtayKdAWymLU1MCklCTdsyXbMgCs=' 'sha256-wjUSvXYNfPUUTPZYrn4pOEcf2ecDdjd3N9Av3GDSwZw=' 'sha256-yAAlWuem9ue55JEvxkWhcWWA1Zu0p6cgbYtDWJjsdvs=' blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp 3
script-src 'self' 'unsafe-eval' 'unsafe-inline' * 3
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com github.githubassets.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 2
child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com trackertest.org www.surveygizmo.com accounts.firefox.com www.youtube.com js.stripe.com; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com js.stripe.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com region1.google-analytics.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline'; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org images.ctfassets.net; font-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com trackertest.org www.surveygizmo.com accounts.firefox.com www.youtube.com js.stripe.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 2
frame-ancestors 'self' https://cms.w3.org/ https://cms-dev.w3.org/; upgrade-insecure-requests 2
frame-ancestors https://pam.mcafee.com 2
frame-ancestors 'self' *.wildberries.ru 2
frame-ancestors 'self' *.cnbc.com; 2
frame-ancestors 'self' https://braze.com https://*.braze.com https://braze.co.jp https://www.braze.co.jp 2
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.apple.com http://*.apple.com https://*.mzstatic.com https://*.apple-mapkit.com https://p-events-delivery.akamaized.net http://p-events-delivery.akamaized.net https://apple-events.akamaized.net https://mediaservices.cdn-apple.com http://mediaservices.cdn-apple.com https://wwdr-aws-dev.apple.com https://bricks.cdn-apple.com 2
frame-ancestors 'self' media.rakr.net; report-uri https://www.rackspace.com/report-uri/enforce 2
frame-ancestors 'self' https://*.target.com; 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src *; object-src *; child-src blob:; worker-src blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com; 2
frame-ancestors 'self' https://*.vmware.com; 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://*.shopify.com https://*.myshopify.com 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob: android-webview-video-poster:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; 2
default-src https://tpc.googlesyndication.com https://www.bol.com https://beta.bol.com ;  connect-src https://*.adyen.com https://*.akstat.io https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.mpstat.us https://*.s-bol.com https://aai.bol.com https://api.bol.com https://c.go-mpulse.net https://chat1.bol.com https://chatr.bol.com https://fbstatic-a.akamaihd.net https://firefly.bol.com https://spoor.bol.com https://suggestions.bol.com https://swa.bol.com https://txrx.bol.com https://www.bol.com https://beta.bol.com ;  font-src data: https://*.s-bol.com https://fonts.gstatic.com https://partner.bol.com https://secure.ogone.com https://www.bol.com https://beta.bol.com ;  frame-src https://*.2mdn.net https://*.adyen.com https://*.akstat.io https://*.doubleclick.net https://*.mpstat.us https://*.safeframe.googlesyndication.com https://*.youtube-nocookie.com https://chat1.bol.com https://chatr.bol.com https://info.bol.com https://platform.twitter.com https://s-static.ak.facebook.com https://secure.ogone.com https://tpc.googlesyndication.com https://www.bol.com https://www.facebook.com https://www.google.com https://beta.bol.com ;  img-src blob: data: https://*.2mdn.net https://*.adyen.com https://*.akstat.io https://*.contentstack.com https://*.contentstack.eu https://*.doubleclick.net https://*.google-analytics.com https://*.google.be https://*.google.nl https://*.krxd.net https://*.moatads.com https://*.mpstat.us https://*.s-bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://bol.com https://bol.ugc.bazaarvoice.com https://cbks0.googleapis.com https://cbks1.googleapis.com https://cdn.kobo.com https://csi.gstatic.com https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://getbook.kobo.com https://img.youtube.com https://kbimages1-a.akamaihd.net https://khms0.googleapis.com https://khms1.googleapis.com https://m.bol.com https://maps.googleapis.com https://maps.gstatic.com https://media.bol.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://photos-eu.bazaarvoice.com https://platform.twitter.com https://secure.ogone.com https://ssl.gstatic.com https://static.bol.com https://swa.bol.com https://syndication.twitter.com https://tpc.googlesyndication.com https://txrx.bol.com https://weblog.bol.com https://www.bol.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.ups.com https://beta.bol.com ;  manifest-src https://assets.s-bol.com https://static.bol.com ;  media-src blob: https://*.contentstack.com https://*.contentstack.eu https://*.kobo.com https://*.phononet.de https://*.s-bol.com https://rovimusic.rovicorp.com https://static.bol.com https://www.bol.com https://beta.bol.com ;  object-src https://www.bol.com https://beta.bol.com ;  script-src 'unsafe-eval' 'unsafe-inline' data: https://*.2mdn.net https://*.adyen.com https://*.doubleclick.net https://*.google-analytics.com https://*.krxd.net https://*.moatads.com https://*.s-bol.com https://aai.bol.com https://adservice.google.be https://adservice.google.com https://adservice.google.nl https://ajax.googleapis.com https://apis.google.com https://bol.com https://c.go-mpulse.net https://cbks0.googleapis.com https://cdn.ampproject.org https://cdn.syndication.twimg.com https://cdn.syndication.twitter.com https://chat1.bol.com https://connect.facebook.net https://ds-aksb-a.akamaihd.net https://fbstatic-a.akamaihd.net https://firefly.bol.com https://maps.googleapis.com https://maps.gstatic.com https://mts0.googleapis.com https://mts1.googleapis.com https://pagead2.googlesyndication.com https://partner.bol.com https://partner.googleadservices.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://tpc.googlesyndication.com https://translate.googleapis.com https://txrx.bol.com https://weblog.bol.com https://www.bol.com https://www.google.com https://www.googletagmanager.com https://www.googletagservices.com https://www.gstatic.com https://beta.bol.com ;  style-src 'unsafe-inline' https://*.s-bol.com https://bol.com https://fonts.googleapis.com https://partner.bol.com https://platform.twitter.com https://secure.ogone.com https://static.bol.com https://txrx.bol.com https://www.bol.com https://beta.bol.com ;  worker-src blob: https://www.bol.com https://beta.bol.com ;  frame-ancestors 'self' ; 2
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.ua  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 2
default-src 'self' *.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudinary.com *.cloudinary.com www.googletagmanager.com www.google-analytics.com *.google.com unpkg.com cdn.jsdelivr.net stackpath.bootstrapcdn.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com *.6sc.co ml314.com tags.srv.stackadapt.com *.convertexperiments.com *.infinigrow.com cdn.debugbear.com; script-src-elem 'self' 'unsafe-inline' cloudinary.com *.cloudinary.com code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com *.google.com cdn.omniconvert.com unpkg.com app-ab12.marketo.com snap.licdn.com connect.facebook.net munchkin.marketo.net consent.cookiebot.com vidassets.terminus.services googleads.g.doubleclick.net radar.cedexis.com www.googleadservices.com maps.googleapis.com *.fastcdn.co *.instapage.com *.instapagemetrics.com *.redditstatic.com *.gstatic.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com ml314.com *.6sc.co bat.bing.com static.ads-twitter.com www.clarity.ms tags.srv.stackadapt.com app.omniconvert.com web.omniconvert.com *.convertexperiments.com *.infinigrow.com ddzuuyx7zj81k.cloudfront.net dss6ntp5q2r0o.cloudfront.net cdnjs.cloudflare.com cdn.debugbear.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net unpkg.com app-ab12.marketo.com *.google.com *.cloudinary.com *.crazyegg.com *.wp.com *.driftt.com script.mocky.com *.googleoptimize.com tags.srv.stackadapt.com; img-src 'self' data: cloudinary.com *.cloudinary.com *.google.com www.google-analytics.com secure.gravatar.com match.adsrvr.org wec-assets.terminus.services wec-assets-api.terminus.services px.ads.linkedin.com *.google.ca *.facebook.com benchmark.1e100cdn.net *.cedexis-test.com cedexis.pc.cdn.bitgravity.com ptcfc.com ubiquity.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com media-akam.licdn.com *.citrix-itm-test.com ubiquity.cedexis.eu-west-1.prod.endpoints.ubiquity.aws.a2z.com direct.cedexis.us-east-1.prod.endpoints.ubiquity.aws.a2z.com a-cedexis.msedge.net 20059b.ha.azioncdn.net *.cedexis.fastlylb.net test.cedexis.gamma.endpoints.ubiquity.aws.a2z.com *.cdnvideo.ru essl-cdxs.edgekey.net direct.cedexis.ap-northeast-1.prod.endpoints.ubiquity.aws.a2z.com *.endpoints.ubiquity.aws.a2z.com level3ssl.optimicdn.com img-cedexis.mncdn.com cedexis-ssl.cdn.warpcache.net linkedin.com *.adsymptotic.com *.google.com www.googleapis.com *.gstatic.com maps.googleapis.com *.citrix.com cldmo.mo.cloudinary.net www.googletagmanager.com *.fastcdn.co *.instapage.com px4.ads.linkedin.com alb.reddit.com *.crazyegg.com *.mozilla.org *.imagecon.com script.mocky.com b.6sc.co bat.bing.com t.co analytics.twitter.com *.clarity.ms *.convertexperiments.com *.bing.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com use.typekit.net bat.bing.com t.co analytics.twitter.com *.wp.com; connect-src 'self' cloudinary.com *.cloudinary.com www.google-analytics.com *.doubleclick.net api.lever.co *.mktoresp.com *.init.cedexis-radar.net *.cedexis.com *.facebook.com a-cedexis.msedge.net *.cedexis.fastlylb.net *.netlify.app *.instapage.com *.instapagemetrics.com *.crazyegg.com script.mocky.com mocky.com *.google.com secure.adnxs.com c.6sc.co ipv6.6sc.co *.clarity.ms bat.bing.com tags.srv.stackadapt.com app.omniconvert.com *.convertexperiments.com *.linkedin.com *.cookiebot.com *.infinigrow.com data.debugbear.com; media-src 'self' cloudinary.com *.cloudinary.com blob:; worker-src 'self' blob:; frame-src stackblitz.com *.google.com jobs.lever.co app-ab12.marketo.com business.facebook.com consentcdn.cookiebot.com *.facebook.com *.cedexis-test.com cedexis.pc.cdn.bitgravity.com *.citrix-itm-test.com 20059b.ha.azioncdn.net essl-cdxs.edgekey.net *.cloudinary.com bid.g.doubleclick.net *.twitter.com cloudinary.com *.youtube.com *.driftt.com *.crazyegg.com *.wp.com; object-src 'none' 2
frame-ancestors 'self' *.vice.com vicetv.com *.vicetv.com *.viceops.net 2
frame-ancestors https://*.poki.io http://localhost:1234 2
default-src 'self' https:; frame-src 'self' https: blob:; worker-src 'self' blob: ; child-src blob: ; script-src 'self' https: 'unsafe-inline' https://vaas.acapela-group.com 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob: https://*.code.org; font-src 'self' https: data:; connect-src 'self' https: https://api.pusherapp.com wss://ws.pusherapp.com wss://*.firebaseio.com http://localhost:8080 https://curriculum.code.org/ wss://*.code.org; media-src 'self' https: data: https://*.code.org http://vaas.acapela-group.com; report-uri //code.org/https/mixed-content; frame-ancestors 'self' https://*.schoology.com http://*.disney.com http://*.diznee.net cuantrix.mx code.org studio.code.org curriculum.code.org https://*.lausd.iap.allhere.co 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com ; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://*.vnexpress.net https://vnexpress.net 2
frame-ancestors 'self' https://*.mglu.io https://*.magalu.com https://*.luizalabs.com https://*.magazineluiza.com.br; 2
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://www.argos.co.uk/logging-api/2/security 2
frame-ancestors 'self' https://*.sweb.ru https://webvisor.com  http://webvisor.com ; 2
default-src 'none'; font-src 'self'; style-src 'unsafe-inline' 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' data: https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://donorbox.org https://js.stripe.com/v3/ https://sdks.shopifycdn.com https://www.paypal.com ; img-src 'self' data: blob: https://www.google-analytics.com https://www.paypal.com https://www.paypalobjects.com https://ak2s.abmr.net https://ak1s.abmr.net https://www.google.com https://cdn.shopify.com https://v.shopify.com ; frame-src https://donorbox.org https://www.youtube.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://js.stripe.com/v3/ https://js.stripe.com/v2/ https://www.paypal.com https://outreach.abetterinternet.org ; connect-src 'self' https://d4twhgtvn0ff5.cloudfront.net/ https://letsencrypt-merch.myshopify.com https://monorail-edge.shopifysvc.com https://www.paypal.com ; 2
default-src https://*.peacocktv.com; form-action https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com; font-src 'self' data: https://*.peacocktv.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.peacocktv.com https://core.spreedly.com https://browser.sentry-cdn.com https://*.salesforceliveagent.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://*.optimizely.com https://nbcstreaming.sc.omtrdc.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://assets.adobedtm.com https://js.createsend1.com https://www.googletagmanager.com https://nbcuss.demdex.net https://jssdkcdns.mparticle.com https://www.google.com https://googleads.g.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.google-analytics.com https://t.contentsquare.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://s0.ipstatp.com https://d.impactradius-event.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com https://*.onetrust.com https://s.yimg.com https://sp.analytics.yahoo.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://s8t.teads.tv https://tr.snapchat.com https://www.paypal.com https://www.clarity.ms https://ct.pinterest.com https://*.qualtrics.com; connect-src 'self' localhost:* ws://localhost:* https://*.campaign.adobe.com https://*.peacocktv.com https://core.spreedly.com https://*.force.com https://*.salesforce.com https://*.my.salesforce.com https://*.salesforce-sites.com https://graph.facebook.com https://nbcuss.demdex.net https://identity.mparticle.com https://jssdks.mparticle.com https://createsend.com https://www.createsend.com https://www.facebook.com https://*.ott.sky.com https://sas-apm-prod.telemetry.nbcuott.com https://0d15692193ba43a8a9384fed500b3a1d.apm.us-east-1.aws.cloud.es.io https://sdk.iad-03.appboy.com https://sdk.iad-03.braze.com https://*.contentsquare.net https://*.optimizely.com https://ct.pinterest.com https://nbcstreaming.sc.omtrdc.net https://analytics.tiktok.com https://cdn.cookielaw.org https://*.onetrust.com https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr.snapchat.com https://www.google-analytics.com https://imp.i305175.net https://analytics.twitter.com https://dpm.demdex.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://*.paypal.com https://api.ipify.org https://www.redditstatic.com https://analytics.pangle-ads.com https://*.analytics.google.com https://stats.g.doubleclick.net https://tr6.snapchat.com https://*.clarity.ms https://*.qualtrics.com; img-src 'self' data: localhost:* https://peacocktv.com https://*.peacocktv.com https://t.co https://www.facebook.com https://nbcstreaming.sc.omtrdc.net https://www.google.com https://www.google.co.uk https://us-gmtdmp.mookie1.com https://www.google-analytics.com https://*.contentsquare.net https://stats.g.doubleclick.net https://s.pinimg.com https://sc-static.net https://www.redditstatic.com https://analytics.tiktok.com https://pixelb.randi.adswizz.com https://imp.i305175.net https://www.ojrq.net https://logs-01.loggly.com https://peacock.sjv.io https://d.agkn.com https://s0.ipstatp.com https://alb.reddit.com https://ct.pinterest.com https://business.topbuzz.com https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://bat.bing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://*.onetrust.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://s.yimg.com https://sp.analytics.yahoo.com https://roost.nbcuni.com https://s.amazon-adsystem.com https://c.amazon-adsystem.com https://t.teads.tv https://cm.teads.tv https://a.teads.tv https://s8t.teads.tv https://www.paypalobjects.com https://*.scene7.com https://ad.doubleclick.net https://cm.everesttech.net https://*.qualtrics.com; style-src 'self' 'unsafe-inline' https://*.peacocktv.com https://*.force.com https://*.salesforce-sites.com https://*.my.salesforce.com https://cdn.cookielaw.org https://*.onetrust.com; media-src 'self' data: blob: localhost:* https://peacocktv.com https://*.peacocktv.com https://roost.nbcuni.com; frame-src https://core.spreedly.com https://*.peacocktv.com https://nbcuss.demdex.net https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://tr.snapchat.com https://*.fls.doubleclick.net https://td.doubleclick.net https://imp.i305175.net https://bid.g.doubleclick.net https://wsdk.rokt.com https://apps.rokt.com https://js.adsrvr.org https://insight.adsrvr.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://peacockprincess22.creativezing.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://tr6.snapchat.com https://pinterest.com http://ct.pinterest.com https://match.adsrvr.org https://s.amazon-adsystem.com https://apps.rokt.com https://p.teads.tv https://a.teads.tv https://www.youtube.com https://*.paypal.com https://*.optimizely.com https://*.qualtrics.com; block-all-mixed-content; upgrade-insecure-requests; 2
frame-ancestors 'self'; object-src https://*.citrix.com https://capture.navattic.com; plugin-types application/x-shockwave-flash application/pdf 2
report-uri https://gcp.api.snapchat.com/web-reporting/report;report-to main-endpoint 2
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.teams.microsoft.us teams.microsoft.us *.teams.office.com *.skype.com outlook.office.com outlook-sdf.office.com outlook.office365.com outlook-sdf.office365.com outlook.live.com outlook-sdf.live.com 2
frame-ancestors 'self' https://yotpo--uat.sandbox.my.site.com https://partners.yotpo.com https://www.yotpo.com https://*.paperflite.com https://content.yotpo.com https://yotpo.app.workramp.com 2
frame-ancestors http://*.ccf.org https://*.ccf.org https://clevelandclinic.ungerboeck.com https://*.clevelandclinic.org http://*.clevelandclinic.org 2
default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messenger.com;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net *.messenger.com 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src http://localhost:3103 *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.messenger.com wss://*.messenger.com www.messenger.com wss://*.messenger.com:* https://*.google-analytics.com;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: https://fonts.gstatic.com;img-src *.fbcdn.net https://*.facebook.com cdninstagram.com *.cdninstagram.com data: *.fbsbx.com *.messenger.com messenger.com blob: android-webview-video-poster: *.xx.fbcdn.net https://messenger.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://*.google-analytics.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: https://*.giphy.com;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.cdninstagram.com blob: *.doubleclick.net; 2
default-src 'self' *.collegeboard.org; script-src 'self' *.collegeboard.org cdnjs.cloudflare.com sdk.amazonaws.com assets.adobedtm.com cdn.cookielaw.org bat.bing.com www.clarity.ms d.clarity.ms 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net analytics.tiktok.com cdn.heapanalytics.com widgets.getsitecontrol.com www.youtube.com *.salesforceliveagent.com pixel.admedia.com pixel.s3xified.com service.force.com s.yimg.com connect.facebook.net ajax.cloudflare.com st.getsitecontrol.com js-agent.newrelic.com bam.nr-data.net d10lpsik1i8c69.cloudfront.net s3.amazonaws.com/cdn.aimtell.com/ sc-static.net js.adsrvr.org match.adsrvr.org www.google.com client.rum.us-east-1.amazonaws.com/1.0.2/cwr.js tpc.googlesyndication.com cdn.aimtell.com static.lightning.force.com *.my.salesforce.com *.my.salesforce-sites.com apform.secure.force.com conoret.com ucads-cdn.ucweb.com www.google-analytics.com www.pagespeed-mod.com bytedance.com sp.analytics.yahoo.com static.jungroup.com trkn.us serve.uberads.com *.stackadapt.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js assets.calendly.com platform.twitter.com *.appcues.com *.appcues.net; style-src 'self' *.collegeboard.org 'unsafe-inline' service.force.com translate.googleapis.com use.fontawesome.com apform.secure.force.com  *.my.salesforce-sites.com cdn.tt.omtrdc.net/cdn/adobetarget/admin.css d10lpsik1i8c69.cloudfront.net/css/reset.css fonts.googleapis.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css *.stackadapt.com wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net fonts.googleapis.com fonts.google.com 'unsafe-inline'; img-src 'self' *.collegeboard.org data: bat.bing.com www.facebook.com www.google.com *.doubleclick.net googleads.g.doubleclick.net *.clarity.ms *.heapanalytics.com app.getsitecontrol.com *.analytics.yahoo.com *.bing.com heapanalytics.com www.googletagmanager.com www.google.co.jp www.google.ca www.googletagmanager.com www.google.co www.google.com www.google.jo translate.google.com ssl.google-analytics.com d10lpsik1i8c69.cloudfront.net adservice.google.com *.appcues.com *.appcues.net res.cloudinary.com twemoji.maxcdn.com *; frame-src 'self' *.collegeboard.org www.surveygizmo.com bid.g.doubleclick.net googleads.g.doubleclick.net service.force.com js.adsrvr.org match.adsrvr.org beacon.aimtell.com tr.snapchat.com tpc.googlesyndication.com datacloudstat.com www.facebook.com www.youtube.com ws-lmdc-app03.dhs.state.nj.us gateway.zscloud.net mozbar.moz.com s3.amazonaws.com/cdn.aimtell.com/ *.id.opendns.com lsrelay-config-production.s3.amazonaws.com pg-sasscer-ckf04.pgcps.org static.deledao.com data: schools-blocked.s3-website-us-east-1.amazonaws.com calendly.com platform.twitter.com *.appcues.com credentialfinder.org apps.credentialengine.org *.webcasts.com; frame-ancestors 'self' credentialfinder.org; font-src 'self' *.collegeboard.org themes.googleusercontent.com fonts.gstatic.com data: st.getsitecontrol.com moz-extension: use.fontawesome.com static3.avast.com at.alicdn.com cdn.loom.com/assets/fonts/ wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/es5/output/chtml/fonts/woff-v2/ fonts.gstatic.com; connect-src 'self' ws: *.collegeboard.org k625k2vrzvdo5g7ynbvtjejehi.appsync-api.us-east-1.amazonaws.com/graphql dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com/graphql cdn.cookielaw.org geolocation.onetrust.com www.facebook.com analytics.tiktok.com *.clarity.ms bat.bing.com app.getsitecontrol.com lambda.us-east-1.amazonaws.com signals.aimtell.com bam.nr-data.net settings.luckyorange.net cdn.aimtell.io log.aimtell.com s.yimg.com cognito-identity.us-east-1.amazonaws.com dataplane.rum.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com beacon.aimtell.com adservice.google.com www.google.com api.ultimateaderaser.com privacyportal.onetrust.com  adtonus.com apform.secure.force.com cdnm3.cdnservice.space/start5.json code.jquery.com gjtrack.ucweb.com/collect heapanalytics.com log.kslogs.ru/timesince plugin.ucads.ucweb.com/api rdtds.net/siblings/find stats.g.doubleclick.net www.google-analytics.com api.trongrid.io/wallet/getnodeinfo dgtkl2ep7natjmkbefhxflglie.appsync-api.us-east-1.amazonaws.com get663.com support.adcleanerpage.com tr.snapchat.com hm.baidu.com/hm.gif dgtkl2ep7natjmkbefhxflglie.appsync-realtime-api.us-east-1.amazonaws.com analytics.aimtell.com sts.us-west-2.amazonaws.com cognito-identity.us-west-2.amazonaws.com d1ktxyteejjrbw.cloudfront.net static.doubleclick.net full-apform.cs190.force.com yt3.ggpht.com cdn.mouseflow.com n2.mouseflow.com collegeboard-full.my.salesforce.com i.ytimg.com cdn.ckeditor.com *.stackadapt.com telemetry.wiris.net wiris-v7.hive-prod.collegeboard.org:80 wiris-v7.hive-nonprod.collegeboard.org:80 *.appcues.com *.appcues.net *.my.salesforce-sites.com ipapi.co 9frgh2i4b9.execute-api.us-east-1.amazonaws.com 2
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none' 2
default-src 'self' http: https: data: blob:;script-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' https: data: 'unsafe-inline';img-src 'self' https: data: blob:;media-src 'self' https: http: blob: data:;connect-src http: https: ws: wss: 2
media-src https: blob:; connect-src 'self' https: blob: wss:; child-src https: blob:; default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:; font-src https: data:; img-src https: data: blob:; 2
frame-ancestors 'self' https://afiliados.locaweb.com.br 2
script-src 100027498.collect.igodigital.com cdns.brsrvr.com servedby.flashtalking.com *.googletagservices.com *.wal.co *.samsclubresources.com *.googletagmanager.com *.google.com *.doubleclick.net bam.nr-data.net cdn.ampproject.org d1n00d49gkbray.cloudfront.net connect.facebook.net tr6.smarterhq.io *.googleadservices.com intljs.rmtag.com *.mparticle.com cdn.branch.io acdn.adnxs.com app.link *.linksynergy.com *.criteo.net *.walmart.com *.googlesyndication.com *.typekit.net gf47k2jv.micpn.com content.syndigo.com services.xg4ken.com *.criteo.com *.recaptcha.net *.samsclub.com *.googleapis.com bat.bing.com pixel.mathtag.com *.bazaarvoice.com *.microsoft.com cdn.cookielaw.org *.gstatic.com *.demdex.net salsify-ecdn.com *.brightcove.net media.flixfacts.com a.sellpoint.net *.moatads.com media.flixcar.com *.cnetcontent.com *.webcollage.net *.doubleverify.com *.perimeterx.net *.iesnare.com *.brightcove.com *.zencdn.net *.affirm.com resources.xg4ken.com *.px-cdn.net *.quantummetric.com *.arkoselabs.com *.oraclecloud.com s.pinimg.com ct.pinterest.com *.livelook.com *.flix360.io *.widget.custhelp.com *.fbot.me *.rewardstyle.com *.tiktok.com i5.walmartimages.com edge.curalate.com cdn.cs.1worldsync.com cdn.cnetcontent.com cc.cnetcontent.com cc.cs.1worldsync.com js.adsrvr.org play.eko.com storage.eko.com *.1worldsync.com *.adsafeprotected.com blob: 'self' 'unsafe-inline' 'unsafe-eval';  object-src 'none'; base-uri 'self'; report-uri  https://csp.walmart.com/c/r/sams 2
connect-src 'self' checkout.stripe.com https://checkout.stripe.com https://billing.stripe.com/session https://api.funcaptcha.com https://api.arkoselabs.com sentry.io api.github.com www.npmjs.com;default-src 'none';img-src * data: https://*.stripe.com;script-src 'self' data: 'unsafe-inline' https://checkout.stripe.com/checkout.js https://checkout.stripe.com https://js.stripe.com/v3 https://platform.twitter.com/widgets.js https://octocaptcha.com https://static-production.npmjs.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static-production.npmjs.com/;frame-src checkout.stripe.com https://checkout.stripe.com https://js.stripe.com/ https://octocaptcha.com;font-src https://fonts.gstatic.com https://static-production.npmjs.com/ ;media-src https://player.vimeo.com https://fpdl.vimeocdn.com https://gcs-vimeo.akamaized.net https://vod-progressive.akamaized.net 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.verywellhealth.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gist.github.com https://apis.google.com https://cdn.amplitude.com https://api.amplitude.com https://dev-embed.notion.co https://embed.notion.co https://static.zdassets.com https://api.smooch.io	 https://solve-widget.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://analytics.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://embed.typeform.com https://admin.typeform.com https://public.profitwell.com https://static.profitwell.com https://js.sentry-cdn.com https://js.chilipiper.com https://platform.twitter.com https://cdn.syndication.twimg.com https://accounts.google.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://pagead2.googlesyndication.com https://x.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://414-xmy-838.mktoutil.com https://info.notion.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io https://track.customer.io https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://static.hotjar.com https://script.hotjar.com https://cdn01.boxcdn.net https://cdn.sprig.com https://code.gist.build https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com;connect-src 'self' data: blob: https://msgstore.www.notion.so wss://msgstore.www.notion.so https://audioprocessor.www.notion.so wss://audioprocessor.www.notion.so ws://localhost:* ws://127.0.0.1:* https://prod-files-secure.s3.us-west-2.amazonaws.com https://notion-emojis.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com https://s3.us-west-2.amazonaws.com https://notion-production-snapshots-2.s3.us-west-2.amazonaws.com https://cdn.amplitude.com https://api.amplitude.com https://www.notion.so https://api.embed.ly https://dev-embed.notion.co https://embed.notion.co https://ekr.zdassets.com https://ekr.zendesk.com	 https://makenotion.zendesk.com	 https://api.smooch.io	 wss://api.smooch.io	 https://api.forethought.ai https://logs-01.loggly.com https://http-inputs-notion.splunkcloud.com https://cdn.segment.com https://api.segment.io https://analytics.pgncs.notion.so https://api.pgncs.notion.so https://o324374.ingest.sentry.io https://checkout.stripe.com https://js.stripe.com https://cdn.contentful.com https://preview.contentful.com https://images.ctfassets.net https://www2.profitwell.com https://tracking.chilipiper.com https://api.chilipiper.com https://api.unsplash.com https://api.giphy.com/ https://giphy-analytics.giphy.com/ https://media0.giphy.com/ https://media1.giphy.com/ https://media2.giphy.com/ https://media3.giphy.com/ https://media4.giphy.com/ https://media5.giphy.com/ https://media6.giphy.com/ https://media7.giphy.com/ https://media8.giphy.com/ https://media9.giphy.com/ https://media10.giphy.com/ https://boards-api.greenhouse.io https://accounts.google.com https://oauth2.googleapis.com https://vimeo.com https://player.vimeo.com https://youtube.com https://www.youtube.com https://www.googletagmanager.com https://analytics.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://cdn.metadata.io https://platformapi.metadata.io https://api-gw.metadata.io https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://transcend-cdn.com https://telemetry.transcend.io https://pagead2.googlesyndication.com https://google.com https://x.clearbitjs.com https://app.clearbitjs.com https://connect.facebook.net https://snap.licdn.com/ https://px.ads.linkedin.com/ https://munchkin.marketo.net https://414-xmy-838.mktoutil.com https://info.notion.com https://bat.bing.com https://s.yimg.jp https://assets.customer.io https://track.customer.io https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://js.partnerstack.com https://grsm.io https://partnerlinks.io https://analytics.tiktok.com/ https://vitals.vercel-insights.com https://va.vercel-scripts.com https://vercel.live https://www.redditstatic.com https://static.ads-twitter.com https://insights.metadata.io https://acdn.adnxs.com/dmp/up/pixie.js https://a.usbrowserspeed.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.statuspage.io https://pgncd.notion.so https://api.statsig.com https://statsigapi.net https://exp.notion.so https://file.notion.so notion://file.notion.so https://api.box.com https://*.mux.com https://api.sprig.com https://storage.googleapis.com https://cdn.sprig.com https://cdn.userleap.com https://*.api.gist.build https://*.cloud.gist.build https://api.palette.dev;font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://cdn01.boxcdn.net;img-src 'self' data: blob: https: https://images.ctfassets.net https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com https://region1.google-analytics.com https://region1.analytics.google.com https://track.customer.io https://file.notion.so notion://file.notion.so https://*.mux.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://github.githubassets.com https://js.chilipiper.com https://platform.twitter.com https://ton.twimg.com https://accounts.google.com https://transcend-cdn.com https://fonts.googleapis.com https://cdn01.boxcdn.net https://code.gist.build;frame-ancestors 'self' notion://www.notion.so;worker-src 'self' blob:;child-src 'self' blob:;media-src blob: https: http: https://file.notion.so notion://file.notion.so https://*.mux.com;frame-src https: http: https://accounts.google.com https://renderer.gist.build https://code.gist.build https://challenges.cloudflare.com 2
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com 'unsafe-inline'; script-src 'nonce-LWpC6czT6gpAhUjm6uN0s17vl3y95+Gp8QKF7NvW2LxxuTEN' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com; img-src 'self' https: data:; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' 'unsafe-inline' https://*.paypal.com https://nexus.ensighten.com https://*.go-mpulse.net https://*.akstat.io https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 2
frame-ancestors 'self' https://*.nzherald.co.nz https://*.apnnz.co.nz https://nzme.coral.coralproject.net/; 2
object-src https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com; frame-ancestors 'self' https://liveshareeast3.seismic.com https://cvent.seismic.com https://explore.cvent.com http://explore.cvent.com  https://*.speedrfp.com https://speedrfp.com https://*.elitemeetings.com https://elitemeetings.com https://*.hotelprofiler.com https://www.lanyon.com http://www.lanyon.com https://*.cvent.com http://*.cvent.com; report-uri /report-csp-violation 2
frame-ancestors https://*.mintegral.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; report-uri /report-csp-violation; upgrade-insecure-requests 2
worker-src 'self' blob: *.acer.com *.acer.com.cn *.visualwebsiteoptimizer.com https: 'unsafe-inline' 'unsafe-eval';*.visualwebsiteoptimizer.com;default-src *.acer.com *.acer.com.cn https: blob: data: 'unsafe-inline' 'unsafe-eval';object-src *;script-src *.acer.com *.acer.com.cn https: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.acer.com *.acer.com.cn;img-src * 'self' data: https:;font-src * 'self' data: https:;worker-src 'self' blob:; 2
frame-ancestors https://poshmark.lightning.force.com *.goshd.com *.goshd.ca *.poshmark.com; report-uri https://poshmark.report-uri.com/r/t/csp/enforce 2
default-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline'; script-src https://*.sprig.com *.userleap.com *.greenhouse.io 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsforms.net https://polyfill.io https://*.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.heapanalytics.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.usemessages.com https://js-na1.hs-scripts.com https://cdn.segment.com https://api.segment.io https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://snap.licdn.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://ws.zoominfo.com https://scout-cdn.salesloft.com https://googleads.g.doubleclick.net https://static.hsappstatic.net https://www.vimeo.com https://vimeo.com https://*.hsforms.com https://secure.cold5road.com/ https://*.mutinycdn.com https://*.mutinyhq.io https://ajax.googleapis.com https://*.chilipiper.com https://*.clearbitscripts.com https://*.clearbitjs.com https://*.clearbit.com https://www.google.com https://www.googleanalytics.com https://*.qualified.com https://*.website-files.com https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsfilter@1/cmsfilter.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsload@1/cmsload.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmscore@1/cmscore.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-animation@1/animation.esm.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-cmsslider@1/cmsslider.js https://cdn.jsdelivr.net/npm/@finsweet/attributes-queryparam@1/queryparam.js https://*.adroll.com https://tracking.g2crowd.com https://bat.bing.com; connect-src blob: data: 'self' https://sprig.com https://*.sprig.com *.userleap.com *.ingest.sentry.io https://api.hubspot.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.com https://*.googletagmanager.com https://*.doubleclick.net https://cdn.segment.com https://api.segment.io https://events.launchdarkly.com https://app.launchdarkly.com https://forms.hubspot.com https://rum-http-intake.logs.datadoghq.com https://ws.zoominfo.com https://scout-cdn.salesloft.com https://scout.salesloft.com https://boards-api.greenhouse.io https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.mutinycdn.com https://*.mutinyhq.io https://*.chilipiper.com https://*.mux.com https://storage.googleapis.com https://*.clearbit.com https://cdn.linkedin.oribi.io wss://ws.qualified.com https://*.website-files.com https://px.ads.linkedin.com https://forms.hscollectedforms.net https://client-registry.mutinycdn.com https://api-v2.mutinyhq.io https://bat.bing.com https://clientstream.launchdarkly.com; img-src https://*.sprig.com *.userleap.com *.assets-servd.host data: 'self' https://track.hubspot.com https://heapanalytics.com https://*.linkedin.com https://t.co https://p.adsymptotic.com https://www.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.analytics.google.com https://*.doubleclick.net/ https://userleap.ghost.io https://*.hsforms.com https://i.vimeocdn.com https://www.gravatar.com https://*.googleadservices.com/ https://js.na.chilipiper.com https://*.mux.com https://*.mutinycdn.com https://analytics.twitter.com https://api.producthunt.com https://uploads-ssl.webflow.com https://*.website-files.com https://*.adroll.com https://i.ytimg.com https://bat.bing.com https://api.urlbox.io https://logo.clearbit.com; style-src https://*.sprig.com *.userleap.com 'self' 'unsafe-inline' https://fonts.googleapis.com https://js.na.chilipiper.com https://fonts.googleapis.com https://*.website-files.com; worker-src blob:; font-src https://*.sprig.com *.userleap.com 'self' data: https://fonts.gstatic.com https://app.sprig.com https://*.mutinycdn.com https://fonts.gstatic.com https://uploads-ssl.webflow.com https://*.website-files.com; frame-src blob: https://sprig.com https://*.sprig.com *.userleap.com *.greenhouse.io 'self' https://meetings.hubspot.com/ https://player.vimeo.com/ https://app.hubspot.com/ https://share.transistor.fm/ https://www.facebook.com/ https://*.hsforms.com/ https://*.doubleclick.net/ https://www.youtube.com/ https://*.chilipiper.com https://*.wistia.net https://*.qualified.com https://cdn.embedly.com https://*.adroll.com; media-src blob: 'self' https://*.mux.com https://sprig.com https://servd-white-cougar.b-cdn.net https://*.website-files.com; form-action 'self' https://www.facebook.com/ https://*.hsforms.com/; frame-ancestors 'self' https://sprig.com/ https://*.sprig.com; 2
upgrade-insecure-requests; default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: data: blob: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline' android-webview-video-poster: ; report-uri https://csp.ansa.it/report/ 2
frame-ancestors 'self' https://c360.cricketwireless.com; 2
frame-ancestors 'self' *.grammarly.com 2
frame-ancestors 'self' https://*.joyn.de https://app.datadoghq.eu; 2
require-trusted-types-for 'script';report-uri /_/GoogleCloudUxWebAppCgcUi/cspreport 2
frame-ancestors 'self' *.cafe24.com *.cafe24shop.com *.hanpda.com *.wehost24.com 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.southernliving.com 2
upgrade-insecure-requests; frame-ancestors 'self' http://*.elconfidencial.com:* https://*.elconfidencial.com:* www.elconfidencial.com blogs.elconfidencial.com bc.marfeel.com *.google.es *.google.com *.cdn.ampproject.org es.grupogo.punto player.h-cdn.com; report-uri https://elconfidencial.report-uri.io/r/default/csp/enforce 2
frame-ancestors 'self' https://*.goldmansachs.com https://*.gs.com; 2
base-uri 'self'; default-src https://*.optimizely.com https://cdn-assets-prod.s3.amazonaws.com https://marketingplatform.google.com/ https://js.appboycdn.com *.algolia.net *.adsrvr.org *.braze.com *.doubleclick.net *.facebook.com *.facebook.net *.fullstory.com *.google.com *.hotjar.com *.hotjar.io *.ingest.sentry.io *.optimizely.com *.pinterest.com *.pinimg.com *.prismic.io prismic.io *.segment.io *.segment.com *.wistia.net *.wistia.com bat.bing.com scatec.io searchmanagertools.com *.tiktok.com *.litix.io *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.gstatic.com *.browser-intake-datadoghq.com cdn.cookielaw.org geolocation.onetrust.com prodigyeducation-privacy.my.onetrust.com 'self' *.prodigygame.net *.prodigygame.org *.prodigygame.com; script-src 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/index.min.js https://html2canvas.hertzen.com/dist/html2canvas.min.js *.youtube.com *.redditstatic.com https://*.optimizely.com https://cdn-assets-prod.s3.amazonaws.com https://marketingplatform.google.com/ https://js.appboycdn.com *.algolia.net *.adsrvr.org *.braze.com *.doubleclick.net *.facebook.com *.facebook.net *.fullstory.com *.google.com *.hotjar.com *.hotjar.io *.ingest.sentry.io *.optimizely.com *.pinterest.com *.pinimg.com *.prismic.io prismic.io *.segment.io *.segment.com *.wistia.net *.wistia.com bat.bing.com scatec.io searchmanagertools.com *.tiktok.com *.litix.io *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.gstatic.com *.browser-intake-datadoghq.com cdn.cookielaw.org geolocation.onetrust.com prodigyeducation-privacy.my.onetrust.com 'self' *.prodigygame.net *.prodigygame.org *.prodigygame.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com *.fontawesome.com *.bootstrapcdn.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com; object-src 'none'; form-action 'self'; font-src data: *.fontawesome.com *.wistia.net *.gstatic.com *.wistia.com 'self' *.prodigygame.net *.prodigygame.org *.prodigygame.com; connect-src https://*.optimizely.com https://cdn-assets-prod.s3.amazonaws.com https://marketingplatform.google.com/ https://js.appboycdn.com *.algolia.net *.adsrvr.org *.braze.com *.doubleclick.net *.facebook.com *.facebook.net *.fullstory.com *.google.com *.hotjar.com *.hotjar.io *.ingest.sentry.io *.optimizely.com *.pinterest.com *.pinimg.com *.prismic.io prismic.io *.segment.io *.segment.com *.wistia.net *.wistia.com bat.bing.com scatec.io searchmanagertools.com *.tiktok.com *.litix.io *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.gstatic.com *.browser-intake-datadoghq.com cdn.cookielaw.org geolocation.onetrust.com prodigyeducation-privacy.my.onetrust.com 'self' *.prodigygame.net *.prodigygame.org *.prodigygame.com *.redditstatic.com conversions-config.reddit.com; img-src * data: blob:; media-src 'self' blob: data: *.wistia.com *.wistia.net 'self' *.prodigygame.net *.prodigygame.org *.prodigygame.com; child-src blob: 'self' *.prodigygame.net *.prodigygame.org *.prodigygame.com; frame-src *.prismic.io https://*.cdn.optimizely.com https://logx.optimizely.com https://a14073630164.cdn.optimizely.com https://a14073630164.cdn-pci.optimizely.com *.adsrvr.org *.facebook.com *.g.doubleclick.net *.doubleclick.net *.googlesyndication.com *.google.com *.hotjar.com *.opendns.com *.optimizely.com *.pinterest.com *.pinterest.ca *.wistia.com *.wistia.net *.youtube.com prodigyeducation.typeform.com s.amazon-adsystem.com www.googletagmanager.com 'self' *.prodigygame.net *.prodigygame.org *.prodigygame.com; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data: blob:; worker-src https: data: blob:; frame-ancestors 'self' https://*.softpedia.com/; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https: data: blob:; 2
connect-src 'self' *.maps.yandex.net api-maps.yandex.ru api.selectel.ru hog.selectel.ru chatwoot.selectel.ru wss://chatwoot.selectel.ru google-analytics.bi.owox.com googleads.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com https://analytics.google.com https://statuspal.io/api/v2/status_pages/selectel/summary https://api.mindbox.ru https://personalization-web-stable.mindbox.ru https://selectel.ru https://top-fwz1.mail.ru https://tracker.softcube.com https://web.popmechanic.ru leads.selectel.ru mc.yandex.ru selectel.ru sendsay.ru stats.g.doubleclick.net suggest-maps.yandex.ru wss://api.selectel.ru wss://ws.selectel.ru www.google-analytics.com www.youtube.com https://yulixr.ru/ https://hooks.zapier.com/hooks/catch/11509819/ https://hooks.zapier.com/hooks/catch/12416931/ https://script.google.com/a/macros/selectel.com/s/AKfycbzM4er3RoKbPw3cQALGtakLQ7xfTtUk8PETDoXQyYh6kiCLnhu1oO4iCy2CuhT38cGrCA/exec; default-src 'none'; font-src 'self' data: https://cdn.selectel.ru https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self' my.selectel.ru promo.selectel.ru go.teachbase.ru learn.selectel.org webvisor.com metrika.yandex.ru; frame-src 'self' api-maps.yandex.ru calc.selectel.ru chatwoot.selectel.ru googleads.g.doubleclick.net https://forms.amocrm.ru/ https://player.vimeo.com/ https://vk.com/ www.google.com www.google.ru www.youtube.com; img-src https: data: blob: region1.google-analytics.com region1.analytics.google.com; manifest-src 'self'; media-src 'self' https://chatwoot.selectel.ru https://cdn.selectel.ru https://files.selectel.ru; object-src 'self' blob:; report-uri https://relay.selectel.ru/api/87/security/?sentry_key=33110db9255441e5b312279003c189b1 https://relay.selectel.ru/api/20/csp-report/?sentry_key=7af12a7683624269a0cab11188e3d86e; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maps.yandex.net api-maps.yandex.ru cdn.ampproject.org hog.selectel.ru chatwoot.selectel.ru https://api.mindbox.ru/ https://cdn.selectel.ru https://cse.google.com/adsense/search/async-ads.js https://cse.google.com/cse.js https://cse.google.com/cse/element/v1 https://embed.typeform.com/embed.js https://forms.amocrm.ru/ https://googleads.g.doubleclick.net https://s.ytimg.com https://script.softcube.com https://static.popmechanic.ru https://top-fwz1.mail.ru https://vk.com https://www.google.com mc.yandex.ru personalization-web-stable.mindbox.ru selectel.ru ssl.google-analytics.com static.ads-twitter.com suggest-maps.yandex.ru tagmanager.google.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com yastatic.net; style-src 'self' 'unsafe-inline' https://cdn.selectel.ru/ https://chatwoot.selectel.ru https://fonts.googleapis.com https://static.popmechanic.ru https://tagmanager.google.com/ https://www.google.com/cse/static/element/ https://www.google.com/cse/static/style/look/v4/espresso.css https://personalization-web-stable.mindbox.ru/; upgrade-insecure-requests; 2
default-src 'self'; script-src 'self' webstats.surf.nl *.mailplus.nl platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com www.instagram.com www.google.com www.gstatic.com surfnl.containers.piwik.pro 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com *.vwo.com static.site24x7rum.eu; style-src 'self' 'unsafe-inline' static.mailplus.nl fonts.googleapis.com use.typekit.net p.typekit.net platform.twitter.com surfnl.containers.piwik.pro  surfnl.piwik.pro; img-src http: https: surfnl.containers.piwik.pro surfnl.piwik.pro data:;; frame-src 'self' *.surf.nl openonderwijsapi.nl www.surfspace.nl surfspace.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com www.google.com https://surf.apnd.me/OWD23/program https://surf.apnd.me/ACUD23/program; child-src 'self' surf.mediamission.nl www.slideshare.net player.vimeo.com www.youtube.com www.youtube-nocookie.com surf.mediamission.nl platform.twitter.com syndication.twitter.com www.instagram.com www.facebook.com www.linkedin.com; font-src 'self' fonts.gstatic.com surfnl.containers.piwik.pro surfnl.piwik.pro data:; connect-src 'self' surfnl.piwik.pro webstats.surf.nl surfnl.containers.piwik.pro  surfnl.piwik.pro; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.treehugger.com 2
frame-ancestors https://*.phoenix.razer.com https://www.razer.com; 2
default-src * blob:; img-src * data: blob: resource: *.xmcdn.com *.ximalaya.com; connect-src * wss: blob: resource:; frame-src 'self' *.ximalaya.com pos.baidu.com dup.baidustatic.com openapi.baidu.com wappass.baidu.com passport.baidu.com s.union.360.cn 360fenxi.mediav.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.xmcdn.com *.ximalaya.co hm.baidu.com s.union.360.cn cpro.baidustatic.com pos.baidu.com dup.baidustatic.com zz.bdstatic.com b.bdstatic.com jspassport.ssl.qhimg.com webcert.cnmstl.net; style-src 'self' 'unsafe-inline' *.xmcdn.com *.ximalaya.com resource:; frame-ancestors *.ximalaya.com; 2
child-src blob:;default-src 'self' https://*.wistia.com https://*.wistia.net;connect-src https://cdn.acsbapp.com px.ads.linkedin.com https://analytics.google.com https://dogfood.blueconic.com https://pl21.blueconic.com https://assets.ctfassets.net https://viewlicense.adobe.io https://ngmrewndgx-dsn.algolia.net https://ngmrewndgx-2.algolianet.com https://ngmrewndgx-3.algolianet.com https://ngmrewndgx-1.algolianet.com https://ngmrewndgx-dsn.algolia.net https://distillery.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://l.clarity.ms https://*.clarity.ms https://bat.bing.com https://ipv6.6sc.co/ https://c.6sc.co/ https://secure.adnxs.com https://cdn.linkedin.oribi.io https://epsilon.6sense.com https://358-xtm-616.mktoresp.com https://js.zi-scripts.com https://ws.zoominfo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' view.ceros.com https://go.blueconic.com/ https://dogfood.blueconic.com https://li.protechts.net/ https://static.licdn.com/ https://j.6sc.co https://acsbapp.com https://ws.zoominfo.com https://js.zi-scripts.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com https://munchkin.marketo.net https://secure.adnxs.com https://js.zi-scripts.com https://ipv4.d.adroll.com/ https://www.googleanalytics.com google-analytics.com https://www.google-analytics.com https://www.googleoptimize.com www.google-analytics.com www.googletagmanager.com https://pl21.blueconic.com https://code.jquery.com https://cdn.jsdelivr.net https://dogfood.blueconic.com https://fast.wistia.com https://documentcloud.adobe.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://*.blueconic.net https://*.sb.blueconic.net https://bc.holland.com https://bc.anwb.nl https://dogfood.blueconic.com https://psv.blueconic.com https://bc.gxsoftware.com https://bc.nn.nl https://wpg.blueconic.com https://b.bostonglobemedia.com https://d.putnam.com https://www.googleadservices.com https://stats.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com https://s.adroll.com/j/roundtrip.js https://snap.licdn.com https://static.ads-twitter.com https://bat.bing.com https://s.adroll.com https://d.adroll.com https://www.clarity.ms https://connect.facebook.net https://*.clarity.ms;style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fast.wistia.com https://pl21.blueconic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://358-xtm-616.mktoweb.com http://358-xtm-616.mktoweb.com/;font-src 'self' data: https://www.blueconic.com https://fonts.blueconic.com https://cdn2.hubspot.net https://fonts.gstatic.com https://*.wistia.com https://fonts.gstatic.com;img-src 'self' data: https://x.adroll.com https://ds.reson8.com https://b.6sc.co https://images.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://fast.wistia.com https://embed-ssl.wistia.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://googleads.g.doubleclick.net https://www.google.com https://pl21.blueconic.com pl21.blueconic.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://t.co https://analytics.twitter.com https://px.ads.linkedin.com https://bat.bing.com https://px.ads.linkedin.com https://d.adroll.com https://c.clarity.ms https://*.clarity.ms https://www.facebook.com https://c.bing.com https://x.bidswitch.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://us-u.openx.net https://image2.pubmatic.com https://ups.analytics.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://ib.adnxs.com https://sync.taboola.com https://idsync.rlcdn.com https://image2.pubmatic.com https://px4.ads.linkedin.com https://segments.company-target.com https://p.adsymptotic.com https://global.ib-ibi.com https://odr.mookie1.com https://privacy-policy.truste.com https://acsbapp.com;media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net;worker-src 'self' blob:;frame-src 'self' https://x.adroll.com https://go.blueconic.com/ https://dogfood.blueconic.com view.ceros.com https://358-xtm-616.mktoweb.com/ https://li.protechts.net/ li.protechts.net www.linkedin.com https://static.licdn.com/ https://www.linkedin.com https://acsbapp.com http://358-xtm-616.mktoweb.com https://more.blueconic.com https://documentcloud.adobe.com https://fast.wistia.com https://fast.wistia.net 2
frame-ancestors 'self' *.tdameritrade.com *.ameritrade.com http://*.tdameritrade.com/ 2
frame-ancestors 'self' azd.marketing.adobe.com 2
report-uri /csp; child-src 'self'; connect-src *; default-src 'self'; img-src 'self' data: *.facebook.com https://wise.com https://gtm.wise.com https://tw-avatar.s3.eu-central-1.amazonaws.com https://tw-test-avatar-storage.s3.eu-west-1.amazonaws.com https://*.doubleclick.net https://www.googleadservices.com https://alb.reddit.com https://*.yahoo.co.jp https://bat.bing.com https://cx.atdmt.com https://daw291njkc3ao.cloudfront.net https://dq8dwmysp7hk1.cloudfront.net https://d2dgj1jjqgsb96.cloudfront.net https://help.wise.com/ https://lienzo.s3.amazonaws.com https://platform-lookaside.fbsbx.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://q.quora.com https://s3-eu-west-1.amazonaws.com https://t.co https://wise.desk.com https://widgets.wise.com https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com https://aax-eu.amazon-adsystem.com https://www.googletagmanager.com https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.sg https://www.google.com.ph https://www.google.com.my https://www.google.com.mx https://www.google.com.ua https://www.google.com.vn https://www.google.com.tr https://www.google.com.ar https://www.google.com.hk https://www.google.com.pk https://www.google.com.pe https://www.google.com.ng https://www.google.com.cy https://www.google.com.mt https://www.google.com.bd https://www.google.com.eg https://www.google.co.uk https://www.google.co.th https://www.google.co.jp https://www.google.co.nz https://www.google.co.id https://www.google.co.kr https://www.google.co.ve https://www.google.co.in https://www.google.co.il https://www.google.co.za https://www.google.de https://www.google.ca https://www.google.es https://www.google.pl https://www.google.ie https://www.google.ch https://www.google.pt https://www.google.nl https://www.google.it https://www.google.hu https://www.google.fr https://www.google.be https://www.google.ro https://www.google.fi https://www.google.cl https://www.google.cz https://www.google.ae https://www.google.lu https://www.google.se https://www.google.ru https://www.google.at https://www.google.bg https://www.google.ee https://www.google.dk https://www.google.no https://www.google.gr https://www.google.sk https://www.google.lt https://www.google.lv https://www.google.ge https://www.google.hr https://www.google.me *.googleusercontent.com http://wi.se https://wi.se https://collector-20079.tvsquared.com https://analytics.twitter.com https://tr.line.me https://c5.adalyser.com https://pixel.pointmediatracker.com https://cnv.event.prod.bidr.io https://lux.speedcurve.com; font-src 'self' data: https://fonts.gstatic.com https://widgets.wise.com/; object-src 'self'; media-src 'self' https://wise.com/; manifest-src 'self' 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' https://wise.com https://gtm.wise.com polyfill.io https://js-agent.newrelic.com https://bam.nr-data.net/ https://ajax.cloudflare.com bat.bing.com https://s.yimg.jp https://*.yahoo.co.jp a.quora.com static.hotjar.com https://script.hotjar.com/ https://collector-20079.tvsquared.com https://d.line-scdn.net www.google.co.uk www.google.com www.googletagmanager.com/ tagmanager.google.com/ https://storage.googleapis.com https://ajax.googleapis.com/ https://microapps.google.com https://microapps-prod-tt.sandbox.google.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com www.snapengage.com insitez.blob.core.windows.net sjs.bizographics.com *.mxpnl.com https://cdn.pdst.fm https://us-central1-adaptive-growth.cloudfunctions.net https://bidr.io https://d2dgj1jjqgsb96.cloudfront.net https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://js.adsrvr.org https://c5.adalyser.com https://transferwise.com https://bidr.io https://cdn.speedcurve.com https://lux.speedcurve.com; style-src 'self' 'unsafe-inline' blob: fonts.googleapis.com/css tagmanager.google.com/; frame-ancestors 'self' https://wiseturkiye.com.tr https://microapps.google.com https://microapps-prod-tt.sandbox.google.com; frame-src youtube.com www.youtube.com www.youtube-nocookie.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://insight.adsrvr.org https://match.adsrvr.org https://wise.com https://transferwise.com 2
frame-ancestors https://app.mutinyhq.com 2
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; 2
default-src 'self' data: https://*.cafebazaar.ir https://*.cafebazaar.cloud ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://imasdk.googleapis.com https://s0.2mdn.net https://adservice.google.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net; worker-src 'self' data: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; style-src 'self' data: 'unsafe-inline' https://*.cafebazaar.ir https://*.cafebazaar.cloud https://tagmanager.google.com https://fonts.googleapis.com; img-src * data: blob: android-webview-video-poster:; font-src * data:; connect-src *; media-src * data: blob: blob: https://*.cafebazaar.ir https://*.cafebazaar.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self' blob: www.facebook.com facebook.com content.dionglobal.in icicibank.paymetry.com www.twitter.com twitter.com soundhelix.com *.go-mpulse.net www.iciciprulife.com cdn.jsdelivr.net code.jquery.com iciciauto.com icici.skryptech.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com googletagmanager.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com cdn.ampproject.org cdnjs.cloudflare.com connect.facebook.net facebook.net marketingplatform.google.com google.com www.google.com www.google-analytics.com google-analytics.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com fonts.googleapis.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com cugd2qa.crm8.dynamics.com cugd1uat.crm8.dynamics.com cugd2uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com analytics.google.com snap.licdn.com leads.icicibank.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com ribstgnew.icicibank.com www.icicibank.com icici.nanorep.co nanorep.co nanorep.com;object-src 'none';child-src 'self' data:;worker-src blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' ibot.icicibank.com assets.adobedtm.com *.demdex.net cm.everesttech.net assets.adobedtm.com wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com ibotuat.icicibank.com platform.twitter.com platform.linkedin.com static.addtoany.com www.linkedin.com *.go-mpulse.net d1ls4i8l5ki52s.cloudfront.net cugd1uat.crm8.dynamics.com *.fls.doubleclick.net cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com go-mpulse.net www.iciciprulife.com addtoany.com tagmanager.google.com www.tagmanager.google.com linkedin.com content.dionglobal.in analytics.google.com www.googleadservices.com fonts.googleapis.com icicibank.paymetry.com beta-icicibank.paymetry.com cugd1qa.crm8.dynamics.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com googleadservices.com googleads.g.doubleclick.net twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com adobe.com doubleclick.net marketingplatform.google.com www.google.com google.com www.google-analytics.com ssl.google-analytics.com ssl.google-analytics.com visitor-services.nanorep.com nanorep.com icici.nanorep.co leads.icicibank.com cdnjs.cloudflare.com cloudfunctions.net senseforth.com amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com assets.adobedtm.com google-analytics.com adobecqms.net googletagmanager.com www.indiatimes.com economictimes.indiatimes.com ribstgnew.icicibank.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net www.youtube.com demdex.net omtrdc.net data:;connect-src 'self' smetrics.icicibank.com edge.adobedc.net https://fcm.googleapis.com/fcm/connect/subscribe https://icicibank-mkt-stage1.campaign.adobe.com/ici/webregisterAndroid.jssp https://icicibank-mid-stage1-all-t.adobe-campaign.com www.google.co.in *.akstat.io *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobedc.net  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com wss://ccaiuatws.icicibank.com ccaiuatws.icicibank.com apibankingonesandbox.icicibank.com ibotuat.icicibank.com *.go-mpulse.net go-mpulse.net snap.licdn.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com fonts.googleapis.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com analytics.google.com www.analytics.google.com www.iciciprulife.com addtoany.com icicibank.paymetry.com beta-icicibank.paymetry.com marketingplatform.google.com www.google.com google.com www.google-analytics.com google-analytics.com adobecqms.net cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com www.icicibank.com icicibank.com linkedin.com twitter.com cdn.ampproject.org ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com g.doubleclick.net doubleclick.net cdnjs.cloudflare.com googleadservices.com visitor-services.nanorep.com nanorep.com connect.facebook.net cloudfunctions.net senseforth.com icici.nanorep.co amazonaws.com ajax.googleapis.com maps.googleapis.com googleapis.com www.indiatimes.com economictimes.indiatimes.com www.googletagmanager.com leads.icicibank.com *.visualwebsiteoptimizer.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com googletagmanager.com www.facebook.com facebook.com bing.com asia-south1-quantum-flood-755.cloudfunctions.net ribstgnew.icicibank.com stats.g.doubleclick.net assets.adobedtm.com www.youtube.com demdex.net omtrdc.net money2india.icicibank.co.in wss://icicibankstt.senseforth.com/transcribe;img-src 'self' ad.doubleclick.net ibot.icicibank.com *.demdex.net cm.everesttech.net  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com assets.adobedtm.com storage.googleapis.com ibotuat.icicibank.com www.google-analytics.com syndication.twitter.com fonts.googleapis.com ssl.gstatic.com g.doubleclick.net cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com snap.licdn.com analytics.google.com www.analytics.google.com google-analytics.com *.go-mpulse.net go-mpulse.net icicibank.paymetry.com beta-icicibank.paymetry.com cdn.jsdelivr.net cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com beta-icicibank.paymetry.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com cdnjs.cloudflare.com rukminim1.flixcart.com m.media-amazon.com icicicashback.com maps.gstatic.com www.gstatic.com gstatic.com www.icicibank.com icicibank.com www.iciciprulife.com linkedin.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com www.google.co.in icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com amazonaws.com google.co.in *.visualwebsiteoptimizer.com marketingplatform.google.com www.google.com ribstgnew.icicibank.com google.com googleads.g.doubleclick.net adobecqms.net www.indiatimes.com economictimes.indiatimes.com googleadservices.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com bing.com connect.facebook.net assets.adobedtm.com www.youtube.com everesttech.net demdex.net omtrdc.net data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com *.go-mpulse.net analytics.google.com cugd2uat.crm8.dynamics.com  wss://ccaiprodws.icicibank.com ccaiprodws.icicibank.com ccaiprod.icicibank.com apibankingone.icicibank.com icicibank.paymetry.com beta-icicibank.paymetry.com go-mpulse.net addtoany.com cdn.jsdelivr.net code.jquery.com cugd2qa.crm8.dynamics.com content.dionglobal.in iciciauto.com icici.skryptech.com buy.icicibank.com buystaging.niveussolutions.com icicicashback.com maps.gstatic.com gstatic.com linkedin.com googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com www.icicibank.com icicibank.com www.iciciprulife.com twitter.com doubleclick.net cdn.ampproject.org ampproject.org spa.gy t4.rolsoninfotech.com voiceassist.urja.com v icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com ajax.googleapis.com maps.googleapis.com googleapis.com marketingplatform.google.com www.google.com google.com adobecqms.net www.indiatimes.com economictimes.indiatimes.com icici.nanorep.co visitor-services.nanorep.com nanorep.com cloudfunctions.net leads.icicibank.com senseforth.com amazonaws.com tagmanager.google.com www.tagmanager.google.com *.visualwebsiteoptimizer.com googleadservices.com bootstrapcdn.com ribstgnew.icicibank.com;font-src 'self' data: maps.gstatic.com gstatic.com fonts.gstatic.com;frame-src 'self' *.demdex.net www.iciciprulife.com web.facebook.com platform.twitter.com www.linkedin.com infinity.icicibank.com infinity.icicibank.co.in iciciprulife.com au.personalcard.net *.fls.doubleclick.net nli.icicibank.com cugd1uat.crm8.dynamics.com cugd1qa.crm8.dynamics.com cugd1dev.crm8.dynamics.com cugd1sit.crm8.dynamics.com snap.licdn.com cugd2dev.crm8.dynamics.com cugd2sit.crm8.dynamics.com analytics.google.com cugd2qa.crm8.dynamics.com cugd2uat.crm8.dynamics.com fonts.googleapis.com ribstgnew.icicibank.com icicibank.paymetry.com cdn.jsdelivr.net code.jquery.com content.dionglobal.in iciciauto.com icici.skryptech.com icicibank.paymetry.com beta-icicibank.paymetry.com ajax.googleapis.com maps.googleapis.com googleapis.com addtoany.com buy.icicibank.com buystaging.niveussolutions.com bid.g.doubleclick.net cdnjs.cloudflare.com spa.gy t4.rolsoninfotech.com voiceassist.urja.com icicicashback.com maps.gstatic.com gstatic.com icicibank.com linkedin.com twitter.com cdn.ampproject.org www.indiatimes.com economictimes.indiatimes.com ampproject.org icicibankstt.senseforth.com icicibanksmartsearch.senseforth.com senseforth.com googletagmanager.com www.googletagmanager.com www.facebook.com facebook.com visitor-services.nanorep.com nanorep.com marketingplatform.google.com www.google.com google.com adobecqms.net www.youtube.com www.icicibank.com leads.icicibank.com icicibank.adobecqms.net; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.twitter.com assets.juicer.io cdns.eu1.gigya.com cdn.cookielaw.org cdn.knightlab.com code.jquery.com connect.facebook.net geolocation.onetrust.com munchkin.marketo.net optanon.blob.core.windows.net snap.licdn.com static.ads-twitter.com www.buzzsprout.com *.googletagmanager.com www.google.com www.googleadservices.com www.gstatic.com www.youtube.com *.analytics.google.com *.google-analytics.com *.googleapis.com 505-xng-882.mktoweb.com 636-tke-312.mktoweb.com fonts.googleapis.com info.six-group.com info.finanzmuseum.ch info.ebill.ch accounts.eu1.gigya.com adservice.google.com ad.doubleclick.net cookies-data.onetrust.io graph.facebook.com info-sandbox.six-group.com privacyportal-ch.onetrust.com *.g.doubleclick.net www.juicer.io 505-xng-882.mktoresp.com 636-tke-312.mktoresp.com 505-xng-882.mktoutil.com 636-tke-312.mktoutil.com www.six-structured-products.com *.google.com *.google.ad *.google.at *.google.com.au *.google.be *.google.ca *.google.ch *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.ie *.google.im *.google.is *.google.it *.google.co.jp *.google.li *.google.lu *.google.nl *.google.no *.google.pt *.google.se *.google.com.sg *.google.sm *.google.co.uk  www.schweizeraktien.net fonts.gstatic.com data: cdnapisec.kaltura.com googleads.g.doubleclick.net player.vimeo.com *.transistor.fm www.facebook.com www.federli.ch www.youtube-nocookie.com *.fls.doubleclick.net anchor.fm podcasters.spotify.com; img-src https: data:; report-uri /api/six/cspreport; report-to csp-endpoint; 2
child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.paypal.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com *.livechat.s3.amazonaws.com *.livechat-files.com; frame-ancestors 'self' directnic.net; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: wss: *.2o7.net *.ac-systems.com *.adobe.com *.adobe.io *.adobedtm.com *.adoberesources.net *.adsymptotic.com *.akamaihd.net *.amazonaws.com *.amelia.com *.arcgis.com *.atdmt.com *.base.be *.bbvms.com *.bluebillywig.com *.bluecoat.com *.clarity.ms *.cloudfront.net *.companymatch.me *.contentsquare.com *.contentsquare.net *.cookielaw.org *.customersaas.com *.day.com *.demdex.net *.doubleclick.net *.driftqa.com *.driftt.com *.everesttech.net *.facebook.com *.facebook.net *.fontawesome.com *.force.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.hotjar.com *.hotjar.io *.licdn.com *.linkedin.com *.litix.io *.loadinggif.com *.luckycycle.com *.marketo.net *.mktoresp.com *.mktoutil.com *.mobistar.be *.nettjar.com *.omtrdc.net *.onetrust.com *.oribi.io *.pegacloud.net *.pingvp.com *.pinimg.com *.pinterest.com *.premiumplus.io *.qelpcare.com *.salesforce.com *.salesforceliveagent.com *.sfdcstatic.com *.snapchat.com *.speedtestcustom.com *.telenet-ops.be *.telenet.be *.telenet.be:* *.telenet.be.seg.js *.telenetcampagnes.be *.typekit.net *.typography.com *.unpkg.com *.upc.ch *.usabilla.com *.vimeo.com *.webgains.com *.webgains.io *.wista.com *.wistia.com *.wistia.net *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com *.zentr.cc *.zentrick.com *.zopim.com *.zopim.io https://app.insites.com https://app.prospect.silktide.com https://cookies-data.onetrust.io https://eu.cobrowse.pega.com https://euassets.cobrowse.pega.com https://eur01.safelinks.protection.outlook.com https://euuat.cobrowse.pega.com https://euuatassets.cobrowse.pega.com https://html5-player.libsyn.com https://playlist.megaphone.fm https://sandbox-telenet.24sessions.com https://telenet.24sessions.com https://widget.euw1.chat.pega.digital sc-static.net;img-src 'self' blob: data: *.telenet.be *.telenet.be:* https: http://loadinggif.com *.doubleclick.net *.loadinggif.com;report-uri https://api.prd.telenet.be/csp-violation-report; 2
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.parents.com 2
frame-ancestors *.oray.com scrm-wx.weiling.cn 2
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net embedwistia-a.akamaihd.net *.litix.io www.facebook.com *.ubembed.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.net *.hsforms.com *.marketo.com *.marketo.net *.mktoresp.com *.mktoutil.com *.emarsys.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.clickcease.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mouseflow.com *.cdn.linkedin.oribi.io *.oribi.io app.clearbit.com *.visualwebsiteoptimizer.com *.ads.linkedin.com cdn.dreamdata.cloud; font-src 'self' data: *.kinstacdn.com *.slidesharecdn.com *.wistia.com *.wistia.net; form-action 'self' www.facebook.com *.hsforms.net *.hsforms.com; frame-ancestors 'self' *.covideo.com; frame-src 'self' *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.marketo.com *.marketo.net html5-player.libsyn.com bid.g.doubleclick.net www.facebook.com js.driftt.com *.ubembed.com *.googlesyndication.com *.hsforms.net *.hsforms.com *.slideshare.net *.wistia.com *.wistia.net *.on24.com *.emarsys.com *.vidmails.com *.covideo.com *.g2.com *.hotjar.com *.clearbitjs.com *.marketimpacttools.com *.doubleclick.net open.spotify.com *.adobe.com; img-src 'self' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com *.wistia.com *.wistia.net *.gravatar.com www.googletagmanager.com www.google-analytics.com analytics.twitter.com *.px.ads.linkedin.com googleads.g.doubleclick.net *.linkedin.com www.facebook.com connect.facebook.net t.co embedwistia-a.akamaihd.net *.hsforms.net *.hsforms.com *.adsymptotic.com *.glasgowlive.co.uk s.w.org *.cookielaw.org *.hotjar.com *.clearbitjs.com *.visualwebsiteoptimizer.com cdn.filestackcontent.com; media-src 'self' blob: data: *.kinstacdn.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.driftqa.com *.driftt.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kinstacdn.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com *.marketo.com *.marketo.net *.ubembed.com *.wistia.com *.wistia.net googleads.g.doubleclick.net www.googleadservices.com tracking.g2crowd.com snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.twitter.com js.driftt.com *.hsforms.net *.hsforms.com *.googlesyndication.com *.onetrust.com *.cookielaw.org sentry.io *.sentry.io *.on24.com *.clickcease.com *.hotjar.com *.clearbitjs.com tag.clearbitscripts.com *.mouseflow.com *.visualwebsiteoptimizer.com marketo.clearbit.com cdn.dreamdata.cloud reveal.clearbit.com *.adobe.com; style-src 'self' 'unsafe-inline' *.kinstacdn.com *.marketo.com *.marketo.net  *.adobe.com; worker-src 'self' blob:; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagservices.com https://cdn.cookielaw.org https://fonts.gstatic.com http://sb.scorecardresearch.com http://static.ads-twitter.com http://news.atptour.com https://news.atptour.com https://tunein.com https://r1-t.trackedlink.net/ https://bam-cell.nr-data.net/ https://vjs.zencdn.net/ https://itp-atp-sls.infosys-platforms.com/ https://www.riddle.com https://e.infogram.com https://www.googletagmanager.com/ https://imasdk.googleapis.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://securepubads.g.doubleclick.net/ https://connect.facebook.net/ https://sb.scorecardresearch.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://www.google-analytics.com/ https://livestream.com https://mail.tennisunited.co https://s0.2mdn.net/instream/video/client.js https://adservice.google.com.mx/adsid/integrator.js https://imasdk.googleapis.com/js/sdkloader/ima3.js https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://bs.serving-sys.com/ https://adservice.google.com/ https://players.brightcove.net/ https://secure-ds.serving-sys.com/ https://tpc.googlesyndication.com/ https://c1.rfihub.net/ https://analytics.twitter.com/ https://www.instagram.com/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/ https://r1.marketing-pages.com https://www.gstatic.com/ https://*.brightcove.com https://*.brightcove.net https://*.sportradar.com https://*.livestream.com https://*.shorthandstories.com https://*.shorthand.com;style-src 'self' 'unsafe-inline' https://itp-atp-sls.infosys-platforms.com/ https://fonts.googleapis.com/ https://www.riddle.com https://news.atptour.com/ https://e.infogram.com https://avplayer-cdn.sportradar.com/ https://*.typekit.net https://*.shorthandstories.com https://*.shorthand.com ;worker-src blob: 2
frame-ancestors 'self' refreshthis.com *.refreshthis.com 2
frame-ancestors 'self' https://microapps.google.com/ https://pwa.zomato.com; default-src *; font-src * data:; child-src 'self' * blob:; img-src * 'self' data: blob: ; media-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com *.jwpcdn.com *.licdn.com *.cloudflare.com *.twitter.com *.recruiterbox.com *.zdev.net *.zdev.net:8080 *.zomato.com *.tinymce.com *.gstatic.com *.googleapis.com *.google.com *.google.co.in *.facebook.com sdk.accountkit.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.nr-data.net *.newrelic.com *.google-analytics.com *.zmtcdn.com *.googletagmanager.com *.facebook.net *.googleadservices.com *.cdninstagram.com *.googlesyndication.com *.spreedly.com *.instagram.com *.twimg.com d1m0gkspj3l6or.cloudfront.net d3mvnvhjmkxpjz.cloudfront.net d36mpcpuzc4ztk.cloudfront.net d2weczhvl823v0.cloudfront.net d2z9qv80fklwtv.cloudfront.net d32l4mqe5xk032.cloudfront.net *.serving-sys.com *.pubnub.com *.branch.io app.link cdn.poll-maker.com *.ampproject.org rec.smartlook.com static.hotjar.com script.hotjar.com zba.se *.googletagmanager.com eff.org cdn.plot.ly 3717.tm.zedo.com *.bing.com static.criteo.net sslwidget.criteo.com gum.criteo.com mddigital.in static.zdassets.com zomato.zendesk.com cdn.taboola.com trc.taboola.com ds-aksb-a.akamaihd.net service.force.com zomato.my.salesforce.com zomato.secure.force.com d.la1-c1-hnd.salesforceliveagent.com; style-src * 'unsafe-inline'; worker-src 'self' https: blob:; 2
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://lavoz.report-uri.io/r/default/csp/enforce 2
frame-ancestors learn.arcgis.com *.esri.com pro.arcgis.com doc.arcgis.com 2
frame-ancestors 'self' https://*.momoshop.com.tw http://*.momoshop.com.tw; 2
frame-ancestors 'self'; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; style-src 'self' https://code.jquery.com https://www.lightboxcdn.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/ 'unsafe-inline'; script-src 'self' blob: *.netmng.com https://code.jquery.com https://disqus.com https://j.6sc.co https://boards.greenhouse.io https://p.adsymptotic.com https://www.googleadservices.com https://px4.ads.linkedin.com https://c1.rfihub.net https://connect.facebook.net https://lightboxapi.azurewebsites.net https://d.adroll.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://snap.licdn.com https://com-zglobal.netmng.com https://s.adroll.com 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.googletagmanager.com bootstrapcdn.com *.bootstrapcdn.com googleapis.com *.googleapis.com cloudflare.com *.cloudflare.com rezync.com *.rezync.com hsforms.net *.hsforms.net lightboxcdn.com *.lightboxcdn.com gstatic.com *.gstatic.com vimeo.com *.vimeo.com wistia.com *.wistia.com hs-scripts.com *.hs-scripts.com google.com *.google.com capterra.com *.capterra.com hscollectedforms.net *.hscollectedforms.net hsadspixel.net *.hsadspixel.net hubspot.com *.hubspot.com hsforms.com *.hsforms.com hs-analytics.net *.hs-analytics.net usemessages.com *.usemessages.com hs-banner.com *.hs-banner.com licdn.com *.licdn.com google-analytics.com *.google-analytics.com boomtrain.com *.boomtrain.com https://www.youtube.com https://www.googleoptimize.com https://s7.addthis.com/ https://unpkg.com/ https://cdn.jsdelivr.net https://dev.visualwebsiteoptimizer.com https://app.vwo.com 2
connect-src 'self' www.google-analytics.com stats.g.doubleclick.net ; default-src 'self' ; font-src 'self' fonts.googleapis.com fonts.gstatic.com data: ; frame-ancestors 'self' ; frame-src 'self' www.google.com feedback.googleusercontent.com www.googletagmanager.com scone-pa.clients6.google.com www.youtube.com player.vimeo.com ; img-src 'self' www.google.com www.google-analytics.com ssl.gstatic.com www.gstatic.com gstatic.com data: * ; object-src 'none' ; script-src 'self' 'sha256-n6OdwTrm52KqKm6aHYgD0TFUdMgww4a0GQlIAVrMzck=' 'sha256-4ryYrf7Y5daLOBv0CpYtyBIcJPZkRD2eBPdfqsN3r1M=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' www.google.com apis.google.com www.gstatic.com gstatic.com support.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com tagmanager.google.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feedback.googleusercontent.com www.gstatic.com gstatic.com tagmanager.google.com ; 2
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; frame-ancestors 'self' https://planmybathroom.diy.com https://b-q.citrusad.com https://kingfisher-france.citrusad.com https://kingfisher-sandbox.citrusad.com;style-src * data: 'unsafe-inline'; font-src * data: ; 2
frame-ancestors *.euractiv.com euractiv.com *.euractiv.fr euractiv.fr *.euractiv.de euractiv.de *.euractiv.gr euractiv.gr *.euractiv.pl euractiv.pl *.euractiv.sk euractiv.sk *.euraciv.cz euractiv.cz      *.euractiv.it euractiv.it *.euractiv.es euractiv.es euractiv.bg api-esp-eu.piano.io; 2
frame-ancestors 'self'  *.ampproject.org *.zdbb.net 2
frame-ancestors https://*.neogov.com https://*.neogov.net https://*.neoed.com https://*.neogov.ca https://*.neoed.net; upgrade-insecure-requests 2
default-src https:; child-src blob: https:; connect-src blob: https: wss:; form-action https:; frame-ancestors https: http://webvisor.com; media-src blob: https:; object-src https:; img-src https: data: blob:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com t.contentsquare.net track.gaconnector.com tracker.gaconnector.com app.contentsquare.com ma.zoho.eu maillist-manage.eu pagesense-proxy.eu js.stripe.com scout-cdn.salesloft.com secure.seat6worn.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net player.vimeo.com chat.puzzel.com *.google.com t.gatorleads.co.uk www.gstatic.com snap.licdn.com js.driftt.com js.driftqa.com www.googletagmanager.com static.hotjar.com script.hotjar.com www.google-analytics.com www.googleadservices.com connect.facebook.net pi.pardot.com; default-src 'self' 'unsafe-inline' ma.zoho.eu maillist-manage.eu idx.liadm.com cdn.linkedin.oribi.io ws://127.0.0.1:35729 *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com bat.bing.com scout.salesloft.com js.driftqa.com js.driftt.com chat.puzzel.com www.google-analytics.com script.hotjar.com stats.g.doubleclick.net in.hotjar.com; frame-src 'self' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com td.doubleclick.net js.stripe.com https://player.vimeo.com https://youtu.be https://www.youtube.com/ *.google.com js.driftt.com vars.hotjar.com www.facebook.com; style-src-elem 'self' 'unsafe-inline' blob: *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com fonts.googleapis.com; img-src 'self' blob: data: *.contentsquare.net i.vimeocdn.com *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com scout.eu1.salesloft.com bat.bing.com chat.puzzel.com *.linkedin.com p.adsymptotic.com popup.communigator.co.uk www.facebook.com www.google-analytics.com www.google.com www.google.co.uk script.hotjar.com; font-src data: 'self' *.thghosting.local *.hosting.ing-dev.co.uk *.thghosting.com *.ingenuitycloudservices.com script.hotjar.com fonts.gstatic.com; child-src blob:; worker-src blob:; connect-src thghosting.local *.thghosting.local hosting.ing-dev.co.uk *.hosting.ing-dev.co.uk thghosting.com *.thghosting.com ingenuitycloudservices.com *.ingenuitycloudservices.com track.gaconnector.com *.contentsquare.net ma.zoho.eu cdn.linkedin.oribi.io idx.liadm.com *.google-analytics.com ma.zoho.eu maillist-manage.eu scout.salesloft.com js.stripe.com px.ads.linkedin.com idx.liadm.com; 2
default-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net ; script-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net browser-update.org connect.facebook.net *.google.com *.gstatic.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com unpkg.com/web-vitals/ *.googleapis.com js.stripe.com *.paypal.com *.paypalobjects.com *.twitter.com *.youtube.com analytics.tiktok.com 'unsafe-inline' 'unsafe-eval' blob: ; style-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.google.com *.googleapis.com *.typekit.net code.iconify.design 'unsafe-inline' data: ; img-src * data: blob: ; font-src 'self' boardgamearena.com *.boardgamearena.com:* *.boardgamearena.net *.typekit.net fonts.gstatic.com fonts.googleapis.com ff.static.1001fonts.net db.onlinewebfonts.com data: ; connect-src 'self' boardgamearena.com *.boardgamearena.com:* wss://*.boardgamearena.com:* *.boardgamearena.net wss://*.boardgamearena.net:* *.facebook.com *.google.com *.gstatic.com *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.paypal.com analytics.tiktok.com; frame-src 'self' boardgamearena.com *.boardgamearena.com:* *.slideshare.net *.youtube.com *.youtube-nocookie.com *.dailymotion.com *.trictrac.tv *.trictrac.net melodice.org js.stripe.com *.paypal.com *.twitter.com *.facebook.com *.google.com td.doubleclick.net *.blueorangegames.eu; frame-ancestors 'self' boardgamearena.com ; base-uri 'none' ; report-uri /web/scriptlogger/cspReport.html 2
default-src 'self' https://feed.pghub.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://snippet.maze.co https://feed.pghub.io https://z.moatads.com/ https://s.swiftypecdn.com/ https://connect.facebook.net/ https://js.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.googleadservices.com/ https://maps.googleapis.com https://unpkg.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://script.crazyegg.com https://api.ipify.org https://code.jquery.com/ https://c.lytics.io/ https://cdn.segment.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pghub.io/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://feed.pghub.io https://cdn.cookielaw.org/ https://c.lytics.io/ https://cdnjs.cloudflare.com https://unpkg.com; object-src https://images.ctfassets.net/; base-uri 'self'; connect-src 'self' https://downloads.ctfassets.net https://privacytermsprod.azureedge.net https://assets.ctfassets.net/ https://cdn.contentful.com https://mw-ar-recom-prod.pgapi.io/ https://staging-api.fr.pg.com/ https://gpdb-staging.name-coach.com/api/public/v1/pronunciations/phonetics https://gpdb.name-coach.com/api/public/v1/pronunciations/phonetics https://prompts.maze.co https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://api.fr.pg.com https://pg-poc-regulatory-app-test.azurewebsites.net https://s.swiftypecdn.com https://maps.googleapis.com https://script.crazyegg.com https://consent-api.onetrust.com https://api.segment.io/ https://match.adsrvr.org/ https://lj18wdvpyu-3.algolianet.com/ https://lj18wdvpyu-2.algolianet.com/ https://lj18wdvpyu-1.algolianet.com/ https://lj18wdvpyu-dsn.algolia.net/ https://www.google-analytics.com/ https://region1.google-analytics.com https://cdn.cookielaw.org *.doubleclick.net https://stats.g.doubleclick.net; font-src 'self' https://feed.pghub.io; frame-src 'self' https://images.ctfassets.net/ https://www.youtube-nocookie.com/ https://feed.pghub.io https://www.facebook.com/ https://d.agkn.com/ https://www.youtube.com https://pandg.tapad.com https://www.google.com/ https://www.googletagmanager.com/; img-src 'self' blob: data: https://feed.pghub.io https://www.facebook.com/ https://downloads.ctfassets.net/ https://px.moatads.com/ https://googleads.g.doubleclick.net/ https://www.confianzaonline.es *.akamaihd.net https://maps.gstatic.com https://maps.googleapis.com https://t.co https://www.google.com/ https://www.google.hr/ https://analytics.twitter.com https://s.amazon-adsystem.com/ https://c.lytics.io/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://match.adsrvr.org/ https://images.ctfassets.net https://pixel.tapad.com https://www.google-analytics.com https://i.ytimg.com; manifest-src 'self'; frame-ancestors 'self' https://app.contentful.com; media-src 'self' https://feed.pghub.io https://videos.ctfassets.net/; worker-src blob:; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * 'self' https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob:; 2
default-src 'none'; base-uri 'none'; frame-src checkout.stripe.com *.google.com; frame-ancestors 'none'; style-src *.scryfall.com scryfall.com; script-src *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.cloudflareinsights.com checkout.stripe.com 'unsafe-eval'; img-src *.scryfall.io *.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.stripe.com data:; font-src *.scryfall.com scryfall.com; manifest-src *.scryfall.com scryfall.com; connect-src api.scryfall.com scryfall.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com cloudflareinsights.com checkout.stripe.com; block-all-mixed-content; 2
frame-ancestors *.splunk.com *.touchcast.com *.salesforce.com, frame-ancestors *.splunk.com *.touchcast.com 2
frame-ancestors 'self' https://www.grainger.com; 2
upgrade-insecure-requests; frame-ancestors *.juniper.net *.junipercloud.net https://juniper.highspot.com https://junipernetworks.lookbookhq.com 2
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de broschuerenservice.land.nrw *.flockler.com platform.twitter.com www.instagram.com *.twimg.com *.map.nrw map.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.flockler.com;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de;    worker-src  'self' *.nrw.de;    frame-src   'self' *.nrw.de app.sli.do broschuerenservice.land.nrw www.youtube.com platform.twitter.com www.instagram.com www.facebook.com www.youtube-nocookie.com media-api.flockler.com customer-wa9kwmpdbqn89osv.cloudflarestream.com;    object-src  'self';    connect-src 'self' *.nrw.de *.flockler.com api.flockler.app;    media-src *; upgrade-insecure-requests; 2
default-src 'self' wss://*.cyberstock.com.my wss://*.maybank2u.com.my *.maybank2u.com.my *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.useinsider.com https://perfectsencollector.com *.google.com  https://analytics.google.com *.googleapis.com *.googletagmanager.com https://*.maybankheart.com; object-src *.maybank2u.com.my; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com; font-src *.gstatic.com *.maybank2u.com.my *.google.com *.mobiletrade.powerbroking2u.com.my; script-src 'self' *.maybank2u.com.my *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.mbww.com *.useinsider.com https://connect.facebook.net *.googleadservices.com *.google.com *.gstatic.com *.cyberstock.com.my; frame-src 'self' *.maybank2u.com.my *.useinsider.com https://unity.cadreon.com *.doubleclick.net *.youtube.com *.google.com *.mobiletrade.powerbroking2u.com.my *.cyberstock.com.my; img-src 'self' data: blob: *.maybank2u.com.my https://emerchant.maybank2u.com.my:8443 *.google-analytics.com *.googlesyndication.com *.doubleclick.net https://www.google.com https://www.google.com.my https://www.google.com.sg https://www.google.co.in https://www.google.co.id https://www.facebook.com/tr/ *.useinsider.com www.maybank.com *.gstatic.com *.googleapis.com http://dbv47yu57n5vf.cloudfront.net https://perfectsencollector.com *.amazonaws.com *.oto.my *.googletagmanager.com *.youtube.com 2
frame-ancestors 'self' *.gov.on.ca *.ontario.ca *.ontariogovernment.ca; 2
frame-ancestors 'self';default-src 'self' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.mybharat.gov.in data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.mybharat.gov.in; style-src 'self' 'unsafe-inline' *.gov.in *.digilocker.gov.in *.dl6.in *.digitallocker.gov.in *.api-setu.in *.mybharat.gov.in 2
frame-ancestors https://offers.monlix.com https://freecash.com 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
base-uri 'self' *.nr-data.net; child-src blob:; connect-src 'self' wss://*.planetromeo.com wss://*.romeo.com wss://*.hunqz.com *.planetromeo.com *.romeo.com offline-page.pages.dev *.facebook.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.smaato.net *.smaato.com *.maptiler.com *.report-uri.com wss://*.firebaseio.com *.googleapis.com *.zendesk.com; font-src 'self' *.gstatic.com *.typekit.net data:; form-action 'self' *.planetromeo.com *.romeo.com google.com; frame-ancestors *.romeo.com *.planetromeo.com *.hunqz.com; frame-src 'self' *.romeo.com *.planetromeo.com *.hunqz.com recaptcha.net *.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.blufm.de blufm.de *.firebaseio.com *.youtube.com *.facebook.com *.twitter.com; img-src https: data: blob: *.smaato.net; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ampproject.org *.doubleclick.net *.googlesyndication.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com recaptcha.net *.newrelic.com *.nr-data.net *.siftscience.com *.smaato.net *.firebaseio.com *.twitter.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net; worker-src 'self' blob:; default-src 'self' *.planetromeo.com *.romeo.com *.hunqz.com *.googlesyndication.com; 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors 'self' https://*.peta.org https://*.petalatino.com https://*.peta2.com; frame-src blob: * 2
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: https://cookie-cdn.cookiepro.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://code.jquery.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://cookie-cdn.cookiepro.com 2
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'unsafe-inline' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; img-src 'self' *.ttcache.com https://*.ttcache.com https://*.google-analytics.com https://*.googletagmanager.com data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; media-src 'none'; object-src 'none'; script-src 'self' https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' 2
media-src 'self' blob: livestream.st-andrews.ac.uk livestream1.st-andrews.ac.uk livestream2.st-andrews.ac.uk livestream-test.st-andrews.ac.uk; 2
frame-ancestors *.motor1.com 2
default-src data: blob: *;script-src *.workplace.com workplace.com *.facebook.com *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net https://*.google-analytics.com;style-src data: blob: 'unsafe-inline' * *.workplace.com *.facebook.com;connect-src *.workplace.com workplace.com *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.workplace.com:* wss://*.fbcdn.net ws://localhost:* blob: 'self' *.workplace.tools *.mktoresp.com https://*.google-analytics.com;img-src data: blob: * lookaside.fbsbx.com https://*.google-analytics.com;frame-src data: blob: * *.fbthirdpartypixel.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 2
frame-ancestors *.adspower.net 2
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.com https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.com https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.com  https://smetrics.vwfs.com https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.com;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.com https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com https://*.google.com;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com https://smetrics.vwfs.com https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 2
frame-ancestors 'self' https://cyon.ch https://www.cyon.ch https://blog.cyon.ch; 2
report-uri https://impactother.report-uri.com/r/d/csp/reportOnly; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: *; base-uri 'self'; 2
frame-ancestors 'self' *.edwardjones.com *.edwardjones.ca accountaccess.devjones.com accountaccess.devjones.ca iaa-api-gateway.apps.devjones.com accountaccess.edwardjones.com accountaccess.edwardjones.ca onlineaccess.edwardjones.com iaaweb.edwardjones.com; report-uri /report-csp-violation 2
default-src 'self' *; font-src * data:;img-src * data:; frame-src * 'self' 'unsafe-inline' ;worker-src blob:; connect-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' ;frame-ancestors * 'self'; form-action * 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: health.gov https://d1il786i4vdqy4.cloudfront.net https://dap.digitalgov.gov https://platform.twitter.com https://www.google.com https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://fonts.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com https://themes.googleusercontent.com https://analytics.google.com *.analytics.google.com *.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net *.youtube.com *.youtube-nocookie.com survey.alchemer.com *.ytimg.com, frame-ancestors 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.youtube.com www.google.com *.google-analytics.com https://www.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com api.connectedcommunity.org http://www.lifescitrc.org https://cdn.feathr.co cdn.feathr.co polo.feathr.co marco.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.cloudfront.net *.ngpvan.com *.everyaction.com *.research.net *.tickcounter.com *.smassets.net *.rdmobile.com *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net https://code.jquery.com *.photoshelter.com *.jquery.com blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com https://www.googletagmanager.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.fontawesome.com *.fontawesome.com use.typekit.net p.typekit.net *.crazyegg.com *.hotjar.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.photoshelter.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data: use.typekit.net *.crazyegg.com *.hotjar.com *.everyaction.com *.tickcounter.com *.rdmobile.com; img-src 'self' novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com *.gstatic.com *.googleapis.com *.google-analytics.com https://www.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com twitter.com *.twitter.com *.twimg.com use.fontawesome.com data: blob: *.eloqua.com *.physiology.org connect.the-aps.org *.cloudfront.net *.placehold.it stats.g.doubleclick.net marco.feathr.co *.adsrvr.org polo-v1.feathr.co polo.feathr.co *.crazyegg.com *.hotjar.com *.informz.net *.surveymonkey.com *.everyaction.com *.tickcounter.com *.rdmobile.com *.vimeo.com picsum.photos *.picsum.photos s3.amazonaws.com voicesofaps.gv-one.com *.photoshelter.com; media-src 'self' data: blob: www.youtube.com fast.wistia.net *.vimeo.com voicesofaps.gv-one.com *.photoshelter.com; frame-src 'self' *.facebook.com novartis.contacthr.com novartispharmaceuticalscorp.contacthr.com www.youtube.com api.connectedcommunity.org cdn.feathr.co polo.feathr.co marco.feathr.co *.qzzr.com *.crazyegg.com *.hotjar.com twitter.com *.twitter.com html5-player.libsyn.com www.podbean.com *.surveymonkey.com *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.vimeo.com voicesofaps.gv-one.com apsoc.informz.net *.photoshelter.com; connect-src 'self' *.informz.net *.google-analytics.com polo.feathr.co *.crazyegg.com *.doubleclick.net *.ngpvan.com *.cloudfront.net *.everyaction.com *.tickcounter.com *.smassets.net *.research.net *.wistia.net *.rdmobile.com *.vimeo.com *.fontawesome.com *.photoshelter.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truist.com *.truistsecurities.com *.truistinsurance.com *.truistleadershipinstitute.com *.sheffieldfinancial.com *.bridgetrusttitle.com *.grandbridge.com *.mcgriff.com *.about.paymypremiums.com *.afco.com *.afcodirect.com *.cafo.com *.postechnologygroup.com *.primeratepfc.com *.regionalacceptance.com  https://gateway.zscalerthree.net https://fast.wistia.com 4264071.fls.doubleclick.net https: accdn.lpsnmedia.net ad.doubleclick.net adservice.google.com analytics.tiktok.com bat.bing.com cdnjs.cloudflare.com cdn.cookielaw.org https://assets.adobedtm.com cm.g.doubleclick.net connect.facebook.com connect.facebook.net ct.pinterest.com d.adroll.com doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com geolocation.onetrust.com globalsiteanalytics.com googleads.g.doubleclick.net ib.adnxs.com idsync.rlcdn.com image2.pubmatic.com img.en25.com insight.adsrvr.org js.adsrvr.org login.zscalerthree.net lpcdn.lpsnmedia.net lptag.liveperson.net pixel.rubiconproject.com px.ads.linkedin.com s.adroll.com s.pinimg.com s1137986.t.eloqua.com s1358293874.t.eloqua.com sc-static.net siteintercept.qualtrics.com snap.licdn.com snapchat.com solutions.invocacdn.com static.ads-twitter.com sync.outbrain.com sync.taboola.com td.doubleclick.net tr.snapchat.com trc.taboola.com ups.analytics.yahoo.com us-u.openx.net utt.impactcdn.com va.v.liveperson.net www.facebook.com www.googleadservices.com www.googletagmanager.com www.pages02.net www.sc.pages02.net x.bidswitch.net zn9enqgwlulcwnbsw-truistcx.siteintercept.qualtrics.com blob:; worker-src 'self' blob: 2
default-src https: data: blob: chrome-extension: android-webview-video-poster: ms-appx-web: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' https://gebrauchtwagen.autobild.de https://vorschau.autobild.de https://interred.autobild.de 2
frame-ancestors check24.de *.check24.de 2
frame-ancestors https://accounts.cft.ru 2
frame-ancestors 'self' https://www.conservativereview.com/ 2
default-src 'self';  script-src 'self' 'unsafe-inline'  stats.epic.com;	child-src embed-ssl.ted.com embed.ted.com e.issuu.com secure.quantserve.com sentry.issuu.com pingback.issuu.com www.youtube.com player.vimeo.com;	style-src 'self' 'unsafe-inline';	form-action 'self';  font-src 'self';  connect-src 'self' stats.epic.com;  img-src 'self' data: stats.epic.com i.ytimg.com media.epic.com epicshare.blob.core.windows.net ehrnprd.blob.core.windows.net epicresearchstagingblob-cdn-endpoint.azureedge.net blob.epicresearch.org; 2
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'none'; 2
default-src 'self' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' https: blob:; style-src 'self' 'unsafe-inline' https: data: 2
frame-ancestors 'self' https://*.vfc.coremedia.cloud https://digital.vfc.com; child-src * blob:; worker-src * blob:; img-src * *.contentsquare.net blob: data:; connect-src * *.contentsquare.net blob:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: t.contentsquare.net contentsquare.com blob: 2
default-src data: https:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src  data: https: 'unsafe-inline'; object-src 'self' blob:; img-src data: blob: https:; 2
default-src https: http: blob: javascript: data: 'unsafe-inline' 'unsafe-eval' 'self'; 2
frame-ancestors 'self' *.shangri-la.com facebook.com *.facebook.com 2
frame-ancestors 'self' http://api.securedvisit.com http://track.securedvisit.com http://content.securedvisit.com http://images.securedvisit.com http://track.sv.rkdms.com *.loudcrowd.com *.lookaside.fbsbx.com 2
default-src *.pendo.saashr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; style-src fonts.googleapis.com 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.instagram.com *.facebook.net *.twimg.com *.pendo.saashr.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; img-src * data: blob: *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com; frame-ancestors file: cdvfile: 'self'; frame-src 'self' *.google.com app.eu.pendo.io; font-src 'self' fonts.gstatic.com; connect-src 'self' *.pendo.saashr.com app.eu.pendo.io pendo-eu-static-d276745b-378e-428a-493e-755dc699451d.storage.googleapis.com 2
base-uri 'self'; default-src 'self' blob: data: https: ; worker-src 'self' blob:; frame-ancestors 'self' *.paddle.com *.prismic.io https://www.profitwell.com https://paddle.enablix.com; media-src 'self' blob: data: https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stackadapt.com *.twitter.com *.iubenda.com *.facebook.net *.cloudfront.net *.hsforms.com googleads.g.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsforms.net *.hsleadflows.net *.hotjar.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.redditstatic.com *.youtube.com *.sentry-cdn.com *.visualwebsiteoptimizer.com dta8euw1l8gvs.cloudfront.net app.vwo.com https: ; script-src-elem 'self' 'unsafe-inline' *.youtube.com *.wistia.com *.licdn.com *.ads-twitter.com *.doubleclick.net *.hotjar.com *.redditstatic.com *.profitwell.com *.bing.com js.hubspot.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net www.clarity.ms *.hs-scripts.com *.facebook.net *.rudderlabs.com *.influ2.com *.stackadapt.com *.metadata.io *.clearbitscripts.com *.clearbitjs.com *.kustomerapp.com *.qualified.com *.iubenda.com *.netlify.app *.hsforms.net *.googletagmanager.com *.googleapis.com prismic.io *.prismic.io *.mplat-ppcprotect.com status.io *.visualwebsiteoptimizer.com dta8euw1l8gvs.cloudfront.net app.vwo.com; style-src 'self' 'unsafe-inline' *.cloudfront.net *.youtube.com *.visualwebsiteoptimizer.com dta8euw1l8gvs.cloudfront.net app.vwo.com s3.amazonaws.com https: blob: ; object-src 'none'; font-src 'self' *.cloudfront.net *.gstatic.com data: https: ; connect-src 'self' *.sentry.io *.visualwebsiteoptimizer.com dta8euw1l8gvs.cloudfront.net *.qualified.com app.vwo.com ws: wss: https: data: ; img-src 'self' *.googletagmanager.com *.ctfassets.net *.reddit.com *.cloudfront.net *.ytimg.com *.adsymptotic.com *.ads.linkedin.com t.co *.hubspot.com *.facebook.com *.google.com *.youtube.com *.ggpht.com *.visualwebsiteoptimizer.com dta8euw1l8gvs.cloudfront.net chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com data: https:; frame-src 'self' *.youtube.com *.wistia.net *.wistia.com *.hsforms.com paddle.kustomer.help *.kustomerapp.com *.qualified.com app.netlify.com *.doubleclick.net *.prismic.io www.slideshare.net app.vwo.com *.visualwebsiteoptimizer.com dta8euw1l8gvs.cloudfront.net; upgrade-insecure-requests; report-uri https://o522631.ingest.sentry.io/api/6141897/security/?sentry_key=543039e78e964ab2b1ae4c577751b645; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net/ *.googlesyndication.com/ tagmanager.google.com *.googletagmanager.com/ *.facebook.net/ *.typekit.net/ *.google-analytics.com/ *.lightwidget.com/ *.youtube.com/ *.ytimg.com/ *.lightwidget.com/ fast.fonts.net/ cdn.inspectlet.com/ *.bing.com/ *.gstatic.com/ *.google.com/recaptcha/ maps.googleapis.com/ *.googleadservices.com/ *.clarity.ms unpkg.com/; object-src 'self'; style-src 'self' 'unsafe-inline' fast.fonts.net/ fonts.googleapis.com/ ; img-src 'self' about: *.google-analytics.com/ *.typekit.net/ *.g.doubleclick.net/ *.googletagmanager.com/ *.carilionclinic.ovidds.com/ *.i.ytimg.com/ *.img.youtube.com/ *.youtube.com/ *.google.com/ads/ *.facebook.com/ *.bing.com/ *.googleapis.com/ *.ytimg.com/ *.flaticon.com *.w3.org/ maps.gstatic.com/ *.clarity.ms/ data:; media-src 'self'; frame-src 'self' *.lightwidget.com/ *.facebook.com/ *.vimeo.com/ *.youtube.com/ *.google.com/ *.carilionclinic.org; frame-ancestors 'self'; child-src 'self'; font-src 'self' *.googleusercontent.com/ *.typekit.net/ fast.fonts.net/ fonts.gstatic.com/; connect-src 'self' *.inspectlet.com/ *.google-analytics.com/ *.g.doubleclick.net/ carilionclinic.ovidds.com/ *.googleadservices.com/ *.google.com/pagead/ *.facebook.com/tr/ *.googleapis.com/ bat.bing.com/ *.clarity.ms/ analytics.google.com/; report-uri /report-csp-violation 2
frame-ancestors 'self' https://api.securedvisit.com https://track.securedvisit.com https://content.securedvisit.com https://images.securedvisit.com https://track.sv.rkdms.com 2
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: blob:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' http: data: *.cdnpandadoc.com; connect-src 'self' http:; font-src 'self' 'unsafe-inline' http: data:; media-src 'self' https: blob: 2
default-src https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' https://*; 2
default-src https: *.crazyegg.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com js.zi-scripts.com ws-assets.zoominfo.com; frame-src http: https: data:; style-src http: https: 'unsafe-inline'; img-src http: https: data: blob *.crazyegg.com; media-src http: https: data: blob:; font-src http: https: data:; connect-src http: https: wss: *.crazyegg.com; child-src http: https: blob:; frame-ancestors 'self' https://dialpad.highspot.com/ https://view.highspot.com/ https://dialpad.allbound.com/ 2
default-src 'none'; child-src 'self' 'unsafe-inline' https://www.googleadservices.com https://*.fls.doubleclick.net/ https://*.santander.co.uk https://santander.demdex.net blob:; script-src 'self' 'unsafe-inline' https://cdn.signly.co/release/latest/ https://dam.santander.co.uk https://t.contentsquare.net https://app.contentsquare.com https://md-scp.kampyle.com https://track.omguk.com https://cdn.usersnap.com https://screencapture.kampyle.com https://nebula-cdn.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://pagead2.googlesyndication.com https://sc-static.net https://js-cdn.dynatrace.com https://activitymap.adobe.com https://cdn-ukwest.onetrust.com https://googleads.g.doubleclick.net https://lptag.liveperson.net https://lo.v.liveperson.net https://lo.msg.liveperson.net https://accdn.lpsnmedia.net https://lpcdn.lpsnmedia.net https://www.googletagservices.com https://ad.doubleclick.net https://connect.facebook.net https://*.fls.doubleclick.net/ https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://dpm.demdex.net https://www.google.com https://google.com https://*.santander.co.uk; connect-src 'self' 'unsafe-inline' https://signly.azurewebsites.net https://tr.snapchat.com https://pagead2.googlesyndication.com https://dam.santander.co.uk https://events.launchdarkly.com https://app.launchdarkly.com wss://int-cb.santander.co.uk https://*.contentsquare.net https://md-scp.kampyle.com https://resources.digital-cloud-uk.medallia.eu https://santanderuk.tt.omtrdc.net https://udc-neb.kampyle.com https://*.bf.dynatrace.com https://privacyportal-uk.onetrust.com https://cdn-ukwest.onetrust.com https://googleads4.g.doubleclick.net wss://lo.msg.liveperson.net https://dpm.demdex.net https://*.santander.co.uk; img-src 'self' https://*.contentsquare.net https://lpcdn.lpsnmedia.net 'unsafe-inline' https://*.santander.co.uk data: https:; style-src 'self' 'unsafe-inline' https://cdn.signly.co/release/latest/ https://md-scp.kampyle.com; font-src 'self' https://dam.santander.co.uk; frame-src 'self' 'unsafe-inline' https://td.doubleclick.net https://www.youtube-nocookie.com https://activitymap.adobe.com https://resources.digital-cloud-uk.medallia.eu https://lo.tokenizer.liveperson.net https://lo.msghist.liveperson.net https://lo.msg.liveperson.net https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://server.lon.liveperson.net https://authorize.omniture.com https://sitecatalyst.omniture.com https://www.youtube.com https://santander.demdex.net https://*.fls.doubleclick.net; object-src 'self'; media-src https://signlymediaservice-ukso1.streaming.media.azure.net https://signlystorageaccount.blob.core.windows.net https://cdn.signly.co/images/ https://lpcdn.lpsnmedia.net; worker-src blob:; 2
frame-ancestors 'self' https://cart.penguinrandomhouse.com/ https://sites.dev.penguinrandomhouse.com/ https://sites.tst.penguinrandomhouse.com/ https://sites.prh.com/ https://iteratehq.com/ *.penguinrandomhouse.com *.dev.penguinrandomhouse.com *.tst.penguinrandomhouse.com 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: ; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net bat.bing.com *.amazon-adsystem.com s.amazon-adsystem.com *.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net static.ads-twitter.com tags.tiqcdn.com lptag.liveperson.net lpcdn.lpsnmedia.net cdn.optimizely.com accdn.lpsnmedia.net www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com cdn-assets-prod.s3.amazonaws.com app.contentsquare.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.contentsquare.net bat.bing.com manifest.prod.boltdns.net *.brightcovecdn.com adservice.google.com *.api.brightcove.com brightcove.hs.llnwd.net www.facebook.com maps.googleapis.com www.google.com www.googletagmanager.com *.siteintercept.qualtrics.com ad.doubleclick.net http://127.0.0.1:5000 http://127.0.0.1:5000/* stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com analytics.google.com logx.optimizely.com www.google.co.uk hsbc.co.uk www.hsbc.co.uk *.demdex.net *.lo.cobrowse.liveperson.net *.tt.omtrdc.net *.sc.omtrdc.net *.mcmprod.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk www.askus.hsbc.co.uk www.security.hsbc.co.uk translate.googleapis.com *.brightcove.com cdn-assets-prod.s3.amazonaws.com www.isstukdev.hsbc.co.uk www.mcmdev.hsbc.co.uk www.mcmperf.hsbc.co.uk www.isstukuat.hsbc.co.uk www.isstuk.hsbc.co.uk *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com stream-dev.data.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com connect.facebook.net www.youtube.com m.youtube.com *.demdex.net www.googletagmanager.com td.doubleclick.net *.ep-mimecast.facebook.com 8068700.fls.doubleclick.net gateway.zscalertwo.net google.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; frame-ancestors 'self' www.hsbc.co.uk *.liveperson.net; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com *.cloudfront.net at.alicdn.com cdn.jsdelivr.net; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.askus.hsbc.co.uk www.googletagmanager.com *.lo.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com brightcove.hs.llnwd.net; manifest-src 'self' www.hsbc.co.uk; upgrade-insecure-requests ; report-uri /csp/report; 2
default-src 'self'; upgrade-insecure-requests; frame-ancestors 'self' https://teams.microsoft.com https://retailservices.teams.microsoft.com https://retailservices-ppe.teams.microsoft.com https://local.teams.office.com https://devspaces.skype.com https://ssauth.skype.com https://teams.microsoft.com.mcas.ms https://teams.microsoft.com.us3.cas.ms https://local.teams.office.com:8080 https://teams.live.com https://outlook-sdf.office.com https://outlook.office.com/ https://assignments.onenote.com https://browser-sandbox.meshxp.net/ https://spoolclientsdk.skype.com https://acsinternal-cte-beta.azurewebsites.net https://acssample-beta.azurewebsites.net https://acssample-stable.azurewebsites.net https://loop.microsoft.com https://*.loop.microsoft.com https://loop.cloud.microsoft https://loop.cloud-dev.microsoft https://app.int.whiteboard.microsoft.com https://whiteboard.cloud-dev.microsoft https://*.whiteboard.microsoft.com https://whiteboard.microsoft.com https://whiteboard.office.com https://teams.cloud.microsoft https://outlook.cloud.microsoft https://m365.cloud.microsoft; base-uri 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'report-sample' http://amcdn.msftauth.net https://amcdn.msftauth.net https://*.office365.com https://*.office.net https://shell.cdn.office.net https://cdn.fluidpreview.office.net https://js.monitor.azure.com https://res-1.cdn.office.net https://res.cdn.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; style-src 'self' 'unsafe-inline' 'report-sample' https://*.office.net https://res.cdn.office.net https://cdn.fluidpreview.office.net https://ch5.fluidpreview.office.net https://cdn.dev.fluidpreview.office.net https://dev.loop.microsoft.com https://res-sdf.cdn.office.net; font-src 'self' data: https://*.office.net https://spoprod-a.akamaihd.net https://static2.sharepointonline.com fs.microsoft.com; img-src 'self' blob: data: https://*.office.com https://*.office.net https://*.office365.com https://outlook.live.com https://*.teams.microsoft.com https://*.officeapps.live.com https://web.vortex.data.microsoft.com https://shell.cdn.office.net https://urlp.asm.skype.com https://urlp.sfbassets.com https://*.svc.ms https://login.live.com https://storage.live.com https://az495088.vo.msecnd.net; connect-src 'self' blob: https://* wss://whiteboard.microsoft.com/sync wss://*.whiteboard.microsoft.com wss://whiteboard.microsoft.com wss://*.svc.ms wss://dogfood.augloop.svc.cloud.microsoft wss://*.dogfood.augloop.svc.cloud.microsoft wss://*.augloop-dogfood.officeppe.com wss://augloop-dogfood.officeppe.com wss://augloop.svc.cloud.microsoft wss://*.augloop.svc.cloud.microsoft wss://*.augloop.office.com wss://augloop.office.com wss://augloop-gcc.office.com wss://*.augloop-gcc.office.com; frame-src 'self' https://*; form-action 'self' https://*; worker-src 'self'; media-src 'self'; object-src 'none'; report-uri https://csp.microsoft.com/report/WhiteboardWebClient-WhiteboardApp-PROD; report-to csp-endpoint; 2
default-src *.nic.ch *.nic.li *.switch.ch; style-src 'unsafe-inline' *.nic.ch *.nic.li *.switch.ch; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nic.ch *.nic.li *.switch.ch; img-src data: *.nic.ch *.nic.li *.switch.ch; object-src 'none'; form-action 'self' *.nic.ch *.nic.li *.switch.ch *.eduid.ch export.highcharts.com; font-src data: *.nic.ch *.nic.li *.switch.ch; frame-ancestors *.nic.ch *.nic.li *.switch.ch; frame-src * 2
script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: blob: *; media-src https: data: blob: *; object-src 'none'; frame-ancestors 'none'; connect-src *; base-uri 'self'; upgrade-insecure-requests; 2
default-src 'self' *.fitchratings.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.google.com *.google.co.uk *.google.com.hk *.twitter.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com fitchconnect.piwikpro.com fitchconnect.piwik.pro cdn.polyfill.io *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com *.evidon.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbitscripts.com *.clearbit.com *.idio.co chart-studio.plotly.com public.flourish.studio  app.fitchconnect-stg.com app.fitchconnect.com *.fitch.group *.hotjar.com vjs.zencdn.net *.mktorest.com *.clearbitjs.com *.ads-twitter.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com linkedin.com *.googlesyndication.com *.doubleclick.net; style-src 'self' 'unsafe-inline' blob: your.fitchratings.com fonts.googleapis.com *.fitch.group *.hotjar.com *.googletagmanager.com; connect-src 'self' blob: *.fitchratings.com notify.bugsnag.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google.com *.google.co.uk *.google.com.hk *.twitter.com *.googletagmanager.com *.google-analytics.com fonts.googleapis.com *.piwikpro.com *.piwik.pro snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.analytics.google.com *.mktorest.com *.clearbit.com *.linkedin.oribi.io; img-src 'self' blob: *.fitchratings.com data: *.evidon.com *.googletagmanager.com trk.funnelenvy.com images.ctfassets.net *.boltdns.net metrics.brightcove.com stats.g.doubleclick.net l.betrad.com fitchconnect.piwikpro.com fitchconnect.piwik.pro *.linkedin.com p.adsymptotic.com *.idio.co *.fitch.group *.openstreetmap.org *.fitchratings.com httpsak-a.akamaihd.net *.hotjar.com *.google-analytics.com *.analytics.google.com *.twitter.com t.co googleads.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.ads.linkedin.com linkedin.com *.gstatic.com *.google.com *.google.co.uk *.google.com.hk; font-src 'self' data: *.fitchratings.com fonts.gstatic.com *.hotjar.com; frame-src 'self' *.fitchratings.com *.evidon.com infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group flo.uri.sh plotly.com chart-studio.plotly.com fitchgroup.eu.qualtrics.com indd.adobe.com *.hotjar.com bid.g.doubleclick.net *.fls.doubleclick.net *.doubleclick.net; worker-src 'self' blob:; child-src 'self' blob:; media-src 'self' blob: *.fitchratings.com *.brightcove.com videos.ctfassets.net *.akamaihd.net manifest.prod.boltdns.net; object-src 'none' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://hyperchat-us.inbenta.chat:8000 wss://*.byside.com https://miclaroasesor.com.co:9443 http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io http://cms.analytics.yahoo.com http://sp.analytics.yahoo.com http://pixel.claro.com.br http://idsyncmxedge.com  http://*.claro.com.co http://idsyncapp.claro.com.ar http://infored.lcdn.claro.net.co https://hyperchat-us.inbenta.chat:8000 https://app-eyn.cx.claro.com.co:8445 https://chat-eyn.cx.claro.com.co:8443 https://*.hotjar.io http://*.affperformance.com https://*.qualtrics.com https://*.teads.tv http://affperformance.com http://gurmelgyo.com http://won-digital.g2afse.com https://*.gstatic.com https://static.ads-twitter.com https://analytics.twitter.com https://code.jquery.com https://t.co https://cx.atdmt.com https://1mvl.com https://cdn.datatables.net https://ajax.aspnetcdn.com https://api.retargetly.com https://apim3w.com https://*.g.doubleclick.net https://9436341.fls.doubleclick.net https://cbks0.googleapis.com https://www.landingsclaro.com https://*.embluemail.com https://claroparatiprimero.co https://nominatim.openstreetmap.org https://connect.facebook.net https://fonts.googleapis.com https://geo0.ggpht.com https://lh3.ggpht.com https://*.google.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://raw.githubusercontent.com https://s.yimg.com https://sp.analytics.yahoo.com https://speedtest.claro.net.co https://*.inbenta.io https://*.inbenta.com https://sdk.inbenta.chat https://continua.com.mx https://www.claroparatiprimero.co https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.facebook.com https://www.google.com.co https://www.google.com.mx https://www.googleadservices.com https://*.google-analytics.com https://www.googletagmanager.com https://cms.analytics.yahoo.com https://pixel.claro.com.br https://idsyncmxedge.com https://img.youtube.com https://www.youtube-nocookie.com https://storage.googleapis.com https://postpago.eresclaro.com https://*.claro.com.co https://www.sostenibilidad-claro.com.co https://idsyncapp.claro.com.ar https://www.crcom.gov.co https://platform.twitter.com https://snap.licdn.com https://9621199.fls.doubleclick.net https://*.idx.lat https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://*.office.com https://*.hbomax.com https://won-digital.g2afse.com https://aurora.stefaninicolombia.com https://tags.bkrtx.com https://*.analytics.google.com https://analytics.tiktok.com https://*.cloudfront.net https://analytics.google.com https://*.retargetly.com https://stags.bluekai.com https://runtime.lappiz.io https://*.prod.clarodigital.net https://*.clarity.ms https://c.bing.com https://flowpaper.com https://*.byside.com https://www.youtube.com; media-src mediastream: data: blob:; frame-ancestors 'self' https://*.claro.com.co; 2
default-src 'self' noembed.com static.zdassets.com ekr.zdassets.com https://avm-cs.zendesk.com wss://pod-28.zendesk.com avm.zendesk.com v2.zopim.com wss://widget-mediator.zopim.com vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com ytimg.com s.ytimg.com data: avm.de service.avm.de news.avm.de bingo.avm.de scope.avm.de piwik.avm.de assets.avm.de maps.google.com *.googleapis.com *.gstatic.com shoplogos.commerce-connector.de www.commerce-connector.com i.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com img.youtube.com www.surveygizmo.eu 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' avm.de *.avm.de piwik.avm.de vimeo.com player.vimeo.com vimeocdn.com *.vimeocdn.com https://www.youtube-nocookie.com https://www.youtube.com maps.google.com *.googleapis.com https://static.zdassets.com pod-28.zendesk.com 'unsafe-inline' ; media-src 'self' *.avm.de static.zdassets.com *.googleapis.com *.gstatic.com ytimg.com s.ytimg.com blob: data: ; worker-src 'self' blob: ; frame-ancestors 'self'  2
frame-ancestors 'self' *.crestron.com *.crestron.com:81; 2
frame-ancestors 'self' https://nch-dev-healthdirect.crm6.dynamics.com https://nch-healthdirect.crm6.dynamics.com https://nch-test-healthdirect.crm6.dynamics.com https://nch-trn-healthdirect.crm6.dynamics.com 2
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' https://img.stage.creative.com https://appsmith.dev.creative.com ; 2
connect-src 'self' *.marketo.com *.marketo.net *.mktoresp.com *.onetrust.com *.adobedtm.com *.demdex.net *.googleapis.com *.doubleclick.net *.googletagmanager.com *.google.com *.googleadservices.com *.bnymellon.com *.pershing.com *.hcaptcha.com *.gstatic.com *.facebook.com *.facebook.net *.pinterest.com *.linkedin.oribi.io *.linkedin.com px.ads.linkedin.com *.twitter.com cookie-cdn.cookiepro.com *.cookielaw.org *.userway.org *.licdn.com bnymellon.tt.omtrdc.net *.everesttech.net api.company-target.com *.iconfinder.com *.vidyard.com *.adobecqms.net *.brighttalk.com *.tools.investis.com *.adobe.com *.qualtrics.com *.tt.omtrdc.net *.turtl.co; frame-src *.vidyard.com *.hcaptcha.com *.bnymellon.com *.demdex.net *.userway.org *.adobecqms.net *.brighttalk.com *.facebook.net *.facebook.com *.tools.investis.com *.doubleclick.net *.qualtrics.com *.turtl.co *.adobe.com *.ads.linkedin.com; object-src 'none'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.gstatic.com https://www.chevron.com https://*.core.windows.net https://*.mktoresp.com https://munchkin.marketo.net https://*.onetrust.com https://ajax.googleapis.com https://www.googlesapis.com https://www.googletagmanager.com https://apps.sitecore.net https://s.ytimg.com https://www.youtube.com https://cdn.cookielaw.org https://www.google-analytics.com https://*.qualtrics.com https://www.google.com https://www.googleapis.com https://extreme-ip-lookup.com https://secure-ds.serving-sys.com https://*.doubleclick.net https://chevroncorp.gcs-web.com https://vjs.zencdn.net https://adservice.google.com https://bs.serving-sys.com https://fonts.gstatic.com https://static.doubleclick.net https://www.executiveinterviews.com https://www.googleadservices.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://t.co https://*.linkedin.com https://analytics.twitter.com https://www.facebook.com https://optimize.google.com https://178-uxe-734.mktoutil.com https://*.us-east-2.amazonaws.com https://service.force.com https://*.salesforce.com https://*.force.com https://*.salesforceliveagent.com https://code.jquery.com https://img.youtube.com https://www.linkedin.com https://*.adsymptotic.com https://*.doubleclick.net https://fonts.googleapis.com https://optimize.google.com https://178-uxe-734.mktoresp.com https://script.crazyegg.com https://static.chartbeat.com https://ping.chartbeat.net https://siteimproveanalytics.com https://*.siteimproveanalytics.io https://www.googleoptimize.com https://*.parsely.com https://cdn.linkedin.oribi.io https://*.force.com https://*.my.salesforce-sites.com https://cdn.fonts.net https://analytics.tiktok.com https://i.ytimg.com https://*.nextdoor.com https://go.chevron.email https://acrobatservices.adobe.com https://viewlicense.adobe.io https://get.geojs.io; upgrade-insecure-requests; block-all-mixed-content; 2
object-src 'self' https://hightail.com;base-uri 'self';img-src https: http: blob: data:; frame-src https://* https://www.google.com/recaptcha/ 'self';font-src 'self' https://hightail.com data: ;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.hsforms.com/embed/ https://app.link/ http://js.bizographics.com/ http://stats.pusher.com/ http://www.googleadservices.com/ https://www.googleadservices.com https://www.google-analytics.com/ https://cdn.branch.io/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com/ https://dc.ads.linkedin.com/ https://px.ads.linkedin.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://sjs.bizographics.com/ https://assets.zendesk.com/ https://www.bizographics.com/ https://secure.adnxs.com/ https://v2.zopim.com/ https://*.pusher.com/ https://*.hs-banner.com/ https://*.hs-scripts.com/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hsadspixel.net/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://forms.hubspot.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://request.eprotect.vantivprelive.com/ https://request.eprotect.vantivcnp.com/ https://*.global.ssl.fastly.net/ http://*.hs-analytics.net/ http://*.hs-scripts.com/ http://*.hsforms.net/ http://*.hsadspixel.net/ http://cdnjs.cloudflare.com/ https://static.zdassets.com/ http://www.google-analytics.com/ https://*.pendo.io/ http://ajax.googleapis.com/ https://img.en25.com/i/livevalidation_standalone.compressed.js https://img.en25.com/Web/OpenTextGlobal/ https://pendo-io-static.storage.googleapis.com/ https://*.googletagmanager.com/ https://pendo-static-5705431416832000.storage.googleapis.com/ http://cdn.jsdelivr.net/npm/cookieconsent@3/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://player.vimeo.com/* https://d2t77mnxyo7adj.cloudfront.net/v1/c.js http://now.eloqua.com/visitor/ http://secure.p01.eloqua.com/visitor/ http://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://*.bing.com/ https://*.hotjar.com/ https://*.facebook.net/ https://*.doubleclick.net/ https://*.hsadspixel.net/ https://*.hs-scripts.com/ https://*.clarity.ms/ data https://hightail.com/; frame-ancestors 'self' https://hightail.com; 2
default-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch data: https://www.metanet.ch; base-uri 'none'; connect-src 'self' https://region1.google-analytics.com/ https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://wisepops.net https://notifications.wisepops.com; font-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://www.youtube.com https://bid.g.doubleclick.net https://td.doubleclick.net https://notifications.wisepops.com https://wisepops.net; img-src 'self' data: https://*.consentmanager.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google.at https://www.google.ch https://*.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://static.metanet.ch https://www.gstatic.com https://ssl.gstatic.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://cdn.wisepops.com https://loader.wisepops.com https://app.getwisp.co https://wisepops.net https://cdn.wisepops.net; style-src 'self' 'unsafe-inline' https://*.consentmanager.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://bx.webstyle.ch https://fonts.googleapis.com 2
frame-ancestors 'self' https://parapetstudios.com https://www.parapetstudios.com https://overseer.gp4f.com https://www.overseer.gp4f.com https://ows.smartoptix.com https://www.ows.smartoptix.com 2
frame-ancestors 'self';default-src 'self' blob: 'unsafe-inline' wss://ws.qualified.com perf-na1.hsforms.com app.qualified.com td.doubleclick.net pagead2.googlesyndication.com ws.qualified.com d3cy9zhslanhfa.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com youtube.com cdn.linkedin.oribi.io rs.fullstory.com forms-na1.hsforms.com cdn.contentful.com phenompeople.na.chilipiper.com js.chilipiper.com api.na.chilipiper.com api.chilipiper.com tracking.chilipiper.com ipv6.6sc.co cdn.cookielaw.org images.ctfassets.net assets.ctfassets.net videos.ctfassets.net app.clearbit.com api.hubapi.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com *.clearbitscripts.com *.litix.io alb.reddit.com *.clarity.ms secure.adnxs.com *.g2.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com *.google.com *.google.co.in stats.g.doubleclick.net p.adsymptotic.com privacy-policy.truste.com *.linkedin.com api.sharedcount.com n2.mouseflow.com c.6sc.co epsilon.6sense.com www.facebook.com *.hubspot.com fonts.gstatic.com *.phenom.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com cdn.cookielaw.org optanon.blob.core.windows.net c.bing.com geolocation.onetrust.com youtu.be abm2.listenloop.com notify.bugsnag.com pt37ad6f6a.execute-api.us-east-1.amazonaws.com data slideshare.net:;script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.googleapis.com images.ctfassets.net www.googleadservices.com videos.ctfassets.net *.phenom.com c.bing.com cdn.jsdelivr.net use.fontawesome.com fonts.googleapis.com cdnjs.cloudflare.com app-ab31.marketo.com connect.facebook.net *.clarity.ms j.6sc.co www.googletagmanager.com js.driftt.com munchkin.marketo.net snap.licdn.com www.google-analytics.com www.w3.org b.6sc.co edge.fullstory.com bat.bing.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hsforms.net static.hotjar.com script.hotjar.com forms.hsforms.com js.hsleadflows.net cdn.mouseflow.com www.youtube.com stackpath.bootstrapcdn.com fast.wistia.net www.g2.com embedwistia-a.akamaihd.net embed-fastly.wistia.com distillery.wistia.com pipedream.wistia.com images.g2crowd.com fast.wistia.com www.redditstatic.com js.usemessages.com alb.reddit.com cdn.cookielaw.org static.ads-twitter.com *.clearbitscripts.com x.clearbitjs.com js.hsadspixel.net app.clearbit.com api.hubapi.com js.chilipiper.com js.usemessages.com js.hsadspixel.net js.na.chilipiper.com snap.licdn.com www.google.com images.ctfassets.net videos.ctfassets.net js.driftt.com googleads.g.doubleclick.net stats.g.doubleclick.neti edge.fullstory.com secure.adnxs.com cb3034c4ce68477bb69489e3e49e4588.js.ubembed.com assets.ubembed.com js.zi-scripts.com ws-assets.zoominfo.com js.qualified.com js.hubspot.com v2.listenloop.com 2
frame-ancestors 'self' *.servicetitan.com; 2
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; report-uri https://reports.nameshield.net/ 2
default-src https: data: wss: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 2
frame-ancestors 'self' https://*.breuninger.com 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 2
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https://cms.mochahost.com https://analytics.sleeknote.com https://www.googletagmanager.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' https://stablechat.mysecurecloudhost.com; upgrade-insecure-requests; 2
frame-ancestors 'self' *.virginmoney.com; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: cid:; connect-src https: wss:; worker-src 'self' blob: ; child-src 'self' https: blob: ; 2
frame-src 'self' blob: 'self' https://www.google.com.ua https://secure.wayforpay.com https://api.fondy.eu https://www.facebook.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com https://www.ukrnames.com https://bg.ukrnames.com https://cdn.ukrnames.ua https://apis.google.com https://accounts.google.com https://www.google.com https://embed.tawk.to https://cdn.datatables.net https://play.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: 'self' https://www.ukrnames.com https://secure.wayforpay.com https://api.fondy.eu https://bg.ukrnames.com https://cdn.ukrnames.ua https://cdn.datatables.net https://embed.tawk.to https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net  https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://play.google.com; style-src 'self' 'unsafe-inline' https://secure.wayforpay.com https://api.fondy.eu https://embed.tawk.to https://cdn.datatables.net https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com https://fonts.googleapis.com; font-src 'self' data: https://embed.tawk.to https://fonts.gstatic.com; img-src 'self' data: https://*.amazonaws.com https://embed.tawk.to https://cdn.datatables.net  https://cdn.ukrnames.ua https://bg.ukrnames.com https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://www.google.com https://www.google.ru https://www.google.es https://www.google.fr https://www.google.nl https://www.google.kz https://www.google.by https://www.google.de https://www.google.pl https://www.google.ae https://www.google.md https://www.google.ca https://www.google.com.ua https://www.google.com.tr https://www.google.co.uk https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com blob: 'self' https://bg.ukrnames.com https://cdn.ukrnames.ua https://accounts.google.com; connect-src blob: 'self' wss://www.ukrnames.com wss://*.tawk.to https://www.facebook.com https://secure.wayforpay.com https://api.fondy.eu https://*.tawk.to https://www.google-analytics.com https://stats.g.doubleclick.net 2
frame-ancestors 'self' https://*.arg.igrupobbva 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; connect-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: blob: data:; font-src 'self' https:; object-src 'none'; base-uri 'self'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 2
default-src 'self' play.vidyard.com *.forsta.com *.rioseo.com *.g2crowd.com t.co; script-src 'self' go.forsta.com ws-assets.zoominfo.com cdn.bizible.com cdn.linkedin.oribi.io cdn.b0e8.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com js-agent.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com forsta.bamboohr.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co cdn.cookielaw.org bam.nr-data.net geolocation.onetrust.com www.google.com tpc.googlesyndication.com maps.googleapis.com digitalfeedback.us.confirmit.com www.gstatic.com *.smartrecruiters.com *.bc0a.com g10102301085.co *.castos.com optimize.google.com jobpal-sm.s3.amazonaws.com api.smooch.io forsta1--forstaful.sandbox.my.salesforce-sites.com *.forsta.com *.rioseo.com *.g2crowd.com t.co js.zi-scripts.com ws.zoominfo.com tags.clickagy.com  'unsafe-inline' 'unsafe-eval'; style-src 'self' go.forsta.com 972-oec-621.mktoweb.com fonts.googleapis.com legal.forsta.com static.smartrecruiters.com www.googletagmanager.com *.bc0a.com optimize.google.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co 'unsafe-inline'; frame-ancestors 'self' library.forsta.com resources.rioseo.com; frame-src go.forsta.com play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com www.google.com www.googletagmanager.com survey.us.confirmit.com subscriptions.smartrecruiters.com *.bc0a.com 6352b8cc15f5f7-88529694.castos.com optimize.google.com *.forsta.com *.rioseo.com t.co td.doubleclick.net hemsync.clickagy.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.forsta.com *.rioseo.com; connect-src 'self' jobpal-sm.s3.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com go.forsta.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com forsta.bamboohr.com *.6sense.com *.google.com adservice.google.com maps.googleapis.com translate.googleapis.com www.googletagmanager.com www.googleapis.com maps.googleapis.com analytics.google.com region1.google-analytics.com region1.analytics.google.com *.6sc.co digitalfeedback.us.confirmit.com *.hotjar.io *.hotjar.com wss://*.hotjar.com ws.zoominfo.com *.bc0a.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io api.smooch.io wss://api.smooch.io *.forsta.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn ww.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.g2crowd.com t.co js.zi-scripts.com aorta.clickagy.com hemsync.clickagy.com; font-src 'self' data: fonts.gstatic.com legal.forsta.com jobpal-sm.s3.amazonaws.com *.forsta.com *.rioseo.com t.co; media-src *.bc0a.com *.forsta.com *.rioseo.com *.castos.com *.b0e8.com t.co jobpal-sm.s3.amazonaws.com; img-src https: data:; report-uri https://forsta.report-uri.com/r/t/csp/enforce 2
frame-src *; frame-ancestors 'self' https://*.eventscloud.com; 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://stats.spdns.de; object-src 'none' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ ; img-src 'self' data: https://ssl.gstatic.com/ https://stats.spdns.de https://status.securepoint.de; media-src 'none'; frame-src https://stats.spdns.de/ https://www.google.com/recaptcha/ https://www.youtube.com/embed/; connect-src 'self' https://*.checkdns.spdyn.de/ https://*.checkcat.spdyn.de/; font-src 'self' https://fonts.gstatic.com 2
default-src 'self' https:; frame-ancestors *.cribl.io *.cribl-staging.cloud *.cribl.cloud http://localhost:27015 ; frame-src vercel.live vercel.com vars.hotjar.com *.cribl-staging.cloud *.cribl.cloud *.cribl-dev.cloud player.vimeo.com ; img-src 'self' 'unsafe-inline' cribl.io vercel.live vercel.com sockjs-mt1.pusher.com heapanalytics.com s.gravatar.com *.wp.com; connect-src 'self' ws: wss: cribl.io *.cribl.io fxw3r7gdm9.execute-api.us-east-1.amazonaws.com *.heapanalytics.com *.launchdarkly.com *.hotjar.com *.mktoresp.com www.google-analytics.com *.googleapis.com cdn.segment.com api.segment.io *.cribl-staging.cloud *.cribl.cloud *.cribl-dev.cloud cribl-cloud-dev.us.auth0.com cribl-cloud-staging.us.auth0.com cribl-cloud-prod.us.auth0.com vercel.com sockjs-mt1.pusher.com ws-mt1.pusher.com vercel.live vitals.vercel-insights.com vimeo.com ; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.heapanalytics.com script.hotjar.com munchkin.marketo.net www.google-analytics.com www.googletagmanager.com vercel.live vercel.com static.hotjar.com cdn.segment.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'none' 2
font-src 'self' data: *.kornferry.com *.kfadvance.com *.fontawesome.com *.typography.com *.hotjar.com *.hotjar.io *.hotjar.io *.juicer.io;, frame-ancestors 'self' data: *.kornferry.com *.kfadvance.com; 2
frame-ancestors 'self' https://vk.com https://m.vk.com http://awards.ratingruneta.ru https://sutochno.ru/ https://metrika.yandex.ru https://metrika.yandex.by https://metrika.yandex.com https://metrika.yandex.com.tr https://webvisor.com; 2
frame-ancestors 'self' *.bonhams.com 2
frame-ancestors 'self' *.mega.cl *.meganoticias.cl *.etc.cl *.google.com www-meganoticias-cl.cdn.ampproject.org 2
default-src 'self';font-src fonts.gstatic.com; base-uri 'self'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src mailto: *;  navigate-to *; connect-src *; 2
frame-ancestors 'self' https://*.yahooinc.com 2
default-src 'self' https://cdn.finnair.com https://pay.finnair.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.finnair.com *.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://bat.bing.com https://*.akamaihd.net https://*.go-mpulse.net https://*.quantummetric.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce.com https://connect.facebook.net https://www.dwin1.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://snap.licdn.com https://finnair.my.salesforce-sites.com https://*.hotjar.com https://*.ads-twitter.com; style-src 'self' 'unsafe-inline' *.finnair.com https://*.force.com https://*.salesforce.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://*.reactandshare.com https://finnair.my.salesforce-sites.com; img-src 'self' data: *.finnair.com *.google-analytics.com https://*.ytimg.com https://*.akamaihd.net https://*.akstat.io https://www.googletagmanager.com https://maps.googleapis.com https://*.gstatic.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it *.doubleclick.net https://www.googleadservices.com https://*.analytics.google.com https://www.facebook.com https://www.awin1.com https://www.dwin1.com https://cdn.smartvel.com https://bat.bing.com https://finnair.3dseatmapvr.com https://*.travelaudience.com https://*.reactandshare.com https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://analytics.twitter.com https://t.co https://script.hotjar.com https://play-lh.googleusercontent.com https://ade.googlesyndication.com https://cms-scdn.airtime.geemedia.com; manifest-src 'self' https://cdn.finnair.com; font-src 'self' data: https://cdn.finnair.com https://maps.googleapis.com https://*.gstatic.com https://cdn.smartvel.com https://cdn-qa.smartvel.com https://*.reactandshare.com https://script.hotjar.com; connect-src 'self' *.finnair.com https://sentry.io https://*.akamaihd.net https://*.akstat.io https://c.go-mpulse.net https://*.force.com https://search-api.swiftype.com https://finnair-app.quantummetric.com *.google-analytics.com *.doubleclick.net https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://www.google.fi https://www.google.se https://www.google.co.uk https://www.google.de https://www.google.es https://www.google.it https://www.facebook.com https://green.am.apps.avarko.com https://*.aurinkomatkat.fi https://api.smartvel.com https://cdn.smartvel.com https://finnair.3dseatmapvr.com https://finnair-app-search.ent.eu-central-1.aws.cloud.es.io https://*.reactandshare.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.ads-twitter.com https://*.ads-api.twitter.com https://*.analytics.twitter.com https://finnair.my.salesforce-sites.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com; child-src 'self' https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://www.facebook.com https://staticxx.facebook.com blob:; frame-src 'self' https://*.force.com https://*.salesforce.com https://paygw.finnair.com https://auth.finnair.com https://www.youtube.com https://api.finnair.com https://api-dev.finnair.com https://api-test.finnair.com https://api-preprod.finnair.com https://3530909.fls.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net https://finnair.eu.qualtrics.com https://www.facebook.com https://*.points.com https://13389050.fls.doubleclick.net https://vars.hotjar.com; worker-src 'self' https://finnair.3dseatmapvr.com blob:; sandbox allow-popups allow-forms allow-scripts allow-same-origin allow-modals allow-popups-to-escape-sandbox allow-top-navigation allow-downloads; frame-ancestors 'self'; object-src 'none'; media-src https://finnair.3dseatmapvr.com; 2
child-src *.doubleclick.net *.dynad.net https://www.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.pagbank.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pagseguro.com.br *.uol.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com.br *.googleapis.com *.gstatic.com *.g.doubleclick.net https://www.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.googleadservices.com *.youtube.com *.hotjar.com *.tailtarget.com bat.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src bat.bing.com *.doubleclick.net *.dynad.net https://connect.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.hotjar.com *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 2
frame-ancestors 'self' https://*.salliemae.com https://*.sallie.com 2
frame-ancestors 'self' https://cx360.corp.ackodev.com https://cx360.corp.acko.com https://app.ola.riskcovry.com https://lead360.corp.ackodev.com https://lead360.corp.acko.com https://cmp.mygate.com https://*.kappa.mgmaglev.xyz https://*.mygate.com https://cx360v2.corp.ackodev.com https://cx360v2.corp.acko.com https://auto-policy-frontend-ui-master.internal.ackodev.com https://auto-policy-frontend.internal.live.acko.com 2
default-src 'none'; connect-src 'self' ipleak.net:* *.ipleak.net:* ipleak.net *.ipleak.net; font-src 'self'; frame-src 'self' *.google.com; img-src 'self' data:; script-src 'self'; style-src 'self'; manifest-src 'self'; base-uri 'none'; form-action 'self' 2
upgrade-insecure-requests;frame-ancestors 'self' https://*.apus.edu 2
frame-ancestors 'self' https://tiaa-stagingx.unqork.io https://tiaa-uatx.unqork.io https://digitalforms.tiaa.org 2
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;style-src-elem data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content; 2
frame-ancestors 'self' *.sportradarserving.com sportradarserving.com 2
upgrade-insecure-requests; object-src https://www.datocms-assets.com; block-all-mixed-content; frame-ancestors 'self' https://plugins-cdn.datocms.com; 2
frame-ancestors 'self' *.thalesgroup.com; report-uri https://cpl.thalesgroup.com/report-uri/enforce 2
default-src 'self' https://geolocation.onetrust.com/ https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com; connect-src 'self' https://cdn-ukwest.onetrust.com https://tag-logger.demandbase.com/ https://pagead2.googlesyndication.com/pagead/ https://www.gstatic.com/maps/ https://privacyportal-uk.onetrust.com/request/ https://privacyportaluatde.onetrust.com/request/ https://segments.company-target.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://api.company-target.com/api/ https://maps.googleapis.com/ https://dpm.demdex.net/id https://barclaysinternational.sc.omtrdc.net/b/ss/ https://barclaysbankplc.tt.omtrdc.net/m2/barclaysbankplc/mbox/ https://cdn.linkedin.oribi.io/partner/ https://www.media.barclays.co.uk/ https://segments.company-target.com/ https://px.ads.linkedin.com/; img-src 'self' data: https://www.googletagmanager.com https://adservice.google.co.uk/ https://adservice.google.com/ https://adservice.google.co.in/ https://maps.googleapis.com/ https://adservice.google.com/ https://ad.doubleclick.net/ https://id.rlcdn.com/ https://cdn.cookielaw.org/ https://dev.day.com/ https://www.media.barclays.co.uk/assets/ https://px.ads.linkedin.com/ https://cm.everesttech.net/cm/ https://barclaysinternational.sc.omtrdc.net/b/ss/ https://maps.gstatic.com/ https://www.linkedin.com/ https://www.google.com.au https://www.google.co.bw https://www.google.com.br https://www.google.be https://www.google.ca https://www.google.cn https://www.google.com.cy https://www.google.dk https://www.google.com.eg https://www.google.fr https://www.google.de https://www.google.com.gh https://www.google.com.gi https://www.google.gr https://www.google.gg https://www.google.com.hk https://www.google.co.in https://www.google.co.id https://www.google.ie https://www.google.im https://www.google.co.il https://www.google.it https://www.google.co.jp https://www.google.je https://www.google.co.ke https://www.google.lt https://www.google.lu https://www.google.com.my https://www.google.mu https://www.google.com.mx https://www.google.co.mz https://www.google.nl https://www.google.com.ng https://www.google.no https://www.google.com.pk https://www.google.com.ph https://www.google.pt https://www.google.com.pr https://www.google.com.qa https://www.google.ru https://www.google.com.sa https://www.google.sc https://www.google.com.sg https://www.google.co.za https://www.google.co.kr https://www.google.es https://www.google.se https://www.google.ch https://www.google.com.tw https://www.google.co.tz https://www.google.com.tr https://www.google.co.th https://www.google.ae https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.co.zm https://www.google.co.zw https://t.co/ https://analytics.twitter.com/ https://cdn-ukwest.onetrust.com https://ad.doubleclick.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-ukwest.onetrust.com https://snap.licdn.com/li.lms-analytics/ https://code.highcharts.com/ https://www.highcharts.com https://platform.twitter.com/widgets.js https://assets.adobedtm.com/ https://www.googletagmanager.com/gtag/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://static.ads-twitter.com/ https://tag.demandbase.com/ https://www.media.barclays.co.uk/ https://googleads.g.doubleclick.net/ blob:; frame-src 'self' https://platform.twitter.com/ https://www.investmentbank.barclays.com https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://s.company-target.com/ https://barclaysbankplc.demdex.net/ https://td.doubleclick.net/; style-src 'self' https://geolocation.onetrust.com/ https://8347051.fls.doubleclick.net/ https://www.media.barclays.co.uk/ https://fonts.googleapis.com/css https://fonts.gstatic.com 'unsafe-inline' 2
frame-ancestors https://*.shopstyleops.com/ https://local.shopstyleops.com:*/ https://*.shopstylecollective.com https://shopstylecollective.com https://*.collectivevoicelocal.com https://collectivevoicelocal.com https://*.collectivevoiceqa.com https://collectivevoiceqa.com https://*.collectivevoicedev.com https://collectivevoicedev.com https://*.collectivevoicebeta.com https://collectivevoicebeta.com https://*.collectivevoice.com https://collectivevoice.com; report-uri /csp-violation; 2
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net jsv3.recruitics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com cdn.cookielaw.org cookie-cdn.cookiepro.com www.redditstatic.com script.crazyegg.com tag.demandbase.com www.google-analytics.com ngc.avature.net api-engage-us.sitecorecloud.io www.googletagmanager.com www.youtube.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.onetrust.com *.cloudfront.net jsv3.recruitics.com www.google.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com www.redditstatic.com script.crazyegg.com cse.google.com www.googleadservices.com googleads.g.doubleclick.net tag.demandbase.com www.google-analytics.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com ngc.avature.net www.googletagmanager.com code.jquery.com www.youtube.com;connect-src 'self' *.vercel.app *.northropgrumman.com *.onetrust.com stats.g.doubleclick.net www.google-analytics.com bat.bing.com px.ads.linkedin.com static.ads-twitter.com connect.facebook.com cse.google.com cookie-cdn.1trust.app snap.licdn.com connect.facebook.net static.ads-twitter.com analytics.google.com conversions-config.reddit.com www.redditstatic.com script.crazyegg.com www.googleapis.com rum.browser-intake-datadoghq.com api.company-target.com cookie-cdn.1trust.app cdn.cookielaw.org cookie-cdn.cookiepro.com pagestates-tracking.crazyegg.com assets-tracking.crazyegg.com tracking.crazyegg.com ngc.avature.net vitals.vercel-insights.com api-engage-us.sitecorecloud.io discover.sitecorecloud.io/;base-uri 'self';form-action 'self';font-src 'self' *.vercel.app ngc.avature.net use.typekit.net data:;style-src 'self' 'unsafe-eval' 'unsafe-inline' *.vercel.app *.northropgrumman.com *.onetrust.com ngc.avature.net www.crazyegg.com script.crazyegg.com www.google.com use.typekit.net p.typekit.net;frame-src 'self' *.vercel.app *.doubleclick.net *.agencyq.site *.northropgrumman.com *.onetrust.com https://portalstospace.com login.goservicepro.com jsv3.recruitics.com ngc.avature.net s.company-target.com td.doubleclick.net jsv3.recruitics.com www.portalstospace.com www.youtube.com w.soundcloud.com data: blob:;img-src 'self' data: *;media-src 'self' *.vercel.app *.agencyq.site *.northropgrumman.com *.onetrust.com ngc.avature.net img.youtube.com data:; 2
upgrade-insecure-requests; frame-ancestors 'none'; 2
img-src 'self' *.google-analytics.com img.youtube.com *.s3waas.gov.in secure.gravatar.com *.twimg.com *.twitter.com data:;connect-src 'self' *.s3waas.gov.in *.google-analytics.com;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src 'self';frame-src 'self' www.google.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 2
default-src 'self' *.icons8.com *.hotjar.com data:; child-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.docs.google.com *.wistia.com *.wistia.net blob:; connect-src 'self' *.cookielaw.org *.google-analytics.com *.freshworks.com *.mapbox.com *.euronext.com *.hotjar.com *.hotjar.io ws.hotjar.com ws: *.onetrust.com *.wistia.net *.wistia.com; frame-src 'self' *.youtube.com *.youtu.be *.hotjar.com *.twitter.com *.piktochart.com *.euronext.com *.google.com *.wistia.com *.wistia.net; img-src 'self' *.cookielaw.org *.ytimg.com *.w3.org data: *.euronext.com *.googletagmanager.com blob: *.globenewswire.com *.wistia.net *.wistia.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org *.wistia.com api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io https://unpkg.com mdbootstrap.com platform.twitter.com rawgit.com stackpath.bootstrapcdn.com; script-src-elem 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.cookielaw.org *.google-analytics.com *.euronext.com *.mapbox.com *.datatables.net *.jsdelivr.net *.cloudflare.com *.jquery.com *.knightlab.com *.twitter.com *.polyfill.io *.unpkg.com *.mdbootstrap.com *.rawgit.com *.bootstrapcdn.com *.google.com *.freshworks.com *.youtu.be *.doubleclick.net *.gstatic.com *.schema.org *.hotjar.com *.drupal.org *.youtube.com *.wistia.net *.wistia.com api.mapbox.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io https://unpkg.com mdbootstrap.com platform.twitter.com rawgit.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' *.icons8.com *.freshworks.com *.gstatic.com *.ytimg.com *.ggpht.com *.wistia.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com maxcdn.icons8.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' *.euronext.com *.piktochart.com *.youtu.be; report-uri https://www.euronext.com/en/report-uri/enforce; upgrade-insecure-requests 2
frame-ancestors *.benq.com *.benq.eu 2
frame-ancestors 'self' https://dealerexperience.cadillac.com https://dealerexperience-cadillac-com.*.wpx.gm.com 2
report-uri https://www.homeaffairs.gov.au; frame-ancestors https://app.monsido.com https://*.immi.gov.au https://*.border.gov.au https://*.customs.gov.au https://*.abf.gov.au https://*.homeaffairs.gov.au https://*.harmony.gov.au https://*.nationalsecurity.gov.au https://*.idmatch.gov.au https://*.disasterassist.gov.au https://*.livingsafetogether.gov.au https://*.organisationalresilience.gov.au https://*.tisn.gov.au https://*.triplezero.gov.au https://*.cicentre.gov.au https://*.mara.gov.au https://*.auscheck.gov.au https://*.CISC.gov.au https://*.cetc.gov.au https://*.osi.gov.au https://*.gov.au https://bordertv.au.vbrickrev.com https://*.translation.gov.au https://*.odwt.app 2
frame-ancestors 'self' *.winfuture.de; 2
frame-ancestors 'self' https://*.forumfree.it/ 2
frame-ancestors 'self'; default-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline'; 2
frame-ancestors 'self' dw.beyondtrustcloud.com dwspectrum.com; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.storyblok.com *.clarity.ms https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://mc.yandex.ru/ *.hotjar.com/ https://snap.licdn.com/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googleoptimize.com/optimize.js *.googletagmanager.com/ https://multilogin.postaffiliatepro.com/ *.hs-scripts.com/ *.hs-analytics.net/ *.usemessages.com/ *.hscollectedforms.net/ *.hs-banner.com/ 'unsafe-eval' *.livechatinc.com *.youtube.com *.livechat-static.com *.google.com *.livechatinc.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.livechatinc.com *.youtube.com *.google.com; connect-src 'self' *.google.com *.clarity.ms https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com https://cdn.linkedin.oribi.io *.cloudfront.net *.hotjar.com https://mc.yandex.ru https://mc.yandex.md *.analytics.google.com/ *.google-analytics.com/ https://stats.g.doubleclick.net/ *.hscollectedforms.net/ *.hubspot.com/; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://mc.yandex.md/ https://www.youtube.com https://td.doubleclick.net/ https://secure.livechatinc.com/; img-src data: * *.livechatinc.com *.youtube.com *.google.com *.livechat-files.com *.livechat-static.com; manifest-src 'self'; media-src 'self' *.storyblok.com *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; child-src 'self' *.livechatinc.com *.youtube.com *.google.com; ; worker-src 'none'; frame-ancestors 'self' *.storyblok.com; 2
frame-ancestors 'self' *.d2l.com *.brightspace.com d2l.local d2lcorp.local a11ywatch.com peek-achoo.com app.mutinyhq.com; 2
frame-ancestors 'self' https://fullsb-supportjfrog.cs84.force.com https://ppp-supportjfrog.cs100.force.com https://partners.jfrog.com https://supportjfrog.force.com/ 2
frame-ancestors 'self' nielseniq.com *.nielseniq.com; 2
default-src 'self'; connect-src https: wss:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com; frame-src https:; img-src https: data:; media-src https: blob:; worker-src blob:; object-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; form-action https:; report-uri https://csp-reports.globalweb.aws.assaabloy.com/reports; 2
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nuveen.com tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net *.omtrdc.net *.tiaa.org tiaa.org apps.nuveen.org *.nuveen.com optimize.google.com *.googleoptimize.com *.googleanalytics.com *.google-analytics.com ad.doubleclick.net *.googlesyndication.com tools.inviteeducation.com *.googletagmanager.com *.gstatic.com maps.googleapis.com cdn.cookielaw.org *.salesforceliveagent.com players.brightcove.net *.qualtrics.com *.google.com cdn.evgnet.com *.evgnet.com *.azurewebsites.net s.go-mpulse.net cdn.polyfill.io cdnjs.cloudflare.com *.morningstar.com *.akamaihd.net js-agent.newrelic.com *.nuveen.com tag.demandbase.com *.google-analytics.com script.crazyegg.com snap.licdn.com static.ads-twitter.com pi.pardot.com js.adsrvr.org connect.facebook.net info.nuveen.com action.dstillery.com googleads.g.doubleclick.net *.googleadservices.com api.ipify.org analytics.google.com stats.g.doubleclick.net *.nr-data.net action.media6degrees.com ajax.googleapis.com *.nuveen.com polyfill.io unpkg.com stackpath.bootstrapcdn.com cdn.jsdelivr.net *.broadridge.com *.bing.com *.clarity.ms *.callrail.com *.byspotify.com *.crazyegg.com blob:;style-src 'self' 'unsafe-inline' tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net optimize.google.com *.googleoptimize.com fonts.googleapis.com *.morningstar.com *.broadridge.com *.crazyegg.com;img-src data: 'self' api.nuveen.com *.google-analytics.com ad.doubleclick.net d.turn.com *.gstatic.com cdn.cookielaw.org maps.gstatic.com maps.googleapis.com *.b2i.us *.nuveen.com id.rlcdn.com *.morningstar.com *.azurewebsites.net *.googletagmanager.com googleads.g.doubleclick.net *.google.com *.google.co.in *.facebook.com *.linkedin.com t.co analytics.twitter.com googleads.g.doubleclick.net segments.company-target.com *.google-analytics.com match.adsrvr.org beacon.krxd.net a.audrte.com stags.bluekai.com idsync.rlcdn.com ib.adnxs.com ce.lijit.com dt-secure.videohub.tv dpm.demdex.net aa.agkn.com us-u.openx.net *.akamaihd.net *.qualtrics.com *.nr-data.net *.bing.com *.clarity.ms pixel.byspotify.com *.crazyegg.com data:;font-src data: 'self' fonts.gstatic.com fonts.googleapis.com optimize.google.com *.morningstar.com;connect-src 'self' *.nuveen.com mboxedge34.tt.omtrdc.net tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net *.azurewebsites.net *.facebook.com connect.facebook.net *.googlesyndication.com ad.doubleclick.net bat.bing.com maps.googleapis.com siteintercept.qualtrics.com cdn.cookielaw.org/ tiaabank.us-4.evergage.com *.b2i.us c.go-mpulse.net *.akamaihd.net *.akstat.io *.morningstar.com api.company-target.com script.crazyegg.com *.google-analytics.com stats.g.doubleclick.net *.crazyegg.com analytics.google.com geolocation.onetrust.com privacyportal.onetrust.com *.nr-data.net cdn.linkedin.oribi.io *.hawkeye.epsilon.com *.fundslibrary.net *.services.visualstudio.com *.clarity.ms *.company-target.com tag-logger.demandbase.com *.callrail.com *.byspotify.com *.nuveen.com mboxedge34.tt.omtrdc.net tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net *.azurewebsites.net *.facebook.com connect.facebook.net *.googlesyndication.com ad.doubleclick.net bat.bing.com maps.googleapis.com siteintercept.qualtrics.com cdn.cookielaw.org/ tiaabank.us-4.evergage.com *.b2i.us c.go-mpulse.net *.akamaihd.net *.akstat.io *.morningstar.com api.company-target.com script.crazyegg.com *.google-analytics.com stats.g.doubleclick.net *.crazyegg.com analytics.google.com geolocation.onetrust.com privacyportal.onetrust.com *.nr-data.net cdn.linkedin.oribi.io *.hawkeye.epsilon.com *.fundslibrary.net *.services.visualstudio.com *.clarity.ms *.company-target.com tag-logger.demandbase.com *.callrail.com *.byspotify.com *.linkedin.com;media-src 'self' bcbolt446c5271-a.akamaihd.net;object-src 'none' ;child-src 'self' blob:;frame-ancestors 'self' ;frame-src 'self' tiaacref.tt.omtrdc.net cdn.tt.omtrdc.net c-pace.greenworkslending.com optimize.google.com *.googleoptimize.com v3.inviteeducation.com players.brightcove.net *.google.com *.adsrvr.org *.doubleclick.net *.facebook.com *.nuveen.com *.company-target.com reporting.nuveenglobal.info icx.efrontcloud.com *.googlesyndication.com tiaa2.co1.qualtrics.com;form-action 'self' tiaa2.co1.qualtrics.com;manifest-src 'none' ; 2
style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data:; frame-src https:; upgrade-insecure-requests; 2
default-src 'self' *.materialdesignicons.com *.azurefd.net *.jsdelivr.net *.zoom.us *.doubleclick.net *.cloudfront.net *.googlesyndication.com *.twitter.com *.opticsinfobase.org *.titanembeds.com *.boltdns.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.osa.org *.talkjs.com *.googleapis.com *.3playmedia.com s3.amazonaws.com https://challenges.cloudflare.com/turnstile/ https://unpkg.com *.jsdelivr.net *.cvent.com cdn.mxpnl.com *.mixpanel.com https://zoom.us *.zoom.us code.jquery.com *.twitter.com adservice.google.com *.doubleclick.net *.ampproject.org *.googlesyndication.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com www.google.com tagmanager.google.com www.googletagservices.com *.brightcove.net *.zencdn.net *.twimg.com *.ytimg.com www.youtube.com *.myfonts.net *.simpli.fi www.gstatic.com *.licdn.com *.knightlab.com blob:; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' cdn.opticsinfobase.org *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.3playmedia.com *.cloudfront.net *.osa.org http://www.frontiersinoptics.com www.frontiersinoptics.org www.cleoconference.org www.ofcconference.com api-js.mixpanel.com www.google-analytics.com *.brightcove.com *.brightcove.net *.boltdns.net *.googlesyndication.com *.akamaihd.net *.doubleclick.net https://unpkg.com *.zoom.us wss://*.zoom.us wss://*.osa.org https://*.linkedin.com blob:; media-src 'self' *.osa.org *.talkjs.com *.zoom.us *.boltdns.net *.akamaihd.net blob:; object-src 'self' *.azurefd.net cdn.opticsinfobase.org cdn.materialdesignicons.com *.cloudfront.net *.googlesyndication.com *.blob.core.windows.net https://*.zoom.us blob:; frame-src 'self' *.azurefd.net *.brightcove.net *.cloudfront.net *.blob.core.windows.net *.osa.org cdn.opticsinfobase.org *.frontiersinoptics.com *.google.com *.googlesyndication.com *.youtube.com https://challenges.cloudflare.com/ https://*.doubleclick.net; frame-ancestors 'self' *.osa.org *.frontiersinoptics.com 2
script-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: ajax.aspnetcdn.com www.gstatic.com s7.addthis.com assets.transparently.com ajax.googleapis.com www.google.com vjs.zencdn.net mychart.piedmont.org maps.googleapis.com ie7-js.googlecode.com apis.google.com maxcdn.bootstrapcdn.com cdn.kyruus.com z.moatads.com www.google-analytics.com siteimproveanalytics.com www.googletagmanager.com connect.facebook.net cdn.krxd.net d10lpsik1i8c69.cloudfront.net v1.addthisedge.com m.addthis.com guide.loyalhealth.com www.googleadservices.com piedmont.netmng.com secure-ds.serving-sys.com solutions.invocacdn.com *.krxd.net bs.serving-sys.com googleads.g.doubleclick.net js.adsrvr.org assets.pinterest.com log.pinterest.com *.elfsight.com code.jquery.com tagmanager.google.com bbox.blackbaudhosting.com *.wufoo.com *.invoca.net s.pinimg.com assets.sitescdn.net static.hotjar.com script.hotjar.com answers-embed.piedmont.com.pagescdn.com ads.nextdoor.com touchpoint-sdk.alida.com mychart.piedmont.org dexcareapi-piedmont.azureedge.net www.care.piedmont.org care.womp.it piedmont.womp.it 2
report-uri /report-csp;report-to /report-csp;base-uri 'self';child-src number26://* *.n26.com n26.com *.doubleclick.net pixel.mathtag.com n26.go2cloud.org tr.snapchat.com *.youtube-nocookie.com youtube-nocookie.com boards.greenhouse.io;connect-src 'self' https://spc.n26.com * fonts.googleapis.com https://*.logs.datadoghq.eu;font-src 'self' data:;img-src https://spc.n26.com 'self' data: images.ctfassets.net images.contentful.com * *.greenhouse.io;media-src videos.contentful.com videos.ctfassets.net;object-src 'none';style-src 'unsafe-inline' 'self' fonts.googleapis.com tagmanager.google.com;script-src 'self' cdn.number26.de 'unsafe-inline' * connect.facebook.net *.youtube-nocookie.com s.ytimg.com youtube-nocookie.com youtube.com boards.greenhouse.io datadoghq.eu datadoghq-browser-agent.com cdn.cookielaw.org;worker-src 'self';default-src *;frame-ancestors 'self' *.n26.com app.contentful.com 2
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.deutsche-rentenversicherung.de *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.deutsche-rentenversicherung.de *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org; object-src 'self' *.deutsche-rentenversicherung.de multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.deutsche-rentenversicherung.de;child-src *.google.com *.gstatic.com *.youtube.com ; img-src 'self' data: *.deutsche-rentenversicherung.de *.google.com *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; 2
connect-src 'self' 'unsafe-inline' www.google-analytics.com collect.tealiumiq.com; script-src 'self' 'unsafe-inline' tags.tiqcdn.com www.youtube.com img6.wsimg.com img1.wsimg.com www.google-analytics.com s.ytimg.com; object-src 'none'; default-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; style-src 'self' 'unsafe-inline' img6.wsimg.com img1.wsimg.com; img-src 'self' 'unsafe-inline' data: img6.wsimg.com img1.wsimg.com www.google-analytics.com; font-src 'self' 'unsafe-inline' data: img6.wsimg.com img1.wsimg.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.usefathom.com plausible.io *.pingdom.net *.slideshare.net *.onetrust.com  *.libsyn.com  *.crazyegg.com *.polyfill.io *.matomo.cloud *.doubleclick.net *.adtran *.adva.com *.advaoptical.com *.pardot.com *.akamaized.net  *.cookielaw.org  cdn.matomo.cloud  *.vimeo.com  *.jquery.com cdn.jsdelivr.net cdn.sheetjs.com *.google.com widget.trustpilot.com *.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com *.googleoptimize.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com  *.linkedin.com www.clarity.ms www.tiktok.com lf16-tiktok-web.ttwstatic.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com *.twitter.com *.facebook.net *.twimg.com designbysoap.b-cdn.net blob:; img-src * 'self' data: blob:;frame-ancestors 'self'; 2
frame-ancestors 'self' https://*.riu.com https://*.apps.riu.com https://*.stay-app.com https://www.googleapis.com https://*.google.com https://connect.facebook.net https://*.akamaitechnologies.com https://*.yandex.com https://*.msn.com https://*.googlebot.com https://*.gstatic.com https://static.cloudflareinsights.com https://www.riuagents.com; 2
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com; worker-src * blob:; style-src * 'unsafe-inline'; 2
frame-ancestors 'self' https://*.fashionjobs.com https://*.fashionnetwork.com https://*.fashiongroup.com https://*.fashionmag.biz https://fashionmag.biz https://fashionnetworkevents.com https://*.fashionnetworkevents.com 2
report-uri https://nplindia.org 2
frame-ancestors 'self' https://builder.io; 2
frame-ancestors 'none'; default-src 'self' static.zdassets.com viabtc.zendesk.com *.zendesk.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net www.youtube-nocookie.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.zdassets.com res.wx.qq.com viabtc.zendesk.com www.google-analytics.com stats.g.doubleclick.net api.geetest.com api.geevisit.com monitor.geetest.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; style-src 'unsafe-inline' at.alicdn.com viabtc.zendesk.com static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; img-src i.ytimg.com www.google-analytics.com www.google.com *.aliyuncs.com *.alicdn.com viabtcconfig.oss-cn-shenzhen.aliyuncs.com viapoolconfig.oss-cn-hongkong.aliyuncs.com data: stats.g.doubleclick.net static.geetest.com static.geevisit.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; font-src 'unsafe-inline' at.alicdn.com data: *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; connect-src viabtc.zendesk.com *.zendesk.com viabtc-help.zendesk.com *.zdassets.com https://widget-mediator.zopim.com https://p.extfun.com wss://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viabtc.net:* viabtc.net:* *.viabtc.net viabtc.net *.viabtc.top:* viabtc.top:* *.viabtc.top viabtc.top *.viabtc.co:* viabtc.co:* *.viabtc.co viabtc.co *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com; frame-src www.bilibili.com player.bilibili.com player.vimeo.com *.viabtc.com *.jumio.com www.youtube.com www.youtube-nocookie.com www.ixigua.com v.qq.com 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://sb.scorecardresearch.com https://*.yahoo.com blob: wss:; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-top-navigation-by-user-activation allow-presentation allow-storage-access-by-user-activation; img-src 'self' https: data: blob: https://*.yimg.com https://bats.video.yahoo.com https://*.scorecardresearch.com https://*.adaptv.advertising.com https://trk.vidible.tv https://beap.gemini.yahoo.com https://api.cloudinary.com; object-src https://*.engadget.com https://s.yimg.com https://api.cloudinary.com; worker-src 'self' blob:; manifest-src 'self' https://s.yimg.com; font-src 'self' data: https://*.engadget.com https://s.yimg.com https://fonts.gstatic.com https://*.spot.im https://assets.video.yahoo.net; connect-src 'self' https://*.engadget.com https://s.yimg.com https://*.yahoo.net https://*.yahoo.com https://*.yahoosandbox.com https://*.oath.com https://*.advertising.com https://*.cdn.yimg.com https://ad.doubleclick.net https://*.doubleverify.com https://*.googlesyndication.com https://*.spot.im https://*.giphy.com https://*.vidible.com https://*.media.yahoo.com:4443 https://*.skimresources.com https://*.taboola.com https://securepubads.g.doubleclick.net https://*.spotim.market https://*.criteo.com https://*.criteo.net https://*.pubmatic.com https://*.rubiconproject.com https://*.lijit.com https://*.gumgum.com https://*.openx.net https://*.adtelligent.com https://*.casalemedia.com https://*.creativecdn.com https://*.adnxs.com https://*.nighttstand.com https://*.rlcdn.com https://*.adsrvr.org https://*.adform.net https://*.vidible.tv https://*.uplynk.com https://*.edgekey.net https://*.doubleclick.net https://d1z2jf7jlzjs58.cloudfront.net https://*.pixel.parsely.com https://*.aniview.com https://*.ad-score.com https://polarcdn-terrax.com https://*.polarcdn-terrax.com https://*.polarcdn.com https://polarcdn-engine.com https://polarcdn-pentos.com https://videodelivery.net https://*.videodelivery.net https://sf-hs-sg.ibytedtos.com https://b1h.zemanta.com https://hb-api.omnitagjs.com https://search.spotxchange.com https://video-api.yql.yahoo.com https://edgecast-vod.yimg.com https://assets.video.yahoo.net https://cdn-ssl.vidible.tv/prod https://*.doubleclick.net https://edgecast-vod.yahoo.net https://*.vpg.cdn.yimg.com https://s.yimg.com https://media.zenfs.com https://assets.video.yahoo.net https://ads.adaptv.advertising.com https://video.adaptv.advertising.com https://tpc.googlesyndication.com/ima3vpaid https://*.adsafeprotected.com https://*.pictela.net https://api.cloudinary.com https://*.media.net https://*.clean.gg https://*.liadm.com https://events.newsroom.bi https://flowcards.mrf.io https://compassdata.mrf.io https://sdk.mrf.io; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.engadget.com https://*.oath.com https://*.yahoo.com; report-uri https://csp.yahoo.com/beacon/csp?src=engadget; report-to csp-endpoint; 2
frame-ancestors 'self' http://tutorialcorreo.xsi.es http://correo.natural.es http://correo.mundored.com http://mundored.com https://correo.nuevecomanueve.es 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js https://ga.jspm.io/npm:es-module-shims@1.7.1/dist/es-module-shims.js https://kit.fontawesome.com/ https://kit.fontawesome.com/29b2028b7f.js https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js *.swmed.edu *.utsouthwestern.edu https://tagmanager.google.com https://www.googleadservices.com https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.6/dist/umd/popper.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js *.taggbox.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://w.soundcloud.com/player/api.js https://siteimproveanalytics.com/js/siteanalyze_67564.js https://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://www.youvisit.com/tour/Embed/js3 https://s.ytimg.com/yts/jsbin/www-widgetapi-vfldp9JMF/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflGYMLFw/www-widgetapi.js https://www.youvisit.com/SmartScript/latest/smartscript.js https://utsw.flintbox.com/embed.js https://utsw.flintbox.com/assets/iframe-container-5933c9a9de9740bee358da320c7bf82406da2e2f6e93843b06b4514c2030dfd9.js https://www.gstatic.com https://unpkg.com https://cdn.storygize.net https://bs.serving-sys.com *.pinterest.com *.hotjar.com https://platform.twitter.com https://assets.pinterest.com https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.4/jquery.js http://www.facebook.com/plugins/like.php https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://cdnjs.cloudflare.com/ajax/libs/foundation/6.4.3/js/foundation.min.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_format_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_fw_module.js https://www.gstatic.com/charts/46.2/third_party/dygraphs/dygraph-tickers-combined.js https://www.gstatic.com/charts/46.2/third_party/webfontloader/webfont.js https://www.gstatic.com/charts/46.2/js/jsapi_compiled_bar_module.js https://cdnjs.cloudflare.com/ajax/libs/foundation-essential/5.2.2/js/vendor/modernizr.js https://www.google-analytics.com/analytics.js https://script.crazyegg.com/pages/scripts/0017/5050.js https://static.hotjar.com/c/hotjar-30590.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebOneTag.js https://www.storygize.net/a/cecea51f-563b-4ac4-9a2a-8a3660977ad2/abdo.js https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/charts/46.2/loader.js https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://snap.licdn.com/li.lms-analytics/insight.min.js; connect-src 'self' *.swmed.edu *.utsouthwestern.edu https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.5.0/css/free-v4-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css https://ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io https://lm.serving-sys.com *.taggbox.com *.crazyegg.com *.hotjar.io *.hotjar.com https://www.juicer.io https://stats.g.doubleclick.net/j/collect https://listgrowth.ctctcdn.com/v1/5626582cad2b3868b069a1d065b39fd3.json https://visitor2.constantcontact.com/api/v1/signup_forms/ https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/8/6218 https://graph.facebook.com/58323112191/picture https://www.juicer.io/api/page_views https://www.juicer.io/api/feeds/home-page-393b6969-47a9-40b5-b6a5-297bc3722122 https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu; frame-src 'self' *.swmed.edu https://app.powerbi.com/ *.utsouthwestern.edu https://app.truelook.com/ https://utsw.flintbox.com/ https://td.doubleclick.net *.taggbox.com https://forms.office.com/ *.hotjar.com https://www.youvisit.com https://cdn.youvisit.com https://w.soundcloud.com https://platform.twitter.com https://www.facebook.com https://yoshki.com/badge-apta.html https://cdn.plyr.io https://connect.facebook.net https://www.storygize.net https://www.gstatic.com/recaptcha/api2/v1555968629716/recaptcha__en.js https://www.gstatic.com/charts/loader.js https://events.utsouthwestern.edu https://assets.juicer.io/embed.js https://www.youtube.com/ https://player.vimeo.com/ https://www.flickr.com/ https://www.jove.com/ https://launchpad.utswneurology.com/ http://radonc.utsouthwestern.edu/ https://surgeonportal.donortracplus.org/ https://ais.swmed.edu/ https://www.facebook.com/ https://www.google.com/ https://calendar.google.com/ https://www.googletagmanager.com/ https://hroras2.swmed.edu/ https://studentservices.utsouthwestern.edu https://intrastudentservices.utsouthwestern.edu https://px.ads.linkedin.com 2
frame-ancestors 'self' *.backushospital.org  *.charlottehungerford.org  *.ctorthoinstitute.org  *.ctorthomidstate.org  *.ctorthostvincents.org  *.hartfordhealthcare.org  *.hartfordhealthcare.org  *.hartfordhealthcareathome.org  *.hartfordhealthcaremedicalgroup.org  *.hartfordhealthcarerehabnetwork.org  *.hartfordhospital.org  *.hartfordhospital.org  *.hhcandme.com  *.hhcbehavioralhealth.org  *.hhcconnect.com  *.hhcconnect.net  *.hhcconnect.org  *.hhchealth.com  *.hhchealth.net  *.hhchealth.org  *.hhcseniorservices.org  *.hhcsystem.org  *.instituteofliving.org  *.integratedcarepartners.org  *.midstatemedical.org  mychartplus.org *.mychartplus.org  *.natchaug.org  *.rushford.org  *.stvincents.org  *.thocc.org 2
default-src https:  wss://*.hotjar.com wss://*.qualified.com; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self' *.experityhealth.com; frame-src data: https:; media-src blob: data: https:; object-src 'self' blob:; worker-src blob: 'self'; child-src blob:; upgrade-insecure-requests; 2
frame-ancestors 'self'; block-all-mixed-content 2
frame-ancestors 'self' https://*.swansea.ac.uk https://*.swan.ac.uk https://app.myday.cloud myday://app.myday.cloud https://swanseauni.myday.cloud https://swansea-uk.libwizard.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.hotjar.com https://in.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hubspot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com *.hubspot.com; media-src 'self' data: blob:; frame-src 'self' https://interactive-img.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.mktoresp.com https://*.google-analytics.com https://*.analytics.google.com https://*.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.hscollectedforms.net https://*.googletagmanager.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: 'unsafe-inline' 'unsafe-eval' *.vimeo.com 'unsafe-inline' 'unsafe-eval' *.boards-api.greenhouse.io *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://cdn.bizible.com https://www.google.com brandfolder-svc.com https://cdn-cookieyes.com/ cdn.hu-manity.co/ https://tags.clickagy.com/ cdn.jsdelivr.net pages.e2open.com pages.e2open.com/js/forms2/css/forms2.css blob: *.ep-mimecast.ads-twitter.com *.doubleclick.net *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.marketo.com *.nr-data.net https://analytics.twitter.com https://bat.bing.com https://bam.nr-data.net https://cdn.abrankings.com https://connect.facebook.net https://content.linkedin.com https://cdn.syndication.twimg.com https://en.twitter.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://j.6sc.co https://js.adsrvr.org https://js.facebook.com https://js-agent.newrelic.com https://munchkin.marketo.net https://okt.to https://platform.linkedin.com https://platform.twitter.com https://play.vidyard.com https://player.vimeo.com https://r.bing.com https://static.ads-twitter.com https://script.crazyegg.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://snap.licdn.com https://static-exp1.licdn.com https://static.oktopost.com https://tagmanager.google.com https://t.co https://visitor.reactful.com https://www.clarity.ms https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.vimeo.com https://ws.zoominfo.com https://app-sj31.marketo.com/index.php/form/getForm https://bam.nr-data.net/1/NRJS-861f3eedf716c4eaf11 https://bat.bing.com/bat.js https://cdn.abrankings.com/js/client.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/722106568/ https://j.6sc.co/6si.min.js https://js-agent.newrelic.com/nr-1216.min.js https://js.adsrvr.org/up_loader.1.1.0.js https://munchkin.marketo.net/munchkin.js https://okt.to/ping https://pages.e2open.com/js/forms2/js/forms2.min.js https://platform.twitter.com/js/moment~timeline.d73eae5387f08ab9f8b71dcf9d12d391.js https://play.vidyard.com/embed/v4.js https://player.vimeo.com/api/player.js https://script.crazyegg.com/pages/scripts/0104/0422.js https://script.hotjar.com/modules.86ab03b5bc9b930d4f53.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/c/hotjar-2184122.js https://static.oktopost.com/oktrk.js https://visitor.reactful.com/dist/main.rtfl.js https://ws.zoominfo.com/pixel/61eeeb0bcd134a001e3eda0d https://www.clarity.ms/tag/uet/17464652 https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.googleoptimize.com/optimize.js https://www.googletagmanager.com/gtm.js *.vimeo.com *.vimeocdn.com *.newrelic.com www.googletagservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com *.typeform.com embed.typeform.com api.typeform.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: 'unsafe-inline' 'report-sample' 'unsafe-inline' https://pages.e2open.com cdn.jsdelivr.net *.marketo.net *.marketo.com *.licdn.com *.google.com *.bing.com fonts.googleapis.com platform.twitter.com ton.twimg.com www.googletagmanager.com fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com *.vimeocdn.com maps.googleapis.com maps.google.com translate.googleapis.com tagmanager.google.com *.typeform.com embed.typeform.com api.typeform.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: 'unsafe-inline' data: https://ad.doubleclick.net https://image.thum.io https://t0.gstatic.com https://www.e2open.com https://img.youtube.com https://cdn.bizible.com  https://cdn.bizibly.com https://pages.e2open.com https://cdn-cookieyes.com https://abs.twimg.com https://p.adsymptotic.com https://id.rlcdn.com https://px.ads.linkedin.com px.ads.linkedin.com https://aorta.clickagy.com https://analytics.twitter.com https://b.6sc.co https://bat.bing.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://secure.gravatar.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com *.vidyard.com *.twimg.com *.twitter.com *.clarity.ms *.linkedin.com *.t.co *.bing.com t.co facebook.com zoominfo.com *.google.com *.6sc.co privacy-policy.truste.com px.ads.linkedin.com www.google.com.au *.google.co https://px.ads.linkedin.com/collect s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://809-eog-429.mktoresp.com wss://ws.hotjar.com  https://content.hotjar.io https://directory.cookieyes.com https://log.cookieyes.com/ https://cdn.bizibly.com https://cdn-cookieyes.com https://px.ads.linkedin.com https://epsilon-globalaccelerator.6sense.com  https://designer-api.hu-manity.co/ https://hemsync.clickagy.com https://aorta.clickagy.com/ cdn.linkedin.oribi.io https://ad.doubleclick.net https://api.redirect.li/v1/ https://bam.nr-data.net https://bat.bing.com https://cdn.abrankings.com https://d.clarity.ms https://epsilon.6sense.com https://in.hotjar.com https://ipv6.6sc.co https://script.crazyegg.com https://sheets.googleapis.com https://stats.g.doubleclick.net https://tracking.reactful.com https://visitor.reactful.com https://ws.zoominfo.com https://ws31.hotjar.com https://www.google-analytics.com wss://ws31.hotjar.com *.6sc.co *.facebook.com *.hotjar.com *.clarity.ms secure.adnxs.com *.google-analytics.com vc.hotjar.io assets-tracking.crazyegg.com pages.e2open.com tracking.crazyegg.com pagestates-tracking.crazyegg.com 809-eog-429.mktoutil.com ws32.hotjar.com f.clarity.ms wss://ws30.hotjar.com wss://ws41.hotjar.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com boards-api.greenhouse.io https://809-eog-429.mktoresp.com https://hemsync.clickagy.com https://aorta.clickagy.com/ *.typeform.com embed.typeform.com api.typeform.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: data: https://fonts.gstatic.com data: fonts.gstatic.com fonts.googleapis.com connecteurope.e2open.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' *.googlesyndication.com *.boards-api.greenhouse.io; media-src 'self' ; frame-src 'self' 'unsafe-inline' https://play.vidyard.com td.doubleclick.net https://integration-panel-ui.brandfolder-svc.com brandfolder-svc.com https://*.fls.doubleclick.net https://match.adsrvr.org https://www.google.com pages.e2open.com https://11817530.fls.doubleclick.net https://match.adsrvr.org https://app-sj31.marketo.com https://bid.g.doubleclick.net https://insight.adsrvr.org https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com *.typeform.com embed.typeform.com api.typeform.com www.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net platform.twitter.com vimeo.com www.googletagmanager.com *.vimeocdn.com www.youtube.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob: www.google.com; base-uri 'self' ; form-action 'self' *.twitter.com *.google.com *.facebook.com connect.facebook.net pages.e2open.com; frame-ancestors 'self' t.co twitter.com https://*.paperflite.com https://play.vidyard.com/; upgrade-insecure-requests; report-uri https://62cf790d4226858c368f8a9c.endpoint.csper.io?v=3;; 2
default-src 'none'; worker-src 'self' blob: ; media-src https://s3-eu-west-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com 'self' blob: data: ; frame-src https://radix-downloads.s3.eu-west-1.amazonaws.com *.bluesnap.com *.hotjar.com *.google.com https://visomdm.com/ ; connect-src https://visomdm.com wss://visomdm.com https://pro.ip-api.com *.hotjar.io *.glbth.com *.visomdm.com *.atvmanager.com *.teacherview.live https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com wss://*.glbth.com wss://*.visomdm.com wss://*.atvmanager.com wss://*.teacherview.live wss://*.hotjar.com wss://*.tawk.to wss://*.xirsys.com *.hotjar.com *.tawk.to 'self' ; font-src 'self' *.tawk.to *.gstatic.com ; img-src *.ggpht.com tawk.link blob: *.googleusercontent.com *.google.com https://*.gstatic.com https://*.mzstatic.com https://cdn.jsdelivr.net/emojione/ *.tawk.to https://mdm-packages.s3.eu-central-1.amazonaws.com https://storage.visomdm.com https://storage-prod.visomdm.com https://storage-prod.visomdm.com.s3.eu-west-1.amazonaws.com *.tile.openstreetmap.org data: 'self' ; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net/emojione/ *.googleapis.com https://embed.tawk.to/ ; script-src 'self' https://cdn.jsdelivr.net/emojione/ *.hotjar.com *.tawk.to *.openstreetmap.org *.google.com *.gstatic.com *.ip-api.com 'sha256-jxahBNaefKb7HUgrP6SFqod39I6KB1wnzxNv+Gahh2s=' 'sha256-mf7OlEdaUdLAGAIDqicGf/kRbd9P604n4ooz6WIWPZc=' 'sha256-YJ3eJPxdzm7qieW1lfM307T3jCkb8WIfRGJEnAE84p0=' https://itunes.apple.com/ ; frame-ancestors 'self' https://visomdm.com/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: * 2
frame-src *.pff.com www.facebook.com www.youtube.com 2
frame-ancestors 'self' https://*.beyondtrust.com https://beyondtrust.com; base-uri 'self'; form-action 'self' https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.btdevops.io https://*.wistia.com; object-src 'self'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static-maps.yandex.ru https://assetsgarantibbva.com *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;media-src 'self' *.signfordeaf.com http://*.signfordeaf.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.api.useinsider.com https://*.useinsider.com;connect-src 'self' *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.signfordeaf.com;img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://static-maps.yandex.ru *.assetsgaranti.com *.garantibbvayatirim.com.tr *.garantiyatirim.com.tr *.garantibbva.com.tr *.garanti.com.tr *.garantibbvaemeklilik.com.tr *.garantiemeklilik.com.tr *.gteknoloji.com.tr *.gteknolojidmz.com.tr *.garantibank.ro *.garantiemeklisandigi.org.tr *.api.useinsider.com https://*.useinsider.com wss://*.matriksdata.com *.matriksdata.com *.dataroid.com *.google.com *.google.com.tr *.doubleclick.net https://googleads.g.doubleclick.net *.efilli.com *.fw.garanti.com.tr *.googletagmanager.com *.fw.garantibbva.com.tr ajax.googleapis.com fonts.googleapis.com *.google-analytics.com *.analytics.google.com *.signfordeaf.com;style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.useinsider.com *.api.useinsider.com fonts.googleapis.com ajax.googleapis.com;font-src 'self' 'unsafe-inline' 'unsafe-eval' *.useinsider.com *.api.useinsider.com fonts.googleapis.com ajax.googleapis.com fonts.gstatic.com; 2
default-src 'self' *;  connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *;  script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *;  img-src 'self' blob: data: *;  frame-src 'self' blob: data: *;  object-src 'self' blob: data: *;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  style-src 'self' 'unsafe-inline' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  font-src 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  base-uri 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  form-action 'self' https://*.addictinggames.com https://*.shockwave.com https://*.scorecardresearch.com https://*.recurly.com https://*.cdn.yollamedia.com https://*.yollamedia.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googletagservices.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://local.addictinggames.com:3000 https://local.shockwave.com:3000;  frame-ancestors 'none';  upgrade-insecure-requests; 2
default-src 'self' http: https: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; frame-ancestors https://epson.com https://*.epson.com https://*.epson.jp https://*.epson https://*.goepson.com https://epson.ca https://epson.com.mx https://epson.com.ar https://epson.com.bo https://epson.com.br https://epson.co.cr https://epson.cl https://epson.com.co https://epson.com.do https://epson.com.ec https://epson.com.py https://epson.com.pe https://epson.com.uy https://epson.com.ve https://solheimcup2023.eu https://cm.lpga.com https://cm.epsontour.com https://www.lpga.com https://www.epsontour.com 2
default-src 'self' https://privacyportal.cookiepro.com https://pagestrip.com; script-src *.googleapis.com *.gstatic.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com *.doubleclick.net *.googleadservices.com *.recaptcha.net munchkin.marketo.net *.eloqua.com *.en25.com *.pagestrip.com player.vimeo.com *.ssl.cf1.rackcdn.com *.youtube.com s3.amazonaws.com magna.us5.list-manage.com *.baidu.com *.usersnap.com *.adform.net *.adnxs.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hscollectedforms.net *.hs-banner.com forms-eu1.hsforms.com *.cookielaw.org *.google.com *.mediavalet.com cdn.jsdelivr.net cdnjs.com code.jquery.com consent.cookiebot.com consentcdn.cookiebot.com cookie-cdn.cookiepro.com cse.google.com dec.azureedge.net downloads.mailchimp.com emea3.recruitmentplatform.com fast.fonts.net geolocation.onetrust.com js-eu1.hsforms.net kendo.cdn.telerik.com maxcdn.bootstrapcdn.com mc.us5.list-manage.com platform.stumbleupon.com/1/widgets.js publish.twitter.com rum-static.pingdom.net s.ytimg.com s7.addthis.com secure.adnxs.com sjs.bizographics.com snap.licdn.com stackpath.bootstrapcdn.com syndication.twitter.com unpkg.com v1.addthisedge.com walls.io www.googletagmanager.com www.youtube.com/iframe_api z.moatads.com 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.pagestrip.com *.ssl.cf1.rackcdn.com cdn.jsdelivr.net cdn.mediavalet.com cdn-images.mailchimp.com cdnjs.cloudflare.com dec.azureedge.net downloads.mailchimp.com emea3.recruitmentplatform.com fast.fonts.net form.asana.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com www.youtube.com 'self' 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://www.google.co.uk https://dec.azureedge.net https://*.dec.sitefinity.com https://px.ads.linkedin.com *.eloqua.com https://i3.ytimg.com https://i.ytimg.com https://ml.globenewswire.com https://p.adsymptotic.com https://downloads.mailchimp.com https://resource.globenewswire.com https://cookie-cdn.cookiepro.com https://shp.qpic.cn https://img.youtube.com https://magna-p.magna.com https://magna.com https://cdnjs.cloudflare.com https://clients1.google.com https://www.google.com https://www.googletagmanager.com *.magna.com *.pagestrip.com https://puui.qpic.cn https://cms.sps-digital.com https://stats.g.doubleclick.net https://www.google.ca https://hm.baidu.com https://mcusercontent.com https://cdn-images.mailchimp.com https://www.google.vg https://www.google.de https://www.google.fr *.rackcdn.com *.adnxs.com *.hsforms.com *.hubspot.com cdn.mediavalet.com https://insights.apps-magna.com https://media.corporate-ir.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.pagestrip.com *.magna.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://mpt-product-information.com/ https://td.doubleclick.net/ https://www.recaptcha.net/ https://magna.gcs-web.com/ https://my.walls.io/ https://www.google.com/ https://forms-eu1.hsforms.com/ https://www.facebook.com/ https://magna.s2.positionierung.at/ https://form.asana.com/ https://app.truelook.cloud/ https://embed.mediavalet.com/; connect-src 'self' *.google-analytics.com *.mktoresp.com *.linkedin.oribi.io *.addthis.com *.hs-banner.com *.hubspot.com *.hubapi.com forms-eu1.hscollectedforms.net *.google.com *.analytics.google.com *.dec.sitefinity.com *.pagestrip.com analytics.google.com cdn.cookielaw.org cookie-cdn.cookiepro.com emea3.recruitmentplatform.com forms-eu1.hsforms.com geolocation.onetrust.com global3.recruitmentplatform.com hm.baidu.com m.addthis.com magna-na.magna.com pagead2.googlesyndication.com pagestrip.com privacyportal.cookiepro.com px.ads.linkedin.com rum-collector-2.pingdom.net s7.addthis.com stats.g.doubleclick.net www.google.ca www.google.de www.google.se www.google.vg googleads.g.doubleclick.net ib.adnxs.com; media-src 'self' data: blob: *.ssl.cf1.rackcdn.com *.cf2.rackcdn.com *.cf1.rackcdn.com *.iosr.cf1.rackcdn.com https://cms.sps-digital.com https://cdn.mediavalet.com; child-src 'self' https://embed.mediavalet.com/ https://td.doubleclick.net/ https://magna.gcs-web.com https://s7.addthis.com https://consentcdn.cookiebot.com/ https://www.google.com https://v.qq.com/ https://walls.io/ https://cse.google.com/ https://pagestrip.com https://*.pagestrip.com https://my.walls.io https://www.magnapeople.com https://mpt-product-information.com/ https://magna-staging.jifflenow.com/ https://magna.jifflenow.com/ https://www.recaptcha.net https://www.mpt-product-information.com https://bid.g.doubleclick.net https://open.spotify.com/ https://www.youtube-nocookie.com/ https://forms-eu1.hsforms.com/ https://magna.s2.positionierung.at/ 2
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://assets.adobedtm.com https://static.ads-twitter.com https://zn5mvwfi1g8ili9hu-asmlcx.siteintercept.qualtrics.com https://*.qualtrics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://*.mouseflow.com https://sc-static.net https://*.googletagmanager.com https://*.facebook.net https://*.licdn.com https://*.redditstatic.com https://*.cloudfront.net https://*.snapchat.com https://*.doubleclick.net https://*.doubleclick.net https://*.googleadservices.com https://*.asml.com https://*.quadia.net https://*.euroland.com https://vercel.live; child-src 'self' https://*.mouseflow.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.asml.com; img-src 'self' data: https://asml.picturepark.com https://*.sitecorecloud.io https://cdn.cookielaw.org https://insight.adsrvr.org https://px.ads.linkedin.com https://alb.reddit.com https://www.facebook.com https://siteintercept.qualtrics.com; connect-src 'self' data: https://api-engage-eu.sitecorecloud.io https://*.vercel-insights.com https://cdn.cookielaw.org https://*.demdex.net https://*.asml.com https://*.qualtrics.com https://*.youtube.com https://*.onetrust.com https://google.com https://*.snapchat.com https://*.linkedin.oribi.io https://*.snplow.net https://*.mouseflow.com https://*.asml.com https://*.quadia.net https://*.sitecorecloud.io https://www.redditstatic.com https://conversions-config.reddit.com https://px.ads.linkedin.com; font-src 'self' data: https://fonts.gstatic.com https://*.asml.com https://cdn.mouseflow.com; ; object-src 'none'; base-uri 'self'; frame-src 'self' https://asml.demdex.net https://*.youtube.com https://*.google.com https://*.asml.com https://*.qualtrics.com https://asmllaserbox.com https://*.doubleclick.net https://*.everesttech.net https://*.adobedc.net https://*.adobedtm.com https://*.quadia.net https://*.mouseflow.com https://*.eurolandir.com https://*.snapchat.com https://*.amazonaws.com https://sdk.companywebcast.com; manifest-src 'self'; media-src 'self' https://asml.corptv.datiq.net https://corptv.datiq.net; worker-src 'none'; 2
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: webstatistik.bundeswehr.de webstatistik.bmvg.de *.video-cdn.net *.de.kaltura.com *.bundeswehr.de *.bmvg.de maps.googleapis.com maps.gstatic.com; style-src data: 'unsafe-inline' https: *.bundeswehr.de *.bmvg.de ; img-src data: *.bundeswehr.de *.bmvg.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.ovp.kaltura.com *.de.kaltura.com *.facebook.com *.akamaihd.net *.gstatic.com maps.googleapis.com syndication.twitter.com platform.twitter.com scontent.cdninstagram.com; font-src data: www.bundeswehr.de *.bmvg.de *.video-cdn.net *.de.kaltura.com fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://webstatistik.bundeswehr.de/report-uri/ 2
base-uri 'none'; child-src 'self' blob: https://*.e-i.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://recaptcha.google.com https://td.doubleclick.net https://www.google.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://*.e-i.com https://*.googlesyndication.com https://cmcic.matomo.cloud https://googleads.g.doubleclick.net https://logs1412.xiti.com https://stats.g.doubleclick.net https://www.google.com https://zkkwkzt.pa-cd.com; default-src 'self' https://*.e-i.com; form-action 'self' https://www.linkedin.com; frame-ancestors 'self'; img-src 'self' blob: data: https://*.e-i.com https://ad.doubleclick.net https://conv.indeed.com/pagead/ https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://manager.tagcommander.com https://www.google.com https://www.google.fr; media-src 'self' blob: https://*.e-i.com; object-src 'none'; report-uri ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.e-i.com https://cdn.matomo.cloud https://cdn.tagcommander.com https://cmcic.matomo.cloud https://googleads.g.doubleclick.net https://platform.linkedin.com https://tag.aticdn.net https://www.google.com https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.linkedin.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.e-i.com 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://code.jquery.com https://*.ydl8.top https://*.huayuschool.cc https://*.sanqianwenhua.xyz https://*.google.com https://*.geetest.com https://*.geevisit.com  https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.site https://*.probitget.com https://*.bitget.live https://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://*.glassgs.com https://mc.yandex.ru https://mc.yandex.com https://*.bgportable.com https://*.bitget.style https://api-web.wwmxd.info https://api-web.wwmxd.site https://pixel.mathtag.com https://*.adroll.com; connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com https://ces2007.org wss://*.ydl8.top wss://*.huayuschool.cc wss://*.sanqianwenhua.xyz https://*.ydl8.top https://*.huayuschool.cc https://*.sanqianwenhua.xyz https://*.google.com https://stats.g.doubleclick.net wss://*.bitget.com wss://*.bitgetpro.site wss://*.bitget.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support wss://*.ada.support https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.site https://*.probitget.com https://*.bitget.live https://*.bitget.vin wss://*.bitgetapp.com wss://*.bitget.site wss://*.probitget.com wss://*.bitget.live wss://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com https://gateway.test.95516.com wss://*.itbitget.com https://*.checkout.com wss://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com wss://*.bitgettr.com wss://*.gdrichem.com https://megacheck.vip https://*.megacheck.vip wss://megacheck.vip wss://*.megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com wss://*.saintpay.com https://*.skypay.space wss://*.skypay.space https://*.noxiaohao.com wss://*.noxiaohao.com https://*.gdrichem.com:8443 https://*.omkbic.com:8443 https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com https://*.onfido.com https://cdn.builder.io https://www.fedstable.com wss://www.fedstable.com wss://stream.fedstable.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com https://mc.yandex.com https://mc.yandex.ru wss://*.bgportable.com wss://*.bitget.style https://*.bgportable.com https://*.bitget.style https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site https://pixel.mathtag.com https://*.adroll.com wss://*.bitget.com.vn; frame-src 'self' 'report-sample' blob: data: https://*.google.com https://*.ydl8.top https://*.huayuschool.cc https://*.sanqianwenhua.xyz https://*.bitgetimg.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bitgetapp.com https://*.bitget.site https://*.probitget.com https://*.bitget.live https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com https://gateway.test.95516.com https://*.google-analytics.com https://*.itbitget.com https://*.bitget.online https://*.bitgettr.com https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://*.glassgs.com https://www.bitgetwidget.com https://*.bgportable.com https://*.bitget.style https://mc.yandex.com https://mc.yandex.ru https://*.nihaopay.com https://onramp.money https://*.simplexcc.com https://*.adroll.com https://pixel.mathtag.com; frame-ancestors 'self' https://*.bitget.com https://web-lowcode.sniper5.vip https://*.bitgetpro.site https://*.bitget.cc; report-uri https://632817c861f1dae92c2ae121.endpoint.csper.io?v=44; 2
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com cdn.staticfile.org *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com metrics.simplytoimpress.com metrics.photoaffections.com metrics.canvasworld.com metrics.mycustomcase.com metrics.simplytoimpress.co.uk metrics.parkerandpip.com metrics.legacylane.com metrics2.gifts.com d32u6scf3pzwp7.cloudfront.net;frame-ancestors 'self' https://www.gifts.com;object-src 'self' https://www.gifts.com;upgrade-insecure-requests 2
img-src 'self' data: https:; 2
default-src 'self'; script-src 'unsafe-inline' 'self' https://kit.fontawesome.com/771805b96d.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; style-src  'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com https://region1.google-analytics.com https://www.google-analytics.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://www.youtube.com 'self'; img-src 'self' https://www.google-analytics.com https://www.jisc.ac.uk; manifest-src 'self'; media-src 'self'; worker-src 'none'; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: data: wss:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' *; 2
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com js.hs-banner.com js.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk services.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com api.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com js.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com js.hsforms.net forms.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com npmcdn.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com j.6sc.co tracking.g2crowd.com js.hubspot.com *.customersure.com *.visualwebsiteoptimizer.com www.atmrum.net *.cloudfront.net scout-cdn.salesloft.com https://*.maze.co/ esm.sh secure.imaginative-24.com webeo-web-content.s3-eu-west-1.amazonaws.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud ifaqs.flexanswer.com *.cloudfront.net unpkg.com https://*.maze.co/; img-src 'self' data: blob: 'unsafe-inline' *.gravatar.com gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com *.hsforms.com analytics.twitter.com b.6sc.co *.visualwebsiteoptimizer.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net https://*.maze.co/ secure.imaginative-24.com; font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud https://*.maze.co/; media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com; worker-src  blob:; child-src blob:; connect-src 'self' *.google-analytics.com api.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net gbg-cms-web-uat-staging.azurewebsites.net gbg-cms-web-dev.azurewebsites.net gbg.local maps.googleapis.com *.execute-api.ap-southeast-2.amazonaws.com cdn.linkedin.oribi.io px.ads.linkedin.com m1.openfpcdn.io *.applicationinsights.azure.com ipv6.6sc.co c.6sc.co content.hotjar.io *.customersure.com gbgplc.com demotiles.maplibre.org api.maptiler.com *.analytics.google.com scout.salesloft.com https://*.maze.co/ *.6sense.com; frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com codepen.io *.loqate.com *.buzzsprout.com *.umbraco.com www.edisoninvestmentresearch.com *.customersure.com td.doubleclick.net docs.google.com; frame-ancestors 'self' *.loqate.com gbgplc.sharepoint.com;  2
default-src 'self' blob: trk.techtarget.com *.crazyegg.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' yoast.com *.zi-scripts.com *.techtarget.com pi.pardot.com underscorejs.org *.crazyegg.com *.googleapis.com *.typekit.net *.marketo.com https://www.buzzsprout.com *.segment.com *.google.com tg.a3.ag *.gstatic.com https://maxcdn.bootstrapcdn.com https://fast.wistia.com *.digitalriver.com https://g.fastcdn.co *.instapage.com https://cdn.instapagemetrics.com *.clarity.ms *.twitter.com https://app-sj03.marketo.com https://cdn.jsdelivr.net *.onetrust.com https://cdn.cookielaw.org https://services.xg4ken.com https://www.googleadservices.com https://hm.baidu.com https://app-sjqe.marketo.com https://cdn.bizible.com *.6sc.co https://resources.xg4ken.com/js/ https://static.ads-twitter.com https://snap.licdn.com *.adsrvr.org https://info.digitalriver.com https://js.driftt.com https://bat.bing.com https://www.googletagmanager.com https://stg01dr.wpengine.com https://cdnjs.cloudflare.com https://info.digitalriver.com https://cdn.evgnet.com https://bat.bing.com https://cdn.evgnet.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://info.digitalriver.com https://kit.fontawesome.com *.marketo.net https://player.vimeo.com https://polyfill.io https://service.maxymiser.net https://siteintercept.qualtrics.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://znefytqjw9qlvvmen-digitalriver.siteintercept.qualtrics.com *.googlesyndication.com googletagmanager.com *.doubleclick.net; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.fontawesome.com *.fastcdn.co https://maxcdn.bootstrapcdn.com https://cdn.bootcdn.net/ajax/libs/font-awesome/ *.googleapis.com *.gstatic.com *.google.com *.clarity.ms https://www.googletagmanager.com *.marketo.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://fonts.googleapis.com https://info.digitalriver.com https://p.typekit.net https://use.typekit.net; base-uri 'self' *.clarity.ms; connect-src 'self' *.yoast.com yoast.com adservice.google.com translate-pa.googleapis.com *.6sense.com *.zi-scripts.com *.zoominfo.com *.techtarget.com translate.googleapis.com cdn.linkedin.oribi.io *.crazyegg.com *.fastcdn.co https://embedwistia-a.akamaihd.net *.segment.com *.segment.io https://fg8vvsvnieiv3ej16jby.litix.io *.wistia.com *.google-analytics.com *.digitalriver.com *.google.com *.baidu.com *.mktoutil.com *.facebook.com *.onetrust.com *.instapage.com *.facebook.net *.instapagemetrics.com https://service.maxymiser.net *.clarity.ms https://my.wpengine.com https://cdn.cookielaw.org https://www.digitalriver.com https://digitalriver.com *.6sc.co *.adnxs.com *.doubleclick.net https://348-quy-258.mktoresp.com https://bat.bing.com https://digitalriver.us-4.evergage.com https://ka-f.fontawesome.com https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://www.google-analytics.com www.googletagmanager.com https://px.ads.linkedin.com https://px4.ads.linkedin.com; font-src 'self' data: https://storage.googleapis.com/instapage-app-assets/ *.fontawesome.com cdnjs.cloudflare.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net; frame-src 'self' app.getreprise.com www.google.com https://www.buzzsprout.com *.crazyegg.com *.adsrvr.org https://www.googletagmanager.com *.maxymiser.net bid.g.doubleclick.net *.doubleclick.net https://app-sj03.marketo.com https://www.facebook.com *.vimeo.com https://vimeo.com https://info.digitalriver.com https://js.driftt.com *.googlesyndication.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: www.facebook.com translate.googleapis.com *.digitalriver.com *.crazyegg.com cdn.redoc.ly *.typekit.net *.pubmatic.com *.bilinmedia.net https://embedwistia-a.akamaihd.net https://fast.wistia.com *.marketo.com https://insight.adsrvr.org *.vimeocdn.com *.yahoo.com *.doubleclick.net https://anthill.instapage.com https://v.fastcdn.co https://api.url2png.com https://beta.url2png.com https://wpengine.com *.privacysandbox.googleadservices.com *.googleadservices.com https://dify.wpengine.com https://www.solwininfotech.com https://cdn.cookielaw.org https://5015.xg4ken.com https://googleads.g.doubleclick.net *.facebook.net *.adsrvr.org https://ct.capterra.com https://service.maxymiser.net https://hm.baidu.com https://www.gstatic.com https://p.adsymptotic.com https://image.s12.sfmc-content.com https://px4.ads.linkedin.com *.linkedin.com https://cdn.bizibly.com https://c.bing.com https://bat.bing.com https://cdn.bizible.com https://tracking.g2crowd.com *.6sc.co *.clarity.ms https://px.ads.linkedin.com *.adnxs.com https://secure.gravatar.com https://t.co https://www.digitalriver.com https://www.facebook.com *.google-analytics.com https://www.googletagmanager.com *.twitter.com *.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; manifest-src 'self'; media-src 'self' *.buzzsprout.com player.vimeo.com blob:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' blob: ; report-uri https://o976938.ingest.sentry.io/api/6303438/security/?sentry_key=881bd14b64ce489fbfc8f32e85c8a880 2
frame-ancestors 'self' experience.adobe.com aldinord.experiencecloud.adobe.com aldianer.staffbase.com aldinord-custom.staffbase.com http://www.aldianer-nord.de https://www.aldianer-nord.de http://staffbase.com capacitor://aldianer-nord.de capacitor://staffbase.com cname-main-de1.staffbase.com magazine.aldi-nord.de 195.192.131.24 localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 2
frame-ancestors 'self' https://keepersecurity.com https://keepersecurity.eu https://keepersecurity.com.au https://keepersecurity.jp https://keepersecurity.ca; 2
font-src 'self' data: https://*.cipd.org https://*.hotjar.com https://*.typekit.net https://dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.cipd.org https://*.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com https://p.typekit.net https://use.typekit.net https://web-sdk-eu.aptrinsic.com; style-src 'unsafe-inline' https://*.cipd.co.uk https://*.cipd.org https://*.hotjar.com https://*.typekit.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.collect.igodigital.com https://*.eventbrite.co.uk https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.infogram.com https://*.onetrust.com https://*.optimizely.com https://*.youtube.com https://7227074.collect.igodigital.com https://auth.cipd.co.uk https://bat.bing.com https://cdn-ukwest.onetrust.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://common.optimizely.com https://connect.facebook.net https://e.infogram.com https://infogram.com https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com https://metrics.responsetap.com https://s3.amazonaws.com https://siteimproveanalytics.com https://snap.licdn.com https://static-ssl.responsetap.com https://web-sdk-eu.aptrinsic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://zingtree.com; style-src-attr 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.hotjar.com https://*.infogram.com https://e.infogram.com; frame-src 'self' https://*.eventbrite.co.uk https://*.siteimprove.com https://dashboard.find.episerver.net https://e.infogram.com https://infogram.com https://td.doubleclick.net https://w.soundcloud.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://zingtree.com; img-src 'self' data: https://*.ads.linkedin.com https://*.cipd.co.uk https://*.cipd.org https://*.evbuc.com https://*.eventbrite.co.uk https://*.facebook.net https://*.global.siteimproveanalytics.io https://*.google-analytics.com https://*.hotjar.com https://*.linkedin.com https://cdn-ukwest.onetrust.com https://i.ytimg.com https://nova.collect.igodigital.com https://optimizely-public-design-assets.s3.amazonaws.com https://px.ads.linkedin.com https://region1.google-analytics.com https://www.google.co.uk https://www.googletagmanager.com; connect-src 'self' http://10.43.17.25:15871 https://*.ads.linkedin.com https://*.cipd.co.uk https://*.cipd.org https://*.google-analytics.com https://*.google.co.uk https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.optimizely.com https://*.services.visualstudio.com https://*.siteimprove.com https://1752680588.rsc.cdn77.org https://cdn-ukwest.onetrust.com https://cdn.linkedin.oribi.io https://esp-eu.aptrinsic.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net wss://*.hotjar.com; default-src 'self' 'unsafe-eval' https://*.cipd.co.uk https://*.cipd.org https://auth.cipd.co.uk https://p.typekit.net https://use.typekit.net; form-action 'self'; script-src-attr 'unsafe-eval'; 2
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.truenas.org; upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; object-src 'self' https:; connect-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 2
script-src 'self' 'strict-dynamic' 'nonce-LSY_r4nD0m' https://www.google-analytics.com:443 https://*.dynamics.com:443 https://mktdplp102cdn.azureedge.net:443 https://www.googletagmanager.com:443 https://connect.facebook.net:443 https://snap.licdn.com:443 https://*.ads.linkedin.com:443 https://www.youtube.com:443 ; style-src 'self' 'unsafe-inline';font-src 'self'; connect-src 'self' https://*.doubleclick.net:443 https://*.dynamics.com:443 https://*.linkedin.com:443 https://*.google-analytics.com:443 https://*.google.com:443 https://*.facebook.com:443; frame-src https://*.google.com:443 https://*.google.de:443 https://*.dynamics.com:443 https://www.youtube.com:443 https://www.youtube-nocookie.com:443 https://www.googletagmanager.com:443; frame-ancestors https://*.dynamics.com:443; form-action 'self';img-src 'self' data: https://*.doubleclick.net:443 https://*.google.de https://cdn.lhsystems.com:443 https://*.ads.linkedin.com:443 https://*.dynamics.com:443 https://*.facebook.com:443 https://www.google.hu:443 https://*.google.com:443 https://*.google-analytics.com:443 https://*.googletagmanager.com:443;object-src 'none';base-uri 'self';block-all-mixed-content;upgrade-insecure-requests; 2
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://open.spotify.com https://iveco.ubiest.com https://tools.eurolandir.com https://vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.stockexpert.it https://www.google.com https://servizi2.message-asp.com;img-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://tmpprod-eucompwaf010.azureedge.net data:;style-src 'self' 'unsafe-inline' https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' https://privacyportal-eu-cdn.onetrust.com https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src-elem 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://privacyportal-eu-cdn.onetrust.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://geolocation.onetrust.com https://www.googletagmanager.com https://static.site24x7rum.eu;connect-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://privacyportal-eu-cdn.onetrust.com https://region1.google-analytics.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://col.site24x7rum.eu https://www.youtube.com;script-src 'self' 'unsafe-inline' https://cnhindustrialnv.gcs-web.com/ https://auth1.cnhindustrial.com https://www1.cnhindustrial.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://www.youtube.com;frame-ancestors 'self'; 2
object-src * ; report-uri https://www.sunlife.ca/slfreporting/reportUri 2
base-uri 'self';manifest-src 'self' https://myownconference.com https://cdn.myownconference.com;default-src 'self';connect-src 'self' https://cdn.myownconference.com https://client.crisp.chat wss://client.relay.crisp.chat;script-src 'self' 'unsafe-inline' https://cdn.myownconference.com https://client.crisp.chat;img-src 'self' data: https://cdn.myownconference.com https://image.crisp.chat;style-src 'self' 'unsafe-inline' https://cdn.myownconference.com https://client.crisp.chat;font-src 'self' data: https://cdn.myownconference.com https://client.crisp.chat;object-src 'self';frame-src 'self' https://support.myownconference.com;frame-ancestors 'self';form-action 'self';upgrade-insecure-requests 2
default-src  'self'; img-src  'self'; script-src  'self' 'unsafe-inline'; object-src  'self'; style-src  'self' 'unsafe-inline'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googletagmanager.com *.google.com *.google-analytics.com  cdnjs.cloudflare.com mfstatic.com *.jsdelivr.net  *.facebook.com *.gstatic.com *.licdn.com *.facebook.net *.cookiebot.com *.unpkg.com unpkg.com; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com  *.jsdelivr.net hello.myfonts.net mfstatic.com; img-src * 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net  *.googletagmanager.com  *.google-analytics.com *.google.se *.linkedin.com *.gstatic.com *.amazonaws.com; media-src blob: data: *.mediaflow.com; frame-src 'self'  data: *.google.com *.youtube.com *.facebook.com *.vimeo.com vimeo.com *.vimeo.com  *.vimeocdn.com *.ri.se *.jsdelivr.net *.hotjar.com *.libsyn.com *.acast.com *.cookiebot.com *.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.ri.se data: mfstatic.com *.gstatic.com; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.hotjar.com *.oribi.io *.google.com *.googleoptimize.com *.facebook.com *.mediaflow.com mediaflow.com mfstatic.com *.mediaflowpro.com *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' *.cvonline.lt cvonline.lt; default-src 'unsafe-inline' 'self' test-teltonika-web-files.s3.eu-central-1.amazonaws.com teltonika-energy.com *.googletagmanager.com *.googleapis.com *.gstatic.com; script-src 'self' blob: 'unsafe-inline' 'wasm-unsafe-eval' 'unsafe-eval' *.recaptcha.net *.taboola.com *.googlesyndication.com *.googleadservices.com *.googleapis.com  *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hs-analytics.net *.chatbot.com *.licdn.com *.facebook.net *.hs-scripts.com *.sentry.io *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; img-src 'self' blob: production-teltonika-web-files.s3.eu-central-1.amazonaws.com test-teltonika-web-files.s3.eu-central-1.amazonaws.com teltonika-energy.com *.ytimg.com *.facebook.net teltonika-iot-group.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.teltonika.lt *.linkedin.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.hsforms.com *.hubspot.com *.youtube.com *.gstatic.com *.googleapis.com data:; connect-src 'self' blob: test-teltonika-web-files.s3.eu-central-1.amazonaws.com *.linkedin.com *.taboola.com *.hscollectedforms.net cdn.linkedin.oribi.io  *.teltonika-networks.com  *.gstatic.com  *.facebook.com *.google.com *.googleapis.com *.hubspot.com *.hubapi.com *.teltonika.lt *.chatbot.com sentry.io *.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.g.doubleclick.net data:; font-src 'self' *.gstatic.com data:; frame-src 'self' *.doubleclick.net *.recaptcha.net youtu.be *.youtu.be *.facebook.com *.chatbot.com *.youtube.com *.google.com; child-src blob: 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amsoil.com *.amsoil.ca *.amsoilindustrial.com https://amsoilcontent.com https://www.amsoilcontent.com https://cdn.evgnet.com *.evergage.com https://amsoil.us-1.evergage.com https://analytics.amsoil.com https://analytics.amsoil.ca https://analytics.amsoilindustrial.com https://static.cloud.coveo.com https://www.google-analytics.com https://maps.googleapis.com https://assets.sitescdn.net https://realtimeanalytics.yext.com https://cdnjs.cloudflare.com/ *.doubleclick.net https://snap.licdn.com https://bat.bing.com *.microsoft.com *.facebook.net *.facebook.com *.criteo.com *.criteo.net https://www.googletagmanager.com *.linkedin.com *.google.com https://www.googleoptimize.com *.hotjar.com *.bc0a.com *.brightedge.com cdn.b0e8.com device.clearsale.com.br https://www.paypalobjects.com *.paypal.com https://www.gstatic.com https://www.googleadservices.com *.wistia.com *.wistia.net https://az124611.vo.msecnd.net https://cookie-cdn.cookiepro.com https://cdn-us.clickdimensions.com cdn.attn.tv *.attentivemobile.com *.googlesyndication.com *.powerobjects.net *.zoominfo.com *.convertlanguage.com *.docusign.com https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://api.ipify.org blob:; frame-src 'self' *.amsoil.com *.amsoil.ca https://amsoilcontent.com *.hotjar.com *.criteo.com *.criteo.net *.docusign.net *.docusign.com *.facebook.com *.google.com *.paypal.com *.doubleclick.net *.powerobjects.net *.googlesyndication.com *.wistia.com *.wistia.net creatives.attn.tv https://challenges.cloudflare.com https://a25683390326.cdn.optimizely.com https://a25683390326.cdn-pci.optimizely.com; frame-ancestors 'self' https://sapcc.amsoil.com; report-uri /csp-report 2
frame-ancestors http://www.ironplanet.com https://www.ironplanet.com 2
default-src 'self' *.joinsmarty.com *.google.com *.googleapis.com *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.googlesyndication.com *.stripe.com *.trustpilot.com *.facebook.net *.facebook.com *.pinimg.com *.bing.com *.pinterest.com *.stripe.network *.clarity.ms cdn.ywxi.net *.gstatic.com *.trustedsite.com *.transactiongateway.com cdn.sitesasset.com smrty.s3.us-west-1.amazonaws.com smrty.s3.us-west-2.amazonaws.com smrty-qa.s3.us-west-1.amazonaws.com smrty-qa.s3.us-west-2.amazonaws.com smrty.s3-us-west-1.amazonaws.com smrty.s3-us-west-2.amazonaws.com smrty-qa.s3-us-west-1.amazonaws.com smrty-qa.s3-us-west-2.amazonaws.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.ladesk.com *.doubleclick.net *.shareasale.com *.shopify.com assets-global.website-files.com *.impact.com *.cloudfront.net *.awin.net *.awin.com *.bravodeal.com *.bravo-savings-network.com *.jquery.com *.digitaloceanspaces.com data: blob: 'unsafe-inline' 'unsafe-eval' *.amazon.com *.barcodelookup.com *.cookiepro.com *.here.com *.hereapi.com *.google.co.in *.ssl-images-amazon.com *.onetrust.com media.pepperjamnetwork.com *.sentry.io *.shipmentsfree.com r0 cache www.googletagmanager.com ad.doubleclick.net www.advconversion.com *.taboola.com post.adgatemedia.com bat.bing.com conversions.clickmeter.com liquidpch.go2cloud.org s.yimg.com servetrack.go2cloud.org trends.revcontent.com e9lak.endtrk.com klaymedia.servecvr.com events.pushtrack.co www.groovast.com trk.shophermedia.net go.shetrack.com amplify.outbrain.com rtb.mfadsrvr.com tracking.lifestylejournal.com www.googleadservices.com *.playgamesnow.org www.drcvr.com *.mediago.io s.pinimg.com secco.servecvr.com tracking.propelmedia.com appfocus.go2cloud.org wsdk.rokt.com r.financebuzz.com static.ads-twitter.com pubads.g.doubleclick.net pushpros.go2cloud.org *.liadm.com www.steadyhop.com securetracking.adsprotection.com www.tp88trk.com f.cstpersl.com t1.anytrack.io imtrk.go2cloud.org ad.propellerads.com www.imcounting.com serve.popads.net www.pbterra.com www.chant3rm1.com eng.trkcnv.com *.dergoodting.com *.cvrdomain.com traktum.com cdn1.decide.dev restersu.info *.zeeto.io *.pixelitooo.com *.conversionpx.com f.fluadv.com track.adspostx.com *.free-shipments.com *.freeshipments.com *.getsmartyapp.com *.getsmartyoffers.com *.getsmartyplus.com *.getsmartysavings.com *.joinsmartyplus.com *.lapost.com *.nocostshipping.com *.savewithsmarty.com *.savingsforthesavvy.com *.shipmentfree.com *.shipmentprotection.com *.smartyaffiliates.com *.smartycashback.com *.smartycoins.com *.smartyestsavings.com *.smartymoneysavings.com *.smartyplus.net *.smartypremium.com *.try-smarty.com cdn.joinsmarty.com 2
frame-ancestors 'self' https://www.staging6.oldstreetsolutions.com https://staging6.oldstreetsolutions.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adobe.com https://*.franke.com https://*.scene7.com https://*.franke.coffee https://*.pardot.com https://*.googleadservices.com https://*.facebook.net https://*.licdn.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.adobedtm.com https://*.go-mpulse.net https://*.cookiebot.com https://www.googletagmanager.com https://*.clarity.ms https://*.yimg.jp https://*.pinimg.com https://*.doubleclick.net https://*.googlesyndication.com; style-src 'self' 'unsafe-inline' https://*.franke.com https://*.scene7.com https://*.googleapis.com; connect-src 'self' https://*.adobe.io https://*.franke.com https://*.scene7.com https://*.oribi.io https://*.akamaihd.net https://*.akstat.io https://*.franke.com https://*.azurewebsites.net https://*.googleapis.com https://*.go-mpulse.net https://*.demdex.net https://*.omtrdc.net https://*.clarity.ms https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://*.pinterest.com https://*.cookiebot.com https://*.linkedin.com; frame-src 'self' https://*.adobe.com https://*.facebook.com https://*.google.com https://*.demdex.net https://www.youtube.com https://player.vimeo.com https://player.youku.com https://*.cookiebot.com https://*.doubleclick.net https://*.pinterest.com; img-src 'self' * data://*; font-src 'self' https://*.gstatic.com data://*; media-src 'self' https://*.franke.com; 2
default-src 'self'; 	style-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.commandersact.com/ *.twimg.com/ *.twitter.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ 'unsafe-inline';     script-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ https://js-agent.newrelic.com/ *.audioeye.com/ *.github.io/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.seg.js/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.ads-twitter.com/ *.clevy.io/ *.tiktok.com/ https://sc-static.net/ *.hypemarks.com/ *.licdn.com/ *.commandersact.com/ *.twimg.com/ *.trustcommander.net/ *.cdn.syndication.twimg.com/ *.zencdn.net/ https://telegram.org/ https://youtube.com/iframe_api *.youtube.com/ *.twitter.com/ *.pinterest.com/ *.ytimg.com/ *.secutix.com/ *.swaven.com/ *.live2support.com/ *.googletagmanager.com/ *.tagcommander.com/ *.facebook.net/ *.google.ie/ *.google.de/ *.lpsnmedia.net/ *.hotjar.com/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.digital4danone.com/ *.addthisedge.com/ 'unsafe-inline' 'unsafe-eval' blob:;     img-src 'self'  *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.google.com.mx/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.ytimg.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ data: *.digital4danone.com/ *.clevy.io/ *.digital4danone.com.cn/ https://t.co/ *.hypemarks.com/ *.linkedin.com/ *.assetsadobe.com/ *.live2support.com/ *.twimg.com/ *.swaven.com/ *.twitter.com/ *.trustcommander.net/ *.cdninstagram.com/ *.outbrain.com/ *.danone.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.facebook.com/ *.googletagmanager.com/ *.youtube.com/;     frame-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/  *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.clevy.io/ *.tintup.com/ *.commandersact.com/ *.vimeo.com/ *.linkedin.com/ *.instagram.com/ *.soundcloud.com/ *.pinterest.com/ *.twitter.com/ https://cdn.trustcommander.net/ https://t.me/ https://static.rolex.com/ *.swaven.com/ *.ausha.co/ *.q4europe.com/ *.tohklom.com/  *.tagcommander.com/ *.liveperson.net/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com/ *.youtube.com/ *.adsrvr.org/ *.cloudfront.net/ *.spotify.com/ *.hypemarks.com/;     connect-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ https://bam.eu01.nr-data.net/ *.google.com/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.scene7.com/ *.digital4danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.ylt.nl/ *.danone.id/ *.weezevent.com/ https://yourdriversfordanonebenelux.com/  *.snapchat.com/ *.mathtag.com/ *.tiktok.com/ *.clevy.io/ *.commandersact.com/ *.googleapis.com/ *.privacy.commander1.com/ *.privacy.trustcommander.net/ https://privacy.trustcommander.net/ https://privacy.commander1.com/ *.q4europe.com/ *.swaven.com/ *.youtube.com/ *.live2support.com/ *.addthis.com/ *.google-analytics.com *.facebook.com/ *.instagram.com/ *.secutix.com/ *.omtrdc.net/ *.sharethis.com/ *.doubleclick.net/;     font-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.commandersact.com/ *.live2support.com/ data: *.amazonaws.com/ *.gstatic.com/ *.zencdn.net/;     media-src 'self' *.adobe.io/ *.adobe.com/ https://s.pinimg.com/ct/core.js/ *.audioeye.com/ *.danonenorthamerica.com/ *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.danone.com/ *.ylt.nl/ *.danone.id/ https://yourdriversfordanonebenelux.com/ *.weezevent.com/ *.snapchat.com/ *.mathtag.com/ *.lpsnmedia.net/ *.digital4danone.com/ blob: 2
default-src https: blob: wss: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' video.tophotels.ru *.tophotels.ru www.google-analytics.com mc.yandex.ru carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru ; font-src 'self' hotelscheck.com.ru; connect-src 'self' video.tophotels.ru www.google-analytics.com mc.yandex.ru googletagmanager.com www.googletagmanager.com carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' blob: data: *; media-src 'self' blob: video.tophotels.ru *.tophotels.ru; frame-src 'self' video.tophotels.ru *.tophotels.ru carsrent.ru *.carsrent.ru youtu.be youtube.com *.youtube.com google.com *.google.com gstatic.com *.gstatic.com *.vimeo.com vimeo.com *.dailymotion.com *.vk.com vk.com *.adriver.ru; script-src 'self' video.tophotels.ru www.google-analytics.com mc.yandex.ru googletagmanager.com www.googletagmanager.com carsrent.ru *.carsrent.ru api-maps.yandex.ru yastatic.net core-renderer-tiles.maps.yandex.net netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'unsafe-eval' 'self';  style-src 'self' carsrent.ru *.carsrent.ru netlog.ru hotelscheck.com.ru css.tophotels.ru css.hotelscheck.com.ru tophotels.pro css.tophotels.pro toursales.ru tourindex.ru tophotels.ru travelpassport.ru *.travelpassport.ru google.com *.google.com gstatic.com *.gstatic.com *.adriver.ru 'unsafe-inline' 'self'; 2
frame-ancestors 'self' https://*.particle.io http://particle.lookbookhq.com https://particle.lookbookhq.com http://particle.pathfactory.com https://particle.pathfactory.com 2
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/corplogin 2
default-src *; 		child-src 'self' blob:; 		connect-src * blob: ws: wss:; 		frame-src 'self' api.foxentry.cz www.databreakers.com cdn.msgok.net 			www.mall.tv mall.fameplay.tv fameplay.tv www.google.com 			www.youtube.com creativecdn.com sketchfab.com 			socialplugin.facebook.net www.kdukvh.com tcp.googlesyndication.com 			www.zbozi.cz 			cj.dotomi.com 			payu.com secure.payu.com merch-prod.snd.payu.com 			data:; 		script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mall.cz *.mall.sk *.mall.hr *.mall.hu *.mall.pl *.mimovrste.com 			*.google-analytics.com ajax.googleapis.com mallgroup-api.exponea.com supine.io *.clarity.ms www.googleadservices.com 			download.databreakers.com connect.facebook.net api.mapy.cz *.cdn.nrholding.net 			c.seznam.cz tpc.googlesyndication.com www.zbozi.cz cdn.msgok.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ 			code.jquery.com translate.google.com cdn.jsdelivr.net cloudflare.hcaptcha.com static.cloudflareinsights.com 			www.googletagmanager.com *.foxentry.cz im9.cz/js/ bat.bing.com *.adform.net static.criteo.net sslwidget.criteo.com 			*.doubleclick.net *.mallgroup.com yottlyscript.com login.dognet.sk etargetnet.com secure.smartform.cz 4w.smartform.cz 			ssl.heureka.cz ssl.heureka.sk localhost:* *.cs.mall.local *.cs.mall.test www.arukereso.hu 			tracking.channelsight.com ngastatic.com/s4c/tracker.js sk.search.etargetnet.com/j/ 			*.mczbf.com *.cj.com *.payu.com; 		style-src * 'unsafe-inline'; 		img-src * data:; 		object-src 'none' 2
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' https://*.quiq-api.com https://*.aptrinsic.com https://*.tealiumiq.com https://*.sentry-cdn.com https://*.googleadservices.com https://*.dotomi.com https://*.invocacdn.com https://*.optimizely.com https://*.googleapis.com https://*.ahs.com https://*.trustarc.com https://*.hotjar.com https://*.havasedge.com https://*.youtube.com https://*.tiqcdn.com https://*.bing.com https://*.tvsquared.com https://*.facebook.net https://*.impactradius-event.com https://*.cloudfront.net https://*.blueconic.net https://*.doubleclick.net https://*.adsrvr.org https://*.invoca.net https://*.google-analytics.com https://*.googletagmanager.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.aptrinsic.com https://*.googleapis.com https://*.typekit.net; object-src 'none'; base-uri 'self'; connect-src tags: 'self' https://*.aptrinsic.com https://*.smartystreets.com https://*.briteverify.com https://*.ahs.com https://*.frontdoorhome.com https://*.sentry.io https://*.doubleclick.net https://*.optimizely.com  wss://*:44370  ws://*:51184  wss://ws.hotjar.com https://*.hotjar.io https://*.google.com https://*.hotjar.com https://*.ipdata.co https://*.bing.com https://*.tealiumiq.com https://*.blueconic.net https://*.google-analytics.com https://*.invoca.net; font-src 'self' https://*.cloudfront.net https://*.gstatic.com https://*.typekit.net; frame-src 'self' 'unsafe-inline' https://*.trustarc.com https://*.neomam.com https://*.optimizely.com https://*.havasedge.com https://*.adsrvr.org https://*.doubleclick.net https://*.youtube.com; img-src 'self' https://*.ahs.com https://*.timeinc.net https://*.younghouselove.com https://*.adsrvr.org https://*.adnxs.com https://*.zestyio.com https://*.frontdoorhome.com https://*.googletagmanager.com https://*.doubleclick.net https://*.scribblecdn.net https://*.emjcd.com https://*.dotomi.com https://arttrk.com https://*.bing.com https://*.tvsquared.com https://*.adxcel-ec2.com https://*.amazonaws.com https://*.azurefd.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.trustarc.com https://*.havasedge.com data:; manifest-src 'self'; media-src 'self'; worker-src 'self'  blob:; 2
frame-ancestors 'self' https://flock.com/; upgrade-insecure-requests 2
data: 'unsafe-inline' 'unsafe-eval' 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://iplogger.org/csp.php; 2
frame-ancestors 'self' https://*.cloudfront.net/ https://*.inovalon.com https://*.optimizely.com https://www.mdon-line.com/ https://inovalon.canto.com; 2
default-src 'self' blob: *;base-uri 'self';font-src 'self' data: https://tv4play.humany.net/ https://apps.mypurecloud.com/;form-action 'self' *;frame-ancestors 'self' *;img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;script-src-attr 'none';style-src 'self' 'unsafe-inline' * 2
frame-ancestors 'self' amadeus.com outpayce.com www.amadeus.com amadeus.seismic.com seismic.com liveshareeu1.seismic.com  www.outpayce.com  jobs.amadeus.com corporate.amadeus.com t3ch.amadeus.com digital-guidelines.internal.amadeus.com sales-playbook.internal.amadeus.com startups.amadeus.com hotels.amadeus.com opportunities.jobs.amadeus.com brand-marketing-center.internal.amadeus.com brandcenter.amadeus.com contentsourcing.amadeus.com partners.amadeus.com vdp.amadeus.com brand-guidelines.internal.amadeus.com cytric.amadeus.com 2
script-src * data: 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' *.ing.com.tr; object-src 'self'; 2
frame-ancestors 'self' https:; default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 2
default-src 'self'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: wss:; font-src https: data:; frame-src https:; img-src https: data: 'self'; worker-src blob: https:; media-src blob: https: 2
default-src 'none'; style-src 'self'; img-src 'self'; 2
frame-ancestors 'self' *.youtube.com *.vimeo.com; 2
form-action *.a1.hr *.tomato.com.hr *.corvus.hr *.paypal.com *.corvuspay.com; 2
frame-ancestors 'self' *.psplugin.com 2
frame-ancestors 'self' *.swp.de *.lr-online.de *.moz.de; 2
frame-ancestors *.firsthorizon.com 2
default-src 'self' data: ws: blob: *.nr-data.net fonts.gstatic.com fonts.googleapis.com *.facebook.com *.office365.com *.kuka.com *.mouseflow.com *.zscaler.net d2csxpduxe849s.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.embedly.com *.embed.ly *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.facebook.net snap.licdn.com *.linkedin.com *.bing.com *.ads-twitter.com *.twitter.com *.bizographics.com *.baidu.com *.google.com *.gstatic.com *.instabot.io *.yandex.ru *.convertwork.cn *.hotjar.com *.cavy9soho.com *.cloudflare.com *.force.com *.my.salesforce.com *.salesforceliveagent.com *.kuka.com *.cloudflareinsights.com *.mouseflow.com *.zscaler.net *.youtube.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.force.com *.kuka.com *.googletagmanager.com; child-src 'self' blob: *.vimeo.com; frame-src 'self' *.quartalflife.com *.youtube.com *.youtu.be *.youku.com *.embedly.com *.embed.ly player.youku.com https: *.doubleclick.net snap.licdn.com *.presono.com *.linkedin.com *.juicer.io *.audi-mediacenter.com *.office365.com *.mouseflow.com; connect-src 'self' data: ws: blob: *.googleadservices.com *.googlesyndication.com adservice.google.com *.instabot.io *.yandex.ru *.hotjar.com *.bing.com *.office365.com *.kuka.com *.mouseflow.com *.convertwork.cn noembed.com *.google.com *.doubleclick.net; frame-ancestors 'self' https://kuka.presono.com *.kuka.com *.sandbox.my.site.com 2
default-src * 'unsafe-inline' data:; img-src     * 'unsafe-inline' 'unsafe-eval' data:;  script-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.wpengine.com *.bootstrapcdn.com *.twitter.com *.jquery.com *.fontawesome.com *.google.com *.pinterest.com *.gstatic.com *.uploadlibrary.com *.thomascook.com *.hotjar.com *.imi.chat *.adyen.com *.spendology.io *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.google.co.uk *.google.com.ua *.direct.ingenico.com cc-cdn.com *.google.nl *.appsflyer.com *.freshchat.com *.btttag.com *.euc-freshbots.ai *.trustpilot.com *.cookielaw.org *.worldline-solutions.com https://embed.typeform.com/next/embed.js https://tgtag.io *.bing.com *.clarity.ms *.tiktok.com;  style-src   'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.wpengine.com *.bootstrapcdn.com *.imi.chat *.adyen.com *.spendology.io *.thomascook.com *.google.com *.webtrends-optimize.com *.azurewebsites.net *.webtrends.com *.optimize.com *.freshchat.com *.euc-freshbots.ai *.typeform.com *.typekit.net;  font-src    'self' data: *.googleapis.com *.adyen.com *.gstatic.com *.wpengine.com *.imi.chat *.spendology.io *.thomascook.com https://script.hotjar.com *.bootstrapcdn.com *.typekit.net;  object-src  'self' *.adyen.com;  frame-src   'self' data: *.facebook.com https://platform.twitter.com *.google.com *.hotjar.com *.imi.chat *.adyen.com *.vimeo.com *.youtube.com *.doubleclick.net *.thomascook.io *.youtu.be *.googlesyndication.com https://www.covidchecker.com *.direct.ingenico.com *.modirum.com *.thomascook.com *.freshchat.com *.euc-freshbots.ai *.trustpilot.com *.cardinalcommerce.com *.braintreegateway.com *.braintree-api.com *.rsa3dsauth.co.uk *.arcot.com *.mycardsecure.com *.monzo.com *.capitalone.com *.touch.tech *.wibmo.com *.mncbank.co.id *.typeform.com *.revolut.com *.sparkassen-kreditkarten.de *.swedbank.se *.wlp-acs.com *.rabobank.nl *.tsys.co.uk *.marqeta.com *.viseca.ch *.apata.io *.redsys.es *.edb.com *.asseco-see.hr *.mashreq.com *.cm-cic.com *.monext.fr *.garanti.com.tr;  form-action * 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com *.thomascook.io *.thomascook.com; 2
default-src 'self';    object-src 'self' *.cdn.datatables.net cdn.datatables.net;    connect-src 'self' *.mikrotik.com *.mt.lv maps.googleapis.com fonts.googleapis.com *.doubleclick.net;    script-src 'self' 'unsafe-inline' 'unsafe-eval' data: unpkg.com i.mt.lv *.google.com gstatic.com code.jquery.com *.gstatic.com www.google-analytics.com googleapis.com *.googleapis.com *.mikrotik.com mikrotik.com;    style-src 'self' 'unsafe-inline' i.mt.lv fonts.googleapis.com unpkg.com *.mikrotik.com mikrotik.com code.jquery.com use.typekit.net www.mikrotik.com;    img-src 'self' data: *.mikrotik.com i.mt.lv i.ytimg.com api.tiles.mapbox.com *.tile.openstreetmap.org unpkg.com *.arcgisonline.com stats.g.doubleclick.net www.google-analytics.com mikrotik.com www.mikrotik.com forum.mikrotik.com 1.aerial.maps.cit.api.here.com 2.aerial.maps.cit.api.here.com 3.aerial.maps.cit.api.here.com 4.aerial.maps.cit.api.here.com gstatic.com http://services.ga.gov.au *.gstatic.com *.googleapis.com *.arcgisonline.com *.google.com *.google.lv *.routerboard.com;    frame-src 'self' *.mikrotik.com *.mt.lv youtu.be youtube.com www.youtube.com www.google.com;    font-src 'self' data: mikrotik.com fonts.gstatic.com www.mikrotik.com i.mt.lv;    frame-ancestors 'self' *.mt.lv; 2
base-uri 'self'; connect-src 'self'  sso.universia.net *.hotjar.io www.linkedin.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com script.hotjar.com *.hotjar.com img.youtube.com px4.ads.linkedin.com pro-myaccount-avatar.s3.eu-west-1.amazonaws.com t.co surveystats.hotjar.io analytics.twitter.com www.google.es  mboxedge37.tt.omtrdc.net santanderuniversidad.tt.omtrdc.net www.googletagservices.com assets.universia.net assets.dispatcher.universia.net www.google.ie dispatcher.universia.net www.facebook.com api-manager.universia.net cdn.cookielaw.org googleads.g.doubleclick.net stats.g.doubleclick.net www.google.com pagead2.googlesyndication.com region1.analytics.google.com region1.google-analytics.com vc.hotjar.io metrics.hotjar.io wss://ws.hotjar.com ws.hotjar.com content.hotjar.io www.google-analytics.com px.ads.linkedin.com analytics.tiktok.com; default-src 'self'; font-src 'self' script.hotjar.com fonts.gstatic.com data:; frame-src 'self' www.youtube.com www.google.com td.doubleclick.net track.adform.net www.facebook.com sso.universia.net; img-src 'self' imagenes.universia.net i.ytimg.com non-productive-alfred-s3.s3.eu-west-1.amazonaws.com www.universia.net api-manager.universia.net img.youtube.com assets.universia.net assets.dispatcher.universia.net pro-myaccount-avatar.s3.eu-west-1.amazonaws.com cdn.cookielaw.org www.facebook.com fonts.gstatic.com www.google.ie www.google.com www.google.es www.googletagmanager.com www.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com t.co analytics.twitter.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'wasm-unsafe-eval' 'nonce-dubi13asf985gfGDlmsnIot' 'sha256-1ajZ1llmQrgjKEWXHJbFYnovHYip7eaj3p2ThYdlrjY=' www.universia.net www.google.com *.hotjar.io *.hotjar.com track.adform.net s2.adform.net www.googletagservices.com cdn.cookielaw.org googleads.g.doubleclick.net connect.facebook.net static.hotjar.com metrics.hotjar.io script.hotjar.com www.googletagmanager.com www.google-analytics.com snap.licdn.com static.ads-twitter.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com; worker-src www.universia.net dispatcher.universia.net; 2
frame-ancestors 'self' https://*.sdcounty.ca.gov:*; 2
default-src * blob: data: about:; worker-src * blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob:; img-src * data:; style-src * 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' 2
report-uri / 2
default-src 'self' data: blob: https://*.sitecore.com https://*.sitecore.net https://*.hhogdev.com https://*.stylelabs.cloud https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://*.bolddns.net;frame-src 'self' 'unsafe-inline' https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.6sense.com/ https://indd.adobe.com https://www.careerarc.com https://wwwsitecorecom.azureedge.net https://site-q-001.sitecorecontenthub.cloud https://www.facebook.com https://www.google.com https://bid.g.doubleclick.net https://login.microsoftonline.com https://capture.navattic.com https://sitecore.navattic.com https://app.qualified.com https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://sitecore.com https://go.sitecore.com https://app.smartsheet.com https://w.soundcloud.com/ https://my.walls.io/ https://webinars.sitecore.com https://*.youtube.com/;script-src 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js 'unsafe-eval' http://j.6sc.co/6si.min.js 'unsafe-eval' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/gtm.js https://maps.googleapis.com/ 'unsafe-inline' https://www.google.com/recaptcha https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://*.twitter.com https://api.zoom.us;script-src-elem 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js https://secure.adnxs.com/ https://secure.quantserve.com/ https://*.quantcount.com/ https://go.affec.tv/ https://api-us.boxever.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com *.cloudfront.net *.cloudfront.net https://connect.facebook.net https://*.google-analytics.com https://*.google.com https://*.google.bg https://*.googletagmanager.com https://maps.googleapis.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://*.jquery.com https://snap.licdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://pi.pardot.com/pd.js https://pi.pardot.com/ https://js.qualified.com https://*.rainfocus.com https://scout-cdn.salesloft.com/sl.js https://go.sitecore.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://api-engage-us.sitecorecloud.io https://webinars.sitecore.com/ https://static.ads-twitter.com/uwt.js https://platform.twitter.com/oct.js https://walls.io https://*.youtube.com/;style-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://fonts.googleapis.com/ https://*.rainfocus.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://webinars.sitecore.com/;img-src 'self' 'unsafe-inline' https://report.23video.com/ https://b.6sc.co https://secure.adnxs.com https://match.adsrvr.org/ https://map.go.affec.tv https://insitecorecom.azureedge.net http://insitecorecom.azureedge.net https://wwwsitecorecom.azureedge.net http://wwwsitecorecom.azureedge.net https://community.sitecore.net https://community.sitecore.com https://sitecore--c.na116.content.force.com https://sitecore.file.force.com https://www.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.bg https://*.google.ca https://*.google.dk https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.googleapis.com/ https://www.googletagmanager.com/ https://www.google.com.ua/ data: https://px.ads.linkedin.com https://www.linkedin.com/ https://mss-p-006-delivery.sitecorecontenthub.cloud/ https://*.quantcount.com/ https://*.quantserve.com/ https://*.rainfocus.com https://sitecorecdn.azureedge.net/ https://*.sitecorecontenthub.cloud https://sitecorecontenthub.stylelabs.cloud http://sitecorecontenthub.stylelabs.cloud https://mss-p-006-delivery.stylelabs.cloud https://symposium.sitecore.com https://t.co https://delivery.twentythree.com http://delivery.twentythree.com https://webinars.sitecore.com/ https://analytics.twitter.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net;connect-src https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.6sense.com/ https://secure.adnxs.com https://api-us.boxever.com http://api-us.boxever.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://googleads.g.doubleclick.net/ https://events-api.staging.rfksrv.com https://www.facebook.com/ https://api-staging.rfksrv.com/ https://discover.sitecorecloud.io/ https://*.google.com https://www.google-analytics.com http://www.google-analytics.com https://region1.analytics.google.com/ https://analytics.google.com https://maps.googleapis.com/ https://adservice.google.com/ https://api.ipify.org http://api.ipify.org https://cdn.linkedin.oribi.io wss://ws.qualified.com https://app.qualified.com https://*.quantcount.com/ https://*.rainfocus.com https://scout.salesloft.com https://sitecore.com 'self' https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://api-engage-us.sitecorecloud.io;object-src 'none';media-src 'unsafe-inline' 'unsafe-eval' https://insitecorecom.azureedge.net https://sitecorecdn.azureedge.net data: blob: https://app.qualified.com https://wwwsitecorecom.azureedge.net/ 'self'; 2
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com *.googletagmanager.com always 2
frame-ancestors 'self' http://*.intranet http://*.uolinc.com https://*.intranet https://*.uolinc.com https://www.uol.com.br; 2
media-src * blob:; worker-src * data: blob:; default-src https: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io data: blob; connect-src https: wss:; script-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com; style-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src https: blob: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com s3.amazonaws.com https://www.google-analytics.com https://optimize.google.com; font-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com https://fonts.gstatic.com; frame-src https: data: *.hwcdn.net *.akamaized.net *.golfnow.com *.teeoff.com *.teeitup.com *.golfid.io https://optimize.google.com; frame-ancestors 'self' *.onlinereservationsystems.com; 2
default-src 'self' * data: https: blob:; object-src 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; worker-src * 'self' blob:; img-src * 'self' data: https: blob:; style-src * 'self' 'unsafe-inline'; font-src * data:; frame-src * 'self' 2
default-src 'self'; connect-src 'self' https://stats.g.doubleclick.net https://analytics.google.com https://maps.googleapis.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.youtube.com/; img-src 'self' https://www.google-analytics.com https://maps.gstatic.com https://i.ytimg.com/vi_webp/kt7RdwfZ2dg/mqdefault.webp https://*.global.siteimproveanalytics.io https://maps.gstatic.com/mapfiles https://maps.googleapis.com/maps/ data:; media-src 'self'; object-src 'self'; script-src 'self' https://maps.googleapis.com/ https://maps.googleapis.com/maps-api-v3/api/js/ http://www.timevaluecalculators.com https://www.youtube.com https://www.google-analytics.com https://stats.g.doubleclick.net/ ajax.googleapis.com www.googletagmanager.com siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css https://www.timevaluecalculators.com/timevaluecalculators/Includes/Calculators_DefaultStyles.css; 2
frame-ancestors 'self'; sandbox allow-downloads allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-top-navigation; base-uri 'self' 2
frame-ancestors speedtest.pucsp.br www.pucsp.br www5.pucsp.br www.unifai.edu.br unifai.edu.br speedtest.pucsp.br speedtest.fundasp.org.br www.fundasp.org.br fundasp.org.br velocidadedainternet.fundasp.org.br velocidadeinternet.fundasp.org.br www.hospitalsantalucinda.com.br 2
frame-ancestors 'self' https://*.superoffice.com https://zamnesiasp.inone.useinsider.com; 2
default-src 'self' 'unsafe-inline' https://documentcloud.adobe.com https://*.brand-portal.adobe.com https://viewlicense.adobe.io https://lionbridge.data.adobedc.net https://lionbridge-stage.adobemsbasic.com/ https://px.ads.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lionbridge.com https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://*.trendemon.com https://info.lionbridge.com/js/forms2/js/forms2.min.js https://googleads.g.doubleclick.net/* https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info1.lionbridge.com/ https://ajax.googleapis.com/ https://ws-assets.zoominfo.com/ https://schedule.zoominfo.com https://*.brand-portal.adobe.com https://www.lionbridge.com blob: https://lionbridge-stage.adobemsbasic.com https://documentcloud.adobe.com https://s.go-mpulse.net; script-src-elem 'self' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://play.vidyard.com https://code.jquery.com https://assets.sitescdn.net https://*.fourtimessmelly.com https://js/forms2/js/forms2.js https://assets.trendemon.com https://lionbridge.data.adobedc.net https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.jsdelivr.net https://munchkin.marketo.net https://snap.licdn.com https://web-analytics.engagio.com https://connect.facebook.net https://www.google-analytics.com https://www.googleadservices.com https://trackingapi.trendemon.com https://dn1f1hmdujj40.cloudfront.net https://app-sjn.marketo.com https://cdnjs.cloudflare.com https://analytics.twitter.com https://j.6sc.co/6si.min.js https://geolocation.onetrust.com https://www.google.com/ https://www.gstatic.com/ https://pi.pardot.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://js.zi-scripts.com/zi-tag.js https://googleads.g.doubleclick.net/* https://ws-assets.zoominfo.com/formcomplete.js https://*.brand-portal.adobe.com https://documentcloud.adobe.com https://s.go-mpulse.net; script-src-attr https://*.brand-portal.adobe.com; style-src * 'self' https://*.brand-portal.adobe.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://*.brand-portal.adobe.com; style-src-attr 'self' 'unsafe-inline' https://*.brand-portal.adobe.com; img-src 'self' https://www.lionbridge.com https://play.vidyard.com https://five.fourtimessmelly.com https://cdn.cookielaw.org https://cdn.vidyard.com https://*.brand-portal.adobe.com https://b.6sc.co/ https://www.facebook.com https://trackingapi.trendemon.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://www.google.com https://www.google.ie https://cm.everesttech.net https://pic.trendemon.com/ https://lionbridge.data.adobedc.net https://dpm.demdex.net/ https://a.mktgcdn.com https://t.co https://analytics.twitter.com https://dpm.demdex.net https://www.google-analytics.com; connect-src 'self' https://ws.zoominfo.com https://api.schedule.zoominfo.com https://five.fourtimessmelly.com/mon https://*.lionbridge.com https://cdn.cookielaw.org https://answersstatus.pagescdn.com https://liveapi-cached.yext.com https://ipv6.6sc.co https://geolocation.onetrust.com https://five.fourtimessmelly.com https://dpm.demdex.net https://js.zi-scripts.com https://epsilon.6sense.com https://*.brand-portal.adobe.com https://cdn.linkedin.oribi.io https://lionbridge.tt.omtrdc.net https://dayintegrationintern.tt.omtrdc.net https://viewlicense.adobe.io https://liveapi.yext.com https://answers.yext-pixel.com https://privacyportal-de.onetrust.com https://c.6sc.co https://region1.analytics.google.com https://stats.g.doubleclick.net/ https://secure.adnxs.com https://px.ads.linkedin.com https://www.google.ie; frame-src 'self' https://play.vidyard.com https://dayintegrationinternal.demdex.net https://lionbridge.demdex.net https://www.facebook.com https://app-sjn.marketo.com https://www.youtube.com/ https://www.google.com/ https://www.lionbridge.com/ https://player.youku.com/ https://activitymap.adobe.com/ https://info.lionbridge.com/ https://info1.lionbridge.com/ https://documentcloud.adobe.com/ https://*.brand-portal.adobe.com; frame-ancestors 'self' http://lionbridge.com:8000 https://*.brand-portal.adobe.com 2
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.de cdn.cookielaw.org www.google.it adservice.google.com *.onetrust.com *.imperva.com www.google.com.et www.google.co.il www.google.com.sa munchkin.marketo.net cdn.bizible.com www.google.pl *.doubleclick.net www.google.com.co www.google.com.np edge.fullstory.com www.google.com.ph www.google.fr www.google-analytics.com www.google.co.th www.google.com.br www.google.es *.mktoresp.com www.brighttalk.com region1.analytics.google.com translate.google.com www.google.com.ua b.6sc.co www.google.nl www.google.com.eg *.optimizely.com www.google.com.hk c.6sc.co www.youtube.com jscloud.net *.adroll.com www.google.com.pk *.googleapis.com www.google.com.ng rs.fullstory.com *.vimeo.com www.google.com.au www.google.ie www.google.com.gh www.google.co.kr www.google.com.vn www.google.com www.google.se www.google.com.my *.mktoutil.com imperva.piwik.pro www.google.co.in www.googletagmanager.com *.gstatic.com j.6sc.co www.google.com.tw imperva.containers.piwik.pro ipv6.6sc.co js.driftt.com bam.nr-data.net privacy-policy.truste.com www.google.co.uk analytics.google.com gc.kis.v2.scr.kaspersky-labs.com www.google.ca cdn.bizibly.com js-agent.newrelic.com *.gravatar.com code.highcharts.com go.imperva.com imperva.substack.com *.vimeocdn.com tag.demandbase.com ; form-action 'self' *.salesforce.com ; frame-ancestors 'self' http://thalesgroup.lookbookhq.com https://thalesgroup.lookbookhq.com http://thalesgroup.pathfactory.com https://thalesgroup.pathfactory.com http://hub-cpl.thalesgroup.com https://hub-cpl.thalesgroup.com ; 2
frame-ancestors 'self' *.inforcloudsuite.com 2
frame-ancestors 'self' https://*.wynnlasvegas.com 2
frame-ancestors 'self' https://top.gg 2
default-src 'self' *.lvvwd.com *.youtube.com data:; style-src 'self' 'unsafe-inline' *.lvvwd.com *.juicer.io *.cludo.com *.cludo.com.cdn.cloudflare.net *.googleapis.com; script-src 'self' 'unsafe-inline' blob: cdn.lvvwd.com *.lvvwd.com *.juicer.io *.digicert.com *.google-analytics.com *.googleapis.com *.jwpcdn.com *.gstatic.com *.google.com *.googletagmanager.com *.facebook.net *.facebook.com *.cludo.com *.cludo.com.cdn.cloudflare.net apps.usw2.pure.cloud cdn.jwplayer.com api.flickr.com data:; connect-src 'self' *.lvvwd.com *.juicer.io *.facebook.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.doubleclick.net *.cludo.com *.cludo.com.cdn.cloudflare.net api-use2.digital.genesyscloud.com cdn.jwplayer.com cdn3.wowza.com data:; font-src 'self' *.lvvwd.com *.juicer.io *.jwpcdn.com *.gstatic.com data:; img-src 'self' *.lvvwd.com *.snwa.com *.springspreserve.org *.google.com *.juicer.io *.cdninstagram.com prd.jwpltx.com seal.digicert.com maps.gstatic.com *.googleapis.com cdn.jwplayer.com assets-jpcust.jwpsrv.com live.staticflickr.com *.cludo.com *.facebook.com *.fbcdn.net *.facebook.net  blob: data:; frame-src 'self' *.captionedtext.com *.youtube.com *.doubleclick.net *.google.com *.facebook.com data:; media-src 'self' *.lvvwd.com cdn3.wowza.com blob: data:; 2
upgrade-insecure-requests; frame-ancestors https: 'self' *.uprinting.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 2
base-uri 'www.axelspringer.com'; upgrade-insecure-requests 1; 2
default-src 'self' assets.adobedtm.com; img-src * data:; font-src * data:; style-src 'self' 'unsafe-inline' data: s7e5a.scene7.com vestas.scene7.com fonts.googleapis.com; media-src s7e5a.scene7.com vestas.scene7.com s7mbrstream-g1.scene7.com *.spotify.com; frame-src policy.app.cookieinformation.com video.vestas.com newsroom.cision.com www.google.com www.video.vestas.com www.facebook.com cloud.marketing.vestas.com www.youtube.com www.arcgis.com vestas-english.newsroom.cision.com survey.extellio.com *.spotify.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' policy.app.cookieinformation.com script.e-space.se script.hotjar.com siteimproveanalytics.com snap.licdn.com static.hotjar.com www.googletagmanager.com www.google-analytics.com assets.adobedtm.com www.gstatic.com www.google.com sc.lfeeder.com connect.facebook.net s7e5a.scene7.com vestas.scene7.com maps.googleapis.com consent.app.cookieinformation.com region1.google-analytics.com www.youtube.com m.extellio.com script.extellio.com sfxway.com *.spotify.com *.kickfire.com; connect-src 'self' assets.adobedtm.com policy.app.cookieinformation.com publish.ne.cision.com cdn.linkedin.oribi.io vestas.tt.omtrdc.net in.hotjar.com www.google-analytics.com maps.googleapis.com s7e5a.scene7.com vestas.scene7.com consent.app.cookieinformation.com region1.google-analytics.com m.extellio.com s7mbrstream-g1.scene7.com; worker-src blob:; 2
frame-ancestors 'self' www.charleskeith.com www.pedroshoes.com 2
frame-ancestors https://app.contentful.com; base-uri 'self'; object-src 'self'; media-src 'self' https://videos.ctfassets.net; font-src 'self'; frame-src 'self' https://bid.g.doubleclick.net https://td.doubleclick.net https://info.hireright.com https://www.youtube.com https://lpcdn.lpsnmedia.net https://assets.ctfassets.net https://hemsync.clickagy.com; form-action 'self'; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://www.google.co.in https://www.linkedin.com https://*.ads.linkedin.com *.analytics.google.com https://lpcdn.lpsnmedia.net https://ha.prelytix.com https://b.6sc.co https://www.google.co.uk https://www.google.com https://www.google-analytics.com https://dpm.demdex.net https://stags.bluekai.com *.agkn.com https://aorta.clickagy.com https://images.ctfassets.net https://cdn.sanity.io https://j.mrpdata.net https://px.ads.linkedin.com https://pixel-sync.sitescout.com *.rlcdn.com https://us-u.openx.net https://sync.crwdcntrl.net *.doubleclick.net *.clarity.ms https://c.bing.com https://*.google.ee; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://j.6sc.co/6si.min.js http://info.hireright.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com *.doubleclick.net https://tags.clickagy.com *.pardot.com https://ws.zoominfo.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://snap.licdn.com *.rlcdn.com *.clarity.ms https://www.youtube.com *.liveperson.net *.lpsnmedia.net https://assets.ctfassets.net; connect-src 'self' https://*.analytics.google.com https://*.googletagmanager.com https://ws.zoominfo.com https://js.zi-scripts.com https://aorta.clickagy.com https://hemsync.clickagy.com https://secure.adnxs.com https://c.6sc.co/ https://ipv6.6sc.co/ https://analytics.google.com https://cdn.linkedin.oribi.io https://cdn.contentful.com *.google-analytics.com *.analytics.google.com *.algolianet.net *.algolianet.com *.algolia.net *.clickagy.com *.doubleclick.net https://insights.algolia.io *.clarity.ms https://hireright-com-resources-prod.netlify.app https://hireright-com-blog-prod.netlify.app https://hireright-com-pdfs-prod.netlify.app https://hireright-com-services-prod.netlify.app https://hireright-com-industries-prod.netlify.app 2
frame-ancestors 'self' https://zeroheight.com https://akira.ninjavan.dev https://*.myshopify.com https://app.zeplin.io https://ninjavansg.zendesk.com https://*.ninjavan.cn https://*.ninjavan.co; 2
default-src 'none'; connect-src 'self'; frame-ancestors 'self'; frame-src 'none'; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' 2
frame-ancestors 'self' https://uad.sonera.fi/ https://*.f-secure.com; 2
default-src *.crazyegg.com https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https: *.crazyegg.com; style-src 'unsafe-inline' https: *.crazyegg.com; font-src https: data:; media-src http: https:; img-src http: https: data: *.crazyegg.com 2
default-src * blob: 'unsafe-eval' data: 'unsafe-inline' 2
frame-ancestors 'self' *.calsaws.net https://id-at.calsaws.net 2
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi https://static.aim.front.ai https://traficom-prod.boost.ai stat.viestintavirasto.fi 10.250.193.20 'nonce-23ff09a2-bf68-4568-a612-acfee567ac48'; img-src 'self' data: https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com https://static.aim.front.ai *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi https://static.aim.front.ai https://traficom-prod.boost.ai 'unsafe-inline'; font-src 'self' occhat.elisa.fi https://static.aim.front.ai; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://static.aim.front.ai https://traficom-prod.boost.ai https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 2
default-src 'self' https:; font-src 'self' data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob:; frame-ancestors vtr.com *.vtr.com ww2.movistar.cl/*; 2
block-all-mixed-content; font-src 'self' fonts.gstatic.com www.wuv.de fonts.gstatic.com data:; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' addsearch.com cdn.ampproject.org open.scdn.co connect.facebook.net *.usercentrics.eu *.g.doubleclick.net *.getsitecontrol.com *.google.de *.google.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.instagram.com *.ioam.de *.opinary.com *.stry.tl *.twimg.com *.twitter.com *.wuv.de *.youtube.com *.ytimg.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.pinterest.com *.research.appinio.com *.ttwstatic.com *.adition.com *.scorecardresearch.com *.searchcdn.com *.teads.tv s0.2mdn.net *.wuv.de gdpr-tcfv2.sp-prod.net widget.perfectmarket.com *.flashtalking.com *.criteo.com *.adform.net *.vidible.tv *.doubleverify.com *.doubleclick.net bs.serving-sys.com static.aivdesk.com secure-ds.serving-sys.com ad.lkqd.net *.cloudflare.com *.adsafeprotected.com *.maximus.mobkoi.com *.celtra.com *.moatads.com sf16-scmcdn-sg.ibytedtos.com tags.crwdcntrl.net  *.vimeocdn.com; style-src 'self' 'unsafe-inline' *.addsearch.com fast.fonts.net *.googleapis.com *.stry.tl *.twitter.com *.wuv.de *.tiktok.com *.tiktokcdn.com *.ttwstatic.com *.cloudfront.net tagmanager.google.com *.wuv.de s1.adform.net static.aivdesk.com; worker-src blob: *.wuv.de 2
frame-ancestors 'self' https://blog.hootsuite.com https://app.contentful.com https://hootsuite.com https://staging.hootsuite.com/; report-uri https://o3805.ingest.sentry.io/api/6608832/security/?sentry_key=f44c14ec894c4667b3fd34b84042794d 2
frame-ancestors 'self' webvisor.com metrica.yandex.com metrica.yandex.ru metrika.yandex.com metrika.yandex.ru 2
report-uri /csp-report?p=; block-all-mixed-content; default-src 'none'; base-uri 'none'; img-src 'self' https://b.stripecdn.com https://q.stripe.com https://stripe-camo.global.ssl.fastly.net https://images.ctfassets.net https://assets.ctfassets.net data:; style-src 'unsafe-inline' 'self' https://b.stripecdn.com; connect-src 'self' https://stripe.com blob: https://stripe-images.s3.us-west-1.amazonaws.com https://errors.stripe.com https://b.stripecdn.com https://climate.stripe.com https://ext.stripe.com https://r.stripe.com https://c.increment.com https://c.stripe.dev https://c.stripe.global https://c.stripe.partners https://sales-live-chat.stripe.com https://y4pfttj91h-dsn.algolia.net/1/indexes/mkt_partners/query https://y4pfttj91h-1.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-2.algolianet.com/1/indexes/mkt_partners/query https://y4pfttj91h-3.algolianet.com/1/indexes/mkt_partners/query; font-src 'self' https://b.stripecdn.com; form-action 'self' https://stripe.com https://climate.stripe.com; frame-src 'self' https://js.stripe.com https://register.stripesessions.com https://b.stripecdn.com https://crypto-js.stripe.com https://sales-live-chat.stripe.com https://checkout.stripe.com https://checkout.stripe.dev; media-src 'self' https://b.stripecdn.com https://videos.ctfassets.net https://assets.ctfassets.net; script-src 'self' https://js.stripe.com 'sha256-vTifGUJH6hJYTvstw4xJ4xfr/vE0ELkOV4GpCumyqfg=' 'sha256-cCM0Z4lzGkzQnmbdVw+ouz0JRawyaKcZ4yiqzqYS7ek=' 'sha256-5LtzXhT7UFn+GqP5pKEMGL08UNZsrzANHFEBW/mQHGw=' 'sha256-3aWvb9tRBjmz1OjR3n7mwiTm94+s4iki4mMZF82asmc=' 'sha256-beLzNcen8LrazzSCRjAapoIMTgJI0osPWGNSX7aK6lc=' https://b.stripecdn.com https://crypto-js.stripe.com 'report-sample'; frame-ancestors 'self' https://app.contentful.com 2
base-uri 'self';default-src 'none'; connect-src 'self' inline-only: *; font-src 'self' data: *; img-src 'self' *;script-src 'self' 'unsafe-hashes' 'sha256-H2tlmRuSoiM440uTQK7H3mt3L74Xvy3HDbFQqhasmLM=' 'sha256-F31Z235J4JoHiQd4pwhlVGhZAo9TL1xXkr998POEVGk=' 'sha256-dg9STQouzRiKJUO3yike1CtjTb8JY3xoFiB0syjsclM=' 'sha256-npzn7ujSOdyjMmFgVUD96cEc+e4ADPr6/G36kMw42xg=' 'sha256-5TFWe/7xA1mUO7yvl+1rrgKnK4IkLgDeImwowoNtSio=' 'sha256-0ris5gmMUJMPIW5+I0NnEuFoC0HsIyvgUblcUKRj8DU=' 'sha256-2YCB6Lhue7C9r6969mhdpe1UfjRUR3HR4A0E0by9Kgg=' 'sha256-dPdAVNwRUBOO9U/2jj9+7Wrv56B40z2Jv1G60xrq99k=' 'sha256-1v5J2KvQP4Gbm3K2rHEJwOXTbrRded9lfuiMfmyrgLQ=' 'sha256-zjjpOAlgWBBa3LGAToXGdQdBJ74Nk1FbPuXvyyNud+c=' 'sha256-6Vxqk2EtHXjiJTfzUejPw5pYIuKocUwpWnj5ceUldH4=' 'sha256-jWeJInrhgp2bhmYq4ENjpiKhX8vgbI25wEHe7xZmntk=' 'sha256-MkZksky8RCDrddFfcsZvpoIOBWi+U4WdS/AUDSRoFWc=' 'sha256-JgUlUrFxfMASKHj7b/5oFO6lurjlitmjXKYNNDMUD+Y=' 'sha256-jwKtf7qtuAMIgLD43eyvgH971eEPHz3iVd6yMxfeA9A=' 'sha256-D/PRixJhLrpI1HflSDVH9owyKK3PGUoiNKrmyLvd3tM=' 'sha256-HSqFHC4bxSGLtwIKYvWNU/qQ4Q0oBveduu1wZdFXO+M=' 'sha256-nFFbE/gfqIA03gqrxwtcaywPXAg1nnX0YRI/RaMK8Lo=' 'sha256-k0FSIbTuVFHaoQGas062MT8MxUolKkiZqbpYaF929+c=' 'sha256-rqmm25uujCmwRm3UkPUpq2WM1jbmHLDuEQGkdF9+470=' 'sha256-U7ve//F4t99wIgL0aTmqx7pcSv+0E36f4XP+HwqZU30=' 'sha256-zZ15axXrbdoSqrE42O5dT3pilUPZCKObwx+aitQeT78=' 'sha256-C76Klxj0BnbMe8uaGS7kU+98MDherr94oIyjKlkWxTk=' 'sha256-244y469+HkRw3VOen69J4OuOZPA1f+0QrXS6/KOHJg0=' 'sha256-DNpb+AMfC5A+CyVJTBZTmmAK5kjYiOPpCYonuCoNUDc=' 'sha256-4xvwiEnvCWO3LygP+6rATbySh1+ealhANaQTvdaQaxk=' 'sha256-ClkLV8HfXoqqJ9Kl5sJglafxsF9F9ogSxHZxhR07bq4=' 'sha256-4TpZ3Tx5SLybDXPQaSHGuP1RU4D+pzck+02JLVY61BY=' 'sha256-osjxnKEPL/pQJbFk1dKsF7PYFmTyMWGmVSiL9inhxJY=' 'unsafe-inline' 'unsafe-eval' https://aicpa.ugc.bazaarvoice.com/static/8502-en_us/bvapi.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/04f604fda4ad/launch-4dd043aa3d36.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000054.js https://cdn.mouseflow.com/projects/79d6f783-d04b-41b1-8cd4-ff5b0aef991b.js https://connect.facebook.net/en_US/fbevents.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://siteintercept.qualtrics.com/dxjsmodule/11.94e7d7f0c6a48ca94c06.chunk.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP4c3fcccffd524251ae198bf677f3b6e9/AppMeasurement.min.js https://assets.adobedtm.com/launch-ENbe9d56e701d340938e112682ad21519f.min.js https://d2qrdklrsxowl2.cloudfront.net/api/configuration.js https://d2qrdklrsxowl2.cloudfront.net/api/viewer/setup/ https://d2qrdklrsxowl2.cloudfront.net/js/generated/bootstrap.built.js https://d2qrdklrsxowl2.cloudfront.net/js/generated/brightcove.v2.built.js https://d2qrdklrsxowl2.cloudfront.net/js/hapyak.js https://d2qrdklrsxowl2.cloudfront.net/js/partners/brightcovePlugin/brightcovePlugin.js https://players.brightcove.net/1485859309/experience_59ca4a72f0534d000fe052ff/live.js https://players.brightcove.net/1485859309/rJBq047Xx_default/index.min.js https://vjs.zencdn.net/vttjs/0.12.5/vtt.global.min.js https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.youtube.com/iframe_api https://a.quora.com/qevents.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/a620dac02c5d/launch-01674e2d033f.min.js https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/135000332.js https://cdn.mouseflow.com/projects/f51c3538-9092-4e2e-aae3-eff0161c955a.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://us-content.vergic.com/C684836E-2833-4669-875F-C54261C28192/engage.js https://www.clarity.ms/tag/uet/135000332 https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js  https://adservice.google.com.ph/adsid/integrator.js https://adservice.google.com/adsid/integrator.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js https://assets.adobedtm.com/launch-EN2c0e28c6709c4e27a936ae1de1381bd2.min.js https://cdn.mouseflow.com/projects/4ac367e9-d555-45b8-8c1c-21159c893c86.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031501.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/pagead/js/r20220316/r20110914/client/window_focus_fy2019.js https://tpc.googlesyndication.com/sodar/UFYwWwmt.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/activeview/js/current/rx_lidar.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://assets.adobedtm.com/3e79a7f00488/8b34a42b9048/94b1f86a0642/EX982a457aa31f49e98223c06cfedf70f2-libraryCode_source.min.js https://assets.adobedtm.com/launch-EN4ac663097b4c4c6483086c5b1a46bf23.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031401.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022032104.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://siteintercept.qualtrics.com/dxjsmodule/11.172e2d2f93de5974ae28.chunk.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://connect.facebook.net/en_US/fbevents.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022031601.js https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022081101.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.google.com/pagead/conversion_async.js https://www.googletagmanager.com/gtm.js https://www.googletagservices.com/tag/js/gpt.js https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *; script-src-elem 'unsafe-inline' *; style-src-elem 'unsafe-inline' *;frame-src 'unsafe-inline' *;worker-src 'unsafe-inline' blob: *;media-src 'unsafe-inline' blob: *; 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 2
default-src 'self' *.vidyard.com https: mailto:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https: mailto:; object-src none; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; media-src 'self' https: blob:; font-src 'self' https: data:; connect-src 'self' https: wss: ; upgrade-insecure-requests 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
frame-ancestors 'self' *.connectmeinforma.com dev.totem-app.com www.fanexpohq.events 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: *.gea.com; form-action 'self'; frame-src 'self' *.gea.com *.eqs.com streamstudio.world-television.com *.eurolandir.com www.treedom.net *.qualtrics.com vara-services.com *.podigee.com *.podigee-cdn.net playout.3qsdn.com *.audiocon.de html5-player.libsyn.com forms.office.com embed.contentflow.net 2
connect-src 'self' *.edenred.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com http://*.xiti.com; font-src 'self' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' *.edenred.com https://cdn.cookielaw.org data: https://api.mapbox.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com; media-src 'self' *.edenred.com; object-src 'self' *.edenred.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tag.aticdn.net https://api.mapbox.com https://cdn.jsdelivr.net https://connect.facebook.net cdn.datatables.net cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com unpkg.com www.gstatic.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.edenred.com https://cdn.cookielaw.org https://fonts.googleapis.com fonts.googleapis.com cdn.cookielaw.org https://fonts.gstatic.com https://tagmanager.google.com cdn.datatables.net cdnjs.cloudflare.com https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.edenred.com; report-uri https://www.edenred.com/fr/system/reporting/csp; report-to csp 2
object-src players.brightcove.net www.realpage.com s.realpage.com vjs.zencdn.net; frame-ancestors 'self' *.realpage.com *.seismic.com www.realpagelearning.com *.yieldstar.com *.mpfyieldstar.com www.on-site.com; report-uri https://cspreports.realpage.com/api/reports/save/violation; 2
frame-src 'self' *.adyen.com *.braintreegateway.com *.paypal.com *.salesforce.com *.doubleclick.net *.api.useinsider.com *.adsrvr.org https://www.google.com https://www.googletagmanager.com https://www.provenance.org https://www.youtube.com https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://embed.acast.com;object-src 'none' 2
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 2
frame-ancestors 'self'; base-uri 'self'; form-action teufel.de zed.teufel.de support.teufel.de retoure.teufel.de blog.teufel.de www.terminland.de www.saferpay.com test.saferpay.com *.amazon.de payments.amazon.de row.ups.com checkout.sandbox.getalma.eu checkout.getalma.eu 'self' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.s-24.news https://push.s-24.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.s-24.news https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.s-24.news ; 2
frame-ancestors 'self' https://*.cite-sciences.fr https://*.palais-decouverte.fr https://*.universcience.fr; 2
connect-src https://bat.bing.com https://adservice.google.com 'self' *.motel-one.com *.the-cloud-one.com https://*.motel-one.com https://*.google-analytics.com https://maps.googleapis.com https://*.g.doubleclick.net https://*.facebook.com https://*.adup-tech.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://*.dialogshift.com https://core.prod.co25.net https://*.criteo.com https://*.bing.com https://*.google.com; img-src https://gum.criteo.com https://id5-sync.com https://x.bidswitch.net https://e1.emxdgt.com https://simage2.pubmatic.com https://a.twiago.com https://sync-t1.taboola.com https://hb.yahoo.net https://ad.360yield.com https://jadserve.postrelease.com https://sync-criteo.ads.yieldmo.com https://ad.yieldlab.net https://rtb-csync.smartadserver.com https://contextual.media.net https://visitor.omnitagjs.com https://criteo-partners.tremorhub.com https://r.casalemedia.com https://c1.adform.net https://pixel.rubiconproject.com https://matching.ivitrack.com https://exchange.mediavine.com https://match.sharethrough.com https://criteo-sync.teads.tv https://sync.outbrain.com https://www.google.ro https://cm.adform.net https://eb2.3lift.com https://www.google.rs https://www.google.nl data: *.ytimg.com *.vimeocdn.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.cdninstagram.com https://*.squarelovin.com https://squarelovin.com https://ik.imagekit.io https://*.google-analytics.com https://*.doubleclick.net https://t.co https://*.adup-tech.com https://www.facebook.com https://*.google.de https://*.google.com https://*.google.rs https://*.google.ro https://*.google.nl https://*.cx.atdmt.com https://maps.gstatic.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://assets.pinterest.com https://log.pinterest.com https://bat.bing.com https://*.hurra.com https://*.fbcdn.net https://image.motel-one.com *.motel-one.com *.the-cloud-one.com https://*.gstatic.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://analytics.twitter.com https://*.adnxs.com https://*.criteo.com https://*.demdex.net https://*.ads.yieldmo.com https://*.3lift.com https://*.smartadserver.com https://*.yahoo.net https://*.yieldlab.net https://*.postrelease.com https://*.ivitrack.com https://*.adform.net https://*.omnitagjs.com https://*.tremorhub.com https://*.teads.tv https://*.casalemedia.com https://*.emxdgt.com https://*.pubmatic.com https://*.twiago.com https://*.mediavine.com https://*.360yield.com https://*.taboola.com https://*.outbrain.com https://*.rubiconproject.com https://*.bidswitch.net https://*.media.net https://*.sharethrough.com https://www.googletagmanager.com https://ih.adscale.de https://ads.betweendigital.com https://ads.travelaudience.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com https://*.usercentrics.eu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com https://*.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://*.hurra.com https://*.googleadservices.com https://*.criteo.com https://*.criteo.net https://*.creativecdn.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.facebook.com https://*.adnxs.com https://*.bizographics.com https://*.googlesyndication.com https://*.bing.com https://*.adsrvr.org https://*.cloudfront.net https://*.sia.eu https://*.google.ae https://*.google.at https://*.google.ba https://*.google.be https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ch https://*.google.co.cr https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.co.zw https://*.google.de https://*.google.com https://*.google.com.ar https://*.google.com.au https://*.google.com.bo https://*.google.com.br https://*.google.com.cy https://*.google.com.ec https://*.google.com.eg https://*.google.com.hk https://*.google.com.kw https://*.google.com.mt https://*.google.com.mx https://*.google.com.sg https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.cz https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.gr https://*.google.hr https://*.google.hu https://*.google.ie https://*.google.im https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.se https://*.google.si https://*.adup-tech.com https://static.ads-twitter.com https://analytics.twitter.com https://assets.pinterest.com https://log.pinterest.com https://squarelovin.com https://*.squarelovin.com https://*.usercentrics.eu https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://*.dialogshift.com https://*.smartrecruiters.com https://ads.travelaudience.com; style-src-attr 'unsafe-inline'; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.motel-one.com *.the-cloud-one.com https://*.computop-paygate.com https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://www.youtube.com https://cdnjs.cloudflare.com https://code.jquery.com https://*.hurra.com https://*.googleadservices.com https://*.criteo.com https://*.criteo.net https://creativecdn.com https://*.creativecdn.com https://*.facebook.net https://*.doubleclick.net https://*.licdn.com https://*.linkedin.com https://*.facebook.com https://*.google.de https://*.adnxs.com https://*.bizographics.com https://*.googlesyndication.com https://*.bing.com https://*.adsrvr.org https://*.cloudfront.net https://*.sia.eu https://*.usercentrics.eu https://assets.pinterest.com https://log.pinterest.com https://*.pinimg.com https://*.pinterest.com https://*.surveysparrow.com https://surveysparrow.com https://*.dialogshift.com https://*.smartrecruiters.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com https://*.usercentrics.eu data: https://*.squarelovin.com https://squarelovin.com https://fonts.googleapis.com https://tagmanager.google.com https://*.google.com https://*.dialogshift.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.motel-one.com *.the-cloud-one.com https://*.usercentrics.eu data: https://*.computop-paygate.com https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://www.google-analytics.com https://*.doubleclick.net https://*.dialogshift.com 2
frame-ancestors 'self' www.roompotpsa.eu survey.insocial.nl www.detolplas.nl www.familieparken.nl www.onsvakanties.nl www.vakantieparkhellendoorn.nl www.vakantievilla-met-prive-zwembad.nl www.strandparkzeeland.nl www.kronenburgersee.nl kronenburgersee.nl www.eifelpark-eks.de www.duinresortdunimar.nl dev72.lined.nl 89051.afasinsite.nl www.detwentsehoeve.nl www.edeka-reisen.de www.edeka-urlaubswelt.de www.edeka-reiselust.de www.htc-reisen.de www.mein-kleiner-urlaub.de www.bungalowpark-veluwsehoevegaerde.nl www.deriethorst.com www.drentsewold.nl f.insocial.nl strandparkzeeland.nl www.globista.de www.holidayparkhellendoorn.com www.ferienparkhellendoorn.de uptour.de test.uptour.de www.deriethorst.com www.vakantieparkdeheihorsten.nl www.vakantieparkschaijk.nl www.uptour.de www.marberveluwe.nl www.detolplas.de; report-to csp-endpoint; report-uri https://www.roompot.nl/cspreports/ 2
base-uri 'self'; default-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com cdn.polyfill.io www.googleadservices.com cdn.growthbook.io *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud *.chilipiper.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com cdn.polyfill.io www.googleadservices.com cdn.growthbook.io *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.chilipiper.com https://*.cookiebot.com:* *.typeform.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://a.quora.com/qevents.js; connect-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com nordlayer.com *.nordlayer.com graphql.contentful.com t.co bat.bing.com cx.atdmt.com s1.nordcdn.com cdn.polyfill.io www.googleadservices.com cdn.growthbook.io *.google-analytics.com www.facebook.com connect.facebook.net www.linkedin.com px.ads.linkedin.com *.oribi.io analytics.twitter.com static.ads-twitter.com stats.g.doubleclick.net p.adsymptotic.com api.iterable.com sentry.netaltr.com www.gstatic.com snap.licdn.com *.clarity.ms *.6sc.co *.6sense.com *.sleeknote.com *.inwebr.com *.wisepops.com *.wisepops.net wisepops.net *.ahrefs.com ahrefs.com *.salesloft.com cdn.dreamdata.cloud http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.chilipiper.com https://consentcdn.cookiebot.com *.typeform.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com; form-action 'self' webto.salesforce.com https://www.facebook.com/tr *.hsforms.com; frame-src 'self' *.livechatinc.com secure.livechatinc.com www.facebook.com www.googletagmanager.com www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com *.chilipiper.com www.youtube.com https://www.youtube.com/ www.youtube-nocookie.com https://www.youtube-nocookie.com/ player.vimeo.com https://player.vimeo.com/ https://consentcdn.cookiebot.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.typeform.com; img-src * data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://ct.capterra.com https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://q.quora.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.typeform.com; media-src 'self' 'unsafe-inline' videos.ctfassets.net nordlayer.com *.nordlayer.com false; font-src 'self' data: www.google.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; child-src 'self' *.hsforms.com; 2
frame-ancestors https://cue.mediahuis.cue.cloud 2
script-src 'self' *.amnhealthcare.com dl.episerver.net maps.googleapis.com www.youtube.com unpkg.com script.crazyegg.com *.cookielaw.org d10lpsik1i8c69.cloudfront.net secure.quantserve.com api.amnhealthcare.io bat.bing.com app.leadsrx.com *.americanmobile.com rules.quantcount.com *.pardot.com js.adsrvr.org snap.licdn.com dev.visualwebsiteoptimizer.com www.google.com assets.adobedtm.com www.googletagmanager.com www.gstatic.com twin-iq.kickfire.com www.rumiview.com *.amnhealthcare.com www.medtargetsystem.com match.deepintent.com trc.lhmos.com newton.newtonsoftware.com recruitingbypaycor.com apply.indeed.com cdn.botframework.com ajax.googleapis.com connect.facebook.net static.ads-twitter.com ssl.luckyorange.com analytics.click2apply.net adservice.google.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com analytics.tiktok.com tag.demandbase.com  'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: 'unsafe-inline'; worker-src 'self' blob:; 2
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src https://* 'self' data: https: blob: feed.pghub.io pandg.tapad.com ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 2
frame-ancestors 'self' *.exocad.com *.exocad.net; 2
script-src 'self' https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.google.pl https://*.google-analytics.com https://*.googleapis.com https://*.googleadservices.com https://*.ggpht.com https://*.googleusercontent.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.snrcdn.net https://chat.pekao.com.pl https://chatvideo.pekao.com.pl https://vv.pekao.com.pl https://public.tableau.com https://bat.bing.com https://ngcct.cn.in.pekao.com.pl https://platform.twitter.com 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self'; object-src 'none'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viewpoint.com https://go.trimble.com https://get.trimble.com https://*.inventiveperception365.com https://*.visualwebsiteoptimizer.com https://unpkg.com https://*.6sc.co https://viewpoint.us12.list-manage.com https://cdn.cookielaw.org https://*.vidyard.com https://js-agent.newrelic.com https://secure.coax7nice.com https://*.facebook.com https://*.marketo.net https://*.marketo.com https://*.driftt.com https://*.adroll.com https://*.sumo.com https://*.sumome.com https://sumo.com https://content.cdntwrk.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://tagmanager.google.com https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://optimize.google.com https://www.googleoptimize.com https://*.vimeo.com https://connect.facebook.net https://rules.quantcount.com https://secure.quantserve.com https://snap.licdn.com https://bat.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://siteimproveanalytics.com https://*.wistia.net https://*.wistia.com https://*.doubleclick.net https://www.reddit.com https://reddit.com https://*.pinterest.com https://api.bufferapp.com https://www.gstatic.com https://www.youtube.com https://www.google.com https://cdnjs.cloudflare.com https://bam.nr-data.net https://d.adroll.mgr.consensu.org https://tribl.io https://*.uberflip.com https://*.calendly.com; img-src 'self' data: https://*.viewpoint.com https://*.pubmatic.com https://*.linkedin.com https://*.visualwebsiteoptimizer.com https://cdn.cookielaw.org https://*.vidyard.com https://*.6sc.co https://s.amazon-adsystem.com https://*.krxd.net https://fcmatch.youtube.com https://sync.mathtag.com https://www.google.ca https://www.google.co.uk https://*.adroll.com https://s3-us-west-2.amazonaws.com https://cdn.bizibly.com https://gum.criteo.com https://www.google.com https://px.ads.linkedin.com https://www.linkedin.com https://*.sumo.com https://*.sumome.com https://sumo.com https://privacy-policy.truste.com https://c.bing.com https://match.prod.bidr.io https://tags.rd.linksynergy.com https://cw.addthis.com https://segments.company-target.com https://sync.ipredictive.com https://sync.tidaltv.com https://epiv.cardlytics.com https://aa.agkn.com https://px.owneriq.net https://dpm.demdex.net https://bttrack.com https://pixel.spotify.com https://usersync-b3.videoamp.com https://srv4j.net https://usersync-b3.videoamp.com https://ssum.casalemedia.com https://a.tribalfusion.com https://dps.admission.net https://ps.eyeota.net https://segments.company-target.com https://um.simpli.fi https://pixel.tapad.com https://match.adsrvr.org https://px.surveywall-api.survata.com https://sync.srv.stackadapt.com https://rtb.adentifi.com https://bcp.crwdcntrl.net https://pm.w55c.net https://p.rfihub.com https://idsync.reson8.com https://tribl.io https://sync-tm.everesttech.net https://loadm.exelator.com https://secure-gl.imrworldwide.com https://d3sut91l4ajo4b.cloudfront.net https://d3lziyk5qr4b9v.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://optimize.google.com https://*.gstatic.com https://*.bluekai.com https://d3sut91l4ajo4b.cloudfront.net https://s-static.ak.facebook.com https://*.vimeo.com https://*.vimeocdn.com https://www.youtube.com https://*.siteimproveanalytics.io https://x.dlx.addthis.com https://s3.amazonaws.com https://driftt.imgix.net https://px.ads.linkedin.com https://p.adsymptotic.com https://bat.bing.com https://cdn.bizible.com https://pixel.quantserve.com https://www.facebook.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://*.adroll.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://*.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://pippio.com https://tr.snapchat.com https://*.wistia.net https://sync.outbrain.com https://simage2.pubmatic.com https://tag.apxlv.com https://tag.cogocast.net https://x.dlx.addthis.com https://maps.googleapis.com https://www.googleoptimize.com https://go.trimble.com https://get.trimble.com https://*.marketo.com https://*.wistia.com https://pluginicons.craft-cdn.com https://*.akamaihd.net https://content.cdntwrk.com; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' https://*.viewpoint.com https://*.google.com https://*.viewpoint.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://go.trimble.com https://get.trimble.com https://*.marketo.net https://*.marketo.com https://js.driftt.com https://hello.myfonts.net https://cdn.jsdelivr.net https://*.uberflip.com https://content.cdntwrk.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fast.fonts.net; font-src 'self' data: https://*.viewpoint.com https://*.fonts.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.doubleclick.net https://*.facebook.com https://*.gstatic.com https://*.vimeo.com https://connect.facebook.net https://*.uberflip.com https://content.cdntwrk.com https://maxcdn.bootstrapcdn.com https://api2.fonts.com; object-src 'self' https://*.viewpoint.com; child-src 'self' https://*.viewpoint.com; frame-src 'self' https://*.spotify.com https://*.vidyard.com https://www.youtube.com https://w.soundcloud.com https://*.doubleclick.net https://vimeo.com https://*.vimeo.com https://optimize.google.com https://go.trimble.com https://get.trimble.com https://info.viewpoint.com https://*.marketo.com https://*.wistia.com https://*.wistia.net https://*.driftt.com https://*.facebook.com https://calendly.com https://*.calendly.com; connect-src 'self' https://*.adnxs.com https://*.sumome.com https://sumome.com https://*.visualwebsiteoptimizer.com https://*.6sense.com https://*.6sc.co https://analytics.google.com https://maps.googleapis.com https://*.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://stats.g.doubleclick.net https://*.viewpoint.com https://*.sumo.com https://*.sumome.com https://sumo.com https://v2.api.uberflip.com https://clients6.google.com https://*.algolia.net https://*.algolianet.com https://*.craftcms.com https://*.google-analytics.com https://*.mktoresp.com https://*.linkedin.com https://*.facebook.com https://*.wistia.com https://*.litix.io https://*.akamaihd.net https://*.mktoutil.com https://bam.nr-data.net; report-uri https://ca1fe692b8b29170cd9bd1769d468774.report-uri.com/r/d/csp/enforce 2
frame-ancestors resource.ecisolutions.com ecisoftwaresolutions.pathfactory.com 'self' 2
frame-ancestors 'self';default-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src * data:; 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src https://*.afw.com; 2
child-src 'self' *.lightning.force.com *.pendo.io *.greenhouse.io *.google.com *.vimeo.com *.isnetworld.com *.mypurecloud.com; frame-ancestors 'self' *.lightning.force.com; form-action 'self'; 2
default-src 'self' https://*.wistia.com https://*.wistia.net; connect-src * data: https: https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io data: https:; img-src * 'self' data: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src * 'self' data: blob: https: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; style-src * 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://fast.wistia.com;font-src * data: https:; frame-src * data: https: https://fast.wistia.com https://fast.wistia.net; child-src blob:; worker-src 'self' blob:; 2
upgrade-insecure-requests;, upgrade-insecure-requests 2
default-src wss: https: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-inline' nonce sha256 data: *.zenarmor.com google.com sunnyvalley-4755924.hs-sites.com 4755924.hs-sites.com *.hubspot.com *.hsforms.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com cdn.jsdelivr.net/npm/@docsearch/ calendly.com *.calendly.com consent.cookiebot.com consentcdn.cookiebot.com *.hs-scripts.com *.hubapi.com *.hsadspixel.net *.hs-banner.com *.hs-analytics.net challenges.cloudflare.com *.algolia.net *.zdassets.com ekr.zendesk.com wss://*.zopim.com zenarmor.zendesk.com *.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.youtube.com *.recaptcha.net *.gstatic.com; img-src https://* data:; font-src 'self' data: *.gstatic.com; 2
default-src 'self' https://geodis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com unpkg.com *.cloudflare.com cdn.jsdelivr.net *.smart-tribune.com polyfill.io cdn.cookielaw.org tag.aticdn.net *.googleapis.com *.adroll.com snap.licdn.com *.optimonk.com connect.facebook.net *.newrelic.com *.pardot.com bat.bing.com hcaptcha.com crm.geodis.com *.iti-maps.fr lex.33across.com static.hotjar.com script.hotjar.com www.gstatic.com matomojs.trackify.info *.extranet.geodis.org; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com *.smart-tribune.com https://cdn.jsdelivr.net uloga.github.io www.gstatic.com; img-src * 'self' 'unsafe-inline' https://geodis.com data: www.googletagmanager.com https://geodis.widen.net https://server.arcgisonline.com *.widencdn.net *.xiti.com https://cdn.cookielaw.org https://www.google.com *.smart-tribune.com https://maps.gstatic.com *.ads.linkedin.com www.google.fr *.adroll.com pixel.rubiconproject.com sync.outbrain.com dsum-sec.casalemedia.com image2.pubmatic.com sync.taboola.com eb2.3lift.com www.facebook.com www.google.pl bat.bing.com www.google-analytics.com px.ads.linkedin.com www.google.be; media-src 'self' https://geodis.com https://geodis.widen.net *.widencdn.net; frame-src 'self' https://www.youtube.com geodis.widen.net cf-store.widencdn.net cf-store.widencdn.net newassets.hcaptcha.com *.doubleclick.net x.adroll.com; frame-ancestors 'self' https://sites-ms.lumapps.com https://dwp.geodis.com https://wishes.geodis.com; font-src 'self' data: *.smart-tribune.com fonts.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net github.com; connect-src 'self' https://geodis.com *.smart-tribune.com cdn.cookielaw.org www.google-analytics.com *.doubleclick.net *.onetrust.com https://maps.googleapis.com *.optimonk.com *.analytics.google.com bam.nr-data.net cdn.linkedin.oribi.io *.hcaptcha.com bat.bing.com px.ads.linkedin.com www.google.fr analytics.google.com www.google.pl *.google.com www.google.ca region1.analytics.google.com *.analytics.google.com www.google.com.mx www.google.co.uk www.google.sk stats.g.doubleclick.net www.google.ae vc.hotjar.io metrics.hotjar.io *.hotjar.io wss://ws.hotjar.com www.google.de www.google.co.nz www.google.bg www.google.es adservice.google.com *.extranet.geodis.org; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors 'self' https://www.google.com https://www.gstatic.com ; img-src 'self' https://www.frontierstore.net https://steamcommunity-a.akamaihd.net https://d1wv0x2frmpnh.cloudfront.net https://d3tidaycr45ky4.cloudfront.net https://p.typekit.net https://imgsct.cookiebot.com https://services.postcodeanywhere.co.uk https://track.linksynergy.com https://dev.visualwebsiteoptimizer.com https://www.google.co.uk https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.frontierstore.net https://www.google.com/recaptcha/api.js https://www.gstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://use.typekit.net https://web-analytics.zaonce.net/matomo.js https://ajax.googleapis.com https://static.hotjar.com https://intljs.rmtag.com https://front11152.pcapredict.com https://services.postcodeanywhere.co.uk https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https://www.frontierstore.net https://services.postcodeanywhere.co.uk https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://consentcdn.cookiebot.com; object-src 'none'; 2
frame-ancestors 'self' https://polkadot-website-staging.netlify.app/ https://polkadot-website.netlify.app/ https://polkadot.ghost.io/ https://cms.polkadot.network/ https://polkadot.network/ 2
frame-ancestors *.multiplan.us; object-src 'none'; img-src 'self' maps.google.com maps.googleapis.com www.google-analytics.com csi.gstatic.com cdn.appdynamics.com multiplan.us www.multiplan.us discoveryhealthpartners.com www.discoveryhealthpartners.com https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com www.google-analytics.com csi.gstatic.com docasap.com cdn.appdynamics.com multiplan.us www.multiplan.us discoveryhealthpartners.com www.discoveryhealthpartners.com https: http: 2
frame-ancestors 'self'; object-src 'self' https://on-site.com https://*.on-site.com https://*.realpage.com; report-uri /pub/csp_reports 2
default-src 'self' https:; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: blob: cdn.ckeditor.com via.placeholder.com; object-src 'none'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com ajax.googleapis.com widget.trustpilot.com cdn.dynamicyield.com pagead2.googlesyndication.com *.scarabresearch.com www.paypalobjects.com js.braintreegateway.com cdn.cookielaw.org; style-src 'self' https: 'unsafe-inline' cdn.ckeditor.com fonts.googleapis.com data:; connect-src 'self' https: data: blob: api.sofort.com 2
frame-ancestors http://*.t-mobile.nl https://*.t-mobile.nl http://*.tele2.nl https://*.tele2.nl http://*.ben.nl https://*.ben.nl https://app.storyblok.com https://internet.odido.nl 2
frame-ancestors 'self' v9.jarvisexch.com 99exch.com www.99exch.com 99exch.live www.99exch.live 99exch.green www.99exch.green 99exch.win www.99exch.win cricbet99.com www.cricbet99.com cricbet99.win www.cricbet99.win cricbet99.club www.cricbet99.club cricbet99.green www.cricbet99.green 11xplay.com www.11xplay.com 11xplay.online www.11xplay.online 11xplay.pro www.11xplay.pro 11xplay.green www.11xplay.green play247.win www.play247.win play247.green www.play247.green play247exch.win www.play247exch.win play247.black www.play247.black laser247.com www.laser247.com laser247.online www.laser247.online laserx247.com www.laserx247.com laser247.club www.laser247.club laser247.pro www.laser247.pro play99exch.com www.play99exch.com play99exch.live www.play99exch.live play99exch.win www.play99exch.win play99exch.club www.play99exch.club lotus999.io www.lotus999.io 2
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' siteimproveanalytics.com *.global.siteimproveanalytics.io az416426.vo.msecnd.net dc.services.visualstudio.com cdn.jsdelivr.net unpkg.com regionstockholmviya4poc.swedencentral.cloudapp.azure.com public.tableau.com static.netpublicator.com docs.netpublicator.com ajax.googleapis.com code.jquery.com *.qbrick.com *.dna.ip-only.net ws: www.netpublicator.com cdn.simplecss.org mfstatic.com *.mediaflow.com *.mediaflowpro.com *.cookiebot.com *.friendlycaptcha.eu *.friendlycaptcha.com form.apsis.one; form-action 'self'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' *.qbrick.com; media-src 'self' data: blob: *; worker-src 'self' data: blob: *; 2
object-src 'none'; script-src 'self' 'unsafe-inline' addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://apps.elfsight.com https://static.elfsight.com https://www.youtube.com https://storage.elfsight.com https://apis.google.com https://www.googletagmanager.com https://universe-static.elfsightcdn.com addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com https://www.tintup.com unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net addtocalendar.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://idrc-crdi.ca/en/report-uri/enforce 2
frame-ancestors 'self' https://adobemc.com https://centerparcs.experiencecloud.adobe.com https://experience.adobe.com 2
frame-ancestors 'self' *.commscope.com *.ruckusnetworks.com *.punchout2go.com *.ariba.com ; 2
default-src 'self'  *.grdp.co blob:; img-src 'self' blob: data: https://releases/traefik/02-csp-middleware.yamlgrdp.co https://tr.outbrain.com https://byjusexamprep.com/ https://translate.google.com https://nr1.s3.amazonaws.com *.boldchat.com accounts.google.com *.doubleclick.net https://www.google.co.in https://bat.bing.com https://www.youtube.com/favicon.ico *.googleadservices.com http://gs-post-images.grdp.co https://gs-groups-images.grdp.co https://graph.facebook.com https://www.google.com gradeup.co https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://gs-post-images.grdp.co https://optimize.google.com cds.taboola.com api.typeform.com https://track.shoptopdeal.com https://events.ub-analytics.com https://ttrk.ringocount.com business.topbuzz.com gradestack.com i.ytimg.com trc.taboola.com *.fbcdn.net cost.affcost.com platform-lookaside.fbsbx.com d9hhrg4mnvzow.cloudfront.net csm.hk.as.criteo.net cm.g.doubleclick.net primedigital.go2cloud.org ad.admitad.com track.in.omgpm.com dis.criteo.com traqkar.com www.googletagmanager.com *.googleadservices.com myfaqprime.appspot.com heapanalytics.com *.googleusercontent.com *.grdp.co grdp.co connect.facebook.net q.quora.com *.gstatic.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://slike.indiatimes.com https://ventes40.gotrackier.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com *.joonbot.com eu1.clevertap-prod.com https://www.googleadservices.com/ https://d34qb8suadcc4g.cloudfront.net *.boldchat.com https://googleadservices.com https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/gsap/latest/TweenMax.min.js https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://tr.outbrain.com amplify.outbrain.com https://optimize.google.com https://cdn.jsdelivr.net/gh/cferdinandi/smooth-scroll@15.0.0/dist/smooth-scroll.polyfills.min.js https://www.google.co.in/pagead cdn.heapanalytics.com https://www.clarity.ms https://s-usc1c-nss-273.firebaseio.com https://udofy-crm-1022.firebaseio.com  s.ytimg.com cdn.ampproject.org cdn.taboola.com trc.taboola.com www.googletagservices.com tagmanager.google.com https://s-usc1c-nss-281.firebaseio.com ajax.cloudflare.com builder-assets.unbounce.com accounts.google.com myfaqprime.appspot.com portal.referralcandy.com go.referralcandy.com cdn.asbmit.com platform.twitter.com maps.googleapis.com adservice.google.com adservice.google.co.in smartlock.google.com wzrkt.com d2r1yp2w7bby2u.cloudfront.net connect.facebook.net track.in.omgpm.com *.grdp.co grdp.co https://www.google-analytics.com/ cdn.mouseflow.com static.bytedance.com sslwidget.criteo.com  www.gstatic.com https://www.google.com/pagead/1p-conversion/820422143/ apis.google.com widget.as.criteo.com maxcdn.bootstrapcdn.com https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdn.jsdelivr.net/npm/js-cookie@beta/dist/js.cookie.min.js https://tvid.akamaized.net https://tvid.in https://cdn.quilljs.com; connect-src 'self' https://bep-public.s3.ap-south-1.amazonaws.com/ https://ebooksecurepdf.s3.ap-south-1.amazonaws.com/ https://google.com https://mpkgr-streaming.tllms.com https://byju.pc.cdn.bitgravity.com *.gradestack.co *.byjusexamprep.com https://gradeup-streaming.tllms.com https://byjus-in.akamaized.net https://gcdn.byjus.com https://*.nanorep.co https://*.nanorep.com wss://*.bold360.com *.boldchat.com https://gradeup-assets.grdp.co https://bat.bing.com https://d27yfew3jd3yhj.cloudfront.net https://drm.tllms.com/ https://us-central1-udofy-1021.cloudfunctions.net https://us-central1-amp-error-reporting.cloudfunctions.net https://adservice.google.com https://www.facebook.com https://maps.googleapis.com wss://photon.gradestack.co wss://mule.byjusexamprep.com webapi.byjusexamprep.com https://udofy-crm-1022.firebaseio.com trc-events.taboola.com trc.taboola.com wss://udofy-crm-1022.firebaseio.com https://www.clarity.ms wss://s-usc1c-nss-273.firebaseio.com https://sheets.googleapis.com https://script.google.com https://script.googleusercontent.com wss://s-usc1c-nss-281.firebaseio.com json.faqprime.com firebaseinstallations.googleapis.com *.grdp.co grdp.co cdnjs.cloudflare.com o2.mouseflow.com heapanalytics.com www.googletagmanager.com wss://*.gradeup.co https://www.google-analytics.com cdn.ampproject.org accounts.google.com www.google.com *.doubleclick.net cdn.ampproject.com https://cleovod.akamaized.net https://cleorec.akamaized.net https://cleolive.akamaized.net https://slike.indiatimes.com https://tvid.in https://*.slike.in https://s3.ap-south-1.amazonaws.com/byjus-media-delivery/videos/ *.razorpay.com ; frame-src whatsapp: *.doubleclick.net https://gradeup.co https://optimize.google.com https://help.byjusexamprep.com https://sin.creativecdn.com https://*.joonbot.com https://*.joonbot.xyz *.boldchat.com https://www.google.com/maps/embed https://s-usc1c-nss-273.firebaseio.com https://asia.creativecdn.com https://s-usc1c-nss-281.firebaseio.com ts.tradetracker.net tl.tradetracker.net tracking.icubeswire.co www.youtube.com portal.referralcandy.com go.onelink.me accounts.google.com gum.criteo.com tpc.googlesyndication.com secure.payu.in gradeup.referralcandy.com www.facebook.com grdp.co https://byjusexamprep.com gradestack.com smartlock.google.com static.criteo.net www.googletagmanager.com https://hts-premium.byjusexamprep.com https://api.razorpay.com https://www.menti.com; style-src 'self' blob: data: *.grdp.co  'unsafe-inline' https://optimize.google.com unpkg.com builder-assets.unbounce.com cdnjs.cloudflare.com myfaqprime.appspot.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com translate.googleapis.com maxcdn.bootstrapcdn.com https://www.googletagmanager.com/gtm.js accounts.google.com cdn.ampprojectorg cdn.materialdesignicons.com cloud.typography.com https://cdn.quilljs.com; object-src 'none'; font-src 'self' blob: data: *.grdp.co https://optimize.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net cloud.typography.com fonts.googleapis.com use.fontawesome.com cdnjs.cloudflare.com; worker-src 'self' blob: data:  https://byjusexamprep.com gradestack.com; media-src 'self' blob: data:  *.grdp.co https://gradeup-streaming.tllms.com https://cleolive.akamaized.net https://cleorec.akamaized.net https://d27yfew3jd3yhj.cloudfront.net; frame-ancestors 'self' *.nanorep.co https://byjus.com https://byjusexamprep.com; script-src-elem 'self' 'unsafe-inline' https://d2r1yp2w7bby2u.cloudfront.net/js/clevertap.min.js https://eu1.clevertap-prod.com https://connect.facebook.net https://amplify.outbrain.com https://tpc.googlesyndication.com *.joonbot.com https://*.joonbot.xyz https://www.googleadservices.com/ https://*.nanorep.co https://d34qb8suadcc4g.cloudfront.net https://bat.bing.com *.googleadservices.com https://*.boldchat.com https://fonts.googleapis.com/css2 https://cdn.ampproject.org/rtv/012110290545003/v0/amp-loader-0.1.js https://www.googletagmanager.com/ https://track.in.omgpm.com https://portal.referralcandy.com/assets/widgets/refcandy-poprocks.js https://apis.google.com https://d2r1yp2w7bby2u.cloudfront.net/js/a.js https://cdn.ampproject.org *.gstatic.com  https://builder-assets.unbounce.com/published-js/ https://ajax.googleapis.com https://myfaqprime.appspot.com https://gradeup-assets.grdp.co https://www.google-analytics.com https://www.googletagmanager.com https://ajax.cloudflare.com  https://wzrkt.com https://tr.outbrain.com https://maps.googleapis.com https://cdn.mouseflow.com https://googleads.g.doubleclick.net *.googleadservices.com https://wzrkt.com https://www.youtube.com https://checkout.razorpay.com/v1/checkout.js; manifest-src 'self' blob: data: https://byjusexamprep.com; report-uri https://sentry.byjusexamprep.com/api/26/security/?sentry_key=e3c3abaf223b441c8dd91fdc48764d72 2
default-src 'self' www.microsoft.com; script-src 'self' www.microsoft.com js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms 'unsafe-inline' snap.licdn.com www.clarity.ms *.google.com www.gstatic.com 204-kzg-685.mktoweb.com bat.bing.com; style-src 'self' www.microsoft.com 'unsafe-inline' 204-kzg-685.mktoweb.com; font-src 'self' c.s-microsoft.com www.microsoft.com data:; img-src 'self' data: img-prod-cms-rt-microsoft-com.akamaized.net googleads.g.doubleclick.net www.facebook.com px.ads.linkedin.com *.google.com *.google.co * dev-about.ads.microsoft.com qa-about.ads.microsoft.com about.ads.microsoft.com; connect-src 'self' js.monitor.azure.com assets.adobedtm.com wcpstatic.microsoft.com mem.gfx.ms px.ads.linkedin.com mscom.demdex.net browser.events.data.microsoft.com d.clarity.ms target.microsoft.com dpm.demdex.net *.clarity.ms/collect bat.bing.com dev-about.ads.microsoft.com qa-about.ads.microsoft.com about-uat.ads.microsoft.com beta-about.ads.microsoft.com about.ads.microsoft.com; frame-src 'self' *.google.com * 204-kzg-685.mktoweb.com www.microsoft.com; 2
frame-ancestors 'self' https://www.carmudi.com.ph https://uat.carmudi.com.ph https://uat1.carmudi.com.ph 2
child-src 'self' *.eu.qualtrics.com *.legalandgeneral.com *.everesttech.net *.lgim.com *.boldchat.com *.demdex.net *.g.doubleclick.net *.brighttalk.com *.theidolprod.com *.landginvestments.com view.ceros.com apps.euw2.pure.cloud flo.uri.sh nr1.s3.amazonaws.com embeds.audioboom.com www.google.com aax-eu.amazon-adsystem.com 11594483.fls.doubleclick.net 4918313.fls.doubleclick.net 5z4kxmbpt3zylymtu.helpcenter.uwassist.com 6165515.fls.doubleclick.net 7rm60022.ibosscloud.com 9797771.fls.doubleclick.net 9797771.fls.doubleclick.net.x.aec9d37d03ffa0431a09ca80b9876705d3c8.d045239c.id.opendns.com 9797771.fls.doubleclick.net.x.f523c93f0a69604355083bc0a81abbf27ed1.d045239c.id.opendns.com accounts.google.com acestream.me api.nakarta.com auth.filteredinternet.co.uk auth.iws-hybrid.trendmicro.com az416426.vo.msecnd.net blipznchitzcom-a.akamaihd.net blob: bot.ebilobster.ai block.opendns.com butoembed.twentythree.net candysodapopcom-a.akamaihd.net cdncache-a.akamaihd.net checkpoint.tpt.org cn-1998263966-7vnsr30171.ibosscloud.com cn-1998264190-7vnsr30028.ibosscloud.com cn-1998264264-7vnsr40033.ibosscloud.com compare.defaqto.com connect.facebook.net crushclanscom-a.akamaihd.net data: edge.addthis.com embed.buto.tv embed.wirewax.com ernie.midlothian.gov.uk:15871 filter.techloq.com gateway.zscaler.net gateway.zscalerone.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net go.skimresources.com grpfpgw01.group.local:15871 hdapp1008-a.akamaihd.net hhwssac.healthcareath.local images-static.trustpilot.com landg.nanorep.co lgim.turtl.co lgim.videomarketingplatform.co lifesearch.co.uk localhost:6543 login.microsoftonline.com login.zscalertwo.net login.zscloud.net mail.google.com mh-bir-mgmt101 mozbar.moz.com notify.bluecoat.com o.yieldsquare.com oakfppr01 omny.fm pa.eshapay.net player.videosmart.com pp.ephapay.net pp.eshapay.net pwm-image.trendmicro.com reassured-ltd-dev.onelogin.com rm40954.ibosscloud.com rm40962.ibosscloud.com rm40966.ibosscloud.com rm40977.ibosscloud.com rocket.theregisschool.co.uk s7.addthis.com saml.threatpulse.net:8443 schools-blocked.s3-website-us-east-1.amazonaws.com secure.mycouponizemac.com secure.myshopcouponmac.com secure.optibuymac.com secure5.arcot.com service.securesrv12.com skytraf.xyz sophosxg.equinox.co.uk:8090 sts.global.tesco.org sts.morrisonus.com sts.royalmailgroup.net subwayclanscom-a.akamaihd.net tool-bcg.bwe.io useast2-www.securly.com usercheck.themovefactory.com uwf.demo.upstreamworks.com uwfbankm.demo.upstreamworks.com webui.dashlane.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.calculateyourchances.com www.facebook.com www.houzz.com www.open.edu www.podbean.com www.youtube.com www.youtube.com.x.6449e3e00100204968084550e30d871835ad.d045227c.id.opendns.com www.youtube.com.x.7bfd31dc044f3047e60a8db015534ad35762.d045227d.id.opendns.com yournews-legalandgeneral.com zswpmanager.wip.mmc.com www.everestjs.net lgima.filepoint.live embeds.audioboom.com player.vimeo.com; connect-src 'self' *.infinity-tracking.com *.infinity-tracking.net *.bold360usercontent.com *.console.glassboxsaas.com *.report.gbss.io *.tealiumiq.com *.sgwidget.com *.recipelondon.co.uk *.crownpeak.net *.nanorep.com *.landg.com *.lgim.com *.boldchat.com *.demdex.net *.everesttech.net *.legalandgeneral.com *.sessioncam.com *.g.doubleclick.net *.googleapis.com *.tt.omtrdc.net wss://webmessaging.euw2.pure.cloud api.euw2.pure.cloud api.shelf-eu.com api-cdn.euw2.pure.cloud brochure-tool.huguenots.co.uk widgets-lgim.huguenots.co.uk incomestandards-api-prod.azurewebsites.net yournews-legalandgeneral.com 1637314617.rsc.cdn77.org 1986635568.rsc.cdn77.org ad.doubleclick.net ads34.adlane.info adservice.google.com am-uk.sophus3.com api.addressy.com api.ip6.org.il api.pokuponik.net api.trongrid.io api.tronstack.io b.1p1eqpotato.com backoffice.abaka.me base3-sv.tribal-enjoy.com bat.bing.com bf21791iym.bf.dynatrace.com blob: block.opendns.com bot.ebilobster.ai catds.net cdn.aframe.io cdncache-a.akamaihd.net cdnjs.cloudflare.com cdn-ukwest.onetrust.com clipsold.com code.jquery.com customer.iad-03.braze.com dasfelynsaterr.webcam data: dc.services.visualstudio.com dpdb.webvr.rocks eu-ec.walkme.com floatingplayer.com gateway.zscloud.net gb.api4load.net gjtrack.ucweb.com hm.baidu.com ka-f.fontawesome.com labs.observepoint.com lawiersenadrey.webcam legalandgeneral.report-uri.com localhost:3000 luxins.net m.addthis.com m65.prod2016.com mcid-0ac271e4-b1ad-4312-a8f4-776fbc9c2cd7.ep-mimecast.doubleclick.net mcid-f5ea55f2-57aa-4c38-8e4d-d04af422d7f4.ep-mimecast.doubleclick.net metriq.xyz new229.com njs.wigoal.com performance.observepoint.com plugin.ucads.ucweb.com privacyportal-uk.onetrust.com qfafcffge3.execute-api.eu-west-2.amazonaws.com s.yimg.com s3-eu-west-1.amazonaws.com s7.addthis.com sample-api-v2.crazyegg.com savingsslider-a.akamaihd.net siteintercept.qualtrics.com steganos-api.ciuvo.com subwayblaze.com subwayclanscom-a.akamaihd.net subwaysmash.com sun.tronex.io surfly.com t.co t.skimresources.com usemarketings.com uwf.demo.upstreamworks.com widget.trustpilot.com ws://localhost:22174 wss://gc.kis.v2.scr.kaspersky-labs.com wss://websocket-eu.bold360.com www.bing.com www.cgtforms.com www.facebook.com www.google.com www.google-analytics.com www.googletagmanager.com you.caresourcer.com landg.nanorep.co api.ebiai.app messenger.ebiai.app; default-src 'unsafe-inline' 'self' *.netlify.app *.recipelondon.co.uk *.eu.qualtrics.com *.boldchat.com *.g.doubleclick.net *.google-analytics.com *.brighttalk.com *.everesttech.net *.googleapis.com *.landg.com *.legalandgeneral.com *.lgim.com *.sessioncam.com *.tt.omtrdc.net cdn.jsdelivr.net 4918313.fls.doubleclick.net 6165515.fls.doubleclick.net 9797771.fls.doubleclick.net aa.agkn.com aax-eu.amazon-adsystem.com abp.smartadcheck.de ad.doubleclick.net ad.sxp.smartclip.net ads.avct.cloud ads.avocet.io ads.stickyadstv.com adservice.google.co.uk adservice.google.com am-uk.sophus3.com analytics.twitter.com api.addressy.com app-static.turtl.co assets.adobedtm.com assets.quadpay.com assets.turtl.co at.alicdn.com autroliner.com az416426.vo.msecnd.net backoffice.abaka.me bat.bing.com beacon.krxd.net blinkjork.com blob: block.opendns.com bot.abaka.me bot.ebilobster.ai boxclone.com bppmdmxgsg.execute-api.eu-west-1.amazonaws.com brigstoneapp.com butoembed.twentythree.net cdn.botframework.com cdn.faceworks.nl cdn.honey.io cdn.mark.reevoo.com cdn.megabonus.com cdn.scite.ai cdnjs.cloudflare.com cdn-ukwest.onetrust.com ce.lijit.com cgtforms.com chrome-extension cilkonlay.com cm.adform.net cm3.adform.net code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com compare.defaqto.com connect.facebook.net cs.adingo.jp customer.iad-03.braze.com cx.atdmt.com d.agkn.com d2oh4tlt9mrke9.cloudfront.net d3c3cq33003psk.cloudfront.net data: dc.services.visualstudio.com *.episerver.net dsum-sec.casalemedia.com e1.emxdgt.com eb2.3lift.com embed.buto.tv embed.caresourcer.com eu-u.openx.net fonts.gstatic.com fra1.qualtrics.com fuhupo.lohuwomenu.com g.microsoft.com gateway.zscloud.net gc.kis.v2.scr.kaspersky-labs.com github.com gohimu.kawebezija.com goldapps.org gsa://onpageload https://*.demdex.net hublosk.com i.liadm.com i6.liadm.com ib.adnxs.com ice.360yield.com icelandsue.com id5-sync.com idsync.reson8.com idsync.rlcdn.com ih.adscale.de images-static.trustpilot.com img.youtube.com jp-u.openx.net jullyambery.net ka-f.fontawesome.com kellysford.com killssource.com kit.fontawesome.com kit-free.fontawesome.com lagrtest.112.2o7.net landg.nanorep.co lgim.turtl.co lgim.videomarketingplatform.co loadm.exelator.com loadus.exelator.com localhost:3000 login.microsoftonline.com login.zscloud.net m.addthis.com mark.reevoo.com match.adsrvr.org mawisa.botateyime.com maxcdn.bootstrapcdn.com metrics.responsetap.com mikkiload.com mp.4dex.io mwzeom.zeotap.com nickletto.com noop.style nr1.s3.amazonaws.com nr-customers.s3.amazonaws.com null omny.fm onetag-sys.com p.adsymptotic.com p.typekit.net pi.pardot.com pippio.com pixel.advertising.com pixel.mathtag.com pixel.rubiconproject.com pixel.tapad.com player.videosmart.com polinaryapp.com pouch-global-font-assets.s3.eu-central-1.amazonaws.com pp.ephapay.net privacyportal-uk.onetrust.com pwm-image.trendmicro.com px.ads.linkedin.com px4.ads.linkedin.com qfafcffge3.execute-api.eu-west-2.amazonaws.com rtb.gumgum.com rtb.vidoomy.com rtb-csync.smartadserver.com s.ad.smaato.net s.btstatic.com s.yimg.com s3.amazonaws.com s3.eu-west-2.amazonaws.com s7.addthis.com scripts.sophus3.com secure.adnxs.com simage2.pubmatic.com singlactive.com siteintercept.qualtrics.com snap.licdn.com sp.analytics.yahoo.com stags.bluekai.com static.ads-twitter.com static2.sharepointonline.com static3.avast.com static-ssl.responsetap.com su.addthis.com sync.admanmedia.com sync.crwdcntrl.net sync.go.sonobi.com sync.lemmatechnologies.com sync.mathtag.com sync.search.spotxchange.com sync-eu.connectad.io t.co t.visx.net themes.googleusercontent.com thrtle.com trableflick.com track.adform.net track.omguk.com tracksmall.com translate.googleapis.com typesample.com uip.semasio.net uipglob.semasio.net unpkg.com ups.analytics.yahoo.com use.fontawesome.com use.typekit.net us-u.openx.net v1.addthisedge.com webfonts.zohostatic.com websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk wss://websocket-eu.bold360.com www.atdmt.com www.calculateyourchances.com www.caresourcer.com www.ciuvo.com www.clearplay.com www.everestjs.net www.facebook.com www.google.co.uk www.google.com www.googleadservices.com www.googletagmanager.com www.linkedin.com www.miaprova.com www.nectar.com www.podbean.com www.slant.co www.topcashback.co.uk www.typesample.com www.youtube.com x.bidswitch.net you.caresourcer.com z.moatads.com; form-action 'self' *.lgim.com *.crownpeak.com *.eu.qualtrics.com bpb.opendns.com connect.facebook.net connect.secure.wellsfargo.com data: identity.landg.com landg.nanorep.co livechat-eu.boldchat.com myaccount.landg.com nr1.s3.amazonaws.com retirements.landg.com sitesearch.legalandgeneral.com sitesearch.legalandgeneral.com.x.0c40fd7205db604fad082c00c03b6e6091fa.d045227c.id.opendns.com sitesearch.legalandgeneral.com.x.3b196ca9077b9049240bee2042ebfaa06335.d045227d.id.opendns.com watermelonsurveys.com www.facebook.com www10.landg.com; frame-ancestors 'self' *.legalandgeneral.com *.legalandgeneralre.com *.lgima.com *.longevitypanel.co.uk; img-src 'self' data: https: blob:; manifest-src 'self'; media-src 'self' data: https:; object-src data: 'self' 'unsafe-inline' *.brighttalk.com yournews-legalandgeneral.com; script-src *.lgim.netlify.huguenots.co.uk *.infinity-tracking.com *.infinity-tracking.net *.boldchat.com *.brighttalk.com *.crownpeak.com *.ep-mimecast.googleadservices.com *.everesttech.net *.google-analytics.com *.googleapis.com *.gstatic.com *.id.opendns.com *.legalandgeneral.com *.lgim.com *.qualtrics.com *.recipelondon.co.uk *.sessioncam.com *.sgwidget.com *.tt.omtrdc.net *.tealiumiq.com *.gbqofs.com *.landginvestments.com cdn.jsdelivr.net view.ceros.com apps.euw2.pure.cloud public.flourish.studio am-uk.sophus3.com analytics.twitter.com assets.adobedtm.com az416426.vo.msecnd.net bat.bing.com bot.ebilobster.ai blob: cdnjs.cloudflare.com cdn-ukwest.onetrust.com cgtforms.com code.jquery.com collector-5357.tvsquared.com collector-6040.tvsquared.com connect.facebook.net cookie-cdn.cookiepro.com d2oh4tlt9mrke9.cloudfront.net d32rf3z04esc6j.cloudfront.net d3c3cq33003psk.cloudfront.net data: *.episerver.net embed.caresourcer.com g.microsoft.com gateway.zscaler.net gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net googleads.g.doubleclick.net googletagmanager.com js.buto.tv js-cdn.dynatrace.com landg.nanorep.co login.zscloud.net mark.reevoo.com mcid-019e7840-618c-457e-a849-9a30ac859267.ep-mimecast.facebook.net mcid-121966df-4958-44b7-bdb2-eaf7495aa328.ep-mimecast.licdn.com mcid-16e9e470-bffa-4bda-ac78-44195b66767b.ep-mimecast.ads-twitter.com mcid-1976a623-6682-4713-baed-2c6f37db1ab5.ep-mimecast.omguk.com mcid-26d71e74-3d79-4f8c-8971-257a1b849987.ep-mimecast.yahoo.com mcid-28deceea-6370-4ebc-9148-13911797af60.ep-mimecast.yahoo.com mcid-29a6bb62-bc5a-498b-a38b-593223170ed2.ep-mimecast.facebook.net mcid-36c18f8a-e64f-4fc4-86db-140aceed9c8e.ep-mimecast.twitter.com mcid-553b692d-9067-4272-b990-8ea8cc32f877.ep-mimecast.facebook.net mcid-5cc076b2-622e-4661-9626-a5754ea24680.ep-mimecast.ads-twitter.com mcid-5f164421-199b-4745-9fa1-4e4e205e682d.ep-mimecast.yahoo.com mcid-6477d951-4ea1-49ca-98c3-9f252dbc1833.ep-mimecast.licdn.com mcid-679f2ff6-ecf8-4f58-bfca-1dc501b19238.ep-mimecast.omguk.com mcid-69d81405-2fd9-49ed-befb-becf1583331a.ep-mimecast.yahoo.com mcid-731b479d-c90c-4b45-8cdc-f81ed387b7c6.ep-mimecast.facebook.net mcid-7d5144a5-b5c0-477f-a08c-22e687a39e2e.ep-mimecast.twitter.com mcid-8722c1df-d8fc-4d3e-8fbf-16314344b30c.ep-mimecast.licdn.com mcid-8a5dc1e3-8fe7-44f8-85cc-223f23be4a84.ep-mimecast.yahoo.com mcid-8ea90f5e-acce-4c10-ab7e-34a2e1e1a149.ep-mimecast.yahoo.com mcid-9892198a-748e-4255-9dff-5d0c822dc6d3.ep-mimecast.ads-twitter.com mcid-99c84166-89d1-4d15-9f9b-d2d7892e25bd.ep-mimecast.licdn.com mcid-9e39af0e-6e5b-42f2-aa14-41109590b4c2.ep-mimecast.licdn.com mcid-a3a8355f-f1c9-4420-9d75-0277324af800.ep-mimecast.ads-twitter.com mcid-c5f55808-ef87-448e-b4fe-67485b672ba4.ep-mimecast.yahoo.com mcid-d5aed1ce-58dc-4759-9b4b-82850797592e.ep-mimecast.facebook.net mcid-dbae6fe0-9ce4-4603-ba5c-d48ffd6196bf.ep-mimecast.yahoo.com mcid-e435a0c4-c921-433d-9d1a-5e48e73655d8.ep-mimecast.facebook.net mcid-ed66c754-edc3-4d70-972b-b3acd565858e.ep-mimecast.licdn.com mcid-f0018d13-1521-4461-8af1-96e3dc39d741.ep-mimecast.licdn.com mcid-f59a4106-e508-4f24-925d-3d8fca127f59.ep-mimecast.twitter.com metrics.responsetap.com mobile.twitter.com pi.pardot.com player.videosmart.com s.btstatic.com s.yimg.com scripts.sophus3.com 'self' snap.licdn.com sp.analytics.yahoo.com static.ads-twitter.com static-ssl.responsetap.com tags.tiqcdn.com track.omguk.com translate.google.com twitter.com ucads-cdn.ucweb.com 'unsafe-eval' 'unsafe-inline' websites.cdn.getfeedback.com widget.trustpilot.com widgets-lgim.huguenots.co.uk www.everestjs.net www.google.co.uk www.google.com www.google.com.au www.googleadservices.com www.googleadservices.com.x.c27180fd0f15504886087fb0e004caf0c09f.9270fc42.id.opendns.com www.googletagmanager.com www.youtube.com yournews-legalandgeneral.com *.lgima.com api.ebiai.app messenger.ebiai.app d2hkbi3gan6yg6.cloudfront.net; report-uri https://legalandgeneral.report-uri.com/r/t/csp/enforce 2
frame-ancestors 'self' http://webvisor.com; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.xpressbet.com *.xpressbetonline.com *.xb-online.com *.youtube.com *.kaltura.com *.paysafecard.com *.facebook.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.typekit.net *.livehelpnow.net *.xbselect.com *.redditstatic.com *.twitter.com *.polyfill.io *.paypal.com *.optimove.net *.radar.com *.plaid.com *.braintreegateway.com wss:; img-src * data:; font-src *; script-src * 'unsafe-inline' bat.bing.com/bat.js; style-src * 'unsafe-inline'; media-src * blob:; worker-src * blob 2
frame-ancestors 'self' https://flex.twilio.com 2
default-src 'self' http: https: blob: ws:  https://cdn.proactiveinvestors.com use.typekit.net wpstream.net www.google-analytics.com fonts.googleapis.com fonts.gstatic.com s.w.org;; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https: https://cdn.proactiveinvestors.com https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://securepubads.g.doubleclick.net https://ml314.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'   http: https: data: https://cdn.proactiveinvestors.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: https://cdn.proactiveinvestors.com blob: filesystem:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://cdn.proactiveinvestors.com https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-src 'self' http: https: www.youtube-nocookie.com youtube-nocookie.com youtube.com vimeo.com; 2
frame-ancestors 'self' https://rewarding.wind.it https://grandecinema3.tre.it https://www.grandecinema3.it; 2
default-src 'self' kik.app.baqend.com blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.google.de cdn.jsdelivr.net *.online-metrix.net *.trbo.com *.unzer.com cdnjs.cloudflare.com paypalobjects.com *.magnolia-platform.com bat.bing.com googleads.g.doubleclick.net *.mouseflow.com *.trustedshops.com dc.cux.io blob: d2bgdldl6xit7z.cloudfront.net *.google.com *.google.at *.google.pl dashboard.trustprofile.com kik.app.baqend.com *.visualwebsiteoptimizer.com app.vwo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.luigisbox.com *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net *.trbo.com *.unzer.com cdnjs.cloudflare.com paypalobjects.com *.mouseflow.com dc.cux.io *.trustedshops.com blob: *.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.de *.google.at *.google.pl kik.app.baqend.com 'self' *.visualwebsiteoptimizer.com app.vwo.com; object-src 'self' blob:; style-src 'self' *.luigisbox.com 'unsafe-inline' *.magnolia-platform.com d2bgdldl6xit7z.cloudfront.net *.googletagmanager.com tagmanager.google.com fonts.googleapis.com kik.app.baqend.com *.visualwebsiteoptimizer.com app.vwo.com; base-uri 'self'; connect-src 'self' *.luigisbox.com *.usercentrics.eu *.google-analytics.com *.googletagmanager.com *.doubleclick.net api.phrase.com d2bgdldl6xit7z.cloudfront.net blob: *.unzer.com *.magnolia-platform.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.trbo.com *.mouseflow.com wss://n-77265177-0-20953900-1700486303-655b5c9f332a0.track.cux.io wss://o-77265177-0-20953900-1700486303-655b5c9f332a0.track.cux.io *.trustedshops.com *.etrusted.com *.trustbadge.com *.analytics.google.com *.google.com *.google.de *.google.at *.google.pl kik.app.baqend.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.magnolia-platform.com *.mouseflow.com dashboard.trustprofile.com kik.app.baqend.com; child-src *.mouseflow.com *.trustedshops.com kik.app.baqend.com; frame-src 'self' *.usercentrics.eu *.trbo.com *.unzer.com *.mouseflow.com dashboard.trustprofile.com *.doubleclick.net parcelshop.dhl.pl *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'self' *.magnolia-platform.com app.cux.io; img-src 'self' data: *.usercentrics.eu *.luigisbox.com *.kik.de *.kik.at *.kik.pl *.kik.nl *.kik.cz *.kik.it *.kik.es *.kik-textilien.sk *.kik.hu *.kik.sl *.kik.hr *.kik.ro *.kik-shop.bg *.kik.pt *.trbo.com *.unzer.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.magnolia-platform.com *.wt-eu02.net bat.bing.com *.google.com *.google.de *.google.at *.google.pl static.phrase.com *.mouseflow.com *.trustedshops.com *.gstatic.com *.myracloud.com dashboard.trustprofile.com commission.europa.eu kik.app.baqend.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com; manifest-src 'self' kik.app.baqend.com; media-src 'self' *.magnolia-platform.com; worker-src 'self' blob: 2
frame-ancestors 'self' https://*.cornerstoneondemand.com https://csod-studio.vercel.app https://*.csod-preview.com;upgrade-insecure-requests;default-src 'self' https://*.cornerstoneondemand.com;connect-src *;font-src *;form-action *;frame-src *;img-src * data:;manifest-src * 'unsafe-inline';media-src *;object-src *;script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';worker-src * blob: 2
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.com; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info t.a3cloud.net ib.adnxs.com auth.airnewzealand.co.nz auth.airnewzealand.com ssl.google-analytics.com cdnjs.cloudflare.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' p-airnz.com video.cdnvue.com ; frame-src 'self' *.google.com auth.identity.airnewzealand.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com sec.windcave.com uat.windcave.com forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html www.airnewzealand.co.nz/payment/scripts/done.html oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.com identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'self'; report-uri /csp-report 2
frame-ancestors lincolnelectric.com *.lincolnelectric.com harrisproductsgroup.com *.harrisproductsgroup.com;  form-action 'self' *.lincolnelectric.com; 2
default-src 'self' blob: house-fastly-signed-eu-west-1-prod.brightcovecdn.com manifest.prod.boltdns.net *//manifest.prod.boltdns.net *.cookielaw.org cdn.cookielaw.org *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com googleapis.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com www.google-analytics.com fonts.googleapis.com fonts.gstatic.com arg.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com stats.g.doubleclick.net vjs.zencdn.net sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com ; img-src 'self' 'unsafe-inline' * data: www.w3.org manifest.prod.boltdns.net players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com arg.tools.investis.com snap.licdn.com staticcontents.investisdigital.com staticcontents.investis.com; frame-src 'self' atkinsrealis.com http://www.atkinsrealis.com/ *.atkinsrealis.com ir.connectidfeed.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.flockler.com *.doubleclick.net *.doubleclick.net players.brightcove.net www.google.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com bcove.video cloud.3dissue.com lavalab-montreal.netlify.app ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticzone.idigitalcontents.com flockler.com *.investisdigital.com *.flockler.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com staticcontents.investisdigital.com staticcontents.investis.com ; font-src 'self' 'unsafe-inline' * data: vjs.zencdn.net fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com preview-experiences.brightcove.net connect.facebook.net staticzone.idigitalcontents.com manifest.prod.boltdns.net 'unsafe-eval' blob: *.investisdigital.com *.jquery.com flockler.com *.flockler.com arg.investisdigital.net www.google.com www.gstatic.com maps.google.com maps.googleapis.com googleapis.com *.googleapis.com *.cookielaw.org cdn.cookielaw.org *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com viz.tools.investis.com otp.tools.investis.com irs.tools.investis.com players.brightcove.net edge.api.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.com arg.investis.com arg.tools.investis.com snap.licdn.com www.youtube.com staticcontents.investisdigital.com staticcontents.investis.com vjs.zencdn.net secure.brightcove.com f1.cf.brightcove.com f1.media.brightcove.com sc.lfeeder.com *.execute-api.eu-west-1.amazonaws.com ;connect-src 'self' *.linkedin.com region1.google-analytics.com staticzone.idigitalcontents.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.hs.llnwd.net *.google.com cdn.linkedin.oribi.io *.analytics.google.com *.google-analytics.com *.google.com *.investisdigital.com *.investis.com *.linkedin.oribi.io arg.tools.investis.com manifest.prod.boltdns.net maps.google.com gallery-metrics.api.brightcove.com flockler.com *.flockler.com privacyportal-de.onetrust.com *.cookielaw.org cdn.cookielaw.org www.googleadservices.com www.google-analytics.com maps.googleapis.com googleapis.com *.googleapis.com players.brightcove.net edge.api.brightcove.com f1.media.brightcove.com stats.g.doubleclick.net secure.brightcove.com f1.cf.brightcove.com *.execute-api.eu-west-1.amazonaws.com manifest.prod.boltdns.net;base-uri 'self'; form-action 'self' 2
base-uri 'none'; frame-ancestors 'none'; object-src 'none'; 2
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data:;font-src 'self' data: https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:* https://maxcdn.bootstrapcdn.com:*;upgrade-insecure-requests;block-all-mixed-content;manifest-src 'self';object-src 'none'; 2
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 2
frame-ancestors 'self' https://next.brella.io/ https://taikalyhty.shapespark.com/;            script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mktdplp102cdn.azureedge.net/ https://*.dynamics.com https://tietoevry-ext.boost.ai/                        https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://code.jquery.com/ https://maxcdn.bootstrapcdn.com/ https://s.usea01.idio.episerver.net/                        https://cdnjs.cloudflare.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://sc.lfeeder.com/ https://connect.facebook.net/                        https://acdn.adnxs.com/ https://cdn.mookie1.com/ https://tietoevry.piwik.pro/ https://ajax.googleapis.com/ https://angular-ui.github.io/                        https://netdna.bootstrapcdn.com/ https://az416426.vo.msecnd.net/ https://www.youtube.com/ https://dl.episerver.net/ https://www.gstatic.com                        https://www.google.com/recaptcha/api.js https://www.googleadservices.com https://player.vimeo.com https://plugins.flockler.com;           frame-src 'self' https://www.googletagmanager.com https://qfx.tools.investis.com https://viz.tools.investis.com https://irs.tools.investis.com                        https://tietoevry.dfs.investis.com https://tools.eurolandir.com https://open.spotify.com https://tools.euroland.com https://maps.google.com                       https://www.google.com https://*.svc.dynamics.com https://www.youtube.com/ https://brand.tietoevry.com/;           object-src 'none' 2
frame-ancestors 'self' localhost:* *.helios.bethss.com helios.bethss.com adobe.com 2
default-src 'self' *.d41.co *.imirwin.com px.ads.linkedin.com geo.privacymanager.io cdn.linkedin.oribi.io cdn.cookielaw.org cdn.linkedin.oribi.io *.demandbase.com api.company-target.com geolocation.onetrust.com adservice.google.com www.clarity.ms stats.g.doubleclick.net bam.nr-data.net *.anura.io script.anura.io ads.anura.io www.google-analytics.com *.hotjar.io *.hotjar.com wss://*.hotjar.com www.youtube.com viz.tools.investis.com edge.api.brightcove.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net www.facebook.com lpcdn.lpsnmedia.net ka-f.fontawesome.com ka-p.fontawesome.com *.d41.co; img-src 'self' t.co c.bing.com segments.company-target.com di.rlcdn.com id.rlcdn.com c.clarity.ms px4.ads.linkedin.com p.adsymptotic.com tracking.selective.com www.youtube.com p.adsymptotic.com www.linkedin.com viz.tools.investis.com *.gstatic.com tagmanager.google.com cdn.cookielaw.org www.googletagmanager.com i.ytimg.com www.google-analytics.com stats.g.doubleclick.net www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com analytics.twitter.com lpcdn.lpsnmedia.net www.rumiview.com; frame-src 'self' i.ytimg.com www.youtube.com *.company-target.com view.ceros.com view.ceros.com www.facebook.com www.google.com player.vimeo.com otp.tools.investis.com irs.tools.investis.com www.youtube.com *.hotjar.com gum.criteo.com lpcdn.lpsnmedia.net bid.g.doubleclick.net td.doubleclick.net va-s.c.liveperson.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://www.google-analytics.com www.youtube.com tagmanager.google.com fonts.googleapis.com ka-f.fontawesome.com viz.tools.investis.com use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; font-src 'self' tagmanager.google.com viz.tools.investis.com fonts.gstatic.com ka-f.fontawesome.com ka-p.fontawesome.com fonts.googleapis.com  use.typekit.net kit.fontawesome.com p.typekit.net kit-free.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' launchpad.privacymanager.io ats-wrapper.privacymanager.io launchpad-wrapper.privacymanager.io *.imirwin.com view.ceros.com static.ads-twitter.com view.ceros.com *.d41.co ats.rlcdn.com tag.demandbase.com www.youtube.com www.gstatic.com www.google.com bam.nr-data.net js-agent.newrelic.com tagmanager.google.com www.googleadservices.com *.googleapis.com cdn.jsdelivr.net script.anura.io www.google-analytics.com viz.tools.investis.com *.hotjar.com www.googletagmanager.com www.youtube.com s.ytimg.com cdnjs.cloudflare.com use.typekit.net kit.fontawesome.com p.typekit.net tag.simpli.fi i.simpli.fi ajax.googleapis.com snap.licdn.com googleads.g.doubleclick.net lptag.liveperson.net connect.facebook.net assets.adobedtm.com static.criteo.net sslwidget.criteo.com accdn.lpsnmedia.net accdn.lpsnmedia.net va.v.liveperson.net widget.us.criteo.com lpcdn.lpsnmedia.net www.rumiview.com otp.tools.investis.com img.en25.com www.clarity.ms analytics.twitter.com cdn.cookielaw.org; 2
frame-ancestors 'self' http://webvisor.com https://docs.ispsystem.ru https://docs.ispsystem.com https://www.ispmanager.com 2
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src 'none'; child-src https: data: blob:; form-action https:; frame-ancestors 'self'; 2
default-src 'self' mychart.org *.mychart.org;        script-src 'self' mychart.org *.mychart.org 'unsafe-inline' 'unsafe-eval' stats-test.epic.com stats.epic.com;        connect-src 'self' mychart.org *.mychart.org stats-test.epic.com stats.epic.com;        style-src 'self' mychart.org *.mychart.org fonts.googleapis.com 'unsafe-inline';        font-src 'self' mychart.org *.mychart.org fonts.gstatic.com;        img-src 'self' mychart.org *.mychart.org i.ytimg.com ichart2.epic.com data: stats-test.epic.com stats.epic.com epicpublicsitesqa.blob.core.windows.net epicpublicsitesstg.blob.core.windows.net media.epic.com;        media-src 'self' mychart.org *.mychart.org cdn.epic.com;        frame-src 'self' mychart.org *.mychart.org www.youtube-nocookie.com mychartvideo-dev.azurewebsites.net patientexperiencevideoplayer.epic.com; 2
frame-ancestors 'self' .clasquin.com *..clasquin.com* 2
frame-ancestors https://*.citi.com https://*.citigroup.net https://*.nsroot.net 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' app.koofr.net; navigate-to 'self' app.koofr.net; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' mc.yandex.ru yastatic.net cdnjs.cloudflare.com informer.yandex.ru *.75.ru *.gosuslugi.ru *.e-zab.ru *.xn--80apaohbc3aw9e.xn--p1ai xn--80apaohbc3aw9e.xn--p1ai unpkg.com vashkontrol.ru img.icons8.com app-dev.xn--80apaohbc3aw9e.xn--p1ai ervk.gov.ru forms.yandex.ru ajax.googleapis.com rutube.ru youtube.com www.youtube.com knd.gov.ru *.yandex.ru *.yandex.net yandex.ru culturaltracking.ru data: blob:;, img-src 'self' *.75.ru *.gosuslugi.ru informer.yandex.ru vashkontrol.ru xn--80apaohbc3aw9e.xn--p1ai img.icons8.com app-dev.xn--80apaohbc3aw9e.xn--p1ai *.yandex.ru *.yandex.net yandex.ru culturaltracking.ru data:;, font-src 'self' *.gosuslugi.ru *.75.ru *.xn--80apaohbc3aw9e.xn--p1ai data:;, style-src 'self' 'unsafe-inline' vashkontrol.ru cdnjs.cloudflare.com xn--80apaohbc3aw9e.xn--p1ai pos.gosuslugi.ru;, script-src 'self' 'unsafe-inline' 'unsafe-eval'  mc.yandex.ru *.gosuslugi.ru unpkg.com yastatic.net vashkontrol.ru xn--80apaohbc3aw9e.xn--p1ai *.75.ru ajax.googleapis.com *.yandex.ru *.yandex.net culturaltracking.ru blob:;, connect-src 'self' mc.yandex.ru informer.yandex.ru *.75.ru *.gosuslugi.ru *.e-zab.ru *.xn--80apaohbc3aw9e.xn--p1ai *.xn--80apaohbc3aw9e.xn--p1ai app-dev.xn--80apaohbc3aw9e.xn--p1ai ervk.gov.ru forms.yandex.ru rutube.ru youtube.com www.youtube.com knd.gov.ru;, frame-ancestors 'self' 2
frame-ancestors 'none'; form-action 'self'; base-uri 'self' 2
default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self'  *.addthis.com *.clarity.ms *.cookielaw.org *.doubleverify.com *.evergage.com *.g.doubleclick.net *.google-analytics.com *.google.com *.hs-banner.com *.hsforms.com *.hscollectedforms.net *.hubspot.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.teamusa.org ad.doubleclick.net analytics.tiktok.com api.airbrake.io attestation.android.com bcbolt446c5271-a.akamaihd.net cdn.jsdelivr.net cdn.linkedin.oribi.io csi.gstatic.com csp.withgoogle.com dw5zrj66pk.execute-api.us-east-1.amazonaws.com d.agkn.com edge.api.brightcove.com failover-k8s-widgets.sports.gracenote.com gtm-w82hjxd-otazy.uc.r.appspot.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io ogdemo-api.sports.gracenote.com og2022-api.sports.gracenote.com og2020-api.sports.gracenote.com og2024-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com px.ads.linkedin.com region1.analytics.google.com rum-collector-2.pingdom.net sdk.classy.org siteintercept.qualtrics.com sportapi-widgets.sports.gracenote.com sportapi.widgets.sports.gracenote.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ usopc.tfaforms.net widgets.sports.gracenote.com widgetfailover.sports.gracenote.com ws://*.teamusadev.com:24678/ ws://*.usopcdev.com:24678/ ws://localhost:24678/ ws://*.teamusadev.com:24678/ ws://*.usopcdev.com:24678/ www.facebook.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data://* data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' *.twitter.com analytics.clickdimensions.com bbox.blackbaudhosting.com feedback.teamusa.org form.usoc.org la28.qualtrics.com link.teamusa.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-src 'self' *.addthis.com *.emailmeform.com *.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.hsforms.com *.hsforms.net *.hubspot.com *.safeframe.googlesyndication.com *.sport80.com *.teamusa.com *.teamusadev.com *.teamusadev.com:3000 *.tiktok.com *.tourneymachine.com *.ttwstatic.com *.twitter.com *.usopc.org *.usopcdev.org *.wufoo.com abc11.com anchor.fm app-ab22.marketo.com archivist.teamusa.org bbox.blackbaudhosting.com c.streamhoster.com cdn.flipsnack.com console.googletagservices.com content.usawmembership.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com www.googleadservices.com geosnapshot.com giphy.com imasdk.googleapis.com indd.adobe.com judoreferee.com kingsumo.com livestream.com la28.qualtrics.com mdm-iframe.teamusa.com online.anyflip.com photos.pixlee.co player.vimeo.com players.brightcove.net public.tableau.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm snapwidget.com stage-schedules.nbcolympics.com schedules.nbcolympics.com st.chatango.com streaming.enetlive.tv support.teamusa.org tableau.usoc.org teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv tpc.googlesyndication.com universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com usatt.simplycompete.com usawaterski.org usopc.tfaforms.net vplayer.nbcolympics.com vplayer.nbcsports.com www.bullseyelocations.com www.buzzsprout.com www.classy.org www.givedirect.org www.googletagmanager.com www.instagram.com www.omegawatches.com www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com www.youtube.com www.youtube-nocookie.com; img-src 'self' https://usat-production.s3.amazonaws.com/ *.ads.linkedin.com *.adsafeprotected.com *.doubleverify.com *.evergage.com *.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hsforms.com *.hsforms.net *.hubspot.com *.twimg.com *.twitter.com ad.doubleclick.net barbend.com bbox.blackbaudhosting.com c.bing.com c.clarity.ms cdn.cookielaw.org cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net clients1.google.com connect.facebook.net content.themat.com data: i.ytimg.com images.contentstack.io images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com p.typekit.net pixel.quantserve.com public.tableau.com reg.usajudo.net region1.analytics.google.com res.cloudinary.com storage.googleapis.com siteintercept.qualtrics.com sjc1.qualtrics.com s3.amazonaws.com/photos.usacycling.org/ t.co t.paypal.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com usoc.tfaforms.net usopc.tfaforms.net widgets.sports.gracenote.com www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg www.googleapis.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com; media-src 'self' blob: *.evergage.com bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.addthis.com *.adsafeprotected.com *.britecove.com *.cdc.gov *.clarity.ms *.clickdimensions.com *.cookielaw.org *.evergage.com *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hs-analytics.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.hubspot.com *.instagram.com *.pxlecdn.com *.tiktok.com *.ttwstatic.com *.twitter.com *.wufoo.com *.youtube.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.com adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se ajax.googleapis.com analytics.tiktok.com app-ab22.marketo.com assets.pixlee.com/assets/fp.js az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com c.bing.com cdn.evgnet.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net console.googletagservices.com countdown.omegawatches.com cse.google.com feedback.hubapi.com images.teamusa.org kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net sdk.classy.org secure.givelively.org secure.quantserve.com snap.licdn.com snapwidget.com siteintercept.qualtrics.com stackpath.bootstrapcdn.com static.ads-twitter.com storage.googleapis.com tableau.usoc.org teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ use.typekit.net usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widget.surveymonkey.com widgets.flickr.com widgets.sports.gracenote.com www.buzzsprout.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com zn6x64ufidwjzj7w2-la28.siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' *.evergage.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdn-us.clickdimensions.com cdn.fonts.net cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com images.teamusa.org www.google.com/cse/ lf16-tiktok-web.ttwstatic.com maxcdn.bootstrapcdn.com p.typekit.net platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css storage.googleapis.com teamusa.tfaforms.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ use.typekit.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com www.teamusa.org www.trackwrestling.com; worker-src 'self' blob: https://teamusa.report-uri.com/r/d/csp/enforce; report-uri ; 2
frame-ancestors 'self' https://www.bodas.com.mx https://comunidad.bodas.com.mx https://landing.bodas.com.mx 2
frame-ancestors 'self' http://*.vde.com; 2
frame-ancestors deny 2
object-src 'none'; form-action 'self'; frame-ancestors 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fbevents.js *.facebook.net *.cookiebot.com *.cookiebox.ro *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ro *.googleadservices.com *.doubleclick.net *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com; object-src 'self' ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.fontawesome.com *.cloudflare.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.gstatic.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.cloudflare.com *.facebook.com *.facebook.net; media-src 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.cookiebot.com *.cookiebox.ro *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.facebook.net; child-src 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gts.ro *.googletagmanager.com *.google.com *.google.ro *.doubleclick.net *.google-analytics.com *.youtube.com *.vimeo.com *.ytimg.com *.facebook.com *.fontawesome.com; font-src 'self' *.fontawesome.com *.cloudflare.com; 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; connect-src https: wss:; img-src * data:; style-src https: 'unsafe-inline'; font-src * data:; 2
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; img-src 'self'; frame-src 'self'; font-src 'self' data:; object-src 'none'; frame-ancestors 'none'; 2
frame-ancestors 'none' ; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adoberesources.net *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.fti-cloud.com *.kampyle.com *.marketo.com *.marketo.net *.mktoutil.com *.qualtrics.com *.twimg.com *.yimg.com amplify.outbrain.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net classify.gofurther.com connect.facebook.net documentcloud.adobe.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.google-analytics.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ;  connect-src 'self' *.adobe.io *.akamaihd.net *.apolloplatform.com *.clarity.ms *.analytics.google.com *.boltdns.net *.brightcove.com *.brightcove.net *.browser-intake-datadoghq.com *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.kampyle.com *.launchdarkly.com *.marketo.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.onetrust.io *.qualtrics.com *.cloudhub.io *.widen.net *.widencdn.net 848-iap-939.mktoresp.com adservice.google.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io classify.gofurther.com dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io resources.digital-cloud-west.medallia.com pdswebapi.fti-cloud.com s.yimg.com wss://*.decibelinsight.com wss://*.decibelinsight.net www.facebook.com www.fti.wallst.com wss://*.adobe.io ;  img-src 'self' data: *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.fti-cloud.com *.franklintempleton.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net analytics.twitter.com bat.bing.com browser-update.org c.bing.com c.clarity.ms classify.gofurther.com d21y75miwcfqoq.cloudfront.net di.rlcdn.com fa.aidemsrv.com fml-x.com franklintempletonprod.widen.net pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com syndication.twitter.com t.co tr.outbrain.com tk-static.fml-x.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk assets.adoberesources.net lh3.googleusercontent.com ;  font-src 'self' data: *.ftsites.com fonts.googleapis.com fonts.gstatic.com templeton.com *.franklintempleton.com *.franklintempleton.lu *.typekit.net ;  style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.typekit.net ;  worker-src blob: *.decibel.net ; 2
default-src 'self' 'unsafe-inline' data: *.friendlycaptcha.com *.kameleoon.io *.doubleclick.net google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat  *.googlesyndication.com *.run.app *.googleapis.com *.akamaihd.net *.crossengage.io *.usercentrics.eu *.google-analytics.com *.gstatic.com *.hotjar.com *.hotjar.io *.kameleoon.com *.kameleoon.eu *.dat.de *.datgroup.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click; form-action 'self' *.dat.de *.datgroup.com *.twitter.com *.cleverreach.com mailings.dat.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.crossengage.io *.usercentrics.eu *.mouseflow.com *.akamaihd.net *.kameleoon.com *.kameleoon.eu *.hotjar.com *.hotjar.io *.kameleoon.eu *.dat.de *.datgroup.com *.twitter.com *.twimg.com *.fairgarage.de *.fairgarage.com *.b-ite.com *.leadlab.click *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com; style-src 'unsafe-inline' 'self' *.kameleoon.com *.kameleoon.eu *.googleapis.com *.twitter.com *.twimg.com *.googleapis.com *.fairgarage.de *.fairgarage.com *.dat.de *.datgroup.com *.googletagmanager.com *.google-analytics.com; worker-src data: 'self' *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.google.com *.vimeo.com blob: 'self' *.dat.de *.datgroup.com; frame-src data: 'self' *.doubleclick.net *.hotjar.com *.hotjar.io *.dat.de *.datgroup.com *.twitter.com *.youtube.com *.youtube-nocookie.com *.google.com *.vimeo.com; img-src 'self' data: *.googleadservices.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net *.akamaihd.net *.googletagmanager.com *.dat.de *.datgroup.com *.usercentrics.eu *.google.com *.googleapis.com *.gstatic.com *.kameleoon.com *.kameleoon.eu *.hotjar.com *.hotjar.io *.datgroup.com *.twimg.com *.twitter.com *.fairgarage.de *.fairgarage.com *.google-analytics.com; font-src 'self' data: *.fairgarage.com; object-src 'none'; 2
nosniff 2
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src https:; frame-src http: https: data:; upgrade-insecure-requests 2
font-src 'self' themes.googleusercontent.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 2
base-uri 'self'; connect-src 'self' public.docsly.dev api.segment.io cdn.segment.com api-iam.intercom.io forms.hubspot.com www.google-analytics.com heapanalytics.com wss://nexus-websocket-a.intercom.io api.hubapi.com www.google.com stats.g.doubleclick.net api.hsforms.com vitals.vercel-insights.com *.chilipiper.com cdn.linkedin.oribi.io *.crazyegg.com vercel.live *.pusher.com wss://ws-us3.pusher.com *.google-analytics.com api.factors.ai analytics.google.com pagead2.googlesyndication.com status.courier.com px.ads.linkedin.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com js.intercomcdn.com www.slant.co storage.googleapis.com fonts.intercomcdn.com assets.vercel.com; form-action calendly.com; frame-ancestors 'self'; frame-src www.youtube.com intercom-sheets.com bid.g.doubleclick.net www.loom.com *.chilipiper.com open.spotify.com play.hubspotvideo.com vercel.live td.doubleclick.net; img-src 'self' data: www.google-analytics.com heapanalytics.com images.ctfassets.net track.hubspot.com js.intercomcdn.com static.intercomassets.com i.ytimg.com px.ads.linkedin.com www.facebook.com www.google.ca www.google.com www.gstatic.com downloads.intercomcdn.com messenger-apps.intercom.io p.adsymptotic.com www.google.co.jp www.google.co.kr www.google.co.uk www.google.de www.google.gr www.google.ro www.google.ru www.linkedin.com forms.hsforms.com www.google.co.in www.google.co.ma www.google.co.nz www.google.co.za www.google.co.zw www.google.com.au www.google.com.br www.google.com.gh www.google.com.my www.google.com.ng www.google.com.pe www.google.com.ph www.google.com.pr www.google.com.sg www.google.com.tr www.google.com.ua www.google.com.vn www.google.cz www.google.dk www.google.es www.google.fr www.google.lk www.google.pt www.googletagmanager.com log-papago.naver.com translate.google.com www.google.am www.google.at www.google.be www.google.ch www.google.cl www.google.co.il www.google.co.ke www.google.com.ar www.google.com.bd www.google.com.co www.google.com.kw www.google.com.mt www.google.com.mx www.google.com.np www.google.com.pk www.google.com.tw www.google.com.uy www.google.fi www.google.ie www.google.is www.google.it www.google.jo www.google.nl www.google.no www.google.pl www.google.rs www.google.se www.google.ae www.google.co.ao www.google.mu www.google.hu t.co analytics.twitter.com pubads.g.doubleclick.net px.ads.linkedin.com *.chilipiper.com *.vercel.live vercel.com *.vercel.com *.reddit.com vercel.live 'unsafe-eval' ct.capterra.com fonts.gstatic.com api.producthunt.com www.docsly.dev googleads.g.doubleclick.net googleads.g.doubleclick.net; manifest-src 'self'; media-src 'self' js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' widget.intercom.io www.google-analytics.com www.googletagmanager.com cdn.heapanalytics.com cdn.segment.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.intercomcdn.com js.hsadspixel.net snap.licdn.com www.google.com analytics.twitter.com static.ads-twitter.com www.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net js.hsleadflows.net vitals.vercel-insights.com connect.facebook.net app.factors.ai; script-src-elem 'self' 'unsafe-inline' widget.intercom.io www.google-analytics.com www.googletagmanager.com cdn.heapanalytics.com cdn.segment.com js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net js.intercomcdn.com js.hsadspixel.net snap.licdn.com www.google.com analytics.twitter.com static.ads-twitter.com www.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net js.hsleadflows.net vitals.vercel-insights.com connect.facebook.net *.chilipiper.com *.googleoptimize.com *.crazyegg.com www.redditstatic.com vercel.live app.factors.ai; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.chilipiper.com www.google-analytics.com www.googletagmanager.com; worker-src 'self' blob: 2
frame-ancestors 'self' https://*.reitmans.com https://*.additionelle.com https://*.rw-co.com https://*.thymematernity.com https://*.penningtons.com http://*.reitmans.com http://*.additionelle.com http://*.rw-co.com http://*.thymematernity.com http://*.penningtons.com wss://*.screenmeet.com https://*.screenmeet.com 2
frame-ancestors 'self' https://olbsupport.cbvoyager.com https://banking.commercebank.com https://bankingapi.commercebank.com https://loans.commercebank.com https://solutions.commercebank.com https://go.pardot.com https://pi.pardot.com https://sb.commercebank.com/legacybillpayenrollment https://view.ceros.com https://transact.commercebank.com/ 2
frame-ancestors 'self' www.neoenergia.com 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src  * data:;connect-src * wss: 2
frame-ancestors 'self' https://fx.gl https://*.fx.gl https://*.fxgam.es https://vk.com https://ok.ru https://vkplay.ru https://yandex.ru https://*.yandex.ru  https://yandex.com https://*.yandex.com https://ya.ru https://*.ya.ru https://galaxycontrol.app https://dragonlord.games 2
img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval';worker-src blob:; 2
default-src 'self';connect-src 'self' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com cookies.onetrust.mgr.consensu.org geolocation.onetrust.com www.facebook.com https://accounts.google.com/gsi/ *.google-analytics.com www.googletagmanager.com csi.gstatic.com habboo-a.akamaihd.net d29usylhdk1xyu.cloudfront.net;img-src 'self' data: *.habbo.com cookie-cdn.cookiepro.com habbo-stories-content.s3.amazonaws.com www.facebook.com *.google-analytics.com stats.g.doubleclick.net ssl.gstatic.com habboo-a.akamaihd.net images.habbogroup.com docj27ko03fnu.cloudfront.net d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com cdn.rpxnow.com pay.openbucks.com trck.spoteffects.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.habbo.com https://appleid.cdn-apple.com https://hcaptcha.com https://*.hcaptcha.com cookie-cdn.cookiepro.com connect.facebook.net https://accounts.google.com/gsi/client *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com apis.google.com rpxnow.com d29usylhdk1xyu.cloudfront.net trck.spoteffects.net;style-src 'self' 'unsafe-inline' *.habbo.com https://hcaptcha.com https://*.hcaptcha.com www.gstatic.com fonts.googleapis.com d3hmp0045zy3cs.cloudfront.net quilt-cdn.janrain.com;child-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com *.habbo.com *.facebook.com www.google.com habboo-a.akamaihd.net www.youtube.com www.offertoro.com torox.io;font-src 'self' fonts.gstatic.com habboo-a.akamaihd.net *.habbo.com data:;frame-ancestors 'self' *.idcgames.com www.funnygames.fi www.funnygames.es www.funnygames.nl www.funnygames.fr www.funnygames.it www.funnygames.us www.funnygames.eu www.funnygames.biz www.funnygames.com.br www.funnygames.org *.gamesxl.com keygames.com www.games.co.za www.bgames.com starbie.co.uk nyckelspel.se www.games.co.uk www.a10.com www.gry.pl www.spela.se www.gamesgames.com www.ourgames.ru www.permainan.co.id www.games.co.id www.agame.com www.flashgames.ru www.mousebreaker.com kizi.com yepi.com www.integrations.partner.spilgames.com www.teens-integrations.partner.spilgames.com www.youdagames.com www.elkspel.nl www.spele.nl www.spele.be www.spelletjesoverzicht.nl *.orangegames.com hyvesgames.nl spele.nl www.spelletjes.nl www.spel.nl *.giochixl.it www.1001giochi.it minigioco.it www.gioco.it www.giochi.it *.jeuxdelajungle.fr www.1001games.fr jouerjouer.com spele.be www.jeux.fr www.jeu.fr oyun.mynet.com gamecell.com www.gamecell.com oyungemisi.com www.oyunskor.com *.1001pelit.com pelaaleikkia.com www.isladejuegos.es clavejuegos.com www.juegos.com *.1001spiele.de www.jetztspielen.ws www.jetztspielen.de www.spielaffe.de *.spielspiele.de spielspiele.de www.spielen.com *.1001jogos.pt jogojogar.com www.ojogos.com.br;form-action 'self' https://login.habbo.com https://help.habbo.com https://help.habbo.de https://help.habbo.es https://help.habbo.fi https://help.habbo.fr https://help.habbo.it https://help.habbo.nl https://help.habbo.com.br https://help.habbo.com.tr habbohelpbr.zendesk.com habbohelpen.zendesk.com habbohelpde.zendesk.com habbohelpes.zendesk.com habbohelpfi.zendesk.com habbohelpfr.zendesk.com habbohelpit.zendesk.com habbohelpnl.zendesk.com habbohelptr.zendesk.com;upgrade-insecure-requests ;report-uri /csp/report 2
frame-ancestors resources.levelaccess.com 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net blob: https://tracking.g2crowd.com https://cdn-ikpmlch.nitrocdn.com https://nitroscripts.com https://cdn-ilaadif.nitrocdn.com https://cdn.addevent.com https://static.addtoany.com https://js.adsrvr.org *.vidyard.com https://cdn.wmxtools.com https://www.levelaccess.com https://www.influ2.com https://ct.capterra.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://cdn-ikplicl.nitrocdn.com https://cdn-ikplklh.nitrocdn.com  https://gdata.youtube.com https://www.adnxs-simple.com https://www.adnxs.com https://www.googletagservices.com https://www.googleadservices.com https://www.doubleclick.net https://www.google.com https://ajax.googleapis.com https://boards.greenhouse.io https://bat.bing.com https://cdnjs.cloudflare.com https://cta-service-cms2.hubspot.com https://code.jquery.com https://connect.facebook.net https://cdn.bizible.com https://content.linkedin.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://dsp-creative.demandbase.com https://d.adroll.com https://forms.hsforms.com https://graph.facebook.com https://googleads.g.doubleclick.net https://google-analytics.com https://googletagmanager.com https://js.hscta.net https://js.facebook.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://js.qualified.com https://j.6sc.co https://resources.levelaccess.com https://a.levelaccess.com https://learn.levelaccess.com https://m.youtube.com https://stackpath.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://app.qualified.com/ https://platform.linkedin.com https://r.bing.com https://src.litix.io https://stackpath.bootstrapcdn.com https://s.adroll.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://www.hsforms.net https://www.hsforms.com https://cdnjs.cloudflare.com https://levelaccess.com/a/ https://levelaccess.com/a/previous-channels-assets/ *.googlesyndication.com *.googleadservices.com https://resources.levelaccess.com www.googletagmanager.com *.google.nl *.google.ca  *.cookiebot.com *.addtoany.com *.formhq.net *.google-analytics.com *.zoominfo.com https://js.adsrvr.org https://jsv3.recruitics.com/ https://cdn.rollbar.com/rollbarjs/refs/tags/v2.22.0/rollbar.min.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://js.adsrvr.org/up_loader.1.1.0.js;default-src 'self' https://cdn-ikpmlch.nitrocdn.com https://www.googletagmanager.com https://cdn-ilaadif.nitrocdn.com https://px.ads.linkedin.com https://www.google-analytics.com https://c.6sc.co https://ipv6.6sc.co https://to.getnitropack.com https://t.influ2.com https://ws.qualified.com https://stats.g.doubleclick.net wss://ws.qualified.com https://hubspot-forms-static-embed.s3.amazonaws.com data: https://forms.hsforms.com https://api.formhq.net https://api.hubapi.com *.hubapi.com https://ws.zoominfo.com https://analytics.google.com https://cdn-ikplicl.nitrocdn.com https://cdn-ikplklh.nitrocdn.com  https://api.hubapi.com *.hubapi.com https://googleads.g.doubleclick.net *.doubleclick.net https://fast.wistia.net *.wistia.com https://yoast.com/ *.bing.com https://www.google.com https://regional.google-analytics.com *.google-analytics.com *.googlesyndication.com *.google.nl *.google.ca *.googleadservices.com *.cookiebot.com;object-src embedwistia-a.akamaihd.net;child-src 'self' data: blob: https://www.google.com https://www.doubleclick.net https://www.googlesyndication.com https://www.adnxs.com https://www.facebook.com app.hubspot.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net www.youtube.com www.ub-assets.com www.cloudfront.net www.unbounce.com www.static.addtoany.com www.googletagmanager.com *.cookiebot.com;base-uri 'self' https://www.adnxs.com;form-action 'self' https://www.google.com https://www.facebook.com connect.facebook.net download.essentialaccessibility.com forms.hubspot.com forms.hsforms.com;worker-src 'self' blob: https://www.google.com;frame-src 'self' data: https://insight.adsrvr.org/ https://fast.wistia.com https://fast.wistia.net https://play.vidyard.com https://static.addtoany.com/ https://match.adsrvr.org/ https://www.googletagmanager.com/ https://td.doubleclick.net https://www.youtube.com https://www.cloudfront.net/ https://www.unbounce.com/ https://www.surveymonkey.com https://www.ub-assets.com/ https://app.qualified.com/ https://gdata.youtube.com https://boards.greenhouse.io https://www.hubspot.com https://www.hsforms.net https://www.hsforms.com https://cdnjs.cloudflare.com https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://vars.hotjar.com/ forms.hsforms.com   https://cdn.rollbar.com/rollbarjs/refs/tags/v2.22.0/rollbar.min.js https://jsv3.recruitics.com/ https://code.jquery.com/jquery-3.3.1.min.js blob:;style-src 'self' 'report-sample' 'unsafe-inline' blob: *.google.com *.licdn.com https://cdn-ilaadif.nitrocdn.com https://cdn-ikplicl.nitrocdn.com https://cdn-ikplklh.nitrocdn.com  https://cdn-ikpmlch.nitrocdn.com *.cloudfront.net *.unbounce.com *.ub-assets.com *.qualified.com *.bing.com *.bootstrapcdn.com ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com https://tagmanager.google.com/ https://fonts.googleapis.com/ https://code.jquery.com/jquery-3.3.1.min.js https://js.adsrvr.org  https://js.adsrvr.org/up_loader.1.1.0.js https://fast.wistia.com gdata.youtube.com fonts.googleapis.com https://levelaccess.com/a/previous-channels-assets/ https://levelaccess.com/a/previous-channels-assets/ https://resources.levelaccess.com www.googletagmanager.com;manifest-src 'self';media-src 'self' https://www.levelaccess.com blob: https://app.qualified.com data: https://*.wistia.com https://*.wistia.net;img-src 'self' https://www.levelaccess.com/a/ https://cdn-ikpmlch.nitrocdn.com https://forms-na1.hsforms.com https://cdn-ilaadif.nitrocdn.com https://www.google.de https://play.vidyard.com/ *.vidyard.com https://ps.w.org https://levelaccess.com https://cdn.addevent.com https://uploads-ssl.webflow.com https://imgsct.cookiebot.com https://cdn-ikplicl.nitrocdn.com https://cdn-ikplklh.nitrocdn.com  *.linkedin.com https://s.w.org *.hubspot.com *.bing.com *.6sc.co *.facebook.com *.google.co.in *.google.com *.google.ca *.google.nl *.px.ads.linkedin.com https://www.google.com https://www.google.co.in https://forms.hsforms.com data: *.wistia.com https://*.wistia.net https://www.googletagmanager.com *.capterra.com https://www.google-analytics.com https://*.googleapis.com https://*.google.com;font-src 'self' https://stackpath.bootstrapcdn.com/ https://fonts.gstatic.com https://fast.wistia.com https://s0.wp.com https://cdn.rollbar.com/ https://jsv3.recruitics.com/ *.wistia.com https://cdnjs.cloudflare.com https://fast.wistia.net *.google.nl *.google.ca data:; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data:; connect-src https://hcaptcha.com https://*.hcaptcha.com https://o1026979.ingest.sentry.io/; report-uri https://o1026979.ingest.sentry.io/api/5996803/security/?sentry_key=e8c418276d2e4ea7af6b35e151b190bb&sentry_environment=production 2
default-src 'self' data:; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.google.com/; connect-src 'self' https://www.google-analytics.com/ https://yoast.com/ https://region1.google-analytics.com/ https://*.ingest.de.sentry.io/; media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/; form-action 'self' https://login.salesforce.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sentry-cdn.com/ https://foodora.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://ps.w.org/ https://s.w.org/ https://secure.gravatar.com/ https://pubads.g.doubleclick.net/  data:; worker-src 'self' blob:; report-to csp-endpoint; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.cloudflare.com *.facebook.net *.googletagmanager.com *.jsdelivr.net maps.googleapis.com *.newrelic.com polyfill.io *.siteimprove.net siteimproveanalytics.com ui.customsearch.ai unpkg.com *.wisconsin.gov; style-src 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com hosteduxprod.blob.core.windows.net *.jsdelivr.net; img-src 'self' data: *.google-analytics.com *.googletagmanager.com hosteduxprod.blob.core.windows.net maps.googleapis.com maps.gstatic.com *.siteimproveanalytics.io; frame-src *; frame-ancestors *; child-src *; font-src 'self' fonts.gstatic.com; connect-src 'self' *.google-analytics.com maps.googleapis.com *.nr-data.net *.siteimprove.com *.siteimproveanalytics.com ui.customsearch.ai; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src 'self'; img-src * 'self' data: https:; media-src 'self' https: *.glance.net *.glancecdn.net; style-src 'self' 'unsafe-inline' https: *.glance.net *.glancecdn.net; frame-ancestors 'self'; font-src 'self' data: https: *.glance.net *.glancecdn.net; connect-src 'self' wss://*.glance.net wss://*.hotjar.com wss://*.nn-acc.nl wss://*.nn-group.com wss://auvious.video wss://streaming.mypurecloud.de *.2o7.net *.akstat.io *.glance.net *.glancecdn.net *.hotjar.com *.hotjar.io *.mypurecloud.de *.onetrust.com *.rsc.cdn77.org *.demdex.net *.doubleclick.net *.omtrdc.net *.insim.biz *.nn-group.com *.nn-acc.nl *.nn.nl 69o4c7fld0.execute-api.eu-west-1.amazonaws.com el7z2lljh7.execute-api.eu-west-1.amazonaws.com fevgku35a5.execute-api.eu-west-1.amazonaws.com havdit7pd8.execute-api.eu-west-1.amazonaws.com nn-nl-mortgages-upload-service-prd.s3.eu-west-1.amazonaws.com prd-mrdb-api-data-storage.s3.eu-west-1.amazonaws.com ycov3pi8aj.execute-api.eu-west-1.amazonaws.com api-appsee.service-now.com api.ciuvo.com api.ext-sandbox.fourthline.com api.fourthline.com api.linktexting.com api.nibud.nl api.presspage.com api.trongrid.io bat.bing.com c.go-mpulse.net cdn.cookielaw.org/ cdn.linkedin.oribi.io cdn.optimizely.com cke4.ckeditor.com cm.everesttech.net code.jquery.com dcs.adobedc.net edge.adobedc.net eventsingest-demo.cidemo.sas.com fasttrack.sb.blueconic.net fonts.googleapis.com maps.googleapis.com infragrid.v.network logx.optimizely.com md-scp.kampyle.com meetlookup.com metrics.articulate.com nn-group.bbvms.com nn-nn.digitalcx.com overbridgenet.com pagead2.googlesyndication.com plugins.blueconic.net px.ads.linkedin.com raw.githubusercontent.com region1.analytics.google.com resources.digital-cloud.medallia.eu rum.optimizely.com sandbox.api.fourthline.com sandbox.v.fourthline.com sentry.auvious.com sun.tronex.io translate.googleapis.com *.akamaihd.net udc-neb.kampyle.com v.fourthline.com www.facebook.com/tr/ www.google.com/pagead/ www.gstatic.com; frame-src 'self' *.demdex.net *.doubleclick.net *.glance.net accounts.google.com cdn.engageone.video cdncache-a.akamaihd.net cdnjs.cloudflare.com content.lp.nn.nl dev-life-outsys.insim.biz eu-west-1-mt-preprod2.engageone.video eu-west-1-mt-prod2.engageone.video fonts.engageone.video gateway.zscloud.net informatie.cz.nl lpcdn.lpsnmedia.net maps.google.nl open.spotify.com platform.twitter.com player.vimeo.com presspage-production-content.s3.amazonaws.com resources.digital-cloud.medallia.eu tpc.googlesyndication.com tst-life-outsys.insim.biz w.soundcloud.com wiarekentool.nntools.nl www.finly.nl www.quintrics.nl www.youtube-nocookie.com www.youtube.com; object-src 'self' *.newstat.net/ab/ *.glancecdn.net *.linkedin.com ad.doubleclick.net googleads.g.doubleclick.net 6005723.global.siteimproveanalytics.io chatbot.api.nn-group.com l845.nn.nl www.nn-acc.nl www.nn.nl content.presspage.com fonts.googleapis.com fonts.gstatic.com nn-group.bbvms.com nn.d3.sc.omtrdc.net script.hotjar.com static.hotjar.com translate.googleapis.com udc-neb.kampyle.com www.hypotheekbond.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: *.demdex.net *.glance.net *.glancecdn.net *.googletagmanager.com *.liveperson.net *.pardot.com *.presspage.com *.nn.nl *.nn-acc.nl *.nn-group.com ads-api.twitter.com ads-twitter.com analytics.twitter.com platform.twitter.com platform.linkedin.com googleads.g.doubleclick.net assets.adobedtm.com assets.giocdn.com bat.bing.com c.go-mpulse.net cdn.bluebillywig.com cdn.blueconic.net cdn.cookielaw.org/scripttemplates/ cdn.optimizely.com cdn.tt.omtrdc.net cdn.walkme.com cm.everesttech.net code.jquery.com connect.facebook.net fidoapi.com kayemi.punctures-sakani.com liznumgv.songbooq.com lpcdn.lpsnmedia.net maps.googleapis.com md-scp.kampyle.com mstat.acestream.net nn-group.bbvms.com plugins.blueconic.net presspage-production-content.s3.amazonaws.com protectsurf-a.akamaihd.net qdatasales.com resources.digital-cloud.medallia.eu s3.amazonaws.com sandbox.v.fourthline.com sc-static.net script.hotjar.com siteimproveanalytics.com sjs.bizographics.com snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.hotjar.com tdn.r42tag.com tpc.googlesyndication.com translate-pa.googleapis.com translate.googleapis.com unpkg.com v.fourthline.com vwvwvwvw.b-cdn.net wurfl.io www.google.com/jsapi www.googleadservices.com www.gstatic.com www.pagespeed-mod.com www.printfriendly.com www.youtube.com; worker-src 'self' blob: nn.nl www.nn.nl 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: 2
default-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self'; img-src 'self' http: data: 2
connect-src 'self' data: blob: https://surveystats.hotjar.io https://*.hotjar.io https://*.clarity.ms https://l.getsitecontrol.com https://dash.getsitecontrol.com https://gse.gigaset.com *.hotjar.com wss://*.hotjar.com *.getsitectrl.com https://api.chatchamp.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu graphql.usercentrics.eu stats.g.doubleclick.net www.google-analytics.com www.google.de bat.bing.com halc.iadvize.com in.hotjar.com s.adroll.com ct.pinterest.com https://fast-static.smarketer.de https://*.billwerk.com sandbox.billwerk.com api.trustedshops.com shops-si.trustedshops.com trustbadge.api.etrusted.com vc.hotjar.io ws3.hotjar.com ws7.hotjar.com wss://ws3.hotjar.com wss://ws7.hotjar.com www.facebook.com www.google.ch www.google.com www.google.fr ws6.hotjar.com wss://ws6.hotjar.com www.google.co.uk ws10.hotjar.com ws4.hotjar.com ws8.hotjar.com wss://ws1.hotjar.com wss://ws10.hotjar.com wss://ws4.hotjar.com wss://ws8.hotjar.com www.google.be www.google.hr www.google.it www.google.nl www.google.ru ws12.hotjar.com ws18.hotjar.com ws2.hotjar.com wss://ws12.hotjar.com wss://ws18.hotjar.com wss://ws2.hotjar.com ws5.hotjar.com wss://ws5.hotjar.com www.google.es www.google.se www.google.com.tr www.google.cz ws17.hotjar.com wss://ws17.hotjar.com ws15.hotjar.com wss://ws15.hotjar.com www.google.co.in ws16.hotjar.com wss://ws16.hotjar.com www.google.com.cy www.google.pl ws9.hotjar.com wss://ws9.hotjar.com ws11.hotjar.com wss://ws11.hotjar.com app.getsitecontrol.com ws1.hotjar.com www.google.at d.adroll.com ws13.hotjar.com ws14.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com www.google.gr api.trustbadge.etrusted.com www.google.cl www.google.co.cr www.google.co.za www.google.com.ar www.google.rs service.gigaset.com www.google.ba www.google.dk www.google.ae network-eu.bazaarvoice.com www.google.hu wss://ff.kis.v2.scr.kaspersky-labs.com www.google.com.mx www.bing.com www.google.co.il www.google.co.ma www.google.co.ve www.google.com.bd www.google.com.co www.google.com.lb www.google.com.pe www.google.ie www.google.lu www.google.no www.google.pt www.google.ro www.google.si *.convertize.io pop1.getsitecontrol.com maps.googleapis.com *.etracker.de s.clcktrax.com *.analytics.google.com consent-api.service.consent.usercentrics.eu gcmatomo.gigaset.com https://fast.smarketer.de https://eu-api.friendlycaptcha.eu https://api.friendlycaptcha.com api.bazaarvoice.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://googleads.g.doubleclick.net; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.iamsmartad.com aggregator.service.usercentrics.eu analytics.google.com api.chatchamp.io api.usercentrics.eu app.usercentrics.eu connect.facebook.net data: googleads.g.doubleclick.net graphql.usercentrics.eu https://pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.facebook.com www.google-analytics.com www.google.com www.google.de https://www.googletagmanager.com www.youtube.com halc.iadvize.com bat.bing.com widgets.getsitecontrol.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com pixel.convertize.io p.typekit.net use.typekit.net ct.pinterest.com https://fast-static.smarketer.de s.pinimg.com ups.xplosion.de display.ugc.bazaarvoice.com s.adroll.com gse.gigaset.com ff.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com https://mpsnare.iesnare.com gcmatomo.gigaset.com accounts-eu.freshworks.com gigaset-org.freshworks.com https://*.etrusted.com; font-src https://script.hotjar.com use.typekit.net data: 'self' st.getsitecontrol.com fonts.gstatic.com github.com static3.avast.com gcmatomo.gigaset.com https://fonts.gstatic.com; form-action 'self' www.facebook.com feldtest.gigaset.com security.gigaset.com service.gigaset.com api.bazaarvoice.com 'unsafe-eval' ct.pinterest.com gigaset-org.freshworks.com accounts-eu.freshworks.com partner-service.gigaset.com gigaset-help.freshdesk.com; frame-ancestors 'self' www.gigaset.com *.etracker.com; img-src 'self' 'report-sample' https://c.clarity.ms/c.gif https://c.bing.com https://dsum-sec.casalemedia.com https://script.hotjar.com https://smarttracking.defacto-x.net https://m2.getsitecontrol.com https://trc.taboola.com https://d.adroll.com https://www.google.ee https://www.google.is app.usercentrics.eu googleads.g.doubleclick.net pixel.mathtag.com test.gse.gigaset.com tr.outbrain.com widgets.magentocommerce.com widgets.trustedshops.com www.facebook.com www.gigaset.com www.google-analytics.com www.google.com www.google.de display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com photos-uat-eu.bazaarvoice.com bat.bing.com data: d.adroll.com cdn.pay1.de image-charts.com www.googletagmanager.com ct.pinterest.com img.youtube.com network-eu-stg-a.bazaarvoice.com app.getsitecontrol.com media.getsitecontrol.com gse.gigaset.com insight.adsrvr.org network-eu.bazaarvoice.com pro-gse.gigaset.com www.google.ch www.google.co.uk www.google.com.tr www.google.com.tw www.google.es www.google.fr www.google.it www.google.nl www.google.pl photos-eu.bazaarvoice.com test.gigaset.com www.google.at www.google.be aax-eu.amazon-adsystem.com ads.yahoo.com cm.g.doubleclick.net connect.facebook.net network-eu-a.bazaarvoice.com stats.g.doubleclick.net sync.outbrain.com sync.taboola.com www.google.co.il www.google.cz www.google.hr www.google.lu www.google.ru www.google.sk www.gstatic.com www.google.com.lb translate.google.com www.google.se www.google.co.ao www.google.co.in www.google.co.kr www.google.com.mx www.google.hu www.google.no px.ads.linkedin.com www.awin1.com www.google.com.cy ib.adnxs.com i.ytimg.com www.google.az www.google.co.za www.google.com.bd www.google.fi www.google.pt www.google.co.cr www.google.ci www.google.com.sa www.google.rs www.google.gr android-webview-video-poster www.google.com.ar www.google.tn www.google.com.vn www.google.cl www.google.iq maps.googleapis.com maps.gstatic.com www.google.com.mt www.google.mn www.google.ro www.google.si www.google.ba blob: www.google.com.eg www.google.ae www.google.dk www.google.li pixel.rubiconproject.com pagead2.googlesyndication.com www.google.co.id www.google.co.ma www.google.ge www.google.ie www.linkedin.com analytics.google.com fcmatch.google.com fcmatch.youtube.com sync.mathtag.com ups.analytics.yahoo.com www.google.by www.google.cn www.google.co.ve www.google.com.br www.google.com.co www.google.com.et www.google.com.gt www.google.com.kw www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.ua dpm.demdex.net *.advertising.com *.pubmatic.com *.3lift.com *.bidswitch.net *.outbrain.com *.openx.net *.convertize.io www.etracker.de uct.service.usercentrics.eu s.clcktrax.com photos-us.bazaarvoice.com gcmatomo.gigaset.com https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://www.google-analytics.com https://fonts.gstatic.com contentorigin.bazaarvoice.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' https://*.clarity.ms https://s2.getsitecontrol.com https://cdn.iamsmartad.com amplify.outbrain.com app.usercentrics.eu connect.facebook.net googleads.g.doubleclick.net js.chatchamp.com pixel.mathtag.com tr.outbrain.com widgets.trustedshops.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com halc.iadvize.com widgets.getsitecontrol.com analytics-static.ugc.bazaarvoice.com bat.bing.com display.ugc.bazaarvoice.com network-eu-stg.bazaarvoice.com stg.api.bazaarvoice.com script.hotjar.com static.hotjar.com a.adroll.com d.adroll.com d.adroll.mgr.consensu.org s.adroll.com pixel.convertize.io secure.pay1.de s.pinimg.com cdn.xplosion.de ups.xplosion.de sandbox.billwerk.com selfservice.sandbox.billwerk.com https://*.billwerk.com https://selfservice.billwerk.com apps.bazaarvoice.com asn-trk.advolution.de st.getsitecontrol.com api.bazaarvoice.com network-eu.bazaarvoice.com tpc.googlesyndication.com gse.gigaset.com me.kis.v2.scr.kaspersky-labs.com static.iadvize.com www.google.com www.dwin1.com ad1.adfarm1.adition.com adfarm1.adition.com gc.kis.v2.scr.kaspersky-labs.com secure.adnxs.com snap.licdn.com maps.googleapis.com s2.adform.net track.adform.net www.pagespeed-mod.com 'unsafe-eval' cdn.taboola.com ff.kis.v2.scr.kaspersky-labs.com www.google.de www.google.it imagesrv.adition.com https://mpsnare.iesnare.com https://l.getsitecontrol.com/p7jz5lm4.js *.etracker.com *.etracker.de cdn.iamstudent.com s.clcktrax.com https://api.signalize.com/accounts/X3ssZWx/signalize.min.js *.analytics.google.com gcmatomo.gigaset.com https://fast-static.smarketer.de https://fast.smarketer.de https://mycliplister.com https://*.mycliplister.com https://*.etrusted.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com; style-src data: 'self' 'unsafe-inline' display.ugc.bazaarvoice.com s.adroll.com p.typekit.net use.typekit.net gse.gigaset.com gc.kis.v2.scr.kaspersky-labs.com fonts.googleapis.com me.kis.v2.scr.kaspersky-labs.com translate.googleapis.com gcmatomo.gigaset.com https://*.etrusted.com https://www.google-analytics.com https://www.googletagmanager.com; child-src blob:; frame-src https://www.pinterest.de https://ir.tools.investis.com pixel.mathtag.com www.google.com www.facebook.com vars.hotjar.com secure.pay1.de www.youtube.com bid.g.doubleclick.net js.chatchamp.com api.bazaarvoice.com display.ugc.bazaarvoice.com tpc.googlesyndication.com cms.gigaset.com gigaset-prov.gigaset.com gigaset.secure.force.com where-to-buy.co www.googletagmanager.com player.vimeo.com ad2.adfarm1.adition.com 'self' gigaset-net.gigaset.com ct.pinterest.com forms.office.com verify.iamstudent.com www.iamstudentverify.com pwm-image.trendmicro.com www.pinterest.com gcmatomo.gigaset.com app.usercentrics.eu gigaset.my.salesforce-sites.com https://*.etrusted.com https://www.google-analytics.com https://*.doubleclick.net; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src *.qare.fr *.public-prod.qare.tech *.public-dev.qare.tech *.public-staging.qare.tech *.eks.testing.qare.tech *.eks.dynamic.qare.tech *.public-external.qare.tech *.qare.io www.gstatic.com blob:; font-src * 2
default-src 'self' cloudflare-quic.com; script-src 'self' d10zminp1cyta8.cloudfront.net *.googletagmanager.com *.google-analytics.com *.cookiebot.com challenges.cloudflare.com cdnjs.cloudflare.com *.licdn.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hsforms.com *.hsforms.net *.hs-analytics.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.linkedin.com *.cookiebot.com *.hsforms.com; font-src 'self' data:; frame-src 'self' *.googletagmanager.com *.cookiebot.com challenges.cloudflare.com *.hsforms.com; object-src 'none'; connect-src 'self' career.recruitee.com *.plyr.io *.linkedin.oribi.io *.cookiebot.com *.google-analytics.com px.ads.linkedin.com *.hsforms.com *.s3.amazonaws.com; 2
default-src *; img-src * 'self' data: https://*; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; 2
default-src 'none'; child-src https://cryptpad.fr; worker-src 'self'; media-src blob:; style-src 'unsafe-inline' 'self' https://cryptpad.fr; script-src 'self' resource: https://cryptpad.fr; connect-src 'self' https://cryptpad.fr blob: wss://api.cryptpad.fr https://files.cryptpad.fr https://accounts.cryptpad.fr https://sandbox.cryptpad.info https://api.cryptpad.fr; font-src 'self' data: https://cryptpad.fr; img-src 'self' data: blob: https://cryptpad.fr; frame-src 'self' https://sandbox.cryptpad.info blob:; frame-ancestors 'self' https: vector: 2
frame-ancestors 'self', frame-ancestors 'self' 2
frame-ancestors 'self' https://*.bdo.global 2
default-src 'self' https://downloads.ctfassets.net/ *.gstatic.com *.proteccion.com assets.ctfassets.net d10o2ofpymhfmh.cloudfront.net *.wufoo.com contenidos-proteccion.s3.amazonaws.com *.proteccion.com.co cdnjs.cloudflare.com *.api.ipify.org  videos.ctfassets.net;          script-src 'self' 'unsafe-inline' 'unsafe-eval' static.ads-twitter.com/uwt.js parly-webchat-proteccion-pronto.10tyy11bpll6.us-east.codeengine.appdomain.cloud script.crazyegg.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net *.clarity.ms/ *.googleoptimize.com partner.googleadservices.com *.ipdialbox.com *.wolkvox.com kit.fontawesome.com widget.spreaker.com connect.facebook.net *.youtube.com *.proteccion.com *.gstatic.com www.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com cdnjs.cloudflare.com pratech-chatbot-cdn-proteccion.mybluemix.net static.ads-twitter.com cdn.perfdrive.com;          img-src * 'self' data: *.proteccion.com;          style-src 'self' 'unsafe-inline' parly-webchat-proteccion-pronto.10tyy11bpll6.us-east.codeengine.appdomain.cloud *.proteccion.com cdnjs.cloudflare.com d10o2ofpymhfmh.cloudfront.net *.google.com *.googleapis.com cdn.botframework.com pratech-chatbot-cdn-proteccion.mybluemix.net use.fontawesome.com;          object-src 'self' *.proteccion.com;          font-src 'self' *.proteccion.com fonts.gstatic.com cdnjs.cloudflare.com ka-p.fontawesome.com use.fontawesome.com fonts.googleapis.com data:;          child-src *.spotify.com forms.office.com *.google.com *.ipdialbox.com *.wolkvox.com widget.spreaker.com *.core.windows.net *.youtube.com *.wufoo.com *.proteccion.com blob:;          connect-src 'self' kit.fontawesome.com parly-webchat-proteccion-pronto.10tyy11bpll6.us-east.codeengine.appdomain.cloud https://noembed.com/ https://js.hs-banner.com https://forms.hscollectedforms.net *.clarity.ms wss://directline.botframework.com https://directline.botframework.com ka-p.fontawesome.com pratech-chatbot-cdn-proteccion.mybluemix.net cdn.contentful.com images.ctfassets.net stats.g.doubleclick.net *.googleapis.com *.proteccion.com.co *.proteccion.com *.google-analytics.com api.ipify.org analytics.google.com;          frame-ancestors 'self' www.proteccion.com.co www.proteccion.com proteccion.com.co proteccion.com;          frame-src www.proteccion.com.co www.proteccion.com proteccion.com.co proteccion.com *.facebook.com open.spotify.com widget.spreaker.com docs.google.com cse.google.com *.wolkvox.com https://youtube.com/ *.youtube.com *.google.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hackerone.com hackerone.com *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com www.googleoptimize.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com *.hsforms.com *.hsforms.net ssl.google-analytics.com *.doubleclick.net *.bing.com; style-src 'self' 'unsafe-inline' https: djtflbt20bdde.cloudfront.net fonts.googleapis.com js.hsforms.net; img-src 'self' data: https: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com js.hsforms.net; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: wss: www.gov.uk yoast.com *.hotjar.com js.hsforms.net; media-src 'self' https: media.nominet.uk; object-src 'self' *.cloudfront.net js.hsforms.net; frame-src 'self' https: www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com *.hackerone.com hackerone.com js.hsforms.net; frame-ancestors 'self' *.hackerone.com hackerone.com js.hsforms.net; form-action 'self' *.theukdomain.uk theukdomain.uk forms.hsforms.com *.facebook.com js.hsforms.net; base-uri 'self' *.helpscout.net js.hsforms.net 2
default-src 'self'; child-src 'self' https://platform.twitter.com https://youtube.com; connect-src 'self' https://cdnmon.cfigroup.com https://dap.digitalgov.gov https://*.doubleclick.net https://orcid.org/userStatus.json https://search.usa.gov https://translate.googleapis.com https://usda.libanswers.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; font-src 'self' https://cdn.app.cfigroup.com https://cdn.knightlab.com https://fonts.gstatic.com; frame-src 'self' https://publicdashboards.dl.usda.gov https://*.twitter.com https://usda.libanswers.com https://player.vimeo.com https://*.youtube.com; img-src 'self' data: https://cdnmon.cfigroup.com https://cdn.knightlab.com https://feed.informer.com https://fonts.gstatic.com https://*.nal.usda.gov https://orcid.org https://info.orcid.org https://*.twitter.com https://*.usa.gov https://*.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.jsdelivr.net/npm/jvectormap@2.0.4/ https://cdn.knightlab.com https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.google-analytics.com https://*.libanswers.com https://www.nal.usda.gov https://platform.twitter.com https://search.usa.gov https://www.googletagmanager.com https://www.youtube.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://cdn.knightlab.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/ https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/ https://*.cfigroup.com https://dap.digitalgov.gov https://feed.informer.com https://*.libanswers.com https://www.nal.usda.gov https://publicdashboards.dl.usda.gov https://search.usa.gov https://*.twitter.com https://unpkg.com/chart.js@4.4.0/ https://unpkg.com/chartjs-adapter-date-fns@3.0.0/ https://*.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://fonts.googleapis.com https://search.usa.gov; style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/jvectormap/2.0.4/ https://cdn.knightlab.com https://search.usa.gov;; 2
script-src 'self' 'unsafe-inline' munchkin.marketo.net *.facebook.net *.googletagmanager.com *.mxpnl.com *.chtbl.com *.barracudamsp.com *.cookielaw.org *.marketo.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.demandbase.com *.vidyard.com *.adroll.com *.licdn.com *.redditstatic.com *.liveperson.net *.lpsnmedia.net assets.adobedtm.com *.driftt.com *.searchcdn.com unpkg.com *.youtube.com *.highcharts.com *.zi-scripts.com 2
frame-ancestors 'self' http://www.kayak.com http://www.kayak.com.ar http://www.kayak.cl http://www.kayak.com.co http://www.kayak.com.pe http://www.kayak.com.mx http://www.kayak.com.br http://www.tripadvisor.com http://www.tripadvisor.com.br http://www.tripadvisor.com.mx www.farecompare.com www.idealo.com http://viajala.com.co http://viajala.com.mx http://viajala.com.pe www.clicktripz.com http://viajala.cl http://viajala.com.ar https://www.viajanet.com.br https://www.viajesfalabella.com.co https://superapplab.davivienda.com https://superapplabv2.davivienda.com https://superapp.davivienda.com https://transacciones.davivienda.com https://www.karismahotels.com https://pwm-frontend.ua.verbinteractive.com http://frontend-test.karismahotels.com https://www.passaporte.com.br https://www.azul.com.br https://www.passagemdeaviao.com.br https://www.passagensdeaviao.com.br https://www.ponteaerea.com.br https://www.aeroportodecongonhas.com.br https://www.salgadofilho.com.br https://www.rentalcars.com.br https://www.alugueldecarros.com.br https://www.budget.com.br https://www.broadway.com.br https://www.luademel.com.br 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src data: 'self' https://*.kiavi.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hsappstatic.net https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hubspot.net https://bat.bing.com https://d.adroll.com https://f.hubspotusercontent20.net https://googleads.g.doubleclick.net https://p.adsymptotic.com https://px.ads.linkedin.com https://sp.analytics.yahoo.com https://www.facebook.com; upgrade-insecure-requests 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com:443 https://cdnjs.cloudflare.com:443; font-src 'self' https://fonts.gstatic.com:443 https://cdnjs.cloudflare.com:443; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 https://cdnjs.cloudflare.com:443; connect-src 'self' https://dpm.demdex.net:443; frame-src 'self' https://newsquestdigital.demdex.net:443; img-src 'self' https://dpm.demdex.net:443 https://prime-magazine.co.uk:443/assets/images/PrimeLogoOnWhite.jpg https://www.living-magazines.co.uk:443/assets/images/logo.png https://newsquestdigitalmedia.d2.sc.omtrdc.net:443 https://*:443/resources/images/sitelogo 2
default-src 'self';frame-ancestors 'self';frame-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com ;media-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com ;object-src 'none'; connect-src 'self' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com ;script-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com ;style-src 'self' 'unsafe-inline' *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com ;font-src 'self' data: *.google-analytics.com *.marketo.net *.googletagmanager.com *.googleapis.com *.vimeo.com *.googleadservices.com *.bing.com *.facebook.net *.facebook.com *.mktoresp.com *.doubleclick.net *.google.com *.cloudfront.net *.gstatic.com *.licdn.com *.linkedin.com *.youtube.com *.vidyard.com *.nitrocdn.com ajax.googleapis.com cdn-fgicm.nitrocdn.com consent.trustarc.com munchkin.marketo.net player.vimeo.com snap.licdn.com *.demandbase.com *.clickagy.com tracking.g2crowd.com ws.zoominfo.com www.google-analytics.com www.googletagmanager.com www2.calamp.com fonts.googleapis.com p.typekit.net use.typekit.net *.mktoresp.com analytics.google.com stats.g.doubleclick.net api.company-target.com to.getnitropack.com datainsights-cdn.dm.aws.gartner.com s.company-target.com www.youtube-nocookie.com *.calamp.com id.rlcdn.com px.ads.linkedin.com www.google.com js.adsrvr.org dpm.demdex.net nitroscripts.com *.adsrvr.org segments.company-target.com consent-pref.trustarc.com tribl.io *.tribl.io b.sf-syn.com www.g2.com ;img-src * data: ; report-to https://kmdg.report-uri.com/r/d/csp/wizard 2
upgrade-insecure-requests; form-action https://www.metrovalencia.es https://sis.redsys.es; block-all-mixed-content; 2
default-src 'none';media-src 'self';style-src 'self' https: 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com cdn.cookielaw.org ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com region1.google-analytics.com;  img-src 'self' data: cdn.cookielaw.org ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com region1.google-analytics.com; ;connect-src 'self' cdn.cookielaw.org region1.google-analytics.com ;manifest-src 'self' cdn.cookielaw.org; report-uri /csp_report_parser; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://players.brightcove.net/ https://www.recaptcha.net https://www.gstatic.com https://js-agent.newrelic.com https://pi.pardot.com https://www.youtube.com https://in2.taskanalytics.com https://bam.nr-data.net https://snap.licdn.com https://googleads.g.doubleclick.net https://info.weareplanet.com https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com https://tag.demandbase.com https://j.6sc.co https://tracking.g2crowd.com https://connect.facebook.net https://tpc.googlesyndication.com https://cdn.weglot.com/weglot.min.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com maps.googleapis.com; frame-ancestors 'self'; report-uri https://www.weareplanet.com/report-uri/enforce 2
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com  https://thomsonreuterstax.lookbookhq.com http://answers.legalprof.thomsonreuters.com https://answers.legalprof.thomsonreuters.com http://app.accelus.com  https://app.accelus.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.fwc.pl *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.webgains.io *.packeta.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.ingest.sentry.io *.google.com data: *.salesmanago.pl *.criteo.com *.hotjar.com; frame-src 'self' * *.packeta.com *.gstatic.com *.google.com *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.adyen.com *.dhl.pl *.criteo.com *.hotjar.com *.salesmanago.pl; object-src 'self'; default-src 'self' *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; img-src 'self' data: *.trustmate.io trustmate.io *.google-analytics.com *.adyen.com *.google.com *.gstatic.com *.googleapis.com *.doubleclick.net *.salesmanago.pl *.facebook.com *.criteo.com *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; style-src 'unsafe-inline' 'self' *.trustmate.io trustmate.io *.googletagmanager.com *.googleapis.com; connect-src 'self' *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.webgains.io *.packeta.com *.googlesyndication.com *.googletagmanager.com *.google.com *.ingest.sentry.io *.google-analytics.com *.adyen.com *.googleapis.com *.doubleclick.net *.facebook.com *.criteo.com *.hotjar.com *.salesmanago.pl; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' *.victoriassecret.pl *.victoriassecret.ro *.victoriassecret.cz *.fwc.pl; 2
default-src 'self' *.infinity-tracking.net *.infinity-tracking.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com *.google.com *.facebook.net *.aspnetcdn.com *.youtube.com *.twitter.com *.ytimg.com *.twimg.com *.linkedin.com *.stumbleupon.com *.azureedge.net *.marketo.net *.eloqua.com *.en25.com *.ampproject.org *.cloudflare.com static.cloudflareinsights.com *.licdn.com *.bootstrapcdn.com *.trustpilot.com *.jsdelivr.net *.unpkg.com *.googletagmanager.com *.jquery.com *.doubleclick.net *.kldiscovery.com *.googleusercontent.com *.google-analytics.com *.googleadservices.com *.krollontrack.com *.bootstrapcdn.com *.momentjs.com *.typeform.com *.infinity-tracking.net *.infinity-tracking.com *.usemessages.com *.hsleadflows.net *.hubspot.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsforms.net *.hs-banner.com *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hsforms.com *.unpkg.com unpkg.com *.google.com *.yimg.jp *.yahoo.co.jp *.plavxml.com *.onetrust.com *.cookielaw.org js.monitor.azure.com *.msecnd.net *.hscta.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.telerik.com *.google.com *.azureedge.net *.twitter.com *.twimg.com *.typekit.net *.trustpilot.com *.bootstrapcdn.com *.jquery.com *.bootstrapcdn.com; font-src 'self' *.gstatic.com *.telerik.com *.bootstrapcdn.com data: *.typekit.net *.bootstrapcdn.com; img-src 'self' data: blob: *.azureedge.net *.cleverbridge.com *.delicious.com *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.googleapis.com *.google-analytics.com *.googleusercontent.com *.google.co.uk *.google.pl *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.com *.hubspot.com *.hubspotusercontent20.net *.ibas.com *.compiled.com *.kldiscovery.com *.ediscovery.com *.linkedin.com *.ontrack.com *.redditstatic.com *.sitefinity.com *.static.licdn.com *.tumblr.com *.twimg.com *.twitter.com *.windows.net *.yahoo.co.jp *.onetrust.com *.cookielaw.org; media-src 'self' data: blob: *.youtu.be *.youtube.com *.blob.core.windows.net *.kldiscovery.com *.googleusercontent.com *.ediscovery.com; frame-src 'self' *.google.com *.youtu.be *.youtube.com *.youtube-nocookie.com youtube-nocookie.com *.hubspot.com *.taleo.net *.trustpilot.com *.hubapi.com *.doubleclick.net *.hsforms.com *.typeform.com *.avrotros.nl *.hsforms.net; child-src 'self' *.twitter.com *.twitter.com *.youtube.com *.youtu.be *.vimeo.com *.soundcloud.com *.google.com *.google.com *.facebook.com *.facebook.com *.stumbleupon.com *.trustpilot.com *.doubleclick.net *.hubspot.com *.infinity-tracking.net *.infinity-tracking.com *.hsforms.com blob:; connect-src 'self' wss: *.google.com *.sitefinity.com *.mktoresp.com *.trustpilot.com *.googleusercontent.com cloudflareinsights.com *.infinity-tracking.net *.infinity-tracking.com google-analytics.com *.google-analytics.com *.unpkg.com unpkg.com *.hubspot.com *.hsforms.com *.hubspot.com *.hubapi.com *.cleverbridge.com *.ampproject.org *.doubleclick.net dc.services.visualstudio.com *.googletagmanager.com *.onetrust.com *.cookielaw.org; 2
default-src 'self' 'unsafe-inline' *.2degreesmobile.co.nz *.2degreesbroadband.co.nz *.2degrees.nz *.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.lift.acquia.com *.sentry.io *.addsearch.com *.qualtrics.com *.youtube.com unpkg.com *.nice-incontact.com staticcdn.co.nz *.doubleclick.net *.google.com *.hotjar.com *.newrelic.com *.bugsnag.com *.nr-data.net *.googleadservices.com *.segment.com *.segment.io *.amplitude.com *.contentsquare.net *.youtube-nocookie.com  *.rawgit.com *.licdn.com blob: wss: *.googleapis.com *.facebook.net *.fullstory.com chosen.css *.jquery.js; object-src 'none'; img-src * data: 2
frame-ancestors 'self' *.c3.ai *.folloze.com c3.ai folloze.com 2
base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3-us-west-2.amazonaws.com/b2bjsstore/b/L9NMMZHMQENW/reb2b.js.gz *.chilipiper.com js.zi-scripts.com ws-assets.zoominfo.com ws.zoominfo.com https://translate.googleapis.com https://js.partnerstack.com/v1/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js *.google.com *.googleoptimize.com https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/utils.js *.gstatic.com 1gbg1hfkyvry.statuspage.io *.profitwell.com *.wpengine.com *.ketchcdn.com *.ketchjs.com *.datadoghq-browser-agent.com *.sentry-cdn.com *.redditstatic.com s.pinimg.com ct.pinterest.com *.pinimg.com https://1gbg1hfkyvry.statuspage.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com  https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://js.stripe.com https://checkout.stripe.com https://ajax.googleapis.com  https://*.quora.com https://ajax.googleapis.com *.uniqode.com *.beaconstac.com https://storage.googleapis.com https://static.uniqode.com https://static.beaconstac.com dna8twue3dlxq.cloudfront.net cdn.auth0.com *.privy.com static.ads-twitter.com *.twitter.com snap.licdn.com *.bing.com  *.clarity.ms *.quora.com connect.facebook.net www.facebook.com *.typeform.com z.moatads.com cdnjs.cloudflare.com *.wistia.com src.litix.io *.wistia.net *.calendly.com *.salesloft.com *.zoominfo.com https://getrockerbox.com https://*.getrockerbox.com https://*.uniqode.com https://*.beaconstac.com cdn.taboola.com trc.taboola.com  ;child-src 'self' data: blob: https: *.profitwell.com www.youtube.com *.wistia.com  *.privy.com  *.calendly.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com  https://fast.wistia.net https://*.hotjar.com https://*.hotjar.io https://bid.g.doubleclick.net https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com;form-action  https://www.uniqode.com https://intercom.help https://api-iam.intercom.io https://www.facebook.com/tr/ *.pinterest.com *.profitwell.com *.sentry-cdn.com;frame-ancestors  'self';style-src 'self' 'unsafe-inline' *.uniqode.com https://www.gstatic.com *.wpengine.com *.beaconstac.com https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css storage.googleapis.com  *.privy.com s.pinimg.com ct.pinterest.com fonts.googleapis.com *.calendly.com tagmanager.google.com *.google.com fast.wistia.com *.profitwell.com;img-src * 'self' data: blob: https:;font-src 'self' data: blob: https:  https://*.wistia.com fonts.gstatic.com storage.googleapis.com static.uniqode.com static.beaconstac.com optimize.google.com https://js.intercomcdn.com https://fonts.intercomcdn.com *.profitwell.com;media-src 'self' data: blob: https: *.youtube.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://js.intercomcdn.com *.profitwell.com; object-src 'none' 2
default-src data: 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' *; 2
default-src 'none'; connect-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; frame-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/; script-src 'self' https://assets.hcaptcha.com https://hcaptcha.com https://newassets.hcaptcha.com/ 'unsafe-inline'; style-src 'unsafe-inline'; 2
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src data: https:; font-src https:; connect-src https:; frame-ancestors 'self' https://stellartechnologysolutions.sharepoint.com https://qa-sts.stellartechsol.com; block-all-mixed-content 2
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' *.indsci.com;; upgrade-insecure-requests 2
frame-ancestors 'self' m.sisal.it www.sisal.it vetrina.gntn-pgd.it giochinumerici.sisal.it areaprivata.sisal.it www.gntn-pgd.it file://* sisal://app.sisal http://localhost ionic://app sisal://www.sisal.it; 2
default-src 'self' 'unsafe-inline' repay.wpengine.com https: data:; font-src 'self' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com data: repay.wpengine.com data: https: *.hotjar.com; style-src 'self' 'unsafe-inline' *.fontawesome.com cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com repay.wpengine.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net cdn-cookieyes.com *.cdn-cookieyes.com *.googletagmanager.com repay.wpengine.com https: *.hotjar.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.incontact.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; connect-src 'self' *.fontawesome.com cdn-cookieyes.com *.cdn-cookieyes.com *.cookieyes.com *.googletagmanager.com *.google-analytics.com repay.wpengine.com https: *.hotjar.com wss://*.hotjar.com wss://*.niceincontact.com *.hotjar.io *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com *.incontact.com *.adsrvr.org *.linkedin.com *.licdn.com; img-src 'self' data: https: *.gravatar.com *.cookieyes.com cdn-cookieyes.com *.cdn-cookieyes.com *.repay.com *.businesswire.com repay.wpengine.com *.hotjar.com *.hubspot.com *.hubspot.net *.hsforms.com *.linkedin.com *.licdn.com; frame-src https: *.incontact.com *.doubleclick.net vars.hotjar.com *.vimeo.com *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; child-src app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; form-action https: 'self' javascript: *.hsforms.com *.hubspot.com 2
default-src https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://gameduell.de https://gameduell.com https://gameduell.fr https://gameduell.nl https://gameduell.co.uk https://gameduell.se https://gameduell.dk https://gameduell.at https://gameduell.ca https://gameduell.es; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: asset: https://assets.gameduell.de *.google-analytics.com https://webchat.helpshift.com https://seal.digicert.com https://seal-goldengate.bbb.org https://connect.facebook.net https://www.redditstatic.com https://www.dwin1.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com 'report-sample'; img-src 'self' data: blob: https://mein.gameduell.de https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es blob: https://assets.gameduell.de https://media.gameduell.de https://seal.digicert.com https://d2duuy9yo5pldo.cloudfront.net https://www.facebook.com https://alb.reddit.com https://www.awin1.com 'report-sample'; style-src 'self' blob: 'unsafe-inline' https://assets.gameduell.de https://seal-blue.bbb.org; object-src 'self' https://*.gameduell.de https://assets.gameduell.de; connect-src 'self' wss://*.gameduell.de wss://my.gameduell.com wss://mon.gameduell.fr wss://mijn.gameduell.nl wss://www.gameduell.de wss://www.gameduell.com wss://www.gameduell.fr wss://www.gameduell.nl wss://www.gameduell.co.uk wss://www.gameduell.se wss://www.gameduell.dk wss://www.gameduell.at wss://www.gameduell.ca wss://www.gameduell.es https://*.gameduell.de blob: https://assets.gameduell.de https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://perf-events.cloud.unity3d.com https://*.checkout.com https://*.boku.com; form-action 'self' https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es 'report-sample'; child-src 'self' blob: https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://*.micropayment.de https://*.checkout.com https://*.boku.com; font-src 'self' data: blob: https://assets.gameduell.de https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://assets.gameduell.de https://*.helpshift.com https://www.awin1.com https://*.micropayment.de https://*.checkout.com https://*.boku.com https://orange.w-ha.com https://3dsecure-vrp.de; worker-src 'self' blob:; media-src 'self' data: blob: https://assets.gameduell.de; frame-ancestors 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es https://admintool.gameduell.de; base-uri 'self' https://assets.gameduell.de https://mein.gameduell.de https://my.gameduell.com https://mon.gameduell.fr https://mijn.gameduell.nl https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; manifest-src blob: 'self' https://www.gameduell.de https://www.gameduell.com https://www.gameduell.fr https://www.gameduell.nl https://www.gameduell.co.uk https://www.gameduell.se https://www.gameduell.dk https://www.gameduell.at https://www.gameduell.ca https://www.gameduell.es; report-uri /gd/rest/jslog/csp 2
child-src 'self';connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.cookieyes.com cdn-cookieyes.com *.paypal.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.paypal.com;frame-ancestors 'self';img-src *.mvmnet.com data: maps.gstatic.com *.gstatic.com *.ggpht.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.facebook.com *.cookieyes.com cdn-cookieyes.com *.paypalobjects.com *.google.it *.paypal.com;manifest-src 'self';media-src 'self';object-src 'self';worker-src 'self'; 2
default-src https:; style-src 'self' 'unsafe-inline' https: data:; object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' https: data:; frame-src *; frame-ancestors 'none'; base-uri 'self'; form-action * 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; frame-ancestors 'self'; 2
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; style-src 'self' https: 'unsafe-inline'  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; font-src 'self' data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; connect-src 'self'  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; frame-src 'self' data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; frame-ancestors 'self'  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; object-src data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; media-src 'self' data:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net; worker-src 'self' data: blob:  *.ads-twitter.com *.adsymptotic.com *.adyen.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.bizographics.com *.boomtrain.com *.byside.com wss://*.byside.com *.clarity.ms *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.go2sdk.com *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.inbenta.com *.krxd.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.masmovil.com *.netmng.com *.onetrust.com *.quantummetric.com *.realytics.io *.realytics.net *.rezync.com *.rfihub.com *.rfihub.net *.speedtestcustom.com *.useinsider.com *.tiktok.com *.twitter.com t.co *.youtube.com *.youtube-nocookie.com *.zetaglobal.net 2
frame-src https://privacyassure.force.com https://sbx-privacyassure.cs219.force.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://www.youtube.com https://ustglobalinc.jifflenow.com https://js.hsforms.net https://view.ceros.com https://player.vimeo.com https://download-video.akamaized.net https://app.hubspot.com https://vars.hotjar.com https://ustglobal.demdex.net https://app.hubspot.com https://13505543.fls.doubleclick.net https://s.company-target.com https://td.doubleclick.net; frame-ancestors 'self' 2
frame-ancestors 'self' http://thomsonreuterstax.lookbookhq.com https://thomsonreuterstax.lookbookhq.com http://thomsonreuterstaxprofessionals.lookbookhq.com https://thomsonreuterstaxprofessionals.lookbookhq.com 2
default-src 'self' data: *.storyblok.com *.newmotion.com *.shellrecharge.com *.googleusercontent.com; connect-src 'self' ws: *.g.doubleclick.net *.shell.com *.storyblok.com *.recruitee.com *.hsforms.net *.hsforms.com *.hubspot.com *.google.com *.googleusercontent.com *.livestorm.co *.salesforceliveagent.com *.salesforce.com *.newmotion.com *.shellrecharge.com *.oribi.io *.force.com *.site.com *.zoominfo.com; frame-ancestors 'self' *.storyblok.com *.googleusercontent.com recharge.resultsdm.com *.shell.nl *.shell.de *.shell.co.uk *.shell.fr *.shell.be *.shell.lu; frame-src 'self' *.g.doubleclick.net *.hsforms.net *.hsforms.com *.newmotion.com *.pardot.com *.hsforms.com *.hubspot.com *.google.com *.googleusercontent.com *.goo.gl *.salesforce.com *.shellrecharge.com *.srstest.io *.youtube.com *.doubleclick.net *.livestorm.co *.alchemer.eu *.salesforceliveagent.com *.salesforce.com *.newmotion.com *.shell.us srs-route-planner-git-develop-yourmajesty.vercel.app srs-route-planner.vercel.app recharge.resultsdm.com; style-src 'self' *.storyblok.com 'unsafe-inline' *.shellrecharge.com *.salesforce.com *.googleusercontent.com *.force.com *.site.com *.srs-route-planner-git-develop-yourmajesty.vercel.app; script-src 'self' *.g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.licdn.com *.shell.com *.storyblok.com *.google.com *.googleusercontent.com *.goo.gl *.youtube.com *.doubleclick.net *.livestorm.co *.salesforceliveagent.com *.salesforce.com *.newmotion.com 'unsafe-inline' 'unsafe-eval' *.shellrecharge.com *.force.com *.site.com *.zoominfo.com *.srs-route-planner-git-develop-yourmajesty.vercel.app; object-src 'self' data:; img-src 'self' data: *.chargetrip.io *.google.com *.google.nl *.google.be *.google.lu *.googletagmanager.com *.googleusercontent.com recruitee-main.s3.eu-central-1.amazonaws.com *.linkedin.com *.storyblok.com *.doubleclick.net *.my.salesforce.com *.shellrecharge.com *.force.com *.srs-route-planner-git-develop-yourmajesty.vercel.app 2
frame-src https://*.pilotflyingj.com https://pilotflyingj.com https://www.pilotflyingj.com https://demo.docusign.net https://docusign.net https://powerforms-d.docusign.net https://na2.docusign.net https://powerforms.docusign.net https://youtube.com https://www.youtube.com https://*.doubleclick.net https://*.surveymonkey.com; frame-ancestors 'self' https://pilotcompany.com https://jobs.pilotflyingj.com https://saratogarack.com https://one9fuelnetwork.com https://www.pilotflyingj.com https://pilotflyingj.com https://na2.docusign.net https://powerforms.docusign.net 2
upgrade-insecure-requests; frame-ancestors 'self' tigertech.net *.tigertech.net; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net   https://*.hsforms.net   https://*.hsforms.com https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://js.usemessages.com   https://*.vidyard.com https://js.hscollectedforms.net   https://*.hubspotusercontentxx.net https://*.hubspot.com http://cdn2.hubspot.net https://static.zdassets.com https://connect.facebook.net https://www.clarity.ms https://www.googletagmanager.com https://code.jquery.com https://www.google-analytics.com https://phonetrack-static.s3.sa-east-1.amazonaws.com https://www.googleadservices.com https://s3-sa-east-1.amazonaws.com https://googleads.g.doubleclick.net https://d335luupugsy2.cloudfront.net https://v2.zopim.com https://static.suiteshare.com https://static.hotjar.com https://ajax.googleapis.com http://www.googletagmanager.com *.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net js.hs-banner.com https://script.hotjar.com; object-src 'self' 2
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' https:; object-src 'none'; 2
object-src 'none'; base-uri 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com js.intercomcdn.com fonts.intercomcdn.com https://*.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; worker-src 'none'; report-to default; 2
default-src 'self'; img-src 'self' threatbook.cn threatbook.com data:; media-src 'self'; script-src 'self' 'unsafe-eval' *.threatbook.com *.threatbook.cn https://www.huodongxing.com https://cdn.huodongxing.com; style-src 'self' 'unsafe-inline'; frame-ancestors https://www.huodongxing.com https://cdn.huodongxing.com 'self'; connect-src *.threatbook.com *.threatbook.cn https://www.huodongxing.com https://cdn.huodongxing.com 'self'; font-src 'self' data:; frame-src https://www.huodongxing.com https://cdn.huodongxing.com; 2
img-src 'self' https: data: ;; script-src-elem 'unsafe-inline' 'self' data: *.hubspot.com js.hs-analytics.net js.hs-banner.com *.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com www.hypernode.nl analytics.twitter.com wchat.freshchat.com www.google.com www.gstatic.com gist.github.com cdn.jsdelivr.net cdn.randomhow.com connect.facebook.net s3.amazonaws.com platform.twitter.com ssl.google-analytics.com www.hypernode.com www.pagespeed-mod.com asciinema.org cdn.mxpnl.com gc.kis.v2.scr.kaspersky-labs.com ucads-cdn.ucweb.com byte.us2.list-manage.com www.youtube.com cdn.leadinfo.net motu.teamblue.services *.isy-teamblue.services *.iubenda.com *.recaptcha.net fast.wistia.com https://*.hotjar.com;; style-src-attr 'unsafe-inline';; style-src-elem 'unsafe-inline' 'self' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl github.githubassets.com *.hypernode.com https://*.hotjar.com https://cdn.iubenda.com;; script-src 'unsafe-eval' 'self' www.google.com www.hypernode.nl 'unsafe-inline' js.hs-banner.com js.hs-scripts.com js.hsleadflows.net www.google-analytics.com www.googletagmanager.com analytics.twitter.com snap.licdn.com static.ads-twitter.com wchat.freshchat.com www.gstatic.com connect.facebook.net wasm-eval s3.amazonaws.com www.hypernode.com js.hsadspixel.net js.hubspotfeedback.com js.usemessages.com js.hs-analytics.net js.hscollectedforms.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com www.youtube.com cdn.leadinfo.net https://static-exp1.licdn.com https://content.linkedin.com motu.teamblue.services *.iubenda.com *.srv.isy-teamblue.services https://platform.linkedin.com https://*.hotjar.com;; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com wchat.freshchat.com www.hypernode.nl translate.googleapis.com www.hypernode.com https://cdn.leadinfo.net;; child-src www.youtube.com wchat.freshchat.com www.google.com 'self' app.hubspot.com 253949009329559.webpush.freshchat.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com;; connect-src *.oribi.io *.google.com *.hubspot.com api.hubapi.com www.facebook.com js.usemessages.com js.hsleadflows.net js.hubspotfeedback.com js.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com forms.hsforms.com js.hs-banner.com *.google-analytics.com 'self' www.google.co.in www.google.nl www.google.pl www.hypernode.com www.hypernode.nl yoast.com www.google.co.za www.google.co.uk www.google.de www.google.dk www.google.ro www.google.rs www.google.se www.google.ca www.google.com.au www.google.ie meetlookup.com www.google.be *.cdn77.org code.jquery.com *.kaspersky-labs.com www.google.cn www.google.com.eg www.google.com.pk www.google.fi www.google.it www.google.lv *.linkedin.com *.licdn.com *.hypernode.io *.make.com https://api.leadinfo.com https://collector.leadinfo.net *.teamblue.services *.gcp.cloud.es.io *.iubenda.com *.googlesyndication.com *.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;; font-src 'self' fonts.gstatic.com data: cdn.faceworks.nl cdn.megabonus.com use.typekit.net *.hypernode.nl *.hypernode.com https://cdn.leadinfo.net https://*.hotjar.com;; form-action my.hypernode.com forms.hsforms.com forms.hubspot.com 'self' www.hypernode.com www.facebook.com;; frame-src www.youtube.com 'self' 253949009329559.webpush.freshchat.com wchat.freshchat.com www.google.com recaptcha.google.com mozbar.moz.com www.hypernode.com platform.twitter.com app.hubspot.com www.hypernode.nl asciinema.org *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.linkedin.com www.facebook.com td.doubleclick.net www.googletagmanager.com https://www.iubenda.com 'unsafe-eval';; default-src 'self' 'unsafe-eval' 'unsafe-inline' 253949009329559.webpush.freshchat.com adservice.google.com analytics.google.com analytics.twitter.com data: fonts.googleapis.com fonts.gstatic.com forms.hsforms.com forms.hubspot.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net px.ads.linkedin.com secure.gravatar.com snap.licdn.com static.ads-twitter.com stats.g.doubleclick.net t.co track.hubspot.com wchat.freshchat.com www.google-analytics.com www.google.com www.google.nl www.googletagmanager.com www.gstatic.com www.hypernode.com www.hypernode.nl www.youtube.com a.slack-edge.com gist.github.com github.githubassets.com www.google.dk www.google.co.uk www.slideshare.net api.hubspot.com app.hubspot.com yoast.com asciinema.org support.hypernode.com www.google.be www.google.co.in www.google.de www.google.ru;; frame-ancestors 'self' about;; worker-src 'self';; object-src 'self' www.hypernode.com;; media-src 'self'; base-uri 'self'; report-uri https://madebyus.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 2
object-src 'self'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'none'; report-uri https://47327c6a613c1754bda1362d946d96dd.report-uri.com/r/t/csp/enforce; report-to csp-endpoint 2
frame-ancestors 'self' everygame.eu www.everygame.eu sblp.everygame.eu sports.everygame.eu poker.everygame.eu casino.everygame.eu classic.everygame.eu lobby.everygame.eu:2072 account.everygame.eu client.horizonpokernetwork.eu 2
frame-ancestors *.kioxia.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'https://www.example.com/scripts/*' '*.googleapis.com https://www.example.*' 2
img-src 'self' www.google-analytics.com img.youtube.com *.s3waas.gov.in secure.gravatar.com *.twimg.com *.twitter.com data:;connect-src 'self' www.google-analytics.com *.s3waas.gov.in;object-src 'none';media-src 'self' *.s3waas.gov.in data:;child-src 'self';frame-src 'self' www.google.com platform.twitter.com www.facebook.com syndication.twitter.com www.youtube.com;form-action *.s3waas.gov.in 'self';frame-ancestors 'self' *.s3waas.gov.in ;upgrade-insecure-requests;worker-src 'self' *.s3waas.gov.in 2
base-uri 'self';frame-ancestors 'self'; 2
default-src 'self'; img-src 'self' data: 2
default-src 'self' cdn.invicti.com static.getclicky.com embed-ssl.wistia.com/deliveries/8e4be7011c8173f56f7717e7332cd52a7803b61e.bin; script-src 'self' 'unsafe-eval' 'unsafe-inline' go2.invicti.com cdn.invicti.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com tcp.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net *.greenhouse.io *.visualwebsiteoptimizer.com *.vwo.com app.vwo.com *.hotjar.com connect.facebook.net www.facebook.com bat.bing.com *.mutinycdn.com px.ads.linkedin.com www.linkedin.com snap.licdn.com sjs.bizographics.com js.driftt.com *.clearbitjs.com *.marketo.net *.mktoresp.com cdn.bizible.com *.calendly.com vidassets.terminus.services static.getclicky.com anchor.fm ct.capterra.com/capterra_tracker.js tag.demandbase.com *.newrelic.com js.zi-scripts.com/zi-tag.js schedule-staging.zoominfo.com/zischedule.js schedule.zoominfo.com/zischedule.js ws-assets-staging.zoominfo.com/formcomplete.js ws-assets.zoominfo.com/formcomplete.js; style-src 'self' 'unsafe-inline' www.invicti.com go2.invicti.com cdn.invicti.com *.googleapis.com *.vwo.com; frame-src go2.invicti.com cdn.invicti.com *.googletagmanager.com bid.g.doubleclick.net docs.google.com/presentation/ *.greenhouse.io app.vwo.com *.hotjar.com www.facebook.com *.youtube.com *.youtube-nocookie.com *.youtube.com player.vimeo.com *.driftt.com calendly.com anchor.fm *.soundcloud.com *.slideshare.net; frame-ancestors 'self' *.invicti.com *.acunetix.com app.mutinyhq.com; font-src 'self' data: cdn.invicti.com *.gstatic.com app.vwo.com *.hotjar.com; img-src 'self' data: www.invicti.com *.invicti.com cdn.invicti.com go2.invicti.com ssl.gstatic.com www.gstatic.com *.googleusercontent.com *.google.com *.google.co.uk *.google.de *.google.fr *.google.ar *.google.com.br *.google.com.tr *.google.nl *.google.cn *.google.ca *.google.it *.google.co.il *.googleapis.com *.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net *.visualwebsiteoptimizer.com www.facebook.com *.bing.com bat.bing.com *.ytimg.com *.vimeocdn.com *.mutinyhq.io images.mutinycdn.com *.linkedin.com px.ads.linkedin.com cdn.bizible.com cdn.bizibly.com p.adsymptotic.com vidassets.terminus.services *.gravatar.com match.prod.bidr.io id.rlcdn.com e-2072.adzerk.net/e/2072/419463/e.gif; object-src 'self' cdn.invicti.com; media-src 'self' blob: cdn.invicti.com js.driftqa.com; connect-src 'self' cdn.invicti.com go2.invicti.com *.google.com *.google-analytics.com stats.g.doubleclick.net pagead2.googlesyndication.com/pagead/buyside_topics/set/ boards-api.greenhouse.io/v1/boards/invictisecurity/jobs *.visualwebsiteoptimizer.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.facebook.com *.vimeo.com vimeo.com *.mutinycdn.com api-v2.mutinyhq.io api.mutinyhq.io cdn.linkedin.oribi.io px.ads.linkedin.com/wa *.clearbit.com *.mktoresp.com *.mktoutil.com *.adnxs.com js-staging.zi-scripts.com/unified/v1/master/getSubscriptions js.zi-scripts.com/unified/v1/master/getSubscriptions ws.zoominfo.com; worker-src 'self' blob: dev.visualwebsiteoptimizer.com 2
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src https: data: filesystem: 'unsafe-inline'; img-src https: data: ; 2
frame-ancestors 'self' https://chayns.de 2
img-src 'self' data: https://forms.hsforms.com  https://track.hubspot.com  https://px.ads.linkedin.com  https://www.google-analytics.com  https://www.google.be  https://c.clarity.ms  https://www.googletagmanager.com  https://www.google.nl  https://forms-na1.hsforms.com  https://itrp-blog.s3-accelerate.amazonaws.com  https://lh6.googleusercontent.com  https://lh5.googleusercontent.com  https://googleads.g.doubleclick.net  https://www.google.de  https://lh3.googleusercontent.com  https://www.google.ca  https://www.google.co.uk  https://www.google.at  https://i.vimeocdn.com  https://www.g2.com  https://pagead2.googlesyndication.com  https://www.google.com.ph  https://www.google.co.kr  https://www.google.fr  https://www.google.ro  https://www.google.com.tr  https://i.ytimg.com  https://www.google.rs  https://www.google.co.in  https://www.google.co.za  https://www.google.com.vn  https://www.google.fi  https://www.google.it  https://www.google.pt  https://www.google.es  https://adservice.google.com  https://stats.g.doubleclick.net  https://www.google.rw  https://translate.google.com  https://fonts.gstatic.com  https://www.google.ch  https://www.google.is  https://www.google.com.eg  https://www.google.pl  https://www.google.dk  https://www.google.ie  https://www.google.com.ng  https://www.google.com.au  https://www.google.hr  https://www.google.com.sa  https://www.google.com.tw  https://www.google.co.jp  https://www.google.kz  https://www.google.sk  https://translate.googleapis.com  https://www.gstatic.com  https://www.google.ru  https://safetyculture.com  https://www.shutterstock.com  https://www.nationalretail.org.au  https://www.google.lu  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.google.se  https://www.google.li  https://www.google.no  https://www.google.co.nz  https://www.google.co.id  https://region1.google-analytics.com  https://d3fvlpdr5b7667.cloudfront.net  https://lh4.googleusercontent.com  https://www.google.si  https://www.google.com.co  https://www.google.com.mx  https://www.google.com.sg  https://www.google.com.hk  https://www.google.co.th  https://www.google.am  https://www.google.co.ke  https://www.google.com.gh  https://www.google.com.br  https://c.bing.com  https://www.google.com.bd  https://secure.herb2warn.com  https://dc.ads.linkedin.com  https://www.google.ae  https://www.google.cz  https://www.google.ge  https://www.linkedin.com  https://www.google.com.ua  https://www.google.bg  https://www.google.com.qa  https://www.google.hu  https://really-simple-ssl.com  https://www.google.com.mm  https://www.google.ps  https://www.google.com.do  https://www.google.lk  https://imgsct.cookiebot.com  https://www.google.mu  https://www.google.im  https://www.google.com.my  https://www.google.com.np  https://www.google.by  https://www.google.tn  https://www.google.co.il  https://www.google.lt  https://www.google.gr  https://www.google.co.ug  https://ssl.google-analytics.com  https://www.google.ee  https://exceptions.hs-embed-reporting.com  https://www.google.me  https://www.google.com.ar  https://www.google.com.pk  https://b.6sc.co  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://consent.cookiebot.com  https://www.googletagmanager.com  https://js.hsleadflows.net  https://js.hscollectedforms.net  https://js.hs-scripts.com  https://consentcdn.cookiebot.com  https://js.hs-banner.com  https://secure.herb2warn.com  https://snap.licdn.com  https://www.google-analytics.com  https://js.hs-analytics.net  https://www.clarity.ms  https://googleads.g.doubleclick.net  https://4me-status.instatus.com  https://js.hsadspixel.net  https://www.youtube.com  https://js.hsforms.net  https://boards.greenhouse.io  https://pagead2.googlesyndication.com  https://www.googleadservices.com  https://tpc.googlesyndication.com  https://player.vimeo.com  https://translate.google.com  https://translate.googleapis.com  https://webeo-web-content.s3-eu-west-1.amazonaws.com  data:  https://apis.google.com  https://cdnjs.cloudflare.com  https://connect.facebook.net  https://www.google.com  https://js.stripe.com  webkit-masked-url://hidden/  https://securepubads.g.doubleclick.net  https://ssl.google-analytics.com  https://j.6sc.co  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com  https://www.googletagmanager.com  https://js.hsleadflows.net  https://js.hscollectedforms.net  https://js.hs-scripts.com  https://consentcdn.cookiebot.com  https://js.hs-banner.com  https://secure.herb2warn.com  https://snap.licdn.com  https://www.google-analytics.com  https://js.hs-analytics.net  https://www.clarity.ms  https://googleads.g.doubleclick.net  https://4me-status.instatus.com  https://js.hsadspixel.net  https://www.youtube.com  https://js.hsforms.net  https://boards.greenhouse.io  https://pagead2.googlesyndication.com  https://www.googleadservices.com  https://tpc.googlesyndication.com  https://player.vimeo.com  https://translate.google.com  https://translate.googleapis.com  https://webeo-web-content.s3-eu-west-1.amazonaws.com  data:  https://apis.google.com  https://cdnjs.cloudflare.com  https://connect.facebook.net  https://www.google.com  https://js.stripe.com  webkit-masked-url://hidden/  https://securepubads.g.doubleclick.net  https://ssl.google-analytics.com  https://j.6sc.co ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://cdn.jsdelivr.net  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.googletagmanager.com  https://www.4me.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://www.gstatic.com  https://cdn.jsdelivr.net  https://webeo-web-content.s3-eu-west-1.amazonaws.com  https://www.googletagmanager.com  https://www.4me.com ; font-src 'self' https://fonts.gstatic.com  https://cdn.jsdelivr.net  https://static.hsappstatic.net  https://static.zohocdn.com  data:; frame-src 'self' https://4me-status.instatus.com  https://consentcdn.cookiebot.com  https://td.doubleclick.net  https://www.youtube.com  https://boards.greenhouse.io  https://player.vimeo.com  https://tpc.googlesyndication.com  https://forms.hsforms.com  https://www.googletagmanager.com  null  https://static.hsappstatic.net  https://js.hscollectedforms.net  https://js.stripe.com  https://block.opendns.com  http://td.doubleclick.net.x.144ddf7b0b3b2047fd0a87d06c30fb8b7f64.d0452397.id.opendns.com  https://gateway.zscalertwo.net  blob:; connect-src 'self' https://forms.hscollectedforms.net  https://consentcdn.cookiebot.com  https://www.google-analytics.com  https://4me-status.instatus.com  https://px.ads.linkedin.com  https://region1.google-analytics.com  https://reallyfreegeoip.org  https://analytics.google.com  https://api.hubapi.com  https://v.clarity.ms  https://forms.hsforms.com  https://pagead2.googlesyndication.com  https://forms.hubspot.com  https://region1.analytics.google.com  https://u.clarity.ms  https://adservice.google.com  https://s.clarity.ms  https://stats.g.doubleclick.net  https://y.clarity.ms  https://p.clarity.ms  https://n.clarity.ms  https://t.clarity.ms  https://j.clarity.ms  https://o.clarity.ms  https://r.clarity.ms  https://x.clarity.ms  https://k.clarity.ms  https://www.google.at  https://f.clarity.ms  https://z.clarity.ms  https://www.g2.com  https://w.clarity.ms  https://www.google.de  https://www.google.nl  https://www.google.fr  https://q.clarity.ms  https://d.clarity.ms  https://i.clarity.ms  https://www.google.co.za  https://www.google.be  https://hubspot-forms-static-embed.s3.amazonaws.com  https://e.clarity.ms  https://www.google.dk  https://www.google.ie  https://www.google.com.tr  https://b.clarity.ms  https://www.google.com.eg  https://www.google.ca  data:  https://www.google.ch  https://www.google.kz  https://www.google.sk  https://translate.googleapis.com  https://ldynamicspublicapi.leadforensics.com  https://www.google.co.uk  https://www.google.pl  https://www.google.es  https://yoast.com  https://www.google.ru  https://h.clarity.ms  https://www.google.com.au  https://www.google.co.id  https://www.google.com.my  https://www.google.co.kr  https://www.google.co.in  https://www.google.com.hk  https://www.google.hr  https://l.clarity.ms  https://a.clarity.ms  https://www.google.lu  https://googleads.g.doubleclick.net  https://www.google.pt  https://www.google.com.ng  https://www.google.com.ua  https://www.clarity.ms  https://www.google.hu  https://www.google.com.br  https://www.google.se  https://www.google.com.do  https://www.google.lk  https://m.clarity.ms  https://www.google.it  https://www.google.li  https://www.google.ae  https://www.google.com.ph  https://g.clarity.ms  https://www.google.co.ke  https://www.google.com.sg  https://www.google.rs  https://www.google.co.th  https://www.google.co.jp  https://www.google.no  https://www.google.com.mx  https://securepubads.g.doubleclick.net  https://www.google.com.sa  https://www.google.fi  https://c.6sc.co  https://ipv6.6sc.co  https://www.google.bg;  media-src 'self' data:  https://upload.wikimedia.org;  worker-src 'self' blob:; 2
script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; media-src * mediastream: blob: filesystem: ; 2
default-src 'none'; connect-src 'self' https://cdn.linkedin.oribi.io https://forms.hsforms.com https://px.ads.linkedin.com https://nagra.matomo.cloud/; font-src 'self'; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://forms.hsforms.com/; img-src 'self' data: https://px.ads.linkedin.com https://img.youtube.com https://forms.hsforms.com https://forms-na1.hsforms.com; manifest-src 'self'; media-src 'self'; script-src 'self' https://snap.licdn.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com https://nagra.matomo.cloud cdnjs.cloudflare.com 'unsafe-inline' https://nagra.matomo.cloud/; style-src 'self' 'unsafe-inline'; worker-src 'self'; base-uri 'self'; frame-ancestors 'self' 2
frame-ancestors 'self' arthrex.com *.arthrex.com orthoillustrated.com *.orthoillustrated.com surgicaloutcomesystem.com *.surgicaloutcomesystem.com arthrex-celltherapy.com *.arthrex-celltherapy.com arthrex.xyz *.arthrex.xyz arthrex.io *.mwprod.arthrex.io *.arthrex.io orthopedia.com *.orthopedia.com anklesprain.com *.anklesprain.com arthrex.virtualevents-hub.com arthrexemea.sharepoint.com arthrex.sharepoint.com myarthrex.sharepoint.com arthrexapac.sharepoint.com bunionpain.com *.bunionpain.com shoulderreplacement.com *.shoulderreplacement.com acltear.com *.acltear.com arthrex-russia.ru arthrex.at arthrex.be arthrex.co.jp arthrex.co.uk arthrex.com.au arthrex.cz arthrex.dk arthrex.fr arthrex.it arthrex.mx arthrex.nl arthrex.pl arthrex.pt arthrex.se *.arthrex-russia.ru *.arthrex.at *.arthrex.be *.arthrex.co.jp *.arthrex.co.uk *.arthrex.com.au *.arthrex.cz *.arthrex.dk *.arthrex.fr *.arthrex.it *.arthrex.mx *.arthrex.nl *.arthrex.pl *.arthrex.pt *.arthrex.se hallux-valgus-behandlung.de *.hallux-valgus-behandlung.de mis-bunion-patient-site.webflow.io arthroplasty-narrative-home.webflow.io discover.acp-therapie.de mis-bunion-patient-site.webflow.io mis-bunion-surgeon-site-c07373b5fb6b0bc.webflow.io arthrex-design-system-4dd8ae96a06c10be9.webflow.io anklesprain.webflow.io srlp.webflow.io arthroplasty-narrative-home.webflow.io korea-global-landing-page.webflow.io global-landingpage-mexico.webflow.io inc-acltear-patient-en-working.webflow.io arthrex-jobs-site.webflow.io marketingintakeportal.webflow.io orthopedia-landing-page1.webflow.io arthrex-history.webflow.io arthrex-design-system.webflow.io arthrex-design-system-de8e093c0a3bf70d8.webflow.io arthrex-endoscopy.webflow.io case-reports.webflow.io synergy-integrated-or.de *.synergy-integrated-or.de arthrex.kr *.arthrex.kr gmbh-pct.webflow.io *.gmbh-pct.webflow.io sis-preview-03-809ae25532a090913a51d7a6.webflow.io *.sis-preview-03-809ae25532a090913a51d7a6.webflow.io arthrex-technical-support-services.webflow.io *.arthrex-technical-support-services.webflow.io digital-agenda-emea.webflow.io *.digital-agenda-emea.webflow.io thenanoexperience.com *.thenanoexperience.com arthrexmexico.webflow.io arthrexbrazil.webflow.io arthrex-australia.webflow.io arthrex.com.br *.arthrex.com.br arthrex-joint-pres.webflow.io jointpreservation.arthrex.com arthrex-synergy-staging-bdaff93973d3e28.webflow.io jointpreservation.com synergynew.arthrex.com.s3-website-us-east-1.amazonaws.com sternalclosure.arthrex.com.s3-website-us-east-1.amazonaws.com; 2
frame-ancestors 'self' https://admin.earlygame.com earlygame.com; 2
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://www.google-analytics.com https://www.google.com https://cdn.acsbapp.com https://googleads.g.doubleclick.net https://analytics.google.com https://stats.g.doubleclick.net https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com;img-src 'self' data: * 2
default-src 'self' *.sprinklr.com; script-src 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com; script-src-elem 'self' *.sprinklr.com *.googleapis.com *.amazonaws.com 2
frame-ancestors 'self' https://digizone.sacombank.local https://digizone.sacombank.com 2
default-src * https://*.google.com https://*.decameron.com https://*.multivacaciones.net https://idpi.decameron.com; script-src * 'unsafe-inline' 'unsafe-eval' *.decameron.com https://storage.googleapis.com/botmaker/*; style-src * 'unsafe-inline'; img-src * 'self' data:; object-src 'none';worker-src https://idpi.decameron.com/* https://go.botmaker.com/rest/webchat/* *.decameron.com *.pruebaswww.decameron.com/* storage.googleapis.com/botmaker blob:; 2
default-src 'self' https://apim.directverify.in https://stats.g.doubleclick.net https://www.googletagmanager.com https://api.directverify.in https://cdn.jsdelivr.net https://static.directverify.in https://applydirect.org https://www.google-analytics.com https://ajax.googleapis.com https://www.gstatic.com https://www.google.com  https://code.jquery.com https://cdn.cookielaw.org https://geolocation.onetrust.com blob: https://directverify.in 'unsafe-eval' 'unsafe-inline';                  style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net https://static.directverify.in 'unsafe-inline';                  font-src 'self' https://static.directverify.in https://fonts.googleapis.com https://fonts.gstatic.com;   img-src 'self' https://static.directverify.in https://static.directverify.in https://cdn.cookielaw.org https://img.icons8.com    2
frame-ancestors 'self' *.salesforce.com *.force.com *.trailhead.sfdc.sh 2
object-src 'self'; frame-ancestors 'self' http://*.publicissapient.com https://*.publicissapient.com www.publicissapient.fr publicissapient.fr sites-us.lumapps.com vox.publicissapient.com; 2
object-src 'none';frame-ancestors 'self' 2
frame-ancestors 'self' https://*.batchgeo.com 2
frame-ancestors 'self'; report-uri /csp-log.php 2
frame-ancestors 'self' https://*.tiscali.it 2
frame-ancestors 'self' *.muse.ai 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2
frame-ancestors 'self' localhost:* *.cossette.digital *.quebec-cite.com 2
frame-ancestors 'self' https://www.mycme.com/ https://mycmesandbox.thoughtindustries.com https://nacesandbox.thoughtindustries.com https://www.naceonline.com/ 2
default-src https: 'self' 'unsafe-inline'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://yastatic.net https://enterprise.api-maps.yandex.ru https://optimize.google.com https://www.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://api-cis.exponea.com https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org *.metrika.yandex.ru *.yandex.tld *.yandex.net https://vk.com https://top-fwz1.mail.ru; style-src https: blob: 'self' 'unsafe-inline'; style-src-elem blob: https: 'self' 'unsafe-inline'; img-src blob: data: https: 'self' 'unsafe-inline' https://*.maps.yandex.net https://optimize.google.com https://enterprise.api-maps.yandex.ru https://api-maps.yandex.ru https://yandex.ru https://mc.yandex.ru; connect-src wss://*.blanc.ru wss://*.vestabankdev.ru https: 'self' 'unsafe-inline' *.sentry.io *.ingest.sentry.io https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://yandex.ru https://*.taxi.yandex.net https://api-cis.exponea.com https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.yandex.ru; font-src data: https: 'self' 'unsafe-inline'; object-src 'self'; media-src 'self'; child-src https: 'self' https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://mc.yandex.ru; frame-src blob: 'self' https://*.group-ib.com https://*.group-ib.ru https://wcm-ru.frontend.weborama.fr https://content.adriver.ru https://www.facebook.com https://optimize.google.com http://*.fls.doubleclick.net http://*.doubleclick.net https://api-maps.yandex.ru https://enterprise.api-maps.yandex.ru https://*.mkb.ru:* https://*.mirconnect.ru:* https://*.vestabankdev.ru https://*.blanc.ru https://mc.yandex.ru https://mc.yandex.com https://ad.new-programmatic.com; form-action https: 'self' 'unsafe-inline'; worker-src https: 'self' blob:; manifest-src https: 'self'; frame-ancestors 'self' https://*.blanc.ru https://avito.ru https://www.avito.ru https://*.avito.ru *.yandex.ru *.yandex.by *.yandex.com *.yandex.com.tr webvisor.com; block-all-mixed-content; report-uri https://o547163.ingest.sentry.io/api/5669457/security/?sentry_key=1f47343ab8d64a3bb44fa53d85499fff; 2
frame-ancestors 'self' *.ariba.com *.gn.com 2
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://js.hsforms.net https://player.vimeo.com https://static.hotjar.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hubspot.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js-na1.hs-scripts.com https://snap.licdn.com; connect-src 'self' 'unsafe-inline' https://vimeo.com https://region1.google-analytics.com https://pagead2.googlesyndication.com https://js.hs-banner.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net; img-src 'self' 'unsafe-inline' https://res.cloudinary.com https://teamtailor-production.s3.eu-west-1.amazonaws.com https://critizr-test.ams3.cdn.digitaloceanspaces.com https://assets.critizr.staging.verveagency.com https://assets.goodays.prod.verveagency.com https://images.teamtailor-cdn.com https://www.google.com https://www.google.nl https://track.hubspot.com https://perf-na1.hsforms.co https://forms.hsforms.com https://perf-na1.hsforms.com https://px.ads.linkedin.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://admin.goodays.co/ https://www.youtube.com https://player.vimeo.com https://td.doubleclick.net; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.ydl8.top https://*.huayuschool.cc https://*.sanqianwenhua.xyz https://*.google.com https://*.geetest.com https://*.geevisit.com https://s.adroll.com https://d.adroll.com https://www.googletagmanager.com https://appleid.cdn-apple.com https://vk.com https://*.prdredir.com https://analytics.tiktok.com https://connect.facebook.net https://*.appsflyer.com https://*.google-analytics.com https://telegram.org https://*.ada.support https://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com:8443 https://*.yinshen.top https://gateway.test.95516.com https://*.checkout.com https://gateway.95516.com https://www.facebook.com https://*.youtube.com https://dn-staticdown.qbox.me https://*.bitget.site https://*.beeeye.xyz https://*.bitget.live https://*.bitget.cloud https://*.bgportable.com https://*.bitget.style https://*.bjxnyj.com https://*.ddjxad.top https://*.94wz.xyz https://*.59ow.com https://*.pujieco.com https://*.cnbitget.com https://*.bitget.fit https://megacheck.vip https://*.megacheck.vip https://*.saintpay.com https://*.skypay.space https://*.noxiaohao.com https://*.d14x4.com https://*.minigitlab.top https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://cdn.builder.io https://*.onfido.com https://applepay.cdn-apple.com https://*.apple.com https://*.gstatic.com https://*.googleapis.com https://*.glassgs.com https://*.bitget.media https://api-web.wwmxd.info https://api-web.wwmxd.site https://*.gdrichem.com:8443; connect-src 'self' 'report-sample' data: blob: https://www.googletagmanager.com wss://*.ydl8.top wss://*.huayuschool.cc wss://*.sanqianwenhua.xyz https://*.ydl8.top https://*.huayuschool.cc https://*.sanqianwenhua.xyz https://*.google.com wss://*.bitget.com wss://*.bitgetpro.site wss://*.bitget.cc https://*.google-analytics.com https://analytics.tiktok.com https://*.appsflyer.com https://www.facebook.com https://*.analytics.google.com https://*.ada.support https://s.adroll.com https://d.adroll.com https://wa.onelink.me https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bgbstatic.com https://*.bitgetapp.com https://*.bitget.vin https://*.bitgetimg.com https://*.gdrichem.com:8443 https://*.yinshen.top https://gateway.test.95516.com wss://*.itbitget.com https://*.checkout.com https://gateway.95516.com https://telegram.org https://*.youtube.com wss://*.bitget.online https://www.tradingview.com https://api.tronstack.io https://*.noxiaohao.com wss://*.bitget.site wss://*.beeeye.xyz https://*.bitget.site https://*.beeeye.xyz https://*.bitget.live https://*.bitget.cloud https://*.bgportable.com https://*.bitget.style https://*.bjxnyj.com https://*.ddjxad.top https://*.94wz.xyz https://*.59ow.com https://*.pujieco.com https://*.cnbitget.com https://*.bitget.fit wss://*.bitget.live wss://*.bitget.cloud wss://*.bitgetapp.com wss://*.bitget.vin wss://*.bgportable.com wss://*.bitget.style wss://*.bjxnyj.com wss://*.ddjxad.top wss://*.94wz.xyz wss://*.59ow.com wss://*.bitget.fit wss://*.pujieco.com wss://*.cnbitget.com wss://*.gdrichem.com:8443 wss://*.yinshen.top https://megacheck.vip https://*.megacheck.vip wss://*.megacheck.vip wss://megacheck.vip https://*.megacheck.net wss://*.megacheck.net https://megacheck.net wss://megacheck.net https://*.saintpay.com https://*.skypay.space wss://*.saintpay.com wss://*.skypay.space wss://*.noxiaohao.com https://*.yinshen.top:8443 https://*.omkbic.com:8443 https://*.d14x4.com https://*.minigitlab.top https://*.uykdjs.com wss://*.d14x4.com wss://*.minigitlab.top wss://*.uykdjs.com https://dn-staticdown.qbox.me https://*.7b7x.com https://7b7x.com wss://*.7b7x.com wss://7b7x.com wss://*.ada.support wss://*.checkout.com https://cdn.builder.io https://*.onfido.com https://*.gurenla.com https://*.glassgs.com wss://*.glassgs.com wss://*.bitget.media https://*.bitget.media https://fp-constantid.bitkeep.vip https://api-web.bitkeep.app https://api-web.bitkeep.asia https://api-web.bitkeep.biz https://api-web.bitkeep.fun https://api-web.bitkeep.life https://api-web.bitkeep.top https://api-web.bitapi.vip https://api-web.chainnear.com https://api-web.lymryy.com:9443 https://api-web.wwmxd.info https://api-web.wwmxd.site; frame-src 'self' 'report-sample' blob: data: https://*.google.com https://*.ydl8.top https://*.huayuschool.cc https://*.sanqianwenhua.xyz https://*.bitgetimg.com https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bitgetapp.com https://*.bitget.vin https://*.bgbstatic.com https://www.facebook.com https://oauth.telegram.org https://telegram.org https://*.checkout.com https://*.ada.support https://*.youtube.com https://www.googletagmanager.com https://widget-mediator.zopim.com https://*.gdrichem.com:8443 https://*.yinshen.top https://gateway.test.95516.com https://*.google-analytics.com https://megacheck.vip https://*.megacheck.vip https://*.bitget.site https://*.beeeye.xyz https://*.bitget.live https://*.bitget.cloud https://*.bgportable.com https://*.bitget.style https://*.bjxnyj.com https://*.ddjxad.top https://*.94wz.xyz https://*.59ow.com https://*.pujieco.com https://*.cnbitget.com https://*.bitget.fit https://*.saintpay.com https://*.skypay.space https://*.d14x4.com https://*.minigitlab.top https://*.uykdjs.com https://*.megacheck.net https://megacheck.net https://*.7b7x.com https://7b7x.com https://bitget.banxa.com https://*.onfido.com https://*.95516.com https://*.glassgs.com https://www.bitgetwidget.com https://*.nihaopay.com https://onramp.money https://*.bitget.media https://*.simplexcc.com; frame-ancestors 'self' https://*.bitget.com https://*.bitgetpro.site https://*.bitget.cc https://*.bitgetapp.com https://*.bitget.vin; report-uri https://64daf6801f5fef086f32761c.endpoint.csper.io?v=30; 2
connect-src 'self' geoapi.freeimages.com https://*.freeimages.com https://geoapi.freeimages.com cookies-data.onetrust.io getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com picspree.s3.amazonaws.com vectorhq-files.s3.amazonaws.com clipartlogo-getty.s3.amazonaws.com 365psd-getty.s3.amazonaws.com clipartme-getty.s3.amazonaws.com vectorme-getty.s3.amazonaws.com findicons-getty.s3.amazonaws.com https://*.hotjar.com https://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com 'self' getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com geoapi.freeimages.com cookies-data.onetrust.io geolocation.onetrust.com in.hotjar.com stats.g.doubleclick.net wss://*.hotjar.com static.freeimages.com; form-action 'self'; script-src-elem 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com https://www.google.com https://www.gstatic.com ajax.googleapis.com 'unsafe-inline' static.freeimages.com; img-src 'self' cdn.cookielaw.org images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com http://script.hotjar.com www.google-analytics.com www.googletagmanager.com optimize.google.com www.gstatic.com *.google-analytics.com *.analytics.google.com fonts.gstatic.com *.freeimages.com data: blob: 'self' images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy cdn.cookielaw.org data: www.gstatic.com static.freeimages.com; object-src 'none'; script-src 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com 'unsafe-inline' static.freeimages.com; default-src 'none'; frame-src www.google.com vars.hotjar.com optimize.google.com converter.freeimages.com; manifest-src 'self' static.freeimages.com; font-src 'self' fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com static.freeimages.com; style-src 'self' optimize.google.com https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com 'unsafe-inline' www.googletagmanager.com static.freeimages.com; frame-ancestors 'self'; base-uri 'none' 2
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';script-src-attr * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'none';frame-src * data: blob:;form-action *;base-uri 'self';object-src 'none' 2
default-src 'self' *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.marketo.com/ *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ anchor.fm gateway.zscalertwo.net static3.avast.com *.mktoutil.com *.google.com/ info.cytivalifesciences.com info.cytivalifesciences.com/ blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.marketo.com *.marketo.com/ info.cytivalifesciences.com info.cytivalifesciences.com/ *.kampyle.com *.medallia.eu assets.cytivalifesciences.com *.demo.app.cytiva.com *.zoovu.com assets-barracuda-runner.azureedge.net static.cloud.coveo.com/ acms-ext.pall.com acms-ext.pall.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com cdn.mouseflow.com *.mouseflow.com/ munchkin.marketo.net *.marketo.com *.mktorest.com assets.adobedtm.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.linkedin.com *.youtube.com s.ytimg.com *.facebook.com connect.facebook.net t.co static.ads-twitter.com analytics.twitter.com js-agent.newrelic.com dpm.demdex.net gateway.zscalertwo.net snap.licdn.com bam.nr-data.net gelifedigitalhubprod.112.2o7.net cx.atdmt.com static.cloud.coveo.com google.com googleads.g.doubleclick.net *.consensu.org *.adroll.com maps.googleapis.com *.onetrust.com *.google.com api.fouanalytics.com *.b2c.com *.b2c.com:* *.b2c.com/ smetrics.cytivalifesciences.com stats.g.doubleclick.net play.vidyard.com play.vidyard.com/ hm.baidu.com info.cytivalifesciences.com info.cytivalifesciences.com/ d22d1xpx4ztuef.cloudfront.net secure.adnxs.com secure.marx7loki.com *.jsdelivr.net blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ cdn.mxpnl.com d35vb5cccm4xzp.cloudfront.net/ d35vb5cccm4xzp.cloudfront.net cdn.cookielaw.org *.adsrvr.org chat.cytivalifesciences.com cdn.livechatinc.com api.livechatinc.com assets.cytivalifesciences.com *.demo.app.cytiva.com global.localizecdn.com global.localizecdn.com/ *.zoovu.com api-barracuda.zoovu.com assets-barracuda-runner.azureedge.net *.6sc.co *.6sense.com cytivatrackinglibsanbox.z33.web.core.windows.net cdn.rudderlabs.com acms-ext.pall.com acms-ext.pall.com/; img-src * data: *.kampyle.com *.medallia.eu secure.adnxs.com ib.adnxs.com *.zoovu.com assets-barracuda-runner.azureedge.net; media-src 'self' *.youtube.com cdn.livechatinc.com cdn.cytivalifesciences.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data: *.cloud.coveo.com/ static3.avast.com *.kampyle.com *.medallia.eu cdn.livechatinc.com *.zoovu.com assets-barracuda-runner.azureedge.net; frame-src 'self' *.adobe.com *.marketo.com facebook.com *.facebook.com *.anchor.fm anchor.fm cytiva.demdex.net youtube.com *.youtube.com bid.g.doubleclick.net play.vidyard.com play.vidyard.com/ gateway.zscalertwo.net info.cytivalifesciences.com info.cytivalifesciences.com/ www.cytivalifesciences.com/ www.cytivalifesciences.com blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ insight.adsrvr.org match.adsrvr.org embed.podcasts.apple.com secure.livechatinc.com *.demo.app.cytiva.com open.spotify.com/ chat.cytivalifesciences.com/ cdn.cytivalifesciences.com podcasters.spotify.com *.zoovu.com td.doubleclick.net/ assets.cytivalifesciences.com; connect-src 'self' *.thunderhead.com *.facebook.com facebook.com bam.nr-data.net *.mouseflow.com *.mouseflow.com/ *.mktorest.com *.mktoresp.com *.consensu.org *.doubleclick.net *.omtrdc.net *.demdex.net youtube.com *.youtube.com marketo.com *.marketo.com *.onetrust.com google-analytics.com *.google-analytics.com *.cytivalifesciences.com *.b2c.com *.b2c.com:* *.b2c.com/ api.fouanalytics.com google.com smetrics.cytivalifesciences.com stats.g.doubleclick.net *.mktoutil.com *.google.com/ hm.baidu.com api.ipify.org c.jabmo.app acapgenertedreports-prod.s3.amazonaws.com blob: *.kampyle.com *.medallia.eu www.cytivalifesciences.com/ *.mixpanel.com cytivalifesciences.data.adobedc.cn cdn.cookielaw.org cookies-data.onetrust.io *.blob.core.windows.net idx.liadm.com directline.botframework.com wss://directline.botframework.com api.livechatinc.com cdn.linkedin.oribi.io global.localizecdn.com global.localizecdn.com/ app.localizejs.com api-barracuda.zoovu.com *.zoovu.com assets-barracuda-runner.azureedge.net *.6sc.co api.cytivalifesciences.com pagead2.googlesyndication.com api.rudderlabs.com cytiva-dataplane.rudderstack.com acms-ext.pall.com acms-ext.pall.com/ api.rudderstack.com px.ads.linkedin.com analytics-dataplane.service.cytiva.com; report-uri https://www.cytivalifesciences.com/api/csp/report 2
frame-ancestors: 'none' 2
worker-src * 2
report-uri /log-report-uri/enforce 2
frame-ancestors 'self' *.qidian.com *.hongxiu.com *.yuewen.com *.qq.com *.qdmm.com *.readnovel.com *.xs8.cn *.xxsy.net *.tingbook.com *.lrts.me *.ywurl.cn *.qdwenxue.com *.if.qidian.com www.gameloop.com *.xs.cn *.rongshuxia.com 2
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://tigo.us18.list-manage.com https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-7Fp7MEYPiWwFlFSMtMrgFGtyV65kiMzqzrPzl5b9JcE=' 'sha256-1eitAMOMBEWQWrEo2CI2KMY9gYgxOeJjntcD0Puyirw=' 'sha256-kw7rMCesUws2kQMU9IXUxO6kflQ3bRrMMDWqFbNNfHs=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-mjWayJ8bIILZRwmU4qhz1tO/F4oF7grwSWF0Gi1bRZ0='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com; connect-src * data: https://*.crazyegg.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 2
frame-ancestors self; 2
default-src 'self' https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net https://zip.getziptastic.com https://www.googletagmanager.com; img-src * data:; script-src 'self' 'sha256-4qHwYstA/HMoqYktYjfAnyNPmBqLeAqunX99JaEvimc=' https://www.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com; frame-src https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://copayassets-test.aws.paysign.com/ https://s3.amazonaws.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.paysign.com https://*.aws.paysign.com https://*.paysign.net; font-src 'self' https://fonts.gstatic.com; connect-src https://*.paysign.com https://*.3pea.net https://*.aws.paysign.com https://*.paysign.net https://*.s3.us-east-1.amazonaws.com/ https://zip.getziptastic.com https://www.googletagmanager.com https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; manifest-src 'self' https://maps.googleapis.com/ https://www.google-analytics.com/; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: 2
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 2
frame-ancestors members.rexmd.com members.navamd.com members.lifemd.com *.lifemd.com 2
frame-ancestors 'self' https://smarthub.keystoneacademic.com https://sanity.keg.com; 2
frame-ancestors 'self' https://buttercms.com; 2
base-uri 'self'; connect-src 'self' www.gk-software.com dmndfrcstng.com; frame-src 'self' www.gk-software.com www.youtube.com www.youtube-nocookie.com forms.office.com; font-src 'self' fonts.gstatic.com data:; worker-src 'self' blob:; frame-ancestors 'self'; object-src 'self'; child-src 'self'; form-action 'self'; 2
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:  https://*.googleapis.com; worker-src 'self' blob:; 2
frame-ancestors 'self' travel-dealz.de travel-dealz.com forum.travel-dealz.de; 2
default-src 'self' *.livejournal.com *.livejournal.net *.google.com google.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru *.tiktok.com tiktok.com *.youtube.com youtube.com; script-src 'self' *.livejournal.com *.livejournal.net *.adfox.ru ad.mail.ru api.giphy.com cdn.ampproject.org cdn.jsdelivr.net content.adriver.ru *.criteo.com *.criteo.net cstatic.weborama.fr data00.adlooxtracking.com data.24smi.net *.doubleclick.net *.dropbox.com dsp-rambler.ru *.exelator.com *.facebook.com vk.com *.facebook.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.google.ru *.googlesyndication.com *.googletagmanager.com googletagmanager.com *.googletagservices.com *.gstatic.com *.instagram.com j.adlooxtracking.ru js.mamydirect.com jsn.24smi.net *.lj.ru mc.yandex.com mc.yandex.ru *.newrelic.com *.nr-data.net *.ok.ru openstat.net pingback.giphy.com *.pingdom.com *.pingdom.net *.pinterest.com *.plista.com *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg r.mradx.net *.rnet.plus *.rubiconproject.com r.webturn.ru *.scorecardresearch.com sdk.canva.com *.services.livejournal.com smi2.ru ssl.p.jwpcdn.com static.smi2cdn.ru static.smi2.net static.weborama.fr static.xx.fbcdn.net stat.media telegram.org tiktokcdn-us.com *.tiktok.com tiktok.com tns-counter.ru *.top100.ru top-fwz1.mail.ru tpc.googlesyndication.com *.ttwstatic.com twemoji.maxcdn.com *.twimg.com *.twitter.com *.videos.livejournal.com *.vk.com wcm-ru.frontend.weborama.fr weborama.fr *.webturn.ru *.yahooapis.com *.yandex.ru yandex.ru yastatic.net ymetrica.com *.youtube.com youtube.com z.moatads.com 'unsafe-inline' 'unsafe-eval'; style-src http: https: data: 'unsafe-inline'; img-src blob: http: https: data:; frame-src http: https:; font-src http: https: data:; connect-src 'self' *.livejournal.com *.livejournal.net ad.mail.ru *.ad-tech.ru api.giphy.com cdn.ampproject.org *.criteo.com csi.gstatic.com data00.adlooxtracking.com dsp-rambler.ru *.eaglecdn.com *.g.doubleclick.net googleads.g.doubleclick.net *.google-analytics.com *.googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com graph.facebook.com gstatic.com *.lj.ru lj.stat.eagleplatform.com mc.yandex.by mc.yandex.com mc.yandex.md mc.yandex.ru pingback.giphy.com *.pingdom.net *.rambler-co.ru rambler-co.ru *.rambler.ru rambler.ru rb.infox.sg *.rnet.plus *.services.livejournal.com *.ssp.rambler.ru ssp.rambler.ru static-mon.yandex.net static.xx.fbcdn.net stat.media stats.g.doubleclick.net smi2.net smi2.ru *.tiktok.com tiktok.com top-fwz1.mail.ru *.twitter.com *.webturn.ru webvisor.org wss://www.livejournal.com yandexmetrica.com yandexmetrica.com:29010 yandexmetrica.com:30103 *.yandex.ru yandex.ru yastatic.net ymetrica1.com ymetrica.com *.youtube.com youtube.com; report-uri https://www.livejournal.com/csp_reports; report-to livejournal; media-src http: https: data: storage.mds.yandex.net; frame-ancestors 'self'; worker-src 'self' blob:; object-src 'self' blob: youtube.com *.youtube.com; child-src 'self' blob:; 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; 2
default-src 'self' cms.ubank.com.au; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.appsflyer.com *.jst.ai; font-src 'self' *.86400.com.au *.wpengine.com status.ubank.com.au fonts.gstatic.com; script-src 'self' pippio.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://ajax.googleapis.com/ajax/libs/jquery/ www.googleadservices.com/pagead/ *.widgetworks.com.au *.jobadder.com www.googletagmanager.com www.google-analytics.com analytics.google.com js.adsrvr.org connect.facebook.net *.appsflyer.com *.jst.ai https://*.optimizely.com https://cdn-assets-prod.s3.amazonaws.com *.bing.com tags.tiqcdn.com *.tealiumiq.com *.glassboxdigital.io *.gbqofs.com blob: 'unsafe-inline'; frame-src 'self' *.jst.ai *.jobadder.com *.widgetworks.com.au keyfactssheet.infochoice.com.au www.google.com recaptcha.google.com insight.adsrvr.org match.adsrvr.org *.flashtalking.com; img-src 'self' data: collect.tealiumiq.com *.appsflyer.com cms.ubank.com.au https://adservice.google.com https://adservice.google.com.au www.glassdoor.com.au apps.jobadder.com www.facebook.com *.doubleclick.net www.google-analytics.com www.google.com www.google.com.au www.googletagmanager.com https://cdn.optimizely.com *.jst.ai *.bing.com; connect-src 'self' *.gbqofs.io collect.tealiumiq.com www.google.com.au/ads/ analytics.google.com *.jst.ai www.google-analytics.com cms.ubank.com.au ubank2.wpengine.com stats.g.doubleclick.net *.appsflyer.com *.algolia.net *.algolianet.com *.algolia.io https://*.optimizely.com; object-src 'none'; 2
default-src https: http: 'unsafe-inline' data: blob: 'unsafe-eval' 2
frame-ancestors *.yandex.ru 2
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://*.arcot.com https://*.doubleclick.net https://*.onetrust.com https://*.optimizely.com https://ade.googlesyndication.com https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://api.github.com https://api.mypurecloud.ie https://pagead2.googlesyndication.com https://www.google.hu https://px.ads.linkedin.com wss://carrier-pigeon.mypurecloud.ie https://*.bankofireland.com https://*.bsw-dev.net https://*.cludo.com https://*.google.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://*.googleapis.com https://*.gstatic.com https://*.pingdom.net https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://calculators.api.bankofireland.com https://*.twitter.com https://app.altocloud.com https://cdn.optimizely.com https://eu.qualtrics.com/ https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://gkcpri.boi.com https://gkcsec.boi.com https://gmspri.boi.com https://gmssec.boi.com https://privacyportal.cookiepro.com https://stats.g.doubleclick.net;font-src 'self' data:  https://fonts.gstatic.com https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://*.bankofireland.com https://*.getsitecontrol.com https://altocloudcdn.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com;frame-src 'self' https://*.arcot.com https://a25243410878.cdn-pci.optimizely.com https://a25243410878.cdn.optimizely.com https://bankofireland.eu.qualtrics.com https://form-stg.bsw-dev.net https://form.bankofireland.com https://*.365online.com https://*.addthis.com https://*.doubleclick.net https://*.google.com https://*.siteintercept.qualtrics.com https://*.twitter.com https://*.which50.com https://365online.com https://altocloud-sdk.com https://boi-app.ignitionwealth.ie https://boi-app.uat.ignitionwealth.ie https://boimedia.customerminds.com https://media.customerminds.com https://pixel.everesttech.net https://s-static.ak.facebook.com https://siteintercept.qualtrics.com https://www.everestjs.net https://www.facebook.com https://www.youtube.com;img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://*.ytimg.com https://*.arcot.com https://ade.googlesyndication.com https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://cookiepro.blob.core.windows.net https://cdn.optimizely.com https://eu.qualtrics.com https://www-stg.bsw-dev.net https://www.google.hu https://www-dev.bsw-dev.net https://*.bankofireland.com https://*.cludo.com https://*.doubleclick.net https://*.facebook.com https://*.getsitecontrol.com https://*.google.com https://*.google.ie https://*.googleapis.com https://*.googleusercontent.com https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.siteintercept.qualtrics.com https://*.twimg.com https://*.twitter.com https://app.altocloud.com https://cdn.cookielaw.org https://gtrk.s3.amazonaws.com https://pixel.everesttech.net https://s0.2mdn.net https://secure.adnxs.com https://secure.gravatar.com https://siteintercept.qualtrics.com https://t.co https://www.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://boi-public-assets.s3-eu-west-1.amazonaws.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google-analytics.com https://*.mypurecloud.ie https://*.onetrust.com https://*.optimizely.com https://ade.googlesyndication.com https://cdn-assets-prod.s3.amazonaws.com https://code.jquery.com https://cookie-cdn.cookiepro.com https://optimizely-edge.com https://optimizely.s3.amazonaws.com https://www.google.hu https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://*.addthis.com https://*.addthisedge.com https://*.bankofireland.com https://*.bizographics.com https://*.cludo.com https://*.doubleclick.net https://*.getsitecontrol.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.siteintercept.qualtrics.com https://*.twimg.com https://*.twitter.com https://altocloud-sdk.com/ac.js https://altocloudcdn.com https://app.altocloud.com https://boi-app.ignitionwealth.ie https://boi-app.preprod.ignitionwealth.ie https://boi-app.uat.ignitionwealth.ie https://cdn.cookielaw.org https://cdn.polyfill.io https://connect.facebook.net https://cookiepro.blob.core.windows.net https://dnn506yrbagrg.cloudfront.net https://geolocation.onetrust.com https://i.ytimg.com https://ict.infinity-tracking.net https://pagead2.googlesyndication.com https://pixel.everesttech.net https://pixel.quantserve.com https://rules.quantcount.com https://s.ytimg.com https://seal.websecurity.norton.com https://secure.adnxs.com https://secure.quantserve.com https://siteintercept.qualtrics.com https://snap.licdn.com https://static.ads-twitter.com https://t.co https://www.everestjs.net https://www.google-analytics.com https://www.google.ie https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube.com/iframe_api https://youtube.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://boi-public-assets-dev.s3-eu-west-1.amazonaws.com https://boi-public-assets.s3-eu-west-1.amazonaws.com https://cookiepro.blob.core.windows.net https://*.bankofireland.com https://*.siteintercept.qualtrics.com https://*.twimg.com https://*.twitter.com https://cdnjs.cloudflare.com https://optimize.google.com https://siteintercept.qualtrics.com; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com/ https://foryou.redbeemedia.com/ https://pi.pardot.com/ https://www.google.com/ https://www.google-analytics.com/ https://unpkg.com/ https://code.jquery.com/ https://www.googletagmanager.com/ https://consent.cookiebot.com/ https://www.redbeemedia.com/ https://redbeemedia.com/ https://consentcdn.cookiebot.com 2
object-src 'self'; base-uri 'self'; frame-ancestors 'self' https://www.vacaturesonline.nl; default-src blob: https://cdn.livechatinc.com https://*.vacaturesonline.nl https://*.ictergezocht.nl https://*.werkzoeken.nl https://*.technicus.nl https://vars.hotjar.com https://accounts.google.com https://www.youtube.com https://docs.google.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://cdn-cookieyes.com https://accounts.google.com https://maps.googleapis.com https://api.livechatinc.com https://cdn.livechatinc.com https://bat.bing.com https://ajax.cloudflare.com https://*.google.com https://*.google.nl https://*.hotjar.com https://*.licdn.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://www.googletagmanager.com https://www.googleadservices.com https://maps.googleapis.com https://*.doubleclick.net https://*.linkedin.com https://www.gstatic.com https://js.live.net https://www.google-analytics.com https://sjs.bizographics.com https://www.dropbox.com https://apis.google.com https://api.smooch.io; connect-src 'self' https://directory.cookieyes.com https://cdn-cookieyes.com https://log.cookieyes.com  http://maps.googleapis.com https://www.google.nl https://api.livechatinc.com https://*.analytics.google.com https://api.maptiler.com https://*.microsoft.com https://*.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://www.google-analytics.com wss://*.hotjar.com https://*.vacaturesonline.nl; frame-src 'self' https://secure.livechatinc.com https://*.google.com/ https://www.youtube.com https://vars.hotjar.com https://www.werkzoeken.nl https://www.ictergezocht.nl https://www.technicus.nl; font-src 'self' data: https://cdn.livechatinc.com https://*.werkzoeken.nl https://*.vacaturesonline.nl https://*.technicus.nl https://*.ictergezocht.nl https://*.hotjar.com https://fonts.gstatic.com; img-src 'self' blob: data: https://cdn-cookieyes.com https://cdn.livechat-files.com https://cdn.livechatinc.com https://bat.bing.com https://script.hotjar.com https://*.linkedin.com https://*.werkzoeken.nl https://*.technicus.nl https://*.vacaturesonline.nl https://*.ictergezocht.nl https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.nl https://*.doubleclick.net; 2
require-sri-for script style 2
frame-ancestors https://connext.conti.de/; 2
default-src 'self';connect-src 'self' *.acsbapp.com acsbapp.com *.bing.com bing.com *.clarity.ms clarity.ms *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.google-analytics.com google-analytics.com *.googlesyndication.com googlesyndication.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.hotjar.io hotjar.io *.onetrust.com onetrust.com *.oribi.io oribi.io *.trustindex.io trustindex.io *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat api.segment.io cdn-cookieyes.com cdn.segment.com https://px.ads.linkedin.com/wa/ maps.googleapis.com;font-src 'self' *.trustindex.io trustindex.io data: fonts.gstatic.com;frame-src 'self' *.amazonaws.com amazonaws.com *.careerplug.com careerplug.com *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.vimeo.com vimeo.com *.youtube.com youtube.com www.google.com;img-src 'self' *.acsbapp.com acsbapp.com *.amazonaws.com amazonaws.com *.analytics.google.com analytics.google.com *.bing.com bing.com *.clarity.ms clarity.ms *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.com facebook.com *.facebook.net facebook.net *.google-analytics.com google-analytics.com *.googlesyndication.com googlesyndication.com *.googletagmanager.com googletagmanager.com *.googleusercontent.com googleusercontent.com *.gravatar.com gravatar.com *.gstatic.com gstatic.com *.linkedin.com linkedin.com *.thelearningexperience.com thelearningexperience.com *.trustindex.io trustindex.io *.ytimg.com ytimg.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat data: maps.googleapis.com pixel.wp.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.acsbapp.com acsbapp.com *.amazonaws.com amazonaws.com *.bing.com bing.com *.clarity.ms clarity.ms *.cookielaw.org cookielaw.org *.doubleclick.net doubleclick.net *.facebook.net facebook.net *.google-analytics.com google-analytics.com *.google.com google.com *.googleadservices.com googleadservices.com *.googletagmanager.com googletagmanager.com *.greenhouse.io greenhouse.io *.hotjar.com hotjar.com *.licdn.com licdn.com *.segment.com segment.com *.tctm.co tctm.co *.trustindex.io trustindex.io *.winnie.com winnie.com blob: data: maps.googleapis.com static.smartrecruiters.com stats.wp.com www.gstatic.com www.smartrecruiters.com;style-src 'self' 'unsafe-inline' *.trustindex.io trustindex.io fonts.googleapis.com static.smartrecruiters.com tagmanager.google.com;media-src 'self' *.amazonaws.com amazonaws.com; report-to csp-endpoint 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readwhere.app *.readwhere.com *.cloudflare.com  *.bootstrapcdn.com  *.googletagmanager.com *.gstatic.com *.facebook.net *.twitter.com googleads.g.doubleclick.net *.doubleclick.net *.rwadx.com *.google.com *.google.co.in *.facebook.com *.epapr.in static.xx.fbcdn.net scontent.fdel72-1.fna.fbcdn.net *.google-analytics.com use.fontawesome.com *.pinterest.com *.jquery.com *.cloudfront.net *.googleapis.com data: sb.scorecardresearch.com *.googlesyndication.com 2
frame-ancestors 'self' *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org; frame-src 'self' https://community.pregnancy.org https://optum.marketing.adobe.com *.uhg.com *.optum.com *.uhc.com *.adobeaemcloud.com *.pagescdn.com *.healthsafe-id.com uhgenterprise.qualtrics.com g360site.secure.force.com g360.my.salesforce-sites.com *.DoubleClick.net *.youtube.com player.simplecast.com *.trkn.us covid19.rallyhealth.com insight.adsrvr.org; 2
default-src *; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://www.youtube.com https://siteimproveanalytics.com https://kit.fontawesome.com https://analytics.rubensteintech.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://dnn506yrbagrg.cloudfront.net https://www.google-analytics.com https://uk1.siteimprove.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fast.wistia.com https://*.crazyegg.com https://js.hs-scripts.com https://js.hs-banner.com https://s3.amazonaws.com https://js.hs-analytics.net https://js.hsforms.net https://forms.hsforms.com https://tagmanager.google.com https://consent.cookiebot.com https://e.infogram.com https://prezi.com https://consentcdn.cookiebot.com https://app.wistia.com ; style-src 'self' 'unsafe-inline' http://hello.myfonts.net https://hello.myfonts.net https://cloud.typenetwork.com https://hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com https://*.crazyegg.com ; font-src 'self' data: https://*.wistia.com https://ka-f.fontawesome.com https://cloud.typenetwork.com https://static.hotjar.com https://fonts.gstatic.com ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://i.vimeocdn.com https://insights.hotjar.com https://static.hotjar.com https://embed-ssl.wistia.com https://analytics.rubensteintech.com https://www.google-analytics.com https://uk1.siteimprove.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://*.crazyegg.com https://embed-fastly.wistia.com https://user-event-tracker.crazyegg.com https://track.hubspot.com https://forms.hubspot.com https://10144.global.siteimproveanalytics.io https://ssl.gstatic.com https://www.gstatic.com data: https://bclplaw.vuturevx.com https://www.bclplaw.com https://www.bryancave.com ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://cdn.plyr.io https://ka-f.fontawesome.com https://*.hotjar.com:* wss://*.hotjar.com https://*.crazyegg.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-ssl.wistia.com https://www.google-analytics.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://consentcdn.cookiebot.com https://maps.googleapis.com https://embed-cloudfront.wistia.com ; frame-src 'self' https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://fast.wistia.com https://forms.hsforms.com https://cdn.yoshki.com https://e.infogram.com https://prezi.com https://analytics.rubensteintech.com https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://fast.wistia.net https://*.crazyegg.com https://services.bclplaw.marketing/infographics/ ; child-src 'self' blob: https://vars.hotjar.com ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net ; frame-ancestors 'self' https://fast.wistia.com https://fast.wistia.net ; 2
script-src 'self' kit.fontawesome.com cdn.callrail.com https://*.google.com https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com use.fontawesome.com player.vimeo.com clicky.com in.getclicky.com static.getclicky.com code.jquery.com 'unsafe-inline' 'unsafe-eval' 2
default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.melita.com https://*.melitabusiness.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.zopim.com https://static.zdassets.com https://*.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.googleadservices.com https://*.facebook.net https://*.doubleclick.net https://*.addthis.com https://cdn.mxpnl.com https://*.youtube.com https://*.moatads.com https://*.addthisedge.com https://fast.wistia.com https://beacon-v2.helpscout.net https://ekr.zdassets.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://www.googleoptimize.com https://kit.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/11.1.0/jsrsasign-all-min.js; style-src 'self' 'unsafe-inline' https://*.melita.com https://*.melitabusiness.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.fontawesome.com *.visualwebsiteoptimizer.com app.vwo.com *.licdn.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://*.zopim.com https://*.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; connect-src * 'self' blob:; form-action 'self' https://*.facebook.com; frame-ancestors 'self'; upgrade-insecure-requests; 2
default-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://oebb.celum.cloud https://chcloudoebbexportprod.blob.core.windows.net https://*.streaming.media.azure.net; style-src 'self' 'unsafe-inline' https://*.oebb.at https://*.nightjet.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; script-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://cdn.botframework.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io https://*.traumgutscheine.com https://myincert.com https://*.myincert.com https://jrrsxh.obb-italia.com; connect-src 'self' blob: https://*.oebb.at https://*.nightjet.com https://obc.railcargo.com https://oebb.celum.cloud https://*.playertec.de https://api.siteimprove.com https://directline.botframework.com wss://directline.botframework.com https://powerva.microsoft.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://api.userback.io https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at https://jrrsxh.obb-italia.com; img-src 'self' data: blob: https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://chcloudoebbexportprod.blob.core.windows.net https://*.ytimg.com https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://static.userback.io; frame-src https://*.oebb.at https://*.nightjet.com https://*.railcargo.com https://*.streaming.media.azure.net https://*.microsoftstream.com https://www.youtube-nocookie.com https://vimeo.com https://*.vimeo.com https://*.playertec.de https://*.yumpu.com https://www.zepp-cam.at https://*.soundcloud.com https://*.spotify.com https://*.waca.at https://*.dynamics.com https://live.virtual-events.at https://service.studiobaff.com https://live.brame-gamification.com https://www.komoot.de https://wien.radelt.at https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://www.traumgutscheine.com https://railtours.traumgutscheine.com https://tickets-deva.dm.tsint.at https://tickets-stest.dm.tsint.at https://shop.oebbtickets.at; frame-ancestors 'self' https://*.oebb.at http://fahrplan.oebb.at https://*.nightjet.com https://oebb-test.hafas.de; font-src 'self' https://*.oebb.at https://*.nightjet.com https://*.railcargo.com; child-src blob: https://*.oebb.at https://www.traumgutscheine.com https://railtours.traumgutscheine.com; worker-src blob: https://*.oebb.at; 2
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors http://ecomdisplay.int/ 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru; img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; default-src 'self'; frame-src *; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrating.org https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru blob:; report-uri https://prodoctorov.ru/cspreport/ 2
upgrade-insecure-requests; object-src 'none' 2
default-src https: data: wss://*.hotjar.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 2
frame-ancestors 'self' https://plein.blueconic.net https://www.blueconic.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' api.salemove.com api.salemove.eu ui.customsearch.ai analytics.twitter.com assets.adobedtm.com connect.facebook.net static.ads-twitter.com www.googleadservices.com maps.googleapis.com cdn.tt.omtrdc.net absa.tt.omtrdc.net www.google.com www.gstatic.com analytics.analytics-egain.com abdemo.egain.cloud absablog-dev.disqus.com absablog-sit.disqus.com absablog-uat.disqus.com absablog-prod.disqus.com ajax.googleapis.com platform.twitter.com platform.linkedin.com assets.pinterest.com c.disquscdn.com disqus.com secure.rating-widget.com log.pinterest.com rating-widget.com s.ytimg.com www.youtube.com youtube.com esb.ext.api.uat.absa.co.za client.crisp.chat googleads.g.doubleclick.net www.google.co.za www.google.pl dsp-aud.eskimi.com dsp.eskimi.com dsp-pix.eskimi.com dsp-media.eskimi.com cdn.syndication.twimg.com cse.google.com api-iam.intercom.io api.salemove.eu app.salemove.eu asset-proxy.salemove.eu assets.salemove.eu chunderw-gll.twilio.com chunderw-vpc-gll.twilio.com client-logger.salemove.eu eventgw.twilio.com fonts.googleapis.com fonts.gstatic.com io.salemove.eu js.intercomcdn.com kluster.ws.salemove.eu libs.salemove.com maps.googleapis.com maps.gstatic.com media.twiliocdn.com nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io s3-eu-west-1.amazonaws.com s3.amazonaws.com uplot.salemove.eu widget.intercom.io googletagmanager.com www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net c.la3-c1-fra.salesforceliveagent.com d.la3-c1-fra.salesforceliveagent.com c.la1-c2-par.salesforceliveagent.com d.la1-c2-par.salesforceliveagent.com c.la2-c2-cdg.salesforceliveagent.com c.la1-c2-par.salesforceagent.com d.la2-c2-cdg.salesforceliveagent.com bam-cell.nr-data.net fls.doubleclick.net tt.mbww.com pixel.mathtag.com snap.licdn.com sc-static.net analytics.tiktok.com bat.bing.com 2
frame-ancestors 'self' localhost:* *.tason.com http://localhost:3000 https://www.targetmarketing.co.kr https://mktplatform.tason.com https://dev-mktplatform.tason.com 2
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https:; object-src 'none';frame-ancestors 'self';form-action 'self' https://www.paypal.com; 2
frame-ancestors https://io.apply.creditkarma.com https://embedded.creditkarma.com 2
connect-src 'self' px.ads.linkedin.com consent-pref.trustarc.com consent.trustarc.com consent-reporting.trustarc.com p.typekit.net region1.analytics.google.com analytics.google.com maxcdn.bootstrapcdn.com use.typekit.net cdn.linkedin.oribi.io translate.googleapis.com play.vidyard.com stats.g.doubleclick.net 573-jlc-716.mktoresp.com 677-qfu-507.mktoresp.com 677-qfu-507.mktoutil.com www.google-analytics.com region1.google-analytics.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat www.googletagmanager.com www.greatamericaninsurancegroup.com www.gstatic.com www.linkedin.com; font-src 'self' data: consent.trustarc.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com use.typekit.net www.greatamericaninsurancegroup.com; form-action 'self'; frame-ancestors 'self'; default-src 'self' play.vidyard.com; frame-src 'self' consent-pref.trustarc.com td.doubleclick.net fast.wistia.net podcasters.spotify.com www.linkedin.com www.googletagmanager.com www.facebook.com anchor.fm app-ab02.marketo.com platform.twitter.com play.vidyard.com specialty.gaig.com www.google.com www.youtube.com www.surveymonkey.com www.google-analytics.com region1.google-analytics.com; img-src 'self' consent-pref.trustarc.com consent.trustarc.com consent.truste.com app-ab02.marketo.com region1.analytics.google.com www.google.co.ao analytics.google.com stats.g.doubleclick.net gaigauthor.gaig.com a.b0e8.com data: blob: a1.b0e8.com specialty.gaig.com www.linkedin.com www.gstatic.com translate.google.com ssl.google-analytics.com syndication.twitter.com fonts.gstatic.com px.ads.linkedin.com region1.google-analytics.com px4.ads.linkedin.com p.typekit.net play.vidyard.com www.google-analytics.com www.google.com www.googletagmanager.com www.policysweet.com www.greatamericaninsurancegroup.com cdn.vidyard.com i.ytimg.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.caigo.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat; script-src-elem 'self' code.jquery.com consent.trustarc.com bam.nr-data.net fast.wistia.net cdn.b0e8.com apis.google.com js-agent.newrelic.com widget.surveymonkey.com snap.licdn.com ssl.google-analytics.com connect.facebook.net ajax.googleapis.com app-ab02.marketo.com munchkin.marketo.net platform.twitter.com play.vidyard.com specialty.gaig.com use.typekit.net www.google-analytics.com region1.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com 'unsafe-inline' www.youtube.com; style-src-elem 'self' data: p.typekit.net use.typekit.net www.gstatic.com app-ab02.marketo.com fonts.googleapis.com maxcdn.bootstrapcdn.com specialty.gaig.com 'unsafe-inline'; script-src-attr 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' widget.surveymonkey.com specialty.gaig.com fast.wistia.net bam.nr-data.net ajax.googleapis.com platform.twitter.com region1.google-analytics.com www.google-analytics.com www.gstatic.com snap.licdn.com cdn.b0e8.com www.google.com js-agent.newrelic.com connect.facebook.net app-ab02.marketo.com www.googletagmanager.com use.typekit.net munchkin.marketo.net play.vidyard.com; style-src-attr 'unsafe-inline' www.greatamericaninsurancegroup.com; style-src 'self' 'unsafe-inline' specialty.gaig.com app-ab02.marketo.com fonts.googleapis.com maxcdn.bootstrapcdn.com p.typekit.net use.typekit.net www.gstatic.com; object-src 'self'; media-src 'self' data: ssl.gstatic.com; child-src 'self' app-ab02.marketo.com play.vidyard.com www.google.com www.googletagmanager.com www.youtube.com; upgrade-insecure-requests; report-uri https://greatamericaninsurancegroup.report-uri.com/r/t/csp/enforce 2
upgrade-insecure-requests; block-all-mixed-content; disown-opener 2
default-src * blob: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self'; form-action *; report-to endpoint-1 2
child-src 'self' blob:;connect-src * ws-mt1.pusher.com rts-euc.freshworksapi.com https://accounts.google.com/gsi/;default-src 'self' assets.travix.com *.cdn-net.com;img-src 'self' * data:;font-src 'self' data: assets.travix.com fonts.googleapis.com fonts.gstatic.com js.skyscnr.com;object-src 'self';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https: cdn.polyfill.io assets.travix.com six.cdn-net.com tagmanager.google.com *.criteo.com *.cdn-net.com *.doubleclick.net *.facebook.net *.facebook.com *.googleadservices.com ad.zanox.com ads.travelaudience.com adservice.google.com analytics.skyscanner.net awin1.com bat.bing.com cdn.pushalert.co ck.ncclick.co.kr click.accesstrade.in.th clkuk.tradedoubler.com connect.facebook.net deploy.mopinion.com ds1.nl dwin1.com emjcd.com google-analytics.com googletagmanager.com securepubads.g.doubleclick.net kayak.com static.ads-twitter.com t.cfjump.com t1.daumcdn.net tm.tradetracker.net track.adform.net track.omguk.com tradedoubler.net ts.tradetracker.net wcs.naver.net *.creativecdn.com cars.cartrawler.com cdn.euc-freshbots.ai rts-euc.freshworksapi.co https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://accounts.google.com/gsi/client *.cartrawler.com;style-src 'self' 'unsafe-inline' blob: https://accounts.google.com/gsi/style fonts.googleapis.com tagmanager.google.com googletagmanager.com cars.cartrawler.com product-router.cartrawler.com d6tizftlrpuof.cloudfront.net cdn.euc-freshbots.ai https://accounts.google.com/gsi/style *.cartrawler.com;frame-src www.booking.com *.bstatic.com *.doubleclick.net ogone-tpp.prd.travix.com aci-tpp.prd.travix.com centinelapi.cardinalcommerce.com pay.google.com *.cdn-net.com product-router.cartrawler.com https://claims.cloud.hopper.com/ https://checkout.paypal.com/ https://www.sandbox.paypal.com/ https://www.paypal.com/ *.cardinalcommerce.com https://www.google.com/maps/ https://www.youtube.com/embed/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.creativecdn.com https://accounts.google.com/gsi/ *.trip.com;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 2
frame-ancestors 'self' admin.neo.bet admin.neobet.de edit.scrivito.com; 2
frame-ancestors 'self' *.glasgowairport.com *.aberdeenairport.com *.southamptonairport.com 2
frame-ancestors 'self' https://www.p3tips.com/ https://www.p3campus.com/ https://tips.sandyhookpromise.org/ 2
default-src https: 'self' data: http://devwebservices.loyals.nl; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; report-uri /csp-reports 2
frame-ancestors https://*.westmonroe.com 2
frame-ancestors 'self' *.bambuser.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.company-target.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.redhat.com *.redhatstatic.com *.intercomcdn.com *.intercom.io *.qualtrics.com *.mountain.com *.trkn.us *.company-target.com analytics.twitter.com assets.adobedtm.com bam.nr-data.net connect.facebook.net consent.trustarc.com googleads.g.doubleclick.net hm.baidu.com img.en25.com in.ml314.com js.driftt.com ml314.com pixel.mintigo.com px.ads.linkedin.com s.ytimg.com s1795.t.eloqua.com script.hotjar.com scripts.demandbase.com snap.licdn.com static.ads-twitter.com static.hotjar.com www.googleadservices.com www.googletagmanager.com www.youtube.com secure.eloqua.com dpm.demdex.net api.demandbase.com autocomplete.demandbase.com tag.demandbase.com platform.twitter.com bat.bing.com j.6sc.co epsilon.6sense.com pubads.g.doubleclick.net https://static.redhat.com https://www.dev.redhat.com https://www.preprod.redhat.com https://www.redhat.com; style-src 'self' 'unsafe-inline' *.redhat.com fonts.googleapis.com js.driftt.com autocomplete.demandbase.com https://static.redhat.com https://www.redhat.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' tracks.redhat.com; report-uri https://o425042.ingest.sentry.io/api/5370002/security/?sentry_key=676ea2c2d4a147c2834066d24c04a9e4&sentry_environment=prod 2
default-src 'self' *; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 2
object-src *;script-src * 'unsafe-inline' 'unsafe-eval' data: 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline';frame-src * mailto: data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.acaa-cmps.com *.dbedirectory.com *.uhsvendors.com *.mdbecert.com *.mwdbe.com *.traviscountyhub.com *.civilrightsystem.com *.gob2g.com *.mwdsbe.com *.mwsbe.com *.sbeda.com *.thesupplierclearinghouse.com *.smwbe.com *.diversitycomplance.com *.civilrightsconnect.com *.b2gnow.com *.newnycontracts.com *.diversitysystem.com *.dbesystem.com *.civilrightsconnect.dot.gov *.sbdbe.com *.sctrca.org *.civilrightsconnect.dot.gov *.webnclink.org *.vendorreg.com *.txdotcms.com *.diversitysoftware.com *.sbecompliance.com; 2
frame-ancestors 'self' https://dashboard.sitew.com https://www.sitew.com; 2
font-src 'self' https://*.freenet.de; img-src * data:; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; 2
frame-ancestors https://*.trend.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 2
frame-ancestors 'self' statistiques-opus-prod.chambres-agriculture.fr 2
default-src ‘self’; object-src ‘none'; form-action 'none’; report-to csp-endpoint; 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data: 2
default-src 'none'; base-uri 'self'; frame-src 'self' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com *.google.gr; connect-src 'self' https://get-vpn.site *:888; font-src 'self' data: https://get-vpn.site; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: *.google.com *.google.gr https://get-vpn.site trustzoneurl.com trustzonepost.xyz stats.g.doubleclick.net www.google-analytics.com *.twitter.com *.basemaps.cartocdn.com; manifest-src 'self' https://get-vpn.site; style-src 'self' 'unsafe-inline' https://get-vpn.site; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get-vpn.site trustzoneurl.com platform.twitter.com connect.facebook.net  *.google-analytics.com *.twimg.com; report-uri https://trust.zone/_csp_log 2
frame-ancestors 'self' https://prd-cd-01-mdc-us-ce.wsf-e-loreal.com https://prd-cd-01-mdc-us-tc.wsf-e-loreal.com https://prd-cd-01-mdc-us-us.wsf-e-loreal.com https://prd-cd-mdc-us-ce.wsf-e-loreal.com https://prd-cd-mdc-us-tc.wsf-e-loreal.com https://prd-cd-mdc-us-us.wsf-e-loreal.com https://www.makeup.com https://www.skincare.com 2
default-src *; style-src 'self' https://p.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://www.google.com https://www.gstatic.com  https://www.googleadservices.com  https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://tag.simpli.fi https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://cdn.cookielaw.org https://maps.googleapis.com/ https://cdn.jsdelivr.net/ 'unsafe-inline'; upgrade-insecure-requests; object-src 'none'; form-action 'self'; img-src * data:; 2
frame-ancestors *; upgrade-insecure-requests 2
frame-ancestors 'self' https://codepen.io https://cdpn.io https://qatarairways.com https://qatarairways.com.qa https://*.qatarairways.com https://*.qatarairways.com.qa https://www.katara.net https://genevamotorshow.com https://*.discoverqatar.qa https://discoverqatar.qa https://dq-staging-b2b.vibe.travel https://dq-staging-b2c.vibe.travel https://*.qf.org.qa https://*.decc.qa https://www.the-afc.com 2
base-uri 'self'; upgrade-insecure-requests; default-src 'self' *.youtube-nocookie.com *.ytimg.com; 2
default-src https: data:; img-src https: data:; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline' 2
default-src 'self'; frame-src *; connect-src *; font-src *; img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *, style-src-elem 'unsafe-inline' * 2
frame-ancestors https://*.demandbase.com 2
frame-ancestors 'self' *.studis-online.de *.bafoeg-rechner.de *.netzseiten.de; 2
base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' https:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 2
default-src 'self' *.hs-mittweida.de blob: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; frame-src 'self' *.hs-mittweida.de *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; img-src 'self' *.hs-mittweida.de data: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; style-src 'self' *.hs-mittweida.de 'unsafe-inline' *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; script-src 'self' *.hs-mittweida.de 'unsafe-inline' 'unsafe-eval' blob: *.hs-mittweida.de tv.me.hs-mittweida.de hs.mw *.hs.mw; 2
default-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.google-analytics.com https://*.sender.mobi  'unsafe-inline'; frame-src 'self' https://*.gravatar.com https://*.google.com https://*.sender.mobi; script-src 'self' https://*.sender.mobi https://*.gravatar.com https://*.gstatic.com https://www.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.gravatar.com https://www.google.com https://www.google.com.ua https://*.sender.mobi https://www.google-analytics.com  https://*.gstatic.com data:; object-src 'self'; font-src 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://fonts.gstatic.com https://fonts.googleapis.com data:; style-src * blob: 'self' https://*.gravatar.com https://*.gstatic.com https://www.google.com https://*.sender.mobi https://fonts.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; 2
frame-ancestors 'self' https://*.sproutsocial.com https://sproutsocial.com; 2
default-src 'self' 'unsafe-inline' * data: blob: 2
frame-ancestors 'self' https://jobcloud.ch https://www.jobcloud.ch https://jobs.ch https://www.jobs.ch https://jobup.ch https://www.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://www.jobscout24.ch https://jobscout24.ch https://impieghi.ch https://www.impieghi.ch https://www.stellenmarkt.ch https://stellenmarkt.ch https://www.jobbasel.ch https://www.jobbern.ch https://www.jobmittelland.ch https://www.myjob.ch https://www.ostjob.ch https://www.zentraljob.ch https://www.rhenus.com https://rhenus.com https://www.rhenus-truckerjobs.com https://www.lager-mitarbeiter.de 2
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.knorr-bremse.com:* https://cdn.cookielaw.org https://responder.wt-safetag.com https://fbc.wcfbc.net https://*.gstatic.com https://*.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://n0c357rmy1njbuit2friqwu.blob.core.windows.net; frame-ancestors 'self' https://www.threesixty-events.de/selectron_innotrans/; 2
frame-ancestors 'self' https://*.sonepar.coremedia.cloud/; 2
frame-ancestors 'self' *.martech.zone 2
frame-ancestors 'self' https://cdw.lookbookhq.com http://cdw.lookbookhq.com http://solutions.cdw.com https://solutions.cdw.com 2
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ams-stage.itchotels.com https://www.googletagmanager.com https://connect.facebook.net *.triptease.io https://script.hotjar.com https://static.hotjar.com https://assets.adobedtm.com https://www.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.gstatic.com https://dynamic.criteo.com https://itclimited.sc.omtrdc.net https://sslwidget.criteo.com https://www.youtube.com https://www.jscache.com https://www.tripadvisor.com https://www.tripadvisor.in https://static.tacdn.com; frame-ancestors 'self' https://www.itchotels.com 2
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: https: ; 2
frame-ancestors 'self' https://*.kameleoon.com https://h7vcu8taur.kameleoon.eu https://dtvktbn6qk.kameleoon.eu https://*.kameleoon.io https://portal.decibel.com 2
frame-ancestors *.muctr.ru 2
default-src 'self' https: blob:;                                                   style-src 'self' 'unsafe-inline' *.ensemblevideo.com *.ntst.com *.marketo.net *.marketo.com *.typekit.net *.bootstrapcdn.com *.googleapis.com *.twitter.com *.twimg.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai;                                                    script-src 'self' 'unsafe-inline' fast.wistia.net fast.wistia.com blob: *.marketo.net *.marketo.com *.mktoresp.com *.bugherd.com *.liveperson.net *.lpsnmedia.net *.terminus.services *.jwpcdn.com *.jquery.com *.googletagmanager.com *.google-analytics.com *.googleapis.com  *.adsrvr.org *.twitter.com *.twimg.com *.oktopost.com okt.to *.adroll.com *.adroll.mgr.consensu.org *.sounder.fm *.facebook.net *.ntst.com *.licdn.com dg0hgb42195s9.cloudfront.net *.ramblechat.com *.cdn-prod.securiti.ai *.securiti.ai *.app.securiti.ai;                                                    object-src 'self';                                                   connect-src 'self' px.ads.linkedin.com stats.g.doubleclick.net analytics.google.com *.wistia.com *.litix.io *.terminus.services *.securiti.ai *.ntst.com dg0hgb42195s9.cloudfront.net wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com *.ramblechat.com *.mktoutil.com *.mktoresp.com *.google-analytics.com *.googleapis.com *.gstatic.com wss://*.ramblechat.com data:;                                                    font-src 'self' *.bootstrapcdn.com *.typekit.net *.gstatic.com data:;                                                    img-src * *.jwpltx.com data:;                                                   frame-ancestors 'self' *.ensemblevideo.com *.marketo.com *.marketo.net netsmart.highspot.com;                                                    2
font-src 'self' www.alertlogic.com *.youtube.com *.fontawesome.com  *.intercomcdn.com *.google.com fonts.gstatic.com *.neverbounce.com data: 'unsafe-inline' 'unsafe-eval' data:; 2
frame-ancestors https://eu.beanworks.com https://*.eu.beanworks.com https://*.beandev.com https://*.beanworks.ca https://*.beandev.eu https://*.sageapa.com https://beanworks.ca https://sageapa.com 2
require-trusted-types-for 'script';report-uri /_/MeetingsUi/cspreport 2
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://americannational.com https://*.lifeannuitydi.com https://*.inmoment.com https://tagmanager.google.com https://www.googletagmanager.com https://*.airkit.com https://*.airkitapps.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://unpkg.com https://*.vtimg.com https://*.assistant.watson.appdomain.cloud https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 2
frame-ancestors 'self' https://app.unbouncepreview.com https://app.unbounce.com https://learn.self.inc; 2
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com analytics.google.com code.jquery.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com www.gstatic.com *.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com www.gstatic.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com *.giosg.com t.lianacem.com static.ws.apsis.one static.ws-apac.apsis.one s3.amazonaws.com/beacon.pmmimediagroup.com/ static.ads-twitter.com js.monitor.azure.com ccchat-fi.telia.ee analytics.google.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; font-src 'self' data: *.typekit.net storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.giosg.com *.giosgusercontent.com googleapis.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com *.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se *.googleapis.com googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com *.googletagmanager.com ssl.gstatic.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com i.ytimg.com *.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com gateway.zscloud.net *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.fbcdn.net *.flockler.com scontent.cdninstagram.com *.giosgusercontent.com *.giosg.com analytics.twitter.com t.co ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com *.typekit.net *.giosgusercontent.com *.giosg.com prospector.pmmimediagroup.com audience.ws.apsis.one t.lianacem.com googleapis.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com wss://ccchat-fi.telia.ee ccchat-fi.telia.ee wss://www.upm.com t.lianacem.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com cdn.datatables.net optimize.google.com *.giosg.com *.giosgusercontent.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com *.giosg.com go.upmspecialtypapers.com open.spotify.com upm.leadfamly.com form.apsis.one player.simplecast.com v.qq.com selectscience.net googleapis.com tools.eurolandir.com w.soundcloud.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-ancestors 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://cdnjs.cloudflare.com *.facebook.net *.twitter.com *.twimg.com https://cdn.chatbot.com https://content.govdelivery.com/ https://cdn.livechatinc.com/ https://api.livechatinc.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com platform.twitter.com *.twimg.com cdnjs.cloudflare.com https://content.govdelivery.com/; connect-src 'self' https://maps.googleapis.com https://kdorapi.kdor.org https://cdn.chatbot.com/widget/5c7029abb3a91872edc36639/settings.json https://api.livechatinc.com; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com data:; img-src 'self' www.google-analytics.com maps.google.com *.twimg.com *.twitter.com data: https://content.govdelivery.com/; frame-src 'self' *.youtube.com *.facebook.com *.twitter.com https://cdn.chatbot.com https://secure.livechatinc.com/; 2
default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com *.analytics.google.com https://analytics.google.com https://tagmanager.google.com *.campoints.net https://*.visit-x.net http://*.visit-x.net https://*.visit-x.es http://*.visit-x.es *.google-analytics.com browser-update.org *.zopim.com https://*.getsentry.com https://*.disqus.com https://*.disquscdn.com https://*.bing.com https://*.googleadservices.com data: https://disqus.com https://*.wowza.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://static.zdassets.com https://trck.spoteffects.net https://phyon.communipay.net; object-src 'self' *.vxcdn.org *.cpmessenger.io *.inethoster.org https://vjs.zencdn.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://optimize.google.com https://*.disquscdn.com https://*.wowza.com https://*.google.com; img-src 'self' *.visit-x.net *.visit-x.es *.vxcdn.org *.cpmessenger.io *.inethoster.org *.campoints.net http://visitx.testunikat.com http://194.116.150.87/ https://*.maptilehoster.com *.google-analytics.com https://*.bing.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.com.ec https://*.google.de https://*.google.ch https://*.google.at https://*.google.es data: browser-update.org https://v2.zopim.com https://v2assets.zopim.io https://*.disquscdn.com https://*.disqus.com https://www.googletagmanager.com https://prod-railsapp.s3.amazonaws.com https://*.wowza.com https://*.gstatic.com https://trck.spoteffects.net https://phyon.communipay.net https://*.vxmodels.com https://cdn.jsdelivr.net blob:; media-src 'self' *.vxcdn.org *.cpmessenger.io *.inethoster.org *.campoints.net stream.visit-x.tv blob: https://v2.zopim.com https://*.akamaihd.net https://bintu-h5live.nanocosmos.de https://cdn.jsdelivr.net https://static.zdassets.com; frame-src 'self' https://optimize.google.com *.analytics.google.com https://analytics.google.com https://*.visit-x.net http://*.visit-x.net https://*.visit-x.es http://*.visit-x.es *.campoints.net https://*.vxcdn.org https://*.cpmessenger.io https://*.inethoster.org https://*.youtube.com https://*.disqus.com https://disqus.com https://*.feedtures.com https://player.vimeo.com https://paytour.communipay.net https://checkout.communipay.net https://phyon.communipay.net https://*.sexole.com; child-src 'self' https://*.visit-x.net http://*.visit-x.net https://*.visit-x.es http://*.visit-x.es *.campoints.net blob:; font-src 'self' *.visit-x.net *.visit-x.es fonts.gstatic.com data: https://*.zopim.com https://*.disquscdn.com; connect-src 'self' wss://*.campoints.net wss://*.campoints.net:443 wss://websocket.campoints.net wss://*.farm1.campoints.net wss://*.farm1.campoints.net:443 *.campoints.net *.vxcdn.org *.cpmessenger.io https://*.visit-x.net https://*.visit-x.es https://*.visit-x.tv *.google-analytics.com wss://*.zopim.com https://*.getsentry.com https://*.akamaihd.net https://*.disqus.com https://*.wowza.com https://stream.vxcdn.org https://latencytimer.azurewebsites.net/api/HttpTriggerJS1 *.vx-services.net https://ekr.zdassets.com https://visitxbv.zendesk.com wss://bintu-h5live.nanocosmos.de https://stats.g.doubleclick.net https://glog1.nanocosmos.de https://phyon.communipay.net *.inethoster.org *.services.vxmodels.com https://cdn.jsdelivr.net https://zendesk-eu.my.sentry.io *.analytics.google.com https://analytics.google.com https://api.videosdk.live wss://*.rm.videosdk.live; 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; report-uri https://revalize.report-uri.com/r/t/csp/enforce 2
frame-ancestors ; default-src 'self' 'unsafe-inline' mineralstage.wpengine.com www.google-analytics.com *.google.com maps.googleapis.com stats.g.doubleclick.net *.chilipiper.com *.clickagy.com www.googletagmanager.com *.breezy.hr *.linkedin.oribi.io *.linkedin.com *.wistia.com *.zoominfo.com *.litix.io cdn.cookielaw.org *.onetrust.com vimeo.com dev.visualwebsiteoptimizer.com; font-src 'self' use.typekit.net fonts.gstatic.com data:; frame-src 'self' 'unsafe-inline' player.vimeo.com js.driftt.com *.bugherd.com mineraltree.breezy.hr *.mineraltree.com *.googletagmanager.com optimize.google.com *.youtube.com *.chilipiper.com *.doubleclick.net data:; img-src 'self' mineralstage.wpengine.com www.google.com www.google-analytics.com maps.gstatic.com maps.googleapis.com *.googletagmanager.com optimize.google.com *.linkedin.com lltrck.com b.6sc.co p.adsymptotic.com *.clickagy.com *.rlcdn.com *.bing.com *.wistia.com *.vimeocdn.com *.chilipiper.com cdn.cookielaw.org *.visualwebsiteoptimizer.com data:; media-src 'self' mineralstage.wpengine.com blob:; script-src 'self' 'unsafe-inline' mineralstage.wpengine.com js.driftt.com *.bugherd.com j.6sc.co www.googletagmanager.com www.google-analytics.com maps.googleapis.com www.googleoptimize.com optimize.google.com player.vimeo.com pi.pardot.com ws.zoominfo.com tracking.leadlander.com snap.licdn.com go.mineraltree.com mineraltree.breezy.hr *.chilipiper.com *.bing.com *.clickagy.com *.wistia.com *.capterra.com cdn.cookielaw.org dev.visualwebsiteoptimizer.com cdn.jsdelivr.net blob:; style-src 'self' 'unsafe-inline' mineralstage.wpengine.com *.typekit.net *.googleapis.com optimize.google.com; 2
upgrade-insecure-requests;  default-src data: 'unsafe-inline' 'unsafe-eval' https:;  script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:;  style-src data: 'unsafe-inline' https:;  img-src data: https: blob: android-webview-video-poster:;  font-src data: https:; connect-src https: wss: blob:;  media-src data: https: blob:; object-src https:;  child-src https: data: blob:; form-action https:;  report-uri https://642d86e5f1e3671a291357d5.endpoint.csper.io?v=1; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com *.googleapis.com *.onenorth.com https://goodwinlaw102u0.admin.oniqa.com *.oniqa.com *.onistaged.com public.flourish.studio *.amazonaws.com public.flourish.studio flo.uri.sh *.googletagmanager.com *.google-analytics.com *.google.com *.ceros.com *.cvent.com *.cventevents.com assets-usa.mkt.dynamics.com public-usa.mkt.dynamics.com *.azureedge.net clarity.ms *.clarity.ms *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.simplecast.com *.cookielaw.org *.typekit.net cdnjs.cloudflare.com us1.siteimprove.com cdnjs.cloudflare.com *.brightcove.net siteimproveanalytics.com cdn.yoshki.com 61282325.global.siteimproveanalytics.io w.soundcloud.com goodwin.photoshelter.com photoshelter.com player.vimeo.com cdn.cookielaw.org geolocation.onetrust.com drive.google.com code.jquery.com yoshki.com *.adnxs.com *.6sc.co *.hotjar.com *.hotjar.io *.cvent.com wss://*.hotjar.com ws.zoominfo.com js.zi-scripts.com ws-assets.zoominfo.com *.parsely.com ; img-src * data:; font-src 'self' data: *.typekit.net; 2
script-src-elem 'self' 'unsafe-inline' *; 2
default-src 'self'; script-src 'report-sample' 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-uogddBLIKmJa413dyT0iPejBg3VFcO+4x6B+vw3jng0=' 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik='; script-src-elem 'report-sample' 'self' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-uogddBLIKmJa413dyT0iPejBg3VFcO+4x6B+vw3jng0=' 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik='; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' developer.allizom.org bcd.developer.allizom.org bcd.developer.mozilla.org updates.developer.allizom.org updates.developer.mozilla.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com stats.g.doubleclick.net https://api.stripe.com; font-src 'self'; frame-src 'self' interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net mdn.github.io live-samples.mdn.mozilla.net live-samples.mdn.allizom.net live-samples.developer.allizom.xyz *.mdnplay.dev *.mdnyalp.dev jsfiddle.net www.youtube-nocookie.com codepen.io survey.alchemer.com https://js.stripe.com; img-src 'self' *.githubusercontent.com *.googleusercontent.com *.gravatar.com mozillausercontent.com firefoxusercontent.com profile.stage.mozaws.net profile.accounts.firefox.com mdn.dev interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net wikipedia.org upload.wikimedia.org https://mdn.github.io/shared-assets/ https://*.google-analytics.com https://*.googletagmanager.com www.gstatic.com; manifest-src 'self'; media-src 'self' archive.org videos.cdn.mozilla.net https://mdn.github.io/shared-assets/; child-src 'self'; worker-src 'self'; 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 2
default-src 'self' *.google-analytics.com https://www.googletagmanager.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdn.datatables.net recruitingbypaycor.com cdnjs.cloudflare.com youtube.com *.vimeo.com app.five9.com *.luxsci.com siteimproveanalytics.com *.siteimproveanalytics.com *.vo.msecnd.net www.youtube.com *.fullstory.com js-na1.hs-scripts.com js.hs-banner.com js.hscollectedforms.net snap.licdn.com js.hsforms.net https://js.hubspot.com web-chat.nativechat.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.datatables.net youtube.com *.vimeo.com app.five9.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com placehold.it *.global.siteimproveanalytics.io app.five9.com px.ads.linkedin.com *.hsforms.com web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.recruitingbypaycor.com recruitingbypaycor.com *.youtube.com player.vimeo.com *.google.com *.luxsci.com apply.indeed.com app.five9.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://amwins-portal-api.azurewebsites.net https://app-amwinsportalapi-dev-uat.azurewebsites.net https://app-amwinsportalui-dev-uat.azurewebsites.net https://portal.amwins.com *.google-analytics.com nia-carrierstatesapi-app.azurewebsites.net *.services.visualstudio.com https://app-clportal-api.azurewebsites.net *.fullstory.com *.hscollectedforms.net forms.hsforms.com px.ads.linkedin.com *.hubspot.com; media-src 'self' data: blob: youtube.com player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; object-src *.google-analytics.com 'self' 2
frame-ancestors https://*.blackboard.com https://*.anthology.com; 2
frame-ancestors 'self' https://app.gather.town; 2
frame-ancestors ‘none’; default-src ‘self’, script-src ‘*://*.payfast.io:*’ 2
default-src 'self' *.usu.com; connect-src 'self' api-js.mixpanel.com api.hubapi.com api-eu1.hubapi.com salesviewer.org *.salesviewer.org usu.concludis.de hubspot-forms-static-embed.s3.amazonaws.com *.usu.com *.usu.de *.cookiefirst.com *.hsforms.com *.doubleclick.net *.googleapis.com *.hubspot.com *.google-analytics.com *.googlesyndication.com *.lfeeder.com *.google.com ws.zoominfo.com cdn.linkedin.oribi.io *.visitors.live *.clarity.ms px.ads.linkedin.com tracking.g2crowd.com *.g2.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' s3.amazonaws.com *.echobot.de fonts.gstatic.com usu.concludis.de *.usu.com *.usu.de *.hsforms.com *.cookiefirst.com; frame-src 'self' irpages2.equitystory.com www.gartner.com www.youtube.com www.youtube-nocookie.com *.tradingview.com *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.cookiefirst.com play.workadventu.re app-eu.wrike.com *.vimeo.com vimeo.com www.google.com *.facebook.net *.facebook.com *.hs-sites-eu1.com td.doubleclick.net www.g2.com/; img-src 'self' *.hubspotusercontent-eu1.net *.echobot.de *.quora.com img.youtube.com reviews.static.gartner.com www.googletagmanager.com *.google-analytics.com usu.concludis.de *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.google.com t.co *.linkedin.com *.hubspot.com *.cloudfront.net *.google.de data: *.lfeeder.com fonts.gstatic.com app-eu.wrike.com *.twitter.com vumbnail.com *.facebook.net *.facebook.com *.bing.com *.hsappstatic.net i.vimeocdn.com *.clarity.ms *.g2.com *.provenexpert.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.cloudfront.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ws.zoominfo.com use.fontawesome.com *.echobot.de *.google.com www.youtube.com js-eu1.hsadspixel.net www.gartner.com *.doubleclick.net *.googleadservices.com blob: www.googletagmanager.com *.google-analytics.com usu.concludis.de *.hsforms.net *.hsforms.com *.cloudfront.net *.usu.com *.usu.de *.cookiefirst.com *.hs-scripts.com *.ads-twitter.com *.twitter.com *.licdn.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net sc.lfeeder.com www.gstatic.com *.facebook.net *.bing.com *.hubspot.com *.clarity.ms tracking.g2crowd.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js-eu1.hsforms.net https://unpkg.com; style-src 'self' 'unsafe-inline' data: use.fontawesome.com *.echobot.de www.gartner.com fonts.googleapis.com usu.concludis.de *.usu.com *.usu.de *.cloudfront.net *.cookiefirst.com *.hsforms.com *.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; form-action 'self' *.usu.com *.usu.de *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com; frame-ancestors 'self' 2
frame-ancestors 'self' *.tohapi.fr *.homair.com *.marvilla-parks.com 2
default-src https:; font-src https: data:; frame-src https:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 2
frame-ancestors intapp.seismic.com intapp.com www.intapp.com seismic.com www.seismic.com intapp.wpengine.com intapp.gcs-web.com investors.intapp.com; 2
frame-ancestors 'self' https://app.vendr.com; 2
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tpc.googlesyndication.com https://tr.snapchat.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk blob: https://gum.criteo.com https://app.qubit.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://analytics.tiktok.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.zavvi.com https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.pndsn.com wss://*.liveperson.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.zavvi.com https://m.zavvi.com https://checkout.zavvi.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.zavvi.com https://123vod-adaptive.akamaized.net https://456vod-adaptive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://pagead2.googlesyndication.com https://*.criteo.com https://static.criteo.net https://*.google.co.uk https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.ads-twitter.com https://analytics.twitter.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://ucarecdn.com https://cdn.pubnub.com https://assets.dekopay.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 2
child-src 'self'  blob: https://embed.windy.com/ https://bid.g.doubleclick.net/ https://td.doubleclick.net https://www.youtube.com/ https://youtube.com/ https://www.google.com/ https://hostadmin.dev.bushelsites.com/  https://www.nass.usda.gov/ https://www.facebook.com/ https://bigriverresources.applicantpro.com/ https://weatherwidget.io/ https://bqci.us11.list-manage.com/ https://inetsgi.com/ https://www.typeform.com/ https://form.typeform.com/ https://use.fontawesome.com/ https://skyviewgldw.frontieraginc.com/ https://skyviewglds.frontieraginc.com/ https://calendar.google.com/ https://forms.office.com/  https://recruiting.paylocity.com/ https://platform.twitter.com https://syndication.twitter.com/ https://mesonet.org/ https://player.vimeo.com/ https://enterprisegrain.com/ https://www.buzzsprout.com/ http://m.mesonet.org/ https://weather.wsu.edu/ https://www.uswheat.org/ https://bushelstaging7.o.bushelsites.com/ https://twitter.com/ https://www.youtube-nocookie.com/ https://www.bruglermarketing.com/ https://www.ers.usda.gov/ https://droughtmonitor.unl.edu/ https://www.usgs.gov/ https://www.thedailyscoop.com/CustSite_5_20_2022 http://scoularview.com/ http://scoularview.com:443/ https://scoularkansas.com/ https://scoulariowa.com/ https://scoularandres.com/ https://www.scoularkansas.com/ https://scoularwaverly.com/ https://scoularvirginia.com/ https://intermountain.scoular.com/ https://montana.scoular.com/ https://idaho.scoular.com/ https://missouri.scoular.com/ https://utah.scoular.com/ https://canada.scoular.com http://scoularview.com  https://www.scoularview.com/  http://www.scoularview.com/ https://forecast.weather.gov/ https://www.windy.com/ https://bushel.wistia.com https://widget.taggbox.com https://riceland.us15.list-manage.com/ https://app2.simpletexting.com/ https://mailchi.mp/ https://securepubads.g.doubleclick.net https://01a11ef3c27694652b46dcdcef7412f2.safeframe.googlesyndication.com/ https://tpc.googlesyndication.com https://www.cmegroup.com/ https://widget.tagembed.com/ https://embed.twitch.tv/ https://bushelstaging5.o.bushelsites.com/ ;                            font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ https://hostadmin.dev.bushelsites.com/ https://kit.fontawesome.com/ https://ka-f.fontawesome.com/ https://use.typekit.net/ https://use.fontawesome.com/ ;                               img-src * data: blob: https://hostadmin.dev.bushelsites.com/ ;                           object-src 'self' https://hostadmin.dev.bushelsites.com/;                                                         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net/ https://www.recaptcha.net/ https://downloads.mailchimp.com/ https://mc.us15.list-manage.com/ https://downloads.mailchimp.com/js/signup-forms/popup/unique-methods/embed.js https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/ https://www.recaptcha.net/ https://www.gstatic.com/recaptcha/ https://code.jquery.com/ https://beefmarketcentral.com/ https://www.googletagmanager.com/ https://www.amcharts.com/ https://maps.google.com/ https://www.google.com/ https://platform.twitter.com/ https://maxcdn.bootstrapcdn.com/ http://portal.farmcentric.com/ https://pagead2.googlesyndication.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/ https://fccontent.wirelessag.com/ https://localhost:* http://localhost:* https://www.googletagservices.com/ https://weatherwidget.io/ https://hostadmin.dev.bushelsites.com/ https://kit.fontawesome.com/ https://app.jazz.co/ https://embed.typeform.com/ https://bqci.us11.list-manage.com/ https://content-services.dtn.com/ https://emagrain.agricharts.com/ https://www.buzzsprout.com/ https://securepubads.g.doubleclick.net/ https://scoularview.com/ https://static.ctctcdn.com https://www.christianity.com https://fast.wistia.com https://chimpstatic.com https://player.vimeo.com https://www.convergepay.com/ https://tpc.googlesyndication.com/ https://embed.twitch.tv/ https://www.buzzsprout.com/ ;                            style-src 'self' 'unsafe-inline'  https://use.typekit.net/ https://fonts.googleapis.com/ https://khms0.googleapis.com/ https://khms1.googleapis.com/ https://maps.gstatic.com/ https://khms0.googleapis.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://embed.typeform.com/ https://localhost:* http://localhost:* https://use.fontawesome.com/ https://content-services.dtn.com/ https://hostAdmin.farmcentric.com https://downloads.mailchimp.com/ ;                              frame-ancestors 'self' https://conrefco.com/ https://hostadmin.farmcentric.com/ https://www.recaptcha.net/ https://www.recaptcha.net/ https://www.agp.com http://www.agp.com https://opnutritionfeed.com https://hostadmin.farmcentric.com/ https://www.facebook.com/ https://hostadmin.dev.bushelsites.com/ https://inetsgi.com/ https://scoulariowa.com/ https://enterprisegrain.com/ https://sidwellstrategies.o.bushelsites.com/ https://sidwellstrategies.com/ https://www.sidwellstrategies.com/ https://weskangrain.com/ https://weskangrain.com/ https://scoularview.com/ http://scoularview.com/ https://scoularkansas.com/ https://scoulariowa.com/ https://scoularandres.com/ https://www.scoularkansas.com/ https://scoularwaverly.com/ https://scoularvirginia.com/ https://intermountain.scoular.com/ https://montana.scoular.com/ https://idaho.scoular.com/ https://missouri.scoular.com/ https://utah.scoular.com/ https://canada.scoular.com https://www.scoularview.com/  http://www.scoularview.com/ https://profitpartner.unitedgrain.com/ ;              frame-src 'self' https://onedrive.live.com/ https://calendar.google.com/ https://www.google.com/ https://conrefco.com/ https://hostadmin.farmcentric.com/ https://weather.wsu.edu/ https://recruiting.paylocity.com/ https://forms.office.com/ https://www.forms.office.com/ https://mailchi.mp/ https://www.mailchi.mp/ https://app2.simpletexting.com/ https://riceland.us15.list-manage.com/ https://www.weatherlink.com/ https://skyviewgldw.frontieraginc.com/ https://skyviewglds.frontieraginc.com/  https://www.typeform.com/ https://enterprisegrain.com/ https://www.facebook.com/ https://player.vimeo.com/ https://embed.twitch.tv/ https://form.typeform.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://bushelstaging7.o.bushelsites.com/ https://www.youtube.com/  https://youtube.com/ https://platform.twitter.com/ https://embed.windy.com/ https://trioak.o.bushelsites.com/   https://www.agp.o.bushelsites.com https://www.agp.com http://www.agp.com https://www.recaptcha.net/ https://www.recaptcha.net/ https://bid.g.doubleclick.net/ https://td.doubleclick.net https://www.scoularview.com/ https://scoularview.com/ https://weatherwidget.io/ https://sidwellstrategies.o.bushelsites.com/ https://sidwellstrategies.com/ https://www.sidwellstrategies.com/ https://online.fliphtml5.com/ https://www.buzzsprout.com/ https://e.issuu.com/ https://www.uswheat.org/ 2
default-src * blob: data:; frame-ancestors 'self'; img-src * data: maps.googleapis.com maps.gstatic.com i.ytimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.analytics.google.com analytics.google.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.emailsys1a.net maps.googleapis.com *.usercentrics.eu *.cookiebot.com myaskai.com cdn.amplitude.com sentry.io; font-src 'self' data: fonts.gstatic.com myaskai.com; connect-src 'self' maps.googleapis.com www.youtube.com s.ytimg.com *.analytics.google.com analytics.google.com *.google-analytics.com www.googletagmanager.com connect.facebook.net *.emailsys1a.net *.usercentrics.eu *.cookiebot.com stats.g.doubleclick.net noembed.com myaskai.com; frame-src 'self' *.usercentrics.eu *.cookiebot.com gematik.capita-europe.com ti-lage.prod.ccs.gematik.solutions ti-lage-editor.prod.ccs.gematik.solutions login.microsoftonline.com www.youtube-nocookie.com www.youtube.com www.facebook.com *.emailsys1a.net *.int.gematik.de myaskai.com; 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: connect-src: wss://chat.sbservers.cz wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io img-src: https://chat.supportbox.cz script-src: 'unsafe-inline' https://chat.supportbox.cz style-src: https://chat.supportbox.cz blob: 2
style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com;connect-src 'self' www.google.com stats.g.doubleclick.net uploads.intercomcdn.com wss://nexus-websocket-a.intercom.io api-iam.intercom.io auth.zonda.exchange www.google-analytics.com wss://api.zondacrypto.exchange api.zondacrypto.exchange https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.facebook.com/ *.google-analytics.com *.analytics.google.com auth.zondacrypto.exchange;script-src 'self' 'unsafe-inline' 'unsafe-eval' js.intercomcdn.com widget.intercom.io *.adform.net *.youtube.com www.google-analytics.com www.googletagmanager.com *.google.com google.com ssl.google-analytics.com *.gstatic.com connect.facebook.net https://googleads.g.doubleclick.net;frame-src *.adform.net *.fls.doubleclick.net 'self' *.zondaglobal.com  *.zondacrypto.com *.google.com *.youtube.com;frame-ancestors 'self';font-src 'self' 'unsafe-inline' 'unsafe-eval' js.intercomcdn.com fonts.gstatic.com fonts.gstatic.com https://fonts.intercomcdn.com 2
frame-ancestors 'self' https://builder.io 2
default-src 'self'; img-src 'self' https://* data:; child-src https://www.youtube.com/ https://www.google.com/; style-src 'self' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/@duetds/date-picker@1.1.0/dist/duet/themes/default.css 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://business.senedd.wales; script-src 'self' blob: https://www.google-analytics.com/ https://cc.cdn.civiccomputing.com/ https://www.googletagmanager.com/ https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.0.0.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.16.0/jquery.validate.min.js https://ajax.aspnetcdn.com/ajax/mvc/5.2.3/jquery.validate.unobtrusive.min.js https://cdn.jsdelivr.net 'sha256-qTS4cC+BnlabE/doSj+MPbjtJWVdVNtQah7AzuFfjbE=' 'sha256-h4tI5yM0TF6GI9CZe5uWnJX7WqXL1kpLAJ13Idyytts=' 'sha256-byyDoONdqE08AIFI6uBk/n8GJDNnu4o8VE6qf+NETJs=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-r3mDNAbdsnbtcqGzAwDXN/1Ln5hKyg8GDZlm46+kpKg=' 'sha256-GG+mi50DV7jNq33JItnAeSGKu+DyOuVZM484bs4ioq4=' 'sha256-IZgGOToFausimoy1Ehqf2azcfWd5NrdyLunVfExDBbE=' 'sha256-NGxJAeRnkyrA2OBRtnqvyQRY28RBBbWXd+45iwUuOUU=' 'sha256-F/cu6HUELqMYhkB6TZFkoZoPLA7wPQ+ImBdqTVxZPUc=' 'sha256-OH++59VDvU6yN74Q2UuMkDjXzMZbZYGxaTP1SrqUqJs='; connect-src 'self' https://www.google-analytics.com https://www.senedd.tv https://senedd.tv https://www.senedd.assembly.wales https://www.senedd.cynulliad.cymru https://apikeys.civiccomputing.com https://senedd.assembly.wales https://senedd.cynulliad.cymru https://player.senedd.tv https://busnes.senedd.cymru https://business.senedd.wales https://region1.google-analytics.com; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://umap.openstreetmap.fr https://openstreetmap.cymru https://www.ons.gov.uk https://player.senedd.tv https://w.soundcloud.com https://my.matterport.com https://embeds.audioboom.com https://player.vimeo.com https://business.senedd.wales https://busnes.senedd.cymru https://www.canva.com https://forms.office.com https://app.powerbi.com https://cy.ons.gov.uk https://instagram.com https://www.instagram.com 2
child-src *.doubleclick.net *.dynad.net https://www.facebook.com *.hotjar.com *.pagseguro.uol.com.br *.pagbank.com.br *.rm.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.youtube.com https://www.google.com *.blip.ai data: 'self'; connect-src *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pagseguro.com.br *.pagbank.com.br *.uol.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.br wss://ws.0mn.io https: wss: 'self'; frame-ancestors 'self'; default-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br 'self'; media-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br data: 'self'; object-src *.uol.com.br *.pagseguro.com.br *.pagbank.com.br data: 'self'; font-src *.pagseguro.uol.com.br *.pagseguro.com.br *.pagbank.uol.com.br *.pagbank.com.br *.uol.com *.uol.com.br *.imguol.com.br *.gstatic.com *.hotjar.com https://imguol.com.br data: 'self'; img-src *.google.com *.google.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.googleadservices.com *.g.doubleclick.net https://www.facebook.com *.imguol.com *.uol.com *.uol.com.br *.pagseguro.com.br *.pagbank.com.br *.scorecardresearch.com *.ytimg.com *.doubleclick.net *.youtube.com *.hotjar.com *.tailtarget.com bat.bing.com https://imguol.com https://imguol.com.br trg.adilligo.com takenetomni.blob.core.windows.net data: 'self'; script-src bat.bing.com *.doubleclick.net *.dynad.net https://connect.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.jsdelivr.net *.jsuol.com.br *.pagseguro.com.br *.pagbank.com.br *.simg.uol.com.br *.tailtarget.com *.uol.com *.uol.com.br *.ytimg.com https://pagseguro.info https://pag.ae https://imguol.com.br https://www.gstatic.com https://tracking.tunad.io https://js-agent.newrelic.com https://*.nr-data.net about: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.uol.com *.pagseguro.uol.com.br *.pagseguro.com.br *.pagbank.uol.com.br *.pagbank.com.br *.hotjar.com *.simg.uol.com.br *.ytimg.com https://imguol.com.br 'self' *.google.com *.googleapis.com 'unsafe-inline'; report-uri /csp-report 2
media-src 'self'; object-src 'self' 2
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 2
upgrade-insecure-requests;block-all-mixed-content; 2
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.googleapis.com https://*.cloudfront.net  https://*.cloudflare.com https://*.youtube.com https://*.xy.finance; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://*.googleapis.com https://*.thundercore.com https://*.cloudflare.com https://*.youtube.com https://*.google-analytics.com https://*.googletagmanager.com; style-src * data: 'unsafe-inline'; font-src 'self' data: https://*.gstatic.com; connect-src https://*.thundercore.com https://prod-official-backend.platform.dev.tt-eng.com https://*.google-analytics.com https://stats.g.doubleclick.net; manifest-src 'self' 'unsafe-inline'; object-src 'none'; img-src * data: 'unsafe-inline';frame-src 'self' data: https://*.youtube.com https://*.xy.finance; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; report-uri https://www.thundercore.com 2
default-src 'self'; img-src 'self' data: https://api.study-in-germany.de *.daad.de *.study-in-germany.de *.tile.openstreetmap.de *.google-analytics.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.ytimg.com *.gravatar.com *.dw.com *.openstreetmap.de *.openstreetmap.org; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'self' 'unsafe-inline' http://tagmanager.google.com https://tagmanager.google.com *.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com *.youtube.com 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data data:;; connect-src 'self' https://api.study-in-germany.de *.google-analytics.com *.googletagmanager.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; media-src *.youtube-nocookie.com; frame-src *.youtube.com *.youtube-nocookie.com 2
default-src 'none'; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.googletagmanager.com www.googleadservices.com snap.licdn.com/li.lms-analytics/insight.min.js js.hs-scripts.com/4398552.js googleads.g.doubleclick.net/pagead/; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob: android-webview-video-poster: px.ads.linkedin.com www.googletagmanager.com; media-src 'self' https: monkapps.com; frame-src 'self' https: www.youtube.com; frame-ancestors 'self'; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: cdn.cookielaw.org www.googleadservices.com www.google.com/pagead/ googleads.g.doubleclick.net/pagead/ www.google-analytics.com/g/collect; manifest-src 'self'; script-src-elem 'self' https: 'unsafe-inline' www.googletagmanager.com www.googleadservices.com; report-uri https://sentry.nadapada.net/api/125/security/?sentry_key=b569db56805c4e5f98879e39f0fc3053 2
default-src 'self'; base-uri 'self'; frame-src 'self'; frame-ancestors 'self'; form-action 'none'; script-src 'self'; img-src 'self' 2
frame-ancestors 'self' analytics.pt-dlr.de 2
default-src 'self' *.wirth-horn.de 'unsafe-eval' 'unsafe-inline' *.jobs.personio.de *.etrusted.com *.trustbadge.com *.trustedshops.com www.youtube-nocookie.com *.matomo.cloud; img-src data: *; media-src data: *; style-src 'self' data: 'unsafe-inline' *.wirth-horn.de  https://fonts.googleapis.com *.matomo.cloud; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.matomo.cloud; 2
default-src 'self'; connect-src 'self' https://*.mirrorcanada.com https://*.lululemonstudio.com https://refinemirror.com https://*.affirm.com https://mirror.attn.tv https://*.pndsn.com https://heapanalytics.com https://analytics.google.com https://*.g.doubleclick.net https://events.attentivemobile.com https://api.fastbundle.co https://*.ingest.sentry.io https://*.myshopify.com https://*.segment.com https://*.segment.io https://ct.pinterest.com https://*.fullstory.com https://events.attentivemobile.com https://www.google-analytics.com https://mirror.api.kustomerapp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://mirrorco.hu6f.net https://vimeo.com/api/oembed.json https://cdn.linkedin.oribi.io/partn https://*.evolv.ai ; script-src-elem 'unsafe-inline' 'self'  https://*.affirm.com https://snap.licdn.com https://tag.measured.com https://js.adsrvr.org https://*.g.doubleclick.net https://*.fullstory.com https://cdn.kustomerapp.com https://cdn.attn.tv https://s.pinimg.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.segment.com https://js.stripe.com https://*.hotjar.com https://d.impactradius-event.com https://unpkg.com/@segment/ https://onelinksmartscript.appsflyer.com https://*.heapanalytics.com https://bat.bing.com/bat.js https://analytics.tiktok.com/i18n/pixel/events.js https://sc-static.net/sceven https://*.evolv.ai ; media-src 'self' https://res.cloudinary.com ; manifest-src 'self' ; img-src 'self' data: https: https://events.attentivemobile.com ; font-src 'self' https://cdn.kustomerapp.com data: ; style-src 'unsafe-inline' 'self' https://*.evolv.ai ; frame-src https://*.affirm.com https://*.attn.tv/ https://ct.pinterest.com/ https://*.hotjar.com https://*.fls.doubleclick.net https://js.stripe.com https://player.vimeo.com ; object-src 'none' 2
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://rules.quantcount.com/ https://secure.quantserve.com/ https://js.adsrvr.org https://cdn.sticky.io https://marketing.hachette-partworks.com https://cdn.wishpond.net/connect.js https://u.videostep.com https://analytics.tiktok.com https://www.clarity.ms https://static.r66net.com https://k.r66net.com https://ks.invibes.com https://www.paypalobjects.com https://tag.aticdn.net https://cdn3.actito.com/legacy/actito-goal/goal.js https://www.awin1.com/ https://www.dwin1.com/ https://www.paypal.com https://geolocation.onetrust.com/ https://fevoki.wejekihota.com https://apis.google.com https://cdn.cookielaw.org https://www.googletagmanager.com https://connect.facebook.net https://ws1.postescanada-canadapost.ca https://cdnjs.cloudflare.com https://cdn.doofinder.com https://cdn.hachette-collections.com https://www.google-analytics.com https://www.google.com https://script.hotjar.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://static.hotjar.com https://autroliner.com https://cilkonlay.com https://bat.bing.com https://s.pinimg.com https://sp.analytics.yahoo.com https://s.yimg.com https://www.redditstatic.com https://www3.actito.com https://widget.trustpilot.com https://invitejs.trustpilot.com; style-src 'self' 'unsafe-inline' https://www.hachette-collections.com/ https://www.googletagmanager.com https://fonts.googleapis.com https://ws1.postescanada-canadapost.ca https://cdn.hachette-collections.com https://hachettepartworks.com; img-src 'self' data: https://ad.doubleclick.net https://pixel.quantserve.com *.bing.com *.xiti.com *.clarity.ms https://fonts.gstatic.com https://www.paypalobjects.com https://analytics.tiktok.com https://s.videostep.com https://ks.b26net.com https://ks.invibes.com https://tbs.tradedoubler.com https://tbl.tradedoubler.com https://t.paypal.com https://www.hachette-collections.com https://cdn.cookielaw.org https://www.google.co.il https://www.facebook.com https://ws1.postescanada-canadapost.ca https://hachettepartworks.com https://cdn.hachette-collections.com https://bat.bing.com https://www.google.be https://www.google.com https://www.gstatic.com https://www.google.fr https://www.google-analytics.com https://www.google.ca https://autroliner.com https://www.googletagmanager.com https://www.google.ch https://ct.pinterest.com https://www.google.de https://www.google.co.uk https://www.google.lu https://www.google.it https://www.google.pt https://www.google.co.ma https://scontent-cdg2-1.cdninstagram.com https://alb.reddit.com https://googleads.g.doubleclick.net https://www.google.dk https://scontent-cdt1-1.cdninstagram.com https://info.hachette-collections.com https://www.google.gr https://www.google.tn; font-src 'self' https://www.hachette-collections.com/ https://fonts.gstatic.com https://cdn.hachette-collections.com https://static3.avast.com; media-src 'self' data: https://cdn.hachette-collections.com https://www.hachette-collections.com https://workbench-www.hachette-collections.com https://hachettepartworks.com; connect-src 'self' *.redditstatic.com *.reddit.com https://adservice.google.com https://pixel.quantcount.com https://google.com https://hachettepartworks.sticky.io https://marketing.hachette-partworks.com *.xiti.com *.google.fr *.analytics.google.com https://content.hotjar.io *.google-analytics.com wss://*.hotjar.com *.hotjar.com *.clarity.ms *.invibes.com/ https://analytics.tiktok.com https://region1.google-analytics.com https://geolocation.onetrust.com https://www.sandbox.paypal.com https://www.paypal.com https://privacyportal-eu.onetrust.com https://privacyportal-fr.onetrust.com https://1637314617.rsc.cdn77.org https://cdn.cookielaw.org https://stage-secure2-vault.hipay-tpp.com https://ws1.postescanada-canadapost.ca https://eu1-search.doofinder.com https://secure2-vault.hipay-tpp.com https://bat.bing.com https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://ct.pinterest.com https://s.yimg.com https://vc.hotjar.io https://www.facebook.com; frame-src 'self' *.doubleclick.net https://td.doubleclick.net https://ad.doubleclick.net https://cdn.sticky.io https://cdn.wishpond.net/ https://www.paypalobjects.com/ https://www.facebook.com/ https://tbs.tradedoubler.com/ https://www.pinterest.fr/ https://www.pinterest.com/ https://www.sandbox.paypal.com https://www.paypal.com https://checkout.slimpay.net https://checkout.preprod.slimpay.com https://accounts.google.com https://www.youtube.com *.moneris.com *.sticky.io https://w.soundcloud.com https://vars.hotjar.com https://bid.g.doubleclick.net https://aax-eu.amazon-adsystem.com https://widget.trustpilot.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri /report.php 2
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vimeo.com https://player.vimeo.com/api/player.js platform.linkedin.com https://www.linkedin.com cdn.linkedin.oribi.io https://px.ads.linkedin.com/ *.guidepoint.com qsight.guidepoint.com ls.guidepoint.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ analytics.google.com www.google-analytics.com ajax.googleapis.com *.bc0a.com *.b0e8.com cmp.osano.com static.addtoany.com https://www.googletagmanager.com snap.licdn.com boards.greenhouse.io js.driftt.com scout-cdn.salesloft.com *.osano.com https://td.doubleclick.net https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' *.guidepoint.com guidepoint.com https://fonts.googleapis.com platform.twitter.com maxcdn.bootstrapcdn.com fast.fonts.net *.osano.com; img-src * 'self' www.googletagmanager.com; font-src * 'self' https://fonts.gstatic.com maxcdn.bootstrapcdn.com www.guidepoint.com *.guidepoint.com; connect-src 'self' cdn.linkedin.oribi.io ixfd1-api.bc0a.com analytics.google.com *.guidepoint.com qsight.guidepoint.com ls.guidepoint.com www.google-analytics.com stats.g.doubleclick.net boards-api.greenhouse.io guidepoint.com consent.api.osano.com tattle.api.osano.com scout.salesloft.com https://*.googleapis.com *.google.com https://*.gstatic.com *.osano.com; media-src * 'self'; frame-src 'self' https://snazzymaps.com platform.twitter.com boards.greenhouse.io cmp.osano.com is.driftt.com js.driftt.com youtube.com youtu.be www.youtube.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ *.google.com https://www.linkedin.com *.osano.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net; worker-src 'self' *.osano.com blob:; frame-ancestors www.youtube.com youtube.com youtu.be 2
connect-src 'self'; img-src 'self'; base-uri 'self'; upgrade-insecure-requests; 2
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ct.captcha-delivery.com/c.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://www.google-analytics.com/analytics.js https://static.doubleclick.net/instream/ad_status.js https://*.googleapis.com https://www.youtube.com/s/player/a1d7d0f8/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://www.google.com https://static.hotjar.com/c/hotjar-1800997.js https://app.termly.io https://player.vimeo.com/api/player.js; object-src 'none'; worker-src 'self' blob:; base-uri 'self'; 2
default-src 'none';script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://app.usercentrics.eu https://cdn.attractify.io https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com widgets.trustedshops.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://fonicchat.novomind.com https://fonic.novomind.com https://fonic-oat.novomind.com;style-src 'report-sample' 'self' 'unsafe-inline' https://app.usercentrics.eu https://tagmanager.google.com https://fonts.googleapis.com https://app.vwo.com;object-src 'self';base-uri 'self';connect-src 'self' https://sentry.fonic.de https://aggregator.service.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://in.hotjar.com https://*.hotjar.com wss://*.hotjar.com https://vc.hotjar.io *.google-analytics.com *.analytics.google.com analytics.google.com https://fonic-iq.novomind.com https://fonic.novomind.com wss://fonic.novomind.com https://fonic-oat.novomind.com wss://fonic-oat.novomind.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://api.attractify.io widgets.trustedshops.com https://api.trustedshops.com https://shops-si.trustedshops.com https://trustbadge.api.etrusted.com https://api.trustbadge.etrusted.com https://api/maintenance_mode https://stats.g.doubleclick.net https://www.google.de https://www.google.at https://www.google.ch https://translate.googleapis.com *.hotjar.io;font-src 'self' script.hotjar.com https://fonts.gstatic.com data:;frame-src 'self' https://app.usercentrics.eu https://vars.hotjar.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://fonicchat.novomind.com https://app.vwo.com/ https://td.doubleclick.net;img-src 'self' data: https://app.usercentrics.eu https://handyshop.fonic.de https://shop.fonic-mobile.de https://dev.visualwebsiteoptimizer.com https://app.vwo.com *.google-analytics.com *.analytics.google.com http://o2-de.spatialbuzz.net https://o2-de.spatialbuzz.net https://widgets.trustedshops.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.de https://www.google.at https://www.google.ch https://translate.googleapis.com https://script.hotjar.com;manifest-src 'self';media-src 'self';worker-src 'none';report-uri https://sentry.fonic.de/api/2/security/?sentry_key=38cf201186774063918a253e28caadce 2
default-src 'self' https://*.hexa3d.io https://*.h3dstaging.com; img-src 'self' data: w3.org/svg/2000 images.ctfassets.net https://www.google-analytics.com https://www.google.com https://www.google.com.au https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.google.com/recaptcha/ https://maps.googleapis.com https://maps.gstatic.com https://v2assets.zopim.io https://tr.snapchat.com https://www.facebook.com https://ct.pinterest.com https://www.pinterest.com https://network-stg.bazaarvoice.com https://d.adroll.com https://services.postcodeanywhere.co.uk http://services.postcodeanywhere.co.uk https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://pixel.advertising.com https://sync.outbrain.com https://*.pubmatic.com https://*.yahoo.com https://sync.taboola.com https://eb2.3lift.com https://x.bidswitch.net https://idsync.rlcdn.com https://us-u.openx.net https://ib.adnxs.com https://cm.g.doubleclick.net https://10800822.fls.doubleclick.net https://sync.mathtag.com https://match.adsrvr.org https://rc.rlcdn.com https://edge.curalate.com https://bat.bing.com https://cdn.feedbackify.com https://tag.yieldoptimizer.com https://*.bazaarvoice.com https://production-web-michaelhill.demandware.net https://prod-sfcc-api.michaelhill.com https://www.michaelhill.com https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://*.zip.co https://zip.co https://*.zipmoney.com.au https://demo4.paasweb.co.il https://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.analytics.google.com https://analytics.google.com https://*.barilliance.com https://barilliance.com https://*.s3.amazonaws.com https://*.amazonaws.com https://amazonaws.com https://*.hexa3d.io https://*.h3dstaging.com https://*.adyen.com https://cdn.optimizely.com https://optimizely-hrd.appspot.com https://*.contentsquare.net https://*.shophumm.com.au https://*.doubleclick.net; style-src 'self' https://www.googleapis.com https://fonts.googleapis.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/api.js 'unsafe-inline' https://s3.amazonaws.com/static.barilliance.com/owl-carousel/owl.carousel.css https://s3.amazonaws.com/static.barilliance.com/owl-carousel/owl.theme.css https://www.michaelhill.com.au https://www.michaelhill.co.nz https://www.michaelhill.ca https://*.bazaarvoice.com https://*.zip.co https://*.zipmoney.com.au https://demo4.paasweb.co.il https://*.inside-graph.com https://*.powerfront.com https://*.hexa3d.io https://*.h3dstaging.com https://*.shophumm.com.au; font-src 'self' data: localhost https://fonts.gstatic.com https://*.inside-graph.com; media-src 'self' https://player.vimeo.com/ https://static.zdassets.com https://*.akamaized.net https://*.hexa3d.io https://*.h3dstaging.com https://*.curalate.com https://services.postcodeanywhere.co.uk; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' http://api.addressy.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/enterprise.js https://www.recaptcha.net/recaptcha/api.js https://maps.googleapis.com www.googleadservices.com https://*.hotjar.com https://sc-static.net https://unpkg.com https://*.bazaarvoice.com https://analytics-static.ugc.bazaarvoice.com https://static.zdassets.com https://connect.facebook.net https://googleads.g.doubleclick.net https://s.pinimg.com https://analytics.tiktok.com https://s.adroll.com https://cdn.rudderlabs.com http://edge.curalate.com https://d.adroll.com https://cdn.feedbackify.com https://www1.feedbackify.com https://ajax.googleapis.com https://s3.amazonaws.com https://bat.bing.com https://*.barilliance.com https://www.barilliance.net https://www.google.com https://www.googleanalytics.com https://*.michaelhill.com.au https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.pinterest.com https://*.zip.co https://*.zipmoney.com.au https://demo4.paasweb.co.il https://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.analytics.google.com https://analytics.google.com https://d3aq2u4yw77ivo.cloudfront.net https://*.hexa3d.io https://*.h3dstaging.com https://www.paypal.com https://tr.snapchat.com https://*.optimizely.com https://optimizely-hrd.appspot.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://t.contentsquare.net https://app.contentsquare.com https://cnstrc.com https://*.adsrvr.org https://*.shophumm.com.au; connect-src 'self' http://api.addressy.com https://services.postcodeanywhere.co.uk https://www.google-analytics.com https://www.googleapis.com https://maps.googleapis.com https://ekr.zdassets.com https://michaelhill.zendesk.com wss://widget-mediator.zopim.com https://ct.pinterest.com https://apps.bazaarvoice.com https://api.rudderlabs.com https://michaelhill-dataplane.rudderstack.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://in.hotjar.com https://edge.curalate.com https://tr.snapchat.com https://bat.bing.com https://api.pinpiaa.com https://d.adroll.com https://*.bazaarvoice.com https://*.zip.co https://*.zipmoney.com.au https://demo4.paasweb.co.il https://*.inside-graph.com wss://*.inside-graph.com https://*.powerfront.com https://s.yimg.com https://*.adroll.com https://adroll.com https://*.clarity.ms https://*.fls.doubleclick.net https://fls.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://*.barilliance.com https://www.barilliance.net https://brauz-api-netlify.netlify.app https://*.michaelhill.com.au https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.pinterest.com https://*.hexa3d.io https://*.h3dstaging.com https://*.adyen.com https://*.paypal.com https://gcr-albatros-eu-prod-europe-west1-mtg-j7ib225lma-ew.a.run.app http://localhost:3000 http://localhost:8181 http://localhost:8181 https://logx.optimizely.com https://*.optimizely.com https://optimizely-hrd.appspot.com https://*.contentsquare.net https://*.flexiti.fi https://*.cnstrc.com https://*.adsrvr.org https://*.shophumm.com.au https://*.snapchat.com; frame-ancestors 'self' https://*.hexa3d.io https://*.h3dstaging.com; object-src 'none'; frame-src https://*.adsrvr.org https://*.adroll.com https://*.adyen.com https://*.bazaarvoice.com https://*.doubleclick.net https://*.flexiti.fi https://*.fls.doubleclick.net https://*.h3dstaging.com https://*.hexa3d.io https://*.inside-graph.com https://*.michaelhill.ca https://*.michaelhill.co.nz https://*.michaelhill.com.au https://*.paypal.com https://*.powerfront.com https://*.zipmoney.com.au https://bid.g.doubleclick.net https://ct.pinterest.com https://demo4.paasweb.co.il https://optimizely-hrd.appspot.com https://reserve-in-store-michael-hill-au.netlify.app https://reserve-in-store-michael-hill-ca.netlify.app https://reserve-in-store-michael-hill-nz.netlify.app https://static.zip.co https://tr.snapchat.com https://vars.hotjar.com https://widgets.partpay.co.nz https://widgets.shophumm.com.au https://www.barilliance.net https://www.facebook.com https://www.google.com https://www.pinterest.com.au https://www.pinterest.com https://www.recaptcha.net/ https://www.youtube.com https://a24400620820.cdn-pci.optimizely.com https://a24400620820.cdn.optimizely.com https://a24400620820.cdn.optimizely.com https://a24634220027.cdn-pci.optimizely.com https://a24633620082.cdn-pci.optimizely.com https://a24633620082.cdn.optimizely.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: 2
default-src http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https: service-content.lumion.com services.lumion3d.net lumion.com s.ytimg.com www.youtube.com www.youtube-nocookie.com kit.fontawesome.com kit-free.fontaw.com ajax.googleapis.com fonts.googleapis.com use.typekit.net p.typekit.net use.fontawesome.com t.co ipapi.co www.google-analytics.com www.googleadservices.com connect.facebook.net static.ads-twitter.com analytics.twitter.com platform.twitter.com cdn.syndication.twimg.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io www.google.com www.facebook.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com static.cloudflareinsights.com ajax.cloudflare.com https://*.sheerid.com platform.twitter.com; frame-ancestors 'self' https://*.storyblok.com/; frame-src https://meetings-eu1.hubspot.com/ https://app-eu1.hubspot.com/ https://portal.productboard.com https://*.hsforms.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://11264468.fls.doubleclick.net/ https://td.doubleclick.net/ download.lumion.com https://*.sheerid.com view.mylumion.com www.youtube.com www.youtube-nocookie.com platform.twitter.com vars.hotjar.com www.facebook.com syndication.twitter.com player.vimeo.com; object-src 'none'; 2
script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleadservices.com bat.bing.com s.yimg.com sp.analytics.yahoo.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://code.jquery.com https://cdnjs.cloudflare.com https://www.youtube.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com; img-src 'self' data: https://www.google.co.in https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.google.com.sg  https://www.google.co.in/ads/ https://ssl.google-analytics.com; font-src 'self' https://css.zohocdn.com https://fonts.gstatic.com data:; frame-ancestors 'self' ; frame-src 'self' https://www.youtube.com https://www.google.com; object-src 'self' ; connect-src https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net 2
frame-ancestors 'self' *.upc.ch *.upc.biz *.sunrise.net ocpretailconfiguratorupc.ch *.ocpretailconfiguratorupc.ch tcx.ch *.upctv.ch *.sunrise.ch *.privent.ch *.upc-print.ch safeavenue.f-secure.com sunrisemoments.ch www.ticketcorner.ch; 2
default-src 'self' *.gstatic.com 'unsafe-inline'; img-src 'self' www.gstatic.com *.recaptcha.net; script-src *.gstatic.com *.recaptcha.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; frame-src *.recaptcha.net 'self'; 2
default-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.suizoargentina.com.ar *.suizoargentina.com suizoargentina.com *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com  *.mapbox.com chat-rueda.firebaseio.com *.firebaseio.com s-usc1c-nss-265.firebaseio.com *.bootstrapcdn.com caba33.suizoargentina.com.ar *.youtube.com *.log-in.com.ar *.w3.org *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com cdn.jsdelivr.net chat.suizoargentina.com *.google-analytics.com *.googletagmanager.com code.jquery.com ajax.googleapis.com connect.facebook.net *.facebook.com *.g.doubleclick.net *.gravatar.com *.suizoargentina.com/webchat chat.suizoargentina.com/webchat/ https://suizoargentina.com/ 10.5.0.33 https://10.0.29.29; img-src 'self' 'unsafe-inline' data: blob: 'unsafe-eval' *.mapbox.com http://suizoargentina.com https://suizoargentina.com https://suizoargentina.com/ caba33.suizoargentina.com.ar *.suizoargentina.com.ar https://10.0.29.29 *.suizoargentina.com *.exposuizo.com.ar *.google.com *.googleapis.com fonts.googleapis.com *.gstatic.com *.farmaonline.com  *.bootstrapcdn.com *.youtube.com *.log-in.com.ar chat-rueda.firebaseio.com *.firebaseio.com *.w3.org s-usc1c-nss-265.firebaseio.com *.vtexcommercestable.com.br *.myvtex.com *.vteximg.com.br *.vtex.com unpkg.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com  connect.facebook.net *.facebook.com *.g.doubleclick.net secure.gravatar.com;  2
default-src https: wss: ; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src 'self' data: *; connect-src 'self' *; frame-src 'self' * 2
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://c.lytics.io https://api.ipify.org https://cdn.segment.com https://z.moatads.com https://s3.us-west-2.amazonaws.com https://ss.click2cart.com https://click2cart.com api.tiles.mapbox.com pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.bazaarvoice.com https://s3-us-west-2.amazonaws.com https://cdn.pricespider.com https://c.lytics.io https://maxcdn.bootstrapcdn.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' assets.ctfassets.net videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://ad.doubleclick.net https://d.agkn.com https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://www.google.com https://s.amazon-adsystem.com *.click2cart.com https://click2cart.com https://click2cart.co https://s3.us-west-2.amazonaws.com https://40n23zgkic3y-a.akamaihd.net https://px.moatads.com https://c.lytics.io i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://pandg.tapad.com *.click2cart.com https://click2cart.com https://click2cart.co https://www.youtube-nocookie.com www.youtube.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; frame-ancestors https://app.contentful.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://cdn.territories.bnpparibas https://cdn-preprod.territories.bnpparibas https://cdn-staging.territories.bnpparibas; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net https://*.kampyle.com https://*.medallia.com http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv http://claro.clientcampaigns.live https://*.google.com.mx https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://tags.bkrtx.com https://stags.bluekai.com https://programarcita.claro.com.hn https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com  https://*.facebook.com https://*.facebook.net https://digitasgt.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.sv https://*.clarodigital.net https://stackpath.bootstrapcdn.com https://*.claro.com.hn https://*.clarity.ms https://universalplus.com https://claro.clientcampaigns.live; media-src mediastream:; 2
frame-ancestors * ; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
default-src 'self'; font-src data: 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline'; img-src data: blob: 'self'; frame-ancestors 'self'; frame-src 'self' https:; script-src 'self' 'unsafe-eval'; upgrade-insecure-requests; connect-src 'self' https:; object-src 'none'; base-uri 'self'; 2
default-src 'self'; font-src 'self' cdn.taxsee.com fonts.gstatic.com https://*.gstatic.com data: fonts.gstatic.com *.imgsmail.ru *.mail.ru *.mradx.net; frame-src 'self' https://*.doubleclick.net blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.youtube.com www.google.com mediacdn.mediaad.org *.yektanet.com optimize.google.com *.fls.doubleclick.net www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com mail.ru ok.ru vk.com; img-src 'self' data: cdn.taxsee.com *.gstatic.com https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md data: optimize.google.com www.google.com www.google.ru www.google.kz log.adtimaserver.vn analytics.pangle-ads.com *.imgsmail.ru *.mail.ru mail.ru trustseal.enamad.ir; script-src 'self' 'unsafe-inline' https://*.facebook.com https://*.facebook.net https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.doubleclick.net https://top-fwz1.mail.ru https://analytics.tiktok.com https://vk.com https://*.vk.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://*.youtube.com 'unsafe-eval' *.yektanet.com *.mediaad.org unpkg.com www.gstatic.com www.googleoptimize.com optimize.google.com *.yandex.net *.google.ru *.google.kz *.g.doubleclick.net gstatic.com s.zzcdn.me www.aparat.com *.imgsmail.ru *.mail.ru *.mradx.net *.odnoklassniki.ru *.relap.io *.vk.com mail.ru vk.com *.ads-twitter.com; media-src 'self' https://*.youtube.com *.imgsmail.ru *.mail.ru *.mradx.net *.ok.ru *.vk.com data: mail.ru ok.ru vk.com; child-src 'self' blob: https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md; connect-src 'self' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://top-fwz1.mail.ru https://analytics.tiktok.com https://mc.yandex.ru https://mc.yandex.com https://mc.yandex.md https://*.doubleclick.net *.yektanet.com api.mediaad.org ma-cdn.pegah.tech log.adtimaserver.vn analytics.pangle-ads.com *.dzen.ru *.imgsmail.ru *.mail.ru *.mradx.net *.relap.io *.vk.com mail.ru relap.io vk.com; form-action 'self'; manifest-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' cdn.taxsee.com fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com unpkg.com optimize.google.com *.imgsmail.ru *.mail.ru *.mradx.net; worker-src 'self'; frame-ancestors DENY; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 2
default-src 'self' js.stripe.com challenges.cloudflare.com static.cloudflareinsights.com; font-src 'self' data:; img-src 'self' data:; object-src 'none'; script-src 'self' js.stripe.com challenges.cloudflare.com static.cloudflareinsights.com 'nonce-'; style-src 'self'; connect-src 'self' wss://ws.chain.so js.stripe.com challenges.cloudflare.com; frame-src 'self' challenges.cloudflare.com js.stripe.com 2
default-src 'self'; script-src 'self'; connect-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://derpicdn.net https://ext.derpicdn.net; media-src 'self' blob: data: https://derpicdn.net https://ext.derpicdn.net; block-all-mixed-content 2
default-src 'self'; connect-src * data: 'unsafe-inline'; font-src *; frame-src *; img-src * blob: data: ; media-src *; object-src *; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src 'self' blob:; child-src blob:; 2
connect-src 'self' https://api2.amplitude.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com *.ascension.org;default-src 'self' blob: *.ascension.org;font-src 'self' fonts.gstatic.com https://fonts.googleapis.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ data: *.ascension.org;frame-src 'self' *.formstack.com https://www.formassembly.com/ https://www.volgistics.com/ https://ascension.tfaforms.net/ blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ *.youtube.com/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js *.ascension.org;img-src 'self' https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ data: *.ascension.org;object-src 'none' ;script-src 'self' 'unsafe-eval' https://cdn.amplitude.com https://ascensioncrm--uat.sandbox.my.site.com/ https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm--acc.sandbox.my.salesforce.com/ https://service.force.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm.my.salesforce.com https://ascension.force.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://static.lightning.force.com/ https://service.force.com/ https://*.salesforceliveagent.com/chat/ https://tfaforms.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com https://www.googletagmanager.com/gtm.js 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/react/18.2.0/ https://cdnjs.cloudflare.com/ajax/libs/react-dom/18.2.0/  https://cdnjs.cloudflare.com/ajax/libs/es6-shim/ https://cdnjs.cloudflare.com/ajax/libs/es5-shim/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/ https://maps.googleapis.com/maps/api/mapsjs/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/$rpc/ https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/staticmap https://platform-api.sharethis.com/js/sharethis.js https://buttons-config.sharethis.com/js/ https://l.sharethis.com/pview https://a.tiles.mapbox.com/ https://*.localsearchprofiles.com/ https://support.doctorpodcasting.com/ https://radiomd.com/ https://az416426.vo.msecnd.net/scripts/ https://dc.services.visualstudio.com/v2/track https://static.srcspot.com/libs/hannie.js blob: https://bcbolt446c5271-a.akamaihd.net/media/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/vttjs/0.15.3/vtt.global.min.js https://cf-images.us-east-1.prod.boltdns.net/ https://manifest.prod.boltdns.net/ https://gallery-metrics.api.brightcove.com/ *.ascension.org;style-src 'self' 'unsafe-eval' 'unsafe-inline' https://ascensioncrm--acc.sandbox.my.site.com https://ascensioncrm.my.salesforce-sites.com https://ascensioncrm--acc.sandbox.my.salesforce-sites.com/ https://ascensioncrm--uat.sandbox.my.salesforce.com/ https://ascensioncrm--uat.sandbox.my.salesforce-sites.com/ https://service.force.com/embeddedservice/ fonts.gstatic.com https://fonts.googleapis.com https://service.reputation.com/ https://api.mapbox.com/ assets.reputation.com *.ascension.org; 2
base-uri 'self'; default-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.projuris.com.br https://cdn.jsdelivr.net https://www.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.googleadservices.com https://px.ads.linkedin.com https://cdn.jotfor.ms https://form.jotform.com https://cdn.neurologic.com.br https://app.leadster.com.br https://www.clickcease.com https://*.cloudflare.com https://*.google-analytics.com https://*.cloudfront.net https://fonts.googleapis.com https://www.googletagmanager.com https://code.jquery.com https://visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self' blob: data: https://cdn-s3.callpage.io https://*.omappapi.com https://i.ytimg.com https://wp.stories.google https://www.gstatic.com https://eye.rd.services https://*.ads.linkedin.com https://bat.bing.com https://www.google.com.br https://www.facebook.com https://lipis.github.io https://*.projuris.com.br https://secure.gravatar.com https://ps.w.org https://app.leadster.com.br https://cdn.neurologic.com.br https://storage.googleapis.com https://www.google.com https://*.cloudflare.com https://*.cloudfront.net https://*.google-analytics.com https://forms.hsforms.com https://track.hubspot.com https://www.linkedin.com https://*.hsforms.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://analytics.twitter.com https://t.co https://blog.sajadv.com.br/ https://c.clarity.ms/ https://c.bing.com/ https://cdn.positus.global/ https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/ https://dev.visualwebsiteoptimizer.com/ https://visualwebsiteoptimizer.com https://chart.googleapis.com https://app.vwo.com; style-src 'self' https://cdn.ampproject.org https://cdn-widget.callpage.io https://*.omappapi.com https://optimize.google.com https://stackpath.bootstrapcdn.com https://*.cloudflare.com https://*.projuris.com.br https://maxcdn.bootstrapcdn.com https://cdn.positus.global https://k3v2w4q6.stackpathcdn.com 'unsafe-inline' https://fonts.googleapis.com https://visualwebsiteoptimizer.com https://app.vwo.com; font-src 'self' data: https://cdnjs.cloudflare.com https://*.omappapi.com https://use.typekit.net https://*.projuris.com.br https://fonts.googleapis.com https://fonts.gstatic.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com https://js.hs-banner.com/; frame-src 'self' https://www.youtube-nocookie.com https://anchor.fm https://open.spotify.com https://vars.hotjar.com https://app.vooozer.com https://bid.g.doubleclick.net https://submit.jotform.com https://form.jotform.com https://go.vooozer.com https://*.soundcloud.com https://*.projuris.com.br https://www.youtube.com https://www.facebook.com https://s-static.ak.facebook.com https://*.google.com https://forms.hsforms.com https://app.hubspot.com/ https://podcasters.spotify.com https://sajadv.chat.blip.ai/ https://td.doubleclick.net/ https://22474960.hs-sites.com/ https://app.vwo.com https://visualwebsiteoptimizer.com; frame-ancestors 'self' https://*.projuris.com.br; connect-src 'self' https://www.google.com.br/ads/* https://*.callpage.io https://*.omappapi.com https://cdnjs.cloudflare.com https://us-central1-amp-error-reporting.cloudfunctions.net https://cdn.ampproject.org https://gyruss.rdops.systems wss://*.hotjar.com https://demo.theme.co https://*.hotjar.io https://*.hotjar.com https://bat.bing.com https://monitor.clickcease.com https://www.facebook.com https://app.leadster.com.br https://app.neurologic.com.br https://stats.g.doubleclick.net https://*.google-analytics.com https://*.rdstation.com.br https://cdn.linkedin.oribi.io https://api.hubapi.com https://forms.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://*.clarity.ms https://*.hscollectedforms.net https://www.googletagmanager.com https://ampcid.google.com https://ampcid.google.com.br https://js.hs-banner.com https://api.hubspot.com https://my.yoast.com/ https://analytics.google.com/ https://cta-service-cms2.hubspot.com/ https://pagead2.googlesyndication.com/ https://qeryz.com/ https://px.ads.linkedin.com/ https://dev.visualwebsiteoptimizer.com/ https://visualwebsiteoptimizer.com https://app.vwo.com; object-src 'none'; media-src 'self' https://cdn-widget.callpage.io https://*.projuris.com.br; worker-src 'self' blob: https://*.projuris.com.br; script-src-elem 'self' 'unsafe-inline' data: https://www.gstatic.com https://cdn-widget.callpage.io https://*.omappapi.com https://cdn.ampproject.org https://www.youtube.com https://w.soundcloud.com https://panel.safetymails.com https://www.googleoptimize.com https://*.hotjar.com https://*.google.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googleadservices.com https://cdn.neurologic.com.br  https://connect.facebook.net https://*.cloudfront.net https://cdn.jsdelivr.net https://px.ads.linkedin.com https://cdn.jotfor.ms https://form.jotform.com https://app.leadster.com.br https://www.clickcease.com https://*.cloudflare.com https://*.google-analytics.com https://fonts.googleapis.com https://*.projuris.com.br https://js.hs-scripts.com https://snap.licdn.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hs-banner.com https://forms.hubspot.com https://forms.hsforms.com https://api.hubapi.com https://js.hs-analytics.net https://js.hsforms.net https://*.clarity.ms https://js.usemessages.com https://unpkg.com/blip-chat-widget https://yoast.com/ https://js.hubspot.com/ https://js.hsleadflows.net/ https://assets.qeryz.net/ https://code.jquery.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://visualwebsiteoptimizer.com 2
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/5f78583775.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.2.2/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/is-in-viewport/3.0.4/isInViewport.min.js https://cdnjs.cloudflare.com/ajax/libs/autosize.js/5.0.1/autosize.min.js https://cdnjs.cloudflare.com/ajax/libs/sharer.js/0.5.1/sharer.min.js https://email.efex.com.au/resources/sharing/embed.js https://unpkg.com/@lottiefiles/lottie-player@1.6.0/dist/lottie-player.js https://www.googletagmanager.com/gtag/js https://unpkg.com/@lottiefiles/lottie-interactivity@1.6.2/dist/lottie-interactivity.min.js https://vimeo.com/api/oembed.json https://f.vimeocdn.com/p/4.25.13/js/player.module.js https://f.vimeocdn.com/p/4.25.13/js/vendor.module.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js https://www.gstatic.com/eureka/clank/117/cast_sender.js https://f.vimeocdn.com/p/4.25.13/js/player.module.js https://f.vimeocdn.com/p/4.25.13/js/vendor.module.js https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.gstatic.com/cast/sdk/libs/sender/1.0/cast_framework.js  https://www.gstatic.com/eureka/clank/117/cast_sender.js https://email.efex.com.au/assets/scripts/LandingPagesEmbedded1_2 https://email.efex.com.au/Resources/LandingPagesEmbedded/localised/strings.js https://www.googletagmanager.com/gtm.js https://unpkg.com/@lottiefiles/lottie-interactivity@latest/dist/lottie-interactivity.min.js https://www.vimeo.com/api/oembed.json https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/vt https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/infowindow.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/onion.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/marker.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/map.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/util.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/common.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/intl/en_gb/controls.js https://maps.googleapis.com/maps/api/js https://polyfill.io/v3/polyfill.min.js ; style-src 'report-sample' 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://kit.fontawesome.com/5f78583775.js; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-p.fontawesome.com https://kit-uploads.fontawesome.com https://www.google-analytics.com https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://email.efex.com.au https://player.vimeo.com https://r1.dotdigital-pages.com; img-src data: 'self' https://www.googletagmanager.com https://maps.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://i.vimeocdn.com https://lh3.ggpht.com https://lh3.ggpht.com https://i.vimeocdn.com/video/1568323917-4ccc690ec25da531eae5861e5c1a7b7c5b2d65f5ae8f2ac91fc18315e4d8471c-d; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; 2
frame-ancestors 'self' https://*.paperflite.com https://*.cleverstory.io https://*.iotbusiness-platform.com 2
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com fonts.googleapis.com *.tawk.to *.jsdelivr.net;font-src 'self' nyq4leycky5n94hcmplt3mpfla.speed-cdn.com 8bow6kipj8zg81psmtksyesya8.speed-cdn.com fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 2
default-src 'self' https://*.arvato-systems-media.net https://*.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://socialcloud.bertelsmann.com https://dl.edge-cdn.net https://edgecdnhd2-vh.akamaihd.net; script-src 'self' blob: https://*.bertelsmann.de https://*.bertelsmann.com  https://*.createyourowncareer.com https://*.video-cdn.net https://*.privacy-mgmt.com  https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://analytics.nionex.net http://analytics.nionex.net https://www.google-analytics.com https://www.googletagmanager.com https://maps.google.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://*.edge-cdn.net https://*.analytics.edgekey.net https://charts3.equitystory.com https://*.akamaihd.net https://www.youtube.com https://s.ytimg.com https://*.cookiebot.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' https://tr.main.bid-prod.technical-service.net https://maps.google.com https://*.video-cdn.net https://www.google.com https://*.ytimg.com https://maps.gstatic.com https://www.gstatic.com https://chart.apis.google.com https://maps.googleapis.com https://www.google-analytics.com http://*.becruiter.net https://*.becruiter.net https://bertelsmann-hr.de https://www.googletagmanager.com https://dl.edge-cdn.net https://translate.google.com https://translate.googleapis.com data:; media-src 'self' blob: https://videocdnvod1-vh.akamaihd.net https://edgecdnhd2-vh.akamaihd.net http://hd2vodbertel-vh.akamaihd.net https://*.cdn.edge-cdn.net https://*.edge-cdn.net http://*.edge-cdn.net https://*.video-cdn.net; style-src 'self' https://www.bertelsmann.com https://www.bertelsmann.de https://*.arvato-systems-media.net https://*.nionex.net https://translate.googleapis.com https://fonts.googleapis.com https://dl.edge-cdn.net 'unsafe-inline' data:; font-src 'self' https://fonts.googleapis.com https://*.video-cdn.net https://fonts.gstatic.com data:; frame-src * data: blob: https://*.cookiebot.com ; frame-ancestors 'self' https://digitalportfolio.bertelsmann.com https://*.bertelsmann.de https://*.bertelsmann.com; connect-src 'self' wss://*.bertelsmann.de https://licensing.bitmovin.com https://cdn.plyr.io https://*.video-cdn.net https://videocdnvod1-vh.akamaihd.net https://stats.g.doubleclick.net https://*.bertelsmann.de https://*.bertelsmann.com https://*.google-analytics.com https://ca.video-cdn.net https://dl.edge-cdn.net https://*.analytics.edgekey.net https://translate.googleapis.com https://*.cookiebot.com https://edgecdnhd2-vh.akamaihd.net 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://js.adsrvr.org https://ajax.googleapis.com https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.clarity.ms https://fast.wistia.com https://fast.wistia.net *.adobedtm.com *.dialogtech.com *.simpli.fi *.doubleclick.net *.kickfire.com *.googletagmanager.com *.licdn.com *.facebook.com https://apps.usw2.pure.cloud  cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://polyfill.io https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 2
object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests 2
frame-ancestors https://admin.devby.io https://devby.io 2
frame-ancestors https://www.thefabulous.co https://*.thefabulous.co 2
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: 2
frame-ancestors 'self' wishaudit.com callmacro.com CommandStock.com charityfruit.com earlyshore.com DailyOwner.com EcoDefine.com loveoutput.com InterHonor.com proxysmile.com frontsmile.com AskCold.com cresttoday.com WorkCold.com metalcyber.com mb8box.com 2
default-src https: 'unsafe-inline' 2
default-src http: data: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' https://googleads.g.doubleclick.net/ https://www.google.com/ads/user-lists/ https://www.google.hu/ads/user-lists/ https://tpc.googlesyndication.com/safeframe/ https://www.youtube.com/embed/ https://server.infinety.hu/ https://*.safeframe.googlesyndication.com/safeframe/ ;                                     img-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://googleads.g.doubleclick.net/ https://www.google.com/ads/ https://www.google.hu/ads/ https://csi.gstatic.com/ https://maps.googleapis.com/maps/ https://googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ blob: 'self' https://ad.adverticum.net/banners/ https://ssl.google-analytics.com/ https://www.facebook.com/tr/ https://ap.lijit.com/ https://u.btserve.com/ https://ad-delivery.net/ https://www.facebook.com/ data: https://www.w3.org/2000/svg/ https://dmp.adform.net/dmp/profile/ https://x.bidswitch.net/ https://ad-delivery.net/px.gif https://tpc.googlesyndication.com/ https://securepubads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://pagead2.googlesyndication.com/ blob: 'self' https://cm.g.doubleclick.net/ https://d5p.de17a.com/ https://sync.clickonometrics.pl/ https://ib.adnxs.com/ https://mq.wp.pl/ https://s1.adform.net/ https://adx.adform.net/ https://u.btserve.com/ data: https://www.w3.org/2000/svg/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://www.google.com/pagead/ https://optimize.google.com/ https://nemzeticegtar.hu/files/ https://www.nemzeticegtar.hu/files/  https://www.google.co.uk/ https://nctteszt.opten.hu/ https://admin.nemzeticegtar.hu/ https://i.imgur.com/ https://widget.molin.ai/ ;                                     style-src 'self' https: 'unsafe-inline' https://maxcdn.bootstrapcdn.com/font-awesome/ https://fonts.googleapis.com/ https://ad.adverticum.net/banners/ https://static.hotjar.com/ https://optimize.google.com/ ;                                     font-src 'self' https://fonts.gstatic.com/stats/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://themes.googleusercontent.com/static/fonts/lato/ https://script.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://optimize.google.com/ https://cdnjs.cloudflare.com/ajax/libs/ ;                                     script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.google.com/recaptcha/api.js https://maps.google.com/maps/api/ https://maps.google.com/ https://maps.googleapis.com/ https://googleapis.com/ https://ad.adverticum.net/g3.js https://ls.hit.gemius.pl/ https://hu.hit.gemius.pl/xgemius.js https://www.googletagmanager.com https://ad.adverticum.net/g3.js https://www.googletagmanager.com/ https://static.hotjar.com/ https://optimize.google.com/ https://connect.facebook.net/en_US/fbevents.js https://unpkg.com/@dotlottie/player-component@latest/dist/dotlottie-player.mjs blob: 'self';                                     connect-src 'self' https://settings.luckyorange.net/ https://track.adform.net/ wss://in.visitors.live/socket.io/ wss://visitors.live/socket.io/ https://ad.adverticum.net/ https://fastlane.rubiconproject.com/a/api/fastlane.json https://adx.adform.net/adx/ https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://csi.gstatic.com/ https://*.hotjar.com/ wss://*.hotjar.com/ https://vc.hotjar.io/ https://pagead2.googlesyndication.com/ https://script.4dex.io/adagio.js https://ice.360yield.com/ https://prg.smartadserver.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://www.google-analytics.com/ https://static.hotjar.com/ https://content.hotjar.io/ https://region1.google-analytics.com/ https://*.doubleverify.com/ https://region1.analytics.google.com/ https://maps.googleapis.com/ wss://molin.ai/ https://eu.posthog.com/ https://assets5.lottiefiles.com/ https://pheu.molin.ai/ https://lottie.host/18ceabf4-51c0-410e-8bce-1e1ee2924c57/gb9fKyPMO2.json https://widget.molin.ai/ ;                                     frame-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://www.google.hu/ads/user-lists/ https://maps.googleapis.com/ https://googleapis.com/ https://tpc.googlesyndication.com/ https://ls.hit.gemius.pl/ https://www.youtube.com/embed/ https://occsz.e-cegjegyzek.hu/ https://server.infinety.hu/ https://vars.hotjar.com/ https://static.hotjar.com/ https://w35.hotjar.com/ https://*.safeframe.googlesyndication.com/ https://*.doubleverify.com/ https://*.rubiconproject.com/ https://*.criteo.com/ https://www.google.com/maps/ https://optimize.google.com/ ;                                     worker-src 'self' https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/ https://bid.g.doubleclick.net/ https://www.google.hu/ads/user-lists/ https://ls.hit.gemius.pl/ https://ad.adverticum.net/external/ https://ad.adverticum.net/banners/ https://occsz.e-cegjegyzek.hu/ https://www.youtube.com/embed/ https://www.facebook.com/tr/ https://static.hotjar.com/ https://sparbanner.kolrus.cloud/ ;                                     media-src https://sparbanner.kolrus.cloud/ https://static.hotjar.com/ https://server.infinety.hu/ https://molin.ai/ ; 2
frame-ancestors 'self' *.1und1.de *.1und1.com profiseller.de *.profiseller.de *.1and1.com dsl.gmx.de dsl.web.de 1und1-premiumpartner.de *.1und1-premiumpartner.de 1und1-partner.de *.1und1-partner.de 1und1-mm.de *.1und1-mm.de 1und1-hostingpartner.de *.1und1-hostingpartner.de 1und1-freenet.de *.1und1-freenet.de *.mouseflow.com *.1und1.cloud; 2
default-src *; font-src * data:; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline' 2
default-src 'self' *.amazonaws.com;script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;style-src 'self' 'unsafe-inline' *.teliacompany.com *.google.com *.humany.net *.googleapis.com *.gstatic.com *.amazonaws.com;connect-src 'self' *.google-analytics.com *.googletagmanager.com *.amazonaws.com *.humany.net *.google.com *.google.se *.resursbank.se *.resursbank.no *.resursbank.dk *.resursbank.fi *.resurs.com *.integration.resurs.com *.doubleclick.net *.googleapis.com *.amplitude.com *.teliacompany.net *.resurs.loc *.ellos.resursbank.24hr.se wss://*.resurs.se wss://*.resurs.fi wss://*.resurs.dk wss://*.resurs.no *.hotjar.io widget.datablocks.se *.mfn.se;form-action 'self';frame-ancestors 'self';frame-src 'self' *.youtube.com player.vimeo.com *.google.com *.teliacompany.com resurs.onfluid.dk *.doubleclick.net *.office365.com *.googletagmanager.com;child-src 'self';font-src * data:;object-src 'none';manifest-src 'self' 'unsafe-inline' data:;upgrade-insecure-requests 2
connect-src 'self' inetchat.zoner.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com www.google-analytics.com *.smartlook.cloud *.doubleclick.net https://web.facebook.com https://www.facebook.com https://manychat.com https://socialplugin.facebook.net *.google-analytics.com https://search.zonercloud.cz https://*.clarity.ms https://www.google.com https://pagead2.googlesyndication.com https://cdn.linkedin.oribi.io adservice.google.com www.google.cz *.analytics.google.com px.ads.linkedin.com;default-src 'self' www.google-analytics.com www.google.com inetchat.zoner.com;font-src 'self' fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com www.google.cz www.google.com inetchat.zoner.com www.facebook.com c.imedia.cz http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.inpage.cz https://www.inpage.sk https://c.seznam.cz https://i.ytimg.com *.twitter.com https://seal.digicert.com ad.czechia.com  api.thegreenwebfoundation.org www.abuseipdb.com www.googletagmanager.com https://px.ads.linkedin.com https://c.bing.com https://c.clarity.ms www.google.sk www.google.es www.google.de www.google.sn;manifest-src 'self';script-src 'self' 'unsafe-inline' data: www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googleadservices.com www.googletagmanager.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz connect.facebook.net c.imedia.cz rec.smartlook.com *.twitter.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://seal.digicert.com ad.czechia.com https://c.seznam.cz https://widget.manychat.com https://mccdn.me www.clarity.ms https://search.zonercloud.cz https://snap.licdn.com https://*.clarity.ms 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com;frame-ancestors 'none';form-action 'self' admin.czechia.com admin.slovaknet.sk *.csob.cz;base-uri 'self';object-src 'none';frame-src 'self' *.inpage.cz *.inpage.sk *.inpageweb.com www.youtube.com www.google.com maps.google.com inetchat.zoner.com partner.zonercloud.sk partner.zonercloud.cz https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.twitter.com www.metercustom.net https://web.facebook.com https://www.facebook.com *.doubleclick.net https://docs.google.com;report-uri /csp-report-endpoint; 2
default-src 'none'; script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com static.ads-twitter.com s.yimg.com *.usercentrics.eu public.flourish.studio/resources/embed.js csi.gstatic.com cdn.parsely.com *.doubleclick.net *.googlesyndication.com *.googletagservices.com platform.twitter.com/ platform.instagram.com/ www.instagram.com/embed.js www.threads.net/embed.js www.tiktok.com/embed.js lf16-tiktok-web.tiktokcdn-us.com/ www.facebook.com/ www.youtube.com/ ak.sail-horizon.com *.celtra.com *.heapanalytics.com heapanalytics.com *.doubleverify.com *.infogram.com 'unsafe-inline' 'unsafe-eval' ; worker-src 'self' blob: ; frame-src www.google.com/recaptcha/ www.youtube.com/iframe_api/ www.youtube.com/embed/ www.googletagmanager.com boards.greenhouse.io tr6.snapchat.com tr.snapchat.com fcm.quick1fr.com *.usercentrics.eu *.googlesyndication.com *.doubleclick.net *.googletagservices.com platform.twitter.com/ www.instagram.com/ www.tiktok.com/ www.facebook.com/ www.linkedin.com/ www.threads.net/ flo.uri.sh/ datawrapper.dwcdn.net/ www.googleadservices.com *.twitch.tv *.infogram.com ; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com heapanalytics.com *.googletagmanager.com ; font-src 'self' cdn.robinhood.com data: fonts.gstatic.com *.celtra.com heapanalytics.com *.auryc.com ; media-src 'self' cdn.robinhood.com *.usercentrics.eu *.celtra.com ; img-src 'self' images.robinhood.com cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net i.ytimg.com/vi/ images.ctfassets.net/5ft2qdzfrz9o/ images.ctfassets.net/mwphzyq69oso/ images.ctfassets.net/fomw95h5b4ty/ images.ctfassets.net/lnmc2aao6j57/ www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com tr.snapchat.com tr6.snapchat.com bat.bing.com googleads.g.doubleclick.net data: alb.reddit.com analytics.twitter.com t.co sp.analytics.yahoo.com *.usercentrics.eu blob: * ; frame-ancestors 'self' ; manifest-src 'self' cdn.robinhood.com ; connect-src 'self' robinhood.com *.robinhood.com *.apollo.rhinternal.net www.google-analytics.com stats.g.doubleclick.net bat.bing.com/actionp/ us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink ssl.google-analytics.com analytics.google.com sentry.io o62437.ingest.sentry.io www.googletagmanager.com tagmanager.google.com analytics.tiktok.com boards-api.greenhouse.io preview.contentful.com cdn.contentful.com s.yimg.com *.usercentrics.eu api.instagram.com/ mjml-api.apollo.rhinternal.net *.parsely.com *.doubleclick.net *.googlesyndication.com api.sail-personalize.com api.sail-track.com csi.gstatic.com *.celtra.com api.sailthru.com heapanalytics.com *.auryc.com *.google.com *.doubleverify.com ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o62437.ingest.sentry.io/api/1336410/security/?sentry_key=dadc326d25814a55b5486cb04f439a29; base-uri 'self' 2
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; 2
frame-ancestors 'self' https://*.ostfalia.de https://*.sonia.de 2
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com 'unsafe-inline' 'unsafe-eval' app.tuotempo.com https://unpkg.com https://tpc.googlesyndication.com *.clinicaalemana.cl *.omnitok.com https://esencial.omnitok.com esencial.omnitok.com edz87dzoqc.execute-api.us-east-1.amazonaws.com *.googleoptimize.com *.salesforceliveagent.com *.salesforce.com service.force.com *.force.com *.googletagmanager.com https://js.captcha-display.com https://js.datadome.co w.usabilla.com *.usabilla.com *.auth0.com alemana-poc.auth0.com cdn.auth0.com *.cloudfront.net static.zdassets.com v2.zopim.com *.fontawesome.com *.doubleclick.net *.adnxs.com *.mathtag.com *.googleadservices.com *.hotjar.com www.alemana.cl *.alemana.cl *.lfi.cl *.jquery.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://www.youtube.com/iframe_api *.google.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.contactshub.cl:* https://contactshub.cl:* contactshub.cl/sdk.js.php https://sdk.examedi.com:* cdnjs.cloudflare.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.aspnetcdn.com *.fontawesome.com *.google.com *.alemana.cl *.lfi.cl *.jquery.com use.fontawesome.com *.cloudfront.net *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://dec.azureedge.net tagmanager.google.com web-chat.nativechat.com https://cdn.insight.sitefinity.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.salesforceliveagent.com *.salesforce.com *.force.com *.fontawesome.com * googleads.g.doubleclick.net *.google.cl *.alemana.cl stats.g.doubleclick.net *.google.com *.youtube.com www.google.com s3alemana.s3.amazonaws.com *.s3.amazonaws.com lfi.lfi.cl *.lfi.cl alemana.cl www.alemana.cl i.stack.imgur.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.google-analytics.com https://dec.azureedge.net https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cloudfront.net web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: c1.sfdcstatic.com d6tizftlrpuof.cloudfront.net *.hotjar.com v2.zopim.com *.fontawesome.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com; frame-src 'self' portal.alemana.cl * *.clinicaalemana.cl *.lfi.cl *.alemana.cl https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io web-chat.nativechat.com; connect-src 'self' accounts.google.com *.google-analytics.com app.tuotempo.com www.google.com adservice.google.com solicat.calemanatemuco.cl *.clinicaalemana.cl portal-backend-dev.clinicaalemana.cl *.amazonaws.com c9a41d223g.execute-api.us-east-1.amazonaws.com somosesencial.cl www.somosesencial.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com *.force.com uat-chatservicepoc.cs214.force.com *.alemana.io gtw-prod.alemana.io gtw-dev.alemana.io https://analytics.google.com https://www.facebook.com https://www.googletagmanager.com https://cdn.ampproject.org wss://*.hotjar.com https://accounts.spotify.com https://api.spotify.com https://api-js.datadome.co api.usabilla.com *.cloudfunctions.net *.fontawesome.com *.auth0.com *.cloudfront.net *.alemana.cl wss://widget-mediator.zopim.com ekr.zdassets.com ws1.hotjar.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net www.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://*.dec.sitefinity.com *.mktoresp.com https://api.sbif.cl:* *.contactshub.cl:* wss://sofix6xmbk.execute-api.us-east-1.amazonaws.com https://*.insight.sitefinity.com; media-src 'self' data: blob: *.cloudfront.net; child-src 'self' blob: www.clinicaalemanatemuco.cl *.clinicaalemana.cl *.mathtag.com *.hotjar.com *.alemana.cl *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com web-chat.nativechat.com; frame-ancestors 'self' *.clinicaalemana.cl edz87dzoqc.execute-api.us-east-1.amazonaws.com alemana.cl *.alemana.cl portal.alemana.cl somosesencial.cl www.somosesencial.cl https://www.somosesencial.cl/ 2
frame-ancestors 'self' https://fuse.pav.portals.swisslife.ch https://fuse.portals.swisslife.ch https://www.swisslife.ch 2
default-src 'self' multibanner.net *.multibanner.net redclick.ru *.redclick.ru my.pusk.ua adlabs-mobile.ru *.adlabs-mobile.ru clickio.com *.clickio.com adlabs.ru *.adlabs.ru adlabsnetworks.com *.adlabsnetworks.com adlabsnetworks.ru googleapis.com googletagmanager.com gstatic.com *.google-analytics.com clickiocmp.com luxup.ru luxadv.com luxupcdna.com luxupcdnb.com luxupcdnc.com luxupadva.com luxupadvb.com luxupadvc.com luxup2.ru hubspot.com js.hs-scripts.com js.hscollectedforms.net luxcdn.com fonts.gstatic.com *.online.tableau.com *.luxup.ru *.tipalti.com *.googleapis.com www.google.com www.gstatic.com datastudio.google.com *.dev.luxup.ru *.adlabs-retail.ru adlabs-retail.ru  www.googleadservices.com 'unsafe-inline' 'unsafe-eval' 2
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com https://platform.twitter.com https://www.linkedin.com https://indd.adobe.com https://syndication.twitter.com/; font-src *; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://imtcast.imt.fr/ https://haltools.archives-ouvertes.fr/ https://indd.adobe.com/ https://barometredelascienceouverte.esr.gouv.fr/ https://www.rcf.fr https://platform.twitter.com https://www.linkedin.com https://syndication.twitter.com/ https://v.calameo.com/; img-src *; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com region1.google-analytics.com stats.g.doubleclick.net www.google-analytics.com https://www.youtube.com/ https://cdn.jsdelivr.net https://platform.linkedin.com https://www.linkedin.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://platform.twitter.com https://polyfill.io localhost:35729 yui.yahooapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.imt-atlantique.fr/fr/report-uri/enforce 2
frame-ancestors 'self'; frame-src enovationgroup.com *.enovationgroup.com *.stuurlui.dev *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.ont.stuurlui.dev *.ontw.stuurlui.dev *.zaurus.io *.statuspage.io *.doubleclick.net 2
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: tel:; frame-ancestors 'self' https://*.glgresearch.com; frame-src 'self' *.buzzsprout.com https://*.marketo.com https://*.mktoresp.com https://*.google.com https://*.doubleclick.net https://*.zoominfo.com https://www.googletagmanager.com https://player.vimeo.com *.youtube-nocookie.com *.youtube.com *.greenhouse.io; report-uri https://external-webhooks.glgresearch.com/content-security-policy-logs/; 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com www.google-analytics.com www.googleoptimize.com optimize.google.com *.wayin.com *.mouseflow.com unpkg.com assets.adobedtm.com www.rockomni.com *.rocketmortgage.com api.lincx.com code.jquery.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net cdnjs.cloudflare.com optimize.google.com fonts.googleapis.com; font-src 'self' use.typekit.net www.rockomni.com cdnjs.cloudflare.com fonts.gstatic.com; img-src 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com optimize.google.com *.g.doubleclick.net *.google.com cm.everesttech.net *.cloudfront.net *.demdex.net; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.mouseflow.com *.rocketmortgage.com somni.rocketmortgage.com assets.adobedtm.com geometer.lincx.la *.demdex.net api.lincx.com somni.quickenloans.com somni.moneytips.com; frame-src 'self' *.wayin.com quicken.demdex.net optimize.google.com; 2
frame-ancestors 'self' https://app.adrianflux.co.uk https://www.bikesure.co.uk 2
default-src 'self'; base-uri 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; style-src * 'unsafe-inline' 2
style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com static.cinepolis.com stage-modernizacion.cinepolis.com fonts.googleapis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com tagmanager.google.com fonts.googleapis.com; font-src 'self' data: fonts.gstatic.com blob: api.mapbox.com events.mapbox.com; "default-src" 'script-src' 'self' stage.cinepolis.com static.cinepolis.com stage-modernizacion.cinepolis.com localhost tpc.googlesyndication.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com data: securepubads.g.doubleclick.net pagead2.googlesyndication.com google.com csi.gstatic.com analytics.google.com/g/collect www.google-analytics.com/collect www.google-analytics.com/j/collect www.google.com/ads/measurement/l stats.g.doubleclick.net/j/collect dynatrace.com js-cdn.dynatrace.com https://js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js https://bf87178acl.bf.dynatrace.com/ bf87178acl.bf.dynatrace.com https://js-cdn.dynatrace.com/ https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com google-analytics.com/ stage-modernizacion.cinepolis.com.gt/ https://www.google-analytics.com/g/collect; img-src 'self' https://www.facebook.com/* static.cinepolis.com tagmanager.com googletagmanager.com tpc.googlesyndication.com cinepolis.com stage.cinepolis.com data: mapbox-gl.com blob: api.mapbox.com events.mapbox.com ssl.gstatic.com securepubads.g.doubleclick.net google.com pagead2.googlesyndication.com www.google-analytics.com/collect www.google-analytics.com/j/collect www.google.com/ads/measurement/l www.googletagmanager.com/a googleads.g.doubleclick.net/pagead/interaction/ www.google.com/ads/ga-audiences www.google.com/ads/ga-audiences https://www.google.com.mx/ads/ga-audiences https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com *.twitter.com/* www.facebook.com/* www.facebook.com/tr/*; frame-src 'unsafe-eval' 'self' td.doubleclick.net securepubads.g.doubleclick.net tpc.googlesyndication.com static.cinepolis.com stage.cinepolis.com stage-modernizacion.cinepolis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com *.safeframe.googlesyndication.com safeframe.googlesyndication.com google.com www.google.com googleads.g.doubleclick.net/ https://8267269.fls.doubleclick.net/ 8267269.fls.doubleclick.net td.doubleclick.net; "script-src" 'unsafe-inline' 'unsafe-eval' 'self' tpc.googlesyndication.com googletagmanager.com cdnjs.cloudflare.com static.cinepolis.com code.jquery.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com pagead2.googlesyndication.com partner.googleadservices.com google-analytics.com apis.google.com google-analytics.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com securepubads.g.doubleclick.net tagmanager.google.com www.googletagmanager.com www.google-analytics.com/gtm/optimize.js www.google-analytics.com/analytics.js www.google-analytics.com/analytics.js adservice.google.com.mx/adsid/integrator.js www.google-analytics.com/plugins/ua/ec.js www.google-analytics.com/plugins/ua/linkid.js www.google-analytics.com/gtm/js www.google-analytics.com/collect www.google-analytics.com/j/collect adservice.google.com/adsid/integrator.js www.googletagservices.com/activeview/js/current/rx_lidar.js connect.facebook.net/en_US/fbevents.js js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js b.scorecardresearch.com/beacon.js analytics.tiktok.com/i18n/pixel/events.js assistant.woorank.com/hydra/assistantLoader.latest.js static.ads-twitter.com/uwt.js connect.facebook.net/signals/config/375285878099814 dynatrace.com js-cdn.dynatrace.com https://js-cdn.dynatrace.com/jstag/15c157a40ab/ruxitagent_A2NVfqru_10257221222094147.js https://bf87178acl.bf.dynatrace.com/ bf87178acl.bf.dynatrace.com https://js-cdn.dynatrace.com/ https://sb.scorecardresearch.com/ sb.scorecardresearch.com *.dynatrace.com *.facebook.net/* connect.facebook.net/*; worker-src 'unsafe-eval' 'unsafe-inline' 'self' mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com; frame-ancestors tpc.googlesyndication.com static.cinepolis.com stage.cinepolis.com stage-modernizacion.cinepolis.com mapbox-gl.com blob: api.mapbox.com events.mapbox.com youtube.com www.youtube.com service.force.com d.la4-c2cs-dfw.salesforceliveagent.com cinepolisdevops--devops.my.salesforce.com d.la2-c1-ph2.salesforceliveagent.com d.la1-c1-ia4.salesforceliveagent.com; object-src 'none'; 2
upgrade-insecure-requests;                                                                        default-src 'none';                                                                                            base-uri 'self';                                                                                           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.alsace.eu/ https://t-stats.alsace.eu/ https://cdn.ampproject.org/ https://www.googletagmanager.com/ https://ajax.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.syndication.twimg.com https://platform.twitter.com;                   img-src 'self' https://www.alsace.eu/ https://www.googletagmanager.com/ https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://tile.openstreetmap.org/ https://a.tile.openstreetmap.fr https://b.tile.openstreetmap.fr https://c.tile.openstreetmap.fr  https://img.youtube.com data:;                   media-src 'self';                                                                          frame-src 'self' https://livemap.getwemap.com/ https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com;                   frame-ancestors 'self';                                                                            font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.bas-rhin.fr;                   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/;                   form-action 'self' ;                   connect-src  'self' https://stats.alsace.eu/ https://t-stats.alsace.eu/  https://wxs.ign.fr/calcul/ols/apis/completion https://data.geopf.fr/geocodage/completion https://platform.twitter.com/ https://api-adresse.data.gouv.fr/ https://nominatim.openstreetmap.org/;                   manifest-src 'self';                   child-src 'self' https://player.vimeo.com/ https://platform.twitter.com https://www.youtube.com https://www.google.com;                   object-src 'self';              report-uri /_csp; 2
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://munchkin.marketo.net *.eloqua.com https://js.hs-scripts.com https://js.hs-analytics.net *.en25.com https://contents-calculator.swintonassets.uk/ https://accident-map.swintonassets.uk/ https://api.tiles.mapbox.com https://burglary-map.swintonassets.uk https://crime-map.swintonassets.uk https://complaintsform.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://quiz.tryinteract.com/ https://api.contents-calculator.swintonassets.uk https://infographic.swintonassets.uk https://flo.uri.sh/ https://www.youtube.com/ https://chat.atlantagroup.co.uk/ https://prod.respondselfserve.com https://www.google-analytics.com/ https://www.google.co.uk https://schema.org https://ict.infinity-tracking.net https://track.omguk.com https://googleleads.g.doubleclick.net https://9210165.fls.doubleclick.net https://secure.adnxs.com/px https://secure.quantserve.com/ https://rules.quantcount.com/ https://ppc.swintonassets.uk https://connect.facebook.net/ https://script.crazyegg.com/ https://errors-tracking.crazyegg.com https://tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://acsbap.com/apps/ https://acsbapp.com/apps/ https://secure.servicetick.com/ https://widget.trustpilot.com https://register.feefo.com/ https://bat.bing.com/ https://script.infinity-tracking.com https://googleads.g.doubleclick.net https://edge.quantserve.com https://cdn-launching.servicetick.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://rules.quantcount.com https://pixel.quantserve.com https://pagead2.googlesyndication.com https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://code.jquery.com https://almanac.jaywing.com https://mazda.almanac.jaywing.com https://*.civiccomputing.com https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://www.clarity.ms https://static.hotjar.com https://script.hotjar.com *.helpshift.com *.defaqto.com https://www.youtube-nocookie.com https://swintonchat.widget.custhelp.com https://dqm.crownpeak.com https://swintonchat.custhelp.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.rnengage.com https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.autonetinsurance.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://js.smct.co https://smct.io https://js.smct.io 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://use.fontawesome.com https://fast.fonts.net https://cdn-launching.servicetick.com https://ppc-v3.swintonassets.uk *.swintonassets.uk https://optimize.google.com https://fonts.googleapis.com https://swintonchat.widget.custhelp.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ https://snippet.maze.co/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk *.autonetinsurance.co.uk 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.dec.sitefinity.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleads.g.doubleblick.net https://*.googleadservices.com https://*.googletagservices.com https://*.googlesyndication.com https://*.app-measurement.com *.eloqua.com https://track.hubspot.com https://bat.bing.com https://secure.adnxs.com https://ad.doubleclick.net https://pxl.qccerttest.com https://pixel.quantserve.com https://cm.g.doubleclick.net https://ib.adnxs.com https://us-u.openx.net https://stags.bluekai.com https://dpm.demdex.net https://idsync.rlcdn.com https://ups.analytics.yahoo.com https://dsum-sec.casalemedia.com https://ce.lijit.com https://x.bidswitch.net https://beacon.krxd.net https://rtb-csync.smartadserver.com https://sync.search.spotxchange.com https://aa.agkn.com https://e1.emxdgt.com https://sync.crwdcntrl.net https://eb2.3lift.com https://sync.1rx.io https://cs.lkqd.net https://sync.taboola.com https://quantcast.partners.tremorhub.com https://sync.teads.tv https://sync.outbrain.com https://router.infolinks.com https://cms.quantserve.com https://ad.yieldlab.net https://web1.acsbapp.com https://adservice.google.com *.entirecoverinsurance.co.uk https://script.hotjar.com https://www.hotjar.com https://www.google-analytics.com https://optimize.google.com https://track.omguk.com https://www.rnengage.com https://www.carolenash.com https://public.flourish.studio *.just-motorcycleinsurance.com *.autonetinsurance.co.uk *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://googletagmanager.com https://google.com https://google.co.uk https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://static.hotjar.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://api.tiles.mapbox.com https://maxcdn.bootstrapcdn.com/ 'unsafe-inline' https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://cdn.smct.co https://smct.io https://cdn.smct.io https://px.smct.co https://px.smct.io https://ep.smct.co https://ep.smct.io https://snippet.maze.co/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com https://acsbapp.com https://script.hotjar.com https://fast.fonts.net https://fonts.gstatic.com https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://fonts.smct.co https://fonts.smct.io https://snippet.maze.co/; frame-src https://widget.trustpilot.com https://prod.respondselfserve.com https://*.doubleclick.com https://*.doubleclick.net https://*.googlesyndication.com https://www.youtube.com https://www.facebook.com *.defaqto.com *.wirewax.com https://*.helpshift.com https://player.vimeo.com https://optimize.google.com https://datawrapper.dwcdn.net https://flo.uri.sh/ *.carolenash.com *.carolenash.ie *.swinton.co.uk *.wearemarmalade.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.entirecoverinsurance.co.uk *.insurance4carhire.com *.bewiser.co.uk *.mackenziehodgson.co.uk *.expressbikeinsurance.com *.paymentshield.co.uk *.insurance.harley-davidson.uk *.atlantagroup.co.uk https://static.hotjar.com https://script.hotjar.com https://www.youtube-nocookie.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://api.contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://maxcdn.bootstrapcdn.com/ *.autonetinsurance.co.uk https://dynamic.criteo.com https://dynamic.criteo.net https://smct.co https://smct.io https://ls.smct.co https://ls.smct.io https://d2d7do8qaecbru.cloudfront.net https://www.veed.io/ 'self' web-chat.nativechat.com; connect-src accounts.google.com https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.mktoresp.com chat.atlantagroup.co.uk https://cdn.acsbapp.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://ict.infinity-tracking.net https://googleads4.g.doubleclick.net *.mackenziehodgson.co.uk *.justmotorinsurance.com *.just-motorcycleinsurance.com *.expressbikeinsurance.com *.insurance.harley-davidson.uk *.carolenash.com *.carolenash.ie *.atlantagroup.co.uk *.safeguarduk.co.uk *.scenicinsurance.co.uk *.swinton.co.uk *.insurance4carhire.com *.comparemybikeinsurance.com *.kdbmedicals.co.uk https://nas.lon.infinity-tracking.net https://*.civiccomputing.com https://*.google.com https://*.google.co.uk https://*.doubleclickbygoogle.com https://*.doubleclick.com https://*.doubleclick.net https://*.googleadservices.com https://*.googletagservices.com https://*.app-measurement.com https://*.googlesyndication.com https://a.clarity.ms https://vc.hotjar.io https://pixel.quantcount.com https://api.crownpeak.net *.entirecoverinsurance.co.uk https://surveystats.hotjar.io https://content.hotjar.io wss://wsp27.hotjar.com wss://ws.hotjar.com https://analytics.paymentshield.co.uk *.autonetinsurance.co.uk *.paymentshield.co.uk *.wearemarmalade.co.uk *.bewiser.co.uk https://doubleclick.net https://dai.google.com https://adsense.google.com https://adsense.google.co.uk https://region1.app-measurement.com https://eu.app-measurement.com https://script.crazyegg.com https://errors-tracking.crazyegg.com https://hud.crazyegg.com https://vector.crazyegg.com https://ftrk.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://sampling-ratio.crazyegg.com https://sample-api-v2.crazyegg.com https://accident-map.swintonassets.uk https://complaintsform.swintonassets.uk https://ppc-v3.swintonassets.uk https://ppc-v2.swintonassets.uk https://ppc.swintonassets.uk https://claimsform.swintonassets.uk https://oyd.swintonassets.uk https://contents-calculator.swintonassets.uk https://burglary-map.swintonassets.uk https://infographic.swintonassets.uk https://crime-map.swintonassets.uk https://script.hotjar.com https://hotjar.io https://api.contents-calculator.swintonassets.uk https://smct.co https://js.smct.co https://smct.io https://js.smct.io https://ipb.smct.co https://ipb.smct.io https://cfg.smct.co https://cfg.smct.io https://ep.smct.co https://ep.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://acsbapp.com https://acsbap.com https://api.maze.co/ https://prompts.maze.co/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://player.vimeo.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 2
script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com; style-src * data: blob: 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; img-src * data: blob: 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src * data: blob: 'unsafe-inline' https://fonts.gstatic.com; frame-src * data: blob: https://optimize.google.com; 2
frame-ancestors http://*.campogrande.ms.gov.br 2
default-src 'self'; style-src 'self' 'unsafe-inline'; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.facebook.net static.ads-twitter.com snap.licdn.com sc-static.net *.pubble.io *.snapchat.com *.doubleclick.net *.googleadservices.com *.googleapis.com *.gstatic.com unpkg.com *.google.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io cdn.jsdelivr.net *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.googleapis.com *.gstatic.com unpkg.com *.google.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io *.pubble.io cdn.jsdelivr.net *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: *.google.co.uk *.google.com *.google.ie *.pubble.io *.facebook.com *.snapchat.com *.ads.linkedin.com analytics.twitter.com t.co *.doubleclick.net *.google.co.in *.linkedin.com *.g.doubleclick.net *.google.es *.googleapis.com *.gstatic.com unpkg.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io cdn.jsdelivr.net secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com i.ytimg.com www.googletagmanager.com; connect-src 'self' *.google-analytics.com cdn.cookielaw.org noembed.com *.onetrust.com cdn.plyr.io yoast.com *.snapchat.com tr.snapchat.com *.google.com *.google.co.uk *.pubble.io *.linkedin.com *.facebook.com *.googlesyndication.com *.doubleclick.net *.google.ie *.google.co.in adservice.google.com *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: *.googleapis.com *.gstatic.com unpkg.com *.google.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io *.pubble.io cdn.jsdelivr.net data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' *.googleapis.com *.gstatic.com unpkg.com *.google.com *.cookielaw.org cdn.plyr.io *.onetrust.com cdn.pubble.io *.pubble.io cdn.jsdelivr.net; frame-src 'self' www.google.com www.yumpu.com blob: *.snapchat.com *.doubleclick.net *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' blob: *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn01l.vaillant-group.com *.adalyser.com *.adform.com *.adform.net *.adroll.com *.bing.com *.consentmanager.net *.contentsquare.net *.criteo.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.googleapis.com *.google.com *.google.de *.gstatic.com *.hotjar.com *.ibm.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.presage.io *.serving-sys.com *.taboola.com *.youtube.com *.zenloop.com a.mgid.com acdn.adnxs.com c.seznam.cz c1.rfihub.net cdn.inis360.com cdn.oribi.io cloudrizon.formstack.com graph.facebook.com heizungonline.vaillant.de io.fusedeck.net mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offer.vaillant.be offre.bulex.be popup.campaign.playable.com preventivi.vaillant.it s.pinimg.com s.yimg.com snap.licdn.com static.ads-twitter.com static.cleverpush.com static.criteo.net tags.creativecdn.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud verkoopkansen.vaillant.nl widget.trustpilot.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.recaptcha.net www.instalxpert.be; connect-src 'self' ws: *.analytics.google.com *.clarity.ms *.contentsquare.net *.criteo.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.hotjar.com *.hotjar.io *.linkedin.com *.loyjoy.com *.optimizely.com *.outbrain.com *.pinterest.com *.serving-sys.com *.taboola.com ams.creativecdn.com api.cleverpush.com capi.vaillant.es heizungonline.vaillant.de ib.adnxs.com mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offre.bulex.be offer.vaillant.be preventivi.vaillant.it s.yimg.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud verkoopkansen.vaillant.nl; style-src 'self' 'unsafe-inline' *.zenloop.com cdn01l.vaillant-group.com cloudrizon.formstack.com heizungonline.vaillant.de toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offer.vaillant.be offre.bulex.be preventivi.vaillant.it toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud verkoopkansen.vaillant.nl www.instalxpert.be; img-src 'self' blob: data: *.adalyser.com *.adform.net *.adroll.com *.bidswitch.net *.bing.com *.clarity.ms *.consentmanager.net *.contentsquare.net *.doubleclick.net *.facebook.net *.facebook.com *.g.doubleclick.net *.google.de *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.loyjoy.com *.outbrain.com *.presage.io *.pubmatic.com *.taboola.com a.mgid.com a.twiago.com ad.360yield.com ad.yieldlab.net cdn01l.vaillant-group.com contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv e1.emxdgt.com eb2.3lift.com exchange.mediavine.com dis.criteo.com dpm.demdex.net dsum-sec.casalemedia.com gum.criteo.com hb.yahoo.net heizungonline.vaillant.de ib.adnxs.com id5-sync.com jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com mes-devis.saunierduval.fr mkt.saunierduval.es mkt.vaillant.es mojklient.vaillant.pl toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud offerte.bulex.be offre.bulex.be offer.vaillant.be pixel.rubiconproject.com preventivi.vaillant.it rtb-csync.smartadserver.com r.casalemedia.com res.cloudinary.com server.seadform.net sp.analytics.yahoo.com static.cleverpush.com sync-criteo.ads.yieldmo.com us-u.openx.net ups.analytics.yahoo.com verkoopkansen.vaillant.nl visitor.omnitagjs.com; font-src 'self' data: *.loyjoy.com cdn01l.vaillant-group.com heizungonline.vaillant.de mes-devis.saunierduval.fr mojklient.vaillant.pl offerte.bulex.be offre.bulex.be offer.vaillant.be preventivi.vaillant.it script.hotjar.com toolbox.be-bulex.live-2.vaillant.neoskop.cloud toolbox.it-vaillant.development.heatingonline.cloud toolbox.it-vaillant.staging.heatingonline.cloud verkoopkansen.vaillant.nl; object-src 'none'; base-uri 'self'; form-action 'self' eshopspares.protherm.sk pontbevaltas.saunierduval.hu self-service.vaillant.de shop.vaillant.at http://sso.wigam.com sso.wigam.com https://sso.wigam.com:8016 http://www.columbusconnect.it *.columbusconnect.it *.officego.de *.plansoft-online.de *.saunierduval.es *.vaillant.es *.vaillant-group.com; frame-src 'self' *.adroll.com *.adform.net *.captivate.fm *.consentmanager.net *.criteo.com *.doubleclick.net *.g.doubleclick.net *.google.com *.oplead.com *.pinterest.com *.rfihub.com *.saunierduval-piecedetachee.fr *.saunierduval.es *.vaillant-systeme.de *.vaillantkotle.cz *.vaillant.es *.vaillant.ua aides.saunierduval.fr ams.creativecdn.com apps.vaillantgroup.org bayi.demirdokum.net cat.vaillant.it cat.hermann-saunierduval.it cerpadla.protherm.cz cloud.at.vgmarketingcloud.com contotermicovaillant.vaillantgroup.it contotermicohsd.vaillantgroup.it epaper.paper2web.ch fiches-qce.saunierduval.fr foerdermittelsuche.betatool.de form.jotform.com forms.iframes-saunierduval.es gutschein.vaillant.de identity.vaillant-group.com iframe.vaillantbayiminternette.com iqg.vaillant.com kotle.protherm.cz mapapartnerov.protherm.sk marktraum.betatool.de mkt.saunierduval.es optimum.vaillant.at pompe-a-chaleur.saunierduval.fr portal.vaillant.ua powerfinder.vaillant.it powerfinder.hermann-saunierduval.it servis.demirdokum.net servis.protherm.sk share-eu1.hsforms.com simulator.vaillant.com tarif-public.saunierduval.fr tools.vaillant.nl ucretsizkesif.demirdokum.com.tr urunler.demirdokum.com.tr vaillant.cleverpush.com vaillant.cyber-time.at vaillantclub.vaillant.com.tr vaillant-group.campaign.playable.com vaillant-systeme.de vf.r3f.technology widget.trustpilot.com wpcalc.vaillant.ch wwwvaillantbe.mycleverpush.com www.foerderdata.at www.foerdermittelauskunft.de www.kalkulator-vaillant.pl www.mepcontent.com www.recaptcha.net www.youtube.com; upgrade-insecure-requests; 2
frame-src *.google.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net; 2
default-src 'self' data: blob:;script-src 'unsafe-eval' 'unsafe-inline' *.facebook.com *.fbcdn.net *.whatsapp.com *.whatsapp.net https://*.facebook.net 'self' data: blob:;style-src 'self' 'unsafe-inline' data: blob: * https://fonts.googleapis.com;connect-src 'self' https://*.whatsapp.com data: blob:;font-src https://*.fbcdn.net https://static.whatsapp.net data: https://fonts.gstatic.com;img-src *;frame-src whatsapp: 'self' data: blob:;block-all-mixed-content;upgrade-insecure-requests; 2
default-src 'self' https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' 'unsafe-inline' http: https: data: blob:; connect-src 'self' https: blob:; worker-src 'self' https: blob: 2
default-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/;  script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com/; img-src 'self' https://espmstorage.blob.core.windows.net/espm/ 2
“upgrade-insecure-requests� 2
policy 2
frame-ancestors 'self' https://*.prod.web.raqn.io https://*.ref.web.raqn.io https://*.test.web.raqn.io https://author-p30502-e100265.adobeaemcloud.com https://www.pattex.fr https://www.pattex.se https://www.pattex.nl https://www.pattex.it https://www.pattex.es https://www.pattex.de https://www.pattex.be https://www.pattex.at https://www.pattexarabia.com 2
default-src 'self'; frame-ancestors 'self' 2
frame-ancestors 'self' http://webvisor.com https://webvisor.com; 2
default-src 'unsafe-inline' 'unsafe-eval' https: data: 2
frame-ancestors 'self' https://www.escanav.com; 2
frame-src self *.microfocus.com *.ubembed.com *.opentext.com https://12964123.fls.doubleclick.net/ https://js.driftt.com https://bid.g.doubleclick.net https://optimize.google.com/ https://dev.visualwebsiteoptimizer.com https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://www.brighttalk.com/ https://bcove.video/ https://app.vwo.com https://www.googletagmanager.com https://microfocuspartner.force.com https://www.linkedin.com/ https://platform.twitter.com/ https://www.research.net https://irs.tools.investis.com/ https://players.brightcove.net/ https://otp.tools.investis.com/ https://microfocus-education.sabacloud.com https://recaptcha.net https://html5-player.libsyn.com/ http://demo.havendemo.com/ https://open.spotify.com https://player.vimeo.com/; frame-ancestors self *.microfocus.com *.opentext.com https://microfocus.lookbookhq.com https://microfocus-education.sabacloud.com https://recaptcha.net https://microfocuspartner.force.com; 2
frame-ancestors ‘self’ 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:; 2
frame-ancestors 'self' https://nielsensports.com https://www.qa.nielsen.com https://develop.nielsen.com 2
frame-ancestors 'self' https://*.voya.com https://mybetterworld.es https://*.mybetterworld.es; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; base-uri 'none'; 2
block-all-mixed-content; report-uri https://tfyre.co.za/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=667a5cd630 2
media-src 'self'; 2
frame-ancestors: 'self' 2
frame-ancestors www.wbsc.org 2
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; connect-src ws: https: wss:; img-src https: data: *; font-src https: data:; frame-ancestors 'self'; 2
frame-ancestors 'self'; object-src 'self'; script-src 'self' https:  'unsafe-eval' 'unsafe-inline' blob:; 2
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';frame-ancestors 'self' sagicor.com *.sagicor.com 2
default-src 'self'; frame-src * ; media-src *; img-src * 'self' data: https:; script-src * 'unsafe-eval' 'unsafe-inline' wwp.dwh.enagas.eng; style-src * 'unsafe-inline'; font-src * data:; connect-src * 2
default-src *; script-src 'unsafe-inline' 'unsafe-eval'  https://*.anico.com https://*.americannational.com https://*.googleapis.com http://otf.msn.com https://*.lifeannuitydi.com  https://www.googletagmanager.com https://*.airkit.com https://*.airkitapps.com https://tagmanager.google.com https://www.google-analytics.com https://americannational.com https://*.assistant.watson.appdomain.cloud https://www.gstatic.com https://www.google.com https://*.inmoment.com https://unpkg.com https://*.vtimg.com https://*.ytimg.com  http://*.angularjs.org https://*.youtube.com  https://*.dnanico1.aniconet.com https://*.anicoweb.com; style-src * 'unsafe-inline' ; img-src * data: ; child-src * data: blob: filesystem: ; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claro.com.sv https://tags.bkrtx.com https://stags.bluekai.com https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://programarcita.claro.com.sv/ https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://youtu.be https://*.facebook.com https://*.facebook.net https://*.kampyle.com https://*.medallia.com https://*.ads-twitter.com https://*.twitter.com https://digitasgt.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://players.brightcove.net https://e.issuu.com https://*.claro.com.sv https://www.googleoptimize.com https://*.google.com https://*.google.com.mx https://*.bing.com https://*.prod.clarodigital.net https://*.claro.com.gt https://static.ads-twitter.com https://*.clarity.ms https://universalplus.com https://connect.facebook.net; media-src mediastream:; 2
report-uri /algemeen/report_CSP_error.php; frame-ancestors 'self' https://*.ict.lan; 2
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src https:; worker-src blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' assets.retarus.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.gstatic.com assets.retarus.com www.gartner.com; object-src 'none'; base-uri 'self'; connect-src 'self' assets.retarus.com yoast.com *.yoast.com js.zi-scripts.com *.google.com *.doubleclick.net ws.zoominfo.com consentcdn.cookiebot.com *.google-analytics.com *.leadlab.click px.ads.linkedin.com; font-src 'self' data: *.gstatic *.fonts.googleapis.com www.retarus.com assets.retarus.com; frame-src 'self' assets.retarus.com *.youtube-nocookie.com webexpress.retarus.com consentcdn.cookiebot.com www.gartner.com player.vimeo.com; img-src 'self' data: *.w.org *.google.de *.linkedin.com imgsct.cookiebot.com pci.usd.de *.retarus.com i.vimeocdn.com *.ads.linkedin.com www.googletagmanager.com *.gartner.com assets.retarus.com ; manifest-src 'self' assets.retarus.com ; media-src 'self' assets.retarus.com; frame-ancestors 'self' assets.retarus.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yoast.com *.googleapis.com js.zi-scripts.com *.vimeocdn.com *.gstatic.com assets.retarus.com snap.licdn.com *.leadlab.click play.vidyard.com www.gartner.com analytics-eu.clickdimensions.com code.createjs.com code.jquery.com *.cookiebot.com cdnjs.cloudflare.com www.googletagmanager.com ; 2
frame-ancestors https://*.derwent.io http://*.derwent.io http://*.derwent.io:* https://*.derwent.io:* 'self' 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 2
default-src 'self';                script-src 'self' 'unsafe-eval' data: 'unsafe-inline' https://static-eu.jobylon.com http://cdn.lightwidget.com http://lightwidget.com https://www.youtube.com http://dl.episerver.net https://dl.episerver.net https://platform.twitter.com https://www.googletagmanager.com http://cdn.pardot.com https://pi.pardot.com http://pi.pardot.com https://static.hotjar.com https://script.hotjar.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.google-analytics.com https://www.google.com http://go.capgeminigroup.com https://cdn.jobylon.com https://static-eu.jobylon.com https://code.jquery.com http://code.jquery.com http://cdnjs.cloudflare.com https://www.gstatic.com;                                          script-src-elem 'self' 'unsafe-eval' data: 'unsafe-inline' https://static-eu.jobylon.com https://cdn.jobylon.com https://emp.jobylon.com https://www.google.com https://ff.kis.v2.scr.kaspersky-labs.com https://apis.google.com http://code.jquery.com http://cdnjs.cloudflare.com http://pi.pardot.com https://dl.episerver.net https://static.hotjar.com https://www.youtube.com https://snap.licdn.com http://cdn.pardot.com http://go.capgeminigroup.com https://www.gstatic.com http://lightwidget.com https://cdn.lightwidget.com http://platform.twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://tag.goldenbees.fr https://cdn.goldenbees.fr https://connect.facebook.net https://tags.inzynk.io https://analytics.inzynk.io https://analytics.inzynk.io/ https://connect.facebook.net https://region1.google-analytics.com https://www.facebook.com https://www.google.de https://script.hotjar.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ajax.googleapis.com;               style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com;                style-src-elem 'self' 'unsafe-inline' data: http://fonts.googleapis.com http://maxcdn.bootstrapcdn.com http://custom-joblist.s3.amazonaws.com https://www.gstatic.com;               frame-src 'self' https://www.youtube.com https://mumfw.corp.capgemini.com https://embed.acast.com https://player.vimeo.com https://share.transistor.fm https://feedback-pa.clients6.google.com https://pi.pardot.com https://www.google.com https://go.pardot.com http://lightwidget.com https://www.youtube-nocookie.com https://cdn.jobylon.com https://go.capgeminigroup.com https://cdn.lightwidget.com https://platform.twitter.com https://td.doubleclick.net https://syndication.twitter.com https://blr2fw.corp.capgemini.com https://www.facebook.com;                font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com http://maxcdn.bootstrapcdn.com https://github.com;                img-src 'self' data: blob: https://prod.ucwe.capgemini.com https://i1.wp.com https://www.google.lk https://www.google.com.mx https://www.google.hu https://www.google.com.co https://www.google.pt https://www.google.com.br https://www.google.pl https://www.google.co.th https://www.google.lu https://media.licdn.com https://www.sogeti.fi https://www.capgemini.com https://www.sogeti.be https://www.google.co.jp https://adservice.google.com https://www.google.it https://www.google.com.ph https://www.google.at http://labs.sogeti.com https://www.google.tn https://www.google.com https://translate.google.com https://fonts.gstatic.com https://www.google.se https://www.google.no https://www.googletagmanager.com https://translate.google.com https://i.ytimg.com https://www.google.fr  https://insight.adsrvr.org https://match.adsrvr.org https://region1.google-analytics.com https://www.google.fr https://www.facebook.com https://insight.adsrvr.org https://match.adsrvr.org https://www.sogeti.com https://www.google.fi https://px.ads.linkedin.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.de https://www.google.co.id https://www.google.ie https://www.google.co.in https://www.google.co.uk https://www.google.nl https://www.google.com.gh https://www.google.be https://www.google.es https://www.google.co.ma https://www.google.co.uk https://syndication.twitter.com https://www.google.dz https://www.google.com.au https://www.google.mu https://www.google.sk https://www.google.fr https://www.google.ca https://static-eu.jobylon.com https://media-eu.jobylon.com https://www.google.dk https://www.google.com.sg http://img.rule.io https://img.rule.io;               connect-src 'self' https://stats.g.doubleclick.net https://px.ads.linkedin.com https://script.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://www.analytics.google.com https://www.google.nl https://www.google-analytics.com https://region1.analytics.google.com https://region1.google-analytics.com https://analytics.inzynk.io https://connect.facebook.net https://tags.inzynk.io https://adservice.google.com https://analytics.google.com https://translate-pa.googleapis.com https://ws.hotjar.com https://analytics.google.com https://www.google.be https://vc.hotjar.io https://www.google.com.au https://www.google.fi https://www.google.fr https://emp.jobylon.com https://www.google.co.in https://translate.googleapis.com https://www.facebook.com;               media-src 'self' https://media.blubrry.com https://media.effekten.se;               object-src 'none';               report-uri /api/csp/;  2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.2o7.net b.6sc.co c.6sc.co j.6sc.co secure.adnxs.com *.adobe.com assets.adobedtm.com *.adsrvr.org static.ads-twitter.com p.adsymptotic.com *.advancedfundsolutions.com *.akafms.net *.akamaihd.net ingestion-upload-production.s3.amazonaws.com/ platform.asset.tv *.atlcap.com *.bcovlive.io *.bcvp0rtal.com match.prod.bidr.io bat.bing.com tags.bluekai.com *.boltdns.net *.brightcove.com *.brightcove.net *.brightcovecdn.com *.calvert.com *.morganstanley.com *.ms.com *.msim.com morganstanley.prospectus-express.com cdn.polyfill.io/v2/polyfill.sj cdnjs.cloudflare.com *.cloudfront.net api.company-target.com segments.company-target.com *.custombeta.com *.demandbase.com *.demdex.net dev-drwebsite www.dianomi.com *.doubleclick.net *.eatonvance.at *.eatonvance.ch *.eatonvance.co.kr *.eatonvance.co.uk *.eatonvance.com *.eatonvance.com.au *.eatonvance.de *.eatonvance.dk *.eatonvance.fi *.eatonvance.ie *.eatonvance.jp *.eatonvance.nl *.eatonvance.no *.eatonvance.se *.eatonvance.sg proxy-bedford.eatonvance.com:8443 *.eatonvancecounsel.com eatonvanceinvestment.tt *.eatonvancerealestate.com *.analytics.edgekey.net ejohn.org cm.everesttech.net *.evmanagement.com *.evwateroak.com xbrl.fasb.org servedby.flashtalking.com fluidproject.org *.fml-x.com fml-x.com *.gallerysites.net gateway.zscalertwo.net getbootstrap.com www.giftcalcs.com www.google.com www.googleadservices.com www.google-analytics.com *.googleapis.com www.googletagmanager.com fonts.gstatic.com www.gstatic.com vds.issgovernance.com weblogs.java.net www.joostdevalk.nl code.jquery.com static.knowledgevision.com www.kryogenix.org snap.licdn.com *.linkedin.com brightcove.hs.llnwd.net brightcove.vo.llnwd.net *.morningstar.com hello.myfonts.net js-agent.newrelic.com *.nextshares.com bam.nr-data.net javascript.nwbox.com *.omtrdc.net onlinexperiences.com *.parametricportfolio.com pi.pardot.com cdn.polyfill.io www.riddle.com id.rlcdn.com xbrl.sec.gov seekingalpha.com t.sf14g.com www.storygize.net t.co analytics.twitter.com platform.twitter.com cloud.typography.com ww.math.ubc.ca *.uscharitablegifttrust.org *.uslegacyincometrusts.org bcove.video www.w3.org xbrl.org youtube.com vjs.zencdn.net *.byspotify.com *.dynatrace.com *.evidon.com blob: data: 2
report-uri https://99designs.report-uri.com/r/d/csp/enforce; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob: android-webview-video-poster:; upgrade-insecure-requests; 2
default-src 'self' https://optimize.google.com; frame-src 'self' data: bytedance: sslocal: https://*.pinterest.com https://www.pinterest.nz https://*.criteo.com https://oc-assets.klarnaservices.com https://*.api.useinsider.com https://*.useinsider.com fbrpc://call https://*.zip.co https://*.stripe.com https://*.shophumm.com.au/ https://tpc.googlesyndication.com https://masterpass.com https://roktcdn1.akamaized.net https://www.youtube.com https://*.masterpass.com https://www.google.com/recaptcha/ https://*.rokt.com https://*.doubleclick.net https://*.kaptcha.com https://*.addthis.com https://*.facebook.com https://*.braintreegateway.com https://*.paypal.com https://*.visa.com https://*.cardinalcommerce.com https://*.paypalobjects.com https://*.trustpilot.com; script-src 'self' data: https://*.adsrvr.org https://*.adunion.com.au https://t.cfjump.com https://*.criteo.com https://*.criteo.net https://oc-library.klarnaservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://*.api.useinsider.com https://*.useinsider.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://*.googletagmanager.com https://*.bing.com https://*.pinimg.com https://cdn.jsdelivr.net/npm/sockjs-client@1/dist/sockjs.min.js https://cdnjs.cloudflare.com/ajax/libs/vertx/3.9.1/vertx-eventbus.min.js https://*.nzsale.co.nz https://*.ozsale.com.au https://*.singsale.com.sg https://*.identitydirect.com.au/ https://www.clarity.ms/ https://*.zipmoney.com.au https://*.partpay.co.nz https://*.rakuten.com https://*.linksynergy.com https://*.dc-storm.com https://*.jrs5.com https://*.mediaforge.com https://*.nxtck.com https://*.stripe.com https://*.shophumm.com.au/ https://www.googletagservices.com/ https://adservice.google.com.au/ https://adservice.google.com/ https://pagead2.googlesyndication.com/ https://cdn.jsdelivr.net/npm/newrelic-reduced@1.1.2/lib/index.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthisedge.com https://assets.pinterest.com https://roktcdn1.akamaized.net https://cdn.optimizely.com/js/ https://ds-aksb-a.akamaihd.net/aksb.min.js https://tpc.googlesyndication.com https://*.masterpass.com https://masterpass.com https://*.rokt.com https://*.nr-data.net https://*.facebook.net https://*.facebook.com https://*.newrelic.com https://*.marinsm.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.paypal.com https://*.paypalobjects.com https://*.braintreegateway.com https://*.visa.com https://*.kaptcha.com https://*.addthis.com https://*.nanigans.com https://*.openpay.com.au/ https://*.trustpilot.com https://tools.luckyorange.com https://*.roeyecdn.com analytics.tiktok.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com.au https://*.google.co.nz https://*.google.com.sg https://*.google.com.my https://*.google.com.hk analytics.tiktok.com https://*.google.com; style-src 'self' https://*.klarnacdn.net https://use.fontawesome.com https://roktcdn1.akamaized.net https://*.visa.com https://*.masterpass.com https://masterpass.com https://*.googleapis.com https://*.api.useinsider.com https://*.useinsider.com 'unsafe-inline'; font-src 'self' data: https://*.api.useinsider.com/ https://*.useinsider.com/ https://font.static.useinsider.com/ https://static.zipmoney.com.au https://*.klarnacdn.net https://use.fontawesome.com https://*.googleapis.com https://*.gstatic.com https://roktcdn1.akamaized.net; connect-src 'self' https://*.adunion.com.au https://*.adsrvr.org https://*.criteo.com https://*.klarnaservices.com https://*.useinsider.com https://*.api.useinsider.com https://*.g.doubleclick.net https://bat.bing.com https://*.pinterest.com https://images.latitudepayapps.com wss://fbcb.nzsale.co.nz wss://fbcb.identitydirect.com.au https://fcmregistrations.googleapis.com/v1/projects/ https://firebaseinstallations.googleapis.com/v1/projects/ https://*.nzsale.co.nz https://*.identitydirect.com.au https://www.clarity.ms/ https://*.zip.co https://zip.co https://*.zipmoney.com.au https://pagead2.googlesyndication.com https://*.visa.com https://*.addthis.com https://www.google-analytics.com https://*.nr-data.net https://*.rokt.com https://*.braintreegateway.com https://*.paypal.com https://*.kaptcha.com https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au https://*.google.co.nz https://*.google.com.sg https://*.google.com.my https://*.google.com.hk analytics.tiktok.com https://*.luckyorange.com https://pubsub.googleapis.com wss://*.visitors.live https://ds-aksb-a.akamaihd.net/RRT; object-src 'self' https://*.useinsider.com https://*.visa.com https://www.paypalobjects.com; frame-ancestors 'self' https://*.useinsider.com; 2
upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; connect-src 'self' www.google-analytics.com consentcdn.cookiebot.com *.wistia.com *.sharethis.com wss://localhost:* *.b2clogin.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: *.wistia.com; object-src 'none'; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com ajax.googleapis.com ajax.aspnetcdn.com consent.cookiebot.com www.recaptcha.net www.googletagmanager.com *.wistia.com code.jquery.com www.google-analytics.com www.gstatic.com *.wistia.net *.sharethis.com 'report-sample'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.fontawesome.com; media-src 'self' blob: assets.maxlinear.com; frame-ancestors 'self' *.maxlinear.com; base-uri 'self'; frame-src 'self' consentcdn.cookiebot.com www.recaptcha.net *.wistia.net *.wistia.com www.google.com 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 2
frame-ancestors 'self' ; report-uri https://itickets.report-uri.io/r/default/csp/enforce; 2
worker-src 'http://test.datalex.org' 'http://www.lawnet.sg'; 2
frame-src 'self' https://promericagt.custhelp.com https://promericaopa.custhelp.com https://wstasacambio.bancopromerica.com.gt https://stags.bluekai.com https://tags.bkrtx.com https://vars.hotjar.com/ https://promericagt--tst1.custhelp.com https://enlz-prod1-apps6.builder.ocp.oraclecloud.com https://ventus.enalog.se https://channels.onemarketer.cl https://www.gstatic.com/ https://www.google.com/recaptcha/ https://optimize.google.com https://www.youtube.com 2
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.googleapis.com *.gstatic.com *.googleusercontent.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://recaptcha.net https://cdn.cookielaw.org  blob:; object-src https:; style-src 'unsafe-inline' https:; img-src 'self' https: *.keepeek-dev.com *.keepeek.com https://cdn.cookielaw.org mediaassets.airbus.com data:; media-src 'self' https: *.keepeek-dev.com *.keepeek.com blob:; frame-src 'self' https: https://www.youtube.com/embed/ https://youtu.be https://www.google.com/maps/ *.keepeek-dev.com *.keepeek.com; child-src blob:; font-src https: data:; connect-src https: wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
script-src 'self'; object-src 'self'; base-uri 'none'; 2
default-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com unpkg.com googletagmanager.com rum-static.pingdom.net rum-collector-2.pingdom.net www.google-analytics.com data: audio: kit.fontawesome.com ka-f.fontawesome.com fonts.gstatic.com connect.facebook.net www.facebook.com stats.g.doubleclick.net lifeblood.clevertar.app ctweb.azureedge.net dc.services.visualstudio.com webau.blob.core.windows.net my-opa.donateblood.com.au www.youtube.com www.google.com oembed.libsyn.com fls.doubleclick.net in.hotjar.com components.clevertar.app js.clevertar.app voices.clevertar.app https://bcvipsd20.rightnowtech.com/engagement/api/consumer/ https://my-opa.donateblood.com.au/web-determinations/redirectQuery aurcbloodservices.widget.custhelp.com region1.google-analytics.com region1.analytics.google.com https://aurcbloodservices.widget.custhelp.com https://characters.clevertar.app https://speak.clevertar.com https://components.clevertar.app https://api.experianaperture.io/ snap.licdn.com ads.linkedin.com www.google.com.au/ads/ga-audiences cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads cdn.pdst.fm; connect-src 'self' intercept.inmoment.com.au csc.inmoment.com www.google-analytics.com rum-collector-2.pingdom.net maps.googleapis.com aurcbloodservices.widget.custhelp.com doubleclick.net dc.services.visualstudio.com lifeblood.clevertar.app characters.clevertar.app components.clevertar.app speak.clevertar.com api.experianaperture.io my-opa.donateblood.com.au dc.oracleinfinity.io intercept-client.inmoment.com.au voices.clevertar.app analytics.google.com analytics.tiktok.com ads.linkedin.com ctweb.azureedge.net https://bcvipsd20.rightnowtech.com reddit.com; font-src 'self' kit.fontawesome.com cdnjs.cloudflare.com ka-f.fontawesome.com data: application: fonts.gstatic.com clevertar.azureedge.net https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/euf/core/3.3/thirdParty/fonts/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads; frame-src 'self' www.youtube.com www.facebook.com oembed.libsyn.com www.google.com *.fls.doubleclick.net hotjar.com https://platform.twitter.com/ www.instagram.com www.linkedin.com https://api.experianaperture.io/ snap.licdn.com ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au feedback.inmoment.com.au; img-src 'self' www.w3.org/* data: https: http: image: blob: region1.google-analytics.com region1.analytics.google.com snap.licdn.com ads.linkedin.com cdn.linkedin.oribi.io gw.linkedin.oribi.io analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com/ads; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.facebook.com kit.fontawesome.com www.youtube.com www.google-analytics.com rum-static.pingdom.net img.en25.com ka-f.fontawesome.com googleads.g.doubleclick.net amplify.outbrain.com tr.outbrain.com my-opa.donateblood.com.au www.w3.org code.jquery.com clevertar.azureedge.net www.googletagmanager.com rum-collector-2.pingdom.net lifeblood.clevertar.app ctweb.azureedge.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ aurcbloodservices.widget.custhelp.com/ci/oit https://aurcbloodservices.widget.custhelp.com https://www.rnengage.com/api https://api.experianaperture.io/ https://aurcbloodservices.widget.custhelp.com/s/oit/latest/common/v0/libs/oit/ snap.licdn.com ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' fonts.googleapis.com kit.fontawesome.com www.youtube.com code.jquery.com img.en25.com my-opa.donateblood.com.au amplify.outbrain.com/ rum-static.pingdom.net www.googleadservices.com/ www.w3.org/* code.jquery.com/jquery-3.5.0.min.js www.googletagmanager.com connect.facebook.net www.google-analytics.com clevertar.azureedge.net tr.outbrain.com googleads.g.doubleclick.net ctweb.azureedge.net www.gstatic.com/recaptcha/releases/ hotjar.com aurcbloodservices.widget.custhelp.com https://my-opa.donateblood.com.au/web-determinations/staticresource/ www.rnengage.com/api/ https://platform.twitter.com/ https://www.instagram.com/ https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au www.redditstatic.com cdn.pdst.fm https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com https://www.google.com; style-src 'self' ka-f.fontawesome.com/* https://fonts.googleapis.com/css https://clevertar.azureedge.net/UserInterface/evo/classic.css https://ctweb.azureedge.net/clients/lifeblood/css/theme.css https://clevertar.azureedge.net/UserInterface/evo/modern.css fonts.googleapis.com www.googletagmanager.com my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://ctweb.azureedge.net/ https://clevertar.azureedge.net/ https://ctweb.azureedge.net/clients/lifeblood/css/bubble-theme.css https://api.experianaperture.io/ analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' maps.googleapis.com/* unpkg.com fonts.googleapis.com kit.fontawesome.com www.googletagmanager.com clevertar.azureedge.net ctweb.azureedge.net https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/staticresource/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteBloodQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteMilkQuiz/ https://my-opa.donateblood.com.au/aurcbloodservices_opa/owda/resource/WebsiteTravelQuiz/ my-opa.donateblood.com.au aurcbloodservices.widget.custhelp.com https://api.experianaperture.io/ ads.linkedin.com analytics.google.com analytics.tiktok.com intercept.inmoment.com.au csc.inmoment.com intercept-client.inmoment.com.au https://cdn.jsdelivr.net; report-uri https://www.lifeblood.com.au/report-uri/enforce; upgrade-insecure-requests 2
default-src 'self' http: https: data: blob: 'unsafe-inline' script-src: 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.verti.es *.verti.it *.verti.com *.verti.de *.mazda.de; 2
default-src 'self' blob: data: gap: *.proxify.com *.upsideout.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.google.com *.gstatic.com *.googleapis.com *.googlevideo.com 'unsafe-inline' 'unsafe-eval'; 2
script-src 'strict-dynamic' 'nonce-x1Efevv2MNZ+KViKQtojzw==' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors https://app.contentful.com; 2
default-src 'self' *.googleadservices.com *.crazyegg.com *.licdn.com *.facebook.net *.outbrain.com *.youtube.com *.company-target.com; script-src 'self' *.googleapis.com *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.everestjs.net *.cloudflare.com *.licdn.com *.google.com *.gstatic.com lineagelogistics-external.applynow.net.au candidate-office.s3.amazonaws.com *.googleadservices.com *.bing.com *.newrelic.com *.instagram.com *.nr-data.net cdn.jsdelivr.net *.crazyegg.com blob: acsbapp.com code.jquery.com unpkg.com *.instagram.com *.ensighten.com *.oribi.io *.youtube.com polyfill.io *.facebook.net *.outbrain.com *.demandbase.com tag.demandbase.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' pt.onelineage.com pi.pardot.com *.youtube-nocookie.com *.adsrvr.org https://storage.pardot.com/961942/1714040807BiAtzoZM/attribution_engine.min.js https://pt.onelineage.com/l/961942/2024-04-25/5n7n9/961942/1714040807BiAtzoZM/attribution_engine.min.js; object-src 'none'; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com cdn.jsdelivr.net *.crazyegg.com acsbapp.com *.acsbapp.com code.jquery.com unpkg.com https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.youtube-nocookie.com; img-src 'self' data: *.crazyegg.com acsbapp.com *.acsbapp.com *.gstatic.com *.googleapis.com; media-src *; frame-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com *.google.com lineagelogistics-external.applynow.net.au *.doubleclick.net *.crazyegg.com *.instagram.com *.adsrvr.org *.cloudfront.net *.facebook.com *.pardot.com pt.lineagelogistics.com http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzr http://pt.lineagelogistics.com/l/961942/2023-08-22/4hbzv http://go.pardot.com/l/961942/2023-08-22/4hbzk http://go.pardot.com/l/961942/2023-06-27/493x5 *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ recaptcha.google.com:* pt.onelineage.com *.youtube-nocookie.com; frame-ancestors 'self' https://tag.demandbase.com/d80b380c137ea7bb.min.js *.company-target.com tag.demandbase.com pt.onelineage.com *.youtube-nocookie.com; child-src 'self' *.youtube.com *.everesttech.net *.everestjs.net *.oxblue.com *.earthcam.net *.truelook.com *.proofpoint.com blob: *.youtube.com *.company-target.com https://tag.demandbase.com/d80b380c137ea7bb.min.js *.youtube-nocookie.com; font-src 'self' *.googleusercontent.com *.gstatic.com *.typekit.net data: acsbapp.com *.acsbapp.com; connect-src 'self' *.cookielaw.org *.google-analytics.com *.doubleclick.net *.onetrust.com *.bing.com *.nr-data.net *.googleapis.com *.crazyegg.com acsbapp.com *.acsbapp.com *.youtube.com *.google.com *.linkedin.oribi.io *.company-target.com *.demandbase.com https://tag.demandbase.com/d80b380c137ea7bb.min.js https://lineagelogistics-external.applynow.net.au https://lineagelogistics-external.applynow.net.au https://candidate-office.s3.amazonaws.com/js/iframe-resizer/iframeResizer.min.js https://d2wy8f7a9ursnm.cloudfront.net/ *.linkedin.com; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.visualwebsiteoptimizer.com app.vwo.com https://cdnjs.cloudflare.com https://browser.sentry-cdn.com *.azureedge.net https://client.prod.repmap.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.cookiebot.com https://www.youtube.com https://sc-static.net https://connect.facebook.net https://*.snapchat.com https://snap.licdn.com https://www.googleadservices.com analytics.tiktok.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: https://*.visualwebsiteoptimizer.com app.vwo.com https://picsum.photos https://*.picsum.photos https://*.cloudfront.net https://*.azureedge.net https://assets-eur.mkt.dynamics.com *.microsoft.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com/docsdf https://*.snapchat.com https://snap.licdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://*.linkedin.com https://*.svc.dynamics.com https://*.cookiebot.com; media-src 'self'; frame-src 'self' https://app.vwo.com https://www.youtube.com https://www.youtube-nocookie.com https://tourmkr.com *.svc.dynamics.com https://projects.ivorystudio.net https://open.spotify.com https://*.cookiebot.com https://docs.google.com https://*.snapchat.com https://td.doubleclick.net https://www.facebook.com; font-src 'self' data: https://script.hotjar.com; connect-src 'self' https://sentry.netvlies.nl *.svc.dynamics.com https://*.visualwebsiteoptimizer.com app.vwo.com https://*.analytics.google.com https://*.cookiebot.com https://region1.google-analytics.com www.google-analytics.com analytics.tiktok.com stats.g.doubleclick.net https://*.snapchat.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://*.linkedin.com https://surveystats.hotjar.io https://ask.hotjar.io https://in.hotjar.com https://sentry.netvlies.nl/api/106/store/ https://sentry.netvlies.nl/api/106/envelope/; report-uri /report-csp-violation 2
frame-ancestors 'self' https://*.yandex.ru 2
default-src * blob: data: 'unsafe-eval' 'unsafe-inline'; 2
connect-src 'self' fonts.googleapis.com *.google-analytics.com *.analytics.google.com marketing.infoland.nl www.google.com z.clarity.ms *.cookiebot.com *.doubleclick.net cdn.linkedin.oribi.io bat.bing.com *.aanmelder.nl *.webinargeek.com *.googlesyndication.com gateway.infoland.nl; default-src 'none'; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.aanmelder.nl cdn.jsdelivr.net; frame-src 'self' consentcdn.cookiebot.com www.google.com *.webinargeek.com; img-src 'self' data: *.linkedin.com bat.bing.com www.google-analytics.com marketing.infoland.nl www.google.nl *.doubleclick.net www.google.com cdn.aanmelder.nl cdn.aanmelderusercontent.nl; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookiebot.com www.google-analytics.com marketing.infoland.nl snap.licdn.com bat.bing.com www.google.com ajax.googleapis.com www.gstatic.com www.clarity.ms *.doubleclick.net www.googleadservices.com www.aanmelder.nl cdn.aanmelder.nl *.webinargeek.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com marketing.infoland.nl cdn.aanmelder.nl cdn.jsdelivr.net; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com *.3playmedia.com *.googleadservices.com *.googleads.g.doubleclick.net *.acsbapp.com acsbapp.com *.mktoweb.com https://js.adsrvr.org/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://optimize.google.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://tracker.adreadyclick.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://munchkin.marketo.net/ *.4seeresults.com https://gateway.foresee.com/ https://www.youtube.com/ https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com:443 cdnjs.cloudflare.com polyfill.io www.googletagmanager.com maxcdn.bootstrapcdn.com https://*.google-analytics.com connect.facebook.net s.btstatic.com s.thebrighttag.com https://rlforms.referlive.com; style-src 'self' 'unsafe-inline' *.3playmedia.com originp3.s3.amazonaws.com *.4seeresults.com *.foresee.com *.mktoweb.com https://optimize.google.com https://rlforms.referlive.com https://fonts.googleapis.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com:443 builder.risdall.com; img-src 'self' data: googleads.g.doubleclick.net *.acsbapp.com acsbapp.com https://azurestorefront.blob.core.windows.net https://rlforms.referlive.com https://trustage.liveplatform.com https://optimize.google.com https://script.hotjar.com http://script.hotjar.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://www.google.com/ads/ga-audiences https://tn.alphonso.tv https://*.gstatic.com https://*.googleapis.com https://*.calcxml.com https://*.sharethis.com https://insight.adsrvr.org https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://dpm.demdex.net https://io.narrative.io https://idpix.media6degrees.com https://mid.rkdms.com https://play.google.com https://developer.apple.com; font-src 'self' *.3playmedia.com acsbapp.com http://script.hotjar.com https://script.hotjar.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.gstatic.com *.4seeresults.com *.foresee.com; connect-src 'self' *.google.com *.doubleclick.net *.3playmedia.com *.4seeresults.com *.foresee.com *.acsbapp.com https://rlforms.referlive.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://pixelconnector.adready.com https://tracker.adreadyclick.com https://in.hotjar.com https://tags.srv.stackadapt.com https://www.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://*.mktoresp.com/ https://*.sharethis.com https://www.calcxml.com https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net *.googleapis.com; object-src 'self' https://player.vimeo.com https://vimeo.com https://www.youtube.com/; frame-src 'self' *.google.com *.doubleclick.net t.sharethis.com plugin.3playmedia.com *.3playmedia.com *.mktoweb.com https://match.adsrvr.org/ https://insight.adsrvr.org/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://optimize.google.com https://player.vimeo.com https://vimeo.com https://vars.hotjar.com *.wingsfinancial.com *.touchcommerce.com *.inq.com *.nuance.com https://www.youtube.com/ https://wings.locatorsearch.com/ www.facebook.com:443 https://*.sharethis.mgr.consensu.org; form-action 'self' *.wingscu.com *.architect-cert.fiservapps.com *.referlive.com *.touchcommerce.com *.inq.com *.nuance.com https://wingsfinancial.onlinebank.com https://www.facebook.com; frame-ancestors 'self' https://wingsfinancial.onlinebank.com/; upgrade-insecure-requests; block-all-mixed-content; 2
default-src 'self' *.berger-levrault.com; img-src 'self' data: *.berger-levrault.com *.analytics.google.com *.google.es *.wistia.com  wp-rocket.me *.google-analytics.com *.gravatar.com https://s.w.org https://gravityforms.s3.amazonaws.com https://gravityforms.s3.amazonaus.com *.gstatic.com *.googleapis.com; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline'; script-src 'self' *.google.ca google.ca *.google.com google.com *.en25.com *.licdn.com *.facebook.net *.google.es *.googleadservices.com googleadservices.com *.helpscout.net *.wistia.com *.hcaptcha.com *.matomo.cloud *.mxpnl.com https://hcaptcha.com *.cloudflare.com *.googleapis.com *.googletagmanager.com https://www.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.berger-levrault.com *.youtube.com *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.gstatic.com; connect-src 'self' *.analytics.google.com *.helpscout.net *.wistia.com *.litix.io *.cloudfront.net *.matomo.cloud *.hcaptcha.com *.gstatic.com *.googleapis.com *.google-analytics.com *.yoast.com yoast.com *.berger-levrault.com; frame-src 'self' mailto: tel: *.facebook.net *.berger-levrault.com *.hcaptcha.com *.youtube.com *.youtube-nocookie.com wp-rocket.me; media-src 'self' blob: *.berger-levrault.com *.wistia.net 2
frame-ancestors 'self' dashboard.myrazz.com; report-uri /report-violation 2
object-src 'none'; script-src 'self' https://*.rmbl.ws https://ads.pubmatic.com https://polyfill.io https://js.ad-score.com https://*.revcontent.com https://hcaptcha.com https://*.hcaptcha.com https://*.cloudflare.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://ads.scored.co 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval'; 2
child-src * blob: gap:; img-src * 'self' blob: data:;default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' wibu.com *.wibu.com 'unsafe-inline' 'unsafe-eval' *.brighttalk.com *.adobe.com *.wibu.us *.surveymonkey.com *.brightcove.net *.wibu.com *.typo3.org *.googleapis.com www.google-analytics.com *.google.com *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.nakanohito.jp *.pardot.com *.joomag.com *.cleverreach.de *.cloudfront.net *.amazonaws.com *.hubspot.com *.gstatic.com *.iiconsortium.org *.ddev.site *.friendlycaptcha.com cdn.jsdelivr.net data:; img-src * data:; font-src 'self' data: *.wibu.com *.gstatic.com; frame-src 'self' *.wibu.com www.wibu.com *.googleapis.com www.google-analytics.com *.google.com *.google.de *.google.fr *.google.co.uk *.youtube.com *.youtube-nocookie.com *.youtube.de *.ytimg.com *.baidu.com *.joomag.com *.surveymonkey.com *.brighttalk.com *.hcaptcha.com; frame-ancestors 'self' https://*.wibu.com at.alicdn.com; worker-src blob:; 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval' connect-src * 'unsafe-inline' img-src * data: blob: 'unsafe-inline' frame-src *; style-src * data: blob: 'unsafe-inline' font-src * data: blob: 'unsafe-inline'; 2
frame-ancestors 'self' http://bleudigo.the513.top https://www.indigo-net.com https://www.indigo.fr; 2
img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschaftermarket.com *.dxtservice.com *.bosch.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.translate.google.com; object-src 2
frame-ancestors 'self' chromacam.me personifyinc.com 2
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval'; block-all-mixed-content; upgrade-insecure-requests 2
base-uri 'self'; object-src 'none'; frame-ancestors 'self'; default-src * data: blob: filesystem: about: ws: wss: http: https: 'unsafe-inline' 'unsafe-eval'; 2
default-src 'self' images.salzburg-ag.at *.salzburg-ag.tech; object-src 'self' app.usercentrics.eu/latest/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at maps.googleapis.com; script-src 'self' *.salzburg-ag.at snap.licdn.com *.mouseflow.com *.pinimg.com maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ assets.adobedtm.com sc-static.net app.usercentrics.eu/latest/ images.salzburg-ag.at js.monitor.azure.com/scripts/ www.googletagmanager.com cognigy-endpoint.salzburg-ag.at www.googleadservices.com *.g.doubleclick.net ad.doubleclick.net tr.snapchat.com www.google-analytics.com *.usercentrics.eu www.youtube.com snap.licdn.com/li.lms-analytics/insight.min.js connect.facebook.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.salzburg-ag.tech cdn.linkedin.oribi.io *.mouseflow.com *.google-analytics.com *.analytics.google.com *.salzburg-ag.at ct.pinterest.com tr.snapchat.com *.g.doubleclick.net ad.doubleclick.net sc-static.net maps.googleapis.com *.usercentrics.eu dc.services.visualstudio.com/v2/track  *.omtrdc.net *.demdex.neti data: wss:; img-src 'self' *.salzburg-ag.at *.pinimg.com ct.pinterest.com www.google-analytics.com www.google.com www.google.at p.adsymptotic.com *.fls.doubleclick.net *.linkedin.com *.facebook.com *.youtube.com *.g.doubleclick.net ad.doubleclick.net adservice.google.com tr.snapchat.com maps.gstatic.com maps.googleapis.com www.googletagmanager.com app.usercentrics.eu *.usercentrics.eu www.familieundberuf.at *.everesttech.net *.demdex.net *.omtrdc.net data:; style-src 'self' 'unsafe-inline' *.salzburg-ag.at app.usercentrics.eu/latest/ www.googletagmanager.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com maps.googleapis.com data:; frame-src 'self' reglist24.com *.reglist24.com  my.matterport.com *.svc.dynamics.com *.cablelink.at sag.viewer.cit-fusion.com ct.pinterest.com www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://at.eturnity.eu/ ocilion.com p.artworx.at form.typeform.com *.microsoftonline.com login.microsoftonline.com cablelink.preview.speedtestcustom.com cablelink.speedtestcustom.com energie-effizienz-iframe.smartricity.de outlook.office365.com *.fls.doubleclick.net ad.doubleclick.net www.youtube.com maps.googleapis.com tr.snapchat.com *.facebook.com *.demdex.net;media-src 'self' maps.googleapis.com data:; frame-ancestors 'self' app.usercentrics.eu; form-action 'self' tr.snapchat.com www.facebook.com app.usercentrics.eu; 2
default-src 'unsafe-inline' 'unsafe-eval' data: blob: wss://*.happymoney.com wss://*.usw2.pure.cloud *.happymoney.com https://happymoney.com https://*.cloudflare.com https://cdn.siftscience.com https://*.digify.com https://*.readme.io https://cdn.plaid.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://*.googleadservices.com https://fonts.gstatic.com https://cdn.segment.com https://*.segment.io https://*.livechatinc.com https://*.fullstory.com https://*.payoff.com https://stats.g.doubleclick.net https://unpkg.com https://*.ingest.sentry.io https://js.live.net https://use.typekit.net https://sjrtp2-cdn.marketo.com https://munchkin.marketo.net https://script.crazyegg.com https://bat.bing.com https://api.instagram.com https://connect.facebook.net https://*.launchdarkly.com https://*.oktapreview.com https://*.okta.com https://static.cdn.prismic.io https://happymoney-marketing.prismic.io https://www.youtube.com https://*.amazonaws.com https://*.iovation.com https://*.datadoghq.com https://*.browser-intake-datadoghq.com https://point-break.cdn.prismic.io https://images.prismic.io https://cdn.livechat-static.com https://cdn.livechat-files.com https://hexagon-analytics.com https://i.imgur.com https://www.facebook.com https://p.typekit.net https://secure.gravatar.com https://*.usw2.pure.cloud https://snap.licdn.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.oktacdn.com https://*.lever.co https://*.ipify.org https://*.twitter.com https://*.ads-twitter.com https://*.pangle-ads.com https://t.co https://*.citadelid.com https://*.truv.com https://happymoney.gw-dv.vip https://happymoney.gw-dv.io https://happymoney.gw-dv.xyz https://happymoney.cdn-gw-dv.vip https://52.42.183.115 https://happymoney.ck123.io; frame-ancestors 'self' 2
default-src 'self' www.google-analytics.com region1.google-analytics.com *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com region1.google-analytics.com *.openstreetmap.org; img-src 'self' 'unsafe-inline' www.google-analytics.com secure.gravatar.com *.tile.openstreetmap.org data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' www.google.com *.openstreetmap.org; object-src 'none'; font-src 'self' 'unsafe-inline' fonts.gstatic.com data:; 2
frame-ancestors 'self' *.microsoft.com *.microsoft365.com *.google.com *.lumapps.com *.office.com; 2
frame-ancestors https://cms.talent-pool.com 2
frame-ancestors 'self'  teams.microsoft.com *.teams.microsoft.com 2
default-src 'self';style-src 'self' 'unsafe-inline' *.webflow.com assets-global.website-files.com *.googleapis.com *.weglot.com *.audiense.com *.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouseflow.com *.hubspot.com *.webflow.com assets-global.website-files.com *.google.com *.googletagmanager.com *.googleapis.com *.partnerstack.com *.mxpnl.com *.weglot.com d3e54v103j8qbb.cloudfront.net *.hs-scripts.com *.profitwell.com snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net js.hsadspixel.net js.hs-banner.com *.hs-analytics.net js.hsleadflows.net js.usemessages.com www.datadoghq-browser-agent.com *.facebook.net *.calconic.com *.hsappstatic.net *.hsforms.net *.audiense.com *.hotjar.com *.g2crowd.com *.365insightcreative.com;img-src 'self' *.mouseflow.com data: *.webflow.com *.hsforms.com *.linkedin.com assets-global.website-files.com *.googletagmanager.com *.hubspot.com *.google-analytics.com *.google.com *.google.es *.facebook.com *.hsforms.com *.audiense.com *.hotjar.com d3e54v103j8qbb.cloudfront.net;connect-src 'self' *.mouseflow.com *.hubspot.com *.google-analytics.com *.google.com pagead2.googlesyndication.com assets-global.website-files.com *.cdn-api-weglot.com partnerlinks.io *.weglot.com *.webflow.com *.hubapi.com *.hubspot.com stats.g.doubleclick.net rum.browser-intake-datadoghq.com app.calconic.com *.facebook.com hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com cdn.linkedin.oribi.io statistics-dot-calconic-app.appspot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.linkedin.com https://cdn-api-weglot.com https://http-intake.logs.datadoghq.com *.google.es;font-src 'self' *.mouseflow.com data: *.gstatic.com *.hotjar.com;frame-src 'self' *.mouseflow.com td.doubleclick.net app.calconic.com *.hubspot.com https://www.g2.com/ cdn.embedly.com *.hotjar.com;media-src 'self' *.audiense.com;child-src 'self' *.mouseflow.com; 2
default-src 'self' eviden.com *.eviden.com atos.net *.atos.net yoast.com *.yoast.com 'unsafe-inline' 'unsafe-eval' *.gravatar.com ps.w.org *.matomo.cloud *.marketo.net *.mktoresp.com *.mktoweb.com *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googleapis.com *.google.fr *.google.com *.gstatic.com cdn-cookieyes.com *.cookieyes.com *.linkedin.com *.licdn.com cdn.linkedin.oribi.io w.soundcloud.com tribl.io gallery.sprinklr.com; frame-ancestors 'self' eviden.com *.eviden.com atos.net *.atos.net atos365.sharepoint.com; object-src 'none'; font-src 'self' data: 'unsafe-inline'; img-src 'self' cdn-cookieyes.com *.linkedin.com *.gstatic.com tribl.io secure.gravatar.com data: 'unsafe-inline'; 2
default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 2
default-src *; img-src * data: blob:; media-src * data: blob:; script-src 'unsafe-inline' 'unsafe-eval' * data: blob:; worker-src 'unsafe-inline' 'unsafe-eval' * data: blob:; connect-src *; font-src * data: blob:; frame-src *; object-src * data: blob:; style-src 'unsafe-inline' * data: blob: 2
frame-ancestors 'self' https://testbed.filecloudlabs.com https://ce.filecloud.com; 2
default-src 'self'; img-src * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://cdn.cookielaw.org https://ssl.google-analytics.com https://connect.facebook.net https://expressentry.melissadata.net https://globalemail.melissadata.net https://www.gstatic.com https://use.fontawesome.com https://calendar.time.ly https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://www.paypal.com/ https://www.sandbox.paypal.com/; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com/ data:; connect-src 'self' https://globalemail.melissadata.net https://cdn.cookielaw.org/ https://biext.jafra.com https://www.google-analytics.com https://globalphone.melissadata.net https://personator.melissadata.net/ https://stats.g.doubleclick.net https://biextqa.jafra.com/ https://www.paypal.com/ https://www.sandbox.paypal.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com; frame-src *; media-src * 2
frame-ancestors www.happymeal.com; 2
frame-ancestors 'self' https://*.build.com/ https://*.build-catalogs.com/ https://bcom.my.salesforce.com/ https://*.visual.force.com/ https://omconsole.com/ https://*.omconsole.com/ https://*.cybersource.com/ 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; connect-src *; font-src 'self' fonts.gstatic.com data:; frame-src 'self' *; block-all-mixed-content 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com api-ikea.pl *.adform.net *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.pl *.loyaltypoint.pl owoo86.dashboard.wedare.pl track.omgpl.com *.pinterest.com s.pinimg.com api.pinpiaa.com simplylease.pl contactform-dot-ikea-poland-zoo-prod.appspot.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 2
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 2
default-src 'self' data: *.googletagmanager.com *.trustarc.com *.mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.extole.io https://*.xtlo.net; object-src 'self' *.googletagmanager.com *.trustarc.com; child-src 'self' ujet.co *.ujet.co *.truste.com *.trustarc.com *.googletagmanager.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truste.com *.consent.trustarc.com *.googletagmanager.com *.trustarc.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.stackadapt.com *.tags.srv.stackadapt.com *.redditstatic.com *.forter.com tags.stackadapt.com https://mpsnare.iesnare.com https://share.walmartmoneycard.com *.go2bank.com *.go2financial.com *.go2bankonline.com *.fuelcdn.com *.exacttarget.com *.adobe.com *.mpsnare.iesnare.com *.tvsquared.com ujet.co *.ujet.co google-analytics.com *.google-analytics.com trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.salesforceliveagent.com *.hypemarks.com websdk.appsflyer.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.extole.io https://*.xtlo.net https://*.decibelinsight.net https://*.decibel.com blob: https://api.cloudsponge.com analytics.tiktok.com https://cdnjs.cloudflare.com; connect-src 'self' *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com *.google-analytics.com *.walmartmoneycard.com/events *.appsflyer.com *.go2bank.com *.go2bankonline.com *.go2financial.com wss://mpsnare.iesnare.com/star *.appsflyer.com go2bank.sjv.io  kampyle.com *.mpsnare.iesnare.com *.kampyle.com mobileapi.locatorsearch.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com vimeo.com *.vimeo.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com s.ytimg.com connect.facebook.net storify.com *.fyre.co *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net https://*.cloudsponge.com https://*.decibelinsight.net https://*.decibel.com wss://*.decibelinsight.net https://*.extole.io https://*.xtlo.net analytics.tiktok.com https://maps.googleapis.com https://analytics.pangle-ads.com https://pagead2.googlesyndication.com; img-src 'self' data: https://arttrk.com https://trkn.us https://rdcdn.com p.alocdn.com aa.trkn.us i.ytimg.com *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.reddit.com *.rdcdn.com *.mdhv.io *.go2bank.com *.go2bankonline.com *.go2financial.com *.ojrq.net *.tvsquared.com google-analytics.com *.google-analytics.com i.vimeocdn.com www.google.co.in *.google.co.in kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.force.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.adobecqms.net *.googleadservices.com *.greendot.com greendot.com *.googletagmanager.com googletagmanager.com *.facebook.com facebook.com *.bing.com s.ytimg.com connect.facebook.net assets.adobedtm.com www.youtube.com storify.com cdn.livefyre.com bootstrap.livefyre.com player.vimeo.com *.livefyre.com *.everesttech.net *.demdex.net *.omtrdc.net data: blob: https://*.extole.io https://*.xtlo.net data: https://api.cloudsponge.com https://*.walmartmoneycard.com analytics.tiktok.com ; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.exacttarget.com kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.go2bankonline.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.googleadservices.com cdn.livefyre.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com use.typekit.net *.typekit.net https://*.extole.io https://*.xtlo.net https://fonts.googleapis.com https://api.cloudsponge.com; font-src 'self' data: kampyle.com *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.appsflyer.com *.kampyle.com use.typekit.net *.use.typekit.net *.googleapis.com *.gstatic.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net *.livefyre.com https://*.extole.io https://*.xtlo.net https://fonts.gstatic.com https://api.cloudsponge.com; frame-src 'self' *.pardot.com *.googletagmanager.com *.trustarc.com *.truste.com *.tags.srv.stackadapt.com *.srv.stackadapt.com *.east.srv.stackadapt.com *.uw.srv.stackadapt.com *.eu.srv.stackadapt.com *.qvdt3feo.com *.go2bank.com ujet.co *.ujet.co kampyle.com *.kampyle.com *.googleapis.com *.gstatic.com *.facebook.com facebook.com *.pxf.io idsync.rlcdn.com logs-01.loggly.com tapestry.tapad.com ojrq.net *.impactradius-event.com *.hypemarks.com *.adsrvr.org *.xg4ken.com *.google.com *.doubleclick.net *.greendot.com *.go2financial.com *.adobecqms.net www.youtube.com player.vimeo.com *.demdex.net trk.clinch.co *.trk.clinch.co cdn.clinch.co *.clinch.co cdn-gdc.com *.cdn-gdc.com bytedance: sslocal:; frame-ancestors 'self' https://*.greendot.com https://*.go2bank.com https://*.go2financial.com https://*.walmartmoneycard.com https://*.chirpwhitelabel.com;; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval'; 2
connect-src 'self'  *.addthis.com *.clarity.ms *.cookielaw.org *.g.doubleclick.net *.google-analytics.com *.google.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.hubspot.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.statbroadcast.com analytics.tiktok.com api.airbrake.io attestation.android.com bcbolt446c5271-a.akamaihd.net cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.linkedin.oribi.io csi.gstatic.com csp.withgoogle.com gtm-w82hjxd-otazy.uc.r.appspot.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io pagead2.googlesyndication.com pixel.adsafeprotected.com px.ads.linkedin.com region1.analytics.google.com rum-collector-2.pingdom.net s3.amazonaws.com/s3.statbroadcast.com/ ws://*.theufl.com:24678/ ws://localhost:24678/ www.facebook.com; default-src 'self' *.statbroadcast.com cdn.datatables.net s3.amazonaws.com/s3.statbroadcast.com/ cdnjs.cloudflare.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com use.typekit.net data://*; form-action 'self' *.twitter.com analytics.clickdimensions.com bbox.blackbaudhosting.com www.facebook.com; frame-src 'self' *.addthis.com *.emailmeform.com *.facebook.com *.fls.doubleclick.net *.g.doubleclick.net *.google.com *.hsforms.com *.hsforms.net *.hubspot.com *.safeframe.googlesyndication.com *.sport80.com *.statbroadcast.com *.tiktok.com *.tourneymachine.com *.twitter.com *.wufoo.com abc11.com anchor.fm app-ab22.marketo.com bbox.blackbaudhosting.com c.streamhoster.com cdn.datatables.net cdn.flipsnack.com cdnjs.cloudflare.com cloud.e.theufl.com console.googletagservices.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com giphy.com imasdk.googleapis.com indd.adobe.com livestream.com online.anyflip.com player.vimeo.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ s3.amazonaws.com/s3.statbroadcast.com/ share.transistor.fm snapwidget.com st.chatango.com streaming.enetlive.tv td.doubleclick.net tpc.googlesyndication.com universe.queue-it.net uploads.knightlab.com vplayer.nbcsports.com www.bullseyelocations.com www.buzzsprout.com www.foxsports.com www.givedirect.org www.googletagmanager.com www.instagram.com www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.statbroadcast.com www.surveymonkey.com www.thorne.com www.universe.com www.youtube-nocookie.com www.youtube.com; img-src 'self'  *.ads.linkedin.com *.adsafeprotected.com *.g.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hsforms.com *.hsforms.net *.hubspot.com *.statbroadcast.com *.twimg.com *.twitter.com ad.doubleclick.net barbend.com bbox.blackbaudhosting.com c.bing.com c.clarity.ms cdn-images.mailchimp.com cdn.cookielaw.org cdn.datatables.net cdnjs.cloudflare.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net clients1.google.com connect.facebook.net data: i.ytimg.com images.contentstack.io img.youtube.com p.adsymptotic.com p.typekit.net pixel.quantserve.com region1.analytics.google.com res.cloudinary.com s3.amazonaws.com/s3.statbroadcast.com/ t.co t.paypal.com www.facebook.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.com www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg www.googleapis.com www.googletagmanager.com www.linkedin.com www.paypalobjects.com; media-src 'self' blob: ; report-uri ; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.addthis.com *.adsafeprotected.com *.cdc.gov *.clarity.ms *.clickdimensions.com *.cookielaw.org *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubspot.com *.hubspotfeedback.com *.instagram.com *.pxlecdn.com *.statbroadcast.com *.tiktok.com *.ttwstatic.com *.twitter.com *.wufoo.com *.youtube.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.com adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se ajax.googleapis.com analytics.tiktok.com app-ab22.marketo.com az124611.vo.msecnd.net/web/v10/CDWidget.js c.bing.com cdn.datatables.net cdn.datatables.net/v/dt/dt-2.0.1/datatables.min.js cdn.statbroadcast.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net console.googletagservices.com cse.google.com feedback.hubapi.com kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net rules.quantcount.com rum-static.pingdom.net s3.amazonaws.com/s3.statbroadcast.com/ secure.givelively.org secure.quantserve.com snap.licdn.com snapwidget.com stackpath.bootstrapcdn.com static.ads-twitter.com use.typekit.net v1.addthisedge.com vjs.zencdn.net widget.surveymonkey.com widgets.flickr.com www.buzzsprout.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.paypal.com www.paypalobjects.com; style-src 'self' 'unsafe-inline' *.statbroadcast.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdn-us.clickdimensions.com cdn.datatables.net cdn.datatables.net/v/dt/dt-2.0.1/datatables.min.css cdn.fonts.net cdn.statbroadcast.com/css/UFLroster.css cdn.statbroadcast.com/css/UFLteamstats.css cdnjs.cloudflare.com code.jquery.com fonts.googleapis.com lf16-tiktok-web.ttwstatic.com maxcdn.bootstrapcdn.com p.typekit.net platform.twitter.com s3.amazonaws.com s3.amazonaws.com/s3.statbroadcast.com/ use.typekit.net www.google.com/cse/ www.instagram.com; worker-src 'self' blob: ; 2
frame-ancestors 'self' *.azdev.direct *.adobe.com allianzdirect.nl *.directos.io directos.io www.directos.io *.retail.allianz.nl www.retail.allianz.nl retail.allianz.nl allianz-voyage.fr www.allianz-voyage.fr 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com; img-src * data: image/svg+xml; object-src 'none'; base-uri 'none'; frame-ancestors 'self' 2
default-src 'unsafe-inline' 'self' https://*.clarity.ms https://c.bing.com; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'self' sha256-0/NMaGJWVjIukwBMkinLP6tmeD9zx5luPBD3YAk+Y7Q= *.usabilla.com http: https:; style-src 'unsafe-inline' 'self' *.usabilla.com https:; font-src 'self' *.usabilla.com https: data:; frame-src 'self' *.usabilla.com https:;frame-ancestors 'self' *.travelex.net; img-src 'self' *.usabilla.com http: https: data:; connect-src 'self' *.usabilla.com wss://tufsuyburufn.transport.connect.eu-west-2.amazonaws.com https: http:; style-src-elem 'unsafe-inline' 'self' *.usabilla.com https:; media-src 'unsafe-inline' 'self' https:; 2
frame-ancestors 'self' https://*.cybusinessonline.co.uk https://*.cbonline.co.uk https://*.ybonline.co.uk https://*.cybonline.co.uk; report-uri https://cyburi.report-uri.com/r/t/csp/enforce; 2
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com cdn.penguin.co.uk *.ads-twitter.com *.doubleclick.net *.jquery.com *.yoast *.quizzes.cx *.shopifycdn.com *.jsdelivr.net *.facebook.net *.tiktok.com cdnjs.cloudflare.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com ssl.google-analytics.com fonts.googleapis.com *.google.com *.gstatic.com *.facebook.com connect.facebook.net www.dwin2.com *.riddle.com *.hotjar.com *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupltd.d3.sc.omtrdc.net therandomhousegroupl.tt.omtrdc.net *.onetrust.com *.google-analytics.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.wpengine.com *.msgfocus.com *.youtube.com *.schema.org aax-eu.amazon-adsystem.com; object-src 'self'; frame-ancestors 'none'; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.youtube.com/iframe_api https://*.gstatic.com https://www.google.com/recaptcha/api.js https://*.tiktok.com https://*.cookiebot.com https://*.talention.com https://maps.googleapis.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.jameda-elements.de https://snap.licdn.com https://empfehlungen.aerzte.de/app.js; style-src 'self' 'unsafe-inline' 'report-sample' https://*.talention.com https://fonts.googleapis.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com/ https://www.google.com/ https://*.cookiebot.com https://*.doubleclick.net; report-uri /api/csp-report 2
default-src 'self' accounts.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src *;img-src * data:; script-src * www.google-analytics.com ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; 2
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com 2
frame-ancestors 'self' app.storyblok.com *.omappapi.com *.optinmonster.com ; 2
connect-src 'self' https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com bots.kore.ai wss://rtm.kore.ai analytics.google.com www.google-analytics.com https://stats.g.doubleclick.net api.trafficguard.ai; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.useinsider.com *.api.useinsider.com; img-src 'self' data: * marketing.rcbcbankard.com www.google.com www.google.com.ph www.google-analytics.com https://stats.g.doubleclick.net www.facebook.com lh.trafficguard.ai; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com www.google.com www.google-analytics.com tgtag.io www.googletagmanager.com www.gstatic.com apis.google.com connect.facebook.net bots.kore.ai; script-src-elem 'self' 'unsafe-inline' *.useinsider.com *.api.useinsider.com *.google.com *.gstatic.com *.googletagmanager.com *.facebook.net; worker-src 'self' *.useinsider.com *.api.useinsider.com; object-src 'self' *.useinsider.com *.api.useinsider.com; 2
default-src http: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com https://test-u8-www.verbeterjehuis.nl https://mili-vjh-websiteu8-acc.azurewebsites.net https://statistiek.rijksoverheid.nl https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js; style-src 'self' 'unsafe-inline' https://test-u8-www.verbeterjehuis.nl https://fonts.googleapis.com https://mili-vjh-websiteu8-acc.azurewebsites.net; img-src 'self' https://dummyimage.com/ https://*.smarttwin.nl https://www.toegankelijkheidsverklaring.nl https://test-u8-www.verbeterjehuis.nl https://mili-vjh-websiteu8-acc.azurewebsites.net https://milivjhstoru8test.blob.core.windows.net https://milivjhstoru8prod.blob.core.windows.net https://milivjhstoru8acc.blob.core.windows.net https://statistiek.rijksoverheid.nl data: https://dashboard.umbraco.org; font-src 'self' https://www.rovid.nl:* https://fonts.googleapis.com:* https://fonts.gstatic.com:*; connect-src *; media-src * https://www.rovid.nl:*; object-src *; prefetch-src *; frame-src *; worker-src *; frame-ancestors 'self' https://slimwoner.dev.gohike.nl:* https://www.slimwoner.nl:* https://energieloketflevoland.nl:* https://www.drentsenergieloket.nl:* https://watlaatjeliggen.nl:* https://www.duurzaambouwloket.nl:* https://energieloketrivierenland.nl:* http://bter.heibel.nl:* http://bterfinancieel.nl:*; upgrade-insecure-requests 2
default-src * 'unsafe-inline' 'unsafe-eval' data:;frame-src * data: blob: intent:; 2
frame-ancestors https://suite34.emarsys.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubfef39b54e4afa416599740644771d1c2&dd-evp-origin=content-security-policy&ddsource=csp-report 2
frame-ancestors 'self' https://*.hana.ondemand.com; 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yimg.com polyfill.io *.images-home.com *.cloudflare.com *.licdn.com *.moatads.com *.hotjar.com stackpath.bootstrapcdn.com youtube.com.au *.youtube.com.au *.youtube.com *.gstatic.com *.weblink.com.au *.nr-data.net ajax.cloudflare.com js-agent.newrelic.com www.google.com *.google-analytics.com analytics.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com www.youtube.com/iframe_api www.youtube.com.au/iframe_api platform.twitter.com syndication.twitter.com/ s.ytimg.com publish.twitter.com *.twimg.com platform.linkedin.com platform.stumbleupon.com/1/widgets.js dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com unpkg.com *.arcgis.com *.addthis.com *.addthisedge.com assets.juicer.io tagmanager.google.com www.googletagmanager.com app.hivo.com.au snap.licdn.com cdn.polyfill.io www.googleadservices.com googleads.g.doubleclick.net *.cloudflareinsights.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.arcgis.com assets.juicer.io app.hivo.com.au blob: * 'unsafe-inline'; font-src 'self' data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.arcgis.com *.arcgisonline.com static.juicer.io; img-src 'self' *.doubleclick.net *.equ.com.au *.linkedin.com *.woodside.com woodside-staging.s3.amazonaws.com woodside-development.s3.amazonaws.com *.images-home.com *.s3.amazonaws.com *.woodside *.adsymptotic.com www.gstatic.com gstatic.com ssl.gstatic.com scontent.cdninstagram.com i.imgur.com yt3.ggpht.com i.ytimg.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.googleapis.com *.google-analytics.com analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com delicious.com www.redditstatic.com www.linkedin.com syndication.twitter.com static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png dec.azureedge.net *.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com app.hivo.com.au blob: *.eloqua.com *.arcgis.com *.arcgisonline.com assets.juicer.io *.fbcdn.net *.google.com *.google.com.au img.juicer.io *.fls.doubleclick.net; media-src 'self' *.equ.com.au woodside-staging.s3.amazonaws.com woodside-development.s3.amazonaws.com *.s3.amazonaws.com *.woodside *.woodside.com blob:; frame-src 'self' *.addthis.com app.hivo.com.au *.hotjar.com *.twitter.com *.youtube.com.au *.youtube-nocookie.com *.youtube.com *.google.com *.weblink.com.au *.doubleclick.net *.facebook.com *.tryinteract.com; child-src 'self' *.google.com *.weblink.com.au platform.twitter.com syndication.twitter.com www.youtube.com player.vimeo.com w.soundcloud.com apis.google.com accounts.google.com staticxx.facebook.com *.facebook.com web.facebook.com badge.stumbleupon.com *.addthis.com *.youtube-nocookie.com *.weblink.com.au; connect-src 'self' *.yimg.com *.googlesyndication.com api.cognitive.microsoft.com *.sentry.io *.hotjar.io *.hotjar.com ws://*.hotjar.com accounts.google.com apis.google.com *.dec.sitefinity.com *.mktoresp.com *.arcgis.com *.arcgisonline.com *.addthis.com *.juicer.io graph.facebook.com *.woodside.s3.amazonaws.com *.woodside bam.nr-data.net *.doubleclick.net *.google-analytics.com analytics.google.com *.linkedin.oribi.io *.linkedin.com; object-src 'none'; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; connect-src 'self' *.amazonaws.com *.amazoncognito.com api.pwnedpasswords.com; frame-ancestors 'self' sf360.com.au; frame-src 'self' https://www.google.com/recaptcha/ 2
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me wss://ad.mail.ru *.mail.ru *.imgsmail.ru *.mradx.net *.serving-sys.com *.googleapis.com *.gstatic.com www.google.com https://api-maps.yandex.ru yastatic.net yandex.st *.doubleverify.com *.adsafeprotected.com https://cdn.consentmanager.net https://football.sportmail.ru *.google.ru *.google.com *.googlesyndication.com *.yandex.ru blob:;  script-src 'unsafe-inline' 'unsafe-eval' *.mail.ru https://*.mail.ru *.imgsmail.ru *.mradx.net ok.ru *.ok.ru odnoklassniki.ru *.odnoklassniki.ru mycdn.me http://*.mycdn.me https://*.mycdn.me mc.yandex.ru an.yandex.ru yastatic.net yandex.st *.google-analytics.com api-maps.yandex.ru https://api-maps.yandex.ru https://clck.yandex.ru *.googleapis.com *.gstatic.com www.google.com www.youtube.com https://www.youtube.com *.ytimg.com https://*.ytimg.com *.doubleverify.com *.dvtps.com *.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.goodgame.ru https://*.goodgame.ru https://*.moatads.com *.adlooxtracking.com *.adlooxtracking.ru *.adsafeprotected.com *.serving-sys.com *.serving-sys.ru *.weborama.fr *.weborama-tech.ru https://enterprise.api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.hit.gemius.pl https://*.consentmanager.net https://gum.criteo.com https://football.sportmail.ru *.googletagmanager.com connect.facebook.net *.google.ru *.google.com *.googlesyndication.com yandex.ru;  worker-src blob: 'self';  connect-src * wss: blob: data:;  font-src * data: blob:; frame-src * blob: 'self';  img-src * data: blob: about:;  media-src * data: blob:;  object-src *;  report-uri /csp/report; 2
default-src 'self' 'unsafe-inline' https://www.ifsttar.fr https://plausible.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tarteaucitron.io https://plausible.io https://*.tiktok.com https://*.facebook.net https://public.tableau.com https://*.audiomeans.fr https://*.googletagmanager.com https://cdn-eu.readspeaker.com https://webapi.affluences.com/ https://ajax.googleapis.com/ajax/ https://static.affluences.media/ https://www.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com api-public.addthis.com https://api-public-oci-origin.addthis.com https://*.addthis.com https://v1.addthisedge.com graph.facebook.com https://graph.facebook.com https://z.moatads.com https://widgets.pinterest.com https://vk.com/share.php https://www.odnoklassniki.ru/dk https://connect.ok.ru/dk; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://cdn-eu.readspeaker.com https://static.affluences.media https://platform.twitter.com https://*.twimg.com; font-src 'self' https://*.gstatic.com https://static.affluences.media/ data: ; frame-src 'self' https://www.dailymotion.com https://mediavideo.cnrs.fr https://*.esr.gouv.fr https://*.google.com https://spectremedia.org https://public.tableau.com https://my.matterport.com/ https://*.youtube.com https://*.libcast.com https://*.ephoto.fr https://*.univ-eiffel.fr https://*.univ-gustave-eiffel.fr https://maps.google.fr/ https://static.affluences.media/ https://embed.acast.com https://cdn.theconversation.com https://podcasts.ouest-france.fr https://datawrapper.dwcdn.net https://counter.theconversation.com  https://*.audiomeans.fr https://player.vimeo.com/ https://www.geoportail.gouv.fr/ https://www.facebook.com https://my.matterport.com/ https://*.youtube.com https://*.libcast.com https://clap.univ-eiffel.fr https://haltools.archives-ouvertes.fr https://archives-ouvertes.fr https://*.twitter.com https://www.youtube-nocookie.com http://*.u-pem.fr https://*.u-pem.fr https://*.vimeo.com https://upem.moveonfr.com https://view.genial.ly https://s7.addthis.com; img-src 'self' data: https://*.googletagmanager.com https://modele.univ-gustave-eiffel.fr https://*.tiktok.com https://*.facebook.com https://www.univ-gustave-eiffel.fr https://public.tableau.com https://*.twitter.com https://gallery.mailchimp.com/ https://*.google.fr https://*.google.com https://www.ifsttar.fr/ https://images.theconversation.com https://counter.theconversation.com https://i.ytimg.com https://gallery.mailchimp.com/ https://www.google-analytics.com https://template.univ-gustave-eiffel.fr https://static.affluences.media/ https://template.univ-gustave-eiffel.fr https://ssl.google-analytics.com https://*.twimg.com https://platform.twitter.com https://analytics.google.com https://www.addthis.com; connect-src 'self' 'unsafe-inline' https://plausible.io https://*.tiktok.com https://*.facebook.com https://*.doubleclick.net https://api.countapi.xyz/ https://www.ifsttar.fr https://media-eu.readspeaker.com/ https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/ https://cdn-eu.readspeaker.com/ https://*.googletagmanager.com https://*.google-analytics.com https://ssl.google-analytics.com https://*.analytics.google.com https://www.google.fr https://*.addthis.com https://api-public.addthis.com; media-src 'self' 'unsafe-inline' https://podcast.u-pem.fr https://*.addthis.com https://api-public.addthis.com; frame-ancestors 'self' https://*.eudonet.com 2
default-src 'self' https: *.googlesyndication.com *.doubleclick.net *.gstatic.com *.google.com *.googletagservices.com; font-src 'self' https: data: *.gstatic.com; img-src 'self' https: blob: data: *.google.com *.dvauction.com; object-src 'none'; style-src 'self' https: 'unsafe-inline' blob: *.gstatic.com; frame-src 'self' https: www.googletagservices.com *.doubleclick.net localhost:* *.cattlemarketcentral.com; connect-src 'self' https: wss://www.cattlemarketcentral.com wss://www.nationalbeefwire.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.googletagservices.com 2
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 2
default-src 'self'; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com unpkg.com *.cloudflare.com *.youtube.com *.gstatic.com cdn.jsdelivr.net *.pageuppeople.com *.recaptcha.net snap.licdn.com *.facebook.net *.newrelic.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.cloudflare.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.ogilvy.com.au *.youtube.com *.googletagmanager.com *.vimeocdn.com *.ytimg.com www.facebook.com px.ads.linkedin.com www.linkedin.com; media-src 'self'; frame-src 'self' youtube.com *.youtube.com *.vimeo.com *.google.com *.recaptcha.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.gstatic.com *.amazonaws.com data: *.typekit.net; connect-src 'self' *.google-analytics.com *.googleapis.com px.ads.linkedin.com *.nr-data.net *.newrelic.com *.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 2
frame-ancestors https://www.facebook.com/ 2
default-src https://www.google.de/ http://194.94.31.202/ https://stats.g.doubleclick.net https://www.google-analytics.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/ https://www.google.com/ https://connect.facebook.net/ https://www.etermin.net/ https://studip.hs-schmalkalden.de/ https://www.hs-schmalkalden.de/ https://www.hs-schmalkalden.de:14682 https://typo3.hs-schmalkalden.de/ https://typo3.hs-schmalkalden.de:14682/ https://fonts.gstatic.com https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/ 'unsafe-inline' 'unsafe-eval' 2
frame-ancestors 'self' *.mellon.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: javascript: https://api.clientify.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net checkout.wompi.co *app.sitp.gov.co *.firebaseio.com *.aldeamo.com *.bootstrapcdn.com *.cloudflare.com https://chat1-cls27.i6.inconcertcc.com https://webchat-cls27.i6.inconcertcc.com *.facebook.net *.fontawesome.com https://mas-spn.inconcertcc.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.hippochat.io *.hotjar.com *.jquery.com *.jsdelivr.net *.livechatinc.com *.snapengage.com *.twimg.com *.twitter.com *.uniquindio.edu.co unpkg.com *.ytimg.com *.youtube.com *.zendesk.com ; img-src 'self' blob: data: javascript: *.aldeamo.com *.amazonaws.com *.bluemessaging.net *.cool especiales.presidencia.gov.co *.facebook.com fuguchat.s3.ap-south-1.amazonaws.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com *.hippochat.io *.hotjar.com *.livechatinc.com sedeelectronica.com.co sellodeexcelencia.gov.co *.snapengage.com s-static.ak.facebook.com stats.g.doubleclick.net synersis.co:8442 smartlink.cool *.twimg.com *.twitter.com *.uniquindio.edu.co vozme.com *.youtube.com *.zendesk.com ; style-src 'self' 'unsafe-inline' https://apps.clientify.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net *.aldeamo.com *.bootstrapcdn.com govco.sedeelectronica.com.co ton.twimg.com *.cali.gov.co https://mas-spn.inconcertcc.com https://cdn.jsdelivr.net  *.cloudflare.com *.fontawesome.com *.hippochat.io *.hotjar.com *.jquery.com *.nexura.com *.gstatic.com *.google.com *.googleapis.com sedeelectronica.com.co *.twitter.com *.uniquindio.edu.co *.zendesk.com ; font-src 'self' data: *.cali.gov.co https://mas-spn.inconcertcc.com govco.sedeelectronica.com.co sedeelectronica.com.co *.fontawesome.com *.hotjar.com *.bootstrapcdn.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.nexura.com sedeelectronica.com.co *.uniquindio.edu.co ; object-src 'self' data: ; frame-ancestors 'self' *.nexura.com *.uniquindio.edu.co ; media-src 'self' blob: https://c11.radioboss.fm:18054/stream  *.radioboss.fm:18054/stream  *.uniquindio.edu.co vozme.com smartlink.cool *.smartlink.cool ; 2
frame-ancestors 'self' gather.town; 2
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; frame-ancestors 'self'; 2
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://cdn.mouseflow.com https://static.cloudflareinsights.com https://assets.adobedtm.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://pi.pardot.com https://static.ads-twitter.com https://go.elsevier.com https://script.leadboxer.com https://activitymap.adobe.com https://www.googleadservices.com https://digitalfeedback.us.confirmit.com https://www.surveygizmo.eu; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://secure-ecsd.elsevier.com images.ctfassets.net https://smetrics.elsevier.com metrics.elsevier.com https://cm.everesttech.net https://cdn.cookielaw.org https://cdn.nonprod.3d4medical.com https://cdn.3d4medical.com *.google-analytics.com https://dpm.demdex.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.co.uk https://www.google.nl https://t.co https://analytics.twitter.com https://id.rlcdn.com https://www.facebook.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://osmose-it.s3.amazonaws.com https://survey.us.confirmit.com; font-src 'self'; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://dpm.demdex.net elsevierlimited.tt.omtrdc.net https://smetrics.elsevier.com https://bam.nr-data.net *.notify.elsevier.com *.google-analytics.com https://account.elsevier.com https://account.staging.ecommerce.elsevier.com https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com localhost:* *.snplow.net https://tag-logger.demandbase.com https://kibana.leadboxer.com https://pagead2.googlesyndication.com https://digitalfeedback.us.confirmit.com https://adservice.google.com https://px.ads.linkedin.com https://o2.mouseflow.com https://widgixeu-beacon.s3.amazonaws.com; media-src 'self' videos.ctfassets.net assets.ctfassets.net; object-src 'none'; frame-ancestors 'self' https://app.contentful.com https://3d4medical.com https://completeanatomy.cn; frame-src 'self' https://elsevierlimited.tt.omtrdc.net https://campaigns.elsevier.com https://www.googletagmanager.com https://elsevier.demdex.net https://www.facebook.com https://s.company-target.com https://activitymap.adobe.com https://td.doubleclick.net; base-uri 'self'; form-action 'self'; 2
default-src 'self' https://www.google-analytics.com https://analytics.google.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' https://fonts.googleapis.com https://analytics.google.com https://www.gstatic.com https://ajax.googleapis.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; 2
frame-ancestors 'self' https://*.athenahealth.com/ https://*.athenahealth.com:*/ https://*.athenanet.athenahealth.com/ https://*.athenanet.athenahealth.com:*/ https://*.nimbus.athena.io/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; 2
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://bat.bing.com https://channel.me https://engie.conversationalsdevelopment.nl https://cdn.conversationalsdevelopment.nl https://api.seamly.ai wss://api.seamly.ai wss://api.seamly-app.com https://api.seamly-app.com https://engie-engie.digitalcx.com https://api.digitalcx.com https://www.50five-engie.nl https://engie.pti.nl https://api.ipdata.co https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.fls.doubleclick.net https://stats.g.doubleclick.net https://google.com https://www.google.com https://www.google.nl https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://ajax.googleapis.com https://adservice.google.com https://storage.googleapis.com https://www.gstatic.com https://s.ytimg.com https://code.jquery.com https://snap.licdn.com https://px.ads.linkedin.com https://api.membergetmember.co https://embedded.membergetmember.co https://events.membergetmember.co https://heartbeat.membergetmember.co https://tracking.membergetmember.co https://prod-mgw.engie-app.nl/api/v1/opening-hours https://prod-mgw.engie-app.nl/api/v1/waiting-times https://prod-mgw.engie-app.nl/api/v1/opening-hours/waiting-time https://*.optimizely.com https://ws.pushcall.com https://smartcontactbutton.pushcall.com https://api.storyteq.com https://assets.storyteq.com https://www.youtube.com https://www.youtube-nocookie.com https://v2.zopim.com wss://widget-mediator.zopim.com https://static.zdassets.com https://ekr.zdassets.com;font-src 'self' data: https://fonts.gstatic.com;img-src https://bat.bing.com https://cdn.conversationalsdevelopment.nl https://newstat.net https://ds1.nl https://www.google.nl https://www.google.com https://storage.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://snap.licdn.com https://px.ads.linkedin.com https://cdn.optimizely.com https://api.storyteq.com https://assets.storyteq.com 'self' data:;style-src 'self' 'unsafe-inline' https://www.50five-engie.nl https://storage.googleapis.com https://fonts.googleapis.com https://cdn.conversationalsdevelopment.nl; 2
frame-ancestors https://next.ritr.eu https://www.alfagames.sk https://alfagames.sk; 2
frame-ancestors 'self' https://*.biahosted.com https://*.paymentiq.io https://*.safecharge.com 2
default-src 'self' blob: wss: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 2
default-src 'self' *.energieag.at energieag.picturepark.com *.google-analytics.com *.googleapis.com *.gstatic.com prezi.com www.googleadservice www.youtube.com walls.io *.walls.io *.googletagmanager.com www.netigate.se *.whatchado.com *.vimeo.com i.ytimg.com connect.facebook.net app.adwordsagentur.at s.ksrndkehqnwntyxlhgto.com *.hotjar.com *.hotjar.io  wss://*.hotjar.com www.googleadservices.com *.doubleclick.net *.adform.net *.iconnode.com *.facebook.com *.google.at *.google.de *.google.com *.adsrvr.org e-tankstellen-finder.com connect.shore.com *.shore-cdn.com *.teamplanbuch.ch *.cookiebot.com *.matterport.com www.360perspektiven.com sys.mailworx.info *.marketingsuite.info sc-static.net *.konzertmeister.app *.podigee-cdn.net *.podigee.com *.podigee.io energieag.containers.piwik.pro energieag.piwik.pro empathy-portal.de eag.viewer.cit-fusion.com *.adition.com *.powerbi.com cdnjs.cloudflare.com www.youtube-nocookie.com *.ytimg.com *.googlesyndication.com streamio.com energieag.current-picturepark.com *.mouseflow.com github.com endpoint-app.cognigy.ai *.githubusercontent.com maps.google.de  'unsafe-inline' 'unsafe-eval' data: 2
frame-ancestors 'self' https://citylightcloud.com https://geocentric.com 2
default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data: 2
default-src 'self' cdn.upstract.com; font-src 'self' cdn.upstract.com; style-src 'self' 'unsafe-inline' cdn.upstract.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.upstract.com https://hcaptcha.com/ https://cdn.jsdelivr.net/; img-src 'self' data: cdn.upstract.com; frame-src https://www.youtube.com/ https://player.vimeo.com/ https://rumble.com/ https://embed.ted.com/ https://*.hcaptcha.com 2
font-src mm-static.mustcheck.com shopping.qantas.com sc-static.net ecomm-cdn.trurating.com static.zip.co *.abtasty.com *.zipmoney.com.au *.klarnacdn.net *.stockinstore.net *.akamaihd.net olapic-data.s3.amazonaws.com calvinklein.com.au data: *.gstatic.com 'self' data: 'unsafe-inline' data: data: 'self' 'unsafe-inline'; form-action ct.pinterest.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.cardinalcommerce.com *.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.googletagmanager.com *.google.com *.doubleclick.net *.hotjar.com *.pmnts.io *.pmnts-sandbox.io 'self'; frame-src start.zip.co block.opendns.com security-au.mimecast.com m.cmpgn.page gateway.zscloud.net gateway.zscalerthree.net gateway.zscalerone.net www.paypalobjects.com *.googlesyndication.com clickmeter.com rebrandly.com *.teads.tv *.adsrvr.org fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.abtasty.com *.facebook.com *.pmnts.io *.pmnts-sandbox.io *.klarna.com *.force.com *.pinterest.com *.clearpay.co.uk *.afterpay.com tr.snapchat.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.google.com/ https://www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.doubleclick.net *.vimeo.com *.hotjar.com *.clickmeter.com wss://*.hotjar.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src blob: pvhba.zendesk.com https://v2assets.zopim.io https://static.zdassets.com *.googlesyndication.com media.littlebirdie.com.au api.fillr.com beacon.krxd.net zip.co pixel.rubiconproject.com olapic.s3.amazonaws.com www.google.co.nz photorankmedia-a.akamaihd.net z1photorankmedia-a.akamaihd.net z3photorankmedia-a.akamaihd.net www.vanheusen.com.au au.tommy.com www.calvinklein.com.au *.calvinklein.com analytics.pangle-ads.com bpi.zip.co pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com prreqcroab.icu analytics.tiktok.com ecomm-cdn.trurating.com df45ay5pw60dy.cloudfront.net duuytoqss3gu4.cloudfront.net d3nocrch4qti4v.cloudfront.net au.tommy.com *.pvh-staging.com pixel.quantserve.com *.analytics.yahoo.com *.contentsquare.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com https://static.afterpay.com https://site-assets.afterpay.com/ *.abtasty.com *.turn.com *.bazaarvoice.com *.amgdgt.com *.photorank.me z2photorankmedia-a.akamaihd.net *.presage.io *.teads.tv *.adsrvr.org *.adnxs.com *.tommy.com *.klarna.com *.klarnaevt.com *.klarnacdn.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.klarnaservices.com https://www.magezon.com *.pinterest.com *.facebook.com *.facebook.com/tr *.google.com *.google.com.au www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.roymorgan.com *.doubleclick.net *.facebook.net *.googleapis.com *.gstatic.com *.zipmoney.com.au *.googletagmanager.com *.imgix.net static.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zendesk.com cdn.evgnet.com ct.pinterest.com *.calvinklein.co.nz *.abtasty.com *.adnxs.com *.adobe.com *.adobedtm.com *.afterpay.com *.afterpay.com *.akamaihd.net *.attraqt.io *.bazaarvoice.com *.braintreegateway.com *.calvinklein.com.au *.cardinalcommerce.com *.ccdc02.com *.cfjump.com *.cloudflare.com *.cloudfront.net *.contentsquare.net app.contentsquare.com *.doubleclick.net *.facebook.net *.force.com *.forter.com *.google-analytics.com *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.luckyorange.net *.my.salesforce.com *.newrelic.com *.nr-data.net *.particularaudience.com *.paypal.com *.paypalobjects.com *.pinimg.com *.pmnts-sandbox.io *.pmnts.io *.roymorgan.com *.salesforceliveagent.com *.stockinstore.net *.teads.tv *.tiktok.com *.tommy.com *.trurating.com *.usabilla.com *.vanheusen.com.au *.vimeocdn.com *.yimg.com *.ytimg.com *.zdassets.com *.zipmoney.com.au 1eafapi.cardinalcommerce.com 1eafstag.cardinalcommerce.com acdn.adnxs.com analytics-static.ugc.bazaarvoice.com analytics.tiktok.com api.bazaarvoice.com api.braintreegateway.com api.sandbox.braintreegateway.com apps-stg.nexus.bazaarvoice.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com assets.braintreegateway.com c.paypal.com cdn.attraqt.io cdn.particularaudience.com cfjump.tommy.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net display.ugc.bazaarvoice.com ecommwidget.trurating.com gateway.pmnts-sandbox.io gateway.pmnts.io geoapi.cardinalcommerce.com geostag.cardinalcommerce.com https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.js https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/4.0.3/handlebars.min.js https://js.afterpay.com https://js.sandbox.afterpay.com https://portal.afterpay.com https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.sandbox.clearpay.co.uk https://static.afterpay.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ includestest.ccdc02.com js.adsrvr.org js.braintreegateway.com mpsnare.iesnare.com network-stg.bazaarvoice.com network.bazaarvoice.com p.teads.tv pay.google.com photorankstatics-a.akamaihd.net rules.quantcount.com s.pinimg.com s.yimg.com s.ytimg.com s7.addthis.com sc-static.net secure.authorize.net secure.quantserve.com songbird.cardinalcommerce.com static.zip.co static.zipmoney.com.au stg.api.bazaarvoice.com t.cfjump.com t.paypal.com test.authorize.net tr.snapchat.com vimeo.com wss://widget-mediator.zopim.com www.google-analytics.com www.google.com www.googleadservices.com www.googleapis.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.vimeo.com zip.co; style-src 'self' 'unsafe-inline' d1m2uzvk8r2fcn.cloudfront.net www.gstatic.com *.abtasty.com *.adobe.com *.akamaihd.net *.bazaarvoice.com *.force.com *.googleapis.com *.klarnacdn.net *.stockinstore.net assets.stockinstore.net bpi.zip.co display.ugc.bazaarvoice.com fonts.googleapis.com js.afterpay.com js.sandbox.afterpay.com photorankstatics-a.akamaihd.net service.force.com static.afterpay.com static.zip.co www.google.com www.googletagmanager.com; object-src 'self' 'unsafe-inline'; media-src data: vod-progressive.akamaized.net player.vimeo.com *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.evergage.com cdn0.forter.com www.googletagmanager.com pvhba-imgix-calvin-klein-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-cms-content-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-ck-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-th-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-mondo-vh-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-tommy-hilfiger-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-imgix-van-heusen-m2prod.s3.ap-southeast-2.amazonaws.com imgix-pvhba-m2prod.s3.ap-southeast-2.amazonaws.com pvhba-m2prod-maintenance.s3.ap-southeast-2.amazonaws.com pixel.quantcount.com network-a.bazaarvoice.com *.sandbox.my.site.com *.pvh-staging.com www.facebook.com pvh-brands.imgix.net tru-live-eventhubs.servicebus.windows.net analytics.pangle-ads.com *.googlesyndication.com *.yimg.com *.contentsquare.net dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.abtasty.com *.luckyorange.net wss://*.zendesk.com *.zendesk.com *.particularaudience.com *.tiktok.com stockinstore.net *.stockinstore.net *.cloudfront.net *.klarnaevt.com *.klarnacdn.net *.akamaihd.net zendesk-eu.my.sentry.io *.teads.tv *.snapchat.com *.amplitude.com *.clearpay.co.uk *.afterpay.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.pinterest.com *.google.com *.google.com.au api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google-analytics.com *.forter.com wss://*.zopim.com *.doubleclick.net *.attraqt.io *.zipmoney.com.au *.hotjar.io wss://*.hotjar.com zip.co *.zip.co *.nr-data.net *.hotjar.com *.trurating.com *.analytics.tiktok.com wss://*.forter.com *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com blob: http: https: blob: 'self' 'unsafe-inline'; worker-src blob:; default-src https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://calvinkleinau.zendesk.com https://calvinkleinnz.zendesk.com https://tommyau.zendesk.com https://tommynz.zendesk.com https://vanheusenau.zendesk.com https://vanheusenau.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://calvinkleinau.zendesk.com wss://calvinkleinnz.zendesk.com wss://tommyau.zendesk.com wss://tommynz.zendesk.com wss://vanheusenau.zendesk.com wss://vanheusenau.zendesk.com wss://*.zopim.com *.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline' 2
default-src 'self'; img-src 'self' data: https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://shop.domainecarneros.com *.vin65.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net https://www.exploretock.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net https://www.exploretock.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.datadoghq-browser-agent.com *.exploretock.com *.redchirp.com *.vin65.com https://shop.domainecarneros.com https://acsbapp.com https://connect.facebook.net https://snap.licdn.com https://s.pinimg.com https://secure.adnxs.com https://ct.pinterest.com https://static.mobilemonkey.com; connect-src 'self' https://domainecarneros.com https://www.google-analytics.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://ct.pinterest.com https://px.ads.linkedin.com *.acsbapp.com https://acsbapp.com https://domainecarneros.com; frame-ancestors 'self'; frame-src 'self' https://maps.google.com https://assetss3.vin65.com https://app.redchirp.com https://ct.pinterest.com https://www.facebook.com https://www.youtube.com https://www.exploretock.com https://td.doubleclick.net; report-to csp-report 2
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; manifest-src 'self' feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 2
frame-src 'self' * 2
default-src 'self' data: *.google-analytics.com cdn.cookielaw.org promolife.matomo.cloud actionapi.highco.be *.fontawesome.com *.fpapi.io eu.api.fpjs.io *.cookiefirst.com *.highco.be maps.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' pghub.io actionapi.highco.be cdn.cookielaw.org maps.googleapis.com cdn.matomo.cloud *.fontawesome.com cdnjs.cloudflare.com *.fpapi.io eu.api.fpjs.io ssl.google-analytics.com connect.facebook.net platform.twitter.com www.googletagmanager.com www.google-analytics.com *.addthis.com static.addtoany.com consent.cookiefirst.com *.gstatic.com *.google.com *.highco.be stats.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.cookiefirst.com cdnjs.cloudflare.com fonts.googleapis.com cdn2.hubspot.net; img-src 'self' blob: data: pixel.tapad.com cdn.cookielaw.org promolife.matomo.cloud *.fontawesome.com maps.gstatic.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: *.fontawesome.com eu.api.fpjs.io fonts.gstatic.com fonts.googleapis.com; frame-src 'self' *.pghub.io 2
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; worker-src 'self' data: blob: resume.io *.resume.io cvster.nl *.cvster.nl cvmonk.nl *.cvmonk.nl cvapp.es *.cvapp.es cvapp.it *.cvapp.it cvapp.fr *.cvapp.fr cvkungen.se *.cvkungen.se cv.dk *.cv.dk cv.app *.cv.app resume.app *.resume.app cvapp.cz *.cvapp.cz cvapp.fi *.cvapp.fi cvapp.no *.cvapp.no cveasy.pl *.cveasy.pl cvapp.de *.cvapp.de rirekisho.jp *.rirekisho.jp onlinecurriculo.com.br *.onlinecurriculo.com.br career.io *.career.io cvapp.ro *.cvapp.ro cvapp.gr *.cvapp.gr cvapp.hu *.cvapp.hu resume-test.io *.resume-test.io cvapp.nz *.cvapp.nz cvapp.ie *.cvapp.ie lebenslaufapp.ch *.lebenslaufapp.ch lebenslaufapp.at *.lebenslaufapp.at cvapp.bg *.cvapp.bg cvapp.cl *.cvapp.cl; frame-src https:; frame-ancestors 'self' vwo.com *.vwo.com 2
default-src https:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; worker-src 'self' blob: 2
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' 2
frame-ancestors 'self' https://www.spreadfamily.fr; 2
default-src 'self' *.psw-group.de *.psw.net *.consentmanager.net *.googletagmanager.com *.youtube-nocookie.com data: 'sha256-XRY2r3GtyLUEh37thupfndppE1As1MyDP9OsypdgSbA=' 'sha256-l806fwxM7RCQlXehzEwih52LwIJfmRlzZkgfU9M4nm8='; style-src 'unsafe-inline' *.psw-group.de *.psw.net; 2
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cookie-script.com https://*.googleapis.com https://*.googletagmanager.com https://*.authorize.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.cookie-script.com https://*.google-analytics.com https://*.authorize.net; frame-src https://*.authorize.net; frame-ancestors 'none'; upgrade-insecure-requests 2
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; object-src 'self' *; frame-src 'self' *; worker-src 'self' *; connect-src 'self' * 2
upgrade-insecure-requests; default-src 'self' https://*.screeb.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googletagmanager.com/ disqus.com *.disqus.com *.disquscdn.com https://js.hs-scripts.com platform.twitter.com syndication.twitter.com cdn.syndication.twimg.com https://gist.github.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsforms.net https://forms.hsforms.com/ https://js.hs-analytics.net https://app.getbeamer.com/js/ https://realtime.getbeamer.com/ https://apis.google.com https://*.screeb.app nominatim.openstreetmap.org http://cdn.matomo.cloud/opendatasoft.matomo.cloud/matomo.js http://cdn.mxpnl.com/ ; style-src 'self' 'unsafe-inline' https://s3-eu-west-1.amazonaws.com https://s3-eu-central-1.amazonaws.com https://s3.amazonaws.com https://s3-ca-central-1.amazonaws.com https://s3-ap-southeast-2.amazonaws.com https://s3-eu-west-3.amazonaws.com https://platform.twitter.com https://ton.twimg.com https://github.githubassets.com/ *.disquscdn.com https://fonts.googleapis.com https://app.getbeamer.com/styles/ ; img-src * data:; font-src * data:; media-src 'self' https://eu.ftp.opendatasoft.com/odsacademy/; connect-src 'self' *.opendatasoft.com *.disqus.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.algolia.net api.jawg.io tile.jawg.io https://graph.microsoft.com/ https://s3-eu-west-1.amazonaws.com https://s3-eu-central-1.amazonaws.com https://s3.amazonaws.com https://s3-ca-central-1.amazonaws.com https://s3-ap-southeast-2.amazonaws.com https://backend.getbeamer.com/ wss://realtime.getbeamer.com https://static.getbeamer.com/favico.js https://s3-eu-west-3.amazonaws.com https://stats.g.doubleclick.net https://t.hs-growth-metrics.com https://*.screeb.app wss://*.screeb.app https://opendatasoft.matomo.cloud/matomo.php https://api-js.mixpanel.com/ ; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.google.com/recaptcha/ https://accounts.google.com https://docs.google.com https://*.screeb.app *.opendatasoft.com disqus.com https://app.hubspot.com https://forms.hsforms.com https://app.getbeamer.com https://opendatasoft-trial.com data.opendatasoft.com/ www.youtube.com/embed/ www.youtube-nocookie.com/embed/ www.dailymotion.com/embed/video/ player.vimeo.com/video/ app.powerbi.com/ app.powerbigov.us/ app.high.powerbigov.us/ app.mil.powerbigov.us/ public.tableau.com/views/ arcgis.com/apps/View/ docs.google.com/forms/ forms.office.com/ www.google.com/maps/d/embed www.google.com/maps/embed www.arcgis.com/home/webscene/viewer.html www.arcgis.com/home/webmap/viewer.html app.streamfizz.live/embed/ player.streamfizz.live/embed/ www.facebook.com/plugins/page.php; 2
frame-ancestors 'self' *.get-paid.com 2
default-src 'self'; script-src https://www.youtube.com  'unsafe-inline' 'unsafe-eval' https://www.six-dochub.com https://stats.banquedeluxembourg.com https://piwikext.prd.apps.bdl https://sebpcdn.com 'self'; style-src 'unsafe-inline' https://piwikext.prd.apps.bdl https://sebpcdn.com 'self'; img-src  https://i.ytimg.com https://piwikext.prd.apps.bdl https://sebpcdn.com  'self' data:; media-src  https://sebpcdn.com 'self'; connect-src https://stats.banquedeluxembourg.com https://piwikext.prd.apps.bdl https://sebpcdn.com 'self' ;font-src https://sebpcdn.com https://piwikext.prd.apps.bdl 'self' data: ; frame-src https://www.six-dochub.com https://six-dochub.com https://piwikext.prd.apps.bdl https://www.fundinfo.com https://digital.feprecisionplus.com https://www.youtube.com https://player.ausha.co https://wl.fundsquare.net https://www.conventum.lu https://www.youtube-nocookie.com 'self' ; frame-ancestors https://piwikext.prd.apps.bdl/ 'self'; 2
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; frame-src 'self' forms.rniito.ru formdesigner.ru rutube.ru yandex.ru vk.com login.vk.com; 2
block-all-mixed-content; upgrade-insecure-requests; default-src https:; frame-ancestors 'self' https:; frame-src tel: mailto: https:; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https: 'unsafe-hashes'; script-src-elem 'unsafe-inline' https:; style-src 'unsafe-inline' 'report-sample' https: 'unsafe-hashes'; style-src-elem 'unsafe-inline' https:; report-uri /.well-known/csp/afc50834-47a9-4f84-b965-04652c70215a 2
img-src https: data:; 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' ws://localhost:1234/ https://cdn.domain-robot.org https://maxcdn.bootstrapcdn.com  https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.google.com https://*.usercentrics.eu https://www.googleadservices.com https://snap.licdn.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://t.co https://*.google.de https://*.google.com https://*.facebook.com https://seal.digicert.com blob: data: https://fonts.googleapis.com/css;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 2
frame-ancestors *.mcdonalds2.sk *.mcdonalds2.cz *.mcdonalds.cz *.mcdonalds.sk *.mcdonalds360.cz *.mcdonalds360.sk; form-action *.mcdonalds2.sk *.mcdonalds2.cz *.mcdonalds.sk *.mcdonalds.cz tr.snapchat.com; object-src 'none'; 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: https:; report-uri /report-csp-violation 2
default-src https: data: 'unsafe-hashes' 'unsafe-inline'; form-action https: 'self'; upgrade-insecure-requests 2
base-uri 'self' *.mangelot-hosting.nl; report-uri https://www.mangelot-hosting.nl/csp-report.php; frame-src 'self' data: *.google.com *.google.nl *.googleapis.com *.google-analytics.com *.doubleclick.net *.tinymce.com *.tiny.cloud *.speedtestcustom.com *.mangelot-hosting.nl; connect-src 'self' *.google.com *.google.nl *.googleapis.com *.google-analytics.com *.facebook.com *.doubleclick.net *.tinymce.com *.tiny.cloud *.bing.com *.clarity.ms *.mangelot-hosting.nl; font-src 'self' *.gstatic.com data: *.googleapis.com *.google-analytics.com *.gravatar.com *.tinymce.com *.tiny.cloud *.linearicons.com *.mangelot-hosting.nl; script-src 'self' 'unsafe-inline' 'report-sample' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleanalytics.com *.googleoptimize.com *.twitter.com *.doubleclick.net connect.facebook.net *.googleadservices.com *.google.com *.google.nl *.bing.com *.linearicons.com *.tinymce.com *.tiny.cloud *.clarity.ms *.mangelot-hosting.nl cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'report-sample' *.google.com *.googleapis.com *.gstatic.com *.twitter.com *.google-analytics.com *.googletagmanager.com *.tinymce.com *.tiny.cloud *.linearicons.com *.mangelot-hosting.nl; img-src https: data: *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.twitter.com *.doubleclick.net *.linkedin.com *.google.com *.google.nl https://installatron.com *.gravatar.com *.tinymce.com *.tiny.cloud *.mangelot-hosting.nl *.installatron.com *.paypal.com; media-src 'self'; object-src 'none'; form-action 'self' *; frame-ancestors 'self'; sandbox allow-forms allow-scripts allow-popups allow-modals allow-top-navigation  allow-same-origin; worker-src blob: 'self'; default-src https: 'self' *.mangelot-hosting.nl 2
frame-ancestors https://*.procampaign.net 2
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.fonts.googleapis.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com *.trackedlink.net *.iubenda.com https://*.google.com https://*.googleapis.com https://*.googleusercontent.com https://img.youtube.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://*.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com https://*.google.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com s7.addthis.com *.avada.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com maxcdn.bootstrapcdn.com chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.iubenda.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com ekr.zdassets.com/ https://get.geojs.io *.avada.io chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency *.cloudflare.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src chimpstatic.com stats.g.doubleclick.net google.co.uk www.google.co.uk www.google.com www.facebook.com colou11126.pcapredict.com services.postcodeanywhere.co.uk v2.zopim.com www.rsa3dsauth.co.uk static.zdassets.com ekr.zdassets.com widget-mediator.zopim.com wss://widget-mediator.zopim.com secure5.arcot.com 3ds-secure.cardcomplete.com ecclients.btrl.ro bofp.erstebank.hu www.clicksafe.lloydstsb.com pay.activa-card.com 3dsecure-1.wirecard.com 3dsecure-2.wirecard.com acssv.otpbank.hu acs.sia.eu idcheck.acs.touchtechpayments.com sicher-bezahlen.sparkasse.at www.securesuite.co.uk bred.wlp-acs.com bnpp-3ds.wlp-acs.com verify.monzo.com *.buzzsprout.com buzzsprout.com *.typekit.net typekit.net *.googleapis.com googleapis.com *.hcaptcha.com hcaptcha.com *.google.com google.com *.facebook.com facebook.com *.google.co.uk *.rsa3dsauth.co.uk rsa3dsauth.co.uk *.clicksafe.lloydstsb.com clicksafe.lloydstsb.com *.securesuite.co.uk securesuite.co.uk *.sharethis.com sharethis.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.sandbox.paypal.com sandbox.paypal.com *.paypalobjects.com paypalobjects.com *.googletagmanager.com googletagmanager.com *.snap.licdn.com snap.licdn.com *.paypal.com paypal.com *.vimeo.com vimeo.com *.gstatic.com gstatic.com *.googleusercontent.com googleusercontent.com px.ads.linkedin.com cdn.linkedin.oribi.io kit.fontawesome.com *.hdsunflower.com self blob: data: widget.freshworks.com secure.meet3monk.com *.google.com.au *.facebook.net *.mailchimp.com s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js *.hdsunflower.us21.list-manage.com https://hdsunflower.us21.list-manage.com *.loom.com https://hdsunflower.com https://sunflower.dev.pixie.agency 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none' 2
script-src * 'unsafe-eval' 'unsafe-inline'; worker-src data: blob: * 2
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data:; 2
frame-ancestors 'none'; report-uri csp-reports; report-to csp-endpoint; 2
frame-ancestors metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; 2
upgrade-insecure-requests; default-src 'self' https:; style-src-elem 'self' https: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; img-src https: data:; frame-ancestors 'self' https: 2
frame-ancestors 'self' '*.onlineplasticsgroup.com' 2
frame-ansectors 'self' 2
default-src * 'unsafe-inline' 'unsafe-eval' blob: data: ;frame-ancestors 'self' https://paghe.passepartout.sm/ https://paghe-testupd.passepartout.sm https://paghe.passstage.cloud/ 2
frame-ancestors 'self' *.ikost.com 2
default-src 'self';      font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com;      frame-src 'self' *.google.com *.youtube.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com  fonts.googleapis.com *.gstatic.com *.bing.com *.google-analytics.com *.googletagmanager.com *.virtualearth.net *.fontawesome.com  www.p.zjptg.com;      connect-src 'self' *.bing.com *.fontawesome.com *.google-analytics.com *.googletagmanager.com www.p.zjptg.com www.sjwoe.com;      img-src 'self' data: *.passportcorporate.com *.google-analytics.com *.googletagmanager.com *.virtualearth.net *.bing.com *.fontawesome.com;      style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.passportcorporate.com *.bing.com *.virtualearth.net *.fontawesome.com;      base-uri 'self'; form-action 'self' *.passportcorporate.com *.pasportdining.com www.microsoftprime.com oracleperks.com *.microsoftonline.com; 2
0 2
frame-ancestors self *.fanpla.jp; 2
default-src https: wss: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob:; font-src https: 'self' data:; frame-src https: mailto:; 2
default-src 'self' 'unsafe-inline' https: 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com http://manager.agilitycms.com *.scotiabank.com *.scotiabank.fi.cr;script-src 'self' 'unsafe-inline'  *.agilitycms.com *.google.com *.google.ca *.google.co.cr *.google.com.br www.googletagmanager.com  *.google-analytics.com  *.googleadservices.com  googleads.g.doubleclick.net  *.gstatic.com assets.adobedtm.com  *.clicktale.net *.contentsquare.net  *.contentsquare.com  *.scotiabank.fi.cr  *.scotiabank.com  chat02.emg-livechat.com  site02.emg-livechat.com:8443   www.beneficiosenlinea.com  sbcrbienesalaventa.com  www.elempleo.com  code.jquery.com  prod2-live-chat.sprinklr.com  live-chat-static.sprinklr.com sb-cr-prod01.azurewebsites.net;worker-src blob:;img-src 'self'  *.agilitycms.com  *.google.com  *.google.ca  *.google.co.cr  *.google.com.br  www.googletagmanager.com  *.google-analytics.com   *.googleadservices.com   googleads.g.doubleclick.net   *.gstatic.com  assets.adobedtm.com  *.clicktale.net  *.contentsquare.net   *.contentsquare.com   *.scotiabank.fi.cr  *.scotiabank.com  scotiabankfiles.azureedge.net  chat02.emg-livechat.com  site02.emg-livechat.com:8443  www.beneficiosenlinea.com  sbcrbienesalaventa.com  dpm.demdex.net  www.elempleo.com  prod2-live-chat.sprinklr.com   live-chat-static.sprinklr.com   prod2-sprcdn-assets.sprinklr.com ;connect-src 'self' 'unsafe-inline'  *.agilitycms.com *.google.com *.google.ca *.google.co.cr *.google.com.br www.googletagmanager.com *.google-analytics.com  *.googleadservices.com  *.g.doubleclick.net  *.gstatic.com assets.adobedtm.com *.clicktale.net *.contentsquare.net  *.contentsquare.com  *.scotiabank.fi.cr *.scotiabank.com scotiabankfiles.azureedge.net chat02.emg-livechat.com www.beneficiosenlinea.com sbcrbienesalaventa.com dpm.demdex.net www.elempleo.com  prod2-live-chat.sprinklr.com  live-chat-static.sprinklr.com  prod2-sprcdn-assets.sprinklr.com sb-cr-prod01.azurewebsites.net; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://connect.facebook.net https://www.google-analytics.com https://unpkg.com https://cdn.rawgit.com https://cdn-media.web-view.net https://cdn.simplebooking.it https://cdn.jsdelivr.net https://cdn.datatables.net https://vee-crm.com js https://googleads.g.doubleclick.net; 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://info.dentsu.com https://pi.pardot.com http://pi.pardot.com https://cdn.pardot.com http://cdn.pardot.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://pagead2.googlesyndication.com/ http://info.dentsu.com/ https://info.dentsu.com/ https://vercel.live https://app.storyblok.com wasm-eval; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://px.ads.linkedin.com https://vimeo.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://region1.google-analytics.com https://www.gstatic.com https://ipwhois.pro https://geolocation.onetrust.com https://vercel.live https://px.ads.linkedin https://api.storyblok.com https://api.emailjs.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com; frame-ancestors https://app.storyblok.com storyblok.com; img-src 'self' data: https://www.googletagmanager.com https://px.ads.linkedin.com https://www.google-analytics.com https://a.storyblok.com https://cdn.cookielaw.org https://i.vimeocdn.com/; manifest-src 'self'; media-src 'self' https://a.storyblok.com; report-uri https://6551f73079107a8bf3ffdb54.endpoint.csper.io; worker-src blob:; 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com  2
default-src 'self' data: fonts.googleapis.com *.typekit.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://54.91.124.180 https://540-why-968.mktoweb.com https://540-why-968.mktoresp.com https://td.doubleclick.net https://learn.porchgroupmedia.com https://maps.google.com https://www.buzzsprout.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://connect.facebook.net https://munchkin.marketo.net https://ws.zoominfo.com https://epsilon.6sense.com/ https://j.6sc.co https://b.6sc.co https://ipv6.6sc.co https://c.6sc.co https://px.ads.linkedin.com https://www.gstatic.com https://snap.licdn.com https://stats.sa-as.com; style-src 'self' data: 'unsafe-inline' https://54.91.124.180 https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://learn.porchgroupmedia.com; connect-src 'self' https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://ws.zoominfo.com https://px.ads.linkedin.com https://analytics.google.com https://540-why-968.mktoresp.com https://stats.g.doubleclick.net https://secure.adnxs.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://learn.porchgroupmedia.com https://*.doubleclick.net https://youtube.com https://www.youtube.com https://www.buzzsprout.com/; img-src 'self' data: https://54.91.124.180 https://learn.porchgroupmedia.com https://googleads.g.doubleclick.net https://secure.gravatar.com https://stats.sa-as.com https://ws.zoominfo.com https://www.google.com https://www.facebook.com https://px.ads.linkedin.com https://b.6sc.co; upgrade-insecure-requests; 2
default-src 'self' blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdn.jsdelivr.net http://d2c7xlmseob604.cloudfront.net  http://js.hs-scripts.com http://munchkin.marketo.net http://translate.google.com/translate_a/element.js http://web.bentley.com https://*.ads-twitter.com https://*.amazonaws.com https://*.bentley.com https://*.bing.com https://*.brightcove.net https://www.clarity.ms https://*.cloudflare.com https://*.cloudfront.net https://*.company-target.com https://*.demandbase.com https://*.doubleclick.net https://*.facebook.net https://*.feedbackify.com https://*.flockler.com https://*.getsmartling.com https://*.google-analytics.com https://*.google.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com https://*.gstatic.cn https://*.gstatic.com https://*.hsforms.net https://*.jotform.com https://*.marketo.com https://*.marketo.net https://*.mouseflow.com https://*.onetrust.com https://*.pagespeed-mod.com https://*.pingdom.net https://pixel.byspotify.com https://*.recaptcha.net https://*.redditstatic.com https://static.hsappstatic.net/MeetingsEmbed/ex/MeetingsEmbedCode.js  https://*.salesloft.com https://*.surveysparrow.com https://tags.srv.stackadapt.com https://*.twitter.com https://*.userway.org https://*.zencdn.net https://1.safecdn01.com https://accessibilityserver.org https://api.hubspot.com https://bat.bing.com/bat.js https://beacon-v2.helpscout.net/ https://bentleypocstg.wpengine.com https://blibok.com https://c.itaozi.cn https://cdn.cookielaw.org https://cdn.mathjax.org https://cdn.mouseflow.com https://click.easypower.com  https://client.prod.mplat-ppcprotect.com https://connect.facebook.net https://conoret.com https://cookie-cdn.cookiepro.com https://d2c7xlmseob604.cloudfront.net https://fast.wistia.com https://form.jotform.com/static/feedback.js https://forms.hubspot.com https://gateway.on24.com https://images.uc.cn https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectforms.net https://js.hsforms.net https://js.hsleadflows.net https://js.hubspot.com https://js.usemessages.com https://mstat.acestream.net https://munchkin.marketo.net https://ob.segreencolumn.com https://pixel.byspotify.com https://players.brightcove.net  https://relatedgamesnet-a.akamaihd.net https://scout-cdn.salesloft.com https://search.imtt.qq.com  https://service.excentos.com https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com https://tag.demandbase.com https://tags.srv.stackadapt.com https://ucads-cdn.ucweb.com https://unpkg.com https://unpkg.zhimg.com https://vjs.zencdn.net https://w8o39.m70vee7.com https://*.youtube.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;style-src 'self' 'unsafe-inline' data: https://*.bentley.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.easypower.com https://service.excentos.com https://s3.amazonaws.com https://tags.srv.stackadapt.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.userway.org https://web.bentley.com;object-src 'self' https://*.brightcove.net;connect-src 'self' data: http://ad.doubleclick.net http://gjtrack.ucweb.com https: https://*.doubleclick.net https://*.hubspot.com https://adservice.google.com https://bcbolt446c5271-a.akamaihd.net https://bcsecure01-a.akamaihd.net https://forms.hubspot.com https://stats.g.doubleclick.net wss://www.bentley.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;font-src 'self' data: http://themes.googleusercontent.com https:;frame-ancestors 'self' *.bentley.com https://*.docebosaas.com/ https://bentleysystems.gcs-web.com/ https://bentleysystems-preview.gcs-web.com/;frame-src https://7668309.hs-sites.com/ http://www.facebook.com https://*.bentley.com https://*.brightcove.net https://*.core.windows.net https://*.doubleclick.net https://*.facebook.com https://*.flickr.com https://*.getsmartling.com https://*.google.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.jotform.com https://*.menlosecurity.com https://*.on24.com https://*.onetrust.com https://*.recaptcha.net https://*.surveysparrow.com https://*.twitter.com https://*.userway.org https://*.wpengine.com https://*.youtube.com https://*.zscalerthree.net https://7rx80283.ibosscloud.com https://block.opendns.com https://blocked.freedom.to https://bpb.opendns.com https://cdn.cookielaw.org https://click.easypower.com https://div.show https://gateway.zscaler.net https://gateway.zscalertwo.net https://gateway.zscloud.net https://leap13.github.io https://login.zscloud.net https://mozbar.moz.com https://n329vvnsz6n7.statuspage.io https://remove.video https://s.company-target.com https://skytraf.xyz https://www.ciuvo.com https://zswpmanager.wip.mmc.com https://wp-rocket.me/ https://app.vwo.com https://*.visualwebsiteoptimizer.com;img-src 'self' blob: data: http://www.bentley.com https: https://t.co https://*.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://app.vwo.com;manifest-src 'self';media-src 'self' blob: data: https:;report-uri https://6449169ef1e3671a29137d52.endpoint.csper.io?v=7;worker-src 'self' blob:; 2
default-src 'self' http: https: data: blob: 'unsafe-inline' script-src 'unsafe-eval' 2
default-src 'self' https: blob:; style-src 'unsafe-inline' https:; font-src 'self' data: https://fonts.gstatic.com/; img-src 'self' https: data: blob:; frame-src 'self' https:; script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; form-action 'self' https://forms.zohopublic.com/ https://opac.hus.ac.jp/; base-uri 'self'; frame-ancestors 'self' https://f6neniwkjv-dsn.algolia.net/ https://forms.zohopublic.com/ https://opac.hus.ac.jp/; worker-src blob:; 2
default-src 'self' https://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.marketo.com https://*.google.com https://*.youtube.com https://*.gstatic.com https://*.gstatic.cn https://*.ul.com https://player.vimeo.com https://www.recaptcha.net *.salesforce-sites.com data: blob:; connect-src 'self' https://*.wistia.com http://*.wistia.com *.wistia.cdn.com https://*.ul.com https://www.google-analytics.com https://*.google.com https://www.facebook.com https://stats.addtoany.com https://*.hotjar.com https://*.hotjar.io https://*.mktoutil.com https://*.mktoresp.com http://*.mktoresp.com https://embedwistia-a.akamaihd.net https://sessions.bugsnag.com https://stats.g.doubleclick.net https://fg8vvsvnieiv3ej16jby.litix.io https://*.nr-data.net https://sheets-proxy.knightlab.com wss://*.hotjar.com https://csp.withgoogle.com https://cdn.linkedin.oribi.io https://*.qualtrics.com https://en.wikipedia.org/ *.my.salesforce-sites.com https://api.company-target.com https://acsbapp.com https://cdn.acsbapp.com https://*.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://uliodev.azure-api.net/informatica-email-phone/Global_Email_Phone_Validation https://io.ul.com/informatica-email-phone/Global_Email_Phone_Validation https://na1.ai.dm-us.informaticacloud.com/active-bpel/public/rt/cTHkDDQ8MOqgFALFbuPY0C/Global_Email_Phone_Validation_test https://ulenterpriseorg--devservice.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--intdev.sandbox.my.salesforce-scrt.com https://ulenterpriseorg--sit.sandbox.my.salesforce-scrt.com *.my.salesforce-scrt.com *.adobe.io wss://*.adobe.io; font-src 'self' https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://cdn.knightlab.com https://*.gstatic.com https://*.gstatic.cn https://script.hotjar.com https://*.ul.com https://fast.wistia.com/ https://acsbapp.com https://consent.trustarc.com https://cdnjs.cloudflare.com https://*.typekit.net data:; frame-src 'self' https://*.marketo.com https://*.google.com https://player.vimeo.com https://*.youtube.com https://fast.wistia.com https://vars.hotjar.com https://www.facebook.com http://*.ul.com https://*.ul.com https://www.recaptcha.net https://*.addtoany.com https://*.doubleclick.net https://airtable.com https://ulsolutions.qualtrics.com *.salesforce.com *.salesforce-sites.com http://consent-pref.trustarc.com company-target.com *.company-target.com https://documentcloud.adobe.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com; img-src 'self' https://*.adroll.com https://*.linkedin.com https://*.facebook.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://*.ul.com https://s.ml-attr.com https://*.adnxs.com https://attr.ml-api.io https://pixel.mathtag.com https://*.amazonaws.com https://*.acsbapp.com https://*.qualtrics.com *.trustarc.com https://live-shimadzu.pantheonsite.io https://live-wwwul.pantheonsite.io https://live-latamul.pantheonsite.io https://live-emergo1.pantheonsite.io https://live-aunzul.pantheonsite.io https://test-shimadzu.pantheonsite.io https://test-wwwul.pantheonsite.io https://test-latamul.pantheonsite.io https://test-emergo1.pantheonsite.io https://test-aunzul.pantheonsite.io https://dev-shimadzu.pantheonsite.io https://dev-wwwul.pantheonsite.io https://dev-latamul.pantheonsite.io https://dev-emergo1.pantheonsite.io https://dev-aunzul.pantheonsite.io https://develop-shimadzu.pantheonsite.io https://develop-wwwul.pantheonsite.io https://develop-latamul.pantheonsite.io https://develop-emergo1.pantheonsite.io https://develop-aunzul.pantheonsite.io https://aunz.pasapp.dev https://emergo.psapp.dev https://latam.psapp.dev https://shimadzu.psapp.dev https://ul.psapp.dev https://ul.com https://id.rlcdn.com https://segments.company-target.com/validateCookie https://assets.adoberesources.net https://lh3.googleusercontent.com data:; media-src 'self' https://embedwistia-a.akamaihd.net https://*.wistia.com *.wistia.cdn.com https://*.youtube.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wistia.com http://*.wistia.net https://*.wistia.net https://*.youtube.com http://*.youtube.com https://*.vimeo.com https://connect.facebook.net https://*.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.gstatic.cn https://*.google.com https://googleads.g.doubleclick.net https://*.ul.com https://*.ul-renewables.com https://*.hotjar.com https://*.marketo.net https://www.recaptcha.net https://*.adroll.com https://*.ytimg.com https://snap.licdn.com https://*.adroll.mgr.consensu.org https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://cdn.c212.net https://c212.net https://pixel.mathtag.com *.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.marketo.com https://browser-update.org http://browser-update.org https://acsbapp.com https://cdn.acsbapp.com https://*.qualtrics.com https://en.wikipedia.org https://tag.demandbase.com http://munchkin.marketo.net http://consent.trustarc.com *.demandbase.com demandbase.com company-target.com *.company-target.com https://assets.adoberesources.net https://documentcloud.adobe.com https://service.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com *.lightning.force.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com blob: consent.trustarc.com https://cdn.jsdelivr.net https://cdn.knightlab.com https://cdnjs.cloudflare.com https://commons.ul.com https://fast.wistia.com https://static.addtoany.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.marketo.com https://static.addtoany.com https://*.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com http://empoweringtrust.ul.com https://empoweringtrust.ul.com https://*.typekit.net *.salesforce.com *.salesforce-sites.com https://ulenterpriseorg--devservice.sandbox.my.site.com https://ulenterpriseorg--intdev.sandbox.my.site.com https://ulenterpriseorg--sit.sandbox.my.site.com *.my.site.com cdnjs.cloudflare.com https://cdn.knightlab.com; frame-ancestors 'self' *.salesforce-sites.com *.force.com 2
frame-ancestors https://app.contentful.com 2
default-src 'self'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googleadservices.com platform.twitter.com cdn.syndication.twimg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com code.cdn.mozilla.net platform.twitter.com *.twimg.com; font-src 'self' data: ms-appx-web: fonts.gstatic.com code.cdn.mozilla.net; img-src * data:; frame-src 'self' data:; form-action 'self' www.mollie.com *.twitter.com; connect-src 'self' *.twitter.com; block-all-mixed-content; report-uri https://leemankuiper.uriports.com/reports/enforce; report-to default 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com ssl.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com js-agent.newrelic.com/nr-1212.min.js *.livechatinc.com *.tawk.to analytics.ajla.net bam.nr-data.net 2
default-src data: blob: 'unsafe-inline' 'self' *.domainoo.com images.prismic.io 2
default-src 'self' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://www.googletagmanager.com https://www.youtube.com https://*.youtube.com http://youtu.be https://www.google.com https://fonts.gstatic.com https://twitter.com https://*.twitter.com https://platform-lookaside.fbsbx.com https://streamable.com https://player.vimeo.com https://player.twitch.tv https://gfycat.com https://discordapp.com https://discord.com https://cdn.iframe.ly https://www.google-analytics.com https://stats.g.doubleclick.net https://if-cdn.com https://*.hotjar.com https://vc.hotjar.io/ wss://*.hotjar.com https://gleam.io; style-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.jsdelivr.net https://connect.facebook.net https://platform.twitter.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.gleam.io https://*.gleamjs.io/ https://*.google.com; img-src 'self' data: https://www.dlcompare.com https://*.dlcompare.com https://*.amazonaws.com https://cdn.akamai.steamstatic.com https://steamcdn-a.akamaihd.net https://cdn.staticaly.com https://graph.facebook.com https://*.twitter.com https://*.cloudfront.net/facebook/ https://*.cloudfront.net/twitter/ https://*.cloudfront.net/instagram/ https://i.imgur.com https://if-cdn.com https://www.google-analytics.com https://platform-lookaside.fbsbx.com https://www.google.com https://*.fbcdn.net https://*.hotjar.com https://*.gleam.io https://flagcdn.com https://cdn.discordapp.com https://discord.com 2
default-src * data: 'unsafe-eval' 'unsafe-inline'; worker-src blob: 2
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval'; 2
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 2
upgrade-insecure-requests; default-src 'self' chat.sameday.ro; script-src 'self' https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro https://ajax.cloudflare.com https://*.wp.com https://*.hotjar.com  https://*.gstatic.com/recaptcha/ https://*.fontawesome.com https://*.recaptcha.net https://consent.cookiebot.com https://*.googleapis.com https://*.facebook.net https://*.sameday.ro *.sameday.ro *.googlesyndication.com 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro https://*.doubleclick.net https://*.googleapis.com https://*.oribi.io https://*.zitec.dev https://*.zitec.com https://*.sameday.bg https://*.sameday.hu https://*.sameday.ro wss://chat.sameday.ro *.sameday.ro wss://chat.sameday.ro *.googlesyndication.com *.linkedin.com; media-src  *; object-src 'none'; child-src 'self'; frame-src 'self' https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro; worker-src 'self' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro; manifest-src *; base-uri 'self'; form-action 'self' https://*.facebook.com; frame-ancestors https: https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.facebook.com https://*.sameday.ro https://secure.gravatar.com https://samedayprodwp.blob.core.windows.net https://samedayphpwplocal.blob.core.windows.net *.sameday.ro;; 2
frame-ancestors 'self' capacitor://app.virginmegastore.ae  https://app.virginmegastore.ae 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob: ws:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 2
worker-src 'self' blob:; 2
object-src 'none'; base-uri 'self'; default-src 'none'; form-action https://www.facebook.com/tr/ https://*.pinterest.com/; font-src 'self' data: https://site.appchoose.io/ https://public.choose.app/ https://site.appchoose.io/new/font/ https://fonts.gstatic.com; style-src 'self' https://site.appchoose.io/ https://public.choose.app/ https://fonts.googleapis.com/ 'unsafe-inline'; media-src *; img-src 'self' data: https://cx.atdmt.com/ https://cdn.choose.app https://appchoose.io/static/ https://public.choose.app/ https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://dt7yl6baij8oi.cloudfront.net/ https://*.appchoose.io https://*.appchoose.co https://images.choose.app https://*.pinterest.com/ https://*.pinterest.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.fr/ https://www.google-analytics.com/ https://*.googleusercontent.com/  https://www.googletagmanager.com/ https://www.gstatic.com/; connect-src 'self' https://*.hotjar.com https://*.hotjar.io https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://*.pinterest.com/ wss://*.hotjar.com/ wss://*.hotjar.io/ https://*.amplitude.com/ https://d16ahjtmf9d1au.cloudfront.net/ https://s3-us-west-2.amazonaws.com/onboarding-service-instrumentation-specs-production/ 'unsafe-inline' https://api.appchoose.io https://site.appchoose.io/ https://public.choose.app/ https://notify.bugsnag.com/ https://sessions.bugsnag.com/ https://cdn.amplitude.com/libs/ https://api.amplitude.com/ https://api.segment.io/ https://cdn.segment.com/ https://*.pinterest.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://firebasestorage.googleapis.com/ https://optimize.google.com/; script-src 'self'  https://www.fullstory.com/s/ 'unsafe-inline' https://*.pinimg.com/ https://*.pinterest.com/ https://sc-static.net/scevent.min.js https://www.googleadservices.com/ https://d16ahjtmf9d1au.cloudfront.net/ https://includestest.ccdc02.com/ https://googleads.g.doubleclick.net/ https://*.hotjar.com https://*.hotjar.io http://connect.facebook.net/ https://connect.facebook.net/ https://site.appchoose.io/ https://public.choose.app/ https://cdnjs.cloudflare.com/ajax/libs/bodymovin/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://cdn.amplitude.com/libs/ https://api.segment.io/ https://cdn.segment.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/plugins/ https://optimize.google.com/ https://www.google-analytics.com/gtm/ https://apis.google.com/ https://www.googletagmanager.com/; frame-src 'self' https://vars.hotjar.com/ https://www.facebook.com/ https://*.pinterest.com/ https://optimize.google.com/ 2
frame-ancestors 'self' https://www.youtube.com 2
frame-ancestors 'self' https://comscore.sharepoint.com https://*.skilljar.com https://*.basis.net; 2
default-src https:; script-src https: data: blob: 'self' 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; connect-src *; media-src https: blob:; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: kubra.io www.googleadservices.com fls.doubleclick.net; object-src 'none' ; style-src 'self' 'unsafe-inline' *; img-src 'self' data: * blob:; media-src 'self' *.jwplayer.com *.jwpsrv.com *.jwplatform.com *.snapengage.com blob:; frame-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com webforms.optimum.com sdk.asapp.com; child-src 'self' kubra.io blob: *.doubleclick.net *.demdex.net s.amazon-adsystem.com *.teads.tv *.bounceexchange.com alticeusa.speedtestcustom.com flo.uri.sh qm.subvertice.com xq2subvertice.com www.facebook.com *.ipredictive.com tpc.googlesyndication.com; font-src 'self' *.googleapis.com *.gstatic.com *.acsbapp.com *.googleusercontent.com data:; connect-src 'self' * blob: *.demdex.net; base-uri 'self'; report-uri /report-csp-violation 2
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' *; style-src 'self' 'unsafe-inline' *; font-src 'self' *; frame-src *; 2
frame-ancestors 'self' *.sivuviidakko.fi *.lianacms.com *.tagomocms.fi; 2
frame-ancestors 'self' equinux.com *.equinux.com equinux.net *.equinux.net tizi.tv *.tizi.tv maildesigner365.com *.maildesigner365.com vpntracker.com *.vpntracker.com tvproapp.de *.tvproapp.de; 2
frame-ancestors 'self';; upgrade-insecure-requests 2
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com ; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com; object-src 'none'; upgrade-insecure-requests; 2
frame-src https: 2
default-src https: 'self'; connect-src 'self' https://px.ads.linkedin.com https://dock.ui.bosch.tech https://region1.google-analytics.com https://www.google-analytics.com https://svrdntfctn.com https://api.friendlycaptcha.com; font-src 'self' data: ; frame-src 'self' https://scnem.com https://www.youtube-nocookie.com https://www.buzzsprout.com https://td.doubleclick.net; img-src 'self' https://px.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com/ https://www.kununu.com https://www.glassdoor.ie https://region1.google-analytics.com https://www.googletagmanager.com https://googleads.g.doubleclick.net data: ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.buzzsprout.com https://www.googletagmanager.com https://dock.ui.bosch.tech https://www.google-analytics.com https://svrdntfctn.com https://cdn.jsdelivr.net https://www.googleadservices.com https://snap.licdn.com; style-src 'self' 'unsafe-inline' data: fast.fonts.net; frame-ancestors 'self'; report-uri /csp_.php; worker-src 'self' blob: ; 2
frame-ancestors 'none';upgrade-insecure-requests; 2
upgrade-insecure-requests; frame-ancestors 'self'; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; worker-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; child-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: http:; base-uri 'self'; 2
script-src  'self' 'unsafe-inline' js.sentry-cdn.com consent.cookiebot.com *.cloudflare.com consentcdn.cookiebot.com sentry.io js.sentry-cdn.com www.sentry.io www.google.com www.gstatic.com www.googletagmanager.com ; style-src 'unsafe-inline' https://baltichub.com www.google.com www.gstatic.com  *.google-analytics.com   *.cloudflare.com ; frame-src 'unsafe-inline' consentcdn.cookiebot.com www.google.com google.com recaptcha.google.com www.youtube.com  report-uri https://o399291.ingest.sentry.io/api/4506393645809664/security/?sentry_key=4257efa34b4f93aed0eb561f4d551fa0 2
default-src 'self' *.geovelo.fr; frame-src 'self' *.geovelo.fr accounts.google.com new-geovelo.prismic.io geovelo-fr-geovelo.firebaseapp.com www.youtube.com webforms.pipedrive.com platform.twitter.com www.facebook.com www.welcometothejungle.com; connect-src 'self' *.geovelo.fr wss://client.relay.crisp.chat/  px.ads.linkedin.com px4.ads.linkedin.com client.crisp.chat data: geovelo.matomo.cloud *.ingest.sentry.io mo.cloud s3.fr-par.scw.cloud www.facebook.com wxs.ign.fr wmts10.geo.admin.ch www.ign.es identitytoolkit.googleapis.com firebasedynamiclinks.googleapis.com accounts.google.com http://new-geovelo.cdn.prismic.io/ api.eu.amplitude.com www.google-analytics.com wss://client.relay.crisp.chat client.crisp.chat stats.g.doubleclick.net www.welcomekit.co; style-src 'self' *.geovelo.fr api.mapbox.com fonts.googleapis.com cdn.tiny.cloud https://accounts.google.com/gsi/ client.crisp.chat platform.twitter.com ton.twimg.com 'unsafe-inline'; img-src 'self' *.geovelo.fr data: blob: px.ads.linkedin.com px4.ads.linkedin.com  s3.fr-par.scw.cloud *.s3.fr-par.scw.cloud www.facebook.com sp.tinymce.com static.cdn.prismic.io images.prismic.io new-geovelo.cdn.prismic.io https://prismic-io.s3.amazonaws.com/ accounts.google.com www.googletagmanager.com www.google-analytics.com image.crisp.chat platform.twitter.com syndication.twitter.com abs.twimg.com pbs.twimg.com https://ton.twimg.com about://ton.twimg.com; font-src 'self' *.geovelo.fr client.crisp.chat data: fonts.gstatic.com client.crisp.chat; script-src 'self' *.geovelo.fr snap.licdn.com client.crisp.chat geovelo.matomo.cloud cdn.matomo.cloud apis.google.com connect.facebook.net appleid.cdn-apple.com cdn.tiny.cloud static.cdn.prismic.io prismic.io https://accounts.google.com/gsi/client cdn.syndication.twimg.com webforms.pipedrive.com cdn.eu-central-1.pipedriveassets.com pipedrive.com platform.twitter.com twitter.com facebook.com www.googletagmanager.com client.crisp.chat www.google-analytics.com www.welcomekit.co 'unsafe-inline' 'unsafe-eval'; worker-src 'self' *.geovelo.fr blob: ; media-src 'self' *.geovelo.fr geovelo-annual-recaps-dev.s3.fr-par.scw.cloud ; child-src 'self' *.geovelo.fr blob: ; 2
frame-ancestors 'self' meinwerbetechniker.de *.meinwerbetechniker.de 2
default-src *; font-src 'self' data: https://static.opencityitalia.it https://fonts.gstatic.com https://acsbapp.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; img-src * 'self' data: https: blob:; report-uri 2
default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self';connect-src 'self';media-src 'self' 2
frame-ancestors 'self' https://app.endearhq.com *.endearhq.com; report-uri https://o76320.ingest.sentry.io/api/5434086/security/?sentry_key=4606408afb594b4dafe50588b2179815 2
frame-ancestors 'self' https://*.funeraltechonline.com https://*.tributecenteronline.com https://*.funeraltechweb.com https://*.funeraltechweb2.com https://*.ogdenfuneralhome.com https://hiddenvalleyfunerals.com https://www.archerandsons.com.au http://macarthurfh.com http://www.macarthurfh.com http://haugheymemorials.com http://www.haugheymemorials.com https://www.hslm.ca http://dev.fullmooncreative.com https://neshamajfs.com  http://neshamajfs.com http://howelllussi.com https://howelllussi.com http://prod-site.arbormemorial.ca/en.html https://prod-site.arbormemorial.ca/en.html http://www.arbormemorial.ca/en/ https://www.arbormemorial.ca/en/ http://www.calgarycrematorium.com https://www.calgarycrematorium.com http://calgarycrematorium.com https://calgarycrematorium.com; object-src 'none'; 2
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org;object-src 'none'; 2
style-src https://www.paypal.com/ https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; base-uri 'self'; script-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ 'nonce-a34852131fcd4b6ccb8ffec60515a4fc' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/ https://*.yodlee.com/ https://cdn.amplitude.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/; form-action * paypal://remittance/link-paypal-account https://*.xoom.com/ https://*.paypal.com/; frame-src *; img-src 'self' data: https:; connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://*.segment.io/ https://*.segment.com/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://www.paypalobjects.com/ https://*.preview.dev.paypalinc.com/;  worker-src 'self'; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; media-src https://ssl.gstatic.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; font-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; 2
default-src 'self'; connect-src *; font-src data: *; frame-src *; img-src data: *; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline'; 2
default-src *;  object-src 'none';  base-uri 'none';  script-src * 'unsafe-eval' 'unsafe-inline';  style-src * 'unsafe-inline';  img-src * blob: data:;  font-src * data:;  frame-ancestors 'self' *.nyla.app *.vercel.app localhost:*; 2
script-src * 'self' 'unsafe-inline' 'unsafe-eval' 2
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' 2
default-src data: 'self' https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 2
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.audioeye.com cdn.shopify.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.googletagmanager.com *.gstatic.com *.jst.ai ajax.googleapis.com *.affirm.com *.launchdarkly.com connect.facebook.net *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com *.google.com *.demdex.net www.googletagmanager.com *.instagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.vimeo.com *.hotjar.com *.doubleclick.net *.jst.ai *.paymetric.com *.affirm.com *.audioeye.com *.imgur.com web.hyro.ws wss://web.hyro.ws *.zdassets.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net validator.swagger.io *.cdninstagram.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com via.placeholder.com *.klaviyo.com *.google.com *.google.ca *.facebook.com *.fls.doubleclick.net googleapis.com *.affirm.com *.jst.ai cdn.cookielaw.org *.audioeye.com *.imgur.com blob: *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com https://imgs.signifyd.com https://*.online-metrix.net s7d9.scene7.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 *.gstatic.com *.google.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com *.instagram.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com api.airbud.io demo.airbud.io ajax.googleapis.com *.klaviyo.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net player.vimeo.com *.typekit.net *.hotjar.com *.jst.ai *.kmail-lists.com *.affirm.com *.launchdarkly.com *.audioeye.com *.imgur.com cdn.cookielaw.org *.bing.com *.clarity.ms web.hyro.ws wss://web.hyro.ws *.zdassets.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net https://static.klaviyo.com unsafe-inline assets.braintreegateway.com api.airbud.io demo.airbud.io *.klaviyo.com *.typekit.net *.affirm.com *.launchdarkly.com connect.facebook.net *.jst.ai *.audioeye.com web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.cdninstagram.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.imgur.com blob: web.hyro.ws *.zdassets.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.klaviyo.com prod.airbud.io bam.nr-data.net *.google-analytics.com *.doubleclick.net *.kmail-lists.com *.youtube.com *.affirm.com *.launchdarkly.com *.jst.ai *.audioeye.com *.imgur.com hyropublic.blob.core.windows.net *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com web.hyro.ws wss://web.hyro.ws wss://widget-mediator.zopim.com *.zdassets.com wheelprossupport.zendesk.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
script-src 'self'; object-src 'self' 2
frame-ancestors 'self' https://*.negocom-atlantique.com, base-uri 'self', script-src 'self' 'unsafe-inline' 'unsafe-eval' *.negocom-atlantique.com *.point-sys.com *.googletagmanager.com *.google-analytics.com *.google.fr *.googleapis.com *.youtube.com *.dmcdn.net *.jsdelivr.net 2
frame-ancestors 'self' https://st-martin-kub.crono.travel 2
default-src https://*.db.de https://wirsindgueter.de https://*.deutschebahn.com; media-src *; script-src https://*.adobedtm.com https://hcaptcha.com https://*.hcaptcha.com https://*.deutschebahn.com https://dbwas.service.deutschebahn.com 'self' 'unsafe-inline' https://dbsedbcgprod.112.2o7.net 'unsafe-eval'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.deutschebahn.com https://*.db.de https://dpm.demdex.net; img-src 'self' blob: data: https://*.deutschebahn.com https://*.db.de https://dbsedbcgprod.112.2o7.net dbsedbcgdev.112.2o7.net; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-src https://hcaptcha.com https://*.hcaptcha.com https://*.deutschebahn.com https://*.youtube.com; font-src 'self'; manifest-src 'self'; frame-ancestors https://*.deutschebahn.com 2
media-src * 2
default-src 'none'; script-src 'self' https://*.typekit.net/ https://*.clarity.ms/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.googleapis.com/ https://*.gstatic.com/ https://seal.thawte.com/ https://secure.bluepay.com https://seal.digicert.com/ https://www.safewayxchange.com/ 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.clarity.ms/ https://stats.g.doubleclick.net; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://dev.virtualearth.net/ data: https://seal.digicert.com https://www.google.com; style-src 'self' 'unsafe-inline' https://*.typekit.net/ https://fonts.googleapis.com/ https://*.gstatic.com; font-src 'self' https://*.typekit.net/ https://fonts.gstatic.com/ https://fonts.googleapis.com/; frame-src 'self' https://secure.bluepay.com https://www.safewayxchange.com/; object-src 'self'; media-src 'self' https://www.google-analytics.com/; manifest-src 'self'; frame-ancestors 'self' 2
default-src 'self' https://experience.instilled.com https://www.facebook.com https://w.soundcloud.com http://www.ltgplc.com https://go.ltgplc.com https://go.openlms.net https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://go.pardot.com https://js.driftt.com https://cdn4.mxpnl.com https://vars.hotjar.com https://optimize.google.com;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://cdn.inspectlet.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://w.soundcloud.com https://go.openlms.net https://www.googletagmanager.com https://tagmanager.google.com https://sjs.bizographics.com https://static.ads-twitter.com https://www.googleadservices.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://go.ltgplc.com https://analytics.twitter.com https://player.vimeo.com https://js.driftt.com https://snap.licdn.com https://cdn4.mxpnl.com https://static.hotjar.com https://script.hotjar.com https://optimize.google.com https://lltrck.com https://www.clarity.ms https://www.googleoptimize.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://zippyfrog.co https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://cdn.inspectlet.com https://sjs.bizographics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://bat.bing.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://go.openlms.net https://go.ltgplc.com https://player.vimeo.com https://js.driftt.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://pi.pardot.com https://www.clickcease.com https://monitor.clickcease.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cheekybranding.com https://ob.esnbranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;font-src 'self' data: https://fonts.gstatic.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://tagmanager.google.com https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://optimize.google.com https://*.visualwebsiteoptimizer.com https://app.vwo.com;img-src 'self' data: https://www.googletagmanager.com https://t.co https://cdn.sanity.io https://www.google-analytics.com https://stats.g.doubleclick.net https://linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://bat.bing.com https://ssl.gstatic.com https://www.gstatic.com https://optimize.google.com https://www.googletagmanager.com https://lltrck.com https://p.adsymptotic.com https://px4.ads.linkedin.com https://c.clarity.ms *.google-analytics.com *.analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.cheekybranding.com https://obs.esnbranding.com https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://app.vwo.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;media-src 'self' data: https://cdn.sanity.io https://js.driftt.com;connect-src 'self' https://nosafynr.api.sanity.io https://s.ytimg.com wss://ws.inspectlet.com https://cdn.inspectlet.com/ https://www.googleadservices.com https://sjs.bizographics.com https://static.ads-twitter.com https://go.openlms.net https://use.typekit.net/ https://www.google-analytics.com https://stats.g.doubleclick.net https://hn.inspectlet.com https://cdn.sanity.io https://vimeo.com https://js.driftt.com http://*.mixpanel.com http://cdn.mixpanel.com https://*.mixpanel.com https://cdn.mixpanel.com https://api-js.mixpanel.com https://in.hotjar.com wss://ws18.hotjar.com https://ws18.hotjar.com www.googleapis.com https://*.algolianet.com https://*.algolia.net https://ws25.hotjar.com/ https://cdn.segment.com wss://ws11.hotjar.com https://ws11.hotjar.com https://e.clarity.ms wss://ws41.hotjar.com https://ws41.hotjar.com https://region1.google-analytics.com *.google-analytics.com *.analytics.google.com  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://monitor.clickcease.com https://www.clickcease.com https://*.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.cheekybranding.com https://px.ads.linkedin.com https://ob.esnbranding.com https://obs.esnbranding.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com;prefetch-src 'self' https://go.openlms.net https://www.googletagmanager.com https://www.google-analytics.com;frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://js.driftt.com https://go.ltgplc.com  https://go.openlms.net https://vars.hotjar.com https://weareclasstech.wistia.com https://optimize.google.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com 2
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; 2
worker-src blob:; 2
upgrade-insecure-requests; default-src 'self'; connect-src *; font-src *; frame-ancestors *; frame-src *; media-src *; img-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-eval' 'unsafe-inline' 2
default-src 'self'; connect-src *;font-src * data:;img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; frame-src * 2
default-src 'self' https:; connect-src 'self' ws: https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://seat-admin.porsche-holding.com; 2
default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self' data:; style-src 'self'; 2
default-src 'self' https: localhost; font-src 'self' https: data:; img-src 'self' http: data: localhost; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' localhost; frame-src 'self' https: pagead2.googlesyndication.com; style-src 'self' https: 'unsafe-inline'; connect-src 'self' http: ws: localhost; worker-src 'self' http: https: blob: localhost 2
default-src https: 'unsafe-inline' 'unsafe-eval' data:; connect-src wss: https: 2
default-src 'self'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; connect-src * ws:; font-src *; frame-src *; media-src * 2
object-src 'self' data: 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-capital.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de foerderservices.kfw.de *.deginvest.de *.youborafds01.com *.edge-cdn.net *.akamaized.net *.youboranqs01.com android-webview-video-poster *.mapbox.com *.bitmovin.com  *.wt-safetag.com  *.analytics.edgekey.net a-fds.youborafds01.com kfw-chatapp-live.x21wxzihtdv.eu-de.codeengine.appdomain.cloud fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net *.googleadservices.com ajax.googleapis.com *.googletagmanager.com *.google.com *.google.de *.analytics.yahoo.com *.doubleclick.net *.yimg.com *.adform.net data: blob:; 2
frame-ancestors 'none'; object-src 'none'; 2
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://pay.paymentiq.io/; 2
media-src 'self' 2
default-src * https: data: blob: wss: 'unsafe-inline' 2
default-src 'self' *.sysnet.ie *.sysnetgs.com player.vimeo.com *.nr-data.net shyrka-prod.s3.amazonaws.com *.shyrka-prod.s3.amazonaws.com *.newrelic.com *.mypurecloud.com *.use1.pure.cloud ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.boldchat.com *.nr-data.net *.newrelic.com *.mypurecloud.com *.use1.pure.cloud; connect-src 'self' assurance.sysnetgs.com *.boldchat.com www.google-analytics.com *.demdex.net ws: *.mypurecloud.com *.use1.pure.cloud; img-src 'self' data: us01-prod-sair-static-assets.s3.amazonaws.com eu01-prod-sair-static-assets.s3-eu-west-1.amazonaws.com adservice.google.com images.boldchat.com *.sysnet.ie www.google-analytics.com *.demdex.net ad.doubleclick.net stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.fonts.net *.mypurecloud.com *.use1.pure.cloud; font-src 'self' data: fonts.gstatic.com; media-src 'self' *.mypurecloud.com *.use1.pure.cloud; object-src  'self' *.mypurecloud.com *.use1.pure.cloud ; child-src 'self' *.mypurecloud.com *.use1.pure.cloud; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.sgsonline.net iscan: data: blob: *.sysnetgs.com *.vimeo.com *.boldchat.com *.nr-data.net shyrka-prod.s3.amazonaws.com *.shyrka-prod.s3.amazonaws.com *.newrelic.com *.mypurecloud.com *.use1.pure.cloud; 2
default-src 'self' 'unsafe-inline' 'unsafe-hashes' * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' * ; connect-src 'self' * ; img-src 'self' data: * ; style-src 'self' *  'unsafe-inline' ; 2
frame-ancestors 'none'; report-uri /report-csp-violation; upgrade-insecure-requests 2
default-src https://faelix.net; img-src https://faelix.net https://faelix.net/static/ https://analytics.faelix.link https://platform.twitter.com https://syndication.twitter.com; script-src https://faelix.net/static/javascripts/ https://faelix.net/elasticlunr.min.js https://faelix.net/search_index.en.js https://analytics.faelix.link https://platform.twitter.com/widgets.js https://unpkg.com/website-carbon-badges@1.1.3/b.min.js 'unsafe-eval' 'unsafe-inline'; connect-src https://fulcrm.email/webform/1/5/faelix.net/website-enquiry/contact/person.name/person.email/email/8r7lurl0u31535mccf86l0r341l650f3 https://api.websitecarbon.com/b https://analytics.faelix.link; frame-src https://platform.twitter.com https://grafana.faelix.net https://youtu.be https://www.youtube.com; font-src https://faelix.net; style-src 'unsafe-inline' https://faelix.net/static/css/ https://faelix.net/static/main.css https://faelix.net/static/webfonts.css https://faelix.net/static/stylesheets/ https://faelix.net/static/iconoir/ 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' always 2
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org www.google-analytics.com pghub.io feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com pgamaanemiameter.jebbit.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net cdn.cookielaw.org pixel.tapad.com www.google-analytics.com feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org *.google-analytics.com www.google-analytics.com *.algolia.net *.algolianet.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 2
frame-ancestors 'self' *.nike.com *.nikecloud.com *.nikedev.com 2
default-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' *; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ssl.google-analytics.com 2
frame-ancestors 'self' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch;     block-all-mixed-content;     report-uri /csp-report.php;     default-src 'self';     script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch tags.creativecdn.com delivery.consentmanager.net *.outbrain.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com cdn.jsdelivr.net www.paypal.com www.googleadservices.com s2.adform.net *.adform.net js.adsrvr.org *.delivery.consentmanager.net acdn.adnxs.com *.teads.tv *.googletagmanager.com *.doubleclick.net *.google.de *.google.com bat.bing.com c.delivery.consentmanager.net cdn.consentmanager.net ajax.googleapis.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com stackpath.bootstrapcdn.com unpkg.com f.vimeocdn.com m.youtube.com player.vimeo.com www.vimeo.com www.youtube.com;     script-src-elem 'self' 'unsafe-inline' 'wasm-unsafe-eval' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch c.delivery.consentmanager.net cdn.consentmanager.net www.googletagmanager.com acdn.adnxs.com p.teads.tv tags.creativecdn.com delivery.consentmanager.net *.outbrain.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com cdn.jsdelivr.net www.paypal.com www.googleadservices.com s2.adform.net *.adform.net js.adsrvr.org *.delivery.consentmanager.net acdn.adnxs.com *.teads.tv *.googletagmanager.com *.doubleclick.net *.google.de *.google.com bat.bing.com c.delivery.consentmanager.net cdn.consentmanager.net ajax.googleapis.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com stackpath.bootstrapcdn.com unpkg.com f.vimeocdn.com m.youtube.com player.vimeo.com www.vimeo.com www.youtube.com;     style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com cdn.honey.io *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch unpkg.com;     style-src-elem 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com cdn.honey.io *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch unpkg.com www.googletagmanager.com;     object-src 'none';     frame-src 'self' p.teads.tv creativecdn.com *.creativecdn.com td.doubleclick.net *.doubleclick.net www.googletagmanager.com fledge.teads.tv *.teads.tv insight.adsrvr.org match.adsrvr.org *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch *.youtube.com *.vimeo.com vimeo.com *.youtube-nocookie.com www.youtube-nocookie.com;     child-src 'self' *.vimeo.com vimeo.com *.youtube.com youtube.com www.youtube.com *.youtube-nocookie.com www.youtube-nocookie.com;     img-src 'self' * data:;     font-src 'self' data:;     connect-src 'self' api.mkmediaworks.com *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.consentmanager.net connect.facebook.net analytics.google.com ams.creativecdn.com track.adform.net www.google-analytics.com *.outbrain.com bat.bing.com pagead2.googlesyndication.com *.googlesyndication.com region1.google-analytics.com region1.analytics.google.com *.teads.tv blob: ajax.googleapis.com www.googletagmanager.com stats.g.doubleclick.net eu-api.friendlycaptcha.eu friendlycaptcha.com cdn.eizo.de vimeo.com youtube-nocookie.com youtube.com;     manifest-src *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch 'self';     base-uri 'self';     form-action 'self' https://www.paypal.com https://*.list-manage.com https://ipayment.de https://www.saferpay.com;     media-src 'self' *.eizo.de *.eizo.at *.eizo.be *.eizo.cz *.eizo.it *.eizo.nl *.eizo.eu *.eizo.hu *.eizo.es *.eizo.ch d2u1aaftdsxbyu.cloudfront.net *.vimeo.com vimeo.com *.youtube.com youtube.com;     worker-src 'self' blob:;      2
default-src 'self';                    script-src 'self' https://* 'unsafe-inline' 'unsafe-eval' * ;                   style-src 'self' https://* 'unsafe-inline' ;                    img-src 'self' data: https://*;                    font-src 'self' data: https://*;                    connect-src 'self' https://*;                   frame-src 'self' https://*; 2
upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * 2
frame-ancestors 'self' zendesk.com training.finalsite.com www.taistn.com www.tri-association.org www.swaes.org www.qais.qc.ca www.partnersinmission.com www.paispa.org www.nysais.org www.nwais.org www.njais.org www.nesacenter.org www.mn-ais.org www.maisschools.com www.mais-web.org www.lmais.org isasw.finalsite.com www.theibsc.org www.fobisia.org www.fcis.org www.cristoreynetwork.org www.cobis.org.uk www.cisontario.ca www.cois.org www.capss.org www.cais.ca www.cabe.org aisne.finalsite.com www.aims-mi.org www.acaap.net www.aassa.com www.aaie.org https://www.finalsite.co.uk www.finalsite.co.uk *.pendo.io pendo-io-static.storage.googleapis.com www.boarding.org.au app.getguru.com; 2
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: https: blob:; report-uri /csp-violation-report/ 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: http: https: *.esginnova.com *.isotools.us *.kantansoftware.com *.pmg-ssi.com *.escuelaeuropeaexcelencia.com *.gstatic.com *.w.org *.cloudflare.com *.google.es *.doubleclick.net *.facebook.com *.google-analytics.com *.hs-analytics.net *.hs-banner.com *.usemessages.com *.hsadspixel.net *.hs-scripts.com *.facebook.net *.googletagmanager.com *.vimeo.com *.googleapis.com *.google.com *.googleusercontent.com *.hubspot.com *.jsdelivr.net *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.adnxs.com *.jquery.com *.adroll.com *.hsappstatic.net *.stripe.com *.denomatic.com *.adform.net *.affilired.com *.googleadservices.com *.hubspot.net *.hscta.net *.hsforms.net secure.gravatar.com *.fs1.hubspotusercontent-na1.net *.hsforms.com *.hubspotusercontent10.net *.responsivevoice.org *.clarity.ms *.calendly.com *.serviceform.com ucarecdn.com *.firebasedatabase.app *.ucarecdn.com cdn-cookieyes.com *.serviceform.com; img-src 'self' blob: data: *.esginnova.com *.isotools.us *.kantansoftware.com *.pmg-ssi.com *.escuelaeuropeaexcelencia.com *.gstatic.com *.w.org *.cloudflare.com *.google.es *.doubleclick.net *.facebook.com *.google-analytics.com *.hs-analytics.net *.hs-banner.com *.usemessages.com *.hsadspixel.net *.hs-scripts.com *.facebook.net *.googletagmanager.com *.vimeo.com *.googleapis.com *.google.com *.googleusercontent.com *.hubspot.com *.jsdelivr.net *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.adnxs.com *.jquery.com *.adroll.com *.hsappstatic.net *.stripe.com *.denomatic.com *.adform.net *.affilired.com *.googleadservices.com *.hubspot.net *.hscta.net *.hsforms.net secure.gravatar.com *.fs1.hubspotusercontent-na1.net *.hsforms.com *.hubspotusercontent10.net *.responsivevoice.org *.clarity.ms *.calendly.com *.serviceform.com ucarecdn.com *.firebasedatabase.app *.ucarecdn.com cdn-cookieyes.com *.serviceform.com; frame-ancestors 'self' *.esginnova.com *.isotools.us *.kantansoftware.com *.pmg-ssi.com *.escuelaeuropeaexcelencia.com *.gstatic.com *.w.org *.cloudflare.com *.google.es *.doubleclick.net *.facebook.com *.google-analytics.com *.hs-analytics.net *.hs-banner.com *.usemessages.com *.hsadspixel.net *.hs-scripts.com *.facebook.net *.googletagmanager.com *.vimeo.com *.googleapis.com *.google.com *.googleusercontent.com *.hubspot.com *.jsdelivr.net *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.adnxs.com *.jquery.com *.adroll.com *.hsappstatic.net *.stripe.com *.denomatic.com *.adform.net *.affilired.com *.googleadservices.com *.hubspot.net *.hscta.net *.hsforms.net secure.gravatar.com *.fs1.hubspotusercontent-na1.net *.hsforms.com *.hubspotusercontent10.net *.responsivevoice.org *.clarity.ms *.calendly.com *.serviceform.com ucarecdn.com *.firebasedatabase.app *.ucarecdn.com cdn-cookieyes.com *.serviceform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: block *.esginnova.com *.isotools.us *.kantansoftware.com *.pmg-ssi.com *.escuelaeuropeaexcelencia.com *.gstatic.com *.w.org *.cloudflare.com *.google.es *.doubleclick.net *.facebook.com *.google-analytics.com *.hs-analytics.net *.hs-banner.com *.usemessages.com *.hsadspixel.net *.hs-scripts.com *.facebook.net *.googletagmanager.com *.vimeo.com *.googleapis.com *.google.com *.googleusercontent.com *.hubspot.com *.jsdelivr.net *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.openx.net *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.3lift.com *.adnxs.com *.jquery.com *.adroll.com *.hsappstatic.net *.stripe.com *.denomatic.com *.adform.net *.affilired.com *.googleadservices.com *.hubspot.net *.hscta.net *.hsforms.net secure.gravatar.com *.fs1.hubspotusercontent-na1.net *.hsforms.com *.hubspotusercontent10.net *.responsivevoice.org *.clarity.ms *.calendly.com *.serviceform.com ucarecdn.com *.firebasedatabase.app *.ucarecdn.com cdn-cookieyes.com *.serviceform.com; 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 2
frame-ancestors 'self' ocfl.net *.ocfl.net onetgov.net *.onetgov.net orangecountyfl.net *.orangecountyfl.net *.google-analytics.com *.analytics.google.com 2
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: 2
font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com; media-src 'self'; style-src 'unsafe-inline' 'self' maxcdn.bootstrapcdn.com googletagmanager.com cdnjs.cloudflare.com fonts.googleapis.com 'unsafe-inline' 'self' *.ckeditor.com *.countryflags.io fonts.gstatic.com; default-src 'self'  'unsafe-inline' 'self' 'unsafe-eval' stats.g.doubleclick.net albaraka.com.sy telegram.org cdn.rawgit.com unpkg.com cdn.jsdelivr.net epaytest.albaraka.com.sy *.albaraka.com.sy *.googletagmanager.com *.youtube.com *.countryflags.io *.openlayers.org api.mapbox.com  openlayers.org *.openstreetmap.org *.flexsolutions.biz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.youtube.com https://ajax.googleapis.com  https://ssl.google-analytics.com https://www.googletagmanager.com/gtag/js?id=G-683CLL81Q1; 2
frame-ancestors 'self' * 2
frame-ancestors 'self' https://dbwas.service.deutschebahn.com https://planner.dbcargo.com 2
default-src https: 'unsafe-eval' 'unsafe-inline' 2
default-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 2
frame-ancestors 'self' https://play.workadventu.re 2
frame-ancestors https://dgbuilder.io http://dgbuilder.io 2
“default-src" 2
frame-ancestors 'self'  https://next.adabra.com/ https://my.adabra.com/ https://app.blendee.com/ 2
frame-ancestors https://app.storyblok.com 2
upgrade-insecure-requests; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.clarity.ms www.tintup.com d.la3-c2-ia2.salesforceliveagent.com www.artfut.com my.tealiumiq.com t.contentsquare.net canon-europe.force.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com d.la3-c2-ia7.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com tags.srv.stackadapt.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' blob: ajax.googleapis.com vjs.zencdn.net admin.brightcove.com sc-static.net bat.bing.com cdnjs.cloudflare.com tags.tiqcdn.com cdn.optimizely.com sadmin.brightcove.com www.youtube.com sadmin.brightcove.com www.google-analytics.com www.google.com cdnssl.clicktale.net snap.licdn.com connect.facebook.net www.googletagmanager.com script.crazyegg.com s.ytimg.com snap.licdn.com visitor-service-eu-west-1.tealiumiq.com s1583749854.t.eloqua.com app.gatedcontent.com img.en25.com s1.adis.ws cdn.pricespider.com locate.pricespider.com wtbevents.pricespider.com c.la1-c1-frf.salesforceliveagent.com players.brightcove.net logx.optimizely.com collect-eu-west-1.tealiumiq.com stats.g.doubleclick.net insights.gatedcontent.com ajax.googleapis.com www.buzzsprout.com www.gstatic.com apps.bazaarvoice.com canon-test-comments.disqus.com tablesorter.com display.ugc.bazaarvoice.com analytics-static.ugc.bazaarvoice.com api.bazaarvoice.com network-eu.bazaarvoice.com visitor-service.tealiumiq.com app.optimizely.com c.evidon.com ds-aksb-a.akamaihd.net check.pricespider.com cdncache-a.akamaihd.net cdn3.optimizely.com turbo.qualaroo.com cdn-assets-prod.s3.amazonaws.com cdn.appdynamics.com s.adroll.com static.ads-twitter.com serve.albacross.com nexus.ensighten.com s.pinimg.com www.googleadservices.com analytics.tiktok.com dynamic.criteo.com adform.net ensighten.com pinimg.com refocus.ru dwin1.com cl.qualaroo.com ref.ccb-dev.com st.smartassistant.com wirewax.s3.eu-west-1.amazonaws.com service.force.com comeandsee--devxq3.my.salesforce.com devxq3-canon-europe.cs169.force.com c.la2-c1cs-ia4.salesforceliveagent.com d.la2-c1cs-ia4.salesforceliveagent.com i1.adis.ws mpsnare.iesnare.com canoneu.saas.appdynamics.com cloud.typography.com network.bazaarvoice.com s3.amazonaws.com www.canon-europe.com www.facebook.com apps.nexus.bazaarvoice.com platform.twitter.com tiger-cdn.zoovu.com cdn.syndication.twimg.com js.adsrvr.org code.tidio.co widget-v4.tidiochat.com canon.smartassistant.com code.jquery.com comeandsee.my.salesforce.com d.la3-c1-fra.salesforceliveagent.com d.la1-c1-frf.salesforceliveagent.com api.tiles.mapbox.com static.lightning.force.com d.la3-c2-ph2.salesforceliveagent.com display-stg.ugc.bazaarvoice.com edge-player.wirewax.com edge-assets.wirewax.com edge-player5.wirewax.com teads.tv community.canon-europe.com cdn.hypemarks.com 3001.scriptcdn.net 7896543.s3.amazonaws.com sys.refocus.ru googleads.g.doubleclick.net doubleclick.net googlesyndication.com my.tealiumiq.com pagead2.googlesyndication.com www.googleadservices.com t.clicktale.net app.contentsquare.com *.livechatinc.com analytics.twitter.com dqm.crownpeak.com assetscdn.stackla.com sys.datadrivenpromotion.com b2badmin.mycanon.club maps.googleapis.com d.adroll.com static.criteo.net assets.calendly.com edge-player5.wirewax.com ct.leady.com sslwidget.criteo.com www.tintup.com d.la3-c2-ia2.salesforceliveagent.com c.la3-c2-ia7.salesforceliveagent.com comeandsee.my.site.com www.artfut.com my.tealiumiq.com t.contentsquare.net d.la3-c2-ia7.salesforceliveagent.com canon-europe.force.com tiger-cdn.zoovu.com orca-api.zoovu.com orca-runner-assets.zoovu.com orca-cdn.zoovu.com ajhgroup9516.file.core.windows.net d.la3-c1-cdg.salesforceliveagent.com sales-promotions.com sales-promotions.taxback.ess.ie *.pricespider.com *.mapbox.com unpkg.com img03.en25.com www.mczbf.com d.la1-core1.sfdc-lywfpd.salesforceliveagent.com d.la3-core1.sfdc-lywfpd.salesforceliveagent.com d.la1-core1.sfdc-yzvdd4.salesforceliveagent.com tags.srv.stackadapt.com; 2
frame-ancestors 'self' *.ofbusiness.com 2
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval';    frame-ancestors 'self' https://one-time-offer.com https://cashbackprog.completesavings.co.uk 2
frame-ancestors vernaruto.tv 2
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.youtube.com https://s.ytimg.com https://consent.cookiebot.com https://consentcdn.cookiebot.com lidlbe.bbvms.com d6qodzoew6e61.cloudfront.net *.bluebillywig.com *.google.com *.google.nl https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net lidlbe.bbvms.com cdn.bluebillywig.com www.google-analytics.com www.googletagmanager.com adservice.google.de adservice.google.com www.spott.tv spott.ai https://consent.cookiebot.com https://consentcdn.cookiebot.com www.youtube.com https://www.googleadservices.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' cdn.bluebillywig.com https://fonts.googleapis.com; img-src * data: *.google.com *.google.de *.google-analytics.com *.doubleclick.net https://*.cat-ret.assets.lidl lidlbe.bbvms.com *.bluebillywig.com *.google.nl; media-src 'self' data: *.bluebillywig.com d6qodzoew6e61.cloudfront.net; form-action 'self' https://survey.g.doubleclick.net; frame-src 'self' *.recipes.vdc.lidl *.lidl.at *.lidl.bg *.lidl.ch *.lidl.com.cy *.lidl.dk *.lidl.es *.lidl.co.uk *.lidl.ie *.lidl.it *.lidl.lt *.lidl.nl *.lidl.ro *.lidl.si *.dekeukenvanlidl.be *.lacuisinedelidl.be *.lidl-kochen.de *.lidl-reseptit.fi *.lidl-recettes.fr *.lidlovakuhinja.hr *.services.lidl *.receitaslidl.pt *.lidlovirecepti.rs *.lidl-recept.se *.lidl-hellas.gr *.lidl-ni.co.uk *.lidlkonyha.hu https://www.youtube-nocookie.com https://consentcdn.cookiebot.com *.doubleclick.net; frame-ancestors 'self' *.recipes.vdc.lidl *.lidl.at *.lidl.bg *.lidl.ch *.lidl.com.cy *.lidl.dk *.lidl.es *.lidl.co.uk *.lidl.ie *.lidl.it *.lidl.lt *.lidl.nl *.lidl.ro *.lidl.si *.dekeukenvanlidl.be *.lacuisinedelidl.be *.lidl-kochen.de *.lidl-reseptit.fi *.lidl-recettes.fr *.lidlovakuhinja.hr *.services.lidl *.receitaslidl.pt *.lidlovirecepti.rs *.lidl-recept.se *.lidl-hellas.gr *.lidl-ni.co.uk *.lidlkonyha.hu; 2
script-src 'self' 'unsafe-eval' 'unsafe-inline' b2c.benuta.at b2c.benuta.ch b2c.benuta.co.uk b2c.benuta.cz b2c.benuta.de b2c.benuta.dk b2c.benuta.es b2c.benuta.eu b2c.benuta.fi b2c.benuta.fr b2c.benuta.it b2c.benuta.nl b2c.benuta.no b2c.benuta.pl b2c.benuta.pt b2c.benuta.se b2c.benuta.com connect.getflowbox.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com x.klarnacdn.net pay.google.com https://wchat.freshchat.com https://connect.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net s.pinimg.com load.sumo.com vercel.live bat.bing.com connect.facebook.net sumo.com cdn.vercel-insights.com *.sovendus.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://collector-37445.tvsquared.com *.tvsquared.com https://pixel.biano.it https://it.bianopixel.com dynamic.criteo.com sslwidget.criteo.com static.ads-twitter.com widget.reviews.io *.newrelic.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; connect-src 'self' data: sockjs-us3.pusher.com *.sentry.io sentry.brandung-dev.de eu.playground.klarnaevt.com eu.klarnaevt.com https://wchat.freshchat.com *.getflowbox.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com www.google-analytics.com stats.g.doubleclick.net graphql.contentful.com *.ksearchnet.com ksearchnet.com www.google.com sumo.com ct.pinterest.com googleads.g.doubleclick.net js.klevu.com bat.bing.com vitals.vercel-insights.com vercel.live *.pusher.com *.adyen.com wss://ws-us3.pusher.com *.klarnacdn.net *.klarna.com *.appspot.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com ws://127.0.0.1:53911 *.dotdigital-pages.com dotdigital-pages.com *.trackedweb.net *.s24.com *.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://p.biano.it https://it.bianopixel.com ads.x.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com tiktok.com public.app.priceshape.io measurement-api.criteo.com api.reviews.io *.nr-data.net *.googlesyndication.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' data: tagmanager.google.com wchat.freshchat.com www.benuta.eu www.googletagmanager.com assets.reviews.io widget.reviews.io d1azc1qln24ryf.cloudfront.net d19ayerf5ehaab.cloudfront.net cdn.icomoon.io; font-src 'self' data: assets.vercel.com assets.reviews.io d19ayerf5ehaab.cloudfront.net cdn.icomoon.io; prefetch-src 'self'; img-src 'self' blob: data: ssl.gstatic.com www.gstatic.com x.klarnacdn.net *.adyen.com app.usercentrics.eu *.usercentrics.eu privacy-proxy.usercentrics.eu *.cloudfront.net googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com ct.pinterest.com bat.bing.com media.sumo.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com *.getflowbox.com https://collector-37445.tvsquared.com *.tvsquared.com checkoutshopper-live.adyen.com x.klarnacdn.net images.ctfassets.net downloads.ctfassets.net downloads.ctfassets.net www.paypalobjects.com www.checkoutshopper-live.adyen.com *.benuta.at *.benuta.ch *.benuta.co.uk *.benuta.cz *.benuta.de *.benuta.dk *.benuta.es *.benuta.eu *.benuta.fi *.benuta.fr *.benuta.it *.benuta.nl *.benuta.no *.benuta.pl *.benuta.pt *.benuta.se *.benuta.com *.b2b.benuta.com checkoutshopper-live.adyen.com static.ads-twitter.com ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co assets.reviews.io https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com http://pixel.advertising.com d.adroll.mgr.consensu.org p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com snap.licdn.com sync.taboola.com s.analytics.yahoo.com; media-src 'self' videos.ctfassets.net; manifest-src 'self' 2
frame-ancestors 'self' https://*.countrylife.ie https://*.tirlanfarmlife.com 2
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; frame-ancestors 'self' https://goflo.nl; img-src * data: blob: 2
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 2
script-src 'self' 'unsafe-inline' 'unsafe-eval' 2
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src https: ; child-src https: platform.twitter.com; img-src https: data:;  2
default-src 'self' data: https://sn2.org *; connect-src 'self' https://sn2.org *; base-uri 'self' *; form-action 'self' *; img-src 'self' data: https://sn2.org *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sn2.org *; style-src 'self' 'unsafe-inline' https://sn2.org *; 2
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com credomatic.compassmerchantsolutions.com https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.youtube.com *.vimeo.com mongepay.com conway.ddev.site https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com https://www.googletagmanager.com/ https://adobedtm.com assets.adobedtm.com dpm.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni https://www.facebook.com https://www.google.com *.flixcar.com *.flixfacts.com *.cnetcontent.com *.vimeo.com https://widgetapp.ocularsolution.com *.getblue.io *.flipsnack.com https://heyzine.com https://promogallonic.com https://front-notrack.indexado.production.pmbox.cloud https://fichashppervasive.blob.core.windows.net https://www.tiendamonge.com/nps-check-out-tlv-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-cr https://www.tiendamonge.com/nps-entrega-tienda-en-linea-el-salvador https://www.tiendamonge.com/nps-entrega-tienda-en-linea-guatemala https://www.tiendamonge.com/nps-entrega-tienda-en-linea-honduras https://www.tiendamonge.com/nps-entrega-tienda-en-linea-ni https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta https://www.tiendamonge.com/nps-gracias-por-completar-la-encuesta-monge-pay https://www.tiendamonge.com/nps-monge-pay-desembolso-cash https://www.tiendamonge.com/nps-monge-pay-liveness https://www.tiendamonge.com/nps-monge-pay-pago-a-tarjeta-monge https://www.tiendamonge.com/nps-monge-pay-pago-operaciones https://www.tiendamonge.com/nps-monge-pay-registro https://www.tiendamonge.com/nps-service-desk-ti-costa-rica https://notrack.indexado.pmbox.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://online.fliphtml5.com/ https://analytics.tiktok.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.cloudflare.com widget.ocularsolution.com *.newrelic.com https://bam.nr-data.net *.facebook.com *.connect.facebook.net *.google.com *.google-analytics.com *.googleadservices.com *.paypal.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud googleads.g.doubleclick.net https://www.google.com https://www.google.com.co https://www.tiendamonge.com https://www.elgallomasgallo.com.ni https://www.prado.com.sv https://www.elgallomasgallo.com.hn https://www.elgallomasgallo.com.gt https://www.verdugotienda.com *.teads.tv *.scene7.com https://fichashppervasive.blob.core.windows.net https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://adobedtm.com fast.amc.demdex.net dpm.demdex.net *.googletagmanager.com *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni 'unsafe-inline' widget.ocularsolution.com *.1worldsync.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.connect.facebook.net *.gstatic.com *.paypal.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com *.flix360.com *.flix360.io *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.syndigo.com *.syndigo.cloud https://event.getblue.io *.getblue.io https://p.teads.tv https://smetrics.verdugotienda.com https://rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com www.serfinsacheckout.com testcheckout.redserfinsa.com:8087 bdpdev.redserfinsa.com:8088 assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com widget.ocularsolution.com *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.flixcar.com *.flixfacts.com rocio.ocularsolution.com https://ocular-prod.api.rocio.ai *.ocularsolution.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.flixcar.com widget.ocularsolution.com *.flixfacts.com *.flix360.com *.flix360.io *.syndigo.com *.syndigo.cloud https://emersya.com https://ocular-prod.api.rocio.ai *.ocularsolution.com *.mabeindex.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://adobedtm.com assets.adobedtm.com *.adobe.com fast.amc.demdex.net *.googleapis.com *.googletagmanager.com *.facebook.com *.google-analytics.com *.googleadservices.com *.facebook.net grupomongegrupomongedev.112.2o7.net grupomonge.tt.omtrdc.net *.demdex.net *.doubleclick.net bam-cell.nr-data.net smetrics.tiendamonge.com smetrics.elgallomasgallo.com.gt smetrics.elgallomasgallo.com.hn smetrics.prado.com.sv smetrics.elgallomasgallo.com.ni wss://tm.filter:1502/ api.ocularsolution.com xml.ssreviewsportal.com *.cloudflare.com *.newrelic.com https://bam.nr-data.net *.google.com *.paypal.com *.pingdom.net *.woorank.com *.cnetcontent.com *.youtube.com *.vimeo.com *.syndigo.com *.syndigo.cloud product-feature-service.production.alquimio.cloud api.repositorio.production.alquimio.cloud orchestrator.production.aks.alquimio.cloud *.teads.tv https://ocular-prod.api.rocio.ai *.ocularsolution.com *.flixcar.com https://accvent.com *.accvent.com https://forzaups.com *.forzaups.com https://firalivepro.blob.core.windows.net *.firalivepro.blob.core.windows.net https://fira-live-player-pro.azurewebsites.net/ https://fira-live-management-api-pro.azurewebsites.net https://www.lg.com/cac https://analytics.tiktok.com www.serfinsacheckout.com testcheckout.redserfinsa.com:8087 bdpdev.redserfinsa.com:8088 api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.adform.net *.gstatic.com fonts.googleapis.com;             style-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gstatic.com fonts.googleapis.com 'unsafe-inline';             script-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gemius.pl 'unsafe-inline' 'unsafe-eval';             img-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee vimeo.com *.vimeo.com *.vimeocdn.com *.every-pay.com *.every-pay.eu data: filesystem: blob:;             connect-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.cookielaw.org *.onetrust.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee;             frame-src 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee   *.doubleclick.net *.youtube.com *.ytimg.com *.google.ee *.google.com *.google-analytics.com *.googletagmanager.com *.googletagservices.com *.gstatic.com fonts.googleapis.com *.facebook.com *.facebook.net vimeo.com *.vimeo.com *.vimeocdn.com *.createjs.com *.adform.net *.adform.com *.seadform.net *.adcanvas.com *.city24.ee *.city24.lv *.kv.ee *.osta.ee *.gemius.pl data:;             frame-ancestors 'self' *.img-bcg.eu *.auto24.ee *.auto24.lv *.auto24.lt *.auto24.fi *.mototehnika.ee *.rasketehnika.ee *.veetehnika.ee *.kuldnebors.ee *.vininfo.ee  ;             object-src 'none';             sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-popups-to-escape-sandbox allow-downloads; 2
https: 2
default-src 'self' *.vanheusenindia.com *.yellowmessenger.com *.trendin.com *.abfrl.net *.abfrl.in *.paytm *.louisphilippe.com *.reebok.in *.aeo.in *.forever21.in *.simoncarter.in *.peterengland.com *.allensolly.com *.gstatic.com data:; img-src * 'self' https://*.akstat.io vanhuesenindia.imgix.net blob: data:;script-src 'self' assets.abfrlcdn.com *.google.com pantaloons.imgix.net tr.snapchat.com tags.creativecdn.com asia.creativecdn.com *.artfut.com zailaf.org *.yellowmessenger.com tsm.s3g6.com retag.crossdevicetracking.com static-cdn.trackier.com wd-ret.io in1.clevertap-prod.com https://*.go-mpulse.net trc.taboola.com targetinng.com rtb-global.com webtrafficsource.com i.l-dsp.inmobicdn.net cdn.taboola.com go-mpulse.net sc-static.net sdk.rsut.io router.paytm.in stage-router.paytm.in securegw-stage.paytm.in *.paytm.com *.paytm.in *.amazonaws.com *.wizrocket.com *.criteo.com *.criteo.net *.googleapis.com *.resu.io sdk.resu.io cdnjs.cloudflare.com *.adobedtm.com *.gstatic.com *.primeai1.org *.primeai.co.uk *.primeai3.in *.jquery.com *.facebook.net *.google.com *.googleapis.com *.cloudfront.net *.hotjar.com *.contentsquare.net *.google-analytics.com *.bing.com *.streamoid.com *.googleadservices.com *.abfrl.in *.abfrl.net *.trendin.com *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com google.com *.googletagmanager.com *.usersnap.com *.clevertap.com *.adobedtm.com *.wzrkt.com 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.crazyegg.com; connect-src 'self' *.tryndbuy.com widget.usersnap.com wd-ret.io targetinng.com asia.creativecdn.com tr.snapchat.com wss://cloud.yellow.ai *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.yellow.ai *.paytm.in *.akamaihd.net wss://stage-router.paytm.in wss://router.paytm.in wss://securegw-stage.paytm.in wss://securegw.paytm.in *.taboola.com wss://websoc.resu.io http://abfrl.com/ *.google.com *.google.co.in *.criteo.com rtb-global.com webtrafficsource.com https://*.akstat.io https://*.go-mpulse.net cdn.taboola.com *.adobedc.net in1.wzrkt.com apis.google.com *.googletagmanager.com *.abfrl.in *.abfrl.net *.trendin.com assets.trendin.com assets.abfrlcdn.com use.typekit.net *.gstatic.com *.facebook.com pantaloons.imgix.net bat.bing.com *.hotjar.io geolocation-db.com *.hotjar.com *.googleapis.com *.primeai.co.uk *.primeai1.org *.primeai3.in http://integration.richrelevance.com/* http://integration.richrelevance.com http://recs.richrelevance.com/* http://recs.richrelevance.com *.richrelevance.com *.amazonaws.com *.wizrocket.com adityabirlafashion.sc.omtrdc.net *.google-analytics.com *.forever21.in *.simoncarter.in *.reebok.in *.aeo.in *.vanheusenindia.com *.louisphilippe.com *.peterengland.com *.allensolly.com *.doubleclick.net *.demdex.net *.adobeaemcloud.com nodeserver.sdk.streamoid.com *.elastic-cloud.com *.crazyegg.com sdk.resu.io cdnjs.cloudflare.com *.clickpost.in; style-src 'self' 'unsafe-inline' *.google.com accounts.google.com *.abfrl.in *.abfrl.net *.yellowmessenger.com *.paytm.in *.trendin.com *.primeai.co.uk *.primeai1.org *.primeai3.in *.crazyegg.com *.streamoid.com *.googleapis.com nodeserver.sdk.streamoid.com *.typekit.net; media-src 'self' 'unsafe-eval' 'unsafe-inline' *.adobeaemcloud.com *.typekit.net *.abfrl.in *.abfrl.net *.trendin.com  *.elastic-cloud.com *.scene7.com assets.abfrlcdn.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' zailaf.org tr.snapchat.com *.paytm.in afftracer.g2afse.com tsm.s3g6.com tracking.icubeswire.co static.criteo.net *.amazon-adsystem.com *.criteo.com *.amazonaws.com *.wizrocket.com *.facebook.com accounts.google.com *.doubleclick.net *.demdex.net *.hotjar.com *.abfrl.in *.abfrl.net *.trendin.com *.youtube.com; child-src pantaloons.imgix.net *.googleapis.com; worker-src localhost:3000 blob: *.vanheusenindia.com *.abfrl.in *.abfrl.net *.louisphilippe.com *.peterengland.com *.allensolly.com; prefetch-src  *.googleapis.com *.abfrl.in assets.abfrlcdn.com imagescdn.abfrl.in connect.facebook.net cdn.yellowmessenger.com script.crazyegg.com 2
frame-ancestors 'self' https://uscreen.io https://*.uscreen.io https://www.uscreen.tv https://app.uscreen.tv/ 2
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self', frame-ancestors 'self' *.facebook.com, frame-ancestors 'self' *.facebook.com 2
font-src 'self' *.littleforest.co.uk fonts.gstatic.com cdn.jsdelivr.net fonts.googleapis.com amp.azure.net data: 2
default-src *; style-src 'self' https://* 'unsafe-inline'; font-src 'self' data: https://* 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; 2
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; child-src *; 2
'self' *.model-t.cc.commerce.ondemand.com 2
default-src 'self';    img-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net;    media-src 'self' s3-ap-northeast-1.amazonaws.com *.cloudfront.net;    style-src 'self' 'nonce-yiyABNgr0rFv5i+sndZpFTeyWOw=' fonts.googleapis.com cdn.jsdelivr.net *.cloudfront.net;    style-src-attr 'self' 'nonce-yiyABNgr0rFv5iasndZpFTeyWOw=';    script-src 'self' 'nonce-acga38w6Qa0Xoa7JsaBE0xAWWP0=' www.gstatic.com www.googletagmanager.com cdn.jsdelivr.net ajax.googleapis.com *.cloudfront.net *.mul-pay.jp;    font-src 'self' data: fonts.gstatic.com fonts.googleapi.com *.cloudfront.net;    form-action 'self';    connect-src 'self' www.google-analytics.com firebaseinstallations.googleapis.com fcmregistrations.googleapis.com;    frame-ancestors 'self'; 2
default-src * 'self' 'unsafe-inline' 'unsafe-eval' cdn.kustomerapp.com ;       script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.azurewebsites.net:* https://connect.facebook.net/en_US/fbevents.js https://script.hotjar.com:* https://static.hotjar.com/c/hotjar-1954484.js https://www.googletagmanager.com/gtag/js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/jquery.inputmask.bundle.js https://wchat.freshchat.com/js/widget.js https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js https://code.jquery.com/ui/1.11.0/jquery-ui.js https://rawgit.com/RobinHerbots/Inputmask/4.x/dist/inputmask/phone-codes/phone.js *.google.com *.gstatic.com https://code.jquery.com/jquery-1.8.3.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.0/jquery-ui.min.js https://www.google-analytics.com/analytics.js *.googletagmanager.com cdn.kustomerapp.com ;    style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fonts.googleapis.com https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://rawgit.com https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://code.jquery.com/ui/1.11.0/themes/smoothness/jquery-ui.css https://www.gstatic.com/charts/51/css/core/tooltip.css https://www.gstatic.com/charts/51/css/util/util.css cdn.kustomerapp.com ;    object-src 'self' cdn.kustomerapp.com ;    base-uri 'self' cdn.kustomerapp.com ;    connect-src * 'self' data:  cdn.kustomerapp.com ;    font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com https://kit-free.fontawesome.com https://netdna.bootstrapcdn.com https://maxcdn.bootstrapcdn.com cdn.kustomerapp.com ;    frame-src * 'self' https://vars.hotjar.com https://maps.google.com/ https://app.powerbi.com/ https://www.youtube.com/ cdn.kustomerapp.com ;    img-src 'self' cdn.kustomerhostedcontent.com https://connect.facebook.net:* https://script.hotjar.com:* data: cdn.kustomerapp.com ;    manifest-src 'self' cdn.kustomerapp.com ;    media-src * 'self' 2
nopaperforms.com dpu.edu.in ajax.googleapis.com maxcdn.bootstrapcdn.com googletagmanager.com blogs.dpuerp.in dpu.edu.in gbsrc.dpu.edu.in google.com youtube.com *dpu.edu.in *.dpuerp.in *.googleapis.com *.bootstrapcdn.com *.nopaperforms.com; 2
script-src 'self' http://java.sun.com/jsp/jstl/core http://java.sun.com/jsp/jstl/fmt http://tiles.apache.org/tags-tiles 'unsafe-inline' 'wasm-unsafe-eval' 2
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.gstatic.com 'self' data: assets.adobedtm.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost data:; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * mldp.mercadopago.com www.mercadolibre.com td.doubleclick.net; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com imgmp.mlstatic.com *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: www.mercadolibre.com www.mercadolibre.com.mx www.mercadolibre.com.ar www.mercadolibre.com.br a248.e.akamai.net mercadolivre.com.br www.mercadolivre.com.br www.mercadolivre.com.mx www.mercadolivre.com.ar www.mercadopago.com secure.mlstatic.com www.mercadolivre.com www.mercadopago.com.ar *.google.com www.google.com.ar storage.googleapis.com www.google.com.mx www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost content.ib2c.com.ar player.vimeo.com pos.baidu.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net unpkg.com commerce.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.mlstatic.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com *.gstatic.com http2.mlstatic.com secure.mlstatic.com https://maps.googleapis.com geolocation.onetrust.com *.google-analytics.com web-sdk.aptrinsic.com esp-m.aptrinsic.com *.fontawesome.com static.hotjar.com script.hotjar.com *.behamics.com www.facebook.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com footer.mars.com web-sdk.aptrinsic.com esp-m.aptrinsic.com assets.adobedtm.com *.behamics.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline'; object-src esp-m.aptrinsic.com bam.nr-data.net js-agent.newrelic.com dpm.demdex.net assets.adobedtm.com www.golasouth.com gola-cloud.localhost mcstaging.golasouth.com etiquetanegra.us mcstaging.etiquetanegra.us etiquetanegra-cloud.localhost 'self' 'unsafe-inline'; media-src *.adobe.com player.vimeo.com download-video.akamaized.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net vimeo.com api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com api.comapi.com bam.nr-data.net *.mercadopago.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com api.mercadopago.com events.mercadopago.com www.mercadolibre.com rcdfcdn.mars.com geolocation.onetrust.com dev.gtm.southwatts.com secure.mlstatic.com maps.googleapis.com www.mercadolivre.com www.mercadopago.com.ar stats.g.doubleclick.net www.google.com.ar accounts.google.com web-sdk.aptrinsic.com esp-m.aptrinsic.com js-agent.newrelic.com assets.adobedtm.com pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 2
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
report-uri https://thebeginningaftertheend.online 2
frame-ancestors 'self' https://www.municipalidadantofagasta.cl/ https://www.municipalidaddeantofagasta.cl/ https://municipalidadantofagasta.cl/ https://municipalidaddeantofagasta.cl/ 2
default-src https:; connect-src https: wss: http:; font-src https: data:; img-src https: data: blob:; frame-src https: blob:; frame-ancestors 'self'; worker-src blob: https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 2
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data: blob:; media-src * data:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 2
default-src 'self' https: blob: data: wss: 'unsafe-inline' 'unsafe-eval' 2
default-src 'self' *.videoly.co *.v3rk73r.lt *.youtube-nocookie.com *.youtube.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net *.googleadservices.com *.google-analytics.com *.googlesyndication.com *.google.com *.facebook.com; media-src 'self' *.v3rk73r.lt *.tidiochat.com; style-src 'self' *.v3rk73r.lt *.verkter.dk 'unsafe-inline' *.on.aws *.v3rk73r.lt *.popt.in *.cookie-script.com *.tidiochat.com code.tidio.co cdn.datatables.net cdnjs.cloudflare.com *.bootstrapcdn.com *.google.com *.googleapis.com *.klarnacdn.net *.ladesk.com *.mailchimp.com static.bambora.com *.trackjs.com; script-src 'self' *.v3rk73r.lt *.verkter.dk 'unsafe-eval' 'unsafe-inline' *.videoly.co *.youtube-nocookie.com *.ytimg.com *.wistia.com *.wistia.net *.videoly.net *.gstatic.com *.cookie-script.com *.youtube.com *.doubleclick.net *.clarity.ms cdn.popt.in back.verkter.net verkter.net *.irankiai.lt *.tidiochat.com code.tidio.co cdnjs.cloudflare.com *.bootstrapcdn.com *.facebook.net cdn.datatables.net *.google.com *.googleapis.com googleads.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.jquery.com *.hotjar.com *.klarna.com *.klarnacdn.net *.ladesk.com *.mokilizingas.lt *.newrelic.com *.nr-data.net *.trustpilot.com static.bambora.com *.trackjs.com omnisrc.com *.soundestlink.com omnisnippet1.com; img-src * data: *.ytimg.com *.wistia.com *.wistia.net; font-src 'self' data: *.popt.in *.cloudflare.com *.cookie-script.com *.tidiochat.com *.bootstrapcdn.com *.gstatic.com *.klarnacdn.net code.tidio.co *.trackjs.com; frame-src 'self' *.youtube-nocookie.com *.videoly.net *.doubleclick.net *.tidiochat.com bid.g.doubleclick.net *.bonusway.com *.facebook.com *.google.com *.googletagmanager.com *.hotjar.com *.klarna.com *.ladesk.com *.liisi.ee *.mokilizingas.lt *.trustpilot.com *.youtube.com *.trackjs.com omniform1.com code.tidio.co *.cookie-script.com; connect-src 'self' *.cookie-script.com *.googleadservices.com *.googlesyndication.com *.clarity.ms *.cloudfront.net *.popt.in google.com *.google-analytics.com *.google.com *.google.lt *.analytics.google.com wss: *.tidiochat.com *.klarnaevt.com *.playground.klarnaevt.com *.hotjar.com *.facebook.com googleads.g.doubleclick.net *.hotjar.com *.hotjar.io *.klarna.com *.nr-data.net *.postit.lt postit.lt stats.g.doubleclick.net *.googleapis.com code.tidio.co static.bambora.com verkter.net *.verkter.net *.v3rk73r.lt *.trackjs.com; report-uri /csp.php 2
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; 2
default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 2
default-src 'self' https:; script-src * blob: 'unsafe-inline' 'unsafe-eval' https://*.m-pathy.com; frame-src 'self' https: db-bordgastronomie.de ps.bahn.de; style-src 'self' 'unsafe-inline'; img-src https: data:; font-src 'self' data:; media-src https: http: blob: 'self' hdshlsdbbahn-vh.akamaihd.net; connect-src 'self' https: wss://*.m-pathy.com 2
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-MGJkZjliYjMtOTQwYi00YmY5LTllMTctMmQ5OWMwZjM2ZmU3'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
object-src 'none';base-uri 'self';script-src 'nonce-YrdiZTJq4PWTCGkRlwDzTQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
default-src 'self';base-uri 'self';script-src 'nonce-P94pvsY5wPIEggeH1xxAsQ==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
img-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com *.mzstatic.com; media-src 'self' blob: data: *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn; font-src 'self' blob: data: icloud.com *.icloud.com *.apple.com *.cdn-apple.com; connect-src blob: 'self' icloud.com *.icloud.com *.apple.com *.cdn-apple.com *.icloud-content.com *.icloud-content.com.cn *.apple-mapkit.com; frame-src 'self' blob: mailto: tel: *.icloud.com *.apple.com *.icloud-sandbox.com *.icloud-content.com *.icloud-content.com.cn; frame-ancestors 'self' *.icloud.com *.apple.com; form-action 'self' *.icloud.com *.apple.com; child-src blob: 'self'; base-uri 'self' *.icloud.com *.cdn-apple.com; report-uri https://feedbackws.icloud.com/reportRaw 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://st.mycdn.me https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-98f3a3f97cd2a457cf7f893c6aac5a60' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.ok.ru https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=23.01.24; 1
base-uri 'self'; object-src 'none'; script-src 'self' *.google-analytics.com *.googletagmanager.com *.gstatic.com *.youtube.com *.googleapis.com; 1
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-8rVSSGSdQg2Qdh2SIQPy_A' blob: https:; 1
frame-ancestors 'self' app.storyblok.com; 1
frame-ancestors https://academy.launchdarkly.com https://learn.launchdarkly.com; 1
default-src 'self' *.linktr.ee help.linktr.ee *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com; script-src 'self' *.jsdelivr.net jsdelivr.net *.ashbyhq.com ashbyhq.com *.airtable.com airtable.com *.mountain.com tiktok.com *.tiktok.com *.ttwstatic.com ttwstatic.com *.linktr.ee *.statsigapi.net *.statsig.com *.featuregates.org featuregates.org *.trustpilot.com *.marker.io *.profitwell.com *.branch.io *.intercom.io intercom.io https://*.intercom.io https://*.intercom.com *.intercomcdn.com https://js.intercomcdn.com intercomcdn.io *.redditstatic.com *.sc-static.net sc-static.net *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com app.link *.exchangerate.host *.doubleclick.net *.cloudfunctions.net *.googleadservices.com analytics.tiktok.com analytics.twitter.com bat.bing.com *.onetrust.com cdn.heapanalytics.com cdn.amplitude.com api2.amplitude.com cdn.pdst.com cdn.pdst.fm *.facebook.net *.pinterest.com heapanalytics.com *.gastbyjs.io websitelinktree.gatsbyjs.io assets.production.linktr.ee analytics.google.com unpkg.com s.pinimg.com static.ads-twitter.com *.googleoptimize.com *.clarity.ms *.ads-twitter.com *.youtube.com *.chargebee.com *.stripe.com *.snapchat.com *.tiktokcdn-us.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: *.facebook.net *.bing.com linktreestg.wpengine.com *.api.blog.production.linktr.ee https://api.blog.production.linktr.ee *.linktr.ee *.gatsbyjs.io *.trustpilot.com *.branch.io *.intercomcdn.com intercomcdn.io *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io intercom.io *.intercom-attachments-1.com *.snapchat.com *.clarity.ms *.reddit.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu q.quora.com bat.bing.com *.facebook.com heapanalytics.com t.co *.twitter.com *.facebook.com *.pinterest.com *.google-analytics.com *.onetrust.com *.cloudfront.com *.stripe.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com; style-src 'self' *.ttwstatic.com *.tiktokcdn-us.com *.linktr.ee fonts.googleapis.com *.stripe.com 'unsafe-inline'; font-src 'self' data: *.linktr.ee https://js.intercomcdn.com https://fonts.intercomcdn.com fonts.gstatic.com; form-action 'self' *.facebook.com *.intercom.help *.intercom.io intercom.io https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io *.snapchat.com; connect-src 'self' *.browser-intake-datadoghq.com *.gstatic.com *.doubleclick.net *.bing.com *.googlesyndication.com tiktok.com *.tiktok.com facebook.com *.facebook.com *.linktr.ee statsigapi.net *.statsigapi.net *.statsig.com *.amplitude.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.exchangerate.host https://capi.tr.ee *.featuregates.org featuregates.org *.snapchat.com *.branch.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.clarity.ms ingress.linktr.ee *.onetrust.com *.hsforms.net *.hsforms.com *.amazonaws.com *.profitwell.com *.gatsbyjs.io *.google-analytics.com analytics.tiktok.com *.analytics.google.com analytics.google.com *.google.com.au stats.g.doubleclick.net google-analytics.com ct.pinterest.com *.googleadservices.com *.google.com *.cloudfunctions.net wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105; media-src 'self' *.linktr.ee *.intercomcdn.com intercomcdn.io *.ctfassets.net; frame-src 'self' *.ttwstatic.com ttwstatic.com *.ashbyhq.com ashbyhq.com *.airtable.com airtable.com tiktok.com *.tiktok.com *.linktr.ee https://linktr.ee *.trustpilot.com *.branch.io *.intercom.io intercom.io *.intercomcdn.com intercomcdn.io *.snapchat.com *.pinterest.com *.doubleclick.com *.doubleclick.net *.facebook.com *.formstack.com *.google.com *.hsforms.net *.hsforms.com *.stripe.com https://*.intercom.io https://*.intercom.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net spotify.com *.spotify.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; worker-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub3c5384c350f7b86c67a1cba0b315ee9d&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
default-src 'self' data: https://*.pcdn.co http://*.pcdn.co https://*.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat http://t.co https://*.facebook.com https://*.facebook.net https://*.quora.com  https://*.ads-twitter.com https://*.media.net http://*.media.net https://*.cookiepro.com https://*.onetrust.com https://*.twitter.com https://*.youtube.com https://*.ytimg.com https://noembed.com https://cdn.plyr.io https://*.akamaihd.net https://*.googleapis.com  https://*.googleusercontent.com https://*.gstatic.com https://*.consensu.org https://*.livechatinc.com/ https://*.ads.linkedin.com/ https://*.linkedin.com/ https://*.pm-srv.co https://bat.bing.com/bat.js https://bat.bing.com https://share.transistor.fm/ https://cdn.cookielaw.org https://*.privacyrequest.net https://privacyrequest.net 'unsafe-inline'; 1
frame-src 'self' share.intercom.io intercom-sheets.com www.intercom-reporting.com www.youtube.com;connect-src 'self' appcenter.ms install.appcenter.ms https://secure.gravatar.com *.intercom.io *.optimizely.com uploads.intercomcdn.com uploads.intercomusercontent.com *.cloudfront.net wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.visualstudio.com *.documents.azure.com *.hockeyapp.net *.blob.core.windows.net https://*.ingest.sentry.io https://graph.microsoft.com appcenter.ms install.appcenter.ms *.xamarin.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3.eu-west-1.amazonaws.com wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://api-prod-east-us2.prod.avalanch.es:8088 https://file.appcenter.ms wss://api-service-live-build-prod-east-us-build.prod.avalanch.es https://upload.appcenter.ms wss://api-service-live-build-prod-pme-build.prod-pme.avalanch.es mobilecenter.azureedge.net mobilecenter-int.azureedge.net;default-src 'self' *.msecnd.net data:;font-src 'self' data: js.intercomcdn.com fonts.gstatic.com assets.onestore.ms c.s-microsoft.com;img-src * data:;media-src js.intercomcdn.com xtc-staging-artifacts.s3-eu-west-1.amazonaws.com xtc-prod-artifacts.s3-eu-west-1.amazonaws.com testcloud-staging-artifacts.s3-eu-west-1.amazonaws.com testcloud-staging-artifacts.s3.eu-west-1.amazonaws.com testcloud-artifacts.s3-eu-west-1.amazonaws.com testcloud-artifacts.s3.eu-west-1.amazonaws.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.msecnd.net app.intercom.io widget.intercom.io js.intercomcdn.com accessibility-bookmarklets.org uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;style-src 'self' 'unsafe-inline' accessibility-bookmarklets.org/ uhf.microsoft.com c.s-microsoft.com assets.onestore.ms mobilecenter.azureedge.net mobilecenter-int.azureedge.net;worker-src 'self' blob: 1
upgrade-insecure-requests; frame-ancestors 'self' https://resources.forter.com http://resources.forter.com http://forter.pathfactory.com https://forter.pathfactory.com https://resources.fraudlab.com http://resources.fraudlab.com https://app.mutinyhq.com; 1
default-src 'self';connect-src 'self' ws: https://*.google-analytics.com https://s3-eu-west-1.amazonaws.com;img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com/ data: https://*.google-analytics.com https://*.doubleclick.net https://s3.amazonaws.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://js-agent.newrelic.com/nr-1044.min.js https://www.google.com https://www.gstatic.com https://*.google-analytics.com http://*.getclicky.com;style-src 'self' 'unsafe-inline' http://maxcdn.bootstrapcdn.com https://*.googleapis.com https://www.gstatic.com;font-src 'self' https://www.gstatic.com https://*.gstatic.com http://maxcdn.bootstrapcdn.com;frame-src 'self' https://www.google.com https://*.s3.amazonaws.com;report-uri /csp; 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060 https://steamvideo-a.akamaihd.net/; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://steamloopback.host ; 1
frame-ancestors 'self' https://mycourses.w3schools.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.investopedia.com 1
frame-ancestors *.mediafire.com 1
default-src 'self' https://consent.badoo.com; script-src 'self' 'unsafe-inline' 'report-sample' 'nonce-dY+dao5vagmsgYhqtf1tEg==' badoocdn.com *.badoocdn.com https://consent.badoo.com https://*.googletagmanager.com https://tr.snapchat.com https://tr-shadow.snapchat.com; style-src 'self' 'unsafe-inline'; connect-src 'self' *.badoo.com *.badoo.eu *.badoo.us https://consent.badoo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://tr.snapchat.com https://tr-shadow.snapchat.com; child-src 'self'; font-src * data:; manifest-src 'self'; base-uri 'self'; frame-src * bds: bdp:; img-src * data: blob:; media-src * data: blob:; report-uri /jss/csp_report.phtml?token=badoo_homepage&env=production; upgrade-insecure-requests; 1
default-src 'self' https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://ekr.zendesk.com wss://mixpanelsupport.zendesk.com https://mixpanel.com https://*.mixpanel.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.trychameleon.com https://*.hotjar.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://cdn.rollbar.com https://js.stripe.com https://*.zdassets.com https://*.zopim.com https://assets.zendesk.com https://www.youtube.com/embed/ https://connect.facebook.net https://apis.google.com https://accounts.google.com 'unsafe-eval' https://*.6sc.co https://static.addtoany.com https://*.adroll.com https://*.bing.com https://cdn.bizible.com https://*.clarity.ms https://cdnjs.cloudflare.com d2wy8f7a9ursnm.cloudfront.net https://*.doubleclick.net https://www.dwin1.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.gstatic.cn https://*.gstatic.com https://*.g2crowd.com https://snap.licdn.com https://*.marketo.com https://*.marketo.net https://mixpanel.com https://*.mixpanel.com https://*.recaptcha.net https://www.redditstatic.com/ads/ https://*.singular.net https://*.ads-twitter.com https://mxpnlcms.wpengine.com https://*.youtube.com https://*.zoominfo.com; connect-src 'self' blob: data: https://*.trychameleon.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.mixpanel.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://api.rollbar.com https://api.sprig.com https://*.zdassets.com https://mixpanelsupport.zendesk.com https://*.zopim.com wss://*.zopim.com https://storage.googleapis.com https://*.facebook.com https://*.6sc.co https://*.adnxs.com https://*.bing.com https://*.bugsnag.com https://*.clarity.ms https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.mktoresp.com https://cdn.linkedin.oribi.io https://*.singular.net https://mxpnlcms.wpengine.com https://*.zoominfo.com; img-src 'self' blob: data: https://*.chmln-cdn.com https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.zdassets.com https://*.zopim.com https://v2uploads.zopim.io https://*.facebook.com https://*.gravatar.com https://*.wp.com https://*.3lift.com https://*.33across.com https://*.6sc.co https://*.adnxs.com https://*.adroll.com https://*.bidswitch.net https://*.bing.com https://cdn.bizible.com https://cdn.bizibly.com https://*.bugsnag.com https://*.casalemedia.com https://*.clarity.ms https://*.crwdcntrl.net https://*.doubleclick.net https://*.exelator.com https://*.google-analytics.com https://*.googlesyndication.com https://www.googletagmanager.com https://*.googleusercontent.com https://*.imrworldwide.com https://*.linkedin.com https://mixpanel.com https://*.mixpanel.com https://*.openx.net https://sync.outbrain.com https://*.pubmatic.com https://*.reddit.com https://idsync.rlcdn.com https://pixel.rubiconproject.com https://pixel.sitescout.com/ https://sync.taboola.com https://*.turn.com/ https://t.co/ https://analytics.twitter.com https://beacon.walmart.com https://*.wpengine.com https://mxpnlcms.wpengine.com https://mxpnlcms.wpenginepowered.com https://*.analytics.yahoo.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://hello.myfonts.net; font-src 'self' data: https://cdn.mxpnl.com https://cdn-dev.mxpnl.com https://mixpanel.com https://*.mixpanel.com; frame-src 'self' https://js.stripe.com https://www.loom.com/embed/ https://player.vimeo.com/video/ https://www.youtube.com/embed/ https://*.facebook.com https://accounts.google.com https://static.addtoany.com https://*.bing.com https://*.doubleclick.net https://*.google.com https://*.marketo.com https://mixpanel.com https://*.mixpanel.com https://*.recaptcha.net; worker-src 'self' blob:; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.people.com 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self'; frame-ancestors https://*.lenovo.com 1
connect-src 'self' https://brave-software.ghost.io; default-src 'none'; media-src 'self'; font-src 'self'; frame-ancestors 'self' https://try.bravesoftware.com https://ads.brave.com https://ads.bravesoftware.com; frame-src 'self' https://blocksurvey.io https://survey.brave.com https://contact.ads.brave.com https://html5-player.libsyn.com https://social-growth.bravesoftware.com https://try.bravesoftware.com https://player.vimeo.com https://boards.greenhouse.io https://www.surveymonkey.com https://www.youtube-nocookie.com https://js.driftt.com https://app.boostr.com/; img-src 'self' data: https://analytics.brave.com https://boards.greenhouse.io; script-src 'self' https://analytics.brave.com https://boards.greenhouse.io https://js.driftt.com; style-src 'self' 'unsafe-inline'; object-src 'self'; manifest-src 'self'; upgrade-insecure-requests; 1
default-src data: blob: *.fbcdn.net *.facebook.com *.fbsbx.com connect.facebook.net;script-src *.facebook.com static.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com *.fbsbx.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' *.fbsbx.com https://*.google-analytics.com *.doubleclick.net;font-src *.fbsbx.com fbsbx.com *.fbcdn.net data: https://fonts.gstatic.com;img-src *.facebook.com *.fbsbx.com *.fbcdn.net data: blob: https://*.google-analytics.com;frame-src *.instagram.com *.facebook.com https://*.youtube.com *.twitter.com; 1
block-all-mixed-content; default-src * data: 'unsafe-inline' 'unsafe-eval'; worker-src * blob: data: 'unsafe-inline' 'unsafe-eval'; child-src * blob: data: 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self';base-uri 'self';form-action platform.twitter.com syndication.twitter.com;frame-ancestors 'none';script-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com code.jquery.com platform.twitter.com api.github.com https://cdn.jsdelivr.net https://datum.jsdelivr.com 'nonce-YjllOWFhZDUtZWI2ZC00M2Y3LWJjOGUtM2FmN2IzN2Y3MGY0';style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com fonts.googleapis.com platform.twitter.com https://cdn.jsdelivr.net;img-src 'self' data: bootswatch.com syndication.twitter.com stats.g.doubleclick.net ad.doubleclick.net *.convertro.com *.c3tag.com *.2mdn.net launchbit.com www.launchbit.com https://cdn.jsdelivr.net;font-src 'self' stackpath.bootstrapcdn.com fonts.gstatic.com https://cdn.jsdelivr.net;frame-src 'self' img.shields.io platform.twitter.com syndication.twitter.com https://cdn.jsdelivr.net https://github.com/sponsors/jsdelivr/button;child-src 'self' img.shields.io platform.twitter.com syndication.twitter.com https://cdn.jsdelivr.net;connect-src syndication.twitter.com https://api.github.com/repos/jsdelivr/bootstrapcdn https://stats.g.doubleclick.net https://datum.jsdelivr.com/api/event;object-src img.shields.io;manifest-src 'self' 1
frame-ancestors 'self' *.wallet.airpay.com.br *.shopee.kr *.airpay.com.br *.shopeemobile.com *.shopee.com.br *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
frame-ancestors 'self' *.wallet.airpay.co.id *.shopee.kr *.airpay.co.id *.shopeemobile.com *.shopee.co.id *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src 'self' spotify.okta.com *.oktacdn.com; connect-src 'self' spotify.okta.com spotify-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com spotify.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' spotify.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' spotify.okta.com *.oktacdn.com; frame-src 'self' spotify.okta.com spotify-admin.okta.com login.okta.com com-okta-authenticator: api-0f3c7c4d.duosecurity.com; img-src 'self' spotify.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' spotify.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://dashboards.spotify.net 1
frame-ancestors 'self'; default-src https: *.crazyegg.com blob:; frame-src https: 'self' 'unsafe-inline' 'unsafe-eval'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com blob:; connect-src 'self' https: wss: *.crazyegg.com; img-src https: 'self' data: *.crazyegg.com; style-src https: 'unsafe-inline'; font-src https: 'unsafe-inline' data:; 1
block-all-mixed-content;  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  	*.kohls.com *.babylist.com *.kargo.com *.cloudfront.net esm.sh *.creativecdn.com *.dotomi.com *.fastclick.net *.licdn.com *.pubmatic.com *.rubiconproject.com *.doubleclick.net *.iesnare.com www.youtube.com *.fontawesome.com kohlsblog.wpengine.com app.collectivevoice.com *.flippenterprise.net *.kohlslocal.com *.media.net *.syndigo.com *.syndigo.cloud *.rewardstyle.com *.adnxs-simple.com media.adcanvas.com *.loudcrowd.com *.2mdn.net c.tvpixel.com *.3lift.com *.flashtalking.com *.ampproject.org *.scorecardresearch.com *.evgnet.com survey.vovici.com *.casalemedia.com cdn.cookielaw.org app.contentsquare.com pixel.fohr.co cdnjs.cloudflare.com *.yahoo.com cdn.js7k.com *.doubleverify.com *.adnxs.com *.adsafeprotected.com kohls.sspinc.io *.webcollage.net cdns.brsrvr.com *.pinterest.com edge.curalate.com *.googleapis.com *.dynatrace.com *.snapchat.com *.go-mpulse.net *.adobedtm.com *.dynatrace.com *.coherentpath.com *.igodigital.com *.bing.com *.google.com *.paypalobjects.com *.braintreegateway.com *.dynamicyield.com *.gstatic.com *.paypal.com *.micpn.com *.clicktale.net *.yimg.com *.liadm.com *.ads-twitter.com *.pinimg.com *.facebook.net *.tiktok.com *.vibescm.com sc-static.net *.googletagmanager.com *.snapchat.com *.google-analytics.com *.cnnx.link *.taboola.com *.impactradius-event.com *.ada.support *.googletagservices.com *.indexww.com *.googlesyndication.com *.bazaarvoice.com *.stylitics.com *.tagdelivery.com *.bambuser.com *.googleadservices.com *.rokt.com *.fohr.co www.recaptcha.net cadent.tv z.moatads.com cdn.confiant-integrations.net *.crossingminds.com lexicon.33across.com gum.criteo.com id5-sync.com id.crwdcntrl.net match.adsrvr.org;  style-src 'self' 'unsafe-inline' blob: data:  	*.kohls.com *.licdn.com kohlsblog.wpengine.com cdn.honey.io *.flippenterprise.net *.fontawesome.com *.kohlslocal.com *.loudcrowd.com *.quantcount.com fonts.googleapis.com *.bazaarvoice.com *.stylitics.com *.dynamicyield.com *.crossingminds.com;  img-src 'self' blob: data:  	*.kohls.com *.cloudfront.net *.creativecdn.com *.dotomi.com *.fastclick.net *.adsensecustomsearchads.com *.doubleclick.net *.licdn.com *.scorecardresearch.com *.adnxs.com *.clicktale.net cdn.honey.io media.kohlsimg.com *.casalemedia.com *.yahoo.com *.fontawesome.com *.loudcrowd.com lookaside.fbsbx.com kohlsblog.wpengine.com *.syndigo.com *.syndigo.cloud *.adcanvas.com *.googleadservices.com *.quantserve.com *.vibescm.com *.quantcount.com www.ojrq.net *.flippenterprise.net *.liadm.com *.rlcdn.com *.media.net us-u.openx.net *.rubiconproject.com *.demdex.net *.everesttech.net prodeastusmappscreative.azureedge.net *.pubmatic.com s.yimg.com *.kohlslocal.com *.gstatic.com *.doubleverify.com *.flashtalking.com *.advertising.com chart.googleapis.com cdn.cookielaw.org pixel.fohr.co *.webcollage.net *.adsafeprotected.com edge.curalate.com *.3lift.com *.dynamicyield.com content.stylitics.com dpm.demdex.net *.micpn.com cm.everesttech.net maps.googleapis.com www.googletagmanager.com services.postcodeanywhere.co.uk *.bing.com *.paypal.com *.doubleclick.net *.google.com t.co *.twitter.com *.clicktale.net *.pinterest.com *.facebook.com *.google-analytics.com *.taboola.com *.2mdn.net *.admedia.com *.admarketplace.net *.igodigital.com trkn.us *.4cinsights.com *.bazaarvoice.com *.tagdelivery.com *.bizrate.com *.googlesyndication.com *.adxcel-ec2.com *.kohlsimg.com *.fohr.co cadent.tv z.moatads.com cdn.confiant-integrations.net *.bttrack.com lexicon.33across.com gum.criteo.com id5-sync.com id.crwdcntrl.net match.adsrvr.org; connect-src 'self' data: 	 *.kohls.com *.domdog.io *.babylist.com *.bttrack.com *.kargo.com *.cloudfront.net *.dotomi.com *.fastclick.net *.creativecdn.com *.evergage.com *.casalemedia.com *.iesnare.com *.syndigo.com *.syndigo.cloud *.adeptmind.ai endpoint.dlp-webservices.prod.dlp.adeptmind.net plausible.io *.loudcrowd.com *.fontawesome.com *.flippenterprise.net *.flipp.com *.flippback.com *.ampproject.org s.update.ib.adnxs.net *.kohlslocal.com *.google-analytics.com *.flashtalking.com *.onetrust.com cdn.cookielaw.org pixel.fohr.co p.tvpixel.com *.tagdelivery.com *.doubleverify.com *.adnxs.com edge.curalate.com *.googleapis.com hb.emxdgt.com *.pubmatic.com *.gstatic.com api.rlcdn.com *.google.com *.yahoo.com *.facebook.com *.akstat.io *.rubiconproject.com *.3lift.com *.snapchat.com *.tiktok.com *.bing.com *.paypal.com *.techlab-cdn.com *.omtrdc.net *.go-mpulse.net *.dynatrace.com *.dynamicyield.com *.yimg.com *.liadm.com *.clicktale.net *.pinterest.com *.taboola.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.addressy.com dpm.demdex.net *.ada.support *.doubleclick.net *.googlesyndication.com *.bazaarvoice.com *.stylitics.com kohls.sjv.io *.coherentpath.com *.fohr.co *.contentsquare.net *.crossingminds.com lexicon.33across.com gum.criteo.com id5-sync.com id.crwdcntrl.net match.adsrvr.org; frame-src 'self' data: 	survey.vovici.com *.babylist.com *.creativecdn.com *.indexww.com *.brealtime.com *.2mdn.net *.adnxs.com *.rewardstyle.com *.googletagservices.com app.collectivevoice.com secure.opinionlab.com *.casalemedia.com player.vimeo.com www.youtube.com *.syndigo.com *.syndigo.cloud *.bambuser.com *.bazaarvoice.com eus.rubiconproject.com *.3lift.com contextual.media.net *.pubmatic.com core-gp.firstinsight.com tsdtocl.com tr.snapchat.com apps.rokt.com *.google.com *.liadm.com *.pinterest.com *.doubleclick.net kohls.demdex.net *.paypal.com *.facebook.com kohls.ada.support *.rlcdn.com *.googlesyndication.com *.flashtalking.com www.recaptcha.net lexicon.33across.com gum.criteo.com id5-sync.com id.crwdcntrl.net match.adsrvr.org; worker-src 'self' blob:;  font-src 'self' data:  	cdn.honey.io cdnjs.cloudflare.com *.syndigo.com *.bazaarvoice.com *.syndigo.cloud *.fontawesome.com *.kohlslocal.com *.gstatic.com *.stylitics.com *.paypalobjects.com *.rakuten.com; form-action 'self' *.kohls.com *.facebook.com *.bazaarvoice.com secure.opinionlab.com *.snapchat.com *.pinterest.com; base-uri 'self' *.kohls.com; frame-ancestors 'self'; manifest-src 'self' *.kohls.com *.bazaarvoice.com;  media-src 'self' blob:  	*.kohlsimg.com *.iesnare.com *.bazaarvoice.com *.loudcrowd.com lookaside.fbsbx.com www.bing.com *.syndigo.com *.syndigo.cloud edge.curalate.com; object-src 'self' *.bazaarvoice.com;  report-uri https://csp38.domdog.io/report-uri/a9a6fb14-365a-4648-b17b-2e47930f8b49/1/1-53/block; 1
img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org images.ctfassets.net; script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com js.stripe.com; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 'unsafe-inline'; frame-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com trackertest.org www.surveygizmo.com accounts.firefox.com www.youtube.com js.stripe.com; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com region1.google-analytics.com sentry.prod.mozaws.net o1069899.sentry.io o1069899.ingest.sentry.io https://accounts.firefox.com/ stage.cjms.nonprod.cloudops.mozgcp.net cjms.services.mozilla.com; child-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org www.googletagmanager.com www.google-analytics.com trackertest.org www.surveygizmo.com accounts.firefox.com www.youtube.com js.stripe.com; font-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com *.mozilla.org 1
script-src 'nonce-zlR5vmCvaXNoYn7xfZJrZQ==' *.ya.ru mc.yandex.com yastatic.net yandex.ru mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru ya.ru;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com ya.ru yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru tts.voicetech.yandex.net 'self' wss://webasr.yandex.net;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.ru favicon.yandex.net avatars.mds.yandex.net blob:;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md blob: *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.ru&showid=1715653277011077-12954390360097955249-balancer-l7leveler-kubr-yp-vla-140-BAL&h=stable-portal-mordago-272.sas.yp-c.yandex.net&yandexuid=7979552491715653277&&version=2024-05-07-547&adb=0;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
frame-ancestors 'self' https://*.adroll.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; script-src  https: 'unsafe-inline' 'unsafe-eval'; connect-src  https: 'unsafe-inline'; img-src  https: data: blob: 'unsafe-inline'; frame-src https:; style-src https: 'unsafe-inline'; font-src data:  https: 'unsafe-inline'; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: wss: android-webview-video-poster: blob:; 1
base-uri https://*.ryanair.com https://*.laudamotion.com; child-src https://*.hotjar.com https://*.hotjar.io 'self'; worker-src https://*.ryanair.com 'self'; connect-src 'self' https://*.ryanair.com https://*.launchdarkly.com https://bam.nr-data.net/ https://dpm.demdex.net https://js-agent.newrelic.com https://script.hotjar.com https://smetrics.ryanair.com https://*.hotjar.com https://*.hotjar.io https://*.boxever.com https://www.gstatic.com https://news.ryanair.com wss://*.hotjar.com https://www.rentalcars.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ad.doubleclick.net https://www.google.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com https://www.ryanair.com https://api.ryanair.com https://assets.ryanair.com https://desktopapps.ryanair.com https://places-rooms.ryanair.com https://help.ryanair.com wss://help.ryanair.com; default-src 'self' https://ajax.googleapis.com https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://*.google-analytics.com https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com https://help.ryanair.com wss://help.ryanair.com; frame-src 'self' https://*.ryanair.com https://ryanair.demdex.net https://*.hotjar.com https://*.hotjar.io https://*.cdn-net.com https://*.accdab.net https://www.google.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://ajax.googleapis.com https://assets.ryanair.com; img-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net https://dpm.demdex.net https://smetrics.ryanair.com https://www.gstatic.com https://cm.g.doubleclick.net https://*.criteo.com https://www.facebook.com https://play-lh.googleusercontent.com https://v2assets.zopim.io https://static.zdassets.com https://s3.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://v2uploads.zopim.io https://pixel.quantserve.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://play-lh.googleusercontent.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.fr164-11.ryanair.com https://ryanairsupport.zendesk.com https://*.zdusercontent.com https://assets.ryanair.com/; manifest-src https://*.ryanair.com https://*.laudamotion.com; object-src 'self' https://*.cdn-net.com; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.boxever.com https://*.cdn-net.com https://*.googleapis.com https://*.launchdarkly.com https://assets.ryanair.com https://bam.nr-data.net https://d1mj578wat5n4o.cloudfront.net https://js-agent.newrelic.com https://*.hotjar.com https://*.hotjar.io https://www.gstatic.com https://cdnjs.cloudflare.com https://*.accdab.net https://static.zdassets.com https://ekr.zdassets.com https://*.zopim.com wss://*.zopim.com https://www.googleadservices.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://ryanairsupport.zendesk.com wss://ryanairsupport.zendesk.com https://polyfill.ryanair.com https://help.ryanair.com wss://help.ryanair.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com; frame-ancestors 'self'; report-uri /csp-report?app=homepage; 1
frame-ancestors 'self' https://*.trontv.com https://rainberrytv.com; 1
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' matomo.openstreetmap.org https://nominatim.openstreetmap.org/ https://query.openstreetmap.org/query-features https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route https://valhalla1.openstreetmap.de/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tile.tracestrack.com *.openstreetmap.fr matomo.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' matomo.openstreetmap.org; style-src 'self' 'unsafe-inline' 'nonce-TvNdb051h5r6R6tL2uYGVXkbPjgdV/xY88KAd+Mi+4E='; worker-src 'none' 1
script-src 'nonce-jswSXeISHTykIlmM8DWKrA==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=6BYFPWkFXYgprxWlSGE3TQ7Js8lAOjIHl6nrU3HnfgIcKAUYbWvlcQ0hnasaQ0nzUkQ=&policy_id=10&user_id=&request_id=6ed6228b-d3fa-4723-ac98-de99bd69cdf0; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://trendyol.com https://*.trendyol.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://static.criteo.net https://connect.facebook.net https://edge.fullstory.com https://www.fullstory.com https://cdn.cookielaw.org https://creativecdn.com https://static.hotjar.com https://trendyolde.api.useinsider.com https://ct.pinterest.com https://cdn.taboola.com https://trc.taboola.com https://analytics.twitter.com  https://platform.twitter.com https://static.ads-twitter.com https://googleads.g.doubleclick.net  https://www.awin1.com https://cdn.dsmcdn.com/ https://static.dsmcdn.com https://js-agent.newrelic.com https://maps.googleapis.com https://static.cloudflareinsights.com https://bam-cell.nr-data.net https://widget.usersnap.com https://resources.usersnap.com https://sslwidget.criteo.com https://pay.google.com https://x.klarnacdn.net https://api.useinsider.com https://www.googleoptimize.com https://s.pinimg.com https://www.dwin1.com https://ln-rules.rewardstyle.com http://rewarstyle.com https://the.sciencebehindecommerce.com https://analytics.tiktok.com https://widgets.trustedshops.com https://bat.bing.com https://js.braintreegateway.com https://www.paypal.com https://www.mczbf.com https://c.paypal.com/ https://sc-static.net https://tags.creativecdn.com https://www.google.com https://www.gstatic.com https://checkout.tabby.ai www.glami.eco glamipixel.com https://dynamic.criteo.com 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=sph&d=2024-05-14 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; media-src 'self' https: data: blob:; frame-src 'self' https:; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; 1
script-src 'nonce-i/c+yTAAMlmVfcR7YidulA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=35e75f74-98a9-49eb-9377-88a83ee0942d; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: blob: data: android-webview-video-poster:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' *.gsmarena.com; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' clapi.civiccomputing.com cc.cdn.civiccomputing.com apikeys.civiccomputing.com data:;; frame-ancestors 'self' canvas.ox.ac.uk; report-uri /report-csp-violation 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; connect-src https: wss:; font-src https: data:; media-src https: blob: data:; worker-src https: blob:; object-src 'none'; 1
frame-ancestors *.ouest-france.fr www.google.com https://amp-ouest--france-fr.cdn.ampproject.org http://www.ultimedia.com https://fr.ouestfrance.OuestFrance *.presseocean.fr *.courrierdelouest.fr *.lemainelibre.fr *.maville.com *.francelive.fr *.sipaof.fr ouest-france.geovoile.com 1
frame-ancestors 'self' https://*.apa.org; 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.pl  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
frame-ancestors *.leboncoin.fr *.leboncoin.io *.leboncoin.ci; report-uri https://api.leboncoin.fr/api/csp-report/v1/report/; 1
default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.abcya.com/ https://*.ads-twitter.com/ https://*.bing.com/ https://*.clarity.ms/ https://*.cloudflarestream.com/ https://*.cloudfunctions.net/ https://*.criteo.com/ https://*.criteo.net/ https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.hellomedian.com/ https://*.hotjar.com/ https://*.ixl.com/ https://*.jwpcdn.com/ https://*.jwplayer.com/ https://*.kaltura.com/ https://*.olark.com/ https://*.traversedlp.com/ https://accounts.google.com/ https://ad.doubleclick.net/ https://adservice.google.com/ https://ajax.cloudflare.com/ https://ajax.googleapis.com/ https://analytics.tiktok.com/ https://analytics.twitter.com/ https://api.traversedlp.com/ https://apis.google.com/ https://apps.rokt.com/ https://boards.greenhouse.io/ https://cdn.embed.ly/ https://cdn.mathjax.org/ https://cdn.pbbl.co/ https://cdn.pdst.fm/ https://cdn-assets-prod.s3.amazonaws.com/ https://cdnjs.cloudflare.com/ https://clarity.microsoft.com/ https://collector-30533.us.tvsquared.com/ https://connect.facebook.net/ https://ct.pinterest.com/ https://cx.atdmt.com/ https://d1fc8wv8zag5ca.cloudfront.net/ https://d38xvr37kwwhcm.cloudfront.net/ https://fast.ssqt.io/ https://googleads.g.doubleclick.net/ https://ndn.statistinamics.com/ https://optimize.google.com/ https://platform.twitter.com/ https://players.brightcove.net/ https://plus.google.com/ https://s.pinimg.com/ https://s.yimg.com/ https://s3.amazonaws.com/ https://snap.licdn.com/ https://sp.analytics.yahoo.com/ https://stats.g.doubleclick.net/ https://utt.impactcdn.com/ https://vjs.zencdn.net/ https://www.clarity.ms/ https://www.google.com/ https://www.googleadservices.com/ https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.sc.pages02.net/ https://tagmanager.google.com/ https://www.wyzant.com/ http://ie7-js.googlecode.com/ https://*.ipqscdn.com/ ; style-src 'self' 'unsafe-inline' https://*.olark.com/ https://accounts.google.com/ https://cdn.honey.io/ https://fast.fonts.net/ https://fonts.googleapis.com/ https://optimize.google.com/ https://tagmanager.google.com/ https://translate.googleapis.com/ https://www.wyzant.com/ ; img-src 'self' data: blob: https://*.abcya.com/ https://*.adsrvr.org/ https://*.bing.com/ https://*.boltdns.net/ https://*.brightcove.com/ https://*.brightcovecdn.com/ https://*.clarity.ms/ https://*.criteo.com/ https://*.criteo.net/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://*.googleusercontent.com/ https://*.gstatic.com/ https://*.hotjar.com/ https://*.ixl.com/ https://*.jwplatform.com/ https://*.jwplayer.com/ https://*.jwpltx.com/ https://*.jwpsrv.com/ https://*.kaltura.com/ https://*.linkedin.com/ https://*.olark.com/ https://*.pages02.net/ https://*.pbbl.co/ https://*.pinterest.com/ https://aa.agkn.com/ https://ad.doubleclick.net/ https://adservice.google.ae/ https://adservice.google.ca/ https://adservice.google.co.in/ https://adservice.google.co.nz/ https://adservice.google.co.uk/ https://adservice.google.com/ https://adservice.google.com.au/ https://adservice.google.es/ https://adservice.google.fr/ https://adservice.google.ie/ https://analytics.pangle-ads.com/ https://analytics.tiktok.com/ https://analytics.twitter.com/ https://api.traversedlp.com/ https://cdn.honey.io/ https://collector-30533.us.tvsquared.com/ https://cx.atdmt.com/ https://drive.google.com/ https://googleads.g.doubleclick.net/ https://ixl.sjv.io/ https://logs-01.loggly.com/ https://olark-file-uploads.s3.us-west-1.amazonaws.com/ https://optimize.google.com/ https://p.adsymptotic.com/ https://pinterest.adsymptotic.com/ https://via.placeholder.com/ https://pointclicktrack.com/ https://gtrk.s3.amazonaws.com/ https://q.quora.com/ https://rwedge-webservices.texthelp.com/ https://rwgoogle-webservices-7.texthelp.com/ https://secure.adnxs.com/ https://sp.analytics.yahoo.com/ https://stats.g.doubleclick.net/ https://t.co/ https://trail.grin.co/ https://translate.google.com/ https://trkn.us/ https://user-event-tracker.crazyegg.com/ https://www.bizographics.com/ https://www.facebook.com/ https://www.google.co.uk/ https://www.google.com/ https://www.google.com.au/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.kidsafeseal.com/ https://www.ojrq.net/ https://www.w3.org/ https://www.wyzant.com/ https://trail.grin.co/ ; frame-src 'self' https://*.abcya.com/ https://*.criteo.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://*.hotjar.com/ https://*.ixl.com/ https://*.olark.com/ https://*.pinterest.com/ https://accounts.google.com/ https://apps.rokt.com/ https://boards.greenhouse.io/ https://cdn.pbbl.co/ https://cdnapisec.kaltura.com/ https://classroom.google.com/ https://iframe.cloudflarestream.com/ https://ixl.sjv.io/ https://optimize.google.com/ https://players.brightcove.net/ https://www.gstatic.com/ https://www.recaptcha.net/recaptcha/ https://www.wyzant.com/ https://www.youtube.com/ https://*.ipqscdn.com/ ; object-src 'self' https://www.wyzant.com/ ; media-src 'self' data: blob: https://*.akamaihd.net/ https://*.boltdns.net/ https://*.brightcove.com/ https://*.brightcovecdn.com/ https://*.jwplayer.com/ https://*.kaltura.com/ https://*.olark.com/ https://rwforg.speechstream.net/ https://www.wyzant.com/ ; connect-src 'self' https://*.abcya.com/ https://*.akamaihd.net/ https://*.analytics.google.com/ https://*.boltdns.net/ https://*.brightcove.com/ https://*.brightcovecdn.com/ https://*.clarity.ms/ https://*.google-analytics.com/ https://*.googleapis.com/ https://*.greenhouse.io/ https://*.hellomedian.com/ https://*.hotjar.com/ https://*.instructure.com/ https://*.ixl.com/ https://*.jwplayer.com/ https://*.jwpsrv.com/ https://*.kaltura.com/ https://*.linkedin.com/ https://*.olark.com/ https://*.traversedlp.com/ https://accounts.google.com/ https://ad.doubleclick.net/ https://adservice.google.com/ https://analytics.pangle-ads.com/ https://analytics.tiktok.com/ https://api.traversedlp.com/ https://bat.bing.com/ https://cdn.linkedin.oribi.io/ https://csm.sv.us.criteo.net/ https://ct.pinterest.com/ https://cx.atdmt.com/ https://docs.google.com/ https://fast.wistia.com/ https://googleads.g.doubleclick.net/ https://iframe.videodelivery.net/ https://ixl.sjv.io/ https://olark-file-uploads.s3-us-west-1.amazonaws.com/ https://rwedge-webservices.texthelp.com/ https://rwforg.speechstream.net/ https://rwgoogle-webservices-7.texthelp.com/ https://s.yimg.com/ https://stats.g.doubleclick.net/ https://us-central1-adaptive-growth.cloudfunctions.net/ https://www.cloudflare.com/ https://www.facebook.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.wyzant.com/ https://www.youtube.com/ wss://*.hotjar.com/ wss://socket.hellomedian.com/ https://*.ipqscdn.com/ https://www.cloudflare.com/ https://pubsub.ixl.com wss://pubsub.ixl.com; font-src 'self' data: chrome-extension https://*.hotjar.com/ https://*.kaltura.com/ https://*.olark.com/ https://cdn.honey.io/ https://fonts.gstatic.com/ https://images.simplycodes.com/ https://static.rakuten.com/ https://www.wyzant.com/ ; frame-ancestors 'self' https://*.abcya.com/ https://*.brightspace.com/ https://*.instructure.com/ https://*.ixl.com/ https://*.schoology.com/ https://canvas.nz.oneschoolglobal.com/ https://classroom.google.com/ https://elearning.donegalsd.org/ https://elearning.tisd.org/ https://epiccharterschools.schoologytest.com/ https://goarrows.instructure.com/ https://ixl.d2l-partners.brightspace.com/ https://learn.ocusd.net/ https://lms.lausd.net/ https://lms.lfdcs.org/ https://my.otus.com/ https://odlss.spedcol.org/ https://odlssparentresources.com/ https://odlssparentresources.org/ https://polaris.jackson.sparcc.org/home/ https://schoology.apollocc.org/ https://schoology.conestogavalley.org/ https://schoology.conradweiser.org/ https://schoology.isd191.org/ https://schoology.lancaster.k12.pa.us/ https://schoology.LSR7.org/ https://schoology.manheimcentral.org/ https://schoology.mesd.us/ https://schoology.rocklinusd.org/ https://schoology.spps.org/ http://learn.d64.org/ http://support/ http://support.quiacorp.com/ http://supportvm/ http://supportvm.quiacorp.com/ http://try.quiacorp.com/ https://schoology.isd623.org https://canvas.k12.hi.us/ https://dev-odlss.spedcol.org/ https://schoology.colheights.k12.mn.us https://learn.sowashco.org https://learn.yeshivatnoam.org https://online.spartan.org https://schoology.dpsk12.org https://lms.jasdmuskies.com https://schoology.wcasd.net https://schoology.pickens.k12.sc.us https://schoology.bcpsk12.net https://*.lausd.iap.allhere.co https://smcdsb.elearningontario.ca https://elearning.govalor.com; report-uri /actions/csp/report; report-to csp-endpoint; 1
frame-ancestors https://admarket.no https://admarket.schibsted.se https://schibsted.dredition-beta.aptoma.no/ https://schibsted.dredition.aptoma.no/; upgrade-insecure-requests 1
report-uri /csp-violation; default-src 'self' https://*.huntress.io https://huntresscdn.com; font-src 'self' data: https://fonts.gstatic.com https://beacon-v2.helpscout.net https://huntresscdn.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://beacon-v2.helpscout.net https://checkout.stripe.com https://huntresscdn.com https://static.hotjar.com https://script.hotjar.com https://api.canny.io; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://checkout.stripe.com https://huntresscdn.com; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com/ https://script.hotjar.com https://beacon-v2.helpscout.net https://d12wqas9hcki3z.cloudfront.net https://d33v4339jhl8k0.cloudfront.net https://checkout.stripe.com https://js.stripe.com https://canny.io https://api.canny.io https://assets.canny.io https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://widget-mediator.zopim.com https://api.smooch.io https://huntresscdn.com; connect-src 'self' https://*.huntress.io https://huntress-user-uploads.s3.amazonaws.com https://*.google-analytics.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://d3hb14vkzrxvla.cloudfront.net https://beaconapi.helpscout.net https://chatapi.helpscout.net wss://*.pusher.com https://*.sumologic.com https://checkout.stripe.com https://canny.io https://*.canny.io wss://*.canny.io https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://huntress.zendesk.com https://*.zopim.com https://api.smooch.io wss://huntress.zendesk.com wss://*.zopim.com wss://api.smooch.io https://sessions.bugsnag.com https://notify.bugsnag.com https://huntresscdn.com https://us-autocomplete-pro.api.smartystreets.com https://international-autocomplete.api.smarty.com https://webhooks.fivetran.com; frame-src 'self' https://www.google.com https://www.recaptcha.net https://beacon-v2.helpscout.net https://checkout.stripe.com https://js.stripe.com https://canny.io https://changelog-widget.canny.io https://app.datadoghq.com; object-src 'self' https://beacon-v2.helpscout.net; img-src 'self' data: https://*.huntress.io https://huntress-user-uploads.s3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://static.hotjar.com/ https://script.hotjar.com https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://linkmaker.itunes.apple.com https://*.stripe.com https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://*.zopim.io https://*.zdusercontent.com https://media.smooch.io https://huntresscdn.com https://s3-eu-west-1.amazonaws.com; media-src 'self' https://beacon-v2.helpscout.net https://static.zdassets.com https://ekr.zdassets.com https://huntress.zendesk.com https://*.zopim.io https://*.zdusercontent.com https://huntresscdn.com 1
script-src 'nonce-DaGlabDiTl/DQhJ2syf7Qw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=4e6153e7-f763-461a-a6f3-79449a97c8cd; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src * blob:; img-src * data: blob: resource: t.captcha.qq.com *.dun.163yun.com *.dun.163.com *.126.net *.nosdn.127.net nos.netease.com; connect-src * wss: blob: resource:; frame-src 'self' *.zhihu.com mailto: tel: weixin: *.vzuu.com mo.m.taobao.com getpocket.com note.youdao.com safari-extension://com.evernote.safari.clipper-Q79WDW8YH9 blob: mtt: zhihujs: captcha.guard.qcloud.com pos.baidu.com dup.baidustatic.com openapi.baidu.com wappass.baidu.com passport.baidu.com *.cme.qcloud.com vs-cdn.tencent-cloud.com t.captcha.qq.com *.dun.163yun.com *.dun.163.com *.126.net *.nosdn.127.net nos.netease.com; script-src 'self' blob: *.zhihu.com g.alicdn.com qzonestyle.gtimg.cn res.wx.qq.com open.mobile.qq.com 'unsafe-eval' unpkg.zhimg.com unicom.zhimg.com resource: zhihu-live.zhimg.com captcha.gtimg.com captcha.guard.qcloud.com pagead2.googlesyndication.com cpro.baidustatic.com pos.baidu.com dup.baidustatic.com i.hao61.net jsapi.qq.com 'nonce-ab01548b-eed7-43bd-8f11-eb55ea3fa6aa' hm.baidu.com zz.bdstatic.com b.bdstatic.com imgcache.qq.com vs-cdn.tencent-cloud.com www.mangren.com www.yunmd.net zhihu.govwza.cn p.cnwza.cn gw.alipayobjects.com ssl.captcha.qq.com t.captcha.qq.com *.dun.163yun.com *.dun.163.com *.126.net *.nosdn.127.net nos.netease.com; style-src 'self' 'unsafe-inline' *.zhihu.com unicom.zhimg.com resource: captcha.gtimg.com www.mangren.com ssl.captcha.qq.com t.captcha.qq.com *.dun.163yun.com *.dun.163.com *.126.net *.nosdn.127.net nos.netease.com; font-src * data:; frame-ancestors *.zhihu.com 1
default-src 'self' gso.amocrm.ru; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://www.gstatic.com https://www.google.com http://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://seal.starfieldtech.com 'sha256-6/v+FSMWnmvsGNghwyNkr2VwAMemIky1qH4GhuhErw8=' 'unsafe-hashes' piper.amocrm.ru gso.amocrm.ru https://my.hellobar.com https://www.youtube.com 'sha256-qZJmHHAaUu28WoFKc0FVNpA5ikXzX0NBeqIpY0bQXIA=' 'sha256-V7US+zMwAMOPr/YqM4zVsHsKGl3xUiVIwhFUvnv87QE=' 'sha256-J8lzg3ubs2SO6PW9MmHWe1UzbBMwuiLWxN/otQCygyY=' 'sha256-disSjv6Cqh2qc1///UXyReEByhnnMEGIa7VnqInfjls=' 'sha256-eH5kMeUdc48DzHbZtubwbQ1dUOxSsKEw4nqHROB4O+g=' 'sha256-sejyC18/DnWxENEG0wtqHl60q8kck4ZIDJVPYZoFY2Y=' 'sha256-yHwihVYvV0uJwcx2/8gO6wxKSQKbIKgPrOhvJErN3Zs=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' https://ajax.googleapis.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com vk.com https://login.vk.com top-fwz1.mail.ru https://mc.yandex.ru https://yastatic.net 'nonce-e9af510aa1a2'; style-src 'self' https://fonts.googleapis.com 'strict-dynamic' 'unsafe-inline' https://unpkg.com gso.amocrm.ru connect.facebook.net; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.amocrm.ru chrome-extension://cfaicdlgblgdchnpdilihjmfnogpjakl chrome-extension://eaeaddaoioikiaokcmjfeghddidmmfhc; worker-src 'none'; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://i.postimg.cc https://seal.godaddy.com https://widgets.amocrm.ru piper.amocrm.ru gso.amocrm.ru https://assets.hellobar.com https://www.google-analytics.com https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://vk.com https://mc.yandex.ru https://yastatic.net https://mc.yandex.md; frame-src 'self' www.facebook.com www.googletagmanager.com piper.amocrm.ru gso.amocrm.ru forms.amocrm.ru button.amocrm.ru drive-a.amocrm.ru drive-b.amocrm.ru drive.amocrm.ru hb.bizmrg.com *.amazonaws.com https://www.youtube.com https://www.google.com https://www.facebook.com https://vk.com https://mc.yandex.ru; connect-src 'self' https://*.amocrm.ru https://appbroker.amostage.ru https://appbroker.amocrm.ru gso.amocrm.ru lc-ru.amocrm.com https://pro.ip-api.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.facebook.com https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.md; base-uri 'self'; 1
default-src 'self' *.garmin.com https://static.garmincdn.com;style-src 'self' 'unsafe-inline' *.garmin.com https://static.garmincdn.com https://fonts.googleapis.com;connect-src 'self' *.garmin.com *.sentry.io https://static.garmincdn.com *;script-src 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://optimize.google.com 'self' *.garmin.com *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net http://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://*.garmin.cn https://cdn.jsdelivr.net;font-src 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com;img-src https://*.criteo.com https://*.doubleclick.net https://www.googleadservices.com https://px.adentifi.com https://rtb.adentifi.com https://*.teads.tv https://www.googletagmanager.com https://bat.bing.com https://secure.adnxs.com https://www.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com 'self' data: *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com *.akamaihd.net https://*.tealiumiq.com https://deploytealium.com https://secure.adnxs.com https://www.facebook.com https://*.garmin.cn;frame-src https://*.doubleclick.net https://*.criteo.com *.garmin.com *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://player.youku.com https://gum.criteo.com https://static.criteo.net;object-src 'none';upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self';script-src-attr 'none' 1
default-src 'self' * *.faphouse.com; img-src * data: blob:; media-src * blob:; script-src 'self' 'unsafe-inline' blob: https://assets-ah.flixcdn.com www.google.com www.gstatic.com *.amplitude.com www.google-analytics.com www.googleanalytics.com www.googletagmanager.com www.googleoptimize.com optimize.google.com tagmanager.google.com *.hotjar.com https://pm-api.faphouse.com https://pm.faphouse.com/pm/ https://assets-ah.flixcdn.com/ comments.faphouse.com studio.faphouse.com joinmy.fans 'unsafe-eval' challenges.cloudflare.com; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors 'none'; default-src 'self' https vlibras.gov.br dicionario2.vlibras.gov.br cdp.cloud.unity3d.com config.uca.cloud.unity3d.com traducao2.vlibras.gov.br www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.google.com www.gstatic.com barra.brasil.gov.br vlibras.gov.br; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.dsgovserprodesign.estaleiro.serpro.gov.br cdnjs.cloudflare.com vlibras.gov.br barra.brasil.gov.br; img-src 'self' data: www.gstatic.com cdn.dsgovserprodesign.estaleiro.serpro.gov.br vlibras.gov.br; font-src 'self' use.typekit.net data: cdn.dsgovserprodesign.estaleiro.serpro.gov.br fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com barra.brasil.gov.br vlibras.gov.br; object-src 'none'; frame-src www.google.com; upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'self'; child-src 'none'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://hcaptcha.com https://*.hcaptcha.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://o4505901158694912.ingest.sentry.io https://mediax.sxccdn.com https://imagex.sxccdn.com https://iframe.sex.com; default-src 'self'; font-src 'self' data: https://staticx.sxccdn.com; form-action 'self' *.cardinalcommerce.com *.rocketgate.com; frame-src https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://iframe.sex.com; img-src 'self' blob: data: https://staticx.sxccdn.com https://imagex.sxccdn.com https://mediax.sxccdn.com ewemvadix5.execute-api.eu-central-1.amazonaws.com https://sxmediax2.sxccdn.com https://m2.cdn.sex.com *.vcmdiawe.com https://*.googletagmanager.com https://*.google-analytics.com; manifest-src 'self'; media-src 'self' https://staticx.sxccdn.com https://imagex.sxccdn.com https://mediax.sxccdn.com ewemvadix5.execute-api.eu-central-1.amazonaws.com https://sxmediax2.sxccdn.com https://m2.cdn.sex.com *.vcmdiawe.com blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://staticx.sxccdn.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://staticx.sxccdn.com; worker-src 'self' blob:; block-all-mixed-content; 1
default-src 'self';base-uri 'self';script-src 'nonce-E38gF7wud8d0eJOp/qNBrw==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
frame-ancestors 'self' *.kameleoon.com 1
frame-ancestors 'self' https://www.ruliweb.com https://bbs.ruliweb.com https://m.ruliweb.com https://market.ruliweb.com https://mypi.ruliweb.com https://user.ruliweb.com https://api.ruliweb.com https://bbs.ruliweb.com 1
default-src 'self'; script-src 'self' ads.dragonfru.it https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ 'nonce-MWqWWzs2QvXecZPrLqafcA=='; style-src 'self' 'unsafe-inline'; connect-src 'self' ads.dragonfru.it plausible.dragonfru.it; object-src 'self' static1.e621.net static1.e926.net; media-src 'self' static1.e621.net static1.e926.net; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/; font-src 'self'; img-src 'self' data: static1.e621.net static1.e926.net ads.dragonfru.it; child-src 'none'; form-action 'self' discord.e621.net discord.com 1
default-src 'self' data: blob: *.mega.co.nz *.mega.nz *.mega.io http://*.mega.co.nz http://*.mega.nz http://*.mega.io wss://*.karere.mega.nz wss://*.sfu.mega.co.nz *.karere.mega.nz:1380 http://127.0.0.1:6341 localhost.megasyncloopback.mega.nz:6342; script-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob:; style-src 'self' 'unsafe-inline' *.mega.co.nz *.mega.nz *.mega.io data: blob:; frame-src 'self' *.megapay.nz ad.mega.nz mega: *.megaad.nz https://mega.nz/ https://mega.io/; img-src 'self' *.mega.co.nz *.mega.nz *.mega.io data: blob: mega.nz 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.mczbf.com alb.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.visualwebsiteoptimizer.com app.vwo.com www.redditstatic.com conversions-config.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-e9b88524f4bcd819386872877a4c5780' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.xvideos.es *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com wss://*.1ka.com https://*.1ka.com https://media.1ka.com https://u.1ka.com https://n.1ka.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.1ka.com *.xvideos.es *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.xvideos.es/csp-reports; report-to csp-endpoint 1
font-src 'self'; frame-src 'self' https://www.youtube.com http://www.google.com http://maps.google.com https://live.teletip.saglik.gov.tr https://mhrstest.sagliknet.saglik.gov.tr/ https://mhrstest.sagliknet.saglik.gov.tr/responsive https://testnvcovid.saglik.gov.tr https://www.mhrs.gov.tr https://prd.mhrs.gov.tr https://msrstest.mhrs.gov.tr https://healthpass.saglik.gov.tr/ https://sec.teletip.saglik.gov.tr https://teleradyoloji.saglik.gov.tr https://neyimvar.gov.tr/ connect-src 'self' https://msrstest.mhrs.gov.tr 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob:; font-src https: data:; img-src https: data: blob:; media-src blob: data: https:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
form-action https:; frame-ancestors https://app.contentful.com https://verkada.teamaligned.com 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/pichu-static 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-ODliOTIxMDIzNg/YzY0YjNlYmI1MDZjMzU='; object-src 'self'; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.eloqua.com *.en25.com *.id.opendns.com *.msecnd.net *.youtube.com cdn.ampproject.org cse.google.com http://assets.rulis.fao.org http://cdn.matomo.cloud http://clients1.google.com http://foris.fao.org https://api.altmetric.com/ https://buttons-config.sharethis.com https://cdn.amcharts.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net/npm/flatpickr https://cdn.matomo.cloud https://cdn.tiny.cloud https://code.jquery.com https://count-server.sharethis.com https://dec.azureedge.net/ https://d1bxh8uas1mnw7.cloudfront.net/ https://embedr.flickr.com https://fao.matomo.cloud https://form.jotform.com https://npmcdn.com/flatpickr/dist/l10n/ https://platform-api.sharethis.com https://public.tableau.com/ https://rulis.dev.aws.fao.org https://rulis.fao.org https://tableau.apps.fao.org https://w.soundcloud.com https://widgets.flickr.com https://www.fao.org https://www.youtube.com/iframe_api js.hs-analytics.net js.hs-scripts.com munchkin.marketo.net s3.amazonaws.com unpkg.com www.googletagmanager.com https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com https://cdn.knightlab.com/ https://cdn.datatables.net/ https://public.flourish.studio/ https://www.google-analytics.com/ https://fao-test.atmire.com/ https://fao-prod.atmire.com/ https://openknowledge.fao.org/ https://ui.customsearch.ai/api/ http://translate.google.com/ http://embedr.flickr.com/ https://oacqa-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com/ https://devoci-dwh-apigateway.fao.org/ https://pro-ags1.dfs.un.org/ kendo.cdn.telerik.com https://qaoci-dwh-apigateway.fao.org/ https://www.ipcinfo.org/ https://imis.fao.org/ https://oci-dwh-apigateway.fao.org/ https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.cdn.jsdelivr.net *.opendns.com cdn.jsdelivr.net http://assets.rulis.fao.org http://foris.fao.org https://cdn.firebase.com/libs/firebaseui/ https://cdn.tiny.cloud https://d1bxh8uas1mnw7.cloudfront.net https://design-system.fao.org https://p.typekit.net https://platform-api.sharethis.com https://rulis.dev.aws.fao.org https://rulis.fao.org https://use.typekit.net https://www.fao.org https://www.fao.org/fileadmin unpkg.com http://code.jquery.com/ https://cdnjs.cloudflare.com/ data: https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com https://cdn.knightlab.com/ https://cdn.datatables.net/ https://faodata.wufoo.com/ https://player.4am.ch/ https://hosteduxprod.blob.core.windows.net/ https://oacqa-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com https://pro-ags1.dfs.un.org/ https://www.ipcinfo.org https://imis.fao.org/ https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net *.eloqua.com *.nocs.fao.org clients1.google.com cse.google.com http://nocs.fao.org http://public.tableau.com/ https://*.dec.sitefinity.com https://*.insight.sitefinity.com https://badges.altmetric.com https://code.jquery.com/ https://farm8.staticflickr.com https://fenixrepo.fao.org https://geoservices.un.org https://img.youtube.com https://www.ipcinfo.org/ https://l.sharethis.com https://live.staticflickr.com https://nocs.fao.org https://pro-ags1.dfs.un.org https://sp.tinymce.com https://unpkg.com https://vumbnail.com https://www.fao.org platform-cdn.sharethis.com track.hubspot.com www.google.com www.googletagmanager.com www.fao.org http://code.jquery.com/ https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com/ www.facebook.com http://www.fao.org/3/ https://public.flourish.studio/ https://www.google-analytics.com/ https://coin.fao.org/ https://sfcs.fao.org/images/ https://website-assets.commoninja.com/ https://hosteduxprod.blob.core.windows.net/ https://openknowledge.fao.org http://translate.google.com/ https://farm5.staticflickr.com/ https://oacqa-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com/ https://idcs-f4c735d225b24a2697b363f12ca3d8af.identity.oraclecloud.com/ https://login.microsoftonline.com/ https://idcs-18742e79e0b94dcab45603140a376c3c.identity.oraclecloud.com/ https://www.adsensecustomsearchads.com/ https://imis.fao.org/ https://idcs-f10f016b81f94eab8be0f1f8d63ec606.identity.oraclecloud.com/ https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.opendns.com cdn.jsdelivr.net http://fenixrepo.fao.org/ https://p.typekit.net https://rulis.dev.aws.fao.org/ https://rulis.fao.org/ https://use.typekit.net https://www.fao.org https://www.ipcinfo.org https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com https://cdn.knightlab.com/ https://oacqa-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com https://imis.fao.org/; frame-src 'self' http://assets.rulis.fao.org/ http://foris.fao.org/ http://newsletters.fao.org/ http://public.tableau.com/ http://www.fao.org/ https://c.sharethis.mgr.consensu.org/ https://cse.google.com/ https://data.apps.fao.org/ https://datawrapper.dwcdn.net/ https://flickrembed.com/ https://form.jotform.com/ https://forms.office.com/ https://map.ipcinfo.org/ https://my.walls.io/ https://open.spotify.com/ https://platform-api.sharethis.com/ https://platform.twitter.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://tableau.apps.fao.org/ https://w.soundcloud.com/ https://www.fao.org/ https://www.google.com/ https://www.youtube.com/ https://foodandagricultureorganization.shinyapps.io/ https://uploads.knightlab.com/ https://fao-gift2-review.firebaseapp.com/ https://fao-gift2.firebaseapp.com/ https://app.powerbi.com/ https://datalab.fao.org/ https://flo.uri.sh/ https://faoeventregistration.powerappsportals.com/ https://food-systems.rowsquared.com/ https://faodata.wufoo.com/ https://docs.google.com/ https://mediafao00-meride-tv.akamaized.net/ https://player.4am.ch/ https://copilotstudio.microsoft.com/ https://www.adsensecustomsearchads.com/; connect-src 'self' accounts.google.com *.g4qlhfvv80.execute-api.eu-west-1.amazonaws.com *.mktoresp.com *.visualstudio.com https://api.ipcinfo.org https://embedr.flickr.com https://fao.matomo.cloud https://fao-pws-prod.appspot.com/ https://g4qlhfvv80.execute-api.eu-west-1.amazonaws.com https://gift-api-flex-dot-fao-gift2-review.appspot.com/ https://ipc-api-ch-v1.s3.amazonaws.com/ https://l.sharethis.com https://maps.googleapis.com https://nominatim.openstreetmap.org https://platform-api.sharethis.com https://rulis.dev.aws.fao.org https://rulis.fao.org/ http://restapi/adminapp/ https://gift-api-flex-dot-fao-gift2.appspot.com/ https://www.googleapis.com/ https://firestore.googleapis.com/ https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com http://intranet-meetings.aws.fao.org https://www.fao.org https://accounts.accesscontrol.windows.net https://unfao.sharepoint.com https://datalab.fao.org https://www.google-analytics.com/ https://region1.google-analytics.com https://pbf8yxe90a.execute-api.eu-west-1.amazonaws.com/ https://fao-test.atmire.com/ https://fao-prod.atmire.com/ https://ui.customsearch.ai/api/ https://openknowledge.fao.org/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ https://devoci-dwh-apigateway.fao.org/ https://oacqa-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com/ https://pro-ags1.dfs.un.org/ https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com/ https://qaoci-dwh-apigateway.fao.org/ https://oci-dwh-apigateway.fao.org/ https://imis.fao.org/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://oacqa-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com/ https://pro-ags1.dfs.un.org/ blob: https://oacdev1-fr61cxb0ovgh-fr.analytics.ocp.oraclecloud.com/ https://imis.fao.org/; frame-ancestors 'self' https://faoeventregistration.powerappsportals.com/ 1
base-uri 'none'; child-src *.shipt.com *.adsrvr.org *.criteo.com *.criteo.net *.doubleclick.net *.googlesyndication.com *.kampyle.com *.medallia.com *.pinterest.com *.recruitics.com *.sprinklr.com *.use1.pure.cloud *.visammg.com apps.rokt.com hooks.stripe.com js.stripe.com recaptcha.google.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com tr.snapchat.com www.youtube.com csxd.shipt.com 'self' blob:; connect-src 'self' *.bing.com *.branch.io *.citrusad.com *.clarity.ms *.contentsquare.net *.criteo.com *.criteo.net *.doubleclick.net *.dynatrace.com *.google.com google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.kampyle.com *.medallia.com *.mouseflow.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.bugsnag.com d37hm4w715hh7d.cloudfront.net adservice.google.com analytics.tiktok.com api.segment.io api.stripe.com js.stripe.com cdn.segment.com js.stripe.com connect.facebook.net ct.pinterest.com s.yimg.com tr.snapchat.com wss://*.sprinklr.com www.facebook.com www.googletagmanager.com zapier.com https://p2blobstore.blob.core.windows.net; font-src 'self' data: *.kampyle.com *.medallia.com *.sprinklr.com *.shipt.com; form-action *.facebook.com *.shipt.com accounts.google.com appleid.apple.com ct.pinterest.com tr.snapchat.com; frame-ancestors *.shipt.com; img-src 'self' data: blob: *; object-src 'none'; script-src 'self' 'report-sample' *.bing.com *.clarity.ms *.criteo.com *.criteo.net *.dstillery.com *.doubleclick.net *.googlesyndication.com *.hlserve.com *.kampyle.com *.medallia.com *.media6degrees.com *.recruitics.com *.shipt.com *.sprinklr.com *.use1.pure.cloud *.dynatrace.com adserver.pandora.com analytics-sm.com js.adsrvr.org s.pinimg.com ct.pinterest.com sc-static.net ajax.cloudflare.com analytics.tiktok.com app.contentsquare.com apps.rokt.com dhqbrvplips7x.cloudfront.net app.link connect.facebook.net cdn.branch.io cdn.mouseflow.com cdn.segment.com js.stripe.com maps.googleapis.com p2blobstore.blob.core.windows.net request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com t.contentsquare.net tr.snapchat.com snap.licdn.com web.btncdn.com www.google.com/recaptcha/ www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ s.yimg.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.kampyle.com *.medallia.com *.shipt.com; worker-src 'self' blob:; default-src 'self'; upgrade-insecure-requests; media-src 'self' *.shipt.com *.use1.pure.cloud *.sprinklr.com 1
upgrade-insecure-requests; frame-ancestors *.cisco.com 1
base-uri 'self' *.silverchair.com jamanetwork.com edhub.ama-assn.org www.facebook.com subs-test.ama-assn.org payment.edhub.ama-assn.org; form-action *; frame-ancestors 'self' *.silverchair.com jamanetwork.com edhub.ama-assn.org www.facebook.com subs-test.ama-assn.org payment.edhub.ama-assn.org; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mailto: data: census.gov *.census.gov http://www.census.gov house.gov *.house.gov senate.gov *.senate.gov *.ssa.gov *.ytimg.com *.youtube.com *.twitter.com *.facebook.net *.facebook.com touchpoints.app.cloud.gov *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.doubleclick.net *.jquery.com *.govdelivery.com *.highcharts.com *.adobe.com *.adobedtm.com *.amsadobe.com *.demdex.net *.omtrdc.net *.everesttech.net *.arcgisonline.com *.digitalgov.gov *.tableau.com *.instagram.com *.go-mpulse.net *.askstat.io *.c-span.org sitecatalyst.omniture.com authorize.omniture.com; 1
default-src https:; img-src https: data:; frame-ancestors 'none' 1
default-src 'self'; img-src https: data: 1
default-src 'self'; img-src 'self' task.gda.pl *.task.gda.pl; script-src 'self'; 1
frame-ancestors 'self' https://*.zeotap.com; default-src https:; connect-src https://*.zeotap.com wss://*.zeotap.com api.amplitude.com *.googleapis.com; object-src 'none'; font-src * https://fonts.gstatic.com; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *.zeotap.com online.tableau.com cdn.amplitude.com; style-src 'unsafe-inline' *.zeotap.com cdnjs.cloudflare.com unpkg.com fonts.googleapis.com 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-ZTgyZWY5MzktNjVjMy00ZjY3LWExZDgtYTRjNmQ3OTNhYWE1'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: about: miroapp: wss: ws: *; frame-src 'unsafe-inline' 'unsafe-eval' data: blob: miroapp: *; base-uri 'unsafe-inline' about: data: *; form-action 'unsafe-inline' data: post-it-alpha: post-it: com.mmm.postit.miro: *; worker-src 'unsafe-inline' data: blob: miroapp: *; report-uri https://s.realtimeboard.com/api/25/security/?sentry_key=fb5e3001534f453e85d1771b1088b293&sentry_environment=production; 1
base-uri 'self'; block-all-mixed-content; child-src 'self' ; connect-src 'self' *.adobe.io *.adobelogin.com *.services.adobe.com wwwimages2.adobe.com sstats.adobe.com performance.typekit.net wss://performance.typekit.net use.typekit.net p.typekit.net primer.typekit.net api2.branch.io geo-dc.adobe.com prod.adobeccstatic.com *.behance.net ans.oobesaas.adobe.com prod-rel-ffc-ccm.oobesaas.adobe.com dc-api.adobecontent.io files.acrobat.com files-download2.acrocomcontent.com createpdf.acrobat.com/createpdf/api/ *.amazonaws.com prod.wopi.acrobat.adobe.com *.blob.core.windows.net cdn-sharing.adobecc.com files-asr.acrobat.com createpdf-asr.acrobat.com cloud-asr.acrobat.com upload2-asr.files.acrobat.com files-download2-asr.acrocomcontent.com jobtracker-asr.acrobat.com dc-api-v2.adobecontent.io cvs.adobe.com/content/ detect.adobedccdn.com:* *.sentry.io *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com documents.adobe.com *.documents.adobe.com api.rocketlawyer.com fillsign.acrobat.com/api/ fillsign-asr.acrobat.com comments.acrobat.com send.acrobat.com send-asr.acrobat.com *.demdex.net adobe.tt.omtrdc.net commerce.adobe.com plan.adobe.com odin.adobe.com cdn.cookielaw.org privacyportal.onetrust.com geolocation.onetrust.com/cookieconsentpub/ by2.uservoice.com client.messaging.adobe.com server.messaging.adobe.com graph.microsoft.com *.sharepoint.com api.onedrive.com *.files.1drv.com *.svc.ms *.storage.live.com blob: apis.google.com *.googleapis.com *.googleusercontent.com accounts.google.com/gsi/status accounts.google.com/gsi/log docs.google.com/feeds/ faster.typekit.net express.adobe.com sdk-1p.cc-embed.adobe.com express-embed.adobe.com new.express.adobe.com cc-embed.adobe.com ffc-static-cdn.oobesaas.adobe.com pandora-cdn.adobe.com *.go-mpulse.net *.akstat.io; default-src 'self' *.adobelogin.com/favicon.ico express.adobe.com; font-src 'self' data: *.adobe.com *.typekit.com *.typekit.net *.adobeccstatic.com *.behance.net *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com fonts.gstatic.com; form-action *.adobelogin.com *.officeapps.live.com login.live.com; frame-src 'self' data: blob: documentcloud.adobe.com acrobat.adobe.com *.adobe.io *.adobelogin.com *.services.adobe.com dc-api.adobecontent.io *.amazonaws.com *.blob.core.windows.net cdn-sharing.adobecc.com dc-api-v2.adobecontent.io *.officeapps.live.com login.live.com *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com documents.adobe.com *.documents.adobe.com api.rocketlawyer.com *.demdex.net commerce.adobe.com plan.adobe.com www.google.com/recaptcha/ acrobat.uservoice.com video.tv.adobe.com ui.messaging.adobe.com zeonchatclient-va6.cloud.adobe.io *.sharepoint.com api.onedrive.com *.files.1drv.com *.svc.ms content.googleapis.com/static/ accounts.google.com drive.google.com express.adobe.com express-embed.adobe.com new.express.adobe.com quick-actions.express.adobe.com auth-light.identity.adobe.com acrs.adobe.com/requestAccess; img-src 'self' about: blob: data: *.adobe.com p.typekit.net *.adobelogin.com *.acrobat.com *.acrocomcontent.com *.adobecontent.io *.adobe.io *.adobeccstatic.com *.behance.net cdn-sharing.adobecc.com www.facebook.com/tr *.adobesign.com *.adobesigncdn.com *.echosign.com *.echocdn.com api.rocketlawyer.com ab.adobe-identity.com dpm.demdex.net cm.everesttech.net *.googleusercontent.com cdn.cookielaw.org; media-src 'self' ; manifest-src 'self'; script-src 'self' 'unsafe-eval' www.adobe.com wwwimages2.adobe.com *.adobelogin.com use.typekit.com use.typekit.net auth.services.adobe.com prod.adobeccstatic.com *.behance.net www.adobe.com/content/dam/cc/ www.adobe.com/content/dam/dx-dc/ static.adobesigncdn.com assets.adobedtm.com api.demandbase.com/api/v2/ip.json www.adobe.com/marketingtech/ commerce.adobe.com plan.adobe.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.adobe.com/etc/beagle/public/globalnav/adobe-privacy/latest/privacy.min.js www.adobe.com/etc.clientlibs/globalnav/clientlibs/base/privacy-standalone.js cdn.cookielaw.org/scripttemplates/ cdn.cookielaw.org/consent/ cdn.cookielaw.org/logos/ geolocation.onetrust.com/cookieconsentpub/ geo2.adobe.com/json/ widget.uservoice.com by2.uservoice.com client.messaging.adobe.com apis.google.com/js/ accounts.google.com/gsi/client express.adobe.com sdk-1p.cc-embed.adobe.com express-embed.adobe.com new.express.adobe.com cc-embed.adobe.com shared-components.adobe.com pandora-cdn.adobe.com ffc-static-cdn.oobesaas.adobe.com c.go-mpulse.net s.go-mpulse.net 'sha256-dsrb0lOAzY8OZZDDVmonOsu/BrmE/NmmNWNg18LwVDQ='; style-src *.adobe.com use.typekit.com use.typekit.net *.adobeccstatic.com *.adobesigncdn.com accounts.google.com/gsi/style pandora-cdn.adobe.com 'self' 'unsafe-inline'; worker-src 'self' ; report-uri https://dc-api.adobe.io/system/csp; 1
frame-ancestors http://*.wps.com https://*.wps.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: data: https:; style-src 'self' 'unsafe-inline' blob: data: https:; default-src 'self' https:; img-src https: blob: data: android-webview-video-poster:; frame-src blob: data: https:; worker-src blob: data: https:; child-src blob: data: https:; object-src 'self'; font-src 'self' https: blob: data: safari-extension://*; media-src 'self' blob: data: https:; connect-src wss: blob: data: https: 1
default-src 'self' apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; style-src 'self' 'unsafe-inline' apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/css/; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.cloudflare.com analytics.silktide.com https://js.monitor.azure.com/scripts/b/ai.2.min.js ajax.aspnetcdn.com/ajax/signalr/jquery.signalr-2.1.2.min.js apikeys.civiccomputing.com apis.google.com/_/scs/apps-static/_/js/ apis.google.com/js/ cc.cdn.civiccomputing.com/8/cookieControl-8.2.min.js cdnjs.cloudflare.com/ajax/libs/FileSaver.js/1.3.8/FileSaver.min.js clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://apis.google.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ webservices.data-8.co.uk/javascript/predictiveaddress.js wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/js/; img-src 'self' data: https://i.vimeocdn.com/video/ https://icostorageprod.blob.core.windows.net https://our.umbraco.com/ https://dashboard.umbraco.org/ https://umbraco.tv/ apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://upload.wikimedia.org https://webservices.data-8.co.uk player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/chat/image/ https://chatbot.ico.org.uk/image/; child-src 'self' https://secure6.arcot.com/ https://pay.realexpayments.com/ apikeys.civiccomputing.com https://app.powerbi.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://content.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/ https://chatbot.ico.org.uk/; connect-src 'self' blob: a.eu.silktide.com https://our.umbraco.com/ https://dc.services.visualstudio.com/v2/track apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://en.wikipedia.org/ https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk https://www.gravatar.com/avatar/ player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; media-src 'self' blob: apikeys.civiccomputing.com clapi.civiccomputing.com content.googleapis.com/ https://20.26.48.39 https://fonts.googleapis.com https://fonts.gstatic.com/ https://livechat.ico.org.uk https://webservices.data-8.co.uk  player.vimeo.com/ wss://20.26.48.39 wss://livechat.ico.org.uk www.vimeo.com/ www.youtube-nocookie.com/; object-src 'none'; frame-src *; 1
default-src 'self'; font-src 'self' https://www.citrix.com; style-src-elem 'self' https://www.citrix.com 'unsafe-inline' 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com https://*.wf.com https://*.google.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://iframe.arkoselabs.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-92b3e6ed-f3ea-4f37-a65e-e04584775aa2' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https: https://optimize.google.com; media-src 'self' https: blob:; font-src 'self' data: https: https://fonts.gstatic.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://optimize.google.com https: https://evs.pink-boat.fool.com; connect-src 'self' https: wss://www.fool.com wss://*.33across.com wss://*.hotjar.com https://api.pink-boat.fool.com; upgrade-insecure-requests; img-src 'self' data: https: https://g.foolcdn.com https://optimize.google.com https://www.google-analytics.com; style-src 'self' data: 'unsafe-inline' https: http://fonts.googleapis.com https://fonts.googleapis.com https://optimize.google.com 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval';  frame-ancestors 'self' *.weborama.com *.adways.com *.adpaths.com; 1
default-src 'none'; connect-src 'self'  https://medlineplus.gov www.google-analytics.com stats.g.doubleclick.net *.crazyegg.com *.qualtrics.com; font-src 'self' data: https://medlineplus.gov ; media-src 'self' https://medlineplus.gov ; worker-src 'self' blob: https://medlineplus.gov ; frame-src https://medlineplus.gov  www.googletagmanager.com https://platform.twitter.com:443 https://syndication.twitter.com:443; frame-ancestors 'self' https://guides.nnlm.gov https://medlineplus.gov; img-src 'self' data: https://medlineplus.gov https://accreditnet.urac.org https://www.urac.org https://content.govdelivery.com https://ssl.adam.com/ www.google-analytics.com www.googletagmanager.com gtrk.s3.amazonaws.com stats.g.doubleclick.net https://syndication.twitter.com:443 https://platform.twitter.com:443 *.twimg.com *.qualtrics.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://medlineplus.gov  https://content.govdelivery.com https://platform.twitter.com:443 syndication.twitter.com https://dap.digitalgov.gov *.crazyegg.com www.google-analytics.com www.googletagmanager.com *.cloudfront.net *.nlm.nih.gov ajax.googleapis.com cdn.syndication.twimg.com *.qualtrics.com; style-src 'self' 'unsafe-inline' https://medlineplus.gov  https://content.govdelivery.com https://platform.twitter.com:443; object-src 'none'; upgrade-insecure-requests; report-uri https://nlmoccs.report-uri.com/r/d/csp/reportOnly; 1
default-src 'self'; script-src 'self' analytics.hcaptcha.com a.hcaptcha.com js.hcaptcha.com newassets.hcaptcha.com assets.website-files.com assets-global.website-files.com d3e54v103j8qbb.cloudfront.net hcaptcha.com static.cloudflareinsights.com intuitionmachines.widget.insent.ai embed.typeform.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' assets-global.website-files.com embed.typeform.com 'unsafe-hashes'; object-src 'self' uploads-ssl.webflow.com; base-uri 'self'; connect-src 'self' analytics.hcaptcha.com a.hcaptcha.com accounts.hcaptcha.com newassets.hcaptcha.com assets.hcaptcha.com webflow.com cloudflareinsights.com; font-src 'self' embed.typeform.com data:; frame-src 'self' newassets.hcaptcha.com assets.hcaptcha.com intuitionmachines.widget.insent.ai embed.typeform.com form.typeform.com; img-src 'self' assets.website-files.com assets-global.website-files.com uploads-ssl.webflow.com embed.typeform.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' newassets.hcaptcha.com assets.hcaptcha.com a.hcaptcha.com dashboard.hcaptcha.com intuitionmachines.widget.insent.ai embed.typeform.com; upgrade-insecure-requests 1
frame-ancestors 'self' www.lgechat.com lgechat.com *.lgsolutions.com b2bmkt.lge.com; 1
default-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/; style-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ 'unsafe-inline'; script-src 'self' https://www.freebsd.org/ https://docs.freebsd.org/ https://ssl.google-analytics.com/ga.js 'unsafe-inline' resource: data: blob:; img-src 'self' https://www.freebsd.org/ https://docs.freebsd.org https://ssl.google-analytics.com/ https://chart.googleapis.com/ data: blob:; upgrade-insecure-requests 1
frame-ancestors *.icann.org 1
default-src http: https: data: blob:; media-src http: https: data: blob:; img-src http: https: data: blob:; script-src http: https: data: 'self' 'unsafe-inline' assets-ey.eytmp.ey.com assets-ey.eydev.ey.com assets-ey.eyqa.ey.com assets-ey.eystg.ey.com assets.adobedtm.com players.brightcove.net edge.api.brightcove.com metrics.brightcove.com vjs.zencdn.net edge-player.wirewax.com manifest.prod.boltdns.net bcboltbde696aa-a.akamaihd.net cdn.cookielaw.org; style-src http: https: data: 'self' 'unsafe-inline' assets-ey.eyfoundationdev.ey.com assets.adobedtm.com players.brightcove.net players.brightcove.net edge.api.brightcove.com metrics.brightcove.com vjs.zencdn.net edge-player.wirewax.com manifest.prod.boltdns.net bcboltbde696aa-a.akamaihd.net cdn.cookielaw.org; connect-src http: https: data:; worker-src http: https: data: blob:; font-src http: https: data:; 1
default-src 'none'; script-src 'strict-dynamic' 'nonce-Nc0EEqWR33BiXgakTbuCd31VlBjQa/BWnC90CnRdrGp0ZCWyj7' 'self' 'report-sample' 'unsafe-inline' assets.wearehearken.eu cdn.syndication.twimg.com connect.facebook.net c.files.bbci.co.uk emp.bbci.co.uk ems.wearehearken.eu modules.wearehearken.eu mybbc-analytics.files.bbci.co.uk nav.files.bbci.co.uk news.files.bbci.co.uk platform.twitter.com public.flourish.studio static.bbc.co.uk static.bbci.co.uk static.chartbeat.com static2.chartbeat.com www.bbc.co.uk www.instagram.com www.ons.gov.uk gn-web-assets.api.bbc.com www.google-analytics.com bitesize.files.bbci.co.uk www.tiktok.com lf16-tiktok-web.ttwstatic.com static.files.bbci.co.uk; img-src 'self' https: data:; font-src c.files.bbci.co.uk gel.files.bbci.co.uk static.files.bbci.co.uk static.bbci.co.uk news.files.bbci.co.uk ws-downloads.files.bbci.co.uk bitesize.files.bbci.co.uk; style-src branding.files.bbci.co.uk cdn.riddle.com flo.uri.sh news.files.bbci.co.uk platform.twitter.com static.bbc.co.uk static.bbci.co.uk static.files.bbci.co.uk ton.twimg.com www.riddle.com 'unsafe-inline' lf16-tiktok-web.ttwstatic.com; frame-src 'self' bbc001.carto.com bbc003.carto.com bbc-maps.carto.com cdn.riddle.com chartbeat.com emp.bbc.co.uk emp.bbc.com flo.uri.sh graphics.reuters.com www.reuters.com m.facebook.com news.files.bbci.co.uk personaltaxcalculator2.deloittecloud.co.uk platform.twitter.com public.flourish.studio static2.chartbeat.com syndication.twitter.com web.facebook.com www.bbc.co.uk www.facebook.com www.instagram.com www.tiktok.com www.ons.gov.uk www.riddle.com www.youtube.com www.youtube-nocookie.com toybox.tools.bbc.co.uk uk-script.dotmetrics.net ssp-app-uk.votenow.tv ssp-app-uktest.votenow.tv session.test.bbc.co.uk session.bbc.co.uk; object-src 'none'; manifest-src static.files.bbci.co.uk bitesize.files.bbci.co.uk; media-src 'self' blob: https:; connect-src 'self' https:; child-src blob:; base-uri 'none'; form-action 'self' platform.twitter.com syndication.twitter.com uk-script.dotmetrics.net/DeviceInfo.dotmetrics; frame-ancestors 'none'; upgrade-insecure-requests; report-to default; report-uri https://webcore.bbc-reporting-api.app/report-endpoint; 1
frame-ancestors *.gallupatwork.com *.gallupatwork.au *.gallupatwork.sg *.gallupatwork.uk *.gallup.com 1
frame-ancestors https://www.airship.com/ https://app.mutinyhq.com/; upgrade-insecure-requests; 1
script-src 'nonce-db124771570744799ea2a61bb73fdfde' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval' *.bdxiguastatic.com *.bytescm.com *.bytetos.com *.toutiao.com *.ibytedapm.com bdxiguastatic.com *.bytedance.net;connect-src 'self' http://localhost:25171 vc-gate.ndcpp.com *.hypercachenet.com:* *.ugslb.com *.vvipquan.com *.livehwc3.cn *.smtcdns.net *.bytefcdnrd.com zone1-services-cdn.com *.yhgfb-cn-static.com skincareadvertsking.com infragrid.v.network *.ksyungslb.com *.ksyungslb2.com  code.jquery.com ws://127.0.0.1:* www.wetab.link *.toutiaostatic.com *.douyinvod.com meetlookup.com *.sinaimg.cn xg.eggvod.cn tl.ytlogs.ru ocs-cn-north1.heytapcs.com analytics.google.com scriptcat.org tvax2.sinaimg.cn test.jpnet.cc q.qlogo.cn greasyfork.org translate.googleapis.com stats.g.doubleclick.net chrome-tools.shank.ifeng.com v7.pstatp.com wv.china.expressplay.cn cdnmd.global-cache.online safe.usergrowth.com.cn hm.baidu.com *.byteacctimg.com *.tbcache.com *.jomodns.com *.volcsiriusbd.com:* *.volcsirius.com:* *.bsgslb.cn:* *.zzcdnx.com:* *.bsccdn.net:* *.ourdvsss.com:* *.idouyinvod.com:* *.snssdk.com *.volcimagex.net *.bdxiguaimg.com *.toutiaoimg.com *.bytedance.com *.bdxiguastatic.com *.ixigua.com *.byteeffecttos.com *.itoutiaoimg.com *.toutiao.com *.365yg.com *.govwza.cn trans.xdtsmart.com *.douyinpic.com wx.qlogo.cn *.google-analytics.com *.zijieapi.com *.byteimg.com *.bytescm.com *.bytedance.net;report-to slardar-endpoint; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-Tgx6pC9hAg+HMlmqB8VG0heZTOD5tm' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
worker-src blob:; frame-ancestors 'self' https://www.surveymonkey.com https://google.com https://app.asana.com https://blog.asana.com https://academy.asana.com; report-uri https://app.asana.com/-/csp_report; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.aspnetcdn.com https://bat.bing.com https://sjs.bizographics.com https://ct.capterra.com https://googleads.g.doubleclick.net https://ethn.io https://connect.facebook.net https://tracking.g2crowd.com https://www.google-analytics.com https://apis.google.com https://www.googleadservices.com https://*.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ssl.gstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.jotfor.ms https://form.jotform.us https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://accounts.livechatinc.com https://cdn.livechatinc.com https://secure.livechatinc.com https://luna1.co https://js.recurly.com https://fast.wistia.com https://fast.wistia.net https://www.youtube.com https://s.ytimg.com https://*.marketo.com https://*.marketo.net https://cdnjs.cloudflare.com https://api.ipify.org https://cdn.pdst.fm https://*.vimeocdn.com https://resources.asana.com https://w58858w0sjxx.statuspage.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.logs.datadoghq.com https://www.datadoghq-browser-agent.com https://tagmanager.google.com/debug https://t.contentsquare.net contentsquare.com app.contentsquare.com https://solve-widget.forethought.ai https://cdn.jsdelivr.net/npm/@sheerid/jslib@1/ https://v2.listenloop.com https://boards.greenhouse.io/embed/job_board/js https://www.redditstatic.com/ads/pixel.js https://yjtag.jp/tag.js https://s.yjtag.jp/tag.js https://s.yimg.jp/ https://yjtag.yahoo.co.jp/tag https://analytics.tiktok.com/i18n/pixel/ https://s.pinimg.com/ct/ https://tag.demandbase.com/37001681d9f07945.min.js https://tag.clearbitscripts.com https://x.clearbitjs.com https://b92.yahoo.co.jp/rt/ https://t-antenna.asana.com/ https://scripts.postie.com/wbgboxjj/lp.1.js https://b91.yahoo.co.jp/pagead/ https://b98.yahoo.co.jp/ https://accounts.google.com/gsi/client  https://js.adstk.io/convpixel.js https://a.quora.com/qevents.js https://d34r8q7sht0t9k.cloudfront.net/tag.js https://collector-39548.us.tvsquared.com/tv2track.js https://*.qualified.com https://static.xingcdn.com/xingtrk/index.js https://ct.pinterest.com/static/ct/token_create.js 1
frame-ancestors 'self' https://*.tamu.edu 1
frame-ancestors 'self' *.northpass.com 1
default-src 'self' *.minzdrav.gov.ru *.rosminzdrav.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.minzdrav.gov.ru *.rosminzdrav.ru https://stat.sputnik.ru connect.mail.ru ok.ru vk.com connect.ok.ru pos.gosuslugi.ru; style-src 'self' 'unsafe-inline' *.minzdrav.gov.ru *.rosminzdrav.ru pos.gosuslugi.ru; media-src 'self' data: *.minzdrav.gov.ru *.rosminzdrav.ru pos.gosuslugi.ru; img-src 'self' data: *; font-src 'self' *.minzdrav.gov.ru *.rosminzdrav.ru pos.gosuslugi.ru; frame-src 'self' *.minzdrav.gov.ru *.rosminzdrav.ru pos.gosuslugi.ru; connect-src 'self' *.minzdrav.gov.ru *.rosminzdrav.ru stat.sputnik.ru pos.gosuslugi.ru; upgrade-insecure-requests; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-C0ExS28qIsNb1ZtQWb+f2PZ1XXVULp' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'none';manifest-src 'self';object-src 'none';worker-src 'self' blob:; 1
default-src 'self'; manifest-src 'self'; font-src 'self' data: f1-eu.readspeaker.com netdna.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' webstatistics.telefonica.de f1-eu.readspeaker.com app.mailjet.com console.e-bot7.de; connect-src 'self' webstatistics.telefonica.de f1-eu.readspeaker.com app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com console.e-bot7.de; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' f1-eu.readspeaker.com; base-uri 'self'; form-action 'self' jobs.telefonica.com; frame-src 'self' charts3.equitystory.com www.youtube-nocookie.com app.mailjet.com console.e-bot7.de 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com wss://*.conde.digital; font-src https: data:; img-src https: data: blob: android-webview-video-poster:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' *.uspto.gov *.qualtrics.com data: https:;  frame-ancestors 'self' *.youtube.com *.ytimg.com *.govdelivery.com; img-src 'self' *.uspto.gov *.googletagmanager.com *.qualtrics.com *.jwpltx.com data: *.govdelivery.com *.google-analytics.com *.gstatic.com *.youtube.com *.ytimg.com; style-src 'self' *.uspto.gov *.googleapis.com addtocalendar.com *.govdelivery.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' *.uspto.gov addtocalendar.com *.qualtrics.com *.jwpcdn.com *.bootstrapcdn.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.youtube.com  *.ytimg.com search.usa.gov *.govdelivery.com 'unsafe-inline' 'unsafe-eval' 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' blob:;img-src * data: blob:;media-src * data:;font-src * data: https: 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-MDYyODJlYzAtZTJjNC00ZThiLWE1MDUtN2NlZmE2OTc1Yjg5'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
frame-ancestors https://teams.powerbi.com 'self' https://teams.microsoft.com https://gov.teams.microsoft.us https://dod.teams.microsoft.us https://outlook.office.com https://outlook-sdf.office.com https://outlook.office365.com https://outlook-sdf.office365.com https://www.office.com https://scuprodprv.www.office.com https://www.microsoft365.com 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.traveloka.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bing.com https://*.remotepc.com https://*.remotedesktop.com https://media.twiliocdn.com https://sdk.amazonaws.com https://static.idriveonlinebackup.com https://*.facebook.com https://*.google.com https://*.googleapis.com https://www.google-analytics.com https://*.criteo.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.criteo.net https://api.maxaccess.io https://gum.criteo.com https://sslwidget.criteo.com https://*.livechatinc.com https://html5shim.googlecode.com https://s.adroll.com https://a.adroll.com https://d.adroll.com https://www.idrivedownloads.com http://ssl.p.jwpcdn.com https://www.youtube.com https://px.spiceworks.com https://connect.facebook.net https://5358683.fls.doubleclick.net https://platform.twitter.com https://www.googleadservices.com https://www.gstatic.com https://ssl.google-analytics.com https://code.jquery.com https://*.stripe.com https://cdnjs.cloudflare.com https://bat.bing.com https://www.googletagmanager.com https://www.clarity.ms https://hcaptcha.com https://*.hcaptcha.com; img-src https://* 'self' data: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.remotepc.com https://*.remotedesktop.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com https://hcaptcha.com https://*.hcaptcha.com https://catamphetamine.gitlab.io https://*.bootstrapcdn.com; font-src https://* data: ;object-src 'self' https://secure.livechatinc.com; media-src https://* blob:; worker-src https://* blob:; connect-src wss: https://* blob:; 1
frame-ancestors 'self' piwik.mpg.de statistics.mpg.de statistik.mpg.de; 1
base-uri 'self'; font-src 'self' https: data: *.taboola.com; form-action 'self'; frame-ancestors *; img-src 'self' https: data: *.testfaz.net *.faz.net *.taboola.com; object-src 'self'; script-src-attr 'unsafe-inline'; style-src https: 'unsafe-inline' 'self' *.testfaz.net *.faz.net *.taboola.com; script-src 'unsafe-inline' 'unsafe-eval' https: *; upgrade-insecure-requests; connect-src *; default-src 'self' https:; frame-src *; media-src 'self' https: data:; worker-src * blob:; 1
default-src 'none'; connect-src 'self' https://admin.hostpoint.ch https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ch https://*.google.at https://*.google.de https://*.google.fr https://*.google.it https://*.google.li https://*.googleapis.com https://*.gstatic.com https://www.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://bat.bing.com https://*.clarity.ms https://hostpointag.recruitee.com https://analytics.twitter.com https://t.co; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com; form-action 'self' https://admin.hostpoint.ch https://www.facebook.com; frame-ancestors 'self' https://www.jobs.ch; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://maps.google.com https://www.google.com https://www.facebook.com; img-src 'self' data: https://banner.hostpoint.ch https://hostpoint-static.ch https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ch https://*.google.at https://*.google.de https://*.google.fr https://*.google.it https://*.google.li https://*.fls.doubleclick.net https://ad.doubleclick.net https://google.com https://*.googleapis.com https://*.gstatic.com https://www.facebook.com https://*.hotjar.com https://*.ads.linkedin.com https://bat.bing.com https://analytics.twitter.com https://t.co; media-src 'self' https://hostpoint-static.ch; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://connect.facebook.net https://*.hotjar.com https://px.ads.linkedin.com https://snap.licdn.com https://www.linkedin.com https://sjs.bizographics.com https://bat.bing.com https://*.clarity.ms https://analytics.twitter.com https://static.ads-twitter.com https://twitter.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://*.hotjar.com; block-all-mixed-content; report-uri https://hostpoint.uriports.com/reports/report; report-to default; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-kHZGUZDlxdF6FuCWDNN6Ww=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
frame-ancestors https://*.sprinklr.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.theoplayer.com *.youtube.com cdnjs.cloudflare.com vjs.zencdn.net static.tagboard.com *.minute.ly blob: *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.ly;worker-src 'self' blob:;script-src-attr 'unsafe-inline';default-src 'unsafe-inline' blob:;manifest-src 'self' 'unsafe-inline' blob:;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.ttwstatic.com;img-src 'self' 'unsafe-inline' data: blob: *;media-src 'self' 'unsafe-inline' data: blob: *;connect-src 'self' localhost:* cxm-dev-gl-afd-001-apis-fifa.azurefd.net cxm-uat-gl-afd-001-apis-fifa.azurefd.net *.cloudfront.net *.mycujoo.tv *.mcls.live *.p5cdn.com *.theoplayer.com *.youtube.com *.uplynk.com *.minute.ly *.onetrust.com mycujoo-static-fastly.images.mcls.live cpt-services-fastly.images.mcls.live mycujoo-assets-fastly.images.mcls.live m-tv-fastly.images.mcls.live mycujoo-thumbs-fastly.images.mcls.live wss://mls-rt.mycujoo.tv cxm-dev-we-fas-001-search-api.azurewebsites.net cxm-uat-we-fas-001-search-api.azurewebsites.net *.fifa.com *.adnxs.com *.crwdcntrl.net *.doubleclick.net *.doubleclick.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.googleanalytics.com *.googlevideo.com *.tpcsyndication.com *.nice264.com *.npaw.com *.tealiumiq.com *.tiqcdn.cn *.tiqcdn.com *.youbora.com *.youborafds01.com *.youboranqs01.com *.youboranqs02.com *.gstatic.com adservice.google.cn adservice.google.co.uk adservice.google.com adservice.google.es analytics.twitter.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net dc.services.visualstudio.com dpm.demdex.net fifa.hb-api.omtrdc.net platform.twitter.com sc-static.net static.ads-twitter.com tr.snapchat.com *.conviva.com *.instagram.com *.tiktok.com *.ttwstatic.com *.tiktokcdn.com *.tiktokcdn-us.com *.2mdn.net api.pingone.eu walls.io *.minute.ly;frame-ancestors 'self' https://apps.monterosa.cloud https://mtsa-blog.fifa.com;frame-src 'self' *.fifa.com *.doubleclick.net *.googlesyndication.com *.googleapis.com *.theoplayer.com *.walls.io https://fifa.demdex.net/ https://tags.crwdcntrl.net/ https://tr.snapchat.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://scontent.cdninstagram.com/ https://www.tiktok.com/ https://fifa-interest-page-qa-app.azurewebsites.net/ https://fifa-interest-page-prd-app.azurewebsites.net/ https://fifa-registration-of-interest-qa-app.azurewebsites.net/ https://fifa-registration-of-interest-prd-app.azurewebsites.net/ https://apps.monterosa.cloud https://mtsa-blog.fifa.com https://embed.tagboard.com;form-action 'self' https://tr.snapchat.com/ https://www.facebook.com/;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests 1
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly beaconapi.helpscout.net d3hb14vkzrxvla.cloudfront.net app.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com beacon-v2.helpscout.net app.gumroad.com assets.gumroad.com 'nonce-R9lOAEr4BWZKpvKpCGV5l+2oHVwmzt9RDNFW+gVH/1k=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob: 1
frame-ancestors 'self' https://*.brightsites.co.uk; 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://seekingalpha.com/report/csp 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
base-uri 'none'; form-action 'self'; default-src 'self'; img-src 'self' data:; script-src 'self'; frame-ancestors 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
default-src 'self' curl.haxx.se www.curl.se curl.se; style-src 'unsafe-inline' 'self' curl.haxx.se www.curl.se curl.se; require-trusted-types-for 'script'; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-szNDq/7lVDDTK67MNOq45hnA+nM=' 'nonce-fZfmKPu1TrjWqrMnc3fThJ3GHIg=' 1
default-src https://s3.ap-northeast-1.amazonaws.com https://bat.bing.com https://www.facebook.com https://connect.facebook.net https://static.ada.support https://wallet.advcash.com https://t.co https://analytics.twitter.com https://h.online-metrix.net https://*.kucoin.plus https://www.googleadservices.com https://googleads.g.doubleclick.net https://revain.org https://api.mobilum.com https://mc.yandex.ru https://widget.mobilum.com https://sdk.im.jiguang.cn  https://maxcdn.bootstrapcdn.com  https://www.googletagmanager.com  https://upload.qiniup.com  https://frontend-helper.cloudtechnet.cn  https://*.staticimg.com  https://*.staticimg.co  https://*.xcoinsystem.com https://*.kucoin.com  https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.pool-x.io https://*.kcsfile.com  https://storage.googleapis.com  https://font.googleapis.com  https://www.recaptcha.net  https://at.alicdn.com  https://g.alicdn.com  https://www.google-analytics.com  https://www.gstatic.cn  https://fonts.gstatic.cn  https://fonts.gstatic.com  https://www.gstatic.com  https://stats.g.doubleclick.net  https://ekr.zdassets.com  https://static.geetest.com  https://api.geetest.com  https://dn-staticdown.qbox.me  https://www.youtube.com  https://kucoin.zendesk.com  https://rollbar-eu.zendesk.com  https://support.zendesk.com  https://www.zendesk.com https://ekr.zdassets.com  https://static.zdassets.com  https://widget-mediator.zopim.com  wss://widget-mediator.zopim.com https://v2.zopim.com  https://cdn.zopim.com  https://www.zopim.com  https://uploads.zopim.com  https://assets.zopim.com  https://api.zopim.com  https://v2assets.zopim.io  https://www.google.co.jp  https://www.google.com https://*.kucoin.work https://api.smooch.io https://*.legendtrading.com https://*.googleapis.com https://fastly.jsdelivr.net https://legendtrading.zendesk.com https://*.ckotech.co https://*.checkout.com https://*.veriff.me https://*.forter.com https://dkupaw9ae63a8.cloudfront.net https://monitor.geetest.com https://api.geevisit.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.plaid.com https://rpc.walletconnect.org https://rpc.walletconnect.com https://api.web3modal.org https://api.web3modal.com https://verify.walletconnect.org https://verify.walletconnect.com https://fpnpmcdn.net https://cdn.seondf.com https://ap.api.fpjs.io https://*.seondfresolver.com data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline' ; connect-src https://bat.bing.com https://www.facebook.com https://connect.facebook.net https://kucoin.eu.ada.support https://rollout.eu.ada.support https://bigdata-scfx-push.kucoin.plus https://*.sentry.io https://www.googleadservices.com https://googleads.g.doubleclick.net  https://revain.org  https://api.mobilum.com  https://mc.yandex.ru  https://widget.mobilum.com  https://sdk.im.jiguang.cn  https://maxcdn.bootstrapcdn.com  https://www.googletagmanager.com  https://upload.qiniup.com  https://frontend-helper.cloudtechnet.cn  https://*.staticimg.com  https://*.staticimg.co https://*.kucoin.plus  https://*.xcoinsystem.com  https://*.kucoin.com  https://*.kucoin.biz https://*.kucoin.fit https://*.kucoin.cloud https://*.pool-x.io  https://*.kcsfile.com  https://storage.googleapis.com  https://font.googleapis.com  https://www.recaptcha.net  https://at.alicdn.com  https://g.alicdn.com  https://www.google-analytics.com  https://www.gstatic.cn  https://fonts.gstatic.cn  https://fonts.gstatic.com  https://www.gstatic.com  https://stats.g.doubleclick.net  https://ekr.zdassets.com  https://www.tradingview.com https://static.geetest.com  https://api.geetest.com  https://dn-staticdown.qbox.me  https://www.youtube.com  https://kucoin.zendesk.com  https://rollbar-eu.zendesk.com  https://support.zendesk.com  https://www.zendesk.com https://ekr.zdassets.com  https://static.zdassets.com  https://widget-mediator.zopim.com  wss://widget-mediator.zopim.com https://v2.zopim.com  https://cdn.zopim.com  https://www.zopim.com  https://uploads.zopim.com  https://assets.zopim.com  https://api.zopim.com  https://v2assets.zopim.io  https://www.google.co.jp  https://www.google.com https://*.kucoin.work https://www.google.com.hk https://analytics.google.com https://api.smooch.io https://kucoinvip.zendesk.com https://api.legendtrading.com https://legendtrading.zendesk.com https://maps.googleapis.com https://*.ckotech.co https://*.checkout.com https://*.veriff.me https://*.forter.com https://d3in1te4fdays6.cloudfront.net https://d1wix2gc2cgqis.cloudfront.net wss://cdn0.forter.com https://kucoinservice.zendesk.com https://hcaptcha.com https://*.hcaptcha.com https://rpc.walletconnect.org https://rpc.walletconnect.com https://api.web3modal.org https://api.web3modal.com https://verify.walletconnect.org https://verify.walletconnect.com wss://relay.walletconnect.com wss://relay.walletconnect.org https://ap.api.fpjs.io https://*.seondfresolver.com data: ws: wss: eval: inline: 'unsafe-eval' 'unsafe-inline'; font-src http: https: data:; img-src http: https: data: blob:; worker-src http: https: data: blob:; child-src http: https: data: blob:; frame-ancestors 'self' https://kucoin.eu.ada.support https://www.google.co.jp https://www.google.com https://*.kucoin.com https://*.kucoin.biz https://*.kucoin.fit https://*.xcoinsystem.com https://*.kucoin.cloud https://*.kucoin.plus https://*.kucoin.work 1
script-src https: http: 'unsafe-eval' 'unsafe-inline'; frame-ancestors https://*.browserstack.com; worker-src https: http: blob: 'unsafe-eval' 'unsafe-inline'; style-src https: http: 'unsafe-inline'; img-src https: http: data: blob: about:; font-src https: http: data:; connect-src https: http: wss:; object-src https: http: 1
frame-src 'self' www.youtube.com player.vimeo.com www.ustream.tv www.slideshare.net *.wufoo.com calendar.google.com docs.google.com www.google.com maps.google.com accounts.google.com cse.google.com s3-us-west-2.amazonaws.com form.jotform.com static.addtoany.com *.facebook.com *.facebook.net api-a3b78b57.duosecurity.com cdn.knightlab.com www.buzzsprout.com caltech.us5.list-manage.com eyes.nasa.gov *.everbridge.net w.soundcloud.com; child-src 'self' www.youtube.com player.vimeo.com www.slideshare.net *.wufoo.com calendar.google.com docs.google.com accounts.google.com; font-src 'self' public.slidesharecdn.com fonts.gstatic.com https://script.hotjar.com data:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com googleapis.com *.google.com cdn.datatables.net https://static.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com cdn.mathjax.org stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com *.google.com *.googleapis.com googleapis.com api.duosecurity.com browser.sentry-cdn.com www.feedrapp.info sentry.io static.addtoany.com *.facebook.net cdn.datatables.net www.youtube.com cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com; default-src 'self'; img-src 'self' data: caltech-prod.s3.amazonaws.com s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/ i.ytimg.com www.youtube.com player.vimeo.com ustvstaticcdn1-a.akamaihd.net www.slideshare.net cdn.slidesharecdn.com www.gravatar.com stats.g.doubleclick.net cdnjs.cloudflare.com *.staticflickr.com *.cdninstagram.com www.google-analytics.com *.gstatic.com *.google.com *.googleapis.com googleapis.com www.facebook.com cdn.datatables.net https://static.hotjar.com https://script.hotjar.com; form-action 'self' *.wufoo.com docs.google.com www.its.caltech.edu caltech.us5.list-manage.com api-a3b78b57.duosecurity.com; frame-ancestors 'self' *.caltech.edu; media-src 'self' www.youtube.com player.vimeo.com; base-uri 'self' *.caltech.edu; connect-src 'self' www.google-analytics.com stats.addtoany.com sentry.io maps.googleapis.com googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; object-src 'self'; report-uri /_csp 1
default-src *.msi.com *.msi.cn https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.msi.com *.msi.cn www.instagram.com https: 'unsafe-inline' 'unsafe-eval' https://embedsocial.com https://graph.facebook.com www.instagram.com blob: data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' *.msi.com sdqk.me giphy.com *.youtube.com www.youtube-nocookie.com http://www.youtube.com *.facebook.com *.doubleclick.net *.hotjar.com render.arch01.xyz embedsocial.com insight.adsrvr.org gleam.io  https://insight.adsrvr.org/ www.instagram.com; frame-ancestors 'self' twitter.com http://twitter.com  t.co http://t.co ;block-all-mixed-content; form-action 'self' *.facebook.com http://facebook.com  *.twitter.com http://twitter.com  *.google.com http://google.com  connect.facebook.net http://connect.facebook.net ;child-src 'self' blob: *.facebook.com http://facebook.com  *.google.com http://google.com  *.doubleclick.net http://doubleclick.net  *.googlesyndication.com http://googlesyndication.com  connect.facebook.net http://connect.facebook.net  platform.twitter.com http://platform.twitter.com  www.youtube.com http://www.youtube.com  www.googletagmanager.com http://www.googletagmanager.com ; 1
upgrade-insecure-requests; object-src 'none'; default-src 'self' 'report-sample'; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; script-src 'self' 'report-sample' 'strict-dynamic' 'nonce-280201af38bf168c2927fd11b925a9b4'; connect-src 'self' https://api2.nicehash.com https://capture.trackjs.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://www.google.com/pagead https://www.google.com/pagead/landing https://adservice.google.com https://stats.g.doubleclick.net https://accounts.google.com/gsi/ wss://*.nicehash.com wss://*.ws.nicex.com http://localhost:18000 http://localhost:18001; img-src 'self' 'report-sample' https://api2.nicehash.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://adservice.google.com https://stats.g.doubleclick.net https://usage.trackjs.com https://i.ytimg.com https://img.youtube.com https://www.gstatic.com https://www.google.com https://play-lh.googleusercontent.com https://static.nicehash.com https://nicex.banxa.com/images/payment-providers/ https://nicex.banxa.com/images/payment-providers/ data:; base-uri 'self'; font-src 'self' https://fonts.gstatic.com data:; media-src 'self' https://static.nicehash.com data:; form-action 'self' https://api.nicehash.com; child-src 'self' https://recaptcha.net https://www.google.com https://youtube.com https://www.youtube.com https://api.sumsub.com https://widget.nicehash.com https://accounts.google.com/gsi/; report-uri /_csp_; report-to active 1
script-src 'self' 'unsafe-inline' https://cdn.mxpnl.com https://fast.appcues.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://service.maxymiser.net/ https://tags.tiqcdn.com/ https://*.netsuite.com https://consent.truste.com https://*.trustarc.com https://*.bing.com https://*.doubleclick.net https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://static.atgsvcs.com https://rules.atgsvcs.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://www.rnengage.com https://*.rightnowtech.com https://assets.adobedtm.com https://img.en25.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.akamaihd.net https://*.demdex.net https://*.omtrdc.net https://*.adobetag.com https://*.linkedin.com https://*.licdn.com https://*.2o7.net https://tags.bkrtx.com https://flex.atdmt.com https://*.oracleinfinity.io https://dqm.crownpeak.com/ https://app.hushly.com https://script.crazyegg.com https://activitymap.adobe.com https://static.ocecdn.oraclecloud.com https://*.go-mpulse.net https://static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://www.netsuite.com https://*.app.netsuite.com https://netsuite-salechat.widget.custhelp.com https://netsuite-salechat--tst1.widget.custhelp.com https://fonts.googleapis.com https://app.hushly.com https://hud.crazyegg.com; img-src * data: ; frame-src 'self' https://sc-oal-en.custhelp.com https://service.maxymiser.net/ https://go.netsuite.com https://*.doubleclick.net https://*.youtube.com https://*.youtu.be https://*.facebook.com https://*.facebook.net https://*.omtrdc.net https://*.trustarc.com https://netsuite-salechat-fi.custhelp.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://netsuite-salechat-na--tst1.custhelp.com https://netsuite-salechat-na.custhelp.com https://netsuite-salechat-de.custhelp.com https://netsuite-salechat-es.custhelp.com https://netsuite-salechat-fr.custhelp.com https://netsuite-salechat-jp.custhelp.com https://netsuite-salechat-ko.custhelp.com https://netsuite-salechat-nl.custhelp.com https://netsuite-salechat-pt.custhelp.com https://netsuite-salechat-sv.custhelp.com https://netsuite-salechat-zhcn.custhelp.com https://netsuite-salechat-zhtw.custhelp.com https://netsuite-salechat-it.custhelp.com  https://netsuite-salechat-pl.custhelp.com https://netsuite-salechat-ru.custhelp.com https://netsuite-salechat-tr.custhelp.com https://*.demdex.net https://*.bluekai.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://hud.crazyegg.com https://activitymap.adobe.com; connect-src 'self' https://tracking.netsuite.com https://api.company-target.com https://*.doubleclick.net https://*.googlevideo.com https://*.omtrdc.net https://*.demdex.net https://rules.atgsvcs.com https://bat.bing.com https://netsuite-salechat.custhelp.com https://netsuite-salechat--tst1.custhelp.com https://www-stage.oracle.com https://api.crownpeak.net/ https://script.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com https://hud.crazyegg.com https://app.hushly.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.facebook.com https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net wss://idcs-oda-7fa1f5c9fa1841329f72d8695ac98c9a-da3.data.digitalassistant.oci.oraclecloud.com; font-src 'self' data: https://www.netsuite.com; media-src 'self' blob: ;child-src 'self' blob: ; report-uri https://nlcorp.app.netsuite.com/app/security/csp/cspaudit.nl 1
default-src 'self' fastly-insights.com *.fastly-insights.com blob: https://www.google-analytics.com https://docs.google.com 'unsafe-inline' 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-bb41979d-f945-480b-82ff-95be323f89a7' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
script-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://edit.staging.fema.gov https://edit.staging.fema.gov/:178 https://edit.fema.gov https://edit.fema.gov/:178 https://www.fema.gov https://www.fema.gov/:178 https://content.govdelivery.com https://cdn.jsdelivr.net fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.fema.gov/report-uri/enforce 1
default-src 'self' 'unsafe-inline' *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
frame-ancestors 'self' *.wallet.airpay.vn *.shopee.kr *.airpay.vn *.shopeemobile.com *.shopee.vn *.shopee.cn *.shopee.io *.facebook.com *.dailyshopee.vn https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
child-src 'self' blob:;connect-src 'self' https://yle.fi https://*.yle.fi https://*.ylestatic.fi blob: https://*.akamaized.net https://*.kaltura.com https://endpoint.finnpanel.fi https://*.chartbeat.net https://api.mapbox.com https://events.mapbox.com https://api.flockler.com https://plugins.flockler.com https://*.stat.fi https://sak.userreport.com https://*.enetscores.com/ wss://migratory.enetpulse.com https://*.litix.io https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://dpm.demdex.net https://*.omtrdc.net;default-src 'self';font-src data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.enetscores.com/;frame-src 'self' https://docs.google.com/forms/ https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://infogram.com https://e.infogram.com https://platform.twitter.com https://www.instagram.com https://tag.userreport.com https://chartbeat.com https://static2.chartbeat.com https://flockler.com/plugins/upload-form/ https://assets-decodeurs.lemonde.fr;img-src 'self' blob: data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://ping.chartbeat.net https://*.akamaized.net https://*.akamaihd.net https://*.analytics.edgekey.net https://*.cloudinary.com https://*.kaltura.com https://syndication.twitter.com https://visitanalytics.userreport.com https://flockler.com https://media-api.flockler.com https://fl-1.cdn.flockler.com https://fl-cdn.scdn1.secure.raxcdn.com https://*.enetscores.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://dpm.demdex.net https://*.omtrdc.net;manifest-src 'self';media-src blob: data: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://*.akamaihd.net https://*.akamaized.net https://*.kaltura.com;object-src 'none';script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' blob: https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://static.chartbeat.com https://static2.chartbeat.com https://tunnus-sdk.yle.fi https://*.analytics.edgekey.net https://*.kaltura.com https://www.gstatic.com https://sak.userreport.com https://infogram.com https://e.infogram.com https://platform.twitter.com/ https://www.instagram.com/embed.js https://platform.instagram.com/ https://embed-cdn.flockler.com/embed-v2.js https://fl-1.cdn.flockler.com/ https://*.enetscores.com/ https://assets.adobedtm.com https://cm.everesttech.net https://*.demdex.net https://dpm.demdex.net https://*.omtrdc.net;style-src 'self' 'unsafe-inline' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://fl-1.cdn.flockler.com/ https://*.enetscores.com/;style-src-elem 'self' 'unsafe-inline' https://yle.fi https://*.yle.fi https://*.ylestatic.fi https://api.mapbox.com/ https://*.enetscores.com/;upgrade-insecure-requests;report-to csp-report-endpoint;report-uri https://csp.aws.yle.fi/index 1
frame-ancestors 'self' pananames.com *.pananames.com 1
upgrade-insecure-requests; font-src data: https:; img-src data: https:; default-src https: blob: 'unsafe-inline' 'unsafe-eval'; manifest-src 'self'; object-src 'none'; report-uri https://tsddev.report-uri.com/r/d/csp/enforced; report-to default; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-632dfff469341e026be8a51a6d405bfd' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1517200259078342; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1517200259078342 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thespruce.com 1
frame-ancestors 'self' *.wallet.airpay.ph *.shopee.kr *.airpay.ph *.shopeemobile.com *.shopee.ph *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src 'none';              img-src 'self' https://testing.developer.gimp.org https://developer.gimp.org https://blogs.gnome.org;              style-src 'self';              script-src 'self' https://www.openhub.net;              font-src 'self';              child-src 'self' https://peer.tube https://www.openhub.net https://www.youtube.com https://www.youtube-nocookie.com https://video.blender.org;              object-src 'none';              media-src 'self' https://download.gimp.org https://download-fallback.gimp.org https://www.mirrorservice.org https://*.ftp.acc.umu.se https://ftp.rrze.uni-erlangen.de;              base-uri 'self';              form-action 'self' https://www.paypal.com https://gitlab.gnome.org;              frame-ancestors 'self'; 1
default-src 'none'; img-src 'self' fast.wistia.com https: data: blob:; script-src 'self' 'unsafe-inline' https://ob.iseaskies.com https://obs.iseaskies.com *.mountain.com https://netlify-rum.netlify.app j.6sc.co *.adroll.com snap.licdn.com cdn.bizible.com cdn.pdst.fm connect.facebook.net trk.techtarget.com t.sf14g.com *.marketo.net js.adsrvr.org *.crazyegg.com https://cdnjs.cloudflare.com https://*.cloudfront.net https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://sidebar.bugherd.com http://info.zscaler.com 'unsafe-eval' 'unsafe-inline' bat.bing.com https://widget.usersnap.com/ http://fast.wistia.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ https://resources.usersnap.com/ https://www.googletagmanager.com/gtag/ http://pipedream.wistia.com/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://acsbapp.com https://www.googletagmanager.com js.driftt.com js.adsrvr.org assets.adobedtm.com bugcrowd.com *.bugcrowdusercontent.com *.googleadservices.com https://twin-iq.kickfire.com https://www.rumiview.com *.linkedin.oribi.io gateway.zscalertwo.net *.jquery.com www.youtube.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://ws-assets.zoominfo.com 'unsafe-eval' https://api.intellimize.co https://cdn.intellimize.co; font-src 'self' data: https://fonts.gstatic.com http://fonts.gstatic.com https://fast.wistia.com/assets https://acsbapp.com; style-src 'self' 'unsafe-inline' http://info.zscaler.com http://fonts.googleapis.com https://www.googletagmanager.com; connect-src 'self' blob: 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 35.83.209.52 44.238.33.223 54.190.217.118 44.240.152.58 54.69.255.140 52.88.179.26 34.238.149.65 52.7.151.245 44.209.137.118 35.81.173.170 34.210.219.79 52.37.218.4 52.42.124.195 52.89.99.220 35.85.106.161 44.235.191.156 52.12.117.226 35.81.162.201 34.212.4.35 https://ingesteer.services-prod.nsvcs.net fast.wistia.com https://google.com https://www.google.com www.google.co.in secure.adnxs.com cdn.linkedin.oribi.io *.cloudfunctions.net ibc-flow.techtarget.com *.mktoresp.com bat.bing.com *.crazyegg.com *.6sc.co st.fullcircleinsights.com https://*.google-analytics.com https://region1.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://cms.zscaler.com https://www.zscaler.com https://sockjs.pusher.com wss://ws-mt1.pusher.com https://sessions.bugsnag.com https://*.acsbapp.com https://*.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net http://pipedream.wistia.com/ https://www.google-analytics.com/ https://analytics.google.com https://stats.g.doubleclick.net https://ba5832d1af5a45e6ad89599ab3f2054d.us-central1.gcp.cloud.es.io https://www.googletagmanager.com *.6sense.com *.linkedin.oribi.io https://adservice.google.com http://embed.wistia.com https://px.ads.linkedin.com/ws https://www.facebook.com/tr/ https://px.ads.linkedin.com/wa/ https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://js.zi-scripts.com https://ws.zoominfo.com https://ws.zoominfo.com https://log.intellimize.co https://api.intellimize.co ob.iseaskies.com obs.iseaskies.com; media-src https://cms.zscaler.com https://fast.wistia.com/embed/ https://fast.wistia.com/assets/ blob: https://embedwistia-a.akamaihd.net https://embed-cloudfront.wistia.com js.driftt.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com; worker-src 'self' blob: ; frame-src 'self' blob: e.issuu.com insight.adsrvr.org www.facebook.com staging.visualize-roi.com https://www.visualize-roi.com https://*.doubleclick.net https://bugcrowd.com https://fast.wistia.com https://fast.wistia.net http://info.zscaler.com https://sidebar.bugherd.com js.driftt.com insight.adsrvr.org match.adsrvr.org www.youtube.com https://zscaler.my.site.com/ https://zscalergov.my.site.com/ https://api.intellimize.co https://117186981.intellimizeio.com/; frame-ancestors 'self' https://testmydefenses.com https://www.testmydefenses.com https://zscalerext.okta.com https://cms.zscaler.com https://zscalergov.my.site.com/; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.ew.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; frame-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; img-src p.adsymptotic.com *.linkedin.com *.kampyle.com *.medallia.com *.vanguard.com *.vanguard.com:* *.youtube.com *.vgdynamic.info adservice.google.com *.vgcontent.info *.vgcontent.info:* *.omtrdc.net *.demdex.net *.doubleclick.net *.youtube-nocookie.com *.limelight.com *.llnw.net *.e-vanguard.com *.omniture.com activitymap.adobe.com *.amazon-adsystem.com *.llnw.net *.myvisualiq.net *.go-mpulse.net *.akastat.io *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.analytics.yahoo.com *.invoca.net *.adsrvr.org *.pinterest.com *.pinimg.com cdn.cookielaw.org ads.undertone.com evt.undertone.com .fm b.videoamp.com privacyportal-de.onetrust.com geolocation.onetrust.com rtb.adgrx.com login.dotomi.com bat.bing.com *.bttrack.com bttrack.com pix.pontiac.media *redditstatic.com *.reddit.com *.undertone.com www.google.com api.ipify.org action.dstillery.com action.media6degrees.com analytics.twitter.com t.co *.bing.com/bat.js tags.w55c.net arttrk.com *.arttrk.com *.pdst img.byspotify.com; media-src 'self' *.vgdynamic.info *.youtube-nocookie.com *.limelight.com *.llnw.net blob:; worker-src 'self' blob:; font-src 'self' *.vanguard.com *.vgcontent.info *.vgdynamic.info *.vgdynamic.info:* *.vgcontent.info:* data:; 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ https://api.github.com/search/issues https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com fastly-insights.com *.fastly-insights.com *.ethicalads.io https://api.pwnedpasswords.com https://cdn.jsdelivr.net/npm/mathjax@3.2.2/es5/sre/mathmaps/ https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self' https://checkout.stripe.com; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://pypi-camo.freetls.fastly.net/ https://*.google-analytics.com https://*.googletagmanager.com *.fastly-insights.com *.ethicalads.io ethicalads.blob.core.windows.net; script-src 'self' https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.fastly-insights.com *.ethicalads.io 'sha256-U3hKDidudIaxBDEzwGJApJgPEf2mWk6cfMWghrAa6i0=' https://cdn.jsdelivr.net/npm/mathjax@3.2.2/ 'sha256-1CldwzdEg2k1wTmf7s5RWVd7NMXI/7nxxjJM2C4DqII=' 'sha256-0POaN8stWYQxhzjKS+/eOfbbJ/u4YHO5ZagJvLpMypo='; style-src 'self' fonts.googleapis.com *.ethicalads.io 'sha256-2YHqZokjiizkHi1Zt+6ar0XJ0OeEy/egBnlm+MDMtrM=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-JLEjeN9e5dGsz5475WyRaoA4eQOdNPxDIeUhclnJDCE=' 'sha256-mQyxHEuwZJqpxCw3SLmc4YOySNKXunyu2Oiz1r3/wAE=' 'sha256-OCf+kv5Asiwp++8PIevKBYSgnNLNUZvxAp4a7wMLuKA=' 'sha256-h5LOiLhk6wiJrGsG5ItM0KimwzWQH/yAcmoJDJL//bY='; worker-src *.fastly-insights.com 1
frame-ancestors 'self' https://tpc.googlesyndication.com 1
default-src 'self'; script-src 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://pagead2.googlesyndication.com https://optimize.google.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.redditstatic.com https://connect.facebook.net https://analytics.tiktok.com https://analytics.twitter.com http://static.ads-twitter.com https://static.ads-twitter.com https://cdn.taboola.com https://trc.taboola.com https://secure.adnxs.com 'unsafe-inline'; style-src 'self' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline'; connect-src 'self' https://consentcdn.cookiebot.com https://vitals.vercel-insights.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://www.google.com https://www.google.ge https://www.google.co.uk https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://analytics.tiktok.com https://t.co https://cds.taboola.com https://trc-events.taboola.com https://pips.taboola.com/ https://kite-web.production.data.aws.jagex.com; img-src 'self' data: https://images.ctfassets.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://www.google.com https://www.google.ge https://www.google.co.uk https://*.fls.doubleclick.net https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://optimize.google.com https://i.ytimg.com https://img.youtube.com https://www.google.be https://alb.reddit.com https://secure.adnxs.com https://www.facebook.com https://t.co https://analytics.twitter.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com https://*.fls.doubleclick.net https://td.doubleclick.net https://www.facebook.com https://optimize.google.com; object-src 'none'; child-src 'none'; media-src 'self' https://videos.ctfassets.net https://cdn.runescape.com https://www.youtube.com; base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.dominos.com; font-src data: https://*.dominos.com https://fonts.gstatic.com https://storage.googleapis.com; style-src 'unsafe-inline' blob: https://*.bing.com https://*.dominos.com https://*.gstatic.com https://*.here.com https://fonts.googleapis.com https://www.youtube.com https://rafd.bingstatic.com; script-src-elem 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.nextdoor.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://*.snapchat.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.liadm.com https://www.redditstatic.com https://cdn.quantummetric.com https://*.go-mpulse.net https://*.kaptcha.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.abmr.net https://*.appdynamics.com https://*.bing.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.here.com https://*.mathtag.com https://*.moatads.com https://*.nextdoor.com https://*.ntv.io https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.turn.com https://*.twitter.com https://*.vertamedia.com https://*.virtualearth.net https://ad.atdmt.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://connect.facebook.net https://ct.pinterest.com https://ds-aksb-a.akamaihd.net https://js.braintreegateway.com https://nextdoor.com https://s.pinimg.com https://s.yimg.com https://s.ytimg.com https://sc-static.net https://*.snapchat.com https://sp.analytics.yahoo.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.xx.fbcdn.net https://tags.tiqcdn.com https://www.googleadservices.com https://www.paypal.com https://www.paypalobjects.com https://www.youtube.com https://rafd.bingstatic.com https://web.btncdn.com https://ink1001.com.micpn.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.liadm.com https://cdn.quantummetric.com https://*.go-mpulse.net https://*.kaptcha.com; img-src data: blob: https://*.akamaihd.net https://*.bing.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.everesttech.net https://*.googleapis.com https://*.gstatic.com https://*.here.com https://*.ispot.tv https://*.mathtag.com https://*.nextdoor.com https://*.paypal.com https://www.paypalobjects.com https://*.pinterest.com https://*.postrelease.com https://*.turn.com https://*.virtualearth.net https://*.yp.com https://assets.braintreegateway.com https://checkout.paypal.com https://*.agkn.com https://dsum-sec.casalemedia.com https://i.ytimg.com https://pinterest.adsymptotic.com https://*.tapad.com https://px.moatads.com https://ssl.google-analytics.com https://static.xx.fbcdn.net https://t.co https://www.facebook.com https://www.google.com https://s.amazon-adsystem.com https://*.yahoo.com https://rp.liadm.com/ https://beacon.krxd.net https://click.exacttarget.com https://click.s11.exacttarget.com https://analytics.tiktok.com https://*.liadm.com https://alb.reddit.com/ https://analytics.twitter.com https://*.akstat.io https://www.googleadservices.com https://trkn.us https://*.kaptcha.com https://*.w55c.net https://pixel.rubiconproject.com https://idsync.rlcdn.com; frame-src blob: data: https://*.appdynamics.com https://*.cardinalcommerce.com https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.kaptcha.com https://*.pinterest.com https://*.snapchat.com https://assets.braintreegateway.com https://*.paypal.com https://cdnssl.clicktale.net https://d.agkn.com https://pixel.mathtag.com https://pixel.tapad.com https://r.dlx.addthis.com https://snap.adbrn.com https://so.rlcdn.com https://www.youtube.com https://x.skimresources.com bytedance: sslocal: https://*.powerbi.com https://www.paypalobjects.com; child-src blob: https://*.dominos.com https://assets.braintreegateway.com https://c.paypal.com https://cdnssl.clicktale.net https://*.kaptcha.com; worker-src blob: https://*.dominos.com https://cdnssl.clicktale.net; connect-src blob: https://*.akamaihd.net https://*.bing.com https://*.braintree-api.com https://*.clicktale.net https://*.demdex.net https://*.dominos.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.here.com https://*.moatads.com https://*.nextdoor.com https://*.omtrdc.net https://*.raygun.com https://*.raygun.io https://*.vertamedia.com https://*.virtualearth.net https://api.braintreegateway.com https://api.sandbox.braintreegateway.com https://client-analytics.braintreegateway.com https://client-analytics.sandbox.braintreegateway.com https://col.eum-appdynamics.com https://ct.pinterest.com https://ssp.lkqd.net https://*.paypal.com https://*.launchdarkly.com https://*.cybersource.com https://*.aciondemand.com https://*.googleapis.com https://*.liadm.com/ https://analytics.tiktok.com https://*.snapchat.com https://*.quantummetric.com https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net https://*.kaptcha.com https://*.googlesyndication.com https://*.microsoftonline.com https://www.redditstatic.com; report-uri https://dominoscsp.report-uri.com/r/t/csp/enforce; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-a009eb1d03063202fcd44f9d573ed159' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1650411017239440; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1650411017239440 1
default-src 'self' *.onetrust.com *.oribi.io *.facebook.com *.google-analytics.com *.doubleclick.net; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src *; connect-src *; frame-src *; 1
connect-src 'self' https://chat.elster.de wss://chat.elster.de ; default-src 'self' ; font-src 'self' data: https://chat.elster.de ; form-action 'self' ; frame-ancestors 'self' ; img-src 'self' https://chat.elster.de ; media-src 'self' https://download.elster.de ; object-src 'none' ; script-src 'self' https://chat.elster.de ; style-src 'self' 'unsafe-inline' https://chat.elster.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-VHfsLsoZQwyx6adsrDPttg=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
base-uri https://www.amnesty.org;frame-ancestors https://oneamnesty.sharepoint.com https://ui.dev;upgrade-insecure-requests; default-src 'self' data: https://www.amnesty.org; connect-src 'self' https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://www.google.com https://my2.siteimprove.com https://googleads.g.doubleclick.net https://id.siteimprove.com https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://contentassistant.eu.siteimprove.com https://public.flourish.studio https://oneamnesty.sharepoint.com/; font-src 'self' data: https://www.amnesty.org https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' data: https://amnesty-crisis-evidence-lab.github.io https://amnestywebsite.github.io https://e.infogram.com https://flo.uri.sh https://public.flourish.studio https://infogram.com https://join.amnesty.org https://js.stripe.com https://platform.twitter.com https://recaptcha.google.com https://story.mapme.com https://www.facebook.com https://www.google.com https://www.recaptcha.net https://www.youtube-noocookie.com https://www.youtube.com https://youtu.be https://w.soundcloud.com https://play.prx.org https://viewer.mapme.com https://vars.hotjar.com https://my2.siteimprove.com https://player.vimeo.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com https://cdn.knightlab.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app https://ui.dev; img-src 'self' 'strict-dynamic' data: https://www.amnesty.org https://public.flourish.studio https://www.gstatic.com https://www.google-analytics.com https://podfollow.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://static.hotjar.com https://script.hotjar.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://cdn.knightlab.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app https://dev.visualwebsiteoptimizer.com; manifest-src 'self'; media-src 'self' https://player.vimeo.com https://datawrapper.dwcdn.net https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com https://podcasters.spotify.com https://open.spotify.com https://sketchfab.com https://afghan-testimonies.netlify.app; object-src 'self'; script-src 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://www.google.com https://js.stripe.com https://static.hotjar.com https://script.hotjar.com https://player.vimeo.com https://datawrapper.dwcdn.net https://platform.twitter.com https://syndication.twitter.com https://twitter.com https://contentassistant.eu.siteimprove.com https://www.google-analytics.com; script-src-attr 'self' 'strict-dynamic'; script-src-elem 'self' 'unsafe-inline' https://www.amnesty.org https://www.googletagmanager.com https://e.infogram.com https://cc.cdn.civiccomputing.com https://www.recaptcha.net https://www.gstatic.com https://js.stripe.com https://www.google-analytics.com https://platform.twitter.com https://cdn.siteimprove.net https://www.googleoptimize.com https://static.hotjar.com https://connect.facebook.net https://script.hotjar.com https://platform.twitter.com https://public.flourish.studio https://afghan-testimonies.netlify.app https://dev.visualwebsiteoptimizer.com; style-src 'self' 'unsafe-inline' https://www.amnesty.org https://static.hotjar.com https://script.hotjar.com; style-src-attr 'self' 'unsafe-inline'; 1
frame-src 'self' https://www.googletagmanager.com https://sslcheck.securly.com https://cse.google.com https://js.hs-scripts.com https://s3.amazonaws.com https://sendy.securly.com https://www.youtube.com https://www.google.com https://www.facebook.com https://forms.hsforms.com https://boards.greenhouse.io https://js.driftt.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.google-analytics.com https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://player.vimeo.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com https://td.doubleclick.net https://app.qualified.com https://ajax.googleapis.com; 1
frame-ancestors 'self' http://tanium.lookbookhq.com https://tanium.lookbookhq.com http://tanium.pathfactory.com https://tanium.pathfactory.com *.tanium.com 1
<csp_policy> 1
script-src 'sha256-SKVmwqhHHfplIHh7CqTVEX8VKqqXjFP/TXX9ghlBpN0=' 'nonce-UqvDtgKvhQhmgkINq0aIYQ==' 'self' 'unsafe-inline' https://note.com https://d291vdycu0ht11.cloudfront.net https://d2l930y2yx77uc.cloudfront.net https://cdn.st-note.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.gstatic.com/firebasejs https://*.facebook.net https://*.instagram.com https://platform.twitter.com https://*.twimg.com cdn.iframe.ly https://cdn.embedly.com https://*.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com https://speakerdeck.com https://*.flickr.com https://*.mul-pay.jp https://stage-travel.fraudprevention.jp https://travel.fraudprevention.jp https://www.datadoghq-browser-agent.com http://cloudfront.loggly.com https://*.canva.com https://*.ttwstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.kurashiru.com/ https://cdn2.hubspot.net https://*.hubspot.com https://*.hubspotusercontentxx.net https://*.hscollectedforms.net https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net https://*.hsforms.net https://*.hsforms.com https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://static.ads-twitter.com https://static.paypay.ne.jp; object-src 'none'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.crazyegg.com *.stackadapt.com *.twitter.com *.googletagmanager.com *.googleapis.com *.marker.io *.cookielaw.org *.licdn.com *.adnxs.com; style-src 'self' 'unsafe-inline' *.stackadapt.com *.cookielaw.org *.googleapis.com; img-src 'self' data: *.stackadapt.com *.w.org *.cookielaw.org *.adnxs.com *.twitter.com *.x.com *.linkedin.com *.gravatar.com *.cookielaw.org; connect-src 'self' *.crazyegg.com *.stackadapt.com *.cookielaw.org *.onetrust.com yoast.com *.google-analytics.com *.linkedin.com *.marker.io; font-src data: 'self' *.wp.com *.google.com *.gstatic.com; frame-src 'self'  *.ap-mail.org *.ap.org *.soundcloud.com *.vimeo.com *.youtube.com *.marker.io *.twitter.com blob:; 1
default-src 'self' akm-img-a-in.tosshub.com ads.pubmatic.com mab.chartbeat.com pagead2.googlesyndication.com recengine.intoday.in https://embed.indiatoday.in https://trc.taboola.com analytics.google.com feeds.intoday.in adblock-tester.com securepubads.g.doubleclick.net c.amazon-adsystem.com 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' akm-img-a-in.tosshub.com fonts.gstatic.com 'unsafe-inline' data:; script-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' * https://www.indiatoday.in fonts.googleapis.com akm-img-a-in.tosshub.com instore-tosshub-com.s3.ap-south-1.amazonaws.com https://vidstat.taboola.com 'unsafe-inline'; frame-src *; media-src * blob:; connect-src * 'self' 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 1
frame-ancestors statsig.com *.statsig.com 'self' 1
frame-ancestors 'self' https://cp.sprinthost.ru https://cp.sprintbox.ru https://metrika.yandex.ru http://webvisor.com https://us51391.demo.sprinthost.ru.apps.k8s.from.sh; 1
default-src 'self'; script-src 'report-sample' 'self' www.gstatic.com www.recaptcha.net; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self'; frame-src 'self' www.recaptcha.net; frame-ancestors 'none';  img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://656773b8ce75a73f0a4049d0.endpoint.csper.io/?v=0; worker-src 'none'; 1
frame-ancestors 'self' *.wallet.airpay.tw *.shopee.kr *.airpay.tw *.shopeemobile.com *.shopee.tw *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.google.com www.google-analytics.com www.gstatic.com *.googleapis.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.zalo.me *.zadn.vn *.zdn.vn *.googleapis.com blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me *.zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn *.google.com www.google-analytics.com www.gstatic.com stats.g.doubleclick.net blob:; child-src 'self' zalo://* *.zalo.me zalo.me *.zdn.vn *.zadn.vn *.zaloapp.com *.zing.vn *.baomoi.com *.zingtv.vn *.zingmp3.vn *.zalo.ai *.zingnews.vn *.zapps.vn www.facebook.com *.zalo.me *.google.com *.youtube.com *.googleapis.com *.soundcloud.com *.live.com data: blob:; 1
default-src * blob: data:; style-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; img-src * data: blob: 'unsafe-inline' ; connect-src * 'unsafe-inline'  data: blob:; frame-src * blob: data:;font-src * data: blob:;report-to default; 1
frame-ancestors www.samsung.com www.samsung.net www.webcollage.net www.webcollage.net www.abt.com agent.samsungsupport.com admin.samsungsupport.com nacyberadmin site-36720.preview.bcvp0rtal.com nacyberagent samsung.brightcovegallery.com retail.samsungusa.com:9003 aem.samsung.com qaweb.samsung.com aem-eu.samsung.com www.mobilevirtualtour.com samsung-tmo-stage.herokuapp.com 5g.samsungtmobile.com www.uscellular.com wesit11.we-nonprod.uscc.com wesitaem.we-nonprod.uscc.com www.walmart.com tempo.cxtools-stg.walmart.com www-stage.walmart.com virtualstore.att.com att.beta.obsessvr.com i5.walmartimages.com wesit7.we-nonprod.uscc.com/ wesit7.we-nonprod.uscc.com/samsung *.samsungsupport.com *.samsung.com *.us.samsung.com 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-aee220071663963c0a0d91b6449de469' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1443176295564682; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1443176295564682 1
frame-ancestors 'self' https://*.contentful.com 1
font-src use.typekit.net data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.paypalobjects.com *.braintreegateway.com tst.kaptcha.com www.google.com www.youtube.com fast.wistia.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.magento.com magento.com embedwistia-a.akamaihd.net fast.wistia.com embed-fastly.wistia.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net *.analytics.google.com www.googletagmanager.com www.google-analytics.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com use.typekit.net js-agent.newrelic.com s3.amazonaws.com fast.wistia.com bam.nr-data.net www.gstatic.com www.google.com *.d41.co so.rlcdn.com *.braintree-api.com *.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com use.typekit.net p.typekit.net www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com magento.com *.magento.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com *.analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.adobe.com stats.g.doubleclick.net adobe.tt.omtrdc.net bam.nr-data.net *.wistia.com *.litix.io int-api.magedevteam.com api.magento.com sandbox.api.magento.com *.d41.co *.braintreegateway.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' *.nr-data.net https://*.go-mpulse.net www.googletagmanager.com *.google-analytics.com https://*.akstat.io https://csp.withgoogle.com https://maps.googleapis.com *.nanorep.co *.nanorep.com *.monsido.com https://*.nr-data.net https://shyrka-prod-usw2.s3.us-west-2.amazonaws.com https://*.newrelic.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' https://cse.google.com https://www.googletagmanager.com https://calendar.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.tableau.com *.arcgis.com https://app.powerbi.us https://app.powerbigov.us https://*.usw2.pure.cloud https://data.iowa.gov; img-src 'self' data: https: *.nr-data.net *.google.com www.googletagmanager.com; object-src 'self' https://*.usw2.pure.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.go-mpulse.net https://cse.google.com https://googletagmanager.com https://js-agent.newrelic.com https://tagmanager.google.com https://www.google.com https://www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.com *.nanorep.co https://*.google.com https://*.newrelic.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com public.tableau.com nonce-czZ4nXoxHdnjF5IIgJfQRA; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com *.google.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://partner.googleadservices.com https://maps.googleapis.com https://*.usw2.pure.cloud *.weglot.com cdn-api-weglot.com https://cdnjs.cloudflare.com https://cse.google.com https://polyfill.io https://unpkg.com public.tableau.com; style-src 'self' 'unsafe-inline' *.google.com www.googletagmanager.com *.monsido.com *.youtube.com *.vimeo.com *.nanorep.co *.nanorep.com https://fonts.googleapis.com *.weglot.com cdn-api-weglot.com cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
media-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://*.global.ssl.fastly.net https://*.twimg.com https://*.video.pscp.tv; img-src 'self' data: blob: https://*.pscp.tv/ https://*.periscope.tv/ https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://s3-us-west-2.amazonaws.com/prod-periscope-profile/ https://*.twimg.com https://*.googleusercontent.com https://scontent.xx.fbcdn.net https://*.bugsnag.com https://*.google-analytics.com; default-src 'self' blob: https://*.global.ssl.fastly.net https://*.pscp.tv/ https://*.periscope.tv/; object-src 'self' https://*.pscp.tv/ https://*.periscope.tv/; child-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://*.google.com/recaptcha/; frame-ancestors 'self' https://*.pscp.tv/ https://*.periscope.tv/; style-src 'self' blob: 'unsafe-inline' https://*.pscp.tv/ https://*.periscope.tv/; font-src 'self' data: https://*.pscp.tv/ https://*.periscope.tv/; frame-src 'self' blob: https://*.pscp.tv/ https://*.periscope.tv/ https://twitter.com https://periscope-all.firebaseapp.com/ https://*.google.com/recaptcha/ https://*.vimeo.com https://*.tipalti.com; report-uri https://twitter.com/i/csp_report?a=OBSXE2LTMNXXAZJNO5SWE%3D%3D%3D&ro=false; script-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ https://cdn.polyfill.io https://d24n15hnbwhuhn.cloudfront.net https://app.link https://bnc.lt https://*.branch.io https://*.google-analytics.com https://apis.google.com/ https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://appleid.cdn-apple.com 'unsafe-eval' 'nonce-9f91f904d0b1444ebebbfbcc5327ceec'; connect-src 'self' https://*.pscp.tv/ https://*.periscope.tv/ wss://*.pscp.tv/ wss://*.periscope.tv/ https://*.video.pscp.tv https://*.twimg.com https://twitter.com https://*.global.ssl.fastly.net https://api.amplitude.com/ https://*.branch.io https://bnc.lt https://*.bugsnag.com https://licensing.bitmovin.com/ https://analytics-ingress-global.bitmovin.com https://www.googleapis.com/ https://securetoken.googleapis.com https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-prod/ https://s3.us-west-2.amazonaws.com/periscope-user-data-reports-dev/ https://periscope-user-data-reports-prod.s3.us-west-2.amazonaws.com/ https://periscope-user-data-reports-dev.s3.us-west-2.amazonaws.com/ 1
default-src 'self'; style-src 'self' https://static.threema.ch 'unsafe-inline'; font-src 'self' https://static.threema.ch; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://hcaptcha-ws.threema.ch; frame-src https://hcaptcha-assets.threema.ch; img-src 'self' https://static.threema.ch data: blob:; media-src 'self' data:; connect-src 'self' https://bugs.threema.ch https://hcaptcha-assets.threema.ch; object-src 'none'; worker-src 'self' blob:; child-src blob: https://hcaptcha-assets.threema.ch; frame-ancestors 'self'; form-action 'self' https://work.threema.ch; upgrade-insecure-requests; block-all-mixed-content; base-uri https://threema.ch; report-uri https://bugs.threema.ch/api/14/security/?sentry_key=744c2cdf2cab49a492d3f26ff8733d0a; report-to default 1
connect-src 'self' https://*.i-ready.com https://*.trackjs.com https://*.google-analytics.com https://*.googletagmanager.com; frame-ancestors 'none'; 1
frame-ancestors 'self' https://*.mercedes-benz.com; default-src 'self' https://*.mercedes-benz.com https://*.mercedes-benz.de https://*.corpinter.net https://*.usercentrics.eu https://*.googletagmanager.com https://*.krxd.net https://*.day.com https://*.anythingabout.net https://*.system360gmbh.de https://*.mercedes-benz-classic.com https://*.speedcurve.com https://alltime-stars.com  https://cdn.jsdelivr.net https://*.mb-lounge.com  https://*.eventbase.com https://narando.com https://*.narando.com https://*.googleapis.com  https://maxcdn.bootstrapcdn.com https://cdn.plyr.io https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.doubleclick.net https://shop.nostalgic.de https://*.gstatic.com https://cdn.ampproject.org https://amp.azure.net https://*.windows.net https://cmsdata.net https://booking-widget.quandoo.de https://api.corpinter.net https://*.facebook.net https://*.facebook.com https://*.atdmt.com https://*.adobe.com https://www.kinoheld.de https://mb-prototypes.swhost.in https://*.go-mpulse.net https://*.akstat.io https://my.matterport.com data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.liveabout.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;media-src * blob:;img-src * data: 'unsafe-inline' blob:;font-src * data: 'unsafe-inline'; frame-ancestors *.staples.com *.staplesadvantage.com 1
script-src 'self' https://tag.simpli.fi https://bam-cell.nr-data.net https://cdn.cookielaw.org https://widget.trustpilot.com https://api.map.baidu.com https://fast.wistia.net https://fast.wistia.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.gstatic.com https://www.google.com https://optanon.blob.core.windows.net https://cdn.callrail.com https://pi.pardot.com https://geolocation.onetrust.com https://tags.tiqcdn.com https://intljs.rmtag.com https://tags.rd.linksynergy.com https://act-us.rd.linksynergy.com https://resources.xg4ken.com https://go.control4.com https://dev.visualwebsiteoptimizer.com https://connect.facebook.net https://bat.bing.com https://solutions.invocacdn.com https://js-agent.newrelic.com https://bam.nr-data.net https://pnapi.invoca.net https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline' 1
img-src 'self' data: https://api.starlink.com https://analytics.starlink.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://cdn.cookielaw.org https://ads-twitter.com https://analytics.twitter.com https://ads-api.twitter.com https://t.co https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com/ https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://*.cdn.adyen.com; connect-src 'self' https://api.starlink.com https://www.starlink.com https://analytics.starlink.com https://maps.googleapis.com/ https://api.mapbox.com/ https://events.mapbox.com/ https://*.tiles.mapbox.com/ https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.cookielaw.org https://static.ads-twitter.com https://ads-twitter.com https://analytics.twitter.com https://ads-api.twitter.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://*.googleapis.com https://www.facebook.com/ https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com; script-src 'self' 'unsafe-eval' 'sha256-2DEjUdQEjzQwkkDbMWsYDL4QmKAW/lOUg2LW1jQZICo=' 'sha256-2NpbIZvRgAEhRKnMNR6HJ9vRUbZu2P6w97ajM3zGN+8=' 'sha256-nzQvvRV+mw+Ved4Bd/Y4TPL8+F+jjs4Yt7M2sMSLO0s=' https://api.starlink.com https://maps.googleapis.com/ https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://analytics.starlink.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://cdn.cookielaw.org https://static.ads-twitter.com https://connect.facebook.net https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com; font-src 'self' https://api.starlink.com https://fonts.gstatic.com data: application/font-woff; style-src 'self' 'unsafe-inline' https://api.starlink.com https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://cdn.cookielaw.org https://static.ads-twitter.com https://fonts.googleapis.com; frame-ancestors 'self' https://api.starlink.com; frame-src https://hcaptcha.starlink.com https://*.hcaptcha.starlink.com https://hcaptcha.com https://*.hcaptcha.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.youtube.com; worker-src 'self' blob: ; child-src 'self' blob: ; 1
frame-ancestors 'self' *.ncaa.com *.sdata-cloud.com *.ampproject.org; 1
default-src 'self' maxcdn.bootstrapcdn.com *.maxcdn.bootstrapcdn.com in.hotjar.com *.in.hotjar.com *.hotjar.com *.licdn.com stats.g.doubleclick.net *.stats.g.doubleclick.net ajax.googleapis.com *.ajax.googleapis.com apis.google.com *.apis.google.com google.com *.google.com cdnjs.cloudflare.com *.cdnjs.cloudflare.com ajax.googleapis.com *.ajax.googleapis.com google-analytics.com *.google-analytics.com *.fontawesome.com *.googletagmanager.com *.js.ubembed.com *.ads.linkedin.com *.linkedin.com *.google.com.ua *.facebook.com *.gravatar.com q.quora.com *.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com api-iam.intercom.io *.licdn.com cdn.linkedin.oribi.io *.taboola.com; img-src * data:; frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src * 'unsafe-inline'; media-src *; frame-src *;font-src * 'self' data:; 1
frame-ancestors https://adm.findagrave.com 1
frame-ancestors 'self' *.wallet.airpay.co.th *.shopee.kr *.airpay.co.th *.shopeemobile.com *.shopee.co.th *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
frame-ancestors nypost.com decider.com pagesix.com *.nypost.com *.decider.com *.pagesix.com 1
frame-ancestors 'self' https://m.economictimes.com/ https://m.timesofiindia.com/ https://timesofindia.indiatimes.com/ https://navbharattimes.indiatimes.com/ http://www.google.com/ https://www.google.com/ https://m-economictimes-com.cdn.ampproject.org/ https://etmarketswebpre.indiatimes.com/ https://etmarketswappre.economictimes.com/ 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.travelandleisure.com 1
base-uri 'none';child-src *.youtube.com;connect-src 'self' https:;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src vercel.live prismic.io *.prismic.io *.youtube.com *.twitter.com *.facebook.com *.google.com;img-src * data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' vercel.live *.google-analytics.com *.bing.com *.clarity.ms *.facebook.net *.googletagmanager.com *.helpscout.net prismic.io *.prismic.io www.google.com www.gstatic.com;style-src 'self' 'unsafe-inline';worker-src 'self'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.health.com 1
frame-src 'self'; 1
frame-src 'self' *.kidshealth.org *.doubleclick.net *.snapchat.com *.vimeo.com *.google.com *.hotjar.com *.krxd.net *.adsrvr.org *.readspeaker.com *.polldaddy.com *.familysurvey.org *.survey.fm *.pinterest.com *.rchsd.org *.ceros.com; 1
frame-ancestors 'self' *.quantcast.com *.quantcast.mgr.consensu.org quantcast.mgr.consensu.org *.eks.qcinternal.io 1
default-src 'self' https: wss: data: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.social; img-src 'self' data: blob: https://mastodon.social https://files.mastodon.social; style-src 'self' https://mastodon.social 'nonce-a04R3CqV9NxqShLhG4xiWg=='; media-src 'self' data: https://mastodon.social https://files.mastodon.social; frame-src 'self' https:; manifest-src 'self' https://mastodon.social; form-action 'self'; child-src 'self' blob: https://mastodon.social; worker-src 'self' blob: https://mastodon.social; connect-src 'self' data: blob: https://mastodon.social https://files.mastodon.social wss://streaming.mastodon.social; script-src 'self' https://mastodon.social 'wasm-unsafe-eval' 1
default-src 'self';base-uri 'self';script-src 'nonce-aFhAG0fc4MjN7hDTPPq1Gg==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
base-uri *.rivals.com;frame-ancestors  'self' *.rivals.com *.rivals.com *.yahoo.com; sandbox allow-downloads allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-modals allow-top-navigation-by-user-activation; report-uri https://csp.rivals.com/api/v1/content_security_policy_reports 1
connect-src 'self' wss://*.zopim.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self' https://*.adobemsbasic.com https://*.adobe.com https://*.lingotek.com https://*.nuance.com https://nuance.seismic.com; frame-src 'self' https:; upgrade-insecure-requests; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src data: http://www.w3.org/2000/svg https:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.afterpay.com *.clearpay.co.uk *.clearpay.com *.googleapis.com public.fbot.me static.fbot.me campaign.fbot.me lcx-embed.bambuser.com www.googletagmanager.com *.onetrust.com *.cookielaw.org *.bizible.com hbiq.net cdn.branch.io sc-static.net snap.licdn.com connect.facebook.net munchkin.marketo.net www.googleadservices.com cdn.dashhudson.com djnf6e5yyirys.cloudfront.net cdn.builder.io t.contentsquare.net www.google-analytics.com googleads.g.doubleclick.net app.link v5tufwer.micpn.com pi.pardot.com tag.clearbitscripts.com/v1/pk_ba428737ee82fd942f13030da0c2629b/tags.js tag.rmp.rakuten.com metadata-static-files.sfo2.cdn.digitaloceanspaces.com/pixel/lp.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/tracking.min.js x.clearbitjs.com/v2/pk_ba428737ee82fd942f13030da0c2629b/destinations.min.js analytics.tiktok.com bat.bing.com/bat.js bat.bing.com/p/action/137009782.js afterpay-business-site.vercel.app afterpay-consumer-content-hub.vercel.app cdn.amplitude.com *.adsrvr.org *.pinimg.com *.snapchat.com j.6sc.co tag.demandbase.com www.workwithsquare.com; img-src * data:; object-src 'none'; base-uri 'none'; 1
base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://optimize.google.com https://ssl.gstatic.com/brand-architecture/ *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://*.youtube.com https://*.ytimg.com https://apis.google.com https://accounts.google.com/gsi/client https://www.googleoptimize.com https://www.gstatic.com https://ajax.googleapis.com *.thinkwithgoogle.com *.thinkwithgoogle.goog 'strict-dynamic' 'sha256-vi9h3P9VjInsPsB9kwZuXKMHKiagz9KnOkuXOVX7O1g=' 'sha256-X0JWsAG/k2sIeTfXAL+VH5SdA6bef2aT/CoRG/FEQFc=' 'sha256-uV3MJak3jcDQZeDpjoi5NuUOKAQe8qE+Z+MpOCWxhpE=' 'sha256-0Cqwq2yr0A7o9kZpqY/cNveUUoUADOFM99v4/8FS4i4=' 'sha256-niUgG4ChWvW/z2qZLGjXATgbPm7xEiQOwFelweUfAuI=' 'sha256-6MAtiH3nKhs3pPODS8FGHaYy+lVAsIOG7qtjsDXoiGI=' 'sha256-5ZYQZbSDXHiq7Ah2brCxM88kr3r4esTrsuuZ29F0p4U=' 'sha256-Q6WEaEVeLip353B+a9OqeJkwUHRDfZIxaBlJpp2O4ns=' https://www.thinkwithgoogle.com 'nonce-KopwQ5tCa4314RhNuQL3Yw==' *.google.com; object-src 'none'; frame-src 'self' *.googletagmanager.com *.doubleclick.net https://*.google.com https://*.youtube.com https://accounts.google.com/; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://accounts.google.com/gsi/style https://optimize.google.com https://www.gstatic.com https://gstatic.com *.googletagmanager.com https://www.thinkwithgoogle.com; media-src 'self' *.googleapis.com; default-src 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' data: *.googleapis.com https://*.googleadservices.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.doubleclick.net https://*.google.com *.youtube.com https://*.ytimg.com https://*.googleusercontent.com https://www.google.com.co/ads/ga-audiences https://csi.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://www.thinkwithgoogle.com *.google.com; connect-src *.google.com 'self' https://analytics.google.com https://www.google-analytics.com https://releases.wagtail.io https://stats.g.doubleclick.net https://adservice.google.com/pagead/regclk *.google-analytics.com *.analytics.google.com *.googlesyndication.com https://accounts.google.com/gsi/ https://www.gstatic.com https://googleads.g.doubleclick.net/ 1
default-src 'self' https://*; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*; frame-src 'self' https://*; connect-src 'self' data: blob: 'unsafe-inline' https://*; img-src 'self' data: blob: 'unsafe-inline' https://*; manifest-src 'self' https://*; style-src 'self' data: blob: 'unsafe-inline' https://*; font-src 'self' data: blob: 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-ancestors 'self' https://*; 1
object-src 'none'; frame-ancestors *.tim.it; 1
frame-ancestors frame-ancestors 'self' 1
"unsafe-inline"; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; worker-src 'self' blob:; 1
connect-src 'self' *.googleapis.com *.google.com *.gstatic.com *.vimeo.com/api/ vimeo.com/api/ *.bc0a.com/ *.google-analytics.com/ *.zoomph.com youtube.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.withgoogle.com *.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' fonts.gstatic.com *.googleusercontent.com; frame-src 'self' *.google.com player.vimeo.com/video/ *.dartmouth.edu/ *.amazonaws.com *.zoomph.com *.youtube.com youtube.com twitter.com *.spotify.com *.soundcloud.com soundcloud.com pollev-embeds.com mosaically.com lottiefiles.com giphy.com *.bc0a.com marvel-b1-cdn.bc0a.com home.dartmouth.edu *.withgoogle.com *.googleadservices.com www.vimeo.com *.twitter.com orders-bb.us-east-1.widencdn.net *.widencdn.net; img-src 'self' *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.bc0a.com *.zoomph.com *.youtube.com youtube.com marvel-b1-cdn.bc0a.com *.dartmouth.edu *.withgoogle.com *.googleadservices.com *.google-analytics.com www.vimeo.com *.googletagmanager.com *.global.siteimproveanalytics.io orders-bb.us-east-1.widencdn.net *.widencdn.net data: www.w3.org/2000/svg https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' *.zoomph.com *.dartmouth.edu *.bc0a.com *.googletagmanager.com www.googletagmanager.com *.youtube.com youtube.com *.google-analytics.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.google.com *.withgoogle.com *.googleadservices.com www.vimeo.com https://cdn.bc0a.com https://cdnjs.cloudflare.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' *.zoomph.com *.dartmouth.edu *.bc0a.com *.googletagmanager.com www.googletagmanager.com *.youtube.com youtube.com *.google-analytics.com stats.g.doubleclick.net marvel-b1-cdn.bc0a.com home.dartmouth.edu cse.google.com *.google.com *.withgoogle.com *.googleadservices.com www.google.com *.vimeo.com vimeo.com siteimproveanalytics.com *.googleapis.com https://cdn.bc0a.com https://cdnjs.cloudflare.com https://platform.twitter.com https://player.vimeo.com https://www.youtube.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googleusercontent.com *.bc0a.com home.dartmouth.edu *.google.com *.withgoogle.com *.googleadservices.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' *.rocketalumnisolutions.com *.bc0a.com home.dartmouth.edu *.google.com *.withgoogle.com *.googleadservices.com orders-bb.us-east-1.widencdn.net *.widencdn.net 1
frame-ancestors 'self'; report-uri https://gcucgkgd.uriports.com/reports/report; report-to default 1
frame-ancestors 'self' *.tcgplayer.com app.optimizely.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/velocity/1.2.2/velocity.min.js https://cdnjs.cloudflare.com/ajax/libs/velocity/1.2.2/velocity.ui.min.js https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/js/jquery.dataTables.min.js https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/js/dataTables.bootstrap.min.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/* https://www.googletagmanager.com/* https://cdn.popt.in/pixel.js https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js https://player.ooyala.com/static/v4/production/analytics-plugin/googleAnalytics.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js https://www.googletagmanager.com/gtag/js https://analytics.google.com/* https://www.googletagmanager.com/debug/bootstrap https://www.googletagmanager.com/debug/badge https://web-chat.nativechat.com/3.12.2/sdk/nativechat.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/datatables/1.10.12/css/dataTables.bootstrap.min.css https://cdn.popt.in/css/heb-fonts.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.popt.in/css/poptin-style-en.css https://cdn.popt.in/css/poptin-animations.css https://www.gpo.gov/CustomResources/css/scrolling-nav-index.css https://www.googletagmanager.com/debug/badge.css https://fonts.popt.in https://cdn.popt.in https://web-chat.nativechat.com/3.12.2/sdk/nativechat.css; font-src 'self' fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2 https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff https://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.ttf kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.ttf data: https://cdn.popt.in/fonts/fontawesome/fa-brands-400.woff2 https://cdn.popt.in/fonts/fontawesome/fa-brands-400.ttf; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://web-chat.nativechat.com/; media-src 'self' data: blob:; frame-src https://www.google.com/ https://www.facebook.com/ https://www.gpo.gov/ https://www.youtube.com/ https://web-chat.nativechat.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' d3lopmpcew67el.cloudfront.net accounts.google.com https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://display.popt.in/APIRequest/68463719072e4 https://display.popt.in/APIRequest/viewed/ee6c12968a725 https://display.popt.in/APIRequest/conversion/ https://analytics.google.com/* https://www.googletagmanager.com/* https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect; 1
script-src 'nonce-wIQ6SBh1+Pim78ekU+f0cA==' mc.yandex.com yastatic.net yandex.by mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.by;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md mc.yandex.by yandex.by yabs.yandex.by downloader.yandex.net *.cdn.yandex.net yabs.yandex.ru browser.yandex.ru browser.yandex.by blob: *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.by&showid=1715655587296173-4153523831427455653-balancer-l7leveler-kubr-yp-vla-59-BAL&h=stable-portal-mordago-195.klg.yp-c.yandex.net&yandexuid=4274556531715655587&&version=2024-05-07-547&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.by yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.by yabs.yandex.by yabs.yandex.ru tts.voicetech.yandex.net 'self' wss://webasr.yandex.net;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.by 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.by mc.yandex.ru avatars.mds.yandex.net favicon.yandex.net blob:;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.ubs.com *.ubs.net *.adobedtm.com *.demdex.net *.decibelinsight.net *.decibel.com *.adform.net *.everesttech.net *.googleapis.com *.brightcove.net *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.zencdn.net *.akamaihd.net *.facebook.net *.googleadservices.com *.googletagmanager.com *.google.com *.doubleclick.net *.cloudflare.com *.zmags.com *.raisenow.com *.adobe.com fuse.ubs.com *.mkt.dynamics.com *.azureedge.net *.adnxs.com *.ipify.org *.google-analytics.com *.tiktok.com *.datatrans.com; upgrade-insecure-requests; object-src *.ubs.com *.ubs.net https://players.brightcove.net; form-action *.ubs.com *.ubs.net; frame-ancestors *.ubs.com *.ubs.net *.homegate.ch *.financescout24.ch *.immoscout24.ch *.acheter-louer.ch *.buy-rent.ch *.kaufen-mieten.ch *.pwj.com; frame-src *.ubs.com *.ubs.net https://ubs.demdex.net https://outlook.office365.com *.omniture.com *.adobe.com *.datatrans.com; connect-src *.ubs.com *.ubs.net wss://collection.decibelinsight.net *.decibelinsight.net *.decibel.com *.demdex.net *.brightcove.com *.brightcove.services *.boltdns.net *.brightcovecdn.com *.googleapis.com *.akamaihd.net fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com wss://fuse.ubs.com *.mkt.dynamics.com *.azureedge.net *.google-analytics.com tt.ubs.com *.raisenow.io *.raisenow.com; img-src *.ubs.com *.ubs.net data: fuseapi.ubs.com fuseconsole.ubs.com fuse.ubs.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.gstatic.com *.googleapis.com *.twitter.com t.co *.facebook.com *.linkedin.com *.google.com *.google.ch *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.yahoo.co.jp *.adform.net *.akamaihd.net *.adnxs.com *.ipify.org *.google-analytics.com *.tiktok.com *.raisenow.com *.google.com.au *.google.com.br *.google.ca *.google.cn *.google.fr *.google.de *.google.com.hk *.google.co.in *.google.co.id *.google.co.il *.google.it *.google.co.jp *.google.com.mx *.google.com.sa *.google.com.sg *.google.com.tw *.google.ae *.google.co.uk 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https: android-webview-video-poster:;font-src 'self' data: https:;connect-src 'self' https: wss: blob: android-webview-video-poster:;manifest-src 'self' blob:;media-src 'self' data: https: blob:;object-src 'none';child-src 'self' https: data: blob:;form-action 'self' https: 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://eater.coral.coralproject.net/api/graphql/live; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.bhg.com 1
font-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://js-agent.newrelic.com https://s7.addthis.com https://www.googletagmanager.com https://www.google-analytics.com https://bam.nr-data.net https://m.addthis.com https://z.moatads.com https://cdnjs.cloudflare.com https://polyfill.io; script-src-elem 'self' 'unsafe-inline' https://nb-sec-nber.pantheonsite.io https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://js-agent.newrelic.com https://www.googletagmanager.com https://www.google-analytics.com https://bam.nr-data.net https://s7.addthis.com https://m.addthis.com https://z.moatads.com https://cdnjs.cloudflare.com https://polyfill.io; style-src-elem 'self' 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors https://*.dev.local https://*.sunweb.nl https://*.sunweb.be; 1
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com https://dev.pcgcustomer.nprd.aig.com https://dev2.pcgcustomer.nprd.aig.com https://qa.pcgcustomer.nprd.aig.com https://qa2.pcgcustomer.nprd.aig.com https://uat.pcgcustomer.nprd.aig.com https://perf.pcgcustomer.nprd.aig.com https://perf2.pcgcustomer.nprd.aig.com https://pcgcustomer.aig.com/; upgrade-insecure-requests; 1
upgrade-insecure-requests; script-src 'self' *.harborfreight.com www.redditstatic.com ads.nextdoor.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net cdn.mxpnl.com s.trackonomics.net client.px-cloud.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net tpc.googlesyndication.com ygscdn.azureedge.net analytics.tiktok.com login-ds.dotomi.com login.dotomi.com api.securedvisit.com track.securedvisit.com content.securedvisit.com  track.sv.rkdms.com images.securedvisit.com tr2.smarterhq.io d1n00d49gkbray.cloudfront.net members.cj.com cj.com cdn.480app.com cdn.cookielaw.org view.publitas.com pixel.mathtag.com *.cdn-net.com *.accdab.net *.dynamicyield.com *.oracleinfinity.io *.googletagmanager.com docs.paymentjs.firstdata.com bat.bing.com www.youtube.com s.ytimg.com *.bing.com *.vimeo.com cdns.brsrvr.com www.google-analytics.com *.adobetag.com *.gstatic.com cdn.tt.omtrdc.net harborfreight.tt.omtrdc.net px.owneriq.net *.res-x.com seal.verisign.com *.google.com *.igodigital.com *.akamaihd.net *.googleadservices.com *.google-analytics.com *.doubleclick.net *.demdex.net *.mouseflow.com *.fastly.net *.sitelabweb.com mpsnare.iesnare.com *.googleapis.com *.payeezy.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.nmgassets.com *.turnto.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.harborfreight.com www.googletagmanager.com rwww.bing.com www.bing.com r.bing.com members.cj.com cj.com *.dynamicyield.com *.googleapis.com *.akamaihd.net *.turnto.com *.vimeo.com *.fontawesome.com tagmanager.google.com 'unsafe-inline'; img-src 'self' blob: data: alb.reddit.com icon.parcellab.com cdn.parcellab.com ad.doubleclick.net flask.nextdoor.com pippio.com www.bing.com r.bing.com t.ssl.ak.dynamic.tiles.virtualearth.net region1.google-analytics.com region1.analytics.google.com login.dotomi.com 805793671.privacysandbox.googleadservices.com crrecommendedmark.org analytics.tiktok.com 10563850.fls.doubleclick.net login-ds.dotomi.com api.securedvisit.com track.securedvisit.com content.securedvisit.com  track.sv.rkdms.com images.securedvisit.com *.cdnwidget.com tr2.smarterhq.io cdn.cookielaw.org cdn.dynamicyield.com *.harborfreight.com pixel.mathtag.com *.oracleinfinity.io *.googletagmanager.com cx.atdmt.com www.googleadservices.com bat.bing.com p.brsrvr.com *.akamaihd.net akamai.mathtag.com *.edgecastcdn.net *.www.turnto.com *.youtube.com *.ytimg.com *.vimeocdn.com px.owneriq.net *.g.doubleclick.net www.google-analytics.com *.ggpht.com *.google.com images.scanalert.com *.facebook.com scontent.xx.fbcdn.net ssl.gstatic.com *.sitelabweb.com *.igodigital.com *.cloudinary.com *.googleapis.com *.abmr.net *.gstatic.com *.nr-data.net *.norton.com *.nmgplatform.com *.marinsm.com cdn.ywxi.net; worker-src blob: 'self' *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net *.akamaihd.net player.vimeo.com www.google.com *.youtube.com youtube.com *.cloudinary.com *.facebook.com *.nr-data.net *.apply2jobs.com; connect-src 'self' *.harborfreight.com hft-prod.actioniq.mr-in.com www.redditstatic.com conversions-config.reddit.com *.brsrvr.com www.googletagmanager.com analytics.pangle-ads.com pagead2.googlesyndication.com direct-collect.dy-api.com gs.nmgassets.com *.px-client.net privacyportal-harborfreight.my.onetrust.com s.tracknomics.net *.px-cdn.net *.px-cloud.net *.pxchk.net t.ssl.ak.tiles.virtualearth.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net www.bing.com region1.google-analytics.com region1.analytics.google.com ascpqnj-oam.global.ssl.fastly.net maps.googleapis.com analytics.google.com crrecommendedmark.org analytics.tiktok.com *.cdnwidget.com *.cdnbasket.net tr2.smarterhq.io pixel.mathtag.com privacyportal.onetrust.com cdn.cookielaw.org *.accdab.net *.dynamicyield.com www.facebook.com *.nmgplatform.com *.demdex.net *.sitelabweb.com *.nr-data.net *.akamaihd.net *.cloudinary.com *.google-analytics.com *.mouseflow.com *.doubleclick.net vimeo.com fonts.googleapis.com use.fontawesome.com fonts.gstatic.com bat.bing.com 1
frame-ancestors 'self' *.imperial.ac.uk *.ic.ac.uk 1
frame-ancestors https://cockpits-hb-prod.cs.ctc/ https://*.ctr.cantire.com https://ctc-prod-sfs-responsive-cockpit-app.azurewebsites.net/ https://digital-prd-ful-cc-sfsc-responsive-cockpit-01-app.azurewebsites.net/ 1
default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://fonts.gstatic.com; img-src 'self' data: blob: https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.ctfassets.net/ https://images.squareup.com https://jumbotron-production-f.squarecdn.com https://api.squareup.com https://notify.bugsnag.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://api.cash.app https://rs.fullstory.com; media-src 'self' https://videos.ctfassets.net https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com; frame-src 'self' *.google.com https://www.google.ca https://assets.ctfassets.net https://player.vimeo.com squarecash: https://square.com *.google.com; object-src https://assets.ctfassets.net; script-src 'sha256-OvJlEXtoZhDioF/HmitYNzoZJUxzyfcVwnypdtyKDyM=' 'self' 'unsafe-inline' https://player.vimeo.com https://cash-f.squarecdn.com https://cash-c.squarecdn.com squarecash: https://squareup.com https://*.googleapis.com https://edge.fullstory.com https://rs.fullstory.com; connect-src 'self' https://api.smartrecruiters.com https://browser-intake-datadoghq.com/api/v2/rum https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://crz5fygf73g7.statuspage.io https://c2nqm6xyr4t4.statuspage.io https://squareup.com https://*.bugsnag.com 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://signal.cash.app https://edge.fullstory.com https://rs.fullstory.com; base-uri 'none'; report-uri /event/csp-report 1
script-src 'nonce-jo0Bqb6ZsO81BeoPeL8mrQ==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=B4BxP-G68oXX4F5K0qP9COTzLWP0VGsnOOGvSm22NAGuTkfD3ApLTPqE8H9tr-vW&policy_id=10&user_id=&request_id=6ec8f115-afb9-47e7-bc40-d367e39aa695; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://content.linkedin.com https://platform.linkedin.com https://services.tmpwebeng.com https://static-exp1.licdn.com https://snap.licdn.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn-ukwest.onetrust.com https://code.jquery.com https://geolocation.onetrust.com https://googletagmanager.com https://google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' *.google.com code.jquery.com fonts.googleapis.com privacyportal-cdn.onetrust.com www.googletagmanager.com https://services.tmpwebeng.com;object-src *.googlesyndication.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com;font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://www.google.com https://www.youtube.com https://privacyportal.onetrust.com https://www.linkedin.com; 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://*.carnivalcloud.net https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ https://carnivalmeetings.nonprod.carnivalcloud.net https://carnivalmeetings.prod.carnivalcloud.net; worker-src blob: 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.marthastewart.com 1
default-src 'self' 'unsafe-inline'; img-src * data:; frame-ancestors 'self' 1
script-src 'sha256-1az3CiAdXAaMP3TFl5msfrDjNuSHMdg1ecAgxfZPR50=' 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/chromium-website/ 1
child-src 'self' *.adform.net *.cloudfront.net *.criteo.com *.criteo.net ivario.eu *.optimizely.com *.selbstbauprofi.de *.sindholm.com *.sociomantic.com *.toom.de *.tp-de.net  *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com chat.guuru.com form.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.youtube.com www.youtube.de wkdpw.boels.com; frame-src 'self' *.adform.net *.curanto.de *.cloudfront.net *.criteo.com *.criteo.net ivario.eu *.optimizely.com toom-gewinnspiel.de *.selbstbauprofi.de *.sindholm.com *.sociomantic.com *.toom.de *.tp-de.net *.trbo.com *.usercentrics.eu *.webmasterplan.com *.youtube-nocookie.com app.parasol-island.com form.guuru.com chat.guuru.com configurator.3yourmind.com deutschland-rundet-auf.de efs-survey.com facebook.com maps.googleapis.com toom-baumarkt.de toom-de.boels.com toom-frame.3yourmind.com toom-rubbeln.safe-promotions.de toom.3yourmind.com www.efs-survey.com www.facebook.com www.findibus-online.de www.google.com/maps/ www.google.com/recaptcha/ www.toom-baumarkt.de www.toom.de toom.de www.youtube.com www.youtube.de wkdpw.boels.com *.appointedd.com test-dm-iframe.surge.sh anfangendev.de; object-src 'self'; upgrade-insecure-requests; 1
font-src 'self' data:; frame-ancestors 'none' 1
frame-ancestors 'self' https://*.kicker.de https://*.kicker-tippspiel.de 1
child-src blob:; connect-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://*.doubleclick.net https://*.giosg.com https://*.giosgusercontent.com *.whisbi.com static.customersaas.com teliase-259.qelpcare.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://*.adyen.com https://*.tf-b2c.com https://www.google-analytics.com ssgtm.telia.se https://optimizely.teliacompany.com; default-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; font-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io *.whisbi.com static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://*.tf-b2c.com data:; frame-src https://coverage.ddc.teliasonera.net https://glu2.han.telia.se https://*.doubleclick.net https://telia.bbvms.com static.customersaas.com static-accept.customersaas.com https://*.giosg.com https://*.giosgusercontent.com *.kampyle.com *.medallia.eu *.ace.teliacompany.com telia.humany.net https://*.adyen.com https://*.tf-b2c.com https://optimizely.teliacompany.com; img-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com *.whisbi.com https://dcosix8as1189.cloudfront.net https://s3-eu-west-1.amazonaws.com/whi-deck-bucket-001/ https://www.facebook.com/ d35v9wsdymy32b.cloudfront.net d3mwk3f7r8fv9u.cloudfront.net images.customersaas.com horizon-cms.s3.eu-central-1.amazonaws.com *.ace.teliacompany.com telia.humany.net https://telia-se.blueconic.net https://t944.telia.se *.kampyle.com *.medallia.eu https://*.adyen.com https://*.tf-b2c.com https://www.google-analytics.com https://www.google.com https://www.google.se https://www.googletagmanager.com https://optimizely.teliacompany.com data:; object-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io; report-uri /.api/csp-report/v1/report; script-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://telia-se.blueconic.net https://t944.telia.se https://*.giosg.com https://*.giosgusercontent.com *.whisbi.com https://connect.facebook.net static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu *.decibelinsight.net *.decibel.com wss://*.decibelinsight.net https://*.adyen.com https://*.tf-b2c.com https://www.google-analytics.com https://www.googletagmanager.com ssgtm.telia.se blob: https://optimizely.teliacompany.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' localhost https://www.telia.se https://www.preview.telia.se https://*.test.telia.se https://*.tse.telia.io https://*.tse-prod.telia.io https://*.giosg.com https://*.giosgusercontent.com *.whisbi.com static.customersaas.com static-accept.customersaas.com *.ace.teliacompany.com telia.humany.net *.kampyle.com *.medallia.eu https://*.adyen.com https://*.tf-b2c.com https://telia-se.blueconic.net https://t944.telia.se 'unsafe-inline'; worker-src blob: 1
frame-ancestors 'self' https://*.degruyter.com; script-src 'nonce-VMFerWeW9kNFEUdlusSncg==' 'strict-dynamic' 'self' dgbricks.foxycart.com cdnjs.cloudflare.com www.google-analytics.com connect.liblynx.com www.googletagmanager.com tag.manager.google.com mozilla.github.io cc.cdn.civiccomputing.com; object-src 'self' www.googletagmanager.com; base-uri 'none' 1
connect-src 'self' *.linkedin.com *.chilipiper.com cmstesting.salesloft.com https://munchkin.marketo.net https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.contentstack.io api.contentstack.io *.contentstack.io *.hotjar.com *.sequel.io *.salesloft.com *.adnxs.com unpkg.com *.hotjar.com *.hotjar.io *.6sc.co *.6sense.com *.nr-data.net/ *.analytics.google.com *.marketo.com *.mktoresp.com *.doubleclick.net *.google-analytics.com/ *.googletagmanager.com/ *.pantheonsite.io/ *.cookielaw.org/ *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.litix.io *.netdna-ssl.com https://api.company-target.com/api/v2/ip.json https://api.brightfunnel.com/v1/sd https://api-iam.intercom.io/messenger/web/ping wss://nexus-websocket-a.intercom.io/ https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-shims.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro.min.css https://ka-p.fontawesome.com/releases/v5.15.4/css/pro-v4-font-face.min.css https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/partner/5254305/domain/salesloft.com/token wss://wsp13.hotjar.com/api/v2/client/ws *.google.com *.googleoptimize.com *.hotjar.com *.introvoke.com *.mktoweb.com *.benchmarkseverywhere.com https://saasbenchmarks.ai/ https://live-salesloft-v2.pantheonsite.io/ https://test-salesloft-v2.pantheonsite.io/ https://images.contentstack.io https://slft-cons-preproduction.contentstackapps.com; font-src 'self' data: https://fonts.gstatic.com *.netdna-ssl.com https://js.intercomcdn.com/fonts/ *.fontawesome.com *.wistia.com *.bootstrapcdn.com; frame-src 'self' *.sequel.io *.chilipiper.com *.salesloft.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net https://staticxx.facebook.com/ http://www2.salesloft.com *.greenhouse.io/ *.megaphone.fm *.google.com/ *.contentstack.io *.contentstack.com *.spotify.com *.twitter.com *.facebook.com *.driftt.com *.drift.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io; img-src 'self' https: data: blob: *.netdna-ssl.com https://ssl.gstatic.com/; manifest-src 'self' blob:; media-src 'self' blob: *.driftt.com *.wistia.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com *.marketo.com *.netdna-ssl.com https://tagmanager.google.com/ https://fonts.googleapis.com/ *.salesloft.com *.bootstrapcdn.com *.google.com https://live-salesloft-v2.pantheonsite.io/ https://images.contentstack.io/; worker-src blob: data: *.netdna-ssl.com *.contentstackapps.com localhost:3000 salesloft.com cmstesting.salesloft.com; base-uri 'none'; frame-ancestors 'self' *.contentstack.com; default-src 'none'; script-src https: 'unsafe-eval' 'unsafe-inline' http://pages.salesloft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://tagmanager.google.com/ 'self'; 1
font-src 'self' fonts.gstatic.com p.typekit.net fonts.typekit.net use.typekit.net https://js.intercomcdn.com http://*.hotjar.com https://*.hotjar.com data: ; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ; worker-src *.deltadna.net blob: 'self' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.amplitude.com/ https://static.hotjar.com/ ; frame-src https://deltadna.freshdesk.com/ *.deltadna.net https://*.deltadna.com https://deltadna.com https://www.google.com https://checkout.stripe.com https://vars.hotjar.com https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net font-src: https://js.intercomcdn.com ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.sentry.io data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://api-iam.intercom.io https://api.amplitude.com/ https://cdn.cookielaw.org/ script-src: https://browser.sentry-cdn.com https://cdn.amplitude.com/ https://static.hotjar.com/ https://widget.intercom.io https://js.intercomcdn.com https://cdn.cookielaw.org/ *.onetrust.com image-src: media-src: https://static.intercomassets.com https://api.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.amplitude.com/ https://static.hotjar.com/ https://cdn.cookielaw.org/ *.onetrust.com https://browser.sentry-cdn.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments.com https://cdn.cookielaw.org/ ; child-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net font-src: https://js.intercomcdn.com ; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://download.deltadna.net *.deltadna.net ajax.googleapis.com animate.adobe.com use.edgefonts.net https://*.stripe.com https://api.freshworks.com deltadna.freshdesk.com p.typekit.net fonts.googleapis.com use.typekit.net www.googletagmanager.com api.status.io fonts.gstatic.com www.google-analytics.com https://www.google.com https://www.gstatic.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/widget_close.png https://js.intercomcdn.com 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com *.seznamakce.cz www.novinky.cz admin.novinky.cz *.novinky.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.novinky.cz https://www.novinky.cz 1
frame-ancestors 'self' https://*.gitee.com 1
default-src https://*.zoomgov.com https://zoomgov.com blob: 'self'; script-src https://zoomgov.com  https://*.zoomgov.com 'unsafe-eval' 'unsafe-inline' blob: about: https://ajax.aspnetcdn.com/ajax/3.5/MicrosoftAjax.js https://appsforoffice.microsoft.com https://assets.zendesk.com https://autocomplete.demandbase.com https://cdn-javascript.net https://cdn-js.net https://cdn.wootric.com https://cdncache-a.akamaihd.net https://connect.facebook.net https://consent.trustarc.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://pi.pardot.com https://ruanshi2.8686c.com https://s.dcbap.com https://s.ytimg.com https://s3.amazonaws.com https://scout-cdn.salesloft.com https://sealserver.trustwave.com https://secure-cdn.mplxtms.com https://serve2.cheqzone.com https://snap.licdn.com https://sp.analytics.yahoo.com https://static.zdassets.com https://hcaptcha.com https://assets.hcaptcha.com https://static2.sharepointonline.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tracking.g2crowd.com https://trk.techtarget.com https://www.comeet.co https://www.dropbox.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.recaptcha.net https://www.gstatic.com https://www.youtube.com https://hcaptcha.com https://assets.hcaptcha.com https://*.ada.support https://*.adroll.com https://*.google.com https://*.hotjar.com https://*.linkedin.com  https://*.zoomcloudpbx.com https://*.zopim.com https://adroll.com https://google.com https://cdn.cookielaw.org  https://linkedin.com https://source.zoomgov.com 'self'; img-src https: http: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: data: blob: 'self' 1
frame-ancestors default-src 'self' https://d2l.ucalgary.ca; 1
frame-ancestors 'self' *.miami.edu; 1
frame-ancestors 'self' *.wallet.airpay.sg *.shopee.kr *.airpay.sg *.shopeemobile.com *.shopee.sg *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-093ce966252507a92556a471691be3b1' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=5862033368355605; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=5862033368355605 1
default-src 'self' www.gartner.com www.youtube.com kapi.kakao.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' www.gartner.com developers.kakao.com static.zdassets.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com api.smooch.io maps.googleapis.com t1.kakaocdn.net;  style-src 'self'  www.gartner.com 'unsafe-inline';  img-src * blob: data:;  media-src *;  connect-src *;  font-src 'self' www.gartner.com data:; 1
default-src 'self' *.kpn.com; script-src 'self' cdn.blueconic.net kpn.blueconic.net assets.adobedtm.com *.kpn.com; style-src 'self'; img-src 'self'; font-src 'self'; connect-src 'self' kpn.blueconic.net; object-src 'self' 1
frame-ancestors *.3ds.com *.solidworks.com; base-uri 'self' 1
script-src'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ravelry.com https://*.ravelrycache.com https://*.doorbell.io https://plausible.io https://*.frontapp.com https://apis.google.com https://www.amazon.com https://www.dropbox.com https://*.googleapis.com https://*.google-analytics.com https://www.google.com https://*.gstatic.com https://maps.google.com *.nr-data.net https://*.newrelic.com https://*.twitter.com connect.facebook.net https://*.facebook.com https://*.pinterest.com; object-src 'self' *.ravelry.com *.macromedia.com *.etsy.com *.youtube.com *.vimeo.com *.vimeocdn.com *.gstatic.com; frame-src 'self' https://*.facebook.com https://docs.google.com https://accounts.google.com https://www.amazon.com https://*.spotify.com https://*.buffer.com https://*.vimeo.com https://*.vimeocdn.com https://*.youtube.com https://vine.co https://*.google.com https://*.twitter.com https://*.facebook.com https://*.pinterest.com chromenull://* chromeinvoke://* webviewprogressproxy://*; connect-src 'self' *.ravelry.com https://www2.ravelry.com doorbell.io:443 https://*.nr-data.net https://plausible.io https://*.dropbox.com https://www.ravelry.com wss://websocket.ravelry.com wss://websocket2.ravelry.com *.googleapis.com syndication.twitter.com; 1
frame-ancestors 'self' https://bluebelldigital.com/; report-to default 1
frame-ancestors 'self' http://vodafone.lookbookhq.com https://vodafone.lookbookhq.com http://*.vodafone.com https://*.vodafone.com https://app.contentful.com; 1
default-src https: data: vine:;img-src 'self' data: https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com https://t.co https://analytics.twitter.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://twemoji.maxcdn.com https://twitter.github.io/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vine.co https://*.twitter.com https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co https://platform.vine.co https://stats.g.doubleclick.net https://ssl.google-analytics.com https://ajax.googleapis.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co;media-src 'self' blob: https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://*.vncdn.co https://media.vineapp.com;object-src 'self' blob: https://vine.co https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com;connect-src 'self' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.twimg.com https://*.cdn.vine.co https://media.vineapp.com https://graph.facebook.com;font-src 'self' https://vine.co https://vines.s3.amazonaws.com https://archive.vine.co https://*.cdn.vine.co;report-uri https://twitter.com/i/csp_report?a=OZUW4ZI=&ro=false 1
default-src 'self' *.postman.co *.postman.com *.pstmn.io; base-uri 'self'; font-src 'self' data: *.getpostman.com *.postman.co *.cdn.postman.com fonts.gstatic.com www.postman.com fonts.googleapis.com cdnjs.cloudflare.com; frame-ancestors 'none'; frame-src looker.postman.co dl-preview-container.pstmn.io js.stripe.com hooks.stripe.com chart-embed.service.newrelic.com https://app.datadoghq.com/graph/embed https://app.datadoghq.eu/graph/embed https://youtube.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com/ https://runtime-assets.pstmn.io/; child-src 'self' *.postman.co *.postman.com blob:; worker-src 'self' *.postman.co *.cdn.postman.com blob:; object-src 'self'; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.nr-data.net *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io code.jquery.com google-analytics.com www.postman.com postman.com googletagmanager.com ssl.google-analytics.com cdnjs.cloudflare.com https://bi.pst.tech js-agent.newrelic.com js.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-fxjDZEQ5Wqjqcr4lyLLkLAV+PwY+TkFXFPaLYH9SZKH1YWHp'; style-src 'self' 'unsafe-inline' *.getpostman.com *.postman.co *.cdn.postman.com *.pstmn.io www.postman.com fonts.gstatic.com fonts.googleapis.com tagmanager.google.com cdnjs.cloudflare.com postman.com accounts.google.com; connect-src https://api.stripe.com http: ws://localhost:10533 https: wss://*.postman.co wss://*.gw.postman.co wss://*.gw.eu.postman.co wss://*.gw.postman.com wss://*.gw.eu.postman.com; report-uri https://sentry.postmanlabs.com/api/572/security/?sentry_key=9d37d7431bdc4c528702ec4d89fc93f7&sentry_environment=production 1
default-src * data: 'unsafe-inline' 'unsafe-eval' https: blob: 1
script-src 'nonce-JlrwOkEBYJ1pgTIT+49QAQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=ab6b513b-c34c-4c45-8fd1-699350f18981; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-d753f05fbe4a1386bedeef83e25a8847' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=9939994653444494; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=9939994653444494 1
default-src 'self' https://api.mixpanel.com; script-src 'self' 'unsafe-eval' 'nonce-vw/M1EJtfJm4SIes+W5PaCZGFTwAGtQUq/fcbk8QS9ZWpPve9CW6MVbxhTZeopQWzWf9HgCW2H9DE5IQs2sQjQ==' https://*.facebook.net https://www.facebook.com https://snap.licdn.com https://connect.liblynx.com https://sandbox.liblynx.com https://www.google-analytics.com https://optimize.google.com https://ssl.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdn.mxpnl.com https://cdn4.mxpnl.com https://api.mixpanel.com https://www.googletagmanager.com https://kit.fontawesome.com https://use.fontawesome.com https://pro.fontawesome.com https://scholar.google.com https://api.altmetric.com https://d1bxh8uas1mnw7.cloudfront.net https://js.trendmd.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://connect.liblynx.com https://sandbox.liblynx.com https://stats.g.doubleclick.net https://cdn.mxpnl.com https://images.mxpnl.com https://badges.altmetric.com https://d1uo4w7k31k5mn.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://shop.emerald.com/ https://www.facebook.com https://www.google-analytics.com https://api.mixpanel.com/ https://scholar.google.com https://*.trendmd.com https://cc.trendmd.co https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com https://d1bxh8uas1mnw7.cloudfront.net https://trendmd.s3.amazonaws.com https://css.trendmd.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://pro.fontawesome.com https://ka-p.fontawesome.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://www.googletagmanager.com https://optimize.google.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; object-src 'self' 1
frame-ancestors 'self' http://*.dji.com https://*.dji.com 1
script-src 'nonce-epHskhgFHVP+pbZd+rwbSw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=e052acc3-ca62-42f0-8369-c4fa971a9d46; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'none'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.matomo.cloud https://*.innocraft.cloud http://localhost; base-uri 'self' https://demo-web.matomo.org https://web.innocraft.cloud; prefetch-src 'self'; connect-src 'self' https://matomo.org  https://web.innocraft.cloud https://www.userlike.com https://cdn.plyr.io https://demo-web.matomo.org https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://chat.userlike.com wss://umd.userlike.com https://api.userlike.com https://video.matomo.org; script-src 'self' https://snap.licdn.com  https://userlike-cdn-umm.b-cdn.net https://web.innocraft.cloud https://cdn.matomo.cloud https://embed.clickmeeting.com https://madmimi.com https://cdn.shortpixel.ai https://cdnjs.cloudflare.com https://www.youtube.com api.userlike.com https://d3dc1lgancj6l0.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://static.matomo.org https://demo-web.matomo.org https://m-img.org 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org; img-src 'self'   https://demo-web.matomo.org https://web.innocraft.cloud https://plugins.matomo.org https://qrcode.kaywa.com https://raw.githubusercontent.com https://user-images.githubusercontent.com https://m-img.org https://piwik.org https://matomo.org https://static.matomo.org https://video.matomo.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com data:; media-src 'self' https://video.matomo.org https://www.matomo.org https://matomo.org blob:; font-src 'self' https://userlike-cdn-umm.b-cdn.net https://demo-web.matomo.org https://web.innocraft.cloud https://static.matomo.org data:  https://github.com https://d3dc1lgancj6l0.cloudfront.net; frame-src 'self' https://www.facebook.com https://play.quickchannel.com https://matomo.clickmeeting.com https://embed.clickmeeting.com https://www.youtube-nocookie.com https://demo.matomo.cloud https://demo-web.matomo.org https://demo2.piwik.org https://demo2.matomo.org; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-609a69519ade16697d0f382d4e13016a' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=3260164310949809; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=3260164310949809 1
frame-ancestors 'self' *.chefkoch.de *.chefkoch-cdn.de www-chefkoch-de.cdn.ampproject.org 1
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://fws.gov; 1
default-src https:; img-src data: https: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https:; font-src data: https:; media-src blob: https:; worker-src https: 'unsafe-inline' 'unsafe-eval' blob:; 1
script-src  'unsafe-inline' data: *.dwstatic.com *.huya.com *.msstatic.com  *.huya.com:*  'unsafe-eval'  *.qq.com static2.fengkongcloud.com   http://127.0.0.1:20192 hm.baidu.com http://*.huya.com *.huyainfo.com blob: ;style-src  'unsafe-inline' *.dwstatic.com *.huya.com *.msstatic.com *.huyainfo.com;connect-src 'self' blob: data: *.huya.com *.huya.com:* http://*.huya.com wss://*.huya.com wss://*.mobgslb.tbcache.com wss://*.huya.com:* ws://*.huya.com ws://*.huya.com:* *.msstatic.com *.dwstatic.com hm.baidu.com *.qq.com *.smtcdns.net *.smtcdns.net:* *.ourdvsss.com *.ourdvsss.com:* *.mobgslb.tbcache.com *.ksyungslb.com *.ksyungslb.com:* *.w5cc.com wss://*.ourdvsss.com wss://*.ourdvsss.com:* http://*.msstatic.com *.yystatic.com http://*.yystatic.com vr.duowan.com http://vr.duowan.com wss://*.ksyungslb.com wss://*.ksyungslb.com:* *.jomodns.com wss://*.jomodns.com *.huya.info http://*.huya.info ws://*.huya.info wss://*.huya.info *.qvb.qcloud.com wss://*.qvb.qcloud.com *.host.00cdn.com *.host.00cdn.com:* wss://*.host.00cdn.com wss://*.host.00cdn.com:* huya-p.xylive.tv  wss://huya-p.xylive.tv *.pkoplink.com wss://*.pkoplink.com *.pkoplink.com:* wss://*.pkoplink.com:* wss://*.cdn1218.com wss://*.cdn1218.com:* *.cdn1218.com *.cdn1218.com:* wsapi-global.master.live  wss://*.szbdyd.com:* https://*.szbdyd.com:* wss://*.host.00cdn.com:* https://*.host.00cdn.com:* wss://*.ckeyer.com:* https://*.ckeyer.com:* *.aliyuncs.com wss://*.aliyuncs.com *.ppio.cloud:* wss://*.ppio.cloud:* *.xycdn.com *.p2cdn.com *.ppio.cloud wss://*.ppio.cloud http://*.ppio.cloud *.livehwc3.cn wss://*.livehwc3.cn *.bytefcdnrd.com wss//*.bytefcdnrd.com *.fcdnstatic-intl.com wss://*.fcdnstatic-intl.com *.v.smtcdns.net *.v.smtcdns.net:* *.qnqcdn.net  *.qnqcdn.net:* wss://*.qnqcdn.net wss://*.qnqcdn.net:* *.tlivemcdn.com wss://*.tlivemcdn.com *.tlivemcdn.com:* wss://*.tlivemcdn.com:* *.xdrtc.com wss://*.xdrtc.com *.cloudvdn.com:* wss://*.cloudvdn.com:* http://127.0.0.1:20882 http://127.0.0.1:21002 http://127.0.0.1:21122 http://127.0.0.1:21242 http://127.0.0.1:21362 *.livecdn.annuoxun.com wss://*.livecdn.annuoxun.com wss://*.hiecheimaetu.com:* *.hiecheimaetu.com:* *.hiecheimaetu.com wss://*.hiecheimaetu.com *.tliveapp.com wss://*.tliveapp.com *.massx.com wss://*.massx.com *.massx.com:* wss://*.massx.com:*;img-src *.dwstatic.com *.huya.com *.msstatic.com *.dwstatic.com http://*.dwstatic.com  *.huya.com:* hm.baidu.com *.hiido.com http://*.msstatic.com http://*.huya.com *.yy.com http://*.yy.com data: *.myqcloud.com ad.doubleclick.net *.qq.com about: hyweb-test.oss-cn-shenzhen.aliyuncs.com vhuya-img.oss-cn-hangzhou.aliyuncs.com *.huanjuyun.com *.yst.aisee.tv http://*.yst.aisee.tv wegame.gtimg.com web-diymaterial.oss-cn-shenzhen.aliyuncs.com web-diymaterial.oss-cn-shenzhen.aliyuncs.com *.myhuaweicloud.com qzapp.qlogo.cn http://qzapp.qlogo.cn *.aliyuncs.com *.yaoguo.com *.pubg8x.com *.myapp.com pgdt.gtimg.cn pgdt.ugdtimg.com adsmind.gdtimg.com;report-uri https://csp.huya.com/csp?sentry_id=101&sentry_key=8f7b23a903b842e5b61b8f8decd45478; 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.ro  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
frame-ancestors 'self' *.lbl.gov; 1
default-src 'self' 'nonce-mMvv1iYAAEu05fXkWeXCKg==' data: d1qwl4ymp6qhug.cloudfront.net;style-src 'self' 'unsafe-inline' d1qwl4ymp6qhug.cloudfront.net fonts.googleapis.com d3m86d30627p3p.cloudfront.net d1mh8m8kfx8806.cloudfront.net d1m1bhqxdvcj7y.cloudfront.net d1qwl4ymp6qhug.cloudfront.net embed.typeform.com;font-src 'self' data: d1qwl4ymp6qhug.cloudfront.net fonts.googleapis.com fonts.gstatic.com;script-src-elem 'self' 'nonce-mMvv1iYAAEu05fXkWeXCKg==' data: d1qwl4ymp6qhug.cloudfront.net *.flippingbook.com cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com www.googletagmanager.com cdn.mxpnl.com bat.bing.com tracking.g2crowd.com *.clarity.ms js.driftt.com www.youtube.com *.addthis.com *.addthisedge.com z.moatads.com embed.typeform.com widgets.tree-nation.com d17lvj5xn8sco6.cloudfront.net dbjkgof3vqn8e.cloudfront.net d2pxv2t07pst90.cloudfront.net d24ba410swlaj9.cloudfront.net d2pxv2t07pst90.cloudfront.net d33i2vgywgme2s.cloudfront.net d2acn53ctcwkeb.cloudfront.net dzl2wsuulz4wd.cloudfront.net d14d3gewu22anr.cloudfront.net *.doubleclick.net s7.addthis.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com conoret.com my.visme.co platform-api.sharethis.com buttons-config.sharethis.com count-server.sharethis.com t.sharethis.com;script-src 'self' 'nonce-mMvv1iYAAEu05fXkWeXCKg==' 'unsafe-eval' data: 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' 'sha256-beizslr6wW+733xFasCV0KHlmMzMj58NVIf2AVyJgEs=' 'sha256-nGHSZHe91dno5IugG5CzpYMY3VpExAeYdL+l7Tqkq6E=' d1qwl4ymp6qhug.cloudfront.net *.flippingbook.com cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com www.googletagmanager.com cdn.mxpnl.com bat.bing.com tracking.g2crowd.com *.clarity.ms js.driftt.com www.youtube.com *.addthis.com *.addthisedge.com z.moatads.com embed.typeform.com widgets.tree-nation.com d17lvj5xn8sco6.cloudfront.net dbjkgof3vqn8e.cloudfront.net d2pxv2t07pst90.cloudfront.net d24ba410swlaj9.cloudfront.net d2pxv2t07pst90.cloudfront.net d33i2vgywgme2s.cloudfront.net d2acn53ctcwkeb.cloudfront.net dzl2wsuulz4wd.cloudfront.net d14d3gewu22anr.cloudfront.net *.doubleclick.net s7.addthis.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com conoret.com www.google.com;connect-src 'self' https: wss: data: blob: http://ad.doubleclick.net;frame-src 'self' *.flippingbook.com catalogs.your-brand.org cld.mobi cld.bz *.cld.mobi *.cld.bz salespal.com *.salespal.com js.driftt.com www.youtube.com *.doubleclick.net *.addthis.com www.g2.com *.typeform.com securityscorecard.com widgets.tree-nation.com m.youtube.com my.visme.co d3a84z1hstjqzn.cloudfront.net player.vimeo.com;img-src 'self' blob: data: https: http://ad.doubleclick.net;media-src 'self' blob: data: https:; 1
default-src 'self' data: blob: *;script-src secure.facebook.com internalfb.com *.internalfb.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' s-static.internalfb.com *;connect-src internalfb.com *.internalfb.com secure.facebook.com *.facebook.com *.instagram.com *.cdninstagram.com *.fbcdn.net graph.intern.facebook.com wss://*.internalfb.com wss://*.internalfb.com:* wss://*.facebook.com:* https://*.whatsapp.com/graphql/ facebook.com *.facebook.net wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: 'self' https://*.google-analytics.com;font-src data: internalfb.com *.internalfb.com *.facebook.com *.fbcdn.net;img-src *.fbcdn.net *.facebook.com *.instagram.com *.cdninstagram.com internalfb.com *.internalfb.com data: blob: * https://*.google-analytics.com;media-src *.fbcdn.net internalfb.com *.internalfb.com data: blob: *;frame-src internalfb.com *.internalfb.com data: blob: *.facebook.com *;block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-m2qP4h2Iu5hGoFjfhUQtTw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
frame-ancestors 'self' https://alz.6connex.com act.alz.org alzwalk.giving 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.foodandwine.com 1
frame-ancestors 'self' *.boursorama-banque.com *.boursorama.com *.boursobank.com 1
default-src 'self' data: blob: *.clinch.co *.cookiebot.com 'unsafe-inline' *.google.com *.google.co.il *.googlesyndication.com *.g.doubleclick.net *.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.hsforms.net *.hsforms.com *.fontawesome.com *.gravatar.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hsleadflows.net *.hubspot.com *.hubapi.com *.doubleclick.net *.facebook.net *.facebook.com *.comeet.co comeet-euw-app.s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clinch.co *.cookiebot.com *.google.com *.google.co.il *.googlesyndication.com *.g.doubleclick.net *.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.hsforms.net *.hsforms.com *.fontawesome.com *.gravatar.com *.hs-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hsleadflows.net *.hubspot.com *.hubapi.com *.doubleclick.net *.facebook.net *.facebook.com *.comeet.co; 1
default-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval'         blob:         https://*.ads-twitter.com         https://*.authorize.net         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://cdn-assets-prod.s3.amazonaws.com         https://code.jquery.com         https://optimizely.s3.amazonaws.com;         style-src 'self' 'unsafe-inline'         https://*.authorize.net         https://*.ceros.com         https://*.eloqua.com         https://*.google.com         https://*.gsatic.com         https://*.licdn.com         https://*.optimizely.com         https://*.visa.com         https://fonts.googleapis.com;         font-src 'self'         data:         https://*.authorize.net         https://*.eloqua.com         https://*.visa.com         https://fonts.googleapis.com         https://fonts.gstatic.com;         img-src 'self'         data:         https://*.ads-twitter.com         https://*.adsrvr.org         https://*.authorize.net         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://i.ytimg.com         https://ib.adnxs.com         https://p.adsymptotic.com         https://t.co         https://yt3.ggpht.com;         frame-src 'self'         https://*.ads-twitter.com         https://*.authorize.net         https://*.ceros.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com;         connect-src 'self'         https://*.ads-twitter.com         https://*.authorize.net         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google.com         https://*.googleapis.com         https://*.googlesyndication.com         https://*.google-analytics.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.visa.com         https://*.youtube.com;         object-src 'self';         media-src 'self';         worker-src 'self'         blob:         https://*.authorize.net         https://*.contentsquare.net         https://*.contentsquare.com         https://*.google.com; 1
object-src 'none'; script-src 'nonce-SmscupoA0BYVKCY4UHf1lg==' 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri https://csp.withgoogle.com/csp/kaggle/20201130; frame-src 'self' https://www.kaggleusercontent.com https://www.youtube.com/embed/ https://polygraph-cool.github.io https://www.google.com/recaptcha/ https://www.docdroid.com https://www.docdroid.net https://kaggle-static.storage.googleapis.com https://kkb-production.jupyter-proxy.kaggle.net https://kkb-production.firebaseapp.com https://kaggle-metastore.firebaseapp.com https://apis.google.com https://content-sheets.googleapis.com/ https://accounts.google.com/ https://storage.googleapis.com https://docs.google.com https://drive.google.com https://calendar.google.com/; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://onlinechat.nic.cz https://test-ipv6.cz https://*.test-ipv6.cz https://piwik.nic.cz/piwik.js https://platform.twitter.com https://cdn.syndication.twimg.com https://s.ytimg.com https://*.googleapis.com https://*.google.com https://connect.facebook.net https://*.mapy.cz; object-src 'self'; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.nic.cz https://fonts.googleapis.com https://api.mapy.cz https://test-ipv6.cz; img-src *; media-src *; frame-src *; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://test-ipv6.cz https://*.test-ipv6.cz https://*.labs.nic.cz https://widget.nic.cz https://ipv4-widget.nic.cz https://ipv6-widget.nic.cz https://rdap.nic.cz https://www.rhybar.cz https://akademie.nic.cz https://piwik.nic.cz/piwik.php https://dns53.check.odvr.cz https://dot.check.odvr.cz https://doh.check.odvr.cz https://www.nic.cz/files/CORS/projects-bar/ https://mojeid.cz https://syndication.twitter.com; report-uri https://sentry.nic.cz/api/13/security/?sentry_key=fc89cece4f7d45e3b49d1ef9d0b48bf5 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://www.google-analytics.com http://mc.yandex.ru https://mc.yandex.ru https://live.airee.cloud https://webrtc.airee.cloud https://connect.facebook.net 1
default-src 'self' data: https://cloud.ccm19.de wss://api.session-replays.io https://api.session-replays.io https://lb-api.visitor-analytics.io https://app-worker.visitor-analytics.io https://visits.visitor-analytics.io https://*.tum.de https://tum.de https://www.google.com/ https://ajax.googleapis.com https://cse.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.br.de https://maps.google.de https://geoportal.bayern.de https://www.googleapis.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com https://encrypted-tbn2.gstatic.com https://encrypted-tbn3.gstatic.com https://ngp.zdf.de https://www.arte.tv https://zdfvodnone-vh.akamaihd.net https://img.youtube.com https://www.ardaudiothek.de https://tum.cloud.panopto.eu https://vimeo.com https://player.vimeo.com https://open.spotify.com https://spotify.com https://anchor.fm/ https://www.ardmediathek.de 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.love4porn.com love4porn.com a.magsrv.com ajax.cloudflare.com strbh.com ads.exoclick.com creative.videostube.live www.googletagmanager.com www.google-analytics.com; 1
default-src data: blob: 'self' 'unsafe-eval' 'unsafe-inline' *.basalam.com *.enamad.ir s3.amazonaws.com *.webengage.co *.doubleclick.net *.sanjagh.com deemanetwork.com js.userpilot.io *.webengage.com analytics.google.com *.google.com *.googletagmanager.com *.google-analytics.com *.clarity.ms *.heapanalytics.com basalam-com.arvanvod.ir *.goftino.com *.googleadservices.com *.jsdelivr.net *.googleoptimize.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.basalam.com *.goftino.com *.googleapis.com *.googleoptimize.com *.google.com ; script-src asset: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.basalam.com *.amazonaws.com *.googletagmanager.com *.doubleclick.net deemanetwork.com *.jsdelivr.net *.googleadservices.com *.heapanalytics.com  *.clarity.ms *.livechatinc.com *.yandex.ru *.google-analytics.com *.goftino.com *.webengage.com *.webengage.co *.google.com *.sanjagh.com *.userpilot.io *.googleoptimize.com ; img-src 'self' blob: data: android-webview-video-poster: *; script-src-elem * 'unsafe-inline' *.goftino.com; font-src 'self' data: *.basalam.com *.gstatic.com *.goftino.com ; connect-src blob: *;child-src blob: * ; report-uri https://sentry.basalam.com/api/73/security/?sentry_key=e696f707cdf14882a23cad482e848aa4 1
default-src 'self' d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com;script-src 'self' 'nonce-PBszjNPkBE' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' js.stripe.com d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com use.typekit.net www.google-analytics.com www.google.com www.gstatic.com cdn.carbonads.com srv.carbonads.net;font-src 'self' d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com *.typekit.net netdna.bootstrapcdn.com;style-src 'self' netdna.bootstrapcdn.com d2kfnvwohu0503.cloudfront.net staticinstapaper.s3.amazonaws.com staticinstapaper.s3.dualstack.us-west-2.amazonaws.com 'unsafe-inline';connect-src 'self' *.carbonads.net carbonads.net js.stripe.com www.google-analytics.com;frame-src 'self' js.stripe.com *.youtube.com youtube.com *.vimeo.com vimeo.com www.google.com ifttt.com;img-src * data:; 1
script-src 'nonce-YQ7wQJhbQnWMYU4XpPmOAw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_google; base-uri 'none' 1
frame-ancestors *.104.com.tw 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net *.googleoptimize.com cdn.jsdelivr.net static.ads-twitter.com snap.licdn.com *.googleadservices.com *.outbrain.com *.usabilla.com googleads.g.doubleclick.net analytics.twitter.com  cdn.hypemarks.com www.gstatic.com unpkg.com cdn.gbqofs.com c.lytics.io cdn.cookielaw.org addtocalendar.com d3js.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com cdn.jsdelivr.net *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com c.lytics.io *.nestlepurinacareers.com *.nestlejobs.com unpkg.com *.cloudfront.net *.usabilla.com addtocalendar.com; img-src 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com stats.g.doubleclick.net ade.googlesyndication.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com nova.collect.igodigital.com *.facebook.com www.google.co.in *.outbrain.com *.cloudfront.net *.ads.linkedin.com *.googletagmanager.com t.co p.adsymptotic.com analytics.twitter.com cdn.cookielaw.org c.lytics.io *.cloudfront.net *.usabilla.com *.google.com cdn.jsdelivr.net app.bowencraggs.com *.staticflickr.com; media-src 'self'; frame-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com *.doubleclick.net *.facebook.com *.google.com cdn.hypemarks.com *.cloudfront.net *.usabilla.com *.q4web.com; child-src 'self' blob: static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.cloudfront.net *.usabilla.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.google-analytics.com collect.analyze.ly secure-ds.serving-sys.com bam.nr-data.net *.g.doubleclick.net cdnjs.cloudflare.com pagead2.googlesyndication.com *.linkedin.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com c.lytics.io *.cookielaw.org *.nestlepurinacareers.com https://olivia.paradox.ai unpkg.com *.google.com report.nestle.gbqofs.io wss://ws.paradox.ai *.tintup.com *.us-east-1.amazonaws.com *.cloudfront.net *.usabilla.com maps.googleapis.com addtocalendar.com cdn.jsdelivr.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://kuleuven.be https://*.kuleuven.be https://*.edu.kuleuven.cloud ; 1
default-src 'self'; script-src 'self' c.mql5.com www.tradays.com www.metatrader5.com metatraderweb.app www.mql5.com content.mql5.com search.mql5.com https://c.paypal.com https://pay.google.com maps.googleapis.com maps.google.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com static.sumsub.com 'unsafe-inline' 'unsafe-eval'; style-src c.mql5.com www.tradays.com 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com; img-src 'self' msg1.mql5.com msg2.mql5.com msg3.mql5.com msg4.mql5.com c.mql5.com content.mql5.com charts.mql5.com www.mql5.com www.tradays.com www.metatrader5.com blob: data: *.tile.openstreetmap.org https://c.paypal.com https://b.stats.paypal.com https://dub.stats.paypal.com https://www.gstatic.com csi.gstatic.com maps.gstatic.com maps.google.com maps.googleapis.com chart.googleapis.com khms0.googleapis.com khms1.googleapis.com khms2.googleapis.com khms3.googleapis.com; media-src 'self' msg1.mql5.com msg2.mql5.com msg3.mql5.com msg4.mql5.com c.mql5.com www.metatrader5.com; font-src c.mql5.com fonts.gstatic.com fonts.googleapis.com; connect-src 'self' metatraderweb.app www.mql5.com www.metatrader5.com https://msg1.mql5.com wss://msg1.mql5.com https://msg2.mql5.com https://msg3.mql5.com https://msg4.mql5.com wss://msg2.mql5.com wss://msg3.mql5.com wss://msg4.mql5.com wss://gwt1.mql5.com wss://gwt2.mql5.com wss://gwt3.mql5.com wss://gwt4.mql5.com wss://gwt5.mql5.com wss://gwt6.mql5.com wss://gwt7.mql5.com wss://gwt8.mql5.com wss://gwt9.mql5.com wss://gwt10.mql5.com wss://gwt11.mql5.com wss://gwt12.mql5.com wss://gwt13.mql5.com wss://gwt14.mql5.com wss://gwt15.mql5.com wss://gwt99.mql5.com https://cdn.chatbot.com maps.googleapis.com; frame-src 'self' c.mql5.com www.tradays.com trade.metatrader5.com metatraderweb.app www.youtube.com https://c.paypal.com https://pay.google.com https://cdn.chatbot.com test-api.sumsub.com api.sumsub.com blob: mql5buy: mql4buy:; object-src 'self' c.mql5.com www.metatrader5.com www.youtube.com; worker-src 'self' c.mql5.com www.metatrader5.com www.youtube.com; 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com p.teads.tv t.contentsquare.net contentsquare.com admo.tv capture.trackjs.com widgets.trustedshops.com *.adition.com sdk.teester.com *.iadvize.com *.cloudflare.com *.jsdelivr.net *.amazonaws.com *.valiuz.com unpkg.com *.numerized.com numerized.fr numerized.com *.pinimg.com *.mopinion.com *.tradelab.fr *.rakuten.com *.yimg.com s.kk-resources.com *.mediarithmics.com *.trustedshops.com *.segment.com *.target2sell.com player.vimeo.com intljs.rmtag.com *.trackjs.com use.fontawesome.com *.smartsuppchat.com *.flagship.com app.contentsquare.com www.mobsuccess.com ad.atdmt.com *.hotjar.io party.spockee.io *.cloudfront.net aac.artengo-tennis.com widget.spockee.io decathlon.script.admo.tv *.tokbox.com *.opentok.com *.deafiline.net swrap.tradedoubler.com *.spockee.io d3o3q2c2a135bm.cloudfront.net d1qsuwoy74mm6g.cloudfront.net script.google.com script.googleusercontent.com *.linksynergy.com act-eu.rd.linksynergy.com dtm.decathlon.fr c81418.csd.dotomi.com login-ds.dotomi.com dtm.decathlon.co.uk *.decathlon.fr *.decathlon.co.uk pay.google.com analytics.tiktok.com s.kelkoogroup.net view.publitas.com scripts.publitas.com https://caast.tv https://*.caast.tv;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com capture.trackjs.com *.api.gouv.fr *.amazonaws.com *.iadvize.com *.valiuz.com *.luckyorange.com *.luckyorange.net *.mopinion.com *.numerized.com numerized.fr numerized.com api.teester.com ct.pinterest.com tracking-api-qk77g3b4wa-ew.a.run.app transaction-api-qk77g3b4wa-ew.a.run.app *.segment.com *.target2sell.com *.tradelab.fr wss://*.visitors.live vimeo.com *.yimg.com *.webgeoservices.com app.contentsquare.com decision.flagship.io cookie-matching.mediarithmics.com ib.adnxs.com manifest.prod.boltdns.net wss://xmpp-ha-alb.iadvize.com api.spockee.io aac.artengo-tennis.com wss://*.iadvize.com decathlon.mypangee.com decathlon.admo.tv www.google.com adservice.google.com t.teads.tv *.tokbox.com *.opentok.com *.spockee.io d3o3q2c2a135bm.cloudfront.net daxg4zxtk3miz.cloudfront.net script.google.com script.googleusercontent.com *.linksynergy.com cm.teads.tv player.teester.com image.teester.com sdk.teester.com decathlon-ttpx.com sheets.googleapis.com tracking-api-fr-4lasu2nlcq-ew.a.run.app fpc.decathlon.fr *.loadbee.com maintenance.decathlon.fr pay.google.com s.kelkoogroup.net s.kk-resources.com ws://*.spockee.io *.twilio.com wss://*.twilio.com lp.decathlon.fr https://caast.tv https://*.caast.tv wss://*.caast.tv https://*.mux.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com img.youtube.com capture.trackjs.com *.amazonaws.com *.bing.com *.flagship.com *.iadvize.com *.valiuz.com *.linksynergy.com *.mopinion.com prod.y-medialink.com *.pinimg.com ext-inv-cdn.presage.io *.pinterest.com widgets.trustedshops.com *.mediaforge.com *.rakuten.com *.segment.com *.target2sell.com *.tradelab.fr *.yahoo.com *.omnitagjs.com consent.jrs5.com sync.adotmob.com idsync.rlcdn.com consent.nxtck.com consent.dc-storm.com nxtck.com t.teads.tv cm.teads.tv *.hotjar.com *.hotjar.io www.mobsuccess.com aac.artengo-tennis.com *.deafiline.net swrap.tradedoubler.com l.teads.tv daxg4zxtk3miz.cloudfront.net image.teester.com play-lh.googleusercontent.com marketing.net.idealo-partner.com dtm.decathlon.fr c81418.csd.dotomi.com login-ds.dotomi.com dtm.decathlon.co.uk *.loadbee.com s.kelkoogroup.net s.kk-resources.com spockee-cdn.s3.ca-central-1.amazonaws.com https://*.caast.tv https://i.ytimg.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ https://storage.googleapis.com/sphere-assets-prod-71-hbfe/ *.amazonaws.com unpkg.com *.mopinion.com use.fontawesome.com static.iadvize.com cdnjs.cloudflare.com aac.artengo-tennis.com *.deafiline.net *.iadvize.com *.loadbee.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.amazonaws.com *.mopinion.com *.trustedshops.com use.fontawesome.com static.iadvize.com cdnjs.cloudflare.com *.deafiline.net *.loadbee.com;object-src view.publitas.com;base-uri 'self' pay.google.com;worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' decathlon.deafiline.net push-app-dev.deafiline.net push-app-dev.deafiline.net:1440 ws: player.teester.com image.teester.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.amazonaws.com *.akamaihd.net *.akafms.net *.deafiline.net player.teester.com https://*.mux.com https://*.caast.tv;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com decathlon-fr-fr--tst2.custhelp.com *.calameo.com halc.iadvize.com *.vimeo.com unequestion.decathlon.fr widget.activites.decathlon.fr *.hotjar.io *.cloudfront.net repair-hub.decathlon.net emersya.com decathlon.deafiline.net www.google.com app.livestorm.co video.eko.com www.shape3d.com d1di987mdgym2l.cloudfront.net player.teester.com image.teester.com www.pinterest.fr *.loadbee.com s.kelkoogroup.net s.kk-resources.com *.spockee.io d2smzkbxwgpfsi.cloudfront.net https://caast.tv https://*.caast.tv https://www.youtube-nocookie.com https://www.youtube.com https://*.youtube.com https://gagnezvosbillets-paris2024.decathlon.fr https://www.trouver-ma-piece.decathlon.fr;frame-ancestors 'self'; 1
frame-ancestors 'self' *.twitter.com; frame-src *.unodc.org *.twitter.com *.youtube.com *.powerbi.com *.youtube-nocookie.com public.tableau.com *.google.com mailchi.mp *.facebook.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com platform.twitter.com www.google.com www.gstatic.com www.recaptcha.net ; style-src 'self' 'unsafe-inline' ; img-src * data: blob: ; font-src 'self' fonts.googleapis.com fonts.gstatic.com ; connect-src 'self' opencollective.com www.google-analytics.com stats.g.doubleclick.net ; object-src 'none' ; child-src 'self' www.youtube.com www.google.com www.recaptcha.net ; frame-ancestors 'none' ; form-action 'self' www.paypal.com www.sandbox.paypal.com ; media-src 'self' pub.rachni.com ; block-all-mixed-content 1
default-src 'self' https://*.fontawesome.com https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://viewer.diagrams.net https://fonts.googleapis.com https://*.fontawesome.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' https://*.fontawesome.com fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org https://render.com https://*.render.com https://okteto.com https://*.okteto.com data: www.w3.org https://*.bestpractices.dev https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-u6b2YHtqGwL1edWEOMsrdw=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
frame-ancestors 'self' *.wallet.airpay.com.my *.shopee.kr *.airpay.com.my *.shopeemobile.com *.shopee.com.my *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
frame-ancestors 'self' https://*.schoology.com; 1
default-src 'self' fonts.googleapis.com *.gstatic.com data: 'unsafe-inline' 'unsafe-eval' blob: zenodo-broker.web.cern.ch zenodo-broker-qa.web.cern.ch maxcdn.bootstrapcdn.com cdnjs.cloudflare.com ajax.googleapis.com webanalytics.web.cern.ch 1
upgrade-insecure-requests;default-src https: wss: 'unsafe-inline' 'unsafe-eval' data:;media-src https: blob:;child-src https: blob:;font-src https: data:; img-src https: data:; 1
default-src 'self' *.10086.cn cdnjs.cloudflare.com pcache.cmam.migu.cn ccdownucrm.migudm.cn https://pc-dl.migufun.com:8443 pc-dl.migufun.com open.tyst.migu.cn p.cnwza.cn *.govwza.cn api.map.baidu.com *.bdimg.com *.baidu.com mgcdnvod.migucloud.com mgcdn.vod.migucloud.com 111.7.203.227 111.7.203.228 111.7.202.175 111.7.202.179 *.cmpassport.com blob: data: 'unsafe-inline' 'unsafe-eval'; 1
base-uri 'self';frame-ancestors 'self' https://apac1-proxy.adobemc.com https://experience.adobe.com https://widget.bajajfinserv.in/ org.altruist.BajajExperia com.Bajaj.bajajexperia https://www.bajajfinservmarkets.in/ org.altruist.BajajExperia  com.Bajaj.bajajexperia 1
default-src 'self' *.qurancdn.com cdn.plaid.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://vitals.vercel-insights.com  https://www.givingloop.org https://code.jquery.com https://www.google.com https://js.stripe.com https://ipinfo.io https://snap.licdn.com https://cdn.mouseflow.com https://www.paypal.com  https://wchat.eu.freshchat.com https://cdn.plaid.com https://cdnjs.cloudflare.com https://cdn.amplitude.com https://cdn.logrocket.io https://www.gstatic.com https://js.stripe.com;  font-src 'self' 'unsafe-inline' 'unsafe-eval' givingloop.org fonts.gstatic.com https://www.givingloop.org;  frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3 js.stripe.com  https://www.paypal.com www.paypal.com https://wchat.eu.freshchat.com https://www.google.com www.google.com;  style-src 'self' 'unsafe-inline' 'unsafe-eval' *.givingloop.org givingloop.org fonts.googleapis.com fonts.googleapis.com wchat.eu.freshchat.com;   img-src * data:;  media-src 'self' *.quranicaudio.com *.qurancdn.com https://qurancdn.com;  connect-src *; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://towardsdatascience.com https://*.towardsdatascience.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self';style-src 'self' https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval';script-src   https: 'unsafe-inline' 'unsafe-eval';img-src 'self' https://*.google.co.in https://*.google.co.id https://maps.gstatic.com https://maps.googleapis.com https://googleapis.com https://s-media-cache-ak0.pinimg.com https://i.pinimg.com https://*.cloudfront.net https://reviews.123rf.com https://wikipedia.org https://api.veritrans.co.id https://res.cloudinary.com https://image.shutterstock.com https://tineye.com https://stats.g.doubleclick.net https://doctor.halodoc.com https://www.google-analytics.com https://www.facebook.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://www.google.com https://www.google.com.sg data: *.xendit.co *.midtrans.com *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://impressions.onelink.me https://www.googletagmanager.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com https://js.xendit.co/v1/xendit.min.js https://www.gstatic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://twemoji.maxcdn.com https://s3.eu-west-1.amazonaws.com https://tidio-images-messenger.s3.amazonaws.com https://ciwss.com https://media.glassdoor.com https://halolab-assets.prod.halodoc.com https://braze-images.com;connect-src 'self' https://pinimg.com https://*.cloudfront.net https://123rf.com https://fonts.gstatic.com https://tineye.com https://res.cloudinary.com https://image.shutterstock.com https://www.halodoc.com https://halodoc-sumba.s3-ap-southeast-1.amazonaws.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://s3-ap-southeast-1.amazonaws.com https://doctor.halodoc.com https://web-halodoc-api.prod.halodoc.com https://qiscus-lb.api.halodoc.com wss://qiscus-mqtt.api.halodoc.com:1886/mqtt https://api.midtrans.com https://cdn.appsflyer.com https://cdn.ampproject.org https://cdn.amplitude.com https://api.amplitude.com/ https://s.yimg.com https://api.midtrans.com https://api.veritrans.co.id https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://sp.analytics.yahoo.com https://fonts.googleapis.com https://www.google.com.sg https://www.google.com https://fcm.googleapis.com *.midtrans.com *.xendit.co *.veritrans.co.id *.mixpanel.com *.google-analytics.com https://firebaseinstallations.googleapis.com https://banner.appsflyer.com https://wa.onelink.me https://wa.appsflyer.com https://websdk.appsflyer.com https://halodoc-sumba.s3.ap-southeast-1.amazonaws.com https://web.prod.halodoc.com https://script.google.com https://script.googleusercontent.com https://creatives-cdn.appsflyer.com https://events-logger.appsflyer.com https://af-event-logger.appsflyer.com/log-event https://js.xendit.co/v1/xendit.min.js https://api.xendit.co https://sentry-new.tidio.co https://socket.tidio.co https://api-v2.tidio.co wss://sentry-new.tidio.co wss://socket.tidio.co wss://api-v2.tidio.co https://sdk.iad-05.braze.com https://magneto.api.halodoc.com https://magneto-stage.api.halodoc.com https://erx.halodoc.com/ https://cdn.linkedin.oribi.io https://widget-v4.tidiochat.com https://bam.nr-data.net https://maps.googleapis.com https://pagead2.googlesyndication.com;font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://cdn.appsflyer.com data:;object-src 'none';frame-src *;media-src 'self' https://*.cloudfront.net http://*.cloudfront.net;base-uri 'self';form-action 'self';frame-ancestors 'self';upgrade-insecure-requests 1
default-src 'self' *.flexport.com *.wistia.com *.wistia.net;base-uri 'self' *.flexport.com;object-src 'none';child-src blob:;connect-src 'self' global.ketchcdn.com cdn.ketchjs.com *.ketch.com/* *.ketch.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com api.amplitude.com cdn.linkedin.oribi.io *.fullstory.com embedwistia-a.akamaihd.net *.litix.io *.wistia.com *.wistia.net rum-http-intake.logs.datadoghq.com sentry.io *.browser-intake-datadoghq.com ws.zoominfo.com *.getsitecontrol.com *.getsitectrl.com *.algolia.net *.algolianet.com *.algolia.io noembed.com www.facebook.com api-cdn.embed.ly *.mapbox.com *.clarity.ms *.bing.com ingesteer.services-prod.nsvcs.net api.growsurf.com js.zi-scripts.com *.auryc.com aorta.clickagy.com hemsync.clickagy.com api.schedule.zoominfo.com flexport.widget.insent.ai *.googlesyndication.com *.unifygtm.com *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws *.linkedin.com;font-src 'self' data: *.wistia.com *.wistia.net fonts.gstatic.com cdn.embedly.com *.auryc.com *.typekit.net;form-action 'self' tech.flexport.com www.facebook.com;frame-src 'self' mailto: www.facebook.com hackerone.com fast.wistia.com fast.wistia.net www.youtube.com public.tableau.com www.recaptcha.net td.doubleclick.net *.flexport.com cdn.embedly.com tpc.googlesyndication.com hemsync.clickagy.com flexport.widget.insent.ai;img-src 'self' data: *.doubleclick.net *.google-analytics.com *.googletagmanager.com analytics.twitter.com purecatamphetamine.github.io *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.ctfassets.net *.linkedin.com rs.fullstory.com t.co www.facebook.com i.ytimg.com i-cdn.embed.ly *.mapbox.com *.bing.com *.clarity.ms *.getsitecontrol.com *.getsitectrl.com heapanalytics.com *.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.cz *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gp *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws;script-src 'self' global.ketchcdn.com cdn.ketchjs.com *.ketch.com/* *.ketch.com 'unsafe-eval' *.google-analytics.com *.googletagmanager.com connect.facebook.net edge.fullstory.com *.wistia.com *.wistia.net googleads.g.doubleclick.net *.getsitecontrol.com *.getsitectrl.com pi.pardot.com snap.licdn.com static.ads-twitter.com tech.flexport.com ws.zoominfo.com www.googleadservices.com www.recaptcha.net www.gstatic.com www.gstatic.cn *.algolianet.com *.algolia.net cdn.embedly.com www.youtube.com *.bing.com *.clarity.ms *.mapbox.com netlify-rum.netlify.app cdn.heapanalytics.com flexport.widget.insent.ai js.zi-scripts.com tags.clickagy.com ws-assets.zoominfo.com schedule.zoominfo.com *.growsurf.com *.unifygtm.com *.linkedin.com 'sha256-Sd5i4Hpq5vnevEslYSz86Pc+dJwR0/Xx+m9QvADxDQY=' 'sha256-eLOfYH9EQFm+zDuIeewTxCQJuvXcC+WX4Vfb8C/PkEU=' 'sha256-5xQLbpK/VFJMsgHUfqXi8zHwbPlJzuxtfINjByxjSIw=' 'nonce-jjsUU+iWdcjgHzHmp2o6Rw==';style-src 'self' 'unsafe-inline' fast.wistia.com fonts.googleapis.com cdn.embedly.com *.typekit.net;worker-src 'self' blob:;media-src 'self' blob: videos.ctfassets.net *.wistia.com *.wistia.net;report-uri https://o26092.ingest.sentry.io/api/1847116/security/?sentry_key=89a88bc5d40744adacdc99621950997c 1
default-src 'self' *.google-analytics.com *.google.com analytics.google.com *.irancell.ir *.mtnirancell.ir trustseal.enamad.ir www.googletagmanager.com tagmanager.google.com *.openstreetmap.org stats.g.doubleclick.net say.ir 'unsafe-inline' 'unsafe-eval' data: blob: ws: ; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.irancell.ir *.mtnirancell.ir 1
base-uri 'none';connect-src 'self' https://maps.googleapis.com https://www.facebook.com;default-src 'self';font-src 'none';frame-ancestors 'none';frame-src https://*.facebook.com;img-src 'self' data: https://maps.gstatic.com https://play.google.com https://www.facebook.com;media-src 'none';object-src 'none';script-src 'self' https://*.googleapis.com https://connect.facebook.net 'unsafe-eval' 'unsafe-inline';script-src-attr 'none';script-src-elem 'self' https://*.googleapis.com https://connect.facebook.net 'sha256-rX/6Tuj7MHCZgQjbp4mqNgU0ddBr0q14wj5+V43YIqo=' 'sha256-4sNwvmWshEzqW5S25HVAak+QIUCkjYSbAaQ7Ieh/EDA=' 'sha256-tY0MYts/+n6ReU7Y15MkUtMy6XIIBi0/uPZFvCi0ZIE=';style-src 'self' 'unsafe-inline' 1
default-src 'self' *.hkcsl-5g.com www.1010-5g.com *.facebook.com *.instagram.com *.taboola.com *.doubleclick.net *.google-analytics.com *.ytimg.com *.netvigator.com *.kudostat.com *.google.com *.google.com.hk;       connect-src 'self' s.yimg.com *.tealiumiq.com *.hkcsl-5g.com www.1010-5g.com *.netvigator.com *.google.com *.google.com.hk *.google-analytics.com *.doubleclick.net *.taboola.com;       script-src 'self' *.createjs.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com s.yimg.com *.tiqcdn.com *.jquery.com *.google.com *.hkcsl-5g.com www.1010-5g.com *.cheqzone.com *.echarts.baidu.com *.netvigator.com *.taboola.com *.hkt.com *.shop.hkt.com *.hktshop.com *.google-analytics.com *.googleadservices.com *.kudostat.com *.googletagmanager.com *.doubleclick.net *.facebook.net  *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval';      img-src 'self' *.yahoo.com *.tealiumiq.com *.pccw.com *.googleadservices.com *.hkcsl-5g.com www.1010-5g.com *.facebook.net *.w3.org *.ytimg.com *.cheqzone.com *.netvigator.com *.google.com *.google.com.hk *.kudostat.com *.hkt.com *.shop.hkt.com *.hktshop.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.instagram.com *.taboola.com data:;      style-src 'self' *.hkcsl-5g.com www.1010-5g.com *.googleapis.com *.netvigator.com *.hkt.com *.shop.hkt.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net 'unsafe-inline';      frame-src 'self' key2connect.com *.hkcsl-5g.com www.1010-5g.com *.hkt.com *.shop.hkt.com *.cheqzone.com *.facebook.com *.instagram.com *.taboola.com *.hkt.com *.shop.hkt.com *.youtube.com *.doubleclick.net  *.google.com *.pccw.com *.matterport.com;      font-src 'self' *.hkcsl-5g.com www.1010-5g.com *.cheqzone.com *.facebook.com *.instagram.com *.taboola.com *.hkt.com *.shop.hkt.com *.youtube.com *.doubleclick.net  *.google.com *.pccw.com *.matterport.com *.gstatic.com data:; 1
frame-ancestors https://www.postermywall.com/ 1
frame-ancestors https://app.roll20.net https://roll20.net https://marketplace.roll20.net https://*.inspectlet.com 1
script-src 'nonce-R8ASMiWyaxZziQR3KW74jA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=ddee8db0-72d1-41bd-9837-3c343cfc8357; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.contentsquare.com my.tealiumiq.com t.contentsquare.net q-eu1.az.contentsquare.net k-eu1.az.contentsquare.net q-aeu1.contentsquare.net k-aeu1.contentsquare.net c.az.contentsquare.net r.contentsquare.net c.contentsquare.net l.contentsquare.net https://googleads.g.doubleclick.net https://www.googleadservices.com googletagmanager.com *.googletagmanager.com collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net snap.licdn.com code.highcharts.com http://pbs.twimg.com irs.tools.investis.com maps.googleapis.com s.ytimg.com http://i3.ytimg.com www.youtube.com blob: www.recaptcha.net www.gstatic.com brightcove.net *.brightcove.net brightcove.com  *.brightcove.com tags.tiqcdn.com tags.tiqcdn.cn facebook.com connect.facebook.net ads.linkedin.com www.linkedin.com dc.ads.linkedin.com twitter.com analytics.twitter.com static.ads-twitter.com adsymptotic.com hsbcglobalcommon.tt.omtrdc.net vjs.zencdn.net pws.internal.hsbc *.pws.internal.hsbc hsbc.com; connect-src 'self' pagead2.googlesyndication.com cdn.linkedin.oribi.io t.contentsquare.net q-eu1.az.contentsquare.net k-eu1.az.contentsquare.net q-aeu1.contentsquare.net k-aeu1.contentsquare.net c.az.contentsquare.net r.contentsquare.net c.contentsquare.net l.contentsquare.net manifest.prod.boltdns.net collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net cf.brightcove.com *.cf.brightcove.com ingestion-upload-production.s3.amazonaws.com bcvp0rtal.com *.bcvp0rtal.com gallerysites.net *.gallerysites.net vjs.zencdn.net *.vjs.zencdn.net hlstoken-a.akamaihd.net *.hlstoken-a.akamaihd.net media.brightcove.com *.media.brightcove.com cloudfront.net *.cloudfront.net analytics.edgekey.net *.analytics.edgekey.net akafms.net *.akafms.net llnwd.net *.llnwd.net llnw.net *.llnw.net brightcove.vo.llnwd.net *.brightcove.vo.llnwd.net uds.ak.o.brightcove.com *.uds.ak.o.brightcove.com hls.ak.o.brightcove.com *.hls.ak.o.brightcove.com players.brightcove.net *.players.brightcove.net o.brightcove.com *.o.brightcove.com bcovlive-a.akamaihd.net *.bcovlive-a.akamaihd.net sep.bcovlive.io *.sep.bcovlive.io bcovlive.io *.bcovlive.io api.bcovlive.io *.api.bcovlive.io api.brightcove.com *.api.brightcove.com bcove.video *.bcove.video brightcove.net *.brightcove.net *.brightcovecdn.com boltdns.net *.boltdns.net hsbcglobalcommon.sc.omtrdc.net dpm.demdex.net brightcove.com *.brightcove.com bcsecure01-a.akamaihd.net *.akamaihd.net hsbcglobalcommon.tt.omtrdc.net brightcove.com *.brightcove.com www.youtube.com; img-src 'self' adservice.google.com ad.doubleclick.net my.tealiumiq.com dpm.demdex.net t.contentsquare.net q-eu1.az.contentsquare.net k-eu1.az.contentsquare.net q-aeu1.contentsquare.net k-aeu1.contentsquare.net c.az.contentsquare.net r.contentsquare.net c.contentsquare.net l.contentsquare.net boltdns.net media.licdn.com *.boltdns.net collect.tealiumiq.com cm.everesttech.net hsbcbankcommon.demdex.net https://www.google.com https://www.google.co.uk px.ads.linkedin.com pxl.yoptima.com pixel.quantserve.com i.ytimg.com http://i3.ytimg.com data:  http://pbs.twimg.com sprcdn-assets.sprinklr.com media-exp1.licdn.com dms.licdn.com brightcove.net  *.brightcove.net brightcove.com *.brightcove.com tags.tiqcdn.com twitter.com analytics.twitter.com static.ads-twitter.com adsymptotic.com tags.tiqcdn.cn facebook.com connect.facebook.net ads.linkedin.com www.linkedin.com dc.ads.linkedin.com hsbcglobalcommon.tt.omtrdc.net hsbcglobalcommon.sc.omtrdc.net akamaihd.net *.akamaihd.net maps.gstatic.com maps.googleapis.com blob: pws.internal.hsbc *.pws.internal.hsbc hsbc.com; style-src 'self' 'unsafe-inline' players.brightcove.net; base-uri 'self'; form-action 'self'; font-src 'self' data:; frame-src 'self' https://td.doubleclick.net csxd.hsbc.com *.demdex.net youtube-nocookie.com *.youtube-nocookie.com *.recaptcha.net recaptcha.net players.brightcove.net www.youtube.com www.google.com irs.tools.investis.com; media-src 'self' blob: akafms.net *.akafms.net llnwd.net *.llnwd.net llnw.net *.llnw.net media.brightcove.com *.media.brightcove.com brightcovecdn.com *.brightcovecdn.com boltdns.net *.boltdns.net video.twimg.com dms.licdn.com pws.internal.hsbc *.pws.internal.hsbc hsbc.com hsbcbankcommon.demdex.net brightcove.com *.brightcove.com *.akamaihd.net t.contentsquare.net q-eu1.az.contentsquare.net k-eu1.az.contentsquare.net q-aeu1.contentsquare.net k-aeu1.contentsquare.net c.az.contentsquare.net r.contentsquare.net c.contentsquare.net l.contentsquare.net; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://cdn.greenhousegroup.com https://cdnjs.cloudflare.com/ajax/libs/basicModal/3.3.9/basicModal.min.js https://cdn.jsdelivr.net/gh/bramkorsten/ https://app.eu.pendo.io https://pendo-eu-static.storage.googleapis.com https://cdn.eu.pendo.io https://pendo-eu-static-4527820689702912.storage.googleapis.com https://data.eu.pendo.io; connect-src 'self' https://*.lemonpi.io https://cdn.jsdelivr.net/gh/bramkorsten/ https://app.eu.pendo.io https://data.eu.pendo.io https://pendo-eu-static-4527820689702912.storage.googleapis.com ws:; img-src * data: blob:; media-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://public-assets.os.wpp.com/fonts/ https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com/ajax/libs/basicModal/3.3.9/basicModal.min.css https://cdnjs.cloudflare.com/ajax/libs/css-spinning-spinners/1.1.1/load4.css https://unpkg.com/balloon-css/balloon.min.css https://app.eu.pendo.io https://cdn.eu.pendo.io https://pendo-eu-static-4527820689702912.storage.googleapis.com data:; frame-ancestors 'self' https://*.lemonpi.io https://app.eu.pendo.io https://*.wpp-stage.os-dev.io https://*.os.wpp.com; font-src 'self' data: https://*.lemonpi.io https://fonts.gstatic.com https://public-assets.os.wpp.com/fonts/ https://use.typekit.net  chrome-extension:; frame-src https://lemonpi-prod-templates.s3.amazonaws.com https://lemonpi-test-templates.s3.amazonaws.com https://www.google.com https://templates.lemonpi.io/ https://templates-test.lemonpi.io/ http://localhost:*/ http://127.0.0.1:*/ https://app.eu.pendo.io ; report-uri https://sentry.lemonpi.io/api/37/security/?sentry_key=2a59c9b4a41445c69bb6e35986859c5e; child-src https://app.eu.pendo.io 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unequalbrake.com a.pub.network *.adswizz.com *.a-f.io *.google-analytics.com *.quantserve.com *.googletagmanager.com *.google.com *.nr-data.net www.gstatic.com *.quantcast.com *.scorecardresearch.com *.consensu.org *.mxpnl.com *.newrelic.com *.hadronid.net *.adsafeprotected.com *.quantcount.com *.videoplayerhub.com www.googletagservices.com *.facebook.com *.confiant-integrations.net *.facebook.net *.cdn-apple.com *.twitter.com *.stripe.com btloader.com *.amazon-adsystem.com *.doubleclick.net *.criteo.net *.googlesyndication.com *.cookielaw.org secure.cdn.fastclick.net cdn.id5-sync.com https://*; img-src 'self' data: *.audiomack.com *.google-analytics.com merequartz.com *.adsafeprotected.com *.facebook.com *.scorecardresearch.com google-analytics.com data: *; connect-src 'self' 'unsafe-inline' *.audiomack.com *.a-f.io *.quantcast.com *.pub.network *.mxpnl.com *.advertising.com *.adswizz.com *.quantcount.com *.doubleclick.net audiomack.test *.googleapis.com optimise.net *.facebook.com *.consensu.org *.newrelic.com *.gstatic.com *.facebook.net unequalbrake.com *.scorecardresearch.com *.google-analytics.com *.googletagmanager.com *.google.com data: *; frame-src 'self' *.audiomack.com *.google.com *.googlesyndication.com *.adswizz.com *.stripe.com *.pubmatic.com *.openx.net *.3lift.com *.casalemedia.com *.indexww.com gum.criteo.com cdn.undertone.com *.lijit.com ads.yieldmo.com contextual.media.net js-sec.indexww.co ads.pubmatic.com eus.rubiconproject.com *.facebook.com *; font-src 'self' data: fonts.gstatic.com; object-src 'self'; media-src 'self' *.audiomack.com * data:; frame-ancestors 'self' 1
default-src 'self' data: 'unsafe-inline' blob: 'unsafe-eval' msport.com *.msport.com www.msport.com www.msport.com:443 wss://*.msport.com wss://*.msport.com:443 spribegaming.com *.spribegaming.com *.spribe.io sportradar.com *.sportradar.com wss://*.sportradar.com *.betradar.com *.aitcloud.de *.akamaized.net scorebat.com *.scorebat.com wss://*.zopim.com *.zendesk.com zdassets.com *.zdassets.com *.zopim.com *.zopim.io *.fullstory.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.co *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com facebook.net *.facebook.net facebook.com *.facebook.com *.outbrain.com *.taboola.com *.llnwd.net *.sentry.io *.tenor.com *.alicdn.com *.ucweb.com *.ytimg.com *.bing.com *.microsoft.com *.yandex.ru *.cloudflare.com *.youtube.com; report-uri /api/ng/csp-report-endpoint?version=7 1
frame-src *; font-src 'self' https://*.gstatic.com *.gstatic.com data: https://yastatic.net chrome-extension; connect-src 'self' wss://prodoctorov.ru wss://medotvet.me *.yandex.ru *.google-analytics.com https://*.yandex.ru https://yandex.ru https://mc.yandex.com https://mc.yandex.md ajax.googleapis.com https://analytics.google.com https://region1.analytics.google.com https://www.google.ru https://translate.googleapis.com yandex.st https://yandex.st yastatic.net https://fcm.googleapis.com https://stats.g.doubleclick.net https://sentry.medrating.org https://sentry.prodoctorov.com https://*.facebook.com https://prodoctorov.ru https://rate.prodoctorov.ru https://rate-metrics.prodoctorov.ru https://app.medtochka.ru wss://app.medtochka.ru https://r.prodoctorov.ru https://ymetrica1.com/; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://prodoctorov.ru *.google.com https://www.google.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com https://*.googleapis.com www.google.com https://*.gstatic.com https://*.yandex.net https://yandex.ru https://*.yandex.ru *.yandex.ru *.gstatic.com https://clck.yandex.ru *.twitter.com https://*.twitter.com yandex.st https://yandex.st https://connect.ok.ru vk.com https://www.youtube.com https://s.ytimg.com https://www.googletagmanager.com https://googletagmanager.com https://yastatic.net yastatic.net https://connect.facebook.net seal.websecurity.norton.com dunsregistered.dnb.com https://yookassa.ru https://*.yoomoney.ru; object-src 'self' *.googlesyndication.com https://*.googlesyndication.com; img-src 'self' data: 'unsafe-inline' https://prodoctorov.ru https://protabletky.ru https://medotvet.me https://*.google-analytics.com *.google-analytics.com yastatic.net https://yastatic.net *.yandex.ru https://*.yandex.ru https://yandex.ru *.yandex.net https://*.yandex.net yandex.st https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz *.google.com  https://*.google.com  *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.gstatic.com *.gstatic.com vk.com https://*.vk.com *.youtube.com *.twitter.com https://*.twitter.com *.googlezip.net https://*.ggpht.com https://www.googletagmanager.com https://*.facebook.com https://*.google.ru https://*.mail.ru seal.websecurity.norton.com www.honcode.ch https://prodoctorov.ru blob:; style-src 'self' 'unsafe-inline' https://prodoctorov.ru https://*.googleapis.com *.googleapis.com https://*.gstatic.com *.gstatic.com yastatic.net yandex.st https://tagmanager.google.com https://app.medlock.ru; media-src 'self' *.yandex.net yandex.st yastatic.net *.yandex.ru blob:; report-uri https://prodoctorov.ru/cspreport/ 1
frame-ancestors 'self' dziendobry.tvn.pl *.tvn.pl 1
script-src 'nonce-61fac1acd601471152948edb892b770f' 'strict-dynamic'; object-src 'none'; base-uri 'none' 1
frame-ancestors 'self' https://*.shiksha.com 1
default-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval'         https://*.ads-twitter.com         https://*.cybersource.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.storygize.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://cdn-assets-prod.s3.amazonaws.com         https://code.jquery.com         https://optimizely.s3.amazonaws.com         https://storygize.com;         style-src 'self' 'unsafe-inline'         https://*.cybersource.com         https://*.ceros.com         https://*.eloqua.com         https://*.google.com         https://*.gsatic.com         https://*.licdn.com         https://*.optimizely.com         https://*.visa.com         https://fonts.googleapis.com;         font-src 'self'         data:         https://*.cybersource.com         https://*.eloqua.com         https://*.visa.com         https://fonts.googleapis.com         https://fonts.gstatic.com;         img-src 'self'         data:         https://*.ads-twitter.com         https://*.adsrvr.org         https://*.cybersource.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.google-analytics.com         https://*.googleadservices.com         https://*.googletagmanager.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.storygize.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://i.ytimg.com         https://ib.adnxs.com         https://p.adsymptotic.com         https://storygize.com         https://t.co         https://yt3.ggpht.com;         frame-src 'self'         https://*.ads-twitter.com         https://*.cybersource.com         https://*.ceros.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.facebook.com         https://*.facebook.net         https://*.google.com         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.storygize.com         https://*.twitter.com         https://*.visa.com         https://*.youtube.com         https://storygize.com;         connect-src 'self'         https://*.ads-twitter.com         https://*.cybersource.com         https://*.bing.com         https://*.ceros.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.cookiereports.com         https://*.doubleclick.net         https://*.eloqua.com         https://*.en25.com         https://*.facebook.net         https://*.google.com         https://*.googleapis.com         https://*.googlesyndication.com         https://*.google-analytics.com         https://*.gstatic.com         https://*.idio.episerver.net         https://*.licdn.com         https://*.linkedin.com         https://*.optimizely.com         https://*.storygize.com         https://*.visa.com         https://*.youtube.com         https://storygize.com;         object-src 'self';         media-src 'self';         worker-src 'self'         blob:         https://*.cybersource.com         https://*.contentsquare.net         https://*.contentsquare.com         https://*.google.com; 1
frame-ancestors *.n11.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.seriouseats.com 1
img-src 'self' *.consumerfinance.gov www.ecfr.gov s3.amazonaws.com img.youtube.com *.google-analytics.com *.googletagmanager.com optimize.google.com api.mapbox.com *.tiles.mapbox.com blob: data: www.gravatar.com *.qualtrics.com *.mouseflow.com i.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumerfinance.gov dap.digitalgov.gov *.googleanalytics.com *.google-analytics.com *.googletagmanager.com *.googleoptimize.com optimize.google.com api.mapbox.com js-agent.newrelic.com bam.nr-data.net gov-bam.nr-data.net *.youtube.com *.ytimg.com *.mouseflow.com *.geo.census.gov about: www.federalregister.gov *.qualtrics.com; default-src 'self'; media-src 'self' *.consumerfinance.gov; connect-src 'self' *.consumerfinance.gov *.google-analytics.com *.googleoptimize.com *.tiles.mapbox.com api.mapbox.com bam.nr-data.net gov-bam.nr-data.net s3.amazonaws.com public.govdelivery.com n2.mouseflow.com *.qualtrics.com raw.githubusercontent.com; frame-src 'self' *.consumerfinance.gov *.googletagmanager.com *.google-analytics.com *.googleoptimize.com optimize.google.com www.youtube.com *.qualtrics.com mailto:; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.consumerfinance.gov optimize.google.com fonts.googleapis.com api.mapbox.com 1
script-src 'unsafe-inline' 'unsafe-eval' http: https:; worker-src data: 1
frame-ancestors 'self' https://*.sanity.io https://*.sanity.build https://hjaelp-community-studio-git-staging.sanity-io.vercel.app  https://community.sanity.tools 1
base-uri 'self'; default-src 'self'; connect-src 'self' blob: https://tenor.com https://*.tenor.co https://*.tenor.com https://*.googleapis.com https://api-v1.tenor.com https://*.google-analytics.com https://*.doubleclick.net https://pixel.mtrcs.samba.tv; script-src 'self' data: blob: https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com https://*.google-analytics.com https://*.facebook.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://pixel.mtrcs.samba.tv https://*.google.com 'nonce-N2FmNmVjY2EtMzg4OS00N2EzLWFjNjMtZTkwN2MwYTUxODgw' 'unsafe-eval'; style-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com 'unsafe-inline'; font-src 'self' https://tenor.co https://tenor.com https://*.tenor.co https://*.tenor.com; img-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/ https://tenor.googleapis.com/ https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.com https://pixel.mtrcs.samba.tv http: https:; media-src 'self' blob: data: https://media.tenor.co https://media.tenor.com https://media1.tenor.co https://media1.tenor.com https://c.tenor.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.facebook.com/tr/ https://*.google.com https://*.googleapis.com; object-src 'none' 1
frame-ancestors dr.paziresh24.com *.paziresh24.com https://user.paziresh24.com https://studio.plasmic.app 1
frame-ancestors 'self' https://*.kariyer.net 1
frame-ancestors www.ouedkniss.com 1
default-src 'self';script-src https://fonts.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.kr stats.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net https://www.gstatic.com https://accounts.google.com https://appleid.cdn-apple.com www.facebook.com staticxx.facebook.com connect.facebook.net *.sentry.io wcs.naver.net wcs.naver.com t1.kakaocdn.net kauth.kakao.com *.ads-twitter.com *.twitter.com sdk.iad-06.braze.com https://js.appboycdn.com https://appboy-images.com https://braze-images.com https://*.ridi.zone https://*.ridi.io https://*.ridi.com https://ridi.com https://*.ridibooks.com https://ridibooks.com https://books.ridibooks.com https://*.ridicdn.net https://unpkg.com https://cdn.jsdelivr.net https://use.fontawesome.com https://js.tosspayments.com https://event.tosspayments.com https://api.tosspayments.com https://log.tosspayments.com https://connect.tosspayments.com https://analytics.tiktok.com https://t1.daumcdn.net https://xpay.uplus.co.kr https://mobile.inicis.com https://stdpay.inicis.com https://stdux.inicis.com https://websdk.appsflyer.com https://api.paygate.net https://service.paygate.net 'self' 'unsafe-inline';base-uri 'none';object-src 'none';worker-src 'blob:';img-src 'self' data: https://*.amazonaws.com wcs.naver.com http://t.co https://t.co https://fonts.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.kr stats.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net https://www.gstatic.com https://accounts.google.com https://appleid.cdn-apple.com www.facebook.com staticxx.facebook.com connect.facebook.net *.sentry.io wcs.naver.net wcs.naver.com t1.kakaocdn.net kauth.kakao.com *.ads-twitter.com *.twitter.com sdk.iad-06.braze.com https://js.appboycdn.com https://appboy-images.com https://braze-images.com https://*.ridi.zone https://*.ridi.io https://*.ridi.com https://ridi.com https://*.ridibooks.com https://ridibooks.com https://books.ridibooks.com https://*.ridicdn.net https://unpkg.com https://cdn.jsdelivr.net https://use.fontawesome.com https://js.tosspayments.com https://event.tosspayments.com https://api.tosspayments.com https://log.tosspayments.com https://connect.tosspayments.com https://analytics.tiktok.com https://t1.daumcdn.net https://xpay.uplus.co.kr https://mobile.inicis.com https://stdpay.inicis.com https://stdux.inicis.com https://websdk.appsflyer.com https://api.paygate.net https://service.paygate.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.kr stats.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net https://www.gstatic.com https://accounts.google.com https://appleid.cdn-apple.com www.facebook.com staticxx.facebook.com connect.facebook.net *.sentry.io wcs.naver.net wcs.naver.com t1.kakaocdn.net kauth.kakao.com *.ads-twitter.com *.twitter.com sdk.iad-06.braze.com https://js.appboycdn.com https://appboy-images.com https://braze-images.com https://*.ridi.zone https://*.ridi.io https://*.ridi.com https://ridi.com https://*.ridibooks.com https://ridibooks.com https://books.ridibooks.com https://*.ridicdn.net https://unpkg.com https://cdn.jsdelivr.net https://use.fontawesome.com https://js.tosspayments.com https://event.tosspayments.com https://api.tosspayments.com https://log.tosspayments.com https://connect.tosspayments.com https://analytics.tiktok.com https://t1.daumcdn.net https://xpay.uplus.co.kr https://mobile.inicis.com https://stdpay.inicis.com https://stdux.inicis.com https://websdk.appsflyer.com https://api.paygate.net https://service.paygate.net;frame-src 'self' ridi: www.facebook.com staticxx.facebook.com connect.facebook.net bid.g.doubleclick.net www.google.com accounts.google.com connect.tosspayments.com stdpay.inicis.com stdux.inicis.com postcode.map.daum.net;connect-src 'self' https://*.amazonaws.com https://browser-intake-datadoghq.com https://fonts.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.kr stats.g.doubleclick.net www.googleadservices.com googleads.g.doubleclick.net https://www.gstatic.com https://accounts.google.com https://appleid.cdn-apple.com www.facebook.com staticxx.facebook.com connect.facebook.net *.sentry.io wcs.naver.net wcs.naver.com t1.kakaocdn.net kauth.kakao.com *.ads-twitter.com *.twitter.com sdk.iad-06.braze.com https://js.appboycdn.com https://appboy-images.com https://braze-images.com https://*.ridi.zone https://*.ridi.io https://*.ridi.com https://ridi.com https://*.ridibooks.com https://ridibooks.com https://books.ridibooks.com https://*.ridicdn.net https://unpkg.com https://cdn.jsdelivr.net https://use.fontawesome.com https://js.tosspayments.com https://event.tosspayments.com https://api.tosspayments.com https://log.tosspayments.com https://connect.tosspayments.com https://analytics.tiktok.com https://t1.daumcdn.net https://xpay.uplus.co.kr https://mobile.inicis.com https://stdpay.inicis.com https://stdux.inicis.com https://websdk.appsflyer.com https://api.paygate.net https://service.paygate.net;font-src 'self' https: data: 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totalav.com https://award.totalav.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totalav.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totalav.com http://url.totalav.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com/ https://www.mczbf.com/; worker-src 'self' blob; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totalav.com https://www.google.com/; connect-src 'self' https://my.totalav.com https://ajax.totalav.com https://login.totalav.com https://signup.totalav.com https://my.totalav.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totalav.com https://www.mczbf.com/; frame-ancestors 'self' 1
frame-ancestors 'self' *.kugou.com 1
frame-ancestors 'self' https://console.wetest.net https://beacon.woa.com/ https://*.qq.com https://*.wetest.net 1
frame-ancestors 'self' icrc.org *.icrc.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net/  https://js.hsleadflows.net/  https://js.usemessages.com/ https://js.hsadspixel.net/  https://js.hs-banner.com/  https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://js.hsforms.net/ https://www.google.com/ https://*.google-analytics.com/ https://www.google-analytics.com/analytics.js https://www.gstatic.com/ https://www.googleoptimize.com/ https://*.googletagmanager.com/ https://*.recaptcha.net/ https://*.mapbox.com/  https://unpkg.com/ https://js.usemessages.com/  https://js.hsleadflows.net/ https://maps.googleapis.com/ https://*.twitter.com/ https://*.instagram.com/ https://connect.facebook.net/ https://secure.adnxs.com/ https://*.ads-twitter.com/ https://www.googleadservices.com/ https://*.adnxs.com/ https://bat.bing.com/ https://*.vimeocdn.com/ https://js-na1.hs-scripts.com/ https://www.youtube.com/ https://*.vimeo.com https://*.hotjar.com https://www.icrcnewsroom.org https://*.cloudflare.com/ https://*.zencdn.net/ https://web-chat.global.assistant.watson.appdomain.cloud https://*.yandex.ru https://*.ext.icrc.org  https://*.test.icrc.org/ https://*.getblue.io; object-src 'self'; 1
default-src data: bama.ir *.bama.ir; font-src bama.ir *.bama.ir https://fonts.gstatic.com data:; img-src bama.ir *.bama.ir https://trustseal.enamad.ir eanjoman.ir https://eanjoman.ir https://*.google.com https://google-analytics.com https://*.google-analytics.com https://www.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://ssl.gstatic.com https://www.gstatic.com blob: data:; worker-src bama.ir *.bama.ir; style-src 'unsafe-inline' bama.ir *.bama.ir https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bama.ir *.bama.ir https://m.asanpardakht.com/cdn/asanbridge-1.0.2.min.js https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js; connect-src bama.ir *.bama.ir https://trustseal.enamad.ir eanjoman.ir https://eanjoman.ir apm.bama.ir https://apm.bama.ir      https://*.google.com https://www.google-analytics.com https://*.googleapis.com https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com https://*.g.doubleclick.net ; form-action bama.ir *.bama.ir; frame-ancestors bama.ir *.bama.ir https://m.asanpardakht.ir https://m.asanpardakht.com https://pwa.dev.tasn.ir https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com ; frame-src bama.ir *.bama.ir https://google-analytics.com https://*.google-analytics.com https://googletagmanager.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://marketingplatform.google.com ; object-src 'none'; base-uri bama.ir *.bama.ir; upgrade-insecure-requests 1
base-uri 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'strict-dynamic' 'nonce-YVqXeTiuTNbDs3kpqNTHb5LCOtqKwDFP';upgrade-insecure-requests; 1
frame-ancestors https://stat-01.ccc.eu https://ccc.eu 1
frame-ancestors 'self' https://*.canalrcn.com https://canalrcn.com https://*.canalrcndigital.com https://*.canalrcn.tech https://noticiasrcn.com https://*.noticiasrcn.com; 1
frame-ancestors 'self' https://*.inconvo.chat https://*.yougov.chat 1
default-src 'self' *.googleapis.com *.landbot.io wss://*.firebaseio.com *.youtube.com vimeo.com *.vimeo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://ds-aksb-a.akamaihd.net *.landbot.io *.firebaseio.com cdn.jsdelivr.net/ *.youtube.com vimeo.com *.vimeo.com *.go-mpulse.net https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' data: https: http://fonts.googleapis.com; img-src * 'self' data: https:; media-src * 'self' data: https:; frame-src * 'self' data: https:; child-src * 'self' data: https:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.landbot.io https://cdnjs.cloudflare.com/ajax/libs/font-awesome/; report-uri /report-csp-violation 1
default-src 'self' blob: wss: data: https:; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https:; style-src 'self' 'unsafe-inline' data: https:; 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' * 'unsafe-eval' blob: *; worker-src 'self' blob:; 1
default-src 'self';child-src 'self' blob:;connect-src 'self' maps.tilehosting.com api.maptiler.com allegro.pl ngastatic.com *.allegrogroup.com storage.googleapis.com rs.fullstory.com wss://*.allegrosandbox.pl:* wss://*.allegrogroup.com:* wss://allegrolokalnie.pl wss://*.allegrolokalnie.pl:* sentry.io *.easypack24.net www.google-analytics.com analytics.google.com *.analytics.google.com stats.g.doubleclick.net ngacm.com *.qualaroo.com osm.inpost.pl connect.facebook.net www.google.com www.facebook.com googleads.g.doubleclick.net maps.googleapis.com region1.google-analytics.com edge.allegro.pl;font-src 'self' data: geowidget.easypack24.net fonts.googleapis.com *.analytics.google.com fonts.gstatic.com maxcdn.bootstrapcdn.com lokalnie-prod-assets.storage.googleapis.com;img-src 'self' data: blob: storage.googleapis.com *.allegroimg.allegrosandbox.pl *.allegroimg-test.qxlint *.allegroimg.pl *.allegroimg.com www.google.com geowidget.easypack24.net maps.gstatic.com maps.googleapis.com www.google.pl www.google-analytics.com analytics.google.com *.analytics.google.com www.facebook.com *.openstreetmap.org osm.inpost.pl api.mapbox.com *.googleapis.com optimize.google.com rs.fullstory.com assets.allegrostatic.com lokalnie-prod-assets.storage.googleapis.com;style-src 'self' 'unsafe-inline' api.tiles.mapbox.com cdn.klokantech.com geowidget.easypack24.net fonts.googleapis.com *.analytics.google.com unpkg.com api.mapbox.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com optimize.google.com assets.allegrostatic.com lokalnie-prod-assets.storage.googleapis.com;script-src 'self' polyfill.io maps.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.google.com cl.qualaroo.com ngastatic.com *.google-analytics.com *.analytics.google.com edge.fullstory.com *.allegrogroup.com 'unsafe-inline' 'unsafe-eval' data: geowidget.easypack24.net turbo.qualaroo.com unpkg.com api.mapbox.com cdn.jsdelivr.net osm.inpost.com optimize.google.com *.googleoptimize.com connect.facebook.net www.recaptcha.net www.gstatic.com rs.fullstory.com assets.allegrostatic.com lokalnie-prod-assets.storage.googleapis.com;frame-src 'self' optimize.google.com dntcl.qualaroo.com www.recaptcha.net www.gstatic.com www.facebook.com;frame-ancestors 'self' https://*.allegrogroup.com http://localhost:* 1
default-src 'self' *.carbonblack.io carbonblack.io *.cbcloud.de cbcloud.de *.cbcloud.sg cbcloud.sg *.duosecurity.com gstatic.com fonts.gstatic.com 'unsafe-inline' 1
default-src 'self' https://*.google.com https://auth.zonatelecom.ru/ https://*.zonatelecom.ru *.zonatelecom.ru ws://*.zonatelecom.ru wss://*.zonatelecom.ru *.svc.team www.google-analytics.com https://vk.com https://mc.yandex.ru https://yastatic.net https://*.doubleclick.net http://*.zonatelecom.ru https://*.mail.ru https://*.yandex.ru https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js https://*.carrotquest.app http://*.carrotquest.app wss://*.carrotquest.app ws://*.carrotquest.app https://*.carrottrack.io wss://*.carrottrack.io  https://*.payselection.com wss://*.payselection.com ws://*.payselection.com;base-uri 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.zonatelecom.ru blob:;img-src 'self' https://cdn.zonatelecom.ru *.svc.team *.zonatelecom.ru https://www.google.com https://www.google.ru www.googletagmanager.com https://www.google-analytics.com https://vk.com https://*.vk.com https://mc.yandex.ru https://*.mail.ru https://*.maps.yandex.net https://*.yandex.ru https://*.carrotquest.app http://*.carrotquest.app data: blob: https:;connect-src https: 'self' ws://*.carrotquest.app wss: ws://bitrix24.zonatelecom.ru uaas.yandex.ru *.zonatelecom.ru wss://*.payselection.com;font-src 'self' fonts.gstatic.com;manifest-src 'self';object-src 'none';script-src 'self' https://*.svc.team http://*.svc.team https://auth.zonatelecom.ru/ https://*.zonatelecom.ru 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com https://vk.com https://mc.yandex.ru https://yastatic.net https://*.mail.ru https://*.yandex.ru https://*.maps.yandex.net https://widget.cloudpayments.ru/bundles/cloudpayments.js https://popup-static.unisender.com abt.s3.yandex.net https://*.carrotquest.app http://*.carrotquest.app wss://*.carrotquest.app ws://*.carrotquest.app https://*.carrottrack.io http://*.carrottrack.io wss://*.carrottrack.io  ws://*.carrottrack.io  https://*.payselection.com;frame-src 'self' https://*.payselection.com https://widget.cloudpayments.ru https://www.google.com https://bitrix24.zonatelecom.ru/ https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://*.zonatelecom.ru/ https://www.zonatelecom.ru/ https://*.carrotquest.app http://*.carrotquest.app https://*.auth.svc.team https://*.payselection.com http://localhost:3000/ http://*.ztk-front.svc.team https://*.ztk-front.svc.team;frame-ancestors 'self' https://*.payselection.com https://widget.cloudpayments.ru https://www.google.com https://bitrix24.zonatelecom.ru/ https://yandex.ru https://apps.zonatelecom.ru/ https://auth.zonatelecom.ru/ https://*.zonatelecom.ru/ https://www.zonatelecom.ru/ https://*.auth.svc.team https://*.payselection.com http://localhost:3000/ http://*.ztk-front.svc.team https://*.ztk-front.svc.team 1
base-uri 'none'; object-src 'none'; img-src *; style-src 'unsafe-inline' 'self'; script-src https: 'nonce-f037442390a87160e49541425a6523ca' 'strict-dynamic' 'unsafe-inline'; 1
default-src 'self'  blob:  data:  https:  https://*.assets.schwarz  https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.youtube-nocookie.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  data:  https://csp.cre.lidl-shop.com; frame-src https://*.doubleclick.net  https://*.discoverfy.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.youtube-nocookie.com  https://cdn.aplazame.com/  https://checkout.aplazame.com/  https://consentcdn.cookiebot.com/  https://creativecdn.com  https://*.creativecdn.com  https://form.lidl.com/  https://forms-prod.enc-test.de/  https://gum.criteo.com  https://sorteo.esdelidl.es  https://static.criteo.net  https://www.google.com  https://www.youtube.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; img-src 'self'  data:  https:  https://*.assets.schwarz  https://*.doubleclick.net  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  data:; object-src https://*.leaflets.schwarz  https://*.livebuy.io  https://*.tradedoubler.com  data:; script-src 'self'  'unsafe-eval'  'unsafe-inline'  blob:  https:  https://*.doubleclick.net  https://*.discoverfy.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.livebuy.io  https://*.medallia.eu  https://*.tradedoubler.com  https://ajax.googleapis.com  https://c.searchhub.io  https://creativecdn.com  https://*.creativecdn.com  https://recommendations.lidl-shop.com  https://www.googletagmanager.com  https://www.youtube.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com  data:; style-src 'self'  'unsafe-inline'  https:  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl.es  https://*.medallia.eu  https://*.tradedoubler.com  https://*.visualwebsiteoptimizer.com  https://app.vwo.com  https://chart.googleapis.com; frame-ancestors 'self'  https://*.lidl.com  https://*.lidl.es  https://*.livebuy.io  https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://cdnjs.cloudflare.com https://js.hs-banner.com https://js.hsadspixel.net https://js.usemessages.com https://www.google-analytics.com https://www.googletagmanager.com https://doubleclick.net https://*.doubleclick.net https://snap.licdn.com https://www.youtube-nocookie.com https://sumo.com https://*.sumo.com https://*.livechatinc.com https://*.hs-scripts.com https://*.hs-analytics.net https://go.pardot.com https://*.cleartax-cdn.com https://*.clarity.ms https://*.google.com https://*.gstatic.com https://*.sumome.com https://code.jquery.com https://*.cloudfront.net https://*.googleapis.com https://www.googleadservices.com https://*.website-files.com https://*.webflow.io https://cleartax.mynexthire.com; font-src 'self' data: https://*.cleartax-cdn.com https://*.gstatic.com https://*.website-files.com; img-src 'self' data: https://www.facebook.com https://*.linkedin.com https://*.google.com/ https://*.cleartax-cdn.com https://img.youtube.com https://cleartax-media.s3.amazonaws.com https://www.google.co.in https://assets.clear.in https://www.googletagmanager.com https://sumome.com https://*.website-files.com https://*.cloudfront.net https://*.jquery.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://*.google.com https://*.cleartax-cdn.com https://*.googleapis.com https://*.clarity.ms https://*.gstatic.com https://*.website-files.com https://*.jquery.com; default-src 'self' 'unsafe-inline' https://*.google.com/ https://www.incometax.gov.in https://go.arena.im https://assets1.cleartax-cdn.com https://www.googletagmanager.com https://www.redditmedia.com https://assets.cleartax-cdn.com https://*.gstatic.com https://www.google-analytics.com https://js-agent.newrelic.com https://api.portal.peppercontent.in https://cleartax.in https://*.cleartax.in https://vc.hotjar.io https://*.cleartax.co https://*.cleartax.com https://cleartax.com https://www.youtube.com https://i.tryinteract.com https://cleartax-media.s3.amazonaws.com https://*.cloudfront.net https://web.archive.org https://img.youtube.com https://*.googleusercontent.com https://v.24liveblog.com https://sentry.io https://px.ads.linkedin.com https://doubleclick.net https://*.doubleclick.net https://platform.twitter.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com/ https://i.ytimg.com https://code.jquery.com https://*.googleapis.com https://www.google.co.in https://*.clarity.ms https://sumome.com https://*.sumome.com https://clear.in https://*.clear.in https://www.w3schools.com https://cdnjs.cloudflare.com http://localhost:80 https://*.website-files.com https://cleartax.mynexthire.com https://sumo.com https://*.sumo.com https://*.livechatinc.com https://*.hs-scripts.com https://www.youtube-nocookie.com https://*.hubapi.com https://*.hubspot.com https://*.webflow.io 1
policy-uri /parivahan//'self' 1
default-src 'self'; img-src 'self' data: *; object-src 'self'; connect-src 'self' https://www.goodsync.com https://www.google-analytics.com https://api.reviews.co.uk https://knrpc.olark.com https://*.doubleclick.net https://analytics.google.com https://www.google.com https://pagead2.googlesyndication.com https://bat.bing.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.goodsync.com/ https://tagmanager.google.com/ https://static.olark.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://assets.olark.com https://api.olark.com https://knrpc.olark.com https://static.olark.com https://widget.reviews.co.uk https://www.googletagmanager.com/ https://widget.reviews.io https://www.google-analytics.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://*.doubleclick.net/ https://tagmanager.google.com/ https://bat.bing.com/ https://www.youtube.com/ https://s.ytimg.com/ https://tpc.googlesyndication.com; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.goodsync.com https://static.olark.com; frame-src 'self' https://control.goodsync.com/ https://www.goodsync.com https://jobs.goodsync.com https://docs.google.com https://www.google.com https://static.olark.com https://widget.reviews.co.uk https://widget.reviews.io/ https://*.doubleclick.net/ https://www.youtube.com/ https://s.ytimg.com/ https://tpc.googlesyndication.com; media-src 'self' https://static.olark.com 1
frame-ancestors 'self' *.intuit.com; 1
default-src https://www.myherbalife.com/s_qHzAZQImAFMWMgsg/uim3LNztwV1aD7/XCItclc/VyMGKi5/8biw  * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://webtv.bundestag.de https://playerservice.cdn.tv1.eu https://statistik.bundestag.de; font-src 'self' data:; form-action 'self'; frame-src 'self' https://www.bundestag.de https://webtv.bundestag.de https://*.bundestag.de https://bundestag.de https://*.tv1.eu; img-src https: data: *; object-src 'self' https://www.bundestag.de https://bundestag.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://statistik.bundestag.de https://webtv.bundestag.de https://*.tv1.eu; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://www.bundestag.de https://bundestag.de https://www.bundestag.de.staging.babiel.com https://bundestag.de.staging.babiel.com https://www.bundestag.de.dev.babiel.com https://bundestag.de.dev.babiel.com; 1
default-src 'self' blob: https://epsilon.6sense.com https://console.jumpcloud.com https://jump-cloud.navattic.com wss://*.intercom.io https://*.intercom.io https://*.google.com https://bam.nr-data.net https://ct.capterra.com https://cdn.linkedin.oribi.io/partner/373868/domain/jumpcloud.com/token https://jumpcloud940.outgrow.us/ https://*.takingbackjuly.com https://optanon.blob.core.windows.net https://segmentcdn.jumpcloud.com https://c.6sc.co/ https://ipv6.6sc.co/ https://scout.salesloft.com https://www.youtube.com https://secure.adnxs.com https://xd.adobe.com https://embedwistia-a.akamaihd.net https://bat.bing.com https://api.segment.io https://*.litix.io https://calendly.com https://*.wistia.com https://*.wistia.net https://bam-cell.nr-data.net https://privacyportal.onetrust.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://js.driftt.com https://analytics.google.com/ https://cdn.segment.com https://ajax.googleapis.com https://www.facebook.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.doubleclick.net https://cdn.cookielaw.org https://*.clarity.ms https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.buzzsprout.com *.split.io; font-src 'self' data: fonts.gstatic.com use.typekit.net; img-src 'self' data: blob: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' blob: https://widget.intercom.io/widget/wgmb0rm8 https://js.intercomcdn.com https://www.youtube.com https://bam.nr-data.net https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.takingbackjuly.com https://cdn-assets-prod.s3.amazonaws.com https://segmentcdn.jumpcloud.com https://cdn.jsdelivr.net https://*.clarity.ms https://cloud.jumpcloud.com https://*.calendly.com https://cdn.pdst.fm https://cdn.pdst.fm https://bam-cell.nr-data.net https://pi.pardot.com https://js-agent.newrelic.com https://analytics.twitter.com https://platform.twitter.com https://grow.clearbitjs.com https://a.smtrk.net https://trk.techtarget.com https://static.ads-twitter.com https://*.wistia.net https://*.wistia.com https://js.driftt.com https://a.quora.com https://scout-cdn.salesloft.com https://www.redditstatic.com https://connect.facebook.net https://bat.bing.com https://j.6sc.co https://snap.licdn.com https://cdn.segment.com https://ajax.googleapis.com https://www.facebook.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.hotjar.com https://*.doubleclick.net https://cdn.cookielaw.org https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.buzzsprout.com https://geolocation.onetrust.com https://www.gstatic.com https://www.googleadservices.com https://dyv6f9ner1ir9.cloudfront.net/assets/js/sloader.js; style-src 'unsafe-inline' 'self' fonts.googleapis.com use.typekit.net p.typekit.net https://*.calendly.com; media-src 'self' data: blob: *; 1
base-uri 'self'; default-src 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' https: data: www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; script-src 'self' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com 'nonce-jdFnubTDBBAMrS8Xr7gJXdtXUrmVxhXK'; style-src 'self' https: data: 'unsafe-inline' www.openstreetmap.org siegel.ausgezeichnet.org www.google.com www.gstatic.com www.clickcease.com monitor.clickcease.com; object-src 'self'; form-action 'self'; 1
default-src 'self'; connect-src * 'self' data: https: blob:; font-src 'self' data: https:; frame-src 'self' data: https:;  img-src * 'self' data: https: blob:; script-src 'self' 'nonce-IvHiKNOPSZaDYTUVgHkHFvfAY04CwrGrHWnlSIdi4mU=' 'strict-dynamic' ; style-src 'self' 'unsafe-inline' *; form-action 'self' data: https:; media-src 'self' data: https: blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.xsolla.com https://*.xsolla.net; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' www.googletagmanager.com 'sha256-H37SquAxnCovYKQ5UcPozCmVVFCEkKb/7Zk4YDdYWzY=' https://connect.facebook.net 'sha256-DLvjV1tVrqrWlJw/KUGFA2ZjG9tYWwr5/e4TwzJ/oa8=' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.xsolla.com https://*.xsolla.net; script-src 'self' 'unsafe-eval' www.googletagmanager.com https://*.xsolla.com https://*.xsolla.net; connect-src 'self' https://api.gx.games https://api.stats.gx.games https://sentry-relay.opera-api.com https://s3.eu-north-1.amazonaws.com/prod.cloudsaves/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.xsolla.com https://*.xsolla.net; img-src 'self' data: blob: https://play.gxc.gg https://play.gx.games https://bonus.gx.games www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.xsolla.com https://*.xsolla.net; media-src https://play.gxc.gg https://play.gx.games https://bonus.gx.games; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; base-uri 'self'; manifest-src 'self'; frame-src https://play.gxc.gg https://play.gx.games https://bonus.gx.games https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.xsolla.com https://*.xsolla.net 1
frame-ancestors *.toast.com *.dooray.com dooray.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://challenges.cloudflare.com; font-src 'self' data: blob: https://gab.com; img-src 'self' https: data: blob: https://gab.com http://nginx-vm.shared *; style-src 'self' 'unsafe-inline' https://gab.com *; media-src 'self' https: data: https://gab.com blob:; frame-src 'self' https: https://challenges.cloudflare.com; manifest-src 'self' https://gab.com; worker-src 'self' blob: https://gab.com; connect-src 'self' blob: https://gab.com wss://gab.com https://*.gab.com https://srv.armanet.us; script-src 'self' https://gab.com https://*.gab.com https://challenges.cloudflare.com https://assets.armanet.us 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.cdnjs.network https://cdn.amplitude.com https://cdn.madkudu.com https://cdn.segment.com https://*.clickagy.com https://*.confirmic.com https://cdn-cookieyes.com https://*.sleeknote.com https://*.maze.co https://snap.licdn.com https://*.twitter.com https://static.ads-twitter.com https://*.zoominfo.com https://js.zi-scripts.com https://connect.facebook.net https://www.google-analytics.com https://*.googletagmanager.com https://js.chilipiper.com https://*.hotjar.com https://*.6sc.co https://*.youengage.me https://youengage.me https://*.cloudfront.net https://netlify-cdp-loader.netlify.app https://code.tidio.co https://widget-v4.tidiochat.com https://bat.bing.com https://*.demandbase.com; style-src 'self' 'unsafe-inline' https://*.maze.co https://fonts.googleapis.com https://*.hotjar.com https://*.youengage.me; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.datocms-assets.com https://*.maze.co https://js.zi-scripts.com https://ws.zoominfo.com https://api.schedule.zoominfo.com https://*.chilipiper.com https://api.amplitude.com https://cdn.segment.com https://api.segment.io https://*.cookieyes.com https://cdn-cookieyes.com https://*.confirmic.com https://*.clickagy.com https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cdn.simplecast.com https://*.oribi.io https://*.6sc.co https://*.6sense.com https://*.facebook.com https://*.goldcast.io https://*.adnxs.com https://*.youengage.me https://*.outgrow.us https://*.tidio.co sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https://px.ads.linkedin.com https://*.demandbase.com https://*.company-target.com wss://*.hotjar.com wss:; font-src 'self' data: https://*.maze.co https://fonts.gstatic.com https://*.chilipiper.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://www.youtube.com https://*.tidiochat.com; frame-src 'self' https://*.maze.co https://*.hotjar.com https://www.facebook.com https://*.chilipiper.com https://platform.twitter.com https://*.spotify.com https://player.simplecast.com https://www.youtube.com https://player.vimeo.com https://*.wistia.net https://*.clickagy.com https://youengage.me https://*.outgrow.us https://v2-embednotion.com/ https://pages.embednotion.com https://*.embednotionpage.com https://*.company-target.com https://app.netlify.com; frame-ancestors 'self'; img-src 'self' https://*.maze.co https://cdn-cookieyes.com https://*.rlcdn.com https://ws.zoominfo.com https://*.6sc.co https://*.doubleclick.net https://*.chilipiper.com https://analytics.sleeknote.com https://*.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://*.clickagy.com https://www.datocms-assets.com https://analytics.twitter.com https://t.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://i.vimeocdn.com https://i.ytimg.com https://*.facebook.com https://*.youengage.me https://tidio-images-messenger.s3.amazonaws.com cdnjs.cloudflare.com https://bat.bing.com blob: data:; manifest-src 'self'; media-src 'self' https://*.maze.co https://cdn.simplecast.com https://*.scdn.co widget-v4.tidiochat.com; worker-src 'none'; 1
frame-ancestors 'self' *.lpl.com; 1
frame-ancestors 'self' https://*.contentful.com https://*.ushmm.org https://*.main.ushmm.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://storage.unctad.org https://ws.sharethis.com https://www.google.com https://www.gstatic.com https://ajax.cloudflare.com https://t.sharethis.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://unpkg.com mdbootstrap.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://storage.unctad.org https://ws.sharethis.com https://www.google.com https://www.gstatic.com https://ajax.cloudflare.com https://datawrapper.dwcdn.net https://t.sharethis.com https://static.dwcdn.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://unpkg.com mdbootstrap.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://ws.sharethis.com https://storage.unctad.org/ https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://unpkg.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://platform.twitter.com https://cdn.syndication.twimg.com https://ton.twimg.com https://ws.sharethis.com https://storage.unctad.org/ https://ajax.cloudflare.com https://static.dwcdn.net https://cdn-images.mailchimp.com https://datawrapper.dwcdn.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://unpkg.com mdbootstrap.com use.fontawesome.com 1
default-src 'none'; img-src 'self' data: https://admin.media.liu.se https://post-image.getflowbox.com https://storage.gra.cloud.ovh.net https://www.liu.se https://liu.diva-portal.org https://www2.bibl.liu.se https://i.ytimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://d2rfa446ja7yzb.cloudfront.net; connect-src 'self' wss://ebbot.eu https://ebbot.eu https://storage.gra.cloud.ovh.net https://search.liu.se https://webstat.liu.se https://www2.bibl.liu.se https://chat-eu.libanswers.com https://vod-progressive.akamaized.net https://cicptqmkej.execute-api.eu-west-1.amazonaws.com https://9mn3sm7015.execute-api.eu-west-1.amazonaws.com https://a.getflowbox.com https://gateway.getflowbox.com https://powerva.microsoft.com https://75ef70113386e45c814f199b22604d.53.environment.api.powerplatform.com https://54bd0db7f610ef1ab766eb3adc3e4e.4d.environment.api.powerplatform.com wss://54bd0db7f610ef1ab766eb3adc3e4e.4d.environment.api.powerplatform.com https://directline.botframework.com wss://directline.botframework.com; frame-ancestors 'self' ; script-src 'self' https://storage.gra.cloud.ovh.net https://www.liu.se https://webstat.liu.se https://www2.bibl.liu.se https://liu-se.libanswers.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google.com https://www.gstatic.com https://connect.getflowbox.com https://gateway.getflowbox.com https://www.youtube.com https://cdn.botframework.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://storage.gra.cloud.ovh.net https://www.liu.se https://www2.bibl.liu.se https://platform.twitter.com; frame-src 'self' https://www2.bibl.liu.se https://api.screen9.com https://liu-se.libanswers.com https://admin.media.liu.se https://vimeo.com https://player.vimeo.com https://embed.ur.se https://www.youtube.com https://www.podbean.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com; form-action 'self' https://search.liu.se https://marketing.studentrecruitment.liu.se *.ebscohost.com publications.ebsco.com libris.kb.se *.diva-portal.org search.scifree.se; font-src 'self' https://storage.gra.cloud.ovh.net; media-src 'self' https://admin.media.liu.se https://player.vimeo.com https://*.akamaized.net https://cdn.flbx.io; base-uri 'none' 1
default-src https:;img-src 'self' https: data:;connect-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://www.googletagmanager.com http://www.google.com;style-src 'self' 'unsafe-inline' https:;frame-src 'self' https:;font-src 'self' data: https:;worker-src 'self' https: blob: 1
default-src ; script-src yastatic.net yandex.ru yandex.st cloud-api.yandex.net clck.yandex.ru an.yandex.ru bs-meta.yandex.ru frontend.vh.yandex.ru blob: 'self' 'nonce-48879558125033373' 'unsafe-eval' 'unsafe-inline' mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org storage.mds.yandex.net; style-src yastatic.net yandex.st 'unsafe-inline' 'self'; media-src yandex.st blob: data: yastatic.net downloader.disk.yandex.com 'self' *.storage.yandex.net *.disk.yandex.net *.yandex.net strm.yandex.ru *.strm.yandex.ru yastat.net; object-src yastatic.net yandex.st downloader.disk.yandex.com *.video.yandex.net 'self' *.storage.yandex.net *.disk.yandex.net; img-src data: yandex.st yastatic.net yandex.com *.downloader.disk.yandex.com downloader.disk.yandex.com www.tns-counter.ru an.yandex.ru *.verify.yandex.ru verify.yandex.ru tps.doubleverify.com pixel.adsafeprotected.com ad.doubleclick.net impression.appsflyer.com strm.yandex.ru *.yandex.net 'self' mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.tns-counter.ru ads.adfox.ru bs.serving-sys.com bs.serving-sys.ru ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr wcm.weborama-tech.ru rgi.io track.rutarget.ru ssl.hurra.com amc.yandex.ru gdeby.hit.gemius.pl pixel.adlooxtracking.com pixel.adlooxtracking.ru; frame-src yandex.com docviewer.yandex.com downloader.disk.yandex.com *.mail.yandex.net *.video.yandex.net yandex.st yastatic.net yandexadexchange.net *.yandexadexchange.net 'self' blob: mc.yandex.ru mc.yandex.md yandex-disk: forms.yandex.ru trust.yandex.com trust.yandex.ru *.storage.yandex.net *.disk.yandex.net; connect-src yandex.ru yandex.com *.yandex.com an.yandex.ru strm.yandex.ru log.strm.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.ru mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org mc.admetrica.ru yandexmetrica.com:* *.disk.yandex.net *.mail.yandex.net *.storage.yandex.net *.video.yandex.net frontend.vh.yandex.ru quasar.yandex.com cloud-api.yandex.ru wss://*.mail.yandex.net cloud-api.yandex.com wss://push.yandex.com blob: 'self' 'self' blob: *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net tps.doubleverify.com pixel.adsafeprotected.com amc.yandex.ru; font-src yastatic.net; report-uri https://csp.yandex.net/csp?from=disk-client&project=disk-client&yandexuid=4640991741715655560; child-src blob: yandex.com docviewer.yandex.com downloader.disk.yandex.com *.mail.yandex.net *.video.yandex.net yandex.st yastatic.net yandexadexchange.net *.yandexadexchange.net 'self' blob: mc.yandex.ru mc.yandex.md yandex-disk: forms.yandex.ru trust.yandex.com trust.yandex.ru *.storage.yandex.net *.disk.yandex.net 1
frame-ancestors 'self' https://apicms.betplay.com.co 1
default-src 'none' ; img-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.paybox.com ; media-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.paybox.com ; script-src 'unsafe-hashes' 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.paybox.com 'sha256-sI5v5bWVC19T46mBXAQNfZL5g/VIjJO4pxHjTHBGRTo=' 'sha256-bclIzK3SfP1ClS25sRLJ0l5THuIWcyKh/XRhHiIjoP8=' 'sha256-U3q5KwDyUdJs6mZtsTFTCPoNZs6DKhq9G8ZvSKs+sqM=' ; font-src 'self' *.parcoursup.fr *.parcoursup-nouvelle-caledonie.fr *.paybox.com ; frame-ancestors 'self' ; style-src-elem 'self' 'sha256-UG3e5GMK0p75fYUzpG+gQ7w8C5Xiho/3IN1lN4MygSs=' 'sha256-LCCG8b1oYMgCStLhXjw2+M/3LsNjoavZBaIwEMJ6Kdg=' 'sha256-e1gMlZC9QqOMyeY/9Z/NZIBDrlArAo46JAbkLbBDm1Q=' 'sha256-UrGjHcu2Sr3l23rKhEgVKMijbWMN2Pell/Dz/a4DGiw='; frame-src 'self' ; style-src 'self' 'sha256-lbk0T9Eqn9FZGhCh9MPwvsW4o8mfHGljEvl4Z7A1CXw=' 'sha256-zq27PiVE3uKYaCuZd8TdzyuSD1F45+67IRQlUZDK41c=' 'sha256-3DuTxsT+isLRFfaBwfLTvkqwl+5WCvVBwlXHNtnEjR8=' 'sha256-naYrp5ciLxqh93qokH0dHua1L06ytZsEdfzisDnQ9mM=' 'sha256-UG3e5GMK0p75fYUzpG+gQ7w8C5Xiho/3IN1lN4MygSs=' 'sha256-LCCG8b1oYMgCStLhXjw2+M/3LsNjoavZBaIwEMJ6Kdg=' 'sha256-e1gMlZC9QqOMyeY/9Z/NZIBDrlArAo46JAbkLbBDm1Q=' 'sha256-UrGjHcu2Sr3l23rKhEgVKMijbWMN2Pell/Dz/a4DGiw=' 1
frame-ancestors 'self' https://*.sdsu.edu https://a.cms.omniupdate.com; 1
frame-ancestors 'self' https://*.magazinevoce.com.br https://*.influenciadormagalu.com.br; 1
style-src * blob: 'unsafe-inline'; script-src * blob: 'unsafe-inline' 'unsafe-eval'; worker-src * blob:; frame-ancestors 'self' http://*.carwale.com https://*.carwale.com https://*.bikewale.com https://*.cartrade.com https://*.lead2retail.in https://*.autobiz.in; 1
frame-ancestors 'self' https://jionews.com https://jionewsdev1.jio.ril.com https://pie.news; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.com.br doctoraliaone-br2-candidate.azurewebsites.net 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.kz  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
default-src 'self' blob: data: wss: *; script-src http: 'unsafe-inline' 'unsafe-eval'; worker-src http: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src data: http: 'unsafe-inline' 'unsafe-eval'; frame-src *; object-src data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://www.lagradaonline.com; 1
upgrade-insecure-requests ; frame-src 'self' *.algolia.com *.js.driftt.com *.pendo.io app-ab39.marketo.com codesandbox.io js.driftt.com res.cloudinary.com vars.hotjar.com www.facebook.com www.welcometothejungle.com www.youtube-nocookie.com www.youtube.com calendly.com play.vidyard.com *.codesandbox.io *.arcade.software s.company-target.com ; frame-ancestors 'self' algolia.sitespect.com *.algolia.com 1
default-src 'self' *.thehartford.com *.hfdstatic.com aa.agkn.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io; font-src 'self' data: *.thehartford.com *.hfdstatic.com fonts.gstatic.com *.kampyle.com dnsl4xr6unrmf.cloudfront.net; frame-ancestors 'self' *.thehartford.com; frame-src *.optimizely.com *.thehartford.com *.kampyle.com cl.exct.net www.youtube.com pub.s1.exacttarget.com *.doubleclick.net hosted.where2getit.com uk132.infusionsoft.com *.tealiumiq.com connect.facebook.net *.akamaihd.net pinecast.com storage.pinecast.net insight.adsrvr.org match.adsrvr.org mc3jl4gfl2432w-98y2stw11txh8.pub.sfmc-content.com www.google.com *.qualtrics.com agents.floodsmart.gov; connect-src *.tealiumiq.com *.thehartford.com *.kampyle.com *.powerreviews.com rules.atgsvcs.com www.google-analytics.com *.doubleclick.net img.c3tag.com www.googletagmanager.com ampcid.google.com s.srvsynd.com api.genesyscloud.com 530-ct.c3tag.com *.akamaihd.net *.optimizely.com www.google.com analytics.google.com region1.google-analytics.com region1.analytics.google.com *.qualtrics.com acdn.adnxs.com d2hrivdxn8ekm8.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.cookielaw.org *.cookiepro.com *.onetrust.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io *.hfdstatic.com hartfordinsurancegroup.pxf.io services-api.wyng.com content-api.wyng.com experiences.wyng.com wyng.io; img-src 'self' data: *.thehartford.com *.optimizely.com *.hfdstatic.com *.kampyle.com *.powerreviews.com ecf.d41.co aa.agkn.com so.rlcdn.com http://image.insurance.thehartford.com res.cloudinary.com aa.agkn.com *.tealiumiq.com da.usaa.com uk132.infusionsoft.com hits.convergetrack.com www.google-analytics.com *.doubleclick.net www.google.com www.facebook.com secure.adnxs.com www.googletagmanager.com sp.analytics.yahoo.com bat.bing.com analytics.convertlanguage.com *.akamaihd.net thumb.service.pinecast.com px.ads.linkedin.com insight.adsrvr.org px.ads.linkedin.com p.adsymptotic.com www.linkedin.com cookie.havasedge.com event.havasedge.com tag.havasedge.com cx.atdmt.com match.sharethrough.com gw.helixbi.io api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com www.gstatic.com region1.google-analytics.com region1.analytics.google.com data.adxcel-ec2.com match.adsrvr.org *.qualtrics.com ib.adnxs.com *.cookielaw.org *.onetrust.com https://logs-01.loggly.com https://www.ojrq.net https://utt.impactcdn.com https://pubads.g.doubleclick.net hartfordinsurancegroup.pxf.io cdn.wyng.com dnsl4xr6unrmf.cloudfront.net; style-src 'self' *.thehartford.com *.hfdstatic.com *.kampyle.com *.powerreviews.com fonts.googleapis.com *.custhelp.com *.akamaihd.net 'unsafe-inline' www.gstatic.com *.cookielaw.org *.cookiepro.com *.onetrust.com agents.floodsmart.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tealiumiq.com *.optimizely.com *.thehartford.com *.hfdstatic.com *.kampyle.com *.powerreviews.com vsvipmw01.rightnowtech.com *.custhelp.com rules.atgsvcs.com www.linkedin.com *.doubleclick.net *.akamaihd.net secure.adnxs.com insight.adsrvr.org data.adxcel-ec2.com aa.agkn.com aa.agkn.com sp.analytics.yahoo.com static.atgsvcs.com beacon.krxd.net bat.bing.com sjs.bizographics.com 530-ct.c3tag.com hits.convergetrack.com s.delvenetworks.com as00.estara.com conv-tm.everesttech.net www.facebook.com connect.facebook.net adservice.google.com www.google.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com mpsnare.iesnare.com uk132.infusionsoft.com solutions.invocacdn.com secure.leadforensics.com px.ads.linkedin.com www.livelook.com cdn.mouseflow.com mpp.mxptint.net onlinebusinessservicsc60333118us1.cobrowse.oraclecloud.com public.cobrowse.oraclecloud.com pixelg.adswizz.com www.rackcdn.com bcvipmw11.rightnowtech.com www.rnengage.com s.srvsynd.com trc.taboola.com tags.tiqcdn.com www.youtube.com i.ytimg.com i9.ytimg.com s.ytimg.com adadvisor.net cdn.ampproject.org analytics.convertlanguage.com so.rlcdn.com ecf.d41.co cdn.embed.ly js.adsrvr.org cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com cdn.invoca.solutions pnapi0.invoca.net sdk.helixbi.io snap.licdn.com pnapi.invoca.net api.securedvisit.com track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com www.gstatic.com acdn.adnxs.com d2hrivdxn8ekm8.cloudfront.net d1lu3pmaz2ilpx.cloudfront.net dvqigh9b7wa32.cloudfront.net d330aiyvva2oww.cloudfront.net *.qualtrics.com *.cookielaw.org *.cookiepro.com *.onetrust.com report.thehartford.gbqofs.io cdn.gbqofs.com console.thehartford.glassboxdigital.io https://logs-01.loggly.com https://www.ojrq.net https://utt.impactcdn.com https://pubads.g.doubleclick.net hartfordinsurancegroup.pxf.io dnsl4xr6unrmf.cloudfront.net cdnjs.cloudflare.com code.jquery.com; media-src storage.pinecast.net pinecast.com; 1
default-src 'self'; script-src 'self' analytics.tiktok.com wcs.naver.net *.spring.wfp.org cdn.wfp.org *.jwplatform.com www.google.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com survey.g.doubleclick.net *.doubleclick.net *.adalyser.com *.jwpcdn.com www.gstatic.com adservice.google.com connect.facebook.net www.facebook.com squizlabs.github.io cdnjs.cloudflare.com unpkg.com cdn.sparkcentral.com *.smooch.io *.user1st.info www.googleadservices.com bat.bing.com sixeleven.involve.me assets.juicer.io *.typekit.net *.hotjar.com *.hotjar.io platform.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.spring.wfp.org cdn.wfp.org tagmanager.google.com fonts.googleapis.com *.bootstrapcdn.com squizlabs.github.io cdn.sparkcentral.com *.user1st.info assets.juicer.io *.typekit.net; img-src 'self' blob: https: data:; media-src 'self' content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com cdn.sparkcentral.com *.user1st.info blob:; frame-src 'self' *.jwpsrv.com www.google.com survey.g.doubleclick.net *.doubleclick.net cdn.knightlab.com forms.office.com content.jwplatform.com *.user1st.info www.youtube-nocookie.com sixeleven.involve.me saveful.com *.hotjar.com *.hotjar.io datawrapper.dwcdn.net platform.twitter.com; child-src 'self' blob:; font-src 'self' cdn.wfp.org *.jwpcdn.com fonts.gstatic.com *.bootstrapcdn.com cdn.sparkcentral.com *.user1st.info static.juicer.io *.typekit.net *.hotjar.com *.hotjar.io data:; connect-src 'self' data: analytics.tiktok.com wcs.naver.com tiles.arcgis.com spring.wfp.org *.spring.wfp.org cdn.wfp.org geonode.wfp.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com analytics.google.com api.mapbox.com geoip.nekudo.com api.ipify.org api.ip2country.info mycountry.picktek.org content.jwplatform.com *.jwpsrv.com cdn.jwplayer.com acr.api.spring.wfp.org cdn.sparkcentral.com *.smooch.io *.user1st.info stats.g.doubleclick.net fh.mg.wfp.org geoip.maxmind.com www.juicer.io juicer.io graph.facebook.com *.typekit.net *.sentry.io bat.bing.com *.hotjar.com *.hotjar.io *.jwpltx.com 'self' ws: https://o274918.ingest.sentry.io/api/5249464/store/ https://o274918.ingest.sentry.io/api/5249464/envelope/; upgrade-insecure-requests 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: blob: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob:; media-src 'self' blob: data: https:; object-src https://flash.sitepoint.com; frame-ancestors 'self' 1
default-src https: data:; img-src https: 'unsafe-inline' data:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://login.account.rakuten.com 1
frame-ancestors 'self' https://*.taz.de https://taz.de https://www.tazlablive.de/ 1
frame-ancestors 'self' http://*.szextarskereso.hu http://*.bizarr.hu https://szex.com http://sweetescortgirls.com https://www.amator-szex.hu https://szexpartner.szex.hu/ https://porn.sex.hu/ https://kupak.hu https://budapestcsajok.hu https://csucscsajok.hu https://erotikmarket.hu https://extazis.com https://fotogarancia.net https://hotel69.hu https://kimaradas.hu https://magyarescort.com https://masszazs.co.hu https://masszazs.xxx https://pinaparade.hu https://szex.pixelnet.hu https://szexeslanyok.hu https://szexhungary.hu https://szexkapcsolat.hu https://szexlesz.hu https://szexma.hu https://szexpartner.info.hu https://szexpartner.xxx https://aprohirdetesingyen.hu https://fotogarancia.hu https://megdugnad.com; 1
default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' *.iliad.it osm.proxad.net acsbapp.com *.acsbapp.com *.googleapis.com www.googletagmanager.com fonts.gstatic.com maps.gstatic.com connect.facebook.net www.googleadservices.com www.facebook.com googleads.g.doubleclick.net www.google.com www.google.fr www.youtube.com aax-eu.amazon-adsystem.com *.adform.net *.outbrain.com creativecdn.com libjs.s4mdsp.com  evt.s4mdsp.com tracking.lqm.io app.contentsquare.com *.contentsquare.net www.gstatic.com 1
frame-ancestors *.american.edu 1
default-src 'self' https://*; media-src 'self' https://* blob:; font-src 'self' https://* data:; img-src * data:; script-src https://* 'unsafe-inline' 'unsafe-eval'; style-src https://* 'unsafe-inline'; frame-src 'self' https://* mailto:; worker-src blob:; 1
frame-ancestors 'self'; report-uri https://pc.moppy.jp/csp-report.php 1
connect-src 'self' 'unsafe-inline' https://*.google-analytics.com http://*.orange.mg https://www.google-analytics.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.twimg.com  https://*.twitter.com https://*.google-analytics.com  http://*.orange.mg https://*.orange.mg https://www.google-analytics.com https://*.facebook.com https://connect.facebook.net https://www.googletagmanager.com; img-src 'self' data:  https://*.twitter.com https://*.twimg.com  http://www.orange.mg  https://www.googletagmanager.com https://www.google-analytics.com https://*.facebook.com http://*.facebook.com ; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.twitter.com https://*.googleapis.com; font-src 'self' https://*.gstatic.com https://*.cloudflare.com ; child-src *; object-src 'none' 1
frame-ancestors 'self' *.learningcloud.me 1
frame-ancestors 'self' https://logmein.lookbookhq.com https://logmein.pathfactory.com https://explore.logmein.com https://web-eugamma.boldchat.com https://web-gamma.boldchat.com https://web-eu.boldchat.com https://logmeinrescue.lookbookhq.com https://logmeinrescue.pathfactory.com https://explore.logmeinrescue.com https://bold360.lookbookhq.com https://bold360.pathfactory.com https://explore.bold360.com https://explore.goto.com ; object-src 'none'; 1
default-src 'none';script-src 'self' 'nonce-JdhxH+Lgt/FI5PO9OG3n' www.google-analytics.com www.google.com www.gstatic.com cdnjs.cloudflare.com az416426.vo.msecnd.net ajax.cloudflare.com challenges.cloudflare.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com;img-src 'self' www.google-analytics.com stats.g.doubleclick.net www.gstatic.com logos.haveibeenpwned.com;font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com;connect-src 'self' api.pwnedpasswords.com www.google-analytics.com stats.g.doubleclick.net dc.services.visualstudio.com;base-uri 'self';child-src www.google.com challenges.cloudflare.com;form-action 'self' accounts.google.com www.paypal.com billing.stripe.com checkout.stripe.com billing.haveibeenpwned.com;frame-ancestors 'none';worker-src 'self';upgrade-insecure-requests;report-uri https://troyhunt.report-uri.com/r/d/csp/enforce 1
base-uri 'self'; frame-ancestors 'self'; report-uri https://www.paho.org/en/report-uri/enforce 1
default-src 'self' fs.betunit.com;style-src 'self' fs.betunit.com fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com embed.tawk.to 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';script-src 'self' *.googletagmanager.com *.gstatic.com *.google.com tvbetframe7.com tvbetframe24.com *.facebook.com *.facebook.net *.onesignal.com www.google-analytics.com google-analytics.com static.hotjar.com embed.tawk.to script.hotjar.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';connect-src 'self' *.vamos.bet wss://cgo-live.vamos.bet/connection/websocket amazingames.pw *.amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games *.energaming.systems *.betunit.com betunit.com *.doubleclick.net www.google-analytics.com google-analytics.com live5.betunit.com *.tawk.to wss://*.tawk.to ws://*.tawk.to ws://turbo.energaming.systems:4444 wss://turbo.energaming.systems:4444 turbo.energaming.systems ws://transport.energaming.systems:4444 wss://transport.energaming.systems:4444 transport.energaming.systems chukuatano.co.tz *.chukuatano.co.tz;frame-src 'self' *.atlas-v.com playbetman.com *.playbetman.com amazingames.pw *.amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games *.google.com vars.hotjar.com *.energaming.systems *.betunit.com betunit.com *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz;font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com embed.tawk.to;img-src * 'self' *.tawk.link *.energaming.systems *.betunit.com betunit.com *.facebook.com *.tawk.to *.google-analytics.com google-analytics.com  *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz cdn.jsdelivr.net amazingames.pw *.amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yandex.ru https://site.yandex.net https://clck.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://sitesearch-suggest.yandex.ru https://yastat.net https://ext.captcha.yandex.net https://img.yandex.net https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://analytics.google.com https://admin.verbox.ru https://static.me-talk.ru https://widget.me-talk.ru https://lcab.talk-me.ru https://widget.apibcknd.com https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://top-fwz1.mail.ru https://cp.masterhost.ru; style-src 'self' 'unsafe-inline' https: ; frame-ancestors 'self' https://masterhost.ru https://*.masterhost.ru https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://admin.verbox.ru; frame-src 'self' https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yandex.ru https://site.yandex.net https://clck.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://sitesearch-suggest.yandex.ru https://yastat.net https://ext.captcha.yandex.net https://img.yandex.net https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://analytics.google.com https://admin.verbox.ru https://static.me-talk.ru https://widget.me-talk.ru https://lcab.talk-me.ru https://widget.apibcknd.com https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://top-fwz1.mail.ru https://cp.masterhost.ru; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: 'self' https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yandex.ru https://site.yandex.net https://clck.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://sitesearch-suggest.yandex.ru https://yastat.net https://ext.captcha.yandex.net https://img.yandex.net https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://analytics.google.com https://admin.verbox.ru https://static.me-talk.ru https://widget.me-talk.ru https://lcab.talk-me.ru https://widget.apibcknd.com https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://top-fwz1.mail.ru https://cp.masterhost.ru https://me-talk.ru https://pic.me-talk.ru https://twemoji.maxcdn.com; connect-src 'self' https://mc.yandex.ru https://mc.yandex.com https://metrika.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yandex.ru https://site.yandex.net https://clck.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://sitesearch-suggest.yandex.ru https://yastat.net https://ext.captcha.yandex.net https://img.yandex.net https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net https://analytics.google.com https://admin.verbox.ru https://static.me-talk.ru https://widget.me-talk.ru https://lcab.talk-me.ru https://widget.apibcknd.com https://www.youtube.com https://s.ytimg.com https://i.ytimg.com https://top-fwz1.mail.ru https://cp.masterhost.ru wss://widget.me-talk.ru wss://widget.apibcknd.com; media-src data: 'self' https://me-talk.ru https://pic.me-talk.ru https://twemoji.maxcdn.com; 1
frame-ancestors 'self' https://www.gi-de.com/ https://acm.gi-de.com/ https://gi-de-ms.my.salesforce.com/ https://gi-de-ms--uat.my.salesforce.com/ https://gi-de-ms--dev.my.salesforce.com/ https://gi-de-ct--test.my.salesforce.com/ https://gi-de-ct.my.salesforce.com/ https://gi-de-vd.my.salesforce.com/ https://gi-de-vd--vduat.my.salesforce.com/; 1
frame-ancestors 'self' https://esirket.com https://app.mukellef.co https://app-beta.mukellef.co https://app.bizimsiparis.com https://bizimsiparis.com https://findara.co https://dgpfdemo.dgpays.com https://bilanco.co https://app.bilanco.co 1
default-src 'self' data: *.6sc.co *.akamaihd.net *.amplitude.com *.bugcrowd.com *.cookielaw.org *.clearbit.com *.company-target.com *.contentsquare.net *.craftcms.com *.doubleclick.net *.fullcircleinsights.com *.google.com *.google-analytics.com *.gstatic.com *.litix.io *.lever.co *.mktoresp.com *.oribi.io *.onetrust.com *.mutinyhq.com *.mutinycdn.com *.mutinyhq.io cdn-mktg.outreach-staging.com *.outreach-staging.com cdn-mktg.outreach.io *.outreach.io *.fullstory.com *.quora.com *reddit.com *.redditstatic.com *.rollbar.com *.segment.io *.sharethis.com *.terminus.services *.vercel-insights.com *.wistia.com 'self' *.pusher.com *.yext.com sessions.bugsnag.com *.contentsquare.net *.cookielaw.org *.mutinycdn.com ws:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net https://tag.clearbitscripts.com search.outreach.io.pagescdn.com *.6sc.co *.amplitude.com *.bugherd.com *.pusher.com *.quantserve.com *.quantcount.com *.adsrvr.org *.bizzabo.com https://bugcrowd.com *.bugcrowdusercontent.com *.bugcrowd.com *.consensu.org *.cookielaw.org *.capterra.com *.cloudflare.com *.cloudfront.net *.company-target.com app.contentsquare.com t.contentsquare.net *.demandbase.com *.facebook.com *.g2crowd.com *.google.com *.google-analytics.com *.gstatic.com *.linkedin.com *.doubleclick.net *.influitive.com *.fullstory.com *.licdn.com *.marketo.net *.mutinyhq.com *.mutinycdn.com *.mutinyhq.io *.onetrust.com *.oribi.io *.wistia.com *.pushcrew.com *.reddit.com *.redditstatic.com *.sharethis.com *.terminus.services *.quora.com *.googletagmanager.com *.bing.com *.googleadservices.com *.facebook.net *.adroll.com *.driftt.com *.outreach.io *.fullstory.com *.madkudu.com *.greenhouse.io *.google-analytics.com *.fontawesome.com *.segment.com *.googleapis.com *.clearbit.com *.clearbitjs.com *.stripe.com; style-src 'self' 'unsafe-inline' *.bugcrowd.com *.cloudfront.net data: *.fontawesome.com *.google.com *.googleapis.com *.google-analytics.com *.pushcrew.com insights.outreach.io *.outreach.io *.typekit.net https://outreach.io https://www.outreach.io; img-src * 'self' data: *.mutinycdn.com; media-src 'self' blob: data: *.outreach.io *.akamaihd.net *.wistia.com; frame-src *; font-src 'self' data: *.fontawesome.com *.cloudfront.net *.gstatic.com *.typekit.net *.outreach.io *.mktoweb.com; frame-ancestors 'self' data: https://app.mutinyhq.com 1
style-src 'self' 'unsafe-inline' https://*.foreflight.com https://foreflight-www.s3.amazonaws.com https://cdnjs.cloudflare.com https://d32dgjuo8qzfhk.cloudfront.net; default-src 'self' blob: https://*.foreflight.com; img-src * data: blob:; frame-src 'self' 'unsafe-inline' blob: https://*.foreflight.com https://www.facebook.com https://*.dropboxusercontent.com *.dropbox.com *.boxcloud.com s3.amazonaws.com bid.g.doubleclick.net assets.braintreegateway.com http://checkout.paypal.com https://www.youtube.com/ https://td.doubleclick.net/ https://9583307.fls.doubleclick.net/ https://*.google.com https://foreflight.involve.me/ *.onedrive.com *.microsoft.com *.live.com skydrive.live.com api.live.net apis.live.net *.storage.live.com *.groups.office.live.com *.groups.photos.live.com *.groups.skydrive.live.com photos.live.com *.livefilestore.com *.storage.msn.com *.sharepoint.com; font-src 'self' data: use.typekit.net https://*.foreflight.com https://cdnjs.cloudflare.com/ajax/ https://foreflight-www.s3.amazonaws.com https://d32dgjuo8qzfhk.cloudfront.net; media-src 'self' *.zdassets.com https://foreflight-www.s3.amazonaws.com https://d32dgjuo8qzfhk.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.foreflight.com https://www-apollo.foreflight.com/ https://cdn.ckeditor.com https://cdn.ckeditor.com/ckeditor5/ https://www-qa.foreflight.com/ https://cdn.segment.com https://d3qxef4rp70elm.cloudfront.net/m.js https://connect.facebook.net https://pixel-geo.prfct.co https://*.linkedin.com https://snap.licdn.com https://tag.perfectaudience.com https://www.facebook.com www.google-analytics.com www.googletagmanager.com https://analytics.google.com pixel-geo.prfct.co https://code.jquery.com/jquery-2.1.0.min.js https://www.redditstatic.com use.typekit.net https://cookie-cdn.cookiepro.com http://tag.marinsm.com https://geolocation.onetrust.com/ assets.zendesk.com https://www.googleadservices.com https://*.hotjar.com http://autolinkmaker.itunes.apple.com https://foreflight-www.s3.amazonaws.com static.zdassets.com *.g.doubleclick.net *.zomit.comv/ *.getvero.com redditstatic.s3.amazonaws.com http://checkout.paypal.com https://*.google.com/recaptcha/ https://www.google.com/ https://www.youtube.com/ https://d32dgjuo8qzfhk.cloudfront.net https://j.6sc.co/j/2474a262-dd1a-40fe-a212-714e7f99f65a.js https://j.6sc.co/6si.min.js https://api.smooch.io 'nonce-HgrE4pqdTrLlJYgIAK6VKw=='; connect-src 'self' https://browser-http-intake.logs.datadoghq.com https://ekr.zdassets.com/ https://zendesk-eu.my.sentry.io https://foreflight.zendesk.com/ https://api.mapbox.com/styles/v1/foreflight/ https://www.google-analytics.com https://analytics.google.com https://api.segment.io https://cdn.segment.com https://foreflight.com data: https://www.facebook.com wss://foreflight.com https://cookie-cdn.cookiepro.com wss://widget-mediator.zopim.com zdassets.com zendesk.com wss://zopim.com braintreegateway.com *.doubleclick.net https://cdn.segment.com/ https://releases.django-cms.org https://raw.githubusercontent.com *.boxcloud.com https://foreflight-sync.s3.amazonaws.com/ https://static.hotjar.com https://metrics.hotjar.io https://cdn.linkedin.oribi.io/ https://www.google.com/ https://foreflight-www.s3.amazonaws.com/ https://public-api.wordpress.com/ https://vc.hotjar.io/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://pagead2.googlesyndication.com https://d32dgjuo8qzfhk.cloudfront.net http://c.6sc.co/ https://ipv6.6sc.co/ https://px.ads.linkedin.com https://google.com/ccm/form-data/847292545 https://google.com/pagead/form-data/847292545 wss://api.smooch.io/faye 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net www.trustradius.com use.typekit.net fonts.gstatic.com fast.wistia.com fast.wistia.net embed-cloudfront.wistia.com distillery.wistia.com pipedream.wistia.com dudodiprj2sv7.cloudfront.net cdn.cookielaw.org geolocation.onetrust.com api.lever.co *.algolia.net *.algolianet.com www.googletagmanager.com *.googlesyndication.com *.googleapis.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat googleads.g.doubleclick.net analytics.google.com www.google-analytics.com stats.g.doubleclick.net platform.twitter.com static.ads-twitter.com munchkin.marketo.net tag.demandbase.com d20519brkbo4nz.cloudfront.net tag.clearbitscripts.com api-preview.luckyorange.com wss://realtime.luckyorange.com settings.luckyorange.com tools.luckyorange.com api.company-target.com 161-fbe-733.mktoresp.com app.clearbit.com reveal.clearbit.com x.clearbitjs.com wss://in.visitors.live in.visitors.live client-registry.mutinycdn.com px.ads.linkedin.com conversions-config.reddit.com cdn.rudderlabs.com api-v2.mutinyhq.io api.rudderlabs.com pdat.matterlytics.com segments.company-target.com; style-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net www.trustradius.com use.typekit.net p.typekit.net fonts.googleapis.com www.googletagmanager.com; img-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net media.trustradius.com secure.gravatar.com fast.wistia.com embed-ssl.wistia.com cdn.cookielaw.org www.googletagmanager.com fonts.gstatic.com user-images.githubusercontent.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat t.co analytics.twitter.com id.rlcdn.com alb.reddit.com *.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com segments.company-target.com www.facebook.com; frame-src mattermost.com *.mattermost.com d30ia583fbtg8i.cloudfront.net snap.licdn.com www.redditstatic.com bat.bing.com connect.facebook.net pubads.g.doubleclick.net fast.wistia.net forms.mattermost.com capture.navattic.com roadmap.productboard.com *.youtube.com s.company-target.com td.doubleclick.net *.facebook.com; 1
frame-ancestors 'self' https://etrain.info https://m.etrain.info https://www.trippozo.com; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/;  style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/; font-src 'self' 'unsafe-eval' https://cdnjs.cloudflare.com/; img-src 'self' blob: data: ;  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self'; object-src 'none'; media-src 'none'; font-src 'self'; plugin-types 'none' ; reflected-xss 'block' 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ reserveddomainnames.wildapricot.org sf.wildapricot.org;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src 'self' *.usask.ca https: data: blob:; media-src 'self' *.usask.ca https: blob:; font-src 'self' *.usask.ca https: data:; worker-src 'self' *.usask.ca https: blob:; frame-ancestors self *.usask.ca; 1
default-src 'self' data: blob: 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://api.stripe.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.stripe.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://ajax.googleapis.com www.google-analytics.com www.googletagmanager.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; font-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src https:; style-src https: 'unsafe-inline'; img-src       * data:; worker-src    * blob:; font-src      *; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src   *; frame-ancestors 'self'; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-bb5fdbbbd52386292b0fa8170c613656' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=2349359896459285; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=2349359896459285 1
frame-ancestors https://www.yealink.com https://search.google.com https://analytics.google.com https://tagmanager.google.com 1
default-src 'self' https://*.doubleclick.net https://stats.g.doubleclick.net; child-src blob: https://www.amnh.org; connect-src 'self' https://*.googlesyndication.com https://*.sentry.io https://analytics.tiktok.com https://*.abtasty.com https://region1.analytics.google.com https://analytics.google.com https://*.cloudflarestream.com https://*.doubleclick.net https://*.googleapis.com https://ask.hotjar.io https://*.hotjar.com https://*.videodelivery.net https://ad.doubleclick.net https://adservice.google.com https://apis.google.com https://cdn.syndication.twimg.com https://cdp.cloud.unity3d.com https://config.uca.cloud.unity3d.com https://edit.meridianapps.com https://googletagmanager.com https://media.amnh.org https://region1.google-analytics.com https://starling.crowdriff.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://syndication.twitter.com https://tags.meridianapps.com https://translate.googleapis.com https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com https://www.google.al https://www.google.ca https://www.google.ch https://www.google.co.in https://www.google.co.tz https://www.google.co.uk https://www.google.com https://www.google.com.ar https://www.google.com.bd https://www.google.de https://www.google.es https://www.google.fr https://www.google.no https://www.google.ro wss://*.hotjar.com wss://tags.meridianapps.com wss://ws15.hotjar.com https://amnh.ungerboeck.com; font-src 'self' data: https://*.abtasty.com https://*.googleapis.com https://script.hotjar.com https://abs.twimg.com https://fonts.gstatic.com https://surveystats.hotjar.io https://ssl.p.jwpcdn.com https://use.typekit.net; form-action 'self' https://data.library.amnh.org https://digitallibrary.amnh.org https://export.highcharts.com https://www.googletagmanager.com https://libcat1.amnh.org https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com; frame-ancestors 'self' https://*.google.com https://*.amnh.org https://amnh.org; frame-src 'self' https://*.abtasty.com https://*.cloudflarestream.com https://*.search.serialssolutions.com https://9432320.fls.doubleclick.net https://accounts.google.com https://amnh.uservoice.com https://bid.g.doubleclick.net https://block.opendns.com https://calendar.google.com https://consentag.eu https://d1eoo1tco6rr5e.cloudfront.net https://darwin.amnh.org https://docs.google.com https://embed.videodelivery.net https://giphy.com https://iframe.videodelivery.net https://*.adsrvr.org https://mead2019.sched.com https://m.facebook.com https://moodle.amnh.org https://optimize.google.com https://osborn.amnh.org https://ourworldindata.org https://platform.twitter.com https://player.vimeo.com https://sketchfab.com https://syndication.twitter.com https://td.doubleclick.net https://tpc.googlesyndication.com https://useast-www.securly.com https://vars.hotjar.com https://videodelivery.net https://w.soundcloud.com https://widgets.resy.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.instagram.com https://www.youtube.com; img-src 'self' data: blob: https: *; media-src 'self' 'unsafe-inline' data: https://*.cloudflarestream.com https://crowdriff-video-upload.s3.amazonaws.com https://embed.videodelivery.net https://media.amnh.org https://videodelivery.net https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' blob: https://www.googleoptimize.com https://analytics.tiktok.com https://*.abtasty.com https://*.googleapis.com https://addevent.com https://beacon.sojern.com https://*.adsrvr.org https://static.cloudflareinsights.com https://*.videodelivery.net https://*.addevent.com https://ajax.cloudflare.com https://anthro.amnh.org https://by2.uservoice.com https://cdn.knightlab.com https://cdn.syndication.twimg.com https://code.highcharts.com https://code.jquery.com https://collector-2328.tvsquared.com https://connect.facebook.net https://consentag.eu https://data.library.amnh.org https://googleads.g.doubleclick.net https://i.ctnsnet.com https://i.simpli.fi https://maps.googleapis.com https://maps.google.com https://mead2019.sched.com https://optimize.google.com https://platform.instagram.com https://platform.twitter.com https://script.hotjar.com https://ssl.p.jwpcdn.com https://starling.crowdriff.com https://static.hotjar.com https://tagmanager.google.com https://tag.simpli.fi https://tpc.googlesyndication.com https://translate.googleapis.com https://translate.google.com https://translate-pa.googleapis.com https://use.typekit.net https://widget.uservoice.com https://widgets.resy.com https://www.amnh.org https://www.googleadservices.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.abtasty.com data: https://analytics.tiktok.com https://www.googleoptimize.com https://*.abtasty.com https://*.adsrvr.org https://beacon.sojern.com https://static.cloudflareinsights.com https://*.googleapis.com https://*.addevent.com https://ajax.cloudflare.com https://ajax.googleapis.com https://analytics.twitter.com https://anthro.amnh.org https://apis.google.com https://bpb.opendns.com https://cdn.knightlab.com https://cdn.syndication.twimg.com https://cdn.yoochoose.net https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://collector-2328.tvsquared.com https://connect.facebook.net https://consentag.eu https://embed.videodelivery.net https://fullstory.com https://googleads.g.doubleclick.net https://googletagmanager.com https://i.ctnsnet.com https://i.simpli.fi https://maps.google.com https://maps.googleapis.com https://nexus.ensighten.com https://optimize.google.com https://platform.instagram.com https://platform.twitter.com https://region1.google-analytics.com https://rules.quantcount.com https://s.ytimg.com https://script.hotjar.com https://secure.quantserve.com https://ssl.p.jwpcdn.com https://starling.crowdriff.com https://static.ads-twitter.com https://static.hotjar.com https://tag.simpli.fi https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.google.com https://translate.googleapis.com https://use.typekit.net https://useast-www.securly.com https://www.google-analytics.com https://www.google.al https://www.google.ca https://www.google.ch https://www.google.co.in https://www.google.co.tz https://www.google.co.uk https://www.google.com https://www.google.com.ar https://www.google.com.bd https://www.google.de https://www.google.es https://www.google.fr https://www.google.no https://www.google.ro https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.instagram.com https://www.securly.com https://www.youtube.com; style-src-elem 'self' 'unsafe-inline' https://teddytor.abtasty.com https://www.googletagmanager.com https://cloud.typography.com https://code.jquery.com https://data.library.amnh.org https://fonts.googleapis.com https://optimize.google.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://starling.crowdriff.com https://tagmanager.google.com https://ton.twimg.com https://translate.googleapis.com https://www.amnh.org https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://optimize.google.com https://p.typekit.net https://platform.twitter.com https://starling.crowdriff.com https://ton.twimg.com https://translate.googleapis.com https://use.typekit.net; manifest-src 'self'; worker-src blob: 'self'; object-src https://www.youtube.com; report-to report-uri-amnh-csp-endpoint; report-uri https://amnh.report-uri.com/r/t/csp/enforce 1
default-src 'none'; base-uri 'none'; connect-src 'self' data: *.credit-suisse.com *.oribi.io *.frontify.com *.hedani.net  *.decibelinsight.net *.demdex.net *.doubleclick.net *.inbenta.com *.inbenta.io *.knowledgevision.com *.omtrdc.net *.qualtrics.com www.google-analytics.com wss://cdn.decibelinsight.net wss://collection.decibelinsight.net *.facebook.com *.googletagmanager.com soundcloud.com cdn.ampproject.org *.bing.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.cookielaw.org *.onetrust.com *.pinterest.com webexapis.com *.wbx2.com *.ciscospark.com wss://*.ciscospark.com analytics.tiktok.com *.teads.tv *.googleapis.com edge.adobedc.net;font-src 'self' 'unsafe-inline' data: *.credit-suisse.com *.hedani.net *.inbenta.com fonts.gstatic.com *.anychart.com *.inbenta.io gateway.zscloud.net *.qumucloud.com; frame-ancestors 'self' *.students.ch *.rowini.net *.ch.hedani.net content-uat.csintra.net content.csintra.net *.credit-suisse.com *.hedani.net *.adobedtm.com *.abusizz.ch *.maglr.com; frame-src 'self' blob: *.adobedtm.com *.spotify.com *.credit-suisse.com *.hedani.net *.doubleclick.net *.facebook.com *.facebook.net *.inbenta.com *.knowledgevision.com *.omtrdc.net *.qq.com *.youtube.com *.youtube-nocookie.com creditsuisse.demdex.net maps.gstatic.com wl.fundsquare.net w.soundcloud.com *.snapchat.com *.qualtrics.com *.3vrooms.app dev.3volutions.ch *.ceros.com *.swisscom.ch video.csintra.net beneal.com *.apacwebinar.com *.qumucloud.com player.vimeo.com *.pinterest.com anchor.fm *.microad.jp analytics.tiktok.com bugcrowd.com; img-src 'self' data: *.hedani.net *frontify.com *.credit-suisse.com *.google-analytics.com *.doubleclick.net *.google.com *.google.ch t.co *.quantserve.com *.everesttech.net *.demdex.net *.youtube.com *.facebook.com *.facebook.net *.inbenta.com maps.gstatic.com maps.googleapis.com *.linkedin.com *.qualtrics.com *.gstatic.com *.inbenta.io  *.mathtag.com *.bing.com gateway.zscloud.net *.googletagmanager.com *.glassdoor.com *.cookielaw.org *.qq.com *.adsymptotic.com *.pinterest.com *.teads.tv *.microad.jp b97.yahoo.co.jp b91.yahoo.co.jp analytics.tiktok.com; object-src 'self' blob: *.qq.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.adobedtm.com *.ads-twitter.com cdn.ampproject.org *.anychart.com *.credit-suisse.com *.hedani.net  *.everesttech.net *.facebook.net *.forms.credit-suisse.com *.google.ch *.google-analytics.com *.googleapis.com *.googletagmanager.com *.inbenta.com *.inbenta.io *.jquery.com *.knowledgevision.com *.licdn.com *.linkedin.com *.qualtrics.com *.twitter.com *.youtube.com *.ytimg.com maps.google.com tagmanager.google.com sc-static.net *.googleadservices.com googleads.g.doubleclick.net *.ampproject.org *.mathtag.com *.bing.com gateway.zscloud.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.ceros.com *.cookielaw.org *.qq.com *.qumucloud.com *.pinimg.com *.teads.tv *.microad.jp s.yimg.jp b97.yahoo.co.jp b91.yahoo.co.jp analytics.tiktok.com bugcrowd.com *.bugcrowdusercontent.com tr.snapchat.com; style-src 'self' 'unsafe-inline' *.credit-suisse.com *.hedani.net *.inbenta.com fonts.googleapis.com tagmanager.google.com *.anychart.com *.inbenta.io gateway.zscloud.net analytics.tiktok.com *.teads.tv; style-src-elem 'self' 'unsafe-inline' data: *.credit-suisse.com *.inbenta.com *.inbenta.io; manifest-src 'self' data: *.credit-suisse.com; 1
frame-ancestors 'self' https://*.deputy.com https://*.deputec.com https://*.website-poc.pages.dev 1
frame-ancestors 'self' *.jetblue.com 1
frame-ancestors 'self' *.globalsources.com; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static-sandbox.intsig.net https://*.geevisit.com https://res.wx.qq.com  https://*.geevisit.com/ https://static12013.intsig.net https://static.intsig.net https://www.googletagmanager.com https://hm.baidu.com https://www.google-analytics.com/ https://cs-msg.intsig.net https://cs-msg-us.intsig.net https://b.bdstatic.com https://*.geetest.com/ https://bakapi.gtapp.xyz/ https://webcert.cnmstl.net https://kxlogo.knet.cn https://*.digicert.com https://static-cdn.camscanner.com https://res2.wx.qq.com https://cdnjs.cloudflare.com/ https://accounts.google.com https://appleid.cdn-apple.com; worker-src 'self' blob: 1
default-src 'none'; child-src 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://analytics.google.com *.analytics.google.com googletagmanager.com *.fullstory.com *.usgbc.org https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net *.slideshare.net prd-msearch.usgbc.org ekr.zdassets.com *.zendesk.com *.zendesk-eu.my.sentry.io *.zdassets.com *.google.ca *.google.com.bd https://platform-api.usgbc.org https://platform-api.usgbc.org/; font-src *; frame-src 'self' *.youtube.com *.usgbc.org *.slideshare.net build.usgbc.org *.recaptcha.net cert-xiecomm.paymetric.com xiecomm.paymetric.com *.google.com *.soundcloud.com; img-src * data:; media-src 'self' *.usgbc.org *.slideshare.net *.s3.amazonaws.com; object-src 'self'; script-src 'self' snap.licdn.com ajax.aspnetcdn.com analytics.kapost.com cdn.ckeditor.com netdna.bootstrapcdn.com/ www.google-analytics.com/ s3.amazonaws.com/gbci/ use.typekit.com *.fullstory.com pi.pardot.com *.usgbc.org fullstory.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com https://pi.pardot.com https://build.usgbc.org https://www.googletagmanager.com googletagmanager.com ajax.googleapis.com https://ajax.googleapis.com googleadservices.com www.googleadservices.com recaptcha.net https://www.recaptcha.net gstatic.com https://www.gstatic.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://static.zdassets.com https://unpkg.com https://www.google.com https://www.googleoptimize.com; script-src-attr 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com use.fontawesome.com maxcdn.bootstrapcdn.com cloud.typography.com *.s3.amazonaws.com *.usgbc.org fonts.googleapis.com *.typekit.com *.typekit.net *.zdassets.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.linearicons.com https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com https://use.typekit.net; base-uri 'self'; form-action 'self' cert-xiecomm.paymetric.com xiecomm.paymetric.com login.usgbc.org platform-api.usgbc.org usgbc-users-prd.us.auth0.com; frame-ancestors 'self' *.usgbc.org *.slideshare.net 1
default-src 'self'; img-src 'self' data: https: *.influxdata.com influxdays.com *.influxdays.com *.influxstaging.com www.google.com optimize.google.com www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com optimize.google.com; font-src 'self' data: https: fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.influxdata.com https://influxdata.zoom.us https://www.surveymonkey.com https://jobs.ashbyhq.com https://boards.greenhouse.io https://js.driftt.com *.marketo.com *.googletagmanager.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://docs.google.com https://platform.twitter.com https://optimize.google.com https://www.g2.com *.chilipiper.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.influxstaging.com *.google-analytics.com optimize.google.com code.jquery.com *.googletagmanager.com *.google.com munchkin.marketo.net platform.twitter.com www.googleanalytics.com www.googleoptimize.com js.chilipiper.com; connect-src 'self' https: *.google-analystics.com *.mktoresp.com; media-src 'self' https://345197-1067112-raikfcquaxqncofqfm.stackpathdns.com; frame-ancestors 'self' https: *.influxdata.com; object-src 'self' blob: 1
frame-ancestors https://www.wrike.com https://app-eu.wrike.com https://app-us2.wrike.com https://trial.wrike.com; report-uri https://csp-global.wrike.com/csp-report?website 1
upgrade-insecure-requests;frame-ancestors 'self';object-src 'none';base-uri 'self';script-src 'report-sample' https: 'unsafe-inline' 'strict-dynamic' 'sha256-wDkOnY488UsdiT+Fni3PAYzYjaXqcMGJsemH5GvnTDE=' 'sha256-QTT4yLTFZHzD2h6soOu7vMKjDT41wlyAAXGFYWSkAII=' 'sha256-EhG/h/RqHxTHE7up89blJbhWNGWdDgROL67iVto2piQ=' 'sha256-kxfWe5OS4NAeYgfcNsuaY1cqEa9FV67g1vjbOGu7Y+Q=' 'sha256-67h+RIqVNlSBjKE/3KmS3zNYD/SlGHxKM3tqWCCM4Yg=' 'sha256-oaiCapPjmT7wMN1TvrBYUpebwSRt0NgQX1Xu3Mtdr4I=' 'sha256-Obu9LLdy4831ebQS8KpTkz6QdAK7oT9VzQOv0EF2XNk=' 'sha256-rrdqvXkcX+I+WLK7KB/d+8Ty/+LIQ6UbqxgI37+Fe0w=' 'sha256-pvRtNjBUJkDcLNcRYey9CpfQBb7t2qZEVhPXuDhdWMw=' 'sha256-nwZSfMzXkfQxenHnOXCDIutRA3aQ4b3bWurNsMa6RZE=' 'sha256-EdcPT+/YU1YW/LCkY0Ykg44uxYqnrshFTLz6PyCv5oc=' 'sha256-mBfp8CraQ9juGQoE2HC75kaIEBuVUUURPHl7fDE2UDc=' 'sha256-b8jF0d29Qt6tfy0ay4CcDSiyH6SDy0TRXXN2luvSXZk=' 'sha256-diYGnaJJbEhjoD795kEJA7fW4sXTfh3IIxjWIAHoj9c=' 'sha256-nkoMcV/NqH4cz75hS5w80swHciCoHNcKimx/id8yfM0=' 'sha256-SdRC4kHDphFyBdJ0Jv7mcirqB+qjDTWk9OBSorA50Ho=' 'sha256-ETcRmW/ruecMJbHeGUmfCtZt2kXlUFgfhDAtaVNB2z8=' 'sha256-NVoXTKrDV4JwGHNp5zFRQkEAzRGmFiV31Yxcua3j5hc=' 'sha256-dEPPPMDft7etnW3WYbk3/9pjib/+aqrHgqEvAiIwA24=';worker-src blob:;report-uri https://browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pubc504e1394818288959b4d64fb38efebe&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Awolt.com%2Cversion%3A1.11.30 1
default-src 'self'; script-src connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://syndication.twitter.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com az416426.vo.msecnd.net googleads.g.doubleclick.net benchtag.co *.hotjar.com tags.srv.stackadapt.com sc-static.net js.adsrvr.org snap.licdn.com www.googleadservices.com s.yimg.com sp.analytics.yahoo.com kendo.cdn.telerik.com *.amazon-adsystem.com https://player.idomoo.com https://*.taboola.com https://*.quantserve.com https://*.rnengage.com https://*.snapchat.com https://*.quantcount.com https://*.formsite.com z.moatads.com edge.quantserve.com https://mu-search.clients.funnelback.com https://*.siteintercept.qualtrics.com https://cdn.wishpond.net https://api3-au.libcal.com https://*.onetrust.com https://analytics.tiktok.com https://acdn.adnxs.com https://kit.fontawesome.com https://www.googletagmanager.com https://*.custhelp.com https://*.juicer.io https://*.google-analytics.com https://*.monsido.com https://embedsocial.com https://ka-p.fontawesome.com https://player.video.wowza.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src netdna.bootstrapcdn.com kendo.cdn.telerik.com platform.twitter.com/css/ *.twimg.com tags.srv.stackadapt.com sp.analytics.yahoo.com https://mu-search.clients.funnelback.com https://fonts.googleapis.com https://*.custhelp.com https://*.juicer.io 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com mu-publishing.azureedge.net mu-publishing-blob.azureedge.net mu-website.azureedge.net mu-website-blob.azureedge.net mu-website-ae.azureedge.net mu-website-ae-blob.azureedge.net mu-uat.azureedge.net mu-uat-blob.azureedge.net mu-dev.azureedge.net mu-dev-blob.azureedge.net murdochbackup.blob.core.windows.net p.adsymptotic.com sp.analytics.yahoo.com *.fls.doubleclick.net px.ads.linkedin.com tracking.monsido.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com cm.everesttech.net insight.adsrvr.org ups.analytics.yahoo.com cm.g.doubleclick.net murdoch-website-001.azurewebsites.net pixel.quantserve.com pixel.rubiconproject.com match.adsrvr.org https://*.taboola.com https://*.rnengage.com scontent.cdninstagram.com https://dpm.demdex.net https://ib.adnxs.com www.murdoch.edu.au data: https://*.onetrust.com blob: https://www.google.com https://www.google.com.au https://*.juicer.io htps://*.googletagmanager.com https://*.doubleclick.net https://*.snapchat.com https://announcements.murdoch.edu.au 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src kendo.cdn.telerik.com netdna.bootstrapcdn.com https://connect.prospectivestudent.info data: https://*.fontawesome.com https://fonts.gstatic.com https://static.juicer.io https://murdoch-opa.custhelp.com 'self'; connect-src *.murdoch.edu.au tags.srv.stackadapt.com in.hotjar.com *.mktoresp.com dc.services.visualstudio.com dpm.demdex.net s.yimg.com murdoch-website-001.azurewebsites.net https://*.taboola.com https://*.snapchat.com https://mu-search.clients.funnelback.com https://stats.g.doubleclick.net *.wishpond.net *.wishpond.com wss://artisan.wishpond.com https://*.libcal.com https://*.doubleclick.net https://analytics.tiktok.com *.fontawesome.com https://*.onetrust.com https://*.google-analytics.com https://*.juicer.io https://analytics.google.com https://*.custhelp.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self'; child-src 'self' https://www.youtube-nocookie.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.murdoch.edu.au *.fls.doubleclick.net https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://player.vimeo.com https://w.soundcloud.com murdochuni.demdex.net *.hotjar.com bid.g.doubleclick.net *.amazon-adsystem.com *.adsrvr.org open.spotify.com www.podbean.com https://*.snapchat.com https://fs7.formsite.com https://publisher.ascentone.com https://cdn.wishpond.net *.ascentone.com https://embedded.wishpondpages.com https://connect.prospectivestudent.info https://*.flipsnack.com https://*.doubleclick.net https://vimeo.com https://embedsocial.com https://*.google.com https://echo360.net.au 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' ; style-src https: 'self' 'unsafe-inline' *.onetrust.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.force.com *.cookiebanners.com *.web.onetrust.dev *.cloudflareaccess.com js.driftqa.com ;script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' *.adobedtm.com *.demdex.net *.onetrust.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.cookielaw.org *.googletagmanager.com *.google-analytics.com *.googleapis.com *.chargebee.com *.jquery.com *.fullstory.com js.chargebee.com *.chargebeestatic.com *.1trust.app *.cloudfront.net *.cookiepro.com *.bing.com *.en25.com *.intercom.io *.intercomcdn.com *.gstatic.com *.google.com *.driftt.com *.force.com *.cookiebanners.com *.web.onetrust.dev *.cloudflareaccess.com js.driftqa.com *.licdn.com *.linkedin.com *.marketo.net *.cloudflare.com *.stripe.com;font-src https: 'self' data: *.onetrust.com *.googletagmanager.com fonts.google.com *.force.com;img-src 'self' data: *; media-src 'self' blob:  data: *.onetrust.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.cookiebanners.com cookiebanner-dev.web.onetrust.dev *.cloudflareaccess.com js.driftqa.com;object-src 'none'; base-uri 'none'; frame-ancestors 'self'; frame-src 'self' *.demdex.net *.onetrust.com *.wistia.com *.wistia.net *.cookielaw.org *.googletagmanager.com *.chargebee.com js.chargebee.com *.chargebeestatic.com *.cloudfront.net *.google.com *.driftt.com *.force.com *.cookiebanners.com cookiebanner-dev.web.onetrust.dev *.cloudflareaccess.com js.driftqa.com *.cloudflare.com *.stripe.com;connect-src 'self' data: * ; 1
default-src https: wss: blob: 'self' *.demandbase.com *.evergage.com foxit.us-6.evergage.com; img-src 'self' data: www.google.com www.google-analytics.com optimize.google.com www.googletagmanager.com *.stripe.com *.clarity.ms tribl.io px.ads.linkedin.com www.linkedin.com cc.swiftype.com *.bing.com images.g2crowd.com *.g2.com *.outbrain.com *.adroll.com alb.reddit.com 11145320.fls.doubleclick.net www.facebook.com sealserver.trustwave.com i.imgur.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com *.online-metrix.net q.quora.com d.adroll.com accounts.zendesk.com hero.kingpinkton.com ct.capterra.com tracking.g2crowd.com aorta.clickagy.com googleads.g.doubleclick.net srv.stackadapt.com pixel-sync.sitescout.com id.rlcdn.com *.gravatar.com secure.gravatar.com *.paypal.com www.google.com.hk www.google.com.tw segments.company-target.com tags.srv.stackadapt.com dev.visualwebsiteoptimizer.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com chart.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com static.cloudflareinsights.com kit.fontawesome.com www.google.com www.googletagmanager.com *.googleadservices.com www.google-analytics.com www.googleanalytics.com www.googleoptimize.com optimize.google.com googleads.g.doubleclick.net static.addtoany.com platform.twitter.com pi.pardot.com static.hotjar.com script.hotjar.com bat.bing.com s.swiftypecdn.com go.foxitinfo.com widget.trustpilot.com amplify.outbrain.com tr.outbrain.com q.quora.com 11145320.fls.doubleclick.net c.sf-syn.com scout-cdn.salesloft.com static.zdassets.com api.smooch.io widget-mediator.zopim.com tracking.g2crowd.com tags.srv.stackadapt.com *.zoominfo.com *.chilipiper.com www.redditstatic.com d.adroll.mgr.consensu.org d.adroll.com s.adroll.com snap.licdn.com connect.facebook.net static.ads-twitter.com sealserver.trustwave.com *.clarity.ms tribl.io *.stripe.com m.stripe.network *.paypal.com *.checkout.visa.com *.mastercard.com *.discovercard.com *.discover.com h.online-metrix.net www.aexp-static.com www.paypalobjects.com www.youtube.com villain.kingpinkton.com hero.kingpinkton.com unpkg.com *.cloudfront.net tags.clickagy.com public.profitwell.com *.demandbase.com apis.google.com www.google.com.hk js.driftt.com t.usermaven.com *.doubleclick.net google.com.tw paapi8916.d41.co cdn-0.d41.co a.quora.com *.rlcdn.com *.d41.co *.recaptcha.net *.gstatic.com cdn.evgnet.com *.company-target.com foxit.us-6.evergage.com *.evergage.com dev.visualwebsiteoptimizer.com cdn-cookieyes.com *.visualwebsiteoptimizer.com app.vwo.com *.gstatic.cn; style-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com optimize.google.com s.swiftypecdn.com fonts.googleapis.com *.cloudflare.com tags.srv.stackadapt.com *.demandbase.com foxit.us-6.evergage.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com ka-f.fontawesome.com script.hotjar.com foxit.us-6.evergage.com; object-src 'self' *.foxitsoftware.com; worker-src 'unsafe-inline' 'self' blob:; 1
frame-ancestors 'self' 'https://moscowtimes.ru' 'https://www.moscowtimes.ru'; 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-6387bf6a-919a-4410-aad6-64b0bdf201c3' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
frame-ancestors 'self' *.doubleclick.net player.vimeo.com s.company-target.com; default-src 'self'; connect-src 'self' adservice.google.com wss://ws.pusherapp.com stats.g.doubleclick.net cdn.cookielaw.org tag-logger.demandbase.com www.google-analytics.com bat.bing.com web.delighted.com player.vimeo.com *.vimeocdn.com *.vimeo.com *.akamaized.net www.mczbf.com api.sail-personalize.com *.ingest.sentry.io *.company-target.com api.sail-track.com *.intercom.io wss://nexus-websocket-a.intercom.io geolocation.onetrust.com *.cloudfront.net;frame-src 'self' *.doubleclick.net *.typography.com s3.amazonaws.com player.vimeo.com www.youtube.com intercom-sheets.com s.company-target.com; font-src 'self' *.intercomcdn.com;style-src 'self' 'unsafe-inline';object-src 'self';form-action 'self';script-src-attr 'none';upgrade-insecure-requests;img-src 'self' www.google-analytics.com www.google.com cdn.cookielaw.org *.rlcdn.com bat.bing.com googleads.g.doubleclick.net segments.company-target.com *.casalemedia.com *.tremorhub.com *.rubiconproject.com *.vimeocdn.com www.googleadservices.com data: *.intercomcdn.com static.intercomassets.com www.google.com.np *.cloudfront.net; media-src 'self';base-uri 'self'; script-src 'self' 'unsafe-inline' tag.demandbase.com id.rlcdn.com www.google.com www.google.com.np www.googletagmanager.com cdn.cookielaw.org www.mczbf.com bat.bing.com ak.sail-horizon.com www.google-analytics.com *.intercom.io js.intercomcdn.com 'unsafe-eval' www.googleadservices.com *.cloudfront.net; 1
frame-ancestors https://*.artsy.net; 1
default-src * data: blob:;style-src * 'unsafe-inline';script-src https://*.quora.com https://*.poe.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.twitter.com https://*.quoracdn.net https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://*.youtube.com https://*.ytimg.com https://*.jwpcdn.com https://*.stripe.com https://*.intercom.io https://*.intercomcdn.com https://*.syndication.twimg.com https://cdnjs.cloudflare.com https://d3div1mtym39ic.cloudfront.net https://*.jwplatform.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googletagservices.com https://*.ampproject.org https://*.amazon-adsystem.com https://*.rubiconproject.com https://*.lijit.com https://*.openx.net https://*.criteo.com https://*.3lift.com https://*.aaxads.com https://btloader.com https://*.btloader.com https://*.ads-twitter.com https://*.awin1.com https://*.dwin1.com https://*.zenaps.com https://*.the.sciencebehindecommerce.com https://*.marketo.net https://*.licdn.com https://*.linkedin.com https://*.qualtrics.com https://*.siteintercept.qualtrics.com https://sc-static.net https://static.bytedance.com https://*.iteratehq.com https://cdn.embedly.com https://qinternal.quora.net https://*.sprig.com https://*.userleap.com https://*.doubleverify.com https://*.adsafeprotected.com https://*.flashtalking.com https://*.samplicio.us https://*.activemetering.com https://*.imrworldwide.com https://*.moatads.com https://*.sng.link https://*.apple.com https://cdn.cookielaw.org https://*.onetrust.com https://*.paypal.com https://*.giphy.com https://*.outbrain.com https://*.outbrainimg.com 'unsafe-inline' 'unsafe-eval' 127.0.0.1:*;connect-src 'self' https://*.quora.com https://*.poe.com https://quora.okta.com wss://*.quora.com https://*.quoracdn.net https://*.stripe.com https://*.intercom.io wss://*.intercom.io https://*.jwplatform.com https://*.jwpsrv.com https://syndication.twitter.com https://*.syndication.twimg.com https://*.googleapis.com https://*.googlesyndication.com https://*.qualtrics.com https://*.facebook.com https://*.fbcdn.net blob: https://*.mktoresp.com https://*.doubleclick.net https://accounts.google.com https://*.amazon-adsystem.com https://*.3lift.com https://*.aaxads.com https://btloader.com https://*.btloader.com https://*.rubiconproject.com https://*.casalemedia.com https://*.adnxs.com https://*.pubmatic.com https://*.openx.net https://*.criteo.com https://*.sharethrough.com https://*.snigelweb.com https://*.trustedstack.com https://*.iteratehq.com https://iteratehq.com https://*.sprig.com https://*.userleap.com https://app.adjust.com https://app.appsflyer.com https://*.onelink.me https://branchster.app.link https://control.kochava.com https://c.singular.net https://*.sng.link https://*.apple.com https://*.doubleverify.com https://*.adsafeprotected.com https://*.flashtalking.com https://*.samplicio.us https://*.activemetering.com https://*.imrworldwide.com https://*.moatads.com https://cdn.cookielaw.org https://*.onetrust.com https://*.paypal.com https://*.linkedin.com https://*.giphy.com https://*.outbrain.com https://*.outbrainimg.com https://d3div1mtym39ic.cloudfront.net ;report-uri /security_reports/content_security_policy_violation_3RD_PARTY_POST 1
default-src 'self' blob: *.wistia.com/ https://embedwistia-a.akamaihd.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ss-consent-or.trustarc.com/ https://googleads.g.doubleclick.net/ https://assets.bugcrowdusercontent.com/ https://bugcrowd.com/ https://j.6sc.co/ https://static.addtoany.com/ https://cdn.shortpixel.ai/ https://ml6scwx5agca.i.optimole.com/ https://consent.trustarc.com/ https://fast.wistia.net/ https://fast.wistia.com/ *.adroll.com/ *.geocomply.net/ *.geocomply.com/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://snap.licdn.com/ https://pi.pardot.com/ https://tracking.g2crowd.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://copytocdn.s3.amazonaws.com/ https://ss-consent-or.trustarc.com/ https://www.google.com/ https://localhost:* https://www.google.de/ https://no-cdn.shortpixel.ai/ *.linkedin.com/ https://p.adsymptotic.com/ https://www.google.com.ua/ https://b.6sc.co/ https://cdn.shortpixel.ai/ https://ml6scwx5agca.i.optimole.com/ *.wistia.com/ https://consent-pref.trustarc.com/ https://consent.truste.com/ https://consent.trustarc.com/ https://fast.wistia.net/ https://ups.analytics.yahoo.com/ *.geocomply.com/ *.geocomply.net/ https://analytics.twitter.com/i/ https://www.google.pl/ https://www.google.ca/ https://www.linkedin.com/px/ https://google.com.ua/ https://t.co/ https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/ads/ https://px.ads.linkedin.com/ data:; style-src 'self' 'unsafe-inline' https://fast.wistia.com/ https://fast.wistia.net/ *.geocomply.com/ https://fonts.googleapis.com https://assets.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/; font-src 'self' https://ss-consent-or.trustarc.com/ https://fast.wistia.com/ https://consent.trustarc.com/ https://fast.wistia.net/ *.geocomply.com/ https://themes.googleusercontent.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://fonts.gstatic.com/ data:; frame-src 'self' https://td.doubleclick.net/ https://bugcrowd.com/ https://static.addtoany.com/ https://consent-pref.trustarc.com/ https://fast.wistia.net/embed/ https://applications.zoom.us/ *.geocomply.com/ https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://ajax.googleapis.com/ https://www.youtube.com/ https://www.google.com/;  frame-ancestors 'self' https://applications.zoom.us/; connect-src 'self' https://pagead2.googlesyndication.com/ https://ss-consent-or.trustarc.com/ https://consent.trustarc.com/ https://www.g2.com/ https://www.g2.com/ https://consent-reporting.trustarc.com/ https://consent-pref.trustarc.com/ https://www.google.de/ https://epsilon.6sense.com/ https://cdn.linkedin.oribi.io/ https://secure.adnxs.com/ https://c.6sc.co/ https://ipv6.6sc.co/ https://www.google.com.ua/ https://www.google.pl https://stats.g.doubleclick.net/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://analytics.google.com/ *.analytics.google.com/ https://embedwistia-a.akamaihd.net/ *.wistia.com/ https://fast.wistia.net/ *.geocomply.com/ *.geocomply.net/ https://www.google-analytics.com/ wss.plc-gc.com:* wss://wss.plc-gc.com:*; object-src 'self' 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src *; 1
frame-ancestors 'self' app.nearpod.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.simplyrecipes.com 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.edf.fr/report-uri/enforce 1
default-src 'self'; child-src 'none'; object-src 'none'; img-src 'self' proxy.joinmastodon.org blob: data:; style-src 'self' 'unsafe-inline'; script-src 'self' ; connect-src 'self' api.joinmastodon.org; block-all-mixed-content 1
default-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com qwant.com *.qwant.com qwant.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwant.com qwant.com *.qwant.plive *.qwant.com;style-src 'self' 'unsafe-inline' data: *.qwant.com *.qwantjunior.com qwant.com;object-src 'self';connect-src 'self' *.qobuz.com *.apple.com *.qwant.com qwant.com *.qwant.com qwant.com *.qwant.plive qwant.plive extras.qwantjunior.com;img-src blob: 'self' www.qwant.com s1.qwant.com s2.qwant.com s.qwant.com f.qwant.com s1.qwant.plive s2.qwant.plive s.qwant.plive f.qwant.plive data: s-lite.qwant.com www.qwant.com;frame-ancestors *.qwant.com *.qwant.com *.qwantjunior.com lmqt.fyi;form-action 'self';font-src 'self';worker-src blob: 'self' www.youtube-nocookie.com www.youtube.com;frame-src viewer.dood3d.com *.vid.web.acsta.net player.twitch.tv player.vimeo.com www.dailymotion.com players-cdn.vidmizer.com players-cdn-v2.vidmizer.com *.qwant.com *.qwant.com *.qwantjunior.com www.youtube-nocookie.com *.tvlocale.fr *.smartrezo.com *.femmesetcitoyennete.fr *.jeunesreporterssansfrontieres.fr *.medias-francophones.com *.trendy-community.fr *.tvcitoyenne.com *.veitech.com *.localetv.eu player.myvideoplace.tv net.geo.opera.com geo.captcha-delivery.com;media-src blob: *.qwant.com *.qwant.com *.apple.com *.qobuz.com *.vid.web.acsta.net;base-uri 'self';block-all-mixed-content 1
frame-ancestors 'self' wiwoapp.wiwo.de amp2.wiwo.de archiv.wiwo.de; 1
frame-src 'self' bat.bing.com https://*.blackbaudhosting.com https://blackbaud.com https://*.doubleclick.net https://embed.tawk.to https://connect.facebook.net https://*.hotjar.com https://cdn.jsdelivr.net https://*.kaltura.com https://snap.licdn.com https://www.podbean.com sc-static.net *.snapchat.com https://www.youtube-nocookie.com https://www.youtube.com https://discoveruni.gov.uk https://widget.discoveruni.gov.uk https://www.google.com https://www.facebook.com https://libraryhelp.shef.ac.uk https://theaccessplatform.com https://tappage.theaccessplatform.com https://www.googletagmanager.com https://www.findaphd.com https://player.vimeo.com https://app.geckoform.com https://roundme.com https://spaces.wondavr.com https://wvr.li https://api3-eu.libcal.com https://calendar.google.com https://payments.blackbaud.com https://*.shef.ac.uk/ https://my.matterport.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.blackbaud.com *.blackbaudhosting.com http://*.onetrust.com https://*.bing.com https://*.blackbaudhosting.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.hotjar.com https://*.kaltura.com https://*.shef.ac.uk https://*.sheffield.ac.uk https://*.snapchat.com https://*.theaccessplatform.com https://*.twitter.com https://ajax.googleapis.com https://analytics.tiktok.com https://app.geckoform.com https://bat.bing.com https://blackbaud.com https://cdn.jsdelivr.net https://cdn.theaccessplatform.com https://connect.facebook.net https://discoveruni.gov.uk https://embed.geckochat.io https://embed.tawk.to https://libraryhelp.shef.ac.uk https://player.vimeo.com https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com/ https://tagmanager.google.com https://tappage.theaccessplatform.com https://theaccessplatform.com https://tr.snapchat.com https://translate.google.com https://widget.discoveruni.gov.uk https://www.facebook.com https://www.findaphd.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.podbean.com https://www.youtube-nocookie.com https://www.youtube.com *.newrelic.com https://api.mapbox.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.sheffield.ac.uk *.theaccessplatform.com https://bbox.blackbaudhosting.com https://embed.geckochat.io https://fonts.geckoform.com https://fonts.googleapis.com https://payments.blackbaud.com https://www.findaphd.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.sheffield.ac.uk https://api.mapbox.com https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; base-uri 'self'; form-action 'self' https://search.sheffield.ac.uk; frame-ancestors 'self'; report-uri https://shef.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://news.powerfront.com https://*.inside-graph.net https://*.inside-graph.com https://*.inside-graph.cn 1
base-uri 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com; form-action 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com; frame-ancestors 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com; connect-src languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; default-src 'none'; font-src 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; frame-src 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; img-src 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; script-src 'default' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' languages.oup.com prododcorp.wpengine.com stats.wp.com www.youtube.com www.google-analytics.com connect.facebook.net www.googletagmanager.com v0.wordpress.com plus.google.com connect.facebook.net global.oup.com w.soundcloud.com region1.google-analytics.com ssl.google-analytics.com qzzr.com cloudfront.net *.cloudfront.net *.secure.gravatar.com secure.gravatar.com fonts.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.gstatic.com www.google.com www.gstatic.com *.www.gstatic.com 'unsafe-inline'; 1
frame-ancestors 'self' localhost *.teamwork.com *.teamworkpm.net teams.microsoft.com *.teams.microsoft.com *.skype.com teamworkintegrations.ngrok.io *.us.teamworkops.com; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https: blob:; connect-src 'self' https: wss:; img-src 'self' https: data:; font-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; object-src 'none'; frame-src 'self' https: 1
default-src 'none'; frame-src 'self' https://*.configcat.com https://www.google.com https://challenges.cloudflare.com https://www.youtube.com; script-src 'self' 'unsafe-inline' https://*.configcat.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://challenges.cloudflare.com https://*.cloudflareinsights.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://*.configcat.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://codecov.io https://img.shields.io https://github.com https://snyk.io https://sonarcloud.io https://data.jsdelivr.com https://maven-badges.herokuapp.com https://javadoc.io https://ci.appveyor.com https://buildstats.info https://goreportcard.com https://godoc.org https://poser.pugx.org https://badge.fury.io https://coveralls.io https://pkg.go.dev https://s3.amazonaws.com https://*.cloudfront.net https://img.youtube.com https://thepracticaldev.s3.amazonaws.com https://raw.githubusercontent.com https://blog.ladeak.net; connect-src 'self' https://*.configcat.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.google.com https://*.amplitude.com https://*.cloudflareinsights.com https://*.algolia.net; object-src 'self'; child-src 'self' blob:; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
default-src 'self'; connect-src 'self' https://next-landing-pages-mtwpand26a-ew.a.run.app *.veed.dev *.veed.io *.veed.com https://storage.googleapis.com *.amplitude.com ws://localhost:* wss://*.veed.dev wss://*.staging.veed.dev wss://*.veed.io localhost:* https://*.sentry.io/ https://cms.veed.io https://cms.veed.dev https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://rest.ably.io https://*.ably-realtime.com wss://*.ably-realtime.com wss://realtime.ably.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-eu.onetrust.com https://cdn.linkedin.oribi.io https://api.getrewardful.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://uploads.intercomusercontent.com https://hooks.zapier.com https://*.algolianet.com https://*.algolia.net https://pagead2.googlesyndication.com https://forms-eu1.hscollectedforms.net https://px.ads.linkedin.com https://eu.posthog.com https://api-eu1.hubapi.com https://metrics.hotjar.io https://*.appsflyer.com https://tracking.g2crowd.com; font-src 'self' data: https://fonts.gstatic.com https://cdn-public.veed.io https://static-assets.veed.io https://*.intercomcdn.com https://cdn.appsflyer.com; img-src 'self' data: blob: * https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.gstatic.com https://optimize.google.com https://veed-assets https://static-assets.veed.io https://cdn-site-assets.veed.io https://assets-global.website-files.com https://storage.googleapis.com/veed-prod-strapi-bucket* https://*.intercomcdn.com https://*.intercom.io https://uploads.intercomusercontent.com https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://*.intercomassets.eu https://*.intercomassets.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://www.gstatic.com/ https://apis.google.com https://cdn.amplitude.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.googleadservices.com https://*.google.com https://r.wdfl.co/rw.js https://snap.licdn.com http://www.youtube.com https://cdn.cookielaw.org https://js.stripe.com https://*.intercom.io https://js.intercomcdn.com http://connect.facebook.net https://static.hsappstatic.net https://static.ads-twitter.com http://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com/ https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://eu.posthog.com https://challenges.cloudflare.com https://static.hotjar.com https://js-eu1.hsadspixel.net https://script.hotjar.com https://websdk.appsflyer.com https://tracking.g2crowd.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.google.com https://www.googletagmanager.com; frame-src 'self' https://optimize.google.com * blob:; media-src 'self' https://assets-global.website-files.com https://ssl.gstatic.com https://cdn.veed.dev https://cdn.staging.veed.dev https://cdn.veed.io https://cdn-user.veed.dev https://cdn-user.staging.veed.dev https://cdn-user.veed.io https://veed.dev https://staging.veed.dev https://veed.io https://cdn.veed.com https://storage.googleapis.com/veed-prod-strapi-bucket* https://cdn-site-assets.veed.io https://cdn-site-assets.veed.dev localhost:* https://js.intercomcdn.com https://static-assets.veed.io; object-src data:; 1
frame-ancestors self *.vipdev.lndo.site *.nybooks.com 1
frame-ancestors 'self' *.trekbikes.com 1
frame-ancestors *.uottawa.ca https://teams.microsoft.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://static1.lacoste.com https://*.omni.manh.com https://*.sharinpix.com 1
font-src 'self' https://*.freenet.de https://fonts.gstatic.com; img-src * data:; frame-ancestors 'self' https://*.freenet.de; object-src 'self'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; object-src * blob:; connect-src * wss:; 1
frame-ancestors 'self' https://h5.mall.sunmi.com https://mall.sunmi.com 1
frame-ancestors https://*.ooma.com http://*.ooma.com 1
frame-ancestors 'self' https://*.gotquestions.org 1
frame-ancestors 'self' *.geoguessr.com 1
script-src 'self' *.startpage.com *.verify.startingpage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.startpage.com 'unsafe-inline'; img-src 'self' blob: data: *.startpage.com *.verify.startingpage.com; frame-src 'self' *.startpage.com; frame-ancestors 'self'; connect-src 'self' *.startpage.com *.verify.startingpage.com; worker-src blob:; report-uri https://www.startpage.com/do/cspvr 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'unsafe-inline' 'unsafe-eval' *; script-src 'unsafe-inline' 'unsafe-eval' *; img-src * data: about:; frame-src 'self' *; frame-ancestors https://cms.prod.nypr.digital https://cms.demo.nypr.digital; worker-src blob:; object-src 'none'; report-uri https://nypr.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.svd.se; default-src https: data: blob: wss: react-js-navigation: android-webview: android-webview-video-poster: 'unsafe-inline' 'unsafe-eval'; report-uri https://svd.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.interzell-spp2170.com *.uni-stuttgart.de; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src * data: blob:; style-src * 'unsafe-inline'; font-src * data:; connect-src *; 1
frame-ancestors https://purpleads.io https://www.purpleads.io https://publishers.purpleads.io https://advertisers.purpleads.io 1
default-src 'none'; img-src 'self' sa.geojs.io api.simpleanalytics.io; script-src 'self' get.geojs.io w.geojs.io/traffic sa.geojs.io scripts.simpleanalyticscdn.com geojs.us14.list-manage.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline'; connect-src sa.geojs.io api.simpleanalytics.io simpleanalytics.com; manifest-src 'self'; form-action 'self' geojs.us14.list-manage.com; frame-src www.google.com simpleanalytics.com simpleanalytics.io; frame-ancestors 'none'; report-uri https://jloh.report-uri.com/r/d/csp/enforce https://reports.jloh.co/r/csp/enforce 1
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://*.abtasty.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://secure.opinionlab.com https://*.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://survey.alchemer.eu ; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://*.readspeaker.com  https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline' 1
default-src * 'self' data: 'unsafe-inline' blob:;script-src * 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.trustarc.com *.doubleclick.net *.sas.com assets.adobedtm.com ssl.google-analytics.com  accdn.lpsnmedia.net www.googletagmanager.com www.google-analytics.com bat.bing.com benchtag.co front.facetz.net *.facebook.net *.facebook.com www.googleadservices.com tb.juiceadv.com *.linkedin.com pixel.mathtag.com pixel.quantserve.com *.quora.com analytics.twitter.com tagmanager.google.com mc.yandex.ru static.ads-twitter.com snap.licdn.com *.bizographics.com dev.visualwebsiteoptimizer.com scripts.demandbase.com consent.truste.com s.yimg.com ssl.gstatic.com api.company-target.com script.crazyegg.com platform.twitter.com sp.analytics.yahoo.com x.bidswitch.net ad4.adfarm1.adition.com livestream.co *.brightcove.net track.adform.net *.adsrvr.org www.vintom.com b92.yahoo.co.jp cdn.appdynamics.com execution-dscvrtraffic.cidev.sas.us *.brightcove.com *.mrpfd.com d3js.org *.d3.org *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com;style-src 'self' data: 'unsafe-inline' *.sas.com fast.fonts.net *.cloudflare.com *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com *.brightcove.com *.googleapis.com;img-src * 'self' blob: data: *.google-analytics.com *.doubleclick.net www.google.com www.googletagmanager.com *.sas.com front.facetz.net *.facebook.com www.googleadservices.com tb.juiceadv.com ext.ligatus.com bcp.crwdcntrl.net pixel.mathtag.com *.quora.com cdn.taboola.com analytics.twitter.com d.company-target.com mc.yandex.ru t.co px.ads.linkedin.com *.bizographics.com insight.adsrvr.org assets.adobedtm.com *.brightcove.com *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com;font-src * 'self' data: *.sas.com fast.fonts.net; connect-src * 'self' *.sas.com *.brightcove.com ma156-r.analytics.edgekey.net api.company-target.com livestream.com www.vintom.com *.doubleclick.net assets.adobedtm.com;frame-src 'self' assets.adobedtm.com lpcdn.lpsnmedia.net www.youtube.com s7.addthis.com *.twitter.com *.sas.com pixel.mathtag.com livestream.com ad4.adfarm1.adition.com www.vintom.com *.doubleclick.net *.facebook.net *.trustarc.com *.facebook.com *.linkedin.com *.chargebee.com *.sli.do *.logentries.com *.amuselabs.com amuselabs.com *.jmp.com *.outgrow.us *.khoros.com proactive-chat-server-us.prod.aws.lcloud.com messaging-auth-us-west-2.prod.aws.lcloud.com *.service-now.com *.visualize-roi.com *.brightcove.com *.adsrvr.org;frame-ancestors *.sas.com *.jmp.com *.gatheriq.analytics *.curriculumpathways.com *.hubb.me 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.essence.com 1
default-src 'self'; manifest-src 'self'; connect-src 'self' https://*.ezodn.com https://*.ezoic.net; font-src 'self'; img-src data: *; script-src 'self' 'unsafe-inline' https://*.ezodn.com; style-src 'self' 'unsafe-inline' * 1
frame-ancestors 'self' fozzy.com *.fozzy.com; 1
frame-ancestors 'self' https://*.tps.lv https://tps.lv https://*.readspeaker.com 1
default-src 'self' 'unsafe-eval' 'nonce-1998a68a0040af36' axieinfinity.com *.skymavis.com *.skymavis.one *.axieinfinity.co *.axieinfinity.com cdn.axieinfinity.com *.storage.googleapis.com storage.googleapis.com *.googletagmanager.com *.google-analytics.com 'nonce-G-4W5DYHM0BL'; script-src 'self' 'unsafe-eval' 'nonce-1998a68a0040af36' axieinfinity.com *.skymavis.com *.skymavis.one *.axieinfinity.co *.axieinfinity.com cdn.axieinfinity.com *.storage.googleapis.com storage.googleapis.com *.googletagmanager.com *.google-analytics.com 'nonce-G-4W5DYHM0BL'; script-src-elem 'self' 'unsafe-inline' 'nonce-1998a68a0040af36' axieinfinity.com *.skymavis.com *.skymavis.one *.axieinfinity.co *.axieinfinity.com cdn.axieinfinity.com *.storage.googleapis.com storage.googleapis.com *.googletagmanager.com *.google-analytics.com 'nonce-G-4W5DYHM0BL'; style-src 'self' 'unsafe-inline' *.skymavis.com *.skymavis.one *.axieinfinity.com cdn.axieinfinity.com fonts.googleapis.com *.storage.googleapis.com storage.googleapis.com; style-src-attr 'self' 'unsafe-inline' *.skymavis.com *.skymavis.one *.axieinfinity.com cdn.axieinfinity.com fonts.googleapis.com *.storage.googleapis.com storage.googleapis.com; style-src-elem 'self' 'unsafe-inline' *.skymavis.com *.skymavis.one *.axieinfinity.com cdn.axieinfinity.com fonts.googleapis.com *.storage.googleapis.com storage.googleapis.com; object-src none; img-src 'self'  data: * cdn.axieinfinity.com *.axieinfinity.com *.google.com *.storage.googleapis.com storage.googleapis.com; frame-src 'self' https://www.youtube.com; font-src 'self' *.axieinfinity.com cdn.axieinfinity.com data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' *.axieinfinity.com cdn.axieinfinity.com *.axieinfinity.com axieinfinity.com *.skymavis.com *.skymavis.one *.axieinfinity.co staging.axieinfinity.co api.roninchain.com *.roninchain.com *.google.com *.storage.googleapis.com *.google-analytics.com; media-src 'self'  data: cdn.axieinfinity.com *.axieinfinity.com https://youtube.com/* https://cdn-marketplace.skymavis.com/; base-uri 'self'; frame-ancestors 1
default-src 'self' altium.com *.altium.com; connect-src 'self' altium.com *.altium.com *.hotjar.com *.hotjar.io *.devstages.com v2.api.uberflip.com play.vidyard.com cdn.bizible.com 817-sfw-071.mktoresp.com api.segment.io api.amplitude.com bat.bing.com d.adroll.com https://*.optimizely.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com *.googleapis.com *.firebaseio.com wss://*.firebaseio.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com mc.yandex.ru *.clarity.ms https://boards-api.greenhouse.io/v1/boards/braze/departments https://boards-api.greenhouse.io/v1/boards/altium/departments https://boards-api.greenhouse.io/v1/boards/*/departments https://boards-api.greenhouse.io/v1/boards/altium/jobs https://apihub.document360.io/v1/articles/ https://apihub.document360.io/v1/projectversions/ https://cdn.cookielaw.org *.onetrust.com ajax.googleapis.com *.g.doubleclick.net *.googlesyndication.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com cdn.segment.com calendly.com https://www.google-analytics.com https://www.googletagmanager.com https://o406350.ingest.sentry.io/api/4504513653833728/envelope/; font-src 'self' data: altium.com *.altium.com d2ns91cgb08z5o.cloudfront.net d25n9y37pkfre9.cloudfront.net dhm5hy2vn8l0l.cloudfront.net themes.googleusercontent.com fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; frame-src 'self' altium.com *.altium.com *.hotjar.com *.doubleclick.net *.fls.doubleclick.net http://4296759.fls.doubleclick.net *.marketo.com *.twitter.com play.vidyard.com d3l9fju211jpzs.cloudfront.net js.driftt.com www.instagram.com www.youtube.com www.google.com www.facebook.com http://altium.force.com/* http://altium.force.com https://altium.secure.force.com https://altium-dev.os.tc *.getfeedback.com *.addtoany.com *.firebaseio.com https://vars.hotjar.com https://*.cdn.optimizely.com https://*.cdn-pci.optimizely.com https://boards.greenhouse.io/* https://Altium.drift.click calendly.com https://altium.storylane.io; img-src * data:; manifest-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' altium.com *.altium.com *.adroll.com *.marketo.com *.hotjar.com *.twitter.com d2ns91cgb08z5o.cloudfront.net d3l9fju211jpzs.cloudfront.net d25n9y37pkfre9.cloudfront.net analytics.twitter.com bat.bing.com cdn.bizible.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.segment.com cdn.syndication.twimg.com cdn.amplitude.com connect.facebook.net content.cdntwrk.com dev.visualwebsiteoptimizer.com ml314.com *.ml314.com d.adroll.mgr.consensu.org js.driftt.com go.toutapp.com googleads.g.doubleclick.net munchkin.marketo.net pixel-geo.prfct.co play.vidyard.com snap.licdn.com static.addtoany.com static.ads-twitter.com tag.marinsm.com tag.bounceexchange.com www.upsellit.com www.instagram.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.google.com www.gstatic.com www.redditstatic.com www.youtube.com onesignal.com *.onesignal.com *.getfeedback.com *.firebaseio.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.clarity.ms mc.yandex.ru https://cdn.cookielaw.org ajax.googleapis.com assets.calendly.com js.storylane.io cdnjs.cloudflare.com go.altium.com https://cdn-shared.altium.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://demotest.altium.com https://https https://play.vidyard.com https://profile.altium.com https://profile.dev1.altium.com https://service.force.com https://static.addtoany.com https://unpkg.com https://www.altium.com https://www.google.com https://www.gstatic.com viewer.altium.com www.altium.com; style-src 'self' 'unsafe-inline' altium.com *.altium.com *.marketo.com *.twitter.com *.twimg.com cloud.typography.com d2ns91cgb08z5o.cloudfront.net d25n9y37pkfre9.cloudfront.net onesignal.com fonts.googleapis.com www.googletagmanager.com assets.calendly.com cdnjs.cloudflare.com https://cdn-shared.altium.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://https www.altium.com; worker-src 'self'; base-uri 'self'; upgrade-insecure-requests 1
default-src 'self'; frame-ancestors 'self'; img-src 'self' avatars.githubusercontent.com; frame-src 'self' player.vimeo.com 1
default-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; style-src-attr * 'unsafe-inline'; img-src * data: blob:; font-src * data:; frame-src * data:; frame-ancestors *; media-src * blob:; worker-src * blob: 1
frame-ancestors 'self' https://kundkundtc.com/ https://www.jagran.com/ https://www.jagran.com/markets.html/ https://staging.jagran.com/ https://m.jagran.com/ https://m.jagran.com/markets.html https://mstaging.jagran.com/ https://mstaging.jagran.com/markets.html/ https://stagenglish.jagran.com/ http://punjabijagran.com/ https://stagenglish.jagran.com/ https://www.money9.com/ https://hindi.money9.com/ https://marathi.money9.com/ https://telugu.money9.com/ https://bangla.money9.com/ https://kannada.money9.com/ https://gujarati.money9.com/ 1
font-src *.dyson.cn *.alicdn.com fonts.gstatic.com *.assetsadobe2.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com qiyukf.com *.vhallyun.com *.vhall.com open.weixin.qq.com bcvideo.dyson.cn 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.dyson.cn qiyukf.nosdn.127.net da.qiyukf.com *.assetsadobe2.com *.map.qq.com *.map.gtimg.com mapapi.qq.com *.vhall.com privacy.dyson.com dyson-magento-prd.oss-cn-shanghai.aliyuncs.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.decibelinsight.net qiyukf.com *.sensorsdata.cn *.vhallyun.com *.vhall.com *.doubleclick.net *.assetsadobe2.com *.cstaticdun.126.net *.360buyimg.com map.qq.com *.map.qq.com res.wx.qq.com mapapi.qq.com *.map.gtimg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.vhallyun.com *.vhall.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com ysf.nosdn.127.net *.dyson.cn *.brightcove.net *.assetsadobe2.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com qiyukf.com da.qiyukf.com cntrack.dyson.cn wss://collection.decibelinsight.net *.decibelinsight.net *.doubleclick.net *.amazonaws.com.cn *.apple.com *.vhallyun.com *.vhall.com mapstyle.qpic.cn *.map.qq.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' wss: https:; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss: blob:; child-src https: blob:; object-src 'none' 1
frame-ancestors 'self'; default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' www.gwdg.de keycloak.sso.gwdg.de 1
frame-ancestors https://*.visme.co 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://maps.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com https://yoast.com; font-src 'self' data:; frame-src 'self'; img-src 'self' data: https://secure.gravatar.com https://s.w.org; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.freehostia.com http://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://connect.facebook.net/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; frame-ancestors 'self'; 1
frame-ancestors 'self' *.ci360.sas.com; 1
frame-ancestors 'self' appsonline.income.com.sg http://wcmadmin12.income.com.sg 1
object-src * 'unsafe-inline' 1
frame-ancestors https://*.bancopan.com.br 1
default-src 'nonce-2e55baeabff51116bd8551b92d80d748' 'self' https: data:; frame-src 'self' ockto: https:; frame-ancestors 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src 'self' data: https:; font-src *; 1
upgrade-insecure-requests; frame-ancestors 'self' *.ci360.sas.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.newindianexpress.com;block-all-mixed-content; 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-06248a96eecf1b6c4278671b5787f506' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1509676573571732; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1509676573571732 1
frame-ancestors s.syzs.qq.com webapp.gameloop.com *.nimo.tv; report-uri https://csp.nimo.tv/csp?sentry_id=160&sentry_key=da306e6f5c0246cebb17c067f24a8795 1
style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *; frame-src *; 1
frame-ancestors 'self' https://gallery.jalbum.net http://gallery.jalbum.net 1
default-src 'self';  style-src 'self' 'unsafe-inline' https://*.le.ac.uk https://test-uol.azorus.com https://oc-cdn-public-gbr.azureedge.net/livechatwidget/ https://*.spotify.com https://sketchfab.com https://le.ac.uk https://www.clarity.ms https://cdnjs.cloudflare.com https://cdn.curator.io https://embedsocial.com https://www.findaphd.com https://fonts.googleapis.com https://www.gstatic.com https://meetandengage.com https://*.flockler.com https://*.flockler.app https://tagmanager.google.com https://www.googletagmanager.com;  img-src 'self' blob: data: https://track.adform.net https://s2.adform.net https://c.bing.com https://pool.adizio.com https://c.clarity.ms https://test-uol.azorus.com https://*.spotify.com https://pool.a872.com https://*.adnxs.com https://cdn.curator.io https://*.cdninstagram.com https://*.doubleclick.net https://connect.facebook.net https://discoveruni.gov.uk https://www.facebook.com https://*.fbcdn.net https://www.findaphd.com https://*.flockler.com https://flockler.com https://*.flockler.app https://*.google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://*.google-analytics.com https://www.googleapis.com https://www.googletagmanager.com https://*.gstatic.com https://i.ytimg.com https://www.instagram.com https://le.ac.uk https://www.linkedin.com https://livestream.com https://meetandengage.com https://pbs.twimg.com https://px.ads.linkedin.com https://*.rackcdn.com https://*.scdn1.secure.raxcdn.com https://stats.g.doubleclick.net https://t.co https://www.tag4arm.com https://*.twitter.com/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.le.ac.uk https://test-uol.azorus.com https://track.adform.net https://s2.adform.net https://cdn.botframework.com/botframework-webchat/ https://unpkg.com/react@17.0.2/umd/react.production.min.js https://unpkg.com/react-dom@17.0.2/umd/react-dom.production.min.js https://oc-cdn-public-gbr.azureedge.net/livechatwidget/ https://acdn.adnxs.com/dmp/up/ https://*.spotify.com https://sketchfab.com https://le.ac.uk https://libraryhelp.le.ac.uk https://ajax.googleapis.com https://www.clarity.ms https://cdn.curator.io https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://cdn.oribi.io https://cdn.unibuddy.co https://connect.facebook.net https://discoveruni.gov.uk https://dnn506yrbagrg.cloudfront.net https://embedsocial.com https://fl-cdn.scdn1.secure.raxcdn.com https://www.findaphd.com https://*.flockler.com https://flockler.embed.codes https://*.flockler.app https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.googleadservices.com https://*.google-analytics.com https://www.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.ibytedtos.com https://www.linkedin.com https://meetandengage.com https://popcard.unibuddy.co https://px.ads.linkedin.com https://s.ytimg.com https://s0.ipstatp.com https://sc-static.net https://snap.licdn.com https://static.ads-twitter.com https://www.tagarm.com https://*.tiktok.com https://*.twitter.com https://widget.discoveruni.gov.uk https://widget.unistats.ac.uk https://www.youtube.com https://*.dotdigital-pages.com https://*.dotdigital-pages.com https://unpkg.com/acs_webchat-chat-adapter@0.0.35-beta.20/dist/chat-adapter.js;  frame-src 'self' https://*.le.ac.uk https://test-uol.azorus.com https://oc-cdn-public-gbr.azureedge.net https://iframe.dacast.com https://*.spotify.com https://sketchfab.com https://embedsocial.com https://www.facebook.com https://*.flipsnack.com https://*.doubleclick.net https://forms.office.com https://www.google.com https://www.googleapis.com https://www97.lamp.le.ac.uk https://libservices.le.ac.uk https://leicester.cloud.panopto.eu https://livestream.com https://www.linkedin.com https://www.le.ac.uk https://meetandengage.com https://myleicester.le.ac.uk https://vimeo.com https://player.vimeo.com https://podcasts.le.ac.uk https://popcard.unibuddy.co https://w.soundcloud.com https://static.ads-twitter.com https://staticxx.facebook.com https://www.tag4arm.com https://tourmkr.com https://platform.twitter.com https://tr.snapchat.com https://unibuddy.co https://*.hotjar.com https://www.viewmake.com https://widget.unistats.ac.uk https://www.youtube.com https://www.youtube-nocookie.com https://momento360.com https://*.dotdigital-pages.com https://comms.omnichannelengagementhub.com;  frame-ancestors 'self';  connect-src 'self' blob: https://azfa-sitecorebotdv.azurewebsites.net/ https://azfa-sitecorebotapite.azurewebsites.net/ https://directline.botframework.com wss://directline.botframework.com https://*.microsoft.com https://*.omnichannelengagementhub.com https://*.clarity.ms https://*.le.ac.uk https://*.spotify.com https://apikeys.civiccomputing.com https://api.curator.io https://stats.g.doubleclick.net https://www.facebook.com https://*.flockler.com https://*.flockler.app https://*.google.com https://*.google-analytics.com https://www.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www9.lamp.le.ac.uk https://gw.oribi.io https://prod-discoveruni.azure-api.net https://tr.snapchat.com https://www.tag4arm.com https://analytics.tiktok.com https://tourmkr.com https://ekr.zdassets.com https://*.dotdigital-pages.com https://*.trouter.skype.com wss://*.trouter.skype.com https://edge.skype.com https://*.communication.azure.com https://ib.adnxs.com https://acdn.adnxs.com;  font-src 'self' data: https://maxcdn.bootstrapcdn.com https://cdn.curator.io https://fonts.gstatic.com https://le.ac.uk https://meetandengage.com https://*.hotjar.com;  object-src 'self' https://*.spotify.com https://forms.office.com;  media-src 'self' https://le.ac.uk https://*.le.ac.uk https://*.spotify.com https://pool.a8723.com https://*.fbcdn.net https://*.xx.fbcdn.net https://*.flockler.com https://*.flockler.app https://*.cdninstagram.com https://video.twimg.com https://videos.dailymail.co.uk;  upgrade-insecure-requests 1
frame-ancestors https://trustseal.enamad.ir 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.byrdie.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wpml.org *.toolset.com *.stripe.com *.google.com *.googletagmanager.com a.quora.com www.redditstatic.com *.doubleclick.net yoast.com *.googleadservices.com *.jquery.com *.web-view.net *.ytimg.com *.nr-data.net js-agent.newrelic.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net fast.wistia.com *.helpscout.net *.clarity.ms *.termly.io; frame-src 'self' *.stripe.com *.google.com *.doubleclick.net *.youtube.com *.facebook.com s-static.ak.facebook.com wp-rocket.me *.termly.io; object-src 'self'; worker-src blob: https://wpml.org; connect-src 'self' *.wpml.org https://pagead2.googlesyndication.com https://conversions-config.reddit.com https://www.redditstatic.com https://*.doubleclick.net q.quora.com *.clarity.ms *.helpscout.net *.wistia.com *.termly.io d3hb14vkzrxvla.cloudfront.net *.nr-data.net *.facebook.com yoast.com wss://chat-support.wpml.org https://chat-support.wpml.org wss://activity-tracker.wpml.org https://activity-tracker.wpml.org ams.wpml.org https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat 1
upgrade-insecure-requests; default-src 'self' data: blob: wss: https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; connect-src 'self' https://docs.sotoon.ir https://sales.kraken.sotoon.ir https://landung.sotoon.ir https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com; img-src 'self' data: https://s3.thr1.sotoon.ir https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.web.sotoon.ir; font-src 'self' https://fonts.web.sotoon.ir; frame-src https://landung.sotoon.ir; object-src 'none' 1
frame-ancestors 'self' https://*.fresha.com https://*.adyen.com 1
frame-ancestors 'self' *.springernature.com; 1
default-src 'none';base-uri 'self';block-all-mixed-content;connect-src 'self';font-src 'self';form-action 'self' https://search.f-droid.org;frame-ancestors 'self';img-src 'self' https://f-droid.org;manifest-src 'self';media-src 'self';script-src 'self';style-src 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; default-src 'self' blob:  https://*.rtp.pt:* http://*.rtp.pt:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' https:; img-src  data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors 'self' https://*.rtp.pt:* 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.blacknut.com *.blacknut.net *.blacknutlemag.com *.blacknut.biz *.google-analytics.com *.googletagmanager.com *.youtube.com *.googleapis.com *.stripe.com data: *.jsdelivr.net *.facebook.com *.facebook.net *.doubleclick.net *.google.com *.google.fr *.gouv.fr js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net *.hubspot.com *.hubapi.com *.google.ie *.googleadservices.com *.metaffiliation.com api.mixpanel.com ipinfo.io freegeoip.net marketing-image-production.s3.amazonaws.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.usemessages.com u360.d-bi.fr analytics.google.com *.google.com *.google.ie *.clarity.ms clarity.microsoft.com *.gstatic.com *.firebaseio.com *.taboola.com *.adnxs.com *.affilae.com *.hs-banner.com *.blacknut.biz *.api.sanity.io *.sanity.build s3.eu-west-1.amazonaws.com blacknut-prod-images.b-cdn.net blacknut-prod-videos.b-cdn.net 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://st.mycdn.me https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-423b0d18c42b95c072425f95ade2f1dc' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.ok.ru https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=23.01.24; 1
frame-ancestors view.publitas.com www.publitas.com 1
default-src 'self' https://canny.io https://*.canny.io; child-src 'self' blob: https://canny.io https://*.canny.io https://www.facebook.com https://bid.g.doubleclick.net https://td.doubleclick.net https://recaptcha.recaptcha.net/recaptcha/ https://www.recaptcha.net/recaptcha/ https://intercom-sheets.com https://share.intercom.io https://www.intercom-reporting.com https://*.cloud.microsoft.com https://teams.microsoft.com https://*.teams.microsoft.com https://*.office.com https://*.microsoft365.com https://platform.twitter.com/ https://*.wistia.net https://*.youtu.be https://*.youtube.com https://youtu.be https://youtube.com; connect-src 'self' https://canny.io https://*.canny.io https://www.facebook.com https://*.g.doubleclick.net https://*.google.com https://google.com https://googleadservices.com https://stats.g.doubleclick.net https://td.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://api.hubapi.com https://*.hubspot.com https://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com wss://*.intercom.io https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.clarity.ms https://bat.bing.com https://*.cdn.office.net https://api-js.mixpanel.com https://*.reddit.com https://*.redditstatic.com https://www.redditads.com https://*.sentry.io https://sentry.io https://*.wistia.com https://*.wistia.net https://*.litix.io https://embedwistia-a.akamaihd.net; font-src * data:; form-action https://canny.io https://*.canny.io https://www.facebook.com https://api-iam.intercom.io https://intercom.help; img-src * data: https://canny.io https://*.canny.io https://ct.capterra.com https://google.com https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src * blob: data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://canny.io https://*.canny.io https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.googletagmanager.com https://*.hubspot.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsleadflows.net https://*.intercom.io https://js.intercomcdn.com https://snap.licdn.com https://*.clarity.ms https://bat.bing.com https://g.microsoft.com https://cdn.mxpnl.com https://a.quora.com https://www.redditstatic.com https://*.reddit.com https://*.sentry-cdn.com https://platform.twitter.com/ https://*.wistia.com; style-src 'self' 'unsafe-inline' https://canny.io https://*.canny.io; worker-src blob:; report-uri https://canny.io/api/csp/report 1
default-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.youtube.com geoservices.julius-kuehn.de; script-src 'self' *.dwd.de *.readspeaker.com *.twitter.com *.twimg.com *.youtube.com *.jwpcdn.com *.ytimg.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.dwd.de *.twitter.com *.twimg.com 'unsafe-inline' data:; img-src * data: blob:; font-src 'self' data:; frame-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com fisbo.bgr.de; worker-src *.twitter.com; child-src 'self' *.dwd.de twitter.com *.twitter.com *.youtube.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ipredictive.com adgrx.com demdex.net dpm.demdex.net adyen.com ads.yieldmo.com sync-criteo.ads.yieldmo.com *.scene7.com *.amazonaws.com www.dwin1.com adnxs.com ib.adnxs.com secure.adnxs.com attentivemobile.com events.attentivemobile.com attn.tv *.audioeye.com bidswitch.net x.bidswitch.net *.bing.com *.btttag.com *.bluecore.com bluekai.com tags.bluekai.com *.bounceexchange.com bounceexchange.com bouncex.net events.bouncex.net *.creativecdn.com certona.net edge1.certona.net www.res-x.com *.cloudfront.net cloudfront.net *.coach.com coach.com *.katespade.com *.coachoutlet.com cohimg.net img1.cohimg.net cnstrc.com *.cnstrc.com cquotient.com criteo.com criteo.net *.criteo.net *.criteo.com w55c.net *.doubleclick.net *.facebook.com *.facebook.net facebook.net fonts.net fast.fonts.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com *.fwmrm.net *.google.com *.google.com.pr www.google.ie *.google.hn www.google.com.au www.google.vg www.google.com.bz www.google.pt www.google.ru www.google.lv www.google.com.uy www.google.nl www.google.com.eg www.google.mv www.google.com.mm www.google.com.ng www.google.com.sa www.google.de www.google.cd www.google.co.il www.google.com.ec www.google.com.ph www.google.cn www.google.com.qa www.google.bs www.google.es www.google.gy www.google.co.ma www.google.com.ly www.google.co.zm www.google.tn www.google.com.tr www.google.com.ag www.google.be www.google.sn www.google.com.kw www.google.co.vi *.google.com.do www.google.pl www.google.co.nz www.google.kz www.google.hu www.google.co.ke www.google.ro www.google.is www.google.mu www.google.am www.google.com.py www.google.com.kh www.google.ba www.google.co.za www.google.com.sg www.google.com.bo www.google.sk www.google.com.gh www.google.sr www.google.co.th www.google.ci www.google.ch www.google.com.pa www.google.ht www.google.cl www.google.co.kr www.google.com.tw www.google.co.uk www.google.gl www.google.com.sv www.google.com.gt www.google.fr www.google.co.cr www.google.com.hk www.google.co.ls www.gstatic.com fonts.gstatic.com www.google.com.my *.google.co.in www.google.co.jp *.google.com.co *.google.com.pe www.google.ca www.google.se www.google.tt www.google.ae www.google.com.vn www.google.com.ar www.google.com.br www.google.co.ve www.google.com.mx www.google.com.ni www.google.com.ua www.google.as *.google.com.jm www.googleadservices.com googleapis.com *.googleapis.com cloudfunctions.net *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com 360yield.com ad.360yield.com casalemedia.com *.casalemedia.com ivitrack.com jsdelivr.net *.jsdelivr.net klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com *.klarnaservices.com linksynergy.com *.linksynergy.com liadm.com *.liadm.com addressy.com api.addressy.com pcapredict.com tapes11111.pcapredict.com crwdcntrl.net media.net contextual.media.net mathtag.com mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com *.mountain.com mountain.com micpn.com *.micpn.com cookielaw.org cdn.cookielaw.org postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com onetrust.com *.online-metrix.net *.optimizely.com optimizely.com outbrain.com sync.outbrain.com *.paypal.com www.paypalobjects.com pinimg.com s.pinimg.com pinterest.com *.pinterest.com pdst.fm cdn.pdst.fm *.powerreviews.com pubmatic.com simage2.pubmatic.com *.quantummetric.com quantummetric.com *.rakuten.com rmtag.com intljs.rmtag.com rlcdn.com *.rlcdn.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com *.force.com my.salesforce.com *.my.salesforce.com *.salesforceliveagent.com sharethrough.com match.sharethrough.com *.shoprunner.com *.shoprunner.io signifyd.com *.signifyd.com sitescout.com smartadserver.com rtb-csync.smartadserver.com sc-static.net *.snapchat.com stylitics.com *.stylitics.com loopassets.net qa-specops.loopassets.net taboola.com sync-t1.taboola.com tangiblee.com *.tangiblee.com tapad.com tapestry.tapad.com teads.tv criteo-sync.teads.tv *.tiktok.com adsrvr.org *.adsrvr.org tremorhub.com criteo-partners.tremorhub.com 3lift.com eb2.3lift.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co ad.smaato.net s.ad.smaato.net clmbtech.com ade.clmbtech.com mdhv.io jelly.mdhv.io postcodeanywhere.co.uk services.postcodeanywhere.co.uk rqtrk.eu ws.rqtrk.eu techlab-cdn.com p11.techlab-cdn.com wknd.ai tag.wknd.ai wyng.com cdn.wyng.com *.yext-pixel.com *.adyen.com *.attn.tv *.cquotient.com *.onetrust.com cloudflare.com cdnjs.cloudflare.com coach.comis images.coach.comis a.bigcontent.io *.a.bigcontent.io api2.fonts.com dynl.mktgcdn.com m.media-amazon.com apay-us.amazon.com static-na.payments-amazon.com api.bluecore.app *.drivecommerce.com visitor.omnitagjs.com matching.ivitrack.com ad.tpmn.co.kr tg.socdm.com *.shoppinggives.com *.loveslisa.tech *.iesnare.com *.cloudinary.com *.yahoo.com consent.nxtck.com consent.mediaforge.com consent.jrs5.com *.smooch.io *.my.salesforce-sites.com *.drrv.co *.googlesyndication.com tapestry.support jira.tapestry.support *.needle.com *.mapbox.com www.upsellit.com *.stuartweitzman.com shareasale.com api.fillr.com smct.co edgeshoppingstatic.azureedge.net api.bounce-commerce.de preview.babylonjs.com *.instagram.com *.youtube.com youtube.com rstyle.me *.narvar.com www.out.com www.cosmopolitan.com www.ecosia.org slooks.top *.reddit.com *.rakuten.ca www.groupon.com shrturl.site www.byrdie.com www.tsawwassenmills.com www.lyst.com www.retailmenot.com www.shopittome.com *.dealmoon.com appium.io mobile.ebates.com www.elle.com *.55haitao.com www.latimes.com theeverygirl.com www.instyle.com gateway.studentbeans.com www.refinery29.com clothedup.com nymag.com *.affirm.com *.qualtrics.com sentry.io *.sentry.io cdn.shopping.gives api.thegreenwebfoundation.org *.amplience.net cdn.honey.io m.huaren.us app.partnerboost.com www.studentbeans.com www.forbes.com findsimilar.com bellejamericancarnival.weebly.com yandex.ru *.yandex.ru brokescholar.com modesens.com arise.okta.com adx.dable.io www.gravatar.com email.traversedlp.com www.wepowerconnections.com usage.trackjs.com unpkg.com *.ibosscloud.com *.shoplooks.com fonts.bunny.net www.aadvantageeshopping.com ln-rules.rewardstyle.com pippio.com um.simpli.fi *.kampyle.com *.medallia.com adgen.socdm.com cs.adingo.jp sync.aralego.com www.talkable.com *.pfizer.com www.lrb.co.uk www.thebrandcloset.com static.lisa-cdn.net yastatic.net cm.adform.net id5-sync.com s.thebrighttag.com ad.yieldlab.net *.krxd.net cdn.aralego.net match.prod.bidr.io cms.quantserve.com app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com *.monetate.net *.bluecore.app *.pub.lilyai.net c.amazon-adsystem.com data: blob:; 1
default-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * blob:; worker-src 'self' blob:; style-src * blob: 'unsafe-inline' 'unsafe-eval'; frame-src * blob: 1
base-uri 'self'; frame-ancestors 'self' https://*.smartinsights.com; frame-src 'self' https://intercom-sheets.com https://calendly.com https://ff.doubleclick.net https://cdn.embedly.com https://www.google.com https://td.doubleclick.net https://securepubads.g.doubleclick.net https://staticxx.facebook.com https://www.facebook.com https://www.g2.com https://www.g2crowd.com/ https://vars.hotjar.com https://go.pardot.com https://*.smartinsights.com https://optimize.google.com https://checkout.stripe.com  http://www.scribd.com https://www.slideshare.net/ https://js.stripe.com https://*.twitter.com https://*.vimeo.com https://youtu.be https://*.youtube.com https://www.youtube-nocookie.com https://*.seedprod.com http://*.cloudflare.com; img-src data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://eu.fw-cdn.com https://assets.calendly.com http://*.omappapi.com https://4screens.net https://ws.amazon.co.uk https://z-eu.amazon-adsystem.com https://s3-us-west-1.amazonaws.com https://cdn.ampproject.org https://sjs.bizographics.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://secure.comodo.com https://*.convertexperiments.com https://*.g.doubleclick.net https://connect.facebook.net https://t.gatorleads.co.uk https://adservice.google.co.uk https://adservice.google.com https://apis.google.com https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://optimize.google.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.googletagservices.com https://googletagservices.com https://securepubads.g.doubleclick.net https://www.gstatic.com https://*.hotjar.com https://instant.page https://widget.intercom.io https://js.intercomcdn.com https://e.issuu.com https://code.jquery.com https://cdn.jsdelivr.net https://snap.licdn.com/ https://platform.linkedin.com https://*.newrelic.com https://bam.nr-data.net https://a.opmnstr.com https://api.opmnstr.com https://*.pardot.com https://assets.pinterest.com https://secure.polldaddy.com https://scout-cdn.salesloft.com https://app.seedprod.com https://*.smartinsights.com https://checkout.stripe.com https://js.stripe.com https://static.ads-twitter.com https://analytics.twitter.com https://cdn.syndication.twimg.com https://platform.twitter.com https://unpkg.com https://platform.vine.co https://visual.ly https://fast.wistia.com https://t.wowanalytics.co.uk; style-src 'self' 'unsafe-inline' https://*.calendly.com https://code.ionicframework.com https://fonts.googleapis.com https://optimize.google.com https://cdn.jsdelivr.net https://cdn.pardot.com https://pi.pardot.com https://checkout.stripe.com https://static.ads-twitter.com https://*.twitter.com https://*.smartinsights.com https://*.omappapi.com https://*.cloudflare.com; 1
default-src 'none'; base-uri 'none'; frame-src 'self' js.stripe.com challenges.cloudflare.com embeds.audioboom.com; font-src 'self' static0.audioboom.com; connect-src 'self' blob: https: wss://audioboom.com; img-src 'self' data: https:; media-src 'self' blob: https:; script-src 'self' static0.audioboom.com www.google-analytics.com js-agent.newrelic.com js.stripe.com bam.nr-data.net bam-cell.nr-data.net challenges.cloudflare.com sentry.io 'unsafe-inline' 'strict-dynamic' 'report-sample' 'nonce-v9qAVplxyOvkcjXEMci/kA=='; manifest-src 'self'; style-src 'self' static0.audioboom.com 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem 'self' static0.audioboom.com 'nonce-v9qAVplxyOvkcjXEMci/kA==' 1
default-src 'self' static.flightstats.com/ www.google-analytics.com securepubads.g.doubleclick.net www.google-analytics.com https://*.googlesyndication.com *.onetrust.com geolocation.onetrust.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'none';img-src 'self' data: *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io www.cirium.com *.cirium.com *.google-analytics.com *.googlesyndication.com *.google.com *.googletagmanager.com assets.braintreegateway.com checkout.paypal.com *.eloqua.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com;object-src 'none';script-src 'self' 'sha256-LtTzENrCXCQCBUtkD4RrXKmfwmT7WSTvkY2Y/FLADts=' *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io www.google.com/ www.gstatic.com/recaptcha/ www.googletagmanager.com/gtag/ www.googletagservices.com adservice.google.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com c.paypal.com img.en25.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com *.awswaf.com 'nonce-LOavcfcNxENTgfGvIQQDaQ==';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;frame-src *.googlesyndication.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ *.doubleclick.net/ https://www.youtube.com/ assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com;connect-src *.cirium.io *.cirium.dev *.flightstats.com *.flightstats.io https://static.flightstats.com https://securepubads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://analytics.google.com www.google-analytics.com *.googlesyndication.com *.braintree-api.com api.braintreegateway.com client-analytics.braintreegateway.com cdn.cookielaw.org *.onetrust.com geolocation.onetrust.com *.awswaf.com 1
frame-ancestors 'self' t4.scu.edu cms.scu.edu cms01.scu.edu thetrustproject.org media.scu.edu ecampus.scu.edu hrdev.scu.edu hrusr.scu.edu t4dev.scu.edu 166.78.46.137 campaign.scu.edu vanillasoft.net 129.210.247.132 1
default-src 'none'; script-src 'self' vimeo.com https://gist.github.com www.slideshare.net 'unsafe-eval' https://assets.hackmd.io https://www.google.com https://apis.google.com https://docs.google.com https://accounts.google.com https://www.dropbox.com https://www.google-analytics.com https://stats.g.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com https://pixel.quantserve.com https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://cdn.ravenjs.com https://browser.sentry-cdn.com https://js.stripe.com 'nonce-e73f9b7c-35ef-4ad4-9fc4-dc682ded292c' 'sha256-EtvSSxRwce5cLeFBZbvZvDrTiRoyoXbWWwvEVciM5Ag=' 'sha256-NZb7w9GYJNUrMEidK01d3/DEtYztrtnXC/dQw7agdY4=' 'sha256-L0TsyAQLAc0koby5DCbFAwFfRs9ZxesA+4xg0QDSrdI=' 'sha256-8HvL1KRq6jEwDkuVgxMDK7Gag1vnT70L0Lfoa1E3YsY=' 'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=' https://tally.so https://tracks.hackmd.io https://plausible.io; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://assets-cdn.github.com https://github.githubassets.com https://assets.hackmd.io https://www.google.com https://fonts.gstatic.com; font-src 'self' data: https://public.slidesharecdn.com https://assets.hackmd.io https://script.hotjar.com; object-src *; media-src *; frame-src *; child-src *; connect-src *; base-uri 'none'; form-action 'self' https://www.paypal.com; upgrade-insecure-requests 1
frame-ancestors https://www.ato.gov.au https://virtualassistant.ato.gov.au https://www.beta.ato.gov.au 1
default-src 'self'; script-src 'self' *.youtube.com *.googleapis.com *.googletagmanager.com 'nonce-2Jb6teNcqNCIMLURxcn5QGTcdPrzRI86'; media-src 'self' *.googleapis.com; connect-src 'self' *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com; frame-src *.google.com *.youtube.com *.culturalspot.org *.appspot.com; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline'; script-src-elem 'self' *.google.com *.gstatic.com *.youtube.com *.google-analytics.com *.googleapis.com *.googletagmanager.com 'nonce-2Jb6teNcqNCIMLURxcn5QGTcdPrzRI86'; font-src 'self' *.gstatic.com; img-src 'self' data: blob: *.googleapis.com *.ytimg.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' penguin.co.uk *.penguin.co.uk cdnjs.cloudflare.com cdn-ukwest.onetrust.com *.shorthand.com penguinrandomhouseuk.shorthandstories.com *.googleadservices.com *.googletagmanager.com *.pinimg.com *.pinterest.com *.doubleclick.net *.ads-twitter.com *.adobedtm.com therandomhousegroupltd.d3.sc.omtrdc.net *.google-analytics.com *.google.com *.gstatic.com connect.facebook.net *.tiktok.com www.dwin2.com *.riddle.com *.hotjar.com *.hotjar.io *.jotfor.ms *.jotformeu.com cdn.livefyre.com *.eventbrite.co.uk *.cloudfront.net *.newrelic.com *.nr-data.net instagram.com *.instagram.com *.twitter.com therandomhousegroupl.tt.omtrdc.net *.youtube.com *.soundcloud.com *.tiktok.com *.tiktokcdn-us.com *.ttwstatic.com https://www.everestjs.net; object-src 'self'; worker-src blob 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.tripsavvy.com 1
default-src 'self'; img-src 'self' https://www.ncsc.gov.uk/ data: https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/ blob: https://www.ncsc.gov.uk/* https://www.tapestryprod.ncscdev.co.uk/* 'unsafe-inline' https://ssl.gstatic.com/ https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com; media-src 'self' data: https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://storage.googleapis.com/ https://www.googleoptimize.com/* https://www.googleoptimize.com/ ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://storage.googleapis.com/ https://www.googleoptimize.com/ ; style-src 'self' 'unsafe-inline'  https://optimize.google.com https://tagmanager.google.com/* https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com ; connect-src 'self' https://forms.office.com/ https://*.google-analytics.com https://*.analytics.google.com www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net  https://db.cyberessentials.ncsc.gov.uk; manifest-src 'self' https://s3.eu-west-2.amazonaws.com/tapestry-content/ https://s3-eu-west-2.amazonaws.com/tapestry-content/; worker-src 'self'; frame-src 'self' https://forms.office.com/ https://optimize.google.com https://www.youtube.com/ https://www.youtube-nocookie.com  https://open.spotify.com/; object-src 'self' 1
font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; img-src 'self' www.w3.org; object-src 'none'; frame-ancestors *; report-uri https://www.opengroup.org/report-uri/enforce 1
img-src http://* https://* data: 1
frame-ancestors 'self' ruckuswireless.com www.ruckuswireless.com 192.168.1.0/24 1
default-src 'self'; style-src 'self' https://p.typekit.net; font-src 'self' https://use.typekit.net; object-src 'none' 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval', script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net https://api.userlike.com https://cdn.jsdelivr.net https://plausible.io, img-src 'self' data: https://www.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://snap.licdn.com https://www.facebook.com https://connect.facebook.net https://*.linkedin.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://cdn.jsdelivr.net, style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net, base-uri 'self', form-action 'self' 1
script-src 'self' https://ci-mpsnare.iovation.com https://mpsnare.iesnare.com; style-src 'self'; img-src 'self' data:; object-src 'none'; default-src 'self'; 1
default-src *;script-src 'unsafe-eval' 'unsafe-inline' * data:;child-src *;connect-src *;font-src * data:;form-action *;frame-src *;frame-ancestors 'self';img-src * data:;media-src *;object-src *;style-src 'unsafe-inline' * data:;upgrade-insecure-requests;block-all-mixed-content;report-uri https://yoti.report-uri.io/r/default/csp/reportOnly; 1
frame-ancestors 'self' https: https://www.databeatomni.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  weatherwidget.io *.flickr.com player.vimeo.com mun.ca www.mun.ca bat.bing.com cse.google.com www.google.com t4content.mun.ca t4content.ucs.mun.ca t4-fe2.ucs.mun.ca webstaging.mun.ca clf.mun.ca www.googletagmanager.com www.googleadservices.com www.gstatic.com googleads.g.doubleclick.net google-analytics.com analytics.twitter.com cdn.syndication.twimg.com www.google-analytics.com static.ads-twitter.com platform.twitter.com connect.facebook.net snapwidget.com streaming.citl.mun.ca ssl.p.jwpcdn.com im.citl.mun.ca www.youtube.com mun.us8.list-manage.com code.jquery.com cdn.jsdelivr.net webstaging.mun.ca bbox.blackbaudhosting.com calendar.time.ly snap.licdn.com cdn.datatables.net uk.smartthing.org c.bing.com ajax.googleapis.com; frame-ancestors 'self' *.vanillasoft.net vanillasoft.net webapps-qa.mun.ca 1
base-uri 'self'; default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.usercentrics.eu https://www.googletagmanager.com/; img-src * 'self' data: https://*.usercentrics.eu; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src; object-src 'self' https://*.usercentrics.eu; connect-src 'self' https://*.usercentrics.eu https://*.google-analytics.com; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.hsbc.com.hk:* *.walkme.com bat.bing.com *.recaptcha.net *.gstatic.cn *.biocatch.com s.yimg.com tpc.googlesyndication.com connect.facebook.net tags.tiqcdn.com www.google.com.hk www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com cdn-assets-prod.s3.amazonaws.com; img-src data: * blob: android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.com.hk:* *.walkme.com bat.bing.com *.biocatch.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk ad.doubleclick.net www.facebook.com maps.googleapis.com *.siteintercept.qualtrics.com adservice.google.com manifest.prod.boltdns.net *.brightcovecdn.com www.google.com http://127.0.0.1:5000 http://127.0.0.1:5000/* translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.google.com.hk connect.facebook.net lptag.liveperson.net accdn.lpsnmedia.net *.v.liveperson.net s.yimg.com cdn.appdynamics.com cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.walkme.com *.googletagmanager.com *.recaptcha.net www.facebook.com tpc.googlesyndication.com connect.facebook.net gateway.zscalertwo.net gateway.zscloud.net sts-aad.auth.hsbc.com lpcdn.lpsnmedia.net 8694241.fls.doubleclick.net; frame-ancestors 'self' *.liveperson.net www.hsbc.com.hk; font-src 'self' data: *.hsbc.com.hk *.walkme.com fonts.gstatic.com cdn.jsdelivr.net at.alicdn.com; worker-src 'self' blob: *.walkme.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com; object-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net ssl.gstatic.com players.brightcove.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://secure.gaug.es https://gravatar.com https://www.gravatar.com https://secure.gravatar.com https://*.fastly-insights.com https://avatars.githubusercontent.com; object-src 'none'; script-src 'self' 'sha256-03XId9zP7k8TYT0h2f3JkdRF4k1z1PCJfFFRSaxer6k=' https://secure.gaug.es https://www.fastly-insights.com 'nonce-54485018a3d0eb9d540037bf9448578f'; style-src 'self' https://fonts.googleapis.com 'nonce-54485018a3d0eb9d540037bf9448578f'; connect-src 'self' https://s3-us-west-2.amazonaws.com/rubygems-dumps/ https://*.fastly-insights.com https://fastly-insights.com https://api.github.com http://localhost:*; form-action 'self' https://github.com/login/oauth/authorize; frame-ancestors 'self'; base-uri 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub852fa3e2312391fafa5640b60784e660&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Arubygems.org%2Cversion%3Aec4541c9db9a014d20c8c6a4d83c34b4fe0c18b4%2Cenv%3Aproduction%2Ctrace_id%3A4225064985161936646 1
frame-ancestors 'self' studio.yourstory.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com.sg *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.facebook.com ajax.aspnetcdn.com www.redditstatic.com *.linkedin.com https://www.youtube.com *.bilibili.com *.youtube-nocookie.com https://player.vimeo.com https://platform.twitter.com https://w.soundcloud.com platform.tumblr.com fonts.gstatic.com kendo.cdn.telerik.com https://libapp.ntu.edu.sg https://cdn.knightlab.com https://syndication.twitter.com https://static.licdn.com https://s.ytimg.com https://publish.twitter.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js *.insight.sitefinity.com https://dec.azureedge.net/ https://*.dec.sitefinity.com https://dc.services.visualstudio.com *.mktoresp.com pbs.twimg.com platform.twitter.com munchkin.marketo.net *.eloqua.com track.hubspot.com https://i.ytimg.com netdna.bootstrapcdn.com https://nostalgic-roentgen-a5aaef.netlify.app *.cloudfront.net https://www.thinglink.com data: blob: js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org *.ntu.edu.sg https://ntu-cris-test.4science.cloud https://az416426.vo.msecnd.net/scripts/a/ai.0.js *.mapsindoors.com https://cdn.applozic.com/applozic/applozic.chat-6.1.min.js *.cognitoforms.com *.usetiful.com https://a.opmnstr.com https://snap.licdn.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net *.g.doubleclick.net badge.stumbleupon.com wss://socket2.applozic.com *.typeform.com *.omappapi.com *.hubspotusercontent40.net *.hubapi.com *.hubspot.com *.hsforms.com *.dialogflow.com walls.io *.walls.io *.surveysparrow.com app.sli.do www.pbrain.biz cdn.unibuddy.co unibuddy.co *.launchpad6.com *.hscta.net *.hscollectedforms.net *.hsforms.net *.hubspotusercontent00.net *.hubspotusercontent-na1.net *.tableau.com www.google.co.id https://analytics.tiktok.com *.accredify.io cdnjs.cloudflare.com schemata.openattestation.com www.w3.org *.comm100.com *.comm100vue.com *.comm100.io *.viewin360.co *.viziofly.com *.hs-sites.com https://popcard.unibuddy.co/ https://pages.kuula.co/ http://cdn.thinglink.me/jse/responsive.js *.sharethis.com *.dacast.com bcp.crwdcntrl.net https://ntu.imail-host.com https://polyfill.io https://cdn.jsdelivr.net *.maglr.com https://forms.office.com *.superchar.xyz https://assets.pxlecdn.com/assets/pixlee_widget_1_0_0.js https://assets.pixlee.com/assets/fp.js https://photos.pixlee.co superchar.xyz https://*.ntuinnovates.world https://ntuinnovates.world https://app-script.monsido.com https://*.doubleclick.net https://14120583.fls.doubleclick.net; 1
frame-ancestors 'self' https://*.clio.com https://cliocloudconference.com https://events1.social27.com https://kba.freestonelms.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://s7ap1.scene7.com/ https://authapp.ultimatix.net/ https://auth.ultimatix.net/ https://fonts.googleapis.com/ https://gateway.zscalerthree.net/; frame-src 'self' https://content.dionglobal.in/ https://td.doubleclick.net/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://11821448.fls.doubleclick.net/ https://gateway.on24.com/ https://s.company-target.com/ https://stories.storifyme.com/ https://www.google.com/ https://www.yputube.com/ https://gateway.zscalerthree.net/ https://www.recaptcha.net recaptcha.google.com tcs.demdex.net https://www.linkedin.com https://px.ads.linkedin.com/ https://storifyme.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.trustarc.com gateway.zscalerthree.net https://s7ap1.scene7.com https://acdn.adnxs.com https://unpkg.com/  https://www.recaptcha.net https://s.yimg.jp/ https://www.google-analytics.com https://snap.licdn.com/ https://gateway.on24.com/ https://am.yahoo.co.jp/ https://www.googleadservices.com/ https://cdn.storifyme.com/ https://storifyme.xyz/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://auth.ultimatix.net/ https://authapp.ultimatix.net/ https://www.gstatic.com/ https://assets.adobedtm.com assets.adobedtm.com/launch-ENf1df16a3f7b54565aae5a7b51c3e89ed-staging.min.js ds-aksb-a.akamaihd.net https://www.youtube.com https://play.google.com/ https://youtube.com https://www.google.com onetrust.com ajax.googleapis.com https://fonts.googleapis.com/ https://maps.googleapis.com/ platform.twitter.com https://d36cz9buwru1tt.cloudfront.net cdn.ampproject.org maxcdn.bootstrapcdn.com https://code.jquery.com/ cdn.datatables.net https://cdnjs.cloudflare.com/ https://content.dionglobal.in/ https://maxcdn.bootstrapcdn.com https://twitter.com/ https://www.linkedin.com https://px.ads.linkedin.com https://www.facebook.com/ https://connect.facebook.net/ https://www.facebook.net https://www.instagram.com/ https://www.w3.org/ sites.tcs.com https://www.googletagmanager.com tata.com tcs.com business4.tcs.com slideshare.net https://api.company-target.com/ https://tcs.tt.omtrdc.net/ tcscom.sc.omtrdc.net https://www.google.co.in googleads.g.doubleclick.net https://ogp.me/ https://sling.apache.org/ https://jcp.org/ https://www.tcs.com/partners itunes.apple.com mboxedge31.tt.omtrdc.net dpm.demdex.net cm.everesttech.net adsymptotic.com https://p.adsymptotic.com/ bid.g.doubleclick.net nasscom.in in.explara.com store.mortgagebankers.org netdna.bootstrapcdn.com static.doubleclick.net i.ytimg.com https://www.businessofapps.com/ https://www.nytimes.com/ ibegin.tcs.com icandidateuat.ultimatix.net https://ims-na1.adobelogin.com/ https://www.demandbase.com/ https://704-zbe-801.mktoresp.com/ https://744-fui-742.mktoresp.com/ smetrics.tcs.com https://cdn.cookielaw.org/ https://munchkin.marketo.net/ tag.demandbase.com apache.org schema.org code.eligrey.com github.com developer.mozilla.org scottjehl.github.io https://github.com/ https://pages.github.com/ w3c.github.io modernjavascript.blogspot.com tc39.github.io modernizr.com vimeo.com blob:; media-src 'self' https://s7ap1.scene7.com/ https://s7mbrstream-ap1.scene7.com/ data: blob:; img-src 'self' https://cm.everesttech.net/ https://authapp.ultimatix.net/ https://www.google.co.in/ https://facebook.com https://ad.doubleclick.net/ https://ib.adnxs.com https://www.facebook.com https://www.google.com/ https://googleads.g.doubleclick.net/ https://am.yahoo.co.jp/ https://auth.ultimatix.net/ https://segments.company-target.com/ https://match.prod.bidr.io/ https://pbs.twimg.com/ https://match.prod.bidr.io/ https://id.rlcdn.com/ https://maps.googleapis.com https://maps.gstatic.com https://i.ytimg.com/ https://gateway.zscalerthree.net/ https://cdn.storifyme.com/ https://www.tcs.com/ https://www.google-analytics.com https://www.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com https://dpm.demdex.net/ https://tcs.demdex.net/ smetrics.tcs.com s7ap1.scene7.com https://cdn.cookielaw.org/ data:; connect-src 'self' https://content.dionglobal.in https://tag-logger.demandbase.com/ https://facebook.com https://www.facebook.com https://pagead2.googlesyndication.com/ https://privacyportal.onetrust.com/ https://apm.yahoo.co.jp/ https://am.yahoo.co.jp/ https://cdn.linkedin.oribi.io/ https://www.linkedin.com https://geoip-js.com/ https://704-zbe-801.mktoutil.com/ https://geolocation.onetrust.com/ https://maps.googleapis.com https://privacyportaluat.onetrust.com/ https://s7mbrstream-ap1.scene7.com/ https://px.ads.linkedin.com https://www.google-analytics.com https://704-zbe-801.mktoresp.com/ https://744-fui-742.mktoresp.com/ https://assets.adobedtm.com https://api.company-target.com/ cdn.cookielaw.org tcs.tt.omtrdc.net https://dpm.demdex.net/ https://tcs.demdex.net/ onetrust.com smetrics.tcs.com storifyme.com https://cdn.storifyme.com/ https://s7ap1.scene7.com; base-uri 'none' ; object-src https://authapp.ultimatix.net https://auth.ultimatix.net; frame-ancestors 'self' ; font-src 'self' https://fonts.gstatic.com/ data: 1
base-uri https://www.mbank.pl; report-uri https://www.csp.mbank.pl; default-src 'none'; manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ad.doubleclick.net https://cdn.ampproject.org https://cdn.mbiscuit.mbank.pl https://cdn.skp.mbank.pl https://cdn.syndication.twimg.com https://connect.facebook.net https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://maps.googleapis.com https://optimize.google.com https://pagead2.googlesyndication.com https://platform.twitter.com https://r.skp.mbank.pl https://s.ytimg.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://cdn.skp.mbank.pl https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.mbank.pl; img-src 'self' data: https://*.fls.doubleclick.net https://abs.twimg.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.com https://cdn.ampproject.org https://cdn.skp.mbank.pl https://cm.g.doubleclick.net https://csi.gstatic.com https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://i.ytimg.com https://khms0.googleapis.com https://khms1.googleapis.com https://maps.googleapis.com https://maps.gstatic.com https://marketing.tr.netsalesmedia.pl https://optimize.google.com https://pbs.twimg.com https://platform.twitter.com https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://s.ytimg.com https://ssl.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.hr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.se https://www.google.sk https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.mbank.pl; font-src 'self' data: https://cdn.mbiscuit.mbank.pl https://fonts.gstatic.com https://www.mbank.pl; connect-src 'self' https://ad.doubleclick.net https://adservice.google.com https://api.mbiscuit.mbank.pl https://api.skp.mbank.pl https://cdn.ampproject.org https://cm.g.doubleclick.net https://form.axaubezpieczenia.pl https://ghmpl.hit.gemius.pl https://googleads.g.doubleclick.net https://lp.skp.mbank.pl https://maps.googleapis.com https://pagead2.googlesyndication.com https://r.skp.mbank.pl https://redirect.skp.mbank.pl https://region1.analytics.google.com https://region1.google-analytics.com https://search.interconsystems.pl https://stats.g.doubleclick.net https://syndication.twitter.com https://tagmanager.google.com https://tracker.skp.mbank.pl https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.pl https://www.googletagmanager.com https://www.mbank.pl wss://api.skp.mbank.pl wss://r.skp.mbank.pl; media-src 'self' data: https://cdn.skp.mbank.pl https://www.mbank.pl; object-src 'self' https://www.mbank.pl https://www.youtube.com; frame-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://optimize.google.com https://platform.twitter.com https://tagmanager.google.com https://tpc.googlesyndication.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; child-src 'self' https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://form.mbank.pl https://tagmanager.google.com https://www.facebook.com https://www.googletagmanager.com https://www.mbank.pl https://www.youtube.com; form-action 'self' https://form.mbank.com.pl https://form.mbank.pl https://www.mbank.pl; frame-ancestors 'self' https://www.mbank.pl; 1
frame-ancestors localhost:* 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.uz  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-pBq/Um0/qeoq+jjXphw2bxfkLkmUdf' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self' 'unsafe-inline' *.scene7.com *.marketo.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.infinity-tracking.com *.adsrvr.org *.demandbase.com *.bing.com *.google.com *.cookielaw.org *.doubleclick.net *.adobedtm.com *.everestjs.net *.clarity.ms *.marketo.com *.scene7.com *.qualtrics.com *.conductor.com *.viasat.com *.amazonaws.com qvdt3feo.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.adobedtm.com *.sftoaa.com *.everestjs.net *.invocacdn.com *.invoca.net *.marketo.net *.crazyegg.com *.licdn.com *.facebook.net viasatinc.data.adobedc.net *.raygun.io *.bizible.com siteintercept.qualtrics.com *.icat.viasat.io tags.srv.stackadapt.com  ; frame-src 'self' *.youtube.com *.marketo.com *.adsrvr.org *.facebook.com *.company-target.com *.az1.qualtrics.com *.opendns.com *.adsrvr.cn *.viasat.com *.doubleclick.net *.everesttech.net *.demdex.net *.everestjs.net *.force.com *.crazyegg.com ca-viasat-status.s3.amazonaws.com  ; img-src 'self' https: data:  ; media-src 'self' *.scene7.com  ; script-src-elem 'self' https: 'unsafe-inline'  ; connect-src 'self' 'unsafe-inline' *.demandbase.com *.infinity-tracking.net *.infinity-tracking.com *.onetrust.com *.company-target.com *.oribi.io *.clarity.ms *.scene7.com *.qualtrics.com *.facebook.com *.cookielaw.org *.everesttech.net google.com *.google.com *.google-analytics.com *.viasat.com *.doubleclick.net *.googleapis.com *.demdex.net *.omtrdc.net *.mktoresp.com *.crazyegg.com *.ads.linkedin.com cognito-identity.us-east-1.amazonaws.com sts.us-east-1.amazonaws.com dataplane.rum.us-east-1.amazonaws.com *.icat.viasat.io *.raygun.io *.bing.com *.invoca.net *.mktoutil.com tags.srv.stackadapt.com *.phonetrack.com * *.sftoaa.com  ; font-src 'self' fonts.gstatic.com *.googleapis.com *.icat.viasat.io *.typekit.net  ; style-src 'self' 'unsafe-inline' *.scene7.com *.marketo.com *.googleapis.com *.amazonaws.com *.scene7.com *.gstatic.com *.miaprova.com tags.srv.stackadapt.com  ; report-uri https://report-to-api.raygun.com/reports-csp?apikey=4uWKnPZoEmyV7vSRKJeHw report-to csp-endpoint 1
frame-ancestors 'self' https://* 1
def-src 'self' 1
frame-ancestors 'self' *.telia.ee 1
default-src *.hoka.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net d3nocrch4qti4v.cloudfront.net *.arcot.com api.v2.sprocket.bz sprocket-ping.s3.amazonaws.com assets.v2.sprocket.bz assets.sprocket.bz s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net nono-hoka.stage.onelink-translations.com cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com *.datadome.co *.captcha-delivery.com pixel.pub.lilyai.net cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com apay-up-banner.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com js.squareup.com *.squarecdn.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca google.com www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org app.midtrans.com *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com map9067.zendesk.com pod-15.zendesk.com hokaid.zendesk.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com hokaph.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.smooch.io gladly-production.sinter-collect.com chat-sdk.cdn.gladly.com *.us-1.cdn.gladly.chat *.us-1.gladly.chat chat-assets.cdn.gladly.com *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.captcha-delivery.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.hoka.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com static.rakuten.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit nono-hoka.stage.onelink-translations.com *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net *.medallia.eu www.paypalobjects.com *.kampyle.com; style-src *.hoka.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com nono-hoka.stage.onelink-translations.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io chat-sdk.cdn.gladly.com cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com assets.sprocket.bz *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.hoka.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com *.wlp-acs.com *.modirum.com *.arcot.com *.wibmo.com *.americanexpress.com *.cardinalcommerce.com *.nbg.gr *.global-e.com *.swedbank.se *.ing.de static.rakuten.com *.monext.fr *.3dsecure.no *.secure.lcl.fr *.creditmutuel.fr *.sparebank1.no *.edb.com *.3dsecure-csas.cz *.nedsecure.co.za *.secure22gw.ro *.revolut.com *.cardcomplete.com *.sparkasse.at *.acs2-3dsecure.cm-cic.com *.paylife.at *.citadele.lv *.sbanken.no *.citibank.co.in *.sibs.pt *.comdirect.de *.n26.com *.commerzbank.de *.nexigroup.com *.adyen.com *.rabobank.nl *.crqsbiacs.sbi *.rpc-raiffeisen.com *.cic.fr *.secure.dkb.de *.eewosecure.com *.secure5gw.ro *.esecure.sia.eu *.sparda.de *.fio.cz *.bunq.com *.firstdata.de *.bankmillennium.pl *.americanexpress.com.sa *.nexi.it *.gpesecure.com *.otpbank.hu *.icicibank.com *.pluscard.de *.apata.io *.redsys.es *.luminorgroup.com *.rietumu.lv *.luottokunta.fi *.rsa3dsauth.co.uk *.vinea.es *.sebkort.com *.bezpecneplatby.rb.cz *.abanca.com *.secure2gw.ro *.mercurypaymentservices.it *.securesuite.co.uk *.3dsecure-vrp.de *.slsp.sk *.moneta.cz *.borica.bg *.asseco-see.hr *.sparkassen-kreditkarten.de *.monzo.com *.mycardplace.com *.3dsecure.ing.ro *.marqeta.com *.zetacipher.io *.maybank.com.my *.mbank.cz; media-src *.hoka.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com chat-sdk.cdn.gladly.com cdn.gladly.com media.cdn.gladly.com; worker-src *.hoka.com blob: *.osano.com; child-src *.hoka.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com chat-sdk.cdn.gladly.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.securesuite.co.uk sg-3ds-vdm.wlp-acs.com *.rsa3dsauth.co.uk verify.monzo.com 3ds.redsys.es *.wlp-acs.com acs2-3dsecure.cic.fr *.cardinalcommerce.com 3ds.nexigroup.com 3dspayment.paylife.at tdschmut.monext.fr *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com cdn.dynamicyield.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.arcot.com assets.v2.sprocket.bz *.datadome.co *.captcha-delivery.com *.studentbeans.com pci-connect.squareup.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai *.medallia.eu app.midtrans.com app.collectivevoice.com *.kampyle.com; report-uri https://www.hoka.com/_/csp-reports 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' blob: 'unsafe-inline' https:; report-uri /reports/csp/uri; report-to csp-reports; 1
script-src 'nonce-KiubkBfQYRbQR52BtfyMwQ' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about_appsheet_com; base-uri 'none' 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://vodafone.it https://*.vodafone.it; 1
default-src https://*.showmax.com; form-action https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com; font-src 'self' https://*.showmax.com https://*.peacocktv.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.showmax.com https://core.spreedly.com https://assets.adobedtm.com https://*.onetrust.com https://*.ada.support https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.optimizely.com https://*.salesforceliveagent.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://showmax.data.adobedc.net https://static.ads-twitter.com https://connect.facebook.net https://www.googletagmanager.com https://analytics.tiktok.com https://*.mparticle.com https://googleads.g.doubleclick.net https://checkouttoolkit.rapyd.net https://res-odx.op-mobile.opera.com; connect-src 'self' localhost:* ws://localhost:* https://*.showmax.com https://core.spreedly.com https://*.onetrust.com https://*.ada.support https://dpm.demdex.net https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://checkoutshopper-live.adyen.com https://sas-apm.telem.prod.smax.summerott.com https://sentry.plsse.skyshowtime.com https://showmax.hb.omtrdc.net https://showmax.data.adobedc.net https://analytics.tiktok.com https://region1.analytics.google.com https://jssdks.mparticle.com https://checkouttoolkit.rapyd.net; img-src 'self' data: localhost:* https://*.showmax.com https://*.peacocktv.com https://*.ada.support https://*.onetrust.com https://checkoutshopper-live.adyen.com https://showmax.data.adobedc.net https://www.facebook.com https://ad.doubleclick.net https://t.co https://analytics.twitter.com https://px.adx.opera.com; style-src 'self' 'unsafe-inline' https://*.showmax.com https://*.ada.support https://*.onetrust.com https://*.force.com https://*.my.salesforce.com https://*.my.salesforce-sites.com; media-src 'self' data: blob: localhost:* https://*.showmax.com; frame-src bytedance: sslocal: https://core.spreedly.com https://*.showmax.com https://showmax.ada.support https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://checkoutshopper-live.adyen.com https://www.youtube.com https://td.doubleclick.net https://*.fls.doubleclick.net https://checkout.rapyd.net; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors 'self' *.freenas.org *.ixsystems.com *.ixsystems.net *.truenas.com; upgrade-insecure-requests; default-src 'self' mailto: https: 'unsafe-inline' 'unsafe-eval'; object-src 'self' https:; connect-src 'self' https:; img-src 'self' data: https: blob:; font-src 'self' data: https:; 1
frame-ancestors vanderbilt.edu/AEA 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' translate.googleapis.com certificates.webtests.com blob:; style-src 'self' 'unsafe-inline' certificates.webtests.com fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com data:; img-src 'self' certificates.webtests.com data:; object-src 'none'; report-uri https://hpage-report.uriports.com/reports/enforce 1
frame-ancestors 'self' *.purevpn.com purevpn.com *.purevpn.fr purevpn.fr *.purevpn.com.tw purevpn.com.tw *.purevpn.de purevpn.de *.streamingdigitally.com streamingdigitally.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: http://*.travp.net; font-src https: data: 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com *.seznamakce.cz www.seznamzpravy.cz admin.seznamzpravy.cz *.seznamzpravy.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.seznamzpravy.cz https://www.seznamzpravy.cz 1
default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.symantec.com analytics.po.st po.st *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.ads-twitter.com pactsafe.io *.webcollage.net *.ziftsolutions.com *.simpli.fi *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.adsrvr.org *.dotomi.com blob: *.flixsyndication.net data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.spexlive.net *.gstatic.com *.leadsrx.com *.turnto.com *.licdn.com *.hs-scripts.com *.ispot.tv *.youvisit.com *.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.stackadapt.com *.zemanta.com *.botframework.com *.administrateweblink.com *.stripe.com *.pactsafe.io *.peerspot.com *.sketchfab.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.needle.com *.googleapis.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net *.flixcar.com *.easy2.com *.amazonaws.com *.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.spexlive.net *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.stackadapt.com *.administrateweblink.com *.stripe.com *.sketchfab.com;img-src 'self' *.cdw.com *.qualtrics.com *.optimizely.com *.needle.com *.liadm.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.symantec.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com *.twitter.com *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com *.insightexpressai.com *.bluekai.com k.intellitxt.com *.everesttech.net *.adnxs.com ads.yahoo.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com *.twitter.com p.adsymptotic.com *.adsrvr.org um.simpli.fi data: *.dotomi.com *.flixsyndication.net liveintent.com *.adobe.com *.sc.omtrdc.net *.spexlive.net *.windows.net *.edgecastcdn.net *.licdn.com *.ispot.tv *.youvisit.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.mediaiqdigital.com *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.mintigo.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.stackadapt.com *.zemanta.com *.pactsafe.io *.administratehq.com *.peerspot.com *.sketchfab.com;frame-src 'self' *.cdw.com *.qualtrics.com *.hotjar.com *.needle.com *.liadm.com *.doubleclick.net *.symantec.com *.cnetcontent.com *.cnetcontentsolutions.com *.google.com *.twitter.com *.justuno.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com *.flixcar.com *.easy2.com *.facebook.com *.rlcdn.com *.cloudfront.net rs.gwallet.com *.cdwemail.com www.emjcd.com *.dotomi.com *.kingston.com *.flixsyndication.net *.adobe.com *.hotjar.io *.spexlive.net *.swcontentsyndication.com *.cisco.com *.exct.net *.youvisit.com *.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net *.se.com *.administrateweblink.com *.stripe.com *.sketchfab.com;font-src * data:;connect-src 'self' *.cdw.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.liadm.com *.demandbase.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.symantec.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net *.twitter.com *.company-target.com *.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.spexlive.net *.leadsrx.com *.turnto.com *.ispot.tv *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.adroll.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.stackadapt.com *.botframework.com wss://*.botframework.com *.administrateweblink.com *.pactsafe.io *.administratehq.com *.sketchfab.com p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net *.flixfacts.com *.youtube.com blob: *.flixsyndication.net *.spexlive.net *.youvisit.com *.syndigo.com *.syndigo.cloud *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob:; 1
frame-ancestors 'self' https://mtt.avp.tech; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.de https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.de https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.awin1.com https://*.tealiumiq.com https://*.doubleclick.net;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.de  https://smetrics.vwfs.de https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.de https://*.tiqcdn.com https://*.tealiumiq.com;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.de https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.de https://smetrics.vwfs.de https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com https://*.tealiumiq.com https://*.doubleclick.net;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov *.e.internal.r1s-prod.com 'self' blob: ; script-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://recaptcha.net https://*.mapbox.com https://mapbox.com https://*.gstatic.com https://*.dialogflow.com https://dialogflow.cloud.google.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://*.kampyle.com https://*.medallia.com https://www.google.com/recaptcha/ https://connect.facebook.net https://*.sharethis.com https://www.ssa.gov https://*.hotjar.com https://*.hotjar.io https://bugcrowd.com https://*.bugcrowdusercontent.com https://unpkg.com/web-vitals@0.2.4/dist/web-vitals.es5.umd.min.js  'unsafe-eval' 'unsafe-inline' https://prs.payments.r1s-prod.com https://applepay.cdn-apple.com/jsapi/v1/apple-pay-sdk.js https://global.localizecdn.com:*; style-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://use.fontawesome.com https://*.mapbox.com https://mapbox.com https://fonts.googleapis.com https://tagmanager.google.com https://*.kampyle.com https://*.medallia.com https://*.googletagmanager.com 'unsafe-inline' https://*.hotjar.com 'unsafe-inline' ; img-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://cdn.recreation.gov https://stats.g.doubleclick.net https://recaptcha.net https://*.mapbox.com https://mapbox.com https://browser-update.org https://*.gstatic.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://ridb.recreation.gov https://fs.usda.gov https://www.fs.usda.gov https://*.googleusercontent.com https://www.googletagmanager.com https://www.google.com https://google.com https://*.kampyle.com https://*.medallia.com https://*.sharethis.com https://*.hotjar.com https://*.hotjar.io https://global.localizecdn.com:* https://*.servicenowservices.com 'self' data: blob: ; media-src https://www.fs.usda.gov https://www.blm.gov https://www.nps.gov https://www.youtube.com https://youtu.be 'self' ; font-src https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov https://fonts.gstatic.com https://use.fontawesome.com https://*.kampyle.com https://*.medallia.com https://*.hotjar.com https://*.hotjar.io https://applepay.cdn-apple.com; connect-src https://recreation.gov https://*.recreation.gov  https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.servicenowservices.com https://stats.g.doubleclick.net https://cdn.recreation.gov https://*.mapbox.com https://mapbox.com https://freegeoip.net https://*.launchdarkly.com https://*.dialogflow.com https://dialogflow.cloud.google.com https://*.kampyle.com https://*.medallia.com https://*.sharethis.com https://data.stbuttons.click https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com 'self' https://prs.payments.r1s-prod.com https://global.localizecdn.com:*; object-src 'self' blob: ; worker-src https://www.fs.usda.gov https://www.blm.gov https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://www.google.com https://google.com 'self' blob: ; frame-src https://www.fs.usda.gov https://www.blm.gov https://www.nps.gov https://www.youtube.com https://youtube.com https://youtu.be https://www.google.com https://google.com https://tagmanager.google.com https://www.googletagmanager.com https://*.consensu.org https://*.kampyle.com https://*.medallia.com https://*.hotjar.com https://*.hotjar.io https://bugcrowd.com https://recreation.gov https://*.recreation.gov https://cdn.recreation.gov 'self' blob: ; frame-ancestors 'self' https://www.fs.usda.gov https://www.blm.gov https://www.nps.gov https://cdn.recreation.gov https://bugcrowd.com; 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-eed3671f-1879-48c3-8d1b-928c3f884acc' https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-eed3671f-1879-48c3-8d1b-928c3f884acc' https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src-elem 'self' 'nonce-eed3671f-1879-48c3-8d1b-928c3f884acc' https://transcend-cdn.com 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src 'self' 'nonce-eed3671f-1879-48c3-8d1b-928c3f884acc' https://transcend-cdn.com 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://transcend-cdn.com; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync-transcend-cdn.com https://www.figma.com; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: *; report-uri /actions/csp/report; report-to csp-endpoint 1
script-src 'sha256-h2OfX+95DgDhMNpD17wQYK2nzdHMo8RXbpIwW0VAtDQ=' 'self' www.tiktok.com lf16-tiktok-web.ttwstatic.com *.twitter.com 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' pagead2.googlesyndication.com googleads.g.doubleclick.net 'self' 'unsafe-eval' 'nonce-csp-script-inline' polyfill.io *.madcat.tv *.trovo.live astatic.trovocdn.net connect.facebook.net 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-G5gTuBIY0B0A928ho6zDtB8xjEJUVQzb8RILYuCebLE=' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.gtimg.cn websdk.appsflyer.com h.online-metrix.net dev.api.unipay.qq.com *.midasbuy.com guigu.singaporepaya.com cdn.midasbuy.com imasdk.googleapis.com securepubads.g.doubleclick.net yandex.ru yastatic.net; style-src 'self' 'unsafe-inline' *.madcat.tv *.trovo.live astatic.trovocdn.net lf16-tiktok-web.ttwstatic.com; worker-src 'self' 'unsafe-eval' *.trovo.live astatic.trovocdn.net *.madcat.tv connect.facebook.net blob: www.google.com; connect-src * 'self' data: blob:; media-src * blob: data: 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-eV87bC7CZwUkufNw6fjgLQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' data: *.aldi-international.com *.omtrdc.net *.demdex.net *.gstatic.com ws.sessioncam.com *.doubleclick.net assets.adobedtm.com *.everesttech.net *.pinterest.com; form-action 'self' *.snapchat.com *.facebook.com; frame-ancestors 'self' *.adobe.com help.aldi.us zx9mwudjzwjilqb68f4y.us.prod.ci-aldi.com account.aldi.us; frame-src 'self' data: blob: www.google.com *.facebook.com *.twitter.com g.jwpsrv.com www.youtube.com platform.liquidus.net app.nexuspublications.com.au cpc.elettershop.de live.tourdash.com wbiprod.storedvalue.com *.aldi-international.com tpc.googlesyndication.com home-c4.incontact.com *.demdex.net *.adobe-campaign.com *.adobe.com *.snapchat.com *.pinterest.com *.doubleclick.net *.pinterest.de account.aldi.us *.hotjar.com insight.adsrvr.org match.adsrvr.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.aldi-international.com www.googletagmanager.com *.pinterest.com *.facebook.com *.twitter.com *.ytimg.com *.aldi-sued.com www.googleadservices.com platform.liquidus.net www.yellowmap.de ssl.p.jwpcdn.com www.youtube.com *.cloudfront.net ws.sessioncam.com tpc.googlesyndication.com *.facebook.net *.google.com *.google.de home-c4.incontact.com assets.adobedtm.com *.omtrdc.net *.everesttech.net sc-static.net activitymap.adobe.com *.doubleclick.net *.pinimg.com *.everestjs.net *.demdex.net cm.everesttech.net *.cookielaw.org *.onetrust.com *.snapchat.com *.hotjar.com analytics.tiktok.com js.adsrvr.org; style-src 'self' 'unsafe-inline' *.aldi-international.com *.tt.omtrdc.net *.adobe.com *.cookielaw.org *.onetrust.com; img-src 'self' https: data: *.demdex.net cm.everesttech.net assets.adobedtm.com *.cookielaw.org *.onetrust.com www.googletagmanager.com analytics.tiktok.com; object-src 'self'; connect-src 'self' https: *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.everesttech.net assets.adobedtm.com ws.sessioncam.com *.snapchat.com *.pinterest.com *.cookielaw.org *.onetrust.com *.hotjar.io *.hotjar.com wss://*.hotjar.com analytics.tiktok.com; report-uri /CspReportLogger.php; 1
frame-ancestors 'self' chrome-extension://nngceckbapebfimnlniiiahkandclblb chrome-extension://jbkfoedolllekgbhcbcoahefnbanhhlh moz-extension://* ; 1
default-src 'self'; base-uri 'self' https:; child-src 'self' https:; connect-src 'self' https: wss:; font-src http: https: 'self' data:; form-action 'self' https:; frame-ancestors http://*.yardbarker.com; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' blob: https:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' http: https: 'self'; upgrade-insecure-requests; worker-src 'self' blob: https://*.sendtonews.com https://*.modxcloud.com 1
frame-ancestors https://*.dnevnik.hr https://beta-showbuzz.dnevnik.hr https://dnevnik.hr 1
default-src 'none'; base-uri 'none'; img-src 'self' https:; style-src 'self'; font-src 'self'; connect-src 'self'; script-src 'nonce-H212XI+pfMQWDvw9BOrGIf43RLOMPM3qY6QE6FvjX3gGVwu3' 1
style-src 'unsafe-inline' 'self' *; font-src 'self' * data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *; object-src 'self' *; frame-src 'self' *; connect-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *; 1
default-src data: https://* http://*; script-src 'unsafe-inline' 'unsafe-eval' https: http: data:; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://* http://* 'unsafe-inline'; script-src-elem 'self' https://* http://* 'unsafe-inline'; font-src data: https://* http://*; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' blob: 'unsafe-inline' https://*.cloudfront.net https://*.google-analytics.com https://tags.tiqcdn.com https://app.gotowebinar.com 'unsafe-eval' https://www.youtube.com https://www.google.com https://www.gstatic.com https://s.ytimg.com https://api.swiftype.com https://my.nanorep.com https://logmeinsupport.nanorep.co/ https://s3.amazonaws.com/scripts-clickmeter-com/js/pixelNew.js https://ssl.p.jwpcdn.com https://support.logmeininc.com/assets/scripts/libs/plugins/lscache.min.js https://assets.cdngetgo.com https://www.googleapis.com https://api.microsofttranslator.com https://*.boldchat.com https://www.googletagmanager.com https://sjs.bizographics.com https://www.googleadservices.com https://connect.facebook.net https://c.pmsrv.co https://d.impactradius-event.com https://cdnssl.clicktale.net https://pixel.pmsrv.co https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://getgo.app.box.com https://cl.qualaroo.com https://tag.demandbase.com https://s.yimg.com https://sp.analytics.yahoo.com https://*.qualtrics.com https://support.logmeininc.com https://munchkin.marketo.net https://bat.bing.com https://demandpro.iljmp.com https://vidassets.terminus.services https://js.adsrvr.org https://cdnjs.cloudflare.com https://partner.stage.aur.goto.com  https://partner.goto.com  https://*.app.khoros.com https://*.smooch.io https://*.app.lithium.com https://netdna.bootstrapcdn.com https://support.goto.com https://static.cloud.coveo.com https://platform.cloud.coveo.com https://*.coveo.com/ https://getgo-bsp.s3.amazonaws.com/just-validate-3.8.1.production.min.js https://getgo-bsp.s3.amazonaws.com/just-validate-3.8.1.production.ie.min.js https://feedback.goto.com https://feedback-us.app.khoros.com/ https://*.google-analytics.com https://*.dante-ai.com/ https://*.trustarc.com/ https://*.clarity.ms/ https://*.google.com/; img-src 'self' https://*.cloudfront.net https://*.google-analytics.com https://citrixsaas.d1.sc.omtrdc.net https://img.youtube.com data: https://jwpltx.com https://assets.cdngetgo.com https://avatars.servers.getgo.com https://s3.amazonaws.com https://lmi.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://*.boldchat.com https://logmeinsupport.nanorep.co https://nr1.s3.amazonaws.com https://*.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://pixel.pmsrv.co https://www.googletagmanager.com https://static1.squarespace.com https://www.grasshopper.com https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://avatarsed1.serversdev.getgo.com https://*.qualtrics.com https://j.mrpdata.net https://logmeincdn.azureedge.net https://bat.bing.com https://i.ytimg.com https://match.adsrvr.org https://vidassets.terminus.services https://c.clicktale.net https://sp.analytics.yahoo.com  https://conductor.clicktale.net https://www.google.com https://www.google.com.gt https://www.google.hu https://*.app.khoros.com https://*.gravatar.com https://*.googleapis.com https://static.cloud.coveo.com https://*.coveo.com/ https://feedback.goto.com/  https://feedback-us.app.khoros.com/ https://*.google-analytics.com https://*.dante-ai.com/ https://*.trustarc.com/ https://*.clarity.ms/ https://*.google.com/; connect-src 'self' https://www.google-analytics.com https://s3.amazonaws.com https://telemetry.servers.getgo.com https://ggc-gateway-prod.servers.getgo.com https://iam.servers.getgo.com https://dpm.demdex.net https://lmi.sc.omtrdc.net/ https://citrixsaas.dt.sc.omtrdc.net https://omahaproxy.appspot.com/all.json https://product-details.mozilla.org https://citrixsaas.d1.sc.omtrdc.net https://livechat.boldchat.com https://authentication.logmeininc.com/ https://*.mktoresp.com https://ing-district.clicktale.net https://stats.g.doubleclick.net https://logmeinsupport.nanorep.co https://prod.getgo.psdops.com/ https://api.company-target.com https://s.yimg.com https://conductor.clicktale.net https://*.qualtrics.com https://support.logmeininc.com https://vms.boldchat.com wss://websocket.bold360.com https://visitor-services.boldchat.com https://insight.adsrvr.org https://telemetrystage.servers.getgo.com https://*.serversdev.getgo.com https://*.clicktale.net https://www.goto.com https://admin.lastpass.com https://auth.lastpass.com https://dpm.demdex.net https://auth-rc.dev.lastpass.com https://visitor-services.nanorep.com https://*.app.khoros.com https://proactive-chat-server-us.prod.aws.lcloud.com https://*.smooch.io wss://api.smooch.io/faye https://*.app.lithium.com https://netdna.bootstrapcdn.com https://support.goto.com https://platform.cloud.coveo.com  https://analytics.cloud.coveo.com  https://*.coveo.com/ https://www.goto.com/api/geoip/getcountry https://support.grasshopper.com https://cloudflare.com/cdn-cgi/trace https://feedback.goto.com data: https://feedback-us.app.khoros.com/ https://*.google-analytics.com https://*.usw2.khoros.com wss://*.usw2.khoros.com ssl://*.usw2.khoros.com:8883 https://*.aws.lcloud.com https://*.googlesyndication.com/ https://*.dante-ai.com/ https://*.trustarc.com/ https://*.clarity.ms/ https://*.google.com/; style-src 'self' 'unsafe-inline' https://*.cloudfront.net https://fonts.googleapis.com https://assets.cdngetgo.com https://*.qualtrics.com https://*.app.khoros.com https://*.app.lithium.com https://static.cloud.coveo.com https://*.coveo.com/ https://*.dante-ai.com/ https://*.trustarc.com/ https://*.google.com/ https://feedback.goto.com/ ; frame-src 'self' https://www.google.com https://www.youtube.com/ https://logmeinsupport.nanorep.co/ https://pixel.watch/ https://s3.amazonaws.com/ https://lmi.demdex.net/ https://www.youtube-nocookie.com/ https://bid.g.doubleclick.net https://getgo.app.box.com https://dnt.qualaroo.com https://api.boldchat.com https://*.fls.doubleclick.net https://dntcl.qualaroo.com https://*.qualtrics.com https://www.facebook.com https://support.logmeininc.com https://feedback.goto.com https://*.siteintercept.qualtrics.com https://support.goto.com https://search.cloud.coveo.com https://*.coveo.com/ https://join.gotoresolve.com/ https://feedback-us.app.khoros.com/ https://*.dante-ai.com/ https://*.trustarc.com/ https://*.google.com/; child-src 'self' https://www.google.com https://www.youtube.com/ https://logmeinsupport.nanorep.co/ https://pixel.watch/ https://s3.amazonaws.com/ blob: https://feedback.goto.com/ ; font-src 'self' https://*.cloudfront.net https://fonts.gstatic.com data: https://ssl.p.jwpcdn.com https://assets.cdngetgo.com https://*.qualtrics.com https://*.app.khoros.com https://*.app.lithium.com https://*.coveo.com/ https://*.dante-ai.com/ https://*.trustarc.com/ https://*.google.com/ https://feedback.goto.com/ ; object-src 'none'; media-src 'self' blob: data: https://logmeinsupport.nanorep.co https://*.app.khoros.com https://*.app.lithium.com https://*.trustarc.com/ https://*.google.com/ https://feedback.goto.com/ ; 1
frame-ancestors 'self' btprt.dj snip.ly 1
sandbox; default-src 'unsafe-inline' data:; script-src 'none' 1
frame-ancestors 'self' *.intranet *.uolinc.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://emergencysavings.axisbank.com *.axisbank.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api https://www.youtube.com/ https://youtu.be/ platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://*.msecnd.net/ https://*.lemnisk.co https://mu-ax-s.lemnisk.co https://cdn12-s.lemnisk.co https://cdn25-s.lemnisk.co https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com https://axisbank.demdex.net https://axisbank.demdex.com https://mu-pl-s.lemnisk.co https://*.adobedtm.com *.vizury.com https://snap.licdn.com/ https://4714706.fls.doubleclick.net/ https://cdn.linkedin.oribi.io/partner/2739201/domain/axisbank.com/token https://px.ads.linkedin.com/collect *.notifyvisitors.com wss://*.notifyvisitors.com https://*.cloudfront.net https://smartsearch.senseforth.com/; style-src 'self' 'unsafe-inline' https://emergencysavings.axisbank.com *.axisbank.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://*.lemnisk.co https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.notifyvisitors.com https://smartsearch.senseforth.com/; img-src 'self' *.notifyvisitors.com https://emergencysavings.axisbank.com https://www.google.co.in www.google.com *.google.com https://www.google.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net *.doubleclick.net *.vizury.com *.lemnisk.co *.axisbank.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://px.ads.linkedin.com/collect https://4714706.fls.doubleclick.net/ https://smartsearch.senseforth.com/ https://img.youtube.com/ https://youtube.com/; font-src 'self' https://emergencysavings.axisbank.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net https://*.axisbank.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.notifyvisitors.com https://smartsearch.senseforth.com/ data:; connect-src 'self' *.notifyvisitors.com https://emergencysavings.axisbank.com *.axisbank.com  https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net accounts.google.com https://stats.g.doubleclick.net/ https://ilsmartsearch.search.windows.net https://search-index-uat.search.windows.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com wss://nb-s.lemnisk.co https://*.lemnisk.co https://*.demdex.net https://axisbank.tt.omtrdc.net https://cdn12-s.lemnisk.co https://cdn25-s.lemnisk.co https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com https://axisbank.demdex.net https://mu-pl-s.lemnisk.co https://assets.adobedtm.com https://axisbank.demdex.net https://*.visualstudio.com https://cdn.linkedin.oribi.io/partner/2739201/domain/axisbank.com/token https://smartsearch.senseforth.com/ wss://speech.senseforth.com/transcribe; media-src 'self' *.notifyvisitors.com data: blob:; child-src 'self' https://emergencysavings.axisbank.com https://application.axisbank.co.in *.axisbank.co.in https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net *.axisbank.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.notifyvisitors.com https://smartsearch.senseforth.com/; frame-src 'self' https://c4c.phonon.in/ https://www.youtube.com https://www.emergencysavings.axisbank.com https://mboxedge31.tt.omtrdc.net https://s7ap1.scene7.com/ *.tt.omtrdc.net https://*.lemnisk.co https://*.demdex.net https://*.axisbank.co.in https://ai.axisbank.co.in/morfeuswebsdk https://axisbank.demdex.net https://application.axisbank.co.in https://branch.axisbank.com https://mu-pl-s.lemnisk.co https://platform.twitter.com https://chatbot.axisbank.com/ http://fip.staging.axisb.com https://4714706.fls.doubleclick.net/ *.notifyvisitors.com https://smartsearch.senseforth.com/ https://www.youtube.com/ https://youtu.be; 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ;   report-uri https://odin.snapcomms.net:445; upgrade-insecure-requests 1
default-src 'self' *.ok.ru  blob:; script-src st.mycdn.me *.tamtam.chat tamtam.chat mc.yandex.ru mc.yandex.md yastatic.net *.googletagmanager.com *.google-analytics.com top-fwz1.mail.ru 'self' blob: 'unsafe-eval' 'unsafe-inline'; style-src *.tamtam.chat 'unsafe-inline'; img-src tamtam.chat api.mapbox.com *.mycdn.me *.vkusercdn.ru *.okcdn.ru *.ok.ru *.tamtam.chat *.tenor.com/ mc.yandex.ru mc.yandex.md mc.yandex.com yastatic.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.ytimg.com top-fwz1.mail.ru blob: data: 'self'; connect-src tamtam.chat *.tamtam.chat wss://*.tamtam.chat *.mycdn.me *.vkuser.net ok.ru *.ok.ru *.mapbox.com *.tenor.com api.ipdata.co mc.yandex.ru mc.yandex.md mc.yandex.com *.google-analytics.com *.doubleclick.net top-fwz1.mail.ru 'self' blob: data:; media-src *.tamtam.chat *.mycdn.me *.vkusercdn.ru *.okcdn.ru *.ok.ru *.vkuser.net *.tenor.com blob: data:; child-src blob: mc.yandex.ru mc.yandex.md mc.yandex.com; frame-src tamtam.chat *.tamtam.chat *.ok.ru ok.ru mc.yandex.ru mc.yandex.com mc.yandex.md youtube.com *.youtube.com coub.com vk.com *.vk.com vk.ru *.vk.ru blob:; font-src * data: blob:; worker-src blob: 'self'; frame-ancestors 'self' *.ok.ru; report-uri /csp/report; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:;media-src blob: https:;upgrade-insecure-requests 1
connect-src 'self' https://stats.g.doubleclick.net https://ampcid.google.com https://adservice.google.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://api-assets-manager.abtasty.com https://api2.abtasty.com https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://try.abtasty.com https://widgets.abtasty.com https://in.api4load.net https://prf.audiencemanager.de https://bat.bing.com https://f.clarity.ms https://g.clarity.ms https://k.clarity.ms https://www.clarity.ms https://cdn.cookielaw.org https://bam.nr-data.net https://bam-cell.nr-data.net https://www.facebook.com https://chat-eu.freshdesk.com https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://o2.mouseflow.com https://privacyportal-eu.onetrust.com https://vimeo.com wss://chat-eu.freshdesk.com https://cdn.linkedin.oribi.io https://eu.mouseflow.com https://ct.pinterest.com https://sockjs-eu.pusher.com https://sock57-eu.pusher.com wss://ws-eu.pusher.com https://ws.sessioncam.com https://b.ws.sessioncam.com https://tr.snapchat.com https://assetscdn.stackla.com https://web-assets.stackla.com https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://cookiee1.veinteractive.com https://dtrc.veinteractive.com https://sessionapi.veinteractive.com https://id.siteimprove.com https://my2.siteimprove.com; default-src 'self' ; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://common-fonts.abtasty.com https://static3.avast.com https://use.fontawesome.com https://280841640230733.eu.webpush.freshchat.com https://assetscdn.stackla.com https://maxcdn.bootstrapcdn.com https://cdn.mouseflow.com http://rtr.tolunastart.com; frame-src 'self' ms-appx-web: https://embed.acast.com https://cp.bhf.org.uk https://extras.bhf.org.uk https://embed.podcasts.apple.com https://www.typeform.com https://bid.g.doubleclick.net https://cm.g.doubleclick.net https://8233349.fls.doubleclick.net https://8455068.fls.doubleclick.net https://optimize.google.com https://tpc.googlesyndication.com https://www.youtube.com https://www.google.com gsa://onpageload https://qa-assistant.abtasty.com https://player.acast.com https://track.adform.net https://match.adsrvr.org https://insight.adsrvr.org https://aax-eu.amazon-adsystem.com https://www.audiencemanager.de https://www.boombox.com https://view.ceros.com https://www.facebook.com https://flo.uri.sh https://wchat.eu.freshchat.com https://280841640230733.eu.webpush.freshchat.com https://graphs.healthlumen.com https://www.ons.gov.uk https://irewind.com https://cdn.knightlab.com https://zswpmanager.wip.mmc.com https://assets.nhs.uk https://net.ootil.fr https://public.tableau.com https://digital19.typeform.com https://ct.pinterest.com https://www.pinterest.co.uk https://www.pinterest.com https://dntcl.qualaroo.com https://app.qzzr.com https://www.qzzr.com https://a.rfihub.com https://20782797p.rfihub.com https://20782800p.rfihub.com https://20782816p.rfihub.com https://20782822p.rfihub.com https://20798315p.rfihub.com https://20798316p.rfihub.com https://20798319p.rfihub.com https://20782802p.rfihub.com https://20782821p.rfihub.com https://20822326p.rfihub.com https://20823015p.rfihub.com https://20823018p.rfihub.com https://www.riddle.com https://my2.siteimprove.com https://support.siteimprove.com https://tr.snapchat.com https://w.soundcloud.com https://widget.stackla.com https://widget.trustpilot.com/ https://player.vimeo.com https://www.vimeo.com https://vimeo.com https://embed.wirewax.com https://config1.veinteractive.com https://help.siteimprove.com https://siteimprove-org.myfreshworks.com https://www.youtube-nocookie.com; img-src 'self' data: https://cp.bhf.org.uk https://live.bhf.org.uk https://i.vimeocdn.com https://8455068.fls.doubleclick.net https://ad.doubleclick.net https://cm.g.doubleclick.net https://googleads.g.doubleclick.net https://pubads.g.doubleclick.net https://stats.g.doubleclick.net https://adservice.google.com https://www.google-analytics.com https://maps.googleapis.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://analytics.google.com https://optimize.google.com https://play.google.com https://www.google.com https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.nz https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.au https://www.google.com.br https://www.google.com.cy https://www.google.com.eg https://www.google.com.et https://www.google.com.mm https://www.google.com.ng https://www.google.com.sg https://www.google.ae https://www.google.be https://www.google.bf https://www.google.ca https://www.google.de https://www.google.es https://www.google.fr https://www.google.gr https://www.google.ie https://www.google.nl https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.tt https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://img.youtube.com https://www.youtube.com https://i.ytimg.com https://796129.global.siteimproveanalytics.io https://assets-manager.abtasty.com https://editor-assets.abtasty.com https://teddytor.abtasty.com https://c5.adalyser.com https://ib.adnxs.com https://s3.amazonaws.com https://tools.applemediaservices.com https://cx.atdmt.com https://www.audiencemanager.de https://prf.audiencemanager.de https://ads.avct.cloud https://x.bidswitch.net https://bat.bing.com https://c.bing.com https://scontent-iad3-1.cdninstagram.com https://scontent-syd2-1.cdninstagram.com https://c.clarity.ms https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://dpm.demdex.net https://e1.emxdgt.com https://connect.facebook.net https://www.facebook.com https://public.flourish.studio https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://gorentoys.net https://assets.hu-production.be https://images.hu-production.be https://www.linkedin.com https://px.ads.linkedin.com https://twemoji.maxcdn.com https://i5uzp6l0.micpn.com https://zswpmanager.wip.mmc.com https://eu.mouseflow.com https://flask.nextdoor.com https://bam.nr-data.net https://ct.pinterest.com https://pixel.quantserve.com https://idsync.rlcdn.com https://ws.sessioncam.com https://assetscdn.stackla.com https://web-assets.stackla.com https://uploads-cdn.stackla.com https://t.co https://trc.taboola.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://collector-31032.tvsquared.com https://analytics.twitter.com https://gjtrack.ucweb.com https://cookiee1.veinteractive.com https://a.volvelle.tech; media-src 'self' https://ssl.gstatic.com https://download-video.akamaized.net https://dop9av6nvryqq.cloudfront.net https://player.vimeo.com; script-src 'self' 'unsafe-inline'  'unsafe-eval'  blob: data: https://cp.bhf.org.uk https://live.bhf.org.uk https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://tagmanager.google.com https://www.google.co.uk https://www.google.com https://www.googleoptimize.com https://www.youtube.com https://s.ytimg.com https://www.gstatic.com https://qa-assistant.abtasty.com https://teddytor.abtasty.com https://try.abtasty.com https://s2.adform.net https://track.adform.net https://c5.adalyser.com https://js.adsrvr.org https://static.ads-twitter.com https://s3.amazonaws.com https://s3-us-west-2.amazonaws.com https://cdn.audiencemanager.de https://prf.audiencemanager.de https://ads.avct.cloud https://ads.avocet.io https://bat.bing.com https://sjs.bizographics.com https://b.clarity.ms https://d.clarity.ms https://f.clarity.ms https://g.clarity.ms https://i.clarity.ms https://www.clarity.ms https://cdnjs.cloudflare.com https://d2oh4tlt9mrke9.cloudfront.net https://d3alqb8vzo7fun.cloudfront.net https://dfgmr6l6mkcrn.cloudfront.net https://cdn.cookielaw.org https://connect.facebook.net https://public.flourish.studio https://chat-eu.freshdesk.com https://wchat.eu.freshchat.com https://report.bhf.gbqofs.io https://cdn.gbqofs.com https://assets.healthunlocked.com https://healthunlocked.com https://wusote.hirizasune.com https://assets.hu-production.be https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://i5uzp6l0.micpn.com https://cdn.mouseflow.com https://ads.nextdoor.com https://ads.nextdoor-test.com https://assets.nhs.uk https://ls.northchaddertonschool.co.uk https://z.moatads.com https://eu.mouseflow.com https://secure.myshopcouponmac.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.oracle.com https://quantcast.com https://quantcount.com https://edge.quantserve.com https://secure.quantserve.com https://eu.questionpro.com https://s.pinimg.com https://services.postcodeanywhere.co.uk https://timeline51-clientstats1.pusher.com https://js.pusher.com https://stats.pusher.com https://rules.quantcount.com https://ws.sessioncam.com https://tr.snapchat.com https://public.tableau.com https://auth.iws-hybrid.trendmicro.com https://turbo.qualaroo.com https://a.rfihub.com https://c1.rfihub.net https://sc-static.net https://siteimproveanalytics.com https://assetscdn.stackla.com https://goconnect.stackla.com https://widget.trustpilot.com https://collector-31032.tvsquared.com https://analytics.twitter.com https://use.typekit.net https://config1.veinteractive.com https://player.vimeo.com https://sp.analytics.yahoo.com https://s.yimg.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com http://rtr.tolunastart.com https://cdn.siteimprove.net; style-src 'self' 'unsafe-inline'  'unsafe-eval'  https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://common-fonts.abtasty.com https://teddytor.abtasty.com https://cdnjs.cloudflare.com https://dfgmr6l6mkcrn.cloudfront.net https://use.fontawesome.com https://wchat.eu.freshchat.com https://cdn.mouseflow.com https://net.ootil.fr https://assetscdn.stackla.com https://cloud.typography.com https://vjs.zencdn.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net; 1
frame-src 'self' view.ceros.com *.tinypass.com centaurpublications.demdex.net *.youtube.com *.vimeo.com platform.twitter.com *.infogram.com *.instagram.com *.facebook.com *.tiktok.com vine.co; frame-ancestors 'self' pi.pardot.com biogen-preprod.plateau.com biogen.plateau.com hcm12preview.sapsf.eu performancemanager5.successfactors.eu;upgrade-insecure-requests;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' view.ceros.com *.googletagservices.com ajax.googleapis.com s3.eu-central-1.amazonaws.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com *.everesttech.net *.demdex.net aka-cdn.adtech.de assets.adobedtm.com connect.facebook.net  cdn.brandmetrics.com cdn.cookielaw.org cdn.cxense.com *.twitter.com cdnjs.cloudflare.com *.tinypass.com commerce.adobedtm.com *.infogram.com f.vimeocdn.com graph.facebook.com googletagmanager.com go.econsultancy.com js.facebook.com player.vimeo.com pi.pardot.com *.linkedin.com rum-static.pingdom.net *.licdn.com tagmanager.google.com use.typekit.net www.vimeo.com www.googletagmanager.com www.instagram.com www.tiktok.com *.ttwstatic.com v.cdn.vine.co; style-src 'self' 'report-sample' 'unsafe-inline' s3.eu-central-1.amazonaws.com *.typekit.net *.google.com *.licdn.com cdnjs.cloudflare.com fonts.googleapis.com www.googletagmanager.com *.ttwstatic.com; object-src *.googlesyndication.com;child-src 'self' blob: *.everesttech.net *.demdex.net *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net www.googletagmanager.com;base-uri 'self';form-action 'self' go.pardot.com *.google.com *.facebook.com connect.facebook.net;worker-src 'self' blob: www.google.com; report-uri https://2a5a1a5a22eb6df3d2373c9425ca7542.report-uri.com/r/d/csp/enforce 1
frame-ancestors https://blog.sherwin-williams.com https://www.sherwin-williams.com https://*.sherwin-williams.com 1
default-src 'self' *; img-src * data:; media-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
default-src 'none';  base-uri 'self'; report-uri /csp-report/;  frame-ancestors 'self' https://*.barclays.co.uk https://*.uk.barclays;  script-src 'self' 'unsafe-eval' 'unsafe-inline' tags.tiqcdn.com collect.tealiumiq.com beacon.krxd.net cdn.krxd.net consumer.krxd.net gateway.answerscloud.com s.go-mpulse.net www.media.barclays.co.uk maps.googleapis.com www.google.com www.gstatic.com api.travelex.net resources.barclays.co.uk barclaysbankplc.tt.omtrdc.net barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  style-src 'self' 'unsafe-inline' www.media.barclays.co.uk fonts.googleapis.com;  object-src 'self';  worker-src 'self';  child-src demo.barclays.co.uk edigitalsurvey.com cdn.krxd.net www.google.com www.media.barclays.co.uk barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  frame-src 'self' demo.barclays.co.uk edigitalsurvey.com cdn.krxd.net www.google.com www.media.barclays.co.uk barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  img-src 'self' data: demo.barclays.co.uk collect.tealiumiq.com cdnjs.cloudflare.com adservice.google.co.uk ad.doubleclick.net adservice.google.com apiservices.krxd.net beacon.krxd.net googleads.g.doubleclick.net googleads4.g.doubleclick.net jslog.krxd.net smetrics.barclays.co.uk www.facebook.com www.google.co.uk www.google.com maps.googleapis.com maps.google.com www.google.fr adservice.google.fr www.google.de www.google.es adservice.google.es www.google.nl www.google.se www.google.co.id www.google.co.il www.google.be www.google.sk www.google.co.nz www.google.co.za www.google.com.sg www.google.pt www.google.ca www.google.cz www.google.com.cy www.google.com.au adservice.google.com.au www.google.mk www.google.je adservice.google.je www.google.co.ug www.google.com.hk www.google.ro www.google.bg www.google.im www.google.co.ao www.google.ie adservice.google.ie www.google.com.ng www.google.it adservice.google.it www.google.lt www.google.ae www.google.gr www.google.com.mx www.google.hu www.google.ch www.google.ru www.google.com.eg www.google.com.pk www.google.com.bh www.google.pl adservice.google.pl www.google.co.in www.gstatic.com www.google-analytics.com www.google.lu www.google.co.jp www.google.com.tr adservice.google.co.il adservice.google.co.zw adservice.google.com.sa adservice.google.ae adservice.google.pt www.google.com.my adservice.google.nl www.google.gg adservice.google.be adservice.google.cz www.google.co.th adservice.google.de www.google.com.gh www.google.com.sa www.google.ge www.google.com.br www.google.com.tw www.google.dk www.google.com.ph adservice.google.co.za www.google.lv adservice.google.gg adservice.google.ca www.google.at www.google.rs www.google.com.mt adservice.google.com.hk www.google.no www.google.com.qa www.google.co.ke www.barclays.co.uk adservice.google.gr www.google.fi adservice.google.co.jp adservice.google.co.in www.google.com.vc www.google.lk adservice.google.ch www.google.com.ua www.google.az www.google.by www.google.com.kw adservice.google.com.sg adservice.google.im adservice.google.no www.google.co.zw www.google.mu www.google.com.vn adservice.google.com.br adservice.google.lv adservice.google.com.kw adservice.google.com.tr www.google.co.kr adservice.google.az adservice.google.hu adservice.google.co.th www.google.cm www.google.mw www.google.com.ar www.google.co.ma www.google.com.gi www.google.co.tz www.google.com.om www.google.com.af adservice.google.lt adservice.google.co.nz www.google.tt www.google.ms adservice.google.ro www.google.dz adservice.google.com.my www.google.com.pe www.google.com.jm www.google.com.sl adservice.google.com.cy adservice.google.se www.google.com.ec www.google.hr www.google.al adservice.google.ru www.google.co.mz adservice.google.com.ng www.google.com.et www.google.com.bn www.google.sh www.google.com.pa www.google.ci www.google.cl adservice.google.bg www.google.co.ve www.google.bs www.google.com.ag www.google.hn adservice.google.hn www.google.iq www.google.so www.google.com.np maps.gstatic.com www.media.barclays.co.uk 5452834.fls.doubleclick.net dev.day.com pixel.quantserve.com bclays-ads.aimatch.com barclaysbankplc.demdex.net cm.everesttech.net dpm.demdex.net *.siteintercept.qualtrics.com;  connect-src 'self' formsdss-v3.uk.barclays bclays-ads.aimatch.com search.barclays.co.uk collect.tealiumiq.com *.akamaihd.net *.akstat.io beacon.krxd.net c.go-mpulse.net jslog.krxd.net www.media.barclays.co.uk device.4seeresults.com dpm.demdex.net barclaysbankplc.tt.omtrdc.net smetrics.barclays.co.uk *.siteintercept.qualtrics.com maps.googleapis.com;  font-src 'self' data: fonts.gstatic.com www.media.barclays.co.uk;  manifest-src 'self';  media-src 'self' demo.barclays.co.uk www.media.barclays.co.uk;  prefetch-src 'self'; 1
frame-ancestors https://*.deichmann.com/ https://*.myshoes.de/ 'self'; 1
frame-ancestors vidiq-marketing-cms.now.sh vidiq-marketing-cms.vercel.app vidiq-marketing-cms-git-staging-vidiq.vercel.app vidiq-marketing-cms-git-dev-vidiq.vercel.app vidiq-marketing-cms-git-dev.vidiq.now.sh vidiq-marketing-cms-git-staging.vidiq.now.sh vitals.vercel-analytics.com localhost:3333 1
default-src * data: blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://com-avaya.netmng.com https://cdn.avaya-learning.com https://js.zi-scripts.com https://maxcdn.bootstrapcdn.com https://*.oracleinfinity.io https://tags.clickagy.com https://s.go-mpulse.net https://*.zoominfo.com https://*.vidyard.com https://*.neverbounce.com https://*.avayacloud.com https://js.hsadspixel.net https://up.pixel.ad https://unpkg.com https://static.hotjar.com https://script.hotjar.com https://cdn.jsdelivr.net https://www.trustradius.com https://ssl.google-analytics.com https://www.storygize.net https://cdn.storygize.net https://s.yimg.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://stats.sa-as.com https://*.paymetric.com http://*.avaya.com  https://gateway.zscalertwo.net https://s0.2mdn.net https://geolocation.onetrust.com https://cdn.cookielaw.org https://prdapp02.xisecurenet.com http://wm2.wiredminds.de https://wm2.wiredminds.de https://*.avaya.com https://*.cloudfront.net https://*.en25.com https://*.googleapis.com https://www.googletagmanager.com https://*.google.com https://*.linkedin.com https://*.serving-sys.com https://79423.analytics.edgekey.net https://ad.atdmt.com https://cdn.syndication.twimg.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cookies.onetrust.com https://ds-aksb-a.akamaihd.net https://gateway.zscaler.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://optanon.blob.core.windows.net https://*.twitter.com https://static.ads-twitter.com https://qaapp02.xisecurenet.com https://s1737033466.t.eloqua.com https://s3.amazonaws.com https://secure.adnxs.com https://service.maxymiser.net https://snap.licdn.com https://tags.tiqcdn.com https://use.fontawesome.com https://use.typekit.net https://www.bizographics.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.viewbix.com https://*.arkoselabs.com; style-src 'self' 'unsafe-inline' https://cdn.avaya-learning.com https://*.cloudfront.net https://unpkg.com https://cdnjs.cloudflare.com https://www.trustradius.com https://*.avaya.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.google.com https://*.googleapis.com https://avaya.greenshootlabs.com https://gateway.zscaler.net https://maxcdn.bootstrapcdn.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://platform.twitter.com https://ton.twimg.com https://use.fontawesome.com; connect-src 'self' https://js.zi-scripts.com https://*.onetrust.com https://cdn.linkedin.oribi.io https://*.akamaihd.net https://hemsync.clickagy.com https://aorta.clickagy.com https://*.vidyard.com https://*.zoominfo.com https://*.hotjar.com wss://*.hotjar.com https://*.lottiefiles.com https://avayabot.avaya.com https://*.hotjar.io https://bat.bing.com https://*.lottiefiles.com https://forms.visistat.com wss://*.hotjar.com https://*.hotjar.com https://analytics.google.com  https://*.analytics.google.com https://s1737033466.t.eloqua.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net https://s.yimg.com https://api.kickfire.com http://*.avaya.com wss://*.avaya.com https://*.avaya.de https://s1737033466.t.eloqua.com https://*.akstat.io https://*.viewbix.com http://production.shippingapis.com https://secure.shippingapis.com https://c.go-mpulse.net https://code.jquery.com https://ds-aksb-a.akamaihd.net https://*.googleapis.com https://avaya.greenshootlabs.com https://ma193-r.analytics.edgekey.net https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://ru.api4load.com https://syndication.twitter.com https://www.apple.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.postescanada-canadapost.ca https://geolocation.onetrust.com; frame-ancestors 'self' https://*.avaya.com ; 1
default-src 'none'; script-src 'self' cdn.zvuk.com 'sha256-ChUScVqwlZ5LajFSOi49H77LqYNje29cTNZM2V00VTM=' 'sha256-BvaZL6lFd0cUnpTj8qIXeZzuk2OsocIfThlS8sMe/D8=' 'nonce-QmtqQ0xfYkJPaWRlVlNfcTRoZjFM' 'strict-dynamic' *.2gis.com ads.adfox.ru/getid content.adriver.ru ad.adriver.ru adlooxtracking.ru *.adlooxtracking.ru synchrobox.adswizz.com www.afisha.ru/w/ticketmanager.js websdk.appsflyer.com get4click.ru www.googletagmanager.com hcaptcha.com *.hcaptcha.com sdk.inappstory.com/ sdk.inappstory.ru/ api.inappstory.ru/ cs.inappstory.ru/ *.instreamatic.com *.mindbox.ru top-fwz1.mail.ru/js/code.js partners.sberzvuk.ecom.gocpa.cloud api.flocktory.com/ cdn.jsdelivr.net/npm/hls.js@latest ssp.rambler.ru/capirs_async.js dsp-rambler.ru/tpl/Unbounded/ partners.sbermarketing.ru/api/tracker/sdk.js analytics.tiktok.com lib.usedesk.ru mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr sber-zvuk.com; style-src 'self' cdn.zvuk.com 'unsafe-inline' hcaptcha.com *.hcaptcha.com fonts.googleapis.com *.mindbox.ru sber-zvuk.com; img-src 'self' blob: data: login.vk.com cdn.zvuk.com *.adriver.ru cdn.appsflyer.com/creatives-mgmt/static-content/ impressions.onelink.me get4click.ru www.gstatic.com ssl.gstatic.com cs.inappstory.ru/ *.instreamatic.com *.mindbox.ru api.flocktory.com/ img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru/ profile.ssp.rambler.ru/ www.tns-counter.ru kraken.rambler.ru/cnt/ ssp.rambler.ru mts-dsp-sync.rutarget.ru image-service.obs.ru-moscow-1.hc.sbercloud.ru obs-image-service-mz.obs.ru-moscow-1.hc.sbercloud.ru analytics.tiktok.com x01.aidata.io pixel.konnektu.ru ad.mail.ru/ rtb-moscow.mail.ru *.ops.beeline.ru/ *.rtb.mts.ru/ an.yandex.ru/ rs.mail.ru/pixel/ r.mradx.net ad.doubleclick.net/ddm/trackimp/ vma.mts.ru/match/second unisound.cdnvideo.ru/static/creative/image/ secure.usedesk.ru mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr favicon.yandex.net/favicon/v2/zvuk.com sber-zvuk.com *.sber-zvuk.com *.zvuk.com *.zvooq.com zvooq.com zvuk.com; font-src 'self' cdn.zvuk.com cdn.appsflyer.com/creatives-fonts/ cs.inappstory.ru/ fonts.gstatic.com sber-zvuk.com; object-src 'none'; base-uri 'self' sber-zvuk.com; form-action 'self' sber-zvuk.com; manifest-src 'self' sber-zvuk.com; media-src 'self' data: *.zvuk.com msdrm-enc.obs.ru-moscow-1.hc.sbercloud.ru edge-drm.zvuk.com cdn64.zvuk.com cdn.zvuk.com *.emgsound.ru *.cdnvideo.ru *.101.ru:* *.n340.com:8443 *.hostingradio.ru:* icecast-zvezda.mediacdn.ru/radio/zvezda/zvezda_128 online.uniton.ru/uniton live.rzs.ru/ka.128.mp3 radio.mediacdn.ru radio.nikatv.ru online.mariafm.ru:8443/MariaFM 21220.web.hosting-russia.ru/transmit1044 stream.newradio.ru stream.studio21.ru online-fefm.signaltv.net:8443 hls.studio21.ru hls.newradio.ru air.unmixed.ru/lradio256 streamer01.1028.fm:8443/arstream microit2.n340.ru:8443/VgMv0WV17ZVx1uuo_12_love_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_12_love_64_reg_44 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_12_dacha_64_reg_1093 microit2.n340.ru:8443/VgMv0WV17ZVx1uuo_14_dacha_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_18_vostok_64_reg_1 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_13_taxi_64 microit.n340.ru:8443/VgMv0WV17ZVx1uuo_19_ruhit_64_reg_1 mg-kompas.ru/k1074 mg-kompas.ru/k1067 mg-kompas.ru/t1001 online2.gkvr.ru:8001/europa_eka_64.aac cdn.pifm.ru/mp3 hls.kalina.fm hls-radiokrasnodar.cdnvideo.ru radio.izhlife.ru hit.trkeurasia.ru radio-holding.ru radio.kazak.fm radiopurga.online/live zvezda-radio0.mediacdn.ru/radio/zvezda/Zvezda_REG_0 zvezda-radio128.mediacdn.ru/radio/zvezda/zvezda_128 blob: unisound.cdnvideo.ru/static/creative/audio/ r.mradx.net sber-zvuk.com; child-src 'self' blob: sber-zvuk.com; frame-src 'self' https://id.zvuk.com https://pr.zvuk.com content.adriver.ru www.afisha.ru *.fls.doubleclick.net/ hcaptcha.com *.hcaptcha.com games.inappstory.com/ sdk.inappstory.com/ sdk.inappstory.ru/ api.inappstory.ru/ cs.inappstory.ru/ secure.payture.com api.flocktory.com/ vast.playmatic.video/ img01.ssp.rambler.ru/ img02.ssp.rambler.ru/ dsp-rambler.ru online.sberbank.ru/CSAFront/oidc/authorizelow.do id.sber.ru sportrecs.com/embed/ sberzvook.clients.webcaster.pro mc.yandex.ru/ www.youtube.com/ sber-zvuk.com; connect-src 'self' data: report.zvuk.com cdn.zvuk.com upload-bff.zvuk.com zvuk.com msdrm.zvuk.com msdrm-enc.obs.ru-moscow-1.hc.sbercloud.ru edge-drm.zvuk.com stage1.zvq.me cdn64.zvuk.com monolith.zvq.me id.sber.ru partners.sbermarketing.ru/api/tracker/ https://id.zvuk.com *.2gis.com *.2gis.ru *.adlooxtracking.com:* ads.adfox.ru *.adriver.ru wapi.afisha.ru *.sd-rtn.com af-event-logger.appsflyer.com banner.appsflyer.com creatives-cdn.appsflyer.com fcm.googleapis.com firebase.googleapis.com firebaseinstallations.googleapis.com firebaseremoteconfig.googleapis.com firebaselogging-pa.googleapis.com www.google-analytics.com hcaptcha.com *.hcaptcha.com api.inappstory.ru/v2/ *.instreamatic.com *.mindbox.ru *.emgsound.ru hls.studio21.ru hls.newradio.ru hls-radiokrasnodar.cdnvideo.ru hls.kalina.fm radio-holding.ru radio.kazak.fm tns-counter.ru ssp.rambler.ru kraken.rambler.ru dsp-rambler.ru *.ssp.rambler.ru catch.sbervisor.ru online.sberbank.ru cms-res.online.sberbank.ru sve.online.sberbank.ru visor.sberbank.ru cms-res-web.online.sberbank.ru/sberid/BlackList/Button/No_Button.json analytics.tiktok.com api.usedesk.ru pubsubsec2.usedesk.ru secure.usedesk.ru wss://pubsubsec2.usedesk.ru mc.yandex.ru mc.yandex.com mc.yandex.kz mc.yandex.by mc.yandex.md mc.yandex.uz mc.yandex.fr sber-zvuk.com; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors https://id.zvuk.com https://pr.zvuk.com; report-uri https://report.zvuk.com/api/21/security/?sentry_key=15d647f4c7eb422d98dc820cfc9b311f; 1
frame-ancestors 'self' *.griffith.edu.au 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-exFFbcYFX430LvTWsVBKdQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; connect-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com  https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://px.ads.linkedin.com https://assets.adobedtm.com https://safgtechnologies.demdex.net https://cdn2.gbqofs.com https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://live.cloud.api.corebridgefinancial.com https://uat.cloud.api.corebridgefinancial.com https://my.valic.com https://edge.api.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://metrics.brightcove.com https://manifest.prod.boltdns.net https://bcbolt446c5271-a.akamaihd.net https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://pdfgen.dmp.corebridgefinancial.com https://pdfgen-prod.dmp.corebridgefinancial.com https://americangenerallife.us-5.evergage.com https://fonts.googleapis.com https://fonts.gstatic.com https://corebridgefinancial.onlineprospectus.net https://reporting.mobular.net https://apis.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net  https://streams-edge.web.sundaysky.com; script-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://assets.corebridgefinancial.com https://cdn.gbqofs.com https://players.brightcove.net https://assets.map.brightcove.com https://map.brightcove.com https://platform.twitter.com https://aig.onlineprospectus.net https://corebridgefinancial.onlineprospectus.net https://valic.onlineprospectus.net https://play.sundaysky.com 'unsafe-inline' 'unsafe-eval' blob:; style-src https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com   https://safg2022ipo.q4web.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://crbg-privacy.my.onetrust.com https://dpm.demdex.net https://safgtechnologies.tt.omtrdc.net https://cdn.linkedin.oribi.io https://report.corebridge.gbqofs.io https://assets.adobedtm.com https://cdn.evgnet.com https://cdn2.gbqofs.com https://px.ads.linkedin.com https://report.corebridge.gbqofs.io https://safgtechnologies.demdex.net https://connect.facebook.net https://snap.licdn.com https://assets.corebridgefinancial.com https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'none'; upgrade-insecure-requests; object-src 'none'; frame-src 'self' https://safgtechnologies.demdex.net https://www.google.com https://platform.twitter.com https://players.brightcove.net; img-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com  https://cdn.cookielaw.org https://px.ads.linkedin.com https://safgtechnologiescbf.112.2o7.net https://cm.everesttech.net https://dpm.demdex.net https://safgtechnologiesdev1cbf.112.2o7.net https://www.linkedin.com https://assets.corebridgefinancial.com https://metrics.brightcove.com https://map.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://hdr.sundaysky.com https://d21o24qxwf7uku.cloudfront.net https://play.sundaysky.com https://safgtechnologiescbfdev.112.2o7.net data:; media-src 'self' https://www.dmp.corebridgefinancial.com https://site2.corebridgefinancial.com https://www.corebridgefinancial.com https://bcbolt446c5271-a.akamaihd.net blob:; font-src 'self' https://fonts.gstatic.com data:; 1
frame-ancestors 'self' yamada-denkiweb.com *.yamada-denkiweb.com yamada-denki.jp *.yamada-denki.jp ymall.jp *.ymall.jp nojima.co.jp *.nojima.co.jp edion.com *.edion.com edion.co.jp *.edion.co.jp biccamera.com *.biccamera.com biccamera.co.jp *.biccamera.co.jp kojima.net *.kojima.net sofmap.com *.sofmap.com sofmap.co.jp *.sofmap.co.jp joshinweb.jp *.joshinweb.jp joshin.co.jp *.joshin.co.jp ksdenki.com *.ksdenki.com ksdenki.co.jp *.ksdenki.co.jp yodobashi.com *.yodobashi.com yodobashi.co.jp *.yodobashi.co.jp xprice.co.jp *.xprice.co.jp cocorostore.jp.sharp st-cocorostore.jp.sharp st.jp.sharp; 1
frame-src 'self' https://*.omniture.com https://*.teads.tv https://*.everesttech.net https://*.everestjs.net https://fledge.teads.tv https://*.adentifi.com https://*.linkedin.com https://*.licdn.com https://*.sojern.com https://*.videoamp.com https://awin1.com https://dwin1.com https://*.adobe.com https://*.niceincontact.com https://na-gateway.mastercard.com https://mtf.gateway.mastercard.com https://analytics.analytics-egain.com https://princesscruises.egain.cloud https://surfly-us.com https://princess.qualtrics.com https://sr.rlcdn.com https://www.facebook.com https://assets.adobedtm.com https://cdn.appdynamics.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://carnivalbrands.demdex.net https://servedby.flashtalking.com https://www.youtube.com https://*.princess.com https://*.ocean.com https://*.pinterest.com https://*.td.doubleclick.net https://*.tpc.googlesyndication.com https://publish-p107522-e1006297.adobeaemcloud.com https://td.doubleclick.net https://tpc.googlesyndication.com;frame-ancestors 'self' https://*.princess.com https://*.polarres.com https://*.clubprincess.com https://*.medallionclassmarket.com  https://*.princesspromotions.com https://*.ocean.com  https://*.niceincontact.com https://*.adobeaemcloud.com; 1
script-src data: blob: 'unsafe-inline' 'unsafe-eval' *.pstatp.com *.douyinstatic.com *.huoshanstatic.com *.bytetos.com *.bytecdn.cn *.snssdk.com *.qq.com *.ulikecam.com *.jsdelivr.net *.bytedance.net *.bytednsdoc.com *.bytescm.com *.bytegoofy.com *.yhgfb-cn-static.com *.ibytedapm.com;report-uri https://i.snssdk.com/log/sentry/v2/api/slardar/main/?ev_type=csp&bid=ulike_activity 1
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; font-src *; img-src * data: 1
frame-ancestors https://*.postbank.de 1
default-src 'none';script-src 'self' 'unsafe-inline' https://js.stripe.com https://ct.pinterest.com https://api.livechatinc.com https://formstack.com https://pi.pardot.com https://info.anchor.com.au https://widget.trustpilot.com https://www.googletagmanager.com https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com https://www.googleadservices.com https://s.adroll.com https://static.ads-twitter.com https://s.pinimg.com https://s.yimg.com https://static.getclicky.com https://sys.greechat.com https://analytics.formstack.com https://d.adroll.mgr.consensu.org https://cdn.livechatinc.com https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://secure.livechatinc.com https://d.adroll.com https://digitalpacificgroup.formstack.com https://static.formstack.com https://hostopia.bamboohr.com https://f.vimeocdn.com https://in.getclicky.com; img-src 'self' https://sp.analytics.yahoo.com https://analytics.twitter.com https://www.google.co.in https://pixel.prfct.co https://image2.pubmatic.com https://cm.g.doubleclick.net  https://x.adroll.com  https://mlvgk8mdrlmi.i.optimole.com https://secure.gravatar.com https://t.co https://www.google-analytics.com https://ct.pinterest.com https://www.facebook.com https://syndication.twitter.com https://stats.g.doubleclick.net https://www.google.com https://www.google.com.au https://d.adroll.com https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://sync.outbrain.com https://simage2.pubmatic.com https://ads.yahoo.com https://eb2.3lift.com https://x.bidswitch.net https://sync.taboola.com https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://match.adsrvr.org https://rc.rlcdn.com https://csyn-r.cxense.com https://seg.sharethis.com https://resources.bamboohr.com https://crucialau.activehosted.com data: 'unsafe-inline';style-src 'self' 'unsafe-inline' https://static.formstack.com https://hostopia.bamboohr.com;font-src 'self' https://static.formstack.com https://themes.googleusercontent.com data: 'unsafe-inline'; frame-src https://js.stripe.com https://ct.pinterest.com https://x.adroll.com https://td.doubleclick.net https://widget.trustpilot.com https://platform.twitter.com https://www.facebook.com https://secure.livechatinc.com https://player.vimeo.com https://www.youtube.com; connect-src https://d.adroll.com https://analytics.google.com https://digitalpacificgroup.formstack.com https://www.google-analytics.com https://s.yimg.com https://ct.pinterest.com https://hostopia.bamboohr.com; media-src https://cdn.livechatinc.com; 1
frame-ancestors https://www.enel.it https://enelpremia.enel.it https://*.force.com  https://*.salesforce.com https://*.visualforce.com https://corporate.enel.it 1
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.youtube.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  *.lynxbroker.com  impact.interactivebrokers.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.ibkrcampus.com  ibkrcampus.com  www.ibkrguides.com  *.greenwichcompliance.com; 1
frame-ancestors https://*.meijer.com 1
base-uri 'self'; child-src 'self' blob:; connect-src 'self' https://*.qualtrics.com https://rivian-privacy.my.onetrust.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://rum.browser-intake-datadoghq.com https://rum-http-intake.logs.datadoghq.com webpack: https://rivian.com/api/gql/orders/graphql https://rivian.com/api/gql/content/graphql https://rivian.com/api/gql/content/graphql https://rivian.com/api/gql/orders/graphql https://analytics.google.com https://script.crazyegg.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://media.rivian.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://stats.g.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://*.connect.us-east-1.amazonaws.com wss://*.connect.us-east-1.amazonaws.com https://*.facebook.com https://assets.rivian.com; default-src 'self'; font-src 'self' https://assets.rivian.com https://fonts.gstatic.com https://fonts.googleapis.com data:; form-action 'self' https://feedback.rivian.com; frame-ancestors 'self' https://*.splashthat.com https://splashthat.com; frame-src 'self' https://*.blivenyc.com https://optimize.google.com https://www.google.com https://*.splashthat.com https://splashthat.com https://*.doubleclick.net https://feedback.rivian.com; img-src 'self' https://*.blivenyc.com https://*.bing.com https://cdn.cookielaw.org https://images.rivian.com https://media.rivian.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.com https://assets.rivian.com https://optimize.google.com https://*.facebook.com https://*.qualtrics.com data: https://authenticate.dc.goriv.co/ https://login.microsoftonline.com/; manifest-src 'self'; media-src 'self' https://*.blivenyc.com https://media.rivian.com https://videos.rivian.com https://assets.rivian.com https://digital-dev-protected-images.dev.ue1.dc.goriv.co blob:; object-src 'none'; script-src 'self' https://rivian.com https://*.blivenyc.com https://*.bing.com https://*.goriv.co https://*.rivian.com https://*.qualtrics.com https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://cdn.cookielaw.org https://script.crazyegg.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://splashthat.com https://*.facebook.net https://*.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' 'self' https://rivian.com https://*.blivenyc.com https://fonts.googleapis.com https://optimize.google.com https://script.crazyegg.com; worker-src blob:; 1
frame-src https://*; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.uibk.ac.at; style-src 'self' 'unsafe-inline' https://*.uibk.ac.at; img-src 'self' data: https://*.uibk.ac.at; media-src 'self' blob: https://*.uibk.ac.at; font-src 'self' data: https://*.uibk.ac.at; object-src 'self'; base-uri 'self'; form-action 'self' https://*.uibk.ac.at; default-src 'self' https://*.uibk.ac.at; 1
frame-ancestors self https://askfm.adspirit.de 1
default-src 'self' *.overcast-cdn.com; script-src 'self' *.overcast-cdn.com 'nonce-TbBa2NNqeqjoRKVVIA6FmA=='; style-src 'self' *.overcast-cdn.com 'nonce-6fPU2p9O+zZC6mVBo1oBfg=='; object-src 'none'; frame-src 'none'; media-src * http://*; connect-src * http://* *.overcast-cdn.com 1
default-src https: 'self' data:; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
default-src 'self'; connect-src 'self' https://*.morningconsult.com https://*.piano.io https://*.segment.com https://*.segment.io https://checkout.stripe.com https://js.stripe.com https://rum.browser-intake-datadoghq.com https://*.tinypass.com https://*.parsely.com; frame-src 'self' https://*.morningconsult.com https://*.tinypass.com https://checkout.stripe.com https://js.stripe.com https://challenges.cloudflare.com; script-src 'self' https://*.morningconsult.com https://*.tinypass.com https://*.piano.io https://checkout.stripe.com https://js.stripe.com https://*.segment.com https://*.everviz.com https://code.highcharts.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://*.parsely.com; img-src 'self' data: blob: https://*.morningconsult.com https://*.stripe.com https://*.piano.io https://*.everviz.com https://*.parsely.com https://assets.morningconsult.com https://cdn.morningconsultintelligence.com https://datacatalogue.morningconsult.com https://d2qg522hgqjxk0.cloudfront.net https://asgard-assets.connectionprod.production.mcng.io https://pro-assets.morningconsult.com; style-src 'self' 'unsafe-inline' https://*.morningconsult.com https://*.tinypass.com https://*.piano.io https://*.everviz.com; font-src 'self' https://cdn.morningconsultintelligence.com http://*.morningconsult.com https://*.everviz.com 1
base-uri 'self';child-src blob: *;connect-src *;default-src 'self';font-src * data:;frame-ancestors 'self';frame-src blob: *;img-src * data:;media-src blob: *;script-src * 'unsafe-inline' 'unsafe-eval' data:;style-src * 'unsafe-inline';worker-src blob: * 1
frame-ancestors 'self' https://www.care2.com https://www.thepetitionsite.com https://earthworm.care2.com/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.tiny.cloud partner.hostnet.de assets.zendesk.com www.google-analytics.com ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net static.zdassets.com; connect-src 'self' spelling.tiny.cloud hyperlinking.tiny.cloud hostnet.zendesk.com ekr.zdassets.com; img-src 'self' data: sp.tinymce.com partner.hostnet.de stats.g.doubleclick.net *.vimeocdn.com cdnjs.cloudflare.com cdn.hostnet.de www.facebook.com www.googletagmanager.com www.google.de www.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline' cdn.tiny.cloud *.vimeocdn.com; media-src 'self' player.vimeo.com; frame-src 'self' player.vimeo.com https://vnc.hostnet.de:*; font-src 'self' data:; 1
default-src 3lift.com a.ad.gt *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com *.premiumoutlets.com.mx proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simoncentral.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; frame-ancestors 'self'; img-src 3lift.com a.ad.gt *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com *.premiumoutlets.com.mx proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.simpli.fi *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src 3lift.com a.ad.gt *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tag.simpli.fi tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; script-src-elem 3lift.com a.ad.gt *.adroll.com adsrvr.orgajax.aspnetcdn.com ads.yahoo.com ajax.aspnetcdn.com *.akamaihd.net *.amazonaws.com assets.pinterest.com *.azurewebsites.net *.bambuser.com b-code.liadm.com beacon.sojern.com bidagent.xad.com *.bing.com blob: *.blob.core.windows.net *.boomtrain.com cdn.hadronid.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.shopify.com *.clarity.ms *.clickmeter.com *.cloudfront.net code.jquery.com connect.facebook.net connect.nosto.com *.cookielaw.org data: dev2assets.simon-ops.com *.doubleclick.net dsum-sec.casalemedia.com eb2.3lift.com *.elfsightcdn.com *.elfsight.com errorpageseus2.z20.web.core.windows.net facebook.net fcmatch.youtube.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.google.com *.google.com.mx *.googlesyndication.com *.googletagmanager.com *.gstatic.cn *.gstatic.com ib.adnxs.com id.hadron.ad.gt ids.ad.gt idsync.rlcdn.com i.liadm.com insight.adsrvr.org js.adsrvr.org linkedin.com live.rezync.com log.pinterest.com *.mappedin.ca *.mappedin-cloud.com *.mappedin.com match.adsrvr.org mipubapistorageprod.blob.core.windows.net *.movienewsletters.net *.movies-previews.com *.onetrust.com *.oribi.io p.ad.gt p.adsymptotic.com *.pdst.fm *.perimeterx.net *.pingdom.net pixel.advertising.com pixel.rubiconproject.com pixels.ad.gt pixel.sojern.com p.placed.com *.premiumoutlets.com proton.ad.gt *.pubmatic.com px.ads.linkedin.com *.px-cdn.net *.pxchk.net *.px-client.net *.px-cloud.net *.qualtrics.com *.quantcount.com *.quantserve.com *.rackcdn.com *.rackspacecloud.com *.rackspace.com *.recaptcha.net rlcdn.com rp.liadm.com rtb-csync.smartadserver.com *.s3.amazonaws.com s3.amazonaws.com seg.ad.gt 'self' *.sentry.io simage2.pubmatic.com *.simon.com *.simonpropertygroup.com *.simonwifi.com *.simpli.fi *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io smnsrch.azureedge.net snap.licdn.com sp.analytics.yahoo.com *.splashthat.com stackpath.bootstrapcdn.com sync.outbrain.com sync.taboola.com tag.simpli.fi tags.srv.stackadapt.com themes.googleusercontent.com trc.taboola.com 'unsafe-eval' 'unsafe-inline' ups.analytics.yahoo.com us-central1-adaptive-growth.cloudfunctions.net us-u.openx.net *.videoamp.com *.westworldmedia.com www.facebook.com www.linkedin.com x.bidswitch.net yimg.com *.yottaa.net; report-uri https://qoe-1.yottaa.net/_/csp-reports?siteKey=etWhA4-bSWUsVg 1
frame-ancestors self https://*.chaosgroup.com https://*.chaos.com https://secure.avangate.com https://secure.2checkout.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru yastatic.net ajax.googleapis.com *.yandex.net yandex.st code.createjs.com apis.google.com www.gstatic.com www.google.com ssl.gstatic.com www.googletagmanager.com *.facebook.net www.googleadservices.com vk.com st.top100.ru www.google-analytics.com *.yandex.ru *.adfox.ru otclick-adv.ru cdn.otclick-adv.ru *.exist.ru *.exist.parts telegram.org storage.yandexcloud.net www.sravni.ru cdn.jsdelivr.net; img-src * 'unsafe-inline' data:; font-src * 'unsafe-inline'; connect-src * 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' *.exist.ru tc.exist.ru yandex.ru yandex.kz yandex.ua yandex.by *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net www.facebook.com staticxx.facebook.com vk.com www.google.com api-maps.yandex.ru www.elcats.ru www.japancats.ru www.youtube.com oauth.telegram.org otclick-adv.ru cdn.otclick-adv.ru www.sravni.ru storage.yandexcloud.net; 1
base-uri 'none'; default-src 'none'; script-src 'self' 'unsafe-inline' https://sf16-website-login.neutral.ttwstatic.com https://www.tiktok.com https://www.instagram.com https://www.googletagmanager.com https://snap.licdn.com https://www.google-analytics.com https://static.cloudflareinsights.com https://embed.cloudflarestream.com https://cdn.amplitude.com; style-src 'self' 'unsafe-inline' https://www.tiktok.com https://sf16-website-login.neutral.ttwstatic.com; font-src 'self'; form-action 'none'; img-src 'self' data: https://images.ctfassets.net https://content.clipchamp.com https://www.google.com.au https://www.google-analytics.com; media-src 'self' https://videos.ctfassets.net https://content.clipchamp.com; manifest-src 'self' https://login.microsoftonline.com; connect-src 'self' https://app.clipchamp.com https://content-repo.clipchamp.com https://analytics.google.com https://sentry.io https://sdk.iad-06.braze.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cloudflareinsights.com https://api.amplitude.com; frame-src https://www.tiktok.com https://www.instagram.com https://www.youtube.com https://iframe.cloudflarestream.com; frame-ancestors https://app.contentful.com 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com *.seznamakce.cz www.super.cz admin.super.cz *.super.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.super.cz https://www.super.cz 1
frame-ancestors 'self' https://admarket.no https://admarket.schibsted.se https://frontpage-wayback-machine.sls.schibsted.tech/ https://front-video-tool.aftenposten.no/; upgrade-insecure-requests 1
default-src 'self' https:; base-uri 'self'; block-all-mixed-content; child-src 'self' https: blob:; connect-src 'self' wss: https: blob:; font-src 'self' data: https:; form-action 'self' forms.hsforms.com www.facebook.com; frame-ancestors 'self' app.optimizely.com *.facebook.com app.optinmonster.com video214.com animoto.com; img-src 'self' data: https: blob: android-webview-video-poster:; manifest-src 'self'; media-src 'self' https: data: blob:; object-src 'self' www.paypalobjects.com d150hyw1dtprld.cloudfront.net; prefetch-src 'self' https:; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; worker-src 'self' blob:; report-uri https://sentry.io/api/1401029/security/?sentry_key=b94ac67e5c014425a0fe8cb868528601 1
default-src 'self' *.iheartmedia.com data: blob:;img-src 'self' https: data:;font-src https: data:;style-src 'self' https: 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com translate.google.com www.google.com www.gstatic.com *.onetrust.com player.vimeo.com www.googletagmanager.com img.en25.com cdn.cookielaw.org ftlaunchpad.ai app.livemarketshoppers.com sb.scorecardresearch.com;frame-src https:;object-src 'none';connect-src 'self' ws://localhost:* *.google-analytics.com *.doubleclick.net *.onetrust.com cdn.cookielaw.org;upgrade-insecure-requests; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-lTKXG5F8Al2SN3zwORZVbyGNFJNj7L' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
child-src 'self' *.facebook.com connect.facebook.net; frame-src 'self' https://www.google.com https://www.youtube.com https://*.vimeo.com https://static.addtoany.com *.facebook.com connect.facebook.net https://www.googletagmanager.com https://www.instagram.com/ https://bbb.ut.ee/ https://ois2.ut.ee/ https://utinfo.sendsmaily.net/ *.uttv.ee uttv.ee https://maps.google.com/ https://services.err.ee/ https://kuku.pleier.ee https://my.visme.co https://open.spotify.com/ https://podcasters.spotify.com/ https://kaart.delfi.ee https://panopto.ut.ee https://calendar.google.com/ https://twitter.com https://platform.twitter.com https://www.ut.ee https://*.doubleclick.net *.sendsmaily.net/ https://*.googlesyndication.com https://ut.ee https://www.flipsnack.com/ https://kuula.co/ https://pivot.proquest.com https://survey.ut.ee/ https://survey-test.ut.ee https://*.soundcloud.com https://forms.office.com; img-src 'self' data: *.facebook.com *.facebook.net *.fbcdn.net https://www.google-analytics.com *.ut.ee/ https://i.ytimg.com https://www.googletagmanager.com https://www.gstatic.com/ https://twitter.com https://platform.twitter.com https://www.google.com https://www.google.ee https://www.google.com.cy https://www.google.com.uz *.uttv.ee uttv.ee https://www.google.kg https://www.google.dz https://www.google.cm *.doubleclick.net https://www.google.si https://www.google.cz https://www.google.co.uz https://www.google.co.in https://www.google.se https://www.google.ru https://www.google.az https://www.google.com.tr https://www.google.ng https://www.google.com.bd https://www.google.co.uk https://www.google.co.ng https://www.google.ge https://www.google.com.pk https://www.google.com.ua https://www.translate.google.com https://www.google.nl https://www.google.co.id https://www.google.de https://www.google.fi https://translate.google.com https://www.google.it https://www.google.com.ng https://www.google.lv https://www.google.cl https://www.google.com.pe https://www.google.com.hk https://www.google.com.tw https://www.google.com.br https://www.google.kz https://www.google.com.vn https://www.google.ro https://www.google.lk https://www.google.ae https://www.google.co.jp https://www.google.co.kr https://www.google.com.gh https://www.google.ch https://www.google.pl https://www.google.com.co https://www.google.hu https://www.google.co.tz https://enlight-eu.org https://www.google.sk https://www.google.lt https://www.google.mn https://www.google.com.mx https://www.google.gr https://www.google.by https://www.google.md https://www.google.at https://www.google.es https://www.google.no https://www.google.is https://www.google.co.th https://www.google.am https://www.google.co.ma https://www.google.be https://www.google.co.ug https://www.google.fr https://www.google.com.do https://www.google.iq https://www.google.dk https://www.google.sn https://www.google.com.sg https://www.google.com.np https://www.google.co.il https://www.google.ca https://www.google.ie https://www.google.co.za https://www.google.co.ke https://www.google.com.mt https://www.google.bg https://www.google.pt https://www.google.al https://www.google.jo https://www.google.com.lb https://www.google.com.sa https://www.google.com.ec https://www.google.ml https://www.google.com.au https://www.google.ps https://www.google.com.my https://www.google.com.qa https://www.google.rw https://www.google.co.mz https://www.google.com.tj https://ut.ee https://www.google.com.eg https://www.google.ba https://www.google.mv https://www.google.mk https://www.google.ga https://www.google.com.ar https://www.google.td https://www.google.tm https://www.google.com.ph https://www.google.com.cu https://www.google.com.bh https://www.google.gm https://www.google.bt https://www.google.lu https://www.google.hr https://www.google.ci https://www.google.co.nz https://www.google.tn https://www.google.co.cr https://www.google.com.sl https://www.google.com.et https://www.google.hn https://www.google.co.bw https://www.google.com.ly https://www.google.mu https://www.google.com.kw https://www.google.so *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'report-sample' https://www.googletagmanager.com https://www.google-analytics.com https://static.addtoany.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.instagram.com/ https://www.gstatic.com https://googleadsservices.com https://*.doubleclick.net https://www.googleadservices.com https://*.googlesyndication.com https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://static.addtoany.com https://www.gstatic.com https://kuku.pleier.ee https://services.err.ee/ https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.instagram.com www.googleadservices.com googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://www.translate.google.cn https://ssl.google-analytics.com https://cdnjs.cloudflare.com; style-src 'self' fonts.googleapis.com translate.googleapis.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com https://cdnjs.cloudflare.com; frame-ancestors 'self' https://ut.ee; report-uri https://ut.ee/et/report-uri/enforce 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.sams.com.mx https://*.ampproject.org https://*.googlesyndication.com https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://optimize.google.com https://*.googleoptimize.com https://*.google.co.mx https://*.google.co.in https://*.gstatic.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googletagservices.com https://*.googleadservices.com https://*.adform.net https://*.evergage.com https://*.contentsquare.net https://*.contentsquare.com https://app.contentsquare.com https://*.igni.com https://*.ignicdn.com https://*.veinteractive.com https://*.pages05.net https://*.bing.com https://*.azureedge.net https://*.iesnare.com https://log.pinterest.com https://*.twitter.com https://*.pinterest.com https://*.criteo.com https://*.criteo.net https://*.facebook.net https://www.youtube.com https://*.kampyle.com https://*.medallia.com https://*.ibmmarketingcloud.com https://kenshoo.com/ https://rakutenlinkshare.com https://*.az.contentsquare.net https://openpay.s3.amazonaws.com https://api.openpay.mx https://cdn.siftscience.com https://*.accpg.accertify.net https://ci-mpsnare.iovation.com https://*.2mdn.net https://*.atdmt.com https://*.ytimg.com https://www.recaptcha.net https://cdn.siftscience.com https://mex-cca-prod.walmart.com https://developer.api.stg.walmart.com https://mex-sams-coreweb-prod.walmart.com https://*.signifyd.com https://*.synqy.net https://api.amplitude.com https://*.bazaarvoice.com https://www.paypal.com https://*.jwplayer.com mediastream: blob:; connect-src 'self' * blob:; object-src 'self' https://*.sams.com.mx blob:; base-uri 'self' https://*.google.com; report-uri https://csp.walmart.com/c/r/samsmx 1
frame-ancestors *.txstate.edu *.txst.edu *.tsus.edu *.tjctc.org; 1
default-src 'none' ; connect-src 'self' https://*.hubspot.com https://*.hubapi.com https://unifyintent.com https://telemetry.stytch.com https://telemetry.staging.stytch.com https://*.6sc.co https://www.google-analytics.com https://api.stripe.com https://webto.salesforce.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://web.stytch.com https://web.stytch.com https://accounts.google.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://*.launchdarkly.com https://forms.hubspot.com https://api.chilipiper.com https://*.getkoala.com wss://*.getkoala.com https://analytics.twitter.com https://*.reddit.com https://browser-intake-datadoghq.com https://stats.g.doubleclick.net https://analytics.google.com https://px.ads.linkedin.com; img-src 'self' data: https://*.hsforms.com https://*.hubspot.com https://s3.us-west-2.amazonaws.com/secure.notion-static.com/ https://prod-files-secure.s3.us-west-2.amazonaws.com/ https://cdn.sanity.io https://b.6sc.co https://stytch.imgix.net https://stytch.com https://www.google.com https://public-assets.stytch.com https://px.ads.linkedin.com https://customer-public-assets.stytch.com https://test-customer-public-assets.stytch.com https://www.google-analytics.com https://forms.hsforms.com https://track.hubspot.com https://analytics.twitter.com https://*.reddit.com; frame-src https://*.hubspot.com https://app.svix.com/ https://js.stripe.com https://hooks.stripe.com https://js.verygoodvault.com https://js.stytch.com https://api.stytch.com https://api.stytch.com https://js.stytch.com https://bid.g.doubleclick.net https://www.google.com https://accounts.google.com https://stytch.chilipiper.com https://www.youtube.com https://td.doubleclick.net; script-src 'self'  'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-V51ifflgatJ+s45q70vpJfhSMMZcO/uboBsiTJgmGEE=' 'sha256-wgCFEXMMX0C+1oXSyLuUjzJJ41AH6cxIpP6arnCg0vU=' 'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-M0XRqix5O9M+87oe2SSnd65EtHegg8ZGZFv6ePpR5J8=' 'sha256-V51ifflgatJ+s45q70vpJfhSMMZcO/uboBsiTJgmGEE=' 'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-V51ifflgatJ+s45q70vpJfhSMMZcO/uboBsiTJgmGEE=' 'sha256-wgCFEXMMX0C+1oXSyLuUjzJJ41AH6cxIpP6arnCg0vU=' 'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-+BbOoDVFFSTPzwzrFNSWQsUpUCaR4zySyTSqDzoea/4=' 'sha256-V51ifflgatJ+s45q70vpJfhSMMZcO/uboBsiTJgmGEE=' 'sha256-wgCFEXMMX0C+1oXSyLuUjzJJ41AH6cxIpP6arnCg0vU=' 'sha256-Q5x69g12HaFTCBMantfrpFwjj69oKrc7Ph7MBYolzEo=' 'sha256-pI4tXjnqa9PaTEz8c6SsDFo5hwEDM6WvnVsQCjZJW6Q=' 'sha256-dWt6kO55E05TkaLJfw3kXwtfVc8n7QAE3G0AMrSJ2LA=' 'sha256-eCc9zUjGum0w0UuAM+lpo53F7jdY2Kj8PlJe0ynlyHQ=' 'sha256-bfnksCPk2XW/ikcptL96XQ7ZVob4PBAZUNE2XPWSO+E=' 'unsafe-eval' https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com  https://forms.hsforms.com https://tag.unifyintent.com https://elements.stytch.com/telemetry.js https://elements.staging.stytch.com/telemetry.js https://www.googletagmanager.com https://js.stripe.com https://js.verygoodvault.com https://js.stytch.com https://js.stytch.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://dc.ads.linkedin.com https://p.adsymptotic.com https://accounts.google.com https://cdn.jsdelivr.net/npm/search-insights@2.0.3 https://js.hs-scripts.com/22036619.js https://js.hs-analytics.net https://js.hs-banner.com/22036619.js https://js.hscollectedforms.net/collectedforms.js https://*.getkoala.com https://www.redditstatic.com/ads/pixel.js https://*.ads-twitter.com https://j.6sc.co https://js.hs-banner.com https://*.usemessages.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://accounts.google.com https://cdn.jsdelivr.net/npm/instantsearch.css@7.3.1/themes/reset-min.css ; object-src 'none' ; manifest-src 'self' ; prefetch-src 'self' ; worker-src blob: ; font-src 'self' fonts.gstatic.com fonts.googleapis.com https://stytch.com 1
object-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; upgrade-insecure-requests 1
child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md mc.yandex.eu yandex.eu *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.eu&showid=1715651053824101-114037232792138499-balancer-l7leveler-kubr-yp-vla-154-BAL&h=stable-portal-mordago-49.klg.yp-c.yandex.net&yandexuid=4921384991715651053&&version=2024-05-07-547&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.eu yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.eu;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.eu 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.eu mc.yandex.ru favicon.yandex.net avatars.mds.yandex.net;script-src 'nonce-q/vEE8yRyK4SikYTGsLS/g==' mc.yandex.com yastatic.net yandex.eu mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.eu;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
default-src 'self' *.canadianwebhosting.com *.idig.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.canadianwebhosting.com *.idig.net www.google.com *.google-analytics.com www.gstatic.com connect.facebook.net analytics.twitter.com static.ads-twitter.com cdn.optimizely.com js.hs-analytics.net static-rtb.adkernel.com s.yimg.com sp.analytics.yahoo.com snap.licdn.com px.ads.linkedin.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.canadianwebhosting.com *.idig.net *.fontawesome.com fonts.googleapis.com www.gstatic.com; img-src 'self' data: *.canadianwebhosting.com *.idig.net analytics.twitter.com www.gstatic.com *.google-analytics.com seal-mbc.bbb.org t.co www.facebook.com *.adkernel.com ib.adnxs.com *.google.com; font-src 'self' *.idig.net *.fontawesome.com fonts.gstatic.com; connect-src 'self' *.idig.net *.google-analytics.com tor-speedtest.canadianwebhosting.com van-speedtest.canadianwebhosting.com https://analytics.google.com; frame-src 'self' static-rtb.adkernel.com www.google.com www.youtube.com 1
frame-ancestors 'self' https://www.rioseo.com https://jsfiddle.net https://ideas.hallmark.com 1
default-src https://yok.gov.tr https://*.yok.edu.tr https://*.yok.gov.tr https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com  'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 1
upgrade-insecure-requests; default-src 'self' ; base-uri 'self'; child-src 'self'; connect-src *.postaffiliatepro.com *.qualityunit.com *.urlslab.com stats.g.doubleclick.net analytics.google.com region1.analytics.google.com region1.google-analytics.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.ae www.google.at www.google.com.au www.google.bg www.google.com.br www.google.ca www.google.ch www.google.cn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.co.jp www.google.co.kr www.google.lt www.google.lv www.google.com.mt www.google.nl www.google.no www.google.co.nz www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk www.google.td www.google.tg www.google.com.tr www.google.com.ua www.google.co.uk www.google.com.vn maps.googleapis.com my.yoast.com 'self'; font-src *.postaffiliatepro.com *.qualityunit.com fonts.gstatic.com fonts.googleapis.com use.fontawesome.com data: 'self'; frame-src *.postaffiliatepro.com *.qualityunit.com www.google.com td.doubleclick.net www.youtube.com youtu.be player.vimeo.com blob: 'self'; img-src *.postaffiliatepro.com *.qualityunit.com *.gravatar.com api.urlslab.com www.liveagent.com www.googletagmanager.com www.googleadservices.com ssl.google-analytics.com www.google-analytics.com analytics.google.com region1.analytics.google.com stats.g.doubleclick.net googleads.g.doubleclick.net fonts.gstatic.com img.youtube.com i.ytimg.com i.vimeocdn.com www.google.com www.google.ae www.google.at www.google.com.au www.google.bg www.google.com.br www.google.ca www.google.ch www.google.cn www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hr www.google.hu www.google.ie www.google.it www.google.co.jp www.google.co.kr www.google.lt www.google.lv www.google.com.mt www.google.nl www.google.no www.google.co.nz www.google.pl www.google.pt www.google.ro www.google.ru www.google.se www.google.si www.google.sk www.google.td www.google.tg www.google.com.tr www.google.com.ua www.google.co.uk www.google.com.vn maps.googleapis.com blob: data: 'self'; manifest-src 'self'; media-src *.postaffiliatepro.com ssl.gstatic.com data: 'self'; object-src 'none'; script-src *.postaffiliatepro.com *.qualityunit.com www.google.com www.googletagmanager.com www.gstatic.com cdnjs.cloudflare.com ct.capterra.com 'unsafe-eval' 'unsafe-inline' 'self'; script-src-elem *.postaffiliatepro.com *.qualityunit.com *.urlslab.com www.google.com www.googletagmanager.com www.gstatic.com ssl.google-analytics.com www.google-analytics.com apis.google.com cdnjs.cloudflare.com *.capterra.com maps.googleapis.com yoast.com data: 'unsafe-inline' 'self'; script-src-attr 'unsafe-inline' 'self'; style-src www.gstatic.com data: 'unsafe-inline' 'self'; style-src-elem *.postaffiliatepro.com *.qualityunit.com fonts.googleapis.com www.gstatic.com p.typekit.net use.fontawesome.com data: 'unsafe-inline' 'self'; style-src-attr *.postaffiliatepro.com *.qualityunit.com 'unsafe-inline' 'self'; worker-src data: blob: 'self'; form-action *.postaffiliatepro.com pap.qualityunit.com qualityunit.us3.list-manage.com 'self'; 1
default-src 'self'; connect-src 'self' https://api.daad.de *.daad.com *.daad.de *.doubleclick.net www.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlevideo.com directline.botframework.com wss://directline.botframework.com; font-src 'self' data: fonts.gstatic.com; frame-src www.youtube.com www.youtube-nocookie.com *.daad.com *.daad.de newsletter.alumniportal-deutschland.org; img-src data: blob: *; media-src https://api.daad.de *.daad.com *.daad.de *.googlevideos.com www.youtube-nocookie.com; object-src 'none'; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' www.daad.de www.youtube.com www.google.com www.google-analytics.com *.googletagmanager.com static.doubleclick.net cdn.jsdelivr.net ajax.googleapis.com; style-src 'unsafe-inline' www.youtube.com; base-uri 'none'; form-action https://api.daad.de validator.w3.org export.highcharts.com; frame-ancestors https://*.daad.com http://*.daad.com 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' http://alteryx.lookbookhq.com https://alteryx.lookbookhq.com http://alteryx.pathfactory.com https://alteryx.pathfactory.com; 1
frame-ancestors 'self' stc.marketing.adobe.com https://cloud.alerts.savethechildren.org https://savethechildren.us-7.evergage.com 1
img-src 'self' data:;font-src 'none' 1
default-src 'self' *.gstatic.com storage.googleapis.com; img-src * data: blob:; object-src 'none'; base-uri 'none'; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com fonts.googleapis.com *.cdn.ampproject.org; media-src 'self' data: *.gstatic.com storage.googleapis.com *.googlevideo.com; frame-src 'self' www.google.com *.youtube.com youtube.com accounts.google.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.cdn.ampproject.org https://www.gstatic.com/ https://www.youtube-nocookie.com/; connect-src 'self' cdn.ampproject.org *.google.com storage.googleapis.com https://services.google.com/fb/submissions/thekeywordtest/ https://services.google.com/fb/submissions/0a65d7733e1f11ea9701614fc033d30c/ *.gstatic.com gstatic.com *.cdn.ampproject.org *.doubleclick.net https://readaloud.googleapis.com/ *.google-analytics.com; script-src 'self' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com *.youtube.com youtube.com optimize.google.com https://s.ytimg.com *.googletagmanager.com storage.googleapis.com *.googleapis.com *.google.com cdn.ampproject.org *.gstatic.com gstatic.com googleadservices.com *.googleadservices.com 'sha256-hdPneczWRi+c9LQVo+PzNzlNr9TacChC0CW0fiDBHkI=' 'sha256-DE/j4w1a1HDIXysWgFTrJCJK6JWEcHqScfyMr9zq9R4=' 'sha256-Ehy9lGqrTi8OqqWxX1HN6hKJT7iwwYMFJ+HLjpEobO0=' 'sha256-s/yvuH0ZHyO+7N8dM5CshPem4K1PknDExYN18xHq0LI=' 'sha256-MWQdkIAX5J//suH1t5P3PFFwFUiphY0PxD6VVzbBehQ=' 'sha256-587vJAV9t9k86IMQixmyKa7lbPaDhkGzrJsdngtoiAA=' 'sha256-nlbIOie3vmdUUZjQFDMa7iipxS6Qst8pPhTLjibMsRk=' 'sha256-lgJnwAolJEfUZqcADCe937u5G/i9edAudHv5GJlMHHo=' 'sha256-f4ki6ad4xHBnfj+FbRBUifEbj0rzaa2pNLDbnZ3IEMs=' 'sha256-PnD9J8UK8zpwVizQXkEtbZOvTiv9C/05Nn81NEwPBoQ=' 'sha256-IHJHx/ev1AojCsnOCpg0yqGX6hsg0CPBpcNodZR3ZuE=' 'sha256-kYDvl4o9O3XKKtgQW4BZzZZ44BDD2lwJj6eNJ8HyqWg=' 'sha256-786mZQPkATV3kJd7q8ZuwoTH4U3/0WniBdyVOgZQpv4=' 'sha256-Xyk5Ei/Yh7DuZgaxNfbPswkpmMKHk5Jy18vkxjfPMj0=' 'sha256-1lOrojGb+aoV56bZpsODLpb+j+HHbONNEpX/YqVtiUU=' 'sha256-sAsQphoZozaLVFpcda3bvT5euqcGL4MqVnizAR+Xla4=' 'sha256-qmxgNLBk8DehEAH10pxGKDVGIrss69LIPlCGOCw3O78='; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com *.google.com cdn.ampproject.org; require-trusted-types-for 'script' 1
script-src 'unsafe-inline' 'unsafe-eval' ct.captcha-delivery.com js.captcha-display.com cdn.ampproject.org unpkg.com api.mapbox.com ajax.googleapis.com www.google-analytics.com assets.meilleursagents.com t.contentsquare.net app.contentsquare.com www.googletagmanager.com tags.tiqcdn.com  mitself.net t23.intelliad.de bat.bing.com www.everestjs.net secure.adnxs.com static.criteo.net brokautionsfrei.de *.creativecdn.com *.teads.tv *.bauen.de *.googleapis.com *.fertighaus.de *.adscale.de *.kameleoon.com *.sunvigo.de *.interhyp.de *.lichtblick.de *.hotjar.com *.doubleverify.com *.sascdn.com *.cleverpush.com *.aviv-seller-group.com *.umzugsauktion.de *.2mdn.net *.googletagservices.com *.asg-de.tech *.adition.com *.googlesyndication.com *.facebook.net *.typeform.com *.pendo.io *.amazon-adsystem.com *.yieldlove.com *.gstatic.com *.googleadservices.com *.google.com browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu *.datadoghq-browser-agent.com *.aws.aviv.eu *.immonet.de *.immowelt.org *.immowelt.de *.doubleclick.net *.kameleoon.eu *.usercentrics.eu *.criteo.com *.datadome.co; child-src blob: mitself.net ads.revjet.com my.matterport.com geo.captcha-delivery.com app.usercentrics.eu static.criteo.net ad.yieldlab.net eb2.3lift.com kautionsfrei.de www.youtube-nocookie.com creativecdn.com *.creativecdn.com *.adscale.net *.advertising.a2z.com *.kameleoon.com *.sunvigo.de *.interhyp.de *.lichtblick.de *.hotjar.com *.doubleverify.com *.aviv-seller-group.com *.cleverpush.com *.sascdn.com *.umzugsauktion.de *.casalemedia.com *.rubiconproject.com *.doubleclick.net *.adsensecustomsearchads.com *.omnitagjs.com *.omnitag.js *.smartadserver.com *.pendo.io *.googlesyndication.com *.googletagservices.com *.google.com *.openx.net *.indexww.com *.immonet.de *.immowelt.de *.criteo.com *.eu.criteo.com *.online-energieausweis.org ; worker-src blob:; img-src * data: blob:; connect-src dnacdn.net hb.adscale.de shb.richaudience.com api-js.datadome.co lb.eu-1-id5-sync.com id5-sync.com mitself.net btlr.sharethrough.com orbidder.otto.de addefend-platform.com cdn.jsdelivr.net rtb.openx.net ad.yieldlab.net kautionsfrei.de *.creativecdn.com *.teads.tv *.advertising.a2z.com *.bauen.de *.googleapis.com *.fertighaus.de *.sunvigo.de *.interhyp.de *.lichtblick.de *.aviv-seller-group.com *.doubleverify.com *.cleverpush.com *.umzugsauktion.de *.hotjar.io *.criteo.net *.smartadserver.com *.casalemedia.com *.omnitagjs.com *.kameleoon.io *.googletagservices.com *.googlesyndication.com *.yieldlove-ad-serving.net *.yieldlove.com *.gstatic.com *.googleadservices.com *.google.com *.amazon-adsystem.com *.google-analytics.com *.mapbox.com *.datadoghq.eu *.datadoghq-browser-agent.com browser-intake-datadoghq.eu *.browser-intake-datadoghq.eu *.aws.aviv.eu *.immowelt.com *.immocloud.io *.immonet.de *.immowelt.org *.immowelt.de *.facebook.net *.pendo.io *.typeform.com *.doubleclick.net *.kameleoon.com *.kameleoon.eu *.usercentrics.eu *.asg-de.tech *.jquery.com *.tealiumq.com *.criteo.com *.aviv.eu *.contentsquare.net wss://*.hotjar.com; 1
font-src https://cdn.checkout.com *.fontawesome.com fonts.gstatic.com cdn.checkout.com script.hotjar.com maxcdn.bootstrapcdn.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com affiliates.cdkeys.com tr.snapchat.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.cdkeys.com app.storyblok.com 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com https://js.checkout.com *.klarna.com landofcoder.com *.addthis.com *.facebook.com *.twitter.com fp.cdkeys.com ad4m.at widget.trustpilot.com simplicity.trustpilot.com www.facebook.com js.checkout.com embed.twitch.tv accounts.google.com web.facebook.com www.trustpilot.com vars.hotjar.com sandbox-checkout.epag.io checkout.epag.io tr.snapchat.com www.emjcd.com static.criteo.net cj.dotomi.com *.doubleclick.net *.paypal.com www.paypalobjects.com pay.google.com unpkg.com optimize.google.com apps.rokt.com wsdk.rokt.com platform.twitter.com ad.ad-srv.net analytics.fatmedia.io shop.spreadshirt.com cdkeys.myspreadshop.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com cdkeys.pxf.io cdkeys.sjv.io *.trustpilot.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.addthisedge.com *.twitter.com *.cdkeys.com *.omn-it.net www.gravatar.com *.paypal.com steamcdn-a.akamaihd.net *.storyblok.com www.google.tm optimize.google.com *.doubleclick.net ssl.gstatic.com www.gstatic.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.com.ai www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.ms www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.vg www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat *.spreadshirt.com image.spreadshirtmedia.com cdkeys.myspreadshop.com cm.everesttech.net www.facebook.com static.xx.fbcdn.net alb.reddit.com tr.snapchat.com t.co cw.addthis.com syndication.twitter.com ad.360yield.com *.3lift.com sync.ad-stir.com *.adform.net *.adnxs.com *.adscale.de *.amazon-adsystem.com anymindgroup.go2cloud.org pixel.advertising.com x.bidswitch.net bat.bing.com www.bizrate.com tags.bluekai.com match.bnmla.com r.casalemedia.com usersync.cdglib.com www.chinesean.com *.criteo.com dpm.demdex.net *.dotomi.com sync.e-planning.net secure.getprice.com.au matching.ivitrack.com beacon.krxd.net *.liadm.com contextual.media.net visitor.omnitagjs.com *.openx.net sync.outbrain.com jadserve.postrelease.com *.pubmatic.com idsync.rlcdn.com pixel.rubiconproject.com match.sharethrough.com *.smaato.net *.smartadserver.com *.smartclip.net tg.socdm.com *.stickyadstv.com *.taboola.com pixel.tapad.com criteo-sync.teads.tv s.thebrighttag.com criteo-partners.tremorhub.com *.yahoo.com ad.yieldlab.net ads.yieldmo.com sync-criteo.ads.yieldmo.com lt45.net ds1.net dt51.net ndt5.net fr135.net as.ad4m.at ad.ad-srv.net *.clarity.ms *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com *.loggly.com www.ojrq.net cdkeys.pxf.io cdkeys.sjv.io delight-magento.fly.dev delight-s3-bucket.s3.eu-west-2.amazonaws.com tvspix.com tvpix.com 'self' data: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net landofcoder.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com widget.trustpilot.com invitejs.trustpilot.com connect.facebook.net cdn.checkout.com *.algolia.net embed.twitch.tv *.google.com platform.twitter.com www.google.com www.gstatic.com cdn.simility.com static.hotjar.com script.hotjar.com sandbox-checkout.epag.io checkout.epag.io *.doubleclick.net *.zoho.com *.criteo.net *.criteo.com sc-static.net analytics.twitter.com *.ads-twitter.com *.bing.com www.redditstatic.com maillist-manage.com *.paypal.com *.cnnx.io unpkg.com ad4m.at/osij2yav.js optimus.360and1.com www.googleoptimize.com optimize.google.com apps.rokt.com wsdk.rokt.com *.clarity.ms *.cdkeys.com *.omn-it.net *.spreadshirt.com adtm.spreadshirts.net cdkeys.myspreadshop.com dpm.demdex.net static.zdassets.com/ *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com analytics.fatmedia.io utt.impactcdn.com delight-magento.fly.dev analytics.tiktok.com app.termly.io *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://cdn.checkout.com *.fontawesome.com cdn.checkout.com maxcdn.bootstrapcdn.com optimize.google.com adtm.spreadshirts.net cdkeys.myspreadshop.com delight-magento.fly.dev *.googleapis.com *.gstatic.com *.trustpilot.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src cdn.cdkeys.com static.zdassets.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolianet.com *.insights.algolia.io https://js.checkout.com *.klarnaevt.com landofcoder.com www.facebook.com js.checkout.com *.simility.com graph.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com/api/v2/client/ws *.google.com google.com *.doubleclick.net freegeoip.app maillist-manage.com invitejs.trustpilot.com bat.bing.com unpkg.com insights.algolia.io *.clarity.ms *.spreadshirt.com cdkeys.myspreadshop.com dpm.demdex.net static.zdassets.com ekr.zdassets.com cdkeys.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.dwin1.com *.awin1.com *.zenaps.com gum.criteo.com c.bing.com the.sciencebehindecommerce.com cdkeys.pxf.io cdkeys.sjv.io api.delightglobal.io pro.ip-api.com analytics.tiktok.com app.termly.io t.elasticsuite.io *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.unisa.edu.au https://unisa.edu.au https://mod.org.au; 1
frame-ancestors demdex.net *.demdex.net storyblok.com *.storyblok.com iq.com.br *.iq.com.br azulis.com.br *.azulis.com.br salveospequenos.com.br *.salveospequenos.com.br br.originhosting.io *.br.originhosting.io itau.com.br *.itau.com.br credicard.com.br *.credicard.com.br acordocerto.com.br *.acordocerto.com.br consumidorpositivo.com.br *.consumidorpositivo.com.br 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fast.fonts.net *.hubspot.com *.akamaihd.net *.vimeo.com *.hsforms.net *.sharethis.com *.google-analytics.com *.gstatic.com *.twitter.com *.addthis.com *.googleapis.com *.youtube.com *.adyen.com *.hs-scripts.com *.hs-analytics.net *.twimg.com *.wowza.com *.pcissc.org latencytimer.azurewebsites.net cc.cdn.civiccomputing.com cdnjs.cloudflare.com cdn.parsely.com api.parsely.com p1.parsely.com *.googletagmanager.com stats.g.doubleclick.net apikeys.civiccomputing.com *.cludo.com *.pcisecuritystandards.org *.force.com pcisecuritystandards.studio *.hsforms.com blob: data:; img-src https: data:; 1
frame-ancestors 'self' https://*.sachsen.de; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; 1
default-src 'none'; img-src wtfismyip.com myip.wtf; script-src ipv4.wtfismyip.com wtfismyip.com myip.wtf ipv4.myip.wtf; style-src 'unsafe-inline' 1
upgrade-insecure-requests;  frame-ancestors 'self' https://cops.devexternal.wickes.co.uk/  https://cops-cand.devexternal.wickes.co.uk/ https://cops.external.wickes.co.uk/ 1
default-src 'none'; media-src *; font-src 'self' *.typekit.net fonts.gstatic.com data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' boards.greenhouse.io cdn.jsdelivr.net cdn.optimizely.com *.parsely.com connect.facebook.net info.a16z.com munchkin.marketo.net plausible.io px.ads.linkedin.com snap.licdn.com static.ads-twitter.com www.youtube.com script.crazyegg.com www.google-analytics.com www.googletagmanager.com a16z.com blob:; style-src 'unsafe-inline' *.typekit.net fonts.googleapis.com info.a16z.com a16z.com; connect-src *; frame-src 'self' *.cdn.optimizely.com *.simplecast.com gamma.app boards.greenhouse.io www.youtube.com info.a16z.com; base-uri 'none'; form-action 'self' info.a16z.com; frame-ancestors 'self' 1
object-src 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca; style-src 'self' 'unsafe-inline' https://*.nfb.ca https://*.onf.ca https://dkyhanv6paotz.cloudfront.net hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com *.nfb.ca *.onf.ca; worker-src 'self' *.onf.ca *.nfb.ca blob: *.nfb.ca *.onf.ca; font-src 'self' https://*.onf.ca https://*.nfb.ca fonts.gstatic.com data: https://dkyhanv6paotz.cloudfront.net *.nfb.ca *.onf.ca; default-src 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca 'nonce-df1iC87XFZiWujE474siuA=='; frame-ancestors 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca; manifest-src 'self' https://*.nfb.ca https://*.onf.ca https://dkyhanv6paotz.cloudfront.net *.nfb.ca *.onf.ca; img-src 'self' https://*.onf.ca https://*.nfb.ca https://www.facebook.com https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca *.gstatic.com data: https://interactive-cms.s3.amazonaws.com https://*.gravatar.com https://dkyhanv6paotz.cloudfront.net https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com/ads https://www.google.com/ads/ga-audiences https://www.google.com/pagead/ https://www.google.ca/ads https://www.google.ca/ads/ga-audiences https://www.google.ca/pagead/ https://pixel.mathtag.com/misc/img https://pixel.mathtag.com/comp/img https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; frame-src 'self' https://*.nfb.ca https://*.onf.ca https://*.google.com https://bid.g.doubleclick.net https://www.gstatic.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://www.facebook.com https://pixel.mathtag.com/ https://d2v44bgsxxwb3t.cloudfront.net https://td.doubleclick.net https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; media-src 'self' https://*.onf.ca https://*.nfb.ca https://dkyhanv6paotz.cloudfront.net https://d2vapbn8acl33j.cloudfront.net https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net blob: *.nfb.ca *.onf.ca; connect-src 'self' https://*.nfb.ca https://*.onf.ca https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net https://d2vapbn8acl33j.cloudfront.net https://dkyhanv6paotz.cloudfront.net https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://c212.net https://thumbor-interactive-cms.s3.ca-central-1.amazonaws.com https://www.facebook.com https://sentry.nfb.ca:9443 https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ *.nfb.ca *.onf.ca; script-src 'self' 'unsafe-inline' https://*.nfb.ca https://*.onf.ca https://player.vimeo.com https://maps.googleapis.com https://dkyhanv6paotz.cloudfront.net connect.facebook.net https://graph.facebook.com https://*.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://apis.google.com/js/platform.js www.gstatic.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.c212.net/ https://c212.net/ https://pixel.mathtag.com/sync/js https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.thesprucepets.com 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *.unionesarda.it; report-uri /csp-report 1
frame-ancestors 'self' *.zte.com.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zte.com.cn snap.licdn.com hm.baidu.com; worker-src 'self' blob:; object-src 'self' *.zte.com.cn; 1
default-src 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://*.linkedin.oribi.io https://*.applicationinsights.azure.com https://westeurope.livediagnostics.monitor.azure.com *.consentmanager.net promo.skf.com *.promo.skf.com *.actonservice.com *.ads.linkedin.com skfsso-test.skf.com skfsso-qa.skf.com skfsso.skf.com https: ;script-src 'unsafe-inline' 'self' 'unsafe-eval' https://cdn.jsdelivr.net https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.googleapis.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://mc.yandex.ru https://yastatic.net https://www.google.iq https://www.google.com.eg https://www.google.com.co https://www.google.co.kr https://www.google.com.sa https://www.google.com.ni https://www.google.rs https://www.google.com.pk https://www.google.com.gt https://www.google.al https://www.google.hn https://www.google.dz https://www.google.com.ec https://www.google.jo https://www.gstatic.com https://remote.captcha.com https://www.google.com.bh https://www.googleadservices.com https://*.doubleclick.net https://az416426.vo.msecnd.net https://bam.nr-data.net https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://code.jquery.com/jquery-3.6.0.slim.min.js https://connect.facebook.net https://*.promo.skf.com https://js-agent.newrelic.com https://*.googleapis.com https://promo.skf.com https://script.hotjar.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://static.hotjar.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://service.giosg.com https://bookeo.com https://*.bookeo.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.go-mpulse.net https://*.giosg.com;style-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://*.googleapis.com https://use.fontawesome.com https://service.giosg.com; media-src blob: https://skfsso.skf.com https://skfsso-test.skf.com https://staging.prod.skf.com https://skf.com https://www.skf.com https://skfsso-qa.skf.com https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://www.youtube.com https://hiresmedia.skf.com;connect-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://*.actonsoftware.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.applicationinsights.azure.com https://*.linkedin.oribi.io https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://mc.yandex.ru https://skfcom-stag-fileupload.azurewebsites.net https://skfcom-staging-contactskfservice.azurewebsites.net https://skfcom-prod-fileupload.azurewebsites.net https://skfcom-prod-contactskfservice.azurewebsites.net https://p11.techlab-cdn.com https://*.googleapis.com https://www.facebook.com wss://*.hotjar.com https://*.hotjar.com https://*.googlevideo.com https://*.doubleclick.net https://webapi.partcommunity.com https://bam.nr-data.net https://search.skf.com https://webassistants.partcommunity.com https://*.google-analytics.com https://*.analytics.google.com https://*.giosg.com https://bookeo.com https://*.bookeo.com https://*.hotjar.io https://dc.services.visualstudio.com/v2/track wss://messagerouter.giosg.com https://*.akstat.io https://*.go-mpulse.net https://traceparts-cache.s3.eu-west-1.amazonaws.com https://*.giosgusercontent.com https://px.ads.linkedin.com https://maintenanceapps.skf.com;font-src 'unsafe-inline' 'self' https://api.crownpeak.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://fonts.skf.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://use.typekit.net https://fonts.gstatic.com https://script.hotjar.com https://use.fontawesome.com https://*.giosgusercontent.com data: ;frame-src 'unsafe-inline' 'self' https://api.crownpeak.net https://*.doubleclick.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://www.skf.com https://webapi.partcommunity.com https://www.youtube.com/ https://vars.hotjar.com https://www.google.com https://bookeo.com https://*.bookeo.com https://*.clients.giosgusercontent.com https://service.giosg.com https://www.facebook.com https://www.traceparts.com;img-src 'unsafe-inline' 'self' https://api.crownpeak.net https://*.doubleclick.net https://api.skfbearingselect.com https://dqm.crownpeak.com https://skfsso.skf.com https://skfsso-test.skf.com https://skfsso-qa.skf.com https://cdn.test.skfmediahub.skf.com https://*.skfmediahub.skf.com https://*.consentmanager.net https://promo.skf.com https://*.promo.skf.com https://*.actonservice.com https://hcaptcha.com https://*.hcaptcha.com https://*.qualtrics.com https://recaptcha.net https://mc.yandex.ru https://*.googleapis.com https://www.google.com https://*.ggpht.com https://www.gstatic.com https://www.google.co.bw https://www.google.az https://www.google.am https://www.google.co.ke https://www.google.is https://www.google.hr https://www.google.sr https://www.google.mk https://www.google.com.py https://www.google.co.uz https://www.google.com.uy https://www.google.com.do https://www.google.com.bz https://www.google.com.na https://www.google.co.zm https://www.google.cm https://www.google.bg https://www.google.iq https://www.google.co.tz https://www.google.com.bh https://www.google.com.ec https://www.google.com.ph https://www.google.com.om https://www.google.al https://www.google.gr https://www.google.dz https://www.google.com.mt https://www.google.lt https://www.google.rs https://www.google.co.ma https://www.google.com.sa https://www.google.jo https://www.google.com.co https://www.google.co.kr https://www.google.mg https://www.google.com.eg https://www.google.com.pk https://www.google.rw https://www.google.ba https://www.google.co.il https://www.google.lu https://www.google.ge https://www.google.hn https://www.google.com.ua https://www.google.com.my https://www.google.co.jp https://www.google.sk https://www.google.co.nz https://www.google.ae https://www.google.co.id https://www.google.kz https://www.google.ro https://www.google.com.tw https://www.google.com.sg https://www.google.com.bd https://www.google.com.vn https://www.google.com.hk https://www.google.com.ar https://www.google.pt https://www.google.co.ve https://www.google.hu https://www.google.com.qa https://www.google.lv https://www.google.si https://www.google.ie https://vehicleaftermarket.skf.com https://www.google.com.sv https://www.google.dk https://www.google.co.th https://www.google.co.za https://www.google.cl https://www.google.tt https://www.google.com.ar https://www.google.ee https://www.google.ru https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.co.in https://www.google.com.ng https://www.google.cz https://www.google.ca https://www.google.fr https://www.google.com.br https://www.google.pl https://www.google.de https://www.google.ch https://www.google.com.pe https://*.ads.linkedin.com https://www.google.tn https://www.google.be https://www.google.by https://www.google.es https://www.google.com.tr https://www.google.com.au https://www.google.com.mx https://www.google.at https://www.google.fi https://www.google.co.uk https://www.google.nl https://www.google.it https://search.skf.com https://yt3.ggpht.com https://*.ytimg.com https://img.youtube.com http://www.skf.com https://*.promo.skf.com https://*.googleapis.com https://maps.gstatic.com https://promo.skf.com https://www.linkedin.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.google.no https://www.google.se https://cdn.giosgusercontent.com https://static.giosg.com https://www.googletagmanager.com https://script.hotjar.com https://*.akstat.io data:; 1
frame-ancestors 'self' http://localhost:* https://*.admin.faithlifesites.com https://admin.faithlifesites.com https://*.sites.faithlife.com https://*.faithlife.com http://local.app.logos.com:* https://app.logos.com https://*.app.logos.com logos-app://* https://builder.io; object-src https://cloud.faithlife.net https://cloud.mail.logos.com; base-uri https://optimize.google.com; block-all-mixed-content 1
default-src 'self';object-src 'self';frame-src 'self' blob: https://*.youtube.com https://*.youtube-nocookie.com https://consentcdn.cookiebot.eu https://www.aerzteblatt.de https://www.blutspenden.de https://www.swr.de https://www.tagesschau.de https://www.iwkoeln.de https://ngp.zdf.de https://players.brightcove.net https://www.facebook.com https://europa.eu https://dk2wss784le25.cloudfront.net https://www.intermedia-solutions.net https://webtv.bundestag.de https://api.de.kaltura.com https://newsroom.consilium.europa.eu/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.eu https://consent.cookiebot.eu https://siteimproveanalytics.com;style-src 'self' data: 'unsafe-inline';img-src 'self' data:;font-src 'self' data: 'unsafe-inline';connect-src 'self' https://consentcdn.cookiebot.eu;manifest-src 'self' 1
block-all-mixed-content;frame-ancestors 'none';upgrade-insecure-requests; 1
frame-ancestors https://*.1stdibs.com; 1
frame-ancestor https://admin.theworld.org https://*-the-world.pantheonsite.io; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.kfw.de *.kfw-capital.de *.kfw-ipex-bank.de *.kfw-entwicklungsbank.de www.energie-effizienz-experten.de foerderservices.kfw.de *.deginvest.de *.youborafds01.com *.edge-cdn.net *.akamaized.net *.youboranqs01.com android-webview-video-poster *.mapbox.com *.bitmovin.com  *.wt-safetag.com  *.analytics.edgekey.net a-fds.youborafds01.com kfw-chatapp-live.x21wxzihtdv.eu-de.codeengine.appdomain.cloud fbc.wcfbc.net *.keyingress.de *.usercentrics.eu *.video-cdn.net responder.wt-safetag.com js.api.here.com *.hereapi.com *.mateti.net ajax.googleapis.com *.googleadservices.com *.googletagmanager.com *.google.com *.google.de *.analytics.yahoo.com *.doubleclick.net *.yimg.com *.adform.net data: blob:; 1
frame-ancestors 'self' https://www.highspot.com https://app.highspot.com; 1
frame-ancestors 'self' *.dnc.io 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://www.googletagmanager.com https://eref.uni-bayreuth.de https://www.uni-bayreuth.de https://*.usercentrics.eu; frame-src 'self' https://forms.zohopublic.eu https://zcmp.eu https://bayh-zcmp.maillist-manage.eu https://www.youtube-nocookie.com https://desk.zoho.eu https://salesiq.zohopublic.eu/; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com http://www.test-unib.de/ 1
frame-ancestors 'self'; default-src https: 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ; font-src https: data:; img-src https: data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.lafeltrinelli.it *.googleapis.com *.gravatar.com http://p2c.xplace.de *.sciencebehindecommerce.com appleid.cdn-apple.com *.klarnacdn.net *.jsdelivr.net *.flixfacts.com *.addthisedge.com *.dwin1.com *.azure.net *.monitor.azure.net *.moatads.com *.awin1.com *.addtoany.com apis.google.com *.igodigital.com *.googleadservices.com *.appspot.com *.bing.com *.kk-resources.com *.cloudflare.com *.googlesyndication.com *.creativecdn.com *.cloudfront.net *.tiktok.com *.criteo.com *.googleadservices.com *.doubleclick.net  criteo-partners.tremorhub.com *.mediavine.com *.teads.tv sync-criteo.ads.yieldmo.com *.richrelevance.com  *.sharethrough.com *.facebook.net *.clarity.ms *.bidswitch.net secure.adnxs.com *.youtube-nocookie.com *.msecnd.net *.omnitagjs.com *.3lift.com *.taboola.com *.smartadserver.com *.googleoptimize.com *.polyfill.io *.googletagmanager.com *.googletagservices.com contextual.media.net *.go-mpulse.net bsa-media.s3.amazonaws.com samples.findawayworld.com *.cookielaw.org *.google-analytics.com *.tradedoubler.com *.tradetracker.com ts.tradetracker.net /ad.yieldlab.net *.ivitrack.com *.mainadv.com *.riskified.com *.mndtrk.com ups.analytics.yahoo.com *.jquery.com *.rubiconproject.com *.bootstrapcdn.com nxtck.com *.gstatic.com *.facebook.com *.crystal-blocker.com *.onetrust.com sync.outbrain.com *.casalemedia.com *.salecycle.com *.lgw.io *.pubmatic.com *.algolia.net *.visualstudio.com *.akstat.io *.akamaihd.net *.kobo.com *.criteo.net *.tangooserver.com *.creativecdn.com bofcom-cms.prd.life-cloud.net fibs-prd-apim-gw.life-cloud.net fibs-prd-apim.azure-api.net europe.directline.botframework.com *.blob.core.windows.net *.ibs.it https: wss: blob: data: properties: filesystem:;upgrade-insecure-requests;report-uri https://fibs-prd-apim.azure-api.net/csp-prd-ai/fcom-v1/Track 1
frame-ancestors 'self' https://pass.nishinippon.co.jp/; 1
default-src 'self';frame-src 'self' auth.yads.tech blob: https://mc.yandex.ru;worker-src 'self' blob:;font-src 'self' static.yads.tech;img-src 'self' data: air-space-users-content.s3.eu-central-1.amazonaws.com https://mc.yandex.ru static.yads.tech;style-src 'self' 'unsafe-inline';child-src blob: https://mc.yandex.ru;connect-src 'self' auth.yads.tech air-space-users-content.s3.eu-central-1.amazonaws.com https://mc.yandex.ru app.yads.tech;script-src-elem https://mc.yandex.ru https://yastatic.net static.yads.tech 'self' 'nonce-e2e47ebd06b8a09e24e6c4cddf2cff63';script-src https://mc.yandex.ru https://yastatic.net static.yads.tech 'self' 'nonce-e2e47ebd06b8a09e24e6c4cddf2cff63' 1
default-src 'nonce-8qBvcRpjcioF1IetMg67TWbgBgofoxvBj5754xoXSJMWIrJWJSlaGw' https://cdn.trustami.com/ https://www.googletagmanager.com/ https://*.clarity.ms/ https://*.popupsmart.com/; script-src 'self' 'nonce-8qBvcRpjcioF1IetMg67TWbgBgofoxvBj5754xoXSJMWIrJWJSlaGw' 'report-sample' https://googleads.g.doubleclick.net/pagead/ https://matomo.easybell.de/js/container_YRhPxNSh.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://cdn.trustami.com/widgetapi/ https://app.trustami.com/widgetapi/ https://sentry.easybell.de/ https://use.typekit.net/ https://connect.facebook.net/ https://www.clarity.ms/ https://*.popupsmart.com/ 'unsafe-eval' 'sha256-6FdNy5pNcz4CF4vD/sjwT/UosCkO5kca8j/jgMF3oAQ=' 'sha256-8XFFx+FFuPD7VAgVQqAfKly8WPHgia5dF08l+PJlNwM=' 'sha256-AAEK6EQfr7jDzwAVq8J/fbkyOll6l2f+R0DqHKesfLU=' 'sha256-jK50u8jcmjI9DEDvzRZ5257Y0XEmTdpPG1rcAPwqYK0=' 'sha256-0XAEU3tgYmKh9kvTgYx6sdjeNacrQjiibI96xchDR2Y=' 'sha256-ZCr5RBFrFbOxij+VKzMp8spFVDghu33GIZ2yKP5FF9c=' 'sha256-QvpW1tyX4UjR7zT/ZPjXdNW7brvA0sLGJrNz0BsEpnE=' 'sha256-2GM9UMiveUY1bOvukyi0Q1ScVnScS9RO/NQoRlWMHBo=' 'sha256-vb0Uerawf/8w6JUNZGQUddRqgEEyF6arzkbrSvA6oYo=' 'sha256-3Ol5a20sucGP1eIrQG+RU53Lwt1y18ciCOkP/imHZ70='; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://www.google.com https://www.google.de https://www.easybell.de https://cdn.trustami.com/ https://www.googletagmanager.com/ https://lh3.googleusercontent.com/ https://p.typekit.net/ https://*.ads.linkedin.com/ https://*.bing.com/ https://www.facebook.com/ https://www.linkedin.com/ https://www.google.co.th/ https://fonts.gstatic.com/ https://c.clarity.ms/; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://app.trustami.com/widgetapi/ https://cdn.trustami.com/ https://td.doubleclick.net/; style-src-elem 'self' 'nonce-8qBvcRpjcioF1IetMg67TWbgBgofoxvBj5754xoXSJMWIrJWJSlaGw' https://p.typekit.net https://cdn.trustami.com/ https://use.typekit.net/ https://app.trustami.com/ https://www.googletagmanager.com/ https://*.popupsmart.com/ 'sha256-NCQZUvUaQ1aE17FETe2vrfDGS1fNDYTBTbB4ZUNeQME=' 'sha256-9MFzbZnpaG/ajSplDdLT8naSGhoPrkcUwRA62ZDHnRc=' 'sha256-OdXesn1kKP5RMJdgJREqxXTuU+KR0KDotFBxOO7b3xA=' 'sha256-9aGu9/yjfL9AU8v8Za02iNuJlKPHCjhctBgjC/sIrEU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-wSxodvI4uhHzcDb62a2EdRV4bRXQeBRBFuxjdpoMQ30=' 'sha256-IU1LI/3juloSW5kVAYM/sE/fsmf/Tt017m5cahpxwfY=' 'sha256-Qls5+OIWT4c/XqmVgIwq2rTfkabucqp5RGLiNXB0cn0=' 'sha256-qIjVVYJ750xl6HnMuyRmaIKD31jn8USuL1Ve7UqChTE=' https://fonts.googleapis.com/ 'sha256-idbDYRw+hHAQQ/aonx3h1ANVoUMXSlZYpcLBqGOvx9Y=' 'sha256-AAEK6EQfr7jDzwAVq8J/fbkyOll6l2f+R0DqHKesfLU=' 'sha256-Y5vsBI8th5At18QcJDmI4LYH4nA8VGXGyniLWLcLtFo=' 'sha256-Bgx72ZjyYLX8b8eb9Nr4DjlAapdIJHiKRz9dY7zJaD0=' 'sha256-bkoMrToI07qInWnMGLRrc92utlfLRqn0POgEjGWrOxQ=' 'sha256-H7Qpm2wcVyFNuOcNRggT3L4iwSGE5dhePx+RootBoiI=' 'sha256-EAFDWCHa+aejcRonzefOtltlGaJNDsorgP4q5CN0l6s=' 'sha256-F+WrJ9hrZu3uAuOlXVQEhhSvGjTGUlPZFgXLH1xSILw=' 'sha256-Ugpt2SIe8IHcntXi78NAX/mrqGMRVFIcffxvdXT6fiI=' 'sha256-C3Rl919EuXP+Qzha6FRiGeGqIMh706TWAfoPdAIZQmA=' 'sha256-1i/yIOEYLIZkiuX2yLzRsVERWoo+c3JOCJs3MAj1S9c=' 'sha256-chqCbJR2zUW0KKSQ+AgeSlPnVtpa1PdpVhKOuaAobSo=' 'sha256-idbDYRw+hHAQQ/aonx3h1ANVoUMXSlZYpcLBqGOvx9Y=' 'sha256-qKPPXPW4tLLELFljXNfEnemizx3BkaWyPnq7Cwq9B3o=' 'sha256-fTg4vt8N7be1EQ0jNZz70xUTX9LIrBQXL9+1euxc4N4=' 'sha256-/ml7OvDaHJkIJXV2nVu3XmyATwvAGu2HqajqpAaciWY=' 'sha256-ggA/hZgfIk6OKaOPhbxlH0SIxCWXuUEoeBhV18OV1jM=' 'sha256-MSgbzNjg/7fRnOT7B9jp5nCmisOqSGf8sPIic6V6jqY=' 'sha256-86gqppg9afdtx8u45FsN2BwYjbUU+iY6teiuY9U1y/A=' 'sha256-wtWBKuKYIYGxwmPfDDcTblcli2FpO9fEirOvXFRrvjw=' 'sha256-sZaB80v9rbhQL7l1lx1DgT4Ul8tGV/97UeI0R3UJfaQ=' 'sha256-7JY1eDJUrLNObXOP566wTmR6Z++RYH7AOurjqZ1BKaM=' 'sha256-Ha3yJYVkVMV4C8/AbnYXcqVo+vAIT0mzNhZRcfUFQ1U=' 'report-sample'; style-src 'nonce-8qBvcRpjcioF1IetMg67TWbgBgofoxvBj5754xoXSJMWIrJWJSlaGw' https://cdn.trustami.com/ https://www.googletagmanager.com/ https://*.clarity.ms/ https://*.popupsmart.com/ 'report-sample' https://p.typekit.net/; object-src 'none'; connect-src 'nonce-8qBvcRpjcioF1IetMg67TWbgBgofoxvBj5754xoXSJMWIrJWJSlaGw' https://cdn.trustami.com/ https://www.googletagmanager.com/ https://*.clarity.ms/ https://*.popupsmart.com/ 'self' https://matomo.easybell.de https://www.google.de/ads/ https://www.google.com/ https://googleads.g.doubleclick.net/pagead/ https://region1.analytics.google.com https://stats.g.doubleclick.net https://sentry.easybell.de/ https://px.ads.linkedin.com/ https://analytics.google.com/ https://connect.facebook.net/ https://www.google.co.th/ https://order-form.easybell.de; frame-ancestors https://partner.easybell.de/ https://ekp.easybell.de/; font-src 'nonce-8qBvcRpjcioF1IetMg67TWbgBgofoxvBj5754xoXSJMWIrJWJSlaGw' https://cdn.trustami.com/ https://www.googletagmanager.com/ https://*.clarity.ms/ https://*.popupsmart.com/ 'self' https://use.typekit.net/ https://fonts.gstatic.com/; manifest-src 'nonce-8qBvcRpjcioF1IetMg67TWbgBgofoxvBj5754xoXSJMWIrJWJSlaGw' https://cdn.trustami.com/ https://www.googletagmanager.com/ https://*.clarity.ms/ https://*.popupsmart.com/ 'self'; media-src 'nonce-8qBvcRpjcioF1IetMg67TWbgBgofoxvBj5754xoXSJMWIrJWJSlaGw' https://cdn.trustami.com/ https://www.googletagmanager.com/ https://*.clarity.ms/ https://*.popupsmart.com/ 'self'; worker-src 'none'; report-uri https://sentry.easybell.de/api/24/security/?sentry_key=9f7c25aeb5204caa81eaf9f0e7aecfd3 1
upgrade-insecure-requests; frame-ancestors 'self' *.newbathpros.com *.cabinetremodelpros.com *.gutterguardpros.com *.viewhudforeclosures.com *.newhvacquotes.com *.newbathroomquotes.com *.coolingheatingpros.com *.windowreplacepros.com *.newwindowquotes.com *.bankforeclosureslisting.com *.contractors.com *.imotors.com *.insurecenter.com *.leadingroofingpros.com *.online-home-values.com *.homepaintingestimates.com *.heatproestimates.com *.localcoolingpros.com *.generator-installers.com *.electricianprices.com *.generator-installers.com *.localwaterheaterpros.com *.localroofpro.com *.realtynow.com *.remodelrepairreplace.com *.solarenergyquotes.com *.homegain.com *.newroofingpro.com *.contractorsmith.com *.fha-approved.com *.newforeclosedhomes.com *.lawyerfinderpro.com *.nationalhomeproject.com 1
default-src self *  ;style-src  https: data: 'unsafe-inline';img-src  https: blob: data:;child-src data:;object-src none;worker-src blob: https://*.olx.pt  ;frame-src  https: blob:;script-src  https: 'unsafe-inline' 'unsafe-eval';font-src data: self https: ;connect-src self * blob: 1
frame-ancestors 'self' https://*.fes.de 1
default-src 'self' https://*.booksamillion.com; connect-src 'self' https://*.booksamillion.com https://* wss://*; font-src 'self' https://*.booksamillion.com  https://* data:; frame-src 'self' https://*.booksamillion.com https://*; img-src 'self' https://*.booksamillion.com data: https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.booksamillion.com https://*; style-src 'self' 'unsafe-inline' https://*.booksamillion.com https://*; object-src 'none'; media-src 'self' https://*.booksamillion.com https://*.zdassets.com; frame-ancestors https://kiosknew.booksamillion.com https://kiosk.booksamillion.com https://service.booksamillion.com https://service-2nc.booksamillion.com https://customerservice.booksamillion.com https://s1.buyerquest.net; 1
frame-ancestors  https://app.reskyt.com/ https://app.casadellibro.com/ https://www.casadellibro.com/ https://p.casadellibro.com/; 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-+HEDjrq8wyHNEt2iAbcSJQ=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
default-src 'self' *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net; worker-src 'self' blob: *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net; img-src 'self' *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net data: blob:; font-src 'self' a.storyblok.com maxcdn.bootstrapcdn.com data:; media-src 'self' *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net data:; object-src 'none'; frame-ancestors 'self' *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net; connect-src 'self' https://www.gstatic.com/ *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net blob: data:; child-src 'self' blob: *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net; style-src 'self' 'unsafe-inline' data: blob: *.storyblok.com s3.amazonaws.com localhost:3010 localhost:3000 gapi.storyblok.com/v1/api *.mapbox.com *.optimizely.com *.onetrust.com *.stickyadstv.com *.yahoo.com *.pubmatic.com exclaimer.pinpointhq.com/jobs.json *.driftt.com *.googletagmanager.com *.google-analytics.com *.netlify.app *.netlify.com *.linkedin.com *.google.co.uk *.vimeo.com *.wistia.com *.youtube.com *.googleoptimize.com *.google.com *.googlesyndication.com *.6sc.co *.pro-market.net *.simpli.fi *.zopim.com *.zendesk.com *.exclaimer.com *.pardot.com *.hotjar.com *.hotjar.io *.ads-twitter.com *.bing.com *.redditstatic.com *.reddit.com *.googleadservices.com *.doubleclick.net *.tremorhub.com *.tapad.com *.exelator.com *.intentiq.com *.bluekai.com *.crwdcntrl.net *.openx.net *.adnxs.com *.navattic.com *.zdassets.com *.licdn.com *.lijit.com *.spotxchange.com *.facebook.net *.facebook.com *.g2crowd.com *.zoominfo.com *.cloud-ingenuity.com *.oribi.io *.agkn.com *.salesloft.com *.6sense.com *.twitter.com *.liadm.com t.co *.bfmio.com *.rlcdn.com *.rubiconproject.com *.1rx.io *.3lift.com wss://*.zopim.com wss://ws.hotjar.com *.calendly.com calendly.com www.surveymonkey.com widget.surveymonkey.com/* widget.surveymonkey.co.uk widget.surveymonkey.com *.surveymonkey.com *.surveymonkey.net www.surveymonkey.co.uk fast.wistia.net cdn.heapanalytics.com heapanalytics.com *.auryc.com client-registry.mutinycdn.com api-v2.mutinyhq.io *.adroll.com maxcdn.bootstrapcdn.com ajax.googleapis.com services.postcodeanywhere.co.uk go.pardot.com ws.zoominfo.com ingesteer.services-prod.nsvcs.net; 1
script-src 'self' blob: storage.googleapis.com/gdm-deepmind-com-prod-public/ storage.googleapis.com/deepmind-media/ *.youtube.com *.youtube-nocookie.com fonts.gstatic.com www.gstatic.com/glue/ www.gstatic.com/images/branding/ www.gstatic.com/external_hosted/mathjax/ fonts.googleapis.com i.ytimg.com www.googletagmanager.com www.google.com/pagead/ googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com accounts.google.com services.google.com/fb/submissions/ deepmind.google 'sha256-t/YlRDrQTIQPJZ1PXPDZlsH1Exz7C5jk6vKZtJQmJ0Q='; style-src 'self' blob: storage.googleapis.com/gdm-deepmind-com-prod-public/ storage.googleapis.com/deepmind-media/ *.youtube.com *.youtube-nocookie.com fonts.gstatic.com www.gstatic.com/glue/ www.gstatic.com/images/branding/ www.gstatic.com/external_hosted/mathjax/ fonts.googleapis.com i.ytimg.com www.googletagmanager.com www.google.com/pagead/ googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com accounts.google.com services.google.com/fb/submissions/ deepmind.google 'unsafe-inline'; img-src 'self' blob: storage.googleapis.com/gdm-deepmind-com-prod-public/ storage.googleapis.com/deepmind-media/ *.youtube.com *.youtube-nocookie.com fonts.gstatic.com www.gstatic.com/glue/ www.gstatic.com/images/branding/ www.gstatic.com/external_hosted/mathjax/ fonts.googleapis.com i.ytimg.com www.googletagmanager.com www.google.com/pagead/ googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com accounts.google.com services.google.com/fb/submissions/ deepmind.google *.googleusercontent.com; default-src 'self' blob: storage.googleapis.com/gdm-deepmind-com-prod-public/ storage.googleapis.com/deepmind-media/ *.youtube.com *.youtube-nocookie.com fonts.gstatic.com www.gstatic.com/glue/ www.gstatic.com/images/branding/ www.gstatic.com/external_hosted/mathjax/ fonts.googleapis.com i.ytimg.com www.googletagmanager.com www.google.com/pagead/ googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com accounts.google.com services.google.com/fb/submissions/ deepmind.google 1
default-src 'self' *.gstatic.com; connect-src 'self' www.google-analytics.com *.gstatic.com *.google.com; frame-src 'self' *.google.com www.youtube.com; media-src 'self' https://*.googleusercontent.com/ https://storage.cloud.google.com/gweb-research2023-stg-media-mvp/ https://storage.googleapis.com/gweb-research2023-stg-media/ https://storage.googleapis.com/gweb-research2023-media/; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com www.youtube.com; img-src 'self' data: https://*.googleusercontent.com/ https://storage.cloud.google.com/gweb-research2023-stg-media-mvp/ https://storage.googleapis.com/gweb-research2023-stg-media/ https://storage.googleapis.com/gweb-research2023-media/ https://research.google https://blogger.googleusercontent.com *.ytimg.com http://1.bp.blogspot.com/ http://2.bp.blogspot.com/ http://3.bp.blogspot.com/ http://4.bp.blogspot.com/ 1
default-src 'none'; connect-src 'self' *.licdn.com *.licdn.cn *.linkedin.com *.linkedin.cn cdn.linkedin.oribi.io dpm.demdex.net/id lnkd.demdex.net blob: accounts.google.com/gsi/ linkedin.sc.omtrdc.net/b/ss/ v.clarity.ms/collect *.microsoft.com *.adnxs.com *.tealiumiq.com login.microsoftonline.com; script-src 'report-sample' 'sha256-th47JTnh6tX15SUn/I+GGmsOSXpa7dh5Skner77gxlY=' 'sha256-SSoodjUD3LGm2FfFCVHGqEb8D4UM3OOigidT2UKDcYg=' 'sha256-cKTgdnmO6+hXd85a9wKg1effVfVzenUAtUCyOKY9bQE=' 'sha256-DwtT8+ZZKpxH9pqZNAmJ3GdbLAh5SsYaXR3omTXPCns=' 'sha256-sV9jZa797T0QWBzcU/CNd4tpBhTnh+TFdLnfjlitl28=' 'sha256-aa/Q8CRBDSqTQbCIyioPhZaz+G+dbPyu7BzsjInEmiU=' 'sha256-THuVhwbXPeTR0HszASqMOnIyxqEgvGyBwSPBKBF/iMc=' 'sha256-zTIusdVJJeXz9+iox2a+pdDglzbpRpFVRzEwvW4AONk=' 'sha256-iC8MPqNLw0FDnsBf4DlSkFLNTwhkI85aouiAEB819ic=' 'sha256-2EqrEvcPzl8c6/TSGVvaVMEe7lg700MAz/te4/3kTYY=' 'sha256-y5uW69VItKj51mcc7UD9qfptDVUqicZL+bItEpvVNDw=' 'sha256-DatsFGoJ8gFkzzxo47Ou76WZ+3QBPOQHtBu9p9b3DhA=' 'sha256-k95cyM8gFgPziZe5VQ2IvJvBUVyd5zFt2CokIUwqdHE=' 'sha256-PyCXNcEkzRWqbiNr087fizmiBBrq9O6GGD8eV3P09Ik=' 'sha256-RFqsjmAF1N5LnfpaHFvPqFlVkeIS/DtTAFor+JjJJVc=' 'sha256-2SQ55Erm3CPCb+k03EpNxU9bdV3XL9TnVTriDs7INZ4=' 'sha256-S/KSPe186K/1B0JEjbIXcCdpB97krdzX05S+dHnQjUs=' 'sha256-9pXOIwF4N0gPltLd3AI69lkCjSC2H/Eb3sc5zdmUyYU=' 'sha256-jou6v/Nleyzoc+LXktAv1Fp8M807dVVxy7E/yzVljHc=' 'sha256-6E4e/3dSvj/8JZT2S2yR91mspqM6MyOpKl5lrhHsZa8=' 'sha256-3woF8BZ54TeXM+czaH3aXoaJsVpiamuAKFsXDykAR/Q=' 'sha256-vIfNcKb8ixJg1cfJIoNNYjWcm0lezj1/XpUNFiZyVsU=' 'sha256-cLsHUHFgT/VGX04cZrJ9xgm4HbzTR7ptutkxK+7BlMk=' 'sha256-BwU8jMnQYUhjOpsDVABpfddV/DlP1ZYrFcTumYw7x54=' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com platform.linkedin.cn platform-akam.linkedin.cn platform-ecst.linkedin.cn platform-azur.linkedin.cn snap.licdn.com snap.licdn.cn www.googletagmanager.com/gtag/js merchantpool1.linkedin.com/mdt.js merchantpool1.linkedin.cn/mdt.js; img-src data: blob: * android-webview-video-poster:; font-src data: *; style-src 'self' 'unsafe-inline' static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; media-src 'self' *.licdn.com *.licdn.cn *.lynda.com; worker-src 'self' blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com static.licdn.cn static-exp1.licdn.cn static-exp2.licdn.cn static-exp3.licdn.cn; frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ lnkd.demdex.net smartlock.google.com accounts.google.com player.vimeo.com *.linkedin.com *.linkedin.cn www.slideshare.net *.megaphone.fm *.omny.fm *.sounder.fm msit.powerbi.com app.powerbi.com linkedin.github.io *.licdn.com *.licdn.cn *.adnxs.com acdn.adnxs-simple.com radar.cedexis.com edge-auth.microsoft.com li.protechts.net *.xlgmedia.com *.px-cloud.net merchantpool1.linkedin.com merchantpool1.linkedin.cn; frame-ancestors 'self' *.www.linkedin.com:* *.www.linkedin.cn:*; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=gd 1
object-src none 1
frame-src 'self' bazaarvoice.com *.bazaarvoice.com https://www.terminland.de *.datev-bot.de *.datev.de *.datev.com *.iesnare.com *.cookielaw.org *.salesviewer.org *.salesviewer.com 1
base-uri 'self'; default-src wss: ws-eu.pusher.com scatec.io *.tradetracker.net leadbooster-chat.pipedrive.com tradetracker.com *.tradetracker.com 'self' blob: data: *.googleapis.com tt-wp-corporate-site.s3.amazonaws.com *.gstatic.com *.google-analytics.com *.vimeo.com vimeo.com *.doubleclick.net doubleclick.net stats.g.doubleclick.net vod-progressive.akamaized.net; frame-src *.googletagmanager.com tradetracker.com *.tradetracker.com 'self' blob: i.vimeocdn.com f.vimeocdn.com vimeo.com fresnel.vimeocdn.com player.vimeo.com; img-src *.googletagmanager.com cdn.tradetracker.net i.vimeocdn.com tt-wp-corporate-site.s3.amazonaws.com tr.lfeeder.com scatec.io tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' blob: data: res.cloudinary.com *.facebook.com *.google-analytics.com *.doubleclick.net maps.gstatic.com *.ggpht *.googleapis.com *.hotjar.com *.hotjar.io *.licdn.com *.fbsbx.com *.google.com *.google.nl *.google.ae *.google.com.ag *.google.pl *.google.ru *.google.se *.google.ca *.google.com.au *.google.co.nz *.google.com.ua *.google.es *.google.co.uk *.google.com.br *.google.it *.google.co.in *.google.hu *.google.no *.google.com.mx *.google.be *.google.de *.google.fr *.google.fi *.google.dk *.google.at *.googleusercontent.com *.fbcdn.net *.cdninstagram.com assets.tradetracker.com; script-src 'unsafe-eval' tradetracker.com *.tradetracker.com leadbooster-chat.pipedrive.com 'self' 'unsafe-inline' blob: *.googletagmanager.com *.google-analytics.com cdn.auth0.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com *.hotjar.io *.youtube.com/iframe_api *.vimeo.com vimeo.com *.ytimg.com maps.googleapis.com scatec.io sc.lfeeder.com code.jquery.com *.tradetracker.net *.tradetracker.com; style-src *.rocketcdn.me tradetracker.com *.tradetracker.com 'self' blob: 'unsafe-inline' *.googleapis.com *.hotjar.com *.hotjar.io data:; object-src tradetracker.com *.tradetracker.com; script-src-elem js.pusher.com maps.googleapis.com scatec.io tradetracker.com *.tradetracker.com *.jquery.com *.google-analytics.com *.googletagmanager.com sc.lfeeder.com leadbooster-chat.pipedrive.com 'unsafe-inline'; 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com *.adition.com *.amazonaws.com *.baqend.com *.booxi.com *.booxi.eu *.braintree-api.com *.cloudfront.net *.cube-net.pub *.decathlon.de *.decathlon.io *.excentos.com *.go-mpulse.net *.google.de *.googleadservices.com *.intelliad.de *.online-metrix.net *.pinimg.com *.pinterest.com *.privacy-center.org *.tagcommander.com *.trustedshops.com *.userlike.com adservice.google.com api.usabilla.com cdn.conative.de cdn.dynamicyield.com connect.facebook.net d6tizftlrpuof.cloudfront.net fast.smarketer.de/ fonts.gstatic.com googleads.g.doubleclick.net gum.criteo.com ib.adnxs.com js-cdn.dynatrace.com maps.gstatic.com s3-eu-west-1.amazonaws.com scripts.publitas.com ssl.hurra.com st-eu.dynamicyield.com stage.excentos.com staticxx.facebook.com storage.googleapis.com tpc.googlesyndication.com ui.onepay.decathlon.io usabilla.com/ view.publitas.com w.usabilla.com widget.fintanalytics.com widgets.trustedshops.com www.awin1.com www.dwin1.com www.facebook.com www.google-analytics.com www.google.at www.google.com www.google.fr www.gstatic.com c.searchhub.io euob.roundprinceweb.com obseu.roundprinceweb.com userlike-cdn-umm.b-cdn.net widget.simplybook.pro rts.persado.com cdn.persa.do *.squarelovin.com squarelovin.com pagead2.googlesyndication.com;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com *.akafms.net *.akstat.io *.amazonaws.com *.baqend.com *.booxi.com *.cloudfront.net *.decathlon.de *.decathlon.io *.dynamicyield.com *.dynamicyield.eu *.dynatrace.com *.excentos.com *.facebook.net *.go-mpulse.net *.google.com *.google.de *.googleadservices.com *.intelliad.de *.mediadecathlon.com *.online-metrix.net *.paypalobjects.com *.pinimg.com *.pinterest.com *.privacy-center.org *.publitas.com *.tagcommander.com *.trustedshops.com *.trylive.com *.usabilla.com *.userlike.com adm.dynamicyield.eu adventori.com api.decathlon.de api.trustbadge.etrusted.com api.trustedshops.com api.usabilla.com async-px-eu.dynamicyield.com c.go-mpulse.net cdn-eu.dynamicyield.com cdn-eu.dynamicyield.eu cdn.conative.de cdn.dynamicyield.com ce.lijit.com commander1.com connect.facebook.net content.decathlon.de contents.mediadecathlon.com ct.pinterest.com d6tizftlrpuof.cloudfront.net d6tizftlrpuof.cloudfront.net/ data.decathlon.de fast.smarketer.de/ fm.flashtalking.com gum.criteo.com ib.adnxs.com logging.trustbadge.com media.marktjagd.com opt-eu.euc1.dynamicyield.com p.crm4d.com player.vimeo.com px-eu.dynamicyield.com rcom-eu.dynamicyield.com s3-eu-west-1.amazonaws.com shops-si.trustedshops.com sofia.trustx.org spotlight.offerista.com ssl.hurra.com st-eu.dynamicyield.com staticxx.facebook.com storage.googleapis.com sync.adotmob.com tpc.googlesyndication.com trustbadge.api.etrusted.com ui.onepay-qualification.decathlon.io ui.onepay.decathlon.io userlike-cdn-widgets.s3-eu-west-1.amazonaws.com visitor.omnitagjs.com w.usabilla.com widgets.trustedshops.com wurfl.io www.awin1.com www.dwin1.com www.google-analytics.com www.google.at www.google.co.uk www.google.com www.google.com.hk www.google.com.tr www.google.cz www.google.es www.google.fr www.google.hr www.google.pt www.googleadservices.com www.gstatic.com www.mediadecathlon.com www.youtube.com wss://umd.userlike.com fpc.decathlon.de saas.searchhub.io euob.roundprinceweb.com obseu.roundprinceweb.com pagead2.googlesyndication.com *.criteo.com *.criteo.net 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com cdn.tagcommander.com platform.commandersact.com *.commander1.com *.adnxs.com *.salecycle.com redirect3536.tagcommander.com *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.com *.loadbee.com screencapture.kampyle.com screencapture-cdn.kampyle.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com creativecdn.com *.dotomi.com *.adition.com *.cube-net.pub adservice.google.com fonts.gstatic.com googleads.g.doubleclick.net js-cdn.dynatrace.com maps.gstatic.com scripts.publitas.com stage.excentos.com usabilla.com/ view.publitas.com widget.fintanalytics.com c.searchhub.io userlike-cdn-umm.b-cdn.net widget.simplybook.pro rts.persado.com cdn.persa.do *.squarelovin.com squarelovin.com data: blob: *.cube-net.org prod-wt.aws.y-track.com manager.tagcommander.com www.google.it www.google.nl www.google.be www.google.pl *.gstatic.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org voucher.decathlon.net apigift.decathlon.com site.booxi.com screencaptue-cdn.kampyle.com cdn-workshop-pop.decathlon.net icons.batch.com p.searchhub.io cdn.speedsize.com https://userlike-cdn-operators.userlike.com *.imagekit.io fonts.googleapis.com https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ https://storage.googleapis.com/sphere-assets-prod-71-hbfe/ scripts.publitas.com/ paypalobjects.com players.brightcove.net chat.userlike.com secure.brightcove.com bcboltbde696aa-a.akamaihd.net *.youtube.com saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com c.paypal.com checkout.paypal.com www.paypal.com reviews-collect-eu.satisphere.decathlon.net www.pinterest.com pay.google.com decathlon-de-de--tst2.custhelp.com kundenservice.decathlon.de www.pinterest.de decathlon.simplybook.pro https://widget.simplybook.pro;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com 'unsafe-eval' 'unsafe-inline' *.amazonaws.com *.baqend.com *.booxi.com *.booxi.eu *.braintree-api.com *.braintreegateway.com *.decathlon.de *.excentos.com *.go-mpulse.net *.google.de *.online-metrix.net *.oppwa.com *.pinimg.com *.pinterest.com *.y-track.com api.usabilla.com cdn.dynamicyield.com ce.lijit.com connect.facebook.net d6tizftlrpuof.cloudfront.net fm.flashtalking.com fonts.gstatic.com googleads.g.doubleclick.net maps.gstatic.com onepay-ui.decathlon.net oppwa.com p.crm4d.com s3-eu-west-1.amazonaws.com sofia.trustx.org ssl.hurra.com staticxx.facebook.com sync.adotmob.com tpc.googlesyndication.com ui.onepay.decathlon.io visitor.omnitagjs.com w.usabilla.com widgets.trustedshops.com www.awin1.com www.dwin1.com www.google.at www.google.co.uk www.google.com.hk www.google.com.tr www.google.cz www.google.hr www.google.pt www.googletagmanager.com www.gstatic.com icons.batch.com p.searchhub.io cdn.speedsize.com euob.roundprinceweb.com obseu.roundprinceweb.com userlike-cdn-umm.b-cdn.net https://userlike-cdn-operators.userlike.com rts.persado.com cdn.persa.do *.squarelovin.com squarelovin.com *.imagekit.io;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ https://storage.googleapis.com/sphere-assets-prod-71-hbfe/ *.dynamicyield.com *.dynamicyield.eu *.excentos.com *.google.de *.googleadservices.com *.usabilla.com cdn-eu.dynamicyield.com cdn-eu.dynamicyield.eu cdn.dynamicyield.com d6tizftlrpuof.cloudfront.net scripts.publitas.com/ *.squarelovin.com squarelovin.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.baqend.com *.brightcove.net *.cloudfront.net *.decathlon.de *.dynamicyield.com *.dynamicyield.eu *.excentos.com *.google.de *.googleadservices.com *.paypalobjects.com *.trustedshops.com *.usabilla.com media.marktjagd.com paypalobjects.com players.brightcove.net spotlight.offerista.com stage.excentos.com widget.fintanalytics.com saas.searchhub.io;object-src view.publitas.com;base-uri 'self' *.cloudfront.net *.decathlon.de euob.roundprinceweb.com obseu.roundprinceweb.com;worker-src 'self' blob: via.batch.com 'unsafe-eval' 'unsafe-inline' *.decathlon.de *.paypal.com *.userlike.com chat.userlike.com fm.flashtalking.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net *.decathlon.de *.google.de *.pinterest.com www.google-analytics.com rts.persado.com cdn.persa.do *.squarelovin.com squarelovin.com *.imagekit.io;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.cloudfront.net *.google.de *.googleadservices.com *.online-metrix.net *.usabilla.com d6tizftlrpuof.cloudfront.net decathlon-de-de--tst2.custhelp.com googleads.g.doubleclick.net kundenservice.decathlon.de player.vimeo.com ssl.hurra.com tpc.googlesyndication.com www.awin1.com www.dwin1.com www.pinterest.de *.paypal.com www.youtube.com euob.roundprinceweb.com obseu.roundprinceweb.com decathlon.simplybook.pro https://widget.simplybook.pro;frame-ancestors 'self'; 1
default-src 'self' https://*.dotdash.com:* cdn.tailwindcss.com cdn.jsdelivr.net ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com *.zdassets.com *.zopim.com *.appcues.com g.3gl.net data: 'unsafe-inline' 'unsafe-eval' https://*.polaris.me https://*.doubleverify.com https://*.innovid.com https://imasdk.googleapis.com https://*.adsafeprotected.com/;connect-src 'self' https: wss:;font-src 'self' https: data:;frame-src 'self' https:;img-src 'self' https: data: blob:;media-src 'self' https: data:;frame-ancestors 'self' https://*.dotdash.com:*;style-src 'self' 'unsafe-inline' https:;object-src 'none';block-all-mixed-content;upgrade-insecure-requests 1
frame-ancestors 'self'; object-src none; default-src 'self' blob: static.zdassets.com coinex.zendesk.com coinex.zendesk.co file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* ; worker-src blob: 'self'; script-src 'sha256-DtTPNUJ26upGNHwcttc6H1aRqrr5XgfUvVDu4NXH3EY=' 'nonce-FLgPulRTPfQM0Z9PaeaGjg==' 'strict-dynamic' 'self' www.google-analytics.com www.googletagmanager.com static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com widget-mediator.zopim.com *.zdassets.com api.geetest.com monitor.geetest.com bakapi.gtapp.xyz res.wx.qq.com coinex.zendesk.com coinex.zendesk.co *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; style-src 'self' 'unsafe-inline' at.alicdn.com coinex.zendesk.com coinex.zendesk.co static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; img-src 'self' www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com *.amazonaws.com blob: file.coinex.com file.coinexstatic.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; font-src 'self' at.alicdn.com data: unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net ; connect-src 'self' *.zendesk.com *.zendesk.co *.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* wss://*.coinex.com wss://*.coinex.co wss://*.coinex.zone wss://*.coinex.land wss://*.coinex.network wss://*.coinexapp.net ws://*.coinex.com ws://*.coinex.co ws://*.coinex.zone ws://*.coinex.land ws://*.coinex.network ws://*.coinexapp.net; frame-src 'self' player.bilibili.com player.vimeo.com *.viadeploy.com *.viabtc.com *.jumio.com *.jumio.ai www.youtube.com www.ixigua.com www.bilibili.com *.youtu.be blob: *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net 1
frame-ancestors 'self' https://*.dialmyapp.com:*  http://*.dialmyapp.com:* http://*.mitelcel.com https://*.mitelcel.com; 1
frame-ancestors 'self' https://bgsu.experiencecloud.adobe.com https://experience.adobe.com 1
default-src 'self' maxcdn.bootstrapcdn.com  fonts.gstatic.com  cdn.linearicons.com ;           script-src 'self' 'unsafe-inline' *.fbcdn.net code.jquery.com *.google-analytics.com *.facebook.net *.googlecode.com https://www.youtube.com/              https://www.googletagmanager.com/  https://s.yimg.com/ https://www.googleadservices.com/ https://api.instagram.com/ https://googleads.g.doubleclick.net/             https://apis.google.com/ https://cdn.jsdelivr.net https://use.fontawesome.com https://cdnjs.cloudflare.com npmcdn.com http://www.youtube.com/iframe_api             https://maps.googleapis.com https://ssl-avd.innity.net http://avd.innity.net www.googleadservices.com https://maxcdn.bootstrapcdn.com/             https://cse.google.com/ https://www.google.com/cse/ http://cse.google.com/  cdn.sp88.tw   avd.innity.com  avd.sp88.tw  js.maxmind.com             https://ajax.googleapis.com/ http://platform.instagram.com/ https://www.instagram.com/ s.ytimg.com s3-ap-southeast-1.amazonaws.com           partner.googleadservices.com securepubads.g.doubleclick.net *.googlesyndication.com *.googletagservices.com *.holmesmind.com doublemax.net              scupio.com *.criteo.com *.criteo.net *.appier.net *.hinet.net *.creativecdn.com https://pagead2.googlesyndication.com https://www.googletagservices.xn--com-qf0fv14al6kn81f cdn-ima.33across.com oa.openxcdn.net tags.crwdcntrl.net;           style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ http://fonts.googleapis.com/ cdn.jsdelivr.net cdn.linearicons.com https://cdn.linearicons.com *.fontawesome.com https://cdnjs.cloudflare.com https://www.google.com/cse/ ;           img-src 'self' data: *.facebook.com *.google-analytics.com *.fbcdn.net https://sp.analytics.yahoo.com/ https://www.google.com/ https://www.google.com.tw/              https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.7-11.com.tw/ https://www.googleapis.com/ http://clients1.google.com/  avd.innity.com              avd.sp88.tw *.doubleclick.net adservice.google.com ib.adnxs.com www.googletagmanager.com www.google.co.jp *.googlesyndication.com *.holmesmind.com doublemax.net              scupio.com *.criteo.com *.criteo.net *.appier.net *.hinet.net *.gstatic.com *.creativecdn.com;           connect-src 'self' csp.withgoogle.com https://www.facebook.com/ *.google-analytics.com https://s.yimg.com/ https://maps.googleapis.com www.instagram.com www.googletagmanager.com              www.google.co.jp securepubads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com *.gstatic.com *.holmesmind.com doublemax.net scupio.com *.criteo.com *.criteo.net *.appier.net *.hinet.net;           frame-src 'self' cse.google.com *.facebook.com www.youtube.com  https://8489602.fls.doubleclick.net/  https://8489602.fls.doubleclick.net/ https://bid.g.doubleclick.net/             https://www.google.com http://mart.ibon.com.tw/ https://www.instagram.com/ s3-ap-southeast-1.amazonaws.com https://www.ir-cloud.com/ www.googletagmanager.com cse.google.com              *.safeframe.googlesyndication.com  *.googlesyndication.com *.doubleclick.net *.gstatic.com *.creativecdn.com *.holmesmind.com doublemax.net scupio.com *.criteo.com *.criteo.net *.appier.net;            font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com/ http://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com https://cdn.linearicons.com *.fontawesome.com cdnjs.cloudflare.com www.googletagmanager.com;    frame-ancestors 'self'; 1
frame-src *; 1
default-src https: wss:; connect-src 'self' https: wss:; script-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.betlive.com; object-src 'self'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-7c8qfk1NltM3N6XOgDrm+A=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' *.quill.org quill.org 'unsafe-inline'; base-uri 'self'; connect-src 'self' *.quill.org quill.org *.amplitude.com *.segment.com *.segment.io *.nr-data.net *.google-analytics.com *.google.com *.inspectlet.com *.doubleclick.net *.pusherapp.com *.pusher.com wss://coview.com wss://*.coview.com wss://*.pusher.com wss://*.pusherapp.com wss://*.inspectlet.com *.intercom.io wss://*.intercom.io *.coview.com *.sentry.io wss://*.quill.org *.satismeter.com localhost:8080/ localhost:3200 localhost:3100 wss://localhost:3200 ws://localhost:3200 wss://localhost:3036 ws://localhost:3036 checkout.stripe.com capture-api.ap3prod.com pagead2.googlesyndication.com/; font-src 'self' coview.com *.coview.com intercomcdn.com *.intercomcdn.com quill.org *.quill.org *.typekit.net *.fontawesome.com *.gstatic.com rsms.me *.rsms.me; frame-src 'self' coview.com *.coview.com intercom-sheets.com stripe.com *.stripe.com youtube.com *.youtube.com *.amazonaws.com *.loom.com *.salesmate.io td.doubleclick.net/; img-src * data: blob:; media-src * data: blob:; object-src 'none'; script-src 'self' *.quill.org quill.org 'unsafe-inline' 'unsafe-eval' *.clever.com *.fontawesome.com *.typekit.net *.segment.com *.segment.io *.newrelic.com *.nr-data.net *.googleapis.com *.gstatic.com *.pusher.com *.google-analytics.com *.inspectlet.com *.satismeter.com stripe.com *.stripe.com *.amplitude.com *.doubleclick.net *.intercom.io *.intercomcdn.com *.coview.com *.sentry.io *.heapanalytics.com cdn.jsdelivr.net/npm/vanilla-lazyload@17.8.3/dist/lazyload.min.js *.salesmate.io *.googletagmanager.com code.jquery.com; style-src 'self' *.quill.org quill.org 'unsafe-inline' coview.com *.coview.com *.fontawesome.com *.googleapis.com *.gstatic.com rsms.me 1
default-src 'self' data: maps.googleapis.com fonts.googleapis.com *.gstatic.com talos.adman.gr *.pstatic.gr www.bestprice.gr https://static.pexels.com https://accounts.google.com 'unsafe-eval'; script-src 'unsafe-inline' connect.facebook.com www.google-analytics.com *.analytics.google.com *.google.gr www.googletagmanager.com *.cloudflareinsights.com *.google.com talos.adman.gr connect.facebook.net graph.facebook.com googleads.g.doubleclick.net *.googleadservices.com *.googlecode.com *.googleapis.com *.adman.gr *.bestprice.gr *.pstatic.gr *.getsentry.com *.sentry.io *.adsafeprotected.com pagead2.googlesyndication.com adservice.google.gr *.instagram.com 'unsafe-eval' *.clarity.ms; style-src 'self' 'unsafe-inline' *.googleapis.com *.pstatic.gr *.adman.gr *.facebook.com *.twitter.com *.gravatar.com *.google.com *.adsafeprotected.com *.fonts.google.com; frame-src 'self' data: *.adman.gr *.facebook.com bs.serving-sys.com *.youtube.com *.adsafeprotected.com *.instagram.com https://accounts.google.com/ https://www.youtube-nocookie.com/ googleads.g.doubleclick.net ads.eu.criteo.com https://embed.playbuzz.com; frame-ancestors 'self' *.googleusercontent.com content.bestprice.gr *.adsafeprotected.com https://*.playbuzz.com ads.eu.criteo.com; connect-src 'self' stats.g.doubleclick.net api.airtable.com accounts.google.com rpc.bestprice.gr local.bestprice.gr:4002 hal.bestprice.gr maps.googleapis.com www.google-analytics.com www.googletagmanager.com script.google.com pubsub.bestprice.gr cloudflareinsights.com ws://pubsub.bestprice.gr wss://pubsub.bestprice.gr script.googleusercontent.com graph.facebook.com www.bestprice.gr www.sentry.io app.getsentry.com *.ingest.sentry.io *.pstatic.gr *.adman.gr *.adsafeprotected.com *.instagram.com api.github.com georgep.bestprice.gr or.bestprice.gr *.google-analytics.com *.analytics.google.com *.google.gr https://oauth2.googleapis.com https://*.googleusercontent.com *.clarity.ms; img-src 'self' data: www.bestprice.gr graph.facebook.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.cloudflareinsights.com platform-lookaside.fbsbx.com *.google.com *.doubleclick.net *.google.gr *.pstatic.gr *.gstatic.com *.githubusercontent.com *.youtube.com *.googleapis.com *.googlecode.com *.facebook.com *.twimg.com *.fbcdn.net www.google.com www.google.gr *.fbsbx.com *.googleusercontent.com *.adsafeprotected.com *.googlesyndication.com *.adman.gr ad.doubleclick.net *.openstreetmap.org bpcdn.gr https://www.youtube-nocookie.com/ bs.serving-sys.com *.demdex.net https://hal.bestprice.gr *.clarity.ms *.bing.com; object-src 'none'; child-src 'self' blob; base-uri 'self'; font-src fonts.gstatic.com fonts.googleapis.com data:; worker-src *.bestprice.gr blob: 'self' 1
frame-ancestors 'self' https://*.tu-chemnitz.de/ 1
script-src 'nonce-2ed6cf05901987c8ebd04f2a35703577' 'nonce-zMgSVfmjI0IFyo94i3NcvvatX81P6GlpAC6IFQ5HTQA=' 'self' 'unsafe-eval' https: 'sha256-jTbbX7kA2AFEiHkjGYboK9ooUurX+Mc9th2/quUZwkI=' 'sha256-yntX1DMo3v8w5zK0Wt5LS96gm1dTl95wU0As+x8+vsU=' blob:; frame-ancestors 'none' 1
frame-ancestors 'self' https://auth.recruitee.com 1
style-src 'unsafe-inline' optimize.google.com fonts.googleapis.com platform.twitter.com ton.twimg.com use.typekit.net cdn.crowdin.com cdn.jsdelivr.net cdn-resources.ableton.com; object-src 'self'; frame-ancestors 'self' ableton.lightning.force.com; default-src 'self' blob: data: https: ableton:; frame-src 'self' ableton: bandcamp.com www.facebook.com optimize.google.com embed.spotify.com open.spotify.com w.soundcloud.com player.vimeo.com www.youtube-nocookie.com www.youtube.com ljsp.lwcdn.com brandfolder.com www.instagram.com crowdin.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' api.soundcloud.com w.soundcloud.com www.youtube.com www.youtube-nocookie.com s.ytimg.com www.googleadservices.com googleads.g.doubleclick.net optimize.google.com connect.facebook.net recommender.scarabresearch.com www.instagram.com cdn.syndication.twimg.com platform.twitter.com syndication.twitter.com use.typekit.net cdn.crowdin.com crowdin.com cdn.matomo.cloud analytics.ableton.com cdn.jsdelivr.net cdn-resources.ableton.com; report-uri /csp/report/ 1
frame-ancestors 'self' https://*.fanbox.cc 1
default-src 'none'; base-uri 'self' docs.helpscout.net; block-all-mixed-content; child-src 'self' assets.braintreegateway.com assets.rescuetime.com assets-dev.rescuetime.com c.paypal.com www.youtube.com player.vimeo.com fast.wistia.net moz-extension://* chrome-extension://*; connect-src 'self' d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com *.paypal.com www.google-analytics.com connect.facebook.net www.facebook.com ysxtsrzt2b4s.statuspage.io rescuetime.helpscoutdocs.com secure.helpscout.net api.ipify.org beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net stats.g.doubleclick.net *.sumologic.com sentry.io *.ingest.sentry.io *.sentry-cdn.com wss: wss://*.pusher.com slack.com *.asana.com trello.com *.atlassian.com github.com *.google.com exist.io *.visualwebsiteoptimizer.com app.vwo.com logo.clearbit.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build blog.rescuetime.com *.fontawesome.com *.getharvest.com; font-src 'self' data: d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com fonts.gstatic.com app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build *.fontawesome.com; form-action 'self' community.rescuetime.com blog.rescuetime.com *.welltory.com slack.com *.asana.com trello.com *.atlassian.com github.com *.github.com google.com *.google.com *.microsoftonline.com twitter.com *.twitter.com facebook.com *.facebook.com linkedin.com *.linkedin.com spotify.com *.spotify.com getharvest.com *.getharvest.com; frame-ancestors moz-extension://* chrome-extension://*; frame-src 'self' d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com assets.braintreegateway.com *.paypal.com djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net platform.twitter.com www.googletagmanager.com www.google.com bid.g.doubleclick.net *.facebook.com tst.kaptcha.com ssl.kaptcha.com www.youtube.com moz-extension://* chrome-extension://* ifttt.com *.vimeo.com app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.userreport.com *.gist.build; img-src 'self' data: d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com assets.braintreegateway.com *.paypal.com platform.twitter.com pbs.twimg.com www.google-analytics.com connect.facebook.net *.facebook.com d33v4339jhl8k0.cloudfront.net moz-extension://* chrome-extension://* via.placeholder.com ifttt.com api.producthunt.com zapier.com cdn.zapier.com www.google.com googleads.g.doubleclick.net *.adsymptotic.com *.visualwebsiteoptimizer.com *.ads.linkedin.com app.vwo.com track.customer.io secure.gravatar.com logo.clearbit.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.scdn.co *.userreport.com *.gist.build; manifest-src 'self'; media-src 'self' beacon-v2.helpscout.net support-media-storage.s3.amazonaws.com d3ccrbqtj64zhq.cloudfront.net support-media.rescuetime.com d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com; object-src 'self' djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net assets.rescuetime.com assets-dev.rescuetime.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com js.braintreegateway.com assets.braintreegateway.com www.paypalobjects.com *.paypal.com d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net djtflbt20bdde.cloudfront.net beacon-v2.helpscout.net cdn.ravenjs.com platform.twitter.com www.google-analytics.com www.googletagmanager.com www.google.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com zapier.com connect.facebook.net dev.visualwebsiteoptimizer.com app.vwo.com cdn.rawgit.com player.vimeo.com assets.customer.io *.licdn.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.sentry-cdn.com *.gist.build gist-queue-consumer-api.cloud.gist.build ajax.googleapis.com blog.rescuetime.com *.userreport.com *.fontawesome.com; style-src 'self' 'unsafe-inline' d1tc833ex4oc93.cloudfront.net assets.rescuetime.com assets-dev.rescuetime.com fonts.googleapis.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net djtflbt20bdde.cloudfront.net app.vwo.com *.ubembed.com *.userleap.com *.sprig.com *.usersnap.com *.gist.build *.fontawesome.com; upgrade-insecure-requests; worker-src blob:; report-uri https://www.rescuetime.com/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' blob: *.facebook.net *.redditstatic.com *.reddit.com www.youtube.com www.googletagmanager.com accounts.google.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com accounts.google.com; img-src 'self' blob: data: www.facebook.com *.redditstatic.com *.reddit.com storage.googleapis.com *.yodayo.com ; font-src 'self' fonts.gstatic.com; object-src 'none'; media-src 'self' blob: storage.googleapis.com; connect-src blob: *; frame-src 'self' accounts.google.com www.youtube.com www.facebook.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' https://*.google.com/ https://*.pandabuy.com https://*.worldpay.com/ https://*.fisglobal.com/; font-src * data:; img-src * data: blob:;connect-src 'self' https://*.pandabuy.com https://*.aliyuncs.com https://*.taobao.global https://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://d.alicdn.com https://*.mmstat.com wss://*.intercom.io https://*.googleapis.com https://*.google-analytics.com https://*.worldpay.com/; script-src 'self' https://*.alicdn.com https://*.google.com/ https://*.airwallex.com https://*.worldpay.com/ https://h.online-metrix.net/ https://firebase.googleapis.com https://www.googletagmanager.com https://*.mmstat.com https://widget.intercom.io https://js.intercomcdn.com https://*.pandabuy.com https://*.alibaba.com https://*.aliyuncs.com https://*.aliapp.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://*.pandabuy.com; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action https://*.pandabuy.com https://*.cardinalcommerce.com https://intercom.help https://*.alipay.com; media-src https://js.intercomcdn.com; frame-src 'self' https://www.youtube.com https://intercom-sheets.com/ https://*.cardinalcommerce.com/ https://*.worldpay.com/ https://*.firebaseapp.com/ 1
frame-ancestors 'self' *.betano.com; 1
frame-ancestors 'self'; object-src 'none'; base-uri 'self'; script-src 'nonce-sgwscorp' 'strict-dynamic' 'self' https://assets.southernglazers.com https://assets.adobedtm.com/ https://web.miappi.com https://open.spotifycdn.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://www.googleoptimize.com https://static.doubleclick.net https://secure.quantserve.com https://rules.quantcount.com; 1
frame-ancestors 'self' https://*.ohio.edu https://*.oit.ohio.edu; 1
connect-src * 'self' 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz www.sreality.cz admin.sreality.cz *.sreality.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.hit.gemius.pl *.im.cz *.imedia.cz *.imedia.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.cz *.sdn.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sreality.cz *.sreality.cz *.szn.cz ads.celtra.com ams.creativecdn.com browser.sentry-cdn.com connect.facebook.net gacz.hit.gemius.pl scz.hit.gemius.pl https://www.sreality.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz ; script-src-elem blob: 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.hit.gemius.pl *.im.cz *.imedia.cz *.imedia.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.cz *.sdn.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sreality.cz *.sreality.cz *.szn.cz ads.celtra.com ams.creativecdn.com browser.sentry-cdn.com connect.facebook.net gacz.hit.gemius.pl scz.hit.gemius.pl https://www.sreality.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz 1
default-src 'self' docs.google.com *.googleapis.com *.yandex.ru *.googletagmanager.com *.googlesyndication.com *.calameo.com *.facebook.com *.vk.com vk.com https://apis.google.com *.google.com *.google.ru *.twitter.com *.youtube.com ok.ru *.odnoklassniki.ru rutube.ru https://accounts.google.com https://s-static.ak.facebook.com https://www.facebook.com https://login.vk.com *.getloupe.com capsu.lat *.padlet.com *.twitter.com schoodle.ru *.gosuslugi.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net stackpath.bootstrapcdn.com yastatic.net *.gstatic.com *.google.com *.google.ru  *.yandex.ru *.webvisor.org *.googleapis.com vk.com *.twitter.com connect.facebook.net graph.facebook.com capsu.lat connect.mail.ru counter.rambler.ru www.googletagservices.com www.googletagmanager.com www.google-analytics.com https://www.googleadservices.com *.odnoklassniki.ru *.ok.ru counter.rambler.ru https://www.googleapis.com *.fontawesome.com stat.sputnik.ru schoodle.ru https://*.revolvermaps.com *.gosuslugi.ru *.youtube.com musicacademy.app; object-src *; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com cdnjs.cloudflare.com *.twitter.com *.bootstrapcdn.com ton.twimg.com cdn.jsdelivr.net capsu.lat  uroki-maya.online musicacademy.app; img-src * 'self' data: https: blob:; media-src 'self'; font-src 'self' data: yastatic.net fonts.gstatic.com cdn.jsdelivr.net capsu.lat *.cloudflare.com *.fontawesome.com *.gosuslugi.ru; connect-src 'self' *.yandex.ru *.google-analytics.com capsu.lat *.googleapis.com *.fontawesome.com stat.sputnik.ru *.webvisor.org; 1
default-src 'self';script-src 'nonce-FsSG+94A6eSQVpBmrWzf0kmR' 'unsafe-eval' https://*.uwe.ac.uk https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://p.typekit.net https://embed.geckochat.io https://app.geckoform.com/gecko-embed/ https://maps.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://secure.adnxs.com https://polyfill.io/v3/polyfill.min.js 'sha256-AyRymE6ak+bH4ydAv1wJ89tx4wn8Ao6HwJLatEOus/M=' 'sha256-5lkPWtLCuQSKvgWb45HvtF3RMeYc5VpmwZzckz0K+70=' 'sha256-QvHOyumupilC6mKZMGO4JKBzGqUIezSLhrDQNLSeloI=' 'sha256-HXuPksdYgGVCWZW3Jout9JiRgQBVSTD2/0Tc5tYsfHc=' 'sha256-kvefD2Ndo4YusfwOjROflpjVzIMIpDnWkdcMll5uUgI=' 'sha256-Mb8Lae27VyQCOHsbMM01FwrEYv01xizfOz9YGchzWdU=' 'sha256-c8LNyKH3sxXn9/PcDglhseuT1BbBbIFSxK9e/lkVWqg=' 'sha256-P47zixDuDT29rO2YUp8jpK1fcTn6D/lB3t8fgBTOWQs=' 'sha256-sWwQJUNFSIOP2Z0Se9xDwz9zpeGtsE83nszd5wR6aj8=' 'sha256-DkIOMaD1ZGEvLMmW4Y1l7OqThW5jJr+NsIKFcm8lEj8=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-uRH3jzuA9wJNU8vEQ5Aj7OUe8UhkhInN1eyVD9Rq908=' 'sha256-WJon2J1Mv+aiR4/Ba6MhlQdPNZV3p2Qh4xbGfT1689k=' 'sha256-7mZR/eN14thXNRMQHdqJJquS20kQK0U16M3n17zi5cw=' 'sha256-xFL98wcvbygdKirXjIsY/ZTeOPtMeCUeiZiBeEbqtmc=' 'sha256-FfOg/Cbtl2AhRHgTnrdr2VSrg8VRrA+uFGR0PiZ22g8=' 'sha256-QI5Ymi8pBFYynihr8ZWGY9ZTgA/MgsYJy1K1Ae8k3QM=' 'sha256-CeAfkducFFPvg2UUyFJRCYc6syO+QQtwNRyYF4KV+jg=' 'sha256-u/AY/C4PWm42sRu9ZoU0Gj+rq1EAWQbObqIS8QpIU9I=' https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://track.adform.net/Serving/TrackPoint/ 'sha256-BBCw1wA4nDP4J26dnLNGcLyxnbQOPxEsnv2kybjdRcQ=' https://*.doubleclick.net https://*.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.googlesyndication.com https://www.googletagservices.com https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://sc-static.net/scevent.min.js https://tags.srv.stackadapt.com/events.js https://secure-ds.serving-sys.com https://bs.serving-sys.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://static-ssl.responsetap.com/static/scripts/rTapTrack.min.js 'sha256-xHJMT+ZUJXwtKHkz7LtBdCyxWtgh/tUzdxkDBf5s7/k=' https://metrics.responsetap.com/track/ https://analytics.twitter.com https://platform.twitter.com/widgets.js https://cdn.syndication.twimg.com https://platform.twitter.com/js/ https://www.youtube-nocookie.com https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://www.youtube.com/s/player/f82a8c37/player_ias.vflset/en_US/remote.js https://www.youtube.com/s/player/77da52cd/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://lptag.liveperson.net/tag/ https://lptag.liveperson.net/lptag/api/account/38851187/configuration/applications/taglets/ https://accdn.lpsnmedia.net/api/account/38851187/ https://lo.v.liveperson.net/api/js/ https://lpcdn.lpsnmedia.net https://region-eu.libanswers.com https://uwelibrary.libanswers.com https://cdn.unibuddy.co/unibuddy-iframe.js https://cdn.unibuddy.app/unibuddy-iframe.js https://uwelibrary.libanswers.com/1.0/widgets/7390 https://uwelibrary.libanswers.com/js2.37.7/LibAnswers_widget.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static-assets-eu.libanswers.com https://library-apps.uwe.ac.uk https://tfaforms.com/js/iframe_resize_helper.js https://sitecoretest.uwe.ac.uk https://v4in1-si.click4assistance.co.uk https://script.hotjar.com https://sc-static.net 'sha256-z2gF2DcUe1wVcFEiD2h9XEfd26jRbdE2yzKT/4yKAVU=' https://uniquest-uwe.my.site.com https://service.force.com/embeddedservice/5.0/utils/common.min.js https://service.force.com/embeddedservice/5.0/utils/inert.min.js https://d.la1-c2-lo3.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceMenu.jsonp https://service.force.com/embeddedservice/menu/1630076500/channelMenu.min.js https://service.force.com/embeddedservice/5.0/esw.min.js https://service.force.com/embeddedservice/5.0/client/liveagent.esw.min.js https://service.force.com/embeddedservice/5.0/client/invite.esw.min.js https://d.la1-c2-lo3.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp https://uniquest-uwe.my.salesforce.com/lightning/lightning.out.js https://uniquest-uwe.my.salesforce.com/lightning/lightning.out.delegate.js https://d.la1-c2-lo3.salesforceliveagent.com/chat/rest/Visitor/Availability.jsonp https://d.la1-core1.sfdc-5pakla.salesforceliveagent.com/chat/rest/EmbeddedService/EmbeddedServiceMenu.jsonp https://service.force.com/embeddedservice/menu/1678932281/channelMenu.min.js https://d.la1-core1.sfdc-5pakla.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp https://d.la1-core1.sfdc-5pakla.salesforceliveagent.com/chat/rest/Visitor/Availability.jsonp https://bat.bing.com/p/action https://www.clarity.ms/tag/uet/ https://www.clarity.ms/s/ https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net;object-src 'none';style-src 'unsafe-inline' https://*.uwe.ac.uk https://p.typekit.net https://use.typekit.net https://embed.geckochat.io/main.css https://fonts.geckoform.com/metropolis.css https://tagmanager.google.com https://fonts.googleapis.com https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://uwelibrary.libanswers.com/css2.37.7/LibAnswers_widget.min.css https://uwelibrary.libanswers.com/css2.39.0/LibAnswers_widget.min.css https://uwelibrary.libanswers.com https://static-assets-eu.libanswers.com https://service.force.com/embeddedservice/menu/1630076500/channelMenu.min.css https://service.force.com/embeddedservice/5.0/esw.min.css https://tags.srv.stackadapt.com https://service.force.com/embeddedservice/menu/1678932281/channelMenu.min.css https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net;img-src * data: https://p.typekit.net https://www.google-analytics.com https://www.googletagmanager.com https://secure.adnxs.com https://ssl.gstatic.com https://googleads.g.doubleclick.net https://www.google.com;media-src https://audio.geckochat.io https://lpcdn.lpsnmedia.net;frame-src https://*.uwe.ac.uk https://w.soundcloud.com https://www.facebook.com https://app.geckoform.com https://*.doubleclick.net https://*.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://unibuddy.co/embed/uwe-bristol https://unibuddy.co https://unibuddy.app https://popcard.unibuddy.co https://lpcdn.lpsnmedia.net https://lo.idp.liveperson.net https://lo.msg.liveperson.net https://lo.msghist.liveperson.net https://uwe.cloud.panopto.eu https://e.issuu.com https://keyreporter.uwe.ac.uk https://platform.twitter.com https://syndication.twitter.com https://region-eu.libanswers.com http://www.robobraille.org https://uwelibrary.libanswers.com https://*.tfaforms.net/ https://www.tfaforms.com https://tfaforms.com https://v4in1-si.click4assistance.co.uk https://v4in1-ti.click4assistance.co.uk https://www.revolutionviewing.co.uk https://vars.hotjar.com https://www.google.com https://open.spotify.com https://forms.microsoft.com https://d.la1-c2-lo3.salesforceliveagent.com https://aax-eu.amazon-adsystem.com https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net;font-src https://embed.geckochat.io/media/ https://fonts.geckoform.com https://components.uwe.ac.uk https://use.typekit.net https://*.uwe.ac.uk/assets/fonts/ https://maps.googleapis.com https://fonts.gstatic.com https://uniquest-uwe.my.site.com https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net;connect-src https://*.uwe.ac.uk https://www.facebook.com/tr/ https://privacyportal.cookiepro.com https://api.geckochat.io https://*.geckochat.io/live_chat/ wss://router-euwest2.geckochat.io https://www.google-analytics.com https://*.g.doubleclick.net https://*.googlesyndication.com https://cdn.linkedin.oribi.io/partner/ https://region1.google-analytics.com https://region1.analytics.google.com https://secure-ds.serving-sys.com/adServingData/PROD/TMClient/4/1073749574 https://tags.srv.stackadapt.com/sa.jpeg https://lm.serving-sys.com https://tags.srv.stackadapt.com/saq_pxl https://tags.srv.stackadapt.com/js_tracking performance.typekit.net https://info.uwe.ac.uk/announcements/ https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://bat.bing.com wss://lo.msg.liveperson.net https://cascade2-eu.libchat.com https://chat-eu.libanswers.com https://uwelibrary.libanswers.com/1.0/form/submit https://*.hotjar.io/ https://*.hotjar.com/ wss://*.hotjar.com/ https://uniquest-uwe.my.site.com https://service.force.com https://d.la1-core1.sfdc-5pakla.salesforceliveagent.com https://maps.googleapis.com https://px.ads.linkedin.com/wa/ https://k.clarity.ms/collect https://uwe-azukw-sc-10-1-prod-cd.azurewebsites.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.trendyol.com https://www.trendyol-milla.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.cloudflareinsights.com https://cdn.dsmcdn.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://static.ads-twitter.com https://creativecdn.com https://www.glami.com.tr https://www.googleadservices.com https://static.criteo.net https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://sslwidget.criteo.com https://analytics.twitter.com https://tpc.googlesyndication.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://pagead2.googlesyndication.com https://www.gstatic.com https://auth.trendyol.com https://auth.trendyol-milla.com https://payment.trendyol.com https://payment.trendyol-milla.com https://maps.googleapis.com https://console.brightmountainmedia.com https://cdn.cookielaw.org https://img2-digitouch.mncdn.com https://www.googleoptimize.com platform.twitter.com analytics.tiktok.com sslwidget.criteo.com bam.nr-data.net www.google-analytics.com connect.facebook.net ssl.google-analytics.com www.googleadservices.com static.ads-twitter.com mc.yandex.ru googleads.g.doubleclick.net public.trendyol.com public.trendyol-milla.com www.googletagmanager.com s3.amazonaws.com cdnjs.cloudflare.com js-agent.newrelic.com img-trendyol.mncdn.com mc.yandex.com translate.google.com code.jquery.com translate.googleapis.com translate.yandex.net https://google.com https://www.google.com cdn.cookielaw.org static.criteo.net static.cloudflareinsights.com widget.eu.criteo.com www.googleoptimize.com https://gumgum.com https://static.zdassets.com https://media.flixsyndication.net https://static-assets.flix360.io https://media.flixcar.com https://media.flixsyndication.net https://media.flixfacts.com https://prod.flixgvid.flix360.io; report-uri https://public.trendyol.com/discovery-web-websfxsecurity-santral/csp https://public.trendyol-milla.com/discovery-web-websfxsecurity-santral/csp 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://seekingalpha.com https://oculusab--c.vf.force.com https://oculusab.lightning.force.com 1
frame-ancestors depositfiles.com *.depositfiles.com depositfiles.org *.depositfiles.org dfiles.eu *.dfiles.eu dfiles.com *.dfiles.com 1
frame-ancestors 'self' https://photo.riteaid.com/ https://photocar.riteaid.com/ https://chat.riteaid.com/ 1
frame-ancestors 'self' https://ecoticias.com; 1
default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; connect-src https: data: blob: wss://*.hotjar.com; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src https:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; block-all-mixed-content; upgrade-insecure-requests 1
style-src 'self' 'unsafe-inline' https://flipkartads.azureedge.net https://fonts.googleapis.com/ https://fonts.googleapis.com/icon; default-src 'self'  https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://fonts.googleapis.com https://*.flipkart.com https://www.google.com/ blob:; connect-src 'self' *;; script-src 'nonce-wegeE1BZt7Bjh4lqlYWlXQ==' 'self' 'unsafe-inline' 'strict-dynamic' https: https://www.google.com https://www.gstatic.com https://google-analytics.com https://www.googletagmanager.com; object-src 'none'; img-src 'self' * data: blob:; base-uri 'self'; worker-src 'self' https://*.flipkart.com blob: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.adroll.com d.adroll.mgr.consensu.org *.dca0.com *.adyen.com *.akamaihd.net *.go-mpulse.net *.akstat.io *.aexp-static.com *.americanexpress.com tag.yieldoptimizer.com hm.baidu.com *.bambuser.com x.bidswitch.net bat.bing.com *.branch.io app.link s.thebrighttag.com s.btstatic.com *.brightcove.com *.brightcove.net *.brightcovecdn.com dpdb.webvr.rocks *.boltdns.net *.llnwd.net *.llnw.net vjs.zencdn.net *.burberry.com burberry.com cdnjs.cloudflare.com *.contentsquare.net script.crazyegg.com *.doubleclick.net connect.facebook.net www.facebook.com *.fitanalytics.com reporting.us1.fredhopperservices.com d1snv67wdds0p2.cloudfront.net collect-eu.attraqt.io analytics.google.com *.analytics.google.com *.googleapis.com *.googlesyndication.com *.gstatic.com adservice.google.com www.google.com *.google-analytics.com www.googleadservices.com www.googletagmanager.com www.googletagservices.com cdn.grata.cn *.usehero.com *.twilio.com wss://*.vss.twilio.com *.us1.twilio.com wss://*.us1.twilio.com *.eu1.twilio.com wss://*.eu1.twilio.com *.ipinyou.com www.ist-track.com x.klarnacdn.net *.klarna.com *.klarnaevt.com *.liveperson.net wss://*.liveperson.net *.lpsnmedia.net *.mathtag.com service.maxymiser.net bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com *.online-metrix.net *.openx.net *.optimizely.com cdn-assets-prod.s3.amazonaws.com optimizely.s3.amazonaws.com *.paypal.com www.personifyxpassets.com 7vr7bv2vla.execute-api.eu-west-1.amazonaws.com ct.pinterest.com s.pinimg.com *.qudini.com po.st s.po.st rp.gwallet.com *.rakuten.com *.nxtck.com *.xg4ken.com *.linksynergy.com intljs.rmtag.com ln-rules.rewardstyle.com *.richrelevance.com *.riskified.com sb.scorecardresearch.com *.shoprunner.com *.shoprunner.net shopstylecollective.com i.simpli.fi dabs7b6g7t59l.cloudfront.net *.sonobi.com *.spotify.com t.a3cloud.net p.teads.tv idsync.rlcdn.com *.turn.com analytics.twitter.com static.ads-twitter.com platform.twitter.com sp.analytics.yahoo.com s.yimg.com s.yimg.jp b97.yahoo.co.jp mc.yandex.ru *.zooz.com com-burberry-prod1.mini.snplow.net s3.global-e.com webservices.global-e.com utils.global-e.com gepi.global-e.com web.global-e.com securev2.global-e.com www.global-e.com  hcaptcha.com *.hcaptcha.com web-assets-cdn.momentfeed.com api.momentfeed.com api.mapbox.com events.mapbox.com cdn.jsdelivr.net uberall.com maps.google.com *.configcat.com *.shopstylecollective.com app.collectivevoice.com app.collectivevoiceqa.com analytics.tiktok.com www.youtube.com; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; media-src * blob:; object-src 'self'; frame-ancestors 'self' *.burberry.com burberry.com; base-uri 'self'; upgrade-insecure-requests; report-uri https://csp.apps.burberry.com/brby 1
frame-ancestors 'self' https://*.wikiloc.com; 1
default-src 'self'; script-src 'self' 'nonce-74f3849c-29a7-4194-b8d2-8f28d09bf19a' www.googletagmanager.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://tagmanager.google.com https://www.linkedin.com https://platform.twitter.com/ https://www.youtube.com https://prismic.io https://cookie-cdn.cookiepro.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://static.cdn.prismic.io https://geolocation.onetrust.com https://vitals.vercel-insights.com 'sha256-XcxZTIrdL2Z+QnjoqtWcIeAzm/cuioLtkIflc5aq00M=' 'sha256-mjAPvJKRBATPwtDkDe1t+tw2mbmVjgXVfYImJfeAdz8='; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com 'unsafe-inline'; connect-src 'self' www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://privacyportal.cookiepro.com https://cookie-cdn.cookiepro.com https://www.linkedin.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://api.operator.worldcoin.org https://vitals.vercel-insights.com https://geolocation.onetrust.com; img-src 'self' blob: data: www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://worldcoin-company-website.cdn.prismic.io https://www.linkedin.com https://media.licdn.com https://i.ytimg.com https://images.prismic.io https://world-id-assets.com https://prismic-io.s3.amazonaws.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com; media-src 'self' blob: data: https://platform.twitter.com/ https://www.linkedin.com https://media.licdn.com https://worldcoin-company-website.cdn.prismic.io https://images.prismic.io https://prismic-io.s3.amazonaws.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com https://maps.googleapis.com https://worldcoin-company-website.prismic.io https://data.worldcoin.org 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://businessmessages.google.com https://www.youtube.com https://survey.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com;report-uri /business/_/AdsLpServingHttp/cspreport/allowlist;worker-src blob: 'self' 1
form-action https://webto.salesforce.com/servlet/servlet.WebToLead https://www.kaleidescape.com https://kaleidescape.com; 1
default-src https:; script-src blob: https: 'unsafe-eval' 'unsafe-inline';media-src blob: https:; worker-src blob: https://*.zacks.com; style-src https: 'unsafe-inline'; img-src https: data: 'self'; frame-ancestors 'self' zacks.com *.zacks.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' attentivemobile.com events.attentivemobile.com demdex.net dpm.demdex.net *.amazonaws.com m.media-amazon.com static-na.payments-amazon.com apay-us.amazon.com www.dwin1.com *.a.bigcontent.io *.adnxs.com adnxs.com bidswitch.net x.bidswitch.net bluekai.com *.bluekai.com cloudflare.com *.cloudflare.com *.cloudfront.net cohimg.net *.coachoutlet.com coachoutlet.com *.stuartweitzman.com *.criteo.com *.facebook.com *.facebook.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com www.googleadservices.com *.gstatic.com adservice.google.co.id 360yield.com ad.360yield.com *.yahoo.com casalemedia.com ivitrack.com matching.ivitrack.com cm.adgrx.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com jsdelivr.net *.jsdelivr.net liadm.com *.liadm.com media.net contextual.media.net mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com mountain.com *.mountain.com micpn.com pmwclnsg.micpn.com postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com *.online-metrix.net online-metrix.net outbrain.com *.outbrain.com pinimg.com s.pinimg.com pdst.fm cdn.pdst.fm powerreviews.com *.powerreviews.com pubmatic.com simage2.pubmatic.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com *.force.com *.my.salesforce.com *.salesforceliveagent.com sharethrough.com match.sharethrough.com shoprunner.com *.shoprunner.com *.signifyd.com signifyd.com smartadserver.com rtb-csync.smartadserver.com sc-static.net snapchat.com tr.snapchat.com taboola.com sync-t1.taboola.com tapad.com tapestry.tapad.com teads.tv criteo-sync.teads.tv *.tiktok.com trackjs.com *.trackjs.com tremorhub.com criteo-partners.tremorhub.com 3lift.com eb2.3lift.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com ad.smaato.net s.ad.smaato.net rqtrk.eu ws.rqtrk.eu wknd.ai tag.wknd.ai *.attn.tv *.bing.com *.btttag.com *.bluecore.com *.creativecdn.com certona.net *.certona.net www.res-x.com cloudfront.net *.coach.com coach.com *.cquotient.com cquotient.com *.criteo.net *.doubleclick.net doubleclick.net facebook.net *.google.com www.google.com.gt www.google.jo www.google.az *.google.com.lb *.google.co.ma www.google.com.ag www.google.com.jm www.google.mk www.google.com.om www.google.com.my www.google.co.nz www.google.com.au www.google.al www.google.se www.google.com.uy *.google.co.in www.google.co.cr www.google.co.uk www.google.cn www.google.com.ar www.google.hn *.google.iq www.google.ps www.google.hr www.google.com.np www.google.co.za www.google.com.ec www.google.com.kw www.google.com.bd www.google.at *.google.com.gh www.google.ro *.google.am www.google.ca www.google.com.mm *.google.it www.google.kg www.google.pt www.google.com.tw www.google.sr www.google.rw www.google.com.ng www.google.co.jp www.google.ba www.google.bg www.google.com.bo www.google.com.tj ww.google.com.cy www.google.co.tz www.google.rs *.google.bs www.google.ci www.google.im www.google.es www.google.ga www.google.co.ug www.google.co.vi www.google.gy www.google.mn www.google.com.cy www.google.com.vc www.google.com.pg www.google.com.qa www.google.dz www.google.cl www.google.so www.google.la *.google.com.sg *.google.com.co www.google.by www.google.com.sv www.google.com.br *.google.ae www.google.com.do *.google.com.mx *.google.co.il www.google.sn www.google.com.fj www.google.si www.google.dk www.google.lv *.google.com.pe www.google.tn www.google.md *.google.com.ua www.google.com.ly www.google.com.bn www.coachoutlet.cn www.google.tt www.google.gr www.google.co.id www.google.ch www.google.be www.google.mu www.forbes.com www.google.lk www.google.com.mt *.google.com.sa www.google.com.eg www.google.de www.google.cz *.google.lt *.google.com.bh *.google.com.ph www.google.com.pa *.cloudfunctions.net www.googletagmanager.com *.google.co.th www.google.nl www.google.co.ke www.google.pl www.google.com.bz www.google.mw www.google.ht www.google.ge www.google.mv www.google.ee www.google.lu *.google.ie www.google.sk www.google.mg www.google.co.uz www.google.com.ni www.google.hu www.google.com.cu www.google.com.py *.google.com.kh www.google.co.kr www.google.no www.google.fi www.google.co.zm *.google.co.ve www.google.fr *.google.com.vn *.google.com.tr *.google-analytics.com *.google.kz www.google.com.hk *.google.ru *.google.com.pr *.cookielaw.org onetrust.com *.onetrust.com *.optimizely.com optimizely.com *.paypal.com www.paypalobjects.com pinterest.com *.pinterest.com *.quantummetric.com *.rakuten.com tangiblee.com *.tangiblee.com adsrvr.org *.adsrvr.org techlab-cdn.com p11.techlab-cdn.com *.bounceexchange.com api.bluecore.app cnstrc.com *.cnstrc.com *.audioeye.com *.shoppinggives.com api.images.drivecommerce.com api.addressy.com sync-criteo.ads.yieldmo.com services.postcodeanywhere.co.uk *.adyen.com tapes11111.pcapredict.com *.googleapis.com img1.cohimg.net match.prod.bidr.io jelly.mdhv.io images.coach.comis visitor.omnitagjs.com *.socdm.com *.casalemedia.com ade.clmbtech.com events.bouncex.net *.shoprunner.io adx.dable.io ad.tpmn.co.kr cdn.aralego.net sync.1rx.io he.lijit.com cm.adform.net e.dlx.addthis.com 68794905.akstat.io trial-eum-clienttons-s.akamaihd.net login.dotomi.com s.thebrighttag.com ad.yieldlab.net beacon.krxd.net *.amplience.net aorta.clickagy.com thrtle.com p.alcmpn.com *.googlesyndication.com statsigapi.net sync.aralego.com cs.adingo.jp *.rlcdn.com us-u.openx.net cdn.wyng.com pippio.com fast.fonts.net api2.fonts.com www.yext-pixel.com *.drrv.co tapestry.support jira.tapestry.support *.needle.com *.my.salesforce-sites.com *.mapbox.com dynl.mktgcdn.com www.upsellit.com api.bounce-commerce.de smct.co edgeshoppingstatic.azureedge.net cdn.honey.io t.co cdn.ivaws.com sentry.io *.sentry.io api.fillr.com sas.selleramp.com 905trk.com *.instagram.com ln-rules.rewardstyle.com www.coachthailand.win www.shopstyle.com www.foxnews.com *.dealmoon.com tracking.narvar.com go.magik.ly mostlycoupons.com yandex.ru rd.bizrate.com lustrelife.com *.55haitao.com www.bradsdeals.com www.dealmoon.ca rstyle.me www.groupon.com coccoc.com *.coachoutlet.co *.youtube.com youtube.com capitaloneshopping.com www.retailmenot.com www.buyandship.today thecouponboutique.com www.premiumoutlets.com m.baidu.com www.supermama.lt www.simon.com ww55.affinity.net www.savewithsydney.com *.securedvisit.com *.qualtrics.com *.linksynergy.com mpsnare.iesnare.com www.wepowerconnections.com *.loveslisa.tech id5-sync.com *.simpli.fi *.talkable.com track.sv.rkdms.com cdn.shopping.gives *.cloudinary.com cms.katespade.com yastatic.net www.buyma.com tapestryinc.us-7.evergage.com fonts.cdnfonts.com safe.menlosecurity.com s.pubmine.com i.ytimg.com brandcycle.trackonomics.net www.metziahs.com *.kampyle.com *.medallia.com *.fwmrm.net tag.yieldoptimizer.com shareasale.com *.scene7.com app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com *.monetate.net *.kargo.com *.persado.com *.persa.do *.bluecore.app *.pub.lilyai.net c.amazon-adsystem.com *.shopify.com *.cdn.shopifycloud.com shop.app *.shopifysvc.com *.stripe.com data: blob:; 1
default-src 'self' 'unsafe-inline' *.aig.co.kr; img-src 'unsafe-inline' data: *.aig.co.kr https://www.google.co.kr https://analytics.google.com 127.0.0.1:* https://www.google-analytics.com https://wat.ad.daum.net https://www.facebook.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aig.co.kr *.aig.co.kr *.analytics.google.com *.google-analytics.com accounts.google.com adimg.daumcdn.net aigkorea.tt.omtrdc.net api.emforce.co.kr assets.adobedtm.com bc.ad.daum.net bid.g.doubleclick.net cdn-aitg.widerplanet.com connect.facebook.net content.googleapis.com fonts.googleapis.com googleads.g.doubleclick.net googleadservices.com insight.adsrvr.org js.adsrvr.org lfis.google.com maps.gogleapis.com match.adsrvr.org roi.emforce.co.kr ssl.gstatic.com stats.g.doubleclick.net t.buzzad.io t1.daumcdn.net tagmanager.google.com wcs.naver.com wcs.naver.net www.facebook.com www.google.co.il www.google.co.kr www.google.com www.googleadservices.com www.gstatic.com www.google-analytics.com www.googletagmanager.com; style-src 'unsafe-inline' *.aig.co.kr; connect-src wss://localhost:* 127.0.0.1:* *.aig.co.kr:* wss://127.0.0.1:* https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google.co.kr https://wcs.naver.com https://bc.ad.daum.net; frame-src https://insight.adsrvr.org https://www.googletagmanager.com *.aig.co.kr; 1
font-src 'self' https: data:; img-src 'self' https: data: http://s3.amazonaws.com https://s3.amazonaws.com https://images.tapology.com https://www.google-analytics.com; object-src 'none'; style-src 'self' https: 'unsafe-inline' https://a.pub.network; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.com https://a.pub.network https://b.pub.network https://c.pub.network https://d.pub.network https://btloader.com https://api.btloader.com https://cdn.confiant-integrations.net https://www.google-analytics.com https://ssl.google-analytics.com; default-src 'self' https: https://www.tapology.com https://api.tapology.com; connect-src 'self' https: https://api.tapology.com https://www.google-analytics.com http://e.deployads.com/e/dfp.tapology.com 1
default-src 'self'; script-src 'self' https://*.staging.skyra.no/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://uxsignals-frontend.uxsignals.app.iterate.no *.hereapi.com *.api.here.com *.adobe.com *.boost.ai *.episerver.net *.sits.no https://*.vergic.com https://*.psplugin.com blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://region1.google-analytics.com https://ajax.cloudflare.com https://chat.puzzel.com https://siteimproveanalytics.com 'unsafe-inline' 'unsafe-eval'; media-src https://chat.puzzel.com 'self'; style-src 'self' *.api.here.com https://tagmanager.google.com https://dl.episerver.net https://chat.puzzel.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.vergic.com https://*.psplugin.com 'unsafe-inline'; connect-src 'self' https://*.skyra.no blob: *.hereapi.com *.api.here.com *.skatteetaten.no *.sits.no https://*.boost.ai https://api.uxsignals.com https://chat.puzzel.com https://www.google-analytics.com https://region1.google-analytics.com https://*.psplugin.com https://*.vergic.com wss://*.psplugin.com wss://*.vergic.com wss:;form-action 'self';font-src https://*.psplugin.com *.api.here.com https://fonts.googleapis.com https://fonts.gstatic.com https://chat.puzzel.com https://static2.sharepointonline.com 'self'; img-src 'self' blob: data: www.google-analytics.com *.adobe.com *.api.here.com *.gstatic.com https://purecatamphetamine.github.io https://www.googletagmanager.com https://mts.googleapis.com https://dl.episerver.net *.global.siteimproveanalytics.io *.sits.no https://*.psplugin.com https://img.freepik.com/free-vector/businessman-character-avatar-isolated_24877-60111.jpg https://*.vergic.com data:; object-src 'self'; frame-ancestors 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https: kompensasjonsordning.no *.kompensasjonsordning.no 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.eurovisionworld.com; connect-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.eurovisionworld.com eurovision.world eurovision.bet *.twitter.com *.facebook.net *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.cloudflare.com *.googlesyndication.com instagram.com *.instagram.com *.youtube.com 1
frame-ancestors 'self' https://*.evergage.com https://cdn.evgnet.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-N2IzMTBkZGY3MDU5NGNhNThjMmUxNTE4ZjkzMDA3NGY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.government.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.government.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.government.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' qrc: 'nonce-NmI3MjMwZGQtYmJlNi00MDU1LWIwMmMtYWY1MDJiM2VmMTdj' 'strict-dynamic' www.youtube.com *.googletagmanager.com googletagmanager.com tagmanager.google.com http://static.geevisit.com https://gcaptcha4.geetest.com https://gcaptcha4.geetest.com https://static.geetest.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' fonts.googlefonts.cn fonts.googleapis.com *.googletagmanager.com googletagmanager.com tagmanager.google.com https://static.geetest.com https://static.geevisit.com; img-src 'self' blob: data: https: ; font-src 'self' data: fonts.gstatic.com fonts.gstatic.googlefonts.cn; media-src 'self' *.bambulab.cn *.bambulab.com *.bblmw.cn *.bblmw.com; connect-src 'self' https:; frame-src www.youtube-nocookie.com www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/_csp_report; 1
object-src 'none'; script-src 'nonce-c4e37c4d-4a62-4a71-a7a7-18ee1d826495' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri /csp-reports 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com *.a.tile.openstreetmap.org *.b.tile.openstreetmap.org *.c.tile.openstreetmap.org api.amplitude.com *.amplitude.com *.homebank.kz *.halykbank.kz; img-src http: https: data:; worker-src 'self' *.homebank.kz *.halykbank.kz blob:; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.znanylekarz.pl doctoraliaone-pl2-candidate.azurewebsites.net 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.lidl-shop.nl  https://*.online-metrix.net  https://*.parcellab.com  https://analytics.google.com  https://facebook.com  https://fonts.gstatic.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  https://www.google-analytics.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.ftrace.com  https://*.lidl-info.com  https://*.lidl-shop.nl  https://*.vrxs.de  https://facebook.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  https://tbs.tradedoubler.com  https://www.edge-cdn.net; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  moz-extension:  https://*.advertising.com  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.lidl-shop.nl  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.pubmatic.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradetracker.net  https://*.twiago.com  https://*.yahoo.com  https://*.yieldlab.net  https://analytics.google.com  https://awin1.com  https://content.odj.cloud  https://contextual.media.net  https://facebook.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  https://match.sharethrough.com  https://play-lh.googleusercontent.com  https://sync.outbrain.com  https://translate.google.com  https://translate.google.com  https://visitor.omnitagjs.com  https://www.google-analytics.com  https://www.lidl-shop.be  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://*.lidl-shop.nl  https://facebook.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.lidl-shop.nl  https://*.parcellab.com  https://*.semtrack.de  https://*.tradetracker.net  https://ajax.googleapis.com  https://cdn.ravenjs.com  https://code.etracker.com  https://facebook.com  https://forms.office.com  https://h.online-metrix.net  https://lidl-shop.nl  https://s.ytimg.com  https://www.dwin1.com  https://www.google-analytics.com  https://www.googleadservices.com  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.fitanalytics.com  https://*.lidl-shop.nl  https://*.parcellab.com  https://facebook.com  https://forms.office.com  https://lidl-shop.nl; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://beeem.co  https://lidl-shop.nl; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
upgrade-insecure-requests; default-src 'self' *.argeweb.nl https://cdn.euc-freshbots.ai https://in.hotjar.com; style-src 'self' *.argeweb.nl 'unsafe-inline' yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css https://libraries.hund.io/ https://app.vwo.com/ https://fonts.googleapis.com https://*.google.com; img-src 'self' *.argeweb.nl data: https: https://jwpltx.com https://www.facebook.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.google.nl https://*.adnxs.com https://*.msn.com https://*.doubleclick.net https://ads.yahoo.com https://www.google-analytics.com https://*.openx.net https://*.bidswitch.net; script-src 'self' *.argeweb.nl data: 'unsafe-inline' 'unsafe-eval' yourhosting.freshchat.com https://cdn.euc-freshbots.ai https://code.jquery.com/jquery-1.12.4.js https://code.jquery.com/ui/1.12.1/jquery-ui.js https://libraries.hund.io/ https://heatmap.visualwebsiteoptimizer.com/ https://app.vwo.com/ https://dev.visualwebsiteoptimizer.com/ https://api.livechatinc.com/ https://cdn.livechatinc.com/ https://secure.livechatinc.com/ https://www.clickcease.com/monitor/stat.js https://snap.licdn.com https://embed.typeform.com https://www.chartjs.org https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://www.linkedin.com/px/* https://px.ads.linkedin.com/ https://sjs.bizographics.com/insight.min.js https://script.hotjar.com https://*.jwpcdn.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://*.openx.net https://*.bidswitch.net https://www.googleadservices.com https://www.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://flex.msn.com https://static.mailplus.nl https://m7.mailplus.nl https://bat.bing.com https://googleads.g.doubleclick.net; frame-src 'self' *.argeweb.nl yourhosting.freshchat.com https://app.vwo.com/ https://secure.livechatinc.com/ https://form.typeform.com/ https://awps01.argewebhosting.nl https://www.youtube.com https://argeweb.typeform.com https://vars.hotjar.com https://*.google.com https://*.facebook.com https://*.doubleclick.net; font-src 'self' data: *.argeweb.nl fonts.gstatic.com; child-src 'self' *.argeweb.nl https://*.google.com; connect-src 'self' *.argeweb.nl argeweb.netwerkstatus.nl *.google-analytics.com https://rts-euc.freshworksapi.com wss://rts-euc.freshworksapi.com https://www.euc-freshbots.ai https://cdn.euc-freshbots.ai https://monitor.clickcease.com/ https://api.livechatinc.com/ https://ws9.hotjar.com/ wss://ws9.hotjar.com/ https://ws8.hotjar.com/ wss://ws8.hotjar.com/ https://awps01.argewebhosting.nl/netwerkstatus/test.php https://www.google-analytics.com https://stats.g.doubleclick.net https://app.convertflow.co https://ws2.hotjar.com wss://ws10.hotjar.com wss://ws3.hotjar.com wss://ws2.hotjar.com https://vc.hotjar.io wss://ws1.hotjar.com https://in.hotjar.com; form-action https:; frame-ancestors 'self'; report-uri /debug/csp; 1
default-src 'self' https://fonts.gstatic.com https://www.gstatic.com:443; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com:443 https://www.gstatic.com:443 https://www.googletagmanager.com:443; style-src 'self' 'unsafe-inline' https://www.gstatic.com:443 https://fonts.googleapis.com; frame-src https://platform.twitter.com:443; img-src 'self' data: https://syndication.twitter.com:443; object-src 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.twitter.com https://*.sumsub.com;script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.sumsub.com;img-src 'self' data: blob: https://objects-eu.idanalyzer.com https://*.google-analytics.com https://*.googletagmanager.com https://*.twitter.com https://*.xeggex.com https://*.sumsub.com;connect-src 'self' https://*.google-analytics.com https://*.sumsub.com wss://*.xeggex.com wss://xeggex.com https://*.xeggex.com;frame-src 'self' https://*.twitter.com https://*.sumsub.com https://*.cloudflare.com;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com bat.bing.com *.stripe.com *.sift.com media.twiliocdn.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; style-src 'self' 'unsafe-inline' static0.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com; img-src 'self' data: blob: https:; font-src 'self' data: *.gstatic.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net; frame-src 'self' platform.twitter.com syndication.twitter.com *.stripe.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; frame-ancestors 'self'; connect-src 'self' *.stripe.com stats.g.doubleclick.net *.sentry.io bat.bing.com api.getaddress.io eventgw.twilio.com media.twiliocdn.com wss://chunderw-vpc-gll.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.youtube.com *.ytimg.com *.google.co.uk *.google.com *.googlesyndication.com *.gstatic.com www.facebook.com connect.facebook.net; object-src 'self' data:; media-src 'self' api.twilio.com d10hbub4nkludc.cloudfront.net d36pgh4m67wnlt.cloudfront.net staticcdn.openrent.co.uk imagescdn.openrent.co.uk d294caftvmxj2y.cloudfront.net; worker-src 'self' blob; report-uri https://orreports2.report-uri.com/r/t/csp/enforce; 1
child-src 'unsafe-inline' 'self' *.directnic.net *.livechatinc.com *.paypal.com *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.g.doubleclick.net *.braintree.com *.hcaptcha.com *.livechat.s3.amazonaws.com; frame-ancestors 'self' directnic.net; 1
style-src * 'self' 'unsafe-inline'; frame-ancestors 'self' *.thinglink.com cdn.thinglink.me *.tlsrv.net teams.microsoft.com *.teams.microsoft.com *.skype.com *.itslearning.com *.itsltest.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/;style-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/; script-src-elem 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/ https://www.googleadservices.com/; img-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/ https://imgsrv.vakifbank.com.tr/ https://vakifbank.com.tr/ data: ; font-src 'self' 'unsafe-inline' https://apigw.vakifbank.com.tr/;frame-src 'self' 'unsafe-inline' https://basvuru.vakifbank.com.tr/ https://maps.vakifbank.com.tr/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://www.google.com/ https://www.google.com.tr/ https://webservice.foreks.com/ https://www.youtube.com https://ytimg.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval';worker-src blob: https://*.air360tracker.net;frame-ancestors https://www.saseurobonusshop.com/ https://eurobonus.shopping https://saseurobonusmastercard.se/ https://saseurobonusmastercard.no/ https://saseurobonusmastercard.dk/ https://swipp.com https://app.swipp.com https://www.rewardspay.com/ https://upgrade.plusgrade.com https://consumer-prdb.plusgrade.com https://consumer-prd.plusgrade.com https://sas-next-staging.crossroads.se/ https://www.coop.se https://kiosk.coop.se https://www-stg.rewardspay.com https://app.contentful.com 'self' 1
default-src 'self'; connect-src 'self' matomo02.itzbund.de *.readspeaker.com *.bmbfcluster.de *.akamaihd.net *.evostream.com; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo02.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de *.bmbfcluster.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de *.akamaihd.net *.evostream.com; frame-src *.datenportal.bmbf.de *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com  *.unesco.de *.readspeaker.com datawrapper.dwcdn.net https://streaming.sendewerk.berlin app.sli.do *.unitylivestream.com playout.3qsdn.com; img-src 'self' data: matomo02.itzbund.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.geodatenzentrum.de *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' data: *.sp.epl30.intern *.kooperation-international.de; 1
frame-ancestors 'self' https://userheat.com http://localhost:3031 https://*.wantedly.com 1
frame-ancestors mygpapp.grameenphone.com 1
'frame-ancestors' 'self' 1
frame-ancestors 'self' www.ellipsizdss.com keysight.lookbookhq.com keysight.pathfactory.com next.brella.io online-events.keysight.com *.keysight.com *.keysight.com.cn *.hlx.page *.hlx.live 1
default-src 'self' *.fec.gov *.app.cloud.gov; connect-src 'self' *.fec.gov *.app.cloud.gov https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; img-src 'self' *.fec.gov *.app.cloud.gov data: https://*.ssl.fastly.net https://www.google-analytics.com https://tiles.stadiamaps.com/tiles/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dap.digitalgov.gov https://polyfill.io/ https://www.google.com/recaptcha/ https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' data:; object-src 'none'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' miamidade.granicus.com; 1
frame-ancestors 'self' https://areaxt.com https://staging.areaxt.com 1
default-src 'self' 'unsafe-inline' https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com ; font-src 'self' https://*.uni-paderborn.de data:; img-src 'self' data: https://pbs.twimg.com https://*.google.com https://www.googleapis.com https://*.uni-paderborn.de https://*.gstatic.com/images; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.uni-paderborn.de https://www.google.com https://cse.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; media-src 'self' https://*.uni-paderborn.de https://*.upb.de https://streaming.uni-paderborn.de:2233 blob:; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'self'  mailto: tel: https://*.uni-paderborn.de https://www.youtube-nocookie.com https://player.vimeo.com https://*.upb.de https://streaming.uni-paderborn.de:2233 https://*.google.com 1
frame-ancestors https://*.bw-infra.de https://*.baden-wuerttemberg.de; 1
default-src 'self'; worker-src 'self' blob: https://www.youtube.com/ https://fast.wistia.com https://s7.addthis.com https://forms.hubspot.com https://forms.hsforms.com; frame-src 'self' https://player.vimeo.com/ https://www.google.com/ https://optimize.google.com https://youtube.com https://platform.twitter.com https://vars.hotjar.com https://www.youtube.com/ https://fast.wistia.com https://fast.wistia.net/ https://s7.addthis.com https://forms.hubspot.com https://forms.hsforms.com https://www.facebook.com https://td.doubleclick.net https://app.vwo.com; connect-src 'self' https://px.ads.linkedin.com/wa/ https://cdn.linkedin.oribi.io/ https://neo.tildacdn.com https://boards-api.greenhouse.io https://forms.tildacdn.com https://search.tildacdn.com https://feeds.tildacdn.com https://insta.tildacdn.com https://js.hs-banner.com https://assets8.lottiefiles.com https://assets9.lottiefiles.com https://assets10.lottiefiles.com https://thumb.tildacdn.com https://stat.tildacdn.com https://sysstat.tildacdn.com https://assets6.lottiefiles.com https://hubspot-forms-static-embed.s3.amazonaws.com wss://ws.hotjar.com wss://ws2.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com https://ws2.hotjar.com https://ws6.hotjar.com https://ws7.hotjar.com https://in.hotjar.com https://content.hotjar.io https://trc-events.taboola.com/ https://api.hubapi.com/ https://www.facebook.com/tr/ https://www.google-analytics.com https://embed-ssl.wistia.com https://api.hubspot.com https://forms.hsforms.com https://distillery.wistia.com https://pipedream.wistia.com https://fast.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embedwistia-a.akamaihd.net https://m.addthis.com https://s7.addthis.com https://stats.g.doubleclick.net https://analytics.google.com https://cta-service-cms2.hubspot.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://r1.visualwebsiteoptimizer.com https://r2.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com ; font-src 'self' data: https://use.fontawesome.com https://fonts.gstatic.com https://dev.visualwebsiteoptimizer.com; img-src 'self' data: blob: https://px4.ads.linkedin.com/ https://i.ytimg.com https://forms-na1.hsforms.com https://sc.lfeeder.com https://tr.lfeeder.com/ https://lftracker.leadfeeder.com https://scontent-frt3-1.cdninstagram.com https://scontent-frx5-1.cdninstagram.com https://scontent-frx5-2.cdninstagram.com https://www.googletagmanager.com https://img.youtube.com https://assets8.lottiefiles.com https://tr.outbrain.com https://thumb.tildacdn.com https://s-insta.tildacdn.com https://stat.tildacdn.com https://static.tildacdn.com https://static.tildacdn.one https://optim.tildacdn.one https://static3.tildacdn.com https://www.entersekt.com https://trc.taboola.com https://p.adsymptotic.com/d/px/ https://www.linkedin.com https://cds.taboola.com https://www.facebook.com/tr/ https://www.google.com/pagead/ https://www.google.co.za/pagead/ https://googleads.g.doubleclick.net/pagead/ https://px.ads.linkedin.com https://extensionscdn.joomla.org https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ads/ga-audiences https://www.google.co.za/ads/ga-audiences https://track.hubspot.com https://stats.g.doubleclick.net https://embed-ssl.wistia.com https://fast.wistia.com https://embedwistia-a.akamaihd.net https://forms.hsforms.com https://no-cache.hubspot.com https://perf.hsforms.com https://perf-na1.hsforms.com https://dev.visualwebsiteoptimizer.com https://r1.visualwebsiteoptimizer.com https://r2.visualwebsiteoptimizer.com https://r3.visualwebsiteoptimizer.com https://thb.tildacdn.one; media-src 'self' data: blob: https://embedwistia-a.akamaihd.net; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://cdn.matomo.cloud/entersekt.matomo.cloud/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://sc.lfeeder.com https://tr.lfeeder.com https://lftracker.leadfeeder.com https://neo.tildacdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://neo.tildacdn.com https://stat.tildacdn.com https://tr.outbrain.com https://script.hotjar.com https://amplify.outbrain.com https://static.tildacdn.com https://www.entersekt.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://platform.twitter.com https://static.hotjar.com  https://trc.taboola.com https://cdn.taboola.com https://connect.facebook.net https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://www.google.co.za/pagead/ https://www.googleadservices.com/pagead/ https://js.hs-banner.com https://js.hsadspixel.net https://appscdn.joomla.org https://ajax.googleapis.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://js.hs-analytics.net https://api.usemessages.com https://js.usemessages.com https://s.ytimg.com https://src.litix.io https://www.youtube.com https://js.hs-scripts.com https://fast.wistia.com https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://fast.wistia.net https://js.hsforms.net https://forms.hubspot.com https://forms.hsforms.com https://s7.addthis.com https://m.addthisedge.com https://m.addthis.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com/px/li_sync https://secure.hiss3lark.com/Track/Capture.aspx https://js.hubspot.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://static.tildacdn.one; style-src 'self' 'unsafe-inline' https://static.tildacdn.com https://www.entersekt.com https://use.fontawesome.com https://entersekt.info  https://optimize.google.com https://fonts.googleapis.com https://app.vwo.com https://static.tildacdn.one 1
default-src 'self'; frame-ancestors 'none'; form-action 'self'; object-src 'self'; img-src 'self' data: 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://static.tugraz.at https://sso.tugraz.at https://analytics.tugraz.at *.tugraz.at https://*.twitter.com https://*.twimg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com; child-src 'self' *.tugraz.at *.youtube.com *.youtube-nocookie.com *.google.com *.mapbuildr.com mapbuildr.com *.googleapis.com *.openstreetmap.org https://*.twitter.com https://letscast.fm; img-src 'unsafe-inline' 'unsafe-eval' * data:; 1
default-src 'self'  https://itemku.com ;script-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.google-analytics.com *.talkjs.com *.tiktok.com *.facebook.net *.doubleclick.net *.gstatic.com *.hotjar.com *.crazyegg.com itemku-game.s3.ap-southeast-1.amazonaws.com d1ydmqq23rvhbb.cloudfront.net *.netcoresmartech.com cdn-sdk.hansel.io *.polyfill.io polyfill.io *.googlesyndication.com app.termly.io *.clarity.ms lbd.itemku.com beacon.riskified.com *.rapyd.net  https://s.itemku.com https://itemku.com ;connect-src 'self' https: data: blob: ws: wss: *.crazyegg.com  https://itemku.com ;img-src 'self' https: http: blob: data: *.crazyegg.com  https://itemku.com ;font-src *.gstatic.com https: http:  https://itemku.com ;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.itemku.com *.talkjs.com *.crazyegg.com cdn-sdk.hansel.io https://s.itemku.com https://itemku.com ;frame-ancestors 'self' *.google.com *.googletagmanager.com *.googleadservices.com *.talkjs.com *.gle/ https://forms.gle/ *.tiktok.com *.facebook.net *.doubleclick.net *.hotjar.com *.byte-stack.net *.ovo.id itemku.com *.dana.id  https://itemku.com ;media-src 'self' https: *.talkjs.com  https://itemku.com ;frame-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.talkjs.com *.gle/ https://forms.gle/ *.tiktok.com *.facebook.net *.doubleclick.net *.hotjar.com *.youtube.com *.crazyegg.com *.byte-stack.net *.ovo.id itemku.com *.googlesyndication.com *.dana.id app.termly.io *.rapyd.net  https://itemku.com ;worker-src 'self' blob:  https://itemku.com 1
frame-ancestors *.indiatimes.com *.zigwheels.com *.google.com *.cdn.ampproject.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://ssl.google-analytics.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com http://visit.smartjailmail.com https://visit.smartjailmail.com https://static.cloudflareinsights.com https://cloudflareinsights.com; img-src 'self' blob: data: https://ssl.google-analytics.com https://www.gstatic.com https://sjm-photos.s3.amazonaws.com; report-uri https://smart.report-uri.io/r/default/csp/enforce; 1
frame-ancestors 'self' *.brusselsairlines.com *.lufthansaexperts.com 1
frame-ancestors 'self' https://*.centris.ca; default-src 'self' https://*.centris.ca https://analytics.google.com https://*.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://www.google.ca https://www.google.com https://www.googletagmanager.com https://sb.scorecardresearch.com https://cdn.jsdelivr.net https://*.locallogic.co https://cdnjs.cloudflare.com https://browser.sentry-cdn.com https://maps.google.com https://maps.google.ca https://maps.googleapis.com https://*.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com https://*.arcgis.com https://events.mapbox.com https://maxcdn.bootstrapcdn.com https://*.lrcontent.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.loginradius.com https://www.prospectsweb.com https://qc.prospects.com https://www.youtube.com https://*.tryinteract.com https://spark.adobe.com https://*.surveymonkey.com https://ajax.googleapis.com https://*.ofsys.com https://ofsys.com https://*.dialoginsight.com https://*.pinterest.com https://*.pinterest.ca https://s.pinimg.com https://api.maptiler.com https://*.research.net https://cdn.linkedin.oribi.io wss://ws.hotjar.com https://sdk.privacy-center.org https://api.privacy-center.org https://datawrapper.dwcdn.net https://datawrapper.dwcdn.net blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
connect-src 'self' *.uhaul.com *.uhaul.net uhaul.com uhaul.net *.amerco.org *.amercod.org *.abtasty.com *.addthis.com *.adsrvs.org *.bing.com *.google-analytics.com *.havasedge.com *.kaltura.com *.qualtrics.com *.twil.io *.twilio.com *.virtualearth.net *.w55c.net *.scheduler-rt.getmindful.com analytics.google.com b28991bfdad25dc3.cbridgert.vhtcloud.com browser.events.data.microsoft.com report.uhaul.gbqofs.io sdk.iad-05.braze.com stats.g.doubleclick.net wss://*.twilio.com uhaul.my.site.com uhaul.force.com uhaul--fullcopy.sandbox.my.site.com uhaul--fullcopy.sandbox.my.salesforce-scrt.com; worker-src blob: 'self'; img-src data: blob: about: 'self' *.uhaul.com *.uhaul.net uhaul.com uhaul.net *.abtasty.com *.adsrvs.org *.amazonaws.com *.bing.com *.doubleclick.net *.google-analytics.com *.havasedge.com *.kaltura.com *.qualtrics.com *.virtualearth.net *.w55c.net *.webselfstorage.com amercomediastorage.blob.core.windows.net analytics.convertlanguage.com appboy-images.com b28991bfdad25dc3.cbridgert.vhtcloud.com braze-images.com cdn.nextopia.net cdnep-uhaul-uhaulcom-global-p-001.azureedge.net cdnep-uhaul-uhaulcom-global-p-002-premium.azureedge.net gstatic.com i.ytimg.com img.youtube.com insight.adsrvr.org movinginsider.com prf.hn uhaulmediastorage.blob.core.windows.net uhaulreceiptimages.blob.core.windows.net uhaulreceipts.blob.core.windows.net webselfstorage.com www.bingmapsportal.com www.google.com www.googletagmanager.com youtu.be myuhaulstory.com; font-src 'self' blob: data: *.uhaul.com *.uhaul.net uhaul.com uhaul.net *.abtasty.com *.googleapis.com *.gstatic.com *.kaltura.com cdnep-uhaul-uhaulcom-global-p-001.azureedge.net cdnep-uhaul-uhaulcom-global-p-002-premium.azureedge.net; media-src blob: 'self' *.kaltura.com cdnep-uhaul-uhaulcom-global-p-001.azureedge.net uhaulcomcdnstorage.blob.core.windows.net; style-src 'self' 'unsafe-inline' *.uhaul.com *.uhaul.net uhaul.com uhaul.net *.abtasty.com *.bing.com *.googleapis.com *.gstatic.com *.w55c.net b28991bfdad25dc3.cbridgert.vhtcloud.com cdn.nextopia.net cdnep-uhaul-uhaulcom-global-p-001.azureedge.net cdnep-uhaul-uhaulcom-global-p-002-premium.azureedge.net s7.addthis.com tagmanager.google.com service.force.com uhaul.force.com uhaul.my.site.com uhaul--fullcopy.sandbox.my.site.com; frame-src 'self' *.uhaul.com *.uhaul.net uhaul.com uhaul.net *.abtasty.com *.addthis.com *.dotmailer-surveys.com *.doubleclick.net *.havasedge.com *.kaltura.com *.pepperjamnetwork.com *.qualtrics.com *.w55c.net *.youtube.com accounts.google.com apis.google.com insight.adsrvr.org match.adsrvr.org www.google.com youtu.be service.force.com uhaul--fullcopy.sandbox.my.site.com uhaul--fullcopy--c.sandbox.vf.force.com; object-src 'self'; default-src 'self' *.uhaul.com *.uhaul.net uhaul.com uhaul.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.uhaul.com *.uhaul.net *.amerco.org *.amercod.org uhaul.com uhaul.net *.abtasty.com *.addthis.com *.addthisedge.com *.bing.com *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.havasedge.com *.instagram.com *.kaltura.com *.pepperjam.com *.qualtrics.com *.surveymonkey.com *.twil.io *.twiliocdn.com *.virtualearth.net *.w55c.net *.youtube.com *.ytimg.com ac.nextopiasoftware.com ajax.aspnetcdn.com ajax.googleapis.com analytics.convertlanguage.com b28991bfdad25dc3.cbridgert.vhtcloud.com cdn.gbqofs.com cdn.nextopia.net cdnep-uhaul-uhaulcom-global-p-001.azureedge.net cdnep-uhaul-uhaulcom-global-p-002-premium.azureedge.net download.pi.dynamics.com js.adsrvr.org js.appboycdn.com r2.dotmailer-surveys.com uhaul-com.ecomm-nav.com www.googleadservices.com www.googletagmanager.com www.gstatic.com youtu.be service.force.com *.salesforceliveagent.com uhaul.force.com uhaul.my.site.com uhaul.my.salesforce.com static.lightning.force.com uhaul--fullcopy.sandbox.my.site.com; ; upgrade-insecure-requests; 1
default-src 'self' https://*.iec.ch/ https://iec.ch/; font-src *;img-src 'self' https://*.s3.eu-west-1.amazonaws.com/ https://*.iec.ch/ https://iec.ch/ data: https://*.gstatic.com/ https://*.google.com/ http://*.google.com/ http://*.googleapis.com/ https://*.mapbox.com/ https://*.openstreetmap.org/ https://*.google-analytics.com/ https://*.fastly.net/ https://*.cloudfront.net/; script-src 'self' https://*.iec.ch/ https://iec.ch/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.iec.ch/ https://iec.ch/ https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://unpkg.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/;style-src-elem * 'unsafe-inline';script-src-elem * 'unsafe-inline';frame-src 'self' https://open.spotify.com https://app.powerbi.com https://*.surveymonkey.com https://*.widgets.sociablekit.com/ https://widgets.sociablekit.com/ https://*.tiktok.com/ https://*.youtube-nocookie.com/ https://*.youtube.com/ https://*.vimeo.com/ https://*.mtcaptcha.com/ https://*.mikle.com/ https://*.google.com/ https://*.iec.ch/ https://iec.eu.qlikcloud.com/ https://*.eu.qlikcloud.com/ https://iec.ch/;frame-ancestors 'self' https://*.youtube-nocookie.com/ https://*.youtube.com/ https://*.vimeo.com/ https://*.mtcaptcha.com/ https://*.mikle.com/ https://*.google.com/ https://*.iec.ch/ https://iec.ch/;connect-src *; 1
default-src 'self'; child-src 'self' blob: https://platform.twitter.com https://www.youtube.com https://ens2.lacity.org https://syndication.twitter.com https://cse.google.com https://chipweb.azurewebsites.net https://vars.hotjar.com https://lacity.granicus.com https://www.google.com https://local.nixle.com; connect-src 'self' https://geohub.lacity.org https://opendata.arcgis.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://calendar.lacity.org https://www.lacity.org/feeds/city-directory wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://c.go-mpulse.net https://*.akstat.io https://api.lacity.org https://*.akamaihd.net https://surveystats.hotjar.io https://bam.nr-data.net https://api.userway.org/api/ https://maps.googleapis.com https://l.sharethis.com https://www.lacity.gov/feeds/city-directory https://*.userway.org https://public.gis.lacounty.gov https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://d4p29bwn040fq.cloudfront.net/; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com https://use.fontawesome.com https://pro.fontawesome.com https://stackpath.bootstrapcdn.com https://*.hotjar.com https://cdn.userway.org/widgetapp/bundles/udf/ https://kit.fontawesome.com/ https://ka-p.fontawesome.com/; frame-src 'self' https://platform.twitter.com https://www.youtube.com https://ens2.lacity.org https://syndication.twitter.com https://cse.google.com https://chipweb.azurewebsites.net https://vars.hotjar.com https://lacity.granicus.com https://www.google.com https://local.nixle.com https://player.vimeo.com/ https://cdn.userway.org/ https://www.powr.io/; img-src 'self' https: blob: data:; manifest-src 'none'; media-src 'self' https: blob:; object-src 'none'; prefetch-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://calendarui.lacity.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chipweb.azurewebsites.net https://cse.google.com https://maps.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.hotjar.com https://s.go-mpulse.net https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate-pa.googleapis.com/ https://googleapis.com https://cdn.userway.org/ https://www.powr.io https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://cdn.gtranslate.net/ cdn.jsdelivr.net cdnjs.cloudflare.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com; script-src-attr 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'report-sample' https://calendarui.lacity.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://chipweb.azurewebsites.net https://cse.google.com https://maps.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com https://unpkg.com https://www.google.com https://www.youtube.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.hotjar.com https://s.go-mpulse.net https://www.gstatic.com https://www.googletagmanager.com https://js-agent.newrelic.com https://bam.nr-data.net https://translate-pa.googleapis.com/ https://googleapis.com https://cdn.userway.org/ https://www.powr.io https://platform-api.sharethis.com https://buttons-config.sharethis.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ https://cdn.gtranslate.net/ cdn.jsdelivr.net cdnjs.cloudflare.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com mdbootstrap.com stackpath.bootstrapcdn.com; style-src 'self' 'unsafe-inline' 'report-sample' data: https://chipweb.azurewebsites.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://www.google.com https://calendarui.lacity.org https://platform.twitter.com https://cdn.userway.org/ https://ton.twimg.com https://www.gstatic.com/ https://*.hotjar.com https://kit.fontawesome.com/ https://ka-p.fontawesome.com/ cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'report-sample'; style-src-elem 'self' 'unsafe-inline' 'report-sample' data: https://chipweb.azurewebsites.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://translate.googleapis.com https://use.fontawesome.com https://pro.fontawesome.com https://www.google.com https://calendarui.lacity.org https://platform.twitter.com https://cdn.userway.org/ https://ton.twimg.com https://www.gstatic.com/ https://*.hotjar.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self' 1
frame-src 'self' https://challenges.cloudflare.com 1
script-src 'self' https://*.googletagmanager.com 'nonce-5351108162844659b66cbd2455f6ee2a'; object-src 'self'; img-src 'self' data: https: https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 1
default-src 'self'; child-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; connect-src 'self' matomo.openstreetmap.org https://nominatim.openstreetmap.org/ https://query.openstreetmap.org/query-features https://routing.openstreetmap.de/ https://graphhopper.com/api/1/route https://valhalla1.openstreetmap.de/route; font-src 'none'; form-action 'self' render.openstreetmap.org; frame-ancestors 'self'; frame-src 'self' http://127.0.0.1:8111 https://127.0.0.1:8112; img-src 'self' data: www.gravatar.com *.wp.com tile.openstreetmap.org *.tile.openstreetmap.org *.tile.thunderforest.com tile.tracestrack.com *.openstreetmap.fr matomo.openstreetmap.org https://openstreetmap-user-avatars.s3.dualstack.eu-west-1.amazonaws.com https://openstreetmap-gps-images.s3.dualstack.eu-west-1.amazonaws.com; manifest-src 'self'; media-src 'none'; object-src 'self'; script-src 'self' matomo.openstreetmap.org; style-src 'self' 'unsafe-inline' 'nonce-KXoHRBCnP2cFo7S0QmrP0z9z5WmYKZvwHnovM83VFuc='; worker-src 'none' 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.com.mx doctoraliaone-mx2-candidate.azurewebsites.net 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; worker-src 'self' blob:; object-src 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tsdtocl.com https://google.com/pagead/form-data/1071727046 https://privacyportal.onetrust.com https://edge.adobedc.net https://cm.everesttech.net https://google.com/ccm/form-data/1071727046 https://onsemi.demdex.net https://geolocation.onetrust.com https://i.liadm.com/s/66627 https://trc.taboola.com/sg/liveintent/1/um https://cdn.cookielaw.org https://assets.adobedtm.com https://adobedc.demdex.net https://dpm.demdex.net https://data.enablementadobe.com https://*.wootric.com https://wootric-eligibility.herokuapp.com https://s.yimg.com https://static.lightning.force.com https://onsemineworg.my.salesforce.com https://service.force.com https://d.la2-c1-ia5.salesforceliveagent.com https://c.la2-c1-ia5.salesforceliveagent.com https://onsemineworg.my.site.com https://c1.sfdcstatic.com https://www.gstatic.cn https://www.recaptcha.net https://onsemineworg.my.salesforce.com https://onsemineworg.my.site.com https://d.la2-c1-ia5.salesforceliveagent.com https://service.force.com https://c1.sfdcstatic.com https://onsemi.componentsearchengine.com https://*.plexim.com https://event.on24.com https://my.onsemi.com https://www.onsemi.jp https://www.onsemi.cn https://www.onsemi.com https://identity.onsemi.com https://tags.tiqcdn.cn https://api.ipify.org https://p.adsymptotic.com https://*.ztsrv.com https://px.ads.linkedin.com https://my.demio.com https://angular-ui.github.io https://vidassets.terminus.services https://cdn.bigzeta.com https://api.bigzeta.com https://info.onsemi.com https://cdn.demio.com https://onsemi.ladesk.com https://onsemi.taleo.net https://*.gcs-web.com https://*.atdmt.com https://*.mktoresp.com https://*.marketo.com https://*.taboola.com https://*.tealiumiq.com https://*.tealium.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.baidu.com https://*.geniusmonkey.com https://*.doubleclick.net https://*.gstatic.com https://*.linkedin.com https://*.pingdom.net https://*.crazyegg.com https://*.marketo.net https://*.licdn.com https://www.google.com https://*.tiqcdn.com https://*.digikey.com https://*.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://*.facebook.com https://*.boltdns.net https://*.brightcove.net https://*.brightcove.com https://*.zencdn.net https://*.akamaihd.net https://*.cloud.coveo.com https://*.ytimg.com https://go.onsemi.com https://*.kc-usercontent.com https://app.kontent.ai blob: data:  https://cdn.linkedin.oribi.io https://767-faw-709.mktoutil.com https://sp.analytics.yahoo.com https://*.analytics.google.com https://analytics.google.com https://*.cdn.office.net  https://insight.adsrvr.org  https://js.adsrvr.org 1
default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.recaptcha.net/recaptcha/api.js www.gstatic.com; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' careem.com https://www.google-analytics.com; font-src 'self'; frame-src 'self' https://www.googletagmanager.com https://www.recaptcha.net https://www.youtube.com; img-src 'self' https://careem-public-web-media.imgix.net https://upload-cdn.careem.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self' https://upload-cdn.careem.com https://careem-public-web-media.imgix.net; report-uri https://646c74d0974ac544f93aad6a.endpoint.csper.io/?v=3; worker-src 'none'; form-action 'self'; 1
default-src 'self' 'data'; script-src 'self' 'data' 'unsafe-inline' https://www.google-analytics.com https://kit.fontawesome.com https://www.googletagmanager.com https://maps.googleapis.com; style-src 'self' 'data' 'unsafe-inline'; connect-src 'self' 'data' https://maps.googleapis.com https://*.fontawesome.com https://*.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' 'data' https://maps.gstatic.com data: https://www.google-analytics.com; font-src 'self' 'data' data: https://fonts.gstatic.com https://*.fontawesome.com; report-uri /csprep/ 1
frame-ancestors 'self' https://*.synthesia.io http://10.4.130.137:3000/ 1
frame-ancestors https://www.delta.nl https://www.zeelandnet.nl 1
media-src * data: blob:; font-src * data: blob:; frame-ancestors 'self' *.powtoon.com teams.microsoft.com *.teams.microsoft.com *.skype.com bb.powtoon.co *.instructure.com *.sliceapp.net; default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mailto:; img-src * data: blob: 1
default-src 'self'; worker-src blob:; child-src blob:; font-src * data: https:; img-src * data:; media-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' https:; style-src * 'unsafe-inline' https:; connect-src * https:; frame-src * https:; 1
frame-ancestors 'self' https://*.uit.no https://www.kunnskapscim.no https://uit.topdesk.net 1
default-src * gap:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data: blob: android-webview-video-poster:; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' *.logz.io; 1
default-src 'self'; base-uri 'self'; script-src 'nonce-52f380f3b8403e637e6d0281c588ec63' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.eharmony.com tms.eharmony.com *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: http: https: *.instana.io ; font-src 'self' data: *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
frame-ancestors 'self' us.creativecdn.com *.encuentra24.com *.inmobiliaria24.com *.casas24.com *.carros24.com encuentra24.zendesk.com *.youtube.com view.atdmt.com www.facebook.com www.google.com encuentra24.wufoo.com.mx encuentra24.ticforum-ca.com tpc.googlesyndication.com googleads.g.doubleclick.net storage.googleapis.com js.stripe.com e24.unityducruet.com cotizador.unityducruet.com api-js.datadome.co s.ytimg.com www-widgetapi.js googlesyndication.com youtube.com teads.tv; 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  intent:  wss://127.0.0.1:*  https://*.8select.io  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.solutenetwork.com  https://analytics.google.com  https://analytics.tiktok.com  https://balancechecks.tx-gate.com  https://cloud.mail.lidl.de  https://dmp.theadex.com  https://facebook.com  https://fonts.gstatic.com  https://h.online-metrix.net  https://lidlde.int.userwerk.com  https://tracking.s24.com  https://www.google-analytics.com  https://www.lacmp.net  https://www.moebel.de  https://*.tailortool.de  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  intent:  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.ftrace.com  https://*.lidl-info.com  https://*.mynetfair.com  https://*.paypal.com  https://*.sit.az.odj.cloud  https://*.sit.sys.odj.cloud  https://*.vrxs.de  https://api.theadex.com  https://ar.lidl.com  https://balancechecks.tx-gate.com  https://facebook.com  https://h.online-metrix.net  https://lidl-giftcard.eu  https://lidlde.int.userwerk.com  https://review.apps.01.cf.eu01.stackit.cloud  https://www.edge-cdn.net  https://www.lidl-gewinnspiel.de  https://www.lidl-giftcard.eu; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  moz-extension:  https://*.adition.com  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.bizrate.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.pubmatic.com  https://*.semtrack.de  https://*.simplesurance.de  https://*.sit.sys.odj.cloud  https://*.solutenetwork.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.twiago.com  https://*.yahoo.com  https://*.yieldlab.net  https://analytics.google.com  https://analytics.tiktok.com  https://balancechecks.tx-gate.com  https://contextual.media.net  https://dmp.theadex.com  https://facebook.com  https://h.online-metrix.net  https://lh3.googleusercontent.com  https://lidlde.int.userwerk.com  https://match.adsrvr.org  https://match.sharethrough.com  https://pubsaf.global.ssl.fastly.net  https://prodeastusmappscreative.azureedge.net  https://sync.outbrain.com  https://translate.google.com  https://via.placeholder.com  https://visitor.omnitagjs.com  https://www.econda-monitor.de  https://www.google-analytics.com  https://www.ladenzeile.de  https://www.lead-alliance.net  https://*.tailortool.de  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  https://*.lidl-info.com  https://*.online-metrix.net  https://facebook.com  https://h.online-metrix.net  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://*.8select.io  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.online-metrix.net  https://*.parcellab.com  https://*.paypalobjects.com  https://*.paypal.com  https://*.semtrack.de  https://*.simplesurance.de  https://adservice.google.de  https://ajax.googleapis.com  https://analytics.tiktok.com  https://api.theadex.com  https://balancechecks.tx-gate.com  https://cdn.ravenjs.com  https://cloud.mail.lidl.de  https://cm.g.doubleclick.net  https://code.etracker.com  https://dmp.theadex.com  https://dsp.adfarm1.adition.com  https://facebook.com  https://h.online-metrix.net  https://lidlde.int.userwerk.com  https://s.ytimg.com  https://tracking.s24.com  https://www.dwin1.com  https://www.etracker.de  https://www.google-analytics.com  https://www.googleadservices.com  https://www.lacmp.net  https://www.ladenzeile.de  https://www.moebel.de  https://*.tailortool.de  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.epoq-systems.de  https://*.epoq.de  https://*.fitanalytics.com  https://*.lidl-info.com  https://*.parcellab.com  https://*.sit.sys.odj.cloud  https://facebook.com; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://beeem.co; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net  https://*.sit.az.odj.cloud; 1
frame-ancestors https://methstreams.com https://nbastreamswatch.com https://nbastreamslinks.com https://watchnbastreams.com https://crackstreams.ws https://mlb.trybarry.shop 1
style-src   'self' *.googleapis.com se-forms.cz 'unsafe-inline';     default-src 'self' *.googleapis.com *.googletagmanager.com *.gstatic.com *.smartemailing.cz;     connect-src 'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz stats.g.doubleclick.net 'unsafe-inline';     script-src  'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz se-forms.cz *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval';     frame-src   'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.smartemailing.cz se-forms.cz *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval';     img-src     'self' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com images.ctfassets.net *.google.com *.google.cz data: 'unsafe-inline'; 1
frame-ancestors 'self' playnow.com ogs-cdn-ca.nyxop.net onrgs.everi-interactive.com nrgs-b2b.greentube.com yka-resource.wimobile.casinarena.com sg-01-prod.ca.playzido.com ca-rgs.gameiom.com  1
default-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; script-src-elem 'self' www.googletagmanager.com https://connect.facebook.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' www.googletagmanager.com https://connect.facebook.net; connect-src 'self' https://api.gx.me https://api.stats.gx.games https://sentry-relay.opera-api.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' data: blob: https://play.gxc.gg https://play.gx.games www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com; media-src https://play.gxc.gg https://play.gx.games; font-src 'self'; base-uri 'self'; manifest-src 'self'; frame-src https://play.gxc.gg https://play.gx.games 1
frame-ancestors 'self'; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.auto-swiat.pl::mototech_master-1.64.1 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://wb.messengerpeople.com https://ct.pinterest.com https://*.recaptcha.net https://*.snapchat.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://www.pinterest.com https://www.pinterest.co.uk https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://app.qubit.com blob: https://*.abtasty.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://*.google.co.uk https://tr.snapchat.com https://*.qubit.com https://*.qubitproducts.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://horizon-api.www.myprotein.com https://*.contentsquare.net https://*.abtasty.com https://*.rlcdn.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.storystream.ai https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.vimeocdn.com https://player.vimeo.com https://*.criteo.com https://*.criteo.net https://*.akamaized.net https://sgtm.myprotein.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn https://d7c4jjeuqag9w.cloudfront.net blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com https://fonts.smct.co https://fonts.smct.io; form-action 'self' https://www.facebook.com https://checkout.myprotein.com https://connect.facebook.net https://m.myprotein.com https://www.myprotein.com https://ct.pinterest.com https://*.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; manifest-src 'none' 'self'; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn https://player.vimeo.com https://*.akamaized.net blob: https://*.vimeocdn.com https://*.myprotein.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://*.googletagservices.com https://*.google.co.uk https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://*.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.googlesyndication.com https://static.ads-twitter.com https://*.twitter.com https://s.pinimg.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://www.google.com https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://static.goqubit.com https://*.qubit.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com blob: https://*.abtasty.com https://tr.snapchat.com https://cdn.pubnub.com https://sgtm.myprotein.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://d7c4jjeuqag9w.cloudfront.net https://*.abtasty.com https://*.gstatic.com https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com; connect-src 'self' chatdate.app eu1.chatdate.app us1.chatdate.app am1.chatdate.app gew3.chatdate.app fr1.chatdate.app bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com  https://*.amazon-adsystem.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://google.com https://*.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.facebook.com https://cdn.ampproject.org https://api.giphy.com https://www.googleadservices.com https://attestation.android.com https://csi.gstatic.com https://s0.2mdn.net https://api.tenor.com https://g.tenor.com https://maps.googleapis.com https://consent.badoo.com https://essentialaccessibility.com https://tr.snapchat.com https://bic-core.dlocal.com/;  script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-V638KWLbC5fx+gsuqLWxFl0nxas=' 'report-sample' bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com  https://*.googletagmanager.com https://connect.facebook.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s0.2mdn.net https://cdn.ampproject.org https://c.amazon-adsystem.com https://www.google-analytics.com https://pay.google.com https://adservice.google.com https://www.googletagservices.com https://maps.googleapis.com https://dashboard.essentialaccessibility.com https://consent.badoo.com https://essentialaccessibility.com https://www.google.com https://cdn.plaid.com https://tr.snapchat.com https://cdn.plaid.com; style-src 'self' 'unsafe-inline' bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com https://fonts.googleapis.com; font-src 'self' data: bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com https://fonts.gstatic.com https://tpc.googlesyndication.com;  prefetch-src 'self'  bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com https://cdn.plaid.com ; img-src * data: blob: android-webview-video-poster:; child-src 'self' blob:; worker-src 'self' blob:; media-src * data: blob:; object-src 'self'  bumbcdn.com *.bumbcdn.com eu1.ecdn2.bumbcdn.com; base-uri 'self'; manifest-src 'self' chatdate.app eu1.chatdate.app us1.chatdate.app am1.chatdate.app gew3.chatdate.app fr1.chatdate.app; form-action 'self'  https://www.facebook.com; frame-src * hon:; frame-ancestors 'none'; upgrade-insecure-requests; report-uri /jss/csp_report.phtml?token=hotornot_mobile_web&release=30846&env=production 1
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.online-metrix.net *.uplift.com  *.quantummetric.com api.securedvisit.com  track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com  *.nagich.com cloudfront.net  bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com abgnz.wufoo.com; 1
frame-ancestors 'self' https://signalhire.sourceowls.com https://app.sourceowls.com https://App.sourceowls.com https://temp1.sourceowls.com https://demo.sourceowls.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.filmcompanion.in;block-all-mixed-content; 1
frame-ancestors *.adkaora.space cdn.ampproject.org *.g.doubleclick.net blob: libero.pe *.googleapis.com *.googlesyndication.com; 1
frame-ancestors https://tongji.baidu.com/ https://www.jiguang.cn/ https://devsvc.jpushoa.com/ 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-ZGRlNjk2ZDc1Mw/OWVjN2ViY2RkNDQzNDk='; object-src 'self'; 1
default-src 'self' *.passage.ai wss://tars-prod.passage.ai *.transunion.com *.cibil.com *.kore.ai wss://rtm.kore.ai *.addthis.co *.amazon-adsystem.com *.youtube.com *.brightcove.com *.brightcove.net *.doubleclick.net *.company-target.com *.cibil.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net app.trustev.com ads.yahoo.com adserve.atedra.com analytics.twitter.com bat.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com code.jquery.com cloudfront.net fonts.googleapis.com ib.adnxs.com idsync.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com secure.fastclick.net secure.leadback.advertising.com google-analytics.com static.ads-twitter.com us-u.openx.net vjs.zencdn.net googleadservices.com gstatic.com bidswitch.net cspix.media6degrees.com googletagmanager.com *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; script-src 'self' *.adobedtm.com https://v1.addthisedge.com/live/boost/ra-55d22b77833cbaf1/_ate.track.config_resp  https://z.moatads.com/addthismoatframe568911941483/moatframe.js  *.passage.ai *.transunion.com *.cibil.com *.kore.ai *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.g.3gl.net *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.transunioncibil.com *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net analytics.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com hello.myfonts.net img03.en25.com m.addthisedge.com vjs.zencdn.com optimizely.s3.amazonaws.com g.3gl.net cdn.ampproject.org b.company-target.com cspix.media6degrees.com img03.en25.com static.ads-twitter.com cdn.mxpnl.com sjs.bizographics.com rum-static.pingdom.net tt.mbww.com seal.entrust.net pixel.mathtag.com pagead2.googlesyndication.com tagmanager.google.com amplify.outbrain.com o1.qnsr.com connect.facebook.net *.liveperson.net *.lpsnmedia.net cas.cluep.com blob: 'unsafe-eval' 'unsafe-inline' *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; child-src transunion.demdex.net *.transunion.com https://www.youtube-nocookie.com/  *.crwdcntrl.net  https://www.youtube.com/watch?v=FS08WcDyBkA&feature=youtu.be  *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com vars.hotjar.com img.mediaplex.com app.optimizely.com *.brightcove.net s.amazon-adsystem.com *.liveperson.net *.lpsnmedia.net app.trustev.com pixel.mathtag.com *.amazonaws.com *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; connect-src 'self' *.tt.omtrdc.net dpm.demdex.net https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j81&tid=UA-20374896-1&cid=287782927.1583428046&jid=448576890&gjid=1508426662&_gid=1862402324.1583743240&_u=SCCAiMAjBAAAAE~&z=690464725  https://in.hotjar.com/api/v2/client/sites/1118657/visit-data?sv=5 *.google-analytics.com google-analytics.com analytics.google.com *.passage.ai wss://tars-prod.passage.ai *.transunion.com https://cibil.com/jwtws/token/generate *.cibil.com *.kore.ai wss://rtm.kore.ai *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io api.company-target.com r.3gl.net s7.addthis.com popcornmetricsendpoint.herokuapp.com unity.cadreon.com app.trustev.com wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.amazonaws.com *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; media-src 'self' *.transunion.com blob: *.brightcove.com *.lpsnmedia.net *.in.webengage.com widgets.in.webengage.com *.in.webengage.co; img-src * data:; font-src data: *.adobeaemcloud.com *.transunion.com *.cibil.com *.transunioncibil.com fonts.gstatic.com api.company-target.com *.brightcove.com r.3gl.net s7.addthis.com *.herokuapp.com; style-src * 'unsafe-eval' 'unsafe-inline' ; 1
frame-ancestors 'self' https://www.iprusalesbeta.com http://ribstg.icicibankltd.com:9082 https://*.iciciprulife.com https://*.icicibank.com https://www.cardekho.com http://www.firstcry.com http://www.moneycontrol.com https://economictimes.indiatimes.com http://www.mensxp.com http://www.idiva.com https://timesofindia.indiatimes.com http://www.businessinsider.in https://www.valueresearchonline.com https://www.indiatimes.com https://m.timesofindia.com https://m.economictimes.com https://secure.icicidirect.com https://*.addng.com https://*.gettng.com https://india-stage.icicibank.adobecqms.net/ https://country1.icicibank.adobecqms.net/ https://www.icicibank.com/ https://author-icicibank-stage.adobecqms.net/ https://author-icicibank-preprod.adobecqms.net/ https://author-icicibank-prod.adobecqms.net/ https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.sharethis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com *.sharethis.com *.googlesyndication.com www.decathlon.com.tr decathlon.com.tr *.personaclick.com *.go2sdk.com *.thequin.ai *.scarabresearch.com *.preciso.net *.mndtrk.com *.adition.com clk.2trk.info static.zdassets.com linkadoo.co *.zopim.com *.poltio.com *.adrtt.com iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com jsd-widget.atlassian.com mc.yandex.ru cdn.segmentify.com app2.abtasty.com hotjar.com www.linkadoo.com analytics.tiktok.com *.segmentify.com img2-digitouch.mncdn.com view.publitas.com scripts.publitas.com https://www.rtbhouse.com/;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com *.sharethis.com *.personaclick.com *.thequin.ai *.scarabresearch.com *.zdassets.com decathlontr.zendesk.com wss://ws1.hotjar.com *.zopim.com wss://widget-mediator.zopim.com *.thequin.xyz iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com fpc.decathlon.com.tr ekr.zdassets.com static.zdassets.com widget-mediator.zopim.com v2assets.zopim.io *.segmentify.com decathlon.alo-tech.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com *.commander1.com *.adotmob.com *.goldenbees.fr *.criteo.com *.sharethis.com *.addthis.com rtgcloudsgl.2trk.info iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com img.segmentify.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ https://storage.googleapis.com/sphere-assets-prod-71-hbfe/ *.personaclick.com iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com *.hotjar.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net static.zdassets.com;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com *.criteo.com linkadoo.co ck.2trk.info *.adrttt.com *.poltio.com iyzipay.com api.iyzipay.com cpp.iyzipay.com static.iyzipay.com www.linkadoo.co tr.rdrtr.com help.decathlon.com.tr/;frame-ancestors 'self'; 1
frame-ancestors 'self' https://www.caracoltvcorporativo.com https://www.ailnews.tv https://titanes.noticias.caracoltv.com https://www.caracoltv.com https://www.noticiascaracol.com https://www.premiomedioambiente.caracoltv.com https://play.caracoltv.com https://www.caracolinternacional.com https://lakalle.bluradio.com https://www.bluradio.com https://hjck.com https://www.shock.co  https://*.caracolnext.com 1
frame-ancestors 'self' https://gocardless.lookbookhq.com https://gocardless.pathfactory.com https://content.gocardless.com;report-uri https://o405487.ingest.sentry.io/api/5312304/security/?sentry_key=9f3af8ac83c84627bbdbe45a80a061aa 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://c.imedia.cz  https://c.seznam.cz  https://casalemedia.com  https://*.cj.dotomi.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://*.emjcd.com  https://etracker.de  https://facebook.com  https://fonts.gstatic.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://*.kdukvh.com  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://*.mczbf.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.seznam.cz  https://www.youtube-nocookie.com  https://yahoo.com  https://yieldlab.net  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.vrxs.de  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.youtube-nocookie.com  https://yahoo.com  https://yieldlab.net; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  'unsafe-inline'  https://*.adscale.de  https://*.advertising.com  https://*.adyen.com  https://*.assets.lidl  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.openx.net  https://*.pubmatic.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradedoubler.com  https://*.twiago.com  https://*.xplosion.de  https://*.yahoo.com  https://*.yieldlab.net  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://c.imedia.cz  https://c.seznam.cz  https://casalemedia.com  https://*.cj.dotomi.com  https://content.odj.cloud  https://contextual.media.net  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://*.emjcd.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://*.kdukvh.com  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://lidl.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://match.sharethrough.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://play-lh.googleusercontent.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://sync.outbrain.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://translate.google.com  https://twiago.com  https://visitor.omnitagjs.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.seznam.cz  https://yahoo.com  https://yieldlab.net  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.glami.cz  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://localhost  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.googleapis.com  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://c.imedia.cz  https://c.seznam.cz  https://casalemedia.com  https://*.cj.dotomi.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://*.mczbf.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.seznam.cz  https://yahoo.com  https://yieldlab.net  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.glami.cz  https://*.heureka.cz  https://*.lidl-shop.cz  https://*.lidl.cz  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.cz  https://ligadx.com  https://ligatus.com  https://login.dognet.cz  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net  https://*.mczbf.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-uMUDlvYbpRS+eUVr6m1AIw=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev; img-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests; connect-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev tracker.switch.ch; frame-src 'self' *.youtube.com *.vimeo.com *.switch.ch; media-src 'self' *.switch.ch *.swcdr.unic24a.net *.unic24a.dev *.ytimg.com; script-src-elem 'self' 'unsafe-inline' *.switch.ch tracker.switch.ch; script-src 'self' report-sample 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-g5ZonEwCVIfpG3iKOUX8rg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.miodottore.it doctoraliaone-it2-candidate.azurewebsites.net 1
default-src 'self' *.kameleoon.eu *.kameleoon.io *.kameleoon.com; script-src 'self' *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.liebherr.com bat.bing.com *.clarity.ms *.usercentrics.eu googleads.g.doubleclick.net www.googleadservices.com *.cloudflareinsights.com *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com siteseal.quovadisglobal.com c.evidon.com 'unsafe-inline' *.zencdn.net 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com *.google.com *.gstatic.com *.mds.eu *.youtube-nocookies.com *.cloudflare.com *.paypalobjects.com *.paypal.com aframe.io cdn.jsdelivr.net bing.com; style-src 'self' *.liebherr.com 'unsafe-inline' *.zencdn.net fonts.googleapis.com *.google.com *.gstatic.com *.mds.eu *.cloudflare.com; img-src 'self' blob: *.bing.com *.liebherr.com *.usercentrics.eu googleads.g.doubleclick.net *.heidelpay.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com *.google-analytics.com *.doubleclick.net *.google.com *.googleapis.com *.google.de *.azurewebsites.net 'self' data: *.gstatic.com *.ytimg.com *.googletagmanager.com images.anythingabout.net *.cloudflare.com *.paypal.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.analytics.google.com; font-src 'self' *.liebherr.com *.bing.com *.clarity.ms *.heidelpay.com *.zencdn.net *.gstatic.com *.cloudflare.com 'self' data:; media-src 'self' *.liebherr.com *.cloudflare.com; connect-src 'self' *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.liebherr.com *.clarity.ms maps.googleapis.com *.usercentrics.eu stats.g.doubleclick.net *.heidelpay.com *.siteintercept.qualtrics.com *.google-analytics.com *.mds.eu *.mds.eu:3000 *.cloudflare.com *.paypal.com www.google.com www.google.de *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googletagmanager.com *.analytics.google.com; object-src 'self' *.liebherr.com *.cloudflare.com; frame-src 'self' *.liebherr.com *.usercentrics.eu bid.g.doubleclick.net *.heidelpay.com www.youtube.com *.youtube-nocookie.com *.mds.eu *.google.com *.cloudflare.com *.hpcgw.net 1
default-src blob: data: wss://*.7777.md:* wss://7777.md:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://7777.md https://*.7777.md https://bat.bing.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.md https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://*.comm100.io https://*.comm100.com https://*.comm100vue.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://analytics.google.com/ https://google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net/ https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://track.adform.net/ https://s2.adform.net https://sxt.cdn.skype.com https://www.adobe.com https://lob.egcvi.com https://bshots.egcvi.com/ https://client.pragmaticplaylive.net https://eadsrv.com https://linker.bg/ https://*.live-hub.net https://de2-md.svmsrv.com/ https://*.comm100download.com/ https://*.doubleclick.net https://*.googlesyndication.com https://doubleclick.net https://googlesyndication.com https://static.trafficjunky.com https://www.google.bg/ https://ads.trafficjunky.net/ ; frame-ancestors 'self' https://*.7777.md https://7777.md 1
style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.md&showid=1715652496496532-6193861433114578440-balancer-l7leveler-kubr-yp-vla-95-BAL&h=stable-portal-mordago-114.klg.yp-c.yandex.net&yandexuid=1145784401715652496&&version=2024-05-07-547&adb=0;media-src yastatic.net;connect-src *.strm.yandex.net mc.yandex.com yandex.md yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.md;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.md 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.md mc.yandex.ru favicon.yandex.net avatars.mds.yandex.net;script-src 'nonce-gQiLIavXIK42nFNEjz9evQ==' mc.yandex.com yastatic.net yandex.md mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.md;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md yandex.md *.ya.ru *.yandex.ru ya.ru yandex.ru;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
default-src blob: data: wss://*.8888.bg:* wss://8888.bg:* 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com/ https://youtube.com/ https://8888.bg https://*.8888.bg https://bat.bing.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.google.bg https://www.google.com https://apis.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://maps.googleapis.com https://*.comm100.io https://*.comm100.com https://*.comm100vue.com https://*.googletagmanager.com https://googletagmanager.com https://*.typekit.net https://typekit.net https://maps.google.com https://*.gstatic.com https://gstatic.com https://connect.facebook.net https://*.facebook.com https://facebook.com https://*.fbcdn.net https://fbcdn.net https://analytics.google.com/ https://google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com https://track.adform.net/ https://s2.adform.net https://sxt.cdn.skype.com https://www.adobe.com https://lob.egcvi.com https://bshots.egcvi.com/ https://client.pragmaticplaylive.net https://eadsrv.com https://linker.bg/ https://*.live-hub.net https://de2-md.svmsrv.com/ https://*.comm100download.com/ https://vgcommon-vs001.akamaized.net/ https://*.doubleclick.net https://psb.taboola.com/ ; frame-ancestors 'self' https://*.8888.bg https://8888.bg 1
frame-ancestors 'self' https://*.prometheanworld.com 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com 1
frame-ancestors *.payback.de; report-uri /blueberry/servlet/handler/cspreporting 1
frame-ancestors 'self'; report-uri https://www.receitasnestle.com.br/report-uri/enforce 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.steinberg.net *.usercentrics.eu *.personio.de *.googletagmanager.com fonts.googleapis.com *.soundcloud.com *.youtube-nocookie.com *.optimizely.com *.eu-central-1.compute.amazonaws.com *.onfastspring.com; connect-src https: 'self' wss://ws.hotjar.com; img-src https: 'self' *.steinberg.net *.ytimg.com *.usercentrics.eu data:; font-src https: 'self' fonts.gstatic.com fonts.googleapis.com data:; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.esakal.com;block-all-mixed-content; 1
worker-src 'self' *.austlii.edu.au *.austlii.unsw.edu.au *.datalex.org www.lawnet.sg; 1
connect-src 'self' *.cookielaw.org *.cxense.com *.sharethis.com *.google-analytics.com *.facebook.net *.google.com stats.g.doubleclick.net *.nippon.com; script-src 'self' *.cookielaw.org *.twitter.com *.cxense.com *.googletagmanager.com *.sharethis.com 'unsafe-inline' *.kiji.is *.google-analytics.com *.facebook.net *.google.com stats.g.doubleclick.net *.nippon.com; 1
frame-ancestors 'self' https://egypt-now.net https://alarabnow.net; 1
frame-ancestors https://*.pogo.com:* http://localhost:* 1
frame-ancestors 'self' qr-generator.test *.qr-generator.test egodit.org *.egodit.org qr-code-generator.com *.qr-code-generator.com qr-code-generator.de *.qr-code-generator.de qrcode-generator.de *.qrcode-generator.de egoditor.com *.egoditor.com 1
base-uri 'self' https://flathub.org; default-src 'none'; form-action 'none'; script-src 'self' 'sha256-eMuh8xiwcX72rRYNAGENurQBAcH7kLlAUQcoOri3BIo=' https://webstats.gnome.org https://js.stripe.com; style-src 'self' 'unsafe-inline' https://dl.flathub.org; font-src 'self'; connect-src 'self' https://flathub.org https://webstats.gnome.org https://api.stripe.com https://o467221.ingest.sentry.io/api/6610580/; img-src 'self' https://dl.flathub.org https://webstats.gnome.org https://avatars.githubusercontent.com https://gitlab.com https://gitlab.gnome.org https://lh3.googleusercontent.com https://secure.gravatar.com https://invent.kde.org data:; frame-ancestors 'none'; frame-src 'self' https://js.stripe.com https://hooks.stripe.com; 1
connect-src 'self' ws: *.sbi;  style-src 'self' 'unsafe-inline' *.sbi; object-src 'none'; img-src 'self' https://*.sbi/  data:; frame-src 'self' data: ; report-to /ndlogs/cspreport 1
frame-ancestors 'self' *.taxact.com *.taxactonline.com *.salemove.com secure.balancefin.com 1
default-src 'self';font-src 'self' https: data: *.hubstaff.com;img-src 'self' https: data: *.gstatic.com *.outbrain.com *.rlcdn.com *.wistia.com *.wistia.net *.hubstaff.com;object-src 'none';script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.adroll.com *.app-us1.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cloudfront.net *.cookiebot.com *.doubleclick.net *.facebook.net *.getdrip.com *.getripe.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hsforms.com *.hsforms.net *.hsleadflows.net *.hubspot.com *.hubspotfeedback.com *.licdn.com *.linkedin.com *.nr-data.net *.omappapi.com *.optinmonster.com *.perfectaudience.com *.plausible.io *.posthog.com *.prfct.co scatec.io *.profitwell.com *.segment.com *.sentry-cdn.com *.storyblok.com *.twitter.com *.usemessages.com *.visionary-business-52.com *.wistia.com *.wistia.net *.woopra.com *.workable.com *.zoominfo.com a.optmnstr.com a.optmstr.com cdn.jsdelivr.net hubstaff.activehosted.com js-agent.newrelic.com js.zi-scripts.com plausible.io s.ytimg.com tags.clickagy.com unpkg.com www.clickcease.com www.googleadservices.com www.googletagmanager.com www.youtube.com tracking.g2crowd.com *.hubstaff.com;style-src 'self' 'unsafe-inline' *.googleapis.com hello.myfonts.net maxcdn.bootstrapcdn.com optimize.google.com;connect-src 'self' wss: *.amazonaws.com *.bing.com *.clarity.ms *.clickagy.com *.cookiebot.com *.doubleclick.net *.facebook.com *.getripe.com *.google-analytics.com *.google.com *.hscollectedforms.net *.hsforms.com *.hubapi.com *.hubspot.com *.licdn.com *.linkedin.com *.litix.io *.nr-data.net *.plausible.io *.posthog.com *.profitwell.com *.segment.com *.segment.io *.sentry.io *.twitter.com *.wistia.com *.woopra.com *.zoominfo.com google.com googleadservices.com js.zi-scripts.com plausible.io www2.profitwell.com tracking.g2crowd.com *.hubstaff.com;frame-src 'self' *.cnbc.com *.cookiebot.com *.doubleclick.net *.doubleclick.net *.facebook.com *.google.com *.hsforms.com *.hsforms.net *.hubspot.com *.today.com *.twitter.com *.vimeo.com *.wistia.com google.com today.com www.slideshare.net www.youtube.com;media-src 'self' blob: data: *.cloudfront.net *.rlcdn.com *.s3.amazonaws.com *.wistia.com embedwistia-a.akamaihd.net *.hubstaff.com;child-src 'self' blob: *.wistia.com;manifest-src 'self';frame-ancestors *.hubstaff.com; 1
frame-ancestors *.ndtv.com *.gadgets360.com pricee.com hotdeals360.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: https: 'unsafe-inline'; 1
script-src *.alicdn.com *.alipayobjects.com *.alipay.com *.cnzz.com res.wx.qq.com cf.aliyun.com ynuf.aliapp.org 'nonce-ZTKIyVXGltwk1UtFnPff' 'unsafe-eval' 'self' 'report-sample' cf.aliyun.com ynuf.aliapp.org *.nlark.com *.taobao.com; worker-src 'self' *.alicdn.com *.alipayobjects.com *.alipay.com blob:; report-uri /r/csp/report 1
default-src 'self' fs.betunit.com;style-src 'self' fs.betunit.com fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com embed.tawk.to 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';script-src 'self' *.googletagmanager.com *.gstatic.com *.google.com tvbetframe7.com tvbetframe24.com *.facebook.com *.facebook.net *.onesignal.com www.google-analytics.com google-analytics.com static.hotjar.com embed.tawk.to script.hotjar.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';connect-src 'self' *.habeshabets.com wss://cgo-live.habeshabets.com/connection/websocket amazingames.pw *.amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games *.energaming.systems *.betunit.com betunit.com *.doubleclick.net www.google-analytics.com google-analytics.com live5.betunit.com *.tawk.to wss://*.tawk.to ws://*.tawk.to ws://turbo.energaming.systems:4444 wss://turbo.energaming.systems:4444 turbo.energaming.systems ws://transport.energaming.systems:4444 wss://transport.energaming.systems:4444 wss://live.habeshabets.com:4445 live.habeshabets.com transport.energaming.systems chukuatano.co.tz *.chukuatano.co.tz;frame-src 'self' *.atlas-v.com playbetman.com *.playbetman.com *.amazingames.pw amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games *.google.com vars.hotjar.com *.energaming.systems *.betunit.com betunit.com *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz;font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com embed.tawk.to;img-src * 'self' *.tawk.link *.energaming.systems *.betunit.com betunit.com *.facebook.com *.tawk.to *.google-analytics.com google-analytics.com  *.slotegrator.com *.cloudfront.net *.gamerouter.pw *.mrslotty.com *.xpressgaming.net *.xpress-ix.com *.macawgaming.com *.game-program.com chukuatano.co.tz *.chukuatano.co.tz cdn.jsdelivr.net amazingames.pw *.amazingames.pw abcdabra.com *.abcdabra.com nrgaming.games *.nrgaming.games 1
script-src 'nonce-9a2hcPB+mxlBg3ibFo9pcQ==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=2fafefc8-b060-410d-bf3d-3bbc25c67f37; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'self' https://*.youtube.com/ https://*.youtube.com/* https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.pinterest.com/ https://*.pinterest.com/* https://*.exelator.com/ https://*.adswizz.com/ https://*.exelator.com/* https://*.adswizz.com/* https://*.theaa.digital/ https://*.theaa.digital/* https://*.theaa.com/* https://*.theaa.com/ https://*.lpsnmedia.net/ https://*.lpsnmedia.net/* https://*.aspnetcdn.com/ https://*.aspnetcdn.com/* https://*.googleapis.com/ https://*.googleapis.com/* https://*.optimizely.com/ https://*.optimizely.com/* https://*.quantummetric.com/ https://*.quantummetric.com/* https://*.jquery.com/ https://*.jquery.com/* https://*.facebook.net/ https://*.facebook.net/* https://*.trustarc.com/ https://*.truste.com/ https://*.doubleclick.net/  https://*.trustarc.com/* https://*.truste.com/* https://*.doubleclick.net/* https://*.liveperson.net/ https://*.liveperson.net/* https://*.quantserve.com/ https://*.quantserve.com/* https://*.ads-twitter.com/ https://*.hotjar.com/ https://*.quantserve.com/* https://*.ads-twitter.com/* https://*.hotjar.com/* https://*.tiqcdn.com/ https://*.tiqcdn.com/* https://*.trustpilot.com/ https://www.google-analytics.com/ https://*.trustpilot.com/* https://www.google-analytics.com/* https://www.googletagmanager.com/ https://*.googletagmanager.com/* https://bat.bing.com/ https://bat.bing.com/* https://*.tealiumiq.com https://*.tealiumiq.com/* https://*.google.com https://*.google.com/* https://www.google.co.uk https://www.google.co.uk/* https://*.google-analytics.com/ https://*.google-analytics.com/* https://*.googletagmanager.com/* https://*.snapchat.com https://*.snapchat.com/*; frame-src 'self' https://*.youtube.com/ https://*.youtube.com/* https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.vimeo.com/ https://*.vimeo.com/* https://*.trustpilot.com/ https://*.trustpilot.com/* https://*.trustarc.com/ https://*.trustarc.com/* https://*.theaa.com/ https://*.theaa.digital/ http://*.doubleclick.net/ http://*.doubleclick.net/* https://*.optimizely.com https://*.optimizely.com/* https://*.doubleclick.net/ https://*.doubleclick.net/* https://*.hotjar.com/ https://*.hotjar.com/* https://www.google.com/ https://www.google.com/* https://*.decibelinsight.net/ https://*.decibelinsight.net/* https://*.quantummetric.com/ https://*.quantummetric.com/* https://*.lpsnmedia.net/ https://*.lpsnmedia.net/* https://*.iesnare.com/ https://*.iesnare.com/* https://*.liveperson.net/ https://*.liveperson.net/* https://*.tvsquared.com https://*.tvsquared.com/* https://*.snapchat.com https://*.snapchat.com/* https://*.theaa.digital/ https://*.theaa.digital/* https://*.theaa.com/* https://*.theaa.com/ https://www.youtube.com/ https://www.youtube.com/* https://*.stripe.com/ https://*.stripe.com/* https://*.salecycle.com https://*.salecycle.com/* blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src 'self' https://*.youtube.com/ https://*.youtube.com/* https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.vimeo.com/ https://*.vimeo.com/* https://*.lpsnmedia.net/ https://*.optimizely.com https://*.optimizely.com/* https://*.lpsnmedia.net/* https://mpsnare.iesnare.com https://mpsnare.iesnare.com/* blob: data:;font-src 'self' https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.youtube.com/ https://*.youtube.com/* https://fonts.gstatic.com https://fonts.gstatic.com/* 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; connect-src *; img-src * data: blob: ;script-src 'self' https://*.partnerbookingkit.com/ https://*.partnerbookingkit.com/* https://*.youtube.com/ https://*.youtube.com/* https://*.vimeo.com/ https://*.vimeo.com/* https://*.facebook.net/ https://*.facebook.net/* https://*.quantcount.com/ https://*.snapchat.com/ https://*.quantserve.com/ https://*.quantcount.com/* https://*.snapchat.com/* https://*.quantserve.com/* https://*.tvsquared.com/ https://*.dwin1.com/ https://*.bing.com/ https://*.pinimg.com/ https://*.tvsquared.com/* https://*.dwin1.com/* https://*.bing.com/* https://*.pinimg.com/* https://*.ads-twitter.com/ https://*.redditstatic.com/ https://*.trustpilot.com/ https://*.ads-twitter.com/* https://*.redditstatic.com/* https://*.trustpilot.com/* https://cdn.co-buying.com/ https://widget.trustpilot.com/ https://*.theaa.digital/ https://cdn.co-buying.com/* https://widget.trustpilot.com/* https://*.theaa.digital/* https://*.theaa.digital/* https://*.theaa.com/* https://*.theaa.com/ https://*.google-analytics.com/ https://*.addthis.com/ https://*.addthis.com/* https://*.bazaarvoice.com/ https://*.bazaarvoice.com/* http://*.googletagmanager.com/ https://*.googletagmanager.com/ https://*.googletagmanager.com/*https://*.cloudflare.com/ https://*.cloudflare.com/* https://*.googleapis.com/ https://*.googleapis.com/* https://*.gstatic.com/ https://*.google.com/* https://*.google.com/ https://*.optimizely.com https://*.optimizely.com/ https://mpsnare.iesnare.com/ https://*.jquery.com https://*.jquery.com/* https://*.aspnetcdn.com/ https://*.aspnetcdn.com/* http://tags.tiqcdn.com/ https://tags.tiqcdn.com/ https://collect.tealiumiq.com/ http://*.truste.com/ https://*.truste.com/ https://*.trustarc.com/ https://*.decibelinsight.net/ https://*.lpsnmedia.net/ https://*.lpsnmedia.net/* https://*.liveperson.net/ https://*.liveperson.net/* https://*.decibelinsight.net/* http://*.tealiumiq.com/ https://*.tealiumiq.com/ http://*.doubleclick.net/ https://*.doubleclick.net/ https://*.hotjar.com/ https://static.cloudflareinsights.com/ https://cdn.quantummetric.com/ https://*.facebook.net/ https://sc-static.net https://*.quantserve.co https://*.licdn.com/ https://*.impactcdn.com/ https://*.googleadservices.com https://*.responsetap.com/ https://*.roeyecdn.com 'unsafe-inline' 'unsafe-eval' blob:; 1
frame-ancestors https://oss.ctyun.cn  https://bcp.ctyun.cn https://www.ctyun.cn https://ocss.ctyun.cn https://msap.ctyun.cn 1
frame-ancestors 'self' *.studying.jp studying.jp; 1
default-src https: ; img-src https: ; script-src https: 'unsafe-inline' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' https: ; object-src 'none';  font-src https: data: ;  1
frame-ancestors 'self' https://www.trendhunter.com https://www.jeremygutsche.com https://www.betterandfaster.com https://www.trendreports.com https://www.futurefestival.com https://www.keynotes.org https://www.exploitingchaos.com https://www.trendhunter.ai https://www.createthefuturebook.com https://go.trendhunter.com 1
frame-ancestors https://*.farsnews.ir 1
base-uri https:;connect-src https: wss:;default-src https: wss:;form-action https:;img-src https: data: blob:;media-src https:;object-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';worker-src https: blob:;font-src https: data:;style-src https: 'unsafe-inline' 1
frame-ancestors 'api.mandiri.co.id' 'registrasi.klikbca.com' 'app.doku.com' 1
frame-ancestors 'self' https://egypt-now.net https://alarabnow.net https://saudi-now.com/; 1
base-uri 'none'; default-src 'none'; script-src 'unsafe-inline' 'self' https://snap.licdn.com/ https://static.oktopost.com/ https://*.google-analytics.com https://*.googletagmanager.com/ https://js.hs-scripts.com/ https://*.hotjar.com https://*.hotjar.io https://*.hsforms.net https://*.cloudflare.com https://unpkg.com https://*.doubleclick.net https://luckyorange.com https://cookiehub.com https://cookiehub.net https://settings.luckyorange.com https://okt.to https://*.hs-banner.com/ https://*.hs-analytics.net https://*.headspixel.net https://*.hsadspixel.net/ 'nonce-38e4c45871ac562393fa622ba1847ccedc5be8a1a264' 'nonce-682ed02d1a9faa1de65cf8d887642b60b499b5f9552a' 'nonce-d0c763750a7b9c619edadd07c1c0712682e0ba1f407d' 'nonce-3656106672a6f742e5db14aa57f497bc575fa0efb909' 'nonce-0901a3f0b6251d22b5a4fa3cc1f92086866e7a58c52b'; style-src 'self' 'unsafe-hashes' https://use.fontawesome.com https://fonts.googleapis.com https://static.cookiehub.com https://cookiehub.net/ 'sha256-im0erJAfSNQVDTe5HS6/GNgzNM9JcXDCSuwoIWQ/rRE=' 'sha256-+17AcPK/e5AtiK52Z2vnx3uG3BMzyzRr4Qv5UQsEbDU=' 'sha256-A6jm8QAAo+BvL4/Tr1M7sTsnRKo+VhQOm9Hi8IOKJ5Y=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-PAz8xNqQZDbO4LLvQxPv1rTMH7H2LG/WGiSm6rXFOV8=' 'sha256-T1C48ZGmcgTeITFPt41XsW/ozDpm3S/SxFREiL+pfgQ=' 'sha256-zfH5Pv8+yKFNFcycqZrhikYRHXfOZ9MwfwRnIp6H1kI=' 'sha256-Da2f1Kt9Io0bgdaWLUryUjcUra0xYjPLDorylUM1XM0=' 'sha256-NnjKC0Bmej913o6dapBaV7Lo8IemTzzXRsO8XhOCyT0=' 'sha256-tG2ZUEo3Qq/onXpzs2PwKu3Y82IJhZsODGPa+EUtsZc=' 'sha256-y/JAbx0Chs7eNLWF+KFD+YMhxTDFjiftcRnhFF13QjI=' 'sha256-kbzp7IrqueB2g36to7qc8KevofS966jm6n764wtCqx4=' 'sha256-3ibk/KyNNjpvopRz5nvswtDpJD3kbpyDdRO1YWF4msg=' 'sha256-ZNPRF7lxh3DMrhUYYDg0XMVthUfilZ/lIWOm88fNvug=' 'sha256-dMnSfpNeXLLDJMMi4o3EHr1S85P3yFWtdfJvbcH9mhU=' 'sha256-swi8N0hKSwJvuZeP/6DwGWEx8FwrfDcoj/0HnZd1Jpc=' 'sha256-RDWWGcFzQIh1SH4oQIaKd+tX/bMXZOzUetRR1raWCXw=' 'sha256-dDxw24pDf8PjpiVwKjNHJHbK4EFFUCWWrnx1SE32aG4=' 'sha256-LWtqHRrej8qIoYJFqhaaO0kPgZnGajrfm7a54+/7NQU=' 'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA=' 'sha256-1z/7NiPfYq2hoFozHGzJKg6OUzne/YSqaCgvOeXuXOY=' 'sha256-3R73cBfu9lRdx2Y1u0+kOkDzXsjlEn1hcsL2b5qaWZ4=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-Iqfo27GZS/A7Fm31UW3miEbID+BwO1wih5T79cyIfws=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-yVIQlxUOt8MCsrVQ/pmV6T7E+xI6F1xO1vCqGi7bPU4=' 'sha256-yqw7rW86cJ30M3y7LhcPnduZT4JIHKLX3RRb31B7fOQ=' 'sha256-DFjLfLQbkYXH/lmCwhmW5hT9th2DSNLjYebk7vRHX6A=' 'sha256-+iVBklqDZxSzWSvr0QSp3OTL/ok8m/f/n7wXWojhcng=' 'sha256-ywq+VJsIVnLIQls/DYtP4wc7LLPqAKArkFBF9Z5HNuc=' 'sha256-nvFDZMdJSsFuPLw06nap3Qaao9tU3RGvNHf2Woe1StA=' 'sha256-FA0mrKnZoRbvi4Ayp9wJddHc685E85ea5Z2XwJRhxSU=' 'sha256-R7cUrEePj8qLMDj+zac9LUaWW1kLn3wc6HsQHIA0mxw=' 'sha256-kDP5FilnD2F7x7DjtoRTkl0NbiBGrjAsvcUc3H3A2cM=' 'sha256-QlYx1dw6Nlh44cQgyJBz5G7+ZTJmKf5FkJGF0FPcuzE=' 'sha256-cSCUlxvEwMP0xZRHeMKpWqO3ylONHU6b5bFAQLiiqcw=' 'sha256-I6mtUVoVWZuevseH7OMoGWOXSo/eD4R/08s5derX8hw=' 'sha256-krLf8K7rqCtHZ5e3QPyMVapC2rFQUo21PCk/c39wSts=' 'sha256-+SNKnT0lnsyeaYOJwRmcPRdTG/a4X/b3vw+57B1dE20=' 'sha256-1tUQLx1JfuFHhupaTxZxN8/JPDvG+OIdBCcM7PXfEzs=' 'sha256-4Xwx2TSn/ZELfLIs1A2etPjKxxnSomqFoKMv99FB3Lg=' 'sha256-ei2s0538sbNCEBOA2sr/hvghrxZ2gDEblR7FUJ4lkcI=' 'sha256-4NKME364cXiHshEd1ZK0GwjcT0pjqfBRdKo30tomWRs=' 'sha256-s4+uDkvKfuqCNICZTNMmknZQvqL5HwSquCQfZkn9/34=' 'sha256-rn4Qwbx5qcatXz+wT23m27segHEv7ImU2/4sEMVLYIk=' 'sha256-6Y6euAQOWZ6lGtpkCT+4kCYjKPuLTcDjDkD5oRhCG4g=' 'sha256-4QY9fueV63c6nZWXt7gR/ojTOpAZwXqNZcAxijybuU0=' 'sha256-RHvKHxL0gTOgpvBP4Xm5dRuK/cR2LZXFIebXluboSkQ=' 'sha256-yJf9N784FJuXHzDa1anT54222uPxXDjB0KgozZIOVzw=' 'sha256-Pzy/MxmgBP+zS02vxK1jm/+zS7R6H7RgMsTtTVTfC9A=' 'sha256-j8L4Sf0xH9b2nwGqQTwHCVlGSvlIaVZETZPtVykVjPs=' 'sha256-ebuwMTfNIWOGe7kzqHFDgd8dPwoPxx2QNhd4ZtetRLU=' 'sha256-Yq+kKvFpHeNHsJjLEy7fWk5M9TWaZGf7rQV38ELL2x0=' 'sha256-MHuTvHVz5k1TajrKANGz14IaXhuXxwJUt15zkvmj7rE=' 'sha256-tXThs7ZS+6hzPIvkDhbtqXOY6X3GP/zrwEY7GyV4Y+c=' 'sha256-39hce1FnKYidEA+9elxMGRsULe73+qcGxx7fCFUigzo=' 'sha256-I/rD/kGx4f8MGQPXVvbFYpKpd4L5cd5hQ+v+oSGvX9A=' 'sha256-a0s+nLVkHwBLI1bdIXzsQespBORQjzbOy8pJNQeAjRI='; img-src 'self' https://*.ytimg.com https://okt.to/ https://track.hubspot.com https://www.googletagmanager.com https://www.google.co.uk https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://www.google.com; connect-src 'self' https://cdn.linkedin.oribi.io https://*.google-analytics.com/ https://public-auth-dot-lucky-orange.appspot-preview.com https://api-preview.luckyorange.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com https://pubsub.googleapis.com/ https://api-preview.luckyorange.com/* https://api.hsforms.com https://api.hubapi.com https://js.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://settings.luckyorange.com https://api-preview.luckyorange.com/*; font-src 'self' https://use.fontawesome.com data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://s3.amazonaws.com/luckyorange-clickstream/; object-src 'none'; media-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://*.hotjar.com https://*.hotjar.io; child-src 'self' blob:; form-action 'none'; frame-ancestors 'none'; manifest-src 'self'; 1
default-src 'self' scribehow.com cursive.io twitter.com ads-twitter.com *.crazyegg.com g.tenor.com *.cursive.io; script-src 'self' 'unsafe-inline' blob: *.bing.com *.crazyegg.com scribe.involve.me/ *.ubembed.com/ *.google.com *.launchnotes.io/ *.sentry-cdn.com *.outbrain.com embed.typeform.com js.stripe.com *.profitwell.com profitwell.com *.scribehow.com scribehow.com assets.customer.io *.clickagy.com connect.facebook.net assets.calendly.com www.google-analytics.com *.googletagmanager.com snap.licdn.com www.googleanalytics.com *.ads-twitter.com *.twitter.com www.googleadservices.com *.flagsmith.com cdn.rollbar.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net analytics.tiktok.com www.googleoptimize.com ws.zoominfo.com/ r.wdfl.co/rw.js www.googletagmanager.com/gtag/ connect.facebook.net/signals/ bat.bing.com/ ajax.googleapis.com/ assets-global.website-files.com/ cdn.jsdelivr.net/npm/ *.mxpnl.com connect.facebook.net/en_US/fbevents.js *.cloudfront.net/js/ js.intercomcdn.com/ widget.intercom.io/widget/ www.googleoptimize.com/optimize.js www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' *.google.com embed.typeform.com assets.calendly.com assets-global.website-files.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' assets-global.website-files.com *.pangle-ads.com app.launchnotes.io/ *.crazyegg.com *.ads.linkedin.com *.ubembed.com/ *.cloudimg.io *.profitwell.com profitwell.com *.scribehow-dev.com *.scribehow-stage.com *.scribehow-prod.com scribe-api-okta.scribehow-okta.com *.cursive.io *.scribehow.com *.google-analytics.com *.customer.io api-js.mixpanel.com/ *.calendly.com facebook.com/tr stats.g.doubleclick.net/ *.s3-accelerate.amazonaws.com colony-labs-public.s3.us-east-2.amazonaws.com *.google.com o385127.ingest.sentry.io *.flagsmith.com api.rollbar.com/ bam.nr-data.net bam-cell.nr-data.net *.clickagy.com g.tenor.com ws.zoominfo.com *.analytics.google.com *.googletagmanager.com www.facebook.com/ analytics.tiktok.com api-iam.intercom.io api-js.mixpanel.com bat.bing.com stats.g.doubleclick.net wss://nexus-websocket-a.intercom.io; font-src 'self' data: *.google.com assets.launchnotes.io/fonts/ fonts.gstatic.com assets.website-files.com; frame-src 'self' *.google.com *.ubembed.com/ *.crazyegg.com cdn.embedly.com *.launchnotes.io/ player.vimeo.com platform.twitter.com/ embed.typeform.com form.typeform.com scribe.involve.me/ calendly.com *.clickagy.com js.stripe.com/ scribehow.com *.scribehow.com app.gong.io *.app.gong.io www.loom.com www.facebook.com www.youtube.com; frame-ancestors 'self' *.scribehow.com scribehow.com; img-src 'self' data: media.tenor.com blob: content: t.co *.scribehow.com *.google.com/ *.profitwell.com *.crazyegg.com *.bing.com tr.outbrain.com/ *.s3.amazonaws.com track.customer.io scribehow.com *.s3-accelerate.amazonaws.com *.s3.us-east-2.amazonaws.com *.googleusercontent.com *.google-analytics.com *.googletagmanager.com www.google.by assets.calendly.com *.clickagy.com d3m1fwcc59lqhy.cloudfront.net *.facebook.com id.rlcdn.com *.ads.linkedin.com p.adsymptotic.com api.faviconkit.com googleads.g.doubleclick.net *.gstatic.com twemoji.maxcdn.com www.googletagmanager.com gravatar.com image.scribehow-prod.com image.scribehow-okta.com www.googletagmanager.com/ pixel-sync.sitescout.com/connectors/clickagy/ *.doubleclick.net/ sync.crwdcntrl.net/map/ stags.bluekai.com/site/ *.agkn.com/ dpm.demdex.net/ us-u.openx.net/w/ idsync.rlcdn.com/ id.rlcdn.com/ analytics.twitter.com assets-global.website-files.com bat.bing.com www.google.rs dna8twue3dlxq.cloudfront.net; manifest-src 'self'; media-src 'self' assets-global.website-files.com; worker-src 'self' blob:; child-src blob:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.uni-graz.at https://webcmp.uni-graz.at https://oembed.uni-graz.at https://bezahlung.uni-graz.at https://webstat.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/ https://*.googletagmanager.com https://connect.facebook.net; img-src 'self' data: https://static.uni-graz.at https://bezahlung.uni-graz.at https://online.uni-graz.at/ https://screenshot.uni-graz.at/ https://webstat.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://www.facebook.com; style-src 'self' 'unsafe-inline' https://static.uni-graz.at https://ask.uni-graz.at/ https://beta.ug.aios.dev/; font-src 'self' https://static.uni-graz.at; object-src 'self' https://static.uni-graz.at; frame-src 'self' https://static.uni-graz.at https://webstat.uni-graz.at https://unitube.uni-graz.at https://open.spotify.com https://www.vimeo.com https://www.youtube.com; worker-src 'none'; connect-src 'self' https://static.uni-graz.at https://webcmp.uni-graz.at https://oembed.uni-graz.at https://bezahlung.uni-graz.at https://search.uni-graz.at/rest/getSuggestions https://webstat.uni-graz.at https://ask.uni-graz.at/ wss://api.ug.leftshift.one/mqtt  https://beta.ug.aios.dev/ wss://api.azure-cloud.aios.dev/mqtt https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://www.facebook.com; report-uri /de/log.raw?context=CSP 1
frame-ancestors 'self' https://*.jatkoaika.com 1
default-src 'self' 'unsafe-inline' files.zohopublic.eu css.zohocdn.com js.zohocdn.com salesiq.zohopublic.eu app.fastbots.ai cdnjs.cloudflare.com *.maxcdn.com ajax.googleapis.com maxcdn.bootstrapcdn.com *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; ;frame-ancestors 'self' *.webhosting.dk webhosting.dk ajax.googleapis.com *.facebook.com *.facebook.net googleadservices.com doubleclick.net *.doubleclick.net *.googleadservices.com; img-src https://* data:; frame-src 'self' 'unsafe-inline' ajax.googleapis.com  *.facebook.com *.facebook.net webhosting.dk *.webhosting.dk fonts.gstatic.com doubleclick.net *.doubleclick.net *.googleadservices.com googleadservices.com app.fastbots.ai salesiq.zohopublic.eu; 1
default-src 'self' www.google-analytics.com privacy-policy.truste.com *.marchex.io; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com privacy-policy.truste.com *.marchex.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' privacy-policy.truste.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; media-src 'self'; 1
default-src 'self' brightvpn.com *.brightvpn.com ws://127.0.0.1:4560 'unsafe-inline' 'unsafe-eval' data: https://*.googletagmanager.com *.google-analytics.com https://*.google.com https://csp.withgoogle.com https://www.pagespeed-mod.com *.doubleclick.net http://ad.doubleclick.net https://brightdata.com ajax.cloudflare.com *.facebook.net *.facebook.com https://*.appsflyer.com https://www.youtube.com https://i.ytimg.com https://wa.onelink.me https://*.gstatic.com yastatic.net https://*.gravatar.com https://*.googleapis.com *.googlevideo.com czedgingtenges.com *.yandex.ru *.yandex.net https://cdn.jsdelivr.net freevpn.world *.freevpn.world; frame-ancestors 'self'; report-uri https://brightdata.com/web_api/report_csp 1
default-src * 'unsafe-inline' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.lietou-static.com *.liepin.com *.alipay.com *.pstatp.com *.liepin.cn *.aliyuncs.com *.baidu.com *.tencent-cloud.com *.qcloud.com *.qq.com *.bdstatic.com unpkg.com lyra-wv-rpc://resource lyra-wv-rpc://rpc https://appx https://appx-t2 *.bytegoofy.com js.cdn.aliyun.dcloud.net.cn *.amap.com captcha.gtimg.com captcha.myqcloud.com *.qcloud.com *.gtimg.com cdn.jsdelivr.net www.googletagmanager.com https://g.alicdn.com https://wkbrs1.tingyun.com https://ssl-cdn.static.browser.mi-img.com data: blob:; child-src * data: blob: ; img-src * android-webview-video-poster: data: blob:; font-src * data: blob: moz-extension:; frame-src * bytedance://dispatch_message data: blob: wvjbscheme:; worker-src * data: blob: ; media-src * data: blob: ; report-uri https://alarmhook.liepin.com/hook/lpsoc-save-csp.json 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com translate.google.com translate.googleapis.com www.google-analytics.com cdnjs.cloudflare.com js-agent.newrelic.com bam.nr-data.net z.moatads.com v1.addthisedge.com m.addthis.com www.ebmcdn.net ssl.p.jwpcdn.com blob: cdn.rawgit.com public.tableau.com bam-cell.nr-data.net translate-pa.googleapis.com www.addevent.com cdn.addevent.com static.cloudflareinsights.com connect.facebook.net www.facebook.com cdn.gtranslate.net addevent.com cdn.jsdelivr.net https://polyfill.io s7.addthis.com static.addtoany.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com translate.googleapis.com addtocalendar.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors http://*.cac.gov.cn https://*.cac.gov.cn http://search.cac.gov.cn http://www.cac.gov.cn http://wap.cac.gov.cn 1
frame-ancestors 'self';  base-uri 'self'; object-src 'none';  1
connect-src 'self' https://reallyfreegeoip.org/json/ https://api.github.com https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io https://content.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/ https://www.redditstatic.com/ads/conversions-config/ https://conversions-config.reddit.com/; base-uri *.wazuh.com wazuh.com; default-src 'self' https: data:; script-src 'self' *.wazuh.com wazuh.com *.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com  https: 'unsafe-inline'; object-src 'self' *.wazuh.com wazuh.com; style-src 'self' *.googleapis.com https://optimize.google.com 'unsafe-inline'; img-src 'self' *.wazuh.com wazuh.com *.gravatar.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.google.com.ar https://www.google.es https://www.googletagmanager.com/ https://stats.g.doubleclick.net https://www.facebook.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://www.linkedin.com/px/ https://script.hotjar.com http://script.hotjar.com https://alb.reddit.com https://t.co/i/adsct https://analytics.twitter.com/i/adsct data:; media-src 'self' *.wazuh.com wazuh.com; frame-ancestors 'self'; frame-src *; font-src 'self' https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com data: 1
frame-ancestors 'self' https://www.channel4000.com/ https://kdvr.com/ https://kfor.com/ https://fox2now.com/ https://fox5sandiego.com/ https://ktla.com/ https://fox40.com/ https://fox4kc.com/ https://wgntv.com/ https://fox8.com/ https://khon2.com/ https://klfy.com/ https://kron4.com/ https://krqe.com/ https://wavy.com/ https://wfla.com/ https://wivb.com/ https://wkrg.com/ https://wkrn.com/ https://woodtv.com/ https://wwlp.com/ https://channel4000.com/ https://koin.com/ https://wreg.com/ https://wric.com/ https://fox59.com/ https://wspa.com/ https://wgno.com/ https://myfox8.com/ https://nbc4i.com/ https://kxan.com/ https://wtnh.com/ https://stage.nxstrib.com/ https://nxs-staging.go-vip.net/ https://wate.com/ https://wkbn.com/ https://cbs17.com/ https://wpri.com/ https://wsav.com/ https://whnt.com/ https://who13.com/ https://abc27.com/ https://cbs42.com/ https://wjhl.com/ https://cw33.com/ https://cw39.com/ https://localdvm.com/watch-dcw50/ https://wgnradio.com/ https://phl17.com/ https://cbs4indy.com/ https://borderreport.com/ https://everythinglubbock.com/ https://myhighplains.com/ https://nxsttv-stage.go-vip.net/ https://nxstrib-com-staging.go-vip.net/ https://myarklamiss.com/ https://kark.com/ https://siouxlandproud.com/ https://keloland.com/ https://easttexasmatters.com/ https://texomashomepage.com/ https://kget.com/ https://yourbigsky.com/ https://8newsnow.com/ https://mysterywire.com/ https://fox16.com/ https://conchovalleyhomepage.com/ https://yourbasin.com/ https://nwahomepage.com/ https://ozarksfirst.com/ https://westernslopenow.com/ https://yourcentralvalley.com/ https://fourstateshomepage.com/ https://ksnt.com/ https://ksn.com/ https://bigcountryhomepage.com/ https://arklatexhomepage.com/ https://ktsm.com/ https://abc4.com/ https://valleycentral.com/ https://kxnet.com/ https://fox21news.com/ https://fox44news.com/ https://wane.com/ https://binghamtonhomepage.com/ https://wboy.com/ https://pahomepage.com/ https://wbtw.com/ https://counton2.com/ https://wcia.com/ https://wdhn.com/ https://wdtn.com/ https://localdvm.com/ https://tristatehomepage.com/ https://mytwintiers.com/ https://mychamplainvalley.com/ https://wearegreenbay.com/ https://wfxrtv.com/ https://cnyhomepage.com/ https://ourquadcities.com/ https://wjtv.com/pine-belt-news/ https://wjbf.com/ https://yourerie.com/ https://upmatters.com/ https://wjtv.com/ https://fox46.com/ https://wiproud.com/ https://wlns.com/ https://mypanhandle.com/ https://centralillinoisproud.com/ https://foxlexington.com/ https://wnct.com/ https://cenlanow.com/ https://wowktv.com/ https://wvillustrated.com// https://mystateline.com/ https://wrbl.com/ https://rochesterfirst.com/ https://localsyr.com/ https://wearecentralpa.com/ https://news10.com/ https://wtrf.com/ https://mywabashvalley.com/ https://brproud.com/ https://wvnstv.com/ https://informnny.com/ https://wytv.com/ https://pix11.com/ https://www.snntv.com/ https://www.wavy.com/ https://cw33.com/ https://www.dcnewsnow.com/ https://www.ketk.com/ https://www.ktalnews.com/ https://www.qcnews.com/ https://fox56news.com/ https://www.wtaj.com/ https://www.newsnationnow.com/ https://thehill.com/; 1
value="default-src 'self' ;" 1
default-src 'self' ; img-src 'self' *.mailbox.org; script-src 'self' *.mailbox.org; style-src 'self' data: 'unsafe-inline' ; frame-src 'self'  *.mailbox.org; frame-ancestors 'self'; object-src 'none'; connect-src 'self' *.mailbox.org; 1
img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://*.paddle.com https://v2.zopim.com https://*.zopim.io; media-src https://v2.zopim.com https://static.zdassets.com; object-src 'none'; worker-src 'none'; style-src 'self' 'unsafe-inline' https://*.paddle.com https://fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com; font-src 'self' data: https://fonts.gstatic.com https://v2.zopim.com; frame-ancestors 'none'; report-uri /api/v1/reports; 1
default-src *.addthis.com *.adform.net *.algolia.com *.algolia.net *.algolianet.com *.algolianet.net *.calameo.com *.culture.fr *.doubleclick.net *.facebook.com *.facebook.net *.g.doubleclick.net *.getwemap.com *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.ingest.sentry.io *.instagram.com *.maptiler.com *.readspeaker.com *.tarteaucitron.io *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org http://apis.syllabs.com http://infolettres-internes.culture.gouv.fr http://infolettres-ministere.culture.gouv.fr http://www.culture.fr http://www.culture.gouv.fr https://api.mapbox.com https://m.addthis.com https://s7.addthis.com https://semaphore.culture.gouv.fr https://semrecf2.culture.fr https://sesame.culture.fr https://stats.g.doubleclick.net https://tarteaucitron.io https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com inline moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' wss://genii-messages.tolk.ai; block-all-mixed-content; font-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.readspeaker.com *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org data: https://fonts.googleapis.com https://fonts.gstatic.com https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://maxcdn.bootstrapcdn.com inline 'self' 'unsafe-inline'; frame-src *.adform.net *.calameo.com *.culture.gouv.fr *.dailymotion.com *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.fr *.googleapis.com *.gouv.fr *.instagram.com *.jcloud.ik-server.com *.maptiler.com *.openstreetmap.fr *.pop.culture.gouv.fr *.readspeaker.com *.soundcloud.com *.tolk.ai *.twitter.com *.vimeo.com *.wikimedia.org *.wikipedia.org http://platform.twitter.com http://s7.addthis.com http://www.instagram.com https://data.culturecommunication.gouv.fr https://livemap.getwemap.com https://www.facebook.com https://www.youtube.com inline 'self' 'unsafe-inline'; img-src *.adform.net *.culture.fr *.culture.gouv.fr *.doubleclick.net *.et-gv.fr *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.picsum.photos *.readspeaker.com *.tarteaucitron.io *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org data: http://www.culture.fr http://www.culture.gouv.fr https://ad.doubleclick.net https://analytics.getwemap.com https://api.getwemap.com https://iecs.culture.gouv.fr https://livemap.getwemap.com https://logs4.xiti.com https://picsum.photos https://semrecf2.culture.fr https://sesame.culture.fr https://sf1-eu.readspeaker.com https://static.piste.gouv.fr https://tarteaucitron.io https://tile.openstreetmap.org https://www.culture.fr https://www.culture.gouv.fr https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com inline 'self' tarteaucitron.io 'unsafe-inline'; script-src *.addthis.com *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.instagram.com *.maptiler.com *.readspeaker.com *.tarteaucitron.io *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org addthid blob: http://connect.facebook.net http://platform.twitter.com http://s7.addthis.com http://siteimproveanalytics.com http://tag.aticdn.net http://www.instagram.com https://ajax.googleapis.com https://api.dmcdn.net https://api.mapbox.com https://app.readspeaker.com https://gva.et-gv.fr https://iecs.culture.gouv.fr https://infolettres.duministeredelaculture.fr https://livemap.getwemap.com https://logp5.xiti.com https://logs152.xiti.com https://m.addthis.com https://sf1-eu.readspeaker.com https://tarteaucitron.io https://v1.addthisedge.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gouvernement.fr https://z.moatads.com inline moz-extension 'self' tarteaucitron.io 'unsafe-eval' 'unsafe-inline' 'nonce-OWEzNDFjNzExNTZlMjczNWU0NjU1ZmNiYWIzYjdhZmU='; style-src *.adform.net *.doubleclick.net *.facebook.net *.g.doubleclick.net *.getwemap.workers.dev *.google-analytics.com *.google.com *.googleapis.com *.gouv.fr *.instagram.com *.maptiler.com *.readspeaker.com *.tarteaucitron.io *.tolk.ai *.twitter.com *.wikimedia.org *.wikipedia.org https://fonts.googleapis.com https://infolettres.duministeredelaculture.fr https://sf1-eu.readspeaker.com https://tarteaucitron.io inline 'self' tarteaucitron.io 'unsafe-inline' 1
default-src https: wss: data: blob:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; frame-ancestors 'self'; 1
frame-ancestors none; default-src 'self' 'unsafe-eval' 'unsafe-inline' api.hubspot.com app.hubspot.com cdn.heeet.io code.visitor-track.com connect.facebook.net fast.wistia.com fast.wistia.net files.together.agency forms.hsforms.com forms.hubspot.com hivestreaming.wpengine.com hivestaging.wpengine.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net js.usemessages.com ml314.com px.ads.linkedin.com secure.gravatar.com snap.licdn.com stats.g.doubleclick.net track.hubspot.com www.facebook.com www.google-analytics.com www.googletagmanager.com data:; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' cdn.heeet.io code.visitor-track.com connect.facebook.net fast.wistia.com js.hsforms.net js.hs-analytics.net js.hs-banner.com *.hscollectedforms.net js.hubspotfeedback.com js.hsleadflows.net js.hsadspixel.net *.hubspot.com *.hs-scripts.com *.usemessages.com forms.hsforms.com ml314.com snap.licdn.com *.google-analytics.com www.googletagmanager.com www.gstatic.com www.recaptcha.net *.wpengine.com bat.bing.com hive2.report-ui.com; script-src-elem 'self' 'unsafe-inline' *.hotjar.com js.hsadspixel.net cdn.heeet.io code.visitor-track.com connect.facebook.net fast.wistia.com *.hsforms.com *.hsforms.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net js.hsleadflows.net js.usemessages.com ml314.com snap.licdn.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.recaptcha.net cdnjs.cloudflare.com ssl.google-analytics.com visualsponline.azurewebsites.net *.wpengine.com bat.bing.com *.rackcdn.com *.clarity.ms leads-api.gonorth.io *.callrail.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval'; frame-src *.youtube.com *.hotjar.com *.wpengine.com fast.wistia.net www.recaptcha.net www.googletagmanager.com player.vimeo.com www.facebook.com gateway.zscloud.net *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com api.momindum.com play.vidyard.com; child-src fast.wistia.net www.recaptcha.net app.hubspot.com player.vimeo.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com blob:; img-src 'self' data: files.together.agency forms.hsforms.com px.ads.linkedin.com www.facebook.com www.google-analytics.com www.googletagmanager.com go.zoominfo.com p.adsymptotic.com px4.ads.linkedin.com secure.gravatar.com www.gstatic.com embedwistia-a.akamaihd.net www.linkedin.com fast.wistia.com *.vimeocdn.com *.hubspot.com *.embedwistia-a.akamaihd.net *.hubspot.net *.wpengine.com bat.bing.com *.clarity.ms *.bing.com; font-src 'self' data: fonts.gstatic.com github.com; connect-src 'self' *.hotjar.com stats.g.doubleclick.net px.ads.linkedin.com embedwistia-a.akamaihd.net embedwistia-a.akamaihd.net www.google-analytics.com www.facebook.com hubspot-forms-static-embed.s3.amazonaws.com js.hs-banner.com js.usemessages.com js.hsleadflows.net js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com *.hsforms.com *.hubapi.com *.hubspot.com *.litix.io *.wistia.com *.wpengine.com ws: cdn.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms leads-api.gonorth.io; manifest-src 'self'; form-action 'self' forms.hsforms.com forms.hubspot.com www.facebook.com; object-src 'none'; media-src * blob:; base-uri 'self'; report-uri https://hive2.report-uri.com/r/d/csp/enforce 1
connect-src 'self' my-ducati-stg.s3.eu-west-1.amazonaws.com my-ducati-dev.s3.eu-west-1.amazonaws.com my-ducati-prd.s3.eu-west-1.amazonaws.com *.dynatrace.com api-public.ducati.com wurfl.io c.go-mpulse.net calculator.vwfs.com calculator.volkswagenbank.de s.yimg.com www.facebook.com *.facebook.com apiwheel.h-en.me *.akstat.io *.akamaihd.net performance.typekit.net *.rsc.cdn77.org dasfelynsaterr.webcam videoram.com www.bing.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.analytics.google.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net  *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com secure-ds.serving-sys.com images.ctfassets.net *.serving-sys.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv ; font-src data: 'self' fonts.gstatic.com github.com media.ducati.com assets.ducati.com use.typekit.net chrome-extension *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src-elem data: *.dynatrace.com assets.ducati.com platform.twitter.com  pixel.mathtag.com loadus.exelator.com *.snt.imrworldwide.com pool.adizio.com pool.admedo.com gc.kis.v2.scr.kaspersky-labs.com s.yimg.com sp.analytics.yahoo.com 'self' 'unsafe-inline' *.googleapis.com *.mouseflow.com teads.tv s.go-mpulse.net s2.adform.net use.typekit.net wurfl.io *.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de gateway.zscalertwo.net about *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com secure-ds.serving-sys.com bs.serving-sys.com cdn.scaleflex.it analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src *.dynatrace.com assets.ducati.com platform.twitter.com  s.yimg.com use.typekit.net 'self' 'unsafe-eval' 'unsafe-inline' s.go-mpulse.net wurfl.io *.googletagmanager.com www.gstatic.com www.volkswagenbank-cloud.de *.googleapis.com *.mouseflow.com teads.tv s2.adform.net sp.analytics.yahoo.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; base-uri 'self' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; frame-src pixel.mathtag.com platform.twitter.com  www.youtube.com youtu.be www.facebook.com *.googletagmanager.com remove.video *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; img-src 'self' about data: * *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; script-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; style-src-attr 'unsafe-inline' *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv; style-src-elem 'self' 'unsafe-inline' assets.ducati.com fonts.googleapis.com adblockers.opera-mini.net *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv  ; style-src 'self' 'unsafe-eval' 'unsafe-inline' assets.ducati.com fonts.googleapis.com translate.googleapis.com *.linkedin.com *.licdn.com *.google-analytics.com *.googleadservices.com *.google.com *.google.it *.doubleclick.net emea-ducati.netmng.com *.facebook.net *.a8723.com u.logbor.com mm.markandmini.com ad13.adfarm1.adition.com s.yimg.jp b92.yahoo.co.jp track.adform.net aax-eu.amazon-adsystem.com cdn.cookielaw.org *.onetrust.com youtube.com cdn.hypemarks.com tags.srv.stackadapt.com *.awsducati.com analytics.tiktok.com *.taboola.com *.twitter.com *.googleapis.com *.mouseflow.com teads.tv 1
script-src 'nonce-hGki5EPKpN3cReo3FJPmZg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=818d482d-392d-4fd9-ae8c-9b79bde0170c; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
upgrade-insecure-requests; frame-ancestors 'self' https://avalara.sb.amp.vg https://avalara.amp.vg https://partner.avalara.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: *.cookielaw.org *.googletagmanager.com *.calendly.com *.visualwebsiteoptimizer.com *.fullstory.com *.crazyegg.com *.whova.com whova.com *.cloudfront.net *.typekit.net use.typekit.net *.adroll.com *.adroll.mgr.consensu.org cors-anywhere.herokuapp.com gist.github.com  rum-static.pingdom.net *.ckeditor.com translate.googleapis.com translate.google.com *.jotform.com *.crazyegg.com cdn.jotfor.ms *.jotform.com static.issuu.com instagram.com www.instagram.com t.sf14g.com 1.tl813.com http://static.issuu.com analytics.twitter.com srdrvp.com static.ads-twitter.com apis.google.com *.addthis.com *.addthisedge.com secure.comodo.net static.ads-twitter.com platform.twitter.com www.googleadservices.com http://www.googleadservices.com *.akamaihd.net www.google-analytics.com www.google.com cdnjs.cloudflare.com *.typekit.net *.jotform.us cdn.jsdelivr.net ajax.googleapis.com connect.facebook.net www.facebook.com facebook.com use.typekit.net ssl.google-analytics.com *.gstatic.com cse.google.com www.googleapis.com *.mobilecause.com bam.nr-data.net googletagmanager.com formalyzer.com maps.googleapis.com e.issuu.com *.silkroad.com *.createsend.com *.createsend1.com *.polldaddy.com polldaddy.com *.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com secure4.entertimeonline.com *.dafdirect.org *.jotfor.ms *.jotform.io *.jotform.com *.vidyard.com *.airpr.com *.dca0.com *.mountain.com *.doubleclick.net *.adsrvr.org *.steelhousemedia.com *.juicer.io *.hotjar.com utt.impactcdn.com *.vimeo.com *.fundraiseup.com *.fundraiseupobjects.com https://fundraiseupobjects.com/tb *.stripe.com m.stripe.network *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com *.paypalobjects.com *.optimizely.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com *.cloudflareinsights.com *.licdn.com *.pdst.fm *.basis.net arborday.blueconic.net p867.arborday.org; img-src 'self' data: about: 1.tl813.com arbordayblog.org * *.adroll.com *.leadlander.com *.advertising.com *.facebook.com *.google-analytics.com *.outbrain.com *.pubmatic.com *.3lift.com *.taboola.com dsum-sec.casalemedia.com *.rubiconproject.com ads.yahoo.com *.adnxs.com x.bidswitch.net *.youtube.com idsync.rlcdn.com us-u.openx.net *.atdmt.com *.s3.amazonaws.com log.pinterest.com i.ytimg.com *.jotform.com t.co *.gstatic.com *.instagram.com *.cdninstagram.com *.fbcdn.net www.google-analytics.com *.doubleclick.net *.jotfor.ms *.jotform.com csi.gstatic.com maps.gstatic.com p.typekit.net www.google.com www.googleapis.com maps.googleapis.com www.facebook.com *.google.com *.arborday.org www.googleapis.com ssl.google-analytics.com syndication.twitter.com shpg.org arborday.sjv.io ojrq.net logs-01.loggly.com *.hotjar.com *.fundraiseup.com ucarecdn.com pay.google.com *.paypalobjects.com https://cdn.optimizely.com; font-src 'self' data: use.typekit.net fonts.googleapis.com fonts.gstatic.com *.jotfor.ms *.jotform.com *.juicer.io *.hotjar.com *.fundraiseup.com *.stripe.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net assets-cdn.github.com *.ckeditor.com *.githubassets.com use.typekit.net translate.googleapis.com *.gstatic.com cdn.jotfor.ms *.jotform.com www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com *.dafdirect.org *.jotfor.ms *.jotform.com *.typekit.net *.juicer.io *.hotjar.com; frame-src 'self' mailto: lltrck.com *.paycomonline.net *.doubleclick.net youtu.be *.soundcloud.com *.jotform.io calendly.com *.jotform.com whova.com *.whova.com *.berkeley.edu https://coolclimate.berkeley.edu https://coolclimate-calculator-ui.firebaseapp.com www.facebook.com *.google.com *.vimeo.com www.instagram.com syndication.twitter.com *.jotform.us https://staticxx.facebook.com *.igive.com cse.google.com pdf.snapandread.com app.mobilecause.com *.arborday.org www.arborday.org hotelfootprints.org www.hotelfootprints.org www.youtube.com http://www.youtube.c e.issuu.com api.braintreegateway.com treesandutilities.com *.silkroad.com ajax.googleapis.com connect.facebook.net platform.twitter.com *.addthis.com *.createsend.com *.createsend1.com *.leadlander.com *.vidyard.com *.arcgis.com *.hotjar.com arborday.sjv.io *.givesmart.com *.fundraiseup.com *.stripe.com *.src.mastercard.com *.checkout.visa.com *.plaid.com *.paypal.com *.paypalobjects.com pay.google.com https://a25272300036.cdn.optimizely.com https://a25272300036.cdn-pci.optimizely.com *.sitescout.com; frame-ancestors 'self' www.logees.com *.liedlodge.org shop.arborday.org corporategifts.arborday.org  *.domaincontrol.com *.ip.secureserver.net *.upnllc.com *.godaddy.com logees.com *.dutchmantreefarms.com dutchmantreefarms.com http://www.dutchmantreefarms.com www.bluehillwildlifenursery.com bluehillwildlifenursery.com treesandutilities.com www.treesandutilities.com *.secureserver.net *.akam.net *.godaddy.com *.silkroad.com createsend.com; connect-src 'self' *.cookielaw.org arbordayblog.org *.saashr.com *.google-analytics.com *.fullstory.com *.jotform.com cors-anywhere.herokuapp.com *.gstatic.com secure4.entertimeonline.com rum-collector-2.pingdom.net *.crazyegg.com wss://www.arborday.org performance.typekit.net ssl.google-analytics.com *.jotform.us createsend.com *.doubleclick.net *.cloudfront.net appstoreconnect.com *.berkeley.edu *.vidyard.com *.dca0.com *.adroll.com *.juicer.io *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com arborday.sjv.io *.onetrust.com maps.googleapis.com fndrsp.net fndrsp-checkout.net *.fundraiseup.com *.fundraiseupobjects.com https://fundraiseupobjects.com/tb *.stripe.com *.paypal.com *.paypalobjects.com *.plaid.com *.mastercard.com *.checkout.visa.com pay.google.com https://google.com/pay api.addressy.com *.optimizely.com https://logx.optimizely.com https://*.optimizely.com *.linkedin.com *.cloudfunctions.net p867.arborday.org; 1
default-src 'unsafe-inline' 'unsafe-eval' http://img.qianlong.com http://upload.qianlong.com *.qianlong.com http://slwza.qianlong.com https://tts.yunmd.net https://qlstats.bjnews.com.cn hm.baidu.com qlstats.bjnews.com.cn 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; worker-src blob:; connect-src 'self' wss://tsock.us1.twilio.com/v3/wsconnect https:; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; font-src 'self' https: data: 1
upgrade-insecure-requests; frame-ancestors 'self' https://customer.norwegian.com 1
frame-ancestors 'self' *.ztedevices.com 1
default-src 'self' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com fonts.gstatic.com api.kudoway.com stats.g.doubleclick.net cdn-broadcast002-iad.tokbox.com prd.jwpltx.com blob: cdn-broadcast002-pdx.tokbox.com *.tokbox.com www.odwebp.svc.ms public.tableau.com recapd.com; connect-src 'self' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com fonts.gstatic.com api.kudoway.com stats.g.doubleclick.net cdn-broadcast002-iad.tokbox.com prd.jwpltx.com blob: cdn-broadcast002-pdx.tokbox.com *.tokbox.com www.odwebp.svc.ms public.tableau.com recapd.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' fast.fonts.net fonts.gstatic.com; img-src 'self' i.ytimg.com www.gstatic.com www.google-analytics.com data: https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com stats.g.doubleclick.net ssl.p.jwpcdn.com content.jwplatform.com developer.jwplayer.com blob: https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://dap.digitalgov.gov https://polyfill.io https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' public.govdelivery.com www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com js-agent.newrelic.com bam.nr-data.net kudo-widget.s3.amazonaws.com ssl.p.jwpcdn.com content.jwplatform.com translate.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://dap.digitalgov.gov https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com www.youtube.com dap.digitalgov.gov www.google-analytics.com s.ytimg.com fast.fonts.net kudo-widget.s3.amazonaws.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.neh.gov/report-uri/enforce 1
default-src 'self' undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* blob: undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: undefined https://nmonpoendpoint.2cnt.net https://apis.dev.avrotros.io https://apis.avrotros.io https://*.run.app/ https://*.avrotros.io https://*.avrotros.nl https://*.avrotros.site ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 1
default-src 'self'; img-src 'self' data: blob: https://*.akamaized.net https://yt3.ggpht.com https://cdn.xsolla.net https://secure.xsolla.com https://www.google.com https://www.google-analytics.com https://*.owox.com https://*.playkot.com https://supercitygame.com https://www.google.de; media-src https://*.akamaized.net https://*.playkot.com; font-src https://*.akamaized.net https://fonts.gstatic.com https://*.playkot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.akamaized.net https://static.xsolla.com https://cdn.jsdelivr.net https://connect.facebook.net https://*.doubleclick.net https://yt3.ggpht.com https://cdn.pushwoosh.com https://www.googletagmanager.com https://www.google-analytics.com https://js.sentry-cdn.com https://www.google.com https://www.gstatic.com https://*.playkot.com https://*.helpshift.com; connect-src 'self' data: https://*.akamaized.net https://*.doubleclick.net https://platform-lookaside.fbsbx.com https://*.playkot.team https://www.google-analytics.com https://*.google-analytics.com https://cp.pushwoosh.com https://*.playkot.com wss://*.scwk8.playkot.team https://*.supercitygame.com/; frame-src https://www.youtube.com https://*.xsolla.com https://www.google.com https://*.helpshift.com/; child-src 'self' https://www.youtube.com 1
upgrade-insecure-requests; media-src https: data: blob:; img-src https: data: blob:; object-src 'none'; worker-src 'self' blob:; default-src https: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://www.mymercy.net *.tt.omtrdc.net *.vjs.zencdn.net *.adobedtm.com *.googleapis.com *.gstatic.com *.cloudfront.net mercyhealth.sc.omtrdc.net st1.dialogtech.com *.dialogtech.com *.demdex.net cm.everesttech.net *.mymercy.net *.mercy.net dev.day.com *.healthwise.net *.docscores.com *.google-analytics.com *.youtube.com *.zencdn.net *.selfcare.info *.ytimg.com *.boltdns.net *.alexametrics.com *.brightcove.com *.brightcove.net bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.media.brightcove.com hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com *.2o7.net *.omtrdc.net stats.g.doubleclick.net *.googletagmanager.com *.yextpages.net *.yext-static.com *.yext-pixel.com *.flickr.com *.googleadservices.com googleads.g.doubleclick.net *.google.com bid.g.doubleclick.net *.ggpht.com *.doubleclick.net *.mouseflow.com *.adobe.com *.omniture.com *.google.ca *.cloudflare.com *.sitescdn.net *.yext.com *.pagescdn.com cyberscript.ais-rx.com *.cloudhub.io *.a2z.com *.facebook.net *.facebook.com *.evergage.com *.evgnet.com *.force.com *.salesforce.com *.salesforceliveagent.com *.salesforce-sites.com mercyhealthcare.s3.us-west-1.amazonaws.com *.avaamo.com H1avaamo.s3.us-west-2.amazonaws.com questionnaire.canceriq.com; frame-ancestors https://*.mercy.net https://*.mymercy.net https://www.mtsmychart.com https://www.chistvincentonecare.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.sprinklr.com *.leadfamly.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: *.sprinklr.com; upgrade-insecure-requests; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src *; frame-src *; media-src * blob:; worker-src * blob:; 1
frame-ancestors 'self'; upgrade-insecure-requests; report-uri /api/csp-report 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.endnote.com *.clarivate.com *.famewall.io *.upsellit.com *.gatedcontent.com https://clarivate.com https://cdn.cookielaw.org https://www.googletagmanager.com https://s786780033.t.eloqua.com *.6sc.co https://bam.nr-data.net https://dev.visualwebsiteoptimizer.com https://cdn.linkedin.oribi.io https://www.google-analytics.com https://dev.visualwebsiteoptimizer.com https://assets.vidyard.com https://play.vidyard.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://js.driftt.com https://js-agent.newrelic.com https://secure.quantserve.com https://bam-cell.nr-data.net https://analytics.twitter.com https://rules.quantcount.com https://cdnjs.cloudflare.com https://static-cf.cleverbridge.com https://img.en25.com https://img06.en25.com https://platform.twitter.com https://widget.trustpilot.com https://static.addtoany.com  https://bam.nr-data.net  https://googleads.g.doubleclick.net  https://googleads.g.doubleclick.net  https://www.google-analytics.com ; frame-ancestors 'self' *.clarivate.com; connect-src 'self' ws: wss: *; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-maYOkfKOJUSuu5941IKT_g' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.smarttech.com 1
default-src 'self'; frame-src http: data:; connect-src http: data:; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net snap.licdn.com static.ads-twitter.com secure.perk0mean.com *.googletagmanager.com www.google-analytics.com maps.googleapis.com cdn.jsdelivr.net www.google.com sc.lfeeder.com www.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com;frame-src 'self' www.google.com www.youtube.com v.qq.com player.vimeo.com pc-api-public.sabic.com; connect-src px.ads.linkedin.com *.google-analytics.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com *.analytics.google.com maps.googleapis.com 'self'; img-src 'self' data: *.googleapis.com www.google.nl www.google.com www.google.co.uk px.ads.linkedin.com *.ggpht.com *.google-analytics.com *.googletagmanager.com productcatalogue.sabic.com maps.gstatic.com maps.googleapis.com tr-rc.lfeeder.com www.gstatic.com productcatalogue.sabic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self' teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/; connect-src 'self' cdn.linkedin.oribi.io *.givelively.org *.mktoresp.com *.mktoutil.com region1.analytics.google.com *.google.com analytics.tiktok.com attestation.android.com bcbolt446c5271-a.akamaihd.net csi.gstatic.com edge.api.brightcove.com gtm-w82hjxd-otazy.uc.r.appspot.com *.addthis.com ka-f.fontawesome.com manifest.prod.boltdns.net notifier-configs.airbrake.io og2022-api.sports.gracenote.com pagead2.googlesyndication.com pixel.adsafeprotected.com *.teamusa.org rum-collector-2.pingdom.net *.g.doubleclick.net teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.facebook.com *.google-analytics.com www.trackwrestling.com; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com ka-f.fontawesome.com maxcdn.bootstrapcdn.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ widgets.sports.gracenote.com www.trackwrestling.com; form-action 'self' analytics.clickdimensions.com bbox.blackbaudhosting.com *.teamusa.org form.usoc.org *.twitter.com teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net teamusa.us2.list-manage.com usateamhandball.us3.list-manage.com usoc.tfaforms.net usopc.tfaforms.net www.facebook.com; frame-src 'self' *.givelively.org abc11.com *.tourneymachine.com anchor.fm app-ab22.marketo.com bbox.blackbaudhosting.com www.bullseyelocations.com www.buzzsprout.com cdn.flipsnack.com classy.org *.classy.org  content.usawmembership.com c.streamhoster.com draftable.com embed.fitrankings.com embed.gettyimages.com free.timeanddate.com gc.com geosnapshot.com indd.adobe.com judoreferee.com kingsumo.com livestream.com online.anyflip.com photos.pixlee.co player.vimeo.com s3.amazonaws.com/online.anyflip.com/vrut/kvxl/ share.transistor.fm st.chatango.com streaming.enetlive.tv tableau.usoc.org teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ themat.tv universe.queue-it.net uploads.knightlab.com usa.asasoftball.com usaboxing.webpoint.us usadiving.ticketspice.com *.wufoo.com usatt.simplycompete.com usawaterski.org *.sport80.com www.givedirect.org www.paypal.com www.paypalobjects.com www.scribd.com www.slideshare.net www.surveymonkey.com www.thorne.com www.universe.com www.usakaratemembership.com www.usaracquetballevents.com www.usawaterski.org www.usawmembership.com *.fls.doubleclick.net *.safeframe.googlesyndication.com *.g.doubleclick.net giphy.com imasdk.googleapis.com *.twitter.com *.teamusa.org players.brightcove.net public.tableau.com snapwidget.com *.addthis.com tpc.googlesyndication.com vplayer.nbcolympics.com vplayer.nbcsports.com *.facebook.com *.google.com www.googletagmanager.com www.instagram.com www.youtube.com; img-src 'self' *.givelively.org *.twimg.com barbend.com bbox.blackbaudhosting.com cdn-images.mailchimp.com cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.8.0/ajax-loader.gif cf-images.us-east-1.prod.boltdns.net connect.facebook.net content.themat.com data: *.adsafeprotected.com images.sports.gracenote.com images.teamusa.org img.youtube.com iwf.sport i.ytimg.com *.g.doubleclick.net learningacademy1.usadiving.org mcusercontent.com/93fe0d952f40d98f22a93f8e4/images/ metrics.brightcove.com p.adsymptotic.com *.ads.linkedin.com *.googlesyndication.com pixel.quantserve.com reg.usajudo.net s3.amazonaws.com/photos.usacycling.org/ *.twitter.com region1.analytics.google.com *.google-analytics.com *.gstatic.com t.co teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net t.paypal.com tw-ads.s3-us-west-2.amazonaws.com tw-ads.s3.us-west-2.amazonaws.com upload.wikimedia.org/wikipedia/commons/3/32/Sarah_Docter_1980.jpg usa.asasoftball.com widgets.sports.gracenote.com www.facebook.com www.google.com www.googletagmanager.com www.iwf.net www.linkedin.com www.nationalspeedskatingmuseum.org www.officialgear.com www.paypalobjects.com www.trackwrestling.com www.google.at www.google.be www.google.ca www.google.ch www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.uk www.google.co.vi www.google.com.au www.google.com.hk www.google.com.mx www.google.com.pr www.google.com.sg www.google.com.tw www.google.de www.google.dk www.google.es www.google.fi www.google.fr www.google.gr www.google.ie www.google.it www.google.lu www.google.nl www.google.no www.google.pt www.google.se www.google.vg; media-src 'self' blob: bcbolt446c5271-a.akamaihd.net bcovlive-a.akamaihd.net manifest.prod.boltdns.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.givelively.org adservice.google.com ajax.googleapis.com *.clickdimensions.com analytics.tiktok.com *.twitter.com app-ab22.marketo.com az124611.vo.msecnd.net/web/v10/CDWidget.js bbox.blackbaudhosting.com www.buzzsprout.com *.adsafeprotected.com cdn.syndication.twimg.com cdnjs.cloudflare.com cdnslssl.coveritlive.com code.jquery.com connect.facebook.net countdown.omegawatches.com *.g.doubleclick.net *.teamusa.org *.addthis.com kit.fontawesome.com maxcdn.bootstrapcdn.com munchkin.marketo.net *.googleadservices.com players.brightcove.net public.tableau.com qa-widgets.sports.gracenote.com reg.usajudo.net rules.quantcount.com rum-static.pingdom.net s3.amazonaws.com/downloads.mailchimp.com/ teamusa.us2.list-manage.com sdk.classy.org secure.quantserve.com *.google-analytics.com snap.licdn.com snapwidget.com stackpath.bootstrapcdn.com static.ads-twitter.com *.wufoo.com tableau.usoc.org *.cdc.gov teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net *.googlesyndication.com usoc.tfaforms.net usopc.tfaforms.net v1.addthisedge.com vjs.zencdn.net widgets.flickr.com widgets.sports.gracenote.com widget.surveymonkey.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com *.instagram.com www.olympicchannel.com www.paypal.com www.paypalobjects.com www.trackwrestling.com www.universe.com adservice.google.at adservice.google.be adservice.google.ca adservice.google.ch adservice.google.co.jp adservice.google.co.kr adservice.google.co.nz adservice.google.co.uk adservice.google.com.au adservice.google.com.hk adservice.google.com.mx adservice.google.com.pr adservice.google.com.sg adservice.google.com.tw adservice.google.de adservice.google.dk adservice.google.es adservice.google.fi adservice.google.fr adservice.google.gr adservice.google.ie adservice.google.it adservice.google.nl adservice.google.no adservice.google.pt adservice.google.se; style-src 'self' 'unsafe-inline' bbox.blackbaudhosting.com cdn.fonts.net cdn-images.mailchimp.com cdnjs.cloudflare.com cdn-us.clickdimensions.com code.jquery.com fonts.googleapis.com maxcdn.bootstrapcdn.com platform.twitter.com reg.usajudo.net static.ctctcdn.com/h/contacts-embedded-signup-assets/1.0.2/css/signup-form.css teamusastdstorage.blob.core.windows.net/collegiatepartnership2022widgets/ teamusa.tfaforms.net usoc.tfaforms.net usopc.tfaforms.net www.instagram.com *.teamusa.org www.trackwrestling.com; worker-src 'self' blob:; report-uri https://teamusa.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self';  default-src 'self' seed.net.tw  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' seed.net.tw  ;  connect-src 'self' seed.net.tw  ;  frame-src seed.net.tw  ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://cms.wellcome.org https://wt-corporated8-develop.codeenigma.net https://wt-corporated8-master.codeenigma.net; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-b9LpJrIy8EiPSP9/U5eurQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src https: wss: 'unsafe-eval' 'unsafe-inline' data:; child-src https: blob:; worker-src https: blob:; 1
base-uri 'self';connect-src 'self' *.clarity.ms *.bing.com *.facebook.com *.mktoresp.com *.ubembed.com *.google.com *.pinterest.com *.wistia.com *.litix.io *.crazyegg.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com;default-src 'self';font-src 'self' data: *.typekit.net;frame-ancestors 'self';frame-src 'self' *.ubembed.com *.doubleclick.net *.vimeo.com *.facebook.com *.youtube.com *.pinterest.com *.explorelearning.com;img-src 'self' data: *.bing.com *.twitter.com *.explorelearning.com *.pinterest.com *.wistia.com *.vimeocdn.com *.ytimg.com *.linkedin.com https://t.co *.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com *.clarity.ms;media-src 'self' *.explorelearning.com blob:;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.bing.com *.google.com *.ubembed.com *.facebook.net *.wistia.com *.doubleclick.net *.marketo.net *.pinimg.com *.crazyegg.com *.licdn.com *.google-analytics.com *.googletagmanager.com *.explorelearning.com *.vimeo.com;style-src 'self' 'unsafe-inline' *.typekit.net *.explorelearning.com;worker-src blob:; 1
default-src https: http://*.miisolutions.net:1935; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob: 'unsafe-inline'; connect-src https:; font-src https: data: 'unsafe-inline'; object-src https: data: 'unsafe-inline'; media-src data: https: http://*.miisolutions.net:1935 http://c.brightcove.com https://brightcove.hs.llnwd.net https://secure.brightcove.com http://brightcove.vo.llnwd.net blob:; child-src data: https: 'self' blob:;  frame-src data: https: 'self'; form-action https: 'self'; frame-ancestors http: https: 'self' http://library.uml.edu 1
default-src 'self' data:; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *.opentok.com fonts.googleapis.com js.chargebee.com https://session.surfly.com; font-src 'self' fonts.gstatic.com https://session.surfly.com; frame-src 'self' js.chargebee.com https://surfly.quadernoapp.com https://surfly.com *.surfly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.opentok.com stats-api.surfly.com js.chargebee.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com https://session.surfly.com surfly.com web2smartconnect.eu surfly.io cobrowse.pathadvice.ai cobrowsing.empathy-portal.de surfly-us.com cobrowsing.uateltropy.com cobrowsing.qa3-eltropy.com cobrowsing.eltropy.com signing.remotenotarez.com cobrowse.natcocu.org cobrowse.arvest.com cobrowse.nccyou.com cobrowse.alkamitech.com connecttoassist.syf.com customerassistance.cubesmart.com cobrowse.coreplus.org cobrowse.insightcreditunion.com cobrowse.cypruscu.com cobrowse.cbcfcu.org cobrowse.parkcitycu.org cobrowse.socu.org cobrowse.homebasecu.org cobrowse.interiorfcu.org cobrowse.ubmich.com cobrowse.leebank.com cobrowse.mynorthern.com cobrowse.peoplefirst.com cobrowse.mycentric.org cobrowse.cobaltcu.com cobrowse.msgcu.org cobrowse.cmefcu.org video.beyondbeautyclub.com cobrowse.bscu.org cobrowse.teamonecu.org; connect-src 'self' js.chargebee.com *.opentok.com stats-api.surfly.com *.tokbox.com wss://*.tokbox.com *.surfly.com surfly.com web2smartconnect.eu surfly.io cobrowse.pathadvice.ai cobrowsing.empathy-portal.de surfly-us.com cobrowsing.uateltropy.com cobrowsing.qa3-eltropy.com cobrowsing.eltropy.com signing.remotenotarez.com cobrowse.natcocu.org cobrowse.arvest.com cobrowse.nccyou.com cobrowse.alkamitech.com connecttoassist.syf.com customerassistance.cubesmart.com cobrowse.coreplus.org cobrowse.insightcreditunion.com cobrowse.cypruscu.com cobrowse.cbcfcu.org cobrowse.parkcitycu.org cobrowse.socu.org cobrowse.homebasecu.org cobrowse.interiorfcu.org cobrowse.ubmich.com cobrowse.leebank.com cobrowse.mynorthern.com cobrowse.peoplefirst.com cobrowse.mycentric.org cobrowse.cobaltcu.com cobrowse.msgcu.org cobrowse.cmefcu.org video.beyondbeautyclub.com cobrowse.bscu.org cobrowse.teamonecu.org 1
default-src 'self' *.ibs.it 'unsafe-inline' 'unsafe-eval' *.visualstudio.com *.awin1.com yourcitynolimits.com edgeshoppingstatic.azureedge.net appleid.cdn-apple.com *.lafeltrinelli.it maxcdn.bootstrapcdn.com mozbar.moz.com *.calicluo.com *.stoploco.com *.colloquiumz.com eu.klarnaevt.com api.clean-blocker.com js.klarna.com *.jsdelivr.net *.bing.com api.blocksly.org a.twiago.com *.thebrighttag.com jadserve.postrelease.com jwpltx.com trends.revcontent.com fibs-prd-apim-gw.life-cloud.net europe.directline.botframework.com europe.directline.botframework.com *.lacedefe.com s.ad.smaato.net *.zunelrish.com *.demdex.net s.kelkoogroup.net *.go-mpulse.net http://p2c.xplace.de code.jquery.com sync.aralego.com creativecdn.com *.creativecdn.com *.3lift.com trk.lgw.io insights.algolia.io alemobility.com icecat.biz tapestry.tapad.com *.algolianet.com *.tradedoubler.com *.socdm.com *.tradetracker.com *.tradetracker.net ray.st i.liadm.com the.sciencebehindecommerce.com tafopo.navahididi.com g.alicdn.com pubmatic.com *.criteo.net *.criteo.com criteo-partners.tremorhub.com *.avast.com *.azure.net *.monitor.azure.net conoret.com *.bidswitch.net contextual.media.net ads.stickyadstv.com *.clmbtech.com *.logitalie.com *.jwpcdn.com *.moiziq.com data1.pakolir.com *.krxd.net *.ampproject.org *.adform.net id5-sync.com *.moz.com pixel.rubiconproject.com ups.analytics.yahoo.com *.dable.com ibs-prod.mirakl.net sync-criteo.ads.yieldmo.com ad.yieldlab.net criteo-partners.tremorhub.com idsync.rlcdn.com ad.tpmn.co.kr *.mediawallahscript.com *.kk-resources.com *.igodigital.com *.smartadserver.com *.w3.org *.googletagmanager.com bsa-media.s3.amazonaws.com *.pubmatic.com *.googletagservices.com inishop.com www.youtube-nocookie.com *.googleoptimize.com *.blob.core.windows.net samples.findawayworld.com *.akamaihd.net *.kobo.com *.klarnacdn.net *.b-cdn.net *.sharethrough.com *.lift.com *.pletar.com *.adingo.jp *.bidswitch.com *.adnxs.com *.casalemedia.com *.salemedia.com *.mediavine.com *.googleadservices.com conversiontag.commerce-connector.com *.youtube.com *.360yield.com *.ivitrack.com *.clarity.com *.clarity.ms cr-input.mxpnl.net *.tiktok.com *.outbrain.com criteo-sync.teads.tv *.taboola.com *.omnitagjs.com *.facebook.com *.facebook.net *.onetrust.com fibs-prd-apim.azure-api.net *.riskified.com *.icecat.biz *.cookielaw.org *.addtoany.com *.cloudflare.com *.cloudfront.net *.nedua *.doubleclick.net *.wepowerconnections.com *.richrelevance.com *.msecnd.net *.gstatic.com polyfill.io *.algolia.net *.googlesyndication.com *.google-analytics.com *.addthisedge.com *.googleapis.com *.moatads.com *.dwin1.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat properties: blob: data: https: wss:;upgrade-insecure-requests;report-uri https://fibs-prd-apim.azure-api.net/csp-prd-ai/ibs-v1/Track 1
frame-ancestors 'self' http://planet.lookbookhq.com https://planet.lookbookhq.com http://planet.pathfactory.com https://planet.pathfactory.com http://content.planet.com https://content.planet.com; 1
default-src 'self' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; img-src 'self' data: *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; style-src 'self' 'unsafe-inline' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; font-src 'self' *.doubleclick.net *.google.com *.googleapis.com *.googlesyndication.com *.paypal.com *.paypalobjects.com; object-src 'self' frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
base-uri 'none'; img-src * data: blob:; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; media-src blob: https://*.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://shs-components.infopark.io https://*.siemens-healthineers.com https://preview-cdn.scrvt.com/; worker-src blob: https://*.siemens-healthineers.com; script-src data: blob: 'unsafe-inline' 'unsafe-eval' 'self' https://api.scrivito.com https://assets.scrivito.com https://*.siemens.com https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu/ https://tools.adlytics.net https://charts3.equitystory.com/ https://irpages2.eqs.com/ https://shs-components.infopark.io https://players.brightcove.net https://vjs.zencdn.net https://siemenshealthcare.postclickmarketing.com https://ionfiles.scribblecdn.net https://manifest.prod.boltdns.net https://*.brightcovecdn.com https://www.adobetag.com https://static.adlytics.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://sjs.bizographics.com https://img.en25.com/i/elqCfg.min.js https://cdns.gigya.com; frame-ancestors 'self' https://*.scrivito.com https://gather.town; object-src 'none'; block-all-mixed-content 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.flightglobal.com https://eme.abacusemedia.com; 1
frame-ancestors 'self' https://*.csus.edu https://csus.cascadecms.com https://csus.service-now.com 1
default-src 'self' https://www.youtube.com http://*.streamlike.com https://alstom.canto.global https://*.career-inspiration.com https://channel.royalcast.com https://*.facebook.com https://ir.q4europe.com https://*.google.com https://maps.googleapis.com https://static.cloudflareinsights.com https://static.pathmotion.io https://twitter.com https://www.google.fr https://www.googletagmanager.com https://www.instagram.com https://www.linkedin.com https://youtu.be https://*.alstom.com https://cdn.cookielaw.org https://ecb.qualquantsignals.com https://invitation.opinionbar.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://alstom.containers.piwik.pro/ https://*.hotjar.com/ https://*.gstatic.com https://chosen.css 'unsafe-inline' https://chosen.jquery.js data: https://bam.nr-data.net https://*.onetrust.com https://alstom.piwik.pro https://*.hotjar.io wss://*.hotjar.com https://*.opinionbar.com https://*.linkedin.com/ https://*.licdn.com/; script-src 'self' https://www.youtube.com http://*.streamlike.com https://alstom.canto.global https://*.career-inspiration.com https://channel.royalcast.com https://*.facebook.com https://ir.q4europe.com https://maps.google.com https://maps.googleapis.com https://play.google.com https://static.cloudflareinsights.com https://static.pathmotion.io https://twitter.com https://www.google.com https://www.google.fr https://www.googletagmanager.com https://www.instagram.com https://www.linkedin.com https://youtu.be https://*.alstom.com https://cdn.cookielaw.org https://ecb.qualquantsignals.com https://invitation.opinionbar.com 'unsafe-eval' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com/ https://alstom.containers.piwik.pro/ https://*.hotjar.com/ https://*.gstatic.com https://chosen.css https://chosen.jquery.js https://*.newrelic.com https://*.cloudflare.com https://*.qualquantsignals.com data:; object-src 'self' https://www.youtube.com 'unsafe-inline' http://*.streamlike.com https://alstom.canto.global https://*.career-inspiration.com https://channel.royalcast.com https://*.facebook.com https://ir.q4europe.com https://maps.google.com https://maps.googleapis.com https://play.google.com https://static.cloudflareinsights.com https://static.pathmotion.io https://twitter.com https://www.google.com https://www.google.fr https://www.googletagmanager.com https://www.instagram.com https://www.linkedin.com https://youtu.be https://*.alstom.com https://cdn.cookielaw.org https://ecb.qualquantsignals.com https://invitation.opinionbar.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://alstom.containers.piwik.pro/ https://*.hotjar.com/ https://*.gstatic.com https://chosen.css https://chosen.jquery.js; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline'  https://base.mirror.xyz https://static-assets.coinbase.com/js/cca/v0.0.1.js https://cca-lite.coinbase.com https://*.walletconnect.org wss://*.walletconnect.org wss://*.walletconnect.com https://*.walletconnect.com https://explorer-api.walletconnect.com;connect-src 'self' https://*.walletconnect.org wss://*.walletconnect.org wss://*.walletconnect.com https://*.walletconnect.com https://explorer-api.walletconnect.com https://api.sprig.com https://cdn.sprig.com https://boards.greenhouse.io https://cca-lite.coinbase.com https://static-assets.coinbase.com/js/cca/v0.0.1.js https://analytics-service-dev.cbhq.net mainnet.base.org https://cloudflare-eth.com https://i.seadn.io/ https://api.opensea.io  ;frame-ancestors 'self' https://base.mirror.xyz;form-action 'self' https://base.mirror.xyz;img-src 'self' data: https://*.walletconnect.com/ https://i.seadn.io/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://optimize.google.com https://connect.facebook.net https://edge.fullstory.com https://www.fullstory.com https://widget.trustpilot.com https://cdn.cookielaw.org https://*.onetrust.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.omtrdc.net https://vgwholdingslimited.sc.omtrdc.net https://everestjs.net https://www.everestjs.net https://www.redditstatic.com https://bat.bing.com https://r.bing.com analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://js.adsrvr.org static.ads-twitter.com https://us.connextra.com b-code.liadm.com secure.quantserve.com rules.quantcount.com c.amazon-adsystem.com d.agkn.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; connect-src 'self' https://usersite.globalpoker.com https://gamification.globalpoker.com https://pipelines.vgw.marketing https://*.globalpoker.com/jackpot/XSD https://*.googletagmanager.com https://stats.g.doubleclick.com https://*.analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://www.facebook.com https://rs.fullstory.com https://edge.fullstory.com https://widget.trustpilot.com https://cdn.cookielaw.org https://*.onetrust.com https://*.demdex.net https://assets.adobedtm.com https://dpm-demdex.net https://lasteventf-tm.everesttech.net https://vgwholdingslimited.sc.omtrdc.net https://bat.bing.com analytics.tiktok.com ads-twitter.com ads-api.twitter.com analytics.twitter.com https://zz.connextra.com rp.liadm.com c.amazon-adsystem.com https://edge.sitecorecloud.io/api/graphql/v1; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://tagmanager.google.com; img-src 'self' https: data: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com analytics.tiktok.com ads-twitter.com ads-api.twitter.com analytics.twitter.com s.amazon-adsystem.com c.amazon-adsystem.com rp.liadm.com baefb4c5449d.o3n.io pixel.quantserve.com d.agkn.com; frame-src 'self' https://optimize.google.com https://cm.g.doubleclick.net https://widget.trustpilot.com https://*.demdex.net https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org c.amazon-adsystem.com s.amazon-adsystem.com i.liadm.com https://www.youtube.com https://youtube.com youtube.com; frame-ancestors 'self'; 1
frame-ancestors http://webvisor.com 1
frame-ancestors *.atauni.edu.tr 1
upgrade-insecure-requests; frame-ancestors 'none' *.parchment.com; 1
frame-src https://www.youtube.com 'self' 1
default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com sp.analytics.yahoo.com *.googlesyndication.com *.attribution.adswizz.com *.contentsquare.net 1
object-src 'none';base-uri 'self';script-src 'nonce-tH1usaJl5oJWZPsS9zOPuQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/honest_dns/1_0;frame-ancestors 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.matomo.cloud/ https://iccwbo.matomo.cloud/ https://www.youtube.com/ https://stats.wp.com/ https://www.pagespeed-mod.com/v1/taas https://ssl.google-analytics.com/ https://translate.google.com/translate_a/ https://w.soundcloud.com/player/ https://conoret.com/ https://ajax.aspnetcdn.com/ajax/modernizr/ https://mktdplp102cdn.azureedge.net/public/latest/js/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/; img-src 'self' data: https://pixel.wp.com/ https://2go.iccwbo.org https://s.w.org/ https://iccwbo.matomo.cloud/matomo.php https://iccwbo.org/ https://translate.google.com/ https://fonts.gstatic.com/ https://translate.googleapis.com/ https://cdn.honey.io/images/extension/ secure.gravatar.com www.gravatar.com; connect-src 'self' https://iccwbo.matomo.cloud/ https://yandex.ru/clck/click https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://2a3b19df65f14580a53a80ad18c5a6e5.svc.dynamics.com/ https://www.gstatic.com/ https://metrics-dra.dt.dbankcloud.cn/ https://iccwbo.matomo.cloud/matomo.php https://fonts.googleapis.com/; font-src 'self' data: https://s0.wp.com/i/fonts/inter/ https://fonts.gstatic.com/; frame-src 'self' www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://2a3b19df65f14580a53a80ad18c5a6e5.svc.dynamics.com; worker-src 'self' ; 1
default-src 'none';img-src data: https:;script-src 'unsafe-inline' 'unsafe-eval' blob: https:;style-src 'unsafe-inline' https:;font-src data: https:;frame-ancestors 'self';connect-src https: wss://supchat.politiken.supwizapp.com; media-src blob: https:;frame-src https: data: blob:;child-src https:;worker-src blob: https:;base-uri https:;form-action https: 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-792c1fcc-cb56-4a89-9aff-7f917e4efc68' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ws: *.kupibilet.ru intercom-sheets.com google.nl yastatic.net content.hotjar.io *.tildacdn.com qr.nspk.ru *.nspk.ru nspk.ru https://qr.nspk.ru/proxyapp/ *.analytics.google.com analytics.google.com adservice.google.com td.doubleclick.net cdnjs.cloudflare.com mamka.aviasales.ru static.aviasales.com avsplow.com *.avsplow.com vsplow.com tp.media *.travelpayouts.com travelpayouts.com vc.hotjar.io *.kupi.com uploads.intercomcdn.com capture.trackjs.com api.mindbox.ru www.facebook.com connect.facebook.net appleid.cdn-apple.com mc.yandex.ru mc.yandex.com personalization-web-stable.mindbox.ru personalization-pixel-stable.mindbox.ru translate.google.com script.hotjar.com sdk.inappstory.com *.hotjar.com top-fwz1.mail.ru vk.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io stats.g.doubleclick.net googleads.g.doubleclick.net www.googleadservices.com accounts.google.com fonts.googleapis.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com nexus-websocket-a.intercom.io; base-uri 'self'; object-src 'none'; font-src 'self' *.tildacdn.com https://fonts.gstatic.com www.travelpayouts.com fonts.intercomcdn.com; img-src 'self' data: www.kupibilet.ru www.google.com.vn mc.yandex.com www.google.nl qr.nspk.ru *.kupibilet.ru www.google.ru www.google.com facebook.com www.facebook.com mamka.aviasales.ru *.travelpayouts.com downloads.intercomcdn.com static.intercomassets.com www.google-analytics.com top-fwz1.mail.ru www.googletagmanager.com personalization-pixel-stable.mindbox.ru personalization-web-stable.mindbox.ru vk.com login.vk.com mc.yandex.ru usage.trackjs.com *.tile.openstreetmap.org js.intercomcdn.com; manifest-src 'self'; media-src 'self' js.intercomcdn.com; 1
require-trusted-types-for 'script';report-uri /cspreport 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; media-src * blob: ; worker-src * blob: ; img-src * blob: data: 1
default-src 'self'; script-src 'self' 'unsafe-eval'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none' 1
default-src 'none'; base-uri 'self' matomo.sletat.ru; object-src 'none'; block-all-mixed-content; connect-src 'self' sentry.io *.sletat.ru *.sletat.travel *.google.com google.ru *.google-analytics.com *.g.doubleclick.net yandex.ru *.yandex.ru *.tildacdn.com app.comagic.ru *.maptiler.com *.sletat.net maker.ifttt.com *.amocrm.ru *.mcruises.ru api.dashmail.com netlog.ru top-fwz1.mail.ru www.google.ru; font-src 'self' data: *.sletat.ru *.gstatic.com *.mcruises.ru *.tildacdn.com *.tophotels.ru yastatic.net; form-action 'self' data: sletat.ru www.facebook.com; frame-ancestors 'self' https://webvisor.com http://webvisor.com; frame-src *.sletat.ru sletat.ostrovok.ru *.google.com *.youtube.com *.fls.doubleclick.net *.g.doubleclick.net *.yandex.ru landing1.vipcruise.ru search.vcruiz.ru *.googletagmanager.com www.facebook.com forms.tildacdn.com amosletat.ru *.amocrm.ru  rtb.com.ru blob: tag.rutarget.ru tp.media yandex.ru; child-src blob: https://mc.yandex.ru; img-src 'self' data: *.sletat.ru sletat.ru click.topturizm.ru sletat.ru *.gstatic.com *.googleapis.com *.google.com *.google.ru *.googletagmanager.com *.yandex.ru *.storage.yandexcloud.net storage.yandexcloud.net counter.yadro.ru *.g.doubleclick.net *.maps.yandex.net *.google-analytics.com *.gstatic.com www.facebook.com yandex.ru avatars.mds.yandex.net yandex.st www.bontour.ru partner.tophotels.ru *.amocrm.ru *.tildacdn.com *.mcruises.ru ads.adfox.ru vk.com google.co.th top-fwz1.mail.ru banners.adfox.ru blob:; manifest-src 'self'; media-src *.sletat.ru sletat.ru dl.dropboxusercontent.com; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.sletat.ru *.calltouch.ru *.google.com *.google.ru *.googletagservices.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com connect.facebook.net *.yandex.ru yandex.ru *.maps.yandex.net *.fls.doubleclick.net *.g.doubleclick.net code.jquery.com cdn.ravenjs.com *.tildacdn.com tilda.ws app.comagic.ru yastatic.net *.recaptcha.net partner.tophotels.ru *.rutarget.ru vk.com amosletat.ru *.amocrm.ru *.mcruises.ru *.youtube.com *.onef.pro cdnjs.cloudflare.com top-fwz1.mail.ru data:; style-src 'self' data: 'unsafe-inline' *.sletat.ru *.google.com *.googleapis.com www.gstatic.com *.g.doubleclick.net *.yandex.ru *.maps.yandex.net counter.yadro.ru *.tildacdn.com tilda.ws partner.tophotels.ru *.amocrm.ru *.mcruises.ru; worker-src blob: ; 1
manifest-src 'self' *.nationwidechildrens.org www.nationwidechildrens.org *.onoursleeves.org www.onoursleeves.org; frame-ancestors 'self' www.nationwidechildrens.org *.nationwidechildrens.org *.columbuschildrens.net www.columbuschildrens.net *.onoursleeves.org www.onoursleeves.org; report-uri https://cahg.nationwidechildrens.org/CAHubGateway/api/Hub/ContentSecurityPolicyReport 1
default-src 'self'; frame-src https://www.youtube.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://beyondblue-npsp.my.salesforce-sites.com/ https://player.vimeo.com/ https://cdn.raisely.com https://remedy-bb.file.force.com/ https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://omny.fm https://eoy-appeal-2024-2.raisely.com/ https://donate.beyondblue.org.au/ https://8962396.fls.doubleclick.net/ https://td.doubleclick.net/ https://*.qualtrics.com/ https://beyondblue.elmotalent.com.au/ https://www.youtube.com/iframe_api; font-src 'self' https://fonts.gstatic.com/ data:; img-src data: https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://beyondblue.tfaforms.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://discover-apse2.sitecorecloud.io/ https://va.vercel-scripts.com/ https://cdn.raisely.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://static.lightning.force.com/ https://*.salesforceliveagent.com/ https://service.force.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.14.0/ https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://beyondblue.tfaforms.net/ https://remedy-bb.my.salesforce.com https://remedy-bb.my.salesforce-sites.com/ https://*.salesforceliveagent.com/; connect-src 'self' https://discover-apse2.sitecorecloud.io/ https://edge-platform.sitecorecloud.io/ https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://remedy-bb.my.salesforce-sites.com/ https://remedy-bb.my.salesforce-sites.com/ https://beyondblue.elmotalent.com.au/ https://www.facebook.com/ https://px.ads.linkedin.com/; frame-ancestors 'self' https://beyondblue-npsp.my.salesforce-sites.com/; 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=ln_shp&d=2024-05-14 1
frame-ancestors https://app.storyblok.com/; 1
default-src 'self' https://www.uva.es https://comunicacion.uva.es https://buendia.uva.es http://buendia.uva.es https://eventos.uva.es https://formulariows.uva.es  https://alojamientos.uva.es  https://albergueweb1.uva.es https://albergueweb.uva.es https://pod-des.uva.es https://pod.uva.es https://apps.stic.uva.es https://youtube.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://region1.google-analytics.com https://calendar.google.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.polyfill.io http://www.youtube.com https://www.youtube.com https://*.clarity.ms https://www.canva.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://www.clarity.ms  https://ajax.googleapis.com https://code.jquery.com https://ssl.google-analytics.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.polyfill.io  https://www.gstatic.com; img-src 'self' http://www.uva.es  https://comunicacion.uva.es https://buendia.uva.es http://buendia.uva.es https://stats.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://use.fontawesome.com https://*.clarity.ms ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com http://fonts.googleapis.com;font-src 'self' https://use.fontawesome.com; 1
frame-ancestors 'self'; report-uri https://www.leidos.com/vdp 1
default-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://squareup.com; style-src 'self' 'unsafe-inline' https://cash-f.squarecdn.com https://cash-c.squarecdn.com 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://fonts.gstatic.com; img-src 'self' data: blob: https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com https://cash-images-f.squarecdn.com https://cash.app https://images.ctfassets.net/ https://images.squareup.com https://jumbotron-production-f.squarecdn.com https://api.squareup.com https://notify.bugsnag.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://api.cash.app https://rs.fullstory.com; media-src 'self' https://videos.ctfassets.net https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://cash-s.squarecdn.com; frame-src 'self' *.google.com https://www.google.ca https://assets.ctfassets.net https://player.vimeo.com squarecash: https://square.com *.google.com; object-src https://assets.ctfassets.net; script-src 'sha256-3eisYGKkxu0/urU08CnCDidgfR7imrlhWqmme0lL8ZE=' 'self' 'unsafe-inline' https://player.vimeo.com https://cash-f.squarecdn.com https://cash-c.squarecdn.com squarecash: https://squareup.com https://*.googleapis.com https://edge.fullstory.com https://rs.fullstory.com; connect-src 'self' https://api.smartrecruiters.com https://browser-intake-datadoghq.com/api/v2/rum https://cash-f.squarecdn.com https://cash-c.squarecdn.com https://crz5fygf73g7.statuspage.io https://c2nqm6xyr4t4.statuspage.io https://squareup.com https://*.bugsnag.com 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://signal.cash.app https://edge.fullstory.com https://rs.fullstory.com; base-uri 'none'; report-uri /event/csp-report 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'none'; connect-src 'self' https://cloudadmin.caseware.com https://cloudadmintest.caseware.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; img-src 'self' data: https://www.google.ca https://www.google.com https://www.google-analytics.com; manifest-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' https://*.newspicks.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; base-uri 'self'; form-action 'self' https://www.mnhn.fr http://www.museedelhomme.fr https://www.museedelhomme.fr http://www.harmasjeanhenrifabre.fr https://www.harmasjeanhenrifabre.fr http://www.jardindesplantesdeparis.fr https://www.jardindesplantesdeparis.fr; frame-ancestors 'self'; report-uri https://www.mnhn.fr/fr/report-uri/enforce 1
connect-src https://api.posteo.de https://payment.posteo.de https://cdn.posteo.de wss://posteo.de 'self'; child-src 'self'; font-src 'self' data:; form-action https://www.paypal.com https://hooks.stripe.com 'self' data:; frame-ancestors 'self'; frame-src 'self' blob:; img-src data: *; manifest-src 'self'; media-src 'self' https://cdn.posteo.de; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; default-src 'none'; reflected-xss block; referrer no-referrer; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'none'; 1
frame-ancestors 'self' https://*.t-mobile.pl; frame-src 'self' https://*.t-mobile.pl https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com https://www.youtube-nocookie.com https://*.creativecdn.com https://*.criteo.com https://*.criteo.net https://*.doubleclick.net https://*.facebook.com https://*.googlesyndication.com https://*.medallia.eu https://*.revhunter.tech; 1
frame-ancestors 'self' https://wiki.abbyy.com https://abbyy.seismic.com 1
connect-src 'self' https://usage-stats.bundesbank.de https://api.statistiken.bundesbank.de https://bundesbank-http.mescdn.com https://*.etracker.de https://*.slidesync.com https://api.friendlycaptcha.com https://eu-api.friendlycaptcha.eu; style-src 'self' blob: 'unsafe-inline' https://usage-stats.bundesbank.de/ https://assets.slidesync.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://usage-stats.bundesbank.de https://assets.slidesync.com https://d3js.org https://*.etracker.com https://api.signalize.com https://*.etracker.de blob: https://cdn.jsdelivr.net; frame-src 'self' https://plugins.flockler.com/ https://slidesync.com https://www.youtube-nocookie.com https://www.podcaster.de https://usage-stats.bundesbank.de/ https://allplayces.de/; media-src 'self' https://*.slidesync.com https://bundesbank-http.mescdn.com blob: data:; frame-ancestors 'self' https://usage-stats.bundesbank.de/; img-src 'self' https://www.bundesbank.de https://www.news.bundesbank.de https://www.hochschule-bundesbank.de https://www.stiftung-geld-und-waehrung.de https://www.supervisory-disclosure.de https://www.ese-initiative.org https://www.euro20plus.de data:; default-src 'self' blob:; font-src 'self' data: 1
object-src 'none'; default-src * 'unsafe-inline' blob: data:; img-src * 'self' data: https:; media-src * 'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; font-src * data:; frame-ancestors 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://s0.wp.com https://s1.wp.com https://s2.wp.com; script-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://bam.nr-data.net https://privacyportal.onetrust.com https://geolocation.onetrust.com https://stats.wp.com https://js-agent.newrelic.com https://www.google-analytics.com https://s0.wp.com https://s1.wp.com https://s2.wp.com https://www.googletagmanager.com; frame-src 'self' https://widgets.wp.com/ https://player.vimeo.com/; frame-ancestors none; connect-src 'self' https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://www.google-analytics.com; img-src 'self' data: https://secure.gravatar.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://pixel.wp.com https://i.vimeocdn.com/; font-src 'self' data: https://s0.wp.com https://s1.wp.com https://s2.wp.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' 1
frame-ancestors https://docs.google.com https://*.googleusercontent.com; 1
default-src data: https: 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes'; report-uri /_csp; report-to default 1
base-uri 'self' https://md-scp.kampyle.com; form-action 'self' https://asco1.qualtrics.com; default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https: blob:; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; media-src 'self' https: blob:; 1
frame-ancestors 'self' *.nyp.org *.prod.acquia-sites.com 1
default-src 'self' *.sitefinity.com *.clarity.ms *.technolutions.net *.visualwebsiteoptimizer.com *.google.com *.radartoolkit.com *.exactlylabs.com *.youtube.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com *.google.com *.datatables.net *.googleadservices.com *.youtube.com https://dec.azureedge.net/ munchkin.marketo.net *.typekit.net *.googletagmanager.com *.cmich.edu *.cmuhealth.org *.azure-api.net sc-static.net *.monsido.com monsido.com diffuser-cdn.app-us1.com *.technolutions.net *.crazyegg.com *.app-us1.com trackcmp.net *.sitefinity.com *.snapchat.com *.doubleclick.net *.clarity.ms *.facebook.net *.bing.com ionfiles.scribblecdn.net *.msecnd.net *.youvisit.com *.simpli.fi *.tiktok.com *.visualwebsiteoptimizer.com *.syndetics.com *.librarything.com tgbwidget.com adp.eab.com my.go-cmich.org *.liveperson.net *.lpsnmedia.net app.vwo.com *.radartoolkit.com *.exactlylabs.com bot.ivy.ai *.instagram.com onstipe.com cdn.jsdelivr.net momentjs.com https://lf16-tiktok-web.tiktokcdn-us.com unpkg.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com *.typekit.net *.cmich.edu *.cmuhealth.org *.datatables.net *.crazyegg.com *.technolutions.net *.googletagmanager.com *.librarything.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.radartoolkit.com *.exactlylabs.com my.go-cmich.org cdn.jsdelivr.net *.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.cmich.edu googletagmanager.com *.googletagmanager.com monsido.com *.monsido.com *.clarity.ms cmich.edu *.cmuhealth.org *.typekit.net *.snapchat.com *.bing.com *.google.com *.crazyegg.com data.adxcel-ec2.com *.youvisit.com *.simpli.fi *.googleadservices.com *.doubleclick.net *.3lift.com *.tremorhub.com *.tapad.com *.agkn.com *.pro-market.net *.stickyadstv.com *.pubmatic.com *.intentiq.com *.bfmio.com *.analytics.yahoo.com *.exelator.com *.bluekai.com *.rlcdn.com *.lijit.com *.crwdcntrl.net *.openx.net *.rubiconproject.com *.adnxs.com *.spotxchange.com *.librarything.com *.visualwebsiteoptimizer.com my.go-cmich.org *.lpsnmedia.net app.vwo.com chart.googleapis.com wingify-assets.s3.amazonaws.com ajeuwbhvhr.cloudimg.io ai1.ivy-cdn.com *.instagram.com www.buzzsprout.com img.youtube.com i.ytimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com *.cmich.edu *.cmuhealth.org *.typekit.net bot.ivy.ai widget.tagembed.com; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com *.cmich.edu *.cmuhealth.org *.twitter.com *.vimeo.com *.sitefinity.com *.facebook.com *.snapchat.com *.crazyegg.com *.doubleclick.net *.google.com *.panopto.com *.youvisit.com *.librarything.com tgbwidget.com cdn.yoshki.com e.issuu.com *.liveperson.net *.lpsnmedia.net yoshki.com app.vwo.com *.radartoolkit.com *.exactlylabs.com scribehow.com bot.ivy.ai *.instagram.com onstipe.com widget.tagembed.com *.tiktok.com https://lf16-tiktok-web.tiktokcdn-us.com *.youtube-nocookie.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.google-analytics.com *.mktoresp.com *.googleapis.com *.withgoogle.com *.cmich.edu cmich.azure-api.net *.visualstudio.com *.googleanalyitcs.com googleanalytics.com *.google.com *.snapchat.com *.sitefinity.com *.doubleclick.net *.crazyegg.com *.clarity.ms *.facebook.net *.facebook.com *.technolutions.net analytics.tiktok.com my.go-cmich.org *.visualwebsiteoptimizer.com app.vwo.com *.radartoolkit.com *.exactlylabs.com *.eab.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.cmich.edu *.cmuhealth.org *.lpsnmedia.net; child-src *.sitefinity.com *.cmich.edu cmich.azure-api.net blob: *.visualwebsiteoptimizer.com *.radartoolkit.com *.exactlylabs.com 'self' web-chat.nativechat.com; form-action 'self' *.cmich.edu cmich.azure-api.net *.sitefinity.com *.facebook.com *.exlibrisgroup.com *.snapchat.com *.radartoolkit.com *.exactlylabs.com; frame-ancestors 'self' *.youtube.com *.cmich.edu *.cmuhealth.org *.sitefinity.com *.twitter.com *.radartoolkit.com *.exactlylabs.com; object-src cmich.azure-api.net *.sitefinity.com *.crazyegg.com *.facebook.net *.cmich.edu *.technolutions.net *.visualwebsiteoptimizer.com *.radartoolkit.com *.exactlylabs.com 'self' 1
frame-ancestors 'self' https://*.uchealth.org 1
default-src 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:; frame-ancestors 'self' https:; font-src 'unsafe-inline' https: data:; img-src 'unsafe-inline' https: data: 1
frame-ancestors https://*.worldvision.org; 1
base-uri 'self' beebom.com; object-src 'none'; 1
default-src 'self' about: *.bmas.de  www.etracker.de api.flockler.com api.flockler.app analytics-api.flockler.com; base-uri 'self'; connect-src 'self' 'unsafe-inline' *.etracker.de *.etracker.com analytics-api.flockler.com api.flockler.app api.flockler.com streaming.bmas.de; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com tagmanager.google.com *.delivery.consentmanager.net *.openlayers.org openlayers.org *.openstreetmap.org *.twitter.com *.twimg.com *.podigee.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de tagmanager.google.com *.delivery.consentmanager.net *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.pixelpark.com *.openstreetmap.org *.twitter.com *.twimg.com *.google-analytics.com *.podigee.com cdn.consentmanager.mgr.consensu.org *.consentmanager.net consentmanager.mgr.consensu.org https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/tables.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/landmarks.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/images.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lists.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/lang.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/focus.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/aria.js https://cdn.jsdelivr.net/gh/pauljadam/bookmarklets@master/headings.js code.highcharts.com about: ; object-src 'self'; font-src 'self' data: *.podigee.com fonts.googleapis.com; media-src 'self' blob: *.youtube.com *.bmas.de; child-src *.google.com *.gstatic.com *.youtube.com *.pixelpark.com *.twitter.com *.twimg.com *.podigee.com *.bmbf.de cdn.jwplayer.com player.vimeo.com *.video-stream-hosting.de cdn.consentmanager.mgr.consensu.org; img-src 'self' blob: data:  fonts.googleapis.com ssl.gstatic.com *.google.com *.bmas.de *.gstatic.com *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.twitter.com *.twimg.com  *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net media-api.flockler.com *.fbcdn.net scontent.cdninstagram.com *.cdninstagram.com about: ; upgrade-insecure-requests; form-action 'self' validator.w3.org export.highcharts.com; frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.consentmanager.net *.delivery.consentmanager.net player.syecontentdelivery.de *.unitylivestream.com; frame-ancestors 'self' *.facebook.com 1
frame-ancestors 'self' *.singtel.com *.singtelgroup.net *.singtelshop.com singtel.sharepoint.com; 1
default-src wss://comet.rabota.ru *.sbermarketing.ru sbermarketing.ru front-log.rabota.ru *.rabota.space rabota.ru *.rabota.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.mail.ru vk.com *.twitter.com *.odnoklassniki.ru *.rambler.ru *.adfox.ru *.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.facebook.com *.facebook.net *.instagramm.ru *.ucweb.com *.newrelic.com *.nr-data.net *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com 2gis.github.io polyfill.io *.calltouch.ru ws://*.jivosite.com *.jivosite.com *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru *.coub.com *.imgsmail.ru *.dadata.ru *.mediator.media stat.media *.stat.media static.smi2.net smi2.ru *.smi2.ru e-cc01-i.sber247.ru *.experrto.io sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js ad.adriver.ru rezumet.ru yandex.ru id.sber.ru yastatic.net;script-src 'unsafe-inline' 'unsafe-eval' sp.otm-r.com *.sbermarketing.ru sbermarketing.ru *.rabota.space rabota.ru *.rabota.ru yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandexadexchange.net *.googleusercontent.com *.googletagmanager.com *.googleapis.com creativecdn.com *.creativecdn.com www.google-analytics.com stats.g.doubleclick.net *.rambler.ru yastatic.net vk.com *.twitter.com *.odnoklassniki.ru *.mail.ru *.facebook.net *.instagramm.ru unpkg.com *.livetex.ru *.livetex.me *.google.com *.newrelic.com *.nr-data.net ws://*.jivosite.com *.jivosite.com *.gstatic.com *.ucweb.com *.2gis.ru *.2gis.com polyfill.io *.calltouch.ru *.adfox.ru 2gis.github.io *.vimeocdn.com *.youtube.com *.imgsmail.ru collector.mediator.media *.dadata.ru *.mediator.media *.helpdeskeddy.com *.surveymonkey.com anketolog.ru *.jsdelivr.net *.ytimg.com static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com cdn.ampproject.org *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js st.top100.ru yastatic.net mc.yandex.ru www.artfut.com tags.soloway.ru/DSPCounter.min.js content.adriver.ru/AdRiverFPS.js ad.adriver.ru *.onef.pro telegram.org/js/telegram-web-app.js *.hybrid.ai rezumet.ru;style-src 'unsafe-inline' 'unsafe-eval' blob: *.rabota.space rabota.ru *.rabota.ru *.googleapis.com *.gstatic.com *.2gis.ru *.2gis.com *.vimeocdn.com *.yandex.md yandex.ru *.yandex.ru *.yandex.net *.yandexadexchange.net 2gis.github.io *.dadata.ru anketolog.ru static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.jsdelivr.net e-cc01-i.sber247.ru sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners rezumet.ru;img-src * data: blob: mc.yandex.ru;font-src 'self' data: blob: *.rabota.space rabota.ru *.rabota.ru *.jsdelivr.net *.livetex.ru *.livetex.me *.gstatic.com sa.online.sberbank.ru *.online.sberbank.ru *.sberbank.ru sa.online.sberbank.ru:8098/metrics/partners recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js rezumet.ru yastatic.net chrome-extension:;worker-src *.rabota.space rabota.ru *.rabota.ru rezumet.ru;frame-src blob: madte.st madtest.ru *.rabota.space rabota.ru *.rabota.ru oprosso.net creativecdn.com *.creativecdn.com *.facebook.com *.facebook.net *.instagramm.ru yastatic.net *.google.com *.livetex.ru *.livetex.me *.2gis.ru *.2gis.com yandex.ru *.yandex.md *.yandex.ru *.yandex.net *.yandex.tld *.yandexadexchange.net vk.com *.twitter.com *.odnoklassniki.ru *.youtube.com *.ucweb.com *.imgsmail.ru *.googleusercontent.com *.googletagmanager.com *.helpdeskeddy.com *.surveymonkey.com anketolog.ru *.hurma.ai hurma.ai *.vimeocdn.com  *.youtube.com *.youtu.be *.vimeo.com *.rutube.ru rutube.ru *.coub.com coub.com *.ytimg.com *.fls.doubleclick.net static.smi2.net smi2.ru stat.media *.stat.media *.smi2.ru *.criteo.net *.criteo.com w.soundcloud.com *.rambler.ru music.yandex.ru podcasts.apple.com podcasts.google.com *.buzzsprout.com e-cc01-i.sber247.ru *.experrto.io app.ex.co infogram.com embed.podcasts.apple.com interacty.me p.interacty.me recaptcha.net *.recaptcha.net *.recaptcha.net/recaptcha/api.js sber-zvuk.com webvisor.com *.webvisor.com mc.yandex.ru content.adriver.ru rezumet.ru;object-src 'self' blob:;media-src blob: *.rabota.ru rabota.ru *.rabota.space rabota.ru *.rabota.ru *.jivosite.com *.vimeocdn.com *.helpdeskeddy.com *.surveymonkey.com rezumet.ru;report-uri https://www.rabota.ru/snitch.txt;base-uri 'none';frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com https://*.webvisor.com https://*.telegram.org; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-NzEyNDg1MjMtOGQwOS00Y2I0LTlhM2ItNGQ2NDVlZGI0MmIy'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; connect-src 'self'; img-src 'self'; style-src 'unsafe-inline' 'self'; font-src 'self'; frame-src 'self'; object-src 'self'; 1
worker-src blob:; frame-ancestors hackerone.com; script-src 'self' blob: assets.adobedtm.com maps.googleapis.com www.allegion.com code.jquery.com siteintercept.qualtrics.com cdn.cookielaw.org code.metalocator.com www.gstatic.com s.ytimg.com www.google.com www.googletagmanager.com www.google-analytics.com privacyportal-cdn.onetrust.com www.calendarwiz.com sdk.inbenta.io cdn.inbenta.io api.inbenta.io snap.licdn.com static.hotjar.com script.hotjar.com hackerone.com developerportal.blob.core.windows.net by2.uservoice.com metrics.allegion.com zn2tmulvuqmsuqa7s-allegion.siteintercept.qualtrics.com cdn.knightlab.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'none'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com mavenoid.com *.mavenoid.com *.clarity.ms; frame-src http://cookies.onetrust.mgr.consensu.org https://checkout.dibspayment.eu/ https://myuplink.com; font-src data: 'self' https://fonts.gstatic.com mavenoid.com *.mavenoid.com; style-src 'self' 'unsafe-inline' blob: https://optanon.blob.core.windows.net https://fonts.googleapis.com mavenoid.com *.mavenoid.com; connect-src 'self' https://jpib2cprod.b2clogin.com https://internalapi.myuplink.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com mavenoid.com *.mavenoid.com mavenoidfiles.com *.mavenoidfiles.com *.sentry.io https://dc.services.visualstudio.com *.clarity.ms; img-src 'self' https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://optanon.blob.core.windows.net/logos/5456/5456:myuplink.com/myUplink_logo%20(1).png mavenoid.com *.mavenoid.com mavenoidfiles.com *.mavenoidfiles.com *.clarity.ms data:; media-src mavenoidfiles.com *.mavenoidfiles.com mediastream:; object-src 'none'; 1
frame-ancestors 'self' https://*.forvo.com 1
frame-ancestors https://www.enel.com 1
script-src 'unsafe-inline' *.digid.nl piwik.dtnr.nl statistiek.mijn.overheid.nl *.obi4wan.com 'unsafe-eval'; img-src 'unsafe-inline' data: *.digid.nl *.rovid.nl statistiek.mijn.overheid.nl piwik.dtnr.nl *.obi4wan.com; style-src 'unsafe-inline' *.digid.nl; default-src 'self' *.digid.nl *.rovid.nl; connect-src 'self' *.obi4wan.ai *.obi4wan.com wss://ws-eu.pusher.com; 1
default-src 'self' https://*.giosg.com https://*.giosgusercontent.com https://*.interactionbuilder.giosg.com; img-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.google.fi https://*.google.ie https://*.google.nl https://*.bing.com https://*.omtrdc.net  https://*.tt.omtrdc.net https://*.onetrust.com https://*.onetrust.eu https://*.demdex.net https://*.everesttech.net https://*.adobedtm.com https://*.facebook.com https://*.linkedin.com https://*.adform.net https://*.g.doubleclick.net https://app.readpeak.com https://*.giosgusercontent.com data:; media-src https://*; script-src 'unsafe-inline' 'unsafe-eval' https://*; style-src 'unsafe-inline' 'self' https://*; connect-src https://* wss://*.service.lahitapiola.fi; frame-src https://*; worker-src blob:; child-src blob:; font-src 'self' https://*.googleapis.com/ https://*.gstatic.com https://*.giosgusercontent.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: 1
frame-ancestors 'self' https://www.domo.com https://ai.domo.com https://domo.seismic.com https://domo.lookbookhq.com https://domo.pathfactory.com; 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: http://192.168.1.245 https://192.168.1.245 http://www.w3.org https://*.facebook.com https://*.youtube.com https://*.google.com https://*.trendnetrussia.ru https://*.firstdistribution.com https://*.trust-provider.com https://*.google-analytics.com https://*.doubleclick.net https://sectigo.com https://*.googletagmanager.com https://*.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.facebook.net https://*.google-analytics.com https://www.facebook.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.doubleclick.net https://maxcdn.bootstrapcdn.com http://www.w3.org https://192.168.1.245 https://www.keebox.com https://*.cn.co.za https://*.firstdistribution.com https://*.sectigo.com https://*.trust-provider.com https://*.googleadservices.com; frame-ancestors 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' https://192.168.1.245 https://www.keebox.com https://*.cn.co.za https://*.firstdistribution.com; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data:; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://; font-src 'self' https:// http://; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.sharethis.com www.gstatic.com analytics.effo.gov.hk www.google.com *.addthis.com yt3.ggpht.com www.youtube.com *.firebaseio.com *.addthisedge.com ; frame-src 'self' https:// http:// www.youtube.com *.sharethis.com www.google.com ; img-src 'self' 'unsafe-inline' 'unsafe-eval' https:// http://* data:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* www.google-analytics.com www.google.com yt3.ggpht.com *.sharethis.com www.youtube.com *.firebaseio.com ; font-src 'self' 'https://* http://* unsafe-inline' 'unsafe-eval' data:* 1
block-all-mixed-content;         default-src https://loc.gov/ https://*.loc.gov/ ;         media-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             blob:;         worker-src https://loc.gov/ https://*.loc.gov/              blob:;         font-src https://loc.gov/ https://*.loc.gov/              https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             data:;         img-src https://loc.gov/ https://*.loc.gov/              https://congress.gov/ https://*.congress.gov/             https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://*.ssa.gov/             https://dpm.demdex.net/             https://cm.everesttech.net/             https://*.amazonaws.com             data:             blob:;         connect-src https://loc.gov/ https://*.loc.gov/              https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://chat-us.libanswers.com/             https://thelibraryofcongress.tt.omtrdc.net/             https://dpm.demdex.net/ 	        https://d3c605m4lmznjl.cloudfront.net/             https://*.s3.us-east-1.amazonaws.com/;         style-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             https://assets.adobedtm.com/             https://*.ssa.gov/             'unsafe-inline'             blob:;         script-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.arcgis.com/ https://*.arcgisonline.com/  https://webapps-cdn.esri.com/             https://ssl.p.jwpcdn.com/             https://assets.adobedtm.com/             https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://ajax.googleapis.com/ajax/libs/jquery/             https://*.ssa.gov/             https://s.ytimg.com/             'unsafe-inline'             'unsafe-eval';         frame-src https://loc.gov/ https://*.loc.gov/              https://*.readspeaker.com/             https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://www.nlstalkingbooks.org/             https://unitedstateslibraryofcongress.demdex.net             https://www.youtube-nocookie.com/;         frame-ancestors https://loc.gov/ https://*.loc.gov/              https://*.blackbaudcdn.net/ https://*.blackbaud.com/             https://loc.libwizard.com/;         report-uri https://errorlogging.loc.gov/api/51/security/?sentry_key=2176ae0b9acd4cd59297edc0e064cc95&sentry_environment=production ; 1
frame-ancestors 'self' https://sr.se https://*.sr.se https://sverigesradio.se https://*.sverigesradio.se; child-src blob:; worker-src blob:; frame-src 'self' https://embed.sr.se; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://live-cdn.sr.se https://live.sr.se https://http-live.sr.se https://strcl-cdn.sr.se https://sverigesradio.se https://statistics-event-api-fe.sr.se https://api.sr.se; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://analytics.codigo.se https://trafficgateway.research-int.se 'sha256-A+Ps9HJUsstYp8LE/WzNSyCx5Y4M4j73rJ+hlKhns08=' 'sha256-XHBmv4XNr41BnvM4w54E1lNYoDlIAXq6B1DMag2Fnoo=' 'sha256-rRuUsQ7oUtWSBJV4/PzIgeYtDWpPktQ18HwD1b1ChYw='; object-src 'none'; base-uri 'self'; 1
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/ https://assets.adoberesources.net https://documentcloud.adobe.com blob:; style-src 'self' 'unsafe-inline' *.typekit.net https:; img-src https: data: blob: 'self' https://assets.adoberesources.net https://lh3.googleusercontent.com; media-src https: 'self'; object-src 'self'; font-src https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net 'self' https:; frame-ancestors https://*.hubspot.com https://info.atlascopco.us https://info.atlascopcoupdates.com http://*.scene7.com https://atlascopco-preview.adobecqms.net 'self'; frame-src https: https://documentcloud.adobe.com; connect-src https: .adobe.io wss://.adobe.io wss://ws.hotjar.com 'self'; worker-src blob:; child-src blob: 1
default-src 'self' yoast.com my.wpengine.com *.osano.com *.piwik.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.jsdelivr.net unpkg.com my.wpengine.com www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com *.osano.com *.piwik.pro; style-src 'self'  'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com use.fontawesome.com *.osano.com *.piwik.pro; img-src 'self' data: 1.gravatar.com secure.gravatar.com dify.wpengine.com www.google-analytics.com *.osano.com *.piwik.pro; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.fontawesome.com; frame-src 'self' www.youtube.com www.google.com *.osano.com *.piwik.pro; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
report-to csp-endpoint; upgrade-insecure-requests ; report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&revision=8c652248-f4f1-4e8e-9e21-132e7bac6157; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.byteintlapi.com wss://*.byteoversea.com wss://*.tiktokglobalshop.com *.adsintegrity.net *.akamaized.net *.bitssec.com *.byted-static.com *.bytedapm.com *.byteicdn.com *.byteimg.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.capcutvod.com *.cloudflare.com *.doubleclick.net *.facebook.net *.g-p-static.com *.g-t-static.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.oecsccdn.com *.oecstatic.com *.pipopay.com *.pipopayment.com *.pipopayment.us *.sgsnssdk.com *.tiktok.com *.tiktok.shop *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokglobalshop-governance.com *.tiktokglobalshop.com *.tiktokglobalshopv.com *.tiktokshop.com *.tiktokv.com *.tiktokv.us *.tiktokw.eu *.ttwstatic.com *.unpkg.com *.vodupload.com *.yhgfb-static.com unpkg.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.healthday.com https://spanish.healthday.com;block-all-mixed-content; 1
base-uri 'self';connect-src 'self' *.stripo.email *.firstpromoter.com esputnik.com *.esputnik.com *.google.com *.google.com.ua *.google-analytics.com *.googletagmanager.com *.googleapis.com https://www.clarity.ms *.plerdy.com events.getsitectrl.com https://rum-collector-2.pingdom.net *.pinterest.com https://stats.g.doubleclick.net *.getsitecontrol.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://hackerone.com https://cdn.datatables.net https://cdn.ampproject.org https://maxcdn.bootstrapcdn.com https://www.facebook.com http://www.trustlogo.com https://secure.trust-provider.com https://www.instantssl.com https://raw.githubusercontent.com https://stripo-dev.devel.ardas.dp.ua https://s3.eu-west-1.amazonaws.com https://stripoeditor.stripocdnplugin.email https://vimeo.com https://api.vk.com https://i.ytimg.com https://www.youtube.com https://s.ytimg.com https://stripoeditor.stripocdn.email wss://d.plerdy.com *.websitevoice.com https://bat.bing.com https://analytics.tiktok.com https://firstpromoter.com/api/v1/promoters/create *.typeform.com *.growthbook.io https://o.clarity.ms *.clarity.ms wss://stripo-cdn.stripo.email https://*.linkedin.com/ *.google.ie;default-src 'self' *.stripo.email *.esputnik.com blob: https://cdn.ampproject.org https://viewstripo.email youtu.be https://www.youtube.com https://www.facebook.com https://hackerone.com *.plerdy.com events.getsitectrl.com https://www.clarity.ms https://stripo.email https://staging.stripo.email https://stripoeditor.stripocdn.email;form-action 'self' *.stripo.email *.facebook.com;img-src 'self' *.stripo.email https://stripo-cdn.stripo.email blob: https://stripo.email *.google-analytics.com https://optimize.google.com https://* data:;object-src 'none';script-src 'self' blob: *.stripo.email 'unsafe-inline' 'unsafe-eval' https://hackerone.com *.pinterest.com https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.clarity.ms *.google-analytics.com *.plerdy.com events.getsitectrl.com *.firstpromoter.com https://esputnik.com *.tiktok.com *.esputnik.com https://cdn.amplitude.com https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com *.ttwstatic.com/obj/tiktok-web-us/tiktok/falcon/embed https://cdn.datatables.net https://rum-static.pingdom.net https://connect.facebook.net https://cdn.ampproject.org https://s.pinimg.com *.getsitecontrol.com http://www.trustlogo.com https://secure.trust-provider.com https://www.instantssl.com https://raw.githubusercontent.com https://stripo-dev.devel.ardas.dp.ua https://s3.eu-west-1.amazonaws.com https://stripoeditor.stripocdnplugin.email https://api.vk.com https://www.googleoptimize.com https://optimize.google.com https://snap.licdn.com https://accounts.google.com *.bing.com *.websitevoice.com *.facebook.com/tr https://static.ads-twitter.com/uwt.js *.typeform.com https://analytics.tiktok.com *.adroll.com *.ttwstatic.com/obj/tiktok-web/tiktok/ *.ttwstatic.com/obj/tiktok-web-us/tiktok/ https://stripo-cdn.stripo.email;style-src 'self' *.stripo.email 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://stripoeditor.stripocdn.email https://* https://stripo-cdn.stripo.email data:;report-uri 'self';upgrade-insecure-requests;font-src https://fonts.gstatic.com https://* https://stripo-cdn.stripo.email data:;frame-src *.stripo.email *.tiktok.com https://optimize.google.com https://secure.esputnik.com esputnik.com https://hackerone.com https://www.youtube.com https://facebook.com https://www.facebook.com *.plerdy.com https://www.pinterest.com https://accounts.google.com *.pinterest.com *.typeform.com *.adroll.com;frame-ancestors *.stripo.email https://optimize.google.com https://secure.esputnik.com esputnik.com https://hackerone.com https://www.youtube.com https://facebook.com https://www.facebook.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.reporterre.net https://cdn.ampproject.org/ https://reporterre-stats.cloud-ed.fr https://static.cloudflareinsights.com ajax.cloudflare.com https://platform.twitter.com https://syndication.twitter.com https://*.spotify.com https://*.soundcloud.com https://telegram.org https://js.stripe.com https://hooks.stripe.com https://www.youtube.com https://www.tiktok.com https://lf16-tiktok-web.ttwstatic.com https://www.instagram.com https://embed.typeform.com https://player.ausha.co https://public.flourish.studio https://*.gogocarto.fr https://e.infogram.com https://datawrapper.dwcdn.net *.convertexperiments.com *.mrf.io *.marfeel.com; frame-src 'self' optimize.google.com youtube.com www.youtube.com https://platform.twitter.com https://player.vimeo.com https://*.spotify.com https://*.soundcloud.com https://t.me https://www.tiktok.com https://www.dailymotion.com https://www.instagram.com https://www.facebook.com https://js.stripe.com/ https://hooks.stripe.com https://lutteslocales.gogocarto.fr https://form.typeform.com https://player.ausha.co https://umap.openstreetmap.fr https://flo.uri.sh https://*.gogocarto.fr https://e.infogram.com https://datawrapper.dwcdn.net *.mrf.io *.marfeel.com https://tube.extinctionrebellion.fr https://mastodon.social https://video.off-investigation.fr; worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob: m.reporterre.net 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.amplitude.com https://bat.bing.com https://*.clarity.ms https://c.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com www.google-analytics.com apis.google.com www.googletagmanager.com dx.mountain.com px.mountain.com https://s.pinimg.com https://ct.pinterest.com https://tags.creativecdn.com https://a.ads.rmbl.ws https://cdn.segment.com https://cdn.taboola.com https://trc.taboola.com https://static.ads-twitter.com fast.wistia.com; 1
default-src 'self' d6tizftlrpuof.cloudfront.net *.rechtspraak.nl rechtspraak.piwikpro.com media.ssr.nl www.rovid.nl app.springcast.fm virtuele-tour-rechtspraak.nl *.usabilla.com *.youtube.com *.fireside.fm fireside.fm *.mediasite.com *.google.com 'unsafe-inline'; script-src 'self' d6tizftlrpuof.cloudfront.net *.rechtspraak.nl rechtspraak.piwikpro.com app.springcast.fm virtuele-tour-rechtspraak.nl *.usabilla.com *.youtube.com *.fireside.fm fireside.fm *.mediasite.com *.google.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.rechtspraak.nl d6tizftlrpuof.cloudfront.net 'unsafe-inline'; img-src 'self' data: *.rechtspraak.nl *.rechtspraak.nl rechtspraak.piwikpro.com virtuele-tour-rechtspraak.nl d6tizftlrpuof.cloudfront.net *.usabilla.com www.rovid.nl; frame-ancestors 'none' 1
default-src https: 'self'; base-uri 'self'; block-all-mixed-content; child-src 'self' https://app-demo.standardnotes.com https://extensions.standardnotes.com *.stripe.com donorbox.org/embed/standard-notes paypalobjects.com *.paypal.com; connect-src 'self' *.stripe.com *.paypal.com https://extensions.standardnotes.com https://api.standardnotes.com *.braintreegateway.com *.coinbase.com *.braintree-api.com client-analytics.braintree.com plausible.standardnotes.com; frame-src 'self' *.youtube-nocookie.com *.braintreegateway.com client-analytics.braintree.com *.coinbase.com *.paypal.com www.paypalobjects.com *.stripe.com donorbox.org/embed/standard-notes *.standardnotes.com; font-src 'self'; form-action 'self' *.list-manage.com; frame-ancestors 'self' https://app-demo.standardnotes.com https://extensions.standardnotes.com https://api.standardnotes.com; img-src * data:; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' plausible.standardnotes.com *.stripe.com donorbox.org/widget.js *.paypal.com www.paypalobjects.com *.braintreegateway.com client-analytics.braintree.com *.coinbase.com; style-src 'self' 'unsafe-inline' *.braintreegateway.com client-analytics.braintree.com *.coinbase.com; 1
frame-ancestors 'self' *.knightlab.com *.biologicaldiversity.org biologicaldiversity.org; 1
frame-ancestors 'self'  wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com 1
default-src 'self' data: *.atu.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://www.google.com https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://www.google.com; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors *.lsm.lv; 1
frame-ancestors 'self' https://brex.sanity.studio 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com https://js.usemessages.com https://js.hsforms.net https://www.google-analytics.com https://connect.facebook.net https://js.hs-scripts.com https://snap.licdn.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hsadspixel.net https://js-agent.newrelic.com https://bam.nr-data.net https://apis.google.com js.hs-banner.com *.wp.com *.cookiebot.com 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-MWRiNmU3MTEtYjZmYS00MGM0LWIwN2QtZWRmYzcwYmFkZTUy'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
upgrade-insecure-requests; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.segment.com https://cdn.rollbar.com https://connect.facebook.net https://hcaptcha.com https://*.hcaptcha.com https://platform.twitter.com https://js.sentry-cdn.com https://www.googletagmanager.com https://browser.sentry-cdn.com; form-action 'self'; media-src https: blob:; font-src https: data:; prefetch-src https: data:; style-src 'unsafe-inline' https: data:; img-src https: data:; connect-src https: wss: blob: data: *.sentry.io; worker-src 'self' blob:; frame-src https: dcl:; child-src https: blob:; object-src 'none'; frame-ancestors 'none' 1
img-src * data: 'self';script-src js.klarna.com js.playground.klarna.com x.klarnacdn.net service.force.com shoecarnivalsf360.my.salesforce.com shoecarnivalsf360.my.site.com c.la4-c2-ia2.salesforceliveagent.com d.la4-c2-ia2.salesforceliveagent.com static.lightning.force.com tags.creativecdn.com cdn.pbbl.co *.salesforceliveagent.com https://*.forter.com https://dalv4le16pzj2.cloudfront.net https://d2nww8zpyj5pk0.cloudfront.net https://d13vs86ckfnvoz.cloudfront.net https://dlthst9q2beh8.cloudfront.net 'self' 'unsafe-eval' 'unsafe-inline' *.sentry.io *.klarnaservices.com *.klarna.com *.staging.bigcontent.io *.sitevibes.com *.google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.bing.com *.evgnet.com *.sjwoe.com *.quantummetric.com *.pinimg.com *.foresee.com *.foreseeresults.com *.4seeresults.com *.clinch.co *.amplience.net *.facebook.net *.facebook.com *.zmags.com *.creativecdn.com *.liadm.com *.adroll.com assets.bounceexchange.com tag.bounceexchange.com api.bounceexchange.com dash.bounceexchange.com dev.bounceexchange.com tag.wknd.ai *.cdnwidget.com *.cdnbasket.net *.pbbl.co *.attn.tv https://us.creativecdn.com/ *.wisepops.com https://wisepops.net *.tiktok.com *.pinterest.com *.upsellit.com *.powerreviews.com *.iesnare.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.thrive.today *.jsdelivr.net *.evergage.com *.ipredictive.com *.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com *.gstatic.com *.youtube.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.2.1/iframeResizer.min.js https://runtime.commercecloud.com;script-src-attr 'unsafe-inline';connect-src js.klarna.com js.playground.klarna.com x.klarnacdn.net service.force.com shoecarnivalsf360.my.salesforce.com shoecarnivalsf360.my.site.com c.la4-c2-ia2.salesforceliveagent.com d.la4-c2-ia2.salesforceliveagent.com *.cdnwidget.com *.cdnbasket.net https://*.forter.com wss://cdn0.forter.com assets.bounceexchange.com coupons.bounceexchange.com events.bouncex.net dfp.bouncex.net perf-api.wknd.ai https://d2o5idwacg3gyw.cloudfront.net https://d3lqotgbn3npr.cloudfront.net https://d11bdev7tcn7wh.cloudfront.net https://d3k4bt74u9esq1.cloudfront.net https://d2lxqodqbpy7c2.cloudfront.net https://dzgwautxzdtn9.cloudfront.net https://d6rak4b14t5gp.cloudfront.net 'self' *.sentry.io https://notifier-configs.airbrake.io *.klarnaservices.com *.klarnaevt.com api.cquotient.com https://*.algolia.net https://*.algolianet.com https://*.algolia.io *.cdn.content.amplience.net *.bigcontent.io *.shoecarnival.com *.sitevibes.com *.addressy.com *.sjwoe.com *.bing.com *.creativecdn.com *.liadm.com *.powerreviews.com *.doubleclick.net https://analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.googleadservices.com https://www.mczbf.com *.quantummetric.com *.pinimg.com *.foresee.com *.foreseeresults.com *.4seeresults.com *.clinch.co *.amplience.net *.facebook.net *.facebook.com *.zmags.com *.brainlabsdigital.com *.attn.tv *.wisepops.com https://wisepops.net *.adroll.com *.tiktok.com *.pinterest.com *.upsellit.com *.attentivemobile.com *.cloudinary.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.klarna.com *.evergage.com *.evgnet.com *.mobify-storefront.com *.ipredictive.com *.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com www.cloudflare.com https://runtime.commercecloud.com;default-src https://service.force.com/ https://na-assets.playground.klarnaservices.com js.klarna.com js.playground.klarna.com x.klarnacdn.net service.force.com shoecarnivalsf360.my.salesforce.com shoecarnivalsf360.my.site.com c.la4-c2-ia2.salesforceliveagent.com d.la4-c2-ia2.salesforceliveagent.com assets.bounceexchange.com dash.bounceexchange.com ad.doubleclick.net td.doubleclick.net 9132531.fls.doubleclick.net 'self' 'unsafe-eval' *.sentry.io *.cdn.content.amplience.net cdn.media.amplience.net *.staging.bigcontent.io *.googleapis.com *.attn.tv *.emjcd.com *.clinch.co https://us.creativecdn.com/ *.zmags.com *.pinterest.com *.paypal.com *.paypalobjects.com *.quantummetric.com *.truefitcorp.com *.wisepops.com https://wisepops.net tcapi.io *.facebook.com *.facebook.net *.doubleclick.net *.pbbl.co *.optimizely.com *.google.com *.youtube.com *.klarnaservices.com *.foresee.com *.foreseeresults.com *.4seeresults.com *.ipredictive.com *.ad.ipredictive.com https://res.cloudinary.com/powerreviews/ https://secure.cataboom.com/;frame-ancestors 'self' *.amplience.net *.googleapis.com https://runtime.commercecloud.com;worker-src blob: 'self' *.mobify-storefront.com *.shoecarnival.com;upgrade-insecure-requests;form-action 'self' *.opinionlab.com *.pinterest.com api.bounceexchange.com dev.bounceexchange.com https://www.facebook.com/tr/;base-uri 'self';font-src 'self' https: data:;object-src 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self' https: data: https://amplify.outbrain.com/cp/obtp.js https://api-stage.clue.run/ https://apis.google.com/ https://apis.google.com/js/api.js https://buy.paddle.com/ https://cdn.paddle.com/ https://cdn.paddle.com/paddle/v2/assets/css/paddle.css https://cdn.paddle.com/paddle/v2/paddle.js https://cdn.polyfill.io/v3/polyfill.min.js https://cdn.taboola.com/libtrc/unip/1264181/tfa.js https://collector-dev.clue.run/com https://images.ctfassets.net/ https://rum.browser-intake-datadoghq.eu/ https://sandbox-buy.paddle.com/ https://sandbox-cdn.paddle.com/paddle/v2/assets/css/animate.css https://sandbox-cdn.paddle.com/paddle/v2/assets/css/paddle.css https://tr.outbrain.com https://trc-events.taboola.com https://trc.taboola.com https://wave.outbrain.com https://webapi.helloclue.com https://www.datadoghq-browser-agent.com/eu1/v4/datadog-rum.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://www.youtube.com ; img-src 'self' data: https://api-stage.clue.run/ https://cdn.paddle.com https://dev-helloclue.clue.run https://images.ctfassets.net/ https://www.google-analytics.com/ ; script-src 'self' 'unsafe-inline' *.tiktok.com *.tiktokv.com *.tiktokw.eu *.ttwstatic.com https://amplify.outbrain.com/cp/obtp.js https://api-stage.clue.run/ https://apis.google.com https://apis.google.com/js/api.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://buy.paddle.com/ https://cdn.paddle.com/paddle/v2/paddle.js https://cdn.polyfill.io/v3/polyfill.min.js https://cdn.taboola.com/libtrc/unip/1264181/tfa.js https://connect.facebook.net/en_US/sdk.js https://dev-helloclue.clue.run https://helloclue.com https://images.ctfassets.net https://sandbox-buy.paddle.com/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://tr.outbrain.com https://trc-events.taboola.com https://trc.taboola.com https://wave.outbrain.com https://webapi.helloclue.com https://www.datadoghq-browser-agent.com/eu1/v4/datadog-rum.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://www.tiktok.com/embed.js https://www.youtube.com ; media-src 'self' https://www.tiktok.com ; style-src 'self' 'unsafe-inline' *.ttwstatic.com https://api-stage.clue.run/ https://cdn.paddle.com https://cdn.paddle.com/paddle/v2/assets/css/paddle.css https://dev-helloclue.clue.run https://helloclue.com https://images.ctfassets.net/ https://sandbox-cdn.paddle.com ; 1
default-src 'self'; font-src 'self' data: https://www.buzzsprout.com https://platform-api.sharethis.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ https://script.hotjar.com https://consent.trustarc.com https://fonts.gstatic.com https://l.teads.tv/ https://t.teads.tv/ https://cm.teads.tv/; style-src 'self' 'unsafe-inline' https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css https://static.cloud.coveo.com https://engage.aveva.com https://tagmanager.google.com https://fonts.googleapis.com https://l.teads.tv/ https://t.teads.tv/ https://cm.teads.tv/; object-src 'self'; child-src 'self' https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ ujet.co *.ujet.co https://l.teads.tv/ https://t.teads.tv/ https://cm.teads.tv/; connect-src 'self' https://ipv4.podscribe.com/ https://pipedream.wistia.com/ https://f.clarity.ms/ https://www.google.com/ https://p.clarity.ms/ https://pagead2.googlesyndication.com/ https://*.clarify.ms/ https://px.ads.linkedin.com/ https://v.clarity.ms/ https://o.clarity.ms/ https://u.clarity.ms/collect https://px.ads.linkedin.com/attribution_trigger https://w.clarity.ms/collect https://z.clarity.ms/ https://s.clarity.ms https://track.accountinsight.cloud/ https://lonrtp1.marketo.com/ https://pagestates-tracking.crazyegg.com/* https://us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink https://tag-logger.demandbase.com/bg9s https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://lonrtp1.marketo.com/gw1/ga/sgm https://track.accountinsight.cloud/track/hide/95/239082904 https://track.accountinsight.cloud/track/show/95/239082904 https://osisoftprodqov7t0yy.analytics.org.coveo.com https://osisoftprodqov7t0yy.org.coveo.com https://static.cloud.coveo.com https://osisoftprodqov7t0yy.admin.org.coveo.com https://l.sharethis.com *.google-analytics.com *.analytics.google.com https://www.buzzsprout.com https://platform-api.sharethis.com https://script.crazyegg.com https://region1.google-analytics.com http://region1.google-analytics.com region1.google-analytics.com https://region1.analytics.google.com http://region1.analytics.google.com region1.analytics.google.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ https://*.b0e8.com https://*.bc0a.com http://*.b0e8.com http://*.bc0a.com https://*.google-analytics.com https://*.analytics.google.com http://*.google-analytics.com http://*.analytics.google.com https://region1.google-analytics.com/g/collect* https://region1.analytics.google.com/g/collect* https://cdn.linkedin.oribi.io/partner/265491/domain/aveva.com/token https://api.company-target.com http://api.company-target.com https://company-target.com http://company-target.com https://segments.company-target.com http://segments.company-target.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://analytics.cloud.coveo.com https://consent-pref.trustarc.com https://platform.cloud.coveo.com https://s7.addthis.com https://sfgw.leadspace.com https://engage.aveva.com https://986-yis-805.mktoresp.com https://stats.g.doubleclick.net https://segments.company-target.com https://www.google-analytics.com https://connect.facebook.net/ https://vc.hotjar.io https://in.hotjar.com https://*.demdex.net https://api.company-target.com https://smetrics.aveva.com https://cm.everesttech.net https://assets.adobedtm.com https://aveva.tt.omtrdc.net https://m.addthis.com https://bcp.crwdcntrl.net/6/map https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://tracking.crazyegg.com/clock* https://x.clarity.ms/collect https://l.teads.tv/ https://t.teads.tv/ https://cm.teads.tv/; img-src 'self' data report-uri: https://verifi.podscribe.com/ https://dp2.33across.com/ https://sync.sharethis.com/ https://match.adsrvr.org/ https://cm.g.doubleclick.net/ https://sync.1rx.io/ https://l.sharethis.com/ https://p.typepixel.com/ https://cm.g.doubleclick.net/ https://px.ads.linkedin.com/ https://px.ads.linkedin.com/collect* https://c.bing.com https://attr.ml-api.io/ https://d.adroll.com/ https://c.clarity.ms/ https://ad.doubleclick.net https://s.ml-attr.com/getuid https://js.adsrvr.org/up_loader.1.1.0.js https://ad.doubleclick.net/* https://td.doubleclick.net https://insight.adsrvr.org https://ad.doubleclick.net/activity https://www.buzzsprout.com https://platform-cdn.sharethis.com https://platform-api.sharethis.com https://s.ml-attr.com/getuid* https://region1.google-analytics.com http://region1.google-analytics.com region1.google-analytics.com https://region1.analytics.google.com http://region1.analytics.google.com region1.analytics.google.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ *.google-analytics.com https://px4.ads.linkedin.com/collect* *.analytics.google.com https://www.google.co.uk/pagead/1p-user-list/9863a06368/* https://px4.ads.linkedin.com/collect* https://id.rlcdn.com/464526.gif https://www.google.co.uk/ads/ga-audiences* https://script.hotjar.com http://script.hotjar.com https://consent-pref.trustarc.com https://analytics.twitter.com https://bat.bing.com https://engage.aveva.com https://consent.trustarc.com https://ssl.gstatic.com https://www.googletagmanager.com https://10049316.fls.doubleclick.net https://secure.adnxs.com https://sdk.yoyi.com.cn https://mapping.yoyi.com.cn https://segments.company-target.com https://t.co https://connect.facebook.net https://*.demdex.net https://match.prod.bidr.io https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.in https://p.adsymptotic.com https://www.linkedin.com https://px.ads.linkedin.com/* https://www.facebook.com https://smetrics.aveva.com https://cm.everesttech.net https://assets.adobedtm.com https://avevaenglishdev.112.2o7.net https://pixel.mathtag.com/comp/img* https://ipv4.d.adroll.com/px4/* https://x.bidswitch.net/sync* https://dsum-sec.casalemedia.com/rum* https://idsync.rlcdn.com/*.gif https://pixel.rubiconproject.com/*.php https://us-u.openx.net/* https://image2.pubmatic.com/AdServer/Pug* https://sync.outbrain.com/cookie-sync* https://ups.analytics.yahoo.com/ups/55980/sync* https://eb2.3lift.com/xuid* https://sync.taboola.com/sg/adroll-network/1/rtb-h* https://ib.adnxs.com/setuid* https://pixel.mathtag.com/* https://l.teads.tv/ https://t.teads.tv/ https://cm.teads.tv/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://d34r8q7sht0t9k.cloudfront.net/ https://pagead2.googlesyndication.com/ https://rtp-static.marketo.com/ https://o.clarity.ms/ https://www.clarity.ms/ https://d.adroll.com/ https://s.adroll.com/j/roundtrip.js https://t.sharethis.com/ https://c.clarity.ms/ https://s.adroll.com/j/roundtrip.js https://pixel.mathtag.com/event/js https://rtp-static.marketo.com/rtp/libs/jquery/1.8.3/jquery.min.js https://lonrtp1.marketo.com/gw1/trw https://lonrtp1.marketo.com/gw1/msg https://www.clarity.ms/s/0.7.13/clarity.js https://js.adsrvr.org/up_loader.1.1.0.js https://ad.doubleclick.net/* https://td.doubleclick.net https://insight.adsrvr.org https://ad.doubleclick.net/activity https://ad.doubleclick.net https://count-server.sharethis.com https://buttons-config.sharethis.com https://www.buzzsprout.com https://platform-api.sharethis.com https://lonrtp1.marketo.com/gw1* https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js https://www.clarity.ms/s/0.7.10/clarity.js https://rtp-static.marketo.com/rtp/libs/jqueryui/1.9.2f/jquery-custom-ui.min.js https://platform-api.sharethis.com/js/sharethis.js https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ https://hud.crazyegg.com https://ftrk.crazyegg.com https://script.crazyegg.com https://vector.crazyegg.com https://tracking.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com http://hud.crazyegg.com http://ftrk.crazyegg.com http://script.crazyegg.com http://vector.crazyegg.com http://tracking.crazyegg.com http://assets-tracking.crazyegg.com http://pagestates-tracking.crazyegg.com https://api.brightedge.com https://*.b0e8.com https://*.bc0a.com http://api.brightedge.com http://*.b0e8.com http://*.bc0a.com https://script.crazyegg.com/pages/scripts/0116/7658.js https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js* https://s.adroll.com/j/exp/5TODA6DLONELRNGZWU5E3D/index.js https://s.adroll.com/j/pre/5TODA6DLONELRNGZWU5E3D/RMNM2XJBDVDX5HV2TGMQ3E/index.js https://s.adroll.com/j/pre/5TODA6DLONELRNGZWU5E3D/RMNM2XJBDVDX5HV2TGMQ3E/fpconsent.js https://d.adroll.com/consent/check/5TODA6DLONELRNGZWU5E3D* https://www.clarity.ms/eus-e/s/0.7.2/clarity.js https://block.opendns.com https://www.clarity.ms/tag/uet/137010788 https://cdn.pdst.fm/ping.min.js https://www.google.com https://scripts.demandbase.com http://scripts.demandbase.com https://tag.demandbase.com http://tag.demandbase.com https://static.hotjar.com https://script.hotjar.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/* https://static.cloud.coveo.com https://cdn.jsdelivr.net https://ajax.cloudflare.com https://z.moatads.com https://bat.bing.com https://sfc.leadspace.com https://cdn.thinglink.me https://sfc.leadspace.com https://consent.trustarc.com https://munchkin.marketo.net https://engage.aveva.com https://tagmanager.google.com https://www.googletagmanager.com https://polyfill.io https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://track.accountinsight.cloud https://view.ceros.com https://okt.to https://analytics.twitter.com https://script.hotjar.com https://tag.demandbase.com https://static.ads-twitter.com http://clientservices.googleapis.com https://static.hotjar.com https://static.oktopost.com https://www.googletagmanager.com http://r2---sn-ci5gup-cvhz.gvt1.com http://r4---sn-qxaeen7e.gvt1.com http://redirector.gvt1.com http://update.googleapis.com http://www.gstatic.com https://js.driftt.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://snap.licdn.com https://noembed.com *.adobe.com google-analytics.com *.google-analytics.com https://fast.wistia.net http://fast.wistia.com http://vimeo.com https://vimeo.com https://*.vimeo.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://www.youtube.com https://s.ytimg.com https://v1.addthisedge.com  https://m.addthis.com https://graph.facebook.com https://p.teads.tv/ https://www.clarity.ms/ https://l.teads.tv/ https://t.teads.tv/ https://cm.teads.tv/; frame-src 'self' https://x.adroll.com/ https://match.adsrvr.org/ https://t.sharethis.com https://insight.adsrvr.org/ https://td.doubleclick.net/ https://10598578.fls.doubleclick.net/ https://s.company-target.com/ https://js.adsrvr.org/up_loader.1.1.0.js https://ad.doubleclick.net/* https://ad.doubleclick.net https://ad.doubleclick.net/activity https://td.doubleclick.net https://www.buzzsprout.com https://platform-api.sharethis.com https://lonrtp1-cdn.marketo.com/rtp-api/v1/rtp.js https://www.google.co.uk/ads/ga-audiences https://www.google.co.uk/pagead/1p-user-list/986306368/ https://*.adobe.com https://www.google.com https://tracker-detail-page.trustarc.com https://vars.hotjar.com https://www.thinglink.com https://engage.aveva.com https://consent-pref.trustarc.com https://consent.trustarc.com https://www.googletagmanager.com https://10049316.fls.doubleclick.net https://www.w3.org https://view.ceros.com https://vars.hotjar.com https://js.driftt.com https://*.demdex.net https://www.facebook.com https://www.youtube.com https://fast.wistia.net https://s7.addthis.com https://player.vimeo.com https://bid.g.doubleclick.net https://www.slideshare.net https://pixel.mathtag.com/* https://pixel.mathtag.com/ https://10031696.fls.doubleclick.net/ https://fledge.teads.tv/ https://l.teads.tv/ https://t.teads.tv/ https://cm.teads.tv/*; frame-ancestors 'self' https://explore.osisoft.com https://osisoft.lookbookhq.com https://osisoft.pathfactory.com https://discover.aveva.com https://aveva.pathfactory.com https://l.teads.tv/ https://t.teads.tv/ https://cm.teads.tv/; 1
default-src * data: blob: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors *.reviews.co.uk *.reviews.io 1
report-uri https://www.debugbear.com/_/csp; default-src * 'self'; script-src 'strict-dynamic' 'nonce-e15a1376-fe2b-4931-b3bd-9981146e68f9' 'unsafe-inline' 'self' https: ; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; object-src 'none'; base-uri 'none'; frame-ancestors 'none' 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src https: data: 1
default-src 'self' *; style-src * 'unsafe-inline'; img-src * data: content: * 'self'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * 1
default-src 'self'; object-src 'none'; script-src 'self' https://www.googletagmanager.com/gtag/js https://www.google-analytics.com https://dap.digitalgov.gov; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com/gtag/js https://www2.donotcall.gov; base-uri 'none'; form-action 'self'; frame-src 'none'; frame-ancestors 'self'; report-uri https://telemetry.consumersentinel.gov/api/contentsecuritypolicy; 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/RcsAdamantiumHttp/cspreport/allowlist 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://ausi.github.io https://js.appboycdn.com https://*.google-analytics.com https://player.vimeo.com https://*.vimeocdn.com https://www.googletagmanager.com https://*.googleapis.com https://trackcmp.net https://*.cloudflare.com https://static.doubleclick.net https://*.google.com https://www.youtube.com https://*.app-us1.com https://connect.facebook.net https://static.rfstat.com https://www.gstatic.com https://yookassa.ru https://*.paddle.com https://cdn.jsdelivr.net https://tracking.g2crowd.com https://c.sf-syn.com https://www.googleadservices.com https://static.yoomoney.ru https://*.livechatinc.com https://appleid.cdn-apple.com https://www.dropbox.com https://*.renderforest.com data: blob:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://js.appboycdn.com https://*.hotjar.com https://ausi.github.io https://*.google-analytics.com https://player.vimeo.com https://*.vimeocdn.com https://www.googletagmanager.com https://*.googleapis.com https://trackcmp.net https://*.cloudflare.com https://static.doubleclick.net https://*.google.com https://www.youtube.com https://*.app-us1.com https://connect.facebook.net https://static.rfstat.com https://www.gstatic.com https://yookassa.ru https://*.paddle.com https://cdn.jsdelivr.net https://tracking.g2crowd.com https://c.sf-syn.com https://www.googleadservices.com https://static.yoomoney.ru https://*.livechatinc.com https://appleid.cdn-apple.com https://www.dropbox.com https://*.renderforest.com data: blob:; report-uri https://bx1s4jrg.uriports.com/reports/report; report-to default 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com http://www.googleadservices.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maxcdn.bootstrapcdn.com https://cdn.gigya.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://cdns4.gigya.com https://cdns5.gigya.com https://accounts.gigya.com https://accounts.eu1.gigya.com https://signin.qa.nationalexpress.com https://cdn.synthetix.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://tag.yieldoptimizer.com https://connect.facebook.net https://bat.bing.com http://bat.bing.com https://*.vo.msecnd.net http://az416426.vo.msecnd.net https://prod.limitlesslivemessenger.com https://sc-static.net https://tr.snapchat.com https://static.ads-twitter.com https://analytics.twitter.com https://platform.twitter.com https://widget.trustpilot.com https://cdn.syndication.twimg.com https://sn1.clicktripz.com js.hsforms.net https://eu.clicktripz.com http://uktc.fospha.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-analytics.net/analytics/ https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://d2oh4tlt9mrke9.cloudfront.net https://d2qmp7jjpd79k7.cloudfront.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://static.hotjar.com https://script.hotjar.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://ict.infinity-tracking.net/js/ https://script.infinity-tracking.com https://widgets.moovit.com https://widgets.moovit.com/wtp/en-gb/ https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://secure.data-insight365.com/js/265823.js https://secure.data-insight365.com/Track/Capture.aspx https://d3dh5c7rwzliwm.cloudfront.net https://d32106rlhdcogo.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net https://*.quantserve.com/ https://rules.quantcount.com https://edge.quantserve.com http://www.instagram.com https://cdn.weglot.com https://s.yimg.com/wi/ytc.js https://acdn.adnxs.com/dmp/up/pixie.js https://cdn.mookie1.com/containr.js https://*.abtasty.com blob:;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.synthetix.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://platform.twitter.com https://ton.twimg.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://use.typekit.net/hpe8ksj.css https://p.typekit.net/p.css https://lf16-tiktok-web.ttwstatic.com https://sf16-website-login.neutral.ttwstatic.com https://script.hotjar.com https://static.hotjar.com https://cdn.weglot.com https://*.abtasty.com;img-src 'self' https://*.google-analytics.com https://www.google.com https://www.google.co.uk https://cm.g.doubleclick.net https://ad.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://national-express.cloud-iq.com http://national-express.cloud-iq.com https://uktc.fospha.com https://www.facebook.com https://bat.bing.com https://cdn.jsdelivr.net https://www.nationalexpress.com https://4ez2xrmccannwebprd1.blob.core.windows.net https://zwu74omccannwebqa1.blob.core.windows.net https://4ez2xrmccannwebprd1-secondary.blob.core.windows.net http://uktc.fospha.com data: https://forms.hubspot.com https://forms.hsforms.com https://track.hubspot.com https://t.co/i/ https://abs.twimg.com https://pbs.twimg.com https://ton.twimg.com https://platform.twitter.com https://syndication.twitter.com https://analytics.twitter.com https://cdns.gigya.com https://cdns1.gigya.com https://cdns2.gigya.com https://cdns3.gigya.com https://signin.qa.nationalexpress.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://graph.facebook.com https://platform-lookaside.fbsbx.com https://platform-cdn.sharethis.com https://l.sharethis.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://script.hotjar.com https://static.hotjar.com https://*.clarity.ms/ https://c.bing.com https://cdn-ukwest.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://widgets.moovit.com https://m.moovitapp.com https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://appassets.mvtdev.com/mobile/ https://a-tiles.locationiq.com https://b-tiles.locationiq.com https://c-tiles.locationiq.com https://secure.agile-company-365.com/265823.png blob: https://d1fd8aj8bhyfe9.cloudfront.net https://d3dh5c7rwzliwm.cloudfront.net https://pixel.quantserve.com https://cdn.weglot.com https://sp.analytics.yahoo.com https://*.abtasty.com;frame-src 'self' https://routemap-embed.nationalexpress.com https://faq.nationalexpress.com https://cdns.eu1.gigya.com https://signin.qa.nationalexpress.com https://www.google.com https://*.fls.doubleclick.net https://www.google.com/recaptcha/ https://forms.gle https://docs.google.com https://td.doubleclick.net https://www.facebook.com https://www.youtube.com https://contactless.nxbus.com https://live.ekashu.com https://r1.dotmailer-surveys.com http://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com http://r1.dotdigital-pages.com https://nationalexpressportal.icasework.com https://national-express--bguat.my.salesforce.com https://webto.salesforce.com https://national-express.force.com https://timetables-embed.nxbus.co.uk https://www.nationalexpress.com https://bustimetables-nx.utrackapps.com https://bustimetables-dev.utrackapps.com https://contactless.nxbus.com https://nxbusgateway.co.uk https://player.vimeo.com https://forms.hsforms.com https://tr.snapchat.com https://www.trustpilot.com https://c.sharethis.mgr.consensu.org https://widget.trustpilot.com https://platform.twitter.com https://syndication.twitter.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://vars.hotjar.com https://widgets.moovit.com https://moovitapp.com https://m.moovitapp.com https://appassets.mvtdev.com/mobile/ https://www.tiktok.com https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://www.loom.com http://www.instagram.com https://*.abtasty.com;font-src 'self' https://fonts.gstatic.com https://script.hotjar.com https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/ https://digitalcampaignsstorage.blob.core.windows.net https://use.typekit.net/af/ https://cdn.weglot.com https://*.abtasty.com;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://docs.google.com https://*.analytics.google.com https://dc.services.visualstudio.com https://bat.bing.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://connect.facebook.net https://www.facebook.com/tr/ https://www.facebook.com/plugins/customer_chat/ https://eu.clicktripz.com https://www.clicktripz.com https://prod.api.belimitless-app.io https://l.sharethis.com https://service.maxymiser.net http://service.maxymiser.net http://*.oracleinfinity.io/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://signin.qa.nationalexpress.com https://signin.dev.nationalexpress.com https://signin.ptbook.nationalexpress.com https://signin.stable.nationalexpress.com https://signin.www.nationalexpress.com https://signin.nationalexpress.com https://holidays.nationalexpress.com https://packagesmetasearch.api.pro.logitravel.internal https://packagesmetasearch.api.external.logitravel.com https://packagesmetasearch-api-external.logitravel.com https://*.clarity.ms/ https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://privacyportal-uk.onetrust.com https://digitalcampaignsstorage.blob.core.windows.net https://oneyou-cms.nhswebsite.nhs.uk https://webto.salesforce.com https://api.hsforms.com https://login.salesforce.com https://thekingsferry.my.salesforce.com https://ict.infinity-tracking.net https://nx-busapplication-qa.azureedge.net https://nx-busapplication-prd.azureedge.net https://nx-busapplication-prd2-c7aggnczaxcgagdr.a01.azurefd.net https://nxbusdt.b2clogin.com https://nxbus.b2clogin.com https://script.infinity-tracking.com https://qaapi.azure-api.net https://apinxbus.azure-api.net https://web.lon.infinity-tracking.com https://nas.lon.infinity-tracking.com https://nas.lon.infinity-tracking.net https://nexgen.ats.careers/api/ https://idx.liadm.com/idex/unknown/ https://pixel.quantcount.com https://cdn.weglot.com https://cdn-api-weglot.com https://s.yimg.com https://*.abtasty.com https://faq.nationalexpress.com;frame-ancestors 'self' https://www.facebook.com 1
frame-ancestors 'self' http://www.philips.co.uk *.philips.com *.philips.co.uk https://philipsigtdpv.com 1
default-src https: data: http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.greentechmedia.com/?ACT=159 1
frame-ancestors 'self' courses.ecu.edu.au *.instructure.com *.canvaslms.com https://ecu.atlassian.net 1
default-src 'self' *; child-src 'self' * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob:; img-src 'self' * data: blob:; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; connect-src 'self' * blob: data:; media-src 'self' * blob: data:; object-src 'self' *; 1
style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css; img-src 'self' https://i0.wp.com https://helio.app https://notableapp.com https://*.zurb.com https://*.gravatar.com https://*.cloudfront.net https://zurb-dot-com-prod.s3.amazonaws.com https://www.google-analytics.com https://c0.froala.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.intercomcdn.com https://widget.intercom.io https://js-agent.newrelic.com https://*.honeybadger.io https://*.cloudfront.net https://*.kissmetrics.com https://www.googletagmanager.com https://code.jquery.com https://dhbhdrzi4tiry.cloudfront.net/cdn/sites/foundation.js https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317 https://www.google-analytics.com/analytics.js https://helio-embed.zurb.com:443/ https://helio-embed-staging.zurb.com/ https://helio-embed.zurb.com/ https://helio-embed-staging.zurb.com:443/ https://podcast.zurb.com/ https://podcast.zurb.com:443/ https://loz.zurb.com/; frame-ancestors "none" 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-450c12b0b1016db93e218ad4064f3bba' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1214240717863294; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1214240717863294 1
default-src 'self'; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://www.dafdirect.org pay.google.com *.paypal.com *.paypalobjects.com https://www.instagram.com *.tiktokcdn-us.com https://pay.google.com https://static.fundraiseup.com https://cdn.fundraiseup.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://api.mapbox.com/ https://js.verygoodvault.com https://a.gusc.cartocdn.com https://m.addthis.com https://v1.addthisedge.com https://z.moatads.com https://s7.addthis.com https://cdn.signalfx.com https://static.everyaction.com https://lf16-tiktok-web.ttwstatic.com https://www.tiktok.com https://cdn.insight.sitefinity.com https://unpkg.com/ https://ci-public.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com https://fastaction.ngpvan.com https://js2.verygoodvault.com https://profile.ngpvan.com https://d3rse9xjbp8270.cloudfront.net https://www.youtube-nocookie.com https://secure.everyaction.com https://rules.quantcount.com https://secure.quantserve.com https://www.youtube.com https://unpkg.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://static.arcgis.com https://sp.analytics.yahoo.com https://s.yimg.com https://donorbox.org https://optimize.google.com https://tagmanager.google.com https://www.conservation.org https://app.vwo.com https://public.tableau.com *.typeform.com https://s3.amazonaws.com/trk.cetrk.com/f/t.js *.visualwebsiteoptimizer.com *.crazyegg.com *.stripe.com bitpay.com api.tiles.mapbox.com fast.wistia.com googleads.g.doubleclick.net www.googleadservices.com bat.bing.com secure.adnxs.com *.googletagmanager.com js.stripe.com dcc4iyjchzom0.cloudfront.net cartocdn-gusc.global.ssl.fastly.net conservation.carto.com sp13loader.ciapps.org maps.googleapis.com https://cdnjs.cloudflare.com http://conservation-tron.imgix.net ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://conservation-org.tron.silvertech.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' https://www.dafdirect.org *.tiktokcdn-us.com https://ci-sharks.s3.amazonaws.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/ https://api.mapbox.com https://static.everyaction.com https://lf16-tiktok-web.ttwstatic.com https://embed.typeform.com https://unpkg.com/ https://unpkg.com/leaflet@1.7.1 https://ci-public.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com https://ci-everyaction-public.s3.amazonaws.com https://d3rse9xjbp8270.cloudfront.net https://optimize.google.com https://tagmanager.google.com https://tagmanager.google.com api.tiles.mapbox.com sp13loader.ciapps.org  fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src https://cicloud.imgix.net https://ciorg.imgix.net https://www.dafdirect.org https://ad.doubleclick.net t.paypal.com pay.google.com *.paypalobjects.com https://ucarecdn.com https://ci-sharks.s3.amazonaws.com https://a.gusc.cartocdn.com https://static.everyaction.com https://sp.analytics.yahoo.com https://upload.wikimedia.org https://www.clker.com https://ci-everyaction.imgix.net https://storage.googleapis.com https://api.mapbox.com https://ci-ooh.s3.amazonaws.com https://d1aqhv4sn5kxtx.cloudfront.net https://secure.everyaction.com https://d1aqhv4sn5kxtx.cloudfront.net https://secure.everyaction.com https://d3rse9xjbp8270.cloudfront.net http://cicloud.s3.amazonaws.com https://cicloud.s3.amazonaws.com https://pixel.quantserve.com https://njoel9cc11.execute-api.us-east-1.amazonaws.com https://d2ey44ppm6i0sm.cloudfront.net https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://53f5mmurac.execute-api.us-east-1.amazonaws.com https://d1wrq3tu9qy8md.cloudfront.net https://ci-pixel-ephemeral.s3.amazonaws.com https://ci-pixel-persistent.s3.amazonaws.com https://cicloud.s3.amazonaws.com/ https://cdn.cookielaw.org/ https://firecastwebserver01.ciapps.org https://services.arcgisonline.com https://server.arcgisonline.com https://d1iczxrky3cnb2.cloudfront.net https://ssl.gstatic.com https://www.gstatic.com http://cloud.conservation.org.s3.amazonaws.com/ https://cloud.conservation.org.s3.amazonaws.com/ https://www.arcgis.com/ https://public.tableau.com https://ci-public.s3.amazonaws.com *.crazyegg.com *.visualwebsiteoptimizer.com *.stripe.com *.googletagmanager.com sitefinity.ciapps-aws.org www.google.com.br www.google.com bat.bing.com stats.g.doubleclick.net cartocdn-gusc.global.ssl.fastly.net sp13loader.ciapps.org *.maps.api.here.com ciorg.imgix.net ciapps-kiwi.imgix.net 'self' maps.gstatic.com http://conservation-tron.imgix.net maps.googleapis.com https://conservation-org.tron.silvertech.net/ i.ytimg.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' https://static.fundraiseup.com https://static.everyaction.com https://d3rse9xjbp8270.cloudfront.net sp13loader.ciapps.org themes.googleusercontent.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' https://cicloud.s3.amazonaws.com https://api.typeform.com https://www.google.com/pay https://google.com/pay pay.google.com *.paypalobjects.com *.paypal.com https://www.facebook.com https://fndrsp-checkout.net https://api.fundraiseup.com https://sentry.fundraiseup.com https://fndrsp.net https://api-public.addthis.com https://rum-ingest.us1.signalfx.com https://geolocation.onetrust.com https://api.insight.sitefinity.com https://fastaction.ngpvan.com https://profile.ngpvan.com https://actions.everyaction.com https://secure.everyaction.com *.crazyegg.com https://recording.crazyegg.com https://privacyportal-eu.onetrust.com https://analytics.google.com https://stats.g.doubleclick.net https://script.crazyegg.com https://ci-public.s3.amazonaws.com https://conservation.org.s3.amazonaws.com https://dvm5qo6r5pdyf.cloudfront.net https://cdn.cookielaw.org/ https://tracking.crazyegg.com https://s.yimg.com https://api.altmetric.com https://doi.org https://api.crossref.org https://data.crossref.org https://carbonfootprint.short.car-calc.cc sample-api-v2.crazyegg.com https://cibitly.ciapps.org https://act.conservation.org https://firecastwebserver01.ciapps.org stripe.ciapps.org checkout.stripe.com bitpay.ciapps.org *.google-analytics.com bitpay.com events.mapbox.com api.mapbox.com convio.ciapps.org secure2.convio.net sharkstracker.ciapps.org conservation.carto.com sp13loader.ciapps.org accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com data: blob: ; media-src https://ooh.ciapps-aws.org https://dow8iayks4wtt.cloudfront.net http://cicloud.s3.amazonaws.com https://ci-ooh.s3.amazonaws.com civideos.ciapps.org 'self' data: blob:; child-src 'self' https://embed.ted.com https://www.paypal.com https://www.paypalobjects.com https://td.doubleclick.net https://player.pbs.org https://www.instagram.com https://pay.google.com https://conservation.maps.arcgis.com https://js.verygoodvault.com https://s7.addthis.com/ https://v.qq.com https://js2.verygoodvault.com https://forms.microsoft.com https://app.powerbi.com https://open.spotify.com https://donorbox.org/ https://optimize.google.com https://app.vwo.com https://firecastwebserver01.ciapps.org https://form.jotform.com/ https://www.un.org https://logiprod.conservation.org/ https://www.arcgis.com/ https://public.tableau.com *.microsoftonline.com *.office.com *.typeform.com www.tiktok.com data: blob: checkout.stripe.com bitpay.com bid.g.doubleclick.net sitefinity.ciapps-aws.org submit.jotformz.com form.jotformz.com 8760954.fls.doubleclick.net js.stripe.com www.qzzr.com https://platform.twitter.com/ http://conservation-tron.imgix.net https://syndication.twitter.com/ https://www.youtube.com/ https://conservation-org.tron.silvertech.net/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 1
frame-ancestors *.mi.com; 1
frame-ancestors 'self' apachearimlbvip.corpuk.net 1
script-src 'unsafe-inline' 'self' https://*.googleapis.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'unsafe-inline' 'self'; default-src 'self'; frame-src 'self' https://www.google.com https://player.vimeo.com; connect-src 'self' https://www.google-analytics.com; 1
default-src 'self'; object-src 'none'; connect-src 'self' https://cdn.polyfill.io https://*.addthis.com https://v1.addthisedge.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://prc-search.squiz.cloud; frame-ancestors 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io https://*.addthis.com https://v1.addthisedge.com https://*.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://assets.pinterest.com https://sdk.reachout.com https://forums-syndication.reachout.com; child-src 'self' https://player.vimeo.com https://omny.fm https://s7.addthis.com https://assets.pinterest.com https://sdk.reachout.com https://forums-syndication.reachout.com https://www.google.com/ https://vimeo.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://via.placeholder.com https://i.vimeocdn.com https://*.addthis.com https://log.pinterest.com https://www.google.com.au/ads/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://s3.amazonaws.com/icomoon.io/; 1
frame-ancestors 'self' https://*.europeanpressprize.com https://europeanpressprize.com 1
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com https:;img-src https: data: 'self' maps.gstatic.com *.googleapis.com *.ggpht.com;style-src 'self' 'unsafe-inline' https:; 1
default-src 'self' data: 'unsafe-inline' https://*.ecmwf.int https://unpkg.com https://static.addtoany.com https://*.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://gateway.shorthand.com https://stats.g.doubleclick.net https://www.youtube.com https://www.google.com https://archive.org https://www.flickr.com https://www.tiki-toki.com https://player.vimeo.com/ https://player.vimeo.com/; script-src 'unsafe-eval' 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.datatables.net https://*.ecmwf.int https://unpkg.com https://cdnjs.cloudflare.com https://cdn.mathjax.org https://static.addtoany.com https://*.google-analytics.com https://cdn.mouseflow.com https://iframely.shorthand.com https://analytics.shorthand.com; img-src 'self' data: https://*.ecmwf.int https://*.google-analytics.com; media-src 'self' https://*.ecmwf.int 1
default-src data: 'unsafe-inline' 'unsafe-eval'  			https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:;  			img-src data: https: blob:; font-src data: https:; connect-src https: wss:; media-src https: blob:; object-src https:;  			child-src https: data: blob:; form-action https:; upgrade-insecure-requests; 1
style-src 'self' https: 'report-sample' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.google.com cdn.jsdelivr.net www.googletagmanager.com https://www.netsurion.com; img-src 'self' https: data: https://bat.bing.com https://clients1.google.com https://px.ads.linkedin.com https://tribl.io https://www.google-analytics.com https://www.google.com https://www.netsurion.com;  script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://www.netsurion.com/ https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://assets.calendly.com https://www.google.com https://cse.google.com  https://clients1.google.com https://www.googletagmanager.com https://googletagmanager.com   https://tagmanager.google.com https://www.google-analytics.com https://analytics.google.com/ https://ssl.google-analytics.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googleadservices.com/pagead/conversion_async.js https://apis.google.com  https://www.recaptcha.net https://recaptcha.net  https://www.gstatic.cn/recaptcha/  https://www.google.com/recaptcha/ https://www.gstatic.com https://snap.licdn.com https://bat.bing.com https://ajax.googleapis.com   https://ws.zoominfo.com  https://www.netsurion.com https://www.google.co.uk https://www.google.nl https://www.google.de https://www.google.fr https://www.google.co.in https://www.google.pl  https://www.google.com.au  https://www.google.co.id https://www.google.it https://www.google.co.il  https://www.google.com.ph https://www.google.ie   https://www.google.be https://www.google.ru  https://www.google.se  https://www.google.co.nz  https://www.google.com.co  https://www.google.com.mx https://www.google.pt https://www.google.co.th  https://www.google.com.ng https://www.google.ca  https://www.google.es  https://www.google.no https://www.google.dk  https://www.google.com.bd https://www.google.ch  https://www.google.com.my https://www.google.co.za  https://www.google.cz https://www.google.com.pk https://www.google.co.ma https://www.google.si https://www.google.com.tr https://www.google.com.tw https://www.google.com.br https://www.google.bg https://www.google.co.kr https://www.google.com.ua https://www.google.co.cr https://www.google.com.pe https://www.google.fi https://www.google.lt https://www.google.ge https://www.google.com.ar https://www.google.com.pr https://www.google.com.sg https://www.google.gr https://www.google.lk https://www.google.co.jp https://www.google.ae https://www.google.com.eg https://www.google.com.sa https://www.google.com.do https://www.google.com.pa https://www.google.ro https://www.google.hu https://www.google.cl https://www.google.hr  https://www.google.lv https://www.google.at https://www.google.com.ec https://www.google.com.vn https://www.google.cn https://www.google.com.hk https://www.google.rs https://www.google.com.cy https://www.google.al https://www.google.com.py https://www.google.co.ke https://www.google.ee https://www.google.com.sv https://www.google.com.np https://www.google.co.ug https://www.google.kz  https://www.google.com.jm   https://www.google.lu  https://www.google.mu https://www.google.com.kw https://www.google.iq https://www.google.com.gh  https://www.google.by  https://www.google.mk  https://www.google.co.mz https://www.google.com.uy https://www.google.sk https://www.google.md https://www.google.hn https://www.google.jo https://www.google.dz https://www.google.com.et https://www.google.am  https://www.google.co.ve https://tribl.io https://scout-cdn.salesloft.com www.google.com/jsapi https://partner.googleadservices.com/gampad/cookie.js https://tags.clickagy.com/data.js https://pi.pardot.com https://info.netsurion.com https://j.6sc.co/6si.min.js;  connect-src 'self' https://px.ads.linkedin.com/wa/ https://csp.withgoogle.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://bat.bing.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://www.google-analytics.com  https://adservice.google.com/ https://analytics.google.com/ https://www.netsurion.com https://scout.salesloft.com/ https://cdn.linkedin.oribi.io/ https://aorta.clickagy.com https://hemsync.clickagy.com https://secure.adnxs.com/getuidj https://c.6sc.co/ https://ipv6.6sc.co/;   frame-src 'self' blob: https://www.netsurion.com/latest-news https://www.netsurion.com/latest-news/news https://www.google.com/recaptcha/ https://cse.google.com/ https://www.googletagmanager.com https://bid.g.doubleclick.net  https://www.youtube.com/ https://player.vimeo.com/ https://www.youtube-nocookie.com/ https://cdn.embedly.com/ https://tribl.io  https://www.netsurion.com/ https://info.netsurion.com/ https://td.doubleclick.net/;  child-src https://www.googletagmanager.com/ns.html; object-src 'none';   base-uri 'self';  manifest-src 'self';   media-src 'self' https://www.netsurion.com; worker-src 'none';form-action 'self' https://www.netsurion.com/assessments/gap-analysis https://www.netsurion.com/campaigns/ppc-gap-analysis https://www.netsurion.com/campaigns/cmit-gap-analysis; 1
frame-ancestors 'self' https://online.eiu.edu; 1
frame-ancestors www.facebook.com 'self' 1
frame-ancestors 'self' *.wallet.airpay.com.co *.shopee.kr *.airpay.com.co *.shopeemobile.com *.shopee.com.co *.shopee.cn *.shopee.io *.facebook.com https://bela-portal.festiware.com https://belapengadaan.lkpp.go.id https://lkpp-portal.festiware.com;  1
default-src blob:; script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' *.cookielaw.org *.cookiepro.com *.datadoghq-browser-agent.com *.energysage.com *.facebook.net *.google.com *.googletagmanager.com *.heapanalytics.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsforms.com *.hsleadflows.net *.hubspot.com *.hubspotfeedback.com *.onetrust.com *.quora.com *.redditstatic.com *.reviews.io *.sentry-cdn.com *.storyblok.com *.usemessages.com *.visualwebsiteoptimizer.com *.vwo.com bat.bing.com cdn.jsdelivr.net heapanalytics.com https://ipapi.co/json/ https://maps.googleapis.com; style-src 'report-sample' 'unsafe-inline' *.energysage.com *.google.com *.googleapis.com *.reviews.io *.visualwebsiteoptimizer.com *.vwo.com data: heapanalytics.com; connect-src *.browser-intake-datadoghq.com *.energysage.com *.facebook.com *.google-analytics.com *.google.com *.hsforms.com *.hubapi.com *.hubspot.com *.onetrust.com *.reviews.io *.sentry.io *.storyblok.com *.visualwebsiteoptimizer.com *.vwo.com cdn.cookielaw.org conversions-config.reddit.com heapanalytics.com https://browser-intake-datadoghq.com https://ipapi.co/json/ https://maps.googleapis.com www.redditstatic.com; font-src *.energysage.com *.gstatic.com *.reviews.io data: heapanalytics.com; frame-src *.energysage.com *.facebook.com *.hubspot.com *.visualwebsiteoptimizer.com *.vwo.com www.youtube.com; frame-ancestors *.energysage.com app.storyblok.com; img-src *.energysage.com *.facebook.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hubspot.com *.quora.com *.storyblok.com *.visualwebsiteoptimizer.com *.vwo.com data: heapanalytics.com https: wingify-assets.s3.amazonaws.com; manifest-src *.energysage.com; object-src 'none'; media-src *.energysage.com blob: data:; worker-src *.energysage.com blob:; upgrade-insecure-requests; report-uri https://o161782.ingest.sentry.io/api/4504714004856832/security/?sentry_key=afc910cad5ea48348b845b69e0805ba0&sentry_environment=prod&sentry_release=1.19.1; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assets.infosec.exchange; img-src 'self' data: blob: https://assets.infosec.exchange https://media.infosec.exchange; style-src 'self' https://assets.infosec.exchange 'nonce-tKmvkgUrUa5d2rsW13H/qA=='; media-src 'self' data: https://assets.infosec.exchange https://media.infosec.exchange; frame-src 'self' https:; manifest-src 'self' https://assets.infosec.exchange; form-action 'self'; child-src 'self' blob: https://assets.infosec.exchange; worker-src 'self' blob: https://assets.infosec.exchange; connect-src 'self' data: blob: https://assets.infosec.exchange https://media.infosec.exchange wss://streaming.infosec.exchange; script-src 'self' https://assets.infosec.exchange 'wasm-unsafe-eval' 1
default-src 'self' blob:; base-uri 'self'; connect-src 'self' blob: *.googleapis.com *.googleadservices.com *.algolia.io *.algolia.net *.algolianet.com *.amazonaws.com *.bing.com *.braintree-api.com *.braintreegateway.com *.envato-staging.com *.envato.com *.envato.market *.envato.test *.facebook.com *.doubleclick.net *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io *.ip-api.com *.maxmind.com *.nr-data.net *.olark.com *.pinterest.com *.placeit.net *.recurly.com *.segment.io *.thenounproject.com *.uservoice.com code.jquery.com httpbin.org smart-templates.us *.instagram.com *.pinpiaa.com wss://*.hotjar.com *.tiktok.com *.amplitude.com *.kaptcha.com wss://*.pusher.com *.paypal.com; font-src 'self' data: *.amazonaws.com *.bootstrapcdn.com *.fontawesome.com *.googleapis.com *.gstatic.com *.olark.com *.placeit.net *.quadpay.com *.zscalerone.net github.com use.typekit.net *.hotjar.com; form-action 'self' javascript: localhost:* *.twitter.com *.pinterest.com *.facebook.com *.envato.com *.placeit.net; frame-src 'self' *.braintreegateway.com *.doubleclick.net *.envato.market *.facebook.com *.freshdesk.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.kaptcha.com *.olark.com *.paypal.com *.recurly.com *.twitter.com *.uservoice.com *.youtube.com cdn.wishpond.net *.pinterest.com gateway.zscalerone.net localhost:* *.googleapis.com *.instagram.com *.google.com *.placeit.net *.accounts.google.com; img-src 'self' blob: data: https: http:; media-src 'self' data: blob: *.olark.com *.placeit.net *.zscalerone.net ssl.gstatic.com *.amazonaws.com *.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: js.recurly.com js.braintreegateway.com *.algolia.net *.algolianet.com *.amazonaws.com *.bing.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.impactradius-event.com *.jsdelivr.net *.linkedin.com *.newrelic.com *.nr-data.net *.olark.com *.paypal.com *.pinimg.com *.placeit.net *.segment.com *.twitter.com *.uservoice.com *.youtube.com cdn.wishpond.net unpkg.com *.upscope.io *.clarity.ms *.tiktok.com *.amplitude.com *.kaptcha.com; style-src 'self' 'unsafe-inline' *.olark.com *.googleapis.com *.amazonaws.com *.bootstrapcdn.com *.cloudflare.com *.placeit.net *.zscalerone.net fast.fonts.net *.typekit.net *.cloudfront.net *.google.com; report-uri https://placeit.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' https://*.blueconic.net; 1
report-uri https://milvus.com.br 1
connect-src wss: https:; upgrade-insecure-requests; object-src blob: 'self'; frame-ancestors 'self' *.dev.wdr.io https://content.tuni.fi; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors https://*.burton.com 1
default-src 'self' data: *.coop.co.uk s3-eu-west-1.amazonaws.com s3.amazonaws.com https://d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com *.report.gbss.io;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.console.glassboxsaas.com *.coop.co.uk *.dwin1.com *.awin1.com *.zenaps.com *.the.sciencebehindecommerce.com https://assets.adobedtm.com cdn.embedly.com *.crazyegg.com *.google-analytics.com *.youtube.com *.ytimg.com *.facebook.net *.twitter.com s3-eu-west-1.amazonaws.com s3.amazonaws.com *.cloudfront.net cdn.polyfill.io *.algolia.net assets.digital.coop.co.uk cdn-assets-prod.s3.amazonaws.com *.smartsurvey.co.uk *.googletagmanager.com *.google.com *.googleadservices.com *.quantserve.com *.ads-twitter.com *.g.doubleclick.net *.fls.doubleclick.net *.adnxs.com *.teads.tv *.demdex.net rules.quantcount.com *.licdn.com *.onetrust.com https://cdn.indicative.com https://api.indicative.com https://d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com *.report.gbss.io *.adalyser.com websdk.appsflyer.com;  style-src * 'unsafe-inline';  img-src 'self' data: https://dpm.demdex.net *.google.co.uk *.google.ie images.contentful.com images.ctfassets.net *.crazyegg.com www.google-analytics.com www.facebook.com *.cloudfront.net *.twitter.com ads-twitter.com *.doubleclick.net assets.digital.coop.co.uk www.google.com cm.everesttech.net ads-engagement.presage.io secure.adnxs.com *.google.com pixel.quantserve.com t.co t.teads.tv *.linkedin.com https://*.thisisdax.com *.onetrust.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.ie https://d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com *.report.gbss.io *.adalyser.com i.ytimg.com impressions.onelink.me;  font-src 'self' coop-fonts.s3.eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com s3.amazonaws.com assets.digital.coop.co.uk;  media-src *;  object-src youtube.com vimeo.com;  frame-src 'self' https://coop-csc.my.salesforce-sites.com https://cooperativegroup.demdex.net https://forms.office.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://vimeo.com *.doubleclick.net *.facebook.com fusiontables.google.com https://google.com https://www.google.com *.googletagmanager.com *.smartsurvey.co.uk ash-coopcreatecase.cs88.force.com preprod-coop-preprod.cs87.force.com *.force.com;  connect-src *.console.glassboxsaas.com https://*.demdex.net/ https://cooperativegroup.tt.omtrdc.net *.algolia.net *.algolianet.com *.g.doubleclick.net *.onetrust.com https://api.indicative.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk *.google.ie https://optimisation.coop.co.uk https://d2oh4tlt9mrke9.cloudfront.net cdn.gbqofs.com *.report.gbss.io *.coop.co.uk ads-twitter.com ads-api.twitter.com https://analytics.twitter.com *.appsflyer.com;  worker-src blob:; 1
default-src 'self' *.orange.be *.google.es  *.abtasty.com *.fontawesome.com *.typekit.net *.digitalchannels.technology cdn.jsdelivr.net *.cookielaw.org *.googletagmanager.com *.optimizegoogle.com *.optimize-google.com *.googleanalytics.com *.google-analytics.com *.newrelic.com *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.amazon-adsystem.com brand-messenger.app.khoros.com *.khoros.com wss://brandmessenger-ws.euw1.khoros.com ssl://brandmessenger-ws.euw1.khoros.com:8883 proactive-chat-server-eu.prod.aws.lcloud.com messaging-auth-eu-west-1.prod.aws.lcloud.com;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://googleads.g.doubleclick.net  https://script.hotjar.com https://connect.facebook.net https://www.googleadservices.com http//www.googleadservices.com https://static.hotjar.com https://trk.adbutter.net https://accounts.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.orange.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com https://assets.pinterest.com  https://widgets.pinterest.com;  object-src 'self' *.mobistar.be  *.orange.be *.netdna-ssl.com;  style-src 'unsafe-inline' 'self' https://optimize.google.com https://fonts.googleapis.com *.mobistar.be *.cloudfront.net *.customersaas.com  *.orange.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com cdn.jsdelivr.net *.typekit.net *.googletagmanager.com;  img-src * blob: https://optimize.google.com *.orange.be https://www.facebook.com https://www.google.com https://www.google.es https://static.hotjar.com *.fls.doubleclick.net https://brand-messenger.app.khoros.com *.adnxs.com https://p1.zemanta.com https://aax-eu.amazon-adsystem.com https://www.google-analytics.com *.googletagmanager.com data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net https://i.pinimg.com  https://log.pinterest.com;  media-src 'self' data: *.mobistar.be  *.orange.be *.netdna-ssl.com https://v.pinimg.com;  frame-src 'self'  https://optimize.google.com * emsecure.net  *.orange.be https://assets.pinterest.com;  font-src 'self' https://fonts.gstatic.com *.mobistar.be *.customersaas.com  *.orange.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com  *.typekit.net *.fontawesome.com;  connect-src 'self' *.googlesyndication.com *.gstatic.com https://uq5v1rcrhz-dsn.algolia.net *.algolianet.com *.cloudfront.net *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com wss://*.khoros.com *.eshop.orange.be *.orange.be *.digitalchannels.technology *.mousestats.com secure.comparecycle.com *.abtasty.com *.contentsquare.net *.smooch.io *.slgnt.eu *.google-analytics.com *.prod.aws.lcloud.com *.typekit.net cdn.jsdelivr.net *.nr-data.net cdnjs.cloudflare.com *.google.com *.google.es *.google.be *.fontawesome.com  *.cookielaw.org *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.newrelic.com wss://*.hotjar.com *.googletagmanager.com *.ipify.org *.zemanta.com *.googleadservices.com *.facebook.net *.facebook.com *.hotjar.io *.amazon-adsystem.com browser-update.org *.googleapis.com *.tiqcdn.com *.teads.tv *.pinterest.com *.taboola.com *.clarity.ms *.gsitrix.com *.adensemble.com *.cookieless-data.com bbd-tag.de admaxium.com *.perfectaudiencertg.com *.netdna-ssl.com *.twitter.com *.bing.com *.pinimg.com *.licdn.com https://static.ads-twitter.com https://js.adsrvr.org https://img.netaffiliation.com https://files.qualifio.com *.khoros.com; frame-ancestors 'self' https://mobile.kbc-group.com https://kbctouch.kbc.be https://cbctouch.cbc.be https://touch.kbcbrussels.be https://mobileyoungsterapp.kbc-group.com ; 1
default-src 'self'; script-src https://www.dropbox.com https://api.trello.com 'self' https://viewer.diagrams.net https://apis.google.com https://*.pusher.com 'sha256-qgjuMiWd1HsOihB9Ppd7j72lY0gT8BpBkiRIJFO3sRQ=' 'sha256-CuxCZzdV/xHExthsNvH0rD+sU8zQAaYT5XLu6LHfH78=' 'sha256-dLMFD7ijAw6AVaqecS7kbPcFFzkxQ+yeZSsKpOdLxps=' 'sha256-PDJOTCOfwIg8Ri7U2PH1pIpx+haCyKsJEbFxlW6hdSI=' 'sha256-6zAB96lsBZREqf0sT44BhH1T69sm7HrN34rpMOcWbNo=' 'sha256-3SkDBaLE+ouvAOfTmG2TGwmQ2EE9AT0F2YcHvZmEMeo=' 'sha256-vrEVJkYyBW9H4tt1lYZtK5fDowIeRwUgYZfFTT36YpE=' 'sha256-6g514VrT/cZFZltSaKxIVNFF46+MFaTSDTPB8WfYK+c=' 'sha256-vS/MxlVD7nbY7AnV+0t1Ap338uF7vrcs7y23KjERhKc=' ; connect-src https://*.dropboxapi.com https://api.trello.com 'self' https://*.draw.io https://*.diagrams.net https://*.googleapis.com wss://app.diagrams.net wss://*.pusher.com https://*.pusher.com https://api.github.com https://raw.githubusercontent.com https://gitlab.com https://graph.microsoft.com https://my.microsoftpersonalcontent.com https://*.sharepoint.com https://*.1drv.com https://api.onedrive.com https://dl.dropboxusercontent.com https://api.openai.com https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com; img-src * data: blob:; media-src * data:; font-src * data: about:; frame-src 'self' https://viewer.diagrams.net https://www.draw.io https://*.google.com; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; base-uri 'none';child-src 'self';object-src 'none'; frame-ancestors 'self' https://teams.microsoft.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com/1/api.js https://newassets.hcaptcha.com/captcha/v1/ *.googleoptimize.com *.hotjar.com *.puzzel.com *.vps.net *.bing.com *.twitter.com *.linkedin.com *.google.com *.addthisedge.com *.prfct.co *.addthis.com *.getclicky.com *.facebook.net *.marinsm.com *.hotjar.com *.gstatic.com *.googletagmanager.com *.jquery.com *.trustpilot.com *.uk2group.com *.google-analytics.com *.pingdom.net *.qualtrics.com *.visualwebsiteoptimizer.com *.typeform.com; img-src data: 'self' *.hotjar.com *.uk2group.com *.puzzel.com *.bing.com *.adnxs.com *.pubmatic.com *.marinsm.com *.yahoo.com *.openx.net *.prfct.co *.vps.net *.facebook.com *.gravatar.com *.visualwebsiteoptimizer.com *.google-analytics.com *.doubleclick.net *.pingdom.net *.google.com; font-src 'self' data: *.hotjar.com *.vps.net *.gstatic.com maxcdn.bootstrapcdn.com *.puzzel.com *.visualwebsiteoptimizer.com; style-src 'self' *.vps.net optimize.google.com *.googleoptimize.com *.bootstrapcdn.com *.googleapis.com *.puzzel.com *.visualwebsiteoptimizer.com *.typeform.com 'unsafe-inline'; connect-src *.google-analytics.com livechat.uk2group.com *.hotjar.com script.hotjar.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com graylog.hotjar.com:12443 *.addthis.com dev.visualwebsiteoptimizer.com *.puzzel.com *.twitter.com *.trustpilot.com *.pingdom.net *.hotjar.com *.vps.net wss://ws4.hotjar.com 'self'; child-src *.vps.net *.uk2group.com *.puzzel.com *.visualwebsiteoptimizer.com; object-src 'self' *.vps.net *.puzzel.com *.visualwebsiteoptimizer.com; frame-src https://newassets.hcaptcha.com/ *.hotjar.com *.google.com *.uk2group.com *.twitter.com *.addthis.com *.puzzel.com *.trustpilot.com *.facebook.com *.hotjar.com *.typeform.com; default-src 'self' *.puzzel.com *.vps.net; media-src data: *.puzzel.com; 1
default-src 'self'; base-uri 'none'; connect-src 'self' https://www.google-analytics.com https://heapanalytics.com; font-src 'self' data: fonts.gstatic.com https://heapanalytics.com; frame-ancestors 'self'; frame-src 'self' widgets.jobscore.com www.google.com www.googletagmanager.com www.youtube.com https://trueanthem.lpages.co https://app.termly.io; form-action 'self'; img-src 'self' data: www.googletagmanager.com secure.gravatar.com https://heapanalytics.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.google.com https://www.googletagmanager.com https://www.gstatic.com https://cdnjs.cloudflare.com https://embed.lpcontent.net *.trueanthem.com https://cdn.heapanalytics.com https://heapanalytics.com https://app.termly.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com https://heapanalytics.com 1
frame-ancestors 'self' https://ipbes.net; 1
script-src www.google.co.uk 'self' 'unsafe-inline' 'unsafe-eval' mw-uk2-uat.thehut.net mw.thghosting.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com *.dwin1.com *.puzzel.com *.addtoany.com *.bing.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.pingdom.net *.trustpilot.com *.jquery.com ajax.googleapis.com platform.twitter.com *.adroll.com *.google.com *.facebook.net *.steelhousemedia.com *.qualtrics.com www.googleadservices.com *.uk2group.com maxcdn.bootstrapcdn.com privacy-policy.truste.com www.google.com www.gstatic.com *.visualwebsiteoptimizer.com www.googletagmanager.com www.google-analytics.com app.yieldify.com *.westhost.com t.trackedlink.net d33wq5gej88ld6.cloudfront.net s.adroll.com tracking.websitealive.com *.hcaptcha.com; img-src data: 'self' *.thgingenuity.com img.zohostatic.eu match.adsrvr.org *.gstatic.com *.uk2group.com *.bing.com *.gravatar.com *.puzzel.com *.pingdom.net *.uk2.net p.adsymptotic.com s.w.org csi.gstatic.com cj.dotomi.com widget.trustpilot.com www.privacytrust.com insight.adsrvr.org *.adroll.com *.adnxs.com *.yahoo.com *.facebook.com *.doubleclick.net *.bidswitch.net *.rlcdn.com *.twitter.com *.openx.net googleads.g.doubleclick.net *.googleadservices.com cdsusa.veinteractive.com shareasale.com www.emjcd.com *.westhost.com *.midphase.com privacy-policy.truste.com secure.etrust.org 55b558c7-resources.bk-partnersasia.com ib.adnxs.com *.visualwebsiteoptimizer.com www.google-analytics.com stats.g.doubleclick.net www.google.co.uk www.google.com https://script.hotjar.com http://script.hotjar.com; style-src 'self' 'unsafe-inline' *.westhost.com *.google.com *.googleapis.com *.puzzel.com dwmvwp56lzq5t.cloudfront.net *.pingdom.net *.bootstrapcdn.com *.visualwebsiteoptimizer.com; frame-src 'self' *.hcaptcha.com *.westhost.com cdn.forms-content.sg-form.com www.google.co.uk www.google.com plus.google.com apis.google.com accounts.google.com platform.twitter.com staticxx.facebook.com www.facebook.com https://vars.hotjar.com widget.trustpilot.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.sentry.io mw-uk2-uat.thehut.net mw.thghosting.com livechat.uk2group.com *.puzzel.com *.pingdom.net http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.twitter.com dev.visualwebsiteoptimizer.com geo.yieldify.com *.westhost.com widget.trustpilot.com bat.bing.com; font-src data: 'self' http://script.hotjar.com https://script.hotjar.com *.westhost.com *.gstatic.com *.googleapis.com *.puzzel.com maxcdn.bootstrapcdn.com *.visualwebsiteoptimizer.com stats.g.doubleclick.net; default-src 'self' *.westhost.com *.puzzel.com; object-src 'self' *.westhost.com *.visualwebsiteoptimizer.com; child-src *.westhost.com *.uk2group.com *.hotjar.com *.twitter.com *.puzzel.com *.addtoany.com googleads.g.doubleclick.net platform.twitter.com apis.google.com www.facebook.com staticxx.facebook.com accounts.google.com afftrk.biz www.googleadservices.com tracking.opienetwork.com youtu.be www.youtube.com *.visualwebsiteoptimizer.com www.google.com; media-src data: 'self' *.puzzel.com *.westhost.com; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.myfxbook.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hse.ie *.jquery.com *.adobedtm.com *.googletagmanager.com *.force.com *.cloudfront.net  *.salesforceliveagent.com *.cookielaw.org *.google-analytics.com *.hotjar.com *.healthatlasireland.ie *.cloudflare.com *.gstatic.com *.osi.ie *.juicer.io naashospital.ie *.twitter.com *.fbcdn.net *.fontawesome.com *.contactcentrechat.com *.usabilla.com *.google.com *.salesforce.com *.squiz.cloud *.containers.piwik.pro;img-src 'self' *.hse.ie *.ytimg.com *.google-analytics.com *.2o7.net *.osi.ie *.googletagmanager.com data: *.gstatic.com *.googleapis.com *.ggpht *.cloudfront.net *.cookielaw.org *.usabilla.com *.gravatar.com 1
default-src 'self'; connect-src 'self' *.ingest.sentry.io https://docs.rs https://play.rust-lang.org https://static.crates.io; script-src 'self' 'unsafe-eval' 'sha256-n1+BB7Ckjcal1Pr7QNBh/dKRTtBQsIytFodRiIosXdE=' 'sha256-dbf9FMl76C7BnK1CC3eWb3pvsQAUaTYSHAlBy9tNTG0='; style-src 'self' 'unsafe-inline' https://code.cdn.mozilla.net; font-src https://code.cdn.mozilla.net; img-src *; object-src 'none' 1
default-src * data: 'unsafe-inline' https: blob: *.qualtrics.com:* 'unsafe-eval' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.couche-tard.com https://cloud.brandmaster.com 1
frame-ancestors 'self' deals.manning.com freecontent.manning.com liveproject.manning.com liveproject-qa.manning.com; 1
frame-ancestors 'self' ssense.com *.ssense.com 1
default-src 'self' *.dpm.demdex.net/id https://www.search.gov.sg https://search.gov.sg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com *.monsido.com https://snap.licdn.com/ https://schemas.microsoft.com/ https://assets.adobedtm.com/ https://www.youtube.com/s/player/ *.google-analytics.com https://www.youtube.com/iframe_api https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://www.onemap.gov.sg https://www.onemap.gov.sg/* https://assets.wogaa.sg https://www.googletagmanager.com/gtag/ https://cdn.jsdelivr.net/npm/@glidejs/glide https://code.jquery.com https://player.vimeo.com https://cdnjs.cloudflare.com https://www.googletagmanager.com/ https://r.turn.com/server/beacon_call.js https://googleads.g.doubleclick.net/ blob: https://api.search.gov.sg https://www.search.gov.sg https://www.google.com https://www.gstatic.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://assets.wogaa.sg/fonts/LibreFranklin/stylesheet.css https://assets.wogaa.sg/fonts/stylesheet/3.0.0-656/production/sentiments.css https://assets.wogaa.sg/fonts/stylesheet/3.0.0-647/production/sentiments.css https://assets.wogaa.sg/fonts/stylesheet/3.0.0-651/production/sentiments.css https://assets.wogaa.sg/fonts/stylesheet/3.0.0-657/production/sentiments.css https://assets.wogaa.sg/ https://www.search.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://tracking.monsido.com/ https://www.a-star.edu.sg/ https://www-a-star-edu-sg-admin.cwp-stg.sg/ https://www-a-star-edu-sg-admin.cwp.sg/ https://www-a-star-upgrade-edu-sg-admin.cwp.sg/ https://www-a-star-upgrade-edu-sg.cwp.sg/ https://via.placeholder.com/ https://www.gis.a-star.edu.sg/ https://jglaborg.files.wordpress.com/ https://chewlab.github.io/ https://i.ytimg.com/ https://dpm.demdex.net/ https://www.a-star.edu.sg.lb.cwp.sg/ https://www.a-star.edu.sg.lb.cwp.sg/images/ https://assets.search.gov.sg *.eloqua.com https://px.ads.linkedin.com https://wogadobeanalytics.sc.omtrdc.net https://www.googletagmanager.com https://cm.everesttech.net/cm/dd https://p.adsymptotic.com/d https://r.turn.com/r/beacon https://www.google.com/ https://www.google.com.sg/ https://www.google.co.id/ https://t984-p547-blue-admin.prd.cwp2.sg/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://fonts.googleapis.com/ https://assets.wogaa.sg/fonts/ https://www.search.gov.sg; frame-src https://drive.google.com/ https://www.youtube.com/ https://www.facebook.com/ https://w.soundcloud.com/ https://form.gov.sg/ https://www.onemap.sg/ https://padlet.com/ https://player.vimeo.com/ https://www.google.com/ https://www.theasys.io/ https://www.xendsys.com/ https://www.youtube-nocookie.com/ https://maps.google.com/ https://a-star.us17.list-manage.com/ https://4d.silvrcraft.com/ https://www.onemap.gov.sg/ https://platform.twitter.com/ https://wogaa.demdex.net/ https://www.a-star.edu.sg/ https://www.linkedin.com/ https://safe.menlosecurity.com/ https://www-a-star-edu-sg.cwp.sg/ https://www-a-star-edu-sg-admin.cwp.sg/ https://youtu.be/ https://www.canva.com/ https://sandboxj.solstice.sg/astar_debug/ https://play.solstice.sg/astar/ https://td.doubleclick.net/ https://www.search.gov.sg https://www.google.com https://search.gov.sg 'self' web-chat.nativechat.com; connect-src accounts.google.com *.mktoresp.com https://www.google-analytics.com/j/collect https://www.google-analytics.com/g/collect https://stats.g.doubleclick.net/j/collect https://dpm.demdex.net/id https://snowplow-web.wogaa.sg/sg.wogaa/cs1 https://heatmaps.monsido.com https://miniq.xyz https://tracking.monsido.com/* https://analytics.google.com/g/collect https://cdn.linkedin.oribi.io/ https://stats.g.doubleclick.net https://snap.licdn.com/ www.googleadservices.com px.ads.linkedin.com https://api.search.gov.sg https://assets.search.gov.sg 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com; frame-ancestors https://safe.menlosecurity.com/ https://www-a-star-edu-sg-admin.cwp.sg/ https://www.a-star.edu.sg/ 'self'; object-src 'none' 1
frame-ancestors https://we.are.expensify.com www.expensify.com https://new.expensify.com 1
default-src * blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com cdn.branch.io *.app.link app.link *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org; img-src * data: *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org www.google.com px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.dvic-banner-svc-wdw.wdprapps.disney.com tagmanager.google.com fonts.googleapis.com *.apptentive.com; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob:; font-src * data: fonts.gstatic.com; connect-src * blob: 'self' *.disney.com *.go.com *.demdex.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net r.disneystore.com r.disney.com r.disney.go.com r.starwars.com r.disneyjunior.com r.babble.com r.disneybaby.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com; child-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com cdn.branch.io *.app.link app.link *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.dvic-banner-svc-wdw.wdprapps.disney.com cdn.branch.io *.app.link app.link *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob: 1
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com webcache.googleusercontent.com 1
default-src 'self' https://cdn.zp.ru https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; img-src 'self' *.zp.ru *.zp.ru *.zarplata.ru *.zarplata.ru *.ngs.ru *.ngs.ru https://*.yandex.net https://api-maps.yandex.ru googleads.g.doubleclick.net *.gstatic.com https://www.google-analytics.com https://mc.yandex.ru https://counter.yadro.ru https://an.yandex.ru https://stats.g.doubleclick.net https://www.google.com https://www.google.ru https://stats.seedr.com https.www.googleadservices.com https://hhcdn.ru https://hhcdn.ru https://*.hhcdn.ru https://*.hhcdn.ru https://hh.ru https://img.hhcdn.ru https://feedback.hh.ru data: https://i.giphy.com https://media.giphy.com  https://ad.adriver.ru https://connect.facebook.net https://analytics.google.com https://www.googletagmanager.com https://www.tns-counter.ru https://top-fwz1.mail.ru https://ad.mail.ru https://vk.com https://www.facebook.com https://statad.ru/pixel.gif  https://gum.criteo.com  https://www.journal.zarplata.ru https://*.adfox.ru https://yandex.ru/ https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://my.mail.ru https://*.pyn.ru https://*.hh.ru https://p.adsymptotic.com https://px.ads.linkedin.com https://statsb.nativeroll.tv https://statsa.nativeroll.tv https://*.yandex.ru avatars-fast.yandex.net favicon.yandex.net; media-src *.yandex.net yandex.st yastatic.net https://static.zdassets.com  https://stats.seedr.com ; child-src 'self' *.zarplata.ru https://webvisor.com  https://www.googletagmanager.com; frame-src 'self' https://optimize.google.com https://yandex.ru https://yastatic.net https://www.youtube.com https://reklama.zp.ru https://api-maps.yandex.ru https://st.yandexadexchange.net https://yandexadexchange.net https://creativecdn.com https://vk.com/  https://*.criteo.net https://*.criteo.com  https://*.adfox.ru https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://www.facebook.com https://connect.facebook.net  *.yandex.ru awaps.yandex.net *.yandexadexchange.net yastatic.net  https://cdn01.nativeroll.tv  https://www.google.com/recaptcha/ https://*.fls.doubleclick.net; style-src 'self' https://optimize.google.com https://feedback.hh.ru 'unsafe-inline' 'unsafe-eval' yandex.st yastatic.net  'unsafe-inline'; object-src https://reklama.zp.ru; script-src 'self' https://snap.licdn.com https://apis.google.com https://optimize.google.com https://www.googleoptimize.com https://www.google.com https://www.googleadservices.com https://*.tns-counter.ru 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://mc.yandex.ru https://api-maps.yandex.ru https://reklama.zp.ru https://yastatic.net https://an.yandex.ru https://top-fwz1.mail.ru https://ad.mail.ru https://tagmanager.google.com https://vk.com/js/api/openapi.js https://www.googletagservices.com https://adservice.google.ru https://adservice.google.com https://securepubads.g.doubleclick.net https://statad.ru/tracker.js https://feedback.hh.ru https://*.criteo.net https://*.criteo.com https://cdn.ravenjs.com https://*.adfox.ru https://code.createjs.com https://yandex.ru/ads/system/context.js https://*.zopim.com wss://*.zopim.com https://*.zopim.io https://*.facebook.net https://*.facebook.com https://connect.mail.ru https://my2.imgsmail.ru https://static.zdassets.com https://*.maps.yandex.net an.yandex.ru yandex.st yastatic.net mc.yandex.ru  https://stats.seedr.com https://cdn01.nativeroll.tv/js/nr-pixel.min.js  https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' yastatic.net data: https://*.adfox.ru https://fonts.gstatic.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io ; connect-src 'self' https://sgtm.zarplata.com https://hashproof.zp.ru https://analytics.google.com https://*.zp.ru https://*.zarplata.ru https://sentry.zp.ru https://*.zarplata.ru https://top-fwz1.mail.ru https://passport.ngs.ru https://mc.yandex.ru https://www.google-analytics.com https://job42.ru https://ngsrabota.com.ua https://ngsrabota.by https://vk.com/rtrg  'self' https://zarplata.ghost.io https://*.adfox.ru https://api.rabota.ru https://yandex.ru https://stats.g.doubleclick.net https://*.facebook.com https://*.zopim.com https://*.zopim.io wss://*.zopim.com https://ekr.zdassets.com https://*.pyn.ru https://*.hh.ru https://api.zarplata.ru https://hr.zarplata.ru https://hh.ru https://*.yandex.ru yandex.st yastatic.net  https://stats.seedr.com https://cdn01.nativeroll.tv/js/nr-pixel.min.js ; frame-ancestors 'self' http://webvisor.com https://webvisor.com; upgrade-insecure-requests 1
default-src https: data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' https://*.patreon.com 'unsafe-inline' 1
default-src 'none'; manifest-src 'self'; object-src 'self';script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://stats.ledl.net *.trustedshops.com; style-src https: https://fonts.googleapis.com 'unsafe-inline' 'self' *.trustedshops.com; img-src https: 'self' https://stats.ledl.net http://homepage-kosten.de *.trustedshops.com data:; font-src 'self' https://fonts.gstatic.com *.trustedshops.com *.domaintechnik.at; frame-ancestors 'self' https://stats.ledl.net; frame-src 'self' https://stats.ledl.net www.youtube-nocookie.com; form-action 'self' *.domaintechnik.at *.ssl-net.net *.ssl-secured.eu *.ssl-gesichert.at; connect-src 'self' https://stats.ledl.net *.google-analytics.com *.trustedshops.com; media-src 'self' 1
frame-ancestors 'self' https://app.optimizely.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://secure.gravatar.com/ *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com/ https://script.hotjar.com/ https://player.vimeo.com/ https://www.clarity.ms/ https://static.ads-twitter.com/ https://ws.zoominfo.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://static.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://secure.intelligentdatawisdom.com/ https://www.googleoptimize.com/ https://www.clarity.ms/ https://script.hotjar.com/ https://static.ads-twitter.com/ https://ws.zoominfo.com/ https://www.google-analytics.com/ https://bat.bing.com/ https://static.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://player.vimeo.com/ https://secure.intelligentdatawisdom.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://www.google.com/ https://js.hsadspixel.net/ https://js.hubspot.com/ https://js.usemessages.com/ https://js.hsleadflows.net/ https://js.hs-banner.com/ https://scout-cdn.salesloft.com/ https://api.lightboxcdn.com/ https://js.hs-analytics.net/ https://static.hsappstatic.net/ https://js.hscollectedforms.net/ https://cdn.bizible.com/ https://j.6sc.co/ https://snap.licdn.com/ https://polyfill.io/ https://js.hs-scripts.com/ https://js.hsforms.net/ https://consent.trustarc.com/ https://secure.leadforensics.com/ https://connect.facebook.net/ https://dev.visualwebsiteoptimizer.com/ https://geotargetly-api-2.com/ https://www.lightboxcdn.com/ https://www.googletagmanager.com/ https://extend.vimeocdn.com/ https://cdn.jsdelivr.net/ *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.lightboxcdn.com/ https://fonts.googleapis.com/ https://s3.lightboxcdn.com/ *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://www.google.com/ads/ https://ps.w.org/ https://s.w.org/ https://i.vimeocdn.com/ https://cdn.bizibly.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://track.hubspot.com/ https://secure.gravatar.com/ https://cdn.bizible.com/ https://c.bing.com/ https://c.clarity.ms/c.gif https://s3.lightboxcdn.com/ https://google.at/ https://www.googletagmanager.com/ https://attr.ml-api.io/ https://secure.adnxs.com/ https://www.google.at/ https://b.6sc.co/ https://www.google-analytics.com/ https://analytics.twitter.com/ https://t.co/ https://www.google.ba/ https://www.google.com/ https://b.6sc.co/ https://dev.visualwebsiteoptimizer.com/ https://bat.bing.com/ https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://s.ml-attr.com/ https://consent.trustarc.com/ https://dify.wpengine.com/ https://forms-na1.hsforms.com/ https://forms.hsforms.com/ https://perf-na1.hsforms.com/ https://www.lightboxcdn.com/ data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com www.googletagmanager.com; connect-src 'self' https://u.clarity.ms/collect  https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://bat.bing.com/ https://www.google.at/ https://in.hotjar.com/ https://y.clarity.ms/collect https://api.hubapi.com/ https://js.hs-banner.com/cookie-banner-public/v1/activity/view https://js.hs-banner.com/ https://ws.zoominfo.com/ https://ws.zoominfo.com/pixel/collect https://forms.hubspot.com/ https://idx.liadm.com/ https://scout.salesloft.com/ https://c.6sc.co/ https://secure.adnxs.com/ https://vc.hotjar.io/ https://cdn.linkedin.oribi.io/ https://epsilon-cloudfront.6sense.com/v3/company/details https://epsilon.6sense.com/v3/company/details https://www.google-analytics.com/j/ https://google.com/pagead/form-data/ https://ipv6.6sc.co/ https://epsilon.6sense.com/ https://q.clarity.ms/ https://www.google-analytics.com/ https://vimeo.com/ https://google.at/ https://google.com/ https://region1.analytics.google.com/ https://my.wpengine.com/ https://api.hubspot.com/ https://forms.hscollectedforms.net/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com/ https://yoast.com/ https://*.visualwebsiteoptimizer.com *.vimeo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: https://s3.lightboxcdn.com/ https://fonts.gstatic.com/ data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' https://forms.hsforms.com/ https://www.google.com/ https://player.vimeo.com/ https://consent-pref.trustarc.com/ https://app.hubspot.com/ *.vimeo.com *.vimeocdn.com maps.googleapis.com maps.google.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; worker-src * blob:; 1
object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; upgrade-insecure-requests; 1
default-src 'self' youtube.com *.youtube.com trustpilot.com *.trustpilot.com googleapis.com *.googleapis.com google.com *.google.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.bing.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.paddle.com cdn.jsdelivr.net *.tawk.to *.gstatic.com;child-src 'self' youtube.com *.youtube.com trustpilot.com *.trustpilot.com googleapis.com *.googleapis.com google.com *.google.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.bing.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.paddle.com cdn.jsdelivr.net *.tawk.to *.gstatic.com;connect-src https: *.tawk.to wss://*.tawk.to;script-src https: 'unsafe-inline' 'unsafe-eval' *.tawk.to cdn.jsdelivr.net;img-src https: data: *.tawk.to cdn.jsdelivr.net;style-src * 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net;font-src https: data: *.tawk.to fonts.gstatic.com;media-src https:;object-src https:;form-action *;frame-src *; 1
frame-ancestors *.ludwig.guru 1
default-src *; script-src * 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.youtube.com youtube.com; style-src * 'self' 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; frame-ancestors 'self'; child-src 'self'; font-src * data:; connect-src *; report-uri /report-csp-violation 1
default-src * data:; script-src http: 'unsafe-inline' 'unsafe-eval'; style-src http: 'unsafe-inline' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js accounts.google.com *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.kaltura.com *.wistia.com fast.wistia.com *.wistia.co *.pardot.com *.cloudflare.com *.litix.io *.mktoresp.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.akamaihd.net *.googletagmanager.com *.demandbase.com siteimproveanalytics.com my.hellobar.com snap.licdn.com bat.bing.com *.googleadservices.com *.snapengage.com *.doubleclick.net *.healthstream.com *.crazyegg.com *.driftt.com consent.cookiebot.com consentcdn.cookiebot.com *.zoominfo.com *.clarity.ms www.redditstatic.com www.clickcease.com *.ceros.com sc.lfeeder.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org scout-cdn.salesloft.com https://cdn.jsdelivr.net/npm/lazyload@2.0.0-rc.2/lazyload.js *.mountain.com https://dec.azureedge.net web-chat.nativechat.com; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.falcon-software.com *.crazyegg.com www.googletagmanager.com 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.kaltura.com *.wistia.com *.wistia.co *.litix.io *.mktoresp.com *.akamaihd.net bat.bing.com segments.company-target.com id.rlcdn.com px.ads.linkedin.com match.prod.bidr.io *.global.siteimproveanalytics.io *.google.ca *.google.com *.adsymptotic.com *.crazyegg.com https://embedwistia-a.akamaihd.net *.ads.linkedin.com *.clarity.ms c.bing.com alb.reddit.com hi.hellobar.com my.hellobar.com aorta.clickagy.com tr-rc.lfeeder.com www.googletagmanager.com 'self' https://delicious.com https://dec.azureedge.net *.eloqua.com track.hubspot.com imgsct.cookiebot.com click.s12.exacttarget.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.kaltura.com *.wistia.com *.wistia.co *.falcon-software.com hs.healthstream.com go.pardot.com; frame-src *.kaltura.com *.wistia.com fast.wistia.com *.wistia.co *.akamaihd.net *.pardot.com *.healthstream.com *.litix.io *.mktoresp.com *.doubleclick.net data: teamampt.amptnow.com *.google.com *.crazyegg.com *.facebook.com *.driftt.com/ consentcdn.cookiebot.com https://www.youtube.com *.ceros.com 'self' https://healthstream.formstack.com web-chat.nativechat.com; connect-src accounts.google.com *.mktoresp.com *.kaltura.com *.wistia.com *.wistia.co *.litix.io *.akamaihd.net *.google-analytics.com www.google.com *.doubleclick.net *.crazyegg.com hs.healthstream.com go.pardot.com consentcdn.cookiebot.com *.clarity.ms cdn.linkedin.oribi.io ws.zoominfo.com analytics.google.com pagead2.googlesyndication.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com px.ads.linkedin.com scout.salesloft.com www.redditstatic.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105; media-src 'self' data: blob: *.wistia.com https://embedwistia-a.akamaihd.net *.youtube.com *.wistia.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.kaltura.com *.wistia.com *.wistia.co *.falcon.local *.litix.io *.mktoresp.com *.akamaihd.net blob: 'self' web-chat.nativechat.com; form-action 'self' healthstream--hstm.my.salesforce.com webto.salesforce.com *.facebook.com; frame-ancestors 'self' 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-218c1cb4-8e03-4619-8778-c8dcb3cf1444' https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-218c1cb4-8e03-4619-8778-c8dcb3cf1444' https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src-elem 'self' 'nonce-218c1cb4-8e03-4619-8778-c8dcb3cf1444' https://transcend-cdn.com 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src 'self' 'nonce-218c1cb4-8e03-4619-8778-c8dcb3cf1444' https://transcend-cdn.com 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://transcend-cdn.com; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync-transcend-cdn.com https://www.figma.com; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
frame-ancestors 'self';    default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline';    connect-src 'self';    font-src * data:;    img-src * data:;    style-src * 'unsafe-inline'; 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com *.seznamakce.cz www.prozeny.cz admin.prozeny.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.prozeny.cz https://www.prozeny.cz 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sfasu.edu *.tableau.com *.typekit.net cdn.jsdelivr.net *.fontawesome.com *.google-analytics.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.ocelotbot.com *.vimeo.com *.technolutions.net *.adroll.com *.consensu.org *.simpli.fi *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google.com *.b0e8.com *.dstillery.com *.marchex.io *.quantserve.com *.adsrvr.org *.bc0a.com *.media6degrees.com *.quantcount.com *.adentifi.com *.meritpages.com *.cloudflare.com unpkg.com *.jsdelivr.net *.adsymptotic.com *.libanswers.com *.libcal.com *.libapps.com *.springyaws.com sfasu.libanswers.com doublethedonation.com; img-src 'self' data: *.3lift.com *.addthis.com *.adentifi.com *.adnxs.com *.adroll.com *.adsrvr.org *.adsymptotic.com *.advertising.com *.agkn.com *.apxlv.com *.b0e8.com *.bfmio.com *.bidswitch.net *.bluekai.com *.casalemedia.com *.cogocast.net *.company-target.com *.crwdcntrl.net *.demdex.net *.doubleclick.net *.dstillery.com *.exelator.com *.facebook.com *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.intentiq.com *.lijit.com *.marchex.io *.mathtag.com *.ocelotbot.com *.openx.net *.outbrain.com *.placeholder.com *.pro-market.net *.pubmatic.com *.qccerttest.com *.quantserve.com *.reson8.com *.rlcdn.com *.rubiconproject.com *.sfasu.edu *.simpli.fi *.spotxchange.com *.stickyadstv.com *.taboola.com *.tapad.com *.tremorhub.com *.trueleadid.com *.typekit.net *.yahoo.com *.youtube.com meritpages.com pippio.com thrtle.com *.s3.amazonaws.com doublethedonation.com fakeimg.pl; frame-ancestors 'self' *.sfasu.edu *.ocelotbot.com; report-uri /report-csp-violation 1
default-src 'self' *.wartsila.com *.wistia.com https://t.wartsila.tiedosto.com https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com twitter.com https://waertsilae.leadfamly.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com www.facebook.com https://innovatics.fi https://*.innovatics.fi cdn.cookielaw.org *.leadoo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.curator.io *.google-analytics.com https://www.youtube.com/iframe_api https://www.youtube.com/s/ *.twitter.com twitter.com https://static.ads-twitter.com https://dec.azureedge.net/ www.googletagmanager.com https://snap.licdn.com www.googleadservices.com https://code.jquery.com https://ajax.microsoft.com cdn.pardot.com https://track.gaconnector.com https://tag.demandbase.com https://serve.nrich.ai pi.pardot.com https://cdnjs.cloudflare.com https://tag.nrich.ai https://audience.nrich.ai pages.wartsila.digital *.doubleclick.net doubleclick.net https://app.interactiveads.ai *.wistia.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input kendo.cdn.telerik.com https://unpkg.com s7.addthis.com m.addthis.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js https://v1.addthisedge.com docs.google.com tools.euroland.com https://t.wartsila.tiedosto.com fast.wistia.net meltwater.fi https://api-public.addthis.com wartsila-reports.studio.crasman.fi https://ipmeta.io t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.pingdom.net *.imp.stackadapt.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com https://code.createjs.com/1.0.0/createjs.min.js https://hm.baidu.com/hm.js https://*.linkedin.com 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com *.twimg.com *.curator.io *.twitter.com twitter.com https://d35islomi5rx1v.cloudfront.net https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com docs.google.com *.wistia.com wartsila-reports.studio.crasman.fi https://cdnjs.cloudflare.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com m.addthis.com pages.wartsila.digital fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://stackpath.bootstrapcdn.com https://sentiment.inderes.fi tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://code.jquery.com https://res.leadoo.com *.srv.stackadapt.com srv.stackadapt.com cdn.cookielaw.org *.leadoo.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src www.linkedin.com data: blob: * android-webview-video-poster: https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input fast.wistia.net *.wistia.com *.stackadapt.com sitefinity-videos-stage.s3.eu-west-1.amazonaws.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com https://*.linkedin.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: themes.googleusercontent.com/static/fonts/inconsolata/v5/BjAYBlHtW3CJxDcjzrnZCIbN6UDyHWBl620a-IRfuBk.woff https://cdnjs.cloudflare.com https://app.powerbi.com https://curatorio.s3.amazonaws.com https://github.com login.microsoftonline.com https://safety-day-bingo-prod.s3.eu-west-1.amazonaws.com https://waertsilae.leadfamly.com https://go.pardot.com fast.fonts.net *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com *.curator.io https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com https://res.leadoo.com *.stackadapt.com; frame-src 'self' *.wartsila.com https://go.pardot.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com https://innovatics.fi https://*.innovatics.fi https://www.youtube.com https://www.google.com www.facebook.com https://w.soundcloud.com/ https://snapwidget.com/ pages.wartsila.digital meltwater.fi https://s.company-target.com/ https://app.powerbi.com *.leadoo.com *.doubleclick.net doubleclick.net web-chat.nativechat.com forms.hsforms.com; connect-src data: accounts.google.com *.curator.io *.mktoresp.com https://track.gaconnector.com https://serve.nrich.ai https://api.company-target.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com *.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://api-public.addthis.com https://s7.addthis.com https://embedwistia-a.akamaihd.net fast.wistia.net https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com https://ipmeta.io https://t.wartsila.tiedosto.com t.co https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://tag.nrich.ai https://match.prod.bidr.io *.twitter.com https://waertsilae.leadfamly.com https://go.pardot.com m.addthis.com pages.wartsila.digital https://*.hotjar.io *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://crmsrv.azurewebsites.net https://sentiment.inderes.fi https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input www.facebook.com https://www.quandl.com *.pingdom.net wartsila.avaus.fi https://maps.googleapis.com https://sitefunc1.azurewebsites.net https://bot.leadoo.com https://iapi.leadoo.com https://anl.leadoo.com *.stackadapt.com https://innovatics.fi https://*.innovatics.fi risk.ipmeta.io segments.company-target.com cdn.cookielaw.org *.onetrust.com cdn.linkedin.oribi.io *.leadoo.com application/wasm blob: https://tag-logger.demandbase.com/ googlesyndication.com *.googlesyndication.com *.doubleclick.net doubleclick.net https://*.google.com https://*.linkedin.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.wartsila.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://video-frt3-2.cdninstagram.com https://www.youtube.com https://embedwistia-a.akamaihd.net https://*.hotjar.com wss://*.hotjar.com tools.eurolandir.com asia.tools.euroland.com *.wistia.com fast.wistia.net sitefinity-videos-stage.s3.eu-west-1.amazonaws.com; child-src https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: *.twitter.com twitter.com https://wartsila-static-content.s3-eu-west-1.amazonaws.com https://s7.addthis.com www.slideshare.net https://www.google.com pages.wartsila.digital https://snapwidget.com https://innovatics.fi https://*.innovatics.fi tools.euroland.com *.doubleclick.net doubleclick.net https://app.interactiveads.ai meltwater.fi www.linkedin.com *.wistia.com https://d20rdry57v9fzf.cloudfront.net wartsila-flexicycle.s3.amazonaws.com wartsila-reports.studio.crasman.fi https://t.wartsila.tiedosto.com t.co https://api.curator.io https://app.powerbi.com https://curatorio.s3.amazonaws.com login.microsoftonline.com https://waertsilae.leadfamly.com https://go.pardot.com *.wartsila.com https://*.hotjar.com wss://*.hotjar.com https://cdn.flipsnack.com tools.eurolandir.com asia.tools.euroland.com https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input https://www.quandl.com https://bot.leadoo.com cdn.linkedin.oribi.io cdn.cookielaw.org *.leadoo.com 'self' web-chat.nativechat.com 1
default-src maxcdn.bootstrapcdn.com cdn.jsdelivr.net/codemirror.spell-checker/ 'self' *.gbif.org *.gbif-uat.org *.gbif-dev.org *.gbif-staging.org *.gbif.org *.google.com *.google-analytics.com plausible.io fonts.gstatic.com images.ctfassets.net data: api.mapbox.com *.tiles.mapbox.com *.vimeo.com vimeo.com eepurl.com gbif.us18.list-manage.com zenodo.org *.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gbif.org *.gbif-uat.org *.gbif-dev.org *.gbif-staging.org *.google-analytics.com plausible.io api.mapbox.com unpkg.com/react@17/umd/react.production.min.js unpkg.com/react-dom@17/umd/react-dom.production.min.js;style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com/ajax/libs/mapbox-gl/*.css api.mapbox.com maxcdn.bootstrapcdn.com;media-src *;img-src * data:;worker-src blob:; 1
default-src 'self';  style-src 'self' *.arcgis.co  *.typeform.com *.bootstrapcdn.com *.doublethedonation.com doublethedonation.com *.chatbot.com 'unsafe-inline' *.google.com *.googleapis.com; script-src 'self' *.arcgis.co *.createjs.com *.typeform.com *.chatbot.co *.facebook.net *.bing.com youtube.com *.youtube.com *.pardot.com *.cookieinformation.com *.classy.org *.googletagmanager.com *.google-analytics.com *.doublethedonation.com doublethedonation.com *.newrelic.com *.sharethis.com *.googleoptimize.com *.rainforest-alliance.org *.google.com *.gstatic.co *.chatbot.com 'unsafe-inline' *.googleadservices.com *.doubleclick.net 'unsafe-eval';  img-src 'self' *.rainforest-alliance.org rainforest-alliance.org *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.bing.com *.facebook.com *.doublethedonation.com doublethedonation.com *.gravatar.com *.chatbot.com data: *.google.com *.gstatic.com; font-src 'self' *.rainforest-alliance.or *.doublethedonation.com doublethedonation.com data: *.googletagmanager.com *.google.com *.gravatar.com *.bootstrapcdn.com *.gstatic.com data:; connect-src 'self' *.hirehive.com *.cookieinformation.com *.google-analytics.com *.appspot.com *.doubleclick.net *.bing.com *.nr-data.net *.doublethedonation.com doublethedonation.com *.chatbot.com *.sharethis.com;  frame-src 'self' *.linkedin.com *.arcgis.com *.facebook.com *.typeform.com *.juicer.io *.vimeo.com *.cookieinformation.com *.rainforest-alliance.org *.classy.org *.powerbi.com *.google.com youtube.com *.youtube.com *.chatbot.co *.chatbot.com  *.doubleclick.net; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' *; img-src data: * ; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.azureedge.net https://*.dynamics.com; 1
frame-ancestors 'self' https://rdc.reed.edu https://reed.cascadecms.com https://my2.siteimprove.com; 1
frame-ancestors 'self' https://*.punchout2go.com/ https://*.gep.com/ https://*.ariba.com/ https://*.hubwoo.com/ https://*.sciquest.com/ https://*.tradecentric.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' m.addthis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.addtoany.com s7.addthis.com m.addthis.com m.addthisedge.com js.hubspot.com forms.hsforms.com www.google-analytics.com platform.twitter.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.addtoany.com; child-src 'self' s7.addthis.com forms.hsforms.com static.addtoany.com; img-src 'self' forms.hubspot.com stags.bluekai.com data: 2.gravatar.com wpml.org toolset.com www.google-analytics.com; connect-src 'self' api.lever.co m.addthis.com 1
frame-ancestors https://app.contentful.com 'self' 1
frame-ancestors https://*.arkadium-sandbox.com https://*.arkadium.com/ https://arenacloud.cdn.arkadiumhosted.com/ https://arenaxstorage.blob.core.windows.net; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: * 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.youtube-nocookie.com *.itzbund.de *.energiewechsel.de *.deutschland-machts-effizient.de *.app.powerbi.com *.karriere.bafa.de *.atlas.geomer-maps.de *.twitter.com api.signalize.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com; frame-src karriere.bafa.de atlas.geomer-maps.de app.powerbi.com *.energiewechsel.de *.deutschland-machts-effizient.de *.youtube-nocookie.com *.itzbund.de *.youtube.com *.twitter.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.openstreetmap.org *.twimg.com; connect-src 'self' *.itzbund.de; frame-ancestors 'self' *.kfw.de *.bafa.de *.energiewechsel.de; upgrade-insecure-requests; 1
default-src 'none';base-uri 'self';connect-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.google.com;form-action 'self';img-src 'self' 'unsafe-inline' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com www.gravatar.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.google.com;style-src 'self' 'unsafe-inline';frame-src 'self' www.youtube.com youtube.com www.youtu.be youtu.be;style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com;manifest-src 'self' 1
default-src 'none';base-uri 'self';connect-src 'self';form-action 'self';manifest-src 'self' data:;font-src 'self';child-src https://www.youtube-nocookie.com;frame-src https://www.youtube-nocookie.com;frame-ancestors 'self';worker-src 'self';img-src 'self' data: https://i.ytimg.com/vi/;object-src 'none';script-src 'self' 'sha256-v7nzrjvPdsyHF2LFWiAcj7/YRFQq5XyZuhATblCzFko=';style-src 'self' 'sha256-C7vpsE1KLI7RuUgCprJTQZin6dWK+ccynbOx+OqjVow=' 'sha256-tbWZ4NP1341cpcrZVDn7B3o9bt/muXgduILAnC0Zbaw='; 1
frame-ancestors 'self' *.kanopy.com 1
default-src 'self'; frame-src *; media-src *; img-src *.contentsquare.net * 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' t.contentsquare.net app.contentsquare.com *; style-src * 'unsafe-inline'; font-src *; connect-src *.contentsquare.net *; child-src blob:; worker-src blob: 1
base-uri 'self';connect-src 'self' *.nr-data.net https://sponge.creditkarma.co.uk https://www.google-analytics.com https://region1.analytics.google.com https://creditkarmacdn-a.akamaihd.net https://stats.g.doubleclick.net https://api2.branch.io https://accounts.creditkarma.co.uk;default-src *.creditkarma.co.uk https://creditkarmacdn-a.akamaihd.net;font-src https://creditkarmacdn-a.akamaihd.net;img-src 'self' 'unsafe-inline' https://creditkarmacdn-a.akamaihd.net https://intlck.imgix.net https://kpluk.imgix.net https://ck-content.imgix.net https://ckpoc.imgix.net https://ck-uk-offers.imgix.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.uk https://assets.thisisbud.com https://res.cloudinary.com;script-src 'strict-dynamic' *.creditkarma.co.uk *.creditkarma.com https://creditkarmacdn-a.akamaihd.net https://api-ckuk.nd.nudatasecurity.com https://sierra.kilo.ckapis.co.uk https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com 'nonce-dee14bb1ce291400b56d5749ed092f19';style-src 'self' 'unsafe-inline' https://creditkarmacdn-a.akamaihd.net;worker-src 'self';report-uri https://sponge.creditkarma.co.uk/csp-report 1
default-src  * 'unsafe-inline' 'unsafe-eval'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: script: https://static.cloudflareinsights.com https://www.googletagmanager.com https://www.clarity.ms; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hachyderm.io; img-src 'self' https: data: blob: https://hachyderm.io; style-src 'self' https://hachyderm.io 'nonce-XlotPjfisx3AgA92GlI/zw=='; media-src 'self' https: data: https://hachyderm.io; frame-src 'self' https:; manifest-src 'self' https://hachyderm.io; form-action 'self'; child-src 'self' blob: https://hachyderm.io; worker-src 'self' blob: https://hachyderm.io; connect-src 'self' data: blob: https://hachyderm.io https://media.hachyderm.io wss://hachyderm.io; script-src 'self' https://hachyderm.io 'wasm-unsafe-eval' 1
default-src 'self' *.ometria.com *.6sense.com *.typeform.com *.youtube.com youtube.com *.youtube-nocookie.com *.hubspot.com *.geoplugin.net ometria.workable.com forms.hsforms.com *.hotjar.com player.vimeo.com cookie-cdn.cookiepro.com www.google.com www.google.co.uk w3.org; script-src 'self' *.typeform.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com *.facebook.net www.googleadservices.com secure.easy7bear.com s.adroll.com *.hotjar.com d.adroll.com googleads.g.doubleclick.net www.google.com www.google.co.uk cookie-cdn.cookiepro.com www.googletagmanager.com www.gstatic.com js.hsforms.net www.google-analytics.com j.6sc.co snap.licdn.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.analytics.google.com *.google.com *.google.co.uk *.6sense.com *.adroll.com *.ads.linkedin.com *.hubapi.com *.hubspot.com *.oribi.io *.hotjar.io www.google-analytics.com *.6sc.co *.hotjar.com secure.adnxs.com geolocation.onetrust.com c.6sc.co ib.adnxs.com cookie-cdn.cookiepro.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cookiepro.blob.core.windows.net; img-src https: data:; 1
frame-ancestors 'self' googleads.g.doubleclick.net www.youtube.com propellerads.com  *.propellerads.com ; 1
default-src 'self'; img-src * data: blob: 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://unpkg.com https://ajax.googleapis.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdn.jsdelivr.net https://production-assets.paperswithcode.com https://production-assets.paperswithcode.com https://production-assets.paperswithcode.com http://localhost:3000 http://localhost:4000; manifest-src https://production-assets.paperswithcode.com; frame-src https://www.youtube.com/; connect-src 'self' https://unpkg.com https://www.google-analytics.com https://sentry.io https://o241170.ingest.sentry.io https://production-assets.paperswithcode.com https://production-assets.paperswithcode.com http://localhost:3000 http://localhost:4000 ws://localhost:3000 ws://localhost:4000; media-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://production-assets.paperswithcode.com https://production-assets.paperswithcode.com https://production-assets.paperswithcode.com http://localhost:3000 http://localhost:4000; font-src * data: blob: 'unsafe-inline' 1
frame-ancestors arvento.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * 'self' data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.ads-twitter.com get.alertmedia.com bat.bing.com cdn.bizible.com www.clarity.ms s.company-target.com cdn.cookielaw.org tag.demandbase.com connect.facebook.net googleads.g.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com script.hotjar.com static.hotjar.com snap.licdn.com munchkin.marketo.net a.omappapi.com js.qualified.com www.redditstatic.com dev.visualwebsiteoptimizer.com; script-src-elem 'self' 'unsafe-inline' 'report-sample' static.ads-twitter.com get.alertmedia.com bat.bing.com cdn.bizible.com ct.capterra.com www.clarity.ms cdn.cookielaw.org trk.crozdesk.com tag.demandbase.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com maps.googleapis.com translate.googleapis.com www.google.com www.googletagmanager.com boards.greenhouse.io www.gstatic.com script.hotjar.com static.hotjar.com snap.licdn.com app-sj30.marketo.com munchkin.marketo.net a.omappapi.com js.qualified.com www.recaptcha.net www.redditstatic.com embed.sounder.fm platform.twitter.com dev.visualwebsiteoptimizer.com app.vwo.com; script-src-attr 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' get.alertmedia.com fonts.googleapis.com a.omappapi.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' 'report-sample' get.alertmedia.com fonts.googleapis.com app-sj30.marketo.com a.omappapi.com app.vwo.com; img-src 'self' data: *.ads.linkedin.com get.alertmedia.com bat.bing.com c.bing.com cdn.bizible.com cdn.bizibly.com c.clarity.ms t.co segments.company-target.com cdn.cookielaw.org trk.crozdesk.com www.facebook.com www.g2.com tracking.g2crowd.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google.ae www.google.al www.google.am www.google-analytics.com maps.googleapis.com translate.googleapis.com www.google.at www.google.az www.google.be www.google.bf www.google.bs www.google.bt www.google.ca www.google.cd www.google.cg www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls adservice.google.com analytics.google.com translate.google.com www.google.com www.google.co.ma www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.br www.google.com.bz www.google.com.co www.google.com.cy www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.np www.google.com.om www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sl www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.ve www.google.co.za www.google.co.zm www.google.co.zw www.google.cv www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.gy www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.mg www.google.mk www.google.mn www.google.mu www.google.mw www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.sk www.google.so www.googletagmanager.com www.google.tn www.google.tt secure.gravatar.com fonts.gstatic.com maps.gstatic.com www.linkedin.com yastatic.net a.omappapi.com alb.reddit.com id.rlcdn.com analytics.twitter.com syndication.twitter.com i.vimeocdn.com dev.visualwebsiteoptimizer.com ps.w.org i.ytimg.com; font-src 'self' data: fonts.gstatic.com cdn.scite.ai use.typekit.net; connect-src 'self' px.ads.linkedin.com get.alertmedia.com bat.bing.com *.clarity.ms api.company-target.com segments.company-target.com cdn.cookielaw.org www.facebook.com www.g2.com stats.g.doubleclick.net www.google.ae www.google-analytics.com maps.googleapis.com translate.googleapis.com www.google.be www.google.ca www.google.ch www.google.co.bw www.google.co.id www.google.co.in www.google.co.jp www.google.co.ke adservice.google.com *.google.com www.google.com.au www.google.com.bd www.google.com.bn www.google.com.br www.google.com.eg www.google.com.et www.google.com.hk www.google.com.mx www.google.com.my www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.vn www.google.co.nz www.google.co.ug www.google.co.uk www.google.co.za www.google.de www.google.dk www.google.fr www.google.hu www.google.ie www.google.it www.google.kz www.google.lk www.google.lu www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.se www.google.tt wss://ws.hotjar.com *.hotjar.io doublestat.info sentry.io cdn.linkedin.oribi.io *.mktoresp.com *.mktoutil.com *.omappapi.com geolocation.onetrust.com app.qualified.com wss://ws.qualified.com conversions-config.reddit.com www.redditstatic.com analytics.twitter.com dev.visualwebsiteoptimizer.com ws.zoominfo.com; media-src 'self' data: podcasts.captivate.fm app.qualified.com; object-src 'self'; child-src 'none'; frame-src data: *.alertmedia.com player.captivate.fm s.company-target.com td.doubleclick.net www.facebook.com www.google.com boards.greenhouse.io app-sj30.marketo.com alertmedia.navattic.com capture.navattic.com forms.office.com block.opendns.com app.qualified.com www.recaptcha.net platform.twitter.com player.vimeo.com dev.visualwebsiteoptimizer.com app.vwo.com www.youtube.com www.youtube-nocookie.com gateway.zscloud.net; worker-src blob:; frame-ancestors 'self'; form-action 'self' www.facebook.com dev.visualwebsiteoptimizer.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; report-uri https://report-csp.darwinapps.com/csp-report-endpoint 1
default-src 'self' *.greenhouse.io *.sharethis.com *.rhombusads.com *.google-analytics.com *.doubleclick.net *.fullstory.com *.mktoresp.com *.hscollectedforms.net *.hsforms.com veradigm-com-cache.s3.amazonaws.com *.cookiebot.com *.analytics.google.com *.ads.linkedin.com *.acsbapp.com *.google.com acsbapp.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src *.greenhouse.io *.doubleclick.net *.marketo.com *.sitescout.com *.krxd.net *.youtube.com *.sharethis.com *.consensu.org *.cookiebot.com *.hsforms.com issuu.com *.google.com *.drift.com *.driftt.com; img-src 'self' data: *.zoominfo.com *.google-analytics.com *.marketo.com *.linkedin.com *.lfeeder.com *.sitescout.com *.adsymptotic.com *.krxd.net *.youtube.com *.sharethis.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.doubleclick.net *.google.com *.fullstory.com *.hubspot.com *.analytics.google.com *.hsforms.com *.geniusmonkey.com *.cookiebot.com *.capterra.com *.adroll.com *.bidswitch.net *.openx.net *.adnxs.com *.analytics.yahoo.com *.rlcdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.greenhouse.io *.zoominfo.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.marketo.com *.marketo.net *.licdn.com *.pixel.ad *.krxd.net *.lfeeder.com *.sharethis.com *.google.com *.googleadservices.com *.doubleclick.net *.youtube.com *.fullstory.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsforms.com *.hsforms.net *.hscollectedforms.net *.cookiebot.com *.geniusmonkey.com *.adroll.com *.ads.linkedin.com acsbapp.com *.acsbapp.com *.gstatic.com *.drift.com *.driftt.com 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.marketo.com *.google.com; 1
script-src 'unsafe-inline' 'unsafe-eval' *.preloved.co.uk *.thcdn.com *.cookielaw.org *.b-cdn.net *.affiliatefuture.com *.cloudfront.net *.sharethru.com *.media.net *.adventori.com *.amazon-adsystem.com onetag-sys.com *.omnitagjs.com *.zencdn.net *.2mdn.net *.33across.com *.openxcdn.net *.crwdcntrl.net *.sharethrough.com *.zenaps.com *.rokt.com *.googleadservices.com *.doubleverify.com *.doubleclick.net *.gstatic.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.co.uk *.dwin1.com *.realvu.net *.contentsquare.net *.facebook.net *.outbrain.com *.googletagmanager.com *.googletagservices.com *.ampproject.org *.cheqzone.com *.roeyecdn.com *.cpx.to *.jquery.com *.twitter.com *.googleapis.com *.scorecardresearch.com *.hotjar.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.gatekeeperconsent.com *.ezojs.com *.ezodn.com *.ezoic.net *.quantserve.com *.quantcount.com *.pubmatic.com *.4dex.io *.criteo.net *.script.ac *.openx.net btloader.com *.privacymanager.io *.fastclick.net *.hadronid.net *.id5-sync.com *.ad.gt *.adsafeprotected.com;  style-src 'unsafe-inline' 'report-sample' *.preloved.co.uk *.thcdn.com *.googleapis.com;  img-src data: *.preloved.co.uk *.thcdn.com *.thcdn.com *.preloved.co.uk id5-sync.com *.mookie1.com *.360yield.com *.unrulymedia.com *.smaato.net *.sitescout.com *.akamaihd.net *.criteo.net *.humix.com *.openx.net *.1rx.io *.dotomi.com *.2mdn.net onetag-sys.com *.a-mo.net *.bidswitch.net creativecdn.com *.teads.tv *.taboola.com *.admanmedia.com *.amazon-adsystem.com *.bidr.io *.stickyadstv.com *.everesttech.net *.googletagmanager.com *.org.uk *.bing.com *.to *.heycar.co.uk *.thehut.net *.justpark.com *.cloudfront.net *.trustpilot.com *.outbrain.com *.outbrainimg.com *.google-analytics.com *.rubiconproject.com *.adnxs.com *.pubmatic.com *.adsensecustomsearchads.com *.facebook.com *.googlesyndication.com *.zenaps.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.blob.core.windows.net *.google.com *.google.co.uk *.roeye.com *.awin1.com *.cheqzone.com *.g.doubleclick.net *.doubleclick.net t.co *.scorecardresearch.com *.googleadservices.com *.ethicalpets.co.uk *.dogstrust.org.uk *.quantserve.com *.quantcount.com *.ezodn.com *.smartadserver.com *.media.net *.criteo.com *.adsrvr.org bttrack.com *.sharethrough.com *.adform.net ad-delivery.net *.ad.gt *.contextweb.com *.casalemedia.com *.sonobi.com *.omnitagjs.com *.seedtag.com *.ivitrack.com *.lporirxe.com;  font-src data: *.preloved.co.uk *.thcdn.com *.gstatic.com *.outbrain.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com;  connect-src *.preloved.co.uk *.thcdn.com *.thehut.net *.media.net *.amazon.dev *.js.smct.co *.smartadserver.com *.wepowerconnections.com *.openx.net *.yieldmo.com *.amazon-adsystem.com *.doubleverify.com *.adnxs.com *.adsrvr.org *.googlesyndication.com *.google-analytics.com *.outbrain.com *.outbrainimg.com cdn.cookielaw.org *.cpx.to *.gstatic.com *.doubleclick.net *.onetrust.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.gatekeeperconsent.com *.ezojs.com *.ezodn.com *.ezoic.net *.quantserve.com *.quantcount.com *.criteo.com *.rubiconproject.com *.a-mo.net *.a-mx.com *.smilewanted.com onetag-sys.com *.omnitagjs.com *.yahoo.com *.ad.gt id5-sync.com *.ltmsphrcl.net *.crwdcntrl.net *.sharethrough.com *.jsdelivr.net *.pubmatic.com *.4dex.io *.criteo.net *.eu-1-id5-sync.com *.33across.com btloader.com *.btloader.com *.privacymanager.io *.dotomi.com *.a2z.com;  media-src data: blob: *.outbrainimg.com; object-src 'none';  frame-src *.preloved.co.uk *.youtube.com *.doubleclick.net *.googleapis.com *.media.net *.smartadserver.com *.ad.gt *.googlesyndication.com syndicatedsearch.goog *.google.com *.googleadservices.com *.outbrain.com *.adsensecustomsearchads.com *.doubleclick.net *.yoti.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.amazon-adsystem.com *.cloudfront.net *.ezodn.com *.rubiconproject.com onetag-sys.com *.a-mo.net *.a-mx.com *.smilewanted.com *.omnitagjs.com *.criteo.com *.adnxs.com *.openx.net *.e-planning.net *.casalemedia.com *.pubmatic.com *.yieldmo.com *.2mdn.net;  form-action 'self' *.preloved.co.uk checkout.preloved.co.uk; upgrade-insecure-requests; base-uri *.preloved.co.uk; report-uri https://www.preloved.co.uk/t/csp-report 1
media-src 'self' www.youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com https://ssl.google-analytics.com www.google.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com maps.gstatic.com maps.googleapis.com pagead2.googlesyndication.com www.googleadservices.com googleads.g.doubleclick.net partner.googleadservices.com adservice.google.com.hk adservice.google.com tpc.googlesyndication.com; connect-src 'self' 'unsafe-inline' www.google-analytics.com maps.googleapis.com fonts.gstatic.com pagead2.googlesyndication.com; 1
connect-src 'self' https://reallyfreegeoip.org/json/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com; default-src 'self'; font-src 'self' https://rsms.me/ https://fonts.gstatic.com/; frame-src 'self' https://static.addtoany.com https://player.vimeo.com/ https://vimeo.com/ https://www.youtube.com/ https://forms.hsforms.com https://www.google.com/; img-src 'self' https://no-cache.hubspot.com/ https://perf.hsforms.com/ https://6739632.fs1.hubspotusercontent-na1.net/ https://forms.hsforms.com https://forms-na1.hsforms.com/; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://static.addtoany.com https://unpkg.com https://cookiehub.net https://js.hscta.net/ https://cta-service-cms2.hubspot.com/ https://js.hsforms.net/ https://www.google.com https://www.gstatic.com/ https://cdn.cookiehub.eu/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://rsms.me https://cookiehub.net/; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: * 1
frame-ancestors *.frankfurt-airport.com *.fraport.de https://fraportag.sharepoint.com https://external.airport.ai; 1
frame-ancestors 'self' omni.emich.edu; 1
frame-ancestors *.pinkoi.com 1
default-src 'none'; object-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' *.trustedshops.com; style-src https: 'unsafe-inline' 'self' *.trustedshops.com; img-src https: 'self' *.trustedshops.com data:; font-src 'self' data: *.trustedshops.com https://manage.chilly.domains https://swiss.chilly.domains; frame-ancestors 'self'; frame-src 'self' www.youtube-nocookie.com https://stats.ledl.net/; form-action *; connect-src 'self' *.trustedshops.com stats.ledl.net; worker-src 'self' blob: 1
frame-ancestors 'self' *.atlasroofing.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.lumu.io *.app-us1.com s3-us-west-2.amazonaws.com *.bugsnag.com *.doubleclick.net *.cloudflare.com *.ajax.cloudflare.com *.facebook.net *.googleapis.com *.getsitecontrol.com *.google.com *.google-analytics.com *.googletagmanager.com *.greensock.com *.fonts.gstatic.com *.gstatic.com *.ggpht.com *.jquery.com *.linkedin.com *.lfeeder.com *.licdn.com *.maillist-manage.com maillist-manage.com *.pagesense.io *.trackcmp.net trackcmp.net *.youtube.com ytimg.com *.ytimg.com *.zoominfo.com *.zoho.com *.zohocdn.com *.zohopublic.com *.6sc.co *.6sense.com data: blob:; img-src * data: blob:; font-src * data: blob:; style-src * 'unsafe-inline' data: blob:; connect-src *; child-src 'self' *.lumu.io *.app-us1.com s3-us-west-2.amazonaws.com *.bugsnag.com *.doubleclick.net *.cloudflare.com *.ajax.cloudflare.com *.facebook.net *.googleapis.com *.getsitecontrol.com *.google.com *.google-analytics.com *.googletagmanager.com *.greensock.com *.fonts.gstatic.com *.gstatic.com *.ggpht.com *.jquery.com *.linkedin.com *.lfeeder.com *.licdn.com *.maillist-manage.com maillist-manage.com *.pagesense.io *.trackcmp.net trackcmp.net *.youtube.com ytimg.com *.ytimg.com *.zoominfo.com *.zoho.com *.zohocdn.com *.zohopublic.com *.6sc.co *.6sense.com data: blob:; 1
default-src 'self' *; script-src 'unsafe-inline' 'unsafe-eval' * t.contentsquare.net app.contentsquare.com; child-src blob:; worker-src blob:; frame-src *; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * *.contentsquare.net data: blob:; connect-src * *.contentsquare.net; font-src *; object-src *; media-src * 1
frame-ancestors 'self' https://*.ecplaza.net; 1
frame-ancestors 'self' https://epr.onepath.com.au https://eprotectpriv.service.anz https://eprotect.service.anz https://eprotectauth.service.anz https://eprotect https://epr.anz.com; 1
frame-ancestors 'self' *.trumpet.app; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://*.googlesyndication.com https://mc.yandex.ru blob: https://www.provenance.org https://ln-rules.rewardstyle.com blob: https://*.awin1.com https://*.zenaps.com https://*.criteo.com https://app.qubit.com https://www.pinterest.com https://www.pinterest.co.uk; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.contentsquare.net https://mc.yandex.ru https://ymetrica1.com https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://analytics.tiktok.com https://*.criteo.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.cultbeauty.co.uk https://api.provenance.org https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://*.rlcdn.com https://storyboard.storystream.ai https://content.storystream.ai https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://ct.pinterest.com https://static.criteo.net https://sgtm.cultbeauty.co.uk; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://yastatic.net https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://checkout.cultbeauty.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://*.cultbeauty.co.uk https://*.vimeocdn.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://static.ads-twitter.com https://analytics.twitter.com https://*.google.co.uk https://google.co.uk https://analytics.tiktok.com https://*.ibytedtos.com https://*.liveperson.com https://tpc.googlesyndication.com https://mc.yandex.com https://mc.yandex.ru https://yastatic.net https://unpkg.com/@provenance/ https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://*.contentsquare.net https://app.contentsquare.com https://cdn.pubnub.com https://static.goqubit.com https://*.qubit.com https://ucarecdn.com https://s.pinimg.com https://sgtm.cultbeauty.co.uk; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://drj5wi2x4lz96.cloudfront.net/css/embed.css https://d7c4jjeuqag9w.cloudfront.net https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' *.arcpublishing.com *.gray.tv *.alaskasnewssource.com *.kcbd.com *.kwtx.com *.kgns.tv; 1
connect-src 'self' mixpanel-api-proxy-soaps.ondigitalocean.app https://uploads.intercomcdn.com *.stripe.com connect.facebook.net fbcapi.novoresume.io novoresume.com *.pinterest.com api.usabilla.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io *.google.com vc.hotjar.io *.hotjar.com ws://*.hotjar.com *.doubleclick.net *.clarity.ms cdn.linkedin.oribi.io https://widget.trustpilot.com https://vimeo.com *.novoresume.com; default-src 'self' 'unsafe-inline' *.novoresume.com; font-src 'self' data: fonts.gstatic.com *.novoresume.com *.googleapis.com d6tizftlrpuof.cloudfront.net js.intercomcdn.com *.novoresume.com; frame-src 'self' *.stripe.com *.googleapis.com *.pinterest.com d6tizftlrpuof.cloudfront.net *.google.com *.hotjar.com *.novoresume.com https://intercom-sheets.com https://optimize.google.com https://widget.trustpilot.com https://player.vimeo.com *.novoresume.com; img-src 'self' data: *.novoresume.com https://downloads.intercomcdn.com https://www.googletagmanager.com https://cx.atdmt.com *.clarity.ms *.bing.com csi.gstatic.com www.gstatic.com *.doubleclick.net log.pinterest.com *.google.com connect.facebook.net fbcapi.novoresume.io *.pinterest.com *.googleadservices.com www.facebook.com d6tizftlrpuof.cloudfront.net w.usabilla.com gifs.intercomcdn.com t.co static.intercomassets.com js.intercomcdn.com https://optimize.google.com https://bat.bing.com *.linkedin.com https://*.vimeocdn.com *.novoresume.com www.google.us; media-src 'self' js.intercomcdn.com *.novoresume.com *.novoresume.com; object-src 'self' 'unsafe-eval' *.novoresume.com *.novoresume.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.novoresume.com mixpanel-api-proxy-soaps.ondigitalocean.app d6tizftlrpuof.cloudfront.net *.clarity.ms *.google.com *.googleadservices.com connect.facebook.net fbcapi.novoresume.io *.pinimg.com snap.licdn.com assets.pinterest.com www.googletagmanager.com *.doubleclick.net www.facebook.com api.usabilla.com w.usabilla.com widget.intercom.io js.intercomcdn.com *.hotjar.com https://optimize.google.com https://bat.bing.com https://widget.trustpilot.com https://player.vimeo.com *.novoresume.com www.google.us; style-src 'self' 'unsafe-inline' *.novoresume.com tagmanager.google.com d6tizftlrpuof.cloudfront.net *.googleapis.com https://optimize.google.com *.novoresume.com 1
frame-ancestors 'self' http://frontify.lookbookhq.com https://frontify.lookbookhq.com http://frontify.pathfactory.com https://frontify.pathfactory.com http://resources.frontify.com https://resources.frontify.com 1
default-src data: https: 'unsafe-inline' 'unsafe-eval'; font-src https: data: https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; script-src data: https: 'unsafe-inline' 'unsafe-eval' http://tableau-internal https://viz.aihw.gov.au; img-src blob: data: https: 'unsafe-inline' 'unsafe-eval' 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https: https://paynow.pmnts-sandbox.io https://paynow.pmnts.io; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://tpc.googlesyndication.com https://cdn.heapanalytics.com https://heapanalytics.com https://www.googleadservices.com https://bat.bing.com https://s.adroll.com https://pixel.cdnwidget.com https://static.criteo.net https://sslwidget.criteo.com https://connect.facebook.net https://edge.fullstory.com https://fullstory.com https://d.adroll.com https://*.doubleclick.net https://mmtro.com https://cdn.mmtro.com https://api.neuro-id.com https://logs.neuro-id.com https://scripts.neuro-id.com https://*.optimizely.com https://tags.tiqcdn.com https://deploytealium.com https://*.impactradius-event.com https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com/ https://px.ads.linkedin.com/ https://load.sumo.com https://load.sumome.com https://widget.trustpilot.com https://*.vimeocdn.com https://*.fastcdn.co https://heatmap.services https://hackerone.com https://heatmap-events-collector.instapage.com https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.upgrade.com https://*.go-mpulse.net; frame-src https://dis.us.criteo.com https://*.doubleclick.net https://upgrade.pxf.io https://connect.facebook.net https://tpc.googlesyndication.com https://*.vimeo.com https://*.youtube.com https://widget.trustpilot.com https://hackerone.com https://www.google.com/recaptcha/; 1
default-src 'self' https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.stg.drchrono.dev/api/3/security/?sentry_key=214b3d414c5b49fda88012161318b1d1&sentry_environment=headers 1
frame-ancestors http://localhost:* https://localhost:* http://*.evo.com https://*.evo.com 1
connect-src 'self' https: blob: data:; frame-ancestors 'self' https://accounts.kaleido.ai https://www.remove.bg https://www.unscreen.com https://www.designify.com https://app.storyblok.com 1
default-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com; 1
style-src 'self' 'unsafe-inline' api-maps.yandex.ru fonts.googleapis.com www.youtube.com broker-vb-temp.halykbank.kz; 1
frame-ancestors 'self' https://*.viewbug.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://dl6mo8o6o7qh.cloudfront.net https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://d3e54v103j8qbb.cloudfront.net https://www.googletagmanager.com https://maps.googleapis.com; connect-src 'self' https://assets.website-files.com https://www.google-analytics.com https://maps.googleapis.com https://assets-global.website-files.com https://webflow.com; img-src https: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; form-action 'self'; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://assets.website-files.com; media-src 'self' https://assets-global.website-files.com; frame-src 'self' https://player.vimeo.com https://cdn.embedly.com https://www.youtube.com; frame-ancestors 'none' 1
frame-ancestors 'self' vk.com *.vk.com; report-uri https://vk.com/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cardano.org https://new-cardano-org-staging.netlify.app https://www.googletagmanager.com https://js.hsforms.net https://forms.hsforms.com https://www.google.com https://www.gstatic.com; img-src 'self' https://cardano.org https://new-cardano-org-staging.netlify.app https://forms.hsforms.com https://forms-eu1.hsforms.com data: https://*.ytimg.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com https://www.google.com https://forms-eu1.hsforms.com; media-src 'self' https://www.youtube.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://forms-eu1.hsforms.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' https://ge.ch *.etat-ge.ch https://datawrapper.dwcdn.net/; object-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' data: https://ge.ch https://*.infomaniak.com https://*.infomaniak.ch https://www.google-analytics.com *.etat-ge.ch https://www.etat.ge.ch; media-src 'self' https://*.infomaniak.com https://*.infomaniak.ch blob:; frame-src 'self' https://vod.infomaniak.com https://player.infomaniak.com https://*.ge.ch https://ge.ch https://www.ropag-data.ch https://sketchfab.com https://datawrapper.dwcdn.net/; frame-ancestors https://*.ge.ch; child-src 'self' https://vod.infomaniak.com https://*.ge.ch https://ge.ch blob:; font-src 'self' data:; connect-src 'self' *.etat-ge.ch ge.ch *.ge.ch *.geneveid.ch https://*.infomaniak.com; report-uri /report-csp-violation 1
default-src https: data: wss: 'unsafe-eval' 'unsafe-inline' 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline'  https://track.vcommission.com https://affle95.vnative.co https://offers-cashkaro.affise.com https://offers-cashkaro.affise.com https://gs.kit.global https://appleid.cdn-apple.com https://apis.google.com https://accounts.google.com   https://cdn.chatbot.com https://www.paypal.com https://webtrafficsource.com https://cdn.dsspn.com https://www.sandbox.paypal.com/ https://members.cj.com https://www.s2d6.com https://ad.admitad.com https://www.google-analytics.com  https://d2r1yp2w7bby2u.cloudfront.net https://www.googletagmanager.com https://wzrkt.com http://static.clevertap.com https://connect.facebook.net https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://www.googleadservices.com https://0ytxj1b917.execute-api.ap-southeast-1.amazonaws.com https://tpc.googlesyndication.com https://www.google.co.in https://52jrvtj1nd.execute-api.ap-southeast-1.amazonaws.com; script-src 'self' 'unsafe-inline' https://www.paypal.com  https://track.vcommission.com https://affle95.vnative.co https://offers-cashkaro.affise.com https://gs.kit.global https://cdn.chatbot.com  https://cdn.dsspn.com https://members.cj.com https://dci.o18.click https://www.s2d6.com  https://www.google-analytics.com https://wzrkt.com https://d2r1yp2w7bby2u.cloudfront.net https://www.googletagmanager.com http://static.clevertap.com https://connect.facebook.net https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://0ytxj1b917.execute-api.ap-southeast-1.amazonaws.com https://prdredir.com https://52jrvtj1nd.execute-api.ap-southeast-1.amazonaws.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://track.vcommission.com https://accounts.google.com https://members.cj.com https://fonts.googleapis.com https://52jrvtj1nd.execute-api.ap-southeast-1.amazonaws.com;  img-src *; media-src 'self'  blob: https://magarticles.magzter.com  https://testpollys3.s3.ap-southeast-1.amazonaws.com https://storage.googleapis.com https://www.paisawapas.com https://netcore.g2afse.com https://dci.o18.click https://tracktrack.org https://1.tracktrack.org https://assets.magzter.com https://52jrvtj1nd.execute-api.ap-southeast-1.amazonaws.com; frame-src 'self' https://track.vcommission.com https://accounts.google.com https://www.paypal.com https://cdn.chatbot.com  mailto: https://www.sandbox.paypal.com https://tracking.icubeswire.co  https://secure.traqkarr.com  https://cdn.dsspn.com https://ts.tradetracker.net https://members.cj.com https://cj.dotomi.com https://www.emjcd.com https://tracking.icubeswire.co https://tracking.salesleaf.com https://ad.admitad.com https://traqkar.com https://staticxx.facebook.com https://www.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://maps.google.com https://tpc.googlesyndication.com https://52jrvtj1nd.execute-api.ap-southeast-1.amazonaws.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self'  https://affle95.vnative.co https://offers-cashkaro.affise.com https://gs.kit.global https://apis.google.com https://appleid.apple.com https://accounts.google.com https://82c56wk862.execute-api.ap-southeast-1.amazonaws.com https://slsdev.magzter.com https://cdn.chatbot.com https://www.paypal.com https://sgapig.magzter.com https://webtrafficsource.com https://www.sandbox.paypal.com https://ms.magzter.com https://login.microsoftonline.com https://members.cj.com https://facebook.com https://www.facebook.com https://ad.admitad.com https://nx739gu4ee.execute-api.ap-southeast-1.amazonaws.com https://m01og1v9h2.execute-api.ap-southeast-1.amazonaws.com https://sls.magzter.com https://www.google-analytics.com https://services.magzter.com https://magarticles.magzter.com https://newsfeeds.magzter.com https://live.magzter.com https://helpservices.magzter.com https://graph.facebook.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://0ytxj1b917.execute-api.ap-southeast-1.amazonaws.com https://www.google.com https://adservice.google.com https://52jrvtj1nd.execute-api.ap-southeast-1.amazonaws.com; report-uri https://sls.magzter.com/trackevents/prod/log/csplog 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fosstodon.org; img-src 'self' https: data: blob: https://fosstodon.org; style-src 'self' https://fosstodon.org 'nonce-qlQk0vKwS6V50gHFqd/x5g=='; media-src 'self' https: data: https://fosstodon.org; frame-src 'self' https:; manifest-src 'self' https://fosstodon.org; form-action 'self'; child-src 'self' blob: https://fosstodon.org; worker-src 'self' blob: https://fosstodon.org; connect-src 'self' data: blob: https://fosstodon.org https://cdn.fosstodon.org wss://fosstodon.org; script-src 'self' https://fosstodon.org 'wasm-unsafe-eval' 1
form-action 'self' https://www.facebook.com/tr/ https://forms.hsforms.com; frame-ancestors 'self' https://*.copyleaks.com https://copyleaks.com https://assets.calendly.com https://calendly.com https://optimize.google.com https://app.vwo.com https://formcrafts.com ; object-src 'none'; frame-src 'self' https://*.adroll.com https://library.elementor.com/ https://player.vimeo.com/  https://sibforms.com/  https://www.youtube.com/  https://app.hubspot.com  https://bid.g.doubleclick.net/  https://www.facebook.com/ https://forms.hsforms.com https://*.copyleaks.com https://copyleaks.com https://assets.calendly.com https://calendly.com https://optimize.google.com https://app.vwo.com https://formcrafts.com https://hcaptcha.com https://*.hcaptcha.com https://ws.zoominfo.com/ https://td.doubleclick.net/ 1
frame-ancestors 'self' https://metallic.io/ 1
frame-ancestors 'self' https://cms.mixbook.com https://help.mixbook.com https://mixbook.kustomerapp.com; 1
frame-ancestors 'self' https://dccp-qa.metronet.cloud https://dccp-preprod.metronet.cloud https://pega-dccp.metronet.cloud; 1
frame-ancestors 'self' https://*.forumcommunity.net/ 1
frame-ancestors 'self' myonline.bradley.edu bradley.meritpages.com 1
frame-ancestors 'self' https://digi.hu https://salesweb.digi.hu; object-src 'self'; 1
default-src 'self';object-src 'self';frame-src 'self' https://app.sli.do/ https://www.youtube-nocookie.com/ https://playout.3qsdn.com/ https://vimeo.com/ https://player.vimeo.com/ https://streaming.multicaster.eu/ https://video-api.comm.consilium.europa.eu/ https://media.video.taxi/ https://start.video-stream-hosting.de/ https://webtv.bundestag.de/ https://handycheck.mobilsicher.de/;script-src 'self' 'unsafe-inline' https://player.vimeo.com https://127.0.0.1:8080/ https://127.0.0.1:8081/;worker-src blob:;style-src 'self' 'unsafe-inline' https://127.0.0.1:8080/ https://127.0.0.1:8081/;img-src 'self' data: https://i.vimeocdn.com/ https://i.ytimg.com/;font-src 'self' data:;manifest-src 'self' 1
default-src https:; connect-src https://bi.zone https://*.bi.zone https://ip2c.org https://*.yandex.ru https://*.yandex.md https://bitrix.info wss://*.bi.zone; font-src 'self' data: https://fonts.gstatic.com:*; img-src 'self' blob: data: https://*.bi.zone https://vk.com https://*.yandex.ru https://*.ggpht.com https://*.ytimg.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-b/hGf2uvqIEKl0OqCf6c1Q=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
font-src 'self' https://*.typekit.net https://*.googleusercontent.com https://*.gstatic.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://*.maze.co; img-src 'self' data: https://*.bing.com https://*.linkedin.com https://*.eloqua.com https://*.google.com https://*.adsymptotic.com https://*.google.com.co https://*.vidyard.com https://*.google-analytics.com https://*.google.vg https://*.gstatic.com https://*.googleusercontent.com https://*.amazonaws.com/ https://*.hotjar.com https://*.twimg.com https://*.twitter.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://*.gartner.com https://cookiesstaging.blob.core.windows.net/ https://*.facebook.com https://*.plex.com https://*.6sc.co https://*.hotjar.io https://*.maze.co *.capterra.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.vidyard.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.com https://*.google.vg https://*.licdn.com https://*.bing.com https://*.hotjar.com https://*.doubleclick.net https://*.newrelic.com https://*.jquery.com https://*.want7feed.com https://*.en25.com https://*.nr-data.net https://*.driftt.com https://*.cloudfront.net https://*.eloqua.com https://*.bidr.io https://*.addthis.com https://*.ampproject.org https://*.moatads.com https://*.addthisedge.com https://*.jquery.js https://*.twitter.com https://*.twimg.com https://*.zoominfo.com https://googleads.g.doubleclick.net https://*.gartner.com https://cookiesstaging.blob.core.windows.net https://cdn.cookielaw.org https://*.onetrust.com https://*.facebook.net https://*.facebook.com https://*.g2crowd.com https://*.6sc.co https://*.googleoptimize.com https://*.hotjar.io https://*.tourial.com https://*.maze.co *.capterra.com *.storylane.io cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com mdbootstrap.com play.vidyard.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net https://*.google.com https://*.googleapis.com https://*.twitter.com https://*.twimg.com https://*.gartner.com https://*.googletagmanager.com https://*.maze.co *.capterra.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://use.typekit.net mdbootstrap.com use.fontawesome.com; frame-ancestors 'self' http://*.lookbookhq.com https://*.lookbookhq.com http://*.pathfactory.com https://*.pathfactory.com http://resources.plex.com https://resources.plex.com 1
frame-ancestors 'self' https://*.toroinvestimentos.com.br https://digilandia.io https://app.hubspot.com; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors collibra.sanity.studio localhost; 1
default-src 'self' *.paizo.com *.kc-usercontent.com; img-src 'self' *.paizo.com https://*.bamboohr.com *.kc-usercontent.com *.ytimg.com https://*.google-analytics.com; connect-src 'self' https://*.paizo.com https://paizo.bamboohr.com https://*.kontent.ai https://*.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net; frame-src *.paizo.com *.youtube.com; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://*.paizo.com https://paizo.bamboohr.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net 1
frame-ancestors https://*.cspire.com:* 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.sensibull.com https://kite.zerodha.com; report-uri https://7eae552da389ebb083bedadbd9428ed2.report-uri.com/r/d/csp/reportOnly 1
report-to 'self' ; child-src 'self' ; connect-src 'self' ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com wss: *.litix.io *.wistia.com *.hubspot.com *.akamaihd.net manifest.prod.boltdns.net edge.api.brightcove.com wss://ws40.hotjar.com content.hotjar.io *.hotjar.com www.trumba.com forms.hsforms.com *.s3.amazonaws.com cdn.linkedin.oribi.io geolocation.onetrust.com cookie-cdn.cookiepro.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.nitrocdn.com *.getnitropack.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com *.vwo.com  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' ; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com  fonts.gstatic.com cdn.jsdelivr.net *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self'  'unsafe-inline'  'unsafe-eval' forms.hsforms.com; frame-src 'self' app.hubspot.com ppd.turtl.co *.twitter.com forms.hsforms.com player.vimeo.com biz.mosio.com www.buzzsprout.com vars.hotjar.com static.addtoany.com players.brightcove.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.nitrocdn.com nitroscripts.com blob: www.google.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.vwo.com  *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' cgtkiosk.immersive.tf; img-src 'self' assets.turtl.co syndication.twitter.com *.wistia.com no-cache.hubspot.com i.vimeocdn.com cf-images.us-east-1.prod.boltdns.net metrics.brightcove.com *.dialogtech.com *.kickfire.com www.trumba.com *.hsforms.com www.linkedin.com p.adsymptotic.com track.hubspot.com *.ads.linkedin.com data: *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.nitrocdn.com  ts.w.org s.w.org ps.w.org nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  'unsafe-inline'  'unsafe-eval' blob: *.wistia.com s.w.org manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net ; object-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' blob: ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com app-static.turtl.co optimize.google.com platform.twitter.com *.wistia.com *.hubspot.com js.hscta.net tag.simpli.fi player.vimeo.com *.zencdn.net players.brightcove.net www.googleoptimize.com cdn.jsdelivr.net www.trumba.com *.kickfire.com www.buzzsprout.com www.gstatic.com www.google.com js.hsforms.net js.hs-analytics.net cookie-cdn.cookiepro.com www.googletagmanager.com static.addtoany.com cdnjs.cloudflare.com js.hs-scripts.net js.hs-scripts.com js.hs-banner.com www.google-analytics.com googleads.g.doubleclick.net *.hotjar.com snap.licdn.com go.affec.tv *.cloudfront.net *.dialogtech.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.nitrocdn.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com *.vwo.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' blob: ws.zoominfo.com ws-assets.zoominfo.com js.zi-scripts.com app-static.turtl.co optimize.google.com platform.twitter.com *.wistia.com *.hubspot.com js.hscta.net tag.simpli.fi player.vimeo.com *.zencdn.net players.brightcove.net www.googleoptimize.com cdn.jsdelivr.net www.trumba.com *.kickfire.com www.buzzsprout.com www.gstatic.com www.google.com js.hsforms.net js.hs-analytics.net cookie-cdn.cookiepro.com www.googletagmanager.com static.addtoany.com cdnjs.cloudflare.com js.hs-scripts.net js.hs-scripts.com js.hs-banner.com www.google-analytics.com googleads.g.doubleclick.net *.hotjar.com snap.licdn.com go.affec.tv *.cloudfront.net *.dialogtech.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.nitrocdn.com nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com *.vwo.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval' *.nitrocdn.com *.nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.visualwebsiteoptimizer.com; style-src 'self'  'unsafe-inline' app-static.turtl.co optimize.google.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.nitrocdn.com  cdn.jsdelivr.net nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.vwo.com *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' app-static.turtl.co optimize.google.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.nitrocdn.com  cdn.jsdelivr.net nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com *.vwo.com *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' *.nitrocdn.com *.nitroscripts.com *.hsadspixel.net *.doubleclick.net *.linkedin.com *.hubapi.com; worker-src 'self'  'unsafe-inline'  'unsafe-eval' blob: *.visualwebsiteoptimizer.com ;  upgrade-insecure-requests; 1
default-src data: https:; script-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; child-src data: https: tel: http://help.xsolla.com http://www.xsolla.com; frame-src data: https: tel: http://help.xsolla.com http://www.xsolla.com; worker-src https://*.viveport.com blob:; upgrade-insecure-requests; 1
frame-ancestors 'self' http://renaissance.lookbookhq.com https://renaissance.lookbookhq.com http://renaissance.pathfactory.com https://renaissance.pathfactory.com http://content.renaissance.com https://content.renaissance.com 1
frame-ancestors 'self' login.transporeon.com login.int.transporeon.nil login.dev.transporeon.nil login.test.transporeon.com www.transporeon.com; 1
frame-ancestors 'self' rtvs.sk *.rtvs.sk *.dev.rtvs.sk rtvs.org *.rtvs.org 1
frame-ancestors 'self';  default-src https: wss: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-U6f2MIzvmLz35gDsFD5CHI+ML/YEwd0XWPqHOnVVQYTOLB4Q' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
default-src 'self' 'unsafe-inline'; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.firstenergycorp.com *.google-analytics.com *.googletagmanager.com *.google.com www.gstatic.com www.facebook.com connect.facebook.net www.youtube.com *.serving-sys.com *.adsrvr.org *.yimg.com *.bttrack.com bttrack.com *.swiftypecdn.com *.analytics.yahoo.com nexus.ensighten.com *.opower.com *.firstfuelsoftware.net *.firstfuel.com *.cloudfront.net *.oracleinfinity.io *.allconnect.com *.cohesionapps.com *.nrel.gov *.kampyle.com *.medallia.com cdn.botframework.com *.azurewebsites.net *.googleapis.com *.inpwrd.net sc-static.net platform.twitter.com *.stackadapt.com *.upgrade.guide cdn5.userzoom.com; img-src 'self' data: blob: *.doubleclick.net www.facebook.com *.adsrvr.org bttrack.com *.swiftype.com centro.pixel.ad tags.w55c.net clickserv.basis.net *.zedo.com *.analytics.yahoo.com *.sitescout.com *.cloudfront.net *.oracleinfinity.io *.tapad.com *.media.net *.day.com *.nrel.gov *.opower.com *.crwdcntrl.net *.rubiconproject.com *.adnxs.com *.kampyle.com *.medallia.com *.azurewebsites.net code.jquery.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com s2.userzoom.com; frame-src 'self' *.firstenergycorp.com *.google.com *.doubleclick.net *.adsrvr.org *.basis.net *.sitescout.com *.firstfuelsoftware.net *.firstfuel.com www.youtube.com *.cohesionapps.com *.kampyle.com *.medallia.com webchat.botframework.com tr.snapchat.com www.facebook.com *.upgrade.guide *.amazonaws.com *.ifactornotifi.com; connect-src 'self' wss: *.dynatrace.com *.doubleclick.net *.yimg.com *.swiftypecdn.com *.serving-sys.com bttrack.com *.opower.com *.oraclecloud.com *.swiftype.com *.cohesionapps.com *.allconnect.com *.redventures.io *.nrel.gov *.maptiler.com *.kampyle.com *.medallia.com *.azurewebsites.net *.botframework.com tr.snapchat.com *.stackadapt.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; style-src 'self' 'unsafe-inline' *.swiftypecdn.com *.googleapis.com *.nrel.gov *.kampyle.com *.medallia.com *.azurewebsites.net code.jquery.com *.stackadapt.com cdn5.userzoom.com; font-src 'self' *.gstatic.com *.kampyle.com *.medallia.com; frame-ancestors 'self' *.firstenergycorp.com; 1
base-uri 'self' https://optimize.google.com; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.doubleclick.net *.googleadservices.com *.linkedin.com *.facebook.com *.facebook.net *.google.com https://www.google.com https://websdk.appsflyer.com www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://pubads.g.doubleclick.net *.criteo.net *.criteo.com ajax.cloudflare.com analytics.tiktok.com bat.bing.com *.clarity.ms *.amazon-adsystem.com https://s.pinimg.com/ct/core.js https://www.clarity.ms/tag/; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.googleadservices.com *.doubleclick.net *.c6bank.com.br *.googletagmanager.com https://websdk.appsflyer.com https://www.clarity.ms/tag/; font-src 'self' data: *.gstatic.com *.c6bank.com.br; object-src 'none'; form-action 'self'; img-src 'self' data: *; report-uri /api/csp 1
child-src 'self' blob: prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net ;connect-src 'self' *.flickr.com *.staticflickr.com *.civiccomputing.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.doubleclick.net *.gstatic.com *.googlesyndication.com *.hotjar.com *.google-analytics.com *.yahoo.com *.disquscdn.com *.disqus.com disqus.com *.emailcc.com emailcc.com blob: *.akamaihd.net *.boltdns.net prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.boltdns.net *.akamaihd.net www.facebook.com analytics.google.com *.clarity.ms *.google-analytics.com *.analytics.google.com api.lawsociety.org.uk cloudflareinsights.com cdn.linkedin.oribi.io maps.googleapis.com *.getaddress.io google.co.uk *.linkedin.com *.varify.io;default-src 'self' *.googlesyndication.com *.disquscdn.com *.disqus.com disqus.com *.lawsociety.org.uk *.google-analytics.com *.doubleclick.net *.gstatic.com *.adservice.google.ie *.adservice.google.com.sg *.adservice.google.ro *.adservice.google.de *.adservice.google.co.in *.adservice.google.fr *.googletagmanager.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.hotjar.com *.civiccomputing.com *.emailcc.com emailcc.com *.spreaker.com *.infogram.com prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net ;font-src 'self' data: *.slidesharecdn.com *.slideshare.net fast.fonts.net *.hotjar.com *.gstatic.com prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net *.fontawesome.com;frame-src 'self' *.livestream.com data: *.youtube.com *.ytimg.com *.twitter.com *.ads-twitter.com *.carto.com *.spreaker.com *.concep.com *.slidesharecdn.com *.slideshare.net *.storify.com *.hotjar.com *.doubleclick.net *.google.com *.google.co.uk *.infogram.com *.disquscdn.com *.disqus.com disqus.com *.googlesyndication.com *.emailcc.com emailcc.com *.akamaihd.net *.boltdns.net *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net  www.facebook.com staticxx.facebook.com www.googletagservices.com *.lawsociety.org.uk calendly.com assets.calendly.com *.worldpay.com;img-src 'self' data: blob: *.youtube.com *.ytimg.com *.googleapis.com *.google.com *.google.co.uk *.twitter.com *.ads-twitter.com *.twimg.com *.yahoo.com *.webscanningservice.com *.flickr.com *.staticflickr.com *.google-analytics.com *.doubleclick.net *.gstatic.com *.hotjar.com *.lawsociety.org.uk *.disquscdn.com *.disqus.com disqus.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.boltdns.net prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net  *.boltdns.net *.googlesyndication.com px.ads.linkedin.com www.facebook.com *.lawgazette.co.uk www.linkedin.com d1d8vslyhr7rdg.cloudfront.net p.adsymptotic.com pixel.quantserve.com  *.google-analytics.com *.analytics.google.com *.oribi.io *.googletagmanager.com *.eventscloud.com *.google.nl *.viglink.com;media-src 'self' blob: *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net *.boltdns.net *.akamaihd.net;object-src *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net;report-uri  https://lawsocietyorguk.report-uri.com/r/d/csp/enforce https://7ir5fiw82m.execute-api.eu-west-1.amazonaws.com/beta;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.youtube.com *.ytimg.com *.twitter.com *.ads-twitter.com *.twimg.com blob: *.flickr.com *.staticflickr.com *.concep.com *.googletagmanager.com *.spreaker.com *.hotjar.com *.google-analytics.com *.adservice.google.ie *.adservice.google.com.sg *.adservice.google.ro *.adservice.google.de *.adservice.google.co.in *.adservice.google.fr *.google.com *.google.co.uk *.gstatic.com *.doubleclick.net *.googlesyndication.com *.brightcove.net *.brightcove.com *.brightcove.hs.llnwd.net  *.infogram.com *.disquscdn.com *.disqus.com disqus.com *.civiccomputing.com *.jquery.com *.emailcc.com emailcc.com prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net *.civiccomputing.com *.jquery.com cdnjs.cloudflare.com c.contentsvr.com *.emailcc.com *.ytimg.com *.bizographics.com connect.facebook.net snap.licdn.com cdn.ampproject.org *.googleadservices.com *.googletagservices.com *.lawsociety.org.uk secure.quantserve.com rules.quantcount.com vjs.zencdn.net *.googleoptimize.com calendly.com assets.calendly.com *.clarity.ms static.cloudflareinsights.com *.oribi.io *.worldpay.com openxcdn.net uidapi.com creativecdn.com *.jsdelivr.net *.varify.io;style-src 'unsafe-inline' *.googleapis.com 'self' fast.fonts.net *.twitter.com *.ads-twitter.com *.disquscdn.com *.disqus.com disqus.com *.googletagmanager.com prdsitecore93.azureedge.net prdsitecore93-cd.azurewebsites.net tagmanager.google.com cdn.ampproject.org *.bootstrapcdn.com optimize.google.com *.fontawesome.com;upgrade-insecure-requests; 1
default-src 'self' *.automationanywhere.com *.urldefense.com *.newrelic.com *.nr-data.net *.akstat.io  *.go-mpulse.net *.mktoutil.com *.searchunify.com *.bootstrapcdn.com *.jsdelivr.net *.facebook.net *.facebook.com  *.cloudflare.com *.googleoptimize.com  *.googletagmanager.com *.optimizely.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.doubleclick.net *.bing.com *.licdn.com *.sharethis.com *.cookielaw.org *.jquery.com *.consensu.org *.twitter.com *.ads-twitter.com *.google.com *.crazyegg.com *.knowledgevine.net *.bkrtx.com *.marketo.net *.digitaloceanspaces.com *.criteo.com  *.driftt.com *.driftqa.com *.mktoresp.com *.kickfire.com *.wistia.com  *.wistia.net momentjs.com *.litix.io *.drift.com *.ml-api.io *.addthis.com *.addthisedge.com *.moatads.com *.marketo.com *.akamaihd.net *.reachforce.com *.youtube.com *.leadspace.com *.ytimg.com *.g2.com *.gartner.com *.jobvite.com *.itcentralstation.com *.onetrust.com *.salesforce.com *.evgnet.com *.chilipiper.com *.cloudfront.net *.onelink-translations.com *.brightmountainmedia.com *.metadata.io *.lazcreative.com urldefense.com *.ml314.com ml314.com *.microsoft.com microsoft.com *.agkn.com *.6sc.co *.adnxs.com *.adroll.com *.admatrix.com *.6sense.com *.hackerone.com *.admatrix.jp *.clarity.ms *.fullcircleinsights.com *.aspnetcdn.com *.zoominfo.com *.acuityscheduling.com *.widen.net *.widencdn.net *.oribi.io *.linkedin.com *.amazonaws.com *.demandscience.com vivenu.com *.contanuity.com *.prod.bidr.io *.crwdcntrl.net *.googlesyndication.com https://unpkg.com *.pageimprove.io pageimprove.io data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; frame-src * data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://apeople.automationanywhere.com/ https://partners.automationanywhere.com/; report-uri /report-csp-violation 1
default-src 'none'; script-src 'strict-dynamic' 'nonce-yrbUe5LlHYxnOywUZIiL7E/nK7bHMJ2f8qXhsT5O4nZh4T79YE' 'self' 'report-sample' 'unsafe-inline' assets.wearehearken.eu cdn.syndication.twimg.com connect.facebook.net c.files.bbci.co.uk emp.bbci.co.uk ems.wearehearken.eu modules.wearehearken.eu mybbc-analytics.files.bbci.co.uk nav.files.bbci.co.uk news.files.bbci.co.uk platform.twitter.com public.flourish.studio static.bbc.co.uk static.bbci.co.uk static.chartbeat.com static2.chartbeat.com www.bbc.co.uk www.instagram.com www.ons.gov.uk gn-web-assets.api.bbc.com www.google-analytics.com bitesize.files.bbci.co.uk www.tiktok.com lf16-tiktok-web.ttwstatic.com static.files.bbci.co.uk; img-src 'self' https: data:; font-src c.files.bbci.co.uk gel.files.bbci.co.uk static.files.bbci.co.uk static.bbci.co.uk news.files.bbci.co.uk ws-downloads.files.bbci.co.uk bitesize.files.bbci.co.uk; style-src branding.files.bbci.co.uk cdn.riddle.com flo.uri.sh news.files.bbci.co.uk platform.twitter.com static.bbc.co.uk static.bbci.co.uk static.files.bbci.co.uk ton.twimg.com www.riddle.com 'unsafe-inline' lf16-tiktok-web.ttwstatic.com; frame-src 'self' bbc001.carto.com bbc003.carto.com bbc-maps.carto.com cdn.riddle.com chartbeat.com emp.bbc.co.uk emp.bbc.com flo.uri.sh graphics.reuters.com www.reuters.com m.facebook.com news.files.bbci.co.uk personaltaxcalculator2.deloittecloud.co.uk platform.twitter.com public.flourish.studio static2.chartbeat.com syndication.twitter.com web.facebook.com www.bbc.co.uk www.facebook.com www.instagram.com www.tiktok.com www.ons.gov.uk www.riddle.com www.youtube.com www.youtube-nocookie.com toybox.tools.bbc.co.uk uk-script.dotmetrics.net ssp-app-uk.votenow.tv ssp-app-uktest.votenow.tv session.test.bbc.co.uk session.bbc.co.uk; object-src 'none'; manifest-src static.files.bbci.co.uk bitesize.files.bbci.co.uk; media-src 'self' blob: https:; connect-src 'self' https:; child-src blob:; base-uri 'none'; form-action 'self' platform.twitter.com syndication.twitter.com uk-script.dotmetrics.net/DeviceInfo.dotmetrics; frame-ancestors 'none'; upgrade-insecure-requests; report-to default; report-uri https://webcore.bbc-reporting-api.app/report-endpoint; 1
default-src 'self' data: blob: https://*.sitecore.com https://*.sitecore.net https://*.hhogdev.com https://*.stylelabs.cloud https://*.googleapis.com https://*.gstatic.com https://*.azureedge.net https://*.bolddns.net;frame-src 'self' 'unsafe-inline' https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.6sense.com/ https://indd.adobe.com https://www.careerarc.com https://wwwsitecorecom.azureedge.net https://site-q-001.sitecorecontenthub.cloud https://www.facebook.com https://www.google.com https://bid.g.doubleclick.net https://login.microsoftonline.com https://capture.navattic.com https://sitecore.navattic.com https://app.qualified.com https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://sitecore.com https://go.sitecore.com https://app.smartsheet.com https://w.soundcloud.com/ https://my.walls.io/ https://webinars.sitecore.com https://*.youtube.com/;frame-ancestors 'self' https://*.sitecore.com https://*.storylane.io;script-src 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js 'unsafe-eval' http://j.6sc.co/6si.min.js 'unsafe-eval' https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com/gtm.js https://maps.googleapis.com/ 'unsafe-inline' https://www.google.com/recaptcha https://www.recaptcha.net/recaptcha/ https://www.gstatic.cn https://*.linkedin.com https://*.licdn.com https://*.pardot.com https://*.qualified.com https://*.salesloft.com https://*.twitter.com https://api.zoom.us;script-src-elem 'self' 'unsafe-inline' https://j.6sc.co/6si.min.js https://secure.adnxs.com/ https://secure.quantserve.com/ https://*.quantcount.com/ https://go.affec.tv/ https://api-us.boxever.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com *.cloudfront.net *.cloudfront.net https://connect.facebook.net https://*.google-analytics.com https://*.google.com https://*.google.bg https://*.googletagmanager.com https://maps.googleapis.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://*.jquery.com https://snap.licdn.com https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://pi.pardot.com/pd.js https://pi.pardot.com/ https://js.qualified.com https://*.rainfocus.com https://scout-cdn.salesloft.com/sl.js https://go.sitecore.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://api-engage-us.sitecorecloud.io https://webinars.sitecore.com/ https://static.ads-twitter.com/uwt.js https://platform.twitter.com/oct.js https://walls.io https://*.youtube.com/;style-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net http://cdn.jsdelivr.net https://fonts.googleapis.com/ https://*.rainfocus.com https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net https://webinars.sitecore.com/;img-src 'self' 'unsafe-inline' https://report.23video.com/ https://b.6sc.co https://secure.adnxs.com https://match.adsrvr.org/ https://map.go.affec.tv https://insitecorecom.azureedge.net http://insitecorecom.azureedge.net https://wwwsitecorecom.azureedge.net http://wwwsitecorecom.azureedge.net https://community.sitecore.net https://community.sitecore.com https://sitecore--c.na116.content.force.com https://sitecore.file.force.com https://www.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.bg https://*.google.ca https://*.google.dk https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.googleapis.com/ https://www.googletagmanager.com/ https://www.google.com.ua/ data: https://px.ads.linkedin.com https://www.linkedin.com/ https://mss-p-006-delivery.sitecorecontenthub.cloud/ https://*.quantcount.com/ https://*.quantserve.com/ https://*.rainfocus.com https://sitecorecdn.azureedge.net/ https://*.sitecorecontenthub.cloud https://sitecorecontenthub.stylelabs.cloud http://sitecorecontenthub.stylelabs.cloud https://mss-p-006-delivery.stylelabs.cloud https://symposium.sitecore.com https://t.co https://delivery.twentythree.com http://delivery.twentythree.com https://webinars.sitecore.com/ https://analytics.twitter.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/ https://wwwsitecorecom.azureedge.net https://insitecorecom.azureedge.net;connect-src https://c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://*.6sense.com/ https://secure.adnxs.com https://api-us.boxever.com http://api-us.boxever.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://googleads.g.doubleclick.net/ https://events-api.staging.rfksrv.com https://www.facebook.com/ https://api-staging.rfksrv.com/ https://discover.sitecorecloud.io/ https://*.google.com https://www.google-analytics.com http://www.google-analytics.com https://region1.analytics.google.com/ https://analytics.google.com https://maps.googleapis.com/ https://adservice.google.com/ https://api.ipify.org http://api.ipify.org https://cdn.linkedin.oribi.io wss://ws.qualified.com https://app.qualified.com https://*.quantcount.com/ https://*.rainfocus.com https://scout.salesloft.com https://sitecore.com 'self' https://sitecorecom-eastus2-prepro-132090-cd.azurewebsites.net https://api-engage-us.sitecorecloud.io;object-src 'none';media-src 'unsafe-inline' 'unsafe-eval' https://insitecorecom.azureedge.net https://sitecorecdn.azureedge.net data: blob: https://app.qualified.com https://wwwsitecorecom.azureedge.net/ 'self'; 1
default-src 'self'; media-src blob: *.streamlock.net; font-src * data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; object-src *; frame-ancestors 'self'; child-src * 'self' blob: http:; 1
frame-ancestors 'self' *.americangreetings.com *.bluemountain.com *.jacquielawson.com *.justwink.com *.agpre.net *.imgag.com carltoncards.ca *.papyrusonline.com *.facebook.com *.facebook.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com cdninstagram.com *.cdninstagram.com *.contentstack.com papyrus-develop.go-vip.net papyrus-preprod.go-vip.net papyrus.go-vip.net 1
default-src 'self' https://*.wpengine.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.logicgate.com/ https://*.techtarget.com/ https://*.reddit.com/ https://*.redditstatic.com/ https://*.capterra.com/ https://*.googleadservices.com/ https://*.stackadapt.com/ https://fast.wistia.com/ https://boards.greenhouse.io/ https://cdn1.b0e8.com/ https://www.google-analytics.com/ https://snap.licdn.com/ https://bat.bing.com/ https://script.crazyegg.com/ https://googleads.g.doubleclick.net/ https://tag.demandbase.com/ https://j.6sc.co/ https://js.driftt.com/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://*.cookiebot.com/ https://*.logicgate.com/ https://pi.pardot.com/ https://marvel-b2-cdn.bc0a.com/ https://my.hellobar.com/ https://run.pstmn.io/ https://qvdt3feo.com/ https://*.calendly.com/ https://*.srv.stackadapt.com; style-src 'self' 'unsafe-inline' https://*.logicgate.com/ https://*.capterra.com/ https://*.stackadapt.com/ https://fonts.googleapis.com; img-src 'self' data: blob: https://*.srv.stackadapt.com https://*.hellobar.com/ https://*.cookiebot.com/ https://*.google.co.uk/ https://*.google.com.sg/ https://*.reddit.com/ https://*.capterra.com/ https://*.doubleclick.net/ https://*.logicgate.com/ https://*.wistia.com/ https://hi.hellobar.com/ https://*.wpengine.com/ https://i.ytimg.com/ https://www.google.com/ https://www.google.com.my/ https://www.googletagmanager.com/ https://bat.bing.com/ https://px4.ads.linkedin.com/ https://id.rlcdn.com/ https://secure.gravatar.com https://b.6sc.co/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://segments.company-target.com/ https://www.google-analytics.com/ https://run.pstmn.io/ https://a1.b0e8.com/ https://s.w.org/ https://ps.w.org/ https://*.google.co.in/ https://*.linkedin.com/ https://*.g2.com/ https://driftt.imgix.net/; frame-src 'self' data: https://*.pardot.com/ https://*.capterra.com/ https://*.doubleclick.net/ https://fast.wistia.net/ https://fast.wistia.com/ https://logicgate.wistia.com/ https://calendly.com/ https://www.youtube.com/ https://stats.g.doubleclick.net/ https://s.company-target.com/ https://js.driftt.com/ https://*.logicgate.com/ https://*.cookiebot.com/ https://boards.greenhouse.io/; font-src 'self' data: https://*.wistia.com/ https://fonts.gstatic.com/; connect-src https://*.6sense.com/ https://*.techtarget.com/ https://*.redditstatic.com https://googleads.g.doubleclick.net/ https://*.linkedin.com/ https://*.capterra.com/ https://*.adnxs.com/ https://*.bing.com/ https://*.stackadapt.com/ https://*.wistia.com/ https://my.wpengine.com/ https://c.6sc.co/ https://*.google.com/ https://*.google-analytics.com/ https://analytics.google.com/ https://s.company-target.com/ https://api.company-target.com/ https://ipv6.6sc.co/ https://script.crazyegg.com/ https://pagead2.googlesyndication.com/ https://*.cookiebot.com/ https://cdn.linkedin.oribi.io/ https://stats.g.doubleclick.net/ https://pro.ip-api.com/ https://*.g2.com/ https://*/wp-json/ https://*/wp-admin/; frame-ancestors 'self'; media-src data: blob: https://js.driftt.com/; 1
base-uri 'self'; object-src 'none'; default-src 'self' *.onetrust.com blob: *.svb.com *.zscloud.net cookielaw.org; frame-ancestors 'self' *.seismic.com *.blueconic.net *.svb.com; frame-src 'self' *.slideshare.net *.podbean.com *.wistia.net *.mktoweb.com *.onetrust.com *.company-target.com *.doubleclick.net *.google.com *.svb.com *.optimizely.com *.wistia.com *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com; connect-src 'self' wss: *.cloudfunctions.net *.redditstatic.com *.reddit.com *.bing.com *.aptrinsic.com *.linkedin.com *.msecnd.net *.bostonprivate.com *.voxsnap.com *.googlesyndication.com *.svb.com *.visualstudio.com *.googletagmanager.com *.kampyle.com *.demandbase.com *.company-target.com *.mktoresp.com *.mktorest.com *.oribi.io *.doubleclick.net *.google.com *.crazyegg.com *.onetrust.com *.cookielaw.org *.optimizely.com *.google-analytics.com *.googleapis.com *.wistia.net *.wistia.com *.blueconic.net; img-src 'self' *.reddit.com *.bidswitch.net *.casalemedia.com *.rubiconproject.com *.yahoo.net *.idio.co *.pubmatic.com *.yahoo.com *.voxsnap.com *.adsrvr.org *.svb.com data: cdn.optimizely.com *.googletagmanager.com *.company-target.com *.twitter.com t.co *.kampyle.com *.bing.com *.episerver.net *.rlcdn.com *.linkedin.com *.cookielaw.org *.google.com *.adnxs.com *.doubleclick.net *.google-analytics.com *.gstatic.com *.googleapis.com *.wistia.net *.wistia.com; font-src 'self' data: *.onetrust.com *.cloudfront.net *.bootstrapcdn.com *.voxsnap.com *.svb.com *.gstatic.com *.wistia.net *.wistia.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pdst.fm *.redditstatic.com *.googlesyndication.com *.googleadservices.com *.onetrust.com *.aptrinsic.com *.azure.com *.bootstrapcdn.com *.jquery.com *.onlineaccess1.com *.mktoweb.com *.voxsnap.com *.voxsnap.com *.bing.com *.demandbase.com *.adnxs.com *.ads-twitter.com *.marketo.net blob: *.doubleclick.net *.licdn.com *.crazyegg.com *.wistia.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.blueconic.net *.cookielaw.org *.msecnd.net *.episerver.net *.optimizely.com *.kampyle.com dixonandmoe.com *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com *.wistia.net *.zencdn.net *.svb.com; style-src 'self' 'unsafe-inline' *.onetrust.com *.aptrinsic.com *.googletagmanager.com *.bootstrapcdn.com *.mktoweb.com *.voxsnap.com *.zencdn.net *.googleapis.com *.svb.com; media-src 'self' blob: *.youtube-nocookie.com *.youtu.be *.youtube.com *.vimeo.com *.svb.com *.voxsnap.com *.wedia-group.com *.wistia.net *.wistia.com; form-action 'self' *.bostonprivate.com *.svb.com; report-uri /cspreport; report-to csp-endpoint; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.sciquest.com https://*.ariba.com; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.eatingwell.com 1
upgrade-insecure-requests;connect-src * data: blob: 'unsafe-inline'; 1
default-src 'self' style-src 'unsafe-inline' 1
base-uri 'none'; font-src 'self' data: *.screeb.app; img-src 'self' data: idfm-production-rp.osc-secnum-fr1.scalingo.io *.screeb.app images.prismic.io data.iledefrance-mobilites.fr portail-idfm.cdn.prismic.io *.contentsquare.net www.iledefrance-mobilites.fr iledefrance-mobilites.fr; object-src 'none'; style-src 'self' 'unsafe-inline' storage.googleapis.com fonts.googleapis.com *.screeb.app cdn.jsdelivr.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.matomo.cloud t.screeb.app www.youtube.com blob: rogeraccess.rogervoice.com idfm-production-common-design.osc-secnum-fr1.scalingo.io storage.googleapis.com *.contentsquare.net; connect-src 'self' idfm-production-back.osc-secnum-fr1.scalingo.io *.contentsquare.net *.matomo.cloud wss://*.screeb.app *.screeb.app; default-src 'self'; frame-src 'self' *.screeb.app data.iledefrance-mobilites.fr www.youtube.com production-rogeraccess-webapp.rogervoice.com; 1
frame-ancestors https://*.maropost.com https://*.neto.com.au https://netohq.com https://www.netohq.com; 1
frame-ancestors 'self' www1.tu-ilmenau.de;  frame-src 'self' *.tu-ilmenau.de *.vimeo.com *.vimeocdn.com thunibib-ilmenau.gbv.de service1.bibliothek.tu-ilmenau.de:8383 *.openstreetmap.org thefi1.tu-ilmenau.de:3000; 1
default-src 'self'; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com/turnstile/v0/api.js https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.google-analytics.com https://donorbox.org https://www.paypalobjects.com/ https://www.paypal.com/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self' https://*.google-analytics.com https://api.openreview.net https://api2.openreview.net https://export.arxiv.org https://dblp.org https://dblp.uni-trier.de; img-src 'self' https://t.paypal.com/ data: https://*.google-analytics.com; frame-src 'self' https://challenges.cloudflare.com/ https://api.draftable.com https://donorbox.org; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://ecopyright.ieee.org/ECTT/IntroPage.jsp 1
frame-ancestors 'self' *.crazygames.at *.crazygames.jp *.crazygames.pt *.crazygames.vn *.crazygames.com.vn *.crazygames.cz *.crazygames.dk *.1001juegos.com *.crazygames.fr crazygames.fr *.crazygames.co.id *.crazygames.hu *.crazygames.nl *.crazygames.no *.crazygames.pl *.crazygames.com.br *.crazygames.ro *.crazygames.fi *.crazygames.se *.crazygames.ru *.crazygames.com.ua *.crazygames.com crazygames.com *.facebook.com facebook.com *.miniclip.com miniclip.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://platform.twitter.com https://syndication.twitter.com https://www.googletagmanager.com https://cdn.syndication.twimg.com https://www.google.com https://www.google-analytics.com https://maps.googleapis.com https://apis.google.com https://connect.facebook.net https://challenges.cloudflare.com https://static.cloudflareinsights.com https://bat.bing.com;report-uri https://o298045.ingest.sentry.io/api/5193335/security/?sentry_key=98577efcbca24e6daef4a099b6611076 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' multimedia.gsb.bund.de *.netzlabor.de *.spaceview.net; connect-src 'self' tracking.netmind-cloud.com *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' multimedia.gsb.bund.de piwik.itzbund.de webtv.bundestag.de *.googleapis.com *.google.com *.gstatic.com *.instagram.com tracking.netmind-cloud.com twemoji.maxcdn.com maps.wikimedia.org *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org *.spaceview.net *.netzlabor.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.start.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de multimedia.gsb.bund.de *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.googlevideo.com; frame-src 'self' *.google.com *.gstatic.com webtv.bundestag.de *.cdninstagram.com *.fbcdn.net *.youtube.com *.youtube-nocookie.com *.instagram.com twemoji.maxcdn.com maps.wikimedia.org *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.openstreetmap.org piwik.itzbund.de *.blitzvideoserver.de *.video-stream-hosting.de *.3qsdn.com *.video-stream-hosting.de *.cloudfront.net vimeo.com multimedia.gsb.bund.de; img-src 'self' data: *.google.com *.gstatic.com piwik.itzbund.de webtv.bundestag.de *.youtube.com *.twimg.com *.fbcdn.net *.youtube-nocookie.com *.cdninstagram.com *.openstreetmap.org twemoji.maxcdn.com maps.wikimedia.org *.youtube-nocookie.com *.googlevideo.com vimeo.com *.cloudfront.net *.gsb.bund.de; frame-ancestors 'self';upgrade-insecure-requests; 1
default-src 'self' citizenlab.ca www.citizenlab.ca citizenlab.org www.citizenlab.org; font-src 'self' data: ; img-src * data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.youtube.com; frame-src 'self' www.youtube-nocookie.com  www.youtube.com ; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.uni-greifswald.de; frame-ancestors *.uni-greifswald.de; frame-src https: 1
default-src 'unsafe-eval' 'unsafe-inline' *;frame-src about: *;img-src data: about: blob: *;font-src data: *;frame-ancestors self my.readymag.com readymag.website readymag.com 1
frame-ancestors 'self' *.curiositystream.com; report-uri https://n8205b602a.execute-api.us-east-1.amazonaws.com/Prod/cspreport; report-to csp-endpoint 1
default-src 'self'; style-src 'self' https://*.mittwald.de 'unsafe-inline'; font-src 'self' data: userlike-cdn-umm.b-cdn.net fonts.gstatic.com; connect-src *; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net blob:; img-src 'self' https://*.mittwald.de https://*.mittwald.systems https://mittwald-av-manager.de https://audatis.ds-manager.com userlike-cdn-operators.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com data:; script-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net https://audatis.ds-manager.com 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-4y/gEB2/KIwZFTfNqwXJq4olzvmQ0S214m9jwKgNXoc=' 'sha256-+5XkZFazzJo8n0iOP4ti/cLCMUudTf//Mzkb7xNPXIc='; frame-src 'self' https://*.mittwald.de https://mittwald-av-manager.de https://varnish-editor.dev.mittwald.systems https://varnish-editor.mittwald.de https://audatis.ds-manager.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net www.youtube.com player.vimeo.com blob:; frame-ancestors https://*.mittwald.de https://*.mittwald.systems https://*.mittwald.it http://localhost:3000 blob:; media-src userlike-cdn-umm.b-cdn.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:; object-src 'none' 1
frame-ancestors 'self' http://*.comerica.com:* https://*.comerica.com:*; 1
frame-ancestors *.enedis.fr *.web-enedis.fr 1
frame-ancestors *.mysmartprice.com *.google.com www-mysmartprice-com.cdn.ampproject.org 1
default-src 'self' *.googleapis.com cdnjs.cloudflare.com danord.gdi-sh.de efi2.schleswig-holstein.de efi.schleswig-holstein.de phpefi.schleswig-holstein.de *.openstreetmap.org *.openstreetmap.fr cdn.podigee.com phpefi.schleswig-holstein.de *.podigee-cdn.net *.kaltura.com danord.gdi-sh.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openstreetmap.org *.openstreetmap.fr *.schleswig-holstein.de danord.gdi-sh.de cdnjs.cloudflare.com cdn.podigee.com *.podigee-cdn.net *.bootstrapcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com phpefi.schleswig-holstein.de *.openstreetmap.org *.vimeo.com *.schleswig-holstein.de danord.gdi-sh.de cdn.podigee.com *.podigee-cdn.net cdnjs.cloudflare.com; object-src 'none'; media-src 'self' blob: multimedia.gsb.bund.de *.youtube.com *.youtube-nocookie.com *.youtube-nocookies.com youtu.be vimeo.com; frame-src *.google.com *.gstatic.com *.vimeo.com *.schleswig-holstein.de danord.gdi-sh.de *.kaltura.com cdn.podigee.com *.podigee-cdn.net *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.openstreetmap.fr; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeocdn.com phpefi.schleswig-holstein.de *.openlayers.org *.openstreetmap.org *.openstreetmap.fr *.schleswig-holstein.de danord.gdi-sh.de sg.geodatenzentrum.de *.cdninstagram.com *.podigee-cdn.net *.fbcdn.net *.bootstrapcdn.com stamen-tiles-b.a.ssl.fastly.net stamen-tiles-c.a.ssl.fastly.net stamen-tiles-d.a.ssl.fastly.net stamen-tiles-a.a.ssl.fastly.net; worker-src blob: 'self'; frame-ancestors 'self' *.schleswig-holstein.de; font-src 'self' cdnjs.cloudflare.com danord.gdi-sh.de maxcdn.bootstrapcdn.com; connect-src 'self' matomo.schleswig-holstein.de danord.gdi-sh.de efi2.schleswig-holstein.de; 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totaladblock.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totaladblock.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totaladblock.com http://url.totaladblock.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com/ https://www.mczbf.com/; worker-src 'self' blob; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totaladblock.com https://www.google.com/; connect-src 'self' https://my.totaladblock.com https://ajax.totaladblock.com https://login.totaladblock.com https://signup.totaladblock.com https://my.totaladblock.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totaladblock.com https://www.mczbf.com/; frame-ancestors 'self' 1
frame-ancestors 'self'; default-src 'self' https://*.google-analytics.com https://www.googletagmanager.com; img-src 'self' data: https://www.google-analytics.com https://www.hosttest.de/images/button/ https://anbieter-auszeichnungen.webhostlist.de https://www.hosttest.de; style-src 'self' 'unsafe-inline' data: https://anbieter-auszeichnungen.webhostlist.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://anbieter-auszeichnungen.webhostlist.de https://www.hosttest.de http://anbieter-auszeichnungen.webhostlist.de; 1
frame-ancestors 'self' *.ancestrydata.com genlookups.com *.genlookups.com *.legacy.com whostextingmykids.com *.usphonebook.com 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://cdn.jsdelivr.net/ https://assets.calendly.com https://www.votervoice.net https://static.zdassets.com https://googleads.g.doubleclick.net https://pod-27.zendesk.com/ https://zendesk-eu.my.sentry.io *.counseling.org assets.adobedtm.com https://tags.crwdcntrl.net/ https://www.rumiview.com/ https://rum-static.pingdom.net *.feathr.co https://polo.feathr.co https://marco.feathr.co https://cdn.feathr.co https://static.hotjar.com https://script.hotjar.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://imis.counseling.org/ https://www.google.com/ https://americancounselingassociation.zendesk.com https://www.google.com.ph *.doubleclick.net https://bcp.crwdcntrl.net https://www.rumiview.com *.feathr.co https://marco.feathr.co https://polo.feathr.co https://cdn.feathr.co https://match.adsrvr.org *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.fontawesome.com; frame-src 'self' https://html5-player.libsyn.com/ https://www.youtube.com/ https://player.vimeo.com/ https://calendly.com/ https://www.votervoice.net https://ekr.zdassets.com/ https://td.doubleclick.net/ *.doubleclick.net https://bcp.crwdcntrl.net/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://acasearch303.aws.mtxgp.net https://searchblox105.aws.matrixdev.net https://ekr.zdassets.com https://americancounselingassociation.zendesk.com/ wss://pod-27.zendesk.com/sc/faye *.counseling.org *.google.com *.doubleclick.net https://rum-collector-2.pingdom.net https://polo.feathr.co wss://ws.hotjar.com https://content.hotjar.io *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
frame-ancestors https://render.otoy.com 1
frame-ancestors bosch-pt.com.au www.bosch-pt.com.au bosch-officeon.com boschprofessionalworld.com staging.boschprofessionalworld.com staging-2.boschprofessionalworld.com theviewer.co *.kittelberger.net *.kittelberger.de *.bosch-professional.com; 1
frame-ancestors 'self' *.vertafore.com 1
default-src * data: 'self' blob:; connect-src 'self' https: *.visualwebsiteoptimizer.com app.vwo.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: *.visualwebsiteoptimizer.com app.vwo.com; script-src-elem 'self' 'unsafe-inline' https: *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' https: data: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com; worker-src 'self' blob:;frame-src 'self' https: app.vwo.com *.visualwebsiteoptimizer.com; 1
default-src 'self'; font-src 'self' data: https://script.hotjar.com https://cdn.acsbapp.com https://maxcdn.bootstrapcdn.com https://secure8.convio.net https://fonts.gstatic.com https://use.typekit.net https://cloud.typography.com; frame-src 'self' https://td.doubleclick.net/ https://word.rodeo/ https://prod-useast-b.online.tableau.com/ https://www2.jdrf.org https://crosswordlabs.com https://jdrf.massrel.io https://*.jdrfoverlays.com https://jdrfoverlays.com https://tgbwidget.com https://public.tableau.com/ https://app.hubspot.com https://www.youtube-nocookie.com https://a597080980.cdn.optimizely.com https://wp.freemius.com https://player.vimeo.com https://antidote.me https://www.youtube.com https://public.domo.com https://www.google.com https://my.walls.io https://www.facebook.com https://www.matchinggifts.com https://ww2.matchinggifts.com https://javamatch.matchinggifts.com https://x.adroll.com; img-src 'self' https://s.amazon-adsystem.com/ https://cm.g.doubleclick.net https://public.tableau.com/static/images/Ma/MapsActiveGrants-US/MapsActiveGrants-US/1.png https://public.tableau.com/static/images/7N/7NPFK7P5M/1.png data: https://www.dafdirect.org https://ipv4.d.adroll.com https://x.bidswitch.net https://*.reson8.com https://reson8.com https://idsync.rlcdn.com https://dsum-sec.casalemedia.com https://sync.srv.stackadapt.com https://tags.bluekai.com  https://dpm.demdex.net https://usermatch.krxd.net  https://cms.analytics.yahoo.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.taboola.com  https://image2.pubmatic.com https://sync.outbrain.com https://ib.adnxs.com  https://ups.analytics.yahoo.com  https://eb2.3lift.com https://d.adroll.com https://script.hotjar.com https://pixel.quantserve.com https://cdn.acsbapp.com https://gravatar.com https://s3-us-west-2.amazonaws.com https://wpstorelocator.co https://khms0.googleapis.com https://khms1.googleapis.com https://maps.google.com https://s38924.pcdn.co https://gravityforms.s3.amazonaws.com https://s3.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://marvel-processor.bc0a.com https://updates.bnecreative.com https://s.w.org https://ps.w.org https://a1.b0e8.com https://marvel-b1-cdn.bc0a.com https://www.google.co.in https://www.google.co.in/pagead/1p-user-list/982455586/ https://googleads.g.doubleclick.net https://*.wpengine.com https://bat.bing.com https://nova.collect.igodigital.com https://p.typekit.net https://secure.gravatar.com https://sp.analytics.yahoo.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.jdrf.org; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://6467beef974ac544f93aa9e8.endpoint.csper.io https://www2.jdrf.org; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://online.tableau.com/javascripts/api/tableau.embedding.3.latest.min.js https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js https://platform.massrelevance.com https://www.dafdirect.org https://public.tableau.com/javascripts/api/viz_v1.js https://analytics.tiktok.com https://rules.quantcount.com https://tgbwidget.com/widget/script.js https://d.adroll.com https://cdnjs.cloudflare.com https://secure.quantserve.com https://js.dev.shift4.com/shift4.js https://s.adroll.com https://cdn.segment.com https://js.hs-scripts.com https://maps.google.com https://ajax.aspnetcdn.com https://djtflbt20bdde.cloudfront.net https://player.vimeo.com https://antidote.me https://www.fullstory.com https://fullstory.com https://www.gstatic.com https://www.google.com https://cdn.optimizely.com https://maps.googleapis.com https://cdn.jsdelivr.net https://marvel-b2-cdn.bc0a.com https://cdn.b0e8.com https://cdn.mxpnl.com https://acsbapp.com https://jdrfapistage.wpengine.com https://*.collect.igodigital.com https://bat.bing.com https://connect.facebook.net https://*.doubleclick.net https://jdrfapi.wpengine.com https://s.yimg.com https://s3.amazonaws.com https://*.hotjar.com https://secure.adnxs.com https://unpkg.com https://use.typekit.net https://walls.io https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www2.jdrf.org; style-src 'report-sample' 'self' 'unsafe-inline' https://www.dafdirect.org https://www.gstatic.com https://ajax.googleapis.com https://rgsharedweb.s3.amazonaws.com https://use.fontawesome.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://jdrfapi.wpengine.com https://jdrfapistage.wpengine.com  https://cloud.typography.com; worker-src 'self' blob: https://www.jdrf.org; connect-src 'self' https://prod-useast-b.online.tableau.com/vizportal/api/web/v1/auth/embed/signin https://analytics.google.com https://*.optimizely.com https://optimizely.com https://www.facebook.com https://www.facebook.com/tr https://*.hubspot.com https://hubspot.com https://pixel.quantcount.com https://spreadsheets.google.com https://host-v618rd.api.swiftype.com https://metrics.hotjar.io https://api.segment.io https://cdn.segment.com https://*.hotjar.io https://content.hotjar.io wss://ws.hotjar.com https://in.hotjar.com https://www2.jdrf.org https://acsbapp.com https://stagingjdrf.wpengine.com https://errors.client.optimizely.com https://my.yoast.com https://vc.hotjar.io https://my.wpengine.com https://yoast.com https://www.jdrf.org https://www.google-analytics.com https://cdn.acsbapp.com https://logx.optimizely.com https://secure8.convio.net https://maps.googleapis.com https://s.yimg.com https://stats.g.doubleclick.net; 1
frame-ancestors 'self' https://statistics.uni-saarland.de; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com www.google-analytics.com cdn.jsdelivr.net *.brightcove.com *.doubleclick.net *.jsdelivr.net geoid.investisdigital.com cookiemanager.investisdigital.com stories.syngenta.com gateway.shorthand.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com otp.tools.investis.com unpkg.com cdn.rawgit.com  https://gateway.zscalertwo.net stories.syngenta.com iframely.shorthand.com analytics.shorthand.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net stories.syngenta.com; img-src 'self' 'unsafe-inline' * data:; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com www.youtube.com www.facebook.com stories.syngenta.com iframely.shorthand.com platform.twitter.com syndication.twitter.com www.linkedin.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 1
frame-ancestors 'self' https://*.bullhornstaffing.com http://webvisor.com https://*.city.online https://*.lotinfo.ru https://recruzo.ru; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' jira.reactos.org www.google.com www.gstatic.com; img-src 'self' data:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://static.preprod.siteimprove.com tags.srv.stackadapt.com; img-src 'self' * data: *.global.siteimproveanalytics.io px.ads.linkedin.com www.google.com www.google.co.uk b.6sc.co www.facebook.com bat.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.preprod.siteimprove.com https://code.jquery.com/jquery-3.5.0.js hello.siteimprove.com https://cdn.siteimprove.net/cms/overlay.js az416426.vo.msecnd.net www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com siteimproveanalytics.com j.6sc.co googleads.g.doubleclick.net www.google.com https://cdn.jsdelivr.net www.google.co.uk cdn.dreamdata.cloud play.vidyard.com snap.licdn.com pi.pardot.com connect.facebook.net tracking.g2crowd.com bat.bing.com tags.srv.stackadapt.com js.qualified.com js.zi-scripts.com; connect-src 'self' 'unsafe-inline' dc.services.visualstudio.com www.google.com epsilon.6sense.com px.ads.linkedin.com secure.adnxs.com applications.zoom.us wss://ws.qualified.com www.siteimprove.com marketingservices.siteimprove.com dc.services.visualstudio.com google.com consentcdn.cookiebot.com googleads.g.doubleclick.net ipv6.6sc.co cdn.dreamdata.cloud pi.pardot.com tags.srv.stackadapt.com js.zi-scripts.com tags.srv.stackadapt.com ws.zoominfo.com c.6sc.co cdn.linkedin.oribi.io; frame-src www.youtube.com videos.siteimprove.com https://play.vidyard.com applications.zoom.us https://hello.siteimprove.com https://cdn.siteimprove.net/cms/overlay.js consentcdn.cookiebot.com www.facebook.com app.qualified.com td.doubleclick.net www.g2.com; font-src 'self' 'unsafe-inline' https://static.preprod.siteimprove.com pardot-marketing-bucket.s3.eu-central-1.amazonaws.com; 1
connect-src 'self' https://www.paypal.com https://fastmail.innocraft.cloud https://o73885.ingest.sentry.io/api/; default-src 'none'; img-src 'self' data: https://fastmail.innocraft.cloud https://*.twimg.com https://*.twitter.com https://www.gravatar.com https://icgroup.helpspot.com https://www.paypalobjects.com http://www.pobox.com https://*.gstatic.com https://www.fastmail.com https://*.zdusercontent.com https://fastmail.zendesk.com https://pobox.zendesk.com; font-src 'self' data: http://fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.twitter.com https://*.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://connect.facebook.net https://fastmail.innocraft.cloud https://listbox.com https://run-static.pingdom.net https://*.gstatic.com https://*.facebook.com https://talon-ehawk.netdna-ssl.com https://www.e-hawk.net https://www.ehawk.net https://www.paypalobjects.com https://www.paypal.com https://icgroup.helpspot.com; object-src 'none'; frame-src 'self' data: https://*.twitter.com https://*.twimg.com https://*.facebook.com https://*.google.com; frame-ancestors 'self' 1
default-src 'none'; connect-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://*.facebook.com; font-src 'self' data: https://cdnjs.cloudflare.com/ https://*.google.com/; img-src 'self' data: https://*.gravatar.com/ https://*.ytimg.com/ https://*.gstatic.com/ https://*.google.com/ https://www.google-analytics.com/; frame-src 'self' https://www.youtube-nocookie.com/ https://*.twitter.com/ https://*.google.com/ https://*.facebook.com https://*.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://*.gstatic.com/ https://*.google.com/; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://*.twitter.com/ https://*.gstatic.com/ https://*.google.com/; block-all-mixed-content; 1
default-src 'none'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.czater.pl https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com *.audiencemanager.de cdn.matomo.cloud widget.spreaker.com eqy.link js.hs-scripts.com stats.webleads-tracker.com get.smart-data-systems.com serve.albacross.com f.vimeocdn.com www.linkedin.com *.serving-sys.com *.lfeeder.com secure-ds.serving-sys.com static.ads-twitter.com *.clarity.ms *.google.com https://*.gstatic.com *.twitter.com s.ytimg.com www.youtube.com *.googletagmanager.com https://optimize.google.com https://www.googleanalytics.com https://*.google-analytics.com https://www.googleoptimize.com https://*.googleapis.com https://*.ggpht.com *.googleusercontent.com connect.facebook.net marketing-comarch.pl *.hotjar.com snap.licdn.com *.livechatinc.com *.googleadservices.com www.catvertiser.com track.adform.net *.comarch.com *.mautic.krakow.comarch assets.livecall.io googleads.g.doubleclick.net *.outbrain.com *.bing.com; connect-src 'self' wss://s4.czater.pl wss://s3.czater.pl wss://s2.czater.pl wss://s1.czater.pl https://cdn.linkedin.oribi.io https://*.linkedin.com https://forms.hubspot.com comarch.matomo.cloud new-collect.albacross.com stats.webleads-tracker.com bat.bing.com lm.serving-sys.com secure-ds.serving-sys.com *.clarity.ms *.comarch.fr *.comarch.com *.comarch.pl *.comarch.de *.comarch.be *.comarch.it *.comarch.es *.comarch.com.br *.comarch.ru *.comarch.jp wss://*.hotjar.com/api/v2/client/ws *.hotjar.com noembed.com cdn.plyr.io *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.mautic.krakow.comarch *.g.doubleclick.net www.google.pl www.facebook.com marketing-comarch.pl *.livecall.io maps.googleapis.com *.hotjar.com *.hotjar.io https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; img-src 'self' https://forms.hsforms.com https://track.hubspot.com https://optimize.google.com https://analytics.twitter.com assets.livecall.io *.doubleclick.net new-collect.albacross.com *.google.com t.co *.lfeeder.com *.clarity.ms www.linkedin.com *.outbrain.com *.bing.com i.ytimg.com https://*.google-analytics.com *.analytics.google.com *.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com www.facebook.com *.hotjar.com data: *.comarch.fr *.comarch.com *.comarch.pl *.comarch.de *.comarch.be *.comarch.it *.comarch.es *.comarch.com.br *.comarch.ru *.comarch.jp www.google.com px.ads.linkedin.com www.google.pl marketing-comarch.pl *.googletagmanager.com *.googleusercontent.com; media-src 'self' assets.livecall.io www.google.com; style-src 'self' 'unsafe-inline' https://www.czater.pl https://optimize.google.com https://fonts.googleapis.com marketing-comarch.pl fonts.googleapis.com/css assets.livecall.io; font-src 'self' https://fonts.gstatic.com *.hotjar.com; frame-src 'self' https://www.czater.pl https://optimize.google.com secure.livechatinc.com *.audiencemanager.de www.youtube-nocookie.com *.doubleclick.net *.comarch.com *.comarch.pl *.google.com www.youtube.com open.spotify.com *.facebook.com *.hotjar.com www.linkedin.com; manifest-src 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.zerobounce.net/* https://extension-api.zerobounce.net/* https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/O4xzMiFqEvA4YhWjk5t8Xuas/recaptcha__en.js https://www.googletagmanager.com/ https://script.tapfiliate.com/tapfiliate.js https://static.zdassets.com https://connect.facebook.net https://bat.bing.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://assets.calendly.com https://www.calendly.com https://assets.calendly.com/assets/external/widget.js https://bat.bing.com/p/action/5725668.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842938922/ https://script.tapfiliate.com/tapfiliate.js https://static.zdassets.com/ekr/snippet.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion_async.js https://gtm.zerobounce.net/gtm.js https://feedback-pa.clients6.google.com/ https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__en.js https://bat.bing.com/bat.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842938922/ https://static.zdassets.com/ekr/snippet.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://static.zdassets.com/web_widget/latest/web-widget-82496-589058dacc8ab84d7796.js https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com/iframe_api https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__ru.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__ro.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__hr.js https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__en_gb.js https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__id.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__pl.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__hu.js https://www.gstatic.com/recaptcha/releases/1p3YWy80wlZ7Q8QFR1gjazwU/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__it.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-listjanitor-html-js-7f91fae646918536a529.js https://www.zerobounce.net/component---src-pages-integrations-sendinblue-html-js-7e025c6ada37a2858501.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-emailquickfix-html-js-8240bfa25f0164494358.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__de.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-sparkemail-html-js-8aa91f407b148af4bea8.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__tr.js https://static.zdassets.com/web_widget/latest/web-widget-lazy/web_widget-24755e48c6465f6effb4.js https://static.zdassets.com/web_widget/latest/web-widget-82496-589058dacc8ab84d7796.js https://static.zdassets.com/web_widget/latest/web-widget-39900-bad8471d2b7add37a93f.js https://static.zdassets.com/web_widget/latest/web-widget-chat-sdk-58987df92c8073e96c0f.js https://static.zdassets.com/web_widget/latest/web-widget-framework-c89f2cabb37233fdb333.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__zh_cn.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__ar.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__es.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__nl.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__fr.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__en_gb.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__de.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__id.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__es_419.j https://www.zerobounce.net/adlock/injections/script.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-verifalia-html-js-e27c0dc77f5c20492432.js https://www.zerobounce.net/component---src-pages-integrations-instapage-html-js-638cf3d53ceb90756ac6.js https://www.gstatic.com/recaptcha/releases/dPctOHA2ifhWm5WzFM_B5TjT/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__zh_cn.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-listjoy-html-js-09caef132a2e710d8f6c.js https://www.zerobounce.net/component---src-pages-zerobounce-vs-b-2-bsprout-html-js-ba11e5060a0612c6fdad.js https://www.zerobounce.net/component---src-pages-integrations-autopilot-html-js-e93bdd9cdcb782527d28.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__es.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__id.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__sl.js https://www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/recaptcha__pt_br.js https://www.zerobounce.net/assets/js/functions.js https://assets.calendly.com/assets/external/widget.js https://hcaptcha.com/1/api.js *; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://gtm.zerobounce.net/gtm.js https://www.googleadservices.com/pagead/conversion_async.js https://connect.facebook.net/en_US/fbevents.js https://www.google-analytics.com/analytics.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/842938922/ https://bat.bing.com/bat.js https://bat.bing.com/p/action/* https://script.tapfiliate.com/tapfiliate.js *; connect-src 'self' https://bat.bing.com https://www.zerobounce.net/blog https://ekr.zdassets.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.zbapis.net https://zerobounce.zendesk.com wss://widget-mediator.zopim.com https://www.zerobounce.net *; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.calendly.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; frame-src 'self' https://calendly.com https://td.doubleclick.net/ https://www.facebook.com https://www.google.com https://www.youtube.com https://competitivecomparisons.capterra.com ct.capterra.com https://datainsights.softwareadvice.com https://datainsights.capterra.com https://datainsights.getapp.com https://competitivecomparisons.softwareadvice.com https://competitivecomparisons.getapp.com https://www.trustpilot.com https://widget.trustpilot.com https://streamyard.com https://i.zerobounce.net https://datainsights-cdn.dm.aws.gartner.com https://*.quora.com; worker-src 'self'; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: https://zerobounce.net/* https://c.bing.co https://v2assets.zopim.io https://assets.calendly.com https://bat.bing.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.ro https://www.googletagmanager.com http://*.gravatar.com/avatar/ *; frame-ancestors 'self'; object-src 'self' https://www.zerobounce.net/docs/pdf/UK_Data_Processing_Agreement_Offline-08-24-22.pdf https://www.zerobounce.net/docs/assets/zb_data_processing_agreement-12-15-22.pdf https://www.zerobounce.net/assets/UK_Data_Processing_Agreement_4-15-24.pdf https://www.zerobounce.net/assets/zb_data_processing_agreement-4-15-24.pdf; base-uri 'self'; report-uri https://zero.report-uri.com/r/t/csp/enforce; report-to default; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self' https://www.paypal.com; frame-ancestors 'self'; frame-src 'self' https://*.guardedhost.com https://*.omnis.com https://*.omnis.com:2222;  img-src 'self' data: https://ssl.google-analytics.com https://www.paypalobjects.com https://*.guardedhost.com; connect-src 'self' wss://wssp.guardedhost.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' text/javascript*; img-src data: w3.org/svg/2000 http: https:; script-src * 'unsafe-inline' 'unsafe-eval' data: 1
frame-ancestors 'self' https://samsungfood.kinsta.cloud 1
default-src 'self' 'report-sample' *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.engie.fr *.googleapis.com *.google.com *.tagcommander.com *.cookiebot.com *.cloudflare.com *.youtube.com *.youtube-nocookie.com *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.googleapis.com *.google.com *.tagcommander.com *.cloudflare.com *.consent.cookiebot.com *.analytics.com *.engie.fr *.google-analytics.com *.cookiebot.com siteimproveanalytics.com *.twitter.com *.linkedin.com *.en25.com *.bkrtx.com *.weborama.fr; style-src 'self' 'unsafe-inline' 'report-sample' *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.engie.fr *.cookiebot.com *.cloudflare.com *.googleapis.com *.gstatic.com; img-src 'self' 'report-sample' data: *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.google-analytics.com *.engie.fr *.cookiebot.com *.commander1.com; font-src 'self' 'report-sample' data: *.piwik.pro *.eloqua.com *.weborama.fr *.bluekai.com *.engie.fr *.googleapis.com *.gstatic.com; frame-ancestors 'self' 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com/gtag/js?id=G-LLWL5N9CSM; connect-src 'self' https://eco-gateway.wingmarket.com/customer-page/api/page/customer-invoice/register-customer https://backend.ezecom.com.kh/ https://*.lottiefiles.com/ https://ezecom.com.kh:10001 https://cms-ezecom.com.kh https://eze24.ezecomcorp.com https://app.yellowmessenger.com wss://app.yellowmessenger.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://securetoken.googleapis.com https://www.google-analytics.com https://www.googleapis.com https://maps.googleapis.com https://*.streamlock.net https://stats.g.doubleclick.net https://www.googletagmanager.com/gtag/js?id=G-LLWL5N9CSM https://lepton-api.ezecom.com.kh/coverage https://connect.facebook.net/en_US/fbevents.js; img-src 'self' data: blob: https://*.lottiefiles.com/ https://ezecom.com.kh:10001 https://cdn.yellowmessenger.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.google.com https://www.google.com.kh/ https://backend.ezecom.com.kh/ https://www.google-analytics.com/ https://*.ytimg.com https://checkout.payway.com.kh; script-src 'self' blob: 'unsafe-eval' https://cdn.yellowmessenger.com https://app.yellowmessenger.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://checkout.payway.com.kh; media-src blob: https://ezecom.com.kh:10001 https://cdn.yellowmessenger.com https://*.streamlock.net https://backend.ezecom.com.kh/; frame-src 'self' https://www.youtube.com https://www.google.com https://checkout.payway.com.kh; font-src 'self' unsafe-inline data: https://cdn.yellowmessenger.com https://fonts.gstatic.com ; default-src 'self' 1
default-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com *.google.com *.doubleclick.net *.tagcommander.com *.trustcommander.net *.commander1.com tv.bpifrance.fr *.twitter.com *.ubembed.com *.evgnet.com *.evergage.com *.googleapis.com licdn.com *.licdn.com *.matomo.cloud *.instagram.com *.commandersact.com *.cloud.media.bpifrance.fr cloud.media.bpifrance.fr cdn.matomo.cloud; font-src 'self' themes.googleusercontent.com *.gstatic.com *.thinglink.me *.evgnet.com *.evergage.com *.googleapis.com *.commandersact.com; frame-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.googleapis.com www.google-analytics.com *.youtube.com *.google.com *.doubleclick.net *.vimeo.com *.tagcommander.com *.trustcommander.net *.facebook.com *.twitter.com *.thinglink.me *.dailymotion.com *.linkedin.com player.ausha.co embed.acast.com *.soundcloud.com developers.deezer.com open.spotify.com *.slideshare.net *.thinglink.com view.genial.ly *.onlinequizcreator.com dermandar.com *.ubembed.com *.facebook.net *.googleadservices.com licdn.com *.licdn.com *.matomo.cloud *.instagram.com *.commandersact.com *.cloud.media.bpifrance.fr cloud.media.bpifrance.fr cdn.matomo.cloud https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://platform.twitter.com https://polyfill.io https://unpkg.com; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com *.googleapis.com www.google-analytics.com *.youtube.com *.google.com *.doubleclick.net *.vimeo.com *.tagcommander.com *.trustcommander.net *.twitter.com *.thinglink.me *.dailymotion.com *.facebook.com *.linkedin.com player.ausha.co embed.acast.com *.soundcloud.com developers.deezer.com open.spotify.com *.slideshare.net *.thinglink.com view.genial.ly *.onlinequizcreator.com dermandar.com *.ubembed.com *.facebook.net *.googleadservices.com *.evgnet.com *.evergage.com licdn.com *.licdn.com *.matomo.cloud *.instagram.com *.commandersact.com *.cloud.media.bpifrance.fr cloud.media.bpifrance.fr cdn.matomo.cloud https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://platform.twitter.com https://polyfill.io https://unpkg.com; style-src-elem 'self' 'unsafe-inline' *.thinglink.me fonts.googleapis.com *.evgnet.com *.evergage.com *.googleapis.com https://cdnjs.cloudflare.com 1
frame-ancestors 'self' https://*.nexhealth.com https://nexhealth.com https://nexhealth.info 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' chrome-extension: data: *.portland.gov *.ssl.fastly.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net unpkg.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com bam.nr-data.net bam-cell.nr-data.net js-agent.newrelic.com fontlibrary.org use.fontawesome.com *.googleapis.com *.gstatic.com *.googleusercontent.com *.portlandoregon.gov *.portlandmaps.com *.arcgis.com server.arcgisonline.com *.openstreetmap.org *.opentopomap.org *.tiles.wmflabs.org *.loop11.com *.rawgit.com api.mapbox.com *.recollect.net coolingsearch.org; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com https://www.google.com/maps/ https://www.portlandoregon.gov/ https://www.portlandmaps.com/ *.arcgis.com arcg.is https://online.tableau.com/ https://public.tableau.com/ *.recollect.net https://app.smartsheet.com/ https://publish.smartsheet.com/; report-uri https://portlandgov.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://*.clarity.ms https://www.notifyvisitors.com https://static.ads-twitter.com https://www.linkedin.com https://web-in21.mxradon.com https://bat.bing.com http://*.googleadservices.com https://f1.leadsquaredcdn.com https://*.notifyvisitors.com wss://kotaksecurities-uat.allincall.in wss://*.notifyvisitors.com https://fonts.gstatic.com https://*.googleapis.com https://kotak9-securities-acc.allincall.in https://kotak-securities-acc.allincall.in https://stats.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.co.in https://accounts.google.com https://kotaksecurities-uat.allincall.in https://kotak-securities-acc-uat.allincall.in https://*.doubleclick.net https://*.amazonaws.com https://adservice.google.com https://cdnjs.cloudflare.com/ajax/libs/jqueryui/1.11.4/jquery-ui.js https://*.cloudfront.net/Simplify360Chat.js https://www.youtube.com https://www.gstatic.com https://websdk.appsflyer.com https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js 1
frame-ancestors 'self' http://broadridge.lookbookhq.com https://broadridge.lookbookhq.com http://explore.broadridge.com https://explore.broadridge.com; 1
default-src 'self' https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* ; connect-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  https://www.paypal.com https://noembed.com; font-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:* ; img-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  https://badge.hardenize.com https://tracking.qa.paypal.com https://www.paypalobjects.com https://github.com https://*.github.com https://githubusercontent.com https://*.githubusercontent.com https://shields.io https://*.shields.io https://ytimg.com https://*.ytimg.com; style-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  'unsafe-inline' https://www.paypal.com https://challenges.cloudflare.com; script-src 'self' https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  'unsafe-inline' https://challenges.cloudflare.com https://www.paypal.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' data: https://*.forwardemail.net:* https://forwardemail.net https://forwardemail.net:*  https://www.youtube.com https://*.youtube-nocookie.com https://challenges.cloudflare.com https://www.paypal.com; report-uri https://forwardemail.net/report; base-uri 'self'; form-action 'self' https://www.anrdoezrs.net https://login.ubuntu.com 1
default-src 'self' https://play.vidyard.com; script-src 'self' 'unsafe-eval' https://play.vidyard.com https://cdn.cookielaw.org https://js.qualified.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://service.force.com; script-src-elem 'self' 'unsafe-inline' https://js.qualified.com https://js.stripe.com/ https://*.moneris.com/ https://*.bing.com https://sc.lfeeder.com https://*.doubleclick.net https://*.googleadservices.com https://www.googleoptimize.com https://www.redditstatic.com https://soti.my.salesforce.com https://*.force.com https://static.addtoany.com https://*.google.ca https://*.pardot.com https://play.vidyard.com https://cdn.jsdelivr.net https://service.force.com https://cdnjs.cloudflare.com https://*.salesforceliveagent.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://cdn.cookielaw.org https://snap.licdn.com https://ws.zoominfo.com https://*.google-analytics.com https://www.clarity.ms https://www2.soti.net https://soti.my.salesforce-sites.com; script-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.moneris.com/ https://*.googleapis.com https://*.force.com https://cdnjs.cloudflare.com https://service.force.com https://soti.my.salesforce-sites.com; style-src-attr 'self' 'unsafe-inline' https://*.googleapis.com; img-src 'self' data: https://play.vidyard.com https://*.google.fr https://*.google.co.in https://www.linkedin.com https://alb.reddit.com https://soti.net https://www2.soti.net https://cdn.linked.oribi.io https://*.ads.linkedin.com https://cdn.vidyard.com https://*.doubleclick.net https://storage.pardot.com https://cdn.cookielaw.org https://ws.zoominfo.com https://*.googletagmanager.com https://*.google-analytics.com https://tr-rc.lfeeder.com https://google.com https://*.clarity.ms https://*.google.com https://*.google.ca https://*.bing.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://px.ads.linkedin.com/ https://pagead2.googlesyndication.com/ https://www.google.com wss://ws.qualified.com https://googleads.g.doubleclick.net/ https://google.com/ https://play.vidyard.com https://www.redditstatic.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://*.force.com https://cdn.cookielaw.org https://*.onetrust.com https://*.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ws.zoominfo.com https://*.bing.com; frame-src 'self' https://*.moneris.com/ https://app.qualified.com https://play.vidyard.com https://service.force.com https://*.google.com/ https://www2.soti.net https://js.stripe.com/ https://static.addtoany.co https://go.pardot.com https://*.youtube.com; 1
frame-ancestors 'self' *.buildertrend.com *.buildertrend.net *.office.com *.office365.com; 1
script-src 'nonce-zvmLmbdAqp2EVM5WeLZ65Q==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=c6DfLdBIRVu6Xo6q5ooUGnHhT8ieS3_GSHMyhQZytVF8wA-X5V85-2UyneGk&policy_id=10&user_id=&request_id=df61df3a-d9b6-47ce-93ad-3a4ae3ddca9f; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https: *.toolstation.com https://ecom-api.toolstation.com *.woosmap.com *.google-analytics.com *.analytics.google.com *.gstatic.com *.googletagmanager.com *.gstatic.com *.toolstation.com *.amazonaws.com *.monetate.net *.youtube.com *.brcdn.com *.brsrvr.com *.noibu.com *.tvsquared.com *.demdex.net *.ytimg.com *.wistia.com *.wistia.net smct.co *.smct.co smct.io *.smct.io *.micpn.com *.braintreegateway.com *.sandbox.braintreegateway.com checkout.paypal.com; child-src blob: *.braintreegateway.com *.sandbox.braintreegateway.com c.braintreegateway.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' *.toolstation.com *.toolstation.com *.googletagmanager.com *.google.com gstatic.com *.bazaarvoice.com *.bloomreach.io toolstation-team.freshchat.com *.euc-freshbots.ai *.monetate.net fonts.googleapis.com; worker-src 'self' blob:; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.toolstation.com https://ecom-api.toolstation.com toolstation-team.freshchat.com www.toolstation.com *.toolstation.com cdn-ukwest.onetrust.com cdnjs.cloudflare.com *.polyfill.io *.braintreegateway.com *.sandbox.braintreegateway.com *.paypal.com *.trustpilot.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.gstatic.com *.datadoghq-browser-agent.com *.browser-intake-datadoghq.eu *.monetate.net *.woosmap.com *.bazaarvoice.com *.postcodeanywhere.co.uk *.google.com secure.quantserve.com *.contentsquare.net *.pinimg.com *.facebook.net *.cooladata.com *.micpn.com *.bing.com *.rakuten.com *.revlifter.io *.quantcount.com clarity.ms *.bloomreach.io cdns.brsrvr.com googleads.g.doubleclick.net www.clarity.ms collector-25306.tvsquared.com https://*.noibu.com wss://*.noibu.com *.brcdn.com *.brsrvr.com *.uk.exponea.com *.paypal.com *.paypalobjects.com *.euc-freshbots.ai *.pusher.com *.videoly.co *.youtube-nocookie.com *.youtube.com *.tiktok.com *.instagram.com *.ytimg.com *.wistia.com *.wistia.net songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com *.amazonaws.com smct.co *.smct.co smct.io *.smct.io *.gocardless.com track.omguk.com www.recaptcha.net polyfill.io *.pinterest.com d3dh5c7rwzliwm.cloudfront.net d32106rlhdcogo.cloudfront.net dgf0rw7orw6vf.cloudfront.net; font-src *.toolstation.com *.gstatic.com *.toolstation.com *.woosmap.com *.bootstrapcdn.com data: *.amazonaws.com smct.co *.smct.co smct.io *.smct.io *.bazaarvoice.com; connect-src *.toolstation.com https://ecom-api.toolstation.com https://www.toolstation.com/api *.google.com google.com/pay *.bazaarvoice.com *.woosmap.com *.googleapis.com *.toolstation.dev *.toolstation.com *.onetrust.com *.google-analytics.com *.google.com pagead2.googlesyndication.com api.woosmap.com *.pinterest.com *.bing.com *.browser-intake-datadoghq.eu *.polyfill.io stats.g.doubleclick.net googleads.g.doubleclick.net *.bloomreach.io *.monetate.net *.contentsquare.net *.noibu.com *.braintree-api.com spay.samsung.com https://*.noibu.com wss://*.noibu.com *.uk.exponea.com *.paypal.com *.sandbox.braintreegateway.com api.braintreegateway.com client-analytics.braintreegateway.com *.euc-freshbots.ai rts-euc.freshworksapi.com wss: rts-euc.freshworksapi.com ws: *.pusher.com *.cardinalcommerce.com *.amazonaws.com smct.co *.smct.co smct.io *.smct.io *.cooladata.com www.facebook.com pixel.quantcount.com browser-intake-datadoghq.eu; frame-src * *.toolstation.com toolstation-team.freshchat.com toolstation-team.eu.webpush.freshchat.com iprospecthosting.com *.iprospecthosting.com *.facebook.com configurator.kitchenkit.co.uk app.hellosign.com widget.trustpilot.com *.polyfill.io ct.pinterest.com *.braintreegateway.com *.paypal.com *.sandbox.braintreegateway.com *.google.com *.cardinalcommerce.com *.monetate.net *.videoly.co *.youtube-nocookie.com *.youtube.com *.tiktok.com *.instagram.com *.ytimg.com *.wistia.com *.wistia.net d2d7do8qaecbru.cloudfront.net *.amazonaws.com smct.co *.smct.co smct.io *.smct.io *.doubleclick.net *.gocardless.com; form-action * 'self' www.facebook.com *.cardinalcommerce.com *.highradius.com *.invevo.io; object-src 'none'; base-uri *.toolstation.com; media-src data 1
frame-ancestors 'self' centinelapi.cardinalcommerce.com; script-src 'self' www.youtube.com *.worldpay.com *.facebook.net cdn.mouseflow.com script.crazyegg.com www.google-analytics.com static.sandisk.com bat.bing.com *.googleadservices.com d.adroll.com googleads.g.doubleclick.net *.googletagmanager.com s.adroll.com snap.licdn.com www.googletagmanager.com trc.taboola.com analytics.xscreenattribution.com *.marketo.net *.trustarc.com www.redditstatic.com cdn.taboola.com tags.tiqcdn.com *.twitter.com s.go-mpulse.net static.ads-twitter.com js.adsrvr.org d.adroll.mgr.consensu.org s.ytimg.com unpkg.com *.marketo.com js.maxmind.com *.truste.com tagmanager.google.com *.adobe.com ajax.googleapis.com *.expertvoice.com *.experticity.com cdn1.affirm.com *.tt.omtrdc.net *.adobedtm.com *.sc.omtrdc.net www.google.com *.criteo.net *.criteo.com www.gstatic.com cdn.pdst.fm ext.chtbl.com *.signifyd.com *.bazaarvoice.com mpsnare.iesnare.com *.googleapis.com *.paypal.com tracking.channelsight.com gateway.foresee.com sc-static.net qoe-1.yottaa.net cdn.yottaa.com ecwportal.vertexsmb.com j.6sc.co s.yjtag.jp yjtag.yahoo.co.jp s.yimg.jp tag.demandbase.com paapi8935.d41.co cdn-0.d41.co id.rlcdn.com ecf.d41.co *.googlesyndication.com *.zinrelo.com 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; frame-src https://www.google.com https://forms.hsforms.com; script-src 'self' 'sha256-7Y4cJY0mqvPonOInOT8niwU3D9HLQNL8gZhKeOYFKvo=' https://js.hsforms.net/forms/v2.js https://forms.hsforms.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hsadspixel.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.heapanalytics.com/ https://www.clarity.ms https://www.googletagmanager.com https://www.google-analytics.com http://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; connect-src 'self' https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8870246/3b963190-42f0-4c10-92de-945c798eddb5.json.gz https://forms.hsforms.com/emailcheck/v1/json-ext https://forms.hubspot.com https://api.hsforms.com https://api.hubapi.com https://www.clarity.ms https://script.google.com https://hooks.slack.com https://script.googleusercontent.com https://www.google-analytics.com https://stats.g.doubleclick.net; object-src 'self'; img-src * 'self' data: https:; frame-ancestors 'self'; 1
default-src 'self' dotcomaramexprod.blob.core.windows.net ;script-src https://assets.what3words.com/ https://assets.what3words.com/ https://cdn-cookieyes.com/ https://static.ads-twitter.com/uwt.js https://prod-live-chat.sprinklr.com/ https://live-chat-static.sprinklr.com/ https://analytics.tiktok.com/ https://spx-components.cdn.sprinklr.com/ https://static.ads-twitter.com/ https://analytics.tiktok.com/ https://spx-components.cdn.sprinklr.com/ https://static.ads-twitter.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ https://ajax.aspnetcdn.com/ https://unpkg.com/ www.youtube.com https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com  http://cdn.pardot.com/ https://info.aramex.com/ https://pi.pardot.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://www.googleadservices.com/  aramex.api.sociaplus.com https://npmcdn.com https://app.powerbi.com https://v1.addthisedge.com https://reverse.geocoder.cit.api.here.com dotcomaramexdev.blob.core.windows.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' https://m.addthisedge.com http://js.api.here.com https://code.jquery.com *.facebook.com *.addthis.com  www.googletagmanager.com api.sociaplus.com js.cit.api.here.com www.google-analytics.com cdnjs.cloudflare.com tools.euroland.com aramex.api.sociaplus.com 1.pano.maps.cit.api.here.com locationv2.api.sociaplus.com 1.base.maps.cit.api.here.com 1.aerial.maps.cit.api.here.com 1.traffic.maps.cit.api.here.com 1.base.maps.cit.api.here.com route.cit.api.here.com https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://static.ads-twitter.com/uwt.js ;style-src 'self' js.api.here.com fonts.googleapis.com js.cit.api.here.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://js.api.here.com aramex.api.sociaplus.com tagmanager.google.com www.gstatic.com cdnjs.cloudflare.com gamma.euroland.com tools.euroland.com 'unsafe-inline' https://cdn.jsdelivr.net/ https://td.doubleclick.net/ ;img-src * blob: data:;font-src 'self' fonts.gstatic.com https: data:; connect-src 'self' https: http:;form-action www.facebook.com 'self'  'unsafe-inline'https://tpay1.digitsecure.com/; frame-src https://recaptcha.google.com/recaptcha/ https://www.google.com/recaptcha/ dotcomaramexprod.blob.core.windows.net consentcdn.cookiebot.com www.facebook.com ' 'self' https://app.powerbi.com charts3.equitystory.com  https://app.powerbi.com charts3.equitystory.com  irpages2.equitystory.com charts25.equitystory.com qas4.equitystory.com gamma.euroland.com tools.euroland.com tools.eurolandir.com aramex.api.sociaplus.com api.sociaplus.com *.addthis.com www.youtube.com aramex-fior.typeform.com qas4.equitystory.com charts25.equitystory.com 1
default-src 'self' 'unsafe-inline' fellow.app; connect-src 'self' api.hubapi.com api.hubspot.com api.segment.io cdn.segment.com fellow.app forms.hsforms.com forms.hubspot.com heapanalytics.com https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com monitor.clickcease.com stats.g.doubleclick.net www.facebook.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com bat.bing.com yoast.com my.wpengine.com cdn.linkedin.oribi.io px.ads.linkedin.com forms.hscollectedforms.net *.chilipiper.com *.clarity.ms c.bing.com app.clearbit.com share.cello.so growthbook-proxy.fellow.app; img-src 'self' blob: data: https: monitor.clickcease.com script.hotjar.com static.hotjar.com js.chilipiper.com google-analytics.com *.google-analytics.com analytics.google.com *.analytics.google.com; media-src 'self' *.cloudfront.net *.vidyard.com fellow.app; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.adroll.com *.hs-banner.com *.hs-scripts.com *.twimg.com *.twitter.com *.youtube.com *.cloudflare.com bat.bing.com cdn.heapanalytics.com cdn.segment.com connect.facebook.net ct.capterra.com d.adroll.mgr.consensu.org fellow.app forms.hubspot.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net monitor.clickcease.com optimize.google.com script.hotjar.com static.hotjar.com snap.licdn.com static.cloudflareinsights.com static.hotjar.com www.clickcease.com google-analytics.com *.google-analytics.com www.google.com googleadservices.com *.googleadservices.com googleads.g.doubleclick.net *.googletagmanager.com www.gstatic.com *.googleoptimize.com youtube.com js.usemessages.com *.vidyard.com www.gstatic.com js.chilipiper.com use.fontawesome.com yoast.com fellowapp.bamboohr.com *.clarity.ms c.bing.com tag.clearbitscripts.com *.clearbitjs.com assets.cello.so embed.typeform.com bat.bing.com; frame-src 'self' blob: fellow.app app.hubspot.com forms.hubspot.com vars.hotjar.com www.facebook.com player.vimeo.com vimeo.com www.youtube.com youtube.com optimize.google.com anchor.fm *.twitter.com open.spotify.com embed-standalone.spotify.com *.vidyard.com www.google.com recaptcha.google.com *.chilipiper.com clarity.microsoft.com bid.g.doubleclick.net td.doubleclick.net form.typeform.com; font-src 'self' data: fellow.app fonts.gstatic.com script.hotjar.com *.typekit.net; style-src 'self' 'unsafe-inline' *.twitter.com fellow.app fonts.googleapis.com optimize.google.com static.hotjar.com script.hotjar.com embed.typeform.com *.typekit.net; report-uri https://sentry.io/api/4544941/security/?sentry_key=56a1c09c71c34e06b631424f04467745 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://static.ads-twitter.com/uwt.js cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://px.ads.linkedin.com/ https://t.co/ https://analytics.twitter.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://www.google-analytics.com/ https://cdn.linkedin.oribi.io/partner/3073578/domain/kfupm.edu.sa/token https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'self'; connect-src 'self' *.privacy-center.org browser-intake-datadoghq.eu gb-gtm-t4wkq78s-9xm5.nw.r.appspot.com players.brightcove.net edge.api.brightcove.com *.boltdns.net *.akamaihd.net insights.v3.decathlon.net *.kampyle.com *.medallia.eu *.medallia.com https://maps.googleapis.com https://maps.gstatic.com js.klarna.com na.klarnaevt.com eu.klarnaevt.com *.woosmap.com *.contentsquare.net ads-twitter.com ads-api.twitter.com analytics.twitter.com https://t.teads.tv https://cm.teads.tv https://www.redditstatic.com https://www.reddit.com https://conversions-config.reddit.com pagead2.googlesyndication.com https://*.tiktokcdn.com https://*.tiktok.com px.ads.linkedin.com https://bat.bing.com https://www.facebook.com *.y-track.com; script-src 'self' 'unsafe-inline' *.privacy-center.org storage.googleapis.com *.googletagmanager.com 'unsafe-eval' players.brightcove.net vjs.zencdn.net https://prod.transcript.decathlon.net *.kampyle.com *.medallia.eu *.medallia.com https://maps.googleapis.com https://maps.gstatic.com js.klarna.com t.contentsquare.net app.contentsquare.com static.ads-twitter.com https://p.teads.tv https://www.redditstatic.com https://www.reddit.com https://*.tiktokcdn.com https://*.tiktok.com snap.licdn.com https://www.dwin1.com https://bat.bing.com login-ds.dotomi.com doubleclick.net connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com *.y-track.com; style-src 'self' 'unsafe-inline' storage.googleapis.com fonts.googleapis.com players.brightcove.net *.kampyle.com *.medallia.eu *.klarnacdn.net; img-src 'self' blob: data: *.privacy-center.org contents.mediadecathlon.com players.brightcove.net *.boltdns.net *.akamaihd.net *.brightcove.com *.kampyle.com *.medallia.eu https://maps.googleapis.com https://maps.gstatic.com *.contentsquare.net ads-twitter.com ads-api.twitter.com analytics.twitter.com t.co https://t.teads.tv https://cm.teads.tv https://l.teads.tv https://www.redditstatic.com https://www.reddit.com alb.reddit.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://*.tiktokcdn.com https://*.tiktok.com px.ads.linkedin.com https://www.awin1.com https://bat.bing.com login-ds.dotomi.com login.dotomi.com https://www.facebook.com https://www.google.com https://google.com *.y-track.com; font-src 'self' data: *.kampyle.com *.medallia.eu https://fonts.gstatic.com *.klarnacdn.net; frame-src 'self' *.decathlon.net players.brightcove.net *.kampyle.com *.medallia.eu *.medallia.com https://custhelp.decathlon.co.uk osm.klarnaservices.com js.klarna.com https://p.teads.tv https://fledge.teads.tv https://*.fls.doubleclick.net https://*.tiktokcdn.com https://*.tiktok.com https://www.awin1.com https://bid.g.doubleclick.net https://td.doubleclick.net; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com; object-src 'none'; base-uri 'self' *.kampyle.com https://custhelp.decathlon.co.uk *.woosmap.com; form-action 'self'; frame-ancestors 'none'; worker-src 'self' blob:; child-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://td.doubleclick.net https://analytics.tiktok.com https://pagead2.googlesyndication.com http://fanibotdev.eastus.cloudapp.azure.com https://fanibotdev.eastus.cloudapp.azure.com https://appsrv-openia-fanibot-dev.azurewebsites.net https://appsrv-webfanibotdev.azurewebsites.net https://lynn-latam-testing-br-ch-reg-t2913.azurewebsites.net https://appsrv-webfanibotsb.azurewebsites.net https://vision.googleapis.com https://firebasestorage.googleapis.com https://firestore.googleapis.com https://*.clarity.ms http://portalpersonas.bancochile.cl https://snippet.maze.co https://t.maze.co www.appsbch.cl *.google.com wss://*.hotjar.com https://*.qualtrics.com https://*.hotjar.io https://vc.hotjar.io *.hotjar.com https://ad.doubleclick.net https://*.nr-data.net https://*.newrelic.com https://*.bancochile.cl https://*.bancoedwards.cl https://lib-us-3.brilliantcollector.com https://lib-us-1.brilliantcollector.com https://www.google-analytics.com https://connect.facebook.net https://code.jquery.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com *.nr-data.net *.cn-dev.ocilab.labchile.cl *.sb-onboarding-persona.cn-dev.ocilab.labchile.cl sitiospublicos.bchpreproductivos.com *.google-analytics.com optimize.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://bancochile-promociones.cl https://*.bancochile-promociones.cl https://ww3.bancochile.cl https://www.google-analytics.com https://www.facebook.com https://*.bancochile.cl https://*.bancoedwards.cl www.google.com www.google.com.ar https://maps.gstatic.com https://maps.googleapis.com https://www.google.cl optimize.google.com https://sucursales.bancochile-promociones.cl https://*.bancochile.cl https://*.bancoedwards.cl https://fonts.googleapis.com *.youtube.com www.googleadservices.com dynamic.criteo.com dynamic.criteo.net stats.g.doubleclick.net https://*.bing.com static.criteo.net googleads.g.doubleclick.net gum.criteo.com sslwidget.criteo.com bid.g.doubleclick.net https://10743875.fls.doubleclick.net https://*.teads.tv https://mdstrm.com https://eu2.device-api.indigitall.com https://entelvisa2.recoline.cl console.dialogflow.com static.dialogflow.com dialogflow.cloud.google.com jv30gcqsq7.execute-api.us-east-1.amazonaws.com tubanco.typeform.com typeform.com *.mopinion.com www.gfl85trk.com https://9879117.fls.doubleclick.net https://api.openweathermap.org https://www.googleoptimize.com gw.api.bancochile.cl https://ads.sonataplatform.com https://listado-sucursales-default-rtdb.firebaseio.com https://identitytoolkit.googleapis.com https://static.dialogflow.com https://cdn.tailwindcss.com https://*.launchdarkly.com https://*.unpkg.com https://unpkg.com https://cdn.tailwindcss.com https://*.launchdarkly.com https://*.unpkg.com;  1
frame-ancestors *.tapinto.net tapinto.net *.facebook.com *.halstonmedia.com *.commercemagazinenj.com 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com; font-src 'self' https://use.typekit.net; frame-src 'self' https://podcasters.spotify.com https://www.youtube.com https://youtube.com https://platform.twitter.com https://www.facebook.com https://open.spotify.com https://www.instagram.com https://www.aoc.gov/ https://admin.aoc.gov/; img-src 'self' data: https://www.aoc.gov https://aoc.gov https://play.google.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://farm9.staticflickr.com https://www.google.com farm6.staticflickr.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://platform.twitter.com https://3d-api.si.edu/resources/js/voyager-explorer.min.js https://www.instagram.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://unpkg.com; frame-ancestors 'self' https://www.aoc.gov https://admin.aoc.gov/; report-uri https://www.aoc.gov/report-uri/enforce 1
frame-ancestors  'self' *.qidian.com  *.hongxiu.com  *.yuewen.com  *.qq.com  *.qdmm.com  *.readnovel.com  *.xs8.cn  *.xxsy.net  *.tingbook.com  *.lrts.me  *.ywurl.cn  *.qdwenxue.com  *.if.qidian.com  www.gameloop.com 1
default-src 'self' wss: https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https:; img-src * 'self' data: https:; frame-ancestors 'self'; frame-src youtube.com https://www.youtube.com; form-action https://*.outdoorgearlab.com; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline' 1
script-src 'nonce-psegnjcsp-unsafeinline' *.pseg.com *.gstatic.com *.force.com *.cloudflare.com player.vimeo.com *.aspnetcdn.com *.google-analytics.com *.google.com *.googletagmanager.com *.googleapis.com *.adsrvr.org *.salesforce-sites.com *.salesforce.com *.salesforceliveagent.com  *.my.site.com; frame-ancestors *.pseg.com *.salesforce.com ;  connect-src *.pseg.com *.gstatic.com *.force.com *.aspnetcdn.com *.google-analytics.com *.analytics.google.com *.google.com *.googletagmanager.com *.googleapis.com *.my.site.com *.windows.net cdnjs.cloudflare.com 1
base-uri *; child-src * gap:; frame-src * gap:; connect-src *; default-src * gap: 'unsafe-inline' 'unsafe-eval'; font-src * data:; img-src * blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=%2BxWYkQJbvdNnE2YvkLM20PXXPN6nOpTc2oj4O63MazTAjpeo0D1MIyPzQTxDhvG26P8FYp6eHECbMz3Pkr2hnw%3D%3D; 1
default-src 'self' 'unsafe-inline' miraheze.org donate.miraheze.org static.miraheze.org cdnjs.cloudflare.com cdn.jsdelivr.net analytics.wikitide.net; 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-KfllEQooysgOAepNSTUCc1fgBzhyl4' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://bam.nr-data.net https://doypq9et62aku.cloudfront.net/ https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com https://sdk.tigertext.me https://cdn.mxpnl.com https://js-agent.newrelic.com data:; style-src 'self' 'unsafe-inline' https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com data:; font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com https://v4-web-static.s3.amazonaws.com https://home-static.tigertext.com data:; ; frame-src 'self' https://*.tigertext.me https://*.tigertext.xyz https://*.tigertext.com tigertext://* data:; connect-src 'self' https://*.tigertext.me https://*.tigertext.xyz https://*.tigertext.com https://api.mixpanel.com/ https://bam.nr-data.net/ data:; 1
font-src * *.cloudfunctions.net *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu 'unsafe-inline' data:; style-src * *.cloudfunctions.net *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu blob: data: 'unsafe-inline' *.googleapis.com; connect-src wss://*.otpbank.hu wss://*.hotjar.com wss://*.cloudfunctions.net *.cloudfunctions.net *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.zuko.io *.tiktok.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com blob: data: 'unsafe-inline' 'unsafe-eval'; img-src * *.cloudfunctions.net *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com blob: data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com *.cloudfunctions.net *.googleapis.com *.google.com *.facebook.com *.facebook.net *.doubleclick.net *.youtube.com *.ytimg.com *.hotjar.com *.hotjar.io *.bizographics.com *.otpbank.hu snap.licdn.com *.zuko.io *.tiktok.com 1
default-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.genworth.com https://miro.com/ https://app.storyblok.com; worker-src blob: *.genworth.com; frame-src *.genworth.com h.online-metrix.net hosted.rightprospectus.com; media-src *.genworth.com *.storyblok.com *.wistia.com data: blob:; font-src 'self' *.genworth.com *.storyblok.com *.wistia.com data:; connect-src 'self' *.genworth.com *.crazyegg.com *.wistia.com fast.wistia.net maps.googleapis.com api.mixpanel.com; img-src 'self' *.genworth.com *.storyblok.com *.wistia.com *.online-metrix.net *.tile.openstreetmap.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' *.genworth.com *.storyblok.com *.wistia.com *.crazyegg.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' data: blob: gap: https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.akamaized.net https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://media-.akamaized.net https://gsam.sc.omtrdc.net https://gs-analytics.url.gs.com:8443 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://consent.trustarc.com https://fonts.gstatic.com https://fonts.gstatic.com data:; script-src 'self' https://s.dmwdyr.com https://s.gihwyz.com  https://cdn.pdst.fm https://*.marketo.com https://*.mktoweb.com https://consent.trustarc.com https://polyfill.io https://consent-pref.trustarc.com https://fonts.googleapis.com https://assets.adobedtm.com https://ds-aksb-a.akamaihd.net https://*.gsam.com https://*.gs.com https://*.google.com https://snap.licdn.com https://*.gsacquisition.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://api.darksky.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://peoplesearch.web.gs.com:7119/ https://*.launchdarkly.com https://cdn.linkedin.oribi.io  https://s.dmwdyr.com https://s.gihwyz.com  https://us-central1-adaptive-growth.cloudfunctions.net https://*.mktoresp.com https://*.marketo.com https://*.qualtrics.com https://*.akamaized.net https://gsam.122.2o7.net https://*.gs.com https://*.gsam.com https://*.demdex.net https://*.omtrdc.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com  https://*.gsamsymposium.com  https://consent-pref.trustarc.com https://gsam.sc.omtrdc.net https://gs-analytics.url.gs.com:8443 'unsafe-inline' data:; object-src 'self'; child-src blob: gap: 'self' https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com; frame-src gap: 'self'  https://*.marketo.com https://*.mktoweb.com  https://t2.jiji.com https://*.qualtrics.com https://www.google.com https://*.gs.com https://*.gsam.com https://*.doubleclick.net https://*.gsacquisition.com https://*.goldmansachsbdc.com https://gsam.demdex.net https://*.goldman.com  https://consent-pref.trustarc.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://vds.issproxy.com; img-src 'self' https://*.qualtrics.com https://www.commercefunds.com https://p.adsymptotic.com https://ds-aksb-a.akamaihd.net https://*.google.co.in https://*.google.gr https://*.google.co.uk https://*.google.ca https://*.google.fi https://*.google.de https://*.google.fr https://*.google.it  https://*.google.com https://*.demdex.net https://*.gsam.com https://*.gs.com https://*.ads.linkedin.com https://*.doubleclick.net https://www.linkedin.com https://*.gs.com:28500 https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://gsam.122.2o7.net https://cm.everesttech.net https://gsam.sc.omtrdc.net https://*.rocaton.com https://consent.trustarc.com  https://consent-pref.trustarc.com data:; style-src 'self' https://s.dmwdyr.com https://s.gihwyz.com  https://*.marketo.com https://*.mktoweb.com  https://*.gs.com https://*.gsam.com https://*.gsacquisition.com https://*.goldmansachsbdc.com https://*.goldman.com https://*.gscio.com https://*.ayco.com https://*.gsselect.com https://*.goldmansachsahc.com https://*.gsipventures.com https://*.gsamsymposium.com https://fonts.googleapis.com https://fonts.googleapis.com 'unsafe-inline';  frame-ancestors  'self' https://uat-am.gs.com https://am.gs.com; 1
connect-src 'self' *.mux.com *.readspeaker.com *.saarland.de; default-src 'self' *.googleapis.com; base-uri 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.openlayers.org openlayers.org *.openstreetmap.org siteimproveanalytics.com; object-src 'self'; media-src blob: 'self' stream.mux.com *.youtube.com *.youtube-nocookie.com *.readspeaker.com *.mux.com www.tremonia-dxp.de; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.instagram.com *.readspeaker.com *.saarland.de tnv.lpm-saarland.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.openlayers.org openlayers.org *.openstreetmap.org *.geodatenzentrum.de *.siteimproveanalytics.io; worker-src 'self' blob:; frame-ancestors 'self'; 1
default-src *.nav.no portal-admin.oera.no; script-src *.nav.no portal-admin.oera.no *.tingtun.no termer.no uxsignals-frontend.uxsignals.app.iterate.no *.psplugin.com *.hotjar.com *.taskanalytics.com nav.boost.ai 'unsafe-inline' 'unsafe-eval'; script-src-elem *.nav.no portal-admin.oera.no *.tingtun.no termer.no uxsignals-frontend.uxsignals.app.iterate.no video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.hotjar.com *.taskanalytics.com nav.boost.ai 'unsafe-inline'; worker-src *.nav.no portal-admin.oera.no blob:; style-src *.nav.no portal-admin.oera.no 'unsafe-inline' *.psplugin.com; font-src *.nav.no portal-admin.oera.no data: video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.hotjar.com cdn.nav.no; img-src *.nav.no portal-admin.oera.no data: video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: *.psplugin.com *.vimeocdn.com *.hotjar.com www.vergic.com storage.googleapis.com; object-src video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob:; connect-src *.nav.no portal-admin.oera.no video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: api.uxsignals.com *.boost.ai *.psplugin.com *.hotjar.com *.hotjar.io *.taskanalytics.com; media-src video.qbrick.com play2.qbrick.com analytics.qbrick.com *.ip-only.net blob: ihb.nav.no; child-src blob:; style-src-elem *.nav.no *.psplugin.com 'unsafe-inline'; frame-src *.hotjar.com player.vimeo.com video.qbrick.com; 1
frame-ancestors 'self' https://*.designcrowd.com; 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.arcgis.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://tigoune.maps.arcgis.com https://www.une.com.co https://*.une.com.co 'sha256-mBcgzZ36s/ssKaH7/DbbJEMtbumFZHsz1tRHoAWJISU=' 'sha256-4jLXDjttYgZGdR3ly3AXw5YG6hUiB0vhH49x3gF4v6o=' 'sha256-nSNutDm4b0xlOVJ6d2o6FfQtTqubddecmFK5u1bH9eQ=' 'sha256-2UoXH2Nxa9FD+HQj/Hp5juuacBa0PfUJVyanLHuDPOE=' 'sha256-ndwrZ6zP2oTUI+w2j6dZpKqLIRJPL6Dzo+eibGHpySA=' 'sha256-ISlsDOLXS/YaZ5Yp82THTVSNnRQlXpWmyA/JKprgPcs=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-oedBOFB5GzS6TQP57rWXpAGTuk7Xdg5oTwd7cfpsgD8=' 'sha256-328cDLcn7JqOaIi33fS2EgVOUb2qeSwcEAQUi5gv7Hc=' https://analytics.tiktok.com; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://cdn.smooch.io https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com; connect-src * data: https://*.crazyegg.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
block-all-mixed-content; frame-ancestors https://bigscoots.com https://portal.bigscoots.com/ https://www.bigscoots.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://privacyportal.onetrust.com http://www.google-analytics.com https://ssl.google-analytics.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://privacyportal.onetrust.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com;                img-src 'self' data: http://www.google-analytics.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://cdn.cookielaw.org; 1
default-src 'none'; base-uri 'self' *.32auctions.com; connect-src 'self' *.32auctions.com *.googlesyndication.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com; font-src 'self' https: data:; form-action 'self' *.32auctions.com; frame-ancestors 'self'; frame-src 'self' *.32auctions.com *.googlesyndication.com *.doubleclick.net *.google.com *.youtube-nocookie.com *.facebook.com *.recaptcha.net *.stripe.com; img-src 'self' data: *.32auctions.com *.facebook.com *.twimg.com *.googlesyndication.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; manifest-src 'self' *.32auctions.com; object-src 'none'; script-src 'self' *.32auctions.com 'strict-dynamic' 'unsafe-inline' *.googlesyndication.com *.gstatic.com *.stripe.com *.facebook.com *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'nonce-0+vTUDnkcTdU03LWfffpoA=='; style-src 'self' 'unsafe-inline' *.32auctions.com fonts.googleapis.com *.gstatic.com; report-uri /csp_violation_reports 1
default-src 'self' edge.api.brightcove.com stats.g.doubleclick.net viz.tools.investis.com *.google-analytics.com *.google.com *.media.brightcove.com cdn.jsdelivr.net *.jquery.com *.googleapis.com *.hotjar.com *.hotjar.io  *.twitter.com  brightcove.hs.llnwd.net https://www.facebook.com *.investis.com tagmanager.google.com cdn.cookielaw.org privacyportal-eu.onetrust.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com geolocation.onetrust.com *.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com *.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com  *.googleadservices.com *.licdn.com *.doubleclick.net player.vimeo.com  *.jquery.com *.linkedin.com *.twitter.com *.miappi.com *.investis.com tagmanager.google.com *.bootstrapcdn.com cdn.cookielaw.org cdn.rawgit.com geolocation.onetrust.com https://sc.lfeeder.com/ https://staticcontents.investisdigital.com/ analytics.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com stackpath.bootstrapcdn.com p.typekit.net viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net  *.jquery.com *.investis.com tagmanager.google.com *.googletagmanager.com static.licdn.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com https://secure.brightcove.com *.media.brightcove.com  career5.successfactors.eu https://brightcove.hs.llnwd.net blob: data: https://manifest.prod.boltdns.net https://f1.cf.brightcove.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' staticcontents.investis.com www.google.com irs.tools.investis.com otp.tools.investis.com digital.feprecisionplus.com ir.tools.investis.com staticxx.facebook.com www.youtube.com maps.google.com player.vimeo.com  *.doubleclick.net *.hotjar.com *.facebook.com   *.twitter.com *.miappi.com tagmanager.google.com cdn.cookielaw.org *.googletagmanager.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com cdn.jsdelivr.net *.bootstrapcdn.com use.typekit.net; connect-src 'self' 'unsafe-inline' cdn.linkedin.oribi.io *.google-analytics.com privacy.jti.com cdn.cookielaw.org maps.googleapis.com edge.api.brightcove.com stats.g.doubleclick.net viz.tools.investis.com geolocation.onetrust.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com/ https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com/ www.facebook.com manifest.prod.boltdns.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com analytics.google.com tupf3ye5m3.execute-api.eu-west-1.amazonaws.com *.analytics.google.com *.google.com px.ads.linkedin.com www.google.co.uk www.google.com.my www.jt.com translate.googleapis.com www.google.ru www.google.de; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://bat.bing.com https://*.googletagmanager.com https://*.facebook.net https://connect.facebook.net https://*.app-us1.com https://analytics.tiktok.com; font-src 'self' https://fast.fonts.net https://static.serato.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://static.serato.com; img-src 'self' https://*.cdn.sera.to https://cdn.sanity.io https://static.serato.com https://serato.com https://bat.bing.com https://*.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.facebook.com; connect-src 'self' https://*.serato.com https://*.sanity.io https://serato-limited.breezy.hr/json https://gtm-p9hq86n-mgfkm.uc.r.appspot.com https://analytics.google.com https://www.google-analytics.com https://bat.bing.com https://*.facebook.net https://connect.facebook.net https://*.app-us1.com https://analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; media-src 'self' https://static.serato.com https://*.cdn.sera.to https://cdn.sanity.io; frame-src 'self' https://youtube.com https://www.youtube.com https://w.soundcloud.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.sunstar.com.ph https://anymind360.com;block-all-mixed-content; 1
script-src  'self' 'unsafe-inline' 'unsafe-eval' https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc https://api.uxrocket.ru https://stream.datago.ru  https://mc.yandex.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://yastatic.net; style-src 'self' 'unsafe-inline' https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc https://api.uxrocket.ru https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; img-src * data:; font-src 'self' data: https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc  https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; media-src 'self' blob: https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc  https://chat.vtb.ru wss://chat.vtb.ru; frame-src 'self' 'unsafe-inline' blob: https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc https://stream.datago.ru https://*.roseltorg.ru:* https://api-maps.yandex.ru:* https://chat.vtb.ru wss://chat.vtb.ru https://yastatic.net; connect-src 'self' blob: https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc https://api.uxrocket.ru https://stream.datago.ru https://*.corp.dev.vtb:*  https://mc.yandex.ru https://suggestions.dadata.ru https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net https://geocode-maps.yandex.ru/ https://chat.vtb.ru wss://chat.vtb.ru https://*.adriver.ru https://vk.com https://top-fwz1.mail.ru https://siteapi.vtb.ru https://marketplace.vtb.ru https://auto.vtb.ru https://ipoteka.vtb.ru https://cl.vtb.ru https://cc.vtb.ru https://vb.vtb.ru https://yastatic.net; frame-ancestors 'self' https://siteapi.inno.tech https://inno-siteapi.kometa.vc https://draft-productstudio.kometa.vc https://inno-siteapi.kometa.vc  https://*.vtb.ru:*; 1
connect-src 'self' *; default-src 'self'; form-action 'self'; font-src 'self' data: * 'unsafe-inline'; frame-ancestors 'none'; frame-src 'self' * blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' * 'unsafe-eval' 'unsafe-inline' data: https:; manifest-src 'self'; media-src 'self' blob: * 'unsafe-inline'; object-src 'self' * 'unsafe-eval' 'unsafe-inline'; script-src-attr 'self' * 'unsafe-eval' 'unsafe-inline'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' * 'unsafe-eval' 'unsafe-inline'; style-src-attr 'self' * 'unsafe-eval' 'unsafe-inline'; style-src 'self' * 'unsafe-eval' 'unsafe-inline'; style-src-elem 'self' * 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: * 'unsafe-eval' 'unsafe-inline'; 1
script-src: self 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: *.tealiumiq.com connect.facebook.net www.dwin1.com snap.licdn.com api.eu.kaltura.com beursinfo.abnamro.nl tags.tiqcdn.com w.usabilla.com api.usabilla.com google-analytics.com googletagmanager.com nieuwsbrieven.abnamro.nl *.optimizely.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io; connect-src https: *.tealiumiq.com api.usabilla.com abnamro.sc.omtrdc.net dpm.demdex.net www.google-analytics.com stats.g.doubleclick.net region1.google-analytics.com nieuwsbrieven.abnamro.nl *.optimizely.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io; style-src 'unsafe-inline' https: blob: fonts.googleapis.com; img-src data: https: abnamro.sc.omtrdc.net cfvod.eu.kaltura.com d6tizftlrpuof.cloudfront.net images.ctfassets.net google-analytics.com *.tealiumiq.com w.usabilla.com abnamro.sc.omtrdc.net www.facebook.com www.awin1.com cm.g.doubleclick.net px.ads.linkedin.com region1.google-analytics.com; font-src https: fonts.gstatic.com; media-src 'self' https: blob:; frame-src abnamrobank.qualtrics.com beursinfo.abnamro.nl d6tizftlrpuof.cloudfront.net *.fls.doubleclick.net www.awin1.com player.simplecast.com localfocuswidgets.net assets.abnamro.com www.youtube.com www.google.com nieuwsbrieven.abnamro.nl *.optimizely.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io; worker-src 'self' https: blob:; frame-ancestors https: beursinfo.abnamro.nl nieuwsbrieven.abnamro.nl *.optimizely.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io 1
default-src 'self' *.cp.pt *.enterprisebot.co; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.sharethis.com *.googletagmanager.com cp.enterprisebot.co; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.sharethis.com *.googletagmanager.com cp.enterprisebot.co www.google.com www.gstatic.com platform.twitter.com; connect-src 'self' *.sharethis.com *.google-analytics.com *.doubleclick.net cp.enterprisebot.co wss://cp.enterprisebot.co; font-src 'self' *.gstatic.com cp.enterprisebot.co; img-src 'self' *.sharethis.com cp.enterprisebot.co www.google.com www.google.pt *.google-analytics.com; frame-src 'self' *.sharethis.com cp.enterprisebot.co www.google.com www.facebook.com www.youtube.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cp.enterprisebot.co ws.sharethis.com www.google-analytics.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' ws.sharethis.com www.googletagmanager.com www.google-analytics.com cp.enterprisebot.co 1
img-src https:; frame-ancestors 'self' https://*.uni-augsburg.de; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'strict-dynamic' 'nonce-ddd908f455ed40f50247f8616fbf0dc9'; style-src 'report-sample' 'self' 'unsafe-inline' https://*.lovoo.com cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net https://*.onetrust.com wss://cl-messaging.lovoo.com https://*.facebook.com https://*.facebook.net; font-src 'self' https://*.lovoo.com https://cdnjs.cloudflare.com; frame-src 'self' https://js.stripe.com https://m.stripe.network https://www.google.com https://api.paymentwall.com https://*.googlesyndication.com https://*.lovoo.com https://giphy.com; img-src 'self' data: https://api.paymentwall.com https://cdn.cookielaw.org https://*.googlesyndication.com https://*.lovoo.com https://storage.googleapis.com/img.lovoo.com/; manifest-src 'self' https://*.lovoo.com; media-src 'self' https://*.lovoo.com; worker-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubee5d7575130b1e76f123c4bd27d709ad&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Aweb-backend%2Cenv%3Aprod 1
default-src blob: ;child-src blob: 'self' https://d13h4w8gjgv887.cloudfront.net;media-src blob: 'self' https://video.joomcdn.net https://*.amazonaws.com https://d13h4w8gjgv887.cloudfront.net;form-action https:;frame-src 'self' https: ;frame-ancestors 'none';manifest-src 'self';base-uri 'none';font-src data: https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;connect-src 'self' https://api.joom.com https://api-secure.joom.one https://api.joompay.tech https://http-babylone-client-faq-api.joom.it https://*.google-analytics.com https://*.analytics.google.com https://*.googleapis.com https://google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://www.facebook.com https://bnc.lt https://joom.test-app.link https://stats.g.doubleclick.net https://*.joomcdn.net https://*.amazonaws.com https://mc.yandex.ru https://mc.yandex.com https://d13h4w8gjgv887.cloudfront.net https://*.riskified.com https://hcaptcha.com https://*.hcaptcha.com https://*.live-video.net https://joom-web.ey.r.appspot.com https://crowdin.com https://*.trustedshops.com https://widget.trustpilot.com https://*.creativecdn.com https://*.dwin1.com https://top-fwz1.mail.ru https://www.wepowerconnections.com https://tr.kickbite.io https://service.nalog.ru https://*.clarity.ms https://analytics.tiktok.com https://www.google.com https://google.com https://pay.google.com https://sentry.joom.it https://www.joom.ru;img-src 'self' data: https: blob:;script-src 'strict-dynamic' 'nonce-MC42NTU0NjI=' 'unsafe-inline' 'unsafe-eval' https:;style-src 'self' https: data: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://d13h4w8gjgv887.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com https://cdn.crowdin.com https://top-fwz1.mail.ru;report-uri https://sentry.joom.it/api/3/security/?sentry_key=b68f31beac04417da5e79086aa76f8d6&sentry_release=web-client@4.8.5-1715600619&sentry_environment=prod 1
default-src 'none'; script-src 'self' https://*.chatlio.com https://js.stripe.com https://*.pusher.com; connect-src 'self' https://*.chatlio.com wss://*.chatlio.com https://*.pusher.com wss://*.pusher.com https://*.pusherapp.com wss://*.pusherapp.com; img-src * data:; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.chatlio.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://js.stripe.com; frame-ancestors 'self'; media-src 'self' https://*.chatlio.com; form-action 'self' https://*.chatlio.com; base-uri 'self'; 1
base-uri 'none'; default-src blob: *.crazyegg.com; connect-src https: wss: *.crazyegg.com; font-src 'self' https: data:; frame-src https: *.crazyegg.com; img-src 'self' https: data: *.crazyegg.com; media-src 'self' https: blob:; object-src 'none'; script-src 'strict-dynamic' 'self' blob: https: 'unsafe-inline' 'wasm-unsafe-eval' *.crazyegg.com 'nonce-0sxm7rZ+1Gci713syiVkLg=='; style-src 'strict-dynamic' 'self' https: *.crazyegg.com 'nonce-0sxm7rZ+1Gci713syiVkLg=='; report-uri https://o439626.ingest.sentry.io/api/5915655/security/?sentry_key=02a78186742146fb825ac6a25f6dd765 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: blob: data:; 1
default-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://use.typekit.net; img-src 'self' https:; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://cdn.livechatinc.com https://snap.licdn.com https://api.livechatinc.com https://www.redditstatic.com https://*.reddit.com https://translate.google.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://adservice.google.com https://api.livechatinc.com https://region1.google-analytics.com https://conversions-config.reddit.com https://px.ads.linkedin.com https://www.redditstatic.com; frame-src 'self' https://secure.livechatinc.com https://bid.g.doubleclick.net https://www.google.com https://td.doubleclick.net; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; report-uri https://escalated.io/code/cspreport?s=h2 1
default-src 'self' *.siteimprove.com *.facebook.com *.doubleclick.net *.facebook.net *.bing.com *.nr-data.net *.google-analytics.com *.medallia.com *.kampyle.com *.logtrackback.com *.googleapis.com www.clarity.ms *.fontawesome.com a.clarity.ms c.clarity.ms f.clarity.ms b.clarity.ms i.clarity.ms/collect *.clarity.ms n.clarity.ms/collect *.oribi.io *.socalgas.com blob:; script-src 'self' *.youtube.com 'unsafe-eval' 'unsafe-inline' data: *.bootstrapcdn.com *.siteimprove.net *.datatables.net siteimproveanalytics.com *.cloudflare.com *.jsdelivr.net *.googleapis.com *.googletagmanager.com *.twitter.com *.syndication.twimg.com snap.licdn.com *.google.com *.google-analytics.com *.gstatic.com *.krxd.net resources.xg4ken.com bat.bing.com px.owneriq.net *.facebook.net *.doubleclick.net *.googleadservices.com *.quantserve.com *.quantcount.com unpkg.com *.xg4ken.com *.newrelic.com *.nr-data.net interface.us.q-go.net *.brandcdn.com *.pixel.ad *.medallia.com *.kampyle.com *.acuityplatform.com browser-update.org *.googleapis.com *.cloudflareinsights.com *.socalgas.com  *.adsrvr.org www.clarity.ms *.clarity.ms *.fontawesome.com a.clarity.ms c.clarity.ms f.clarity.ms b.clarity.ms i.clarity.ms/collect *.content-cms.com *.socalgas.com blob:; style-src 'self' 'unsafe-inline' *.fontawesome.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com *.cloudflare.com *.medallia.com *.kampyle.com; img-src 'self' data: 'unsafe-inline' *.google.com *.google.co.in *.googleapis.com *.gstatic.com twitter.com *.twitter.com *.twimg.com *.ytimg.com rs.gwallet.com *.linkedin.com bat.bing.com *.facebook.com px.owneriq.net *.krxd.net *.siteimproveanalytics.io *.googletagmanager.com *.adsymptotic.com *.socalgas.com *.vindicosuite.com *.quantserve.com *.doubleclick.net socalgas.com *.google-analytics.com *.agkn.com *.facebook.net *.fastclick.net *.socalgas.com *.atdmt.com *.sitescout.com *.medallia.com *.kampyle.com c.clarity.ms f.clarity.ms b.clarity.m c.clarity.ms/c.gif i.clarity.ms/collect c.bing.com *.bing.com; media-src 'self' data:; frame-src 'self' *.youtube.com *.twitter.com twitter.com sempra.mediaroom.com *.socalgas.com *.google.com *.pages02.net *.sempra.com *.doubleclick.net px.owneriq.net *.krxd.net *.siteimprove.net siteimproveanalytics.com *.sitescout.com *.medallia.com *.kampyle.com *.maps.arcgis.com *.vimeo.com *.issuu.com *.googleapis.com *.adsrvr.org *.clarity.ms *.facebook.com *.facebook.net *.content-cms.com *.powerbi.com; font-src 'self' *.fontawesome.com *.googleapis.com  *.gstatic.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' staatskanzlei-thueringen.de *.staatskanzlei-thueringen.de *.flickr.com *.thueringen.de *.mediathek-deutschland.com 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com 1
frame-ancestors 'self' https://myiesetest.azurewebsites.net https://my.iese.edu https://web.iese.edu; 1
frame-ancestors 'self' https://attivazioni.windtre.it attivazioni.windtre.it https://ac.windtre.it ac.windtre.it https://www.windtrebusiness.it www.windtrebusiness.it https://shop.windtre.it shop.windtre.it https://buy.shop.windtre.it  buy.shop.windtre.it ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com connect.facebook.net www.google-analytics.com vidassets.terminus.services blob: doug1izaerwt3.cloudfront.net data: nasdaqir-prod.apigee.net j.6sc.co bam.nr-data.net cdnjs.cloudflare.com   googleads.g.doubleclick.net maps.googleapis.com snap.licdn.com ajax.googleapis.com js.createsend1.com cdn.cookielaw.org www.buzzsprout.com cdn.jsdelivr.net static.ads-twitter.com munchkin.marketo.net app-e.marketo.com js-agent.newrelic.com www.youtube.com static.hotjar.com script.hotjar.com www.google.com adservice.google.com analytics.google.com bat.bing.com geolocation.onetrust.com gmc.lingotek.com myaccount.lingotek.com service.force.com cdn.bizible.com fonts.gstatic.com www.gstatic.com d8ejoa1fys2rk.cloudfront.net d.la1-c1-ia4.salesforceliveagent.com origin.acuityplatform.com baker-hughes.my.salesforce.com e.acuityplatform.com static.lightning.force.com servicesupport.bakerhughesds.com googleads.g.doubleclick.net platform.linkedin.com www.linkedin.com cse.google.com clients1.google.com partner.googleadservices.com addtocalendar.com; media-src 'self' www.vimeo.com www.youtube.com https://fpdl.vimeocdn.com data: https://designbysoap.b-cdn.net bakerhughes.nanorep.co dam.bakerhughes.com d2vppzocvtms05.cloudfront.net; frame-src 'self' www.facebook.com app-e.marketo.com www.youtube.com www.hotjar.com indd.adobe.com connect.facebook.net td.doubleclick.net 11146811.fls.doubleclick.net youtu.be www.google.com  login.microsoftonline.com platform.linkedin.com syndication.twitter.com platform.twitter.com linkedin.com player.vimeo.com buzzsprout.com anchor.fm apps.kaonadn.net web.microsoftstream.com https://infogram.com service.force.com https://play.goconsensus.com podcasters.spotify.com www.linkedin.com maps.google.com; frame-ancestors 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com www.smartsheet.com s3.amazonaws.com https://play.goconsensus.com gmc.lingotek.com myaccount.lingotek.com; font-src 'self' data: fonts.gstatic.com www.cloudflare.com themes.googleusercontent.com www.hotjar.com d8ejoa1fys2rk.cloudfront.net use.typekit.net script.hotjar.com; report-uri /report-csp-violation 1
default-src 'none';   script-src * 'unsafe-eval' 'unsafe-inline';   object-src 'self';   style-src 'self' 'unsafe-inline' https://cdn.pendo.io https://*.storage.googleapis.com;   img-src 'self' data: https://data.pendo.io https://app.pendo.io https://*.storage.googleapis.com;   media-src 'self';   frame-src * blob:;   frame-ancestors 'self' https://*.cisco.com;   font-src 'self' data:;   connect-src *; 1
frame-ancestors 'self';  default-src 'self' tn.edu.tw mb.tn.edu.tw ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' tn.edu.tw mb.tn.edu.tw ;  connect-src 'self' tn.edu.tw mb.tn.edu.tw ;  frame-src tn.edu.tw mb.tn.edu.tw ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
default-src 'self' *.adobe.io *.omtrdc.net www.facebook.com www.google-analytics.com; frame-src 'self' https://wavedw.santandergroup.net/ https://td.doubleclick.net/ https://documentservices.adobe.com https://open.spotify.com https://www.tiktok.com/ https://tr.snapchat.com *.google.com *.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/ ; media-src 'self' https://waveplayer01.santandergroup.net https://www.santander.com;  img-src 'self' https://adservice.google.com https://*.inspiringbenefits.com https://*.linkedin.com https://abs.twimg.com https://analytics.twitter.com https://bat.bing.com https://dev.day.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pbs.twimg.com https://platform.twitter.com https://px.ads.linkedin.com https://syndication.twitter.com https://t.co https://ton.twimg.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.es  *.omtrdc.net data: w3.org/svg/2000 https://*.clarity.ms https://dummyimage.com https://www.santander.com https://*.bing.com; script-src 'self' https://qvdt3feo.com/ https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.js https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_v1.0.12.js https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_v1.0.11.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/embed_lib_v1.0.11.js track.adform.net 'unsafe-inline' 'unsafe-eval' https://tr.snapchat.com cdn-dev.wdesk.org cdn-prod.wdesk.com sc-static.net platform.instagram.com documentservices.adobe.com www.googletagmanager.com maps.googleapis.com gruposantand-stage.adobemsbasic.com gruposantand-prod.adobemsbasic.com geolocation.onetrust.com cdn.cookielaw.org tbcdn.talentbrew.com player.vimeo.com www.youtube.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net fonts.gstatic.com www.google-analytics.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com www.adobe.io tag.oniad.com  sstats.adobe.com documentcloud.adobe.com p13n.adobe.io viewlicense.adobe.io use.typekit.net santander.com www.santander.com gruposantand-prod.adobemsbasic.com static-exp1.licdn.com bat.bing.com stackadapt.com srv.stackadapt.com tags.srv.stackadapt.com syndication.twitter.com cdn.syndication.twimg.com licdn.com www.linkedin.com www.omtrdc.net www.instagram.com platform.twitter.com tbcdn.talentbrew.com maps.googleapis.com player.vimeo.com www.google.com www.google.es www.google-analytics.com www.gstatic.com www.google.com www.gstatic.com lptag.liveperson.net accdn.lpsnmedia.net lo.v.liveperson.net lpcdn.lpsnmedia.net www.youtube.com player.vimeo.com s.ytimg.com www.youtube.com irs.tools.investis.com tags.tiqcdn.com r3---sn-h5q7dne6.googlevideo.com ikuna.s3.amazonaws.com assets.adobedtm.com www.googletagmanager.com static.ads-twitter.com snap.licdn.com connect.facebook.net analytics.twitter.com https://www.googleadservices.com googleads.g.doubleclick.net https://accdn.lpsnmedia.net/api/account/52492817/configuration/setting/accountproperties/ https://assets.adobedtm.com/fdfbb5376673/978974bd73e8/launch-a4fb25bd3770.min.js sc-static.net/scevent.min.js https://bat.bing.com/bat.js https://cdn.syndication.twimg.com/timeline/profile https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10781141842/ https://lpcdn.lpsnmedia.net/le_unified_window/10.17.0.8-release_5442/ui-framework.js https://lptag.liveperson.net/tag/tag.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://tags.srv.stackadapt.com/events.js https://tags.tiqcdn.com/utag/santander/corporate-main-aem/prod/utag.js https://www.clarity.ms/tag/b84z53kzvw https://www.google-analytics.com/analytics.js  https://www.googletagmanager.com/gtag/js https://www.youtube.com/iframe_api https://www.clarity.ms https://www.go-mpulse.net https://www.google-analytics.com; style-src tbcdn.talentbrew.com 'self' 'unsafe-inline' https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css https://lf16-tiktok-web.ttwstatic.com/ https://platform.twitter.com https://tags.srv.stackadapt.com https://ton.twimg.com https://tags.srv.stackadapt.com/sa.css; connect-src 'self' https://googleads.g.doubleclick.net/pagead/landing https://www.google.com/pagead/landing https://region1.google-analytics.com https://px.ads.linkedin.com https://cdn.linkedin.oribi.io/partner/3624849/domain/ https://*.tiktok.com https://adservice.google.com https://analytics.google.com https://cdn.cookielaw.org https://bat.bing.com https://collect.tealiumiq.com *.omtrdc.net https://region1.analytics.google.com https://stats.g.doubleclick.net https://tags.srv.stackadapt.com https://viewlicense.adobe.io https://www.clarity.ms https://*.clarity.ms https://www.google-analytics.com https://www.google.es https://www.facebook.com/tr/ https://*.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://tr.snapchat.com/p data:; font-src 'self' data:; object-src 'self' https://8853727.fls.doubleclick.net https://documentcloud.adobe.com https://irs.tools.investis.com https://lpcdn.lpsnmedia.net https://platform.twitter.com https://www.facebook.com https://www.linkedin.com https://www.youtube-nocookie.com https://bid.g.doubleclick.net https://www.instagram.com/ https://player.cnbc.com https://www.bloomberg.com https://waveplayer01.santandergroup.net https://syndication.twitter.com/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://js.driftt.com https://widget.drift.com https://ajax.googleapis.com https://maps.googleapis.com https://optimize.google.com https://www.youtube.com https://cdnjs.cloudflare.com https://www.google.com https://tagmanager.google.com https://www.googleoptimize.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://adservice.google.ca https://tpc.googlesyndication.com https://cookie-cdn.cookiepro.com https://hubspot.clearbit.com https://forms.hsforms.com https://client-registry.mutinycdn.com https://js.hs-scripts.com https://js.hsforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://client.mutinycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://tag.clearbitscripts.com https://j.6sc.co https://www.clickcease.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://script.hotjar.com https://reveal.clearbit.com https://x.clearbitjs.com https://snap.licdn.com https://tag.demandbase.com https://tribl.io https://hackerone.com https://www.clarity.ms https://k.clarity.ms https://js.chilipiper.com/marketing.js https://tracking.g2crowd.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai https://serve.nrich.ai https://tag.nrich.ai https://tag.unifyintent.com https://cdn.dreamdata.cloud; 1
object-src 'none'; frame-ancestors http://hdcs.nexicomgroup.net/ 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nict.go.jp 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-MDA4OGEyODAwOQ/NzcxMWQ5YWNkYmJmMDY='; object-src 'self'; 1
default-src 'self'; connect-src 'self' https://kontakt.tuhh.de/api/search.php https://jobs.b-ite.com/api/v1/postings/search; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://cse.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.tuhh.de https://*.tu-harburg.de; img-src 'self' data: https://www.juicer.io https://img.youtube.com https://*.openstreetmap.org https://unpkg.com https://*.google.com https://*.gstatic.com https://*.tuhh.de https://*.tu-harburg.de; media-src 'self' https://*.tuhh.de https://*.tu-harburg.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://cdn.jsdelivr.net https://unpkg.com https://cse.google.com https://www.google.com/cse/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.b-ite.com/jobs-api/ https://cs-assets.b-ite.com/technische-uni-hamburg/jobs-api/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://unpkg.com https://www.google.com/cse/ https://cs-assets.b-ite.com/technische-uni-hamburg/jobs-api/; frame-ancestors 'self'; report-uri https://intranet.tuhh.de/cspreport.php 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-ANx2w4AmYs0iyG3pjSmC/Q=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.sleekplan.com *.mspbackups.com https://unpkg.com/ionicons@4.5.10-0/dist/ionicons/ d1f8f9xcsvx3ha.cloudfront.net posthog.mon.mspbackups.com https://momentjs.com/downloads/moment-timezone-with-data.min.js https://momentjs.com/downloads/moment.js https://code.jquery.com/jquery-3.5.1.min.js https://accounts.google.com/gsi/client https://alcdn.msauth.net/browser/2.28.1/js/msal-browser.min.js; 1
frame-ancestors 'self' https://victorinox.frontastic.io ; default-src 'self' ; media-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch static.zdassets.com ; frame-src 'self' * ; worker-src 'self' blob: ; child-src 'self' blob: *.victorinox.com *.swissarmy.com *.wenger.ch *.tangiblee.com *.photorank.me *.pinterest.com https://web.facebook.com https://fbsbx.com https://*.google.com https://www.youtube.com https://www.facebook.com https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://emersya.com/ https://www.pinterest.com https://www.pinterest.co.uk https://www.pinterest.ch https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.it https://www.pinterest.at https://www.pinterest.se https://www.pinterest.ru https://www.pinterest.ie https://secure.img-cdn.mediaplex.com *.fls.doubleclick.net *.doubleclick.net vars.hotjar.com victorinox-fr-affiliate-programme.sjv.io player.vimeo.com assets.bounceexchange.com ; img-src 'self' data: https: https://api.qrserver.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.victorinox.com *.swissarmy.com *.wenger.ch *.paypalobjects.com *.cloudfront.net *.cdn4.forter.com *.baidu.com *.onetrust.com *.getback.ch *.taboola.com *.yahoo.co.jp *.bazaarvoice.com *.cdn77.org *.zoovu.com *.tangiblee.com *.contentsquare.com *.zopim.com *.bdimg.com maps.google.com load.sumome.com load.sumo.com https://*.googletagmanager.com https://*.google-analytics.com www.googleadservices.com www.sc.pages03.net static.hotjar.com tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com tag.bounceexchange.com dash-staging.bounceexchange.com bat.bing.com snap.licdn.com t.contentsquare.net contentsquare.com static.ads-twitter.com analytics.tiktok.com analytics.twitter.com platform.twitter.com script.hotjar.com googleads.g.doubleclick.net s.yimg.jp px.adhigh.net assets.zendesk.com intljs.rmtag.com static.zdassets.com ut.rd.linksynergy.com br-victorinox.netmng.com tags.srv.stackadapt.com d.impactradius-event.com s.pinimg.com cdn.tangiblee.com cscoreproweustor.blob.core.windows.net js.monitor.azure.com api.channelsight.com cdn.channelsight.com *.klaviyo.com emersya.com cdn.emersya.com cdn.brcdn.com f.monetate.net se.monetate.net cdn.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com photorankstatics-a.akamaihd.net https://*.google.com www.paypal.com www.gstatic.com www.gstatic.cn www.dwin1.com connect.facebook.net openpay.s3.amazonaws.com swissarmy.cardconnect.com:* vx.local:* *.clarity.ms *.openpay.mx *.googlesyndication.com https://www.recaptcha.net https://services.postcodeanywhere.co.uk *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv www.googleoptimize.com https://eubroken.mysingleromance.com https://dem.mysingleromance.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com *.dash-staging.bounceexchange.com *.dash.bounceexchange.com https://checkoutshopper-test.adyen.com https://live.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://contest.victorinox.com https://view.juneapp.com https://unpkg.com *.google-analytics.com *.netlify.app https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com https://emea01.cluster.observability.cloud.sap:9999; font-src 'self' data: *.victorinox.com *.swissarmy.com *.wenger.ch *.hotjar.com *.cdn77.org *.cloudfront.net *.tangiblee.com olapic-data.s3.amazonaws.com photorankstatics-a.akamaihd.net fonts.gstatic.com emersya.com cdn.emersya.com fast.fonts.net cdnjs.cloudflare.com cdn.megabonus.com static3.avast.com cdn.honey.io netdna.bootstrapcdn.com assets.bounceexchange.com *.sprinklr.com *.channelsight.com; form-action 'self' https: ; connect-src 'self' ws: wss: *.victorinox.com *.swissarmy.com *.wenger.ch *.forter.com *.klaviyo.com *.amazonaws.com *.onetrust.com *.paypal.com *.paypalobjects.com *.openpay.mx *.taboola.com *.victorinox.com *.tangiblee.com *.contentsquare.net *.bazaarvoice.com *.getback.ch *.hotjar.com *.zoovu.com *.facebook.com https://*.google.com *.instagram.com sumo.com api.openweathermap.org https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com emersya.com cdn.emersya.com ws.emersya.com cdn.cookielaw.org d2o5idwacg3gyw.cloudfront.net photorankstatics-a.akamaihd.net photorankapi-a.akamaihd.net https://*.g.doubleclick.net analytics.tiktok.com ekr.zdassets.com swissarmy.zendesk.com widget-mediator.zopim.com bat.bing.com px.adhigh.net hm.baidu.com tags.srv.stackadapt.com ct.pinterest.com api.channelsight.com dc.services.visualstudio.com vc.hotjar.io victorinox-fr-affiliate-programme.sjv.io events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net maps.googleapis.com *.clarity.ms https://services.postcodeanywhere.co.uk https://api.addressy.com *.sprinklr.com https://rum-static.pingdom.net https://rum-collector-2.pingdom.net *.teads.tv https://dem.mysingleromance.com cdn.linkedin.oribi.io https://*.csftr.com *.googlesyndication.com *.rakuten.com *.linksynergy.com *.xg4ken.com *.nxtck.com *.leadsrx.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com *.frontastic.rocks *.frontastic.live *.frontastic.io *.linkedin.com *.cloudflare.com *.adyen.com https://emea02-nonprod.cluster.observability.cloud.sap:9999 *.youtube.com *.youku.com https://emea01.cluster.observability.cloud.sap:9999; style-src 'self' 'unsafe-inline' *.victorinox.com *.swissarmy.com *.wenger.ch *.cdn77.org *.tangiblee.com assets-static.victorinox.com *.klaviyo.com photorankstatics-a.akamaihd.net fonts.googleapis.com emersya.com cdn.emersya.com api.map.baidu.com fast.fonts.net static.getback.ch cdnjs.cloudflare.com tags.srv.stackadapt.com cdn.channelsight.com tiger-cdn.zoovu.com translate.googleapis.com assets.bounceexchange.com https://services.postcodeanywhere.co.uk *.sprinklr.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://checkoutshopper-live-us.adyen.com https://live.adyen.com; report-to csp-endpoint; 1
default-src 'self' * data: blob: https: *.vpnmentor.com vpnmentor.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.website-files.com *.cloudfront.net *.iubenda.com chimpstatic.com *.peacebanana.com *.ostrichesica.com *.mcangelus.com *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.googleapis.com *.alooma.com  *.doubleclick.net *.g.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.hhtpp.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.peacebanana.com *.ostrichesica.com *.mcangelus.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: vpnmentor.com *.vpnmentor.com  *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.googleapis.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blog: *.ampproject.org *.googletagmanager.com *.googleapis.com *.website-files.com *.gstatic.com; 1
script-src 'self'; object-src 'none' 1
default-src https: blob: data: 'self' 'unsafe-inline';script-src https: https://bam.nr-data.net https://js-agent.newrelic.com https://www.datadoghq-browser-agent.com  data: 'unsafe-inline'  'self';connect-src  https://analytics.google.com https://bam.nr-data.net https://*.newrelic.com  https://*.browser-intake-datadoghq.com 'self' https://gddfubayy2x4xlj5r5xql3k3b40emdrj.lambda-url.us-west-2.on.aws/ https://na2aws-prod-msw-supportcases-bucket.s3.us-west-2.amazonaws.com https://*.ngrok.io  https://*.doubleclick.net https://www.google-analytics.com https://*.delighted.com https://*.sonicwall.com https://*.mysonicwall.com; font-src 'self' data: https://www.mysonicwall.com https://fonts.gstatic.com; img-src 'self' https://*.sonicwall.com https://fonts.gstatic.com https: data:; 1
frame-ancestors 'self' https://app.experiencewelcome.com/ 1
img-src 'self' data: blob: *.openstreetmap.org *.cloud.ovh.net * static.demarches-simplifiees.fr stats.data.gouv.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.crisp.chat crisp.chat cdn.jsdelivr.net maxcdn.bootstrapcdn.com code.jquery.com unpkg.com stats.data.gouv.fr; style-src 'self' 'unsafe-inline' *.crisp.chat crisp.chat cdn.jsdelivr.net maxcdn.bootstrapcdn.com unpkg.com; connect-src 'self' wss://*.crisp.chat *.crisp.chat app.franceconnect.gouv.fr openmaptiles.geo.data.gouv.fr openmaptiles.github.io tiles.geo.api.gouv.fr data.geopf.fr www.demarches-simplifiees.fr www.demarches-simplifiees.fr sentry.io static.demarches-simplifiees.fr api-adresse.data.gouv.fr data.education.gouv.fr geo.api.gouv.fr stats.data.gouv.fr; frame-src 'self' stats.data.gouv.fr static.demarches-simplifiees.fr; default-src 'self' data: blob: 'report-sample' fonts.gstatic.com in-automate.sendinblue.com player.vimeo.com app.franceconnect.gouv.fr *.crisp.chat crisp.chat *.crisp.help *.sibautomation.com sibautomation.com data sentry.io static.demarches-simplifiees.fr 1
default-src 'self' https:;connect-src 'self' https: https://api.mobius.highereducation.com https://api.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://api.honeybadger.io https://api.sail-personalize.com https://api.sail-track.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://privacyportal.onetrust.com wss://*.hotjar.com https://generalassembly.pxf.io;font-src 'self' data: https: https://ga-static-assets-s3.global.ssl.fastly.net https://fonts.gstatic.com;img-src 'self' data: blob: https: https://ga-static-assets-s3.global.ssl.fastly.net https://www.google-analytics.com https://ga-core.s3.amazonaws.com https://stats.g.doubleclick.net https://dc.ads.linkedin.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/ https://generalassemb.ly/ https://s3.amazonaws.com/static-assets.generalassemb.ly/ https://px.ads.linkedin.com https://grow.clearbitjs.com https://ws.zoominfo.com;object-src 'none';worker-src blob: https:;media-src 'self' data: blob: https:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://cdn.cookielaw.org https://ga-static-assets-s3.global.ssl.fastly.net https://ak.sail-horizon.com https://www.google-analytics.com https://d1fc8wv8zag5ca.cloudfront.net https://tagmanager.google.com https://connect.facebook.net/ https://code.jquery.com/ https://geolocation.onetrust.com https://bam-cell.nr-data.net https://cdn.optimizely.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://stats.g.doubleclick.net https://snap.licdn.com https://utt.impactcdn.com;script-src-elem 'self' https: 'unsafe-inline' 'unsafe-eval' https://cdn.mobius.highereducation.com https://www.googletagmanager.com https://www.google-analytics.com https://ak.sail-horizon.com https://cdn.optimizely.com https://www.googleadservices.com https://stats.g.doubleclick.net https://js-agent.newrelic.com https://x.clearbitjs.com https://grow.clearbitjs.com https://ws.zoominfo.com;style-src 'self' data: https: 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://ssl.gstatic.com https://cdn.cookielaw.org https://optanon.blob.core.windows.net;frame-ancestors 'self';upgrade-insecure-requests;report-uri /core_content_security_policy/reports; 1
frame-ancestors 'self' https://*.nwea.org; 1
default-src 'self' blob: ;style-src 'self' 'unsafe-inline' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.split.io *.google-analytics.com *.googletagmanager.com instant.page *.googleadservices.com *.ranksci.com *.lr-ingest.io *.facebook.net *.yimg.com *.bing.com *.g.doubleclick.net *.yahoo.com *.paypal.com *.paypalobjects.com *.brcdn.com *.bamboohr.com *.powerreviews.com *.braintreegateway.com *.zdassets.com *.zopim.com *.iesnare.com *.msn.com *.twitter.com *.letslinc.com *.gstatic.com *.crisp.chat *.ampproject.org *.pay.google.com *.segment.com *.vercel.app *.youtube.com *.maker.co *.vercel-insights.com *.lr-in.com *.lr-in-prod.com *.ingest-lr.com *.zinrelo.com *.clrt.ai vercel.live *.here.com *.js.api.here.com *.hereapi.com blob: ;worker-src 'self' blob: ;img-src 'self' data: *.speedwaymotors.com *.speedway2.com p.brsrvr.com *.powerreviews.com i.ytimg.com static.pxlecdn.com dy5vgx5yyjho5.cloudfront.net *.crisp.chat *.google.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.bing.com *.cloudinary.com *.vercel.com smi-static-content.s3-us-west-2.amazonaws.com smi-static-content.s3.us-west-2.amazonaws.com *.yahoo.com *.bamboohr.com *.paypal.com *.paypalobjects.com *.gstatic.com *.here.com *.js.api.here.com *.hereapi.com ;font-src 'self' 'unsafe-inline' data: * ;frame-ancestors 'self' *.speedwaymotors.com ;form-action 'self' *.speedwaymotors.com *.powerreviews.com *.facebook.com *.google.com *.here.com *.js.api.here.com *.hereapi.com ;frame-src 'self' td.doubleclick.net *.youtube.com *.maker.co vercel.live *.facebook.com *.letslinc.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.amazonaws.com *.tiktok.com ;connect-src 'self' *.google.com *.split.io *.google-analytics.com *.googletagmanager.com instant.page *.googleadservices.com *.ranksci.com *.lr-ingest.io *.facebook.net *.yimg.com *.bing.com *.g.doubleclick.net *.yahoo.com *.paypal.com *.paypalobjects.com *.brcdn.com *.bamboohr.com *.powerreviews.com *.braintreegateway.com *.zdassets.com *.zopim.com *.iesnare.com *.msn.com *.twitter.com *.letslinc.com *.gstatic.com *.crisp.chat *.ampproject.org *.pay.google.com *.segment.com *.vercel.app *.youtube.com *.maker.co *.vercel-insights.com *.lr-in.com *.lr-in-prod.com *.ingest-lr.com *.zinrelo.com *.clrt.ai vercel.live *.here.com *.js.api.here.com *.hereapi.com blob: *.speedwaymotors.com *.speedway2.com p.brsrvr.com *.powerreviews.com i.ytimg.com static.pxlecdn.com dy5vgx5yyjho5.cloudfront.net *.crisp.chat *.google.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.bing.com *.cloudinary.com *.vercel.com smi-static-content.s3-us-west-2.amazonaws.com smi-static-content.s3.us-west-2.amazonaws.com *.yahoo.com *.bamboohr.com *.paypal.com *.paypalobjects.com *.gstatic.com *.here.com *.js.api.here.com *.hereapi.com *.googlesyndication.com noembed.com wss://client.relay.crisp.chat *.google.com api.askmiso.com api.ipstack.com api.segment.io *.letslinc.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com google.com *.smartystreets.com ; 1
frame-ancestors 'self' https://*.mastercontrol.com; object-src 'none'; base-uri 'self' https://*.mastercontrol.com https://*.clarity.ms; report-uri https://reportcsp.azurewebsites.net/api/CSPViolation 1
base-uri 'self'; child-src 'self' https://*.missiveapp.com https://*.twitter.com https://*.producthunt.com https://*.soundcloud.com https://*.youtube.com https://*.youtube-nocookie.com; connect-src 'self' https://*.missiveapp.com https://*.rollbar.com https://*.twitter.com https://*.swiftypecdn.com https://*.swiftype.com https://*.google-analytics.com https://zapier.com https://*.zapier.com https://cdn.segment.com; default-src 'none'; font-src 'self' https://ddux7jl4k2xkx.cloudfront.net; form-action 'self' https://*.twitter.com https://missive.createsend.com; frame-ancestors 'self' https://mail.missiveapp.com; img-src 'self' https: data:; media-src 'self' https://ddux7jl4k2xkx.cloudfront.net; manifest-src 'self'; object-src 'none'; script-src 'self' https://ddux7jl4k2xkx.cloudfront.net https://*.missiveapp.com https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://*.google-analytics.com https://missive.createsend.com https://*.twitter.com https://*.twimg.com https://*.swiftypecdn.com https://*.swiftype.com https://zapier.com https://*.zapier.com https://cdn.segment.com 'nonce-b3f2d89b0da57b3303a50dfb83fb971d' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: 1
script-src 'self' https://snap.licdn.com https://www.inter.it/it/interxnike 'unsafe-inline' 'unsafe-eval' blob: consent.cookiebot.com consentcdn.cookiebot.com www.instagram.com https://platform.twitter.com ad.inter.it open.http.mp.streamamg.com stats.mp.streamamg.com www.gstatic.com www.googletagmanager.com www.google-analytics.com https://analytics.tiktok.com https://www.google.com https://ggl.twitch.tv https://passport.twitch.tv https://www.tiktok.com lf16-tiktok-web.ttwstatic.com https://www.facebook.com https://connect.facebook.net https://portal.allyable.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.contentsquare.net https://sc-static.net https://snap.licdn.com https://googleads.g.doubleclick.net https://*.snapchat.com https://fcinter.formstack.com https://static.formstack.com *.inter.it https://iframely.shorthand.com https://kaltura-plugins.streamamg.com; frame-src 'self' https://www.google.com https://www.tiktok.com https://www.wechat.com https://player.twitch.tv open.spotify.com https://story.snapchat.com https://www.youtube.com https://www.linkedin.com https://www.facebook.com https://player.verb.tech/ https://kaltura-plugins.streamamg.com https://platform.twitter.com/ https://www.instagram.com/ consentcdn.cookiebot.com https://widget.spreaker.com https://emperia.gallery https://identity-inter.cs84.force.com https://*.force.com https://*.salesforce.com https://my.inter.it https://portal.allyable.com https://fcinter--identity.sandbox.my.site.com/ https://*.snapchat.com https://fcinter.formstack.com https://www.inter.it/it/interxnike https://fcinter.formstack.com/ *.inter.it https://iframely.shorthand.com; frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=56t1igdj45hqn&partner=; 1
frame-ancestors 'self' http://*.societanaturalistinapoli.it; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.addtoany.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://w.soundcloud.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.vimeo.com https://vimeo.com/api/oembed.json https://ajax.cloudflare.com https://player.vimeo.com https://static.oktopost.com/oktrk.js https://okt.to https://crmemails.ogilvy.com https://secure.link5view.com https://tag.demandbase.com https://boards.greenhouse.io https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://static.addtoany.com https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://static.addtoany.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://okt.to https://stats.g.doubleclick.net https://www.google.com https://www.google.co.in https://secure.link5view.com https://crmemails.ogilvy.com https://match.prod.bidr.io https://segments.company-target.com *.ads.linkedin.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://w.soundcloud.com https://static.addtoany.com https://boards.greenhouse.io https://td.doubleclick.net; frame-ancestors 'self'; font-src 'self' https://fonts.gstatic.com https://tagmanager.google.com data:; connect-src 'self' https://www.google-analytics.com https://bam.nr-data.net https://api.company-target.com https://stats.g.doubleclick.net https://boards-api.greenhouse.io https://boards.greenhouse.io/ https://analytics.google.com/ *.ads.linkedin.com; report-uri /report-csp-violation 1
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com cdn.staticfile.org *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com metrics.simplytoimpress.com metrics.photoaffections.com metrics.canvasworld.com metrics.mycustomcase.com metrics.simplytoimpress.co.uk metrics.parkerandpip.com metrics.legacylane.com metrics2.gifts.com cdn.simplytoimpress.com;frame-ancestors 'self' https://www.simplytoimpress.com;object-src 'self' https://www.simplytoimpress.com;upgrade-insecure-requests 1
frame-ancestors 'self' *.testberichte.de 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com youtube.com https://www.pinterest.com https://www.pinterest.co.uk https://ln-rules.rewardstyle.com https://*.powerreviews.com blob: https://homebase.hulla-cdn.com https://*.mopinion.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://api.postcodes.io https://ct.pinterest.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.mediarithmics.com https://*.powerreviews.com https://*.cloudinary.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net https://storyboard.storystream.ai https://content.storystream.ai https://*.hulla-cdn.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://horizon-api.www.homebase.co.uk https://*.mopinion.com https://www.homebase.co.uk/e2/ds/relay https://horizon-api.www.homebase.co.uk/graphql https://*.ingest.sentry.io https://s1.thcdn.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://*.mopinion.com; form-action 'self' https://www.facebook.com https://www.homebase.co.uk https://checkout.homebase.co.uk https://connect.facebook.net https://tr.snapchat.com https://survey.g.doubleclick.net; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://www.google.com https://*.google.co.uk https://s.pinimg.com https://assets.sitescdn.net https://apps.storystream.ai http://platform.twitter.com https://ln-rules.rewardstyle.com https://ucarecdn.com/ https://*.mediarithmics.com https://*.powerreviews.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://mpsnare.iesnare.com https://*.contentsquare.net https://app.contentsquare.com https://homebase.hulla-cdn.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.mopinion.com https://ct.pinterest.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://d7c4jjeuqag9w.cloudfront.net https://*.powerreviews.com https://homebase.hulla-cdn.com https://*.mopinion.com https://apps.storystream.ai https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.chemistryworld.com https://eme.abacusemedia.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'none'; img-src data: *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://static.ads-twitter.com https://analytics.twitter.com https://us1.siteimprove.com https://siteimproveanalytics.com/ https://cdn.jsdelivr.net https://snap.licdn.com https://use.typekit.net https://www.instagram.com https://tag.demandbase.com https://cc.cdn.civiccomputing.com https://cdnjs.cloudflare.com https://code.jquery.com https://unpkg.com https://www.tintup.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * blob: data:; media-src * blob: data:; worker-src * blob:; child-src 'self' https://app.uptrends.com https://app.uptrendsinfra.com https://secure.livechatinc.com https://uptrends.chilipiper.com/ https://itrs.chilipiper.com/ https://app.storylane.io; frame-ancestors 'self' https://app.uptrends.com https://app.uptrendsinfra.com; report-uri https://uptr1c0f8ed1b00f41c395691d75b.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.twitter.com *.facebook.com *.stripe.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.de;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com www.google.de;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.de;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz https://region1.analytics.google.com region1.analytics.google.com https://www.google.cz www.google.cz https://www.google.com www.google.com https://www.google-analytics.com www.google-analytics.com https://www.paypal.com www.paypal.com https://manager.eu.smartlook.cloud manager.eu.smartlook.cloud https://web-writer.eu.smartlook.cloud web-writer.eu.smartlook.cloud https://assets-proxy.smartlook.cloud assets-proxy.smartlook.cloud https://stats.g.doubleclick.net stats.g.doubleclick.net https://analytics.google.com analytics.google.com https://blob blob blob:; font-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://www.sandbox.paypal.com www.sandbox.paypal.com https://www.paypal.com www.paypal.com; img-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz https://www.facebook.com www.facebook.com https://c.seznam.cz c.seznam.cz https://www.google.com www.google.com https://www.google.cz www.google.cz https://www.google.sk www.google.sk https://www.google.pl www.google.pl https://www.google.at www.google.at https://www.google.de www.google.de https://t.paypal.com t.paypal.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://www.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com 'unsafe-inline' blob: data:; media-src 'self' data:; object-src 'self'; script-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://ajax.googleapis.com ajax.googleapis.com https://unpkg.com unpkg.com https://cdn.jsdelivr.net cdn.jsdelivr.net https://www.paypalobjects.com www.paypalobjects.com https://rec.smartlook.com rec.smartlook.com https://connect.facebook.net connect.facebook.net https://www.googletagmanager.com www.googletagmanager.com https://www.google.com www.google.com https://www.gstatic.com www.gstatic.com https://www.google-analytics.com www.google-analytics.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://c.seznam.cz c.seznam.cz https://www.paypal.com www.paypal.com https://www.googleadservices.com www.googleadservices.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://chat.gigaserver.cz chat.gigaserver.cz https://cdnjs.cloudflare.com cdnjs.cloudflare.com https://ajax.googleapis.com ajax.googleapis.com 'unsafe-inline'; worker-src 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.ldlc.com *.userlike.com wss://umd.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com chat.userlike.com www.googletagmanager.com *.gstatic.com *.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com connect.facebook.net www.google-analytics.com www.googlecommerce.com aswpapieu.com aswpsdkeu.com *.doubleclick.net stats.g.doubleclick.net *.groupe-ldlc.com *.google.com *.google.fr www.facebook.com www.gstatic.com *.googleapis.com www.youtube.com www.youtube-nocookie.com mpshare.iesnare.com *.trustpilot.com *.twitch.tv *.bimp.fr analytics.tiktok.com www.tiktok.com platform.twitter.com syndication.twitter.com *.ttwstatic.com dl.asnapieu.com mycliplister.com *.mycliplister.com events.demoup.com script.tapfiliate.com;img-src 'self' data: blob: *.bimp.fr *.cloudfront.net *.doubleclick.net *.google.com *.google.fr *.googleapis.com *.groupe-ldlc.com *.gstatic.com *.hotjar.com *.hotjar.io *.ldlc.com *.mycliplister.com *.trustpilot.com *.ttwstatic.com *.twitch.tv *.userlike.com analytics.tiktok.com aswpapieu.com aswpsdkeu.com chat.userlike.com connect.facebook.net dl.asnapieu.com events.demoup.com mpshare.iesnare.com mycliplister.com platform.twitter.com stats.g.doubleclick.net syndication.twitter.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com www.facebook.com www.google-analytics.com www.googlecommerce.com www.googletagmanager.com www.gstatic.com www.tiktok.com www.youtube-nocookie.com www.youtube.com;connect-src 'self' data: blob: *.bimp.fr *.cloudfront.net *.doubleclick.net *.google.com *.google.fr *.googleapis.com *.groupe-ldlc.com *.gstatic.com *.hotjar.com *.hotjar.io *.ldlc.com *.mycliplister.com *.trustpilot.com *.ttwstatic.com *.twitch.tv *.userlike.com analytics.tiktok.com aswpapieu.com aswpsdkeu.com wss://umd.userlike.com wss://*.hotjar.com chat.userlike.com connect.facebook.net dl.asnapieu.com events.demoup.com mpshare.iesnare.com mycliplister.com platform.twitter.com stats.g.doubleclick.net syndication.twitter.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-web.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-store-media-files.s3.amazonaws.com www.facebook.com www.google-analytics.com www.googlecommerce.com www.googletagmanager.com www.gstatic.com www.tiktok.com www.youtube-nocookie.com www.youtube.com frstre.com;frame-ancestors 'self';report-uri https://www.ldlc.com/sentry/api/2/security/?sentry_key=63d37e2da9034686986b325d703bf2bb; 1
style-src 'self' 'unsafe-inline' *.gac.edu *.gustavus.edu tennisandlifecamps.org www.gstatic.com *.googleapis.com www.reservecloud.com *.curator.io *.tinymce.com cdnjs.cloudflare.com uicdn.toast.com matchbox.hepdata.com *.technolutions.net; 1
default-src 'self' data: https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://fonts.gstatic.com/ https://use.typekit.net/ https://*.noibu.com/ wss://*.noibu.com/; script-src 'self' 'unsafe-inline' data: https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://analytics.twitter.com/ https://apis.google.com/_/scs/apps-static/ https://apis.google.com/js/platform.js https://apis.google.com/se/0/wm/1/ https://assets.pinterest.com/js/pinit.js https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinmarklet.js https://s.pinimg.com/ct/ https://b-code.liadm.com/a-00v3.min.js https://cdn.leadmanagerfx.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://js.hs-scripts.com/ https://log.pinterest.com/ https://maps.googleapis.com/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://*.quora.com/qevents.js https://script.hotjar.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://static.hotjar.com/ https://use.typekit.net/ https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/recaptcha/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com/ https://www.googleadservices.com/pagead/conversion.js https://*.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.redditstatic.com/ads/pixel.js https://ads.nextdoor.com/public/pixel/ndp.js https://www.clarity.ms/ https://js.hscollectedforms.net/collectedforms.js https://js.hs-banner.com/ https://js.hs-analytics.net/ https://*.wufoo.com/scripts/embed/form.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://tag.rmp.rakuten.com/125112.ct.js https://js-agent.newrelic.com/ https://analytics.tiktok.com https://stats.g.doubleclick.net https://cdn.cookielaw.org/ https://js.hubspot.com/ https://amplify.outbrain.com/cp/obtp.js https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://js.hsforms.net/forms/embed/v2.js https://js.hubspot.com/web-interactives-embed.js https://amplify.outbrain.com https://wave.outbrain.com/ https://analytics.tiktok.com/ https://tr.outbrain.com/ https://cdn.noibu.com/collect.js https://*.noibu.com/ wss://*.noibu.com/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ 'unsafe-eval' https://s3.amazonaws.com/assets/errors*; style-src 'self' 'unsafe-inline' https://dva1blx501zrw.cloudfront.net/ https://syndication.twitter.com/ https://fonts.googleapis.com/ https://optimize.google.com https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ https://fonts.googleapis.com/css https://s3.amazonaws.com/assets/errors*; frame-src 'self' https://staticxx.facebook.com/ https://web.facebook.com/ https://www.facebook.com/ https://accounts.google.com/ https://apis.google.com/ https://optimize.google.com/ https://www.google.com/recaptcha/ https://editorium.herokuapp.com/ https://editoriumstage.terracycle.com/ https://vars.hotjar.com/ https://i.liadm.com/ https://*.pinterest.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://terracycle.wufoo.com/ https://www.youtube.com/ https://www.recaptcha.net/ https://terracycle.wufoo.com/ https://player.vimeo.com/ https://forms.hubspot.com/ https://td.doubleclick.net/ https://terracycle-6369378.hs-sites.com/ https://privacyportal.onetrust.com/ https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com; img-src 'self' https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://d280jbtwinny2v.cloudfront.net/ https://d35jj3xv1zfqx0.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://tc-global-prod.s3.amazonaws.com/ https://s3.amazonaws.com/tc-global-prod/ https://s3.amazonaws.com// https://s3.amazonaws.com/gog-prod/ https://*.terracycle.com/ https://alb.reddit.com/ https://assets.pinterest.com/images/pidgets/ https://c.liadm.com/ https://log.pinterest.com/ https://maps.googleapis.com/ https://maps.gstatic.com/mapfiles/ https://p.typekit.net/ https://*.quora.com/ https://*.ads.linkedin.com/ https://rp.liadm.com/ https://stats.g.doubleclick.net/r/ https://syndication.twitter.com/i/ https://ct.pinterest.com/v3/ https://t.co/ https://www.facebook.com/tr/ https://optimize.google.com/ https://*.google-analytics.com https://*.googletagmanager.com https://tc-shop-stage.s3.amazonaws.com/ https://tc-shop-prod.s3.amazonaws.com/ https://flask.nextdoor.com/ https://forms.hsforms.com/ https://track.hubspot.com/ https://*.clarity.ms https://img.youtube.com/ https://p.adsymptotic.com/d/px/ https://analytics.tiktok.com/ https://cdn.cookielaw.org/ https://6369378.fs1.hubspotusercontent-na1.net https://consent.linksynergy.com/ https://perf-na1.hsforms.com https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://forms-na1.hsforms.com https://cta-service-cms2.hubspot.com/ https://static.hubspot.com/ https://static.hsappstatic.net/ https://s3.amazonaws.com/static-terracycle-com/misc/ckeditor/ data: https://s3.amazonaws.com/assets/errors/logo-white* https://www.google.at/ https://www.google.be/ https://www.google.br/ https://www.google.ca/ https://www.google.ch/ https://www.google.co.uk/ https://www.google.com/ https://www.google.de/ https://www.google.dk/ https://www.google.es/ https://www.google.fr/ https://www.google.hu/ https://www.google.ie/ https://www.google.jp/ https://www.google.kr/ https://www.google.mx/ https://www.google.nl/ https://www.google.nz/ https://www.google.se/ https://shop.terracycle.com/en-US/ filesystem:; connect-src 'self' https://internalgogdemo.terracycle.com https://dva1blx501zrw.cloudfront.net/ https://dva1blx501zrw.cloudfront.net/ https://ipapi.co/json https://pro.ip-api.com/json/ https://maps.googleapis.com/ https://in.hotjar.com/api/v1/client/sites/600250/ https://in.hotjar.com/api/v2/client/sites/600250/ https://vc.hotjar.io/views/600250 https://t.leadmanagerfx.com/visit/add/4529 https://us-east1-idyllic-vehicle-159522.cloudfunctions.net/mcfx-visitor-information https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://rp.liadm.com/ https://forms.hubspot.com/ https://t.leadmanagerfx.com/ https://www.clarity.ms/ https://*.clarity.ms https://js.hs-banner.com/ https://stats.g.doubleclick.net/ https://ct.pinterest.com/user/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/request/v1/consentreceipts https://api.hubapi.com/ https://cta-service-cms2.hubspot.com/ https://forms.hsforms.com https://cdn.linkedin.oribi.io/partner/2230314/domain/terracycle.com/token https://*.attn.tv/ https://*.attentive.com https://*.attentivemobile.com https://tr.outbrain.com/ https://analytics.tiktok.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://staging.shop.terracycle.com/ https://shop.terracycle.com/ https://*.noibu.com/ wss://*.noibu.com/ 1
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: *; child-src blob: ; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.peopleenespanol.com 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-4nx2oF4J9VSmUzIJ9vloxQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; 1
base-uri 'none'; connect-src 'self' https://mamstream.riksdagen.se https://socket.riksdagen.se wss://socket.riksdagen.se https://data.riksdagen.se *.readspeaker.com *.riks.utv; default-src 'self'; font-src 'self' data:; frame-ancestors 'self' *.riksdagen.se; frame-src 'self' https://www.youtube-nocookie.com data: https://www.riksdagen.se https://gruppbokning.riksdagen.se https://app-eu.readspeaker.com; img-src 'self' data: *.riksdagen.se *.ytimg.com; manifest-src 'self'; media-src 'self' data: blob: *.riksdagen.se *.readspeaker.com; report-uri https://csp.riksdagen.se; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob:; 1
default-src 'self' play.vidyard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.mutinyhq.io *.mutinycdn.com https://cdn.heapanalytics.com https://heapanalytics.com *.googleapis.com *.marketo.net *.google-analytics.com *.google.com *.linkedin.com *.marketo.com *.vidyard.com *.googletagmanager.com *.googleadservices.com *.mktoresp.com static.ads-twitter.com *.twitter.com *.doubleclick.net *.cloudfront.net *.newrelic.com bam.nr-data.net js.bizographics.com s.swiftypecdn.com *.facebook.net *.crazyegg.com *.amazonaws.com *.swiftype.com *.6sc.co *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.driftt.com boards.greenhouse.io snap.licdn.com px.airpr.com *.intentsify.io js.adsrvr.org ads.avct.cloud ml314.com *.blob.core.windows.net unpkg.com mc.yandex.ru *.mimecast.com *.veracode.com *.trustradius.com *.brighttalk.com widgets.peerspot.com *.cloudflareinsights.com *.ensighten.com *.gartner.com d3js.org/d3.v5.min.js *.6sense.com  *.mktoweb.com img-src: www.googletagmanager.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.cloudfront.net fonts.googleapis.com cdnjs.cloudflare.com *.marketo.com s.swiftypecdn.com tagmanager.google.com *.cookielaw.org *.veracode.com maxcdn.bootstrapcdn.com optanon.blob.core.windows.net pro.fontawesome.com *.trustradius.com *.gartner.com optimize.google.com  *.mktoweb.com https://heapanalytics.com; img-src 'self' data: * *.gstatic.com 6sc.co *.mutinyhq.io *.mutinycdn.com  *.mktoweb.com https://cdn.heapanalytics.com https://heapanalytics.com; media-src 'self' *.youtube.com js.driftqa.com js.driftt.com; frame-src 'self' widgets.peerspot.com *.youtube.com *.google.com *.facebook.com platform.twitter.com careers.lifeatca.com *.snapengage.com b.company-target.com app-abd.marketo.com *.doubleclick.net play.vidyard.com *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.soundcloud.com *.slideshare.net  *.driftt.com boards.greenhouse.io insight.adsrvr.org match.adsrvr.org *.veracode.com *.marketo.com *.brighttalk.com d1eoo1tco6rr5e.cloudfront.net *.gartner.com  *.mktoweb.com; frame-ancestors 'self' https://app.mutinyhq.com; child-src 'self' *.youtube.com *.google.com *.facebook.com platform.twitter.com app-abd.marketo.com *.doubleclick.net play.vidyard.com *.jquery.com *.cookielaw.org *.onetrust.com *.soundcloud.com *.veracode.com blob:; font-src 'self' data: * https://heapanalytics.com; connect-src 'self' *.mutinyhq.io *.mutinyhq.com *.mutinycdn.com https://heapanalytics.com *.mktoresp.com *.marketo.com secure.adnxs.com *.google-analytics.com s.swiftypecdn.com cdnjs.cloudflare.com *.googleapis.com *.googletagmanager.com *.googleadservices.com sjs.bizographics.com *.ads-twitter.com fonts.gstatic.com connect.facebook.net munchkin.marketo.net analytics.twitter.com *.doubleclick.net *.google.com t.co *.prod.bidr.io id.rlcdn.com *.facebook.com *.ads.linkedin.com *.6sc.co *.crazyegg.com *.swiftype.com *.jquery.com *.cookielaw.org *.onetrust.com *.techtarget.com *.vidyard.com *.linkedin.com *.gravatar.com play.vidyard.com i1.wp.com js.driftt.com boards.greenhouse.io bam.nr-data.net mc.yandex.ru *.trustradius.com *.cloudfront.net 790-zkw-291.mktoutil.com info.veracode.com *.linkedin.oribi.io *.6sense.com  *.mktoweb.com 1
default-src 'self'; base-uri 'self';  img-src https: data: ssl.gstatic.com;  font-src 'self' fonts.gstatic.com f.hubspotusercontent-eu1.net 25126500.fs1.hubspotusercontent-eu1.net *.delen.bank data:;  style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com static.hsappstatic.net *.delen.bank;  script-src https: 'unsafe-eval' 'unsafe-inline' tagmanager.google.com *.marker.io www.googletagmanager.com *.google-analytics.com;  connect-src https: *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io;  frame-src 'self' *.google.com *.marker.io *.hotjar.com player.vimeo.com player.clevercast.com *.webflow.io vimeo.com *.vimeo.com delenhackdays.be *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com *.doubleclick.net https://app httpsdelen://app https://forms.office.com https://oyensappsimulator.acpt.delen.be https://delenappsimulator.acpt.delen.be https://login.acpt.delen.be https://online.acpt.delen.bank  https://loginoyens.acpt.delen.be   https://delenappsimulator.acpt.delen.lu   https://delenchappsimulator.acpt.delen.lu  https://login.acpt.delen.lu  https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com vimeo.com blog.delen.bank https://app.skeeled.com/api/offers https://js-eu1.hscollectedforms.net/collectedforms.js https://delen.bank/_hcms/api/apicall; upgrade-insecure-requests 1
base-uri 'none'; default-src 'self'; child-src https://*.twitter.com https://api.vod2.infomaniak.com https://app.sli.do https://cdnjs.cloudflare.com https://dwa.vd.ch https://e.issuu.com https://elearn-services.unige.ch https://embed-assets.wakelet.com https://embed.wakelet.com https://jobtic.ch https://line.do https://livestream.com https://m-vaud.prospective.ch https://player.vimeo.com https://player.vod2.infomaniak.com https://vaud.prospective.ch https://vod.infomaniak.com https://www.google.com https://www.googletagmanager.com https://www.thinglink.com https://www.vdairdata.ch https://www.web-vd.ch https://www.youtube-nocookie.com https://www.youtube.com; connect-src 'self' https://*.deeplink.ai https://*.etat-de-vaud.ch https://*.google-analytics.com https://*.vd.ch; font-src 'self' https://*.deeplink.ai https://cdn.jsdelivr.net https://maxst.icons8.com; form-action 'self' https://*.etat-de-vaud.ch https://*.vd.ch; frame-ancestors https://*.etat-de-vaud.ch https://*.vd.ch; frame-src https://*.deeplink.ai https://*.etat-de-vaud.ch https://*.twitter.com https://*.vd.ch https://api.vod2.infomaniak.com https://app.sli.do https://app.vidcast.io https://apps.vs.ch https://e.issuu.com https://elearn-services.unige.ch https://embed.wakelet.com https://google.com https://jobtic.ch https://line.do https://livestream.com https://m-vaud.prospective.ch https://map.geo.admin.ch https://player.vimeo.com https://player.vod2.infomaniak.com https://prezi-nocookies.com https://thinglink.com https://tp.srgssr.ch https://vaud.prospective.ch https://vod.infomaniak.com https://web-vd.ch https://www.google.com https://www.googletagmanager.com https://www.openstreetmap.org https://www.outilcrde.ch https://www.vdairdata.ch https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' https://*.deeplink.ai https://*.etat-de-vaud.ch https://*.google-analytics.com https://*.vd.ch https://articulateusercontent.com https://googleads.g.doubleclick.net https://images.freeimages.com https://png.vector.me https://upload.wikimedia.org https://www.asi37.fr https://www.google.ch https://www.google.com https://www.honcode.ch blob: data:; media-src 'self'; object-src 'self'; script-src 'self' https://*.deeplink.ai https://*.etat-de-vaud.ch https://*.google-analytics.com https://*.vd.ch https://cdn.mouseflow.com https://cdn.thinglink.me https://cdnjs.cloudflare.com https://e.issuu.com https://e.prezicdn.net https://embed-assets.wakelet.com https://jwpsrv.com https://platform.linkedin.com https://platform.twitter.com https://player.vimeo.com https://widgets.paper.li https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.skypeassets.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.deeplink.ai https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://maxst.icons8.com 'unsafe-inline'; upgrade-insecure-requests 1
default-src https: 'unsafe-eval' 'unsafe-inline'; media-src 'self' blob: https://* 1
frame-ancestors 'self' desu.edu *.desu.edu *.localhost 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.crowdin.com *.taximaxim.com *.taximaxim.ge *.taximaxim.by *.taximaxim.ir *.taximaxim.com.ua *.taxsee.ru *.taxsee.com *.youtube.com *.taximaxim.ru www.google.com www.googletagmanager.com www.google-analytics.com www.googleoptimize.com optimize.google.com vk.com *.vk.com yastatic.net *.yandex.md *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.gstatic.com top-fwz1.mail.ru *.facebook.net *.facebook.com analytics.tiktok.com cdn.yektanet.com s.zzcdn.me; style-src 'self' 'unsafe-inline' optimize.google.com cdn.crowdin.com; img-src 'self' data: www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net optimize.google.com www.google.com www.google.ru analytics.tiktok.com top-fwz1.mail.ru *.facebook.net *.facebook.com vk.com *.vk.com mc.yandex.ru cdn.crowdin.com trustseal.enamad.ir logo.samandehi.ir *.google.com log.adtimaserver.vn; connect-src 'self' mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net analytics.tiktok.com top-fwz1.mail.ru *.facebook.net *.facebook.com vk.com *.vk.com *.yektanet.com *.google.com log.adtimaserver.vn; font-src 'self' data: *.gstatic.com *.taxsee.com; object-src 'self'; media-src 'self'; form-action 'self'; frame-src 'self' www.google.com optimize.google.com *.g.doubleclick.net *.taxsee.com *.taximaxim.com *.taximaxim.ge *.taximaxim.by *.taximaxim.ir *.taximaxim.com.ua *.taximaxim.ru *.yandex.ru yandex.ru *.youtube.com; child-src 'self'; worker-src 'self'; block-all-mixed-content; upgrade-insecure-requests 1
child-src 'self' go.pardot.com forms.office.com *.reciteme.com *.typeform.com syndication.twitter.com npl-digital.gitlab-docs.npl.co.uk cdn.jsdelivr.net vars.hotjar.com api.altmetric.com badge.dimensions.ai cdn.pydata.org d1bxh8uas1mnw7.cloudfront.net https://twitter.com https://cdn.syndication.twimg.com https://platform.twitter.com *.moatads.com *.addthisedge.com *.npl.co.uk *.e-npl.co.uk *.scribd.com *.issuu.com *.google.com *.amrislive.com player.vimeo.com s7.addthis.com www.youtube.com *.webspellchecker.net npldigital.atlassian.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.reciteme.com  *.typeform.com  syndication.twitter.com npl-digital.gitlab-docs.npl.co.uk cdn.jsdelivr.net static.hotjar.com script.hotjar.com www.gstatic.com api.altmetric.com badge.dimensions.ai cdn.pydata.org d1bxh8uas1mnw7.cloudfront.net https://platform.twitter.com https://twitter.com https://cdn.syndication.twimg.com *.moatads.com *.addthisedge.com  script.crazyegg.com fast.fonts.net m.addthisedge.com m.addthis.com s7.addthis.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com maps.googleapis.com *.google.com *.webspellchecker.net npldigital.atlassian.net; 1
img-src 'self' 'nonce-fopneshFejnihegOfGeahyryahiOk' data: *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat pay.google.com; style-src 'self' 'unsafe-inline' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; frame-ancestors 'self' https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://pay.google.com; frame-src 'self' https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://pay.google.com; font-src 'self' data: *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat fonts.gstatic.com; manifest-src 'self' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://pay.google.com; connect-src 'self' https://storage.crisp.chat https://stats.g.doubleclick.net https://www.google.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://merchant.revolut.com https://merchant-mgmt.revolut.com https://merchant-secure.revolut.com *.revolut.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://google.com/pay https://pay.google.com; default-src 'self' 'unsafe-inline' *.cdnbay.com cdn.speedtest.hostiserver.com img.hostiserver.com hscdn.cdnbay.com https://analytics.google.com www.google.com www.google-analytics.com *.doubleclick.net https://www.gstatic.com www.googletagmanager.com www.googleadservices.com *.googleapis.com https://client.crisp.chat https://image.crisp.chat https://game.crisp.chat; 1
connect-src 'self' https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net *.swedbank.net https://dpm.demdex.net https://*.swedbank.se https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/  https://www.swedbank.se https://swedbank.se https://enklafondhjalpen.swedbank.se https://agent-locator.nina-nuance.com https://agent-fp.nina-nuance.com https://swedbank.dfs.investis.com https://agent-ha.nina-nuance.com https://report.swedbank.glassboxdigital.io http://storybook-sb-9031-acorn-ui.apps.scp-west-zone02-z01.swedbank.net https://maps.googleapis.com/ 1
default-src 'self';; base-uri 'self';; connect-src 'self' 'nonce-e2dd57817ca8e194d35dbc32791bd371' geolocation.onetrust.com 120-gkj-051.mktoutil.com 120-gkj-051.mktoresp.com www.google.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com secure.adnxs.com cdn.cookielaw.org api.lever.co vimeo.com https://pagead2.googlesyndication.com googlesyndication.com https://investors.palantir.com https://palantir.com;; font-src 'self' fonts.gstatic.com;; frame-src 'self' 'nonce-e2dd57817ca8e194d35dbc32791bd371' 120-gkj-051.mktoweb.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ bid.g.doubleclick.net cdn.cookielaw.org player.vimeo.com www.youtube.com www.youtube-nocookie.com palantir.tfaforms.net www.google.com;; img-src 'self' 'nonce-e2dd57817ca8e194d35dbc32791bd371' cdn.cookielaw.org www.linkedin.com/px/ heapanalytics.com www.google.com googleads.g.doubleclick.net p.adsymptotic.com secure.adnxs.com px.ads.linkedin.com www.googletagmanager.com www.google-analytics.com https://ade.googlesyndication.com data: i.ytimg.com 'nonce-e2dd57817ca8e194d35dbc32791bd371';; script-src 'self' 'nonce-e2dd57817ca8e194d35dbc32791bd371' 120-gkj-051.mktoweb.com www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ snap.licdn.com munchkin.marketo.net palantir.tfaforms.net player.vimeo.com cdn.cookielaw.org https://*.googletagmanager.com;; style-src 'self' 'unsafe-inline' 120-gkj-051.mktoweb.com www.googletagmanager.com hello.myfonts.net fonts.googleapis.com palantir.tfaforms.net;; object-src 'none'; frame-ancestors 'self' https://resources.palantir.com;; upgrade-insecure-requests; 1
frame-ancestors 'self'; report-uri /__csp-report 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval' ; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.newsweek.pl::PROD_USP 1
default-src 'self' *.gotoassist.com *.dev-gotoassist.com fastsupport.com i1fastsupport.com stage.fastsupport.com 'unsafe-inline' 'unsafe-eval' data: *.getgo.com *.google.com *.google-analytics.com *.googleapis.com 1
connect-src 'self' https://*.fortnox.se https://apps-develop.alfa.fnox.se https://skatteverket.entryscape.net https://*.cision.com https://cdn.legaonline.se https://teamtailor-production.s3.eu-west-1.amazonaws.com https://api.friendlycaptcha.com https://*.freshchat.com https://sitegainer.com https://*.sitegainer.com https://cdn-sitegainer.com https://*.cdn-sitegainer.com https://*.symplify.com https://*.pro.ip-api.com https://connect.facebook.net https://api.addsearch.com https://export.highcharts.com/ https://fortnox.piwik.pro https://fortnox.containers.piwik.pro https://fortnox.piwik.pro/consent/collect https://stats.g.doubleclick.net https://www.google-analytics.com https://*.gstatic.com 'unsafe-eval' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://www.googleadservices.com https://bat.bing.com https://snap.licdn.com https://match.adsby.bidtheatre.com https://fonts.googleapis.com https://*.upsales.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://p.adsymptotic.com https://*.hotjar.com/ http://*.hotjar.com/ https://*.hotjar.io http://*.hotjar.io wss://*.hotjar.com wss://*.sitegainer.com https://www.facebook.com; frame-ancestors https://*.fortnox.se; frame-src https://*.fortnox.se https://www.youtube.com https://player.vimeo.com https://vimeo.com https://fortnox.containers.piwik.pro https://*.freshchat.com https://*.hotjar.com/ https://sitegainer.com https://www.facebook.com/ https://static-fortnox.sendsafely.co.uk/html/dropzone.html https://export.highcharts.com https://td.doubleclick.net ; report-uri /api/cspreport 1
font-src *.fontawesome.com *.typekit.net *.twilio.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.aurusepay.com *.auruspay.com h.online-metrix.net td.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com h.online-metrix.net https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org tracking.deepsearch.adlucent.com *.twilio.com *.zumiez.com blob: *.online-metrix.net *.google.com *.googletagmanager.com *.doubleclick.net scene7.zumiez.com scene7.zumiez.ca s7d1.scene7.com *.rfksrv.com *.gstatic.com *.crowdtwist.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com h.online-metrix.net *.googletagmanager.com tracking.deepsearch.adlucent.com *.newrelic.com *.twilio.com *.scarabresearch.com *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.cloudfront.net *.rfksrv.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline *.typekit.net *.aurusepay.com *.auruspay.com 'self' 'unsafe-inline'; object-src *.twilio.com *.zumiez.com blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.twilio.com *.zumiez.com scene7.zumiez.com scene7.zumiez.ca 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com ws: h.online-metrix.net *.twilio.com *.zumiez.com *.aurusepay.com *.auruspay.com *.scarabresearch.com stats.g.doubleclick.net analytics.google.com bam.nr-data.net *.rfk.zumiez.com *.rfk.zumiez.ca *.sc.zumiez.com *.sc.zumiez.ca *.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.zumiez.com blob: 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; media-src 'self'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self'; connect-src 'self'; 1
frame-ancestors about: 'self' https://*.airtransat.com https://*.transat.com https://www.transatagentdirect.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.compassion.com; 1
frame-ancestors 'self' https://nashville.granicus.com; report-uri /report-csp-violation 1
frame-ancestors http://*.jschina.com.cn https://*.jschina.com.cn http://www.jsthinktank.com https://www.jsthinktank.com http://www.jswyw.com https://www.jswyw.com http://www.jsjc.gov.cn https://www.jsjc.gov.cn http://www.zgjssw.gov.cn https://www.zgjssw.gov.cn http://www.jsllzg.cn https://www.jsllzg.cn 1
frame-ancestors 'self' http://www.philips.de *.philips.com *.philips.de https://philipsigtdpv.com 1
script-src 'self' 'sha256-q3WPosO4ONuL9p9ddEof/RtCIL08oBEgIPy68LjtLi8=' 'sha256-tMi+Pw5dWcckZaS5akdDvLbCRNPU47NUC7hBXzfNY9o=' 'sha256-rl5eji7XRCo2LMjj9lSpETeAroYm6eXnYZ57qpVunAQ=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-PjdrWslsi4D6PN2ig+ljhmG5YLxPL647O0B9KAK8+lk=' 'sha256-51q9Jkddg0uc+3FW6ecf6jkMOr8hVAVNsxsw7gNqjjk=' 'sha256-Xh45oAnXb7apbW4QE7QEbCe4zGVzgNybHVUWDG6nMc0=' 'sha256-cWlUrd0XAxbUuEowrgGTAJOgrrFZ+Zg7KoqM0zoJi/c=' 'sha256-DRZpXPn1GCIU7BPkJ/xb/k/iZ9VtNhB0kL+R0rAyVOo=' 'sha256-MlR+o2h5r9m8DdZk1GxjLKOiL57reuEkcKKNf5Q/Xk0=' 'sha256-5z0mqfXoQdaswiTfD0q5tdra5kMX3TaXEcjX8FbSJ9c=' 'sha256-U3i1w5pESFxExrmA/RmoulibY0UtRJ6+N061RYm8GzQ=' 'sha256-iiOEk8AzgueoHkB1wHTEuNyZzJ7PvNGcU8Cf3C6QknM=' 'sha256-P3SvISywA0roA0BYCMQYftzdU53nkW8e/5A/Pqa0Zk4=' 'sha256-USTrNh+UNt+mBiIBvECPo0xWO3Z9yuN4yGO4XXSCqv8=' 'sha256-1OJoWFTRiz5Qn0QNWZG5lJWTi4v5otVmw+QefdOjXOg=' 'sha256-OpsdwbNy6088hMQRrp63vUqHaaEPpgKXuH18niYVZ34=' 'sha256-rwMOiOeVICH7/Cjy5SkreID3OOi5HTrit357k22hUDQ=' 'sha256-sWITfQ9rgDwKqksaLnQ9nrqSB5J+KfaUaMNSgpKYL0Y=' 'sha256-rNAWiF5llk4C4DGZqpiV+PC+ipjBiiMX0l8pqGf+PCU=' 'sha256-xV97M+lSIvvvSpx63GR/fApoy8sg47XkGkZkkn7RsaU=' 'sha256-FtmNZCwIPFBoItSYSjqyebn0K4W8YbpzinowGObyiZg=' 'sha256-ei+7cqqHXuFtO9PVrcrvAyAFNah0YT48+ecxANvdaik=' 'sha256-hvnpRxZVTvw5G7LyHI5AF8admAm/kEr0s1SkmYWtcN8=' 'sha256-buShqqvpyfyMytAevbY3Cjy6zZFEooyWtg42vUWrhiw=' 'sha256-pEnT8DjKoi+LpcY3MB2rFTqFbcBwMcR/g+iii2HQ2LM=' 'sha256-rNAWiF5llk4C4DGZqpiV+PC+ipjBiiMX0l8pqGf+PCU=' 'sha256-ZP3UmfOigbNFUDcrEIKj8yU0+7jeU/C4qxJ/4n4HRQo=' 'sha256-ETgXJJ3OuVkQgNb5lDzSYwJGbxchLQb3VoGwqsfYIGk=' 'sha256-mZWo2sJSmaBLGkgCpXLPpAnnLbfPaO68xCZUgjaMxVM=' 'sha256-ztI/hQqEXQp1679LG8zjtYNYa2ldiTNQJhKeNFmREiY=' 'sha256-ThwGm6ahqfkxEBtaLrV/Zo+m8ikXvcLQR4xvkp6rmug=' 'sha256-XBKoMsWPfwL9SoDgTp5Lz8RshbkmVaxQ14jQri56NjY=' 'sha256-icc0pV/PKFETIr4EibMH9gavAdBt4iL2Q28lk2GspWQ=' 'sha256-032BSw0ElgNhMyldQkJHl1X+Do+kj2rqiaK7rMQpcDs=' 'sha256-wxLN/Ivd2DLbX9YgtTaC3nt3DyofMHoUSFoaxscfjUE=' 'sha256-hZLhDYbz2Yx5f5Rp3gcoQoxx6ftd0kap4gpEEz5+fGk=' assets.adobedtm.com www.youtube.com cdn.cookielaw.org js.hs-scripts.com p.teads.tv js.adsrvr.org js.hsadspixel.net js.hs-banner.com js.hs-analytics.net connect.facebook.net demdex.net www.google.com www.gstatic.com www.googletagmanager.com tags.srv.stackadapt.com zn097ucyqha0b5qpt-aramark.siteintercept.qualtrics.com www.googleadservices.com siteintercept.qualtrics.com tag.demandbase.com privacyportaluat.onetrust.com static.hotjar.com script.hotjar.com hotjar.com platform.twitter.com www.instagram.com srv.stackadapt.com www.stackadapt.com https://embedsocial.com/ 1
frame-ancestors 'self' experience.adobe.com invescogroup.experiencecloud.adobe.com *.invesco.com *.invesco.net 1
default-src 'self' blob: *.brightcove.com *.crazyegg.com *.brightcove.net   https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src: 'self' 'googleads.g.doubleclick.net' 'fonts.googleapi.com' 'img.youtube.com' 'i.ytimg.com' 'latencytimer.azurewebsites.net''s.ytimg.com' 'youtube.com' 'googleads.g.doubleclick.net' 'yt3.ggpht.com' 'fonts.gstatic.com'; script-src: 'self' 'www.googletagmanager.com' 'www.google-analytics.com' 'player.wowza.com' 'youtube.com' 'static.doubleclick.net' 'googleads.g.doubleclick.net'; style-src: 'self' 'youtube.com' 'googleads.g.doubleclick.net' 1
default-src 'self' blob:; img-src 'self' *.boxcdn.net *.maropost.com *.amazonaws.com *.adyen.com *.cloudfront.net *.userlike.com flp-service.zendesk.com static.zdassets.com consent.cookiefirst.com *.ytimg.com *.livehelpnow.net *.pcdn.co *.sharethis.com  *.contentsquare.net *.content-square.fr *.contentsquare.com *.googleapis.com *.s3.us-east-1.amazonaws.com *.s3.us-east-2.amazonaws.com *.amazonaws.com *.gstatic.com *.clicktale.net pixy.org *.chargebee.com *.nextsphere.com *.ppipe.net *.myecheck.com *.oppwa.com  *.flptitan.com *.foreverliving.com *.flpi.com foreverliving.com seeklogo.com  stats.g.doubleclick.net www.google.com www.google.com.sg data: *.s3.us-west-2.amazonaws.com *.s3-us-west-2.amazonaws.com www.google.co.in *.vimeocdn.com *.youtube.com *.s3.amazonaws.com x1.xingassets.com  blob:  oppwa.com *.google-analytics.com data: s3-us-west-2.amazonaws.com *.facebook.com *.googletagmanager.com optimize.google.com *.boxcloud.com *.fedex.com *.google.co.uk *.google.ie widgets.trustedshops.com *.google.com.mm; script-src 'self' *.userlike.com *.cdn01.boxcdn.net api.smooch.io *.adyen.com *.nexiopay.com *.cdn.jsdelivr.net *.jsdelivr.net *.amazonaws.com *.worldpay.com *.cloudfront.net *.mgipayments.com *.boxcdn.net *.boxcloud.com *.box.com *.s3-eu-west-1.amazonaws.com *.payvision.com *.siteprerender.com siteprerender.com *.google.com *.mgr.consensu.org *.livehelpnow.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com walls.io  *.facebook.net *.cdn-javascript.net cdn-javascript.net x-apple-ql-id *.static-resource.com static-resource.com flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.clicksapp.net clicksapp.net *.s3.us-east-1.amazonaws.com *.clicktale.net *.chargebee.com *.authorize.net *.ppipe.net www.youtube.com *.oppwa.com  *.s3-us-west-2.amazonaws.com *.myecheck.com *.googleapis.com *.flptitan.com foreverliving.com *.foreverliving.com *.flpi.com *.cloudflare.com *.bootstrapcdn.com  *.s3.amazonaws.com  *.dropbox.com *.nextsphere.com optimize.google.com www.googletagmanager.com *.google-analytics.com blob: fonts.gstatic.com test.acaptureservices.com   *.clicksafe.lloydstsb.com oppwa.com acaptureservices.com  consent.cookiefirst.com www.dropbox.com content.googleapis.com dl.dropboxusercontent.com graph.microsoft.com static.zdassets.com js.live.net *.paypal.com *.b-cdn.net connect.facebook.net js.hs-scripts.com fonts.gstatic.com maps.gstatic.com clickapp.net static-resource.com *.nexiopaysandbox.com cdn-javascript.net *.paypalobjects.com widgets.trustedshops.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.livehelpnow.net *.adyen.com *.cookiefirst.com *.clicktale.net *.chargebee.com *.cdn.jsdelivr.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.google-analytics.com *.nextsphere.com x-apple-ql-id *.s3-us-west-2.amazonaws.com *.ppipe.net *.typekit.net *.oppwa.com *.myecheck.com *.acaptureservices.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com *.google.com fonts.googleapis.com cdnjs.cloudflare.com oppwa.com *.s3.amazonaws.com maxcdn.bootstrapcdn.com *.nexiopaysandbox.com *.nexiopay.com *.boxcdn.net googletagmanager.com cdn.honey.io 'unsafe-inline'; font-src 'self' *.boxcdn.net *.cdn01.boxcdn.net *.nexiopay.com *.box.com *.cdn.jsdelivr.net *.cloudfront.net *.livehelpnow.net *.clicktale.net *.chargebee.com *.nextsphere.com *.ppipe.net *.contentsquare.net *.content-square.fr *.contentsquare.com *.typekit.net *.myecheck.com  flpqa.com flp.com flp360.social *.flpqa.com *.flp.com *.flp360.social *.bootstrapcdn.com *.oppwa.com *.flptitanqa.com *.flptitan.com *.foreverliving.com foreverliving.com *.flpi.com data: cdnjs.cloudflare.com fonts.gstatic.com *.b-cdn.net *.s3.amazonaws.com oppwa.com 'unsafe-inline'; connect-src 'self' wss://umd.userlike.com wss://chat.userlike.com *.nexiopay.com *.s3.us-east-2.amazonaws.com v2.zopim.com ekr.zdassets.com flp-service.zendesk.com *.1drv.com *.nexiopay.com *.cloudfront.net *.cookiefirst.com *.adyen.com *.userlike.com *.box.com *.boxcloud.com api.ipify.org *.livehelpnow.net *.consensu.org *.vimeocdn.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.googleapis.com www.google.com.sg stats.g.doubleclick.net www.facebook.com *.s3.us-west-2.amazonaws.com *.socialsales.io *.clicktale.net *.nextsphere.com  *.ppipe.net vimeo.com *.authorize.net  *.myecheck.com *.oppwa.com *.flpi.com *.nstitan.com  s3-us-west-2.amazonaws.com *.s3.amazonaws.com *.acaptureservices.com *.s3-us-west-2.amazonaws.com *.chargebee.com *.google.com oppwa.com *.mgipayments.com *.google-analytics.com www.googletagmanager.com graph.microsoft.com google.com *.worldpay.com *.zdassets.com *.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com content.googleapis.com dl.dropboxusercontent.com *.google.co.in youtube.com static.zdassets.com *.boxcdn.net *.youtube.com wss://api.smooch.io *.s3-eu-west-1.amazonaws.com js.live.net sandbox.mgipayments.com cdn.worldpay.com sandbox.mgipayments.com  connect.facebook.net js.hs-scripts.com fonts.gstatic.com maps.gstatic.com clickapp.net cdn.jsdelivr.net static-resource.com cdn-javascript.net  *.nexiopaysandbox.com cdn.worldpay.com *.flptitan.com flptitan.com foreverliving.com *.fbo.flptitan.com *.foreverliving.com *.fbo.foreverliving.com www.gstatic.com www.dropbox.com zendesk-eu.my.sentry.io data: blob:; media-src 'self' *.boxcdn.net *.amazonaws.com *.userlike.com *.flptitan.com *.cloudfront.net *.youtube.com *.youtu.be *.foreverliving.com *.s3-us-west-2.amazonaws.com *.s3.us-west-2.amazonaws.com  blob:; frame-src 'self' *.datatrans.com *.mfgroup.ch *.nexiopay.com *.ngenius-payments.com *.boxcdn.net api.nexiopay.com *.flpqa.com *.userlike.com *.adyen.com *.amazonaws.com *.cloudfront.net *.facebook.com *.mgipayments.com *.livehelpnow.net *.sandbox.ngenius-payments.com *.acehubpaymentservices.com *.contentsquare.net *.content-square.fr *.contentsquare.com *.sharethis.com *.mgr.consensu.org  walls.io *.chargebee.com x-apple-ql-id *.youtube.com *.ppipe.net *.socialsales.io socialsales.io *.worldpay.com *.nextsphere.com  vimeo.com *.oppwa.com *.myecheck.com *.acaptureservices.com *.flptitan.com *.foreverliving.com *.clicksafe.lloydstsb.com foreverliving.com flptitan.com *.boxcloud.com *.flpi.com *.google.com *.vimeo.com oppwa.com  dl.dropboxusercontent.com graph.microsoft.com  acs-public.tp.mastercard.com content.googleapis.com *.nexiopaysandbox.com youtu.be youtube.com *.cardinalcommerce.com; frame-ancestors 'self' *.socialsales.io socialsales.io *.nexiopay.com foreverliving.com *.foreverliving.com *.flptitan.com flptitan.com *.contentsquare.net *.flptitan.com:8080 *.content-square.fr *.contentsquare.com *.chargebee.com flp360-tools.flptitan.com youtu.be flpqa.com flp.com flp360.social *.flpqa.com *.nexiopaysandbox.com *.boxcdn.net *.flp.com *.flp360.social vimeo.com *.vimeo.com *.youtube.com youtube.com *.worldpay.com 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://apps.sitecore.net; img-src 'self' data: blob: 'unsafe-inline' media.moveo.ai *.ads.linkedin.com t.co chat.eurobank.gr *.env.chat.eurobank.gr sp.analytics.yahoo.com znovsqrc.micpn.com sitecoremedia.blob.core.windows.net stats.g.doubleclick.net *.stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.twitter.com *.twimg.com jwpltx.com *.youtube.com *.tiktok.com *.facebook.com *.google.com *.google.gr *.google.nl *.googletagmanager.com px.ads.linkedin.com linkedin.com googleads.g.doubleclick.net cdn.cookielaw.org *.google-analytics.com *.usabilla.com *.cloudfront.net *.hotjar.com ad.doubleclick.net *.clarity.ms; media-src 'self' blob: *.streaming.mediaservices.windows.net; script-src 'self' data: cdn.jsdelivr.net ipapi.co *.rfk.eurobank.gr *.sitecorecloud.io *.tiktok.com *.taboola.com static.ads-twitter.com chat.eurobank.gr *.env.chat.eurobank.gr s.yimg.com *.clarity.ms https://cdn-prod.wdesk.com/ixbrl-viewer/1.0.0/ixbrlviewer.js znovsqrc.micpn.com optimize.google.com *.google-analytics.com snap.licdn.com code.jquery.com *.onetrust.com blob: 'unsafe-inline' 'unsafe-eval' *.youtube.com *.tiktok.com *.ytimg.com  *.google.com *.googleapis.com *.gstatic.com *.inbroker.com *.angularjs.org *.twitter.com *.syndication.twimg.com *.jwpcdn.com *.facebook.net *.facebook.com *.hotjar.com cdn.cookielaw.org optanon.blob.core.windows.net www.googleadservices.com googleads.g.doubleclick.net az416426.vo.msecnd.net *.googletagmanager.com *.usabilla.com *.cloudfront.net; style-src 'self' 'unsafe-inline' chat.eurobank.gr *.env.chat.eurobank.gr *.googleapis.com *.inbroker.com *.twitter.com optimize.google.com optanon.blob.core.windows.net cdn.cookielaw.org *.usabilla.com *.cloudfront.net fonts.googleapis.com; font-src 'self' data: 'unsafe-inline' chat.eurobank.gr *.env.chat.eurobank.gr *.gstatic.com *.inbroker.com *.jwpcdn.com *.usabilla.com *.cloudfront.net fonts.googleapis.com *.hotjar.com; connect-src 'self' channels-ws.moveo.ai ipapi.co *.google.com *.googlesyndication.com *.rfk.eurobank.gr *.sitecorecloud.io *.tiktok.com *.taboola.com cdn.linkedin.oribi.io maps.googleapis.com chat.eurobank.gr wss://chat.eurobank.gr *.env.chat.eurobank.gr wss://*.env.chat.eurobank.gr s.yimg.com *.clarity.ms recengine.margera.co *.onetrust.com wss://*.hotjar.com/api/v2/client/ws *.analytics.google.com www.google.gr optimize.google.com *.visualstudio.com *.google-analytics.com *.inbroker.com *.streaming.mediaservices.windows.net *.twitter.com *.hotjar.com adservice.google.com az416426.vo.msecnd.net *.doubleclick.net *.usabilla.com *.cloudfront.net *.cookielaw.org *.hotjar.com *.hotjar.io; frame-src 'self' data: blob: web-client.moveo.ai *.youtube.com *.tiktok.com *.ytimg.com *.google.com *.gstatic.com *.inbroker.com *.twitter.com *.onetrust.mgr.consensu.org *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr  uat-legacy.eurobank.gr *.doubleclick.net *.fls.doubleclick.net *.usabilla.com *.cloudfront.net; object-src 'self' *.streaming.mediaservices.windows.net *.jwpcdn.com;  child-src 'self' data: blob: *.youtube.com *.tiktok.com *.ytimg.com *.google.com *.inbroker.com *.twitter.com *.hotjar.com *.facebook.com legacy.eurobank.gr uat.eurobank.gr uat-legacy.eurobank.gr; 1
default-src 'self'; connect-src 'self' https://*.ada.support https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com https://*.curator.io/; script-src 'unsafe-eval' https://*.googletagmanager.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com 'nonce-4e1f3f73-9508-400b-a18e2b58ab0d0e9c'; script-src-elem 'self' https://*.ada.support https://*.ads-twitter.com https://*.clarity.ms https://*.google-analytics.com https://*.licdn.com https://*.tarteaucitron.io https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://tarteaucitron.io https://www.googleadservices.com 'strict-dynamic' 'nonce-4e1f3f73-9508-400b-a18e2b58ab0d0e9c'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.com https://*.tarteaucitron.io https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://cdn.curator.io; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.linkedin.com https://*.mypurecloud.com https://analytics.twitter.com https://t.co https://tarteaucitron.io https://curator-assets.b-cdn.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://ssl.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; font-src 'self' https://fonts.gstatic.com data:;; base-uri 'none'; media-src 'self'; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.doubleclick.net https://*.mypurecloud.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com; form-action https://www.facebook.com; frame-ancestors 'none' 1
upgrade-insecure-requests;report-uri https://csp.prezly.net/report;frame-ancestors https://app.contentful.com https://cms.prezly.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.yandex.net bitrix.info *.rsf.ru cdn.jsdelivr.net *.google.com *.gstatic.com yastatic.net *.youtube.com code.highcharts.com *.pes.spb.ru; style-src 'self' 'unsafe-inline' *.googleapis.com *.rsf.ru *.pes.spb.ru; img-src * data: blob:; connect-src 'self' bitrix.info *.yandex.ru mc.yandex.md; font-src 'self' data: chrome-extension: *.gstatic.com; frame-src 'self' *.google.com *.youtube.com; 1
default-src 'self' https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://*.wistia.net https://bin.bnbstatic.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://static-file-1306379396.file.myqcloud.com; font-src 'self' data: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://accounts.google.com https://api.smartling.com https://at.alicdn.com https://bin.bnbstatic.com https://fonts.gstatic.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://static-file-1306379396.file.myqcloud.com; media-src 'self' blob: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://*.wistia.net https://accounts.google.com https://api.smartling.com https://bin.bnbstatic.com https://binance.com https://embedwistia-a.akamaihd.net https://fast.wistia.net https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://static-file-1306379396.file.myqcloud.com https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com; style-src 'self' 'unsafe-inline' blob: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://accounts.google.com https://api.smartling.com https://bin.bnbstatic.com https://fast.wistia.com https://fonts.googleapis.com https://optimize.google.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://static-file-1306379396.file.myqcloud.com; object-src 'none'; base-uri 'self'; script-src 'nonce-46133879-2684-4393-94f9-676614572b52' 'self' 'unsafe-inline' blob: bnc: data: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://*.wistia.net https://accounts.binance.me https://accounts.google.com https://accounts.google.com/gsi/client https://api.smartling.com https://apis.google.com/js/api:client.js https://appleid.cdn-apple.com https://bat.bing.com https://bin.bnbstatic.com https://cdn.cookielaw.org https://euob.segreencolumn.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://log.bntrace.com https://maps.googleapis.com https://obseu.segreencolumn.com https://optimize.google.com https://privacyportal-bn.my.onetrust.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://src.litix.io https://static-file-1306379396.file.myqcloud.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com; connect-src 'self' *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://*.agora.io:* https://*.binance.me https://*.edge.agora.io:* https://*.edge.sd-rtn.com:* https://*.litix.io https://*.s3-accelerate.amazonaws.com https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.sd-rtn.com:* https://*.sentry.io https://*.wistia.com https://accounts.google.com https://analytics.google.com https://api.saasexch.com https://api.saasexch.com/bapi/themis/api/ https://api.smartling.com https://bat.bing.com https://bin.bnbstatic.com https://cdn.cookielaw.org https://data-collect.toolsfdg.net https://embedwistia-a.akamaihd.net https://fcmregistrations.googleapis.com https://firebaseinstallations.googleapis.com https://frontend-m.binance.cloud https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://log.bntrace.com https://logan-log.binance.gg https://obseu.segreencolumn.com https://privacyportal-bn.my.onetrust.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://report.binance.gg https://sensors.binance.cloud https://static-file-1306379396.file.myqcloud.com https://stats.g.doubleclick.net https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com wss://*.agora.io:* wss://*.binance.me wss://*.edge.agora.io:* wss://*.edge.sd-rtn.com:* wss://*.sd-rtn.com:* wss://*.yshyqxx.com wss://bstream.binance.com:9443 wss://bstream.yshyqxx.com:443 wss://chat-wss.yshyqxx.com wss://haodesk.binance.im wss://margin-stream.binance.com:443 wss://margin-stream.yshyqxx.com:443 wss://nbstream.binance.com wss://nbstream.yshyqxx.com wss://nbstream.yshyqxx.com:443 wss://stream.binance.com wss://stream.yshyqxx.com:443; img-src 'self' blob: data: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://*.wistia.com https://*.wistia.net https://accounts.google.com https://analytics.twitter.com https://api.smartling.com https://bat.bing.com https://bin.bnbstatic.com https://cdn.cookielaw.org https://embedwistia-a.akamaihd.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://obseu.segreencolumn.com https://optimize.google.com https://privacyportal-bn.my.onetrust.com https://public-1259603563.file.myqcloud.com https://public-1306379396.file.myqcloud.com https://public.bnbstatic.com https://public.nftstatic.com https://sensors.binance.cloud https://static-file-1259603563.file.myqcloud.com https://static-file-1306379396.file.myqcloud.com https://static.devfdg.net https://t.co https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com; frame-src 'self' bnc: https://*.saasexch.cc https://*.saasexch.co https://*.saasexch.com https://accounts.google.com https://accounts.google.com/ https://api.smartling.com https://bid.g.doubleclick.net https://fast.wistia.com https://fast.wistia.net https://optimize.google.com https://www.google.com 1
script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://static.addtoany.com; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://serversignin.com/guard 1
frame-ancestors https://ecomposer.app https://*.myshopify.com https://admin.shopify.com 1
frame-ancestors 'self' https://scstatehouse.sharepoint.com https://scstatehouse.gov http://scstatehouse.gov https://*.scstatehouse.gov http://*.scstatehouse.gov https://*.schouse.gov http://*.schouse.gov https://*.scsenate.gov http://*.scsenate.gov; connect-src 'self' https://*.scstatehouse.gov https://*.scsenate.gov https://*.schouse.gov https://lsa.freshservice.com https://*.microsoft.com https://*.microsoftonline.com https://video.scstatehouse.gov https://media1.scstatehouse.gov https://media2.scstatehouse.gov https://media3.scstatehouse.gov https://lsa-socket01.eastus.cloudapp.azure.com wss://lsa-socket01.eastus.cloudapp.azure.com https://cdn3.wowza.com https://www.google-analytics.com 1
default-src https: 'unsafe-inline' ; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com; font-src https: 'unsafe-inline' data: ;connect-src 'self' https: wss: ;base-uri 'self' https: ;form-action 'self' https://wttc.activehosted.com/proc.php; img-src * data: ; 1
script-src 'nonce-/IUlihsMPEUPd2lfCNEgwg==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=c6DfLdBIRVu6Xo6q5ooUGnHhT8ieS3_GSHMyhQZytVF8wA-X5V85-2UyneGk&policy_id=10&user_id=&request_id=663d1408-fdc1-4ddf-947b-c8d632f20e82; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
style-src 'self' 'unsafe-inline' data: *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebaystatic.cn *.gstatic.com *.googleapis.com use.fontawesome.com; connect-src 'self' *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com data: *.google-analytics.com *.perfdrive.com *.analytics.google.com *.doubleclick.net *.googleapis.com *.shopping.com *.ebayimg.com wss://127.0.0.1:* *.amplitude.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebaystatic.cn blob: data: *.google-analytics.com *.googletagmanager.com *.fidoapi.com *.translate.google.com *.akamaihd.net; upgrade-insecure-requests; frame-ancestors 'none' ; img-src 'self' data: https://*; default-src 'self' blob: data: wss: mediastream: *.ebay.com *.www.shopping.com *.ebaystatic.com *.www.shopping.com *.ebayimg.com *.shopping.com *.gstatic.com https://github.com/google *.fontawesome.com *.bootstrapcdn.com *.doubleclick.net *.cloudflare.com;  report-uri https://monitor.ebay.com/csp-report/sdcui/DefaultPage?id=2162557078521529389&rid=t6paerj1%3F%3D9iptpaerj1%3F*60%3F%60t(rbpv674%3C-18f74fc7c8b-0x708#pd 1
default-src 'self'; font-src 'self' fonts.googleapis.com code.cdn.mozilla.net https: data:; img-src 'self' image.tmdb.org m.media-amazon.com ia.media-imdb.com https: data:; object-src 'self' forum.opensubtitles.com; form-action 'self' forum.opensubtitles.com localhost:4200 www.opensubtitles.com; frame-src 'self' forum.opensubtitles.com opensubtitles.test.onfastspring.com opensubtitles.onfastspring.com *.cloudfront.net api.blink.net *.tawk.to tawk.to test.blink.net blink.net www.recaptcha.net www.google.com www.youtube.com; connect-src 'self' region1.google-analytics.com bam.eu01.nr-data.net opensubtitles.test.onfastspring.com opensubtitles.onfastspring.com *.cloudfront.net rb-dev:8082 cana.local:8082 localhost:8082 *.test.resolver.perfops.net *.tawk.to wss://*.tawk.to cdn.datatables.net www.google-analytics.com test.blink.net api.blink.net blink.net www.gstatic.com *.blink.net api.test.blink.net devnull.perfops.net cdnperf-test.innertest.top ffffdloc1p9poy.sboxcdn.com 445991340.r.cdnsun.net perfops1.b-cdn.net perfops-cds.s.llnwi.net cdnperf.qwilt.com 1596384882.rsc.cdn77.org media-edge.1e100cdn.net vodstreaming01.video.globo.com edgecast-perfops.azureedge.net cpt96125.shopvoxpopulus.com cdnperf-rum.quantil.com live.video.globo.com medianova-cdnperf.mncdn.com cdn.jsdelivr.net d3888oxgux3fey.cloudfront.net ultrawaf.canary.scrubbingcenter.com cdnperf-rum.cdnetworks.net akamai-cdn.perfops.io medianova-multicdnperf.mncdn.com perfops.gcorelabs.com perfops.s.llnwi.net 25748s.ha.azioncdn.net test-perfops.haproxy.com cdnperf.cachefly.net rum.perfops.mdb.cdn.orange.com azure-perfops.azureedge.net cdnperf.castway.net ovh-cdn.perfops.io perfops-static.freetls.fastly.net test-perfops.ldgslb.com perfops.swiftycdn.net perfops.cloudflareperf.com cdn81795137.blazingcdn.net perfops.r.worldssl.net proxy.canary.scrubbingcenter.com; base-uri 'self' test.blink.net api.blink.net blink.net *.blink.net; frame-ancestors 'self'; script-src 'self' *.cloudfront.net bam.eu01.nr-data.net www.google.com cdn.datatables.net www.recaptcha.net www.google-analytics.com https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdnjs.cloudflare.com https: 'unsafe-inline' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: 'unsafe-inline'; 1
upgrade-insecure-requests;  frame-ancestors 'self' wildix.com *.wildix.com *.wildixin.com ; 1
default-src 'self'; script-src 'self' https: 'report-sample' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://analytics.tiktok.com https://bat.bing.com https://js.adsrvr.org https://js.stripe.com/v3/ https://*.ipstatp.com https://sc-static.net https://secure.heat6have.com https://rec.smartlook.com https://fast.appcues.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com https://*.ibytedtos.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://cdn.embed.ly/player-0.1.0.min.js nexus.ensighten.com https://*.sentry.io https://*.sentry-cdn.com https://*.cypress.io wss://*.hotjar.com *.hotjar.com *.hotjar.io https://*.hotjar.io https://*.hotjar.com https://*.intercom.io wss://*.intercom.io *.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.intercom-sheets.com *.intercom-sheets.com https://*.intercomassets.com/ *.intercomassets.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://www.google-analytics.com https://google-analytics.com www.google-analytics.com google-analytics.com https://www.google-analytics.com/ https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://www.googletagmanager.com/ https://googletagmanager.com www.googletagmanager.com googletagmanager.com https://optimize.google.com/ https://optimize.google.com https://www.optimize.google.com www.optimize.google.com optimize.google.com https://www.gstatic.com https://gstatic.com www.gstatic.com gstatic.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://google.com/recaptcha/ google.com/recaptcha/ https://www.facebook.com www.facebook.com https://facebook.com facebook.com https://connect.facebook.net connect.facebook.net https://*.pingdom.net *.pingdom.net; script-src-elem 'self' https: 'report-sample' 'unsafe-inline' 'unsafe-eval' wss://*.hotjar.com *.hotjar.com *.hotjar.io https://*.hotjar.io https://*.hotjar.com https://*.intercom.io wss://*.intercom.io *.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.intercom-sheets.com *.intercom-sheets.com https://*.intercomassets.com/ *.intercomassets.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://www.google-analytics.com https://google-analytics.com www.google-analytics.com google-analytics.com https://www.google-analytics.com/ https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://www.googletagmanager.com/ https://googletagmanager.com www.googletagmanager.com googletagmanager.com https://optimize.google.com/ https://optimize.google.com https://www.optimize.google.com www.optimize.google.com optimize.google.com https://www.gstatic.com https://gstatic.com www.gstatic.com gstatic.com https://www.google.com/recaptcha/ www.google.com/recaptcha/ https://google.com/recaptcha/ google.com/recaptcha/ https://www.facebook.com www.facebook.com https://facebook.com facebook.com https://connect.facebook.net connect.facebook.net https://*.pingdom.net *.pingdom.net https://logx.optimizely.com/v1/events https://*.optimizely.com http://cdn3.optimizely.com/js/geo4.js; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fast.appcues.com https://static.intercomassets.com/ https://optimize.google.com translate.googleapis.com; object-src 'none'; connect-src 'self' https://*.perlego.com https://*.sentry.io https://*.cypress.io wss://api.appcues.net https://fonts.googleapis.com https://bat.bing.com https://bat.bing.com/ https://analytics.tiktok.com https://stats.g.doubleclick.net stats.g.doubleclick.net https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration https://login.microsoftonline.com https://graph.microsoft.com/v1.0/me https://graph.microsoft.com/v1.0/organization https://graph.microsoft.com/v1.0/me/memberOf https://api.trustpilot.com/v1/ https://www.clarity.ms https://e.clarity.ms https://analytics.pangle-ads.com https://td.doubleclick.net https://docs.google.com https://*.pingdom.net *.pingdom.net wss://*.hotjar.com *.hotjar.com *.hotjar.io https://*.hotjar.io https://*.hotjar.com https://*.intercom.io wss://*.intercom.io *.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.intercom-sheets.com *.intercom-sheets.com https://*.intercomassets.com/ *.intercomassets.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://www.google-analytics.com https://google-analytics.com www.google-analytics.com google-analytics.com https://www.google-analytics.com/ https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://www.googletagmanager.com/ https://googletagmanager.com www.googletagmanager.com googletagmanager.com https://www.facebook.com www.facebook.com https://facebook.com facebook.com https://connect.facebook.net connect.facebook.net https://countrycodeworker-dev.perlegoglobal.workers.dev/ https://countrycodeworker-staging.perlegoglobal.workers.dev/ https://countrycodeworker.perlegoglobal.workers.dev/ https://countrycodeworker-dev.perlego.com/ https://countrycodeworker-staging.perlego.com https://countrycodeworker.perlego.com https://logx.optimizely.com/v1/events https://*.optimizely.com http://cdn3.optimizely.com/js/geo4.js; font-src 'self' data: https://*.perlego.com https://js.intercomcdn.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com static3.avast.com use.typekit.net https://*.cloudflare.com wss://*.hotjar.com *.hotjar.com *.hotjar.io https://*.hotjar.io https://*.hotjar.com; frame-src 'self' https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org https://js.stripe.com https://tr.snapchat.com https://studentkortet.go2cloud.org https://plgpm.co.uk https://my.appcues.com/ https://widget.trustpilot.com/ https://match.adsrvr.org https://match.adsrvr.org/ https://*.cypress.io https://streamable.com/ https://login.microsoftonline.com/ https://*.perlego.com https://www.youtube.com/ wss://*.hotjar.com *.hotjar.com *.hotjar.io https://*.hotjar.io https://*.hotjar.com https://*.intercom.io wss://*.intercom.io *.intercom.io https://*.intercomcdn.com https://intercom-sheets.com https://*.intercom-sheets.com *.intercom-sheets.com https://*.intercomassets.com/ *.intercomassets.com/ https://optimize.google.com/ https://optimize.google.com https://www.optimize.google.com www.optimize.google.com optimize.google.com https://www.facebook.com www.facebook.com https://facebook.com facebook.com https://connect.facebook.net connect.facebook.net https://www.gstatic.com https://gstatic.com www.gstatic.com gstatic.com https://logx.optimizely.com/v1/events https://*.optimizely.com http://cdn3.optimizely.com/js/geo4.js www.google.com; img-src 'self' data: https: http://book-extract-service.s3-website.eu-west-2.amazonaws.com/; manifest-src 'self'; media-src 'self' https://js.intercomcdn.com https://js.intercomcdn.com/ https://d27c6j8064skg9.cloudfront.net/ConversionRateExpert/Perlego/ https://img.perlego.com; worker-src 'none'; frame-ancestors 'self' 1
default-src 'self' https://*.gaf.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.gaf.com https://gafcom.mpeasylink.com https://js.monitor.azure.com https://www.googletagmanager.com https://cdn.cookielaw.org https://*.go-mpulse.net https://*.cloudfront.net https://www.youtube.com https://*.licdn.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://img03.en25.com https://*.hotjar.com https://ws.contobox.com https://www.clarity.ms https://geoip-js.com https://*.googleapis.com https://tracking.skyword.com https://www.google.com https://www.gstatic.com https://*.bazaarvoice.com https://www.googleadservices.com https://js.hsforms.net https://22168879.fs1.hubspotusercontent-na1.net https://*.cloudflare.com https://*.vercel.app https://*.ceros.com https://eave.us https://cdn.jsdelivr.net https://intheworks.site https://code.jquery.com https://mpsnare.iesnare.com https://analytics.convertlanguage.com; style-src 'unsafe-inline' 'self' https://*.gaf.com https://fonts.googleapis.com https://www.googletagmanager.com https://carluccidesign.com https://*.vercel.app https://*.ceros.com https://eave.us https://cdn.jsdelivr.net https://intheworks.site https://display.ugc.bazaarvoice.com; connect-src 'self' https://*.gaf.com https://*.in.applicationinsights.azure.com https://cdn.cookielaw.org https://*.go-mpulse.net https://api-engage-us.sitecorecloud.io https://*.google.com https://stats.g.doubleclick.net https://*.akamaihd.net https://*.akstat.io https://px.ads.linkedin.com https://*.contobox.com https://*.clarity.ms https://*.cloud.coveo.com https://*.googleapis.com https://*.hotjar.io https://surefiregaf.webservices.sfs.io https://bat.bing.com https://*.bazaarvoice.com https://www.google-analytics.com https://forms.hsforms.com https://*.ceros.com https://eave.us https://geoip-js.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.facebook.com https://api.hubapi.com https://www.googleadservices.com; font-src 'self' https://*.gaf.com data: https://fonts.googleapis.com https://fonts.gstatic.com https://carluccidesign.com https://*.vercel.app https://*.ceros.com https://eave.us https://intheworks.site https://apps.bazaarvoice.com; frame-src 'self' https://gafcom.mpeasylink.com https://*.gaf.com https://*.fls.doubleclick.net https://*.doubleclick.net https://www.youtube.com https://www.google.com https://*.chameleonpower.com https://view.ceros.com https://carluccidesign.com https://*.vercel.app https://*.ceros.com https://eave.us https://intheworks.site https://api.bazaarvoice.com https://display.ugc.bazaarvoice.com https://www.facebook.com https://pixel.sitescout.com https://forms.hsforms.com https://gafsustainability.website1.dev; img-src 'self' https://*.gaf.com https://*.siplast.com data: https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.linkedin.com https://*.t.eloqua.com https://www.facebook.com https://*.bing.com https://ad.doubleclick.net https://*.google.com https://trkn.us https://maps.gstatic.com https://*.googleapis.com https://*.bazaarvoice.com https://ad.ipredictive.com https://*.linkedin.com https://forms-na1.hsforms.com https://www.googletagmanager.com https://carluccidesign.com https://*.ceros.com https://eave.us https://i.ytimg.com https://intheworks.site https://*.clarity.ms https://tags.w55c.net https://tracking.skyword.com https://fonts.gstatic.com https://forms.hsforms.com https://clickserv.sitescout.com https://*.googleusercontent.com https://googleads.g.doubleclick.net; upgrade-insecure-requests; block-all-mixed-content; report-uri /cspreports.xml 1
frame-ancestors 'self' http://10.100.2.145 1
style-src 'self' 'unsafe-inline' *.seb.se seb.humany.net; script-src 'self' 'unsafe-eval' 'nonce-HzQGbpfFU0QU+XtauX4klNVZW4s1QRv/gkZrpag3zpY=' 'report-sample' *.seb.se seb.humany.net https://activitymap.adobe.com/sc15/activitymap/index.js https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' *.seb.se seb.d3.sc.omtrdc.net cache.cvm3.se data:; frame-src 'self' *.seb.se seb-external.creo.se seb-external.creomediamanager.com player.cvm3.se seb-live.creo.se https://a26926230211.cdn.optimizely.com activitymap.adobe.com; font-src 'self' content.seb.se seb.humany.net ace-knowledge-cdn.teliacompany.net data:; connect-src 'self' *.seb.se seb.humany.net *.sebgroup.com seb.d3.sc.omtrdc.net https://*.optimizely.com; base-uri 'self'; object-src 'none'; report-uri /api/csp-report/ 1
default-src 'self' 'unsafe-inline'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bing.com *.firestonecompleteautocare.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' *.firestonecompleteautocare.com *.tiktok.com *.doubleclick.net *.adobedtm.com *.google-analytics.com *.everestjs.net *.pinimg.com *.hotjar.io *.hotjar.com *.bing.com *.googleadservices.com *.xg4ken.com *.facebook.net *.doubleclick.com *.googletagmanager.com *.akamaihd.net *.marchex.io *.everesttech.net *.iperceptions.com *.powerreviews.com *.iovation.com *.iesnare.com *.googleapis.com *.virtualearth.net *.recaptcha.net *.gstatic.com *.adroll.com; img-src * data: blob: ; connect-src *; frame-src *; font-src 'self' data: 1
default-src 'self' https://static.lobstr.co https://www.google-analytics.com https://lobstr.zendesk.com https://ekr.zdassets.com 'nonce-38a89b626273b106c79e0b5e5c7f2e4740c562ddc3a7d16b8eaa94a7e05f6afe';connect-src 'self' https://lobstr.freshdesk.com https://widget.freshworks.com https://horizon.stellar.lobstr.co https://horizon.stellar.org https://api.anclap.com https://vault.lobstr.co https://static.lobstr.co https://sentry.razortheory.com https://api.cowrie.exchange https://api.fchain.io https://smx.saldo.mx https://api.apay.io https://test.apay.io https://stellaranchor.ntokens.com https://stellaranchor.ntokens.com.br https://api.anchor.com.ar https://k.tempocrypto.com https://a3s.api.stellarport.io https://pagos.saldo.mx https://connect.clickpesa.com https://tff.tiny.group https://www.anchormxn.com https://www.naobtc.com https://testanchor.lobstr.co https://api.anchorusd.com https://transfer-server.stablex.cloud https://lobstr.zendesk.com https://www.google-analytics.com https://ekr.zdassets.com https://unstoppabledomains.com https://usdcswap.ultrastellar.com https://usdcswap.com https://ultrastellar.com https://ultracapital.xyz https://anchor.ultrastellar.com https://polaris.stably.io https://api.dstoq.com https://anchormxn.com https://kbtrading.org https://anchor.thecryptobanker.com https://stellar.moneygram.com https://apisvcs.moneygram.com https://ngnc.online https://anchor.ngnc.online https://anchor.mykobo.co https://orokii.com https://sep6.whalestack.com https://stellar-anchor.payfura.com https://transfer-server.zetl.network https://stellar-anchor.payfura.com https://stellar-sep.triple-a.io https://stellar-sep-24.banxa.com https://kado-anchor-sep.kado.money https://routing.ultrastellar.com https://circle.anchor.mykobo.co https://api.strider.today https://ticker.ultrastellar.com 'nonce-38a89b626273b106c79e0b5e5c7f2e4740c562ddc3a7d16b8eaa94a7e05f6afe';img-src 'self' data: https://s3.amazonaws.com/cdn.freshdesk.com/ https://www.google.com https://id.lobstr.co https://www.google-analytics.com https://www.gstatic.com https://cdnjs.cloudflare.com https://static.lobstr.co 'nonce-38a89b626273b106c79e0b5e5c7f2e4740c562ddc3a7d16b8eaa94a7e05f6afe';script-src-elem 'self' https://widget.freshworks.com https://unpkg.com https://static.lobstr.co https://assets.zendesk.com https://cdnjs.cloudflare.com https://static.zdassets.com https://code.jquery.com https://www.google.com https://www.gstatic.com https://ajax.cloudflare.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google-analytics.com;script-src 'self' https://widget.freshworks.com https://www.google-analytics.com https://assets.zendesk.com https://unpkg.com https://static.zdassets.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://static.zdassets.com https://static.lobstr.co https://stackpath.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://code.jquery.com 'nonce-38a89b626273b106c79e0b5e5c7f2e4740c562ddc3a7d16b8eaa94a7e05f6afe';style-src 'unsafe-inline' https://static.zdassets.com https://ajax.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://static.lobstr.co https://widget.freshworks.com;object-src 'none';base-uri 'self';frame-src 'self' https://www.youtube.com https://www.youtube.com/embed/rHQgXYhgKsU https://www.google.com 'nonce-38a89b626273b106c79e0b5e5c7f2e4740c562ddc3a7d16b8eaa94a7e05f6afe';font-src 'self' https://fonts.gstatic.com https://static.lobstr.co https://cdnjs.cloudflare.com https://fonts.googleapis.com 'nonce-38a89b626273b106c79e0b5e5c7f2e4740c562ddc3a7d16b8eaa94a7e05f6afe';frame-ancestors 'none';report-uri /csp-manager/report/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.readspeaker.com *.thuisarts.nl; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' data: *.thuisarts.nl *.readspeaker.com; media-src 'self' *.thuisarts.nl *.readspeaker.com; frame-src 'self' *.readspeaker.com; frame-ancestors 'self' *.asterisque.nl *.cnsconnect.nl *.crsinternet.nl *.curasoft.nl *.dataleaf.eu *.eposzilos.nl *.extenzo.nu *.healthconnected.nl *.omnihis.nl *.oscarecd.nl *.portavita.eu *.portavita.nl *.promedico-asp.aw *.promedico-asp.nl *.topicus-hap.nl *.prescriptor.nl *.digitalis.nl *.clinicalrules.nl *.caresharing.eu *.vandenhoogenhoff.com *.brickshuisarts.nl; font-src 'self' data: https://themes.googleusercontent.com; connect-src 'self' *.thuisarts.nl *.readspeaker.com; report-uri /report-csp-violation 1
default-src 'none';base-uri 'none';connect-src 'self' https://speedtoost.pixelinc.workers.dev https://speedtest.kagi.workers.dev https://kagi.com https://*.kagi.com/ https://*.mapbox.com/ https://api.mapbox.com/ https://*.hereapi.com/ https://en.wikipedia.org/* https://*.apple-mapkit.com/ https://gsp10-ssl.ls.apple.com https://static.midomi.com https://*.googleapis.com https://*.gstatic.com https://tile.openstreetmap.org;font-src 'self' https://*.kagi.com/ https://kagi.com https://fonts.gstatic.com data:; form-action 'self' https:;frame-src 'self' https://*.kagi.com/ https://www.paypal.com/ ; frame-ancestors 'none';img-src 'self'  https://*.apple-mapkit.com/ https://*.kagi.com/ http://static.soundhound.com https://upload.wikimedia.org https://kagifeedback.org https://*.gstatic.com https://*.googleapis.com https://www.paypalobjects.com/ https://tile.openstreetmap.org data: blob:; media-src 'self' https://kagifeedback.org https://*.kagi.com/; style-src 'self' https://*.kagi.com/ https://static.midomi.com https://*.googleapis.com 'unsafe-inline'; worker-src 'self' https://*.kagi.com/ blob:;child-src 'self' https://*.kagi.com/ blob:;object-src 'none';script-src 'strict-dynamic' 'nonce-les79Pr2eZLTP3EiNrgwYw' 'unsafe-inline' https://*.kagi.com ; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://matomo.ria.ee/ https://search.service.vportal.ee/v1/search/ria https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/ria https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee; img-src 'self' data: *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://matomo.ria.ee https://www.google-analytics.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://matomo.ria.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com https://www.google-analytics.com unpkg.com https://matomo.ria.ee/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://matomo.ria.ee static.cludflareinsaights.com https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com https://www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src 'self' https:; connect-src 'self' http://*:*; img-src 'self' https: data: blob:; script-src 'self' https:; style-src 'self' https: 'unsafe-inline'; font-src https: data:; frame-ancestors 'none'; object-src blob:; frame-src 'self' https: blob:; 1
frame-ancestors 'self' *.pangle.io *.pangle-b.io 1
font-src fonts.gstatic.com use.typekit.net *.cloudmaestro.com cdn.livechatinc.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com static.klaviyo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.shopperapproved.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com bitpay.com cdn.plaid.com *.pandadoc.com gum.criteo.com *.hotjar.com/ secure.livechatinc.com ssl.kaptcha.com static.criteo.net platform.twitter.com *.tradingview.com widget.nfusionsolutions.com www.facebook.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://img.youtube.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com aa.agkn.com ad.360yield.com ad.tpmn.co.kr ad.turn.com *.addthis.com ade.clmbtech.com ads.stickyadstv.com ads.yahoo.com bat.bing.com www.bizrate.com cdn.cookielaw.org cdn.livechatinc.com cdn.livechat-files.com cdn.stickyadstv.com *.cloudfront.net *.cloudmaestro.com cm.g.doubleclick.net contextual.media.net *.clarity.ms csm.va.us.criteo.net criteo-partners.tremorhub.com criteo-sync.teads.tv c.bing.com dis.criteo.com eb2.3lift.com exchange.mediavine.com gum.criteo.com idsync.rlcdn.com img.onesignal.com i.liadm.com ib.adnxs.com https://jadserve.postrelease.com match.sharethrough.com matching.ivitrack.com us.creativecdn.com partner.mediawallahscript.com pixel.rubiconproject.com public-prod-dspcookiematching.dmxleo.com r.casalemedia.com rtb-csync.smartadserver.com sdbullion.com 'self' seal.digicert.com secure.adnxs.com shareasale.com simage2.pubmatic.com sp.analytics.yahoo.com sync.bidence.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com s.ad.smaato.net tags.bluekai.com tapestry.tapad.com tg.socdm.com trends.revcontent.com ups.analytics.yahoo.com vid.vidoomy.com visitor.omnitagjs.com x.bidswitch.net verify.authorize.net www.facebook.com www.shopperapproved.com ws.rqtrk.eu preprod.sdbullion.com adm.sdbullion.com *.sdbullion.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://www.shopperapproved.com https://direct.shopperapproved.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ s7.addthis.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com acdn.adnxs.com *.addthis.com api.livechatinc.com bat.bing.com bitpay.com cdn.cookielaw.org cdn.livechatinc.com cdn.onesignal.com cdn.plaid.com cdnjs.cloudflare.com *.clarity.ms *.cloudmaestro.com connect.facebook.net dwin1.com *.googletagmanager.com *.hotjar.com form.jotform.com *.klaviyo.com onesignal.com seal.digicert.com ssl.kaptcha.com sslwidget.criteo.com static.criteo.net s1.cnnx.io s3.tradingview.com *.twitter.com verify.authorize.net v1.addthisedge.com widget.nfusionsolutions.com widget.us.criteo.com www.dwin1.com www.shopperapproved.com z.moatads.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com bam.nr-data.net https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.klaviyo.com *.cloudmaestro.com onesignal.com preprod.sdbullion.com adm.sdbullion.com sdbullion.com *.sdbullion.com www.shopperapproved.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ ekr.zdassets.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com api.livechatinc.com *.klaviyo.com https://bt.signifyd.com:11103 cdn.cookielaw.org *.clarity.ms *.kmail-lists.com geolocation.onetrust.com onesignal.com privacyportal-eu.onetrust.com seal.digicert.com ssl.kaptcha.com stats.g.doubleclick.net *.twitter.com verify.authorize.net bam.nr-data.net sdbullion.com *.sdbullion.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri sdbullion.com *.sdbullion.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; report-uri https://scan.campusgroups.com/csp_reports; 1
default-src 'self' gso.amocrm.com gso.kommo.com; script-src 'self' 'strict-dynamic' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://assets.calendly.com https://platform.twitter.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://my.hellobar.com https://www.google-analytics.com https://www.youtube.com 'sha256-qZJmHHAaUu28WoFKc0FVNpA5ikXzX0NBeqIpY0bQXIA=' 'sha256-V7US+zMwAMOPr/YqM4zVsHsKGl3xUiVIwhFUvnv87QE=' 'sha256-J8lzg3ubs2SO6PW9MmHWe1UzbBMwuiLWxN/otQCygyY=' 'sha256-eH5kMeUdc48DzHbZtubwbQ1dUOxSsKEw4nqHROB4O+g=' 'sha256-disSjv6Cqh2qc1///UXyReEByhnnMEGIa7VnqInfjls=' 'sha256-sejyC18/DnWxENEG0wtqHl60q8kck4ZIDJVPYZoFY2Y=' 'sha256-yHwihVYvV0uJwcx2/8gO6wxKSQKbIKgPrOhvJErN3Zs=' 'sha256-DpOoqibK/BsYhobWHnU38Pyzt5SjDZuR/mFsAiVN7kk=' https://ajax.googleapis.com https://www.facebook.com https://connect.facebook.net https://graph.facebook.com vk.com https://login.vk.com top-fwz1.mail.ru https://mc.yandex.ru https://yastatic.net 'nonce-e9af510aa1a2'; style-src 'self' https://fonts.googleapis.com 'strict-dynamic' 'unsafe-inline' https://unpkg.com https://assets.calendly.com https://cdn.jsdelivr.net q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com gso.amocrm.com gso.kommo.com connect.facebook.net; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://*.kommo.com chrome-extension://cfaicdlgblgdchnpdilihjmfnogpjakl chrome-extension://eaeaddaoioikiaokcmjfeghddidmmfhc; worker-src blob:; object-src 'none'; font-src 'self' data: q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://fonts.gstatic.com; img-src 'self' data: blob: https://*.kommo.com https://*.amocrm.com https://seal.godaddy.com https://px.ads.linkedin.com https://partnersus.s3.amazonaws.com https://partnersus-test.s3.eu-west-1.amazonaws.com https://amocrm.com https://kommo.com https://giphy.com https://*.giphy.com https://pbs.twimg.com https://i.ytimg.com https://www.statista.com https://syndication.twitter.com https://bat.bing.com q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com https://i.postimg.cc https://widgets.amocrm.com https://widgets.kommo.com piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://vk.com https://mc.yandex.ru https://yastatic.net https://mc.yandex.md; media-src 'self' q4s5p2q6.stackpathcdn.com pcfcdn.kommo.com; frame-src 'self' www.facebook.com socialplugin.facebook.net www.googletagmanager.com forms.amocrm.com forms.kommo.com calendly.com platform.twitter.com d562488024744908ac9e9fa9d3112067.pages.ubembed.com giphy.com td.doubleclick.net piper.amocrm.com gso.amocrm.com piper.kommo.com gso.kommo.com button.kommo.com button.amocrm.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com https://www.facebook.com https://vk.com https://mc.yandex.ru; connect-src 'self' https://*.kommo.com https://cdn.linkedin.oribi.io https://connect.ok.ru https://appbroker.amostage.com https://appbroker.amocrm.com https://pagead2.googlesyndication.com gso.amocrm.com gso.kommo.com lc-en.amocrm.com lc-en.kommo.com https://pro.ip-api.com https://www.google-analytics.com https://google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://graph.facebook.com https://vk.com https://login.vk.com https://top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.md; base-uri 'self'; 1
frame-ancestors https://*.tu.berlin https://stats.tu-berlin.de; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://firestore.googleapis.com https://netlify-cdp-loader.netlify.app https://segment.com https://www.youtube.com https://use.typekit.net https://consent.trustarc.com https://cdn.jsdelivr.net https://apis.google.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://static.ads-twitter.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.hotjar.com https://426814.tctm.xyz https://*.force.com https://*.chilipiper.com https://*.facebook.net https://*.bing.com https://snap.licdn.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.site.com https://*.fullstory.com https://*.googleadservices.com https://redditstatic.com https://*.reddit.com https://*.outbrain.com https://*.redditstatic.com 1
frame-ancestors 'self' https://cm.baptisthealth.net https://baptisthealth.net https://orthopedics.baptisthealth.net https://uat.orthopedics.apps.baptisthealth.net https://orthopedics.baptist.dev.merge-digital.com https://pineappleconnect.net 1
default-src 'self'; font-src 'self' https: data: *.hotjar.com; img-src 'self' https: data: blob:; media-src 'self' *.zdassets.com; object-src 'none'; script-src 'self' betterplace-assets.betterplace.org 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.smassets.net *.surveymonkey.com *.zdassets.com *.zopim.com ajax.googleapis.com js.stripe.com maps.googleapis.com optimize.google.com play.google.com s.ytimg.com script.hotjar.com tagmanager.google.com *.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.paypal.com www.youtube-nocookie.com www.youtube.com *.bp42.com storage.googleapis.com; style-src 'self' 'unsafe-inline' betterplace-assets.betterplace.org *.hotjar.com *.smassets.net *.surveymonkey.com fonts.googleapis.com optimize.google.com storage.googleapis.com; connect-src 'self' api.betterplace.org betterplace-assets.betterplace.org nextjs.betterplace.org secure.betterplace.org www.betterplace.org *.hotjar.com *.hotjar.io *.surveymonkey.com *.zdassets.com *.zendesk.com *.zopim.com api.honeybadger.io maps.googleapis.com stats.g.doubleclick.net wss://*.hotjar.com wss://*.zopim.com www.google-analytics.com www.google.com/recaptcha www.gstatic.com www.paypal.com www.sandbox.paypal.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu eu.posthog.com; frame-src 'self' nextjs.betterplace.org secure.betterplace.org www.betterplace.org *.betterplace.org *.hotjar.com *.paypal.com *.surveymonkey.com *.zdassets.com *.engagementportal.de *.epo42.de js.stripe.com optimize.google.com www.betterplace-widget.org www.google.com www.paypalobjects.com www.recaptcha.net www.youtube-nocookie.com www.youtube.com; worker-src 'self' blob:; child-src 'self' blob: 1
default-src 'self' https://www.norc.org https://norc.org *.osano.com https://norc-mkt-prod1-m.adobe-campaign.com https://cdn.jsdelivr.net https://player.vimeo.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://s7d1.scene7.com https://norc.tt.omtrdc.net https://assets.adobedtm.com https://dpm.demdex.net https://norc.demdex.net https://norc-mkt-stage1-m.adobe-campaign.com *.algolia.net *.algolianet.com https://cdn.plyr.io; img-src 'self' https://www.norc.org https://norc.org https://publish-p48206-e244563.adobeaemcloud.com https://norc.sc.omtrdc.net https://cdn.plyr.io http://s7d1.scene7.com https://s7d1.scene7.com https://assets.adobedtm.com https://i.ytimg.com; script-src 'self' 'unsafe-eval' 'nonce-2726c7f26c' 'sha256-QCX2WrJAVBq3gCFlmChFAsBql01DvEVZnvaj3mPNl6Y=' https://www.norc.org https://norc.org *.osano.com https://connect.facebook.net/en_US/sdk.js https://norc-mkt-prod1-m.adobe-campaign.com https://cdn.jsdelivr.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://assets.adobedtm.com *.algolia.net *.algolianet.com; style-src 'self' 'unsafe-inline' https://www.norc.org https://norc.org https://norc-mkt-prod1-m.adobe-campaign.com https://fonts.googleapis.com https://fonts.gstatic.com https://assets.adobedtm.com;child-src 'self' *.osano.com blob:;frame-src 'self' https://static.contextall.com *.osano.com *.youtube.com *.youtube-nocookie.com https://norc-mkt-prod1-m.adobe-campaign.com https://norc-mkt-stage1-m.adobe-campaign.com; 1
default-src 'self' data: vdab.be *.vdab.be *.ops.vdab.be *.vlaanderen.be; object-src vdab.be *.vdab.be *.ops.vdab.be; script-src 'self' blob: data: vdab.be *.vdab.be *.ops.vdab.be *.vlaanderen.be *.googletagmanager.com https://*.usercentrics.eu 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com www.google.com apis.google.com translate.google.com translate.googleapis.com developers.google.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.googleadservices.com googleads.g.doubleclick.net maps.gstatic.com maps.googleapis.com cdnjs.cloudflare.com twitter.com platform.twitter.com abs.twimg.com connect.facebook.net api.microsofttranslator.com static.trackuity.com api.trackuity.com *.readspeaker.com twegos.com widget.twegos.com static.hotjar.com script.hotjar.com enquete.agconsult.com www.youtube.com t.contentsquare.net app.contentsquare.com; font-src 'self' data: vdab.be *.vdab.be *.ops.vdab.be *.vlaanderen.be fonts.gstatic.com maps.googleapis.com maps.gstatic.com script.hotjar.com; img-src 'self' data: vdab.be *.vdab.be *.ops.vdab.be *.vlaanderen.be *.google-analytics.com *.googletagmanager.com https://*.usercentrics.eu blob: x-apple-ql-id://* www.google-analytics.com www.googletagmanager.com ssl.google-analytics.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net www.google.com www.google.be maps.googleapis.com maps.gstatic.com translate.google.com *.googleapis.com *.googleusercontent.com developers.google.com mt.google.com twitter.com abs.twimg.com assets.grammarly.com i9.ytimg.com script.hotjar.com *.readspeaker.com i.ytimg.com www.ago.jobs *.ggpht.com *.contentsquare.net; style-src 'self' 'unsafe-inline' vdab.be *.vdab.be *.ops.vdab.be *.vlaanderen.be tagmanager.google.com fonts.googleapis.com maps.googleapis.com maps.gstatic.com translate.googleapis.com twitter.com abs.twimg.com *.readspeaker.com; frame-src 'self' vdab.be *.vdab.be *.ops.vdab.be *.vlaanderen.be https://*.usercentrics.eu www.google.com google.com accounts.google.com apis.google.com www.google.com.qa www.googletagmanager.com maps.google.com youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com vimeo.com *.vimeo.com prezi.com *.prezi.com youtube.be *.youtube.be *.facebook.com platform.twitter.com sdk.companywebcast.com *.readspeaker.com twegos.com widget.twegos.com vars.hotjar.com enquete.agconsult.com feedbackcvbrief.youcanbook.me sollicitatiecoach.youcanbook.me sollicitatiefilmpje.youcanbook.me secure.livechatinc.com; connect-src 'self' data: vdab.be *.vdab.be *.ops.vdab.be *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.usercentrics.eu www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net maps.googleapis.com maps.gstatic.com translate.googleapis.com *.facebook.com *.exacttargetapis.com *.hotjar.com:* vc.hotjar.io:* wss://*.hotjar.com https://*.hotjar.io *.readspeaker.com *.contentsquare.net; frame-ancestors 'self' vdab.be *.vdab.be *.ops.vdab.be http://www.woodwize.be http://www.och-cfb.be https://www.onderwijskiezer.be http://www.steunpuntwerk.be; media-src 'self' vdab.be *.vdab.be *.ops.vdab.be *.readspeaker.com; worker-src 'self' *.vlaanderen.be blob:; child-src 'self' vdab.be *.vdab.be *.ops.vdab.be *.vlaanderen.be blob:; report-uri /csp-violation-report; report-to csp-violation-report;  1
connect-src 'self' bmz.de *.bmz.de; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://statistik.bmz.de; object-src 'none'; form-action 'self'; upgrade-insecure-requests; frame-ancestors 'self'; img-src 'self' data: https://statistik.bmz.de *.bmz.de *.ukraine-wiederaufbauen.de; default-src 'self'; font-src 'self' data:; frame-src https://statistik.bmz.de https://www.youtube-nocookie.com https://webtv.bundestag.de 1
default-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net ws://socket.spacehey.com wss://socket.spacehey.com; script-src 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; style-src 'unsafe-inline' 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net; img-src data: 'self' spacehey.com *.spacehey.com spacehey.net *.spacehey.net tibushlabs.de; frame-src https:; connect-src https: ws://socket.spacehey.com wss://socket.spacehey.com; form-action https:; object-src 'none'; 1
base-uri 'self'; object-src 'none'; default-src 'self' *.goconqr.com; font-src 'self' *.goconqr.com cdnjs.cloudflare.com/ajax/libs/mathjax/ fonts.gstatic.com use.typekit.net static3.avast.com fonts.googleapis.com live.primis.tech; img-src 'self' *.goconqr.com www.google-analytics.com googleads.g.doubleclick.net www.google.com https: http: data: blob:; style-src 'self' *.goconqr.com cdn.ckeditor.com a.pub.network/goconqr-com/cls.css 'unsafe-inline'; media-src 'self' *.goconqr.com examtimeassets.s3.amazonaws.com blob: data:; frame-ancestors 'self' teams.microsoft.com; frame-src 'self' https:; connect-src 'self' https:; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; report-uri /csp_reports 1
frame-ancestors 'self'; img-src 'self' data: https:; 1
report-uri https://o389095.ingest.sentry.io/api/4503974312935424/security/?sentry_key=b47d15718a5343f497259a10c33fd9e2&sentry_environment=vercel-production&sentry_release=82446ab485226eb9a4b51a2100eaeacd6adc2f3e; default-src 'self' blob: https://*.decentralized-content.com; font-src 'self' data: *; media-src 'self' blob: *; object-src 'self' blob: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://unpkg.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://challenges.cloudflare.com https://vercel.live; child-src 'self' blob: https://*.decentralized-content.com https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org; frame-src 'self' data: 'unsafe-eval' blob: *; connect-src 'self' data: blob: *; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pawoo.net; img-src 'self' https: data: blob: https://pawoo.net; style-src 'self' https://pawoo.net 'nonce-rkNqJWOvAy3WAe8yNPytEA=='; media-src 'self' https: data: https://pawoo.net; frame-src 'self' https:; manifest-src 'self' https://pawoo.net; form-action 'self'; connect-src 'self' data: blob: https://pawoo.net https://img.pawoo.net wss://pawoo.net; script-src 'self' https://pawoo.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.recaptcha.net https://www.gstatic.com 'wasm-unsafe-eval'; child-src 'self' blob: https://pawoo.net; worker-src 'self' blob: https://pawoo.net 1
default-src 'self' blob: data: *.akamaized.net *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.organicfruitapps.com; child-src blob: embed.music.apple.com embed.podcasts.apple.com https://recyclingprogram.apple.com.cn swdlp.apple.com www.apple.com.cn www.instagram.com platform.twitter.com www.youtube-nocookie.com; img-src 'unsafe-inline' blob: data: *.apple.com *.apple.com.cn *.apple-mapkit.com *.cdn-apple.com *.mzstatic.com; script-src 'unsafe-inline' 'unsafe-eval' blob: apple.com *.apple.com *.apple.com.cn *.apple-mapkit.com www.instagram.com platform.twitter.com; style-src 'unsafe-inline' *.apple.com *.apple.com.cn 1
frame-ancestors 'self'; worker-src 'self' blob:; upgrade-insecure-requests; script-src assets.sitescdn.net play.goconsensus.com *.confirmit.eu *.techtarget.com bat.bing.com *.baidu.com *.driftt.com *.6sc.co *.d41.co *.licdn.com *.softwareag.com *.ceros.com *.marketo.net *.marketo.com siteimproveanalytics.com *.adobe.com *.rlcdn.com *.doubleclick.net *.googleadservices.com *.google-analytics.com  *.googletagmanager.com *.ytimg.com *.youtube.com *.adobedtm.com *.scene7.com *.trustarc.com *.ads-twitter.com *.bizible.com *.facebook.net *.omtrdc.net *.2o7.net *.demdex.net *.everesttech.net  'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
upgrade-insecure-requests; default-src https: blob: wss: data:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: blob: data:;frame-src https: blob: data:; report-uri /cspreports 1
default-src 'self' 'unsafe-inline' *.bzga.de data:; script-src 'self' 'unsafe-inline' *.bzga.de; frame-src 'self' https://www.bzga.de/ https://piwik.bzga.de/ https://www.youtube-nocookie.com/; img-src 'self' data: *.ytimg.com *.bzga.de 1
connect-src 'self' https://segment-api.ethoslife.com https://api.dev.ethoslife.com https://api.stage.ethoslife.com https://www.ethoslife.com https://api.ethoslife.com https://io.ethoslife.com https://*.ethoslife.com wss://io.ethoslife.com https://www.getethos.com https://api.getethos.com https://io.getethos.com wss://io.getethos.com https://*.ar1d.net https://*.segment.io https://*.bing.com https://*.fullstory.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://google.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://boards-api.greenhouse.io https://api.stripe.com https://*.launchdarkly.com https://*.adroll.com https://*.pinterest.com https://*.katch.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.ar1d.net https://*.optimizely.com https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://rum-http-intake.logs.datadoghq.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://api.userway.org https://cdn.userway.org https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://hello.staticstuff.net https://win.staticstuff.net https://*.transcend.io https://late-glade-2372.tines.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com blob: https://*.transcend.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dev.ethoslife.com https://*.stage.ethoslife.com https://acdn.adnxs.com https://*.ethoslife.com https://*.getethos.com https://*.netlify.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://*.segment.com https://*.bing.com https://*.fullstory.com https://fullstory.com https://*.taboola.com https://*.linkedin.com https://*.licdn.com https://js.stripe.com https://*.quora.com https://*.adroll.com https://*.pinimg.com https://aa.agkn.com https://create.leadid.com https://create.lidstatic.com https://info.leadid.com https://d2m2wsoho8qq12.cloudfront.net https://*.katch.com https://js.driftt.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://*.optimizely.com https://assets.customer.io http://tagmanager.google.com/debug http://www.googletagmanager.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/11355970984.js https://optimizely.s3.amazonaws.com/ https://*.hotjar.com https://www.datadoghq-browser-agent.com/datadog-rum-us.js https://www.datadoghq-browser-agent.com/datadog-rum-v4.js https://vt.myvisualiq.net https://px.airpr.com/airpr.js https://cdn.pbbl.co https://cdn.userway.org https://amplify.outbrain.com https://tr.outbrain.com https://*.segment.com https://*.segment.io https://app.leadsrx.com https://b-code.liadm.com https://rp.liadm.com https://analytics.tiktok.com https://d11tldh9zr4z08.cloudfront.net https://hello.staticstuff.net https://win.staticstuff.net https://cdn.riskid.security https://*.transcend.io/ https://www.youtube-nocookie.com/ https://unpkg.com/netlify-cms@%5E2.0.0/dist/netlify-cms.js https://media-library.cloudinary.com https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net https://websitevisitorleads.com; object-src 'self'; frame-src 'self' https://dev.ethoslife.com https://agents.dev.ethoslife.com https://stage.ethoslife.com https://agents.stage.ethoslife.com https://agents.ethoslife.com https://quote-widget.ethoslife.com https://quote-widget.getethos.com https://*.facebook.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.google.ca https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ https://js.stripe.com https://d2m2wsoho8qq12.cloudfront.net/ https://hooks.stripe.com https://ethslf.com https://player.vimeo.com https://fast.wistia.net https://www.quotelab.com https://t1.webbconnected.com https://www.emjcd.com https://cj.dotomi.com https://www.mailtrck.com https://www.trcknow.com https://pranwtr.com https://gztkr.mobi https://prformc.com https://www.authoritytrcker.com https://315track.com https://js.driftt.com https://share.intercom.io https://*.optimizely.com https://vars.hotjar.com https://cdn.pbbl.co https://cloudinary.com/ https://console.cloudinary.com/ https://cdn.userway.org https://www.xol82trk.com https://hackerone.com https://*.transcend.io https://ct.pinterest.com/ https://d2hrivdxn8ekm8.cloudfront.net https://d1lu3pmaz2ilpx.cloudfront.net https://dvqigh9b7wa32.cloudfront.net https://d330aiyvva2oww.cloudfront.net; font-src 'self' data: https://*.gstatic.com https://js.intercomcdn.com https://script.hotjar.com; img-src 'self' data: http://www.google-analytics.com http://bat.bing.com https://res.cloudinary.com https://*.facebook.com https://*.facebook.net https://rp4.liadm.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google.ca https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.com https://*.googletagmanager.com https://*.taboola.com https://*.linkedin.com https://create.leadid.com https://data.adxcel-ec2.com https://*.pinterest.com https://*.adroll.com https://*.twitter.com https://*.reddit.com https://*.quora.com https://click.clktraker.com https://pinterest.adsymptotic.com https://*.bluekai.com https://*.rlcdn.com https://*.adnxs.com https://*.nextinsure.com https://*.digitru.st https://*.sharethrough.com https://*.quotelab.com https://*.shmktpl.com https://*.bizographics.com https://*.openx.net https://*.bidswitch.net https://pixel.advertising.com https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://sync.outbrain.com https://eb2.3lift.com https://fcmatch.youtube.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://track.customer.io/ https://*.segment.io https://*.hotjar.com https://t.myvisualiq.net https://tapestry.tapad.com https://loadus.exelator.com https://dpm.demdex.net https://dpx.airpr.com https://pixel.pointmediatracker.com/ https://cnv.event.prod.bidr.io https://px0.pbbl.co https://aa.agkn.com https://cdn.userway.org https://tr.outbrain.com https://pixel.videohub.tv https://rp.liadm.com https://analytics.tiktok.com https://data.adxcel-ec2.com https://i.ytimg.com/; media-src 'self' https://js.intercomcdn.com https://cdn.userway.org https://res.cloudinary.com; default-src 'self'; worker-src 'self' https://www.datadoghq-browser-agent.com/datadog-rum-v4.js; frame-ancestors https://agents.ethoslife.com; 1
default-src 'self' *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net https://data.institutionalinvestor.com *.brightcove.com *.brightcove.net *.boltdns.net *.prod.boltdns.net http://manifest.prod.boltdns.net *.assetmg.info *.cookielaw.org *.onetrust.com *.stripe.com;    connect-src 'self' *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net https://data.institutionalinvestor.com *.brightcove.com *.brightcove.net http://manifest.prod.boltdns.net *.brightcovecdn.com *.assetmg.info *.google-analytics.com *.assetmg.info *.cookielaw.org *.onetrust.com *.stripe.com *.gstatic.com *.azure.com https://adservice.google.com/ *.facebook.com *.linkedin.com https://px.ads.linkedin.com/wa/ *.2mdn.net;  child-src 'self' blob: *.cdn.zephr.com *.brightspot.cloud https://data.institutionalinvestor.com *.boltdns.net *.assetmg.info;  font-src 'self' data: https:  *.cdn.zephr.com *.brightspot.cloud *.googleapis.com *.boltdns.net *.boltdns.net *.assetmg.info;  frame-src 'self' *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net tpc.googlesyndication.com *.google.com https://data.institutionalinvestor.com *.brightcove.net *.institutionalinvestor.com *.ceros.com *.boltdns.net *.assetmg.info *.cookielaw.org *.onetrust.com *.stripe.com *.dwcdn.net *.adspeed.net *.spotify.com;    img-src 'self' data: *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net *.brightcove.net *.brightcove.com *.prod.boltdns.net *.boltdns.net *.assetmg.info *.assetmg.info *.assetmg.info *.cookielaw.org *.facebook.com *.facebook.net *.twitter.com *.licdn.com t.co *.chartbeat.net *.linkedin.com *.onetrust.com *.moatads.com *.moatpixel.com https://analytics.twitter.com/ *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;  media-src 'self' blob: data: *.cdn.zephr.com *.brightspot.cloud *.assetmg.info *.facebook.com *.onetrust.com *.2mdn.net;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.zephr.com *.brightspot.cloud *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net *.boltdns.net http://manifest.prod.boltdns.net *.assetmg.info *.cookielaw.org *.stripe.com *.facebook.net *.licdn.com *.ads-twitter.com *.chartbeat.com *.google-analytics.com *.zephr.com *.brightcove.net *.zencdn.net *.facebook.com *.onetrust.com *.cloudflare.com *.moatads.com *.ceros.com https://www.googletagservices.com/ *.google.com *.gstatic.com;  style-src 'self' 'unsafe-inline' *.zephr.com *.brightspot.cloud *.assetmg.info *.facebook.net *.facebook.com *.ads-twitter.com *.chartbeat.com *.google-analytics.com *.licdn.com *.cookielaw.org *.onetrust.com *.stripe.com *.cdn.zephr.com *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.googleapis.com *.doubleclick.net *.dwcdn.net *.google.com.au https://fonts.googleapis.com;   frame-ancestors 'self' *.cdn.zephr.com *.brightspot.cloud https://data.institutionalinvestor.com *.brightcove.net *.brightcove.com *.assetmg.info *.cookielaw.org *.onetrust.com *.stripe.com; 1
default-src * http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net manifest.prod.boltdns.net *.amazonaws.com *.analytics.google.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.onetrust.com subscriptions.smartrecruiters.com d1hgczpbubj217.cloudfront.net www.connectidfeed.com data: 'unsafe-eval' 'unsafe-inline' blob:; script-src 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval' *.youtube.com *.onetrust.com subscriptions.smartrecruiters.com otp.tools.investis.com d1hgczpbubj217.cloudfront.net staticcontents.investisdigital.com *.googleapis.com www.youtube.com script.hotjar.com sc.lfeeder.com vjs.zencdn.net cdnjs.cloudflare.com static.hotjar.com secure.intuitive-intuition.com cdn.cookielaw.org cdn.cookielaw.org www.googletagmanager.com connect.facebook.net cdn.jsdelivr.net secure.smart-enterprise-52.com *.brightcove.net platform.twitter.com viz.tools.investis.com www.google-analytics.com *.brightcove.net blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net fonts.idigitalcontents.com fonts.gstatic.com viz.tools.investis.com *.brightcove.net *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.onetrust.com subscriptions.smartrecruiters.com; object-src 'none'; font-src 'self' 'unsafe-inline' data: players.brightcove.net fonts.idigitalcontents.com fonts.gstatic.com idx.liadm.com vjs.zencdn.net viz.tools.investis.com *.brightcove.net *.onetrust.com; frame-src 'self' www.youtube.com td.doubleclick.net *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube.com platform.twitter.com irs.tools.investis.com otp.tools.investis.com www.connectidfeed.com subscriptions.smartrecruiters.com *.googleapis.com ; frame-ancestors 'self' https://allowed-origin.com; img-src data: 'self' viz.tools.investis.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.facebook.com *.google-analytics.com *.googleapis.com *.google.com tr.lfeeder.com google-analytics.com *.gstatic.com www.google.co.uk www.googletagmanager.com subscriptions.smartrecruiters.com *.ytimg.com *.youtube.com cdn.cookielaw.org cf-images.eu-west-1.prod.boltdns.net www.google.co.in metrics.brightcove.com *.brightcove.net manifest.prod.boltdns.net; manifest-src 'self'; media-src 'self' house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.onetrust.com blob:; worker-src 'self' 'unsafe-inline' * blob:; connect-src 'self' www.angloamerican.com code.highcharts.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net wss://ws.hotjar.com *.hotjar.io *.hotjar.com data: house-fastly-signed-eu-west-1-prod.brightcovecdn.com privacyportal-eu.onetrust.com manifest.prod.boltdns.net www.connectidfeed.com subscriptions.smartrecruiters.com d1hgczpbubj217.cloudfront.net *.analytics.google.com *.google-analytics.com *.amazonaws.com tupf3ye5m3.execute-api.eu-west-1.amazonaws.com google-analytics.com *.googleapis.com *.onetrust.com cdn.cookielaw.org idx.liadm.com analytics.google.com stats.g.doubleclick.net edge.api.brightcove.com *.brightcove.net players.brightcove.net viz.tools.investis.com analytics.google.com *.google-analytics.com *.youtube.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net ipapi.connectid.cloud *.typekit.net *.amazonaws.com *.google.com; base-uri 'self'; 1
default-src https://www.mcdonalds.fr *.mcdonalds.fr *.contentstack.com *.woosmap.com *.googleapis.com *.privacy-center.org *.gstatic.com *.as8677.net *.mcdonalds.fr *.googletagmanager.com *.google-analytics.com *.brig.ht *.youtube-nocookie.com *.youtube.com *.amazoncognito.com *.twitter.com *.algolia.com *.algolia.net *.admo.tv mcdonalds-operations.fr *.mcdonalds-operations.fr *.worldline-solutions.com *.ads-twitter.com *.abtasty.com *.sentry.io analytics.google.com *.analytics.google.com snap.licdn.com *.outbrain.com *.presage.io *.capadresse.com *.datadome.co *.captcha-delivery.com  *.doubleclick.net googletagmanager.com analytics.google.com *.analytics.google.com snap.licdn.com 'unsafe-eval' 'unsafe-inline' ; img-src data: https: http: ; frame-src www.mcdonalds.fr *.brig.ht *.youtube-nocookie.com *.youtube.com *.twitter.com mcdonalds-operations.fr *.mcdonalds-operations.fr *.abtasty.com *.doubleclick.net googletagmanager.com analytics.google.com *.analytics.google.com snap.licdn.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.unpri.org; 1
frame-ancestors 'self' https://ton.org; 1
default-src 'self' my.gov.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.youtube.com s.ytimg.com assets.adobedtm.com dynatrace.humanservices.gov.au; connect-src blob: 'self' adobedc.demdex.net docs.apigw.my.gov.au edge.adobedc.net *.my.gov.au my.gov.au mygov-dls-bff.apps.openshift-prod1-dca1.csda.gov.au mygov-dls-bff.apps.openshift-prod1-dcb1.csda.gov.au swift.csda.gov.au stats.g.doubleclick.net www.google-analytics.com dynatrace.humanservices.gov.au *.dynamsoft.com https://127.0.0.1:* ws://127.0.0.1:* wss://127.0.0.1:* data: cdn.jsdelivr.net w3.org/svg/2000; img-src 'self' data: blob: stats.g.doubleclick.net swift.csda.gov.au www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; object-src 'self' blob: swift.csda.gov.au; frame-src 'self' blob: bluey-webchat.azurewebsites.net my.gov.au *.my.gov.au swift.csda.gov.au www.youtube.com www.youtube-nocookie.com 1
frame-ancestors 'self' https://*.playerauctions.com 1
frame-ancestors https://nectec.or.th/ https://www.nectec.or.th/ http://xn--42ca0dg8qc.xn--12cfi8ixb8l.xn--o3cw4h/ http://xn--42ca0dg8qc.xn--o3cw4h/ 1
default-src 'self' https://*.oreillyauto.com https://*.firstcallonline.com https://*.foresee.com https://*.verint-cdn.com; img-src 'self' data: https://*.firstcallonline.com https://*.oreillyauto.com https://*.foresee.com https://*.verint-cdn.com https://*.google-analytics.com https://www.google.com https://*.zmags.com https://*.browser-update.org https://maps.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net https://lpcdn.lpsnmedia.net https://*.youtube.com https://*.ytimg.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.firstcallonline.com https://*.oreillyauto.com https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.foresee.com https://*.verint-cdn.com https://secure.api.viewer.zmags.com https://online.finance.vyze.com https://stats.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.zmags.com https://*.liveperson.net https://*.lpsnmedia.net https://*.youtube.com https://*.ytimg.com https://*.directcapital.com; font-src data: https://*.firstcallonline.com https://*.oreillyauto.com https://fonts.gstatic.com https://*.foresee.com https://*.verint-cdn.com; style-src 'self' 'unsafe-inline' https://*.firstcallonline.com https://tagmanager.google.com https://*.googletagmanager.com https://*.foresee.com https://*.verint-cdn.com https://fonts.googleapis.com https://*.googleapis.com; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://*.foresee.com https://*.verint-cdn.com wss://*.foresee.com wss://*.verint-cdn.com https://*.zmags.com https://*.vyze.com https://*.firstcallonline.com https://stats.g.doubleclick.net wss://va.msg.liveperson.net https://*.objectstorage.liveperson.net https://*.directcapital.com https://cms.firstcallonline.com; worker-src 'self' blob: https://*.firstcallonline.com https://*.oreillyauto.com; frame-src 'self' https://*.zmags.com https://*.liveperson.net https://*.lpsnmedia.net https://images.firstcallonline.com https://*.youtube.com https://*.foresee.com https://*.verint-cdn.com; child-src 'self'; frame-ancestors 'self'; media-src 'self' https://lpcdn.lpsnmedia.net; 1
default-src 'self';style-src 'self' https://*.indiainfoline.com https://fonts.googleapis.com https://toolassets.haptikapi.com 'unsafe-inline';script-src 'self' https://static.site24x7rum.in https://*.indiainfoline.com https://websdk.appsflyer.com https://www.googletagmanager.com https://www.google-analytics.com https://static.ads-twitter.com https://snap.licdn.com https://connect.facebook.net https://toolassets.haptikapi.com https://cdn.mouseflow.com https://ciwss.com 'unsafe-inline';img-src 'self' https://*.indiainfoline.com https://deviserve.z10.web.core.windows.net https://storage.googleapis.com https://i.ytimg.com https://px.ads.linkedin.com https://prod-iifl-assets.storage.googleapis.com https://www.facebook.com https://haptikappimg.haptikapi.com https://www.google-analytics.com https://www.google.co.in data: https://analytics.twitter.com https://www.google.com https://www.google.com/ads/ga-audiences https://t.co/i/adsct;connect-src 'self' https://*.indiainfoline.com https://www.google-analytics.com https://px.ads.linkedin.com https://col.site24x7rum.in https://analytics.google.com https://stats.g.doubleclick.net https://iifl.haptikapi.com https://*.iifl.in https://broking-uat-westindia-apigateway.azure-api.net;frame-src 'self' https://td.doubleclick.net/;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors 'self' stc.marketing.adobe.com *.decibelinsight.net *.decibelinsight.com *.engagingnetworks.net 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.it https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.it https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.it;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.it  https://smetrics.vwfs.it https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.it;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.it https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.it https://smetrics.vwfs.it https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.it http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
frame-ancestors 'self' https://syniverse.com https://www.syniverse.com 1
connect-src 'self' google.com *.google.com *.analytics.google.com *.google-analytics.com *.cookiebot.com *.doubleclick.net *.omappapi.com pagesense-collect.zoho.eu www.google-analytics.com fonts.googleapis.com https://*.googletagmanager.com analytics.limesurvey.org salesiq.zohopublic.eu wss://vts.zohopublic.eu; default-src 'self' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.limesurvey.org www.youtube.com frontend.pay1.de www.google.com kiwiirc.com limesurvey.org; font-src 'self' *.zohocdn.com *.typekit.net https://tagmanager.google.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com projectfiles.limesurvey.org github.com; style-src 'unsafe-inline' *.zohocdn.com *.zohopublic.eu heapanalytics.com https://tagmanager.google.com fonts.googleapis.com https://www.googletagmanager.com 'self' maxcdn.bootstrapcdn.com projectfiles.limesurvey.org ajax.googleapis.com www.google.com; form-action 'self' https://authentication.cardinalcommerce.com https://*.six-payment-services.com https://*.securesuite.co.uk https://*.cic.fr https://*.arcot.com www.paypal.com survey.limesurvey.org; frame-ancestors 'self' *.limesurvey.org; img-src 'self' https://*.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com data: *; manifest-src 'self'; media-src 'self' *.zohocdn.com; script-src 'self' *.zohopublic.eu https://privacy.cortina-consult.com https://maillist-manage.eu https://*.zoho.eu https://*.zohocdn.com https://*.limesurvey.org googleads.g.doubleclick.net https://googleads.g.doubleclick.net data: https://tagmanager.google.com https://heapanalytics.com https://*.pagesense.io https://*.omappapi.com https://*.hotjar.com https://*.heapanalytics.com https://*.cookiebot.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com secure.pay1.de projectfiles.limesurvey.org www.google.com www.google-analytics.com appscdn.joomla.org; frame-src *.zohopublic.eu https://*.hotjar.com https://*.cookiebot.com https://*.visa.com https://authentication.cardinalcommerce.com 3dsecure.icscards.nl https://*.pay1.de docs.google.com https://td.doubleclick.net 'self' download.limesurvey.org kiwiirc.com www.youtube.com limesurvey.org secure.pay1.de; object-src 'self'; report-uri https://www.limesurvey.org/violation.php; 1
default-src 'self' fonts.gstatic.com *.helpcrunch.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' *; font-src 'self' fonts.gstatic.com *.helpcrunch.com *.seranking.com data: *; connect-src *; base-uri 'self'; worker-src *; manifest-src 'none'; media-src 'self'; img-src 'self' data: *; object-src 'self'; frame-src 'self' *; form-action 'self' *.seranking.com *.facebook.com *.hsforms.com *.highcharts.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data:; frame-src 'self' https://www.youtube.com/embed/qYp89jjpv4M; style-src 'self' 'unsafe-inline' data:; img-src 'self' data: https://*.usom.gov.tr;script-src 'self' 'unsafe-inline' 'unsafe-eval';media-src 'self' https://*.usom.gov.tr https://*.siberyildiz.com 1
default-src 'self' *.reutersevents.com https://cdn.permutive.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.googletagmanager.com http://www.w3.org https://player.vimeo.com *.swapcard.com https://fonts.gstatic.com https://cdnjs.cloudflare.com 1
script-src *.braintreegateway.com *.abtasty.com https://www.paypalobjects.com/muse/muse.js *.addrexx10.com addrexx11.com xxredda.s3.amazonaws.com *.kaptcha.com *.paypal.com *cdn.pricespider.com *embeddedcloud.pricespider.com *embeddedcloud.pricespider.com/ *omni.pricespider.com *wtbng.pricespider.com *wtbstream.pricespider.com *.tiktok.com *.affirm.com *.adsrvr.org *.ajax.googleapis.com *.bazaarvoice.com *.upsellit.com *.attn.tv *.betrad.com *.bigcommerce.com *.cloudfront.net *.cookielaw.org api.ipify.org *.entrust.net *.getshogun.com *.google-analytics.com *.klaviyo.com *.facebook.net *.googletagmanager.com *.pricespider.com *.pypestream.com ajax.googleapis.com cdn.ravenjs.com code.jquery.com gateway.zscalertwo.net geolocation.onetrust.com getshogun-cache-production.s3.amazonaws.com h.online-metrix.net js.agkn.com m.addthis.com m.addthisedge.com optanon.blob.core.windows.net optimize.google.com s.ytimg.com s7.addthis.com script.crazyegg.com tagmanager.google.com *.youtube.com *.google.com *.gstatic.com z.moatads.com cdn11.bigcommerce.com optimize.google.com fonts.googleapis.com *.agkn.com *.akamaihd.net *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.googletagmanager.com *.privy.com  *.media-amazon.com *.moatads.com *.mybigcommerce.com *.adsrvr.org *.agkn.com *.bigcommerce.com *.agkn.com *.segment.com *.lytics.io *.lightboxcdn.com *.bazaarvoice https://mpsnare.iesnare.com/snare.js lightboxapi.azurewebsites.net lightboxapitest.azurewebsites.net sc-static.net https://pghub.io/js/pandg-sdk.js *.mapbox.com  *.minibc.com *.cloudflare.com *.impactcdn.com 'self' 'unsafe-inline' 'unsafe-eval' blob:; 1
frame-src 'self' www.google.com/recaptcha/api2/ vars.hotjar.com *.hotjar.io api.razorpay.com/v1/checkout/public intercom-sheets.com www.google.com/maps/embed/v1/place *.doubleclick.net; frame-ancestors https://tracxn.com https://platform.tracxn.com 1
default-src https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://v2.zopim.com https://ekr.zdassets.com https://stats.g.doubleclick.net https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *  https://*.google-analytics.com *.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://api.mapbox.com wss://widget-mediator.zopim.com https://eucs5.klevu.com https://stats.klevu.com https://fonts.googleapis.com https://static.zdassets.com https://ekr.zdassets.com wss://*.zopim.com https://www.better.org.uk https://www.tag4arm.com https://vc.hotjar.io https://in.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ekr.zdassets.com/compose/zopim_chat/2rIpBkS7T2wycdNchPW1IDU6Q9werhJj https://fonts.googleapis.com ; img-src * 'self' data: https://*.google-analytics.com https://*.g.doubleclick.net https://*.cloudinary.com/* https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://api.mapbox.com; script-src:  https://*.googletagmanager.com 1
worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googlecommerce.com *.googleadservices.com *.braintreegateway.com *.googleapis.com *.cloudflare.com *.planetart.com *.newrelic.com *.twitter.com *.ads-twitter.com *.facebook.net *.adroll.com *.livechatinc.com cdn.brcdn.com www.paypalobjects.com *.brsrvr.com *.nr-data.net *.pcrl.co *.picreel.com *.bing.com *.extole.com *.yimg.com *.yahoo.com *.sharethis.com *.amazonaws.com *.rubiconproject.com *.doubleclick.net *.ups-mi.net *.pinterest.com *.paypal.com *.tellapal.com *.momsaffiliate.com *.emjcd.com *.shareasale.com t.co *.locker2.com *.adxcel-ec2.com *.gstatic.com *.steelhousemedia.com www.googletagmanager.com pixel.cdnwidget.com snap.licdn.com px.ads.linkedin.com *.tvsquared.com unpkg.com d39517acq78dhc.cloudfront.net js.braintreegateway.com *.cardinalcommerce.com *.dca0.com d.adroll.mgr.consensu.org *.ccdc02.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.casalemedia.com *.advertising.com www.clickcease.com cdn.levelaccess.net *.mail.simplytoimpress.com *.mail.simplytoimpress.co.uk *.mail.canvasworld.com *.mail.photoaffections.com *.mail.mycustomcase.com *.eml.legacylane.com *.eml.parkerandpip.com *.eml.gifts.com track.cordial.io *.personalcreations.com tags.tiqcdn.com use.typekit.net dpm.demdex.net www.lightboxcdn.com t.channeladvisor.com tag.bounceexchange.com s.pinimg.com assets.bounceexchange.com api.bounceexchange.com cdn.staticfile.org *.cj.com a.omappapi.com analytics.tiktok.com lightboxapi.azurewebsites.net cdn.attn.tv *.afterpay.com *.mountain.com *.nextdoor.com utt.impactcdn.com *.sjv.io *.clarity.ms d.impactradius-event.com tags.crwdcntrl.net *.rokt.com cdn.cookielaw.org *.iseeme.com *.bookofus.com *.vimeo.com *.vimeocdn.com https://*.kaptcha.com *.niceincontact.com d2zm0lpns956f8.cloudfront.net websdk.appsflyer.com *.bazaarvoice.com mpsnare.iesnare.com *.appsflyer.com shop.pe mapi.gifts.com metrics.simplytoimpress.com metrics.photoaffections.com metrics.canvasworld.com metrics.mycustomcase.com metrics.simplytoimpress.co.uk metrics.parkerandpip.com metrics.legacylane.com metrics2.gifts.com cdn.photoaffections.com;frame-ancestors 'self' https://www.photoaffections.com;object-src 'self' https://www.photoaffections.com;upgrade-insecure-requests 1
default-src 'self' https://try.abtasty.com; connect-src *; font-src *; img-src data: blob: *; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *; frame-src *; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.linkedin.oribi.io ad.doubleclick.net www.everestjs.net *.adobedtm.com *.facebook.net *.ads-twitter.com *.twitter.com *.googleapis.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net stats.g.doubleclick.net *.cloudflare.com *.licdn.com *.yesbank.in *.tt.omtrdc.net *.oraclecloud.com *.demdex.net *.gstatic.com *.azurewebsites.net *.google.com *.ampproject.org *.googletagmanager.com *.akstat.io *.go-mpulse.net *.googleusercontent.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.azurewebsites.net *.yesbank.in *.oraclecloud.com *.yesbank.in *.bootstrapcdn.com *.google.com *.googleapis.com; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com unpkg.com www.googletagmanager.com www.googleadservices.com *.hotjar.com load.sumo.com static.ads-twitter.com snap.licdn.com connect.facebook.net js.hs-scripts.com v2.zopim.com pulsate.agilecrm.com api.bufferapp.com graph.facebook.com api.facebook.com widgets.pinterest.com reddit.com www.reddit.com js.hsadspixel.net js.hs-banner.com js.hs-analytics.net static.zdassets.com googleads.g.doubleclick.net *.google.com *.gstatic.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.datatables.net *.azurewebsites.net api.massrelevance.com https://tags.srv.stackadapt.com/events.js https://tags.srv.stackadapt.com/sa.css; font-src 'self' fonts.gstatic.com; img-src 'self' data: images.unsplash.com source.unsplash.com www.google.co.in my.tealiumiq.com collect.tealiumiq.com www.google.de assets-us-01.kc-usercontent.com preview-assets-us-01.kc-usercontent.com *.kc-usercontent.com www.facebook.com t.co www.google-analytics.com www.google.com www.google.co.uk i.ytimg.com maps.gstatic.com maps.googleapis.com images.ctfassets.net lamama.org api.massrelevance.com *.instagram.com *.cdninstagram.com pbs.twimg.com massrel-pub.a.ssl.fastly.net *.fbcdn.net *.linkedin.com p.adsymptotic.com consent.trustarc.com consent-pref.trustarc.com analytics.twitter.com https://www.redditstatic.com/ads/pixel.js https://alb.reddit.com/rp.gif?ts=1710227305641&id=a2_dzq3gijugocs&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=d083d438-c336-4aac-b6f5-a8f59500795c&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1280&sw=720&v=rdt_c9439d84&dpm=&dpcc=&dprc= https://tags.srv.stackadapt.com/sa.jpeg https://*.mypurecloud.com https://*.use1.pure.cloud;; frame-src www.youtube.com share.transistor.fm www.facebook.com consent-pref.trustarc.com analytics.twitter.com https://apps.mypurecloud.com/ https://fast.wistia.net/; script-src 'unsafe-eval' 'self' 'unsafe-inline' tags.tiqcdn.com tags-eu.tiqcdn.com my.tealiumiq.com collect.tealiumiq.com connect.facebook.net analytics.twitter.com static.ads-twitter.com www.googletagmanager.com www.google-analytics.com www.youtube.com s.ytimg.com maps.googleapis.com *.search.windows.net cdn.datatables.net cdnjs.cloudflare.com unpkg.com www.elanco.com api.massrelevance.com snap.licdn.com/li.lms-analytics/insight.min.js static.doubleclick.net googleads.g.doubleclick.net snap.licdn.com/li.lms-analytics/insight.old.min.js consent.truste.com consent.trustarc.com elanco.com consent-pref.trustarc.com https://apps.mypurecloud.com/ https://dhqbrvplips7x.cloudfront.net https://tags.srv.stackadapt.com/events.js https://www.redditstatic.com/ads/pixel.js https://*.nr-data.net https://*.newrelic.com https://*.mypurecloud.com https://*.use1.pure.cloud;; connect-src cdn.linkedin.oribi.io *.search.windows.net *.azurewebsites.net www.elanco.com elanco.com collect.tealiumiq.com api.massrelevance.com https://region1.google-analytics.com/ *.tealiumiq.com www.google-analytics.com stats.g.doubleclick.net analytics.twitter.com www.facebook.com maps.googleapis.com https://tags.srv.stackadapt.com/events.js https://www.redditstatic.com/ads/pixel.js https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_dzq3gijugocs_telemetry https://conversions-config.reddit.com/v1/pixel/error https://tags.srv.stackadapt.com/sa.jpeg https://tags.srv.stackadapt.com/saq_pxl?uid=b2iYRisW-kjQzKqpafMX3w&is_js=true&landing_url=https%3A%2F%2Fdev-elanco-web.azurewebsites.net%2Fen-ca&t=Elanco%20%7C%20Products%20and%20Solutions%20to%20Enhance%20Animal%20Health&tip=Qq7l-6MfR-sAtxDDH32G23GUojqkPOtCKOzpGaIBTVA&host=https%3A%2F%2Fdev-elanco-web.azurewebsites.net&sa_conv_data_css_value=&sa_conv_data_image_value=&sa-user-id-v2=s%253Ahv2aWF69WPh-WQXRTQoXLhRIu3g.glBNednZXi0nszh7xipzPbjWm2uFlwRpV0lzQR7Kua4&sa-user-id=s%253A0-86fd9a58-5ebd-58f8-7e59-05d14d0a172e.SxVoYzTnyK2eyTq2qTEYcgHjalhaoM5jPe80X5iBrAQ&sa-user-id-v3=s%253AAQAKIHozaPG8LBW8iMLSUKn4hZLhqULe2XRikp-F_hpVX0d_EHwYBCDp_r-vBjABOgRCSa5nQgQp9poF.4Gfr5EBEGktPeDGxRhVc1vxH3QONPQqsA74qJj03s6M https://tags.srv.stackadapt.com/js_tracking?url=https%3A%2F%2Fdev-elanco-web.azurewebsites.net%2Fen-ca&uid=b2iYRisW-kjQzKqpafMX3w&v=1&host=https%3A%2F%2Fdev-elanco-web.azurewebsites.net https://*.nr-data.net https://shyrka-prod.s3.amazonaws.com https://*.newrelic.com https://*.mypurecloud.com https://*.use1.pure.cloud wss://*.mypurecloud.com wss://*.use1.pure.cloud;; media-src https://*.mypurecloud.com https://*.use1.pure.cloud;; object-src https://*.mypurecloud.com https://*.use1.pure.cloud;; child-src https://*.mypurecloud.com https://*.use1.pure.cloud; 1
upgrade-insecure-requests; frame-ancestors 'self' *.ibercajadirecto.com *.ibercaja.es; 1
frame-ancestors 'self' https://*.salt.ch; 1
default-src 'self'; connect-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; 1
default-src 'self'; img-src * data: blob:; media-src * data: blob:; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' 'inline-speculation-rules' *.thirdweb.com *.thirdweb-dev.com vercel.live js.stripe.com pg.paper.xyz portal.usecontext.io; connect-src * data: blob:; worker-src 'self' blob:; block-all-mixed-content; 1
default-src *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; font-src 'self' data:; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; worker-src blob: 'self'; 1
default-src 'self' *.juicyscore.ai *.juicyscore.com https://juicyscore.ai https://juicyscore.com https://score.juicyscore.com https://www.googletagmanager.com https://www.google-analytics.com https://a.omappapi.com https://*.google-analytics.com https://analytics.twitter.com https://*.omappapi.com https://t.co *.linkedin.oribi.io *.linkedin.com static.ads-twitter.com; style-src 'self' 'unsafe-inline' https://*.omappapi.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://juicyscore.ai https://juicyscore.com https://score.juicyscore.com https://static.ads-twitter.com https://www.googletagmanager.com https://www.google-analytics.com https://*.omappapi.com 1
script-src blob:  'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' * *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.flowplayer.org *.gstatic.com; img-src 'self' blob: data: *.interempresas.net *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.youtube.com *.gstatic.com *; connect-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.googlesyndication.com *.interempresas.net *.doubleclick.net *.youtube.com *.gstatic.com *.flowplayer.org *; object-src *.interempresas.net; media-src blob: * 1
default-src 'self' *.kk.dk; base-uri 'self'; child-src 'self' *.kk.dk *.23video.com *.video.kk.dk; connect-src 'self' *.kk.dk covid-19-kort.dk *.septima.dk id.siteimprove.com my2.siteimprove.com login.microsoftonline.com api.dataforsyningen.dk dawa.aws.dk jordarealdatageo.miljoeportal.dk b0902-prod-dist-app.azurewebsites.net www.kulturarv.dk geoserver.plandata.dk; font-src 'self' *.kk.dk *.septima.dk; form-action 'self' kbenhavns-kommune.clients.ubivox.com; frame-ancestors 'self' *.kk.dk; frame-src 'self' 'unsafe-eval' *.kk.dk *.video.kk.dk my2.siteimprove.com; img-src 'self' data: *.kk.dk *.testkkms.kk.dk covid-19-kort.dk services.datafordeler.dk *.septima.dk septima.dk *.tile.openstreetmap.org ssl.siteimprove.com 259887.global.siteimproveanalytics.io d3pwt2e2xz69mh.cloudfront.net cdn-recruiter.hr-manager.net kkkortdata.spatialsuite.dk jordarealdatageo.miljoeportal.dk b0902-prod-dist-app.azurewebsites.net www.kulturarv.dk; object-src 'self' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' siteimproveanalytics.com covid-19-kort.dk *.septima.dk septimamap.dk kbhkort.kk.dk epsg.io; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.kk.dk covid-19-kort.dk *.septima.dk; worker-src 'self' blob:; upgrade-insecure-requests 1
frame-ancestors https://app.gather.town https://www.imapbook.com https://imapbook.com https://meet.around.co https://meet.around.video https://meet.around.team https://meet.around.dev:3000 https://around.video https://around.co https://around.team https://around.dev:3000 1
default-src 'none'; base-uri 'self'; connect-src 'self' https://secure.helpscout.net https://api.ipify.org https://www.google-analytics.com https://www.google-analytics.com/collect https://www.googletagmanager.com https://script.google.com/ https://script.googleusercontent.com/ https://stats.g.doubleclick.net/ https://d3hb14vkzrxvla.cloudfront.net https://chatapi.helpscout.net/v2/beacon/ https://beaconapi.helpscout.net/v1/ https://rum-http-intake.logs.datadoghq.com/v1/input/ https://api.omise.co/ https://omise.co/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://graph.facebook.com; font-src 'self' data: https://assets.omise.co https://assets.staging-omise.co https://cdn.omise.co https://fonts.gstatic.com https://fonts.googleapis.com; form-action *; frame-ancestors https://www.googletagmanager.com/ https://www.google.com/ https://assets-cdn.omise.co/ https://cdn.omise.co/ https://vault.omise.co/ https://www.youtube.com/ https://stackedit.io/; frame-src https://www.googletagmanager.com/ https://www.google.com/ https://omisepayment.typeform.com/ https://form.typeform.com/ https://cdn.omise.co/ https://assets-cdn.omise.co/ https://vault.omise.co/ https://www.youtube.com/ https://stackedit.io/ https://www.facebook.com/; img-src data: *; media-src 'self'; object-src 'self' https://assets-cdn.omise.co/ https://cdn.omise.co/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.omise.co https://assets-cdn.omise.co https://assets.staging-omise.co https://cdn.omise.co https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://www.gstatic.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net/ https://d3hb14vkzrxvla.cloudfront.net https://s.yimg.jp/ https://b91.yahoo.co.jp https://b97.yahoo.co.jp https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://px.ads.linkedin.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net/v1/ https://chatapi.helpscout.net/v2/beacon/ https://s.yimg.jp/images/listing/tool/cv/conversion.js https://embed.typeform.com/embed.js https://www.datadoghq-browser-agent.com/ https://js.hs-analytics.net/ https://js.hs-banner.com/; style-src 'self' 'unsafe-inline' https://assets.omise.co https://assets-cdn.omise.co https://assets.staging-omise.co https://cdn.omise.co https://djtflbt20bdde.cloudfront.net https://fonts.googleapis.com https://tagmanager.google.com 1
frame-ancestors 'self' https://bd.nl https://ed.nl https://tubantia.nl https://bndestem.nl https://pzc.nl https://destentor.nl https://gelderlander.nl https://ad.nl https://*.bd.nl https://*.ed.nl https://*.tubantia.nl https://*.bndestem.nl https://*.pzc.nl https://*.destentor.nl https://*.gelderlander.nl https://*.ad.nl https://aagje.info https://*.aagje.info https://*.van-ons.nl https://nlinde-budenovka.savviihq.com https://indebuurt.nl https://*.indebuurt.nl 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.poshmark.com *.goshd.com *.google.com *.google.co.in *.google.com.au *.google.ca *.googlesyndication.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googletagservices.com *.googleapis.com *.adyen.com *.braintreegateway.com *.paypal.com *.affirm.com *.hrzn-nxt.com *.twitter.com *.doubleclick.net *.simpli.fi *.clarity.ms *.moengage.com *.fullstory.com *.paylution.com poshmark.com adservice.google.com googletagmanager.com googletagservices.com checkout.razorpay.com www.paypalobjects.com appleid.cdn-apple.com tr.snapchat.com apps.rokt.com ci-mpsnare.iovation.com analytics.tiktok.com cdnjs.cloudflare.com e1.emxdgt.com cdn.siftscience.com bat.bing.com connect.facebook.net static.ads-twitter.com s.pinimg.com mpsnare.iesnare.com sc-static.net s.yimg.com d16xcrk5tx03ko.cloudfront.net dcwmmvz7ncr6t.cloudfront.net d2gjrq7hs8he14.cloudfront.net cdn.ampproject.org; connect-src 'self' data: wss://*.agora.io:*/ wss://*.sd-rtn.com:*/ *.agora.io *.sd-rtn.com *.poshmark.com *.goshd.com *.google.com *.google.com.au *.google.ca *.google.co.in *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.braintreegateway.com *.braintree-api.com *.razorpay.com *.paypal.com *.affirm.com *.adyen.com *.clarity.ms *.doubleclick.net *.snapchat.com *.facebook.com *.fullstory.com *.hrzn-nxt.com *.moengage.com *.paylution.com poshmark.com google.com googletagmanager.com mpsnare.iesnare.com advertisecast-108-adswizz.attribution.adswizz.com pixel.pointmediatracker.com rum-http-intake.logs.datadoghq.com api.greenhouse.io bat.bing.com connect.facebook.net analytics.tiktok.com s.yimg.com ct.pinterest.com d16xcrk5tx03ko.cloudfront.net dcwmmvz7ncr6t.cloudfront.net d2gjrq7hs8he14.cloudfront.net di2ponv0v5otw.cloudfront.net d2zlsagv0ouax1.cloudfront.net dtpmhvbsmffsz.cloudfront.net d1g0nxoa63qf2e.cloudfront.net dkfv87wda2om8.cloudfront.net d1t95xi9gz2nz7.cloudfront.net d8hs5twu0hcep.cloudfront.net d2vdl8n62y555t.cloudfront.net bulk-post-action-input-poshmark-prod.s3.us-west-2.amazonaws.com bulk-post-action-output-poshmark-prod.s3.us-west-2.amazonaws.com bulk-post-action-template-poshmark-prod.s3.amazonaws.com *.naver.com *.navercorp.com wss://*.naver.com *.googleadservices.com; frame-ancestors https://poshmark.lightning.force.com; report-uri https://poshmark.report-uri.com/r/t/csp/enforce 1
default-src 'none'; media-src https://d10lpsik1i8c69.cloudfront.net; worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://trackcmp.net https://prism.app-us1.com https://diffuser-cdn.app-us1.com https://www.youtube.com https://www.googleoptimize.com https://uimarketpro.com https://static-prod.uberall.com/ https://uberall.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://d10lpsik1i8c69.cloudfront.net https://www.google.com https://www.gstatic.com https://panel.acens.net https://*.searchcdn.com https://addsearch.com https://s0.2mdn.net https://connect.facebook.net https://code.jquery.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://scripts.isl.teledemos.net https://www.googletagmanager.com https://*.adform.net; connect-src 'self' https://www.google.com https://*.googlesyndication.com https://googleads.g.doubleclick.net https://geolocation.onetrust.com https://pubsub.googleapis.com https://uberall.com https://privacyportal-eu.onetrust.com https://cdn.cookielaw.org https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net wss://visitors.live wss://in.visitors.live https://settings.luckyorange.net https://yoast.com; img-src 'self' data: https://i.ytimg.com https://www.googletagmanager.com https://static-prod.uberall.com http://www.acens.com https://*.acens.com https://panel.acens.net https://cdn.cookielaw.org https://img.youtube.com https://secure.adnxs.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net https://*.entelgystats.com https://stats.sec.telefonica.com https://ajax.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://static.acens.com https://*.cloudfront.net https://app.addsearch.com https://ajax.googleapis.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.acens.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://centrodedatos.com/ https://td.doubleclick.net/ https://www.google.com https://www.facebook.com/ https://www.youtube.com/; manifest-src 'self'; 1
frame-ancestors *.diffen.com 1
default-src https://player.vimeo.com docs.google.com splash-screen.net https://optimize.google.com https://www.splash-screen.net support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com optimize.google.com stats.g.doubleclick.net cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com ads-twitter.com https://www.clarity.ms www.ratatu.pl https://bat.bing.com calendar.google.com analytics.twitter.com widget.user.com https://api.ehoundplatform.com https://privacyportal-fr.onetrust.com https://vimeo.com googleads.g.doubleclick.net play.google.com developers.google.com qtank.salesmore.pl apis.google.com 'self'; font-src https://leads.sandboxbnpparibas.pl docs.google.com https://themes.googleusercontent.com/ fonts.googleapis.com prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl support.google.com policies.google.com www.ratatu.pl calendar.google.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net https://fonts.gstatic.com play.google.com developers.google.com themes.googleusercontent.com cse.google.com maps.google.com www.google.com apis.google.com https://9274211.fls.doubleclick.net 'self'; style-src docs.google.com support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com https://www.s.ytimg.com privacyportal.onetrust.com https://www.gstatic.com cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://fonts.googleapis.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://tagmanager.google.com https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com www.googleapis.com www.ratatu.pl calendar.google.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net play.google.com developers.google.com https://skk.erecruiter.pl apis.google.com https://www.ytimg.com 'self' 'nonce-JeeFzlOzerooRddoPY+n6g=='; img-src docs.google.com https://optimize.google.com https://img.youtube.com https://www.facebook.com https://cdn.cookielaw.org https://pixel.wp.pl policies.google.com https://cm.g.doubleclick.net https://www.ssl.gstatic.com stats.g.doubleclick.net maps.google.com www.google.com www.gstatic.com bcp.crwdcntrl.net https://9274211.fls.doubleclick.net www.google-analytics.com www.0.s-nk.pl https://leads.sandboxbnpparibas.pl fonts.googleapis.com leads.sandboxbnpparibas.pl ajax.googleapis.com https://www.i1.ytimg.com bnp-paribas.user.com ads-twitter.com https://www.clarity.ms www.ratatu.pl https://www.googleapis.com widget.user.com https://ade.googlesyndication.com googleads.g.doubleclick.net developers.google.com https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com support.google.com https://ib.adnxs.com https://dot.wp.pl region1.google-analytics.com https://i.ytimg.com googleapis.com https://googleads.g.doubleclick.net maps.googleapis.com https://www.google-analytics.com/ https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com cse.google.com https://www.emplocity.com https://tbl.tradedoubler.com clients1.google.com https://ad.doubleclick.net prospectleads.bnpparibas.pl https://geolocation.onetrust.com www.linkedin.com region1.analytics.google.com https://s1.2mdn.net https://bat.bing.com calendar.google.com https://www.google.pl analytics.twitter.com https://sp.analytics.yahoo.com https://api.ehoundplatform.com https://maps.gstatic.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com play.google.com apis.google.com www.passets.pinimg.com 'self'; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com docs.google.com https://www.linkedin.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com support.google.com policies.google.com stats.g.doubleclick.net https://platform.linkedin.com cse.google.com maps.google.com www.google.com static.ak.facebook.com https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl www.facebook.com prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net www.ratatu.pl https://accounts.google.com calendar.google.com widget.user.com https://api.ehoundplatform.com https://vimeo.com googleads.g.doubleclick.net play.google.com https://web.facebook.com developers.google.com apis.google.com 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://optimize.google.com https://app.ehoundplatform.com https://cdn.cookielaw.org https://pixel.wp.pl https://www.ssl.gstatic.com https://platform.linkedin.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net www.assets.pinterest.com https://www.youtube.com https://9274211.fls.doubleclick.net www.google-analytics.com www.0.s-nk.pl https://leads.sandboxbnpparibas.pl https://www.google.com https://cse.google.com fonts.googleapis.com leads.sandboxbnpparibas.pl ajax.googleapis.com bnp-paribas.user.com ads-twitter.com https://partner.googleadservices.com https://www.clarity.ms www.cdn.api.twitter.com www.ratatu.pl https://www.googleapis.com www.platform.linkedin.com www.static.ak.facebook.com widget.user.com https://apis.google.com https://skk.erecruiter.pl https://emplocity.com https://px.wp.pl splash-screen.net https://www.googleadservices.com https://www.s-static.ak.facebook.com https://www.splash-screen.net https://www.oauth.googleusercontent.com https://maps.googleapis.com https://www.s.ytimg.com googleapis.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net maps.googleapis.com privacyportal.onetrust.com https://maps.google.com www.googletagmanager.com https://cdn.jsdelivr.net clients1.google.com https://ad.doubleclick.net https://connect.facebook.net prospectleads.bnpparibas.pl https://tagmanager.google.com https://geolocation.onetrust.com https://leads.sanboxbnpparibas.pl http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bat.bing.com https://www.bnpparibas.pl https://www.google.pl analytics.twitter.com https://api.ehoundplatform.com https://maps.gstatic.com https://vimeo.com https://developers.google.com https://prospectleads.bnpparibas.pl player.vimeo.com https://www.google-analytics.com analytics.google.com www.platform.twitter.com https://www.apis.google.com 'self' 'unsafe-eval' 'nonce-JeeFzlOzerooRddoPY+n6g==' 'strict-dynamic'; object-src docs.google.com https://stats.g.doubleclick.net support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com stats.g.doubleclick.net cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://www.youtube.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com www.ratatu.pl https://bat.bing.com calendar.google.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net play.google.com developers.google.com apis.google.com; connect-src https://emplocity.com docs.google.com https://pagead2.googlesyndication.com https://v.clarity.ms https://www.splash-screen.net https://www.facebook.com support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com region1.google-analytics.com stats.g.doubleclick.net cf.bnpparibas.pl https://app.userengage.com wss://bnp-paribas.user.com www.googletagmanager.com cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://www.youtube.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com ads-twitter.com region1.analytics.google.com www.splash-screen.net https://www.clarity.ms www.ratatu.pl https://bat.bing.com calendar.google.com analytics.twitter.com https://www.google.pl widget.user.com https://y.clarity.ms https://api.ehoundplatform.com https://privacyportal-fr.onetrust.com https://vimeo.com googleads.g.doubleclick.net play.google.com developers.google.com https://www.google-analytics.com analytics.google.com qtank.salesmore.pl apis.google.com https://csp.withgoogle.com 'self'; form-action 'self'; report-to csp-endpoint 1
default-src 'self' https://*.unicatt.it https://*.adobe.com https://*.cookielaw.org https://*.cookiepro.com https://documentservices.adobe.com https://errors.adobeamcloud.com/ https://documentcloud.adobe.com https://viewlicense.adobe.io https://acsbapp.com https://*.onetrust.com https://*.spreaker.com https://*.linkedin.oribi.io https://*.youtube-nocookie.com https://*.adform.net https://*.panopto.eu https://*.linkedin.com https://*.licdn.com https://*.doubleclick.net https://*.instagram.com https://*.youtube.com https://*.googleapis.com https://*.joomag.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.it https://*.gstatic.com https://*.twitter.com https://*.twimg.com https://*.fbcdn.net https://*.quantserve.com https://*.issuu.com https://*.dwcdn.net https://*.spotify.com https://*.ingvq.org https://*.googleadservices.com https://*.googletagmanager.com https://*.bing.com https://*.youtu.be https://*.acsbapp.com https://*.onetrust.io https://player.vimeo.com/ https://unicattolica.tfaforms.net https://fonts.gstatic.com/ https://applets.ebxcdn.com; worker-src blob:; script-src-elem 'self' https://acrobatservices.adobe.com https://*.unicatt.it https://code.jquery.com/ https://documentcloud.adobe.com https://documentservices.adobe.com https://errors.adobeamcloud.com/ https://viewlicense.adobe.io https://*.instagram.com https://www.unicatt.it.seg.js/ https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://npmcdn.com/ https://*.jsdelivr.net/ https://*.quantserve.com https://*.quancount.com https://*.googleapis.com https://*.linkedin.com https://*.googletagmanager.com https://*.licdn.com https://*.doubleclick.net https://*.facebook.net https://*.facebook.com  https://*.google-analytics.com https://*.twitter.com https://cdn.syndication.twimg.com https://*.spreaker.com https://*.google.it https://*.google.com https://*.gstatic.com https://*.youtube.com https://*.bing.com https://*.googleadservices.com https://*.virtualearth.net https://*.adform.net https://acsbapp.com https://*.onetrust.io https://unicattolica.tfaforms.net https://applets.ebxcdn.com https://fonts.gstatic.com/ 'unsafe-inline' blob:; script-src 'self' https://*.unicatt.it https://*.cookielaw.org https://errors.adobeamcloud.com/ https://documentcloud.adobe.com https://viewlicense.adobe.io https://*.cookiepro.com https://*.onetrust.com https://www.unicatt.it.seg.js/ https://*.google.it https://npmcdn.com/ https://*.jsdelivr.net/ https://*.quantserve.com https://*.quancount.com https://*.googleapis.com https://*.linkedin.com https://*.googletagmanager.com https://*.licdn.com https://*.doubleclick.net https://*.facebook.net https://*.facebook.com  https://*.google-analytics.com https://*.twitter.com https://cdn.syndication.twimg.com https://*.spreaker.com https://*.google.com https://*.gstatic.com https://*.youtube.com https://*.bing.com https://*.googleadservices.com https://*.virtualearth.net https://*.adform.net https://acsbapp.com https://*.onetrust.io https://unicattolica.tfaforms.net https://applets.ebxcdn.com https://fonts.gstatic.com/ 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src 'self' https://*.unicatt.it https://errors.adobeamcloud.com/ https://fonts.googleapis.com https://applets.ebxcdn.com https://*.twimg.com https://code.jquery.com/ https://*.twitter.com https://*.bing.com https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://fonts.gstatic.com/ 'unsafe-inline' 'unsafe-hashes'; img-src * data:; font-src 'self' https://static.unicatt.it https://acsbapp.com/ https://*.acsbapp.com/ https://*.cookielaw.org https://*.cookiepro.com https://*.onetrust.com https://applets.ebxcdn.com https://fonts.gstatic.com/ data:; 1
default-src 'self' liberapay.com;connect-src 'self' *.liberapay.org;form-action 'self';img-src * blob: data:;object-src 'none';upgrade-insecure-requests; 1
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com browser.events.data.microsoft.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com www.youtube-nocookie.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com github.githubassets.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 1
frame-ancestors 'self' https://www.onetrust.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.6sc.co *.adobe.com *.adobe.io *.adobeaemcloud.com *.adobedtm.com *.akamaihd.net *.amazonaws.com *.bing.com *.bizographics.com *.chargebee.com *.chargebeestatic.com *.cloudflare.com *.cookiebanners.com *.cookielaw.org *.crazyegg.com *.demdex.net *.driftt.com *.eloqua.com *.en25.com *.everestjs.net *.everesttech.net *.force.com *.g2.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googleleadservices.com *.googletagmanager.com *.greenhouse.io *.gstatic.com *.hsforms.com *.hsforms.net *.jquery.com *.licdn.com *.linkedin.com *.marketo.net *.mktorest.com *.omtrdc.net *.onetrust.com *.onetrust.ninja *.otprivacy.com *.platform.twitter.com *.salesforce.com *.salesforceliveagent.com *.twimg.com *.twitter.com unpkg.com *.wistia.com *.wistia.net *.youtube-nocookie.com fonts.google.com *.mktoweb.com *.day.com www.day.com *.mktoresp.com cdn.linkedin.oribi.io cm.everesttech.net *.adobeaemcloud.net *.litix.io *.tugboatlogic.com *.bizible.com *.bizibly.com *.scene7.com; media-src * blob:; worker-src * blob:; 1
frame-ancestors 'self' http://*.essilor.com https://*.essilor.com; 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ 1
upgrade-insecure-requests ; default-src 'none'; img-src 'self' https://*.apple.com https://*.mzstatic.com data:; style-src 'self' https://*.apple.com 'unsafe-inline'; font-src 'self' https://*.apple.com; media-src 'self' https://*.apple.com blob:; connect-src 'self' https://*.apple.com https://*.mzstatic.com; script-src 'self' https://*.apple.com 'unsafe-eval' 'sha256-4ywTGAe4rEpoHt8XkjbkdOWklMJ/1Py/x6b3/aGbtSQ=' blob:; frame-src 'self' https://*.apple.com itmss: itms-appss: itms-bookss: itms-itunesus: itms-messagess: itms-podcasts: itms-watchs: macappstores: musics: apple-musics: podcasts: videos:; 1
default-src 'self' https://us-west-1.cdn.h5p.com; connect-src 'self' https://us-west-1.cdn.h5p.com *.h5p.com https://h5p.zendesk.com/ https://ekr.zdassets.com/ https://checkout.stripe.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://multiplayerapi.h5p.com https://www.wiris.net/ https://api.h5p.org/v1/licenses/ vimeo.com/api/ wss://multiplayer-us-west-1.h5p.com hub-api.h5p.org https://*.google-analytics.com/ https://cdn.linkedin.oribi.io/partner/ https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; img-src * data: blob:; media-src * blob:; frame-src * blob:; object-src 'none'; child-src 'self' https://us-west-1.cdn.h5p.com blob: *.vimeo.com vimeo.com; script-src 'self' https://us-west-1.cdn.h5p.com 'unsafe-inline' 'unsafe-eval' blob: https://*.hotjar.com static.zdassets.com www.youtube.com gdata.youtube.com/feeds/api/ https://s.ytimg.com/yts/jsbin/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.stripe.com/v3/ https://checkout.stripe.com/ en.wikipedia.org/w/api.php api.flickr.com/services/rest/ soundcloud.com/oembed https://developers.panopto.com/ https://www.wiris.net/ https://polyfill.io/v3/ https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/ https://*.googletagmanager.com; style-src 'self' https://us-west-1.cdn.h5p.com 'unsafe-inline' https://checkout.stripe.com/ https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://*.hotjar.com https://www.wiris.net/; font-src 'self' https://us-west-1.cdn.h5p.com data: https://fonts.gstatic.com https://cdnjs.cloudflare.com/ https://*.hotjar.com https://www.wiris.net/; frame-ancestors 'none'; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com/tr/; font-src 'self'; frame-ancestors 'self' https://www.youtube-nocookie.com; frame-src 'self' https://www.youtube-nocookie.com https://www.facebook.com; form-action https://www.facebook.com/tr/; img-src 'self' data: https://static.devolksbank.nl https://devolksbank.imgix.net https://www.facebook.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://i.ytimg.com/vi/ https://www.facebook.com/tr/; manifest-src 'self'; script-src 'self' https://www.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1359765144453475 'sha256-oZF9T1PWM1N1iCJHp7/K1E2i5g/gFsTRoCZWCGLqSao=' 'sha256-Ox1hmngo3ksRqcjFloHVYamCQ1LWGZNru7dBt/8SH3A=' 'sha256-LPugrf/1WNtjKfPAG3N34z8q1LfZrwR+ZFCGduVYvQw=' 'sha256-A3FLUzI9D80O3iKob3Ugyrc9s33bKYVwKyDHLJwYwhA=' 'sha256-4KMiDrq0z6xQD6mCZxODCDtNxj89bcqZgMBjP4k9fUk=' 'sha256-B9Z1CTPhrrvywX12M6QKuNbk5hJJ4M0vbqS/ZPHa34o=' 'sha256-q6Gtn5DahqoF1uoUOOmGLiHfFjl9QmRpLlR81AbgUf4=' 'sha256-HBEUcQOkkAaEBNBKzU6zr9D9dfTMq5LonferbbDlpI4='; style-src 'self' 'sha256-mQ2fUfj1KdfzW99AvuuId7raZmtSNbR0nP5Q0XvZ9ns='; media-src 'self' https://static.devolksbank.nl; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-sclotusinnline' static.trunkpkg.com www.googletagmanager.com apis.google.com accounts.google.com *.mediacdn.vn *.vnpt.vn *.cdnchinhphu.vn *.cnnd.vn vscc-hosting.mediacdn.vn platform.twitter.com connect.facebook.net  www.google-analytics.com cdn.syndication.twimg.com *.sohatv.vn media1.admicro.vn chinhphu.vn *.chinhphu.vn *.admicro.vn contineljs.com *.contineljs.com *.genmonet.com genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn static.amcdn.vn deqik.com imasdk.googleapis.com ; child-src 'self' *.cnnd.vn *.mediacdn.vn *.vnpt.vn *.sohatv.vn sport5.vn sport5.cnnd.vn blob: *.admicro.vn *.youtube.com *.facebook.com *.twitter.com twitter.com *.youtu.be www.instagram.com instagram.com www.google-analytics.com apis.google.com accounts.google.com contineljs.com *.contineljs.com genmonet.com *.genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn ; form-action 'self' *.cnnd.vn syndication.twitter.com platform.twitter.com; object-src 'self'; media-src 'self' blob: *.sohatv.vn *.qltns.mediacdn.vn *.vnpt.vn *.cdnchinhphu.vn ; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.click4assistance.co.uk *.googletagmanager.com *.salesforce.com *.force.com *.universityofwestminster.my.site.com *.adform.net cdn.jsdelivr.net code.jquery.com https://cdnjs.cloudflare.com https://region-eu.libanswers.com https://unpkg.com https://v4in1-si.click4assistance.co.uk https://westminster.accessplanit.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.googleadservices.com *.google.com *.google.co.uk *.youtube.com *.facebook.com *.facebook.net *.hotjar.com snap.licdn.com *.tiktok.com *.quantserve.com *.quantcount.com *.doubleclick.net *.infinity-tracking.net *.infinity-tracking.com sc-static.net *.click4assistance.co.uk *.vimeo.com cdn.unibuddy.co *.accessplanit.com *.newrelic.com *.nr-data.net *.clarity.ms *.bing.com westminsterstudent.libanswers.com www.redditstatic.com tags.srv.stackadapt.com *.snapchat.com qvdt3feo.com *.salesforce.com *.salesforceliveagent.com *.force.com universityofwestminster.my.site.com *.adform.net cdn.jsdelivr.net code.jquery.com https://cdnjs.cloudflare.com https://region-eu.libanswers.com https://unpkg.com https://v4in1-si.click4assistance.co.uk https://westminster.accessplanit.com; style-src 'self' 'unsafe-inline' *.force.com universityofwestminster.my.site.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' tags.srv.stackadapt.com *.force.com universityofwestminster.my.site.com *.adform.net cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' *.universityofwestminster.my.site.com *.adform.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://api.eu1.exponea.com/js/exponea.min.js https://www.google-analytics.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://files.vr.fi https://api.tiles.mapbox.com https://cdn.jsdelivr.net/npm/chart.js@3.5.1 https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.0.0 https://cdn.jsdelivr.net/npm/chart.js@3.9.1 https://cdn.jsdelivr.net/npm/chartjs-plugin-datalabels@2.1.0 https://connect.facebook.net https://api.mapbox.com https://www.gstatic.com https://www.google.com https://googletagmanager.com https://tagmanager.google.com https://www.googleanalytics.com  https://www.googleoptimize.com https://optimize.google.com https://bat.bing.com https://api.eu1.exponea.com https://*.convertexperiments.com https://*.interactionbuilder.giosg.com https://*.giosg.com https://*.giosgusercontent.com; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com https://files.vr.fi https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com  https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://*.hotjar.com https://*.hotjar.io https://*.giosg.com https://*.giosgusercontent.com; img-src 'self' data: https://images.ctfassets.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://ad.doubleclick.net https://files.vr.fi https://giosg-chat-public-eu.s3.amazonaws.com https://collector.vr.fi https://adservice.google.com https://www.facebook.com https://www.googleadservices.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.linkedin.com https://translate.google.com https://optimize.google.com https://*.hotjar.com https://*.hotjar.io https://i.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.giosg.com https://*.giosgusercontent.com; font-src 'self' data: https://use.fontawesome.com https://giosg-chat-public-eu.s3.amazonaws.com https://files.vr.fi https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.giosg.com https://*.giosgusercontent.com; connect-src 'self' wss://messagerouter.giosg.com wss://*.hotjar.com https://sentry.io https://api.eu1.exponea.com https://collector.vr.fi https://www.google.com https://www.google.fi https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://rata.digitraffic.fi https://vc.hotjar.io https://api.mapbox.com https://events.mapbox.com https://aste-hvv.vr.fi https://junatkartalla-cal-prod.herokuapp.com https://*.hotjar.com https://*.hotjar.io https://crm-customerforms-prod-attachment-data.s3.eu-west-1.amazonaws.com https://crm-customerforms-dr-attachment-data.s3.eu-west-1.amazonaws.com https://region1.google-analytics.com https://*.vrpublic.fi https://cdn.linkedin.oribi.io https://app.eu1.exponea.com https://*.convertexperiments.com https://test.lippu-test.vr.fi https://www.lippu.vr.fi https://*.giosg.com https://*.giosgusercontent.com; media-src 'self' https://videos.ctfassets.net https://*.giosg.com https://*.giosgusercontent.com; object-src 'self' https://*.giosg.com https://*.giosgusercontent.com; child-src 'self' blob: https://*.hotjar.com https://*.hotjar.io https://vr.leadfamly.com https://my.matterport.com https://www.youtube.com https://youtube.com https://www.google.com https://*.vr.fi https://optimize.google.com https://link.webropolsurveys.com https://*.giosg.com https://*.giosgusercontent.com; worker-src 'self' blob: https://*.vr.fi https://*.giosg.com https://*.giosgusercontent.com; frame-ancestors 'self' https://www.cwt-train-online.fi; form-action 'self' https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' https://api.eu1.exponea.com 1
default-src https: 'self'; connect-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; font-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; frame-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; img-src 'self' https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; script-src 'self' data: https: wss: about: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com; style-src 'self' data: https: 'unsafe-eval' 'unsafe-inline' api.useinsider.com says.api.useinsider.com 1
frame-ancestors 'self' www.elsiglodetorreon.com.mx www.elsiglodedurango.com.mx tar.mx elsiglo.mx localhost http://localhost el.siglo.mx 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:;frame-ancestors 'self' https://*.t13.cl https://*.13.cl https://*.deportes13.cl 1
default-src https: 'self'; font-src https: data:;  img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarkcountynv.gov https://*.govdelivery.com  https://*.revize.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.userway.org https://*.google.com https://siteimproveanalytics.com https://*.jsdelivr.net https://*.jquery.com https://*.googletagmanager.com https://*.googleapis.com https://*.google-analytics.com https://api.recollect.net/ https://assets.us.recollect.net https://*.govdelivery.com https://s3.amazonaws.com http://*.leg.state.nv.us/ http://*.facebook.net/ http://*.simpli.fi/ https://static.ctctcdn.com/; style-src * 'unsafe-inline' 1
font-src 'self' 'unsafe-inline' data: *.deutsche-apotheker-zeitung.de *.bootstrapcdn.com *.davfobi.de; 1
frame-ancestors 'self' interhyp.e-spirit.hosting app.optimizely.com 1
frame-ancestors 'self' *.bigideasmath.com *.schoology.com *.instructure.com schoology.wcasd.net 1
img-src * data: blob: 'unsafe-inline'; media-src * blob: data:; font-src * data: 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://www.facebook.com https://www.linkedin.com https://cdn.linkedin.oribi.io http://ads.tiktok.com https://maps.googleapis.com https://*.googleapis.com *.google.com https://*.gstatic.com https://player.vimeo.com https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api/fallback https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api/siteverify https://www.google.com/recaptcha/api2/bframe https://www.youtube.com https://www.googleadservices.com https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js fonts.googleapis.com maps.gstatic.com fonts.gstatic.com https://track.omguk.com https://secure.quantserve.com *.omguk.com quantserve.com *.doubleclick.net doubleclick.net https://secure.quantserve.com/quant.js https://static.ads-twitter.com/uwt.js *.ads-twitter.com *.quantcount.com cdn.evgnet.com *.evgnet.com https://cdn.evgnet.com/beacon/bankphilippineislands/prod/scripts/evergage.min.js https://cdn.evgnet.com/beacon/bankphilippineislands/test/scripts/evergage.min.js https://bankphilippineislands.evergage.com https://bankphilippineislands.australia-3.evergage.com *.evergage.com https://tiktok.com *.tiktok.com https://service.force.com *.force.com *.salesforce.com *.salesforceliveagent.com https://unpkg.com/@googlemaps/markerclusterer/dist/index.min.js https://s7ap1.scene7.com *.scene7.com *.sandbox.my.site.com *.my.site.com https://helpuat.bpi.com.ph *.bpi.com.ph https://go.affec.tv https://cdn.evgnet.com https://snap.licdn.com *.licdn.com https://js.adsrvr.org https://cdn.taboola.com/libtrc/unip/1502612/tfa.js *.adsrvr.org https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/intlTelInput.min.js https://cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/utils.js https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/17.0.3/css/intlTelInput.min.css wss://sbc.apacaudiocodeslab.com:4443 wss://webrtcpdc.bpi.com.ph:443 wss://webrtcsdc.bpi.com.ph:443; 1
frame-ancestors 'self' https://*.walletconnect.com; object-src 'none' 1
script-src https: 'unsafe-inline' 'unsafe-eval' https://mindtickle.com blob:; object-src 'none'; 1
default-src self http: https:; base-uri 'none'; img-src * data: blob: http: https:; object-src http: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' http: https:; connect-src 'self' http: https: 'unsafe-inline'; media-src * data: blob: http: https:; 1
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://app.hubspot.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hsleadflows.net https://js.usemessages.com https://snap.licdn.com https://tracking.g2crowd.com https://www.google-analytics.com https://www.googletagmanager.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://static.hsappstatic.net https://code.jquery.com; style-src 'unsafe-inline' 'report-sample' 'self' https://static.hsappstatic.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://cp.hubspot.com https://forms.hubspot.com https://www.google-analytics.com https://stats.g.doubleclick.net https://js.hs-banner.com https://cdn.linkedin.oribi.io https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://forms.hsforms.com https://app.hubspot.com https://www.google.com https://flo.uri.sh https://forms.hsforms.com; frame-ancestors 'self'; img-src 'self' https://3426102.fs1.hubspotusercontent-na1.net https://3ma79ae7cua.com https://px.ads.linkedin.com https://static.hsappstatic.net https://track.hubspot.com https://www.linkedin.com https://www.google.com https://www.google.co.in https://forms.hsforms.com https://forms-na1.hsforms.com; media-src 'self' https://3426102.fs1.hubspotusercontent-na1.net; worker-src 'none';; upgrade-insecure-requests 1
default-src 'self' www.bolsasymercados.es 'unsafe-inline' 'unsafe-eval' data: *.typekit.net *.google-analytics.com www.googletagmanager.com tagmanager.google.com *.google.com *.google.es *.gstatic.com *.googleapis.com cdn.cookielaw.org *.onetrust.com i1.ytimg.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com *.readspeaker.com api.bolsasymercados.es wss://api.bolsasymercados.es use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com code.jquery.com;base-uri 'self';form-action 'self';frame-ancestors 'self'; 1
frame-ancestors degreed.com *.degreed.com *.degreed.dev 1
default-src 'self'; script-src 'self' js.stripe.com static.cloudflareinsights.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/; img-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com; form-action 'self'; frame-src js.stripe.com www.google.com; report-uri https://scotthelme.report-uri.com/r/d/csp/enforce; report-to default 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://st.mycdn.me https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-2322ecff6883848f9c8807930175d417' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.ok.ru https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=23.01.24; 1
frame-src 'self' https://files.reallygoodemails.com/ https://js.stripe.com/ https://parcel.io/ https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com/ https://dntcl.qualaroo.com/ https://ct.pinterest.com/ https://rge-prod.firebaseapp.com/ https://rge-staging.firebaseapp.com/ https://vercel.live/ 1
default-src 'self' https: data: wss://*.zopim.com; frame-src 'self' https: api.tre.se; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: blob: 'unsafe-inline'; media-src https: data:; img-src 'self' https: blob: data: 1
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' use.fontawesome.com; require-trusted-types-for 'script'; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.fontawesome.com; font-src fonts.gstatic.com use.fontawesome.com; frame-ancestors 'none'; 1
object-src 'none';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content 1
default-src 'none'; script-src 'self' 'unsafe-inline' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com doublethedonation.com studyinthestates.dhs.gov cwu-csm.symplicity.com *.blackbaud.com *.blackbaudhosting.com *.heyhalda.com *.googleadservices.com *.cloudfront.net *.flippingbook.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.cdn.technolutions.net *.cdn.technolutions.net code.jquery.com fonts.googleapis.com *.gstatic.com *.google.com *.libanswers.com cdn.polyfill.io cdnjs.cloudflare.com *.bootstrapcdn.com cdn.livechatinc.com api.livechatinc.com connect.facebook.net secure.adnxs.com up.pixel.ad analytics.tiktok.com snap.licdn.com sc-static.net bot.ivy.ai tr.snapchat.com a.omappapi.com *.ewaycorphosting.com; connect-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com admissions.cwu.edu tr6.snapchat.com/p px.ads.linkedin.com/wa/ doublethedonation.com *.blackbaud.com *.heyhalda.com *.flippingbook.com api.omappapi.com z.omappapi.com a.omappapi.com *.google.com *.google-analytics.com *.cdn.technolutions.net *.cdn.technolutions.net cdn.linkedin.oribi.io analytics.tiktok.com stats.g.doubleclick.net tr.snapchat.com goboardapi.azurewebsites.net; img-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com doublethedonation.com *.blackbaudhosting.com googleads.g.doubleclick.net *.cloudfront.net *.flippingbook.com a.omappapi.com *.google.com *.google-analytics.com *.mdhv.io *.facebook.com pixel.sitescout.com px.ads.linkedin.com bot.ivy.ai tr.snapchat.com ai1.ivy-cdn.com *.googletagmanager.com *.ewaycorphosting.com; style-src 'self' 'unsafe-inline' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com googletagmanager.com/debug/badge.css doublethedonation.com *.blackbaud.com *.blackbaudhosting.com *.cdn.technolutions.net fonts.googleapis.com *.fontawesome.com cdnjs.cloudflare.com *.ewaycorphosting.com a.omappapi.com/app/js/api.min.css; frame-ancestors 'self'; form-action 'self' admissions.cwu.edu search.cwu.edu *.facebook.com; media-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com; font-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com doublethedonation.com fonts.gstatic.com *.fontawesome.com cdn.livechatinc.com bot.ivy.ai; frame-src 'self' cwu.edu *.cwu.edu cwu-staging.ewaycorphosting.com *.elf.site teamup.com cwu-csm.symplicity.com *.heyhalda.com *.blackbaud.com *.blackbaudhosting.com td.doubleclick.net *.flippingbook.com www.youtube.com www.vimeo.com *.office365.com *.libanswers.com www.google.com map.concept3d.com secure.livechatinc.com *.cdn.technolutions.net tr.snapchat.com *.facebook.com pixel.sitescout.com bot.ivy.ai; 1
default-src 'none';        media-src *.servsafe.com;     script-src 'self' *.servsafe.com 'unsafe-eval' 'unsafe-inline' munchkin.marketo.net apps.usw2.pure.cloud *.clarity.ms connect.facebook.net www.googleadservices.com ajax.googleapis.com *.google-analytics.com www.googletagmanager.com www.livehelpnow.net lptag.liveperson.net *.tableau.com *.tableausoftware.com *.doubleclick.net *.bing.com a.clarity.ms player.vimeo.com www.youtube.com  *.restaurant.org *.cloudfront.net apps.mypurecloud.com apps.usw2.pure.cloud cobrowse.usw2.pure.cloud bat.bing.com;     style-src 'self' 'unsafe-inline' *.googleapis.com *.restaurant.org apps.mypurecloud.com *.cloudfront.net cdn.jsdelivr.net;     font-src 'self' fonts.gstatic.com *.servsafe.com apps.mypurecloud.com *.cloudfront.net cdn.jsdelivr.net;      img-src 'self' data: *.servsafe.com *.google-analytics.com www.livehelpnow.net apps.mypurecloud.com *.bing.com *.doubleclick.net *.google.com *.facebook.com;     connect-src 'self' *.servsafe.com *.servsafe.com *.google-analytics.com *.mktoresp.com analytics.google.com *.doubleclick.net rum-ingest.us1.signalfx.com api.usw2.pure.cloud wss://streaming.usw2.pure.cloud wss://cobrowse.usw2.pure.cloud api-cdn.usw2.pure.cloud ws://webmessaging.usw2.pure.cloud *.googlesyndication.com;     frame-ancestors 'self' *.discoverlink.com;     child-src 'self' *.servsafe.com *.restaurant.org;        frame-src 'self' *.servsafe.com *.doubleclick.net *.googletagmanager.com www.facebook.com player.vimeo.com  www.youtube.com *.restaurant.org *.cloudfront.net apps.usw2.pure.cloud *.bing.com 1
default-src 'none'; connect-src https://api.moneroocean.stream; font-src 'self'; img-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; form-action 'none' 1
default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'; frame-ancestors 'none' 1
frame-ancestors https://*.powerdms.com; upgrade-insecure-requests 1
upgrade-insecure-requests;default-src 'unsafe-inline' 'unsafe-eval' data: https:;script-src 'unsafe-inline' 'unsafe-eval' data: https:;style-src 'unsafe-inline' data: https:;object-src https:; child-src data: https:; img-src data: https:;font-src data: https:; connect-src https: wss:;form-action https:; media-src data: https:; report-uri https://jungefreiheit.de/report.html; 1
frame-ancestors 'self' https://*.legalmatch.com https://*.legalmatchca.com https://*.lawyerslegallaws.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.ecovadis.com *.googleapis.com *.cookielaw.org *.cloudflare.com *.facebook.net *.cdntwrk.com *.wistia.com *.ml314.com ml314.com *.pardot.com *.salesloft.com *.hotjar.com *.pathmotion.io *.demandbase.com *.googletagmanager.com *.youtube.com *.cookielaw.org *.cloudflare.com *.cdntwrk.com *.wistia.com *.wistia.net *.googletagmanager.com *.google-analytics.com *.hotjar.com *.ecovadis-surveys.com *.licdn.com *.google.com *.gstatic.com *.gstatic.cn *.googleadservices.com *.doubleclick.net *.pardot.com *.recaptcha.net *.zscloud.net *.jsdelivr.net *.facebook.net *.scoop.it *.googleapis.com *.zoominfo.com *.clickagy.com *.hs-scripts.com *.zi-scripts.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hsforms.net yoast.com *.hubspot.com; style-src 'report-sample' 'self' 'unsafe-inline' *.ecovadis.com  *.cloudflare.com *.googleapis.com *.scoop.it; object-src 'none'; base-uri 'self'; connect-src 'self' * *.ecovadis.com api.mixpanel.com cdn.cookielaw.org embedwistia-a.akamaihd.net *.wistia.com *.wistia.net *.litix.io v2.api.uberflip.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.hotjar.com *.hotjar.com *.hotjar.io *.company-target.com *.salesloft.com *.recaptcha.net cdn.linkedin.oribi.io *.facebook.net *.google.com *.clickagy.com *.zoominfo.com *.demandbase.com *.zi-scripts.com *.hscollectedforms.net *.hubapi.com; font-src 'self' data: *.ecovadis.com/ *.gstatic.com *.wistia.com *.wistia.net *.wp.com; frame-src 'self' *.ecovadis.com *.ecovadis-surveys.com *.ecovadis-survey.com ecovadis.career-inspiration.com *.hotjar.com *.google.com  *.recaptcha.net *.facebook.com *.company-target.com *.doubleclick.net securityscorecard.com *.hsforms.com *.hsappstatic.net *.hubspot.com *.embedly.com; img-src 'self' data: *.ecovadis.com *.cdntwrk.com *.wistia.com *.wistia.net *.scoop.it *.gravatar.com *.cookielaw.org *.google-analytics.com *.googletagmanager.com *.google.com *.google.pl https://id.rlcdn.com https://match.prod.bidr.io *.linkedin.com *.company-target.com  *.recaptcha.net *.facebook.com *.doubleclick.net *.clickagy.com *.openx.net *.rlcdn.com *.agkn.com *.google.it *.google.fr *.google.de *.hsforms.com *.hubspot.com *.hubspotusercontent-eu1.net *.hsappstatic.net *.googleusercontent.com; manifest-src 'self'; media-src 'self' *.ecovadis.com *.wistia.net blob:; frame-ancestors 'self' *.ecovadis.com; worker-src blob:; 1
report-uri https://www.tinkoff.ru/api/front/pwabnpl/log/csp-error?appName=pwabnpl; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; font-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data: *.dolyame.ru; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.dolyame.ru; img-src 'self' data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.dolyame.ru 'self' data: *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru blob: *.dolyame.ru sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org; frame-src 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.dolyame.ru *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com; connect-src 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru wss://*.tinkoff.ru wss://*.tcsbank.ru 'self' data: self sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works cfg.tinkoff.ru acdn.tinkoff.ru www.tinkoff.ru www.cdn-tinkoff.ru dolyame.ru tmsg.tinkoff.ru chat.dolyame.ru ms-gateway.tinkoff.ru forma.tinkoff.ru fallback.cdn-tinkoff.ru 1
frame-ancestors 'self' *.bnpparibas *.mosaic.fr *.biapi.pro *.dev.echonet *.bnpparibas.net *.protection24.com *.facil-iti.com *.herokuapp.com  *.matmut.com *.cardif-iard.fr; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://bat.bing.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.zohocdn.com https://*.zoho.com https://*.zoho.eu https://*.hubspot.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-banner.com https://*.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://*.licdn.com https://*.kiflo.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://tracking.g2crowd.com https://connect.facebook.net/en_US/sdk.js; worker-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.zohocdn.com https://*.googleapis.com; img-src 'self' data: https://www.adminbyrequest.com https://bat.bing.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.zohopublic.com https://*.zohopublic.eu https://*.zohocdn.com https://*.zoho.com https://*.youtube.com https://*.hsforms.com https://*.hubspot.com https://*.linkedin.com https://fasttracksoftware.zendesk.com https://*.zdusercontent.com https://secure.gravatar.com https://licensing.aioseo.com https://cdn.shortpixel.ai; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.zoho.eu https://*.zoho.com https://*.zohopublic.eu https://*.zohopublic.com wss://vts.zohopublic.eu wss://vts.zohopublic.com https://*.hubspot.com https://*.hubapi.com https://*.kiflo.com https://*.googleapis.com https://*.oribi.io https://cdn.linkedin.oribi.io https://*.google-analytics.com https://cdn.jsdelivr.net https://tracking.g2crowd.com; font-src 'self' data: https://*.zohocdn.com https://*.gstatic.com; frame-src 'self' https://www.youtube.com https://*.gstatic.com https://*.google.com https://*.zohopublic.eu/ https://*.zohopublic.com/ https://*.hubspot.com https://posimyththemes.com; media-src https://*.zohocdn.com; 1
default-src 'self' 'unsafe-inline' https://arvatosystems.matomo.cloud https://salesviewer.org https://salesviewer.com https://*.salesviewer.com https://*.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.youtube.com https://cdn.linkedin.oribi.io https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.azureedge.net https://*.svc.dynamics.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://socialcloud.bertelsmann.com https://podcasters.spotify.com https://*.spotify.com https://outlook.office365.com https://app.sli.do https://connect.facebook.net https://px.ads.linkedin.com;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://acdn.adnxs.com https://arvatosystems.matomo.cloud https://salesviewer.org https://salesviewer.com https://*.salesviewer.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://www.vimeo.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.azureedge.net https://*.svc.dynamics.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://socialcloud.bertelsmann.com https://podcasters.spotify.com https://*.spotify.com https://outlook.office365.com https://app.sli.do https://connect.facebook.net;           style-src 'self' 'unsafe-inline';           img-src 'self' https://ib.adnxs.com https://px.ads.linkedin.com https://www.youtube.com https://www.vimeo.com https://www.google.de/ data: https:;           font-src 'self' 'unsafe-inline' data:;           frame-ancestors 'self'; 1
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.teststagram.com *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.teststagram.com *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.teststagram.com *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' https://meta.privacy-gateway.cloudflare.com/relay;font-src *.teststagram.com *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net data: *.igsonar.com *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1
default-src https: wss: data:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src http: https: blob:; 1
default-src 'unsafe-inline' https: data:; img-src blob: data: https:; media-src blob: data: https:; script-src 'unsafe-eval' 'unsafe-inline' https: blob:; frame-ancestors 'self' https://*.tio.ch 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' unsafe-dynamic; frame-ancestors https://workflowy.com https://*.workflowy.com https://teams.microsoft.com; frame-src * workflowy: 1
frame-ancestors 'self' www.google.com www.izzi.mx www.wizz.mx www.wizzplus.mx www.izziflex.mx www.izzimovil.mx paypal.com u.mitec.com.mx web.izzidigital.mx script.crazyegg.com wizz.mx wizzplus.mx izzi.mx 1
frame-ancestors 'self' https://bannerhealth.com https://www.bannerhealth.com https://Qa.stage.bannerhealth.com https://stage.bannerhealth.com https://qa.bannerhealth.com https://qa-cm.bannerhealth.com https://iframe.dev.buoyhealth.com https://dev-sc-cd.dbt.testbhealth.com https://qa-sc-cd.dbt.testbhealth.com https://uat.bannerhealth.com https://beta.bannerhealth.com 1
object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.o2.com *.o2.de *.spatialbuzz.com *.usercentrics.eu *.baqend.com *.o2online.de *.telefonica.de *.o9.de *.googletagmanager.com *.trbo.com *.google-analytics.com *.kampyle.com *.adoberesources.net *.matelso.de *.contentsquare.net *.nowinteract.com *.demoup.com *.auracognitive.com *.adtelligence.de *.aklamio.com *.promisejs.org *.usabilla.com *.jsdelivr.net *.cloudflare.com *.abtasty.com *.blob.core.windows.net *.blau.o9.de *.blau.de *.ad4m.at track.adform.net www.facebook.com *.doubleclick.net adservice.google.com a.twiago.com www.youtube.com o2-music-cms-a.preprod.ava-digi.de www.google.co.in analytics.google.com dpm.demdex.net www.google-analytics.com imagesrv.adition.com www.google.com dsum-sec.casalemedia.com rtb-csync.smartadserver.com ih.adscale.de trc.taboola.com ad11.adfarm1.adition.com ad4m.at *.spatialbuzz.net 1
frame-ancestors https://igx.csbsju.edu http://go.twocolleges.com https://virtualtour.csbsju.edu 1
frame-ancestors 'self' https://research-studio.messari.io https://marketing-studio.messari.io https://storybook.messari.io 1
frame-ancestors 'self' *.cdmx.gob.mx https://cdmx.gob.mx 1
default-src *.crazyegg.com *.cognigy.ai blob: wss: https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; object-src 'self' blob:; media-src data:; 1
base-uri 'self'; connect-src 'self' *.userwerk.com native-commerce.com static.native-commerce.com csi.gstatic.com translate.googleapis.com cbooks-piwik.de log.cookieyes.com cdn-cookieyes.com directory.cookieyes.com *.googlesyndication.com cdn.jsdelivr.net cmp.inmobi.com cdn.fuseplatform.net securepubads.g.doubleclick.net api.btloader.com bidder.criteo.com i.connectad.io fastlane.rubiconproject.com tlx.3lift.com prebid.a-mo.net rtb.openx.net ib.adnxs.com hbopenbid.pubmatic.com gum.criteo.com static.criteo.net id5-sync.com dnacdn.net; default-src 'self' *.booklooker.de; font-src 'self' data: static.booklooker.de fonts.gstatic.com; frame-ancestors 'self' http://kvk.bibliothek.kit.edu; frame-src 'self' googleads.g.doubleclick.net *.google.de *.google.at *.google.ch *.google.com *.adsensecustomsearchads.com *.syndicatedsearch.goog *.googlesyndication.com *.userwerk.com widget.trustpilot.com gum.criteo.com; img-src 'self' data: *.booklooker.de *.ausgezeichnet.org cbooks-piwik.de *.googleadservices.com *.googlesyndication.com *.google.com *.google.de *.adsensecustomsearchads.com *.syndicatedsearch.goog *.googleapis.com *.gstatic.com i.ebayimg.com rover.ebay.com www.ebayadservices.com widgets.trustedshops.com partners.webmasterplan.com apps.shopauskunft.de cdn-cookieyes.com *.userwerk.com ad-delivery.net ad.doubleclick.net securepubads.g.doubleclick.net; object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.booklooker.de siegel.ausgezeichnet.org widgets.trustedshops.com cbooks-piwik.de *.userwerk.com static.native-commerce.com *.google.com *.google.at *.google.ch www.googletagservices.com *.googlesyndication.com pagead2.googlesyndication.com  adservice.google.de adservice.google.at adservice.google.ch *.googleadservices.com *.googleapis.com adservice.google.nl adservice.google.it adservice.google.pl adservice.google.fr adservice.google.es adservice.google.ru adservice.google.cz adservice.google.co.uk adservice.google.be adservice.google.hu apps.shopauskunft.de/seal_defer/e65e7f526e1c8bee0691e09df5329ab6.js cdn-cookieyes.com *.adsensecustomsearchads.com *.syndicatedsearch.goog *.googletagmanager.com cdn.fuseplatform.net securepubads.g.doubleclick.net btloader.com static.criteo.net tags.crwdcntrl.net cdn.ampproject.org; style-src 'self' 'unsafe-inline' static.booklooker.de *.gstatic.com fonts.googleapis.com; worker-src 'self'; report-uri /interface/csp-report.php; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-ncPelXcpMdZ7wMUdtomdcsfuu5ixf02tL2fHXIs8vkgLoNZy' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self'; object-src 'self'; report-to csp-endpoint; report-uri /csp; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.go-mpulse.net *.siftscience.com *.nxjimg.com *.corporateperks.com *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.perksatwork.com *.cloudflare.com *.zopim.com unpkg.com *.zdassets.com data: blob: *.tinymce.com *.partnerbookingkit.com *.forter.com *.rezserver.com *.jsdelivr.net *.datatables.net *.expedia.com ; upgrade-insecure-requests; 1
base-uri https://www.lumni.fr; frame-ancestors https://www.lumni.fr 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://optimize.google.com https://www.googleoptimize.com https://*.marketingcloudfx.com https://www.google-analytics.com https://www.google.com https://embed.acuityscheduling.com https://js.stripe.com https://z.moatads.com https://s7.addthis.com https://blog.volgistics.com https://seal.digicert.com https://cdn.leadmanagerfx.com https://bat.bing.com https://ct.capterra.com https://www.googletagmanager.com https://tagmanager.google.com; 1
default-src 'self'; connect-src 'self' https: blob: data: wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.a2d.tv *.b17g.net *.tv4play.se https:; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https:; media-src blob: https:; manifest-src 'self'; object-src data:; form-action 'self'; frame-src https:; frame-ancestors 'self'; worker-src 'self' blob:; font-src * data: chrome-extension:; img-src * data: android-webview-video-poster:; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'self' data: matomo.anu.net blog.anu.net fonts.googleapis.com fonts.gstatic.com www.socialintents.com netdna.bootstrapcdn.com; script-src 'unsafe-inline' 'self' matomo.anu.net ajax.googleapis.com www.socialintents.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dc-mkt-prod.cloud.bosch.tech dc-ncj-portal.qa.dxf.bosch.tech tags.tiqcdn.com www.youtube.com player.vimeo.com s.ytimg.com statse.webtrendslive.com www.google-analytics.com dock.ui.bosch.tech *.tealiumiq.com apps.boschrexroth.com *.monetate.net *.livechatinc.com *.qualtrics.com *.hs-scripts.com *.hsadspixel.net *.usemessages.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net js.hsforms.net forms.hsforms.com snap.licdn.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.optimizely.com www.boschrexroth.com.cn prospecttrax.com connect.facebook.net js-na1.hsforms.net skk.erecruiter.pl maps.googleapis.com dxf-services.bosch.com hm.baidu.com webchatplugins.blob.core.windows.net cdn-go.cn vm.gtimg.cn p1.authz.bosch.com js.hubspot.com rbdcportalprod-endpoint-gubhcth0ftdbc2dv.z01.azurefd.net 1
frame-ancestors 'self'; frame-src 'self' web106.reachmee.com res.statisticsstudio.com play.mediaflowpro.com www.youtube.com *.readspeaker.com ssres.azureedge.net consentcdn.cookiebot.com www.google.com survey.extellio.com; form-action 'self' *.readspeaker.com www.anpdm.com; base-uri 'self'; default-src 'self'; font-src 'self' data:; script-src 'self' 'nonce-tKMl6SeEcP/1wa++ehprQ4DasKwB8xzDKXqyAM8pGDQ=' 'strict-dynamic' consent.cookiebot.com consentcdn.cookiebot.com cdn1.readspeaker.com script.extellio.com m.extellio.com; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' matomo.folkhalsomyndigheten.se i.creativecommons.org licensebuttons.net im16.inviewer.se assets.mediaflowpro.com *.readspeaker.com; connect-src 'self' consentcdn.cookiebot.com *.readspeaker.com matomo.folkhalsomyndigheten.se script.extellio.com m.extellio.com; 1
script-src 'nonce-21f664ae90f7edad3c2c798c1a34cfd8' dashboard.weglot.com *.weglot.com *.stripe.com *.announcekit.app *.nolt.io *.jsdelivr.net *.firstpromoter.com beacon-v2.helpscout.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.gstatic.com static.ads-twitter.com analytics.twitter.com bat.bing.com snap.licdn.com *.snap.licdn.com *.redditstatic.com connect.facebook.net *.hotjar.com *.hotjar.io a.quora.com cdn.firstpromoter.com https: http: 'unsafe-inline' 'strict-dynamic'; object-src 'none'; base-uri 'self';frame-ancestors 'none'; 1
default-src 'self' www.reuters.tv https://tagmanager.google.com https://optimize.google.com https://app.cux.io https://*.doubleclick.net https://www.google-analytics.com *.consentmanager.net data:; font-src 'self' https://themes.googleusercontent.com/ fonts.googleapis.com https://fonts.gstatic.com fonts.gstatic.com themes.googleusercontent.com https://www.googletagmanager.com infostrefa.tv www.google.com data:; style-src 'self' 'unsafe-inline' https://www.google.com https://tagmanager.google.com www.googleapis.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: https://panda.leadmax.pl https://*.fls.doubleclick.net https://*.doubleclick.net https://www.facebook.com https://content-ci360.pzu.pl https://*.googleapis.com tl.tradetracker.net https://www.falcometric.com https://www.gstatic.com www.google.com sigmabismedia.pl https://www.google.com https://harvic.go2cloud.org https://go.perfo.ovh https://cityadstrack.com https://marketing.tr.netsalesmedia.pl https://mrtg.emailpartners.net https://clients1.google.com https://www.bankier.pl https://sigmamedia.eu https://adserwer.afilo.pl *.gstatic.com https://www.davinci.tools https://conversionlabs.net.pl https://netad.go2cloud.org https://track.rtracking.pl https://ade.googlesyndication.com https://content.pzu.pl https://ssl.gstatic.com https://cherryads.go2cloud.org https://www.twitter.com https://app.revhunter.tech www.s.c.lnkd.licdn.com https://s0.2mdn.net https://delivery.clickonometrics.pl https://solutions4ad.com https://wvx2j.bemobtracks.com https://tracking.zuwi.pl *.consentmanager.net https://googleads.g.doubleclick.net https://bedigital.go2cloud.org https://js.trustisto.com https://smartmailings.go2cloud.org https://p2media.go2cloud.org https://tbl.tradedoubler.com https://track.zuwi.dev https://connect.facebook.net www.linkedin.com https://adepto.go2cloud.org http://media-pzu-marketing.ipresso.pl *.ggpht.com https://www.google.pl https://welovedata.go2cloud.org https://go.they.pl https://inistrack.net https://www.googletagmanager.com https://api.trustisto.com https://www.google-analytics.com https://in.pzu.pl https://track.leadmax.pl; frame-src 'self' https://cmspzu24.pzu.pl https://player.vimeo.com https://devfmg.pl https://wojazer.pzu.pl https://optimize.google.com https://ent.activeforms.com https://ljsp.lwcdn.com https://*.fls.doubleclick.net https://moje.pzu.pl https://*.doubleclick.net https://www.facebook.com https://pzuiflota.pl *.consentmanager.net https://oferta.pekao24.pl https://media-pzu-marketing.ipresso.pl http://komunikacyjne.pzu.pl https://tpc.googlesyndication.com https://firma.pzu.pl https://admin-solum.pzu.pl https://komunikacyjne.pzu.pl https://poststickersapps.com *.googleadservices.com https://ubezpieczenia.pzu.pl reuters.tv https://secure.pzuci.pl https://pzu.chat.getzowie.com https://agencjahagen.pl https://emeryturappk.pzu.pl https://*.youtube.com https://dobradruzyna.pl https://www.google.com https://af-solum.pzu.pl https://bid.g.doubleclick.net https://www.reuters.tv https://drogadozdrowiazpzu.pl https://af-solum-uat.pzu.pl https://sigmamedia.eu https://ac.pzu.pl https://oferta.pzu.pl https://*.chatbotize.com https://reuters.tv https://forms.pzu.pl http://pzu24.pzu.pl https://infostrefa.tv https://*.direct.chatbotize.com https://blog.pzu.pl https://www.pzuzdrowie.pl https://dom.pzu.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://optimize.google.com https://*.doubleclick.net https://www.facebook.com api-performace.pzu.pl https://www.ssl.gstatic.com https://*.googleapis.com https://drogadozdrowia.dev.focusmedia.pl https://delivery-ci360.pzu.pl https://track.adform.net *.googleadservices.com www.google.com https://*.youtube.com https://www.fbstatic-a.akamaihd.net https://www.google.com https://drogadozdrowiazpzu.pl www.cdn.api.twitter.com *.gstatic.com https://www.googleapis.com www.platform.linkedin.com https://forms.pzu.pl *.googleoptimize.com https://*.googletagservices.com https://media-epoint.ipresso.pl https://cdn.adt387.com https://www.googleadservices.com https://dc.cux.io https://www.oauth.googleusercontent.com *.consentmanager.net https://maps.googleapis.com https://media-pzu-marketing.ipresso.pl https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://perun.ipresso.pl https://ubezpieczenia.pzu.pl https://js.trustisto.com https://execution-ci360.pzu.pl https://adform.net https://connect.facebook.net https://tagmanager.google.com https://s.ytimg.com www.linkedin.com https://*.googlesyndication.com https://*.chatbotize.com https://adform.com https://maps.gstatic.com https://*.direct.chatbotize.com https://www.googletagmanager.com https://www.google-analytics.com www.platform.twitter.com https://www.apis.google.com https://track.adtraction.com; object-src 'self' https://*.doubleclick.net *.consentmanager.net https://maps.googleapis.com *.googleadservices.com; connect-src 'self' wss://*.track.cux.io https://*.doubleclick.net https://www.facebook.com *.consentmanager.net https://maps.googleapis.com https://afiliacjaapi.pzu.pl fcm.googleapis.com media-pzu-marketing.ipresso.pl porozmawiaj.video.pzu.pl https://delivery-ci360.pzu.pl tfimam-test.pzu.pl media-epoint.ipresso.pl https://www.pracuj.pl *.googleadservices.com https://js.trustisto.com https://waw.chat.getzowie.com https://execution-ci360.pzu.pl https://dobradruzyna.pl https://www.google.com https://connect.facebook.net https://analytics.google.com perun.ipresso.pl https://region1.google-analytics.com https://*.chatbotize.com https://www.google.pl https://*.direct.chatbotize.com https://api.trustisto.com https://www.google-analytics.com tfimam.pzu.pl *.google.com https://media-epoint.ipresso.pl; frame-ancestors 'self' https://cmspzu24.pzu.pl https://moje.pzu.pl https://ppk.pzu.pl https://af-solum-uat.pzu.pl http://pzu24.pzu.pl https://forms.pzu.pl https://admin-solum.pzu.pl https://blog.pzu.pl https://app.cux.io https://www.pzuzdrowie.pl https://emeryturappk.pzu.pl https://ta.inpzu.pl https://*.ci360.sas.com;  1
default-src 'self' ;frame-ancestors 'self';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.jsdelivr.net https://sdk.privacy-center.org https://cdnjs.cloudflare.com https://apps.mypurecloud.ie https://advaniadev.boost.ai https://www.google-analytics.com https://js-eu1.hs-scripts.com https://connect.facebook.net https://www.clarity.ms https://js-eu1.hsadspixel.net https://js-eu1.hscollectedforms.net https://js-eu1.hubspot.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://snap.licdn.com https://js-eu1.hsforms.net https://px.ads.linkedin.com/wa 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com advania.is:* https://www.google.com https://www.gstatic.com *.twitter.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://apps.mypurecloud.com https://cdnjs.cloudflare.com cdnjs.cloudflare.com;img-src 'self' data: https://www.google.is https://www.google.com https://vefverslun.advania.is https://forms-eu1.hsforms.com https://perf-eu1.hsforms.com https://track-eu1.hubspot.com https://px.ads.linkedin.com https://www.linkedin.com https://www.google-analytics.com https://forms.hsforms.com https://www.facebook.com;font-src 'self' https://fonts.gstatic.com https://apps.mypurecloud.com https://cdnjs.cloudflare.com;media-src 'self' ;frame-src 'self' https://www.googletagmanager.com https://forms-eu1.hsforms.com https://app.powerbi.com https://outlook.office365.com https://player.vimeo.com/ https://www.youtube-nocookie.com https://www.youtube.com *.twitter.com;worker-src 'self' ;connect-src 'self' wss: ws: http: https: advania.is:* 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'nonce-Se3le3rBV0TLf/V1gS6ZRw==' 'strict-dynamic' https: 'unsafe-inline' 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.lerobert.com; 1
frame-ancestors 'self' firesidegatherings.com *.firesidegatherings.com localhost localhost:* *.corp.blizzard.net; 1
default-src blob: 'self' data: *.podigee-cdn.net *.3qsdn.com ; script-src 'unsafe-inline' 'unsafe-eval' 'self' stats.brak.de *.dwcdn.net *.podigee-cdn.net *.3qsdn.com blob:; connect-src 'self' stats.brak.de *.3qsdn.com; img-src 'self' data: *.dwcdn.net *.podigee-cdn.net *.3qsdn.com stats.brak.de; style-src 'unsafe-inline' 'self' *.dwcdn.net *.podigee-cdn.net *.3qsdn.com ;base-uri 'self';form-action 'self'; object-src 'none'; frame-src 'self' *.dwcdn.net *.podigee-cdn.net *.3qsdn.com 1
frame ancestors 'none'; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-NTljZjdlZDctZTRiNC00Zjg5LThiN2UtYzI1OTg3ZWU3NDk5'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
frame-ancestors 'self' https://www.bodas.net https://comunidad.bodas.net https://landing.bodas.net 1
default-src https: wss://*.hotjar.com https://*.clarity.ms https://c.bing.com;      img-src * 'self' 'unsafe-inline' https://www.google-analytics.com https://ssl.gstatic.com/ https://googleads.g.doubleclick.net https://www.google.com/ https://cdn.cookielaw.org data: https:;      style-src 'self' 'unsafe-inline' https://www.google.com/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://3cdn.demio.com fonts.googleapis.com *.typekit.net https://cdn.cookielaw.org https://cdn.demio.com;      script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://cdn.cookielaw.org/ https://cdn.demio.com https://connect.facebook.net https://snap.licdn.com https://*.sharethis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://geolocation.onetrust.com https://www.gstatic.com/ https://cdn.matomo.cloud https://cdn.leadinfo.net https://static.hotjar.com https://script.hotjar.com https://*.youtube.com https://*.piwik.pro https://*.jsdelivr.net https://*.amplitude.com js.zi-scripts.com tags.clickagy.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.zi-scripts.com *.clarity.ms *.visualwebsiteoptimizer.com;      frame-ancestors 'self' https://*.youtube.com https://vimeo.com;      frame-src 'self' hemsync.clickagy.com www.google.com https://*.youtube.com https://vimeo.com https://*.vimeo.com;      1
default-src 'self' *.uni-bamberg.de zammad.rz.uni-bamberg.de api.rz.uni-bamberg.de public-tickets--cmdb-k843-2-dev.rproxy.it-fopro.uni-bamberg.de www-daten-i1656.rproxy.it-fopro.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com *.infogram.com *.mapbox.com scontent.cdninstagram.com platform.twitter.com *.twitter.com *.twimg.com *.facebook.net *.unity3d.com 'unsafe-inline' 'unsafe-eval' blob: data: wss:; script-src 'self' *.uni-bamberg.de zammad.rz.uni-bamberg.de api.rz.uni-bamberg.de public-tickets--cmdb-k843-2-dev.rproxy.it-fopro.uni-bamberg.de www-daten-i1656.rproxy.it-fopro.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com 'unsafe-inline' 'unsafe-eval' blob:; img-src 'self' *.uni-bamberg.de tandem-bot.institut-ida.de cdn.botframework.com *.infogram.com *.mapbox.com scontent.cdninstagram.com platform.twitter.com *.twitter.com *.twimg.com *.facebook.net *.unity3d.com 'unsafe-inline' 'unsafe-eval' blob: data:; frame-src *; object-src 'none'; frame-ancestors 'self' *.ddev.site https://*.uni-bamberg.de 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-src https://mobilemaps.net.au; frame-ancestors 'none'; img-src * data:; font-src * data:; 1
default-src 'self'; script-src 'self' snap.licdn.com static.hotjar.com googleads.g.doubleclick.net *.googleadservices.com cdn1.rainlocal.com analytics.tiktok.com *.collect.igodigital.com us.personalcard.net uat.serversidegraphics.com www.google-analytics.com tagmanager.google.com www.googletagmanager.com maps.googleapis.com *.segmint.net *.bizographics.com cdn.timetrade.com *.youtube.com *.linkedin.com *.facebook.net *.facebook.com *.krxd.net *.bugherd.com *.trustarc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: *.linkedin.com *.collect.igodigital.com us.personalcard.net uat.serversidegraphics.com www.google-analytics.com *.google.com *.googletagmanager.com *.g.doubleclick.net maps.googleapis.com *.gstatic.com i.ytimg.com jwpltx.com products.gobankingrates.com *.facebook.com *.krxd.net *.agkn.com *.depositaccounts.com *.bugherd.com *.trustarc.com *.cloudfront.net; connect-src 'self' *.linkedin.com maps.googleapis.com us.personalcard.net analytics.tiktok.com uat.serversidegraphics.com www.google-analytics.com analytics.google.com *.g.doubleclick.net *.segmint.net *.krxd.net *.bugsnag.com *.pusher.com *.hawksearch.net *.hawksearch.com; child-src 'self' tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net; frame-src 'self' *.youtube.com player.vimeo.com tagmanager.google.com www.googletagmanager.com *.segmint.net *.timetrade.com *.timetradesystems.com www.fintactix.net *.appvault.com *.serversidegraphics.com us.personalcard.net *.fls.doubleclick.net *.krxd.net *.bugherd.com *.trustarc.com; font-src 'self' data: uat.serversidegraphics.com fonts.googleapis.com fonts.gstatic.com; report-uri /csp-report.do 1
frame-ancestors 'self' https://app.cux.io https://pracujew.rossmann.pl 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-elem 'strict-dynamic' 'report-sample' 'nonce-N7PILpM5tMVYVrCojMCHxLGJ';script-src-attr 'none' 'report-sample';object-src 'none';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;media-src 'self' https:;frame-src 'self' https:;font-src 'self' data: https:;connect-src 'self' https: wss:;base-uri 'none';frame-ancestors 'self' https://app.contentful.com;report-uri /fehler/csp 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://analytics.google.com https://connect.facebook.net;script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://analytics.google.com https://static.cloudflareinsights.com https://static.hotjar.com https://cdn.amplitude.com https://script.hotjar.com https://connect.facebook.net;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://ds-images.prod.telemetr.io data: https:;media-src 'self' 'unsafe-inline' https://*.tlmtr.cc;connect-src 'self' https://gw-prod.telemetr.io https://graphql.new.telemetr.io wss://graphql.new.telemetr.io https://www.googletagmanager.com https://analytics.google.com https://stats.g.doubleclick.net https://static.hotjar.com https://cdn.amplitude.com https://api2.amplitude.com https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://www.facebook.com https://img-dev.telemetr.io;font-src 'self';frame-src https://docs.google.com https://drive.google.com;object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: googletagmanager.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com unpkg.com data: google.com www.google.com gstatic.com centralnicgroup.activehosted.com *.cloudfront.net blob: https://api.mapbox.com https://*.hotjar.com https://www.youtube-nocookie.com www.recaptcha.net js.hs-scripts.com 1
default-src 'unsafe-inline' 'unsafe-eval' https:; img-src https: data:; font-src https: data: 1
default-src blob: 'self' *.mgm.mo; script-src *.mgm.mo *.google.com *.gstatic.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.aliyuncs.com *.tiqcdn.com *.googletagmanager.com hm.baidu.com *.facebook.net *.bing.com *.doubleclick.net blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.mgm.mo fonts.googleapis.com data:; font-src data: *.gstatic.com *.mgm.mo 'self'; img-src *.mgm.mo *.aliyuncs.com *.bing.com *.google-analytics.com *.google.com *.google.co.jp *.baidu.com *.facebook.com data: blob: 'self';media-src 'self' *.mgm.mo *.oss-cn-hongkong.aliyuncs.com;frame-src 'self' *.youtube.com *.ytimg.com *.recaptcha.net *.facebook.com *.google.com; connect-src 'self' *.mgm.mo *.google-analytics.com *.doubleclick.net *.google.com *.facebook.com; 1
default-src *.tangerine.ca; script-src *.tangerine.ca *.kampyle.com *.facebook.net *.ceros.com *.google-analytics.com *.googletagmanager.com *.fintelconnect.com *.kampyle.com *.amazon-adsystem.com *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src *.tangerine.ca *.kampyle.com *.googletagmanager.com *.googleapis.com 'unsafe-inline' 'unsafe-eval'; img-src *.kampyle.com *.cloudfront.net *.gstatic.com *.facebook.com *.doubleclick.net *.tangerine.ca data:; object-src *.tangerine.ca; font-src *.tangerine.ca *.kampyle.com *.gstatic.com *.googleapis.com 'self' data:; media-src *.tangerine.ca; frame-src *.ceros.com *.kampyle.com *.youtube.com *.doubleclick.net *.tangerine.ca *.google.com *.amazon-adsystem.com; connect-src 'self' *.tangerine.ca *.kampyle.com *.google-analytics.com *.cookielaw.org *.onetrust.com *.googleapis.com *.google.com *.amazon-adsystem.com *.amazon; frame-ancestors *.tangerine.ca; worker-src 'self' blob:; child-src 'self' blob:; 1
default-src 'self' data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwantjunior.com qwantjunior.com *.qwant.com qwant.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: *.qwantjunior.com qwantjunior.com *.qwant.plive *.qwant.com;style-src 'self' 'unsafe-inline' data: *.qwantjunior.com *.qwantjunior.com qwantjunior.com;object-src 'self';connect-src 'self' *.qobuz.com *.apple.com *.qwantjunior.com qwantjunior.com *.qwant.com qwant.com *.qwant.plive qwant.plive extras.qwantjunior.com;img-src blob: 'self' www.qwant.com s1.qwant.com s2.qwant.com s.qwant.com f.qwant.com s1.qwant.plive s2.qwant.plive s.qwant.plive f.qwant.plive s.qwantjunior.com s1.qwantjunior.com s2.qwantjunior.com  data: s-lite.qwantjunior.com www.qwantjunior.com;frame-ancestors *.qwantjunior.com *.qwant.com *.qwantjunior.com lmqt.fyi;form-action 'self';font-src 'self';worker-src blob: 'self' www.youtube-nocookie.com www.youtube.com;frame-src viewer.dood3d.com *.vid.web.acsta.net player.twitch.tv player.vimeo.com www.dailymotion.com players-cdn.vidmizer.com players-cdn-v2.vidmizer.com *.qwantjunior.com *.qwant.com *.qwantjunior.com www.youtube-nocookie.com *.tvlocale.fr *.smartrezo.com *.femmesetcitoyennete.fr *.jeunesreporterssansfrontieres.fr *.medias-francophones.com *.trendy-community.fr *.tvcitoyenne.com *.veitech.com *.localetv.eu player.myvideoplace.tv net.geo.opera.com geo.captcha-delivery.com;media-src blob: *.qwantjunior.com *.qwant.com *.apple.com *.qobuz.com *.vid.web.acsta.net;base-uri 'self';block-all-mixed-content 1
frame-ancestors 'self' https://app.kontent.ai 1
img-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.facebook.com *.linkedin.com *.ytimg.com secure.gravatar.com data: https: 'self'; style-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es *.vimeocdn.com *.vimeo.com data: https: 'unsafe-inline' 'self'; object-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-inline' 'self'; script-src *.sistrix.com *.sistrix.de *.sistrix.it *.sistrix.fr *.sistrix.es data: https: 'unsafe-eval' 'unsafe-inline' 'self'; 1
frame-ancestors 'self';default-src 'self' https://api.nlsc.gov.tw https://*.necoast-nsa.gov.tw https://font.arphic.com https://*.doubleclick.net https://*.google.com https://*.gstatic.com https://*.taiwan.net.tw https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.youtube.com https://font.arphic.com https://font.arphic.com https://*.taiwan.net.tw https://maps.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://font.arphic.com https://*.taiwan.net.tw https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://*.google.com https://www.googletagmanager.com; img-src 'self' https://i.ytimg.com/ https://*.necoast-nsa.gov.tw https://*.youtube.com https://*.fbcdn.net https://*.google.com.tw/ https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://*.taiwan.net.tw https://taiwan-askme.tw https://taiwan.taiwanstay.net.tw https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.gstatic.com data:; frame-src 'self' https://maps.google.com.tw https://*.necoast-nsa.gov.tw https://*.taiwan.net.tw https://*.google.com https://www.youtube.com https://stats.g.doubleclick.net https://maps.gstatic.com https://font.arphic.com; 1
default-src 'self' dictu.bbvms.com sa-tb.nl  *.siteimprove.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com chosen.jquery.js  statistiek.rvo.nl dictu.bbvms.com cdn.bluebillywig.com kaartapi.nl cdn.bootcdn.net cdn.jsdelivr.net publisher.formsengine.io sa-tb.nl code.jquery.com *.dtnr.nl cdn.ckeditor.com *.twimg.com *.twitter.com *.youtube.com *.facebook.net siteimproveanalytics.com sdc.mineleni.nl cdn.siteimprove.net cdnjs.cloudflare.com cdn.rawgit.com *.rijksoverheid.nl; connect-src 'self' statistiek.rvo.nl dictu.bbvms.com statistiek.rijksoverheid.nl piwik.dtnr.nl geodata.nationaalgeoregister.nl sa-tb.nl *.siteimprove.com api.pdok.nl; img-src 'self' dictu.bbvms.com stats.bluebillywig.com www.toegankelijkheidsverklaring.nl cdn.ckeditor.com service.pdok.nl geodata.nationaalgeoregister.nl code.jquery.com kaartapi.nl sa-tb.nl *.dtnr.nl *.twimg.com *.twitter.com *.googleapis.com *.ytimg.com data: *.siteimprove.com sdc.mineleni.nl *.rijksoverheid.nl; style-src  chosen.css dictu.bbvms.com code.jquery.com cdn.ckeditor.com cdn.jsdelivr.net sa-tb.nl *.twimg.com *.twitter.com *.facebook.com *.googleapis.com *.siteimproveanalytics.com cdnjs.cloudflare.com 'self' 'unsafe-inline'; font-src sa-tb.nl *.gstatic.com 'self' data:; media-src 'self' www.rovid.nl dictu.bbvms.com *.bluebillywig.com *.cloudfront.net data:; frame-src *.twitter.com *.youtube.com *.facebook.com 'self' *.siteimprove.com *.bbvms.com; 1
frame-ancestors app.marcosoms.com 1
default-src https:;script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https: blob:; img-src * blob: data:; font-src 'self' https://players.brightcove.net  blob: data:; media-src 'self' https://players.brightcove.net  blob: data:;worker-src 'self' blob:; 1
default-src 'self' cdn.sanity.io cdn.equinor.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.eds.equinor.com https://platform.twitter.com https://*.twimg.com; script-src 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: https://*.googletagmanager.com https://siteimproveanalytics.com https://*.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.youtube.com ; img-src 'self' data: https://cdn.eds.equinor.com https://cdn.sanity.io https://cdn.equinor.com https://*.siteimproveanalytics.io https://*.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.twimg.com https://i.ytimg.com https://*.cookiebot.com ; connect-src 'self' cdn.sanity.io cdn.equinor.com https://bcdn.screen9.com https://h61q9gi9.api.sanity.io https://tools.eurolandir.com https://inferred.litix.io/ https://*.algolia.net https://*.algolianet.com https://*.cookiebot.com https://eu-api.friendlycaptcha.eu ; child-src blob:; frame-src 'self' https://consentcdn.cookiebot.com https://lt.morningstar.com https://www.youtube.com https://vimeo.com https://sds-maintenance.com https://tools.eurolandir.com https://platform.twitter.com https://syndication.twitter.com https://vds.issgovernance.com https://*.plaii.no https://livestream.com https://*.castr.com https://pixel.as https://h61q9gi9.api.sanity.io http://localhost:3333; frame-ancestors https://studio-global-equinor-web-sites-preprod.c2.radix.equinor.com https://studio-global-equinor-web-sites-prod.c2.radix.equinor.com http://studiov3-global-development-equinor-web-sites-dev.c2.radix.equinor.com https://equinor.sanity.studio; font-src 'self' https://cdn.eds.equinor.com data:; media-src 'self' blob: https://bcdn.screen9.com https://cdn.sanity.io/ https://cdn.equinor.com/; 1
report-uri https://m.namava.ir/CSPreports; script-src blob: data 'self' 'unsafe-eval' 'unsafe-inline' namava.ir *.namava.ir https://www.namava.tv www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://stats.g.doubleclick.net www.gstatic.com http://xslt.alexa.com http://ssl.p.jwpcdn.com https://cdn.jsdelivr.net https://cdn.ampproject.org https://www.google.com https://script.crazyegg.com http://script.crazyegg.com https://ssl.widgets.webengage.com https://c.webengage.com https://static.hotjar.com https://script.hotjar.com https://www.clarity.ms https://notification.webengage.com https://www.googleoptimize.com http://optimize.google.com https://optimize.google.com https://s3.amazonaws.com https://cdn.yektanet.com https://audience-scripts.yektanet.com https://s1.mediaad.org; object-src 'self' 1
default-src 'self';script-src 'unsafe-inline' 'self' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://*.google-analytics.com *.google-analytics.com https://api.zuko.io https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://*.analytics.google.com https://stats.g.doubleclick.net;img-src 'self' data: https://fonts.gstatic.com https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com https://www.google.co.uk https://*.analytics.google.com;object-src 'none';font-src 'self' https://consent.trustarc.com https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com https://www.youtube-nocookie.com;frame-ancestors 'none';upgrade-insecure-requests;base-uri 'self' 1
default-src 'self' *.google-analytics.com *.hubspot.com *.hubapi.com *.google.com *.doubleclick.net forms.hsforms.com *.facebook.com *.youtube.com *.cookiebot.com js.hs-banner.com *.px.ads.linkedin.com *.googleapis.com *.hotjar.com ws30.hotjar.com/api/v2/client/ws ws37.hotjar.com/api/v2/client/ws vc.hotjar.io ws24.hotjar.com ws15.hotjar.com *.clarity.ms bam.nr-data.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.google.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com ssl.google-analytics.com maps.googleapis.com *.cookiebot.com js.hsforms.net forms.hsforms.com www.gstatic.com *.hubspot.com js.hs-scripts.com js.hs-banner.com js.hubspotfeedback.com js.usemessages.com js.hsleadflows.net js.hsadspixel.net js.hs-analytics.net *.facebook.net www.googleadservices.com *.sojern.com snap.licdn.com *.hotjar.com *.cloudflare.com  *.hs-scripts.com accounts.google.com *.facebook.com *.clarity.ms cdn.jsdelivr.net js-agent.newrelic.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com accounts.google.com/gsi/* accounts.google.com/gsi/style accounts.google.com *.accounts.google.com; img-src data: 'self' *.google.com *.google.es *.google.co.uk *.google.com.br *.googletagmanager.com *.google-analytics.com maps.gstatic.com maps.googleapis.com perf.hsforms.com *.hubspot.com *.facebook.com www.visitvalencia.com *.youtube.com *.adswizz.com *.doubleclick.net *.sojern.com * *.c.clarity.ms/c.gif *.c.clarity.ms; media-src 'self'; frame-src 'self' *.matterport.com *.vimeo.com *.youtube.com *.google.com *.doubleclick.net *.cookiebot.com app.hubspot.com forms.hsforms.com *.mapadeldissenyvalencia.com *.spotify.com *.hotjar.com 5897040.hs-sites.com https://valenciamusicmap.com; frame-ancestors 'self' *.escaparate-tactil.com  http://localhost; child-src 'self' blob:; font-src 'self' themes.googleusercontent.com fonts.gstatic.com 1
default-src 'self' *.unionbankph.com *.azurewebsites.net *.finchatbot.com/;                  style-src 'self' 'unsafe-inline' *.unionbankph.com *.azurewebsites.net maxcdn.bootstrapcdn.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com;                  font-src 'self' maxcdn.bootstrapcdn.com *.gstatic.com *.yellowmessenger.com;                  script-src https://*.go-mpulse.net 'self' 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net *.google.com *.facebook.net *.gstatic.com *.googletagmanager.com *.google-analytics.com *.msecnd.net *.addthis.com *.qgraph.io *.googleapis.com *.yellowmessenger.com *.youtube.com *.appsflyer.com *.criteo.com;                  frame-src 'self' blob: data: *.gstatic.com *.googleapis.com *.google.com *.youtube.com *.facebook.com *.yellowmessenger.com *.finchatbot.com/;                  connect-src https://*.go-mpulse.net https://*.akstat.io 'self' *.visualstudio.com *.google-analytics.com wss://app.yellowmessenger.com/ wss://app.yellowmessenger.com/websocket/ *.yellowmessenger.com analytics.google.com/ *.googletagmanager.com *.facebook.com *.criteo.com;                  img-src https://*.akstat.io 'self' *.unionbankph.com *.amazonaws.com *.facebook.com *.theunionbanker.com *.googleapis.com *.gstatic.com *.google-analytics.com *.githubusercontent.com data: *.yellowmessenger.com *.ytimg.com;                 media-src *.yellowmessenger.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bcucdn.azureedge.net/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://az416426.vo.msecnd.net/ https://siteimproveanalytics.com/ https://*.doubleclick.net/ https://www.youtube.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://maps.googleapis.com/ https://s.ytimg.com/ https://connect.facebook.net/ https://www.googletagservices.com/ https://www.dynamicnumbers.mediahawk.co.uk/ https://player.vimeo.com https://gt.bcu.ac.uk/ https://libanswers.bcu.ac.uk/ https://platform.twitter.com/ https://*.twimg.com/ https://www.instagram.com/ https://api3-eu.libcal.com/ https://cdn.unibuddy.co/ https://api.mapbox.com/ https://system.spektrix.com/ https://embed.expertfile.com/ https://d2mo5pjlwftw8w.cloudfront.net/  https://sjs.bizographics.com/ https://static.ads-twitter.com/ https://sc-static.net/  https://analytics.twitter.com https://*.mapbox.com  https://*.discoveruni.gov.uk https://discoveruni.gov.uk https://www.gstatic.com/ https://www.google.com/ https://snap.licdn.com https://tr.snapchat.com/ https://analytics.tiktok.com/ https://*.stackadapt.com/ https://s3.amazonaws.com/ki.js https://*.silktide.com/ https://*.riddle.com/;            style-src 'self' 'unsafe-inline' https://bcucdn.azureedge.net/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://platform.twitter.com/ https://*.mapbox.com https://gt.bcu.ac.uk/ https://*.stackadapt.com/;             img-src 'self' data: blob: https://i.ytimg.com/ https://bcu.imgix.net/ https://bcuassets.blob.core.windows.net/ https://bcucdn.azureedge.net/ https://*.gstatic.com/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.google.co.uk/ https://adservice.google.com/ https://siteimproveanalytics.com/ https://www.facebook.com/ https://secure.adnxs.com/ https://pixel.mediaiqdigital.com/ https://syndication.twitter.com/ https://*.twimg.com/ https://platform.twitter.com/ https://image.issuu.com/ https://maps.googleapis.com/ https://pool.a8723.com/ https://pool.adizio.com https://pool.admedo.com https://51623691.global.siteimproveanalytics.io/ https://*.mapbox.com/ https://px.ads.linkedin.com/ https://t.co/ https://discoveruni.gov.uk/ https://gt.bcu.ac.uk/ https://snap.licdn.com/ https://lh3.googleusercontent.com/ https://*.stackadapt.com/ https://analytics.twitter.com/;            frame-ancestors 'self' https://www.bcuinspired.com/; 1
frame-ancestors 'self' *.ebu.ch europeanperspective.net *.europeanperspective.net; 1
base-uri 'none';connect-src 'self' *.swiftype.com https://assets.westpac.co.nz https://westpacnewzealand.tt.omtrdc.net http://westpacnewzealand.tt.omtrdc.net https://smetrics.comms.westpac.co.nz https://westpacnewzealand.sc.omtrdc.net https://dpm.demdex.net https://connect.facebook.net https://www.facebook.com https://www.instagram.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://www.google.co.nz/ads/ga-audiences https://google.com https://*.google.com https://adservice.google.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://*.qualtrics.com https://analytics.tiktok.com https://*.dynatrace.com https://*.bf.dynatrace.com https://*.linkedin.oribi.io https://*.linkedin.com https://*.googlesyndication.com;default-src 'self';form-action 'self' https://*.westpac.co.nz https://*.microsoftonline.com/ https://www.facebook.com/tr/;img-src 'self' *.ytimg.com https://staticcdn.co.nz https://api.rkd.refinitiv.com https://smetrics.comms.westpac.co.nz https://westpacnewzealand.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com data: https://analytics.tiktok.com blob:;media-src 'self' data:;object-src 'none';font-src 'self' https://fonts.gstatic.com data:;upgrade-insecure-requests;style-src 'self' 'unsafe-inline' https://www.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com;script-src www.youtube.com s.ytimg.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ player.vimeo.com api.swiftype.com https://staticcdn.co.nz https://assets.adobedtm.com https://js.adsrvr.org https://insight.adsrvr.org https://*.adsrvr.org https://*.westpac.co.nz https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.qualtrics.com https://analytics.tiktok.com https://*.licdn.com 'unsafe-inline' https://maps.googleapis.com;frame-src *.youtube.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ player.vimeo.com https://staticcdn.co.nz https://insight.adsrvr.org https://*.adsrvr.org https://wnzl.demdex.net https://*.westpac.co.nz https://www.facebook.com https://*.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net bytedance: sslocal: 'self';child-src player.vimeo.com;script-src-elem https://staticcdn.co.nz https://assets.adobedtm.com https://js.adsrvr.org https://insight.adsrvr.org https://*.adsrvr.org https://*.westpac.co.nz https://smetrics.comms.westpac.co.nz http://smetrics.comms.westpac.co.nz https://code.jquery.com https://connect.facebook.net https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.qualtrics.com https://analytics.tiktok.com https://*.dynatrace.com https://*.licdn.com https://www.googleadservices.com *.google.com https://*.gstatic.com https://googleads.g.doubleclick.net https://*.googlesyndication.com 'self' 'unsafe-inline' https://maps.googleapis.com https://gateway.zscalerthree.net https://*.zscalerthree.net;report-uri https://f57dec9bb841167d21b72acf82b7adf4.report-uri.com/r/t/csp/enforce;report-to https://f57dec9bb841167d21b72acf82b7adf4.report-uri.com/r/t/csp/enforce 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-MjM4ZGNmODItODZkYi00MDViLTkzZTYtNDcxMzIxNzE1OWQ0'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'none'; child-src 'self' blob: https://*.formswift.com; connect-src 'self' https://*.formswift.com https://rs.fullstory.com https://edge.fullstory.com https://api-js.mixpanel.com https://bam-cell.nr-data.net https://bat.bing.com https://cdn.optimizely.com https://logx.optimizely.com/v1/events https://o138645.ingest.sentry.io https://translate.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://*.google.com https://google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.dropbox.com/log/ux_analytics https://cfl.dropboxstatic.com https://*.s3.amazonaws.com wss://loc-next.formswift.com/_next/webpack-hmr; font-src 'self' data: https://*.formswift.com https://fonts.gstatic.com; frame-src 'self' blob: https://*.formswift.com https://js.chargify.com https://accounts.google.com https://www.dropbox.com https://consent.dropbox.com https://snapengage.dropbox.com https://td.doubleclick.net; img-src https://* blob: data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.formswift.com https://js.chargify.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://accounts.google.com/gsi/client https://www.googleadservices.com https://www.google-analytics.com https://www.dropbox.com https://cfl.dropboxstatic.com https://www.dropbox.com/pithos/privacy_consent https://www.dropbox.com/pithos/ux_analytics https://d3pkntwtp2ukl5.cloudfront.net https://d1igp3oop3iho5.cloudfront.net https://cdn.mxpnl.com https://js-agent.newrelic.com/nr-spa-1194.min.js https://bam-cell.nr-data.net https://bat.bing.com/bat.js https://edge.fullstory.com; style-src 'self' 'unsafe-inline' https://*.formswift.com https://fonts.googleapis.com https://accounts.google.com/gsi/style https://www.googletagmanager.com/debug/badge.css https://www.gstatic.com; worker-src 'self' blob: https://*.formswift.com; report-uri https://api.formswift.com/csp-report; 1
default-src 'self' ws: *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.reactandshare.com;style-src 'self' 'unsafe-inline' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.reactandshare.com;img-src 'self' data: *.magnolia-platform.com *.cloudinary.net *.cloudfront.net *.facebook.com *.google.com *.google-analytics.com *.linkedin.com *.mapbox.com *.reactandshare.com *.siteimproveanalytics.io https://staeuwvisitfinlandp.file.core.windows.net https://stasustainabletravelp.file.core.windows.net https://saeuwstfpublicp.blob.core.windows.net *.twimg.com *.visitfinland.com vk.com;connect-src 'self' ws: *.addsearch.com *.magnolia-platform.com *.businessfinland.fi *.cookiebot.com *.doubleclick.net *.google-analytics.com *.mapbox.com *.met.no *.oribi.io *.tiktok.com;script-src 'self' blob: 'unsafe-eval';script-src-elem 'self' 'nonce-HVemA7SnN2mFu62BPe7iLw==' 'nonce-WiEtwG1WLkF5R8oPQ3O8Pw==' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.twitter.com *.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.snapchat.com *.tiktok.com *.microsoft.com *.office.com *.windows.net *.addsearch.com *.adform.net *.cookiebot.com *.hotjar.com *.licdn.com *.mapbox.com *.met.no *.oribi.io *.reactandshare.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.vimeo.com;frame-src https://* *.youtube.com *.tr.snapchat.com; 1
script-src 'self' *.hdfcsec.com *.googleapis.com *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.zopim.com *.facebook.net *.everestjs.net *.google-analytics.com *.cloudflare.com *.twitter.com *.twimg.com *.jquery.com *.bootstrapcdn.com *.zdassets.com *.izooto.com *.jsdelivr.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'  'unsafe-inline'  'unsafe-eval';  script-src https://*.optimizely.com https://optimizely.s3.amazonaws.com  https://cdn-assets-prod.s3.amazonaws.com https://cdn.optimizely.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api.ipify.org/                   https://www.banfield.com/ https://www.prod-sitecorebf-cd.cloud-effem.com/ https://unpkg.com  https://webchat.helpshift.com https://www.instagram.com https://embedsocial.com https://scontent.cdninstagram.com https://az416426.vo.msecnd.net https://*.vo.msecnd.net https://cdn.cookielaw.org https://use.typekit.net https://data.schemaapp.com https://prd01.launch.banfield.com/ http://*.g.doubleclick.net/ https://*.g.doubleclick.net/ http://*.google.com https://*.google.com https://*.alpixtrack.com/ https://*.answerscloud.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com         blob: 'self' 'unsafe-inline' 'unsafe-eval' http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://api.ipify.org/        http://www.googletagmanager.com https://www.googletagmanager.com http://www.googleadservices.com https://www.googleadservices.com http://ssl.google-analytics.com https://ssl.google-analytics.com http://connect.facebook.net https://connect.facebook.net http://www.google-analytics.com/ https://www.google-analytics.com/ http://*.googleapis.com https://*.googleapis.com http://*.cloudflare.com https://*.cloudflare.com http://*.youtube.com https://*.youtube.com http://*.iatspayments.com https://*.iatspayments.com http://*.instagram.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com              https://*.instagram.com;  connect-src https://logx.optimizely.com  https://*.optimizely.com https://logx.optimizely.com https://analytics.google.com/ https://graph.instagram.com https://*.visualstudio.com https://www.instagram.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://scontent.cdninstagram.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.prod-sitecorebf-cd.cloud-effem.com/ http://*.googleapis.com https://*.googleapis.com http://*.facebook.com https://*.facebook.com https://www.google-analytics.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://ssl.google-analytics.com/;  frame-src https://a21358250631.cdn.optimizely.com  https://a21358250631.cdn-pci.optimizely.com  https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://youtu.be https://www.youtube.com/ https://embedsocial.com https://www.youtube-nocookie.com/ https://8303955.fls.doubleclick.net/ http://8303955.fls.doubleclick.net/ https://scontent.cdninstagram.com https://prd01.launch.banfield.com/ https://webchat.helpshift.com/ https://*.webchat.helpshift.com/ https://checkout.globalgatewaye4.firstdata.com/payment https://player.vimeo.com/ https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://player.cohostpodcasting.com https://launchpad.banfield.com/ 'self' 'unsafe-inline' 'unsafe-eval' http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.facebook.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://*.facebook.com;  img-src https://cdn.optimizely.com  https://*.cdninstagram.com https://www.facebook.com https://maps.google.com https://via.placeholder.com https://www.google.com/ads/ga-audiences https://alpixtrack.com/ https://8303955.fls.doubleclick.net/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com blob: http://*.iatspayments.com https://*.iatspayments.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com 'self' 'unsafe-inline' 'unsafe-eval' data: http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://*.google-analytics.com/ https://*.google-analytics.com/ http://*.gstatic.com https://*.gstatic.com http://*.googleadservices.com https://*.googleadservices.com https://banscstore01.blob.core.windows.net https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://*.blob.core.windows.net/; media-src https://www.banfield.com/ https://player.vimeo.com/ 'self' 'unsafe-inline' 'unsafe-eval' https://vod-progressive.akamaized.net; style-src https://embedsocial.com https://instafeed.pixlee.com/ https://instafeed.assets.pixlee.com https://stackpath.bootstrapcdn.com/bootstrap/ https://stackpath.bootstrapcdn.com/font-awesome/ https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com 'self' http://*.iatspayments.com https://*.iatspayments.com https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com 'unsafe-inline' 'unsafe-eval' http://*.googleapis.com https://*.googleapis.com http://*.jquery.com https://*.jquery.com http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ http://*.fonts.net https://*.fonts.net https://reactjs.org https://*.crazyegg.com https://*.ipredictive.com https://*.onetrust.com https://cdn.jsdelivr.net; font-src https://stackpath.bootstrapcdn.com/font-awesome/ 'self' data: 'unsafe-inline' 'unsafe-eval' http://*.gstatic.com https://*.gstatic.com https://cdnjs.cloudflare.com; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: blob: 'unsafe-inline'; style-src 'self' data: blob: 'unsafe-inline' *.connatix.com; 1
script-src https: 'self' 'unsafe-eval' 'unsafe-inline' *.hudexchange.info *.cloudflare.com *.jquery.com *.googleapis.com *.gstatic.com www.googletagmanager.com www.google-analytics.com *.chimpstatic.com 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.roh.org.uk roh.global.ssl.fastly.net bam.nr-data.net bat.bing.com bs.serving-sys.com canopylabstracking.s3.amazonaws.com connect.facebook.net *.cloudfront.net intljs.rmtag.com js-agent.newrelic.com nxtck.com rules.quantcount.com secure-ds.serving-sys.com secure.quantserve.com tags.rd.linksynergy.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com https://tagmanager.google.com http://*.hotjar.com https://*.hotjar.com https://optimize.google.com https://*.bookatable.com https://youtube.com https://*.youtube.com https://static.ads-twitter.com https://analytics.twitter.com https://app.charitycheckout.co.uk https://media.imi.chat/ https://analytics.tiktok.com/ https://*.ctnsnet.com consentag.eu collector-11526.tvsquared.com https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://cdn.bitmovin.com/ https://cdn.cookielaw.org/ https://www.gstatic.com/ https://talkdeskchatsdk.talkdeskapp.com/ https://*.prospect2.com/ https://prism.app-us1.com/ https://diffuser-cdn.app-us1.com/ https://trackcmp.net/; style-src 'self' blob: 'unsafe-inline' https://cloud.typography.com https://*.googleapis.com https://static.roh.org.uk https://static.rolex.com https://optimize.google.com https://*.googleapis.com https://*.bookatable.com https://tagmanager.google.com https://youtube.com https://*.youtube.com https://media.imi.chat/ https://*.typekit.net/; object-src 'none'; worker-src blob:; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: blob: wss:; font-src https: data:; img-src https: data:; media-src https: blob:; object-src https:; frame-ancestors 'self'; frame-src https:; worker-src https: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data: blob:; manifest-src https:; form-action https:; block-all-mixed-content; upgrade-insecure-requests; report-uri https://classaction.report-uri.io/r/default/csp/enforce; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hcaptcha.com hcaptcha.com js.stripe.com mrkp-static-production.themarkup.org; style-src 'self' 'unsafe-inline' mrkp-static-production.themarkup.org https://use.typekit.net/bkw5wqf.css; img-src 'self' data:  mrkp-static-production.themarkup.org; font-src 'self' data: mrkp-static-production.themarkup.org; frame-src 'self' *.hcaptcha.com js.stripe.com datawrapper.dwcdn.net; connect-src 'self'  mrkp-static-production.themarkup.org forms.themarkup.org *.api.themarkup.org *.maptiler.com; media-src blob:  mrkp-static-production.themarkup.org; worker-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de blob:; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.eventit.de *.akamaized.net *.cloudfront.net dist-vid-blaze.s3.eu-central-1.amazonaws.com *.vimeocdn.com vimeo.com data.w52.com data: blob:; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.slidesync.com slidesync.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.webcast-eqs.com export.highcharts.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com dist-vid-blaze.s3.eu-central-1.amazonaws.com *.vimeocdn.com vimeo.com data.w52.com blob: data:; worker-src 'self' 'unsafe-inline' 'unsafe-eval' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io blob:; child-src 'self' *.youtube.com *.youtube-nocookie.com *.walls.io walls.io *.slidesync.com slidesync.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com blob: data:; style-src 'self' 'unsafe-inline' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; font-src 'self' data: *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pusher.com walls.io *.walls.io *.slidesync.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com dist-vid-blaze.s3.eu-central-1.amazonaws.com *.vimeocdn.com vimeo.com *.youtube.com data.w52.com blob:; img-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.stage.eventit.de *.vimeocdn.com vimeo.com *.youtube.com *.ytimg.com data.w52.com data data:; object-src 'self' *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com; connect-src 'self' ws: *.pusher.com *.daimlertruck.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com *.akamaized.net dist-vid-blaze.s3.eu-central-1.amazonaws.com *.cloudfront.net *.vimeocdn.com vimeo.com data.w52.com blob:; frame-ancestors 'self' file://* social.cloud.tbintra.net *.daimlertruck.com *.mercedes-benz-trucks.com *.equitystory.com *.eqs.com eqs-cockpit.com *.usercentrics.eu *.podigee-cdn.net *.podigee.io *.gomexlive.com 1
frame-ancestors 'self' https://store-qa2.enphase.com https://store.enphase.com/; report-uri https://enphase.com/report-uri/enforce 1
default-src *;frame-src * data: https://connect.trezor.io/* https://connect.trezor.io/;img-src * data:;script-src 'unsafe-eval' blob: 'unsafe-inline' *;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' one.org *.one.org; img-src 'self' *.one.org *.googletagmanager.com data: http: https: https://optimize.google.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.one.org *.vimeo.com *.cloudflareaccess.com *.cloudflare.com *.tiktok.com *.ibytedtos.com *.tiktokcdn.com *.googleadservices.com *.doubleclick.net *.gstatic.com  *.clarity.ms *.bing.com *.crazyegg.com *.instagram.com *.google.com stats.wp.com scripts.simpleanalyticscdn.com googletagmanager.com unpkg.com *.googletagmanager.com *.googleadservices.com optimize.google.com www.google-analytics.com www.googleoptimize.com ajax.googleapis.com *.twitter.com yoast.com one.actionkit.com connect.facebook.net snap.licdn.com cdn.simpleanalytics.io static.ads-twitter.com public.flourish.studio cdn.flourish.rocks *.ampproject.org *.newmode.net blog.apps.npr.org *.shpg.org *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.greenhouse.io *.usercentrics.com *.kameleoon.eu *.usercentrics.eu data: ;style-src 'self' *.one.org https://optimize.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io *.cloudflareaccess.com *.tiktokcdn.com https://www.google.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.one.org s0.wp.com https://fonts.gstatic.com data:; frame-src 'self' blob: https://flo.uri.sh/ https://*.google.com/ wp.freemius.com *.spotify.com *.tiktok.com *.apple.com *.vimeo.com app.usercentrics.eu https://optimize.google.com https://www.facebook.com *.one.org https://www.youtube.com *.youtube-nocookie.com *.instagram.com *.greenhouse.io *.twitter.com *.newmode.net *.doubleclick.net; connect-src 'self' http: https: https://www.google-analytics.com; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.ie https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.ie https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.ie;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.ie  https://smetrics.vwfs.ie https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.ie;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.ie https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.ie https://smetrics.vwfs.ie https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://online.flowpaper.com;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com analytics.tiktok.com *.geckochat.io *.geckoform.com www.youvisit.com connect.facebook.net tr.snapchat.com sc-static.net *.googleapis.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com libraryh3lp.com *.digitalmeasures.com *.visitdays.com *.cloudflare.com *.cloudflareinsights.com *.shopwindow.io *.licdn.com *.app-us1.com script.crazyegg.com platform.twitter.com *.twimg.com *.libwizard.com *.libapps.com unpkg.com cdn.jsdelivr.net js-agent.newrelic.com bam.nr-data.net *.cloudfront.net utc886.activehosted.com trackcmp.net *.fontawesome.com *.monsido.com *.adsrvr.org *.clarity.ms *.utc.edu utchatt.h5p.com sveltecredentialvalidation.pages.dev www.redditstatic.com *.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.geckochat.io *.geckoform.com *.visitdays.com *.fontawesome.com *.googleapis.com *.google.com *.gstatic.com  *.safetyhandler.com *.shopwindow.io *.digitalmeasures.com platform.twitter.com unpkg.com *.monsido.com *.utc.edu utchatt.h5p.com sveltecredentialvalidation.pages.dev *.googletagmanager.com; img-src 'self' data: trck.youvisit.com *.geckochat.io *.geckoform.com www.facebook.com tr.snapchat.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.utc.edu  *.safetyhandler.com *.shopwindow.io *.ads.linkedin.com *.adsymptotic.com *.digitalmeasures.com libapps.s3.amazonaws.com se-images.campuslabs.com *.twimg.com platform.twitter.com www.linkedin.com *.monsido.com alb.reddit.com analytics.tiktok.com *.clarity.ms d3e1o4bcbhmj8g.cloudfront.net googleads.g.doubleclick.net i0.wp.com localist-images.azureedge.net secure.adnxs.com stats.g.doubleclick.net *.bing.com *.utc.edu staticmap.concept3d.com *.googleusercontent.com utchatt.h5p.com syndicatedsearch.goog *.adsensecustomsearchads.com; media-src 'self' *.geckochat.io *.geckoform.com *.safetyhandler.com *.digitaloceanspaces.com *.contentdm.oclc.org *.utc.edu *.vimeo.com fred.stlouisfed.org utchatt.h5p.com; frame-src 'self' *.youvisit.com tr.snapchat.com iframe.utc.edu digital-collections.library.utc.edu libraryh3lp.com *.google.com *.googlesyndication.com *.googletagmanager.com *.youtube.com *.youtu.be *.issuu.com iframe.videodelivery.net *.concept3d.com platform.twitter.com syndication.twitter.com *.libwizard.com yoshki.com *.monsido.com *.powerbi.com *.adsrvr.org td.doubleclick.net www.facebook.com youtube-nocookie.com *.youtube-nocookie.com *.utc.edu *.visitdays.com map.concept3d.com *.vimeo.com fred.stlouisfed.org utchatt.h5p.com dashboard.utccuip.com *.kaltura.com airtable.com issuu.com syndicatedsearch.goog *.adsensecustomsearchads.com igtlab.maps.arcgis.com; frame-ancestors 'self' *.googletagmanager.com *.libwizard.com *.utc.edu *.utccloud.com *.monsido.com *.vimeo.com fred.stlouisfed.org utchatt.h5p.com dashboard.utccuip.com *.kaltura.com airtable.com issuu.com syndicatedsearch.goog *.adsensecustomsearchads.com igtlab.maps.arcgis.com; child-src 'self' blob: iframe.utc.edu digital-collections.library.utc.edu libraryh3lp.com *.google.com *.googletagmanager.com *.youtube.com *.youtu.be *.issuu.com iframe.videodelivery.net *.concept3d.com platform.twitter.com syndication.twitter.com *.libwizard.com yoshki.com *.fontawesome.com *.utc.edu *.vimeo.com fred.stlouisfed.org dashboard.utccuip.com *.kaltura.com airtable.com issuu.com syndicatedsearch.goog *.adsensecustomsearchads.com igtlab.maps.arcgis.com; font-src 'self' data: *.geckochat.io *.geckoform.com *.fontawesome.com fonts.googleapis.com fonts.gstatic.com *.safetyhandler.com *.utc.edu; connect-src 'self' ws: *.geckochat.io *.geckoform.com *.withgoogle.com *.facebook.com *.crazyegg.com analytics.tiktok.com *.google.com *.googleapis.com libraryh3lp.com secure.cecredentialtrust.com:* *.utc.edu *.visitdays.com *.shopwindow.io *.safetyhandler.com script.crazyegg.com *.digitalmeasures.com *.google-analytics.com *.doubleclick.net bam.nr-data.net conversations.app-us1.com realtime.ably.io *.fontawesome.com *.monsido.com *.clarity.ms *.ads.linkedin.com *.snapchat.com www.redditstatic.com *.utc.edu; report-uri https://utchattanooga.report-uri.com/r/d/csp/reportOnly; upgrade-insecure-requests 1
default-src *;child-src https:;font-src * data:;img-src * data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:;frame-ancestors 'self' https://*.stetson.edu 1
'nonce-ZkLIEHJAbStM9kx-MqDXZQAAAQY';frame-ancestors 'self' bbh.com bbhluxembourgfunds.com bbhfunds.com brightcove.com brightcove.net *.bbh.com *.eglobalcustody.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://files.cdn.leadfamly.com https://publiccontact.danskebank.dk https://consent.cookiebot.com https://app.mouseflow.com https://eu.mouseflow.com https://cdn.mouseflow.com https://s2.adform.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com *.danskebank.dk https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com maps.googleapis.com fonts.googleapis.com imasdk.googleapis.com fonts.gstatic.com maps.gstatic.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net danskebank.112.2o7.net www.facebook.com staticxx.facebook.com connect.facebook.net cdn.tt.omtrdc.net danskebank.tt.omtrdc.net https://dpm.demdex.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://eum.danskebank.com https://owner-service-dev.sunday.dk https://api.june.dk https://api.test.june.dk syst-services.sunday.dk services.sunday.dk https://beregnerservice.klogem2.dk https://widget.penni-connect.io https://cdn.penni-connect.io *.googlesyndication.com; object-src 'self' *.danskebank.dk video.qbrick.com; frame-src 'self' https://td.doubleclick.net https://sparenergi.dk *.zenegy.com https://prodindigocommon.blob.core.windows.net https://energihjem.dk https://campaign-zone-1.api.leadfamly.com https://danske-bank.leadfamly.com https://9821160.fls.doubleclick.net https://shared-logon.danskebank.com https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net *.danskebank.dk https://rd.dk https://priips.danskebank.com https://www.danskeinvest.dk https://android.com https://windowsphone.com video.qbrick.com *.danid.dk https://www.google.com www.facebook.com staticxx.facebook.com web.facebook.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://onlineapi.danskenet.com:8600 https://app.sli.do; frame-ancestors 'self' https://rd.dk https://danskebank.pp.mitid.dk; 1
default-src 'self' https://api.observablehq.com https://events.observablehq.com https://static.observablehq.com https://observablehq.com https://*.static.observableusercontent.com; connect-src 'self' https://api.observablehq.com https://events.observablehq.com https://static.observablehq.com wss://ws.observablehq.com https://connector.observableusercontent.com https://js.stripe.com https://*.ingest.sentry.io https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net/j/collect https://www.googleapis.com https://*.googletagmanager.com https://graph.microsoft.com https://*.clarity.ms https://api.openai.com https://*.contentful.com https://sdk.iad-05.braze.com https://*.ads.linkedin.com https://cdn.linkedin.oribi.io https://www.redditstatic.com https://conversions-config.reddit.com; font-src https://fonts.gstatic.com https://use.fontawesome.com; frame-ancestors 'none'; frame-src https://observablehq.com https://observablehq.com/embed/ https://*.static.observableusercontent.com https://js.stripe.com https://www.youtube.com/embed/ https://docs.google.com data: blob:; img-src https://api.observablehq.com https://*.static.observableusercontent.com https://static.observablehq.com https://observablehq.com https://*.githubusercontent.com https://*.stripe.com https://avatars.observableusercontent.com https://avatars-next.observableusercontent.com https://*.google-analytics.com https://www.google.com/ads/ga-audiences https://*.googletagmanager.com https://*.ads.linkedin.com https://*.clarity.ms https://*.bing.com static.observableusercontent.com https://images.ctfassets.net https://alb.reddit.com https://appboy-images.com https://braze-images.com https://cdn.braze.eu https://*.amazonaws.com data: blob:; manifest-src 'none'; media-src https://static.observablehq.com https://videos.ctfassets.net; object-src 'none'; script-src 'self' 'sha256-ERfeEwC9NC9b9t4L2Qp3/yGGgUmFfGH8pIR8kI04FUM=' 'sha256-UJ7XRVoD2oZRK3RRMLdPrdHA+LguX3UEXAZ6hVbuYIk=' 'sha256-E8fjaxUWJTzw+p0U0obCJnciUlgSrzubZcmiKi7SR6c=' 'sha256-g7o+8EOFBiI0+GgtiBaQ0yy0tWJ7XM5PfA6GFm61bw8=' https://static.observablehq.com https://www.googleapis.com https://apis.google.com https://*.googletagmanager.com https://js.stripe.com https://*.clarity.ms https://snap.licdn.com https://js.appboycdn.com https://www.redditstatic.com; style-src https://static.observablehq.com https://observablehq.com https://fonts.googleapis.com https://use.fontawesome.com 'unsafe-inline'; worker-src https://observablehq.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src * data:; object-src 'self'; frame-ancestors 'self' *.uillinois.edu *.uis.edu 1
frame-ancestors 'self' https://tongji.baidu.com; 1
frame-ancestors 'self' https://price.com.hk https://*.price.com.hk 1
frame-ancestors 'self' https://legacyshield.com https://www.legacyshield.com https://hotfix.legacyshield.com https://test049.legacyshield.com https://lsapp.legacyshield.com https://getzuby.com https://staging.getzuby.com https://www.assistancedocs.com https://testing.connectedinvestors.com https://connectedinvestors.com https://www.furnishedfinder.com https://www.keycheck.com https://dev18.furnishedfinder.com https://dev18.keycheck.com https://www.lawyerless.com.au/ https://lawyerless.com.au http://local.lawyerless.com.au/ https://www.american-apartment-owners-association.org/ https://www.tenantalert.com/ https://secure.american-apartment-owners-association.org/ https://aragdc.eyelightdev.ca https://members.dginstitute.com.au https://members-beta.dginstitute.com.au https://members.dginstitute.co/ https://members-beta.dginstitute.co/ https://honcho.com.au https://classic.honcho.com.au https://honcho.com.au:8080 https://classic.honcho.com.au:8080 http://app.loc.srv:18002 https://hon.dev-t-syd.honcho.be http://hon.dev-t-syd.honcho.be https://infinitedocs.com http://affiliateprototype.lawdepot.com https://members-beta.propertylovers.com.au https://members.propertylovers.com.au https://www.lawpassport.com https://lawpassport.com https://affiliate.lawdepot.com https://law-passport.vercel.app https://app.lawpassport.com https://app.rentrisk.com https://dev.rentrisk.com https://demo.rentrisk.com 3.12.243.69 3.23.201.221 3.141.76.184; 1
default-src 'self' *.abanca.io llamamegratis.es/ suite.conver.fit/ privacyportal-de.onetrust.com https://abancawt.infobolsa.es https://abancawt.bmeinntech.es *.2o7.net *.omtrdc.net *.tt.omtrdc.net https://assets.adobedtm.com *.adobe.com smetrics.abanca.com metrics.abanca.com smetrics.cuentasclaras.es metrics.cuentasclaras.es target.abanca.com target.cuentasclaras.com https://c.bing.com *.clarity.ms *.mouseflow.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.abanca.io llamamegratis.es/ suite.conver.fit/ www.google-analytics.com maps.googleapis.com cdnjs.cloudflare.com abanca.inbenta.com www.googletagmanager.com cdn.cookielaw.org code.jquery.com cstatic.weborama.fr www.google-analytics.com www.googleadservices.com static.ads-twitter.com bat.bing.com connect.facebook.net analytics.twitter.com googleads.g.doubleclick.net optimize.google.com platform.twitter.com cdn.syndication.twimg.com tagmanager.google.com ssl.google-analytics.com www.google.com az416426.vo.msecnd.net geolocation.onetrust.com https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://cdn.tt.omtrdc.net https://activitymap.adobe.com *.opinator.com cloud.weborama.design sdk.inbenta.io acdn.adnxs.com resources.digital-cloud.medallia.eu https://c.bing.com *.clarity.ms *.kampyle.com *.medallia.eu opticksprotection.com analytics.tiktok.com *.mouseflow.com;style-src 'self' 'unsafe-inline' *.abanca.io llamamegratis.es/ suite.conver.fit/ fonts.googleapis.com cdnjs.cloudflare.com abanca.inbenta.com cdn.cookielaw.org optimize.google.com cdn.abanca.io platform.twitter.com *.twimg.com tagmanager.google.com https://cdn.tt.omtrdc.net sdk.inbenta.io *.kampyle.com y *.medallia.eu;img-src 'self' *.doubleclick.net *.abanca.io *.googlesyndication.com inbenta.com static-or00.inbenta.com llamamegratis.es/ suite.conver.fit/ www.google-analytics.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net insight.adsrvr.org cdn.abanca.io data: t.co bat.bing.com www.google.com www.google.es www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.googletagmanager.com i.ytimg.com optimize.google.com *.staticflickr.com *.staticflickr.com syndication.twitter.com *.twimg.com platform.twitter.com contenidos.infobolsa.es contenidos.bmeinntech.es ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net tbl.tradedoubler.com *.blob.core.windows.net staticcdn.ald-automotive.es cdn.cookielaw.org https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.omtrdc.net smetrics.abanca.com metrics.abanca.com smetrics.cuentasclaras.es metrics.cuentasclaras.es target.abanca.com target.cuentasclaras.com scene7.com *.clarity.ms *.opinator.com *.adnxs.com *.kampyle.com y *.medallia.eu opticksstatic.com *.mouseflow.com;media-src 'self' www.abanca.io inbenta.com static-or00.inbenta.com cdn.abanca.io;font-src 'self'  *.abanca.io llamamegratis.es/ suite.conver.fit/ fonts.gstatic.com abanca.inbenta.com cdn.abanca.io cdn.inbenta.io *.kampyle.com y *.medallia.eu *.mouseflow.com;frame-src 'self' *.doubleclick.net www.youtube-nocookie.com llamamegratis.es mediadiamondes.solution.weborama.fr optimize.google.com www.facebook.com maps.google.com www.google.com www.youtube.com platform.twitter.com syndication.twitter.com w.soundcloud.com bid.g.doubleclick.net *.fls.doubleclick.net https://*.demdex.net esredegal1.solution.weborama.fr https://activitymap.adobe.com/ *.opinator.com *.kampyle.com y *.medallia.eu *.mouseflow.com;connect-src 'self' *.googlesyndication.com *.abanca.io api.abanca.com www.google-analytics.com *.infobolsa.es *.bmeinntech.es suite.conver.fit privacyportal-de.onetrust.com api-stratos-test.azurewebsites.net aldesmarvin.blob.core.windows.net dc.services.visualstudio.com api-stratos.aldes.io api-stratos-sbx.aldes.io cdn.cookielaw.org stats.g.doubleclick.net https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com *.omtrdc.net smetrics.abanca.com wf.frontend.weborama.fr ams3.digitaloceanspaces.com api.inbenta.io *.clarity.ms api-gce2.inbenta.io cookies-data.onetrust.io *.kampyle.com y *.medallia.eu region1.google-analytics.com region1.analytics.google.com opticksprotection.com analytics.tiktok.com cdp.abanca.com cdpdev.abanca.com maps.googleapis.com *.mouseflow.com geolocation.onetrust.com;base-uri 'self';child-src 'self' *.mouseflow.com;object-src 'none' 1
script-src 'self' https: 'strict-dynamic' 'nonce-RysOoBRYYRMf1OufXlO8XSNMIixi2jHzYCQ2M09N8Ok=' https://embed.zenn.studio/js/listen-embed-event.js www.googletagmanager.com https://cdn.jsdelivr.net/npm/katex/dist/katex.min.js;object-src 'none';base-uri 'none';report-uri https://asia-northeast1-zenn-dev-production.cloudfunctions.net/csp-logger; 1
frame-ancestors 'self' https://enterprisecarsales.my.salesforce.com https://login.salesforce.com https://enterprisecarsales.lightning.force.com 1
default-src ws: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' eventcinemas.com.au *.eventcinemas.com.au *.americanexpress.com *.android.com *.braintree-api.com *.braintreegateway.com *.braze.com *.byspotify.com *.cardinalcommerce.com *.cloudflare.com *.cloudflareaccess.com *.cloudfront.net *.doubleclick.net *.eventcinemas.co.nz *.eventcinemas.com.au *.facebook.com *.fontawesome.com *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.imdb.com *.instagram.com *.kaptcha.com *.movio.co *.mycardsecure.com *.parlourlane.com *.paypal.com *.paypalobjects.com *.quantcount.com *.quantserve.com *.rialto.co.nz *.rokt.com *.rsa3dsauth.co.uk *.rydges.com *.shift72.com *.spotify.com *.stripe.com *.tiktok.com *.typekit.net *.unpkg.com *.vimeo.com *.wp.com *.wufoo.com *.wufoo.eu *.youtube.com adservice.google.de adservice.google.fr americanexpress.com analytics.pangle-ads.com analytics.tiktok.com android.com attestation.android.com bam.nr-data.net braze.com cardinalcommerce.com cdn.honey.io cloudflare.hcaptcha.com cloudfront.net code.jquery.com connect.facebook.net dggwxdl5oqubl.cloudfront.net eventcinemas.com.au fontawesome.com google.com googletagmanager.com i.ytimg.com instagram.com js-agent.newrelic.com js.appboycdn.com kg668dbov0.execute-api.us-east-1.amazonaws.com mycardsecure.com parlourlane.com participant.connect.ap-southeast-2.amazonaws.com paypal.com rsa3dsauth.co.uk secure7.arcot.com securepubads.g.doubleclick.net sharepointonline.com shift72.com spotify.com stripe.com tiktok.com typekit.net unpkg.com vimeo.com wp.com www.aexp-static.com www.googletagmanager.com www.googletagservices.com www.moonlight.com.au www.surveymonkey.com; frame-src *; object-src 'none'; img-src 'self' https: data: blob:;  upgrade-insecure-requests; report-uri https://evtgroup.report-uri.com/r/t/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.google.com/ https://*.google.com/ https://www.facebook.com/ https://www.google.ca/ https://dev.visualwebsiteoptimizer.com/ https://*.clarity.ms/ https://*.moneris.com/ https://cookie-cdn.cookiepro.com/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ https://twitter.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://maxcdn.bootstrapcdn.com/ https://acuityplatform.com/ https://bat.bing.com/bat.js https://cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js https://snap.licdn.com https://www.clarity.ms/ https://bat.bing.com/ https://www.gstatic.com https://secure.data-insight365.com/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ https://pagead2.googlesyndication.com/ https://*.garda.com https://fournitures.tv.garda.com https://clarity.microsoft.com https://www.indexexchange.com https://casalemedia.com https://*.liadm.com/ https://doubleclick.net https://vimeo.com https://www.linkedin.com https://s7.addthis.com https://liadm.com https://www.bing.com https://demdex.net https://pubmatic.com/ https://*.pardot.com https://yahoo.com https://*.yahoo.com https://www.eyeota.com/ https://eyeota.net https://www.advertising.yahooinc.com/ https://advertising.com http://agkn.com https://tapad.com http://adnxs.com https://www.addthis.com http://pro-market.net https://bidswitch.net https://*.bing.com/ https://www.salesforce.com https://www.oracle.com https://bluekai.com https://www.mediamath.com https://mathtag.com https://*.demdex.net https://business.adobe.com https://connect.facebook.net/ https://static.ads-twitter.com/ https://*.nr-data.net https://www.nr-data.net https://*.newrelic.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net/ https://geolocation.onetrust.com/ https://privacyportal.cookiepro.com/ https://www.google-analytics.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://*.doubleclick.net/ https://*.google.ca https://*.google.co.uk https://*.google.fr https://*.google.co.in https://*.google.co.ke https://*.google.pl https://*.google.co.tz https://*.google.de data: https://ad.doubleclick.net https://bat.bing.com https://www.linkedin.com/ https://rt.newswire.ca https://i.ytimg.com/ https://maps.gstatic.com/ https://mma.prnewswire.com/ https://c212.net/ https://pixel.mathtag.com/ https://*.bing.com https://t.co/ https://analytics.twitter.com/ https://fonts.gstatic.com https://td.doubleclick.net https://10644070.fls.doubleclick.net/ https://cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com blob:; manifest-src 'self'; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://c197f2682cc60d2edc7ca183b2a9af96.report-uri.com/r/d/csp/enforce 1
child-src gw-cmdm.x5.ru 'self' ru.id.group-ib.com static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru id.x5.ru www.youtube.com https://dzen.ru/ https://vk.com/; frame-ancestors 'self'; frame-src 'self' ru.id.group-ib.com id.x5.ru *.adfox.ru www.youtube.com https://dzen.ru/ https://vk.com/ yastatic.net *.yandex.ru yandexadexchange.net *.yandexadexchange.net 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru; style-src 'self' 'unsafe-inline' static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru *.adfox.ru yastatic.net 'unsafe-eval' https://*.mindbox.ru; object-src 'none'; img-src 'self' blob: data: photos.okolo.app static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru *.adfox.ru https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://top-fwz1.mail.ru https://mc.yandex.ru *.yandex.ru yandex.ru *.yandex.net i.ytimg.com 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru https://*.google.com https://*.google.by https://*.google.ru https://*.google.kz p.food.ru; font-src 'self' data: static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru yastatic.net https://host.mailfit.com/ 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.static-food-2.ru static-food.ru food.ru cdn.food.ru api.food.ru *.adfox.ru code.createjs.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://top-fwz1.mail.ru https://personalization-web-stable.mindbox.ru https://api.mindbox.ru https://mc.yandex.ru http://yandex.ru/ https://yastatic.net/ yastatic.net *.yandex.ru yandex.ru https://host.mailfit.com/ https://*.mindbox.ru; connect-src 'self' static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru sentry-do.x5.ru id.x5.ru *.adfox.ru code.createjs.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.google-analytics.com https://top-fwz1.mail.ru https://personalization-web-stable.mindbox.ru https://api.mindbox.ru https://mc.yandex.ru yastatic.net *.yandex.ru yandex.ru https://host.mailfit.com/ 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru https://*.google.com https://*.google.by https://*.google.ru https://*.google.kz; media-src static-food.ru static.static-food-2.ru food.ru cdn.food.ru api.food.ru 'self' id.x5.ru *.adfox.ru yastatic.net *.yandex.ru yandex.ru *.yandex.net 'unsafe-inline' 'unsafe-eval' https://*.mindbox.ru; worker-src food.ru; report-uri https://sentry-do.x5.ru/api/931/security/?sentry_key=d534813ae9f44863a4b44cc5646e5170&sentry_environment=production; 1
frame-ancestors 'self' http://stfrontdeskstg.smartone.com http://stfrontdesk.smartone.com http://smartone-pro.redso.com.hk https://smartone-pro.redso.com.hk https://smartoneplus.s-rewards.hk 1
default-src 'self'; connect-src 'self' https://*.flyedelweiss.com/ https://chat131.realperson.de/ *.g.doubleclick.net/ *.google-analytics.com/ https://viewlicense.adobe.io/ https://s7g10.scene7.com/ https://edelweiss.scene7.com/ https://www.facebook.com/ https://www.facebook.com/tr/ https://*.cookiefirst.com https://*.googleapis.com https://pagead2.googlesyndication.com/ https://www.google.com/pagead/ *.google.com https://*.gstatic.com data: blob:; font-src 'self' data: https://fonts.gstatic.com/ *.googleapis.com/; frame-src 'self' https://*.youtube.com/embed/ https://acrobatservices.adobe.com/ https://*.youtube-nocookie.com/ https://chat131.realperson.de/ https://www.facebook.com/ https://www.googletagmanager.com/ *.doubleclick.net/ *.google.com https://*.flyedelweiss.com/; img-src 'self' 'unsafe-inline' blob: data: https://edelweiss.scene7.com/ https://s7g10.scene7.com/ https://*.flyedelweiss.com/ https://ssl.gstatic.com/ https://chat131.realperson.de/ *.google-analytics.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://*.google.com/ https://*.google.ch https://*.ytimg.com/ *.gstatic.com/ *.googleapis.com/ https://lh3.ggpht.com/ https://*.plusgrade.com/ https://*.doubleclick.net/ https://consent.cookiefirst.com https://static.cookiefirst.com https://ade.googlesyndication.com; media-src 'self' https://www.youtube.com/; object-src 'self' https://www.youtube.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.flyedelweiss.com/ https://tag.manager.google.com/ *.googletagmanager.com/ https://tagmanager.google.com/ https://polyfill.io/ https://code.jquery.com/ https://chat131.realperson.de/ *.google-analytics.com/ *.g.doubleclick.net/ *.facebook.net/ https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://*.plusgrade.com/ https://consent.cookiefirst.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.flyedelweiss.com/ https://acrobatservices.adobe.com/ https://tag.manager.google.com/ *.googletagmanager.com/ https://polyfill.io/ https://code.jquery.com/ https://cdn.pannellum.org/ https://documentservices.adobe.com/ https://chat131.realperson.de/ https://tagmanager.google.com/ *.google-analytics.com *.g.doubleclick.net/ *.facebook.net/ https://*.google.com *.googleapis.com/ https://*.plusgrade.com/ https://consent.cookiefirst.com https://*.gstatic.com/; style-src 'self' 'unsafe-inline' https://*.flyedelweiss.com/ https://cdn.pannellum.org/ https://documentservices.adobe.com/ https://chat131.realperson.de/ https://fonts.googleapis.com https://*.plusgrade.com/ https://consent.cookiefirst.com; frame-ancestors 'self' https://flyedelweiss.com https://*.flyedelweiss.com/ https://author-p91302-e802904.adobeaemcloud.com/ https://author-p91302-e804188.adobeaemcloud.com/ https://author-p91302-e804189.adobeaemcloud.com/ https://publish-p91302-e802904.adobeaemcloud.com/ https://publish-p91302-e804188.adobeaemcloud.com/ https://publish-p91302-e804189.adobeaemcloud.com/; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob: 1
script-src 'self' 'nonce-OnXrRaMUm2' 'strict-dynamic' https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleoptimize.com https://cse.google.com https://www.google.com/cse/static https://staging2.webwinkelkeur.nl https://js.hellomedian.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://dashboard.webwinkelkeur.nl https://www.googleoptimize.com https://www.googleapis.com https://*.clarity.ms/collect https://ljj3ynf0ak.execute-api.eu-west-1.amazonaws.com/prod/isp-data https://cdn.linkedin.oribi.io https://*.belco.io wss://*.belco.io https://belco-prod.s3-eu-central-1.amazonaws.com/ https://js.hellomedian.com https://cdn.hellomedian.com https://hlg.tokbox.com/prod/ wss://socket.hellomedian.com https://staging2.webwinkelkeur.nl; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://tagmanager.google.com https://d2bnxibecyz4h5.cloudfront.net https://www.google-analytics.com/analytics.js https://static.cdn.prismic.io/prismic.js; connect-src 'self' https://www.google-analytics.com https://surveygizmobeacon.s3.amazonaws.com https://world-community-grid.cdn.prismic.io https://world-community-grid.prismic.io/api/v2; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com  https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; img-src * data:; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://www.surveygizmo.com https://world-community-grid.prismic.io/; 1
frame-ancestors 'self' indiedb.com *.indiedb.com 1
default-src 'self' *.bobcat.com;connect-src 'self' *.bobcat.com *.cludo.com wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.bobcatcms.online *.bobcat-china.cn https://dibh-dev-dxp-bobcat-forms.s3.us-east-1.amazonaws.com *.linkedin.com *.linkedin.oribi.io https://plausible.io *.crazyegg.com *.dibhids.net *.dice-tools.com *.flowpaper.com *.smartlook.cloud *.luigisbox.com *.googleapis.com *.googlesyndication.com *.sharethis.com *.crwdcntrl.net *.evergage.com *.cookiepro.com *.onetrust.com *.cloudinary.com *.serving-sys.com *.google-analytics.com *.doubleclick.net *.snapchat.com *.tiktok.com *.facebook.com *.elfsight.com *.google.com *.linkedin.com;img-src 'self' data: blob: cloudinary: *.cloudinary.com *.cludo.com *.bobcatcms.online *.googleapis.com *.bobcat.com *.bing.com *.linkedin.com *.flowpaper.com https://flowpaper.com *.bobcat-china.cn *.sharethis.com *.cookiepro.com *.facebook.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.elfsightcdn.com *.simpli.fi *.ytimg.com https://um.simpli.fi https://cm.g.doubleclick.net https://www.googleadservices.com https://aa.agkn.com https://sync.intentiq.com https://pixel.tapad.com https://simplifi.partners.tremorhub.com https://eb2.3lift.com https://image2.pubmatic.com https://ads.stickyadstv.com https://d.agkn.com https://loadm.exelator.com https://ups.analytics.yahoo.com https://sync.bfmio.com https://stags.bluekai.com https://ce.lijit.com https://idsync.rlcdn.com https://bcp.crwdcntrl.net https://sync.search.spotxchange.com https://pixel.rubiconproject.com https://pippio.com https://us-u.openx.net https://ib.adnxs.com https://fei.pro-market.net 'unsafe-inline' 'unsafe-eval';media-src 'self' blob: *.cloudinary.com *.bobcat-china.cn;script-src 'self' *.bobcat.com *.pulseinsights.com https://plausible.io *.crazyegg.com *.adsrvr.org *.elfsightcdn.com *.hotjar.com *.cludo.com *.smartlook.com *.typeform.com *.flowpaper.com https://snap.licdn.com *.snapchat.com *.sharethis.com *.googleapis.com https://bobcatbackyardmakeover-staging.azurewebsites.net *.evgnet.com https://tag.simpli.fi https://i.simpli.fi *.simpli.fi *.luigisbox.com *.googleoptimize.com *.cookiepro.com *.youtube.com *.elfsight.com *.google.com *.gstatic.com *.know-where.com *.cloudinary.com https://unpkg.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.facebook.net *.bing.com *.serving-sys.com https://sc-static.net *.tiktok.com *.redditstatic.com 'unsafe-inline' 'unsafe-eval';style-src 'self' *.bobcat.com *.cloudinary.com *.cludo.com *.typeform.com *.luigisbox.com *.googleapis.com *.google.com *.googletagmanager.com https://unpkg.com 'unsafe-inline';object-src 'none';font-src 'self' data: *.bobcat.com *.hotjar.com *.gstatic.com;frame-src 'self' *.dibhids.net *.dice-tools.com *.cloudinary.com https://go.doosanportablepower.com *.adsrvr.org *.youtube-nocookie.com https://bobcatbackyardmakeover-staging.azurewebsites.net https://formsmarts.com *.google.com *.typeform.com *.flowpaper.com *.sharethis.com *.know-where.com *.office.com *.snapchat.com *.facebook.com https://bobcatforms.com https://bobcatcms.online *.bobcatcms.online *.doubleclick.net *.youtube.com;frame-ancestors 'self' https://bobcatbackyardmakeover-staging.azurewebsites.net https://formsmarts.com;worker-src 'self' blob: ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://lifeinsurance.adityabirlacapital.com/ https://cdn.indixital.com/indtl.js/ https://abconeprod.azureedge.net/ https://abcscprodslot.azureedge.net/ https://snap.licdn.com/ https://unpkg.com/ https://maxcdn.bootstrapcdn.com/ https://*.clarity.ms/ https://mc-7269550f-7fea-49f6-9700-1713-cd.azurewebsites.net/ https://*.azurewebsites.net/ https://wafs.mfilterit.net/ https://apis.mapmyindia.com/ https://https-lifeinsurance-adityabirlacapital-com.disqus.com/ https://in1.wzrkt.com/ http://www.googleadservices.com/ https://www.videocx.io/ https://mc-7269550f-7fea-49f6-9700-1713-cd2-s1.azurewebsites.net/ https://abcany.allincall.in/ https://d2r1yp2w7bby2u.cloudfront.net/ http://cdn.appdynamics.com/ https://cdn.appdynamics.com/ https://l.sharethis.com/ https://bid.g.doubleclick.net/  http://bom-col.eum-appdynamics.com/ https://bom-col.eum-appdynamics.com/ https://buttons-config.sharethis.com/ https://*.notifyvisitors.com/ https://script.mfilterit.net/ https://aiccobrowsing.insideabc.com/  http://cdn.notifyvisitors.com/ https://static1.litmusworld.com/ https://anywhereservice.adityabirlasunlifeinsurance.com/ https://bat.bing.com/ https://s.yimg.com/  https://t.sharethis.com/ https://w.soundcloud.com/ https://s3-eu-west-1.amazonaws.com/ http://ajax.googleapis.com/ https://code.jquery.com/ https://ajax.googleapis.com/ https://heatmaps.notifyvisitors.com/ https://staticpg.paytm.in/ https://securegw.paytm.in/ https://s3.amazonaws.com/ https://advisingapistg.adityabirlacapital.com/ https://cdnp.notifyvisitors.com/ https://www.notifyvisitors.com/ https://googleads.g.doubleclick.net/ https://dev6.notifyvisitors.com/ https://connect.facebook.net/ https://c3.avaamo.com/ https://count-server.sharethis.com/v2.0/get_counts https://buttons-config.sharethis.com/ https://abcscprod.azureedge.net https://www.adityabirlacapital.com https://cdn.notifyvisitors.com https://www.googleadservices.com https://www.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://platform-api.sharethis.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://stackpath.bootstrapcdn.com/ https://use.typekit.net/ https://cdn.ampproject.org https://dev6.notifyvisitors.com  https://bslivoicetest30-09.firebaseapp.com/ https://advisingapi.adityabirlacapital.com/ https://doco5kxdv8uwj.cloudfront.net/ https://c3.avaamo.com/ https://disha-mic-uat.firebaseapp.com/ https://chuknu.sokrati.com/ https://bslivoicetest30-09.firebaseapp.com/ https://voice.aiavaamo.com/ https://coreprogramm.disqus.com/ https://c.disquscdn.com/ https://cdn.indixital.com/indtl.js https://launchpad-wrapper.privacymanager.io https://launchpad.privacymanager.io https://adityabirlacapital-prod-scheduletasks.azurewebsites.net https://api.adityabirlacapital.com/;   worker-src 'self' 'unsafe-inline' blob: https://cdn.ampproject.org  https://lifeinsurance.adityabirlacapital.com 1
frame-ancestors 'self' http://*.essilorluxottica.com https://*.essilorluxottica.com; 1
frame-ancestors https://*.farmerama.com https://*.facebook.com/ https://*.y8.com https://www.minijuegos.com/ https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://farmerama.jeja.pl/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://www.oyunskor.com/ https://www.oyunkolu.com/ https://spele.nl/ https://www.dobregry.pl/ https://fotka.com/ https://www.1001games.co.uk/ https://www.1001jocuri.ro/ https://www.1001jogos.com.br/ https://www.1001jogos.pt/ https://www.igrixl.ru/ https://www.jatekokxl.hu/ https://www.juegosjuegos.ws/ https://www.paixnidiaxl.gr/ https://www.spillespill.no/ https://www.spilxl.dk/ https://www.jeux-gratuits.com/ https://kizi.com/ https://www.browsergames.de/ https://www.jeja.pl/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.juegosdenavegador.com/ https://www.jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ http://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.spielkarussell.de/ https://www.brincar.pt/ https://www.spelle.nl/ https://www.speeleiland.nl/ https://www.kongregate.com/ https://www.kidsmmorpg.com/ https://www.xn--mmoparanios-9db.com/ https://farmerama.rtl.de/; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.nice-incontact.com *.youtube.com *.3lift.com *.calendly.com *.adnxs.com *.advertising.com *.bidswitch.net *.casalemedia.com *.doubleclick.net *.facebook.com *.openx.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.yahoo.com *.pippio.com *.marketo.com *.henryscheincustombranding.com *.acuityscheduling.com *.adroll.com *.dca0.com *.adroll.mgr.consensu.org *.kampyle.com *.go-mpulse.net *.marketo.net *.serving-sys.com *.googleadservices.com *.g.doubleclick.net *.akamaihd.net *.comodo.com *.trustlogo.com *.verisign.com *.websecurity.norton.com *.digicert.com *.coremetrics.com *.googletagmanager.com *.google.com *.google-analytics.com *.richrelevance.com *.livechatinc.com *.mybusinessbankcard.com *.hsforms.net *.hsforms.com *.hubspot.com *.cognitoforms.com *.google:* *.gstatic.com *.googleapis.com *.github.com *.jquery.com *.facebook.net *.ak.fbcdn.net *.twimg.com *.dentapure.com *.appspot.com *.insourceonline.com vp.dentrek.com *.henryschein.com *.sullivanschein.com *.bing.com *.pagescdn.com *.sitescdn.net *.licdn.com *.conductor.com cdnjs.cloudflare.com widgets.jotform.io *.jotform.com *.googleoptimize.com *.formsite.com *.fullstory.com blob: data:; connect-src 'self' *.henryscheincustombranding.com calendly.com *.conductor.com *.akstat.io wmg-productdesigner-prod-apim.azure-api.net *.go-mpulse.net *.kampyle.com *.mktoresp.com *.akamaihd.net *.richrelevance.com *.livechatinc.com *.vivarep.com *.cognitoforms.com *.google.com *.google-analytics.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.g.doubleclick.net *.coremetrics.com *.googletagmanager.com *.adroll.com *.dca0.com *.pagescdn.com *.mktoutil.com cdnjs.cloudflare.com widgets.jotform.io *.jotform.com *.fullstory.com; img-src 'self' wmg-productdesigner-prod-apim.azure-api.net *.ytimg.com *.linkedin.com *.adsymptotic.com *.henryscheincustombranding.com *.3lift.com *.adnxs.com *.advertising.com *.bidswitch.net *.casalemedia.com *.doubleclick.net *.facebook.com *.facebook.net *.openx.net *.outbrain.com *.pubmatic.com *.rlcdn.com *.rubiconproject.com *.taboola.com *.yahoo.com *.pippio.com *.marketo.com *.adroll.com *.dca0.com *.adroll.mgr.consensu.org *.kampyle.com *.g.doubleclick.net *.akamaihd.net *.placeholder.com *.comodo.com *.trustlogo.com *.websecurity.norton.com *.digicert.com *.google:* *.caligor.com *.coremetrics.com *.livechatinc.com *.google.com *.google-analytics.com *.henryschein.com *.sullivanschein.com *.vivarep.com placehold.it placehold.co *.servertastic.com *.gstatic.com *.corporate-ir.net *.appspot.com *.googleapis.com *.insourceonline.com *.istockphoto.com *.hsforms.net *.bing.com *.googletagmanager.com *.commerce-connector.com *.ads.linkedin.com *.vimeocdn.com *.cdn.jotfor.ms px.owneriq.net data:; style-src *.henryscheincustombranding.com *.kampyle.com *.google-analytics.com 'unsafe-inline' 'self' *.marketo.com *.googleapis.com *.cognitoforms.com *.google.com *.livechatinc.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.gstatic.com *.sitescdn.net; font-src 'self' *.henryscheincustombranding.com *.kampyle.com *.cdn.skype.com *.googleapis.com *.gstatic.com *.livechatinc.com *.googleusercontent.com *.cognitoforms.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com cdn.jotfor.ms data:; frame-src 'self' *.nice-incontact.com *.marketo.com calendly.com  *.acuityscheduling.com *.hubspot.com *.kampyle.com *.g.doubleclick.net *.google-analytics.com *.google.com *.pendo.io *.bws.birst.com *.trustlogo.com *.comodo.com *.googletagmanager.com *.livechatinc.com *.youtube.com *.vivalearning.com *.vimeo.com *.corporate-ir.net vimeo.com *.facebook.com *.appspot.com *.hsforms.net *.henryschein.com *.sullivanschein.com *.bing.com *.facebook.net *.hsforms.com *.pagescdn.com *.wistia.com *.formsite.com data:; media-src 'self' *.vivarep.com *.kampyle.com *.livechatinc.com *.istockphoto.com *.hsforms.net *.appspot.com *.henryschein.com *.sullivanschein.com *.facebook.com *.bing.com *.dentapure.com;  1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data: blob: 'unsafe-inline' 1
frame-ancestors 'self' https://*.therapy.nethealth.com 1
frame-ancestors 'self' *.ais.co.th, font-src 'self'  *.ais.co.th fonts.gstatic.com *.blob.core.windows.net *.cdc.ais.th maxcdn.bootstrapcdn.com 1
default-src 'self' data: ;         script-src 'self' data: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com js.hs-scripts.com js.hsleadflows.net js.hs-analytics.net *.google-analytics.com *.googletagmanager.com sjs.bizographics.com js.driftt.com bat.bing.com connect.facebook.net web-analytics.engagio.com *.salesloft.com  *.adroll.com *.cloudfront.net maps.googleapis.com d.adroll.mgr.consensu.org https://optimize.google.com *.licdn.com *.fullstory.com fullstory.com js.hs-banner.com https://tagmanager.google.com *.demandbase.com *.intercom.io *.intercomcdn.com https://play.vidyard.com https://www.googleadservices.com https://googleads.g.doubleclick.net *.hsforms.net https://*.usercentrics.eu *.6sc.co *.6sense.com https://scripts.simpleanalyticscdn.com https://js.qualified.com;         img-src * 'self' data: *.hubspot.com *.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com *.salesloft.com *.linkedin.com *.google.com *.facebook.com *.adroll.com *.adsymptotic.com bat.bing.com pixel.advertising.com dsum-sec.casalemedia.com pixel.rubiconproject.com sync.outbrain.com simage2.pubmatic.com trc.taboola.com eb2.3lift.com ads.yahoo.com ib.adnxs.com x.bidswitch.net cm.g.doubleclick.net idsync.rlcdn.com us-u.openx.net ups.analytics.yahoo.com dpm.demdex.net s.amazon-adsystem.com pm.w55c.net ups.analytics.yahoo.com pippio.com sync.mathtag.com tags.rd.linksynergy.com match.adsrvr.org usermatch.krxd.net tags.bluekai.com *.intercom.io *.intercomcdn.com *.intercomassets.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com;         connect-src * 'self' data: *.hubspot.com https://optimize.google.com *.intercom.io *.intercomcdn.com *.intercomusercontent.com https://*.usercentrics.eu *.6sc.co *.6sense.com https://queue.simpleanalyticscdn.com https://*.qualified.com wss://*.qualified.com;         frame-src 'self' data: player.vimeo.com js.driftt.com learn.qualia.com www.youtube.com qualia.daily.co https://optimize.google.com https://cdn2.hubspot.net https://play.vidyard.com *.hsforms.com https://*.qualified.com;         style-src 'self' data: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com https://*.qualified.com;         font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://optimize.google.com *.intercomcdn.com;         media-src 'self' data: www.qualia.com js.driftt.com *.intercomcdn.com *.hubspotusercontent00.net mediastream: https://*.qualified.com;         manifest-src 'self' data: *.google.com;         prefetch-src 'self' data: https://play.vidyard.com;         child-src 'self' data: https://*.qualified.com;         object-src 'none';         upgrade-insecure-requests 1
frame-ancestors https://www.toto.nl 1
script-src 'nonce-c85325e9d5ca41ea982ea3463cd87d5a' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://static.zdassets.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.recaptcha.net https://componentsearchengine.com; frame-ancestors 'self' 1
font-src https://themes.googleusercontent.com https://fonts.gstatic.com https://www.concentrix.com https://fonts.googleapis.com https://cnxc.wpenginepowered.com https://www.concentrix.com https://gallery.concentrix.com https://lottiefiles.com data www.concentrix.com https://cdn.knightlab.com/; frame-ancestors https://munchkin.marketo.net https://www.concentrix.com https://cnxc.wpenginepowered.com https://www.concentrix.com 'self' https://gallery.concentrix.com www.concentrix.com; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.getnitropack.com nitropack.io *.nitropack.io *.nitrocdn.com ws.zoominfo.com js.zi-scripts.com app.omniconvert.com cdn.linkedin.oribi.io wss://*.hotjar.com data: *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.algolianet.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com cdn.linkedin.orbio.io *.rlcdn.com *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com www.google.com.ph www.google.com.mx www.google.com.bd www.google.fr *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adnxs.com *.jquery.com *.twitter.com *.cloudflare.com yoast.com *.dstillery.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co *.intercom.io wss://*.intercom.io *.mktoutil.com; frame-ancestors 'self' data: *.nitrocdn.com *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net *.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.ceros.com *.hotjar.com *.d41.co; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.nitrocdn.com *.nitropack.io nitroscripts.com app.omniconvert.com cdn.omniconvert.com consent.trustarc.com s.company-target.com *.zoominfo.com *.googleoptimize.com js.zi-scripts.com *.insent.ai *.ceros.com *.conduentassets.com *.gstatic.com *.googleapis.com *.marketo.com *.marketo.net www.googletagmanager.com *.addthis.com *.moatads.com *.twitter.com *.addthisedge.com *.algolia.net *.google-analytics.com *.licdn.com *.airpr.com *.demandbase.com *.facebook.net *.bing.com *.rezync.com *.rackcdn.com *.gumgum.com *.trustarc.com *.ads-twitter.com *.youtube.com *.linkedin.com *.bidr.io *.rlcdn.com *.gonorth.io *.rfihub.net *.rfihub.com *.googleadservices.com t.co *.company-target.com googleads.g.doubleclick.net *.doubleclick.net *.mookie1.com *.mktoresp.com *.facebook.com *.google.com *.conduent.com *.cdntwrk.com *.adsymptotic.com *.tiqcdn.com *.clarity.ms *.adnxs.com *.polyfill.io *.jquery.com *.sendsafely.com *.bootstrapcdn.com *.gravatar.com *.twitter.com *.cloudflare.com yoast.com *.basis.net *.dstillery.com *.sitescout.com *.media6degrees.com *.adsrvr.org *.cloudfront.net *.hotjar.com *.d41.co *.jsdelivr.net *.intercom.io *.intercomcdn.com *.helpscout.net; object-src 'self' *.nitrocdn.com; worker-src 'self' blob: *.nitrocdn.com; font-src 'self' data: www.conduent.com fonts.gstatic.com *.nitrocdn.com *.nitroscripts.com *.nitropack.io *.getnitropack.com *.cdntwrk.com *.intercomcdn.com; img-src 'self' data: blob: www.google.com.pr www.google.com.mm www.google.com.ng www.google.com.ph www.google.com.mx www.google.co.uk www.google.co.in www.google.com.gh www.google.fr www.facebook.com beacon.krxd.net *.dstillery.com *.rfihub.com www.google.ca *.google.com.jm conduent-12335-main-content-production.s3.amazonaws.com *.doubleclick.net *.nitrocdn.com consent-pref.trustarc.com www.googletagmanager.com us-gmtdmp.mookie1.com live.rezync.com i.ytimg.com content.cdntwrk.com assets.conduent.com www.conduentassets.com www.conduent.com bat.bing.com px.gumgum.com secure.gravatar.com *.google.com t.co analytics.twitter.com www.linkedin.com *.ads.linkedin.com www.facebook.com id.rlcdn.com www.google-analytics.com dpx.airpr.com consent.trustarc.com segments.company-target.com secure.adnxs.com;style-src 'self' 'unsafe-inline' *.nitrocdn.com app-ab05.marketo.com content.cdntwrk.com fonts.googleapis.com www.conduentassets.com; frame-src *.fls.doubleclick.net consent-pref.trustarc.com www.facebook.com app-ab05.marketo.com www.youtube.com s.company-target.com td.doubleclick.net view.ceros.com *.rfihub.com conduent.widget.insent.ai cdn-akamai.mookie1.com; manifest-src 'self'; base-uri 'none'; child-src *.fls.doubleclick.net www.facebook.com app-ab05.marketo.com www.youtube.com s.company-target.com td.doubleclick.net view.ceros.com *.rfihub.com conduent.widget.insent.ai cdn-akamai.mookie1.com 'self' blob: *.nitrocdn.com; report-to csp-endpoint; 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com https://cdn.smooch.io; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://tigobusiness.us6.list-manage.com https://criteo.com/ https://criteo.net https://ads.sonataplatform.com 'sha256-XXFoBOjc3W/1b6qYxG6ir8GAHUcfWK9ahFIgUyAyBQY=' 'sha256-7v543sk7oeNFd4Q5cjRvDz++oj8VBnaQlgE58cSvgM0=' 'sha256-Vp5PTOHVnFaafH6QEEQztGTcBQcnd7GxLT/nKtfiXcc=' 'sha256-gsP/qzsHuGqMrHKznyc6rhmCJMjh8MlKraV/axmCSpY=' 'sha256-TMzIvTq/fLf6MYLVlqQgEk5D/ZIU0s487tekHpKjh7o=' 'sha256-BEREH85JHhSK4NeFSnYpAAVK6ar2EmIEsfM9njMl3L8=' 'sha256-OEX1wY3cTl75QrW9lkHwYkrvqUWUadFtsezA87cgmFQ=' 'sha256-iBMIWAlnCNLAJWY9D+JW7IlI9O7pD7sJXKFFBKsfqe8=' 'sha256-l0RwPMhpDv6GANijGcA+g/qSA2d3sNsGFifpsiKvouQ=' 'sha256-bOyrLCrA0+BYgRyM4zC05DOagezx1UXzNXZz4QOitxs=' https://*.smooch.io; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com https://*.smooch.io; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com https://www.gravatar.com https://*.smooch.io; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com https://*.smooch.io; connect-src * data: https://*.crazyegg.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
frame-ancestors 'self' hhs.gov *.hhs.gov 1
frame-ancestors 'self' https://hub.prosper.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: http://freegeoip.net https://*.3lift.com https://*.adobedtm.com https://*.advertising.com https://*.casalemedia.com https://*.cloudfront.net https://*.connect.facebook.net https://*.contextweb.com https://*.demdex.net https://*.dotomi.com https://*.doubleclick.net https://*.flex.msn.com https://*.fls.doubleclick.net https://*.fonts.net https://*.foresee.com https://*.freegeoip.net https://*.github.io https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.heapanalytics.com https://*.impactradius-event.com https://*.impactradius-tag.com https://*.krxd.net https://*.neuro-id.com https://*.newrelic.com https://*.nr-data.net https://*.opendns.com https://*.optimizely.com https://*.plaid.com https://*.privacy-policy.truste.com https://*.prosper.com https://*.pubmatic.com https://*.rlcdn.com https://*.rundsp.com https://*.salesforceliveagent.com https://*.segment.com https://*.sharethis.com https://*.split.io https://*.static-resource.com https://*.trendmicro.com https://*.truste.com https://*.trustev.com https://*.typekit.net https://*.vo.msecnd.net https://*.walkme.com https://*.zdassets.com https://ajax.cloudflare.com https://api.direct.id/signalr/* https://api.microsofttranslator.com https://api.sprig.com/ https://assets.adobedtm.com https://bat.bing.com https://boards-api.greenhouse.io https://cdn.heapanalytics.com https://cdn.oncehub.com https://cdn.plaid.com https://cdn.split.io https://cdn.sprig.com/ https://cdncache-a.akamaihd.net https://cdnjs.cloudflare.com https://code.createjs.com/ https://connect.facebook.net https://flex.msn.com https://freegeoip.net https://gateway.zscaler.net https://gateway.zscalerone.net https://gateway.zscalerthree.net https://gateway.zscalertwo.net https://gateway.zscloud.net https://googleads.g.doubleclick.net https://h.online-metrix.net https://heapanalytics.com https://heatmap.services https://js-agent.newrelic.com https://maps.gstatic.com https://match.sync.ad.cpe.dotomi.com https://partners.cmptch.com https://prosper.evyy.net https://s.cmptch.com https://s3.amazonaws.com https://script.crazyegg.com https://seal.digicert.com https://seal.websecurity.norton.com https://tpc.googlesyndication.com https://track.neuro-id.com https://voe.novacredit.com/static/js/init.js https://widget-mediator.zopim.com https://widget.trustpilot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.pagespeed-mod.com https://unpkg.com/@optimizely/optimizely-sdk@3.5/dist/optimizely.browser.umd.min.js wss://api.direct.id/signalr/reconnect https://heatmap-events-collector.instapage.com https://g.fastcdn.co https://www.googleoptimize.com https://cdn.instapagemetrics.com https://*.wp.com https://yoast.com https://app.starred.com https://*.zenimpact.io https://static.ada.support; worker-src blob:; report-uri https://csp-reporting.prosper.com/publish-to-csp-reporting; 1
default-src 'self' 'unsafe-inline' *.google-analytics.com https://analytics.google.com/ https://analytics.google.com/ www.google.com.ar www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com www.google.com cloud.modyocdn.com connect.facebook.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net www.w3.org udc-neb.kampyle.com d1dzq2r60kxox4.cloudfront.net stats.g.doubleclick.net d1dzq2r60kxox4.cloudfront.net nebula-cdn.kampyle.com www.googleoptimize.com udc-neb.kampyle.com youtube.com gw.dev.apis.itau.cl gw.sb.apis.itau.cl gw.apis.itau.cl 'unsafe-eval' www.google.cl/ads/ga-audiences connect.facebook.net itau-cl.modyo.be www.youtube.com www.facebook.com www.googleadservices.com googleads.g.doubleclick.net/ cdnjs.cloudflare.com; https://www.youtube.com/embed/Ui5X7GRlka0?enablejsapi=1&version=3&playerapiid=ytplayer; https://www.youtube.com/embed/ICdlXczczUE 1
default-src 'self' https://secure-ds.serving-sys.com *.healthhub.sg https://*.clarity.ms https://c.bing.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.healthhub.sg https://ads-engagement.presage.io https://platform.twitter.com https://www.clarity.ms https://analytics.tiktok.com *.qualtrics.com *.google-analytics.com *.analytics.google.com https://sp.analytics.yahoo.com/ https://tr.outbrain.com/ https://vimeo.com/ https://www.vimeo.com/ cdn.taboola.com/ trc.taboola.com/ https://amplify.outbrain.com/ https://s.yimg.com/ https://s.ytimg.com/ https://www.youtube.com https://tagmanager.google.com http://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://secure-ds.serving-sys.com https://bs.serving-sys.com https://connect.facebook.net/ https://servedby.revive-adserver.net https://*.hotjar.com https://secure.quantserve.com https://wave.outbrain.com https://rules.quantcount.com; img-src 'self' data: https://servedby.revive-adserver.net/ *.healthhub.sg *.qualtrics.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://cds.taboola.com/ https://www.gstatic.com https://ssl.gstatic.com https://tr.outbrain.com https://tagmanager.google.com https://developers.onemap.sg https://maps-a.onemap.sg  https://maps-b.onemap.sg https://maps-c.onemap.sg https://s3-ap-southeast-1.amazonaws.com https://s3.amazonaws.com  https://cm.g.doubleclick.net https://www.google.com.sg http://www.healthhub.sg  https://www.google.com https://stats.g.doubleclick.net https://img.youtube.com https://maps.gstatic.com https://www.google-analytics.com https://app.sttarter.com:9000 https://ssl.sttarter.com:9000  http://app.sttarter.com:9000 http://ssl.sttarter.com:9000 https://ssl.sttarter.com:9443 https://facebook.com https://cdn.revive-adserver.net https://www.facebook.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://connect.facebook.net https://pixel.quantserve.com https://*.clarity.ms https://c.bing.com https://*.hotjar.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.healthhub.sg https://servedby.revive-adserver.net/ https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com;  font-src 'self' *.healthhub.sg https://fonts.gstatic.com data: fonts.googleapis.com https://*.hotjar.com; connect-src 'self' *.healthhub.sg *.qualtrics.com *.google-analytics.com *.analytics.google.com https://www.google.com/ https://www.google-analytics.com https://stats.g.doubleclick.net/ https://trc-events.taboola.com/ https://vimeo.com/ https://www.vimeo.com/ https://www.facebook.com/ https://analytics.google.com/ https://prodigious.imailxpress.com https://trc.taboola.com/ https://s.yimg.com/ https://tagmanager.google.com  https://www.healthhub.sg http://www.healthhub.sg  secure-ds.serving-sys.com https://servedby.revive-adserver.net https://tr.outbrain.com https://pips.taboola.com https://cds.taboola.com https://analytics.tiktok.com https://*.clarity.ms https://pixel.quantcount.com https://www.google.com.sg https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;  frame-src 'self' *.healthhub.sg https://players.brightcove.net https://brightcove.net *.qualtrics.com https://9248167.fls.doubleclick.net/ https://www.player.vimeo.com/ https://www.vimeo.com/ https://player.vimeo.com/ https://vimeo.com/ web.facebook.com connect.facebook.net https://8416677.fls.doubleclick.net https://www.youtube.com  https://tags.tiqcdn.com https://bid.g.doubleclick.net https://www.youtube.com https://syndication.twitter.com https://platform.twitter.com https://www.google.com https://fork.gotrackier.com https://view.officeapps.live.com https://*.doubleclick.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.world; img-src 'self' https: data: blob: https://mastodon.world; style-src 'self' https://mastodon.world 'nonce-UET2UjNh5Lbc6RNQZFZrOQ=='; media-src 'self' https: data: https://mastodon.world; frame-src 'self' https:; manifest-src 'self' https://mastodon.world; form-action 'self'; child-src 'self' blob: https://mastodon.world; worker-src 'self' blob: https://mastodon.world; connect-src 'self' data: blob: https://mastodon.world https://s3.eu-central-2.wasabisys.com wss://mastodon.world; script-src 'self' https://mastodon.world 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' https://in.getclicky.com https://in.getclicky.co https://www.googleadservices.com https://static.getclicky.co https://pi.pardot.com https://connect.facebook.net https://static.getclicky.com https://info.anchor.com.au https://googleads.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.ne https://www.googletagmanager.com https://code.jquery.com https://widget.trustpilot.com https://digitalpacificgroup.formstack.com https://static.formstack.com https://analytics.formstack.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.google.com.au https://www.facebook.com https://www.google.com https://secure.gravatar.com https://members.panthur.com.au https://www.google-analytics.com data: 'unsafe-inline'; frame-src 'self' https://www.facebook.com https://widget.trustpilot.com/ https://player.vimeo.com; style-src 'self' https://use.typekit.net https://p.typekit.net https://static.formstack.com 'unsafe-inline'; font-src 'self' https://netdna.bootstrapcdn.com https://widget.trustpilot.com https://use.typekit.net https://static.formstack.com data: blob: 'unsafe-inline'; object-src 'self'; connect-src 'self' https://in.getclicky.com https://www.google-analytics.com https://yoast.com; 1
default-src * data: blob: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://cdn-pre.tngdigital.com.my https://cdn.tngdigital.com.my 1
default-src 'self' *.policia.es  *.redsara.es;	script-src 'self'  'unsafe-eval' 'unsafe-inline' *.policia.es;	object-src 'self' *.policia.es;	font-src 'self' 'unsafe-inline' data: *.googleapis.com *.policia.es;	style-src 'self' 'unsafe-inline' data: *.googleapis.com  *.policia.es;	media-src 'self' *.policia.es;	frame-src 'self' *.policia.es *.redsara.es;	img-src 'self' *.policia.es data:; 1
script-src 'self' 'unsafe-inline' unpkg.com wurfl.io *.clarity.ms *.bing.com *.giosg.com turbo.qualaroo.com https://inpref.s3.amazonaws.com *.cookielaw.org *.digital.nuance.com *.clickdimensions.com https://ajax.googleapis.com https://d2cicjhlyizi9b.cloudfront.net https://d2wzl9lnvjz3bh.cloudfront.net https://*.elisa.fi https://*.pingdom.net http://connect.facebook.net *.lfeeder.com https://*.hotjar.com *.googletagmanager.com *.adform.net *.google-analytics.com https://*.licdn.com https://*.conductrics.com https://s3.amazonaws.com; connect-src 'self' *.googlesyndication.com wurfl.io *.clarity.ms *.giosg.com api.ipify.org privacyportal-de.onetrust.com cdn.cookielaw.org geolocation.onetrust.com elisa-prod2.pegacloud.net *.hotjar.com googleads.g.doubleclick.net wss://*.hotjar.com www.google.com https://rum-collector-2.pingdom.net *.clarity.ms https://in.hotjar.com https://inpref.com https://*.elisa.fi https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self' idtheftscanner.f-secure.com *.giosg.com *.facebook.com *.soundcloud.com https://*.inpref.com https://*.youtube.com https://youtu.be https://*.hotjar.com https://dntcl.qualaroo.com; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com https://*.elisa.fi; font-src 'self' data: https://fonts.gstatic.com https://static.elisa.fi; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; default-src 'self' *.digital.nuance.com; img-src * data: 'self'; manifest-src 'self'; media-src * 'self' 1
default-src * 'self' data: 'unsafe-eval' 'unsafe-inline' blob: 1
block-all-mixed-content; frame-ancestors 'self' *.tpa.com *.umr.com *.uhis.com *.uhc.com *.optum.com *.werally.com; 1
frame-ancestors https://engage.bruker.com https://tongji.baidu.com self; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' demdex.net dpm.demdex.net adnxs.com *.scene7.com *.adnxs.com attentivemobile.com events.attentivemobile.com attn.tv audioeye.com *.audioeye.com bidswitch.net *.bidswitch.net *.bing.com bluekai.com *.bluekai.com bounceexchange.com *.bounceexchange.com bouncex.net events.bouncex.net creativecdn.com *.creativecdn.com certona.net edge1.certona.net www.res-x.com cloudflare.com *.cloudflare.com *.cloudfront.net cloudfront.net *.coach.com coach.com cnstrc.com cquotient.com criteo.com criteo.net *.criteo.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net facebook.net fonts.net fast.fonts.net *.forter.com forter.com stickyadstv.com ads.stickyadstv.com *.google.com www.google.co.kr www.google.com.do www.google.lv www.google.com.ly www.google.com.vn www.google.ie www.google.co.ve www.google.kz www.google.com.ec www.google.dk www.google.com.pa www.google.com.pe www.google.as www.google.ro www.google.ch www.google.fr www.google.com.mx www.google.com.ph www.google.gr www.google.co.nz www.google.nl www.google.se www.google.com.ua www.google.co.in www.google.co.id www.google.es www.google.com.jm www.google.hn www.google.com.py www.google.com.np www.google.ca www.google.com.co *.gstatic.com www.google.ae googleapis.com *.googleapis.com cloudfunctions.net *.cloudfunctions.net www.googletagmanager.com *.google-analytics.com 360yield.com ad.360yield.com casalemedia.com r.casalemedia.com ivitrack.com matching.ivitrack.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com klarnaservices.com *.klarnaservices.com *.linksynergy.com liadm.com *.liadm.com media.net *.media.net mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com micpn.com b6sgkpgq.micpn.com cookielaw.org cdn.cookielaw.org postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com onetrust.com *.online-metrix.net online-metrix.net *.optimizely.com optimizely.com outbrain.com *.paypal.com www.paypalobjects.com pinimg.com s.pinimg.com pinterest.com *.pinterest.com pdst.fm cdn.pdst.fm powerreviews.com *.powerreviews.com pubmatic.com qualtrics.com *.qualtrics.com quantummetric.com *.rakuten.com rlcdn.com idsync.rlcdn.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com force.com my.salesforce.com *.my.salesforce.com *.force.com *.salesforceliveagent.com sharethrough.com match.sharethrough.com signifyd.com *.signifyd.com smartadserver.com *.smartadserver.com sc-static.net snapchat.com tr.snapchat.com taboola.com *.taboola.com tangiblee.com *.tangiblee.com tapad.com *.tapad.com teads.tv *.teads.tv *.tiktok.com tiktok.com adsrvr.org *.adsrvr.org tremorhub.com *.tremorhub.com 3lift.com eb2.3lift.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co *.smaato.net rqtrk.eu ws.rqtrk.eu techlab-cdn.com p11.techlab-cdn.com wknd.ai tag.wknd.ai www.yext-pixel.com scene7.com typekit.net *.typekit.net cdnwidget.com *.cdnwidget.com pippio.com *.attn.tv bazaarvoice.com *.btttag.com bootstrapcdn.com maxcdn.bootstrapcdn.com *.cquotient.com adsymptotic.com www.googleadservices.com *.katespade.com katespade.com www.katespade.co.uk *.linkedin.com cdnbasket.net *.cdnbasket.net *.onetrust.com openx.net *.quantummetric.com securedvisit.com track.securedvisit.com squadded.co static.squadded.co *.cnstrc.com sv.rkdms.com *.yahoo.com *.youtube.com zineone.com *.zineone.com *.adroll.com static-na.payments-amazon.com m.media-amazon.com *.amazonaws.com apay-us.amazon.com ntp.msn.com api.images.drivecommerce.com api2.fonts.com dynl.mktgcdn.com *.socdm.com static.squad-shopping.com static.lisa-cdn.net rstyle.me katespadesurprise.loveslisa.tech *.googlesyndication.com services.postcodeanywhere.co.uk *.truefitcorp.com *.adyen.com *.dealmoon.com www.bradsdeals.com www.shopstyle.com rd.bizrate.com www.afrugalchick.com thecouponboutique.com hip2save.com giftful.com www.eonline.com capitaloneshopping.com www.passionforsavings.com *.addressy.com *.ampproject.net thekrazycouponlady.com sas.selleramp.com *.dealmoon.ca appium.io *.shoprunner.com *.shoprunner.io qa-specops.loopassets.net *.stuartweitzman.com images.katespade.comis cms.coachoutlet.com tapestry.support jira.tapestry.support *.needle.com *.mapbox.com cdn.honey.io edgeshoppingstatic.azureedge.net exchjsdata.com cdn.ivaws.com dealsea.com deref-mail.com go.magik.ly www.ecosia.org legacy-myemail.cox.net *.demandware.net *.instagram.com usage.trackjs.com mpsnare.iesnare.com v.fwmrm.net 1f2e7.v.fwmrm.net *.my.salesforce-sites.com sentry.io *.narvar.com link.edgepilot.com www.shopstyle.ca tapes11111.pcapredict.com ad.tpmn.co.kr *.clmbtech.com visitor.omnitagjs.com tst.kaptcha.com *.yieldmo.com *.kampyle.com *.medallia.com dsum-sec.casalemedia.com us-u.openx.net sync.outbrain.com *.pubmatic.com *.bluecore.com *.amplience.net cs.adingo.jp *.aralego.com *.aralego.net *.krxd.net *.stackadapt.com cdn.jsdelivr.net *.cloudinary.com api.fillr.com snap.licdn.com api.bluecore.app e1.emxdgt.com app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com *.katespadeoutlet.com katespadeoutlet.com cdn.wyng.com shpog-kso.ovative.com *.bluecore.app data: blob:; 1
frame-ancestors https://www.emaar.com; upgrade-insecure-requests; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.appdynamics.com https://*.cloudfront.net https://api.usabilla.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://nconnect.facebook.net https://www.youtube.com https://w.usabilla.com https://scripts.nwebsec.com https://www.google.com https://static.doubleclick.net https://api.wunderground.com https://pym.nprapps.org https://connect.facebook.net https://maps.googleapis.com https://*.iperceptions.com https://az452423.vo.msecnd.net https://ips-invite.iperceptions.com https://syndication.twitter.com https://s.ytimg.com https://iperceptions01.azureedge.net https://dnn506yrbagrg.cloudfront.net https://www.gstatic.com https://bat.bing.com https://static.cmptch.com https://s.adroll.com https://d.adroll.com https://media.zoomprospector.com https://*.appdynamics.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css blob: https://*.aspnetcdn.com https://optimize.google.com https://se-engage-components-dev.herokuapp.com https://se-engage-components-uat.herokuapp.com https://se-engage-manifastener-dev.herokuapp.com https://se-engage-manifastener-uat.herokuapp.com https://se-engage-manifastener-prod.herokuapp.com https://engage-components.stg.rotw.uplight.io https://engage-components.uat.rotw.uplight.io https://engage-components.prd.rotw.uplight.io https://engage-api.simpleenergy.io https://*.zoomprospector.com https://*.licdn.com https://*.adsrvr.org https://*.sizeup.com https://*.dynamics.com https://*.nrel.gov https://*.udev1a.net https://*.usablenet.com https://rec.smartlook.com https://*.fullstory.com https://*.koopid.io https://*.ensighten.com https://*.simpleenergy.io https://*.1trust.app https://*.onetrust.com https://*.koopid.ai https://*.crazyegg.com https://rs.fullstory.com https://edge.fullstory.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://*.powerclerk.com https://cse.google.com https://clients1.google.com/complete/search https://static.ads-twitter.com https://127.0.0.1/lastNetworkActivity https://kendo.cdn.telerik.com https://*.yimg.com https://*.acuityplatform.com https://*.nextdoor.com https://*.pingdom.com https://*.pingdom.net https://*.adnxs.com/ https://*.verse.com/ https://global.oktacdn.com;object-src 'self' https://www.applianceserviceplan.com;style-src 'self' 'unsafe-inline' https://www.youtube.com https://www.fonts.googleapis.com https://fonts.googleapis.com https://*.cloudfront.net https://tagmanager.google.com/debug/css.css https://optimize.google.com https://*.nrel.gov https://*.udev1a.net https://*.usablenet.com https://*.koopid.io https://*.simpleenergy.io https://*.1trust.app https://*.onetrust.com https://*.koopid.ai https://*.crazyegg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.powerclerk.com https://www.google.com/cse/ https://kendo.cdn.telerik.com https://*.verse.com/ https://global.oktacdn.com;img-src 'self' https://www.google.com https://www.google-analytics.com https://i.ytimg.com https://www.facebook.com https://*.cloudfront.net https://bat.bing.com https://gtrk.s3.amazonaws.com https://i.vimeocdn.com https://ips-img.iperceptions.com https://maps.googleapis.com https://maps.gstatic.com https://pbs.twimg.com https://stats.g.doubleclick.net https://w.usabilla.com https://www.googletagmanager.com https://www.google.ca https://www.google.co.in https://optimize.google.com https: data: https://*.crazyegg.com https://rs.fullstory.com https://*.powerclerk.com blob:;media-src 'self' https:;frame-src https://*.iperceptions.com https://connect.facebook.net https://ipn2.paymentus.com https://na-sj06.marketo.com https://player.vimeo.com https://www.facebook.com https://www.google.com https://tagmanager.google.com https://optimize.google.com https: https://*.crazyegg.com;font-src 'self' https://fonts.gstatic.com https://cdn.joinhoney.com https: data:;connect-src 'self' https://api.iperceptions.com https://col.eum-appdynamics.com https://stats.g.doubleclick.net https://www.google-analytics.com https: https://*.crazyegg.com https://edge.fullstory.com https://rs.fullstory.com https://*.powerclerk.com;child-src 'self' https://www.googletagmanager.com https://ipn2.paymentus.com https://connect.facebook.net https://www.google.com https://*.iperceptions.com https://tagmanager.google.com https://www.youtube.com https: blob: https://*.crazyegg.com;frame-ancestors 'self' https:;worker-src https: data: blob: https://*.crazyegg.com;report-uri /webapi/reporting/csp 1
frame-ancestors 'self' https://*.e-conomic.com https://*.secure.e-conomic.com http://localhost:3000; 1
script-src 'report-sample' data: 'nonce-72384de360f0a293c9a2098be05e722a-argus' 'strict-dynamic' 'self' 'unsafe-eval' blob: *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com *.baidu.com *.byteimg.com; connect-src 'self' *.bytedance.net *.snssdk.com *.zijieapi.com *.byted.org *.ugsdk.cn *.bytedance.com hm.baidu.com *.usergrowth.com.cn *.bytescm.com *.toutiao.com *.yhgfb-cn-static.com *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.douyinvod.com:* *.bytetos.com *.ibytedapm.com *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.byteimg.com *.qnqcdn.net:* *.weilayun.com:* *.saxysec.com:* *.saxyit.com:* *.saxydc.com:* *.sjxysec.com:* *.sjxydc.com:* *.hiecheimaetu.com:* *.ppio.cloud:* *.vegslb.com:* *.xsj.wasu.tv:* *.zebracdn.com:* *.volctranscdn.com:*; frame-ancestors 'self' *.feishu.cn; report-to slardar-endpoint; upgrade-insecure-requests ; 1
upgrade-insecure-requests; frame-ancestors 'self' *.magenta.at *.t-mobile.at *.s-budget-mobile.at *.esp.ownsolutions.net magenta-at.cleverq.de www.youtube.com; 1
frame-src * https://bid.g.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com; default-src 'self' https://sentry-prod.cryptology.com/; script-src 'self' blob: 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net/ https://*.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://*.firebaseio.com wss://*.firebaseio.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://s.adroll.com https://d.adroll.com https://*.omappapi.com/ https://*.cookiebot.com/ https://wchat.freshchat.com https://hcaptcha.com https://*.hcaptcha.com https://sentry-prod.cryptology.com/api/embed/error-page/ ; style-src 'self' blob: https://*.cryptology.com 'unsafe-inline' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://fonts.googleapis.com https://*.omappapi.com/ https://wchat.freshchat.com/widget/css/ https://wchat.freshchat.com/css/ https://hcaptcha.com https://*.hcaptcha.com; worker-src 'self' blob:; connect-src 'self' blob: https://*.cryptology.com https://cryptology.com wss://*.cryptology.com https://*.cryptology.com:2083 https://s3.eu-central-1.amazonaws.com/public-files.prod.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.staging.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.dev.payments.cryptology.com/ https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://apis.google.com https://*.googleapis.com https://fonts.gstatic.com https://stats.g.doubleclick.net/ https://analytics.google.com https://*.analytics.google.com https://*.firebaseio.com wss://*.firebaseio.com https://www.facebook.com/tr/ https://api.coinmarketcap.com https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://d.adroll.com https://content.hotjar.io https://*.omappapi.com/ https://*.cookiebot.com/ https://wchat.freshchat.com/js/ https://wchat.freshchat.com/widget/js/ https://wchat.freshchat.com/widget/css/ https://wchat.freshchat.com/css/ https://hcaptcha.com https://*.hcaptcha.com https://locales.dev.cryptology.com/ https://locales.prod.cryptology.com/ https://locales.staging.cryptology.com/ localhost:*; object-src 'none'; child-src 'self' https://cryptology-9a846.firebaseapp.com https://cryptology-9a846.firebaseio.com https://cryptology-dev.firebaseapp.com https://cryptology-dev.firebaseio.com https://cryptology-prod.firebaseapp.com https://cryptology-prod.firebaseio.com https://www.facebook.com/ https://staticxx.facebook.com/; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com/public-files.prod.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.staging.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/public-files.dev.payments.cryptology.com/ https://s3.eu-central-1.amazonaws.com/banners-files.prod.banners.cryptology.com/ https://s3.eu-central-1.amazonaws.com/banners-files.staging.banners.cryptology.com/ https://s3.eu-central-1.amazonaws.com/banners-files.dev.banners.cryptology.com/ https://*.cryptology.com https://cryptology.com https://t.co https://analytics.twitter.com https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://*.tagmanager.google.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.gstatic.com https://*.googleusercontent.com https://googleads.g.doubleclick.net https://google.com/ads/ga-audiences https://google.ad/ads/ga-audiences https://google.ae/ads/ga-audiences https://google.com.af/ads/ga-audiences https://google.com.ag/ads/ga-audiences https://google.com.ai/ads/ga-audiences https://google.al/ads/ga-audiences https://google.am/ads/ga-audiences https://google.co.ao/ads/ga-audiences https://google.com.ar/ads/ga-audiences https://google.as/ads/ga-audiences https://google.at/ads/ga-audiences https://google.com.au/ads/ga-audiences https://google.az/ads/ga-audiences https://google.ba/ads/ga-audiences https://google.com.bd/ads/ga-audiences https://google.be/ads/ga-audiences https://google.bf/ads/ga-audiences https://google.bg/ads/ga-audiences https://google.com.bh/ads/ga-audiences https://google.bi/ads/ga-audiences https://google.bj/ads/ga-audiences https://google.com.bn/ads/ga-audiences https://google.com.bo/ads/ga-audiences https://google.com.br/ads/ga-audiences https://google.bs/ads/ga-audiences https://google.bt/ads/ga-audiences https://google.co.bw/ads/ga-audiences https://google.by/ads/ga-audiences https://google.com.bz/ads/ga-audiences https://google.ca/ads/ga-audiences https://google.cd/ads/ga-audiences https://google.cf/ads/ga-audiences https://google.cg/ads/ga-audiences https://google.ch/ads/ga-audiences https://google.ci/ads/ga-audiences https://google.co.ck/ads/ga-audiences https://google.cl/ads/ga-audiences https://google.cm/ads/ga-audiences https://google.cn/ads/ga-audiences https://google.com.co/ads/ga-audiences https://google.co.cr/ads/ga-audiences https://google.com.cu/ads/ga-audiences https://google.cv/ads/ga-audiences https://google.com.cy/ads/ga-audiences https://google.cz/ads/ga-audiences https://google.de/ads/ga-audiences https://google.dj/ads/ga-audiences https://google.dk/ads/ga-audiences https://google.dm/ads/ga-audiences https://google.com.do/ads/ga-audiences https://google.dz/ads/ga-audiences https://google.com.ec/ads/ga-audiences https://google.ee/ads/ga-audiences https://google.com.eg/ads/ga-audiences https://google.es/ads/ga-audiences https://google.com.et/ads/ga-audiences https://google.fi/ads/ga-audiences https://google.com.fj/ads/ga-audiences https://google.fm/ads/ga-audiences https://google.fr/ads/ga-audiences https://google.ga/ads/ga-audiences https://google.ge/ads/ga-audiences https://google.gg/ads/ga-audiences https://google.com.gh/ads/ga-audiences https://google.com.gi/ads/ga-audiences https://google.gl/ads/ga-audiences https://google.gm/ads/ga-audiences https://google.gr/ads/ga-audiences https://google.com.gt/ads/ga-audiences https://google.gy/ads/ga-audiences https://google.com.hk/ads/ga-audiences https://google.hn/ads/ga-audiences https://google.hr/ads/ga-audiences https://google.ht/ads/ga-audiences https://google.hu/ads/ga-audiences https://google.co.id/ads/ga-audiences https://google.ie/ads/ga-audiences https://google.co.il/ads/ga-audiences https://google.im/ads/ga-audiences https://google.co.in/ads/ga-audiences https://google.iq/ads/ga-audiences https://google.is/ads/ga-audiences https://google.it/ads/ga-audiences https://google.je/ads/ga-audiences https://google.com.jm/ads/ga-audiences https://google.jo/ads/ga-audiences https://google.co.jp/ads/ga-audiences https://google.co.ke/ads/ga-audiences https://google.com.kh/ads/ga-audiences https://google.ki/ads/ga-audiences https://google.kg/ads/ga-audiences https://google.co.kr/ads/ga-audiences https://google.com.kw/ads/ga-audiences https://google.kz/ads/ga-audiences https://google.la/ads/ga-audiences https://google.com.lb/ads/ga-audiences https://google.li/ads/ga-audiences https://google.lk/ads/ga-audiences https://google.co.ls/ads/ga-audiences https://google.lt/ads/ga-audiences https://google.lu/ads/ga-audiences https://google.lv/ads/ga-audiences https://google.com.ly/ads/ga-audiences https://google.co.ma/ads/ga-audiences https://google.md/ads/ga-audiences https://google.me/ads/ga-audiences https://google.mg/ads/ga-audiences https://google.mk/ads/ga-audiences https://google.ml/ads/ga-audiences https://google.com.mm/ads/ga-audiences https://google.mn/ads/ga-audiences https://google.ms/ads/ga-audiences https://google.com.mt/ads/ga-audiences https://google.mu/ads/ga-audiences https://google.mv/ads/ga-audiences https://google.mw/ads/ga-audiences https://google.com.mx/ads/ga-audiences https://google.com.my/ads/ga-audiences https://google.co.mz/ads/ga-audiences https://google.com.na/ads/ga-audiences https://google.com.ng/ads/ga-audiences https://google.com.ni/ads/ga-audiences https://google.ne/ads/ga-audiences https://google.nl/ads/ga-audiences https://google.no/ads/ga-audiences https://google.com.np/ads/ga-audiences https://google.nr/ads/ga-audiences https://google.nu/ads/ga-audiences https://google.co.nz/ads/ga-audiences https://google.com.om/ads/ga-audiences https://google.com.pa/ads/ga-audiences https://google.com.pe/ads/ga-audiences https://google.com.pg/ads/ga-audiences https://google.com.ph/ads/ga-audiences https://google.com.pk/ads/ga-audiences https://google.pl/ads/ga-audiences https://google.pn/ads/ga-audiences https://google.com.pr/ads/ga-audiences https://google.ps/ads/ga-audiences https://google.pt/ads/ga-audiences https://google.com.py/ads/ga-audiences https://google.com.qa/ads/ga-audiences https://google.ro/ads/ga-audiences https://google.ru/ads/ga-audiences https://google.rw/ads/ga-audiences https://google.com.sa/ads/ga-audiences https://google.com.sb/ads/ga-audiences https://google.sc/ads/ga-audiences https://google.se/ads/ga-audiences https://google.com.sg/ads/ga-audiences https://google.sh/ads/ga-audiences https://google.si/ads/ga-audiences https://google.sk/ads/ga-audiences https://google.com.sl/ads/ga-audiences https://google.sn/ads/ga-audiences https://google.so/ads/ga-audiences https://google.sm/ads/ga-audiences https://google.sr/ads/ga-audiences https://google.st/ads/ga-audiences https://google.com.sv/ads/ga-audiences https://google.td/ads/ga-audiences https://google.tg/ads/ga-audiences https://google.co.th/ads/ga-audiences https://google.com.tj/ads/ga-audiences https://google.tl/ads/ga-audiences https://google.tm/ads/ga-audiences https://google.tn/ads/ga-audiences https://google.to/ads/ga-audiences https://google.com.tr/ads/ga-audiences https://google.tt/ads/ga-audiences https://google.com.tw/ads/ga-audiences https://google.co.tz/ads/ga-audiences https://google.com.ua/ads/ga-audiences https://google.co.ug/ads/ga-audiences https://google.co.uk/ads/ga-audiences https://google.com.uy/ads/ga-audiences https://google.co.uz/ads/ga-audiences https://google.com.vc/ads/ga-audiences https://google.co.ve/ads/ga-audiences https://google.vg/ads/ga-audiences https://google.co.vi/ads/ga-audiences https://google.com.vn/ads/ga-audiences https://google.vu/ads/ga-audiences https://google.ws/ads/ga-audiences https://google.rs/ads/ga-audiences https://google.co.za/ads/ga-audiences https://google.co.zm/ads/ga-audiences https://google.co.zw/ads/ga-audiences https://google.cat/ads/ga-audiences https://www.google.com/ads/ga-audiences https://www.google.ad/ads/ga-audiences https://www.google.ae/ads/ga-audiences https://www.google.com.af/ads/ga-audiences https://www.google.com.ag/ads/ga-audiences https://www.google.com.ai/ads/ga-audiences https://www.google.al/ads/ga-audiences https://www.google.am/ads/ga-audiences https://www.google.co.ao/ads/ga-audiences https://www.google.com.ar/ads/ga-audiences https://www.google.as/ads/ga-audiences https://www.google.at/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://www.google.az/ads/ga-audiences https://www.google.ba/ads/ga-audiences https://www.google.com.bd/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.bf/ads/ga-audiences https://www.google.bg/ads/ga-audiences https://www.google.com.bh/ads/ga-audiences https://www.google.bi/ads/ga-audiences https://www.google.bj/ads/ga-audiences https://www.google.com.bn/ads/ga-audiences https://www.google.com.bo/ads/ga-audiences https://www.google.com.br/ads/ga-audiences https://www.google.bs/ads/ga-audiences https://www.google.bt/ads/ga-audiences https://www.google.co.bw/ads/ga-audiences https://www.google.by/ads/ga-audiences https://www.google.com.bz/ads/ga-audiences https://www.google.ca/ads/ga-audiences https://www.google.cd/ads/ga-audiences https://www.google.cf/ads/ga-audiences https://www.google.cg/ads/ga-audiences https://www.google.ch/ads/ga-audiences https://www.google.ci/ads/ga-audiences https://www.google.co.ck/ads/ga-audiences https://www.google.cl/ads/ga-audiences https://www.google.cm/ads/ga-audiences https://www.google.cn/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.co.cr/ads/ga-audiences https://www.google.com.cu/ads/ga-audiences https://www.google.cv/ads/ga-audiences https://www.google.com.cy/ads/ga-audiences https://www.google.cz/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.dj/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.dm/ads/ga-audiences https://www.google.com.do/ads/ga-audiences https://www.google.dz/ads/ga-audiences https://www.google.com.ec/ads/ga-audiences https://www.google.ee/ads/ga-audiences https://www.google.com.eg/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.com.et/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.com.fj/ads/ga-audiences https://www.google.fm/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.ga/ads/ga-audiences https://www.google.ge/ads/ga-audiences https://www.google.gg/ads/ga-audiences https://www.google.com.gh/ads/ga-audiences https://www.google.com.gi/ads/ga-audiences https://www.google.gl/ads/ga-audiences https://www.google.gm/ads/ga-audiences https://www.google.gr/ads/ga-audiences https://www.google.com.gt/ads/ga-audiences https://www.google.gy/ads/ga-audiences https://www.google.com.hk/ads/ga-audiences https://www.google.hn/ads/ga-audiences https://www.google.hr/ads/ga-audiences https://www.google.ht/ads/ga-audiences https://www.google.hu/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.co.il/ads/ga-audiences https://www.google.im/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.iq/ads/ga-audiences https://www.google.is/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.je/ads/ga-audiences https://www.google.com.jm/ads/ga-audiences https://www.google.jo/ads/ga-audiences https://www.google.co.jp/ads/ga-audiences https://www.google.co.ke/ads/ga-audiences https://www.google.com.kh/ads/ga-audiences https://www.google.ki/ads/ga-audiences https://www.google.kg/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.com.kw/ads/ga-audiences https://www.google.kz/ads/ga-audiences https://www.google.la/ads/ga-audiences https://www.google.com.lb/ads/ga-audiences https://www.google.li/ads/ga-audiences https://www.google.lk/ads/ga-audiences https://www.google.co.ls/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.lu/ads/ga-audiences https://www.google.lv/ads/ga-audiences https://www.google.com.ly/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.md/ads/ga-audiences https://www.google.me/ads/ga-audiences https://www.google.mg/ads/ga-audiences https://www.google.mk/ads/ga-audiences https://www.google.ml/ads/ga-audiences https://www.google.com.mm/ads/ga-audiences https://www.google.mn/ads/ga-audiences https://www.google.ms/ads/ga-audiences https://www.google.com.mt/ads/ga-audiences https://www.google.mu/ads/ga-audiences https://www.google.mv/ads/ga-audiences https://www.google.mw/ads/ga-audiences https://www.google.com.mx/ads/ga-audiences https://www.google.com.my/ads/ga-audiences https://www.google.co.mz/ads/ga-audiences https://www.google.com.na/ads/ga-audiences https://www.google.com.ng/ads/ga-audiences https://www.google.com.ni/ads/ga-audiences https://www.google.ne/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.no/ads/ga-audiences https://www.google.com.np/ads/ga-audiences https://www.google.nr/ads/ga-audiences https://www.google.nu/ads/ga-audiences https://www.google.co.nz/ads/ga-audiences https://www.google.com.om/ads/ga-audiences https://www.google.com.pa/ads/ga-audiences https://www.google.com.pe/ads/ga-audiences https://www.google.com.pg/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.google.com.pk/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.pn/ads/ga-audiences https://www.google.com.pr/ads/ga-audiences https://www.google.ps/ads/ga-audiences https://www.google.pt/ads/ga-audiences https://www.google.com.py/ads/ga-audiences https://www.google.com.qa/ads/ga-audiences https://www.google.ro/ads/ga-audiences https://www.google.ru/ads/ga-audiences https://www.google.rw/ads/ga-audiences https://www.google.com.sa/ads/ga-audiences https://www.google.com.sb/ads/ga-audiences https://www.google.sc/ads/ga-audiences https://www.google.se/ads/ga-audiences https://www.google.com.sg/ads/ga-audiences https://www.google.sh/ads/ga-audiences https://www.google.si/ads/ga-audiences https://www.google.sk/ads/ga-audiences https://www.google.com.sl/ads/ga-audiences https://www.google.sn/ads/ga-audiences https://www.google.so/ads/ga-audiences https://www.google.sm/ads/ga-audiences https://www.google.sr/ads/ga-audiences https://www.google.st/ads/ga-audiences https://www.google.com.sv/ads/ga-audiences https://www.google.td/ads/ga-audiences https://www.google.tg/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.com.tj/ads/ga-audiences https://www.google.tl/ads/ga-audiences https://www.google.tm/ads/ga-audiences https://www.google.tn/ads/ga-audiences https://www.google.to/ads/ga-audiences https://www.google.com.tr/ads/ga-audiences https://www.google.tt/ads/ga-audiences https://www.google.com.tw/ads/ga-audiences https://www.google.co.tz/ads/ga-audiences https://www.google.com.ua/ads/ga-audiences https://www.google.co.ug/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.com.uy/ads/ga-audiences https://www.google.co.uz/ads/ga-audiences https://www.google.com.vc/ads/ga-audiences https://www.google.co.ve/ads/ga-audiences https://www.google.vg/ads/ga-audiences https://www.google.co.vi/ads/ga-audiences https://www.google.com.vn/ads/ga-audiences https://www.google.vu/ads/ga-audiences https://www.google.ws/ads/ga-audiences https://www.google.rs/ads/ga-audiences https://www.google.co.za/ads/ga-audiences https://www.google.co.zm/ads/ga-audiences https://www.google.co.zw/ads/ga-audiences https://www.google.cat/ads/ga-audiences https://www.facebook.com/tr/ https://d.adroll.com https://*.omappapi.com/ https://*.cookiebot.com/ https://downloads.intercomcdn.com https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/; font-src data: https://cryptology.com https://*.cryptology.com https://fonts.gstatic.com https://script.hotjar.com https://*.omappapi.com/ localhost:*; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/; report-uri https://sentry-prod.cryptology.com/api/5/security/?sentry_key=cdbfe589f11e4bff93578e39556691c6 1
default-src 'self' https://maps.googleapis.com https://*.clarity.ms https://*.google.com https://*.g.doubleclick.net https://*.analytics.google.com https://www.facebook.com https://vc-service.saleago.com https://*.salesmanago.pl https://consentcdn.cookiebot.com https://*.googlesyndication.com https://*.google-analytics.com https://liveupdate.pimcore.org https://*.enea.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://*.g.doubleclick.net https://rec.quartic.pl https://*.clarity.ms https://*.googleadservices.com https://connect.facebook.net https://script.hotjar.com https://static.hotjar.com https://*.adform.net https://fonts.googleapis.com https://*.salesmanago.pl https://*.cookiebot.com https://www.googletagmanager.com https://*.gstatic.com https://liveupdate.pimcore.org https://clients1.google.com https://www.google.com https://www.google-analytics.com https://www.enea.pl/favicon.ico https://www.facebook.com https://*.enea.pl https://www.google.pl https://www.youtube-nocookie.com https://cse.google.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.google.com; img-src 'self' data: https://www.googletagmanager.com https://maps.googleapis.com https://*.bing.com https://*.clarity.ms https://*.gstatic.com https://*.g.doubleclick.net https://secure.sitebees.com https://*.analytics.google.com https://www.googletagmanager.com https://*.salesmanago.pl https://*.googlesyndication.com https://*.google-analytics.com https://*.google.com/generate_204 https://www.google.com https://fonts.googleapis.com https://www.google-analytics.com https://www.enea.pl/favicon.ico https://www.facebook.com https://*.enea.pl https://www.google.pl https://www.youtube-nocookie.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://fonts.googleapis.com; media-src 'self' https://www.youtube-nocookie.com; object-src 'self' https://*.enea.pl; child-src 'none'; frame-src 'self' https://*.youtube.com  https://cse.google.com https://www.facebook.com https://consentcdn.cookiebot.com https://*.enea.pl https://www.youtube-nocookie.com https://www.google.com https://google.com; frame-ancestors 'self' 1
frame-ancestors 'self' cms.dxp.tedbaker.com youtube.com www.youtube.com; 1
default-src  'self'; base-uri  'self'; prefetch-src  *; img-src  'self'  https:  data:; script-src  'self' https://*.smart.com; style-src  'self' 'unsafe-inline'; connect-src  'self' https://*.smart.com; media-src  https://s7.future.smart.com; object-src  'none'; form-action  'self'; frame-src  'self' https://s7.future.smart.com 1
frame-ancestors 'self' https://*.j2t.com https://j2t.com https://*.j2t.exchange https://j2t.exchange https://*.just2trade.cn https://just2trade.cn https://webvisor.com https://*.webvisor.com https://metrika.yandex.ru https://metrica.yandex.com https://metrika.yandex.by https://metrica.yandex.com.tr 1
frame-ancestors https://www.acljaction.org https://acljaction.org https://beheardproject.com https://eclj.org https://baldbeagle.com https://morethanever.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://linkhelp.clients.google.com https://connect.facebook.net https://www.facebook.com https://graph.facebook.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://video.foxnews.com https://d2zah9y47r7bi2.cloudfront.net https://www.googleadservices.com https://www.youtube.com https://s.ytimg.com https://static.aclj.org https://static.ads-twitter.com https://analytics.twitter.com https://vimeo.com https://www.paypal.com https://www.paypalobjects.com https://chat.aclj.org https://optimize.google.com https://cqrcengage.com https://*.google.com https://pagead2.googlesyndication.com https://www.gstatic.com https://rumble.com https://*.rumble.com https://*.rumble.cloud https://i.rmbl.ws https://www.googletagmanager.com https://www.googleoptimize.com https://www.googletagservices.com https://cdn.taboola.com https://trc.taboola.com https://pips.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://apm.thesmg.cloud https://www.c-span.org https://cdn.onesignal.com https://onesignal.com https://www.votervoice.net https://js.stripe.com https://doublethedonation.com https://d11fwi1lfvvt5p.cloudfront.net https://urbanlegend.co https://api.acljaction.org https://maps.googleapis.com https://*.rmbl.ws blob: https://acljchampionuploads.s3.us-east-1.amazonaws.com; connect-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdnjs.cloudflare.com https://www.google.com https://ssl.google-analytics.com https://www.google-analytics.com https://linkhelp.clients.google.com https://connect.facebook.net https://www.facebook.com https://graph.facebook.com https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://video.foxnews.com https://d2zah9y47r7bi2.cloudfront.net https://www.googleadservices.com https://www.youtube.com https://s.ytimg.com https://static.aclj.org https://static.ads-twitter.com https://analytics.twitter.com https://vimeo.com https://www.paypal.com https://www.paypalobjects.com https://chat.aclj.org https://optimize.google.com https://cqrcengage.com https://*.google.com https://pagead2.googlesyndication.com https://www.gstatic.com https://rumble.com https://*.rumble.com https://*.rumble.cloud https://i.rmbl.ws https://www.googletagmanager.com https://www.googleoptimize.com https://www.googletagservices.com https://cdn.taboola.com https://trc.taboola.com https://pips.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://apm.thesmg.cloud https://www.c-span.org https://cdn.onesignal.com https://onesignal.com https://www.votervoice.net https://js.stripe.com https://doublethedonation.com https://d11fwi1lfvvt5p.cloudfront.net https://urbanlegend.co https://api.acljaction.org https://maps.googleapis.com https://*.rmbl.ws blob: https://acljchampionuploads.s3.us-east-1.amazonaws.com 1
default-src 'self' https://*.be.ch; connect-src 'self' https://*.be.ch https://search-api.swiftype.com https://*.jaxforms.com ws://*.jaxforms.com; frame-src 'self' https://*.be.ch https://bern.gines.ch https://*.jaxforms.com https://*.prospective.ch https://assets.adobedtm.com https://*.youtube.com https://*.youtu.be https://www.youtube-nocookie.com https://search.ch https://map.search.ch https://*.google.com https://*.geo.admin.ch https://*.promio-connect.com https://vimeo.com https://*.vimeo.com; frame-ancestors 'self' https://*.be.ch; style-src 'self' https://*.be.ch https://*.jaxforms.com 'unsafe-inline'; script-src 'self' https://*.be.ch https://*.jaxforms.com https://siteimproveanalytics.com https://cdnjs.cloudflare.com https://system.promio-connect.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://*.jaxforms.com; img-src * data:; object-src 'none'; 1
default-src 'self'; img-src 'self' 'unsafe-inline' blob: https://t.co https://analytics.twitter.com https://*.godsunchained.com https://*.immutable.com https://*.visualwebsiteoptimizer.com https://*.facebook.com https://*.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleadservices.com https://fonts.gstatic.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.xsolla.net https://*.vimeocdn.com https://vimeo.com https://staginggublog.wpengine.com https://*.images-amazon.com data: https://*.clarity.ms; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.tiktok.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://*.godsunchained.com https://*.immutable.com https://*.facebook.net https://*.visualwebsiteoptimizer.com https://*.newrelic.com https://quickkoala.io https://unpkg.com https://*.google-analytics.com/ https://*.googletagmanager.com https://*.gstatic.com https://*.google.com https://*.recaptcha.net https://*.googleadservices.com https://*.nr-data.net https://*.xsolla.net https://*.vimeocdn.com https://cdn.lr-in.com https://*.sentry.io https://cdn.lr-in-prod.com https://r.lr-in-prod.com https://client-api.arkoselabs.com https://imx-api.arkoselabs.com https://api.sprig.com https://cdn.sprig.com https://cdn.segment.com https://websdk.appsflyer.com https://*.loginwithamazon.com https://*.clarity.ms https://c.bing.com; media-src 'self' 'unsafe-inline' blob: https://*.godsunchained.com https://*.immutable.com data:; style-src 'self' 'unsafe-inline' https://*.godsunchained.com https://*.immutable.com https://fonts.googleapis.com https://*.googletagmanager.com https://*.vimeocdn.com; font-src 'self' data: 'unsafe-inline' https://*.godsunchained.com https://*.immutable.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' data: blob: https://analytics.tiktok.com https://analytics.google.com https://*.godsunchained.com https://*.immutable.com https://*.recaptcha.net https://*.nr-data.net https://*.infura.io https://*.launchdarkly.com https://quickkoala.io https://*.google-analytics.com https://*.facebook.com https://vimeo.com https://*.vimeo.com https://*.vimeocdn.com https://*.doubleclick.net https://unpkg.com https://*.googletagmanager.com https://*.gstatic.com https://*.google.com.au https://*.googleadservices.com https://*.xsolla.net https://*.rollbar.com https://builds.nonprod.godsunchained.com ws://localhost:* wss://localhost:* ws://*.godsunchained.com wss://*.godsunchained.com ws://*.immutable.com wss://*.immutable.com https://api.coinmarketcap.com https://*.akamaized.net https://cdn.lr-in.com https://*.sentry.io https://cdn.lr-in-prod.com https://r.lr-in-prod.com https://staginggublog.wpengine.com https://godsunchained.wpengine.com https://api.sprig.com https://cdn.sprig.com https://s3-ap-southeast-2.amazonaws.com https://api.segment.io https://cdn.segment.com https://*.appsflyer.com https://*.clarity.ms https://c.bing.com; frame-src 'self' https://*.godsunchained.com https://*.immutable.com https://player.vimeo.com https://www.recaptcha.net https://www.google.com https://client-api.arkoselabs.com https://imx-api.arkoselabs.com https://aqua.xyz https://auth.magic.link; object-src 'none'; worker-src blob: https://*.godsunchained.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://www.google.com/recaptcha/api.js https://ssl.google-analytics.com/ga.js https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://az416426.vo.msecnd.net/scripts/ https://tagmanager.google.com; connect-src 'self' wss://*.parliamentlive.tv/signalr/ wss://parliamentlive.tv/signalr/ wss://*.vualto.com/signalr/ https://dc.services.visualstudio.com/v2/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://2f0f8fc-az-westeurope.fsly.cdn.ebsd.ericsson.net/ https://2f0f8fc-az-westeurope-fsly.cdn.redbee.live/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://exposure.api.redbee.live/v1/ https://eventsink.api.redbee.live/ http://*.ukparliament.groovygecko.com/ https://*.kaltura.com/ http://*.kaltura.com/ https://ssl.google-analytics.com/ https://vodplayer.parliamentlive.tv/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/r/ https://www.google.com/ads/ https://www.google.co.uk/ads/ https://ssl.gstatic.com https://www.gstatic.com data:; font-src 'self' data:; frame-ancestors 'self' *.parliamentlive.tv/; frame-src https://*.vualto.com http://*.vualto.com https://www.google.com/ https://*.parliamentlive.tv/ http://*.parliamentlive.tv/; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://tagmanager.google.com https://fonts.googleapis.com; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.thegrocer.co.uk https://eme.abacusemedia.com; 1
frame-ancestors 'self' www.seznam.cz share.seznam.cz search.seznam.cz www.google.cz www.google.com *.seznamakce.cz www.garaz.cz admin.garaz.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.szn.cz *.sdn.cz gacz.hit.gemius.pl scz.hit.gemius.pl www.google-analytics.com https://www.googletagmanager.com/gtag/js cdn-gl.imrworldwide.com *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.instagram.com *.tiktok.com *.ttwstatic.com https://www.gstatic.com https://ajax.googleapis.com login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.garaz.cz https://www.garaz.cz 1
frame-ancestors 'self' https://dm.apuestas.codere.es https://m.clubcodere.es https://m.apuestas.codere.es https://m.codere.pa https://dm.clubcodere.es https://m.codere.com.co https://blog.codere.es file://* capacitor://codere.es https://codere.es; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.lndo.site *.suno.com.br *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.onesignal.com https://onesignal.com *.facebook.net *.google-analytics.com  *.googlesyndication.com *.hotjar.com *.getblue.io *.g.doubleclick.net ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.hs-scripts.com *.licdn.com *.facebook.com *.hs-banner.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hubapi.com *.hubspot.com *.twitter.com *.twimg.com *.hsforms.net https://unpkg.com *.googleapis.com *.hsforms.com *.amazonaws.com *.validity.com *.youtube.com *.newrelic.com *.nr-data.net *.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.min.js http://localhost:3000 *.getwisp.co *.cloudfront.net https://js.hubspotfeedback.com/feedbackweb-new.js *.analytics.tiktok.com https://www.googleoptimize.com/optimize.js https://td.doubleclick.net https://npmcdn.com/flatpickr/dist/l10n/pt.js https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.1/jquery.min.js https://cdn.jsdelivr.net/npm/swiper@6.3.3/swiper-bundle.min.js https://app.powerbi.com/ *.funnelytics.io cdn.wisepops.com loader.wisepops.com app.getwisp.co activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net notifications.wisepops.com *.wisepops.com *.wisepops.net *.clarity.ms https://tag.goadopt.io/injector.js https://disclaimer-api.goadopt.io/api/tag/get-consent https://membros-api-gateway.suno.com.br/api/v1/events/register-data https://static.ads-twitter.com/uwt.js https://www.google.com.br/ads/ga-audiences *.goadopt.io https://forms.hubspot.com https://tag.curiosidadesdigitais.com/suno_suno.9999.js http://cdn.stape.io https://sunoresearch-com-br-7171354.hs-sites.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com https://onesignal.com *.ampproject.org http://localhost:3000/styles/frontend.css *.code.jquery.com http://localhost:3000/styles/admin.css http://code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css; img-src * data: cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net; font-src * data:; connect-src 'self' http://suno-noticias-develop.suno-noticias.svc.cluster.local http://suno-noticias.lndo.site *.suno.com.br *.google.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com wisepops.net *.wisepops.com *.clarity.ms https://forms.hubspot.com https://api.hubspot.com/ https://js.hs-banner.com/ https://cta-service-cms2.hubspot.com/ https://googleads.g.doubleclick.net/ https://cdn.ampproject.org *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com  *.googlesyndication.com *.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.facebook.com *.twitter.com *.twimg.com *.googleapis.com *.amazonaws.com *.youtube.com *.newrelic.com *.cloudfront.net https://disclaimer-api.goadopt.io http://cdn.stape.io *.hubapi.com https://sunoresearch-com-br-7171354.hs-sites.com/; object-src 'none'; base-uri 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com www.google-analytics.com ajax.aspnetcdn.com ajax.googleapis.com cdnjs.cloudflare.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com *.doubleclick.net flex.msn.com bat.bing.com dvrt.t101.com unpkg.com www.google.com www.gstatic.com https://ads.recon.com recon-static.t101cdn.net www.recon.com;object-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com recon-static.t101cdn.net www.recon.com;img-src 'self' data: blob: www.google-analytics.com analytics.google.com dvrt.t101.com *.g.doubleclick.net www.googleadservices.com www.googletagmanager.com www.google.com www.google.co.uk www.google.au www.google.fr www.google.ie www.google.it www.google.nl www.google.ca www.google.es www.google.de www.gstatic.com *.r.msn.com bat.bing.com *.r.bat.bing.com recon-images.t101cdn.net recon-static.t101cdn.net images.email.recon.com static.recon.t101cdn.net recon-media.t101content.net media.recon.t101cdn.net ssl.gstatic.com https://ads-static.recon.com https://ads.recon.com media.recon.t101api.com www.recon.com;media-src 'self' recon-static.t101cdn.net www.recon.com;frame-src www.google.com;font-src 'self' fonts.gstatic.com sxt.cdn.skype.com recon-static.t101cdn.net www.recon.com;connect-src 'self' *.t101api.com www.google-analytics.com analytics.google.com *.analytics.google.com stats.g.doubleclick.net www.google.com www.gstatic.com https://ads.recon.com recon-static.t101cdn.net www.recon.com;frame-ancestors 'none';manifest-src 'self';report-uri https://t101.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://kiwiirc.com ; style-src 'self' 'unsafe-inline'; img-src 'self' https://user-content.yiiframework.com https://www.gravatar.com http://www.gravatar.com data: ; child-src 'self' https://kiwiirc.com ; frame-src 'self' https://kiwiirc.com ; upgrade-insecure-requests ; 1
frame-ancestors 'self' https://*.olaelectric.com https://*.olacabs.com; 1
frame-ancestors 'self' https://reittiopas.hsl.fi https://dev.reittiopas.fi/ https://next-dev.digitransit.fi 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru eda.yandex.ru eda.yandex eda.yandex.kz eats.yandex.com eda.yandex.by yastatic.net mc.yandex.ru; style-src blob: data: 'self' 'unsafe-inline' yandex.ru eda.yandex eda.yandex.ru yastatic.net *.yandex.ru *.yandex.net *.foodfox.ru; font-src 'self' eda.yandex eda.yandex.ru yastatic.net *.yandex.net; object-src 'none'; img-src data: blob: *; connect-src 'self' mc.yandex.ru yandex.ru; 1
default-src * blob:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org; img-src * data: *.akstat.io *.clicktale.net *.contentsquare.net *.google-analytics.com *.googletagmanager.com *.cookielaw.org www.google.com px.ads.linkedin.com; style-src 'self' 'unsafe-inline' *.go.com *.wdpromedia.com *.wdprapps.disney.com *.liveperson.net *.gam-apigw.wdprapps.disney.com tagmanager.google.com fonts.googleapis.com *.apptentive.com; frame-src 'self' *.go.com *.fls.doubleclick.net stags.bluekai.com tags.bluekai.com assets.adobedtm.com *.lpsnmedia.net *.liveperson.net *.facebook.com *.tamgrt.com *.flashtalking.com *.clicktale.net disney.idmelabs.com disney.id.me *.demdex.net cdn1.parksmedia.wdprapps.disney.com cdn2.parksmedia.wdprapps.disney.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com s.amazon-adsystem.com *.bluekai.com *.doubleclick.net *.snapchat.com *.adsrvr.org *.disney.com *.wdpromedia.com 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com tagmanager.google.com *.tt.omtrdc.net blob:; font-src * data: fonts.gstatic.com; connect-src * blob: 'self' *.disney.com *.go.com *.demdex.net *.tt.omtrdc.net *.akstat.io *.go-mpulse.net *.clicktale.net *.contentsquare.net r.disneystore.com r.disney.com r.disney.go.com r.starwars.com r.disneyjunior.com r.babble.com r.disneybaby.com *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.apptentive.com bat.bing.com *.branch.io *.doubleclick.net cdn.linkedin.oribi.io *.reson8.com *.snapchat.com analytics.tiktok.com s.yimg.com; child-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob:; worker-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.nr-data.net *.newrelic.com *.hongkongdisneyland.com *.go.com *.wdpromedia.com *.content.disney.io *.disneyinternational.com *.wdprapps.disney.com connect.facebook.net *.scorecardresearch.com *.dilcdn.com *.wdpro.wdig.com *.tt.omtrdc.net dpm.demdex.net assets.adobedtm.com tags.bkrtx.com d1ivexoxmp59q7.cloudfront.net disneyparks.sp1.convertro.com stags.bluekai.com tags.bluekai.com bat.bing.com *.doubleclick.net *.clicktale.net s.yimg.com/wi/ytc.js *.ads-twitter.com *.twitter.com *.facebook.com *.lpsnmedia.net *.liveperson.net *.googleadservices.com *.yahoo.com tag.mtrcs.samba.tv *.proofhq.com *.googletagmanager.com *.google-analytics.com static.tacdn.com *.resonate.com *.reson8.com *.sojern.com *.appdynamics.com *.eum-appdynamics.com *.go-mpulse.net *.akstat.io *.gam-apigw.wdprapps.disney.com *.disney.com www.googletagmanager.com tagmanager.google.com *.demdex.net *.contentsquare.com *.cookielaw.org *.onetrust.com *.apptentive.com *.bluekai.com *.branch.io app.link www.googleadservices.com www.google.com snap.licdn.com cdn.resonate.com sc-static.net *.snapchat.com analytics.tiktok.com js.adsrvr.org blob: 1
frame-ancestors https://*.mdsol.com 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.fr/report-uri/enforce 1
frame-ancestors 'self' https://cdn.csas.cz 1
frame-ancestors https://*.uny.ac.id; 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sibforms.com *.hotjar.com *.google-analytics.com *.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src 'none'; connect-src *; font-src 'self'; frame-src 'self' app.storylane.io *.sentry.io; 1
default-src 'self'; object-src 'none'; base-uri 'none'; script-src 'nonce-fa12efd56684cb33ec7a74024a2747f1' 'self' 'strict-dynamic'; style-src 'nonce-fa12efd56684cb33ec7a74024a2747f1' 'self' https://fonts.googleapis.com https://use.fontawesome.com 'unsafe-hashes' 'sha256-4/2nIlfwIVTJ1+JcNQ6LkeVWzNS148LKAJeL5yofdN4='; font-src 'self' https://fonts.gstatic.com https://web-commons.pystatic.com https://stg-web-commons.pystatic.com https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' *.pystatic.com https://images.deliveryhero.io https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://www.facebook.com *.googletagmanager.com data:; connect-src 'self' https://*.perimeterx.net https://*.ingest.sentry.iO https://sentry-v2.peya.app https://us-client.fwf.deliveryhero.net https://maps.googleapis.com https://www.google-analytics.com https://sdk.iad-01.braze.com https://pagespeed.deliveryhero.net https://perseus-stg.deliveryhero.net https://perseus.deliveryhero.net https://o4504046939799552.ingest.sentry.io https://ampcid.google.com https://ampcid.google.co.cl https://ampcid.google.co.ar https://ampcid.google.co.bo https://ampcid.google.co.pa https://ampcid.google.co.py https://ampcid.google.co.uy https://ampcid.google.co.ve https://ampcid.google.co.ec https://ampcid.google.co.gt https://ampcid.google.co.cr https://ampcid.google.co.sv https://ampcid.google.co.ni https://ampcid.google.co.do; frame-src 'self' 'strict-dynamic'; frame-ancestors *.pedidosya.com *.pedidosya.cl *.pedidosya.com.ar *.pedidosya.com.bo *.pedidosya.com.pa *.pedidosya.com.py *.pedidosya.com.uy *.pedidosya.com.ve *.pedidosya.com.pe *.pedidosya.com.ec *.pedidosya.com.gt *.pedidosya.com.hn *.pedidosya.cr *.pedidosyasv.com.sv *.pedidosyani.com.ni *.pedidosya.com.do 'self' 1
default-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domainname.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domene.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
default-src 'self' *.ebuyer.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.cnetcontent.com *.cnetcontentsolutions.com www.dwin1.com e2d2.easy2.com *.google.com *.google-analytics.com *.googleadservices.com *.googlecommerce.com *.googletagmanager.com *.niceincontact.com *.reevoo.com *.feefo.com www.gstatic.com *.facebook.net *.twitter.com content.syndigo.net *.exponea.com blob: *.turn.com snap.licdn.com px.ads.linkedin.com widget.trustpilot.com w-it.m-t.io *.segmentify.com *.webgains.io cnstrc.com www.googleoptimize.com *.googleapis.com *.tiktok.com collector-11098.tvsquared.com *.klaviyo.com *.clarity.ms js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net *.hotjar.com *.redditstatic.com *.1worldsync.com *.fullstory.com *.mention-me.com smct.co smct.io *.smct.co *.smct.io *.onetrust.com https://secure.dekopay.com *.doubleclick.net; object-src 'self' *.reevoo.com *.feefo.com; style-src 'self' 'unsafe-inline' *.cloudfront.net *.cnetcontentsolutions.com *.cnetcontent.com *.reevoo.com *.feefo.com *.google.com fonts.googleapis.com *.segmentify.com *.1worldsync.com *.niceincontact.com; img-src 'self' data: *.cloudfront.net *.cnetcontent.com *.cnetcontentsolutions.com *.cnetcontentsyndication.com *.doubleclick.net img.ebyrcdn.net *.ebuyer.com *.facebook.com *.google.ie *.google.com *.google.co.uk *.google-analytics.com *.niceincontact.com al-de-platform-avatars.s3.eu-west-2.amazonaws.com www.googlecommerce.com *.gstatic.com bat.r.msn.com *.reevoo.com *.feefo.com *.twitter.com *.syndigo.net ads.yahoo.com w-it.m-t.io px.ads.linkedin.com collector-11098.tvsquared.com *.klaviyo.com *.hubspot.com *.reddit.com *.1worldsync.com smct.co smct.io *.smct.co *.smct.io *.onetrust.com; media-src 'none'; frame-src 'self' *.cnetcontentsolutions.com *.reevoo.com *.feefo.com *.niceincontact.com www.googlecommerce.com *.google.com *.facebook.com *.twitter.com *.youtube.com *.cnetcontent.com *.trustpilot.com *.hotjar.com *.1worldsync.com *.mention-me.com https://mention-me.com smct.co smct.io *.smct.co *.smct.io d2d7do8qaecbru.cloudfront.net *.doubleclick.net; font-src 'self' 'self' data: 'unsafe-inline' fonts.gstatic.com x.klarnacdn.net *.reevoo.com *.feefo.com *.niceincontact.com fonts.smct.co fonts.smct.io; connect-src 'self' *.googlecommerce.com *.google-analytics.com *.exponea.com *.turn.com *.niceincontact.com wss: *.niceincontact.com *.segmentify.com *.webgains.io *.cnstrc.com *.googleapis.com *.klaviyo.com *.tiktok.com *.clarity.ms *.hubspot.com *.hotjar.com *.fullstory.com *.mention-me.com https://mention-me.com smct.co smct.io *.smct.co *.smct.io cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.onetrust.com orders.ebuyer.com; 1
script-src 'unsafe-inline' 'unsafe-eval' * blob:; frame-src 'unsafe-inline' *; Connect-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *; Img-src * data:; upgrade-insecure-requests; 1
default-src https: ; font-src https://maxcdn.bootstrapcdn.com/ data: 'self'; frame-ancestors *; frame-src *; img-src https: data: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://maxcdn.bootstrapcdn.com/ 'self' 'unsafe-inline'; 1
script-src *.segmanta.com *.pypestream.com *.bigcommerce.com *.betrad.com *.ipify.org *.kaptcha.com *.jebbit.com *.lightboxcdn.com *.dynatrace.com *.azurewebsites.net cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.devcloudsoftware.com *.zmags.com *.jquery.com *.crazyegg.com *.adsrvr.org sc-static.net *.pinimg.com *.googleadservices.com *.braintreegateway.com *.sandbox.braintree-api.com *.stripe.com *.doubleclick.net *.googletagmanager.com *.agkn.com *.pgsitecore.com *.pghub.io *.online-metrix.net *.amazonaws.com *.moatads.com *.paypalobjects.com *.paypal.com *.rewardstyle.com *.adsrvr.org *.adsrvr.org *.moatads.com *.attn.tv *.linkedin.com *.youtube.com *.ytimg.com *.bing.com *.gstatic.com *.addthis.com *.addthisedge.com *.moatads.com *.agkn.com *.online-metrix.net *.ravenjs.com *.addrexx10.com *.bizographics.com *.cardinalcommerce.com *.bazaarvoice.com *.yotpo.com  cdn.cookielaw.org  *.cloudfront.net *.rpxnow.com rpxnow.com *.iesnare.com *.polyfill.io geolocation.onetrust.com *.sharethis.com *.tapad.app *.pepperjam.com *.segment.com *.affirm.com *.minibc.com *.syndigo.com *.webcollage.net *.mapbox.com *.lytics.io *.ordergroove.com *.pepperjamnetwork.com *.tp88trk.com *.snapchat.com *.tiktok.com *.rokt.com *.ssacdn.com *.ads-twitter.com *.twitter.com *.ssacdn.com *.terracycle.com *.swaven.com https://tapjoy.go2cloud.org/SL2Wm https://shareasale-analytics.com/j.js https://pghub.io/js/pandg-sdk.js optanon.blob.core.windows.net b-code.liadm.com 'self' 'unsafe-eval' 'unsafe-inline' blob: ; frame-ancestors 'self' ; object-src 'none'; 1
default-src 'self' *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' img.equinenow.com *.2mdn.net *.acexedge.com *.adbutter.net *.adrta.com *.adsafeprotected.com *.adnxs.com *.adnxtr.com *.adroll.com *.adsrvr.org *.adtechus.com *.atdmt.com ajax.googleapis.com *.amazonaws.com *.amazon-adsystem.com *.ampproject.org *.basis.net *.betrad.com *.bidsumulator.com *.bidswitch.net *.bluekai.com *.bidr.io *.contextweb.com *.clarium.io *.demdex.net *.dotomi.com *.doubleclick.net *.doubleverify.com *.dowlextff.com *.dvtps.com connect.facebook.net confiant-integrations.global.ssl.fastly.net *.confiant-integrations.net *.esm1.net *.exponential.com *.everesttech.net *.evidon.com *.fastclick.net *.flashtalking.com maps.googleapis.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.jivox.com *.krxd.net *.mathtag.com *.mediamathtag.com *.minkatu.com *.moatads.com *.myvisualiq.net *.olark.com *.opendns.com *.revjet.com *.pinterest.com *.quantcount.com *.quantserve.com *.scorecardresearch.com *.serving-sys.com *.sharethis.com *.sitescount.com *.steelhousemedia.com *.stripe.com *.tubemogul.com *.trustarc.com *.truste.com *.turn.com *.voicefive.com *.ybp.yahoo.com *.yimg.com; style-src img.equinenow.com 'self' 'unsafe-inline' *.googleapis.com *.cmptch.com *.evidon.com *.fastclick.net maxcdn.bootstrapcdn.com *.quantcount.com *.sharethis.com; style-src-elem img.equinenow.com 'self' 'unsafe-inline' *.evidon.com fonts.googleapis.com maxcdn.bootstrapcdn.com content.quantcount.com secure.cdn.fastclick.net static.olark.com *.sharethis.com; img-src * 'self' data: *.equinenow.com; font-src 'self' data: img.equinenow.com maxcdn.bootstrapcdn.com fonts.googleapis.com tpc.googlesyndication.com cdnjs.cloudflare.com fonts.gstatic.com cdn.revjet.com c.steelhousemedia.com; connect-src 'self' www.facebook.com *.acexedge.com *.adnxs.com *.adsrvr.org *.amazon-adsystem.com *.ampproject.org adserver-us.adtech.advertising.com *.bttrack.com *.contextweb.com *.casalemedia.com *.clearrtb.com *.clarium.io *.doubleclick.net *.doubleverify.com *.dotomi.com *.districtm.io *.flashtalking.com fundingchoicesmessages.google.com *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.gstatic.com metrics.nt.vc *.opendns.com *.serving-sys.com *.sharethis.com *.steelhousemedia.com *.yahoo.com; frame-ancestors 'self' *.safeframe.googlesyndication.com *.allbreedpedigree.com *.pedigreequery.com; frame-src 'self' *.2mdn.net *.adform.net *.admission.net *.adnxs.com *.amazon-adsystem.com advertising.aol.com bttrack.com *.casalemedia.com *.cargurus.com connect.facebook.net *.consensu.org *.contobox.com *.criteo.com *.doubleclick.net *.doubleverify.com *.dvtps.com *.facebook.com *.flashtalking.com *.google.com *.googlesyndication.com *.linksynergy.com *.mathtag.com match.prod.bidr.io *.opendns.com *.placelocal.com *.serving-sys.com *.sharethis.com *.simpli.fi *.sitescout.com *.stripe.com *.turn.com *.vimeo.com *.w55c.net *.youtube.com; object-src 'none'; media-src *; form-action 'self' edge.sharethis.com m.facebook.com facebook.com www.google.com www.paypal.com www.uship.com; base-uri 'none'; report-to csp-services; report-uri https://equinenow.report-uri.com/r/d/csp/reportOnly; 1
base-uri 'self'; child-src blob:; connect-src 'self' * blob: data:; default-src 'self'; font-src 'self' * data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' * data:; img-src 'self' * about: blob: data:; media-src * blob: data:; object-src https://players.brightcove.net; prefetch-src 'self' *; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub76ded8377f7502c3dcedbac113428770&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:courttv-prod; script-src 'self' 'unsafe-eval' 'unsafe-inline' * blob: data:; style-src 'self' 'unsafe-inline' * data:; worker-src 'self' blob: 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: www.recaptcha.net/recaptcha www.google.com/recaptcha www.gstatic.com/recaptcha 'nonce-RNo+AlFAUU7/4Y6/zYvGWA=='; style-src 'self' https: 'nonce-RNo+AlFAUU7/4Y6/zYvGWA==' 1
frame-ancestors *.edfringe.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: *.ep-mimecast.ads-twitter.com analytics.twitter.com static.ads-twitter.com t.co code.jquery.com cdn.jsdelivr.net googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' 'report-sample' https: platform.twitter.com code.jquery.com cdn.jsdelivr.net googletagmanager.com; object-src 'none'; frame-ancestors t.co twitter.com; block-all-mixed-content; frame-src https: s-usc1c-nss-394.firebaseio.com *.twitter.com twitter.com; child-src 'self' platform.twitter.com googletagmanager.com; img-src 'self' data: blob: https: *.gravatar.com t.co *.twitter.com twitter.com code.jquery.com cdn.jsdelivr.net; font-src 'self' data: https: cdn.jsdelivr.net; connect-src 'self' wss: https: mtn-pulse-files.s3.af-south-1.amazonaws.com about: ajax.googleapis.com googletagmanager.com fonts.googleapis.com fonts.gstatic.com www.google-analytics.comstats.g.doubleclick.net ampcid.google.com analytics.google.com t.co *.twitter.com twitter.com code.jquery.com cdn.jsdelivr.net; manifest-src 'self' data:; base-uri 'self'; form-action 'self' *.twitter.com; media-src 'self' blob: https:; prefetch-src 'self'; worker-src 'self'; 1
default-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; manifest-src 'self'; frame-src https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://www.youtube-nocookie.com; worker-src 'self' blob:; media-src 'self' https://video.twimg.com; img-src 'self' blob: data: https://pbs.twimg.com https://lh1.googleusercontent.com https://lh2.googleusercontent.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://images.contentstack.io https://images.footballfanatics.com https://fanatics.frgimages.com https://feeds.frgimages.com https://cdn.cookielaw.org https://s.zkcdn.net https://i.ytimg.com; connect-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://www.google-analytics.com https://vitals.vercel-insights.com https://api-js.mixpanel.com https://sdk.iad-05.braze.com https://o1397824.ingest.sentry.io wss://b1gws.boostsport.ai dr55so0v186nb.cloudfront.net https://auth.bigten.org https://b1gbeprod.boostsport.ai https://engage-api.boostsport.ai; script-src 'self' 'nonce-l8emr6uq28i' 'sha256-ka3xBp9kPEdafj6sE97HFhpJY8ZN+Aj6Fv/z1KyWvBQ=' 'sha256-fZrjJ52FgBHBPUlYQn06YoX8aFqGNsVYh7CFyPannGg=' https://www.google-analytics.com https://www.googletagmanager.com https://cdn.mxpnl.com https://sdk.iad-05.braze.com https://js.appboycdn.com https://o1397824.ingest.sentry.io https://cdn.cookielaw.org https://www.youtube.com; font-src 'self' https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' 1
frame-src *.nttdataservices.com *.nttdata.com *.google.com *.googletagmanager.com *.pardot.com *.ceros.com 'self' *.sitescout.com *.sharethis.com *.company-target.com *.hotjar.com *.facebook.net *.twitter.com *.youtube.com *.infogram.com *.jobdiva.com *.doubleclick.net *.adsrvr.org *.clarity.ms *.evidon.com; frame-ancestors 'self' *.nttdataservices.com *.nttdata.com; 1
default-src 'self';script-src 'self' https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.ramblers.org.uk https://cdn.jsdelivr.net/gh/davidjbradshaw/iframe-resizer@4.2.10/js/iframeResizer.min.js https://cdn.jsdelivr.net/gh/davidjbradshaw/iframe-resizer@v4.2.10/js/iframeResizer.contentWindow.min.js https://t0.ads.astuntechnology.com https://cc.cdn.civiccomputing.com https://apikeys.civiccomputing.com/ https://connect.facebook.net https://www.facebook.com https://p.teads.tv *.google-analytics.com/ https://fonts.googleapis.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://www.google.co.uk/ads/ https://analytics.google.com/ https://www.google.com.eg/ads/ *.google.co.uk/ *.google.com/ https://js-agent.newrelic.com/ https://g.adspeed.net/;connect-src 'self' https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk *.teads.tv https://ramblersinternaldev.eu.auth0.com https://ramblers-saml.eu.auth0.com https://apikeys.civiccomputing.com https://www.googletagmanager.com https://www.google-analytics.com https://apikeys.civiccomputing.com https://stats.g.doubleclick.net https://region1.google-analytics.com *.google-analytics.com/ https://fonts.googleapis.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://www.google.co.uk/ads/ https://analytics.google.com/ https://www.google.com.eg/ads/ *.google.co.uk/ *.google.com/;style-src 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com/;font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/;object-src 'self';form-action 'self';base-uri 'self';manifest-src 'self';media-src 'self';img-src 'self' data: https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk *.ramblers.nomensa.xyz *.ramblers.org.uk *.teads.tv *.tile.openstreetmap.org api.os.uk *.ramblersroutes.org https://www.facebook.com *.google-analytics.com/ https://fonts.googleapis.com/ https://bam.nr-data.net/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://www.google.co.uk/ads/ https://analytics.google.com/ https://www.google.com.eg/ads/ *.google.co.uk/ *.google.com/ https://g.adspeed.net/ https://www.therivergroup.co.uk/;frame-src https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk https://www.youtube.com/ https://g.adspeed.net/;child-src https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk;frame-ancestors https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk https://walks-manager.ramblers.org.uk https://forms.ramblers.org.uk 1
child-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;frame-src *; 1
frame-ancestors 'self' https://www.myrepublic.co.id 1
frame-ancestors 'self' https://*.onfido.com/ 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-Lkp02rnxcl4//+bgz5aCBOhER+rXL3' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src https 'self'; child-src * data: blob:; connect-src 'self' blob: www.dropbox.com api.dropboxapi.com s3.amazonaws.com/gumroad s3.amazonaws.com/gumroad/ gumroad-public-storage.s3.amazonaws.com gumroad-public-storage.s3.amazonaws.com/ s3.amazonaws.com/gumroad-public-storage s3.amazonaws.com/gumroad-public-storage/ www.google.com www.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.g.doubleclick.net *.googletagmanager.com analytics.google.com *.analytics.google.com files.gumroad.com/ d1bdh6c3ceakz5.cloudfront.net/ *.braintreegateway.com www.paypalobjects.com *.paypal.com *.braintree-api.com iframe.ly beaconapi.helpscout.net d3hb14vkzrxvla.cloudfront.net app.gumroad.com; font-src * data: blob:; frame-src * data: blob:; img-src * data: blob:; media-src * data: blob:; object-src * data: blob:; script-src 'self' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com js.stripe.com api.stripe.com *.braintreegateway.com *.braintree-api.com www.paypalobjects.com *.paypal.com *.google-analytics.com *.googletagmanager.com optimize.google.com www.googleadservices.com www.google.com www.gstatic.com *.facebook.net *.facebook.com www.dropbox.com s.ytimg.com cdn.iframe.ly platform.twitter.com cdn.jwplayer.com *.jwpcdn.com gumroad.us3.list-manage.com analytics.twitter.com beacon-v2.helpscout.net app.gumroad.com assets.gumroad.com 'nonce-9SvnYob4rzG6va4MEPlJ3zQbTxQZNCnO4vqFDzo/l9M=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' s.ytimg.com optimize.google.com fonts.googleapis.com assets.gumroad.com; worker-src * data: blob: 1
frame-ancestors https://www.finanztreff.de; 1
block-all-mixed-content; default-src 'self' 'unsafe-inline' *.easyship.com fonts.googleapis.com https://assets-global.website-files.com *.doubleclick.net app.hubspot.com player.vimeo.com https://*.hotjar.com https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.be https://*.google.fr https://*.google.ca https://*.google.de https://*.google.es https://*.google.be https://*.google.it https://*.google.ie; form-action 'self'; frame-src 'self' *.cloudflare.com app.hubspot.com https://*.google.com; frame-ancestors 'self' *.easyship.com https://*.rainfactory.com https://*.pachelp.com; object-src 'none'; font-src 'self' data: fonts.gstatic.com *.easyship.com https://*.hotjar.com; connect-src 'self' https://assets-global.website-files.com *.linkedin.com *.easyship.com https://cdn-cookieyes.com *.clarity.ms *.cookieyes.com *.google.com *.hubspot.com *.google-analytics.com stats.g.doubleclick.net sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com cdn.plyr.io *.ipify.org https://*.hsforms.com https://secure.intelligent-company-365.com https://www.googletagmanager.com https://static.cloudflareinsights.com; img-src 'self' *.easyship.com data: https://assets-global.website-files.com https://cdn-cookieyes.com *.clarity.ms *.bing.com *.google.com *.linkedin.com *.hubspot.com *.intelligent-company-365.com *.facebook.com *.facebook.net easyship.ghost.io *.googletagmanager.com *.google-analytics.com *.googleusercontent.com *.vimeocdn.com https://*.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.easyship.com https://assets-global.website-files.com ajax.googleapis.com *.cloudfront.net https://cdn-cookieyes.com *.ads-twitter.com *.bing.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com https://*.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsleadflows.net *.impactradius-event.com *.jsdelivr.net *.licdn.com *.twitter.com *.usemessages.com *.vimeo.com *.intelligent-company-365.com *.sentry-cdn.com cdn.plyr.io; upgrade-insecure-requests; 1
default-src 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de logs1409.xiti.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' rundfunkbeitrag.de *.rundfunkbeitrag.de logs1409.xiti.com 1
child-src 'self' blob: https://*.easyeda.com https://cart.jlcpcb.com https://jlcpcb.com www.google.com https://www.youtube.com; frame-ancestors 'self' https://cart.jlcpcb.com https://jlcpcb.com  www.google.com https://www.youtube.com https://*.easyeda.com 1
frame-ancestors https://platform-as.marketintelligence.spglobal.com https://platform-av.marketintelligence.spglobal.com https://platform.mi.spglobal.com https://platform.marketintelligence.spglobal.com https://www.snl.com https://platform.mi.spglobal.cn https://platform.ratings360.spglobal.com https://platform.platts.spglobal.com https://www.platform.spgi.spglobal.cn https://platform.spgi.spglobal.cn https://www.platform.spgi.spglobal.com https://platform.spgi.spglobal.com https://www.capitaliq.spglobal.com https://www.capitaliq.spglobal.cn https://www.capitaliqpro.spglobal.com https://www.capitaliqpro.spglobal.cn  'self'; 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' blob:; img-src 'self' data: https:; media-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self';worker-src 'self' 'unsafe-inline' * blob:; child-src 'self' https: blob: data:; connect-src 'self' https: wss://*.hotjar.com; 1
default-src 'self' *.unum.com about: ; style-src 'self' 'unsafe-inline' translate.googleapis.com www.riddle.com fonts.googleapis.com tagmanager.google.com unumux.github.io optimize.google.com; media-src 'self' 'unsafe-inline' data: vod-progressive.akamaized.net player.vimeo.com; font-src 'self' data: fonts.gstatic.com www.unum.com unum.com zip.co at.alicdn.com themes.googleusercontent.com; frame-src 'self' https://app.teamwalnut.com/ https://outlook.office365.com edge.addthis.com mozbar.moz.com gateway.zscaler.net gateway.zscloud.net gateway.zscalertwo.net maps.google.com www.youtube.com www.google.com googleads.g.doubleclick.net www.facebook.com tpc.googlesyndication.com www.googletagmanager.com bid.g.doubleclick.net s7.addthis.com vimeo.com player.vimeo.com *.buzzsprout.com gateway.zscalerthree.net *.invisionapp.com *.unum.com *.ceros.com *.axshare.com strawpoll.com *.strawpoll.com *.riddle.com https://21775334.fs1.hubspotusercontent-na1.net/; child-src 'self' 'unsafe-inline' www.riddle.com www.youtube.com *.google.com www.google.com *.addthis.com *.vimeo.com bid.g.doubleclick.net www.buzzsprout.com *.doubleclick.net outlook.office365.com www.enrollunum.com *.invisionapp.com *.axshare.com *.unum.com *.ceros.com *.facebook.com; img-src 'self' 'unsafe-inline' ssl.google-analytics.com www.google.lu www.google.lk www.google.com.lb www.google.cl www.google.mv www.google.hu www.google.co.ao about:  www.google.ge www.google.fi www.google.com.ar www.google.cn www.google.com.bd www.google.iq www.google.az www.google.co.zw www.google.dk www.google.com.et www.google.no translate.google.com www.google.rs www.google.ro www.google.gg www.google.com.na www.google.com.tw www.google.com.br www.google.com.co www.google.com.pr www.google.ae www.google.com.mx px4.ads.linkedin.com www.google.com.pa i.ytimg.com www.google.com.eg www.google.co.jp www.google.co.id www.google.pt www.google.com.np www.google.ru www.google.la www.google.mg www.google.co.ke www.google.se www.google.com.af www.google.co.nz apply.indeed.com www.google.com.kh www.google.gr www.google.com.ua www.google.com.my www.google.com.au www.google.at www.google.ie www.google.com.ph www.google.com.pk www.google.co.th www.google.it www.google.es www.google.pl www.google.com.gh www.google.be www.google.com.tr www.google.nl www.google.co.za www.google.ch www.google.fr www.google.co.uk www.google.com.sg www.google.co.in www.google.ca www.google.de region1.google-analytics.com px.ads.linkedin.com thumbs.dreamstime.com unumux.github.io www.facebook.com *.unum.com data: *.adnxs.com secure.adnxs.com p.adsymptotic.com q.quora.com bat.bing.com apt.techtarget.com c.clarity.ms www.google-analytics.com https://www.google.com/ads/ga-audiences www.google.com www.pages01.net c.bing.com www.facebook.com www.linkedin.com *.agkn.com ads.stickyadstv.com bcp.crwdcntrl.net *.krxd.net ce.lijit.com *.doubleclick.net eb2.3lift.com *.pro-market.net idsync.rlcdn.com *.pubmatic.com loadm.exelator.com pippio.com pixel.rubiconproject.com pixel.tapad.com simplifi.partners.tremorhub.com stags.bluekai.com sync.bfmio.com *.intentiq.com sync.mathtag.com sync.search.spotxchange.com *.openx.net ups.analytics.yahoo.com www.googleadservices.com *.simpli.fi www.googletagmanager.com stats.g.doubleclick.net/r/ ssl.gstatic.com www.gstatic.com *.vimeocdn.com track.hubspot.com forms.hsforms.com https://stats.g.doubleclick.net/r/collect blob: *.cookielaw.org; base-uri 'self'; form-action 'self' 'unsafe-inline' *.enrollunum.com *.facebook.com; connect-src 'self' paapi6885.d41.co forms.hscollectedforms.net translate.googleapis.com get663.com www.google.com https://stats.g.doubleclick.net/j/collect https://ampcid.google.com adservice.google.com region1.google-analytics.com www.facebook.com m.addthis.com *.clarity.ms stats.g.doubleclick.net bat.bing.com forms.hubspot.com js.hs-banner.com api.hubapi.com www.googletagmanager.com www.google-analytics.com api-public.addthis.com *.techtarget.com *.oribi.io *.cookielaw.org *.onetrust.com *.unum.com; object-src 'none'; frame-ancestors 'self' https://www.unum.com www.unum.com https://www.unum.com/ unum.com; script-src 'self' code.jquery.com ecf.d41.co id.rlcdn.com v2.d41.co paapi6885.d41.co player.vimeo.com www.google.com/recaptcha/api.js 'sha256-YD1Hat8Jl5d2adEEnk3atErmhqmd+ZSwfv7Mey6W0t0=' 'sha256-GmB3Q3eaRbAvu89uKL6mhLgGv5dDSM18NJfw3I69gVA=' 'sha256-k7lZuo1pbfZ3xvCsJTzcMCZ3OB8G/4AX0mxemohQZWM=' 'sha256-1QEhYYX0CJvwxyfyqJ/CWBuBwhurqZ1B/jG1mug54dg=' 'sha256-Jo4gzdbfX/RP4su7nmC1wmhndJsLdy7fxlKtJEbjD1o=' 'sha256-tKmfqCwfZRx7BMMA04jDrxzOfHbyETGOPe4fASTbF4w=' 'sha256-/DOuCWKJXKDCHZMTdbC4RO44a5+mmJ6C0TlyWO4kTNY=' 'nonce-x6JLFBjdpRonhNjYa07ZzmlI6uo=' 'unsafe-eval'  get663.com translate.googleapis.com secure.adnxs.com https://ssl.google-analytics.com www.riddle.com *.cloudflare.com *.addthisedge.com *.moatads.com *.addthis.com cdn.amcharts.com snap.licdn.com google-analytics.com www.google-analytics.com tagmanager.google.com ajax.googleapis.com www.googleadservices.com googletagmanager.com www.googletagmanager.com www.sc.pages01.net www.sc.pages02.net unumux.github.io  connect.facebook.net bat.bing.com extend.vimeocdn.com trk.techtarget.com bat.bing.com stats.g.doubleclick.net *.clarity.ms googleads.g.doubleclick.net www.googleoptimize.com *.vimeo.com *.simpli.fi optimize.google.com js-na1.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com z.moatads.com apis.google.com about: *.cookielaw.org; script-src-attr 'unsafe-inline' 'unsafe-hashes'; 1
default-src  'self' ; connect-src    * data: blob: *.crazyegg.com 'unsafe-inline';  worker-src    * data: blob: *.transparent.com *.transparent.local *.s3.amazonaws.com;  font-src   * data: blob: 'unsafe-inline';  frame-src   'self' *.transparent.com *.transparent.local *.whichisenglish.transparent.com *.testwie.transparent.com *.s3.amazonaws.com *.amazon.com *.google.com *.appcues.com *.apple.com *.byki.com *.rbdigital.com *.rbdigitalstage.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.fastspring.com *.onfastspring.com *.hubspot.com *.facebook.com *.twitter.com *.taleo.net *.addthis.com *.hs-sites.com *.hsforms.com *.iorad.com *.typeform.com *.wistia.net *.wistia.com *.oncehub.com data: blob: mailto: --bridge-loaded-- bridge-loaded --wvjb-queue-message-- wvjb-queue-message 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.89 192.168.254.91;  manifest-src   'self' *.transparent.com *.transparent.local *.s3.amazonaws.com 192.168.254.49 192.168.254.52 192.168.254.83 192.168.254.89 192.168.254.91;  img-src    * *.crazyegg.com data: blob:;  media-src    * data: blob:;  object-src    * data: blob:;  script-src    * data: blob: *.crazyegg.com 'unsafe-inline' 'unsafe-eval';  style-src    * *.crazyegg.com 'unsafe-inline';  1
object-src 'none'; script-src 'strict-dynamic' https: 'nonce-D3wRbBDQHaaDFvknGsU9Kg=='; base-uri 'self'; report-uri /content_security_policy_report; upgrade-insecure-requests 1
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://api.sail-track.com https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io geolocation.onetrust.com api.sail-personalize.com api.company-target.com www.google-analytics.com *.clarity.ms siteintercept.qualtrics.com cdn.cookielaw.org ak.sail-track.com stats.g.doubleclick.net tag-logger.demandbase.com;default-src 'self';frame-src 'self' js.driftt.com s.company-target.com intercom-sheets.com;script-src 'self' 'unsafe-inline' widget.intercom.io *.intercomcdn.com cdn.heapanalytics.com www.googletagmanager.com static.cloudflareinsights.com tag.demandbase.com www.clarity.ms ak.sail-horizon.com www.google-analytics.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com cdn.cookielaw.org js.driftt.com *.clarity.ms;style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com www.google-analytics.com fonts.gstatic.com fast.fonts.net cdn.cookielaw.org heapanalytics.com c.clarity.ms id.rlcdn.com c.bing.com segments.company-target.com www.google.com www.google.com.np www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests 1
default-src 'self' blob: *.tricentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.adsrvr.org *.bing.com *.bizible.com *.cookielaw.org *.demandbase.com *.doubleclick.net *.facebook.net *.googleoptimize.com *.googletagmanager.com *.licdn.com *.marketo.net *.mountain.com https://dx.mountain.com https://px.mountain.com https://gs.mountain.com *.tricentis.com *.trustradius.com *.vimeo.com *.wistia.com *.youtube.com *.zoominfo.com https://js.adsrvr.org https://bat.bing.com https://cdn.bizible.com https://cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.js https://api.company-target.com https://cdn.cookielaw.org https://tag.demandbase.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.google.com https://*.google-analytics.com https://www.googleadservices.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net/npm/countup@1.8.2/dist/countUp.min.js https://snap.licdn.com https://munchkin.marketo.net https://cdn.mouseflow.com https://eu.mouseflow.com https://netlify-cdp-loader.netlify.app https://*.tricentis.com https://affiliates.tricentis.com https://fast.wistia.com https://fast.wistia.net https://ws.zoominfo.com https://www.youtube.com/iframe_api https://www.trustradius.com https://d30ia583fbtg8i.cloudfront.net/trustquotes https://b.6sc.co https://j.6sc.co https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.onetrust.com; style-src 'self' 'unsafe-inline' 'report-sample' *.marketo.net *.tricentis.com https://www.tricentis.com https://api.company-target.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://pages.tricentis.com https://lps.tricentis.com https://www.trustradius.com https://*.typekit.net https://d30ia583fbtg8i.cloudfront.net https://*.onetrust.com; object-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.doubleclick.net http://ad.doubleclick.net *.mktoresp.com *.mktoutil.com *.google.com https://analytics.google.com https://adservice.google.com https://www.googleadservices.com https://region1.analytics.google.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io *.company-target.com https://ws.zoominfo.com bat.bing.com *.google-analytics.com *.demandbase.com *.wistia.com *.onetrust.com *.facebook.com pages.tricentis.com lps.tricentis.com be.tricentis.com *.googlesyndication.com *.googletagmanager.com *.mouseflow.com https://eu.mouseflow.com https://o2.mouseflow.com https://www.trustradius.com https://dudodiprj2sv7.cloudfront.net dx.mountain.com px.mountain.com gs.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.litix.io https://px.ads.linkedin.com https://ipv6.6sc.co https://c.6sc.co https://logx.optimizely.com https://*.optimizely.com https://*.6sense.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt; font-src 'self' https://js.intercomcdn.com https://fonts.intercomcdn.com data: https://cdn.mouseflow.com https://fast.wistia.com https://fonts.gstatic.com https://use.typekit.net https://dudodiprj2sv7.cloudfront.net/font/glyphicons/ https://*.onetrust.com; frame-ancestors 'self' https://www.tricentis.com https://be-develop.tricentis.com https://be-test.tricentis.com https://be.tricentis.com; frame-src *.adsrvr.org *.facebook.com *.tricentis.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://bid.g.doubleclick.net https://datainsights-cdn.dm.aws.gartner.com https://td.doubleclick.net https://tpc.googlesyndication.com https://www.buzzsprout.com https://www.google.com https://player.vimeo.com https://fast.wistia.net https://www.youtube.com https://app.netlify.com https://s.company-target.com https://capture.navattic.com https://tricentis.navattic.com https://a26508490611.cdn.optimizely.com https://a26508490611.cdn-pci.optimizely.com; img-src 'self' blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.doubleclick.net http://ad.doubleclick.net https://pubads.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://adservice.google.com https://*.googletagmanager.com https://fonts.gstatic.com *.tricentis.com https://www.tricentis.com https://cdn.bizible.com https://cdn.bizibly.com *.capterra.com *.wistia.com *.linkedin.com https://px.ads.linkedin.com *.cookielaw.org *.googlesyndication.com https://www.google.com www.googletagmanager.com https://bat.bing.com https://id.rlcdn.com https://www.facebook.com https://segments.company-target.com https://capterra.s3.amazonaws.com https://eu.mouseflow.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://media.trustradius.com https://d30ia583fbtg8i.cloudfront.net https://px.ads.linkedin.com https://b.6sc.co https://cdn.optimizely.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.bt https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.co https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vn https://www.google.cz https://www.google.de https://www.google.dk https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gl https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.im https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.ne https://www.google.nl https://www.google.no https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.tg https://www.google.tn https://www.google.tt; media-src 'self' https://js.intercomcdn.com blob: https://*.wistia.com https://embedwistia-a.akamaihd.net; report-uri https://65eb3282bc57ae1120bf66ab.endpoint.csper.io?v=24; worker-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' a.mailmunch.co ajax.googleapis.com applygrad.bentley.edu assets.calendly.com assets.juicer.io www.juicer.io bam-cell.nr-data.net bam.nr-data.net bat.bing.com careerinsight.burning-glass.com cdn.datatables.net cdn.jsdelivr.net cdn.unibuddy.co connect.facebook.net d.bablic.com dx.steelhousemedia.com e.infogram.com embed-cdn.flockler.com fast.fonts.net fast.wistia.com fast.wistia.net fl-1.cdn.flockler.com js-agent.newrelic.com js.driftt.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com mktdplp102cdn.azureedge.net mx.technolutions.net plugins.flockler.com public.tableau.com px.steelhousemedia.com s.yimg.com script.hotjar.com secure.wufoo.com static.wufoo.com siteimproveanalytics.com snap.licdn.com static.hotjar.com traffic-drivers.unibuddy.co ugadmission.bentley.edu us2-live.inside-graph.com us2-track.inside-graph.com weatherwidget.io ww.steelhousemedia.com www.buzzsprout.com www.eventbrite.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com cse.google.com www.youtube.com www.youvisit.com dx.mountain.com px.mountain.com insight.adsrvr.org slate-technolutions-net.cdn.technolutions.net fw.cdn.technolutions.net *.cdn.technolutions.net us2-cdn.inside-graph.com api.libanswers.com v2.libanswers.com askus.bentley.edu form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com gs.mountain.com bentley.primo.exlibrisgroup.com www.instagram.com optimize.google.com *.flickr.com embedsocial.com js.hubspot.com marvel-b2-cdn.bc0a.com *.acquia.io sitegpt.ai *.sitegpt.ai *.termly.io apis.google.com https://assets.pinterest.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com platform.instagram.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' a.mailmunch.co ajax.googleapis.com applygrad.bentley.edu assets.calendly.com assets.juicer.io www.juicer.io bam-cell.nr-data.net bam.nr-data.net bat.bing.com careerinsight.burning-glass.com cdn.datatables.net cdn.jsdelivr.net cdn.unibuddy.co connect.facebook.net d.bablic.com dx.steelhousemedia.com e.infogram.com embed-cdn.flockler.com fast.fonts.net fast.wistia.com fast.wistia.net fl-1.cdn.flockler.com js-agent.newrelic.com js.driftt.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com mktdplp102cdn.azureedge.net mx.technolutions.net plugins.flockler.com public.tableau.com px.steelhousemedia.com s.yimg.com script.hotjar.com secure.wufoo.com static.wufoo.com siteimproveanalytics.com snap.licdn.com static.hotjar.com traffic-drivers.unibuddy.co ugadmission.bentley.edu us2-live.inside-graph.com us2-track.inside-graph.com weatherwidget.io ww.steelhousemedia.com www.buzzsprout.com www.eventbrite.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com cse.google.com www.youtube.com www.youvisit.com dx.mountain.com px.mountain.com insight.adsrvr.org slate-technolutions-net.cdn.technolutions.net fw.cdn.technolutions.net *.cdn.technolutions.net us2-cdn.inside-graph.com api.libanswers.com v2.libanswers.com askus.bentley.edu form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com googleads.g.doubleclick.net gs.mountain.com bentley.primo.exlibrisgroup.com www.instagram.com optimize.google.com *.google.com *.flickr.com embedsocial.com *.tiktok.com *.tiktokcdn-us.com js.hubspot.com marvel-b2-cdn.bc0a.com www.gstatic.com partner.googleadservices.com interfaces.zapier.com code.jquery.com *.acquia.io sitegpt.ai *.sitegpt.ai *.termly.io apis.google.com https://assets.pinterest.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' a.mailmunch.co assets.juicer.io www.juicer.io cdn.datatables.net fast.fonts.net fl-1.cdn.flockler.com assets.calendly.com p.typekit.net use.typekit.net fast.wistia.com slate-technolutions-net.cdn.technolutions.net fw.cdn.technolutions.net *.cdn.technolutions.net lf16-tiktok-web.ttwstatic.com www.google.com us2-cdn.inside-graph.com fonts.googleapis.com api.libanswers.com v2.libanswers.com askus.bentley.edu form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com optimize.google.com embedsocial.com js.hubspot.com *.acquia.io applygrad.bentley.edu sitegpt.ai *.sitegpt.ai https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' a.mailmunch.co assets.juicer.io www.juicer.io cdn.datatables.net fast.fonts.net fl-1.cdn.flockler.com assets.calendly.com p.typekit.net use.typekit.net fast.wistia.com slate-technolutions-net.cdn.technolutions.net fw.cdn.technolutions.net *.cdn.technolutions.net lf16-tiktok-web.ttwstatic.com www.google.com us2-cdn.inside-graph.com api.libanswers.com v2.libanswers.com askus.bentley.edu form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com fonts.googleapis.com www.instagram.com optimize.google.com embedsocial.com js.hubspot.com *.acquia.io applygrad.bentley.edu sitegpt.ai *.sitegpt.ai *.termly.io https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' e.issuu.com www.slideshare.net www.youtube-nocookie.com www.youtube.com app.myintuitionapp.org cdnapisec.kaltura.com fast.wistia.net forms.office.com maps.google.com player.vimeo.com *.vimeo.com teamup.com unibuddy.co w.soundcloud.com www.linkedin.com www.matchinggifts.com www.googletagmanager.com youtu.be bentleyu.wistia.com *.wistia.com *.kaltura.com plugins.flockler.com form.jotform.com form.jotform.us submit.jotform.us *.jotfor.ms cdn.weglot.com bentley.primo.exlibrisgroup.com www.instagram.com embedsocial.com js.hubspot.com cdn.forms.office.net *.imodules.com www.tours.vividmediany.com applygrad.bentley.edu sitegpt.ai *.sitegpt.ai *.termly.io; report-uri https://bentleyu.report-uri.com/r/d/csp/enforce 1
default-src 'self' blob: *.joc.com https://securepubads.g.doubleclick.net ; frame-ancestors app.pendo.io app.eu.pendo.io *.cvent.com cvent.com *.spglobal.com spglobal.com *.joc.com joc.com *.info.corp ; connect-src 'self' *.joc.com app.pendo.io data.pendo.io pendo-static-6557808519086080.storage.googleapis.com app.eu.pendo.io data.eu.pendo.io pendo-eu-static-6557808519086080.storage.googleapis.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://ad.doubleclick.net https://region1.analytics.google.com https://*.google-analytics.com www.google.com *.chargify.com https://*.akamaihd.net https://manifest.prod.boltdns.net https://edge.api.brightcove.com https://ka-f.fontawesome.com https://privacyportal.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://geoip-js.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com https://test.salesforce.com/ https://webto.salesforce.com/ ; img-src 'self' data: *.joc.com https://cdn.ihsmarkit.com https://cf-images.us-east-1.prod.boltdns.net app.pendo.io cdn.pendo.io pendo-static-6557808519086080.storage.googleapis.com data.pendo.io cdn.eu.pendo.io app.eu.pendo.io pendo-eu-static-6557808519086080.storage.googleapis.com data.eu.pendo.io https://metrics.brightcove.com https://on24static.akamaized.net https://i.ytimg.com https://content.cdntwrk.com/ https://*.google-analytics.com https://www.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://ad.doubleclick.net https://cdn.cookielaw.org https://www.gstatic.com/images/ *.joomag.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.joc.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6557808519086080.storage.googleapis.com app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io pendo-eu-static-6557808519086080.storage.googleapis.com data.eu.pendo.io https://console.googletagservices.com https://vjs.zencdn.net https://edge.api.brightcove.com https://players.brightcove.net https://js.chargify.com https://geoip-js.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://kit.fontawesome.com https://www.googletagmanager.com https://www.googletagservices.com https://*.google-analytics.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://adservice.google.com https://adservice.google.pl https://ad.doubleclick.net https://platform.twitter.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com/pagead/ ; frame-src 'self' *.joc.com *.chargify.com app.pendo.io app.eu.pendo.io https://www.youtube.com/ http://console.googletagservices.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://platform.twitter.com https://securepubads.g.doubleclick.net *.googlesyndication.com https://ad.doubleclick.net https://w.soundcloud.com/ https://players.brightcove.net https://app.joomag.com/ ; child-src 'self' blob: *.joc.com app.pendo.io app.eu.pendo.io https://platform.twitter.com https://tpc.googlesyndication.com ; style-src 'self' 'unsafe-inline' *.joc.com app.pendo.io cdn.pendo.io pendo-static-6557808519086080.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-6557808519086080.storage.googleapis.com https://fonts.googleapis.com ; font-src 'self' data: *.joc.com https://fonts.googleapis.com https://fonts.gstatic.com https://ka-f.fontawesome.com ; 1
report-uri https://o4506932317913088.ingest.us.sentry.io/api/4506954015834112/security/?sentry_key=73e229c18d9ba1d690edf68f717ee9a4; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self' data:; script-src 'self' 'unsafe-eval' 'nonce-f9cfa1d7-980d-4dfa-85a7-0e08768c4c9b'; img-src 'self' data: https: http:; media-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self' data: keys.openpgp.org 1
connect-src 'self' *.boltdns.net *.google-analytics.com *.fullstory.com/ *.qualtrics.com *.brightcove.net/ *.akamaihd.net/ *.facebook.com/ https://maps.googleapis.com/ *.doubleclick.net api.levelaccess.net/ *.jotform.com https://analytics.google.com/ *.brightcove.com/ *.svc.dynamics.com http://manifest.prod.boltdns.net *.analytics.google.com participants.evolv.ai https://www.google.com/ ;default-src 'self' 'unsafe-eval' 'unsafe-inline' ;font-src 'self' 'unsafe-inline' data: *.gstatic.com https://vjs.zencdn.net/ *.jotfor.ms/ ;frame-ancestors 'self' *.wellstar.org/ ;frame-src 'self' *.doubleclick.net *.facebook.com/ *.erexpress.com/ *.wellstar.org/ *.jotform.com https://bbox.blackbaudhosting.com/ *.brightcove.net/ *.svc.dynamics.com *.gstatic.com https://www.google.com/ ;img-src 'self' data: https://fonts.gstatic.com *.boltdns.net https://bbox.blackbaudhosting.com/ https://www.googletagmanager.com https://www.google.com/ *.facebook.com/ *.gstatic.com *.google-analytics.com *.jotfor.ms/ *.jotform.com *.doubleclick.net https://maps.googleapis.com/ *.brightcove.com/ https://flask.nextdoor.com *.svc.dynamics.com *.brightcove.net/ *.akamaihd.net/ *.analytics.google.com *.fullstory.com/ *.googleapis.com https://adservice.google.com trkn.us *.wellstar.org/ ;media-src 'self' 'unsafe-inline' 'unsafe-eval' *.akamaihd.net/ blob: *.brightcovecdn.com *.boltdns.net *.brightcove.com/ *.llnw.net *.llnwd.net *.akafms.net ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://bbox.blackbaudhosting.com/ https://www.google.com/ https://www.googletagmanager.com https://maps.googleapis.com/ *.gstatic.com *.google-analytics.com https://www.googleadservices.com/ https://www.youtube.com/  https://s.ytimg.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://connect.facebook.net/ *.fullstory.com/ *.erexpress.com/ https://code.jquery.com/ *.doubleclick.net *.qualtrics.com *.brightcove.net/ *.jotform.com *.jotfor.ms/ https://cdnjs.cloudflare.com/ https://vjs.zencdn.net/ cdn.levelaccess.net/ https://ads.nextdoor.com/public/pixel/ndp.js mktdplp102cdn.azureedge.net *.googleapis.com https://adservice.google.com unpkg.com s.qa.wellstar.org *.wellstar.org/ ;style-src 'self' 'unsafe-inline' https://bbox.blackbaudhosting.com/ *.jotfor.ms/ *.googleapis.com *.brightcove.net/ participants.evolv.ai s.qa.wellstar.org https://www.googletagmanager.com *.wellstar.org/ ; 1
frame-ancestors 'self' https://prod.lavieenrose.com https://lver03mstru3it0prod.dxcloud.episerver.net; 1
default-src https://*.nowtv.it; form-action https://ott-it.secure.force.com https://ott-it.my.salesforce.com https://ott-it.my.salesforce-sites.com; font-src 'self' https://static.skyassets.com https://*.nowtv.it https://web.static.nowtv.com https://cdn-eu.dynamicyield.com https://cdn.braze.eu data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.nowtv.it https://web.static.nowtv.com https://*.klarnacdn.net https://*.klarnaservices.com https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com https://st-eu.dynamicyield.com https://*.content-square.fr https://*.contentsquare.net https://analytics.global.sky.com https://*.demdex.net https://d3c3cq33003psk.cloudfront.net https://connect.facebook.net https://static.ads-twitter.com https://analytics.twitter.com https://*.doubleclick.net https://www.googleadservices.com https://*.myvisualiq.net https://www.dwin1.com https://*.awin1.com https://*.zenaps.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.salesforce-sites.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://assets.adobedtm.com https://tapestry.tapad.com https://bat.bing.com https://www.googletagmanager.com https://static.hotjar.com/ https://core.spreedly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.optimizely.com https://smetrics.nowtv.it https://s.pinimg.com https://sc-static.net https://acdn.adnxs.com https://secure.adnxs.com https://cdn.exactag.com https://static.criteo.net https://amplify.outbrain.com https://s.yimg.com https://tracking.m6r.eu https://tr.outbrain.com https://sslwidget.criteo.com https://m.exactag.com https://analytics.tiktok.com https://the.sciencebehindecommerce.com https://a.twiago.com https://e.clarity.ms https://*.contentsquare.net https://jssdkcdns.mparticle.com https://www.paypal.com https://c.amazon-adsystem.com; connect-src 'self' https://*.ottcds.com https://*.nowtv.it https://*.sky.com https://*.klarnaevt.com https://*.klarnauserservices.com https://*.demdex.net https://graph.facebook.com https://*.contentsquare.net https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.sp-prod.net https://sourcepoint.mgr.consensu.org https://web.static.nowtv.com https://cdn.privacy-mgmt.com https://dcd12547fac74c3cb90d3307a66b8089.apm.eu-west-1.aws.cloud.es.io https://sas-apm.telem.prod.ott.sky https://in.hotjar.com/ https://bat.bing.com https://www.facebook.com https://ct.pinterest.com https://tr.snapchat.com https://s.yimg.com https://analytics.tiktok.com https://the.sciencebehindecommerce.com https://direct.dy-api.eu https://direct-collect.dy-api.eu https://adm.dynamicyield.eu https://px-eu.dynamicyield.com https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com https://async-px-eu.dynamicyield.com https://rcom-eu.dynamicyield.com https://st-eu.dynamicyield.com https://*.contentsquare.net https://checkoutshopper-live.adyen.com https://identity.mparticle.com https://jssdks.mparticle.com https://www.paypal.com https://sdk.fra-01.braze.eu https://www.google.com https://*.g.doubleclick.net https://aax-eu.amazon-adsystem.com; img-src 'self' data: https://*.nowtv.com https://*.nowtv.it https://web.static.nowtv.com https://t.co https://www.facebook.com https://*.contentsquare.net https://*.awin1.com https://*.zenaps.com https://*.salesforce-sites.com https://cm.everesttech.net https://*.demdex.net https://aa.agkn.com https://pm.w55c.net https://cm.everesttech.net https://*.adnxs.com https://*.doubleclick.net https://rtd.tubemogul.com https://analytics.twitter.com https://p.rfihub.com https://a.collective-media.net https://pixel.quantserve.com https://*.bing.com https://pixel.advertising.com https://image5.pubmatic.com https://a.tribalfusion.com https://cms.analytics.yahoo.com https://odr.mookie1.com https://dmp.v.fwmrm.net https://sync-tm.everesttech.net https://spl.zeotap.com https://*.myvisualiq.net https://tapestry.tapad.com https://www.googletagmanager.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://sp.analytics.yahoo.com https://ads-engagement.presage.io https://a.twiago.com https://ct.pinterest.com https://www3.smartadserver.com https://tr.outbrain.com https://www.pinterest.com https://www.pinterest.com https://e.clarity.ms https://cdn.dynamicyield.com https://imageservice.sky.com https://uk.imageservice.sky.com https://*.contentsquare.net https://*.imageservice.sky.com https://*.force.com https://checkoutshopper-live.adyen.com https://www.paypalobjects.com https://cdn.braze.eu; style-src 'self' 'unsafe-inline' https://*.nowtv.it https://web.static.nowtv.com https://*.force.com https://*.my.salesforce.com https://*.salesforce-sites.com https://cdn-eu.dynamicyield.com https://cdn.dynamicyield.com; media-src 'self' data: blob: https://*.nowtv.it https://web.static.nowtv.com; frame-src https://core.spreedly.com https://ottsas.sky.com https://ad3.adfarm1.adition.com https://vars.hotjar.com https://*.sp-prod.net https://cdn.privacy-mgmt.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.klarna.com https://*.klarnacdn.net https://tr.snapchat.com https://*.creativecdn.com https://*.awin1.com https://*.zenaps.com https://www.pinterest.com https://gum.criteo.com https://creativecdn.com https://www.pinterest.co.uk https://bskyb.demdex.net https://cmp.nowtv.it https://*.fls.doubleclick.net https://checkoutshopper-live.adyen.com https://ott-it.my.salesforce.com https://ott-it.my.salesforce-sites.com https://ott-it.secure.force.com https://*.contentsquare.net https://www.paypal.com https://www.youtube.com https://aax-eu.amazon-adsystem.com https://td.doubleclick.net https://www.mainadv.com https://hal9000.redintelligence.net; worker-src blob:; upgrade-insecure-requests; 1
default-src 'self' *; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'unsafe-inline' 'self' blob: data: *; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; script-src-attr 'unsafe-inline'; style-src 'unsafe-inline' 'self' *; upgrade-insecure-requests 1
default-src *;frame-ancestors 'self' eiv.baidu.com *.vip.vip.com *.vip.com;script-src *.vip.com *.vipstatic.com *.mediav.com *.gdt.qq.com *.emarbox.com *.mjoys.com *.sogou.com cm.e.qq.com *.baidu.com *.ipinyou.com *.admaster.com.cn *.miaozhen.com *.youku.com *.tanx.com *.doubleclick.net *.vpimg1.com *.vpimg2.com *.vpimg3.com *.vpimg4.com *.gtimg.cn 'unsafe-eval' 'unsafe-inline';style-src *.vip.com *.vipstatic.com 'unsafe-inline';img-src * data:; report-uri //stat.vipstatic.com/pcfront/antiskyjack; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://chaos.social; img-src 'self' https: data: blob: https://chaos.social; style-src 'self' https://chaos.social 'nonce-O5UcrstypCrp5EAc6frg2w=='; media-src 'self' https: data: https://chaos.social; frame-src 'self' https:; manifest-src 'self' https://chaos.social; form-action 'self'; child-src 'self' blob: https://chaos.social; worker-src 'self' blob: https://chaos.social; connect-src 'self' data: blob: https://chaos.social https://assets.chaos.social wss://chaos.social; script-src 'self' https://chaos.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; img-src 'self' data: lh3.ggpht.com www.google.com maps.gstatic.com maps.googleapis.com ; style-src-elem 'self' 'unsafe-inline' widget.freshworks.com fonts.googleapis.com ; font-src 'self' data: fonts.gstatic.com ;  script-src-elem 'self' 'unsafe-inline' www.clarity.ms widget.freshworks.com fonts.googleapis.com code.jquery.com apis.google.com maps.googleapis.com ;connect-src 'self' r.clarity.ms maps.googleapis.com widget.freshworks.com ; 1
default-src 'unsafe-inline' pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com;  script-src 'unsafe-inline' 'unsafe-eval' blob: pincong.rocks *.pincong.rocks *.cloudflare.com hcaptcha.com *.hcaptcha.com; img-src data: pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com *.imgur.com *.redd.it archive.is web.archive.org upload.wikimedia.org pbs.twimg.com telegra.ph miro.medium.com i.postimg.cc i.lihkg.com i.lih.kg upload.cc pomf2.lain.la files.catbox.moe media.gab.com; media-src data: video.twimg.com files.catbox.moe pomf2.lain.la; frame-src pincong.rocks *.pincong.rocks *.hcaptcha.com *.cloudflare.com www.youtube-nocookie.com; 1
default-src 'self' https: 1
default-src  'self'   data blob:; script-src 'self' 'unsafe-inline'   https://www.google-analytics.com *.clarity.ms *.googletagservices.com *.googlesyndication.com *.googleapis.com *.bing.com *.licdn.com *.clicktale.net *.facebook.net https://unpkg.com *.cookielaw.org blob: https://static.cloudflareinsights.com https://static.ads-twitter.com *.coveo.com *.doubleclick.net *.googletagservices.com  *.surveymonkey.com https://tagmanager.google.com  https://*.googletagmanager.com *.avanan.click ; style-src  'self' 'unsafe-inline' *.avanan.click *.cookielaw.org https://use.typekit.net https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; img-src  'self' data: https://t.co https://analytics.twitter.com *.googlesyndication.com *.google.com *.google.ca *.avanan.click *.cookielaw.org *.linkedin.com *.facebook.com *.bing.com *.clicktale.net *.doubleclick.net https://googleads.g.doubleclick.net *.clarity.ms *.gstatic.com *.googletagmanager.com prod.smassets.net blob:   https://*.google-analytics.com; font-src  'self' data: https://use.typekit.net https://fonts.gstatic.com; connect-src  'self' https://cms-prod-cd.cpacanada.ca *.onetrust.com *.googlesyndication.com *.avanan.click *.cookielaw.org https://px.ads.linkedin.com/wa/ *.coveo.com *.doubleclick.net *.google.com *.facebook.com *.clarity.ms *.clicktale.net *.gstatic.com *.contentsquare.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://cms-prod-cd.cpacanada.ca *.googlesyndication.com https://www.youtube-nocookie.com *.youtube.com https://www.ytimg.com https://datawrapper.dwcdn.net *.doubleclick.net *.surveymonkey.com *.facebook.com *.google.com https://www.googleadservices.com https://player.captivate.fm;object-src 'none' 1
default-src 'self' https://*.nuance.com https://*.oncor.com; font-src 'self' https://*.typekit.net data:; script-src https://*.twitter.com https://twitter.com https://oncor.upgrade.guide https://*.go-mpulse.net https://www.googletagmanager.com https://www.google-analytics.com https://vc.hotjar.io https://www.youtube.com https://*.go-mpulse.net https://*.adobedtm.com https://*.hotjar.com https://dtprod.oncor.com https://connect.facebook.net https://*.nuance.com https://s7d1.scene7.com 'self' 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://analytics.google.com wss://ws.hotjar.com/api/v2/client/ws https://oncor.upgrade.guide https://*.oncor.com https://*.onc-prod-6f3f407775af43d9511f50fd779b74ec-0000.us-south.containers.appdomain.cloud https://oncor.egnyte.com https://oncor.sc.omtrdc.net https://www.google-analytics.com https://ola-svc-dev.apps.odcocpdev01.stage.corp.oncor.com https://*.akamaihd.net https://*.onc-nonprod-6f3f407775af43d9511f50fd779b74ec-0000.us-south.containers.appdomain.cloud https://*.oncor.com https://*.hotjar.io https://*.akstat.io https://dtprod.oncor.com https://*.go-mpluse.net https://c.go-mpulse.net/api/config.json https://dpm.demdex.net https://*.scene7.com https://*.hotjar.com https://*.nuance.com 'unsafe-inline'; img-src 'self' https://dpm.demdex.net https://publish-p25404-e81972.adobeaemcloud.com https://*.nuance.com https://oncor.sc.omtrdc.net https://www.facebook.com https://dev.day.com https://s7d1.scene7.com data: blob: 'unsafe-inline';media-src 'self' https://player.vimeo.com https://www.youtube.com https://*.scene7.com https://media-us2.digital.nuance.com https://*.nuance.com blob:; frame-src 'self'  https://*.twitter.com https://oncor.upgrade.guide https://*.oncor.com https://*.nuance.com https://oncor.demdex.net https://oncor.egnyte.com https://stormcenter.oncor.com https://www.facebook.com https://www.b2i.us https://player.vimeo.com https://www.youtube.com data:; object-src 'self' blob:; style-src 'self' https://*.nuance.com https://*.scene7.com https://fonts.googleapis.com 'unsafe-inline'; 1
frame-ancestors http://cms.profootballhof.com http://www.profootballhof.com http://pfhof-cms.ae-admin.com http://pfhof-live.ae-admin.com 1
default-src 'self' data: *.aldi-international.com *.gstatic.com storelocator.aldi.com.au www.google-analytics.com *.doubleclick.net adservice.google.com *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net *.adobedtm.com *.cm.everesttech.net *.adobe.com *.omniture.com *.aldi.com.au saas-p2w.azurewebsites.net ; frame-src 'self' www.google.com *.facebook.com *.twitter.com g.jwpsrv.com www.youtube.com platform.liquidus.net app.nexuspublications.com.au cpc.elettershop.de *.storedvalue.com *.aldi-international.com aldi.dynamiccatalogue.com.au blob: *.id.opendns.com microsoft.microsoftedge *.doubleclick.net *.adobe-campaign.com *.adobe.com *.campaign.adobe.com *.demdex.net *.adobedtm.com t5.em.aldi.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.aldi-international.com *.pinterest.com *.facebook.com *.twitter.com *.ytimg.com *.aldi-sued.com app.nexuspublications.com.au platform.liquidus.net www.yellowmap.de ssl.p.jwpcdn.com www.youtube.com insight.adsrvr.org *.facebook.net *.s3.amazonaws.com *.googlecode.com *.salefinder.com.au *.google-analytics.com *.googletagmanager.com *.google.com *.omtrdc.net *.tt.omtrdc.net *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobe.com *.activitymap.adobe.com saas-p2w.azurewebsites.net *.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.aldi-international.com *.googleapis.com *.salefinder.com.au saas-p2w.azurewebsites.net *.cookielaw.org *.onetrust.com; img-src 'self' https: data: *.aldi.com.au *.2o7.net *.omtrdc.net *.tt.omtrdc.net *.demdex.net cm.everesttech.net assets.adobedtm.com statistics.aldi-international.com *.cookielaw.org *.onetrust.com; frame-ancestors 'self' *.adobe.com; connect-src 'self' https: *.demdex.net cm.everesttech.net assets.adobedtm.com *.adobedtm.com *.tt.omtrdc.net *.sc.omtrdc.net *.cookielaw.org *.onetrust.com; report-uri /CspReportLogger.php; 1
frame-src 'self' *.google.com *.quora.com snapwidget.com *.consensu.org *.sharethis.com *.doubleclick.net *.greenhouse.io *.payoneer.com *.trustpilot.com *.oraclecloud.com *.driftt.com *.ubembed.com *.youtube.com *.github.io *.userway.org v.qq.com *.adpartner.pro *.facebook.com *.chilipiper.com *.teamme.io *.adsrvr.org *.googlesyndication.com *.scrmtech.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'  *.googletagmanager.com *.cookielaw.org *.convertexperiments.com *.marketo.net *.googleadservices.com *.bing.com *.licdn.com *.facebook.net *.taboola.com *.yimg.jp *.yahoo.co.jp *.doubleclick.net *.sharethis.com *.consensu.org snapwidget.com *.onetrust.com *.greenhouse.io *.payoneer.com *.mouseflow.com *.salesloft.com *.trendemon.com *.trustpilot.com *.ubembed.com *.google.com *.dynatrace.com *.oraclecloud.com *.baidu.com *.driftt.com *.youtube.com *.daumcdn.net unpkg.com *.yandex.ru *.cloudflare.com *.strattic.com *.6sc.co *.jsdelivr.net *.bootstrapcdn.com *.twitter.com *.ads-twitter.com *.highcharts.com *.github.io *.qualtrics.com *.microsoft.com  *.userway.org *.tiktok.com *.googleoptimize.com accessibilityserver.org *.adnxs.com *.pdst.fm *.fullstory.com *.redditstatic.com *.cheqzone.com *.clarity.ms *.line-scdn.net redditstatic.s3.amazonaws.com wcs.naver.net *.googlesyndication.com *.google-analytics.com *.adpartner.pro *.line-cdn.net *.line-scdn.net *.chilipiper.com *.teamme.io *.quora.com *.adsrvr.org *.amplitude.com ssgtm-sbyzlt5hyq-ey.a.run.app *.trackjs.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.cinestar.de *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.google.com *.google.de *.gstatic.com *.google-analytics.com gdpr.mandarin-medien.de *.ioam.de *.doubleclick.net bat.bing.com *.facebook.com *.facebook.net *.googlesyndication.com gdpr.mandarin-medien.de *.spotify.com streaming.cinestar.de streaming.cinestar.sys11.stakkle.com:81 streaming1.cinestar.de streaming1.cinestar.de:81 ff-schlingel.de *.stroeerdigitalgroup.de *.doubleverify.com tracking.m6r.eu *.adagio.io *.adaptmx.com *.adbility-media.com *.addefend.com *.adform.com *.adition.com *.admanmedia.com *.adnami.io *.adnuntius.com *.adrule.net *.adtriba.com *.adup-tech.com *.advanced-store.com *.adyoulike.com *.agma-mmc.de *.amazon.com *.amobee.com *.appnexus.com *.audienceproject.com *.avantisteam.com *.bam-interactive.de *.bannernow.com *.bidswitch.com *.blis.com *.brightcom.com *.bttrads.com *.cloudtechnologies.pl *.communicationads.net *.confiant.com *.criteo.com *.dataxtrade.com *.definemedia.de *.deltaprojects.com *.doubleverify.com *.easy-media.de *.emerse.com *.emxdgt.com *.equativ.com *.exactag.com *.exitbee.com *.factor-eleven.de *.feedad.com *.flashtalking.com *.geoedge.com *.gfk.com *.glomex.com *.google.com *.gumgum.com *.hearts-science.com *.iabeurope.eu *.id5.io *.impactify.io *.improvedigital.com *.indexexchange.com *.infonline.de *.integralads.com *.invibes.com *.jaduda.com *.kayzen.io *.liquidm.com *.liveramp.de *.magnite.com *.media.net *.mediakeys.com *.microsoft.com *.mindtake.com *.mobkoi.com *.mobpro.com *.nativendo.de *.neory.com *.nielsen.com *.ogury.com *.onetag.com *.onetech.group *.online-solution.biz *.onprospects.com *.openx.com *.opinary.com *.optidigital.com *.optimise-it.de *.oracle.com *.otto.de *.outbrain.com *.permodo.com *.playhill.com *.publicismedia.de *.pubmatic.com *.purelocalmedia.de *.qualitymedianetwork.de *.readpeak.com *.reppublika.com *.ringier-advertising.ch *.roq.ad *.rtbhouse.com *.rubiconproject.com *.salesforce.com *.screenondemand.de *.seeding-alliance.de *.seedtag.com *.sharethrough.com *.showheroes.com *.smaato.com *.smartadserver.com *.smartclip.net *.smartclip.tv *.smartstream.tv *.smartyads.com *.socoto.com *.spotx.tv *.spotxchange.com *.sspx.tech *.stroeer.com *.stroeer.de *.taboola.com *.tappx.com *.target-video.com *.teads.com *.teads.tv *.telaria.com *.themediagrid.com *.thetradedesk.com *.tremorhub.com *.trg.de *.triplelift.com *.twiago.com *.uppr.rocks *.verve.com *.vi.ai *.viads.com *.vidazoo.com *.vidoomy.com *.viralize.com *.virtualminds.de *.vlyby.com *.wagawin.com *.wearemiq.com *.welect.de *.xandr.com *.yahoo.com *.yieldlab.com *.yieldlab.net *.yieldlove.com *.yoc.com *.zemanta.com onetag-sys.com *.onetag-sys.com *.adnxs.com *.ad4m.at ad4m.at *.theadex.com *.adform.net *.seadform.net *.userreport.com *.clarium.io id5-sync.com *.id5-sync.com *.eu-1-id5-sync.com *.yieldlove-ad-serving.net *.agma-analytics.de *.adnxs.com *.adscale.de *.jsdelivr.net *.adscale.de *.criteo.net *.confiant-integrations.net *.privacy-mgmt.com *.crwdcntrl.net *.ampproject.org *.googleapis.com *.truste.com *.adsafeprotected.com *.ftstatic.com *.trustarc.com *.adsrvr.org *.imrworldwide.com *.cloudflare.com *.bidr.io *.bidswitch.net *.adnxs-simple.com *.active-agent.com *.peer-39.com 2mdn.net *.2mdn.net levexis.com demdex.net *.levexis.com *.demdex.net agkn.com *.agkn.com adlightning.com *.adlightning.com *.tchibo.de tchibo.de revjet.com *.revjet.com stroeerdigital.de *.stroeerdigital.de casalemedia.com *.casalemedia.com bahn.de *.bahn.de indexww.com *.indexww.com cbe-digiden.de *.cbe-digiden.de vodafone.de *.vodafone.de *.amazonaws.com amazonaws.com exactag.com *.exactag.com b2c.com *.b2c.com stroeerdigitalmedia.de *.stroeerdigitalmedia.de; block-all-mixed-content 1
default-src 'self' https://*.vouchconcierge.com https://static.addtoany.com https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://*.nlb.gov.sg data: blob: https://www.library.gov.sg; img-src 'self' https: data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.vouchconcierge.com  https://static.addtoany.com https://assets.dcube.cloud/fonts/ https://assets.wogaa.sg/fonts/ https://d2af6nbvwb28pg.cloudfront.net https://*.nlb.gov.sg; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data: https://assets.dcube.cloud/fonts/ https://*.nlb.gov.sg; script-src 'self' 'unsafe-eval' 'nonce-1062988748' 'nonce-1241241674' 'nonce-2258305739' 'nonce-412097300' 'nonce-27336463' 'nonce-735609205' 'nonce-3101924380' 'nonce-3873140950' 'nonce-4AEemGb0xJptoIGFP3Nd-token' 'nonce-4AEemGb0xJptoIGFP3Nd-istream' 'nonce-211029159' 'nonce-3458425231' 'nonce-2429724010' 'nonce-1582987995' 'nonce-406047239' 'nonce-46974175' 'nonce-4134529881' 'nonce-3920238126' 'nonce-512398551' 'nonce-3757635407'  https://static.addtoany.com https://*.vouchconcierge.com https://d2af6nbvwb28pg.cloudfront.net https://ssl.p.jwpcdn.com https://cdn.jsdelivr.net/ blob: https://*.dcube.cloud https://assets.adobedtm.com/ https://assets.wogaa.sg/ https://www.googletagmanager.com/ https://*.nlb.gov.sg https://*.nas.gov.sg; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' youtube.com www.youtube.com  https://static.addtoany.com https://wogaa.demdex.net https://*.vouchconcierge.com https://nlb.ap.panopto.com https://*.google.com; frame-ancestors 'self'; connect-src 'self' https://*.dcube.cloud https://dpm.demdex.net/ https://snowplow-web.wogaa.sg/ https://www.google-analytics.com/ https://www.library.gov.sg https://*.nlb.gov.sg https://*.nas.gov.sg  https://static.addtoany.com https://*.vouchconcierge.com https://d2af6nbvwb28pg.cloudfront.net wss://*.nlb.gov.sg https://*.ingest.sentry.io; 1
frame-ancestors 'self' *.sarsefiling.co.za 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://ajax.googleapis.com https://optimize.google.com https://www.youtube.com https://s.ytimg.com https://siteimproveanalytics.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://www.gstatic.com https://use.fontawesome.com https://kit.fontawesome.com https://*.typekit.net https://fast.fonts.net https://cdn.yoshki.com; img-src 'self' data: https://www.googletagmanager.com https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://optimize.google.com https://www.google.com https://img.youtube.com https://i.ytimg.com https://cdn.cookielaw.org https://*.siteimproveanalytics.io https://*.analytics.google.com https://cdn.yoshki.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://www.youtube.com https://*.typekit.net https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://fast.fonts.net https://cdn.yoshki.com https://*.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://cdnjs.cloudflare.com https://*.fontawesome.com https://fast.fonts.net; frame-src 'self' https://www.youtube.com https://optimize.google.com https://www.google.com https://kirkland.widen.net https://embed.widencdn.net https://*.vimeo.com https://cdn.yoshki.com; frame-ancestors 'self' https://events1.social27.com; child-src 'self' blob: https://www.youtube.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cookielaw.org https://geolocation.onetrust.com https://*.analytics.google.com https://*.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https:; style-src https: 'unsafe-inline'; connect-src https: wss:; frame-src https:; font-src * data:; object-src 'none'; frame-ancestors *.optimizely.com; report-uri /api/csp-report; report-to csp-report-endpoint; media-src https://*.ctfassets.net; 1
default-src 'self' edge.curalate.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.bonds.com.au; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.info/report-uri/enforce 1
connect-src *.bing.com platform.elfsight.com *.klaviyo.com *.pingdom.net *.ladesk.com *.yotpo.com *.ampproject.org *.googletagmanager.com *.azureedge.net *.authorize.net *.msecnd.net *.google.com *.google.ca *.google.co.uk *.google.com.br *.google.com.mx trustlogo.comodo.com *.doubleclick.net *.google-analytics.com *.googleadservices.com *.paypal.com *.elfsight.com data: *.google.de *.google.lk *.google.no *.google.se *.ucweb.com *.google.com.au *.google.com.pr *.google.gr *.google.nl *.google.be *.kaltura.com *.clarity.ms *.googleapis.com *.nr-data.net nr-data.net *.google.pt *.google.ad *.google.ae *.google.al *.google.am *.google.co.ao *.google.as *.google.at *.google.az *.google.ba *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.co.bw *.google.by *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.co.cr *.google.cv *.google.cz *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.kz *.google.la *.google.li *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.co.mz *.google.ne *.google.nr *.google.nu *.google.co.nz *.google.pl *.google.pn *.google.ps *.google.ro *.google.ru *.google.rw *.google.sc *.google.sh *.google.si *.google.sk *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.td *.google.tg *.google.co.th *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.co.tz *.google.co.ug *.google.co.uz *.google.co.ve *.google.co.vi *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw 'self'; font-src *.cloudmaestro.com *.msecnd.net *.yotpo.com static.klaviyo.com fonts.gstatic.com data: *.bootstrapcdn.com tpc.googlesyndication.com translate.googleapis.com *.slant.co *.clarity.ms 'self'; frame-src *.icpage.net *.icpbounce.com *.app.icontact.com *.icontact.com *.staticapp.icpsc.com gleam.io ssl.kaptcha.com *.ladesk.com *.vzaar.com *.vimeo.com pages.icpro.co *.google.com *.google.co.uk *.google.ca *.msecnd.net *.googleadservices.com *.doubleclick.net *.youtube.com *.gstatic.com *.yotpo.com tpc.googlesyndication.com *.googletagmanager.com translate.googleapis.com *.dacast.com clarity.ms *.clarity.ms 'self' *.gpgway.com; img-src data: *.yotpo.com *.ladesk.com *.cloudmaestro.com *.google-analytics.com *.paypalobjects.com *.googletagmanager.com *.facebook.com *.xrllc.com *.wp.com image.scoopwhoop.com img.buzzfeed.com googleads.g.doubleclick.net *.xrllcinfo.com *.cloudfront.net *.gstatic.com cfvod.kaltura.com *.sextoydistributing.com i.countdownmail.com *.googleapis.com *.klaviyo.com connect.facebook.net *.bing.com *.dacast.com *.clarity.ms clarity.ms *.googleadservices.com *.googleoptimize.com *.g.doubleclick.net 'self' *.extremerestraints.com *.google.com; media-src blob: *.elfsight.com *.cloudmaestro.com data: *.kaltura.com translate.googleapis.com 'self'; script-src data: blob: *.googleoptimize.com *.elfsight.com g.microsoft.com *.icpage.net *.icpbounce.com *.app.icontact.com *.icontact.com *.staticapp.icpsc.com *.api.globallypaid.com *.klaviyo.com *.gleam.io *.polyfill.io *.pingdom.net widget-mediator.zopim.com *.cloudmaestro.com *.googleapis.com *.ladesk.com *.bing.com *.cloudfront.net *.google.ac *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cc *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.googletagmanager.com toftools.com *.google-analytics.com *.googleadservices.com *.gstatic.com t3066075.icpro.co t.omkt.co js-agent.newrelic.com d9jmv9u00p0mv.cloudfront.net *.msecnd.net *.authorize.net trustlogo.comodo.com *.shopzilla.com *.bizrate.com *.atdmt.com *.paypal.com *.yotpo.com wpc.gammacdn.net extremerestraintsamp.azureedge.net extremerestraintsamp.ec.azureedge.net scdn1.wpc.88b85.gammacdn.net cs9.wpc.v0cdn.net tpc.googlesyndication.com *.kaltura.com *.countdownmail.com *.xrllc.com *.clarity.ms *.dacast.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' *.extremerestraints.com *.gpgway.com; style-src *.bootstrapcdn.com *.xrllc.com *.yotpo.com *.toftools.com *.cloudmaestro.com *.msecnd.net optimize.google.com *.klaviyo.com fonts.googleapis.com translate.googleapis.com *.clarity.ms *.googletagmanager.com 'self' 'unsafe-inline' *.extremerestraints.com; report-uri /.webscale/csp-report 1
default-src 'self' atos.net *.atos.net *.pardot.com assets.adobedtm.com *.cloudflare.com *.cloudfront.net *.vimeo.com *.vimeocdn.com *.akamaized.net *.tiny.cloud *.tinymce.com *.bootstrapcdn.com yoast.com *.yoast.com data: 'unsafe-inline' 'unsafe-eval' blob: *.friendlycaptcha.com code.jquery.com *.gravatar.com ps.w.org klasresearch.com  *.marketo.net *.mktoresp.com *.mktoweb.com tools.eurolandir.com static.dialogflow.com pbs.twimg.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.gstatic.com *.googleapis.com tribl.io *.olark.com *.mrpdata.net *.linkedin.com *.company-target.com *.google-analytics.com *.google.fr *.google.com *.oktopost.com okt.to *.adform.net *.demandbase.com *.rlcdn.com *.bidr.io *.accountinsight.cloud *.licdn.com atos.tt.omtrdc.net content.onlinexperiences.com onlinexperiences.com w.soundcloud.com *.aio-events.com *.appspot.com cdn.syndication.twimg.com *.twimg.com *.twitter.com *.microsoft.com *.azureedge.net *.botframework.com *.bizzabo.com updates.themepunch-ext-c.tools updates.themepunch-ext-b.tools updates.themepunch-ext-a.tools updates.themepunch.tools sliderrevolution.com *.sliderrevolution.com *.olympicchannel.com olympics.com *.cookielaw.org *.onetrust.com optanon.blob.core.windows.net *.glassdoor.com indd.adobe.com *.libsyn.com smartslider3.com *.twimg.com *.googleusercontent.com yt3.ggpht.com *.cdninstagram.com *.xx.fbcdn.net *.matomo.cloud cdn.linkedin.oribi.io; frame-ancestors 'self' atos.net *.atos.net atosnews.net atos365.sharepoint.com; 1
default-src 'self' *.sfstandard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sfstandard.com iframely.shorthand.com platform.twitter.com cdn.ampproject.org www.instagram.com www.tiktok.com citizen.com www.gofundme.com embed.typeform.com embed.reddit.com pym.nprapps.org static.dwcdn.net platform.instagram.com *.ttwstatic.com analytics.shorthand.com www.youtube.com player.vimeo.com d3js.org cdn.parsely.com dash.parsely.com ak.sail-horizon.com www.googletagmanager.com *.google-analytics.com static.ads-twitter.com connect.facebook.net static.hotjar.com tru.am *.googlesyndication.com *.googleadservices.com script.hotjar.com www.google.com www.gstatic.com server.fillout.com tiktokcdn-us.com tiktokcdn.com *.tiktokcdn-us.com *.tiktokcdn.com opinionstage.com *.opinionstage.com documentcloud.org *.documentcloud.org *.p-n.io ketchcdn.com *.ketchcdn.com; style-src 'self' 'unsafe-inline' *.sfstandard.com fonts.googleapis.com *.ttwstatic.com embed.typeform.com opinionstage.com *.opinionstage.com tiktokcdn-us.com *.tiktokcdn-us.com ketchcdn.com *.ketchcdn.com; img-src 'self' data: https:; font-src 'self' data: *.sfstandard.com fonts.gstatic.com use.typekit.net; connect-src 'self' *.sfstandard.com *.analytics.google.com analytics.google.com *.google-analytics.com google-analytics.com api.sail-personalize.com api.sail-track.com *.ingest.sentry.io pagead2.googlesyndication.com *.g.doubleclick.net api.maptiler.com beacon.tru.am *.parsely.com www.facebook.com vc.hotjar.io metrics.hotjar.io content.hotjar.io ws.hotjar.com adservice.google.com wss://ws.hotjar.com vimeo.com api.typeform.com noembed.com cdn2.sfstandard.com cdn3.sfstandard.com opinionstage.com *.opinionstage.com *.p-n.io ketchcdn.com *.ketchcdn.com; frame-src 'self' *.sfstandard.com *.youtube.com youtube.com sfstandard.github.io player.vimeo.com datawrapper.dwcdn.net bandcamp.com www.google.com w.soundcloud.com playlist.megaphone.fm omny.fm open.spotify.com trytako.com www.trytako.com abc7news.com www.facebook.com embed.documentcloud.org nextdoor.com embed.reddit.com platform.twitter.com www.tiktok.com calmatters-reparations-calculator.netlify.app www.googletagmanager.com www.google.com *.doubleclick.net www.instagram.com iframely.shorthand.com citizen.com form.typeform.com dash.parsely.com forms.fillout.com opinionstage.com *.opinionstage.com; object-src 'self' *.sfstandard.com data:; media-src 'self' *.sfstandard.com blob:; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o4504205219004416.ingest.sentry.io/api/4504205221232640/security/?sentry_key=642f02aaa96c4e679673d2642c3c2782; report-to csp-endpoint 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self' 1
frame-src 'self' *.valero.com *.youtube.com; frame-ancestors 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://sc4hvcfl151058502cff46683.s3.amazonaws.com  https://*.museothyssen.org 1
default-src * 'unsafe-eval' 'unsafe-inline' data: blob:; script-src * 'unsafe-inline' blob: 1
frame-src 'self' *; object-src 'self' 1
default-src 'none'; script-src 'self' 'sha256-LhgjEUDTB5uVcQPxB7ClpuZyNmHM6EsxG6GFSRQyGrM='; img-src 'self' https://*.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://*.qbrick.com:443 https://*.dna.ip-only.net https://bilder.hemnet.se:443 https://mb.cision.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.se https://9848475f-428b-4380-8d26-dfe74eb251f7.at.rivsec.eu; media-src 'self' https://*.qbrick.com:443 https://*.dna.ip-only.net; connect-src 'self' https://*.demdex.net https://cm.everesttech.net https://feed.jobylon.com https://publish.ne.cision.com https://handelsbanken-marknadsinformation.se https://assets.adobedtm.com https://*.handelsbanken.se https://*.handelsbanken.no https://*.handelsbanken.nl https://*.handelsbanken.com https://*.handelsbanken.co.uk https://*.qbrick.com:443 synpunkter-1788b.firebaseio.com; style-src 'self' 'unsafe-inline'; frame-src https://assets.adobedtm.com https://handelsbanken-marknadsinformation.se *.demdex.net *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de r1.surveysandforms.com handelsbanken.fondlista.se secure.msse.se www.efn.se clients.maptoweb.dk borsrum.episerverhosting.com shbfxcalc.millistream.com www.anpdm.com services.cicero.no nettbank.edb.com cphspk01.shbmain.shb.biz irs.tools.investis.com otp.tools.investis.com vp292.alertir.com forms.apsisforms.com video.qbrick.com dreambroker.com handelsbanken.dreambroker.com web.efn.se news.alertir.com giosg-handelsbanken.giosg.com vp306.alertir.com client3.mailmailmail.net handelsbanken.newsroom.cision.com handelsbanken-en.newsroom.cision.com mb.cision.com app.marketingplatform.com go.beanstream.com; frame-ancestors 'self' *.handelsbanken.se *.handelsbanken.fi *.handelsbanken.no *.handelsbanken.co.uk *.handelsbanken.pl *.handelsbanken.de; font-src 'self' 1
default-src 'self' https://*.zdassets.com 'unsafe-inline' 'unsafe-eval'; object-src 'self'; frame-src 'self' *.doubleclick.net *.onemap.sg *.onemap.gov.sg www.youtube.com www.flickr.com *.ttwstatic.com *.tiktok.com; img-src 'self' data: https://*.cloudfront.net https://*.doubleclick.net https://www.facebook.com https://*.contentsquare.net https://*.hdb.gov.sg https://www.google-analytics.com https://*.staticflickr.com https://*.analytics.yahoo.com https://i.ytimg.com https://*.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.vica.gov.sg https://*.ttwstatic.com https://*.wogaa.sg https://www.google.com; font-src 'self' 'unsafe-inline' https://*.gstatic.com; script-src 'self' https://www.googletagmanager.com https://*.dcube.cloud https://*.contentsquare.net https://*.tiktok.com https://*.facebook.net https://*.hdb.gov.sg https://www.google-analytics.com https://*.vica.gov.sg https://*.flickr.com https://*.adobedtm.com https://*.wogaa.sg https://*.amazonaws.com https://*.yimg.com https://*.ttwstatic.com https://*.google.com https://*.zdassets.com https://*.cobrowse.io https://*.zopim.com 'unsafe-eval' 'unsafe-inline' 'wasm-unsafe-eval' 'inline-speculation-rules'; worker-src 'self' https://www.googletagmanager.com https://*.dcube.cloud https://*.contentsquare.net https://*.tiktok.com https://*.facebook.net https://*.hdb.gov.sg https://www.google-analytics.com https://*.vica.gov.sg blob:; connect-src 'self' *.tiktok.com *.hdb.gov.sg *.contentsquare.net *.vica.gov.sg www.google-analytics.com *.yimg.com *.flickr.com *.sc.omtrdc.net *.demdex.net *.doubleclick.net *.wogaa.sg *.zdassets.com *.cobrowse.io wss://*.cobrowse.io wss://chat.vica.gov.sg *.zendesk.com wss://*.zopim.com blob:; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; connect-src 'self' https://api.vndb.org; img-src *; script-src https://*.vndb.org; style-src 'unsafe-inline' https://vndb.org https://*.vndb.org; form-action 'self'; frame-ancestors 'none' 1
default-src 'self' https://s.hongleongconnect.my https://www.hlbank.com.my; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' * 'unsafe-inline'; img-src 'self' * 'unsafe-inline' data: ; style-src 'self' * 'unsafe-inline'; font-src 'self' * data: ; frame-src 'self' *; frame-ancestors 'self' https://s.hongleongconnect.my https://www.hlbank.com.my; 1
default-src 'self'; media-src 'self' https://app.getbeamer.com https://giphy.com https://js.intercomcdn.com https://assets.cloudsmith.media https://prd.cloudsmith.media https://users.cloudsmith.media; worker-src 'self' blob: https://assets.cloudsmith.media; connect-src 'self' https://*.adroll.com https://*.analytics.google.com https://*.clarity.ms https://*.getbeamer.com https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.logs.datadoghq.com https://*.sentry.io/ https://*.statuspage.io https://analytics.google.com https://api.stripe.com https://app.getsentry.com https://bat.bing.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://forms.hubspot.com https://googleads.g.doubleclick.net https://js.intercomcdn.com https://rs.fullstory.com https://simple.cloudsmith.io https://stats.g.doubleclick.net https://surveystats.hotjar.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://vc.hotjar.io https://www.google-analytics.com https://www.google.com https://www.google.lt wss://*.hotjar.com wss://*.intercom.io wss://realtime.getbeamer.com https://api.cloudsmith.io https://api-g.cloudsmith.io https://api-prd.cloudsmith.io https://assets.cloudsmith.media https://cloudsmith-package-uploads-prd.s3.amazonaws.com https://cloudsmith-package-uploads-prd.s3-accelerate.amazonaws.com; child-src 'self' https://*.getbeamer.com https://*.statuspage.io https://changelog.cloudsmith.com https://consentcdn.cookiebot.com https://fast.wistia.net https://giphy.com https://intercom-sheets.com https://js.stripe.com https://player.vimeo.com https://share.intercom.io https://vars.hotjar.io https://www.google.com/recaptcha/ https://www.intercom-reporting.com https://www.youtube.com; form-action 'self' https://api-iam.intercom.io https://billing.stripe.com https://billing.cloudsmith.com https://intercom.help https://messenger-apps.intercom.io https://cloudsmith.io https://www.cloudsmith.io https://www-g.cloudsmith.io https://prd.cloudsmith.io https://web-prd.cloudsmith.io https://web-prd.cloudsmith.io; script-src 'self' data: https://*.adroll.com https://*.fullstory.com https://*.getbeamer.com https://*.googletagmanager.com https://*.intercom.io https://*.statuspage.io https://api.stripe.com https://bat.bing.com https://browser.sentry-cdn.com/ https://cdn.mxpnl.com https://cdn.ravenjs.com https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/ https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://d.adroll.mgr.consensu.org https://js.intercomcdn.com https://js.stripe.com https://maps.googleapis.com https://maps.gstatic.com https://pagead2.googlesyndication.com https://rum-static.pingdom.net https://script.hotjar.com https://sentry.io/api/ https://sjs.bizographics.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.google.com https://www.clarity.ms https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://www.google.com https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com/firebasejs/ https://www.gstatic.com/recaptcha/ https://assets.cloudsmith.media 'nonce-IppH+LGgVKnmYEUNzE8x4A=='; frame-src 'self' https://*.getbeamer.com https://*.statuspage.io https://changelog.cloudsmith.com https://consentcdn.cookiebot.com https://fast.wistia.net https://giphy.com https://hooks.stripe.com https://intercom-sheets.com https://js.stripe.com https://player.vimeo.com https://share.intercom.io https://td.doubleclick.net https://vars.hotjar.io https://www.google.com/recaptcha/ https://www.intercom-reporting.com https://www.youtube.com; font-src 'self' data: https://app.getbeamer.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com https://script.hotjar.com https://use.typekit.net https://assets.cloudsmith.media; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.hotjar.com https://app.getbeamer.com/styles/ https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://assets.cloudsmith.media; object-src 'self'; img-src 'self' data: https: https://assets.cloudsmith.media https://prd.cloudsmith.media https://users.cloudsmith.media 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline'  https://www.googletagmanager.com  https://www.google-analytics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com; image-src https://www.google-analytics.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://fpnpmcdn.net https://fpjscdn.net wpext.pl *.wpext.pl *.survicate.com *.doubleverify.com s1.adform.net track.adform.net rt.inistrack.net a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.sensic.net system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl pocztanh.wpcdn.pl *.wpcdn.pl *.tradedoubler.com *.hit.gemius.pl *.adocean.pl *.salesmore.pl onapi.o2.pl *.doubleclick.net *.googlesyndication.com *.googletagservices.com *.2mdn.net *.googleadservices.com d.rxthdr.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google-analytics.com *.moatads.com ib.adnxs.com adservice.google.pl adservice.google.com *.meetrics.net *.mxcdn.net static.criteo.net imasdk.googleapis.com cdn.netsco.re 3p.ampproject.net *.payu.com *.doubleverify.com ho.novem.pl embed.typeform.com grid.grupawp.pl; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.survicate.com pocztanh.wpcdn.pl s1.adform.net track.adform.net rt.inistrack.net a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpimg.pl; img-src 'self' data: blob: res.cloudinary.com *.nsaudience.pl *.survicate.com events.mediarithmics.com s1.adform.net track.adform.net rt.inistrack.net *.exactag.com a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl zasobygwp.pl zasoby.tlen.pl pl-gmtdmp.mookie1.com system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl rek.www.wp.pl *.adocean.pl *.wpimg.pl *.wpcdn.pl *.moatads.com *.tradedoubler.com ads.salesmore.pl *.doubleclick.net *.2mdn.net bs.serving-sys.com *.googlesyndication.com *.google.com delivery.way2traffic.com *.hit.gemius.pl t.qservz.com cdn.qservz.com beta.pocketads.pl ssl.google-analytics.com dmp.adform.net asa.allegro.pl ad.atdmt.com ads.businessclick.com/mailing/ *.meetrics.net *.mxcdn.net stags.bluekai.com idea-bank-kredyty.sjv.io www.ojrq.net/p/ secure-gl.imrworldwide.com www.facebook.com *.payu.com *.doubleverify.com ho.novem.pl; media-src 'self' v.wpimg.pl adv.wp.pl *.wpcdn.pl data:; child-src 'self' blob: a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl stg.wp.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net my.adocean.pl *.bing.com adexa.me googleads.g.doubleclick.net; frame-src 'self' blob: adssettings.google.com *.survicate.com *.wpext.pl wpext.pl a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.wpimg.pl *.hit.gemius.pl system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl stg.wp.pl *.wpcdn.pl config.sensic.net *.tagcdn.com *.googlesyndication.com ads.salesmore.pl ad.doubleclick.net *.2mdn.net my.adocean.pl *.bing.com adexa.me www.google.com/recaptcha/ *.criteo.com googleads.g.doubleclick.net masscdn.com *.payu.com *.doubleverify.com ho.novem.pl gwp.typeform.com; font-src 'self' data: *.survicate.com a.wpimg.pl a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.wpcdn.pl; connect-src 'self' https://fpnpmcdn.net https://api.fpjs.io https://*.api.fpjs.io *.survicate.com *.wpext.pl wpext.pl *.sensic.net a1.newsletter.biznes.gov.pl a2.newsletter.biznes.gov.pl *.videostar.pl *.hit.gemius.pl imppl.tradedoubler.com secure.espago.com wp.tv csi.gstatic.com static.criteo.net bidder.criteo.com *.moatads.com *.meetrics.net wss://poczta.o2.pl wss://nowy.tlen.pl wss://poczta.wp.pl wss://nowapoczta.wp.pl system3secure.pl sentry-2-poczta.grupawp.pl sentry-poczta.grupawp.pl pixel.adsafeprotected.com *.wp.pl *.wpcdn.pl *.money.pl www.google.com pubs2-eu.creativecdn.com v.wpimg.pl a.wpimg.pl profil.o2.pl *.netscore.eu/v2/api/adinfo/ ib.adnxs.com/ptv *.googlesyndication.com *.payu.com *.doubleverify.com ho.novem.pl; report-uri /csp-reports; manifest-src 'self' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://toolstatic.idesk360.com https://dcr.pathao.com https://static.addtoany.com https://ajax.cloudflare.com https://maps.googleapis.com https://googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://toolstatic.idesk360.com https://unpkg.com/ https://hello.myfonts.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.zendesk.com; img-src 'self' data: blob: https://public-content.ap-south-1.linodeobjects.com https://tool.idesk360.com https://toolstatic.idesk360.com https://sociovocal.s3.amazonaws.com https://www.google.com.bd http://pathao.com https://*.w.org https://maps.gstatic.com https://maps.googleapis.com https://googleapis.com https://cdn.pathao.com https://www.google.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://secure.gravatar.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com; connect-src 'self' https://www.facebook.com wss://tool.idesk360.com https://tool.idesk360.com https://analytics.google.com https://arges.pathao.com https://front-police.pathaointernal.com https://my.yoast.com https://script.google.com https://script.googleusercontent.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com/; object-src 'none'; media-src https://toolstatic.idesk360.com; frame-src self https://dcr.pathao.com/ https://static.addtoany.com https://docs.google.com https://static.zdassets.com https://www.youtube.com/ https://staticxx.facebook.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; frame-ancestors 'self' localhost https://business-app.pathao.com 1
default-src 'self' https://*.yieldify.com https://*.yieldify-production.com https://cdn.productreview.com.au/assets/widgets/loader.js https://api.productreview.com.au/ https://trupanionvideo.wistia.com/; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.yieldify.com *.optimizely.com https://fast.wistia.com/ https://gallery.sprinklr.com/  https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com t.contentsquare.net app.contentsquare.com https://view.ceros.com/ *.google-analytics.com accounts.google.com https://assets.pxlecdn.com https://www.youtube.com/iframe_api https://kit.fontawesome.com/2f70a2f846.js https://unpkg.com/ https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com http://www.datejs.com https://github.com https://static.zuora.com/Resources/libs/hosted/1.3.1/zuora-min.js https://sandbox.na.zuora.com/ https://sandbox.na.zuora.com/apps/PublicHostedPageLite.do https://na.zuora.com/apps/PublicHostedPageLite.do https://rest.sandbox.na.zuora.com *.zuora.com https://www.zuora.com https://www.googletagmanager.com https://www.google-analytics.com home-c28.incontact.com bat.bing.com googleads.g.doubleclick.net cdn.bc0a.com google.com cdn1.b0e8.com seal.digicert.com https://t.contentsquare.net https://getrockerbox.com https://rbj26p8v.trupanion.com *.adform.net d.impactradius-event.com www.googleadservices.com assets.pixlee.com td.yieldify.com custom.yieldify.com https://cdn.co-buying.com/embedding.min.js cdn.productreview.com.au https://api.productreview.com.au/ web-modules-de-na1.niceincontact.com https://trupanionvideo.wistia.com/ https://cmp.osano.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://gallery.sprinklr.com/  https://cdn.jsdelivr.net https://pro.fontawesome.com https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com web-modules-de-na1.niceincontact.com https://trupanionvideo.wistia.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.productreview.com.au *.niceincontact.com https://cdn.optimizely.com *.wistia.com/ *.sprinklr.com/  *.fbsbx.com/  *.cdninstagram.com/  https://*.yieldify.com https://*.yieldify-production.com bp.trupanion.com *.azureedge.net *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.contentsquare.net *.eloqua.com track.hubspot.com *.imgix.net https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com bat.bing.com www.google.com www.google.co.in a1.b0e8.com seal.digicert.com https://rbj26p8v.trupanion.com c.az.contentsquare.net logs-01.loggly.com googleads.g.doubleclick.net www.googleadservices.com www.google.ie assets.pixlee.com www.googletagmanager.com ao-de-services.s3.us-west-2.amazonaws.com ao-de-platform-avatars.s3.us-west-2.amazonaws.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: bp.trupanion.com *.productreview.com.au https://gallery.sprinklr.com/  web-modules-de-na1.niceincontact.com https://*.yieldify-production.com fonts.yieldify-production.com/font https://cdn.jsdelivr.net https://ka-p.fontawesome.com https://pro.fontawesome.com/ https://cdnjs.cloudflare.com https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com www.trupanion.com; object-src 'self' bp.trupanion.com; connect-src accounts.google.com https://tattle.api.osano.com/ https://consent.api.osano.com/ https://gallery.sprinklr.com/  server-side-tagging-xqgk2uszeq-uc.a.run.app *.niceincontact.com api.productreview.com.au https://*.yieldify.com *.yieldify-production.com https://yieldify.connectorengine.com fonts.googleapis.com https://logx.optimizely.com *.optimizely.com https://localhost:44355/ *.contentsquare.net *.mktoresp.com *.visualstudio.com *.wistia.com/ https://ka-p.fontawesome.com https://tru-dev-app-memberportal-api.azurewebsites.net https://dev-poweredbyapi-app.azurewebsites.net https://dev-chewympapi-app.azurewebsites.net https://dev-aflacmpapi-app.azurewebsites.net https://tst-chewympapi-app.azurewebsites.net https://tst-aflacmpapi-app.azurewebsites.net https://prd-chewympapi-app.azurewebsites.net https://prd-aflacmpapi-app.azurewebsites.net https://www-stg.chewy.net https://www-dev.chewy.net https://www.chewy.com https://unpkg.com/ https://auth-integration.chewy.com https://auth-stg.chewy.com/ https://auth.chewy.com https://devaflacpetinsurance.b2clogin.com https://testaflacpetinsurance.b2clogin.com https://aflacpetinsurance.b2clogin.com http://devaflacpetinsurance.b2clogin.com http://testaflacpetinsurance.b2clogin.com http://aflacpetinsurance.b2clogin.com https://sandbox.na.zuora.com https://rest.sandbox.na.zuora.com https://na.zuora.com api.zippopotam.us https://www.googletagmanager.com https://www.google-analytics.com maps.googleapis.com google.com ixfd2-api.bc0a.com bat.bing.com https://photos.pixlee.co/ https://assets.pixlee.com/assets/fp.js stats.g.doubleclick.net trupanion.avo2.net c.az.contentsquare.net region1.google-analytics.com td.yieldify.com v2.dc.yieldify.com edge.yieldify.com gateway.yieldify-production.com cdweb.trupanion.com *.zuora.com https://www.zuora.com https://cdn.co-buying.com bp.trupanion.com *.googlesyndication.com https://trupanionvideo.wistia.com/ channels-de-na1.niceincontact.com wss://chat-gateway-de-na1.niceincontact.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net https://trupanionvideo.wistia.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.optimizely.com https://view.ceros.com/ https://c1.adform.net/ bp.trupanion.com https://sandbox.na.zuora.com/ https://na.zuora.com/ *.zuora.com https://www.zuora.com https://unpkg.com/ https://dev-aflacpetinsurance.trupanion.com https://test-aflacpetinsurance.trupanion.com https://aflacpetinsurance.trupanion.com http://dev-aflacpetinsurance.trupanion.com http://test-aflacpetinsurance.trupanion.com http://aflacpetinsurance.trupanion.com https://widget.trustpilot.com https://apisandbox.zuora.com https://www.googletagmanager.com public.tableau.com analytics.clickdimensions.com fast.wistia.net trupanion.qualtrics.com blob: csxd.contentsquare.net trupanion.avo2.net photos.pixlee.co bp.breeder.trupanion.com https://cdn.co-buying.com home-c28.incontact.com https://cdweb.trupanion.com http://cdweb.trupanion.com https://*.yieldify.com td.doubleclick.net https://trupanionvideo.wistia.com/ web-modules-de-na1.niceincontact.com 1
default-src 'self' play.vidyard.com dev.visualwebsiteoptimizer.com geoip-db.com omappapi.com block.opendns.com safe.menlosecurity.com intralinks.cn intralinkscontent.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com www.google-analytics.com analytics.google.com www.googleadservices.com bat.bing.com ml314.com *.g.doubleclick.net *.ceros.com play.vidyard.com storage.googleapis.com tagmanager.google.com *.mxpnl.com connect.facebook.net *.rfihub.net *.rfihub.com *.doubleclick.net *.addtoany.com w.soundcloud.com ajax.googleapis.com assets.pinterest.com *.bizographics.com *.linkedin.com *.mixpanel.com *.mxpnl.com *.addtoany.com ade.clmbtech.com pixel.mathtag.com intlinks.netmng.com *.opmnstr.com cdnjs.cloudflare.com *.visualwebsiteoptimizer.com *.vwo.com snap.licdn.com p.adsymptotic.com munchkin.marketo.net *.marketo.com *.bizible.com *.oktopost.com okt.to *.driftt.com geoip-db.com www3.intralinks.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.omappapi.com hm.baidu.com *.intralinks.com services.intralinks.com cdn.cookielaw.org geolocation.onetrust.com secure.adnxs.com www.clarity.ms s.ml-attr.com ws.zoominfo.com statuspage.io tdmlswx4mxmd.statuspage.io siteimproveanalytics.com *.marketo.com *.6sc.co *.clickagy.com 6sense.com static.zdassets.com cdn01.basis.net intralinks.zendesk.com pod-27.zendesk.com api.smooch.io intralinks.cn intralinkscontent.cn *.salesloft.com www.google.com www.gstatic.com; object-src 'self' intralinks.cn intralinkscontent.cn; style-src 'self' 'unsafe-inline' fonts.googleapis.com c.disquscdn.com tagmanager.google.com *.mxpnl.com www2.intralinks.com optimize.google.com *.vwo.com *.marketo.com www3.intralinks.com *.driftt.com *.driftqa.com *.api.drift.com www.googletagmanager.com *.omappapi.com a.omappapi.com intralinks.cn intralinkscontent.cn; img-src * data: optimize.google.com intralinks.cn intralinkscontent.cn; media-src 'self' *.snapengage.com js.driftqa.com js.driftt.com intralinks.cn intralinkscontent.cn; frame-src 'self' www3.intralinks.com disqus.com ceros.com vidyard.com www.googletagmanager.com www.google-analytics.com analytics.google.com www.googleadservices.com *.ceros.com play.vidyard.com *.rfihub.com *.doubleclick.net  *.addtoany.com www.youtube.com w.soundcloud.com connect.facebook.net www.surveymonkey.com assets.pinterest.com www2.intralinks.com *.bizographics.com *.linkedin.com *.facebook.com pixel.mathtag.com optimize.google.com app.vwo.com *.marketo.com *.driftt.com geoip-db.com share.zencast.fm blob: 'self' statuspage.io tdmlswx4mxmd.statuspage.io live.rezync.com dev.visualwebsiteoptimizer.com pixel.sitescout.com intralinks.cn intralinkscontent.cn www.google.com; child-src 'self' blob: dev.visualwebsiteoptimizer.com  *.vwo.com geoip-db.com blob: 'self' intralinks.cn intralinkscontent.cn; font-src * tagmanager.google.com optimize.google.com intralinks.cn intralinkscontent.cn; connect-src 'self' 'unsafe-inline' tagmanager.google.com *.mxpnl.com *.mixpanel.com *.g.doubleclick.net www.google-analytics.com analytics.google.com www.facebook.com *.addtoany.com *.opmnstr.com *.visualwebsiteoptimizer.com *.vwo.com 414-bkn-706.mktoresp.com geoip-db.com bam.nr-data.net bam-cell.nr-data.net api.omappapi.com *.intralinks.com *.omappapi.com hm.baidu.com bat.bing.com  cdn.cookielaw.org geolocation.onetrust.com privacyportal-eu.onetrust.com www.clarity.ms *.vidyard.com *.zapier.com *.zoominfo.com *.adnxs.com *.6sc.co *.clickagy.com ekr.zdassets.com intralinks.zendesk.com api.smooch.io pixel.sitescout.com *.linkedin.oribi.io *.googlesyndication.com intralinks.cn intralinkscontent.cn *.salesloft.com 1
base-uri 'self'; default-src 'none'; child-src https://irc.animefriends.moe; connect-src 'self' https://mei.kuudere.pw; font-src 'self' data:; form-action 'self' https://mei.kuudere.pw; frame-ancestors 'self'; frame-src 'self' https://www.youtube-nocookie.com https://*.soundcloud.com https://irc.animefriends.moe; img-src 'self' https://rei.kuudere.pw https://mei.kuudere.pw https://animebytes.tv data:; media-src 'self' https://* * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample'; style-src 'self' 'unsafe-inline'; worker-src 'none'; upgrade-insecure-requests 1
default-src * 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com js-agent.newrelic.com pi.pardot.com *.gstatic.com connect.facebook.net *.googletagmanager.com bam.nr-data.net *.google-analytics.com *.clarity.ms bat.bing.com go.spscommerce.com j.6sc.co/6si.min.js googleads.g.doubleclick.net *.intercom.io js.intercomcdn.com *.youtube.com static.ads-twitter.com snap.licdn.com ws.zoominfo.com tag.demandbase.com *.hotjar.com *.calendly.com *.g2.com *.stackadapt.com *.googleadservices.com *.gaconnector.com acsbapp.com *.6sc.co *.6sense.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: cdnjs.cloudflare.com bat.bing.com *.stackadapt.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: ps.w.org *.google.com bat.bing.com b.6sc.co *.facebook.com js.intercomcdn.com analytics.twitter.com *.spscommerce.com *.linkedin.com match.prod.bidr.io id.rlcdn.com *.company-target.com t.co *.g2.com *.stackadapt.com *.doubleclick.net *.clarity.ms s.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com www.googletagmanager.com; connect-src 'self' bat.bing.com bam.nr-data.net stats.g.doubleclick.net google-analytics.com ipv6.6sc.co secure.adnxs.com wss://nexus-websocket-a.intercom.io *.clarity.ms api.company-target.com *.hotjar.io *.facebook.com *.hotjar.com cdn.linkedin.oribi.io c.6sc.co adservice.google.com ws.zoominfo.com *.intercom.io wss://ws47.hotjar.com wss://*.hotjar.com *.stackadapt.com *.demandbase.com *.gaconnector.com *.linkedin.com *.acsbapp.com acsbapp.com www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com fonts.intercomcdn.com data: fonts.googleapis.com; object-src * *.stackadapt.com; media-src * js.intercomcdn.com; frame-src 'self' maps.googleapis.com *.youtube.com *.google.com *.facebook.com vars.hotjar.com go.spscommerce.com *.calendly.com *.company-target.com *.demandbase.com calendly.com *.getreprise.com go.pardot.com *.iheart.com *.doubleclick.net youtube.com spscommerce.my.site.com maps.google.com www.googletagmanager.com; child-src 'self' www.googletagmanager.com; frame-ancestors * spscommerce.my.site.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://www.spscommerce.com?gdsih-csp-report; 1
default-src http:  https: wss: data: blob: 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; report-uri https://ncreports.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors 'self' *.translate.goog translate.google.com; 1
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 1
frame-ancestors 'none'; default-src * data: blob: 'self'; img-src https://*.hotjar.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu 'self' blob: data: filesystem: https:; script-src *.uizard.io uizard.io https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://*.cookiebot.com https://*.hotjar.com typeform.com *.typeform.com https://analytics.tiktok.com https://www.redditstatic.com https://pvdpix.com https://*.pvdpix.com https://*.mouseflow.com *.clarity.ms clarity.ms https://bat.bing.com cookieinformation.com *.cookieinformation.com https://js-eu1.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.sentry.io sentry.io https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com *.google.com google.com *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.facebook.net facebook.net 127.0.0.1:* *.ads-twitter.com ads-twitter.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.oribi.io oribi.io *.licdn.com licdn.com *.linkedin.com linkedin.com *.twitter.com twitter.com *.stripe.com stripe.com *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; style-src https://*.hotjar.com https://optimize.google.com https://fonts.googleapis.com data: blob: 'unsafe-inline' *; connect-src *.uizard.io uizard.io https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://*.hscollectedforms.net https://*.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com typeform.com *.typeform.com https://analytics.tiktok.com https://facebook.com https://pvdpix.com https://*.pvdpix.com *.oribi.io oribi.io *.licdn.com licdn.com *.linkedin.com linkedin.com *.clarity.ms clarity.ms https://bat.bing.com https://forms-eu1.hubspot.com cookieinformation.com *.cookieinformation.com *.sentry.io sentry.io *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.google.com google.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com ws://localhost:* *.stripe.com stripe.com wss://*.uizard.io wss://*.pendo.io *.intercom.io intercom.io *.intercomcdn.com intercomcdn.com *.intercomcdn.eu intercomcdn.eu wss://*.intercom.io blob: data: 'self'; font-src https://*.hotjar.com https://fonts.gstatic.com *.intercomcdn.com *.uizard.io uizard.io data: blob: 'self';frame-src https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://*.cookiebot.com https://*.hotjar.com https://form.typeform.com https://www.google.com https://www.youtube.com https://www.facebook.com cookieinformation.com *.cookieinformation.com https://optimize.google.com *.uizard.io uizard.io data: blob: 'self';block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors 'self' http://webvisor.com *.custhelp.com 1
frame-ancestors 'self' https://*.sayweee.net/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: ws: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: blob: *.pivotaltracker.com *.swiftypecdn.com *.typekit.net *.addthis.com *.addthisedge.com *.mxpnl.com *.mixpanel.com *.cloudflare.com *.trustarc.com *.cookielaw.org *.vmware.com *.onetrust.com *.stripe.com *.digitalriver.com *.google.com *.googleapis.com *.googleadservices.com *.googletagmanager.com googleads.g.doubleclick.net *.google-analytics.com lumos.esp-staging.vmware-aws.com/ lumos.vmware.com/ lumos.esp.eng.vmware.com/ *.digitalriver.com *.jsdelivr.net *.newrelic.com *.nr-data.net; report-uri /services/area_51/security_content_violations 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob:; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.mundo-r.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co 212.55.1.138 1
upgrade-insecure-requests; frame-ancestors *.urbia.de; frame-src *; 1
frame-ancestors 'self' https://webarchive.multiplace.org; 1
frame-ancestors 'self' gvtc.com *.gvtc.com *.zagclients.net 1
default-src 'none'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' https:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src https://civi.digitalcourage.de https://digitalcourage.video https://streaming.media.ccc.de; frame-ancestors https://*.rc3.world https://*.rc3.cccv.de https://party.tabascoeye.de; 1
default-src 'self' * data: blob: https: *.wizcase.com wizcase.com ; script-src 'self' * 'unsafe-inline' 'unsafe-eval' *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net *.googlesyndication.com  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.hhtpp.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: wizcase.com *.wizcase.com  *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blog: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
frame-src 'self' vimeo.com player.vimeo.com www.googletagmanager.com  www.youtube.com *.marketo.com *.widencdn.net *.spe.org cdn.knightlab.com widget.taggbox.com www.google.com www.slideshare.net share.transistor.fm spe.widen.net www.podbean.com  player.flipsnack.com ;  report-uri https://www.spe.org/csp/log/ 1
base-uri 'self'; default-src omniatech.io *.omniatech.io; frame-src x.adroll.com adroll.com gleam.io app.hubspot.com app.calconic.com; style-src *; style-src-elem * 'unsafe-inline'; style-src-attr 'unsafe-inline' *; script-src-elem 'unsafe-inline' www.googleadservices.com widget.gleamjs.io js.usemessages.com omniatech.io *.hs-banner.com js.hscollectedforms.net www.googletagmanager.com *.adroll.com adroll.com connect.facebook.net script.hotjar.com static.hotjar.com www.google-analytics.com snap.licdn.com static.cloudflareinsights.com js.hs-analytics.net *.hs-scripts.com; script-src 'unsafe-inline' 'unsafe-eval' omniatech.io *.omniatech.io js.hs-banner.com js.hs-analytics.net *.hs-scripts.com  js.usemessages.com adroll.com *.adroll.com www.googletagmanager.com; img-src data: *; media-src *; font-src 'self' data: *; connect-src *; report-uri https://csp-violation-listener.omnia.workers.dev; 1
default-src 'self'; report-uri https://o10593.ingest.sentry.io/api/5618425/security/?sentry_key=54d0c29782ec4d72b8056774cde6647a; upgrade-insecure-requests; 1
frame-ancestors 'self' http://*.hftmagnates.com/ https://*.hftmagnates.com/ http://fm.fmpedia.lc/ https://fm.fmpedia.lc/ http://fl.fmpedia.lc/ https://fl.fmpedia.lc/ https://localhost:3002/ https://localhost:3004/ https://localhost:3006/ https://financemagnates.com/ https://financemagnates.com:3002/ https://*.financemagnates.com/ https://*.financemagnates.com:3002/ https://*.financemagnates.com:3004/ https://forexlive.com/ https://forexlive.com:3006/ https://*.forexlive.com/ https://*.forexlive.com:3006/; 1
default-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; connect-src 'self' https://cms.boerse-frankfurt.de/ https://analytics.deutsche-boerse.com/ http://analytics-sim.deutsche-boerse.com:8443/ https://analytics-sim.deutsche-boerse.com:8443/ https://*.userlike.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ wss://umd.userlike.com/ https://userlike-cdn-umm.b-cdn.net/ https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-operators.userlike.com/ https://userlike-cdn-widgets.userlike.com/ https://www.youtube.com/ https://stats.g.doubleclick.net https://bat.bing.com/ http://api-gateway/v1/ https://sso.boerse-frankfurt.de/ https://mobile-api.boerse-frankfurt.de/unleash https://mobile-api.boerse-frankfurt.de/unleash/client/metrics wss://mds.ariva-services.de/api/v1/marketstates/ws https://api.boerse-frankfurt.de/v1/mdstokenservice/ https://api.boerse-frankfurt.de/ https://*.boerse-frankfurt.de/; frame-src 'self' blob: https://*.vontobel.com https://www.youtube-nocookie.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.boerse-frankfurt.de https://www.google.com/ https://www.werwirdaktionaer.de/wwa/ https://www.werwirdaktionaer.de/wwa_schueler/ https://www.podcaster.de/ https://www.werwirdaktionaer.de/wwa/ https://www.werwirdaktionaer.de/wwa_schueler/; script-src 'self' https://cms.boerse-frankfurt.de/ https://analytics.deutsche-boerse.com/ http://analytics-sim.deutsche-boerse.com:8443/ https://analytics-sim.deutsche-boerse.com:8443/ https://*.userlike.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ wss://umd.userlike.com/ https://userlike-cdn-umm.b-cdn.net/ https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-operators.userlike.com/ https://userlike-cdn-widgets.userlike.com/ https://www.youtube.com/ https://stats.g.doubleclick.net https://bat.bing.com/ https://www.gstatic.com/charts/ https://platform.twitter.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'sha256-nL2mFRMVAY+0lZ9Gwzpvq22ER8MgmkxEV9f1K1MUVEc=' 'sha256-gXdTC0eBRttn35g38VWPZIZEAoBpXDlAsPMmH+8Smww=' 'sha256-FOpTQzNbEA1aP7/4QTPbqpuvybkRPbNAlDgBO7Cz65Y=' 'sha256-q4+R1TAdvMMStD1G/Bq+WQuiok3CtCtFveHOFFc4aaY=' 'sha256-EkfbOWcQRXYISFt1MoPRt/gnsgjmwt1cb1XK9EhIE18=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'sha256-N9e1tGxQnBQxRZsLfacJh9nS56HygtbQL/UwfxPi8y8=' 'sha256-Q+D/f3WqGeAX9CzFC4zXwVauFencuFghKrjMR0Qq2E8=' 'sha256-RbJBqlerz8MEZh2M28xnJ92I5eesS7VzETvpsA+89CQ=' 'sha256-Imv8rgvxn2GP4QJH/s+T5I8tEtsRwclyX3+LH36ke+U=' 'sha256-pVP3wiRK6EgotPvbJ2R65xpjHaVawiUq7xpvmES7HRA=' 'sha256-0Ql1J31jzC6EHJM2MUoUyEgmRntzyhoDq7h/gZw/BuQ=' 'unsafe-eval' https://www.boerse-frankfurt.de/; style-src 'self' 'unsafe-inline' https://www.gstatic.com/charts/ ; img-src 'self' blob: data: https://cms.boerse-frankfurt.de/ https://erscontent.deutsche-boerse.com/ https://charts.boerse-frankfurt.de/boerse_frankfurt_widgets/chart.m https://*.pressetext.com/ https://*.ytimg.com/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://userlike-cdn-operators.userlike.com/ https://*.boerse-frankfurt.de ; font-src 'self' moz-extension: https://userlike-cdn-umm.b-cdn.net/ https://fonts.gstatic.com/ ; media-src 'self' data: ; manifest-src 'self'; report-uri /csp-violation; 1
object-src 'none'; base-uri 'none'; frame-ancestors 'self'; 1
default-src 'self' https://cdn.plaid.com; img-src 'self' blob: data: 'unsafe-eval' https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io https://appboy-images.com https://braze-images.com https://*.auth0.com https://apis.google.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://graph.facebook.com https://*.cdn-apple.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.hotjar.com https://*.hotjar.io 'sha256-iYDFWdiLaGb5hLgdFecoKhV4+91oPQ6gxADNwXKhi+s=' 'sha256-fAJzZT0Vxk64WnBnGQSLnJOmwGLvA2QSpUCuvbHrNdw=' https://*.sprig.com https://*.userleap.com https://invoice2go.imgix.net https://*.paypal.com https://www.paypalobjects.com https://*.plaid.com https://*.polyfill.io https://*.stripe.com https://*.segment.com 'sha256-VPPCO3Yg1BEMk6f6otG7yvvF37qO9BK0bSKTghqoyZU=' 'sha256-/1ovuRQeMmHIqWc3qZB0/dl/ogBffr4EwAzr/6c3n6M=' https://*.segment.io https://*.xg4ken.com 'sha256-X1AuYHrYlt4hnWQcB+PLVGW3X7t8stEXZsC4TUfOVcI=' https://*.stream-io-api.com wss://*.stream-io-api.com https://fullstory.com https://*.fullstory.com aa06381e422845bcfd376272b3829517968c9feab63cb1d4f93be5c13e27a199 https://*.verygoodproxy.com https://*.adyen.com https://*.ada.support https://*.braintreegateway.com https://*.braintree-api.com https://js.appboycdn.com https://*.braze.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://*.here.com https://*.online-metrix.net https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cdn.cookielaw.org/ https://*.onetrust.com/ https://pay.google.com https://google.com/pay; script-src 'self' 'sha256-0gX7MVaziwZI03OJcsBDa+4aYMci0B1e7aou+pzD0xY=' 'sha256-hiqb4fWCaV08nLFyXSq1oQATiEiYPPt6lh1SN75Sm/A=' https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io https://appboy-images.com https://braze-images.com https://*.auth0.com https://apis.google.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://graph.facebook.com https://*.cdn-apple.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.hotjar.com https://*.hotjar.io 'sha256-iYDFWdiLaGb5hLgdFecoKhV4+91oPQ6gxADNwXKhi+s=' 'sha256-fAJzZT0Vxk64WnBnGQSLnJOmwGLvA2QSpUCuvbHrNdw=' https://*.sprig.com https://*.userleap.com https://invoice2go.imgix.net https://*.paypal.com https://www.paypalobjects.com https://*.plaid.com https://*.polyfill.io https://*.stripe.com https://*.segment.com 'sha256-VPPCO3Yg1BEMk6f6otG7yvvF37qO9BK0bSKTghqoyZU=' 'sha256-/1ovuRQeMmHIqWc3qZB0/dl/ogBffr4EwAzr/6c3n6M=' https://*.segment.io https://*.xg4ken.com 'sha256-X1AuYHrYlt4hnWQcB+PLVGW3X7t8stEXZsC4TUfOVcI=' https://*.stream-io-api.com wss://*.stream-io-api.com https://fullstory.com https://*.fullstory.com aa06381e422845bcfd376272b3829517968c9feab63cb1d4f93be5c13e27a199 https://*.verygoodproxy.com https://*.adyen.com https://*.ada.support https://*.braintreegateway.com https://*.braintree-api.com https://js.appboycdn.com https://*.braze.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://*.here.com https://*.online-metrix.net https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cdn.cookielaw.org/ https://*.onetrust.com/ https://pay.google.com https://google.com/pay 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' ws: https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io https://appboy-images.com https://braze-images.com https://*.auth0.com https://apis.google.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://graph.facebook.com https://*.cdn-apple.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.hotjar.com https://*.hotjar.io 'sha256-iYDFWdiLaGb5hLgdFecoKhV4+91oPQ6gxADNwXKhi+s=' 'sha256-fAJzZT0Vxk64WnBnGQSLnJOmwGLvA2QSpUCuvbHrNdw=' https://*.sprig.com https://*.userleap.com https://invoice2go.imgix.net https://*.paypal.com https://www.paypalobjects.com https://*.plaid.com https://*.polyfill.io https://*.stripe.com https://*.segment.com 'sha256-VPPCO3Yg1BEMk6f6otG7yvvF37qO9BK0bSKTghqoyZU=' 'sha256-/1ovuRQeMmHIqWc3qZB0/dl/ogBffr4EwAzr/6c3n6M=' https://*.segment.io https://*.xg4ken.com 'sha256-X1AuYHrYlt4hnWQcB+PLVGW3X7t8stEXZsC4TUfOVcI=' https://*.stream-io-api.com wss://*.stream-io-api.com https://fullstory.com https://*.fullstory.com aa06381e422845bcfd376272b3829517968c9feab63cb1d4f93be5c13e27a199 https://*.verygoodproxy.com https://*.adyen.com https://*.ada.support https://*.braintreegateway.com https://*.braintree-api.com https://js.appboycdn.com https://*.braze.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://*.here.com https://*.online-metrix.net https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cdn.cookielaw.org/ https://*.onetrust.com/ https://pay.google.com https://google.com/pay; frame-src 'self' blob: data: https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io https://appboy-images.com https://braze-images.com https://*.auth0.com https://apis.google.com https://accounts.google.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://graph.facebook.com https://*.cdn-apple.com https://cdnjs.cloudflare.com https://*.amplitude.com https://*.hotjar.com https://*.hotjar.io 'sha256-iYDFWdiLaGb5hLgdFecoKhV4+91oPQ6gxADNwXKhi+s=' 'sha256-fAJzZT0Vxk64WnBnGQSLnJOmwGLvA2QSpUCuvbHrNdw=' https://*.sprig.com https://*.userleap.com https://invoice2go.imgix.net https://*.paypal.com https://www.paypalobjects.com https://*.plaid.com https://*.polyfill.io https://*.stripe.com https://*.segment.com 'sha256-VPPCO3Yg1BEMk6f6otG7yvvF37qO9BK0bSKTghqoyZU=' 'sha256-/1ovuRQeMmHIqWc3qZB0/dl/ogBffr4EwAzr/6c3n6M=' https://*.segment.io https://*.xg4ken.com 'sha256-X1AuYHrYlt4hnWQcB+PLVGW3X7t8stEXZsC4TUfOVcI=' https://*.stream-io-api.com wss://*.stream-io-api.com https://fullstory.com https://*.fullstory.com aa06381e422845bcfd376272b3829517968c9feab63cb1d4f93be5c13e27a199 https://*.verygoodproxy.com https://*.adyen.com https://*.ada.support https://*.braintreegateway.com https://*.braintree-api.com https://js.appboycdn.com https://*.braze.com https://www.googletagmanager.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://www.facebook.com https://connect.facebook.net https://bat.bing.com https://*.here.com https://*.online-metrix.net https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://cdn.cookielaw.org/ https://*.onetrust.com/ https://pay.google.com https://google.com/pay; frame-ancestors 'self' https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io; prefetch-src https://cdn.plaid.com; object-src https://*.2go.com https://*.invoice2go.com https://*.invoice2go.io https://*.invoice2go.net https://*.int.invoice2go.io https://*.qa.invoice2go.io https://*.staging.invoice2go.io; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub303d2111d8dad5ce8c6ac15b1141002d&dd-evp-origin=content-security-policy&ddsource=cf-csp-header&ddtags=service%3Acsp%2Cenv%3Aprod 1
default-src 'none'; frame-ancestors 'none'; frame-src 'none'; object-src 'none'; worker-src 'none'; manifest-src 'self'; form-action 'self'; connect-src 'self' https://www.rottentomatoes.com; media-src 'self'; base-uri 'self'; img-src 'self' 'unsafe-inline' data: https: http:; style-src 'self' 'unsafe-inline' https: http:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/jsapi https://www.google.com/uds/ 1
default-src 'self' https://*.tellja.eu https://siteintercept.qualtrics.com https://*.clarity.ms https://bat.bing.com https://admin.df.eu/ https://analytics.aklamio.com https://*.ampproject.org https://*.lpsnmedia.net https://*.tealiumiq.com https://*.google.com https://*.google.de https://*.doubleclick.net https://*.optimizely.com https://www.google-analytics.com https://*.facebook.com; connect-src 'self' https://www.sjwoe.com https://www.emjcd.com https://*.analytics.google.com wss://lo.msg.liveperson.net/ https://*.googlesyndication.com https://www.google-analytics.com https://*.tellja.eu https://*.bing.com https://*.doubleclick.net https://*.metrics.convertexperiments.com https://*.convertexperiments.com https://*.optimizetoolkit.com; style-src 'self' 'unsafe-inline' https://github.githubassets.com https://fonts.googleapis.com https://*.amazonaws.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://pix.hyj.mobi https://d.hyj.mobi https://*.tellja.eu https://*.googletagmanager.com https://*.amazonaws.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://gist.github.com https://my.tealiumiq.com http://tags.tiqcdn.com https://*.clarity.ms https://*.omnitagjs.com https://*.adnxs.com https://*.aklamio.com https://*.doubleclick.net https://java.com https://tags.tiqcdn.com https://*.cloudstorage.secureserver.net https://static-artifact.heg-cp.com https://cdn.polyfill.io https://www.google.com https://www.gstatic.com https://*.optimizely.com https://www.googleadservices.com https://bat.bing.com https://www.dwin1.com https://connect.facebook.net https://www.google-analytics.com ajax.googleapis.com https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org https://*.wsimg.com https://*.liveperson.net https://*.lpsnmedia.net; font-src 'self' https://fonts.gstatic.com https://optimizely.github.io; object-src 'self'; img-src 'self' 'unsafe-inline' https://sync.1rx.io https://simage2.pubmatic.com https://e1.emxdgt.com https://s.ad.smaato.net https://rtb-csync.smartadserver.com https://sync.targeting.unrulymedia.com https://ups.analytics.yahoo.com https://csync.loopme.me https://ad.yieldlab.net https://pixel.rubiconproject.com https://ad.360yield.com https://ih.adscale.de https://*.openx.net https://*.connectad.io https://inv-nets.admixer.net https://usync.vrtcal.com https://*.pubmine.com https://cm.adform.net https://*.bidswitch.net https://*.casalemedia.com https://*.tellja.eu https://*.tellja.de https://*.tellja.eu https://my.tealiumiq.com https://collect.tealiumiq.com https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://siteintercept.qualtrics.com https://*.google.co.uk https://analytics.twitter.com https://paintbrush.heg-cp.com https://*.clarity.ms https://*.bing.com https://irp.cdn-website.com https://*.atdmt.com https://*.zemanta.com https://*.trustpilot.com https://*.aklamio.com https://img1.wsimg.com https://*.lpsnmedia.net https://java.com https://www.df.eu/ data: https://i.ytimg.com https://*.g.doubleclick.net https://bat.bing.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.de https://t.co https://*.multiscreensite.com; frame-src 'self' mailto: https://*.liveperson.net/ https://*.tellja.eu https://*.df.eu https://*.dftest.eu https://*.qualtrics.com/ https://*.doubleclick.net https://www.youtube-nocookie.com https://*.aklamio.com https://lo.tokenizer.liveperson.net https://pixel.bsmartdata.com https://www.google.com https://*.optimizely.com  https://*.convertexperiments.com https://*.metrics.convertexperiments.com https://*.optimizetoolkit.com https://*.facebook.com https://*.facebook.net www.youtube.com *.vimeo.com *.vimeocdn.com https://*.fls.doubleclick.net https://*.lpsnmedia.net https://server.lon.liveperson.net/; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=FR&lang=fr-FR&device=desktop&yrid=79aeh99j45dug&partner=; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self' blob: 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.maxymiser.net https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://*.oracleinfinity.io/ https://*.qualtrics.com https://*.tealiumiq.com https://tags.tiqcdn.com https://*.gbqofs.io https://*.gbqofs.com https://d2oh4tlt9mrke9.cloudfront.net/Record/js/sessioncam.recorder.js https://*.euw2.pure.cloud ; object-src 'self' https://*.euw2.pure.cloud; img-src 'self' data: https://service.maxymiser.net https://cdn.optimizely.com https://*.oracleinfinity.io/ https://siteintercept.qualtrics.com https://*.sessioncam.com  https://*.gbqofs.io https://*.gbqofs.com https://*.euw2.pure.cloud https://*.ytimg.com; media-src 'self' https://*.euw2.pure.cloud; frame-src 'self' https://www.youtube-nocookie.com https://service.maxymiser.net https://nsandihowdidwedo.eu.qualtrics.com/ https://*.euw2.pure.cloud; child-src https://*.euw2.pure.cloud; font-src *; connect-src 'self' https://shyrka-prod-euw2.s3.eu-west-2.amazonaws.com https://*.euw2.pure.cloud wss://*.euw2.pure.cloud https://*.oracleinfinity.io/ https://siteintercept.qualtrics.com/ https://collect.tealiumiq.com/event; report-uri /csp/csp-report 1
frame-ancestors 'self' https://www.iobeducacao.com *.userguiding.com *.iob.com.br 1
default-src 'self';  style-src 'self' 'unsafe-inline'; frame-src blob: 'self' https://*.capitalone.com https://*.arcot.com https://*.rsa3dsauth.com https://*.duosecurity.com https://*.jailatm.com https://*.cardinalcommerce.com; connect-src https://*.jailatm.com wss://*.jailatm.com https://*.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com https://facilitydocsprod.blob.core.windows.net https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://ssl.google-analytics.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://*.cardinalcommerce.com https://*.ccdc02.com; media-src blob: https://*.jailatm.com http://*.jailatm.com;frame-ancestors 'self'; img-src 'self' blob: data: https://*.jailatm.com https://bam.nr-data.net https://ssl.google-analytics.com; report-uri https://prod-85.eastus.logic.azure.com:443/workflows/5ab0d436f1e94b2ebb498123cf4e6237/triggers/manual/paths/invoke?api-version=2016-10-01&sp=%2Ftriggers%2Fmanual%2Frun&sv=1.0&sig=5-sg8d7JXNkpqHqBZg7Z_eRksM6krb36tWkzTRxxavc 1
default-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.wistia.com https://*.wistia.net https://*.saasexch.com https://*.saasexch.co;script-src blob: 'self' 'nonce-02b4de7a-b272-47f2-a5a7-92c8a1c3763d' https://cdn.ampproject.org https://bat.bing.com/ https://www.googletagmanager.com https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://www.youtube.com https://optimize.google.com https://monitor.geetest.com https://static.geetest.com https://api.geetest.com https://fast.wistia.com https://bin.bnbstatic.com https://www.googleanalytics.com https://www.googleoptimize.com https://*.analytics.google.com https://cdn.cookielaw.org https://euob.segreencolumn.com https://public.bnbstatic.com https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com 'unsafe-inline' 'unsafe-eval' https://*.saasexch.com https://*.saasexch.co https://accounts.binance.com https://www.google.com https://*.wistia.com https://*.wistia.net https://src.litix.io data:;style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://optimize.google.com https://fonts.googleapis.com https://dn-staticdown.qbox.me https://static.geetest.com;font-src 'self' data: https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://at.alicdn.com https://fonts.gstatic.com;connect-src 'self' https://api.saasexch.com https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://log.bntrace.com https://api.saasexch.com/bapi/themis/api/ wss://stream.binance.com wss://nbstream.binance.com wss://haodesk.binance.im https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.agora.io:* https://*.edge.agora.io:* https://*.sd-rtn.com:* https://*.edge.sd-rtn.com:* wss://*.agora.io:* wss://*.edge.agora.io:* wss://*.sd-rtn.com:* wss://*.edge.sd-rtn.com:* wss://chat-wss.yshyqxx.com https://*.s3-accelerate.amazonaws.com wss://*.binance.com https://*.binance.com https://frontend-m.binance.cloud https://sensors.binance.cloud https://report.binance.gg https://*.sentry.io https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net 'self' data: https://www.binance.com https://bat.bing.com/ https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://www.google.com/ https://image.binance.vision https://ask-api.binance.vision wss://stream.binance.com:9443 wss://ws.blockchain.info https://cdn.ampproject.org https://*.hotjar.com wss://*.hotjar.com https://*.analytics.google.com https://accounts.binance.com https://cdn.cookielaw.org wss://chat-wss.binance.com https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://data-collect.toolsfdg.net;img-src 'self' data: blob: 'self' data: https://bat.bing.com/ https://www.googletagmanager.com/ https://image.binance.vision http://www.google-analytics.com https://www.google-analytics.com https://*.analytics.google.com https://optimize.google.com https://static.geetest.com https://dn-staticdown.qbox.me https://bin.bnbstatic.com https://public.bnbstatic.com https://cdn.cookielaw.org https://obseu.segreencolumn.com https://www.google.com/ https://d383i2qzdd3zq2.cloudfront.net https://geolocation.onetrust.com https://privacyportal-bn.my.onetrust.com https://sensors.binance.cloud https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com https://*.saasexch.com https://*.saasexch.co https://public-1259603563.file.myqcloud.com https://static-file-1259603563.file.myqcloud.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://analytics.twitter.com https://t.co https://www.facebook.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://public.nftstatic.com;media-src 'self' https://bin.bnbstatic.com https://public.bnbstatic.com https://*.saasexch.com https://*.saasexch.co https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://upload-bnbstatic-com.s3.ap-northeast-1.amazonaws.com;frame-src 'self' 'self' data: https://www.youtube.com https://fast.wistia.net https://embed.theblockcrypto.com https://vars.hotjar.com https://optimize.google.com https://fast.wistia.com https://bid.g.doubleclick.net;object-src 'none';base-uri 'self' 1
default-src 'self' *.mapbox.com *.lsy.pl; img-src 'self' blob:  data: https://analytics.lhsystems.pl/; frame-src https://www.google.com/  https://www.youtube.com/; font-src 'self' *.lhsystems.pl *.lsy.pl https://fonts.gstatic.com; object-src 'self'; form-action 'self'; script-src https://www.gstatic.com/recaptcha/  https://www.google.com/recaptcha/ 'unsafe-inline'  blob: 'self' *.mapbox.com *.lhsystems.pl *.lsy.pl; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests; style-src 'unsafe-inline'  'self' *.lsy.pl; report-uri 'none'; 1
style-src 'self' 'unsafe-inline' https://u2p6d2m2.stackpathcdn.com https://capfriendlysite.b-cdn.net https://cdn.capfriendly.com https://cdn2.capfriendly.com https://ajax.googleapis.com https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://a.pub.network; style-src-attr 'self' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self' *.capfriendly.com; 1
default-src 'self' 'unsafe-inline' data: blob: suncountry.com *.suncountry.com *.googleapis.com; connect-src 'self' suncountry.com *.suncountry.com *.contentful.com *.ctfassets.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.optimizely.com *.securitytrfx.com *.quantummetric.com *.airtrfx.com *.firstdata.com *.google.com https://www.googleadservices.com https://www.facebook.com https://dc.services.visualstudio.com https://photos.hotelbeds.com https://www.avis.com https://www.budget.com https://bat.bing.com https://connect.facebook.net *.doubleclick.net *.id90travel.com https://mobileimg.priceline.com https://i.travelapi.com https://s3.amazonaws.com/ https://www.hotelresb2b.com https://cdn.smyrooms.com https://images.getaroom-cdn.com https://d2r6h9rpqrv9sk.cloudfront.net https://d3sd9rhf6miwzv.cloudfront.net *.sojern.com https://insight.adsrvr.org https://jelly.mdhv.io *.uplift-platform.com *.uplift.com *.cookielaw.org *.adnxs.com *.adsrvr.org *.onetrust.com *.youtube.com *.everymundo.net *.everymundo.workers.dev *.mountain.com https://44.238.122.172 https://100.20.58.101 https://35.85.84.151 https://44.228.85.26 https://34.215.155.61 https://35.160.46.251 https://cdnjs.cloudflare.com https://52.71.121.170 https://44.212.189.233 https://52.22.50.55 https://3.212.39.155 https://18.210.229.244 *.tvsquared.com *.rokt.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.firstdata.com *.cardinalcommerce.com *.optimizely.com *.securitytrfx.com *.quantummetric.com https://www.googleadservices.com https://h.online-metrix.net https://widget.surveymonkey.com https://bat.bing.com https://www.facebook.com https://connect.facebook.net https://cdn.cookielaw.org https://6131357.collect.igodigital.com https://em-frontend-assets.airtrfx.com suncountry.com *.suncountry.com *.google.com *.gstatic.com *.doubleclick.net *.sojern.com *.uplift-platform.com *.uplift.com *.cookielaw.org https://assets.airtrfx.com *.mountain.com https://cdnjs.cloudflare.com *.tvsquared.com https://psy-prod.airtrfx.com *.rokt.com; img-src 'self' data: suncountry.com *.suncountry.com *.google-analytics.com *.ctfassets.net *.google.com https://bat.bing.com https://photos.hotelbeds.com https://www.avis.com https://www.budget.com https://assets.airtrfx.com https://www.facebook.com https://cx.atdmt.com https://i.ytimg.com *.doubleclick.net *.id90travel.com https://mobileimg.priceline.com https://i.travelapi.com https://s3.amazonaws.com https://www.hotelresb2b.com https://cdn.smyrooms.com https://images.getaroom-cdn.com https://d2r6h9rpqrv9sk.cloudfront.net https://d3sd9rhf6miwzv.cloudfront.net *.sojern.com https://insight.adsrvr.org https://jelly.mdhv.io *.uplift-platform.com *.uplift.com *.adnxs.com *.adsrvr.org *.cookielaw.org *.youtube.com https://cdn.optimizely.com *.tvsquared.com https://arttrk.com; frame-src *.optimizely.com *.doubleclick.net *.firstdata.com https://h.online-metrix.net https://em-frame.securitytrfx.com/ https://www.youtube.com suncountry.com *.suncountry.com *.google.com *.uplift-platform.com *.uplift.com *.quantummetric.com *.sojern.com *.airtrfx.com *.rokt.com; font-src 'self' *.gstatic.com https://em-fonts-prod.airtrfx.com suncountry.com *.suncountry.com https://em-fonts.everymundo.net https://assets.airtrfx.com; worker-src 'self' data: blob: suncountry.com *.suncountry.com; style-src 'self' 'unsafe-inline' suncountry.com *.suncountry.com *.googleapis.com https://em-frontend-assets.airtrfx.com https://assets.airtrfx.com; 1
default-src 'self'; child-src https://www.google.com; block-all-mixed-content; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.clarity.ms https://bat.bing.com https://cdn.jsdelivr.net https://chat.botyto.com https://sc.lfeeder.com https://snap.licdn.com https://accounts.google.com https://*.claspo.io https://*.firstpromoter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://optimize.google.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://static.claspo.io https://cdn.amplitude.com *.esputnik.com https://www.googleoptimize.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' https://chat.botyto.com/* https://*.claspo.io https://cdn.firstpromoter.com https://snap.licdn.com https://accounts.google.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://statics.esputnik.com https://static.claspo.io https://static.claspo.tech https://cdn.amplitude.com https://www.googleadservices.com https://www.googleoptimize.com https://optimize.google.com *.plerdy.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://accounts.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://www.googleoptimize.com https://cdnjs.cloudflare.com https://static.claspo.io https://optimize.google.com https://fonts.googleapis.com; img-src 'self' data: *.cookiebot.com *.clarity.ms https://bat.bing.com https://tr-rc.lfeeder.com https://chat.botyto.com https://tr.lfeeder.com https://www.google.nl https://px.ads.linkedin.com https://platform-lookaside.fbsbx.com https://i.ytimg.com https://cdnjs.cloudflare.com https://www.google.no https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.googleoptimize.com *.fbcdn.net https://lh3.googleusercontent.com https://graph.facebook.com https://forms.esputnik.com *.claspo.io *.claspo.tech https://optimize.google.com https://claspo.io https://www.google.com.ua https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com *.claspo.tech *.claspo.io https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com; object-src 'self' https://static.claspo.tech https://static.claspo.io; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' *.cookiebot.com *.clarity.ms https://cdn.growthbook.io https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://*.firstpromoter.com https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://consentcdn.cookiebot.com https://www.google.com.ua https://stats.g.doubleclick.net https://www.googleadservices.com *.esputnik.com esputnik.com https://analytics.google.com https://securetoken.googleapis.com wss://*.plerdy.com *.claspo.tech *.claspo.io https://www.facebook.com https://www.googleapis.com https://www.google-analytics.com *.plerdy.com; frame-src 'self' https://consentcdn.cookiebot.com https://chat.botyto.com https://td.doubleclick.net https://consentcdn.cookiebot.com https://a.plerdy.com https://static.claspo.io https://static.claspo.tech https://bid.g.doubleclick.net https://www.facebook.com https://www.youtube.com https://optimize.google.com https://www.google.com https://accounts.google.com https://claspo-338918.firebaseapp.com https://claspo-prod.firebaseapp.com; 1
default-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.youtube.com cdn.cookielaw.org *.sharethis.com *.googletagmanager.com *.googleapis.com snap.licdn.com *.hotjar.com *.force.com tag.demandbase.com *.facebook.net *.salesforceliveagent.com accessibilityserver.org *.userway.org *.newrelic.com *.onelink-edge.com unpkg.com *.cloudflare.com www.onelink-edge.com *.docksal.site:* www.google.com segments.company-target.com www.gstatic.com *.salesforce.com *.salesforce-sites.com *.hotjar.io assets.pinterest.com www.googleadservices.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.force.com *.sharethis.com fonts.googleapis.com *.salesforce-sites.com *.salesforce.com; img-src 'self' 'unsafe-inline' cdn.cookielaw.org *.youtube.com data: match.prod.bidr.io segments.company-target.com px.ads.linkedin.com *.ads.linkedin.com *.linkedin.com *.facebook.com id.rlcdn.com certainteed.widen.net *.googleapis.com *.widencdn.net *.userway.org *.ytimg.com bcp.crwdcntrl.net *.sharethis.com maps.gstatic.com *.cloudfront.net pinterest.com *.pinterest.com *.salesforce.com *.salesforce-sites.com *.g.doubleclick.net *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net ad.doubleclick.net *.google.ca *.gstatic.com *.googletagmanager.com; media-src 'self' 'unsafe-inline' youtube.com; frame-src 'self' 'unsafe-inline' cdn.cookielaw.org youtube.com maps.googleapis.com  onelink-edge.com  googletagmanager.com *.force.com *.sharethis.com *.userway.org google.com www.google.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.pinterest.com *.salesforce.com *.salesforce-sites.com bid.g.doubleclick.net *.company-target.com youtu.be; font-src 'self' use.fontawesome.com data: fonts.googleapis.com fonts.gstatic.com; connect-src 'self' 'unsafe-inline' data: ws: wss: cdn.cookielaw.org maps.googleapis.com  *.onelink-edge.com  googletagmanager.com *.sharethis.com api.company-target.com *.algolianet.com wkx3x0kpn1-dsn.algolia.net *.newcertainteed.com  cdn.linkedin.oribi.io  *.userway.org *.google-analytics.com bam.nr-data.net *.docksal.site:* *.onetrust.com segments.company-target.com *.hotjar.com *.hotjar.io *.force.com bcp.crwdcntrl.net *.salesforce.com *.salesforce-sites.com *.linkedin.com *.google.com *.g.doubleclick.net *.analytics.google.com *.google.ca *.demandbase.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src *.gstatic.com blob: *.wistia.com wistia.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com *.unpkg.com unpkg.com *.wufoo.com *.wistia.com wistia.com *.litix.io litix.io *.akamaihd.net akamaihd.net blob: static.zohocdn.com equisolve.zohorecruit.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com *.unpkg.com unpkg.com *.wufoo.com *.wistia.com wistia.com *.litix.io litix.io *.akamaihd.net akamaihd.net blob: static.zohocdn.com equisolve.zohorecruit.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.unpkg.com unpkg.com static.zohocdn.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com *.wistia.com wistia.com data: ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net; img-src i.ytimg.com *.vimeocdn.com vimeocdn.com *.google-analytics.com google-analytics.com *.openstreetmap.org openstreetmap.org *.unpkg.com unpkg.com *.wistia.com wistia.com d32z8e2q3dzvu4.cloudfront.net data:  ir.stockpr.com www.equisolve.com *.equisolve-dev.com *.equisolve.net 'unsafe-inline' 'unsafe-eval'; frame-src *.google.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com vimeo.com player.vimeo.com *.hcaptcha.com hcaptcha.com *.wufoo.com blob: ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com blob: *.wistia.com wistia.com ir.stockpr.com www.equisolve.com  *.equisolve-dev.com *.equisolve.net; 1
default-src 'self'; font-src 'self' data: https://script.hotjar.com https://*.stackpathcdn.com https://*.googleapis.com https://*.gstatic.com https://*.cloudfront.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://fonts.googleapis.com https://*.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dev.visualwebsiteoptimizer.com https://www.vimeo.com https://vimeo.com https://www.youtube.com  https://*.googletagmanager.com https://tagmanager.google.com https://js.usemessages.com https://www.g2.com https://cmp.osano.com https://player.vimeo.com https://*.workable.com https://js.hsforms.net https://forms.hsforms.com https://j.6sc.co/6si.min.js https://js-na1.hs-scripts.com https://www.google.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscollectedforms.net https://*.ensighten.com https://cs.choozle.com https://*.adsrvr.org https://*.hotjar.com https://www.instagram.com https://static.zdassets.com https://s3.amazonaws.com https://*.stackpathcdn.com https://secure.leadforensics.com https://js.hubspot.com https://snap.licdn.com https://js.hs-scripts.com https://tagmanager.google.com https://www.googletagmanager.com https://sjs.bizographics.com https://*.ads.linkedin.com https://ml314.com https://cdn.rawgit.com https://*.googleapis.com https://*.inspectlet.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://stats.g.doubleclick.net https://cdn.viglink.com https://*.facebook.net https://*.twitter.com https://cdn.ravenjs.com https://*.cloudfront.net https://cdnjs.cloudflare.com https://px.owneriq.net https://*.tynt.com https://tags.bkrtx.com https://www.linkedin.com https://www.snapengage.com; media-src 'self' https://*.endpointprotector.com; connect-src 'self' https://px.ads.linkedin.com https://vimeo.com https://dev.visualwebsiteoptimizer.com https://cdn.linkedin.oribi.io https://updates.expressionengine.com/ https://pagead2.googlesyndication.com https://idx.liadm.com https://ipv6.6sc.co https://forms.hsforms.com https://*.endpointprotector.com https://secure.adnxs.com https://c.6sc.co https://*.hubspot.com https://api.hubapi.com wss://*.hotjar.com https://*.hotjar.com https://vc.hotjar.io https://*.googlevideo.com https://*.zdassets.com https://www.instagram.com https://*.cloudfront.net https://api.viglink.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com  https://*.twitter.com https://s3.amazonaws.com https://*.google.com https://stats.g.doubleclick.net; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://ping.eeharbor.com https://*.googletagmanager.com https://i.vimeocdn.com https://b.6sc.co https://*.hsforms.com https://track.hubspot.com https://cs.choozle.com https://*.fbcdn.net https://*.stackpathcdn.com https://*.linkedin.com https://*.cdninstagram.com https://*.endpointprotector.com https://*.google.com/ https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://secure.gravatar.com https://cdn.viglink.com https://www.google.ro https://*.cloudfront.net https://ic.tynt.com https://px.owneriq.net https://i.ytimg.com; child-src 'self' blob: https://www.g2.com https://player.vimeo.com https://forms.hsforms.com https://*.endpointprotector.com https://app.hubspot.com https://insight.adsrvr.org https://*.cloudfront.net https://vars.hotjar.com https://w.soundcloud.com https://aws-rk02.awdata.net https://td.doubleclick.net https://*.youtube-nocookie.com https://*.googleapis.com https://*.youtube.com https://*.google.com https://*.google.ro https://*.twitter.com https://*.facebook.com https://stags.bluekai.com https://px.owneriq.net; frame-ancestors 'self' https://*.google.com https://*.endpointprotector.com http://*.endpointprotector.es http://*.endpointprotector.de http://*.endpointprotector.fr 1
frame-ancestors 'self' *.wellspan.org *.epic.com *.medchatapp.com 1
default-src 'self'; script-src 'self' https://ajax.aspnetcdn.com/ajax/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://twitter.com/intent/tweet https://polyfill.io https://www.bing.com https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t0-flt.ssl.ak.dynamic.tiles.virtualearth.net https://www.googletagmanager.com http://az416426.vo.msecnd.net/scripts/a/ai.0.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.bing.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://t.ssl.ak.dynamic.tiles.virtualearth.net https://t0-flt.ssl.ak.dynamic.tiles.virtualearth.net https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net data: blob:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://www.bing.com https://www.google-analytics.com https://vortex.data.microsoft.com/collect/v1; frame-src 'self' https://www.google.com/recaptcha/ https://staticxx.facebook.com/  https://maps.google.com/ https://www.google.com/ https://www.youtube.com/; base-uri 'self'; object-src 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://*.redintelligence.net blob: https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.es https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myprotein.es https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.es; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.es https://m.myprotein.es https://checkout.myprotein.es https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://*.redintelligence.net https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://sgtm.myprotein.es; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' *.vodafone.com *.vodafone.ro wss://*.vodafone.ro *.paymentsos.com *.amazonaws.com *.cookielaw.org *.onetrust.com *.fonts.gstatic.com *.google.com google.com *.google-analytics.com google.ro *.google.ro *.google.co.uk *.google.bg *.google.md *.google.com.ua *.google.com.tr *.google.hu *.google.rs *.teads.tv dpm.demdex.net *.facebook.com *.facebook.net *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.ytimg.com *.hotjar.com wss://*.hotjar.com *.adform.net cm.everesttech.net vodafoneromania.demdex.net server.seadform.net *.hotjar.io *.kampyle.com vodafoneromania.tt.omtrdc.net maps.googleapis.com www.youtube.com *.criteo.com *.criteo.net dynamic.criteo.com *.bright-sky.org *.eu01.nr-data.net bs-prod-api-endpoint-a8g4hrcnd5hvahee.z01.azurefd.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vodafone.com *.vodafone.ro *.paymentsos.com *.amazonaws.com *.cookielaw.org *.onetrust.com *.tiqcdn.com *.gstatic.com *.teads.tv dpm.demdex.net *.facebook.net *.facebook.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.youtube.com *.ytimg.com *.hotjar.com *.adform.net *.google.com *.google.ro *.google.co.uk *.google.bg *.google.md *.google.com.ua *.google.com.tr *.google.hu *.google.rs *.kampyle.com maps.googleapis.com *.criteo.com *.criteo.net dynamic.criteo.com *.bright-sky.org *.newrelic.com bs-prod-api-endpoint-a8g4hrcnd5hvahee.z01.azurefd.net; style-src 'self' 'unsafe-inline' *.vodafone.com *.vodafone.ro 1
base-uri 'self';object-src 'none';style-src 'self' https://fonts.googleapis.com go.kollective.com pages.riverbed.com 'unsafe-inline' data:;frame-ancestors 'self';worker-src blob: ; 1
frame-ancestors 'self' https://*.printfriendly.com https://*.haascnc.com https://*.paymetric.com https://*.paypal.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/s/player/652ba3a2/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/s/player/9135c2ab/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js https://www.gstatic.com/recaptcha/releases/1kRDYC3bfA-o6-tsWzIBvp7k/recaptcha__en.js https://www.google.com/recaptcha/api.js https://wec-assets.terminus.services https://m.clarity.ms/collect https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://www.googleoptimize.com https://www.googleanalytics.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js https://cdn.cookielaw.org https://*.googletagmanager.com https://ssl.google-analytics.com https://tagmanager.google.com https://secure.adnxs.com https://d22d1xpx4ztuef.cloudfront.net/jb-cdn-sp-3.5.0.js https://bam.nr-data.net https://gu.bizspring.net https://www.googletagmanager.com https://js-agent.newrelic.com https://stats.wp.com https://widgets.wp.com https://wordpress.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sjrtp8-cdn.marketo.com https://cdn.livechatinc.com http://cdn.livechatinc.com https://s0.wp.com https://code.jquery.com https://code.jquery.com/jquery-3.3.1.js https://cdn.parsely.com https://stats.wp.com/e-202229.js http://play.vidyard.com https://play.vidyard.com https://connect.facebook.net http://app-sj04.marketo.com http://munchkin.marketo.net http://63475.tctm.co https://64066.tctm.co/t.js https://64066.tctm.co/p.js https://api.livechatinc.com http://www.google-analytics.com https://cdn.mouseflow.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com http://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/css/v2/otnotice-core.css https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://s0.wp.com http://app-sj04.marketo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://r.clarity.ms/collect https://h.clarity.ms/collect https://api.nelioabtesting.com https://googleads.g.doubleclick.net/pagead/landing https://b.clarity.ms/collect https://www.google.com/pagead/landing https://l.clarity.ms/collect https://k.clarity.ms/collect https://j.clarity.ms/collect https://a.clarity.ms/collect https://y.clarity.ms/collect https://x.clarity.ms/collect https://r1.visualwebsiteoptimizer.com/analyze https://t.clarity.ms/collect https://w.clarity.ms/collect https://m.clarity.ms/collect https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.google.co.in https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac-en-us.json https://privacyportalde-cdn.onetrust.com/c579c0d0-360f-49c0-bccc-f7b7cded31cd/privacy-notices/8b719598-1655-4d2d-879b-9b2e633813ac.json https://analytics.google.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com http://play.vidyard.com https://play.vidyard.com http://google.com https://google.com https://cdn.linkedin.oribi.io https://cdn.livechatinc.com https://api.ipify.org https://bam.nr-data.net https://p1.parsely.com https://n2.mouseflow.com https://api.livechatinc.com https://geolocation.onetrust.com https://privacyportal-de.onetrust.com http://090-bzj-603.mktoresp.com http://63475.tctm.co https://cdn.cookielaw.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://code.ionicframework.com https://optimize.google.com https://privacyportalde-cdn.onetrust.com https://privacyportalde-cdn.onetrust.com https://fonts.gstatic.com https://cdn.livechatinc.com https://fonts.gstatic.com https://cdn.mouseflow.com https://s0.wp.com; frame-src 'self' https://brandfolder.com https://aurora.videojet.com https://td.doubleclick.net https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://www.google.com https://cdn.livechatinc.com https://stats.wp.com https://js-agent.newrelic.com http://www.googletagmanager.com https://www.googletagmanager.com https://widgets.wp.com https://wordpress.com https://pages.videojet.com https://communications.videojet.com https://www.facebook.com http://play.vidyard.com https://app-sj04.marketo.com https://bid.g.doubleclick.net https://play.vidyard.com https://secure.livechatinc.com; img-src 'self' data: https://cdn.brandfolder.io https://cdn.brandfolder.io/U309KOI6/at/pwc64v7xhc642kc4jzw85vvb/thermal-transfer-printers-6530-overview-pd.jpg https://c.bing.com/c.gif https://c.clarity.ms/c.gif https://match.adsrvr.org https://wec-assets.terminus.services https://cdn.livechat-files.com https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com https://c.jabmo.app https://s.w.org http://www.googleadservices.com https://p1.parsely.com https://videojet-develop.go-vip.net https://secure.gravatar.com https://pixel.wp.com https://pages.videojet.com http://play.vidyard.com https://play.vidyard.com https://cdn.vidyard.com https://www.facebook.com https://www.linkedin.com  https://www.googletagmanager.com https://p.adsymptotic.com https://px4.ads.linkedin.com http://2.gravatar.com http://www.google-analytics.com https://cdn.cookielaw.org https://cdn.livechatinc.com https://global.videojet.com https://px.ads.linkedin.com https://videojet.com https://www.google.co.in https://www.google.com; manifest-src 'self'; media-src 'self' https://cdn.livechatinc.com https://global.videojet.com; worker-src 'self' https://www.videojet.com/6a51256c-7fc3-48c4-8ba2-4c2fed76f3fd https://www.videojet.com/159c39b4-c875-49e1-afee-1484faed62e2 https://www.videojet.com/489d5d2c-4da2-4d03-ba13-d691b2048e29 https://www.videojet.com/6ef4e507-36a9-4608-b214-b25fc9f3826c https://www.videojet.com/10d5333b-d694-4260-8849-5409a982f4f2 https://www.videojet.com/7f6f422a-f91d-4566-a955-280febef40f0 https://www.videojet.com/642c9f9a-9c7f-48af-a8bc-b11952d37dbf https://www.videojet.com/70a6aac0-b30b-45dc-a2bf-26c7d77b18fc https://www.videojet.com/a671e91f-8658-4818-ba3f-27a99afbe204 https://www.videojet.com/0d0cc83f-b381-4158-8b09-3694096c6fe6 https://www.videojet.com/440cf408-5c40-42b4-a359-749f3acac925 https://www.videojet.com/36214bec-996a-4e05-970a-d241d12f2db8 https://www.videojet.com/926a8753-53b5-4ad4-a62c-4713dbd1c37f https://www.videojet.com/c9d5afaf-a0aa-4db7-b518-d967b3d81b36 https://www.videojet.com/1295068b-cdb0-46ed-819a-deec0a6a36bd https://www.videojet.com/a644a86c-7519-4f37-aea1-b6d2f9fdc74d https://www.videojet.com/3c3628c1-5a46-41af-a537-db43daeef27f https://www.videojet.com/eaee86f7-2def-47cd-a2da-c205fd59ff74 https://www.videojet.com/d474b2a2-dfbd-4839-801c-7bfa3d00d171 https://www.videojet.com/2bc12286-5f03-4415-8f6b-0b18c6c90678 https://www.videojet.com/53cde3ea-2d8d-4289-aa7e-64e16b22c213 https://www.videojet.com/3243adbf-8aa3-4fa5-8666-2ec5bdb6f8b7 https://www.videojet.com/08a2f4c8-c23c-41fa-b029-ea7e111c1514 https://www.videojet.com/3191c924-2f60-4df2-b958-218e0b9b123e https://www.videojet.com/91a64e33-4c05-4b24-b405-a8461f7f1322 https://www.videojet.com/9600bcf4-3d06-4e24-b9af-7acd859cf28a https://www.videojet.com/0a315fd7-f8d2-4b2b-915b-77c4bd3c0217 https://www.videojet.com/7ab9984b-8cab-4783-b2ab-2427d3b33600 https://www.videojet.com/32afd7a5-fa8b-4d05-8146-ef4a0a4369ab https://www.videojet.com/84173372-c53e-4ed0-8ffe-bdbb31359feb https://www.videojet.com/cf6e098c-906f-4e75-b259-dd7e1c6a0786 https://www.videojet.com/d1fc4e99-bda5-42fd-ac03-2b4ec19dc3ac https://www.videojet.com/3e11e14c-6fe1-45e3-b8bd-5f2339b05902; 1
frame-ancestors 'self' https://explore.logmein.com https://explore.goto.com 1
default-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'nonce-WxoGzEIh0iqfpPO7DFhhWp4D'; img-src 'self' data: https://*.parnassys.net/; connect-src 'self'; font-src 'self'; object-src 'none'; manifest-src 'self'; child-src 'self'; base-uri 'self'; frame-src 'self' 1
object-src 'self'; upgrade-insecure-requests 1
frame-ancestors 'none'; script-src https://incidecoder-assets.storage.googleapis.com 'nonce-WWyRpzUEIkACl56Pw6JEuUAMAH0DE84eReb_5ljMNEw' https://www.google-analytics.com https://www.googletagmanager.com  https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.instagram.com  ; style-src https://incidecoder-assets.storage.googleapis.com 'unsafe-inline'; font-src https://incidecoder-assets.storage.googleapis.com https://fonts.gstatic.com; manifest-src https://incidecoder-assets.storage.googleapis.com; img-src https://connect.facebook.net https://www.facebook.com https://www.gstatic.com https://incidecoder-assets.storage.googleapis.com  https://incidecoder-content.storage.googleapis.com  https://www.google-analytics.com https://incidecoder-magic.storage.googleapis.com blob: ; frame-src https://www.instagram.com https://www.google.com; connect-src 'self' https://incidecoder-content.storage.googleapis.com  https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com; default-src 'none'; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.collective-evolution.com 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* blob: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.addthis.com *.addthisedge.com *.algolia.net *.algolianet.com *.applicationinsights.azure.com *.applicationinsights.microsoft.com *.doubleclick.net *.facebook.com *.facebook.net *.instagram.com *.tiktok.com lf16-tiktok-web.ttwstatic.com *.fonts.com *.fonts.net *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.jsdelivr.net *.moatads.com *.penguin.co.nz *.penguin.com.au *.recaptcha.net *.ubembed.com *.youtube.com *.klaviyo.com *.static.klaviyo.com az416426.vo.msecnd.net dc.services.visualstudio.com penguin-random-house.involve.me rt.services.visualstudio.com secure-ds.serving-sys.com *.typeform.com; object-src 'none'; img-src 'self' https: data:; upgrade-insecure-requests; report-uri https://penguin.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' data: https:; frame-ancestors 'self' 1
frame-ancestors 'self' ;frame-src www.google.com flixdot.com *.clips4sale.com mc.yandex.ru js.onclmng.com s.uuidksinc.net *.doubleclick.net;object-src 'none'; font-src 'self' fonts.gstatic.com  *.cdn13.com;style-src 'self' 'unsafe-inline' *.cdn13.com; 1
frame-ancestors 'self'; block-all-mixed-content; 1
default-src 'self' *.travelguard.com *.travelguard.com.seg.js *.aig.com *.tokenex.com assets.adobedtm.com *.adsrvr.org rtb.adgrx.com *.google.com *.yahoo.com action.dstillery.com bat.bing.com *.rfihub.net *.rfihub.com cdn.gbqofs.com *.doubleclick.net consentag.eu d.turn.com i.ctnsnet.com idsync.rlcdn.com *.dialogtech.com tag.yieldoptimizer.com *.googletagmanager.com x.bidswitch.net *.bootstrapcdn.com *.gbqofs.io *.adnxs.com *.sojern.com *.amazon-adsystem.com *.ytimg.com *.demdex.net *.cloudfront.net *.sessioncam.com aigcom.tt.omtrdc.net *.powerreviews.com connect.facebook.net www.facebook.com action.media6degrees.com *.emjcd.com tag.adaraanalytics.com beacon.krxd.net *.stackadapt.com www.youtube.com solutions.invocacdn.com pnapi.invoca.net p.relay-t.io secure-relay.com secure-hotel-tracker.com *.adform.net 'unsafe-inline' 'unsafe-eval' blob: data: 1
upgrade-insecure-requests; frame-ancestors *.therapynotes.com:* *.therapyportal.com:* support.therapynotes.com; default-src *.therapynotes.com:* *.therapyportal.com:* data: blob:; img-src *.therapynotes.com:* *.therapyportal.com:* data: blob:; style-src *.therapynotes.com:* *.therapyportal.com:* 'unsafe-inline' data: blob:; script-src *.therapynotes.com:* *.therapyportal.com:* 'unsafe-inline' 'unsafe-eval' data: blob:; object-src *.therapynotes.com:* *.therapyportal.com:*; connect-src *.therapynotes.com:* wss://*.therapynotes.com:* *.therapyportal.com:* https://*.cardconnect.com:* https://*.twilio.com wss://*.twilio.com; form-action *.therapynotes.com:* *.therapyportal.com:*; frame-src *.therapynotes.com:* *.therapyportal.com:* https://maps.google.com https://www.google.com; require-trusted-types-for 'script'; trusted-types default dompurify legacy goog#html 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: data: 1
default-src 'self';base-uri 'self'; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com  https://www.google-analytics.com   https://tagmanager.google.com   https://www.googleadservices.com; img-src 'self'  https://www.google-analytics.com  https://www.google.com  https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com  https://www.google.com.tr data:; style-src 'self'  'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self'  data: https://fonts.gstatic.com; frame-src 'self'; frame-ancestors 'self'; form-action https://*.btcturk.com; connect-src 'self'  https://www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self'; object-src 'none'; 1
default-src 'self' www.google-analytics.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com *.youtube.com secure.gravatar.com twitter.com gstatic.com *.gstatic.com www.google.com *.ggpht.com *.googleapis.com 'unsafe-inline' 'unsafe-eval' data:; 1
frame-ancestors https://*.smartassist.ai https://*.kore.ai https://*.korebots.com https://*.kore.ai https://*.kore.com https://bots.kore.ai 1
frame-ancestors 'self' https://bancobcr.com ;frame-src https://www.bancobcr.com https://ventadebienes.bancobcr.com https://www.youtube.com https://bcrcita.bancobcr.com https://bcrinstance.secure.force.com https://bcrinstance.my.salesforce-sites.com https://forms.office.com https://www.google.com https://checkout.placetopay.com https://onboarding.bancobcr.com https://www.facebook.com http://www.bancobcr.com https://cloud.info.bancobcr.com/; 1
frame-ancestors 'self' https: *.athensvoice.gr 1
frame-ancestors *.youmail.com; frame-src *.youmail.com www.googletagmanager.com e087577842fe4bc497ea0ed9787fd41a.pages.ubembed.com maps.google.com www.google.com www.emjcd.com www.youtube.com challenges.cloudflare.com 1
default-src 'self' https:; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src https:; worker-src blob: 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://player.youku.com/jsapi https://*.teads.tv https://analytics.tiktok.com https://ajax.googleapis.com https://analytics.twitter.com https://connect.facebook.net https://googleads.g.doubleclick.net https://hm.baidu.com https://js.adsrvr.org https://*.cheqzone.com https://recaptcha.net https://*.serving-sys.com https://snap.licdn.com https://static.ads-twitter.com https://*.google-analytics.com https://*.googleanalytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.gstatic.cn https://www.youtube.com https://maps.googleapis.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://www.googleoptimize.com https://www.googletagmanager.com https://optimize.google.com blob: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://api.map.baidu.com https://cdn.cookielaw.org https://pagead2.googlesyndication.com https://www.geoplugin.net https://cdn.trustcommander.net https://privacy.trustcommander.net https://cdn.tagcommander.com; style-src 'report-sample' 'self' 'unsafe-inline' https://player.youku.com https://fonts.googleapis.com https://www.googletagmanager.com https://optimize.google.com; connect-src 'self' https://*.tt.omtrdc.net https://apwebsite-services.azurewebsites.net https://analytics.tiktok.com https://*.teads.tv https://hm.baidu.com https://liveapi.yext.com https://noembed.com https://*.cheqzone.com https://stats.g.doubleclick.net https://video.google.com https://*.google-analytics.com https://api.ipstack.com https://*.serving-sys.com https://maps.googleapis.com https://cdn.linkedin.oribi.io https://ap-booking.azurewebsites.net https://www.facebook.com https://unpkg.com data: https://ob.powerrobotflower.com https://obs.powerrobotflower.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://pagead2.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://player.youku.com https://*.fls.doubleclick.net https://insight.adsrvr.org https://recaptcha.net https://match.adsrvr.org https://www.facebook.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://bs.serving-sys.com https://optimize.google.com https://www.googletagmanager.com https://td.doubleclick.net https://*.teads.tv https://open.spotify.com; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' data: https://dynamicmedia.audemarspiguet.com https://audemarspiguet.scene7.com https://player.vimeo.com https://download-video.akamaized.net; object-src 'none'; base-uri 'self'; worker-src 'self' data: blob:; 1
base-uri 'self';child-src 'none';connect-src 'self' webpack://* *.algolia.net *.algolianet.com maps.googleapis.com px.ads.linkedin.com cdn.cookielaw.org mock.dev.relaischateaux.com api.widget.botmind.io privacyportal-fr.onetrust.com bat.bing.com geolocation.onetrust.com *.abtasty.com dcinfos-cache.abtasty.com ariane.abtasty.com *.google.com ws.hotjar.com googleads.g.doubleclick.net *.hotjar.io sulu.relaischateaux.com sylius.relaischateaux.com api.relaischateaux.com www.relaischateaux.com medias.relaischateaux.com;default-src 'self';font-src 'self' data: blob: fonts.gstatic.com *.abtasty.com *.googleapis.com;form-action 'self';frame-ancestors 'self';frame-src 'self' td.doubleclick.net widget.botmind.ai www.menumodo.com qa-assistant.abtasty.com;img-src 'self' data: blob: www.relaischateaux.com maps.gstatic.com maps.googleapis.com fdu.relaischateaux.com px.ads.linkedin.com secure.adnxs.com bat.bing.com www.facebook.com ib.adnxs.com www.linkedin.com *.google.fr *.google.com cdn.cookielaw.org static.relaischateaux.com *.abtasty.com *.amazonaws.com googletagmanager.com googleads.g.doubleclick.net d1m7xnn75ypr6t.cloudfront.net cdn.worldweatheronline.com loremflickr.com c1.tacdn.com www.tripadvisor.com www.tripadvisor.fr assets.relaischateaux.com;manifest-src 'self';media-src 'self' d1m7xnn75ypr6t.cloudfront.net static.relaischateaux.com p.relay-t.io ws.hotjar.com *.hotjar.io px4.ads.linkedin.com try.abtasty.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: www.googletagmanager.com maps.googleapis.com cdn.cookielaw.org connect.facebook.net fdu.relaischateaux.com acdn.adnxs.com *.hotjar.com snap.licdn.com cdn.actito.be bat.bing.com widget.botmind.io googleads.g.doubleclick.net trk.adbutter.net *.abtasty.com *.amazonaws.com p.relay-t.io apis.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.abtasty.com *.gstatic.com *.googleapis.com;worker-src 'self';upgrade-insecure-requests ; 1
frame-ancestors 'self' https://builder.io; object-src 'none'; 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com http://ssllogo.twca.com.tw https://www.google-analytics.com https://fonts.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com http://ssllogo.twca.com.tw; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com https://www.94bot.com;img-src 'self' blob: data: https://ssllogo.twca.com.tw http://www.twca.com.tw 1
worker-src *.osano.com blob:; font-src *.fontawesome.com *.bootstrapcdn.com *.cloudfront.net fonts.gstatic.com *.klaviyo.com *.typekit.net www.bobsredmill.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.turnto.com *.cardinalcommerce.com *.paypal.com *.facebook.com https://formcarry.com *.formcarry.com www.bobsredmill.com 'self' 'unsafe-inline'; frame-ancestors www.bobsredmill.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.icims.com photos.pixlee.co *.turnto.com wtb.bio www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.weltpixel.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.addthis.com *.attn.tv http://destinilocators.com *.doubleclick.net *.pinterest.com *.pixlee.co *.qzzr.com *.spotify.com https://app.viralsweep.com/ https://*.online-metrix.net https://imgs.signifyd.com www.bobsredmill.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ wac.edgecastcdn.net *.turnto.com wac.edgecastcdn.net/001A39/ *.turn.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.gravatar.com *.wp.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.clarity.ms *.digicert.com *.attentivemobile.com 4tellcdn.azureedge.net bobsredmill-blog.s3.amazonaws.com *.bing.com blob: *.bobsredmill.com *.cloudfront.net *.cld.bz *.google.com *.google.com.vn *.gwallet.com *.ipredictive.com *.monsido.com *.pinterest.com analytics.twitter.com t.co https://res.cloudinary.com/viralsweep/ *.visualwebsiteoptimizer.com img.youtube.com https://imgs.signifyd.com https://*.online-metrix.net www.bobsredmill.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ blob: http: https: 'self' *.osano.com cdn.jsdelivr.net *.turnto.com wac.edgecastcdn.net/001A39/ wtb.bio www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.googletagmanager.com tagmanager.google.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com cld.bz https://app.viralsweep.com/ https://cdn-scripts.signifyd.com https://imgs.signifyd.com www.bobsredmill.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com cdn.jsdelivr.net 'unsafe-inline' http: https: 'self' *.fontawesome.com *.turnto.com wac.edgecastcdn.net/001A39/ tagmanager.google.com unsafe-inline www.bobsredmill.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.bobsredmill.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.attn.tv events.attentivemobile.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.osano.com *.turnto.com www.facebook.com *.facebook.com graph.facebook.com business.facebook.com https://www.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.clarity.ms *.klaviyo.com *.signifyd.com *.4-tell.net *.stackadapt.com *.addthis.com *.tiktok.com *.attentivemobile.com *.azurewebsites.net *.doubleclick.net *.flippingbook.com cld.bz *.cld.bz formcarry.com *.googleapis.com *.monsido.com *.nr-data.net *.pinterest.com *.windows.net https://imgs.signifyd.com www.bobsredmill.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com www.bobsredmill.com http: https: blob: 'self' 'unsafe-inline'; default-src blob: www.bobsredmill.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' *.ttc.ca 'unsafe-eval' https://apps.sitecore.net *.azureedge.net; media-src 'self' data: ; img-src *.ttc.ca *.dmtry.com *.siteimproveanalytics.io *.researchnow.com 'self' data: *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com siteimproveanalytics.io *.windows.net *.clarity.ms *.customsearch.ai *.bing.com  *.cluepixel.com ; style-src 'self' 'unsafe-inline' *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com *.windows.net *.clarity.ms *.customsearch.ai *.bing.com; font-src 'self' 'unsafe-inline' *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com *.windows.net *.clarity.ms *.customsearch.ai *.bing.com; connect-src * ; frame-src 'self' *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com *.triplinx.ca; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' *.ttc.ca *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.addthis.com *.addthisedge.com *.youtube.com *.moatads.com ;upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; object-src data: 'unsafe-eval' 1
default-src 'self' www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com connect.facebook.net facebook.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-vsyM3EWgEbK6bb2lQLLuIJu5j' 'strict-dynamic' 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; frame-ancestors 'self'; manifest-src 'self' 1
frame-src 'self' https://vars.hotjar.com https://bexio.imgix.net https://www.youtube-nocookie.com https://*.mobiliar.ch https://*.mobiliere.ch https://*.mobiliare.ch https://*.googleoptimize.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.bexio.com https://cdn.www.bexio.com https://*.facebook.com https://*.twitter.com https://www.youtube.com https://*.force.com https://*.involve.me https://*.pinterest.com/ https://*.okomo.com/ https://*.usercentrics.eu/; frame-ancestors 'self'; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://mc.yandex.ru *.licdn.com https://browser.sentry-cdn.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/js/swiper.min.js https://cdn.jsdelivr.net/npm/swiper@10/swiper-bundle.min.js https://googleads.g.doubleclick.net/ https://api-maps.yandex.ru/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net https://ashotb2b.pbx.mts.am/callback.js?uid=3822cf6b-fe65-4d68-980d-fe4b344ba376 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ajax/libs/Swiper/4.5.0/css/swiper.min.css 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.linkedin.com https://mc.yandex.ru https://static.mts.ru/ https://www.google.am https://www.google.com https://api-maps.yandex.ru/ https://core-renderer-tiles.maps.yandex.net/ https://yandex.com/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src view.joomag.com viewer.joomag.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://mc.yandex.ru/ https://td.doubleclick.net/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://cdn.linkedin.oribi.io https://mc.yandex.ru https://mc.yandex.md https://px.ads.linkedin.com/wa/ https://analytics.google.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://viewer.joomag.com/ https://view.joomag.com/ https://maps.google.com/ https://www.google.com/ 'self' web-chat.nativechat.com 1
frame-ancestors https://www.kuchenland.ru https://metrika.yandex.ru 1
upgrade-insecure-requests; default-src 'self'; img-src * data: cdn.evergage.com; style-src ws1.postescanada-canadapost.ca widget.alongside.com 'unsafe-inline' *.twitter.com ton.twimg.com tagmanager.google.com sp.analytics.yahoo.com 'self' s.yimg.com optimize.google.com https://www.googletagmanager.com/debug/badge.css fonts.googleapis.com *.evergage.com cdn.evergage.com *.stackadapt.com; font-src 'self' fonts.gstatic.com data: adservice.google.com; media-src *.youtube.com 'self' cdn.evergage.com blob: adservice.google.com; object-src 'self'; form-action www.facebook.com *.twitter.com tr.snapchat.com sp.analytics.yahoo.com 'self' s.yimg.com *.alc.ca; script-src www.googletagmanager.com www.googleadservices.com www.google.com www.google-analytics.com www.facebook.com ws1.postescanada-canadapost.ca widget.alongside.com 'unsafe-inline' 'unsafe-eval' *.twitter.com *.twimg.com tagmanager.google.com static.ads-twitter.com sp.analytics.yahoo.com *.serving-sys.com 'self' secure.quantserve.com secure.adnxs.com sc-static.net s.yimg.com rules.quantcount.com *.rfihub.com r.turn.com *.pariplaygames.com optimize.google.com *.niceincontact.com *.nglotteries-us.com *.mkodo.net *.mkodo.com *.igodigital.com hosted.paysafe.com *.gracenote.com *.game-mode.net *.g2-networks.com *.finrings.com *.everi-interative.com *.evergage.com *.doubleclick.net *.connextra.com connect.facebook.net *.cloudfront.net cdn.evgnet.com cdn.evergage.com c1.rfihub.net atlanticlottery.us-1.evergage.com atlanticlottery.evergage.com *.alc.ca *.adnxs.com *.google-analytics.com *.snapchat.com *.redditstatic.com *.nyxop.net *.stackadapt.com adservice.google.com; connect-src www.google.com www.facebook.com ws1.postescanada-canadapost.ca *.paysafe.com sp.analytics.yahoo.com 'self' s.yimg.com promo.alc.ca *.nglotteries-us.com *.mkodo.net *.mkodo.com livechat.alc.ca *.google-analytics.com *.game-mode.net *.doubleclick.net cdn.evgnet.com cdn.evergage.com atlanticlottery.us-1.evergage.com atlanticlottery.evergage.com api.ipify.org adservice.google.com *.evergage.com *.connextra.com *.snapchat.com prod.idscan.cloud ib.adnxs.com *.adnxs.com www.redditstatic.com conversions-config.reddit.com *.stackadapt.com; frame-src *.youtube.com www.facebook.com *.paysafe.com *.twitter.com tr.snapchat.com sp.analytics.yahoo.com 'self' *.rgsgames.com *.rfihub.com *.pariplaygames.com optimize.google.com *.nyxop.net *.niceincontact.com *.nglotteries-us.com *.mentor-na.neccton.com *.gracenote.com *.g2-networks.com *.finrings.com *.everi-interactive.com *.doubleclick.net *.casinarena.com blob: *.alc.ca *.wi-gameserver.com *.adobe.com *.adnxs.com prod.idscan.cloud *.i-w-g.com adservice.google.com; frame-ancestors 'self' *.pariplaygames.com *.nyxop.net *.nglotteries-us.com *.everi-interactive.com *.contobox.com *.casinarena.com author.alc.ca *.wi-gameserver.com; worker-src 'self';  1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.es *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://js.hcaptcha.com/ https://maps.googleapis.com simuladores.afi.es https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: openbanksimuladores.afi.es unpkg.com; connect-src 'self' *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.es px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com blob: https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com www.facebook.com; media-src 'self' *.openbank.com *.youtube.com; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com simuladores.afi.es blob: openbanksimuladores.afi.es https://newassets.hcaptcha.com *.doubleclick.net ;frame-ancestors 'self' https://openbank.campaign.adobe.com; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; font-src 'self'; script-src 'nonce-4LIvBw432gjPyA==' 'strict-dynamic' 'self' 'unsafe-eval'; form-action 'self'; media-src 'self' *.first.org; connect-src 'self' https://api.first.org; object-src 'none'; frame-src https:; frame-ancestors 'self'; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.zopim.com http://200.14.213.186 http://201.238.242.206:* http://*.adform.net http://*.ads-twitter.com http://*.clarochile.cl http://*.claromusica.com http://*.clarovideo.net http://*.doubleclick.net http://*.facebook.com http://*.facebook.net http://*.google-analytics.com http://*.googleapis.com http://*.googletagmanager.com http://*.gstatic.com http://*.hotjar.com:* http://*.hotjar.io http://lib-us-1.brilliantcollector.com http://*.twitter.com http://*.youtube.com http://ajax.aspnetcdn.com http://api.retargetly.com http://cap-sg-prd-1.securegateway.appdomain.cloud:15294 http://*.e-contact.cl http://clarochile.custhelp.com http://clickserv.sitescout.com http://ds-aksb-a.akamaihd.net http://elastic-app-amx.tmx-internacional.net http://geoportalclaro.maps.arcgis.com http://googleads.g.doubleclick.net http://maxcdn.bootstrapcdn.com http://pit2.telmexchile.cl http://pixel.sitescout.com http://servicios.fidelis.cl http://t.co http://track.neianalytics.com http://uscollector.tealeaf.ibmcloud.com http://www.altasclarovideo.com http://*.clarovideo.com http://www.clicktochat.cl http://www.google.cl http://*.google.com http://*.google.com.mx http://www.googleadservices.com http://www.portateahora.cl http://youtu.be https://200.14.213.186 https://201.238.242.206:* https://*.adform.net https://*.ads-twitter.com https://*.clarochile.cl https://*.claromusica.com https://*.clarovideo.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com:* https://*.hotjar.io https://*.idx.lat https://lib-us-1.brilliantcollector.com https://*.twitter.com https://*.youtube.com https://ajax.aspnetcdn.com https://api.retargetly.com https://cap-sg-prd-1.securegateway.appdomain.cloud:15294 https://*.e-contact.cl https://clarochile.custhelp.com https://clickserv.sitescout.com https://ds-aksb-a.akamaihd.net https://elastic-app-amx.tmx-internacional.net https://geoportalclaro.maps.arcgis.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://pit2.telmexchile.cl https://pixel.sitescout.com https://servicios.fidelis.cl https://t.co https://track.neianalytics.com https://uscollector.tealeaf.ibmcloud.com https://www.altasclarovideo.com https://*.clarovideo.com https://www.clicktochat.cl https://www.google.cl https://*.google.com https://*.google.com.mx https://google.com https://*.google.com.ar https://*.pangle-ads.com https://www.googleadservices.com https://www.portateahora.cl https://empresa.solvencia.cl https://claro.solvencia.cl https://plus.raak.cl https://unpkg.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.googleoptimize.com https://convenioclaro.cl https://connect.facebook.net https://*.clarodigital.net https://*.clarity.ms https://lilac.maps.arcgis.com https://gis.lla.com https://analytics.tiktok.com https://*.vtr.com https://*.cloud.vtr.cl https://dev.visualwebsiteoptimizer.com https://youtu.be https://*.vwo.com https://*.tivo.com https://tivo.pactsafe.io https://*.bing.com https://*.ingeauditech.cl https://cdnjs.cloudflare.com; media-src 'self' mediastream: https://*.clarochile.cl https://*.vtr.com https://*.cloud.vtr.cl; 1
frame-ancestors 'self'  *.ccaeducate.me *.brightspacedemo.com *.blenderconnect.com *.elearningontario.ca *.myedio.com *.brightspace.com *.echo-ntn.org *.srgtech.com *.safarimontage.com *.aacps.org *.agilixbuzz.com *.instructure.com *.savvasrealize.com *.schoology.com *.d2l.com *.wondavr.com ; 1
frame-ancestors http://*.ebs.co.kr https://*.ebs.co.kr http://*.ebsi.co.kr https://*.ebsi.co.kr ; 1
base-uri 'self'; default-src 'self' 'nonce-2af1cbe7892d229e4022e844973891b2' https://cdn.shopify.com https://shopify.com; frame-ancestors 'self' app.contentful.com none; style-src privacyportalde-cdn.onetrust.com *.googletagmanager.com privacyportalde-cdn.onetrust.com mondelez.review.eprize.com hello.myfonts.net p.typekit.net mondelez-modals.merkleinc.com static-tracking.klaviyo.com http://c.lytics.io static.klaviyo.com use.typekit.net *.doogma.com googletagmanager.com tagmanager.google.com fonts.googleapis.com s3-us-west-2.amazonaws.com *.click2cart.com click2cart.co *.click2cart.co maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' googleads.g.doubleclick.net www.google.com wss://tolerant-kiwi-magical.ngrok-free.app:* privacyportalde-cdn.onetrust.com wss://ws-mt1.pusher.com screenshots.bugherd.com/health sockjs.pusher.com *.bugherd.com sidebar.bugherd.com/binoculars tagging.oreo.com sessions.bugsnag.com *.bugsnag.com stats.g.doubleclick.net analytics.google.com nprd-gtm-d2c-1-server.mdlzapps.cloud privacyportal-de.onetrust.com cdn.acsbapp.com o19233.ingest.sentry.io analytics.tiktok.com analytics.pangle-ads.com *.klavyio.com api-js.datadome.co a.klaviyo.com static-forms.klaviyo.com fast.a.klaviyo.com geolocation.onetrust.com cdn.cookielaw.org *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.shopify.com *.myshopify.com *.doogma.com monorail-edge.shopifysvc.com s3-us-west-2.amazonaws.com *.click2cart.com click2cart.co *.click2cart.co shop.oreo.com 'self' https://monorail-edge.shopifysvc.com; img-src 'self' data: tagging.oreo.com stats.g.doubleclick.net analytics.google.com d2iiunr5ws5ch1.cloudfront.net d3k81ch9hvuctc.cloudfront.net c.lytics.io fonts.gstatic.com cm.g.doubleclick.net t.co ad.doubleclick.net analytics.twitter.com cdn.cookielaw.org *.google-analytics.com googletagmanager.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com blob: images.ctfassets.net videos.ctfassets.net cdn.shopify.com *.doogma.com screendoogmacom.s3.amazonaws.com images-tastehub.mdlzapps.cloud *.google-analytics.com click2cart.com *.bugherd.com; media-src 'self' data: images.ctfassets.net videos.ctfassets.net cdn.shopify.com images-tastehub.mdlzapps.cloud; script-src 'self' 'unsafe-inline' 'strict-dynamic' privacyportalde-cdn.onetrust.com cdn.acsbapp.com pnzzmlvk.micpn.com acsbapp.com c.lytics.io analytics.tiktok.com acsbap.com cdn.cookielaw.org static.ads-twitter.com static.klaviyo.com static-tracking.klaviyo.com *.googletagmanager.com tagmanager.google.com blob: *.shopify.com 'unsafe-eval' *.doogma.com s3-us-west-2.amazonaws.com *.click2cart.com 'unsafe-hashes' 'sha256-ldNO9pII0S0qZFNvWIu8QaeieCEU4Ebs/hKQcJiaav8=' 'sha256-JivjteQzOFNs0SxkyyivpTbXybbi3B4N57K3Pyny9og=' 'nonce-2af1cbe7892d229e4022e844973891b2'; font-src 'self' oreo.com privacyportalde-cdn.onetrust.com eprize-content.s3.amazonaws.com static.klaviyo.com data: hello.myfonts.net/count/39ff8f www.oreo.com use.typekit.net fonts.gstatic.com data: *.shopify.com *.doogma.com maxcdn.bootstrapcdn.com; frame-src 'self' c.lytics.io td.doubleclick.net *.fls.doubleclick.net www.youtube.com www.youtube-nocookie.com *.bugherd.com 1
default-src 'self' * data: blob: https: *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.safetydetectives.com safetydetectives.com *.safetydetective.com safetydetective.com cdn.cookielaw.org *.clarity.ms *.peacebanana.com *.ostrichesica.com *.googlesyndication.com *.cloudflareinsights.com *.cheqzone.com *.cloudfront.net *.datadoghq-browser-agent.com *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: safetydetectives.com *.safetydetectives.com safetydetective.com *.safetydetective.com  *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.googletagmanager.com *.googleapis.com *.gstatic.com ; 1
frame-ancestors 'self' https://rbi.experiencecloud.adobe.com https://fullstory.com https://edge.fullstory.com rs.fullstory.com https://test.salesforce.com https://login.salesforce.com https://unity--trinitydev.my.salesforce.com https://unity--trinitydev.sandbox.my.salesforce.com *.lookbookhq.com *.pathfactory.com *.adobedtm.com https://rbi.demdex.net https://subscriber.icis.com 1
default-src 'self'; font-src 'self' fonts.gstatic.com; frame-src www.google.com; img-src *; media-src 'self' i.gyazo.com; script-src 'self' cdnjs.cloudflare.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net www.google.com www.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; worker-src 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; form-action 'self'; upgrade-insecure-requests 1
frame-ancestors admin.shopify.com *.myshopify.com online-store-web.shopifyapps.com; 1
default-src 'none'; object-src 'none'; img-src 'self' *.bam-x.com *.narrativ.com https:; script-src 'self' *.bam-x.com *.narrativ.com *.launchdarkly.com; style-src 'self' *.bam-x.com *.narrativ.com *.launchdarkly.com 'unsafe-inline'; font-src 'self' *.bam-x.com *.narrativ.com; connect-src 'self' *.bam-x.com *.narrativ.com *.launchdarkly.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.atlantichealth.org *.adobedtm.com *.blackbaud.com *.blackbaudcdn.net *.blackbaudhosting.com *.coveo.com *.kyruus.com *.marketo.com *.marketo.net c212.net cdn.c212.net *.amazonaws.com bat.bing.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com googleads.g.doubleclick.net js.adsrvr.org platform.twitter.com rules.quantcount.com secure.quantserve.com siteimproveanalytics.com static.ads-twitter.com www.google.com www.google-analytics.com www.googleadservices.com *.googleapis.com www.googletagmanager.com www.gstatic.com www.youtube.com; object-src 'self' *.atlantichealth.org *.youtube.com; frame-ancestors 'self'; 1
default-src 'self' cdn.cookielaw.org *.byside.com cm.everesttech.net dev.day.com novobanco.pt *.novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.demdex.net www.google.pt *.evergage.com www.google-analytics.com analytics.google.com *.youtube.com youtube.com *.gstatic.com www.googletagmanager.com www.w3.org *.googleapis.com bdso.sharepoint.com www.google.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt;		font-src 'self' data: *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.gstatic.com;		frame-ancestors 'self' *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt www.olx.pt m.olx.pt bdso.sharepoint.com www.m.olx.pt *.googleapis.com youtube.com *.youtube.com sdk.companywebcast.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt;		script-src 'self' 'unsafe-inline' 'unsafe-eval' cm.everesttech.net dev.day.com www.webrtc-experiment.com *.novobanco.pt *.novobancodosacores.pt ajax.googleapis.com code.createjs.com fonts.googleapis.com webcare.byside.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com s1.byside.com grmtech.net bs.serving-sys.com secure-ds.serving-sys.com s.ytimg.com onlinepayments.pt oppwa.com www.youtube.com d3c3cq33003psk.cloudfront.net tagmanager.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.facebook.com cdn.cookielaw.org cdn.evgnet.com geolocation.onetrust.com optimize.google.com assets.adobedtm.com unpkg.com snap.licdn.com bdso.sharepoint.com *.googleapis.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt https://www.redditstatic.com https://*.qualtrics.com *.loqr.io blob:;		connect-src 'self' privacyportal-eu.onetrust.com *.novobanco.pt novobanco.pt novobancodosacores.pt *.novobancodosacores.pt wss: dpm.demdex.net *.byside.com *.evergage.com cm.everesttech.net dev.day.com *.tt.omtrdc.net cdn.cookielaw.org www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com www.google.pt *.youtube.com youtube.com *.doubleclick.net secure-ds.serving-sys.com bdso.sharepoint.com *.googleapis.com vr.unit360.pt *.onlinepayments.pt *.oppwa.com oppwa.com lm.serving-sys.com cookies-data.onetrust.io www.google.com adservice.google.com autenticacao.gov.pt *.autenticacao.gov.pt *.qualtrics.com https://cdn.linkedin.oribi.io data:;		img-src 'self' data: cdn.cookielaw.org *.byside.com *.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com cm.everesttech.net dev.day.com novobanco.pt *.novobanco.pt novobancodosacores.pt *.novobancodosacores.pt *.demdex.net www.google.pt *.evergage.com www.google-analytics.com analytics.google.com *.youtube.com youtube.com *.gstatic.com www.googletagmanager.com www.w3.org *.googleapis.com www.google.com i.ytimg.com www.facebook.com *.linkedin.com bdso.sharepoint.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com bs.serving-sys.com oppwa.com *.autenticacao.gov.pt *.doubleclick.net https://alb.reddit.com https://*.qualtrics.com https://novobancopoc.112.2o7.net blob:;		frame-src 'self' *.googleapis.com *.novobanco.pt *.fls.doubleclick.net tickcounter.com free.timeanddate.com *.morningstar.com youtube.com *.youtube.com *.demdex.net novobancodosacores.pt *.novobancodosacores.pt sdk.companywebcast.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com oppwa.com *.autenticacao.gov.pt www.facebook.com eur05.safelinks.protection.outlook.com https://*.qualtrics.com;		style-src 'self' 'unsafe-inline' *.novobanco.pt *.byside.com *.googleapis.com bdso.sharepoint.com youtube.com *.youtube.com vr.unit360.pt *.onlinepayments.pt lm.serving-sys.com autenticacao.gov.pt oppwa.com *.autenticacao.gov.pt *.novobancodosacores.pt; 1
default-src 'self' misc.poalim-site.co.il fonts.googleapis.com; img-src 'self' data: connect.facebook.net https://*.googletagmanager.com www.googletagmanager.com www.facebook.com www.google.co.il www.google.com googleads.g.doubleclick.net https://*.google-analytics.com www.google-analytics.com maps.googleapis.com https://*.gstatic.com maps.gstatic.com misc.poalim-site.co.il; script-src 'self' 'unsafe-inline' 'unsafe-eval' misc.poalim-site.co.il *.bcodes.co.il https://*.googletagmanager.com www.googletagmanager.com  www.googleadservices.com www.google-analytics.com analytics.google.com googleads.g.doubleclick.net maps.googleapis.com www.youtube.com tagmanager.google.com connect.facebook.net; connect-src 'self' misc.poalim-site.co.il stats.g.doubleclick.net https://*.google-analytics.com www.google-analytics.com maps.googleapis.com www.youtube.com youtu.be https://*.analytics.google.com https://*.googletagmanager.com www.facebook.com analytics.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; frame-src 'self' open.spotify.com tools.bizportal.co.il bid.g.doubleclick.net td.doubleclick.net *.bcodes.co.il www.youtube.com poalimcalculator.kavmanche.co.il www.facebook.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; report-to default 1
default-src 'self'; frame-src * https://*.edomex.gob.mx http://*.edomex.gob.mx;script-src 'self' https://*.edomex.gob.mx https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/jsapi https://unpkg.com/ https://www.gstatic.com/charts/51/loader.js https://www.gstatic.com/ https://cdn.lordicon.com maxcdn.bootstrapcdn.com code.jquery.com cdn.jsdelivr.net cdn.rawgit.com cdn.datatables.net https://cdnjs.cloudflare.com/ https://platform.twitter.com https://*.occ.com.mx https://www.infomexsinaloa.org https://storage.googleapis.com https://weni-sp-integrations-production.s3.amazonaws.com https://e.issuu.com https://sistemas1.sggedomex.gob.mx/ *.genial.ly/ https://*.google.com/ https://app2.weatherwidget.org/ 'unsafe-eval' 'unsafe-inline'; media-src https://edomex.gob.mx/ https://*.edomex.gob.mx/  *.issemym.gob.mx; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.weatherwidget.org/ cdn.lordicon.com *.edomex.gob.mx https://*.occ.com.mx https://*.amazonaws.com wss://websocket.weni.ai https://www.infomexsinaloa.org https://stats.g.doubleclick.net *.sggedomex.gob.mx/; img-src 'self' * data:; style-src 'self' *.edomex.gob.mx fonts.googleapis.com https://*.google.com/ https://www.gstatic.com fonts.gstatic.com https://unpkg.com/ cdn.jsdelivr.net code.jquery.com maxcdn.bootstrapcdn.com cdn.rawgit.com cdn.datatables.net https://cdnjs.cloudflare.com/ https://*.occ.com.mx 'unsafe-inline' ;font-src 'self' fonts.gstatic.com https://*.occ.com.mx;base-uri 'self'; 1
default-src * 'unsafe-inline'; font-src * data:; img-src * data:; frame-ancestors https://*.rainfocus.com; 1
frame-ancestors https://caramel.la https://caramel.la/* 'self' 1
default-src https:; script-src https: svrdntfctn.com *.svrdntfctn.com *.icomera.com icomera.com *.wpengine.com wpengine.com *.google-analytics.com *.googleapis.com *.chimpstatic.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src 'self' data: *.icomera.com icomera.com *.wpengine.com wpengine.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.ggpht; img-src 'self' data: *.vimeocdn.com *.icomera.com icomera.com *.wpengine.com wpengine.com *.w.org *.google-analytics.com *.mailchimp.com *.gstatic.com *.googleapis.com *.ggpht secure.gravatar.com stats.g.doubleclick.net; connect-src 'self' data: svrdntfctn.com *.svrdntfctn.com *.yoast.com yoast.com *.wpengine.com *.vimeo.com vimeo.com *.google-analytics.com *.doubleclick.net *.googleapis.com; frame-src 'self' data: *.vimeo.com *.google.com e.issuu.com *.googleapis.com; 1
default-src 'self' *.hubspotusercontent40.net *.netdna-ssl.com *.marketo.com *.cloudfront.net *.zoominfo.com; script-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' *.demandbase.com *.influitive.com *.b-cdn.net *.clearbitjs.com *.hscta.net *.usemessages.com *.clickagy.com *.hubspot.com *.google.com *.googleoptimize.com *.hsforms.net *.doubleclick.net *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hsleadflows.net *.hscollectedforms.net *.hs-scripts.com *.6sc.co *.dreamdata.cloud *.capterra.com  *.sf-syn.com *.googleadservices.com *.netdna-ssl.com *.vidyard.com cdn.jsdelivr.net www.googletagmanager.com secure.gift2pair.com *.olark.com polyfill.io www.google-analytics.com *.marketo.com scout-cdn.salesloft.com tracking.g2crowd.com v2.listenloop.com grow.clearbit.com s.adroll.com *.intercom.io *.hotjar.com static.ads-twitter.com snap.licdn.com connect.facebook.net *.cloudfront.net munchkin.marketo.net js.intercomcdn.com *.adroll.com *.twitter.com *.zoominfo.com ssl.chatanexpert.com *.trustradius.com *.chilipiper.com *.addevent.com *.hsappstatic.net; style-src 'self' 'unsafe-inline' *.cdnfonts.com *.influitive.com *.cloudfront.net *.b-cdn.net  *.google.com *.netdna-ssl.com use.fontawesome.com cdn.jsdelivr.net *.olark.com *.marketo.com fonts.googleapis.com *.trustradius.com; font-src data: 'self' *.cdnfonts.com *.influitive.com *.b-cdn.net *.intercomcdn.com fonts.gstatic.com *.netdna-ssl.com use.fontawesome.com *.olark.com *.cloudfront.net; img-src data: 'self' 'unsafe-inline'  *.influitive.com *.b-cdn.net *.hs-embed-reporting.com *.sitescout.com *.hubspotusercontent-na1.net *.demdex.net *.agkn.com *.clickagy.com *.crwdcntrl.net *.rlcdn.com *.hsappstatic.net *.elegantthemes.com *.gstatic.com *.hsforms.com *.hubspot.com *.twitter.com *.6sc.co *.googleadservices.com *.doubleclick.net *.capterra.com *.linkedin.com *.marketo.com *.intercomcdn.com *.intercomassets.com *.postbeyond.com *.google.ca *.google.com *.g2crowd.com *.googletagmanager.com *.netdna-ssl.com secure.gravatar.com *.vidyard.com grow.clearbitjs.com px.ads.linkedin.com t.co www.facebook.com *.olark.com *.adroll.com segment.prod.bidr.io px4.ads.linkedin.com dsum-sec.casalemedia.com pixel.rubiconproject.com pixel.advertising.com simage2.pubmatic.com sync.outbrain.com ads.yahoo.com sync.taboola.com eb2.3lift.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net p.adsymptotic.com ups.analytics.yahoo.com segments.company-target.com *.intercom.io px.surveywall-api.survata.com tags.rd.linksynergy.com *.spotify.com a.tribalfusion.com *.wpengine.com ps.w.org www.google-analytics.com dp-sync.dotomi.com *.google.com *.cloudfront.net *.trustradius.com *.chilipiper.com *.addevent.com; connect-src 'self' *.6sense.com *.googlesyndication.com *.google.com *.uc.r.appspot.com *.plyr.io *.vouchfor.com *.hscollectedforms.net *.facebook.com *.company-target.com *.influitive.com *.hubspotusercontent40.net *.hs-banner.com *.linkedin.oribi.io *.g2.com *.digitaloceanspaces.com *.clickagy.com *.elegantthemes.com *.hsforms.com *.s3.amazonaws.com *.hubspot.com *.hubapi.com *.adnxs.com *.6sc.co *.hotjar.io *.dreamdata.cloud *.netdna-ssl.com *.olark.com play.vidyard.com abm2.listenloop.com notify.bugsnag.com *.mktoresp.com *.hotjar.com *.intercom.io wss://nexus-websocket-a.intercom.io ws.zoominfo.com yoast.com *.wpengine.com www.google-analytics.com *.cloudfront.net stats.g.doubleclick.net *.salesloft.com *.trustradius.com *.chilipiper.com; prefetch-src 'self' *.jotform.com *.netdna-ssl.com play.vidyard.com; frame-src 'self' *.vouchfor.com *.company-target.com *.influitive.com *.jotform.com *.jotformeu.com *.hs-sites.com *.google.com *.doubleclick.net *.hsforms.com *.sf-syn.com *.g2.com *.spotify.com *.applytojob.com *.netdna-ssl.com *.hotjar.com www.facebook.com *.olark.com *.marketo.com *.vidyard.com *.trustradius.com *.hubspot.com *.hsappstatic.net *.chilipiper.com *.hubspotusercontent40.net *.static.hsappstatic.net; media-src blob: 'self' *.vouchfor.com *.cloudfront.net *.plyr.io *.influitive.com *.intercomcdn.com *.netdna-ssl.com *.olark.com *.jotform.com *.chilipiper.com *.hubspotusercontent40.net; 1
default-src 'self';script-src 'self' 'nonce-kzDRJzIlBqN51DDqYKo4SXvO' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' *.google.com https://fonts.googleapis.com/css popupmaker.com;img-src 'self' data: blog.emakina.com i.vimeocdn.com script.hotjar.com facebook.com www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com www.google-analytics.com cdn.cookielaw.org cdn.uc.assets.prezly.com;media-src 'self';frame-src 'self' *.google.com *.vimeo.com *.youtube.com godot.emakina.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com data:;connect-src 'self' *.onetrust.com geolocation.onetrust.com vimeo.com popupmaker.com cdn.cookielaw.org px.ads.linkedin.com www.google-analytics.com collector.leadinfo.net content.hotjar.io *.google-analytics.com api.leadinfo.com *.hotjar.io ws.hotjar.com wss://ws.hotjar.com;base-uri 'self';child-src 'none';form-action 'self';frame-ancestors 'self' emakinaagency-admin-develop.azurewebsites.net emakinaagency-admin.azurewebsites.net emakinaagency-admin-staging.azurewebsites.net emakinaagency-admin-testing.azurewebsites.net;worker-src 'none' 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.geotab.com; 1
default-src 'self' *.ctfassets.net blob:; connect-src *; font-src 'self' 'unsafe-inline' gstatic.com *.gstatic.com data: cloudfront.net *.cloudfront.net; form-action 'self' *; frame-ancestors 'self'; frame-src *; img-src 'self' 'unsafe-inline' * data: capterra.com *.capterra.com; manifest-src 'self'; media-src * blob:; object-src 'none'; script-src-elem 'self' *.hotjar.com *.hsadspixel.net *.calendly.com calendly.com *.hs-analytics.net hs-analytics.net *.hscollectedforms.net hscollectedforms.net *.hs-banner.com hs-banner.com *.hsforms.net hsforms.net *.hsappstatic.net hsappstatic.net *.hs-scripts.com hs-scripts.com *.vimeocdn.com *.instagram.com instagram.com cloudfront.net *.cloudfront.net ctfassets.net *.ctfassets.net googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com google-analytics.com *.google-analytics.com bing.com *.bing.com cookielaw.org *.cookielaw.org licdn.com *.licdn.com ads-twitter.com *.ads-twitter.com analytics.twitter.com platform.twitter.com mouseflow.com *.mouseflow.com facebook.net *.facebook.net onetrust.com *.onetrust.com doubleclick.net outfunnel.com *.outfunnel.com *.doubleclick.net *.optimizely.com *.clarity.ms *.netlify.app netlify-cdp-loader.netlify.app *.mountain.com *.wistia.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com *.hsadspixel.net *.calendly.com calendly.com *.hs-analytics.net hs-analytics.net *.hscollectedforms.net hscollectedforms.net *.hs-banner.com hs-banner.com *.hsforms.net hsforms.net *.hsappstatic.net hsappstatic.net *.hs-scripts.com hs-scripts.com *.vimeocdn.com ctfassets.net *.ctfassets.net googletagmanager.com *.googletagmanager.com *.googleadservices.com https://www.google-analytics.com/analytics.js bing.com *.bing.com licdn.com *.licdn.com cookielaw.org *.cookielaw.org ads-twitter.com *.ads-twitter.com analytics.twitter.com platform.twitter.com mouseflow.com *.mouseflow.com facebook.net *.facebook.net onetrust.com *.onetrust.com doubleclick.net googleads.g.doubleclick.net *.optimizely.com outfunnel.com *.outfunnel.com *.clarity.ms *.wistia.com; style-src 'unsafe-inline' googleapis.com *.googleapis.com *.ctfassets.net *.netlify.app netlify-cdp-loader.netlify.app featuregates.org *.featuregates.org statsigapi.net *.statsigapi.net; worker-src 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.synomia-autocompletion.com s7.addthis.com m.addthis.com api.dmcdn.net cdn.matomo.cloud 1
img-src * 1
default-src 'self' https://www.sportpursuit.com; connect-src 'self' https://www.sportpursuit.com https://m.sportpursuit.com https://raven.sportpursuit.com https://api.sportpursuit.com https://*.elev.io https://*.amazon.com https://*.amazon.co.uk https://capture.trackjs.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.google.com https://*.postcodeanywhere.co.uk https://*.iubenda.com https://*.dixa.io wss://*.dixa.io https://cdn.polyfill.io https://sentry.io https://trustbadge.api.etrusted.com https://shops-si.trustedshops.com https://*.taboola.com https://bat.bing.com https://in.requestmetrics.com https://*.addressy.com https://*.scarabresearch.com https://*.googlesyndication.com; font-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.elev.io https://fonts.gstatic.com https://widgets.trustedshops.com https://*.dixa.io; frame-src https://*.amazon.co.uk https://*.elev.io https://*.amazon.com https://*.payments-amazon.com https://www.googletagmanager.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://widget.trustpilot.com https://player.vimeo.com https://*.doubleclick.net https://*.dcmn.io https://*.googlesyndication.com https://*.iubenda.com https://iubenda.mgr.consensu.org/ https://accounts.google.com; media-src 'self' https://images1.sportpursuit.info https://images2.sportpursuit.info https://images3.sportpursuit.info https://images4.sportpursuit.info https://*.dixa.io/; form-action https://www.sportpursuit.com https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://trc.taboola.com https://*.amazon.co.uk https://*.amazon.de https://*.amazon.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https://m.sportpursuit.com https://*.scarabresearch.com https://s.ytimg.com https://www.youtube.com/ https://cdn.elev.io https://googleads.g.doubleclick.net https://www.google.com/pagead/conversion_async.js https://www.googleadservices.com https://*.payments-amazon.com https://*.amazon.com https://www.googletagmanager.com https://connect.facebook.net https://www.sc.pages05.net https://platform.twitter.com https://widget.trustpilot.com https://*.dcmn.io https://*.googlesyndication.com https://*.googleapis.com https://apis.google.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://bat.bing.com https://*.dixa.io https://cdn.polyfill.io https://sentry.io https://widgets.trustedshops.com https://cdn.taboola.com https://trc.taboola.com https://app.storyblok.com https://accounts.google.com data:; style-src 'self' 'unsafe-inline' https://*.payments-amazon.com https://fonts.googleapis.com https://*.postcodeanywhere.co.uk https://tagmanager.google.com https://*.iubenda.com https://widgets.trustedshops.com https://accounts.google.com; object-src 'none'; upgrade-insecure-requests; 1
frame-src 'self'; frame-ancestors 'self' *.realmmlp.ca *.torontomls.net; object-src 'none'; 1
frame-ancestors https://www.karlsruhe.de https://karlsruhe.ddev.site https://pred.karlsruhe.de https://sweb.karlsruhe.de 1
frame-ancestors 'self' https://*.omni.manh.com 1
default-src 'self' www.google-analytics.com cdn.userway.org;script-src 'nonce-YXNkYXNkYWlvdTc5OGF5dWhzOWRoOTg3YXloczlkaDlhdXlzZDloYTkwaHNkOThhOThzdWQ5OGE5czhkaDlhaHM=' platform.botscrew.net 'self' cdn.userway.org www.youtube.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com;img-src 'self' www.googletagmanager.com prod-cd-cdn.azureedge.net www.gstatic.com *.cdninstagram.com cdn.userway.org data:; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.userway.org; frame-src e.issuu.com player.restream.io platform.botscrew.net player.castr.com prod-cd-cdn.azureedge.net cdn.userway.org www.gstatic.com www.google.com www.youtube.com;media-src 'self' prod-cd-cdn.azureedge.net data:;connect-src graph.facebook.com www.google-analytics.com 'self' api.userway.org cdn.userway.org cdn77.api.userway.org; 1
frame-ancestors 'self' app.pendo.io https://datamma.guides.nelnet.com 1
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.botschool.ai https://api.botschool.ai wss://api.botschool.ai wss://api.ng.botschool.ai https://webchat.ng.botschool.ai https://*.byside.com wss://*.byside.com https://cdn-api-weglot.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://analytics.google.com https://region1.analytics.google.com https://www.google.com https://*.googleapis.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://in.hotjar.com https://*.inmobi.com https://*.inside-graph.com wss://*.inside-graph.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://*.clarity.ms https://*.doubleclick.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://*.quantcast.mgr.consensu.org https://www.google.pt https://services.sapo.pt https://signet-spot.telecom.pt; default-src 'self'; font-src 'self' data: https://*.meo.pt https://cdnjs.cloudflare.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://eu-cdn.inside-graph.com https://connect.facebook.net https://fast.fonts.net https://gateway.zscaler.net; form-action 'self' https://*.meo.pt https://*.byside.com https://www.facebook.com https://connect.facebook.net https://gateway.zscaler.net; frame-ancestors 'self' https://www.meo.pt https://gateway.zscaler.net https://cinema.sapo.pt https://mag.sapo.pt; frame-src 'self' https://*.meo.pt https://stags.bluekai.com https://*.byside.com https://www.facebook.com https://*.figma.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://vars.hotjar.com https://*.inside-graph.com https://meo.speedtestcustom.com https://meoteste.speedtestcustom.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.youtube.com https://*.smark.io https://*.meo.velocidi.io https://*.doubleclick.net https://gateway.zscaler.net https://signet-spot.telecom.pt; img-src 'self' data: https: https://wingify-assets.s3.amazonaws.com https://chart.googleapis.com https://*.visualwebsiteoptimizer.com https://*.vwo.com; media-src 'self' data: https://*.meo.pt https://gateway.zscaler.net; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/pkX84pGsGX/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://tags.bkrtx.com https://*.byside.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://optimize.google.com https://www.google.com https://www.googleadservices.com https://*.googleapis.com https://www.googleoptimize.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.hotjar.com https://*.inmobi.com https://*.inside-graph.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://analytics.tiktok.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.weglot.com https://p.smrk.io https://*.meo.velocidi.io https://u.heatmap.it https://www.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://selo.confio.pt; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.botschool.ai https://img.botschool.ai https://webchat.ng.botschool.ai https://s3.amazonaws.com https://*.byside.com https://use.fontawesome.com https://optimize.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://cdn.weglot.com https://fast.fonts.net https://gateway.zscaler.net https://selo.confio.pt; worker-src 'self' blob:; object-src 'none' 1
default-src https: 'unsafe-inline' https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com https://mailtrack.me ; script-src 'self' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://embed.typeform.com https://d5phz18u4wuww.cloudfront.net https://cdnjs.cloudflare.com https://seal.digicert.com https://js.stripe.com https://www.googleadservices.com https://billing.quaderno.io https://www.gstatic.com https://s3-eu-west-1.amazonaws.com https://snap.licdn.com https://px.ads.linkedin.com https://www.linkedin.com https://d1fc8wv8zag5ca.cloudfront.net https://*.hotjar.com https://cdn.jsdelivr.net/gh/snowplow https://connect.facebook.net https://www.googletagmanager.com https://*.cookiebot.com https://mailtrack.me ; img-src 'self' data: https://dev.visualwebsiteoptimizer.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.es https://www.google.com https://mailtrackio.typeform.com https://www.googleadservices.es https://www.googleadservices.com https://googleads.g.doubleclick.net https://seal.digicert.com https://billing.quaderno.io https://s3-eu-west-1.amazonaws.com https://dc.ads.linkedin.com https://d1ptrxl5bj7757.cloudfront.net https://analytics-v2.mailtrack.io https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com/tr/ https://www.googletagmanager.com https://templates-images-dev.s3.eu-west-1.amazonaws.com https://templates-images-prod.s3.eu-west-1.amazonaws.com https://*.cookiebot.com https://mailtrack.me ; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://s3-eu-west-1.amazonaws.com https://mailtrack.me ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.usap.gov platform.twitter.com dap.digitalgov.gov script.crazyegg.com cdn.syndication.twimg.com www.google-analytics.com www.googletagmanager.com;           object-src 'self';           child-src 'self' platform.twitter.com syndication.twitter.com www.youtube.com;           font-src 'self' www.usap.gov fonts.gstatic.com;           worker-src 'self' blob:;           frame-ancestors 'self';           frame-src 'self' *.brightcove.net nsf.widen.net platform.twitter.com 1
frame-ancestors https://www.domainesia.com/ https://my.domainesia.com/ 1
default-src 'self' https: https://bmidxbgroupcprod.gatsbyjs.io https://*.cookielaw.org; script-src 'self' https://bmidxbgroupcprod.gatsbyjs.io  https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://*.hotjar.com https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com https://*.hsleadflows.net https://js.hscta.net https://js.hs-scripts.com https://js-eu1.hs-scripts.com https://js.hs-banner.com https://js-eu1.hs-banner.com https://js.hscollectedforms.net https://js-eu1.hscollectedforms.net https://js.hs-analytics.net https://js-eu1.hs-analytics.net https://*.hsadspixel.net https://vc.hotjar.io https://*.usemessages.com https://*.hscollectedforms.net https://*.leadoo.com https://snap.licdn.com https://px.ads.linkedin.com https://*.mopinion.com https://*.mouseflow.com https://*.cookielaw.org https://*.outbrain.com https://cdn.speedcurve.com https://js.adsrvr.org https://*.ads-twitter.com https://www.youtube.com; style-src 'self' https://bmidxbgroupcprod.gatsbyjs.io 'unsafe-inline' https://fonts.googleapis.com https://*.hotjar.com https://*.leadoo.com https://*.mopinion.com https://*.cookielaw.org; img-src 'self' https://bmidxbgroupcprod.gatsbyjs.io https://pim-cdn.bmigroup.com https://bmipimngprodtfe.azureedge.net https://store.bmigroup.com/ https://images.ctfassets.net https://*.facebook.com https://servedby.flashtalking.com/ https://googleads.g.doubleclick.net https://www.google.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com blob: data: https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://f.hubspotusercontent00.net https://*.fs1.hubspotusercontent-na1.net https://*.hubspot.com https://*.hsforms.com https://js.hsforms.net https://*.leadoo.com https://*.linkedin.com https://p.adsymptotic.com https://*.mopinion.com https://*.mouseflow.com https://*.cookielaw.org https://*.outbrain.com https://lux.speedcurve.com https://analytics.twitter.com https://t.co/i/adsct https://i.ytimg.com; media-src 'self' https://bmidxbgroupcprod.gatsbyjs.io https://pim-cdn.bmigroup.com https://bmipimngprodtfe.azureedge.net https://store.bmigroup.com/ https://assets.ctfassets.net https://downloads.ctfassets.net https://videos.assets.ctfassets.net https://*.leadoo.com https://*.cookielaw.org; connect-src 'self' https://bmidxbgroupcprod.gatsbyjs.io  https://70f5cb29c2da49c79f1197aef4897fdc.europe-west3.gcp.cloud.es.io:* https://europe-west3-bmi-p-dxb-compute-eu-west.cloudfunctions.net https://pim-cdn.bmigroup.com https://bmipimngprodtfe.azureedge.net https://store.bmigroup.com/ https://assets.ctfassets.net https://storage.googleapis.com https://access.intouch.bmigroup.com/ https://cdnjs.cloudflare.com https://www.facebook.com/tr/ data: blob: https://*.googleapis.com *.google.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.hubapi.com https://*.hs-banner.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hubspot.com https://vc.hotjar.io https://*.hscollectedforms.net https://*.leadoo.com https://*.mopinion.com https://*.mouseflow.com https://noembed.com https://*.cookielaw.org https://*.onetrust.com https://lux.speedcurve.com; frame-src 'self' https://bmidxbgroupcprod.gatsbyjs.io  https://access.intouch.bmigroup.com/ https://*.bimobject.com https://classic.bimobject.com https://*.facebook.com https://*.facebook.net https://bid.g.doubleclick.net https://td.doubleclick.net https://*.fls.doubleclick.net *.google.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.hotjar.com https://*.hsforms.com https://app.hubspot.com *.hubspot.com *.hs-sites.com *.hs-sites-eu1.com https://*.leadoo.com https://*.linkedin.com https://*.mopinion.com https://*.mouseflow.com https://*.cookielaw.org https://s.pointerpro.com https://*.surveyanyplace.com https://sketchfab.com/models/ https://my.walls.io https://www.youtube.com; font-src 'self' https://bmidxbgroupcprod.gatsbyjs.io https: data: https://fonts.gstatic.com https://*.hotjar.com https://res.leadoo.com https://*.mopinion.com https://*.mouseflow.com; child-src 'self' https://bmidxbgroupcprod.gatsbyjs.io https://*.mouseflow.com; worker-src 'self' https://bmidxbgroupcprod.gatsbyjs.io blob:; frame-ancestors 'none'; object-src 'self' https://bmidxbgroupcprod.gatsbyjs.io; manifest-src 'self' https://bmidxbgroupcprod.gatsbyjs.io; form-action 'self' https://bmidxbgroupcprod.gatsbyjs.io https://europe-west3-bmi-p-dxb-compute-eu-west.cloudfunctions.net https://forms.hsforms.com 1
frame-ancestors 'self' https://*.losrios.edu https://crc-losrios.libapps.com https://crc-losrios.libwizard.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.blrankings.com *.azure.com *.azurewebsites.net *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.visualstudio.com *.issuu.com *.doubleclick.net *.facebook.com *.facebook.net *.licdn.com *.linkedin.com *.linkedin.oribi.io *.azureedge.net *.vimeo.com *.vimeocdn.com *.youtube.com youtube.com *.ytimg.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.sitedataprocessing.com js.hsforms.net js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com forms.hscollectedforms.net js-na1.hs-scripts.com *.hubspot.com forms-na1.hsforms.com *.googleadservices.com; frame-ancestors 'self' https://*.bestlawyers.com; 1
frame-ancestors 'self' folder.aldi.nl experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'self' *.contentful.com *.vercel-analytics.com *.algolia.net *.doubleclick.net *.google-analytics.com *.analytics.google.com *.clarity.ms *.snapchat.com https://analytics.tiktok.com https://www.nintendo.com *.intercom.io wss://nexus-australia-websocket.intercom.io https://js.intercomcdn.com tagmanager.google.com https://use.typekit.net https://p.typekit.net https://assets.nintendo.eu https://assets.nintendo.com; frame-src 'self' https://intercom-sheets.com/ *.algolia.net https://optimize.google.com/ www.recaptcha.net www.gstatic.com www.google.com googletagmanager.com googleanalytics.com google-analytics.com googleoptimize.com *.youtube.com nintendoaustralia.formstack.com *.accounts.nintendo.com *.nintendo.com *.nintendo.com.au *.adsrvr.org *.snapchat.com *.doubleclick.net https://www.facebook.com/ *.facebook; script-src 'self' www.recaptcha.net *.gstatic.com *.youtube.com *.nintendo-europe.com https://cdnjs.cloudflare.com https://ajax.googleapis.com *.formstack.com *.algolia.net *.doubleclick.net *.snapchat.com https://widget.intercom.io https://js.intercomcdn.com nintendo.com nintendo.com.au https://optimize.google.com https://www.googleoptimize.com https://connect.facebook.net *.accounts.nintendo.com https://www.clarity.ms https://js.adsrvr.org/up_loader.1.1.0.js https://sc-static.net/scevent.min.js https://static.ads-twitter.com https://www.googletagmanager.com/ https://www.googleanalytics.com https://www.google-analytics.com *.vercel.app *.cdn.nintendo.net https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://use.typekit.net https://p.typekit.net https://www.nintendo.co.uk https://www.nintendo.com https://www.nintendo.com.au *.vercel.app https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://assets.nintendo.eu *.cdn.nintendo.net 'unsafe-inline'; img-src 'self' https: https://assets.nintendo.eu data:; font-src https://fonts.intercomcdn.com *.assets.nintendo.eu *.nintendo.eu https://fonts.gstatic.com https://use.typekit.net data: 'self' 1
frame-ancestors http://*.almamedia.net https://*.almamedia.net https://app.powerbi.com 1
frame-ancestors 'self' *dol.com.br *elitecs.gruporba.com.br 1
default-src 'self' chat.ind.nl; script-src 'self' statistiek.rijksoverheid.nl piwik.dtnr.nl statistics.ind.nl chat.ind.nl deploy.mopinion.com collect.mopinion.com *.seamly-app.com 'nonce-fXAgcAeFlzWXN_nFMpzw5JaER4c4cFsm'; style-src 'self' 'unsafe-inline' *.mopinion.com *.seamly-app.com chat.ind.nl; img-src 'self' data: statistics.ind.nl *.mopinion.com chat.ind.nl; media-src 'self' *.rovid.nl chat.ind.nl; frame-ancestors 'self'; font-src 'self' *.mopinion.com chat.ind.nl; connect-src 'self' *.seamly-app.com *.mopinion.com chat.ind.nl ws:; base-uri 'self' 1
font-src fonts.googleapis.com fonts.gstatic.com data: fonts.gstatic.com/ applepay.cdn-apple.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com esqa.moneris.com www3.moneris.com pay.google.com data: youtube.com www.youtube.com vimeo.com google.com www.google.com www.google.ca www.google.fr www.gstatic.com saq.cvmanager.com amc.demdex.com *.spotify.com *.weezevent.com *.moneris.com *.privacy-center.org lepointdevente.com thepointofsale.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com www.google.ca www.google.fr *.gstatic.com www.maps.gstatic.com maps.googleapis.com developers.google.com play.google.com linkmaker.itunes.apple.com img.riskified.com www.w3.org cdn.storepoint.co *.privacy-center.org *.googleapis.com *.ggpht.com cdn.lepointdevente.com cdn.thepointofsale.com *.amazonaws.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ esqa.moneris.com www3.moneris.com applepay.cdn-apple.com pay.google.com s7.addthis.com data: js-agent.newrelic.com maps.googleapis.com google.com google.ca google.fr www.google.com www.google.ca www.google.fr developers.google.com www.gstatic.com bam.nr-data.net bam-cell.nr-data.net tagmanager.google.com beacon.riskified.com c.riskified.com jquery.sellxed.com dpm.demdex.net googleads.g.doubleclick.net/ cdn.storepoint.co/ *.weezevent.com *.moneris.com *.privacy-center.org lepointdevente.com thepointofsale.com accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com fonts.googleapis.com cdn.storepoint.co cdn.lepointdevente.com cdn.thepointofsale.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com ekr.zdassets.com/ bam.nr-data.net bam-cell.nr-data.net c.riskified.com stats.g.doubleclick.net web.na.bambora.com maps.googleapis.com *.storepoint.co google.com *.googlesyndication.com *.privacy-center.org lepointdevente.com thepointofsale.com pay.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://player.podigee-cdn.net/ https://*.rosalux.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rosalux.de/ https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://flickrembed.com/ https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.youtube.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://cdn.podigee.com/ https://player.podigee-cdn.net/ https://flickrembed.com/ https://*.rosalux.de/ https://maxcdn.bootstrapcdn.com ; connect-src 'self' https://*.rosalux.de/ https://a.tiles.mapbox.com https://manypod.podigee.io/ https://demoradio.podigee.io/ ;img-src data: 'self' https://*.rosalux.de/ https://img.youtube.com https://i.ytimg.com https://a.tiles.mapbox.com https://b.tiles.mapbox.com https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://a.tile.openstreetmap.org/ ;frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com/ https://w.soundcloud.com/ https://manypod.podigee.io/ https://player.podigee-cdn.net/ https://cdn.podigee.com/ https://flickrembed.com/ https://demoradio.podigee.io/ https://*.rosalux.de/ https://moving-cities.eu https://*.mode-macht-menschen.com; font-src 'self' 'unsafe-inline' data: https://*.rosalux.de https://rosalux.de https://maxcdn.bootstrapcdn.com; frame-ancestors 'self' https://*.rosalux.de https://rosalux.de; object-src 'self'; base-uri 'self' 1
frame-ancestors 'self'  wbpa.wdo.io eu.wotblitz.com na.wotblitz.com asia.wotblitz.com ru.wotblitz.com 1
frame-ancestors psg.sanity.studio; 1
default-src 'self' blob: *.mfilterit.net youtube.googleapis.com api.twitter.com graph.facebook.com *.hdfclife.net *.hdfclife.tech *.hdfclife.com www.google-analytics.com www.googletagmanager.com static.cloudflareinsights.com *.notifyvisitors.com; img-src 'self' *.clarity.ms c.clarity.ms p1.zemanta.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com hdfclifecjauat.112.2o7.net *.visualwebsiteoptimizer.com maps.gstatic.com *.mfilterit.net dm.hybrid.ai dss.hybrid.ai mediasmart.io 3ma79ae7cua.com adgebra.co.in data: dpm.demdex.net *.adsymptotic.com t.co s7ap1.scene7.com analytics.twitter.com *.fbcdn.net *.quora.com alb.reddit.com advertiser.inmobiapis.com p.adsymptotic.com www.linkedin.com s0.2mdn.net *.notifyvisitors.com tr.outbrain.com sp.analytics.yahoo.com s7ap1.scene7.com connect.facebook.net *.doubleclick.net *.taboola.com hdfclife.sc.omtrdc.net ade.clmbtech.com ade.clmbtech.com www.googletagmanager.com i.ytimg.com cm.everesttech.net pixel.mathtag.com maps.googleapis.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net www.google-analytics.com www.google.com www.google.co.in px.ads.linkedin.com www.facebook.com; script-src 'self' blob: *.visualwebsiteoptimizer.com app.vwo.com *.mfilterit.net 'unsafe-inline' 'unsafe-eval' *.hdfclife.com *.hdfclife.tech *.hdfclife.net www.instagram.com platform.twitter.com cdnjs.cloudflare.com cdn.jsdelivr.net www.google.com assets.adobedtm.com static.cloudflareinsights.com www.googletagmanager.com pixel.mathtag.com www.google-analytics.com unpkg.com *.vizury.com lifeai.api-hdfclife.com *.doubleclick.net connect.facebook.net snap.licdn.com www.googletagservices.com pagead2.googlesyndication.com www.gstatic.com www.youtube.com maps.googleapis.com hdfclife.demdex.net *.taboola.com s3.amazonaws.com s.yimg.com amplify.outbrain.com ajax.googleapis.com tr.outbrain.com  www.googletagmanager.com hdfclife.demdex.net www.google-analytics.com assets.adobedtm.com *.notifyvisitors.com static.cloudflareinsights.com; font-src 'self' *.mfilterit.net *.notifyvisitors.com fonts.gstatic.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net data:; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com *.mfilterit.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net fonts.googleapis.com *.mfilterit.net *.notifyvisitors.com cdn.jsdelivr.net;  frame-src 'self' hdfclife.peppysurvey.com *.visualwebsiteoptimizer.com app.vwo.com spa.gy ak.gotrackier.com adgebra.co.in *.mfilterit.net td.doubleclick.net emd.hybrid.ai tsdtocl.com cdn1.spa.gy lms.mdsmedia.co.in lifeai-widget.apps-hdfclife.com www.facebook.com www.linkedin.com *.notifyvisitors.com *.twitter.com www.instagram.com *.doubleclick.net *.fls.doubleclick.net www.youtube.com youtube.com hdfclife.demdex.net *.hdfclife.com *.hdfclife.tech *.hdfclife.net pixel.mathtag.com sg-pl.vizury.com www.google.com; connect-src 'self' www.redditstatic.com conversions-config.reddit.com edge.adobedc.net *.clarity.ms adobedc.demdex.net p.clarity.ms px.ads.linkedin.com tr.outbrain.com api.fido.id *.visualwebsiteoptimizer.com app.vwo.com fpf.hybrid.ai cdn.linkedin.oribi.io cuberatechnology.piwik.pro cubera.services pixel.cubera.services *.mfilterit.net *.hdfclife.com vspagy.com bcp.crwdcntrl.net *.hdfclife.tech *.hdfclife.net s.yimg.com *.taboola.com hdfclife.sc.omtrdc.net *.google.com maps.googleapis.com *.doubleclick.net www.google-analytics.com wss://wsshm.notifyvisitors.com dpm.demdex.net hdfclife.tt.omtrdc.net *.notifyvisitors.com; script-src-elem 'self' www.clarity.ms js-tag.zemanta.com a.quora.com wave.outbrain.com app.vwo.com code.fido.id script.mfilterit.net *.visualwebsiteoptimizer.com *.hdfclife.com *.hdfclife.tech *.hdfclife.net 'unsafe-inline' cubera.containers.piwik.pro googleads.g.doubleclick.net www.googleadservices.com pixel.cubera.services www.googleadservices.com *.hybrid.ai cuberatechnology.containers.piwik.pro cubera.services assets.adobedtm.com *.notifyvisitors.com static.cloudflareinsights.com www.googletagmanager.com lifeai.api-hdfclife.com cdn.jsdelivr.net www.google-analytics.com www.instagram.com *.twitter.com cdnjs.cloudflare.com hdfclife.demdex.net ad.doubleclick.net connect.facebook.net *.taboola.com snap.licdn.com s.yimg.com www.googletagservices.com pagead2.googlesyndication.com unpkg.com t.co static.ads-twitter.com www.youtube.com tsdtocl.com amplify.outbrain.com www.google.com www.redditstatic.com *.inmobicdn.net tr.outbrain.com ajax.googleapis.com www.gstatic.com maps.googleapis.com tags.crwdcntrl.net; worker-src 'self' blob: 1
frame-ancestors ‘self’; 1
frame-ancestors 'none'; child-src blob: https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; worker-src blob: https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; img-src 'self' *.google-analytics.com data: *.unicef.de *.googlesyndication.com *.google.com *.google.de *.gstatic.com *.googleapis.com *.adtriba.com *.bing.com t.co *.facebook.com banner.unicef.de *.thinglink.me *.juicer.io *.fundraisingbox.com *.adition.com *.omappapi.com *.doubleclick.net *.cookiepro.com *.tvsquared.com *.taboola.com *.adform.net *.googletagmanager.com *.seadform.net *.twiago.com *.ytimg.com *.twitter.com www.google.ch www.google.at www.google.it www.google.tr www.google.lu www.google.nl www.google.pl www.google.fr www.google.es www.google.dk www.google.co.uk *.paypal.com *.paypalobjects.com stats.unicef.de https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; media-src 'self' *.youtube.com *.youtube-nocookie.com *.juicer.io *.paypal.com *.juicer.io *.paypal.com *.paypalobjects.com *.unicef.org https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.paypalobjects.com *.paypal.com https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.google-analytics.com *.google.com *.googleapis.com *.google.de *.gstatic.com *.cloudfront.net *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.googleapis.com *.bing.com *.ads-twitter.com *.facebook.net *.adtriba.com *.cloudflare.com *.hotjar.com *.googleadservices.com *.optmnstr.com *.ex.co *.juicer.io *.thinglink.me *.thinglink.com *.adition.com *.fundraisingbox.com *.pressekompass.net *.cookiepro.com *.playbuzz.com *.twitter.com *.omappapi.com *.utt.pm utt.pm *.seadform.net *.adform.net *.tvsquared.com *.lamapoll.de lamapoll.de cms-prod.unicef.de *.doubleclick.net *.googleoptimize.com *.twiago.com *.paypal.com *.paypalobjects.com *.taboola.com *.pinimg.com stats.unicef.de https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; frame-src 'self' *.ex.co *.google.com *.youtube.com *.youtube-nocookie.com *.hotjar.com *.tchop.io *.issuu.com *.thinglink.me *.fundraisingbox.com *.pressekompass.net *.twitter.com *.ende.rs ende.rs *.facebook.com lamapoll.de *.lamapoll.de *.lamapoll.io *.utt.pm *.doubleclick.net *.tvsquared.com *.adform.net *.adition.com *.adtriba.com *.omappapi.com *.seadform.net *.googleadservices.com *.hotjar.com app.powerbi.com *.twiago.com *.pageflow.io *.paypal.com *.paypalobjects.com *.taboola.com *.unicef.org stats.unicef.de https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; form-action 'self' *.facebook.com *.paypalobjects.com *.paypal.com https://live-prod.unicef.de/ http://live-prod.unicef.de/ https://live-prod.unicef.de/_donation/ https://cookie-cdn.cookiepro.com; report-to default 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-79lotCaaF9sDdotgejosrsN2q' 'strict-dynamic' 'report-sample'; report-uri https://blenderartists.org/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://secure.helpscout.net https://pray.wordonfire.org https://www.wordonfire.org 1
frame-ancestors 'self' https://frontend.pttn.com; 1
frame-ancestors 'self' http://umbracodev.trex.com https://umbracodev.trex.com https://umbracostaging.trex.com https://nextrex.com https://www.nextrex.com https://www.google.com/recaptcha/api.js 1
script-src 'unsafe-eval' blob: 'self' 'nonce-XnMOCMdz7INJKQRfE+Y4' youtube.com 'unsafe-inline'; default-src 'self' data: blob: https://upload.wikimedia.org https://commons.wikimedia.org *.wikimedia.org wikimedia.org *.youtube.com *.poewiki.net https://www.youtube-nocookie.com https://i.ytimg.com; style-src 'self' data: blob: https://upload.wikimedia.org https://commons.wikimedia.org *.wikimedia.org wikimedia.org *.youtube.com *.poewiki.net https://www.youtube-nocookie.com https://i.ytimg.com 'unsafe-inline'; object-src 'none'; report-uri /api.php?action=cspreport&format=json 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.magnolia-cloud.com https://*.linkedin.com https://*.chatanexpert.com https://*.clarity.ms https://*.bing.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.force.com https://*.google.com.mx https://*.licdn.com https://*.google.com https://*.doubleclick.net https://*.adservice.google.com https://*.googleadservices.com https://*.mouseflow.com wss://in.visitors.live https://*.luckyorange.com https://*.usercentrics.eu https://*.dwcdn.net https://*.adsrvr.org https://weatherwidget.io https://cdn.thinglink.me https://www.thinglink.com https://www.wrike.com https://*.megameeting.com https://www.youtube.com https://www.slideshare.net https://www.washingtonpost.com https://www.chasepaymentechhostedpay.com https://sketchfab.com https://r3.visualwebsiteoptimizer.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://play.vidyard.com https://pi.pardot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://go.jabil.com https://www.google-analytics.com http://stats.g.doubleclick.net https://4bfejp2jq0q2273jfp3mhqaw-wpengine.netdna-ssl.com https://hm.baidu.com https://cse.google.com https://snid.snitcher.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://ton.twimg.com https://maps.googleapis.com https://*.6sc.co https://secure.adnxs.com https://w.soundcloud.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://go.pardot.com https://maxcdn.bootstrapcdn.com ; img-src 'self'  https://* data: blob: ; worker-src 'self' blob: ; child-src 'self' https://*.linkedin.com https://*.chatanexpert.com https://*.clarity.ms https://*.bing.com https://*.linkedin.oribi.io https://*.salesforce-sites.com https://*.force.com https://*.google.com.mx https://*.licdn.com https://*.google.com https://*.doubleclick.net https://*.adservice.google.com https://*.googleadservices.com https://*.mouseflow.com wss://in.visitors.live https://*.luckyorange.com https://*.usercentrics.eu https://*.dwcdn.net https://*.adsrvr.org https://weatherwidget.io https://cdn.thinglink.me https://www.thinglink.com https://www.wrike.com https://*.megameeting.com https://www.youtube.com https://www.slideshare.net https://www.washingtonpost.com https://www.chasepaymentechhostedpay.com https://sketchfab.com https://r3.visualwebsiteoptimizer.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://www.gstatic.com https://play.vidyard.com https://pi.pardot.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com https://go.jabil.com https://www.google-analytics.com http://stats.g.doubleclick.net https://4bfejp2jq0q2273jfp3mhqaw-wpengine.netdna-ssl.com https://hm.baidu.com https://cse.google.com https://snid.snitcher.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://ton.twimg.com https://maps.googleapis.com https://*.6sc.co https://secure.adnxs.com https://w.soundcloud.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://go.pardot.com https://maxcdn.bootstrapcdn.com blob: ; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com data: ; 1
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors 'self' https://*.albayan.ae 1
default-src 'self' blob: https://10web.io *.10web.io; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' 'report-sample' ajax.cloudflare.com *.googleoptimize.com *.tiktok.com https://*.smooch.io https://*.zendesk.com https://widget.trustpilot.com/ https://embed.typeform.com/next/embed.js *.hotjar.com https://api.smooch.io/ https://cdn.jsdelivr.net/* *.luckyorange.com https://api.smooch.io https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hscollectedforms.net https://js.hsforms.net https://forms.hsforms.com  *.hubspot.com *.hubspot.net *.hs-scripts.com  *.hs-analytics.net jsfiddle.net *.jsfiddle.net *.bing.com *.datatables.net *.gstatic.com instagram.com *.instagram.com instagr.am https://10web.io *.10web.io *.twitter.com twitter.com *.google.com google.com *.firstpromoter.com firstpromoter.com *.facebook.net *.facebook.com facebook.com *.fbcdn.net reddit.com *.reddit.com redditstatic.com *.redditstatic.com quora.com *.quora.com *.cloudflare.com cloudflare.com https://d10lpsik1i8c69.cloudfront.net https://googleads.g.doubleclick.net *.googleapis.com https://s.ytimg.com https://snap.licdn.com https://static.ads-twitter.com *.google-analytics.com google-analytics.com https://www.googleadservices.com https://*.googletagmanager.com https://googletagmanager.com https://www.youtube.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com producthunt.com *.producthunt.com *.fontawesome.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js data:; style-src 'self' 'unsafe-inline' 'report-sample' https://embed.typeform.com/next/css/widget.css https://10web.io *.10web.io https://*.smooch.io https://*.zendesk.com https://hello.myfonts.net/count/36f1f3 https://tools.luckyorange.com *.datatables.net https://d10lpsik1i8c69.cloudfront.net *.googleapis.com *.googleusercontent.com googleusercontent.com google.com *.google.com *.googletagmanager.com googletagmanager.com *.sentry-cdn.com *.fontawesome.com data: blob: https://10web.io *.10web.io; img-src * 'self' data: blob:; font-src 'self' data:  https://10web.io *.10web.io https://*.smooch.io https://*.zendesk.com *.gstatic.com *.googleusercontent.com googleusercontent.com storage.googleapis.com https://s3.amazonaws.com/luckyorange-clickstream/fonts/ hello.myfonts.net *.fontawesome.com; connect-src * 'self'; media-src 'self' https://10web.io *.10web.io *.s3.us-west-2.amazonaws.com *.amazonaws.com https://s3-us-west-2.amazonaws.com/10web-tts/audios/* *.s3.amazonaws.com *.imgur.com imgur.com https://d10lpsik1i8c69.cloudfront.net wss://*.smooch.io https://*.smooch.io https://*.zendesk.com *.zdassets.com *.zendesk.com *.zopim.com *.zopim.io zopim.com *.google.com google.com *.googleusercontent.com googleusercontent.com *.sentry-cdn.com *.firstpromoter.com firstpromoter.com; frame-src 'self'   jsfiddle.net https://form.typeform.com https://demo.arcade.software https://widget.trustpilot.com https://forms.hsforms.com/ https://app.hubspot.com *.jsfiddle.net https://anchor.fm https://10web.io *.10web.io *.google.com google.com *.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com jsfiddle.net https://app.hubspot.com  *.jsfiddle.net https://anchor.fm https://10web.io *.10web.io *.google.com google.com *.doubleclick.net *.facebook.com facebook.com *.facebook.net *.fbcdn.net instagram.com *.instagram.com instagr.am *.youtube.com youtube.com *.firstpromoter.com firstpromoter.com; base-uri 'self' https://10web.io *.10web.io; manifest-src 'self' https://10web.io *.10web.io; report-uri https://o397950.ingest.sentry.io/api/5263028/security/?sentry_key=8444a18b08184aef960a8eded99e7e7a; 1
frame-ancestors https://timestation.uservoice.com; 1
default-src 'self' blob: data: https://static3.avast.com https://gstatic.mopinion.com https://lpcdn.lpsnmedia.net https://*.inbenta.io; connect-src 'self' https://safespaces.azurewebsites.net https://safespaces.azurewebsites.net/Home/IsAlive https://*.googleapis.com https://*.contentsquare.net https://adservice.google.com https://bat.bing.com https://*.mopinion.com https://fonts.googleapis.com https://tealium.hs.llnwd.net https://translate.googleapis.com https://www.google.com wss://lo.msg.liveperson.net https://*.clicktale.net https://*.akstat.io https://*.akamaihd.net https://*.doubleclick.net https://*.omtrdc.net https://*.go-mpulse.net https://*.demdex.net https://*.tsbtest.co.uk https://*.tsb.co.uk https://*.adobedc.net https://*.inbenta.io https://answers.yext-pixel.com https://prod-cdn.us.yextapis.com https://bf31743skn.bf.dynatrace.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://script.hotjar.com https://static.hotjar.com/c/hotjar-3440672.js https://translate.google.com https://safespaces.azurewebsites.net/Assets/js/dist/widget.min.js https://safespaces.azurewebsites.net//Assets/js/dist/widget.min.js https://*.contentsquare.com https://*.contentsquare.net https://*.microsofttranslator.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://*.googlesyndication.com https://tags.tiqcdn.com https://*.tealiumiq.com https://platform.twitter.com https://*.kis.v2.scr.kaspersky-labs.com https://*.googleapis.com https://*.mopinion.com https://connect.facebook.net https://cdnssl.clicktale.net https://cdn1.adoberesources.net https://cdn.syndication.twimg.com https://c5.adalyser.com https://bat.bing.com https://*.tsbtest.co.uk https://*.tsb.co.uk https://*.lpsnmedia.net https://*.liveperson.net https://*.go-mpulse.net https://*.doubleclick.net https://*.akamaihd.net https://*.ads-twitter.com https://*.adoberesources.net https://*.inbenta.io https://widget.trustpilot.com https://tags.tiqcdn.com https://assets.sitescdn.net https://answers-embed.tsb.com.pagescdn.com https://answers-embed-business.tsb.com.pagescdn.com https://js-cdn.dynatrace.com https://analytics.tiktok.com; img-src 'self' data: https://safespaces.azurewebsites.net/ https://fonts.gstatic.com/s/i/productlogos/translate/v14/24px.svg https://prf.hn https://*.contentsquare.net https://*.googleapis.com https://*.tile.osm.org https://c5.adalyser.com https://cdn.optimizely.com https://connect.facebook.net https://cx.atdmt.com https://*.doubleclick.net https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://tealium.hs.llnwd.net https://ton.twimg.com https://translate.google.com https://www.facebook.com https://www.googletagmanager.com https://www.gstatic.com https://www.microsofttranslator.com https://*.tsb.co.uk https://*.adswizz.com https://*.thisisdax.com https://*.akstat.io https://maps.gstatic.com https://*.everesttech.net https://*.demdex.net https://googletagmanager.com https://*.clicktale.net https://*.lpsnmedia.net https://*.aviva.co.uk https://bat.bing.com https://www.google.com https://www.google.co.uk https://*.omtrdc.net https://*.inbenta.com https://amplifypixel.outbrain.com https://t.co https://analytics.twitter.com; style-src 'unsafe-inline' 'self' https://www.gstatic.com https://safespaces.azurewebsites.net//Assets/css/bundle.min.css https://fonts.mopinion.com https://platform.twitter.com https://ton.twimg.com https://translate.googleapis.com https://*.inbenta.io https://fonts.googleapis.com https://assets.sitescdn.net; object-src 'self' https://tsbtest.co.uk https://www.tsb.co.uk https://*.doubleclick.net; child-src https: 'self' blob:; frame-src https://www.tsb.co.uk https://www.tsbtest.co.uk https://www.google.com https://tpc.googlesyndication.com https://syndication.twitter.com https://player.vimeo.com https://platform.twitter.com https://*.liveperson.net https://intermediary.tsb.co.uk https://*.inbenta.com https://*.lpsnmedia.net https://www.youtube.com https://*.doubleclick.net https://*.demdex.net https://live.brame-gamification.com https://widget.trustpilot.com https://answers-embed.tsb.com.pagescdn.com https://answers-embed-business.tsb.com.pagescdn.com; frame-ancestors 'self' https://*.tsbtest.co.uk https://*.tsb.co.uk; font-src 'self' https://sdk.inbenta.io https://cdn.inbenta.io https://www.tsb.co.uk https://safespaces.azurewebsites.net https://fonts.gstatic.com; report-uri https://csp.tsb.co.uk/cspreport/www.tsb.co.uk 1
default-src 'self' 'unsafe-inline' data: *.zscalerone.net *.zscalertwo.net *.zscalerthree.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com code.jquery.com static.cloudflareinsights.com *.zscalerone.net *.zscalertwo.net *.zscalerthree.net yoast.com *.helpscout.net; style-src 'self' 'unsafe-inline' *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.googleapis.com code.jquery.com; font-src * data:; img-src * data:; connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net yoast.com *.cloudfront.net; frame-src 'self' *.vimeo.com *.libsyn.com *.zscalerone.net *.zscalertwo.net *.zscalerthree.net cdn.yoshki.com/iframe/55845r.html; worker-src 'self' blob: 1
frame-ancestors http://webvisor.com; 1
default-src 'self' policy.cookiereports.com www.youtube-nocookie.com data: 'unsafe-eval';         style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com;         img-src 'self' policy.cookiereports.com *.google-analytics.com *.googletagmanager.com data: ;         connect-src 'self' policy.cookiereports.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com;         script-src 'self' ajax.googleapis.com www.google.com www.gstatic.com policy.cookiereports.com *.googletagmanager.com 'unsafe-inline'             'unsafe-eval' *.cloudfront.net *.youtube.com www.google-analytics.com data: blob:;         font-src 'self' fonts.googleapis.com fonts.gstatic.com *.cloudfront.net data: 'unsafe-eval'; 1
default-src 'none'; connect-src 'self' https://samc.zkb.ch https://same.zkb.ch https://samt.zkb.ch https://samct.zkb.ch https://sameo.zkb.ch https://dpm.demdex.net https://edge.adobedc.net https://adobedc.demdex.net https://*.doubleclick.net/ https://privacyportal-ch.onetrust.com https://geolocation.onetrust.com https://*.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://www.google.com https://zkb.demdex.net https://dpm.demdex.net https://*.doubleclick.net/; frame-ancestors 'self' https://*.adobe.com/; img-src 'self' data: https://dpm.demdex.net https://cm.everesttech.net https://samc.zkb.ch https://*.googleapis.com https://maps.gstatic.com; media-src 'self' https://dpm.demdex.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googleapis.com https://assets.adobedtm.com https://cdn.tt.omtrdc.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.tt.omtrdc.net; object-src 'self' 1
default-src 'none'; script-src 'self' 'unsafe-hashes' data: https://web.kominfo.go.id http://www.kominfo.go.id http://kominfo.go.id https://www.googletagmanager.com translate.google.com cdn.userway.org cdn.jsdelivr.net https://translate-pa.googleapis.com code.jquery.com releases.flowplayer.org a.disquscdn.com www.google-analytics.com translate.googleapis.com kominfo.discus.com  'sha256-v1+Z+bDPfE4rTm4gyjXCThQth1B/jbAO9K1u1zzk2pI=' 'sha256-d+XiDBXqrAQI7R8KVX9uRAtkHJWNmURyG9QF6TM0bz8=' ; connect-src 'self' http://kominfo.go.id https://kominfo.go.id https://www.kominfo.go.id https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://stats.g.doubleclick.net https://services.hearme.id https://hearme-storage-bucket.s3.ap-southeast-1.amazonaws.com ; img-src 'self' data: blob: http://kominfo.go.id http://www.kominfo.go.id https://www.kominfo.go.id https://i.ytimg.com https://cdn.userway.org http://web.kominfo.go.id https://web.kominfo.go.id https://www.google.co.id https://hearme-storage-bucket.s3.ap-southeast-1.amazonaws.com https://www.googletagmanager.com ; style-src 'self' 'unsafe-inline' http://kominfo.go.id http://www.kominfo.go.id fonts.googleapis.com https://translate.googleapis.com https://cdn.userway.org  https://www.gstatic.com; font-src 'self' data: fonts.gstatic.com https://cdn.userway.org; frame-ancestors 'self'; frame-src about: youtube.com www.youtube.com https://cdn.userway.org http://web.kominfo.go.id https://web.kominfo.go.id; child-src 'self'; form-action 'self'; media-src 'self' blob:; 1
base-uri 'none';object-src 'none';connect-src 'self' https: *.google-analytics.com wss://nexus-websocket-a.intercom.io blob:;default-src 'self' blob: https://1874966808.rsc.cdn77.org;font-src 'self' https: data: https://1874966808.rsc.cdn77.org;frame-src 'self' https://accounts.google.com https://www.google.com https://www.facebook.com https://webforms.pipedrive.com https://td.doubleclick.net/ https://intercom-sheets.com/ https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.loom.com;img-src 'self' https: blob: data: *.googletagmanager.com a.storyblok.com img2.storyblok.com;media-src 'self' https: blob: data: a.storyblok.com;report-uri https://fe7d76b887471114b1ffc4f4c426faa7.report-uri.com/r/d/csp/enforce;script-src 'unsafe-inline' 'unsafe-eval' https: 'self' https://apis.google.com https://www.googletagmanager.com https://www.clarity.ms http://app.storyblok.com https://widget.intercom.io https://app.intercom.io https://js.intercomcdn.com https://1874966808.rsc.cdn77.org;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://1874966808.rsc.cdn77.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com forms.hsforms.com *.amazonaws.com *.pelican.com *.stackadapt.com *.emarsys.net *.adroll.com cdnjs.cloudflare.com ajax.googleapis.com *.klaviyo.com js.adsrvr.org tags.crwdcntrl.net *.dynamicyield.com *.hotjar.com www.googletagmanager.com connect.facebook.net snap.licdn.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com bat.bing.com *.avmws.com use.fontawesome.com googleads.g.doubleclick.net *.yotpo.com *.en25.com www.google-analytics.com *.clarity.ms assets.pinterest.com www.google.com cdnapisec.kaltura.com www.gstatic.com cdn.rawgit.com *.datadome.co code.jquery.com *.svn0czn.com cdn.dynamicyield.com *.scarabresearch.com *.simpli.fi *.klarnaservices.com app.intercom.io widget.intercom.io js.intercomcdn.com; script-src-elem 'unsafe-inline' *; media-src data: *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com *.amazonaws.com media.pelican.com cdnapisec.kaltura.com js.intercomcdn.com; connect-src javascript: data: *.redditstatic.com https://pelicantest.com *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com tr6.snapchat.com tr.snapchat.com px.ads.linkedin.com analytics.tiktok.com js.klarna.com api.hubapi.com forms.hsforms.com *.amazonaws.com *.pelican.com *.btttag.com *.stackadapt.com *.linkedin.oribi.io *.emarsys.net *.yotpo.com *.hotjar.com *.hotjar.io wss://*.hotjar.com stats.g.doubleclick.net *.dynamicyield.com www.google-analytics.com https://analytics.google.com fast.a.klaviyo.com *.klaviyo.com bat.bing.com *.clarity.ms www.facebook.com vc.hotjar.io adservice.google.com www.google.com *.datadome.co analytics.kaltura.com manage.kmail-lists.com www.instagram.com *.scarabresearch.com *.klarnaservices.com api.intercom.io api.au.intercom.io api.eu.intercom.io api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.intercomusercontent.com; img-src * data: *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com; frame-src 'self' tr.snapchat.com forms.hsforms.com *.amazonaws.com *.pelican.com www.facebook.com www.instagram.com vars.hotjar.com *.doubleclick.net www.youtube.com www.google.com www.googletagmanager.com insight.adsrvr.org; font-src 'self' data: https://members.cj.com *.mczbf.com *.sjwoe.com *.cdn-cookieyes.com *.amazonaws.com *.pelican.com staticw2.yotpo.com use.fontawesome.com fonts.gstatic.com cdn.honey.io www.slant.co at.alicdn.com fonts.googleapis.com *.klarnacdn.net js.intercomcdn.com fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' *.amazonaws.com *.pelican.com staticw2.yotpo.com use.fontawesome.com cdnjs.cloudflare.com *.klaviyo.com fonts.googleapis.com cdn.honey.io translate.googleapis.com cdn.rawgit.com *.trendmicro.com *.klarnacdn.net; style-src-elem 'unsafe-inline' *; child-src www.google.com www.youtube.com bid.g.doubleclick.net insight.adsrvr.org vars.hotjar.com match.adsrvr.org intercom-sheets.com www.intercom-reporting.com player.vimeo.com fast.wistia.net; frame-ancestors 'self'; object-src 'none'; form-action 'self' forms.hsforms.com *.amazonaws.com *.pelican.com https://www.pelican.com/pid/tools/ www.facebook.com *.mimecast.com *.salesforce.com webto.salesforce.com *.eloqua.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=FR&lang=fr-FR&device=desktop&yrid=7l9lmapj45ied&partner=; 1
frame-ancestors hutchisonports.com www.hutchisonports.com 1
frame-ancestors 'self' *.3sharecorp.com https://corpextdev.b2clogin.com https://corpsso.b2clogin.com https://staging.comfortsite.com https://nva-av-tkweb1pr https://igrawsndc012r:10446 https://elibrary.tranetechnologies.com/ 1
script-src 'unsafe-inline' 'unsafe-eval' newslab.su www.newslab.su code.createjs.com tagmanager.google.com ssl.p.jwpcdn.com www.youtube.com s.ytimg.com maps.google.com maps.googleapis.com pagead2.googlesyndication.com adservice.google.com adservice.google.ru cdn.ampproject.org code.jquery.com vk.com api-maps.yandex.ru www.instagram.com platform.instagram.com relap.io top-fwz1.mail.ru mediator.imgsmail.ru collector.mediator.media static.criteo.net cas.criteo.com ad.mail.ru ajax.googleapis.com newslab.ru www.newslab.ru s.newslab.ru cdnjs.cloudflare.com jsn.24smi.net js-agent.newrelic.com bam.nr-data.net cdn.onthe.io tt.onthe.io www.googletagmanager.com an.yandex.ru yastatic.net www.google-analytics.com mc.yandex.ru radario.ru code.jivosite.com yandex.st; object-src 'none'; base-uri newslab.ru; style-src 'self' 'unsafe-inline' s.newslab.ru tagmanager.google.com fonts.googleapis.com ajax.googleapis.com relap.io ssl.p.jwpcdn.com; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'self' 'unsafe-inline' https:; img-src data: https: blob:; font-src data: 'self' https:; object-src 'none'; form-action https:; frame-ancestors 'self' *.jionews.com jionews.com *.jio.ril.com jionewsdev1.jio.ril.com pie.news staging.pie.news; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.mxpnl.com https://www.google-analytics.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://static.hotjar.com/c/hotjar-913278.js https://script.hotjar.com https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/map.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/common.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/util.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/marker.js https://maps.googleapis.com/maps-api-v3/api/js/54/12a/onion.js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps-api-v3/api/js/54/12a/controls.js https://maps.googleapis.com/maps/vt cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; style-src 'self' https://p.typekit.net https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net pro.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://use.typekit.net pro.fontawesome.com; frame-ancestors *; report-uri https://emeraldgrouppublishing.com/report-uri/enforce 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.barandbench.com https://jionews.com/ https://jionewsdev1.jio.ril.com/;block-all-mixed-content; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https: https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk; script-src-elem 'unsafe-inline' 'strict-dynamic' 'nonce-m+yb+jg17WwKK/2sihiBLQ=='; style-src 'self' 'unsafe-inline' https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk fonts.googleapis.com cdn.taggstar.com assets.bounceexchange.com;  font-src 'self' https://victorianplumbing.co.uk https://*.victorianplumbing.co.uk fonts.gstatic.com; frame-ancestors 'self'; 1
default-src 'self' *.igbimo.com *.konga.com; style-src 'self' *.quickteller.com 'unsafe-inline' *.interswitchng.com https://tagmanager.google.com https://fonts.googleapis.com *.livechatinc.com *.googleapis.com *.hansel.io; script-src 'self' *.google-analytics.com https://www.google-analytics.com *.kongapay.com kongapay-pg.kongapay.com 'unsafe-inline' 'unsafe-eval' *.igbimo.com *.pushwoosh.com *.google.com *.gstatic.com *.quickteller.com 'self' *.interswitchng.com *.algolianet.com *.algolia.net https://cdnjs.cloudflare.com/ajax/libs/lazysizes/4.0.2/lazysizes.min.js https://www.googletagmanager.com/ fullstory.com https://static.ads-twitter.com/uwt.js https://ajax.cloudflare.com *.twitter.com https://storage.googleapis.com https://creativecdn.com https://js-agent.newrelic.com/nr-1099.min.js http://static.ads-twitter.com/uwt.js *.livechatinc.com *.postaffiliatepro.com https://connect.facebook.net/ *.facebook.com/ *.doubleclick.net *.hotjar.com *.cloudfront.net/capture/UAT/konga.js https://stats.g.doubleclick.net *.yimg.com/ *.salecycle.com/ https://sp.analytics.yahoo.com https://static.criteo.net/js/ld/ld.js *.criteo.com *.chartbeat.com https://creativecdn.com *.typeform.com/ *.googleadservices.com *.scarabresearch.com/ *.o-s.io *.intel-vsa.verbio.com https://firebaseinstallations.googleapis.com/ https://*.googleapis.com *.netcoresmartech.com *.netcore.co.in *.boxx.ai https://fcm.googleapis.com *.googleapis.com *.ebanqo.io *.cloudflareinsights.com https://firebaseinstallations.googleapis.com/v1/projects/konga-com-operamini/installations https://beliveiframe.belive.sg/belive.min.js https://kongalive-stg-iframe.belive.sg/ *.hansel.io https://unpkg.com/cloudinary-core@2.13.0/cloudinary-core-shrinkwrap.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://*.clevernt.com/ https://*.cleverwebserver.com/ *.clevernt.com/ *.cleverwebserver.com/ wss://ws.salecycle.com; img-src * data: https://creativecdn.com https://gethatch.com *.intel-vsa.verbio.com; frame-src 'self' *.igbimo.com *.konga.com *.kongapay.com *.youtube.com *.google.com https://d22j4fzzszoii2.cloudfront.net *.quickteller.com https://www.googletagmanager.com/ *.livechatinc.com *.hotjar.com *.salecycle.com https://dis.eu.criteo.com/ https://konga622377.typeform.com/ *.doubleclick.net *.scarabresearch.com/ *.facebook.com/ *.o-s.io/ *.intel-vsa.verbio.com https://creativecdn.com *.ebanqo.io https://kongalive-stg-iframe.belive.sg/ https://kongalive.belive.sg/ https://*.clevernt.com/ https://*.cleverwebserver.com/ *.clevernt.com/ *.cleverwebserver.com/ wss://ws.salecycle.com; font-src 'self' data: *.livechatinc.com *.themes.googleusercontent.com https://fonts.gstatic.com/ https://d22j4fzzszoii2.cloudfront.net/*; connect-src 'self' *.igbimo.com *.konga.com https://sentry.io *.google-analytics.com https://www.google.com.ng *.pushwoosh.com *.cloudinary.com https://www.google-analytics.com *.quickteller.com https://secure.livechatinc.com *.algolianet.com *.algolia.net *.fullstory.com *.doubleclick.net *.salecycle.com *.chartbeat.com *.google.com *.hotjar.com https://stats.g.doubleclick.net https://creativecdn.com https://www.googletagmanager.com https://analytics.twitter.com https://t.co https://ib.adnxs.com https://cdnjs.cloudflare.com *.scarabresearch.com *.yimg.com/ *.o-s.io/ https://firebaseinstallations.googleapis.com/ https://*.googleapis.com *.netcoresmartech.com *.netcore.co.in *.boxx.ai https://fcm.googleapis.com https://firebaseinstallations.googleapis.com/v1/projects/konga-com-operamini/installations https://beliveiframe.belive.sg/belive.min.js https://kongalive-stg-iframe.belive.sg/ *.kongapay.com *.hansel.io https://unpkg.com/cloudinary-core@2.13.0/cloudinary-core-shrinkwrap.js https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js wss://ws.salecycle.com; media-src *.livechatinc.com https://ebanqo-logos.s3.amazonaws.com/kongo.png; frame-ancestors *.ariba.com 1
default-src 'self';  style-src 'self' 'unsafe-inline' https://*.inside-graph.com https://fonts.googleapis.com https://*.typekit.net;  media-src 'self';  object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.queue-it.net https://*.krxd.net https://bam.nr-data.net https://*.adsrvr.org https://*.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://pixel.mathtag.com https://*.visualwebsiteoptimizer.com https://*.analytics.yahoo.com https://www.google-analytics.com https://s.yimg.com https://js-agent.newrelic.com https://*.inside-graph.com https://staticcdn.co.nz;  img-src 'self' data: https://*.krxd.net https://*.mylotto.co.nz https://*.inside-graph.com https://*.visualwebsiteoptimizer.com https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.co.nz https://staticcdn.co.nz https://shielded.co.nz https://*.adsrvr.org https://*.doubleclick.net;  connect-src 'self' https://*.mylotto.co.nz https://misnwhpjb8.execute-api.ap-southeast-2.amazonaws.com https://bam.nr-data.net wss://*.inside-graph.com https://*.inside-graph.com https://*.google-analytics.com https://*.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com;  frame-src 'self' https://cornerstonecx.co.nz https://*.krxd.net https://*.adsrvr.org https://*.windcave.com https://*.paymentexpress.com https://*.doubleclick.net https://*.mathtag.com https://*.finrings.com https://*.youtube.com https://*.vimeo.com https://*.wagerworks.com https://*.nz.rgsgames.com https://*.az4.rgsgames.com https://*.i-w-g.com https://*.mylotto.co.nz https://*.flashtalking.com https://staticcdn.co.nz;  font-src 'self' data: https://*.mylotto.co.nz https://mylotto.co.nz https://*.inside-graph.com https://fonts.gstatic.com 1
default-src 'self'; base-uri 'self'; form-action 'self' *.personio.de https://seu2.cleverreach.com/f/289071-324288/wcs/; font-src 'self' *.gstatic.com ;img-src 'self' *.googleapis.com *.googletagmanager.com *.gstatic.com https://www.facebook.com data:; connect-src 'self' *.personio.de *.googleapis.com *.googletagmanager.com *.google-analytics.com; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.polyfill.io; style-src 'self' *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.gstatic.com; frame-ancestors 'self'; 1
default-src 'self' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://sentry.eddev.dev https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;script-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;object-src 'self' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;style-src data: https: 'self' 'unsafe-inline' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;connect-src https: data: 'self' wss://*.englishdom.com/chat-wss/ wss://*.englishdom.com/node-wss/ wss://*.englishdom.com/node-wss-v2/ wss://*.zopim.com/ https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co wss://*.carrotquest.app wss://*.hotjar.com wss://*.livekit.cloud/ https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io wss://socket-englishdom.kwizbot.io;frame-src https: https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;frame-ancestors 'self' https://www.englishdom.com/ http://webvisor.com https://webvisor.com https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;font-src https: data: https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;img-src 'self' data: blob: * https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;media-src data: 'self' https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://www.youtube.com https://audios.genial.ly https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io;worker-src 'self' blob: https://ed-cdn.englishdom.com https://cdn-englishdom.gcdn.co https://static.englishdom.com https://static-cdn.englishdom.com https://cdn-static-englishdom.gcdn.co https://sentry.eddev.dev https://amplitude.englishdom.com https://jitsu.englishdom.com:3000 https://widget-englishdom.kwizbot.io 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.sentry.io https://*.qualtrics.com players.brightcove.net edge.api.brightcove.com https://www.google-analytics.com https://fast.fonts.net https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' *.relayto.com players.brightcove.net *.youtube.com *.vimeo.com https://www.google.com/maps/embed https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.facebook.com https://*.qualtrics.com player.vimeo.com *.brainshark.com https://*.standard.com; img-src 'self' data: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com https://*.qualtrics.com players.brightcove.net *.boltdns.net *.akamaihd.net www.pages05.net https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com; object-src 'none'; script-src 'self' 'report-sample' https://*.standard.com https://tagmanager.google.com https://*.googletagmanager.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://*.qualtrics.com players.brightcove.net vjs.zencdn.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js https://www.sc.pages05.net https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://www.google-analytics.com https://ssl.google-analytics.com *.vimeo.com cdn.jsdelivr.net https://cdnjs.cloudflare.com 'nonce-PwxAduZpttlrLfFiTt9EPA'; style-src 'self' 'report-sample' https://*.standard.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.fonts.net players.brightcove.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-elem 'self' https://*.standard.com https://tagmanager.google.com https://fonts.googleapis.com https://fast.fonts.net players.brightcove.net https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; upgrade-insecure-requests 1
font-src fonts.gstatic.com cdn.livechatinc.com stats.g.doubleclick.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.dotit.com dotit.wufoo.com stats.g.doubleclick.net *.google.pl *.livechatinc.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ stats.g.doubleclick.net dotit.wufoo.com www.wrike.com *.google.com *.livechatinc.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.dotit.com stats.g.doubleclick.net cp-ywz-382.chili-publish.online *.livechatinc.com https://img.youtube.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com stats.g.doubleclick.net *.wufoo.com www.youtube.com apis.google.com *.google.pl *.livechatinc.com s7.addthis.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com fonts.googleapis.com stats.g.doubleclick.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com stats.g.doubleclick.net *.analytics.google.com *.google-analytics.com dotit.wufoo.com *.smartystreets.com apis.google.com *.google.pl *.livechatinc.com ekr.zdassets.com/ 'self' 'unsafe-inline'; child-src stats.g.doubleclick.net http: https: blob: 'self' 'unsafe-inline'; default-src stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri stats.g.doubleclick.net 'self' 'unsafe-inline'; 1
*.vikaspedia.in 1
default-src 'self' blob:; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com https://cdn.branch.io https://app.link *.greateasternlife.com *.lifeisgreat.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.addthisedge.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.addthis.com *.twitter.com *.youtube.com *.ytimg.com *.licdn.com *.moatads.com *.branch.io *.qualtrics.com *.outbrain.com *.googleanalytics.com *.googleoptimize.com *.google.com *.gstatic.com http://cdn.taboola.com http://trc.taboola.com http://trc-events.taboola.com http://cds.taboola.com https://sp.analytics.yahoo.com https://s.yimg.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com optimize.google.com tagmanager.google.com; font-src 'self' data: fonts.gstatic.com; img-src * data: *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.qualtrics.com *.google-analytics.com *.googletagmanager.com http://cdn.taboola.com http://trc.taboola.com https://sp.analytics.yahoo.com analytics.tiktok.com *.gstatic.com *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm *.doubleclick.net *.googlesyndication.com; media-src 'self' *.scene7.com; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com *.feprecisionplus.com https://play.solstice.sg liferiddles.whooshpro.net liferiddles-stg.whooshpro.net *.greateasternlife.com *.doubleclick.net *.twitter.com *.addthis.com *.financialexpress.net *.youtube.com *.facebook.net *.facebook.com optimize.google.com su.vc s.surveyanyplace.com *.qualtrics.com *.google.com *.gstatic.com safe.menlosecurity.com gehc.healthconnect.com.sg; object-src 'self' *.qualtrics.com; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com *.branch.io *.greateasternlife.com *.addthis.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com *.qualtrics.com cdn.linkedin.oribi.io http://cdn.taboola.com http://cds.taboola.com https://s.yimg.com analytics.tiktok.com *.googletagmanager.com *.google.com *.google.com.sg *.google.com.my *.google.co.id *.google.com.bn *.google.com.mm; worker-src 'self' blob:; 1
upgrade-insecure-requests; default-src adm-nao.ru *.adm-nao.ru nao24.ru *.nao24.ru static-maps.yandex.ru 'unsafe-inline' vk.com *.vk.com yastatic.net *.yandex.net yandex.st *.yandex.ru yandex.ru *.gosuslugi.ru *.sputnik.ru data: 1
frame-ancestors 'self' https://manage.firehouse.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors https://hpsecurity.my.salesforce.com; 1
child-src https: ; img-src * 'self' data: https:; default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' ; object-src 'self' https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 1
frame-src 'self' http://webvisor.com https://webvisor.com http://metrika.yandex.ru/ https://metrika.yandex.ru/ https://mc.yandex.ru https://yastatic.net https://player.vimeo.com http://player.vimeo.com https://td.doubleclick.net https://quiz.marquiz.ru 1
img-src 'self' *.prysmian.com www.google.com www.google.it *.google-analytics.com www.facebook.com *.linkedin.com maps.gstatic.com *.googleapis.com *.ggpht.com *.doubleclick.net img.youtube.com curator-assets.b-cdn.net platform-cdn.sharethis.com www.googletagmanager.com media.corporate-ir.netpx.ads.linkedin.cn beincontact.becloudsolutions.com i.vimeocdn.com l.sharethis.com imgsct.cookiebot.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prysmian.com www.prysmiangroupcatalogue.com pi.pardot.net rum-static.pingdom.net platform-api.sharethis.com *.cookiebot.com *.hotjar.com static.doubleclick.net googleads.g.doubleclick.net *.adform.net maps.googleapis.com www.googleapis.com jnn-pa.googleapis.com maps.gstatic.com www.gstatic.com www.google.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.facebook.com connect.facebook.net static.xx.fbcdn.net px.ads.linkedin.com syndication.teleborsa.it snap.licdn.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.curator.io cdn.jsdelivr.net buttons-config.sharethis.com platform.twitter.com platform.linkedin.com s3.amazonaws.com pi.pardot.com cdn.livechatinc.com d335luupugsy2.cloudfront.net beincontact.becloudsolutions.com viewer.diagrams.net app.diagrams.net *.cloudfront.net www.scribd.com *.cloudflare.com cdn.babylonjs.com code.jquery.com eu.acsbapp.com blob:; object-src 'self' www.youtube.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com w.contentsquare.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' service.maxymiser.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com widget.trustpilot.com bat.bing.com *.contentsquare.net *.tvsquared.com connect.facebook.net googleads.g.doubleclick.net analytics.tiktok.com vercel.live cdn-ukwest.onetrust.com *.webgains.io js-agent.newrelic.com c5.adalyser.com funkypigeonhelp.zendesk.com *.braintreegateway.com *.paypal.com *.dnapayments.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' widget.trustpilot.com *.doubleclick.net www.facebook.com vercel.live *.testawsfp.com *.funkypigeon.com *.pay360.com *.paypal.com *.dnapayments.com; object-src 'self' data:; connect-src 'self' *.algolia.net *.algolia.io *.algolianet.com vitals.vercel-insights.com analytics.tiktok.com c3.adalyser.com widget.trustpilot.com service.maxymiser.net bat.bing.com *.contentsquare.net *.tvsquared.com connect.facebook.net *.google-analytics.com *.analytics.google.com *.doubleclick.net *.googleadservices.com https://*.pusher.com wss://*.pusher.com vercel.live *.onetrust.com *.webgains.io *.testawsfp.com js-agent.newrelic.com *.funkypigeon.com bam.nr-data.net funkypigeonhelp.zendesk.com *.braintreegateway.com *.braintree-api.com *.paypal.com api.addressy.com *.dnapayments.com; img-src 'self' http: https: data: *.contentsquare.net; child-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self' secure.mite.pay360.com *.dnapayments.com *.testawsfp.com *.funkypigeon.com 1
frame-ancestors https://specialty-care-pavilion-latest.jefferson.edu https://specialty-care-pavilion.jefferson.edu https://specialty-care-pavilion-dev.jefferson.edu; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: blob: data: 127.0.0.1 sync-transcend-cdn.com *.transcend-cdn.com *.sync-transcend-cdn.com transcend-cdn.com *.liadm.com *.usbrowserspeed.com *.ip-api.com *.getwarmly.com knotch.com *.knotch.com knotch-cdn.com *.knotch-cdn.com pactsafe.io *.pactsafe.io prod.impartner.live *.impartner.live packages.prmcdn.io *.prmcdn.io ironclad.partner-experience.com *.yoast.com *.algolianet.com *.algolia.net *.spotify.com *.storylane.io ironcladapp.com *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.mutinycdn.com *.litix.io *.tryinteract.com *.knotch.it; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: wss: 127.0.0.1 *.remarketstats.com *.liadm.com *.usbrowserspeed.com *.getwarmly.com *.amazonaws.com transcend-cdn.com www.knotch-cdn.com *.knotch-cdn.com yoast.com *.yoast.com prod.impartner.live *.impartner.live packages.prmcdn.io *.prmcdn.io *.spotify.com *.cloudfront.net *.pactsafe.io *.storylane.io ironcladapp.com *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com; img-src 'self' blob: data: wss: *.addevent.com *.spotify.com *.akamaihd.net *.cloudfront.net *.pactsafe.io ironcladapp.com *.storylane.io *.ironcladapp.com *.ironcladhq.com *.wpengine.com *.wpenginepowered.com cdn.jsdelivr.net *.transcend.io *.marketo.com *.mutinycdn.com *.wistia.net *.wistia.com *.mutinyhq.io analytics.google.com *.zi-scripts.com *.adnxs.com *.6sc.co *.crazyegg.com *.oribi.io *.segment.com *.6sense.com *.segment.io *.mktoresp.com *.zoominfo.com *.gravatar.com unpkg.com *.jquery.com www.googletagmanager.com fast.wistia.net *.marketo.net *.doubleclick.net *.bing.com www.googleadservices.com www.google-analytics.co *.facebook.net *.licdn.com *.g2crowd.com ipinfo.io *.qualified.com *.bizible.com *.google-analytics.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.bizibly.com *.googleapis.com *.googlesyndication.com *.capterra.com securityscorecard.com *.litix.io *.tryinteract.com *.knotch.it; font-src 'self' wss: blob: data: *.transcend.io *.mutinycdn.com ipinfo.io ironcladapp.com *.ironcladapp.com *.storylane.io *.wpengine.com *.wpenginepowered.com *.wistia.net *.wistia.com *.gstatic.com *.tryinteract.com fast.wistia.net; media-src 'self' blob: data: wss: *.transcend.io ironcladapp.com *.ironcladapp.com *.wpengine.com ipinfo.io *.wpenginepowered.com *.storylane.io *.mutinycdn.com *.litix.io *.tryinteract.com *.wistia.com fast.wistia.net; frame-ancestors *.wistia.net *.wistia.com; 1
frame-ancestors 'self' *.microsoft.com *.sharepoint.com *.ogm.gov.tr *.com.tr *.gov.tr *.com *.googleapis.com *googletagmanager.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onenorth.com *.ropesgray.com *.cookielaw.org *.google.com *.gstatic.com *.googletagmanager.com *.sharethis.com siteimproveanalytics.com *.passle.net *.linkedin.com *.licdn.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.lfeeder.com *.vimeo.com *.twitter.com; img-src 'self' data: *.onenorth.com *.ropesgray.com *.sharethis.com *.googletagmanager.com *.linkedin.com *.siteimproveanalytics.io *.adsymptotic.com *.lfeeder.com *.google.com *.google-analytics.com *.doubleclick.net *.twitter.com *.passle.net *.cookielaw.org *.ropesgray.com *.onenorth.com; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.myfonts.net *.sharethis.com *.passle.net *.cloudflare.com *.cloudfront.net *.typekit.net *.googleapis.com; font-src 'self' 'unsafe-inline' data: *.bootstrapcdn.com *.myfonts.com *.cloudfront.net *.typekit.net *.gstatic.com; frame-src 'self' 'unsafe-inline' *.ropesgray.com *.sharethis.com *.passle.net *.taleo.net *.brightcove.net *.google.com *.youtube.com *.vimeo.com *.yoshki.com *.twitter.com *.transistor.fm; connect-src 'self' 'unsafe-inline' *.cookielaw.org *.onetrust.com *.sharethis.com *.google-analytics.com *.doubleclick.net *.passle.net *.crwdcntrl.net *.oribi.io; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.rollbar.com https://www.googletagmanager.com https://www.google-analytics.com https://track.leadlander.com https://lltrck.com https://*.pendo.io https://*.tenable.com https://cdn.amplitude.com https://*.intercom.io https://js.intercomcdn.com;connect-src 'self' https://api.amplitude.com https://www.google-analytics.com https://api-iam.intercom.io wss://*.intercom.io https://app.pendo.io https://data.pendo-tio.tenable.com https://cdn.pendo.io https://api.tenable.com;img-src * 'self' data:;frame-src https://app.pendo.io https://data.pendo-tio.tenable.com https://cdn.pendo.io;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors 'self' https://www.blinds.com https://blinds.homedepot.com https://custom.homedepot.com https://www.homedepot.ca https://www.blinds.ca https://www.americanblinds.com https://www.justblinds.com 1
frame-ancestors 'self' https://www.quironsalud.com https://betaweb.quironsalud.es https://international.quironsalud.com https://intranetfjd.idc.local https://olympia.quironsalud.com https://olympia.quironsalud.es https://overweightinstitute.fjd.es https://pacientes.healthdiagnostic.es https://rare-genomics.com https://www.cirujanosdelcorazon.es https://www.clinicadelpilar.org https://www.clinicavalles.com https://www.cuidamosdelamujer.es https://www.diverhospital.es https://www.e-quironsalud.com https://www.fjd.es https://www.fundacionquironsalud.org https://www.hgc.es https://www.hgvillalba.es https://www.hope-documental.es https://www.hospitalinfantaelena.es https://www.hospitalpublicocolladovillalba.es https://www.hospitalreyjuancarlos.es https://www.hscor.com https://www.idcsaludenfermeria.es https://www.idcsalud.es https://www.imbanaco.com https://www.jornadaspbp.es https://www.lungscreen.eu https://www.oncohealth.eu https://www.porquesabeselegir.es https://www.quironsalud.es https://www.quironsalud-hospitals.com https://www.rare-genomics.com https://www.recetaenergia.es https://www.redneurosalud.es https://www.ruber.es https://www.ruberinternacional.es https://www.teknonbarcelona.com https://www.teknonbarcelona.it https://www.teknonbarcelona.ru https://www.teknon.es https://www.tucanaldesalud.es 1
'self' script-src https://ajax.googleapis.com/ajax/*; object-src 'self' 1
frame-ancestors 'self' *.wrike.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';  child-src https: data: blob:;  connect-src https: data: blob:;  font-src https: data:;  img-src https: blob: data:;  media-src blob: data: https:;  object-src https:;  script-src https: data: blob: 'unsafe-inline' 'unsafe-eval';  style-src https: 'unsafe-inline';  block-all-mixed-content;  upgrade-insecure-requests; 1
default-src *.teva.com *.teva-eu.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com apay-up-banner.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.datadome.co *.captcha-delivery.com *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com api.us-1.gladly.chat chat-sdk.cdn.gladly.com chat-assets.cdn.gladly.com ws.us-1.gladly.chat *.gladly.com js.verygoodvault.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com *.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com *.squarecdn.com js.squareup.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.teva.com *.teva-eu.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com static.rakuten.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; style-src *.teva.com *.teva-eu.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io chat-sdk.cdn.gladly.com cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.teva.com *.teva-eu.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com; media-src *.teva.com *.teva-eu.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com chat-sdk.cdn.gladly.com chat-assets.cdn.gladly.com cdn.gladly.com; worker-src *.teva.com *.teva-eu.com blob: *.osano.com; child-src *.teva.com *.teva-eu.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com chat-sdk.cdn.gladly.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.datadome.co *.captcha-delivery.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com pci-connect.squareup.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; report-uri https://www.teva.com/_/csp-reports 1
default-src 'self' https://spaceship-cdn.com; connect-src 'self' https://spaceship-cdn.com https://s3.us-west-2.amazonaws.com/production-pdf-generation-api-pdf-documents/ https://s3.us-west-2.amazonaws.com/production-website-featurerequesthub-storage/ https://production-hosting-cpaneltransferin-bff-storage.s3.us-west-2.amazonaws.com/ https://premiums.namecheapapi.com https://aftermarket.namecheapapi.com https://api.revved.com https://bam.nr-data.net wss://notification.admin.spaceship.net wss://notification.www.spaceship.com wss://domains-ws.revved.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com wss://www.spaceship.com https://www.spaceship.com https://*.crazyegg.com https://chat.engagement.ai https://sb-asp-admin.et.namecheap.tech wss://sb-asp-admin.et.namecheap.tech https://api.stripe.com https://maps.googleapis.com https://*.thunderbolt.com wss://*.thunderbolt.com https://production-thunderbolt-thunderbolt-storage.s3.us-west-2.amazonaws.com/; script-src https://spaceship-cdn.com https://*.paypal.com https://js.stripe.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.googletagmanager.com https://www.googleadservices.com https://*.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://*.crazyegg.com https://cdn.engagement.ai https://maps.googleapis.com https://challenges.cloudflare.com https://*.tunnel.rnd.namecheap.net; style-src https://spaceship-cdn.com 'unsafe-inline' https://*.crazyegg.com; font-src https://spaceship-cdn.com https://fonts.googleapis.com data:; frame-src https://*.paypal.com https://js.stripe.com https://www.google.com https://*.doubleclick.net https://*.crazyegg.com https://chat.engagement.ai blob: https://hooks.stripe.com https://challenges.cloudflare.com; img-src 'self' https://spaceship-cdn.com https://*.paypal.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://bam.nr-data.net data: https://*.crazyegg.com https://api.producthunt.com; worker-src blob:; report-uri /report/csp-violation 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/nearby-team 1
frame-ancestors 'self' *.typeform.com typeform.com *.themeforest.net themeforest.net codecanyon.net *.codecanyon.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ipredictive.com *.adyen.com adyen.com *.scene7.com adgrx.com demdex.net ads.yieldmo.com a.bigcontent.io adnxs.com attentivemobile.com *.attn.tv attn.tv *.audioeye.com audioeye.com bidswitch.net *.btttag.com www.bluecore.com bluekai.com *.creativecdn.com certona.net www.res-x.com cloudflare.com *.cloudfront.net cloudfront.net *.coach.com *.cquotient.com cquotient.com *.criteo.net criteo.net *.criteo.com criteo.com w55c.net *.doubleclick.net *.facebook.com *.facebook.net facebook.net fonts.net *.fonts.net *.fonts.com *.forter.com forter.com stickyadstv.com v.fwmrm.net www.google.co.in *.google.com www.google.de www.googleadservices.com googleapis.com cloudfunctions.net www.googletagmanager.com *.google-analytics.com 360yield.com casalemedia.com ivitrack.com *.kargo.com kargo.com klarna.com *.klarna.com klarnacdn.net *.klarnacdn.net klarnaevt.com *.klarnaevt.com *.klarnaservices.com liadm.com addressy.com media.net mediavine.com mediawallahscript.com cookielaw.org postrelease.com needle.com agkn.com *.onetrust.com onetrust.com *.optimizely.com outbrain.com *.paypal.com www.paypalobjects.com pinimg.com pinterest.com *.powerreviews.com pubmatic.com qualtrics.com *.qualtrics.com *.quantummetric.com quantummetric.com rmp.rakuten.com revcontent.com rubiconproject.com sharethrough.com *.shoprunner.com smartadserver.com *.stuartweitzman.com stuartweitzman.com *.stuartweitzman.ca taboola.com www.talkable.com tangiblee.com tapad.com teads.tv *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org tremorhub.com 3lift.com truefitcorp.com ad.smaato.net clmbtech.com mdhv.io postcodeanywhere.co.uk rqtrk.eu ws.rqtrk.eu techlab-cdn.com udmserve.net www.yext-pixel.com pcapredict.com *.bing.com api.bluecore.com api.bluecore.app edge1.certona.net cdnjs.cloudflare.com maps.googleapis.com us-central1-cohinc-146020.cloudfunctions.net cdn.cookielaw.org *.needle.com ct.pinterest.com *.rmp.rakuten.com cdn.tangiblee.com p11.techlab-cdn.com dpm.demdex.net ib.adnxs.com secure.adnxs.com x.bidswitch.net tags.bluekai.com www.gstatic.com fonts.gstatic.com aa.agkn.com s.pinimg.com pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com pixel.tapad.com *.truefitcorp.com ice.360yield.com dsum-sec.casalemedia.com hbx.media.net ssp-csync.smartadserver.com sync.taboola.com sync.teads.tv eb2.3lift.com services.postcodeanywhere.co.uk tapes11111.pcapredict.com tapestry.a.bigcontent.io api.addressy.com js-agent.newrelic.com sessions.bugsnag.com bam.nr-data.net events.attentivemobile.com exchange.mediavine.com r.casalemedia.com s.ad.smaato.net sync-t1.taboola.com cm.adgrx.com sync-criteo.ads.yieldmo.com *.pubmatic.com ad.360yield.com ads.stickyadstv.com criteo-sync.teads.tv contextual.media.net fluentdapi.stg.shoprunner.io i8.amplience.net *.amazonaws.com *.drivecommerce.com m.media-amazon.com apay-us.amazon.com static-na.payments-amazon.com rt.udmserve.net cdn.static.amplience.net partner.mediawallahscript.com matching.ivitrack.com i.liadm.com jadserve.postrelease.com tapestry.tapad.com trends.revcontent.com criteo-partners.tremorhub.com ade.clmbtech.com sync.outbrain.com mathtag.com dwin1.com iesnare.com mpsnare.iesnare.com bh.contextweb.com pixel.s3xified.com s.seedtag.com mixer.mobon.net sync.cootlogix.com cm-exchange.toast.com *.33across.com 33across.com *.lijit.com sync.bidence.net sync.1rx.io cm.mgid.com csync.loopme.me sync.e-planning.net idsync.rlcdn.com sync.console.adtarget.com.tr dynl.mktgcdn.com 1f2e7.v.fwmrm.net adx.dable.io cs.adingo.jp tg.socdm.com adgen.socdm.com sync.aralego.com us-u.openx.net vid.vidoomy.com cdn.honey.io cloudinary.com res.cloudinary.com usersync.gumgum.com sync.connectad.io inv-nets.admixer.net *.googlesyndication.com sync.addlv.smt.docomo.ne.jp t.adx.opera.com visitor.omnitagjs.com ad.tpmn.co.kr tst.kaptcha.com crwdcntrl.net www.google.com.ua *.Yahoo.com ad-stir.com sync.ad-stir.com gssprt.jp cs.gssprt.jp send.microad.jp s-cs.send.microad.jp www.google.ca simpli.fi ad.yieldlab.net sync.targeting.unrulymedia.com onetag-sys.com beacon.krxd.net cm.adform.net *.shoppinggives.com pippio.com tapestry.support jira.tapestry.support sentry.io *.mapbox.com *.force.com www.google.es www.google.by www.google.fr www.google.co.uk www.google.co.il www.google.com.sa www.google.com.vn www.google.rs www.google.com.bh www.google.com.br www.google.com.eg www.google.se www.google.it www.google.com.uy www.google.co.nz www.google.com.gt www.google.co.th www.google.co.kr www.google.ie www.google.bs www.google.pl www.google.com.mx www.google.com.sv www.google.co.cr www.google.ru www.google.tt www.google.co.ug www.google.rw www.google.com.pe www.google.com.lb www.google.com.hk www.google.com.ec www.google.com.gh www.google.com.ng www.google.com.co www.google.com.ar www.google.tn consent.linksynergy.com *.demandware.net *.katespade.com *.coachoutlet.com cm.meba.kr us.ck-ie.com b.admedia.com *.instagram.com api.capitaloneshopping.com cm.igaw.io rstyle.me cdn.ivaws.com link.shoplooks.com *.rewardstyle.com www.metziahs.com safe.menlosecurity.com us.ck-ie.com *.thebrighttag.com *.semasio.net sync.srv.stackadapt.com *.kampyle.com *.medallia.com *.aralego.net app.collectivevoice.com *.rewardStyle.com brandcycle.net link.shoplooks.com slooks.top smilekols.com go.magik.ly media.paroleparis.com c.fanstoshop qa.res-x.com google.com cdn.wyng.com *.bluecore.app *.liadm.com data: blob:; 1
frame-ancestors 'self' https://app.kontent.ai https://www.sonarsource.com; base-uri 'self'; default-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src; child-src https: data: blob:; form-action 'self' https:; block-all-mixed-content; script-src 'nonce-G0tHYaY7+umaj4lTKsruxZklBxmqM2Op' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
child-src 'self';connect-src 'self' https://*.browser-intake-datadoghq.com https://cognito-identity.us-west-2.amazonaws.com https://*.rekognition.amazonaws.com https://api.openai.com https://*.sentry.io http://*.pinalove.com https://*.googletagmanager.com http://*.thaifriendly.com https://*.apple.com https://rum.browser-intake-datadoghq.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com wss: wss://*.pinalove.com wss://*.thaifriendly.com wss://*.vietnameselove.com;default-src 'self';font-src 'self' chrome-extension: data: http://*.gstatic.com https://*.gstatic.com;frame-src 'self' https://*.apple.com https://*.g.doubleclick.net https://*.google.com;img-src 'self' blob: data: http://*.gstatic.com https://*.googletagmanager.com http://*.pinalove.com http://*.thaifriendly.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.th https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.my https://*.google.com.ph https://*.google.com.sg https://*.google.com.tr https://*.google.de https://*.google.dk https://*.google.dz https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.si https://*.googleapis.com https://*.gstatic.com https://*.nr-data.net https://*.pinalove.com https://*.tenor.com https://*.thaifriendly.com https://*.trackjs.com https://pinalove.com https://thaifriendly.com https://vietnameselove.com wss://*.pinalove.com wss://*.thaifriendly.com;manifest-src 'self' http://*.thaifriendly.com https://*.thaifriendly.com wss://*.thaifriendly.com;media-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.2checkout.com https://cognito-identity.us-west-2.amazonaws.com https://*.rekognition.amazonaws.com https://*.apple.com https://*.sentry-cdn.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.newrelic.com https://*.nr-data.net https://*.trackjs.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.yahooapis.com;worker-src 'self' blob:; 1
connect-src 'self' *.frbservices.org https://analytics.google.com *.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com *.analytics.google.com https://stats.g.doubleclick.net *.fedsearch.org:*; img-src 'self' *.frbservices.org *.eloqua.com *.frbservices.org https://px.ads.linkedin.com https://www.google.com https://www.linkedin.com https://p.adsymptotic.com https://googleads.g.doubleclick.net *.google-analytics.com https://ssl.google-analytics.com *.analytics.google.com https://optimize.google.com https://www.googletagmanager.com; script-src 'self' *.frbservices.org 'unsafe-inline' *.google-analytics.com https://snap.licdn.com https://www.google.com https://www.googleadservices.com https://tpc.googlesyndication.com https://www.googleanalytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://optimize.google.com *.frbservices.org; style-src 'self' *.frbservices.org https://fonts.googleapis.com 'unsafe-inline' https://www.googletagmanager.com https://optimize.google.com https://ssl.google-analytics.com *.google-analytics.com; object-src 'self' *.frbservices.org; font-src 'self' https://fonts.gstatic.com; frame-src 'self' *.youtube.com information.frbcommunications.org https://tpc.googlesyndication.com https://optimize.google.com; 1
default-src 'unsafe-inline' https:; img-src 'self' data: https:; script-src 'unsafe-eval' 'unsafe-inline' https: data: blob:; font-src * data: blob:; frame-src 'self' https://storymaps.arcgis.com/ https://status.nearmap.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https:; 1
default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io static.etracker.com www.etracker.de code.etracker.com 'unsafe-eval' 'unsafe-inline'; img-src data: 'self' *.global.siteimproveanalytics.io www.etracker.de; connect-src 'self' www.etracker.de; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' *.etracker.com; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com info.gesundheitsministerium.gv.at player.vimeo.com; form-action 'self'; media-src 'self' http://www.oegsbarrierefrei.at; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors www.googletagmanager.com; 1
default-src https:;connect-src https:;font-src https: data:;frame-src https:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
default-src https://*.akstat.io https://*.go-mpulse.net https://secure.adnxs.com https://seg.mmtro.com https://px4.ads.linkedin.com https://*.druidplatform.com wss://druidapi.druidplatform.com https://www.google.by https://mmtro.com https://*.bidtheatre.com https://*.addsearch.com https://*.weglot.com https://*.clarity.ms https://*.hotjar.io https://*.bing.com https://fonts.gstatic.com https://s1.adform.net https://s2.adform.net https://adform.net https://*.adnxs.com https://connect.facebook.net https://s2.adform.net wss://druidbotapi.druidplatform.com wss://prod-druid-api.azurewebsites.net wss://directline.botframework.com wss://prod-druid-botapi.azurewebsites.net wss://prod-druid-botapi.azurewebsites.net wss://prod-druid-api.azurewebsites.net wss://directline.botframework.com https://cdn-api-weglot.com https://*.weglot.com https://urlgeni.us/ https://analytics.tiktok.com https://www.googletagmanager.com https://www.linkedin.com/ https://px.ads.linkedin.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://cx.atdmt.com https://www.gravatar.com https://ve1panelsettingssa.blob.core.windows.net https://s.yimg.com/ https://*.windows.net https://ct.pinterest.com https://*.google.de https://*.adform.net https://prod-druid-api.azurewebsites.net https://life.aegon.ro/ https://cdn-assets-pi3.nxtservers.com https://a.volvelle.tech https://bsw.digitru.st wss://ws12.hotjar.com wss://ws7.hotjar.com https://api.sitesearch360.com https://www.youtube.com/ https://creativecdn.com/ https://panel-settings-cdn-e1.ve.com/ https://www.facebook.com/ https://dc.services.visualstudio.com  https://html5-player.libsyn.com/ https://hwcdn.libsyn.com/ https://traffic.libsyn.com/ https://directline.botframework.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.bancatransilvania.ro/ https://config1.veinteractive.com/ https://*.typekit.net/ https://*.veinteractive.com/ https://sessionapi.veinteractive.com/ https://*.creativecdn.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://*.google.ro https://*.bidswitch.net/ https://*.hotjar.com https://*.twitter.com/ https://*.oberthur.com https://bt4.druidplatform.com/ https://hcaptcha.com https://*.hcaptcha.com blob: data:;media-src 'self' https://*.bancatransilvania.ro/;object-src 'none'; script-src https://*.go-mpulse.net https://secure.adnxs.com https://seg.mmtro.com https://*.youtube.com https://*.druidplatform.com wss://druidbotapi.druidplatform.com wss://druidapi.druidplatform.com https://*.mmtro.com https://mmtro.com https://unpkg.com https://*.jsdelivr.net https://www.clarity.ms https://*.hotjar.io https://*.bing.com https://*.adform.net https://*.hotjar.com/ https://www.googleadservices.com https://www.google.com https://*.google-analytics.com/ https://*.googletagmanager.com https://tagmanager.google.com/ https://www.googletagmanager.com https://*.google-analytics.com/ https://*.g.doubleclick.net/ https://*.doubleclick.net/ https://diviziapentrumedici.ro/ https://www.google.by/ https://*.googlesyndication.com/ https://*.weglot.com https://maps.googleapis.com https://*.bancatransilvania.ro https://*.datadoghq-browser-agent.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.hotjar.com https://*.facebook.net https://*.twitter.com https://*.tiktok.com https://*.google-analytics.com https://*.licdn.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com https://*.gstatic.com 'unsafe-eval' 'unsafe-inline' ;style-src 'self' 'unsafe-inline' https://*.bancatransilvania.ro/ https://bancatransilvania.ro https://*.weglot.com https://*.typekit.net https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com ; 1
object-src 'self'; frame-src 'self'; child-src 'none'; frame-ancestors 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.hirkereso.hu http://img.hirkereso.hu http://gahu.hit.gemius.pl/ http://ls.hit.gemius.pl http://www.idokep.hu https://adservice.google.com https://cse.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://www.google-analytics.com https:;report-uri /csp-violation-report-endpoint.php?v=1;report-to csp-endpoint 1
default-src 'self' *.capitaland.com *.capitastar.com the-ascott.com *.the-ascott.com *.adobedtm.com *.instagram.com *.facebook.com *.twitter.com *.linkedin.com youtube.com *.youtube.com *.trustarc.com googletagmanager.com *.googletagmanager.com *.googleadservices.com *.nr-data.net *.newrelic.com *.addthis.com *.googleapis.com *.addthisedge.com *.moatads.com *.adobedtm.com *.stackla.com *.google.com *.google.com.vn *.gstatic.com *.google.com.sg *.recaptcha.net *.shareinvestor.com *.baidu.com *.youku.com *.wisers.net weibo.com *.ascendas-reit.com *.a-itrust.com *.facebook.net *.ascottresidencetrust.com *.cict.com.sg *.clct.com.sg cmmt.com.my *.capita3eats.com *.google-analytics.com *.eunoia.asia ecapitamall.com *.turn.com *.licdn.com *.doubleclick.net *.adsrvr.org capitaland.sc.omtrdc.net *.zencdn.net *.mediaiqdigital.com *.demdex.net capitaland.tt.omtrdc.net *.bdimg.com *.everesttech.net js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.usemessages.com *.hubspot.com www.google-analytics.com *.adsymptotic.com *.typekit.net *.fontawesome.com *.bootstrapcdn.com *.cloudflare.com tracker.sqreemtech.com code.jquery.com *.vimeo.com chio.space *.clickdimensions.com *.ads-twitter.com t.co s3-ap-southeast-1.amazonaws.com my.matterport.com *.sqreemtech.com analyticswritenew.xerevo.com *.polyv.net *.videocc.net *.fbcdn.net *.justeasy.cn *.cdninstagram.com *.twimg.com *.ytimg.com *.typeform.com *.logwork.com logwork.com *.youtube-nocookie.com *.tiktok.com *.amgdgt.com www.onemap.gov.sg www.discoverasr.com *.appier.net id5-sync.com *.id5-sync.com *.crwdcntrl.net *.force.com *.salesforce.com *.salesforceliveagent.com kuula.co *.outbrain.com unpkg.com ir.capitalandinvest.com *.ttwstatic.com *.datawrkz.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://capitaland-studio.vercel.app https://trk.ultraind.in capitaland.my.site.com *.spaceconnect.co cdn.linkedin.oribi.io addtoany.com *.addtoany.com *.outbrain.com gv.com.sg *.gv.com.sg snow-shaw-cdn.azureedge.net *.snow-shaw-cdn.azureedge.net cdn.brand-display.com data: 'unsafe-eval' 'unsafe-inline' blob:; 1
frame-ancestors https://*.ncqa.org; 1
default-src 'self' klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com js.playground.klarna.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com analytics.fatmedia.io app.usercentrics.eu bam.nr-data.net bat.bing.com cdn-eu.dynamicyield.com www.paypalobjects.com pay.google.com js.braintreegateway.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com www.paypal.com www.sandbox.paypal.com cdn.dynamicyield.com code.jquery.com connect.facebook.net dmp.theadex.com js-agent.newrelic.com recommender.scarabresearch.com s.pinimg.com sc-static.net sslwidget.criteo.com st-eu.dynamicyield.com st.dynamicyield.com static.criteo.net fledge.eu.criteo.com staticw2.yotpo.com tagmanager.google.com the.sciencebehindecommerce.com www.awin1.com www.dwin1.com www.google-analytics.com www.googletagmanager.com www.zenaps.com x.klarnacdn.net channels-api.zenloop.com api.sovendus.com www.sovendus-connect.com www.sovendus-benefits.com cdn.scarabresearch.com cdnjs.cloudflare.com eu-library.klarnaservices.com eu-library.playground.klarnaservices.com zenloop-website-overlay-production.s3.amazonaws.com website-overlay.zenloop.com www.google.com www.google.pl static.hotjar.com script.hotjar.com www.googleadservices.com static.scarabresearch.com recommender-eu.scarabresearch.com s2.adform.net track.adform.net widgets.trustedshops.com cdn.flaconi.de maxcdn.bootstrapcdn.com d-uat.criteo.com cdn.jsdelivr.net dynamic.criteo.net dynamic.criteo.com www.hlserve.com ad4m.at s.uicdn.com d.c.cdnsrv.de t.uimserv.net *.ad-srv.net trk.cytelligence.io gui.display.prod.app.funnelplus.com *.hotjar.com cdn.safecharge.com; img-src 'self' data: * ad4m.at *.adserver01.de *.adc-serv.net *.df-srv.de *.adition.com *.ad4mat.de *.doubleclick.net *.adscale.de *.twiago.com *.casalemedia.com *.adfarm1.adition.com *.adform.net *.adnxs.com *.taboola.com *.kupona.de *.smartadserver.com *.pubmatic.com *.yieldlab.net s.uicdn.com d.c.cdnsrv.de t.uimserv.net *.ad-srv.net *.hotjar.com cdn.safecharge.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn-eu.dynamicyield.com www.paypalobjects.com pay.google.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com www.paypal.com www.sandbox.paypal.com cdn.dynamicyield.com cdn.flaconi.de cdn.flaconi.at cdn.flaconi.pl cdn.flaconi.fr images.ctfassets.net fonts.googleapis.com hello.myfonts.net staticw2.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com tagmanager.google.com www.googletagmanager.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com d-uat.criteo.com gui.display.prod.app.funnelplus.com *.hotjar.com cdn.safecharge.com; font-src 'self' https://themes.googleusercontent.com data: * cdn-eu.dynamicyield.com www.paypalobjects.com pay.google.com www.paypal.com www.sandbox.paypal.com cdn.dynamicyield.com cdn.flaconi.de fonts.googleapis.com fonts.gstatic.com staticw2.yotpo.com p.yotpo.com *.hotjar.com; frame-src 'self' gum.criteo.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com js.klarna.com js.playground.klarna.com www.paypalobjects.com pay.google.com www.paypal.com www.sandbox.paypal.com resources.sandbox.oscato.com resources.live.oscato.com static.criteo.net fledge.eu.criteo.com tr.snapchat.com www.awin1.com www.facebook.com www.google.com www.youtube.com www.zenaps.com api.sovendus.com www.sovendus-connect.com www.sovendus-benefits.com vars.hotjar.com creativecdn.com ln-rules.rewardstyle.com d-uat.criteo.com www.pinterest.com hal9000.redintelligence.net ad4m.at *.ad4mat.net emperia.digital s.uicdn.com d.c.cdnsrv.de t.uimserv.net ct.pinterest.com *.ad-srv.net gui.display.prod.app.funnelplus.com flaconi-gmbh.leadfamly.com flaconi-gmbh.campaign.playable.com *.playable.com campaign-zone-1.api.leadfamly.com flaconi.de www.flaconi.de *.safecharge.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local flaconi.frontastic.io www.flaconi.de; object-src 'self'; connect-src 'self' ws: wss: wss: * api.usercentrics.eu cdn-eu.dynamicyield.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com www.paypalobjects.com pay.google.com www.paypal.com www.sandbox.paypal.com rcom-eu.dynamicyield.com st-eu.dynamicyield.com staticw2.yotpo.com p.yotpo.com www.google-analytics.com api.sovendus.com www.sovendus-connect.com www.sovendus-benefits.com *.hotjar.com *.hotjar.io; media-src 'self' videos.ctfassets.net cdn.flaconi.de; script-src-elem 'self' 'unsafe-inline' adm.dynamicyield.eu analytics.fatmedia.io app.usercentrics.eu bam.nr-data.net bat.bing.com cdn-eu.dynamicyield.com www.paypalobjects.com pay.google.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com klarna-payments-eu.klarna.com klarna-payments-eu.playground.klarna.com cdn.dynamicyield.com cdn.scarabresearch.com code.jquery.com connect.facebook.net dmp.theadex.com js-agent.newrelic.com recommender.scarabresearch.com s.pinimg.com sc-static.net sslwidget.criteo.com st-eu.dynamicyield.com static.criteo.net staticw2.yotpo.com tagmanager.google.com the.sciencebehindecommerce.com www.awin1.com www.dwin1.com www.google-analytics.com www.googletagmanager.com www.zenaps.com x.klarnacdn.net zenloop-website-overlay-production.s3.amazonaws.com website-overlay.zenloop.com cdnjs.cloudflare.com channels-api.zenloop.com api.sovendus.com www.sovendus-connect.com www.sovendus-benefits.com static.hotjar.com script.hotjar.com www.googleadservices.com static.scarabresearch.com recommender-eu.scarabresearch.com s2.adform.net track.adform.net widgets.trustedshops.com cdn.flaconi.de maxcdn.bootstrapcdn.com cdn.jsdelivr.net ln-rules.rewardstyle.com analytics.tiktok.com dynamic.criteo.net dynamic.criteo.com fledge.eu.criteo.com d-uat.criteo.com www.hlserve.com pagead2.googlesyndication.com *.clarity.ms p.yotpo.com cdn-widget-assets.yotpo.com cdn-widgetsrepository.yotpo.com w2.yotpo.com lantern.roeyecdn.com www.youtube.com ad4m.at s.uicdn.com d.c.cdnsrv.de t.uimserv.net *.ad-srv.net r.df-srv.de trk.cytelligence.io gui.display.prod.app.funnelplus.com cdn.safecharge.com ct.pinterest.com collector-37737.tvsquared.com collector-37995.tvsquared.com tags.creativecdn.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://1444264.collect.igodigital.com https://bam.nr-data.net https://js-agent.newrelic.com https://static.addtoany.com https://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.youtube.com https://analytics.twitter.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://bam-cell.nr-data.net/ https://cdnjs.cloudflare.com https://unpkg.com https://pi.pardot.com/analytics https://fast.wistia.com https://wistia.com https://fast.wistia.net https://www.googleadservices.com https://wistia.com https://hackerone.com https://cdn.cookielaw.org https://js.zi-scripts.com https://img.en25.com https://code.jquery.com; object-src 'none'; img-src 'self' https://nova.collect.igodigital.com https://www.googletagmanager.com https://t.co data: https: https://trck.www4.earlywarning.com https://trck.www4.zellepay.com; media-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; frame-src 'self' https://www.youtube.com https://www.google.com/ https://www.youtube-nocookie.com https://www.googletagmanager.com https://static.addtoany.com https://hackerone.com https://fast.wistia.com; frame-ancestors 'self'; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://privacyportal.onetrust.com https://bam-cell.nr-data.net https://pi.pardot.com/analytics https://cdn.cookielaw.org https://px.ads.linkedin.com/wa/ https://js.zi-scripts.com https://bam.nr-data.net/ https://ws.zoominfo.com; report-uri https://jhcspviolation.report-uri.com/r/d/csp/reportOnly 1
frame-src 'self' https://dnyepvvjamjdg.cloudfront.net https://www.youtube.com https://*.demdex.net https://*.doubleclick.net https://*.optimizely.com https://*.facebook.com https://*.google.com https://*.freedommobile.ca https://*.shawmobile.ca https://*.liveperson.net https://*.lpsnmedia.net https://*.kaptcha.com https://*.spatialbuzz.com https://*.spatialbuzz.net; frame-ancestors 'self' https://*.freedommobile.ca; 1
default-src 'self' https://www.youtube.com/ https://geoip-js.maxmind.com/;style-src 'self' https://fonts.googleapis.com/;img-src 'self' data: https://avatars0.githubusercontent.com https://avatars.githubusercontent.com https://avatars1.githubusercontent.com https://avatars2.githubusercontent.com https://avatars3.githubusercontent.com https://avatars4.githubusercontent.com https://avatars5.githubusercontent.com https://avatars6.githubusercontent.com https://avatars7.githubusercontent.com https://avatars8.githubusercontent.com https://www.google-analytics.com;script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://js.maxmind.com 'unsafe-inline';font-src 'self' https://fonts.gstatic.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://customerfinancing.directcapital-sit.com https://customerfinancing.directcapital2.com https://www.customerfinancing.com https://customerfinancing.directcapital-test1.com https://customerfinancing.directcapital-test2.com https://customerfinancing.directcapital-test3.com https://customerfinancing.directcapital-test4.com onlineapps-conv.readiness.ibanking-services.com onlineapps.ibanking-services.com ibanking-services.com https://*.fisglobal.com https://*.citbank.com https://citcom-dev.ase1-dev.citnet.cit.com https://*.firstcitizens.com 1
frame-ancestors 'self' www.asadventure.com  ; 1
frame-ancestors 'self' https://*.lightning.force.com https://*.salesforce.com https://teams.microsoft.com https://*.sharepoint.com 1
frame-ancestors https://bccondos.net https://www.gradschoolmatch.com/; 1
frame-ancestors 'self' https://*.allhomes.com.au 1
default-src 'unsafe-inline' 'unsafe-eval' https://*.vrr.de/ https://www.cookiebot.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.google.com https://www.youtube.com https://sc-static.net https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.snapchat.com https://*.mouseflow.com https://*.hotjar.com https://*.vrr.de  https://*.flockler.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.cookiebot.com/ https://smck-chat-msg.labs.sabio.de/ https://chatnrw-production-messaging-webchat.patty-awseuc1.swops.cloud; font-src 'self' https://fonts.gstatic.com data:; style-src 'unsafe-inline' 'self' https://*.vrr.de/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.vrr.de https://*.facebook.net https://www.facebook.com https://*.snapchat.com https://*.mouseflow.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.google-analytics.com https://*.flockler.app https://chatnrw-api-production-messaging.patty-awseuc1.swops.cloud https://chatnrw-production-messaging-webmain.patty-awseuc1.swops.cloud https://consentcdn.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; frame-src 'self' blob: https://*.vrr.de https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://www.facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.snapchat.com https://*.vrr.de https://chatnrw-production-messaging-webchat.patty-awseuc1.swops.cloud https://consentcdn.cookiebot.com https://umap.openstreetmap.de https://w.soundcloud.com/; img-src 'self' data: https: https://*.cdninstagram.com https://*.vrr.de https://*.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://i.ytimg.com https://media.licdn.com https://*.xx.fbcdn.net https://*.flockler.com https://img.youtube.com; object-src 'self' blob: https://*.vrr.de; worker-src 'self' blob: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.recaptcha.net/recaptcha/api.js https://c0.pubmine.com https://s.pubmine.com https://criteo.com https://*.criteo.com https://criteo.net https://*.criteo.net https://*.vexowi.com https://vexowi.com https://c.amazon-adsystem.com https://*.3lift.com https://3lift.com https://z.moatads.com https://*.moatads.com https://*.smartadserver.com https://app.link https://*.sascdn.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.googletagservices.com/ https://cdn.parsely.com https://a.teads.tv/analytics/tag.js https://assets.tumblr.com https://ads.pubmatic.com https://cdn.jsdelivr.net https://*.privacymanager.io https://*.rlcdn.com https://assets.tumblr.com/pop/ 'nonce-NTZiMzNiYjdkMjdkNzgwMDY1NzkxZDdhYjAzZmQ1NTM='; report-uri /svc/cspreports; object-src 'none'; worker-src blob: 'self'; base-uri 'self' 1
default-src 'self'; child-src 'self' *.sitescout.com static.addtoany.com *.qumucloud.com td.doubleclick.com www.riddle.com td.doubleclick.net www.buzzsprout.com omny.fm *.qualtrics.com *.fls.doubleclick.net player.vimeo.com; connect-src 'self' px.ads.linkedin.com *.google-analytics.com script.crazyegg.com stats.g.doubleclick.net rila.transamerica.com rila-mdl.transamerica.com api-us.fundpress.io *.kurtosys.io *.qumucloud.com bam.nr-data.net tracking.crazyegg.com maps.googleapis.com siteintercept.qualtrics.com api-us.kurtosys.app https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' api-us.fundpress.io *.kurtosys.io *.qumucloud.com data: fonts.googleapis.com fonts.gstatic.com *.codesandbox.io; img-src 'self' data: px.ads.linkedin.com www.facebook.com pixel.sitescout.com api-us.fundpress.io www.transamerica.com transamerica.com *.qumucloud.com assets2.brandfolder.io *.bfldr.com www.buzzsprout.com storage.buzzsprout.com maps.gstatic.com maps.googleapis.com maps.google.com siteintercept.qualtrics.com ad.doubleclick.net *.googlesyndication.com api-us.kurtosys.app i.vimeocdn.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' cdn.bfldr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com snap.licdn.com www.google-analytics.com up.pixel.ad *.userzoom.com connect.facebook.net api-us.fundpress.io *.kurtosys.io *.qumucloud.com www.googleadservices.com js-agent.newrelic.com www.buzzsprout.com *.siteintercept.qualtrics.com https://siteintercept.qualtrics.com/ api-us.kurtosys.app *.googlesyndication.com player.vimeo.com https://cdn.jsdelivr.net https://maps.googleapis.com https://resources.qumucloud.com https://rila.transamerica.com https://static.addtoany.com https://unpkg.com https://www.riddle.com script.crazyegg.com vjs.zencdn.net; style-src 'self' 'unsafe-inline' *.qumucloud.com fonts.googleapis.com https://rila.transamerica.com vjs.zencdn.net; frame-ancestors 'self' *.ipipeline.com transamerica.com *.transamerica.com; upgrade-insecure-requests 1
default-src 'self' data: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.cloudflare.com *.youtube.com *.google-analytics.com; style-src 'self' 'unsafe-inline' https: *.googleapis.com *.gstatic.com *.cloudflare.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.fontawesome.com; frame-src http: https: *.facebook.com; 1
default-src 'self' *.afterpay.com *.squarecdn.com *.afterpay-beta.com *.polyfill.io *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.squarecdn.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; style-src 'self' 'unsafe-inline' *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; font-src *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; frame-src *.everesttech.net *.squarecdn.com *.afterpay.com *.everestjs.net *.demdex.net *.centerwellpharmacy.com  *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; worker-src   blob: *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; img-src 'self' data: *.everesttech.net *.afterpay.com *.squarecdn.com *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com *.cookielaw.org *.cookie-cdn.cookiepro.com *.vovici.com *.verint-cdn.com *.efmfeedback.com; script-src-elem 'unsafe-inline' 'unsafe-hashes' *.polyfill.io *.afterpay.com *.squarecdn.com hbiq.net *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com *.cookielaw.org *.cookie-cdn.cookiepro.com *.vovici.com *.verint-cdn.com *.efmfeedback.com; script-src 'self' 'unsafe-hashes' 'unsafe-inline' *.polyfill.io *.centerwellpharmacy.com *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com *.salesforce.com  *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.vovici.com *.verint-cdn.com *.efmfeedback.com; connect-src wss://hoover.foresee.com https://hoover.foresee.com *.afterpay.com *.squarecdn.com *.amplitude.com *.afterpay-beta.com *.everesttech.net *.everestjs.net *.demdex.net *.centerwellpharmacy.com *.facebook.net *.cloudfront.net *.cmcore.com  *.salesforce.com   *.demandware.net *.fdbcloudconnector.com *.tealium.com *.zscaler.net *.ensighten.com *.foresee.com *.foreseeresults.com *.coremetrics.com *.tealiumiq.com *.salesforceliveagent.com *.inq.com *.nuance.com *.humana.com *.go365.com *.humanapharmacy.com *.invocacdn.com *.invoca.net *.activitymap.adobe.com *.convertlanguage.com *.bing.com *.facebook.com *.googleapis.com *.googleadservices.com *.google.com *.linkedin.com *.twitter.com *.mpeasylink.com *.tiqcdn.com *.pure.cloud *.demdex.net *.everesttech.net *.cquotient.com *.googletagmanager.com *.everestjs.net *.doubleclick.net *.youtube.com *.gstatic.com *.yahoo.com *.teads.tv *.onetrust.com *.cookielaw.org *.cookie-cdn.cookiepro.com *.vovici.com *.verint-cdn.com *.efmfeedback.com; 1
frame-ancestors 'self' https://fundrise.com/ https://fundriseintervalfund.com https://fundriseincomerealestatefund.com https://fundrisegrowthtechfund.com 1
default-src 'self' https://*.google-analytics.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.termsfeed.com https://*.google-analytics.com https://www.googletagmanager.com; style-src 'unsafe-inline' 'self'; img-src 'self' https://*.google-analytics.com data:; frame-src 'self' https://www.youtube.com 1
frame-ancestors 'self' https://www.trusselltrust.org/ 1
frame-ancestors 'self' https://z-virtualbooth.com/ https://www.z-virtualbooth.com/ https://z-virtualbooth.com/nav-panels/2022-aaep/aaep/aaep.html/ https://www.z-virtualbooth.com/nav/dx/index.html 1
default-src 'self' blob: 'unsafe-inline' 'unsafe-eval' unpkg.com miro.com *.algolianet.com *.algolianet.net storage.googleapis.com tagmanager.google.com *.googletagmanager.com *.google-analytics.com google-analytics.com ssl.gstatic.com gstatic.com fonts.gstatic.com github.com *.githubusercontent.com gh-card.dev *.ory.sh *.youtube.com *.youtube-nocookie.com data: s.ytimg.com *.usercentrics.eu *.iubenda.com *.cloudfront.net *.licdn.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hsforms.net *.hsforms.com *.g.doubleclick.net *.hubapi.com *.hubspot.com *.loom.com analytics.google.com *.analytics.google.com cdn.linkedin.oribi.io static.cloudflareinsights.com www.google.be www.google.com; img-src * data: blob: www.ory.dev www.ory.net 1
frame-ancestors 'self' *.kizilay.org.tr capacitor://*.kizilay.org.tr *.kizilaysaglikgrubu.com *.kizilaykart.org *.genckizilay.org.tr *.kizilaymadensuyu.com.tr *.kizilaytarih.org *.ilkyardim.org.tr *.kizilaytoplummerkezleri.org *.kizilaykariyer.com *.gonulluol.org https://gonulluol.org http://localhost:8100 capacitor://localhost http://localhost; 1
form-action 'self' https://*.marketingcloudfx.com https://app.nutshell.com https://wp.operationsfx.com https://wp.staging.operationsfx.com ; frame-ancestors 'self' https://*.marketingcloudfx.com https://app.webfx.com https://*.app.dev.webfx.com https://app.nutshell.com https://wp.operationsfx.com https://wp.staging.operationsfx.com ; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com; script-src  'self' blob: 'unsafe-inline' 'unsafe-eval' *.cookieinformation.com recaptcha.net *.vimeo.com *.googletagmanager.com *.licdn.com *.google-analytics.com *.youtube.com *.leadlab.click *.wiredminds.de *.hotjar.com *.myvisitors.se *.nr-data.net *.newrelic.com *.driftt.com *.6sc.co *.doubleclick.net *.qualtrics.com *.gstatic.com *.gstatic.cn *.googleapis.com *.mfn.se *.datablocks.se *.googleadservices.com trelleborg.piwik.pro trelleborg.workbuster.com secure.leadforensics.com *.en25.com *.zscalertwo.net code.highcharts.com *.googlesyndication.com *.google.com; font-src  'self' data: fonts.gstatic.com fonts.googleapis.com eur02.safelinks.protection.outlook.com *.hotjar.com app.emarketeer.com *.zscalertwo.net widget.datablocks.se; img-src  'self' data: *.google-analytics.com *.w3.org *.linkedin.com *.google.com *.google.de *.googletagmanager.com *.6sc.co *.google.com *.triggerbee.com *.qualtrics.com *.gstatic.com *.gstatic.cn *.googleapis.com *.hotjar.com *.doubleclick.net *.eloqua.com *.zscalertwo.net widget.datablocks.se *.googleadservices.com; style-src 'self' 'unsafe-inline' cdn.datatables.net fast.fonts.net fonts.googleapis.com *.datablocks.se *.bootstrapcdn.com *.zscalertwo.net;style-src-elem 'self' 'unsafe-inline' cdn.datatables.net fast.fonts.net fonts.googleapis.com *.datablocks.se *.bootstrapcdn.com *.zscalertwo.net; connect-src  'self' ws: *.cookieinformation.com cdn.linkedin.oribi.io *.leadlab.click *.google-analytics.com *.doubleclick.net *.analytics.google.com *.nr-data.net *.hotjar.io *.google.com *.6sc.co *.triggerbee.com *.qualtrics.com *.googlesyndication.com *.googleapis.com *.hotjar.com *.mfn.se *.datablocks.se *.googleadservices.com ws.hotjar.com trelleborg.piwik.pro idx.liadm.com *.zscalertwo.net *.hana.ondemand.com *.linkedin.com *.6sense.com; frame-src  'self' *.cookieinformation.com recaptcha.net *.youtube.com *.driftt.com *.vimeo.com *.doubleclick.net *.sts.trelleborg.com eur02.safelinks.protection.outlook.com iframe.dacast.com trelleborg.workbuster.com app.emarketeer.com view.vzaar.com *.zscalertwo.net *.trelleborgecf.com trelleborg-seals.via-em.com smc-lp.s4hana.ondemand.com sts.trelleborg.com privacyportalde-cdn.onetrust.com *.google.com datamix.si *.qualtrics.com;  media-src 'self' data: blob: *.w3.org *.driftt.com *.zscalertwo.net; 1
child-src 'self'; connect-src 'self' https://*.airtrfx.com https://*.clarity.ms https://*.cookiepro.com https://*.everymundo.workers.dev https://*.everymundonet.workers.dev https://*.google-analytics.com https://*.onetrust.com https://*.securitytrfx.com https://*.sumologic.com https://adservice.google.com https://analytics.google.com https://cdn.linkedin.oribi.io https://dc.services.visualstudio.com https://maps.googleapis.com https://px.ads.linkedin.com https://region1.analytics.google.com https://s.yimg.com https://stats.g.doubleclick.net https://translate.googleapis.com https://www.facebook.com https://www.google.bi https://www.google.co.ke https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.rw; default-src 'self'; font-src 'self' data: https://*.airtrfx.com https://*.everymundo.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://app.mailerlite.com https://em-frame.securitytrfx.com https://static.mailerlite.com https://td.doubleclick.net https://www.facebook.com https://www.mailerlite.com https://www.youtube.com/; img-src 'self' data: https: https://*.ads.linkedin.com https://*.airtrfx.com https://*.cookiepro.com https://*.everymundo.net https://*.google-analytics.com https://*.idio.episerver.net https://analytics.twitter.com https://maps.googleapis.com https://maps.gstatic.com https://sp.analytics.yahoo.com https://www.facebook.com https://www.kenya-airways.com; script-src-elem 'self' 'unsafe-inline' https://*.airtrfx.com https://*.clarity.ms https://*.cookiepro.com https://*.google-analytics.com https://*.googletagmanager.com https://*.idio.episerver.net https://app.mailerlite.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://feedback.ajua.com https://geoip-js.com https://js.monitor.azure.com https://maps.google.com https://maps.googleapis.com https://s.yimg.com https://snap.licdn.com https://static.ads-twitter.com https://static.mailerlite.com https://storage.googleapis.com https://www.google.com https://www.gstatic.com/recaptcha/releases/; style-src-elem 'self' 'unsafe-inline' https://*.airtrfx.com https://cdn.honey.io https://cdn.jsdelivr.net https://fonts.googleapis.com https://gc.kis.v2.scr.kaspersky-labs.com https://maps.googleapis.com https://static.mailerlite.com; style-src 'self' https://fonts.googleapis.com; style-src-attr 'unsafe-inline'; script-src 'unsafe-eval'; object-src 'none'; 1
frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com http://*.safe-iplay.com http://*.888sport.com http://*.sisportsbook.com http://*.secured-igaming-usa.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk *.williamhill.com *.williamhill.local *.williamhill-pp2.com 1
frame-ancestors https://*.orbi.kr 1
frame-ancestors 'self' bridgemi.com *.bridgemi.com 1
frame-ancestors https://www.lupus.org https://lupus.org https://lupus-stg.global.ssl.fastly.net/ https://app.socio.events/ https://attendee.socio.events/ https://game.socio.events/; 1
frame-ancestors 'self' *.knoema.com *.knoema.org 1
default-src 'self' 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' data: *.applanga.com *.intercomcdn.com *.intercom.io code.jquery.com ajax.googleapis.com cdnjs.cloudflare.com blob:; form-action 'self'; object-src 'none'; connect-src 'self' data: wss: sentry.io *.intercom.io *.intercom.com *.intercomcdn.com *.applanga.com; img-src 'self' data: *.applanga.com applanga-dev-thumbnails.s3-website.eu-central-1.amazonaws.com s3.eu-central-1.amazonaws.com applanga-prod-thumbnails.s3-website.eu-central-1.amazonaws.com *.execute-api.eu-central-1.amazonaws.com static.intercomassets.com *.intercomcdn.com; font-src fonts.intercomcdn.com *.applanga.com; media-src *.applanga.com *.intercomcdn.com ; upgrade-insecure-requests; frame-src youtube.com https://www.youtube.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com *.doubleclick.net api.mapbox.com consentcdn.cookiebot.com consent.cookiebot.com 'self';  object-src 'none'; worker-src blob: ; child-src www.google.com consentcdn.cookiebot.com assist.zoho.eu blob: 'self' ; img-src imgsct.cookiebot.com data: blob: 'self' www.google.ch www.google.com www.google-analytics.com; connect-src 'self' *.tiles.mapbox.com consentcdn.cookiebot.com api.mapbox.com events.mapbox.com www.google-analytics.com stats.g.doubleclick.net region1.analytics.google.com; frame-ancestors 'self' 1
default-src 'self';script-src 'nonce-41da267c-f0f5-4cd8-bd4f-15af771e10c3' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-41da267c-f0f5-4cd8-bd4f-15af771e10c3' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk; 1
frame-ancestors https://app.contentstack.com/; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; object-src * data: blob: 'unsafe-inline' 1
default-src 'none';             script-src 'self'                        fs20.formsite.com                        embed.showclix.com                        bbox.blackbaudhosting.com                        payments.blackbaud.com                        www.instagram.com                        www.google-analytics.com                        secure.quantserve.com                        www.googleadservices.com                        extend.vimeocdn.com                        www.googletagmanager.com                        connect.facebook.net                        rules.quantcount.com                        *.doubleclick.net                        *.adroll.com                        www.google.com                        www.gstatic.com                        bbg-botanic.disqus.com                        cdn.matomo.cloud                        widgets.resy.com                        datawrapper.dwcdn.net                        doublethedonation.com                        'unsafe-inline'                        'unsafe-eval';             object-src 'none';              style-src 'self'                        bbox.blackbaudhosting.com                        doublethedonation.com                        *.disquscdn.com                        *.dwcdn.net                        'unsafe-inline';             base-uri 'self';             form-action 'self'             https://signup.bbg.org             https://plants.bbg.org             https://herbarium.bbg.org             https://hic.bbg.org;             img-src https: ;            media-src https://*.bbg.org;             frame-src 'self'                       www.instagram.com                       embed.showclix.com                       *.formsite.com                       *.vimeo.com                       widgets.resy.com                       www.youtube.com                       www.facebook.com                       *.doubleclick.net                       disqus.com                       bbox.blackbaudhosting.com                       www.google.com                      bbg.matomo.cloud;             font-src 'self' fonts.gstatic.com                       doublethedonation.com                       static.dwcdn.net                       use.typekit.net;             frame-ancestors 'none';             connect-src 'self'                         www.google-analytics.com                         tools.bbg.org                         assets.bbg.org                         plants.bbg.org                         signup.bbg.org                         lookup.bbg.org                         greenestblock.bbg.org                         updates.expressionengine.com                         doublethedonation.com                         bbg.matomo.cloud                         datawrapper.dwcdn.net                         *.doubleclick.net 1
default-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://google-analytics.com https://static.newsletter2go.com https://connect.facebook.net https://assets.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://www.sprengnetter.de https://www.sprengnetter.at https://www.sprengnetter.net https://consentcdn.cookiebot.com/ https://consent.cookiebot.com https://cdnjs.cloudflare.com https://l.ecn-ldr.de; img-src 'self' https://files.newsletter2go.com https://www.sprengnetter.de https://www.sprengnetter.at https://www.sprengnetter.net data:; style-src 'self' 'unsafe-inline' https://www.sprengnetter.de https://www.sprengnetter.at https://www.sprengnetter.net; font-src 'self' https://www.sprengnetter.de https://www.sprengnetter.at https://www.sprengnetter.net; connect-src 'self' https://region1.google-analytics.com https://api.newsletter2go.com https://ekr.zdassets.com https://rssoftware.zendesk.com https://www.sprengnetter.de https://www.sprengnetter.at https://www.sprengnetter.net https://consentcdn.cookiebot.com https://www.econda-monitor.de; form-action 'self'; frame-ancestors 'self'; base-uri 'self' https://consentcdn.cookiebot.com; 1
frame-src https://*.fortimailcloud.com/ https://www.youtube.com/embed/AaYyLm5aqIs?si=MMTbwGRAyAHkDmjA; 1
frame-ancestors 'self' mail.google.com chrome-extension://iffdacemhfpnchinokehhnppllonacfj/ chrome-extension://dkfhfaphfkopdgpbfkebjfcblcafcmpi/; 1
frame-ancestors 'self' cmsv2.zebrix.net 1
default-src 'none'; connect-src https://www.verygoodsecurity.com https://www.verygoodsecurity.io https://pci.verygoodsecurity.io https://cdn.plyr.io/3.7.3/plyr.svg https://ws.zoominfo.com/pixel/collect https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://boards-api.greenhouse.io *.fontawesome.com https://cdn.plyr.io/3.6.7/plyr.svg https://www.google-analytics.com https://analytics.google.com https://api.hubapi.com https://api-iam.intercom.io https://in.hotjar.com https://stats.g.doubleclick.net wss://nexus-websocket-a.intercom.io https://c.6sc.co/ https://control-web-app.netlify.app/ https://cookie-cdn.cookiepro.com https://128-ixl-130.mktoresp.com https://tracking.chilipiper.com/mp/track https://api.chilipiper.com/api/v1/match-cluster/verygoodsecurity https://api.chilipiper.com/marketing/inbound-router/enabled/verygoodsecurity/demo-request-marketo https://api.chilipiper.com/marketing/inbound-router/redirect/verygoodsecurity/demo-request-marketo https://cdn.linkedin.oribi.io/partner/1166788/domain/verygoodsecurity.com/token *.netlify.app https://api.lever.co/v0/postings/verygoodsecurity?group=team&mode=json; font-src 'self' *.cloudfront.net https://fonts.gstatic.com *.fontawesome.com heapanalytics.com https://js.intercomcdn.com https://fonts.googleapis.com; frame-src https://www.youtube-nocookie.com *.greenhouse.io *.netlify.com https://codesandbox.io *.youtube.com https://forms.hsforms.com https://vars.hotjar.com https://bid.g.doubleclick.net https://consent-pref.trustarc.com/ https://info.verygoodsecurity.com https://verygoodsecurity.chilipiper.com/ https://player.vimeo.com/; img-src 'self' data: *.cloudfront.net *.ctfassets.net *.verygoodsecurity.com heapanalytics.com *.linkedin.com https://analytics.twitter.com https://t.co https://www.facebook.com https://b.6sc.co https://tr.lfeeder.com https://track.hubspot.com https://p.adsymptotic.com https://www.google.com https://www.google.ca https://www.google.co.uk https://www.google.de https://www.google.com.ua https://www.google.ie https://www.google.nl https://www.google.fr https://www.google.it https://www.google.ch https://www.google.pl https://www.google.cz https://www.google.no https://www.google.fi https://www.google.ro https://www.google.es https://www.linkedin.com https://www.google-analytics.com https://static.intercomassets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://www.googletagmanager.com https://consent.trustarc.com/v2/asset/transparent.png https://bat.bing.com https://tr-rc.lfeeder.com; media-src https://verygoodsecurity.github.io *.ctfassets.net https://js.intercomcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://px.ads.linkedin.com/wa/ https://cookie-cdn.cookiepro.com/scripttemplates/6.29.0/otBannerSdk.js https://player.vimeo.com/api/player.js https://munchkin.marketo.net/162/munchkin.js https://info.verygoodsecurity.com/index.php/form/getKnownLead *.netlify.app heapanalytics.com https://cdn.heapanalytics.com https://www.googletagmanager.com https://boards.greenhouse.io/embed/job_board/js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.10.4/ScrollTrigger.min.js https://forms.hsforms.com/embed/v3/form/5884958/be88e533-69b8-47fd-b14e-68c81351e05f https://forms.hsforms.com/embed/v3/form/5884958/c68837c6-ee17-4180-b316-73aeca654518 https://js.hsforms.net/forms/v2-legacy.js https://js.hsforms.net/forms/v2.js https://forms.hsforms.com https://www.google-analytics.com https://static.ads-twitter.com https://snap.licdn.com https://widget.intercom.io https://js.hs-scripts.com https://connect.facebook.net https://j.6sc.co https://consent.trustarc.com https://ws.zoominfo.com https://static.hotjar.com https://sc.lfeeder.com https://analytics.twitter.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://js.intercomcdn.com https://script.hotjar.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://cookie-cdn.cookiepro.com/scripttemplates/6.27.0/otBannerSdk.js https://munchkin.marketo.net/munchkin.js https://munchkin.marketo.net/161/munchkin.js https://info.verygoodsecurity.com/js/forms2/js/forms2.min.js https://info.verygoodsecurity.com/index.php/form/getForm https://bat.bing.com/bat.js https://bat.bing.com/p/action/14362370638466.js https://munchkin.marketo.net/163/munchkin.js https://andreasmb.github.io/lever-jobs-embed/index.js; style-src 'unsafe-inline' https://www.verygoodsecurity.com https://pci.verygoodsecurity.io https://www.verygoodsecurity.io https://info.verygoodsecurity.com/js/forms2/css/forms2-theme-simple.css https://info.verygoodsecurity.com/js/forms2/css/forms2-theme-simple.css *.googleapis.com heapanalytics.com https://www.googletagmanager.com/debug/badge.css https://info.verygoodsecurity.com/js/forms2/css/forms2.css https://info.verygoodsecurity.com/js/forms2/css/forms2-theme-inset.css https://js.chilipiper.com/styles.css *.netlify.app https://andreasmb.github.io/lever-jobs-embed/embed-css/style.css; frame-ancestors 'self' 1
default-src https:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; font-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'none'; script-src 'self' https://*.hcaptcha.com https://hcaptcha.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.hcaptcha.com https://hcaptcha.com; frame-ancestors 'self'; frame-src 'self' https://*.hcaptcha.com https://hcaptcha.com; connect-src https://*.hcaptcha.com https://hcaptcha.com; object-src 'self'; base-uri 'self'; img-src 'self'; font-src 'self' 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://gravie.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' www.atlantis-nantes.com *.sips-services.com groupeugc.com; 1
default-src: 'none' 1
default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data:; script-src https: 'unsafe-inline' blob:; style-src 'self' https: 'unsafe-inline'; object-src 'none'; connect-src 'self' https: wss: 1
frame-ancestors 'self' 1
frame-ancestors 'self' https://*.equitable.com https://*.asedv001.appserviceenvironment.net https://int-compapp.azureedge.net int-compapp.equitable.com; 1
default-src 'self' http: https: data: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googlesyndication.com https://cdn.matomo.cloud/ https://verbund.matomo.cloud https://cdnjs.cloudflare.com https://www.googleadservices.com https://analytics.verbund.com/matomo.js https://consent.verbund.com https://snap.licdn.com https://unpkg.com https://webcast.a1.net https://vjs.zencdn.net https://googleadservices.com https://www.gstatic.com https://js.anyline.com https://dev.visualwebsiteoptimizer.com https://verbundblog.disqus.com https://connect.facebook.net https://*.google.com https://*.googleapis.com https://s.ytimg.com https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://platform.linkedin.com https://code.jquery.com https://platform.twitter.com https://c.disquscdn.com https://disqus.com https://*.disqus.com https://apps.verbund.at https://emea3.recruitmentplatform.com https://code.createjs.com https://amplify.outbrain.com/cp/obtp.js https://tr.outbrain.com/cachedClickId https://googleads.g.doubleclick.net; font-src 'self' https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:; frame-src 'self' https://*.googlesyndication.com https://consent.verbund.com https://verbund.prosiebensat1puls4.tv/ https://base.streamdiver.com/ https://my.walls.io/ https://uvp-ots.sf.apa.at https://www.google.com https://optimize.google.com https://*.disqus.com https://disqus.com https://www.facebook.com https://connect.facebook.net https://www.googletagmanager.com https://www.youtube.com https://staticxx.facebook.com https://*.doubleclick.net https://*.twitter.com https://accounts.google.com https://irs.tools.investis.com https://apps.verbund.at; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.verbund.com https://streamer.a1.net; media-src * blob: data:; img-src 'self' https://*.googlesyndication.com https://consent.verbund.com https://content.prescreen.io https://jobdata.prescreen.io https://px.ads.linkedin.com https://webcast.a1.net https://www.pw-footprints.de https://connect.facebook.net https://*.doubleclick.net https://3662592.fls.doubleclick.net https://*.google-analytics.com https://www.google.com https://www.google.at https://www.google.de https://*.gstatic.com https://stats.g.doubleclick.net https://*.googleapis.com https://dev.visualwebsiteoptimizer.com https://*.twitter.com https://www.foto-webcam.eu https://*.it-wms.com data: https://i.ytimg.com https://www.facebook.com https://c.disquscdn.com https://referrer.disqus.com https://maps.google.com https://cx.atdmt.com https://www.verbund.com https://tr.outbrain.com; connect-src 'self' https://*.googlesyndication.com https://verbund.matomo.cloud https://analytics.verbund.com/matomo.php https://cdn.linkedin.oribi.io/partner/4825250/domain/verbund.com/token https://consent.verbund.com https://at-cdn14.streamdiver.com https://metrics.articulate.com/v1/import https://streamer.a1.net https://webcast.a1.net https://*.analytics.google.com https://analytics.google.com https://maps.googleapis.com https://reporting.anyline.com https://js.anyline.com https://anyline-reporting.herokuapp.com https://*.doubleclick.net https://*.google-analytics.com https://www.googleapis.com https://links.services.disqus.com https://dev.visualwebsiteoptimizer.com https://emea3.recruitmentplatform.com https://www.google.com/pagead/landing https://px.ads.linkedin.com/wa/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://consent.verbund.com https://webcast.a1.net https://optimize.google.com https://c.disquscdn.com https://fonts.googleapis.com https://tagmanager.google.com; worker-src blob: https://www.verbund.com https://*.verbund.com; frame-ancestors 'self' https://energiemanagement.verbund.at; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' siteimproveanalytics.com search.usa.gov https://search.usa.gov data.usajobs.gov https://data.usajobs.gov https://dojlogin-test.usdoj.gov https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js https://siteimproveanalytics.com/js/siteanalyze_57774.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://js-agent.newrelic.com/nr-rum-1.250.0.min.js https://dojlogin-govtest.okta-gov.com https://js-agent.newrelic.com/nr-rum-1.251.1.min.js https://dojlogin.usdoj.gov https://usdoj.okta-gov.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://static.addtoany.com platform.twitter.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://search.usa.gov/assets/sayt.css http://search.usa.gov/assets/sayt.css cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com; report-uri https://www.usmarshals.gov/report-uri/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tribe.net; img-src 'self' https: data: blob: https://tribe.net; style-src 'self' https://tribe.net 'nonce-L1vejlZaiV+jV1QPxe7sMg=='; media-src 'self' https: data: https://tribe.net; frame-src 'self' https:; manifest-src 'self' https://tribe.net; form-action 'self'; child-src 'self' blob: https://tribe.net; worker-src 'self' blob: https://tribe.net; connect-src 'self' data: blob: https://tribe.net https://tribe.net wss://tribe.net; script-src 'self' https://tribe.net 'wasm-unsafe-eval' 1
upgrade-insecure-requests; frame-src https:; 1
default-src 'self' www.aptiv.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.facebook.net *.facebook.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cookie-cdn.cookiepro.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net snap.licdn.com px.ads.linkedin.com *.vimeo.com cdnjs.cloudflare.com cdn.jsdelivr.net *.marketo.com *.mktoutil.com *.aptiv.com *.demandbase.com *.company-target.com *.angularjs.org *.vimeocdn.com *.hawksearch.net *.uptime.com *.cookielaw.org *.onetrust.com *.plausible.io plausible.io *.ceros.com *.matomo.cloud 'self' 'unsafe-inline' js.hs-scripts.com js.hs-analytics.net cdn.ampproject.org assets.adoberesources.net *.adobe.com internet-na.aptiv.com internet-cloud.aptiv.com internet-cloud.aptiv.com:6082 'unsafe-eval' https://cdn.insight.sitefinity.com https://aptiv.containers.piwik.pro https://aptiv.piwik.pro/ppms.php https://dec.azureedge.net web-chat.nativechat.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com www.aptiv.com cookie-cdn.cookiepro.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.marketo.com *.aptiv.com *.hawksearch.net 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://*.typekit.net web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: www.aptiv.com aptiv.com *.google-analytics.com *.google.pl *.facebook.com *.facebook.net *.fbcdn.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com www.google.com googletagmanager.com px.ads.linkedin.com p.adsymptotic.com connect.facebook.com connect.facebook.net i.vimeocdn.com aptivtest.azurewebsites.net match.prod.bidr.io *.company-target.com id.rlcdn.com productdata.aptiv.com downloads.aptiv.com *.mouser.com *.doubleclick.net *.cookielaw.org *.ceros.com asset-prod1a-euw.productmarketingcloud.com 'self' https://dec.azureedge.net track.hubspot.com asset.productmarketingcloud.com https://assets.adoberesources.net https://lh3.googleusercontent.com *.googlesyndication.com *.googletagmanager.com *.google.de google.de google.ie aptivdotcomuseastblob-fbc8ewh2bbfpbhgu.z01.azurefd.net *.linkedin.com https://cdn.insight.sitefinity.com web-chat.nativechat.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: www.aptiv.com maxcdn.bootstrapcdn.com *.typekit.net; form-action *.aptiv.com *.azurewebsites.net *.facebook.com *.facebook.net *.azurefd.net 'self' login.microsoftonline.com; connect-src accounts.google.com *.mktoresp.com *.google-analytics.com www.facebook.com *.marketo.com *.mktoutil.com *.aptiv.com *.g.doubleclick.net blob://* blob: *.company-target.com *.hawksearch.net *.hawksearch.com *.uptime.com *.cookielaw.org *.onetrust.com *.plausible.io plausible.io *.facebook.com *.facebook.net *.matomo.cloud 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.adobe.io wss://*.adobe.io *.google.com *.googlesyndication.com tag-logger.demandbase.com https://aptiv.piwik.pro/ppms.php forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: www.aptiv.com www1.aptiv.com downloads.aptiv.com *.vimeo.com aptivdotcomuseastblob-fbc8ewh2bbfpbhgu.z01.azurefd.net *.akamaized.net; child-src apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com player.vimeo.com 8239591.fls.doubleclick.net *.doubleclick.net *.fliphtml5.com *.google.com blob://* blob: *.aptiv.com *.plausible.io plausible.io 'self' internet-na.aptiv.com internet-cloud.aptiv.com *.company-target.com documentcloud.adobe.com storage.net-fs.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ w.soundcloud.com/ *.vimeo.com forms.hsforms.com web-chat.nativechat.com; frame-src 'self' apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com player.vimeo.com 8239591.fls.doubleclick.net *.doubleclick.net *.fliphtml5.com *.google.com blob://* blob: *.aptiv.com *.plausible.io plausible.io internet-na.aptiv.com internet-cloud.aptiv.com *.company-target.com documentcloud.adobe.com storage.net-fs.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ w.soundcloud.com/ *.vimeo.com forms.hsforms.com web-chat.nativechat.com 1
default-src 'self' http: https: data: blob: 'unsafe-inline'  'unsafe-eval' 1
default-src 'self'; media-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com; form-action 'self' *.cision.com; base-uri 'self'; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: google-analytics.com 2.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; font-src 'self' data: https://use.typekit.net fonts.googleapis.com fonts.gstatic.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com 'unsafe-inline' https: s7.addthis.com; connect-src 'self' 'unsafe-inline' https: http: s7.addthis.com; frame-ancestors 'self'; manifest-src 'self'; 1
font-src 'self'; frame-src 'self' https: www.youtube-nocookie.com/* ; frame-ancestors 'self' https://*.etracker.com; script-src 'self' https://*.etracker.com https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de  'unsafe-inline'; connect-src 'self' https://*.etracker.de *.b-ite.com https://stats.haw-hamburg.de;  img-src * *.b-ite.com; style-src 'self' 'unsafe-inline' *.b-ite.com; 1
frame-src 'self' *.eprice.com.tw *.eprice.com.hk *.doubleclick.net *.g.doubleclick.net *.googletagservices.com *.googlesyndication.com *.googleapis.com *.safeframe.googlesyndication.com *.safeframe.usercontent.goog *.google.com *.yahoo.com *.redditmedia.com www.facebook.com platform.twitter.com www.youtube.com datawrapper.dwcdn.net *.datawrapper.de *.instagram.com *.tiktok.com *.vimeo.com *.rubiconproject.com a.amnet.tw cdn.aralego.net s7.addthis.com s0.2mdn.net *.sascdn.com csync.smartadserver.com *.bilibili.com *.adform.com *.ad-generation.jp *.admanmedia.com *.admixer.net *.adnxs.com *.Adsolut.in *.adsparc.com *.adtech.com *.Advertising.com *.advertising.com *.aniview.com *.aol.com *.aolcloud.net *.appnexus.com *.aps.amazon.com *.aralego.com *.atemda.com *.beachfront.com *.betweendigital.com *.betweendigital.com *.btrll.com *.buzzoola.com *.connectad.io *.console.cmcm.com *.contextweb.com *.districtm.io *.EMXDGT.com *.fair-trademedia.com *.freewheel.tv *.gammassp.com *.genieesspv.jp *.google.com *.gumgum.com *.impactify.io *.improvedigital.com *.indexexchange.com *.innity.com *.lijit.com *.loopme.com *.mox.tv *.oogle.com *.openx.com *.openx.net *.pubmatic.com *.revcontent.com *.rhythmone.com *.rtb.bidsxchange.com *.rtbhouse.com *.rubiconproject.com *.scupio.com *.selectmedia.asia *.smaato.com *.smartadserver.com *.smartclip.net *.smartyads.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.springserve.com *.synacor.com *.teads.tv *.tremorhub.com *.truvid.com *.truvidplayer.com *.ucfunnel.com *.undertone.com *.vdo.ai *.xad.com *.criteo.com *.yimg.com cs.gssprt.jp sync.adkernel.com *.streamable.com streamable.com js-sec.indexww.com *.casalemedia.com *.quantserve.com eb2.3lift.com imgur.com embed.ted.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://inductiveautomation.com http://account.ia.local/ https://*.inductiveautomation.com https://*.inductiveuniversity.com https://inductiveuniversity.com https://s3.amazonaws.com https://files.inductiveautomation.com https://icccdn.s3.amazonaws.com https://icccdn-production.s3.amazonaws.com https://icccdn-staging.s3.amazonaws.com https://code.jquery.com https://*.youtube.com https://disqus.com https://*.disqus.com https://*.disquscdn.com https://*.wistia.com https://*.wistia.net http://embedwistia-a.akamaihd.net https://*.typekit.net https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.opentracker.net https://*.crazyegg.com https://*.litix.io https://*.marketo.net https://*.mktoresp.com https://*.twitter.com https://*.twimg.com https://*.facebook.net https://*.facebook.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.licdn.com https://cdn.viglink.com https://cdn.jsdelivr.net https://*.adsymptotic.com https://*.stripe.com https://*.stripe.network https://*.akamaized.net https://*.vimeocdn.com https://*.vimeo.com https://*.podbean.com https://*.cdninstagram.com https://*.fontawesome.com https://canny.io https://*.rawgit.com https://*.cloudflare.com https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.getsitecontrol.com https://*.getsitectrl.com https://*.googleadservices.com https://*.doubleclick.net https://js.hs-scripts.com https://*.mouseflow.com https://unpkg.com data: blob:; block-all-mixed-content 1
default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.facebook.com *.facebook.net *.bing.com *.arcot.com *.ondemand.com *.fontawesome.com *.auth0.com *.creditmutuel.fr *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.chatlayer.ai *.sinch.com *.ably-realtime.com *.ably.io *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.bing.com *.avantorsciences.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.vwr.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.bing.com *.arcot.com *.auth0.com *.ondemand.com *.fontawesome.com *.creditmutuel.fr *.bioz.com *.sinch.com *.ably-realtime.com *.ably.io *.chatlayer.ai *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://firebaselogging-pa.googleapis.com https://firestore.googleapis.com https://code.jquery.com https://az416426.vo.msecnd.net https://www.google.com https://www.googletagmanager.com https://dl.episerver.net https://www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.gstatic.com https://stats.g.doubleclick.net https://login.microsoftonline.com https://maps.googleapis.com https://www.googleadservices.com https://tagmanager.google.com https://*.siteimproveanalytics.com https://*.siteimprove.com https://*.siteimprove.net https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://siteimprove.com https://siteimprove.net https://siteimproveanalytics.io https://cookie-cdn.cookiepro.com https://collector-6959.tvsquared.com https://connect.facebook.net https://secure.adnxs.com https://static.ads-twitter.com https://analytics.twitter.com https://www.muchloved.com https://cdnjs.cloudflare.com https://widget.trustpilot.com https://googleads.g.doubleclick.net https://storage.googleapis.com https://*.snapengage.com https://*.hotjar.com https://bat.bing.com https://*.azureedge.net wss://*.noibu.com https://*.noibu.com https://*.analytics.google.com;style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.sja.org.uk https://dl.episerver.net https://fonts.googleapis.com https://tagmanager.google.com http://www.googletagmanager.com https://www.muchloved.com https://cdnjs.cloudflare.com https://cdn.fonts.net https://*.hotjar.com https://*.svc.dynamics.com;img-src 'self' https://redeye.sja.org.uk https://az416426.vo.msecnd.net https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://www.gstatic.com https://stats.g.doubleclick.net https://dl.episerver.net https://scontent.cdninstagram.com https://login.microsoftonline.com https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://ssl.gstatic.com https://*.siteimproveanalytics.com https://*.siteimprove.com https://*.siteimprove.net https://*.siteimproveanalytics.io https://siteimproveanalytics.com https://siteimprove.com https://siteimprove.net https://siteimproveanalytics.io https://cookie-cdn.cookiepro.com https://collector-6959.tvsquared.com https://www.facebook.com https://t.co https://*.muchloved.com https://www.ml-dev.com https://*.snapengage.com https://www.google.co.uk https://storage.googleapis.com https://*.hotjar.com https://bat.bing.com https://*.svc.dynamics.com unsafe-inline data:;media-src 'self' https://*.snapengage.com;frame-src 'self' https://www.google.com https://commerce.sja.redweb.network https://sjacommercedevmaster.redweb.network https://ade1-mgrstja01mstrn249finte.dxcloud.episerver.net https://mgrstja01mstrn249finte.dxcloud.episerver.net https://mgrstja01mstrn249fprep.dxcloud.episerver.net https://mgrstja01mstrn249fprod.dxcloud.episerver.net https://login.microsoftonline.com https://www.youtube.com https://www.youtube-nocookie.com https://servedby.flashtalking.com https://www.facebook.com https://www.muchloved.com https://*.siteimprove.com https://widget.trustpilot.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.svc.dynamics.com;font-src 'self' https://fonts.gstatic.com https://cloud.typography.com https://fonts.googleapis.com https://*.hotjar.com data:;connect-src 'self' https://dc.services.visualstudio.com https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://www.google-analytics.com https://stats.g.doubleclick.net https://my2.siteimprove.com https://id.siteimprove.com https://*.snapengage.com wss://*.firebaseio.com wss://firebasedatabase.app wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://*.google-analytics.com https://*.svc.dynamics.com wss://*.noibu.com https://*.noibu.com https://*.analytics.google.com;report-uri /WebResource.axd?cspReport=true 1
frame-ancestors * https://dev.hyperpure.com https://www.hyperpure.com https://supplier.petpooja.com ; 1
frame-ancestors 'self' *.uxpin.com *.mouseflow.com 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com ; font-src 'self'; form-action 'self' https://lmra.us11.list-manage.com; frame-src 'self' https://cse.google.com https://www.google.com https://www.questionpro.com https://outlook.office365.com https://login.microsoftonline.com https://res.cdn.office.net; img-src data: 'self' https://www.google-analytics.com  https://*.google.com https://*.gstatic.com https://img.youtube.com https://lmra.bh https://ssl.gstatic.com https://www.google.com https://www.googleapis.com; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com  https://cse.google.com https://www.google.com https://www.gstatic.com https://www.questionpro.com; style-src 'self' 'unsafe-inline' https://www.google.com; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self';script-src 'nonce-3a6a638b-854e-43c7-921b-61fa3b7d4d06' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';connect-src 'nonce-3a6a638b-854e-43c7-921b-61fa3b7d4d06' https: 'unsafe-inline';style-src * 'unsafe-inline'; img-src * data:; font-src * data:;frame-src *.demdex.net *.skat.dk; 1
frame-ancestors  *.jjwxc.net  *.jjwxc.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data: https://static.mne.pt https://static.mne.gov.pt https://www.googletagmanager.com/; child-src 'self' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.youtube-nocookie.com https://player.vimeo.com; frame-src 'self' https://static.mne.pt https://static.mne.gov.pt https://www.google.com https://www.recaptcha.net https://www.youtube-nocookie.com https://player.vimeo.com; object-src 'none'; connect-src 'self' https://maps.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com; worker-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.time4learning.com 1
default-src 'none'; media-src 'self' https://videos.ctfassets.net:*; script-src-elem 'self' 'nonce-9bd8f702-b039-4a4e-98c9-37953a4f5c5b' https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js 'unsafe-hashes' 'sha256-cdFvGnPvdeavqCupE0X1iKxDb2jmBXXTGmE6AcHOk+c=' 'sha256-yT/s9zf56jX7wyB2f+yhxGo0VBoDnFqMx5qPvh0jvgQ=' 'sha256-TQ9lqihfbMvC+yQs4RAPRBe8No3FB3+MYPxT/OnPn/A=' 'sha256-ep0lyBO1i+WpsX2W3CxFRXjI+Hxg1zdLj+K4nN4Yzdk='; script-src 'self' 'wasm-unsafe-eval' 'nonce-9bd8f702-b039-4a4e-98c9-37953a4f5c5b' https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/airgap.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/ui.js https://transcend-cdn.com/cm/fa619274-3c15-4155-bbec-c0cb75733259/xdi.js; style-src-elem 'self' 'nonce-9bd8f702-b039-4a4e-98c9-37953a4f5c5b' https://transcend-cdn.com 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; style-src 'self' 'nonce-9bd8f702-b039-4a4e-98c9-37953a4f5c5b' https://transcend-cdn.com 'unsafe-hashes' 'sha256-oV3jdqk8GO/BUZSwos543OlGzhzxD3uMNE23EaxYMEQ=' 'sha256-/4tktfVAle+8ojynlFnhze1lbgwtFnndScvcHIucgqc=' 'sha256-zlqnbDt84zf1iSefLU/ImC54isoprH/MRiVZGskwexk=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-7JyL1A8Kywti3E1sWTTspFukJsEOqlNFJPIxVimWbAQ='; connect-src 'self' https://unpkg.com/@rive-app/canvas@2.7.6/rive.wasm https://start.1password.com https://start.1password.ca https://start.1password.eu https://www.google-analytics.com https://9gnqx00du4.execute-api.us-east-1.amazonaws.com/prod/contact_us https://us.app.unleash-hosted.com https://flow.1passwordservices.com https://telemetry.transcend.io/collect https://rum.browser-intake-datadoghq.com https://sst.1passwordservices.com https://c.6sc.co https://ipv6.6sc.co https://b.6sc.co https://epsilon.6sense.com https://transcend-cdn.com; manifest-src 'self'; font-src 'self'; object-src 'self'; img-src 'self' blob: http://images.ctfassets.net:* https://images.ctfassets.net:* https://www.google.com https://www.google-analytics.com https://sst.1passwordservices.com https://stats.g.doubleclick.net https://insight.adsrvr.org https://px.mountain.com https://b.6sc.co; child-src https://www.youtube-nocookie.com https://secure.livechatinc.com; frame-src https://www.youtube-nocookie.com https://www.youtube-nocookie.com/embed https://secure.livechatinc.com https://player.vimeo.com https://insight.adsrvr.org https://match.adsrvr.org https://drift.1passwordservices.com https://sync-transcend-cdn.com https://www.figma.com; form-action 'self' https://start.1password.com https://flow.1passwordservices.com; prefetch-src 'self' https://app.1password.com https://app.1password.ca https://app.1password.eu; frame-ancestors https://*.1passwordservices.com https://*.1password.com https://*.1password.ca https://*.1password.eu https://main.1pstage.com; report-uri https://csp.1passwordservices.com/report?tags=1pw_prd; report-to csp-endpoint 1
frame-ancestors 'self' *.hellobank.fr *.hellobankpro.fr *.bnpparibas *.mosaic.fr *.biapi.pro *.bnpparibas.net *.protection24.com *.facil-iti.net *.herokuapp.com *.matmut.com *.cardif-iard.fr; 1
base-uri 'self' https://analytics.oss.net.bd/matomo.js https://connect.facebook.net/en_US/sdk.js https://feedback.oss.net.bd/src/0.1.3/social_widget_link.js  https://social-widget.oss.net.bd/   https://feedback.oss.net.bd  https://www.youtube.com; 1
frame-ancestors "self" 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-XmIGOEAiB-tu-KoTR2tebA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
frame-ancestors 'self' buechen.de *.buechen.de boernsen-erleben.de *.boernsen-erleben.de; 1
default-src 'self';                             script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/                                                 https://cdn.jsdelivr.net/jquery.jssocials/1.4.0/jssocials.min.js                                                 https://cookie-script.com/s/aa44aecf65c7b9c161785136df03df5a.js                                                 https://maps.googleapis.com/maps/                                                 https://maps.googleapis.com/maps-api-v3/                                                 https://developers.google.com/maps/                                                 https://www.youtube.com/                                                 https://s.ytimg.com/yts/jsbin/                                                 https://getaddress.io/js/                                                 https://platform.twitter.com/                                                 https://cdn.syndication.twimg.com/                                                 https://cloud.tinymce.com/stable/                                                 https://cdn.tiny.cloud/                                                 https://www.googletagmanager.com/                                                 https://www.google-analytics.com/analytics.js                                                 https://analytics-eu.clickdimensions.com/                                                 https://tableau.ahdb.org.uk/                                                 https://www.googleapis.com/youtube/v3/                                                 https://maxcdn.bootstrapcdn.com/bootstrap/                                                 https://ajax.googleapis.com/ajax/libs/jquery/                                                 https://kit.fontawesome.com/9ddbf38321.js                                                 https://static.ads-twitter.com/                                                 https://www.clarity.ms/                                                  https://connect.facebook.net/en_US/fbevents.js                                                 https://connect.facebook.net/signals/config/                                                 https://cdn.getaddress.io/scripts/jquery.getAddress-2.0.8.min.js                                                 https://*.clarity.ms/                                                  https://www.google.com/cse/                                                 https://cse.google.com/cse.js                                                 https://cse.google.com/cse/element/                                                 https://cse.google.com/adsense/search/async-ads.js                                                 https://clients1.google.com/complete/                                                 https://partner.googleadservices.com/gampad/cookie.js                             'unsafe-eval' unitegallery.js               ;               style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/                                                https://fast.fonts.net/                                                https://fonts.googleapis.com/                                                https://use.fontawesome.com/releases/                                                https://platform.twitter.com/css/                                                https://ton.twimg.com/tfw/css/                                                https://www.tinymce.com/css/                                                https://cdn.tiny.cloud/                                                https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css                                                https://ka-p.fontawesome.com/releases/                                                    https://use.typekit.net/                                                https://p.typekit.net/                                                https://www.google.com/cse/static/style/look/v4/default.css                                                https://www.google.com/cse/static/               ;               img-src 'self' data: *                             https://media.ahdb.org.uk/                             https://projectblue.blob.core.windows.net/media/                             https://mainsitearchive.blob.core.windows.net/media/                             https://maps.gstatic.com/mapfiles/                             https://maps.googleapis.com/maps/               ;               media-src 'self'                          https://projectblue.blob.core.windows.net/                          https://mainsitearchive.blob.core.windows.net/               ;               font-src 'self' https://maxcdn.bootstrapcdn.com/                               https://fonts.gstatic.com/                               https://cdn.tiny.cloud/                                   https://use.fontawesome.com/releases/                               https://ka-p.fontawesome.com/releases/                               https://use.typekit.net/               ;               frame-src 'self' https://www.youtube.com/                                https://embeds.audioboom.com/                                https://forms.ahdb.org.uk/                                https://ahdb.org.uk/                                https://*.ahdbdigital.org.uk/                                https://app.powerbi.com/                                https://platform.twitter.com/                                https://syndication.twitter.com/                                https://ahdb-milkpricecalculator.azurewebsites.net/                                https://media.ahdb.org.uk/                                https://tableau.ahdb.org.uk/                                https://projectblue.blob.core.windows.net/                                https://www.facebook.com/                                https://player.vimeo.com/                                https://www.slideshare.net/                                https://www.google.com/maps/                                https://zingtree.com/                                https://mapsengine.google.com/                                https://rgcl.ahdb.org.uk/                                https://livestockmarketsdata.ahdb.org.uk                                https://partner.googleadservices.com/gampad/cookie.js                                https://www.adsensecustomsearchads.com/               ;               connect-src 'self' https://maps.googleapis.com/                                  https://www.google-analytics.com/                                  https://stats.g.doubleclick.net/                                  https://ahdb-survey-development.azurewebsites.net                                  https://ahdbsurvey.azurewebsites.net                                  https://www.clarity.ms/                                  https://*.clarity.ms/                                  https://www.googleapis.com/youtube/v3/                                  https://kit.fontawesome.com/9ddbf38321.js                                  https://ka-p.fontawesome.com/                                   https://region1.google-analytics.com/                                  https://region1.analytics.google.com/                                     https://kit.fontawesome.com/                1
frame-ancestors 'self' *.actionstep.com 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' static.underhentai.net fonts.googleapis.com *.disquscdn.com www.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.underhentai.net ajax.googleapis.com static.cloudflareinsights.com *.disqus.com *.cloudflare.com data:; img-src 'self' static.underhentai.net *.disqus.com *.disquscdn.com translate.google.com fonts.gstatic.com *.w.org secure.gravatar.com data:; media-src *.underhentai.net; font-src 'self' static.underhentai.net fonts.gstatic.com data:; connect-src 'self' *.g.doubleclick.net *.google.com; worker-src blob:; frame-src 'self' *.underhentai.net *.uhn.cx a.adtng.com disqus.com *.storangeunderh.com mega.nz doodstream.com dooood.com doods.pro d000d.com *.cloudflare.com; frame-ancestors 'self' *.underhentai.net; 1
default-src http: https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; font-src 'self' https:; 1
default-src 'self' data: blob: *.youtube.com *.facebook.com *.twitter.com *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.youtube.com *.facebook.com *.twitter.com *.google.com *.googleapis.com *.cloudflare.com; script-src 'self' 'unsafe-inline' *.cloudflare.com *.youtube.com *.facebook.com *.twitter.com *.googleapis.com *.google.com *.mygov.in *.fontawesome.com; img-src 'self' 'unsafe-inline' *.mygov.in;  1
frame-ancestors 'self' *.local *.unesco.de deutscheunesco.sharepoint.com 1
default-src 'self' blob: *.b-cdn.net fonts.gstatic.com; connect-src 'self' ws: wss://input.noibu.com *.jsdelivr.net *.lightboxcdn.com stats.g.doubleclick.net *.clarity.ms *.bing.com *.pndsn.com *.vimeo.com *.youtube.com *.affirm.ca *.snapchat.com *.google.com *.b-cdn.net *.kaptcha.com *.facebook.com *.noibu.com *.googleapis.com *.onetrust.com *.addressy.com *.brownsshoes.com *.visualwebsiteoptimizer.com app.vwo.com *.perimeterx.net *.pxchk.net *.px-client.net *.px-cdn.net *.px-cloud.net api.segment.io cdn.segment.com *.criteo.com www.google-analytics.com *.kustomerapp.com analytics.tiktok.com *.pinterest.com *.fullstory.com cdn.cookielaw.org; font-src 'self' data: fonts.gstatic.com cdn.kustomerapp.com sc-static.net; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.lightboxcdn.com *.visualwebsiteoptimizer.com www.googletagmanager.com *.addressy.com app.vwo.com s3.amazonaws.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.snapchat.com sc-static.net *.fullstory.com cdn.cookielaw.org *.google.com maps.googleapis.com googleads.g.doubleclick.net *.visualwebsiteoptimizer.com cdn.segment.com cdn.kustomerapp.com *.cquotient.com unpkg.com bat.bing.com www.googletagmanager.com app.vwo.com *.brownsshoes.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.snapchat.com *.jsdelivr.net *.pinterest.com *.lightboxcdn.com *.google.com unpkg.com *.addressy.com *.affirm.ca appleid.cdn-apple.com *.pcapredict.com *.kaptcha.com *.visualwebsiteoptimizer.com analytics.tiktok.com *.googlesyndication.com *.fullstory.com *.criteo.com googleads.g.doubleclick.net s.pinimg.com *.clarity.ms *.bing.com connect.facebook.net sc-static.net cdn.cookielaw.org cdn.noibu.com cdn.kustomerapp.com *.cquotient.com app.vwo.com www.googletagmanager.com cdn.segment.com *.googleadservices.com *.paybright.com *.googleapis.com; img-src 'self' data: about: *.kustomerapp.com *.jsdelivr.net *.gravatar.com *.gumgum.com *.eyeota.net *.rubiconproject.com *.adform.net *.brownsshoes.com *.tapad.com *.lightboxcdn.com *.lijit.com *.demdex.net *.krxd.net ade.clmbtech.com ups.analytics.yahoo.com trends.revcontent.com id5-sync.com sync.aralego.com partner.mediawallahscript.com www.google.ca gum.criteo.com i.liadm.com hb.yahoo.net googleads.g.doubleclick.net www.google.com.ua s.ad.smaato.net ads.stickyadstv.com *.px-cloud.net *.b-cdn.net *.visualwebsiteoptimizer.com edge.disstg.commercecloud.salesforce.com *.salesforce.com *.dmxleo.com pixel.rubiconproject.com cdn.cookielaw.org *.snapchat.com *.google.com *.postcodeanywhere.co.uk *.gstatic.com www.googletagmanager.com *.googleapis.com wingify-assets.s3.amazonaws.com *.pinterest.com *.facebook.com www.google.rs www.google.com *.clarity.ms *.bing.com app.vwo.com *.kustomerhostedcontent.com *.doubleclick.net *.emxdgt.com x.bidswitch.net ib.adnxs.com contextual.media.net rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com *.criteo.com; worker-src 'self' blob: *.brownsshoes.com; frame-src app.vwo.com *.kustomer.help *.visualwebsiteoptimizer.com vgdelivery.com *.vimeo.com *.youtube.com *.kaptcha.com static.criteo.net *.googlesyndication.com *.criteo.com *.snapchat.com *.facebook.com *.doubleclick.net *.brownsshoes.com *.pinterest.com; frame-ancestors 'self'; report-uri https://brownsshoes-csp-reporting.yemora.com/collect 1
frame-ancestors 'self' http://webvisor.com https://metrika.yandex.ru https://ad.adriver.ru https://ads.adfox.ru https://vk.com https://mirtesen.ru https://karusel-tv.mirtesen.ru http://karusel-tv.mirtesen.ru https://gg2023.karusel-tv.ru https://free.karusel-tv.ru 1
frame-ancestors 'self' https://*.agc.org https://*.webex.com https://*.socio.events https://*.youtube.com 1
frame-src 'unsafe-inline' 'unsafe-eval' https: *.violet.vn *.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.google.com *.eclick.vn *.polyad.net https://g.eclick.vn/ https://pagead2.googlesyndication.com/ 1
frame-ancestors 'self' *.evergage.com *.evgnet.com *.vimeo.com *.hotjar.com https://fuse-event.com;frame-src 'self' blob: https:;default-src 'self' 'unsafe-inline' blob: https:;font-src 'self' https: data:;script-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:;connect-src 'self' wss: data: https: blob:; 1
frame-ancestors 'self' https://www.casamentos.com.br https://comunidade.casamentos.com.br https://landing.casamentos.com.br 1
frame-ancestors 'self' https://www.anaconda.com https://anaconda.com http://www.anaconda.com http://anaconda.com http://*.anaconda.com https://anaconda.cloud https://*.anaconda.cloud https://test-anaconda.skilljar.com https://accounts.skilljar.com 1
default-src 'self'; child-src https://notificacion.incibe-cert.es/; connect-src 'self' https://*.googleusercontent.com https://maps.googleapis.com https://*.flickr.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://*.incibe.es https://*.osi.es https://antibotnet.osi.es/ https://www.youtube.com https://www.vimeo.com https://*.vimeo.com https://www.google.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://www.youtube-nocookie.com https://notificacion.incibe-cert.es/ https://player.flipsnack.com/; img-src 'self' https://i.ytimg.com/ https://www.facebook.com https://cdn.syndication.twimg.com https://*.twimg.com https://platform.twitter.com https://maps.gstatic.com https://maps.googleapis.com https://developers.google.com https://*.global.siteimproveanalytics.io https://live.staticflickr.com https://*.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://siteimproveanalytics.com https://www.google.com https://www.gstatic.com https://*.facebook.net https://www.facebook.com https://*.twitter.com https://twitter.com https://*.flickr.com https://www.google-analytics.com https://www.googletagmanager.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://polyfill.io https://unpkg.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://*.twimg.com https://platform.twitter.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://platform.twitter.com https://*.twimg.com https://fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com; frame-ancestors 'self' https://*.incibe.es/ https://proxy.sni-des-publica.sni.dev.incibe.es/ 1
child-src 'self'; connect-src 'self'; default-src 'none'; font-src 'self'; form-action 'self' https://eyfs.info https://billing.tapestry.info https://billing.tapestryjournal.com.au https://cpd.tapestry.info; frame-ancestors 'none'; img-src 'self' blob: data:; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self' 1
manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'self' clientelastaging.papersource.com https://www.papersource.com/ www.papersource.com https://design.papersource.com/ https://*.rewardstyle.com; form-action 'self' https://1.camp.papersource.com:9101 https://accounts.google.com https://www.facebook.com https://design.papersource.com/ https://*.bizrate.com  geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://papersource.resultsstage.com https://tagmanager.google.com https://papersource.resultspage.com https://cdn.cookielaw.org https://*.rewardstyle.com *.googletagmanager.com *.impactcdn.com https://*.bizrate.com  *.adobe.com fonts.googleapis.com fastly-cloud.typenetwork.com/projects/7821/fontface.css unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://core.spreedly.com https://papersource.resultspage.com https://app.customily.com https://js-agent.newrelic.com https://papersource.resultsstage.com https://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://*.optimove.net https://*.optimove.events https://static.zdassets.com https://bam.nr-data.net https://z.moatads.com https://v1.addthisedge.com https://widget-mediator.zopim.com/* https://widgets.pinterest.com https://graph.facebook.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://assets.pinterest.com/js/pinmarklet.js https://cdn.gartnerstudios.com https://tags.bkrtx.com https://cdn.attn.tv *.mouseflow.com  https://cdn.cookielaw.org https://secure.quantserve.com/quant.js https://*.channeladvisor.com/ https://connect.facebook.net/ https://*.pinimg.com/ https://bat.bing.com/ https://rules.quantcount.com/ https://*.go-mpulse.net/ https://*.pinterest.com/ https://*.sli-spark.com/  https://embed.acuityscheduling.com/ https://*.rewardstyle.com https://*widget.gleamjs.io *.impactcdn.com https://utt.impactcdn.com https://*.bizrate.com  https://*.arttrk.com/pixel/  https://arttrk.com https://sts.eccmp.com  https://s.t.papersource.com https://*.gleamjs.io assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com https://*.customily.com https://*.amazonaws.com *.vantivprelive.com *.vantivcnp.com https://www.mczbf.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; media-src https://static.zdassets.com *.adobe.com; img-src 'self' data: https://*.scene7.com https://*.paypal.com https://www.paypalobjects.com https://store.paradoxlabs.com https://papersource.resultsstage.com https://assets.resultspage.com https://www.google-analytics.com https://*.optimove.net https://*.gstatic.com https://www.googletagmanager.com https://bam.nr-data.net https://stats.g.doubleclick.net https://api.gartnerstudios.com https://app.customily.com https://cm.g.doubleclick.net/pixel* https://create.paper-source.com/* https://gcm.optimove.events/setCookie* https://www.addthis.com/bookmark.php https://log.pinterest.com https://cm.g.doubleclick.net https://gcm.optimove.events https://www.google.com/ads/ga-audiences https://*.google.com https://*.papersource.com https://*.paper-source.com https://*.emjcd.com https://*.dotomi.com *.mouseflow.com  https://cdn.cookielaw.org https://*.pinterest.com/ https://www.google.com.ua/ https://papersource.resultspage.com/ https://design.papersource.com/ https://*.rewardstyle.com https://arttrk.com/ *.impactcdn.com papersource.pxf.io https://www.ojrq.net https://logs-01.loggly.com https://*.bizrate.com   https://sts.eccmp.com  https://s.t.papersource.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com/embed/* https://s7.addthis.com https://assets.pinterest.com https://login.dotomi.com https://www.google.com https://stags.bluekai.com https://core.conversant.mgr.consensu.org https://papersource.attn.tv https://ct.pinterest.com/ https://www.facebook.com/ https://*.attn.tv/ https://*.paypalobjects.com/ https://app.squarespacescheduling.com/ https://*.rewardstyle.com papersource.pxf.io https://*.bizrate.com  fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com creatives.attn.tv c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://static.zdassets.com https://tagmanager.google.com https://papersource.resultsstage.com https://papersource.resultspage.com/ fonts.googleapis.com fonts.gstatic.com https://*.customily.com https://*.amazonaws.com 'self' data: fastly-cloud.typenetwork.com/projects/7821/ data: 'self' 'unsafe-inline'; connect-src 'self' https://*.addthis.com https://www.paypal.com https://*.optimove.events https://*.optimove.net https://ekr.zdassets.com https://www.google-analytics.com/collect https://www.google-analytics.com/r/collect https://papersource.zendesk.com https://bam.nr-data.net wss://widget-mediator.zopim.com/* wss://widget-mediator.zopim.com https://static.zdassets.com https://app.customily.com https://integration9tracksdk-stg.optimove.net https://integration9tracksdk-stg.optimove.net/* https://integration9tracksdk-stg.optimove.net/piwik.php https://api.gartnerstudios.com/ https://cdn.gartnerstudios.com/ https://1.camp.papersource.com:9101/gartner/images https://*.sjwoe.co https://*.pinterest.com  https://cdn.cookielaw.org  https://*.googleapis.com https://*.go-mpulse.net/ https://*.akstat.io/ https://www.sjwoe.com/ https://geolocation.onetrust.com/ https://*.akamaihd.net/ https://*.rewardstyle.com  papersource.pxf.io https://*.bizrate.com  https://s.t.papersource.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://*.customily.com https://*.amazonaws.com 'self' data: *.mczbf.com *.doubleclick.net *.google-analytics.com *.zendesk.com *.optimove.net *.zopim.com *.attn.tv *.attentivemobile.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; default-src 'self' https://static.zdassets.com https://s7.addthis.com/static/sh* https://*.rewardstyle.com https://*.arttrk.com/ https://*.bizrate.com  https://*arttrk.com/pixel/  'self' 'unsafe-inline' 'unsafe-eval'; worker-src 'self' https://core.spreedly.com https://s7.addthis.com https://www.youtube.com/embed/*; 1
img-src 'self' *.prysmian.com www.google.com www.google.it *.google-analytics.com www.facebook.com *.linkedin.com maps.gstatic.com *.googleapis.com *.ggpht.com *.doubleclick.net img.youtube.com curator-assets.b-cdn.net platform-cdn.sharethis.com www.googletagmanager.com media.corporate-ir.net px.ads.linkedin.cn beincontact.becloudsolutions.com i.vimeocdn.com l.sharethis.com imgsct.cookiebot.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.prysmian.com www.prysmiangroupcatalogue.com pi.pardot.net rum-static.pingdom.net platform-api.sharethis.com *.cookiebot.com *.hotjar.com static.doubleclick.net googleads.g.doubleclick.net *.adform.net maps.googleapis.com www.googleapis.com jnn-pa.googleapis.com maps.gstatic.com www.gstatic.com www.google.com ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.facebook.com connect.facebook.net static.xx.fbcdn.net px.ads.linkedin.com syndication.teleborsa.it snap.licdn.com static.cloudflareinsights.com cdnjs.cloudflare.com cdn.curator.io cdn.jsdelivr.net buttons-config.sharethis.com platform.twitter.com platform.linkedin.com s3.amazonaws.com pi.pardot.com cdn.livechatinc.com d335luupugsy2.cloudfront.net beincontact.becloudsolutions.com viewer.diagrams.net app.diagrams.net *.cloudfront.net www.scribd.com *.cloudflare.com cdn.babylonjs.com code.jquery.com eu.acsbapp.com blob: ; object-src 'self' www.youtube.com; 1
object-src *; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'self' blob:; base-uri https: http: 1
child-src blob:; connect-src * https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'none'; frame-src https://*.fls.doubleclick.net https://td.doubleclick.net https://www.google.com https://www.youtube.com https://www.paypal.com; img-src * self blob: data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googleanalytics.com https://www.paypal.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' assets.emarsys.net bat.bing.com c.searchhub.io cdn.exactag.com connect.ekomi.de https://*.outbrain.com https://apis.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.googlecommerce.com https://www.googletagmanager.com m.exactag.com sst.roller.de tm.roller.de https://www.paypal.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; worker-src * blob:; 1
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net viewer.byondxr.com cdn.livechatinc.com mediacdn.espssl.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://ghirardelli.slgnt.us https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER https://optmize.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com 'self' data: https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com https://mcstaging.russellstover.com https://mcstaging.lindtusa.com https://mcstaging.ghirardelli.com https://mcprod.lindtusa.com *.googleadservices.com *.yieldify.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://cdn.livechat-static.com *.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.magento-ds.com *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com byondxr-viewer.byondxr.com web-apps.byondxr.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.youtube.com *.livechatinc.com *.serverdata.net *.tiktok.com *.listrakbi.com *.listrak.com *.mczbf.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com landofcoder.com https://www.youtube.com https://acsbapp.com/apps/app/dist/js/app.js https://cdn.noibu.com/collect.js https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js tinyurl.com/LINDT-LAUNCHER *.yieldify.com *.fraud0.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://cdn.attn.tv https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.amazonaws.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com https://cloud.typography.com https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' cookie-cdn.cookiepro.com https://cookie-cdn.cookiepro.com https://cdn.cookiepro.com/scripttemplates/*/assets 'self' 'unsafe-inline'; object-src landofcoder.com tinyurl.com/LINDT-LAUNCHER 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com landofcoder.com https://vc.hotjar.io https://cdn.linkedin.oribi.io https://byondxr-viewer.byondxr.com/launcher/1.0.58/package/index.js *.fraud0.com *.lindtusa.com *.yieldify.com *.googleapis.com https://content.hotjar.io wss://ws.hotjar.com https://metrics.hotjar.io https://lindt-us.attn.tv https://events.attentivemobile.com lindt.attn.tv cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://bat.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com https://viewer.byondxr.com https://web-apps.byondxr.com https://app.byondxr.com https://byondxr-viewer.byondxr.com https://app.byondvr.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.washburn.edu www.washburnlaw.edu www.washburntech.edu d2l.washburn.edu experience-test.elluciancloud.com experience.elluciancloud.com  mulvaneartmuseum.org; 1
frame-ancestors 'self' adressverzeichnis.ekd.de https://*.etracker.com; 1
frame-ancestors https://www.useetv.com https://www.rctiplus.com https://technology.uzone.id https://entertainment.uzone.id https://automotive.uzone.id https://travel.uzone.id https://movie.uzone.id https://hangout.uzone.id http://internetpositif.uzone.id http://mercusuar.uzone.id https://sport.uzone.id https://health.uzone.id https://games.uzone.id https://startup.uzone.id https://telco.uzone.id https://gadget.uzone.id https://digilife.uzone.id https://www.alexa.com https://certify-js.alexametrics.com https://sun.uzone.id http://sun.uzone.id https://sun.uzone.id/trending/ https://sun.uzone.id/article/  https://uzone.id 1
upgrade-insecure-requests; frame-ancestors 'self' *.fontspring.com; default-src 'self' *.fontspring.com data: blob: 'unsafe-inline' 'unsafe-eval' chrome-extension *.microsofttranslator.com microsofttranslator.com *.bing.com bing.com *.matcherator.com matcherator.com *.braintreegateway.com braintreegateway.com *.braintree-api.com braintree-api.com *.paypalobjects.com paypalobjects.com *.paypal.com paypal.com *.tipalti.com *.recaptcha.net recaptcha.net *.google.com google.com *.gstatic.com gstatic.com *.googleapis.com googleapis.com *.pipedrive.com *.gravatar.com gravatar.com *.mcusercontent.com mcusercontent.com *.youtube-nocookie.com youtube-nocookie.com *.youtube.com youtube.com *.ytimg.com ytimg.com *.vimeo.com vimeo.com *.figma.com figma.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.googleadservices.com googleadservices.com *.doubleclick.net doubleclick.net *.googlesyndication.com *.hotjar.com hotjar.com *.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com wingify-assets.s3.amazonaws.com s3.amazonaws.com *.emjcd.com www.sjwoe.com idsync.rlcdn.com members.cj.com *.amplitude.com browser-intake-datadoghq.com; report-uri https://www.fontspring.com/error/csp_report; report-to default 1
frame-ancestors 'self' https://*.zaxy.com.br https://*.sandaliasipanema.com.br https://*.lojacartago.com.br https://*.grendenekids.com.br https://*.grendha.com.br https://*.shopmelissaeu.com https://*.shopmelissa.com https://*.grendene.com.br 1
default-src 'self' fonts.gstatic.com; connect-src 'self' stats.avocat.fr; frame-src 'self' annuaire.avocat.fr platform.twitter.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data: stats.avocat.fr www.avocat.fr; object-src 'self'; script-src 'self' ajax.googleapis.com stats.avocat.fr connect.facebook.net platform.linkedin.com platform.twitter.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-ancestors 'self'; report-uri https://www.avocat.fr/report-uri/enforce 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; object-src 'none'; worker-src 'self'; block-all-mixed-content 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.googleapis.com  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://fonts.gstatic.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.youtube-nocookie.com  https://yahoo.com  https://yieldlab.net  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.vrxs.de  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://lidl.qualifioapp.com  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://www.youtube-nocookie.com  https://yahoo.com  https://yieldlab.net; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  'unsafe-inline'  https://*.advertising.com  https://*.adyen.com  https://*.assets.lidl  https://*.criteo.com  https://*.criteo.net  https://*.demdex.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.lidl-shop.be  https://*.lidl.be  https://*.online-metrix.net  https://*.openx.net  https://*.parcellab.com  https://*.pubmatic.com  https://*.stickyadstv.com  https://*.taboola.com  https://*.tradedoubler.com  https://*.twiago.com  https://*.xplosion.de  https://*.yahoo.com  https://*.yieldlab.net  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://analytics.google.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://content.odj.cloud  https://contextual.media.net  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://lidl.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://match.sharethrough.com  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://play-lh.googleusercontent.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://sync.outbrain.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://translate.google.com  https://twiago.com  https://visitor.omnitagjs.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  https://localhost  https://*.adyen.com  https://*.criteo.com  https://*.criteo.net  https://*.demoup.com  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.googleapis.com  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'  https://*.criteo.com  https://*.criteo.net  https://*.doubleclick.net  https://*.fitanalytics.com  https://*.googleapis.com  https://*.lidl-shop.be  https://*.online-metrix.net  https://*.parcellab.com  https://*.tradedoubler.com  https://*.xplosion.de  https://*.yahoo.com  https://3218-4706-m.edge-cdn.net  https://act.webmasterplan.com  https://addthis.com  https://advertising.com  https://awin1.com  https://casalemedia.com  https://cloud.news.lidl.be  https://criteo.com  https://demdex.net  https://doubleclick.net  https://dsp-user-sync.emetriq.de  https://dwin1.com  https://etracker.de  https://facebook.com  https://glami.cz  https://hlserve.com  https://ih.adscale.de  https://im9.cz  https://imedia.cz  https://liadm.com  https://lidl-shop.com  https://lidl-shop.be  https://ligadx.com  https://ligatus.com  https://login.dognet.be  https://m6r.eu  https://media.net  https://nxtck.com  https://omnitagjs.com  https://openx.net  https://outbrain.com  https://partners.webmasterplan.com  https://pubmatic.com  https://quantserve.com  https://rlcdn.com  https://s.ytimg.com  https://seznam.cz  https://sharethrough.com  https://smartadserver.com  https://smartclip.net  https://sspqns.com  https://st.smartassistant.com  https://stickyadstv.com  https://t.semtrack.de  https://taboola.com  https://teads.tv  https://tracker.marinsm.com  https://tracking.m6r.eu  https://tradetracker.net  https://twiago.com  https://www.dwin1.com  https://www.edge-cdn.net  https://www.google-analytics.com  https://www.googleadservices.com  https://www.jsctool.com  https://www.lead-alliance.net  https://yahoo.com  https://yieldlab.net; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self' static-cdn.mackeeper.com static-cdn.sz.mackeeper.com;frame-ancestors 'self' *.cleverbridge.com;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.mackeeper.com *.facebook.com *.youtube.com *.trustpilot.com *.criteo.com;child-src 'self';form-action 'self';img-src 'self' data: *.kromtech.net *.mackeeper.com *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.outbrain.com *.gstatic.com http://mackeeper.com https://mackeeper.com *.atdmt.com https://files.clario.co https://c.clarity.ms https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.shopperapproved.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.youtube.com *.ytimg.com *.taboola.com *.outbrain.com *.trustpilot.com http://mackeeper.com https://mackeeper.com http://support.zoomsupport.com http://crm.zoomsupport.com http://chat-crm.zoomsupport.com *.criteo.net *.criteo.com https://polyfill.io/v3/polyfill.min.js https://www.dwin1.com http://www.youtube.com/player_api https://zchat.account.sz.mackeeper.com https://zchat.account.mackeeper.com https://files.clario.co *.clarity.ms *.googleoptimize.com *.sentry-cdn.com *.shopperapproved.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.google.com http://mackeeper.com https://mackeeper.com *.shopperapproved.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com *.shopperapproved.com;object-src 'none';connect-src 'self' *.facebook.com *.mackeeper.com http://mackeeper.com https://mackeeper.com *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com https://analytics.google.com wss://*.hotjar.com *.taboola.com *.outbrain.com http://rp.liadm.com https://rp.liadm.com https://bat.bing.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.clarity.ms https://sentry.cloudmccloud.com https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ 1
frame-ancestors 'self' *.salesforce.com *.force.com; 1
default-src'self'; 1
base-uri 'none';frame-ancestors https://*.montecarlosbm.com;form-action 'self' javascript:; manifest-src 'self';default-src 'none';frame-src https:;style-src-elem https: 'unsafe-inline';script-src 'unsafe-eval';style-src https: 'unsafe-inline';script-src-elem https: 'unsafe-inline'; media-src blob:; img-src https: data:; font-src 'self' data: https:; worker-src 'self' blob:;connect-src * wss: https:; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' *.onetrust.com *.api.rlcdn.com *.bidr.io *.adform.net *.atdmt.com https://pagead2.googlesyndication.com https://adservice.google.co.uk https://adservice.google.com https://*.g.doubleclick.net https://tpc.googlesyndication.com https://maps.googleapis.com https://bat.bing.com https://cdn.ampproject.org https://www.google.com blob: *.lawsociety.org.uk *.googleadservices.com *.googletagservices.com *.googleoptimize.com static.cloudflareinsights.com *.cloudfront.net btloader.com; frame-src https: data: *.googletagservices.com *.lawsociety.org.uk; style-src https: 'unsafe-inline' tagmanager.google.com optimize.google.com; img-src https: data: blob: https://pagead2.googlesyndication.com https://www.googletagservices.com https://adservice.google.co.uk https://adservice.google.com https://*.g.doubleclick.net https://www.googleadservices.com https://tpc.googlesyndication.com https://maps.googleapis.com https://bat.bing.com https://cdn.ampproject.org https://www.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com ad-delivery.net; media-src https: data: blob:; font-src https: data:; connect-src https: wss: *.analytics.google.com *.cloudflareinsights.com *.pubgalaxy.com; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.lawgazette.co.uk; 1
default-src 'self' 'unsafe-inline' blob: *; object-src 'none'; img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' *; connect-src 'self' *; font-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org https://cdn.cookielaw.org https://www.googletagmanager.com https://securepubads.g.doubleclick.net http://connect.facebook.net https://cybercook-assets.storage.googleapis.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googleadservices.com https://adservice.google.com.br https://adservice.google.com http://cdn.pn.vg; frame-src *; style-src-elem 'self' 'unsafe-inline' *; script-src-elem 'self' 'unsafe-inline' *; manifest-src https://cybercook-assets.storage.googleapis.com; worker-src 'self' data blob:; 1
frame-ancestors 'self' https://cgmpi.creditguard.co.il https://pps.creditguard.co.il https://prod.memcyco.com  https://services.israelpost.co.il 1
script-src 'nonce-q2wmzFcdsm81Dve8ZDA/og==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=c3ec47e0-abee-4a87-aa55-858e27a7ea7f; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
form-action 'self'; frame-ancestors 'self' *.grandlyon.com; img-src 'self' unpkg.com *.grandlyon.com *.meteo-lyon.net *.data.grandlyon.com *.googleapis.com *.gstatic.com *.ytimg.com *.facebook.com t.co data:; script-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval' www.grandlyon.com 'self' *.data.grandlyon.com unpkg.com *.youtube.com play.google.com *.googleapis.com *.addthis.com *.moatads.com *.doubleclick.net *.ytimg.com *.onlymoov.com *.facebook.com *.twitter.com *.facebook.net use.typekit.net 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.heritagefund.org.uk/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.express-scripts.com *.mdlive.com *.adobedtm.com *.qualtrics.com *.cigna.com *.s3.amazonaws.com *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net app.link *.googleapis.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com; child-src 'self' blob: *.mdlive.com *.express-scripts.com *.s3.amazonaws.com *.youtube.com *.vimeo.com *.google.com; connect-src 'self' *.mdlive.com *.mktoresp.com *.adobedtm.com *.brightcove.com *.s3.amazonaws.com *.qualtrics.com *.mktoutil.com *.nr-data.net *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net *.prod.boltdns.net *.akamaihd.net app.link *.express-scripts.com tlt.cigna.com cdn.cookielaw.org *.onetrust.com *.optimizely.com *.googlesyndication.com *.bing.com *.verint-cdn.com *.wevalueyourfeedback.com; font-src 'self' data: *.mdlive.com fonts.googleapis.com themes.googleusercontent.com fonts.gstatic.com *.marketo.com *.qualtrics.com *.verint-cdn.com *.wevalueyourfeedback.com; frame-src 'self' *.mdlive.com static.addtoany.com *.marketo.com *.demdex.net *.brightcove.net *.s3.amazonaws.com *.trustpilot.com *.qualtrics.com *.youtube.com *.vimeo.com activitymap.adobe.com pixel.sitescout.com *.facebook.com *.google.com *.doubleclick.net; img-src 'self' data: *.mdlive.com *.brightcove.com brightcove.hs.llnwd.net *.destinationrx.com *.qualtrics.com *.s3.amazonaws.com *.marketo.com *.express-scripts.com *.branch.io *.omtrdc.net *.edge.adobedc.net *.demdex.net *.everesttech.net *.prod.boltdns.net i.ytimg.com app.link tlt.cigna.com cdn.cookielaw.org *.onetrust.com px.gumgum.com *.reddit.com pixel.sitescout.com *.facebook.com *.googletagmanager.com *.google.com bat.bing.com *.verint-cdn.com *.wevalueyourfeedback.com; media-src 'self' blob: *.brightcove.com *.s3.amazonaws.com *.prod.boltdns.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mdlive.com *.adobedtm.com *.googletagmanager.com munchkin.marketo.net *.brightcove.com *.marketo.com *.mktoresp.com *.brightcove.net *.qualtrics.com *.s3.amazonaws.com activitymap.adobe.com *.branch.io *.everestjs.net *.omtrdc.net *.edge.adobedc.net *.demdex.net app.link tlt.cigna.com cdn.cookielaw.org *.onetrust.com js-agent.newrelic.com cdn01.basis.net *.redditstatic.com *.facebook.com *.facebook.net *.google.com *.optimizely.com *.pardot.com *.gstatic.com *.doubleclick.net bat.bing.com *.verint-cdn.com *.wevalueyourfeedback.com assets.adobedtm.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://widget.trustpilot.com https://www.google.com; style-src 'self' 'unsafe-inline' *.mdlive.com fonts.googleapis.com fonts.gstatic.com *.marketo.com *.s3.amazonaws.com *.verint-cdn.com *.wevalueyourfeedback.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' *.express-scripts.com *.mdlive.com 1
frame-ancestors 'self' https://shop.doterra.com; 1
default-src * 'self' data: https: blob: 'unsafe-inline' 'unsafe-eval'; frame-src *; frame-ancestors https://*.offshore-energy.biz 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: google.com.sa *.google.com.sa googleapis.com *.googleapis.com fonts.googleapis.com gstatic.com *.gstatic.com fonts.gstatic.com cloudflare.com *.cloudflare.com google-analytics.com *.google-analytics.com google.com *.google.com linkedin.com *.linkedin.com googletagmanager.com *.googletagmanager.com cloudfront.net *.cloudfront.net doubleclick.net *.doubleclick.net 1
form-action 'self'; block-all-mixed-content 1
default-src 'self'  *.oda.com;img-src 'self' *.oda.com  blob: data: bilder.kolonial.no cdn.sanity.io i.vimeocdn.com translate.googleapis.com *.arcgisonline.com *.openstreetmap.org ct.pinterest.com log.pinterest.com www.facebook.com connect.facebook.net *.google-analytics.com www.google.no *.google.com *.g.doubleclick.net 11208031.fls.doubleclick.net ad.doubleclick.net pagead2.googlesyndication.com ade.googlesyndication.com *.ads.linkedin.com www.linked.com www.google.de www.google.fi www.google.no www.google.se *.googletagmanager.com oda.com storage.googleapis.com *.snapchat.com bat.bing.com analytics.pangle-ads.com log.adtraction.fail checkoutshopper-live.adyen.com;style-src 'unsafe-inline' 'self' *.oda.com translate.googleapis.com;script-src 'self' 'unsafe-eval'  *.oda.com  'sha256-QLN4/tVmbx4rIRUIwpoTvMI9PyCLdP+V6RSDfQMVEfM=' 'sha256-7C5AyJx/YDtxNgjZ4D6t9exKP12YYEQyAyHZb6AS+Js=' 'sha256-N4/5hGfx8xkPtfVswEIqYnX0T8THpCSI4Z57gINwoUw=' js.sentry-cdn.com browser.sentry-cdn.com messenger.dixa.io widget.trustpilot.com connect.facebook.net s.pinimg.com ct.pinterest.com www.google.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com *.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com snap.licdn.com sc-static.net *.snapchat.com bat.bing.com analytics.tiktok.com gtm.adt313.net tagmanager.google.com;connect-src 'self' *.oda.com   *.sentry.io 1teetjp9.apicdn.sanity.io 1teetjp9.api.sanity.io cdn.sanity.io translate.googleapis.com messenger.dixa.io messenger-edge.dixa.io www.facebook.com ct.pinterest.com *.google.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com www.google.de www.google.fi www.google.no pagead2.googlesyndication.com ad.doubleclick.net *.g.doubleclick.net cdn.linkedin.oribi.io px.ads.linkedin.com *.snapchat.com bat.bing.com analytics.tiktok.com analytics.pangle-ads.com bat.bing.com log.adtraction.fail gtm-sst-se.mathem.se checkoutshopper-live.adyen.com;frame-src acs.3dsecure.no player.vimeo.com www.youtube.com messenger.dixa.io widget.trustpilot.com ct.pinterest.com www.facebook.com *.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net tpc.googlesyndication.com *.snapchat.com checkoutshopper-live.adyen.com;font-src 'self' *.oda.com;base-uri 'none';object-src 'none'; 1
frame-ancestors https://*.infomaniak.com https://*.infomaniak.ch 1
frame-ancestors 'self';frame-src 'self' forms-eu1.hsforms.com www.youtube-nocookie.com; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.banq.qc.ca/report-uri/enforce 1
default-src 'self'; script-src-elem * 'self' 'unsafe-inline' https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com www.googleadservices.com www.google.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://tagmanager.google.com https://www.google-analytics.com; img-src 'self' data: https://images.ctfassets.net https://www.google.com.ar/ads/ga-audiences https://www.googletagmanager.com https://*.openstreetmap.org https://*.doubleclick.net/ https://www.facebook.com https://*.hotjar.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.mx https://*.google.com.pa https://*.google.com.ni https://*.google.co.cr https://*.google.com.do https://*.google.com.sv https://*.google.com.gt https://*.google.com.hn https://googleads.g.doubleclick.net https://www.google.com https://google.com googleads.g.doubleclick.net www.google.com google.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://www.google.com.mx https://x.bidswitch.net https://pixel.tapad.com https://image2.pubmatic.com https://sync.crwdcntrl.net https://us-u.openx.net https://s.ad.smaato.net https://dpm.demdex.net https://sync.admanmedia.com https://sync.1rx.io https://match.adsrvr.org https://rtb-csync.smartadserver.com https://aa.agkn.com https://sync.cootlogix.com https://fei.pro-market.net https://secure.adnxs.com https://onetag-sys.com https://ssl.gstatic.com https://www.gstatic.com https://ums.acuityplatform.com https://s.amazon-adsystem.com https://bam.nr-data.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' https://fonts.gstatic.com https://*.hotjar.com http://db.onlinewebfonts.com https://fonts.gstatic.com data:; frame-src 'self' https://*.cloudfront.net https://skyvideo.custhelp.com https://*.sky.com.mx https://*.doubleclick.net https://bid.g.doubleclick.net bid.g.doubleclick.net https://*.fls.doubleclick.net https://s.amazon-adsystem.com https://bam.nr-data.net https://www.facebook.com https://www.google.com/ https://*.publicidadmarcas.com; connect-src 'self' https://qamisky.sky.com.mx:8443 https://miespaciosky.sky.com.mx:8443 data: https://maps.googleapis.com https://analytics.google.com https://analytics.tiktok.com https://*.sky.com.mx https://assets.ctfassets.net https://*.doubleclick.net https://www.google.com wss://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.mx https://*.google.com.pa https://*.google.com.ni https://*.google.co.cr https://*.google.com.do https://*.google.com.sv https://*.google.com.gt https://*.google.com.hn https://script.crazyegg.com https://s.amazon-adsystem.com https://bam.nr-data.net https://www.facebook.com; media-src 'self' https://videos.ctfassets.net https://*.youtube.com; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.bcvcdn.com *.bngprm.com *.wlicdn.com *.google.com https://www.google.com *.hcaptcha.com hcaptcha.com challenges.cloudflare.com *.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net *.gstatic.com fonts.googleapis.com cdn.fluidplayer.com https://blog.bongacams.com https://blog.bongacams.net *.bongacash.com bongacash.com i.bongacash.com i.bcshcdn.com bngprm.com bngpst.com bngrol.com bngpop.com bcmspt.com bngdin.com dynspt.com ecdyn.com i.bngprm.com i.bngpst.com i.bngrol.com i.bngpop.com i.bcmspt.com i.bngdin.com i.dynspt.com i.ecdyn.com *.bongacams.com *.bongacams.net; img-src * data:; media-src * data: blob:; frame-ancestors 'self' *.bongacash.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; 1
script-src https://deepnote.com/static/ https://deepnote.com/_next/ 'sha256-ge5aEr6NuTEjpi7Kx5F51JYV1oXcOLg/41XkRxesU8U=' 'sha256-DjNmE5oGqLQpN4lWukvF327xRbOepXM0SEJpzgkARPM=' 'sha256-WjSIjyJ5plRPzTbKd8I2aO8CDm/6yrbazPZZzOk3XBI=' 'sha256-hCwFMKoKkkKTHq9yy4W5ZyD4pu30TiMNtLg48CxuQcM=' 'sha256-kv3Z1yrTmcHk7jjupECh+4aqpRM/SmVGM4mWGjPfsQo=' 'unsafe-eval' 'report-sample' https://www.googleoptimize.com/ https://connect.facebook.net/en_US/sdk.js https://cdn.segment.com/ https://js.stripe.com/v3 https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/debug/ https://*.clearbitscripts.com https://*.clearbitjs.com https://www.googleadservices.com/pagead/conversion/ https://static.ads-twitter.com/uwt.js https://tag.clearbitscripts.com https://polyfill.io/v2/ https://connect.facebook.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com/ https://*.hcaptcha.com/ https://cdn.sprig.com https://api.sprig.com https://widget.intercom.io https://js.intercomcdn.com https://fast.wistia.com/ https://www.google-analytics.com/analytics.js https://*.hs-scripts.com/ https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://www.redditstatic.com/ads/pixel.js https://bat.bing.com https://www.googletagmanager.com/gtag/destination https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://snap.licdn.com/ https://cdn.iframe.ly  ;base-uri 'self';object-src 'none';worker-src 'self' blob: 1
policy-uri /'self' 1
default-src 'self' https:; connect-src 'self' https: http://localhost:3036 ws://localhost:3036 http://localhost:3020 http://localhost:3010; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; base-uri 'none'; script-src 'self' https: http://localhost:3020 'unsafe-inline'; style-src 'self' https: http://localhost:3020 'unsafe-inline' 1
script-src 'self' https://cdn.jsdelivr.net/gh/highlightjs/ https://cdn.jsdelivr.net/npm/mathjax@3/ https://polyfill.io/v3/;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/highlightjs/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css; 1
frame-ancestors 'self' www.cotswoldoutdoor.com  ; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net aax-eu.amazon-adsystem.com bat.bing.com s.amazon-adsystem.com *.amazon-adsystem.com lo.v.liveperson.net googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com lptag.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com *.mcmprod.hsbc.co.uk ssl.google-analytics.com www.firstdirect.com t.contentsquare.net app.contentsquare.com tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.twitter.com t.co *.walkme.com *.omguk.com *.adsrvr.org cliveperson.com *.contentsquare.com *.qualtrics.com *.quantserve.com *.outbrain.com *.taboola.com *.vjs.zencdn.net www.mcmprod.hsbc.co.uk cdn.optimizely.com cdn-assets-prod.s3.amazonaws.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; img-src data: * blob: *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.co.uk *.appdynamics.com *.we-stats.com bat.bing.com *.siteintercept.qualtrics.com adservice.google.com www.facebook.com http://127.0.0.1:5000 http://127.0.0.1:5000/* *.brightcovecdn.com www.google.com www.firstdirect.com www.googletagmanager.com ad.doubleclick.net cdnbc-wup.firstdirect.com *.analytics.google.com akamai.tiqcdn.com www.google-analytics.com collect.tealiumiq.com r.contentsquare.net c.contentsquare.net analytics.google.com *.mcmprod.hsbc.co.uk *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.contentsquare.com *.qualtrics.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net translate.googleapis.com lpcdn.lpsnmedia.net stats.g.doubleclick.net www.google.co.uk cdn-assets-prod.s3.amazonaws.com k-aeu1.contentsquare.net *.customers.biocatch.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com analytics.tiktok.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net cdntm.firstdirect.com www.facebook.com www.youtube.com 8071237.fls.doubleclick.net *.demdex.net *.walkme.com liveperson.com *.qualtrics.com *.pinimg.com *.pinterest.com *.analytics.tiktok.com *.online-metrix.net analytics.tiktok.com; frame-ancestors 'self' www.firstdirect.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com; worker-src 'self' blob: *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com manifest.prod.boltdns.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
frame-ancestors http://*.kindermorgan.com https://*.kindermorgan.com 1
frame-ancestors https://ads.tiktok.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.maxmind.com *.googletagmanager.com *.en25.com cookiebot.com *.cookiebot.com *.google-analytics.com *.google.com google.com *.google.co.nz *.eloqua.com *.gstatic.com *.googleapis.com *.doubleclick.net *.azureedge.net *.clarity.ms *.swiftype.com *.facebook.net *.pinimg.com *.maxymiser.net *.livechatinc.com *.adnxs.com *.twitter.com *.jotform.io *.bing.com c212.net *.jwplatform.com *.pinterest.com *.salesforceliveagent.com d335luupugsy2.cloudfront.net lmimirroralphapvr.azureedge.net *.yotpo.com *.rdstation.com.br *.mathtag.com *.linkedin.com *.pinimg.com sc-static.net *.force.com t.co *.bluekai.com *.snapchat.com vimeo.com *.lesmills.com *.mediatrackr.com youtube.com *.youtube.com lesmills.disco.ac *.googleadservices.com *.angularjs.org browser-update.org cdn.c212.net *.tiktok.com lesmills.my.salesforce.com snap.licdn.com 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.naco.org/report-uri/enforce 1
frame-ancestors 'self' http://*.umh.es  http://*.edu.umh.es https://*.umh.es  https://*.edu.umh.es; 1
frame-ancestors 'self' *.leovegas.com *.casinomodule.com *.yggdrasilgaming.com *.evolutiongaming.com *.gameassists.co.uk *.gameassists.dk *.rgsgames.com *.wagerworks.com *.adform.com *.livetables.io *.regily.com *.casinoalternativen.com *.onlinecasinobonus24.xyz *.livetableshu.com 1
frame-ancestors 'self'  ; 1
frame-ancestors 'self' https://www.visitdenmark.com https://*.www.visitdenmark.com https://api.www.www.visitdenmark.com 1
frame-ancestors 'self' https://histoiredor.popsell.com https://orovivo-tablet.vercel.app 1
default-src https: data: blob: wss://*.zopim.com wss://*.hotjar.com wss://*.noibu.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://app.reskyt.com; upgrade-insecure-requests 1
frame-ancestors 'self' tsssb.unifi.com.my; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com maps.googleapis.com static.cloudflareinsights.com cdnjs.cloudflare.com d81mfvml8p5ml.cloudfront.net dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net ds9p2a60lh6fp.cloudfront.net ad.doubleclick.net www.google-analytics.com www.googleadservices.com https://*.hotjar.com * connect.facebook.net *.vo.msecnd.net bat.bing.com secure.quantserve.com  *.adalyser.com googleads.g.doubleclick.net *.googlesyndication.com www.clarity.ms rules.quantcount.com *.responsetap.com *.freshrelevance.com *.force.com parkdeanresorts.my.salesforce.com parkdeanresorts.my.site.com *.salesforceliveagent.com *.facebook.com *.vars.hotjar.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.typekit.net fonts.googleapis.com *.force.com parkdeanresorts.my.site.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com *.typekit.net fonts.googleapis.com ds9p2a60lh6fp.cloudfront.net *.force.com cdn.livechatinc.com; connect-src 'self' *.eu1.fullstory.com maps.googleapis.com dc.services.visualstudio.com dn1i8v75r669j.cloudfront.net *.dycdn.net am.freshrelevance.com *.g.doubleclick.net *.clarity.ms ws://am.freshrelevance.com *.google-analytics.com stats.g.doubleclick.net *.responsetap.com *.force.com parkdeanresorts.my.site.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src *.parkdeanresorts.co.uk *.vars.hotjar.com vars.hotjar.com *.fls.doubleclick.net *.facebook.com *.youtube.com *.salesforceliveagent.com *.vimeo.com *.force.com flo.uri.sh public.flourish.studio www.google.com secure.livechatinc.com; child-src *.parkdeanresorts.co.uk *.youtube.com *.fls.doubleclick.net *.hotjar.io www.facebook.com kuula.co ds9p2a60lh6fp.cloudfront.net *.responsetap.com *.force.com parkdeanresorts.my.salesforce.com parkdeanresorts.my.site.com *.salesforceliveagent.com *.force.com *.instagram.com platform.instagram.com www.instagram.com *.facebook.com; 1
frame-ancestors 'self' *.applytojob.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.scottsdaleaz.gov https://scottsdaleiwt.cxmflow.com https://*.livehelpnow.net https://*.workflowcloud.com https://*.cognitoforms.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://*.google.com https://cdn.jsdelivr.net https://www.truejob.com https://secure.leadforensics.com https://*.zoomprospector.com https://*.sizeup.com https://siteimproveanalytics.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.recollect.net https://assets.us.recollect.net https://www.youtube-nocookie.com https://www.youtube.com https://cdn.polyfill.io https://z.moatads.com https://stckjs.stackify.com https://oss.maxcdn.com https://code.jquery.com https://my.nicheacademy.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://*.arcgis.com https://www.instagram.com https://cdn.syndication.twimg.com https://widget.surveymonkey.com http://scottsdale.granicus.com; script-src-elem 'self' 'unsafe-inline' https://*.cloudfront.net https://d10hxo0w83tp48.cloudfront.net https://scottsdaleiwt.cxmflow.com https://splsaz.patronpoint.com https://scottsdalepassports.fullslate.com https://widget.sizeup.com https://cdn.insight.sitefinity.com https://resources.zoomprospector.com https://api.recollect.net https://public.lbi.sizeup.com https://application.sizeup.com https://cdn.syndication.twimg.com https://assets.us.recollect.net https://static.ctctcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://js.arcgis.com https://secure.leadforensics.com https://oss.maxcdn.com https://siteimproveanalytics.com https://stackpath.bootstrapcdn.com https://*.cognitoforms.com https://stckjs.stackify.com https://*.google.com https://*.googleapis.com https://widget.surveymonkey.com https://*.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://thunderstone.scottsdaleaz.gov https://*.livehelpnow.net https://cdn.polyfill.io https://*.scottsdaleaz.gov https://cdnjs.cloudflare.com https://my.nicheacademy.com https://oss.maxcdn.com https://z.moatads.com https://scottsdale.zoomprospector.com https://platform.twitter.com https://www.instagram.com https://*.workflowcloud.com https://www.truejob.com; style-src 'self' 'unsafe-inline' https://*.scottsdaleaz.gov https://*.livehelpnow.net https://maxcdn.bootstrapcdn.com https://*.nicheacademy.com https://cdnjs.cloudflare.com https://*.google.com https://*.twimg.com https://*.ctctcdn.com https://*.arcgis.com https://recollect.a.ssl.fastly.net https://www.cognitoforms.com https://platform.twitter.com https://fonts.googleapis.com https://system/css/ip-backend.css; style-src-elem 'self' 'unsafe-inline' https://www.google.com https://scottsdalepassports.fullslate.com https://splsaz.patronpoint.com https://static.ctctcdn.com https://*.googleapis.com https://www.gstatic.com https://*.nicheacademy.com https://cdnjs.cloudflare.com https://ton.twimg.com https://platform.twitter.com https://developer.livehelpnow.net https://js.arcgis.com https://maxcdn.bootstrapcdn.com https://recollect.a.ssl.fastly.net https://www.cognitoforms.com https://thunderstone.scottsdaleaz.gov; img-src 'self' data: https://*.scottsdaleaz.gov https://scottsdalepassports.fullslate.com http://www.scottsdaleaz.gov https://*.scottsdalelibrary.org https://*.choosescottsdale.com https://www.google.ca https://syndication.twitter.com https://www.google.co https://www.google.co.uk https://www.google.com.mx https://www.google.com https://*.ytimg.com https://www.paypalobjects.com https://prod.smassets.net https://*.cloudfront.net https://*.cognitoforms.com https://www.syndetics.com https://*.suiteonemedia.com https://*.livehelpnow.net https://*.arcgis.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.twimg.com https://platform.twitter.com https://www.gstatic.com https://8575.global.siteimproveanalytics.io https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://api.recollect.net https://www.facebook.com http://img.youtube.com; font-src 'self' data: https://fonts.gstatic.com https://*.livehelpnow.net https://*.arcgis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.cognitoforms.com https://scottsdale.polarislibrary.com https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://assets.quadpay.com; connect-src 'self' https://204wdk5l2k.execute-api.us-west-2.amazonaws.com https://d10hxo0w83tp48.cloudfront.net https://participant.connect.us-west-2.amazonaws.com wss://ve9ssukgvevbtq.transport.connect.us-west-2.amazonaws.com https://scottsdaleiwt.cxmflow.com https://visitor2.constantcontact.com https://api.insight.sitefinity.com https://*.scottsdaleaz.gov https://resources.zoomprospector.com https://outlook.office365.com https://*.livehelpnow.net https://*.arcgis.com https://*.googleapis.com https://*.ctctcdn.com https://www.google-analytics.com https://utility.arcgisonline.com https://campaign.constantcontact.com https://stats.g.doubleclick.net https://www.cognitoforms.com https://cognitoprod.blob.core.windows.net https://api.nicheacademy.com https://rum.stackify.com https://new229.com wss://app.livehelpnow.net; media-src 'self' data: https://developer.livehelpnow.net https://cdn.hiretual.com https://*.suiteonemedia.com; object-src 'self'; child-src 'self' blob:; frame-src 'self' data: https://wateruseitwisely.com https://*.scottsdaleaz.gov https://*.google.com https://outlook.office365.com https://experience.arcgis.com https://*.arcgis.com https://*.workflowcloud.com https://www.eventsquid.com https://azscottsdaleccrt1.suiteonemedia.com https://www.arcgis.com https://splsaz.patronpoint.com https://*.suiteonemedia.com https://*.nintex.io https://*.sizeup.com https://www.youtube.com https://www.youtube-nocookie.com https://api.recollect.net https://widget.spreaker.com https://scottsdale.granicus.com https://www.truejob.com https://*.zoomprospector.com https://iframe.c2er.org https://scottsdale.libnet.info https://www.surveymonkey.com https://www.facebook.net https://www.facebook.com https://*.twitter.com https://www.instagram.com https://cos-gis.maps.arcgis.com https://forms.office.com https://www.googletagmanager.com https://my.nicheacademy.com; worker-src 'self' blob:; frame-ancestors 'self' https://scottsdale.granicus.com https://scottsdale-staging.us.localmeasure.com; form-action 'self' https://*.twitter.com https://splsaz.patronpoint.com https://eservices.scottsdaleaz.gov https://scottsdale.polarislibrary.com https://www.paypal.com; report-uri https://eservicestest.scottsdaleaz.gov/reporturi/listener 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-src blob: *; 1
frame-ancestors *.coinstore.com;default-src 'self' *.coinstore.com https: data: gap: 'unsafe-inline' blob: data: wss: data: 'unsafe-eval' ;img-src 'self' *.aliyuncs.com *.cloudflare.com *.google.co.jp *.geevisit.com *.googletagmanager.com *.geetest.com *.coinstore.com *.amazonaws.com *.google-analytics.com data: blob:;media-src 'self' *.coinstore.com *.amazonaws.com *.zdassets.com; connect-src 'self' *.googleapis.com *.zdassets.com *.coinstore.com *.zendesk.com *.google-analytics.com *.doubleclick.net *.google.com *.agora.io *.sd-rtn.com *.easemob.com wss: blob:; 1
default-src 'self' secure.test.bs.ch secure.bs.ch www.staatskalender.bs.ch www.tiefbauamt.test.bs.ch www.tiefbauamt.bs.ch egov-by-zid.ch www.leastyger-photography.ch www.regierungsrat.bs.ch *.showare.ch *.solique.ch de.wikipedia.org *.youtube.com map.geo.test.bs.ch map.geo.bs.ch *.abel-systems.ch www.eventdb.bs.ch www.rechtsprechung.gerichte-bs.ch *.basleratlas.ch *.google.com staticweb.bs.ch statabs.github.io statabs-test.github.io public.tableau.com cdn.knightlab.com service.buschviper.ch hit.uptrendsdata.com draeggwaegg.ch www.ub.basleratlas.ch eepurl.com www.tageskarte-gemeinde.ch blog.staatsarchiv-bs.ch data.bs.ch muenzwurf.statabs.ch marketing.us8.list-manage.com basleratlas.ch 1270.appointmind.net avenue.argusdatainsights.ch seu2.cleverreach.comi multimedia-bs.ch klv.egov.bs.ch *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io proxydk1si.siteimprove.systemsi www.linkedin.com static.licdn.com www.entwicklung.bs.ch wmts.geo.bs.ch;script-src 'self' bdm-bs.bot.abraxas-apis.ch standortmarketing.prog.online s.ytimg.com *.youtube.com *.piwikpro.com 'unsafe-inline' multimedia-bs.ch hit.uptrendsdata.com baselstadt.containers.piwik.pro baselstadt.piwik.pro bot.bs-kt.prod.byerley.ch embed.typeform.com chat.aiaibot.com 'unsafe-eval' map.geo.bs.ch siteimproveanalytics.com platform.twitter.com static.licdn.com www.linkedin.com;connect-src 'self' standortmarketing.prog.online hit.uptrendsdata.com *.piwikpro.com *.piwik.pro *.containers.piwik.pro api.aiaibot.com klv.egov.bs.ch map.geo.bs.ch www.linkedin.com static.licdn.com www.entwicklung.bs.ch wmts.geo.bs.ch;img-src 'self' bdm-bs.bot.abraxas-apis.ch bdm-bs.bot.abraxas-apps.ch *.prog.online multimedia-bs.ch *.piwikpro.com *.abel-systems.ch www.test.bs.ch www.bs.ch hit.uptrendsdata.com *.piwik.pro data: 'unsafe-eval' bot.bs-kt.prod.byerley.ch www.pd-bs.ch *.siteimproveanalytics.io static.licdn.com www.linkedin.com www.entwicklung.bs.ch wmts.geo.bs.ch;style-src 'self' bdm-bs.bot.abraxas-apis.ch 'unsafe-inline' bot.bs-kt.prod.byerley.ch map.geo.bs.ch www.linkedin.com;frame-src * mailto:; 1
default-src 'self'; base-uri 'self'; script-src 'nonce-59665a1a65577fca594d70fbee5e947b' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.parship.de tms.parship.de *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: http: https: *.instana.io ; font-src 'self' data: *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
base-uri 'none'; form-action 'self'; frame-ancestors 'self'; require-trusted-types-for ; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https://www.clearblade.com https://www.googletagmanager.com https://assets.calendly.com https://ajax.googleapis.com https://www.gstatic.com https://www.google-analytics.com; 1
default-src data: 'self' blob: 'unsafe-inline' *.dzo.com.ua *.cipher.kiev.ua:* *.prozorro.gov.ua www.openstreetmap.org *.openprocurement.org depositsign.com view.officeapps.live.com widgets.binotel.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com d38sv8fq5al52n.cloudfront.net connect.facebook.net 'unsafe-eval' www.googletagmanager.com docs.google.com fonts.googleapis.com www.google-analytics.com www.google.com *.hotjar.com *.hotjar.io *.facebook.com *.facebook.net *.doubleclick.net www.google.com.ua fonts.gstatic.com prozorro-ds-prod.s3.eu-central-1.amazonaws.com *.prozorro.gov.ua d38sv8fq5al52n.cloudfront.net connect.facebook.net cdnjs.cloudflare.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; frame-src> 1
frame-ancestors http://www.govplanet.com https://www.govplanet.com 1
default-src 'self' api.luftdaten.info query.wikidata.org api.madavi.de foss.schule collabora.madavi.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org www.amcharts.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: insecure.madavi.de a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org tiles.madavi.de a.tiles.madavi.de b.tiles.madavi.de c.tiles.madavi.de api.luftdaten.info; font-src 'self' data:; img-src ts.w.org 1
frame-ancestors 'self' https://*.indiatimes.com https://*.samayam.com https://maharashtratimes.com https://vijaykarnataka.com https://m.timesofindia.com https://m.economictimes.com https://www.iamgujarat.com https://www.google.com https://*.google.com https://cdn.ampproject.org https://*.cdn.ampproject.org https://*.ampproject.org http://*.newspointapp.com https://*.newspointapp.com https://*.gadgetsnow.com https://eisamay.com https://economictimes.indiatimes.com https://*.economictimes.com https://*.slike* http*://*.slike* *.sli.ke http*://*.sli.ke https://*.sli.ke 1
img-src 'self' data: *.commercecloud.salesforce.com *.demandware.net *.stokke.com https://pal-test.adyen.com https://ca-live.adyen.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com *.cdn.adyen.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://maps.googleapis.com https://maps.gstatic.com *.paypal.com *.brightcove.net *.brightcove.com bcove.video *.api.brightcove.com api.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net *.media.brightcove.com hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ingestion-upload-production.s3.amazonaws.com/ *.cf.brightcove.com *.parcellab.com *.bazaarvoice.com *.goinstore.com cdn.evergage.com *.curalate.com *.cookiebot.com https://*.kindlycdn.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://googleads.g.doubleclick.net https://www.google.com *.lefty.io analytics.tiktok.com www.facebook.com bat.bing.com b91.yahoo.co.jp a.lefty.io aax-eu.amazon-adsystem.com r.turn.com *.awin1.com *.zenaps.com *.hotjar.com swrap.tradedoubler.com tbs.tradedoubler.com img-statics.com pagead2.googlesyndication.com events.attentivemobile.com ct.pinterest.com *.clarity.ms ad.doubleclick.net tags.w55c.net c.bing.com;script-src 'self' 'unsafe-eval' blob: configurator.stokke.com https://www.paypal.com https://www.sandbox.paypal.com 'sha256-p4muZTWST7tCVQqY9xEM/vjckc+tcMz3HlEgyU0hENk=' https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com *.cdn.adyen.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://maps.googleapis.com *.brightcove.net *.brightcove.com bcove.video *.api.brightcove.com api.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net *.media.brightcove.com hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ingestion-upload-production.s3.amazonaws.com/ *.cf.brightcove.com www.myregistry.com *.goinstore.com https://logs-01.loggly.com https://static.opentok.com *.parcellab.com *.bazaarvoice.com mpsnare.iesnare.com https://sgtm.stokke.com https://chat.kindlycdn.com *.google-analytics.com *.analytics.google.com *.cookiebot.com https://tagmanager.google.com 'sha256-pSl1xmGr8E4GHGQlUlNydQnddAWWlFgdFhuOYJ9bvCk=' 'sha256-veYmXidWiQ8u0FXJr+Ps0jX4Qz/Tnh4vo/a6zunkNdE=' 'sha256-+nxHA1Oq0nl399CGT5Nbw1Ey+Vd0ESnTfTr+2+1Iuvk=' 'sha256-PqdypI88jvgcPOEinVRm1pXe+WP/b2cedstaSYz2aJE=' 'sha256-QZ5PwNdx40V/BEc6CLCu2x/b9BwoRP4ukjDDYR8PTWE=' 'sha256-TrAx6PElhrJpTvVMioLGKimeqF4kEBVl+0QmlQK3ZvQ=' 'sha256-/oDoWf3veW89The/ZD8NYpYWPpKTUvV7uNtIST1s7uI=' 'sha256-vr0dQJehJI+xv5F+B4vws+bepDq8DKREHjeIv4CHiYo=' 'sha256-TG8bhNH1UXYe9IEyIehiMHGePlzMCPNpn1Wnxn/q64E=' https://www.youtube.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net analytics.tiktok.com cdn.evgnet.com stokkeas.germany-2.evergage.com *.convertexperiments.com 'nonce-5f57028c48e9f8660c5f3200fe8b47bb' bat.bing.com sjwoe.com cj.com cdn.curalate.com d.turn.com connect.facebook.net s.yimg.jp static.hotjar.com plugin.mavrck.co www.dwin1.com *.awin1.com *.zenaps.com the.sciencebehindecommerce.com *.hotjar.com swrap.tradedoubler.com tbs.tradedoubler.com img-statics.com *.clarity.ms cdn.attn.tv s.pinimg.com *.attn.tv *.attentivemobile.com tags.srv.stackadapt.com edge.curalate.com *.opentok.com *.tokbox.com *.loggly.com sgtm.stokke.com https://runtime.commercecloud.com;default-src 'self' blob: https://pal-test.adyen.com https://ca-live.adyen.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com *.cdn.adyen.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://maps.googleapis.com *.brightcove.net *.brightcove.com bcove.video *.api.brightcove.com api.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net *.media.brightcove.com hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ingestion-upload-production.s3.amazonaws.com/ *.cf.brightcove.com *.parcellab.com *.goinstore.com cdn.evergage.com *.curalate.com https://*.kindly.ai https://*.kindlycdn.com https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443 wss://sage.kindly.ai *.google-analytics.com *.analytics.google.com;style-src 'unsafe-inline' 'self' configurator.stokke.com *.goinstore.com *.parcellab.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.3/tiny-slider.css *.demandware.net *.stokke.com players.brightcove.net *.bazaarvoice.com stokkeas.germany-2.evergage.com https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com *.hotjar.com tags.srv.stackadapt.com;font-src 'self' configurator.stokke.com *.goinstore.com data: https://fonts.gstatic.com https://chat.kindlycdn.com https://fonts.gstatic.com *.hotjar.com *.cloudfront.net;frame-src https: www.myregistry.com bytedance: sslocal: aax-eu.amazon-adsystem.com d.turn.com *.awin1.com *.zenaps.com *.hotjar.com swrap.tradedoubler.com tbs.tradedoubler.com lulus.attn.tv creatives.attn.tv img-statics.com *.attn.tv;connect-src 'self' 'unsafe-eval' configurator.stokke.com https://api.cquotient.com https://pal-test.adyen.com https://ca-live.adyen.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com *.cdn.adyen.com https://apple-pay-gateway.apple.com https://apple-pay-gateway-cert.apple.com https://maps.googleapis.com https://translation.googleapis.com *.brightcove.net *.brightcove.com bcove.video *.api.brightcove.com api.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net *.media.brightcove.com hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com ingestion-upload-production.s3.amazonaws.com/ *.cf.brightcove.com *.goinstore.com https://logs-01.loggly.com https://hlg.tokbox.com *.parcellab.com https://sgtm.stokke.com https://*.kindly.ai https://*.kindlycdn.com https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443 wss://sage.kindly.ai *.google-analytics.com *.analytics.google.com *.cookiebot.com https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net analytics.tiktok.com stokkeas.germany-2.evergage.com *.convertexperiments.com stats.g.doubleclick.net pagead2.googlesyndication.com *.hotjar.com *.hotjar.io bat.bing.com ct.pinterest.com events.attentivemobile.com lulus.attn.tv *.clarity.ms *.attn.tv sgtm.stokke.com wss://ws.hotjar.com app.splashscore.com edge.curalate.com tags.srv.stackadapt.com *.opentok.com *.tokbox.com wss://*.tokbox.com *.loggly.com https://runtime.commercecloud.com;upgrade-insecure-requests;report-uri /mobify/proxy/static/s/USA/en-us/sapi/csp;base-uri 'self';block-all-mixed-content;frame-ancestors 'self' https://runtime.commercecloud.com;object-src 'none';script-src-attr 'none' 1
frame-ancestors 'self' portal.miele.com portal.miele.com:441 www3.miele.de 1
default-src 'none'; connect-src 'self' *.onetrust.com *.demdex.net *.adobedc.net *.cookielaw.org *.twitter.com; script-src 'self' *.google.com *.gstatic.com *.google-analytics.com *.adobedtm.com *.youtube.com *.cookielaw.org *.twitter.com *.twimg.com cdn.inspectlet.com frontend.id-visitors.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com cdn.jsdelivr.net *.typekit.net; child-src 'self' data: *.google.com *.gstatic.com *.twitter.com; img-src 'self' data: *.gstatic.com *.google.com *.cookielaw.org *.google-analytics.com stats.g.doubleclick.net *.twitter.com *.twimg.com *.paypalobjects.com cartodb-basemaps-a.global.ssl.fastly.net cartodb-basemaps-b.global.ssl.fastly.net cartodb-basemaps-c.global.ssl.fastly.net; style-src 'self' *.google.com *.twitter.com *.twimg.com cdn.jsdelivr.net *.typekit.net 'unsafe-inline'; object-src 'self'; frame-ancestors 'none' 1
default-src https: wss://*.hotjar.com; connect-src 'self' blob: data: *.google.com https://*.googleapis.com https://*.gstatic.com https://bam.nr-data.net https://www.google-analytics.com stats.g.doubleclick.net https://global.ketchcdn.com https://googleads.g.doubleclick.net; font-src 'unsafe-inline' data: https: https://fonts.gstatic.com; frame-ancestors 'self' gfs.phenompeople.com cdn-bot.phenompeople.com; frame-src 'self' *.google.com https://*.gordonnow.gfs.com gfs.phenompeople.com cdn-bot.phenompeople.com youtube.com www.youtube.com https://*.cookiebot.com; img-src 'self' 'unsafe-inline' data: https: *.google.com https://*.googleapis.com *.googleusercontent.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: https://*.ggpht.com *.google.com https://*.googleapis.com *.googleusercontent.com https://*.gstatic.com gfs.phenompeople.com cdn-bot.phenompeople.com https://*.gordonnow.gfs.com; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; upgrade-insecure-requests; worker-src 'self' blob:; 1
base-uri 'self'; default-src 'none'; form-action https://account.mail.ru https://auth.mail.ru https://e.mail.ru https://yandex.ru 'self'; script-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://iframe.s3.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://st.mycdn.me https://static.dzeninfra.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline' 'nonce-0e3b2ba6095f5dde514355b46c1703c8' 'strict-dynamic' 'report-sample'; connect-src https://*.adlooxtracking.com https://*.adlooxtracking.ru https://*.adsafeprotected.com https://*.cold-video.dzeninfra.ru https://*.doubleverify.com https://*.dzen.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.moatads.com https://*.mradx.net https://*.ok.ru https://*.serving-sys.com https://*.serving-sys.ru https://*.vk.com https://*.vk.ru https://*.weborama-tech.ru https://*.weborama.fr https://an.yandex.ru https://avatars.dzeninfra.ru https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://consentmanager.mgr.consensu.org https://dzen.ru https://home.mrgcdn.ru https://jstracer.yandex.ru https://log.strm.yandex.ru https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://ok.ru https://playlog.dzen.ru https://s3.dzeninfra.ru https://static.dzeninfra.ru https://strm.yandex.ru https://verify.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net https://ymetrica1.com; img-src blob: data: https://*.mail.ru https://*.radar.imgsmail.ru https://*.userapi.com https://*.zen.zeta.dzen.ru https://a.delivery.consentmanager.net https://ad.adriver.ru https://amc.yandex.ru https://an.yandex.ru https://avatars.dzeninfra.ru https://avatars.mds.yandex.net https://bs.serving-sys.com https://bs.serving-sys.ru https://bs.yandex.ru https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://cdn.dzen.ru https://counter.yadro.ru https://d.mradx.net https://dzen.ru https://favicon.yandex.net https://fmdata.imgsmail.ru https://home.imgsmail.ru https://img.imgsmail.ru https://imgs2.imgsmail.ru https://impression.appsflyer.com https://likemore-go.imgsmail.ru https://limg.imgsmail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mgcomru.solution.weborama.fr https://pixel.adlooxtracking.ru https://playlog.dzen.ru https://pogoda.imgsmail.ru https://promoimages.hb.bizmrg.com https://r.mradx.net https://s3.dzeninfra.ru https://static.dzeninfra.ru https://video.dzen.ru https://vk.com https://vk.ru https://vkplay.ru https://wcm-ru.frontend.weborama.fr https://wcm.weborama-tech.ru https://www.tns-counter.ru https://yandex.ru https://yastatic.net 'self'; manifest-src https://limg.imgsmail.ru; media-src blob: data: https://*.cold-video.dzeninfra.ru https://*.extcdn.dzeninfra.ru https://*.hot-video.dzeninfra.ru https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.strm.yandex.ru https://*.vk.com https://*.vk.ru https://*.yandex.net https://cdn.dzen.ru https://cold-video.dzeninfra.ru https://mail.ru https://ok.ru https://strm.yandex.ru https://video.dzen.ru https://vk.com https://vk.ru https://yandex.ru https://yandex.st https://yastat.net https://yastatic.net; style-src blob: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://b.delivery.consentmanager.net https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://home.mrgcdn.ru https://static.dzeninfra.ru https://yandex.st https://yastat.net https://yastatic.net 'unsafe-eval' 'unsafe-inline'; font-src blob: data: https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://an.yandex.ru https://yastat.net https://yastatic.net 'self'; frame-src https://*.doubleverify.com https://*.imgsmail.ru https://*.mail.ru https://*.mradx.net https://*.ok.ru https://*.vk.com https://*.vk.ru https://*.yandex.ru https://app.appsflyer.com https://awaps.yandex.net https://mail.ru https://mc.yandex.by https://mc.yandex.com https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.uz https://mini.vkplay.ru https://ok.ru https://vk.com https://vk.ru https://yandex.ru https://yastat.net https://yastatic.net; report-uri https://cspreport.mail.ru/home?disposition=report&rev=23.01.24; 1
default-src 'self'; font-src 'self';img-src 'self' data: https://*.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://www.googletagmanager.com https://code.jquery.com; connect-src 'self' https://*.google-analytics.com https://www.googletagmanager.com https://code.jquery.com; style-src 'self' 'unsafe-inline'; frame-src 'self' https://www.youtube.com; frame-ancestors 'self' https://www.youtube.com; 1
frame-ancestors 'self' https://admin.518.com.tw 1
frame-ancestors 'self' *.sartorius.com service.ariba.com www.service.ariba.com s1.ariba.com www.s1.ariba.com service-2.ariba.com www.service-2.ariba.com s1-eu.stc.ariba.com *.ariba.com *.coupa.com *.govsci.com govsci.com *.sciquest.com *.coupahost.com *.coupadev.com *.compute.amazonaws.com *.netsuite.com *.shop.sartorius.com *.shop.sartorius.com.cn; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io wss://ws.hotjar.com *.sleeknote.com blob: https://l3.evidon.com *.evidon.com https://live.eventtia.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io https://oj-ojireland.store.jamesondistillery.com https://oj-ojmidleton.store.jamesondistillery.com https://iframe-mdm.JamesonWhiskey.com/tdindublinsweeps/ https://jameson-360-experience.s3-eu-west-1.amazonaws.com *.sleeknote.com https://www.google.com/maps/d/u/0/embed https://www.winning-drinks.com/ https://staging2.winning-drinks.com https://platinumaps.jp/maps/jameson2024 *.evidon.com https://live.eventtia.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://oj-ojireland.store.jamesondistillery.com https://oj-ojmidleton.store.jamesondistillery.com https://spd23prod.wpengine.com/ https://unboringparty.wpenginepowered.com/ *.jamesonwhiskey.com https://live.eventtia.com/en/awkacitytakeover *.sleeknote.com https://jameson-360-experience.s3-eu-west-1.amazonaws.com *.doubleclick.net https://open.spotify.com/ https://www.google.com/maps/d/u/0/embed https://platinumaps.jp/maps/demo https://mc9r0b9qpsrtt0j17w1666dz6j81.pub.sfmc-content.com https://www.winning-drinks.com/ https://staging2.winning-drinks.com https://platinumaps.jp/maps/jameson2024 https://l3.evidon.com/site/4141/21891/46 *.evidon.com https://live.eventtia.com https://calendly.com; worker-src blob: 'self' 1
default-src 'none' ; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://kit.fontawesome.com https://princestrust.widget.custhelp.com https://js.stripe.com https://maps.googleapis.com https://www.googletagmanager.com https://app.termly.io https://www.google-analytics.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://snap.licdn.com https://s7.addthis.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.silktide.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://www.rnengage.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com https://princestrust.widget.custhelp.com; img-src 'self' data: https://www.linkedin.com https://downloads.ctfassets.net https://images.ctfassets.net https://downloads.ctfassets.net https://maps.gstatic.com https://maps.googleapis.com https://img.youtube.com https://www.google.co.uk https://www.google.co.in https://www.google.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://www.facebook.com https://www.googletagmanager.com https://www.rnengage.com; font-src 'self' data: https://fonts.gstatic.com https://princestrust-opa.custhelp.com https://princestrust-opa--uat.custhelp.com; connect-src 'self' https://candidateportal.princestrust.org.uk https://pagead2.googlesyndication.com https://graphql.contentful.com https://downloads.ctfassets.net https://images.ctfassets.net https://ka-p.fontawesome.com https://api.stripe.com https://drzyrklbmz-dsn.algolia.net https://drzyrklbmz-1.algolianet.com https://drzyrklbmz-2.algolianet.com https://drzyrklbmz-3.algolianet.com https://maps.googleapis.com https://fonts.gstatic.com https://analytics.google.com https://app.termly.io https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.tiktok.com https://cdn.linkedin.oribi.io https://vc.hotjar.io https://a.eu.silktide.com wss://ws.hotjar.com https://content.hotjar.io https://princestrust-opa--uat.custhelp.com https://princestrust--uat.custhelp.com https://princestrust-opa.custhelp.com https://js.stripe.com https://px.ads.linkedin.com; frame-src https://www.google.com https://princestrust-opa--uat.custhelp.com https://princestrust-opa.custhelp.com https://princes-trust-digital.co.uk https://js.stripe.com https://hooks.stripe.com https://partner-tools.moneyadviceservice.org.uk https://r1.dotdigital-pages.com https://www.youtube.com https://*.doubleclick.net https://www.getmyfirstjob.co.uk  https://app.termly.io https://www.facebook.com/; 1
frame-ancestors 'self' catalogues.aldi.fr experience.adobe.com aldinord.experiencecloud.adobe.com; default-src * 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'self'; img-src 'self' https://www.gstatic.com/images/branding/product/2x/translate_24dp.png https://www.toegankelijkheidsverklaring.nl/files/verklaring/label/910ebd06ef8db91f4e65823a3e1439f4.1718.svg data: https://opendata.nederlandwereldwijd.nl statistiek.rijksoverheid.nl; object-src 'none'; frame-ancestors 'none'; form-action 'self' https://api.contenttoolsrijksoverheid.nl; style-src 'self' 'nonce-n2MEL3NnvVVMlA8eND/Eg0X6Wos389y1FGUgKomFuWE=' statistiek.rijksoverheid.nl https://translate.googleapis.com/translate_static/css/translateelement.css; font-src 'self' statistiek.rijksoverheid.nl; connect-src 'self' https://api.contenttoolsrijksoverheid.nl statistiek.rijksoverheid.nl *.platformrijksoverheid.nl metrics.mopinion.com; script-src 'strict-dynamic' 'self' 'nonce-n2MEL3NnvVVMlA8eND/Eg0X6Wos389y1FGUgKomFuWE=' statistiek.rijksoverheid.nl; base-uri 'self'; report-uri https://dpcoa.report-uri.com/r/t/csp/enforce; report-to default; 1
base-uri 'self'; font-src 'self' https: http data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org i.ytimg.com *.google.com *.yahoo.com *.googleusercontent.com https: http:; object-src 'none'; script-src-attr 'self' 'unsafe-inline' www.youtube.com youtube.com i.ytimg.com; style-src 'self' 'unsafe-inline' www.youtube.com youtube.com i.ytimg.com cdn.userway.org www.googletagmanager.com www.google-analytics.com *.google.com *.googleapis.com; upgrade-insecure-requests; frame-src 'self' www.youtube.com maps.google.com td.doubleclick.net www.google.com cdn.userway.org *.userway.org; script-src 'self' 'unsafe-inline' www.youtube.com maps.google.com www.google.com youtube.com i.ytimg.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org www.googletagmanager.com ssl.mousestats.com ajax.googleapis.com www.google-analytics.com *.facebook.net *.cloudflare.com *.tiktok.com api.retargetly.com adservice.google.com static.hotjar.com snap.licdn.com stats.g.doubleclick.net platform.twitter.com apis.google.com googleads.g.doubleclick.net cdn.userway.org www.clarity.ms script.hotjar.com cdn.jsdelivr.net unpkg.com p.teads.tv teads.tv *.teads.tv marketo.net *.marketo.net www.googleadservices.com td.doubleclick.net pdp-cdn.retargetly.com dev.visualwebsiteoptimizer.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' 'self' www.ateasesystems.net *.ateasesystems.net blob: s3.amazonaws.com cdn.kendostatic.com *.google.com *.google-analytics.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.pingdom.net wss://*.intercom.io *.intercom.io *.googleapis.com *.gstatic.com *.intercomcdn.com static.ateasesystems.net fg-mail-content.s3.amazonaws.com cdn.polyfill.io *.getbee.io *.jquery.com *.smartlook.cloud *.smartlook.com *.cloudflare.com *.vimeo.com *.facebook.net *.youtube.com *.youtube.net *.facebook.com kendo.cdn.telerik.com netdna.bootstrapcdn.com getbootstrap.com netdna.bootstrapcdn.com blueimp.github.io jqueryui.com *.joomag.com *.livechatinc.com *.livechat-static.com *.livechat-files.com *.zdassets.com *.zendesk.com *.my.sentry.io wss://*.zendesk.com *.pendo.io; img-src data: 'self' www.ateasesystems.net *.ateasesystems.net blob: *; frame-src *.promopulse.io *.facebook.com *.youtube.com *.youtu.be *.vimeo.com *.getbee.io *.hotjar.com *.facilisgroup.com *.facilisu.com facilisgroup.com intercom-sheets.com *.intercomcdn.com *.pendo.io; 1
default-src 'self' stats.noyb.eu; style-src 'self' 'unsafe-inline'; img-src 'self' 'unsafe-inline' *.noyb.eu https://*.openstreetmap.org data:; script-src 'self' 'unsafe-inline' *.noyb.eu; frame-src 'self' *.noyb.eu *.dialog-mail.com 1
frame-ancestors http://www.lativ.com.tw https://www.lativ.com.tw; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=DE&lang=de-DE&device=desktop&yrid=3cbdhn1j45f5s&partner=; 1
default-src 'self'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: wss: blob:; font-src https: data:; frame-src https:; img-src https: data: 'self'; worker-src blob: https:; media-src blob: https:; frame-ancestors 'self' https://www.sephora.ae/ https://perfumeriafirst.com/ 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://cdn.contentful.com https://graphql.contentful.com https://*.abtasty.com https://api.gammvert.fr https://*.sentry.io https://api.axept.io https://client.axept.io https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://auth.gammvert.fr https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com https://www.google.com https://www.google.fr https://*.contentsquare.net https://adservice.google.com https://analytics.google.com https://uberall.com https://geo.api.gouv.fr https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://s3.eu-west-1.amazonaws.com https://storage.googleapis.com https://izanami-api.tooling.invivodigitalfactory.com https://api-adresse.data.gouv.fr https://www.bonial.fr https://www.bonialserviceswidget.de https://trackingapi.bonial.fr https://bonialconnect.com https://analytics.tiktok.com https://maps.googleapis.com https://ct.pinterest.com https://lp.jardiland.com https://www.googleapis.com/geolocation/v1/geolocate 'self'  http://localhost:3000; font-src 'self' data: https://bonialconnect.com https://*.uberall.com https://fonts.gstatic.com 'self' https://*.abtasty.com; form-action 'self' https://*.be2bill.com/ https://*.dalenys.com/ https://www.facebook.com; frame-ancestors https://app.contentful.com; frame-src 'self' https://www.facebook.com https://*.doubleclick.net https://tpc.googlesyndication.com https://*.be2bill.com https://*.dalenys.com/ https://ct.pinterest.com https://www.youtube-nocookie.com https://kx1.co; img-src 'self' data: blob: https://res.cloudinary.com https://images.ctfassets.net https://axeptio.imgix.net https://www.facebook.com https://connect.facebook.net https://*.contentsquare.net https://ade.googlesyndication.com https://adservice.google.com https://googleads.g.doubleclick.net https://img.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.fr https://www.google.com https://www.google.be https://www.google.it https://www.google.de https://www.google.es https://www.google.ch https://www.google.co.uk https://content-media.bonial.biz https://bonialconnect.com https://publisher-media-old.bonial.biz https://maps.googleapis.com https://maps.gstatic.com https://*.uberall.com https://ct.pinterest.com https://favicons.axept.io 'self' https://assets.gammvert.fr https://*.abtasty.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.abtasty.com https://www.googletagmanager.com https://static.axept.io https://connect.facebook.net https://*.contentsquare.net https://*.dalenys.com https://googleads.g.doubleclick.net https://bonialconnect.com https://maps.googleapis.com https://uberall.com https://*.uberall.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.fr https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://france.conversiontoolbox.net https://analytics.tiktok.com https://s.pinimg.com https://lp.jardiland.com 'strict-dynamic' 'nonce-8vVBs9CvNK/peEZLRYowxQ==' 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'self' https://*.abtasty.com; worker-src blob: 1
default-src 'self' *.fluvius.be cdn-fluvius.azureedge.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.ckeditor.com *.googleapis.com https://www.googletagmanager.com https://tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com cdn.rawgit.com https://www.google.com https://www.gstatic.com www.googleadservices.com connect.facebook.net *.g.doubleclick.net *.googlesyndication.com https://amp.cloudflare.com cdn.sparkcentral.com *.smooch.io *.hotjar.com https://*.api.vlaanderen.be static.ads-twitter.com analytics.twitter.com fluvius.orion-intelligence.com static.orion-intelligence.com *.bizographics.com translate.google.com cdn-o-fluvius.azureedge.net cdn-fluvius.azureedge.net https://cdn.ampproject.org https://extend.vimeocdn.com https://www.youtube.com cdn.jsdelivr.net https://code.upscope.io https://js.upscope.io js.arcgis.com https://unpkg.com/web-vitals/ https://cdn.datatables.net; object-src 'self' *.fluvius.be; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.google.com cdnjs.cloudflare.com https://amp.cloudflare.com cdn.sparkcentral.com cdn-o-fluvius.azureedge.net cdn-fluvius.azureedge.net https://www.googletagmanager.com *.arcgis.com *.arcgisonline.com https://cdn.datatables.net fluvius.orion-intelligence.com static.orion-intelligence.com; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com www.eandis.be *.g.doubleclick.net www.facebook.com www.google.be www.google.com https://amp.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com www.gravatar.com media.eu-1.smooch.io *.fluvius.be https://s3.eu-central-1.amazonaws.com blob: t.co *.linkedin.com cdn-fluvius.azureedge.net cdn-o-fluvius.azureedge.net https://cdn-eu.sparkcentral.com cdn.sparkcentral.com https://i.vimeocdn.com https://i.ytimg.com *.hotjar.com https://app.upscope.io https://app-cdn.upscope.io *.informatievlaanderen.be *.arcgis.com *.arcgisonline.com *.api.vlaanderen.be fluvius.orion-intelligence.com static.orion-intelligence.com; media-src 'self' https://cdn.sparkcentral.com https://js.upscope.io static.orion-intelligence.com; frame-src 'self' *.fluvius.be player.vimeo.com www.youtube-nocookie.com https://www.youtube.com https://www.google.com https://*.flexmail.eu https://s.chkmkt.com https://amp.cloudflare.com https://www.googletagmanager.com https://www.facebook.com *.hotjar.com datastudio.google.com td.doubleclick.net; frame-ancestors 'self' *.destroomlijn.be *.fluvius.be; child-src 'self' *.fluvius.be https://storage.upscope.io blob:; font-src 'self' *.googleapis.com fonts.gstatic.com cdn.sparkcentral.com data: script.hotjar.com cdn-fluvius.azureedge.net js.arcgis.com; connect-src 'self' *.google-analytics.com *.google.be *.google.com https://discovery.amp.cloudflare.com https://*.g.doubleclick.net https://amp.cloudflare.com https://www.facebook.com cdn.sparkcentral.com *.eu-1.smooch.io wss://*.smooch.io https://*.api.vlaanderen.be *.hotjar.com *.hotjar.io wss://*.hotjar.com *.googleapis.com 79znwy2ew9.execute-api.eu-central-1.amazonaws.com https://apihub.fluvius.be https://cdn.ampproject.org https://www.googletagmanager.com *.fluvius.be *.b2clogin.com wss://*.upscope.io https://*.upscope.io https://*.arcgis.com *.informatievlaanderen.be fluvius.orion-intelligence.com static.orion-intelligence.com; manifest-src cdn-fluvius.azureedge.net 1
form-action 'self' hooks.zapier.com/hooks www.facebook.com/tr/; frame-ancestors 'self' *.forthepeople.com forthepeople.korbyt.com http://localhost:8000; default-src 'self'; child-src 'self' blob:; connect-src 'self' *.ampproject.net *.clarity.ms *.visualwebsiteoptimizer.com 48879.tctm.co a.omappapi.com/ adservice.google.com ads-twitter.com ads-api.twitter.com analytics.twitter.com alpixtrack.com analytics.tiktok.com api.omappapi.com/ api.userway.org api.wistia.com apollo.forthepeople.com/ apollo-v2.forthepeople.com/ *.apollo.forthepeople.com/ bam.nr-data.net bat.bing.com boards-api.greenhouse.io/ cdn.ampproject.org cdn77.api.userway.org/api/ cdn.userway.org cdn77.api.userway.org/api/ cdn.cookielaw.org ct.pinterest.com/md/ ct.pinterest.com/user/ d.adroll.com data.nudgify.com/ dev.visualwebsiteoptimizer.com distillery.wistia.com embed-cloudfront.wistia.com embed-fastly.wistia.com evnt.byspotify.com fast.wistia.com fast.wistia.net embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io geolocation.onetrust.com hooks.zapier.com lambdas.api.forthepeople.com/serviceproxy n2.mouseflow.com pipedream.wistia.com pixel.nudgify.com platform.twitter.com s.yimg.com/wi/ stats.g.doubleclick.net tn.alphonso.tv/ad/ tags.srv.stackadapt.com utils.api.forthepeople.com wss://va.msg.liveperson.net/ws_api/account/ www.facebook.com/tr/ www.google.com www.google-analytics.com www.googletagmanager.com z.omappapi.com/ analytics.google.com forthepeople.containers.piwik.pro forthepeople.piwik.pro conoret.com cdn.linkedin.oribi.io 98ftn8ihml.execute-api.us-east-1.amazonaws.com/prod/track jri8b0auwh.execute-api.us-east-1.amazonaws.com/staging/track conversions-config.reddit.com/v1/pixel/config/; font-src 'self' data: a.omappapi.com/ cdn.userway.org fast.wistia.com fonts.googleapis.com fonts.gstatic.com use.typekit.net static.forthepeople.com; frame-src 'self' *.ampproject.net 20830350p.rfihub.com ambassadors.staging.forthepeople.com amp.onetrust.mgr.consensu.org apollo.forthepeople.com/ apollo-v2.forthepeople.com app.vwo.com calendly.com cdn.cookielaw.org cdn.userway.org e.issuu.com fast.wistia.net forthepeople920.outgrow.us html5-player.libsyn.com indd.adobe.com/embed/ insight.adsrvr.org lpcdn.lpsnmedia.net platform.twitter.com static.addtoany.com tpc.googlesyndication.com *.liveperson.net va.idp.liveperson.net va.msg.liveperson.net va.msghist.liveperson.net www.facebook.com www.googletagmanager.com www.pinterest.com www.youtube.com www.youtube-nocookie.com td.doubleclick.net evaluation.forthepeople.com www.google.com/recaptcha/* www.google.com/recaptcha/; img-src 'self' https: data: ads-twitter.com ads-api.twitter.com analytics.twitter.com; manifest-src 'self'; media-src 'self' blob: data: embed-cloudfront.wistia.com embed-fastly.wistia.com embed-ssl.wistia.com embedwistia-a.akamaihd.net fast.wistia.com lpcdn.lpsnmedia.net/le_unified_window/; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *.clarity.ms 100002515.collect.igodigital.com/collect.js 48879.tctm.co a.omappapi.com/ a.quora.com ads.nextdoor.com/public/pixel/ndp.js ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js analytics.tiktok.com app.vwo.com assets.calendly.com/assets/external/widget.js attorneys.findlaw.com/flt/flt.js apollo.forthepeople.com apollo-v2.forthepeople.com bam.nr-data.net bat.bing.com c1.rfihub.net/js/tc.min.js cdn.ampproject.org cdn.cookielaw.org cdn.jsdelivr.net/npm/bootstrap@5.2.1/dist/js/bootstrap.bundle.min.js cdn.krxd.net/controltag/tlu3j2nkg.js cdn.mouseflow.com/projects/46b146ea-d195-492b-906b-a2a8ba5a8cea.js cdn.userway.org cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js collector-8551.tvsquared.com/tv2track.js collector-8688.tvsquared.com/tv2track.js connect.facebook.net dev.visualwebsiteoptimizer.com dyv6f9ner1ir9.cloudfront.net/assets/js/sloader.js fast.wistia.com fast.wistia.net geolocation.onetrust.com i.simpli.fi/p js.adsrvr.org js.alpixtrack.com/alphpixel.js js-agent.newrelic.com maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js pix.cadent.tv pixel.convertize.io pixel.nudgify.com/pixel.js platform.twitter.com rules.quantcount.com/rules-p-qPTyA_jaKmX1m.js d.adroll.com s.adroll.com s.pinimg.com/ct/ s.yimg.com/wi/ secure.quantserve.com/quant.js snap.licdn.com/li.lms-analytics/insight.min.js static.addtoany.com static.ads-twitter.com/uwt.js static.forthepeople.com tpc.googlesyndication.com tag.simpli.fi tags.srv.stackadapt.com tn.alphonso.tv/ad/ unpkg.com/quicklink@1.0.1/dist/quicklink.umd.js www.blockwords.biz/static/conversions.js www.dwin1.com www.google-analytics.com/analytics.js www.google.com www.googleadservices.com/pagead/ www.googletagmanager.com www.wordontheblock.com/static/conversions.js www.youtube.com www.gstatic.com/_/bmsdk/ www.redditstatic.com/ads/pixel.js businessmessages.google.com/widget/v2/js accdn.lpsnmedia.net/api/account/61236843/ lpcdn.lpsnmedia.net/le_re/ lptag.liveperson.net/tag/tag.js lptag.liveperson.net/lptag/api/account/61236843/configuration/applications/taglets/.jsonp lpcdn.lpsnmedia.net/le_unified_window/ lpcdn.lpsnmedia.net/le_secure_storage/ publisher.liveperson.net/device-detection/script.js static.cdn-apple.com/businesschat/start-chat-button/ va.v.liveperson.net/api/js/ googleanalytics.com googleoptimize.com optimize.google.com cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js forthepeople.containers.piwik.pro forthepeople.piwik.pro conoret.com pixel.byspotify.com/ping.min.js sethads1.s3.amazonaws.com/conversions.js www.gstatic.com/recaptcha/ www.gstatic.com/recaptcha/*; style-src 'report-sample' 'self' 'unsafe-inline' app.vwo.com a.omappapi.com/ apollo.forthepeople.com/ apollo-v2.forthepeople.com cdn.jsdelivr.net/npm/bootstrap@5.2.1/dist/css/bootstrap.min.css cdn.userway.org fast.wistia.com fonts.googleapis.com p.typekit.net/ static.forthepeople.com tags.srv.stackadapt.com use.typekit.net/ www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests 1
default-src 'self' cdn.vidyard.com play.vidyard.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.clarity.ms *.clickagy.com *.datasite.com *.dca0.com *.g2.com *.googleapis.com *.gstatic.com *.hotjar.com *.pendo.io *.salesforceliveagent.com *.storage.googleapis.com *.twimg.com *.zoominfo.com ajax.aspnetcdn.com analytics.twitter.com apis.google.com assets.adobedtm.com b.sf-syn.com bat.bing.com cdn.jsdelivr.net cdn.vidyard.com cdnjs.cloudflare.com code.createjs.com connect.facebook.net contact-datasite.secure.force.com cookie-cdn.cookiepro.com ct.capterra.com d.adroll.com d.adroll.mgr.consensu.org datasite.my.salesforce.com datasite--staging.lightning.force.com dc.services.visualstudio.com geolocation.onetrust.com go.datasite.com googleads.g.doubleclick.net http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://publish.twitter.com https://s.ytimg.com https://syndication.twitter.com/ https://www.youtube.com js.monitor.azure.com js.zi-scripts.com lltrck.com pi.pardot.com platform.linkedin.com platform.twitter.com play.vidyard.com s.adroll.com s.yimg.com scout-cdn.salesloft.com secure.golp4elik.com service.force.com snap.licdn.com sp.analytics.yahoo.com stackpath.bootstrapcdn.com staging-contact-datasite.cs191.force.com static.ads-twitter.com static.lightning.force.com tracking.g2crowd.com use.fontawesome.com wcs.naver.net www.google.co.uk www.google.com www.googleadservices.com www.google-analytics.com zi-tag.js https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src 'self' 'unsafe-inline' *.datasite.com *.googleapis.com *.gstatic.com *.pendo.io *.storage.googleapis.com *.twimg.com *.typekit.net cdnjs.cloudflare.com contact-datasite.secure.force.com cookie-cdn.cookiepro.com https://*.googletagmanager.com kendo.cdn.telerik.com netdna.bootstrapcdn.com platform.twitter.com platform.twitter.com/css/ service.force.com stackpath.bootstrapcdn.com staging-contact-datasite.cs191.force.com tagmanager.google.com ton.twimg.com use.fontawesome.com www.google.co.uk www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' data: *.typekit.net cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com tagmanager.google.com; img-src 'self' blob: data: *.capterra.com *.googleapis.com *.gstatic.com *.pendo.io *.storage.googleapis.com *.twimg.com analytics.google.com analytics.twitter.com b.sf-syn.com bat.bing.com capterra.s3.amazonaws.com cdn.vidyard.com cookie-cdn.cookiepro.com ct.capterra.com data.useranalytics.global.datasite.com googleads.g.doubleclick.net https://*.googletagmanager.com https://static.licdn.com https://syndication.twitter.com i.ytimg.com images.g2crowd.com lltrck.com pbs.twimg.com platform.tumblr.com platform.twitter.com/css/ play.vidyard.com px.ads.linkedin.com px4.ads.linkedin.com sp.analytics.yahoo.com t.co web.facebook.com www.facebook.com www.google.co.uk www.google.com www.google-analytics.com www.linkedin.com www.redditstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://cdn.insight.sitefinity.com https://dec.azureedge.net; media-src 'self' blob: data: cdn.vidyard.com; form-action 'self' datasite.sitefinity.cloud datasite-stg.sitefinity.cloud event.on24.com gateway.on24.com go.datasite.com localhost:18080 localhost:5001 login.microsoftonline.com platform.twitter.com syndication.twitter.com webto.salesforce.com; frame-src 'self' *.g2.com *.vidyard.com b.sf-syn.com bid.g.doubleclick.net datainsights-cdn.dm.aws.gartner.com merrillcorp.demdex.net platform.twitter.com service.force.com syndication.twitter.com td.doubleclick.net twitter.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com; frame-ancestors 'self' https://*.datasite.com; child-src 'self' blob: accounts.google.com apis.google.com badge.stumbleupon.com https://platform.twitter.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://w.soundcloud.com/ https://www.youtube.com/ https://www.youtube-nocookie.com staticxx.facebook.com web.facebook.com www.facebook.com; connect-src 'self' 'unsafe-inline' data: wss: *.adroll.com *.analytics.google.com *.clarity.ms *.clickagy.com *.datasite.com *.dca0.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io *.pendo.io *.storage.googleapis.com *.salesforce-communities.com *.tt.omtrdc.net *.zoominfo.com accounts.google.com analytics.google.com bat.bing.com cdn.linkedin.oribi.io contact-datasite.secure.force.com cookie-cdn.cookiepro.com dc.services.visualstudio.com dpm.demdex.net geolocation.onetrust.com https://*.googletagmanager.com js.zi-scripts.com play.vidyard.com privacyportal.cookiepro.com px.ads.linkedin.com s.yimg.com scout.salesloft.com secure.adnxs.com staging-contact-datasite.cs191.force.com stats.g.doubleclick.net tagmanager.google.com tracking.g2crowd.com wcs.naver.com www.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; object-src 'self' cdn.vidyard.com 1
frame-ancestors 'self' primexbt.com primexbt.ch primexbt-promo.com primexbt-start.com sign-up.primexbt.com eu.primexbt.com; 1
default-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com; script-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com blob: 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.googletagmanager.com polyfill.io unpkg.com storage.googleapis.com www.google-analytics.com www.snapengage.com code.jquery.com cdn.jsdelivr.net api.mapbox.com cdn.skypack.dev d3js.org cse.google.com www.google.com maps.googleapis.com; font-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com data: fonts.gstatic.com cdnjs.cloudflare.com unpkg.com; style-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com hosteduxprod.blob.core.windows.net www.google.com; img-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com https://* data:; connect-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com api.mapbox.com www.google-analytics.com cdn.jsdelivr.net www.snapengage.com ui.customsearch.ai maps.googleapis.com; frame-src 'self' *.mcneel.com *.rhino3d.com *.vimeo.com *.youtube.com www.google.com 1
default-src 'self' https: *.wogaa.sg *.demdex.net *.everesttech.net *.adobetag.com *.vica.gov.sg *.onemap.gov.sg *.moatads.com wogadobeanalytics.sc.omtrdc.net www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com api.data.gov.sg ifaqs.flexanswer.com *.doubleclick.net *.bootstrapcdn.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com connect.facebook.net 'unsafe-inline' *.wogaa.sg *.adobedtm.com *.vica.gov.sg *.moatads.com www.google-analytics.com www.googletagmanager.com *.twitter.com *.hotjar.com *.prd.cwp2.sg 'unsafe-eval' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline' *.vica.gov.sg *.wogaa.sg https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com www.facebook.com data: blob: www.nea.gov.sg *.everesttech.net *.demdex.net *.vica.gov.sg stats.g.doubleclick.net *.onemap.gov.sg *.onemap.sg wogadobeanalytics.sc.omtrdc.net connect.facebook.net www.google-analytics.com www.googletagmanager.com *.googleusercontent.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' data: *.amazonaws.com *.vica.gov.sg *.wogaa.sg *.googleapis.com *.gstatic.com; connect-src 'self' *.gstatic.com *.wogaa.sg dpm.demdex.net wogadobeanalytics.sc.omtrdc.net *.vica.gov.sg wss://*.vica.gov.sg www.google-analytics.com *.googleapis.com api.data.gov.sg smartnation.data.gov.sg data.gov.sg ifaqs.flexanswer.com *.doubleclick.net *.bootstrapcdn.com developers.onemap.sg *.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; object-src 'self' 1
default-src https:; font-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://consent.cookiebot.com https://*.googletagmanager.com https://code.iconify.design https://acsbapp.com https://ws.zoominfo.com https://www.virtualspirits.com https://www.google.com https://www.youtube.com https://*.hsforms.net https://www.google-analytics.com https://snap.licdn.com https://static.hotjar.com https://*.taboola.com https://www.virtualspirits.com https://connect.facebook.net https://pi.pardot.com https://*.seraphicsecurity.com https://googleads.g.doubleclick.net https://script.hotjar.com https://www.gstatic.com https://play.vidyard.com http://play.vidyard.com https://js-eu1.hs-scripts.com https://app-eu1.hubspot.com https://js-eu1.hubspot.com https://js-eu1.hsadspixel.net https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.seraphicsecurity.com https://cdn.jsdelivr.net https://www.virtualspirits.com; media-src * blob: data:; img-src * blob: data:; object-src 'self' 'unsafe-inline'; connect-src *; frame-src *; frame-ancestors 'self' https://seraphicalgorithms.lightning.force.com https://seraphicalgorithms.my.salesforce.com; report-uri https://seraphicsecurity.com/wp-content/plugins/airfleet-security/report-handler.php; report-to csp-endpoint; 1
base-uri 'self'; frame-ancestors 'none'; form-action 'self' https://id.recordedfuture.com; default-src 'none';  script-src 'self' 'nonce-hy74aL4JpvUmeAV+TWHWNA' 'unsafe-inline'; connect-src 'self'; img-src 'self' data: https://hatching.io; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; 1
child-src 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com;frame-ancestors 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com;frame-src 'self' *.rfihub.com *.youtube.com *.doubleclick.net *.cosmopolitanlasvegas.com *.addthis.com *.criteo.com *.tocktix.com *.meetingbroker.com *.ticketmaster.com *.chargerback.com *.triptease.io *.exploretock.com bttrack.com *.bttrack.com *.tamgrt.com *.sevenrooms.com sevenrooms.com *.flashtalking.com *.lpsnmedia.net *.facebook.com *.opentable.com liveperson.net *.liveperson.net *.liveperson.com *.lprnd.net *.tripleseat.com google-analytics.com *.google-analytics.com *.snapchat.com https://www.surveygizmo.com/ *.pixlee.co *.cosmopolitanlasvegas.com.pagescdn.com *.mgmresorts.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gethired.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://code.jquery.com https://*.gstatic.com https://*.google.com https://cdnjs.cloudflare.com https://s.gethired.com https://www.googletagmanager.com https://*.acsbapp.com https://acsbapp.com https://unpkg.com https://momentjs.com https://www.google-analytics.com https://polyfill.io https://gitcdn.github.io https://*.googleapis.com https://s3.amazonaws.com https://cdn.jsdelivr.net https://apply.indeed.com https://www.googleadservices.com https://connect.facebook.net https://*.cloudfront.net https://googleads.g.doubleclick.net https://*.opentok.com https://*.tokbox.com https://*.zendesk.com https://*.zdassets.com https://*.hotjar.com https://*.axdapi.com https://*.google-analytics.com https://*.opendns.com https://www.dropbox.com https://*.pendo.io https://optanon.blob.core.windows.net https://click.appcast.io https://*.checkr.com https://cdn.hleb.prd.hlprd.com https://*.s3.indeed.com 1
default-src 'self' 'unsafe-inline' https://*.conword.io/ https://dortmund.de/ https://rathaus.dortmund.de/ https://dortmund.labs.jochum-mediaservices.net/ https://i.ytimg.com/; frame-src 'self' https://www.youtube-nocookie.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://va.ecitizen.gov.sg https://poly-webchat.vica.gov.sg https://unbound.syndetics.com https://ltfl.librarything.com https://widget.happyfoxchat.com https://assets.wogaa.sg https://www.googletagmanager.com https://*.wogaa.sg https://*.elfsight.com https://buttons-config.sharethis.com https://app-script.monsido.com/v2/monsido-script.js https://t.sharethis.com https://storageaccountoccupa5c7.blob.core.windows.net/chatbotfiles/pops.js https://platform-api.sharethis.com/panorama.js 'self' cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://va.ecitizen.gov.sg https://poly-webchat.vica.gov.sg https://ltfl.librarything.com https://www.librarything.com https://assets.wogaa.sg/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://img.youtube.com https://via.placeholder.com https://va.ecitizen.gov.sg https://pics.cdn.librarything.com https://image.librarything.com https://www.google.com.sg https://www.google.com https://*.vica.gov.sg https://phosphor.utils.elfsightcdn.com https://platform-cdn.sharethis.com/ https://tracking.monsido.com/ 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://va.ecitizen.gov.sg https://assets.wogaa.sg/fonts; frame-src blob: *.np.edu.sg *.youtube.com *.google.com https://www.np.edu.sg http://www.youtube.com/ https://jointpoly-prd.mybluemix.net/ https://www-np-edu-sg-admin.cwp.sg/ www-np-new-edu-sg-admin.cwp.sg/ https://theta360.com/ https://ltfl.librarything.com/ https://widget.happyfoxchat.com/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/ https://t.sharethis.com/ https://vimeo.com/ https://storageaccountoccupa5c7.blob.core.windows.net/ https://www.google.com https://www.onemap.gov.sg/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.youtube.com *.google.com http://www.youtube.com/ https://va.ecitizen.gov.sg https://bucket-vica.vica.gov.sg https://chat.vica.gov.sg https://jointpoly-prd.mybluemix.net wss://chat.vica.gov.sg/socket.io/ https://happyfoxchat.com https://stats.g.doubleclick.net https://snowplow-web.wogaa.sg/ https://*.wogaa.sg https://*.elfsight.com https://l.sharethis.com https://region1.google-analytics.com https://region1.analytics.google.com https://data.stbuttons.click/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com *.youtube.com *.google.com http://www.youtube.com/ 'self' web-chat.nativechat.com; frame-ancestors 'self' blob: *.np.edu.sg https://www.np.edu.sg https://www-np-edu-sg-admin.cwp.sg/ https://jointpoly-prd.mybluemix.net/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/ https://www.google.com 1
child-src *, child-src *; 1
frame-src 'self' vecer.com *.vecer.com * 1
frame-ancestors https://*.valueline.com 1
require-sri-for 'script';require-sri-for 'style'; 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://iiii-tech.com https://www.iiii-tech.com http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
default-src 'self'; connect-src 'self' https://block.opendns.com https://coopbank.tt.omtrdc.net https://thecooperativebank.d1.sc.omtrdc.net https://www.googleapis.com https://dpm.demdex.net https://www.youtube-nocookie.com *.googleapis.com *.googlevideo.com https://play.google.com https://d2hpwsdp0ihr0w.cloudfront.net *.gbqofs.com *.gbqofs.io *.glassboxdigital.io; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static-assets-cdn.i.cloud.panopto.eu data:; frame-src 'self' https://www.youtube-nocookie.com https://cooperativebank.demdex.net https://cdn.embedly.com https://bpp.cloud.panopto.eu https://widget.trustpilot.com; img-src 'self' data: https://thecooperativebank.d1.sc.omtrdc.net https://www.fscs.org.uk https://cm.everesttech.net https://static-assets-cdn.i.cloud.panopto.eu https://d2hpwsdp0ihr0w.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://bat.bing.com https://tags.tiqcdn.com https://my.tealiumiq.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://static-assets-cdn.i.cloud.panopto.eu https://cdn.eu.pendo.io https://cdn.embed.ly https://bpp.cloud.panopto.eu https://widget.trustpilot.com *.gbqofs.com *.gbqofs.io *.glassboxdigital.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://static-assets-cdn.i.cloud.panopto.eu; media-src 'self' blob: 1
frame-ancestors 'self' https://yaware.com/; 1
default-src *.facebook.com *.fbcdn.net *.instagram.com data: blob:;script-src *.teststagram.com *.instagram.com static.cdninstagram.com *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com https://translate.google.com https://apis.google.com https://accounts.google.com;style-src *.teststagram.com *.instagram.com static.cdninstagram.com data: blob: 'unsafe-inline' *.fbcdn.net *.facebook.com;connect-src *.teststagram.com *.instagram.com wss://edge-chat.instagram.com connect.facebook.net *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* ws://localhost:* blob: *.cdninstagram.com wss://*.instagram.com:* 'self' about.instagram.com;font-src *.teststagram.com *.instagram.com static.cdninstagram.com data: *.fbcdn.net *.intern.facebook.com *.facebook.com https://fonts.gstatic.com;img-src *.teststagram.com *.instagram.com *.facebook.com *.fbcdn.net data: *.igsonar.com *.cdninstagram.com *.whatsapp.net blob: *.fbsbx.com android-webview-video-poster: *.oculuscdn.com *.giphy.com www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk https://www.gstatic.com https://*.google-analytics.com;media-src *.facebook.com *.fbcdn.net *.instagram.com *.cdninstagram.com cdn.fbsbx.com data: blob: https://*.giphy.com;frame-src *.instagram.com *.facebook.com *.fbsbx.com fbsbx.com data: www.googleadservices.com *.doubleclick.net *.google.com *.google.co.uk;block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors 'self' http://www.1001spiele.de 1
default-src 'self'; connect-src 'self' https://euc-widget.freshworks.com https://*.google-analytics.com https://carenzorgt.freshdesk.com; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; frame-src https://wchat.eu.freshchat.com https://513969701343894.eu.webpush.freshchat.com; img-src 'self' data: blob: https://p.typekit.net https://d1yim1i5ghw5xv.cloudfront.net https://*.mijnio.nl https://www.google-analytics.com https://euc-widget.freshworks.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://use.typekit.net https://euc-widget.freshworks.com https://*.google-analytics.com https://wchat.eu.freshchat.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://euc-widget.freshworks.com https://wchat.eu.freshchat.com; report-uri /csp_reports 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; frame-ancestors 'none'; frame-src https://86886.jp https://www.buffalo.jp 1
default-src 'self'; script-src cdn.bookboon.io minio.stage.bookboon.io *.omappapi.com *.google-analytics.com *.googletagmanager.com *.visualwebsiteoptimizer.com app.vwo.com *.stripe.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ blob: 'unsafe-eval' 'unsafe-inline' 'self'; style-src *.googleapis.com *.omappapi.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com blob: 'unsafe-inline' 'self'; img-src bookboon.com boont.co www.gravatar.com *.omappapi.com *.visualwebsiteoptimizer.com chart.googleapis.com www.google.co.uk www.google.com wingify-assets.s3.amazonaws.com staging.covergenerator.stage.bookboon.io staging.action-receiver.stage.bookboon.io data: 'self'; connect-src boont.co sentry.bookboon.io stream.bookboon.com *.stripe.com staging.argus.stage.bookboon.io wss://bookboon.com *.omappapi.com *.google-analytics.com *.visualwebsiteoptimizer.com *.doubleclick.net app.vwo.com 'self'; font-src 'self' https://fonts.gstatic.com https://a.omappapi.com data:; media-src stream.bookboon.com *.content.bookboon.com content.bookboon.com minio.stage.bookboon.io staging.argus.stage.bookboon.io blob: 'unsafe-inline' 'self'; frame-src *.stripe.com https://www.google.com/recaptcha/ https://a.omappapi.com app.vwo.com *.visualwebsiteoptimizer.com 'self'; child-src blob: 'self'; worker-src blob: 'self'; frame-ancestors ; report-uri https://sentry.bookboon.io/api/2/security/?sentry_key=a9cb61f0b4d1404cbef0284b913d154c&sentry_environment=production&sentry_release=premium@v3.15.1; 1
default-src 'unsafe-inline' *.akstat.io *.go-mpulse.net 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.googletagmanager.com https://*.googleadservices.com https://*.google.com https://region1.analytics.google.com https://*.analytics.google.com https://*.google.pt https://*.gstatic.com https://yoast.com https://*.googleapis.com https://*.google-analytics.com https://*.gravatar.com https://*.youtube.com https://*.ytimg.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://*.go-mpulse.net https://*.cookielaw.org https://*.onetrust.com https://*.typeform.com https://*.branch.io https://app.link https://*.e-goi.com https://*.egoiapp2.com https://egoiapp2.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://stats.g.doubleclick.net https://*.scorecardresearch.com https://*.akstat.io https://*.akamaihd.net https://*.holdonstranger.com https://*.smartlook.com https://*.smartlook.cloud https://*.bazaarvoice.com https://pingodoce.pt https://www.pingodoce.pt 1
frame-ancestors 'self' https://*.dak.coremedia.cloud; 1
style-src 'self' 'unsafe-inline'; form-action 'self' 1
frame-ancestors 'none', upgrade-insecure-requests 1
frame-ancestor 'none'; 1
default-src https: *.crazyegg.com; base-uri 'none'; connect-src 'self' https://consentcdn.cookiebot.com https://www.google.com https://secure.adnxs.com https://api.resumatorapi.com https://*.6sc.co wss://ws8.hotjar.com wss://ws10.hotjar.com https://in.hotjar.com https://vc.hotjar.io https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hubspot.com https://api.hubspot.com *.crazyegg.com; img-src 'self' https://*.6sc.co https://p.adsymptotic.com https://*.vidyard.com https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.es https://www.google-analytics.com https://www.googletagmanager.com https://secure.gravatar.com data: https://www.bluevoyant.com  https://track.hubspot.com https://secure.gravitar.com *.crazyegg.com https://lh4.googleusercontent.com https://lh6.googleusercontent.com https://s3.us-east-2.amazonaws.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.driftt.com https://*.6sc.co https://www2.bluevoyant.com https://pi.pardot.com https://snap.licdn.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://secure.gravitar.com https://googletagmanager.com https://www.googletagmanager.com https://hb.wpmucdn.com https://www.bluevoyant.com  https://bluevoyant.com https://js.hs-banner.com https://js.usemessages.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.usemessages.com https://js.hs-banner.com https://js.hsforms.net https://js.hs-scripts.com https://www.youtube.com https://*.crazyegg.com https://play.vidyard.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://hb.wpmucdn.com https://www.bluevoyant.com  https://bluevoyant.com https://hpwpmucdn.com https://fonts.googleapis.com data:; frame-src 'self' https://js.driftt.com https://www.bluevoyant.com https://www2.bluevoyant.com  https://vars.hotjar.com https://app.hubspot.com https://www.youtube.com https://*.googleusercontent.com *.googleusercontent.com https://play.vidyard.com https://consentcdn.cookiebot.com; font-src 'self' https://www.bluevoyant.com  https://fonts.gstatic.com https://cdn2.hubspot.net data:; object-src 'none'; upgrade-insecure-requests; 1
default-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com; object-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com; connect-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://checkout.stripe.com/ https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.cookieyes.com https://www.snapengage.com; font-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.google.com/ads/ https://*.google-analytics.com https://*.googletagmanager.com blob: data:; script-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.google-analytics.com https://*.googletagmanager.com https://www.snapengage.com https://cdnjs.cloudflare.com/ajax/libs/mathjs/3.12.0/math.min.js https://www.recaptcha.net/recaptcha/api.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://code.highcharts.com https://cdn-cookieyes.com 'unsafe-eval' 'nonce-rtSvnHOaHAO8CRo5vtPK7A=='; style-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://fonts.googleapis.com 'unsafe-inline'; frame-src 'self' https://*.dicksonone.com https://*.stripe.com https://s3.amazonaws.com https://cdn-cookieyes.com https://www.recaptcha.net 1
default-src 'self' blob:  p11.techlab-cdn.com; font-src 'self' * data: ; connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com * p11.techlab-cdn.com; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com * blob:  p11.techlab-cdn.com; script-src-elem 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com * blob:  p11.techlab-cdn.com;	img-src 'self' *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com * data:; worker-src 'self' blob:; frame-src 'self' app.vwo.com *.visualwebsiteoptimizer.com *; 1
default-src http://stream.nlc.cn http://www.nlc.cn https://www.adobe.com https://www.mangren.com https://www.yunmd.net http://voice.yunmd.net https://tts.yunmd.net 'self' 'unsafe-inline' 'unsafe-eval' blob: data:;img-src * data: blob:; upgrade-insecure-requests 1
default-src 'self' *.saia.com *.saiasecure.com saiasecure.com *.gcs-web.com *.iexapis.com *.vimeo.com data: *.eum-appdynamics.com *.w3.org *.google.com cdn.contentful.com *.ctfassets.net *.advertising.com *.casalemedia.com *.rubiconproject.com *.outbrain.com *.yahoo.com *.pubmatic.com *.taboola.com *.rlcdn.com *.adnxs.com *.bidswitch.net *.3lift.com *.openx.net *.adroll.com fonts.googleapis.com *.googletagmanager.com fonts.gstatic.com bat.bing.com *.mktoresp.com *.google-analytics.com *.linkedin.com *.google-analytics.co *.doubleclick.net *.adsymptotic.com *.facebook.com d.adroll.mgr.consensu.org *.tvsquared.com *.powerbi.com *.okta.com *.cookielaw.org *.onetrust.com *.gstatic.com *.site24x7static.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.mountain.com; style-src 'self' *.doubleclick.net fonts.googleapis.com 'unsafe-inline' *.cookielaw.org *.onetrust.com *.google.com *.gstatic.com *.site24x7static.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.mountain.com; script-src 'self' *.appdynamics.com *.ipredictive.com *.analytics-sm.com analytics-sm.com *.adsymptotic.com *.adroll.com *.doubleclick.net *.consensu.org munchkin.marketo.net *.googletagmanager.com *.google-analytics.com *.google-analytics.co bat.bing.com snap.licdn.com connect.facebook.net 614-yjx-388.mktoresp.com *.googleadservices.com collector-6453.tvsquared.com s.adroll.com *.clickdimensions.com *.cookielaw.org *.onetrust.com *.google.com *.gstatic.com 'unsafe-inline' *.site24x7static.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.mountain.com; img-src 'self' data: *.saiasecure.com saiasecure.com *.saia.com *.google.com *.doubleclick.net *.openx.net *.rlcdn.com *.3lift.com *.adnxs.com *.bidswitch.net *.taboola.com *.outbrain.com *.yahoo.com *.rubiconproject.com *.pubmatic.com *.advertising.com *.casalemedia.com *.bing.com *.linkedin.com *.w3.org *.tvsquared.com *.google-analytics.com *.google-analytics.co *.adroll.com *.facebook.com *.ctfassets.net analytics-sm.com *.adsymptotic.com *.analytics-sm.com *.ipredictive.com *.cookielaw.org *.onetrust.com *.gstatic.com *.site24x7static.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.mountain.com; form-action 'self' *.facebook.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.libraccio.it fibs-prd-apim.azure-api.net *.directline.botframework.com lantern.roeyecdn.com *.360yield.com *.3lift.com *.adform.net *.adnxs.com *.akamaihd.net *.akstat.io *.algolia.io *.algolia.net *.algolianet.com *.azure.com *.bidswitch.net *.bing.com *.casalemedia.com *.salecycle.com *.clarity.ms *.cloudflare.com *.awin1.com *.cookielaw.org *.creativecdn.com creativecdn.com *.criteo.com *.criteo.net *.doubleclick.net *.dwin1.com *.facebook.com *.facebook.net *.g.doubleclick.net *.go-mpulse.net *.googleadservices.com *.google-analytics.com sync.go.sonobi.com *.cloudfront.net *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.hotjar.com *.hotjar.io id5-sync.com *.ivitrack.com *.jsdelivr.net *.kaspersky-labs.com *.kelkoogroup.net *.kelkoo.com *.sfentry.com *.kk-resources.com *.klarnacdn.net *.klarnaevt.com *.lgw.io *.blob.core.windows.net *.youtube.com *.sciencebehindecommerce.com *.media.net *.mediavine.com *.tradedoubler.com *.tradetracker.com *.tradetracker.net *.omnitagjs.com *.onetrust.com *.outbrain.com *.honey.io *.pubmatic.com *.richrelevance.com *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.tiktok.com *.adnpopupblocker.com *.tremorhub.com *.yahoo.com *.yieldmo.com *.yieldlab.net *.visualstudio.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws https: http: wss: data: blob:;upgrade-insecure-requests;report-uri https://fibs-prd-apim.azure-api.net/csp-prd-ai/lib-v1/Track 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: *.brightcove.com *.brightcove.net *.givaudan.cn givaudan.cn *.givaudan.com givaudan.com *.brightcovecdn.com *.google.com *.google.at *.google.ae *.google.ru *.google.ca *.google.nl *.google.hu *.google.pt *.google.ch *.google.tn *.linkedin.com *.ads.linkedin.com px.ads.linkedin.com dc.ads.linkedin.com *.googletagmanager.com *.zencdn.net *.licdn.com *.google-analytics.com *.googleadservices.com *.ads-twitter.com *.facebook.com *.facebook.net siteimproveanalytics.com *.googleusercontent.com *.prod.boltdns.net siteimproveanalytics.com *.siteimproveanalytics.io addevent.com *.googleapis.com *.gstatic.com maps.gstatic.com *.twitter.com ipinfo.io t.co *.siteimprove.net *.siteimprove.com *.newrelic.com bam.nr-data.net *.addevent.com walls.io *.walls.io cdnjs.cloudflare.com *.buzzsprout.com tools.euroland.com tools.eurolandir.com *.google.ie *.google.co.in *.google.co.uk *.google.co.ke *.google.co.ma *.google.es *.google.com.ar *.google.com.co *.google.com.hk *.google.com.au *.google.com.ua *.google.dk *.google.com.br *.google.com.bh *.google.se *.google.com.my *.google.sg *.google.fr *.google.fi *.google.com.sg *.google.com.tr *.google.it *.google.com.sv *.google.co.za *.google.com.vn *.google.de *.gstatic.com *.zawaceboji.com *.google.co.id *.google.com.mx *.google.co.th *.g.doubleclick.net weatherwidget.io *.blob.core.windows.net *.google.com.pk p.adsymptotic.com e.issuu.com google.co.il cdn.jsdelivr.net code.highcharts.com cdn.cookielaw.org w3.org unpkg.com *.tile.openstreetmap.org online.fliphtml5.com geolocation.onetrust.com *.youtube.com *.relayto.com *.youku.com log.mmstat.com *.ykimg.com *.alicdn.com fourier.taobao.com *.linkflowtech.com privacyportal-de.onetrust.com *.onetrust.com *.onetrust.io cdn.linkedin.oribi.io relayto.com *.doubleclick.net *.googlesyndication.com unpkg.com tags.srv.stackadapt.com cdn-eu.readspeaker.com app-eu.readspeaker.com *.readspeaker.com *.userway.org *.acsbapp.com acsbapp.com; frame-ancestors 'self' ollie.givaudan.com givaudan.service-now.com 1
default-src 'unsafe-inline'  'unsafe-eval' 'self' zz.ha.cn *.sdoodo.com info.sdoodo.com art.shangdu.com  shangdu.com *.shangdu.com thangdu.com *.thangdu.com *.shangdu.net *.baidu.com *.qq.com *.weibo.com *.huliang.com *.shangdu.pro *.online.cn  *.zz.ha.cn *.entshangdu.com 1
frame-ancestors https://sede.malaga.eu/; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval' ;frame-ancestors 'self' https://manager.agilitycms.com *.scotiabank.com https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com https://1.b406929acabac9b095f124c81bdfcf57f.com https://1.c81358859121583b7adf2ace89cb39f44.com;script-src 'self' 'unsafe-eval' 'unsafe-inline'  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com c.amazon-adsystem.com https://connect.facebook.net https://p.adsymptotic.com https://static.hotjar.com https://www.google-analytics.com cdnssl.clicktale.net https://script.hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  assets.adobedtm.com  www.googletagmanager.com scotiabankfiles.azureedge.net snap.licdn.com  *.google.com  *.google.com.mx  *.google.ca  *.gstatic.com  *.pages09.net  *.scotiabank.com  *.contentsquare.net  *.contentsquare.com  *.we-stats.com  googleoptimize.com  cdn.polyfill.io  *.openstreetmap.org sb-mx-prod01.azurewebsites.net;worker-src blob: 'self';img-src 'self' *.clicktale.net  *.agilitycms.com  *.azureedge.net  *.google.com  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com Hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  assets.adobedtm.com  cm.everesttech.net  somniture.scotiabank.com  dpm.demdex.net  www.google-analytics.com  www.facebook.com  https://www.google.com.br  https://px.ads.linkedin.com  stats.g.doubleclick.net  https://p.adsymptotic.com   *.google.com   *.google.com.mx   *.google.ca   *.gstatic.com   *.pages09.net   *.scotiabank.com   *.contentsquare.net   *.contentsquare.com   googleoptimize.com   cdn.polyfill.io   *.openstreetmap.org  sb-mx-prod01.azurewebsites.net;connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval'  googletagmanager.com facebook.net google-analytics.com *.googleapis.com licdn.com cloudflare.com Youtube.com Azureedge.net Doubleclick.net Clicktale.net Demdex.net Amazon-adsystem.com Hotjar.com jquery.com agilitycms.com *.msecnd.net aspnetcdn.com  *.google.com  *.google.com.mx  *.google.ca  *.gstatic.com  *.pages09.net  *.scotiabank.com  *.contentsquare.net  *.contentsquare.com  googleoptimize.com  cdn.polyfill.io  *.openstreetmap.org sb-mx-prod01.azurewebsites.net; 1
frame-ancestors 'self' http://bloom.test http://bloomudev.prod.acquia-sites.com https://bloomudev.prod.acquia-sites.com http://bloomustg.prod.acquia-sites.com https://bloomustg.prod.acquia-sites.com https://www.bloomu.edu http://bloomu.prod.acquia-sites.com https://bloomu.prod.acquia-sites.com https://bloom.ddev.site https://commonwealth.ddev.site https://www.commonwealthu.edu https://dev.admissions.bloomu.edu/ https://stage.admissions.bloomu.edu https://solutions.nuventive.com/; report-uri https://www.bloomu.edu/report-uri/enforce 1
default-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: 'wasm-unsafe-eval'; worker-src blob:; child-src blob: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' fonts.gstatic.com data: https:; img-src 'self' data: https: blob:; media-src 'self' video.tesa.com *.youtube.com *.zohocdn.com static.zdassets.com; connect-src 'self' https: blob: wss://*.hotjar.com wss://*.zohopublic.eu wss://*.zopim.com; frame-ancestors 'none' 1
frame-ancestors 'self' https://sm008x.marsflag.com https://apply.sapporobeer.jp 1
frame-src 'self' js.stripe.com; object-src 'none'; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' matomo.exigo.ch piwik.exigo.ch 'unsafe-inline'; script-src-elem 'self' https://snap.licdn.com https://px.ads.linkedin.com https://www.googletagmanager.com matomo.exigo.ch piwik.exigo.ch 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' https://www.linkedin.com/px https://px.ads.linkedin.com https://www.google.ch data: www.wc3.org; connect-src 'self' https://px.ads.linkedin.com https://region1.analytics.google.com https://stats.g.doubleclick.net matomo.exigo.ch piwik.exigo.ch; media-src 'self' youtube; object-src 'self'; prefetch-src 'self'; child-src 'self'; frame-src 'self' https://www.youtube-nocookie.com https://srv-calc.exigo.ch https://stats.exigo.ch/; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://exigate.exigo.ch https://mailadmin.exigo.ch https://webmail.exigo.ch https://owa.goxchange.ch; upgrade-insecure-requests; block-all-mixed-content; disown-opener; base-uri 'self' *.exigo.ch; manifest-src 'self' *.exigo.ch; 1
script-src 'self' crossmark-cdn.crossref.org scholar.google.com d1bxh8uas1mnw7.cloudfront.net cdn.scite.ai cdn.jsdelivr.net connect.liblynx.com unpkg.com cdn.foxycart.com test-boneandjoint-org-uk.foxycart.com boneandjoint-org-uk.foxycart.com api.altmetric.com js.stripe.com cdnjs.cloudflare.com tpc.googlesyndication.com securepubads.g.doubleclick.net pagead2.googlesyndication.com www.googletagservices.com www.googletagmanager.com challenges.cloudflare.com 'nonce-YWinrBTeFTBoYrikbuf+PQxB9eEG0+lmKCJu5VVleIg='; object-src 'self'; block-all-mixed-content; img-src 'self' data: s3.eu-west-2.amazonaws.com crossmark-cdn.crossref.org cdn.scite.ai badges.altmetric.com connect.liblynx.com tpc.googlesyndication.com googleads.g.doubleclick.net pagead2.googlesyndication.com www.google.com; form-action 'self'; font-src 'self' fonts.gstatic.com cdn.scite.ai; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com d1bxh8uas1mnw7.cloudfront.net cdn.foxycart.com crossmark-cdn.crossref.org; base-uri 'self'; frame-ancestors 'self' 1
child-src 'self' ;connect-src 'self' 'unsafe-inline' *.amazonaws.com *.guidedogs.org.uk *.googlesyndication.com *.addthis.com *.azurewebsites.net *.googleapis.com *.hotjar.com *.zenaps.com wss://*.hotjar.com *.doubleclick.net *.usabilla.com *.google-analytics.com google-analytics.com *.paypal.com analytics.google.com *.analytics.google.com cookie-cdn.cookiepro.com cookiepro.blob.core.windows.net cdn-ukwest.onetrust.com cookies-data.onetrust.io geolocation.onetrust.com ct.pinterest.com *.algolia.net *.algolianet.com algolia.net algolianet.com s.yimg.com analytics.tiktok.com cdn.schemaapp.com data.schemaapp.com api.schemaapp.com google.com/pay pay.google.com *.hotjar.io https://www.google.com/pay www.google.com/pay;default-src 'self' ;font-src 'self' *.typekit.net *.azureedge.net gd-blog.netlify.app *.gstatic.com https://script.hotjar.com data:;frame-ancestors 'self' *.azurewebsites.net;frame-src 'self' *.addthis.com *.addthisedge.com *.guidedogs.org.uk https://www.audiencemanager.de *.hotjar.com *.rfihub.com *.facebook.com *.amazon-adsystem.com *.doubleclick.net *.youtube.com *.datacash.com *.azurewebsites.net/ *.awin1.com *.arcot.com *.youtube-nocookie.com *.americanexpress.com *.paypalobjects.com *.abmr.net *.barclaycard.co.uk *.barclays.co.uk *.lloydstsb.com *.securesuite.co.uk *.cardinalcommerce.com *.muchloved.com *.edb.com *.mycardsecure.com *.monzo.com *.securecode.com *.wlp-acs.com *.westpac.com *.redsys.es *.netsgroup.com *.touchtechpayments.com *.stripe.com *.google.com *.cloudfront.net *.paypal.com talk.hyvor.com ct.pinterest.com;img-src data: 'unsafe-eval' 'self' 'unsafe-inline' static.ads-twitter.com *.azureedge.net *.amazon-adsystem.com *.adnxs.com *.google-analytics.com google-analytics.com *.tvsquared.com *.co *.doubleclick.net *.facebook.com analytics.twitter.com *.google.com *.google.co.uk *.gstatic.com *.atdm *.googleapis.comt.com *.audiencemanager.de *.googlesyndication.com *.googleapis.com *.paypalobjects.com *.awin1.com *.ak1s.abmr.net *.abmr.net *.muchloved.com *.bing.com *.cloudfront.net *.usabilla.com c5.adalyser.com gd-blog.netlify.app images.ctfassets.net cookie-cdn.cookiepro.com cdn-ukwest.onetrust.com cookiesuksouth.blob.core.windows.net *.analytics.google.com analytics.google.com ct.pinterest.com sp.analytics.yahoo.com https://static.hotjar.com https://script.hotjar.com https://secure.adnxs.com/ https://ad.doubleclick.net/ https://flask.nextdoor.com;media-src 'self' *.azureedge.net *.youtube.com downloads.ctfassets.net;object-src 'self' ;report-uri https://rwgd.report-uri.com/r/d/csp/enforce;script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com *.google-analytics.com *.addthis.com *.addthisedge.com *.typekit.net www.googletagmanager.com static.ads-twitter.com cdnjs.cloudflare.com *.amazonaws.com *.azureedge.net *.hotjar.com *.tvsquared.com *.adform.net *.doubleclick.net *.rfihub.net *.facebook.net *.ads-twitter.com *.audiencemanager.de *.googletagservices.com *.googleadservices.com *.twitter.com a.rfihub.com *.guidedogs.org.uk *.google.com *.google.co.uk *.youtube.com *.ytimg.com *.facebook.com *.googleapis.com *.dwin1.com *.awin1.com *.zenaps.com *.muchloved.com *.bing.com *.usabilla.com *.googlesyndication.com js.stripe.com *.cloudfront.net *.trackedlink.net *.paypal.com *.sandbox.paypal.com c5.adalyser.com talk.hyvor.com analytics.google.com cookie-cdn.cookiepro.com cdn-ukwest.onetrust.com cdn.jsdelivr.net cdn-ukwest.onetrust.com s.pinimg.com s.yimg.com www.redditstatic.com analytics.tiktok.com cdn.schemaapp.com https://ads.nextdoor.com/* https://ads.nextdoor-test.com/* https://acdn.adnxs.com/ https://ads.nextdoor.com/public/pixel/ndp.js;style-src 'self' 'unsafe-inline' *.typekit.net *.guidedogs.org.uk *.azureedge.net *.google.com *.googleapis.com *.google.co.uk *.muchloved.com *.cloudfront.net cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com; 1
connect-src 'self' https://publish.ne.cision.com https://ssm.teliacompany.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-de.onetrust.com wss://collection.decibelinsight.net *.decibelinsight.net https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.google.com https://www.google.se https://app.lifeinside.io https://backend.lifeinside.io https://media.lifeinside.io; default-src 'self' https://www.googletagmanager.com; font-src 'self' https://cdn.voca.teliacompany.com https://fonts.gstatic.com; img-src 'self' https://images.ctfassets.net https://cdn-assets-eu.frontify.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.voca.teliacompany.com https://mb.cision.com data: https://ssm.teliacompany.com blob: https://px.ads.linkedin.com https://www.googletagmanager.com https://media.lifeinside.io; media-src 'self' https://cdn-assets-eu.frontify.com https://media.lifeinside.io; script-src 'self' 'unsafe-eval' blob: https://ssm.teliacompany.com https://cdn.cookielaw.org https://cdn.decibelinsight.net https://www.google.com https://www.gstatic.com https://snap.licdn.com https://stats.g.doubleclick.net https://app.lifeinside.io https://widget.lifeinside.io https://tools.euroland.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; frame-src 'self' https://telia-external.videomarketingplatform.co https://tools.eurolandir.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://telia.videosync.fi https://telia-company.videosync.fi https://ssm.teliacompany.com; object-src 'none' 1
default-src 'self' xmpp.org; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'; connect-src 'self'; object-src 'self'; child-src 'self' xmpp-office-hours.netlify.app; frame-src 'self' xmpp-office-hours.netlify.app; worker-src 'none'; frame-ancestors 'self'; form-action 'self' xmpp-office-hours.netlify.app; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' blob: data: *.massport.com *.prod.acquia-sites.com ; script-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.newrelic.com bam.nr-data.net *.youtube.com *.youtube-nocookie.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.pointr.cloud *.bing.com *.pinimg.com *.facebook.net *.teads.tv; object-src 'self' *.nr-data.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com *.massport.com *.prod.acquia-sites.com; img-src 'self' 'unsafe-inline' *.gstatic.com *.massport.com data: *.prod.acquia-sites.com bos.resources.aocdms.com *.googleapis.com *.google.com *.bing.com *.teads.tv *.pinterest.com *.facebook.com *.facebook.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' *.massport.com *.prod.acquia-sites.com *.youtube-nocookie.com; frame-src 'self' *.google.com *.atlassian.net *.prod.acquia-sites.com *.nr-data.net *.youtube.com *.youtube-nocookie.com *.items.aero *.pinterest.com; child-src 'self' *.massport.com *.prod.acquia-sites.com ; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data: *.massport.com *.prod.acquia-sites.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com analytics.google.com *.googleapis.com bam.nr-data.net mbta-proxy.bos.aocadp.com gtfs.bos.aocadp.com *.prod.acquia-sites.com *.nr-data.net *.pointr.cloud *.bing.com *.teads.tv *.pinterest.com; report-uri https://browser-intake-ddog-gov.com/api/v2/logs?dd-api-key=pubae3d9e4f547e5d8888b052206ca0205e&dd-evp-origin=content-security-policy&ddsource=csp-report; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com https://www.googleadservices.com platform.twitter.com ad.doubleclick.net https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.nanorep.co *.googletagmanager.com *.licdn.com *.doubleclick.net *.mookie1.com *.turn.com *.addthis.com *.moatads.com *.addthisedge.com *.tiktok.com https://www.buzzsprout.com/ https://cse.google.com/ https://libjs.s4mdsp.com/ https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ *.outbrain.com *.suss.edu.sg *.fontawesome.com *.bootstrapcdn.com suss-ciel.libcal.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com ads-engagement.presage.io *.botframework.com *.accredify.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ *.suss.edu.sg *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com ads-engagement.presage.io *.accredify.io; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com/ *.suss.edu.sg *.doubleclick.net *.accredify.io data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.linkedin.com *.google.com *.google.com.my *.google.com.sg *.mookie1.com suss.edu.sg *.suss.edu.sg https://www.googletagmanager.com/ https://r.turn.com/ *.outbrain.com *.youtube.com lcimages.s3.amazonaws.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com *.doubleclick.net ads-engagement.presage.io img.youtube.com *.accredify.io; media-src 'self' data: blob: sfcms.suss.edu.sg; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.suss.edu.sg *.doubleclick.net *.addthis.com https://www.buzzsprout.com/ https://pcmap-suss.netlify.app/ https://kuula.co/ *.google.com suss-ciel.libcal.com www.yumpu.com *.issuu.com teamup.com *.zscaler.net *.accredify.io; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.nanorep.co *.doubleclick.net *.nanorep.com *.addthis.com https://cdn.linkedin.oribi.io *.facebook.com *.tiktok.com analytics.google.com *.yahoo.com *.yahoodns.net *.yimg.com sp.analytics.yahoo.com *.linkedin.com ads-engagement.presage.io *.api.powerplatform.com *.botframework.com wss://directline.botframework.com *.accredify.io; 1
base-uri 'self';child-src 'self' *.pipedream.com www.youtube.com player.vimeo.com fast.wistia.net blob:;connect-src 'self' *.pipedream.com *.m.pipedream.net wss://*.pipedream.com *.fullstory.com api.cloudinary.com o210198.ingest.sentry.io https://browser-intake-datadoghq.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://api.s.pipedream.net https://cdn.s.pipedream.net https://tally.so https://*.algolia.net *.google.com https://stats.g.doubleclick.net pagead2.googlesyndication.com *.intercom.io wss://*.intercom.io https://api.getrewardful.com https://pipedream-production-workflow-attachments.s3.amazonaws.com https://pipedream-files-production.s3.amazonaws.com https://pipedream-files-makedev.s3.amazonaws.com;default-src 'none';font-src 'self' *.pipedream.com data: fonts.gstatic.com https://fonts.intercomcdn.com;frame-src 'self' *.pipedream.com https://www.youtube.com/ www.googletagmanager.com https://js.stripe.com https://tally.so accounts.google.com *.doubleclick.net;img-src * data: blob:;media-src 'self' *.pipedream.com res.cloudinary.com https://js.intercomcdn.com;object-src 'self' data:;script-src 'self' *.pipedream.com 'nonce-49013558760351317' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net google-analytics.com https://ssl.google-analytics.com www.google-analytics.com https://cdn.s.pipedream.net https://js.stripe.com https://tally.so accounts.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com;style-src 'self' *.pipedream.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com accounts.google.com;worker-src 'self' *.pipedream.com data: blob:;form-action 'none';frame-ancestors 'none';report-uri https://o210198.ingest.sentry.io/api/5660875/security/?sentry_key=97aa41261e6e462d93e454687a0d01f2&sentry_environment=production 1
upgrade-insecure-requests; block-all-mixed-content; default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src https: data: blob:; media-src https: data: blob:; object-src 'none'; connect-src https: data: blob:; child-src https: data: blob:; 1
frame-ancestors 'self' https://*.toyota.es https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' https: http: wss: data: 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.analytics.google.com *.zendesk.com *.zendesk-eu.my.sentry.io *.static.zdassets.com https://consentcdn.cookiebot.com https://ct.pinterest.com httns://webservices.global-e.com; child-src blob:; worker-src wss: blob:; frame-src https: data: 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.com https://ct.pinterest.com https://webservices.global-e.com; frame-ancestors https: 'self' *.dotomi.com https://console.noibu.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' DlkModas.com.br *.DlkModas.com.br DlkModas.fbitsstatic.net fbits.net nr-data.net newrelic.com google.com googletagmanager.com google-analytics.com facebook.net facebook.com jquery.com bootstrapcdn.com traycheckout.com.br atendimen.to hertzen.com doubleclick.net shopback.net googleadservices.com hotjar.com sunset.systems linximpulse.net cartstack.com hotjar.io neoassist.com btg360.com.br cloudflare.com rdstation.com.br retargeter.com.br clearsale.com.br cloudfront.net shopconvert.com.br shoptarget.com.br online-metrix.net performa.ai conectiva.io *.fbits.net *.nr-data.net *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.jquery.com *.bootstrapcdn.com *.traycheckout.com.br *.atendimen.to *.hertzen.com *.googleadservices.com *.doubleclick.net *.shopback.net *.cartstack.com *.hotjar.io *.hotjar.com *.sunset.systems *.linximpulse.net *.clearsale.com.br *.cloudfront.net *.shopconvert.com.br *.shoptarget.com.br *.online-metrix.net *.performa.ai *.btg360.com.br *.cloudflare.com *.rdstation.com.br *.retargeter.com.br *.conectiva.io wss://signalr.fbits.net *.yapay.com.br k-analytix.com *.k-analytix.com i.konduto.com *.facebook.com *.facebook.net *.yapay.com.br *.traycheckout.com.br *.smarthint.co *.clearsale.com.br dzpxyxks1bfmb.cloudfront.net *.getblue.io *.tiktok.com *.pinimg.com *.adaction.com.br *.gstatic.com gstatic.com *.soclminer.com.br *.btg360.com.br *.socialminer.com *.e-goi.com signalrcore.fbits.net wss://signalrcore.fbits.net *.squidit.com.br *.cloudfront.net *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadopago.com.br *.paypal.com *.paypalobjects.com *.fbits.store *.adyen.com *.vimeo.com player.vimeo.com teste service.yourviews.com.br *.yourviews.com.br *.directtalk.com.br www9.directtalk.com.br egoi.site *.egoi.site *.us-east-2.amazonaws.com s3.us-east-2.amazonaws.com analytics.pangle-ads.com *.pangle-ads.com lp.egoi.page *.egoi.page *.youtube.com *.youtube *.youtube.com.br cdn-te.e-goi.com *.e-goi cdn-static.egoiapp2.com *.egoiapp2.com *.google.com.br *.reclameaqui.com.br egoi.page app.brcomerce.com.br ; img-src https: data:; style-src https: 'unsafe-inline'; font-src https: data:; frame-ancestors *.DlkModas.com.br DlkModas.com.br; report-uri https://pub-csp.fbits.net/checkout_sem_carrinho; report-to https://pub-csp.fbits.net/checkout_sem_carrinho 1
script-src 'self' 'unsafe-inline' https://blog.quiteja.com.br https://*.cloudfront.net https://browser.sentry-cdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://*.cloudflare.com/*  https://ajax.cloudflare.com; style-src 'self' 'unsafe-inline' https://blog.quiteja.com.br https://fonts.googleapis.com; object-src 'none'; worker-src 'self' blob: 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subs.hsj.co.uk; 1
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-3uz1oPEymEJjbr7Ee10embsENG8=' 'nonce-bU0LJPHQARNBB9f3eXUNIH6u2uc=' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' www.fly4free.pl 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' gateway.moneris.com 1
default-src 'self' *.aimatch.com *.kbps.cz kbps.cz *.googleapis.com *.kbcloud *.youtube.com *.googlesyndication.com *.kb.cz *.kbinfo.cz *.google.com *.linkedin.com *.google-analytics.com *.aimatch.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.luigisbox.com *.adform.net *.seadform.net *.platform.twitter.com *.seznam.cz *.static.ads-twitter.com *.licdn.com *.linkedin.oribi.io data 'unsafe-inline'; img-src 'self' *.aimatch.com *.kbcloud *.kbinfo.cz *.youtube.com *.googletagmanager.com *.adform.net *.seadform.net *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.google.cz *.seznam.cz *.gstatic.com analytics.twitter.com t.co *.i.ytimg.com *.facebook.com *.google.com *.google-analytics.com  *.linkedin.com  maps.gstatic.com maps.googleapis.com *.kb.cz data:; script-src 'self' *.aimatch.com *.luigisbox.com *.kbps.cz kbps.cz *.facebook.net *.static.ads-twitter.com https://static.ads-twitter.com/uwt.js *.googlesyndication.com housing-calculation-fe.fat.hfd.kbcloud *.facebook.com *.doubleclick.net *.googleadservices.com *.seznam.cz https://www.google.com *.google.cz *.googletagmanager.com *.licdn.com *.adform.net *.seadform.net *.platform.twitter.com *.demogram.cz *.kbcloud *.googleapis.com rtp.persoo.ai scripts.persoo.cz *.youtube.com *.kb.cz *.kbinfo.cz *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.aimatch.com *.kbcloud *.cloudflare.com 'unsafe-inline'; worker-src 'self' *.youtube.com *.google.com *.kb.cz blob:; font-src 'self' *.youtube.com *.google.com *.gstatic.com *.kb.cz data:; frame-src 'self' *.youtube.com *.doubleclick.net *.googlesyndication.com *.adform.net *.seadform.net *.kb.cz; object-src 'none'; 1
default-src 'self'; connect-src newpaltz.edu www.newpaltz.edu *.adroll.com jobsability.azurewebsites.net directline.botframework.com wss://directline.botframework.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com *.ibytedtos.com api.idonate.com *.tts.speech.microsoft.com wss://ai.ocelotbot.com *.ocelotbot.com *.snapchat.com *.technolutions.net analytics.tiktok.com; font-src *; frame-src *.newpaltz.edu app.acuityscheduling.com airtable.com map.concept3d.com w2.countingdownto.com www.dhs.gov *.e2ma.net staticxx.facebook.com www.facebook.com newpaltz.financialaidtv.com *.google.com accounts.google.com calendar.google.com embed.idonate.com www.instagram.com cdn.knightlab.com newpaltz.knowmia.com my.matterport.com feed.mikle.com www.myatlascms.com *.ocelotbot.com prezi.com *.snapchat.com snapwidget.com w.soundcloud.com www.suny.edu *.tagboard.com free.timeanddate.com *.tiktok.com *.ttwstatic.com platform.twitter.com syndication.twitter.com *.unibuddy.co unibuddy.co player.vimeo.com vgrad.z19.web.core.windows.net newpaltz.wufoo.com newpaltzschoolofscience.wufoo.com www.youtube.com *.youvisit.com *.zenfolio.com; img-src * blob: data:; media-src 'self' data *.newpaltz.edu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newpaltz.edu *.adnxs.com c.amazon-adsystem.com cybba-bucket.s3.amazonaws.com emma-content-aggregates-prd.s3.amazonaws.com *.adroll.com cdn.botframework.com cdnjs.cloudflare.com d2rp1k1dldbai6.cloudfront.net dk98ddgl0znzm.cloudfront.net *.cybba.solutions *.cybba.us googleads.g.doubleclick.net *.dca0.com signup.e2ma.net connect.facebook.net www.google.com cse.google.com *.google-analytics.com www.googleadservices.com storage.googleapis.com www.googletagmanager.com *.ibytedtos.com embed.idonate.com *.instagram.com code.jquery.com *.ocelotbot.com sc-static.net *.stackadapt.com static.tagboard.com *.technolutions.net *.tiktok.com *.tiktokcdn.com *.tiktokcdn-us.com *.ttwstatic.com cdn.unibuddy.co player.vimeo.com *.wufoo.com *.youvisit.com; script-src-elem 'self' 'unsafe-inline' *.newpaltz.edu embed.acuityscheduling.com *.adroll.com emma-content-aggregates-prd.s3.amazonaws.com cdn.botframework.com emma-content-aggregates-prd.s3.amazonaws.com maxcdn.bootstrapcdn.com assets.calendly.com cdnjs.cloudflare.com d2rp1k1dldbai6.cloudfront.net d3gxy7nm8y4yjr.cloudfront.net dk98ddgl0znzm.cloudfront.net *.cybba.solutions googleads.g.doubleclick.net signup.e2ma.net connect.facebook.net ajax.googleapis.com www.google.com *.ibytedtos.com *.instagram.com linkhelp.clients.google.com cse.google.com www.google.com/cse/static www.googleadservices.com *.google-analytics.com www.googletagmanager.com www.gstatic.com embed.idonate.com code.jquery.com *.ocelotbot.com www.recaptcha.net sc-static.net tagboard.com static.tagboard.com *.technolutions.net *.tiktok.com *.tiktokcdn.com *.tiktokcdn-us.com platform.twitter.com *.twimg.com *.ttwstatic.com *.unibuddy.co player.vimeo.com *.wufoo.com *.youvisit.com; style-src 'self' 'unsafe-inline' *.newpaltz.edu maxcdn.bootstrapcdn.com cdnjs.cloudflare.com static-cdn.e2ma.net necolas.github.io www.google.com fonts.googleapis.com www.gstatic.com cdn.jsdelivr.net *.ocelotbot.com *.tiktokcdn.com *.tiktokcdn-us.com *.ttwstatic.com platform.twitter.com *.twimg.com *.technolutions.net; frame-ancestors 'self' https://admissions.newpaltz.edu; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' strict-dynamic blob: app.storyblok.com caudalie.com:* *.caudalie.com:* *.caudalie.services *.caudalie-usa.com localhost:* *.googletagmanager.com *.privacy-center.org *.rakuten.com *.tiktok.com *.facebook.net *.attn.tv *.bing.com sc-static.net *.iadvize.com *.abtasty.com *.bazaarvoice.com *.google-analytics.com *.doubleclick.net *.windows.net *.slgnt.eu *.snapchat.com *.recaptcha.net *.googleapis.com *.google.com *.gstatic.com *.adyen.com *.bambuser.com *.polyfill.io *.newrelic.com *.nr-data.net *.googleadservices.com *.pinimg.com *.adnxs.com *.batch.com *.matomo.cloud *.pinterest.com twitter.com *.twitter.com *.ads-twitter.com *.clarity.ms *.attentivemobile.com *.paypal.com *.yimg.com *.daumcdn.net *.rainbownine.net *.criteo.com *.criteo.net *.naver.net *.cloudfront.net *.new-programmatic.com vk.com *.yandex.ru cdn.megadata.co.kr caudalie-americas-static-storefront.imgix.net caudalie-asia-static-storefront.imgix.net caudalie-eu-staging-static-storefront.imgix.net caudalie-eu-static-storefront.imgix.net ut.rd.linksynergy.com kn.acrosspf.com youtube.com *.youtube.com vimeo.com *.vimeo.com *.trustedshops.com *.artfut.com *.rewardstyle.com mmtro.com *.mmtro.com paypalobjects.com *.paypalobjects.com awswaf.com *.awswaf.com contentsquare.com *.contentsquare.com contentsquare.net *.contentsquare.net openfpcdn.io.net *.openfpcdn.io.net 1
frame-ancestors 'self' *.visiodent.net 1
frame-ancestors 'self'  *.cnb.com 1
script-src 'nonce-ati-scripts' 'unsafe-eval' 'unsafe-hashes'; frame-src 'self' https://www.paypal.com https://checkout.paypal.com https://www.paypal.com https://static.sojern.com https://content-us-9.content-cms.com https://www.youtube.com https://widget.trustpilot.com https://www.google.com https://www.pages02.net https://td.doubleclick.net  https://ct.pinterest.com; frame-ancestors 'self' https://www.pages02.net; object-src 'none'; base-uri 'self'; worker-src 'self'; script-src-elem 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://www.google.com/recaptcha https://assets.adobedtm.com https://connect.facebook.net https://googleads.g.doubleclick.net https://bat.bing.com https://resources.xg4ken.com https://b-code.liadm.com https://sc.pages02.net  https://cdn.pdst.fm https://s.pinimg.com https://onemarketingazeu.sc.omtrdc.net https://znbnnujuydj7on7eh-aga.siteintercept.qualtrics.com https://beacon.sojern.com https://onemarketingazeu.sc.omtrdc.net https://siteintercept.qualtrics.com https://content.allianzpartnerservices.com https://widget.trustpilot.com https://static.sojern.com https://js.braintreegateway.com https://services.xg4ken.com https://www.googleadservices.com https://ct.pinterest.com https://www.paypal.com https://c.paypal.com https://s.go-mpulse.net https://azcontent.us https://sdk.joinsherpa.io https://www.azpmktgtracker.com https://tracker.mnixdata.com www.pages02.net https://www.facebook.com https://events.xg4ken.com https://27.xg4ken.com https://www.pages02.net https://www.paypalobjects.com; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net https://code.jquery.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://kendo.cdn.telerik.com/2017.2.504/js/kendo.all.min.js https://gateway.answerscloud.com/beaumont-org/production/gateway.min.js https://gateway.foresee.com/sites/beaumont-org/production/gateway.min.js https://cookie-cdn.cookiepro.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.2/js/bootstrap.min.js https://cdn.kyruus.com https://api.enqbator.com https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.googletagmanager.com http://cdn.b0e8.com https://104413.tctm.xyz/ https://104413.tctm.co/ https://104413.cctm.xyz/ https://kit.fontawesome.com *.sharethis.com aorta.clickagy.com hemsync.clickagy.com *.adsrvr.org FAD West/South databsase DBFINDP01 https://js.zi-scripts.com https://tags.clickagy.com 'self' web-chat.nativechat.com *.eloqua.com *.en25.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://unpkg.com/ionicons@4.5.10-0/dist/css/ionicons.min.css https://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com/releases/v5.14.0/css/all.css https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css https://cdn.kyruus.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.beaumont.org/images/ https://kloggyr-service.kyruus.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://cdn-images.kyruus.com https://cdn.kyruus.com http://a.b0e8.com/brightedge3.php https://kyruus-app-static.kyruus.com https://www.beaumont.edu https://www.beaumont.org https://a1.b0e8.com *.sharethis.com 'self' web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com/ https://unpkg.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.kyruus.com https://d6tizftlrpuof.cloudfront.net; frame-src https://www.beaumont.org/MyChart/mychart.dev.html https://info.beaumont.org https://d6tizftlrpuof.cloudfront.net https://mroexpress.mrocorp.com https://secure.beaumont.org/ https://www.google.com https://e.issuu.com https://www.auntbertha.com https://player.vimeo.com https://beaumonthealth.smugmug.com https://www.facebook.com https://platform.twitter.com https://external-stage.beaumont.org *.adsrvr.org https://www.youtube.com https://w.soundcloud.com/ https://hemsync.clickagy.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com https://cookie-cdn.cookiepro.com/ https://api.enqbator.com https://doctors.beaumont.org https://maps.googleapis.com https://analytics.google.com https://mroexpress.mrocorp.com https://forms.office.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com/pagead/ https://104413.tctm.xyz/ https://104413.tctm.co/ https://104413.cctm.xyz/ https://careers.beaumont.org *.doubleclick.net https://aorta.clickagy.com https://hemsync.clickagy.com 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://info.beaumont.org/ 'self' web-chat.nativechat.com 1
frame-ancestors 'self'; script-src 'self' *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.jquery.com *.newrelic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.jquery.com 'unsafe-inline'; object-src 'self' 1
frame-ancestors *.hogent.be hogent.be 1
frame-ancestors 'self' https://app.hubspot.com https://seeclickfix.com https://youtube.com https://youtu.be; default-src 'self' files.lasvegasnevada.gov;  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dnnapi.com cdnjs.cloudflare.com/ajax/libs/popper.js/  clvfiles.blob.core.usgovcloudapi.net ok1static.oktacdn.com public.govdelivery.com connect.facebook.net translate.google.com translate.googleapis.com query.yahooapis.com www.gstatic.com cdnjs.cloudflare.com/ajax/libs/moment.js/ translate-pa.googleapis.com *.fontawesome.com www.google.com/recaptcha/ s3.amazonaws.com/cdn.seeclickfix.com/ www.googletagmanager.com https://*.hotjar.com www.google-analytics.com js.hs-scripts.com js.hs-banner.com maxcdn.bootstrapcdn.com js.hs-analytics.net js.usemessages.com www.google-analytics.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com dnnapi.com clvfiles.blob.core.usgovcloudapi.net ok1static.oktacdn.com www.gstatic.com fonts.googleapis.com https://*.hotjar.com;  img-src  'self' data: lasvegasnevada.gov *.lasvegasnevada.gov *.innovate.vegas *.smugmug.com *.tile.openstreetmap.org ok1static.oktacdn.com clvfiles.blob.core.usgovcloudapi.net img.youtube.com structuredcontentstprod.blob.core.windows.net getimagefromaws20190325085338.azurewebsites.net sawebfilesprod001.blob.core.windows.net files.lasvegasnevada.gov s3.amazonaws.com/web-resources-images/ www.gstatic.com *.ovationtix.com translate.googleapis.com translate.google.com files.lasvegasnevada.gov www.google.com *.hubspot.com; font-src 'self' data: s3-us-west-2.amazonaws.com ok1static.oktacdn.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com use.typekit.net *.fontawesome.com https://*.hotjar.com; media-src 'self' *.innovate.vegas files.lasvegasnevada.gov blob: d1iiqllagryue9.cloudfront.net/kclv/; frame-src 'self' seeclickfix.com *.soundcloud.com public.govdelivery.com mapdata-lasvegasnevada-gov.appspot.com lasvegas.maps.arcgis.com cityoflasvegas.formstack.com *.lasvegasnevada.gov *.youtube.com youtube.com player.vimeo.com youtu.be *.google.com *.hubspot.com dnnapi.com flysafe.airspacelink.com;  connect-src 'self' api.open-meteo.com api.rss2json.com public.govdelivery.com govegas.okta.com dnnapi.com *.fontawesome.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com w1.weather.gov translate.googleapis.com *.hubspot.com www.google-analytics.com d1iiqllagryue9.cloudfront.net/kclv/ sawebfilesprod001.blob.core.windows.net *.lasvegasnevada.gov stats.g.doubleclick.net formstackfurniturerequest.azurewebsites.net; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://ruuter.buerokratt.emta.ee https://buerokratt.emta.ee/widget_bundle.js https://search.service.vportal.ee/v1/search/emta https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/emta https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://youtu.be/CgSBQTqbPu0 https://xgis.maaamet.ee; img-src 'self' data: *.emta.ee https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://emta.static.live.vportal.ee/ cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://buerokratt.emta.ee https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://buerokratt.emta.ee https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com https://ruuter.buerokratt.emta.ee https://buerokratt.emta.ee/widget_bundle.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src 'self' https://ngx2edge.openresty.com https://blog.openresty.com https://doc.openresty.com https://openresty.com https://stage.openresty.com https://static.openresty.com https://rontgen.openresty.com https://snap.licdn.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https: http:; img-src 'self' data: https: http:; font-src 'self' data: https: http:; 1
frame-ancestors 'self' localhost:* https://*.doccle.be https://*.doccle.nl https://*.doccle-test.be 1
default-src *; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.messenger.stratuscx.com https://api.stratuscx.com https://cdn.grassboxcdn.com https://t.contentsquare.net https://app.contentsquare.com https://apps.euw2.pure.cloud https://unpkg.com https://*.cloudflare.com https://cdn.quilljs.com https://*.jquery.com https://*.coveo.com https://*.gstatic.com https://*.jwpsrv.com https://*.jwplayer.com https://*.amazonaws.com https://*.cookiefirst.com https://*.clarity.ms https://*.doubleclick.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.liveengage.com https://*.liveengage.net https://*.liveper.sn https://*.liveperson.net https://*.lpsnmedia.net https://*.motability.co.uk https://*.motability.org.uk https://*.motabilityoperations.co.uk https://*.newscred.com https://analytics.google.com https://apis.google.com https://bat.bing.com https://c5.adalyser.com https://connect.facebook.net https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.messenger.stratuscx.com https://api.stratuscx.com https://*.cloudflare.com https://*.coveo.com https://*.jwpsrv.com https://*.jwplayer.com https://*.googleadservices.com https://*.cookiefirst.com https://*.googleapis.com https://*.jwpcdn.com https://*.jwplayer.com https://*.motability.co.uk https://*.newscred.com https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; img-src 'self' data: * https://*.contentsquare.net https://static.hotjar.com https://script.hotjar.com; font-src data: 'self' https://fonts.gstatic.com https://*.jwpcdn.com https://*.jwplayer.com https://script.hotjar.com; media-src blob: 'self' https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.lpsnmedia.net https://*.speechstream.net https://jwpsrv-vh.akamaihd.net; child-src blob: 'self' https://*.cookiefirst.com https://*.doubleclick.net https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.liveperson.net https://*.lpsnmedia.net; frame-src blob: 'self' https://apps.euw2.pure.cloud https://www.motability.co.uk https://*.cookiefirst.com https://*.doubleclick.net https://*.googleapis.com https://*.googletagmanager.com https://*.jwpcdn.com https://*.jwplatform.com https://*.jwplayer.com https://*.jwpsrv.com https://*.liveperson.net https://*.lpsnmedia.net https://accounts.google.com https://www.facebook.com https://www.google.com; connect-src 'self' wss://sqzej6e4d7.execute-api.us-east-1.amazonaws.com https://www.messenger.stratuscx.com https://api.stratuscx.com https://report.gb-pov.gbqofs.io https://*.contentsquare.net wss://webmessaging.euw2.pure.cloud https://api-cdn.euw2.pure.cloud https://api.euw2.pure.cloud https://bat.bing.com https://*.googlesyndication.com https://*.coveo.com https://*.jwpsrv.com https://*.jwplayer.com https://*.google.com https://api.experianaperture.io https://*.cookiefirst.com https://*.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.lpsnmedia.net https://*.motability.co.uk https://*.motability.org.uk https://*.motabilityoperations.co.uk https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri https://motability.report-uri.io/r/default/csp/enforce; frame-ancestors 'self' 1
default-src 'self' *.baehost.com *.googleapis.com *.gstatic.com *.google.com *.google.com.ar d-ipv6.mmapiws.com stats.g.doubleclick.net www.google-analytics.com *.livechatinc.com *.youtube.com cdn.whmcs.com paypal.com www.paypal.com cdn.jsdelivr.net http: https: data: blob: wss: 'unsafe-inline' *.baehost.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.baehost.com www.googleadservices.com bid.g.doubleclick.net googleads.g.doubleclick.net cdn.jsdelivr.net cdn1-sitebuilder.netdna-ssl.com *.googletagmanager.com connect.facebook.net www.google-analytics.com *.googleapis.com code.jquery.com device.maxmind.com *.livechatinc.com *.youtube.com *.google.com *.gstatic.com cdn.whmcs.com paypal.com www.paypal.com cdn.cpanel-sitebuilder.com dashboard.chatfuel.com; media-src 'self' *.livechatinc.com *.youtube.com *.google.com; object-src 'self' *.livechatinc.com *.youtube.com *.google.com; child-src 'self' www.facebook.com *.livechatinc.com *.youtube.com *.google.com *.doubleclick.net; img-src 'self' www.googletagmanager.com 'unsafe-inline' *.baehost.com cdn1-sitebuilder.netdna-ssl.com googleads.g.doubleclick.net *.livechatinc.com *.gravatar.com www.facebook.com www.google-analytics.com *.youtube.com *.google.com *.google.com.ar kopage.com *.kopage.com cdn.cpanel-sitebuilder.com cdn.whmcs.com *.paypal.com *.paypalobjects.com www.zumada.com www.afip.gob.ar ipv6.he.net data:; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net *.livechatinc.com *.youtube.com *.google.com *.google.com.ar *.gstatic.com *.googleapis.com cdn.whmcs.com paypal.com www.paypal.com; connect-src wss://*.baehost.com https: 1
frame-ancestors 'self' https://open-educational-resources.de https://analyse.dipf.de/ http://analyse.dipf.de/; 1
frame-ancestors 'self'; frame-src  *.savviihq.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.cookiebot.com *.fontawesome.com *.cowmanager.com cowmanager.com 1
frame-ancestors 'self'; report-uri https://reuters.report-uri.com/r/t/csp/enforce; report-to report-uri 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/ga.js https://chat.moloni.pt https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.clarity.ms https://www.googletagmanager.com/gtag/js https://translate-pa.googleapis.com/v1/ https://www.googleadservices.com/pagead/conversion.js https://td.doubleclick.net/ https://ssl.google-analytics.com/ga.js https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://cdn.wootric.com/wootric-sdk.js https://www.googleadservices.com/pagead/conversion/ https://www.googletagmanager.com/ https://cdn.cookielaw.org/ https://api.sibspayments.com/assets/js/widget.js https://unpkg.com/@googlemaps/markerclusterer/dist/index.min.js https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/vt https://google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/api.js;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.moloni.pt https://www.gstatic.com;object-src 'none';base-uri 'self';connect-src 'self' https://127.0.0.1:5080/ https://moloniprint.com https://*.moloniprint.com https://*.moloniprint.com:5080/ https://bat.bing.com https://chat.moloni.pt https://*.analytics.google.com https://*.google-analytics.com https://translate.googleapis.com https://www.google.pt https://*.clarity.ms https://google.com/pagead/ https://google.com/ccm/ https://stats.g.doubleclick.net/g/collect https://pagead2.googlesyndication.com/ https://eligibility.wootric.eu/eligible.json https://app.wootric.eu/surveys https://app.wootric.eu/responses https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/ https://maps.googleapis.com;font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://chat.moloni.pt https://www.google.com https://td.doubleclick.net/ https://www.youtube.com/ https://api.sibspayments.com;img-src * 'self' data: https://www.google-analytics.com https://bat.bing.com https://c.clarity.ms https://chat.moloni.pt https://fonts.gstatic.com https://moloni.pt https://www.google.com https://www.google.pt https://www.googletagmanager.com https://www.gstatic.com https://www.moloni.pt https://translate.googleapis.com/translate_static/ https://translate.google.com/ https://stats.g.doubleclick.net/r/collect/ https://maps.googleapis.com https://maps.gstatic.com *.ggpht.com;media-src 'self' https://www.moloni.pt 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://servicecenter.claconnect.com https://clatest.service-now.com *.hsforms.net *.hsforms.com *.service-now.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adsrvr.org *.usemessages.com https://servicecenter.claconnect.com/ https://clatest.service-now.com *.claconnect.com https://js.static.parmonic.ai/ https://cdn.jsdelivr.net *.hsleadflows.net *.hubspot.com *.hs-analytics.net https://cdn.pdst.fm https://cdn.pdst.fm https://translate-pa.googleapis.com/ https://api.hubapi.com/ https://cdn.syndication.twimg.com https://platform.twitter.com/ https://www.google.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com https://translate.googleapis.com/ https://translate.google.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://www.gstatic.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.youtube.com/ https://s.ytimg.com/ https://www.hubspot.com/ *.hsforms.com/ *.hsforms.net/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://js.hsleadflows.net/ https://snap.licdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://tags.srv.stackadapt.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://connect.facebook.net/ https://w.soundcloud.com/; img-src 'self' data: https://cla.service-now.com *.parmonic.ai/ *.servicecenter.claconnect.com https://clatest.service-now.com *.hubspotusercontent-na1.net *.hubspot.com https://forms-na1.hsforms.com https://forms.hsforms.com https://trkn.us https://www.paypalobjects.com https://cdn.cookielaw.org https://analytics.google.com https://*.mimecast.com https://*.googleapis.com https://*.adnxs.com https://platform.twitter.com/ https://pbs.twimg.com https://www.google-analytics.com https://maps.gstatic.com https://translate.google.com https://translate.googleapis.com https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://googleads.g.doubleclick.net/ https://track.hubspot.com/ https://perf.hsforms.com/ https://px.ads.linkedin.com/ https://t.co/ https://www.facebook.com/ https://p.adsymptotic.com/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.gstatic.com/ https://platform.twitter.com/ https://fonts.googleapis.com/ https://translate.googleapis.com/ https://tags.srv.stackadapt.com/; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com/; frame-ancestors 'self' servicecenter.claconnect.com https://clatest.service-now.com https://internal.insights.claconnect.com https://test.internal.insights.claconnect.com https://dev.insights.claconnect.com https://test.insights.claconnect.com https://insights.claconnect.com/; frame-src 'self' servicecenter.claconnect.com https://clatest.service-now.com *.hubspot.com *.hs-sites.com https://watch.claconnect.com *.fls.doubleclick.net https://parmonic.ai https://portal.dynamicsats.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://app.powerbi.com/ https://www.policymap.com https://forms.hsforms.com https://js.hsforms.net/ https://www.google.com/ https://www.youtube.com/ https://vars.hotjar.com/; connect-src 'self' servicecenter.claconnect.com https://clatest.service-now.com *.parmonic.ai *.hubspot.com https://us-central1-adaptive-growth.cloudfunctions.net https://sink.pdst.fm https://geolocation.onetrust.com https://analytics.google.com https://maps.googleapis.com https://forms.hsforms.com https://translate.googleapis.com https://stats.g.doubleclick.net/ https://vc.hotjar.io/ https://www.google-analytics.com https://cdn.cookielaw.org https://forms.hubspot.com/ https://tags.srv.stackadapt.com/ https://in.hotjar.com/; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.nift.me/ https://maps.googleapis.com/ https://challenges.cloudflare.com/ https://static.cloudflareinsights.com/ https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases https://www.gstatic.com/charts https://www.google-analytics.com/ https://assets.calendly.com/assets/external/widget.js https://j.6sc.co/j/67eab966-8109-48e4-b303-5dd0b1b8ecd7.js https://j.6sc.co/6si.min.js; style-src 'self' 'unsafe-inline' https://cdn.nift.me/ https://assets.calendly.com/assets/external/widget.css; object-src 'self' https://cdn.nift.me/; base-uri 'self'; connect-src 'self' https://cdn.nift.me/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://*.6sc.co/; font-src 'self' https://cdn.nift.me/ https://fonts.gstatic.com/; frame-src 'self' https://cdn.nift.me/; img-src 'self' https://cdn.nift.me/ https://cdn.nift.me/ https://www.google-analytics.com/collect https://*.6sc.co/v1/beacon/img.gif; frame-ancestors 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://c.im; img-src 'self' https: data: blob: https://c.im; style-src 'self' https://c.im 'nonce-qMngP/4iNQkrggEutEQ4Ug=='; media-src 'self' https: data: https://c.im; frame-src 'self' https:; manifest-src 'self' https://c.im; form-action 'self'; child-src 'self' blob: https://c.im; worker-src 'self' blob: https://c.im; connect-src 'self' data: blob: https://c.im https://s3.c.im wss://c.im; script-src 'self' https://c.im 'wasm-unsafe-eval' 1
base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' https://*.bistro.sk ;script-src 'self' https://*.bistro.sk  https://bistro.daktela.com https://tagmanager.google.com https://*.googletagmanager.com https://*.googlesyndication.com 'unsafe-eval' https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://*.facebook.com https://*.facebook.net https://*.hotjar.com https://js-agent.newrelic.com *.nr-data.net 'unsafe-inline' https://www.gstatic.com https://pay.google.com blob:;object-src 'none';base-uri 'self';style-src 'self' https://*.bistro.sk  data: 'unsafe-inline' https://*.hotjar.com https://tagmanager.google.com https://fonts.googleapis.com https://*.google-analytics.com;img-src 'self' https://*.bistro.sk  data: https://bistro.daktela.com https://platform-lookaside.fbsbx.com https://www.facebook.com https://*.fbcdn.net https://*.aimg.sk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google.sk https://*.google.nl https://*.google.at https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://maps.gstatic.com https://*.hotjar.com;frame-src 'self' https://*.bistro.sk  https://bid.g.doubleclick.net https://www.google.com https://*.doubleclick.net https://*.googlesyndication.com https://www.facebook.com https://www.loom.com https://pay.google.com;connect-src 'self' https://*.bistro.sk  https://rest.bistro.sk wss://eventsub.bistro.sk/ws *.nr-data.net  https://bistro.daktela.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.sk https://*.google.nl https://*.googlesyndication.com https://maps.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://www.loom.com https://google.com;font-src 'self' https://*.bistro.sk  https://bistro.daktela.com https://*.hotjar.com https://fonts.gstatic.com data: 1
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://*.pall.com https://*.pall.cn https://*.pall.co.uk https://*.pall.co.in https://*.pall.jp https://*.pall.co.kr https://*.ariba.com https://*.marketo.com https://danaher.sharepoint.com https://*.d41.co; 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-0726f0bd-5e96-4b8e-a753-95ec1483c170' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
frame-src * 'self'; frame-ancestors 'self' https://www.welove2023tour.fr/; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com piwik.itzbund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; object-src 'self' multimedia.gsb.bund.de; media-src 'self' piwik.itzbund.de *.youtube-nocookie.com multimedia.gsb.bund.de app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; frame-src 'self' player.vimeo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi media.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev; img-src 'self' data: piwik.itzbund.de securel.longtailvideo.com *.youtube-nocookie.com app.sli.do stream.alpha-loop.de cdn.myth.theoplayer.com service.video.taxi start.video-stream-hosting.de playout.3qsdn.com *.rai.it livestream.com player.procdn.live doo.net *.cloudflarestream.com tns-player.pages.dev *.cdninstagram.com; frame-ancestors 'self'; 1
default-src * 'self' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com/* https://felix-quiz-1000heads.s3.eu-west-2.amazonaws.com *.nestle.co.uk *.mikmak.ai *.swaven.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors * 'self' ; child-src * blob:; font-src * 'self' data: https:;; connect-src * 'self'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.a12.com http://portala12-env.eba-kscksae2.us-east-1.elasticbeanstalk.com 1
frame-ancestors 'self' http://www.philips.pl *.philips.com *.philips.pl https://philipsigtdpv.com 1
default-src self https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src self https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self' https://creator.zmags.com https://www.googletagmanager.com; worker-src blob: data: 1
default-src 'self'; frame-ancestors 'none'; frame-src 'self' syndication.twitter.com platform.twitter.com; form-action 'self' syndication.twitter.com platform.twitter.com; script-src 'self' 'unsafe-eval' 'nonce-Z2FpbnNpZ2h0c2NyaXB0' www.google-analytics.com platform.twitter.com audited.netcraft.com syndication.twitter.com cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com *.aptrinsic.com; connect-src 'self' *.aptrinsic.com; img-src 'self' data: chart.googleapis.com  www.google-analytics.com platform.twitter.com audited.netcraft.com syndication.twitter.com cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com *.aptrinsic.com storage.googleapis.com; style-src 'self' 'unsafe-inline' www.google-analytics.com platform.twitter.com *.aptrinsic.com audited.netcraft.com syndication.twitter.com cdn.syndication.twimg.com ton.twimg.com pbs.twimg.com; font-src 'self'; base-uri 'self'; 1
default-src 'self' ; script-src 'self' *.google.com https://js.live.net *.tinymce.com cdnjs.cloudflare.com *.skoletube.dk *.vivi.dk *.aula.dk; style-src 'self' 'unsafe-inline' *.tinymce.com unpkg.com fonts.googleapis.com; img-src * data: blob: ; font-src 'self' data: *.tinymce.com unpkg.com fonts.gstatic.com; connect-src * data: blob:; media-src 'self' blob: *.aula.dk; object-src 'none' ; frame-src *.google.com *.youtube.com *.skoletube.dk *.emu.dk *.vivi.dk https://www2.infoba.dk/api/Aula/IFrame/7000 https://www2.infoba.dk/api/Aula/IFrame/441 https://www2.infoba.dk/api/Aula/IFrame/3 https://skoleportal.easyiqcloud.dk/UgeplanWidget https://absencewidget.aula.nemborn.com/; upgrade-insecure-requests; 1
connect-src 'self' https://*.wistia.com https://api.segment.io https://*.dovetail.com https://analytics.google.com https://app.getvero.com https://cdn.segment.com https://cdn.segment.io https://cdn.linkedin.oribi.io https://embedwistia-a.akamaihd.net https://sentry.io https://o74703.ingest.sentry.io https://stats.g.doubleclick.net https://www.google-analytics.com https://*.facebook.com/ https://*.algolia.net https://fonts.gstatic.com https://images.ctfassets.net https://px.ads.linkedin.com https://*.intercom.io wss://*.intercom.io https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://app.clearbit.com; default-src 'self' https://*.wistia.com https://*.wistia.net; font-src 'self' data: https://*.wistia.com https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://script.hotjar.com; frame-src 'self' https://*.stripe.com https://fast.wistia.com https://fast.wistia.net https://optimize.google.com https://webhook.frontapp.com/ https://www.google.com https://calendly.com https://open.spotify.com/ https://www.facebook.com https://www.youtube.com/ https://intercom-sheets.com; img-src 'self' blob: data: https://dovetail.com https://*.stripe.com https://*.wistia.com https://*.wistia.net https://analytics.google.com https://cdn.shopify.com https://cdn.zapier.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://images.ctfassets.net https://images.unsplash.com https://optimize.google.com https://ssl.gstatic.com https://tagmanager.google.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.bs https://www.google.by https://www.google.ca https://www.google.ch https://www.google.ch https://www.google.co.cr https://www.google.co.hp https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.ke https://www.google.co.kr https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.uk https://www.google.co.za https://www.google.co.zw https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.br https://www.google.com.ec https://www.google.com.eg https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.ng https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.vn https://www.google.com https://www.google.cl https://www.google.cz https://www.google.de https://www.google.dk https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.gr https://www.google.hu https://www.google.hr https://www.google.ie https://www.google.iq https://www.google.it https://www.google.lk https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se https://www.google.sk https://www.google.tr https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://zapier-images.imgix.net https://*.linkedin.com https://*.licdn.com https://p.adsymptotic.com https://www.facebook.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com  https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://instatus.com https://*.instatus.com; media-src 'self' blob: data: https://dovetail.com https://*.wistia.com https://*.wistia.net https://*.ctfassets.net https://embedwistia-a.akamaihd.net https://js.intercomcdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sentry-cdn.com https://*.stripe.com https://*.wistia.com https://*.wistia.net https://api.segment.io https://cdn.segment.com https://cdn.segment.io https://optimize.google.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://*.linkedin.com https://*.licdn.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://*.intercom.io https://js.intercomcdn.com https://accounts.google.com/gsi/client https://tag.clearbitscripts.com https://x.clearbitjs.com; style-src 'self' 'unsafe-inline' blob: https://fast.wistia.com https://fonts.googleapis.com https://optimize.google.com https://tagmanager.google.com; worker-src 'self' blob: 1
: default-src 'self'; frame-ancestors 'self'; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://cdn.contentful.com https://graphql.contentful.com https://*.abtasty.com https://api.jardiland.com https://*.sentry.io https://api.axept.io https://client.axept.io https://*.algolia.net https://*.algolianet.com https://insights.algolia.io https://auth.jardiland.com https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com https://www.google.com https://www.google.fr https://*.contentsquare.net https://adservice.google.com https://analytics.google.com https://uberall.com https://geo.api.gouv.fr https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://s3.eu-west-1.amazonaws.com https://storage.googleapis.com https://izanami-api.tooling.invivodigitalfactory.com https://api-adresse.data.gouv.fr https://www.bonial.fr https://www.bonialserviceswidget.de https://trackingapi.bonial.fr https://bonialconnect.com https://analytics.tiktok.com https://maps.googleapis.com https://ct.pinterest.com https://lp.jardiland.com https://www.googleapis.com/geolocation/v1/geolocate 'self'  http://localhost:3000; font-src 'self' data: https://bonialconnect.com https://*.uberall.com https://fonts.gstatic.com 'self' https://*.abtasty.com; form-action 'self' https://*.be2bill.com/ https://*.dalenys.com/ https://www.facebook.com; frame-ancestors https://app.contentful.com; frame-src 'self' https://www.facebook.com https://*.doubleclick.net https://tpc.googlesyndication.com https://*.be2bill.com https://*.dalenys.com/ https://ct.pinterest.com https://www.youtube-nocookie.com https://kx1.co; img-src 'self' data: blob: https://res.cloudinary.com https://images.ctfassets.net https://axeptio.imgix.net https://www.facebook.com https://connect.facebook.net https://*.contentsquare.net https://ade.googlesyndication.com https://adservice.google.com https://googleads.g.doubleclick.net https://img.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.google.fr https://www.google.com https://www.google.be https://www.google.it https://www.google.de https://www.google.es https://www.google.ch https://www.google.co.uk https://content-media.bonial.biz https://bonialconnect.com https://publisher-media-old.bonial.biz https://maps.googleapis.com https://maps.gstatic.com https://*.uberall.com https://ct.pinterest.com https://favicons.axept.io 'self' https://assets.jardiland.com https://*.abtasty.com; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.abtasty.com https://www.googletagmanager.com https://static.axept.io https://connect.facebook.net https://*.contentsquare.net https://*.dalenys.com https://googleads.g.doubleclick.net https://bonialconnect.com https://maps.googleapis.com https://uberall.com https://*.uberall.com https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.google.fr https://cdn.jsdelivr.net/npm/search-insights@2.2.1 https://france.conversiontoolbox.net https://analytics.tiktok.com https://s.pinimg.com https://lp.jardiland.com 'strict-dynamic' 'nonce-PL6mqOMJLqEY9t38/tApXg==' 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 'self' https://*.abtasty.com; worker-src blob: 1
default-src 'self' data: blob: wss: 'unsafe-inline' *.wpenginepowered.com *.wpengine.com *.cloudflare.com *.qualified.com *.mktoutil.com s.w.org *.applause.com *.typekit.net applausemktg.wpenginepowered.com *.hirebridge.com *.elegantthemes.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google.com *.google-analytics.com *.doubleclick.net *.gravatar.com *.onetrust.com *.wistia.com *.wistia.net *.cookielaw.org *.linkedin.com *.mktoresp.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.qualified.com *.googleadservices.com *.cloudflare.com *.mktoutil.com *.hirebridge.com unpkg.com cdn.cookielaw.org *.wistia.net *.wistia.com cdn.jsdelivr.net *.googletagmanager.com *.doubleclick.net *.google-analytics.com  *.onetrust.com snap.licdn.com *.wistia.com *.googleapis.com *.marketo.net; style-src 'self' data: 'unsafe-inline' *.cloudflare.com *.applause.com cdn.jsdelivr.net *.googleapis.com *.typekit.net; worker-src 'self' blob:; img-src 'self' data: blob: https:; 1
upgrade-insecure-requests; default-src 'self' https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; child-src https: data: blob:; object-src https:; form-action https:; report-uri https://servix.idnes.cz/log/csp-report.aspx?w=denniexpres&d=2024-05-14 1
default-src 'self'; img-src * data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://*.trustarc.com; child-src https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://issuu.com https://*.speedrfp.com/; font-src 'self' https://fonts.gstatic.com https://*.trustarc.com  https://*.cvent.com; media-src 'self' https://*.vimeo.com https://*.youtube.com https://youtu.be.com https://gcs-vimeo.akamaized.net; frame-src 'self' https://*.smartsheet.com https://*.trustarc.com  https://*.cvent.com https://my.matterport.com https://foxwoods.blindvalet.com https://*.sertifiguidedapi.com https://*.sertifi.com https://*.vimeo.com https://*.youtube.com  https://foxwoods.mediaroom.com https://*.tintup.com https://*.doubleclick.net https://*.google.com https://*.facebook.com https://*.speedrfp.com https://*.videopoker.com https://*.spotify.com; connect-src 'self' https://*.google.com https://*.yimg.com https://*.google-analytics.com https://*.doubleclick.net https://*.linkedin.com https://lib-us-1.brilliantcollector.com https://*.trustarc.com  https://*.cvent.com 1
frame-ancestors 'self' regeneron-com-admin.intouchsol.net admin.regeneron.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; block-all-mixed-content 1
frame-ancestors 'self' *.libertic.com *.libertic-cdn.com 1
frame-ancestors 'self' https://*.weheartit.com https://weheartit.com https://*.fooducate.com https://fooducate.com 1
frame-ancestors 'self' http://thetimeforchoosing.com 1
object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    block-all-mixed-content;    upgrade-insecure-requests; 1
default-src 'self' http://localhost:3000 https://sampath-web.devops.arimac.xyz https://new-testweb.sampath.lk https://sitweb.sampath.lk https://www.sampath.lk 'unsafe-inline'; img-src 'self' data: blob: https://sampath-web.devops.arimac.xyz/* https://*.googleapis.com https://*.gstatic.com https://www.facebook.com *.google.com *.googleusercontent.com; connect-src 'self' https://*.googleapis.com https://*.gstatic.com data: https://www.google-analytics.com https://www.googletagmanager.com https://sampath-web.devops.arimac.xyz/* https://new-testweb.sampath.lk/* https://sitweb.sampath.lk/* https://www.sampath.lk/*; script-src 'sha256-dwwelU7IXuJXU57E6Y7iTuve8gt344NJEf2OxNtJoPc=' 'self' 'self' https://*.googleapis.com *.google.com https://*.gstatic.com https://www.recaptcha.net/recaptcha/api.js https://sampath-web.devops.arimac.xyz/* https://new-testweb.sampath.lk/* https://sitweb.sampath.lk/* https://www.sampath.lk/*; style-src 'unsafe-inline' 'self' https://www.gstatic.com/charts/51/* https://*.gstatic.com https://*.googleapis.com https://use.fontawesome.com/releases/v5.7.1/css/all.css; media-src 'self' https://storage.googleapis.com/arimac-storage/sampath/card_39mb%20(1).mp4; frame-src 'self' https://sea-sam-chatbot-webapp-bot-prod.azurewebsites.net/ https://www.recaptcha.net https://www.youtube.com https://www.facebook.com/ https://web.facebook.com/; script-src-elem 'self' 'unsafe-inline' https://*.googleapis.com *.google.com https://*.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://www.recaptcha.net/recaptcha/api.js https://sampath-web.devops.arimac.xyz/* https://new-testweb.sampath.lk/* https://sitweb.sampath.lk/* https://www.sampath.lk/*; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/releases/v5.7.1/webfonts/ 1
default-src 'self' 'unsafe-inline' https://img.telemart.ua https://esputnik.com http://hotline.ua https://hotline.ua https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:;img-src * 'self' data: https://img.telemart.ua http://img.telemart.ua https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com http://cdn.sendpulse.com https://connect.facebook.net https://graph.facebook.com http://cdn.lenmit.com https://googleads.g.doubleclick.net https://hotline.ua https://ppcalc.privatbank.ua https://statics.esputnik.com https://www.google-analytics.com http://ajax.googleapis.com http://uaadcodedsp.rontar.com https://www.facebook.com https://www.googleadservices.com https://apis.google.com http://t.trafmag.com http://z.lenmit.com https://track.omguk.com https://pixel.adfyier.com https://webtrafficsource.com https://sdk.lemgear.com https://22admedia.com https://cdnjs.cloudflare.com https://static.hotjar.com https://api.hrznads.com http://api.hrznads.com/ https://forms.esputnik.com;frame-src 'self' https://www.youtube.com https://www.google.com https://td.doubleclick.net https://www.facebook.com;connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://site-script.esputnik.com https://web-events.esputnik.com https://stats.g.doubleclick.net https://esputnik.com https://www.google.com https://www.google.com.ua https://google.com https://pagead2.googlesyndication.com https://streaming.bi.owox.com https://google-analytics.bi.owox.com https://region1.google-analytics.com https://region1.analytics.google.com https://webtrafficsource.com https://forms.esputnik.com 1
upgrade-insecure-requests;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com topaz.aichat.site s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net sutd.aichat.site eitri.api.useinsider.com sutdsg.api.useinsider.com www.youtube.com www.googleadservices.com snap.licdn.com cdn.taboola.com googleads.g.doubleclick.net trc.taboola.com amplify.outbrain.com secure.quantserve.com tr.outbrain.com rules.quantcount.com app-script.monsido.com analytics-au.clickdimensions.com assets.api.useinsider.com wt.adctrl.com cdn-au.clickdimensions.com cdn.unibuddy.co cse.google.com www.google.com sutdsg.inone.useinsider.com analytics.tiktok.com; 1
frame-ancestors https://*.unive.nl; object-src 'none' 1
script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.ca *.google.ci *.google.co.bw *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.ve *.google.com *.google.com.br *.google.com.co *.google.com.eg *.google.com.kh *.google.com.mt *.google.com.ng *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sa *.google.com.tr *.google.com.vn *.google.de *.google.dz *.google.fr *.google.ge *.google.ht *.google.it *.google.me *.google.nl *.google.pl *.google.pt *.google.ru *.google.se *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; upgrade-insecure-requests ; report-to csp-endpoint; report-uri https://mon.us.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&revision=7cd91960-f12e-43d1-a796-2bf5555f66fe 1
default-src 'self' blob: https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com; script-src 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60='; style-src 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; font-src 'self' 'unsafe-inline' https://techland.net https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: http://*.limbo.techland.pl/ https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://region1.google-analytics.com https://region1.analytics.google.com https://t.co/i/adsct https://i.ytimg.com https://alb.reddit.com/; frame-src 'self' http://*.limbo.techland.pl/ https://*.limbo.techland.pl/ https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/ https://player.twitch.tv/ https://accounts.google.com https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/sdk https://platform.twitter.com/ https://platform.twitter.com/widgets/; frame-ancestors 'self'; connect-src 'self' https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com wss://testy.limbo.techland.pl:9509 https://consentcdn.cookiebot.com/consentconfig/ https://region1.google-analytics.com https://region1.analytics.google.com; style-src-elem 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; script-src-elem 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60=' 1
object-src 'none'; script-src 'nonce-f076cae7132667fd97a6f2d26fd0d74066e1'  'unsafe-inline' 'strict-dynamic' https: http: 'report-sample'; base-uri 'none'; report-uri https://correspondent.report-uri.com/r/d/csp/enforce; 1
frame-ancestors cyclesoftware.nl cyclesoftware.be cyclesoftware.fr; 1
default-src 'self'; object-src 'none'; img-src 'self' * data: https://static.zilliz.app https://api.qrserver.com https://maps.gstatic.com https://maps.googleapis.com; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://static.zilliz.app; script-src-elem 'self' 'unsafe-inline' https://static.zilliz.app https://www.googletagmanager.com https://cdn.wootric.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src-elem 'unsafe-inline' 'self' https://static.zilliz.app https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.sentry.io https://*.s3.eu-central-1.amazonaws.com https://*.google-analytics.com https://*.wootric.eu https://maps.googleapis.com; font-src 'self' https://static.zilliz.app https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.google.com; media-src 'self'  https://static.zilliz.app; worker-src 'self' blob:; 1
frame-ancestors 'self' *.multimediabs.com *.orange.com *.orange-business.com 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com dsp.adfarm1.adition.com *.trbo.com c.imedia.cz www.glami.cz c.seznam.cz faqbot.co code.jquery.com *.mczbf.com *.members.cj.com heureka.cz glamipixel.com optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com pagead2.googlesyndication.com s2.adform.net track.adform.net cm.adform.net decathlon-eu.chat.getzowie.com decathloncz.app.baqend.com mczbf.com kdukvh.com emjcd.com cj.dotomi.com https://c81418.csd.dotomi.com sjwoe.com members.cj.com view.publitas.com scripts.publitas.com https://waw.chat.getzowie.com/web/live-chat/;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com dsp.adfarm1.adition.com api.faqbot.co *.trbo.com fpc.decathlon.cz dl-becz-prod-api.azurewebsites.net *.chatbotize.com herochat-plugin.chatbotize.com decathlon-eu.chat.getzowie.com waw.chat.getzowie.com core-chat.chatbotize.com eu1.chat.getzowie.com https://decathlon-eu.chat.getzowie.com/web/live-chat/chatbotize-entrypoint.min.js *.criteo.com *.criteo.net adventori.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.trylive.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.adnxs.com www.googleadservices.com *.salecycle.com redirect3536.tagcommander.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.com www.youtube.com *.loadbee.com *.dynamicyield.com screencapture.kampyle.com screencapture-cdn.kampyle.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com creativecdn.com *.dotomi.com c.imedia.cz www.glami.cz c.seznam.cz faqbot.co code.jquery.com *.mczbf.com *.members.cj.com heureka.cz glamipixel.com optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com pagead2.googlesyndication.com s2.adform.net track.adform.net cm.adform.net decathloncz.app.baqend.com mczbf.com kdukvh.com emjcd.com cj.dotomi.com https://c81418.csd.dotomi.com sjwoe.com members.cj.com view.publitas.com scripts.publitas.com https://waw.chat.getzowie.com/web/live-chat/ data: blob: *.cube-net.org *.cube-net.pub contents.mediadecathlon.com prod-wt.aws.y-track.com manager.tagcommander.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.gstatic.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.mediadecathlon.com *.googleadservices.com adservice.google.com screencaptue-cdn.kampyle.com cdn-workshop-pop.decathlon.net www.decathlon.cz sync.adotmob.com delejcotebavi.decathlon.cz *.kdukvh.com *.emjcd.com *.cj.dotomi.com fonts.googleapis.com https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ https://storage.googleapis.com/sphere-assets-prod-71-hbfe/ fonts.gstatic.com secure.brightcove.com bcboltbde696aa-a.akamaihd.net *.youtube.com saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com c.paypal.com checkout.paypal.com www.paypal.com reviews-collect-eu.satisphere.decathlon.net www.pinterest.com players.brightcove.net pay.google.com decathlon-cz-cs.custhelp.com decathlon-cz-cz--tst2.custhelp.com kontakt.decathlon.cz https://decathlon-eu.chat.getzowie.com;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com www.decathlon.cz sync.adotmob.com www.glami.cz c.seznam.cz delejcotebavi.decathlon.cz *.trbo.com faqbot.co api.faqbot.co *.kdukvh.com *.emjcd.com *.cj.dotomi.com glamipixel.com s2.adform.net track.adform.net cm.adform.net *.chatbotize.com decathloncz.app.baqend.com cj.dotomi.com https://c81418.csd.dotomi.com;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ https://storage.googleapis.com/sphere-assets-prod-71-hbfe/ optimize.google.com *.chatbotize.com decathloncz.app.baqend.com;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io sjwoe.com mczbf.com *.chatbotize.com decathloncz.app.baqend.com;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com decathlon-cz-cs.custhelp.com decathlon-cz-cz--tst2.custhelp.com kontakt.decathlon.cz *.trbo.com optimize.google.com *.chatbotize.com waw.chat.getzowie.com https://decathlon-eu.chat.getzowie.com;frame-ancestors 'self'; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' mykid.no www.gstatic.com maps.googleapis.com backstage.mykid.no; img-src * blob: data:; style-src 'self' 'unsafe-inline' fonts.gstatic.com www.gstatic.com fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data:; form-action 'self'; report-uri https://hosting.guru/csp-report/report.php 1
default-src 'none' www.college-de-france.fr www.youtube-nocookie.com podcastfichiers.college-de-france.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com cdn.jsdelivr.net https://*.college-de-france.fr; object-src 'none'; img-src 'self' data:; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' fonts.gstatic.com; connect-src https://*.college-de-france.fr ; base-uri 'none'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://app.storyblok.com http://app.storyblok.com https://account.efultimatebreak.com https://cart.efultimatebreak.com 1
default-src 'self' suhrkamp.de *.suhrkamp.de *.acast.com *.trustedshops.com *.etrusted.com *.wirth-horn.de https://analytics.twitter.com https://static.ads-twitter.com https://bat.bing.com consent.cookiebot.eu consentcdn.cookiebot.eu s.pinimg.com connect.facebook.net https://www.facebook.com *.podigee.io *.podigee.com *.podigee-cdn.net maps.google.com *.google.com/maps/ https://www.google.com/pagead/ https://www.google-analytics.com https://tagmanager.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net adservice.google.com *.gstatic.com https://www.youtube-nocookie.com https://player.vimeo.com 'unsafe-eval' 'unsafe-inline' *.personio.de *.pinterest.com; img-src data: *; media-src data: *; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com 1
frame-ancestors 'self' www.konami.com img.konami.com; 1
default-src 'self' adservice.google.com app.vwo.com *.azureedge.net blob: data: *.dynamics.com feedback-api.lumoa.me fonts.googleapis.com *.litix.io maps.googleapis.com *.ninchat.com pagead2.googlesyndication.com *.sleeknote.com staz-ada-we-fe-test-www-app.azurewebsites.net:* terveystalo.piwik.pro *.visualwebsiteoptimizer.com *.zef.fi *.wistia.com;script-src 'self' app.vwo.com *.azureedge.net blob cdn.pushcrew.com dynamics.com googleads.g.doubleclick.net/pagead/viewthroughconversion* googleadservices.com/pagead/conversion* googletagmanager.com/gtag/js fast.wistia.net *.jobylon.com *.lfeeder.com maps.googleapis.com ninchat.com s2.adform.net/banners/scripts/st/trackpoint-async.js *.sleeknote.com terveystalo.piwik.pro terveystalo.containers.piwik.pro track.adform.net *.visualwebsiteoptimizer.com *.wistia.com 'nonce-oJB1rRwuRklzzH/6d6J2hf2Yc8/kkB4GKjqTB/iwai4=' 'unsafe-eval' 'unsafe-inline';style-src 'self' ninchat.s3.amazonaws.com app.vwo.com analytics-consent-manager.azureedge.net analytics-consent-manager-test.azureedge.net analytics-consent-manager-prod.azureedge.net fonts.googleapis.com ninchat.com sleeknotestaticcontent.sleeknote.com terveystalo.containers.piwik.pro *.visualwebsiteoptimizer.com 'unsafe-inline';font-src 'self' assets.terveystalo.com data: fonts.gstatic.com ninchat.com sleeknotestaticcontent.sleeknote.com staz-ada-we-fe-test-www-app.azurewebsites.net:* terveystalo.containers.piwik.pro *.wistia.com;img-src 'self' analytics.sleeknote.com app.vwo.com azureedge.net blob: data: dev.visualwebsiteoptimizer.com *.dynamics.com google.com www.google.com google.fi www.google.fi *.googletagmanager.com i.ytimg.com *.jobylon.com *.lfeeder.com maps.googleapis.com maps.gstatic.com *.piwik.pro *.sleeknote.com storage.zef.fi *.terveystalo.com *.wistia.com;frame-ancestors 'self' https://*.terveystalo.com;frame-src 'self' analytics-consent-manager.azureedge.net analytics-consent-manager-test.azureedge.net analytics-consent-manager-prod.azureedge.net analytics-consent-manager-v2-prod.azureedge.net app.vwo.com apps.myzef.com cdn.jobylon.com e.infogram.com *.google.com fast.wistia.net *.investis.com news.alertir.com ninchat.com *.sleeknote.com *.svc.dynamics.com terveystalo.gw.efectecloud.com td.doubleclick.net track.adform.net *.visualwebsiteoptimizer.com zef.fi *.zef.fi *.youtube.com 1
default-src 'self';font-src 'self' fonts.bunny.net;style-src 'nonce-J54FxzmpNssfeYayieXLxA9mzYDtd2Lo/SWCjBbpcSM=' 'self' fonts.bunny.net cdn.jsdelivr.net;script-src 'nonce-J54FxzmpNssfeYayieXLxA9mzYDtd2Lo/SWCjBbpcSM=' 'strict-dynamic' https: 'unsafe-inline';frame-src 'self' www.google.com maps.google.fr support.gipcdg.fr;object-src 'none';img-src 'self' data: jedonnemonavis.numerique.gouv.fr support.gipcdg.fr;connect-src 'self' support.gipcdg.fr 1
font-src 'self' https: data:; 1
default-src 'self' data:; font-src 'self' https://fonts.gstatic.com https://cdn.shopify.com/ https://www.mercedesamgf1.com/fonts/; script-src 'self' 'unsafe-inline' https://netlify-cdp-loader.netlify.app/netlify.js https://netlify-rum.netlify.app/netlify-rum.js https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://googleads.g.doubleclick.net/ https://cookie-cdn.cookiepro.com https://embedsocial.com https://static.hotjar.com https://script.hotjar.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.tiktok.com https://demos.shorthandstories.com https://mercedes-f1.shorthandstories.com https://iframely.shorthand.com https://analytics.shorthand.com https://news.files.bbci.co.uk; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/ https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://embedsocial.com https://static.klaviyo.com https://static-tracking.klaviyo.com/ https://demos.shorthandstories.com https://mercedes-f1.shorthandstories.com; img-src 'self' data: https://images.ctfassets.net/ https://downloads.ctfassets.net/ https://www.mercedesamgf1.com/ www.googletagmanager.com https://ssl.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/pagead/ https://www.google.com/ads/ https://www.google.co.uk/pagead/ https://www.google.co.uk/ads/ https://cookie-cdn.cookiepro.com https://*.cdninstagram.com https://*.fbcdn.net https://*.mercedesamgf1.com https://www.facebook.com https://analytics.twitter.com https://t.co https://demos.shorthandstories.com https://mercedes-f1.shorthandstories.com; media-src https://videos.ctfassets.net/ https://demos.shorthandstories.com https://mercedes-f1.shorthandstories.com; connect-src 'self' https://images.ctfassets.net/ https://cdn.contentful.com/spaces/ https://zbibmsjqsq-dsn.algolia.net https://zbibmsjqsq-1.algolia.net https://zbibmsjqsq-2.algolia.net https://zbibmsjqsq-3.algolia.net https://e5dqp7eju1-dsn.algolia.net https://e5dqp7eju1-1.algolia.net https://e5dqp7eju1-2.algolia.net https://e5dqp7eju1-3.algolia.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://*.mercedesamgf1.com https://*.klaviyo.com https://content.hotjar.io wss://ws.hotjar.com https://analytics.tiktok.com https://gateway.shorthand.com https://stats.g.doubleclick.net; frame-src 'self' https://www.youtube.com https://embedsocial.com https://td.doubleclick.net; object-src 'none'; 1
img-src https: object-src data: 'unsafe-eval' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-Xb/m9x3+Eew+YU/Aw8Qt3g=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
upgrade-insecure-requests; default-src 'self'; frame-src 'self' soundcloud.com w.soundcloud.com vimeo.com *.vimeo.com *.linkedin.com linkedin.com snap.licdn.com *.elfsight.com *.googleapis.com *.lamapoll.de *.microsoftonline.com *.podigee.com *.podigee-cdn.net *.tuv-nord.com *.tuvnordegypt.com *.yammer.com lamapoll.de microsoftonline.com partner.vytal.org www.google.com www.youtube-nocookie.com www.youtube.com yammer.com *.whatchado.com whatchado.com crm.de player.vimeo.com; style-src 'self' 'unsafe-inline' *.recruitmentplatform.com recruitmentplatform.com *.amazonaws.com *.bing.com *.googleapis.com *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.tuv-nord.com *.walkme.com tuev-nord.de www.nord-kurs.de www.youtube.com *.moin.ai; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.recruitmentplatform.com recruitmentplatform.com *.linkedin.com linkedin.com *.consentmanager.net consentmanager.net *.b-cdn.net snap.licdn.com *.amazonaws.com *.assets-yammer.com *.bing.com *.clarity.ms *.cloudfront.net *.doubleclick.net *.elfsight.com *.google.com *.googleapis.com *.gstatic.com *.hs-analytics.net *.jquery.com *.lamapoll.de *.mgr.consensu.org *.podigee.com *.podigee-cdn.net *.tuev-nord.de *.tuv-nord.com *.userlike.com *.walkme.com assets-yammer.com connect.facebook.net f.vimeocdn.com hs-analytics.net lamapoll.de tuev-nord.de tuvnordvietnam.com.vn *.google-analytics.com www.google-analytics.com targetbox.de *.targetbox.de www.google.com www.google.de www.googleadservices.com www.googletagmanager.com www.nord-kurs.de www.youtube.com *.hs-banner.com js-hs-banner.com *.hs-scripts.com hs-scripts.com js.hsleadflows.net js.hsadspixel.net *.createjs.com zingtree.com *.moin.ai blob:; font-src 'self' *.recruitmentplatform.com recruitmentplatform.com *.amazonaws.com *.bing.com *.cloudfront.net *.gstatic.com *.podigee.com *.podigee-cdn.net *.tuev-nord.de tuev-nord.de www.nord-kurs.de *.moin.ai data:; connect-src 'self' *.linkedin.com linkedin.com *.recruitmentplatform.com recruitmentplatform.com *.oribi.io *.hs-banner.com js-hs-banner.com *.hs-scripts.com snap.licdn.com *.amazonaws.com *.bbbserver.de *.bing.com *.clarity.ms *.consentmanager.mgr.consensu.org *.doubleclick.net *.elfsight.com *.googleapis.com *.herokuapp.com *.tuev-nord.de *.tuv-nord.com *.userlike.com targetbox.de *.targetbox.de bbbserver.de tuev-nord.de wss://tuev-academy-chatbot.herokuapp.com wss://umd.userlike.com *.analytics.google.com analytics.google.com *.google-analytics.com www.google-analytics.com www.youtube.com www.nord-kurs.de api.hubapi.com forms.hubspot.com *.moin.ai wss://bot.moin.ai; img-src * data:; media-src * blob:; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://plausible.io https://antagning.se https://vanta.antagning.se *.queue-it.net https://dl.episerver.net https://www.gstatic.com/recaptcha/ https://www.recaptcha.net https://www.gstatic.cn/recaptcha/ https://uhrfaq.samres.services https://www.google.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' https://uhrfaq.samres.services; object-src 'none'; connect-src 'self' https://plausible.io https://uhrfaq.samres.services; img-src 'self' 'report-sample' data: blob: https://antagning.se; worker-src 'none'; font-src 'self' data: https://uhrfaq.samres.services; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net recaptcha.net; base-uri 'self'; form-action 'self' https://antagning.se epayment.nets.eu test.epayment.nets.eu https://uhrchatt.samres.services https://uhrfaq.samres.services; manifest-src 'self'; frame-ancestors 'self'; child-src 'none'; upgrade-insecure-requests; report-to csp-endpoint; report-uri /se/contentpolicyv2 1
frame-ancestors self https://redactie.natuurmonumenten.nl *.platform.sh *.natuurmonumenten.nl 1
frame-src 'self' bomjesus.br *.bomjesus.br usf.edu.br *.usf.edu.br fae.edu *.fae.edu google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com viddler.com *.viddler.com eadfranciscanos.com.br *.eadfranciscanos.com.br virtualspirits.com *.virtualspirits.com zenvia.com *.zenvia.com *.fundacred.org.br 1
frame-ancestors 'self' https://help.patagonia.com/ https://cs.patagonia.jp/ https://patagonia-jp.my.salesforce-sites.com/ https://notouchie-patagoniacommunity.cs7.force.com/ 1
script-src 'self' *.doubleclick.net *.google-analytics.com *.bing.com *.facebook.net *.outbrain.com *.mathtag.com *.proofpoint.com *.clarity.com *.treasuredata.com *.clarity.ms *.licdn.com *.yellowmessenger.com *.googletagmanager.com *.youtube.com *.googleapis.com *.google.com *.gstatic.com *.paytm.in *.paytmpayments.com *.paytmpayments.com *.googlesyndication.com *.googleadservices.com *.ads-twitter.com *.optimizely.com *.visualwebsiteoptimizer.com 'unsafe-inline' 'unsafe-eval' blob: ; 1
report-uri https://investnews.com.br 1
script-src 'self' *.abmr.net *.ads-twitter.com *.awin1.com *.bazaarvoice.com *.bing.com *.brsrvr.com *.clarity.ms *.contentsquare.com *.contentsquare.net *.curbside.com *.doubleclick.net *.dwin1.com *.euro.confirmit.com *.facebook.com *.facebook.net *.fredhopperservices.com *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.incontact.com *.incontact.eu *.kfplc.com *.micpn.com *.network-eu.bazaarvoice.com *.nice-incontact.com *.niceincontact.com *.paypal.com *.paypalobjects.com *.res-x.com *.screwfix.com *.screwfix.local *.tiqcdn.com *.trustarc.com *.truste.com *.twitter.com *.wufoo.com *.yottaa.net *.youtube.com *.zenaps.com analytics.twitter.com analytics.tiktok.com app.contentsquare.com bat.bing.com test-screwfix.bloomreach.io screwfix.bloomreach.io staging-screwfix.bloomreach.io cdn.attraqt.io contentsquare.com incandescent-inferno-925.firebaseio.com k1u3gele.micpn.com rtdb.tenfold.com s.pinimg.com screwfixmedia.co.uk sdk.woosmap.com t.contentsquare.net *.tealiumiq.com tracker.tenfold.com youtube.com mpsnare.iesnare.com six.cdn-net.com uk.cdn-net.com cdn.optimizely.com *.cloudfront.net bugcrowd.com assets.bugcrowdusercontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' test-screwfix.bloomreach.io screwfix.bloomreach.io staging-screwfix.bloomreach.io; object-src 'self' *.gstatic.com; worker-src blob: 'self'; report-uri https://csp-processor-internal-ffx-csp-prod.k8s.ap.digikfplc.com/csp; report-to csp-report-uri 1
frame-ancestors 'self' http://www.genau-lotto.de http://genau-lotto.de https://*.etracker.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: blob: https:;  img-src 'self'  *.nui.media *.hr.com data: blob: https:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.s3.amazonaws.com *.bootstrapcdn.com *.jquery.com *.s3.wasabisys.com *.fontawesome.com *.hr.com *.datatables.net *.sharethis.com *.jqueryscript.net *.materialdesignicons.com *.jsdelivr.net *.calendly.com *.google.com onesignal.com *.surveygizmo.com *.nextthought.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hr.com *.wistia.com *.wistia.net *.sharethis.com *.googletagmanager.com *.facebook.net *.googlesyndication.com *.s3.amazonaws.com *.google-analytics.com *.aspnetcdn.com *.nui.media unpkg.com *.livechatinc.com *.google.ca *.googleadservices.com *.feathr.co *.licdn.com *.google.com *.hotjar.com *.hotjar.io *.cloudflare.com *.g.doubleclick.net *.adroll.com *.services.siteforum.com *.twitter.com *.amazon-adsystem.com *.googleapis.com *.bootstrapcdn.com *.stripe.com *.jquery.com *.jsdelivr.net ml314.com *.ml314.com github.com ipinfo.io *.s3.wasabisys.com *.osano.com *.onesignal.com onesignal.com *.cloudfront.net *.rumbletalk.com rumbletalk.com *.linkedin.com *.calendly.com *.adsafeprotected.com *.doubleclick.net *.github.io *.google.co.in *.gstatic.com *.datatables.net *.nextthought.com *.youtube.com youtube.com survey.alchemer.com *.surveygizmo.com *.rawgit.com blob:; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.sharethis.com *.g.doubleclick.net *.facebook.com *.hotjar.com *.hotjar.io *.livechatinc.com *.googlesyndication.com *.google.com *.stripe.com *.youtube.com youtube.com *.youtube-nocookie.com *.wistia.com *.wistia.net *.twitter.com *.googleapis.com *.hr.com hr.com *.swooptalent.com *.rumbletalk.net calendly.com *.adsafeprotected.com *.doubleclick.net *.alchemer.com *.nextthought.com *.nui.media *.s3.wasabisys.com *.issuu.com *.visier.com *.app.visier.com secure.livechatinc.com; frame-ancestors 'self' *.nextthought.com *.hr.com *.thoughtindustries.com *.visier.com *.app.visier.com; 1
frame-ancestors 'self' https://secure-dev.firstmidwest.com https://secure-test.firstmidwest.com https://secure-accp.firstmidwest.com https://secure.firstmidwest.com https://secure-dev.oldnational.com https://secure-test.oldnational.com https://secure-accp.oldnational.com https://secure.oldnational.com https://secure-dev.thehsaauthority.com https://secure-test.thehsaauthority.com https://secure-accp.thehsaauthority.com https://secure.thehsaauthority.com https://onlinebanking.oldnational.com https://secure-uat.firstmidwest.com 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' *.medicitalia.it; style-src * data: 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src * blob:; frame-src *; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; report-uri /report-csp-violation 1
frame-ancestors 'self' *.bluetail.salesforce.com *.content.force.com *.documentforce.com *.force.com *.forcesslreports.com *.forceusercontent.com *.lightning.com *.salesforce.com *.salesforceliveagent.com *.salesforce-communities.com trailblazer.me *.visualforce.com *.sfdcstatic.com secure.eloqua.com *.google.com google.com *.doubleclick.net www.facebook.com ssl.google-analytics.com login.salesforce.com test.salesforce.com analytics.localytics.com manifest.localytics.com; 1
font-src *.googleapis.com *.gstatic.com *.cloudflare.com *.cloudfront.net *.livechatinc.com *.resultspage.com *.twitter.com *.typekit.net *.twimg.com *.font-src.com *.bootstrapcdn.com addstrap-ui.addshoppers.com api.livechatinc.com bat.bing.com *.fontawesome.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.noibu.com jerrysartarama.com *.resultspage.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.twitter.com *.facebook.com *.resultspage.com 'self' 'unsafe-inline'; frame-ancestors  'self'; img-src  www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.cloudfront.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.google.co.in *.facebook.net *.facebook.com addstrap-ui.addshoppers.com bat.bing.com api.livechatinc.com *.doubleclick.net *.bing.com edge.curalate.com s1.listrakbi.com ad.360yield.com ade.clmbtech.com adgen.socdm.com cdn.aralego.net cdn.noibu.com hb.yahoo.net dis.criteo.com e1.emxdgt.com ads.stickyadstv.com sca1.listrakbi.com *.bing.com adx.dable.io cdn.livechat-files.com cm.g.doubleclick.net assurance.sysnetgs.com p.typekit.net x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com match.sharethrough.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com tg.socdm.com r.casalemedia.com cs.adingo.jp idsync.rlcdn.com exchange.mediavine.com sync.outbrain.com simage2.pubmatic.com s.ad.smaato.net sync.aralego.com sync-criteo.ads.yieldmo.com ib.adnxs.com ups.analytics.yahoo.com match.adsrvr.org pr-bh.ybp.yahoo.com cm.adgrx.com t.powerreviews.com media.powerreviews.com mediacdn.espssl.com jerrysartarama.com *.resultspage.com um.simpli.fi b.sli-spark.com res.cloudinary.com *.stackadapt.com *.cnstrc.com cnstrc.com *.viralsweep.com  *.cloudinary.com *.powr.io  data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com ui.powerreviews.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com *.cloudfront.net *.shop.pe shop.pe edge.curalate.com cdn.noibu.com cdn.ywxi.net assurance.sysnetgs.com geo-targetly.com dynamic.criteo.com *.cdn4.forter.com jerrysartarama.resultspage.com  services.listrak.com addshoppers.s3.amazonaws.com widget.us.criteo.com sslwidget.criteo.com *.listrakbi.com assets.resultspage.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.gstatic.com *.cloudflare.com *.twitter.com *.google-analytics.com *.googleadservices.com *.google.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.paypalobjects.com  *.cardinalcommerce.com *.zopim.com *.googletagmanager.com *.facebook.net *.doubleclick.net *.bing.com *.newrelic.com *.nr-data.net *.google.co.in use.typekit.net klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com cdn.livechatinc.com assets.pinterest.com jerrysartarama.com *.resultspage.com widgets.pinterest.com api.livechatinc.com b.sli-spark.com *.commerce-payment-services.com *.magento-ds.com *.commerce-payment-services.com *.magento-ds.com res.cloudinary.com *.cloudinary.com polaris.truevaultcdn.com *.trustedsite.com *.jsdelivr.net *.stackadapt.com *.qvdt3feo.com *.cnstrc.com cnstrc.com *.viralsweep.com *.powr.io *.bc0a.com data: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.jerrysartarama.com *.resultspage.com *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; default-src * data: 'self' 'unsafe-eval' 'unsafe-inline'; worker-src blob: 1
script-src 'self' 'unsafe-eval' https://js.fintoc.com/v1/ https://api.fintoc.com/v1/  https://wlscripts.recorrido.cl https://www.googleoptimize.com  https://www.google-analytics.com https://www.recaptcha.net 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googleadservices.com https://www.gstatic.com https://diffuser-cdn.app-us1.com  https://cdn.recorrido-new.cl https://www.recaptcha.net https://*.googletagmanager.com  https://tagmanager.google.com/ https://*.google.com https://prism.app-us1.com https://cdn.recorrido.cl https://trackcmp.net https://js-agent.newrelic.com https://bam.nr-data.net https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js frame-src 'unsafe-inline' 'unsafe-eval' 'self' https://wlscripts.recorrido.cl https://www.googleoptimize.com https://tracking.krip.cl/bciplus/script.js https://api.fintoc.com/v1/ https://js.fintoc.com/v1/; 1
frame-ancestors 'self' wol.gg wof.gg; 1
frame-ancestors 'self' https://mgmt-prod-gcp.keurig.com; 1
frame-ancestors *.threatspike.com 1
default-src 'self'; script-src 'self' 'sha256-I+yvI62KX6Z5LVtENtjL/kxF9h1ZYUggU1kDka869G0=' 'sha256-Rtjp9WRsyLj3MhvlnjNB+Q7b80U2fyLA8UDX7SxVHww=' www.google.com www.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com ajax.googleapis.com www.youtube.com www.instagram.com  platform.instagram.com connect.facebook.net platform.twitter.com maps.googleapis.com oc-cdn-public.azureedge.net js.adsrvr.org acdn.adnxs.com td.doubleclick.net fls.doubleclick.net ad.doubleclick.net static.hotjar.com insight.adsrvr.org cdn.cluepixel.com; style-src 'self' 'unsafe-inline' fonts.cdnfonts.com fonts.googleapis.com oc-cdn-public.azureedge.net tagmanager.google.com www.gstatic.com; font-src 'self' fonts.cdnfonts.com *.fonts.gstatic.com fonts.gstatic.com data:; connect-src 'self' res.cloudinary.com vitals.vercel-insights.com graph.facebook.com assets.metrolinx.com https://api.gotransit.com/v2/ ae72qusyyn-dsn.algolia.net ae72qusyyn-3.algolianet.com ae72qusyyn-2.algolianet.com ae72qusyyn-1.algolianet.com maps.googleapis.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com cdn.cluepixel.com ad.doubleclick.net insight.adsrvr.org; img-src 'self' res.cloudinary.com cloudinary.com assets.metrolinx.com i.ytimg.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.googleads.g.doubleclick.net *.google.com ssl.gstatic.com www.gstatic.com *.facebook.com data: cdn.cluepixel.com ad.doubleclick.net insight.adsrvr.org; media-src 'self' blob: res.cloudinary.com assets.metrolinx.com; frame-src www.youtube.com www.google.com www.instagram.com www.linkedin.com www.facebook.com platform.twitter.com outlook.office365.com oc-cdn-public.azureedge.net *.g.doubleclick.net maps.metrolinx.com fls.doubleclick.net td.doubleclick.net insight.adsrvr.org match.adsrvr.org cdn.cluepixel.com ad.doubleclick.net; frame-ancestors 'self'; form-action 'self' 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.mczbf.com alb.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.visualwebsiteoptimizer.com app.vwo.com www.redditstatic.com conversions-config.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-f45b6e5f2ad1455dc9d969aef5724cf9' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com 1
frame-ancestors https://*.seinesaintdenis.fr; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.tnx.it *.tnx.it ssl.google-analytics.com www.google-analytics.com www.googletagmanager.com/gtag/js googleads.g.doubleclick.net maps.googleapis.com/; frame-src 'self' maps.googleapis.com/; 1
frame-ancestors 'self' *.thebluebook.com *.oneteam.build *.construction.com *.dodgedev.com *.dodgeqa.com 1
frame-ancestors 'self' https://*.maxicours.com; 1
frame-ancestors *.nvenergy.com *.bidgely.com *.ecofactor.com *.ecobee.com *.cleanpowerdemo.com file://* 1
frame-ancestors *.k-rauta.fi; 1
frame-ancestors 'self' *.casinoportugal.pt *.casinodeportugal.pt *.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.pt www.googleadservices.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.wvdudkswnr.net *.jtmmizms.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com wss://*.onfido.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* *.localhost.direct ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; default-src 'unsafe-eval' 'unsafe-inline' 'self' *.casinoportugal.pt *.casinodeportugal.pt *.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.pt www.googleadservices.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.wvdudkswnr.net *.jtmmizms.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com wss://*.onfido.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* *.localhost.direct ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; object-src 'self'; img-src blob: data: 'self' *.casinoportugal.pt *.casinodeportugal.pt *.gstatic.com *.google.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com *.doubleclick.net www.google.pt www.googleadservices.com *.casinomodule.com *.casinoportugal-static.casinomodule.com *.isoftbet.com *.prerelease-env.biz *.pragmaticplay.net *.wvdudkswnr.net *.jtmmizms.net *.redrakegaming.com *.netentcdn.com *.tomhorngames.com *.tomhorngaming.eu *.thstatic.com *.neobiz.pt *.esagaming.com *.esagaming.it *.pariplaygames.com *.darwininteractive.com *.darwingaming.com *.stage.pariplaygames.com *.cloudfront.net cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.betstream.betgenius.com www.score24.com *.paysafecard.com *.skrill.com *.switchpayments.com *.freshchat.com *.eu.freshchat.com *.wchat.freshchat.com *.freshmarketer.com *.cdn.freshmarketer.com *.sportcastlive.com *.betstream.betgenius.com *.sportradar.com *.hotjar.io *.hotjar.com wss://*.hotjar.io wss://*.hotjar.com wss://*.onfido.com minifootball.pt allstars.pt *.facebook.com *.facebook.net *.syngamtech.com *.tomhorngames.com *.ads.sportradar.com *.sportradarserving.com bsw.digitru.st x.bidswitch.net bswx.net data: font casino.localhost:* *.localhost.direct ssl.connextra.com ww1510.smartadserver.com *.stackify.com *.zscaler.net *.verifai.com *.hipay-tpp.com ws://wwe2.byside.com *.byside.com *.onfido.com *.ingest.sentry.io *.sync.onfido.com *.assets.onfido.com *.checkout.com; worker-src blob: 'self' 1
default-src 'self' https://media.nedigital.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://public-api.thor.zopsmart.com https://*.omni.fairprice.com.sg https://maps.googleapis.com https://*.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://*.google.com https://www.facebook.com https://connect.facebook.net https://*.omguk.com https://*.googlesyndication.com https://*.fairprice.com.sg https://cdemux.appspot.com https://staticcdn.enzymic.co https://storage.googleapis.com https://110006471.collect.igodigital.com/collect.js https://fairprice.api.sociaplus.com/custom/fairprice https://s.yimg.com https://sp.analytics.yahoo.com/ https://t.contentsquare.net https://app.contentsquare.com https://*.bazaarvoice.com http://display.ugc.bazaarvoice.com/ http://stg.api.bazaarvoice.com/ http://api.bazaarvoice.com/ https://mpsnare.iesnare.com https://js.adsrvr.org/ https://analytics.tiktok.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://cdn.sprig.com/ https://cdn-assets-prod.s3.amazonaws.com https://*.abtasty.com https://*.googleapis.com https://*.salefinder.com.au https://*.nedigital.sg https://cdn.segment.com https://api.segment.io https://cdn.moengage.com https://app-cdn.moengage.com; connect-src 'self' https://cdn.linkedin.oribi.io/ https://analytics.google.com/ https://*.thor.zopsmart.com https://*.omni.fairprice.com.sg http://endpoint-publisher-service https://*.cybersource.com http://go-platform-website https://tagmanager.google.com https://*.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://*.omguk.com https://*.fairprice.com.sg https://cdemux.appspot.com https://adservice.google.com https://static.enzymic.co https://fairprice.api.sociaplus.com/custom/fairprice https://*.plus.com.sg https://*.link.sg https://*.nedigital.sg https://s.yimg.com https://*.contentsquare.net *.plus.com.sg *.link.sg wss://api.preprod.link.sg wss://api.link.sg https://*.split.io https://stg.api.bazaarvoice.com/ http://api.bazaarvoice.com/ https://api.amplitude.com https://js.adsrvr.org/ https://analytics.tiktok.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://*.abtasty.com/ https://cdn.sprig.com/ https://api.sprig.com/ https://api.userleap.com/ https://api2.abtasty.com/ https://rum.browser-intake-datadoghq.com https://segment.com https://in.ap1.segmentapis.com https://api.segment.com https://track.segment.com https://api.segment.io https://sdk-01.moengage.com https://cdn.segment.com; img-src 'self' data: https://*.doubleclick.net https://*.salefinder.com.au https://*.cloudfront.net *; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://*.gstatic.com https://*.googleapis.com https://*.bazaarvoice.com/ http://display.ugc.bazaarvoice.com/ https://*.abtasty.com https://*.salefinder.com.au https://*.nedigital.sg https://app-cdn.moengage.com/ https://fonts.bunny.net/; frame-src 'self' https://preprod-auth.ntuclink.com.sg/ https://preprod-auth.fairprice.com.sg/ https://auth.ntuclink.com.sg/ https://auth.fairprice.com.sg/ https://testsecureacceptance.cybersource.com/ https://secureacceptance.cybersource.com/ http://www.surveygizmo.com/ https://*.fls.doubleclick.net https://www.googletagmanager.com https://www.facebook.com http://*.fls.doubleclick.net https://display.ugc.bazaarvoice.com https://stg.api.bazaarvoice.com http://api.bazaarvoice.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://*.abtasty.com/ https://www.preprod-pay.nedigital.sg/ https://www.pay.nedigital.sg/ https://pay.google.com/ https://checkoutshopper-test.adyen.com/ https://cdn.moengage.com/; font-src 'self' data: blob: https://*.gstatic.com https://*.googleapis.com https://*.abtasty.com https://*.nedigital.sg; child-src 'self' blob:; worker-src 'self' blob:; media-src 'self' https://s3-us-west-2.amazonaws.com/int-foodlab.storage/public/recipes/videos/ https://www.innit.com/public/recipes/videos/; frame-ancestors 'self' https://*.salefinder.com.au https://*.fairprice.com.sg 1
default-src 'self'; script-src 'self' 'unsafe-eval' *.hitclick.net *.net.pekao.com.pl *.piwikpro.omb.azure.in.pekao.com.pl https://analytics.preprod.omb.cn.in.pekao.com.pl https://analytics.pekao.com.pl; connect-src 'self' *.hitclick.net *.net.pekao.com.pl wss://127.0.0.1:* https://127.0.0.1:* https://sentry.dev.pekao.com.pl https://sentry.pekao.com.pl https://rpm-management.upaid.pl https://rpm-management.upaidtest.pl https://rpm.upaidtest.pl https://rpm.upaid.pl *.piwikpro.omb.azure.in.pekao.com.pl https://analytics.preprod.omb.cn.in.pekao.com.pl https://analytics.pekao.com.pl https://ngccd.cn.in.pekao.com.pl wss://ngccdasbc01.cn.in.pekao.com.pl https://ngcct.cn.in.pekao.com.pl wss://vvt.cn.in.pekao.com.pl https://chatvideo.pekao.com.pl wss://vv.pekao.com.pl; img-src data: blob: 'self' *.hitclick.net *.net.pekao.com.pl https://127.0.0.1:* https://www.pekao24.pl *.piwikpro.omb.azure.in.pekao.com.pl https://analytics.preprod.omb.cn.in.pekao.com.pl https://analytics.pekao.com.pl https://ngccd.cn.in.pekao.com.pl https://ngcct.cn.in.pekao.com.pl https://chatvideo.pekao.com.pl; style-src 'self' 'unsafe-inline'; frame-src 'none'; child-src 'none'; worker-src 'self' blob:; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors https://*.jow.fr https://*.jow.com https://*.jow.tech 1
frame-ancestors 'self' *.microsoft.com *.sharepoint.com *.tarimorman.gov.tr *.com.tr *.gov.tr *.com 1
base-uri 'none'; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; script-src 'self' blob: https://stackpath.bootstrapcdn.com https://ajax.googleapis.com https://pro.fontawesome.com https://code.jquery.com https://cdnjs.cloudflare.com https://c0.froala.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net; object-src 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' *.cookiebot.com *.hacon.de 1
frame-ancestors app.ninety.io d2v6d3zxt3i4z6.cloudfront.net 1
font-src 'self' data: *; default-src 'self' 'unsafe-inline' *; img-src * 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
default-src 'none'; frame-src 'self' *.qualtrics.com https://www.youtube.com; script-src 'self' 'unsafe-inline' https://*.akamaihd.net https://www.googletagmanager.com https://www.google-analytics.com https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com; img-src 'self' https://images.ctfassets.net https://*.siteintercept.qualtrics.com https://*.akamaihd.net; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://*.akamaihd.net https://images.ctfassets.net https://siteintercept.qualtrics.com https://*.siteintercept.qualtrics.com https://goldmansachs.my.sentry.io wss://www.gs.de; manifest-src 'self'; worker-src 'self'; report-uri /api/8/security/?sentry_key=45bef1e79c1e4d69b1a6531a757d0a7a; frame-ancestors https://www.flatex.de https://www.flatex.at 1
base-uri 'self'; default-src 'self' data:; script-src 'self' 'unsafe-eval' 'nonce-cb5d8e94-39dd-4b26-b60d-79d359bd7043'; img-src 'self' data: https: http:; media-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self' keys.openpgp.org 1
default-src 'self' https: https://*.wistia.com https://*.wistia.net;     font-src https: data: https://*.wistia.com https://fonts.gstatic.com;     img-src 'self' https: data: https://*.wistia.com https://*.wistia.net https://v2assets.zopim.io https://static.zdassets.com https://embedwistia-a.akamaihd.net https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com https://d1g11qfvmedxbq.cloudfront.net/;     script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mutinycdn.com https://edge.fullstory.com https://api.smooch.io https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://tulip.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://tulip.zendesk.com wss://*.zopim.com https://*.clickagy.com https://rs.fullstory.com https://cmp.osano.com/AzqSAJTDxQJql3XbN/00699468-d337-41ec-8920-ef4cc4d977e9/osano.js https://*.6sc.co https://*.lr-in.com https://*.google.com https://google.com https://*.stripe.com https://*.greenhouse.io https://s3-recruiting.cdn.greenhouse.io https://*.segment.com tulip.co *.tulip.co https://*.googletagmanager.com tulip.ups.dock https://cdn.bizible.com https://snap.licdn.com https://bat.bing.com https://www.googleadservices.com https://script.crazyegg.com https://www.google-analytics.com https://*.marketo.com https://*.marketo.net https://*.facebook.net https://*.omappapi.com https://*.doubleclick.net https://*.clarity.ms https://*.clearbitjs.com https://*.zoominfo.com https://*.wistia.com https://*.wistia.net https://src.litix.io *.tulip.co tulip.ups.dock https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://calendar.google.com player.fireside.fm tag.clearbitscripts.com https://js.zi-scripts.com https://tulipinterfaces.orariel.com https://scout-cdn.salesloft.com https://packages.prmcdn.io https://prod.impartner.live https://*.qualified.com https://*.weglot.com https://tracking.g2crowd.com;     connect-src 'self' https://cdn.linkedin.oribi.io *.mutinycdn.com https://*.clickagy.com https://api-v2.mutinyhq.io/ https://consent.api.osano.com https://tattle.api.osano.com/ https://edge.fullstory.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://tulip.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://tulip.zendesk.com wss://*.zopim.com https://api.smooch.io https://rs.fullstory.com *.tulip.co tulip.ups.dock api.craftcms.com https://api.library.tulipintra.net/ https://*.zoominfo.com https://*.crazyegg.com https://*.mktoresp.com https://*.google-analytics.com https://*.adnxs.com https://*.6sc.co https://*.bing.com https://*.omappapi.com https://*.clarity.ms https://*.algolia.net https://*.doubleclick.net https://*.segment.com https://*.segment.io https://tulip.co *.dmgmori-tulip.com https://*.greenhouse.io https://*.bulb.cloud https://*.tulip.co.jp https://*.dmgmori-tulip.cn https://*.tulipco.cn https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://calendar.google.com player.fireside.fm tag.clearbitscripts.com app.clearbit.com https://pagead2.googlesyndication.com https://js.zi-scripts.com https://tulipinterfaces.orariel.com https://d1g11qfvmedxbq.cloudfront.net/ https://scout.salesloft.com https://tulip-partner-portal.com https://*.qualified.com wss://*.qualified.com https://px.ads.linkedin.com/ https://*.weglot.com https://cdn-api-weglot.com https://tulip.widen.net https://tracking.g2crowd.com;     style-src 'self' 'unsafe-inline' 'unsafe-hashes' https: blob: https://fast.wistia.com https://optimize.google.com https://fonts.googleapis.com https://*.qualified.com;     worker-src 'self' blob:;     child-src 'self' https://*.qualified.com;     frame-src 'self' https://tulipinterfaces.wistia.com https://fast.wistia.com https://fast.wistia.net https://boards.greenhouse.io https://*.stripe.com/ https://*.facebook.com https://*.tulip.co https://tulip.co https://optimize.google.com https://*.youtube.com https://youtube.com https://*.tulipecointra.net https://my.matterport.com https://calendar.google.com player.fireside.fm https://*.doubleclick.net https://*.clickagy.com https://tulipinterfaces.orariel.com https://*.qualified.com https://*.weglot.com https://tulip.widen.net;     frame-ancestors 'self' https://vtec-27b63.web.app;     media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://static.zdassets.com https://embedwistia-a.akamaihd.net player.fireside.fm https://d1g11qfvmedxbq.cloudfront.net/ https://*.qualified.com https://tulip.widen.net 1
default-src 'self' 'unsafe-inline' blod: data: * 1
frame-ancestors 'self' *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk; img-src 'self' data: *.realescort.fi *.realescort.eu *.realescort.se *.realescort.dk storage.googleapis.com maps.googleapis.com maps.gstatic.com 1
script-src 'self' 'nonce-pPRWYSrtx40z3E28QwpXpg==' https://connect.facebook.net/ https://www.facebook.net/ https://www.facebook.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ https://www.googletagmanager.com/ https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.redditstatic.com/ https://alb.reddit.com/;frame-src 'self' https://www.google.com/recaptcha/ https://bid.g.doubleclick.net https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.redditstatic.com/ https://alb.reddit.com/;connect-src 'self' https://api.negate.io/api/user/login https://api.negate.io/api/user/signup https://www.facebook.com/ https://www.facebook.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://google.com/ https://www.google.com/ https://alb.reddit.com/ https://*.g.doubleclick.net https://*.google.com https://www.redditstatic.com/;img-src 'self' https://*.google-analytics.com https://connect.facebook.net https://www.facebook.net https://www.facebook.com/ https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://www.redditstatic.com/ https://alb.reddit.com/;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' fonts.googleapis.com maps.googleapis.com storage.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com use.fontawesome.com o86362.ingest.sentry.io static.trimoz.com api3.clicsante.ca auth.clicsante.ca mf-profile.clicsante.ca 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.familiprix.com familiprix.com auth.clicsante.ca; img-src 'self' fonts.googleapis.com maps.googleapis.com storage.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com use.fontawesome.com o86362.ingest.sentry.io static.trimoz.com auth.clicsante.ca api3.clicsante.ca mf-profile.clicsante.ca data:; report-uri https://o86362.ingest.sentry.io/api/5504686/security/?sentry_key=8449f8797b95465bb9ba330048794976 https://o86362.ingest.sentry.io/api/6173342/security/?sentry_key=766a259e46d44ddabdb53dbc303a62c7; font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com mf-profile.clicsante.ca data:; 1
default-src *; style-src 'self' https://* 'unsafe-inline' http://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; child-src * tez: gpay: phonepe: paytm: paytmmp: bhim: upi: credpay:; 1
frame-ancestors 'self' http://webvisor.com http://turbo.az http://*.turbo.az http://tap.az http://*.tap.az turbo.az *.turbo.az tap.az *.tap.az 1
default-src 'self'; style-src 'self' 'unsafe-inline'; report-uri /tools/csp; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://techhub.social; img-src 'self' https: data: blob: https://techhub.social; style-src 'self' https://techhub.social 'nonce-YcOWKoN6APs274fvlBQSog=='; media-src 'self' https: data: https://techhub.social; frame-src 'self' https:; manifest-src 'self' https://techhub.social; form-action 'self'; child-src 'self' blob: https://techhub.social; worker-src 'self' blob: https://techhub.social; connect-src 'self' data: blob: https://techhub.social https://files.techhub.social wss://techhub.social; script-src 'self' https://techhub.social 'wasm-unsafe-eval' 1
default-src 'self' enza.fun *.enza.fun;script-src 'self' 'strict-dynamic' enza.fun *.enza.fun www.googletagmanager.com *.google-analytics.com www.youtube.com *.twitter.com *.twimg.com cdn.cookielaw.org 'nonce-48cbfe0bfae969710051174224b0a123';connect-src 'self' enza.fun *.enza.fun wss://*.enza.fun https://s3.ap-northeast-1.amazonaws.com/image.enza.fun sentry.io www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org;style-src 'self' enza.fun *.enza.fun www.googletagmanager.com fonts.googleapis.com *.twitter.com *.twimg.com cdn.cookielaw.org 'nonce-d41ed09e71f7e63f12f3dd9b61dd90b1';style-src-attr 'unsafe-inline';img-src 'self' data: blob: enza.fun *.enza.fun www.googletagmanager.com *.gstatic.com www.google-analytics.com *.twitter.com *.twimg.com cdn.cookielaw.org i.ytimg.com;font-src 'self' data: enza.fun *.enza.fun fonts.gstatic.com;base-uri 'none';frame-src 'self' www.youtube.com www.youtube-nocookie.com playervspf.channel.or.jp *.twitter.com;frame-ancestors 'self' *.enza.fun;report-uri https://o126865.ingest.sentry.io/api/6090357/security/?sentry_key=72dd0c1600ad4cbf844296391bb68898;form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors https://www.bloomreach.com https://www.bloomreach.com/ https://stage.br-new.bloomreach.cloud http://localhost:8080 https://br-cms.bloomreach.com https://test.br-new.bloomreach.cloud https://green.br-new.bloomreach.cloud https://blue.br-new.bloomreach.cloud 1
default-src https:;                                         img-src https: data:;                                         media-src https://www.webbeteg.hu:443 https://static.webbeteg.hu:443;                                         script-src 'unsafe-eval' 'unsafe-inline' https:;                                         style-src 'unsafe-inline' https:;                                         worker-src blob: https: 1
default-src 'self'; frame-src 'self' https://*.google.com https://*.g.doubleclick.net https://*.avis-verifies.com https://*.trustpilot.com https://*.rewardstyle.com https://www.facebook.com https://www.youtube.com https://*.pinterest.com https://*.paypal.com https://*.paypalobjects.com https://*.googleapis.com https://*.flatchr.io https://*.vimeo.com https://*.doubleclick.net/ https://www.pinterest.com https://www.pinterest.ca https://www.pinterest.co.uk https://www.pinterest.fr https://www.pinterest.de https://www.pinterest.es https://www.pin.it https://www.pinterest.com.au https://www.pinterest.ph https://www.pinterest.ch https://www.pinterest.com.mx https://www.pinterest.dk https://www.pinterest.pt https://www.pinterest.ru https://www.pinterest.it https://www.pinterest.at https://www.pinterest.jp https://www.pinterest.cl https://www.pinterest.ie https://www.pinterest.co.kr https://www.pinterest.nz https://www.pintrest.com https://www.pinterest.vn https://www.pinterest.co https://www.pinterest.com.uy https://www.pinterest.com.pe https://www.pinterest.nl; connect-src 'self' https://*.riskified.com https://*.smallable.com https://*.contentsquare.net https://*.contentsquare.com https://*.facebook.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://api.getalma.eu https://*.privacy-center.org https://*.social-media-system.com https://bam-cell.nr-data.net https://bat.bing.com https://ct.pinterest.com https://*.g.doubleclick.net https://*.clarity.ms https://*.screeb.app wss://*.screeb.app https://*.trustpilot.com https://*.rewardstyle.com https://*.paypal.com https://stonly.com https://*.algolia.net https://*.algolia.io https://*.algolianet.com https://api.trustpilot.com https://api.shipup.co https://*.klarnaservices.com https://*.klarna.com https://vimeo.com; child-src 'self' blob:; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' zy33.smallable.com https://*.riskified.com https://cdn.jsdelivr.net/ https://*.smallable.com https://*.privacy-center.org https://*.contentsquare.net https://*.contentsquare.com https://*.avis-verifies.com https://*.trustpilot.com https://*.facebook.net https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.gstatic.com https://*.pinimg.com https://*.g.doubleclick.net https://*.rewardstyle.com https://*.clarity.ms https://*.social-media-system.com https://*.screeb.app wss://*.screeb.app https://bam-cell.nr-data.net https://bat.bing.com https://www.youtube.com https://*.paypal.com https://*.paypalobjects.com https://stonly.com https://*.algolia.net https://*.algolia.io https://*.algolianet.com https://*.googleapis.com https://cdn.shipup.co https://*.vimeo.com https://*.klarnaservices.com https://*.klarna.com https://*.googlesyndication.com https://ct.pinterest.com https://cdn.weglot.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; img-src 'self' data: assets.smallable.com static.smallable.com staticv3.preprod.smallable.com staticv3.prod.smallable.com staticv3.smallable.com media.prod.smallable.com media.preprod.smallable.com mediaold.preprod.smallable.com zy33.smallable.com https://*.riskified.com https://cdn.jsdelivr.net/ https://*.privacy-center.org https://*.avis-verifies.com https://*.trustpilot.com https://*.rewardstyle.com https://*.contentsquare.net https://*.contentsquare.com https://*.googletagmanager.com https://*.google-analytics.com https://*.clarity.ms https://*.screeb.app wss://*.screeb.app https://*.paypal.com https://*.paypalobjects.com https://twemoji.maxcdn.com https://connect.facebook.net https://www.facebook.com https://bat.bing.com https://c.bing.com https://s3s.fr https://ct.pinterest.com https://cx.atdmt.com https://*.googleapis.com https://*.gstatic.com https://shipup-assets-prod.s3-eu-west-1.amazonaws.com https://shipup-assets-prod.s3.eu-west-1.amazonaws.com https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://*.vimeocdn.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; style-src 'self' 'unsafe-inline' zy33.smallable.com https://*.googleapis.com https://cdn.jsdelivr.net/ https://cdn.shipup.co https://*.klarnacdn.net https://cdn.weglot.com; font-src 'self' https://*.avis-verifies.com https://fonts.gstatic.com https://cdn.jsdelivr.net/ https://*.googleapis.com https://*.paypalobjects.com https://*.klarnacdn.net; object-src 'none' 1
frame-ancestors 'self' https://tmw.secure.vmd.ca; 1
connect-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://csi.gstatic.com https://px.ads.linkedin.com https://ka-f.fontawesome.com https://c.webengage.com https://p.webengage.com https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://adservice.google.com https://pagesense-collect.zoho.in https://stats.g.doubleclick.net https://csmetrics.hotjar.com https://vc.hotjar.io https://in.hotjar.com wss://wsp15.hotjar.com https://content.hotjar.io wss://wsp17.hotjar.com; default-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net; worker-src 'self' 'unsafe-inline' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://snap.licdn.com http://s3.amazonaws.com https://s3.amazonaws.com https://connect.facebook.net https://www.youtube.com https://tpc.googlesyndication.com https://partner.googleadservices.com https://pagead2.googlesyndication.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.jsdelivr.net https://static.hotjar.com https://script.hotjar.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://kit.fontawesome.com http://cdn.widgets.webengage.com https://c.webengage.com https://cdn-in.pagesense.io https://pagesense.zoho.in https://static.zohocdn.com https://ssl.widgets.webengage.com https://wsdk-files.webengage.com https://z.webengage.co https://pixel.whistle.mobi; img-src 'self' data: w3.org/svg/2000 http://* https://*; style-src 'self' 'unsafe-inline' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://use.fontawesome.com; font-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com https://ka-f.fontawesome.com https://cdnjs.cloudflare.com; frame-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net https://securepubads.g.doubleclick.net https://secure.traqkarr.com https://z47b6601c.webengage.co https://www.google.com https://www.youtube.com https://td.doubleclick.net https://vars.hotjar.com https://mozbar.moz.com http://inlk.in; object-src 'self' http://localhost:3638 https://www.gyftr.com https://www.gvhelpdesk.net https://www.gvhelpdesk.com https://api.gyftr.com https://api.gvhelpdesk.net https://chat.gvhelpdesk.com https://tpc.googlesyndication.com/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://pgtest.gvhelpdesk.net; 1
default-src 'self' *.stockity.id *.stockity.id; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.clarity.ms *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com app.getsentry.com *.stockity.id *.stockity.id wss://as.stockity.id:* wss://as.stockity.id:* wss://ws.stockity.id:* wss://ws.stockity.id:* s.yimg.com; font-src data: 'self' *.zopim.com *.gstatic.com themes.googleusercontent.com *.stockity.id *.stockity.id; img-src * data:; media-src 'self' *.stockity.id *.stockity.id; script-src 'self' *.ada.support static.ads-twitter.com sc-static.net tr.snapchat.com *.clarity.ms *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io stockity.id my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com *.gstatic.com www.googleadservices.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.stockity.id *.stockity.id https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://unpkg.com/simplex-noise@2.4.0/simplex-noise.js; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.stockity.id *.stockity.id 1
default-src 'self' *.autocheck.com  bcove.video players.brightcove.net *.youtube.com *.gstatic.com *.google.com h.online-metrix.net bat.bing.com *.cloudfront.net sp.analytics.yahoo.com autocheck.vast.com *.hotjar.com *.yimg.com  *.optimost.com secure.statcounter.com *.doubleclick.net secure.statcounter.com *.salesforceliveagent.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.experian.com *.googleapis.com fonts.gstatic.com *.techvalidate.com *.demdex.net *.cloudflare.com *.bootstrapcdn.com  *.youtube-nocookie.com 'unsafe-inline' 'unsafe-eval'; img-src * object-src data: 'unsafe-eval' 1
default-src 'none'; img-src 'self'; style-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-same-origin allow-scripts; connect-src 'self' https://o15192.ingest.sentry.io; script-src 'self' 1
default-src 'self' *.outbrain.com;script-src 'self' blob: *.adobedtm.com *.sharethis.com *.facebook.net va.ecitizen.gov.sg *.wogaa.sg *.google-analytics.com *.googletagmanager.com *.google.com *.dcube.cloud snowplow.dcube.cloud/sg.wogaa/cs1 *.everesttech.net *.demdex.net *.googleadservices.com secure.datawrkz.com secure.adnxs.com tagmanager.google.com r.turn.com static.hotjar.com secure-ds.serving-sys.com googleads.g.doubleclick.net *.vica.gov.sg *.gstatic.com script.hotjar.com test-gpc-1.sg.va.sabio.cloud *.outbrain.com;connect-src 'self' *.adobedtm.com *.sharethis.com *.facebook.net va.ecitizen.gov.sg *.wogaa.sg *.google-analytics.com *.google.com *.dcube.cloud snowplow.dcube.cloud/sg.wogaa/cs1 *.everesttech.net *.demdex.net wogadobeanalytics.sc.omtrdc.net *.moe.gov.sg *.onemap.gov.sg *.schoolbag.edu.sg stats.g.doubleclick.net *.vica.gov.sg *.hotjar.com vc.hotjar.io wss: *.hotjar.com *.vica.gov.sg test-gpc-1.sg.va.sabio.cloud *.outbrain.com;img-src 'self' data: *.vimeocdn.com *.ytimg.com *.onemap.gov.sg *.google-analytics.com wogadobeanalytics.sc.omtrdc.net *.demdex.net va.ecitizen.gov.sg *.everesttech.net *.facebook.com *.schoolbag.edu.sg platform-cdn.sharethis.com secure.adnxs.com ad.doubleclick.net adservice.google.com www.google.com.sg ssl.gstatic.com www.gstatic.com r.turn.com l.sharethis.com *.id.amgdgt.com ads.yahoo.com www.google.com googleads.g.doubleclick.net script.hotjar.com test-gpc-1.sg.va.sabio.cloud *.vica.gov.sg *.outbrain.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com va.ecitizen.gov.sg assets.dcube.cloud assets.wogaa.sg tagmanager.google.com fonts.googleapis.com *.vica.gov.sg;frame-src 'self' *.vimeo.com *.gov.sg *.google.com.sg *.google.com *.demdex.net *.sharethis.mgr.consensu.org *.youtube.com *.youtu.be bid.g.doubleclick.net online.flippingbook.com online.flipbuilder.com vars.hotjar.com www.mentimeter.com padlet.com *.jotform.com;font-src 'self' data: *.gstatic.com va.ecitizen.gov.sg s3-us-west-2.amazonaws.com/s.cdpn.io/93/artill_clean_icons-webfont.woff s3-us-west-2.amazonaws.com/s.cdpn.io/93/artill_clean_icons-webfont.svg assets.dcube.cloud assets.wogaa.sg fonts.gstatic.com script.hotjar.com;object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://applepay.cdn-apple.com https://pay.google.com https://static.cloudflareinsights.com https://static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com amp.cloudflare.com https://ajax.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ladadate.fr https://ladadate.es; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://amp.cloudflare.com; base-uri 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jivosite.com cdnjs.cloudflare.com www.google-analytics.com ajax.googleapis.com apis.google.com www.google.com www.gstatic.com yastatic.net yandex.st *.maps.yandex.net *.yandex.ru browser-update.org vk.com; report-uri /__cspreporting__; 1
base-uri 'none'; child-src blob: *; connect-src 'self' https://maps.sgcdn.cz https://*.google-analytics.com https://*.googleapis.com/ wss://www.zlavomat.sk https://www.facebook.com https://connect.facebook.net https://*.g.doubleclick.net https://google.com https://*.google.com https://*.google.cz https://*.google.sk https://*.googlesyndication.com https://*.googleadservices.com https://measurement-api.criteo.com https://sslwidget.criteo.com https://directline.botframework.com wss://directline.botframework.com/ blob:; default-src 'self'; font-src 'self' data: https://themes.googleusercontent.com https://*.gstatic.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://pay.google.com; frame-ancestors 'self'; frame-src 'self' *; img-src blob: data: *; manifest-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'nonce-NTcwNDVjOGM3NGY5NDQ4NWI4MDcwYjI3NzllNjE1YmM=' 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'strict-dynamic' https:; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://www.googletagmanager.com https://www.gstatic.com; worker-src 'self' blob:; report-uri /csplog 1
default-src https://*.torpedo7.co.nz worker-src: blob: data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' *.visa.com; connect-src https: wss://*.zopim.com wss://torpedo7.ambithub.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' http: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 1
default-src 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com disqus.com; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' disqus.com c.disquscdn.com https://*.clarity.ms https://c.bing.com highwaysagency.disqus.com emea3.recruitmentplatform.com s.ytimg.com www.youtube.com maps.googleapis.com unpkg.com apis.google.com www.google-analytics.com widgets.flickr.com wsstatic.govmetric.com www.gstatic.com cdn.syndication.twimg.com platform.twitter.com embedr.flickr.com www.google.com www.googletagmanager.com wsstatic.servmetric.com ajax.aspnetcdn.com cc.cdn.civiccomputing.com cdnjs.cloudflare.com code.jquery.com connect.facebook.net hitcounter.govmetric.com cdn.jsdelivr.net jsdelivr.net websurveys2.govmetric.com websurveys2.servmetric.com www.browsealoud.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.jsdelivr.net jsdelivr.net c.disquscdn.com emea3.recruitmentplatform.com fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com unpkg.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ton.twimg.com platform.twitter.com p.typekit.net use.typekit.net websurveys2.govmetric.com websurveys2.servmetric.com; object-src 'none'; base-uri 'self'; connect-src 'self' noembed.com https://*.clarity.ms https://c.bing.com region1.google-analytics.com maps.googleapis.com clapi.civiccomputing.com hitcounter.govmetric.com stats.g.doubleclick.net www.google-analytics.com emea3.recruitmentplatform.com plusqa.browsealoud.com www.browsealoud.com speech.speechstream.net embedr.flickr.com apikeys.civiccomputing.com plus.browsealoud.com; font-src 'self' emea3.recruitmentplatform.com fonts.gstatic.com cdnjs.cloudflare.com use.typekit.net; frame-src 'self' podcasters.spotify.com web.powerva.microsoft.com anchor.fm app.powerbi.com content.googleapis.com www.arcgis.com *.arcgis.com arcgis.com disqus.com websurveys2.govmetric.com w.soundcloud.com www.google.com syndication.twitter.com platform.twitter.com www.facebook.com www.youtube.com; img-src data: 'self' *.youtube.com img.youtube.com fonts.gstatic.com c.disquscdn.com referrer.disqus.com www.googletagmanager.com emea3.recruitmentplatform.com maps.gstatic.com maps.googleapis.com websurveys2.servmetric.com www.browsealoud.com stats.g.doubleclick.net abs.twimg.com www.google-analytics.com ton.twimg.com pbs.twimg.com platform.twitter.com syndication.twitter.com live.staticflickr.com i.ytimg.com websurveys2.govmetric.com; manifest-src 'self'; media-src 'self' blob: ; worker-src 'none'; 1
frame-ancestors 'self' https://manage.aviationpros.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com https://cdnjs.cloudflare.com data:; script-src 'self' localhost https://*.googletagmanager.com https://www.onlinepayment.com.my https://connect.facebook.net http://static.ads-twitter.com https://www.google-analytics.com https://analytics.tiktok.com https://ap-gateway.mastercard.com https://googleads.g.doubleclick.net https://sandbox.molpay.com https://*.hotjar.com 'unsafe-inline' 'unsafe-eval' blob:; connect-src 'self' http://localhost:8080/ https://*.bjak.my https://api.ipify.org/?format=json https://*.analytics.google.com https://*.google-analytics.com https://*.analytics.tiktok.com https://csmetrics.hotjar.com/ https://*.g.doubleclick.net https://analytics.google.com/g/collect https://analytics.tiktok.com https://storage.googleapis.com; img-src * data: blob:; frame-src 'self' https://www.facebook.com/ https://ap-gateway.mastercard.com/ https://www.youtube.com; object-src data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-ancestors 'self' *.ci360.sas.com; 1
default-src 'self' tel: mailto: https://pcmap-dub.netlify.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com *.quantserve.com *.quantcount.com https://src-daa.webpu.sh tagmanager.google.com *.addthis.com *.addthisedge.com player.vimeo.com sjs.bizographics.com/insight.min.js snap.licdn.com *.onetrust.com external.airport.ai z.moatads.com https://www.youtube.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.myfonts.net tagmanager.google.com external.airport.ai; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: external.airport.ai; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.quantserve.com stats.g.doubleclick.net *.google.com *.google.ie px.ads.linkedin.com *.xtremepush.com cx.atdmt.com *.onetrust.com *.googleusercontent.com external.airport.ai *.doubleclick.net *.googletagmanager.com *.linkedin.com; media-src 'self' data: blob:; frame-src 'self' tel: mailto: external.airport.ai https://pcmap-dub.netlify.app https://player.vimeo.com https://www.youtube.com https://afdac.daa.ie *.doubleclick.net afdac.dublinairport.com journeyplanner.transportforireland.ie *.wherewefly.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/  https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com https://afdac.daa.ie/ dub.innosked.com *.addthis.com https://complaints-eu.emsbk.com/ external.airport.ai app.sli.do https://pcmap-dub.netlify.app; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://www.facebook.com/tr/ *.xtremepush.com *.onetrust.com stats.g.doubleclick.net external.airport.ai app.sli.do *.google-analytics.com cdn.linkedin.oribi.io *.googletagmanager.com *.linkedin.com; 1
default-src 'self'; img-src 'self' https://www.gstatic.com/images/branding/product/2x/translate_24dp.png https://www.toegankelijkheidsverklaring.nl/files/verklaring/label/910ebd06ef8db91f4e65823a3e1439f4.1718.svg data: https://opendata.nederlandwereldwijd.nl statistiek.rijksoverheid.nl; object-src 'none'; frame-ancestors 'none'; form-action 'self' https://api.contenttoolsrijksoverheid.nl; style-src 'self' 'nonce-RLgBNomSnsjvYu7TqC9jBIcQbNlLip4iPu2bKdxE2B0=' statistiek.rijksoverheid.nl https://translate.googleapis.com/translate_static/css/translateelement.css; font-src 'self' statistiek.rijksoverheid.nl; connect-src 'self' https://api.contenttoolsrijksoverheid.nl statistiek.rijksoverheid.nl *.platformrijksoverheid.nl metrics.mopinion.com; script-src 'strict-dynamic' 'self' 'nonce-RLgBNomSnsjvYu7TqC9jBIcQbNlLip4iPu2bKdxE2B0=' statistiek.rijksoverheid.nl; base-uri 'self'; report-uri https://dpcoa.report-uri.com/r/t/csp/enforce; report-to default; 1
default-src blob: https: data: wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sfba.social; img-src 'self' https: data: blob: https://sfba.social; style-src 'self' https://sfba.social 'nonce-ozMI806GOntlYsQfui8QqQ=='; media-src 'self' https: data: https://sfba.social; frame-src 'self' https:; manifest-src 'self' https://sfba.social; form-action 'self'; child-src 'self' blob: https://sfba.social; worker-src 'self' blob: https://sfba.social; connect-src 'self' data: blob: https://sfba.social https://files.sfba.social wss://sfba.social; script-src 'self' https://sfba.social 'wasm-unsafe-eval' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.stg.audian.com https://*.audian.com https://*.typekit.com https://*.typekit.net https://www.google.com/recaptcha/ https://*.googletagmanager.com https://*.googleapis.com https://*.tawk.to https://tawk.link https://fonts.gstatic.com https://www.gstatic.com https://*.stg.audian.com:8443 https://*.statuspage.io https://cdn.jsdelivr.net https://www.google-analytics.com https://maps.google.com wss://*.tawk.to;frame-ancestors 'self';report-uri https://sentry.audian.com:49443/api/18/security/?sentry_key=612819db7da642ecabae6c0db8dd5a3e&sentry_environment=production 1
frame-ancestors 'self' *.yourpayroll.com.au ; 1
frame-ancestors 'self';media-src 'self' js.intercomcdn.com; connect-src 'self' https://cdn.cookielaw.org api-iam.intercom.io nexus-websocket-a.intercom.io api-iam.intercom.io nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io heapanalytics.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com *.clarity.ms api.sail-personalize.com api.company-target.com stats.g.doubleclick.net tag-logger.demandbase.com;default-src 'self';frame-src 'self' js.driftt.com s.company-target.com intercom-sheets.com;script-src 'self' widget.intercom.io *.intercomcdn.com cdn.heapanalytics.com www.googletagmanager.com cdn.cookielaw.org tag.demadbase.com www.clarity.ms ak.sail-horizon.co www.google-analytics.com tag.demandbase.com ak.sail-horizon.com 'unsafe-inline';style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com fonts.intercomcdn.com;img-src 'self' *.intercomcdn.com www.google-analytics.com fonts.gstatic.com fast.fonts.net cdn.cookielaw.org heapanalytics.com id.rlcdn.com www.google.com.np www.google.com segments.company-target.com c.clarity.ms c.bing.com www.googletagmanager.com static.intercomassets.com data:;object-src 'none';base-uri 'self';form-action 'self';upgrade-insecure-requests 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.prelivemail.de https://*.mail.de; 1
frame-ancestors 'self' https://dbrand.sanity.studio 1
frame-ancestors 'self' *.joueclub.fr; 1
default-src https: 'unsafe-inline' 'unsafe-eval' *.tawk.to wss: 1
frame-ancestors 'self' https://konsus.sanity.studio 1
default-src 'self'; base-uri 'none'; img-src 'self' data:; child-src 'none'; form-action 'self' https://www.duckduckgo.com https://duckduckgo.com; frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
default-src 'self' *.relay42.com 6162542.fls.doubleclick.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.centraalbeheer.nl *.doubleclick.net *.facebook.net *.google.com *.googlesyndication.com *.hs-scripts.com *.linkedin.com *.r42tag.com *.relay42.com *.svtrd.com *.usabilla.com achmeadpm.achmea.nl:9999 ajax.googleapis.com api.usabilla.com app.contentsquare.com bat.bing.com cba.nmrc.nl cdn.ampproject.org cdn.harvest.graindata.com d6tizftlrpuof.cloudfront.net googleads.g.doubleclick.net https://www.googleoptimize.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net js.monitor.azure.com js.usemessages.com maps.googleapis.com player.quadia.net r.bing.com snap.licdn.com static.cloud.coveo.com surfly.com t.contentsquare.net tags.nmrc.nl www.dwin1.com www.google-analytics.com www.googleadservices.com www.youtube.com www.zenaps.com www.awin1.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com d6tizftlrpuof.cloudfront.net www.google.com optimize.google.com static.cloud.coveo.com;img-src 'self' data: *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.googlesyndication.com *.r42tag.com *.relay42.com *.svtrd.com *.svtrd.com *.usabilla.com adservice.google.com adservice.google.nl bat.bing.com c.az.contentsquare.net c.contentsquare.net cba.imgix.net clients1.google.com d6tizftlrpuof.cloudfront.net forms.hubspot.com https://www.googletagmanager.com l.contentsquare.net linkedin.com maps.googleapis.com maps.gstatic.com optimize.google.com px.ads.linkedin.com px4.ads.linkedin.com region1.analytics.google.com region1.google-analytics.com server.arcgisonline.com track.hubspot.com www.advieskeuze.nl www.awin1.com www.facebook.com www.google-analytics.com www.google.com www.google.nl www.googleapis.com www.googletagmanager.com www.zenaps.com https://i.ytimg.com;font-src 'self' fonts.gstatic.com;connect-src 'self' analytics.cloud.coveo.com *.achmea.nl *.centraalbeheer.nl *.contentsquare.net *.doubleclick.net *.facebook.net *.googlesyndication.com *.hubapi.com *.nxtid.nl api.advieskeuze.nl api.hsforms.com api.hubspot.com api.usabilla.com bat.bing.com c.az.contentsquare.net c.contentsquare.net calculations.figlo.com cba.imgix.net cba.nmrc.nl controle.achmea.consentmonitor.nl https://*.in.applicationinsights.azure.com forms.hubspot.com formulier.centraalbeheer.nl geocode.arcgis.com k-aeu1.contentsquare.net l.contentsquare.net  maps.googleapis.com r.contentsquare.net region1.analytics.google.com region1.google-analytics.com surfly.com t.svtrd.com wss://bat.bing.com www.google-analytics.com www.google.com *.service.signalr.net wss://*.service.signalr.net adservice.google.com adservice.google.nl px.ads.linkedin.com;media-src 'self';object-src 'self';child-src 'self' blob: youtube.com *.doubleclick.net t.svtrd.com cba.nmrc.nl www.youtube-nocookie.com youtube-nocookie.com surfly.com optimize.google.com d6tizftlrpuof.cloudfront.net redirect.surfly.com centraalbeheer-nl-p.surfly.com surfly.com surfly-com-p.surfly.com *.centraalbeheer.nl player.quadia.net localfocuswidgets.net;frame-ancestors 'self' youtube.com www.youtube-nocookie.com youtube-nocookie.com player.quadia.net;form-action * 'self' t.svtrd.com *.achmea.nl;manifest-src 'self';report-uri https://centraalbeheer.ams.report-uri.com/r/t/csp/enforce; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
frame-ancestors https://www.paypal.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.paypal.com; font-src 'self' data:; img-src 'self' data: https://domainreselling.de https://www.united-domains.de https://*; base-uri 'self' https://www.paypal.com; style-src 'self' 'unsafe-inline'; connect-src 'self' https://ipayment.de https://www.paypal.com; form-action 'self' https://www.paypal.com https://domainreselling.de https://ipayment.de; frame-src 'self' https://www.paypal.com; default-src 'none' 1
default-src 'self'; script-src 'self' 'nonce-cm1vaw==' https://cdn.datatables.net; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net  'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;img-src data: https: 'self'; base-uri 'self'; object-src 'none'; 1
default-src https: 'self' 'unsafe-inline'; img-src 'self'; child-src 'none' 1
script-src 'nonce-c9a08d68ab58c2f7dffadfe6679dec03' 'strict-dynamic'; object-src 'none'; base-uri 'none' 1
default-src https: unsafe-inline https://sdn.sitecore.net; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: http: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https://cdn.vev.design 'https://www.google.com/pagead/landing https://px.ads.linkedin.com/wa/ https://t.indeed.com https://apply.indeed.com/ https://maps.googleapis.com https://api-us2.herefish.com https://cdn.equalweb.com https://access.equalweb.com wss://chatbot-api.jobijoba.io https://*.herefish.com https://cdn.cookielaw.org https://chatbot-widget.jobijoba.io https://api.omappapi.com https://api.herefish.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com  https://cdn.linkedin.oribi.io https://*.qualified.com wss://*.qualified.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://was-nam-us-qa-calculation.azurewebsites.net  https://was-nam-us-prd-calculation.azurewebsites.net https://stats.g.doubleclick.net https://help.hotjar.com https://support.google.com https://*.omappapi.com https://bhgateway.azurewebsites.net https://was-nam-us-dev-bhapi.azurewebsites.net https://bhgatewayqa.azurewebsites.net/tk/fol/d00d7224567448908769a002fb2c7a55/cs https://bhgateway.azurewebsites.net/tk/fol/be667283af7c4d799c7adc7d062166c0/cs; font-src 'self' https:;frame-ancestors 'self' https://cdn.linkedin.oribi.io https://www.jobup.ch https://www.jobs.ch https://www.experteer.ch https://pro.komin.io/; 1
default-src 'self' blob: www.google-analytics.com marketing.cov.com go.cov.com view.ceros.com cdn.jsdelivr.net *.cookiepro.com static.cloud.coveo.com staticdev.cloud.coveo.com www.gstatic.com fonts.gstatic.com *.fontawesome.com *.brightcove.net platform.cloud.coveo.com www.google.com *.brightcove.com *.cloudfront.net *.boltdns.net *.akamaihd.net *.onetrust.com *.pardot.com *.yoshki.com data:;style-src 'self' 'unsafe-inline' static.cloud.coveo.com marketing.cov.com go.cov.com fonts.googleapis.com *.fontawesome.com stackpath.bootstrapcdn.com www.google.com cdn.jsdelivr.net www.gstatic.com *.brightcove.com *.brightcove.net *.cloudfront.net *.boltdns.net *.akamaihd.net *.onetrust.com *.yoshki.com *.pardot.com cdn.matomo.cloud *.matomo.cloud;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: marketing.cov.com go.cov.com siteimproveanalytics.com creative-services.ceros.com view.ceros.com www.googletagmanager.com code.jquery.com www.google-analytics.com fonts.googleapis.com static.cloud.coveo.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com *.cookiepro.com *.fontawesome.com www.google.com stackpath.bootstrapcdn.com www.gstatic.com *.onetrust.com *.pardot.com *.boltdns.net *.brightcove.com *.brightcove.net *.cloudfront.net *.yoshki.com *.akamaihd.net *.matomo.cloud ;img-src 'self' go.cov.com code.jquery.com www.google-analytics.com fonts.googleapis.com static.cloud.coveo.com cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com *.cookiepro.com *.fontawesome.com stackpath.bootstrapcdn.com marketing.cov.com www.googletagmanager.com www.google.com cov.vuture.net www.gstatic.com *.pardot.com *.brightcove.com *.boltdns.net *.brightcove.net *.cloudfront.net *.akamaihd.net *.yoshki.com data: *.matomo.cloud; 1
default-src 'self'; script-src data: 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://lupin.com https://lupin.com/US https://www.facebook.com https://www.youtube.com/ https://tags.srv.stackadapt.com https://www.google.co.in https://www.googletagmanager.com https://cdn.syndication.twimg.com https://*.gstatic.com https://www.google.com https://*.twitter.com https://*.lupin.com https://ssl.google-analytics.com https://moment.github.io https://cdn.jsdelivr.net https://code.jquery.com https://connect.facebook.net https://www.google-analytics.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://cdnjs.cloudflare.com https://www.googleadservices.com https://snap.licdn.com https://googleads.g.doubleclick.net https://ajax.googleapis.com https://stats.wp.com; img-src 'self' data: https://wp-rocket.me https://www.facebook.com https://i1.wp.com https://www.google.co.in https://www.google.com https://*.twimg.com https://*.lupin.com https://i.ytimg.com https://ssl.google-analytics.com https://www.google-analytics.com https://cdn.page-source.com https://px.ads.linkedin.com https://www.googleadservices.com https://snap.licdn.com https://px4.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://secure.gravatar.com https://pixel.wp.com https://lupin.com/US/ https://woocommerce.com http://lupinnewwebsiteuat.azurewebsites.net; style-src 'self' 'unsafe-inline' https://platform.twitter.com https://*.twimg.com https://*.lupin.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://tags.srv.stackadapt.com; font-src 'self' data: https://lupin.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.lupin.com/ https://lupinnewwebsite.azurewebsites.net; frame-src 'self' https://td.doubleclick.net https://www.facebook.com https://www.google.co.in https://*.twitter.com https://www.youtube.com https://www.google-analytics.com https://www.google.com https://content.dionglobal.in https://youtube.com; connect-src 'self' data: https://px.ads.linkedin.com/wa/ https://analytics.google.com https://stats.g.doubleclick.net https://*.lupin.com https://www.google-analytics.com https://lupin.com/US/ https://yoast.com https://tags.srv.stackadapt.com https://lupinnewwebsiteuat.azurewebsites.net https://cdn.linkedin.oribi.io; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.zdassets.com https://*.zopim.com https://*.intercomcdn.com https://*.typekit.net https://connect.facebook.net https://*.googleapis.com https://*.bootstrapcdn.com https://*.stripe.com https://*.ravenjs.com https://*.heapanalytics.com https://*.pingdom.net https://*.intercom.io https://*.adroll.com https://*.trychameleon.com https://*.amplitude.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.appcues.com https://*.appcues.net; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://*.bootstrapcdn.com https://*.googleapis.com https://fonts.google.com https://*.appcues.com https://*.appcues.net; font-src * data:; connect-src *; frame-src 'self' https://*.stripe.com https://*.trychameleon.com https://*.chmln-cdn.com https://*.amplitude.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.appcues.com; report-uri /api/internal2/csp-report 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.br https://www.myheritage.com.br  'nonce-8e610c275584c60741a381e954d535bf' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.br;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.unibocconi.it/it/report-uri/enforce 1
default-src 'self';img-src 'self' data: https://www.mijnwefact.nl https://www.wefact.nl https://secure.gravatar.com *;script-src 'self' 'unsafe-inline';connect-src 'self';font-src 'self';style-src 'self' 'unsafe-inline'; 1
default-src 'self' profiauto.pl profiauto.de profiauto.co.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at  *.cookie-script.com ssl.silnet.pl www.googletagmanager.com www.google-analytics.com www.googleadservices.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.onesignal.com onesignal.com *.googleapis.com cdnjs.cloudflare.com cdn.ampproject.org cdn.datatables.net; style-src 'self' 'unsafe-inline' profiauto.pl profiauto.de profiauto.co.at fonts.googleapis.com ssl.silnet.pl onesignal.com cdnjs.cloudflare.com *.tagmanager.google.com tagmanager.google.com motoflota.pl cdn.datatables.net *.bootstrapcdn.com; img-src 'self' data: *.ggpht.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at silnet.pl ssl.silnet.pl cdn.datatables.net *.doubleclick.net www.google-analytics.com *.google.com *.google.pl *.facebook.com *.gstatic.com *.googleapis.com cdnjs.cloudflare.com *.openstreetmap.org *.gravatar.com motoflota.pl; media-src 'self' profiauto.pl profiauto.de profiauto.co.at; font-src 'self' profiauto.pl profiauto.de profiauto.co.at fonts.gstatic.com *.bootstrapcdn.com; frame-src 'self' profiauto.pl profiauto.de profiauto.co.at *.google.com google.com *.facebook.com onesignal.com *.youtube.com linkedin.com *.linkedin.com kalkulator.raty.aliorbank.pl; connect-src 'self' *.googleapis.com googleapis.com *.profiauto.pl profiauto.pl profiauto.de profiauto.co.at onesignal.com *.google-analytics.com *.doubleclick.net *.google.com *.google.pl *.facebook.com 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' cdn.ecomid.com data:; font-src cdn.ecomid.com; media-src cdn.ecomid.com; script-src-elem 'self' cdnjs.cloudflare.com static.cloudflareinsights.com; connect-src 'self' cloudflareinsights.com; 1
frame-ancestors 'self' http://www.1001hry.cz 1
default-src 'self' https://*.eka.care;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.eka.care *;style-src 'self' 'unsafe-inline' https://*.eka.care *;frame-ancestors 'self' vmedicaclinics.com dr.eka.care docapp.dev.eka.care apt.dev.eka.care mdr.eka.care littmann.dev.eka.care advancedskinclinic.in imagehospitals.in phonen.dev.eka.care idr.eka.care frontdesk.dev.eka.care desk.eka.care;img-src 'self' data: *;font-src 'self' data: *;frame-src 'self' *;connect-src 'self' * 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.addtoany.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.adsrvr.org *.thevoterguide.org *.typekit.net *.rockthevote.com s3.amazonaws.com *.google.com *.gstatic.com vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com www.googletagmanager.com ads.undertone.com *.hotjar.com *.googleadservices.com *.cloudflare.com cdn.jsdelivr.net; object-src 'self' 'unsafe-eval' *.rockthevote.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.thevoterguide.org *.addtoany.com *.amazonaws.com; img-src 'self' data: *.google-analytics.com *.facebook.com *.addtoany.com *.typekit.net vote411-dev.s3.amazonaws.com vote411-release.s3.amazonaws.com vote411-prod.s3.amazonaws.com *.doubleclick.net www.googletagmanager.com www.google.com i.ytimg.com ads.undertone.com evt.undertone.com *.hotjar.com *.gstatic.com *.thevoterguide.org *.googleapis.com; frame-src 'self' *.vote411.org *.rockthevote.com *.addtoany.com insight.adsrvr.org *.google.com lwv.thevoterguide.org match.adsrvr.org www.facebook.com *.hotjar.com *.youtube.com *.youtu.be *.googlevideo.com *.googleapis.com *.ytimg.com *.youtubeeducation.com *.smsinfo.io; frame-ancestors *.rockthevote.com; child-src *.rockthevote.com s3.amazonaws.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.typekit.net *.hotjar.com; connect-src 'self' *.google.com *.google-analytics.com stats.g.doubleclick.net performance.typekit.net www.google.com www.facebook.com *.hotjar.com *.hotjar.io *.googleapis.com *.thevoterguide.org *.hotjar.com wss://ws6.hotjar.com wss://ws.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'nonce-9K9ww9tfjRjEN6W6uNqlBA==' 'unsafe-inline' 'strict-dynamic' https: 'report-sample'; object-src 'none'; base-uri 'none' 1
script-src *.bigcommerce.com *.betrad.com *.ipify.org *.kaptcha.com *.jebbit.com *.lightboxcdn.com *.dynatrace.com *.azurewebsites.net cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.devcloudsoftware.com *.zmags.com *.jquery.com *.crazyegg.com *.adsrvr.org sc-static.net *.pinimg.com *.googleadservices.com *.braintreegateway.com *.sandbox.braintree-api.com *.stripe.com *.doubleclick.net *.googletagmanager.com *.agkn.com *.pgsitecore.com  *.online-metrix.net *.amazonaws.com *.moatads.com *.paypalobjects.com *.paypal.com *.rewardstyle.com *.adsrvr.org *.adsrvr.org *.moatads.com *.attn.tv *.linkedin.com *.youtube.com *.ytimg.com *.bing.com *.gstatic.com smileadvisor.crest.com *.addthis.com *.addthisedge.com *.moatads.com *.agkn.com *.online-metrix.net *.ravenjs.com *.addrexx10.com *.bizographics.com *.cardinalcommerce.com *.bazaarvoice.com *.yotpo.com  cdn.cookielaw.org  *.cloudfront.net *.rpxnow.com *.iesnare.com *.polyfill.io geolocation.onetrust.com *.sharethis.com *.tapad.app *.pepperjam.com *.segment.com *.affirm.com *.minibc.com *.pricespider.com *.mapbox.com *.lytics.io *.ordergroove.com *.pepperjamnetwork.com *.tp88trk.com *.snapchat.com *.tiktok.com *.rokt.com *.ssacdn.com *.swaven.com pghub.io https://tapjoy.go2cloud.org/SL2Wm https://shareasale-analytics.com/j.js optanon.blob.core.windows.net b-code.liadm.com 'self' 'unsafe-eval' 'unsafe-inline' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://www.googletagmanager.com https://arkivverket.atlassian.net https://www.google.com https://www.gstatic.com; img-src 'self' data: https://*.google-analytics.com https://stats.g.doubleclick.net www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://*.digitalarkivet.no https://www.google.com/recaptcha/ https://www.youtube-nocookie.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self' https://*.digitalarkivet.no 1
frame-ancestors 'self'  https://*.bit2me.com https://bit2me.com/ 1
default-src 'self'; script-src 'self' 'strict-dynamic' 'nonce-13d4b67f93aeabdf' 'unsafe-inline' blob: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; img-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; media-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; font-src 'self' data: https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com; connect-src 'self' https://*.iserv.de https://*.iserv.eu https://trainer.iserv-akademie.de https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.gstatic.com https://*.facebook.net https://*.facebook.com 1
frame-ancestors https://app.optimizely.com https://optmizely.com www.optmizely.com 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.co.il 1
frame-ancestors 'self' taskon.xyz *.taskon.xyz 1
default-src *.crazyegg.com 'self';frame-ancestors localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de 'self';frame-src  localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de app.datawrapper.de datawrapper.dwcdn.net api.datawrapper.de https://e.infogram.com https://infogram-download-eu.s3.eu-west-1.amazonaws.com https://app.23degrees.io https://nfg.podigee.io https://player.podigee-cdn.net https://www.youtube.com/ https://www.surveymonkey.de/ https://flo.uri.sh/ *.flourish.studio *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.xing.com iframe.biotechgate.com www.crazyegg.com dihkafrika.twentymedia.de 'self';style-src  localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de https://cdn.podigee.com https://player.podigee-cdn.net analytics.init.de 'unsafe-inline';img-src    localhost:* *.contentstream.de datawrapper.dwcdn.net  *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de jwpltx.com *.usercentrics.eu *.webtrekk.net analytics.init.de fbc.wcfbc.net *.crazyegg.com i.ytimg.com api.mapbox.com *.twimg.com *.twitter.com *.facebook.com *.facebook.net px4.ads.linkedin.com px.ads.linkedin.com https://images.podigee-cdn.net data: 'unsafe-inline';script-src localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de *.usercentrics.eu https://snap.licdn.com/li.lms-analytics/ *.webtrekk.de *.webtrekk.com responder.wt-safetag.com analytics.init.de *.crazyegg.com trk.cetrk.com s3.amazonaws.com/trk.cetrk.com/ https://e.infogram.com https://app.23degrees.io https://player.podigee-cdn.net https://cdn.podigee.com https://www.youtube.com/ https://s.ytimg.com/yts/jsbin/ ajax.googleapis.com/ajax/libs/jquery/ vjs.zencdn.net/5.9.2/ ssl.p.jwpcdn.com cdn.rawgit.com api.mapbox.com https://flo.uri.sh/ *.flourish.studio *.twitter.com *.twimg.com *.facebook.com *.facebook.net *.linkedin.com *.xing.com iframe.biotechgate.com api.ipify.org blob: 'unsafe-inline' 'unsafe-eval';connect-src wss://localhost:35729/livereload *.crazyegg.com embedr.flickr.com px.ads.linkedin.com *.usercentrics.eu *.webtrekk.net analytics.init.de 'self' https://cdn.linkedin.oribi.io/partner/3147810/;font-src   localhost:* *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de analytics.init.de https://player.podigee-cdn.net data: 'self';media-src  localhost:* *.contentstream.de  *.africa-business-guide.de *.ixpos.de *.portal21.de *.gtai.de *.gtai-exportguide.de *.german-business-portal.info *.init-ag.de  blob: 'self';report-uri /blueprint/servlet/service/csp-report 1
default-src 'self' *.fourth.com *.peoplematter.com *.walkme.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; 1
frame-ancestors 'none'; frame-src 'self' https://connect.getvero.com https://airtable.com https://www.youtube.com https://calendly.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.gcloud.belgium.be *.agconsult.com *.socialsecurity.be;style-src 'self' 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.gcloud.belgium.be;img-src 'self' data: *.google-analytics.com *.sfpd.fgov.be *.socialsecurity.be *.mypension.be; 1
upgrade-insecure-requests; frame-ancestors zuozhe.qimao.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.kannadaprabha.com;block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' collector-37690.tvsquared.com ldti.syndication.kbb.com wss://lo.msg.liveperson.net tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.configureconnect.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.kampyle.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.medallia.eu *.netdirector.co.uk *.omtrdc.net *.pinimg.com *.pinterest.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net b-cdn.net config.landrover.com decibel.com landroverusa.com leasinglandrover.de psyma.com scene7.com sophus3.com syndication.kbb.com userlike.com web.app www.leasinglandrover.de pinimg.com pinterest.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com data: blob:; 1
frame-ancestors https://app.reskyt.com https://app.deporvillage.fr 1
default-src 'self' *.fullstory.com *.pangle-ads.com analysts.pangle-ads.com ad.doubleclick.net *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.local.com:8080 *.local.com dev.local.com *.kaptcha.com *.smartlook.cloud *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.tictuk-qa.com *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.tictuk.com telegram.me wa.me m.me powertranztestframeworkdsacssimulator.azurewebsites.net *.kaptcha.com *.ptranz.com *.google.com *.arcot.com *.nutritionix.com *.lji.li lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.local.com:8080 *.local.com kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' *.fullstory.com analysts.pangle-ads.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo *.google.com voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.kaptcha.com web-sdk.smartlook.com *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com  *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com polyfill.io cdn.inspectlet.com cdn.polyfill.io lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self' *.fullstory.com analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.pizzahut.com.bo media.api-kfc.com xilnexblobs.b-cdn.net www.telepizza.cl *.googletagmanager.com telepizza.cl *.telepizza.cl *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi  pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' *.fullstory.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com kfc.com.mx *.kfc.com.mx *.ipg-online.com  pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com ; 1
default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com https:; style-src https: 'self' 'unsafe-inline' cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com use.typekit.net; connect-src 'self' embed-ssl.wistia.com tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net fast.wistia.net embed-ssl.wistia.com distillery.wistia.com pipedream.wistia.com embed-fastly.wistia.com embedwistia-a.akamaihd.net cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com cdp-dv-frontend-cdne.azureedge.net cdp-qa-frontend-cdne.azureedge.net web performance.typekit.net identity-dv-web.azurewebsites.net identity-dev.nwnatural.com identity-qa.nwnatural.com identity-st.nwnatural.com identity-pd.nwnatural.com identity.nwnatural.com webapi-dev.nwnatural.com webapi-qa.nwnatural.com webapi-st.nwnatural.com webapi-pd.nwnatural.com api.nwnatural.com maps.googleapis.com; media-src blob: 'self' embed-ssl.wistia.com fast.wistia.net embedwistia-a.akamaihd.net cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com; worker-src blob: 'self' embedwistia-a.akamaihd.net cd.nwnatural.local dev.nwnatural.com qa.nwnatural.com staging.nwnatural.com prod.nwnatural.com www.nwnatural.com; font-src 'self' data: use.typekit.net fonts.typekit.net fonts.gstatic.com; img-src https: 'self' www.google-analytics.com p.typekit.net secure.surveymonkey.com data:; form-action 'self' identity-qa-web.azurewebsites.net identity-dev.nwnatural.com identity-qa.nwnatural.com identity-st.nwnatural.com identity-pd.nwnatural.com identity.nwnatural.com; 1
default-src 'self' 'unsafe-inline' www.google-analytics.com code.jquery.com *.disqus.com disqus.com *.bootstrapcdn.com *.disquscdn.com www.gravatar.com   https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.karlaporter.com *.shanx.com *.amitavac.com *.googleapis.com  *.googletagmanager.com  platform.twitter.com shanx.matomo.com    *.amazonaws.com   apis.google.com ssl.google-analytics.com connect.facebook.net https:; img-src 'self' *.karlaporter.com *.iconj.com  cdn-images.mailchimp.com  *.shanx.com *.amitavac.com ssl.google-analytics.com s-static.ak.facebook.com i.imgur.com imgur.com  data:  https:; style-src 'self' 'unsafe-inline' *.shanx.com  cdn-images.mailchimp.com  *.karlaporter.com *.amitavac.com *.ionicframework.com  use.typekit.net  fonts.adobe.com  fonts.googleapis.com fonts.gstatic.com https:; font-src 'self' *.shanx.com   use.typekit.net  *.ionicframework.com netdna.bootstrapcdn.com themes.googleusercontent.com fonts.gstatic.com data:; object-src  https:; media-src  'self'  https:; frame-ancestors 'self'; frame-src 'self' https:;  1
img-src 'self' https://cdn.arre.st https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google.com https://youtube.com/ http://www.google-analytics.com; object-src 'self' 1
default-src 'none'; form-action 'self'; font-src 'self' https://cdnjs.cloudflare.com; img-src 'self' data: https://minotar.net; script-src 'self' 'nonce-22aa553b6a3d0544e4de5856614d1af35adf0391' https://cdnjs.cloudflare.com https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; connect-src 'self' https://cloudflareinsights.com; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://app.kontent.ai; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.camsonline.com maxcdn.bootstrapcdn.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com  https://stats.g.doubleclick.net *.google.com *.gstatic.com *.facebook.net https://www.googletagmanager.com *.camsonline.com *.google-analytics.com *.googleapis.com mozilla.github.io data:;connect-src 'self' 'unsafe-inline' www.youtube.com  https://stats.g.doubleclick.net *.facebook.net *.camsonline.com *.google-analytics.com *.googleapis.com *.gstatic.com data:; font-src 'self' 'unsafe-inline' *.gstatic.com  *.camsonline.com maxcdn.bootstrapcdn.com data:; img-src 'unsafe-inline'  * data:; frame-src 'self' 'unsafe-inline' *.camsonline.com  *.google.com www.youtube.com; media-src 'self' 'unsafe-inline' www.youtube.com 1
default-src 'self'; base-uri 'self'; script-src 'nonce-dfce44ee399f0a564dd210f76b96b3b3' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.eharmony.co.uk tms.eharmony.co.uk *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: http: https: *.instana.io ; font-src 'self' data: *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
base-uri 'self'; connect-src 'self' *.appboy.com *.branch.io *.braze.com *.crazyegg.com *.doubleclick.net *.facebook.com *.google.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.launchdarkly.com *.lymberapi.com *.mindbody.io *.mindbodyapis.com *.mktoresp.com *.mparticle.com *.optimizely.com *.pendo.io *.pinterest.com api.amplitude.com bam.nr-data.net bam-cell.nr-data.net collect.tealiumiq.com explore.mindbodyonline.com trackerapi.trustarc.com mindbodyonline.pxf.io *.stripe.com *.stripecdn.com; default-src 'self' blob:; font-src 'self' fonts.gstatic.com use.fontawesome.com; form-action 'self' *.facebook.com *.googletagmanager.com mindbodyonline.pxf.io *.stripe.com *.stripecdn.com; frame-src 'self' *.cdn.optimizely.com *.cdn-pci.optimizely.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com consent-pref.trustarc.com servedby.flashtalking.com mindbodyonline.pxf.io *.stripe.com *.stripecdn.com; img-src 'self' data: *.amazonaws.com *.amazon-adsystem.com *.cloudfront.net *.doubleclick.net *.eloqua.com *.facebook.com *.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.mbodev.me *.mindbody.io *.mindbodyonline.com *.optimizely.com *.pendo.io *.pinterest.com *.secure-booker.com *.trustarc.com *.vistaequitypartners.com *.xg4ken.com atdmt.com cdn.branch.io cdn.optimizely.com consent.trustarc.com mindbody.io vistaequitypartners.com mindbodyonline.pxf.io *.ojrq.net logs-01.loggly.com *.stripe.com *.stripecdn.com; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.crazyegg.com *.doubleclick.net *.google.com *.googleadservices.com *.googleapis.com *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.optimizely.com *.pendo.io *.pinimg.com *.tealiumiq.com app.link bam.nr-data.net bam-cell.nr-data.net cdn.amplitude.com cdn.branch.io cdn.optimizely.com cdn-assets-prod.s3.amazonaws.com connect.facebook.net consent.trustarc.com deploytealium.com img.en25.com jssdkcdns.mparticle.com js-agent.newrelic.com mindbody.io munchkin.marketo.net optimizely.s3.amazonaws.com resources.xg4ken.com services.xg4ken.com static.cloudflareinsights.com tags.tiqcdn.com utt.impactcdn.com cdn.mxpnl.com *.stripe.com *.stripecdn.com; style-src 'self' 'unsafe-inline' *.pendo.io *.googleapis.com use.fontawesome.com 1
default-src 'self' *.toutemonannee.com s1.toutemonannee.com s2.toutemonannee.com *.s3.toutemonannee.com balthazar.diedm.fr;worker-src 'self' blob:;media-src 'self' s1.toutemonannee.com s2.toutemonannee.com *.s3.toutemonannee.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;img-src 'self' data: blob: *.toutemonannee.com s1.toutemonannee.com s2.toutemonannee.com *.s3.toutemonannee.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;frame-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;child-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;base-uri 'none';object-src 'none';style-src 'self' 'unsafe-inline' s1.toutemonannee.com balthazar.diedm.fr;script-src 'self' 'unsafe-inline' 'unsafe-eval' s1.toutemonannee.com balthazar.diedm.fr;font-src 'self' data: fonts.googleapis.com s1.toutemonannee.com 1
default-src 'self' assets.bonkerscorner.com *.gravatar.com d30flbpbaljuso.cloudfront.net *.cloudflarestream.com *.googlesyndication.com *.reddit.com *.google.com google.com *.facebook.com cdn-cookieyes.com *.cookieyes.com stats.g.doubleclick.net *.doubleclick.net *.bing.com *.redditstatic.com *.clarity.ms cdn.datatables.net *.pinterest.com *.snapchat.com analytics.google.com www.google-analytics.com *.gokwik.co *.razorpay.com wchat.in.freshchat.com bonkerscorner.webpush.in.freshchat.com data:; img-src 'self' 'unsafe-inline' *.asbmit.com *.gravatar.com *.cloudflarestream.com d30flbpbaljuso.cloudfront.net *.admitad.com lenkmio.com pafutos.com tjzuh.com *.snapchat.com *.doubleclick.net *.clarity.ms *.bing.com *.gstatic.com *.reddit.com cdn-cookieyes.com *.googletagmanager.com *.google.com *.google.co.in *.google.ca *.google-analytics.com www.facebook.com *.gokwik.co cdn.razorpay.com assets.bonkerscorner.com ct.pinterest.com data:;style-src *.google.com cdn.datatables.net ajax.googleapis.com fonts.googleapis.com www.bonkerscorner.com 'unsafe-inline' wchat.in.freshchat.com;font-src data: www.bonkerscorner.com *.admitad.com *.affilitizer.com fonts.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' cdn.datatables.net *.doubleclick.net websdk-assets.s3.ap-south-1.amazonaws.com *.bing.com *.redditstatic.com cdn-cookieyes.com *.cloudflare.com *.google.com *.gstatic.com www.googleadservices.com checkout.razorpay.com d30flbpbaljuso.cloudfront.net *.gokwik.co s.pinimg.com tr.snapchat.com www.google-analytics.com sc-static.net *.gravatar.com *.cloudflarestream.com www.bonkerscorner.com www.googletagmanager.com connect.facebook.net static.cloudflareinsights.com wchat.in.freshchat.com cdn.razorpay.com d30flbpbaljuso.cloudfront.net *.gokwik.co *.clarity.ms *.pinterest.com; 1
frame-ancestors 'self' http://www.1001jogos.com.br 1
frame-ancestors 'self' https://www.liveshopping.bonprix.ch/ https://liveshopping.bonprix.ch/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://i.ytimg.com data:; frame-src 'self' https://www.youtube.com https://digitalkyc.bulbankonline.bg; connect-src 'self' https://localhost:53952/; frame-ancestors 'self'; 1
object-src 'none';base-uri 'self';script-src 'nonce-vvx9-JL3jHVQsu5P1l0JqQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
block-all-mixed-content; frame-ancestors *.plenitudedistribuidora.com.br 1
frame-ancestors 'self' *.portaldocidadaosurdo.pt edponline.edp.pt cliente.edp.pt *.edponline.edp.pt *.cliente.edp.pt m01.ofertas.edp.pt ofertas.edp.pt; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.byside.com *.s1.byside.com *.googleadservices.com *.googleads.g.doubleclick.net *.google.com *.hotjar.com *.google-analytics.com *.youtube.com *.facebook.net *.ytimg.com grmtech.net *.cloudfront.net *.adnxs.com *.mookie1.com *.serving-sys.com c-share.herokuapp.com *.googleapis.com *.cloudflare.com *.captcha.com *.doubleclick.net *.google.com *.google.pt *.botframework.com *.edp.pt *.clientscape.com *.facebook.com *.googletagmanager.com *.licdn.com *.linkedin.com nebula-cdn.kampyle.com *.kampyle.com *.smrk.io *.gstatic.com *.cookiepro.com *.onetrust.com cookiepro.blob.core.windows.net code.jquery.com edpptblob.blob.core.windows.net unpkg.com cdn.cookielaw.org *.googlesyndication.com *.googleoptimize.com *.weglot.com *.visualwebsiteoptimizer.com *.vwo.com *.datadoghq-browser-agent.com cdn.gbqofs.com 1
img-src * data:; default-src * 'self' https://* 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors https://*.tracelink.com 1
script-src 'unsafe-eval' 'self' blob: *.mpeasylink.com *.omtrdc.net *.walkme.com *.doubleclick.net *.jquery.com *.steelhousemedia.com *.clarity.ms *.marinsm.com *.tvsquared.com *.convertlanguage.coma *.stackadapt.com 'sha256-Rqz5HBTdDZqvx9tFQtMxkOrL6I7oKHMPUmejT+2LMw8=' 'sha256-0rnAJ6vApAwYvkwKRItvYvJBuC2Tc6FUGnpWWGKm0s0=' 'sha256-E3D70tU+C9GFn1aNG7ja3BGmXO6SUTBfXNPkiks6YKM=' 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-ipjUpAO5Zx3H/q6miTlllOa0xJsBwcFMGTeHoYNeXiw=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-JHK17+U8wdRstIrvJ9FH+hRjOAbbxmHrq0wCVhtsH7o=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-0CFWqn8iRfbSl1Sem930KfSoUJXZns11Cn83r+PXVLY=' 'sha256-N9Fcbvm0D7OHWPqfYvKe/03U0CZV2AiZiZBrMI+Ksj0=' 'sha256-EXfLQCLxlOnO65O9cKsL0o9OFNxguNq3K01QOwsooT8=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-9L80nW6/wnsNaC/TWNo4gryOH3bGptV9J841/BKwAno=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-39xatTpd5FpCS4XEP4t1a9EhvY/OmWxChEfjA6mbhtU=' 'sha256-EMO8V0afEwmvA6t2d6wG6PS3p9+n6fhPK0GZjO91IHs=' 'sha256-f7qZAP0d9359mYcb/vgVCWxYxymvSI9DxgiKurjZaOQ=' 'sha256-NDRilroK6DdzrIS4UKHEE3CEEoql6/fSI05aOLR0MKs=' 'sha256-frdEsQQ2f2d9UwWmf/L1EkrelLIPQkX8XKBxZ68VEDc=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-IyJp55qY1hWHECsk/9IaBg0P1cqphU2h83okwB6//30=' 'sha256-7air93D0iLJuk6VUEZSnozqaPOL6Qi8MOs8k6dWhuko=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-/jelFPmvGgCLb2ruwisTS4lMCQphITOFeMAtuZQQhPQ=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-+9nvnUjMPgpsCHqUyccwQCWltJdUnhcoDgKmekMe5r4=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-7kffnNgRQ7qzYy+bMsInYuH8jQUzqb4sdbv2yAH7H40=' 'sha256-7kffnNgRQ7qzYy+bMsInYuH8jQUzqb4sdbv2yAH7H40=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-kEyA013BpTyUc1nqTJ2W65dz6zCi7DlCTj7xA/MPKm8=' 'sha256-PujGZsFstVNnK7qoVuZjCFKHTUf1KgZQB3e1+nfLypE=' 'sha256-1hphP5UeIPLrdHl0caK+RBjjIf/Nf+NOjngIRgKJNvg=' 'sha256-5opYFwUS510Rvfv27i9fgH/77B6yGcd39Qc2XGu3Sk4=' 'sha256-ZsiO6M6SIFEhZrPiwh4Vky40a3LRcSYYWmT8kYCo+c8=' 'sha256-12Oe5dMRtAenv78D9ewvG6kpwvsYQwe0SEAFh4E3by4=' 'sha256-pKXjbNTq8JR4j0soyNfLkYJiSSsP6kqo5DRo9q4cDXE=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com *.brightcove.net *.brightcove.com, frame-src 'self' *.mpeasylink.com *.bcbsil.com *.doubleclick.net *.google.com *.facebook.com hcsc.demdex.net *.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.brightcove.com 1
default-src 'self' www.google.com; img-src 'self' data: * www.googletagmanager.com; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com https://www.googletagmanager.com www.google.com www.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; object-src 'none'; frame-src https://www.youtube.com https://youtube.com https://www.google.com 1
default-src 'self' https://www.youtube.com/ https://my.wel-co.me/; script-src 'self' 'unsafe-eval' https://use.fontawesome.com/ https://www.googletagmanager.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ *.google-analytics.com *.analytics.google.com https://www.googleoptimize.com https://www.recaptcha.net/recaptcha/api.js *.8x8.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://api.mapbox.com https://cdn.siteimprove.net *.cloudflareinsights.com https://cb.8x8.com https://vcc-eu10b.8x8.com d10lpsik1i8c69.cloudfront.net *.facebook.net *.clarity.ms https://v4in1-si.click4assistance.co.uk blob: https://vcc-eu6.8x8.com/ v4in1-ti.click4assistance.co.uk djtflbt20bdde.cloudfront.net *.clarity.ms https://unpkg.com/tippy.js@5.2.1/dist/tippy-bundle.iife.min.js https://unpkg.com/tippy.js@6.2.6/dist/tippy-bundle.umd.min.js https://tools.luckyorange.com/ 'unsafe-inline' *.luckyorange.com/ https://cdn.usefathom.com/script.js *.govmetric.com dev.visualwebsiteoptimizer.com *.google.com unpkg.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://api.mapbox.com *.jsdelivr.net d10lpsik1i8c69.cloudfront.net use.fontawesome.com *.luckyorange.com *.myfonts.net *.govmetric.com *.google.com; img-src 'self' data: 'unsafe-inline' data: https://cdn.jsdelivr.net *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.co.uk https://www.google.com https://www.google.es https://api.mapbox.com http://*.openstreetmap.org *.google.ie https://vcc-eu10b.8x8.com/ *.8x8.com *.facebook.com d10lpsik1i8c69.cloudfront.net https://c.clarity.ms/ https://c.bing.com/ https://vcc-eu6.8x8.com/ connect.facebook.net https://v4in1-si.click4assistance.co.uk https://pbs.twimg.com/ https://www.google.com.br/ads/ga-audiences *.luckyorange.com *.govmetric.com dev.visualwebsiteoptimizer.com *.google.com *.gstatic.com; media-src 'self' d10lpsik1i8c69.cloudfront.net; frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://my2.siteimprove.com/ https://vcc-eu10b.8x8.com https://vcc-eu6.8x8.com/ https://vcc-eu6.cb.8x8.com/ https://v4in1-ti.click4assistance.co.uk/ *.8x8.com https://pbs.twimg.com/ https://app.powerbi.com https://my.wel-co.me/ https://app.wel-co.me *.govmetric.com *.google.com https://contentassistant.eu.siteimprove.com https://map.footways.london; child-src 'self' https://my.wel-co.me/ blob:; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com use.fontawesome.com s3.amazonaws.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://my2.siteimprove.com https://id.siteimprove.com https://cb.8x8.com/socket.io/ wss://cb.8x8.com/socket.io/ *.8x8.com *.clarity.ms *.luckyorange.net *.visitors.live visitors.live wss://in.visitors.live/ wss://visitors.live/ *.luckyorange.com api-js.mixpanel.com wss://realtime.luckyorange.com/mqtt *.googleapis.com/ https://endpoint-app.cognigy.ai https://region1.google-analytics.com *.govmetric.com dev.visualwebsiteoptimizer.com https://contentassistant.eu.siteimprove.com; report-uri /report-csp-violation 1
frame-ancestors 'self' *.doubleclick.net *.yape.tech *.yapetienda.com.pe *.yape.com.pe; form-action 'self' *.facebook.com *.qualtrics.com; default-src 'self' data: blob: *.dynatrace.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.teads.tv *.tiktok.com *.cookiebot.com *.smooch.io https://zendesk-eu.my.sentry.io *.khoros.com *.hotjar.com *.office.net https://www.google-analytics.com *.office.com *.botframework.com *.youtube.com *.google.com https://www.googletagmanager.com https://www.googleanalytics.com *.google.com https://connect.facebook.net https://www.google.com *.easysol.net *.googleapis.com *.dynatrace.com https://www.gstatic.com *.conoret.com https://conoret.com https://static.ada.support *.zdassets.com *.zendesk.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.smooch.io https://zendesk-eu.my.sentry.io *.tiktok.com *.facebook.net *.teads.tv *.ada.support *.zdassets.com *.zendesk.com *.doubleclick.net https://www.googletagmanager.com *.cookiebot.com https://www.google-analytics.com *.hotjar.com *.google.com https://www.googleadservices.com *.qualtrics.com https://unruffled-shannon-1a7413.netlify.app; img-src 'self' data: blob: *.teads.tv *.smooch.io https://zendesk-eu.my.sentry.io *.googleapis.com *.khoros.com *.doubleclick.net https://www.datocms-assets.com *.google.com *.googlesyndication.com https://www.google-analytics.com https://www.google.com *.google-analytics.com *.analytics.google.com *.facebook.com *.easysol.net https://www.gstatic.com *.googleapis.com *.gstatic.com *.doubleclick.net https://www.googletagmanager.com *.cookiebot.com *.googleadservices.com *.gstatic.com *.doubleclick.net https://www.googleadservices.com https://staceu2yapefrntd10.blob.core.windows.net https://staceu2yapefrntc10.blob.core.windows.net https://staceu2yapefrntp10.blob.core.windows.net http://www.googletagmanager.com https://www.google.com.pe *.yandex.net *.ytimg.com *.qualtrics.com *.zdassets.com *.zendesk.com; style-src 'self' 'unsafe-inline' *.khoros.com https://www.gstatic.com *.googleapis.com *.google.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com *.google.com https://www.googletagmanager.com/.*; font-src 'self' data: *.khoros.com *.azureedge.net *.gstatic.com; child-src *.office.com https://www.google.com *.googleapis.com; object-src 'self' blob https://noop.style; connect-src 'self' *.smooch.io https://zendesk-eu.my.sentry.io *.teads.tv *.tiktok.com *.cookiebot.com wss://*.zendesk.com wss://*.hotjar.com wss://api.smooch.io *.smooch.io https://zendesk-eu.my.sentry.io *.lcloud.com *.khoros.com *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com https://www.facebook.com *.botframework.com https://www.youtube.com wss://directline.botframework.com https://www.google-analytics.com *.doubleclick.net *.botframework.com https://www.googletagmanager.com *.space https://*.ada.support *.zdassets.com *.zendesk.com https://www.google.com *.google.com *.qualtrics.com https://bcpr42sh.staticmon.com https://eu2.device-api.indigitall.com https://www.datocms-assets.com https://featuregates.org *.statsigapi.net; worker-src *.yape.com.pe www.yape.com.pe; frame-src 'self' https://www.facebook.com *.teads.tv *.cookiebot.com *.hotjar.com *.doubleclick.net https://bit.ly js2ios: * *.youtube.com *.office.com *.google.com http://google.com *.tiktok.com *.facebook.net yapepro.b2clogin.com; 1
frame-ancestors https://*.visitestonia.com https://*.puhkaeestis.ee https://turismikiosk.ee https://*.dev.visitestonia.com https://*.test.visitestonia.com https://*.dev.puhkaeestis.ee https://*.test.puhkaeestis.ee https://muhu.info https://*.muhu.info 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pay.google.com/ https://tagmanager.google.com *.googleapis.com *.gstatic.com https://*.google-analytics.com/ https://*.googletagmanager.com https://*.google.com https://*.google.com.ua https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://static.zohocdn.com/zohosecurity/ blob: data: https://*.hotjar.com https://snap.licdn.com/li.lms-analytics/ https://browser.sentry-cdn.com https://customer.smartsender.eu/js/client/ https://cdnjs.cloudflare.com/ajax/libs/ https://analytics.twitter.com/ https://static.ads-twitter.com/ https://static.zohocdn.com/zohosecurity/ https://salesiq.zoho.com https://js.zohocdn.com https://js.zohostatic.com https://app.satismeter.com https://connect.facebook.net https://www.facebook.com https://*.bing.com https://app.satismeter.com.doubleclick.net https://*.plerdy.com https://*.fondy.io; style-src data: blob: 'unsafe-inline' 'self' https://*.hotjar.com https://pay.google.com/ https://*.gogletagmanager.com/ https://css.zohocdn.com https://css.zohostatic.com https://files.zohopublic.com https://*.jquery.com https://*.fondy.io; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://pay.google.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.eu https://www.google-analytics.com https://*.linkedin.com/ ws: https://analytics.ringostat.net/ https://callback.ringostat.com/ https://callback.ringostat.net/ https://analytics.ringostat.com/ https://salesiq.zoho.com https://salesiq.zohopublic.com https://stats.g.doubleclick.net https://*.plerdy.com https://connect.facebook.net https://app.satismeter.com https://*.fondy.io; frame-ancestors 'self' fondy.io; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://css.zohocdn.com/salesiq/styles/fonts/ https://css.zohocdn.com/webfonts/ 1
default-src 'self' data: https://*.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s6.searchcdn.com https://*.surveymonkey.com https://js.arcgis.com https://*.addtoany.com https://kit.fontawesome.com/ https://*.googleapis.com https://www.googletagmanager.com http://riversideca.gov https://*.google.com https://vimeo.com https://*.facebook.com  http://*.googleapis.com http://*.google-analytics.com https://*.google-analytics.com https://m.addthisedge.com https://addsearch.com https://*.twitter.com https://www.youtube.com http://vjs.zencdn.net https://*.curator.io http://*.curator.io https://fresnel.vimeocdn.com http://*.google.com https://m.addthis.com http://m.addthis.com https://*.twitter.com https://cdnjs.cloudflare.com https://code.jquery.com https://f.vimeocdn.com http://*.riversideca.gov https://*.legistar.com https://cdn.syndication.twimg.com https://*.govdelivery.com https://*.granicusideas.com https://api-public.addthis.com https://*.granicus.com https://static.doubleclick.net https://vjs.zencdn.net https://player.vimeo.com https://*.riversideca.gov https://www.gstatic.com https://s7.addthis.com https://c4b-integration.com https://*.g.doubleclick.net  https://www.recaptcha.net https://js-agent.newrelic.com https://uploads.mycusthelp.com; connect-src 'self' https://www2.hdlcompanies.com http://*.arcgisonline.com https://*.arcgisonline.com https://c4b-integration.com https://*.arcgis.com https://www.google-analytics.com  https://graph.facebook.com https://*.govdelivery.com https://*.twitter.com https://query.yahooapis.com https://googleads.g.doubleclick.net https://api-public.addthis.com https://fresnel.vimeocdn.com https://*.granicus.com https://*.googleapis.com https://api.curator.io; img-src 'self' data: https://*.gstatic.com https://*.surveymonkey.com https://*.arcgisonline.com https://*.arcgis.com https://*.addsearch.com https://c4b-integration.com http://*.riversidepublicutilities.com https://*.facebook.com https://riversideca.legistar.com https://*.xx.fbcdn.net https://*.googleapis.com https://www.google-analytics.com https://*.google.com https://*.cloudfront.net  https://stats.g.doubleclick.net https://*.granicus.com https://i.ytimg.com https://*.riversideca.gov https://ssl.google-analytics.com https://*.cdninstagram.com https://riversideca.gov https://external.xx.fbcdn.net https://i.vimeocdn.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://www.riversideca.gov https://scontent.xx.fbcdn.net http://s7.addthis.com; style-src 'self' 'unsafe-inline' *.arcgis.com https://www.google.com https://*.cloudfront.net https://*.bootstrapcdn.com https://*.googleapis.com https://*.riversideca.gov https://app.addsearch.com http://*.riversideca.gov https://www.youtube.com https://f.vimeocdn.com https://c4b-integration.com http://vjs.zencdn.net https://riversideca.legistar.com https://riversideca.granicus.com https://*.gstatic.com https://platform.twitter.com https://cdn.curator.io https://vjs.zencdn.net https://cdnjs.cloudflare.com http://ajax.googleapis.com; font-src 'self' https://*.bootstrapcdn.com  http://*.arcgis.com http://*.riversideca.gov https://*.riversideca.gov https://fonts.gstatic.com http://vjs.zencdn.net https://c4b-integration.com http://fonts.gstatic.com https://cdn.curator.io https://cdnjs.cloudflare.com; frame-src 'self' https://*.flipbook.thesaucecs.com https://*.powerbigov.us https://prezi.com https://*.office365.com https://*.tableau.com https://sketchfab.com https://www.eventbrite.com https://cad.chp.ca.gov/ https://*.s3.amazonaws.com https://www.youtube.com https://*.google.com/ https://*.riversideca.gov https://*.vimeo.com https://*.twitter.com https://s7.addthis.com https://*.govdelivery.com https://*.maps.arcgis.com https://*.clarity-aip.com https://riversideca.legistar.com https://www.google-analytics.com https://*.twitter.com https://www.recaptcha.net https://*.granicus.com https://riversideca.mycusthelp.com; frame-ancestors 'self' https://www.riversideca.gov https://riversideca.gov; object-src 'self' https://www.riversideca.gov https://riversideca.gov 1
upgrade-insecure-requests; frame-ancestors 'self' trainee.hustle.royalchallengers.com; 1
default-src 'self' 'unsafe-inline' data: *.google.com *.my.onetrust.com *.cookielaw.org *.googleapis.com *.gstatic.com *.onetrust.com *.g.doubleclick.net *.analytics.google.com *.cloud.coveo.com *.google-analytics.com *.googletagmanager.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cookielaw.org *.cloud.coveo.com *.google-analytics.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.google.com *.gstatic.com *.cloudflare.com *.cloudfront.net *.stripe.com *.googleadservices.com *.googlesyndication.com snap.licdn.com *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hubspot.com *.facebook.net;style-src 'self' 'unsafe-inline' *.cloud.coveo.com *.googleapis.com *.gstatic.com; img-src 'self' data: https:; connect-src 'self' data: https: *.google.com *.doubleclick.net *.hubapi.com *.hscollectedforms.net; font-src 'self' data: https:;frame-src 'self' *.embedly.com *.stripe.com *.doubleclick.net *.google.com *.googletagmanager.com *.youtube.com alsenvironmental.wufoo.com *.facebook.com *.vimeo.com *.hs-sites.com;object-src 'none'; form-action 'self' *.westpac.com.au *.payjunction.com *.facebook.com; report-uri https://9854a28f6d04362aa2f20b134deae7c0.report-uri.com/r/d/csp/enforce; report-to csp-endpoint 1
style-src 'self' https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/gtag/ https://region1.googletagmanager.com *.perfdrive.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bilet.kolejeslaskie.com/ https://bilet.kolejeslaskie.com/BiletParametry youtube.com www.youtube.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com; object-src 'none'; frame-ancestors 'none'; img-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://region1.googletagmanager.com https://region1.g.doubleclick.net https://region1.google.com data: blob:; connect-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://region1.googletagmanager.com https://region1.g.doubleclick.net https://region1.google.com *.perfdrive.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; default-src 'self'; 1
default-src 'self'; img-src data: *; font-src 'self' fonts.gstatic.com; base-uri 'self'; form-action 'self'; child-src https:; media-src https:; object-src 'none'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; script-src 'self' *.googletagmanager.com *.google.com *.gstatic.com *.adobedtm.com; connect-src 'self' *.2o7.net *.contentful.com *.commercelayer.io *.azurewebsites.net *.segurosbupa.cl *.bupa.cl 'sha256-r3JSFVAsvVivmU5TxA/X7fdGN+/PgtPpsPB5NvrWCMQ=' 'sha256-yEKpHNDNJzUrvnYQtflCaaFC9z1nzPmqmvoD+6JD/a8=' 'sha256-PUzeb/3DWYi/mbzbwlnzcWF0NC2i8KLGeNyOq/iEwRY='; 1
frame-ancestors *.ringpublishing.com *.glamour.hu; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.glamour.hu::PROD_1_8_7 1
default-src 'self' *; script-src 'self' * 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' *; font-src 'self' * data:; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; base-uri 'self'; form-action 'self' *; report-to default 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' blob: data: localhost localhost:3000 cdn.matomo.cloud sosafeawareness.matomo.cloud apis.google.com www.googletagmanager.com sosafe.local *.sosafe-awareness.com sosafe-awareness.com www.google-analytics.com snap.licdn.com bat.bing.com px.ads.linkedin.com adservice.google.com *.doubleclick.net *.gravatar.com boards-api.greenhouse.io boards.eu.greenhouse.io js.hsforms.net play.google.com www.googleadservices.com *.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hsleadflows.net js-na1.hs-scripts.com connect.facebook.net cdn.transifex.com *.amazd.co *.wistia.com *.wistia.net *.requestmetrics.com humanfirewallconference.kinsta.cloud humanfirewallconference.com human-firewall-conference.com *.podigee-cdn.net *.cookiebot.com cookiebot.com *.reddit.com *.redditstatic.com *.clearbitscripts.com *.clearbitjs.com *.lfeeder.com *.g2crowd.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.fr https://www.myheritage.fr  'nonce-748ed9bf4528f3fccb8e1014437c1b15' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.fr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; 1
frame-ancestors 'self' *.strumentimusicali.net; 1
default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'self' dotroll.com *.dotroll.com 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval';                img-src * blob: data:;                frame-src https: 'self';               style-src https: 'self' 'unsafe-inline';                font-src https: 'self' data:;                connect-src https: 'self' 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob:; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.telecable.es *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com p.adsymptotic.com sjs.bizographics.com t.co p.adsymptotic.com sjs.bizographics.com 212.55.1.136 1
default-src 'none';     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bmkg.go.id *.google-analytics.com *.googleapis.com *.google.com *.youtube.com unpkg.com *.doubleclick.net s.ytimg.com *.jsdelivr.net static.cloudflareinsights.com livechat.on5.co.id; style-src 'self' 'unsafe-inline' *.bmkg.go.id *.gstatic.com *.googleapis.com unpkg.com *.jsdelivr.net;     img-src 'self' blob: *.bmkg.go.id data: *.bmkg.go.id *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net 202.90.199.103 *.openstreetmap.org *.arcgisonline.com *.ina-sdi.or.id unpkg.com *.jsdelivr.net http://prosesweb.bmkg.go.id;     font-src 'self' *.bmkg.go.id fonts.gstatic.com fonts.googleapis.com;     media-src 'self' *.bmkg.go.id;     child-src 'self' *.bmkg.go.id *.google.com fusiontables.googleusercontent.com *.youtube.com *.bmkgapp.my.id widget-bmkg.netlify.app livechat.on5.co.id;     connect-src 'self' *.bmkg.go.id *.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net webcritech.jrc.ec.europa.eu livechat.on5.co.id; 1
default-src * https://*.santagostino.it; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src 'self' data: https://*; 1
object-src 'none' ; base-uri 'self'; form-action 'self'; font-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://*.adxcel-ec2.com https://*.artsai.com https://*.samsungads.com https://*.CyberMark.com https://*.centrotap.es https://*.mapbox.com https://*.googletagmanager.com/ https://c.amazon-adsystem.com https://*.cloudflareinsights.com https://www.redditstatic.com/ https://scripts.iconnode.com/ https://googleads.g.doubleclick.net/ https://analytics.tiktok.com/ https://connect.facebook.net data: wss:; style-src 'self' 'unsafe-inline' blob: https:; frame-src 'self' https://*.doubleclick.net/ https://*.amazon-adsystem.com; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; worker-src blob: ; child-src blob: ; img-src 'self' https://*.adxcel-ec2.com https://*.agkn.com https://*.adgrx.com https://www.googleadservices.com https://*.samsungads.com https://*.CyberMark.com https://*.centrotap.es https://www.google.ca https://www.facebook.com/ https://www.google.co.in/ https://*.doubleclick.net https://*.reddit.com/ https://trkn.us https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com data: blob: ; connect-src 'self' https://www.google.co.in https://www.google.ca https://analytics.tiktok.com/ https://*.iconnode.com/ https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://*.sportclipsinc.com https://api-js.mixpanel.com https://*.google-analytics.com/ https://*.analytics.google.com https://*.googletagmanager.com/ https://*.g.doubleclick.net https://*.google.com https://*.sentry.io https://trkn.us https://conversions-config.reddit.com https://*.mock.pstmn.io https://www.redditstatic.com; 1
frame-ancestors 'self' https://anhqv.es https://lqsa.es https://*.lqsa.es https://*.jonilar.com https://comunidadmontepinar.es 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.es https://www.myheritage.es  'nonce-8133f7fcaf9f19b3f2afd690beafa068' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.es;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self' https:; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' https: data: assets-cdn.skynetworkcdn.com *.stackpathstorage.com; object-src 'self' https:; script-src 'self' https: blob: 'unsafe-eval' 'unsafe-inline' assets-cdn.skynetworkcdn.com www.googletagmanager.com; style-src 'self' https: 'unsafe-inline'; media-src 'self' https: blob: 1
default-src 'none'; playground-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: clouddata.analytics.venafi.com simulator.connector-sdk.venafi.cloud wss://simulator.connector-sdk.venafi.cloud data.analytics.venafi.com cdn.analytics.venafi.com use.fontawesome.com www.google-analytics.com www.google.com www.gstatic.com recaptcha.net cloudcdn.analytics.venafi.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-62068175.storage.googleapis.com venafi.okta.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' blob: cloudcdn.analytics.venafi.com use.fontawesome.com fonts.googleapis.com app.pendo.io cdn.pendo.io pendo-static-62068175.storage.googleapis.com; font-src 'self' data: fonts.gstatic.com use.fontawesome.com; connect-src 'self' api.venafi.cloud api.eu.venafi.cloud docs.venafi.cloud wss://api.venafi.cloud wss://api.eu.venafi.cloud simulator.connector-sdk.venafi.cloud wss://simulator.connector-sdk.venafi.cloud docs.venafi.cloud fonts.googleapis.com app.pendo.io cdn.jsdelivr.net blob:; img-src 'self' data: cloudcdn.analytics.venafi.com clouddata.analytics.venafi.com data.analytics.venafi.com stats.g.doubleclick.net www.google-analytics.com cdn.pendo.io app.pendo.io pendo-static-62068175.storage.googleapis.com; frame-src www.youtube.com www.google.com recaptcha.net app.pendo.io ui.venafi.cloud docs.venafi.cloud docs.staging.qa.venafi.io; 1
default-src 'self' blob: studwork.ru *.cloudfront.net *.a.trbcdn.net *.studwork.ru mc.yandex.ru *.googletagmanager.com analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: d2wy8f7a9ursnm.cloudfront.net cdnjs.cloudflare.com connect.facebook.net vk.com *.playbuzz.com yastatic.net studwork.ru *.studwork.ru ajax.googleapis.com www.google-analytics.com *.google.com *.gstatic.com *.yandex.ru *.chatra.io www.googletagmanager.com www.instagram.com; style-src 'self' *.cloudflare.com studwork.ru *.studwork.ru *.googleapis.com *.google.com *.chatra.io 'unsafe-inline'; img-src 'self' data: blob: *.cloudfront.net *.a.trbcdn.net c5mdnuiqw2.a.trbcdn.net vk.com *.facebook.com img.playbuzz.com *.algebra24.ru studwork.ru studwork.obs.ru-moscow-1.hc.sbercloud.ru s3-studwork-pd01.s3pd01.sbercloud.ru studwork.storage.yandexcloud.net storage.yandexcloud.net *.studwork.ru *.google.com *.google.ru www.google-analytics.com *.yandex.ru *.yandex.net *.gstatic.com *.doubleclick.net *.chatra.io www.googletagmanager.com *.fbcdn.net *.cdninstagram.com; font-src 'self' *.cloudflare.com *.studwork.ru *.gstatic.com *.a.trbcdn.net data: *.yandex.ru; connect-src 'self' ws: wss: *.playbuzz.com studwork.ru *.studwork.ru *.yandex.ru *.chatra.io *.bugsnag.com *.googleapis.com *.google.com *.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.youtube.com www.instagram.com studwork.obs.ru-moscow-1.hc.sbercloud.ru s3-studwork-pd01.s3pd01.sbercloud.ru c5mdnuiqw2.a.trbcdn.net h20x37ek96.a.trbcdn.net studwork.storage.yandexcloud.net storage.yandexcloud.net d1uw69x4c2zrim.cloudfront.net d1he4a7838so59.cloudfront.net yastatic.net *.studwork.ru *.chatra.io *.google.com *.facebook.com w.soundcloud.com view.officeapps.live.com; worker-src 'self' data: *.studwork.ru; media-src 'self' data: *.yandex.ru *.yandex.net d1he4a7838so59.cloudfront.net c5mdnuiqw2.a.trbcdn.net *.obs.ru-moscow-1.hc.sbercloud.ru; 1
base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://tarifaluzhora.es/report-uri/enforce 1
default-src 'none'; form-action 'self' 3dsecure.gpwebpay.com test.3dsecure.gpwebpay.com www.facebook.com; font-src 'self' data: fonts.gstatic.com *.optimonk.com; frame-ancestors 'self'; frame-src 'self' ehub.cz accounts.google.com *.doubleclick.net c.imedia.cz connect.facebook.net fbrpc://call staticxx.facebook.com tpc.googlesyndication.com www.facebook.com www.googletagmanager.com www.instagram.com www.youtube.com www.zbozi.cz www.paypal.com www.sandbox.paypal.com *.optimonk.com *.ceneo.pl studentenrabatt.com chat-widget.static-amio.com strava-embeds.com www.tiktok.com; manifest-src 'self'; img-src data: https: ssl.gstatic.com www.gstatic.com www.paypal.com www.sandbox.paypal.com *.google-analytics.com; media-src 'self' https:; script-src 'nonce-fQp/QfZELoHWMDfBKp0LRg==' 'unsafe-inline' 'unsafe-eval' 'self' ehub.cz browser.sentry-cdn.com js.sentry-cdn.com connect.facebook.net d70shl7vidtft.cloudfront.net googleads.g.doubleclick.net im9.cz platform.instagram.com client.smartform.cz tpc.googlesyndication.com *.google-analytics.com *.analytics.google.com www.googleadservices.com www.googletagmanager.com www.instagram.com www.zbozi.cz tagmanager.google.com www.paypal.com www.sandbox.paypal.com *.clarity.ms *.optimonk.com *.bing.com chat-widget.static-amio.com https://accounts.google.com/gsi/client; script-src-attr 'unsafe-hashes'; style-src 'unsafe-inline' 'self' client.smartform.cz tagmanager.google.com fonts.googleapis.com www.paypal.com www.sandbox.paypal.com *.optimonk.com https://accounts.google.com/gsi/style; connect-src 'self' wss: ehub.cz api.instagram.com stats.g.doubleclick.net www.facebook.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com www.instagram.com *.sentry.io www.paypal.com www.sandbox.paypal.com analytics.tiktok.com *.clarity.ms *.optimonk.com *.clarity.ms *.bing.com metrics.aktin.cz https://accounts.google.com/gsi/ api.mapy.cz; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; 1
default-src 'self' https://* *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; img-src 'self' https://* data: blob: *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; media-src 'self' https://* data: blob: *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; script-src 'self' https://* *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://* *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; font-src 'self' https://* data: *.adobedtm.com *.4strokemedia.com *.amazon-adsystem.com *.scorecardresearch.com *.jwpcdn.com *.jwplayer.com *.jwpltx.com *.googleapis.com *.getSocial.io *.scorecardresearch.com *.sky.it *.outbrain.com *.opecloud.com *.rlcdn.com *.bidswitch.net *.smartadserver.com *.mookie1.com *.adform.net *.yahoo.com *.adsrvr.org *.mathtag.com *.adnxs.com *.speedcurve.com; 1
default-src 'self'; media-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self'; report-uri /csp/; 1
frame-ancestors 'self' https://www.blender.co.il; 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.lonex.bg *.lonex.com http://www.google.com/recaptcha/api.js https://www.gstatic.com/ http://image.providesupport.com https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js; frame-ancestors 'self'; 1
font-src fonts.gstatic.com use.typekit.net https://js.intercomcdn.com https://fonts.intercomcdn.com *.creativecdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com *.mobilpay.ro *.facebook.com https://intercom.help https://intercom-help.eu https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://intercom-sheets.com *.creativecdn.com *.doubleclick.net 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.hotjar.com *.hotjar.io *.confirmit.com *.creativecdn.com *.facebook.com https://intercom-sheets.com https://api.intercom.io https://www.intercom-reporting.com https://devices.minutpass.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.tvsquared.com *.google.com *.google.ro *.yahoo.com *.mookie1.com *.confirmit.com *.facebook.com *.facebook.net *.popupsmart.com *.bazaarvoice.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.creativecdn.com cdn-x.omniconvert.com bat.bing.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com https://pa.7w.ro http://pa.7w.ro *.7w.ro *.tvsquared.com *.mookie1.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.yimg.com *.doubleclick.net *.yahoo.com *.google.com *.confirmit.com *.gstatic.com *.facebook.com *.facebook.net *.js-agent.newrelic.com *.magento.com *.popupsmart.com *.bazaarvoice.com *.creativecdn.com https://app.intercom.io https://js.intercomcdn.com https://widget.intercom.io https://devices.minutpass.com https://cdnjs.cloudflare.com *.omniconvert.com bat.bing.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.gstatic.com *.popupsmart.com *.creativecdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://js.intercomcdn.com *.creativecdn.com *.doubleclick.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com https://pa.7w.ro http://pa.7w.ro *.7w.ro *.tvsquared.com *.mookie1.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.yimg.com *.doubleclick.net *.yahoo.com *.google.com *.confirmit.com *.popupsmart.com *.bazaarvoice.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io  https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.creativecdn.com https://microanalytics-sgtm-1.ey.r.appspot.com *.omniconvert.com 'self' 'unsafe-inline'; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.creativecdn.com *.doubleclick.net http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://ajc.newspapers.com https://*.ajchomefinder.com https://www.legacy.com https://epaper.ajc.com https://editions.ajc.com https://appnews.ajc.com http://localhost:* 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com/gtm.js?id=GTM-WPBHTWDR; script-src 'self' https://www.google-analytics.com/ https://www.googletagmanager.com https://tagmanager.google.com/ 'nonce-GOOGLETAGMANAGER'; img-src 'self' 'https://www.googletagmanager.com' https://www.google-analytics.com https://ssl.gstatic.com/ data: blob: https://trustseal.enamad.ir; style-src 'self' 'unsafe-inline' https://pro.fontawesome.com/ https://www.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/;; upgrade-insecure-requests 1
default-src 'self' blob: https: https://curriculums.everfi.net https://courses.everfi.net https://admin.homeroom.everfi.net https://everfi-curriculums.s3.amazonaws.com https://d1vyejqi0lnyjd.cloudfront.net https://help.everfi.com https://everfi.com; font-src 'self' blob: https: data:; img-src 'self' blob: https: data:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline'; connect-src 'self' https: data.pendo.io; worker-src 'self' blob: https: 1
frame-ancestors https://*.x-cart.com 1
frame-ancestors 'self' https://hca.dev.tayoris.jp https://hca-fix.dev.tayoris.jp https://hca-dev.dev.tayoris.jp https://hca.stg.tayoris.jp https://hca-fix.stg.tayoris.jp https://hca-dev.stg.tayoris.jp https://hca.tayoris.jp; 1
frame-ancestors 'self' 'franchising.com' 'franchisebusiness.news' 'franchisinginsider.com'; 1
frame-ancestors 'self' https://upland.me *.enterupland.webflow.io *.upland.me; 1
frame-ancestors 'self' https://sport.genybet.fr 1
default-src 'self' *.my-shopify.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com recaptcha.net:* googleads.g.doubleclick.net *.googletagmanager.com c.evidon.com youtube-nocookie.com connect.facebook.net *.google-analytics.com d2oh4tlt9mrke9.cloudfront.net *.sessioncam.com *.google.com s2.go-mpulse.net js-agent.newrelic.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org d6tizftlrpuof.cloudfront.net *.usabilla.com *.gbqofs.io *.gbqofs.com d22xmn10vbouk4.cloudfront.net *.youtube.com github.com cdnjs.cloudflare.com p.teads.tv *.tintup.com objects.githubusercontent.com cdns.eu1.gigya.com cdn.hypemarks.com pxl.jivox.com *.nestle.com *.adimo.co googleoptimize.com *.gigya.com *.d6tizftlrpuof.cloudfront.net https://tintup.com cdn.jsdelivr.net/npm/@popperjs/core@2.11.5/dist/umd/popper.min.js files.qualifio.com/kit/qualp.2.min.js scripts.qualifioapp.com/kit/plugins/iframe.js *.unpkg.com https://unpkg.com; object-src *; style-src 'self' 'unsafe-inline' *.adimo.co *.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.rewe-static.de *.googletagmanager.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.cookielaw.org *.cloudfront.net; img-src 'self' 'unsafe-inline' *.adimo.co *.fontawesome.com fonts.googleapis.com fonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.google.com *.rewe-static.de https://www.googletagmanager.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com *.aws.nestle.recipes data: *.teads.tv *.evidon.com *.google.co.in *.facebook.com facebook.com:* *.cloudfront.net *.gigya.com data: blob: ad.doubleclick.net *.google.pl ade.googlesyndication.com  srh-media-gr.s3.eu-west-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.usabilla.com *.amazonaws.com adservice.google.pl *.google.com google.com:* emnadvmenuplannersta.blob.core.windows.net *.blob.core.windows.net; media-src * data:; frame-src 'self' lf.o-c.io cdns.eu1.gigya.com cookbook.winiary.pl *.doubleclick.net *.addthis.com  *.facebook.com *.adimo.co *.pantheonsite.io *.cookbook.winiary.pl *.youtube.com *.doubleclick.net *.google.com *.teads.tv *.hypemarks.com *.gbqofs.com *.googleapis.com *.tintup.com *.filestackcontent.com *.cloudfront.net *.winiary.pl; frame-ancestors 'self' lf.o-c.io *.doubleclick.net cookbook.winiary.pl *.winiary.pl *.cookbook.winiary.pl *.youtube.com *.doubleclick.net *.google.com *.teads.tv *.hypemarks.com *.gbqofs.com *.googleapis.com *.tintup.com *.filestackcontent.com googletagmanager.com live-72078-food-maggi-pl.pantheonsite.io; child-src 'self' lf.o-c.io *.doubleclick.net cookbook.winiary.pl *.cookbook.winiary.pl *.youtube.com *.doubleclick.net *.google.com *.teads.tv *.hypemarks.com *.gbqofs.com *.googleapis.com *.tintup.com *.filestackcontent.com https://www.googletagmanager.com blob:; font-src 'self' *.googleapis.com *.gstatic.com fonts.googleapis.com https://www.googletagmanager.com https://*.cloudfront.net; connect-src 'self' 'unsafe-eval' *.sessioncam.com d2oh4tlt9mrke9.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com https://optoutapi.evidon.com https://c.go-mpulse.net/ https://bam.nr-data.net https://l.evidon.com https://region1.google-analytics.com https://*.google-analytics.com  https://www.facebook.com https://stats.g.doubleclick.net  https://*.gbqofs.io *.gbqofs.com *.akstat.io *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/ *.usabilla.com https://d6tizftlrpuof.cloudfront.net https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://cm.teads.tv https://endpoint-nestle.cognigy.cloud https://cdns.eu1.gigya.com https://api.tintup.com https://*.winiary.pl https://collect.analyze.ly *.teads.tv *.jivox.com https://cognito-identity.us-east-1.amazonaws.com *.amazonaws.com wss://endpoint-nestle.cognigy.cloud *.adimo.co *.live-72078-food-maggi-pl.pantheonsite.io *.test-72078-food-maggi-pl.pantheonsite.io; report-uri /report-csp-violation 1
default-src *.werk.nl *.cdn.optimizely.com www.youtube-nocookie.com www.youtube.com fonts.gstatic.com d6tizftlrpuof.cloudfront.net *.usabilla.com fonts.googleapis.com https://kmm-cag.uwv.nl data:;frame-ancestors 'self';style-src *.werk.nl d6tizftlrpuof.cloudfront.net fonts.googleapis.com tag2.uwv.nl *.usabilla.com https://werknl-staging.ba.uwv.nl; connect-src *.werk.nl opentag-stats.qubit.com uwv.blueconic.net cdn.blueconic.net https://*.optimizely.com errors.client.optimizely.com api.ipify.org *.usabilla.com d6tizftlrpuof.cloudfront.net  https://kmm-cag.uwv.nl https://werknl-staging.ba.uwv.nl  data: blob:; script-src *.werk.nl responder.wt-safetag.com tag.uwv.nl tag2.uwv.nl cdn-extern.uwv.nl https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com www.youtube.com s.ytimg.com *.usabilla.com uwv.blueconic.net cdn.blueconic.net static.hotjar.com halc.iadvize.com static.iadvize.com d6tizftlrpuof.cloudfront.net https://werknl-staging.ba.uwv.nl https://kmm-cag.uwv.nl blob: ; img-src *.werk.nl *.usabilla.com uwv01.wt-eu02.net d6tizftlrpuof.cloudfront.net https://app.optimizely.com https://cdn.optimizely.com https://werknl-staging.ba.uwv.nl data:; media-src  *.werk.nl ; object-src opentag-stats.qubit.com logx.optimizely.com d6tizftlrpuof.cloudfront.net ; frame-src app.powerbi.com a3778780304.cdn.optimizely.com www.youtube-nocookie.com www.youtube.com d6tizftlrpuof.cloudfront.net *.usabilla.com; 1
object-src 'none';base-uri 'self';frame-ancestors 'self';script-src 'nonce-d24562f3a09e30fc2326d31ff12ed771' 'unsafe-eval' 'unsafe-inline' 'self' https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://mc.yandex.com  https://mc.yandex.uz https://www.google.com https://pagead2.googlesyndication.com https://www.google.cz https://www.gstatic.com https://antisovetnic.ru;script-src-elem 'nonce-d24562f3a09e30fc2326d31ff12ed771' 'unsafe-inline' 'self' https://trikotazh.by https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://www.google.com https://www.gstatic.com https://antisovetnic.ru;connect-src 'self' https://*.mc.yandex.ru https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.by https://ymetrica1.com https://yandexmetrica.com:*  https://adservice.google.com https://connect.facebook.net https://www.google.com https://*.google.com https://www.google.kz https://www.google.by https://www.google.ru https://www.google.fr https://www.google.com.cy https://www.google.com.ua https://www.google.pl https://www.google.de https://www.google.ge https://www.google.co.il https://www.google.com.tr https://www.google.com.hk https://www.google.co.uk https://www.google.nl https://www.google.ee https://region1.analytics.google.com https://vk.com https://ymetrica1.com https://top-fwz1.mail.ru https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://mc.yandex.ru https://api.carrotquest.app https://api.carrottrack.app https://o4504796596404224.ingest.sentry.io https://*.trikotazh.by https://region1.google-analytics.com https://googleads.g.doubleclick.net http://327.0.0.1:* https://translate.googleapis.com https://www.google.am https://www.google.ch https://www.google.se https://www.google.fi https://www.google.co.uz https://www.google.no https://www.google.md https://www.google.com.mx https://antisovetnic.ru;report-uri /csp.php 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://esir.gov.spb.ru wss://esir.gov.spb.ru https://ac.gz-spb.ru https://mc.yandex.ru; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' doxxbet.sk www.doxxbet.sk 1
default-src 'self' boxbox.club; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net *.facebook.com www.facebook.com *.googletagmanager.com vercel.live; child-src 'self' connect.facebook.net *.facebook.com www.facebook.com; style-src 'self' 'unsafe-inline'; img-src * blob: data:; media-src 'self'; connect-src *; font-src 'self'; 1
script-src 'self' https://www.youtube.com https://piwik.itzbund.de; base-uri 'none'; object-src 'none'; 1
frame-ancestors *.ringpublishing.com; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.egeszsegkalauz.hu::PROD_23_6_8 1
script-src 'self' 'unsafe-inline' *.wlresources.com https://www.google-analytics.com https://www.youtube.com/iframe_api https://s.ytimg.com ; connect-src 'self' *.wlresources.com https://www.google-analytics.com; report-uri /err0r/js?ts=1715648428; frame-ancestors 'none' 1
child-src 'self' https://ghd-p-001.sitecorecontenthub.cloud/ *.ghd.com;frame-src 'self' https://player.vimeo.com https://view.ceros.com https://www.facebook.com https://info.ghd.com https://issuu.com/ https://www.youtube.com/;connect-src 'self' *.google-analytics.com *.doubleclick.net https://ghd-p-001.sitecorecontenthub.cloud/ https://analytics.google.com/ https://api-apse2.rfksrv.com https://discover-apse2.sitecorecloud.io/ https://discover.sitecorecloud.io/ https://cdn.linkedin.oribi.io https://aughd.sc-apj.ghd.com ;default-src 'self' 'unsafe-eval' 'unsafe-inline';font-src 'self' fonts.gstatic.com 'unsafe-eval' 'unsafe-inline' https://cmsstorghddevase.z26.web.core.windows.net/;frame-ancestors 'self' *.ghd.com;img-src 'self' data: https://ghd-p-001.sitecorecontenthub.cloud/ https://cmsstorghddevase.z26.web.core.windows.net/ *.google.com *.google.co.in https://www.facebook.com https://www.google-analytics.com *.linkedin.com *.google.com.au/;media-src 'self' https://ghd-p-001.sitecorecontenthub.cloud/;script-src 'self' www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://cmsstorghddevase.z26.web.core.windows.net https://cdn.evgnet.com https://info.ghd.com https://connect.facebook.net https://px.ads.linkedin.com https://snap.licdn.com https://view.ceros.com https://pi.pardot.com https://www.youtube.com/iframe_api https://ajax.googleapis.com https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cmsstorghddevase.z26.web.core.windows.net/;upgrade-insecure-requests;block-all-mixed-content; 1
frame-ancestors 'self' http://www.grajteraz.pl 1
frame-ancestors 'self' https://*.tngdigital.com.my https://*.touchngo.com.my; upgrade-insecure-requests 1
base-uri 'self'; default-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; frame-ancestors 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'report-sample' 'unsafe-inline' https://*.apple.com https://google.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com; object-src 'self' https://*.googlesyndication.com https://*.e-transactions.fr; frame-src https://* https://*.e-transactions.fr https://player.reetags.com; child-src 'self' blob: https://*.doubleclick.net https://google.com https://*.google.com https://*.google.fr https://*.googlesyndication.com https://*.googletagmanager.com https://*.youtube.com; img-src 'self' data: blob: https://*; font-src 'self' data: https://github.com https://fonts.gstatic.com https://use.typekit.net; connect-src 'self' about: https://hub.pharma-gdd.com https://api.stripe.com https://*.adyen.com wss://*.firebaseio.com https://*.doubleclick.net https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.googletagservices.com https://*.google-analytics.com https://*.gstatic.com https://google.com https://*.google.com https://*.googlesyndication.com https://www.facebook.com https://connect.facebook.net https://spay.samsung.com https://*.e-transactions.fr https://*.amazonaws.com https://*.caast.tv https://*.mux.com wss://*.caast.tv https://*.axept.io; manifest-src 'self'; form-action https://*; media-src 'self' blob: https://*.mux.com; worker-src 'self' blob:; report-uri https://www.pharma-gdd.com/cspreport; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.addtoany.com/ http://clients1.google.com/complete/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://www.google.com  https://*.fontawesome.com https://*.customsearch.ai https://*.googletagmanager.com https://tagmanager.google.com https://*.uxtweak.com https://www.clarity.ms/tag/9u8kzuuuo8 https://*.teams.cdn.office.net https://*.botframework.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://*.windows.net https://tagmanager.google.com; img-src 'self' blob: https://www.google-analytics.com data: https://www.google.com/recaptcha/ http://www.ecb.int/ http://www.ecb.europa.eu/ https://*.windows.net https://*.gstatic.com https://stats.g.doubleclick.net; frame-src 'self' https://www.google.com/recaptcha/ https://static.addtoany.com/ https://www.youtube-nocookie.com/ https://maps.google.be/maps/ https://www.google.com/maps/ https://mapsengine.google.com/ https://ui.customsearch.ai/ https://sdk.companywebcast.com/ https://portal.dataviz.ecb.europa.eu/ https://*.uxtweak.com https://www.slideshare.net https://*.microsoft.com/ https://player.cnbc.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' ws: https://*.customsearch.ai https://*.google-analytics.com https://*.uxtweak.com https://*.api.powerplatform.com *.botframework.com; report-uri /en/admin/config/system/seckit/csp-report 1
'unsafe-inline' 'unsafe-eval' 'script-src' 'self' 1
default-src 'self' 'unsafe-inline' ;form-action 'self' data: *.irdnz.localhost *.irdnz.net *.microsoftonline.com *.irdnz *.ird.govt.nz *.qualtrics.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.newrelic.com *.irdnz *.ird.govt.nz *.irdnz.localhost *.irdnz.net *.nr-data.net *.coveo.com *.zscalertwo.net *.windows.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.google.com *.hotjar.com *.qualtrics.com *.googleapis.com *.cloudflare.com *.youtube.com *.vimeo.com *.clarity.ms ;img-src 'self' data: *.googletagmanager.com *.google-analytics.com staticcdn.co.nz *.staticcdn.co.nz *.sharepoint.com australiaeast1-mediap.svc.ms *.newrelic.com *.nr-data.net *.coveo.com *.zscalertwo.net *.windows.net *.ird.govt.nz *.gstatic.com *.google.com *.google.com.au *.google.co.nz *.doubleclick.net *.cloudfront.net *.qualtrics.com *.office.net *.ytimg.com *.clarity.ms *.c.bing.com ;connect-src 'self' data: *.qualtrics.com *.google-analytics.com *.nr-data.net *.zscalertwo.net *.coveo.com *.doubleclick.net *.signify.nz *.ird.govt.nz *.clarity.ms; upgrade-insecure-requests; block-all-mixed-content ;frame-src 'self' data: *.ird.govt.nz *.irdnz *.irdnz.net *.irdnz.localhost staticcdn.co.nz *.staticcdn.co.nz *.google.com *.youtube.com *.cloudfront.net *.googletagmanager.com *.hotjar.com *.slideshare.net *.qualtrics.com *.zscalertwo.net *.coveo.com *.openstreetmap.org *.vimeo.com *.sharepoint.com ;font-src 'self' data: *.typekit.net *.gstatic.com *.ird.govt.nz *.coveo.com ;style-src 'self' 'unsafe-inline' data: *.typekit.net *.coveo.com *.zscalertwo.net *.googleapis.com *.ird.govt.nz *.googletagmanager.com ;style-src-elem 'self' 'unsafe-inline' data: *.typekit.net *.zscalertwo.net *.coveo.com *.googleapis.com *.ird.govt.nz *.googletagmanager.com ;style-src-attr 'self' 'unsafe-inline' ;frame-ancestors 'none' ;media-src 'self' data: *.sharepoint.com *.microsoftonline.com *.youtube.com ;object-src 'none' ;manifest-src 'self' ; 1
style-src 'self' 'unsafe-inline' *.gov *.com; 1
frame-ancestors 'self' https://ale-chat.datalake.systems/ https://www.yammer.com/         https://customer.al-enterprise.com https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/ https://www.google.com/;         child-src 'self' https://*.doubleclick.net/ https://ale-chat.datalake.systems/ https://www.yammer.com/ https://customer.al-enterprise.com         https://forms.office.com https://login.microsoftonline.com/ https://persona.yammer.com/ https://players.brightcove.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://vars.hotjar.com/ https://s7.addthis.com/ https://www.google.com/ https://maps.google.com/ https://www.facebook.com/ https://use.fontawesome.com/; worker-src 'self' blob:; 1
report-uri https://41dab89c1baac89cfe2fa37a5d248070.report-uri.com/r/d/csp/reportOnly;base-uri 'self';connect-src 'self' https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://widget.senja.io https://track.senja.workers.dev https://edge.redirect.pizza wss://realtime-pusher.ably.io https://realtime-pusher.ably.io https://www2.profitwell.com https://*.quora.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://api-eu.mixpanel.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;default-src 'self';form-action 'self' https://github.com/login/oauth/authorize https://accounts.google.com/o/oauth2/auth https://appleid.apple.com/auth/authorize;img-src 'self' data: blob: https://client.crisp.chat https://image.crisp.chat https://storage.crisp.chat https://senjaio.b-cdn.net https://ik.imagekit.io https://enflow.imgix.net https://enflow-proxy.imgix.net https://files.enflow.nl https://cdnjs.cloudflare.com https://ucarecdn.com https://cdn.paddle.com https://*.quora.com https://gh-card.dev https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://www.linkedin.com https://*.ads.linkedin.com;media-src 'self' https://client.crisp.chat;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://settings.crisp.chat https://static.senja.io https://senja-assets.b-cdn.net https://cdn.paddle.com https://*.profitwell.com https://polyfill.io https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://*.quora.com https://app.cal.com https://snap.licdn.com https://app.algomo.com;style-src 'self' 'unsafe-inline' https://client.crisp.chat https://cdn.paddle.com https://fonts.googleapis.com https://app.algomo.com https://use.typekit.net;font-src 'self' data: https://client.crisp.chat https://fonts.gstatic.com;frame-src 'self' https://game.crisp.chat https://buy.paddle.com https://subscription-management.paddle.com/ https://sandbox-subscription-management.paddle.com/ https://app.cal.com https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube-nocookie.com https://app.algomo.com;worker-src data: https://redirect.pizza/service-worker.js 1
frame-ancestors 'self' kumu.io embed.kumu.io 1
default-src 'self'; img-src 'self' data:; frame-src 'self' https://www.google.com https://www.gstatic.com; object-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'unsafe-inline' 'self' https://www.woopra.com https://static.woopra.com https://www.google.com https://www.gstatic.com; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https://telesmart.co.nz/ https://*.wp.com/ https://widgets.wp.com/ https://fonts.googleapis.com/css https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/tailwindcss/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://telesmart.co.nz/ https://unpkg.com/vue@3/dist/ https://unpkg.com/petite-vue https://cdn.jsdelivr.net/npm/d3@7/ https://www.googletagmanager.com/ https://*.googlesyndication.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/charts/ https://www.google-analytics.com/ https://partner.googleadservices.com/ https://www.googleadservices.com/pagead/conversion/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://bat.bing.com/ https://stats.wp.com/ https://snap.licdn.com/li.lms-analytics/ https://widgets.wp.com/ https://*.wp.com/; connect-src 'self' ws: wss: https://telesmart.co.nz/ https://analytics.google.com/g/collect https://*.googlesyndication.com/getconfig/sodar https://www.google-analytics.com/ https://csi.gstatic.com/csi https://google.com/pagead/form-data/ https://google.com/ccm/form-data/ https://bat.bing.com/ https://px.ads.linkedin.com/ https://cdn.linkedin.oribi.io/partner/ https://yoast.com/feed/widget/; font-src 'self' data: https://telesmart.co.nz/ https://fonts.googleapis.com/css https://fonts.gstatic.com/s/ https://*.wp.com/i/; img-src 'self' data: https://telesmart.co.nz/ https://static.telesmart.co.nz/ https://static.telesmart.nz/ https://www.google.co.nz https://www.google-analytics.com/ https://www.googletagmanager.com https://*.googlesyndication.com https://*.googleusercontent.com/ https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://bat.bing.com/ https://pixel.wp.com https://px.ads.linkedin.com https://en.wordpress.com/ https://secure.gravatar.com/avatar/ https://ps.w.org/ https://s.w.org/; frame-src 'self' blob: https://telesmart.co.nz/ https://www.youtube.com/embed/ https://players.brightcove.net/ https://www.microsoft.com/en-us/videoplayer/embed/ https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net/ https://maps.google.com https://speedtest.telesmart.co.nz https://tpc.googlesyndication.com https://www.google.com https://widgets.wp.com/ https://fast.wistia.net/; media-src 'self' https://telesmart.co.nz/; object-src 'none'; frame-ancestors 'self' https://telesmart.co.nz/; base-uri 'self' https://telesmart.co.nz/; form-action 'self' https://telesmart.co.nz/; 1
block-all-mixed-content; report-uri https://lodash.report-uri.io/r/default/csp/enforce; default-src 'none'; child-src 'self' data: ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com; img-src 'self' data: *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.carbonads.net *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; frame-src 'self' data: ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com; manifest-src 'self'; script-src 'self' *.carbonads.com srv.carbonads.net adn.fusionads.net www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net embed.runkit.com; style-src 'self' cdn.jsdelivr.net; connect-src lodash.report-uri.com lodash.report-uri.io 'self' ms-appx-web: ghbtns.com runkit.com *.runkit-embed.com runkit-embed.com platform.twitter.com *.2mdn.net *.adsafeprotected.com ad.atdmt.com *.buysellads.com *.buysellads.net *.c3tag.com *.carbonads.net *.convertro.com ad.doubleclick.net www.google-analytics.com www.launchbit.com launchbit.com assets.servedby-buysellads.com *.serving-sys.com fonts.gstatic.com cdn.jsdelivr.net *.carbonads.com srv.carbonads.net adn.fusionads.net www.googletagmanager.com embed.runkit.com; 1
frame-ancestors 'self' blob: *.cochlearhearingcenter.com *.cochlear.com *.cochlear.cloud; frame-src 'self' blob: *.site.com *.oncehub.com *.mktoweb.com *.adsrvr.org *.yimg.com *.cochlear.cloud *.qualaroo.com *.simpli.fi *.livechatinc.com *.doubleclick.net *.wufoo.com *.cochlearamericas.com *.youtube-nocookie.com *.marvelapp.com *.linkedin.com *.cvent.com *.google.ch *.cochlear.com *.irmau.com *.marketo.com *.youtube.com *.twitter.com *.addthis.com *.google.com *.facebook.com *.batchgeo.com marvelapp.com *.salesforce.com *.salesforce-sites.com; child-src 'self' blob: *.batchgeo.com *.addtoany.com *.doubleclick.net *.cochlear.cloud *.cochlear.com *.addthis.com *.google.com *.facebook.com *.twitter.com  *.marketo.com; connect-src 'self' *.salesforce-scrt.com *.site.com *.hotjar.com *.hotjar.io *.sitecorecloud.io *.geonames.org *.stackadapt.com *.crazyegg.com *.stylelabs.io *.adsrvr.org *.yimg.com *.taboola.com *.onetrust.com *.cookielaw.org *.stylelabs.cloud *.sitecorecontenthub.cloud *.cochlear.cloud *.marketo.com *.swiftype.com *.onelink-translations.com *.nekudo.com *.cochlear.com *.cvent.com *.linkedin.com *.google-analytics.com *.googleapis.com *.optimizely.com *.addthis.com *.mktoresp.com *.twitter.com *.geoip-js.com geoip-js.com *.doubleclick.net *.salesforce-sites.com; font-src 'self' data: *.hotjar.com *.cvent-assets.com *.gstatic.com *.googleusercontent.com *.livechatinc.com *.bootstrapcdn.com; img-src 'self' data: *.hotjar.com *.stackadapt.com *.naver.net *.naver.com *.quora.com *.pubmatic.com *.rubiconproject.com *.adtechjp.com *.yahoo.com * bidswitch.net *.adap.tv *.adnxs.com *.rlcdn.com *.openx.net *.adroll.com *.casalemedia.com *.t.co *.datatables.net *.cochlear.cloud *.cochlear.com *.quantserve.com *.marketo.com *.bing.com *.steelhousemedia.com *.adsrvr.org *.adsymptotic.com *.android.com *.youtube.com *.visualwebsiteoptimizer.com *.googletagmanager.com *.teads.tv *.impact-ad.jp *.yahoo.co.jp *.impact-ad.jp *.outbrain.com *.amazonaws.com *.google.com.au  *.google.com *.twitter.com *.doubleclick.net *.facebook.com *.linkedin.com *.google-analytics.com *.medialead.de; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.site.com *.hotjar.com *.licdn.com *.oncehub.com *.stackadapt.com *.naver.net *.naver.com *.onetrust.com *.cookielaw.org *.windows.net *.qualaroo.com *.simpli.fi *.salesforceliveagent.com *.amazonaws.com *.gstatic.com *.quantcount.com *.cvent-assets.com *.cvent.com *.quora.com *.livechatinc.com *.typekit.com *.dialogtech.com *.cloudfront.net *.media6degrees.com *.wufoo.com *.zendesk.com *.domdex.com *.adroll.com  *.datatables.net *.quantserve.com *.ads-twitter.com *.steelhousemedia.com *.bing.com *.outbrain.com *.addtoany.com *.visualwebsiteoptimizer.com *.jquery.com *.optimizely.com *.google.com.au *.doubleclick.net *.googleadservices.com *.yimg.jp *.yahoo.co.jp *.crazyegg.com *.mktoweb.com *.cochlear.cloud *.cochlear.com  *.bootstrapcdn.com *.cloudflare.com  *.jsdelivr.net *.addthisedge.com *.google.com *.ytimg.com *.youtube.com *.marketo.net *.marketo.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.twitter.com *.facebook.com *.facebook.net *.linkedin.com *.addthis.com *.geoip-js.com geoip-js.com *.medialead.de *.adsrvr.org *.taboola.com *.yimg.com *.force.com *.salesforce.com *.salesforce-sites.com; style-src 'unsafe-inline' 'self' *.site.com *.hotjar.com *.mktoweb.com *.googletagmanager.com *.stackadapt.com *.cookielaw.org *.windows.net *.cvent-assets.com *.googleapis.com *.cloudflare.com *.cochlear.cloud *.cochlear.com *.google.com *.zendesk.com *.datatables.net *.jquery.com *.cochlear-europe.com *.bootstrapcdn.com *.marketo.com *.salesforce.com *.salesforce-sites.com; 1
base-uri 'self'; frame-ancestors 'self' https://*.life.church https://*.lifechurch.io; upgrade-insecure-requests; 1
frame-ancestors 'self' https://newapp.etracker.com; 1
default-src 'self';script-src 'self' 'nonce-5nE1A95KyW+fvMJeF0YvUNWq' http://stats.g.doubleclick.net https://fonts.googleapis.com https://www.linkedin.com https://www.facebook.com https://www.twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://az416426.vo.msecnd.net https://ajax.aspnetcdn.com https://clientearth.azureedge.net https://files.clientearth.org https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ 'sha256-8ClMIq+X/pDDGtAAnpW99nxXnETPZFt73afLWMCUlSM=' 'sha256-ZjzVKhDN7wuRUPfNj0MSySSHkXWbsqzCz/avLfRGPlc=' 'sha256-M/casqsfWX1uO3ssgElz/yHQT1ICNBbgaJ7XkAD9IQc=' 'sha256-QIeXZnbBLXX3afVSNHMJNJcFAntPmT0IYPU75YpYodA=' 'sha256-Rqdy+sJCcP3qtS3tdKFbHuWV9NE9PGTItW4GSpRKN+M=' 'sha256-h4dbFGpqrsesdJh57CwCRrY2NzNmumVrfCFD6o++/4Q=' 'sha256-tz9SvugUA9YSInyGXolT1MO04pfWtYwUf1pdMF8s+NU=' 'sha256-cLVy/FNNxR52VnqgqaMOJwPor9p7Qa06Br1BiM3eboA=' 'sha256-BX/gLDkQ1xmZ2BnyH6yvQYHLMrpTSQGBXAul08fcGnY=' 'sha256-1ngK37eIux2ifjhtXRyPqzZZrL6wofUI0d2G9tt15dE=' https://lazyferret.com/lazyferret-scripts/1.min.js 'sha256-HRVFWWnPEydYDGzYpso70ArXt6ldXnPHHGZeN4j9YtA=' 'sha256-8I6OFNP3OM/Ae90qApFM8JnBKJlawXLqnU4Y112MxSw=' https://connect.facebook.net https://static.hotjar.com https://snap.licdn.com https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js 'sha256-832bMznOm6qWg0EdeOEmbTuLOWdeKLvyfqnqi/Aj/hs=' https://widget.proca.app;object-src 'self';style-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://translate.googleapis.com https://clientearth.azureedge.net https://files.clientearth.org 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-w9CEzYhmvsTRzpOeD9qySBu+9qJ+adxh8W15E9GYwNE=' 'sha256-ZD0chCyBaNHl+4UwQHJIHGoYhKwMeyCXGgJTKW5/67E=' 'sha256-ICa0DhwZQJsOd/Rn0N8H6FdQ71GfNL+op2zhAQ+Y4mM=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-vZ6DERRW5CRT9PyrEI3g/oL9A6roiJHBAZEOgSnyvwY=' 'sha256-KWxDqbniGgEelO8aphwG50lBIjYfvbDELI46O1ZBC1o=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-1PxuDsPyGK6n+LZsMv0gG4lMX3i3XigG6h0CzPIjwrE=' 'sha256-b3IrgBVvuKx/Q3tmAi79fnf6AFClibrz/0S5x1ghdGU=';img-src 'self' https://use.typekit.net https://screenmediaclientearth.blob.core.windows.net https://clientearth.azureedge.net https://www.gstatic.com https://files.clientearth.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk data:;frame-src 'self' https://www.youtube.com https://vars.hotjar.com https://player.vimeo.com https://www.google.com https://www.riddle.com https://act.clientearth.org https://app.livestorm.co;font-src 'self' https://use.typekit.net https://fonts.gstatic.com;connect-src 'self' https://dc.services.visualstudio.com https://clientearth-stage.azurewebsites.net https://dev-clientearth.azure-api.net https://clientearth.azure-api.net https://api.clientearth.org https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk;base-uri 'self';form-action 'self' https://donate.clientearth.org;upgrade-insecure-requests 1
default-src 'self'; img-src 'self' data: blob: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.mitrakeluarga.com https://use.fontawesome.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://webchat.qontak.com https://*.mitrakeluarga.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://cdnjs.cloudflare.com https://analytics.tiktok.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://*.mitrakeluarga.com https://use.fontawesome.com; frame-src 'self' https://www.youtube.com https://www.instagram.com https://www.google.com https://webchat.qontak.com; connect-src 'self' https://*.mitrakeluarga.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://analytics.tiktok.com; media-src 'self' https://*.cloudfront.net 1
object-src 'none'; base-uri 'none'; default-src https://isnic.is https://www.isnic.is/; style-src https://isnic.is https://www.isnic.is/; font-src https://isnic.is https://www.isnic.is/; script-src https://isnic.is https://www.isnic.is/; img-src https://isnic.is https://www.isnic.is/ https://www.rix.is; connect-src https://isnic.is https://www.isnic.is/; frame-ancestors 'none'; report-uri /default/csp; 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval' *.guildmortgage.com *.google-analytics.com *.visualwebsiteoptimizer.com *.vwo.com *.tvsquared.com *.cloudflare.com *.cloudflareinsights.com *.w.org *.google.com *.youtube.com *.yoast.com *.vimeo.com *.doubleclick.net wingify-assets.s3.amazonaws.com s3.amazonaws.com chart.googleapis.com *.cloudfront.net www.googletagmanager.com www.gstatic.com *.cherrycreekcolorado.com; 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com ;img-src 'self' data: blob: https://*.cdninstagram.com https://ps.w.org https://s.w.org https://*.hormel.com https://secure.gravatar.com https://res.cloudinary.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://www.google.com https://*.iriworldwide.com https://*.bugherd.com https://www.googletagmanager.com https://*.cloudfront.net https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://*.bing.com https://*.cloudfront.net https://*.sharethis.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.salesforceliveagent.com https://service.force.com https://mpsnare.iesnare.com https://*.jsdelivr.net https://www.googleadservices.com https://*.amazonaws.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.google.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com https://ws.sharethis.com ;style-src 'self' 'unsafe-inline' https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://*.bugherd.com https://service.force.com https://*.hormel.com https://*.jsdelivr.net https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com ;connect-src 'self' wss://ws-mt1.pusher.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.iriworldwide.com wss://ws.pusherapp.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://www.google-analytics.com https://*.pusher.com https://*.sharethis.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://widgets.wp.com https://service.force.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net 1
frame-ancestors *.bajajfinservmarkets.in *.BajajFinserv.in www-bajajfinservmarkets-in.cdn.ampproject.org www.google.com *.adobe.com 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' *.sogetel.com *.sogetel.net *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.googleusercontent.com maps.google.com *.pure.cloud; frame-src *.tvpassport.com *.speedtestcustom.com *.pure.cloud; connect-src wss: *.sogetel.com *.sogetel.net *.pure.cloud; object-src 'none'; upgrade-insecure-requests; 1
default-src * 'unsafe-inline' data: blob: https:; script-src 'self' https://api.geevisit.com https://*.geetest.com https://dn-staticdown.qbox.me https://*.waves.exchange https://cdn.ravenjs.com https://wavesplatform.innocraft.cloud https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.google-analytics.com https://www.googletagmanager.com https://widget.intercom.io/widget/ibdxiwmt https://js.intercomcdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://coinomat.com https://*.wavesplatform.com https://*.wvservices.com https://*.wavesnodes.com https://connect.facebook.net https://keycloak.wvservices.exchange https://impersonate-dev.wvservices.exchange 'unsafe-inline' 'unsafe-eval' blob:; upgrade-insecure-requests; report-uri https://waves-exchange.report-uri.com/r/d/csp/enforce 1
frame-src 'self' hubbellcdn.com *.google.com *.addthis.com *.windows.net cdn.krxd.net *.paymentsradius.com *.googletagmanager.com *.doubleclick.net *.hsforms.com www.youtube.com *.brightcove.net resources.hubbellwiringsystems.com www.youtube-nocookie.com hiwebar.azureedge.net flickrembed.com www.powr.io w2.countingdownto.com bcove.video www.linkedin.com go.bluevolt.com widget.spreaker.com cm-hubbell01-prod.web.app hubbellwiringsystems.com www.slideshare.net progresslighting.wufoo.com my.matterport.com e.issuu.com www.kooltronic.com www.surveymonkey.com forms.office.com hubbell.dcatalog.com service.force.com 1
frame-ancestors https://omni.shopkeepapp.com https://www.shopkeepapp.com https://embedded.shopkeepapp.com https://*.mybigcommerce.com; connect-src https://*.shopkeep.com https://*.shopkeepapp.com https://bam.nr-data.net https://static.zuora.com https://c.la4-c2cs-chi.salesforceliveagent.com https://www.facebook.com https://connect.facebook.net https://127.0.0.1:* https://localhost:* https://*.shopkeepdev.com https://s.yimg.com https://*.qualtrics.com https://ajax.googleapis.com https://*.gstatic.com https://*.googleapis.com https://*.yahoo.com https://code.jquery.com https://bat.bing.com https://ssl.bing.com https://*.akamaihd.net about; script-src https://cdn-javascript.net https://cdn-js.net https://cdnjs.cloudflare.com https://*.shopkeep.com https://www.google.com https://*.shopkeepapp.com https://*.cloudfront.net https://bam.nr-data.net https://*.googleapis.com https://connect.facebook.net https://*.salesforceliveagent.com https://sp.analytics.yahoo.com https://cdn.jsdelivr.net/gh/snowplow https://commondatastorage.googleapis.com https://analytics.twitter.com https://static.ads-twitter.com https://s.yimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://static.zuora.com 'unsafe-inline' 'unsafe-eval' https://*.qualtrics.com https://*.shopkeepdev.com https://*.storage.googleapis.com https://s3.amazonaws.com data blob about https://cdn.bigcommerce.com https://cdn.plaid.com https://*.akamaihd.net https://cdn-javascript.net https://cdn.bigcommerce.com https://*.akamaihd.net http://www.sbx-media.com https://www.mrlmedia.net http://*.primehealthcare.com https://ajax.googleapis.com https://js.stripe.com 1
script-src  'self' blob: 'unsafe-inline' 'unsafe-eval' http://51.81.49.98 https://platform.bluemessaging.net *.tableau.com *.google.com *.google-analytics.com *.gstatic.com *.googleapis.com https://assets.zendesk.com https://connect.facebook.net *.hotjar.com *.twitter.com *.twimg.com *.googletagmanager.com; img-src 'self' blob: *.googleusercontent.com https://platform.bluemessaging.net  *.tableau.com s3.amazonaws.com http://smartlink.cool *.cool http://sellodeexcelencia.gov.co http://especiales.presidencia.gov.co http://synersis.co:8442 *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com http://img.youtube.com https://s-static.ak.facebook.com https://assets.zendesk.com data: *.hotjar.com *.twitter.com *.twimg.com http://vozme.com sedeelectronica.com.co; style-src 'self' 'unsafe-inline' https://platform.bluemessaging.net *.tableau.com *.gstatic.com *.google.com *.googleapis.com https://assets.zendesk.com *.hotjar.com *.twitter.com sedeelectronica.com.co pruebas-se-macondo.nexura.com http://www.cali.gov.co; font-src 'self' https://platform.bluemessaging.net *.tableau.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hotjar.com sedeelectronica.com.co http://www.cali.gov.co; object-src 'self'; frame-ancestors 'self' https://platform.bluemessaging.net *.tableau.com ; media-src 'self' blob: https://radiolatina.info https://radiolatina.info:10840/stream http://51.81.49.98:8318/stream http://51.81.49.98 https://platform.bluemessaging.net *.tableau.com http://smartlink.cool *.smartlink.cool; 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.co doctoraliaone-co2-candidate.azurewebsites.net 1
frame-ancestors 'self' *.tabby.ai; 1
default-src 'self' localhost:* ws://localhost:*              framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx      www.youtube.com *.www.youtube.com              www.loterianacional.gob.mx               www.pronosticos.gob.mx               www.lotenal.gob.mx               www.google.com *.www.google.com               stackpath.bootstrapcdn.com *.stackpath.bootstrapcdn.com               w3.org *.w3.org               www.googletagmanager.com *.www.googletagmanager.com               www.google-analytics.com *.www.google-analytics.com      documentservices.adobe.com *.documentservices.adobe.com      viewlicense.adobe.io *.viewlicense.adobe.io               unpkg.com *.unpkg.com;                            object-src 'self' localhost:* ws://localhost:*;font-src 'self'               fonts.gstatic.com *.fonts.gstatic.com               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               kit-pro.fontawesome.com *.kit-pro.fontawesome.com      data:               localhost:* ws://localhost:*;              style-src 'self' 'unsafe-inline'               www.googletagmanager.com               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               stackpath.bootstrapcdn.com *.stackpath.bootstrapcdn.com               kit-pro.fontawesome.com *.kit-pro.fontawesome.com               unpkg.com *.unpkg.com               localhost:* ws://localhost:*;              media-src *;              img-src * data:;              script-src 'self' 'unsafe-inline'               framework-gb.cdn.gob.mx *.framework-gb.cdn.gob.mx               www.googletagmanager.com *.www.googletagmanager.com               www.google.com *.www.google.com               www.gstatic.com *.www.gstatic.com      documentservices.adobe.com *.documentservices.adobe.com               unpkg.com *.unpkg.com               localhost:* ws://localhost:*;              frame-ancestors 'self' www.google.com localhost:*;               1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org  www.securitasmedia.com securitasmedia.com  www.googletagmanager.com  i.ytimg.com px.ads.linkedin.com p.adsymptotic.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hsforms.com https://*.hubspot.com;script-src https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com snap.licdn.com https://*.googletagmanager.com https://ws.zoominfo.com https://js.hsleadflows.net;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src  www.youtube.com www.youtube-nocookie.com;media-src 'self' https://*.hubspot.com;connect-src 'self' cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com geolocation.onetrust.com privacyportal-eu.onetrust.com ds-onetrust.securitas.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  ws.zoominfo.com https://*.hubspot.com https://*.hubapi.com;frame-ancestors 'self'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.pl https://www.myheritage.pl  'nonce-8774f012c68bc1f211ae8d66e8fae2ff' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.pl;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src https: data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https:; font-src 'self' data: https:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https: ws://vts.zohopublic.com ws://ws.inspectlet.com; frame-ancestors 'self'; worker-src 'self' blob: https: 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.googleapis.com fonts.gstatic.com discgolfmetrix.com dgmtrx.com connect.facebook.net graph.facebook.com facebook.com *.mapbox.com vk.com api.pinterest.com paypalobjects.com *.paypalobjects.com *.paypal.com *.paytrail.com *.jquery.com *.jquerycdn.com *.highcharts.com *.dgmtrx.com:5999 discgolfmetrix.com:5999 *.api.here.com npmcdn.com metrix.live *.metrix.live *.gstatic.com gstatic.com; img-src * data: blob: 'unsafe-inline'; connect-src *; frame-src 'self' *.google.com *.facebook.com; 1
frame-ancestors 'self' *.ultrasignup.com; 1
frame-src 'self' youtube.com www.youtube.com ; 1
default-src 'self' 'unsafe-inline' blob:; img-src data: blob: * analytics.tiktok.com; font-src 'self' data: fonts.gstatic.com fast.wistia.com maxcdn.bootstrapcdn.com; media-src 'self' blob: data: *.wistia.net embedwistia-a.akamaihd.net *.wistia.com *.zdassets.com *.cloudinary.com; style-src 'self' 'unsafe-inline' data: blob: *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com *.twitter.com *.twimg.com tagmanager.google.com *.googletagmanager.com hello.myfonts.net; frame-src 'self' bytedance: sslocal: app.vwo.com *.visualwebsiteoptimizer.com certificates.easy-lms.com *.doubleclick.net www.facebook.com *.wistia.com *.wistia.net widget.reviews.co.uk *.twitter.com *.addthis.com embedwistia-a.akamaihd.net *.vimeo.com www.youtube.com www.youtube-nocookie.com www.google.com widget.trustpilot.com *.googletagmanager.com widget-prime.rafflecopter.com *.appointedd.com *.onlineexambuilder.com app.netlify.com; object-src 'self' embedwistia-a.akamaihd.net; connect-src 'self' data: wss: *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.clarity.ms *.litix.io *.reviews.co.uk *.wistia.com *.wistia.net *.facebook.com *.addthis.com *.freeagent.com *.fre.ag analytics.google.com *.google-analytics.com api.rollbar.com *.doubleclick.net embedwistia-a.akamaihd.net www.google.com *.adroll.com www.google.co.uk widget.trustpilot.com geoip-js.com geoip-js.maxmind.com geoip.maxmind.com *.crazyegg.com adservice.google.com *.cookielaw.org *.onetrust.com *.zdassets.com *.zendesk.com *.zopim.com bat.bing.com api.cloudinary.com cdn.linkedin.oribi.io *.analytics.google.com *.googlesyndication.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.visualwebsiteoptimizer.com app.vwo.com analytics.tiktok.com *.freeagent.com *.fre.ag *.googleapis.com analytics.google.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.adroll.com *.cloudfront.net *.facebook.net *.twitter.com script.crazyegg.com *.reviews.co.uk *.addthis.com *.addthisedge.com *.twimg.com www.googletagmanager.com *.tfaforms.com s3.amazonaws.com/trk.cetrk.com/ *.wistia.com *.wistia.net www.gstatic.com www.google.com *.workable.com px.ads.linkedin.com static.ads-twitter.com snap.licdn.com widget.reviews.co.uk cdn.ampproject.org www.linkedin.com pro.ip-api.com bat.bing.com widget.trustpilot.com tagmanager.google.com tinymce.cachefly.net js.maxmind.com z.moatads.com widget-prime.rafflecopter.com www.dwin1.com cdnjs.cloudflare.com/ajax/libs/rollbar.js/ optanon.blob.core.windows.net code.jquery.com *.onetrust.com *.cookielaw.org cdnjs.cloudflare.com *.bizographics.com www.clarity.ms geoip-js.com cdn.rollbar.com *.appointedd.com s3-eu-west-1.amazonaws.com *.zdassets.com *.zopim.com *.zendesk.com netlify-cdp-loader.netlify.app; frame-ancestors 'self' https://support.freeagent.com; report-uri https://freeagent.report-uri.com/r/d/csp/enforce; worker-src 'self' blob:; 1
default-src 'self' cdn.jsdelivr.net bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com translate.googleapis.com translate.google.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net unpkg.com npmcdn.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com connect.facebook.net static.ctctcdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com; connect-src 'self' translate.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com listgrowth.ctctcdn.com maps.googleapis.com; img-src 'self' fonts.gstatic.com www.gstatic.com maps.googleapis.com maps.gstatic.com static.ctctcdn.com fakeimg.pl img.youtube.com data: cdnjs.cloudflare.com www.google.com.tw www.facebook.com www.google.com googleads.g.doubleclick.net www.google-analytics.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com static.ctctcdn.com maxcdn.bootstrapcdn.com; font-src 'self' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.youtube.com www.facebook.com www.google.com; base-uri 'self'; form-action 'self' www.facebook.com; frame-ancestors 'self'; 1
default-src 'self' https://video1.gamblejoe.com https://video2.gamblejoe.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com; img-src 'self' data: *; style-src 'self' 'unsafe-inline'; font-src 'self' https://www.googletagmanager.com data:; object-src 'none'; frame-src 'self' *; worker-src 'self'; frame-ancestors 'none'; connect-src 'self' https://video1.gamblejoe.com https://www.googletagmanager.com https://video2.gamblejoe.com https://region1.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net; 1
default-src 'none'; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://cloudflareinsights.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://cse.google.com/ https://www.google.com/ https://public.tableau.com/ https://app.powerbi.com/ https://docs.google.com/; img-src 'self' www.googletagmanager.com data: https:; manifest-src 'self'; media-src *; script-src 'self' 'unsafe-inline' https://cdn.ckeditor.com https://svc.webspellchecker.net https://cse.google.com https://www.google.com https://partner.googleadservices.com https://cse.google.com/cse_v2 https://encrypted-tbn3.gstatic.com https://www.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://static.cloudflareinsights.com https://cdnjs.cloudflare.com https://polyfill-fastly.io https://unpkg.com 'sha256-t+APIsxnJgnJvIJs9RoK/XkZMau5LjHp5R/2IUsqZs8='; style-src 'self' 'unsafe-inline' https://cdn.ckeditor.com https://fonts.googleapis.com https://www.google.com/ fonts.googleapis.com https://cdnjs.cloudflare.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://skybrary.aero/report-uri/enforce 1
base-uri 'self' ; connect-src 'self' https://consent.cookiebot.com wss://wall.nixi1.com  https://wall.nixi1.com https://px.ads.linkedin.com  https://apir.nixi1.com https://adservice.google.com https://cdn.linkedin.oribi.io/ https://pagead2.googlesyndication.com  https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://region1.google-analytics.com https://www.google.com; default-src 'self'; font-src 'self' https://assets.l1l.co https://aocs.l1l.co https://assets.l1l.co/chatweb/fonts/Raleway-Medium.ttf https://fonts.gstatic.com https://stackpath.bootstrapcdn.com; frame-src 'self' https://www.youtube.com/ https://td.doubleclick.net/  https://consentcdn.cookiebot.com https://player.vimeo.com https://www.google.com https://www.youtube-nocookie.com; img-src 'self' data: https://img.youtube.com https://vumbnail.com https://www.linkedin.com https://i.vimeocdn.com https://imgsct.cookiebot.com https://assets.l1l.co https://i.ytimg.com https://px.ads.linkedin.com https://www.google.com https://www.google.es https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri https://64a6558e3723daccf20601d6.endpoint.csper.io/; script-src  'nonce-IjPjLYlwYxQQ+kSMqwnt2A==' 'strict-dynamic' 'sha256-2V/Eo6qonFC5Hh0d0ntvjXOJjVzTMoQdZ3r9VWpRL0U='  'sha256-d/LWxV8YLDJOzXanMuab5l9GTAX9zAOnImzPldTHrH8=' 'sha256-HXiAJh84MdjjObB3ThhLBG7DIulxQWAfVPabPu+lPEs=' 'sha256-FYTmr4YLc/kKo72QELzOWKzdifs57bsT2dWxEfzm12c=' 'sha256-h8gG1uNWi02S00uhnnPan+IfTOULBEi0D46e6eAw/dk=' 'sha256-9/aMdaF6mnJPXmaogJHnJZW13dtTQLSbrobRQK8tMCc='   ; style-src 'report-sample' 'self' 'unsafe-inline' https://aocs.l1l.co https://fonts.googleapis.com https://stackpath.bootstrapcdn.com; worker-src 'none'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: 1
default-src 'self' blob: federatie.lumc.nl; media-src 'self' *.vev.design; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdn.jsdelivr.net *.vo.msecnd.net *.vev.page *.vev.design *.cookiebot.com *.visualwebsiteoptimizer.com app.vwo.com blob: *.lumc.nl *.ytimg.com *.gstatic.com *.hotjar.com dl.episerver.net *.google.com *.googletagmanager.com www.google-analytics.com *.mailplus.nl; style-src 'self' 'unsafe-inline' *.lumc.nl cdn.jsdelivr.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com *.cloudflare.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com dl.episerver.net static.mailplus.nl; img-src 'self' *.ytimg.com blob: data: *.lumc.nl *.visualwebsiteoptimizer.com *.vev.design *.cookiebot.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.gstatic.com *.hotjar.com www.google-analytics.com stats.g.doubleclick.net dl.episerver.net img.youtube.com www.googletagmanager.com www.google.nl *.cdninstagram.com; font-src 'self' data: *.cloudflare.com *.gstatic.com dl.episerver.net; connect-src *; frame-src 'self' *.adobe.com *.cookiebot.com *.visualwebsiteoptimizer.com app.vwo.com www.google.com *.onlineafspraken.nl *.powerbi.com *.lumc.nl *.youtube.com *.youtube-nocookie.com *.hotjar.com; frame-ancestors 'self' *.albinusnet.nl *.lumc.nl 1
default-src 'self'; script-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; style-src * 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src *; 1
default-src 'none'; media-src 'self' *.responsivevoice.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.responsivevoice.org *.googleapis.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.jsdelivr.net *.fontawesome.com *.wistia.com *.questionpro.com; connect-src 'self' *.fontawesome.com *.responsivevoice.org *.google-analytics.com *.doubleclick.net *.google.com *.questionpro.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com ; img-src 'self' data:  *.openstreetmap.org placehold.it *.w.org *.google-analytics.com *.doubleclick.net *.google.com *.google.cl *.googletagmanager.com *.questionpro.com; style-src 'self' 'unsafe-inline' *.questionpro.com  fonts.googleapis.com *.fontawesome.com; frame-src 'self'  miro.com *.trencentral.cl *.youtube.com *.google.com *.questionpro.com; frame-ancestors 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.google.com https://apis.google.com https://www.gstatic.com https://connect.facebook.net https://www.googletagmanager.com https://ssl.google-analytics.com https://www.youtube.com https://youtube.com https://s.ytimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://consent.cookiebot.com https://*.googlesyndication.com https://tagmanager.google.com https://consentcdn.cookiebot.com https://www.googletagservices.com; connect-src 'self' https://*.googlesyndication.com https://stats.g.doubleclick.net https://*.google-analytics.com https://consentcdn.cookiebot.com; font-src 'self' https://fonts.gstatic.com; frame-src https://consentcdn.cookiebot.com/ https://*.doubleclick.net/ 'self' https://youtube.com https://staticxx.facebook.com https://www.google.com https://*.facebook.com https://www.youtube.com https://accounts.google.com/; style-src 'self' https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline'; object-src 'self'; media-src 'self'; img-src 'self' https://i.ytimg.com https://s0.2mdn.net https://ad.doubleclick.net http://kuchnialidla.pl https://ssl.google-analytics.com https://*.g.doubleclick.net  https://www.facebook.com https://*.akamaihd.net https://*.fbcdn.net https://www.google-analytics.com https://www.google.com https://www.google.pl https://platform-lookaside.fbsbx.com https://*.doubleclick.net/ https://*.gstatic.com data: 1
default-src https: https://*.fh-swf.de;frame-ancestors https://*.etracker.com;  script-src 'self' https://*.fh-swf.de https://static.b-ite.com https://www.evergabe.nrw.de https://unpkg.com https://openlayers.org https://static.etracker.com/code/e.js https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/ https://cdnjs.cloudflare.com/ajax/libs/underscore.js/ https://*.etracker.com https://*.etracker.de https://cs-assets.b-ite.com/fachhochschule-suedwestfalen/jobs-api/ 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data: blob: http://*.tile.openstreetmap.org; worker-src blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.pipe.co/ https://widget.trustpilot.com/ https://www.google.com/ https://www.gstatic.com/ https://chat.purely.group/ https://client.crisp.chat https://settings.crisp.chat https://app.sgwidget.com/; img-src 'self' data: https://app.pipe.co/ https://secure.gravatar.com/ https://chat.purely.group/ https://client.crisp.chat/ https://image.crisp.chat/ https://storage.crisp.chat/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://client.crisp.chat/; font-src 'self' data: https://fonts.gstatic.com/ https://client.crisp.chat/; frame-src 'self' https://www.google.com/ https://chat.purely.group/ https://game.crisp.chat/; object-src 'none'; connect-src 'self' https://app.pipe.co/ https://client.crisp.chat/ https://storage.crisp.chat/ wss://client.relay.crisp.chat/ wss://stream.relay.crisp.chat/ https://app.sgwidget.com/ 1
default-src * data: 'unsafe-inline' 'unsafe-eval' https: 1
frame-ancestors 'self' www.amway.com.au www.amway.co.nz www.amway.com.vn www.amway.my www.amway.sg www.amway.com.bn www.amway.com.ph admin.amway.my admin.amway.sg admin.amway.com.bn 1
frame-ancestors https://*.aswo.com 1
default-src 'none'; style-src 'nonce-270FC06BEFF1BEAE7402F76F08CB98D16413F90BEE70ED6CEBF4E886FE31D8BA' 'self'; script-src 'none'; img-src 'self'; base-uri 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'none' 1
frame-ancestors https://fashion.ovh/ https://parisfashionshops.com/ https://*.parisfashionshops.com/; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src * wss://*; media-src *; object-src *; frame-src *; worker-src *; report-uri /umbraco/api/csp/report/ 1
default-src 'self' www.firestorm.ch *.firestorm.de fonts.googleapis.com *.server2sms.com *.googleapis.com use.fontawesome.com *.gstatic.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com *.firestorm.ch www.google.com *.google.ch *.google.com *.w3.org *.clickcease.com *.youtube.com *.doubleclick.net 2d453998.rocketcdn.me 'unsafe-inline' 'unsafe-eval' data:; object-src 'self' data: 'unsafe-eval'; frame-src www.firestorm.ch www.firestorm.de *.youtube.com *.google.com 1
default-src 'self'; connect-src *; font-src * data:; frame-src * mailto: data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
script-src 'self' https://beacon.errorception.com https://www.google-analytics.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'none'; object-src 'none'; media-src 'none'; connect-src 'self' 1
default-src data: https: 'self'; 	script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; 	style-src https: 'self' 'unsafe-inline'; 	frame-ancestors https: 'self' *.youtube.com *.prton.kisti.re.kr *.facebook.com 1
default-src blob: 'self' 'unsafe-inline' ws: wss: data: 'unsafe-eval' *.gymboree.com *.childrensplace.com *.rewardstyle.com dpm.demdex.net tcp.demdex.net *.xtlo.net *.akstat.io *.akamaihd.net *.go-mpulse.net *.adobedtm.com *.google.com *.googleapis.com *.bazaarvoice.com *.getcandid.com *.candid.io *.quantummetric.com *.omniture.com *.vibescm.com *.unbxd.io *.braintreegateway.com *.braintree-api.com *.borderfree.com *.briteverify.com *.raygun.io *.gstatic.com *.theplace.com *.omtrdc.net *.paypal.com *.paypalobjects.com *.iperceptions.com *.melissadata.net *.facebook.net *.facebook.com *.stylitics.com stylitics-ampersand-production.sfo2.cdn.digitaloceanspaces.com comenity.net *.netdna-ssl.com *.comenity.net *.fiftyone.com *.omtrdc.net *.demdex.net *.channeladvisor.com *.impactradius-event.com *.googletagmanager.com *.micpn.com *.bing.com *.filepicker.io *.cloudinary.com *.cloudfront.net *.theplace.com *.netdna-ssl.com *.filepicker.io *.iesnare.com *.googleadservices.com *.steelhousemedia.com *.impactradius-event.com *.channeladvisor.com *.amazonaws.com *.kaptcha.com thechildrensplace.ay6u.net *.unbxdapi.com *.dotomi.com gymboree.fhsxpf.net sugarjade.sjv.io *.pegacloud.net *.epsilon.com *.wufoo.com match.prod.bidr.io *.adsrvr.org *.doubleclick.net *.forter.com *.monetate.net *.google-analytics.com *.wufoo.com *.mapbox.com search-dr.unbxd.io *.speedcurve.com *.afterpay.com *.us.afterpay.com *.cloudflare.com tag.wknd.ai *.bounceexchange.com events.bouncex.net *.cdnwidget.com *.cdnbasket.net *.tiktok.com *.paysecure.acculynk.net *.syteapi.com syteapi.com *.pinterest.com s.pinimg.com unpkg.com *.unpkg.com utt.impactcdn.com *.criteo.com *.criteo.net pj-place.sjv.io *.pega.digital js.appboycdn.com sdk.iad-05.braze.com *.raygun.com *.pixlee.co *.edgecastcdn.net *.turnto.com *.ytimg.com *.tcpholidaycountdown.com *.rokt.com rest.iad-05.braze.com; worker-src 'self' blob: 1
frame-ancestors 'self' https://microapps.google.com/ 1
script-src 'self' racing.hkjc.com ssl.p.jwpcdn.com blob: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; object-src 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://* *.scalink.com.br *.youtube.com; frame-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.retargetly.com *.googletagmanager.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://* *.scalink.com.br *.youtube.com; object-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://* *.scalink.com.br *.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' data: https://* *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; base-uri *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.retargetly.com *.privally.global *.facebook.net *.ads-twitter.com *.g.doubleclick.net *.scalink.com.br *.youtube.com; worker-src blob: 'self'; 1
default-src 'self' 'unsafe-inline'; font-src 'self' fonts.workshops.aws; img-src 'self' a0.awsstatic.com; script-src 'self' sdk.amazonaws.com 'unsafe-inline'; style-src 'self' 'unsafe-inline'; object-src 'none' 1
frame-ancestors 'self' gemsociety.org *.gemsociety.org ganoksin.com *.ganoksin.com; frame-src * 1
img-src 'self' data:; default-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://helzbergdiamonds2022--dev.sandbox.lightning.force.com https://helzbergdiamonds2022--sitqa.sandbox.my.salesforce.com https://helzbergdiamonds2022--stg.sandbox.my.salesforce.com https://helzbergdiamonds2022.lightning.force.com https://customization-energy-61.scratch.lightning.force.com https://customization-energy-61--prxc.scratch.vf.force.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.cookielaw.org *.onetrust.com *.googleapis.com *.gstatic.com *.coveo.com *.googletagmanager.com *.google-analytics.com *.cloudflare.com siteimproveanalytics.com *.siteimproveanalytics.io *.vuture.net *.youtube.com *.ytimg.com *.thinglink.me *.thinglink.com code.jquery.com player.youku.com cdn.yoshki.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; media-src 'self' *.widen.net; img-src 'self' *.transinfo.com.au *.widen.net *.widencdn.net *.google.com *.google-analytics.com jnn-pa.googleapis.com fonts.googleapis.com maps.googleapis.com *.gstatic.com *.googletagmanager.com *.hotjar.com *.tableau.com data: *.clarity.ms *.niceincontact.com; connect-src 'self' *.azure.com *.google.com maps.googleapis.com *.transinfo.com.au *.translink.com.au *.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mapbox.com *.nr-data.net *.clarity.ms *.niceincontact.com wss://*.niceincontact.com; frame-src 'self' *.transinfo.com.au *.hotjar.com youtube.com *.youtube.com *.tableau.com *.office.com *.microsoftonline.com *.qld.gov.au *.niceincontact.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com jnn-pa.googleapis.com fonts.googleapis.com maps.googleapis.com *.google-analytics.com *.cloudflare.com *.transinfo.com.au *.azure.com *.hotjar.com *.tableau.com *.mapbox.com *.gstatic.com *.qld.gov.au *.newrelic.com *.nr-data.net *.clarity.ms *.niceincontact.com unpkg.com/web-vitals/dist/web-vitals.iife.js; style-src 'self' 'unsafe-inline' jnn-pa.googleapis.com fonts.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.transinfo.com.au *.hotjar.com hotjar.com *.cloudflare.com *.mapbox.com *.gstatic.com *.clarity.ms *.qld.gov.au *.newrelic.com *.nr-data.net *.niceincontact.com; font-src 'self' 'unsafe-inline' jnn-pa.googleapis.com fonts.googleapis.com maps.googleapis.com maxcdn.bootstrapcdn.com *.transinfo.com.au *.hotjar.com hotjar.com *.cloudflare.com *.mapbox.com *.gstatic.com *.niceincontact.com data: *.niceincontact.com; frame-ancestors 'self' *.transinfo.com.au fonts.gstatic.com maxcdn.bootstrapcdn.com *.hotjar.com *.cloudflare.com; object-src none; child-src blob:; 1
require-sri-for script 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.google.com www.gstatic.com static.clevertap.com checkout.razorpay.com storage.googleapis.com www.google-analytics.com www.googletagmanager.com www.google-analytics.com d2r1yp2w7bby2u.cloudfront.net wzrkt.com; img-src 'self' data: d35m20fiakq0qn.cloudfront.net d1ixo36kppfedg.cloudfront.net lqp-imgs.s3.ap-south-1.amazonaws.com www.google-analytics.com www.google.com www.google.co.in; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; font-src 'self' cdnjs.cloudflare.com ;frame-src 'self' data: www.google.com api.razorpay.com d1ixo36kppfedg.cloudfront.net; connect-src 'self' d1ixo36kppfedg.cloudfront.net analytics.google.com www.google-analytics.com lumberjack.razorpay.com stats.g.doubleclick.net firebase.googleapis.com firebaseinstallations.googleapis.com o256629.ingest.sentry.io www.googletagmanager.com;object-src 'self' d1ixo36kppfedg.cloudfront.net; 1
frame-ancestors 'none'; form-action 'self' https://www.paypal.com https://www.facebook.com https://accounts.google.com; 1
default-src 'self'; font-src data: https://assets.dm.de; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.rs https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.rs https://tags.tiqcdn.com https://www.dm.rs; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.rs https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cartnext.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.rs https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm.rs https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.rs https://giftcard-checkout.dm.rs/api/checkout https://signin.dm.rs; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.rs https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.rs https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.rs https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.rs https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://connect.digipen.edu https://connect-digipen-edu.cdn.technolutions.net https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://s.adroll.com https://d.adroll.com http://s.adroll.com http://d.adroll.com https://connect.facebook.net http://connect.facebook.net https://assets.juicer.io https://addsearch.com https://s7.searchcdn.com https://cbe.capturehighered.net https://www.google.com https://www.gstatic.com https://noembed.com https://www.googleadservices.com https://lex.33across.com https://www.shoppingsheet.com https://js.adsrvr.org cdnjs.cloudflare.com https://unpkg.com use.typekit.net; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://connect.digipen.edu https://connect-digipen-edu.cdn.technolutions.net https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://s.adroll.com https://d.adroll.com http://s.adroll.com http://d.adroll.com https://connect.facebook.net http://connect.facebook.net https://assets.juicer.io https://www.youtube.com https://cdn.unibuddy.co https://cdn.curator.io https://addsearch.com https://s7.searchcdn.com https://cbe.capturehighered.net https://www.google.com https://www.gstatic.com https://noembed.com https://www.googleadservices.com https://lex.33across.com https://www.shoppingsheet.com https://js.adsrvr.org cdnjs.cloudflare.com https://unpkg.com use.typekit.net; style-src 'self' 'unsafe-inline' http://hello.myfonts.net https://hello.myfonts.net https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://assets.juicer.io https://cdn.curator.io https://app.addsearch.com https://d20vwa69zln1wj.cloudfront.net https://www.googletagmanager.com https://fonts.googleapis.com https://www.shoppingsheet.com https://cdn.jsdelivr.net https://unpkg.com; frame-ancestors 'self' https://www.digipen.edu https://devwww.digipen.edu 1
frame-ancestors 'self' meltwaternews.com 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://token.paygent.co.jp https://use.typekit.net https://www.googletagmanager.com https://*.sentry.io https://player.live-video.net https://app.unleash-hosted.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com; img-src * data:; media-src 'self' blob: https://*.live-video.net https://pococha-livestreaming.cdn-dena.com https://*.live-streaming.tech https://pococha.cdn-dena.com https://use.typekit.net; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; child-src blob: https://www.youtube.com; connect-src 'self' blob: https://api.pococha.com/ https://*.live-video.net https://pococha-livestreaming.cdn-dena.com https://*.live-streaming.tech wss://*.pococha.com:443 https://www.google-analytics.com https://stats.g.doubleclick.net https://token.paygent.co.jp https://use.typekit.net https://p.typekit.net https://primer.typekit.net https://pokota-questionnaire-answer-files-production.s3.ap-northeast-1.amazonaws.com https://*.sentry.io https://globalsiteanalytics.com/resource/resource.png https://globalsiteanalytics.com/service/hdim https://app.unleash-hosted.com 1
object-src *; base-uri 'self'; 1
default-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self';img-src *.ctfassets.net *.google.com data: http://www.google-analytics.com https://*.googlesyndication.com/ https://*.s-cloud.fi/ https://*.usercentrics.eu https://*.doubleclick.net https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://visitanalytics.dnt-userreport.com https://visitanalytics.userreport.com https://www.facebook.com https://www.google-analytics.com https://www.google.fi https://www.googletagmanager.com https://i.ytimg.com https://chart.googleapis.com https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ 'self';media-src data: blob: http://*.dna.ip-only.net https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ 'self';object-src data: https://*.usercentrics.eu https://cdn.storifyme.com/ https://cdn.storifyme.xyz/;connect-src *.ctfassets.net http://*.dna.ip-only.net http://*.s-cloud.fi/ https://*.google-analytics.com https://*.googlesyndication.com/ https://*.s-cloud.fi/ https://*.usercentrics.eu https://ad.doubleclick.net https://api.addsearch.com https://*.visualwebsiteoptimizer.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ https://storifyme.xyz/ https://cdn.contentful.com 'self';style-src https://fonts.googleapis.com https://*.visualwebsiteoptimizer.com https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ 'self' 'unsafe-inline';script-src blob: data: http://*.s-cloud.fi/ http://*.visualwebsiteoptimizer.com http://securepubads.g.doubleclick.net https://*.googleapis.com https://*.googlesyndication.com/ https://*.s-cloud.fi/ https://adservice.google.com https://adservice.google.fi https://app.usercentrics.eu https://connect.facebook.net https://files.cdn.leadfamly.com https://sak.dnt-userreport.com https://sak.userreport.com https://securepubads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://fundingchoicesmessages.google.com https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ https://www.youtube.com 'self' 'unsafe-eval' 'unsafe-inline';font-src data: https://*.s-cloud.fi https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ https://fonts.gstatic.com/s/poppins/ https://fonts.gstatic.com 'self';frame-ancestors https://app.contentful.com;frame-src https://www.googleadservices.com/ https://*.google.com/ https://*.googlesyndication.com/ https://*.spotify.com/ https://app.usercentrics.eu/ https://forms.office.com/ https://static.s-cloud.fi/ https://tag.userreport.com/ https://www.facebook.com/ https://www.youtube.com/ https://view.taiqa.com/ https://*.visualwebsiteoptimizer.com https://securepubads.g.doubleclick.net/ https://www.googleadservices.com/ https://cdn.storifyme.com/ https://cdn.storifyme.xyz/ https://stories.storifyme.com https://storifyme.com/stories/ https://yhteishyva.fi/ https://smart-marketing.campaign.playable.com https://smart-marketing.leadfamly.com/ 'self';base-uri 'self';form-action 'self';upgrade-insecure-requests 1
default-src 'self' https://region1.google-analytics.com;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://polyfill.io https://code.highcharts.com https://widget-mediator.zopim.com https://www.googletagmanager.com https://www.googleadservices.com https://assets.zendesk.com https://fast.chameleon.io https://cdn.jsdelivr.net https://www.google-analytics.com https://static.zdassets.com https://www.gstatic.com https://maps.googleapis.com https://unpkg.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsleadflows.net https://cdnjs.cloudflare.com https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://widget-mediator.zopim.com https://js.usemessages.com https://js.hubspot.com https://player.vimeo.com https://embed.typeform.com;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://www.gstatic.com https://fast.chameleon.io https://cdnjs.cloudflare.com https://embed.typeform.com;font-src data: 'self' 'unsafe-inline' https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com;connect-src 'self' https://rivalis1.zendesk.com https://zendesk-eu.my.sentry.io https://www.google-analytics.com https://p.abarrt.pprv.eu https://maps.googleapis.com https://forms.hubspot.com https://fast.chameleon.io https://api.hubspot.com https://js.hs-banner.com https://region1.google-analytics.com wss://widget-mediator.zopim.com https://forms.hscollectedforms.net https://static.zdassets.com https://ekr.zdassets.com https://henrri.zendesk.com https://forms.hscollectedforms.net https://*.hubspot.com https://widget-mediator.zopim.com https://stats.g.doubleclick.net https://api.typeform.com;media-src 'self' https://static.zdassets.com;img-src data: 'self' 'unsafe-inline' https://*.zdusercontent.com https://track.hubspot.com https://forms.hsforms.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://p.abarrt.bo.pprv.eu https://rivalis1.zendesk.com https://*.hsforms.com https://www.googletagmanager.com https://*.hubspot.com https://static.hsappstatic.net https://www.henrri.net https://www.google-analytics.com https://v2assets.zopim.io;frame-src 'self' https://www.henrri.com https://player.vimeo.com https://*.hs-sites.com https://form.typeform.com https://henrri.ai https://pp.h2ia.pprv.eu  https://app.hubspot.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://www.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://polyfill.io https://code.highcharts.com https://www.googletagmanager.com https://www.googleadservices.com https://assets.zendesk.com https://js-na1.hs-scripts.com https://www.google-analytics.com https://static.zdassets.com https://www.gstatic.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hs-banner.com https://js.hsleadflows.net https://js.hscollectedforms.net 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MzcsMTk2LDE2OSwyMTMsODMsMjAsMTI0LDgy' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://music.amazon.com/embed/oembed https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/embed/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
frame-ancestors 'self' http://www.spelo.se 1
report-uri https://sentry.hypermetrica.com/api/3/security/?sentry_key=1c86dba6158c4b999ba644585f98f84d&sentry_environment=production;default-src 'none';base-uri 'self';img-src 'self' data: www.googletagmanager.com mc.yandex.ru mc.yandex.com;manifest-src 'self';connect-src 'self' sentry.hypermetrica.com mc.yandex.ru mc.yandex.md mc.yandex.com ymetrica1.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com mc.yandex.ru mc.yandex.com 'nonce-lyn48mLF4w9EUurGAiHiFT3Idj05k1Yl';script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com mc.yandex.ru mc.yandex.com yastatic.net;style-src 'self' 'unsafe-inline' fonts.gstatic.com fonts.googleapis.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com;form-action 'self';frame-ancestors 'none';frame-src blob: yandex.ru mc.yandex.ru mc.yandex.md mc.yandex.com;child-src 'self' blob: mc.yandex.ru mc.yandex.com;upgrade-insecure-requests;block-all-mixed-content 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 1
style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https://*.webpubsub.azure.com wss://*.webpubsub.azure.com 1
default-src 'unsafe-inline' 'unsafe-eval' localhost:10080 *.telexpress.com *.kfcclub.com.tw https://google.com/pay www.googleadservices.com www.googletagmanager.com www.google-analytics.com *.google.com *.google.com.tw *.googleapis.com *.facebook.net *.facebook.com *.gstatic.com *.3rdchannel.com.tw *.doubleclick.net pt.amnetgroup.com.tw pt.cymmetrics.com.tw match.adsrvr.org s.yimg.com bat.bing.com sp.analytics.yahoo.com static.masterpass.com www.youtube.com google-analytics.com s.yime.com d.line-scdn.net techatbot-kfc.3rdchannel.com.tw jscdn.appier.net sin.creativecdn.com *.c.appier.net https://asia.creativecdn.com asia-east2-dsp-resolution.cloudfunctions.net *.techsolutions.com.tw track.tamedia.com.tw insight *.adsrvr.org ssp.hinet.net https://hidsp.hinet.net js.appboycdn.com use.fontawesome.com sdk.iad-06.braze.com braze-images.com *.fullstory.com shopback.go2cloud.org cdn.id5-sync.com https://id5-sync.com tags.crwdcntrl.net bcp.crwdcntrl.net kfctw.api.useinsider.com *.useinsider.com f1.zenclerk.com wss://visitor-fleet.zenclerk.com dde-store.jrgtw.com appleid.cdn-apple.com www.apple.com *.adotone.com *.botbonnie.com media-cdn-resources.pantheonlab.ai cdnjs.cloudflare.com ;img-src * data:;font-src * data:;frame-src * app:;form-action *.telexpress.com *.kfcclub.com.tw nccnet-ec.nccc.com.tw *.jkopay.com *.line.me line: service.pxpayplus.com pxpayplus.com icp-payment-preprod.icashpay.com.tw icpbridge.azurewebsites.net payment.icashpay.com.tw *.easycard.com.tw; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.termly.io *.googlesyndication.com *.cloudflareinsights.com *.zdn.vn *.zalo.me *.youtube.com *.google.com *.tawk.to *.hoanmy.com *.googletagmanager.com *.gstatic.com *.doubleclick.net maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.googleadservices.com *.termly.io *.googlesyndication.com *.cloudflareinsights.com *.zdn.vn *.zalo.me *.google.com *.hoanmy.com *.googletagmanager.com *.gstatic.com *.doubleclick.net *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
script-src 'self' gamespress.com gamespress.matomo.cloud www.googleapis.com www.google.com www.gstatic.com connect.facebook.net code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net *.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com platform.twitter.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.bootstrapcdn.com fonts.googleapis.com cdn.jsdelivr.net *.typekit.net 'unsafe-inline'; font-src 'self' *.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com fonts.ncwest.ncsoft.com cdn.jsdelivr.net *.typekit.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.useinsider.com https://*.nr-data.net https://*.creativecdn.com/ https://*.hotjar.com https://*.newrelic.com https://*.yandex.ru https://*.criteo.com https://thequin.ai https://*.thequin.ai https://quinengine.com https://*.quinengine.com https://*.demdex.net https://*.api.ditto.com https://*.doubleclick.net https://*.everesttech.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleapis.com https://assets.adobedtm.com https://atasunoptik.sortext.com https://analytics.tiktok.com https://cdn.480app.com https://commerce.adobedtm.com https://cdnjs.cloudflare.com https://critizr.com https://cdn.efilli.com https://connect.facebook.net https://cdn.nmgassets.com https://cdn.syteapi.com https://cdn.visenze.com https://dynamic.criteo.com https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.bkmexpress.com.tr https://js.facebook.com https://live.maytap.me https://signals.atasunoptik.com.tr https://sslwidget.criteo.com https://static.criteo.net https://static.critizr.com https://ssl.google-analytics.com https://stn-atasun.mncdn.com https://tags.bkrtx.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.yapaytech.com  https://bundles.efilli.com/atasunoptik.com.tr.prod.js;       worker-src 'self' blob:;        child-src blob: gap:;       object-src 'self';       style-src 'self' 'unsafe-inline' https://*.goodays.co *.critizr.com *.cloudflare.com https://*.hotjar.com *.segmentify.com *.useinsider.com *.googletagmanager.com https://*.creativecdn.com/ *.google.com https://fonts.googleapis.com https://stn-atasun.mncdn.com https://tagmanager.google.com;       frame-src *;       font-src data: *;       connect-src 'self' *;       base-uri 'self';       frame-ancestors 'self';       block-all-mixed-content;       report-uri /WebResource.axd?cspReport=true 1
default-src https: data: wss://*.zohopublic.com wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
font-src fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: use.typekit.net *.e5.be data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.e5.be *.nosto.com *.nos.to 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/ www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://*.dpdconnect.nl cdn.dnky.co www.youtube.com *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com *.criteo.net *.freshchat.com *.instagram.com *.doubleclick.net s7.addthis.com s3.amazonaws.com pay.google.com *.publitas.com ct.pinterest.com *.cookiebot.com *.getflowbox.com *.e5.be *.vwo.com *.creativecdn.com *.sovendus-connect.com *.jotform.com *.qualifio.com *.qualifioapp.com *.weltpixel.com *.nosto.com *.nos.to *.multisafepay.com https://pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com validator.swagger.io t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.google.com *.google.com.ua *.google.nl *.google.be connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.gstatic.com www.linkedin.com linkedin.com googletagmanager.com gallery.mailchimp.com *.trustedshops.com www.facebook.com connect.facebook.net *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net www.e5mode.be *.nosto.com p.typekit.net cx.atdmt.com curator-assets.b-cdn.net *.doubleclick.net www.zenaps.com www.awin1.com *.googleadservices.com *.getsitecontrol.com cdn.e5mode.be e5-assets.s3.amazonaws.com *.e5.be bat.bing.com ct.pinterest.com *.visualwebsiteoptimizer.com *.cookiebot.com *.bidswitch.net *.criteo.com ib.adnxs.com *.getflowbox.com contextual.media.net pixel.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv eb2.3lift.com *.yahoo.net *.adform.net visitor.omnitagjs.com *.casalemedia.com id5-sync.com *.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net *.yieldmo.com e1.emxdgt.com beacon.krxd.net *.cloudfront.net blob: *.clarity.ms *.creativecdn.com *.udmserve.net *.adscale.de *.openx.net *.33across.com *.seedtag.com *.sonobi.com *.nexx360.io *.orangeclickmedia.com *.admixer.net *.yahoo.com *.lijit.com *.1rx.io * *.nos.to *.multisafepay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://*.dpdconnect.nl google.com www.google.com gstatic.com www.gstatic.com *.googletagmanager.com *.googleapis.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net www.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com connect.nosto.com *.typekit.net *.getsitecontrol.com *.freshchat.com *.timify.com *.instagram.com *.curator.io www.dwin1.com *.doubleclick.net z.moatads.com v1.addthisedge.com m.addthis.com *.publitas.com s.pinimg.com bat.bing.com *.visualwebsiteoptimizer.com *.cookiebot.com *.tweakwise.com *.freshworks.com *.beslist.nl *.webgains.io *.retargeted.co *.freshmarketer.com *.pinterest.com *.getflowbox.com *.e5.be *.postcode-checkout.nl *.sovendus.com data: *.creativecdn.com *.vwo.com *.jotformeu.com *.qualifio.com connect.getflowbox.com s7.addthis.com *.nosto.com *.nos.to *.avada.io *.multisafepay.com https://pay.google.com https://www.postcode-checkout.nl/api/international/v1/autocomplete/* https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net wchat.freshchat.com *.curator.io *.publitas.com *.freshworks.com *.getflowbox.com *.e5.be *.vwo.com *.nosto.com *.nos.to *.multisafepay.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com curator-assets.b-cdn.net e5-assets.s3.amazonaws.com *.e5.be 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobedc.net api.comapi.com www.google-analytics.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.facebook.com *.datatrics.com *.curator.io www.google.com *.doubleclick.net connect.nosto.com maps.googleapis.com ct.pinterest.com *.clarity.ms *.freshworks.com *.visualwebsiteoptimizer.com *.beslist.nl *.getsitecontrol.com *.criteo.com *.cookiebot.com *.getsitectrl.com *.getflowbox.com *.e5.be *.tweakwise.com *.postcode-checkout.nl *.webgains.io *.creativecdn.com *.bing.com *.sovendus.com *.retargeted.co connect.getflowbox.com 9mn3sm7015.execute-api.eu-west-1.amazonaws.com ekr.zdassets.com/ *.nosto.com *.nos.to https://get.geojs.io *.avada.io *.multisafepay.com https://www.postcode-checkout.nl/api/international/v1/autocomplete/* https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.cognifit.com; 1
upgrade-insecure-requests; default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' bill.eurobyte.ru 1
default-src 'self';style-src 'self' https://*.blob.core.windows.net https://tagmanager.google.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' ;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.blob.core.windows.net ;img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://*.blob.core.windows.net https://*.google-analytics.com data: 'self' ;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.blob.core.windows.net https://cdn.botframework.com/botframework-webchat/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdn.botframework.com/ https://*.vo.msecnd.net/ https://tagmanager.google.com/ ;frame-src https://webchat.botframework.com/ https://www.youtube.com/ https://www.google.com ;media-src 'self' https://www.youtube.com/ https://*.blob.core.windows.net ;connect-src 'self' wss://directline.botframework.com/v3/  https://directline.botframework.com/v3/ https://dc.services.visualstudio.com/v2/track https://*.google-analytics.com https://base.mygovid.ie 1
default-src * data: blob: https://dev-new.medicareresources.org https://www.medicareresources.org *.crazyegg.com; script-src blob: data: https: *.crazyegg.com 'unsafe-inline' 'unsafe-eval'; style-src https: *.crazyegg.com 'unsafe-inline'; frame-ancestors 'self' https://dev-new.medicareresources.org https://www.medicareresources.org; 1
default-src 'self' https://analytics.google.com; img-src 'self' https://ajax.googleapis.com data:; script-src 'self' https://ajax.googleapis.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://ajax.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com;frame-src 'self' https://www.youtube.com; media-src https://ptfi.co.id https://www.google.co.id;object-src 'none';connect-src 'self' https://analytics.google.com;frame-ancestors 'self'; 1
default-src *;script-src 'self' 'nonce-ruFzLmg5lqUwtAbg9Crsl0YSfgfh32NYiJ10hbKN3j0='; 1
default-src https: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://*.ddev.site https://*.skd.museum https://*.googleapis.com https://www.youtube-nocookie.com https://sketchfab.com https://vimeo.com; 1
frame-ancestors 'self' https://*.zbj.com https://*.tianpeng.com https://*.chatm.com https://*.mysipo.com https://*.zhubajie.la *.zbjdev.com hljcg.hlj.gov.cn *.qjzbj.com 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de; script-src 'self'  'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de www.juris.de;object-src 'self' multimedia.gsb.bund.de piwik.itzbund.de www.juris.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de www.juris.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de www.juris.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de www.juris.de; frame-src https://www.juris.de/ *.google.com *.gstatic.com *.youtube.com *.vimeo.com; frame-ancestors https://www.juris.de/ 'self'; 1
block-all-mixed-content; frame-ancestors 'none' 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.banquedesterritoires.fr/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.googleapis.com *.google-analytics.com *.metropoliaztm.pl *.transportgzm.pl; frame-src 'self' *.youtube.com *.metropoliaztm.pl *.transportgzm.pl; object-src 'self' 1
default-src 'none'; manifest-src 'self'; script-src 'nonce-qYzRKUcVjxv0Dt8tAizaXtv+NTdSyuWvm5HqWyFENY0=' 'sha256-NPxtanrGj3/JuYjJOsgA0mEkXCCEoEO9Sr64MVsFil8=' 'strict-dynamic' 'unsafe-eval' 'self'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://gallery-prod2.sprinklr.com; img-src 'self' data: https://a.apac01.idio.episerver.net https://forms.hsforms.com https://forms-na1.hsforms.com https://jumbe.zaius.com.au https://maps.googleapis.com https://maps.gstatic.com https://p2.aprimocdn.net https://track.hubspot.com https://www.facebook.com https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://*.google.com.my https://*.google.co.in https://*.google.it https://*.google.co.jp https://*.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://fonts.gstatic.com https://www.google.com https://www.google.com.au https://www.google.co.uk https://px.ads.linkedin.com https://prod2-media-proxy.sprinklr.com https://thumb.sprinklr.com https://scontent-iad3-1.xx.fbcdn.net https://prod.cdata.app.sprinklr.com https://i.ytimg.com https://jumbe.au1.odp.optimizely.com https://px.ads.linkedin.com; font-src 'self' data: https://gallery-prod2.sprinklr.com https://fonts.googleapis.com https://fonts.gstatic.com https://px.ads.linkedin.com https://prod2-media-proxy.sprinklr.com; connect-src 'self' https://a.apac01.idio.episerver.net https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://*.google.com.my https://*.google.co.in https://*.google.it https://*.google.co.jp https://api.hubapi.com https://consent.api.osano.com https://dc.services.visualstudio.com https://forms.hsforms.com https://ka-p.fontawesome.com https://kit-uploads.fontawesome.com https://maps.googleapis.com https://tattle.api.osano.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.doubleclick.net https://gallery-prod2.sprinklr.com  https://prod2-external-share-api.sprinklr.com https://px.ads.linkedin.com; media-src 'self' https://p2.aprimocdn.net https://lendleasecorporationlimited.gcs-web.com https://prod2-media-proxy.sprinklr.com; object-src 'none'; frame-src 'self' https://forms.hsforms.com https://www.facebook.com https://p2.aprimocdn.net https://www.google.com https://*.doubleclick.net https://lendleasecorporationlimited.gcs-web.com https://tools.eurolandir.com https://my.datasubject.com https://www.youtube.com; frame-ancestors 'self' https://lendleasecorporationlimited.gcs-web.com; form-action 'self' https://forms.hsforms.com https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self' 'unsafe-inline'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com ; frame-src 'self' blob: http://www.youtube.com ; img-src 'self' data: http://www.w3.org/2000/svg https://cdn.tiny.cloud/  https://server.arcgisonline.com/ArcGIS/rest/services/World_Imagery/MapServer/tile/  https://sp.tinymce.com/ https://*.tile.openstreetmap.org/ https://openweathermap.org; style-src-elem 'self' https://cdn.tiny.cloud/ https://www.googletagmanager.com  https://sp.tinymce.com/ https://fonts.googleapis.com 'unsafe-inline'; style-src 'self'  https://fonts.googleapis.com 'unsafe-inline'; script-src-elem 'self' https://www.googletagmanager.com  https://cdn.tiny.cloud 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://api.openweathermap.org https://nominatim.openstreetmap.org 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'none';      connect-src https://plausible.io/api/event https://assets-global.website-files.com/5efbe6918a9cfd65bb1608f9/ ;   font-src data: https://assets.website-files.com/5efbe6918a9cfd65bb1608f9/ ;      img-src data: https://assets-global.website-files.com/5efbe6918a9cfd65bb1608f9/ ;    script-src https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://d3e54v103j8qbb.cloudfront.net/js/ https://assets-global.website-files.com/5efbe6918a9cfd65bb1608f9/js/ https://plausible.io/js/script.js ;     style-src https://assets-global.website-files.com/5efbe6918a9cfd65bb1608f9/css/ https://assets.upguard.com 1
default-src 'self' chat.oesterreich.gv.at; script-src 'self' chat.oesterreich.gv.at 'unsafe-inline'; img-src data: 'self'; connect-src 'self' services2.lfrz.at wss://chat.oesterreich.gv.at; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com vimeo.com player.vimeo.com https://pubmon.a-sit.at/monitoring-service-p/; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' testsunnybrook.sw.ca sunnybrook.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' testsunnybrook.sw.ca sunnybrook.ca https://js.stripe.com https://tpc.googlesyndication.com https://snap.licdn.com storify.com api.mapbox.com api.mazemap.com sunnybrook.us11.list-manage.com www.surveymonkey.com www.youtube.com www.youtube-nocookie.com static.formstack.com https://www.formstack.com sunnybrook.formstack.com syndication.twitter.com platform.twitter.com twitter.com twimg.com jquery.com jsdelivr.net sunnybrook.talcura.com luminohealth.sunlife.ca services.sunlife.com disqus.com sunnybrookhsc.disqus.com c.disquscdn.com mailchimp.com instagram.com z.moatads.com pinterest.com pinterest.ca ct.pinterest.com e.acuityplatform.com acuityplatform.com origin.acuityplatform.com bat.bing.com connect.facebook.net facebook.net www.facebook.com facebook.com in.hotjar vc.hotjar.com hotjar.io script.hotjar.com static.hotjar.com s.pinimg.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com https://*.googleusercontent.com blob:; img-src 'self' 'unsafe-inline' ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com  https://*.googleusercontent.com * blob: data: ; frame-src sunnybrook.ca https://js.stripe.com donate.sunnybrook.ca https://tpc.googlesyndication.com player.vimeo.com platform.cogstate.com https://mcgj92xx1d65v2zq191tdlpdmry4.pub.sfmc-content.com https://maps.google.ca https://sts.sunnybrook.ca https://cdn.embedly.com https://outlook.live.com https://indd.adobe.com sunnybrook.talcura.com sunnybrook.formstack.com syndication.twitter.com https://*.doubleclick.net use.mazemap.com www.facebook.com platform.twitter.com w.soundcloud.com www.yumpu.com static.formstack.com www.youtube.com www.youtube-nocookie.com bid.g.doubleclick.net ct.pinterest.com https://*.google.com mailto: ; connect-src 'self' https://sunnybrook.formstack.com https://px.ads.linkedin.com https://services.sunlife.com https://bat.bing.com vc.hotjar.io in.hotjar.com ct.pinterest.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.googleapis.com https://*.gstatic.com https://www.facebook.com data: blob:; font-src 'self' static.formstack.com fontawesome.com use.fontawesome.com https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' use.fontawesome.com www.gstatic.com api.mapbox.com api.mazemap.com static.formstack.com cloud.typography.com https://www.google.com https://fonts.googleapis.com; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; frame-ancestors 'self' https://sts.sunnybrook.ca https://outlook.live.com ; object-src 'none'; form-action 'self' platform.cogstate.com sunnybrook.formstack.com web.na.bambora.com https://cl.s4.exct.net https://www.facebook.com donate.sunnybrook.ca pailnetwork.sunnybrook.ca; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' http://www.1001giochi.it 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crystalsport.ge *.crystalauto.ge *.google.com *.cloudflare.com cloudflare.com *.youtube.com *.twitter.com *.facebook.net facebook.net *.googlesyndication.com *.instagram.com googlesyndication.com *.googleadservices.com googleadservices.com *.google-analytics.com google-analytics.com *.googletagmanager.com googletagmanager.com *.googletagservices.com googletagservices.com *.googleapis.com *.tinymce.com *.gstatic.com *.tiny.cloud *.doubleclick.net doubleclick.net *.2mdn.net 2mdn.net *.enetscores.com *.facebook.com *.sharethis.com *.streams.ge streams.ge crystal-ad.ge; img-src * data:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *; 1
default-src 'self' 'unsafe-inline' data: *.ytimg.com http://linkumkm.id http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 http://10.184.0.89 *.service-kjt.id:8011 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; script-src 'self' 'unsafe-inline' wss://10.184.0.89 *.service-kjt.id:8083 10.184.0.89 *.service-kjt.id:8083 ws://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8083 https://*.jquery.com http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; style-src 'self' 'unsafe-inline' http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; font-src 'self' 'unsafe-inline' http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; connect-src 'self' 'unsafe-inline' wss://*.linkumkm.id http://*.linkumkm.id *.linkumkm.id http://10.184.0.89 *.service-kjt.id 10.184.0.89 *.service-kjt.id http://10.184.0.89 *.service-kjt.id:8014 10.184.0.89 *.service-kjt.id:8014 wss://10.184.0.89 *.service-kjt.id:8083 ws://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8083 http://10.184.0.89 *.service-kjt.id:8011 *.youtube.com *.googleapis.com *.googletagmanager.com *.jsdelivr.net *.cloudflare.com doubleclick.net *.google.com *.gstatic.com *.google-analytics.com https://www.linkumkm.id www.linkumkm.id; 1
frame-ancestors 'self' https://*.pageroonline.com 1
default-src 'self';  script-src 'self' https://maps.googleapis.com https://newlogin.dimepkairos.com.br https://5chat.5hub.com.br https://script.hotjar.com https://code.jquery.com https://static.hotjar.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.dimepkairos.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com https://l2.io https://cdn.jsdelivr.net https://js-agent.newrelic.com 'unsafe-eval' 'unsafe-inline';  style-src 'self' https://newlogin.dimepkairos.com.br https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.gstatic.com 'unsafe-inline';  font-src 'self' https://newlogin.dimepkairos.com.br https://fonts.gstatic.com;  img-src 'self' data: *;  connect-src 'self' https://maps.googleapis.com https://maps.google.com https://maps.google https://stats.g.doubleclick.net https://tagus.5hub.com.br https://www.google.com https://www.google-analytics.com https://bam.nr-data.net http://127.0.0.1:8731;  frame-src 'self' https://qcmaint.dimepkairos.com.br https://www.google.com https://5chat.5hub.com.br https://www.dimep.space https://qcmaint.mdcomune.com.br https://www.dimepkairos.com.br https://www.mdcomune.com.br https://www.dimepkairos.pt https://www.dimepkairos.com.mx;  object-src 'self';  base-uri 'self';  form-action 'self';  frame-ancestors 'self';  block-all-mixed-content;  upgrade-insecure-requests; 1
default-src 'unsafe-inline'; connect-src *; font-src 'self' fonts.gstatic.com fonts.intercomcdn.com; frame-src *; img-src * data: ; script-src-elem 'self' 'unsafe-inline' *; script-src 'unsafe-eval' *; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com; worker-src 'self'; object-src 'none'; manifest-src 'self'; media-src 'self' https://www.datocms-assets.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://tpc.googlesyndication.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.line-scdn.net https://code.jquery.com https://telegram.org https://maxcdn.bootstrapcdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://use.fontawesome.com https://ajax.googleapis.com https://www.google-analytics.com https://d.line-scdn.net https://connect.facebook.net https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://www.pagespeed-mod.com; style-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline'; font-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.gstatic.com; connect-src 'self' https://www.google.com/pagead/ https://analytics.google.com https://adservice.google.com https://buyplus1.com.tw https://api.line.me https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com; frame-src 'self' https://tpc.googlesyndication.com https://www.google.com https://*.youtube.com https://youtube.com https://oauth.telegram.org https://social-plugins.line.me https://www.facebook.com; frame-ancestors 'self'; form-action 'self' https://www.facebook.com.tw/tr https://*.pchomepay.com.tw https://*.7-11.com.tw http://*.hilife.com.tw https://*.presco.com.tw https://*.map.com.tw https://*.hilife.com.tw https://*.ecpay.com.tw; img-src 'self' https://www.googletagmanager.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://www.google.com https://www.google.com.tw https://googleads.g.doubleclick.net https://www.facebook.com https://platform-lookaside.fbsbx.com https://chart.googleapis.com https://buybuy66.com https://buyplus1.com.tw https://*.telesco.pe https://*.telegram-cdn.org https://profile.line-scdn.net https://t.me https://ssl.google-analytics.com https://ecfme.famiport.com.tw *.fbcdn.net data:; 1
base-uri * 'unsafe-inline';child-src * 'unsafe-inline';connect-src * 'unsafe-inline';default-src * 'unsafe-inline';font-src * data: 'unsafe-inline';form-action * 'unsafe-inline';frame-ancestors 'self' http://127.0.0.1;frame-src * 'unsafe-inline';img-src * data: 'unsafe-inline';manifest-src * 'unsafe-inline';media-src * data: 'unsafe-inline';object-src * data: 'unsafe-inline';script-src * data: 'unsafe-inline' 'unsafe-eval' 'nonce-5CrWVisTEugoSouaXnEKLuKrlXrPAlSb';script-src-attr * data: 'unsafe-inline' 'unsafe-eval';script-src-elem * data: 'unsafe-inline' 'unsafe-eval';style-src * data: 'unsafe-inline' 'nonce-5CrWVisTEugoSouaXnEKLuKrlXrPAlSb';style-src-attr * data: 'unsafe-inline';style-src-elem * data: 'unsafe-inline';worker-src * 1
default-src 'self' 'unsafe-eval' http: https: data: blob: 'unsafe-inline'; connect-src 'self' ws: wss: http: https: data: 1
“default-src https: data: ‘unsafe-inline’ ‘unsafe-eval'� 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.amnetgroup.com.tw cdn.jsdelivr.net *.doubleclick.net *.treasuredata.com *.babylonjs.com *.johnniewalker.com *.diageohorizon.com *.diageoapi.com *.diageoagegate.com *.diageopersonalisationstudio.com *.diageoplatform.com *.diageo.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.tagmanager.google.com *.googleapis.com *.youtube.com *.doubleclick.net *.google.com *.bing.com *.googleadservices.com *.facebook.net *.facebook.com *.navdmp.com *.ytimg.com *.cloudflare.com *.shortlyst.com *.mapbox.com *.evbuc.com *.gravatar.com *.amazonaws.com *.bootstrapcdn.com *.demdex.net *.pinimg.com *.vimeo.com *.umbraco.org *.amnetgroup.com.tw *.yimg.com *.yahoo.com *.adsrvr.org *.onetrust.com *.ads-twitter.com *.clarity.ms *.twitter.com *.vtinfo.com *.universe.com *.google.co.uk *.queue-it.net *.myshopify.com *.shopify.com *.twitter.com t.co *.cloudfunctions.net *.eum-appdynamics.com *.appdynamics.com *.twimg.com *.anyguide.com *.anyroad.com where-to-buy.co *.liveres.co.uk app.yellowmessenger.com cdn.yellowmessenger.com cloud.yellow.ai bookings-stg02 *.secure.johnniewalker.com cdn.segment.com cdn.evgnet.com cdn.evergage.com diageogb.germany-2.evergage.com *.quantummetric.com data: blob:;font-src 'self' data: *.yellowmessenger.com fonts.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com 1
default-src 'self' 'unsafe-inline' data: wss://*.afpmodelo.net https://nzoth.afpmodelo.net https://recuperaclaveweb2.afpmodelo.net https://afpmodelo.qservus.com https://cdn-qservus.redcalidad.com https://*.table.core.windows.net https://api-kong.afpmodelo.net https://api-kong-preprod.afpmodelo.net https://*.algolia.net https://*.algolianet.com https://api.qrserver.com https://block.opendns.com https://www.youtube.com https://*.afpmodelo.net https://*.afpmodelo.cl https://*.afpmodelosp.cl https://antonia-soe-prd.12c9aw96iaxs.us-south.codeengine.appdomain.cloud https://*.gstatic.com https://*.facebook.net https://*.facebook.com https://*.blob.core.windows.net https://recaptcha.net https://*.google.com https://www.google.cl https://*.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://netdna.bootstrapcdn.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://api.ipify.org https://assets.calendly.com https://calendly.com https://*.ytimg.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; upgrade-insecure-requests; base-uri 'self'; 1
default-src 'self' data: http: https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.e-stave.com *.sportna-loterija.si; 1
default-src 'self' *.ondonnedesnouvelles.com s1.ondonnedesnouvelles.com s2.ondonnedesnouvelles.com *.s3.ondonnedesnouvelles.com balthazar.diedm.fr;worker-src 'self' blob:;media-src 'self' s1.ondonnedesnouvelles.com s2.ondonnedesnouvelles.com *.s3.ondonnedesnouvelles.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;img-src 'self' data: blob: *.ondonnedesnouvelles.com s1.ondonnedesnouvelles.com s2.ondonnedesnouvelles.com *.s3.ondonnedesnouvelles.com *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;frame-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;child-src 'self' *.googlevideo.com *.youtube.com *.dailymotion.com *.dai.ly *.vimeo.com *.vimeocdn.com *.ac-versailles.fr *.toutatice.fr *.reseau-canope.fr *.wikipedia.org reseau-canope.fr vid.me learningapps.org tube.ac-lyon.fr *.apps.education.fr wikipedia.org *.tile.openstreetmap.org;base-uri 'none';object-src 'none';style-src 'self' 'unsafe-inline' s1.ondonnedesnouvelles.com balthazar.diedm.fr;script-src 'self' 'unsafe-inline' 'unsafe-eval' s1.ondonnedesnouvelles.com balthazar.diedm.fr;font-src 'self' data: fonts.googleapis.com s1.ondonnedesnouvelles.com 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; img-src 'self' data: putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; font-src 'self' data: putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; connect-src 'self' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; media-src 'self' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; object-src 'self' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; frame-src * 'self' putasvipmexico.com *.putasvipmexico.com putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net 1
frame-ancestors 'self' https://*.signxca.com; 1
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ https://gateway.mobbeel.com/ https://mobbeel.com https://*.mobbeel.com 1
default-src 'self' https://waves.exchange https://testnet.waves.exchange https://nodes-testnet.wavesnodes.com https://nodes.wavesnodes.com https://marketdata.wavesplatform.com https://swap-widget.keeper-wallet.app https://wx.network/ https://api.wx.network/;img-src 'self' data: https:;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://js.intercomcdn.com https://fonts.intercomcdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://vk.com https://connect.facebook.net https://mc.yandex.ru https://code.jquery.com https://google.com https://www.google.com https://www.gstatic.com https://swap-widget.keeper-wallet.app https://www.youtube.com https://marketdata.wavesplatform.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com;connect-src 'self' https://mc.yandex.ru https://www.facebook.com https://vk.com https://www.google-analytics.com https://google.com https://www.googletagmanager.com https://www.gstatic.com https://marketdata.wavesplatform.com https://www.youtube.com wss://relay.walletconnect.com https://api.rss2json.com https://waves.exchange https://wx.network/ https://api.wx.network/ https://testnet.waves.exchange https://nodes-testnet.wavesnodes.com https://nodes.wavesnodes.com https://swap-widget.keeper-wallet.app https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io   https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io  wss://nexus-europe-websocket.intercom.io  https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io  https://uploads.intercomcdn.com https://uploads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.intercomusercontent.com https://registry.walletconnect.com/api/v2/wallets;form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io ;media-src https://js.intercomcdn.com;frame-src 'self' https://www.youtube.com https://youtube.com https://www.google.com https://swap-widget.keeper-wallet.app https://waves.exchange/ https://verify.walletconnect.com/ https://wx.network/ https://api.wx.network/;script-src-attr 'self' 'unsafe-inline';base-uri 'self';block-all-mixed-content;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' *.eagle.org; 1
frame-ancestors 'self' www.amway.com.au www.amway.co.nz https://pos.amway.com.au https://pos.amway.co.nz https://pos.amway.com.vn www.amway.com.vn www.amway.com.ph admin.amway.com.ph 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.techtouch.jp https://cdnjs.cloudflare.com https://ajax.googleapis.com https://*.googletagmanager.com https://npmcdn.com https://static.zdassets.com https://ekr.zdassets.com https://www.google-analytics.com https://ssl.google-analytics.com https://sdk.form.run data: https://connect.facebook.net https://browser.sentry-cdn.com https://js.sentry-cdn.com; style-src 'self' 'unsafe-inline' *.techtouch.jp https://cdnjs.cloudflare.com https://ajax.googleapis.com https://fonts.googleapis.com https://npmcdn.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com; img-src 'self' blob: data: *.techtouch.jp https://beauty.kanzashi.com https://kanzashi-beauty-stg.pp-dev.org https://kanzashi-beauty.pp-sandbox.org https://s3.ap-northeast-1.amazonaws.com https://ajax.googleapis.com https://s3.amazonaws.com https://s3-ap-northeast-1.amazonaws.com https://beauty-kanzashi-production.s3.ap-northeast-1.amazonaws.com https://beauty-kanzashi-devonaws.s3.us-east-1.amazonaws.com https://partner-media.kanzashi.com https://partner-media-stg.pp-dev.org https://cdnjs.cloudflare.com https://chart.apis.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.jp https://api.qrserver.com; frame-src 'self' *.techtouch.jp *.typeform.com https://form.run; connect-src 'self' *.techtouch.jp *.typeform.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.jp https://ekr.zdassets.com *.sentry.io; worker-src 'self' blob:; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; report-uri https://pacificporter.report-uri.com/r/d/csp/enforce 1
base-uri 'self';connect-src 'self' firebaseinstallations.googleapis.com fcmregistrations.googleapis.com;default-src 'self';font-src * data: 'self' data:;form-action 'self' https:;frame-ancestors 'self';frame-src * gap-iab:;img-src * data: 'self';media-src * data:;object-src 'none';report-uri /SYSTEM/csp-collector.tcl;script-src 'unsafe-inline' 'unsafe-eval' 'self' 'nonce-60939FCB29F2AFC46BF8500AAEB4BCF3F79BA539';style-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://online.weba.ru https://www.youtube.com https://www.google.com https://www.gstatic.com https://counter.yadro.ru https://mc.yandex.ru https://player.vimeo.com https://s.ytimg.com https://fonts.googleapis.com https://updates.themepunch-ext-a.tools https://mc.yandex.ru/metrika ;               font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com;               report-uri https://secure.weba.ru/csp/collector.php 1
connect-src 'self' *.delti.com *.google-analytics.com *.jquery.com *.optimizely.com *.trustedshops.com tdsrmbl.net wss://*.delti.com; default-src 'self' *.delti.com; font-src 'self' *.bootstrapcdn.com *.delti.com *.googleusercontent.com *.gstatic.com *.trustedshops.com data data:; frame-ancestors *; frame-src 'self' *.ariva-services.de *.ariva.de *.computop-paygate.com *.computop.com *.criteo.com *.delti.com *.doubleclick.net *.google.com *.lenua.de *.optimizely.com *.reifendirekt.de *.trustpilot.com *.youtube-nocookie.com *.youtube.com data skytraf.xyz; img-src 'self' *.123piecesderechange.ch *.123pneus.ch *.123pneus.fr *.123reifen.de *.alcar-wheels.com *.autobandenmarkt.be *.autobandenmarkt.nl *.autoonderdelen-direct.nl *.autopink-shop.fr *.autoscout24.de *.autoteile-meile.de *.barzgumve.com *.bing.com *.bizrate.com *.co.ee *.czesci-samochodowe-online.pl *.dackonline.se *.daekonline.dk *.dekkonline.com *.delti.com *.delticom.de *.doubleclick.net *.eiretyres.com *.elastika-online.gr *.giga-pneumatici.it *.giga-pneus.pt *.giga-reifen.de *.gommadiretto.it *.google-analytics.com *.google.at *.google.ba *.google.be *.google.bg *.google.ca *.google.ch *.google.cl *.google.co.ao *.google.co.cr *.google.co.ma *.google.co.uk *.google.com *.google.com.ar *.google.com.au *.google.com.br *.google.com.ph *.google.com.ua *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.it *.google.li *.google.lt *.google.lv *.google.me *.google.mk *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.se *.google.si *.google.sk *.gstatic.com *.gume-direkt.com *.gume.com.hr *.gumik.hu *.mobilemech-shop.ch *.mobilemech-shop.co.uk *.moto-pneumatici.it *.moto-tyres.co.uk *.motorradreifendirekt.de *.mytyres.co.uk *.neumaticos-online.es *.neumaticosdemoto.es *.paypal.com *.pneucity.com *.pneumatikypriamo.com *.pneus-moto.be *.prudsys-rde.de *.reifen-direkt.lv *.reifendirekt.at *.reifendirekt.ch *.reifendirekt.de *.reifendirekt.lt *.reifentest.com *.reifenversand-online.de *.rengas-online.com *.tires-direct.com *.tires-easy.ca *.tirstatic.net *.trustedshops.com *.tyre-pictures.com *.vertaa.fi cdnnetwok.xyz data data: maps.googleapis.com web-assets-prod.s3.amazonaws.com; object-src 'self' *.delti.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.123pneus.be *.allo-pages.fr *.barzgumve.com *.bing.com *.bootstrapcdn.com *.co.ee *.criteo.com *.criteo.net *.delti.com *.demdex.net *.doubleclick.net *.elastika-online.gr *.google-analytics.com *.google.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.gume-direkt.com *.gume.com.hr *.gumik.hu *.miazuz.com *.mouse3k.com *.octapi.net *.open-dog.com *.optimizely.com *.paypal.com *.paypalobjects.com *.reifen-direkt.lv *.reifendirekt.at *.reifendirekt.ch *.reifendirekt.de *.reifendirekt.lt *.toutlannuaire.fr *.trustedshops.com *.trustpilot.com *.where.com cdnjs.cloudflare.com cdnnetwok.xyz data dnn506yrbagrg.cloudfront.net eluxer.net gwyjo92x.ru loadingpagesose.review maps.googleapis.com rvy5deb6zyzp14.ru s3.amazonaws.com urlvalidation.com worldnaturenet.xyz; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.delti.com *.googleapis.com *.reifendirekt.at *.reifendirekt.ch *.reifendirekt.de *.trustedshops.com; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://js-agent.newrelic.com https://player.vimeo.com https://polyfill.io/v3/polyfill.min.js https://unpkg.com https://www.google-analytics.com https://www.googletagmanager.com https://www.vimeo.com https://vimeo.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://connect.facebook.net https://polyfill.io https://cdn.ckeditor.com https://cdn.jsdelivr.net https://docx-converter.cke-cs.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://js-agent.newrelic.com https://player.vimeo.com https://polyfill.io/v3/polyfill.min.js https://unpkg.com https://www.google-analytics.com https://www.googletagmanager.com https://www.vimeo.com https://vimeo.com https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://connect.facebook.net https://polyfill.io https://cdn.ckeditor.com https://cdn.jsdelivr.net https://docx-converter.cke-cs.com; object-src 'none'; style-src 'report-sample' 'self' 'unsafe-inline' https://fast.fonts.net https://demo.dashboardpack.com https://cdn.jsdelivr.net; img-src 'self' https://i.vimeocdn.com https://www.google-analytics.com https://www.googletagmanager.com data: https://*.google-analytics.com; media-src 'self'; frame-src 'self' https://player.vimeo.com https://cdn.yoshki.com https://api-6fc85ce3.duosecurity.com https://www.googletagmanager.com; child-src 'self' https://player.vimeo.com; font-src 'self' https://demo.dashboardpack.com data:; connect-src 'self' https://bam.nr-data.net https://*.algolia.net https://www.google-analytics.com https://*.algolianet.com https://*.google-analytics.com https://www.googletagmanager.com https://*.cke-cs.com; report-uri /report-csp-violation 1
style-src 'unsafe-inline' default-src 'self' assets.wohnservice-wien.at *.gstatic.com cdnjs.cloudflare.com piwik.wohnservice-wien.at *.ytimg.com *.googlevideo.com *.youtube-nocookie.com *.googleapis.com *.wien.gv.at *.google.com hcaptcha.com *.hcaptcha.com 1
style-src 'self' 'unsafe-inline' https://privacyportal-cdn.onetrust.com https://cdn03.jotfor.ms https://cdn02.jotfor.ms https://cdn01.jotfor.ms https://pages.fragomen.com http://pages.fragomen.com https://www.fragomen.com https://cdn.ckeditor.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://app-ab33.marketo.com data:; img-src 'self' https://cdn.cookielaw.org https://cdn.jotfor.ms https://i.vimeocdn.com https://analytics.rubyapps.io https://events.jotform.com https://cdnjs.cloudflare.com https://www.jotform.com https://pages.fragomen.com https://storage.googleapis.com https://www.fragomen.com https://cdn.ckeditor.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://i.ytimg.com https://tr.lfeeder.com https://player.flipsnack.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://xapis.onelink-edge.com https://privacyportal-cdn.onetrust.com https://view.ceros.com https://analytics.rubyapps.io https://cdn.jotfor.ms https://cdn.jotfor.ms https://cdn01.jotfor.ms https://cdn03.jotfor.ms https://cdn02.jotfor.ms https://cdn01.jotfor.ms https://form.jotform.com https://www.googletagmanager.com http://munchkin.marketo.net https://geolocation.onetrust.com https://player.vimeo.com https://cdn.cookielaw.org https://www.youtube.com https://www.fragomen.com http://pages.fragomen.com https://pages.fragomen.com https://cdn.ckeditor.com https://www.gstatic.com https://www.google.com https://www.amcharts.com https://maps.googleapis.com https://static.addtoany.com https://www.buzzsprout.com https://app-ab33.marketo.com https://munchkin.marketo.net https://cdnjs.cloudflare.com https://code.jquery.com https://secure.leadforensics.com https://connect.facebook.net https://www.google-analytics.com https://sc.lfeeder.com https://siteimproveanalytics.com https://zingtree.com; connect-src 'self' https://xapis.onelink-edge.com https://privacyportal-cdn.onetrust.com https://analytics.rubyapps.io http://130-cki-333.mktoresp.com https://fragomen-privacyrequests.my.onetrust.com https://maps.googleapis.com https://cdn.cookielaw.org https://cdn.plyr.io https://noembed.com https://130-cki-333.mktoresp.com https://connect.facebook.net https://tr.lfeeder.com https://www.google-analytics.com https://www.fragomen.dev.ruby.app https://stats.g.doubleclick.net; frame-src 'self' https://xapis.onelink-edge.com https://view.ceros.com https://analytics.rubyapps.io https://cwa.mindpeer.com https://submit.jotform.com/ https://cdn.flipsnack.com https://form.jotform.com/ https://pages.fragomen.com http://pages.fragomen.com https://player.vimeo.com https://www.bloomberg.com/ https://www.buzzsprout.com https://www.youtube.com https://www.google.com https://app-ab33.marketo.com https://static.addtoany.com https://cdn.yoshki.com https://zingtree.com https://player.flipsnack.com; font-src 'self' https://cdn.jotfor.ms https://fonts.gstatic.com https://maps.googleapis.com https://player.flipsnack.com https://privacyportal-uk.onetrust.com https://privacyportal-cdn.onetrust.com/5f6c6a33-148d-4e8c-a636-34f51eea6d11/privacy-notices/6ac6769d-b16d-4e5e-8656-21c382a722d0.json https://privacyportal-cdn.onetrust.com/ 1
default-src                  'self'            blob:            *.pli.edu            *.akamaihd.net            *.live-video.net            testlegacy.pli.edu;                                      script-src    'self'            'unsafe-inline'  consent.trustarc.com  *.jsdelivr.net  pli--fulldev.sandbox.my.site.com  pli--fulldev.sandbox.my.salesforce-scrt.com  http://web-sdk-eu.aptrinsic.com       blob:            'unsafe-eval'     *.bootstrapcdn.com       localhost:44399            flex.cybersource.com            .hotjar.com: .hotjar.com: *.hotjar.io *.hotjar.io *.hotjar.com    *.pli.edu    *.udev1a.net  *.usablenet.com            http://www.google.com             www.gstatic.com            *.vo.msecnd.net            www.googletagmanager.com            http://maps.googleapis.com             tagmanager.google.com            *.google.ca            *.doubleclick.net            *.adsymptotic.com            *.clarity.ms            *.ads.linkedin.com            http://connect.facebook.net             *.bing.com            *.licdn.com            *.facebook.com            *.collect.igodigital.com            http://www.google-analytics.com             load.sumo.com            use.fortawesome.com            http://cdn.polyfill.io             http://code.jquery.com             http://cdnjs.cloudflare.com             http://stackpath.bootstrapcdn.com             http://dl.episerver.net             app.pageproofer.com            http://pi.pardot.com             sumo.b-cdn.net            downloads.mailchimp.com            script.crazyegg.com            mc.us17.list-manage.com            http://static.hotjar.com             http://script.hotjar.com             www.googleadservices.com            http://connect.facebook.net             sjs.bizographics.com            http://cdn.lr-ingest.io             *.doubleclick.net            *.igodigital.com            *.salesforceliveagent.com            *.idio.episerver.net            *.tfaforms.com              *.googleusercontent.com;              connect-src   'self'   .trustarc.com pli--fulldev.sandbox.my.site.com    pli--fulldev.sandbox.my.salesforce-scrt.com   wss://localhost:44355     wss://localhost:      wss://localhost:44313  *.googlesyndication.com   *.aptrinsic.com   *.linkedin.oribi.io  *.localhost:44356  wss://localhost:44356  localhost:44399            *.pli.edu           http://www.google.com            *.google.ca    *.googleapis.com        plihdpackage-lh.akamaihd.net            *.live-video.net            *.doubleclick.net            *.adsymptotic.com            *.ads.linkedin.com            http://connect.facebook.net             *.bing.com    *.pli.edu        *.licdn.com            *.facebook.com            *.collect.igodigital.com            http://www.google-analytics.com             testflex.cybersource.com            flex.cybersource.com            *.facebook.com            *.collect.igodigital.com            r.lr-ingest.io            http://sumo.com             dc.services.visualstudio.com            media.sumo.com            *.hotjar.io            *.hotjar.com            *.clarity.ms            *.hotjar.com            *.tfaforms.com            http://app.formassembly.com ;              font-src            'self'       *.cloudfront.net     *.pli.edu   fonts.gstatic.com   vars.hotjar.com  http://static.hotjar.com            http://script.hotjar.com            *.trustarc.com;         frame-ancestors 'none' ;  frame-src                  'self'     *.trustarc.com  *.pli.edu    *.udev1a.net  *.usablenet.com   testflex.cybersource.com    pli--fulldev.sandbox.my.site.com   pli--fulldev.sandbox.my.salesforce-scrt.com        flex.cybersource.com            http://www.google.com             app.pageproofer.com            www.youtube-nocookie.com            http://www.youtube.com             http://player.vimeo.com             vars.hotjar.com            careers-pli.icims.com            http://www.podbean.com             *.doubleclick.net            plihdpackage-lh.akamaihd.net            *.live-video.net            *.tfaforms.com            *.formassembly.com;              style-src     'self'   *.pli.edu      'unsafe-inline'   *.aptrinsic.com   http://maxcdn.bootstrapcdn.com    http://cdn.jsdelivr.net     use.fortawesome.com            downloads.mailchimp.com            mc.us17.list-manage.com            sumo.b-cdn.net            fonts.googleapis.com            http://dl.episerver.net             sjs.bizographics.com            tagmanager.google.com            www.googletagmanager.com            http://app.formassembly.com ;     style-src-elem   'self'   'unsafe-inline' pli--fulldev.sandbox.my.site.com   pli--fulldev.sandbox.my.salesforce-scrt.com  *.udev1a.net   *.usablenet.com       http://cdn.jsdelivr.net    http://maxcdn.bootstrapcdn.com     *.aptrinsic.com     www.gstatic.com    fonts.gstatic.com;    img-src                  'self'          *.truste.com  *.trustarc.com  *.pli.edu            data:            fonts.gstatic.com            maps.gstatic.com            http://maps.googleapis.com             www.googletagmanager.com            http://dl.episerver.net         *.usablenet.com          *.google.ca            *.adsymptotic.com            *.ads.linkedin.com            http://connect.facebook.net             *.bing.com            *.hotjar.com            *.hotjar.io            *.licdn.com            *.facebook.com            *.collect.igodigital.com            http://www.google-analytics.com             ssl.gstatic.com            www.gstatic.com            http://www.google.com             gallery.mailchimp.com            media.sumo.com            *.clarity.ms            http://sumo.com  data http://sumo.com             http://dl.episerver.net           *.googleusercontent.com;              base-uri                  'self'; 1
frame-ancestors 'self' https://thesonicgoat.com https://app.safe.global https://dexscreener.com https://www.kekistan.co.uk https://dev-app.telifi.xyz https://stg-app.telifi.xyz https://app.tobiwallet.app; 1
frame-ancestors hired.com *.hired.com 1
frame-ancestors 'self' https://content.scaledagile.com https://scaledagile.pathfactory.com https://upmchs.sharepoint.com 1
base-uri 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; default-src https:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: data:; img-src https: data: 1
default-src 'self' data: blob: https://*.vetmedstat.com https://*.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://*.whatfix.com https://whatfix.com https://*.mopinion.com;             connect-src 'self' https://*.vetmedstat.com https://s3.amazonaws.com https://*.s3.amazonaws.com https://browser-intake-datadoghq.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.fullstory.com https://whatfix.com https://*.whatfix.com https://*.mopinion.com;             font-src 'self' data:  https://fonts.gstatic.com https://*.mopinion.com;             frame-ancestors 'self' https://*.vetmedstat.com;             frame-src 'self' https://*.vetmedstat.com https://*.whatfix.com https://whatfix.com https://player.vimeo.com;             img-src 'self' data: https://s3.amazonaws.com https://*.s3.amazonaws.com https://*.idexximagebank.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://fonts.gstatic.com https://*.fullstory.com https://browser-update.org https://i.vimeocdn.com https://*.whatfix.com https://whatfix.com;             script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://*.whatfix.com https://whatfix.com https://*.mopinion.com;             script-src-elem 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.fullstory.com https://*.whatfix.com https://whatfix.com https://*.mopinion.com;             style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://*.mopinion.com;             worker-src 'self' blob:; 1
frame-ancestors http://*.tjpe.jus.br https://*.tjpe.jus.br https://*.app.tjpe.gov.br https://*.app.tjpe.jus.br 'self'; 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' * 1
default-src https: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self'; script-src 'self' https://cdn.matomo.cloud https://*.cdninstagram.com/ https://storage.elfsight.com/ https://static.elfsight.com https://apps.elfsight.com https://cdn.datatables.net/ https://widget.spreaker.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval' https://www.gravatar.com https://*.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/  https://fonts.googleapis.com https://p.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://eng.matomo.cloud https://storage.elfsight.com/ https://apps.elfsight.com/ https://www.eng.it/ https://video.eng.it https://*.google-analytics.com https://*.googleapis.com; font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget.spreaker.com; img-src 'self' data: https://www.google.com/recaptcha/ https://maps.googleapis.com  https://maps.gstatic.com https://*.google-analytics.com https://*.cdninstagram.com/ https://*.elfsightcdn.com/; manifest-src 'self'; media-src 'self' blob: https://video.eng.it; worker-src blob:; 1
default-src 'unsafe-inline' 'unsafe-eval' https: data: blob: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.cookielaw.org *.googletagmanager.com *.onetrust.com *.youtube.com https://customer.cludo.com https://dec.azureedge.net web-chat.nativechat.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://customer.cludo.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.onetrust.com *.google.com *.google.ie cdn.cookielaw.org *.googletagmanager.com *.cludo.com https://cdn.insight.sitefinity.com web-chat.nativechat.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.cludo.com; frame-src 'self' *.youtube.com https://www.euro-area-statistics.org *.onetrust.com www.google.com centralbankofireland.qualtrics.com registration.socio.events web-chat.nativechat.com forms.hsforms.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com *.cookielaw.org *.onetrust.com *.google-analytics.com *.doubleclick.net *.analytics.google.com *.cludo.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.onetrust.com www.google.com https://www.euro-area-statistics.org centralbankofireland.qualtrics.com web-chat.nativechat.com 1
default-src 'self'; frame-src 'none'; frame-ancestors 'none'; script-src 'self' https://lugeja.e-tervis.ee; style-src 'self' 'unsafe-inline'; img-src 'self' https://lugeja.e-tervis.ee data:; connect-src 'self' https://lugeja.e-tervis.ee https://sso.test.tehik.ee/auth/ https://sso.sm.ee/auth/; 1
default-src 'self' data: *.googleoptimize.com *.googleoptimize.com *.doubleclick.net *.googletagmanager.com *.facebook.com connect.facebook.net dezlwerqy1h00.cloudfront.net d7qztf2ityad6.cloudfront.net d1gb7gicmr8iau.cloudfront.net *.google-analytics.com ajax.googleapis.com fonts.googleapis.com js-agent.newrelic.com bam.nr-data.net www.youtube.com *.google.com *.google.nl www.gstatic.com fonts.gstatic.com *.vimeo.com *.ytimg.com *.licdn.com *.linkedin.com hello.myfonts.net 'unsafe-inline' *.trust.com 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google-analytics.com https://www.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://www.google.com https://unpkg.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com; frame-src 'self' https://www.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com https://cdn.cloudflare.com; img-src 'self' data: https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com; font-src 'self' https://fonts.gstatic.com https://unpkg.com; 1
default-src *; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://s7.addthis.com/ https://*.typekit.net/ https://*.klaviyo.com/ https://heapanalytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://apps.bazaarvoice.com/ https://display.ugc.bazaarvoice.com/ https://dl.episerver.net https://fonts.googleapis.com wss://input.noibu.com https://cdn.noibu.com https://input.noibu.com https://libraries.unbxdapi.com https://*.klaviyo.com/ https://*.typekit.net/ https://www.googletagmanager.com/ https://heapanalytics.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: wss://input.noibu.com https://collector-22537.us.tvsquared.com/tv2track.php https://collector-22537.us.tvsquared.com/tv2track.js https://cdn.noibu.com https://input.noibu.com https://6225223.global.siteimproveanalytics.io/ https://t.blockboardtech.com/ https://track.app.channeliq.com/ https://lwjs.azureedge.net/cjs/cuisinartv3.js https://ct.pinterest.com https://display.ugc.bazaarvoice.com/ https://dl.episerver.net https://googleads.g.doubleclick.net/ https://i.ytimg.com/ https://img.youtube.com/ https://log.pinterest.com/ https://network.bazaarvoice.com/ https://network-a.bazaarvoice.com/ https://*.azurefd.net/ https://photos-us.bazaarvoice.com/ https://pixel.quantserve.com/ https://sp.analytics.yahoo.com/ https://stats.g.doubleclick.net/ https://track.app.channeliq.com/ https://tracker.unbxdapi.com/ https://wtb.app.channeliq.com/ https://www.addthis.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.pages05.net/ https://www.youtube.com/player_api https://*.getclicky.com/ https://bat.bing.com/ https://*.klaviyo.com/ https://*.cloudfront.net/ https://ad.ipredictive.com/ https://www.mczbf.com/  https://tags.w55c.net/ https://fonts.gstatic.com/ https://ad.doubleclick.net/ https://heapanalytics.com https://cdn.cookielaw.org/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com wss://input.noibu.com https://cdn.noibu.com/ https://input.noibu.com/ http://siteimproveanalytics.com/ https://lwjs.azureedge.net/cjs/cuisinart.js https://lwjs.azureedge.net/cjs/cuisinartv3.js https://lwpixel.azurefd.net/t/v2/cuisinart2 https://lwpixel.azurefd.net/ https://collector-22537.us.tvsquared.com/tv2track.php https://collector-22537.us.tvsquared.com/tv2track.js https://ajax.googleapis.com/ https://analytics-static.ugc.bazaarvoice.com https://api.bazaarvoice.com/ https://cdn.mouseflow.com/ https://api.siteimprove.com/ https://my2.siteimprove.com https://cdn.siteimprove.net/ https://apps.bazaarvoice.com/ https://apps.nexus.bazaarvoice.com/ https://assets.pinterest.com/ https://bat.bing.com/bat.js https://bat.bing.com/p/action/ https://cdnjs.cloudflare.com https://connect.facebook.net/ https://d21gpk1vhmjuf5.cloudfront.net/ https://display.ugc.bazaarvoice.com/ https://dl.episerver.net/ https://googleads.g.doubleclick.net/ https://libraries.unbxdapi.com https://m.addthis.com https://network.bazaarvoice.com/ https://rules.quantcount.com/ https://s.pinimg.com/ https://s.yimg.com/ https://s7.addthis.com/ https://search.unbxd.io/ https://secure.quantserve.com/ https://siteimproveanalytics.com/ https://sp.analytics.yahoo.com/ https://t.blockboardtech.com/ https://track.app.channeliq.com/ https://v1.addthisedge.com https://whereowaredev.atlassian.net/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.sc.pages05.net/ https://z.moatads.com/ https://az416426.vo.msecnd.net/ https://*.klaviyo.com/ https://www.mczbf.com/ https://ssl.google-analytics.com/ https://js.adsrvr.org/ https://static.site24x7rum.com/ https://analytics.tiktok.com/ *.www.mczbf.com https://c.amazon-adsystem.com https://script.crazyegg.com/ https://ct.pinterest.com/ https://cdn.heapanalytics.com https://heapanalytics.com https://cdn.cookielaw.org; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.vimeocdn.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com .facebook.net https://acsbapp.com *.amazonaws.com *.jotfor.ms *.jotform.com 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.mailchimp.com *.jotfor.ms 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self' *.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://cdn.acsbapp.com; font-src 'self' data: *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com 'unsafe-inline'; frame-src 'self' *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com *.sonichealthcareusa.com *.jotform.com *.jotfor.ms *.propath.com; object-src 'none'; 1
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' *.google-analytics.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' www.googletagmanager.com data: blob:;font-src 'self' fonts.gstatic.com fonts.googleapis.com;connect-src 'self';media-src 'self'; 1
frame-ancestors 'self' https://gogstbill.com https://bill.gogstbill.com; 1
frame-ancestors http://www.seafoodsource.com https://divcomplatform.s3.amazonaws.com 1
upgrade-insecure-requests; base-uri 'self'; default-src 'self'; connect-src 'self' https://*.hubspot.com https://*.appsflyer.com https://*.doubleclick.net https://*.clarity.ms https://*.google-analytics.com https://*.lambda-url.ap-northeast-1.on.aws https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://assets.ctfassets.net; font-src 'self' https://*.appsflyer.com https://*.gstatic.com; frame-src 'self' https://*.doubleclick.net https://*.hubspot.com https://*.youtube.com; img-src 'self' data: https://*.twitter.com https://aw.dw.impact-ad.jp https://*.clarity.ms https://*.ctfassets.net https://*.onelink.me https://t.co https://tr.lfeeder.com https://*.hubspot.com https://*.google-analytics.com https://*.google.co.jp https://*.google.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.co.jp https://*.a8.net https://*.gstatic.com https://googletagmanager.com; media-src 'self' https://*.paidy.com; script-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.google.co.jp https://*.appsflyer.com https://*.ads-twitter.com https://*.yimg.jp https://*.yahoo.co.jp https://sc.lfeeder.com https://yubinbango.github.io https://*.a8.net https://*.clarity.ms https://*.ebis.ne.jp https://*.impact-ad.jp https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.usemessages.com https://ssl.google-analytics.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com; frame-ancestors 'none'; 1
frame-ancestors https://app.storyblok.com http://app.storyblok.com/ 1
default-src 'self'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-src * 'unsafe-inline'; img-src * data:; connect-src * 'unsafe-inline'; object-src 'none'; 1
default-src 'self'; img-src 'self' data: * public.surveyplanet.com *.cloudinary.com; script-src 'self' 'unsafe-inline' public.surveyplanet.com www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' public.surveyplanet.com fonts.googleapis.com; font-src 'self' public.surveyplanet.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.surveyplanet.com *.sentry.io *.googletagmanager.com *.google-analytics.com *.doubleclick.net; child-src 'self' *.surveyplanet.com *.spstage.us; manifest-src public.surveyplanet.com; object-src 'none'; 1
img-src 'self' 'unsafe-eval' data: https://www.snapsurveys.com https://v2.zopim.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.co.uk https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://ct.capterra.com https://11f666a64f9514fe2437-501cd984d9c7b3ac1a3daebffdc0785b.ssl.cf3.rackcdn.com https://eiyhl.stripocdn.email; style-src 'self' 'unsafe-inline' 'report-sample' https://use.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://ajax.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.clarity.ms https://c.bing.com https://widget-mediator.zopim.com https://player.vimeo.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://v2.zopim.com https://static.zdassets.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cse.google.com; font-src 'report-sample' 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://v2.zopim.com; connect-src 'self' https://*.clarity.ms https://c.bing.com https://ekr.zdassets.com https://stats.g.doubleclick.net https://*.google-analytics.com https://www.googleadservices.com https://yoast.com wss://widget-mediator.zopim.com https://www.google.co.uk https://*.analytics.google.com; frame-src 'self' https://*.snapsurveys.com https://www.google.com https://player.vimeo.com https://www.youtube.com https://securityscorecard.com; base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' ; object-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'self';frame-ancestors 'self' https://*.snapsurveys.com 1
default-src 'self'; media-src 'self' ws://localhost:3035 localhost:3035 *.ctfassets.net malala.org *.malala.org *.youtube.com www.youtube.com *.twimg.com; font-src *.fontawesome.com doublethedonation.com localhost:8080 *.doublethedonation.com *.typekit.net *.googleapis.com *.cognitoforms.com *.gstatic.com cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net 'self' data:; img-src * malala.org ws://localhost:3035 localhost:3035 *.malala.org 'self' data:; object-src 'none'; script-src malala.org *.malala.org *.gtm.js ws://localhost:3035 localhost:3000 localhost:3035 *.googleapis.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com optimize.google.com doublethedonation.com *.doublethedonation.com *.bugsnag.com *.consensu.org *.givelively.org *.stripe.com *.paypal.com *.cognitoforms.com *.plaid.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com *.typeform.com *.typekit.net *.website-files.com d3e54v103j8qbb.cloudfront.net *.facebook.net cdnjs.cloudflare.com *.adroll.com us-u.openx.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.yahoo.com eb2.3lift.com trc.taboola.com simage2.pubmatic.com sync.outbrain.com pixel.rubiconproject.com dsum-sec.casalemedia.com pixel.advertising.com *.googleadservices.com *.ytimg.com *.audima.co *.fontawesome.com unpkg.com *.unpkg.com *.weglot.com *.jsdelivr.com *.cloudfront.net *.twitter.com *.twimg.com *.instagram.com *.tiktok.com *.ttwstatic.com *.donorbox.org *.bugherd.com *.bamboohr.com *.thegivingblock.com 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src malala.org *.malala.org ws://localhost:3035 localhost:3035 *.fontawesome.com optimize.google.com fonts.googleapis.com *.typekit.net *.stripe.com *.paypal.com *.website-files.com doublethedonation.com *.plaid.com *.doublethedonation.com *.googleapis.com *.givelively.org *.cognitoforms.com *.youtube.com *.vimeo.com cdnjs.cloudflare.com tagmanager.google.com unpkg.com *.unpkg.com *.ytimg.com *.weglot.com *.cloudfront.net *.twitter.com *.twimg.com *.tiktok.com *.ttwstatic.com *.bugherd.com 'self' unsafe-inline unsafe-eval 'unsafe-inline' 'unsafe-eval'; connect-src 'self' malala.org *.malala.org ws://localhost:3035 localhost:3035 *.fontawesome.com *.google-analytics.com google-analytics.com localhost:8080 *.cognitoforms.com *.stripe.com doublethedonation.com *.doublethedonation.com *.paypal.com *.googletagmanager.com *.google.com *.plaid.com *.bugsnag.com *.givelively.org *.youtube.com *.vimeo.com malala.trilogyforms.com tagmanager.google.com *.ytimg.com *.plyr.io noembed.com *.type *.doubleclick.net *.weglot.com cdn-api-weglot.com *.ctfassets.net www.bugherd.com bugherd-attachments.s3.amazonaws.com ws.pusherapp.com screenshots.bugherd.com sessions.bugsnag.com t.co *.twitter.com *.twimg.com *.facebook.com *.pusher.com *.bamboohr.com; frame-src 'self' malala.org ws://localhost:3035 localhost:3035 *.malala.org *.audima.co *.stripe.com localhost:8080 optimize.google.com doublethedonation.com *.plaid.com *.doublethedonation.com *.youtube.com *.givelively.org *.vimeo.com *.typeform.com *.facebook.com *.facebook.net cdn.embedly.com *.youtube.com www.youtube.com *.youtube-nocookie.com *.ytimg.com *.tgbwidget.com tgbwidget.com *.twitter.com *.instagram.com *.twimg.com *.ted.com *.tiktok.com *.ttwstatic.com youtu.be donorbox.org widget.thegivingblock.com *.donorbox.org; child-src *.facebook.com *.facebook.net; form-action *.facebook.com *.facebook.net *.twitter.com *.twimg.com *.trilogyforms.com; worker-src 'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.reedsmith.com *.usercentrics.eu https://www.instagram.com/ https://code.jquery.com/ https://www.podbean.com/ https://app.usercentrics.eu/ https://app-script.monsido.com https://tracking.monsido.com https://www.google.com/ https://maps.googleapis.com/ https://code.jquery.com https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com https://www.buzzsprout.com *.google.com *.twitter.com *.twimg.com *.googleapis.com googleapis.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net addthis.com *.addthis.com *.doubleclick.net doubleclick.net *.addthisedge.com addthisedge.com *.gstatic.com *.moatads.com moatads.com *.podbean.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.reedsmith.com *.usercentrics.eu https://app.usercentrics.eu/ maps.googleapis.com googleapis.com https://www.googletagmanager.com https://www.instagram.com/embed.js https://www.google.com/ https://maps.googleapis.com/ https://app-script.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://cdn.yoshki.com *.google.com *.twitter.com *.twimg.com *.googleapis.com googleapis.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net addthis.com *.addthis.com *.doubleclick.net doubleclick.net *.addthisedge.com addthisedge.com *.gstatic.com *.moatads.com moatads.com *.podbean.com *.hotjar.com; object-src 'self'; img-src 'self' data: https://i.ytimg.com/ maps.gstatic.com https://maps.gstatic.com/ *.googleapis.com googleapis.com *.ggpht.com *.usercentrics.eu  *.monsido.com http://reedsmith.vuture.net https://www.google-analytics.com https://www.googletagmanager.com https://cdn.yoshki.com *.twitter.com *.twimg.com; font-src 'self' https://fonts.gstatic.com *.hotjar.com; connect-src 'self' ws: *.usercentrics.eu https://maps.googleapis.com https://www.google-analytics.com https://www.buzzsprout.com *.twitter.com *.twimg.com *.getsitectrl.com *.hotjar.com *.hotjar.io; frame-ancestors 'self' *.usercentrics.eu  https://tracking.monsido.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.buzzsprout.com *.gstatic.com *.twitter.com *.twimg.com googleapis.com; report-uri https://233122823c47f119af0143cbea7853d6.report-uri.com/r/d/csp/enforce 1
script-src https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; font-src * data: https:; img-src * data: https:; media-src * data: blob: https:; worker-src blob:; connect-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com https://optimalworkshop.formstack.com; style-src https://*.optimalworkshop.com https://*.dev-optimalworkshop.com https://*.google-analytics.com https://*.intercom.io wss://*.intercom.io https://*.fontawesome.com https://*.doubleclick.net https://*.wistia.com https://*.litix.io https://*.bing.com https://*.linkedin.oribi.io https://px.ads.linkedin.com https://*.hotjar.io https://*.bamboohr.com https://*.googlesyndication.com https://*.analytics.google.com https://*.outbrain.com https://*.googleapis.com https://*.hotjar.io https://*.facebook.com wss://*.hotjar.com https://pixel.wp.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://browser-intake-datadoghq.com https://optimalworkshop.formstack.com blob: https: 'unsafe-inline' 1
frame-ancestors 'self' newyorkstate.simpleviewcms.com www.iloveny.com; 1
default-src 'self' ajax.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com *.analytics.google.com *.google.com *.google-analytics.com fonts.gstatic.com; img-src 'self' 'unsafe-inline' * data: www.w3.org irs.tools.investis.com; frame-src 'self' *.investis.com *.youtube.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com fonts.googleapis.com maxcdn.bootstrapcdn.com irs.tools.investis.com fonts.gstatic.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.investisdigital.com fast.fonts.net; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.google.com *.google-analytics.com ajax.googleapis.com irs.tools.investis.com *.googletagmanager.com *.google-analytics.com *.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.lfeeder.com *.youtube.com youtube-nocookie.com; connect-src 'self' *.investisdigital.com ajax.googleapis.com *.googletagmanager.com *.analytics.google.com *.google.com *.google-analytics.com *.google-analytics.com maps.googleapis.com maps.google.com *.amazonaws.com stats.g.doubleclick.net; base-uri 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://apify.com https://*.apify.com https://*.intercom.io https://*.intercom.help https://intercom-sheets.com https://intercom.help wss://*.intercom.io https://*.intercomassets.com https://*.s3.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://*.intercomcdn.com https://*.zapier.com https://zapier.com https://*.bootstrapcdn.com https://*.apiary.com https://*.apiary.io https://*.fury.io https://travis-ci.org https://*.travis-ci.org https://travis-ci.com https://*.travis-ci.com https://*.cloudfront.net https://*.algolianet.com https://*.algolianet.net https://*.algolia.net https://*.algolia.io https://browser.sentry-cdn.com https://*.sentry.io https://*.sentry-cdn.com https://*.reddit.com/ https://www.redditstatic.com/ads/ https://ghbtns.com/ https://*.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com/ https://tagmanager.google.com https://*.google-analytics.com https://ssl.google-analytics https://*.g.doubleclick.net https://*.doubleclick.net https://optimize.google.com https://www.googleoptimize.com https://translate.google.com https://*.googlesyndication.com https://translate.googleapis.com https://www.googleadservices.com https://*.google.com/pagead/ https://*.google.com/pagead/landing https://*.google.cz/pagead/landing https://*.googlesyndication.com/pagead/ https://*.googlesyndication.com/pagead/landing https://*.google.com/ads/ https://*.google.cz/ads/ https://*.g.doubleclick.net/ https://*.doubleclick.net https://*.smartlook.com https://*.smartlook.cloud https://*.dreamdata.cloud https://cdn.firstpromoter.com https://t.firstpromoter.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.hscollectedforms.net https://js.hsforms.net https://*.hsforms.com https://*.hubspot.com https://forms.hubspot.com https://track.hubspot.com https://api.hubapi.com/ https://js.hsleadflows.net https://js.hsadspixel.net https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://geolocation.onetrust.com https://tracking.g2crowd.com https://*.maze.co https://api-js.mixpanel.com https://www.clarity.ms https://*.clarity.ms https://*.lfeeder.com https://www.youtube.com https://noembed.com https://*.vimeo.com https://vimeo.com/api/oembed.json https://ourworldindata.org/grapher/internet-users-by-world-region https://*.fs1.hubspotusercontent-na1.net https://apify.ghost.io; object-src 'self'; img-src 'self' blob: data: https://apify.com https://*.apify.com https://*.google.com https://*.googleusercontent.com https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://fonts.googleapis.com https://*.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://*.google.com/pagead/ https://*.google.cz/pagead/ https://*.googlesyndication.com/pagead/ https://*.google.com/ads/ https://*.google.cz/ads/ https://*.g.doubleclick.net/ https://*.zapier.com https://zapier.com https://*.intercom.io https://*.intercom.help https://intercom.help https://intercom-sheets.com https://*.intercomassets.com https://*.intercomcdn.com https://*.fury.io https://travis-ci.com https://*.travis-ci.com https://travis-ci.org https://*.travis-ci.org https://*.cloudfront.net https://*.s3.amazonaws.com https://*.s3.us-east-1.amazonaws.com https://raw.githubusercontent.com/apify/ https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ https://cdn.jsdelivr.net/gh/lipis/flag-icons/flags/ https://www.redditstatic.com/ads/ https://*.reddit.com/ https://ghbtns.com/ https://*.hsforms.com https://forms.hubspot.com https://track.hubspot.com https://ct.capterra.com https://cookie-cdn.cookiepro.com https://cookiepro.blob.core.windows.net/logos/static/ot_persistent_cookie.png https://privacyportal.cookiepro.com/request/v1/consentreceipts https://*.lfeeder.com https://*.gravatar.com https://avatars.githubusercontent.com https://*.facebook.com https://*.fbcdn.net https://*.twimg.com https://*.wp.com https://*.fbsbx.com https://ph-files.imgix.net https://miro.medium.com https://i.ytimg.com/vi/053B5L-eotQ/hqdefault.jpg https://*.fs1.hubspotusercontent-na1.net https://*.trustradius.com https://*.crozdesk.com https://assets.capterra.com https://*.g2.com https://images.apifyusercontent.com; worker-src 'self' blob: 1
frame-ancestors https://*.gupshup.io/ https://*.superlemon.xyz 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://seriesmy.com/ https://connect.facebook.net; frame-ancestors 'self' https://me168.xyz https://up2img.com https://vk.com https://ok.ru https://my.mail.ru https://www.dailymotion.com https://www.facebook.com; 1
frame-ancestors 'self' https://*.notifica.re 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.calconic.com gist.github.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com www.googleadservices.com platform.twitter.com *.list-manage.com www.google.com *.g.doubleclick.net tpc.googlesyndication.com;connect-src 'self' ws://localhost:* vitals.vercel-insights.com statistics-dot-calconic-app.appspot.com app.calconic.com www.emergetools.com www.google-analytics.com *.google.com api.emergetools.com afic2dn9u6.execute-api.us-west-1.amazonaws.com api-js.mixpanel.com o497846.ingest.sentry.io emerge-icons-dev.s3.us-west-1.amazonaws.com emerge-icons-prod.s3.us-west-1.amazonaws.com emerge-uploads-dev.s3.us-west-1.amazonaws.com emerge-uploads-prod.s3.us-west-1.amazonaws.com emerge-uploads-dev.s3-accelerate.amazonaws.com emerge-uploads-prod.s3-accelerate.amazonaws.com optimized-images-emerge.s3.us-west-1.amazonaws.com emerge-flamegraph-results-dev.s3.us-west-1.amazonaws.com emerge-flamegraph-results-prod.s3.us-west-1.amazonaws.com emerge-processed-builds-prod.s3.us-west-1.amazonaws.com emerge-processed-builds-dev.s3.us-west-1.amazonaws.com emerge-private-static-resources-dev.s3.us-west-1.amazonaws.com emerge-private-static-resources-prod.s3.us-west-1.amazonaws.com emerge-perf-test-results-dev.s3.us-west-1.amazonaws.com emerge-perf-test-results-prod.s3.us-west-1.amazonaws.com emerge-snapshots-prod.s3.us-west-1.amazonaws.com emerge-snapshots-dev.s3.us-west-1.amazonaws.com http://localhost:37577 https://previews-prod.emergetools.com https://previews-dev.emergetools.com; img-src 'self' data: www.google-analytics.com avatars.githubusercontent.com googleads.g.doubleclick.net www.google.com *.amazonaws.com assets.calendly.com platform.slack-edge.com syndication.twitter.com *.mzstatic.com *.googleusercontent.com; object-src 'self' data:; media-src 'self' data: https://prod-us-west-2-results.s3-us-west-2.amazonaws.com; style-src 'self' 'unsafe-inline' github.githubassets.com fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-src 'self' data: fonts.gstatic.com; frame-src 'self' platform.twitter.com calendly.com https://www.youtube-nocookie.com;report-uri https://o497846.ingest.sentry.io/api/5855846/security/?sentry_key=410decd0c4804fea88a868f620b66d69 1
script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' 'unsafe-eval' * 1
frame-ancestors 'self' https://*.bod.de https://*.bod.ch https://*.bod.dk https://*.bod.fi https://*.bod.fr https://*.bod.se https://*.bod.com.es https://*.bod.no https://*.twentysix.de; 1
base-uri 'self' https://d.paydirekt.de; default-src 'self'; script-src 'self' https://d.paydirekt.de https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://d.paydirekt.de; img-src 'self' https://api.paydirekt.de 'unsafe-inline' data: https://t.paydirekt.de; font-src 'self'; object-src 'self' https://d.paydirekt.de; child-src 'self'; frame-src 'self' https://www.google.com/recaptcha/; manifest-src 'none'; connect-src 'self' https://api.paydirekt.de https://d.paydirekt.de; form-action 'self' https://api.paydirekt.de; plugin-types application/x-shockwave-flash application/pdf; 1
frame-ancestors "none" 1
default-src 'self' *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://bat.bing.com https://az416426.vo.msecnd.net https://snap.licdn.com *.sub2tech.com *.youtube.com *.ytimg.com https://dl.episerver.net *.facebook.net https://googleads.g.doubleclick.net *.whisbi.com *.nr-data.net https://js-agent.newrelic.com/ https://code.jquery.com https://code.createjs.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.gstatic.com *.onetrust.com *.hotjar.com *.trustpilot.com *.browsealoud.com *.adnxs.com *.ads-twitter.com https://analytics.twitter.com/ https://platform.twitter.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://ads.nextdoor.com/public/pixel/ndp.js https://client.prod.mplat-ppcprotect.com https://ade.googlesyndication.com https://ad.doubleclick.net *.analytics.google.com; worker-src *.onetrust.com *.hotjar.com *.facebook.net *.whisbi.com *.googletagmanager.com *.browsealoud.com *.adnxs.com *.episerver.net *.googleadservices.com *.google.com *.googleapis.com 'self' data: gap: ws:; connect-src *.nr-data.net js-agent.newrelic.com *.ads-twitter.com analytics.twitter.com t.co js.monitor.azure.com https://dc.services.visualstudio.com/v2/track *.g.doubleclick.net https://googleads.g.doubleclick.net *.code.createjs.com *.browsealoud.com *.adnxs.com *.onetrust.com *.hotjar.io *.hotjar.com *.facebook.net *.facebook.com *.whisbi.com *.gstatic.com *.google-analytics.com *.youtube.com *.ytimg.com *.googletagmanager.com *.episerver.net *.googleapis.com https://click.prod.mplat-ppcprotect.com https://bat.bing.com 'self' data: gap: ws:; img-src 'self' data: gap: https://bat.bing.com https://analytics.twitter.com *.amazonaws.com *.facebook.net *.facebook.com *.whisbi.com *.adnxs.com *.twimg.com *.google.co.uk https://csi.gstatic.com *.googleadservices.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net https://ad.doubleclick.net/ *.onetrust.com *.hotjar.com https://t.co/ https://tracking.audio.thisisdax.com *.linkedin.com https://px.ads.linkedin.com/ https://flask.nextdoor.com/; style-src 'self' 'unsafe-inline' *.googleadservices.com *.google.com *.facebook.net *.whisbi.com *.googleapis.com hello.myfonts.net *.onetrust.com *.hotjar.com; font-src 'self' data: *.gstatic.com *.onetrust.com *.hotjar.com; form-action 'self' https://www.facebook.com; object-src 'self'; media-src 'self'; frame-src 'self' https://12801504.fls.doubleclick.net/ https://cdn.flipsnack.com/ https://servedby.flashtalking.com/ https://vars.hotjar.com/ https://static.hotjar.com *.hotjar.com *.facebook.net https://www.facebook.com *.whisbi.com https://www.google.com/recaptcha/ https://player.vimeo.com https://www.youtube.com https://secure.flife.de https://irs.tools.investis.com https://otp.tools.investis.com https://metrobankonline.marketing.dynamics.com/ https://www.appdemostore.com https://metrobankdigital.invisionapp.com https://widget.trustpilot.com https://td.doubleclick.net/ 1
frame-ancestors 'self' *.facebook.com *.heartmath.org *.na3.netsuite.com *.pardot.com 1
upgrade-insecure-requests; default-src 'self' wss://*.hotjar.com *.dhl24.com.pl *.dhl.pl; img-src 'self' x.bidswitch.net r.casalemedia.com id5-sync.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com e1.emxdgt.com dpm.demdex.net *.criteo.com region1.analytics.google.com *.bing.com *.clarity.ms cdn.cookielaw.org www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se optimize.google.com www.google.com www.google.pl www.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.criteo.com *.criteo.net *.facebook.com *.fbcdn.net *.openstreetmap.org dhlpoland.pl *.hotjar.com *.hotjar.io *.tradedoubler.com *.smartadserver.com *.adform.net *.push-ad.com push-ad.com adservice.google.com *.getsitecontrol.com push.dhl24.com.pl plugin.management *.plugin.management analyst.services *.analyst.services *.amazonaws.com *.revhunter.tech *.dhl24.com.pl *.dhl.pl; script-src 'strict-dynamic' 'nonce-z6dYkRu4lqkuoyBeX9hjikf0' *.push-ad.com push-ad.com *.criteo.com *.criteo.net accounts.google.com www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se optimize.google.com www.google.com www.google.pl www.gstatic.com *.google-analytics.com *.googleadservices.com *.doubleclick.net connect.facebook.net swrap.tradedoubler.com *.clickonometrics.pl *.retargeted.co cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com cdnjs.cloudflare.com analytics.sleeknote.com fonts.googleapis.com *.hotjar.com *.hotjar.io *.sleeknote.com tbl.tradedoubler.com tbs.tradedoubler.com tpc.googlesyndication.com www.facebook.com tagmanager.google.com cookielaw.org dhlpoland.pl *.tradedoubler.com a.omappapi.com optinmonster.com adservice.google.com *.getsitecontrol.com push.dhl24.com.pl plugin.management *.plugin.management analyst.services *.analyst.services *.amazonaws.com *.smartlook.com *.smartlook.cloud *.revhunter.tech *.dhl24.com.pl *.dhl.pl 'unsafe-eval' *.googletagmanager.com; style-src 'self' 'nonce-z6dYkRu4lqkuoyBeX9hjikf0' *.criteo.com www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se optimize.google.com *.bootstrapcdn.com *.hotjar.com *.hotjar.io fonts.googleapis.com *.push-ad.com push-ad.com *.doubleclick.net *.googletagmanager.com *.getsitecontrol.com push.dhl24.com.pl *.revhunter.tech cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com *.dhl24.com.pl *.dhl.pl; font-src 'self' www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se *.bootstrapcdn.com *.hotjar.com *.hotjar.io fonts.gstatic.com *.push-ad.com *.doubleclick.net *.googletagmanager.com *.getsitecontrol.com push-ad.com push.dhl24.com.pl *.revhunter.tech *.dhl24.com.pl *.dhl.pl; frame-src 'self' *.criteo.com *.criteo.net www.google.at www.google.co.uk www.google.cz www.google.de www.google.fi www.google.it www.google.nl www.google.se optimize.google.com www.google.com *.dhl.pl *.hotjar.com *.hotjar.io tbs.tradedoubler.com *.push-ad.com push-ad.com *.doubleclick.net *.googletagmanager.com adservice.google.com *.getsitecontrol.com push.dhl24.com.pl plugin.management *.plugin.management analyst.services *.analyst.services *.amazonaws.com *.revhunter.tech; connect-src 'self' *.criteo.com region1.analytics.google.com *.clarity.ms *.google-analytics.com *.hotjar.com *.hotjar.io *.doubleclick.net *.push-ad.com push-ad.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com *.googletagmanager.com adservice.google.com wss://*.hotjar.com *.getsitecontrol.com push.dhl24.com.pl plugin.management *.plugin.management analyst.services *.analyst.services *.amazonaws.com *.smartlook.com *.smartlook.cloud *.revhunter.tech; worker-src 'self' blob: 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://ws.zoominfo.com https://api.schedule.zoominfo.com https://js.zi-scripts.com https://analytics.google.com https://cdn.linkedin.oribi.io https://*.clickagy.com https://px.ads.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com https://calendly.com https://fider.simplerisk.com https://www.googletagmanager.com https://*.clickagy.com https://insight.adsrvr.org https://match.adsrvr.org; img-src 'self' https://i.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://fonts.gstatic.com https://bat.bing.com https://px.ads.linkedin.com https://*.clickagy.com https://idsync.rlcdn.com https://*.doubleclick.net https://sync.crwdcntrl.net https://us-u.openx.net https://pixel-sync.sitescout.com https://dpm.demdex.net https://*.agkn.com https://www.google-analytics.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://assets.calendly.com https://bat.bing.com https://ws-assets.zoominfo.com https://schedule.zoominfo.com https://snap.licdn.com https://ws.zoominfo.com https://js.zi-scripts.com https://tags.clickagy.com https://js.adsrvr.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://assets.calendly.com https://bat.bing.com https://ws-assets.zoominfo.com https://schedule.zoominfo.com https://www.youtube.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://bat.bing.com https://www.youtube.com https://cdn.jsdelivr.net https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://assets.calendly.com https://ws.zoominfo.com https://ws-assets.zoominfo.com https://js.zi-scripts.com https://snap.licdn.com https://*.clickagy.com https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.simplerisk.com/report-uri/enforce 1
frame-ancestors 'self' webwavecms.com webwave.me ro.webwave.me webwave.ro webwave.com.au szablony.webwavecms.com templates.webwave.me templates.webwave.com.au sabloane.webwave.ro ; 1
connect-src 'self' *.bigid.com *.bigidprivacy.cloud *.dspm.ai *.usercentrics.eu *.hsforms.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com *.fontawesome.com *.document360.io *.gopronto.io *.googleapis.com *.gstatic.com *.jsdelivr.net *.iconify.design *.bigid.tools *.talentlms.com *.algolianet.com *.algolia.net *.google.com *.googletagmanager.com *.google-analytics.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.acsbapp.com/config/store.idealimage.com/config.json https://cdn.acsbapp.com/config/idealimage.com/config.json https://cdn.acsbapp.com/config/beideal.idealimage.com/config.json https://*.peek-achoo.com https://*.googlesyndication.com https://*.ally.com https://acsbapp.com https://*.bing.com https://*.bugsnag.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://*.cookielaw.org https://*.crazyegg.com https://*.doubleclick.net https://*.e-signlive.com https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.ggpht.com https://*.go2sdk.com https://*.gonift.com https://*.google-analytics.com https://*.google.co.in https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.googleusercontent.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io http://*.idealimage.com https://*.idealimage.com https://*.jsdelivr.net https://*.litix.io https://*.mutinyhq.com https://*.mutinycdn.com https://*.mutinyhq.io https://*.myfortiva.com https://*.nmi.com https://*.onetrust.com https://*.pardot.com https://*.pingdom.net https://*.puntpunt.fun https://s3.amazonaws.com/documents.idealimage.com/ https://*.securedvisit.com https://*.snapchat.com https://*.sv.rkdms.com https://*.taboola.com https://*.tiktok.com https://*.typekit.net https://player.vimeo.com https://*.wistia.com https://*.wistia.net https://*.xg4ken.com https://aspireiq.go2cloud.org https://e-signlive.com https://google.com https://*.salesforce-sites.com https://idealimage.secure.force.com https://imagedelivery.net https://pixel.locker2.com https://pixel.wp.com https://res.cloudinary.com https://s.w.org https://s3.us-east-1.amazonaws.com https://sc-static.net https://stats.wp.com https://tsdtocl.com https://assets.scrippsdigital.com https://us01ccistatic.zoom.us wss://*.hotjar.com data: blob:; frame-ancestors https://app.mutinyhq.com https://*.nmi.com; 1
frame-ancestors 'self' https://www.steris.com https://ww1.steris.com https://archportal.steris.com https://gateway.steris.com https://sitecore-healthcare-xm-centralus-prod-cd.azurewebsites.net/; 1
base-uri 'self'; connect-src 'self' https://*.hathway.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://*.clarity.ms https://jsonip.com https://cloud.yellow.ai wss://cloud.yellow.ai; default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://*.hathway.com blob:; font-src 'self' https://*.hathway.com https://fonts.gstatic.com https://cdn.yellowmessenger.com https://cdnjs.cloudflare.com; frame-src 'self' https://*.hathway.com https://www.youtube.com https://td.doubleclick.net https://youtube.com https://mumbaispeed.hathway-connect.com:9090 https://www.google.com; img-src 'self' data: https://*.hathway.com https://c.clarity.ms https://www.google.com https://*.g.doubleclick.net https://*.bing.com https://maps.googleapis.com https://maps.gstatic.com https://*.google.co.in https://imageshathway.whatsonindia.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.yellowmessenger.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; object-src https://*.hathway.com https://mumbaispeed.hathway-connect.com:9090; script-src 'self' 'unsafe-inline' https://*.hathway.com https://www.clarity.ms https://www.googleadservices.com https://connect.facebook.net https://*.g.doubleclick.net https://maps.googleapis.com https://*.google.com https://googleadservices.com https://*.google.co.in https://www.gstatic.com http://tinyurl.com https://cdn.yellowmessenger.com https://www.googletagmanager.com https://code.jquery.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.hathway.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.yellowmessenger.com; worker-src 'self' https://*.hathway.com blob: 1
frame-ancestors 'self' ai.nb.no tools.nb.no; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: *.simplifile.com ssl.google-analytics.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.facebook.net *.googleapis.com *.linkedin.com *.facebook.com *.youtube.com *.vidyard.com *.driftt.com *.on24.com *.contentstack.io *.zscalertwo.net ipapi.co *.amazonaws.com *.vimeo.com *.elliemae.com *.icemortgagetechnology.com *.pardot.com unpkg.com *.google.co.in *.typekit.net *.crazyegg.com *.drift.com *.bing.com *.prod.boltdns.net *.akamaihd.net https://js.stripe.com/ https://cdn.cookielaw.org/ https://players.brightcove.net/ https://edge.api.brightcove.com/ https://metrics.brightcove.com/ https://vjs.zencdn.net/ https://s.ytimg.com/ https://axial-studio-98621.appspot.com/ https://js.stripe.com/; 1
object-src 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.svatantramicrofin.com svatantramicrofin.com analytics.google.com google.co.in www.google.co.in google.com www.google.com googletagmanager.com www.googletagmanager.com cdn.jsdelivr.net fonts.gstatic.com google-analytics.com www.google-analytics.com cdnjs.cloudflare.com fonts.googleapis.com www.googletagmanager.com maps.googleapis.com stats.g.doubleclick.net developers.google.com logo.page-source.com korneacloud.in; 1
frame-ancestors https://*.darkorbit.com/ https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://spele.nl/ https://www.dobregry.pl/ https://fotka.com/ https://www.1001games.co.uk/ https://www.1001jocuri.ro/ https://www.1001jogos.com.br/ https://www.1001jogos.pt/ https://www.igrixl.ru/ https://www.jatekokxl.hu/ https://www.juegosjuegos.ws/ https://www.paixnidiaxl.gr/ https://www.spillespill.no/ https://www.spilxl.dk/ https://www.jeux-gratuits.com/ https://www.minijuegos.com/ https://kizi.com/ https://www.browsergames.de/ https://www.isladejuegos.com/ https://www.juegosdenavegador.com/ https://www.jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ https://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.oyunskor.com/ https://www.spielkarussell.de/ http://www.oyunkolu.com/ https://www.brincar.pt/ https://www.spelle.nl/ https://www.speeleiland.nl/ https://www.kongregate.com/ https://www.spacemmorpg.com/ https://*.y8.com https://darkorbit.rtl.de/; 1
object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.kidneyfund.org https://secure2.convio.net https://*.antigena.com 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com *.ctctcdn.com https://cdnjs.cloudflare.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.9/dist/js/bootstrap-select.min.js https://www.give.org https://code.jquery.com http://code.jquery.com https://cdn.jsdelivr.net/npm/chart.js@2.8.0; style-src 'self' 'unsafe-inline' *.ctctcdn.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *; font-src 'self' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *; img-src 'self' www.googletagmanager.com *.ctctcdn.com https://script.hotjar.com http://script.hotjar.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *; media-src 'self' data: blob: *; frame-src 'self' *.google.com https://vars.hotjar.com https://portal.give.org/ *; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' *.ctctcdn.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com * http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.site.com *.force.com *.my.salesforce.com *.my.salesforce-sites.com *.salesforceliveagent.com fonts.googleapis.com *.googletagmanager.com *.google-analytics.com *.rudderlabs.com  *.google.com testproxy.thriveworks.com thriveworks.com *.wp.com *.facebook.com *.facebook.net *.doubleclick.net *.greenhouse.io *.ensighten.com *.pinterest.com beacon-v2.helpscout.net static.ctctcdn.com *.callrail.com *.googleadservices.com *.bing.com *.zopim.com *.zdassets.com *.gstatic.com *.expertrec.com *.cloudflare.com *.acuityscheduling.com *.wickedreports.com *.visualwebsiteoptimizer.com *.vwo.com *.adroll.com us-u.openx.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net ads.yahoo.com  eb2.3lift.com trc.taboola.com simage1.pubmatic.com simage2.pubmatic.com sync.outbrain.com pixel.rubiconproject.com  dsum-sec.casalemedia.com pixel.advertising.com *.adroll.mgr.consensu.org cdn.parsely.com static.cloudflareinsights.com d2wy8f7a9ursnm.cloudfront.net s.dca0.com static.ads-twitter.com *.hotjar.com *.hotjar.io *.clarity.ms *.split.io cdn.heapanalytics.com heapanalytics.com *.omappapi.com; worker-src 'self' blob: 1
frame-ancestors chrome-extension://epanfjkfahimkgomnigadpkobaefekcd moz-extension://* extension://kcehefigmoclkdfbkfdmclpcnpkcmmec chrome-extension://kcehefigmoclkdfbkfdmclpcnpkcmmec chrome-extension://aoiapjnkkimandkmllpbbfibbjemajbe chrome-extension://dfaleoajblhimpndjfbbkjcmljpjlfag chrome-extension://ppkofofimalnamcjdggombidedepiank chrome-extension://minegaflpmhpgcljobidelncnbninamh chrome-extension://mlggofnbkhmpmlaljfhbalkhlpijbloa chrome-extension://epanfjkfahimkgomnigadpkobaefekcd chrome-extension://eeailkpdijpamdldjjgdlpfanjiaedhh chrome-extension://ncbdopfjdekodallgdaigpinkpgddbak chrome-extension://cmfieleahpabhdppbjfmjbhhglaehehb chrome-extension://cagfaclfinjmbofdnojnioiojelknjok chrome-extension://enjlhglffhjmbcdlhineoaaeblmcekmp 1
object-src 'none';base-uri 'self';script-src 'nonce-5RmBwpmL27yCCN8jk_8XCw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src 'self' 'unsafe-inline'  http://*.jmstatic.com https://*.jmstatic.com http://*.jumei.com https://*.jumei.com http://*.qq.com http://*.qcloud.com ;  child-src 'self' 'unsafe-inline' jumeimall: jmweb:  http://*.qcloud.com http://*.youku.com http://*.jumei.com;  script-src http://*.jmstatic.com https://*.jmstatic.com http://*.gtags.net http://*.zampda.net http://*.ipinyou.com http://*.p0y.cn http://s.emarbox.com https://*.qq.com http://*.qq.com http://qzonestyle.gtimg.cn https://qzonestyle.gtimg.cn http://www.google-analytics.com http://*.qcloud.com https://*.qcloud.com http://*.baidu.com https://*.baidu.com http://*.jumei.com https://*.jumei.com http://ssl.google-analytics.com 'unsafe-inline' 'unsafe-eval';  media-src http://*.jumei.com https://*.jumei.com http://*.myqcloud.com https://*.myqcloud.com http://*.qcloud.com https://*.qcloud.com http://playvideo.qcloud.com https://playvideo.qcloud.com http://*.jmstatic.com https://*.jmstatic.com;  img-src 'self' data: http://*.jmstatic.com https://*.jmstatic.com http://*.gtags.net http://*.jumei.com https://*.jumei.com http://*.jumei.com:8080 http://img0.imgtn.bdimg.com http://*.qq.com http://p.qpic.cn https://*.qq.com http://*.qcloud.com https://*.qcloud.com http://*.myqcloud.com https://*.myqcloud.com http://sd.jumei.com:8106 https://sd.jumei.com:8106 http://www.google-analytics.com http://*.baidu.com http://ssl.google-analytics.com http://*.sinaimg.cn https://*.sinaimg.cn http://*.qlogo.cn https://*.qlogo.cn;  frame-src http://s.h5.jumei.com jumeimall: jmweb: https://api.map.baidu.com http://*.p0y.cn http://*.gtags.net http://*.emarbox.com http://*.myqcloud.com https://*.myqcloud.com http://*.qcloud.com https://*.qcloud.com sinaweibo: weixinping: weixin: 1
default-src*; font-src*;img-src* data:; script-src*; style-src*; 1
frame-ancestors self https://signup.buildbox.com http://login-redirect.buildbox.com https://www.surveymonkey.com/r/K3GMYZC https://www.surveymonkey.com/r/QRNB36V https://www.surveymonkey.com 1
default-src 'none'; font-src data: https://fonts.gstatic.com https://*.pixton.com https://*.hotjar.com; img-src data: https://*.pixton.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.google.ca https://fonts.gstatic.com https://track.hubspot.com https://static.hsappstatic.net https://f.hubspotusercontent40.net https://*.hubapi.com https://*.hubspotusercontent-na1.net https://*.hsforms.com https://www.ssa.gov https://i.ytimg.com https://dna8twue3dlxq.cloudfront.net https://www.facebook.com https://*.hotjar.com; script-src 'unsafe-inline' 'unsafe-eval' https://*.pixton.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.stripe.com https://*.facebook.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hs-analytics.net https://*.hsappstatic.net https://*.hubspot.com https://*.hubspot.net https://*.hubspotfeedback.com https://js.hsleadflows.net https://*.jquery.com https://*.usemessages.com https://cdn.jsdelivr.net https://code.getmdl.io https://platform.linkedin.com https://platform.twitter.com https://www.ssa.gov https://*.youtube.com https://d10lpsik1i8c69.cloudfront.net https://unpkg.com https://vjs.zencdn.net https://cdnjs.cloudflare.com https://*.logr-ingest.com https://*.hotjar.com; style-src 'unsafe-eval' 'unsafe-inline' https://*.pixton.com https://*.googleapis.com https://cdn.jsdelivr.net https://*.hsappstatic.net https://*.hubspot.net https://*.hubspotfeedback.com https://code.getmdl.io https://www.ssa.gov https://www.googletagmanager.com https://unpkg.com https://vjs.zencdn.net https://cdnjs.cloudflare.com https://*.hotjar.com; frame-src blob: https://*.pixton.com https://*.stripe.com https://*.hubspot.com https://*.hsforms.com https://*.youtube.com https://*.typeform.com https://*.hubspotvideo.com https://docs.google.com https://*.translate.goog https://*.twitter.com; connect-src data: blob: https://*.pixton.com wss://*.pixton.com https://*.stripe.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://sentry.io https://*.sumologic.com https://*.cloudfront.net https://*.google.com https://fonts.gstatic.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hscollectedforms.net https://*.typeform.com https://*.facebook.com https://*.logr-ingest.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; media-src blob: https://*.pixton.com https://8929196.fs1.hubspotusercontent-na1.net; object-src https://*.pixton.com; frame-ancestors https://*.pixton.com:* https://*.pixton.com; worker-src blob:; base-uri 'self'; form-action 'self' https://*.hsforms.com; upgrade-insecure-requests 1
default-src 'self' https://horizon-api.www.coggles.com; child-src 'self' https://ct.pinterest.com/ https://*.listrakbi.com/ https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.criteo.com https://static.criteo.net https://www.youtube.com https://www.zenaps.com https://www.instagram.com https://ln-rules.rewardstyle.com https://www.shoplooks.com https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://player.vimeo.com https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.listrakbi.com/ https://analytics.tiktok.com/ https://s.pinimg.com/ https://horizon-api.www.coggles.com https://*.clarity.ms/ https://static.criteo.net/ https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.liveperson.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://*.baidu.com https://connect.facebook.net https://*.parcellab.com https://www.shoplooks.com https://www.google.co.uk https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com  https://sgtm.coggles.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.coggles.com https://m.coggles.com https://checkout.coggles.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://analytics.tiktok.com/ https://*.listrakbi.com/ https://s.pinimg.com/ https://*.listrakbi.com/ https://*.thcdn.com https://lantern.roeyecdn.com/ https://www.hlserve.com/ https://static.criteo.net/ https://www.clarity.ms/ https://*.parcellab.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://remote.captcha.com https://ssl.bing.com https://script.hotjar.com https://ssl.google-analytics.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://tr.snapchat.com https://*.sciencebehindecommerce.com https://static.shoplooks.com https://static.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://sgtm.coggles.com; style-src 'self' 'unsafe-inline' https://*.listrakbi.com/ https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com ; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://*.megaphonetv.com https://*.joinnow.ph https://mp-studio.s3.amazonaws.com; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://cdn-prod.securiti.ai https://tagmanager.google.com; img-src 'self' https://*.googleapis.com https://*.gstatic.com data: *.google.com *.googleusercontent.com https://cdn-prod.securiti.ai https://www.facebook.com/ https://bat.bing.com https://tr.snapchat.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.google.com *.ctfassets.net https://appboy-images.com https://braze-images.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://maps.gstatic.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com *.google.com https://*.ggpht.com *.googleusercontent.com https://safetechpageencryptionvar.chasepaymentech.com https://safetechpageencryption.chasepaymentech.com https://cdn-prod.securiti.ai https://sc-static.net https://connect.facebook.net https://analytics.tiktok.com https://tr-shadow.snapchat.com http://bat.bing.com https://bat.bing.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://tr.snapchat.com https://cdn.riskid.security https://knowledgetags.yextpages.net https://sdk.iad-03.braze.com https://js.appboycdn.com https://csp-reporting.cloudflare.com; frame-src *.google.com https://tr-shadow.snapchat.com https://tr.snapchat.com https://bid.g.doubleclick.net; connect-src 'self' https://*.googleapis.com https://*.google-analytics.com *.google.com https://*.gstatic.com https://cdn-prod.securiti.ai https://app.securiti.ai https://rum.browser-intake-datadoghq.com data: blob: https://tr-shadow.snapchat.com https://analytics.tiktok.com https://tr.snapchat.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://collect.riskid.security https://*.launchdarkly.com https://sdk.iad-03.braze.com; font-src https://fonts.gstatic.com 'self' data:; form-action 'self'; frame-ancestors true 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: android-webview-video-poster: oppocommunity: oppostore: webcompt: *; frame-ancestors 'self' *.oppo.com *.oppo.cn *.opposhop.cn *.wanyol.com; report-uri https://ti.oppo.com/csp/DataReport; report-to https://ti.oppo.com/csp/DataReport; 1
default-src 'self'; script-src *.maps.yandex.net  *.yandex.ru 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' https://tcinet.ru 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; frame-src  'self'  'unsafe-inline' 'unsafe-eval'; connect-src *.yandex.ru  *.1c-bitrix.ru 'self' 1
default-src 'none'; connect-src https://s3.eu-west-1.amazonaws.com/ https://s3.ap-southeast-1.amazonaws.com/ graph.facebook.com https://*.appcues.com/ https://*.appcues.net/ wss://api.appcues.net/ https://*.elev.io/ wss://*.amazonaws.com/ wss://*.apsis.cloud/ wss://*.apsisbeta.one/ wss://*.apsis.one/ https://apsis.cloud/ https://*.apsis.cloud/ https://*.fe-stage.apsis.cloud/ https://*.apsisbeta.one/ https://*.apsis.one/ https://*.auth0.com/ https://sentry.io/api/ https://apsis.jumpstory.com/ https://graph.microsoft.com/v1.0/organization https://globaldisco.crm.dynamics.com/api/discovery/v1.0/Instances https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://apsis.com/; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src https://apsis.com/ https://player.vimeo.com/ https://app.metricool.com/ https://*.appcues.com/ https://cdn.elev.io/ https://wchat.freshchat.com/ https://*.webpush.freshchat.com/ https://apccdn.apsis1.com/ https://*.auth0.com/ https://*.apsis.cloud/ https://*.apsisbeta.one/ https://*.apsis.one/ https://litmus.com/ https://intercom-sheets.com/; img-src 'self' * blob: data: https://js.intercomcdn.com https://static.intercomassets.com/ https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io/ https://*.statuspage.io/ https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.appcues.com/ https://cdn.elev.io/ https://litmus.com/inline/ https://wchat.freshchat.com/ https://*.webpush.freshchat.com/ https://static.ws.apsis.one/ https://static.ws.apsisbeta.one/ https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://static.intercomassets.com/; style-src 'self' 'unsafe-inline' https://*.appcues.com/ https://cdn.elev.io/ https://fonts.googleapis.com/ https://wchat.freshchat.com/ https://*.webpush.freshchat.com/; font-src 'self' https://*.appcues.com/ https://cdn.elev.io/ https://fonts.gstatic.com/ https://js.intercomcdn.com https://fonts.intercomcdn.com data; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://messenger-apps.intercom.io/ https://*.statuspage.io/ https://litmus.com/; media-src https://js.intercomcdn.com; report-uri https://sentry.io/api/; frame-ancestors https://*.apsis.cloud/ https://apsis.cloud/ https://*.apsisbeta.one/ https://apsisbeta.one/ https://*.apsis.one/ https://apsis.one/; 1
object-src 'none';base-uri 'self';script-src 'nonce-LMSRBEpGJcuVAw_Z2Gb6mw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
object-src 'none'; frame-ancestors 'self' https://*.docebo.com 1
frame-ancestors deruca.jp my.deruca.jp in.deruca.jp 1
font-src *.googleapis.com *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.facebook.com ecommerce.raiffeisenbank.rs 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com www.facebook.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.jasmin.rs *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com https://img.youtube.com stats.g.doubleclick.net www.google.rs www.facebook.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.gstatic.com fonts.googleapis.com s7.addthis.com *.avada.io *.googletagmanager.com connect.facebook.net stats.g.doubleclick.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz *.hotjar.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.b-cdn.net storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.googleapis.com ekr.zdassets.com/ get.geojs.io  *.avada.io connect.facebook.net stats.g.doubleclick.net *.facebook.com analytics.google.com  *.cardinalcommerce.com ekr.zdassets.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com storifyme.com storifyme.xyz *.storifyme.com *.storifyme.xyz https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.fi https://www.myheritage.fi  'nonce-a1cd28f16d16f85ad14c2543a889fe7c' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.fi;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors https://www.indowebsite.co.id/ https://member.indowebsite.com/ https://amp.indowebsite.co.id/ 1
default-src 'self' *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br *.openstreetmap.org; img-src 'self' data: *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br *.openstreetmap.org; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; font-src 'self' fonts.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' media-library.cloudinary.com www.googletagmanager.com cdn.plyr.io www.youtube.com js-agent.newrelic.com d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net code.jquery.com *.liveperson.net *.lpsnmedia.net platform-api.sharethis.com buttons-config.sharethis.com cdn.jsdelivr.net www.google.com/recaptcha/api.js www.gstatic.com js.adsrvr.org connect.facebook.net analytics.tiktok.com googleads.g.doubleclick.net googletagmanager.com tagmanager.com; img-src 'self' data: res.cloudinary.com i.ytimg.com cdn.jsdelivr.net i.vimeocdn.com ad.doubleclick.net 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net lpcdn.lpsnmedia.net platform-cdn.sharethis.com l.sharethis.com www.facebook.com www.google.com www.google.co.uk *.googletagmanager.com googletagmanager.com *.gstatic.com connect.facebook.net; frame-src 'self' w.soundcloud.com www.googletagmanager.com cloudinary.com console.cloudinary.com www.youtube.com www.youtube-nocookie.com *.liveperson.net *.lpsnmedia.net player.vimeo.com www.google.com *.doubleclick.net *.adsrvr.org; style-src 'unsafe-inline' 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net cdn.plyr.io cdn.jsdelivr.net googletagmanager.com tagmanager.google.com fonts.googleapis.com; font-src 'self' d1tl6qsiknvnsu.cloudfront.net d1c3g0ihb82aph.cloudfront.net fonts.gstatic.com data:; media-src 'self' res.cloudinary.com lpcdn.lpsnmedia.net; connect-src 'self' https://d1c3g0ihb82aph.cloudfront.net/Prod/ https://my.nyphil.org/en/ noembed.com cdn.plyr.io bam.nr-data.net 4glbp5u2t8.execute-api.us-east-1.amazonaws.com api.swiftype.com l.sharethis.com analytics.tiktok.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-rq5EjxsWVI6d8XaOmNsYJg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
"default-src 'self' 'unsafe-inline'" 1
object-src 'none';base-uri 'self';script-src 'nonce-PXGJmNeRwyTD-Z5AoO60Mg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-B8EE78E38A37928A3554FE24A0C02974' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-B8EE78E38A37928A3554FE24A0C02974'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.novamora.nl/API/Site/CspReport 1
default-src: * 1
default-src 'none';base-uri 'self';connect-src 'self' blob: *.openstreetmap.org;form-action 'self' jakdojade.pl *.google.com;img-src 'self' data: blob: *.ytimg.com *.openstreetmap.org wiadsz.blob.core.windows.net;font-src 'self' data: *.gstatic.com;frame-src *.youtube-nocookie.com *.youtube.com *.google.com https://challenges.cloudflare.com;media-src 'self';object-src 'none';script-src https: 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'nonce-DfLn9XbQWfXr9jSwgutFTRAHWIl3Awnv';style-src 'self' 'unsafe-inline' *.googleapis.com;manifest-src 'self';worker-src 'self';frame-ancestors 'none' 1
default-src 'self' data: https: blob: ;       frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.geogebra.org/ https://oidc.tanet.edu.tw/ https://sso.cloud.edu.tw/ https://learning.cloud.edu.tw https://www.youtube.com/ https://accounts.google.com https://docs.google.com https://www.google.com;       frame-ancestors 'self' https://www.geogebra.org/ https://oidc.tanet.edu.tw/ https://sso.cloud.edu.tw/ https://learning.cloud.edu.tw ;       connect-src 'self' data: wss: https://0.peerjs.com https://elsanow.io https://*.elsanow.io https://*.gradingly.com https://gradingly.com https://www.imatheq.com/ https://region1.google-analytics.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://api.geogebra.org/ https://www.geogebra.org/ https://media.video.cloud.edu.tw https://translate-service.scratch.mit.edu https://synthesis-service.scratch.mit.edu https://heroj7.tn.edu.tw/ https://directline.botframework.com/ https://pt.ntcu.edu.tw:5000/;       script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.imatheq.com/ https://www.youtube.com/ https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://bam.nr-data.net/ https://js-agent.newrelic.com/ https://vjs.zencdn.net/ https://api.geogebra.org/ https://stackpath.bootstrapcdn.com https://www.geogebra.org/ https://cdn.mathjax.org/ https://apis.google.com https://www.google-analytics.com https://unpkg.com https://www.googletagmanager.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://ajax.googleapis.com;       script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: http://www.imatheq.com/ https://www.imatheq.com/ https://www.youtube.com/ https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdnjs.cloudflare.com/ https://code.jquery.com/ https://cdn.jsdelivr.net/ https://cdn.geogebra.org/ https://vjs.zencdn.net/ https://stackpath.bootstrapcdn.com/ https://www.geogebra.org/ https://cdn.mathjax.org/ https://apis.google.com/ https://unpkg.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.datatables.net/ https://api.geogebra.org/ https://ajax.googleapis.com/ https://www.youtube.com/ https://cdn.botframework.com/botframework-webchat/latest/webchat.js https://polyfill.io/v3/polyfill.min.js;       style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.imatheq.com/ https://www.geogebra.org/ https://vjs.zencdn.net/ https://stackpath.bootstrapcdn.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net/;       font-src 'self' data: https: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com;       img-src 'self' data: https: blob: https://region1.google-analytics.com https://region1.analytics.google.com;       object-src 'self' data: https: blob: ;       media-src 'self' data: https: blob: https://adl.edu.tw/ http://adl.edu.tw/;       report-uri ADLAPI/v1/csp_violation; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com analytics.skroutz.gr vivapayments.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com *.doubleclick.net connect.facebook.net *.contactpigeon.com collection.e-satisfaction.com cdn.e-satisfaction.com *.adman.gr trustmark.gr *.cookiebot.com *.klarnaservices.com *.klarna.com 1
default-src * 'self' ; script-src pagead2.googlesyndication.com tagmanager.google.com milkmaid.in cdns.us1.gigya.com cdns.gigya.com addtoany.com localhost www.googletagmanager.com ncc.shortlyst.com static.addtoany.com www.google-analytics.com cdn.krxd.net d22xmn10vbouk4.cloudfront.net connect.facebook.net d2oh4tlt9mrke9.cloudfront.net consumer.krxd.net beacon.krxd.net www.google.com www.recaptcha.net www.gstatic.com cdn.ampproject.org https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0/amp-youtube-0.1.js cdn.ampproject.org/v0/amp-sidebar-0.1.js https://cdn.ampproject.org/v0/amp-accordion-0.1.js https://cdn.ampproject.org/v0/amp-carousel-0.2.js https://cdn.ampproject.org/v0/amp-analytics-0.1.js https://cdn.ampproject.org/rtv/012007302351001/v0/amp-auto-lightbox-0.1.js https://cdn.ampproject.org/rtv/012007302351001/v0/amp-loader-0.1.js cdn.az.ciam.nestle.com www.youtube.com cdn.hypemarks.com www.googleadservices.com www.clarity.ms cdn.cookielaw.org cookie-cdn.cookiepro.com onetrust.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' *; img-src * 'self' data:; frame-ancestors 'self' 1
frame-ancestors 'self'; frame-src 'self' https://npci.corover.mobi/ https://www.youtube.com https://*.mixpanel.com/; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-C0D697BE5204D1B7F788AF56EA83DD56' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-C0D697BE5204D1B7F788AF56EA83DD56'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.regioswingers.nl/API/Site/CspReport 1
object-src 'none';base-uri 'self';script-src 'nonce-xrsq3s4lYakycYwzGY9_wA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'  1
base-uri 'none'; object-src 'none'; script-src 'nonce-wnBRJT66rlJOCQu2CUiEvemz5W_hiSNWQ2bQcDjEq3vlOfo8P7jwm0bmjKJLKy1A' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
frame-ancestors 'self' https://nginx-sonova-d8-develop.ch.amazee.io https://www.sonova.com https://relaunch.sonova.com https://jobs.nzz.ch https://management.jobs.nzz.ch ; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.veteransadvantage.com https://*.wesalute.com https://*.wesaluteapis.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://performance.radar.cloudflare.com https://cdn.kustomerapp.com https://browser.sentry-cdn.com https://connect.facebook.net https://cdn.segment.com https://cdn.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://cmp.osano.com https://www.google.com https://www.gstatic.com https://apis.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://bat.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://snap.licdn.com https://js.stripe.com https://cdn.sprig.com https://cdn.userleap.com https://embed.bookingvault.com https://secure.rezserver.com https://public.profitwell.com https://js-agent.newrelic.com https://*.newrelic.com https://*.nr-data.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.posthog.com; connect-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://*.algolia.net https://*.algolianet.com https://cloudflareinsights.com https://adservice.google.com https://www.googleadservices.com https://www.google.com https://ad.doubleclick.net https://stats.g.doubleclick.net https://bat.bing.com https://*.kustomerapp.com https://*.pndsn.com https://s3.amazonaws.com/kustomer-prod1-attachments https://cdn.jsdelivr.net https://sentry.io https://o287038.ingest.sentry.io https://api.segment.io https://cdn.segment.com https://*.amplitude.com https://edge.fullstory.com https://rs.fullstory.com https://*.api.osano.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googleapis.com https://us-central1-veterans-advantage-arsenal.cloudfunctions.net https://www.facebook.com/tr/ https://api.sprig.com https://api.bookingvault.com https://www2.profitwell.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://*.newrelic.com https://*.nr-data.net https://*.posthog.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://embed.bookingvault.com; font-src 'self' data: https://fonts.wesalute.com https://cdn.honey.io https://cdn.ivaws.com https://cdn.kustomerapp.com https://fonts.gstatic.com https://themes.googleusercontent.com https://embed.bookingvault.com; img-src blob: data: https:; media-src blob: data: https:; object-src 'none'; frame-src 'self' https://*.wesalute.com https://*.wesaluteapis.com https://*.kustomer.help https://player.vimeo.com https://www.youtube.com https://www.c-span.org/video/standalone/ https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://10165061.fls.doubleclick.net https://www.facebook.com https://js.stripe.com https://cmp.osano.com https://veterans-advantage-arsenal.firebaseapp.com; frame-ancestors 'self' https://*.wesalute.com; report-uri https://o287038.ingest.sentry.io/api/1865718/security/?sentry_key=33c7a6dee3b040bc9bc48cd898e2dd9b&sentry_environment=prod 1
default-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data: gap:; style-src 'self' 'unsafe-inline' https://www.gstatic.com/charts/ https://cdn.jsdelivr.net/npm/daterangepicker/ https://live.primis.tech/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https:; frame-src 'self' https:; img-src 'self' https: data:; manifest-src 'self'; media-src 'self' https: blob:; worker-src 'none'; form-action 'self' https: https://newsletter.thestreamable.com 1
frame-ancestors 'self' https://*.runningwarehouse.com http://*.runningwarehouse.com www.runningwarehouse.eu www.tennis-warehouse.com; 1
Content-Security-Policy: default-src 'self'; object-src 'none' 1
block-all-mixed-content; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://beintoo.com *.zemanta.com *.ketchuptracking.com *.ketchupadv.it *.ketc.it www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.kaltura.com https://*.generali.com https://*.vivocha.com/ https://convy.unyco.net https://www.youtube.com/ *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://www.google-analytics.com; script-src 'self' https://cdnjs.cloudflare.com keyxel.hasoffers.com *.outbrain.com *.oracleinfinity.io *.tiktok.com *.mgid.com wd.tracking.keyxel.com https://beintoo.com https://*.cookielaw.org/ https://*.onetrust.com/ *.zemanta.com *.ketchuptracking.com *.ketchupadv.it *.ketc.it www.googleoptimize.com https://optimize.google.com www.sc.pages06.net www.antevenio.com *.triboo.com www.algorithmedia.com https://nebula-cdn.kampyle.com https://screencapture.kampyle.com https://screencaptue-cdn.kampyle.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.generali.it https://analytics.newscred.com *.cloudfront.net https://*.analytics.edgekey.net https://convy.unyco.net https://*.vivocha.com/ *.google.com *.gstatic.com *.googleapis.com https://www.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.kaltura.com  https://www.googletagmanager.com https://tags.bluekai.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://beintoo.com *.ketchuptracking.com *.ketchupadv.it *.generali.it https://optimize.google.com https://fonts.googleapis.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.google.com *.googleapis.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.gstatic.com; img-src 'self' *.oracleinfinity.io *.outbrain.com https://trck.adgoaffiliation.com https://*.cookielaw.org/ https://*.googlesyndication.com https://beintoo.com *.zemanta.com *.ketchuptracking.com *.ketchupadv.it *.ketc.it https://optimize.google.com *.generali.it www.pages06.net www.antevenio.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com https://via.placeholder.com https://maps.googleapis.com data: *.google.com *.google.it *.gstatic.com *.googleapis.com *.analytics.google.com *.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.kaltura.com https://convy.unyco.net https://*.vivocha.com/ https://panoramasearch.com/ *.newscred.com; media-src 'self' blob: https://beintoo.com *.zemanta.com *.ketchuptracking.com *.ketchupadv.it *.ketc.it pixel.quantserve.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.kaltura.com https://*.generali.it https://*.generali.com https://*.vivocha.com/ *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://convy.unyco.net; font-src 'self' https://fonts.gstatic.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com *.zetaglobal.com bat.bing.com *.gstatic.com data: *.kaltura.com https://convy.unyco.net https://*.vivocha.com/; connect-src 'self' data: *.analytics.google.com https://*.oracleinfinity.io https://*.cookielaw.org/ https://*.googlesyndication.com https://*.google.com/ https://*.onetrust.com https://*.googleapis.com/ https://beintoo.com *.ketchuptracking.com *.ketchupadv.it www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com pixel.quantserve.com www.tradedoubler.com *.amnetgroup.com https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.zetaglobal.com bat.bing.com *.generali.it https://*.analytics.edgekey.net *.kaltura.com https://*.generali.com https://convy.unyco.net https://*.vivocha.com/ *.google-analytics.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ *.stats.kaltura.com; child-src 'self' blob: https://beintoo.com *.cattolica.it *.ketchuptracking.com *.ketchupadv.it pixel.quantserve.com https://optimize.google.com www.tradedoubler.com www.antevenio.com *.triboo.com www.algorithmedia.com www.awin.com *.amnetgroup.com *.zetaglobal.com bat.bing.com https://convy.unyco.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org https://match.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ https://*.vivocha.com/ https://accounts.generali.it *.generali.it https://stags.bluekai.com https://www.youtube.com/ https://www.google.com/; object-src 'self'; form-action 'self' https://beintoo.com *.ketchuptracking.com *.ketchupadv.it https://api.whatsapp.com https://idpintranet.generali.it https://accounts.generali.it *.bkrtx.com *.bluekai.com *.serving-sys.com tags.digital-metric.com https://*.doubleclick.net/ 20809689p.rfihub.com/ca.html https://secure.adnxs.com/ https://ib.adnxs.com/ https://cstatic.weborama.fr https://www.facebook.com/ www.googletagmanager.com/ www.googleadservices.com/ https://hicmobile.go2cloud.org *.taboola.com/ ad.payclick.it/extra/iframe_pixel.php https://www.dwin1.com/ https://insight.adsrvr.org it-gmtdmp.mookie1.com/ https://console.datawad.com/ s.yimg.com www.dwin1.com/ https://insight.adsrvr.org https://js.adsrvr.org/ analytics.digital-metric.com t.qservz.com https://track.adform.net/ https://connect.facebook.net https://netmediaclick.go2cloud.org/ https://seotrk1a.com/ generali.it https://*.generali.it; frame-ancestors 'self' https://wd.tracking.keyxel.com/ https://accounts.generali.it https://www.youtube.com/ *.generali.it 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: mailto:; img-src * 'self' data: https:; 1
default-src 'self';       script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://snap.licdn.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://m.addthis.com/ https://v1.addthisedge.com/ https://z.moatads.com/ http://s7.addthis.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://cc.cdn.civiccomputing.com/;       font-src 'self' data: *.jsdelivr.net https://fonts.googleapis.com/ https://fonts.gstatic.com/;       style-src 'self' 'unsafe-inline' *.jsdelivr.net https://fonts.googleapis.com/;       connect-src 'self' maps.googleapis.com  https://cdn.linkedin.oribi.io/ https://region1.google-analytics.com https://m.addthis.com/ https://maps.googleapis.com/maps/ https://clapi.civiccomputing.com/ https://apikeys.civiccomputing.com/ https://our.umbraco.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/;       frame-src 'self' https://s7.addthis.com/ https://tools.eurolandir.com/  https://gamma.euroland.com/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/ https://tools.euroland.com/;       img-src 'self' data: https://www.linkedin.com/ https://px.ads.linkedin.com/ http://cvc-private-equity.emperordev.com https://cvc-private-equity.emperordev.com https://dashboard.umbraco.com https://cvc-prelive.emperordev.com/ https://maps.gstatic.com/ https://connect.facebook.net/ https://i.vimeocdn.com/ https://www.google.com/ https://accounts.google.com https://dashboard.umbraco.org/ https://www.google-analytics.com/ https://accounts.youtube.com/ https://www.google.co.uk/ https://accounts.google.co.uk/ https://maps.googleapis.com/ https://www.googletagmanager.com/ 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.maxymiser.net:* *.cloudfront.net:* *.googletagmanager.com:* *.facebook.net:* *.tvsquared.com:* *.tito.io:* *.youtube.com:* *.outbrain.com:* *.google-analytics.com:* *.ytimg.com:* *.google.com:* *.gstatic.com:* *.newrelic.com:* *.micpn.com:* *.nr-data.net:* *.twitter.com:* *.pinterest.com:* *.craftyclicks.co.uk:* *.blackbaudhosting.com:* *.ubembed.com:* *.pinimg.com:* *.adsrvr.org:* *.ads-twitter.com:* *.bing.com:* *.civiccomputing.com:* *.hotjar.com:* *.teads.tv:* *.googleadservices.com:* *.eventbrite.co.uk:* *.cookielaw.org:* *.streamdays.com:* *.hypemarks.com:* *.blackbaud.com:* *.bbox.blackbaudhosting.com:* *.payments.blackbaud.com:* *.recaptcha.net:* *.livechatinc.com:* *.ubisend.io:* *.googleads.g.doubleclick.net:* googleads.g.doubleclick.net:* *.ads.nextdoor.com:* ads.nextdoor.com:* *.analytics.tiktok.com:* *.tiktok.com:* *.cdn.jsdelivr.net:* *.jsdelivr.net:* unpkg.com:* *.cloudflare.com:* *.c0.adalyser.com:* *.adalyser.com:*; object-src *.cloudfront.net:* *.cloudfront.net *.maxymiser.net:* *.kiosk.bdch.org.uk:*; style-src 'self' 'unsafe-inline' *.acquia-sites.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.blackbaudhosting.com:* *.tagmanager.google.com:* tagmanager.google.com:* *.googleapis.com:* *.blackbaud.com:* *.google.com:* *.ubisend.io:* *.jsdelivr.net:* *.fontawesome.com:* *.adalyser.com:* *.cloudflare.com:*; img-src 'self' data: *.cloudfront.net *.cloudfront.net:* *.adnxs.com:* *.tvsquared.com:* *.outbrain.com:* *.google-analytics.com:* *.facebook.com:* *.doubleclick.net:* *.googletagmanager.com:* *.google.com:* *.google.co.uk:* *.atdmt.com:* *.google.co.in:* *.force.com:* *.ytimg.com:* *.micpn.com:* *.twitter.com:* *.battersea.org.uk:* *.adsrvr.org:* *.pinterest.com:* *.blackbaudhosting.com:* t.co:* *.bing.com:* *.adalyser.com:* *.maxymiser.net:* *.hypemarks.com:* *.hotjar.com:* *.teads.tv:* *.cookielaw.org:* *.gstatic.com:* *.googleusercontent.com:* *.casalemedia.com:* *.livechatinc.com:* *.nextdoor.com:* *.analytics.yahoo.com:* *.google.si:* *.linkedin.com:* *.google.co:* *.px.ads.linkedin.com:* *.google.com.au:* *.google-analytics.com:* *.analytics.google.com:* *.youtube.com:* *.google.ie/* *.google.ca/* *.google.lk/* *.google.im/* *.google.com.hk/* *.google.lt/* *.googleads.g.doubleclick.net/* *.google.com.qa/* *.google.co.vi/* *.google.com.gi/* *.google.be/* *.google.hu/* *.google.co.nz/* *.google.dk/* *.google.fr/* *.google.pl/* *.google.gg/* *.google.mn/* *.google.de/* *.google.it/* *.google.gy/* *.google.es/* *.google.com.br/* *.google.je/* *.google.com.lb/* *.google.com.bh/* *.google.tt/* *.google.pt/* *.google.nl/* *.google.com.my/* *.google.ch/* *.google.com.ph/* *.google.com.sa/* *.google.com.tw/*; media-src 'self' *.cloudfront.net:* *.cloudfront.net; frame-src *.doubleclick.net:* *.google.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.facebook.com:* *.ubembed.com:* *.hotjar.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.blackbaud.com:*  *.acquia-sites.com:* *.eventbrite.co.uk:* *.hypemarks.com:* *.teads.tv:* *.streamdays.com:* mpembed.com:* *.livechatinc.com:* *.recaptcha.net:* *.pinterest.co.uk:* *.pinterest.com.au:*; frame-ancestors 'self' *.doubleclick.net:* *.google.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.bdch.org.uk:* *.eventbrite.co.uk:* *.blackbaud.com:*; child-src *.doubleclick.net:* *.google.com:* *.facebook.com:* *.twitter.com:* *.youtube.com:* *.acquia-sites.com:* *.battersea.org.uk:* *.maxymiser.net:* *.pinterest.com:* *.blackbaudhosting.com:* *.adsrvr.org:* *.amazon-adsystem.com:* *.ubembed.com:* *.eventbrite.co.uk:* *.blackbaud.com:*; font-src 'self' 'unsafe-inline' *.googleusercontent.com:* *.google.com:* *.bootstrapcdn.com:* *.battersea.org.uk:* *.hotjar.com:* *.maxymiser.net:* *.googleapis.com:* data:* data: *.bdch.org.uk:* *.gstatic.com:* *.at.alicdn.com:* *.fontawesome.com:*  *.fonts.gstatic.com:*; connect-src 'self' *.google-analytics.com:* *.maxymiser.net:* *.facebook.com:* *.hotjar.io:* *.pinterest.com:* *.doubleclick.net:* *.kiosk.bdch.org.uk:* *.bdch.org.uk:* *.blackbaud.com:* *.ubembed.com:* *.bing.com:* *.nr-data.net:* *.hotjar.com:* *.cookielaw.org:* *.livechatinc.com:* *.hypemarks.com:* *.civiccomputing.com:* *.yimg.com:* *.teads.tv:* *.ads.nextdoor.com:* ads.nextdoor.com:* *.googleads.g.doubleclick.net:* googleads.g.doubleclick.net:* *.analytics.google.com:* analytics.tiktok.com:* wss://ws.hotjar.com/api/v2/client/ws adservice.google.com www.google.com;; report-uri /report-csp-violation 1
script-src 'report-sample' 'self'; worker-src 'report-sample' 'self' blob:; style-src 'report-sample' 'self' 'unsafe-inline' 1
default-src 'self'; frame-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' *; font-src 'self' data: *; img-src 'self' data: *; connect-src 'self' * data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: filesystem: https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com 1
frame-ancestors 'self' viewer.zmags.com *.preview.cssi.com preview.cssi.com core.cssi.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *; 1
base-uri 'none'; default-src 'none'; child-src https://www.recaptcha.net; connect-src 'self'; form-action 'self'; frame-ancestors 'none'; frame-src https://www.recaptcha.net; img-src 'self' data:; object-src 'none'; script-src 'nonce-xSYmesALkB/tHstJHSfhbA==' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; worker-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.art; img-src 'self' https: data: blob: https://mastodon.art; style-src 'self' https://mastodon.art 'nonce-JgkksyeGsga6r3jBmJeScA=='; media-src 'self' https: data: https://mastodon.art; frame-src 'self' https:; manifest-src 'self' https://mastodon.art; form-action 'self'; child-src 'self' blob: https://mastodon.art; worker-src 'self' blob: https://mastodon.art; connect-src 'self' data: blob: https://mastodon.art https://cdn.masto.host wss://mastodon.art; script-src 'self' https://mastodon.art 'wasm-unsafe-eval' 1
block-all-mixed-content; child-src blob:; connect-src 'self' https://*.scene7.com https://*.limelight.com https://*.google-analytics.com https://*.bing.com https://*.mktoresp.com https://*.doubleclick.net https://*.wisepops.com https://*.medallia.com https://*.kampyle.com https://*.msanet.com https://*.mapbox.com https://*.googlevideo.com https://*.llnw.net https://*.facebook.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.onetrust.com https://*.msasafety.com https://*.zoominfo.com https://*.usetiful.com https://*.mktoutil.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://*.googleapis.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.rumiview.com wss://*.hotjar.com https://*.hotjar.com https://*.csp-1.com https://csp-1.picarioxpo.com https://*.tockify.com https://tockify.com https://app.getwisp.co https://*.wisepops.net https://*.qzzr.com https://*.algolianet.com https://*.algolia.net https://*.kudoboard.com https://*.curator.io https://*.pricespider.com https://cdnjs.cloudflare.com https://*.algolia.io https://wisepops.net https://*.tiles.mapbox.com wss: https://px.ads.linkedin.com https://*.niceincontact.com; default-src 'self'; font-src 'self' data: https://*.gstatic.com https://*.fontawesome.com https://*.cloudfront.net https://*.typekit.net https://*.pricespider.com https://*.niceincontact.com; frame-src 'self' https://*.msasafety.com https://*.msanet.com https://*.google.com https://*.doubleclick.net https://*.marketo.com https://*.bing.com https://*.hotjar.com https://*.medallia.com https://*.zoho.com https://*.metalocator.com https://*.youtube.com https://*.sierramonitor.com https://*.123formbuilder.com https://*.clickagy.com https://*.facebook.com http://*.msanet.com https://*.webdamdb.com https://*.force.com https://*.office.com https://*.csp-1.com https://msasafety.wufoo.com https://*.tockify.com https://tockify.com https://*.vimeo.com https://www.firegrantshelp.com https://*.qzzr.com https://*.riddle.com https://*.surveymonkey.com https://www.mybacharach.com https://*.kudoboard.com https://*.extforms.netsuite.com https://*.app.netsuite.com https://*.marketingautomation.services https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://insight.adsrvr.org https://msa.webdamdb.com/ https://*.niceincontact.com; img-src data: 'self' https://*.scene7.com https://*.googletagmanager.com https://*.pricespider.com https://*.googleadservices.com https://*.linkedin.com https://*.doubleclick.net https://*.google.com https://*.bing.com https://*.facebook.com https://*.google-analytics.com https://*.cookielaw.org https://*.clarity.ms https://*.metalocator.com https://*.msasafety.com https://*.msanet.com https://*.webdamdb.com https://*.kickfire.com https://*.kampyle.com https://*.simpli.fi https://*.rumiview.com https://*.webtraxs.com https://*.analytics.google.com https://*.adroll.com https://*.g.doubleclick.net https://*.ads.linkedin.com https://*.google.ae https://*.google.ca https://*.google.cn https://*.google.de https://*.google.fr https://*.google.co.uk https://*.google.se https://*.google.ru https://*.google.com.au https://*.google.pl https://*.google.co.in https://*.google.co.za https://*.google.com.pe https://*.google.com.co https://*.google.com.ar https://*.google.nl https://*.google.it https://*.google.es https://*.google.co.th https://*.google.com.sg https://*.google.com.my https://*.google.co.jp https://*.google.co.id https://*.google.com.mx https://*.google.cl https://*.google.com.br https://*.clickagy.com https://*.msafire.com https://*.content.video.llnw.net https://*.google.ad https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cm https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.iq https://*.google.is https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.csp-1.com https://csp-1.picarioxpo.com https://id.rlcdn.com https://pixel-sync.sitescout.com https://blog.sierramonitor.com https://*.wisepops.net https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://*.wisepops.com https://*.mapbox.com https://safetyio.com https://*.safetyio.com blob: https://img.delvenetworks.com https://pixel-geo.prfct.co https://blog.fieldserver.com https://curator-assets.b-cdn.net https://*.curator.io https://*.niceincontact.com/; media-src 'self' blob: https://*.llnw.net https://*.msanet.com https://*.webdamdb.com/ https://*.curator.io https://curator-assets.b-cdn.net/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.msasafety.com https://*.scene7.com https://*.pricespider.com https://*.limelight.com https://*.marketo.com https://*.marketo.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.gstatic.com https://*.bing.com https://*.doubleclick.net https://*.hotjar.com https://*.facebook.net https://*.wisepops.com https://*.adobedtm.com https://*.licdn.com https://*.medallia.com https://*.kampyle.com https://*.kickfire.com https://*.simpli.fi https://*.google.com https://*.metalocator.com https://*.pardot.com https://*.mapbox.com https://*.sierramonitor.com https://*.zohostatic.com https://*.usersnap.com https://*.cloudfront.net https://*.youtube.com https://*.cookielaw.org https://*.clarity.ms https://*.clickagy.com https://*.123formbuilder.com https://*.zoominfo.com https://*.usetiful.com https://*.webtraxs.com https://*.adroll.com https://*.rumiview.com https://*.la5-c2-ia4.salesforceliveagent.com https://*.jquery.com https://*.force.com https://*.g.doubleclick.net https://*.csp-1.com https://*.tockify.com https://tockify.com https://*.wisepops.net https://app.getwisp.co https://*.qzzr.com https://cdn.jsdelivr.net https://koi-3QNJ3FOY90.marketingautomation.services https://curator.io https://*.curator.io https://*.marketingautomation.services https://wisepops.net https://cdnjs.cloudflare.com https://tag.perfectaudience.com https://js.adsrvr.org https://*.tiles.mapbox.com https://pixel-geo.prfct.co https://*.niceincontact.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.mapbox.com https://*.pricespider.com https://*.tiles.mapbox.com https://*.msasafety.com https://*.scene7.com https://www.usetiful.com https://*.msanet.com https://*.fontawesome.com https://*.googleapis.com https://*.typekit.net https://*.curator.io/ https://*.niceincontact.com; upgrade-insecure-requests; worker-src 'self' blob:; report-uri /.webscale/csp-report 1
default-src 'self'; connect-src 'unsafe-inline' 'self' https://*.googlesyndication.com/ https://*.adnxs.com/ https://search-api.swiftype.com https://*.hotjar.com wss://*.hotjar.com/ https://*.hotjar.io https://search-api.swiftype.com https://s.swiftypecdn.com/ https://www.google-analytics.com/ https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://www.google.com/ https://consentcdn.cookiebot.com/ https://acdn.adnxs.com https://trk.adbutter.net https://*.doubleclick.net https://*.dynamics.com https://*.azureedge.net/; script-src 'unsafe-inline' 'self' https://static-cdn.summon.serialssolutions.com/ https://uha.summon.serialssolutions.com/ https://*.hotjar.com/ https://s.swiftypecdn.com https://www.google-analytics.com/ https://*.doubleclick.net/ https://analytics.google.com https://www.googletagmanager.com https://www.google.com/ https://consent.cookiebot.com https://www.gstatic.com/ https://consentcdn.cookiebot.com/ https://cdn.syndication.twimg.com/ https://acdn.adnxs.com https://trk.adbutter.net https://www.googleadservices.com/ https://connect.facebook.net/ https://mktdplp102cdn.azureedge.net/ https://twitter.com/ https://platform.twitter.com/ https://*.hotjar.com/ https://uhasseltbe.sharepoint.com/ https://view.genial.ly/ https://www.instagram.com/embed.js https://*.azureedge.net/; style-src 'self' 'unsafe-inline' https://s.swiftypecdn.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://uha.summon.serialssolutions.com/ https://fonts.googleapis.com https://s.swiftypecdn.com https://platform.twitter.com/ https://platform.twitter.com/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; frame-src https://*.doubleclick.net/ https://uhasselt.qualtrics.com/ https://view.genial.ly/ https://www.google.com/ https://youtube-nocookie.com https://www.youtube-nocookie.com https://youtube.com https://www.youtube.com https://vimeo.com https://www.vimeo.com https://acdn.adnxs.com https://trk.adbutter.net https://www.google.com https://publish.folders.eu/ https://app.folders.eu/ https://*.uhasselt.be/ https://platform.twitter.com/ https://bibbase.org https://player.vimeo.com/ https://analytics-eu.clickdimensions.com/ https://twitter.com/ https://calendar.google.com/ https://maps.google.com https://embed.deburen.tv/ https://documentserver.uhasselt.be/ https://open.spotify.com/ https://consentcdn.cookiebot.com/ https://eea0f6dc7d1c4455b1a21b477adcb9f7.svc.dynamics.com/ https://ff9a155d5f11499fb581e542d9e7f244.svc.dynamics.com/ https://www.facebook.com/ https://docs.google.com https://*.hotjar.com/ https://syndication.twitter.com/ https://www.linkedin.com/ https://script.google.com/ https://www.instagram.com/; img-src 'self' data: https://cc.swiftype.com/ https://www.google.com/ https://www.google.be https://www.uhasselt.be/  https://www.google-analytics.com https://ib.adnxs.com https://secure.adnxs.com https://abs.twimg.com/ https://pbs.twimg.com/ https://platform.twitter.com/ https://www.facebook.com/ https://syndication.twitter.com/ https://*.doubleclick.net https://*.cookiebot.com https://*.googlesyndication.com 1
frame-ancestors 'self' https://*.pccomponentes.com 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com *.ne.ch; 1
default-src https:; img-src 'self' data: i.vimeocdn.com maps.gstatic.com *.googleapis.com *.ggpht.com *.linkedin.com *.google.com *.google.co.in; script-src 'self' *.googleadservices.com *.google.com *.googleapis.com vimeo.com *.vimeo.com *.worley.com snap.licdn.com *.pardot.com *.googletagmanager.com *.doubleclick.net 'unsafe-eval' 'unsafe-inline';  style-src 'self' fonts.googleapis.com *.typekit.net 'unsafe-inline'; font-src 'self' fonts.gstatic.com *.typekit.net; media-src i.vimeocdn.com; object-src i.vimeocdn.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg http://uob.eltropy.com https://uob.eltropy.com http://findahomeloan.co https://www.edgeprop.sg https://sleek.sg 1
default-src 'none';    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ads-twitter.com https://*.verifi.com https://*.wpengine.com https://*.googleapis.com https://*.bing.com https://*.ceros.com https://*.contentsquare.net https://*.contentsquare.com https://*.cookiereports.com https://*.doubleclick.net https://*.eloqua.com https://*.en25.com https://*.facebook.net https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.licdn.com https://*.linkedin.com https://*.optimizely.com https://*.twitter.com https://*.visa.com https://*.youtube.com https://*.vimeo.com https://code.jquery.com;    style-src 'self' 'unsafe-inline' https://*.verifi.com https://*.ceros.com https://*.eloqua.com https://*.google.com https://*.gsatic.com https://*.licdn.com https://*.optimizely.com https://*.visa.com https://fonts.googleapis.com https://*.wpengine.com;    font-src 'self' data: https://*.verifi.com https://*.eloqua.com https://*.visa.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.wpengine.com;    img-src 'self' data: https://*.ads-twitter.com https://*.adsrvr.org https://*.verifi.com https://*.wpengine.com https://*.googleapis.com https://*.bing.com https://*.ceros.com https://*.contentsquare.net https://*.cookiereports.com https://*.doubleclick.net https://*.eloqua.com https://*.en25.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.gstatic.com https://*.idio.episerver.net https://*.licdn.com https://*.linkedin.com https://*.optimizely.com https://*.twitter.com https://*.visa.com https://*.youtube.com https://i.ytimg.com https://ib.adnxs.com https://p.adsymptotic.com https://t.co https://yt3.ggpht.com https://secure.gravatar.com https://*.vimeo.com;    frame-src 'self' https://*.ads-twitter.com https://*.verifi.com https://*.ceros.com https://*.doubleclick.net https://*.eloqua.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.licdn.com https://*.linkedin.com https://*.optimizely.com https://*.twitter.com https://*.visa.com https://*.youtube.com https://*.wpengine.com https://*.vimeo.com;    connect-src 'self' https://*.ads-twitter.com https://*.verifi.com https://*.bing.com https://*.ceros.com https://*.contentsquare.net https://*.contentsquare.com https://*.cookiereports.com https://*.doubleclick.net https://*.eloqua.com https://*.en25.com https://*.facebook.net https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.google-analytics.com https://*.gstatic.com https://*.idio.episerver.net https://*.licdn.com https://*.linkedin.com https://*.optimizely.com https://*.visa.com https://*.youtube.com https://*.wpengine.com https://*.vimeo.com;    object-src 'self';    media-src 'self';    worker-src 'self' blob: https://*.verifi.com https://*.contentsquare.net https://*.contentsquare.com https://*.google.com; 1
frame-ancestors 'self' *.senecacollege.ca *.senecapolytechnic.ca; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://beyond-hd.me:2083/ wss://beyond-hd.me:2083/ https://beyond-hd.me:8443/ wss://beyond-hd.me:8443/; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://www.youtube.com/ https://youtube.com/; img-src 'self' https: data:; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/css/bootstrap-datetimepicker.min.css; worker-src 'none' 1
default-src https://eham.net:8000 https://eham.net https://*.eham.net http://*.noaa.gov https://*.paypal.com https://*.googleapis.com data: 'unsafe-inline' 'unsafe-eval';		img-src * data:;		 report-uri https://eham.net/log/csp-report; 1
default-src 'self';font-src 'self' data: *.googleapis.com *.gstatic.com;img-src 'self' data: www.google-analytics.com *.youtube.com i.ytimg.com *.google.com *.google.fi *.lfeeder.com *.leadfeeder.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.vo.msecnd.net *.google-analytics.com *.googleapis.com *.gstatic.com *.google.com www.googletagmanager.com *.youtube.com *.clickdimensions.com *.lfeeder.com *.leadfeeder.com http://*.google.com *.hotjar.com https://www.googletagmanager.com https://player.vimeo.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com dl.episerver.net *.google.com;frame-src 'self' *.youtube.com https://web.nordpoolgroup.com *.google.com https://analytics-eu.clickdimensions.com *.hotjar.com https://player.vimeo.com;frame-ancestors 'self';media-src 'self' *.youtube.com *.google.com https://player.vimeo.com;connect-src 'self' *.google-analytics.com *.youtube.com *.google.com *.doubleclick.net dc.services.visualstudio.com *.hotjar.com *.hotjar.io;object-src 'none';child-src 'self';upgrade-insecure-requests;block-all-mixed-content; 1
default-src 'self' *.harkins.com *.youtube.com; connect-src 'self' *.harkins.com cdn.cookielaw.org https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.icanhazip.com *.ipify.org *.ifconfig.co vimeo.com *.vimeo.com geolocation.onetrust.com *.dayforcehcm.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com cdn.cookielaw.org *.youtube.com *.facebook.net *.googleadservices.com movienewsletters.net *.google.com *.gstatic.com; child-src harkins.com player.vimeo.com *.youtube.com *.google.com *.imgix.net; style-src 'self' 'unsafe-inline' *.harkins.com https://*.googletagmanager.com https://*.tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: *.harkins.com *.imgix.net https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net *.ytimg.com *.harkinsmedia.harkins.com *.devcms.harkins.com *.harkinspopcorn.com cdn.cookielaw.org https://ssl.gstatic.com https://*.gstatic.com; 1
frame-ancestors 'self' https://addons.prestashop.com/; 1
upgrade-insecure-requests; frame-src https://www.facebook.com ; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'self'; default-src 'self'; font-src data: 'self' https://fonts.gstatic.com; script-src 'self' https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.google-analytics.com https://*.cloudflare.com https://static.cloudflareinsights.com https://browser-update.org 'unsafe-inline' ; img-src 'self' 'unsafe-inline' https://*.tci-thaijo.org https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.co.th; style-src 'self' https://cdn.jsdelivr.net https://*.cloudflare.com 'unsafe-inline'; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://cloudflareinsights.com  1
default-src 'self' 'unsafe-inline' https://api.timekit.io https://*.hotjar.com https://www.facebook.com wss://*.hotjar.com https://*.ncs.lt https://*.giro.lt;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://widget.trustpilot.com https://static.hotjar.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.siftscience.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/fbds.js https://www.facebook.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://apis.google.com https://www.google-analytics.com/analytics.js https://*.googletagmanager.com https://*.siftscience.com https://*.livechatinc.com https://*.hotjar.com wss://*.hotjar.com https://*.wavecrest.gi https://*.apiary.io https://*.ads-twitter.com https://*.ads-twitter.com https://*.adform.net https://static.ads-twitter.com/uwt.js https://www.google-analytics.com/plugins/ua/linkid.js https://a1.adform.net/serving/scripts/trackpoint/ https://a1.adform.net/serving/scripts/trackpoint/async/ https://analytics.twitter.com https://cdn.polyfill.io https://ajax.cloudflare.com/cdn-cgi/scripts/ https://*.pervesk.lt https://*.ncs.lt https://*.giro.lt https://*.pervesk.lt/funded-payment https://www.google-analytics.com;  script-src-elem 'self' 'unsafe-inline' https://widget.trustpilot.com https://static.hotjar.com https://static.cloudflareinsights.com https://ajax.cloudflare.com https://*.siftscience.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://connect.facebook.net/en_US/fbds.js https://www.facebook.com https://www.gstatic.com https://www.google.com/recaptcha/api.js https://apis.google.com https://www.google-analytics.com/analytics.js https://*.googletagmanager.com https://*.google-analytics.com https://*.siftscience.com https://*.livechatinc.com https://*.hotjar.com wss://*.hotjar.com https://*.wavecrest.gi https://*.apiary.io https://*.ads-twitter.com https://*.ads-twitter.com https://*.adform.net https://static.ads-twitter.com/uwt.js https://www.google-analytics.com/plugins/ua/linkid.js https://a1.adform.net/serving/scripts/trackpoint/ https://a1.adform.net/serving/scripts/trackpoint/async/ https://analytics.twitter.com https://cdn.polyfill.io https://ajax.cloudflare.com/cdn-cgi/scripts/ https://*.pervesk.lt https://*.ncs.lt https://*.giro.lt https://*.pervesk.lt/funded-payment https://www.google-analytics.com;  connect-src 'self' wss://*.hotjar.com https://*.livechatinc.com https://*.spectrocoin.com https://*.hotjar.io https://*.hotjar.com https://www.facebook.com https://widget.trustpilot.com https://fonts.googleapis.com https://connect.facebook.net https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.sentry.io https://*.ncs.lt https://*.giro.lt;  style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.livechatinc.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; img-src * blob: data: https://*.livechatinc.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;  frame-src 'self' https: blob: https://*.pervesk.lt https://*.ncs.lt https://*.giro.lt; font-src 'self' data: https://*.livechatinc.com https://fonts.gstatic.com https://themes.googleusercontent.com https://fonts.googleapis.com; object-src 'self' 'unsafe-eval' blob: https://*.autokyc.com https://*.livechatinc.com; child-src 'self' https://*.livechatinc.com https://*.adform.net; media-src 'self' https://*.livechatinc.com; worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.google.com *.vwo.com *.visualwebsiteoptimizer.com *.intercom.io *.intercomcdn.com *.onetrust.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octane.co https://*.octane.co https://octanelending.com https://*.octanelending.com fonts.googleapis.com www.gstatic.com app.vwo.com www.googletagmanager.com translate.googleapis.com; frame-ancestors 'self' https://polarisxchange.com https://slingshot.polarisxchange.com https://indianmotorcycle.polarisxchange.com https://www.rvs.com https://rvs.com https://www.atvrider.com https://www.cyclevolta.com https://www.cycleworld.com https://www.dirtrider.com https://www.motorcyclecruiser.com https://www.motorcyclistonline.com https://www.utvdriver.com https://octane.co https://*.octane.co https://ride-static.octane.co https://ride-api.octane.co https://octanelending.com https://*.octanelending.com; worker-src 'self' blob:; upgrade-insecure-requests; report-uri https://o93495.ingest.sentry.io/api/1772648/security/?sentry_key=4ffb66d59a0344a186016dae83fcc148&sentry_environment=production 1
font-src 'self' *; frame-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; 1
frame-ancestors 'self' https://english-improve.com/ https://english-improve.stage-boosters.com https://stage.spanish-boost.com https://spanish-boost.com 1
default-src 'self' https://cdn-www.vargroup.it https://*.gstatic.com https://*.adacto.it https://*.vargroup.it http://*.tidiochat.com https://*.tidiochat.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-www.vargroup.it https://*.hsforms.net https://matomo01.bizmart2.it https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googleapis.com https://*.google.com https://*.gstatic.com http://*.hsforms.net https://*.hsforms.net https://*.recaptcha.net https://*.addthis.com https://*.intervieweb.it https://*.azureedge.net https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com http://*.tidio.co https://*.tidio.co http://*.tidiochat.com https://*.tidiochat.com; style-src 'self' 'unsafe-inline' https://cdn-www.vargroup.it https://*.googleapis.com https://*.azureedge.net; img-src * data:; media-src 'self' https://cdn-www.vargroup.it https://sitecore.vargroup.it https://edge.sitecorecloud.io http://*.tidiochat.com https://*.tidiochat.com; frame-src 'self' https://www.youtube.com https://consentcdn.cookiebot.com https://docs.google.com https://*.google.com https://*.hsforms.com https://*.recaptcha.net https://*.intervieweb.it https://*.svc.dynamics.com https://*.googletagmanager.com https://*.microsoft.com https://*.googleadservices.com https://*.doubleclick.net https://cdn-www.vargroup.it; frame-ancestors https://sitecore.vargroup.it https://cdn-www.vargroup.it https://*.vargroup.it https://*.vargroup.com https://*.adacto.it https://*.vargroup.ch https://*.vargroup.de https://*.vargroup.es https://*.dsec.it https://*.mediamenteconsulting.it https://*.tekneretail.it https://*.wisesecurity.com; object-src none; connect-src 'self' https://cdn-www.vargroup.it https://*.hsforms.com https://www.youtube.com https://matomo01.bizmart2.it https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.googleapis.com https://*.ingest.sentry.io https://*.intervieweb.it https://*.svc.dynamics.com https://*.googletagmanager.com https://*.cloudflareinsights.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.doubleclick.net http://*.tidiochat.com https://*.tidiochat.com ws://*.tidio.co wss://*.tidio.co 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; 1
default-src * self data: tel: mailto: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';frame-ancestors 'self' https://rocket.qualitylogoproducts.com/; 1
font-src fonts.gstatic.com use.typekit.net data: *.sodatech.com *.sodatech.net *.gstatic.com *.typekit.net viewer.byondxr.com cdn.livechatinc.com mediacdn.espssl.com use.fontawesome.com 'self' data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com pal-test.adyen.com www.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.pinterest.com https://ghirardelli.slgnt.us 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.ehappify.com www.xtento.com *.vimeo.com *.jsctool.com *.pinterest.com *.mmcagentur.at *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.demdex.net *.authorize.net *.paypal.com *.googletagmanager.com *.xtento.com *.app-wallee.com *.waltpixel.com *.equitystory.com offer.slgnt.us vars.hotjar.com *.pepperjamnetwork.com services.listrak.com *.serverdata.net *.livechatinc.com *.lindtusa.com *.russellstover.com *.ghirardelli.com *.weltpixel.com static.ogmystyle.com static2.ogmystyle.com www.mystyleplatform.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * landofcoder.com https://ghirardelli.slgnt.us https://www.paypalobjects.com https://lindtusa.rlvs.co.uk https://optmize.google.com https://www.google.com/ https://ct.pinterest.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.adyen.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com *.cloudfront.net *.amazonaws.com www.xtento.com cdn.xtento.com blob: lindt.test *.lindt.test maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.klarna.com *.invibes.com *.b26net.com https://www.google-analytics.com *.googletagmanager.com *.teads.tv *.videostep.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.taboola.com *.doubleclick.net *.outbrain.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.sodatech.com *.sodatech.net viewer.byondxr.com s3.us-west-2.amazonaws.com showroom-media.byondxr.com media-optimization-service.byondxr.com *.byondxr.com api.official-deals.co.uk api.official-coupons.com *.adsymptotic.com cdn.livechat-files.com cp.official-coupons.com cookie-cdn.cookiepro.com cp.official-deals.co.uk site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com mediacdn.espssl.com *.clarity.ms *.bing.com *.serverdata.net lindtna.test *.lindtna.test *.livechatinc.com mageside.com *.listrakbi.com www.mystyleplatform.com static.mystyleplatform.com static2.mystyleplatform.com static2.ogmystyle.com mystyleplatform.s3.us-west-2.amazonaws.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com 'self' data: https://www.upsellit.com https://mediacdn.espssl.com/2824/Shared/Modal/chocolate.png https://www.linkedin.com https://*.linkedin.com/ https://px.ads.linkedin.com *.googleadservices.com *.russellstover.com https://www.google-anaytics.com https://www.googletagmanager.com https://optimize.google.com https://bam.nr-data.net *.bazaarvoice.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google-analytics.com *.magento-ds.com *.adyen.com apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com www.xtento.com cdn.xtento.com *.pcapredict.com *.newrelic.com *.nr-data.net lindt.slgnt.eu maps.googleapis.com *.pinterest.com *.postcodeanywhere.co.uk *.ratepay.com *.cloudflare.com *.teads.tv *.r66net.com *.facebook.net *.googleadservices.com *.doubleclick.net *.cookiepro.com *.cloudfront.net *.videostep.com *.mfgroup.ch *.taboola.com *.outbrain.com *.adobedtm.com *.authorize.net *.unpkg.com *.fontawesome.com *.sodatech.net *.sodatech.com byondxr-viewer.byondxr.com web-apps.byondxr.com www.clarity.ms bat.bing.com *.b2c.com bt.fraud0.com container.pepperjam.com www.googleoptimize.com *.hotjar.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us *.blob.core.windows.net s.pinimg.com snap.licdn.com acsbapp.com cdn.noibu.com www.youtube.com *.upsellit.com *.youtube.com *.livechatinc.com *.serverdata.net *.tiktok.com *.listrakbi.com *.listrak.com *.mczbf.com mystyleplatform.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com d203yb14zlmxwn.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com landofcoder.com https://www.youtube.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://www.lindt-spruengli.com/* https://www.lindt-spruengli.com/media/target/VAPI.min.js https://www.lindt-spruengli.com/media/target/at.js https://click2cart.com https://ghirardelli.mycontactcenter.net/ https://pop1-apps.mycontactcenter.net/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com display.ugc.bazaarvoice.com *.amazonaws.com *.fonts.net *.postcodeanywhere.co.uk *.cloudfront.net *.cloudflare.com *.sodatech.com *.sodatech.net *.googleapis.com *.getfirebug.com cloud.typography.com *.serverdata.net *.myfonts.net *.russellstover.com *.listrakbi.com *.listrak.com use.fontawesome.com www.mystyleplatform.com static.ogmystyle.com static2.ogmystyle.com unsafe-inline assets.braintreegateway.com tagmanager.google.com *.gstatic.com https://cloud.typography.com 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net *.serverdata.net *.livechatinc.com *.listrakbi.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.snplow.net commerce.adobedc.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.adyen.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.nr-data.net *.paypal.com *.postcodeanywhere.co.uk *.ratepay.com vimeo.com *.luckyorange.net *.cookiepro.com *.mfgroup.ch *.doubleclick.net *.visitors.live wss://in.visitors.live wss://visitors.live wss://in.visitors.live/ wss://visitors.live/ visitors.live *.taboola.com *.demdex.net *.omtrdc.net *.magento.com *.adobe.net *.adobedtm.com *.adobedc.net *.typekit.net *.magedevteam.com *.sodatech.com *.sodatech.net *.teads.tv *.byondxr.com api.byondxr.com s3.us-west-2.amazonaws.com www.sjwoe.com input.noibu.com wss://input.noibu.com/pv_part in.hotjar.com www.facebook.com *.b2c.com bt.fraud0.com *.revlifter.com *.pepperjamnetwork.com *.revlifter.io site-azp.slgnt.us ct.pinterest.com *.ads.linkedin.com cdn.polyfill.io offer.slgnt.us s.pinimg.com snap.licdn.com *.acsbapp.com cdn.noibu.com https://maps.googleapis.com *.clarity.ms *.facebook.com *.serverdata.net *.livechatinc.com api.addressy.com *.listrakbi.com *.mczbf.com *.tiktok.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com t.elasticsuite.io *.google-analytics.com landofcoder.com https://cdn.linkedin.oribi.io https://vc.hotjar.io *.ghirardelli.com *.hotjar.io *.bing.com ws.hotjar.com wss://ws.hotjar.com sc-api.click2cart.com https://geolocation.onetrust.com https://bat.bing.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.byondxr.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self'  securepubads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com csi.gstatic.com *.doubleclick.net collect.tealiumiq.com *.algolianet.com *.algolia.net ds.reson8.com cloud.elegantthemes.com analytics.google.com rfpx1.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' thehorse.com googleads4.g.doubleclick.net tags.tiqcdn.com use.fontawesome.com *.algolia.com bluemillion.net player.vimeo.com maxcdn.bootstrapcdn.com fonts.googleapis.com s3.us-east-2.amazonaws.com ajax.googleapis.com cdnjs.cloudflare.com; font-src 'self' thehorse.com data: use.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com thehorse.com fontawesome.com; frame-src 'self' googleads.g.doubleclick.net www.google.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.doubleclick.net player.vimeo.com *.youtube.com s0.2mdn.net player.captivate.fm *.captivate.fm www.googleadservices.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: tpc.googlesyndication.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.google.com  pagead2.googlesyndication.com secure.gravatar.com bluemillion.net s0.2mdn.net *.googlesyndication.com googleads4.g.doubleclick.net securepubads.g.doubleclick.net i.vimeocdn.com s3.us-east-2.amazonaws.com pubads.g.doubleclick.net ad.doubleclick.net thehorse.com *.datasteam.io aa.agkn.com api.dtstmio.com equinenetwork.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' thehorse.com www.google-analytics.com ssl.google-analytics.com ajax.googleapis.com pagead2.googlesyndication.com www.google.com *.googletagmanager.com adservice.google.com partner.googleadservices.com www.gstatic.com tags.tiqcdn.com use.fontawesome.com fonts.gstatic.com *.googlesyndication.com *.cdnregion.com *.tealiumiq.com securepubads.g.doubleclick.net s0.2mdn.net *.googletagservices.com ajax.aspnetcdn.com cdn.resonate.com; script-src-elem 'self' 'unsafe-inline' securepubads.g.doubleclick.net www.google.com www.googletagmanager.com tags.tiqcdn.com tpc.googlesyndication.com www.googletagservices.com www.google-analytics.com adservice.google.com pagead2.googlesyndication.com adservice.google.com partner.googleadservices.com www.gstatic.com ajax.aspnetcdn.com player.vimeo.com *.tealiumiq.com cdn.resonate.com *.cdnregion.com cdnjs.cloudflare.com *.google-analytics.com s0.2mdn.net code.jquery.com rfpx1.com *.datasteam.io; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-OTM3ZTQ2NzQtZDFkZC00OWQzLTg1ZDctMDM5OTBjMzRlOTMy'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src https: 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'self'; frame-ancestors https://news.sky.com https://*.news.sky.com https://www.skysports.com https://livecenter.norkon.net https://nclivecenterwest-test.azurewebsites.net https://www.google.com https://www.google.co.uk https://*.ampproject.org https://*.bskyb.com 'self'; frame-src https: data: 'self'; style-src https: 'unsafe-inline' 'self'; img-src https: data: blob: 'self'; media-src https: data: blob:; font-src https: data: 'self'; connect-src https: wss: blob: 'self'; child-src https: blob:; object-src 'none'; 1
frame-ancestors 'self' https://*.compressor.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com www.youtube.com *.doubleclick.net maps.googleapis.com form.lidl.com *.lidl *.lidl.com *.lidl.net lidl.media01.eu bat.bing.com analytics.google.com *.clarity.ms *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com https://connect.facebook.net cdn.cookielaw.org *.cookiebot.com https://www.google.com https://www.gstatic.com snap.licdn.com unternehmen.lidl.de corporate.lidl.co.uk corporate.lidl.ie corporate.lidl-ni.co.uk corporate.lidl.ro corporate.lidl.bg podjetje.lidl.si institucional.lidl.pt kompanija.lidl.rs corporate.lidl.fi tvrtka.lidl.hr kimjestesmy.lidl.pl imone.lidl.lt corporate.lidl.at empresa.lidl.es spolocnost.lidl.sk spolecnost.lidl.cz corporate.lidl.fr corporate.lidl.it om.lidl.se om.lidl.dk vallalat.lidl.hu corporate.lidl-hellas.gr corporate.lidl.nl mediacenter.lidl.com corporate.lidl.com.mt corporate.lidl.ch corporate.lidl.be corporate.lidl.lu corporate.lidl.com.cy info.lidl corporate.lidl.lv corporate.lidl.ee; img-src 'self' data: *.object.storage.eu01.onstackit.cloud maps.googleapis.com *.amazonaws.com *.google-analytics.com *.doubleclick.net  cdn.cookielaw.org form.lidl.com cm.everesttech.net *.demdex.net *.lidl *.lidl.com *.lidl.net *.bing.com *.clarity.ms px.ads.linkedin.com https://s-static.ak.facebook.com *.gstatic.com google.de www.google.com www.googletagmanager.com www.facebook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.lidl form.lidl.com tagmanager.google.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com form.lidl.com *.lidl.com; frame-src 'self' https: 'unsafe-inline' www.youtube.com form.lidl.com https://www.facebook.com https://s-static.ak.facebook.com *.google-analytics.com *.googletagmanager.com *.youtube-nocookie.com *.cookiebot.com https://www.google.com https://recaptcha.google.com unternehmen.lidl.de corporate.lidl.co.uk corporate.lidl.ie corporate.lidl-ni.co.uk corporate.lidl.ro corporate.lidl.bg podjetje.lidl.si institucional.lidl.pt kompanija.lidl.rs corporate.lidl.fi tvrtka.lidl.hr kimjestesmy.lidl.pl imone.lidl.lt corporate.lidl.at empresa.lidl.es spolocnost.lidl.sk spolecnost.lidl.cz corporate.lidl.fr corporate.lidl.it om.lidl.se om.lidl.dk vallalat.lidl.hu corporate.lidl-hellas.gr corporate.lidl.nl mediacenter.lidl.com corporate.lidl.com.mt corporate.lidl.ch corporate.lidl.be corporate.lidl.lu corporate.lidl.com.cy info.lidl corporate.lidl.lv corporate.lidl.ee; connect-src 'self' www.google.com *.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org *.onetrust.com *.demdex.net *.cookiebot.com *.clarity.ms form.lidl.com *.lidl.com *.lidl.net lidl.media01.eu unternehmen.lidl.de corporate.lidl.co.uk corporate.lidl.ie corporate.lidl-ni.co.uk corporate.lidl.ro corporate.lidl.bg podjetje.lidl.si institucional.lidl.pt kompanija.lidl.rs corporate.lidl.fi tvrtka.lidl.hr kimjestesmy.lidl.pl imone.lidl.lt corporate.lidl.at empresa.lidl.es spolocnost.lidl.sk spolecnost.lidl.cz corporate.lidl.fr corporate.lidl.it om.lidl.se om.lidl.dk vallalat.lidl.hu corporate.lidl-hellas.gr corporate.lidl.nl mediacenter.lidl.com corporate.lidl.com.mt corporate.lidl.ch corporate.lidl.be corporate.lidl.lu corporate.lidl.com.cy info.lidl corporate.lidl.lv corporate.lidl.ee; frame-ancestors 'self' *.googletagmanager.com form.lidl.com *.lidl.com *.lidl.net *.google-analytics.com unternehmen.lidl.de corporate.lidl.co.uk corporate.lidl.ie corporate.lidl-ni.co.uk corporate.lidl.ro corporate.lidl.bg podjetje.lidl.si institucional.lidl.pt kompanija.lidl.rs corporate.lidl.fi tvrtka.lidl.hr kimjestesmy.lidl.pl imone.lidl.lt corporate.lidl.at empresa.lidl.es spolocnost.lidl.sk spolecnost.lidl.cz corporate.lidl.fr corporate.lidl.it om.lidl.se om.lidl.dk vallalat.lidl.hu corporate.lidl-hellas.gr corporate.lidl.nl mediacenter.lidl.com corporate.lidl.com.mt corporate.lidl.ch corporate.lidl.be corporate.lidl.lu corporate.lidl.com.cy info.lidl corporate.lidl.lv corporate.lidl.ee; 1
frame-ancestors 'self';default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://*.pendo.io https://*.storage.googleapis.com https://*.careporthealth.com https://*.pndsn.com,upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://www.youtube.com https://img.youtube.com  https://feeds2.iress.co.za https://df.marketdata.feeds.iress.com  https://www.google.com   *.tt.omtrdc.net  https://stream.tribeca.vidavee.com stbg.standardbank.co.za stbg.standardbank.com  stbg.standardbank.co.za stbg.standardbank.com  https://www.googleapis.com https://platform.twitter.com 3.122.158.135 18.197.87.55 18.158.66.119 18.158.9.206 52.44.37.68 *.map2.ssl.hwcdn.net *.tt.omtrdc.net api.smartrecruiters.com cdn.cookielaw.org *.onetrust.com *.fls.doubleclick.net accstandardbank.d1.sc.omtrdc.net ad.doubleclick.net analytics.twitter.com assets.adobedtm.com beacon.krxd.net bid.g.doubleclick.net/xbbe/pixel bs.serving-sys.com business.twitter.com cbks0.googleapis.com cdn.krxd.net cdnjs.cloudflare.com client.demdex.net cm.everesttech.net code.jquery.com connect.facebook.net consent.cookiebot.com/ consentcdn.cookiebot.com/ consumer.krxd.net dc.ads.linkedin.com developers.google.com digitalbanking.standardbank.co.za:8083 dpm.demdex.net fast.standardbank.demdex.net feeds.standardbank.com fonts.googleapis.com fonts.gstatic.com geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com googleads.g.doubleclick.net i.ytimg.com img.youtube.com jslog.krxd.net khms0.googleapis.com khms1.googleapis.com maps.googleapis.com maps.gstatic.com maps.lightstoneproperty.co.za noembed.com pixel.facebook.com px.ads.linkedin.com s.ytimg.com secure-ds.serving-sys.com snap.licdn.com standardbank.demdex.net static.ads-twitter.com tpc.googlesyndication.com tribeca.vidavee.com www.facebook.com www.google.co.za www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.homeloans1.standardbank.co.za www.youtube.com ; frame-ancestors 'self'  https://df.marketdata.feeds.iress.com  consent.cookiebot.com/ consentcdn.cookiebot.com/ digitalbanking.standardbank.co.za:8083 img.youtube.com testdigitalbanking.standardbank.co.za:7083 tribeca.vidavee.com; frame-src 'self' https://www.youtube.com https://img.youtube.com  https://df.marketdata.feeds.iress.com  https://stream.tribeca.vidavee.com https://syndication.twitter.com/ https://www.facebook.com/ https://platform.twitter.com/ https://web.facebook.com/ https://careers-v1.peopleclick.com/ https://careers.peopleclick.eu.com/; 1
frame-ancestors 'self' https://*.rio.cloud/ ; 1
frame-ancestors 'self' www.dus.net 1
report-uri /csp-violation-report-endpoint/csp.php; default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 1
default-src https://*.gstatic.com/ https://*.googleapis.com/ https://plugins.blueconic.net/ https://*.googlesyndication.com/ https://www.psv.nl/ https://psv.gxcloud.net/ https://www-psv.gxcloud.net/ 'self' 'unsafe-inline'; font-src https://cdn.leadinfo.net/ https://fonts.gstatic.com/ 'self'; child-src  'self'; connect-src https://*.snapchat.com/ https://*.analytics.google.com https://px.ads.linkedin.com https://*.google-analytics.com/ https://*.mux.com/ https://*.cfcdn.mux.com/ https://cdn.jwplayer.com/ https://*.nudgify.com/ https://*.leadinfo.com/ https://*.leadinfo.net/ https://analytics.tiktok.com/ https://api.coindesk.com/ https://*.psv.nl/ https://*.hotjar.io/ https://*.hotjar.com/ https://www.google-analytics.com/ https://*.jwpltx.com/ wss://socket.tidio.co/ https://*.googlesyndication.com/ https://*.jwpsrv.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://csi.gstatic.com/ https://api.pushbird.com/ https://*.jwplayer.com/ https://ssl.p.jwpcdn.com/ https://content.jwplatform.com/ https://psv.blueconic.com/ https://www.powr.io/ https://stream.mux.com/ https://analytics.pangle-ads.com/ https://ib.adnxs.com/ wss://*.hotjar.com/ 'self'; frame-src https://*.freshchat.com https://*.gxcloud.net https://securepubads.g.doubleclick.net/ https://wchat.eu.freshchat.com/ https://outlook.office365.com https://*.typeform.com/ https://youreka-virtualtours.be/ https://acties.psv.nl/ https://heuvelman360.nl/ https://*.eazegames.com/ https://service2.loyaltyinabox.com/ https://*.psv.nl/ https://secure.espncdn.com/ https://e.issuu.com/ https://*.freshchat.com/ https://*.safeframe.googlesyndication.com/ https://tpc.googlesyndication.com/ https://tr.snapchat.com/  https://www.sporcle.com/ https://*.youtube.com/ https://*.googleapis.com/ https://service.psv.nl/ https://pushbird.com/ https://maak-agenda.nl/ https://g.jwpsrv.com/ https://imasdk.googleapis.com/ https://www.youtube.com/ https://stanza.co/ https://www.powr.io/ https://*.twitter.com/ https://*.facebook.com/ https://www.google.com/ https://*.hotjar.com/ https://*.leadfamly.com/ 'self'; frame-ancestors https://acties.psv.nl/ https://*.eazegames.com/ https://m.youtube.com/ https://www.youtube.com/ https://app.clonable.net/ 'self'; img-src https://analytics.twitter.com https://*.mux.com/ https://*.cfcdn.mux.com/ https://mfyh.ams3.cdn.digitaloceanspaces.com/ https://cdn.leadinfo.net/ https://www.psvfanstore.nl/ https://*.psv.nl/ https://px.moatads.com/ https://secure.espncdn.com/ https://ib.adnxs.com/ https://t.co/ https://psv.sb.blueconic.net/ https://www.google.ie/ https://*.linkedin.com/ https://*.maxcdn.com/  https://cdn.psvfanstore.nl/ https://*.smartclip.net/ https://www.facebook.com/ https://*.jwpltx.com/ https://psv.blueconic.com/ https://cdn.pushbird.com/ https://*.spotxchange.com/ https://*.googlesyndication.com/ https://assets-jpcust.jwpsrv.com https://prd.jwpltx.com/ https://content.jwplatform.com/ https://jwpltx.com/ https://www.googletagmanager.com/ https://www.google.nl/ https://www.google.com/ https://stats.g.doubleclick.net/  https://www.google-analytics.com/ https://beacon.krxd.net/ https://*.lfeeder.com/ https://images.unsplash.com https://cdn.jwplayer.com/ 'self' data:; media-src https://live-cdn.jwplayer.com/ https://*.mux.com/ https://*.cfcdn.mux.com/ https://mfyh.ams3.cdn.digitaloceanspaces.com/ https://*.studio040.nl/ https://*.jwpsrv.com/ https://content.jwplatform.com/ https://*.jwpltx.com/ https://*.tidiochat.com/  http://gcdn.2mdn.net/videoplayback/id/ https://cdn.jwplayer.com/ https://www.psv.nl/ https://psv.gxcloud.net/ https://www-psv.gxcloud.net/ blob: 'self'; object-src  'self'; script-src https://ajax.googleapis.com/ https://s0.2mdn.net/ http://www.foxsports.nl 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.typeform.com/ https://www.googletagmanager.com/ https://youreka-virtualtours.be/ https://fonts.googleapis.com/ https://cdn.leadinfo.net/ https://*.psv.nl/ https://*.freshchat.com/ https://plugins.blueconic.net/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
object-src 'self' data: blob: https://*.atende.net https://*.ipm.com.br https://*.nfs-e.net https://seal.digicert.com; block-all-mixed-content; form-action 'self' *.nfs-e.net https://*.ipm.com.br https://*.atende.net https://portalservicos.jucisrs.rs.gov.br; frame-ancestors 'self' https://*.nfs-e.net https://*.ipm.com.br https://*.atende.net https://portalservicos.jucisrs.rs.gov.br; 1
base-uri 'self' https:; block-all-mixed-content; child-src 'self' https:; connect-src 'self' blob: https: wss:; font-src 'self' data: https:; form-action 'self' https:; frame-ancestors 'self'; frame-src 'self' https:; img-src 'self' blob: data: https:; media-src 'self' https:; object-src 'self' https:; prefetch-src 'self' https:; report-to csp_default; report-uri https://o956100.ingest.sentry.io/api/5979820/security/?sentry_key=3365bf3db95341e8b0c888222a947b0e; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; worker-src 'self' https: 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.gstatic.com www.google.com  ws.edb.gov.hk chatbot.edb.gov.hk applications.edb.gov.hk code.createjs.com; img-src 'self' *.youtube.com www.cmab.gov.hk data:; frame-src 'self' www.google.com *.youtube.com *.facebook.com emm.edcity.hk chatbot.edb.gov.hk *.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com chatbot.edb.gov.hk; font-src 'self' fonts.gstatic.com; connect-src 'self' www.search.gov.hk ws.edb.gov.hk chatbot.edb.gov.hk; media-src 'self' www.cmab.gov.hk; 1
default-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io https://*.myip.vc https://myip.vc http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://widget.trustpilot.com https://trustpilot.com https://*.widgetbot.io https://widgetbot.io https://*.discordapp.net https://twemoji.maxcdn.com https://*.maxcdn.com https://discord.com https://stonks.widgetbot.io 'unsafe-inline'; style-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://widget.trustpilot.com https://trustpilot.com https://fonts.gstatic.com https://fonts.googleapis.com https://ajax.cloudflare.com https://ajax.googleapis.com https://cdn.ravenjs.com https://*.widgetbot.io https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://widget.trustpilot.com https://trustpilot.com https://ajax.cloudflare.com https://ajax.googleapis.com https://cdn.ravenjs.com https://*.widgetbot.io https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://*.maxcdn.com https://discord.com https://widgetbot.io 'unsafe-eval' 'unsafe-inline'; font-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://widget.trustpilot.com https://trustpilot.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.widgetbot.io https://*.maxcdn.com https://discord.com https://widgetbot.io https://ajax.cloudflare.com https://ajax.googleapis.com https://cdn.ravenjs.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com; img-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://i.imgur.com https://ipfs.io https://cloudflare-ipfs.com https://widget.trustpilot.com https://trustpilot.com https://*.widgetbot.io https://widgetbot.io https://*.discordapp.net https://twemoji.maxcdn.com https://*.maxcdn.com https://discord.com; media-src 'self' https://*.privex.io *.privex.i2p https://cdn.privex.io files.privex.io https://privex.io http://privex3guvvasyer6pxz2fqcgy56auvw5egkir6ykwpptferdcb5toad.onion http://privexqvhkwdsdnjofrsm7reaixclmzpbpveefiu4uctfm2l4mycnwad.onion privex.i2p https://youtube.com https://vimeo.com https://i.imgur.com https://ipfs.io https://cloudflare-ipfs.com https://*.widgetbot.io https://widgetbot.io https://*.discordapp.net https://twemoji.maxcdn.com https://*.maxcdn.com https://discord.com; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' challenges.cloudflare.com lacare.wpengine.com *.gstatic.com use.fontawesome.com cdnjs.cloudflare.com translate.google.com translate-pa.googleapis.com *.googleapis.com *.jsdelivr.net *.youtube-nocookie.com; object-src 'self' ; style-src 'self' 'unsafe-inline' *.gstatic.com lacare.wpengine.com use.fontawesome.com *.jsdelivr.net *.googleapis.com cdnjs.cloudflare.com ; img-src 'self' 'unsafe-inline' data: www.google.com translate.google.com *.gstatic.com translate.googleapis.com *.youtube-nocookie.com maps.googleapis.com *.lacare.org; media-src 'self' *.lacare.org; frame-src 'self' *.lacare.org wakanda.prod.acquia-sites.com challenges.cloudflare.com *.navitus.com *.youtube-nocookie.com  external.lacare.org www.auntbertha.com; frame-ancestors 'self' *.lacare.org; child-src 'self' ; font-src 'self' *.gstatic.com use.fontawesome.com lacare.wpengine.com; connect-src 'self' maps.googleapis.com lacare.wpengine.com translate.googleapis.com translate-pa.googleapis.com 1
default-src 'none'; style-src 'unsafe-inline' https:; script-src 'unsafe-inline' 'unsafe-eval' https:; font-src https:; img-src data: https:; connect-src https:; media-src https:; frame-src https: 1
script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' *.gardensbythebay.com.sg https://www.youtube.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js.adsrvr.org/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://js.hs-script.com/ https://js.hs-scripts.com/ https://connect.facebook.net/ https://embedsocial.com/ https://www.jscache.com/ https://www.tripadvisor.com.sg/ https://www.tripadvisor.com/ https://static.tacdn.com/; frame-ancestors 'self' *.gardensbythebay.com.sg/; 1
default-src 'self'; connect-src 'self' www.google-analytics.com cdn.plyr.io noembed.com *.google.com *.google.com.ua *.doubleclick.net *.yandex.ru *.facebook.com *.facebook.net *.usabilla.com *.accor.com *.accorhotels.com www.googletagmanager.com maps.googleapis.com staticaws.fbwebprogram.com *.accorhotels.ws www.ahstatic.com cdn.hypemarks.com *.twic.pics themes.googleusercontent.com cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.css maps.gstatic.com fonts.gstatic.com fonts.googleapis.com *.youtube.com *.vimeo.com *.googleadservices.com ipinfo.io cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.ytimg.com *.atdmt.com *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com *.cloudfront.net *.sojern.com sojern.com rixoshappydays.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.google.fr *.quiq-api.com *.quiq-cdn.com *.goquiq.com i.ctnsnet.com top-fwz1.mail.ru; font-src *; frame-src 'self' cdn.hypemarks.com *.accorhotels.ws *.youtube.com *.accorhotels.com *.vimeo.com *.facebook.com *.doubleclick.net *.usabilla.com *.sojern.com sojern.com *.criteo.com criteo.com *.criteo.net criteo.net *.snapchat.com *.quiq-cdn.com *.quiq-api.com i.ctnsnet.com top-fwz1.mail.ru; img-src * data:; media-src 'self' *.youtube.com *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accorhotels.com www.googletagmanager.com maps.googleapis.com cdn.jsdelivr.net www.google-analytics.com api.keen.io platform.twitter.com static.filestackapi.com *.cloudfront.net cdn.hypemarks.com code.jquery.com www.youtube.com www.google.com vimeo.com *.google.com *.doubleclick.net *.facebook.net *.vimeo.com *.yandex.ru *.usabilla.com ipinfo.io *.sojern.com sojern.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com blob: unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.quiq-api.com *.quiq-cdn.com i.ctnsnet.com top-fwz1.mail.ru https://cdnjs.cloudflare.com https://holidaycheck.de staticaws.fbwebprogram.com; script-src-elem 'self' 'unsafe-inline' *.accorhotels.com www.googletagmanager.com maps.googleapis.com cdn.jsdelivr.net www.google-analytics.com api.keen.io platform.twitter.com static.filestackapi.com *.cloudfront.net cdn.hypemarks.com code.jquery.com www.youtube.com www.google.com vimeo.com *.google.com *.doubleclick.net *.facebook.net *.vimeo.com *.yandex.ru *.usabilla.com ipinfo.io *.sojern.com sojern.com *.googleadservices.com cdn.cookielaw.org *.onetrust.com *.cookielaw.org *.contentsquare.net contentsquare.net *.contentsquare.com contentsquare.com *.dengage.com *.criteo.net *.criteo.com criteo.net criteo.com beacon.sojern.com *.onetrust.io onetrust.io tintup.com *.tintup.com amazonaws.com *.amazonaws.com advertising.com *.advertising.com unpkg.com *.unpkg.com sc-static.net tr.snapchat.com analytics.tiktok.com *.quiq-api.com *.quiq-cdn.com i.ctnsnet.com top-fwz1.mail.ru https://cdnjs.cloudflare.com https://holidaycheck.de staticaws.fbwebprogram.com; style-src * 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' data: http: https: p.typekit.net use.typekit.net www.google-analytics.com; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: *.test-web-pf.work; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:;style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;font-src 'self' data: https:;connect-src 'self' https: wss: blob:;manifest-src 'self' blob:;media-src 'self' data: https: blob:;object-src 'none';child-src 'self' https: data: blob:;form-action 'self' https: 1
frame-ancestors 'self' http://webvisor.com https://webvisor.com; report-uri https://sentry.playcaliber.com/api/6/security/?sentry_key=1a22b33b57244af7b36bd36b87a501a1 1
connect-src 'self' https: wss: blob: data:; frame-ancestors 'self' https://www.remove.bg https://www.unscreen.com https://www.kaleido.ai https://accounts.kaleido.ai https://app.storyblok.com 1
default-src 'self' *.friendlycaptcha.eu; script-src 'self' data: 'unsafe-inline' 'wasm-unsafe-eval' https://www.google.com https://www.gstatic.com blob:; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; img-src *; media-src *; frame-src 'self' https://www.google.com; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://eu-api.friendlycaptcha.eu; child-src blob:; 1
child-src 'self' blob:;default-src 'self';connect-src 'self' wss:;font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;object-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'self' 1
frame-ancestors 'self' www.baby.ru postila.ru www.neboleem.net www.beautyinsider.ru yandex.com.tr yandex.com yandex.net yandex.uz yandex.fr yandex.kz yandex.ru yandex.by yandex.ua *.yandex.com.tr *.yandex.com *.yandex.net *.yandex.uz *.yandex.fr *.yandex.kz *.yandex.ru *.yandex.by *.yandex.ua *.turbopages.org 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'none'; worker-src blob:; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' js.arcgis.com use.typekit.net p.typekit.net tagmanager.google.com fonts.googleapis.com www.googletagmanager.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.browsealoud.com plus.browsealoud.com js.arcgis.com web103.reachmee.com www.youtube.com consentcdn.cookiebot.com consent.cookiebot.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.youtube.com/iframe_api s.ytimg.com cdnjs.cloudflare.com code.jquery.com webbstatistik.sfv.se mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com code.jquery.com cdn.jsdelivr.net; font-src 'self' js.arcgis.com fonts.gstatic.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com use.typekit.net data:; img-src 'self' data: 'unsafe-inline' server.arcgisonline.com cdn.arcgis.com services.arcgisonline.com i.ytimg.com img.youtube.com ssl.gstatic.com www.google-analytics.com webbstatistik.sfv.se www.googletagmanager.com fonts.gstatic.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com www.google-analytics.com fastly.picsum.photos dummyimage.com *.cookiebot.com; connect-src 'self' blob: speech-eu.speechstream.net www.browsealoud.com plus.browsealoud.com arcgis.com static.arcgis.com basemaps.arcgis.com services.arcgisonline.com cdn.arcgis.com www.arcgis.com js.arcgis.com www.google-analytics.com consentcdn.cookiebot.com webbstatistik.sfv.se mfstatic.com m.mediaflow.com *.mediaflowpro.com *.mediaflow.com www.google-analytics.com; frame-src 'self' kartor.sfv.se consentcdn.cookiebot.com sfv.maps.arcgis.com www.youtube.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com *.mediaflowpro.com embed.pod.space web103.reachmee.com; frame-ancestors 'self'; media-src 'self' mfstatic.com m.mediaflow.com assets.mediaflowpro.com *.mediaflow.com blob: 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.lcmchealth.org 1
default-src 'self'; script-src 'self' blob: *.usercentrics.eu 'unsafe-eval' https://www.google-analytics.com/ 'unsafe-eval' http://www.google-analytics.com/ 'unsafe-inline' http://www.googletagmanager.com https://connect.facebook.net/ https://snap.licdn.com/ https://maps.googleapis.com https://ajax.googleapis.com/ https://www.youtube.com/ http://platform.massrelevance.com/js/massrel.js https://analytics.tiktok.com/ *.clarity.ms *.zoovu.com *.smartassistant.com https://walls.io https://static.hotjar.com https://script.hotjar.com/ https://www.googleadservices.com https://www.google.com https://events.ottobock.com https://stable.loyjoy.com; connect-src 'self' * https://*.ottobock.com *.algolianet.com *.algolia.net *.usercentrics.eu *.google-analytics.com https://maps.googleapis.com/ https://analytics.tiktok.com/ https://*.in.applicationinsights.azure.com/ https://assets.ctfassets.net/ https://cdn.linkedin.oribi.io/ *.google.com stats.g.doubleclick.net region1.analytics.google.com *.google-analytics.com *.clarity.ms *.zoovu.com *.smartassistant.com https://cdn.linkedin.oribi.io/ https://googleads.g.doubleclick.net/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.growthbook.io/ https://*.blackthorn.io www.googleadservices.com td.doubleclick.net https://px.ads.linkedin.com/ https://api.openai.com; img-src 'self' * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.zoovu.com; font-src 'self' * data:; frame-src 'self' www.ottobock.de www.ottobock.com https://www.youtube.com/ http://www.youtube.com/ cloud.news.ottobockus.com ottobock-se-co-kgaa.massrel.io http://ottobock-se-co-kgaa.massrel.io https://ottobock-se-co-kgaa.massrel.io https://www.ottobock.ch https://www.ottobock.at https://ttselector.ottobock.com https://www.ottobock.it https://www.selection-guide.de/ https://www.ottobock-events.de/ https://my.walls.io/ https://cloud.info.ottobock.com/ https://events.blackthorn.io https://www.googleadservices.com https://td.doubleclick.net http://facebook.com https://events.ottobock.com https://www.google.com; frame-ancestors 'self' https://app.contentful.com https://events.ottobock.com; child-src 'self' ; media-src 'self' https://videos.ctfassets.net http://videos.ctfassets.net https://*.cep.ottobock.com; 1
default-src 'self'; style-src 'self'; form-action 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; base-uri 'self'; 'unsafe-inline'; object-src 'self'; 1
frame-ancestors 'self' lob.de *.lehmanns.de *.lehmanns.ch lehmannspro.de lehmannsbib.de *.socialnet.de; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.lehmanns.de *.lehmanns.ch *.googleapis.com *.google-analytics.com *.vr-pay-ecommerce.de vr-pay-ecommerce.de oppwa.com widgets.trustedshops.com 1
frame-ancestors 'self' https://*.plasmic.app 1
default-src 'self' https://*.google-analytics.com https://*.nexperia.com https://*.nexperia.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hubspot.com https://*.gstatic.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.componentsearchengine.com https://*.jotfor.ms https://*.jotform.com https://*.baidu.com https://*.hs-banner.com https://*.hs-analytics.net https://*.go-mpulse.net https://*.snoobi.eu https://*.hs-scripts.com https://*.botframework.com https://c.leadlab.click https://*.ipmarketing.nl https://*.doubleclick.net https://*.bing.com https://*.licdn.com https://*.googleadservices.com https://extreme-ip-lookup.com https://*.zopim.com https://*.cloudflare.com https://*.zdassets.com https://*.cookiebot.com  https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.ytimg.com https://*.pardot.com https://*.hotjar.com https://*.facebook.net https://*.ads-twitter.com https://*.google.com https://*.twitter.com https://*.hsforms.net https://*.hsforms.com https://*.vimeo.com; frame-src 'self' https://*.google.com https://*.jotfor.ms https://*.jotform.com https://*.mindstamp.io https://*.cameyo.net https://*.cameyo.com https://*.cameyo.app https://*.youku.com https://*.partquest.com https://*.componentsearchengine.com https://*.clevercast.com https://*.systemvision.com https://*.powerbi.com https://*.doubleclick.net https://*.hsforms.com https://*.cookiebot.com https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.vimeo.com https://*.hotjar.io https://*.hotjar.com https://*.bilibili.com; frame-ancestors 'self' https://*.cameyo.net https://*.cameyo.com https://*.cameyo.app; img-src 'self' https://*.cookiebot.com https://*.google.nl https://*.componentsearchengine.com https://*.nexperia.cn https://*.nexperia.com https://*.trimm.net https://*.googletagmanager.com https://*.jotfor.ms https://*.jotform.com https://*.doubleclick.net https://*.baidu.com https://*.hubspot.com https://*.leadlab.click https://*.zopim.io https://*.hotjar.com https://*.google-analytics.com https://*.google.com https://*.bing.com https://maps.googleapis.com https://*.hsforms.com data: blob: mediastream: https://*.youtube.com https://*.youtube-nocookie.com https://*.youtu.be https://*.gstatic.com https://t.co https://*.linkedin.com https://*.facebook.com https://*.ytimg.com https://*.snoobi.eu https://*.hsforms.net; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://*.jotfor.ms https://*.jotform.com https://*.googleapis.com; connect-src 'self' 'unsafe-inline' https://*.hubspot.com https://*.linkedin.com https://*.oribi.io https://*.hubapi.com/ https://*.hscollectedforms.net https://*.nexperia.cn https://*.nexperia.com https://*.trimm.net https://*.google.com https://*.google.nl https://*.akamaihd.net https://*.akstat.io https://*.go-mpulse.net wss://*.botframework.com https://*.cookiebot.com https://*.botframework.com/ https://*.leadlab.click https://*.doubleclick.net https://*.hireserve.nl https://*.zendesk.com https://ekr.zdassets.com wss://*.zopim.com wss://*.hotjar.com https://*.hsforms.com https://*.hotjar.io https://*.hotjar.com https://*.google-analytics.com; font-src 'self' data: https://*.hotjar.com https://*.gstatic.com https://*.nexperia.cn https://*.nexperia.com; media-src 'self' https://*.zdassets.com https://*.nexperia.cn https://*.nexperia.com 1
default-src 'self' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 blob:; media-src 'self' https://stileapp.com blob: https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://abcmedia.akamaized.net/ https://mediacore-live-production.akamaized.net/; script-src 'self' https://vimeo.com s.ytimg.com www.youtube.com https://player.vimeo.com 'unsafe-inline' 'unsafe-eval' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://js.live.net https://static.zdassets.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; worker-src 'self' https://stileapp.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 blob:; style-src 'self' 'unsafe-inline' https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://fonts.googleapis.com; img-src 'self' data: blob: i.ytimg.com i.vimeocdn.com https://www.abc.net.au https://live-production.wcms.abc-cdn.net.au https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://p.sfx.ms help.stileapp.com https://static1.squarespace.com https://*.stileapp.com; frame-src 'self' https://stileapp.com www.youtube.com vimeo.com player.vimeo.com https://online.clickview.com.au https://online.clickview.co.uk https://online.clickview.co.nz https://www.clickview.net https://primary.clickview.net https://auth.clickviewapp.com https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com iframesandbox.stileapp.com https://onedrive.live.com https://fast.wistia.com https://fast.wistia.net https://makecode.microbit.org https://desmos.com https://geogebra.org https://www.geogebra.org https://stileeducationapp.cloud.looker.com; connect-src 'self' data: blob: vimeo.com gdata.youtube.com https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://ekr.zdassets.com https://help.stileapp.com https://stileapp.zendesk.com https://stile-testing.zendesk.com https://prod-slb.au.s522.net:1943 https://preprod-slb.au.s522.net:1943 https://prod-slb.au.s522.net:1943 https://graph.microsoft.com https://login.microsoftonline.com https://api.onedrive.com https://stileapp.com; font-src 'self' data: about: https://public-uploads.stileapp.com https://uploads.stileapp.com https://executable-script-uploads.stileapp.com https://www01.stileapp.com https://www02.stileapp.com https://www03.stileapp.com https://fonts.gstatic.com; frame-ancestors 'self' https://*.instructure.com https://*.schoology.com https://my.padua.qld.edu.au https://canvas.education.tas.gov.au https://canvas.au.oneschoolglobal.com https://canvas.parra.catholic.edu.au https://learning.xavier.vic.edu.au/ https://canvas.waverley.nsw.edu.au https://canvas.kings.edu.au https://*.prerender.io https://*.desmos.com https://*.geogebra.org https://lti.schoolbox.cloud https://deeds.cgs.vic.edu.au; 1
upgrade-insecure-requests; default-src 'self' https: blob: 'unsafe-eval' 'unsafe-inline' *.follettlearning.com follettlearning.com www.follettlearning.com cdn.brandfolder.io; object-src 'none'; img-src http: https: data:; script-src 'self' blob: 'unsafe-inline'  'unsafe-eval'  *.fontawesome.com *.github.io *.unpkg.com unpkg.com *.licdn.com *.follettlearning.com follettlearning.com www.follettlearning.com cdn.datatables.net code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://*.doubleclick.net https://*.facebook.net https://*.instagram.com https://*.fbcdn.net https://*.googletagmanager.com https://cdn.jsdelivr.net https://cdn.pushalert.co https://*.google.com https://*.nmpcdn.com *.googleadservices.com https://www.googleadservices.com https://*.google-analytics.com https://secure.quantserve.com https://certify-js.alexametrics.com https://rec.smartlook.com https://*.gstatic.com https://*.googleapis.com https://rules.quantcount.com https://*.googlesyndication.com https://*.googletagservices.com https://npmcdn.com https://*.ampproject.org https://*.gravitec.net https://*.youtube.com https://*.gravitec.media https://platform.twitter.com players.brightcove.net edge.api.brightcove.com vjs.zencdn.net manifest.prod.boltdns.net optanon.blob.core.windows.net *.follettaspen.com *.onetrust.com *.force.com *.salesforce.com *.salesforceliveagent.com follett.my.salesforce-sites.com *.pinterest.com *.writesonic.com *.botpress.cloud js-na1.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net scripts.iconnode.com *.follettcontent.com qadev.follettcontent.com *.wistia.com *.wistia.net *.allbooksforallkids.com *.follett.live   *.crazyegg.com *.clickcease.com tracking.g2crowd.com; font-src http: https: data: 1
frame-ancestors 'self' *.scitrus.com https://scitrus.com 1
report-to endpoint-csp; default-src 'self' report-sample; script-src 'self' https://secureform.luxsci.com https://www.snapengage.com https://storage.googleapis.com https://spellcheck.luxsci.com https://www.gstatic.com https://www.googleadservices.com https://*.getbee.io https://*.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' data: blob:; object-src 'none'; base-uri 'self'; connect-src 'self' https://spellcheck.luxsci.com https://apikeys.civiccomputing.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://clapi.civiccomputing.com https://www.snapengage.com; font-src * data:; frame-src 'self' https://*.getbee.io https://*.duosecurity.com https://player.vimeo.com; img-src data: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
child-src 'self' https://go.online-ident.ch https://go.test.online-ident.ch/ https://go.test.idnow.de https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com; default-src 'self' https://checkbrowser.hin.ch https://go.online-ident.ch https://go.test.online-ident.ch/ https://go.test.idnow.de https://fonts.gstatic.com https://tag.myaspectra.ch https://verify.certifaction.com; font-src 'self' https://fonts.gstatic.com data: ; frame-src 'self' https://tp.srgssr.ch https://www.srf.ch https://gateway.online-ident.ch https://go.online-ident.ch https://gateway.test.online-ident.ch https://go.test.online-ident.ch https://gateway.test.idnow.de https://go.test.idnow.de https://www.gstatic.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://verify.certifaction.com https://www.eTermin.net https://gateway.test.online-ident.ch https://www.ihre-apotheke.ch; img-src 'self' https://tag.myaspectra.ch https://www.w3.org https://0.gravatar.com https://www.hin.ch https://dir.hintest.ch data: ; object-src 'self'; script-src 'self' https://www.islonline.net https://tag.myaspectra.ch https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.eTermin.net 'unsafe-inline' 'unsafe-eval' ; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline' ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://botsin.space; img-src 'self' https: data: blob: https://botsin.space; style-src 'self' https://botsin.space 'nonce-pyIQgnSR+pTck1BOSfUGFw=='; media-src 'self' https: data: https://botsin.space; frame-src 'self' https:; manifest-src 'self' https://botsin.space; form-action 'self'; child-src 'self' blob: https://botsin.space; worker-src 'self' blob: https://botsin.space; connect-src 'self' data: blob: https://botsin.space https://files.botsin.space wss://botsin.space; script-src 'self' https://botsin.space 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fzi.de *.youtube.com *.youtube-nocookie.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.fzi.de https://ps.w.org; 1
default-src *;  img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' * 1
default-src 'self';style-src 'sha256-bRIC1UNpYqqAzgwcakOLqIg004Qdvc0Lbp76JnSAcWc=' 1
default-src 'self' https://static.zdassets.com https://web-cdn.gamban.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://web-cdn.gamban.com https://use.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://apis.google.com https://accounts.google.com/gsi/client https://connect.facebook.net https://static.zdassets.com https://v2.zopim.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://*.paypal.com https://js.stripe.com https://maps.googleapis.com https://songbird.cardinalcommerce.com; style-src 'self' 'unsafe-inline' https://web-cdn.gamban.com https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; img-src 'self' data: https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://web-cdn.gamban.com https://www.facebook.com https://p.typekit.net https://v2assets.zopim.io https://static.zdassets.com https://*.google-analytics.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://v2.zopim.com https://gamban.zendesk.com https://assets.braintreegateway.com https://checkout.paypal.com https://www.paypalobjects.com; child-src 'self' https://assets.braintreegateway.com https://*.paypal.com; frame-src 'self' https://accounts.google.com https://bid.g.doubleclick.net https://staticxx.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://www.recaptcha.net/recaptcha/ https://player.vimeo.com/ https://accounts.google.com/gsi https://assets.braintreegateway.com https://*.paypal.com https://*.cardinalcommerce.com https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://web-cdn.gamban.com https://id.zopim.com https://*.google-analytics.com https://ekr.zdassets.com https://gamban.zendesk.com wss://gamban.zendesk.com wss://*.zopim.com https://api.pwnedpasswords.com https://www.facebook.com https://sentry.gamban.com https://stats.g.doubleclick.net https://accounts.google.com/gsi https://accounts.google.com/gsi/status https://*.analytics.google.com https://*.braintree-api.com https://*.cardinalcommerce.com https://api.stripe.com https://maps.googleapis.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com; font-src 'self' data: https://web-cdn.gamban.com https://fonts.gstatic.com https://use.typekit.net https://v2.zopim.com; 1
script-src 'self' https://va.vercel-scripts.com/v1/script.debug.js https://va.vercel-scripts.com/v1/speed-insights/script.debug.js http://js.hsforms.net/forms/embed/v2.js https://www.google.com/recaptcha/enterprise.js 'nonce-O1Jt1/tUhG8w+yGxEpiQPQ==' 1
connect-src 'self' https://maps.googleapis.com https://cdn.datatables.net https://fonts.googleapis.com https://dev.mioot.com https://mytop.mioot.com https://devnode.mioot.com https://devnode.mioot.com:3001 wss://devnode.mioot.com:3001 https://dev.mioot.com https://app1.mioot.com https://app8.mioot.com; frame-ancestors 'self' https://mytop.mioot.com/ wss://devnode.mioot.com:3001 https://devnode.mioot.com:3001 https://devnode.mioot.com https://app1.mioot.com https://dev.mioot.com https://vfseu.mioot.com https://devnode.mioot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://cdn.datatables.net https://fonts.googleapis.com https://dev.mioot.com https://chat2.mioot.com https://app2.mioot.com https://app1.mioot.com https://vfs.mioot.com https://vfs-cic.mioot.com https://vfseu.mioot.com; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://www.graz.at https://ssl.siteimprove.com https://*.datareporter.eu https://webcachex-eu.datareporter.eu https://translate-pa.googleapis.com https://translate.googleapis.com https://translate.google.com https://cdn1.readspeaker.com https://webcache.datareporter.eu https://api.abfall.io https://connect.facebook.net https://ssl.siteimprove.com https://www.etermin.net  https://unpkg.com/leaflet@1.5.1/dist/leaflet.js https://cdn.datatables.net/1.10.13/js/jquery.dataTables.min.js; style-src 'report-sample' 'self' https://webcache-eu.datareporter.eu https://cdn1.readspeaker.com https://www.gstatic.com 'unsafe-inline' https://api.abfall.io https://webcache.datareporter.eu https://www.gstatic.com https://fonts.googleapis.com https://e.issuu.com/embed.js https://unpkg.com/leaflet@1.5.1/dist/leaflet.css; base-uri 'self' https://www.graz.at; connect-src 'self' https://c.datareporter.eu https://swarmcrawler.datareporter.eu https://translate.googleapis.com https://cdn1.readspeaker.com https://api.abfall.io https://app-eu.readspeaker.com https://media-eu.readspeaker.com https://schauaufgraz.app.graz.at https://translate-pa.googleapis.com https://app-eu.readspeaker.com https://www.graz.at/piwik/piwik.php https://*.readspeaker.com ; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.offenerhaushalt.at https://www5.graz.at https://graz.volunteerlife.eu https://geodaten.graz.at https://www.etermin.net https://www.youtube.com https://base.streamdiver.com https://geoportal-graz-at.maps.arcgis.com https://app.proaddon.com https://mobile.app.graz.at https://www.facebook.com https://archiv.yourvideo.tv https://graz.vergabeportal.at https://app.capito.eu https://hub.app.capito.eu https://www.youtube-nocookie.com https://graz.it-wms.com https://web.facebook.com https://embed.servus.com https://app-eu.readspeaker.com https://ifw.noel.gv.at https://rstts-eu.readspeaker.com https://www.facebook.com https://event-solutions.yourvideo.tv https://gateway.zscloud.net https://sibforms.com https://player.vimeo.com https://e6683ab7.sibforms.com https://e.issuu.com; img-src 'self' https://*.global.siteimproveanalytics.io https://webcache-eu.datareporter.eu https://www.gstatic.com https://fonts.gstatic.com https://*.global.siteimproveanalytics.io https://translate.google.com https://www.google.com https://translate.googleapis.com https://i.ytimg.com blob: https://*.wien.gv.at https://unpkg.com/leaflet@1.5.1/dist/images/layers.png data: https://unpkg.com/leaflet@1.5.1/dist/images/layers-2x.png; manifest-src 'self'; media-src 'self'; object-src 'none'; report-uri /csp/report/; worker-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.spark-nga.de https://*.spark-nga-int.de https://dc.services.visualstudio.com https://*.matomo.cloud https://cdnjs.cloudflare.com https://ajax.googleapis.com; img-src 'self' https://secure.gravatar.com https://*.spark-nga.de https://*.spark-nga-int.de data: blob:; font-src 'self' https://fonts.gstatic.com data: blob:; 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.insuremytrip.com https://unpkg.com https://*.pingdom.net https://*.ctnsnet.com https://mapbox.com https://*.mapbox.com https://*.activehosted.com https://*.bing.com https://*.cloudfront.net https://consentag.eu/public/3.0.1/consenTag.js https://*.facebook.net https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.googleadservices.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.jsdelivr.net https://*.js.ubembed.com https://pubads.g.doubleclick.net https://*.g.doubleclick.net https://*.resellerratings.com https://s.yimg.com/wi/ytc.js https://*.snapengage.com https://*.sojern.com https://*.ubembed.com https://*.yieldoptimizer.com https://*.youtube.com  https://*.insuremytrip.com https://*.insuremytrip.com.imtprod.us; worker-src 'self' blob:; 1
default-src 'self' polyfill.io *.gstatic.com static.hotjar.com maps.googleapis.com use.fontawesome.com www.google.com www.googletagmanager.com fonts.googleapis.com 'unsafe-inline' 1
child-src 'self' lh-content.s3.amazonaws.com *.experts-promotion.com *.vimeo.com vimeo.com *.youtube.com csp.screen9.com *.video-cdn.net *.cloudfront.net ecentry.pixieset.com lufthansa.pixieset.com maya-production-backend.eu-de.mybluemix.net *.brusselsairlines.com; 1
frame-ancestors www.chipublib.org *.www.chipublib.org chipublib.org *.chipublib.org chicago.bibliocms.com *.chicago.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.chipublib.org *.www.chipublib.org chipublib.org *.chipublib.org chicago.bibliocms.com *.chicago.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors *.mewatch.sg *.mediacorp.sg *.8world.com *.8days.sg *.channelnewsasia.com *.melisten.sg *.todayonline.com 1
default-src 'self' *.augeofi.net *.augeofi.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'none';img-src 'self' http: https: data:;font-src 'self';style-src 'self' 'unsafe-inline';frame-src https://www.google.com https://recaptcha.google.com https://www.gstatic.com 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-Xln9fb0dQEXu1yrIyWnVPg==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' sustainalytics.susc4318.eas.morningstar.com https://*.hubspot.com https://*.hubspot.io https://*.hubapi.com https://*.hsforms.com https://*.hotjar.com https://*.hotjar.io https://s3.console.aws.amazon.com https://*.bizible.com *.newrelic.com https://*.nr-data.net https://*.morningstar.com https://www.morningstar.*; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' sustainalytics.susc4318.eas.morningstar.com *.google.com *.googletagmanager.com *.googleadservices.com https://snap.licdn.com/ https://syndication.twitter.com http://platform.stumbleupon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.msecnd.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com http://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hsleadflows.net https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hscollectedforms.net https://*.hotjar.com https://*.hotjar.io https://js.hsadspixel.net https://js.usemessages.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.6sc.co https://cdn.amcharts.com https://*.bizible.com https://*.bizibly.com https://*.newrelic.com https://*.nr-data.net https://*.surveymonkey.com https://*.ytimg.com http://j.6sc.co http://cdn.bizible.com http://bat.bing.com https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' sustainalytics.susc4318.eas.morningstar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://*.hotjar.com https://*.hotjar.io https://code.jquery.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com sustainalytics.susc4318.eas.morningstar.com *.azureedge.net *.google.com *.google-analytics.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://px.ads.linkedin.com *.eloqua.com https://*.hubspot.com track.hubspot.com https://js.hsleadflows.net https://*.hsforms.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.youtube.com https://*.6sc.co https://*.bizible.com https://*.bizibly.com http://b.6sc.co https://bat.bing.com https://cdn.insight.sitefinity.com web-chat.nativechat.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: sustainalytics.susc4318.eas.morningstar.com https://*.hotjar.com https://*.morningstar.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com sustainalytics.susc4318.eas.morningstar.com *.google.com *.analytics.google.com https://stats.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://*.hubspot.com https://*.hubapi.com https://api.hubapi.com https://*.hsforms.com https://*.hotjar.com wss://*.hotjar.com https://code.jquery.com *.6sc.co *.newrelic.com https://*.nr-data.net https://*.adnxs.com https://forms.hscollectedforms.net forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com sustainalytics.susc4318.eas.morningstar.com web-chat.nativechat.com; frame-src sustainalytics.susc4318.eas.morningstar.com https://*.google.com https://*.youtube.com https://*.gotowebinar.com/ https://youtu.be https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.hotjar.com https://*.hotjar.io https://*.podbean.com 'self' web-chat.nativechat.com forms.hsforms.com 1
script-src 'self' https://*.imedia.cz https://*.hit.gemius.pl https://www.stream.cz/static/embed/ https://*.seznam.cz; report-uri /cspreport; 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.ytimg.com; 1
upgrade-insecure-requests; frame-ancestors https://*.intranet.baywa.com/ 1
default-src 'self' 'unsafe-inline'; object-src 'none' 1
base-uri 'none';child-src 'none';connect-src 'self' https://play.vidyard.com https://noembed.com/ https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://go.esko.com/ https://privacyportalde-cdn.onetrust.com/ cloudflareinsights.com https://play.goconsensus.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://auth.statik.space/ https://js.zi-scripts.com https://px.ads.linkedin.com https://ws.zoominfo.com;default-src 'self';font-src 'self' https://fonts.gstatic.com data:;form-action 'self';frame-ancestors 'none';frame-src youtube.com www.youtube.com https://play.vidyard.com https://play.goconsensus.com https://bid.g.doubleclick.net https://www.google.com/ https://js.driftt.com https://widget.drift.com;img-src 'self' https: data: blob: http://play.vidyard.com www.googletagmanager.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com https://google.com;manifest-src 'self';media-src 'self' https://js.driftt.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com www.youtube.com https://play.vidyard.com https://cdn.jsdelivr.net/ https://privacyportalde-cdn.onetrust.com/privacy-notice-scripts/otnotice-1.0.min.js static.cloudflareinsights.com https://play.goconsensus.com https://www.googletagmanager.com https://cdn.cookielaw.org https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://js.driftt.com https://widget.drift.com https://sc.lfeeder.com https://js.zi-scripts.com https://snap.licdn.com;style-src 'self' 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;worker-src 'self'; 1
frame-ancestors 'self' *.aejuice.com aejuice.com 1
default-src 'none'; script-src 'nonce-661a4234de' 'nonce-15dc041cb7' 'nonce-c2caab0e4a' 'nonce-a8d8272ea9' 'nonce-0c8a02d379' 'nonce-359a084fe0' 'nonce-7073e4bb9f'  'self' 'unsafe-inline' 'unsafe-eval' blob: alfaview.com f.vimeocdn.com player.vimeo.com external.centralstationcrm.net alfaview.zammad.com; style-src 'self' 'unsafe-inline' alfaview.com; img-src 'self' data: alfaview.com i.vimeocdn.com alfaview.zammad.com; connect-src 'self' assets.alfaview.com external.centralstationcrm.net wss: alfaview.zammad.com eu-api.friendlycaptcha.eu; font-src 'self' data: alfaview.com; media-src 'self' alfaview.com; form-action 'self' alfaview.com external.centralstationcrm.net web.inxmail.com; frame-ancestors 'self' alfaview.com; frame-src 'self' player.vimeo.com 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'self' 'unsafe-inline'; img-src * 'self'; font-src * 'self'; connect-src * 'self'; frame-src * 'self' 1
frame-ancestors 'self' https://*.broward.edu https://*.smartsheet.com https://*.ally.ac; 1
frame-ancestors 'self' https://www.bing.com https://www.google.com https://*.search.yahoo.com https://www.naver.com https://www.baidu.com 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/; 1
frame-ancestors 'self' https://manage.hcinnovationgroup.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://go.mbopartners.com/analytics/ https://cse.expertrec.com/ https://clients1.google.com/ https://www.mbopartners.com/ https://www2.mbopartners.com/ https://go.mbopartners.com/ https://s29814.pcdn.co https://cmp.osano.com/ https://www.googletagmanager.com https://consent.trustarc.com https://www.google.com https://cse.google.com https://cdnjs.cloudflare.com https://*.linkedin.com/ https://www.linkedin.com platform.linkedin.com static-src.linkedin.com cdn.lms.linkedin.com https://ws.zoominfo.com/pixel https://fast.wistia.com/assets/external/ https://snap.licdn.com https://ws.zoominfo.com/pixel/6182e1822a7f11001b1fe727 https://fast.wistia.com/embed/medias/ https://pi.pardot.com/video/ https://mbopartners.wistia.com/medias/ https://*.jazz.co/ https://app.jazz.co/widgets/basic/create/mbopartners/ https://maps.googleapis.com/ https://platform.twitter.com/ https://partner.googleadservices.com/ https://consent.api.osano.com/ https://*.wistia.com/ https://*.wistia.net/ https://src.litix.io/ https://e.infogram.com/; worker-src 'self' blob:; connect-src 'self' https://expertrec.com/ https://www.google-analytics.com/ https://pagead2.googlesyndication.com/ https://mbo.my.salesforce-sites.com/ https://*.litix.io/ https://*.wistia.com/ https://*.wistia.net/ https://*.algolia.net/ https://fast.wistia.com/ https://connect-api.mbopartners.com https://connect-api-qa.mbopartners.com/ https://maps.googleapis.com https://px.ads.linkedin.com/wa/ https://*.linkedin.com/wa/ https://*.linkedin.com/ https://analytics.google.com https://s29814.pcdn.co https://consent.api.osano.com/record https://stats.g.doubleclick.net/ https://ws.zoominfo.com/pixel/collect https://www.google.co.in/ads/ https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://pipedream.wistia.com/ https://distillery.wistia.com/ https://fast.wistia.com/embed/medias/ https://embed-cloudfront.wistia.com/deliveries/ https://yoast.com/feed/widget/ https://ws.zoominfo.com/; font-src 'self' data: https://*.mbopartners.com/ https://www.mbopartners.com/ https://*.wistia.com/ https://cdnjs.cloudflare.com/ https://s29814.pcdn.co https://fonts.gstatic.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/ https://consent.trustarc.com platform.linkedin.com static-src.linkedin.com https://fast.wistia.com/assets/external/fonts/; img-src 'self' data:  https://www.adsensecustomsearchads.com/ https://*.mbopartners.com/ https://www.googletagmanager.com/ https://*.linkedin.com/ https://*.wistia.com/ https://*.wistia.net/ https://consent-pref.trustarc.com/defaultconsentmanager/ https://s29814.pcdn.co https://lh3.googleusercontent.com https://s31396.p1123.sites.pressdns.com https://consent.trustarc.com platform.linkedin.com static-src.linkedin.com https://px4.ads.linkedin.com https://px.ads.linkedin.com/collect https://www.google.co.in/ads/ https://www.linkedin.com/px/ https://secure.gravatar.com/avatar/ https://fast.wistia.com/assets/ https://embed-ssl.wistia.com/deliveries/ https://app.jazz.co/img/v1.1/logos/ https://www.comparably.com/static/skins/comparably_light/ https://*.comparably.com/ https://fast.wistia.com/embed/medias/ https://images.comparably.com/companies/mbo-partners/share-badge/ https://images.comparably.com/companies/mbo-partners/share-badge/medium-alt/leadership-score https://cdnassets.pagely.com/ https://www.google.com/ https://clients1.google.com/ *.google.com/ *.gstatic.com; media-src 'self' blob: data: https://www.mbopartners.com/ https://ssl.gstatic.com/dictionary/static/ https://*.wistia.com/ https://*.wistia.net/; style-src 'self' 'unsafe-inline' https://*.mbopartners.com/  https://use.fontawesome.com/ https://static.mbopartners.com/portal/colors/font-roboto-slab.css https://pro.fontawesome.com/releases/v5.15.4/css/all.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/brands.min.css https://www.google.com/cse/static/element/8435450f13508ca1/default+en.css https://www.google.com/cse/static/style/look/v4/default.css https://fonts.googleapis.com/  https://s29814.pcdn.co platform.linkedin.com static-src.linkedin.com  https://use.fontawesome.com/releases/ https://fast.wistia.com/;  style-src-elem 'unsafe-inline' https://*.mbopartners.com/ https://use.fontawesome.com/ https://static.mbopartners.com/portal/colors/font-roboto-slab.css https://s31396.p1123.sites.pressdns.com https://cdnjs.cloudflare.com/ https://www.google.com https://consent.trustarc.com https://s29814.pcdn.co https://www.mbopartners.com https://fonts.googleapis.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/releases/v6.5.1/css/ https://cdnjs.cloudflare.com/ajax/libs/apexcharts/; base-uri 'self'; form-action 'self' https://www2.mbopartners.com https://go.mbopartners.com/; frame-src https://mbopartners.co1.qualtrics.com/ https://www.mbopartners.com/ https://www2.mbopartners.com https://go.mbopartners.com/ https://s31396.p1123.sites.pressdns.com https://e.infogram.com/ https://go.mbopartners.com/ https://fast.wistia.com/ https://fast.wistia.net/ https://submit-irm.trustarc.com/ https://td.doubleclick.net/ https://consent-pref.trustarc.com/ https://platform.twitter.com/ https://www.adsensecustomsearchads.com/ https://consent.api.osano.com/; 1
default-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://unpkg.com/filepond@^4/dist/filepond.css https://unpkg.com/filepond@%5E4/dist/filepond.css; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com https://*.googletagmanager.com pi.pardot.com sjs.bizographics.com https://googleads.g.doubleclick.net https://www.googleadservices.com serve.albacross.com maps.googleapis.com serve.albacross.com khmjk5b61ggx.statuspage.io https://www.google.com www.gstatic.com www2.proemion.com app.box.com snap.licdn.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com *.clarity.ms app.usercentrics.eu https://unpkg.com/filepond-plugin-file-validate-type/ https://unpkg.com/filepond-plugin-file-validate-size/ https://unpkg.com/filepond@^4/ https://unpkg.com/filepond@%5E4/ https://tpc.googlesyndication.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com https://apps.elfsight.com/p/platform.js https://static.elfsight.com/ https://universe-static.elfsightcdn.com/ https://proemion.containers.piwik.pro/ https://proemion.piwik.pro/ppms.js https://bat.bing.com/; frame-src 'self' www2.proemion.com khmjk5b61ggx.statuspage.io www.google.com www.youtube.com app.box.com proemion.app.box.com proemiongmbh-my.sharepoint.com portal.productboard.com https://td.doubleclick.net https://*.safeframe.googlesyndication.com https://bid.g.doubleclick.net https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://consentcdn.cookiebot.com; media-src 'self' data: https://phosphor.utils.elfsightcdn.com/; img-src 'self' data: collect.albacross.com px.ads.linkedin.com px4.ads.linkedin.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat img.youtube.com i.ytimg.com ytimg.com maps.googleapis.com maps.gstatic.com www.linkedin.com https://ssl.gstatic.com https://www.gstatic.com *.usercentrics.eu new-collect.albacross.com https://*.clarity.ms https://*.bing.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://phosphor.utils.elfsightcdn.com/ https://phosphor.ivanenko.workers.dev https://static.elfsight.com https://proemion.containers.piwik.pro https://proemion.piwik.pro https://imgsct.cookiebot.com; connect-src 'self' dash.elfsight.com collect.albacross.com new-collect.albacross.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat *.clarity.ms api.usercentrics.eu consent-api.service.consent.usercentrics.eu aggregator.service.usercentrics.eu graphql.usercentrics.eu maps.googleapis.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://ad.doubleclick.net https://apps.elfsight.com/ https://storage.elfsight.com/ https://core.service.elfsight.com/ https://pagead2.googlesyndication.com/ https://proemion.containers.piwik.pro https://proemion.piwik.pro https://px.ads.linkedin.com; font-src 'self' data: https://fonts.gstatic.com cdn.jsdelivr.net; report-uri https://www.proemion.com/csp-violation-report/; report-to csp-endpoint 1
default-src 'self'; connect-src 'self' https://*.paytm.com https://*.paytmmall.com https://paytm.com https://paytmmall.com https://www.facebook.com https://www.google-analytics.com; font-src 'self' data: https://*.paytm.com https://media.flixcar.com https://media.flixfacts.com https://media.flixsyndication.net; form-action https://securegw.paytm.in https://www.facebook.com https://cart.paytm.com https://*.paytm.com https://*.paytmmall.com https://paytm.com https://paytmmall.com; frame-src 'self' https://*.paytm.com https://www.youtube.com https://bid.g.doubleclick.net https://dis.as.criteo.com https://gum.criteo.com https://media.flixcar.com https://www.facebook.com; img-src 'self' data: https://*.paytm.com https://*.paytm.in https://googleads.g.doubleclick.net https://*.mapmyindia.com https://*.bintray.com https://bintray.com https://media.flixcar.com https://media.flixfacts.com https://paytmofferlive.wpengine.com https://rt.flix360.com https://s3-ap-southeast-1.amazonaws.com https://s3-ap-south-1.amazonaws.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.google.com.sg https://d274ft55l0imju.cloudfront.net https://media.flixsyndication.net ; script-src 'unsafe-eval' 'unsafe-inline' https://*.mapmyindia.com https://*.bintray.com https://bintray.com https://*.paytm.com https://storage.googleapis.com https://connect.facebook.net https://d25w45cltkdr4r.cloudfront.net https://googleads.g.doubleclick.net https://media.flixcar.com https://media.flixfacts.com https://sslwidget.criteo.com https://static.criteo.net https://t.flix360.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://media.flixsyndication.net; style-src 'unsafe-inline' https://*.paytm.com https://*.mapmyindia.com https://*.bintray.com https://bintray.com https://media.flixcar.com https://media.flixfacts.com https://media.flixsyndication.net; worker-src 'self'; report-uri https://csp-report.mypaytm.com/reportcspviolations.php; media-src https://*.paytm.com; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.peach.com https://peach.com https://events.launchdarkly.com https://js-agent.newrelic.com https://*.nr-data.net https://*.googletagmanager.com ; style-src 'self' 'unsafe-inline' https://*.peach.com https://peach.com https://fonts.googleapis.com ; img-src 'self' data: blob: https://*.peach.com https://peach.com https://storage.googleapis.com https://purecatamphetamine.github.io ; font-src 'self' data: https://*.peach.com https://peach.com https://fonts.gstatic.com ; connect-src 'self' blob: blob https://*.peach.com https://peach.com https://storage.googleapis.com https://*.launchdarkly.com https://*.newrelic.com https://*.nr-data.net https://*.mux.com https://*.google-analytics.com ; media-src 'self' blob: https://*.peach.com https://peach.com https://storage.googleapis.com https://*.mux.com ; object-src 'none' ; frame-src 'self' https://*.peach.com https://peach.com ; child-src 'self' blob: blob ; worker-src 'self' blob: blob ; form-action 'self' https://*.peach.com https://peach.com ; manifest-src 'self' https://*.peach.com https://peach.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubyapps.io https://ajax.googleapis.com https://reports.hrmdirect.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://analytics.rubyapps.io https://reports.hrmdirect.com https://fonts.googleapis.com https://hello.myfonts.net; connect-src 'self' https://analytics.rubyapps.io https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://privacyportal.onetrust.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://cdn.cookielaw.org; frame-src 'self' https://analytics.rubyapps.io https://laborlawyers.hrmdirect.com https://communication.fisherphillips.com https://communications.fisherphillips.com blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://fisherphillips.powtoon.com https://www.podbean.com https://app.powerbi.com https://fisherphillips.hrmdirect.com https://reports.hrmdirect.com https://laborlawyers.hrmdirect.com; worker-src 'self' blob:; media-src 'self' data: https://vimeo.com https://www.youtube.com; frame-ancestors 'self'; object-src 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://staticcdn.aus.social; img-src 'self' https: data: blob: https://staticcdn.aus.social; style-src 'self' https://staticcdn.aus.social 'nonce-1RuBqZdLM3YUyy7WPOLTpw=='; media-src 'self' https: data: https://staticcdn.aus.social; frame-src 'self' https:; manifest-src 'self' https://staticcdn.aus.social; form-action 'self'; child-src 'self' blob: https://staticcdn.aus.social; worker-src 'self' blob: https://staticcdn.aus.social; connect-src 'self' data: blob: https://staticcdn.aus.social https://mediacdn.aus.social https://s3.ap-southeast-2.wasabisys.com wss://aus.social; script-src 'self' https://staticcdn.aus.social 'wasm-unsafe-eval' 1
default-src * blob: data:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.unibocconi.it/en/report-uri/enforce 1
frame-ancestors 'self' https://*.floranext.com https://floranext.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-47NGdh34bBw2fPsbVr/z8Q=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://federicoc-seyfarth-a40.udev1a.net https://w.soundcloud.com https://qa-seyfarth-a40.udev1a.net https://christianp-seyfarth-a40.udev1a.net https://seyfarth.usablenet.com https://a40.usablenet.com https://www.seyfarth.com https://seyfarth.usablenet.com https://cdn.cookielaw.org https://a40.usablenet.com https://ajax.googleapis.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://kit.fontawesome.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ ; style-src 'self' 'unsafe-inline' https://federicoc-seyfarth-a40.udev1a.net https://qa-seyfarth-a40.udev1a.net https://christianp-seyfarth-a40.udev1a.net https://seyfarth.usablenet.com https://a40.usablenet.com https://www.seyfarth.com https://fonts.googleapis.com https://hello.myfonts.net https://use.typekit.net https://p.typekit.net ; connect-src 'self' https://seyfarth.usablenet.com https://a40.usablenet.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://ka-f.fontawesome.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com ; font-src 'self' data: https://www.seyfarth.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net/ ; img-src 'self' data: blob: https://cdn.cookielaw.org https://www.seyfarth.com https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com ; frame-src 'self' mailto: blob: https://w.soundcloud.com https://a40.usablenet.com https://mail.google.com/ https://cdn.yoshki.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com https://www.google.com ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com ; frame-ancestors 'self' ; object-src 'self' ; 1
frame-ancestors 'none'; default-src 'self' blob:; worker-src blob:; img-src *.monetate.org t.co google.co.zw *.g.doubleclick.net *.googleusercontent.com *.google.co.uk *.2mdn.net *.doubleclick.net *.adnxs.com ib.adnxs.com google.com.tr *.google.ro *.google.com.hk google.com.hk google.com.sg google.gr google.ch google.dk google.bf google.gg google.kz google.com.cy google.lk google.es google.com.ph google.je google.no awin1.com *.awin1.com zenaps.com www.zenaps.com *.zenaps.com *.twitter.com twitter.com analytics.twitter.com *.clarity.ms *.bing.com *.contentsquare.net *.facebook.net data: http://sb.monetate.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com *.amazonaws.com geo-tracker.smadex.com *.monetate.net travisperkins.scene7.com *.travisperkins.co.uk https://www.travisperkins.co.uk dam-assets.apps.travisperkins.group *.dam-assets.apps.travisperkins.group google-analytics.com www.google-analytics.com *.google-analytics.com maps.googleapis.com maps.gstatic.com *.adservice.google.co.uk googletagmanager.com www.googletagmanager.com *.googletagmanager.com ad.doubleclick.net *.powerreviews.com p-eu.brsrvr.com *.demoup.com *.doubleclick.net ct.pinterest.com *.ct.pinterest.com pinterest.com t.co www.facebook.com *.facebook.com *.mediaiqdigital.com bat.bing.com res.cloudinary.com wss://*.hotjar.com *.c.contentsquare.net increasingly.co www.increasingly.co *.increasingly.co gstatic.com www.gstatic.com *.gstatic.com google.pt adservice.google.pt *.adservice.google.pt google.com *.google.com google.com.ua *.google.com.ua google.co.uk google.nl *.google.nl google.co.in *.google.co.in google.co.id *.google.co.id google.ad *.google.ad google.bg *.google.bg google.fr *.google.fr google.com.pk *.google.com.pk google.com.bd *.google.com.bd google.de *.google.de google.com.hk *.google.com.hk google.pl *.google.pl google.ie *.google.ie *.livechatinc.com *.youtube.com pixel-autofeed-custom-endpoint.uc.r.appspot.com; object-src 'none'; frame-src 'self' *.monetate.net *.livechatinc.com *.fls.doubleclick.net *.doubleclick.net pirbright.ac.uk *.pirbright.ac.uk www.pinterest.com *.pinterest.com www.pinterest.co.uk *.pinterest.co.uk www.pinterest.de *.pinterest.de www.pinterest.ie *.pinterest.ie *.travisperkins.co.uk https://www.travisperkins.co.uk www.facebook.com *.facebook.com pp.eshapay.net pp.ephapay.net dntcl.qualaroo.com *.doubleclick.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com vars.hotjar.com googleadservices.com www.googleadservices.com *.googleadservices.com www.youtube.com *.youtube.com googletagmanager.com www.googletagmanager.com *.googletagmanager.com pay.google.com; font-src 'self' *.amazonaws.com m7cdn.io *.m7cdn.io https://www.travisperkins.co.uk *.travisperkins.co.uk *.alicdn.com fonts.gstatic.com api.content.travisperkins.co.uk *.api.content.travisperkins.co.uk data: data; connect-src 'self' *.monetate.net *.livechatinc.com *.googlesyndication.com *.sciencebehindecommerce.com analytics.tiktok.com *.noibu.com wss://input.noibu.com *.clarity.ms maps.googleapis.com bat.bing.com *.contentsquare.net *.c.contentsquare.net *.feedspark.com www.facebook.com *.facebook.com *.increasingly.com *.increasingly.co *.hotjar.com wss://*.hotjar.com vc.hotjar.io *.onetrust.com *.amazonaws.com api.woosmap.com *.demoup.com *.powerreviews.com ct.pinterest.com *.ct.pinterest.com google-analytics.com www.google-analytics.com *.google-analytics.com analytics.google.com adservice.google.com google.com *.google.com *.doubleclick.net *.g.doubleclick.net *.travisperkins.co.uk api.edq.com stats.g.doubleclick.net *.stats.g.doubleclick.net prf.audiencemanager.de *.prf.audiencemanager.de *.audiencemanager.de google.com *.google.com google.com.ua *.google.com.ua google.co.uk *.google.co.uk google.nl *.google.nl google.co.in *.google.co.in google.co.id *.google.co.id google.ad *.google.ad google.bg *.google.bg google.fr *.google.fr google.com.pk *.google.com.pk google.com.bd *.google.com.bd google.de *.google.de google.com.hk *.google.com.hk google.pl *.google.pl google.ie *.google.ie atr-eu.veritonicmetrics.com api.uk.exponea.com; style-src 'self' 'unsafe-inline' api.content.travisperkins.co.uk *.monetate.net *.userconversion.com m7cdn.io *.m7cdn.io dev.m7cdn.io increasingly.co www.increasingly.co *.increasingly.co fonts.googleapis.com ui.powerreviews.com events.demoup.com cdn.parcellab.com *.cdn.parcellab.com *.livechatinc.com *.youtube.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.woosmap.com *.monetate.org *.pinimg.com www.zenaps.com *.brcdn.com *.qualaroo.com *.sciencebehindecommerce.com m7cdn.io *.brcdn.com *.adnxs.com *.googlesyndication.com analytics.tiktok.com *.tiktok.com *.facebook.net *.lavurtis.com lavurtis.com zenaps.com *.zenaps.com www.googleadservices.com *.noibu.com *.clarity.ms *.contentsquare.net app.contentsquare.com *.audiencemanager.de *.feedspark.com akt.audiencemanager.de api-internal.js *.demoup.com mpsnare.iesnare.com ui.powerreviews.com *.travisperkins.co.uk googletagmanager.com www.googletagmanager.com *.googletagmanager.com google-analytics.com www.google-analytics.com *.google-analytics.com www.googletagservices.com googleadservices.com www.googleadservices.com *.googleadservices.com maps.googleapis.com *.doubleclick.net ad.doubleclick.net *.ad.doubleclick.net *.monetate.net monetate.net cdn-ukwest.onetrust.com *.cdn-ukwest.onetrust.com *.hotjar.com www.dwin1.com cl.qualaroo.com ct.pinterest.com *.ct.pinterest.com increasingly.co www.increasingly.co *.increasingly.co connect.facebook.net *.connect.facebook.net static.ads-twitter.com *.ads-twitter.com analytics.twitter.com *.analytics.twitter.com s.pinimg.com bat.bing.com cdns.brsrvr.com *.cdns.brsrvr.com googleads.g.doubleclick.net *.googleads.g.doubleclick.net *.g.doubleclick.net static.demoup.com *.static.demoup.com api.content.travisperkins.co.uk *.api.content.travisperkins.co.uk google.com *.google.com *.livechatinc.com *.youtube.com cdn.veritonic.com api.uk.exponea.com static.powerreviews.com; media-src 'self' blob: *; ; report-uri /int-api/client-error-csp; report-to csp-endpoint 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:; worker-src  blob:;script-src * 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://*.carwise.com https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net/ https://www.google.com/* https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; style-src 'self' 'unsafe-inline' https://code.jquery.com/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com/ https://*.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net/ https://fonts.googleapis.com/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://stackpath.bootstrapcdn.com/ https://code.jquery.com/ https://*.gstatic.com https://cdn.jsdelivr.net/ https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io https://*.google.com; img-src * 'self' data: https: https://*.gstatic.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io https://cdn.jsdelivr.net/; font-src 'self' https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://apis.google.com https://*.jsdelivr.net/ https://*.google.com https://*.googleapis.com https://*.gstatic.com http://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; frame-src 'self' https://*.carwise.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com http://*.hotjar.io https://apis.google.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.io https://www.facebook.com/; connect-src 'self' https://graph.facebook.com/ https://www.google.com/maps/conversion/debug/collect https://www.google.com/maps/conversion/collect https://www.facebook.com/ https://maxcdn.bootstrapcdn.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io https://*.gstatic.com https://*.googleapis.com https://stats.g.doubleclick.net/; 1
frame-ancestors 'self' https://localhost:44369 https://www.cornwall.gov.uk https://test2.cornwall.gov.uk https://app-rnd-euw-ccwebsite.azurewebsites.net https://wa-npd-euw-ccwebsite-master.npd-publishing.cc.cornwallonline.net https://wa-npd-euw-ccwebsite-frontend.npd-publishing.cc.cornwallonline.net/ https://wa-prd-euw-ccwebsite-master.publishing.cc.cornwallonline.net https://wa-prd-euw-ccwebsite-frontend.publishing.cc.cornwallonline.net https://train-contact-centre.crm4.dynamics.com https://test-contact-centre.crm4.dynamics.com https://contact-centre.crm4.dynamics.com https://portal-gb.one.network; 1
frame-ancestors 'self' *.axonify.com *.marketo.com *.seismic.com; report-uri https://axonify.com/csp-report; report-to default; base-uri 'self'; form-action 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.axonify.com *.marketo.com *.seismic.com *.googletagmanager.com *.google.com *.mutinycdn.com *.vidyard.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.licdn.com *.unpkg.com *.cookielaw.org *.bizible.com *.listenlayer.com *.hotjar.com *.facebook.net *.marketo.net *.6sc.co *.clearbitscripts.com *.addthis.com *.g2crowd.com *.uxsniff.com unpkg.com *.doubleclick.net *.chilipiper.com; 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 1
frame-ancestors 'self' http://www.philips.com *.philips.com *.philips.com https://philipsigtdpv.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: assets.adobedtm.com bbva.d3.sc.omtrdc.net dpm.demdex.net *.googleapis.com fonts.gstatic.com addtocalendar.com youtube.com www.youtube.com www.youtube-nocookie.com cdn.cookielaw.org cdn-od.world-television.com od.world-television.com cdn-streamstudio-ondemand.world-television.com cdn-wowzacoder-node11.world-television.com cdn-wowzacoder-node12.world-television.com cdn-wowzacoder-node13.world-television.com cdn-wowzacoder-node14.world-television.com cdn-wowza.world-television.com cdn-wowza2.world-television.com cdn-wowza4.world-television.com cdn-wowza5.world-television.com cdn-wowza-zur-cn.worldtelevision.cn cdn-wowza2-zur-cn.worldtelevision.cn streamstudio.world-television.com streamstudio-static.world-television.com streamstudio-static-cloudflare cdn-streamstudio-china.worldtelevision.cn cdn-streamstudio.world-television.com gaia.world-television.com stats.world-television.com d3l7jhiu2gy1zw.cloudfront.net d3rheyut2722wp.cloudfront.net d2u0sqszc4zqzn.cloudfront.net d13g3vp355w9vi.cloudfront.net d3nodaywjsh67y.cloudfront.net d1wgay39cved2v.cloudfront.net d2wha8clrw9yga.cloudfront.net www.fbbva.es www.redleonardo.es www.premiosfronterasdelconocimiento.es www.multiverso-fbbva.es www.contrapunto-fbbva.es www.biophilia-fbbva.es www.frontiersofknowledgeawards-fbbva.es ec2-34-251-159-89.eu-west-1.compute.amazonaws.com www.fbbva.es edicion-j93xtwf5.openweb.bbva revision-j93xtwf5.openweb.bbva j93xtwf5.openweb.bbva code.jquery.com *.watchity.com pruebasserviciosinfobbva.gnoss.com serviciosdms.gnoss.com bbvafundacion2018.112.2o7.net bbvafundacionlaunch2020dev.112.2o7.net urlmaker.overon.es code.highcharts.com books.google.com cdn.jsdelivr.net cdnjs.cloudflare.com privacyportal-eu.onetrust.com *.fontawesome.com cdn.plot.ly; 1
base-uri 'self'; default-src 'self'; connect-src 'self' https://score.juicyscore.com https://fp.f-karta.ru https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://mc.yandex.com https://top-fwz1.mail.ru https://static.me-talk.ru https://vk.com https://widget.me-talk.ru wss://widget.me-talk.ru wss://stage01.adengi.tech wss://adengi.ru https://www.clarity.ms https://*.clarity.ms https://api.uxrocket.ru; script-src 'sha256-ssAHQ4lOt0zhSrAX7Nylh/o6CRFz5H6W4nMvRqvlkuk=' 'nonce-r4FEd3RDZVLysbDecDeLPw==' 'self' 'self' https://score.juicyscore.com https://fp.f-karta.ru https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://apis.google.com https://static.cloudflareinsights.com https://mc.yandex.ru https://yastatic.net https://top-fwz1.mail.ru https://widget.me-talk.ru https://static.me-talk.ru https://vk.com https://admin.verbox.ru https://api.uxrocket.ru https://www.clarity.ms 'sha256-oLIXfBs6AK+Gs8R3lD6oiZOHjTxYQhAldPxwgXVaAuY=' 'sha256-0Rv39jpO9vq0jUYFr5rGU8JJcirscZHuHOAB4lHiXxU=' 'sha256-hItK8kz5W0D0GyJ3gSAI/0HB8KzedsctfYs2B1FXBJA='; img-src 'self' https://www.googletagmanager.com https://www.google.ru https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://mc.yandex.ru https://mc.yandex.com https://vk.com https://vk.com/rtrg https://top-fwz1.mail.ru https://static.me-talk.ru https://pic.me-talk.ru https://id.vk.com https://m.vk.com https://login.vk.com https://s3-strapi-stage01.adengi.tech https://storage.yandexcloud.net data: https://*.clarity.ms https://*.bing.com; media-src 'self' https://static.me-talk.ru; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://api.uxrocket.ru; frame-src 'self' www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://mc.yandex.ru https://top-fwz1.mail.ru https://*.alfabank.ru blob:; form-action 'self'; frame-ancestors 'self' https://x5bank.ru https://x5bank-test-site.x5bank.ru https://x5card.ru https://x5card-test-site.x5card.ru https://x5card-preprod-site.x5card.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com; child-src https://mc.yandex.ru blob: ; object-src 'self'; report-uri /prometheus-report/report/adengi 1
default-src https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.qualtrics.com https://*.crazyegg.com https://*.cybersource.com https://beta.cyd3v0u8ig-oldcastle1-p1-public.model-t.cc.commerce.ondemand.com https://*.googleoptimize.com https://*.clarity.ms https://*.bing.com; img-src 'self' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.google-analytics.com https://*.opentext.com https://*.qualtrics.com https://beta.cyd3v0u8ig-oldcastle1-p1-public.model-t.cc.commerce.ondemand.com https://*.clarity.ms https://*.bing.com; font-src 'self' https://*.gstatic.com data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.googleoptimize.com https://*.clarity.ms https://cdn.jsdelivr.net/npm/instantsearch.css@8.1.0/themes/reset-min.css https://cdn.jsdelivr.net/npm/instantsearch.css@8.1.0/themes/satellite-min.css https://cdn.jsdelivr.net/npm/@algolia/autocomplete-theme-classic;worker-src blob: 1
script-src 'self' https://mpsnare.iesnare.com/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/analytics.js 'unsafe-inline'; object-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mamot.fr; img-src 'self' https: data: blob: https://mamot.fr; style-src 'self' https://mamot.fr 'nonce-eYodfnvKEjoZFWoXVA5WeA=='; media-src 'self' https: data: https://mamot.fr; frame-src 'self' https:; manifest-src 'self' https://mamot.fr; form-action 'self'; child-src 'self' blob: https://mamot.fr; worker-src 'self' blob: https://mamot.fr; connect-src 'self' data: blob: https://mamot.fr https://static.mamot.fr wss://mamot.fr; script-src 'self' https://mamot.fr 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.shopdutyfree.com; upgrade-insecure-requests; 1
object-src 'self'; form-action 'self' login.microsoftonline.com; frame-ancestors 'self' www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.youtube.com; worker-src 'self' blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googleapis.com https://www.dwin1.com https://*.veinteractive.com https://www.googleadservices.com https://www.zenaps.com https://machinemart.122.2o7.net https://www.youtube.com https://s.ytimg.com https://b.sli-spark.com https://*.criteo.com https://*.google.com https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com https://platform.twitter.com https://assets.pinterest.com https://log.pinterest.com https://vimeo.com https://*.dekopay.com https://*.g.doubleclick.net https://*.livechatinc.com https://*.securetrading.net https://*.cardinalcommerce.com https://widget.trustpilot.com https://*.adalyser.com https://dccf75d8gej24.cloudfront.net; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://maxcdn.bootstrapcdn.com; img-src 'self' data: https://img.youtube.com https://dccf75d8gej24.cloudfront.net https://csi.gstatic.com https://www.googletagmanager.com https://*.googleapis.com https://maps.gstatic.com https://machinemart.122.2o7.net https://*.veinteractive.com https://www.awin1.com https://e.machinemart.co.uk https://www.zenaps.com https://*.google-analytics.com https://*.analytics.google.com https://b.sli-spark.com https://*.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.ie https://*.gstatic.com https://*.pinterest.com https://s-passets.pinimg.com https://www.facebook.com https://syndication.twitter.com https://i.vimeocdn.com https://a.volvelle.tech https://go.flx1.com https://*.livechatinc.com https://dis.criteo.com https://gum.criteo.com https://pixel.tapad.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://public-prod-dspcookiematching.dmxleo.com https://s.ad.smaato.net https://gum.criteo.com https://sync-criteo.ads.yieldmo.com https://exchange.mediavine.com https://jadserve.postrelease.com https://ads.stickyadstv.com https://visitor.omnitagjs.com https://criteo-sync.teads.tv https://match.sharethrough.com https://contextual.media.net https://x.bidswitch.net https://id5-sync.com https://ad.360yield.com https://sync-t1.taboola.com https://r.casalemedia.com https://simage2.pubmatic.com https://secure.adnxs.com https://eb2.3lift.com https://sync.outbrain.com https://pixel.rubiconproject.com https://c.bing.com https://criteo-partners.tremorhub.com https://i.liadm.com https://e1.emxdgt.com https://sp.analytics.yahoo.com https://beacon.krxd.net https://tags.bluekai.com https://i6.liadm.com https://cdn.stickyadstv.com https://s.thebrighttag.com https://ib.adnxs.com https://rtb-csync.smartadserver.com https://cm.adform.net https://matching.ivitrack.com https://ad.yieldlab.net https://dpm.demdex.net https://ad.doubleclick.net https://adservice.google.com https://*.adalyser.com; font-src 'self' https://cdn.livechatinc.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://4894704.fls.doubleclick.net https://4735852.fls.doubleclick.net https://*.doubleclick.net https://fledge.eu.criteo.com https://www.googletagmanager.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.google.com https://www.google.co.uk https://f.chtah.com https://ebm.cheetahmail.com https://www.youtube.com https://*.veinteractive.com https://dis.eu.criteo.com https://gum.criteo.com https://s-static.ak.facebook.com https://staticxx.facebook.com https://www.facebook.com https://platform.twitter.com https://assets.pinterest.com https://player.vimeo.com https://syndication.twitter.com https://*.livechatinc.com https://*.securetrading.net https://*.cardinalcommerce.com https://widget.trustpilot.com; connect-src 'self' https://adservice.google.com https://*.veinteractive.com https://vimeo.com https://www.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://google.com https://pagead2.googlesyndication.com https://measurement-api.criteo.com https://stats.g.doubleclick.net https://log.pinterest.com https://api.livechatinc.com https://maps.googleapis.com https://*.ingest.sentry.io https://*.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com; media-src 'self' https://cdn.livechatinc.com; 1
default-src 'self' *.ibx.com *.doubleclick.net blob: data: https://cdsso.highmark.com/ https://statse.webtrendslive.com/ https://*.fullstory.com https://cdssotest.highmark.com https://player.vml.technology/ https://tr.outbrain.com https://*.dialogtech.com https://sp.analytics.yahoo.com https://pharmacy-rxportal-stage.sxc.com https://ibx.intelliresponse.com https://cdn.mouseflow.com *.googletagmanager.com *.cloudfront.net https://*.yimg.com https://amplify.outbrain.com/ https://www.googleoptimize.com/ https://www.gstatic.com/ https://pagead2.googlesyndication.com https://ib.mookie1.com/ https://bat.bing.com https://*.quantummetric.com https://collector-7863.tvsquared.com/ https://*.facebook.net https://www.facebook.com http://www.mookie.com/ http://typekit.com https://*.typekit.net https://snap.licdn.com https://tags.srv.stackadapt.com https://use.fontawesome.com https://ajax.googleapis.com/ https://cdnjs.cloudflare.com https://code.jquery.com/ http://www.healthinsurancehosting.com https://www.google-analytics.com/ https://www.googleadservices.com https://www.youtube.com https://www.googletagservices.com https://www.twitter.com https://www.instagram.com https://pinterest.com https://*.linkedin.com https://player.vimeo.com https://www.google.com/ https://cdn.wishpond.net/ https://embedded.wishpondpages.com https://feed.mikle.com http://feed.mikle.com https://analytics.google.com https://cdn.linkedin.oribi.io https://cdn.datatables.net https://*.dynamics.com/ https://*.azureedge.net https://*.microsoft.com https://edge.fullstory.com/ 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.ibx.com https://*.dynamics.com/ https://*.azureedge.net https://*.microsoft.com 1
frame-ancestors https://platform.nexo.io https://platform.nexo.com https://support.nexo.io https://support.nexo.com https://nexosurvey.force.com https://nexoio.lightning.force.com https://nexoio--c.visualforce.com https://nexoio.my.site.com 1
default-src 'self'; script-src 'nonce-692462AD16A93A6C406BF1657B4D2F24' 'sha256-HnqcJKdXH/Sl216fo05VaniEJ1icgxbI07COWTMEo18=' 'self' https://acsbapp.com/ http://tools.euroland.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://d3e54v103j8qbb.cloudfront.net/ https://tools.euroland.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://www.gstatic.com/ https://cc.cdn.civiccomputing.com/ https://player.vimeo.com https://www.googletagmanager.com/ https://www.google.com/; font-src 'self' data: https://acsbapp.com/ https://fonts.gstatic.com/; style-src 'self' 'unsafe-inline' embed.typeform.com https://fonts.googleapis.com/; connect-src 'self' api.typeform.com *.google-analytics.com *.webflow.com *.acsbapp.com/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://clapi.civiccomputing.com/ https://pagead2.googlesyndication.com/ https://apikeys.civiccomputing.com/ https://www.google-analytics.com/  https://www.googletagmanager.com/ https://www.google.com/ https://our.umbraco.com/ *.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' rive.app form.typeform.com https://cdn.embedly.com/ https://gamma.euroland.com/ https://www.googletagmanager.com/ https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ https://tools.eurolandir.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.co.uk/ads/ga-audiences https://entaingroup.com/ https://www.googletagmanager.com/ https://web1.acsbapp.com/ https://acsbapp.com/ https://uploads-ssl.webflow.com/ https://i.vimeocdn.com/ https://dashboard.umbraco.com/ https://our.umbraco.com/ https://www.google.com/ https://www.google-analytics.com/ https://www.bing.com/ https://www.github.com/ https://github.com/; object-src 'none'; base-uri 'self'; media-src 'self' https://web1.acsbapp.com/; worker-src blob: 'self'; 1
frame-ancestors 'self' *.cort.com 1
upgrade-insecure-requests; report-to endpoint; report-uri https://report.api.jtl-software.com/csp/; default-src 'self';base-uri 'self';form-action 'self' www.facebook.com/tr/ kundencenter.jtl-software.de checkout.jtl-software.com;frame-ancestors 'self';connect-src *;font-src 'self' cdn.jtl-software.com fonts.gstatic.com/s/roboto/v30/ data:;frame-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.facebook.com/tr/ consent.jtl-software.de;child-src 'self' www.youtube.com/embed/ www.youtube-nocookie.com/embed/ td.doubleclick.net www.google.com/recaptcha/api2/anchor www.recaptcha.net/recaptcha/api2/anchor www.facebook.com/tr/ consent.jtl-software.de;img-src 'self' cdn.jtl-software.com img.youtube.com i.ytimg.com px.ads.linkedin.com googleads.g.doubleclick.net/pagead/ www.google.de/ads/ga-audiences *.google.at *.google.ch *.google.com *.google.co.uk *.google.de *.google.es *.google.fr *.google.it *.google.pl *.google.com.tr *.google.se www.google-analytics.com/collect stats.g.doubleclick.net/g/collect wwww.googletagmanager.com maps.googleapis.com/maps/ maps.gstatic.com/mapfiles/ www.facebook.com/tr/ www.facebook.com/privacy_sandbox/pixel/register/trigger/ c.clarity.ms/c.gif c.bing.com/c.gif bat.bing.com/action/0 bilder.jtl-software.de data:;object-src 'none';script-src 'self' cdn.jtl-software.com www.youtube.com/iframe_api www.youtube.com/s/player/ snap.licdn.com/li.lms-analytics/insight.min.js www.googleadservices.com/ googleads.g.doubleclick.net/pagead/ www.google.com/pagead/ www.recaptcha.net/recaptcha/api.js www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/ www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ec.js www.googletagmanager.com/gtm.js www.googletagmanager.com/gtag/ www.googletagmanager.com/debug/ maps.googleapis.com/maps/ maps.googleapis.com/maps-api-v3/api/js/ connect.facebook.net/en_US/fbevents.js connect.facebook.net/signals/config/ www.clarity.ms/tag/kmqrcg56hz www.clarity.ms/s/ bat.bing.com/bat.js bat.bing.com/p/action/56224185.js stats.jtl-software.de/matomo.js crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.js 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' cdn.jtl-software.com fonts.googleapis.com/css crm.jtl-software.de consent.jtl-software.de/dist/client/privacy.css 'unsafe-inline';worker-src 'self' www.google.com/recaptcha/api2/webworker.js blob:; 1
default-src wss://sdp-chatbot.cluster02.viind.io/socket.io.multitenant/ https: data: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://multimaps360.de/ https://geoportal.augsburg.de/; img-src 'self' https://*.kunden.team23.de/ https://*.augsburg-api.de/ https://*.cartocdn.com/ https://*.augsburg.de/ https://api.mapbox.com/ https://api.service-digitale-verwaltung.de/ blob: data:; 1
frame-ancestors 'self' *.sascar.com.br *.masternautconnect.com flota-conectada.michelin.com.ar flotasconectadas.michelin.com.ar *.connectedfleet.michelin.com; 1
frame-ancestors www.bto.org app.bto.org data.bto.org; 1
default-src 'self'; form-action 'self' https://*.hsforms.com; object-src 'self'; connect-src 'self' https://api.github.com https://*.hsforms.com https://element.io https://*.hs-banner.com https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com; media-src 'self' https://element.io; style-src 'self' 'unsafe-inline' https://element.io https://*.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://element.io data: https://fonts.gstatic.com; img-src 'self' https://element.io data: https://matomo.riot.im/matomo.php https://*.hsforms.com https://*.hubspot.com https://px.ads.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://element.io https://cdnjs.cloudflare.com https://*.cloudfront.net https://ajax.googleapis.com https://matomo.riot.im/matomo.js https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://js-eu1.hsadspixel.net/fb.js https://js-eu1.hscollectedforms.net/collectedforms.js  https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js; child-src 'self' https://*.hsforms.com; frame-src youtube.com www.youtube-nocookie.com https://*.hsforms.com; 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-5DwLpBELTrbzydalAKnfFCEuAuk=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'self' https://go.mercurycards.com; style-src * 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors 'self' https://cp.apply.creditkarma.com/ https://*.facebook.com https://embedded.creditkarma.com/ http://development.amazon.com/ http://pre-prod.amazon.com/ https://www.amazon.com/ https://*.amazon.com/; frame-src 'self' blob: https://testflex.cybersource.com https://flex.cybersource.com https://cmp.osano.com https://connect2.finicity.com https://hcaptcha.com https://*.hcaptcha.com https://s.amazon-adsystem.com https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/ https://1.b406929acabac9b095f124c81bdfcf57f.com/ https://1.c81358859121583b7adf2ace89cb39f44.com/ https://bcdn-god.we-stats.com https://mercuryfinancialciam.okta.com https://www.google.com https://www.inspectlet.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://cdn.trustev.com; object-src 'self' blob:; font-src 'self' * data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://testflex.cybersource.com https://flex.cybersource.com https://cmp.osano.com https://go.mercurycards.com https://banner.urlgeni.us https://hcaptcha.com https://*.hcaptcha.com https://c.amazon-adsystem.com https://bcdn-god.we-stats.com https://*.qualtrics.com https://*.fullstory.com https://www.googleadservices.com https://partner.googleadservices.com https://tagmanager.google.com https://mpsnare.iesnare.com https://googlesyndication.com https://www.mercurycards.com https://workforcenow.adp.com https://adservice.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googletagservices.com https://aa.agkn.com/adscores http://www.macromedia.com https://aa.agkn.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://api.cybersource.com https://apitest.cybersource.com https://cdnjs.cloudflare.com/ https://d10lpsik1i8c69.cloudfront.net https://connect.facebook.net https://cdn.inspectlet.com https://app.trustev.com https://cdn-us.trustev.com https://tpc.googlesyndication.com https://static.ads-twitter.com https://snap.licdn.com blob:; connect-src 'self' https://testflex.cybersource.com https://flex.cybersource.com https://disclosure.api.osano.com https://consent.api.osano.com https://tattle.api.osano.com https://hcaptcha.com https://*.hcaptcha.com wss://mpsnare.iesnare.com https://wup.mercurycards.com https://logs.mercurycards.com https://mercuryfinancialciam.okta.com https://siteintercept.qualtrics.com https://edge.fullstory.com https://rs.fullstory.com https://*.fullstory.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.cybersource.com https://apitest.cybersource.com https://pagead2.googlesyndication.com https://settings.luckyorange.net https://hn.inspectlet.com wss://ws.inspectlet.com https://app.trustev.com https://cdn-us.trustev.com https://cdn.trustev.com; media-src 'self' data: wss://mpsnare.iesnare.com https://mpsnare.iesnare.com 1
default-src 'self';style-src 'self' 'sha256-tjQTtXkYiWID5ao1b88RJ1crbevuQyaNMKtJGFcGhuQ=' fonts.googleapis.com;font-src 'self' fonts.gstatic.com 1
default-src 'self' 'unsafe-inline';  style-src 'self' 'unsafe-inline' https://*.recaptcha.net https://*.twitter.com *.bing.com https://*.fonts.net https://*.bazaarvoice.com; script-src 'self' 'unsafe-inline'  'unsafe-eval' https://storage.cloud.kargo.com https://*.recaptcha.net  https://*.twimg.com https://*.bing.com https://*.gstatic.com https://*.google.com https://*.everesttech.net https://*.dotomi.com https://*.iovation.com  https://*.bridgestonetire.com https://*.iesnare.com https://*.akamaihd.net https://*.bazaarvoice.com https://*.jquery.com  https://*.twitter.com https://*.ads-twitter.com https://*.virtualearth.net https://assets.adobedtm.com https://*.bing.com https://*.googletagmanager.com https://pixel.everesttech.net https://*.pinimg.com https://*.googleadservices.com https://*.google-analytics.com https://*.iperceptions.com https://*.everestjs.net https://www.youtube.com https://*.firestonecompleteautocare.com https://*.tiresplus.com https://*.wheelworks.net https://*.hibdontire.com https://*.hotjar.com https://*.facebook.net https://*.ytimg.com https://*.netmng.com https://*.doubleclick.net; connect-src *; frame-src 'self' https://*.recaptcha.net https://*.twitter.com https://*.google.com https://*.pinterest.com https://www.youtube.com https://*.doubleclick.net https://*.iperceptions.com https://*.facebook.com https://*.hotjar.com https://*.demdex.net https://*.bazaarvoice.com; img-src * data: blob:;  media-src 'self' https://*.iesnare.com; font-src 'self' https://*.bazaarvoice.com https://*.fonts.net data: 1
default-src 'self' 'unsafe-inline' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.cookielaw.org https://www.googletagmanager.com https://addsearch.com https://www.google-analytics.com https://www.googleanalytics.com https://snap.licdn.com https://www.redditstatic.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://analytics.tiktok.com https://connect.facebook.net https://j.6sc.co https://amplify.outbrain.com https://tr.outbrain.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hubspot.com https://js.hsforms.net https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/releases/ https://s8.searchcdn.com https://grid.is https://edge.fullstory.com https://www.comeet.co https://player.vimeo.com https://www.youtube.com https://cdn.ampproject.org https://bugcrowd.com https://assets.bugcrowdusercontent.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://dev.visualwebsiteoptimizer.com https://js.hscta.net https://cta-service-cms2.hubspot.com https://tagmanager.google.com https://www.gstatic.com https://bat.bing.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.addsearch.com https://*.cloudfront.net https://optimize.google.com https://www.comeet.com https://tagmanager.google.com https://www.googleoptimize.com; img-src 'self' https: data: blob:; connect-src 'self' https://api.ipstack.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://fb-capi.rapyd.net https://analytics.google.com https://www.google-analytics.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://ipv6.6sc.co https://analytics.tiktok.com https://dashboard.rapyd.net https://cta-service-cms2.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cdn.linkedin.oribi.io https://c.6sc.co https://edge.fullstory.com https://rs.fullstory.com https://secure.adnxs.com https://dev.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-ancestors 'self' https://grid.is https://www.rapyd.is; frame-src https://www.rapyd.net https://aax-eu.amazon-adsystem.com https://www.facebook.com https://optimize.google.com https://www.google.com https://forms.hsforms.com https://grid.is https://www.rapyd.is https://www.comeet.co https://player.vimeo.com https://bugcrowd.com https://www.googleoptimize.com https://www.youtube.com 1
frame-ancestors *.baunetz.de; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.mapy.cz google.com *.imedia.cz c.seznam.cz *.doubleclick.net https://*.adform.net https://*.facebook.net https://*.googletagmanager.com https://snippet.capybara.lmc.cz https://buttons.github.io/buttons.js https://www.youtube.com https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; style-src 'self' 'unsafe-inline' https://snippet.capybara.lmc.cz https://api.mapy.cz https://cdn.jsdelivr.net https://*.vimeo.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; font-src 'self' https://snippet.capybara.lmc.cz https://api.mapy.cz data: https://cdn.jsdelivr.net https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; img-src 'self' data: *.google.com *.google.cz *.seznam.cz *.openstreetmap.org https://i.ytimg.com https://api.mapy.cz https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz; connect-src 'self' webtrack.bvv.cz https://api.capybara.lmc.cz *.sentry.io https://api.mapy.cz https://liveupdate.pimcore.org https://noembed.com https://cdn.plyr.io https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz *.google.com *.doubleclick.net *.googlesyndication.com *.google-analytics.com *.google.cz; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.vimeo.com https://*.facebook.com https://*.twitter.com https://*.instagram.com https://*.lmc.cz https://*.bvv.cz 1
object-src 'none'; form-action 'self'; frame-ancestors *; frame-src * 1
frame-ancestors 'self' *.issgovernance.com *.strategic-i.com *.issmarketintelligence.com *.brightscope.com *.flowspring.com *.investoreconomics.com *.issliquidmetrix.com *.financial-clarity.com *.mortgage-clarity.com *.mylocaladviser.co.uk *.matrixsolutions.co.uk *.pflresearch.com *.529conference.com *.simfund.com *.fundfiling.com *.sionline.com *.annuityinsight.com *.genesysresearch.net *.fundinteltools.com *.funddiligence.com; 1
style-src 'unsafe-inline' 'self' https: ; frame-ancestors 'self'; object-src 'none'; script-src 'nonce-TjhrbkNvWTNKRlR2ZWNEaWJKc1BFVHdrVlZzTHJ5U0I' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample' https: http:; base-uri 'none'; report-uri https://www.childcare.co.uk/app/csp-reports 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.outlooktraveller.com;block-all-mixed-content; 1
connect-src 'self' https://* http://* wss://* 1
script-src 'self' 'unsafe-inline' *.americancentury.com *.brightedge.com *.cludo.com *.collect.igodigital.com *.cookielaw.org *.jquery.com *.onetrust.com *.onetrust.io *.usabilla.com *.vidyard.com ajax.cloudflare.com cdn.optimizely.com fecdn.user1st.info https://activitymap.adobe.com/sc15/activitymap/ https://ajax.googleapis.com https://assets.adobedtm.com https://cdn-assets-prod.s3.amazonaws.com/js/preview2/ https://cdn3.optimizely.com/js/geo4.js https://connect.facebook.net https://d6tizftlrpuof.cloudfront.net/live/scripts/campaign-include/ https://gateway.answerscloud.com/americancentury/production/gateway.min.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://ok1static.oktacdn.com https://optimizely.s3.amazonaws.com https://snap.licdn.com https://surfly-us.com https://tags.srv.stackadapt.com https://tpc.googlesyndication.com https://www.datadoghq-browser-agent.com https://www.googleadservices.com https://www.googletagmanager.com js.idio.co pi.pardot.com ssl.google-analytics.com static.cloudflareinsights.com www3.financialtrans.com; connect-src 'self' *.americancentury.com *.bc0a.com *.brightedge.com *.browser-intake-datadoghq.com *.cludo.com *.cookielaw.org *.onetrust.com *.onetrust.io *.optimizely.com https://adservice.google.com/pagead/ https://api.iconify.design/ https://api.simplesvg.com/ https://api.unisvg.com/ https://browser-intake-datadoghq.com/* https://cdn-assets-prod.s3.amazonaws.com/js/preview2/ https://cdn.linkedin.oribi.io https://dpm.demdex.net https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://px.ads.linkedin.com/attribution_trigger* https://px.ads.linkedin.com/wa/ https://surfly-us.com https://tags.srv.stackadapt.com/ https://verify.avantisinvestors.com https://verifytest.avantisinvestors.com/api/v1/authn https://verifytest.avantisinvestors.com/api/v1/authn/recovery/password https://www.google.com/pagead/ play.vidyard.com; default-src 'self' *.americancentury.com *.avantisinvestors.com; font-src 'self' *.americancentury.com https://1.www.s81c.com/common/carbon/plex/fonts/* https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/* ok1static.oktacdn.com; frame-src *.americancentury.com *.moneyguidepro.com *.optimizely.com americancentury.demdex.net fecdn.user1st.info https://9141790.fls.doubleclick.net https://activitymap.adobe.com https://d6tizftlrpuof.cloudfront.net https://play.vidyard.com https://surfly-us.com https://td.doubleclick.net tpc.googlesyndication.com; img-src 'self' *.americancentury.com *.bc0a.com *.brightedge.com *.cloudinary.com *.cludo.com *.collect.igodigital.com *.cookielaw.org *.linkedin.com *.usabilla.com *.vidyard.com a.idio.co data: dpm.demdex.net https://ad.doubleclick.net https://cm.everesttech.net https://d6tizftlrpuof.cloudfront.net https://event.mrtnsvr.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://image6.pubmatic.com https://p.adsymptotic.com https://pixel.tapad.com https://ssl.google-analytics.com https://www.avantisinvestors.com https://www.facebook.com https://www.google.com/pagead/1p-user-list/ stats.g.doubleclick.net; prefetch-src play.vidyard.com; style-src 'self' 'unsafe-inline' *.americancentury.com *.bc0a.com *.cludo.com ajax.googleapis.com https://fonts.googleapis.com https://gateway.answerscloud.com https://gateway.foresee.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://tags.srv.stackadapt.com https://www3.financialtrans.com ok1static.oktacdn.com; worker-src *.americancentury.com blob:; 1
default-src 'self'; connect-src 'self' analytics.gov.yk.ca ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.gov.yk.ca https://ajax.googleapis.com https://yukon.ca https://widget.time.is static.addtoany.com; style-src 'self' maxcdn.bootstrapcdn.com 'unsafe-inline' https://yukon.ca ; img-src 'self' https://yukon.ca data: https://analytics.gov.yk.ca https://*.tile.openstreetmap.org ; font-src 'self' https://yukon.ca https://maxcdn.bootstrapcdn.com ; frame-src 'self' https://www.youtube.com https://www.instagram.com https://instagram.com https://player.vimeo.com; 1
default-src 'self' *.spim.ru spim.ru bid.g.doubleclick.net *.doubleclick.net yandex.ru yt3.ggpht.com youtube.com *.youtube.com goodmod.ru antisovetnic.ru kicksovetnik.ru *.kaspersky-labs.com *.vgtrk.com *.jivosite.com *.yandex.ru *.doubleclick.net *.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' antisovetnic.ru https://pay.yandex.ru/ https://mc.yandex.com cdn.rutarget.ru vk.com yandex.ru goodmod.ru  kicksovetnik.ru youtube.com *.youtube.com yt3.ggpht.com www.googletagmanager.com pickpoint.ru ajax.googleapis.com widget.bookform.ru vk.com  bid.g.doubleclick.net ssl.google-analytics.com google-analytics.com spim.ru *.spim.ru yandex.st *.criteo.net *.criteo.com *.mail.ru *.yandex.ru *.googleadservices.com www.google-analytics.com yandex.ru *.begun.ru *.jivosite.com cdn.retailrocket.ru *.doubleclick.net *.rambler.ru yastatic.net *.maps.yandex.net *.artfut.com *.mango-office.ru connect.facebook.net chimpstatic.com cdn.jsdelivr.net *.google.com *.gstatic.com; frame-src 'self' passport.yandex.ru https://mc.yandex.ru/ rutube.ru *.1tv.ru https://vk.com https://pay.yandex.ru/ https://sandbox.pay.yandex.ru/ mc.yandex.md tag.rutarget.ru widget.bookform.ru player.vgtrk.com antisovetnic.ru youtube.com yt3.ggpht.com  yandex.ru *.youtube.com yt3.ggpht.com *.criteo.com *.criteo.net yastatic.net api-maps.yandex.ru *.maps.yandex.net *.doubleclick.net www.facebook.com *.gstatic.com *.google.com vk.com code.jivosite.com; object-src 'self' blob: *; img-src 'self' blob: * https://mc.yandex.ru https://pay.yandex.ru/ spimg.ru *.spim.ru pozvonok.ru *.pozvonok.ru antisovetnic.ru yandex.ru data:; font-src 'self' *.spim.ru * data:; connect-src 'self' spim.ru *.spim.ru *.doubleclick.net https://pay.yandex.ru/ mc.yandex.com www.google-analytics.com *.mail.ru mc.yandex.md *.jivosite.com yandex.ru antisovetnic.ru https://tracking.retailrocket.net/ https://dsp.retailrocket.net/ https://mc.yandex.ru wss://*.jivosite.com/ vk.com suggestions.dadata.ru www.facebook.com analytics.google.com;  style-src 'self' *.spim.ru 'unsafe-inline' 'unsafe-eval' 'self' * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.ecal.com/ https://cdn.livechatinc.com/tracking.js https://*.livechatinc.com/ https://*.livechat-files.com/ https://*.livechat-static.com/ https://region1.analytics.google.com/ https://player.vimeo.com/ https://tagmanager.google.com/ https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json https://js-eu1.hs-banner.com/v2/26048079/banner.js  https://js-eu1.usemessages.com/conversations-embed.js https://*.lfeeder.com https://*.clarity.ms/ https://ldynamicspublicapi.leadforensics.com  https://webeo-web-content.s3-eu-west-1.amazonaws.com/ https://cdn.jsdelivr.net https://js-eu1.hs-analytics.net/ https://*.hubspot.com/ https://px4.ads.linkedin.com/ https://match.adsrvr.org/ https://insight.adsrvr.org/ https://cdn.linkedin.oribi.io/ https://secure.leadforensics.com/ https://js.adsrvr.org/up_loader.1.1.0.js https://www.googleadservices.com/pagead/conversion_async.js https://servedby.flashtalking.com/ https://connect.facebook.net/ https://bat.bing.com/ https://*.doubleclick.net/ddm https://snap.licdn.com/ https://js.adsrvr.org/up_loader.1.1.0.js https://pagead2.googlesyndication.com/ https://js-eu1.hs-banner.com/26048079.js https://js-eu1.hsleadflows.net/leadflows.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-analytics.net/analytics/1666790100000/26048079.js https://servedby.flashtalking.com https://ssl.google-analytics.com https://*.clubwembley.com https://*.wembleystadium.com  https://*.hs-scripts.com https://*.onetrust.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://maps.googleapis.com https://apps.sitecore.net https://*.wembleystadium.com https://*.blob.core.windows.net https://*.fontawesome.com https://www.googletagmanager.com https://ajax.googleapis.com https://code.jquery.com https://*.google-analytics.com https://*.doubleclick.net https://*.addthis.com https://z.moatads.com https://v1.addthisedge.com; img-src 'self' data: https://ssl.gstatic.com/ https://*.lfeeder.com https://*.clarity.ms/ https://forms-eu1.hsforms.com https://*.hubspot.com/ https://www.linkedin.com/ https://px.ads.linkedin.com https://www.facebook.com/ https://bat.bing.com/ https://www.google.nl/ https://*.livechatinc.com/ https://*.livechat-files.com/ https://*.livechat-static.com/ https://*.clubwembley.com  https://*.hs-scripts.com https://*.onetrust.com https://*.thefa.com https://cdn.thefa.com https://maps.gstatic.com https://*.wembleystadium.com https://maps.googleapis.com https://*.blob.core.windows.net https://ssl.google-analytics.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.ecal.com/ https://tagmanager.google.com/ https://webeo-web-content.s3-eu-west-1.amazonaws.com https://*.livechatinc.com/ https://cdn.livechatinc.com/tracking.js https://*.clubwembley.com  https://*.hs-scripts.com https://fonts.googleapis.com https://*.wembleystadium.com https://*.blob.core.windows.net; font-src 'self' 'unsafe-inline'  https://cdn.livechatinc.com https://fonts.gstatic.com https://*.wembleystadium.com https://*.blob.core.windows.net https://*.fontawesome.com https://www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://www.hackerrank.com; 1
default-src 'self'; connect-src 'self' https: wss: http://*.mktoresp.com/; script-src 'self' 'nonce-YmE0ZDZjZGMtMzllMy00M2ZhLWJmNDUtODQxODkyZDUyYTJh' blob: https://s3.amazonaws.com/ https://www.google.com/ https://insights.amcor.com www.googletagmanager.com https://apis.google.com https://snap.licdn.com 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-wJnaEuXlpn5L1KZNPUoGker+9rMHauazCwaRW2W1Cgk=' 'sha256-AbbBgCnZmDtAJF45O21UMnyhPTGCFq7BwU9LGANWPhA=' 'sha256-ET35hd5T26bYi7UrLoRy4dMQYZlPVn2l6lM9i3c+dZY=' https://js-na1.hs-scripts.com https://script.hotjar.com/ https://www.gstatic.com/ https://netlify-rum.netlify.app/ https://share-eu1.hsforms.com/ https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/ https://maps.googleapis.com/ https://tools.euroland.com/ https://widget.surveymonkey.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://www.google.com/recaptcha/api.js http://js.hs-scripts.com/ https://js.hs-analytics.net/ https://js.hsleadflows.net/ https://js.hsadspixel.net/ https://js.hs-banner.com/ https://js.usemessages.com/ http://munchkin.marketo.net/ http://unpkg.com/ http://js.hsforms.net/forms/v2.js; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; media-src 'self' https: data: blob: https://videos.ctfassets.net; base-uri 'self'; frame-src 'self' https: http://*.libsyn.com/; img-src 'self' https: data: www.googletagmanager.com http://images.ctfassets.net/ blob:; frame-ancestors 'self' https://app.contentful.com; 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'self'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
default-src 'self' https://*.demdex.net https://*.omtrdc.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.quest.com https://*.oneidentity.com https://*.syslog-ng.com https://syslog-ng.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://dpm.demdex.net https://questsoftware.sc.omtrdc.net https://questdsgsupport.112.2o7.net https://*.hotjar.com https://*.hotjar.io https://googleads.g.doubleclick.net https://tagmanager.google.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.usemessages.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com; img-src 'self' https://*.spotlightessentials.com https://*.spotlightcloud.io https://*.kacecloud.com https://cm.everesttech.net https://*.demdex.net https://*.omtrdc.net https://*.112.2o7.net https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/pagead/ https://www.gstatic.com https://ssl.gstatic.com https://googleads.g.doubleclick.net https://track.hubspot.com https://forms.hubspot.com data:;font-src 'self' https://fonts.gstatic.com data:; frame-src https://*.hotjar.com https://*.hotjar.io https://questsoftware.demdex.net; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://dpm.demdex.net https://questsoftware.sc.omtrdc.net https://forms.hubspot.com https://api.hubspot.com https://api.hsforms.com https://www.google-analytics.com; 1
frame-ancestors 'self' https://www.magentasport.de 1
frame-ancestors 'self' backoffice.cmrcmm6y-boelstoph1-d1-public.model-t.cc.commerce.ondemand.com backoffice.cmrcmm6y-boelstoph1-s1-public.model-t.cc.commerce.ondemand.com backoffice.cmrcmm6y-boelstoph1-p1-public.model-t.cc.commerce.ondemand.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.b2clogin.com https://*.cmrcmm6y-boelstoph1-p1-public.model-t.cc.commerce.ondemand.com https://www.boels.com https://*.boels.com https://api.boels.com https://integratewith.boels.com https://jsapps.boels.com https://mediahub.boels.com https://prod.boels.com https://api.db-ip.com https://dc.services.visualstudio.com https://fonts.googleapis.com https://www.gstatic.com https://maps.gstatic.com https://fonts.gstatic.com https://i.ytimg.com https://recaptcha.net https://use.fontawesome.com  https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://trc.taboola.com https://*.adroll.mgr.consensu.org https://*.hotjar.io https://in.hotjar.com https://vc.hotjar.io wss://*.hotjar.com wss://wss://*.hotjar.com https://script.hotjar.com https://*.my.salesforce-sites.com https://*.my.salesforce.com https://*.salesforceliveagent.com https://*.vf.force.com https://service.force.com https://login.salesforce.com https://ads.yahoo.com https://adservice.google.com https://analytics.google.com https://openx.net  https://api.leadgenapp.io https://bam.nr-data.net https://bat.bing.com https://app.talkjs.com https://www.bing.com https://www.facebook.com https://www.google-analytics.com https://cbks0.googleapis.com https://cdn.jsdelivr.net https://connect.facebook.net https://d.adroll.com https://dsum-sec.casalemedia.com https://eb2.3lift.com https://forms.leadgenapp.io https://geo0.ggpht.com https://graph.facebook.com https://ib.adnxs.com https://idsync.rlcdn.com https://ipv4.d.adroll.com https://js-agent.newrelic.com https://khms0.googleapis.com  https://khms1.googleapis.com https://lh3.ggpht.com https://www.google.be https://www.google.com https://www.google.com.ua https://www.google.de https://www.google.dk https://www.google.fr https://www.google.lu https://www.google.nl https://consent.cookiebot.com https://consentcdn.cookiebot.com https://imgsct.cookiebot.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pixel.advertising.com https://pixel.rubiconproject.com https://www.linkedin.com https://*.linkedin.com https://px.ads.linkedin.com https://px4.ads.linkedin.com  https://region1.analytics.google.com https://region1.google-analytics.com https://s.adroll.com https://static.lightning.force.com https://simage2.pubmatic.com https://snap.licdn.com https://ssl.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://sync.outbrain.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com https://x.bidswitch.net https://static.hotjar.com https://*.popupsmart.com; frame-src 'self' https://consentcdn.cookiebot.com https://service.force.com https://*.boels.com https://recaptcha.net https://x.adroll.com https://td.doubleclick.net https://www.youtube.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MmEzYzY2NWM2ZGZlNDg2OTlhNWVkMGIyMmYyMzA3ZDU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.koninklijkhuis.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.koninklijkhuis.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.koninklijkhuis.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://manage.dentistryiq.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' https://*.preis.de; 1
default-src 'self'; script-src 'self' 'nonce-YjExMDU0YjEtMWFmNC00YjQ5LTg0MmItNDIwNzYyNGE0ZTlm' https://google.com https://*.google.com https://platform.twitter.com https://platform.instagram.com https://www.googleadservices.com https://*.google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://*.analytics.google.com https://*.hcaptcha.net https://hcaptcha.com https://*.hcaptcha.com https://*.stripe.network https://*.stripe.com https://*.googleapis.com 'unsafe-eval'; style-src 'self' https://googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://ade.googlesyndication.com https://google.com https://*.g.doubleclick.net https://*.fls.doubleclick.net https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://imagedelivery.net https://avatars.githubusercontent.com https://*.googleusercontent.com https://*.discordapp.com https://*.twimg.com https://*.googleapis.com https://*.googletagmanager.com https://googletagmanager.com https://*.gstatic.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat blob: data:; font-src 'self' https://fonts.gstatic.com data:; media-src 'self' https://storage.googleapis.com; object-src 'none'; script-src-elem 'self' https://google.com https://*.google.com https://hcaptcha.com https://*.hcaptcha.com https://*.stripe.com https://*.vercel-scripts.com https://googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com 'unsafe-inline'; frame-src 'self' https://www.googletagmanager.com https://*.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com https://*.stripe.com https://*.g.doubleclick.net; base-uri 'self'; connect-src 'self' https://*.sentry.io https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://hcaptcha.com https://*.hcaptcha.com https://*.googleapis.com https://*.udio.com https://*.growthbook.io https://*.supabase.co https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; form-action 'self'; frame-ancestors 'self' * https://twitter.com https://*.twitter.com; upgrade-insecure-requests; 1
object-src 'none'; form-action 'none'; frame-ancestors 'self'; report-to csp-endpoint; 1
default-src 'self' https: data:;                     style-src 'self' https: 'unsafe-inline';                     script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report 1
base-uri 'self'; frame-ancestors 'self'; object-src 'none'; worker-src 'self' blob:; child-src blob:; script-src 'self' 'strict-dynamic' 'unsafe-inline' https: 'nonce-H0NWG5MX14Hr0I81hbRNtlUNn5fDCzqLrfjx7zMick4='; img-src 'self' data: blob: *.watchfinder.co.uk *.googletagmanager.com *.ometria.com *.contentsquare.net *.ytimg.com *.adyen.com *.google.com *.gstatic.com *.postcodeanywhere.co.uk *.tvsquared.com *.doubleclick.net *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.criteo.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.demdex.net *.krxd.net *.dmxleo.com *.youtube.com *.facebook.com *.stackadapt.com *.adalyser.com *.google.co.uk *.facebook.net; connect-src https:; frame-src *.youtube.com *.google.com *.optimizely.com *.affirm.com *.livechatinc.com *.criteo.com *.doubleclick.net *.facebook.com *.trustpilot.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://play.vidyard.com https://www.devo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bugherd.com https://acsbapp.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://devo734.outgrow.us https://js.hs-scripts.com https://dyv6f9ner1ir9.cloudfront.net https://sidebar.bugherd.com https://play.vidyard.com https://www.gartner.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net https://js.hsforms.net https://view.ceros.com https://www.googleadservices.com https://cdn.mouseflow.com https://connect.facebook.net https://static.ads-twitter.com https://snap.licdn.com https://tag.demandbase.com https://ws.zoominfo.com https://j.6sc.co https://cdn.pdst.fm https://jobs.jobvite.com https://js.hubspot.com https://optimize.google.com https://www.googleoptimize.com https://yoast.com https://my.yoast.com https://dev.visualwebsiteoptimizer.com https://www.devo.com https://js.storylane.io/js/v1/storylane.js https://js.storylane.io google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://www.gartner.com https://optimize.google.com https://www.googleoptimize.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set https://www.devo.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://track.hubspot.com https://play.vidyard.com https://cdn.vidyard.com https://reviews.static.gartner.com https://forms.hsforms.com https://forms-na1.hsforms.com https://sidebar.bugherd.com https://d2iiunr5ws5ch1.cloudfront.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://analytics.twitter.com https://googleads.g.doubleclick.net https://www.facebook.com https://id.rlcdn.com https://b.6sc.co https://t.co https://segments.company-target.com https://connect.facebook.net https://cdn.acsbapp.com https://www.linkedin.com https://perf-na1.hsforms.com https://optimize.google.com https://ps.w.org https://ad.doubleclick.net https://via.placeholder.com https://cta-service-cms2.hubspot.com https://dev.visualwebsiteoptimizer.com https://www.devo.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://js.hs-banner.com https://cdn.acsbapp.com https://forms.hubspot.com https://sessions.bugsnag.com https://notify.bugsnag.com https://api.hubapi.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://n2.mouseflow.com https://cdn.linkedin.oribi.io https://ipv6.6sc.co https://api.company-target.com https://tag-logger.demandbase.com https://us-central1-adaptive-growth.cloudfunctions.net https://secure.adnxs.com https://ws.zoominfo.com https://c.6sc.co https://segments.company-target.com https://cta-service-cms2.hubspot.com https://pagead2.googlesyndication.com https://my.yoast.com https://acsbapp.com https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com https://www.devo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://www.gartner.com https://www.devo.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' https://www.devo.com; frame-src 'self' https://devo734.outgrow.us https://sidebar.bugherd.com https://play.vidyard.com https://www.gartner.com https://view.ceros.com data: blob: https://cdn.vidyard.com https://playlist.megaphone.fm https://forms.hsforms.com https://11605080.fls.doubleclick.net https://s.company-target.com https://www.facebook.com https://jobs.jobvite.com https://cta-service-cms2.hubspot.com https://3911167.hs-sites.com https://optimize.google.com https://td.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com/ https://www.devo.com https://app.storylane.io/ www.googletagmanager.com; child-src 'self' blob: www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
Strict-Transport-Security: max-age=31536000; includeSubDomains; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://mindrocketsapis.com https://www.youtube.com https://youtube.com https://graph.instagram.com https://www.google.com https://platform.twitter.com https://syndication.twitter.com; img-src 'self' https://*.takamulstg.com data: blob: https://cdn.mindrocketsapis.com https://purecatamphetamine.github.io https://maps.googleapis.com https://maps.gstatic.com https://syndication.twitter.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' data: https://use.typekit.net https://fonts.gstatic.com https://cdn.mindrocketsapis.com; script-src 'self' blob: https://code.jquery.com https://translate.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://cdn.mindrocketsapis.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com; upgrade-insecure-requests; block-all-mixed-content;connect-src 'self' https://mindrocketsapis.com https://mindrockets.co https://maps.googleapis.com https://graph.instagram.com; 1
font-src 'self' fonts.gstatic.com; default-src 'self'; style-src 'self' fonts.googleapis.com 'unsafe-inline'; worker-src 'self' blob:; frame-src 'self' www.google.com 'unsafe-inline'; script-src 'self' www.google.com www.googletagmanager.com www.gstatic.com cdn.redoc.ly 'unsafe-inline'; img-src 'self' cdn.redoc.ly data:; connect-src *.google-analytics.com 'self' 1
frame-ancestors 'self'  https://*.entrata.com https://*.brokersumo.com https://sidelineswap.com  https://evedonline.eved.com https://web.eved.com https://www.tax1099.com https://dashboard.popshop.live https://www.w3schools.com https://auvoriaprime.com https://brokersumo.com https://beta.brokersumo.com 1
default-src https: 'unsafe-inline' wss: data: 'unsafe-eval' 1
default-src 'self' *.itisnot.art *.myconnxion.com *.connxusdemo.com *.paypalobjects.com *.google.com *.gstatic.com *.paypal.com cdnjs.cloudflare.com *.twitter.com *.syndication.twimg.com *.pubnub.com *.typekit.net *.googleapis.com *.amazonaws.com *.walkme.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com; style-src 'unsafe-inline' 'self' *.itisnot.art *.myconnxion.com *.connxusdemo.com *.amazonaws.com *.typekit.net *.googleapis.com *.gstatic.com; font-src 'self' data: *.typekit.net *.gstatic.com; worker-src 'self' blob:; img-src 'self' *.ggpht.com *.itisnot.art *.myconnxion.com *.connxusdemo.com *.paypalobjects.com *.google.com *.gstatic.com *.paypal.com cdnjs.cloudflare.com *.twitter.com *.syndication.twimg.com *.pubnub.com *.typekit.net *.googleapis.com *.amazonaws.com *.walkme.com *.cloudfront.net *.google-analytics.com data:; 1
default-src 'self' https://damenavas.cz https://www.google-analytics.com https://office.com https://player.livebox.cz https://gis.brno.cz https://www.mapy.cz https://frame.mapy.cz https://maps.google.com https://forms.google.com https://www.youtube.com *.issuu.com https://*.tagembed.com; connect-src 'self' https://gis.brno.cz/ https://js.arcgis.com https://utility.arcgisonline.com https://cz-services.tmapserver.cz https://www.google-analytics.com *.google-analytics.com *.googletagmanager.com *.google.com https://emmb-matomo.brno.cz https://static.arcgis.com https://*.tagembed.com *.wasabisys.com; img-src 'self' data: https://www.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://gis.brno.cz/ https://cz-services.tmapserver.cz https://js.arcgis.com https://apl.brno.cz https://webcam.brno.cz https://www.brno.cz https://*.tagembed.com https://*.xx.fbcdn.net https://ui-avatars.com; frame-src 'self' formapps: https://objednani.brno.cz https://www.google.com https://www.youtube.com *.mapy.cz *.issuu.com  https://gis.brno.cz https://*.tagembed.com https://player.vimeo.com/ https://apl.brno.cz https://webcam.brno.cz https://platform.twitter.com data: https://playermmbarchiv.livebox.cz/ https://player.livebox.cz https://infogram.com; child-src 'self' ; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://fonts.gstatic.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://portal.gov.cz https://*.tagembed.com https://js.arcgis.com *.google-analytics.com *.googletagmanager.com *.google.com https://emmb-matomo.brno.cz https://platform.twitter.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.gstatic.com https://fonts.googleapis.com https://js.arcgis.com https://*.tagembed.com; font-src 'self' https://fonts.gstatic.com https://js.arcgis.com https://*.tagembed.com data:; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; frame-ancestors *; img-src * data:; media-src *; object-src *; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
connect-src 'self' blob: data: gap: https://*.allocatesoftware.com https://*.allocatesoftware.co.uk https://*.allocatesoftware.com.au https://*.allocatesoftware.se https://*.allocatesoftware.de https://*.rldatix.de https://*.rldatix.com https://*.rldatixlifesciences.com https://*.osano.com https://*.mktoresp.com https://*.wpo365.com/ https://*.cloudfront.net https://*.marketo.net https://*.linkedin.com https://*.linkedin.oribi.io https://*.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.hirebridge.com https://yoast.com/ https://*.hopin.com https://*.jaaq.org https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://www.semrush.com/ https://*.amplitude.com https://*.typeform.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.hubapi.com/; font-src 'self' data: https://static2.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.bunny.net https://s0.wp.com; 1
frame-ancestors 'self' https://web.telegram.org 1
frame-ancestors 'self' *.myshopify.com admin.shopify.com *.getmesa.com *.theshoppad.com 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors *.scaledrone.com 1
default-src 'none'; script-src 'self'; child-src 'self'; frame-src https://*.youtube.com  https://*.vimeo.com; font-src 'self'; img-src http: data: *; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'none'; connect-src 'self' https://tuta.com https://api.github.com https://www.reddit.com https://mail.tutanota.com wss://mail.tutanota.com https://app.tuta.com wss://app.tuta.com; 1
img-src 'self' *.commercecloud.salesforce.com data: *.doubleclick.net *.google.se *.google.com *.collect.igodigital.com ct.pinterest.com ib.adnxs.com images.ctfassets.net *.images.ctfassets.net p.yotpo.com zoundindustries--int.sandbox.my.site.com zoundindustries.my.salesforce.com support.adidasheadphones.com yotpo-editor-production.s3.amazonaws.com marshallheadphones-development.improove.tv *.gstatic.com *.analytics.google.com *.google-analytics.com www.google.com maps.googleapis.com maps.google.com cookie-cdn.cookiepro.com *.staging-marshall.com *.marshall.com i.ytimg.com i.vimeocdn.com *.facebook.com *.hotjar.com;media-src assets.ctfassets.net *.assets.ctfassets.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' 'self' blob: storage.googleapis.com www.googletagmanager.com action.dstillery.com s.pinimg.com connect.facebook.net acdn.adnxs.com static.hotjar.com 100016846.collect.igodigital.com js.adsrvr.org analytics.tiktok.com www.google-analytics.com cookie-cdn.cookiepro.com action.media6degrees.com *.pingdom.net api.cquotient.com staticw2.yotpo.com widgetsrepository.yotpo.com cdn-widgetsrepository.yotpo.com maps.googleapis.com player.vimeo.com *.youtube.com/ *.my.salesforce.com service.force.com *.salesforceliveagent.com *.my.site.com static.lightning.force.com www.google.com www.gstatic.com support.adidasheadphones.com zoundindustries--int.sandbox.my.site.com www.mczbf.com connect.facebook.net *.hotjar.com;style-src 'self' 'unsafe-inline' https: staticw2.yotpo.com *.hotjar.com;connect-src 'self' api.cquotient.com *.doubleclick.net *.analytics.google.com *.google-analytics.com www.google-analytics.com analytics.tiktok.com ct.pinterest.com *.pingdom.net preview.contentful.com cdn.contentful.com staticw2.yotpo.com api.yotpo.com maps.googleapis.com cookie-cdn.cookiepro.com privacyportal.cookiepro.com geolocation.onetrust.com webto.salesforce.com test.salesforce.com *.my.site.com support.adidasheadphones.com vimeo.com/ *.googlesyndication.com www.google.com server-side-tagging-iglp74couq-uc.a.run.app/ zoundindustries--int.sandbox.my.site.com *.hotjar.com *.hotjar.io connect.facebook.net *.facebook.com wss://*.hotjar.com;frame-src 'self' *.doubleclick.net insight.adsrvr.org ct.pinterest.com/ player.vimeo.com/ *.youtube.com/ *.spotify.com/ *.my.salesforce.com www.google.com *.facebook.com zoundindustries--int.sandbox.my.site.com;frame-ancestors *.contentful.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';script-src-attr 'none' 1
default-src * 'self' 'unsafe-inline' blob: ; img-src * 'self' data: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' ; font-src * data: ; connect-src * ; worker-src blob: ; 1
frame-ancestors 'self' localhost:* supermetrics.sanity.studio 1
child-src 'self' blob:; connect-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.perimeterx.net *.purpleportal.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.quantummetric.com *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com a02f69a90dstg.blob.core.windows.net ads01.groovinads.com api.bazaarvoice.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c.sspinc.io c0b535ed7astg.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com cdn.quantummetric.com content.etilize.com content.jwplatform.com directline.botframework.com dw.wmt.co fitpredictor-api.sspinc.io gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ingest.quantummetric.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com secure.adnxs.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tps.doubleverify.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart-app.quantummetric.com walmart-sync.quantummetric.com walmart.sspinc.io wss://api.talkshop.live wss://directline.botframework.com wss://us.server.buywith.com wss://wm-converse-wss.dev.walmart.com wss://www-perf.walmart.com wss://www-stage.walmart.com wss://www-teflon.walmart.com wss://www.walmart.com www.facebook.com www.google.com www.gstatic.com zeekit.walmart.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.quantummetric.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; font-src 'self' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.etilize.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com fonts.gstatic.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com www.ezdia.com; frame-ancestors 'self' *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; frame-src 'self' *.1worldsync.com *.accenture.com *.affirm.com *.alldata.cashedge.com *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.countr.one *.digital-cloud.medallia.com *.eko.com *.fiservapps.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.one.app *.onefinance.com *.online-metrix.net *.quantummetric.com *.richcontext.com *.salsify.com *.shopstylecollective.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.vantivcnp.com *.vimeo.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com adclick.g.doubleclick.net app.collectivevoice.com app.collectivevoiceqa.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com content.etilize.com content.jwplatform.com https://www-qa.walmart.com.mx ln-rules.rewardstyle.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwmpdscanoprod.z19.web.core.windows.net one.app.link photorankstatics-a.akamaihd.net pinpad.paysecure.acculynk.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com tpc.googlesyndication.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.google.com www.recaptcha.net; img-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.doubleverify.com *.flix360.com *.flix360.io *.geekseller.com *.imrworldwide.com *.kampyle.co *.kampyle.com *.ksckreate.net *.online-metrix.net *.paypal.com *.px-cdn.net *.px-cloud.net *.rackcdn.com *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com 3d-qc.walmartimages.com 3d.walmartimages.com a.sellpoint.net a02f69a90dstg.blob.core.windows.net ad.doubleclick.net ads01.groovinads.com akamai.ksckreate.net aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c0b535ed7astg.blob.core.windows.net ccsprodus1.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com content.etilize.com content.jwplatform.com content.syndigo.com crtormassetmguseprod.blob.core.windows.net cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net data: dw.wmt.co gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ir.surveywall-api.survata.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net pixel.adsafeprotected.com player.cloudinary.com rackcdn.com res.cloudinary.com s0.2mdn.net salsify-ecdn.com secure.adnxs.com securepubads.g.doubleclick.net smedia.webcollage.net ssl.p.jwpcdn.com static.adsafeprotected.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tpc.googlesyndication.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart.ugc.bazaarvoice.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.gstatic.com; media-src *.1worldsync.com *.accenture.com *.akamaized.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.vimeo.com *.vimeocdn.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com a.sellpoint.net advertising.staging.walmart.com akamai.ksckreate.net assets-jpcust.jwpsrv.com assets.optiwise.ai blob: ca-media.contentanalyticsinc.com cc.cnetcontent.com cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn-azure.kwikee.com cdn.cnetcontent.com cdn.cs.1worldsync.com cdn.jwplayer.com content.etilize.com content.jwplatform.com content.syndigo.com cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx images.salsify.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com vimeo.com ws.cnetcontent.com www.ezdia.com; object-src *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; script-src 'self' 'strict-dynamic' 'wasm-unsafe-eval' *.1worldsync.com *.accenture.com *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.px-cloud.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com cdn.quantummetric.com connect.facebook.net content.etilize.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx ls.chatid.com maps.googleapis.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.recaptcha.net 'nonce-MY4JQWyeFiI7Xsn2'; style-src 'self' 'unsafe-inline' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.kampyle.com *.ksckreate.net *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.etilize.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com salsify-ecdn.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com walmart.sspinc.io ws.cnetcontent.com www.ezdia.com; worker-src 'self' blob:; report-uri https://csp.walmart.com/c/r/gl 1
report-to webscaleCspEndpoint; report-uri https://xdymhcopnh.execute-api.us-east-1.amazonaws.com/default/cspReportingMonitor; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: lcx-embed.bambuser.com dp64mxip2za0c.cloudfront.net widget-mediator.zopim.com d3saea0ftg7bjt.cloudfront.net static.zdassets.com *.cloudmaestro.com cdn.usehero.com www.elemis.com js-agent.newrelic.com www.googletagmanager.com www.google.com bam.nr-data.net bat.bing.com container.pepperjam.com tag.rmp.rakuten.com connect.facebook.net td.yieldify.com *.listrakbi.com cdn.attn.tv rec.smartlook.com www.google-analytics.com *.criteo.net *.us.criteo.com *.eu.criteo.com ut.ra.linksynergy.com custom.yieldify.com *.googleapis.com rec.smartlook.com *.thcdn.com rum-static.pingdom.net googleads.g.doubleclick.net bat.bing.com www.recaptcha.net www.gstatic.com www.googleadservices.com www.dwin1.com userexperience.thehut.net accdn.lpsnmedia.net pay.google.com lptag.liveperson.net na-library.playground.klarnaservices.com *.bazaarvoice.com *.signifyd.com *.akamaihd.net *.criteo.com  *.socialannex.com *.iubenda.com  cdn.iubenda.com intljs.rmtag.com  maxcdn.bootstrapcdn.com tpc.googlesyndication.com widget-mediator.zopim.com *.rewardstyle.com *.braintreegateway.com us.elemis.com uk.elemis.com eu.elemis.com *.klarnaservices.com *.klarnacdn.net *.cardinalcommerce.com js.braintreegateway.com na-library.klarnaservices.com b-code.liadm.com *.iesnare.com *.vimeo.com vimeo.com *.shopstylecollective.com s.pinimg.com ct.pinterest.com *.googleoptimize.com cdn.systema.ai ut.rd.linksynergy.com analytics.tiktok.com i.loopme.me api.addressy.com www.paypalobjects.com sc-static.net *.ascendpartner.com c1.socialannex.com *.paypal.com *.btttag.com acdn.adnxs.com *.clarity.ms *.google.com *.btttag.com *.google-analytics.com *.adnxs.com sc-static.net sslwidget.criteo.com *.duel.me *.pinterest.com *.ordergroove.com *.duel.me *.xtento.com *.livescale.tv *.smartlook.com *.snapchat.com *.permutive.com *.makeupar.com *.contentsquare.net app.contentsquare.com *.onetrust.com *.abtasty.com *.klarna.com dx.mountain.com px.mountain.com gs.mountain.com static.myshlf.us api.shopmy.us static.shopmy.us cdn.debugbear.com 1
report-to slardar-endpoint; img-src 'self' *.bdxiguaimg.com *.bdxiguastatic.com *.toutiaoimg.com *.bytednsdoc.com *.bytexservice.com *.douyinpic.com data: *.byteacctimg.com *.toutiaostatic.com *.baidu.com *.aliyuncs.com *.gstatic.com *.itoutiaoimg.com http:; connect-src *.zijieapi.com 'self' *.365yg.com *.snssdk.com *.google-analytics.com *.doubleclick.net; style-src 'self' *.bdxiguastatic.com 'unsafe-inline' blob:; script-src 'self' *.snssdk.com 'nonce-b2bfe867e38b6a3be4ca356d41d98895-argus' 'strict-dynamic' 'wasm-unsafe-eval' 'unsafe-eval';  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com https://cdn.insight.sitefinity.com https://code.jquery.com/jquery-3.4.1.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js *.youtube.com/ https://youtube.com https://player.vimeo.com/api/player.js https://vjs.zencdn.net/7.11.4/video.min.js connect.facebook.net https://connect.facebook.net/en_US/fbevents.js platform.twitter.com https://syndication.twitter.com/ https://analytics.twitter.com/i/adsct platform.linkedin.com https://www.linkedin.com/ https://s.ytimg.com https://publish.twitter.com https://twitter.com/ https://static.ads-twitter.com/uwt.js ajax.aspnetcdn.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://sopra-steria.career-inspiration.com/js/fbapppromobox.js https://snap.licdn.com/ https://sjs.bizographics.com/insight.min.js https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-U-rxjfyRkAJ0Y.js https://static.pathmotion.io/initjs/init.min.js https://rules.quantcount.com/rules-p-5eXwvumSeTF0n.js *.lfeeder.com *.leadfeeder.com https://pi.pardot.com/pd.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://pi.pardot.com/ https://go.soprasteria.de/ https://walls.io/js/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://chatbot-widget.jobijoba.io https://ytimg.com https://siteimproveanalytics.com/js/siteanalyze_6035851.js https://npmcdn.com/imagesloaded@4.1/imagesloaded.pkgd.js https://tags.inzynk.io/cl383xbw/iztag.js https://analytics.inzynk.io/v/cl383xbw https://player.gobistories.com/index.js https://www.buzzsprout.com https://tag.aticdn.net/piano-analytics.js https://*.xiti.com https://*.ati-host.net https://*.aticdn.net https://unpkg.com https://tagmanager.google.com *.googletagmanager.com cdn1.readspeaker.com *.goldenbees.fr/ https://cdn.goldenbees.mgr.consensu.org/ https://cdnjs.cloudflare.com/ajax/libs/videojs-youtube/2.5.0/Youtube.min.js https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.16.6/xlsx.full.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.9.3/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/js/bootstrap-multiselect.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.1/iframeResizer.min.js https://www2.soprasteria.no https://analytics.inzynk.io */widget/v1/sr-job-alerts.js https://widget.gobistories.com/ https://js.datadome.co/tags.js js.datadome.co https://karriere.soprasteria.de https://karriere.css.soprasteria.de https://karriere.css.soprasteria.de/post_message_receiver.js https://cdn.mouseflow.com https://survey.survicate.com https://surveys-static.survicate.com *.usercentrics.eu; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://pixel.quantserve.com/pixel https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-multiselect/0.9.15/css/bootstrap-multiselect.css https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css cdn1.readspeaker.com https://chatbot-widget.jobijoba.io https://fonts.googleapis.com https://vjs.zencdn.net/7.11.4/video-js.css https://www.googletagmanager.com/debug/badge.css https://surveys-static.survicate.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://surveys-static.survicate.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://dc.ads.linkedin.com/collect/ https://px.ads.linkedin.com/ https://t.co/i/adsct https://counter.adcourier.com https://stats.g.doubleclick.net/r/collect https://pixel.quantserve.com/ data: blob: *.cdninstagram.com *.lfeeder.com *.leadfeeder.com *.google.fr/ads/ *.google.com/ads/ https://cdn.recman.no/ https://i.ytimg.com/ https://cdn.jobijoba.com https://hellojaiblog.files.wordpress.com https://media.giphy.com https://s3.eu-central-1.amazonaws.com https://ytimg.com https://6035851.global.siteimproveanalytics.io/ https://conv.indeed.com/pagead/conv/5314231913872130/ https://img.youtube.com/ https://media-proxy.gobistories.co/ https://res.cloudinary.com https://ad.doubleclick.net https://analytics.twitter.com https://www.googletagmanager.com https://surveys-static.survicate.com https://assets.survicate.com *.usercentrics.eu; media-src 'self' data: blob: https://lesjoiesducode.fr/ https://firebasestorage.googleapis.com https://s3.eu-central-1.amazonaws.com https://youtube.com https://googlevideo.com https://cdn.jobijoba.com https://www.youtube.com/ https://res.cloudinary.com; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com/ https://youtu.be/ https://player.vimeo.com/ https://karriere.soprasteria.de/ https://candidate.hr-manager.net/ https://my.walls.io/ https://www.google.com/ https://sopra.symex.be/ https://charts.symex.be/ https://maps.google.com/ https://sopra-steria.career-inspiration.com/ https://youtube.com https://chatbot-webview.jobijoba.io https://app-eu.readspeaker.com/ https://app.livestorm.co/ https://masterbot-chat-ssg-career-website-masterbot.apps.cloud.sodigital.io/ https://www.buzzsprout.com https://forms.office.com/ https://app.powerbi.com/ https://subscriptions.smartrecruiters.com/ https://go.soprasteria.com/ https://smrtr.io/ https://join.smartrecruiters.com/ *.doubleclick.net https://it-economics.jobs.personio.de/ https://karriere.css.soprasteria.de https://soprasteria.jobs.personio.de/; child-src 'self' blob: *.twitter.com https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com *.facebook.com badge.stumbleupon.com https://charts.symex.be/ https://sopra.symex.be/ https://sopra-steria.career-inspiration.com/ *.google.com/ https://candidate.hr-manager.net/ https://karriere.soprasteria.de/ https://app-eu.readspeaker.com/; connect-src 'self' accounts.google.com *.sitefinity.com *.mktoresp.com https://maps.googleapis.com/ https://vimeo.com/ *.readspeaker.com https://media-eu.readspeaker.com/ https://cdn1.readspeaker.com/ https://www.digitale-exzellenz.de https://www.instagram.com *.lfeeder.com *.leadfeeder.com https://vttts-eu.readspeaker.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://chatbot-widget.jobijoba.io wss://chatbot-api.jobijoba.io https://chatbot-api.jobijoba.io https://www.linkedin.com/ *.linkedin.com https://api.gobistories.co/ https://api.gobistories.com/ https://res.cloudinary.com https://*.xiti.com https://*.pa-cd.com https://*.ati-host.net https://*.aticdn.net https://cdn.linkedin.oribi.io https://analytics.inzynk.io https://o2.mouseflow.com https://eu-api.friendlycaptcha.eu https://respondent.survicate.com *.usercentrics.eu; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://cse.google.com cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com www.google.com https://clients1.google.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://azcc.granicus.com https://edocket.azcc.gov https://efiling.azcc.gov https://outlook.office365.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com https://edocket.azcc.gov https://efiling.azcc.gov https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' web-chat.nativechat.com 1
frame-ancestors 'self' https://citiapac.tt.omtrdc.net https://citiapac.demdex.net https://assets.adobedtm.com https://cm.everesttech.net https://mboxedge31.tt.omtrdc.net https://mboxedge32.tt.omtrdc.net https://mboxedge33.tt.omtrdc.net https://mboxedge34.tt.omtrdc.net https://mboxedge35.tt.omtrdc.net https://mboxedge36.tt.omtrdc.net https://mboxedge37.tt.omtrdc.net https://mboxedge38.tt.omtrdc.net https://mboxedge39.tt.omtrdc.net 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-ancestors 'self' *.ecashsoftware.com *.vergentlms.com; img-src * data: 'unsafe-inline' ; frame-src *; connect-src *; 1
default-src 'none'; connect-src 'self'; font-src 'self'; img-src data: 'self'; manifest-src 'self'; media-src 'self' *; object-src 'self'; script-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self' https://search.hostsharing.net/search https://lists.hostsharing.net/mailman/subscribe/news; frame-ancestors 'none' 1
default-src 'self' data: blob: https: boschtools.com *.boschtools.com  *.mycliplister.com *.hotjar.com *.linkedin.com a19948120449.cdn.optimizely.com 10097804.fls.doubleclick.net adservice.google.com adservice.google.de ad.doubleclick.net errors.client.optimizely.com logx.optimizely.com px.ads.linkedin.com visitor-service-eu-central-1.tealiumiq.com; font-src 'self' data: gallery.sprinklr.com ka-p.fontawesome.com ; object-src data: 'self'; img-src https: data: blob: scontent-iad3-2.cdninstagram.com scontent.cdninstagram.com thumb.sprinklr.com collect.tealiumiq.com gwmtracking.com pbs.twimg.com; style-src 'self' 'unsafe-inline' https: 10097804.fls.doubleclick.net gallery.sprinklr.com; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com gallery.sprinklr.com bosch-tools-resultpage.com cvg-bosch.widget.custhelp.com s.webtrends.com tags.tiqcdn.com cdn.optimizely.com cdn.pricespider.com platform.twitter.com snap.licdn.com; connect-src 'self' https: data: blob: *.hotjar.com wss://*.hotjar.com wss://*.botframework.com wss://botframework.com 1
script-src 'strict-dynamic' 'nonce-478bc50a2b' 'unsafe-inline' http: https: globallogic.com *.globallogic.com *.mktoresp.com *.ex.co *.cookiebot.com *.cookielaw.org;img-src https: data: *.mktoresp.com *.google-analytics.com *.googletagmanager.com; connect-src *.onetrust.com *.cookielaw.org *.mktoresp.com *.google-analytics.com *.googlesyndication.com *.ex.co *.globallogic.com, *.google-analytics.com *.analytics.google.com *.googletagmanager.com; object-src 'none'; base-uri 'none' 1
default-src 'self' *.youtube.com *.mapy.cz; font-src 'self' fonts.gstatic.com data:; img-src 'self' data: *.ytimg.com *.bzcompany.cz webarchiv.cz toplist.cz; script-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net *.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.bzcompany.cz cdn.jsdelivr.net *.googleapis.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.jsdelivr.net; connect-src 'self' *.google-analytics.com *.doubleclick.net; frame-src 'self' *.genial.ly *.mapy.cz *.youtube.com 1
default-src 'self' *.tealiumiq.com;  script-src 'self' 'nonce-MDhjZTdlMzMtZGZmNi00MDJhLWI4MTktZWEwZDkwN2E5OTMx' 'unsafe-inline'  'unsafe-eval' https://tags.tiqcdn.com *.cloudfront.net *.youtube.com https://static.cloudflareinsights.com  https://connect.facebook.net https://frefi.sv.rkdms.com  *.freedomdebtrelief.com  *.tealiumiq.com  https://tags.freedomdebtrelief.com https://www.googletagmanager.com *.cloudflare.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://track.securedvisit.com https://sv.freedomdebtrelief.com *.ctfassets.net *.bbb.org *.youtube.com *.ytimg.com; font-src 'self'; frame-src 'self' m.lndg.page *.votervoice.net e.infogram.com *.instagram.com  *.youtube.com *.gstatic.com https://www.google.com; media-src 'self' *.youtube.com;object-src 'self' blob: data:;worker-src 'self' blob:; frame-ancestors 'self';connect-src 'self' https://session-replay.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://www.google-analytics.com https://analytics.google.com https://collect.tealiumiq.com noembed.com *.ffngcp.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://api.kitbuilder.co.uk https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://storyboard.storystream.ai https://content.storystream.ai; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://m.speedo.com https://checkout.speedo.com https://www.speedo.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://geolocation.onetrust.com https://apps.storystream.ai https://analytics.tiktok.com https://sf16-muse-va.ibytedtos.com https://ucarecdn.com https://cdn.parcellab.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors  *.cal-online.co.il *.Dolcehost.co.il *.cal-store.co.il *.diners-store.co.il https://powercard.co.il http://powercard.co.il *.shufersal.co.il https://buyme.co.il 1
frame-ancestors 'self' *.oakgov.com *.okta.com *.g2gcloud.com; 1
object-src 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' https:; style-src 'self' 'unsafe-inline' vytag.humany.net entur.humany.net wds.ace.teliacompany.com tagmanager.google.com fonts.googleapis.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' dd.cloud.vy.no js.api.here.com ct.captcha-delivery.com az416426.vo.msecnd.net wds.ace.teliacompany.com connect.facebook.net *.googletagmanager.com tagmanager.google.com www.googleadservices.com *.hotjar.com bat.bing.com cdn.moengage.com *.openstreetmap.org; connect-src blob: 'self' *.cloud.vy.no *.cloud.vy.se *.adyen.com *.hereapi.com js.api.here.com *.ace.teliacompany.net dc.services.visualstudio.com/v2/track stats.g.doubleclick.net www.facebook.com/tr/ vytag.humany.net entur.humany.net *.hotjar.com *.hotjar.io bat.bing.com www.google.com google.com adservice.google.com api.bring.com cloudflare-dns.com sdk-02.moengage.com wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com eyx1eny7.apicdn.sanity.io; img-src data: images.vy.no ts.tradetracker.net *.openstreetmap.org js.api.here.com 'self' *.adyen.com cdn.sanity.io view-components.cloud.nsb.no moe-email-campaigns.s3.amazonaws.com image.moengage.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.googletagmanager.com *.google-analytics.com www.google.no googleads.g.doubleclick.net www.google.com bat.bing.com www.facebook.com/tr/ ad.doubleclick.net; font-src 'self' *.vy.no js.api.here.com vytag.humany.net entur.humany.net ace-knowledge-cdn.teliacompany.net fonts.gstatic.com *.hotjar.com; frame-src 'self' *.id.vy.no id.vy.no *.adyen.com geo.captcha-delivery.com wds.ace.teliacompany.com *.hotjar.com *.doubleclick.net www.facebook.com cdn.moengage.com; frame-ancestors 'self' registration.vulog.center; report-uri /web-services/web-logger 1
default-src 'self' https://*.apple.com; img-src 'self' https://*.apple.com https://*.mzstatic.com data: blob:; style-src 'self' https://*.apple.com 'unsafe-inline'; script-src 'self' https://*.apple.com blob: 'sha256-MS6/3FCg4WjP9gwgaBGwLpRCY6fZBgwmhVCdrPrNf3E=' 'sha256-tQjf8gvb2ROOMapIxFvFAYBeUJ0v1HCbOcSmDNXGtDo=' 'sha256-BoFUHKsYhJ9tbsHugtNQCmnkBbZ11pcW6kZguu+T+EU=' 'sha256-A18HC3jLpyEc9B8oyxq/NBFCyFBJFSsRLt0gmT9kft8=' 'unsafe-eval'; connect-src 'self' https://*.apple.com https://*.applemusic.com https://*.mzstatic.com https://mediaservices.cdn-apple.com https://*.push.apple.com wss://*.push.apple.com; media-src 'self' https://*.apple.com https://*.applemusic.com https://*.mzstatic.com blob:; child-src 'self' https://*.apple.com musics: blob: itms: itmss:; frame-ancestors 'none'; block-all-mixed-content 1
frame-ancestors *.nyrabets.com *.nyra.com *.belmontstakes.com *.cfdv.net http://*.cfdv.net *.localhost http://*.localhost *.cloudflare.com 'self'; report-uri https://www.nyrabets.com/CSP/LogCSPViolation.ashx 1
style-src 'self' https://unpkg.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.apollohospitals.com https://code.jquery.com https://aahlahmerger.apollohospitals.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://dev.apollohospitals.com https://*.askapollo.com https://*.apollohospitals.com https://apollobangalore.blob.core.windows.net https://apollobhubaneswar.blob.core.windows.net https://fonts.gstatic.com https://backend.livhousing.com https://cwc.livserv.in 'unsafe-inline'; 1
frame-ancestors http://gobrowser.com/ http://gologin.com/ 1
default-src 'self' 'unsafe-inline' *; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' https://d2iiunr5ws5ch1.cloudfront.net https://static.cloud.coveo.com https://media.faro.com/ https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://d2iiunr5ws5ch1.cloudfront.net https://www.bugherd.com/  https://media.faro.com/ https://fonts.gstatic.com https://static.cloud.coveo.com https://staticdev.cloud.coveo.com; upgrade-insecure-requests; block-all-mixed-content;frame-ancestors 'self' https://knowledge.faro.com https://ja-knowledge.faro.com/ https://zh-knowledge.faro.com/ https://es-knowledge.faro.com/ https://de-knowledge.faro.com/ https://fr-knowledge.faro.com/ https://pt-knowledge.faro.com/ https://faro.seismic.com/ https://it-knowledge.faro.com/ https://ko-knowledge.faro.com/ 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: 'self' 'unsafe-inline' 'unsafe-eval' * data:; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' fontplus.jp *.fontplus.jp www.google-analytics.com www.googletagmanager.com *.sibulla.com www.w3.org web.facebook.com connect.facebook.net platform.twitter.com *.google.com www.facebook.com www.youtube.com stats.g.doubleclick.net https://s3-ap-northeast-1.amazonaws.com/fontplus-wa/ https://fonts.fontplus.dev/; font-src 'self' https://* blob: data:; img-src https://* blob: data:; 1
default-src 'self'; img-src 'self' data:; connect-src 'self' wss://127.0.0.1:* ws://127.0.0.1:*; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' *.adobedtm.com *.handtalk.me *.googleanalytics.com optimize.google.com *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src transunion.demdex.net *.handtalk.me *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.transunion.com blob: *.crwdcntrl.net *.hifiona.com *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' px.ads.linkedin.com analytics.google.com *.tt.omtrdc.net dpm.demdex.net *.handtalk.me wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.googletagmanager.com blob: *.google-analytics.com optimize.google.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.adobeaemcloud.com fonts.gstatic.com *.transunion.do *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; frame-src * optimize.google.com; style-src * optimize.google.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 1
default-src 'none';         base-uri 'self';     block-all-mixed-content;     connect-src 'self';     font-src 'self';     form-action 'self';     frame-ancestors 'self';     img-src 'self' https://*.static.flickr.com https://*.staticflickr.com;     media-src 'self';     script-src 'self' 'unsafe-inline';     style-src 'self' 'unsafe-inline';  1
script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' blob: data: https://*.youtube.com https://firebase.googleapis.com https://share.keepshare.info https://static-web.jjdsn.vip https://bitkeep.page https://*.bitkeep.fun https://*.bitget.cloud https://keepshare.xyz https://gasutopia.com https://bitkeep.com https://*.facebook.net https://api.nileex.io https://keepshare.info https://*.google.com https://share.bitkeep.shop https://infragrid.v.network https://*.bitkeep.com https://ta.bitkeep.buzz:8993 https://unpkg.com https://bitkeep.io https://*.bitkeep.io https://www.google-analytics.com https://fp-constantid.bitkeep.vip https://*.bitkeep.page https://*.bjxnyj.com https://bitkeep.org https://*.bitgetstatic.com https://share.bwb.live https://*.bitkeep.vip https://*.bitget.site https://*.bitgetpro.site https://api.shasta.trongrid.io https://s3.infcrypto.com https://*.bitkeep.me https://*.jjdsn.vip https://*.mytokenpocket.vip https://sun.tronex.io https://goldshare.me https://*.bitget.com https://firebaseinstallations.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://share.bwb.site https://stats.g.doubleclick.net https://rpc-wallet.broearn.com https://api.trongrid.io https://*.bknode.vip https://cdn.bootcdn.net https://search.imtt.qq.com https://api-web.wwmxd.info https://api-web.wwmxd.site https://www.recaptcha.net https://ordinals.com https://www.gstatic.cn https://www.gstatic.com https://log.noxiaohao.com; connect-src 'self' 'report-sample' blob: data: https://*.youtube.com https://firebase.googleapis.com https://share.keepshare.info https://*.bitkeep.fun https://bitkeep.page https://*.bitget.cloud https://keepshare.xyz https://gasutopia.com https://bitkeep.com https://*.facebook.net https://api.nileex.io https://keepshare.info https://*.google.com https://share.bitkeep.shop https://infragrid.v.network https://*.bitkeep.com https://ta.bitkeep.buzz:8993 https://unpkg.com https://bitkeep.io https://*.bitkeep.io https://www.google-analytics.com https://fp-constantid.bitkeep.vip https://*.bitkeep.page https://*.bjxnyj.com https://bitkeep.org https://*.bitgetstatic.com https://share.bwb.live https://*.bitkeep.vip https://*.bitget.site https://*.bitgetpro.site https://api.shasta.trongrid.io https://s3.infcrypto.com https://*.bitkeep.me https://*.jjdsn.vip https://*.mytokenpocket.vip https://sun.tronex.io https://goldshare.me https://*.bitget.com https://firebaseinstallations.googleapis.com https://www.googletagmanager.com https://*.googleapis.com https://share.bwb.site https://stats.g.doubleclick.net https://rpc-wallet.broearn.com https://api.trongrid.io https://*.bknode.vip https://cdn.bootcdn.net https://search.imtt.qq.com https://api-web.wwmxd.info https://api-web.wwmxd.site https://ordinals.com https://www.gstatic.cn https://www.gstatic.com https://log.noxiaohao.com; frame-src 'self' 'report-sample' https://www.google.com https://www.recaptcha.net https://*.bitget.com; frame-ancestors 'self' https://*.bitget.com; report-uri https://64ad2bae905b5c797e632276.endpoint.csper.io?v=15; 1
default-src 'self' 'unsafe-inline' *; 1
frame-ancestors 'self'; connect-src 'self' apipub.confirmic.com *.algolia.net bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net *.hotjar.com content.hotjar.io wss://ws.hotjar.com *.hotjar.io analytics.google.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com; frame-src 'self' www.youtube-nocookie.com www.youtube.com; img-src 'self' data: i.ytimg.com www.googletagmanager.com www.google-analytics.com google.com www.google.com www.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' config.confirmic.com consent-manager.confirmic.com www.youtube.com static.cloudflareinsights.com js-agent.newrelic.com www.googletagmanager.com www.google-analytics.com *.hotjar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self' https://czo.gov.ua/ https://localhost:8083/ https://www.gstatic.com https://fonts.googleapis.com https://www.google-analytics.com data:; frame-src 'self' https://www.google.com https://www.youtube.com https://id.gov.ua blob: data:; img-src 'self' https://www.google-analytics.com blob: data:; style-src 'self' 'unsafe-inline'; child-src blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.youtube.com http://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com 1
default-src 'self'; frame-src https:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https: blob:; media-src 'self' https://zbrsk-a.akamaihd.net https://avito-a.akamaihd.net https://cdn.uaz.ru https://562717.selcdn.ru; connect-src 'self' https: 1
default-src 'unsafe-eval' 'unsafe-inline' https: data:; media-src 'self' data: blob: files.jivosite.com code.jivo.ru *.medelement.com; img-src 'self' blob: code.jivo.ru *.medelement.com  data: f.doctor.kz *.medelement.com googleads.g.doubleclick.net *.googlesyndication.com *.google.com *.google.kz *.google.de *.google-analytics.com *.google-analytics.com *.google.ru *.yandex.ru yandex.ru *.yandex.net yandex.net *.yandex.com; connect-src 'self' *.medelement.com *.yandex.net yandex.ru ws: https:; object-src 'none'; frame-ancestors 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com https://covideo.com https://vidmails.com; 1
frame-ancestors https://toolkits.sevdesk.de/ https://atlas-v4.sevdesk.de/ http://localhost:3000/ https://chatbot-be-9a973bfe698a.herokuapp.com/ 1
frame-ancestors 'self' dieboldnixdorf.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.bing.com https://*.facebook.net https://*.hotjar.com https://*.zarget.com https://*.youtube.com https://s.ytimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinterest.com https://*.zencdn.net https://*.google.com https://*.google.be https://*.sharethis.com https://*.newrelic.com https://*.nr-data.net https://*.quantserve.com https://*.google.com.tr https://*.metabar.ru https://*.google.de https://*.google.fr https://cdn.ckeditor.com https://*.pioneer-car.eu https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://*.gstatic.com https://cdn.cookielaw.org https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.sharethis.com https://*.pioneer-car.eu https://cdn.ckeditor.com https://tagmanager.google.com; img-src * data:; media-src 'self' https://www.youtube.com; frame-src 'self' https://*.youtube.com https://vars.hotjar.com https://*.pioneer.eu https://*.doubleclick.net https://*.sharethis.com https://*.facebook.com https://*.pioneer-car.eu https://store-locator.pioneer-rus.ru https://*.google.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.com https://*.sharethis.com https://*.google-analytics.com https://*.doubleclick.net https://*.pioneer-car.eu https://acc-pioneer-products.o-a.be https://eu---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://de---acc-ifbsema-klxc2pllrqp6m.eu.platform.sh https://*.yandex.ru https://cdn.cookielaw.org; report-uri /eur/report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com https://cdnjs.cloudflare.com https://match.adsrvr.org *.vimeo.com cdn.c212.net c212.net *.youtube.com *.mathtag.com *.typekit.net; style-src 'self' 'unsafe-inline' *.venable.com *.googleapis.com https://maxcdn.bootstrapcdn.com *.typekit.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com https://maxcdn.bootstrapcdn.com *.typekit.net; img-src 'self' data: *.google-analytics.com *.siteimproveanalytics.io p.adsymptotic.com *.linkedin.com *.adsymptotic.com *.mathtag.com *.adsymptotic.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com https://connect.venable.com https://www.connect.venable.com selfapply.venable.com *.radiopublic.com *.blubrry.com embed.acast.com *.mathtag.com; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net cdn.linkedin.oribi.io *.vimeo.com stats.g.doubleclick.net *.linkedin.com https://vimeo.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' 1
child-src 'self' https://survey.jam-software.com;frame-src https://jam-software-gmbh.jobs.personio.de; base-uri 'self';font-src 'self';form-action 'self';frame-ancestors 'self' *.jam-software.de *.jam-software.com ;img-src *.jam-software.com 'self' https://www.google.com https://www.google.de https://ja.jam-software.com https://www.jam-software.de https://www.jam-software.com https://customers.jam-software.de https://manuals.jam-software.de https://manuals.jam-software.com https://survey.jam-software.com media.jam-software.com;media-src 'self' media.jam-software.com https://survey.jam-software.com;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.jam-software.de https://matomo.jam-software.com https://www.googletagmanager.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://survey.jam-software.com; 1
upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'none';default-src 'self';child-src 'self';frame-src https://www.google.com  https://*.linkedin.com *.hotjar.com;script-src *.smartology.net *.hotjar.com https://www.gstatic.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://kit.fontawesome.com https://*.sharethis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://connect.facebook.net https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com https://*.linkedin.com 'self' 'unsafe-inline' 'unsafe-eval';img-src http://www.w3.org https://www.smartology.net https://*.google-analytics.com https://secure.gravatar.com https://*.googletagmanager.com https://*.sharethis.com 'self' data:;style-src https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://buttons-config.sharethis.com 'self' 'unsafe-inline';font-src https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com 'self' data:;connect-src *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://website-api.smartology.co https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.fontawesome.com https://l.sharethis.com https://*.smartlook.com https://*.smartlook.cloud https://*.posthog.com https://app.analyzz.com 'self' ws:;object-src 'self' 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self'; connect-src 'self' ka-f.fontawesome.com www.google-analytics.com stats.g.doubleclick.net analytics.google.com consentcdn.cookiebot.com *.wistia.com *.sharethis.com; font-src 'self' fast.fonts.net fonts.googleapis.com fonts.gstatic.com *.fontawesome.com data: *.wistia.com; object-src 'none'; img-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com consentcdn.cookiebot.com ajax.googleapis.com ajax.aspnetcdn.com consent.cookiebot.com www.recaptcha.net www.googletagmanager.com *.wistia.com code.jquery.com www.google-analytics.com cdnjs.cloudflare.com siteimproveanalytics.com communications.manatt.com pi.pardot.com optanon.blob.core.windows.net www.google.com fast.fonts.net www.gstatic.com *.wistia.net *.sharethis.com kit.fontawesome.com maxcdn.bootstrapcdn.com 'report-sample'; style-src 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com fast.fonts.net optanon.blob.core.windows.net fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com; media-src 'self'; frame-ancestors 'self' www.billboard.com thefac.org embedded-preview.pardot.force.com; base-uri 'self'; frame-src 'self' www.podbean.com player.vimeo.com consentcdn.cookiebot.com www.recaptcha.net *.wistia.net *.wistia.com www.google.com 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com static.cloudflareinsights.com cdnjs.cloudflare.com *.cdn.cookielaw.org connect.facebook.net cdn.jsdelivr.net *.cdn.civiccomputing.com googletagmanager.com buttons-config.sharethis.com platform-api.sharethis.com m.youtube.com tagmanager.google.com www.google.com maps.google.com www.googletagmanager.com www.gstatic.com www.youtube.com www.google-analytics.com maps.googleapis.com data:;style-src 'self' 'unsafe-inline' cco.cloudflareaccess.com maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com www.googletagmanager.com fonts.googleapis.com;object-src 'none';child-src 'self' *.twitter.com childrenscommissioner.github.io *.soundcloud.com *.facebook.com connect.facebook.net www.google.com www.googletagmanager.com www.youtube.com;base-uri 'self';img-src 'self' s188p01webfilesupload.blob.core.windows.net s188d01webfilesupload.blob.core.windows.net s188t01webfilesupload.blob.core.windows.net assets.childrenscommissioner.gov.uk test-assets.childrenscommissioner.gov.uk dev-assets.childrenscommissioner.gov.uk www.infotex.uk www.google-analytics.com maps.gstatic.com www.facebook.com maps.googleapis.com pbs.twimg.com data: platform-cdn.sharethis.com 1
default-src 'self' *.alanet.org https://media.alanet.org *.typekit.net; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com *.youtube.com/player_api https://cdn.kiprotect.com/ https://vimeo.com/api/ https://www.vimeo.com/api/ https://www.youtube.com/s/player/ https://cdn.jsdelivr.net/npm/algoliasearch@4.5.1/ https://player.vimeo.com/api/player.js https://www.googletagmanager.com https://www.legalmanagement.org https://www.buzzsprout.com/ https://customer.cludo.com/scripts/ https://api.cludo.com/scripts/ *.typekit.net https://test.hawksearch.net https://ala.hawksearch.com https://manage.hawksearch.com https://code.jquery.com/jquery-3.3.1.slim.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js *.alanet.org https://media.alanet.org https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cdn.feathr.co *.addthis.com *.addthisedge.com *.feathr.co www.googletagservices.com *.jwpcdn.com https://tracking.magnetmail.net *.msecnd.net https://cdn.onesignal.com https://onesignal.com https://snap.licdn.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://www.legalmanagement.org/ https://www.googletagmanager.com/ https://cdn.kiprotect.com/ https://alanet.azurewebsites.net https://customer.cludo.com/css/ *.alanet.org *.typekit.net https://onesignal.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.googletagmanager.com https://i.vimeocdn.com/ https://www.legalmanagement.org https://customer.cludo.com/img/ *.alanet.org http://www.alanet.org/ http://staging.alanet.org/ https://www.alanet.org/ https://staging.alanet.org/ *.typekit.net https://manage.hawksearch.com https://www.legalmanagement.org/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com doubleclick.net *.feathr.co jwpltx.com *.doubleclick.net *.adsrvr.org alanet-cdn.sitefinity.cloud https://pnmresources.s3.amazonaws.com https://onesignal.com https://img.onesignal.com/ https://snap.licdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://cdn.linkedin.oribi.io https://gw.linkedin.oribi.io https://dc.ads.linkedin.com https://sjs.bizographics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net https://customer.cludo.com/ *.jwpcdn.com *.slidesharecdn.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ https://www.buzzsprout.com/ https://www.stay22.com/; connect-src 'self' accounts.google.com *.google-analytics.com https://vimeo.com/api/ https://www.facebook.com/tr/ https://tg4zn1lt5z-dsn.algolia.net/ https://tg4zn1lt5z-1.algolianet.com https://tg4zn1lt5z-2.algolianet.com https://tg4zn1lt5z-3.algolianet.com *.tradewing.com https://www.legalmanagement.org/ https://api-us1.cludo.com/api/ *.mktoresp.com *.feathr.co *.addthis.com https://www.google-analytics.com *.alanet.org *.visualstudio.com https://onesignal.com https://stats.g.doubleclick.net/ https://blog.affinityconsulting.com/rss.xml https://www.bobaguard.com/feed/ https://www.innovativecomp.com/feed/ https://solution-series.alanet.org https://blog.affinityconsulting.com https://www.innovativecomp.com https://snap.licdn.com https://api.cludo.com https://api-us1.cludo.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://www.legalmanagement.org/ *.alanet.org *.typekit.net alanet-cdn.sitefinity.cloud; child-src 'self' https://www.youtube-nocookie.com/ https://percolate.blogtalkradio.com/ https://www.buzzsprout.com/ https://c5groupinc.com/ https://c5groupinc.com/ala/2020-Thankyou.html https://www.google.com/ https://www.surveymonkey.com/ https://www.surveymonkey.com/:1 *.addthis.com www.slideshare.net https://onesignal.com *.zoom.us https://media.alanet.org https://dev2www.alanet.org https://www.stay22.com 1
frame-ancestors http://specialtyfood-cms.ae-admin.com http://www.specialtyfood.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline'  'script-src' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; http://beta.firstmail.ru 1
default-src 'self' https://register.zammad.com https://zammad.matomo.cloud https://support.zammad.com wss://support.zammad.com; script-src 'self' 'unsafe-inline' https://register.zammad.com https://support.zammad.com https://zammad.matomo.cloud https://cdn.livestorm.co; img-src 'self' https://cdnjs.cloudflare.com https://zammad.matomo.cloud data:; style-src 'self' 'unsafe-inline' data: https://support.zammad.com https://cdn.livestorm.co https://fonts.googleapis.com; base-uri 'self';form-action 'self' https://support.zammad.com; font-src 'self' https://fonts.gstatic.com; frame-src https://app.livestorm.co 1
frame-ancestors 'self' *.poradnikzdrowie.pl *.se.pl *.grupazprmedia.pl *.grupazpr.pl 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.morningstar.com https://apps.sitecore.net https://contentdelivery.mashreqbank.com; img-src 'self' https://mashreq.com https://mashreqneobiz.com https://www.mashreqneobiz.com https://*.morningstar.com https://tr.snapchat.com https://analytics.twitter.com https://t.co https://www.google.co.in https://mashreqhq.com https://neopay.ae https://mashreqalislami.com https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.mashreqneo.com https://mashreqneo.com https://mashreqbank.com https://maps.gstatic.com https://maps.googleapis.com https://www.facebook.com http://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.ae data:; style-src 'self' 'unsafe-inline' https://www.mashreq.com https://bot.mashreqneobiz.com https://mwc-cdn.morningstar.com https://cdn-prod.eu.securiti.ai https://www.mashreqbank.com https://fonts.googleapis.com http://staging.mashreqbank.com; child-src 'self' https://bid.g.doubleclick.net https://wwww.youtube.com; font-src https://www.mashreq.com https://mashreq.com https://www.mashreqcapital.ae https://mashreqcapital.ae https://bot.mashreqneobiz.com https://www.mashreqsecurities.com https://mashreqsecurities.com https://cdnjs.cloudflare.com https://*.morningstar.com https://mashreqneobiz.com/ https://www.mashreqneobiz.com/ https://www.mashreqhq.com https://mashreqhq.com https://www.neopay.ae https://www.mashreqalislami.com https://neopay.ae https://mashreqalislami.com https://www.mashreqneo.com https://mashreqneo.com https://fonts.gstatic.com https://developer.mashreqdev.com https://www.mashreqbank.com http://staging.mashreqbank.com https://mashreqbank.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tools.euroland.com https://tools.eurolandir.com https://www.mashreq.com https://bot.mashreqneobiz.com https://cdnjs.cloudflare.com https://mwc-cdn.morningstar.com https://cdn-prod.eu.securiti.ai https://sc-static.net https://static.ads-twitter.com https://analytics.tiktok.com https://www.youtube.com https://platform.instagram.com https://www.instagram.com https://ajax.googleapis.com https://px.ads.linkedin.com https://snap.licdn.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://www.mashreqbank.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://apis.google.com http://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com http://10.4.4.39:15871 https://firebasestorage.googleapis.com http://staging.mashreqbank.com; connect-src 'self' https://contentdelivery.mashreqbank.com https://px.ads.linkedin.com https://fundsapi.mashreq.com https://cdn.linkedin.oribi.io https://*.morningstar.com https://www.us-api.morningstar.com https://app.eu.securiti.ai https://cdn-prod.eu.securiti.ai https://tr.snapchat.com https://analytics.tiktok.com https://maps.googleapis.com https://graph.facebook.com https://www.google.ae https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; frame-src 'self' https://tools.euroland.com https://tools.eurolandir.com https://bot.mashreqneobiz.com https://tr.snapchat.com https://www.facebook.com https://www.youtube.com https://www.instagram.com https://apply5.lumessetalentlink.com https://platform.twitter.com https://ir.directfn.com https://contentdelivery.mashreqbank.com https://ir.directfn.com https://bid.g.doubleclick.net https://creativecdn.com https://www.google.com 1
script-src 'self'; object-src 'none'; frame-ancestors https://youtube.com https://facebook.com https://api.mfa.go.th always; 1
frame-ancestors 'self' https://*.facebook.com https://*.google.com 1
frame-ancestors 'self' https://platform.servicewhale.com https://contractorfinder.iko.com; 1
frame-ancestors 'self' https://harga-emas.org/ https://pluang-production-uploads.s3-ap-southeast-1.amazonaws.com/ 1
default-src 'self'; script-src 'self'; 1
default-src 'self' *.cdata.com/;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.com/ *.navattic.com/ *.redditstatic.com/ *.googlesyndication.com/ *.hotjar.com/ j.6sc.co www.youtube.com/ *.plyr.io/ *.google.com/ *.google.co.jp/ *.facebook.net/ *.linkedin.com/ *.twitter.com/ *.stripe.com/ *.googleadservices.com/ *.authorize.net/ b.st-hatena.com/ cdn.jsdelivr.net/ *.calendly.com/ ajax.aspnetcdn.com/ versapay.transactiongateway.com/ code.jquery.com *.cloudflare.com/ *.bizible.com/  *.clickcease.com/ *.licdn.com/ *.doubleclick.net/ www.gstatic.com/ *.happyfoxchat.com/ www.google.com/ www.googletagmanager.com/ unpkg.com/ www.google-analytics.com/ *.bing.com/ *.cdata.com/ *.zdassets.com/ *.zoominfo.com/  *.clarity.ms/ *.clearbitscripts.com/ *.clearbitjs.com/ *.pardot.com/;     style-src 'self' 'unsafe-inline' www.googletagmanager.com/ fonts.googleapis.com/ *.plyr.io/ *.google.com/ cdn.jsdelivr.net/ *.calendly.com/ versapay.transactiongateway.com/;     font-src 'self' data: fonts.gstatic.com/;     img-src 'self' data: *.capterra.com/ *.reddit.com/ qiita-image-store.s3.amazonaws.com/ i.gyazo.com/ *.facebook.com/ *.calendly.com/ calendly.com/ *.6sc.co/ *.googleapis.com/ *.gstatic.com/ b.st-hatena.com/ *.twitter.com/ *.doubleclick.net/ *.windows.net/ *.bizibly.com/ *.bizible.com/ *.cdata.com/ *.linkedin.com/ www.google-analytics.com/ *.bing.com *.ytimg.com/ *.clarity.ms/ *.googletagmanager.com/ *.google.com/ *.google.ad/ *.google.ae/ *.google.com.af/ *.google.com.ag/ *.google.com.ai/ *.google.al/ *.google.am/ *.go/ *.google.co.ao/ *.google.com.ar/ *.google.as/ *.google.at/ *.google.com.au/ *.google.az/ *.google.ba/ *.google.com.bd/ *.google.be/ *.google.bf/ *.google.bg/ *.google.com.bh/ *.google.bi/ *.google.bj/ *.google.com.bn/ *.google.com.bo/ *.google.com.br/ *.google.bs/ *.google.bt/ *.google.co.bw/ *.google.by/ *.google.com.bz/ *.google.ca/ *.google.cd/ *.google.cf/ *.google.cg/ *.google.ch/ *.google.ci/ *.google.co.ck/ *.google.cl/ *.google.cm/ *.google.cn/ *.google.com.co/ *.google.co.cr/ *.google.com.cu/ *.google.cv/ *.google.com.cy/ *.google.cz/ *.google.de/ *.google.dj/ *.google.dk/ *.google.dm/ *.google.com.do/ *.google.dz/ *.google.com.ec/ *.google.ee/ *.google.com.eg/ *.google.es/ *.google.com.et/ *.google.fi/ *.google.com.fj/ *.google.fm/ *.google.fr/ *.google.ga/ *.google.ge/ *.google.gg/ *.google.com.gh/ *.google.com.gi/ *.google.gl/ *.google.gm/ *.google.gr/ *.google.com.gt/ *.google.gy/ *.google.com.hk/ *.google.hn/ *.google.hr/ *.google.ht/ *.google.hu/ *.google.co.id/ *.google.ie/ *.google.co.il/ *.google.im/ *.google.co.in/ *.google.iq/ *.google.is/ *.google.it/ *.google.je/ *.google.com.jm/ *.google.jo/ *.google.co.jp/ *.google.co.ke/ *.google.com.kh/ *.google.ki/ *.google.kg/ *.google.co.kr/ *.google.com.kw/ *.google.kz/ *.google.la/ *.google.com.lb/ *.google.li/ *.google.lk/ *.google.co.ls/ *.google.lt/ *.google.lu/ *.google.lv/ *.google.com.ly/ *.google.co.ma/ *.google.md/ *.google.me/ *.google.mg/ *.google.mk/ *.google.ml/ *.google.com.mm/ *.google.mn/ *.google.ms/ *.google.com.mt/ *.google.mu/ *.google.mv/ *.google.mw/ *.google.com.mx/ *.google.com.my/ *.google.co.mz/ *.google.com.na/ *.google.com.ng/ *.google.com.ni/ *.google.ne/ *.google.nl/ *.google.no/ *.google.com.np/ *.google.nr/ *.google.nu/ *.google.co.nz/ *.google.com.om/ *.google.com.pa/ *.google.com.pe/ *.google.com.pg/ *.google.com.ph/ *.google.com.pk/ *.google.pl/ *.google.pn/ *.google.com.pr/ *.google.ps/ *.google.pt/ *.google.com.py/ *.google.com.qa/ *.google.ro/ *.google.ru/ *.google.rw/ *.google.com.sa/ *.google.com.sb/ *.google.sc/ *.google.se/ *.google.com.sg/ *.google.sh/ *.google.si/ *.google.sk/ *.google.com.sl/ *.google.sn/ *.google.so/ *.google.sm/ *.google.sr/ *.google.st/ *.google.com.sv/ *.google.td/ *.google.tg/ *.google.co.th/ *.google.com.tj/ *.google.tl/ *.google.tm/ *.google.tn/ *.google.to/ *.google.com.tr/ *.google.tt/ *.google.com.tw/ *.google.co.tz/ *.google.com.ua/ *.google.co.ug/ *.google.co.uk/ *.google.com.uy/ *.google.co.uz/ *.google.com.vc/ *.google.co.ve/ *.google.vg/ *.google.co.vi/ *.google.com.vn/ *.google.vu/ *.google.ws/ *.google.rs/ *.google.co.za/ *.google.co.zm/ *.google.co.zw/ *.google.cat/;     connect-src 'self' *.facebook.com/ *.googlesyndication.com/ *.google.co.jp/ wss://ws.hotjar.com/ *.hotjar.com/ *.hotjar.io/ *.clickcease.com/ webto.salesforce.com/ secure.adnxs.com/ *.6sc.co/ ib.adnxs.com/ *.plyr.io/ https://noembed.com/ *.withgoogle.com/ *.authorize.net/ *.stripe.com/ versapay.transactiongateway.com/ *.linkedin.oribi.io/ https://happyfoxchat.com/ *.happyfoxchat.com/ www.google-analytics.com/ *.doubleclick.net/ *.google.com/ *.zdassets.com/ *.bing.com/ *.zoominfo.com/ *.clarity.ms/ *.clearbit.com/ *.ads.linkedin.com/ *.redditstatic.com/ *.reddit.com;     frame-src 'self' *.navattic.com/ *.doubleclick.net/ *.googlesyndication.com/ *.azurewebsites.net/ *.facebook.com/ https://jp.cdata.com *.slideshare.net/ speakerdeck.com/ *.zoom.us/ *.calendly.com/ calendly.com/ https://go.cdata.com www.youtube-nocookie.com/ *.google.com/ versapay.transactiongateway.com/ *.amazonaws.com/ *.facebook.net/ *.linkedin.com/ *.stripe.com/ *.twitter.com/ *.cdata.com/ *.happyfoxchat.com/ www.youtube.com www.google.com/ prod-cdata-us-api.azurewebsites.net/;      frame-ancestors 'self' cdata.com *.cdata.com *.clouddataos.com localhost:44302/ *.auth0.com/ https://cdata-connect-dev.us.auth0.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktacdn.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com;style-src 'self' 'unsafe-inline' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com;object-src 'self'; base-uri 'self'; connect-src 'self' wss: *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com; img-src 'self' 'unsafe-inline' data: *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.wpmudev.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com; manifest-src 'self'; media-src 'self' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com;frame-src 'self' *.pantheonsite.io *.pinellas.gov *.pinellascounty.org *.google.com *.ctctcdn.com *.hotjar.com *.googleapis.com *.weather.gov *.nr-data.net *.gstatic.com *.doubleclick.net *.cloudflare.com *.youtube.com *.wpmucdn.com *.fontawesome.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.googletagmanager.com *.loop11.com *.jsdelivr.net *.polyfill.io *.livehelpnow.net *.okta.com *.oktapreview.com *.fastly.net *.newrelic.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com; font-src 'self' *.gstatic.com *.doubleclick.net *.livehelpnow.net *.hotjar.com *.formsite.com *.arcgisonline.com *.arcgis.com *.granicus.com *.twitter.com *.petango.com *.jquery.com *.gravatar.com *.recollect.net *.cloudfront.net *.opengov.com *.constantcontact.com *.google-analytics.com *.google.com *.ctctcdn.com 1
frame-src 'self' https://optimize.google.com https://staging.eigendev.com https://ms1.eigendev.com https://bid.g.doubleclick.net *.lpsnmedia.net *.liveperson.net *.hotjar.com *.fls.doubleclick.net *.salecycle.com https://www.google.com https://customersso.rvs.com https://customersso-stage.rvs.com https://customer-sso-api.kong.test.site-testing.com https://gsclaimsubmissions.wufoo.com https://acquire1.comenity.net *.youtube.com *.googlesyndication.com https://console.googletagservices.com https://td.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com https://bookings.spot2nite.com https://bookings.spot2nite.dev https://www.google.com; 1
default-src blob: data: https: 'unsafe-eval' 'unsafe-inline' 'self' https://*.googletagmanager.com https://challenges.cloudflare.com/ https://*.wistia.com https://www.googleadservices.com https://*.adform.net https://connect.facebook.net https://bat.bing.com https://js.adsrvr.org https://td.doubleclick.net https://*.adsrvr.org https://lvm.de *.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://sc-static.net/ https://stage-p.public.lvm-prod.magnolia-platform.com/ ; connect-src data: 'self' *.doubleclick.net/ *.google-analytics.com/ *.analytics.google.com *.googletagmanager.com *.google.com *.google.de *.bing.com/ *.wistia.com *.wistia.net *.lvm.de embedwistia-a.akamaihd.net/ *.litix.io api.userlike.com chat.userlike.com www.userlike.com wss://chat.userlike.com/ wss://umd.userlike.com/ https://bankauswahl.giropay.de/ https://bankauswahl.girocheckout.de https://sentry.lvm.de https://cybercheck.lvm.de https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://d3dc1lgancj6l0.cloudfront.net/ https://tr.snapchat.com/ *.delivery.consentmanager.net https://track.adform.net/ userlike-cdn-operators.userlike.com userlike-cdn-widgets.userlike.com *.lvm-prod.magnolia-platform.com *.lvm.magnolia-platform.com https://maps.googleapis.com/ https://*.snapchat.com/ ; media-src *.lvm.de d3dc1lgancj6l0.cloudfront.net dq4irj27fs462.cloudfront.net blob: data: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net ; frame-ancestors 'self' *.lvm.de https://*.lvm.de/ https://viewer.rooom.com ; img-src https://*.lvm.de data: blob: https://*.consentmanager.net https://*.googletagmanager.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-operators.userlike.com https://*.wistia.com https://*.doubleclick.net https://bat.bing.com https://www.google.com https://www.facebook.com https://www.google.de https://www.google-analytics.com https://lvm.de https://track.adform.net https://insight.adsrvr.org https://play.google.com https://fonts.gstatic.com https://d1m3qravo0uxtt.cloudfront.net https://api.mapbox.com https://maps.googleapis.com/ https://maps.gstatic.com/ https://stage-p.public.lvm-prod.magnolia-platform.com/ https://*.lvm.magnolia-platform.com 1
frame-ancestors *.johnmuirhealth.com 1
https://moes.gov.in/; 1
default-src 'self'; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.usefathom.com anytype1.matomo.cloud i.ytimg.com *.githubusercontent.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.usefathom.com anytype1.matomo.cloud www.youtube.com; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' *.youtube.com; object-src 'self'; connect-src 'self' cdn.usefathom.com anytype1.matomo.cloud noembed.com contributors.any.coop; 1
frame-ancestors 'self' www.affilorama.com 1
frame-ancestors 'self' DENIED; 1
default-src 'self' https: http:; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'nonce-LTRwuJqP/I7x27tiOwYi3Q=='; frame-src 'self' https:; frame-ancestors 'self' https:; font-src 'self' https: data: https://fonts.gstatic.com https://fonts.googleapis.com/; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com/; base-uri 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1875604675787476 https://fullstory.com/ https://edge.fullstory.com/s/fs.js https://trackcmp.net/visit https://app-worker.visitor-analytics.io/main.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.lfeeder.com *.leadfeeder.com https://api-js.mixpanel.com data.gist.com *.typeform.com; media-src 'self' https: https://js.intercomcdn.com; connect-src 'self' https: https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://rs.fullstory.com/rec/page https://rs.fullstory.com/rec/bundle https://app-loadbalancer.visitor-analytics.io/standalone/worker-log https://sa-api.visitor-analytics.io http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.lfeeder.com *.leadfeeder.com *.typeform.com wss://api.userpilot.io wss://chat.convertfox.com; style-src-elem 'self' 'unsafe-inline' https: fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css; font-src 'self' data: https: fonts.gstatic.com https://js.intercomcdn.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; child-src 'self' https: https://share.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/1875604675787476 https://fullstory.com/ https://edge.fullstory.com/s/fs.js https://trackcmp.net/visit https://app-worker.visitor-analytics.io/main.js http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.lfeeder.com *.leadfeeder.com https://api-js.mixpanel.com data.gist.com *.typeform.com; default-src 'self'; img-src 'self' data: blob: https: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-9.com www.googletagmanager.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.lfeeder.com *.leadfeeder.com; form-action 'self' https://intercom.help https://api-iam.intercom.io https://data.getgist.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.0.3/cookieconsent.min.css; frame-src http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.youtube-nocookie.com/embed/ZkJTUQoWX7o *.typeform.com 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline', font-src * data:; frame-ancestors *.centracare.com 1
default-src 'self' *; script-src 'self' 'nonce-devdocs' https://www.google-analytics.com https://secure.gaug.es https://*.jquery.com; font-src 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; 1
default-src 'self' data: *.googlesyndication.com *.doubleclick.net *.google.com *.fontawesome.com botbuilder.labiba.ai *.googleadservices.com bsf.labibabot.com *.euroland.com *.eurolandir.com *.snapchat.com *.youtube.com *.sharethis.com *.gstatic.com *.google.com *.cloudflare.com *.googleapis.com *.googlecode.com *.facebook.com *.googletagmanager.com *.linkedin.com;        script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.sc-static.net sc-static.net *.snapchat.com *.tiktok.com *.ibytedtos.com *.google.com *.google.com.lb *.googlesyndication.com *.bizographics.com *.googleapis.com *.jquery.com bsf.labibabot.com *.labiba.ai *.sc-static.net *.googleadservices.com *.euroland.com *.eurolandir.com *.twitter.com *.ads-twitter.com *.cloudflare.com *.sharethis.com *.gstatic.com *.google-analytics.com *.googleapis.com *.facebook.net *.modulusglobal.com *.googletagmanager.com *.licdn.com *.doubleclick.net *.linkedin.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.tagmanager.google.com *.googleapis.com *.labiba.ai *.fontawesome.com *.googleapis.com *.cloudflare.com *.sharethis.com *.modulusglobal.com;      connect-src 'self' *.googlesyndication.com *.linkedin.oribi.io *.teads.tv *.snapchat.com *.tiktok.com *.doubleclick.net *.google.com *.facebook.com *.labibabot.com *.sharethis.com *.google.com *.vimeo.com *.google-analytics.com *.googleapis.com  *.gstatic.com *.googletagmanager.com *.linkedin.com; img-src 'self' data: *; 1
frame-ancestors 'self' https://www.paginesispa.it https://paginesispa.it; 1
frame-ancestors 'self' https://frontend-test.briggswalker.com https://frontend-au.briggswalker.com; 1
default-src 'self' *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; media-src blob: 'self' *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.qualtrics.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zuora.com tags.tiqcdn.com *.vergic.com *.brightcove.net *.brightcove.com blob: vjs.zencdn.net d2qrdklrsxowl2.cloudfront.net www.googletagmanager.com connect.facebook.net static.ads-twitter.com *.twitter.com www.googleadservices.com www.google.com googleads.g.doubleclick.net *.gstatic.com *.ceros.com *.turtl.co trustspot.io cdn.jsdelivr.net my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com www.googletagservices.com *.qualtrics.com *.service.force.com c.paypal.com *.doublethedonation.com doublethedonation.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.turtl.co trustspot.io s3.amazonaws.com my.tealiumiq.com *.my.tealiumiq.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; img-src 'self' data: images.ctfassets.net aicpa.sc.omtrdc.net media.aicpa.org *.rackcdn.com cm.everesttech.net dpm.demdex.net content.psplugin.com *.brightcove.com *.boltdns.net players.brightcove.net static.ads-twitter.com t.co www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.google.co.uk *.facebook.com trustspot.io * c.paypal.com b.stats.paypal.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; font-src 'self' data: fonts.gstatic.com d2qrdklrsxowl2.cloudfront.net *.s3.amazonaws.com *.vergic.com content.psplugin.com s3.amazonaws.com trustspot.io d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; connect-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com https://us.aicpa.org/bin/aicpaorg/uca assets.ctfassets.net downloads.ctfassets.net sentry.io app.getsentry.org app.getsentry.com dpm.demdex.net aicpa.demdex.net collect.tealiumiq.com aicpa.sc.omtrdc.net players.brightcove.net *.brightcove.com *.hapyak.com *.boltdns.net *.brightcovecdn.com *.akamaihd.net *.akafms.net *.vergic.com *.facebook.com *.google.com trustspot.io my.tealiumiq.com *.my.tealiumiq.com securepubads.g.doubleclick.net *.googlesyndication.com *.qualtrics.com sit.test-aicpa.org d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-src 'self' id.aicpa.org secureaicpa.okta.com aicpa.okta.com apisandbox.zuora-cima.dev.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.co.uk apisandbox.zuora-cima.uat.securedataplatform.com api.zuora-cima.securedataplatform.com api.zuora-cima.securedataplatform.co.uk zuora-cima.securedataplatform.com sandbox.na.zuora-cima.uat.securedataplatform.co.uk sandbox.na.zuora-cima.uat.securedataplatform.com na.zuora-cima.securedataplatform.co.uk na.zuora-cima.securedataplatform.com sandbox.na.zuora.com *.aicpa-cima.com devaicpa.oktapreview.com id.test-aicpa.org aicpa-staff.oktapreview.com stagingaicpa.okta.com stagingaicpa-staff.okta.com temp2secureaicpa.okta.com www.facebook.com m.facebook.com html5-player.libsyn.com *.brightcove.net d2qrdklrsxowl2.cloudfront.net vjs.zencdn.net *.podomatic.com podomatic.com *.youtube.com apisandbox.zuora.com aicpa.demdex.net www.zuora.com bid.g.doubleclick.net *.ceros.com *.google.com my.tealiumiq.com *.my.tealiumiq.com *.safeframe.googlesyndication.com tpc.googlesyndication.com *.qualtrics.com *.zuora.com c.paypal.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com p.adsymptotic.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com idsync.rlcdn.com ib.adnxs.com x.bidswitch.net *.apps.akerolabs.com *.akerolabs.com *.akro.io *.bugsnag.com cdn.akro.io uniquest-cima.my.salesforce.com service.force.com *.salesforceliveagent.com uniquest-cima.force.com *.salesforce.com d.la1-c1-lo3.salesforceliveagent.com *.force.com *.my.site.com doublethedonation.com *.journalofaccountancy.com *.thetaxadviser.com *.fm-magazine.com *.qgdigitalpublishing.com *.mydigitalpublication.com *.digitaledition.com *.mouseflow.com cdn.mouseflow.com o2.mouseflow.com snap.licdn.com cdn.linkedin.oribi.io dc.ads.linkedin.com gw.linkedin.oribi.io px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com *.quora.com *.tiktok.com bat.bing.com/bat.js *.bing.com *.bat.bing.com *.onetrust.com *.vergic.com www.facebook.com wss://*.vergic.com https://*.vergic.com www.zuora-cima.securedataplatform.com; frame-ancestors 'self' *.aicpa.org *.cgma.org; manifest-src 'self'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://sentry.io/api/3382497/security/?sentry_key=9aee855e0ce84a1db4b69530c6b45163@sentry.io/3382497 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src 'self' *.cepi.net; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.mapbox.com *.google.com *.gstatic.com; connect-src 'self' *.cepi.net *.google-analytics.com *.google.com *.google.co.uk *.mapbox.com *.doubleclick.net; img-src 'self' data: *.cepi.net *.vimeocdn.com *.vimeo.com *.gstatic.com fonts.googleapis.com *.google.co.uk; frame-src *.cepi.net *.youtube-nocookie.com *.youtube.com *.mapbox.com *.vimeo.com *.google.com *.doubleclick.net; worker-src 'self' blob:; frame-ancestors *.cepi.net cepi.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com www.googletagmanager.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com www5.smartadserver.com www.smartadserver.com https://id5-sync.com/ https://ced.sascdn.com/ *.sascdn.com www.congressweb.com https://embed.podcasts.apple.com video.theassociationpartner.com *.salespanel.io *.visitorqueue.io *.marinsm.com *.licdn.com *.adnxs.com *.contextweb.com *.amazonaws.com *.inspectlet.com *.googlesyndication.com *.prfct.co *.moatads.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com www5.smartadserver.com www.congressweb.com video.theassociationpartner.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data:; img-src 'self' *.aasa.org *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com www5.smartadserver.com *.sascdn.com picsum.photos *.picsum.photos *.adnxs.com *.pontiac.media *.googletagmanager.com *.smartadserver.com *.linkedin.com *.thrtle.com *.linkedin.com *.prfct.co *.twitter.com *.addthis.com *.yahoo.com *.openx.net *.rubiconproject.com *.doubleclick.net; media-src 'self' data: blob: https://www.youtube.com video.theassociationpartner.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www5.smartadserver.com https://id5-sync.com www.congressweb.com https://embed.podcasts.apple.com video.theassociationpartner.com https://snapwidget.com www.podbean.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com www5.smartadserver.com www.congressweb.com https://embed.podcasts.apple.com https://id5-sync.com analytics.google.com *.smartadserver.com *.ipify.org *.ipinfo.io *.inspectlet.com; 1
default-src .assrt.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: secure.assrt.net d.assrt.net changyan.sohu.com changyan.itc.cn www.google-analytics.com http://bdimg.share.baidu.com d31qbv1cthcecs.cloudfront.net .statcounter.com; img-src data: blob: https: .xianliao.me http://tva3.sinaimg.cn; style-src 'unsafe-inline' https:; child-src https:; frame-src www.xianliao.me d.assrt.net; connect-src 'self' changyan.sohu.com; 1
frame-ancestors 'self' *.aja.com *.authorize.net; default-src https: wss: 'unsafe-eval' 'unsafe-inline'; img-src data: https:; object-src 'self' 1
frame-src *.tealiumiq.com *.tealium.com *.highspot.com *.youtube.com *.vimeo.com *.marketo.com *.driftt.com *.hotjar.com *.facebook.com *.doubleclick.net *.saleshood.com *.zoominfo.com *.brighttalk.com *.google.com *.tealium.net *.onetrust.com; frame-ancestors *.tealiumiq.com *.tealium.com *.highspot.com *.youtube.com *.vimeo.com *.marketo.com *.driftt.com *.hotjar.com *.facebook.com *.doubleclick.net *.saleshood.com *.zoominfo.com *.brighttalk.com *.google.com *.tealium.net *.onetrust.com; 1
default-src https: data: kolps: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors *.webassessor.com https://webassessor.com https://www.webassessor.com https://pay.webassessor.com https://admin.webassessor.com https://support.webassessor.com *.onlineproctoring.com https://www.kryteriononline.com https://kryteriononline.com 1
default-src 'self' 'unsafe-inline' *.soundcloud.com cdnapisec.kaltura.com www.kaltura.com youtube.com *.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.twitter.com *.twimg.com www.google-analytics.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; img-src 'self' https://live.staticflickr.com *.twitter.com *.twimg.com www.googletagmanager.com https://www.google-analytics.com data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://bam.nr-data.net https://bam-cell.nr-data.net https://js-agent.newrelic.com https://widgets.flickr.com embedr.flickr.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.youtube.com *.twitter.com *.twimg.com www.googletagmanager.com www.google-analytics.com https://ssl.google-analytics.com static.cloudflareinsights.com ajax.cloudflare.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com; frame-ancestors 'self'; connect-src 'self' https://bam.nr-data.net https://bam-cell.nr-data.net https://embedr.flickr.com cloudflareinsights.com https://www.google-analytics.com weglot.com *.weglot.com cdn-api-weglot.com *.cdn-api-weglot.com 1
frame-src 'self' web.cvent.com *.statuspage.io/ *.youtube.com *.twitter.com www2.central1.com central1marketing.formstack.com; connect-src 'self' stats.g.doubleclick.net wss://ws.hotjar.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.google-analytics.com *.youtube.com *.twitter.com *.google.com; font-src 'self' static.formstack.com fonts.gstatic.com *.typekit.net data:; script-src 'self' 'unsafe-hashes' *.hotjar.com tagmanager.google.com pi.pardot.com www2.central1.com maps.googleapis.com maps.google.com *.smartrecruiters.com cdn.syndication.twimg.com *.twitter.com *.googletagmanager.com *.google-analytics.com central1marketing.formstack.com static.formstack.com ajax.googleapis.com 'sha256-msWXg7hSNTJrFTIqXH1IDgf/nYNKpNW5PaQUx8KTy/0=' 'sha256-9IIXk781znXguO/JO/lm0z7LipsWChOW+YDXfxL3fXA=' 'sha256-O0Kte81KfNR2Zr0NGw0tr/lT4VMU8bBXf1HZChkuChI=' 'sha256-SdbKrmkaDtKnYS9UBOsY1llqJt7RP46sqZBDqydN3nU=' 'sha256-iRjObDyIiUI9348i1I2b/CWB5nPK9MMTHR3NVkPdm88=' 'sha256-thB0KCZWHIY9EE/1jMs7kmOcC+MqEJJG3i4cbnANTPw=' 'sha256-XKDLjOozHurmrXRoH+UnRH/aMY4Ejf5Ut+8TjV+zWXU=' 'sha256-5vjepDTQzedOE9keI3hswJOKxzYyt2vWP/6WZXEHLGU=' 'sha256-Xudg8MsznAR/JEzP88WrTx9cOSuYiFtngSOutgcFB3M=' 'sha256-pn/o5BWPYTEviTUNeqJxgwsP88NriFpA6bDATaF1Q3Y=' 'sha256-2JtvFutMzefrvYyxAozrgwboKfjmBSXl/99gS8RGuXk=' 'sha256-Z13oZ5zMMn5azTJJ1Pe/r5gubt3OziHFqEqxZEY9/80=' 'sha256-BWlnq/rwtW11WN+C4H10WVOhDIqMEcSzHiCiEX+jwiw=' 'sha256-3/AesHbYer+wyYipwTqembNMK8XtsE6mpCBdGFjM/h8=' 'sha256-YUC2sUas/JIauwB9PcKKybjvfDnFf+SCmtAhIePfPPk=' 'sha256-KVsGC2LmLWR4pBkL1APTyYy/k+X7crYRF3aAc+EPElo=' 'sha256-bB1pkTaKfAL9JEPUE+pVyhEpsFatG/QerbWomwsyrjo=' 'sha256-JsHgdYAq2QBmtJR2d5VdGx2SnuRtpfR/4fqVvqhGHBE=' 'sha256-Aj4XHoTvM86YtcE0qtWW8ZWkmds93gFLHKvugAfuULU=' 'nonce-value_9987'; style-src 'self' tagmanager.google.com *.typekit.net *.twitter.com *.twimg.com static.formstack.com fonts.googleapis.com *.smartrecruiters.com 'unsafe-inline'; img-src 'self' www.googletagmanager.com www.google.com www.google.ca ssl.gstatic.com www.gstatic.com maps.google.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net data: *.google-analytics.com *.twimg.com *.twitter.com secure.gravatar.com ps.w.org; default-src 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com; connect-src 'self' *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com; style-src 'self' 'unsafe-inline'; media-src 'self' data:; font-src 'self'; manifest-src 'self'; img-src 'self' data: stats.airvpn.org *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com *.media-amazon.com; frame-src 'self' *.paypal.com *.paypalobjects.com; frame-ancestors 'self'; form-action 'self' *.amazon.com *.payments-amazon.com *.media-amazon.com *.amazon.de; base-uri 'self'; report-uri /security/report/csp/; 1
frame-ancestors https://login.ajaib.co.id/ https://invest.ajaib.co.id/ https://tradingview.ajaib.co.id/ https://ajaib.co.id/ https://www.ajaib.co.id/; 1
report-uri https://o1010732.ingest.sentry.io/api/4504235589304320/security/?sentry_key=adf9868d53ff42b380563256a7a135a7;base-uri 'self';child-src 'self' blob:;connect-src 'self' https://www.lottohelden.de https://www.lottohelden.de https://www.lottohelden.de https://stats.g.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com https://sentry.io https://*.ingest.sentry.io https://*.graphcms.com https://cdna.lottohelden.de https://*.pragmaticplaylive.net https://*.gambling-hub.com https://*.online-metrix.net https://*.seondfresolver.com https://*.seondnsresolve.com https://*.facebook.com https://*.facebook.net https://*.biahosted.com https://*.sportradar.com wss://*.sportradar.com https://*.statscore.com https://devtools.apollodata.com https://csp.withgoogle.com https://*.googleapis.com;font-src 'self' data: https://s3-eu-west-1.amazonaws.com https://*.biahosted.com https://*.statscore.com;form-action 'self' https://www.facebook.com;frame-ancestors 'self';frame-src 'self' https://www.googletagmanager.com http://*.ad-srv.net https://*.ad-srv.net https://cdna.lottohelden.de https://media.graphassets.com https://cdn02.cdn.amatic.com https://staging-rent.amatic.com:10443 https://*.blueprintgaming.com https://mgs.amusnetgaming.com:8181 https://res.amusnetgaming.com https://egt-interactive.com https://free.egtmgs.com:9998 https://mgs-staging.egtmgs.com:8181 https://*.egtmgs.com https://*.amusnet.io https://*.gambling-hub.com https://*.gamevy.com https://cdn.gamevyggcloud.com https://integration.intopenv.com https://integration.intopenv.com:9411 https://*.finrings.com https://*.poweredbygluck.com https://*.hacksawgaming.com https://games.pariplaydev.com https://*.pariplaygames.com https://*.pragmaticplay.net https://pariplay.prerelease-env.biz https://*.playngonetwork.com https://*.redrakegaming.com/ https://*.rubyplay.com/ https://lottohelden-static.casinomodule.com https://*.spinomenal.com https://*.spinomenal.io https://*.spribe.io https://*.spribe.dev https://*.spribegaming.com https://*.yggdrasilgaming.com https://pariplay.intgr.booming-games.com https://pariplay.mt.booming-games.com/ https://yard.gcsd.io https://assets.cdn.systems/ https://*.online-metrix.net https://tbl.tradedoubler.com https://*.facebook.com https://*.facebook.net https://embed.twitch.tv https://*.youtube.com https://*.youtube.de https://www.youtube-nocookie.com https://*.biahosted.com https://fbstreambro.cc https://spbro.live https://smdvks.live https://ui.idenfy.com;img-src 'self' blob: data: https://stats.g.doubleclick.net https://*.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat http://*.ad-srv.net https://*.ad-srv.net https://translate.google.com https://media.graphassets.com https://media.graphcms.com https://*.gstatic.com https://*.lottohelden.de https://games.gamevy.com https://*.pragmaticplaylive.net https://*.online-metrix.net https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://i.ytimg.com https://sport-widgets.s3.amazonaws.com https://sportwetten.s3.eu-central-1.amazonaws.com https://*.biahosted.com https://*.sportradar.com https://*.statscore.com https://storage.googleapis.com https://res.cloudinary.com/;object-src 'self' https://cdna.lottohelden.de https://*.online-metrix.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com http://*.ad-srv.net https://*.ad-srv.net https://cdna.lottohelden.de https://*.online-metrix.net https://cdn.seondf.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://embed.twitch.tv https://*.biahosted.com https://*.sportradar.com https://*.statscore.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://translate.googleapis.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.biahosted.com https://*.sportradar.com https://*.statscore.com;worker-src 'self' blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.ca; img-src 'self' data: blob: https://mstdn.ca https://cdn.mastdn.ca; style-src 'self' https://mstdn.ca 'nonce-u+TIpG/bWl/jq6GHvFJB+A=='; media-src 'self' data: https://mstdn.ca https://cdn.mastdn.ca; frame-src 'self' https:; manifest-src 'self' https://mstdn.ca; form-action 'self'; child-src 'self' blob: https://mstdn.ca; worker-src 'self' blob: https://mstdn.ca; connect-src 'self' data: blob: https://mstdn.ca https://cdn.mastdn.ca wss://api.mstdn.ca; script-src 'self' https://mstdn.ca 'wasm-unsafe-eval' 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-Bexb2ug0duaCWtoZAI1ghol9UYoqst' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
script-src 'self' blob: *.citysbs.com *.19lou.com *.cqmmgo.com *.19louimg.cn *.baidu.com *.baidustatic.com api.map.baidu.com *.bdstatic.com *.pstatp.com c.mipcdn.com tjs.sjs.sinajs.cn c.cnzz.com  s22.cnzz.com res.wx.qq.com apis.map.qq.com c.dun.163.com cstaticdun.126.net s11.cnzz.com static.geetest.com api.geetest.com *.alicdn.com  *.bdimg.com c.dun.163yun.com jsapi.qq.com mat1.gtimg.com analytics.snssdk.com app.citybrain.hangzhou.gov.cn 19lou.xyani.com 'unsafe-inline' 'unsafe-eval'; report-uri https://www.19lou.com/report 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NjNmMzRkNjNmMTliNDAzZThjZGMxM2MxM2Q0NWRmYzI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.ncsc.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.ncsc.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.ncsc.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
child-src 'self';connect-src 'self' https://media.samegoal.com/ https://s0.samegoal.com https://s1.samegoal.com https://s2.samegoal.com https://s3.samegoal.com https://s4.samegoal.com https://s5.samegoal.com https://s6.samegoal.com https://s7.samegoal.com https://s8.samegoal.com https://s9.samegoal.com https://s10.samegoal.com https://s11.samegoal.com https://s12.samegoal.com https://s13.samegoal.com https://s14.samegoal.com https://s15.samegoal.com https://s16.samegoal.com https://s17.samegoal.com https://s18.samegoal.com https://s19.samegoal.com https://s20.samegoal.com https://s21.samegoal.com https://s22.samegoal.com https://s23.samegoal.com;default-src 'none';font-src 'self';frame-src 'self';img-src 'self' https://media.samegoal.com/ data:;media-src 'self' https://media.samegoal.com/ blob:;object-src 'self';report-uri /iep/csperror;script-src 'self';style-src 'self' 'unsafe-inline'; 1
default-src 'self'; block-all-mixed-content; script-src 'report-sample' 'unsafe-eval' 'unsafe-inline' 'self' https://tags.srv.stackadapt.com https://browser.sentry-cdn.com https://cdn.mxpnl.com https://cdn.segment.com https://optimizely.bluevine.com https://static.ads-twitter.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://*.visualwebsiteoptimizer.com https://app.vwo.com https://rpzimsl7.bluevine.com https://www.googletagmanager.com https://connect.facebook.net https://script.crazyegg.com https://www.googletagmanager.com https://bat.bing.com https://snap.licdn.com https://js.navattic.com https://getrockerbox.com https://www.google.com https://www.gstatic.com; style-src 'report-sample' 'unsafe-inline' 'self' https://tags.srv.stackadapt.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://bluevinecorp.wpengine.com https://analytics.google.com https://bat.bing.com https://errors.client.optimizely.com https://logx.optimizely.com https://tags.srv.stackadapt.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com https://cdn.cookielaw.org https://www.google.com https://www.google.co.il https://adservice.google.com https://geolocation.onetrust.com https://api-js.mixpanel.com https://api.segment.io https://cdn.segment.com https://stats.g.doubleclick.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.google-analytics.com https://px.ads.linkedin.com https://script.crazyegg.com https://assets-tracking.crazyegg.com https://ingesteer.services-prod.nsvcs.net https://privacyportal.onetrust.com https://boards-api.greenhouse.io https://o208526.ingest.sentry.io https://www.googleadservices.com; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://app.vwo.com https://*.visualwebsiteoptimizer.com https://td.doubleclick.net https://www.google.com; img-src 'self' data: https://bluevinecorp.wpengine.com https://www.facebook.com https://bat.bing.com https://cdn.cookielaw.org https://www.google.com https://www.google.co.il https://d33wubrfki0l68.cloudfront.net https://www.bluevine.com https://www.google-analytics.com https://chart.googleapis.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://rpzimsl7.bluevine.com https://px.ads.linkedin.com https://arttrk.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; report-uri https://o208526.ingest.sentry.io/api/4506949755535360/security/?sentry_key=f3d0369c5743e55b5ed8ace14b8766da&sentry_environment=production-corp-new&sentry_release=beta; 1
frame-ancestors https://www.iway.ch https://www.sak-digital.ch https://freerideict.ch https://www.crossdata.ch https://www.telcomnet.ch https://www.rhone.ch https://www.uli-l.ch https://www.pc-zbinden.ch https://www.2com.ch https://www.jpag.ch https://www.bluenetsys.ch https://www.bluenetworksystems.ch https://www.agiba.ch https://agiba.ch https://www.ewh.ch https://isptv.ch/ https://www.isptv.ch/ https://profifon.ch https://starnet24.com/ https://www.jobs.ch/ 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.etracker.com 1
default-src 'self'; script-src 'self' 'nonce-URl2avmwxV76xxfHEA8ZOgp5zpdbztP8si2dkVuIjQk=' https://maps.googleapis.com https://ssl.google-analytics.com https://use.typekit.net https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://www.google.com https://www.youtube.com; img-src 'self' data:  https://c212.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://p.typekit.net https://ssl.google-analytics.com;  manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.civiccomputing.com https://*.googletagmanager.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.ytimg.com https://dl.episerver.net https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.g.doubleclick.net https://*.googleadservices.com https://www.recaptcha.net https://hello.myfonts.net https://widget.surveymonkey.com https://www.surveymonkey.com https://prod.smassets.net; 1
default-src 'self'; img-src *; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
object-src *; frame-src 'self' *.spafinder.com *.firebaseapp.com api.sardine.ai recaptcha.net *.web.app *.xg4ken.com consent-pref.trustarc.com services.listrak.com tags.rd.linksynergy.com ut.ra.linksynergy.com act-us.rd.linksynergy.com criteo.com *.criteo.com *.salecycle.com *.youtube.com *.vimeo.com vimeo.com hotjar.com *.hotjar.com *.moatads.com *.googletagmanager.com www.googletagservices.com *.google.com www.google.com *.otiserver.com *.googlesyndication.com cdn.ampproject.org securepubads.g.doubleclick.net *.facebook.com *.doubleclick.net *.cloudfront.net *.sfw-cdn.com *.mathtag.com taboola.com *.taboola.com adsrvr.org *.adsrvr.org asset.gomoxie.solutions parago.ehosts.net www.openstreetmap.org cdn.pdst.fm s3spafinder.cachefly.net *.trustev.com us-central1-card-bi.cloudfunctions.net; font-src 'self' * data:; connect-src *; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; connect-src *; media-src *; object-src *; frame-src *; child-src *; form-action *; frame-ancestors *; upgrade-insecure-requests; 1
default-src 'self'; img-src 'self' data: books.google.de de.statista.com cdn.statcdn.com app.statuscake.com www.kununu.com *.lamapoll.io; font-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' lamapoll.de *.lamapoll.de *.lamapoll.io; frame-src 'self' lamapoll.de *.lamapoll.de www.youtube-nocookie.com *.lamapoll.io; frame-ancestors 'self'; media-src 'self'; object-src 'self'; connect-src 'self' *.lamapoll.io 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.hotjar.com *.yandex.ru *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.ads-twitter.com *.twitter.com https://dev.visualwebsiteoptimizer.com https://static.criteo.net https://isortagim.hangikredi.com https://sslwidget.criteo.com https://cdn.ampproject.org https://cdn.dataroid.com https://*.efilli.com https://www.tiktok.com https://www.amazon.com https://analytics.tiktok.com https://c.amazon-adsystem.com/ https://bonuscomtr.api.useinsider.com *.useinsider.com 1
default-src 'self'; style-src https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://abs.firstdedic.ru/ https://yastatic.net/ https://cdn.ckeditor.com/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.1dedic.ru/ https://www.google-analytics.com/ https://mc.yandex.ru/ https://www.gstatic.com/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://mc.yandex.ru/ https://*.chathost.ru/; frame-src 'self' https://abs.firstdedic.ru/ https://morp.firstvds.ru/ https://www.youtube.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors https://metrika.yandex.ru http://webvisor.com/; 1
base-uri 'self' https://bullish.com;       default-src 'self';       child-src 'self' 'unsafe-inline';       connect-src 'self' https://content.marketing.bullish.com https://px.ads.linkedin.com px.ads.linkedin.com assets.marketing.bullish.com bullish.piwik.pro bullish.containers.piwik.pro cdn-apac.onetrust.com vimeo.com player.vimeo.com https://plausible.io https://privacyportal-apac.onetrust.com *.oribi.io www.google.com.sg pagead2.googlesyndication.com https://exchange.bullish.com;       font-src 'self' bullish.piwik.pro bullish.containers.piwik.pro data:;       frame-src 'self' 'unsafe-inline' *.twitter.com vimeo.com player.vimeo.com https://www.google.com *.doubleclick.net *.adsrvr.org www.youtube.com *.youtube.com;       img-src 'self' https://content.marketing.bullish.com assets.marketing.bullish.com i.vimeocdn.com *.googletagmanager.com *.gstatic.com *.adsrvr.org *.linkedin.com *.ads-twitter.com snap.licdn.com *.doubleclick.net *.twitter.com bullish.piwik.pro bullish.containers.piwik.pro bullish.piwik.pro t.co i.ytimg.com www.google.com.sg www.google.com data:;       manifest-src 'self';       media-src 'self' https://content.marketing.bullish.com assets.marketing.bullish.com;       object-src 'none';       script-src 'self' 'unsafe-inline' 'strict-dynamic'  *.googletagmanager.com www.gstatic.com bullish.containers.piwik.pro bullish.piwik.pro vimeo.com player.vimeo.com https://www.google.com/recaptcha/api.js *.gstatic.com/recaptcha/ www.youtube.com *.youtube.com f.vimeocdn.com 'nonce-RrptF71u61rNBLFNkFiSawRF9g03awxfErqumLvV5ci1';       script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com bullish.containers.piwik.pro www.gstatic.com vimeo.com f.vimeocdn.com player.vimeo.com https://www.google.com/recaptcha/api.js *.gstatic.com/recaptcha/ *.doubleclick.net *.licdn.com *.ads-twitter.com *.adsrvr.org www.youtube.com *.youtube.com;       style-src 'self' 'unsafe-inline' bullish.piwik.pro bullish.containers.piwik.pro; 1
frame-ancestors www.graphicpkg.com pubwebprd.graphicpkg.com gpi.my.idaptive.app aau0618.my.idaptive.app 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-Yr3N0Z+h8/UiKxr2Z5FDGLKn38Caag' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' *.diil.ee 1
base-uri 'self'; default-src 'self' *.credit-agricole.it data: blob:; child-src * blob:; object-src 'self' *.credit-agricole.it; script-src 'self' *.credit-agricole.it *.awswaf.com 'unsafe-inline' 'unsafe-eval' *.cariprpcpar.it *.cariprpcpar.it *.cariprpccoll.it *.develon.com *.cookiebot.com *.acsbapp.com *.sentry.io *.newrelic.com *.nr-data.net *.google.com *.gstatic.com *.g.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.youtube.com connect.ekomi.de widgets.ekomi.com widgets.ekomi.com *.ekomiapps.de *.facebook.net *.mapbox.com; style-src 'self' *.credit-agricole.it d1d1pnx7stb8xh.cloudfront.net 'unsafe-inline' *.develon.com *.google.com *.googletagmanager.com *.googleapis.com widgets.ekomi.com *.ekomiapps.de *.mapbox.com; font-src 'self' *.credit-agricole.it *.gstatic.com; img-src 'self' *.credit-agricole.it d1d1pnx7stb8xh.cloudfront.net *.gstatic.com *.googletagmanager.com *.google.com *.google.it *.google-analytics.com *.g.doubleclick.net data:; frame-src 'self' *.credit-agricole.it *.cariprpcpar.it *.cariprpccoll.it *.google.com *.youtube.com *.cookiebot.com; frame-ancestors 'self' *.credit-agricole.it; connect-src 'self' *.credit-agricole.it *.sentry.io *.nr-data.net *.cookiebot.com *.google-analytics.com *.g.doubleclick.net *.acsbapp.com *.mapbox.com *.awswaf.com; script-src-elem 'self' *.awswaf.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://static.cdn-apple.com;img-src 'self' data: *;connect-src 'self' https://static.airport.ai;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors api.chamberlain.com:443 hybris.chamberlain.com:443 arqadm.chamberlain.com:443 adm.myq.com:443 adm.chamberlain.com:443 adm.liftmaster.com:443 arq.chamberlain.com:443 www.myq.com:443 www.chamberlain.com:443 www.liftmaster.com:443 1
default-src 'self' https://www.spain-tourist-guide.com https://www.spaintouristguide.com; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-NyuaTYJUJ8lOVroYjXP0EoODWM1pWklEPLI6NOlBuDI=' 'sha256-K7gF/7OhKGNWxE3h9Ci1WdJDk6rmoqZ89KE8N/LuTCc=' 'sha256-/Mkon+xw3qHmSNMrtmzcD42MJVpVElk9TlO59YjpWZQ=' 'sha256-WnCLaOI96qebo2XqRtOC8T/O0r1JZY+MiifHTMJy0qQ=' 'sha256-X11ejCuxD+9gfFOcAw/zUJSOvRKSV33AWbyNfEHS+Ac=' 'sha256-WyUgtBw34gov4qpttglcsL9HselKX0nPL88cMj9w8SY='; script-src 'self' https://www.spain-tourist-guide.com https://www.spaintouristguide.com https://www.google.com/afsonline/show_afs_search.js https://static.cloudflareinsights.com/beacon.min.js; connect-src 'self' https://touristactive.net:9000 https://www.spaintouristguide.com https://www.spain-tourist-guide.com https://cloudflareinsights.com; form-action 'self' https://www.spaintouristguide.com https://www.xe.com/ucc/convert.cgi https://ticketbar.eu/controllers/shoppingCart.cfc; img-src 'self' https://www.spaintouristguide.com https://www.montserrat-tourist-guide.com data:; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.xyz; img-src 'self' https: data: blob: https://mastodon.xyz; style-src 'self' https://mastodon.xyz 'nonce-cebY0OG+rToIu42K0sVOxQ=='; media-src 'self' https: data: https://mastodon.xyz; frame-src 'self' https:; manifest-src 'self' https://mastodon.xyz; form-action 'self'; child-src 'self' blob: https://mastodon.xyz; worker-src 'self' blob: https://mastodon.xyz; connect-src 'self' data: blob: https://mastodon.xyz https://6-28.mastodon.xyz wss://mastodon.xyz; script-src 'self' https://mastodon.xyz 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fedibird.com https://raw.githubusercontent.com https://fonts.gstatic.com; img-src 'self' https: data: blob: https://fedibird.com; style-src 'self' https://fedibird.com https://34.si 'nonce-2PSCx8ZEPPr2+S6Z/SnlJw=='; media-src 'self' https: data: https://fedibird.com; frame-src 'self' https:; manifest-src 'self' https://fedibird.com; connect-src 'self' data: blob: https://fedibird.com https://s3.fedibird.com wss://streaming.fedibird.com; script-src 'self' https://fedibird.com; child-src 'self' blob: https://fedibird.com; worker-src 'self' blob: https://fedibird.com 1
frame-ancestors 'self'; report-uri https://www.reaganlibrary.gov/report-uri/enforce 1
default-src 'self' *.google.com *.gstatic.com *.google-analytics.com cdn.panq.nl; script-src 'self' 'unsafe-inline' *.google.com *.gstatic.com *.google-analytics.com cdn.panq.nl; style-src 'self' 'unsafe-inline' *.googleapis.com cdn.panq.nl 1
img-src https: data:;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https:;object-src https: 1
report-uri /cgi-bin/csp; default-src 'self' pagead2.googlesyndication.com securepubads.g.doubleclick.net; connect-src 'self' pagead2.googlesyndication.com googleads.g.doubleclick.net csi.gstatic.com *.google-analytics.com maps.googleapis.com *.paypalobjects.com *.paypal.com; font-src 'self' data: fonts.gstatic.com *.avast.com; frame-src 'self' *.radio-locator.com *.g.doubleclick.net *.googlesyndication.com *.google.com *.paypalobjects.com *.paypal.com; img-src 'self' data: *.google-analytics.com *.googleapis.com *.gstatic.com *.googlesyndication.com googleads.g.doubleclick.net *.googletagmanager.com *.paypalobjects.com *.paypal.com; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' googleads.g.doubleclick.net *.googlesyndication.com maps.googleapis.com adservice.google.com adservice.google.ca adservice.google.com.mx adservice.google.de adservice.google.co.uk adservice.google.co.nz adservice.google.no adservice.google.ua adservice.google.it adservice.google.pr adservice.google.il adservice.google.za adservice.google.be adservice.google.fr *.googletagmanager.com *.googletagservices.com *.googleadservices.com *.google-analytics.com *.ampproject.org *.paypalobjects.com *.paypal.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maps.googleapis.com *.googlesyndication.com; worker-src 'none'; form-action 'self'; frame-ancestors *.radio-locator.com; 1
default-src 'none'; connect-src 'self' embedr.flickr.com geo.query.yahoo.com nominatim.openstreetmap.org api.github.com; font-src 'self'; form-action 'self' platform.twitter.com syndication.twitter.com; frame-ancestors 'self'; frame-src 'self' blob: www.youtube.com w.soundcloud.com twitter.com platform.twitter.com syndication.twitter.com player.vimeo.com www.mixcloud.com www.dailymotion.com media.ccc.de bandcamp.com www.instagram.com; img-src data: blob: *; manifest-src 'self'; media-src https:; script-src 'self' blob: 'unsafe-eval' platform.twitter.com cdn.syndication.twimg.com widgets.flickr.com embedr.flickr.com www.instagram.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' platform.twitter.com *.twimg.com 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn-secure.luckygunner.com cdn.userway.org data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.twitter.com *.userway.org sumo.com sumome.com twitter.com; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io cdn-secure.luckygunner.com data: https://seal.verisign.com media.sumome.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com syndication.twitter.com twitter.com; manifest-src cdn-secure.luckygunner.com www.luckygunner.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com www.luckyreferrals.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.twitter.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: cdn-secure.luckygunner.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com www.luckyreferrals.com; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.twitter.com cdn-secure.luckygunner.com cdn.userway.org sload.sumo.com sumo.b-cdn.net 1
default-src 'self' https://nom.telemetrydeck.com/ https://api.telemetrydeck.com/ https://cdn.telemetrydeck.com/ https://rsms.me https://cdn.sanity.io https://plausible.io/ https://*.mjt.lu/ https://v1.image.11ty.dev/; style-src 'self' 'unsafe-inline' https://rsms.me 1
frame-ancestors 'self' https://manage.militaryaerospace.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; script-src 'self' https://boomla.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' https://www.google.com https://www.youtube.com https://challenges.cloudflare.com https://embed.imajize.com https://partstown.sirv.com https://ceclients.syntec.co.uk https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.pingdom.net https://cdn.cookielaw.org https://js.stripe.com *.facebook.com *.forter.com *.richpanel.com wss://ws-prod.richpanel.com https://ipapi.co; font-src *;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://js.stripe.com https://www.googletagmanager.com https://challenges.cloudflare.com https://cdn.richpanel.com https://cdn.cookielaw.org *.forter.com https://browser-update.org *.richpanel.com https://www.google-analytics.com https://s.adroll.com *.hotjar.com https://snap.licdn.com https://googleads.g.doubleclick.net *.facebook.net *.ubembed.com https://bat.bing.com *.pingdom.net https://s7.addthis.com https://d.adroll.com https://lex.33across.com; style-src 'self' 'unsafe-inline' https://*.richpanel.com https://use.fontawesome.com https://fonts.googleapis.com; frame-ancestors 'self' https://market.opstechnology.com/ https://market.realpage.com/ https://realpage.opstechnology.com/ https://demomarket.opstechnology.com/ https://preview.opstechnology.com/ https://www.rcashasp1.com/ http://www.mypartinfo.com https://www.yardimarketplace.com/ 1
frame-ancestors 'self' https://neo.finance.si https://www.ntk.si/ https://next.brella.io/ https://narocilnice.bhc.si 1
default-src * data:; style-src 'self' http://* 'unsafe-inline'; script-src 'self' blob: http://* 'unsafe-inline' 'unsafe-eval'; font-src * data:; image-src * data:; frame-ancestors 'self' https://admin.hbs.net admin.hbs.net http://hrtlp.com https://hbsdotnetstg.wpenginepowered.com https://hbsdot.wpenginepowered.com; 1
default-src 'self' data: blob: *.ifs.com *.justgiving.com *.searchstax.com *.twitter.com *.ads-twitter.com *.facebook.net https://*.onetrust.com https://*.sonobi.com https://*.spotxchange.com https://*.addthis.com https://*.socdm.com https://*.fout.jp https://*.stickyadstv.com https://*.adtdp.com *.litix.io *.demandbase.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net www.google-analytics.com www.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.googleapis.com *.gstatic.com *.cloudflare.com *.leadforensics.com linkedin.oribi.io *.oribi.io *.t.co *.google.lk *.smartrecruiters.com *.mathtag.com *.doubleclick.net pixel.tapad.com *.marketo.com *.marketo.net *.linkedin.com *.krxd.net p.adsymptotic.com *.comparesoft.com tracking.g2crowd.com tr.apsislead.com static.oktopost.com tags.bkrtx.com snap.licdn.com *.rlcdn.com *.hotjar.com vc.hotjar.io *.yahoo.com https://*.openx.net https://*.casalemedia.com https://*.bidswitch.net careers-p2energysolutions.icims.com https://*.adingo.jp *.clarity.ms www.facebook.com *.okt.to *.bluekai.com dpm.demdex.net *.company-target.com *.mktoresp.com *.bidr.io ads.stickyadstv.co *.google.com/ads/ *.liadm.com sync.navdmp.com *.zoominfo.com *.bing.com *.navdmp.com sync.crwdcntrl.net *.rubiconproject.com dpm.demdex.net *.company-target.com *.mktoresp.com *.bidr.io ads.stickyadstv.co *.google.com/ads/ *.liadm.com siteimproveanalytics.com sync.navdmp.com *.zoominfo.com *.bing.com *.navdmp.com sync.crwdcntrl.net *.rubiconproject.com aa.agkn.com y.one.impact-ad.jp wss://*.hotjar.com https://*.adnxs.com https://*.pubmatic.com https://*.adsrvr.org https://*.adform.net https://*.shinobi.jp https://*.smaato.net https://*.semasio.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' info.ifs.com; frame-src 'self' careers-p2energysolutions.icims.com www.facebook.com info.ifs.com *.wistia.net *.hotjar.com *.bluekai.com *.doubleclick.net; 1
upgrade-insecure-requests; frame-ancestors 'self' https://luxe.digital 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.railwaygazette.com; 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'self' blob:; script-src 'self' https://bat.bing.com https://js.hsadspixel.net https://www.youtube.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hubspot.com https://*.adsrvr.org https://*.influ2.com https://connect.facebook.net https://px.ads.linkedin.com https://*.hs-sites.com blob: 'unsafe-inline'; style-src 'unsafe-inline' http:; img-src http: https: data: https://*.influ2.com https://*.adsrvr.org; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://forms.hsforms.com https://stats.g.doubleclick.net https://bid.g.doubleclick.net https://tools.ietf.org https://www.google-analytics.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.influ2.com https://*.adsrvr.org https://px.ads.linkedin.com https://snap.licdn.com https://connect.facebook.net https://www.googletagmanager.com https://td.doubleclick.net https://js.hsadspixel.net; frame-src https://www.youtube-nocookie.com https://www.youtube.com https://bid.g.doubleclick.net https://forms.hsforms.com https://td.doubleclick.net https://*.hs-sites.com https://*.adsrvr.org ; upgrade-insecure-requests 1
default-src 'self' https://bam.nr-data.net; font-src 'self' https://use.typekit.net; form-action 'self' https://syndication.twitter.com https://platform.twitter.com; frame-src 'self' 'unsafe-inline' https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.google.com https://www.youtube.com; img-src 'self' data: https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://chart.googleapis.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.nr-data.net https://cdn.jsdelivr.net https://cdn.syndication.twimg.com https://js-agent.newrelic.com https://platform.twitter.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://p.typekit.net https://platform.twitter.com; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'none'; manifest-src 'self'; script-src 'self' https://*.opportunity.de; style-src 'self' 'unsafe-inline' 'unsafe-inline'; img-src 'self' https://*.openstreetmap.org https://*.opportunity.de data:; connect-src 'self'; font-src 'self'; object-src 'self'; media-src 'self'; worker-src 'self'; frame-src 'self' https://*.opportunity.de; form-action 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri /csp-violation.php; 1
default-src 'self' data:      https://*.gobank.com      https://*.typekit.net      https://*.typekit.com      https://*.vimeo.com      https://vimeo.com      https://secure.greendot.com      http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com      https://*.doubleclick.net                     http://*.googleadservices.com m                     https://*.googleadservices.com m               https://*.google-analytics.com                     http://*.google-analytics.com                http://*.googletagmanager.co                   https://*.googletagmanager.com       https://*.go2bankonline.com;        img-src 'self' data:      https://*.google-analytics.com      https://*.doubleclick.net      https://*.typekit.net      https://*.gobank.com      https://ds.reson8.com      https://*.go2bankonline.com      http://*.trustarc.com                https://*.trustarc.com      http://*.truste.com              https://*.truste.com               http://*.googletagmanager.com               https://*.googletagmanager.com      https://secure.greendot.com;       child-src 'self'      https://*.google.com      https://*.cdn-gdc.com      http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com               http://*.googletagmanager.com               https://*.googletagmanager.com      https://player.vimeo.com;       style-src 'self' 'unsafe-inline' 'unsafe-eval'      https://*.gobank.com      https://*.typekit.com      https://*.go2bankonline.com      http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com               http://*.googletagmanager.com               https://*.googletagmanager.com      https://*.typekit.net;       script-src 'self' 'unsafe-inline' 'unsafe-eval'      https://*.gobank.com      https://*.typekit.com      https://*.typekit.net      http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com               http://*.googletagmanager.com               https://*.googletagmanager.com      https://*.google-analytics.com      https://*.googleapis.com      https://*.googleadservices.com      https://*.tt.omtrdc.net      https://*.vimeo.com      https://secure.greendot.com      https://*.go2bankonline.com      https://websdk.ujet.co;       font-src 'self' data:               http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com      https://*.typekit.com      https://*.typekit.net;       frame-src               http://*.trustarc.com               https://*.trustarc.com      http://*.truste.com              https://*.truste.com      https://websdk.ujet.co;                 1
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://upload.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://va.tawk.to https://cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://embed.tawk.to; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://embed.tawk.to; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' securian.marketing.adobe.com securian.experiencecloud.adobe.com experience.adobe.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*.scw.iliad.fr https://*.globenewswire.com player.vimeo.com *.openstreetmap.org *.data.gouv.fr stats.proxad.net fonts.googleapis.com www.google.com www.gstatic.com fonts.gstatic.com analytics.proxad.net sdk.privacy-center.org https://www.iliad.fr s3.fr-par.scw.cloud *.s3.fr-par.scw.cloud; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://matomo.ria.ee/ https://search.service.vportal.ee/v1/search/ria https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/ria https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee; img-src 'self' data: *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com https://matomo.ria.ee https://www.google-analytics.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://matomo.ria.ee https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com https://www.google-analytics.com unpkg.com https://matomo.ria.ee/ 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://matomo.ria.ee static.cludflareinsaights.com https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com https://www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src http: data:; script-src http: data: 'unsafe-inline' 'unsafe-eval'; style-src http: data: 'unsafe-inline' 'unsafe-eval'; font-src http: data: 'unsafe-inline' 'unsafe-eval'; frame-src http: data: 'unsafe-inline' 'unsafe-eval'; connect-src http: data: 'unsafe-inline' 'unsafe-eval'; object-src http: data: 'unsafe-inline' 'unsafe-eval' 1
default-src https://cdn.resourceguruapp.com/ https://resourceguruapp.com/ https://app.resourceguruapp.com/ https://acdn.resourceguruapp.com/ https://get.resourceguruapp.com/ wss://app.resourceguruapp.com/ data: blob: https: wss:; script-src https://cdn.resourceguruapp.com/ https://resourceguruapp.com/ https://app.resourceguruapp.com/ https://acdn.resourceguruapp.com/ https://get.resourceguruapp.com/ wss://app.resourceguruapp.com/ 'unsafe-inline' 'unsafe-eval' data: blob: https:; style-src https://cdn.resourceguruapp.com/ https://resourceguruapp.com/ https://app.resourceguruapp.com/ https://acdn.resourceguruapp.com/ https://get.resourceguruapp.com/ wss://app.resourceguruapp.com/ 'unsafe-inline' data: blob: https:; frame-ancestors https://resourceguruapp.com/ https://app.resourceguruapp.com/ https://acdn.resourceguruapp.com/ https://get.resourceguruapp.com/ wss://app.resourceguruapp.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com db.revoffers.com sp.analytics.yahoo.com s.yimg.com insight.adsrvr.org api.privy.com www.google-analytics.com dpm.demdex.net *.userway.org app.termly.io js.driftt.com *.slack.com diamondcbd.go2cloud.org *.fls.doubleclick.net global.ib-ibi.com tags.bluekai.com pixel.tapad.com uipglob.semasio.net dsum-sec.casalemedia.com player.vimeo.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net app.shop.pe *.intercomcdn.com www.facebook.com connect.facebook.com; connect-src 'self' stats.g.doubleclick.net s.yimg.com db.revoffers.com db.trackcb.com www.google-analytics.com a.klaviyo.com fast.a.klaviyo.com static-forms.klaviyo.com telemetrics.klaviyo.com app.termly.io js.driftt.com widget.privy.com *.privy.com *.userway.org *.ipqualityscore.com *.yotpo.com *.authorize.net track.flexlinks.com vimeo.com shop.pe *.datadome.co *.intercom.io wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://track.segmetrics.io *.cloudfront.net *.google.com api.agechecker.net https://db.trackcb.com app.shop.pe shopper.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.mantisadnetwork.com *.leadsrx.com www.facebook.com connect.facebook.com tracker.wigzopush.com ray.wigzopush.com wss://ray.wigzopush.com https://o1281800.ingest.sentry.io/api/6592256/store/ https://o1281800.ingest.sentry.io/api/6592256/envelope/; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com *.cloudfront.net *.intercomcdn.com https://*.hotjar.com https://cdn.userway.org cdn.agechecker.net *.cdnfonts.com; frame-src 'self' nytrng.com *.revoffers.com *.driftt.com *.userway.org *.go2cloud.org *.fls.doubleclick.net track.flexlinks.com *.vimeo.com *.googlevideo.com *.gvt1.com video.google.com *.youtu.be *.youtube.com https://*.hotjar.com app.termly.io www.facebook.com connect.facebook.com t.makehook.ws; img-src 'self' upx.provenpixel.com telemetrics.klaviyo.com insight.adsrvr.org *.google.com *.google.pl *.google.us sp.analytics.yahoo.com www.google-analytics.com *.userway.org privymktg.com google-analytics.com dpm.demdex.net *.privy.com diamondcbd.go2cloud.org service.trafficroots.com sigma2.pubmatic.com *.adsrvr.org *.google.am *.doubleclick.net *.mantisadnetwork.com *.shareasale.com *.shareasale-analytics.com i.vimeocdn.com data: *.truoptik.com *.google.me *.adnxs.com *.bluekai.com *.ib-ibi.com *.semasio.net *.yotpo.com *.dotomi.com *.media6degrees.com https://usermatch.krxd.net https://*.hotjar.com *.cloudfront.net img.agechecker.net api.agechecker.net blob: shopper.shop.pe *.intercomcdn.com *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com www.facebook.com connect.facebook.com app.wigzo.com ad.ipredictive.com aggle.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com *.ipqualityscore.com *.yotpo.com www.googletagmanager.com s.btstatic.com *.cloudflareinsights.com *.driftt.com *.klaviyo.com *.authorize.net s.thebrighttag.com cdn-swell-assets.yotpo.com static.klaviyo.com www.google-analytics.com static.cloudflareinsights.com *.userway.org *.termly.io *.privy.com shop.pe *.cloudfront.net *.s3.amaonaws.com *.shop.pe js.intercomcdn.com *.intercom.io https://*.hotjar.com app.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com www.facebook.com connect.facebook.com cdnjs.cloudflare.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' static-tracking.klaviyo.com *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com cdn-loyalty.yotpo.com www.googletagmanager.com s.btstatic.com static.cloudflareinsights.com a.klaviyo.com www.google-analytics.com cdn-swell-assets.yotpo.com s.thebrighttag.com static.klaviyo.com *.userway.org app.termly.io js.driftt.com *.privy.com shop.pe *.ipqualityscore.com *.cloudfront.net ajax.cloudflare.com *.authorize.net *.gstatic.com shareasale-analytics.com *.s3.amazonaws.com *.shop.pe *.datadome.co *.yotpo.com *.intercom.io *.intercomcdn.com *.newrelic.com bam.nr-data.net *.hotjar.com *.facebook.net sdk.trackcb.com https://tag.segmetrics.io cdn.agechecker.net app.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com player.vimeo.com app.wigzo.com tracker.wigzopush.com aggle.net cdnjs.cloudflare.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' cdn-swell-assets.yotpo.com maxcdn.bootstrapcdn.com *.klaviyo.com *.privy.com *.gstatic.com *.cloudfront.net *.addshoppers.com *.userway.org https://*.hotjar.com *.cdnfonts.com app.wigzo.com cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
base-uri 'self';connect-src 'self' *.youtube.com albis-bot-backend-service-gj4kqfil6q-uc.a.run.app *.bugsnag.com *.vemcount.com *.vemcount.app vemcount.app ws://127.0.0.1:6001 wss://127.0.0.1:6001 https://*.s3.eu-central-1.amazonaws.com;form-action 'self' *.vemco.group;img-src 'self' data: tecbrain.com img.youtube.com www.gravatar.com *.eu-central-1.amazonaws.com *.meetsigma.io *.vemcogroup.com *.vemcount.com vemcount.com *.vemcount.app vemcount.app vem-assist-cdn.vercel.app;media-src 'self' *.eu-central-1.amazonaws.com;object-src 'none';script-src 'self' vemassist.albisai.com 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.bunny.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' px.ads.linkedin.com *.ads.linkedin.com *.cookiebot.com *.facebook.com *.facebook.net *.g.doubleclick.net *.gigya.com *.go-mpulse.net *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.ivoclar.com *.ivoclarvivadent.com *.ownid.com *.pardot.com *.purechat.com *.purechatcdn.com *.vimeo.com *.youtube.com api.ipify.org cdn.fusedeck.net challenges.cloudflare.com g.doubleclick.net io.fusedeck.net js.hsforms.net script.hotjar.com service.excentos.com snap.licdn.com static.hotjar.com www.eventbrite.com www.googletagmanager.com www.linkedin.com yastatic.net *.stackadapt.com qvdt3feo.com tags.srv.stackadapt.com *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net iytimg.com;img-src 'self' data: px.ads.linkedin.com cdn.jsdelivr.net *.ivoclar.com *.ivoclarvivadent.com *.gigya.com *.google.com google.com *.google.at *.gstatic.com *.googleapis.com *.google-analytics.com *.purechat.com *.purechatcdn.com *.googleapis.com *.facebook.net *.facebook.com *.google-analytics.com *.pardot.com *.google.co.uk *.g.doubleclick.net g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googlesyndication.com *.youtube.com *.ads.linkedin.com *.vimeo.com *.excentos.com excentos.com *.google.com.sa google.com.sa *.google.de google.de cdn01.basis.net *.stackadapt.com qvdt3feo.com tags.srv.stackadapt.com *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net yastatic.net iytimg.com *.cookiebot.com;style-src 'self' data: blob: 'unsafe-inline' px.ads.linkedin.com cdn.jsdelivr.net *.google.com *.googleapis.com *.ivoclarvivadent.com *.ivoclar.com *.google.co.uk *.g.doubleclick.net g.doubleclick.net *.googleadservices.com *.googlesyndication.com cdn.fusedeck.net *.youtube.com *.vimeo.com *.excentos.com cdn01.basis.net tags.srv.stackadapt.com www.google.co.th *.hsforms.com px.ads.linkedin.com i.vimeocdn.com f.vimeocdn.com googleads.g.doubleclick.net yastatic.net iytimg.com;object-src 'self';upgrade-insecure-requests ;frame-ancestors 'self' data: px.ads.linkedin.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.gigya.com *.cookiebot.com *.purechat.com *.purechatcdn.com *.googleapis.com *.google-analytics.com *.go-mpulse.net *.ivoclarvivadent.com *.ivoclar.com *.vimeo.com challenges.cloudflare.com;connect-src 'self' wss: https:;default-src https: mailto:;base-uri 'self';form-action 'self' https:; 1
frame-ancestors 'self' https://www.balasai.com http://xn--o1b5esay2abb.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.dws.com https://*.dws.de https://*.deawm.com wss://push.etf.dws.com https://dws.extraetf.com https://*.rreefpropertytrust.com https://*.tealiumiq.com https://*.webtrekk.com https://*.wbtrk.net https://*.mateti.net https://fbc.wcfbc.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://cx.atdmt.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.de https://www.google.com https://*.tiqcdn.com https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net https://vjs.zencdn.net https://maps.googleapis.com https://maps.gstatic.com https://*.fls.doubleclick.net https://bounce.exacttarget.com https://exacttarget.com https://*.marketingcloudapps.com; font-src 'self' data: https://vjs.zencdn.net; img-src 'self' data: https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net https://*.tealiumiq.com https://*.webtrekk.com https://*.wbtrk.net https://*.mateti.net https://fbc.wcfbc.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://cx.atdmt.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.de https://www.google.com https://*.tiqcdn.com https://maps.googleapis.com https://maps.gstatic.com https://*.dws.com https://*.dws.de https://*.deawm.com wss://push.etf.dws.com https://dws.extraetf.com https://*.rreefpropertytrust.com https://*.fls.doubleclick.net; media-src 'self' blob: https://*.brightcove.net https://*.brightcove.com https://*.brightcovecdn.com https://*.boltdns.net https://vjs.zencdn.net https://*.akamaihd.net https://*.akafms.net https://*.llnwd.net https://*.llnw.net; worker-src 'self' blob:; object-src 'self' blob:; child-src 'self'; frame-src 'self' https://vds.issgovernance.com https://*.dws.de https://*.dws.com https://*.mateti.net https://*.equitystory.com https://www.google.com https://*.fls.doubleclick.net; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' https://www.visit.fonterra.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' https: data:; frame-ancestors 'self' https:; connect-src 'self' https://*.wisepops.com:* https://wisepops.com:* https://*.wisepops.net:* https://wisepops.net:* https://*.unzer.com:* https://maps.googleapis.com:* https://payment.heidelpay.com:* https://sbx-payment.heidelpay.com:* https://jobs.b-ite.com:* https://*.aerzte-ohne-grenzen.de:* https://*.onetrust.com:* https://*.cookielaw.org:* https://*.hotjar.com:* https://*.hotjar.io:* https://vc.hotjar.io:* wss://*.hotjar.com https://cdn.matomo.cloud/msf-ber.matomo.cloud:* https://msf-ber.matomo.cloud:* https://log.aerzte-ohne-grenzen.de/api/3/store/ https://log.aerzte-ohne-grenzen.de/api/3/envelope/; report-uri https://log.aerzte-ohne-grenzen.de/api/3/security/?sentry_key=19f9cfc9fc7c3afe2f536fafb0fd9965&sentry_environment=prod 1
default-src 'self' *.cityba.se *.thecitybase.com; base-uri 'none'; connect-src 'self' *.graphcms.com *.algolia.net *.google-analytics.com screendoor.dobt.co *.demandjump.com *.google.com *.googleapis.com *.algolianet.com *.trongrid.io tracking.monsido.com; font-src 'self' data: *.gstatic.com; frame-ancestors 'self'; frame-src 'self' insight.adsrvr.org *.youtube.com *.doubleclick.net *.securly.com *.k12.in.us maps.indy.gov app.powerbigov.us match.adsrvr.org www.facebook.com indianapolis.granicus.com *.googletagmanager.com *.google.com google.com tracking.monsido.com; img-src 'self' * data:; media-src 'self' * data:; object-src 'none'; script-src 'nonce-KnBGcPB5F66UQWc7xkGaU8gxn0owIKh-re5EcgRtO0o' 'strict-dynamic'; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudfront.net unpkg.com *.gstatic.com; report-uri https://callback-service.prod.cityba.se/csp; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-5BsUSUML9AiRphyJp2ZfFIKHl' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
base-uri 'self';connect-src 'self' https://mc.yandex.ru https://mc.yandex.com https://www.sipnet.ru wss://*.jivosite.com https://*.jivosite.com https://*.nt-rt.ru https://*.google.com;default-src 'self';form-action 'self';img-src 'self' 'unsafe-inline' data: http://cdn.nt-rt.ru https://api-maps.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://*.nt-rt.ru https://www.google.com http://*.google.com https://*.gstatic.com;media-src 'self' https://*.jivo.ru;object-src 'none';script-src 'self' 'nonce-u6FxuAzpWAXHDc6eDnsuSaCdsTPJWOEn' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'nonce-u6FxuAzpWAXHDc6eDnsuSaCdsTPJWOEn' 'unsafe-eval' https://cdnjs.cloudflare.com https://api-maps.yandex.ru https://*.jivosite.com https://*.jivo.ru;script-src-elem 'self' 'unsafe-inline' https://mc.yandex.ru https://www.google.com https://www.gstatic.com https://api-maps.yandex.ru https://www.sipnet.ru https://ajax.googleapis.com https://cdnjs.cloudflare.com https://*.jivosite.com https://*.jivo.ru https://*.googleadservices.com https://*.google.com http://*.google.com;script-src-attr 'unsafe-inline';frame-src 'self' https://mc.yandex.ru https://www.google.com https://yandex.ru https://*.jivosite.com https://*.jivo.ru https://www.adsensecustomsearchads.com;style-src-attr 'unsafe-inline';style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.jivo.ru https://*.jivosite.com https://*.google.com;font-src 'self' 'unsafe-inline' data: 1
base-uri 'none';form-action 'self' *.readspeaker.com;frame-ancestors 'self' 1
default-src 'self'; object-src 'self' data: https://*.eu-5.platformsh.site; img-src 'self' data: https://*.siteimproveanalytics.io https://nettskjema.no https://*.eu-5.platformsh.site https://arken.nmbu.no https://*.nmbu.no https://*.google-analytics.com https://*.googletagmanager.com; media-src 'self' https://*.siteimproveanalytics.io https://nettskjema.no https://*.eu-5.platformsh.site https://arken.nmbu.no https://*.nmbu.no https://*.google-analytics.com https://*.googletagmanager.com https://*.ddev.site:8443; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://*.googletagmanager.com https://*.google-analytics.com https://*.mazemap.com https://*.timeedit.net https://siteimproveanalytics.com https://in2.taskanalytics.com https://nettskjema.no https://*.eu-5.platformsh.site; style-src 'self' 'unsafe-inline' https://player.vimeo.com https://*.mazemap.com https://*.eu-5.platformsh.site; child-src 'self' https://www.youtube.com https://player.vimeo.com https://*.mazemap.com https://*.timeedit.net https://*.eu-5.platformsh.site; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://*.mazemap.com https://*.timeedit.net https://*.panopto.com https://*.panopto.eu https://nettskjema.no https://*.eu-5.platformsh.site https://arken.nmbu.no; connect-src 'self' https://*.mazemap.com https://nettskjema.no https://*.eu-5.platformsh.site https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://in2.taskanalytics.com; 1
report-uri /api/submit-csp-violation-report; default-src 'self' blob: data: https://i.mgtbk.nl https://cdn.jsdelivr.net https://queue.simpleanalyticscdn.com https://scripts.simpleanalyticscdn.com https://browser-intake-datadoghq.eu https://www.datadoghq-browser-agent.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://jouw.postnl.nl https://*.gstatic.com;script-src 'self' blob: https://i.mgtbk.nl https://cdn.jsdelivr.net  'nonce-30d0ef694a90b716' https://queue.simpleanalyticscdn.com https://scripts.simpleanalyticscdn.com https://cdnjs.cloudflare.com https://rum.browser-intake-datadoghq.eu/ https://www.datadoghq-browser-agent.com https://polyfill.io https://unpkg.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.googletagmanager.com https://mouseflow.com https://cdn.mouseflow.com https://www.google.com https://cdn.3cx.com https://mainpress.my3cx.nl https://mainpress.my3cx.nl:5001 ; style-src 'self' https://i.mgtbk.nl https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com data: 'unsafe-inline'; img-src 'self' blob: https://i.mgtbk.nl https://cdn.jsdelivr.net data: https://queue.simpleanalyticscdn.com https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.google.be https://www.google.fr https://www.google.de https://*.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://i.ytimg.com https://i.vimeocdn.com https://sp.tinymce.com http://aws-images.cloud.mainpress.nl; connect-src 'self' blob: https://i.mgtbk.nl https://cdn.jsdelivr.net data: https://queue.simpleanalyticscdn.com https://scripts.simpleanalyticscdn.com https://*.browser-intake-datadoghq.eu https://browser-intake-datadoghq.eu https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://mainpress.my3cx.nl:5001/; frame-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://www.managementvideo.nl https://*.soundcloud.com https://static.managementboek.nl https://i.mgtbk.nl https://*.spotify.com https://www.google.com; frame-ancestors 'none'; 1
default-src 'self'; img-src 'self' https:; script-src 'unsafe-inline' 'self' ;style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; 1
default-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; img-src *; font-src * 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://visitdublin.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://*.cookiebot.com http://*.convertexperiments.com https://*.convertexperiments.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie https://*.google.es https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.it https://www.google.be https://*.googleapis.com https://googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://*.hotjar.io https://*.hotjar.com wws://*.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws https://www.facebook.com https://connect.facebook.net https://player.vimeo.com https://*.clarity.ms https://c.bing.com; img-src 'self' data: blob: https://s3.amazonaws.com https://img.youtube.com https://i.ytimg.com https://visitdublin.azureedge.net https://assets-eu-01.kc-usercontent.com https://preview-assets-eu-01.kc-usercontent.com https://*.cookiebot.com http://*.convertexperiments.com https://*.convertexperiments.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ie https://*.google.es https://*.google.co.uk https://*.google.de https://*.google.fr https://*.google.it https://www.google.be https://*.googleapis.com https://googleapis.com https://www.googleadservices.com https://www.googleoptimize.com https://maps.gstatic.com https://fonts.gstatic.com https://www.youtube.com https://cdn-eu.clickdimensions.com https://analytics-eu.clickdimensions.com https://*.hotjar.io https://*.hotjar.com wws://*.hotjar.com/api/v2/client/ws wss://*.hotjar.com/api/v2/client/ws https://www.facebook.com https://connect.facebook.net https://player.vimeo.com https://*.clarity.ms https://c.bing.com; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; child-src *  data: blob: 'unsafe-inline' ; frame-ancestors : *  data: blob: ; worker-src: * 1
frame-ancestors 'self' https://www.gesis.org https://lms.uni-kiel.de; 1
frame-ancestors 'self'; report-uri /?r=Page/content-security-policy-report/index 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subs.retail-week.com; 1
default-src 'self'; script-src acdn.adnxs.com connect.facebook.net *.ipredictive.com www.googleadservices.com static.ads-twitter.com www.googletagmanager.com www.google-analytics.com use.typekit.net snap.licdn.com js.adsrvr.org *.doubleclick.net analytics.twitter.com api.mqcdn.com www.mapquestapi.com cds-sdkcfg.onlineaccess1.com assets.sitescdn.net api.mapbox.com assets.contently.com s.ytimg.com *.wistia.com *.wistia.net *.fontawesome.com *.akamaihd.net tag.simpli.fi i.simpli.fi ssl.p.jwpcdn.com content.jwplatform.com abm.emaplan.com answers-embed.synovus.com.pagescdn.com cdn.pdst.fm tag.demandbase.com *.basis.net cdn.leadmanagerfx.com agent.marketingcloudfx.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src api.mqcdn.com api.mapbox.com assets.sitescdn.net *.wistia.com *.wistia.net *.fontawesome.com 'self' 'unsafe-inline'; img-src * data: about: 'self'; font-src use.typekit.net api.mqcdn.com *.fontawesome.com *.wistia.com *.wistia.net fonts.gstatic.com data: 'self'; frame-src *.doubleclick.net pixel-a.basis.net pixel.sitescout.com insight.adsrvr.org www.youtube.com assets.contently.com www.facebook.com match.adsrvr.org player.vimeo.com www.fintactix.com answers-embed.synovus.com.pagescdn.com *.wistia.com *.wistia.net www.googletagmanager.com *.ipredictive.com s.company-target.com 'self'; connect-src www.google-analytics.com *.doubleclick.net www.mapquestapi.com *.mapquest.com *.mqcdn.com *.mapbox.com track.contently.com *.wistia.com *.wistia.net *.litix.io *.akamaihd.net *.fontawesome.com www.facebook.com videos-fms.jwpsrv.com prd.jwpltx.com content.jwplatform.com videos-cloudflare.jwpsrv.com cdn.linkedin.oribi.io liveapi-cached.yext.com answers.yext-pixel.com *.company-target.com *.google.com *.cloudfunctions.net tag-logger.demandbase.com *.marketingcloudfx.com 'self'; child-src blob:; media-src *.wistia.com *.wistia.net *.akamaihd.net blob: data:; frame-ancestors branch-transformation.com 'self'; report-uri https://csp-violations.synovus.com/csp-report 1
frame-ancestors 'self' https://manage.tdworld.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; img-src 'self' https://www.google-analytics.com https://www.pioneer-car.eu; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' https://fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-src https://fonts.gstatic.com; manifest-src 'self' https://www.pioneer-car.eu; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; 1
default-src https: blob: data:; script-src data: 'unsafe-inline' 'unsafe-eval' blob: https: webstatistik.bundeswehr.de webstatistik.bmvg.de *.video-cdn.net *.de.kaltura.com *.bmvg.de; style-src data: 'unsafe-inline' https: webstatistik.bmvg.de webstatistik.bundeswehr.de *.bmvg.de; img-src data: *.bmvg.de *.bundeswehr.de *.ytimg.com *.fbcdn.net *.twimg.com *.staticflickr.com *.video-cdn.net *.ovp.kaltura.com *.de.kaltura.com *.facebook.com *.akamaihd.net *.gstatic.com scontent.cdninstagram.com; font-src data: www.bmvg.de *.bundeswehr.de *.video-cdn.net *.de.kaltura.com fonts.gstatic.com; connect-src https: blob: data: wss:; report-uri https://webstatistik.bmvg.de/report-uri/ 1
default-src 'self'         https://www.google.com 	https://*.wistia.net 	https://*.wistia.com 	https://www.youtube.com ; script-src 'self'         https://h2go.3cx.nl:5001         https://www.google.com         https://dev.visualwebsiteoptimizer.com         https://bat.bing.com         https://cdnjs.cloudflare.com         https://connect.facebook.net         https://snap.licdn.com         https://script.hotjar.com         https://static.hotjar.com         https://www.googletagmanager.com         https://www.gstatic.com         https://*.jsdelivr.net         https://yoast.com 	https://sibforms.com blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self'         https://h2go.3cx.nl:5001         https://www.google.com         https://*.hotjar.com         https://*.hotjar.io         wss://ws.hotjar.com         https://bat.bing.com         https://*.analytics.google.com         https://*.ads.linkedin.com         https://www.facebook.com         https://metrics.hotjar.io         https://*.g.doubleclick.net         https://*.yoast.com         https://yoast.com 	https://*.sibforms.com data: blob: ws: wss: ; img-src 'self'         https://*.g.doubleclick.net         https://www.google.com         https://www.googletagmanager.com         https://bat.bing.com         https://*.ads.linkedin.com         https://www.facebook.com         https://www.google.nl         https://www.gstatic.com         https://*.gravatar.com         https://www.hosting2go.nl 	https://dev.visualwebsiteoptimizer.com 	https://support.hosting2go.nl data: blob: ; style-src 'self'         https://fonts.googleapis.com         https://www.gstatic.com         https://*.jsdelivr.net 	https://sibforms.com data: blob: 'unsafe-inline'; font-src 'self'         https://fonts.gstatic.com 	https://assets.brevo.com data: blob: ; form-action 'self'         https://klant.hosting2go.nl 	https://*.sibforms.com ; frame-ancestors 'self' ; base-uri 'self' ; object-src 'self' ; 1
frame-ancestors *; default-src 'self'; frame-src 'self' unicaja.webfg.com unicaja-uat.webfg.com www.liberbank.es www.tarjetaplaystation.com univia.unicaja.es univiapru.unicaja.es hola.unicajabanco.es 8020496.fls.doubleclick.net www.youtube.com www.google.com asp.quefondos.com unicajabanco-backend.flumotion.com player.vimeo.com www.facebook.com track.adform.net vars.hotjar.com optimize.google.com *.weborama.fr; media-src *; img-src 'self' *.contentsquare.net data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com www.gstatic.com 8020496.fls.doubleclick.net www.unicajabanco.es www.youtube.com www.google.com www.google-analytics.com maps.googleapis.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.unicajabanco.com unicaja-prod.adobecqms.net chat.kommunicate.io *.adform.net *.googletagmanager.com cdnjs.cloudflare.com widget.kommunicate.io www.unicajabanco.es.seg.js www.unicajabanco.com.seg.js cdn.kommunicate.io cdn.applozic.com cdn.cookielaw.org uimarketpro.com asp.quefondos.com storage.googleapis.com static.hotjar.com script.hotjar.com www.googleoptimize.com optimize.google.com tagmanager.google.com hercial-thurch.com t.contentsquare.net app.contentsquare.com *.weborama.fr; child-src blob:; worker-src blob:; style-src * 'unsafe-inline'; font-src *; connect-src 'self' *.contentsquare.net blob: data: * 1
base-uri 'self'; connect-src 'self' https://settings.luckyorange.net wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com *.6sense.com *.6sc.co https://analytics.google.com https://bat.bing.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://o.clarity.ms https://settings.luckyorange.net https://stats.g.doubleclick.net https://tags.srv.stackadapt.com wss://in.visitors.live wss://visitors.live https://assets-global.website-files.com/ https://tracking.g2crowd.com/ https://ariane.abtasty.com/ https://dcinfos-cache.abstasty.com/ https://x.clarity.ms/collect https://dcinfos-cache.abtasty.com/ https://www.google-analytics.com/ https://cdn.linkedin.oribi.io/ https://boards-api.greenhouse.io/ https://try.abtasty.com/ https://editor-api.webflow.com/ https://sessions.bugsnag.com/ *.hotjar.io/ *.hotjar.com/ https://z.clarity.ms/ *.abtasty.com; default-src 'self'; font-src 'self' blob: data: *.abtasty.com *.gstatic.com *.googleapis.com https://assets.website-files.com https://use.typekit.net *.cloudfront.net/; frame-src 'self' *.loom.com *.abtasty.com https://www.instagram.com/ https://platform.twitter.com/ https://www.tiktok.com/ https://td.doubleclick.net/ https://go.csdisco.com https://pixel.sitescout.com https://player.vimeo.com https://www.facebook.com https://www.google.com/ https://cdn.embedly.com/ https://boards.greenhouse.io/ https://webflow.com/ https://vimeo.com/ https://www.youtube.com/; img-src 'self' blob: https://d10lpsik1i8c69.cloudfront.net *.abtasty.com *.amazonaws.com *.6sense.com *.6sc.co https://assets-global.website-files.com https://d10lpsik1i8c69.cloudfront.net https://p.typekit.net https://pixel.sitescout.com https://www.google-analytics.com https://www.google.com https://di.rlcdn.com/ https://www.facebook.com/ https://bat.bing.com/ https://px.ads.linkedin.com/ https://c.clarity.ms/ https://c.bing.com/ https://i.vimeocdn.com/ https://connect.facebook.net/ https://d3e54v103j8qbb.cloudfront.net/ https://uploads-ssl.webflow.com/ *.cloudfront.net/ https://secure.gravatar.com/ *.csdisco.com/ www.csdisco.com/; manifest-src 'self'; media-src 'self' https://d10lpsik1i8c69.cloudfront.net; object-src 'none'; report-uri https://64cd41b59299a8c1c10ec3d7.endpoint.csper.io/; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' blob: *.abtasty.com https://d10lpsik1i8c69.cloudfront.net *.googleapis.com https://www.instagram.com/ https://platform.twitter.com/ https://www.tiktok.com/ https://dcinfos-cache.abtasty.com/ https://www.googletagmanager.com/ *.6sense.com *.6sc.co https://snap.licdn.com https://try.abtasty.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://assets-global.website-files.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://okt.to/ https://script.hotjar.com/ https://pi.pardot.com/ https://d10lpsik1i8c69.cloudfront.net/ https://assets-global.website-files.com/ https://bat.bing.com/ https://boards.greenhouse.io/ https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://d10lpsik1i8c69.cloudfront.net/ https://d3e54v103j8qbb.cloudfront.net/ https://extend.vimeocdn.com/ https://go.csdisco.com/ https://pi.pardot.com/ https://player.vimeo.com/ https://static.hotjar.com/ https://static.oktopost.com/oktrk.js https://tracking.g2crowd.com/attribution_tracking/conversions/4095.js https://try.abtasty.com/042c153fa36280b465e994c176d9e3a0.js https://use.typekit.net/zzf7vye.js https://www.clarity.ms/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.vimeo.com/ https://vimeo.com/ https://tags.srv.stackadapt.com/ https://cdn01.basis.net/ https://www.clickcease.com/ https://dcinfos-cache.abtasty.com/ https://js.hsforms.net/ https://s7.addthis.com/; style-src 'report-sample' 'self' 'unsafe-inline' *.abtasty.com *.gstatic.com *.googleapis.com https://assets-global.website-files.com https://d10lpsik1i8c69.cloudfront.net https://p.typekit.net https://tags.srv.stackadapt.com https://use.typekit.net https://d3e54v103j8qbb.cloudfront.net/fonts/inter/inter.s3.3a4044b2f3.css; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.seabank.ph *.googletagmanager.com *.google-analytics.com *.go-mpulse.net *.google.com *.doubleclick.net data:; 1
default-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https: data: 'unsafe-inline' 'unsafe-eval' wss: *.hs-sites.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://js.hs-analytics.net https://js.hs-scripts.com https://app.privally.global; object-src 'self' https://portal.unimedbh.com.br/ http://unimedbh.prod.acquia-sites.com/; style-src https: 'unsafe-inline' 'unsafe-eval' 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ ; img-src blob: data: https: 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/; media-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io https://www.youtube.com; frame-ancestors 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://static.unimedbh.io/ https://www.google.com/ https://forms.hsforms.com/ https://3603d.com.br/ *.hs-sites.com; child-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ https://www.google.com/ https://vars.hotjar.com/ https://static.addtoany.com/ https://www.youtube.com/ https://cdn.userway.org/ https://static.unimedbh.io/ https://plugin.handtalk.me/ https://unimedbh.chat.blip.ai/ https://chat.blip.ai/ https://forms.hsforms.com/ https://3603d.com.br/ https://td.doubleclick.net/ *.hs-sites.com; font-src 'self' http://unimedbh.prod.acquia-sites.com/ https://portal.unimedbh.com.br/ data: https://static.unimedbh.io/ https://fonts.unimedbh.io https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.userway.org/ 1
base-uri 'self'; connect-src 'self' https://api.opencagedata.com https://cdn.usefathom.com; font-src 'self'  https://assets.opencagedata.com; object-src 'none'; frame-ancestors 'none'; frame-src https://blog.opencagedata.com https://js.stripe.com https://forms.reform.app https://status.opencagedata.com https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' https://assets.opencagedata.com https://js.stripe.com https://cdn.jsdelivr.net https://unpkg.com https://embed.reform.app https://cdn.usefathom.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-1aa3a413eb5cb71e635e55fba349729b'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net https://unpkg.com https://assets.opencagedata.com https://hcaptcha.com https://*.hcaptcha.com; worker-src blob: 1
default-src 'self' https://*.mmhayes.com https://*.mmhcloud.com https://mmhcloud.com https://*.googleapis.com https://www.google-analytics.com; img-src 'self' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; form-action 'self' https://*.mmhcloud.com; 1
frame-ancestors 'self' https://*.superoffice.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https://*.qacloud.com.cn:443 1
default-src 'self' *.creditor.dev *.rodobens.agxsoftware.com *.salesforceliveagent.com *.pardot.com *.ytimg.com *.tesla.com.br *.b2clogin.com *.bootstrapcdn.com *.openstreetmap.org *.blogplay.com.br *.salesforce.com *.force.com *.unpkg.com *.googleadservices.com *.oraclecloudapps.com *.doubleclick.net *.googlesyndication.com *.rodobens.com.br google.com *.google.com *.google.com.br *.googleapis.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.youtube.com *.tiktok.com *.hsforms.com *.hsforms.net api.ipify.org *.whatsapp.com *.bing.com *.clarity.ms *.mercedes-benz.com.br *.ampproject.org *.ckeditor.com *.cookielaw.org *.evergage.com *.evgnet.com *.navdmp.com cdnm.com.br cl.s12.exct.net *.facebook.net *.facebook.com *.hotjar.io *.hotjar.com *.cloudfront.net *.gstatic.com *.onetrust.com *.herokuapp.com schema.org *.gov.br *.vimeo.com vimeo.com rodobens.us-5.evergage.com;base-uri 'self';font-src 'self' https: data:;img-src 'self' data: https: *.creditor.dev *.rodobens.agxsoftware.com *.salesforceliveagent.com *.pardot.com *.ytimg.com *.tesla.com.br *.b2clogin.com *.bootstrapcdn.com *.openstreetmap.org *.blogplay.com.br *.salesforce.com *.force.com *.unpkg.com *.googleadservices.com *.oraclecloudapps.com *.doubleclick.net *.googlesyndication.com *.rodobens.com.br google.com *.google.com *.google.com.br *.googleapis.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.youtube.com *.tiktok.com *.hsforms.com *.hsforms.net api.ipify.org *.whatsapp.com *.bing.com *.clarity.ms *.mercedes-benz.com.br *.ampproject.org *.ckeditor.com *.cookielaw.org *.evergage.com *.evgnet.com *.navdmp.com cdnm.com.br cl.s12.exct.net *.facebook.net *.facebook.com *.hotjar.io *.hotjar.com *.cloudfront.net *.gstatic.com *.onetrust.com *.herokuapp.com schema.org *.gov.br *.vimeo.com vimeo.com rodobens.us-5.evergage.com;style-src 'self' 'unsafe-inline' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;worker-src 'self' rodobens.us-5.evergage.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://foapi.we-online.com https://coco.we-online.com https://enquiry.we-online.com https://www.googletagmanager.com https://html5-player.libsyn.com; font-src 'self' data: https://netdna.bootstrapcdn.com https://userlike-cdn-umm.b-cdn.net https://*.cloudfront.net; frame-ancestors https://redexpert.we-online.com/ https://cmsprod.we-group.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/li.lms-analytics/insight.min.js https://hit.uptrendsdata.com https://redexpert.we-online.de https://userlike-cdn-umm.b-cdn.net https://*.cloudfront.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://redexpert.we-online.com https://coco.we-online.com https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://s.go-mpulse.net https://*.lfeeder.com; frame-src https://www.iqdfrequencyproducts.com https://redexpert.we-online.com https://careers.flatchr.io https://enquiry.we-online.com https://mit.we-online.com https://www.youtube.com https://www.facebook.com https://coco.we-online.com https://html5-player.libsyn.com https://*.go-mpulse.net; connect-src 'self' https://*.akamaihd.net https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://cdn.linkedin.oribi.io/partner/208516/domain/we-online.com/token https://hit.uptrendsdata.com https://region1.analytics.google.com https://userlike-cdn-umm.b-cdn.net https://www.facebook.com https://*.cloudfront.net wss://umd.userlike.com https://www.userlike.com https://api.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://stats.g.doubleclick.net https://redexpert.we-online.de/api/geoIp/ https://region1.google-analytics.com/ https://foapi.we-online.com https://coco.we-online.com https://api.we-online.com/svc/geoIp/ https://api.friendlycaptcha.com https://www.google-analytics.com https://s.go-mpulse.net https://c.go-mpulse.net https://px.ads.linkedin.com https://*.akstat.io blob: ; img-src 'self' data: base64 https://px.ads.linkedin.com https://www.google.de https://userlike-cdn-operators.userlike.com https://www.digikey.se https://www.digikey.de https://www.digikey.com https://region1.google-analytics.com https://redexpert.we-online.de https://redexpert.we-online.com https://www.powerelement.com https://userlike-store-media-files.s3.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com https://i.ytimg.com https://we-online.com https://www.we-online.com https://coco.we-online.com https://www.kununu.com https://www.facebook.com https://www.instagram.com https://www.tiktok.com https://www.xing.com https://www.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com https://*.lfeeder.com; style-src 'self' 'unsafe-inline' https://coco.we-online.com https://html5-player.libsyn.com; base-uri 'self'; form-action 'self' https://www.we-online.de https://mail.we-online.com https://www.facebook.com/tr/; worker-src 'self' blob: https://www.we-online.com; 1
worker-src blob:; font-src *.byredo.com *.cloudflare.com *.googleapis.com *.gstatic.com js.klevu.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.klevu.com *.ksearchnet.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.facebook.com *.twitter.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com csxd.byredo.com *.facebook.com *.hotjar.com *.pinterest.com *.twitter.com *.criteo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.bing.com *.byredo.com *.clarity.ms *.cloudflare.com *.contentsquare.net *.contentsquare.com *.cookielaw.org *.facebook.com *.google.com *.google-analytics.com *.googleadservices.com *.google.fr *.gstatic.com *.klarna.com js.klevu.com *.lightemporium.com *.linksynergy.com *.mediaforge.com *.nr-data.net *.nxtck.com *.paypal.com *.pinterest.com *.teads.tv *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com *.criteo.com *.doubleclick.net tr.line.me adservice.google.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudimg.io maps.gstatic.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.bing.com *.byredo.com *.clarity.ms *.cloudflare.com static.cloudflareinsights.com *.cloudfront.net t.contentsquare.net contentsquare.com app.contentsquare.com cdn.cookielaw.org *.doubleclick.net *.facebook.net *.fontawesome.com *.forter.com g1782759015.co g4754024040.co *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com js.klevu.com js-agent.newrelic.com geolocation.onetrust.com *.pinimg.com *.rakuten.com *.scarabresearch.com *.scaleflex.it *.teads.tv *.trustedshops.com *.twimg.com *.twitter.com unpkg.com *.usercentrics.eu *.zdassets.com *.widget-mediator.zopim.com *.criteo.com geotarget.ly g10894638425.co *.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudimg.io maps.googleapis.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.byredo.com *.cloudflare.com *.fontawesome.com *.googleapis.com *.gstatic.com js.klevu.com *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu *.klevu.com *.ksearchnet.com assets.braintreegateway.com *.cloudimg.io *.scaleflex.it 'self' 'unsafe-inline'; object-src 'none'; media-src *.adobe.com *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com *.bing.com *.byredo.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.contentsquare.net *.contentsquare.com cdn.cookielaw.org *.doubleclick.net *.emarsys.net *.facebook.com *.forter.com geolocation.onetrust.com *.google-analytics.com *.googleapis.com *.hotjar.com:* *.hotjar.io *.ksearchnet.com privacyportal-eu.onetrust.com *.paypal.com *.pinterest.com *.scarabresearch.com *.teads.tv *.twimg.com *.twitter.com *.zdassets.com wss://widget-mediator.zopim.com/ *.zendesk.com *.criteo.com *.analytics.google.com madefor.github.io *.klevu.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
'' 1
default-src 'self' blob: https://staffbase.com https://s15952.pcdn.co; report-uri https://casper-de1.staffbase.com/report/staffbase.com; script-src 'report-sample' 'self' blob: 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/34930/ https://cdnjs.cloudflare.com/ajax/libs/dompurify/ https://connect.facebook.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.hubspot.com https://js.hscta.net https://*.hubspot.net https://*.hsforms.com https://googleads.g.doubleclick.net https://hackerone.com https://npmcdn.com/pikasso@4.2.0/build/umd.min.js https://pikasso-preview.bananatag.com https://j.6sc.co https://*.hs-analytics.net https://*.hs-banner.com https://*.hs-scripts.com https://*.hsforms.net https://*.hsleadflows.net https://*.qualified.com https://maps.googleapis.com https://okt.to/ping https://rum-static.pingdom.net https://snap.licdn.com https://static.ads-twitter.com https://static.oktopost.com/oktrk.js https://tagmanager.google.com https://tags.clickagy.com/data.js https://tracking.g2crowd.com https://ws.zoominfo.com https://www.gartner.com/reviews/public/Widget/js/widget.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://s15952.pcdn.co; font-src 'self' data: application/x-font-woff https://*.google-analytics.com https://cdn.getspeechify.com/hosted-fonts/GreycliffCF-*.woff2 https://fonts.staffbase.com https://www.gartner.com https://s15952.pcdn.co; img-src 'self' data: image/svg+xml https: https://s15952.pcdn.co; style-src https: 'self' 'unsafe-inline' 'report-sample'; connect-src https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat  'self' https://*.google-analytics.com https://*.pingdom.net https://*.ads.linkedin.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://aorta.clickagy.com/data https://api.ipstack.com https://app.qualified.com https://bat.bing.com https://*.6sc.co https://cdn.cookielaw.org https://cdn.linkedin.oribi.io/partner/34930/domain/staffbase.com/token https://*.hubapi.com https://js.hscta.net https://*.hsforms.com https://*.hubspot.com https://geolocation.onetrust.com https://hackerone.com https://hemsync.clickagy.com/external/hasHashes https://hubspot-forms-static-embed.s3.amazonaws.com https://*.6sc.co https://*.6sense.com https://*.hs-banner.com https://*.linkedin.oribi.io/event https://tracking.g2crowd.com https://privacyportal.onetrust.com https://secure.adnxs.com/getuidj https://staffbase-privacy-request.my.onetrust.com/request/v1/consentreceipts https://stats.g.doubleclick.net https://ws.zoominfo.com/pixel/collect https://www.facebook.com wss://app.qualified.com wss://ws.qualified.com https://s15952.pcdn.co; frame-src https:; media-src https:; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' data: blob: https://*.fbthirdpartypixel.com https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.ameriprise.com *.editor.ameripriseadvisors.com *.ameripriseadvisors.com *.qualtrics.com *.googleapis.com *.google.com *.google.co.in *.twitter.com *.twimg.com https://*.google-analytics.com http://*.google-analytics.com https://*.doubleclick.net https://*.doubleclick.net https://snap.licdn.com https://bat.bing.com http://bat.bing.com https://connect.facebook.net https://assets.adobedtm.com https://maxcdn.bootstrapcdn.com https://d.turn.com https://*.ameriprisestats.com http://*.ameriprisestats.com https://cdn.ameriprisecontent.com https://maps.googleapis.com https://maps.google.com https://awm-app-aitt.ampf.com https://www.dinkytown.net https://www.forefieldkt.com https://fonts.googleapis.com https://www.google.com https://www.googletagmanager.com https://platform.twitter.com https://apis.google.com http://videojs.com https://web-2-tel.com https://px.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://dpm.demdex.net https://googleads.g.doubleclick.net https://*.googleadservices.com https://cm.everesttech.net https://www.facebook.com https://cdn.syndication.twimg.com https://ameriprisefinancial.demdex.net https://gateway.zscalertwo.net *.advisorcompass.com https://fonts.gstatic.com https://login.zscalertwo.net https://www.gstatic.com https://ocs.ameriprise.com https://h.online-metrix.net *.d.aa.online-metrix.net https://maps.gstatic.com *.ggpht.com https://tag.simpli.fi https://up.pixel.ad https://insight.adsrvr.org https://bcp.crwdcntrl.net https://tags.crwdcntrl.net/ https://aa.agkn.com/ https://ib.mookie1.com/ https://bcp.crwdcntrl.net/ https://ml314.com/ https://idsync.rlcdn.com/ https://x.skimresources.com/ https://thrtle.com/ https://global.ib-ibi.com/ https://www.broadridgeadvisor.com 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.justmylook.com; base-uri 'self' 1
script-src 'nonce-Ph6SjL2dMpPrWBeTs20fXKVYV4w=' 'self' mijncdnpartner.nl www.googletagmanager.com www.smartsuppchat.com smartsuppcdn.com *.smartsuppcdn.com d10lpsik1i8c69.cloudfront.net; frame-ancestors 'self'; worker-src 'self' blob:; report-uri /v1/csp/reports 1
default-src 'self' data: *.bam.de https://*.bam.de http://*.bam.de https://*.youtube.com https://*.youtu.be https://pbs.twimg.com https://vimeo.com https://*.vimeo.com https://*.sibforms.com; script-src 'self'  *.bam.de; style-src 'self'; 1
default-src https: *.atncorp.com atncorp.app *.thor-scope.com; img-src http: https: data: *.atncorp.com *.atncorp.app *.thor-scope.com *.crazyegg.com *.facebook.net *.facebook.com *.googletagmanager.com *.ytimg.com; font-src https: data: *.atncorp.com *.atncorp.app *.thor-scope.com; style-src https 'unsafe-inline' atncorp.com *.atncorp.com *.atncorp.app *.thor-scope.com *.cloudfront.net *.braintreegateway.com *.listrakbi.com *.yotpo.com *.driftt.com *.bootstrapcdn.com *.googleapis.com www.google.com *.theopticguru.com *.addshoppers.com; connect-src *.experticity.com *.expertvoice.com *.bing.com *.googleapis.com *.hsforms.com hubspot-forms-static-embed-eu1.s3.amazonaws.com id5-sync.com *.eu-1-id5-sync.com atncorp.com *.atncorp.com *.od.atncorp.com *.theopticguru.com *.listrakbi.com *.atncorp.app *.thor-scope.com *.taboola.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.yotpo.com *.clarity.ms wss://*.yotpo.com *.google-analytics.com analytics.google.com *.yandex.ru *.doubleclick.net *.crazyegg.com shop.pe *.shop.pe api.ipify.org; script-src 'unsafe-inline' 'unsafe-eval' *.experticity.com *.expertvoice.com *.hsforms.net accounts.google.com *.id5-sync.com atncorp.com *.atncorp.com *.theopticguru.com *.atncorp.app *.thor-scope.com *.paypalobjects.com *.braintreegateway.com *.paypal.com *.listrakbi.com *.listrak.com *.licdn.com *.smartyads.com *.clarity.ms *.bing.com *.rfihub.net *.rfihub.com *.mgid.com *.taboola.com *.yotpo.com *.cetrk.com *.amazonaws.com *.crazyegg.com *.driftt.com *.googleapis.com *.googleadservices.com *.vantivprelive.com *.vantivcnp.com *.online-metrix.net *.yandex.ru *.google-analytics.com *.criteo.net *.criteo.com *.facebook.net *.facebook.com *.crazyegg.com *.googletagmanager.com *.zendesk.com *.avmws.com *.gstatic.com *.youtube.com *.ytimg.com *.cloudfront.net shop.pe *.shop.pe www.google.com; 1
default-src https: data: wss: blob: 'unsafe-eval' 'unsafe-inline' 1
default-src https: 'unsafe-inline' 'unsafe-eval' data:;font-src 'self' data:; 1
default-src 'self' wss://nexus-websocket-a.intercom.io wss://widget-mediator.zopim.com 'unsafe-inline' 'unsafe-eval' www.comeet.co data: *.googleapis.com *.googletagmanager.com *.google-analytics.com www.googleadservices.com *.googlesyndication.com www.pagespeed-mod.com assets.calendly.com calendly.com *.doubleclick.net http://ad.doubleclick.net *.youtube.com i.ytimg.com *.vwo.com *.visualwebsiteoptimizer.com widget.trustpilot.com *.zdassets.com brightdata.zendesk.com assets.brightdata.com *.userway.org cdn.mxpnl.com *.mxpnl.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com *.thesmilingelbows.com *.bing.com *.clarity.ms p.clarity.ms *.baidu.com *.lfeeder.com widget.intercom.io *.linkedin.com px.ads.linkedin.com js.intercomcdn.com api-iam.intercom.io *.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com api-js.mixpanel.com *.hsforms.net *.hsforms.com *.oribi.io *.gravatar.com cdn.jsdelivr.net cdnjs.cloudflare.com ajax.cloudflare.com code.jquery.com unpkg.com snap.licdn.com *.yandex.ru *.yandex.net *.yandex.com *.yandex.md *.yandex.by *.facebook.net *.facebook.com *.capterra.com *.netstar-inc.com *.gstatic.com yastatic.net cdn.datatables.net *.fleeq.io *.redditstatic.com *.6sc.co *.quora.com widget-mediator.zopim.com *.google.com *.google.ad *.google.ae *.google.com.tr *.google.co.il *.google.co.cr *.google.ca *.google.com.ua *.google.es *.google.co.in *.google.com.sg *.google.com.np *.google.com.mt *.google.de *.google.com.bd *.google.co.id *.google.it *.google.co.uk *.google.co.th  *.google.co.kr  *.google.fr *.google.co.za *.google.com.my *.google.com.co *.google.co.ve *.google.com.sa *.google.pt *.google.be *.google.cz *.google.co.ma *.google.com.br *.google.com.cy *.google.co.jp *.google.com.vn *.google.com.tw *.google.ro *.google.co.ke *.google.com.ng *.google.hu *.google.pl *.google.ie *.google.nl *.google.se *.google.com.do *.google.com.mx *.google.co.mz *.google.at *.google.com.ph *.google.ge *.google.com.au *.google.dz *.google.ch *.google.rs *.google.cn *.google.la *.google.by *.google.com.gt *.google.tn *.google.cl *.google.com.py *.google.ge *.google.com.ar *.google.lk *.google.com.kh *.google.ru *.google.com.mm *.google.az *.google.com.hk *.google.kz *.google.com.gh *.google.am *.google.me *.google.com.et *.google.no *.google.md *.google.com.pk *.google.bj *.google.com.af *.google.hr *.google.co.uz *.google.com.pa *.google.com.sv *.google.cm *.google.bg *.google.sk *.google.com.pr *.google.com.eg *.google.lu *.google.al *.google.si *.google.com.jm *.google.iq *.google.lu *.google.com.pe *.google.com.ec *.google.com.bo *.google.kg *.google.mu *.google.sn *.google.rw *.google.co.ug *.google.gr *.google.fi *.google.mk *.google.com.lb *.google.ee *.google.jo *.google.ba *.google.com.sv *.google.ps *.google.com.fj *.google.co.ao *.google.com.gi *.google.com.qa *.google.tt *.google.gy *.google.lt *.google.com.sv *.google.mg *.google.tm *.google.gm *.google.so *.google.cz *.google.co.tz *.google.com.uy *.google.bf *.google.vg *.google.com.cu *.google.sm *.google.com.bn *.google.hn *.google.ci *.google.com.na *.google.co.ls *.google.dk *.google.co.nz *.google.ht *.google.cv *.google.ne *.google.mv google.com.sb google.is google.com.ly google.com.kw google.co.vi google.je google.sc google.cd google.mg google.cg google.lv google.tg google.bt google.vu google.dz google.com.pg google.ht google.com.ni google.co.id google.com.uy google.mn google.bs google.tj google.co.uk google.com.sl google.com.bz google.ml google.com.ph google.co.in google.tm google.ms google.com.tj *.comeet.com *.reddit.com *.6sense.com *.ipqualityscore.com player.bilibili.com; frame-ancestors 'self'; worker-src blob:; report-uri https://www.bright.cn/web_api/report_csp 1
default-src 'self' mydrive.ch *.mydrive.ch; img-src 'self' mydrive.ch *.mydrive.ch data: blob:; script-src 'self' mydrive.ch *.mydrive.ch 'unsafe-inline' 'unsafe-eval' connect.facebook.net youtube.com www.youtube.com; style-src 'self' mydrive.ch *.mydrive.ch 'unsafe-inline' 'unsafe-eval'; frame-src 'self' mydrive.ch *.mydrive.ch youtube.com www.youtube.com; object-src 'none'; 1
default-src 'self';script-src 'self' https://maps.googleapis.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://*.ingest.sentry.io/ https://www.googletagmanager.com/ https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://*.hotjar.com https://bat.bing.com https://cc.cdn.civiccomputing.com 'nonce-SENNw7NqjVFIPMhMnU5/kw==';style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline';font-src https://fonts.gstatic.com/ https://*.hotjar.com;img-src 'self' https://cms.trustmark.org.uk/ https://i.ytimg.com/ https://i.vimeocdn.com/ https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://px.ads.linkedin.com https://www.linkedin.com https://analytics.twitter.com https://bat.bing.com https://www.facebook.com https://t.co https://*.hotjar.com https://trustmark.reputations.net;connect-src 'self' https://cms.trustmark.org.uk/ https://www.trustmark.org.uk/auth/ https://*.googleapis.com *.google.com https://*.gstatic.com https://*.ingest.sentry.io/ https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.linkedin.oribi.io https://www.facebook.com https://apikeys.civiccomputing.com;object-src 'none';frame-ancestors 'self' https://cms.trustmark.org.uk/ *.google.com;base-uri 'self';block-all-mixed-content;script-src-attr 'none';frame-src 'self' https://www.trustmark.org.uk/auth/ https://www.youtube.com/ https://player.vimeo.com/ *.google.com https://trustmark.reputations.net;form-action 'self' 1
default-src https:; object-src 'none'; style-src https: data: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; upgrade-insecure-requests; frame-ancestors *.omniupdate.com; 1
frame-ancestors 'self' https://gnosis-safe.io https://dev.gnosis-safe.io https://dapp-browser.apps.ledger.com https://ledger-live-platform-apps.vercel.app https://bsc.gnosis-safe.io https://polygon.gnosis-safe.io https://tmm.world https://dhedge.org https://app.safe.global https://*.coinshift.xyz https://connect.trezor.io https://verify.walletconnect.com https://wallet-v2.blocto.app https://1inch.cloudflareaccess.com; frame-src https://challenges.cloudflare.com https://app.safe.global https://*.coinshift.xyz https://connect.trezor.io https://verify.walletconnect.com https://wallet-v2.blocto.app https://dapp-browser.apps.ledger.com https://1inch.cloudflareaccess.com; 1
frame-ancestors 'self' https://dlinz.sharepoint.com; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com *.twimg.com platform.linkedin.com snap.licdn.com *.google-analytics.com tagmanager.google.com www.googletagmanager.com www.youtube.com/iframe_api syndication.twitter.com/ s.ytimg.com publish.twitter.com *.linkedin.com platform.stumbleupon.com/1/widgets.js dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com code.jquery.com maxcdn.bootstrapcdn.com *.hawksearch.com *.hawksearch.net widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com ajax.cloudflare.com 'self' cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com tagmanager.google.com www.googletagmanager.com dec.azureedge.net maxcdn.bootstrapcdn.com *.hawksearch.com *.hawksearch.net widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: sjs.bizographics.com px4.ads.linkedin.com p.adsymptotic.com dev-pws.pcaobus.org pcaob-dev.idevdesign.net qa-pws.pcaobus.org pcaob-staging.idevdesign.net pcaobus.org pcaob-cms-live.ae-admin.com *.google-analytics.com tagmanager.google.com www.googletagmanager.com delicious.com px.ads.linkedin.com *.linkedin.com syndication.twitter.com static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png dec.azureedge.net dec.sitefinity.com *.eloqua.com track.hubspot.com widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com; frame-src https://www.youtube.com https://e.infogram.com/ https://www.youtube-nocookie.com/ https://www.google.com/ 'self' web-chat.nativechat.com; connect-src 'self' accounts.google.com gw.linkedin.oribi.io cdn.linkedin.oribi.io www.google.com tagmanager.google.com www.googletagmanager.com *.google-analytics.com dec.sitefinity.com *.mktoresp.com *.hawksearch.net *.hawksearch.com widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com; media-src 'self' data: blob:; child-src apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com platform.twitter.com/ syndication.twitter.com/ www.youtube.com/ www.youtube-nocookie.com/ player.vimeo.com/ w.soundcloud.com/ www.google.com widget.surveymonkey.com e.infogr.am e.infogram.com *.hotjar.com 'self' web-chat.nativechat.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.usercentrics.eu *.googletagmanager.com *.google-analytics.com imageservice.azureedge.net *.google.com *.gstatic.com *.youtube.com i.ytimg.com *.visualstudio.com *.clarity.ms *.jsdelivr.net polyfill.io *.msecnd.net *.hotjar.com *.hotjar.io *.ggpht.com *.yumpu.com *.yumpu.news *.bing.com *.doubleclick.net *.googleapis.com *.googleoptimize.com *.licdn.com *.facebook.net *.google.de *.linkedin.oribi.io *.linkedin.com *.facebook.com *.econda-monitor.de *.googleadservices.com *.trbo.com *.beck.de *.salesforce.com *.saferpay.com *.googlesyndication.com beckassets.blob.core.windows.net imageservice.azureedge.net legacy.beck-shop.de freie-fachinformationen.de *.podigee.com *.podigee.io player.podigee-cdn.net methodurl.psp-solutions.com 3ds.nexigroup.com 3ds-a.live.ext.prod.enfuce.com eu.b2c.com cdn-assetservice.ecom-api.beck-shop.de web.inxmail.com sdfwk1.beck-shop.de 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'strict-dynamic' cdn.httparchive.org www.google-analytics.com use.fontawesome.com cdn.speedcurve.com spdcrv.global.ssl.fastly.net lux.speedcurve.com 'unsafe-inline' dev-gw-2vzgiib6.ue.gateway.dev 'nonce-Fwsdav7ZSe3jKjjAZ1LWJIPHUG296jaP'; font-src 'self'; connect-src 'self' cdn.httparchive.org discuss.httparchive.org dev.to cdn.rawgit.com www.webpagetest.org www.google-analytics.com analytics.google.com *.analytics.google.com stats.g.doubleclick.net dev-gw-2vzgiib6.ue.gateway.dev; img-src 'self' https:; frame-src 'none'; object-src 'none'; base-uri 'none' 1
frame-ancestors 'self'; report-uri https://6036bf2e5ccdae2ac79ee67c.endpoint.csper.io/ 1
default-src 'self' https:; script-src 'strict-dynamic' js.hsforms.net google-analytics localhost 'self' 'nonce-rAnd0m123' 'unsafe-inline' https:; style-src 'self' https: 'unsafe-inline' https://js.hsforms.net/forms/embed/v2.js; img-src 'self' https: data:; font-src 'self' https: data:; object-src 'none'; base-uri https://hexaware.com/; 1
frame-ancestors 'self'  https://sites.google.com/usuhs.edu; 1
frame-ancestors https://admin.paradiso.nl; 1
default-src 'self' *.asa.org www.google-analytics.com; script-src blob: http: https: 'self' *.acsbapp.com *.osano.com use.typkit.net *.google.com *.gstatic.com www.googletagmanager.com www.google-analytics.com data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' www.google.com; frame-src 'self' www.google.com; style-src 'unsafe-inline' http: https: 'self' *.typekit.net *.acsbapp.com; font-src 'self' *.typekit.net https://acsbapp.com/; img-src 'self' data: *.acsbapp.com *.osano.com www.google-analytics.com; connect-src 'self' *.osano.com *.acsbapp.com https://acsbapp.com/ www.google-analytics.com 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' www.google.com cdn.firebase.com www.gstatic.com s7.addthis.com cdnjs.cloudflare.com; style-src 'self' https: 'unsafe-inline'; report-uri /csp-violation-report 1
frame-ancestors feedback.usereport.com 1
frame-ancestors 'self' *.smartandfinal.com *.chedrauiusa.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://player.vimeo.com https://*.translate.naver.net https://*.akamaihd.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.pinterest.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://www.pinterest.co.uk blob: https://tr6.snapchat.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindcommerece.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net  https://analytics.tiktok.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.exantediet.com https://m.exantediet.com https://checkout.exantediet.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://s.trustpilot.com https://*.microsofttranslator.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com https://tr.snapchat.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' app.intercom.com/ localhost:9999 1
default-src https:; connect-src https: wss:; font-src https:; frame-src https:; img-src data: https:; object-src https:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.youtube.com  *.clientam.ch  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  *.lynxbroker.com  impact.interactivebrokers.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.xstaging.tv  *.ibkrcampus.com  ibkrcampus.com  www.ibkrguides.com  *.greenwichcompliance.com; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: gap: content:; img-src * data: blob: 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; font-src * data: 'unsafe-inline';media-src * data: blob: 'unsafe-inline'; object-src * 'unsafe-inline'; child-src * 'unsafe-inline'; frame-src 'self' * blob:; worker-src * blob: 'unsafe-inline'; frame-ancestors *; manifest-src * 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; worker-src blob: https:; connect-src ws: wss: https:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-ab0f9dd8cc7cb9f86c3c450a6ecf4f60'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://maps.googleapis.com https://www.youtube.com https://d3bf2ab9936ltn.cloudfront.net https://sdk.amazonaws.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://code.jquery.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.googleoptimize.com https://secure.quantserve.com https://cdn.brand-display.com https://connect.facebook.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://8661995.fls.doubleclicknet https://rules.quantcount.com https://tr.brand-display.com https://pixel.quantserve.com https://socialplugin.facebook.net https://analytics.google.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://book.rwgenting.com https://rwg-prd-attachment.s3.ap-southeast-1.amazonaws.com blob: https://d3bf2ab9936ltn.cloudfront.net https://pixel.quantserve.com https://www.google.com https://www.google.co.in https://www.google-analytics.com https://www.facebook.com *.googletagmanager.com data:; connect-src 'self' http://cloudapi.rwgenting.com https://book.rwgenting.com https://forms.office.com https://rwg-prd-attachment.s3.ap-southeast-1.amazonaws.com https://maps.googleapis.com https://rwg-ping.chatinfinite.net https://l77dg5ityi.execute-api.ap-southeast-1.amazonaws.com wss://foxiy2xof7.execute-api.ap-southeast-1.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://socialplugin.facebook.net https://analytics.google.com https://www.facebook.com; frame-src 'self' https://www.google.com https://d3bf2ab9936ltn.cloudfront.net https://submit.jotform.com https://form.jotform.com https://www.youtube.com https://www.facebook.com; frame-ancestors 'self' https://www.facebook.com; 1
default-src 'self' https://*.cryptohopper.com wss://*.cryptohopper.com https://*.cryptohopper.tech https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://*.googleoptimize.com https://optimize.google.com https://tagmanager.google.com https://i.ytimg.com https://cdn.segment.com https://api.segment.io https://*.freshchat.com https://hcaptcha.com https://*.hcaptcha.com https://youtube.com https://www.youtube.com https://noembed.com https://cdn.plyr.io https://bat.bing.com wss://api.appcues.net https://*.appcues.com https://*.appcues.net https://*.cloudflareinsights.com https://*.analytics.google.com https://*.intercom.io https://*.intercomcdn.com wss://nexus-websocket-a.intercom.io; img-src 'self' data: https://*.cryptohopper.com https://res.cloudinary.com/ https://*.hotjar.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.ytimg.com https://bat.bing.com https://www.google.com https://*.google.nl https://*.intercomcdn.com https://*.intercomassets.com; style-src 'self' 'unsafe-inline' https://*.cryptohopper.com https://fonts.googleapis.com https://*.freshchat.com https://fast.appcues.com https://*.google.com; font-src 'self' data: https://*.cryptohopper.com https://*.gstatic.com https://*.hotjar.com https://*.intercomcdn.com; object-src 'none'; form-action 'none'; report-uri /api/report/csp; 1
base-uri 'none';child-src 'none';connect-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl *.npoplayer.nl event analytics-ingress-global.bitmovin.com npo.prd.cdn.bcms.kpn.com licensing.bitmovin.com nmonpoendpoint.2cnt.net npo-drm-gateway.samgcloud.nepworldwide.nl *.streamgate.nl;default-src 'self';font-src 'self' cdn.npoplayer.nl use.typekit.net;form-action 'self';frame-ancestors 'self' *;frame-src 'none';img-src 'self' *.schooltv.nl *.schooltv.angrylabs.nl *.npo.nl data: images.poms.omroep.nl;manifest-src 'self';media-src 'self' blob: * data:;object-src 'none';script-src 'self' cdn.npoplayer.nl tag.aticdn.net hub.npo-data.nl nmonpoendpoint.2cnt.net analytics-ingress-global.bitmovin.com www.gstatic.com *.streamgate.nl blob: *;style-src 'self' 'unsafe-inline' use.typekit.net cdn.npoplayer.nl p.typekit.net *.npo.nl;worker-src 'self' blob:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.akamaihd.net https://*.translate.naver.net https://www.shoplooks.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.baidu.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.beautyexpert.com https://checkout.beautyexpert.com https://www.beautyexpert.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://www.gstatic.cn https://translate.yandex.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self'  https://savethechildren.ailnd.com; 1
img-src 'self' blob: data: https://www.googletagmanager.com/ https://www.google-analytics.com/ https://s3-ap-southeast-1.amazonaws.com/agency.form.sg/ https://s3.ap-southeast-1.amazonaws.com/images.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/logos.form.gov.sg * https://*.google-analytics.com https://*.googletagmanager.com;font-src 'self' data: https://fonts.gstatic.com/;script-src 'self' https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://www.tagmanager.google.com/ https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://challenges.cloudflare.com https://js.stripe.com/v3 https://*.googletagmanager.com/gtag/ https://*.cloudflareinsights.com/ https://www.gstatic.com/charts/ https://www.gstatic.cn;connect-src 'self' https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://*.browser-intake-datadoghq.com https://sentry.io/api/ https://s3.ap-southeast-1.amazonaws.com/attachments.form.gov.sg/ https://s3.ap-southeast-1.amazonaws.com/images.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/logos.form.gov.sg https://s3.ap-southeast-1.amazonaws.com/prod.virus.scanner.quarantine https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;frame-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://challenges.cloudflare.com https://js.stripe.com/;style-src 'self' https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/ 'unsafe-inline' https://www.gstatic.com/charts/;worker-src 'self' blob:;frame-ancestors *;report-uri https://sentry.io/api/1450832/security/?sentry_key=a6da524b405e4440bfef29457b51dfbc;default-src 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' https://www.londonzoo.org https://cms.londonzoo.org; object-src 'none'; base-uri 'self'; style-src 'self' https://www.londonzoo.org https://cms.londonzoo.org 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://tagmanager.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://www.tripadvisor.co.uk https://static.tacdn.com ; font-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://static.tacdn.com ; script-src 'self' https://www.londonzoo.org https://cms.londonzoo.org 'nonce-44ba015cab339a6f01774f18a21e6ede' 'sha256-ZnhAS6LXLZWmpPSEDrVRkNeIsVEIsRredGkFx2WiKec=' 'sha256-iW4WnuBtxrtQK6YASZph6rx6yZZMg0U77OLIlEZvlDA=' 'sha256-48TuDkUabuH2v1zRqgyqecgn+HRkc9gfpOVMELfgzQI=' 'sha256-U96gVTGDtlmnaK204EbaOTNyZRKvfBiWyuolgJwd8CI=' 'sha256-2L/tFj1yFovfnD4TertAGuww56zrGsGC1JDWaqC75s0=' 'sha256-9HOlWcnxwIXUmTPdnAhre+W8Z0FDeSQmn4+a1GXnQSA=' 'sha256-dKGt8dCuqKR/hwtTSFNbDeXeYUxOjtop6H2SYqoIGvc=' 'sha256-y6gO+OYD2TDPY9r3GtOTvnCs5/oE/O7PmNL2zaGYeJQ=' 'sha256-Jg7eYnts8zlTEJyHuCysngL/qIiJiSEFfkFvZJOMRGY=' https://connect.facebook.net https://cookie-cdn.cookiepro.com https://r1.dotdigital-pages.com https://r1-t.trackedlink.net/_dmpt.js https://s.yimg.com/wi/ytc.js https://static.hotjar.com https://script.hotjar.com https://analytics.twitter.com https://static.ads-twitter.com/uwt.js https://www.dwin1.com/15333.js https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://campaign.zsl.org https://reclaimhub.com https://www.tripadvisor.co.uk https://www.tripadvisor.com https://static.tacdn.com https://www.jscache.com https://analytics.tiktok.com https://static.trackedweb.net https://www.googletagmanager.com https://lantern.roeyecdn.com https://go.affec.tv https://cdn.cookielaw.org https://secure.adnxs.com ; connect-src 'self' https://www.londonzoo.org https://cms.londonzoo.org https://cookie-cdn.cookiepro.com https://s.yimg.com https://stats.g.doubleclick.net https://*.google.co.uk https://*.google.com https://*.google-analytics.com https://geolocation.onetrust.com https://privacyportal.cookiepro.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://campaign.zsl.org https://analytics.tiktok.com https://px.ads.linkedin.com ; frame-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://*.fls.doubleclick.net https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://r1.dotdigital-pages.com https://www.arcgis.com https://html5-player.libsyn.com https://campaign.zsl.org https://www.google.com https://bid.g.doubleclick.net https://td.doubleclick.net https://reclaimhub.com https://zsl-london-zoo-timeline.octophindev.com https://cdn.knightlab.com https://my.matterport.com ; frame-ancestors 'self' https://www.londonzoo.org https://cms.londonzoo.org https://cms.zsl.org https://www.zsl.org https://cms.londonzoo.org https://www.londonzoo.org https://cms.whipsnadezoo.org https://www.whipsnadezoo.org https://campaign.zsl.org ; img-src 'self' https://www.londonzoo.org https://cms.londonzoo.org data: https://analytics.twitter.com https://cookie-cdn.cookiepro.com https://sp.analytics.yahoo.com https://t.co https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk https://www.google.be https://campaign.zsl.org https://static.hotjar.com https://script.hotjar.com https://i.ytimg.com https://*.fls.doubleclick.net https://ad.doubleclick.net https://*.googlesyndication.com https://www.tripadvisor.co.uk https://px.ads.linkedin.com https://adservice.google.com https://lantern.roeye.com https://map.go.affec.tv ; upgrade-insecure-requests; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://insight.adsrvr.org/track/up https://match.adsrvr.org https://gum.criteo.com https://ln-rules.rewardstyle.com https://www.pinterest.com blob: https://app.qubit.com https://*.attn.tv https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.powerreviews.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://ct.pinterest.com https://*.parcellab.com https://*.contentsquare.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.perriconemd.com https://*.attn.tv https://events.attentivemobile.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://*.powerreviews.com https://sgtm.perriconemd.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.perriconemd.com https://checkout.perriconemd.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://s.pinimg.com https://js.adsrvr.org https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://cdn.attn.tv https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.powerreviews.com https://mpsnare.iesnare.com https://sgtm.perriconemd.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io https://*.powerreviews.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https://*.fresenius.com https://*.fresenius.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fresenius.com https://*.fresenius.de https://cdn.cookielaw.org/ https://www.youtube.com https://s.ytimg.com https://mc.yandex.ru https://yastatic.net https://cdn.jsdelivr.net https://api-maps.yandex.ru https://suggest-maps.yandex.ru http://*.maps.yandex.net https://yandex.ru https://geolocation.onetrust.com https://privacyportal-de.onetrust.com  https://*.fresenius-kabi.com https://api.deepl.com https://jira.fresenius-netcare.com https://*.azureedge.net/ https://*.facebook.net https://*.instagram.com https://*.twitter.com  https://*.twimg.com; connect-src 'self' https://*.fresenius.com https://*.fresenius.de https://*.web01.intra.fresenius.com/ https://cdn.cookielaw.org/ https://mc.yandex.ru https://privacyportal-de.onetrust.com https://api.deepl.com https://login.microsoftonline.com https://jira.fresenius-netcare.com https://irpages2.equitystory.com https://*.onetrust.io; style-src blob: 'self' 'unsafe-inline' https://cdn.my-styles.ru https://*.fresenius.com https://*.fresenius.de https://*.fresenius-kabi.com https://*.azureedge.net https://*.twitter.com https://*.twimg.com; img-src 'self' https://*.youtube.com https://youtu.be https://*.azureedge.net https://*.fresenius.com https://*.fresenius.de https://*.fresenius-kabi.com https://*.openstreetmap.org https://www.fresucare.de https://cdn.cookielaw.org https://*.twimg.com https://*.twitter.com https://eqs-cockpit.com blob: 'self' data:; media-src 'self' https://*.youtube.com https://youtu.be https://*.azureedge.net https://*.fresenius.com https://*.fresenius.de https://*.fresenius-kabi.com; child-src 'self' https://player.vimeo.com https://www.youtube.com https://youtu.be https://www.dailymotion.com/ https://mc.yandex.ru https://api-maps.yandex.ru blob:; frame-src 'self' https://www.youtube.com/ https://youtu.be https://api-maps.yandex.ru https://yandex.ru https://player.vimeo.com https://jira.intra.fresenius.de https://jira.fresenius-netcare.com https://jira.fresenius.com https://tools.eurolandir.com https://vara-services.com https://login.doccheck.com/ https://*.facebook.com https://*.instagram.com https://*.twitter.com; font-src 'self' https://*.fresenius-kabi.com https://*.fresenius.com https://*.azureedge.net/ data:; worker-src 'self' https://*.fresenius.com https://*.fresenius.de; 1
default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: ; font-src 'self' data:; connect-src 'self'; object-src 'none'; form-action https://mojebanka.kb.cz https://login.kb.cz; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com bat.bing.com www.redditstatic.com www.google-analytics.com googleads.g.doubleclick.net sc-static.net tag.rmp.rakuten.com static.hotjar.com secure.adnxs.com cdn.pdst.fm www.clarity.ms tr-shadow.snapchat.com platform.stumbleupon.com *.googletagmanager.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org munchkin.marketo.net dec.azureedge.net cdn.insight.sitefinity.com player.vimeo.com gateway.zscalerthree.net tr.snapchat.com script.hotjar.com lptag.liveperson.net va.v.liveperson.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com app.five9.com/consoles/SocialWidget/five9-social-widget.min.js d34r8q7sht0t9k.cloudfront.net podscribe.com analytics.tiktok.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net maxcdn.bootstrapcdn.com dec.azureedge.net cdn.insight.sitefinity.com app.five9.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com alb.reddit.com www.google-analytics.com bat.bing.com www.google.com www.google.co.cr mma.prnewswire.com *.clarity.ms syndication.twitter.com static.licdn.com *.bing.com www.google.ca tr.snapchat.com gateway.zscalerthree.net finn-sdk-cdn.finn.ai lpcdn.lpsnmedia.net arttrk.com 10.151.64.13 staging1-cms-cc.eqbank.ca https://ad.doubleclick.net *.kameleoon.com verifi.podscribe.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net maxcdn.bootstrapcdn.com; frame-src 'self' *.fls.doubleclick.net player.vimeo.com tr-shadow.snapchat.com tr.snapchat.com gateway.zscalerthree.net lpcdn.lpsnmedia.net va.idp.liveperson.net va.msg.liveperson.net td.doubleclick.net content.hotjar.io *.flinks.com cdn.prod.ca.five9.net eq-bank-fee-calculator4611.connect.flinks.dev/v2/ *.private.fin.ag forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com us-central1-adaptive-growth.cloudfunctions.net analytics.google.com tr-shadow.snapchat.com stats.g.doubleclick.net api.transferwise.com csmetrics.hotjar.com *.clarity.ms metrics.hotjar.io bat.bing.com restapi/adminapp/log-webclient-erro tr.snapchat.com vc.hotjar.io wss://va.msg.liveperson.net wss://ws.hotjar.com/api/v2/client/ws content.hotjar.io td.doubleclick.net *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com *.eqbank.ca *.redditstatic.com *.istio.qa.eqb-int.cloud *.podscribe.com analytics.tiktok.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: player.vimeo.com download-video.akamaized.net lpcdn.lpsnmedia.net vod-progressive.akamaized.net/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
script-src 'self' https://cdn.sift.com/ https://secureacceptance.cybersource.com/ https://applepay.cdn-apple.com/ https://www.paypal.com/ https://code.jquery.com/ https://script.hotjar.com/ https://s.swiftypecdn.com/ https://static.hotjar.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.google-analytics.com https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://cdn.cookielaw.org/ https://analytics.tiktok.com/ https://static.ads-twitter.com/ https://cdn.pdst.fm/ https://sc-static.net/ https://bat.bing.com/ https://*.pearson.com/ https://cdn.jsdelivr.net/ https://vars.hotjar.com/ https://optimize.google.com https://service.force.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://pearson.my.salesforce.com/ https://*.salesforceliveagent.com/ https://pearson.mcxplatform.de/surveys/ https://js.adsrvr.org/ https://www.googleadservices.com/ https://snap.licdn.com/ https://connect.facebook.net/ https://b-code.liadm.com/ https://analytics.twitter.com/ https://googleads.g.doubleclick.net/ https://pi.pardot.com/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://s.go-mpulse.net/boomerang/ https://static.lightning.force.com/ https://www.clarity.ms/ https://a.clarity.ms/ https://e.clarity.ms/ https://h.clarity.ms/ https://www.paypalobjects.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdn.siftscience.com/ https://d.la3-c1-cdg.salesforceliveagent.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://pearson.my.site.com/ https://bwq276ac.micpn.com/ https://js.zi-scripts.com/ https://ws.zoominfo.com/ https://tags.clickagy.com/ https://*.fontawesome.com/ blob: 'unsafe-eval' 'unsafe-inline';           img-src 'self'  https://hexagon-analytics.com/ https://analytics.twitter.com/ https://*.pearson.com/ https://p.adsymptotic.com/ https://recommendationengine.googleapis.com/ https://cc.swiftype.com/ https://www.google-analytics.com https://optimize.google.com https://www.pearson.com/ https://i.liadm.com/ https://px.ads.linkedin.com/ https://pearson.mcxplatform.de/ https://www.google.com/ https://www.google.ie/ https://www.googletagmanager.com/ https://i6.liadm.com/ https://www.google.co.uk/ https://tr.snapchat.com/ https://t.co/i/ https://bat.bing.com/ https://www.facebook.com/ https://www.linkedin.com/ https://11052299.fls.doubleclick.net/ https://ptgmedia.pearsoncmg.com/ https://www.pearsonassessments.com/ https://pearsonassessments.com/ https://c.clarity.ms/ https://c.bing.com/ https://t.paypal.com/ data: https://*.salesforceliveagent.com/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://cdn.cookielaw.org/logos/ https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com https://www.google.com.ua/pagead/ https://bwq276ac.micpn.com https://*.fontawesome.com/ ;           style-src 'self'  https://secureacceptance.cybersource.com/ https://cdn.cookielaw.org/ https://s.swiftypecdn.com/ https://fonts.googleapis.com/ https://vars.hotjar.com/ https://optimize.google.com https://service.force.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://pearson.my.salesforce.com/ https://www.youtube.com/ https://pearson.mcxplatform.de/surveys/KXMPND/Scripts/ https://js.adsrvr.org/ https://tr.snapchat.com/ https://11052299.fls.doubleclick.net/ https://b-code.liadm.com/ https://*.pearson.com/ https://www.pearsonhighered.com/ https://*.salesforceliveagent.com/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://pearson.my.site.com/ https://*.fontawesome.com/ 'unsafe-inline';           font-src 'self'  https://fonts.gstatic.com data: https://www.pearson.com/pcp-hed/assets/webfonts/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://k244.pearson.com/ https://*.fontawesome.com/;           frame-src 'self' https://pearson.mcxplatform.de/ https://www.paypal.com/ https://secureacceptance.cybersource.com/ https://vars.hotjar.com/ https://optimize.google.com https://service.force.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://pearson.my.salesforce.com/ https://www.youtube.com/ https://tr.snapchat.com/ https://11052299.fls.doubleclick.net/ https://b-code.liadm.com/ https://i.liadm.com/ https://www.facebook.com/ https://www.paypalobjects.com/ https://*.pearson.com/ https://*.salesforceliveagent.com/ https://pearson.sb.blueconic.net/ https://pearson.blueconic.net/ https://11855419.fls.doubleclick.net/ https://app.vwo.com https://*.visualwebsiteoptimizer.com https://td.doubleclick.net/ https://hemsync.clickagy.com/ https://*.fontawesome.com/ 1
default-src 'self' http: https: data: blob: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps-dev.con.rcmp-grc.gc.ca csps.con.rcmp-grc.gc.ca www.google-analytics.com ajax.googleapis.com www.googletagmanager.com *.clet.ca platform.twitter.com cdn.syndication.twimg.com cdnjs.cloudflare.com use.fontawesome.com www.youtube.com unpkg.com; 1
default-src 'none'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' https://www.youtube.com https://static.hotjar.com https://script.hotjar.com/ https://www.gstatic.com https://vimeo.com https://player.vimeo.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://static.ads-twitter.com https://connect.facebook.net https://www.redditstatic.com https://tezos.us6.list-manage.com https://maps.googleapis.com; frame-ancestors 'none'; base-uri 'self'; manifest-src 'self' 'unsafe-inline'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://in.hotjar.com/ wss://*.hotjar.com/ https://ws8.hotjar.com/ https://tezos.com https://api.tzkt.io https://us-central1-pantone-blokhaus.cloudfunctions.net https://formspree.io https://*.g.doubleclick.net https://vimeo.com https://api.tzpro.io/ https://api.better-call.dev https://tzkt.tezos-dev.tqhosted.com https://maps.googleapis.com https://graphql.datocms.com/ https://*.algolia.net https://*.algolianet.com; font-src  'self' data: https://fonts.gstatic.com; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com http://canarytokens.com https://tezos.com https://i.vimeocdn.com https://*.google.com https://*.google.co.uk https://maps.gstatic.com https://maps.googleapis.com https://streetviewpixels-pa.googleapis.com https://*.g.doubleclick.net https://t.co https://analytics.twitter.com https://www.facebook.com https://*.reddit.com data: https://www.google-analytics.com https://www.datocms-assets.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://formspree.io; frame-src https://vars.hotjar.com/ https://wallet.kukai.app https://calendly.com https://player.vimeo.com https://vimeo.com https://www.google.com https://www.youtube.com https://www.facebook.com https://tezosbot.vercel.app; media-src 'self'; 1
default-src 'self' *.staticflickr.com *.flickr.com maps.google.com api.rollbar.com *.nr-data.net api.mapbox.com blob:; script-src 'self' cdnjs.cloudflare.com www.googletagmanager.com *.google-analytics.com js-agent.newrelic.com *.twitter.com *.twimg.com *.nr-data.net 'unsafe-eval' 'unsafe-inline' storage.googleapis.com api.mapbox.com https://*.uninfo.org blob: *.fontawesome.com datawrapper.dwcdn.net; style-src 'self' *.flickr.com *.staticflickr.com cdnjs.cloudflare.com fonts.googleapis.com use.fontawesome.com *.twitter.com *.twimg.com 'unsafe-inline' api.mapbox.com *.fontawesome.com static.dwcdn.net datawrapper.dwcdn.net; img-src 'self' www.un.org.vn *.un.org gallery.mailchimp.com *.staticflickr.com https: data: blob:; media-src 'self' www.un.org.vn *.un.org; frame-src 'self' maps.google.com www.google.com www.youtube-nocookie.com www.youtube.com *.vimeo.com unstats.un.org forms.office.com player.youku.com *.qq.com data.uninfo.org *.tableau.com; font-src 'self' fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.twitter.com *.twimg.com *.fontawesome.com  static.dwcdn.net; connect-src 'self' *.staticflickr.com *.flickr.com maps.google.com analytics.google.com api.rollbar.com *.nr-data.net https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.google-analytics.com storage.googleapis.com wss://socket.push.al https://*.undg.org https://*.uninfo.org *.fontawesome.com datawrapper.dwcdn.net; upgrade-insecure-requests 1
frame-ancestors 'self' http://guidewire.pathfactory.com https://guidewire.pathfactory.com http://explore.guidewire.com https://explore.guidewire.com 1
frame-ancestors 'self';block-all-mixed-content; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.hotjar.com *.hotjar.com/* *.clarity.ms *.clarity.ms/* https://cdn.jsdelivr.net *.termly.io https://app.termly.io/embed.min.js https://googleads.g.doubleclick.net https://bat.bing.com/p/action/17549570.js https://www.googleadservices.com https://maps.google.com https://maps.googleapis.com https://*.googleapis.com https://*.googletagmanager.com gateway.zscalertwo.net https://api.github.com *.hotjar.com hotjar.com https://code.jquery.com maxcdn.bootstrapcdn.com djtflbt20bdde.cloudfront.net snap.licdn.com js.hsadspixel.net/fb.js js.hs-scripts.com linkedin.com https://*.amazonaws.com https://*.google-analytics.com cdn.userway.org js.hs-analytics.net c.go-mpulse.net platform.linkedin.com px.ads.linkedin.com js.hs-banner.com www.google.com js.hsforms.net forms.hsforms.com www.webtraxs.com js-agent.newrelic.com bam.nr-data.net ssl.google-analytics.com js-na1.hs-scripts.com bat.bing.com; img-src 'self' www.linkedin.com https://dc.ads.linkedin.com yoast.com *.clarity.ms clarity.ms *.bing.com/* cdn.userway.org updates.themepunch-ext-a.tools leapsandbounds.io demo.magnigenie.com www.elegantthemes.com bat.bing.com www.googletagmanager.com p.adsymptotic.com embedwistia-a.akamaihd.net fast.wistia.com px.ads.linkedin.com forms.hubspot.com *.gravatar.com *.w.org gateway.zscalertwo.net smartslider3.com digitalleap.co.za wponlinesupport.com ajax.googleapis.com wpstorelocator.co www.paypal.com awsmedia.s3.amazonaws.com developers.google.com maps.googleapis.com *.sanmina.com sanmina.com maps.google.com maps.gstatic.com forms.hsforms.com www.google-analytics.com www.google.co.in www.webtraxs.com track.hubspot.com stats.g.doubleclick.net www.google.com ssl.google-analytics.com https://*.vimeocdn.com https://*.vimeocdn.com/* *.doubleclick.net data:; connect-src 'self' 'unsafe-inline' bam.nr-data.net *.clarity.ms clarity.ms  https://app.termly.io px.ads.linkedin.com cdn77.api.userway.org pagead2.googlesyndication.com www.google.com analytics.google.com googleads.g.doubleclick.net api.userway.org cdn.userway.org embedwistia-a.akamaihd.net distillery.wistia.com pipedream.wistia.com fg8vvsvnieiv3ej16jby.litix.io yoast.com *.yoast.com smartslider3.helpscoutdocs.com api.hubapi.com www.google-analytics.com maps.google.com maps.googleapis.com stats.g.doubleclick.net facebook.com *.hotjar.com hotjar.com wss://ws27.hotjar.com wss://ws27.hotjar.com/* wss://*.hotjar.com wss://*.hotjar.com/* *.hotjar.io *.googleapis.com https://*.bing.com ; font-src 'self' hello.myfonts.net fonts.googleapis.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdn.userway.org data:; style-src 'self' 'unsafe-inline' 'report-sample' ajax.googleapis.com hello.myfonts.net cdn.userway.org cdn-images.mailchimp.com fonts.googleapis.com djtflbt20bdde.cloudfront.net; object-src 'none'; frame-src 'self' https://www.elegantthemes.com www.youtube.com td.doubleclick.net smartslider3.com cdn.userway.org fast.wistia.com forms.hsforms.com bid.g.doubleclick.net *.vimeo.com *.linkedin.com sanminacareers.mua.hrdepartment.com hotjar.com vars.hotjar.com *.hotjar.com https://gateway.zscalertwo.net;manifest-src 'self';base-uri 'self';form-action 'self' forms.hsforms.com forms.hubspot.com; worker-src 'self'; child-src 'self' app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com;media-src 'self' *.w.org media.licdn.com;report-uri https://endpoint.sanmina.com;report-to sanminadmin; 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com netdna.bootstrapcdn.com seaside.ns.ca www.google.com www.facebook.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net www.googletagmanager.com analytics.google.com affiliates.vubiquity.com fonts.googleapis.com www.google.ca fonts.gstatic.com fonts.googleapis.com code.jquery.com cdn.example.com cdn.jsdelivr.net www.google.com connect.facebook.net beca www.google-analytics.com www.gstatic.com stats.g.doubleclick.net; frame-src 'self' seaside.ns.ca affiliates.vubiquity.com youtube.com www.youtube.com www.google.com; img-src www.facebook.com www.google.com www.google.ca connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net 'self' seaside.ns.ca www.seaside.ns.ca  1
default-src 'self' *.freelibrary.org;connect-src 'self' *.googleapis.com *.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;font-src 'self' *.gstatic.com *.googleapis.com https://*.hotjar.com;img-src 'self' *.freelibrary.org *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com https://*.hotjar.com data:;script-src 'self' *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com https://*.hotjar.com 'unsafe-inline';style-src 'self' *.googleapis.com www.google.com *.gstatic.com https://*.hotjar.com 'unsafe-inline';frame-src 'self' https://*.hotjar.com; 1
frame-ancestors 'self' uloop.com *.uloop.com collegeparentcentral.com www.collegeparentcentral.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests; img-src https: data: 1
child-src blob: www.google.com *.readyplayer.me https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ https://www.googletagmanager.com *.cookiebot.com www.recaptcha.net hiberworld.com *.hiberworld.com;connect-src http://hiberworld.com *.hiberworld.com ws://*.hiberworld.com *.hiberworld.com wss://*.hiberworld.com *.hiberworld.com blob: rum.browser-intake-datadoghq.eu readyplayerme.github.io *.cookiebot.com *.dive.games cdn.hibervr.com *.digitaloceanspaces.com *.googlesyndication.com *.readyplayer.me www.google-analytics.com googleads.g.doubleclick.net *.analytics.google.com www.google.com stats.g.doubleclick.net *.google.com readyplayerme-assets.s3.amazonaws.com unpkg.com *.alchemyapi.io *.alchemy.com cloudflare-eth.com wss://www.walletlink.org/rpc wss://*.walletconnect.org wss://*.walletconnect.com https://hiber-cdn.s3.eu-west-1.amazonaws.com;font-src hiberworld.com *.hiberworld.com;img-src data: blob: cdn.hibervr.com *.amazonaws.com *.readyplayer.me files.stripe.com *.googlesyndication.com https://rpm-model-viewer-proto.vercel.app consent.cookiebot.com hiberworld.com *.hiberworld.com www.google-analytics.com imgsct.cookiebot.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat img.youtube.com i.ytimg.com images.ctfassets.net cdn.jsdelivr.net;media-src data: cdn.hibervr.com;manifest-src hiberworld.com *.hiberworld.com;object-src ;worker-src blob: hiberworld.com *.hiberworld.com;script-src 'strict-dynamic' 'nonce-32ad0283-caef-4a5d-845e-61deb6b78fb8' https: http: 'wasm-unsafe-eval';style-src cdn.hibervr.com 'unsafe-inline' hiberworld.com *.hiberworld.com;frame-src js.stripe.com codesandbox.io vars.hotjar.com blob: www.google.com *.readyplayer.me *.googlesyndication.com https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ *.cookiebot.com https://hiber.hiberworld.com http://dao.dev.hiberdev.net https://dao-pr.hiberworld.com https://dao-pr.dev.hiberdev.net https://dao.dev.hiberdev.net https://dao-pr.stage.hiberdev.net https://dao.stage.hiberdev.net www.recaptcha.net hiberworld.com *.hiberworld.com *.doubleclick.net https://*.walletconnect.com https://hzztj79qp1.execute-api.eu-west-1.amazonaws.com https://2f6393hice.execute-api.eu-west-1.amazonaws.com;base-uri 'self' 1
frame-ancestors 'self' edhec.edu; 1
default-src 'self'; connect-src 'self' https://pagead2.googlesyndication.com https://apikeys.civiccomputing.com https://fa-axelos-prod-ukw.azurewebsites.net https://fa-axelos-sandbox-ukw.azurewebsites.net https://fa-axelos-uat-ukw.azurewebsites.net https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; font-src 'self'; frame-src https://www.google.com https://www.youtube.com https://vimeo.com https://doubleclick.net https://www.google.com; img-src 'self' data: https://www.googletagmanager.com https://px.ads.linkedin.com https://t.co https://ade.googlesyndication.com https://www.google-analytics.com https://eu-images.contentstack.com https://analytics.twitter.com https://www.google.gr; script-src 'self' 'unsafe-inline' https://analytics.twitter.com https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://cc.cdn.civiccomputing.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://maps.googleapis.com http://www.googleadservices.com https://live.adyen.com/hpp/js/; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=CA&lang=en-CA&device=desktop&yrid=3f77f4hj45e6t&partner=; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://auda.org.au https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://connect.facebook.net/en_US/fbevents.js https://code.jquery.com/ http://github.com/robloach/jquery-once/ https://performance.radar.cloudflare.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.google.com/ https://maps.googleapis.com/ https://audaform.azurewebsites.net/ https://www.gstatic.com/ https://audamembersignup.azurewebsites.net/ https://snap.licdn.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://ssl.google-analytics.com/ https://tagmanager.google.com/ https://www.facebook.com/ https://connect.facebook.net/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://ajax.googleapis.com/ https://static.cloudflareinsights.com/ https://assets.auda.org.au/ https://px.ads.linkedin.com/ https://www.linkedin.com/; style-src 'self' 'unsafe-inline' https://domaincontention.azurewebsites.net/ https://www.auda.org.au/ https://audaform.azurewebsites.net/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://assets.auda.org.au/ https://audamembersignup.azurewebsites.net/ https://www.linkedin.com/; base-uri 'self'; connect-src 'self' https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://connect.facebook.net/en_US/fbevents.js https://www.auda.org.au/ https://performance.radar.cloudflare.com/ https://maps.googleapis.com/ https://audaform.azurewebsites.net/ https://www.facebook.com/ https://assets.auda.org.au/ https://audapublic.azurewebsites.net/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://cdn.jsdelivr.net/ https://px.ads.linkedin.com/ wss://audaform.azurewebsites.net/ https://static.cloudflareinsights.com/ https://audamembersignup.azurewebsites.net/ https://cdn.linkedin.oribi.io/ wss://audamembersignup.azurewebsites.net/ https://www.google-analytics.com/ https://www.linkedin.com/; font-src 'self' data: https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://www.auda.org.au/ https://fonts.googleapis.com/ https://www.google.com/ https://maps.googleapis.com/ https://assets.auda.org.au/ https://fonts.gstatic.com/ https://www.linkedin.com/; frame-src 'self' https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://www.auda.org.au/ https://www.facebook.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://www.gstatic.com/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://www.google.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://assets.auda.org.au/ https://info.auda.org.au/ https://acrobat.adobe.com/ https://www.linkedin.com/; img-src 'self' data: https://i.ytimg.com/ https://www.youtube.com/ https://domaincontention.azurewebsites.net/ https://www.auda.org.au/ https://benchmark.1e100cdn.net/ https://www.facebook.com/ https://connect.facebook.net/ https://ajax.cloudflare.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.google.com.au/ https://cdn.jsdelivr.net/ https://cedexis-test.akamaized.net/  https://assets.auda.org.au/ https://audaform.azurewebsites.net/ https://www.gstatic.com/ https://www.google-analytics.com/ https://whois.auda.org.au/ https://www.googletagmanager.com/ https://maps.gstatic.com/ https://info.auda.org.au/ https://audamembersignup.azurewebsites.net/ https://px4.ads.linkedin.com/ https://audapublic.azurewebsites.net/  https://px.ads.linkedin.com/ https://auda-corp-web-s3.s3.ap-southeast-2.amazonaws.com/ https://s3.console.aws.amazon.com/ https://www.linkedin.com/; manifest-src 'self';   media-src 'self';   worker-src 'none'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'self' https://secure.leadforensics.com https://snap.licdn.com https://mc.yandex.ru https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://vk.com https://*.facebook.net https://www.youtube.com/iframe_api https://code-ya.jivosite.com https://code.jivo.ru 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://fonts.googleapis.com https://*.mailchimp.com https://*.typekit.net 'unsafe-inline' https://code-ya.jivosite.com https://code.jivo.ru; img-src 'self' data: https://*.linkedin.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://vk.com https://*.vk.com https://www.facebook.com https://code-ya.jivosite.com; child-src 'self' https://www.youtube-nocookie.com/ https://*.google.com https://www.youtube.com https://www.facebook.com; connect-src 'self' https://*.google-analytics.com https://*.amazonaws.com https://*.doubleclick.net https://mc.yandex.ru https://ymetrica1.com wss://*.jivosite.com https://*.jivosite.com https://suggestions.dadata.ru https://idx.liadm.com; media-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://*.amazonaws.com https://code-ya.jivosite.com https://code.jivo.ru; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' mathjax.rstudio.com server.arcgisonline.com unpkg.com region1.google-analytics.com youtu.be youtube.com ws.hotjar.com region1.analytics.google.com content.hotjar.io planetarysecurityinitiative.org placehold.co p.typekit.net use.typekit.net embed.kumu.io w.soundcloud.com open.spotify.com docs.google.com wss://ws14.hotjar.com syndication.twitter.com ton.twimg.com abs.twimg.com pbs.twimg.com cdn.syndication.twimg.com platform.twitter.com twitter.com surveylegend.com datawrapper.dwcdn.net dwcdn.net www.canva.com piktochart.com *.piktochart.com www.surveylegend.com www.google.com www.gstatic.com cdn.jsdelivr.net static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com vc.hotjar.io maps.gstatic.com spectator.clingendael.org www.clingendael.org maps.googleapis.com www.google.nl https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://fonts.gstatic.com https://static.addtoany.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://player.vimeo.com https://f.vimeocdn.com https://i.vimeocdn.com https://fresnel.vimeocdn.com data: https://www.youtube.com https://localfocuswidgets.net 1
default-src 'self'; script-src 'self' 'nonce-k3yi9aIY3CHrjuI8ZAxFyw=='; style-src 'self'; img-src 'self' data:; object-src 'none'; frame-src 'none'; child-src 'none'; worker-src 'none'; media-src 'none'; manifest-src 'none'; base-uri 'none'; form-action 'none'; 1
frame-ancestors 'self' https://*.property-research-prod.property.com.au; upgrade-insecure-requests; 1
default-src 'none'; style-src https://tunnelblick.net https://www.tunnelblick.net; img-src https://tunnelblick.net https://www.tunnelblick.net; 1
upgrade-insecure-requests;              form-action 'self';              frame-ancestors 'self';              object-src 'none';              base-uri 'none';              img-src                  https://*.bing.com                  https://*.g.doubleclick.net                  https://*.google.ca                  https://*.google.com                  https://*.googletagmanager.com                  https://*.google-analytics.com                  https://*.virtualearth.net                  https://ad.doubleclick.net                  https://ads.linkedin.com                  https://alb.reddit.com                  https://analytics.twitter.com                  https://ct.pinterest.com                  https://fonts.gstatic.com                 https://px.ads.linkedin.com                  https://qualtrics.com                  https://s.amazon-adsystem.com                  https://sp.analytics.yahoo.com                  https://ssl.gstatic.com                  https://static.ads-twitter.com                  https://static-assets.qualtrics.com                  https://t.co                  https://www.facebook.com                  https://www.gstatic.com                 https://www.linkedin.com                  https://yul1.qualtrics.com                  'self'                  data:;              media-src                  https://doubleclick.net                  'self';              font-src                  https://fonts.gstatic.com                  https://typekit.net                  https://use.typekit.net                  'self'                 data:;              connect-src                  https://*.g.doubleclick.net                  https://*.google.ca                  https://*.google.com                  https://*.google-analytics.com                  https://*.googletagmanager.com                  https://*.linkedin.com                 https://*.reddit.com                 https://*.redditstatic.com                 https://*.virtualearth.net                 https://047-pbv-647.mktoresp.com                  https://342-bkg-026.mktoresp.com                  https://ad.doubleclick.net                  https://ads.linkedin.com                  https://analytics.tiktok.com                 https://cdn.linkedin.oribi.io                  https://collect.tealiumiq.com                  https://ct.pinterest.com                  https://mktoresp.com                  https://s.amazon-adsystem.com                  https://s.yimg.com                  https://siteintercept.qualtrics.com                  https://static.ads-twitter.com                  https://tealiumiq.com                  https://www.bing.com                  https://www.linkedin.com                  'self';              script-src                 https://*.bing.com                 https://*.facebook.net                 https://*.doubleclick.net                 https://*.gstatic.com                 https://*.googletagmanager.com                 https://*.licdn.com                 https://*.linkedin.com                 https://*.qualtrics.com                 https://*.reddit.com                 https://*.redditstatic.com                 https://*.typekit.net                 https://*.unpkg.com                 https://*.virtualearth.net                 https://analytics.tiktok.com                 https://linkedin.com                 https://munchkin.marketo.net/munchkin.js                 https://munchkin.marketo.net/163/munchkin.js                 https://reddit.com                 https://redditstatic.com                 https://unpkg.com                 https://www.gstatic.com/recaptcha/releases/*/*.js                 https://www.google.com/recaptcha/api.js                 https://www.googleadservices.com                 https://www.googletagmanager.com/gtm.js                 https://www.youtube.com/iframe_api/gtm.js                 'unsafe-inline'                 'unsafe-eval'                 'self';              style-src                 https://*.bing.com                 https://*.typekit.net                 https://fonts.googleapis.com                 https://www.googletagmanager.com                 'unsafe-inline'                 'self';          1
frame-ancestors yangqianguan.com:* *.yangqianguan.com:* fintopia.tech:* *.fintopia.tech:* *.fengtai.tech:* *.xiaoshuihua.com:* *.geteasycash.asia:* *.sjrtguarantee.com:* *.sjrtguarantee.cn:* *.snxguarantee.cn:* *.snxguarantee.com:* *.klxiaodai.com:* 1
default-src 'self' *.ivpn.net;img-src * data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ivpn.net *.braintreegateway.com  *.braintree-api.com *.paypal.com *.paypalobjects.com *.cardinalcommerce.com;style-src 'self' 'unsafe-inline' *.ivpn.net;connect-src 'self' *.ivpn.net *.cardinalcommerce.com *.braintree-api.com *.braintreegateway.com *.paypal.com  api.coingecko.com;frame-src 'self' *; 1
default-src * gap: ws: https://ssl.gstatic.com;style-src * 'unsafe-inline' 'self' data: blob:;font-src 'self' data: fonts.gstatic.com;script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;img-src * data: 'unsafe-inline' 'self' content:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.paddle.com/paddle/paddle.js https://gc.zgo.at/count.js https://hcaptcha.com https://*.hcaptcha.com https://plausible.simplelogin.io/js/index.js; child-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.paddle.com https://www.youtube.com https://app.tryhoist.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdn.paddle.com 1
default-src 'self';connect-src 'self' data: https:;img-src 'self' data: https:;script-src 'self' 'unsafe-inline' data: https:;style-src 'self' 'unsafe-inline' data: https:;form-action 'self' data: https:;frame-src 'self' data: https:;frame-ancestors 'self';base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
base-uri 'self';  connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://ca-sgtmwebsite-windesheimnl-prod-001.azurewebsites.net https://sgtm.windesheim.nl https://sgtm.windesheim.com https://sgtm.werkenbijwindesheim.nl https://sgtm.mediacentrumwindesheim.nl https://cdn.linkedin.oribi.io/ https://windesheim.piwik.pro https://region1.google-analytics.com https://region1.analytics.google.com https://dev.visualwebsiteoptimizer.com https://www.google.nl https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com;  default-src 'self';   font-src 'self' https://fonts.gstatic.com https://script.hotjar.com;  frame-src 'self' https://6963312.fls.doubleclick.net https://www.google.com https://tr.snapchat.com https://www.youtube.com;  img-src 'self' https://static.hotjar.com https://6005633.global.siteimproveanalytics.io https://script.hotjar.com https://*.ads.linkedin.com https://*.fls.doubleclick.net data: https://ssl.gstatic.com/ https://i.ytimg.com https://connect.facebook.net https://www.facebook.com www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.google-analytics.com https://img.youtube.com https://www.windesheim.nl https://www.toegankelijkheidsverklaring.nl  https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://windesheim.piwik.pro/ https://www.linkedin.com/px https://region1.analytics.google.com;  manifest-src 'self';  media-src 'self';  object-src 'none';  worker-src 'none';  script-src 'unsafe-eval' 'report-sample' 'self'  'sha256-SaTeMZGJLL8eEcyiSK1jpQNE0ZXRfqMTeA5M0NyhBJs='  'sha256-Zr64z4XmOOxzqmqscOSlwjdDvvo0eOJHaqwtQmqyw3Q='  'sha256-XpuEs/vn1RCF60rpqmFib6xDEg7BFPrTNJhn/u3259w='  'sha256-etsosRIfTi8P2KGPu99SK82gl0NEkJz74J9afExHQTY='  'sha256-EocJZWyqnmNNQQqmaNI9ZwiLLtor6TYavhNl/X3U2nI='  'sha256-1trlTQIDWaN99/I9AL7FnMeGUUIqMWEhQCrPqAriX0Q='  'sha256-RRo07OvcOKfA0Q3RnHrPcj9Yg1/myhTLc8FChH8idFA='  'sha256-2ggKq0Dls8tOHMXCrr+Fojru0gYpIU8iIkZIXDghQeU='  'sha256-Ox13a/HSVtlAlCErZpYGpuaIXT58T5VBq25pK1TlrwM='  'sha256-HU3zrDUMM3a2aGo816nhjIVQtsoD/LQBaKGWpJOLBWs='  'sha256-WwKGSl3/9cCHJK7szFaTGi6ZrONSA3XQHoaSQgznUmI='  'sha256-TFJA5kwdTQUfAstX5aMf6bemacHCGknPoSGTVZPkJ5w='  'sha256-nTUzZnk1dL20m8C4MUFZTXkIcD7UoB0jX5x8QAvKz5w='  'sha256-5gM7yOWKTQdw5gFQ8hw8z/kmzIXPMpda+okGAW6j8O8='  'sha256-SvLgADqEePEV9RNxBrRQXSBJafFHcVNG7cPzHz6h9eA='  'sha256-NUrCkABCD47sBF0+OC6Dml6jiTLpoSjELJeiKFL02/o='  'sha256-roM7iYPrI06Hql3oUJCw00Lt9ggzswTZGTCOgwE1JXc='  'sha256-IzWYhZ+CxG1MZbJubd6o2ouOrP7xgURPDihcOA8WRYU='  'sha256-uVXjH+eKWGiz7OjzjOtOm9cbVNR1RmzNHJ6S0Z+4fuk='  'sha256-3ZXMPnkKK/VVCHFc7dkVZ0FoZszMHYOoEiQtkTozf7k='  'sha256-EvF6mJxVt/FuPvolPFGrtR3eVvkpNlPLSuT3VodVGwI='  'sha256-xh2xInZdgjOVNqgQcLk1YvHPwog8K9QkDeGsb1obk2k='  'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c='  'sha256-NZEEDCwn6a6mk/e6Q3QHYZINTpS/93iZYnLXh4iZ2Dw='  'sha256-P2SWGCKMvXQfK6jq0ngY52y09zbfez/SF8+1Po6IbfY='  'sha256-e+dISbf2ioRmcZVylVbqUkCd3hLH4eSxkDNphHzUx5o='  'sha256-kozy8ql5HYzGVaVsfvJ6DOFd10m28EwCUoMQ9Y50jVI='  'sha256-F6St3BzaU28oFtygxItpV50oYY3M8qYje4RyBgKWrog='  'sha256-t7Gviq2elqGqzAW3eY/e70qboQ6CYXwtxp8gMj5yYCI='  'sha256-AuNKPU/6No+Js5nye818pdtxbwrkqMYPHffUkjTO2VQ='  'sha256-UJRwpQ/LbdnoA03RwGzMl4T8PJMZy3cIlo/qKwTmx1c='    https://siteimproveanalytics.com/js/siteanalyze_6005633.js https://static.hotjar.com https://script.hotjar.com  https://windesheim.piwik.pro https://i.ytimg.com https://s.ytimg.com https://ads.creative-serving.com/pixel https://analytics-eu.clickdimensions.com/ts.js https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-990090314/ https://sc-static.net/scevent.min.js https://static2.creative-serving.com/pixel.js https://track.adform.net/serving/scripts/trackpoint/async/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/pagead/conversion_async.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://tagmanager.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/debug/bootstrap https://static2.creative-serving.com https://analytics-eu.clickdimensions.com https://connect.facebook.net https://s2.adform.net https://track.adform.net https://windesheim.piwik.pro/ppms.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://dev.visualwebsiteoptimizer.com/;  style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com/ https://static.hotjar.com https://script.hotjar.com https://siteimproveanalytics.com/js/siteanalyze_6005633.js; 1
default-src 'self' wss: *.gravatar.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.plano.gov; style-src 'self' 'unsafe-inline' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.jsdelivr.net *.ctctcdn.com; img-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com www.facebook.com https://widgets.nrel.gov https://www.facebook.com https://tedxplano.org data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.jsdelivr.net connect.facebook.net https://widgets.nrel.gov; upgrade-insecure-requests; frame-src *.youtube.com *.airtable.com *.plano.swagit.com *.google.com *.civicplus.com *.plano.novusagenda.com *.publicstuff.com *.plano.gov *.audioeye.com https://airtable.com https://acg.is https://iframe.publicstuff.com https://iwantto.plano.gov https://plano.novusagenda.com https://planogis.maps.arcgis.com https://planotx.swagit.com https://sns.plano.gov https://tx-plano-onlineforms.app.transform.civicplus.com https://www.google.com/maps/embed https://www.googletagmanager.com https://www.youtube.com/embed https://www.youtube-nocookie.com/embed https://planotx.new.swagit.com https://html5-player.libsyn.com https://e.issuu.com https://prezi.com https://www.arcgis.com https//arcgis.com outlook.office365.com https://experience.arcgis.com; font-src 'self' *.civicplus.com *.civicplus.pro *.civicclerk.com engage6.azureedge.net *.audioeye.com *.pendo.io *.zdassets.com *.zendesk.com *.zopim.com *.arcgis.com *.arcgisonline.com *.services.visualstudio.com *.monitor.azure.com *.googleapis.com *.googletagmanager.com *.google-analytics.com use.fontawesome.com *.google.com *.gstatic.com gstatic.com cdn.embedly.com/widgets/platform.js cdnjs.cloudflare.com static.cloudflareinsights.com *.jsdelivr.net data:; form-action 'self'; frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; worker-src 'self' 'unsafe-inline' * blob: blob:*; 1
default-src * data: 'self' 'unsafe-inline';img-src * data:;style-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org https://pr-cb-bot.azurewebsites.net https://fonts.googleapis.com https://optanon.blob.core.windows.net;script-src * 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com https://connect.facebook.net https://cdn.cookielaw.org https://code.jquery.com/ https://cdnjs.cloudflare.com https://geolocation.onetrust.com https://maps.googleapis.com https://ajax.googleapis.com https://pr-cb-bot.azurewebsites.net/CAchat/botchat.js https://pr-cb-bot.azurewebsites.net/CAchat/main/main.prod.js https://www.google.com/recaptcha/api.js https://www.youtube.com/iframe_api https://s.ytimg.com/yts/jsbin/www-widgetapi-vflE2z392/www-widgetapi.js https://www.gstatic.com/recaptcha/api2/v1563777128698/recaptcha__pt.js https://platform-api.sharethis.com/js/sharethis.js;frame-src https://www.youtube.com  https://youtu.be/ https://www.facebook.com https://www.googletagmanager.com https://www.google.com/ https://vars.hotjar.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org/ https://eur02.safelinks.protection.outlook.com/ https://cdn.flipsnack.com/ https://heyzine.com/ https://online.fliphtml5.com/ https://player.flipsnack.com; 1
frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self';frame-ancestors 'self' *.coupacloud.com *.coupadev.com *.coupahost.com; style-src 'unsafe-inline' 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://fonts.googleapis.com https://r.bing.com https://www.bing.com https://cdn.pendo.io; frame-src 'self' us.llama.ai https://login.qlik.com https://*.us.qlikcloud.com https://www.youtube.com https://help.llama.ai https://app.pendo.io; script-src 'unsafe-inline' 'unsafe-eval' us.llama.ai login.qlik.com *.us.qlikcloud.com www.google-analytics.com *.googletagmanager.com *.pendo.io *.bing.com *.virtualearth.net; worker-src blob: 'self'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ipay.ua https://*.hotjar.com https://google.com https://*.google.com https://*.jivosite.com https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cp.skibble.com.ua https://appleid.cdn-apple.com https://www.googleadservices.com https://cdnjs.cloubflare.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net wss://*.jivosite.com https://disqus.com https://c.disquscdn.com https://ipayblog.disqus.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.gravitec.net http://www.googleadservices.com https://cdnjs.cloudflare.com https://client.crisp.chat; style-src 'self' 'unsafe-inline' https://*.ipay.ua https://*.jivosite.com  https://google.com https://*.google.com https://*.bootstrapcdn.com https://cp.skibble.com.ua https://c.disquscdn.com http://fonts.googleapis.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://client.crisp.chat; connect-src 'self' wss://*.ipay.ua wss://ws.hotjar.com https://*.hotjar.io https://*.jivosite.com https://*.facebook.com  https://google.com https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.gstatic.com https://api.skibble.com.ua https://cdnjs.cloubflare.com https://stats.g.doubleclick.net https://sentry.gravitec.net https://links.services.disqus.com wss://*.jivosite.com https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat; media-src 'self' https://*.jivosite.com; img-src 'self' 'unsafe-inline' data: https://*.jivosite.com https://*.facebook.com  https://google.com https://*.google.com https://*.google-analytics.com https://*.gstatic.com https://cp.skibble.com.ua https://metal-figure-243008.uc.r.appspot.com https://metal-figure-243008.appspot.com https://yapomoga.com https://certs.advantio.com https://*.office.udc.ua https://*.ipay.ua https://cdn.viglink.com https://c.disquscdn.com https://referrer.disqus.com https://www.google.com.ua https://stats.g.doubleclick.net https://client.crisp.chat https://image.crisp.chat; font-src 'self' 'unsafe-inline' data: https://maxcdn.bootstrapcdn.com https://tagmanager.google.com http://fonts.gstatic.com https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com https://client.crisp.chat; object-src 'self'; frame-ancestors 'self' https://www.radabank.com.ua; frame-src 'self' https://*.jivosite.com https://*.facebook.com https://google.com https://*.google.com https://bid.g.doubleclick.net https://kabanchik.ua https://yapomoga.com https://disqus.com https://www.youtube.com; 1
default-src * ; script-src * data: 'self' blob blob: 'unsafe-eval' 'unsafe-inline' ; style-src * data: 'self' blob blob: 'unsafe-inline' ; img-src * data: ; font-src * data: ; connect-src * ; media-src * blob: ; object-src * ; child-src * ; frame-src * ; worker-src * blob: ; frame-ancestors * ; report-uri /bdportlet-NemIDLoginPortlet/cspreport; 1
frame-ancestors 'self' *.zinghr.com; 1
frame-ancestors pms.a-premium.com pms.a-premium-test.com; 1
default-src 'self' https://pte.nu https://cdn.pte.nu;script-src 'self' cdn.pte.nu 'nonce-ytR8Y7qKbVe+6zwHsbY8kw==';style-src 'self' cdn.pte.nu 'unsafe-inline';img-src 'self' data: http://cdn.pte.nu https://cdn.pte.nu;connect-src 'self' https://cdn.pte.nu wss://ws.pte.nu https://ws.pte.nu https://api-test.pte.nu https://pte.nu;font-src 'self' cdn.pte.nu data:;manifest-src cdn.pte.nu;object-src 'self';media-src 'self';frame-src 'self';base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';script-src-attr 'none';upgrade-insecure-requests 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.google.com *.zopim.com *.hotjar.com maxcdn.bootstrapcdn.com fonts.gstatic.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.facebook.com *.list-manage.com tapita.io *.tapita.io 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.google.com *.hotjar.com *.trustpilot.com *.youtube.com *.freshchat.com *.clutch.co *.jotform.com fm.addxt.com logwork.com https://www.googletagmanager.com/ www.facebook.com platform.twitter.com tapita.io *.tapita.io 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.google.com *.google.com.vn *.bsscommerce.com bsscommerce.com *.zopim.io *.zopim.com *.bing.com *.googletagmanager.com *.hotjar.com *.youtube.com *.amazonaws.com *.cloudfront.net https://tapita.io/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ ebizmarts-website.s3.amazonaws.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com amcglobal.sc.omtrdc.net tapita.io *.tapita.io 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.googleapis.com *.addthis.com *.google.com *.trackedlink.net *.cloudflare.com *.zopim.com *.hotjar.com *.zdassets.com *.chimpstatic.com *.trustpilot.com *.googletagmanager.com *.crazyegg.com *.bing.com *.gstatic.com *.freshchat.com *.amazonaws.com *.list-manage.com *.logwork.com *.licdn.com fm.addxt.com https://tapita.io/ backend.bsscommerce.com *.clutch.co *.clarity.ms http://www.googletagmanager.com/ https://www.googletagmanager.com/ connect.facebook.net twitter.com platform.twitter.com tapita.io *.tapita.io https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com maxcdn.bootstrapcdn.com *.trackedlink.net *.doubleclick.net *.freshchat.com *.mailchimp.com *.amazonaws.com tapita.io *.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.zopim.io *.zopim.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es *.paypal.com *.googleapis.com *.doubleclick.net *.google-analytics.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.zdassets.com wss://*.hotjar.com https://tapita.io/ *.clarity.ms http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ tapita.io *.tapita.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' google-analytics.com *.fontawesome.com;  img-src 'self' *.w.com *.w.org *.gravatar.com data: data:* *.youtube.com *.vimeo.com *.joomunited.com *.facebook.com *.google-analytics.com heapanalytics.com amwayglobal.wpenginepowered.com *.gstatic.com *.instagram.com *.google.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fontawesome.com amwayglobal.wpenginepowered.com *.google.com *.gstatic.com *.googletagmanager.com google-analytics.com translate.google.com translate.googleapis.com connect.facebook.com connect.facebook.net https://tags.tiqcdn.com/utag/amway/amway-global/prod/utag.*;  style-src 'self' 'unsafe-inline' amwayglobal.wpenginepowered.com *.googleapis.com *.gstatic.com;  font-src fonts.gstatic.com amwayglobal.wpenginepowered.com *.fontawesome.com 'self' data: data:*;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' amwayglobal.wpenginepowered.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.youtube.com translate.google.com *.googleapis.com *.fontawesome.com connect.facebook.com connect.facebook.net cdn.heapanalytics.com tags.tiqcdn.com/utag/;  connect-src 'self' *.googleapis.com *.youtube.com *.google-analytics.com *.fontawesome.com stats.g.doubleclick.net;  frame-src 'self' *.facebook.com *.youtube.com *.vimeo.com *.google.com *.gstatic.com; 1
frame-ancestors https://*.yocket.com; 1
frame-ancestors 'self'  https://covgov.sharepoint.com https://covgov.sharepoint.com/sites/VDOT-EBB 1
default-src 'self' blob: http: https: www.krebshilfe.de staging1.dkh.milatec.de; img-src 'self' blob: data: http: https: www.krebshilfe.de staging1.dkh.milatec.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; style-src 'self' 'unsafe-inline' http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; font-src 'self' data: http: https: www.krebshilfe.de staging1.dkh.milatec.de; connect-src 'self' data: http: https: www.krebshilfe.de staging1.dkh.milatec.de cologne-timing.de raceresult.com; object-src 'none'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co https://www.awin1.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://d2d7do8qaecbru.cloudfront.net blob: https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://smct.co https://ipl.smct.co https://ipb.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.akamaihd.net https://services.postcodeanywhere.co.uk https://translate.yandex.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://analytics.tiktok.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://tr.snapchat.com https://*.contentsquare.net https://*.smct.co https://smct.io https://*.smct.io; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.growgorgeous.com https://checkout.growgorgeous.com https://m.growgorgeous.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://ssl.bing.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai http://platform.twitter.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-YWNiZjQ0MWExOA/NzQ0ZTQzOWZlYmZkNmM='; object-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gstatic.com *.youtube.com *.teads.tv *.blogherads.com *.cloudflare.com *.com *.net *.co *.ru *.org *.io *.media data: blob: wss: 1
default-src 'self' 'unsafe-inline' www.vinci.com;img-src 'self' 'unsafe-inline' data: www.vinci.com abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com www.facebook.com *.gstatic.com maps.google.com translate.google.com *.googleapis.com www.google-analytics.com i.vimeocdn.com i.ytimg.com;style-src 'self' 'unsafe-inline' 'report-sample' www.vinci.com ton.twimg.com platform.twitter.com translate.googleapis.com fonts.googleapis.com www.gstatic.com;font-src 'self' www.vinci.com fonts.googleapis.com fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' data: www.vinci.com cdn.syndication.twimg.com www.linkedin.com platform.linkedin.com platform.twitter.com https://connect.facebook.net www.google-analytics.com maps.google.com maps.googleapis.com ajax.googleapis.com www.gstatic.com data1.iti-maps.fr player.vimeo.com;connect-src 'self' www.vinci.com maps.googleapis.com www.google-analytics.com;frame-src 'self' streaming2.vinci.com syndication.twitter.com platform.twitter.com www.linkedin.com www.facebook.com vinci-stocksheet.webfg.net vinci-crm.seitosei.eu vinci-cercle-crm.seitosei.eu www.youtube-nocookie.com www.youtube.com sdk.companywebcast.com *.vimeo.com;frame-ancestors 'self' www.vinci.com;object-src 'self' www.vinci.com www.flickr.com;report-uri https://vincinet.report-uri.com/r/d/csp/reportOnly 1
default-src 'self';      script-src 'self' 'unsafe-inline' 'unsafe-eval'                        *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        b6.im-apps.net ;     connect-src       *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        *.geniee-search.net                        b.im-apps.net                        b6.im-apps.net ;     script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'                        *.gundam.info                        *.google-analytics.com                        *.onetrust.com                        *.min.js                        apis.google.com                        b.st-hatena.com                        static.mixi.jp                        connect.facebook.net                        platform.twitter.com                        d.line-scdn.net                        poplink-f.probo.biz                        poplink.probo.biz                        *.o2u.jp                        sync.im-apps.net                        dmp.im-apps.net                        audiencedata.im-apps.net                        www.youtube.com                        api.b-ch.com                        www.googletagmanager.com                        stats.g.doubleclick.net                        event.geniee-search.net                        cdn.webpush.jp                        api.webpush.jp                        www.gstatic.com                        analytics.google.com                        firebaseinstallations.googleapis.com                        fcmregistrations.googleapis.com                        *.geniee-search.net                        b6.im-apps.net ;     img-src 'self' * data:;     style-src 'self' 'unsafe-inline'                        *.gundam.info                        poplink-f.probo.biz                        fonts.googleapis.com ;     frame-src 'self'                         platform.twitter.com                          *.youtube-nocookie.com                        www.youtube.com                         gins.mixi.jp                         b.hatena.ne.jp                         web.facebook.com                         social-plugins.line.me                         plugins.mixi.jp                         www.facebook.com                         syndication.twitter.com ;     font-src 'self'                         fonts.gstatic.com ; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors https://lrdev.e-spirit.hosting https://lrqa.e-spirit.hosting https://lr.e-spirit.hosting; img-src 'self' * data: blob:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'nonce-0KVf9h8pgVZREF0iW5XOyA==' https://cdn.cookielaw.org https://www.googletagmanager.com 'strict-dynamic'; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.scot; img-src 'self' https: data: blob: https://mastodon.scot; style-src 'self' https://mastodon.scot 'nonce-B+1uPZ0IQ7p0nDBiWns0vg=='; media-src 'self' https: data: https://mastodon.scot; frame-src 'self' https:; manifest-src 'self' https://mastodon.scot; form-action 'self'; child-src 'self' blob: https://mastodon.scot; worker-src 'self' blob: https://mastodon.scot; connect-src 'self' data: blob: https://mastodon.scot https://media.mastodon.scot wss://mastodon.scot; script-src 'self' https://mastodon.scot 'wasm-unsafe-eval' 1
default-src 'self' *; img-src * 'unsafe-eval' 'unsafe-inline' mediastream: filesystem: data: blob: ;  connect-src 'self' * wss://nexus-websocket-a.intercom.io accounts.google.com https://api-iam.intercom.io https://mc.yandex.ru https://www.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' * https://maxcdn.bootstrapcdn.com fonts.gstatic.com data:; frame-src 'self' * https://www.google.com https://bid.g.doubleclick.net; manifest-src 'self'; media-src 'self' https://js.intercomcdn.com/; object-src 'self'; script-src 'self' * 'unsafe-eval' 'unsafe-inline' blob: https://js.intercomcdn.com https://onesignal.com https://widget.intercom.io https://cdn.onesignal.com  https://www.googletagmanager.com https://mc.yandex.ru https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.jsdelivr.net/ https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' * img123.s3.amazonaws.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com data: https://fonts.googleapis.com; base-uri 'none'; frame-ancestors 'self' https://metrika.yandex.ru/; upgrade-insecure-requests 1
default-src 'self' *.bundesbots.de; base-uri 'self'; style-src 'self' 'unsafe-inline' *.bund.de; connect-src 'self' *.itzbund.de  kira.bundesbots.de wss://kira.bundesbots.de *.bund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.instagram.com *.bundesbots.de *.bund.de platform.twitter.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de http://multimedia.gsb.bund.de *.youtube.com http://www.youtube.com *.itzbund.de *.cdninstagram.com *.bund.de; frame-src *.google.com *.gstatic.com *.youtube.com 'self' *.cdninstagram.com *.instagram.com *.twitter.com; img-src 'self' data: *.itzbund.de *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org pss.wsv.de *.cdninstagram.com *.instagram.com *.twimg.com *.bund.de *.bundesbots.de https://twemoji.maxcdn.com https://pbs.twimg.com https://cdn.jsdelivr.net https://www.kununu.com https://assets.kununu.com; frame-ancestors 'self'; 1
frame-ancestors 'self'; frame-src  *.facebook.com *.google.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.fontawesome.com *.versio.nl *.freshdesk.com *.freshchat.com *.typeform.com *.hsforms.com *.doubleclick.net *.yourhosting.nl *.cookiebot.com 1
default-src 'self' https://*.ntc.net.np https://www.google.com; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' https:; form-action 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https://*.ntc.net.np https://api.ipify.org https://app.namastepay.com:9911 https://www.google-analytics.com; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
frame-ancestors self *.uhg.com *.optum.com *.uhc.com; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://oldtoons.world:8443/socket.io/ wss://oldtoons.world:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; frame-ancestors 'self' areacliente.repsol.es waylet.es newdev-areacliente.cloudapp.repsol.com test-areacliente.cloudapp.repsol.com pre-areacliente.repsol.es pre-pidetubombona.repsol.es pidetubombona.repsol.es repsol.pt; frame-src * ; media-src *; img-src * https://cdn.valuesportal.com https://log.adtraction.fail blob: data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://valuesportal.com https://cdn.adt356.com https://gtm.adt313.net https://cnv.adt632.com *.google-analytics.com *.analytics.google.com *.krxd.net www.repsol.com www.dev-com.repsol.com www.google.com cdn.cookielaw.org p.teads.tv platform.twitter.com px.sunmedia.tv secure.adnxs.com s.yimg.com cdn.taboola.com pixel.mathtag.com amplify.outbrain.com bat.bing.com d1skycrvs9ubse.cloudfront.net www.gstatic.com googleads.g.doubleclick.net cdn.krxd.net *.hotjar.com www.googleadservices.com www.dev-net.repsol.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com tienda.dev-es.repsol.com t.womtp.com ws.walmeric.com maps.googleapis.com unpkg.com sdk.inbenta.io up.pixel.ad static.ads-twitter.com secure-ds.serving-sys.com i.clarity.ms trc.taboola.com tr.outbrain.com bs.serving-sys.com embed.typeform.com siteintercept.qualtrics.com *.siteintercept.qualtrics.com api.paycomet.com instantcredit.net test.instantcredit.net code.jquery.com static-eu.oct8ne.com snap.licdn.com stories.adsocy.com 9000468.spxl.socy.es p1.socy.es repsol.my.site.com; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; object-src 'none' 1
frame-ancestors https://*.prd.budgettravel.com 1
default-src 'self' 'unsafe-inline' data: blob: https://*.msgr.com https://*.fbcdn.net;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com builder.lift.acquia.com w.soundcloud.com formstack.com *.formstack.com *.guthrie.org *.sharethis.com cdnjs.cloudflare.com www.medtargetsystem.com match.deepintent.com ajax.googleapis.com connect.facebook.net resources.static.evaliahealth.com agadata.online trc.lhmos.com secure.adnxs.com cdn.taboola.com s.skimresources.com support.doctorpodcasting.com sky.blackbaudcdn.net payments.blackbaud.com bbox.blackbaudhosting.com www.google-analytics.com www.gstatic.com www.google.com api.airbud.io; object-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * data:; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://manage.laserfocusworld.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'none'; report-uri /cgi-bin/report_csp_violation.py 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data:; object-src 'self' * 1
frame-ancestors 'self' https://www.truckworks.de https://special.mercedes-benz-trucks.com 1
default-src 'self'; frame-ancestors 'self' *.kontent.ai *.hosted.positive.co.uk *.raymarine.com; frame-src 'self' data: https: *.cookiebot.com; img-src 'self' data: https: *.googletagmanager.com *.cloudfront.net; media-src 'self' data: https: *.googletagmanager.com *.canto.global; script-src 'self' 'unsafe-inline' data: https: *.googletagmanager.com *.amazonaws.com *.canto.global; font-src 'self' data: https: *.gstatic.com; style-src 'self' 'unsafe-inline' data: https: *.googleapis.com; connect-src data: https: *.googleapis.com *.hsforms.com *.hs-scripts.com; worker-src 'self' blob: *.raymarine.com; 1
report-uri https://consumer-travel.americanexpress.com/_/report/security/csp-violation; block-all-mixed-content; default-src 'nonce-6c838ff47b5fdcc1bbf8d71812edea3b' 'self' *.aexp.com *.americanexpress.com *.aexp-static.com wss://*.americanexpress.com lib-us-1.brilliantcollector.com/collector/collectorPost *.bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net apim.expedia.com; script-src 'nonce-6c838ff47b5fdcc1bbf8d71812edea3b' 'nonce-b7d468b2-f6b6-4c29-a163-c75319ca3082' c.evidon.com 'self' *.aexp.com *.americanexpress.com *.aexp-static.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js-cdn.dynatrace.com *.bounceexchange.com *.microsoft.com analytics.newscred.com www.google-analytics.com s.ntv.io www.youtube.com/iframe_api s.ytimg.com assets.adobedtm.com service.maxymiser.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn maps.googleapis.com; img-src data: c.evidon.com 'self' *.aexp.com *.americanexpress.com *.aexp-static.com omn.americanexpress.com amexuat1-merchantgeo.cs42.force.com res.cloudinary.com s1.ticketm.net ad2.adfarm1.adition.com ad4.adfarm1.adition.com p.adbrn.com 20743471p.rfihub.com 20795861p.rfihub.com aax-eu.amazon-adsystem.com private-orm-open-receipt-match.s3.amazonaws.com s.amazon-adsystem.com tag.yieldoptimizer.com ads.avocet.io stags.bluekai.com sandbox.dev.clover.com/v2/image/ sslwidget.criteo.com widget.criteo.com www.facebook.com cnt.fout.jp www.googleadservices.com/pagead/conversion/ googleads.g.doubleclick.net ad.doubleclick.net ad-emea.doubleclick.net media.iceportal.com dc.ads.linkedin.com px.ads.linkedin.com www.bizographics.com www.linkedin.com/px/ urldefense.proofpoint.com pubads.g.doubleclick.net s1933033461.t.eloqua.com prf.hn farm.plista.com *.switchfly.com d2whcypojkzby.cloudfront.net www.cfmedia.vfmleonardo.com i.travelapi.com photos.hotelbeds.com pix6.agoda.net www.tripadvisor.com analytics.twitter.com t.co b92.yahoo.co.jp sp.analytics.yahoo.com img.static-bookatable.com *.sevenrooms.com image.resy.com l.betrad.com cdn.cohesionapps.com adservice.google.com www.google.com/ads/user-lists/ www.google.com/pagead/1p-user-list/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ ct.pinterest.com/v3/ bat.bing.com/action/ *.flashtalking.com pt.ispot.tv rs.gwallet.com *.cloudfront.net/receipts/assets/ *.cloudfront.net/assets/sqmarket/ api.tiles.mapbox.com/ s.mzstatic.com/email/images_shared/ t.teads.tv affleads.latamtracking.com *.finn.ai/images/product-recommender/ events.bouncex.net pixel.newscred.com www.google-analytics.com track.adform.net *.doublemax.net *.microsoft.com pixel.sojern.com jadserve.postrelease.com p.adsymptotic.com px.ladsp.com tg.socdm.com tr.line.me atm.im-apps.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn images.trvl-media.com media.int.expedia.com insight.adsrvr.org maps.googleapis.com maps.gstatic.com; style-src 'unsafe-inline' *.aexp.com *.aexp-static.com fonts.googleapis.com; connect-src 'self' *.aexp.com *.aexp-static.com c.evidon.com l.evidon.com optoutapi.evidon.com *.americanexpress.com wss://*.americanexpress.com lib-us-1.brilliantcollector.com/collector/collectorPost *.bf.dynatrace.com stage.sp100500b5.guided.ss-omtrdc.net sp100500b5.guided.ss-omtrdc.net dpm.demdex.net apim.expedia.com amex-promotion-service-stg.iseatz.com amex-promotion-service.iseatz.com lxp-qatemp-api.lxp.iseatz.org lxp-qa-api.lxp.iseatz.org lxp-demotemp-api.lxp.iseatz.org maps.googleapis.com; manifest-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; worker-src 'self' *.aexp.com *.americanexpress.com *.aexp-static.com; frame-ancestors none; frame-src *.aexp-static.com *.americanexpress.com aexp.demdex.net *.liveperson.net *.liveperson.com *.lpsnmedia.net *.liveengage.net *.liveengage.com *.liveper.sn service.maxymiser.net; font-src *.aexp-static.com fonts.gstatic.com; media-src s2.content.video.llnw.net production.smedia.lvp.llnw.net *.aexp-static.com *.aexp.com 1
frame-ancestors activity.meyo.one activity-cf.meyo.one 'self' 1
worker-src https: data: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'none' 1
object-src 'none'; img-src data: http: https: cdn-cookieyes.com; script-src http: https: *.structube.com 'self' blob: 'unsafe-inline' *.paypal.com *.moneris.com *.signifyd.com 'unsafe-eval' *.listrakbi.com *.googleapis.com *.gstatic.com *.ggpht.com *.googleusercontent.com *.google.com *.facebook.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net *.getcandid.com *.filepicker.io content-getcandid.netdna-ssl.com *.attn.tv *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.g.doubleclick.net s.pinimg.com bam.nr-data.net cdn-cookieyes.com; style-src 'self' blob: https: 'unsafe-inline' *.structube.com *.typekit.net fonts.googleapis.com; base-uri 'none'; font-src 'self' fonts.gstatic.com *.typekit.net maxcdn.bootstrapcdn.com data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.paypal.com *.moneris.com *.google.com *.facebook.com *.youtube-nocookie.com *.doubleclick.net *.g.doubleclick.net *.getcandid.com *.filepicker.io *.signifyd.com view.publitas.com *.virtuo-reality.com acs-server.ps.msignia.com *.structube.com *.pinterest.com s.pinimg.com *.hotjar.com *.ada.support 360.ecom2vr.com *.attn.tv h.online-metrix.net *.paypalobjects.com *.hotjar.io *.pay.google.com *.affirm.ca *.cdn-apple.com; child-src 'self'; frame-ancestors 'self' www.virtuo-reality.com 360.ecom2vr.com; connect-src 'self' data: blob: *.attentivemobile.com *.attn.tv *.getcandid.com *.filepicker.io *.ada.support *.googleapis.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ca collector.structube.com *.pinterest.com bam.nr-data.net *.facebook.com cdn.linkedin.oribi.io *.bing.com *.adroll.com *.hotjar.com *.paypal.com wss://*.hotjar.com *.hotjar.io *.affirm.ca *.cookieyes.com cdn-cookieyes.com https://google.com/pay; 1
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' https://*.hotjar.com 'unsafe-inline' https://*.hotjar.io 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' embed.typeform.com snap.licdn.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net openzeppelin.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com ajax.googleapis.com *.googletagmanager.com static.hsappstatic.net cdnjs.cloudflare.com *.openzeppelin.com *.cloudfront.net *.google.com boards.greenhouse.io 'unsafe-inline'; frame-src 'self' forms.hsforms.com form.typeform.com *.hubspot.com *.hs-sites.com play.hubspotvideo.com openzeppelin.com wizard.openzeppelin.com *.google.com boards.greenhouse.io; img-src 'self' data: *.linkedin.com *.hubspot.com js.hscta.net no-cache.hubspot.com *.hubspotusercontent10.net *.hubspot.net cdn2.hubspot.net cdnjs.cloudflare.com *.cloudfront.net *.hsforms.com *.fs1.hubspotusercontent-na1.net; style-src 'self' *.hubspotusercontent10.net cdn2.hubspot.net cdnjs.cloudflare.com openzeppelin.com 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' embed.typeform.com *.hubspotusercontent10.net cdn2.hubspot.net cdnjs.cloudflare.com openzeppelin.com 'unsafe-inline' fonts.googleapis.com; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com forms.hsforms.com cdn.linkedin.oribi.io *.google-analytics.com *.hubapi.com js.hscta.net *.hs-banner.com *.hubspotusercontent10.net *.hscollectedforms.net *.hubspot.com; font-src 'self' *.fs1.hubspotusercontent-na1.net fonts.gstatic.com github.com; object-src 'none'; worker-src 'none'; form-action 'self' forms.hsforms.com; base-uri 'self'; frame-ancestors 'self'; manifest-src 'self'; script-src-elem 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline' embed.typeform.com *.hsadspixel.net *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net openzeppelin.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com ajax.googleapis.com *.googletagmanager.com static.hsappstatic.net cdnjs.cloudflare.com *.openzeppelin.com *.cloudfront.net *.google.com www.gstatic.com boards.greenhouse.io snap.licdn.com 'unsafe-inline'; media-src 'self' *.cloudfront.net 'unsafe-inline';; upgrade-insecure-requests 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; script-src * blob: data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; child-src * blob: data: ; style-src * 'unsafe-inline'; 1
default-src 'self'; frame-src * ; media-src *; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.taboola.com embed.typeform.com code.jquery.com *.google-analytics.com *.analytics.google.com www.googleoptimize.com maps.googleapis.com cdn.cookielaw.org www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com unpkg.com connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com www.google.com www.recaptcha.net www.gstatic.com static.hotjar.com www.static.hotjar.com script.hotjar.com www.script.hotjar.com  ; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; frame-ancestors 'self' 1
frame-ancestors *.ibrida.io 1
script-src 'self' blob: https://www.googletagmanager.com/ https://www.googleadservices.com/ http://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://www.youtube.com/iframe_api https://s.ytimg.com/ https://cdn-3.convertexperiments.com/ https://google-analytics.com/ https://www.google-analytics.com/ https://player.vimeo.com/ https://google.com/ https://www.google.com/ https://gstatic.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://platform.twitter.com/ https://widget.intercom.io/ https://connect.facebook.net https://js.intercomcdn.com https://fullstory.com https://staging.coincircle.com/ https://preprod.coincircle.com/ https://instant.0x.org https://coincircle.com/ https://translate.google.com https://translate.googleapis.com https://browser.sentry-cdn.com https://cdn.plaid.com https://pay.testwyre.com https://pay.sendwyre.com https://verify.sendwyre.com/ https://js.squareup.com https://cdn.google.com https://pay.google.com https://cdn.sift.com https://js.stripe.com https://js.sentry-cdn.com 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self'; object-src none; default-src 'self' blob: static.zdassets.com coinex.zendesk.com coinex.zendesk.co file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* ; worker-src blob: 'self'; script-src 'sha256-uHBNgsdzhOURiFIcL1C5Pb+5mNidfgHX1cZYziNN4wY=' 'nonce-YtikiAFXDW82DnNoTg1QpA==' 'strict-dynamic' 'self' www.google-analytics.com www.googletagmanager.com static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com widget-mediator.zopim.com *.zdassets.com api.geetest.com monitor.geetest.com bakapi.gtapp.xyz res.wx.qq.com coinex.zendesk.com coinex.zendesk.co *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; style-src 'self' 'unsafe-inline' at.alicdn.com coinex.zendesk.com coinex.zendesk.co static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; img-src 'self' www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com gcaptcha4.geetest.com gcaptcha4.geevisit.com dn-staticdown.qbox.me static.geevisit.com *.amazonaws.com blob: file.coinex.com file.coinexstatic.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net; font-src 'self' at.alicdn.com data: unpkg.com *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net coinex.com coinex.co coinex.zone coinex.land coinex.network coinexapp.net ; connect-src 'self' *.zendesk.com *.zendesk.co *.zdassets.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com www.google-analytics.com stats.g.doubleclick.net file.coinexstatic.com *.coinex.com:* *.coinex.co:* *.coinex.zone:* *.coinex.land:* *.coinex.network:* *.coinexapp.net:* coinex.com:* coinex.co:* coinex.zone:* coinex.land:* coinex.network:* coinexapp.net:* wss://*.coinex.com wss://*.coinex.co wss://*.coinex.zone wss://*.coinex.land wss://*.coinex.network wss://*.coinexapp.net ws://*.coinex.com ws://*.coinex.co ws://*.coinex.zone ws://*.coinex.land ws://*.coinex.network ws://*.coinexapp.net; frame-src 'self' player.bilibili.com player.vimeo.com *.viadeploy.com *.viabtc.com *.jumio.com *.jumio.ai www.youtube.com www.ixigua.com www.bilibili.com *.youtu.be blob: *.coinex.com *.coinex.co *.coinex.zone *.coinex.land *.coinex.network *.coinexapp.net 1
frame-ancestors 'self' *.google.com *.amp.colgate.com.br amp.colgate.com.br *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
default-src https:; frame-src https: blob:; connect-src https: blob:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data:; object-src 'none'; media-src https: blob:; base-uri 'self' https://ihan.matomo.cloud https://datataloudentiekartta.fi https://elamantapatesti.sitra.fi https://lifestyletest.sitra.fi https://livsstilstest.sitra.fi; form-action 'self' https://sitra.creamailer.fi https://datataloudentiekartta.fi https://elamantapatesti.sitra.fi https://lifestyletest.sitra.fi https://livsstilstest.sitra.fi; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval' ad.doubleclick.net data:; 1
frame-ancestors 'self' *.cub.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net cdnjs.cloudflare.com *.googlesyndication.com code.jquery.com cdn.ckeditor.com https://adservice.google.ru https://adservice.google.com https://*.googleadservices.com https://www.googletagservices.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://code.highcharts.com https://wg4.price.ru *.wi-fi.ru *.terratraf.com; font-src 'self' data: yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net cdnjs.cloudflare.com https://fonts.gstatic.com https://wg4.price.ru; style-src 'self' 'unsafe-inline' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net cdnjs.cloudflare.com https://cdn.datatables.net cdn.ckeditor.com; img-src 'self' data: yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net https://*.googlesyndication.com https://mzimg.com https://www.google-analytics.com https://stats.g.doubleclick.net cdn.ckeditor.com www.gstatic.com https://ad.doubleclick.net https://tns-counter.ru https://mc.admetrica.ru https://www.googletagmanager.com https://ad.adriver.ru http://static.price.ru https://wg4.price.ru *.wi-fi.ru *.ytimg.com *.ggpht.com https://wcm.weborama-tech.ru https://pixel.adlooxtracking.ru; connect-src 'self' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net https://*.googlesyndication.com https://*.google-analytics.com https://stats.g.doubleclick.net https://csi.gstatic.com https://wg4.price.ru *.wi-fi.ru static.terratraf.com https://pretarg.adhigh.net *.terratraf.com; object-src 'self' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net *.youtube.com; frame-src 'self' yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net *.youtube.com https://googleads.g.doubleclick.net https://*.googlesyndication.com https://www.google.com https://pagead2.googlesyndication.com; media-src 'self' data: yandex.ru *.yandex.ru *.yandex.net *.yandex.com *.yandex.md yastatic.net *.yastatic.net 1
frame-ancestors https://*.lifeextension.com http://localhost:4201/; 1
default-src 'self'; img-src 'self' 'unsafe-inline' blob: cdn.rdsaude.com.br storage.googleapis.com plugin.handtalk.me cdn.rd.com.br dev.rd.com.br rdsaude.com.br maps.googleapis.com maps.gstatic.com www.google-analytics.com i.ytimg.com cdn.cookielaw.org data: *.w.org secure.gravatar.com; script-src 'self' 'unsafe-eval' 'report-sample' 'self' unpkg.com cdn.jsdelivr.net https://www.googletagmanager.com plugin.handtalk.me dev.rd.com.br rdsaude.com.br maps.googleapis.com cdnjs.cloudflare.com maps.gstatic.com www.google-analytics.com ajax.googleapis.com cdn.cookielaw.org 'unsafe-inline' geolocation.onetrust.com www.youtube.com d3e54v103j8qbb.cloudfront.net www.google.com www.gstatic.com; connect-src 'self' plugin.handtalk.me translation-v3.handtalk.me checkip.amazonaws.com www.google-analytics.com cdn.cookielaw.org stats.g.doubleclick.net privacyportal-br.onetrust.com geolocation.onetrust.com raiadrograsil-privacidade.my.onetrust.com; style-src 'self' 'unsafe-inline' rdsaude.com.br dev.rd.com.br fonts.googleapis.com; frame-src 'self' plugin.handtalk.me www.youtube.com www.google.com; font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com cdn.rd.com.br; media-src 'self' cdn.rd.com.br; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net rdsaude.com.br https://cdn.rd.com.br storage.googleapis.com fonts.googleapis.com; frame-ancestors 'self'; worker-src 'self' blob: dev.rd.com.br rdsaude.com.br 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adform.net https://*.appboycdn.com https://*.bing.com https://*.braintreegateway.com https://*.branch.io https://*.btncdn.com https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.heapanalytics.com https://*.hotjar.com https://*.iteratehq.com https://*.klarnacdn.net https://*.mention-me.com https://*.paypal.com https://*.paypalobjects.com https://*.pinimg.com https://*.pusher.com https://*.rmtag.com https://*.stripe.com https://*.tvsquared.com https://*.spoteffects.net https://*.twitter.com https://*.xg4ken.com https://*.zdassets.com https://*.zenaps.com https://*.zopim.com https://ad4m.at https://app.link https://www.googleoptimize.com https://*.cookiebot.com https://*.trustedshops.com https://*.microsoft.com https://*.klarna.com https://*.klarnaservices.com https://*.appsflyer.com https://*.inflcr.co https://*.clarity.ms https://*.keyivr.com https://*.analytics.tiktok.com https://analytics.tiktok.com https://pzapi-kg.com https://*.ad-srv.net https://cdn.optimizely.com/ https://api.smooch.io https://*.digitalgenius.com https://*.dgdeepai.com https://*.smooch.io; script-src-elem 'self' 'unsafe-inline' https://*.appboycdn.com https://*.bing.com https://*.branch.io https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.heapanalytics.com https://*.hotjar.com https://*.pinimg.com https://*.rmtag.com https://*.tvsquared.com https://*.spoteffects.net https://*.zdassets.com https://*.zenaps.com https://app.link https://*.stripe.com https://*.zopim.com https://ad4m.at https://*.pusher.com https://*.braintreegateway.com https://*.mention-me.com https://*.klarnacdn.net https://www.googleoptimize.com https://*.cookiebot.com https://*.trustedshops.com https://*.microsoft.com https://*.klarna.com https://*.appsflyer.com https://*.inflcr.co https://cdn.jsdeliver.net https://*.keyivr.com https://*.clarity.ms https://*.analytics.tiktok.com https://analytics.tiktok.com https://pzapi-kg.com https://*.ad-srv.net https://*.google.com https://cdn.optimizely.com/ https://api.smooch.io https://*.digitalgenius.com https://*.dgdeepai.com https://*.smooch.io; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://cdn.honey.io https://*.klarna.com https://*.appsflyer.com https://*.google.com https://*.digitalgenius.com https://*.dgdeepai.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.bloomandwild.com https://*.bloomandwild.de https://*.bloomandwild.fr https://*.bing.com https://*.braintree-api.com https://*.braintreegateway.com https://*.branch.io https://*.braze.com https://*.bugsnag.com https://*.contentful.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.klarnaevt.com https://*.pinterest.com https://*.postcodeanywhere.co.uk https://*.pusher.com wss://*.pusher.com https://*.stripe.com https://*.zdassets.com https://*.zendesk.com https://bw-contact-uploads.s3-eu-west-1.amazonaws.com https://vimeo.com wss://*.pusherapp.com wss://*.zopim.com https://*.sciencebehindecommerce.com wss://*.hotjar.com https://*.heapanalytics.com https://heapanalytics.com https://*.mention-me.com https://bw-form-uploads.s3-eu-west-1.amazonaws.com https://*.cookiebot.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://*.klarna.com https://*.klarnauserservices.com https://*.appsflyer.com https://*.onelink.me https://capi.bloomandwild.com https://www.instagram.com https://*.google.com https://google.com  https://*.clarity.ms https://*.keyivr.com https://analytics.tiktok.com https://*.auryc.com https://cdn.optimizely.com/ https://logx.optimizely.com/ wss://api.smooch.io https://api.smooch.io https://api.pwnedpasswords.com https://*.digitalgenius.com https://*.dgdeepai.com https://*.smooch.io; font-src 'self' data: https://*.fontawesome.com https://cdn.honey.io https://*.hotjar.com https://fonts.gstatic.com https://*.klarna.com https://*.appsflyer.com https://*.auryc.com https://*.digitalgenius.com; frame-src 'self' https://*.bloomandwild.com https://*.bloomandwild.de https://*.bloomandwild.fr https://bloomwild.typeform.com https://bloomandwild.typeform.com https://www.mainadv.com https://www.pinterest.de https://www.pinterest.dk https://www.pinterest.co.uk https://*.pinterest.com https://*.pinterest.fr https://*.pinterest.com.au https://*.pinterest.ie https://*.pinterest.at https://*.pinterest.ca https://*.pinterest.es https://*.pinterest.nz https://*.braintreegateway.com https://*.doubleclick.net https://*.facebook.com https://*.googlesyndication.com https://*.hotjar.com https://*.klarna.com https://*.paypal.com https://*.stripe.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.zenaps.com https://ad4m.at https://ad4mat.net https://mention-me.com https://*.mention-me.com https://*.cookiebot.com https://*.appsflyer.com https://*.inflcr.co https://*.keyivr.com https://*.google.com https://*.digitalgenius.com https://*.dgdeepai.com; child-src 'self' blob: https://*.braintreegateway.com https://*.paypal.com https://*.klarna.com https://*.appsflyer.com https://*.digitalgenius.com https://*.dgdeepai.com; manifest-src 'self'; media-src 'self' https://*.zdassets.com https://*.klarna.com https://*.appsflyer.com https://*.vimeo.com https://download-video.akamaized.net https://*.digitalgenius.com https://*.dgdeepai.com; img-src 'self' data: https://*.bloomandwild.com https://*.bloomandwild.de https://*.bloomandwild.fr https://*.google-analytics.com https://*.google.ae https://*.google.al https://*.google.co.in https://*.google.co.nz https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.sg https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.lk https://*.google.nl https://*.google.ro https://*.google.ch https://*.google.pt https://*.google.fi https://*.google.co.za https://*.google.lt https://*.google.cz https://*.google.com.ph https://*.google.lv https://*.google.kz https://*.google.com.hk https://*.google.at https://*.google.be https://*.google.se https://*.google.no https://*.google.je https://*.google.com.qa https://*.google.pl https://*.google.gr https://*.google.com.sa https://*.google.ru https://*.google.hu https://*.google.com.pk https://*.google.com.np https://*.google.com.gh https://*.google.com.cy https://*.google.lu https://*.google.com.tr https://*.google.co.uk https://*.ad4mat.net https://*.adform.net https://*.adition.com https://*.adnxs.com https://*.adscale.de https://*.adserver01.de https://*.amazon-adsystem.com https://*.atdmt.com https://*.bidswitch.net https://*.bing.com https://*.braintreegateway.com https://*.branch.io https://*.contentful.com https://*.creative-serving.com https://*.ctfassets.net https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.gstatic.com https://cdn.honey.io https://*.linksynergy.com https://*.mention-me.com https://*.paypal.com https://*.pinterest.com https://*.rubiconproject.com https://*.stripe.com https://*.taboola.com https://*.tvsquared.com https://*.spoteffects.net https://*.twiago.com https://*.twitter.com https://*.yieldlab.net https://*.zenaps.com https://ad4m.at https://as.ad4m.at https://heapanalytics.com https://id5-sync.com https://carrier-logos.s3-eu-west-1.amazonaws.com https://*.trustedshops.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.appsflyer.com https://*.inflcr.co https://impressions.onelink.me https://www.instagram.com https://*.bloomandwild.zendesk.com https://bloomandwild.zendesk.com https://*.keyivr.com https://*.clarity.ms https://prf.hn https://*.hotjar.com https://static.zdassets.com https://i.vimeocdn.com https://*.digitalgenius.com https://*.dgdeepai.com https://*.cookiebot.com/; report-uri https://api.bloomandwild.com/csp-violations; report-to {"max_age":86400,"endpoints":[{"url":"https://api.bloomandwild.com/csp-violations"}]} 1
default-src 'self' *.albridge.com:* *.bnymellon.net *.mainaccount.com *.vidyard.com *.morningstar.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com *.gstatic.com blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.morningstar.com *.polyfill.io *.jsdelivr.net ajax.googleapis.com cdnjs.cloudflare.com *.mainaccount.com *.google.com *.gstatic.com *.bnymellon.net *.highcharts.com *.vidyard.com *.newrelic.com *.byallaccounts.net cdn.cookielaw.org *.onetrust.com; style-src 'self' 'unsafe-inline' *.morningstar.com *.bnymellon.net *.mainaccount.com *.vidyard.com *.byallaccounts.net *.googleapis.com; img-src 'self' data: *.albridge.com *.bnymellon.net *.bnymellon.com *.mainaccount.com *.schwab.com *.vidyard.com cdn.cookielaw.org *.onetrust.com *.byallaccounts.net blob:; frame-src 'self' *.mainaccount.com *.google.com *.albridge.com *.bnymellon.net *.cashedge.com *.schwab.com *.idmanagedsolutions.com *.vidyard.com *.byallaccounts.net *.pershingx.com *.powerbi.com *.woveplatform.com; 1
frame-ancestors 'self' mopinion.com app.mopinion.com 1
script-src 'unsafe-inline' data: blob: http: https: https://www.homeagain.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.homeagain.com/; worker-src 'self' data: blob: http: https: https://www.homeagain.com/; img-src data: blob: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self' data: blob: http: https: https://www.homeagain.com/; font-src 'self' data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.zuora.com *.google.com *.googletagmanager.com cloud.emailca.merck-animal-health-usa.com cloud.email3.homeagain.com cl.s11.exct.net webto.salesforce.com csxd.contentsquare.net; 1
frame-ancestors *.jandi.com 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.list-manage.com *.googleapis.com *.twitter.com *.facebook.net www.googletagmanager.com www.googleadservices.com www.gstatic.com www.google.com google.com google.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com https://*.clarity.ms s3.amazonaws.com js-eu1.hs-scripts.com js-eu1.hs-banner.com js-eu1.hs-analytics.net js-eu1.hscollectedforms.net forms-eu1.hscollectedforms.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com cdn-images.mailchimp.com use.fontawesome.com fonts.bunny.net;img-src 'self' * data:;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.bunny.net use.fontawesome.com;connect-src 'self' fonts.googleapis.com insights.hotjar.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io forms-eu1.hscollectedforms.net region1.google-analytics.com https://*.clarity.ms *.list-manage.com;frame-src 'self' www.google.com maps.google.com vars.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.list-manage.com;worker-src 'self' self blob: 'unsafe-inline'; 1
default-src 'self' *.dundle.dev dundle.dev *.dundle.com dundle.com localhost localhost:3002 localhost:3000 *.dinrex.com staging-dundle-api-premium.azurewebsites.net *.dundle-api.com *.fptls3.com *.fptls.com *.doubleclick.net *.openfpcdn.io *.google-analytics.com googleadservices.com *.googleadservices.com *.googlesyndication.com *.bing.com *.clarity.ms sentry.io *.facebook.com *.instagram.com *.braintreegateway.com *.braintree-api.com paypal.com *.paypal.com *.intercom.io translate.google.com *.execute-api.eu-central-1.amazonaws.com recaptcha.net *.recaptcha.net *.analytics.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat cookielaw.org *.cookielaw.org *.onetrust.com ws: *.intercom.io; font-src 'self' blob: data: *; frame-ancestors 'self' dundle.dev *.dundle.dev dundle.com *.dundle.com admin.secure.dundle.com; frame-src *.dundle.com *.paypalobjects.com *.paypal.com paypal.com *.facebook.com facebook.com youtube.com *.youtube.com youtu.be *.youtu.be *.googlesyndication.com *.doubleclick.net recaptcha.net *.recaptcha.net; img-src 'self' blob: data: *; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.dundle.dev dundle.dev *.dundle.com dundle.com localhost *.google-analytics.com *.googletagmanager.com googletagmanager.com *.googleoptimize.com *.doubleclick.net *.google.com googleadservices.com *.googleadservices.com *.googlesyndication.com gstatic.com *.gstatic.com sentry.io *.sentry-cdn.com fpnpmcdn.net *.fptls.com *.fptls3.com *.openfpcdn.io cdn.siftscience.com *.facebook.net *.facebook.com hexagon-analytics.com *.bing.com *.clarity.ms *.cloudfront.net *.braintreegateway.com *.braintree-api.com paypal.com *.paypal.com www.paypalobjects.com *.intercom.io *.intercomcdn.com recaptcha.net *.recaptcha.net *.sift.com/s.js cookielaw.org *.cookielaw.org; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.dundle.dev dundle.dev *.dundle.com dundle.com localhost *.google-analytics.com *.googletagmanager.com googletagmanager.com *.googleoptimize.com *.doubleclick.net *.google.com googleadservices.com *.googleadservices.com *.googlesyndication.com gstatic.com *.gstatic.com sentry.io *.sentry-cdn.com fpnpmcdn.net *.fptls.com *.fptls3.com *.openfpcdn.io cdn.siftscience.com *.facebook.net *.facebook.com hexagon-analytics.com *.bing.com *.clarity.ms *.cloudfront.net *.braintreegateway.com *.braintree-api.com paypal.com *.paypal.com www.paypalobjects.com *.intercom.io *.intercomcdn.com recaptcha.net *.recaptcha.net *.sift.com/s.js cookielaw.org *.cookielaw.org; style-src 'self' 'unsafe-inline' *; form-action *; report-uri https://o193536.ingest.sentry.io/api/1296542/security/?sentry_key=fe8919700c6b4ab693fd86fefa14c6cd 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com www.ersnet.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.jsdelivr.net *.azureedge.net *.druidplatform.com; default-src 'self' 'unsafe-inline' www.googletagmanager.com blob: druidapi.druidplatform.com; font-src 'self' data: www.ersnet.org use.fontawesome.com cdn.jsdelivr.net; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com https://td.doubleclick.net/ copilotstudio.microsoft.com; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com  *.ytimg.com  *.twitter.com  *.youtube.com www.google.com https://googleads.g.doubleclick.net https://www.facebook.com; media-src 'self' blob: data:; object-src 'self' blob: data:; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com *.jsdelivr.net *.azureedge.net https://static.hotjar.com www.googleadservices.com bootstrap.ersnet.org script.hotjar.com; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com *.fontawesome.com *.jsdelivr.net *.azureedge.net; worker-src 'self' blob:; 1
frame-ancestors 'self' https://orau.org https://www.orau.org https://npp.orau.org https://*.orau.net 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.broadcastnow.co.uk https://eme.abacusemedia.com; 1
object-src 'self' https://skymediaglobal.b-cdn.net;script-src 'self' 'unsafe-inline' https://www.skymedia.co.uk https://api.w3-edge.com https://www.googletagmanager.com https://www.googletagservices.com https://q7h8x4g8.stackpathcdn.com  https://cdn.privacy-mgmt.com  https://cdnjs.cloudflare.com  https://secure.hook6vein.com  https://pi.pardot.com  https://www.google.com  https://www.google-analytics.com  https://go.skymedia.co.uk https://js-agent.newrelic.com https://bam.nr-data.net https://yoast.com  https://ajax.googleapis.com  https://assets.adobedtm.com  https://www.gstatic.com  https://skymediaglobal.b-cdn.net  https://gdpr-tcfv2.sp-prod.net  https://fluid.4strokemedia.com https://cdnb.4strokemedia.com https://z.moatads.com https://imasdk.googleapis.com/ https://pagead2.googlesyndication.com/ https://s0.2mdn.net 'unsafe-eval';worker-src 'self' blob:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com https://tr.snapchat.com https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://privacyportal-eu.onetrust.com https://*.parcellab.com https://analytics.tiktok.com https://tr.snapchat.com; form-action 'self' https://www.facebook.com https://checkout.nuxe.com https://connect.facebook.net https://tr.snapchat.com https://www.nuxe.com https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://cdn.trackjs.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://geolocation.onetrust.com https://ln-rules.rewardstyle.com https://analytics.tiktok.com https://*.ibytedtos.com https://sc-static.net https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cpb.nl https://ajax.googleapis.com/ https://etalage.argumentenfabriek.nl/; frame-src 'self' https://cpbit.shinyapps.io/ https://www.youtube.com/ https://player.vimeo.com/ https://indd.adobe.com/; 1
img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com *.podigee.io *.spendino.de data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com *.podigee.io *.spendino.de *.youtube.com  blob:; frame-src https://ecomakerspace.de *.google.com *.podigee-cdn.net *.podigee.io *.spendino.de *.youtube.com *.youtube-nocookie.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com *.podigee.io *.spendino.de data: blob:; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; form-action 'self'; 1
default-src data: https:; script-src data: https: 'unsafe-eval' 'unsafe-inline'; style-src data: https: 'unsafe-inline'; report-uri /report/content-security-policy 1
default-src *.wistia.net *.zopim.io *.zapier.com blob: wss: *.zendesk.com *.zdassets.com *.cloudflare.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
default-src 'self' https://www.bilgi.edu.tr; img-src http: https: data: blob:; font-src 'self' data: https://*.bilgi.edu.tr https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; media-src 'self' https: blob: https://*.bilgi.edu.tr; script-src 'self' https://*.bilgi.edu.tr https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://*.addthis.com https://*.facebook.com https://*.linkedin.com https://*.addthisedge.com https://www.youtube.com https://s.ytimg.com https://yastatic.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://secure.adnxs.com https://mc.yandex.ru https://www.googletagmanager.com https://connect.facebook.net https://cdn.mookie1.com 'unsafe-inline' 'unsafe-eval'; script-src-elem data: 'self' https://*.bilgi.edu.tr https://www.google.com/recaptcha/ https://www.gstatic.com/ https://*.addthis.com https://*.facebook.com https://*.linkedin.com https://*.addthisedge.com https://www.youtube.com https://s.ytimg.com https://yastatic.net https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://secure.adnxs.com https://mc.yandex.ru https://www.googletagmanager.com https://connect.facebook.net https://cdn.mookie1.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.bilgi.edu.tr https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com 'unsafe-inline'; child-src 'self' https://*.bilgi.edu.tr http://webvisor.com https://player.vimeo.com https://www.youtube.com https://*.google.com https://*.yandex.ru https://*.googletagmanager.com https://*.twitter.com https://*.facebook.com; connect-src 'self' https://*.bilgi.edu.tr https://*.addthis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.directmarketingturkey.com https://mc.yandex.ru; object-src 'self'; frame-src 'self' https://*.bilgi.edu.tr https://www.youtube-nocookie.com/ http://webvisor.com https://*.addthis.com/ https://bid.g.doubleclick.net https://*.google.com https://*.yandex.ru https://*.vimeo.com https://*.youtube.com; frame-ancestors 'self' https://bilgiedutr.sharepoint.com 1
default-src 'self' *.trustarc.com *.truste-svc.net *.truste.com *.worldpay.com *.prsformusic.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.tweet2rate.co.uk https://tweet2rate.co.uk *.w3.org *.addthis.com *.addthisedge.com *.google.com *.googleapis.com *.jquery.com *.cloudflare.com *.youtube.com *.spotify.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.boltdns.net *.sli.do *.instagram.com *.soundcloud.com *.moatads.com *.issuu.com *.webchat.botframework.com https://webchat.botframework.com *.123formbuilder.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-7vOeyey1UECcRmQlzSSfw' *.prsformusic.com *.trustarc.com *.truste-svc.net *.truste.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.tweet2rate.co.uk https://tweet2rate.co.uk *.w3.org *.addthis.com *.addthisedge.com *.google.com *.googleapis.com *.jquery.com *.cloudflare.com *.youtube.com *.spotify.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.boltdns.net *.sli.do *.instagram.com *.soundcloud.com *.moatads.com *.issuu.com *.webchat.botframework.com https://webchat.botframework.com *.123formbuilder.com blob:; img-src *.ytimg.com * data:; frame-src *.worldpay.com *.trustarc.com *.truste-svc.net *.truste.com *.prsformusic.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.tweet2rate.co.uk https://tweet2rate.co.uk *.w3.org *.addthis.com *.addthisedge.com *.google.com *.googleapis.com *.jquery.com *.cloudflare.com *.youtube.com *.spotify.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.boltdns.net *.sli.do *.instagram.com *.soundcloud.com *.moatads.com *.issuu.com *.webchat.botframework.com https://webchat.botframework.com *.123formbuilder.com; worker-src 'self' 'unsafe-inline' * blob:; media-src 'self' 'unsafe-inline' * blob:; style-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline' * data: 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subs.building.co.uk; 1
default-src * 'self' data: 'unsafe-inline'; 1
default-src 'none' ; form-action 'self' https://*.edulinkone.com ; media-src 'self' https://*.edulinkone.com blob:; base-uri 'self' ; child-src 'self' ; connect-src 'self' https://*.edulinkone.com https://fcm.googleapis.com wss://*.twilio.com; script-src 'self' https://www.gstatic.com https://apis.google.com ; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'; frame-src https://accounts.google.com; manifest-src 'self' ; frame-ancestors 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' *.specless.io *.specless.tech http://*.seo.aws.about.com https://*.seo.aws.about.com http://*.dotdash.com https://*.dotdash.com *.woodmagazine.com 1
default-src 'self'; font-src 'self' *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googletagmanager.com app.sli.do fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com app.sli.do *.googleadservices.com googleads.g.doubleclick.net *.passle.net widget.spreaker.com github.com getglimpse.com cms.clydeco.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com www.youtube.com s.ytimg.com www.gstatic.com *.cookiebot.com cms.clydeco.com clyde-prod.azurewebsites.net clyde-cms-prod.azurewebsites.net clyde-cms-prod2.azurewebsites.net app.sli.do clyde-cms-uat.azurewebsites.net clyde-cms-uat2.azurewebsites.net clyde-uat2.azurewebsites.net clyde-uat.azurewebsites.net clyde-uat3.azurewebsites.net clyde-cms-qa.hosted.positive.co.uk clyde-qa.hosted.positive.co.uk www.clydeco.com clydeco.com www.cc.com cc.com *.twitter.com cdn.syndication.twimg.com *.ceros.com; style-src 'self' 'unsafe-inline' app.sli.do *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googletagmanager.com tagmanager.google.com fonts.googleapis.com; frame-src 'self' app.sli.do embedder.wirewax.com widget.spreaker.com w.soundcloud.com cms.clydeco.com clyde-qa.hosted.positive.co.uk www.clydeco.com clydeco.com www.cc.com cc.com cdn.yoshki.com www.youtube-nocookie.com *.google.com *.ngrok.io www.facebook.com *.pinterest.com pinterest.com player.vimeo.com www.google.com s7.addthis.com www.youtube.com *.webspellchecker.net *.cookiebot.com *.twitter.com *.ceros.com *.googlesyndication.com *.googleadservices.com; object-src 'none'; img-src 'self' data: https: clydeco.vuturevx.com googleads.g.doubleclick.net app.sli.do *.googlesyndication.com *.googleadservices.com *.googletagmanager.com; connect-src 'self' app.sli.do *.googlesyndication.com *.googleadservices.com *.google.com *.googletagmanager.com consentcdn.cookiebot.com maps.googleapis.com *.spreaker.com *.passle.net api.mixpanel.com cc.local *.google-analytics.com cms.clydeco.com clyde-prod.azurewebsites.net clyde-cms-prod.azurewebsites.net clyde-cms-prod2.azurewebsites.net clyde-cms-uat.azurewebsites.net clyde-qa.hosted.positive.co.uk clyde-cms-qa.hosted.positive.co.uk clyde-uat2.azurewebsites.net clyde-uat.azurewebsites.net clyde-uat3.azurewebsites.net *.doubleclick.net; media-src 'self' app.sli.do *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net api.spreaker.com cdn.clydeco.com clydeuat.azureedge.net clydedev.azureedge.net; frame-ancestors 'self' *.googlesyndication.com app.sli.do *.googleadservices.com *.google.com *.googletagmanager.com cms.clydeco.com *.ceros.com clyde-cms-uat.azurewebsites.net clyde-cms-uat2.azurewebsites.net admin.cc.local clyde-cms-qa.hosted.positive.co.uk; 1
frame-ancestors 'self' *.gubagoo.io *.gubagoo.com 1
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://localhost:8732 http://localhost:8080 https://localhost:9732 http://localhost:8732 http://localhost:9732 https://www.uhaul.com https://showroom.uhaul.net https://www.bing.com https://r.bing.com https://dev.virtualearth.net https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://webchat.digitalcx.com https://secure.365smartenterprising.com;object-src 'self' blob:;style-src 'self' 'unsafe-inline' http://pos.uhaul.net https://pos.uhaul.net http://posq.uhaul.net https://posq.uhaul.net http://posd.uhaul.net https://posd.uhaul.net http://posp.uhaul.net https://posp.uhaul.net http://pos.uhi.amerco https://pos.uhi.amerco http://posq.uhi.amerco https://posq.uhi.amerco http://posd.uhi.amerco https://posd.uhi.amerco http://posp.uhi.amerco https://posp.uhi.amerco http://posdev.uhi.amerco https://posdev.uhi.amerco http://fonts.googleapis.com https://www.bing.com https://r.bing.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com;img-src 'self' data: blob: https://www.bing.com https://r.bing.com https://t0.ssl.ak.dynamic.tiles.virtualearth.net https://t1.ssl.ak.dynamic.tiles.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://t.ssl.ak.tiles.virtualearth.net https://rewriteq.webselfstorage.com https://rewrited.webselfstorage.com https://www.googletagmanager.com https://rewrites.webselfstorage.com https://www.webselfstorage.com https://fonts.gstatic.com https://www.google-analytics.com https://analytics.google.com https://selfstorageinsider.com https://uhaulmediastorage.blob.core.windows.net https://amercomediastorage.blob.core.windows.net https://dev.webselfstorage.com https://qa.webselfstorage.com https://stage.webselfstorage.com https://i.ytimg.com https://is2-ssl.mzstatic.com https://secure.365smartenterprising.com https://robincontentdesktop.blob.core.windows.net;media-src 'self' blob:;frame-src 'self' https://media.uhaul.net https://www.youtube.com https://www.youtube-nocookie.com https://api.wss.local https://apid.webselfstorage.com https://apiq.webselfstorage.com https://apis.webselfstorage.com https://api.webselfstorage.com https://localhost:5001 https://www.google.com/recaptcha/ https://devapi.webselfstorage.com https://qaapi.webselfstorage.com https://stageapi.webselfstorage.com;font-src data: https://fonts.gstatic.com https://fonts.googleapis.com https://www.cm.com https://webselfstorage.com https://www.webselfstorage.com https://rewrite.webselfstorage.com https://rewrites.webselfstorage.com https://rewriteqa.webselfstorage.com https://rewritebeta.webselfstorage.com https://rewriteq.webselfstorage.com https://rewrited.webselfstorage.com http://tempstage http://wss.local https://wss.local https://localhost:44301 https://dev.webselfstorage.com https://qa.webselfstorage.com https://stage.webselfstorage.com;connect-src 'self' blob: ws: wss: http://localhost:8080 https://www.bing.com https://t.ssl.ak.tiles.virtualearth.net https://www.google-analytics.com https://analytics.google.com https://cxcomlive-webconvwa-weu.azurewebsites.net;frame-ancestors 'self' https://api.wss.local https://apid.webselfstorage.com https://apiq.webselfstorage.com https://apis.webselfstorage.com https://api.webselfstorage.com https://devapi.webselfstorage.com https://qaapi.webselfstorage.com https://stageapi.webselfstorage.com;report-uri /WebResource.axd?cspReport=true 1
default-src 'self'; img-src 'self' *.allfunds.com https://*.allfunds.com https://*.googleapis.com https://*.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://www.google-analytics.com https://storage.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://linkedin.com https://*.linkedin.com  https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com 'self' data:;; media-src 'self' *.allfunds.com https://*.allfunds.com https://*.googleapis.com https://*.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://linkedin.com https://*.linkedin.com https://*.amplitude.com https://amplitude.com https://amplitude.com https://app.allfunds.com/docs/cms/header_web_5d4b57c95f.mp4 'self' data:;; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.google.com/recaptcha/api.js https://*.googleapis.com https://*.recaptcha.net https://recaptcha.net https://www.gstatic.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://apis.google.com https://www.google-analytics.com https://player.vimeo.com/api/player.js https://cdn.jsdelivr.net/npm/css-vars-ponyfill@2 https://cdn.plyr.io/3.6.8/plyr.polyfilled.js https://*.go-mpulse.net https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://cloudfunctions.net https://*.cloudfunctions.net https://snap.licdn.com; font-src 'self' https://*.gstatic.com https://cloudfunctions.net https://*.cloudfunctions.net https://snap.licdn.com; connect-src 'self' https://europe-west1-afb-connect.cloudfunctions.net/registerUserContact https://allfunds.com https://*.googleapis.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://md8jnn29kj.execute-api.eu-west-1.amazonaws.com https://www.google-analytics.com https://stats.g.doubleclick.net https://app.allfunds.com https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://telemetrics-widgets.allfunds.dev wss://app.allfunds.com https://cdn.plyr.io https://region1.google-analytics.com https://region1.analytics.google.com https://*.go-mpulse.net https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com; frame-src 'self' https://www.google.com https://purecatamphetamine.github.io https://cms-front.s3.eu-west-1.amazonaws.com https://intranet.allfunds.com https://app.allfunds.com https://*.recaptcha.net https://recaptcha.net https://nextportfolio.allfunds.com https://telemetrics.allfunds.com https://dashboard.allfunds.com https://telemetrics-widgets.allfunds.dev https://player.vimeo.com https://linkedin.com https://*.linkedin.com https://cloudfunctions.net https://*.cloudfunctions.net https://*.amplitude.com https://amplitude.com https://amplitude.com https://akamaihd.net https://*.akamaihd.net https://akstat.io https://*.akstat.io https://snap.licdn.com https://googletagmanager.com https://*.googletagmanager.com https://myconnect.allfunds.com https://myconnect.allfunds.dev; object-src 'none'; 1
connect-src 'self' *.adt670.com *.adtraction.com *.akamaihd.net *.altruistictask.com *.amazon.com *.areyouahuman.com *.bing.com *.ciuvo.com *.cleverpush.com *.clic2drive.com *.cloudflare.com *.consentmanager.net *.davebestdeals.com *.delti.com *.deltipartners-scheduler.com *.google-analytics.com *.jquery.com *.mondo.chat *.mxpnl.net *.optimizely.com *.paypal.com *.paypalobjects.com *.promote.ro:9091 *.reifendirekt.de *.sovendus.com *.srvtrck.com *.uc.cn *.veinteractive.com *.webmasterplan.com *.windows.net ajax.googleapis.com d3g3bgnlkdwk4h.cloudfront.net data jsctool.com razorsql.com tdsrmbl.net translate.googleapis.com wss://*.promote.ro:9091 wss://*.promote.ro:9400 wss://*.reifendirekt.de wss://www.mondo.chat; default-src 'self' *.bootstrapcdn.com *.delti.com *.jfnet.de *.optimizely.com *.reifendirekt.de *.trustpilot.com fonts.googleapis.com; font-src 'self' *.bootstrapcdn.com *.davebestdeals.com *.delti.com *.googleusercontent.com *.gstatic.com *.paypalobjects.com *.trustedshops.com data data:; frame-ancestors *; frame-src 'self' *.ad-srv.net *.adform.net *.adrtx.net *.akamaihd.net *.aklamio.com *.amazonaws.com *.areyouahuman.com *.awin1.com *.azureedge.net *.billiger.de *.blackfridaysale.de *.cashbackjournal.de *.check24.de *.clic2buy.com *.cmptch.com *.comprigo.com *.computop-paygate.com *.computop.com *.consentmanager.net *.cptrack.de *.criteo.com *.criteo.net *.davebestdeals.com *.delti.com *.deltipartners-scheduler.com *.donation-tools.org *.doubleclick.net *.dtscout.com *.dwin1.com *.ehi-siegel.de *.everestjs.net *.everesttech.net *.facebook.com *.foxydeal.com *.gecirtnotification.com *.go.com *.google.com *.google.de *.googlesyndication.com *.haix.de *.hwcdn.net *.kpcustomer.de *.kweriee.com *.lenua.de *.mondo.chat *.mslinktrack.com *.mycleverpush.com *.optimizely.com *.partner-versicherung.de *.paypal.com *.q-sis.de *.reifendirekt.de *.rollapp.com *.safer-shopping.de *.sandbox.paypal.com *.seadform.net *.securesrv12.com *.sovendus.com *.srvtrck.com *.surveymonkey.com *.theadex.com *.tradedoubler.com *.trustpilot.com *.veinteractive.com *.webmasterplan.com *.yadore.com *.yahoo.com *.youtube-nocookie.com *.youtube.com *.zanox.com *.zenaps.com *.zscloud.net bispadisch.de bonusdirekt.de ciuvo.com d2p5uuu8vyzvbv.cloudfront.net data found.de jo.de preisvergleich123.com s3.eu-central-1.amazonaws.com the.sciencebehindecommerce.com trolliger.de; img-src 'self' *.adform.net *.adition.com *.adnxs.com *.adsrvr.org *.akamaihd.net *.alcar-wheels.com *.amazonaws.com *.amung.us *.andasa.de *.awin1.com *.billiger.com *.billiger.de *.bing.com *.bluekai.com *.cleverpush.com *.cnnx.io *.consentmanager.net *.criteo.com *.criteo.net *.crwdcntrl.net *.davebestdeals.com *.delti.com *.digitaloptout.com *.doubleclick.net *.ebayimg.com *.everesttech.net *.facebook.com *.fagms.net *.google-analytics.com *.google.ae *.google.al *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bs *.google.by *.google.ca *.google.ch *.google.cl *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.uk *.google.co.za *.google.com *.google.com.au *.google.com.br *.google.com.cu *.google.com.cy *.google.com.do *.google.com.eg *.google.com.mx *.google.com.na *.google.com.om *.google.com.pe *.google.com.ph *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.vn *.google.cz *.google.de *.google.dk *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hr *.google.hu *.google.ie *.google.is *.google.it *.google.jo *.google.kg *.google.kz *.google.li *.google.lt *.google.lu *.google.lv *.google.md *.google.mk *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.si *.google.sk *.google.tn *.googleapis.com *.gstatic.com *.hklmm.com *.idealo.com *.igstatic.com *.jfnet.de *.media-amazon.com *.mondo.chat *.mse-berg.int *.optimizely.com *.payback.de *.payments-amazon.com *.paypal.com *.paypalobjects.com *.pirelli.com *.pmddby.com *.pricerunner.com *.prudsys-rde.de *.reifendirekt.de *.reifentest.com *.sandbox.paypal.com *.sdccdn.com *.shopauskunft.de *.shopmania.org *.shopping.com *.sovendus.com *.srvtrck.com *.stathat.com *.surveymonkey.com *.t-online.de *.theadex.com *.trustpilot.com *.tyre-pictures.com *.veinteractive.com *.visualwebsiteoptimizer.com *.wt-eu02.net *.yandex.ru *.ytimg.com *.zenaps.com *.zscalertwo.net *.zscloud.net cdnlvry.xyz cdnnetwok.xyz ciuvo.com data data: glganltcs.space gzhls.at icontent.us khms0.googleapis.com khms1.googleapis.com maps.googleapis.com mts.googleapis.com mtst.io netanalitics.space netanalytics.xyz netanalyzer.space netcheckcdn.xyz spedcheck.space worldnaturenet.xyz; media-src *.cloudfront.net; object-src 'self' *.delti.com data jsctool.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.acestream.net *.adform.net *.adrtx.net *.akamaihd.net *.akamoihd.net *.amazonaws.com *.awin1.com *.bing.com *.bizrate.com *.bootstrapcdn.com *.cdn77.org *.cheklaby.com *.cleverpush.com *.cloudflare.com *.cloudfront.net *.cmptch.com *.consentmanager.net *.criteo.com *.criteo.net *.davebestdeals.com *.dcbap.com *.delti.com *.deltipartners-scheduler.com *.demdex.net *.digitaloptout.com *.donation-tools.org *.doubleclick.net *.dtscout.com *.dwin1.com *.eshopcomp.com *.eurosty.com *.everestjs.net *.everesttech.net *.eyeota.net *.facebook.net *.fagms.net *.foxydeal.com *.gocloudly.com *.google-analytics.com *.google.com *.google.de *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.gutscheinconnection.de *.histats.com *.image2play.com *.linkuryjs.info *.mein-bmi.com *.miazuz.com *.microsofttranslator.com *.mondo.chat *.mouse3k.com *.mse-berg.int *.onclasrv.com *.open-dog.com *.opendns.com *.optimizely.com *.orange81safe.com *.payments-amazon.com *.paypal.com *.pmddby.com *.pomrolo.com *.q-divisioncdn.de *.q-sis.de *.reifendirekt.de *.routenplaner-karten.com *.scopich.com *.securesrv12.com *.shopauskunft.de *.shopello.net *.similardeals.net *.sovendus.com *.surveymonkey.com *.theadex.com *.tiekinetix.net *.trustpilot.com *.twiago.com *.twitter.com *.ubersetzung-app.com *.veinteractive.com *.visualwebsiteoptimizer.com *.walkme.com *.webmasterplan.com *.windows.net *.wirkaufendeinauto.de *.wkda.de *.xcetkbl.com *.yandex.ru *.zanox.com *.zargu.com *.zenaps.com *.zscaler.net *.zscalertwo.net *.zscloud.net 4ddons.com adtr.io d31bfnnwekbny6.cloudfront.net data data: dnn506yrbagrg.cloudfront.net eluxer.net entrypoints-production.herokuapp.com glganltcs.space icontent.us imgsrv.io jsctool.com loadingpagesos.win loadingpaqes.info maps.googleapis.com mtst.io natproxy.ws netanalitics.space netanalytics.xyz netanalyzer.space netcheckcdn.xyz nprixy.net quick-searcher-world.biz rs.clic2buy.com s3-us-west-2.amazonaws.com s3.amazonaws.com spedcheck.space the.sciencebehindecommerce.com urlvalidation.com worldnaturenet.xyz; style-src 'self' 'unsafe-inline' *.boost-project.com *.bootstrapcdn.com *.davebestdeals.com *.delti.com *.googleapis.com *.mein-grundeinkommen.de *.mondo.chat *.reifendirekt.de *.sovendus.com *.trustedshops.com *.twiago.com *.veinteractive.com *.zscaler.net *.zscalertwo.net *.zscloud.net data fonts.googleapis.com optimize.google.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://*.googleapis.com https://player.vimeo.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net; img-src 'self' data: https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://collector-a.perimeterx.net https://i5.walmartimages.com https://ic.epic.com https://i.vimeocdn.com/video https://www.walmarthealth.com; object-src 'self' data:; media-src 'self' https://vimeo.com; connect-src 'self' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.g.doubleclick.net https://vimeo.com *.perimeterx.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.px-client.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://workforcenow.adp.com/ https://player.vimeo.com; worker-src 'self' blob: 1
default-src * 'unsafe-inline' 'unsafe-eval'; form-action https://* ; img-src * data: blob: 'unsafe-inline' 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1715653114; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self' https://www.paypal.com; frame-ancestors 'self'; frame-src 'self' https://*.guardedhost.com https://*.amerinoc.com https://*.amerinoc.com:2222;  img-src 'self' data: https://ssl.google-analytics.com https://www.paypalobjects.com https://*.guardedhost.com; connect-src 'self' wss://wssp.guardedhost.com; 1
frame-ancestors 'self' http://canvas.avallain.net http://moodle.avallain.net https://canvas.instructure.com 1
script-src 'self' 'unsafe-eval' https://unpkg.com/babel-standalone@6.15.0/babel.min.js 'unsafe-inline' https://assets.adobedtm.com googletagmanager.com * cdn.cookielaw.org * google-analytics.com * static.hotjar.com * https://cdn.cookielaw.org/scripttemplates/otSDKStub.js; style-src 'self' 'unsafe-inline' https://r.bing.com/rp/ * https://r.bing.com/rb/ *; 1
default-src 'none'; media-src 'self'; object-src 'self'; connect-src 'self' www.knf.gov.pl *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api  https://www.youtube.com/s/player/ https://www.google-analytics.com/ga.js https://ssl.google-analytics.com/ga.js https://maps.googleapis.com/ https://platform.twitter.com/ cdn.syndication.twimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ platform.twitter.com/css/ https://ton.twimg.com/tfw/css/; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' data: https://www.knf.gov.pl/ https://ssl.google-analytics.com/ https://csi.gstatic.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://syndication.twitter.com/ https://abs.twimg.com/ https://pbs.twimg.com/ https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/ https://ton.twimg.com/tfw/assets/; frame-src 'self' https://www.google.com/recaptcha/api2/ https://www.youtube.com/embed/ https://www.youtube.com/s/player/ https://syndication.twitter.com/ https://platform.twitter.com/; child-src 'self' https://www.google.com/recaptcha/api2/ https://www.youtube.com/embed/ https://www.youtube.com/s/player/ https://syndication.twitter.com/ https://platform.twitter.com/;  1
frame-ancestors self https://beyondthedestination.com; 1
default-src 'none'; frame-ancestors 'self'; connect-src https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://www.medicalobjects.com/ https://maps.googleapis.com/maps/api/mapsjs/ https://createsend.com/ https://secure.geonames.org/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google.com/ https://www.gstatic.com/ https://www.google-analytics.com/; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; font-src 'self' data: https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/font-awesome/; img-src 'self' data: https://www.google.com/ads/ https://www.google-analytics.com/ https://www.google.com.au/ads/ https://www.medical-objects.com.au/ https://i.ytimg.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/; style-src 'self' 'unsafe-inline'; frame-src https://www.google.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.googletagmanager.com/gtag/ https://www.google.com/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://medical-objects.createsend.com/; worker-src blob:; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://aqhaservices3.aqha.com https://services.aqha.com https://aqhaservices.aqha.com; 1
default-src 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://code.jquery.com https://www.googletagmanager.com https://maps.googleapis.com https://qalogin-za.eu.cognizantorderservnxtgen.com https://www.google-analytics.com;style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com;font-src 'self' https: https://fonts.googleapis.com https://tools.ietf.org https://fonts.gstatic.com;connect-src 'self' 'unsafe-inline' https: https://order.kfc.co.za https://cdn.contentful.com;media-src 'self' 'unsafe-inline' https: https://videos.ctfassets.net;img-src 'self' 'unsafe-inline' data: https: https://images.ctfassets.net https://order.kfc.co.za;frame-src 'self' https://www.google.com https://about.kfc.co.au https://microapps.google.com https://pay.google.com https://checkout.paypal.com https://www.sandbox.paypal.com https://assets.braintreegateway.com https://c.sandbox.paypal.com https://dashboard.d3mand.tech https://delivery.uber.com https://jngl.ml https://backend.skedadel.co.za https://a19558781057.cdn.optimizely.com *.cdn.optimizely.com;frame-ancestors 'self' https://app.contentful.com;upgrade-insecure-requests 1
child-src 'self' https: blob: https://secure-me.au10tixservices.com; default-src 'self' https:; font-src 'self' https: data:; media-src 'self' https: data:; object-src 'none'; worker-src 'self' https: blob:; frame-ancestors 'self' https://m.ubercarshare.com https://uber-carshare.ada.support; img-src 'self' https: data: blob: http://www.google-analytics.com/ https://cm.g.doubleclick.net https://www.google.com www.googletagmanager.com; script-src 'self' https: 'unsafe-eval' 'unsafe-hashes' http://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js http://connect.facebook.net/en_US/fbevents.js http://static.criteo.net/js/ld/ld.js http://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com 'sha256-iXrcFkX6ROGXN5V/5PSDZ6AZ+omqGr2PvAGCFSK6ZX8=' 'sha256-zbxWNERB0l2AAYUyAVaW9yHN2wYYFF4F6YhydCJI6f8=' 'sha256-9bgKt5Xbn6hs5Cy8UW++hvZsDjJu97691g+JHAsE5KM=' 'sha256-9M76mPzuECV07RtXL2JxgwzEG+Z1rIT/DH+k9Uj5QUc=' 'sha256-cOsyZOl47H6U/JY4pjJyVAdQdSKVvGWKwyZdXioa8Xk=' 'sha256-EmfJyXIhjnTKpq8gyfoVR7lU2lRKryWrK/0GJ2XY0n8=' 'sha256-f1wLAoRBMHr8iBhG4SAgGdGj+QwzzUG9Wpgjf5bVnyM=' 'sha256-GnXX1cEjZskz3cbPLMX2x3P6c+FWDwzk0zvBUJE/RkY=' 'sha256-Hq2U/La2WRUN2/kVSj1U00FPJZPkQbjrcQvOhpSDjUw=' 'sha256-lP0yY+m4T24vT5Gzvhg1uA/kj2IkkmRZdZFJO+8p2nw=' 'sha256-MGfImkfpD713E16TfeVYzTo2AF41MpDBmkPF3CdINVQ=' 'sha256-NlOBjP1pnXPwhXlOesaTS8yCmmMCANyqpqQtFLU8AoU=' 'sha256-nQ1uOUvx1z01XJJhLzyb9i1J+hUofwzaCbG0amDpj78=' 'sha256-nRWetAfarBRlvWD4X08oaSWBSQYTsCNhq7MtDQyF6MY=' 'sha256-olhD2wxujFFZ/T3RJhE45h9Xk+QQCQUWG9hbfvSzjzI=' 'sha256-pNDZtoCsOeROwgmGAvhOWwhl3057TtDbV5d9Ds1utxg=' 'sha256-qLB6zIQpcGLXCS5YlCCnkKKkIDrU9lvkbAWUb7oxPog=' 'sha256-ri3Omcn3UAV6tOfGq1o4PN8+r7BLtymUuVk7MgPApUQ=' 'sha256-YFIKzWxRxUaHQ+p/uE43jeJEmBS9HGPnP7p8pcKsMLo=' 'sha256-ykvQie0Ax23SmeyGd7q5LTqrPVOlYb4McR6MOPTEqvY=' 'sha256-z9hrVW0eudPX9wWqkWLhIw1hqt7C1rA5ttzygN1XQxc=' 'sha256-zF56950mN6lTaIzRYW172aGAJWKK4HmP6KJ2yl+k4Ck=' https://static.ada.support/embed2.js 'nonce-lJsWRa1i46/LnidtYF0AjQ=='; style-src 'self' https: 'unsafe-hashes' 'sha256-aoNmpMi04Wpmvn9VrEqvQyWylr1t6k4E1AOHaoPGBoc=' 'sha256-7cSeboQAxSYDeq+Txz130zupm2/CxnVzLgH68JeC1PE=' 'sha256-18xqwz3LY3xyaAMTP/NW/4WetEQwRlZ5MbneFjDly4E=' 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'sha256-0eSfkEVud9tXTotQSHOgIN4AzteHe/3SqDavtcNLWeY=' 'sha256-h0SPPNuqSVMjP/VMIZw9cu1arq/72HwoGBBZTxoPeX8=' 'sha256-/S/8ZUEmCWLOTd6SjFOzhXAfJGjNNyUYOvmoNwn7I8M=' 'sha256-18THR03q5WdJwCt1EbnJEaHUCLL8470mlk7FoSPKSPE=' 'sha256-C/Fori8lJ95WJAFQwRcYCR17Q0lje61PCsNZSKyCLUU=' 'sha256-C7guRSwuN5EOb7XsGzuPhBx04IN1dIdEDHJK8fZZIlg=' 'sha256-M91dRwa3klTrkOnoRoV9k/0D5ZhGSDqdXZmZLep7uK8=' 'sha256-RqoWZPDFLC1Dh3RIRGm0Gp4AQnIVSZW1Ppdhc2foXus=' 'sha256-ULVcMI5vzWRmB5oFfEpQN4atmrHeyoqbrL0izXSE7ZM=' 'sha256-ZkkVQnaLIIRXqYqw44eIPnCUuM1F7ZMsO5f0LQXRQf4=' 'sha256-O9ChnrQJngUlTYptX2rHTyPwYa4VlQslTnAyr1r9/XE=' 'sha256-+ShChrViUQVfbbSbgCUmI+lt0dJ6v4AiQR9jfazVOKE=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-aoe5KGF0uMwVU1xYnAzrasLA18AeoqAtdF2HaQTLIYI=' 'sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE=' 'sha256-dViles7Wn/PyxLinQNbTrPwqql+E7BE0WN0aNmhV6r4=' 'sha256-FkZ3VpYfh7JIma+4PvMDcyFNgbQtcQqP6tYmGQT9PM0=' 'sha256-fq7Md9B0amksVBTk/2TaltdrTVq2JN7fvIk0tt80qzU=' 'sha256-n5DcrK5P5pj+R70BR3vdmsgv0h99xcLHi+LLwXwQn8A=' 'sha256-Oot/t4JJUQyIe4Ar24rfD0gZ/9ysj0juRZRzMN+m8S0=' 'sha256-Pi+7UuA1bJmVOmsjMWVLxtu5P+2tG8arKzKaw73r4C8=' 'sha256-RNjBZZ9qvF8TVTEJGGRIyCbZeUj9yYbTmokwXGkJf/M=' 'sha256-t6oewASd7J1vBg5mQtX4hl8bg8FeegYFM3scKLIhYUc=' 'sha256-uLrCyqtEy8LoqmBIWe3vGx1Jo7+wAnMWBUs8YAHi7u0=' 'sha256-VslwZQHumVh7kHxPt3/KsPwwPGskmzJLMBjyzViRYcc=' 'sha256-wbxzqW6ZB8R5nA9M4BaXLzk/5sQRLpGEC5Sqn3I3xK0=' 'sha256-/LGoJLHVJWcnLZettNlcyP8MfnneXPs9CHoPNiJ3MF4=' 'sha256-5/a4fTNlh2ypq61rs2Czy+rBuFh8Gx+/c3+7UGlO+aw=' 'sha256-7OxlbN1NAJ31tNDU0WlEWEuyb0FpwqW2CHBoaxZhmFA=' 'sha256-CFEcxpmsVaPvNbmKU1INOY6JchYonU4lgboAtKVLd98=' 'sha256-dnBGEVqq89+awFONQLzg4YI+aRjLGkQLDhqcEJxetLc=' 'sha256-h5oiLgAjYwBX+Xghv/M2Ao3jh+OBXiGSNzy50jui+ss=' 'sha256-IR8O5+BK2Stxg1KKjlCx0VN41NcU06bl0de8377sYj4=' 'sha256-j+H1KqmMx4L01aVLbmUrwZawDT7ngzvT2K/hYTHyaTI=' 'sha256-jvemZc+Sn78mVMj3eUBVNkCi7zSY2dbw4CfyqkoJ9xI=' 'sha256-6s9D+EgPmY0u4zY5S2N4ar5pGfifIcEldsFtqX/35qM=' 'sha256-HVrn1N1AQfppljvm2fbyfsLYcnSpO5odhBFte27EOfU=' 'sha256-MObQTRY2+BQ+B8NtpLAoauB9PXIcqZeVn3XFkpcy8Tw=' 'sha256-mqITWk2Jj0yVYUWfW8QuZHnMOXb7pGNk51jRJ1QDqAg=' 'sha256-v9GvV9vef4poUM8hB7GeORfwsIXc89E+iL54zwHeEss=' 'sha256-MbCa0LyfoaxNHw14oPwPs7/ipwAkF6gWT2gRFNgKbv4=' 'sha256-bqlPgJ5tml6WqzWgoERl/SouX9+QJEevlwoXblZylco=' 'sha256-PGwJvSVsrdGD/Jof8uhmgtdmMBFSqjKsakXNMw8wF+s=' 'sha256-LFtn1cbzjJttzMnDM03zg7LEoV20Zd0a1F/Xx+b6Tmg=' 'sha256-dQ9gD1u9Q2slWfpwIHw0ZiUwuAyJB7HPD7qdvX5FTm8=' 'nonce-lJsWRa1i46/LnidtYF0AjQ=='; connect-src 'self' https: https://api.segment.io https://stats.g.doubleclick.net wss://api.smooch.io/faye; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub324f21dc1f58d5bbb922099e7a2c9df4&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1
frame-ancestors 'none'; default-src https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com https://uk.tmconst.com; font-src 'self' https://uk.tmconst.com https://fonts.gstatic.com https://marketer.monetate.net/ https://cdn.smooch.io; connect-src 'self' wss://api.smooch.io cm.teads.tv t.teads.tv wss://marketplace.prod.pub-tmaws.io https://*.ticketmaster.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://*.permutive.com https://*.prmutv.co https://*.config.smooch.io https://*.saucelabs.com https://uk.tmconst.com https://checkout.ticketmaster.com https://venueview.io-virtualvenue.com https://pubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://d2v54wjmlooyi.cloudfront.net https://csi.gstatic.com https://venue.tmol.co https://adservice.google.com https://www.google.com https://analytics.tiktok.com https://ib.adnxs.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://api.smooch.io https://app.ticketmaster.com https://k.p-n.io/ https://fn.us.ipqscdn.com https://be.durationmedia.net https://browser-intake-datadoghq.com https://tr.snapchat.com https://tr6.snapchat.com https://mapsapi.tmol.co https://availability.ticketmaster.it https://www.ticketmaster.it https://analytics.ticketmaster.it https://identity.ticketmaster.it https://app.ticketmaster.eu https://pubapi.ticketmaster.com https://pubapi.ticketmaster.com/logger/log https://engine.monetate.net/api/engine/v1/decide/ticketmaster; script-src 'self' 'unsafe-inline' 'unsafe-eval' p.teads.tv https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://*.collect.igodigital.com https://uk.tmconst.com https://venueview.io-virtualvenue.com https://polyfill.io https://af.monetate.net https://f.monetate.net https://se.monetate.net https://sb.monetate.net https://marketer.monetate.net/ https://www.googletagservices.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com https://d2v54wjmlooyi.cloudfront.net/ssp/libs/prod/fanbuilder/v2/fanbuilder.js https://cdn.smooch.io https://api.smooch.io https://cdn.distiltag.com https://widget.ticketmaster.eu https://securepubads.g.doubleclick.net https://adservice.google.ae https://adservice.google.at https://adservice.google.be https://adservice.google.ca https://adservice.google.ch https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.uk https://adservice.google.co.nz https://adservice.google.com https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.ph https://adservice.google.com.sa https://adservice.google.com.ua https://adservice.google.cz https://adservice.google.de https://adservice.google.dk https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ie https://adservice.google.it https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.se https://analytics.twitter.com https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://media.ticketmaster.co.uk https://static.ads-twitter.com https://www.googleadservices.com https://cdn.ampproject.org https://tpc.googlesyndication.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/pagead/conversion_async.js https://api.permutive.com https://cdn.permutive.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://s1.ticketm.net/tm/en-us/img/static/tmcore/web-vitals.umd.js https://s.adroll.com/ https://d.adroll.com/ https://s.pinimg.com/ https://swrap.tradedoubler.com https://www.sc.pages06.net https://cdn.p-n.io/pushly-sdk.min.js https://sc-static.net/ https://tr.snapchat.com https://tag.durationmedia.net https://static2.creative-serving.com/ https://www.datadoghq-browser-agent.com https://browser-intake-datadoghq.com https://js.adsrvr.org/up_loader.1.1.0.js https://js.hs-scripts.com https://identity.ticketmaster.it https://secure-entry.ticketmaster.com https://pubapi.ticketmaster.com/sdk/ras-sdk-v0.js https://my.ticketmaster.com https://dynamic.criteo.com https://measurement-api.criteo.com https://sslwidget.criteo.com https://widget.eu.criteo.com; style-src 'unsafe-inline' https://marketer.monetate.net/ https://fonts.googleapis.com/ https://cdn.smooch.io/; frame-src https://*.safeframe.googlesyndication.com https://*.siteintercept.qualtrics.com https://*.fls.doubleclick.net https://*.amelia.com https://marketer.monetate.net/ https://player.vimeo.com https://tpc.googlesyndication.com https://sb.monetate.net https://www.google.com/recaptcha/ https://www.youtube.com https://media.ticketmaster.co.uk https://cookies.onetrust.mgr.consensu.org/ https://bid.g.doubleclick.net https://securepubads.g.doubleclick.net https://insight.adsrvr.org/ https://identity.ticketmaster.it https://www.ticketmaster.it https://gum.criteo.com; img-src data: 'self' http://track.adform.net/ http://s0.2mdn.net/ p.teads.tv t.teads.tv https://*.googletagmanager.com https://*.google-analytics.com https://*.fls.doubleclick.net https://*.googleusercontent.com https://uk.tmconst.com https://cbt-assets.tmconst.com https://media.ticketmaster.eu https://media-staging.mfol.eu-west-1.pci.public.tmaws.eu https://s1.ticketm.net https://www.facebook.com https://nova.collect.igodigital.com https://eu.qualtrics.com https://af.monetate.net https://f.monetate.net https://marketer.monetate.net/ https://tpc.googlesyndication.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.co.in https://www.google.co.jp https://www.google.co.uk https://www.google.co.nz https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.ec https://www.google.com.eg https://www.google.com.gt https://www.google.com.mx https://www.google.com.ph https://www.google.com.sa https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.rs https://www.google.ru https://www.google.se https://ad.doubleclick.net https://cm.g.doubleclick.net https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://prismic-images.tmol.io https://i.ytimg.com/ https://i.vimeocdn.com/ https://media.ticketmaster.co.uk https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Generic.jpg https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Music.jpg https://s3.eu-west-1.amazonaws.com/ https://cx.atdmt.com https://venueview.io-virtualvenue.com https://secure.adnxs.com https://t.co https://analytics.twitter.com https://ads.avocet.io https://ads.avct.cloud https://googlesync.permutive.com/ https://cdn.cookielaw.org/ https://pixel.quantserve.com https://www.gstatic.com/ https://image.mailing.ticketmaster.com/ https://cdn.smooch.io https://media.smooch.io https://ct.pinterest.com/ https://sp.analytics.yahoo.com/ https://www.pages06.net/ https://venue.tmol.co https://media.pushlycdn.com https://ib.adnxs.com/pixie https://identity.ticketmaster.it https://mapsapi.tmol.co; media-src https://uk.tmconst.com/; object-src 'none'; base-uri 'self'; worker-src 'self' blob: https://www.google.com/recaptcha/; child-src blob: https://*.siteintercept.qualtrics.com; report-uri https://analytics.ticketmaster.it/api/reports 1
default-src 'self' *.ridgid.com *.ridgid.cn https://*.ridgidapps.com https://*.maxmind.com https://*.cybersource.com wss://mpsnare.iesnare.com https://mpsnare.iesnare.com https://*.bazaarvoice.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com bat.bing.com www.facebook.com https://mc.yandex.ru s.union.360.cn hm.baidu.com www.google.com stats.g.doubleclick.net data: https://bcvipph02.rightnowtech.com/Chat/chat/ridgidhqchat edge.curalate.com https://openapi.youku.com *.pricespider.com *.googleapis.com https://cdn.cookielaw.org *.onetrust.com https://static.cloudflareinsights.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.chasepaymentechhostedpay.com *.ridgid.com *.ridgid.cn *.youku.com static.bshare.cn/b/bshareC0.js static.bshare.cn/b/buttonLite.js static.bshare.cn/b/components/bsStatic.js https://seal.websecurity.norton.com maps.google.com *.googleapis.com www.googletagmanager.com *.pricespider.com https://mpsnare.iesnare.com cdnjs.cloudflare.com www.googleadservices.com https://*.bootstrapcdn.com https://*.bazaarvoice.com connect.facebook.net *.google-analytics.com https://googleads.g.doubleclick.net https://ridgidhqchat.custhelp.com https://www.rnengage.com www.youtube.com https://s.ytimg.com bat.bing.com js.adsrvr.org *.hotjar.com https://*.ridgidapps.com https://*.coremetrics.com www.google.com 360fenxi.mediav.com static.bshare.cn s.union.360.cn hm.baidu.com bshare.optimix.cn e.so.com https://www.gstatic.com https://s.yimg.jp https://b92.yahoo.co.jp https://mc.yandex.ru https://vk.com https://ridgidhqchat.widget.custhelp.com https://tagmanager.google.com https://tpc.googlesyndication.com https://img.en25.com blob: assets.calendly.com calendly.com edge.curalate.com https://player.youku.com/jsapi https://cdn.cookielaw.org *.onetrust.com https://sc.lfeeder.com https://static.cloudflareinsights.com;style-src 'self' 'unsafe-inline' *.ridgid.com *.ridgid.cn *.googleapis.com *.youku.com https://ridgidhqchat.widget.custhelp.com https://*.bazaarvoice.com https://*.bootstrapcdn.com https://*.pricespider.com https://tagmanager.google.com https://ridgidhqchat.custhelp.com assets.calendly.com calendly.com https://player.youku.com https://cdn.cookielaw.org *.onetrust.com;img-src 'self' *.ridgid.com *.ridgid.cn *.google-analytics.com *.youtube.com www.googletagmanager.com static.bshare.cn s.union.360.cn pixel-a.basis.net https: data: blob: https://cdn.cookielaw.org *.onetrust.com;frame-src 'self' https://www.chasepaymentechhostedpay.com *.ridgid.com *.ridgid.cn *.youku.com pixel-a.basis.net www.youtube.com https://bid.g.doubleclick.net https://pixel.sitescout.com https://*.bazaarvoice.com https://www.facebook.com https://orchardproject.net https://www.orchardproject.net https://www.orchardcore.net https://*.cybersource.com insight.adsrvr.org match.adsrvr.org https://vars.hotjar.com 360fenxi.mediav.com s.union.360.cn static.bshare.cn www.google.com www.googletagmanager.com https://*.fls.doubleclick.net https://tpc.googlesyndication.com data: calendly.com mailto: https://player.youku.com https://cdn.cookielaw.org *.onetrust.com;font-src 'self' *.ridgid.com *.ridgid.cn fonts.gstatic.com https://fonts.googleapis.com https://*.bootstrapcdn.com greenlee.com data: https://cdn.cookielaw.org *.onetrust.com 1
frame-ancestors 'self' *.optimizely.com 1
default-src 'self' data: www.google.com *.freeman.com *.freemanco.com cdn.walkme.com ec.walkme.com *.google-analytics.com www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com *.amazonaws.com cdn.bizible.com *.getsmartcontent.com cdn.bizibly.com *.terminus.services ;connect-src 'self' analytics.google.com 807-ank-125.mktoresp.com col.eum-appdynamics.com www.google-analytics.com stats.g.doubleclick.net *.freeman.com rapi.walkme.com ec.walkme.com cdn.walkme.com ec-playback.walkme.com; frame-src 'unsafe-inline' *.freemanco.com *.freeman.com www.chasepaymentechhostedpay-var.com freemanpay.com cdn.walkme.com *.marketo.com *.freemanpay.com; child-src; object-src; style-src 'unsafe-inline' 'self' *.freeman.com jquery.min.js cdn.walkme.com ec.walkme.com *.google-analytics.com fonts.googleapis.com fonts.gstatic.com *.amazonaws.com *.marketo.com; font-src 'unsafe-inline' 'self' cdn.walkme.com ec.walkme.com *.google-analytics.com fonts.googleapis.com fonts.gstatic.com *.amazonaws.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com app.five9.com cdn.walkme.com *.marketo.net *.marketo.com google-analytics.js analytics.js *.google-analytics.com fonts.googleapis.com fonts.gstatic.com *.amazonaws.com jquery.min.js www.googletagmanager.com  gtm.js cdn.appdynamics.com cdn.bizible.com *.getsmartcontent.com cdn.bizibly.com *.terminus.services *.freeman.com 1
img-src data: 'self' https://yandex.ru https://mc.yandex.ru https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://fonts.googleapis.com; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://mc.yandex.ru https://i.ytimg.com https://cdn.jsdelivr.net https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net/; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com data:; default-src blob:  'self' https://fonts.googleapis.com https://cdn.jsdelivr.net https://core-renderer-tiles.maps.yandex.net/ https://api-maps.yandex.ru https://www.google.com/ 'unsafe-inline'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-inline' https://www.googletagmanager.com https://mc.yandex.ru https://yastatic.net http://www.googletagmanager.com/gtag/ https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/gh/kartik-v/bootstrap-fileinput@5.2.2/js/fileinput.min.js https://core-renderer-tiles.maps.yandex.net/ https://www.google.com https://api-maps.yandex.ru https://www.gstatic.com https://yastatic.net 'self' 'unsafe-inline' 'unsafe-eval' 'self'; frame-src blob: https://mc.yandex.ru  'self' https://www.youtube.com/ https://www.google.com/; child-src 'self' blob: https://mc.yandex.ru 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.complianceweek.com; 1
frame-ancestors  'self' https://library.mulesoft.com; 1
default-src 'self' https: wss://*.zopim.com; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.biocadless.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.youtube.com *.yandex.ru *.salesforce.com *.twitter.com *.usefathom.com vk.com *.dataforum.pro *.googleadservices.com yastatic.net top-fwz1.mail.ru;child-src *.biocadless.com *.google.com *.gstatic.com *.doubleclick.net *.youtube.com *.salesforce.com *.twitter.com *.dataforum.pro;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.cloudflare.com *.dataforum.pro;img-src * blob: data: *.biocadless.com *.dataforum.pro;font-src 'self' 'unsafe-eval' *.gstatic.com *.dataforum.pro;frame-src 'self' 'unsafe-inline' platform.dataforum.pro yandex.ru webvisor.com *.youtube.com *.google.com *.yandex.ru;connect-src *;media-src *; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-AMPbzyuDE1kvuVtLm5IoqQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' mijn.hosting.nl 1
default-src 'self' https://*.fhstp.ac.at https://mein.clickskeks.at; connect-src 'self' https://*.facebook.com https://*.facebook.net https://api.visitlead.com https://cis.fhstp.ac.at https://api.fhstp.ac.at https://cdn.fhstp.ac.at https://sentry.fhstp.ac.at/ https://my2.siteimprove.com https://rest.visitlead.com https://*.doubleclick.net https://ws.visitlead.com https://www.google-analytics.com wss://*.visitlead.com wss://www.fhstp.ac.at wss://wwwtestneu.fhstp.ac.at https://pagestrip.com https://*.pagestrip.com https://mein.clickskeks.at https://*.youtube.com https://*.tiktok.com https://*.google.com https://*.linkedin.oribi.io; font-src 'self' data: https://*.fhstp.ac.at https://*.googleapis.com https://*.gstatic.com https://app.visitlead.com https://*.pagestrip.com; frame-src 'self' http://edit.fhstp.ac.at https://*.facebook.com https://*.facebook.net https://*.google.com https://www.recaptcha.net https://*.issuu.com https://www.yumpu.com https://*.soundcloud.com https://*.twitter.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://cis.fhstp.ac.at https://sjs.bizographics.com https://snap.licdn.com https://stream.visitlead.com https://my2.siteimprove.com/ https://www.podbean.com https://*.doubleclick.net https://mein.clickskeks.at https://*.tiktok.com; img-src 'self' data: http://*.fhstp.ac.at https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.at https://*.google.com https://*.ytimg.com https://*.gstatic.com https://*.googleusercontent.com https://*.ggpht.com https://*.linkedin.com https://app.visitlead.com https://www.filmspektakel.at https://*.pagestrip.com https://bat.bing.com https://mein.clickskeks.at https://*.tiktokcdn.com https://www.googletagmanager.com; media-src 'self' data: https://cdn.fhstp.ac.at/ http://carma.fhstp.ac.at/wp-content/uploads/2016/11/Brelomate2_Infoveranstaltung201161027_p3tv.mp4 https://app.visitlead.com https://*.pagestrip.com; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' http://campus-stp.at https://*.campus-stp.at https://*.doubleclick.com https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://www.recaptcha.net https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.linkedin.com https://cdn.siteimprove.net/cms/overlay.js https://*.youtube.com https://app.visitlead.com https://campus-stp.at https://cdn.fhstp.ac.at https://*.pubble.io https://cdn.ravenjs.com https://cdn.socket.io https://code.jquery.com https://sjs.bizographics.com https://snap.licdn.com https://*.ytimg.com https://*.pagestrip.com https://browser-update.org https://unpkg.com https://bat.bing.com https://mein.clickskeks.at; style-src 'self' 'unsafe-inline' http://*.campus-stp.at http://campus-stp.at http://cdn.fhstp.ac.at https://*.campus-stp.at https://*.google.com https://*.googleapis.com https://*.ytimg.com https://app.visitlead.com/ https://campus-stp.at https://cdn.fhstp.ac.at https://*.pagestrip.com https://mein.clickskeks.at; worker-src blob: https://www.fhstp.ac.at 1
frame-ancestors 'self' https://*.vericle.com:* http://*.vericle.com:* 1
frame-ancestors 'self' https://my.axelos.com https://www.languagecert.org https://selt.languagecert.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.google.com https://cdnjs.cloudflare.com https://goo.gl https://line.naver.jp https://s.ytimg.com https://twitter.com https://*.google-analytics.com https://www.googletagmanager.com https://widget.gleamjs.io https://stats.g.doubleclick.net; 1
default-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com; script-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com 'unsafe-inline' *.google-analytics.com platform.twitter.com cdn.syndication.twimg.com mcmurrayhatchery.refersion.com; style-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com 'unsafe-inline' ton.twimg.com platform.twitter.com fonts.googleapis.com; font-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com fonts.gstatic.com fonts.googleapis.com; img-src https: 'self' *.mcmurrayhatchery.com www.youtube.com api.instagram.com blob: data: *.google-analytics.com *.gstatic.com *.googletagmanager.com *.twitter.com *.twimg.com *.cloudfront.net scontent.cdninstagram.com www.paypal.com; frame-ancestors 'none'; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://thebolditalic.com https://*.thebolditalic.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com; connect-src 'self' wss://proxy.nanohub.org wss://vncproxy.nanohub.org wss://nanohub.org https://nanohub.org/api/members/tools/diskusage https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com https://www.purdue.edu https://ka-f.fontawesome.com https://api.bilibili.com/x/web-interface/archive/related https://stickyid-a.akamaihd.net/ https://cdncache-a.akamaihd.net/ ws://nanohub.org:8080 https://www.bing.com/translator/api/translate https://publons.com/mashlets/tip/ https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; default-src 'self' https://*.nanohub.org https://*.nanohub.aws.hubzero.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdn.scite.ai/assets/fonts/ https://www.slant.co/fonts/basicsansnarrow/ https://ka-f.fontawesome.com/ https://themes.googleusercontent.com/static/fonts https://use.fontawesome.com/releases/ https://at.alicdn.com/t/ https://script.hotjar.com; form-action 'self'; frame-ancestors 'self' https://nanohub.org/; frame-src 'self' https://*.nanohub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://accounts.google.com https://recaptcha.net https://admin.google.com https://*.nanohub.aws.hubzero.org https://acestream.me https://www.purdue.edu https://en.wikipedia.org https://www.googletagmanager.com/ns.html https://vars.hotjar.com; img-src * data: image: file: blob: https://static.hotjar.com https://script.hotjar.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/vt https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://apis.google.com/js/client:plusone.js https://apis.google.com/_/scs/apps-static/_/js/ https://engineering.purdue.edu/nanohub/ https://kit.fontawesome.com https://www.wolfram.com https://cdn.mathjax.org https://ajax.googleapis.com/ajax/libs/jquery/ https://releases.flowplayer.org https://publons.com/mashlets https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://cdn.jsdelivr.net/npm/@splidejs/splide@2.4.21/dist/js/splide.min.js https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/api/js/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/debug/bootstrap https://www.googletagmanager.com/debug/bootstrap https://script.hotjar.com https://static.hotjar.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net https://use.fontawesome.com/7f85a56ba4.css https://use.fontawesome.com/releases/ https://releases.flowplayer.org https://static.hotjar.com https://script.hotjar.com; worker-src blob:; media-src 'self' data: https://nanohub.org; upgrade-insecure-requests; report-uri https://csp.hubzero.org/csp-cms.php 1
default-src * 'unsafe-inline' data: 'unsafe-eval' blob:; object-src 'none'; worker-src * 'unsafe-inline' data: blob:; 1
base-uri 'self'; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.googleanalytics.com 'sha256-MX1ZFIBa5L93HBj8qZRBUa/eXPmsVLWRIi36CdDab3g=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' https://connect.facebook.net 'sha256-w9PUUFBTg7mA9KBjVbANsTN5WPOnJRei9DT8Qk2i/Jw=' https://www.flexmail.eu 'sha256-usdx8IxlpnzmYMAcVSSGsgPlT53z1pk04Zvh5xyOIQg=' https://bat.bing.com https://r.bing.com 'sha256-9EfSE/pxhsIRQAZ9nHpzZGKeEticJtki6BUxpyJY/VQ=' https://cdn.zapier.com 'sha256-yZFBBEAhVR7+Ftx72ma6BMxZ0sAlz7DrJpEQjM6yvdk=' https://www.googleadservices.com https://www.google.com https://*.leadinfo.net 'sha256-FXWsZZqcOYsq1NVBThmi3kxKhOetuth7XXym/Ocr0y8=' https://*.refiner.io https://*.googletagmanager.com https://www.googleoptimize.com https://*.iubenda.com 'sha256-v1oYH69RcooFs6F5XhMTzHiWlftYwnuQHDxIz0suNeo=' 'sha256-soHj2nJiSISIchYvRpy+YNvaclRxDg8yfOdje4DV1V0=' 'sha256-UCgT4o3W1j0Jb+5Dmp/EiW82gsiCzYrnessD2ygF+yg=' 'sha256-cZSOI62iFDsA3j5mxw0RHf6Q9VuVKYOBhvZNNl85inI=' 'sha256-m96BavfNLjGu7OvnI8guB4tl6t0kfH0vq8PU3NVYjJo='; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com *.bing.com https://cdn.zapier.com https://www.googletagmanager.com; object-src 'none'; form-action 'self'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io data:; connect-src 'self' https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.facebook.com https://cdn.flxml.eu https://*.sentry.io *.bing.com wss://*.bing.com https://zapier.com https://*.zapier.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com https://cdn.linkedin.oribi.io https://*.leadinfo.net https://*.leadinfo.com https://*.refiner.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.iubenda.com; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.google.com https://www.google.be https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com https://www.linkedin.com https://trk.teamblue.services https://stg-trk.teamblue.services https://trk.flexmail.be https://trk.flexmail.nl https://stg-trk.flexmail.be https://stg-trk.flexmail.nl https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://cdn.flxml.eu *.bing.com *.microsoft.com https://zapier.com https://zapier-images.imgix.net https://www.google.de https://www.google.nl https://adservice.google.com https://www.google.co.uk https://www.google.lu https://www.google.co.in https://www.google.es https://www.google.ch https://www.google.it https://www.google.ca https://*.google-analytics.com https://*.googletagmanager.com; frame-src 'self' https://www.google.com/recaptcha/ https://*.hotjar.com https://*.hotjar.io https://*.hotjar.io https://www.slideshare.net https://youtube.com https://www.youtube.com https://www.googletagmanager.com sdx.microsoft.com https://return.flexmail.eu https://*.refiner.io http://open.spotify.com/; report-uri https://flxml-www.endpoint.csper.io; report-to csper; 1
frame-ancestors 'self' https://*.boh.com; default-src https:; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
frame-ancestors 'self' https://manage.masstransitmag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'self'; script-src 'report-sample' 'unsafe-eval' 'sha256-wz6ika9i3WU3bpUPdhYDZeO/NrDQniDyiscN0LWnyaY=' 'sha256-8hfDTWqu8k9HvHzrkzt+xhtPpKaUxiTKKafbnLtHZCs=' 'sha256-SMUeP6E2pMrxXZ8/eWo6OvoLUN6jMLYb5qEUgHaaDrA=' 'sha256-EUBEF5WvTGqk0hm+1BG7zR6I+6+DGb6OOh8cyLSJhBk=' 'sha256-EVfbJoCaYvQGy63aF4IaFkCgygoCP13tlf39WBoqnmQ=' 'sha256-XnNQECY9o+nIv2Qgcd1A39YarwxTm10rhdzegH/JBxY=' 'sha256-0XMgg4rqcxPYJ6gk7kILQRAbBe9xK3+Ik6iWqGJcYWg=' 'sha256-g8iVyamDwt3OeOKt7rpBJ01H71OFT38TNW31YoDqtg4=' 'sha256-L0DnDaq26Adb1CiOJaNeUyPd9e4qJm+x6Ywtoa+S3+4=' 'sha256-U7KwF5KvWsJaK9Am2TfiRzMq4/MU6CWFj0mfRqtZkfA=' 'sha256-910MBH4o0XYmt2KdyUfPUnjODdvSFGgoCIXR7njrfSw=' 'sha256-nwrPrPUzetXBOU2PA9lEiV0YlyEa2u1K1E9PzmP4iY8=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-/bm28XTHBk/2+8w4OK5Z3PKsnHRjh6YGqEZrDmAzpxo=' 'sha256-un4Od7TXS3yFrOZTtMAVbkJ1wXe6c2+09LvfoBl4jh4=' 'sha256-fe+DmxUPcLoM27k80UR5jvvr4aLfF0rSHKV5SemJPzg=' 'sha256-qo1RuSBojC8D1TICoE4IFgVurx/k8U1oZK9MRDE/KlE=' 'sha256-mRKioI8+U/Z6IlUernsYX+VQ/+1ZmIz0Exd6vI7EZNY=' 'sha256-Gjk/4NYwu3CbqK8Gj2MWMzyS9v/i8sLwf6xwP/oH5M8=' 'sha256-hRyOf0WLnTNjcFQ90fQeHumVAWjriqpnqRUaI6h1vj0=' 'sha256-8W8281SYt1k0eR9Y0z66gdPlhw9xO1U+Pwx9xjYYfwo=' 'sha256-q5qXN11uZHDKvdYtrAbOosaCyKbZxuxxNck525tOrsk=' 'sha256-PGwKPKtgIFR7BBaTEzRxRl4FWV1uufjCt5TVa6TI12k=' 'sha256-W0QY3aFcPnZSSetdi5gTeKy2IQMi3eCafbIVKAa20Zg=' 'sha256-aroGK3JMjlNu/zPuSeivrWD3UC/3tMaU+UuxKWdimpM=' 'sha256-ky6kwALluZeYIOUb67vYvNIm+6GYo9ZIpE5+6fUAbiU=' 'sha256-hMbRFabSSL7CIDsoqw8tkSvYtzZ1NeJqQyhGZdSdnxQ=' 'sha256-ceLZobD9Q86jstPOfW76BNTxXlZ7mTw0PF66debOnx4=' 'sha256-X2HVLVOvP9Opbf0ClAql73Fbwflss+KO544zddICf4U=' 'sha256-aZTZsmwqKP8HIwXU9SL0uRZWX9soMifegql0XmccYEw=' 'sha256-1rN3TBB70ehRoaiW/CvP3GHTNFr593iDXloGmle9JiY=' 'sha256-x1FQfFjfHqekbV7feKwmQ6gSdooZVGPGLXw1OK5YdiI=' 'sha256-yri+yF9cdn4VkD2uOCWeqlkqpeFZ/SmhDMhon/fQzEc=' 'sha256-XjcRVp58oyAqZCEyhIdbxI6UjLqnQdmi6PBfRy1+BgA=' 'sha256-bQXNx2wNfK+Khvyw++rw7cScVp1Eo8GHhINrXBvF2Kc=' 'sha256-Kqjmds221Sxp42v6MMfVXhclGVC7fCZX4ESjxL3gVLw=' 'sha256-mK2LcNpqkDcXTppsyMqneuE6GEJ5j+7REt0lTsRKUUU=' 'sha256-fCl5PYrISg7MPsnIeZ+T6npnLgyi68m9NcGT5ONA6pI=' 'sha256-H50ABvo0XriiYrFw1nag3drPHQoIE34FfOWFzlCHy3E=' 'sha256-wE+KqdimW+7MWcIE1UdqfODsz8hgcsyd2YuAQ4gVmTY=' 'sha256-MaUq5Wt30Bl8clIlW7/zvNPuKmnZdlAxopQigKrPLso=' 'sha256-I3J1LKXta0FJ/3+aa+dBNCE5dV3fjcG7p7ulnbtcMp0=' 'sha256-zpqVdE6ttrmhTiPbjKj6s39iaE9RMfzNp6aF7UKwtBY=' 'sha256-8kotGhRmEBiesu8MHsrDeRTEpj3SSDokReILPbeA37I=' 'sha256-OyfHFA4tRzHfTynnYncdFb31ISeCD7Am01txqn+O4ys=' 'sha256-DMT61jx96o8Zt4O6NPLDbLFDtyQSPa4zNGgdA8jCqF4=' 'sha256-cdJLDgaTPPJz9rqWbXcX70modqLshn8Wti8X7csGKLs=' 'sha256-savpz652hUrFSTNoRdzTuvttLoQ8UN1p2KhaqZs4RFo=' 'sha256-d7o/iD0TcPtTf9pAbqA9aa2qsmdqPtbqxI3YMwTtrrA=' 'sha256-vKTtXqBsPdGS4/zx94PM36gvdxCJ/Ax00pQQzPjQipM=' 'sha256-JX/B96MKyLyvkF8KBl3WNnl4E4qTPbCHIVjK18Wsrv4=' 'self' www.linkedin.com/autofill/js/autofill.js static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com content.linkedin.com snap.licdn.com platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com sjs.bizographics.com *.salesforceliveagent.com bcvipva02.rightnowtech.com bcvipac02.rightnowtech.com www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net cdn.linkedin.oribi.io cdn.tt.omtrdc.net bat.bing.com connect.facebook.net cdn.walkme.com gist.github.com embedr.flickr.com; worker-src 'none'; frame-ancestors 'self' *.linkedin.com experience.adobe.com; frame-src blob: lnkd-communities: voyager: *; connect-src wss: blob: data: *; img-src blob: data: android-webview-video-poster: *; media-src blob: data: *; style-src 'unsafe-inline' *; form-action 'self' *.linkedin.com linkedin.secure.force.com linkedinresearch.qualtrics.com *.salesforceliveagent.com linkedin.my.salesforce-sites.com; manifest-src 'self'; report-uri https://www.linkedin.com/security/csp?f=m 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.ml; img-src 'self' https: data: blob: https://mastodon.ml; style-src 'self' https://mastodon.ml 'nonce-XTKhxi0BST8UU3d2Fku2JQ=='; media-src 'self' https: data: https://mastodon.ml; frame-src 'self' https:; manifest-src 'self' https://mastodon.ml; form-action 'self'; child-src 'self' blob: https://mastodon.ml; worker-src 'self' blob: https://mastodon.ml; connect-src 'self' data: blob: https://mastodon.ml https://mastodon.ml wss://mastodon.ml; script-src 'self' https://mastodon.ml 'wasm-unsafe-eval' 1
default-src 'self'; frame-ancestors 'none'; frame-src 'self' https://social.uploadcare.com/ https://calendly.com https://js.driftt.com https://www.youtube.com https://js.stripe.com https://hooks.stripe.com blob: https://renderer.gist.build https://code.gist.build https://*.wistia.net; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://helpcrunch.com https://*.wistia.com; img-src 'self' data: https://s3.amazonaws.com https://huntr-documents.s3.amazonaws.com https://huntr-app.s3.amazonaws.com https://*.clearbit.com http://*.clearbit.com https://ucarecdn.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://cdn.sanity.io https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.huntr.co blob: data: https://assets.calendly.com https://*.wistia.com https://imagedelivery.net https://track.customer.io https://*.visualwebsiteoptimizer.com https://*.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://embed.helpcrunch.com https://huntr.widget.helpcrunch.com https://widget.helpcrunch.com https://code.jquery.com https://www.google-analytics.com https://snap.licdn.com http://cdn.mxpnl.com https://js.driftt.com https://assets.calendly.com https://maps.googleapis.com https://ajax.googleapis.com https://static.cloudflareinsights.com https://js.stripe.com https://clerk.huntr.co https://clerk.huntrstaging.com https://clerk.huntr-renniehaylock-hun-ljxbwh.herokuapp.com https://careerservices.purpleacademy.co https://careerservices.takeo.ai https://careers.reworktraining.org https://careersuccess.yellowtail.tech https://huntr.comptia.org https://huntr.icareersolutions.com https://jobs.312.school https://ai.jobsurge.co https://jobsearch.joinsatellite.io https://jobs.skills.tech https://jobs.rehigher.com https://talent.codeboxx.biz https://talent.codeboxx.com https://app.smarterjobhunting.com https://jobs.youareambitious.com https://huntr.thrivedx.com https://jobtracker.uvaro.com https://purpleacademy.huntr.co https://*.clerk.accounts.dev https://*.wistia.com https://frontend-api.clerk.dev https://clerk.tracker.huntrstaging.com blob: https://www.googletagmanager.com https://assets.customer.io https://code.gist.build https://customerioforms.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://r.wdfl.co https://*.wistia.net https://mixpanel-huntr-tracking-proxy-5d1de9c97531.herokuapp.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://assets.calendly.com https://code.gist.build; media-src blob: https://*.wistia.com; connect-src 'self' http://localhost:3000 https://huntr.co https://huntrstaging.com https://*.huntr.co https://mixpanel-huntr-tracking-proxy-5d1de9c97531.herokuapp.com https://sentry.io https://huntr-documents.s3.amazonaws.com https://huntr-app.s3.amazonaws.com wss://huntr.helpcrunch.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://huntr.helpcrunch.com https://api-js.mixpanel.com https://upload.uploadcare.com https://uploadcare.s3-accelerate.amazonaws.com https://px.ads.linkedin.com https://px4.ads.linkedin.com wss://ws.pusherapp.com ws://ws.pusherapp.com wss://ws.helpcrunch.com https://api.stripe.com https://clerk.huntr.co https://*.clerk.accounts.dev https://analytics.google.com https://huntr-dev.us.auth0.com https://frontend-api.clerk.dev https://clerk.tracker.huntrstaging.com https://clerk.huntrstaging.com blob: https://fonts.googleapis.com https://*.launchdarkly.com https://*.wistia.com http://*.wistia.com https://*.litix.io https://track.customer.io https://customerioforms.com https://*.api.gist.build https://*.cloud.gist.build https://*.visualwebsiteoptimizer.com https://api.getrewardful.com 1
frame-ancestors 'self' *.league.dev *.myhighmarkonline.com *.beneficity.com; 1
frame-ancestors 'self' https://content.htzone.co.il http://content.htzone.co.il https://cdn.roojoom.com http://cdn.roojoom.com; 1
default-src 'self'; script-src 'self' siteimproveanalytics.com cdn.siteimprove.net cdn.ampproject.org; style-src 'self'; img-src 'self' data: *.siteimproveanalytics.io *.rovid.nl *.rijksoverheid.nl; media-src 'self' *.rovid.nl *.rijksoverheid.nl; frame-ancestors 'self'; child-src 'self' *.siteimproveanalytics.io my2.siteimprove.com preview.amp.dev; font-src 'self'; connect-src 'self' *.siteimprove.com *.siteimproveanalytics.io; report-uri https://sentry.test.dtnr.nl/api/8/security/?sentry_key=ef2f25f4176b43ba83b66c4d8102e4cb 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.atout-france.fr/fr/report-uri/enforce 1
default-src 'self' ; style-src 'unsafe-inline' 'self' fonts.googleapis.com; frame-ancestors 'self' https://*.rtr.at; font-src 'self' fonts.gstatic.com; img-src 'self' https://*.rtr.at data: https://*.ytimg.com https://piwik.rtr.at; media-src 'self' https://*.rtr.at; frame-src data: blob: https://*.rtr.at https://egov.rtr.gv.at https://127.0.0.1:* https://eid.oesterreich.gv.at https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://app.23degrees.io https://chat.rtcnow.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.23degrees.io https://piwik.rtr.at https://info.rtr.at; connect-src 'self' https://info.rtr.at https://info.rtr.at; 1
default-src 'self' http: https: wss: turns: data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' ecamm.com *.ecamm.com intercom-sheets.com ; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;block-all-mixed-content;frame-ancestors 'self' https://*.glancetournaments.com https://*.glance.com https://afkgaming.quintype.com; 1
default-src 'self' data: blob: *.sfnix.net wss://joki.cav.ai https://*.cavai.com *.cav.ai wss://studio.cav.ai wss://cloud.cavai.com op-koti.fi *.op-koti.fi *.cloudfront.net images.contentful.com images.ctfassets.net *.adobedtm.com *.everesttech.net *.demdex.net *.adform.net server.seadform.net *.googleapis.com *.gstatic.com *.omtrdc.net *.ggpht.com connect.facebook.net *.facebook.com *.hotjar.com wss://*.hotjar.com *.krxd.net *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.google.com *.google.fi *.youtube.com *.metsaforest.com *.metsagroup.com my.matterport.com *.arcgis.com dojotoolkit.org https://tunnistaudu.op.fi https://rekisteroidy.op.fi https://*.mapbox.com; style-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.sfnix.net wss://joki.cav.ai https://*.cavai.com *.cav.ai wss://studio.cav.ai wss://cloud.cavai.com op-koti.fi *.op-koti.fi *.cloudfront.net images.contentful.com images.ctfassets.net *.adobedtm.com *.everesttech.net *.demdex.net *.adform.net server.seadform.net *.googleapis.com *.gstatic.com *.omtrdc.net *.ggpht.com connect.facebook.net *.facebook.com *.hotjar.com wss://*.hotjar.com *.krxd.net *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.google.com *.google.fi *.youtube.com *.metsaforest.com *.metsagroup.com my.matterport.com *.arcgis.com dojotoolkit.org https://tunnistaudu.op.fi https://rekisteroidy.op.fi https://*.mapbox.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.sfnix.net wss://joki.cav.ai https://*.cavai.com *.cav.ai wss://studio.cav.ai wss://cloud.cavai.com op-koti.fi *.op-koti.fi *.cloudfront.net images.contentful.com images.ctfassets.net *.adobedtm.com *.everesttech.net *.demdex.net *.adform.net server.seadform.net *.googleapis.com *.gstatic.com *.omtrdc.net *.ggpht.com connect.facebook.net *.facebook.com *.hotjar.com wss://*.hotjar.com *.krxd.net *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.google.com *.google.fi *.youtube.com *.metsaforest.com *.metsagroup.com my.matterport.com *.arcgis.com dojotoolkit.org https://tunnistaudu.op.fi https://rekisteroidy.op.fi https://*.mapbox.com; font-src 'self' data: blob: *.sfnix.net wss://joki.cav.ai https://*.cavai.com *.cav.ai wss://studio.cav.ai wss://cloud.cavai.com op-koti.fi *.op-koti.fi *.cloudfront.net images.contentful.com images.ctfassets.net *.adobedtm.com *.everesttech.net *.demdex.net *.adform.net server.seadform.net *.googleapis.com *.gstatic.com *.omtrdc.net *.ggpht.com connect.facebook.net *.facebook.com *.hotjar.com wss://*.hotjar.com *.krxd.net *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.google.com *.google.fi *.youtube.com *.metsaforest.com *.metsagroup.com my.matterport.com *.arcgis.com dojotoolkit.org https://tunnistaudu.op.fi https://rekisteroidy.op.fi https://*.mapbox.com; img-src 'self' data: blob: *.sfnix.net wss://joki.cav.ai https://*.cavai.com *.cav.ai wss://studio.cav.ai wss://cloud.cavai.com op-koti.fi *.op-koti.fi *.cloudfront.net images.contentful.com images.ctfassets.net *.adobedtm.com *.everesttech.net *.demdex.net *.adform.net server.seadform.net *.googleapis.com *.gstatic.com *.omtrdc.net *.ggpht.com connect.facebook.net *.facebook.com *.hotjar.com wss://*.hotjar.com *.krxd.net *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.google.com *.google.fi *.youtube.com *.metsaforest.com *.metsagroup.com my.matterport.com *.arcgis.com dojotoolkit.org https://tunnistaudu.op.fi https://rekisteroidy.op.fi https://*.mapbox.com; frame-src *.sfnix.net wss://joki.cav.ai https://*.cavai.com *.cav.ai wss://studio.cav.ai wss://cloud.cavai.com op-koti.fi *.op-koti.fi *.cloudfront.net images.contentful.com images.ctfassets.net *.adobedtm.com *.everesttech.net *.demdex.net *.adform.net server.seadform.net *.googleapis.com *.gstatic.com *.omtrdc.net *.ggpht.com connect.facebook.net *.facebook.com *.hotjar.com wss://*.hotjar.com *.krxd.net *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.google.com *.google.fi *.youtube.com *.metsaforest.com *.metsagroup.com my.matterport.com *.arcgis.com dojotoolkit.org https://tunnistaudu.op.fi https://rekisteroidy.op.fi https://*.mapbox.com; frame-ancestors localhost:* *.metsaforest.com *.metsagroup.com https://tunnistaudu.op.fi https://rekisteroidy.op.fi;report-uri /cspReport; 1
frame-ancestors 'self' *.uqr.me *.uqr.to *.qrcodekit.com *.odisee.be *.kuleuven.cloud 1
frame-ancestors 'self' mylvhn.org my.lvhn.org; upgrade-insecure-requests 1
default-src  'self' *.cntaiping.com *.baidu.com *.map.baidu.com *.bdimg.com hq.sinajs.cn res.wx.qq.com pv.sohu.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
frame-ancestors 'self' https://rtsports.com https://www.rtsports.com; 1
img-src 'self' https://*.onf.ca https://*.nfb.ca https://www.facebook.com https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca *.gstatic.com data: https://interactive-cms.s3.amazonaws.com https://*.gravatar.com https://dkyhanv6paotz.cloudfront.net https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net https://googleads.g.doubleclick.net https://www.google.com/ads https://www.google.com/ads/ga-audiences https://www.google.com/pagead/ https://www.google.ca/ads https://www.google.ca/ads/ga-audiences https://www.google.ca/pagead/ https://pixel.mathtag.com/misc/img https://pixel.mathtag.com/comp/img https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; frame-src 'self' https://*.nfb.ca https://*.onf.ca https://*.google.com https://bid.g.doubleclick.net https://www.gstatic.com https://player.vimeo.com https://www.youtube.com https://connect.facebook.net https://www.facebook.com https://pixel.mathtag.com/ https://d2v44bgsxxwb3t.cloudfront.net https://td.doubleclick.net https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; script-src 'self' 'unsafe-inline' https://*.nfb.ca https://*.onf.ca https://player.vimeo.com https://maps.googleapis.com https://dkyhanv6paotz.cloudfront.net connect.facebook.net https://graph.facebook.com https://*.googletagmanager.com https://tagmanager.google.com *.google-analytics.com https://apis.google.com/js/platform.js www.gstatic.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.c212.net/ https://c212.net/ https://pixel.mathtag.com/sync/js https://*.adnxs.com/ https://*.adsrvr.org/ *.nfb.ca *.onf.ca; connect-src 'self' https://*.nfb.ca https://*.onf.ca https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net https://d2vapbn8acl33j.cloudfront.net https://dkyhanv6paotz.cloudfront.net https://*.google-analytics.com  https://*.analytics.google.com  https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://c212.net https://thumbor-interactive-cms.s3.ca-central-1.amazonaws.com https://www.facebook.com https://sentry.nfb.ca:9443 https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ *.nfb.ca *.onf.ca; default-src 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca 'nonce-nB3XPs6Lz2BiUgd7ToGB6A=='; style-src 'self' 'unsafe-inline' https://*.nfb.ca https://*.onf.ca https://dkyhanv6paotz.cloudfront.net hello.myfonts.net https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com *.nfb.ca *.onf.ca; manifest-src 'self' https://*.nfb.ca https://*.onf.ca https://dkyhanv6paotz.cloudfront.net *.nfb.ca *.onf.ca; font-src 'self' https://*.onf.ca https://*.nfb.ca fonts.gstatic.com data: https://dkyhanv6paotz.cloudfront.net *.nfb.ca *.onf.ca; object-src 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca; frame-ancestors 'self' https://*.nfb.ca https://*.onf.ca *.nfb.ca *.onf.ca; worker-src 'self' *.onf.ca *.nfb.ca blob: *.nfb.ca *.onf.ca; media-src 'self' https://*.onf.ca https://*.nfb.ca https://dkyhanv6paotz.cloudfront.net https://d2vapbn8acl33j.cloudfront.net https://dcly21uuqtecw.cloudfront.net https://d3acx5b8mnvbua.cloudfront.net blob: *.nfb.ca *.onf.ca 1
frame-ancestors 'self' preview.themeforest.net themeforest.net preview.codecanyon.net codecanyon.net; 1
frame-ancestors *.ucihealth.org; 1
script-src 'self' 'unsafe-inline' https: 'nonce-cXcz3PAgOtodyJoXMza64A==' 'strict-dynamic';style-src 'self' 'unsafe-inline' https: 'nonce-cXcz3PAgOtodyJoXMza64A==';object-src 'none';frame-ancestors 'self';form-action 'self' https://*.worldline-solutions.com https://*.payline.com;font-src 'self' https://fonts.gstatic.com;img-src 'self' data: https:;manifest-src 'self';connect-src https: wss:;frame-src 'self' https:;default-src 'none';base-uri 'self'; 1
default-src 'self' data: http://mc.yandex.ru https://stat.sputnik.ru https://scli.ru:* https://bitrix.info; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://mc.yandex.ru https://bitrix.info http://bitrix.info https://stat.sputnik.ru; style-src 'self' 'unsafe-inline' http://mc.yandex.ru; img-src 'self' data: https://scli.ru http://mc.yandex.ru https://stat.sputnik.ru blob: 'self'; 1
frame-ancestors 'self' https://m.v12finance.com/; 1
base-uri 'self';default-src 'none';prefetch-src 'self';connect-src 'self' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/  ;frame-src 'self' blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/;img-src 'self' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/  data:;font-src 'self' blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/ https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com ;script-src 'self' 'unsafe-eval' 'nonce-SIT7XGIacfSb7R9Ye4WEYQ=='  https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/;script-src-elem 'self' 'unsafe-inline' https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/ https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co ;style-src-elem 'self' 'unsafe-inline' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/  data:;style-src 'self' 'unsafe-inline' blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/ ;media-src 'self' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co https://*.cloudfront.net https://*.doubleclick.net https://*.facebook.net https://*.googletagmanager.com https://*.kustomerapp.com https://*.optimove.net https://*.reviews.io https://cdn.prod2.kustomerhostedcontent.com https://fonts.googleapis.com https://fonts.gstatic.com https://tracking.parcelperform.com https://www-widgetapi.js https://www.cloudflare.com https://www.facebook.com https://www.googleadservices.com https://www.parcelmonitor.com https://www.youtube.com https://*.clerk.io https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.qualtrics.com https://*.rakuten.com https://*.snapchat.com https://*.tiktok.com https://*.stape.io https://*.greenhouse.io https://*.pndsn.com https://*.parcelperform.com wss://*.parcelmonitor.com https://*.amazonaws.com https://mention-me.com https://*.mention-me.com https://pagead2.googlesyndication.com https://*.mxpnl.com https://*.jsdelivr.net https://*.amplitude.com https://*.mixpanel.com https://chat-assets.digitalgenius.com https://flow-server.eu.dgdeepai.com wss://*.pusher.com https://*.rudderlabs.com https://*.rudderstack.com https://*.tvsquared.com/ ;frame-ancestors 'self' blob: https://*.air-up.com https://*.builder.io https://*.cdn-btsg.com https://*.google-analytics.com https://*.google.com https://*.google.de https://*.narvar.com https://*.online-metrix.net https://*.signifyd.com https://*.usercentrics.eu https://builder.io https://dev1.air-up.dev https://edge.fullstory.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://snippet.maze.co ;form-action https://airup.com;manifest-src 'self' https://cdn.shopify.com https://*.store.myshopify.com https://*.myshopify.com; 1
frame-ancestors https://*.fidelity.com/ https://*.adobemc.com/ https://*.adobe.com/ http://*.fidelitycharitable.org/ https://*.fidelitycharitable.org/ https://*.fidelity.com 'self'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-wq3kmyP7K9ZU1UXPK3SqxA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://ln-rules.rewardstyle.com https://www.zenaps.com https://isitetv.com https://*.recaptcha.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://gum.criteo.com https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.de https://analytics.tiktok.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.de https://*.abtasty.com https://sgtm.lookfantastic.de; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://m.lookfantastic.de https://checkout.lookfantastic.de https://www.lookfantastic.de https://www.glossybox.de https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://analytics.tiktok.com https://*.ibytedtos.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com https://sgtm.lookfantastic.de; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' tomshardware.fr www.tomshardware.fr tomsguide.fr www.tomsguide.fr cms.galaxiemedia.fr amp.tomsguide.fr amp.tomshardware.fr cdn.tomsguide.fr cdn.tomshardware.fr presence-pc.fr www.presence-pc.fr presence-pc.com www.presence-pc.com telecharger.tomsguide.fr telecharger.tomshardware.fr; 1
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totalpassword.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totalpassword.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totalpassword.com http://url.totalpassword.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com/ https://www.mczbf.com/; worker-src 'self' blob; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totalpassword.com https://www.google.com/; connect-src 'self' https://my.totalpassword.com https://ajax.totalpassword.com https://login.totalpassword.com https://signup.totalpassword.com https://my.totalpassword.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totalpassword.com https://www.mczbf.com/; frame-ancestors 'self' 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'none'; script-src 'self' https://www.leopoldina.org/fileadmin/templates/js/etracker/disableCookies.js https://www.leopoldina.org/fileadmin/templates/js/etracker/etrackerpage.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery-1.8.3.min.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.core.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.effects.core.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.widget.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.datepicker.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.fancybox-1.3.4.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.hoverIntent.minified.js https://www.leopoldina.org/fileadmin/templates/js/jquery/jquery.ui.slide.js https://www.leopoldina.org/typo3conf/ext/femanager/Resources/Public/JavaScript/Femanager.min.js https://www.leopoldina.org/typo3conf/ext/femanager/Resources/Public/JavaScript/Validation.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Powermail/Form.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Powermail/Tabs.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Libraries/parsley.min.js https://www.leopoldina.org/typo3conf/ext/powermail/Resources/Public/JavaScript/Libraries/jquery.datetimepicker.min.js https://www.leopoldina.org/typo3conf/ext/leoevents/Resources/Public/JavaScript/AutoComplete.js https://www.leopoldina.org/typo3conf/ext/rsmleosolr/Resources/Public/JavaScript/suggest_controller.js https://www.leopoldina.org/fileadmin/templates/js/main.js https://www.leopoldina.org/fileadmin/templates/js/plyr.min.js https://www.leopoldina.org/fileadmin/templates/js/select.js https://www.leopoldina.org/fileadmin/templates/js/swipesensejs.js https://www.leopoldina.org/fileadmin/templates/js/cookies/functions.js https://www.leopoldina.org/fileadmin/templates/js/cookies/js.cookie.min.js https://static.etracker.com https://www.etracker.de https://code.etracker.com https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/leaflet-core-1.4.0.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/Frontend/Leaflet.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/Frontend/GoogleMaps.js https://www.leopoldina.org/typo3conf/ext/tt_address/Resources/Public/JavaScript/LeafletBackend.js https://www.leopoldina.org/typo3conf/ext/rsmleosolr/Resources/Public/JavaScript/facet_daterange_controller.js https://www.leopoldina.org/typo3conf/ext/sr_freecap/Resources/Public/JavaScript/freeCap.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/PasteReferenceDragDrop.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/ContextMenuActions.js https://www.leopoldina.org/typo3conf/ext/paste_reference/Resources/Public/JavaScript/PasteReferenceOnReady.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Chart.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/FormModal.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/suggest_controller.js https://www.leopoldina.org/fileadmin/templates/js/suggest_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_daterange_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/SearchStatistics.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/search_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-nl.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-de.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/ui-i18n/jquery.ui.datepicker-fr.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.autocomplete.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery.URI.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/jquery-ui.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/JQuery/URI.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_options_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/facet_numericrange_controller.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/npm.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/bootstrap.min.js https://www.leopoldina.org/typo3conf/ext/solr/Resources/Public/JavaScript/Bootstrap/bootstrap.js https://www.leopoldina.org/typo3conf/ext/leoperson/Resources/Public/JavaScript/AutoComplete.js https://maps.google.com https://maps.googleapis.com 'sha256-VnKcPF0SXI7vrqHHFBxL8Nu265d7FOcxnIR7UZMsmik=' 'sha256-EetSc5juzrKThnoUU8TiYNxEMQsUf2qgvd796Y1752c=' 'sha256-5PW87MEdKmJraglxwIr/bMIhXd1wO1jpkK43BfgKYp4=' 'sha256-eNrWMNNA2u2tgugMoaRfWUL9X/EPD9IJ2xYbLdh72z0=' 'sha256-ME31pCqq/7wD00eg3taCEaVmPN7dtAUOaf06Pql0t0Y=' 'sha256-Y/TZkhs0X7DJKF84rNRqe/Ln+I0RfOETL4P7oazR0fs=' 'sha256-0hFLJdsRf/fTQI9pvqO/Sqpiz5otuAGPlptTo/iBYfY=' 'sha256-Wpv58zCqWBy5cNtpCGlDuSxfM68Jt9nw9JX/ApU0zHo=' 'sha256-iNVTx2rrCEFZZqiFpJEIFSHSUdyLcOYpttdxVMnWA20=' 'sha256-NQ4ECg+FMl6LSSoGmYFqKfu5QQjDDE5stg7LGR4QyTM=' 'sha256-jobAp9Jo2TTOCKsgeKT2tK4Ne8fiz90iAA2Of8WdsIo='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.leopoldina.org https://maps.gstatic.com https://*.googleapis.com data:; font-src https://www.leopoldina.org https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://www.etracker.de https://consentcdn.cookiebot.com https://platform.twitter.com https://www.youtube-nocookie.com https://player.vimeo.com https://play.google.com https://www.youtube.com https://maps.googleapis.com; report-uri /typo3conf/ext/csp/csp_report.php 1
upgrade-insecure-requests; frame-ancestors 'self' www.prochorientation.fr *.hautsdefrance.fr *.hautsdefrance.net;	default-src 'self' https://cdnjs.cloudflare.com/ https://newassets.hcaptcha.com https://maps.googleapis.com https://www.googleapis.com https://*.hautsdefrance.net https://*.hautsdefrance.fr;	script-src 'self' 'unsafe-inline' 'unsafe-eval'  blob: https://ajax.googleapis.com https://tag.aticdn.net https://cdn.tarteaucitron.io https://tarteaucitron.io https://platform.twitter.com https://www.youtube.com/ https://js.hcaptcha.com https://maps.google.com/ https://maps.googleapis.com/ https://*.hautsdefrance.fr;	style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com  https://ajax.googleapis.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com  https://cdn.jsdelivr.net https://cdn.tarteaucitron.io;	img-src 'self' data: https://tarteaucitron.io https://logs1412.xiti.com https://secure.gravatar.com https://i.imgur.com https://img.shields.io/ https://*.hautsdefrance.fr/  https://s38924.pcdn.co/ https://s.w.org/ ;	font-src 'self' data: https://maxcdn.bootstrapcdn.com/ https://netdna.bootstrapcdn.com/ https://fonts.gstatic.com/ https://s0.wp.com;	frame-src 'self' https://v.calameo.com https://livemap.getwemap.com https://www.marches-publics.info https://*.hautsdefrance.fr https://webtv.picardie.fr https://www.youtube-nocookie.com https://www.youtube.com https://platform.twitter.com https://www.facebook.com/ https://newassets.hcaptcha.com/;	base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com assets.zendesk.com www.clarity.ms snap.licdn.com bat.bing.com consentcdn.cookiebot.com consent.cookiebot.com static.trackedweb.net secure.data-insight365.com www.google.com www.gstatic.com widget-mediator.zopim.com ajax.cloudflare.com e-ukas.com platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: bat.bing.com www.google.co.uk imgsct.cookiebot.com px.ads.linkedin.com *.clarity.ms secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' ukas1334.zendesk.com ekr.zdassets.com consentcdn.cookiebot.com r1.trackedweb.net region1.google-analytics.com region1.analytics.google.com bam.nr-data.net *.clarity.ms px.ads.linkedin.com www.google.com bat.bing.com adservice.google.com wss://widget-mediator.zopim.com webto.salesforce.com e-ukas.com https://my.yoast.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: data: fonts.gstatic.com fonts.googleapis.com; media-src 'self' static.zdassets.com; frame-src 'self' consentcdn.cookiebot.com www.google.com e-ukas.com www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' consentcdn.cookiebot.com www.google.com e-ukas.com *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; form-action 'self' webto.salesforce.com e-ukas.com; upgrade-insecure-requests; report-uri https://www.ukas.com?gdsih-csp-report; 1
base-uri 'self'; default-src 'report-sample' 'self'; connect-src 'report-sample' 'self' data: *; font-src 'report-sample' 'self' data: *; form-action 'self' https://*.inseego.com https://*.inseego-flux.pages.dev https://*.facebook.com; frame-src 'report-sample' 'self' *; img-src 'report-sample' 'self' blob: data: *; manifest-src https://inseego.com/site.webmanifest; media-src 'self' 'report-sample' data: https://*.inseego.com https://*.inseego-flux.pages.dev https://*.tawk.to; object-src 'self' 'report-sample'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' *; script-src-elem 'report-sample' 'self' 'unsafe-inline' data: *; style-src 'report-sample' 'self' 'unsafe-inline' *; report-uri https://jarvis.inseego.com/inseego-csp-report 1
default-src 'self' https://www.youtube.com; script-src 'self' 'unsafe-inline' https://analytics.synthetix.io https://*.mailerlite.com https://cdn.sanity.io https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.mailerlite.com; img-src 'self' data: https://raw.githubusercontent.com https://*.mailerlite.com https://cdn.sanity.io; font-src 'self' https://fonts.synthetix.io https://fonts.gstatic.com https://*.mailerlite.com; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; connect-src 'self' https://*.mailerlite.com https://cloudflare-eth.com https://api.etherscan.io https://*.infura.io https://*.alchemyapi.io https://synths.snx.eth.link https://analytics.synthetix.io https://cdn.sanity.io https://*.algolia.net https://*.algolianet.com https://hooks.zapier.com; 1
script-src 'report-sample' 'nonce-vF7oHzAJMXKWuejNzLGNjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
default-src 'none'; font-src https: data:; img-src https:; script-src-elem https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; style-src https: 'unsafe-inline'; media-src https: data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; connect-src https:; frame-src https:; script-src https:; 1
default-src *; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://embed.tawk.to https://cdn.mxpnl.com https://js.stripe.com https://platform.twitter.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://embed.tawk.to https://fonts.googleapis.com; img-src *; font-src 'self' https://embed.tawk.to https://fonts.gstatic.com; connect-src *; media-src 'self' https://embed.tawk.to https://bugsee-store-prod-west2.s3.amazonaws.com https://bugsee-store-west2.s3.amazonaws.com/; object-src 'none'; frame-src 'self' https://*.bugsee.com https://js.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; worker-src 'self'; frame-ancestors https://*.bugsee.com https://bugsee.com; form-action 'self' https://*.bugsee.com https://bugsee.com; base-uri 'self' https://*.bugsee.com https://bugsee.com; 1
report-to endpoint; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesmanago.pl *.bing.com *.facebook.net *.cookiebot.com *.doubleclick.net *.google.com *.google.pl *.saleago.com *.google-analytics.com *.googletagmanager.com *.google.com *.tim.pl *.googleadservices.com *.fact-finder.pl *.easypack24.net *.youtube.com *.pagespeed-mod.com *.doubleclick.net *.googlesyndication.com *.hotjar.com connect.facebook.net www.googleadservices.com www.googletagmanager.com app2.salesmanago.pl cdn.jsdelivr.net www.tim.pl googleads.g.doubleclick.net www.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com geowidget.inpost.pl bat.bing.com timsa.fact-finder.pl app2.salesmanago.pl translate.googleapis.com region1.google-analytics.com region1.analytics.google.com ajax.googleapis.com www.google.com www.google.pl pagead2.googlesyndication.com www.pagespeed-mod.com survey.survicate.com surveys-static.survicate.com stats.g.doubleclick.net connect.facebook.net geowidget.easypack24.net embeddable-sandbox.cdn.apollographql.com timsa.fact-finder.pl www.googletagmanager.com unpkg.com *.unpkg.com www.taboola.com *.taboola.com senuto.pl *.senuto.pl ahrefs.com *.ahrefs.com 1
default-src 'self' fonts.gstatic.com *.coloniallife.com use.typekit.net; style-src 'self' 'unsafe-inline' translate.googleapis.com tagmanager.google.com fonts.googleapis.com unumux.github.io optimize.google.com *.mktoweb.com *.coloniallife.com; frame-src 'self' *.doubleclick.net s7.addthis.com bid.g.doubleclick.net mozbar.moz.com gateway.zscalerone.net www.googletagmanager.com googleads.g.doubleclick.net www.facebook.com *.vimeo.com vimeo.com *.buzzsprout.com www.google.com *.mktoweb.com *.coloniallife.com; media-src 'self' 'unsafe-inline' data: *.akamaized.net *.vimeo.com player.vimeo.com vod-progressive.akamaized.net; font-src 'self' www.slant.co data: fonts.gstatic.com www.coloniallife.com coloniallife.com use.typekit.net at.alicdn.com zip.co; child-src 'self' 'unsafe-inline' *.adsrvr.org *.vimeo.com bid.g.doubleclick.net www.buzzsprout.com www.facebook.com *.addthis.com; img-src 'self' 'unsafe-inline' www.google.fr www.google.hu www.google.co.th www.google.cz www.google.az www.google.com.br www.google.es www.google.com.bd www.google.co.ke www.google.ro www.google.com.gh connect.facebook.net translate.google.com www.google.ch www.google.ge www.google.at www.google.com.au www.google.com.pr www.google.com.do www.google.com.mx www.google.com.pk www.google.ca www.google.co.in www.google.de www.google.com.ph www.google.com.et www.google.co.zm www.google.com.ua www.google.com.my www.google.rw www.google.co.uk www.google.ie https://stats.g.doubleclick.net/r/collect stats.g.doubleclick.net/r/ ssl.gstatic.com https://www.google.com/ads/ga-audiences www.google-analytics.com www.coloniallife.com www.googletagmanager.com *.linkedin.com unumux.github.io www.facebook.com *.unum.com www.unumemarketing.com px.ads.linkedin.com www.pages02.net p.adsymptotic.com www.linkedin.com data: secure.adnxs.com q.quora.com bat.bing.com apt.techtarget.com c.clarity.ms www.google-analytics.com www.google.com www.pages01.net c.bing.com *.doubleclick.net www.gstatic.com *.vimeocdn.com forms.hsforms.com track.hubspot.com *.cookielaw.org; base-uri 'self'; form-action 'self' 'unsafe-inline' *.enrollunum.com www.facebook.com www.pages02.net; connect-src 'self' *.googlesyndication.com forms.hscollectedforms.net get663.com www.googletagmanager.com m.addthis.com api-public.addthis.com region1.google-analytics.com https://stats.g.doubleclick.net/j/collect https://ampcid.google.com www.google-analytics.com *.clarity.ms stats.g.doubleclick.net bat.bing.com www.facebook.com forms.hubspot.com api.hubapi.com *.cookielaw.org *.onetrust.com *.linkedin.oribi.io *.mktoresp.com; object-src 'none'; frame-ancestors 'self' www.coloniallife.com coloniallife.com; script-src 'self' www.google.com/recap www.google.com/recaptcha/api.js 'sha256-GmB3Q3eaRbAvu89uKL6mhLgGv5dDSM18NJfw3I69gVA=' 'sha256-ltpN4cYu/MHeSIzO0NHCHzMVw/Tm/dY0VHBZOSkoK7o=' 'sha256-HBUOdr5pJJcWWqzzVjYn/1rQAlIXfLYEyG0+om7Mtgw=' 'sha256-Uuy55UVf17cqTWUBZbravIiMlvooVdIpqfKimEBzaNU=' 'sha256-bKfBJyzitpybQB+s/nisJ1RNHQQ56VB+y9w4+jf9eHs=' 'sha256-tExq4rGcv620IJmf44pIrEgqkbldsXkvnltkIf49/Sw=' 'sha256-sg9dqGQqGYldksIsQDCDVsAjXcGweTrXgTSyj42aywk=' 'unsafe-eval' 'nonce-9m3u7XXhoqXBc2JeLJqbE51XJxY=' s7.addthis.com translate.google.com get663.com *.amcharts.com *.adsrvr.org *.cloudflare.com player.vimeo.com tagmanager.google.com https://ssl.google-analytics.com google-analytics.com www.google-analytics.com ajax.googleapis.com www.googleadservices.com googletagmanager.com www.googletagmanager.com www.googleoptimize.com www.sc.pages01.net www.sc.pages02.net unumux.github.io  connect.facebook.net bat.bing.com extend.vimeocdn.com trk.techtarget.com bat.bing.com stats.g.doubleclick.net *.clarity.ms googleads.g.doubleclick.net snap.licdn.com *.addthis.com *.moatads.com *.addthisedge.com unpkg.com optimize.google.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com apis.google.com z.moatads.com *.cookielaw.org *.mktoweb.com *.mktoweb.net *.marketo.com *.marketo.net *.coloniallife.com; script-src-attr 'unsafe-inline' 'unsafe-hashes'; 1
frame-src *.fls.doubleclick.net *.hotjar.com *.facebook.com *.hsforms.com static.addtoany.com app.hubspot.com youtu.be youtube.com www.youtube.com *.gendex.com *.adsrvr.org *.simplifeye.co *.doubleclick.net *.simplifeye.co *.dexisuniversity.ru dexisuniversity.ru *.google.com dexis.com *.googleanalytics.com *.google-analytics.com *.googleoptimize.com *.googletagmanager.com *.addtoany.com *.hsforms.net *.newrelic.com *.nr-data.net  *.cookielaw.org *.hubspot.com *.googleadservices.com *.licdn.com *.hs-scripts.com *.facebook.net *.usemessages.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.hsleadflows.net https://optimize.google.com  'unsafe-inline' *.prod.acquia-sites.com *.sociabble.com *.qualtrics.com td.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.force.com/embeddedservice/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://payments.salesforce.com/ https://js.stripe.com/ https://www.paypal.com/sdk/js import: blob: https://uip.canary.lwc.dev; object-src 'self' www.google.com; style-src 'self' 'unsafe-inline' https://service.force.com/embeddedservice/ https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css blob: https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; img-src 'self' data: blob: https://indiecommunity.my.salesforce.com https://indiecommunity.file.force.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://login.salesforce.com/icons/ https://payments.salesforce.com/icons/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/icons/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/icons/ https://www.sandbox.paypal.com https://www.paypal.com https://na206.salesforce.com/icons/ https://kdpcommunity.com https://images-na.ssl-images-amazon.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; media-src 'self' blob: https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; frame-ancestors 'self'; frame-src 'self' https://service.force.com/embeddedservice/ https://na206.salesforce.com https://sfdc-link-preview-staging.sfdc.sh https://sfdc-link-preview.hk.salesforce.com https://cdn.embedly.com https://www.youtube.com https://player.vimeo.com https://play.vidyard.com https://player.cloudinary.com https://fast.wistia.net https://players.brightcove.net https://s1.adis.ws https://scormanywhere.secure.force.com https://appiniummastertrial.secure.force.com https://js.stripe.com/ https://www.paypal.com https://www.sandbox.paypal.com https://*.a.forceusercontent.com/lightningmaps/ https://*.a.forceusercontent.com https://location.force.com https://indiecommunity.file.force.com https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; font-src 'self' data: https://fonts.gstatic.com/ https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com; connect-src 'self' https://www.paypal.com https://www.sandbox.paypal.com https://indiecommunity.my.salesforce-scrt.com https://kdpcommunity.com https://assets.prod.abebookscdn.com https://testdata.coremetrics.com https://www.abebooks.com https://www.kdpcommunity.com 1
default-src *; style-src 'unsafe-inline' *; script-src 'unsafe-eval' 'unsafe-inline' *; worker-src 'self' blob:; font-src * data:; img-src * data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.petlink.net *.adyen.com  https://www.googleadservices.com https://www.google-analytics.com https://maps.google.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://in.hotjar.com https://connect.facebook.net https://beacon-v2.helpscout.net https://www.google.com https://www.gstatic.com https://www.youtube.com https://static.doubleclick.net https://maps.googleapis.com https://f.vimeocdn.com https://fastgull.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acuityplatform.com challenges.cloudflare.com *.cloudfunctions.net *.configcat.com storage.googleapis.com cloudflare.hcaptcha.com cf-assets.hcaptcha.com *.kooth.com global.localizecdn.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com; script-src-elem 'self' 'unsafe-inline' data: *.acuityplatform.com challenges.cloudflare.com storage.googleapis.com *.kooth.com global.localizecdn.com *.segment.com *.usefathom.com *.xenzonegroup.com www.googletagmanager.com; connect-src 'self' *.cloudfunctions.net *.configcat.com *.kooth.com global.localizecdn.com *.localizejs.com *.segment.com *.segment.io *.sentry.io *.usefathom.com *.xenzonegroup.com wss://*.xenzonegroup.com *.analytics.google.com; img-src * data:; media-src * data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src * data: chrome-extension: moz-extension: safari-web-extension:; frame-src 'self' vimeo.com *.vimeo.com challenges.cloudflare.com www.googletagmanager.com; object-src 'none'; report-uri https://o367623.ingest.sentry.io/api/5691169/security/?sentry_key=d228aa23f64c4234b0ed98ff46a429d3?sentry_environment=csp_header_in_live 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org connect.facebook.net pghub.io *.pricespider.com mpsnare.iesnare.com cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net cdn.cookielaw.org pixel.tapad.com www.facebook.com *.pricespider.com *.contentful.com feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com cdn.cookielaw.org *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
connect-src bat.bing.com *.clarity.ms c.bing.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https: *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.linkedin.oribi.io px.ads.linkedin.com 'self' data: media.goskills.com http://127.0.0.1:10000 app.goskills.com wss://*.goskills.com; img-src bat.bing.com https: static.hotjar.com px.ads.linkedin.com www.linkedin.com 'self' blob: data: http://127.0.0.1:10000 media.goskills.com *.goskills.com; script-src bat.bing.com *.clarity.ms c.bing.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com www.google.com www.gstatic.com www.recaptcha.net *.hotjar.com 'sha256-1s6ntw2wH8AlwYEIPJuF1P/HFjSf8Zme5/QPCMQGypk=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' snap.licdn.com 'nonce-cc12d01ddee94e51b2dee8a36869a309' 'strict-dynamic' 'unsafe-inline' 'report-sample' http://127.0.0.1:10000 *.goskills.com *.freshchat.com fw-cdn.com; style-src 'sha256-/Q4se7FLGCaPFRdiDgb/uQcgnY12w7eKaV8TA9b4SEc=' 'self' 'unsafe-inline' *.goskills.com *.freshchat.com; frame-src www.google.com recaptcha.google.com www.recaptcha.net *.hotjar.com 'self' *.freshchat.com; font-src *.hotjar.com; base-uri 'self'; default-src 'none'; form-action 'self'; frame-ancestors 'none'; manifest-src 'self' *.goskills.com; media-src 'self' blob: data: media.goskills.com *.goskills.com; object-src 'none'; worker-src 'self' blob: http://127.0.0.1:10000; report-uri https://goskills.report-uri.com/r/d/csp/reportOnly 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' *.mouseflow.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net; child-src *; connect-src * data: 'unsafe-inline' https://settings.luckyorange.net wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com; font-src * data: blob: 'unsafe-inline'; frame-ancestors *; img-src * data: blob: 'unsafe-inline' https://d10lpsik1i8c69.cloudfront.net www.googletagmanager.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://d10lpsik1i8c69.cloudfront.net https://www.googletagmanager.com; script-src-elem * data: blob: 'unsafe-inline' 'unsafe-eval' https://d10lpsik1i8c69.cloudfront.net https://www.googletagmanager.com; style-src * data: blob: 'unsafe-inline'; worker-src blob:; report-uri https://o70354.ingest.sentry.io/api/5454944/security/?sentry_key=f021e6378c8041db845adf2b868dd767&sentry_environment=production&zego=v5-apache 1
default-src https:  data:  mediastream: blob:  wss://*.hotjar.com  'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
object-src 'none'; script-src 'sha256-+KWtD0pg8cePmXQY12ipUH1n91j0hF8XDaIMhJo7tDo=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'self' 1
frame-src https://tdameritradenetwork.com www.google.com s7.addthis.com *.tdameritrade.com https://www.tdameritrade.com tdameritrade.demdex.net *.tdameritrade.demdex.net 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' icrt-eboces.esolg.com www.google-analytics.com cse.google.com www.google.com *.hotjar.com www.gstatic.com translate.google.com js.esolutionsgroup.ca *.doubleclick.net *.cludo.com *.googleapis.com *.google.com *.twitter.com; style-src 'self' 'unsafe-inline' icrt-eboces.esolg.com *.cludo.com *.gstatic.com *.google.com js.esolutionsgroup.ca *.googleapis.com; img-src *; media-src *; frame-src 'self' www.google.com *.twitter.com; font-src *; connect-src 'self' *.cludo.com *.google.com *.doubleclick.net *.googleapis.com *.hotjar.com 1
frame-ancestors https://manage.scienceandmedicinegroup.com/ 1
default-src https:; img-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
default-src https: data: 'unsafe-inline'; frame-ancestors 'self'; 1
base-uri 'self'; default-src https: data:; script-src blob: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https://*.crisp.chat https://*.zapier.com https://www.googletagmanager.com https://*.trackjs.com https://*.abtasty.com *.intercom.io *.facebook.net *.facebook.com www.google-analytics.com https://*.axept.io *.google.com app.termly.io  *.vimeo.com *.bugsnag.com https://sentry.io https://*.sendinblue.com https://*.mixpanel.com https://*.imagify.io https://yoast.com https://links.services.disqus.com wss://*.crisp.chat wss://*.intercom.io wss://realtime.services.disqus.com https://ampcid.google.fr https://amp-error-reporting.appspot.com https://cdn.ampproject.org https://*.affilae.com  https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.bing.com https://*.g.doubleclick.net https://*.legalplace.fr; object-src 'self'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' raw.githubusercontent.com cdn.jsdelivr.net www.jsdelivr.com raw.github.com cdnjs.cloudflare.com rawgit.com s3.amazonaws.com/glancecdn/cobrowse www.glancecdn.net maps.googleapis.com www.google-analytics.com www.google.com/jsapi *.comm100.com vimeo.com/api/oembed.json alq.ixn.tech/js/alq.widget.js *.auraservices.cloud *.thelifedx.com *.magnumswissre.com *.appcues.com *.mxpnl.com hssvzuitestsa.z14.web.core.windows.net visualizations.hexure.com sand-ltc.ixn.io *.surancebay.com 1
child-src 'self' https://www.instagram.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://www.shoplooks.com https://www.recaptcha.net https://recaptcha.net https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://tr.snapchat.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://www.pinterest.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.liveperson.net wss://*.liveperson.net  https://services.postcodeanywhere.co.uk https://*.googleapis.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.baidu.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com wss://*.liveperson.net https://www.allsole.com/e2/ds/relay https://horizon-api.www.allsole.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://m.allsole.com https://checkout.allsole.com https://www.allsole.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' https://cdn.parcellab.com 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.parcellab.com https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.baidu.com https://remote.captcha.com https://ssl.bing.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://www.recaptcha.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://www.allsole.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1
default-src 'none'; base-uri 'self'; child-src 'self' ghbtns.com; connect-src 'self'; font-src 'self'; form-action 'self' www.paypal.com; frame-ancestors 'none'; frame-src 'self' ghbtns.com; img-src 'self' data: www.google-analytics.com *.githubusercontent.com; manifest-src 'self'; script-src 'self' www.google-analytics.com; style-src 'self'; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-banner.net js.usemessages.com *.hsforms.net cdn2.hubspot.net https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com/  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://snap.licdn.com  cdn.jsdelivr.net 'strict-dynamic' 'nonce-7WEZSU7fWj4QHUyJCMagNg=='; connect-src 'self' *.hubspot.com api.hubapi.com js.hs-banner.com *.hsforms.com *.google-analytics.com https://www.google.com https://www.facebook.com/ *.g.doubleclick.net  https://cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' static.hsappstatic.net fonts.googleapis.com cdn2.hubspot.net cdn.jsdelivr.net https://ajax.googleapis.com; font-src 'self' fonts.gstatic.com cdn2.hubspot.net; img-src 'self' data: *.hubspot.com *.hubspotusercontent-na1.net static.hsappstatic.net *.hsforms.com https://img.youtube.com/  maps.googleapis.com maps.gstatic.com https://www.facebook.com/ *.linkedin.com https://www.google.com https://www.google.be https://www.google-analytics.com https://www.googletagmanager.com/; frame-src *.hubspot.com *.hsforms.com https://www.youtube.com/ https://www.google.com https://www.facebook.com/ https://platform.twitter.com/; prefetch-src 'self' static.hsappstatic.net; upgrade-insecure-requests; 1
default-src 'self' *.tullverket.se www.youtube.com www.google.com surfly.com platform.twitter.com; script-src 'self' *.tullverket.se www.google.com chat.smartcall.cc surfly.com www.gstatic.com platform.twitter.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' webstats.tullverket.se chat.smartcall.cc surfly.com; img-src 'self' *.reachmee.com; style-src 'self' platform.twitter.com chat.smartcall.cc surfly.com 'unsafe-inline'; base-uri 'self'; font-src 'self'; 1
frame-ancestors self https://vixcloud.co 1
frame-ancestors 'self' xmatters.com *.xmatters.com xmatters-mktg.web.app xmatters-mktg.firebaseapp.com ws.zoominfo.com ws-assets.zoominfo.com *.zoominfo.com everbridge--bots.sandbox.my.site.com everbridge.lightning.force.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ruvoip.net https://counter.yadro.ru https://mc.yandex.ru https://d31j93rd8oukbv.cloudfront.net https://www.acint.net https://ssp-rtb.sape.ru https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://*.wp.com https://*.gravatar.com https://cdnjs.cloudflare.com https://telegram.org; style-src 'self' 'unsafe-inline' https://ruvoip.net https://fonts.googleapis.com *.wp.com https://*.gravatar.com https://telegram.org; font-src 'self' 'unsafe-inline' https://ruvoip.net data: https://fonts.gstatic.com https://fonts.googleapis.com https://wordpress.com *.wp.com 1
default-src 'none'; font-src 'self' data:; img-src * data:; script-src 'self' cdnjs.cloudflare.com *.parsely.com polyfill.io www.google-analytics.com www.googletagmanager.com 'sha256-H5kd9M8V6uuCfbTYgkN+i8PNamD2/8mg6mTH4EdpzZ8='; style-src 'unsafe-inline'; connect-src *; frame-src *; media-src api.a16zcrypto.com; 1
default-src 'self' 'unsafe-inline' data: https://*.googlesyndication.com https://*.libanswers.com https://*.ebscohost.com https://*.eab.com https://*.jquery.com https://*.lawdegree.mc.edu https://qvdt3feo.com https://*.lottiefiles.com https://*.calendly.com https://calendly.com https://*.cdninstagram.com https://graph.instagram.com https://*.mc.edu https://*.stripe.com https://*.paypal.com https://*.typekit.net https://www.instagram.com https://unibuddy.co https://*.vimeo.com https://*.technolutions.net https://www.shoppingsheet.com https://mississippicollege-1ba9f.kxcdn.com ldaps://ad.mc.edu https://*.linkedin.com https://*.siteimproveanalytics.io  https://p.adsymptotic.com https://*.googleapis.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://*.google.com https://*.withgoogle.com https://*.doubleclick.net https://*.meritpages.com https://*.bing.com https://*.clarity.ms https://*.stackadapt.com https://cdn.linkedin.oribi.io https://*.facebook.net https://*.facebook.com https://www.clickcease.com https://analytics.tiktok.com https://*.gstatic.com https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.vimeocdn.com https://forms.monday.com/ https://*.jsdelivr.net https://diplomasondemandweb.com; script-src 'unsafe-inline'  'unsafe-eval' properties: https://*.eab.com https://*.googlesyndication.com https://*.libanswers.com https://*.ebscohost.com https://*.jquery.com https://*.lawdegree.mc.edu https://qvdt3feo.com https://*.mc.edu https://*.calendly.com https://*.lottiefiles.com https://*.stripe.com https://*.paypal.com https://www.instagram.com https://www.googleoptimize.com https://*.unibuddy.co https://unpkg.com https://*.jsdelivr.net https://*.cloudflare.com https://www.shoppingsheet.com https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://www.googleadservices.com https://www.clarity.ms https://*.stackadapt.com https://mississippicollege-1ba9f.kxcdn.com https://*.meritpages.com https://snap.licdn.com https://connect.facebook.net https://www.clickcease.com https://analytics.tiktok.com https://*.doubleclick.net https://*.technolutions.net https://siteimproveanalytics.com https://*.vimeo.com https://*.vimeocdn.com https://*.twitter.com https://diplomasondemandweb.com; style-src 'self' 'unsafe-inline' https://*.eab.com https://*.googlesyndication.com https://*.ebscohost.com  https://*.jquery.com https://*.lawdegree.mc.edu https://qvdt3feo.com https://*.mc.edu https://*.calendly.com https://calendly.com https://*.lottiefiles.com https://*.stripe.com https://*.paypal.com https://www.shoppingsheet.com https://www.google.com https://*.googleapis.com https://*.gstatic.com https://mississippicollege-1ba9f.kxcdn.com https://*.typekit.net https://*.technolutions.net https://*.stackadapt.com https://s3.amazonaws.com https://diplomasondemandweb.com/ https://*.jsdelivr.net https://*.vimeo.com https://*.vimeocdn.com; frame-ancestors 'self' https://mc.meritpages.com https://www.meritpages.com https://*.unibuddy.co https://*.calendly.com https://*.mac.mc.edu 1
frame-ancestors 'self' https://*.exasol.com upgrade-insecure-requests 1
default-src 'self'; img-src 'self' data: http: https: *.hot-chilli.net *.hot-chilli.eu *.gravatar.com *.wp.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: http: https: *.google.com; style-src 'self' 'unsafe-inline'; font-src 'self' data: http: https: *.google.com; frame-src 'self' data: http: https: *.google.com; 1
default-src 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:*; script-src 'self' 'unsafe-inline' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.google-analytics.com https://*.google-analytics.com http://*.twitter.com https://*.twitter.com http://*.facebook.net https://*.facebook.net http://*.paypalobjects.com https://*.paypalobjects.com http://*.paypal.com https://*.paypal.com http://*.stripe.com https://*.stripe.com http://*.googletagmanager.com https://*.googletagmanager.com 'unsafe-eval' http://www.google-analytics.com https://www.google-analytics.com; connect-src * 'self' https://wwwddp.linguahouse.com ws://wwwddp.linguahouse.com https://www.linguahouse.com ws://www.linguahouse.com wss://wwwddp.linguahouse.com wss://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:*; img-src data: 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.doubleclick.net https://*.doubleclick.net http://*.facebook.com https://*.facebook.com http://*.google.com https://*.google.com https://* http://www.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.googleapis.com https://*.googleapis.com; frame-src 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.ted.com https://*.ted.com http://*.youtube.com https://*.youtube.com http://*.facebook.com https://*.facebook.com http://*.twitter.com https://*.twitter.com http://*.paypal.com https://*.paypal.com http://*.stripe.com https://*.stripe.com; font-src 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://*.gstatic.com https://*.gstatic.com data:; media-src 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* data:; frame-ancestors 'self' https://wwwddp.linguahouse.com https://www.linguahouse.com http://*.mobibeam.com:* https://*.mobibeam.com:* http://*.linguahouse.com:* https://*.linguahouse.com:* http://localhost:*; 1
frame-ancestors 'self' vetrina.giocodellotto.it file://* app://mylotteries lotto-italia.it grattaevinci.com lotteria-italia.it grattaevincionline.it www.lotto-italia.it www.grattaevinci.com www.lotteria-italia.it www.grattaevincionline.it; 1
frame-ancestors 'self' piwik.rz.hs-fulda.de *.virtualexpo.info hochschule-fulda.ebm.ai; 1
default-src 'self'; font-src 'self' data: fonts.gstatic.com; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com *.braintreegateway.com www.paypalobjects.com c.paypal.com *.cardinalcommerce.com songbird.cardinalcommerce.com js.stripe.com browser.sentry-cdn.com js.sentry-cdn.com 'unsafe-eval'; connect-src 'self' vod-progressive.akamaized.net *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com kg668dbov0.execute-api.us-east-1.amazonaws.com api.stripe.com js.stripe.com issuing-key.stripe.com fcmregistrations.googleapis.com firebaseinstallations.googleapis.com sentry.io www.onlinescoutmanager.co.uk:3000 wss://www.onlinescoutmanager.co.uk:3000 dojotoolkit.org; img-src 'self' data: oym-public.s3.eu-west-2.amazonaws.com *.openstreetmap.org i.vimeocdn.com assets.braintreegateway.com checkout.paypal.com; form-action 'self' *.cardinalcommerce.com *.arcot.com songbird.cardinalcommerce.com *.rda3dsauth.co.uk *.ipg-online.com; base-uri 'self'; manifest-src 'self'; child-src 'self' assets.braintreegateway.com c.paypal.com; frame-src * data: blob: ; media-src 'self' oym-live.s3.eu-west-2.amazonaws.com player.vimeo.com vod-progressive.akamaized.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' www.google.com www.gstatic.com *.braintreegateway.com www.paypalobjects.com c.paypal.com *.cardinalcommerce.com songbird.cardinalcommerce.com js.stripe.com browser.sentry-cdn.com js.sentry-cdn.com; report-uri /webhooks/csp/?blocked=true; 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/6403db4b-9e48-47f1-bd3f-02aa716e0791/state.js https://consent.cookiebot.com/6403db4b-9e48-47f1-bd3f-02aa716e0791/cc.js https://consent.cookiebot.com/6403db4b-9e48-47f1-bd3f-02aa716e0791/cd.js https://consent.cookiebot.com/6403db4b-9e48-47f1-bd3f-02aa716e0791/cdreport.js https://consent.cookiebot.com/logconsent.ashx https://wwwchat.etes.de/packs/js/sdk.js https://stats.etes.de; style-src 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.etes.de https://salesviewer.org https://salesviewer.com https://www.salesviewer.org https://www.salesviewer.com https://wwwchat.etes.de; font-src 'self'; frame-src 'self' https://consentcdn.cookiebot.com https://www.openstreetmap.org https://www.youtube-nocookie.com https://wwwchat.etes.de; img-src 'self' data: https://www.google-analytics.com https://stats.etes.de https://salesviewer.org; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self'; form-action 'self' https://seu2.cleverreach.com; 1
"default-src 'none'; img-src 'self'; script-src 'self'; object-src 'self';" 1
frame-ancestors 'self' https://pitergsm.bitrix24.ru; 1
default-src 'self' www.fibabanka.com.tr; script-src 'self' www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com http://platform.stumbleupon.com/1/widgets.js https://optimize.google.com/ https://mc.yandex.ru/ maps.google.com https://cdn.efilli.com/ https://tagmanager.google.com/debug/api/vtinfo https://snap.licdn.com/ *.efilli.com https://countly.fibabanka.com.tr/ https://tagmanager.google.com/debug/debuguiApp-bundle.js https://tagmanager.google.com/debug https://tagmanager.google.com/debug/* https://tagmanager.google.com/* *.doubleclick.net sjs.bizographics.com www.googleadservices.com *.maps.yandex.net www.googletagmanager.com www.gstatic.com api-maps.yandex.ru optimize.google.com maps.googleapis.com ajax.googleapis.com https://www.youtube.com/iframe_api *.linkedin.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://cdn.speedcurve.com https://static.criteo.net https://assets.cookieseal.com/ https://widget.fibabanka.com.tr www.fibabanka.com.tr web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://tagmanager.google.com/debug/css.css https://optimize.google.com/ https://countly.fibabanka.com.tr/ fonts.googleapis.com *.efilli.com https://assets.cookieseal.com/ https://widget.fibabanka.com.tr www.fibabanka.com.tr web-chat.nativechat.com 'unsafe-inline'; img-src 'self' platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://cdn.fibabanka.com.tr https://app.cbot.ai https://mc.yandex.ru/ https://cdn.efilli.com/ *.efilli.com https://ssl.gstatic.com https://optimize.google.com/ https://p.adsymptotic.com/ https://px.ads.linkedin.com/ https://countly.fibabanka.com.tr/ https://widget.fibabanka.com.tr https://ssl.gstatic.com/analytics-suite/header/legacy/v2/ic_tag_manager.svg https://www.gstatic.com/images/ api-maps.yandex.ru maps.gstatic.com maps.googleapis.com www.googletagmanager.com *.google.com *.doubleclick.net/* *.google.com.tr https://stats.g.doubleclick.net/r/collect *.maps.yandex.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com https://ad.adrttt.com www.fibabanka.com.tr web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://optimize.google.com/ https://cdn.efilli.com/ https://countly.fibabanka.com.tr/ *.efilli.com https://widget.fibabanka.com.tr www.fibabanka.com.tr; frame-ancestors testib.fibabanka.com.tr uatib.fibabanka.com.tr preib.fibabanka.com.tr internetbankaciligi.fibabanka.com.tr fiba2021.agencylook.org www.google.com www.youtube.com youtube.com 'self'; connect-src 'self' accounts.google.com *.efilli.com https://mc.yandex.ru https://cdn.efilli.com/ https://optimize.google.com/ https://widget.fibabanka.com.tr/ https://countly.fibabanka.com.tr/ *.mktoresp.com https://apinode.cookieseal.com wss://livechat.fibabanka.com.tr kor01rp02.signfordeaf.com maps.googleapis.com; media-src 'self' data: blob: widget.fibabanka.com.tr www.fibabanka.com.tr cdn01.signfordeaf.com https://cdn.fibabanka.com.tr; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://mc.yandex.ru https://cdn.efilli.com/ https://optimize.google.com/ https://countly.fibabanka.com.tr/ *.doubleclick.net/ *.efilli.com www.google.com api-maps.yandex.ru https://apinode.cookieseal.com web-chat.nativechat.com; frame-src www.google.com www.youtube.com youtube.com countly.fibabanka.com.tr 'self' web-chat.nativechat.com 1
default-src 'self'; script-src 'self' dienste.kvb.de *.kv-safenet.de player.vimeo.com www.youtube.com 'nonce-c84b5f5cbdb8e26e60' 'nonce-4b82449b29ea0a4242' 'nonce-3a0bfc4c70202246fa'; style-src 'self' 'unsafe-inline'; img-src 'self'; frame-src https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/; font-src 'self'; connect-src 'self' dienste.kvb.de *.kv-safenet.de; report-uri https://7dx7gcb3.uriports.com/reports/enforce; report-to https://7dx7gcb3.uriports.com/reports/enforce 1
base-uri 'self' https://hcaptcha.com https://*.hcaptcha.com; child-src https://*.craigslist.org; connect-src https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; font-src data:; form-action https://*.craigslist.org; frame-ancestors 'self'; frame-src https://*.craigslist.org https://craigslist.org https://hcaptcha.com https://*.hcaptcha.com; media-src data:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com; style-src 'unsafe-inline' https://*.craigslist.org https://hcaptcha.com https://*.hcaptcha.com 1
<policy directive>; 1
report-uri https://manage.onlineueberweisen.com/csp;base-uri 'self';object-src 'self';script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-KmawFijOnwTO6w9hhggmRG5qzMHogSEd';style-src 'self' 'unsafe-inline' https://api.xs2a.com;frame-src 'self' 'unsafe-inline' https://api.xs2a.com https://www.google.com/recaptcha/;media-src 'none';font-src 'self';connect-src 'self';default-src 'none';img-src 'self' https://maps.googleapis.com https://api.xs2a.com data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.inbenta.chat:* http://*.inbenta.io http://*.inbenta.com http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.google.com.mx http://*.gstatic.com http://*.googleapis.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://wingify-assets.s3.amazonaws.com https://s3.amazonaws.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://ajax.aspnetcdn.com http://claroecuador.s1gateway.com http://*.claro.com.ec http://miclaro.com.ec http://*.geodata.com.ec http://*.clarovideo.net http://*.claromusica.com https://*.hotjar.com:* https://*.hotjar.io https://*.inbenta.chat:* https://*.inbenta.io https://*.inbenta.com https://*.googletagmanager.com https://*.google-analytics.com https://*.google.com https://*.google.com.mx https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://api-prod-ec.prod.clarodigital.net https://*.adform.net https://ajax.aspnetcdn.com https://claroecuador.s1gateway.com https://*.claro.com.ec https://miclaro.com.ec https://*.geodata.com.ec https://snap.licdn.com https://*.clarovideo.net https://catalogo.claro.com.ec https://api-prod-general.prod.clarodigital.net https://*.ggpht.com https://polyfill.io https://*.claromusica.com https://*.linkedin.com https://*.oribi.io https://*.clarity.ms https://www.youtube-nocookie.com; media-src mediastream:; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' data: blob: https: 1
script-src 'self' usa.experian.com smetrics1.experian.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com tagmanager.google.com pay.google.com www.google.com/recaptcha/api.js *.youtube.com *.facebook.net *.discover.com *.btstatic.com *.thebrighttag.com *.visualwebsiteoptimizer.com *.cloudflare.com *.clicktale.net *.siteimproveanalytics.com siteimproveanalytics.com *.pendo.io *.heapanalytics.com *.websecurity.norton.com nexus.ensighten.com *.aexp-static.com service.maxymiser.net omns.americanexpress.com lptag.liveperson.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net *.humanapi.co *.sundaysky.com edge.fullstory.com *.datadoghq-browser-agent.com *.datadoghq.com connect.finicity.com connect2.finicity.com bat.bing.com *.doubleclick.net *.truebill.com *.truebill.dev *.truebill.work *.amazonaws.com *.adobedtm.com *.decibelinsight.net 'unsafe-inline' 'unsafe-eval' blob: ; object-src 'self'; 1
script-src 'unsafe-inline' 'unsafe-eval' blob: 'self' 'wasm-unsafe-eval' https://challenges.cloudflare.com; connect-src 'self' https://crypto-exchange-logos-production.s3.us-west-2.amazonaws.com https://crypto-token-logo-proposals-production.s3.us-west-2.amazonaws.com https://static.cloudflareinsights.com https://*.g.alchemy.com https://cloudflare-eth.com https://auth.privy.io wss://relay.walletconnect.com wss://relay.walletconnect.org wss://www.walletlink.org https://*.rpc.privy.systems wss://realtime-api.defined.fi https://plaus.defined.fi https://*.ingest.sentry.io https://d2gndqco47nwa6.cloudfront.net https://graph.defined.fi https://explorer-api.walletconnect.com https://api.turnkey.com; frame-src 'self' https://*.turnkey.com blob: https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org https://challenges.cloudflare.com; child-src https://auth.privy.io https://verify.walletconnect.com https://verify.walletconnect.org; object-src 'none'; 1
frame-ancestors 'self'; report-uri https://csp-report.scoro.com; 1
frame-ancestors "self" https://*.belvo.com:*; 1
frame-ancestors 'self' egp-resources.enelgreenpower.com egp.webdraft.co.it resources.enelgreenpower.com resources-dev.enelint.global 1
default-src https: 'self' 'unsafe-inline'; font-src https: data: 'self' 'unsafe-inline'; img-src https: data:; script-src https: 'self' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; 1
default-src 'self' *.adecco.com *.google.com *.tiqcdn.com *.tealiumiq.com *.join-stories.com https://chatwindow-v2.api.kmblabs.com *.adecco.fr;script-src 'self' *.pw.adn.cloud 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://chatwindow-v2.api.kmblabs.com *.tiqcdn.com *.tealiumiq.com api.herefish.com *.regionsjob.com *.sociabble.com *.trinitymedia.ai trinitymedia.ai player.ausha.co *.join-stories.com https://ct.pinterest.com/static/ct/token_create.js *.adecco-group.com *.urssaf.fr *.thinglink.me *.thinglink.com *.typeform.com *.youtube.com *.link-page.info *.amazonaws.com *.snapchat.com sc-static.net *.facebook.net *.licdn.com *.tiktok.com *.ads-twitter.com *.contentsquare.net *.googleadservices.com *.clarity.ms *.appsflyer.com *.pinimg.com *.kmblabs.com *.tiqcdn.com *.cookielaw.org s7.addthis.com apply.indeed.com *.google.com *.marketo.net *.marketo.com *.mktoresp.com *.gstatic.com *.adecco.com *.adecco.fr *.speedcurve.com https://d1986lffsl15jz.cloudfront.net *.googletagmanager.com *.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chatwindow-v2.api.kmblabs.com *.herefish.com *.marketo.com *.typeform.com;form-action 'self' *.facebook.com;object-src https://chatwindow-v2.api.kmblabs.com;font-src 'self' *.kmblabs.com https://chatwindow-v2.api.kmblabs.com *.appsflyer.com *.adecco.com *.adecco.fr https://fonts.gstatic.com https://fonts.googleapis.com https://s3-us-west-2.amazonaws.com https://d1986lffsl15jz.cloudfront.net;frame-ancestors https://www.pro.komin.com;upgrade-insecure-requests;block-all-mixed-content;img-src data: w3.org 'self' *.googletagmanager.com *.google.fr https://chatwindow-v2.api.kmblabs.com *.postimg.cc *.herefish.com *.onelink.me *.indeed.com *.typeform.com *.snapchat.com *.doubleclick.net *.linkedin.com *.pinterest.com *.t.co *.twitter.com *.contentsquare.net *.bing.com t.co *.facebook.com *.clarity.ms *.cookielaw.org *.ibb.co *.imageshack.com *.kmblabs.com hebergement.blob.core.windows.net *.marketo.com *.googleapis.com *.gstatic.com *.google.com *.adecco.com *.adecco.fr https://d1986lffsl15jz.cloudfront.net; connect-src 'self' *.pw.adn.cloud http://adecco-prod.alb.chatbot.kmblabs.com/ https://kmbui-transcribe.s3.eu-west-1.amazonaws.com/ https://kmbui-files.s3.eu-west-1.amazonaws.com/ https://chatwindow-v2.api.kmblabs.com api.stories.studio https://b4v6fmkife.execute-api.eu-west-1.amazonaws.com https://s3.eu-west-1.amazonaws.com/kmbui-files *.appsflyer.com *.tealiumiq.com *.trinitymedia.ai *.google.com *.onetrust.com *.linkedin.com *.snapchat.com *.clarity.ms *.contentsquare.net *.mktoresp.com *.kickmybot.com https://app.contentsquare.com https://t.contentsquare.net https://contentsquare.com https://*.google-analytics.com https://cdn.adeccogroup.com https://cdn.cookielaw.org https://websdk.appsflyer.com https://cdn-public.sociabble.com https://t.regionsjob.com https://connect.facebook.net https://s3.amazonaws.com https://js.adsrvr.org https://analytics.tiktok.com https://googleads.g.doubleclick.net https://tags.tiqcdn.com https://www.googleadservices.com https://s.pinimg.com https://sc-static.net https://tr.snapchat.com https://csxd.adecco.fr https://cmp-adecco.my.site.com https://insight.adsrvr.org https://t.regionsjob.com https://www.jometer.com https://clickmeter.com https://trk.thematopi.com https://jotrack.s3.amazonaws.com https://conversions.clickmeter.com https://*.googletagmanager.com https://*.sandbox.my.site.com https://www.trinityaudio.ai https://*.herefish.com https://*.googleapis.com https://font.gstatic.com https://*.kmblabs.com https://cdn.speedcurve.com https://ct.pinterest.com https://snap.licdn.com https://www.clarity.ms;frame-src schedule.nylas.com *.adecco.fr *.kmblabs.com *.marketo.com https://go.adecco-group.com/ https://ubishaker.com/ https://shakr.cc/ *.herefish.com *.thinglink.me *.thinglink.com jotrack.s3.amazonaws.com player.ausha.co *.google.com *.youtube.com *.pinterest.com *.snapchat.com *.groupe-adecco.fr *.join-stories.com *.doubleclick.net *.jometer.com trinitymedia.ai *.urssaf.fr *.typeform.com *.facebook.com;worker-src blob: 1
default-src 'self'; connect-src 'self' https://*.vcm.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubapi.com https://graph.facebook.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://www.bugherd.com https://sockjs.pusher.com wss://ws.pusherapp.com https://fonts.googleapis.com https://vcm.onlineprospectus.net https://www.juicer.io https://smetrics.vcm.com  https://dpm.demdex.net  https://px.ads.linkedin.com/wa; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vcm.onlineprospectus.net https://www.facebook.com https://googleads.g.doubleclick.net https://snap.licdn.com https://js.hsforms.net https://js.hsadspixel.net https://forms.hsforms.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://*.id.opendns.com https://js.hs-banner.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://contentdsp.com https://assets.juicer.io https://cdnjs.cloudflare.com https://www.youtube.com https://apps.usw2.pure.cloud https://www.bugherd.com https://use.typekit.net https://dinkytown.net https://code.jquery.com  https://assets.adobedtm.com https://s.ytimg.com https://d2wy8f7a9ursnm.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com https://use.typekit.net https://dinkytown.net https://d2iiunr5ws5ch1.cloudfront.net https://tags.srv.stackadapt.com https://assets.juicer.io https://www.bugherd.com https://vcm.onlineprospectus.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://www.dinkytown.net; img-src 'self' https://d2iiunr5ws5ch1.cloudfront.net https://d21y75miwcfqoq.cloudfront.net https://www.juicer.io https://*.fbcdn.net https://www.google.co.in https://p.adsymptotic.com https://px.ads.linkedin.com https://forms.hsforms.com https://track.hubspot.com https://dpm.demdex.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://media-exp1.licdn.com https://*.id.opendns.com https://pbs.twimg.com https://assets.juicer.io https://smetrics.vcm.com https://cm.everesttech.net https://p.typekit.net https://srv.stackadapt.com; font-src 'self' https://www.bugherd.com  https://d2iiunr5ws5ch1.cloudfront.net https://fonts.gstatic.com https://static.juicer.io https://stackpath.bootstrapcdn.com data://* use.typekit.net; worker-src blob:; frame-src https://vcm.demdex.net https://www.youtube.com https://vcm-mkt-stage1-m.adobe-campaign.com https://t.mail.vcm.com https://bid.g.doubleclick.net https://html5-player.libsyn.com https://forms.hsforms.com https://www.google.com https://www.gstatic.com https://10877860.fls.doubleclick.net; media-src https://video.twimg.com https://*.fbcdn.net; form-action 'self' https://*.vcm.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.hubapi.com https://graph.facebook.com https://forms.hubspot.com https://tags.srv.stackadapt.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://www.bugherd.com https://sockjs.pusher.com wss://ws.pusherapp.com https://fonts.googleapis.com https://vcm.onlineprospectus.net https://www.juicer.io https://smetrics.vcm.com  https://dpm.demdex.net https://webto.salesforce.com; 1
frame-ancestors 'self' *.arenaev.com; 1
frame-ancestors 'self' *.vystarcu.org; 1
default-src 'self'; frame-ancestors 'self'; frame-src 'self' https://tablebuilder.singstat.gov.sg/ https://cse.google.com/   forms.cwp.gov.sg *.youtube.com ws.sharethis.com wogaa.demdex.net fast.wogaa.demdex.net *.powerbi.com www.google.com *.sitecore.net *.sitecore.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com https://partner.googleadservices.com/ http://cse.google.com/   http://clients1.google.com/ https://cse.google.com/ https://*.vica.gov.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com assets.adobedtm.com *.dcube.cloud *.wogaa.sg *.demdex.net wogadobeanalytics.sc.omtrdc.net va.ecitizen.gov.sg *.sharethis.com *.gstatic.com www.google.com; style-src 'self' 'unsafe-inline' https://www.google.com/ https://*.vica.gov.sg va.ecitizen.gov.sg *.sharethis.com *.gstatic.com assets.dcube.cloud assets.wogaa.sg fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.rawgit.com; img-src 'self'  https://www.googleapis.com/     *.google.com  *.gstatic.com           *.gov.sg https://*.vica.gov.sg/ https://bucket-common.vica.gov.sg/ https://www-singstat-gov-sg.cwp-stg.sg/  https://www-singstat-gov-sg.cwp.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com wogadobeanalytics.sc.omtrdc.net cm.everesttech.net dpm.demdex.net va.ecitizen.gov.sg *.sharethis.com data:; font-src data: 'self' https://*.vica.gov.sg/ *.amazonaws.com va.ecitizen.gov.sg *.gstatic.com assets.dcube.cloud assets.wogaa.sg maxcdn.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' 'unsafe-inline' https://csp.withgoogle.com/  wss://*.vica.gov.sg *.gov.sg https://*.vica.gov.sg/ https://test-gpc-1.sg.va.sabio.cloud/ www.google-analytics.com dpm.demdex.net wogadobeanalytics.sc.omtrdc.net *.gstatic.com *.dcube.cloud *.wogaa.sg va.ecitizen.gov.sg *.sharethis.com; 1
frame-ancestors https://*.betdaq.com 1
frame-ancestors 'self' https://*.f-cut.ch https://localhost:3000 1
default-src 'self' https: data: blob: *.gravatar.com; style-src 'self' 'unsafe-inline' https: data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-ancestors 'self' https://*.nvisioncenters.com https://scheduling.convo360.com 1
default-src 'self' https://www.google.com https://yoomoney.ru; script-src 'self' https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://mc.yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://www.google.com https://www.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; upgrade-insecure-requests; 1
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' *;    child-src * blob:;    style-src 'self' 'unsafe-inline' *;    img-src * blob: data:;    media-src * blob: data:;    connect-src *;    font-src 'self' data: https://newsletter.apps.eurac.edu; 1
default-src 'self'; connect-src 'self' https://www.facebook.com https://*.omappapi.com *.nr-data.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://ekr.zdassets.com https://*.zopim.com https://oregonzoo.zendesk.com wss://*.zopim.com wss://oregonzoo.zendesk.com https://payments.blackbaud.com https://app.dafwidget.com/; font-src 'self' data: use.typekit.net fonts.gstatic.com use.fontawesome.com; frame-src 'self' *.youtube.com *.doubleclick.net *.vimeo.com https://bbox.blackbaudhosting.com https://*.google.com https://payments.blackbaud.com https://www.facebook.com https://host.nxt.blackbaud.com; img-src 'self' data: https://www.facebook.com https://*.ytimg.com https://*.ggpht.com https://*.gstatic.com https://*.omappapi.com https://bbox.blackbaudhosting.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://v2assets.zopim.io https://static.zdassets.com; media-src 'self' https://static.zdassets.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.facebook.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.youtube.com https://*.google-analytics.com https://*.omappapi.com https://*.doubleclick.net https://*.ytimg.com https://bbox.blackbaudhosting.com https://*.gstatic.com https://js-agent.newrelic.com https://static.zdassets.com https://payments.blackbaud.com https://app.dafwidget.com/ https://sky.blackbaudcdn.net https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.omappapi.com https://*.googleapis.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://app.dafwidget.com https://use.typekit.net; frame-ancestors 'self'; upgrade-insecure-requests 1
base-uri 'self';connect-src 'self' wss: *.oribi.com *.adnxs.com *.google.com *.bing.com *.visualwebsiteoptimizer.com *.metarouter.io *.6sc.co *.addthis.com *.clarity.ms *.doubleclick.net *.stackadapt.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.oribi.io *.popupsmart.com *.sharethis.com *.intercom.io wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com;default-src 'self';font-src 'self' data: fonts.gstatic.com *.intercomcdn.com;frame-src 'self' *.twitter.com *.surveymonkey.com *.doubleclick.net *.learninga-z.com *.vimeo.com *.addthis.com *.facebook.com *.youtube.com *.wistia.net *.google.com *.getreprise.com *.intercom-sheets.com *.intercom-reporting.com;img-src 'self' blob: data: *.adsymptotic.com *.trinity.one *.vimeocdn.com *.pinterest.com *.twitter.com *.6sc.co *.bing.com *.visualwebsiteoptimizer.com *.linkedin.com *.googleapis.com *.facebook.com *.google-analytics.com *.google.com *.googletagmanager.com www.foundationsa-z.com *.popupsmart.com *.sharethis.com *.clarity.ms *.intercomcdn.com *.intercomcdn.eu *.intercomassets.com *.intercomassets.eu *.intercomusercontent.com *.intercom.io *.intercom-attachments-1.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercom-attachments.eu *.intercom-attachments.com;media-src 'self' *.intercomcdn.com;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.popupsmart.com *.twitter.com *.pinterest.com *.surveymonkey.com *.googleapis.com *.bing.com *.metarouter.io *.facebook.net *.visualwebsiteoptimizer.com *.learninga-z.com *.vimeocdn.com *.doubleclick.net *.6sc.co *.addthis.com snap.licdn.com *.stackadapt.com *.addthisedge.com *.clarity.ms *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.moatads.com qvdt3feo.com *.sharethis.com *.intercom.io *.intercomcdn.com *.convertexperiments.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.stackadapt.com *.popupsmart.com;worker-src blob: *.intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net; 1
base-uri 'none'; connect-src https://*.sentry.io/api/; default-src 'none'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https://*.cyberbits.eu/; style-src 'unsafe-inline'; report-uri https://o4505555273515008.ingest.sentry.io/api/4505555281182720/security/?sentry_key=4840341ae86a4960b8d7f5f0809ce6a6 1
connect-src https://*.go-mpulse.net https://*.akstat.io 'self' cdn.cookielaw.org *.onetrust.com www.google-analytics.com *.addthis.com *.go-mpulse.net *.akstat.io *.akamaihd.net; font-src 'self' 'unsafe-inline' fonts.gstatic.com; frame-src *.iasplus.com *.videomarketingplatform.co butoembed.twentythree.net video.ranguinc.com *.youtube.com *.buto.tv *.google.com *.addthis.com *.facebook.com; img-src https://*.akstat.io 'self' data: data www2.deloitte.com deloitte.122.2o7.net www.google-analytics.com; script-src https://*.go-mpulse.net 'self' *.onetrust.com cdn.cookielaw.org 'unsafe-eval' 'unsafe-inline' data: www.gstatic.com *.go-mpulse.net *.akamaihd.net *.google.com assets.adobedtm.com *.facebook.net *.addthis.com *.addthisedge.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
frame-src 'self' https://*.capitalone.com https://dealernavigator.com https://*.dealernavigator.com https://autodriven.com https://*.medallia.com https://*.zuora.com https://*.salemove.com https://*.glia.com wss://*.glia.com wss://*.salemove.com; frame-ancestors 'self'; 1
default-src 'self' p11.techlab-cdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdw.com *.cdwg.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.demandbase.com *.appspot.com *.facebook.net *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com analytics.po.st po.st *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.twitter.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.ads-twitter.com pactsafe.io *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googlesyndication.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.go-mpulse.net *.linkedin.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.bluecore.com p.adsymptotic.com *.adsrvr.org *.dotomi.com blob: *.flixsyndication.net data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.spexlive.net *.gstatic.com *.leadsrx.com *.turnto.com *.licdn.com *.hs-scripts.com *.ispot.tv *.youvisit.com *.vmwarepartnerdemandcenter.com *.hsleadflows.net *.hs-banner.com *.hsforms.net *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.hs-analytics.net js.usemessages.com *.hscollectedforms.net *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.botframework.com *.pactsafe.io *.peerspot.com *.sketchfab.com p11.techlab-cdn.com;style-src 'self' 'unsafe-inline' *.cdw.com *.cdwg.com *.needle.com *.googleapis.com *.cnetcontent.com *.justuno.com *.webcollage.net *.ziftsolutions.com t.sellpoints.com a.sellpoint.net *.flixcar.com *.easy2.com *.amazonaws.com *.twitter.com *.cloudfront.net blob: *.typekit.net *.adobe.com *.spexlive.net *.turnto.com *.syndigo.com *.syndigo.cloud *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;img-src 'self' *.cdw.com *.cdwg.com *.qualtrics.com *.optimizely.com *.needle.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.cnetcontent.com *.cnetcontentsolutions.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com *.ytimg.com t.sellpoints.com a.sellpoint.net *.flixfacts.com *.youtube.com *.flixcar.com *.flix360.com *.easy2.com *.amazonaws.com *.twitter.com *.linkedin.com *.company-target.com *.facebook.com *.cdnwidget.com *.rlcdn.com *.cloudfront.net *.adobecqms.net *.turn.com *.everesttech.net *.adnxs.com ads.yahoo.com *.bluecore.com *.prod.bidr.io cdn.optimizely.com *.twitter.com p.adsymptotic.com *.adsrvr.org data: *.dotomi.com *.flixsyndication.net *.adobe.com *.sc.omtrdc.net *.spexlive.net *.windows.net *.edgecastcdn.net *.licdn.com *.ispot.tv *.youvisit.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.mediaiqdigital.com *.redditstatic.com *.reddit.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeocdn.com *.mintigo.com *.etilize.com *.1worldsync.com *.quantserve.com *.quantcount.com *.spexaccess.net *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pactsafe.io *.peerspot.com *.sketchfab.com;frame-src 'self' *.cdw.com *.cdwg.com *.qualtrics.com *.hotjar.com *.needle.com *.doubleclick.net *.cnetcontent.com *.cnetcontentsolutions.com *.google.com *.twitter.com *.justuno.com *.demdex.net *.cxense.com *.webcollage.net *.ziftsolutions.com *.googletagmanager.com *.googletagservices.com a.sellpoint.net *.youtube.com *.flixcar.com *.easy2.com *.facebook.com *.rlcdn.com *.cloudfront.net rs.gwallet.com *.cdwemail.com www.emjcd.com *.dotomi.com *.kingston.com *.flixsyndication.net *.adobe.com *.hotjar.io *.spexlive.net *.exct.net *.youvisit.com *.vmwarepartnerdemandcenter.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.adsrvr.org *.scene7.com *.vidyard.com *.vimeo.com *.hp.com chromeos-selector-cdw-prod.web.app *.etilize.com *.1worldsync.com *.spexaccess.net *.onetrust.com *.criteo.com *.criteo.net *.se.com *.sketchfab.com;font-src * data:;connect-src 'self' *.cdw.com *.cdwg.com *.richrelevance.com *.qualtrics.com *.optimizely.com *.hotjar.com *.needle.com *.demandbase.com *.appspot.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.bing.com *.googleapis.com *.cnetcontent.com *.akamaihd.net *.google.com *.justuno.com *.netapp.com *.demdex.net *.d41.co *.cxense.com *.webcollage.net *.googletagmanager.com *.googletagservices.com t.sellpoints.com a.sellpoint.net *.go-mpulse.net *.twitter.com *.company-target.com *.facebook.com *.cdnwidget.com *.cloudfront.net *.bluecore.com p.adsymptotic.com wss://*.hotjar.com p.po.st *.cdnbasket.net *.akstat.io data.g2.com *.g2crowd.com *.adobe.com *.hotjar.io *.spexlive.net *.leadsrx.com *.turnto.com *.ispot.tv *.hubapi.com *.syndigo.com *.syndigo.cloud *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com *.tiqcdn.com *.tealiumiq.com *.scene7.com *.addressy.com *.etilize.com *.1worldsync.com *.quantserve.com *.spexaccess.net *.launchdarkly.com *.onetrust.com *.oribi.io *.cookielaw.org *.criteo.com *.criteo.net *.w55c.net *.pdst.fm *.botframework.com wss://*.botframework.com *.pactsafe.io *.sketchfab.com p11.techlab-cdn.com;object-src 'self' a.sellpoint.net *.scene7.com;media-src 'self' *.cdw.com *.cnetcontent.com *.webcollage.net *.flixfacts.com *.youtube.com blob: *.flixsyndication.net *.spexlive.net *.youvisit.com *.syndigo.com *.syndigo.cloud *.tiqcdn.com *.scene7.com *.etilize.com *.1worldsync.com *.spexaccess.net *.sketchfab.com;worker-src 'self' *.needle.com *.cloudfront.net blob:; 1
default-src 'self' wss: https: 'unsafe-eval' 'unsafe-inline'; object-src 'self' livechat.ethias.be blob:; img-src 'self' data: https:; font-src 'self' data: https:; frame-ancestors 'self';worker-src 'self' 'unsafe-inline' * blob:; child-src 'self' https: blob: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cookiehub.com https://*.marketo.net https://*.olark.com https://*.licdn.com https://*.spreaker.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com https://*.demandbase.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.smartrecruiters.com https://cookiehub.net https://cdn.www.denodo.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.zoominfo.com https://tags.clickagy.com https://*.addtoany.com https://*.cloudflare.com; style-src 'self' 'unsafe-inline' https://cookiehub.net https://*.olark.com https://cdn.www.denodo.com https://ajax.googleapis.com https://*.typekit.net https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' data: https://*.olark.com https://www.google-analytics.com https://*.linkedin.com https://www.google.com https://www.google.co.in https://p.adsymptotic.com https://*.denodo.com https://*.company-target.com https://*.rlcdn.com https://*.bidr.io https://*.google.es https://www.datamanagementblog.com https://aorta.clickagy.com https://aa.agkn.com https://www.googletagmanager.com; media-src 'self' 'unsafe-inline' https://*.olark.com https://*.denodo.com; frame-src 'self' 'unsafe-inline' https://*.olark.com https://*.vimeo.com https://*.addthis.com https://*.google.com https://*.spreaker.com https://*.smartrecruiters.com https://www.youtube.com https://*.company-target.com https://*.addtoany.com; frame-ancestors 'self'; font-src 'self' 'unsafe-inline' data: https://*.denodo.com https://*.olark.com https://*.typekit.net https://fonts.gstatic.com; connect-src 'self' 'unsafe-inline' https://*.olark.com https://*.doubleclick.net https://*.mktoresp.com https://*.company-target.com https://*.google-analytics.com https://*.addthis.com https://cookiehub.net https://*.cookiehub.net https://pagead2.googlesyndication.com https://www.google.com https://cdn.linkedin.oribi.io https://aorta.clickagy.com https://hemsync.clickagy.com https://ws.zoominfo.com https://*.demandbase.com https://*.linkedin.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com 1
default-src 'self' static.financialsense.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:; style-src 'self' static.financialsense.com data: 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com svc.webspellchecker.net cdn.ckeditor.com static.ctctcdn.com; img-src 'self' https: data: android-webview-video-poster:; media-src 'self' static.financialsense.com blob: *.giphy.com; frame-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; frame-ancestors *; child-src 'self' https://www.financialsense.com data: audioboom.com *.audioboom.com scribd.com *.scribd.com soundcloud.com *.soundcloud.com youtube.com *.youtube.com vimeo.com *.vimeo.com bitchute.com *.bitchute.com twitter.com *.twitter.com *.tradingview.com *.tradingview-widget.com *.stripe.com *.doubleclick.net *.googlesyndication.com *.ted.com *.instagram.com *.jwpsrv.com www.google.com ms-appx-web: *.addtoany.com *.assoc-amazon.com *.amazon.com *.amazon-adsystem.com *.googletagmanager.com *.recaptcha.net facebook.com *.facebook.com cnn.com *.cnn.com cnbc.com *.cnbc.com; font-src 'self' static.financialsense.com data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com *.googleusercontent.com svc.webspellchecker.net *.avast.com chrome-extension: *.fontawesome.com; connect-src 'self' static.financialsense.com *.googlesyndication.com www.google-analytics.com *.gstatic.com *.doubleclick.net svc.webspellchecker.net *.jwpltx.com *.nr-data.net *.fontawesome.com *.ckeditor.com *.ctctcdn.com *.constantcontact.com 1
report-to csp-endpoint; upgrade-insecure-requests ; report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&revision=bc903b2e-d5a2-4b3a-88fb-a0aa3f8faaaf 1
script-src https://*.golocal.de https://fundingchoicesmessages.google.com/ https://adservice.google.de https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com https://apis.google.com https://wwa.wipe.de https://cdn.ravenjs.com https://script.ioam.de https://*.de.ioam.de https://*.h5v.eu https://highfivve.github.io https://api.sovendus.com https://rec.smartlook.com https://*.consentmanager.net https://consentmanager.net https://*.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://*.googlesyndication.com https://adservice.google.com https://connect.facebook.net https://*.googleapis.com https://*.youtube.com 'self' 'unsafe-inline' 'unsafe-eval';worker-src https://*.golocal.de blob: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://framapiaf.org https://framasoft.org; img-src 'self' https: data: blob: https://framapiaf.org https://stats.framasoft.org https://framasoft.org https://framaclic.org; style-src 'self' https://framapiaf.org https://framasoft.org 'nonce-0VPT40x6DeHwTMen7wn1vQ=='; media-src 'self' https: data: https://framapiaf.org; frame-src 'self' https:; manifest-src 'self' https://framapiaf.org; form-action 'self'; child-src 'self' blob: https://framapiaf.org; worker-src 'self' blob: https://framapiaf.org; connect-src 'self' data: blob: https://framapiaf.org https://stockage.framapiaf.org wss://framapiaf.org https://framasoft.org; script-src 'self' https://framapiaf.org 'wasm-unsafe-eval' https://framasoft.org 1
frame-ancestors 'self' https://www.disabilityscoop.com https://jobs.disabilityscoop.com https://account.disabilityscoop.com 1
frame-ancestors 'self' https://orise.orau.gov https://npp.orau.org https://*.orau.net 1
frame-ancestors 'self' https://*.daytonastate.edu https://*.omniupdate.com http://*.omniupdate.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.kgm.gov.tr *.googleapis.com *.gstatic.com *.googlevideo.com use.fontawesome.com stats.g.doubleclick.net *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.google.com *.youtube.com unpkg.com api.harita.gov.tr; img-src * data:; media-src * 1
default-src data: blob: https://* http://* 'unsafe-eval' 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https: http: data: blob:; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://* http://* 'unsafe-inline'; script-src-elem 'self' https://* http://* 'unsafe-inline'; font-src data: https://* http://*; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com unpkg.com *.newrelic.com *.nr-data.net nr-data.net js.stripe.com pay.google.com outrightinternational.bamboohr.com/js/embed.js https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js outrightinternational.us5.list-manage.com *.stripe.com m.stripe.network *.plaid.com *.src.mastercard.com *.checkout.visa.com pay.google.com *.paypal.com *.google.com *.analytics.google.com *.paypalobjects.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com doublethedonation.com *.doublethedonation.com *.mailchimp.com; img-src 'self' data: *.facebook.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com ucarecdn.com www.gstatic.com resources.bamboohr.com www.google-analytics.com/* pay.google.com *.google.com *.paypal.com *.google-analytics.com *.paypalobjects.com; media-src 'self'; frame-src 'self' *.youtube.com *.youtu.be *.youtube-nocookie.com *.googlevideo.com *.googleapis.com *.ytimg.com *.youtubeeducation.com tgbwidget.com *.tgbwidget.com *.fundraiseup.com *.stripe.com *.plaid.com *.paypal.com pay.google.com *; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.fundraiseup.com doublethedonation.com *.doublethedonation.com *.stripe.com; connect-src 'self' *.google-analytics.com stats.g.doubleclick.net www.google.com www.facebook.com *.fundraiseup.com fndrsp.net *.fndrsp.net doublethedonation.com *.doublethedonation.com nr-data.net fndrsp-checkout.net outrightinternational.bamboohr.com bam.nr-data.net *.fundraiseup.com *.stripe.com *.paypal.com *.plaid.com *.mastercard.com *.checkout.visa.com api.addressy.com *.google.com *.analytics.google.com google.com/pay; report-uri /report-csp-violation 1
report-uri https://mon.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&revision=bc903b2e-d5a2-4b3a-88fb-a0aa3f8faaaf; report-to csp-endpoint; upgrade-insecure-requests  1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-kRqEMOmwcPzwGjMl+JdQmw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' http://0.0.0.0:* http://999.loc:* http://*.999.loc:* http://*.business.loc:* http://127.0.0.1:* http://localhost:* http://*.simpals.com http://*.achizitii.md http://192.168.1.11:2453 https://999.md https://*.999.md https://m.999.md https://*.m.999.md https://achizitii.md https://*.achizitii.md https://afisha.md https://*.afisha.md https://afisha.ro https://*.afisha.ro https://192.168.1.11:2453 https://*.192.168.1.11:2453 https://elicitatie.md https://*.elicitatie.md https://etender.md https://*.etender.md https://forum.md https://*.forum.md https://joblist.md https://*.joblist.md https://mama.md https://*.mama.md https://map.md https://*.map.md https://maximum.md https://numbers.md https://*.numbers.md https://pay.md https://*.pay.md https://play.md https://*.play.md https://point.md https://*.point.md https://new.point.md https://*.new.point.md https://price.md https://*.price.md https://shop.price.md https://*.shop.price.md https://profi.md https://*.profi.md https://raport.md https://*.raport.md https://simpals.com https://*.simpals.com https://simpalsid.com https://*.simpalsid.com https://sporter.md https://*.sporter.md https://stiri.md https://*.stiri.md https://studii.md https://*.studii.md https://cursuri.studii.md https://*.cursuri.studii.md https://manuale.studii.md https://*.manuale.studii.md https://prelegeri.studii.md https://*.prelegeri.studii.md https://plus.studii.md https://*.plus.studii.md https://mentor.md https://*.mentor.md https://votum.md https://*.votum.md https://farmacie.md https://cartego.md https://alife.zone https://cleanline.md https://apabuna.md https://doxyterra.md https://yves-rocher.md https://promstore.md https://lovelybaby.md https://mlshop.md https://gig.md https://comenzi.md https://unishop.md https://robinet.md https://disciplined.md https://magnus.md https://sportline.md https://felicia.md https://ifarmer.md https://ekassa.id.md https://*.ekassa.id.md https://monreve.md https://esuper.md https://crismoto.md https://*.crismoto.md https://abcmoldova.md https://*.abcmoldova.md https://smarti.md https://*.smarti.md https://koodifood.com https://*.koodifood.com https://mobiplaza.md https://*.mobiplaza.md https://aalto.md https://*.aalto.md https://fortuna-service.md https://*.fortuna-service.md https://megaalina.md https://*.megaalina.md https://consteam.md https://*.consteam.md https://conex.md https://*.conex.md https://resor.md https://*.resor.md https://utilarium.md https://*.utilarium.md https://mobus.md https://*.mobus.md 1
default-src 'self' *.ceros.com *.doubleclick.net *.facebook.com *.fontawesome.com *.fullstory.com *.linkedin.com *.marketo.com *.mktoresp.com *.onetrust.com *.siteimproveanalytics.io *.youtube-nocookie.com https://*.6sc.co https://bam.nr-data.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io/ https://fonts.gstatic.com https://go.optiv.com https://html5-player.libsyn.com https://pixel.sitescout.com https://platform.twitter.com https://play.libsyn.com/ https://secure.adnxs.com https://w.soundcloud.com/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com/iframe_api; img-src 'self' data: *.6sc.co *.g.doubleclick.net *.global.siteimproveanalytics.io *.linkedin.com *.ytimg.com https://analytics.twitter.com https://cdn.bizible.com https://cdn.bizibly.com https://cdn.cookielaw.org https://fonts.gstatic.com https://p.adsymptotic.com https://pixel.sitescout.com https://t.co https://www.facebook.com https://www.google.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ads-twitter.com *.ceros.com *.fullstory.com *.linkedin.com *.marketo.com *.marketo.net *.youtube-nocookie.com https://ajax.googleapis.com https://apis.google.com https://bam.nr-data.net https://cdn.bizible.com https://cdn.cookielaw.org https://connect.facebook.net https://geolocation.onetrust.com https://go.optiv.com https://google.com https://j.6sc.co/6si.min.js https://js-agent.newrelic.com https://munchkin.marketo.net/159/munchkin.js https://platform.twitter.com https://s.ytimg.com https://siteimproveanalytics.com https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tagmanager.google.com https://tracking.intentsify.io https://up.pixel.ad/assets/up.js https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com/iframe_api themes.googleusercontent.com https://www.youtube.com cdnjs.cloudflare.com go.optiv.com; style-src 'self' 'unsafe-inline' *.ceros.com *.marketo.com https://cdn.cookielaw.org https://fonts.googleapis.com https://go.optiv.com https://google.com https://tagmanager.google.com https://themes.googleusercontent.com https://www.googletagmanager.com 1
frame-ancestors 'none'; report-uri https://csp-report.airfrance.fr/; script-src 'self' https://*.airfranceklm.com https://*.accorhotels.com https://*.accor.com https://*.decibelinsight.net https://*.flyingblue.com https://gateway.zscalertwo.net https://gateway.zscloud.net https://*.google.com https://*.google-analytics.com https://*.hotjar.com https://*.klm.com https://*.optimizely.com https://*.qualtrics.com https://*.r42tag.com https://*.relay42.com https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com/ https://*.usabilla.com 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://connect.facebook.net 1
default-src 'self'; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com use.fontawesome.com; media-src 'self' myplant-io-private.s3.amazonaws.com myplant-io-public.s3.amazonaws.com; worker-src 'self' blob: *.myplant.io myplant.io; img-src 'self' blob: *.myplant.io myplant.io https://www.google-analytics.com/ maps.gstatic.com *.googleapis.com myplant-io-private.s3.amazonaws.com myplant-io-public.s3.amazonaws.com *.google-analytics.com *.analytics.google.com data:; connect-src 'self' *.myplant.io myplant.io dc.services.visualstudio.com fonts.gstatic.com fonts.googleapis.com https://www.google-analytics.com https://maps.googleapis.com *.doubleclick.net *.google-analytics.com *.analytics.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.myplant.io https://www.googletagmanager.com/ https://www.google-analytics.com/ *.googleapis.com cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/core-js/; object-src 'self' blob: myplant.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com stackpath.bootstrapcdn.com use.fontawesome.com cdn.jsdelivr.net; frame-src 'self' blob: *.empolisservices.com/ *.myplant.io https://www.innio.com/ https://jenbacher-service.gepower.com https://spatsl.innio.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://www.youtube.com/ 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://globalcloud24.com https://*.team24.biz https://cfon.net https://polboxtv.net https://*.polboxtv.net https://*.google.com https://*.cdn-apple.com https://*.adroll.com wss://chat.polbox.tv:8001 https://cdn.polbox.tv https://bat.bing.com https://*.facebook.net https://*.hotjar.io https://*.hotjar.com https://www.youtube.com wss://*.hotjar.com https://mc.yandex.ru https://static.xx.fbcdn.net https://*.polbox.tv https://cdn.ampproject.org https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.consensu.org https://*.sharethis.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.facebookmarketingdevelopers.com https://*.hotjar.com https://*.esputnik.com https://esputnik.com https://*.google-analytics.com https://*.googletagmanager.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-analytics.net https://*.googleapis.com https://*.gstatic.com https://*.hubspot.com https://*.doubleclick.net; 1
frame-ancestors 'self' https://requests.routesonline.com 1
frame-ancestors https://eres-apply.cloud.smit.dev https://eres-apply.cloud.smit.test https://eresident.politsei.ee https://e-resident.gov.ee https://www.e-resident.gov.ee 1
default-src https:; img-src 'self' * data:; media-src *.musclewiki.com; script-src https: blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self' 1
base-uri https://*.mercolamarket.com; child-src https:; object-src 'none'; default-src 'none'; form-action 'self'; connect-src 'self' https://*.adobe.com https://*.ipify.org https://*.demdex.net https://*.amazon.com https://*.amazonaws.com https://*.googleapis.com https://*.reflektion.com https://*.fontawesome.com https://*.mercolamarket.com https://*.postcodeanywhere.co.uk https://mercolaconsultingser.tt.omtrdc.net; font-src 'self' https://*.gstatic.com https://*.googleapis.com https://*.fontawesome.com https://media.mercola.com https://media.mercolamarket.com; frame-ancestors 'self' https://*.mercola.com https://*.mercolamarket.com; img-src 'self' data: https://*.jquery.com https://*.ywxi.net https://*.ytimg.com https://*.demdex.net https://*.google.com https://*.truste.com https://*.gstatic.com https://*.mercola.com https://*.youtube.com https://*.googleapis.com https://*.everesttech.net https://*.mercolamarket.com https://mercolamarket.com https://*.postcodeanywhere.co.uk https://*.visualwebsiteoptimizer.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ywxi.net https://*.adobe.com https://*.ipify.org https://*.google.com https://*.gstatic.com https://*.mercola.com https://*.youtube.com https://*.adobedtm.com https://*.facebook.net https://*.jsdelivr.net https://*.cloudflare.com https://*.googleapis.com https://*.iconfinder.com https://*.reflektion.com https://*.fontawesome.com https://*.trustedsite.com https://*.bootstrapcdn.com https://*.mercolamarket.com https://*.postcodeanywhere.co.uk https://*.visualwebsiteoptimizer.com https://static-na.payments-amazon.com https://*.jquery.com; style-src 'self' 'unsafe-inline' https://*.jquery.com https://*.mercola.com https://*.googleapis.com https://*.mercolamarket.com https://*.postcodeanywhere.co.uk; 1
script-src 'self' *.addthis.com *.addthisedge.com *.aliengearholsters.com *.amcharts.com *.attentivemobile.com *.attn.tv *.avmws.com *.bing.com *.bootstrapcdn.com *.braintree-api.com *.bronto.com *.clarity.ms *.cloudflare.com *.cloudfront.net *.datadome.co *.doubleclick.net *.experticity.com *.facebook.net *.fontawesome.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlecommerce.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.gunbelts.com *.jquery.com *.jsdelivr.net *.klaviyo.com *.magentocommerce.com *.mailchimp.com *.marketingautomation.services *.moatads.com *.newrelic.com *.nr-data.net *.olark.com *.paypal.com *.placeholder.com *.placeimg.com *.rlcdn.com *.seal.geotrust.com *.trustedshops.com *.typekit.net *.usercentrics.eu *.vimeocdn.com *.viralsweep.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com a.smtrk.net admin-stage.aliengearholsters.com aliengearholsters.grin.live cdn.mouseflow.com checkout-sdk.sezzle.com googleads.g.doubleclick.net js.braintreegateway.com payments.braintree-api.com pixel-geo.prfct.co s.ytimg.com seal.geotrust.com secure.adnxs.com staticw2.yotpo.com stats.g.doubleclick.net tacticafashion.com tag.perfectaudience.com upsellit.com www-stage.aliengearholsters.com www.google.com www.paypalobjects.com www.upsellit.com aliengearholsters.com admin.aliengearholsters.com www.aliengearholsters.com warcat.com www.warcat.com gunbelts.com www.gunbelts.com app.upsellit.com validator.swagger.io pilot-payflowlink.paypal.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com aliengearholsters.com 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' admin.aliengearholsters.com bam.nr-data.net shop.pe *.shop.pe addshoppers.s3.amazonaws.com *.swellrewards.com *.yotpo.com platform.twitter.com *.trustpilot.com *.vimeo.com *.surveymonkey.com *.mouseflow.com *.amazon.com static-na.payments-amazon.com *.payments-amazon.com cdnapisec.kaltura.com *.squarecdn.com cdn.storerocket.io https://ik.imagekit.io/tedder/ *.listrakbi.com https://js.ipredictive.com/viant_universal_pixel.js; style-src aliengearholsters.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' p.typekit.net cdnjs.cloudflare.com static.klaviyo.com use.typekit.net staticw2.yotpo.com static.olark.com admin.aliengearholsters.com static-tracking.klaviyo.com tacticafashion.com use.fontawesome.com maxcdn.bootstrapcdn.com addstrap-ui.addshoppers.com d3rr3d0n31t48m.cloudfront.net *.yotpo.com *.swellrewards.com gunbelts.com d2mjzob2nc713b.cloudfront.net *.listrakbi.com; worker-src blob:; report-uri /.webscale/csp-report 1
default-src 'self' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.googleapis.com; connect-src 'self' *.googleapis.com; img-src 'self' *.cirreon.com data: *.gstatic.com *.google.com *.googleapis.com *.cloudfront.net *.amazonaws.com *.cirreon.com *.openstreetmap.org; style-src 'self' 'unsafe-inline' *.googleapis.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' *.brinksinc.com brinksext.okta.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.adform.net *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online *.interactive-img.com interactive-img.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.google-analytics.com tourmkr.com *.adnxs.com *.googletagmanager.com fonts.googleapis.com *.onetrust.com fonts.gstatic.com api.reciteme.com use.typekit.net p.typekit.net; font-src 'self' *.adform.net *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online tourmkr.com use.typekit.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.adform.net *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online *.queue-it.net *.lords.org *.interactive-img.com interactive-img.com *.hotjar.com *.google-analytics.com tourmkr.com *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com nvplay-gb-api-widgets.nvplay.com *.ampproject.org play01w6-staging-gb.azurewebsites.net cdnjs.cloudflare.com unpkg.com www.instagram.com platform.twitter.com cdn.syndication.twimg.com rum-static.pingdom.net gb-api-widgets.nvplay.com api-widgets.nvplay.com ajax.googleapis.com widgets.nvplay.com connect.facebook.net *.pinterest.com pinterest.com static.hotjar.com maps.google.com www.gstatic.com www.google.com fast.fonts.net m.addthisedge.com m.addthis.com s7.addthis.com *.googletagmanager.com www.google-analytics.com tagmanager.google.com maps.googleapis.com *.webspellchecker.net www.linkedin.com www.gstatic.com graph.facebook.com;  frame-src 'self' track.adform.net *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online e.issuu.com *.hotjar.com *.google-analytics.com tourmkr.com *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com apps.lords.org sketchfab.com www.instagram.com *.tourdash.com *.smartrecruitonline.com servedby.flashtalking.com *.doubleclick.net twitter.com *.twitter.com www.facebook.com *.pinterest.com pinterest.com player.vimeo.com www.google.com s7.addthis.com www.youtube.com *.webspellchecker.net; img-src 'self' lordsstoragestg.blob.core.windows.net *.quantcount.com *.quantserve.com mcc-homeoffood.fanweave.online *.interactive-img.com interactive-img.com *.hotjar.com  *.google-analytics.com tourmkr.com syndication.twitter.com *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com lords-pos.azureedge.net lords-stg.azureedge.net *.googletagmanager.com www.google-analytics.com i.ytimg.com maps.googleapis.com maps.gstatic.com data:; media-src 'self' mcc-homeoffood.fanweave.online *.hotjar.com *.google-analytics.com tourmkr.com *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com lords-pos.azureedge.net lords-stg.azureedge.net; connect-src 'self' *.lords.org *.queue-it.net mcc-homeoffood.fanweave.online *.interactive-img.com interactive-img.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.google-analytics.com tourmkr.com https://mdcxml.file.core.windows.net *.adnxs.com *.onetrust.com fonts.gstatic.com api.reciteme.com googleads.g.doubleclick.net stats.g.doubleclick.net rum-collector-2.pingdom.net www.youtube.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; form-action *, font-src * blob: data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://*.workable.com/ https://workable.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://www.googleadservices.com/ https://vimeo.com/ https://www.vimeo.com/ https://d10lpsik1i8c69.cloudfront.net/ https://www.linkedin.com/ https://*.6sc.co/ https://px.ads.linkedin.com/ https://*.wp.com/ https://snap.licdn.com/ https://tracking.g2crowd.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://js.qualified.com/ https://bat.bing.com/ https://ws.zoominfo.com/ https://tags.clickagy.com/ https://paymerangprd.wpenginepowered.com/ https://crm.zoho.com/ https://*.wistia.com/ https://*.hsadspixel.net/ https://*.hs-analytics.net/ https://js.hscta.net/ https://*.hubspot.com/ https://static.hsappstatic.net/ https://*.usemessages.com/ https://*.hs-banner.com/ https://*.hubspot.net/ https://*.hscollectedforms.net/ https://*.hsleadflows.net/ https://*.hsforms.net/ https://*.hsforms.com/ https://*.hs-scripts.com/ https://*.hubspotfeedback.com/ https://feedback.hubapi.com/ https://dcvxs6ggqztsa.cloudfront.net/ https://jsd-widget.atlassian.com/; img-src 'self' data: blob: https://www.google.com https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://*.cdninstagram.com/ https://*.vimeo.com/ https://www.vimeo.com/ https://*.ytimg.com/ https://*.twimg.com/ https://platform.twitter.com/ https://secure.gravatar.com/ https://d10lpsik1i8c69.cloudfront.net/ https://*.6sc.co/ https://*.wp.com/ https://*.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://*.adsymptotic.com/ https://bat.bing.com/ https://paymerangprd.wpenginepowered.com/ https://*.wistia.com/ https://js.hscta.net/ https://no-cache.hubspot.com/ https://*.hubspot.com/ https://*.hubspot.net/ https://cdn2.hubspot.net/ https://*.hsforms.net/ https://*.hsforms.com/; object-src 'self' data: blob: https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://vimeo.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.google.com/ https://*.wp.com/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://app.qualified.com/ https://paymerang.zoom.us/ https://paymerangprd.wpenginepowered.com/ https://*.hubspot.com/ https://*.hs-sites.com/ https://*.hubspot.net/ https://play.hubspotvideo.com/ https://*.hsforms.net/ https://*.hsforms.com/; frame-src 'self' data: blob: https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://vimeo.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.google.com/ https://*.wp.com/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://app.qualified.com/ https://paymerang.zoom.us/ https://paymerangprd.wpenginepowered.com/ https://*.hubspot.com/ https://*.hs-sites.com/ https://*.hubspot.net/ https://play.hubspotvideo.com/ https://*.hsforms.net/ https://*.hsforms.com/; 1
default-src 'self' fonts.gstatic.com www.google-analytics.com *.webinstats.com pagead2.googlesyndication.com www.facebook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com dbfukofby5ycr.cloudfront.net *.webinstats.com; frame-src 'self' www.google.com dbfukofby5ycr.cloudfront.net googleads.g.doubleclick.net *.webinstats.com tpc.googlesyndication.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com pagead2.googlesyndication.com www.google-analytics.com connect.facebook.net dbfukofby5ycr.cloudfront.net partner.googleadservices.com adservice.google.com.tr adservice.google.com pagead2.googlesyndication.com tpc.googlesyndication.com *.webinstats.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: fonts.gstatic.com fonts.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com region1.google-analytics.com analytics.google.com *.analytics.google.com ajax.googleapis.com *.force.com snap.licdn.com *.leadboxer.com cdn.cookielaw.org *.onetrust.com *.ads.linkedin.com privacyportal-de.onetrust.com stats.g.doubleclick.net www.linkedin.com *.hotjar.com www.youtube-nocookie.com cdn-images.mailchimp.com www.google.com www.google.nl *.adsymptotic.com *.livechatinc.com *.hotjar.io img.youtube.com *.pardot.com ortec.my.salesforce-sites.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.userlike.com go.ortec.com cdn.linkedin.oribi.io ws.zoominfo.com; 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org map.nrw *.mozilla.org *.vimeo.com *.vimeocdn.com *.videolyser.de *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net oembed.com cdn.eye-able.com broschuerenservice.mags.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net cdn.eye-able.com broschuerenservice.mags.nrw;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be oembed.com ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org oembed.com broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org oembed.com *.videolyser.de broschueren.nordrheinwestfalendirekt.de broschuerenservice.mags.nrw broschuerenservice.nrw.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
frame-ancestors 'self' *.sbsolver.com; 1
default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads 1
frame-ancestors 'self' *.naturum.ne.jp *.naturum.co.jp 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://maps.google.com https://maps.googleapis.com https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com https://js.fout.jp https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://www.facebook.com https://www.gstatic.com https://fonts.gstatic.com https://platform.twitter.com https://note.com https://social-plugins.line.me https://8card.net https://*.eq.webcdn.stream.ne.jp https://c.paypal.com https://www.paypal.com/ https://www.sandbox.paypal.com/ https://assets.braintreegateway.com/ https://www.e-scott.jp https://www.test.e-scott.jp; img-src * data: blob: about:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://s3-ap-northeast-1.amazonaws.com https://www.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://maps.google.com https://maps.googleapis.com https://ssl.google-analytics.com/ga.js https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://td.doubleclick.net https://js.fout.jp https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.usemessages.com https://connect.facebook.net https://www.gstatic.com https://d.line-scdn.net https://cdn.st-note.com https://platform.linkedin.com https://platform.twitter.com https://8card.net https://code.jquery.com https://api01-platform.stream.co.jp https://ssl-cache.stream.ne.jp https://*.eq.webcdn.stream.ne.jp https://c.paypal.com/ https://www.paypal.com/sdk/js https://www.paypalobjects.com/webstatic/r/fb/fb-all-prod.pp.min.js https://www.e-scott.jp https://www.test.e-scott.jp https://s.yimg.jp; frame-ancestors 'self' https://*.eloqua.com 1
frame-ancestors 'self' *.astoriamanagement.ca *.smokefreehousingab.ca *.propertysolutionsrealestate.ca 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://plugin.monotote.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com https://www.shoplooks.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://analytics.tiktok.com https://*.contentsquare.net https://smct.io https://*.smct.io https://tr.snapchat.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.glossybox.com https://m.glossybox.com https://checkout.glossybox.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://plugin.monotote.com https://static.ads-twitter.com https://*.twitter.com https://*.recaptcha.net https://*.tribalfusion.com https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.criteo.net https://*.shoplooks.com https://slooks.top https://slooks.me https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*; 1
default-src https: ; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sail-horizon.com *.app-us1.com google-analytics.com optimize.google.com *.providesupport.com *.livechatinc.com *.opendns.com *.google.com *.doubleclick.net ssl.google-analytics.com *.lassocrm.com api.ipify.org www.gstatic.com www.google.com www.googleadservices.com *.arcgis.com *.usersnap.com www.google-analytics.com *.facebook.net *.firebaseio.com ajax.googleapis.com *.googleapis.com *.thevillages.com www.googletagmanager.com api.usersnap.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googletagmanager.com optimize.google.com *.providesupport.com tagmanager.google.com *.arcgis.com *.ionicframework.com cdnjs.cloudflare.com fonts.googleapis.com *.typekit.net; img-src 'self' blob: *.wpenginepowered.com *.thevillagesentertainment.com *.googleadservices.com *.livechatinc.com google-analytics.com optimize.google.com www.googletagmanager.com *.providesupport.com ssl.gstatic.com www.gstatic.com data: *.usersnap.com *.ytimg.com www.thevillages.com www.facebook.com *.google-analytics.com *.lassocrm.com *.avengers.thevillages.com *.arcgis.com *.thevillages.com *.fbcdn.net *.wpengine.com www.google-analytics.com *.doubleclick.net www.google.com; media-src 'self' *.wpenginepowered.com *.thevillagesentertainment.com *.livechatinc.com *.providesupport.com; frame-src 'self' *.wpenginepowered.com *.youtube-nocookie.com optimize.google.com youtube-nocookie.com *.livechatinc.com *.providesupport.com *.firebaseapp.com vimeo.com *.vimeo.com my.matterport.com youtube.com youtu.be *.doubleclick.net www.google.com camstreamer.com *.facebook.com *.firebaseio.com www.youtube.com *.avengers.thevillages.com *.arcgis.com *.thevillages.com; font-src 'self' data: *.ionicframework.com *.providesupport.com *.arcgis.com fonts.gstatic.com *.typekit.net; connect-src 'self' ws: wss: *.wpenginepowered.com *.thevillagesentertainment.com *.sail-track.com *.sail-personalize.com *.sail-horizon.com *.livechatinc.com *.providesupport.com *.lassocrm.com *.facebook.net www.gstatic.com *.opendns.com *.fbcdn.net *.google.com *.googleadservices.com code.ionicframework.com js.arcgis.com www.googletagmanager.com ssl.google-analytics.com villages-proxy.herokuapp.com *.doubleclick.net www.google-analytics.com *.usersnap.com *.cloudfunctions.net *.googleapis.com firestore.googleapis.com www.facebook.com *.wpengine.com *.firebaseio.com *.thevillages.com *.typekit.net; report-uri / 1
frame-ancestors 'self' *.uob.com.my *.uob.com.sg *.uobgroup.com *.uobgroup.com.sg www.hungrygowhere.my docs.google.com www.youtube.com feeds.theedgemarkets.com www.straitstimes.com www.businesstimes.com.sg www.bangkokpost.com 1
default-src 'self' https://assets.getmyboat.com; connect-src 'self' https://assets.getmyboat.com assets.getmyboat.com wss://www.getmyboat.com gtm.getmyboat.com o33203.ingest.sentry.io www.google-analytics.com stats.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.co.in https://*.google.co.uk https://*.google.com.mx https://*.google.de https://*.google.com.au https://*.google.it https://*.google.nl https://*.google.com.tr https://*.google.com.ph https://*.google.es https://*.google.gr https://*.google.hr https://*.google.fr https://*.google.com.pr https://*.google.pt https://*.google.co.il https://*.google.com.cy https://*.google.ie https://*.google.ae https://*.google.ch https://*.google.co.id https://*.google.co.za https://*.google.se https://*.google.com.sg https://*.google.bs https://*.google.com.co https://*.google.be https://*.google.pl https://*.googleapis.com translate.googleapis.com getmyboat-user-images1.imgix.net getmyboat-user-images2.imgix.net graph.facebook.com www.facebook.com api.mapbox.com *.tiles.mapbox.com events.mapbox.com getmyboat-uploads-temp-prod.s3.us-east-1.amazonaws.com getmyboat-uploads-processed.s3.us-east-1.amazonaws.com ct.pinterest.com *.clarity.ms *.bing.com *.zdassets.com *.zendesk.com; script-src 'self' 'nonce-l7Kf5CRZwYrezWPLQI2jVg' www.getmyboat.com https://assets.getmyboat.com gtm.getmyboat.com www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com https://*.googleapis.com translate.googleapis.com connect.facebook.net s.pinimg.com *.clarity.ms *.bing.com *.zdassets.com *.ensighten.com; style-src 'self' 'unsafe-inline' https://assets.getmyboat.com https://fonts.googleapis.com translate.googleapis.com; img-src 'self' data: https://assets.getmyboat.com assets.getmyboat.com cms-media.getmyboat.com www.google-analytics.com stats.g.doubleclick.net www.gstatic.com www.googletagmanager.com googleads.g.doubleclick.net https://*.google.com https://*.google.ca https://*.google.co.in https://*.google.co.uk https://*.google.com.mx https://*.google.de https://*.google.com.au https://*.google.it https://*.google.nl https://*.google.com.tr https://*.google.com.ph https://*.google.es https://*.google.gr https://*.google.hr https://*.google.fr https://*.google.com.pr https://*.google.pt https://*.google.co.il https://*.google.com.cy https://*.google.ie https://*.google.ae https://*.google.ch https://*.google.co.id https://*.google.co.za https://*.google.se https://*.google.com.sg https://*.google.bs https://*.google.com.co https://*.google.be https://*.google.pl https://*.googleapis.com https://*.gstatic.com translate.googleapis.com getmyboat-user-images1.imgix.net getmyboat-user-images2.imgix.net www.facebook.com web.facebook.com blob: api.mapbox.com getmyboat-uploads-processed.s3.amazonaws.com getmyboat-uploads-processed.s3.us-east-1.amazonaws.com ct.pinterest.com *.clarity.ms c.bing.com *.bing.com arttrk.com; font-src 'self' https://assets.getmyboat.com data: https://fonts.gstatic.com; worker-src 'self' https://assets.getmyboat.com blob:; child-src 'self' https://assets.getmyboat.com graph.facebook.com blob:; frame-src 'self' https://assets.getmyboat.com bid.g.doubleclick.net tpc.googlesyndication.com www.google.com https://www.youtube.com/ *.facebook.com ct.pinterest.com; base-uri 'none'; object-src 'none'; block-all-mixed-content; frame-ancestors 'self'; 1
frame-ancestors https:// https://admin.shopify.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;; default-src https://login.supplieroasis.com https://*.oktacdn.com; frame-src https://login.supplieroasis.com https://*.oktacdn.com; img-src https://login.supplieroasis.com https://*.oktacdn.com 1
default-src 'self'; img-src data: 'self' https://media.home.bargains https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookielaw.org; style-src 'self' 'nonce-8Jhw1Lzp' 'nonce-9dj7hsk2' https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; script-src 'self' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'nonce-8Jhw1Lzp' https://js.stripe.com https://tagmanager.google.com https://*.googletagmanager.com https://*.clarity.ms https://*.cookielaw.org; frame-ancestors 'none'; frame-src https://js.stripe.com https://hooks.stripe.com; connect-src 'self' https://api.stripe.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.algolianet.com https://*.algolia.net https://*.algolia.io https://*.clarity.ms https://*.cookielaw.org https://*.onetrust.com https://o4504927879692288.ingest.sentry.io; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; img-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; style-src * data: blob: 'unsafe-inline' ; connect-src * data: blob: 'unsafe-inline' ; object-src 'none'; frame-src * data: blob: ; frame-ancestors 'self' https://www.rememberingalife.com data:; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.omtrdc.net *.hsbc.com.cn *.utag *.recaptcha.net *.amap.com *.brightcove.net *.gstatic.cn vjs.zencdn.net players.brightcove.net; img-src 'self' blob: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.googleapis.com *.facebook.com data: *.gstatic.com *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.demdex.net *.omtrdc.net *.hsbc.com.cn *.boltdns.net *.brightcovecdn.com *.brightcove.com http://127.0.0.1:5000 manifest.prod.boltdns.net *.akamaihd.net brightcove.hs.llnwd.net players.brightcove.net edge.api.brightcove.com vdata.amap.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.recaptcha.net players.brightcove.net; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self'; upgrade-insecure-requests ; media-src *.boltdns.net *.brightcovecdn.com *.brightcove.com blob: *.akamaihd.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.cf.brightcove.com; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.reiwa.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org s7.addthis.com securepubads.g.doubleclick.net m.addthis.com z.moatads.com *.safeframe.googlesyndication.com adservice.google.com https://assets.pinterest.com https://edge.addthis.com https://cdn.plyr.io *.leadplusdev.com.au *.leadplus.com.au player.vimeo.com reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.agentaccount.com *.npgcdn.net/lec.js *.bootstrapcdn.com adservice.google.com.au *.2mdn.net *.googletagservices.com *.googlesyndication.com *.rubiconproject.com https://cdn.evgnet.com www.googletagmanager.com www.googleoptimize.com script.crazyegg.com www.googleadservices.com secure-ds.serving-sys.com bs.serving-sys.com s.yimg.com googleads.g.doubleclick.net rtb.loopa.net.au *.cloudflareinsights.com https://reiwa.australia-3.evergage.com *.jsdelivr.net *.hotjar.com *.dotmetrics.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.plyr.io reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.agentaccount.com *.leadplus.com.au *.leadplusdev.com.au *.bootstrapcdn.com https://reiwa.australia-3.evergage.com *.jsdelivr.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au netdna.bootstrapcdn.com data: *.reiwa.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://www.addthis.com https://log.pinterest.com https://reiwa.com.au *.reiwa.net reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.npgcdn.net *.swagger.io *.leadplusdev.com.au *.leadplus.com.au *.agentaccount.com *.corelogic.asia reiwastorprimg.blob.core.windows.net reiwastortestimg.blob.core.windows.net googleads4.g.doubleclick.net *.moatads.com *.googlesyndication.com *.rubiconproject.com *.google.com *.google.com.au sp.analytics.yahoo.com *.reiwa.com.au *.googletagmanager.com reiwastordvcommon.blob.core.windows.net reiwastorprcommon.blob.core.windows.net *.ratemyagent.com.au *.doubleclick.net *.dotmetrics.net; media-src 'self' data: blob: *.captur3d.io *.matterport.com realestateinmotion.com.au *.ipropertyexpress.com; child-src 'self' *.reiwa.net *.reiwa.com.au https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.visionabacus.net edge.addthis.com https://assets.pinterest.com https://*.addthis.com https://www.google.com my.matterport.com *.captur3d.io https://vtc.virtualtourscreator.com.au https://fb.watch https://3dtours.aperture22.com.au https://bestvirtualtours.co https://tour.virtual-inspection.com https://kuula.co https://app.pirsee.com https://360tours.propertydigital.com.au reiapplynow.com.au reiwa.reiapplynow.com.au *.reiformslive.com.au *.safeframe.googlesyndication.com *.2mdn.net *.googlesyndication.com *.fls.doubleclick.net bid.g.doubleclick.net *.safeframe.usercontent.goog console.googletagservices.com cdn.diakrit.com app.inspectrealestate.com.au openhouse.littlehinges.com.au matterport.com *.open2view.com.au *.openn.com.au anz.openn.com realestateinmotion.com.au roundme.com tour.vieweet.com *.diakrit.com *.realestateinmotion.com.au *.au.open2view.com *.cloudpano.com https://reiwa.australia-3.evergage.com *.ipropertyexpress.com *.doubleclick.net *.dotmetrics.net; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com securepubads.g.doubleclick.net https://noembed.com https://cdn.plyr.io https://pagead2.googlesyndication.com https://maps.googleapis.com *.leadplusdev.com.au *.leadplus.com.au *.agentaccount.com wss://10.100.41.76:21021 *.g.doubleclick.net analytics.google.com lm.serving-sys.com secure-ds.serving-sys.com s.yimg.com www.google.com.au www.google.com *.evergage.com *.facebook.com *.addthis.com https://reiwa.australia-3.evergage.com *.hotjar.io wss://ws.hotjar.com *.dotmetrics.net; 1
frame-ancestors www.koolinar.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; 1
default-src 'self'; script-src 'report-sample' 'self' https://hu.us4.list-manage.com/ https://player.vimeo.com/api/player.js https://*.googleadservices.com https://*.google.com https://va.vercel-scripts.com/v1/script.debug.js https://va.vercel-scripts.com/v1/speed-insights/script.debug.js https://www.youtube.com/iframe_api https://vercel.live/ https://vercel.com 'unsafe-inline' https://*.googleadservices.com https://*.google.com https://connect.facebook.net https://*.googletagmanager.com https://*.g.doubleclick.net https://*.tiktok.com https://static.ads-twitter.com https://*.t.hyros.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://*.snapchat.com https://*.klaviyo.com; base-uri 'self'; style-src 'report-sample' 'self' 'unsafe-inline'; img-src 'self' data: blob: https://cdn.shopify.com https://images.prismic.io https://i.vimeocdn.com/ https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://*.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.facebook.com https://*.tiktok.com https://static.ads-twitter.com https://t.co https://analytics.twitter.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://tags.w55c.net https://*.klaviyo.com; connect-src 'self' https://dev-checkout.humane.com https://carry-checkout.humane.com https://checkout.humane.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://vitals.vercel-insights.com https://webapi.dev.humane.cloud https://webapi.carry.humane.cloud https://webapi.prod.humane.cloud https://vimeo.com https://auth.humane.center https://auth.dev.humane.center https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://sockjs-us3.pusher.com wss://ws-mt1.pusher.com/ wss://ws-us3.pusher.com https://region1.analytics.google.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://*.t.hyros.com https://*.licdn.com https://*.linkedin.com https://*.yobi.ai https://sc-static.net https://support.humane.com https://*.snapchat.com https://*.google.com https://*.klaviyo.com; manifest-src 'self'; font-src 'self' https://assets.vercel.com; frame-src 'self' https://auth.humane.center https://auth.dev.humane.center https://auth.carry.humane.center https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com/ bid.g.doubleclick.net https://td.doubleclick.net/ https://vercel.live/ https://vercel.com https://*.snapchat.com https://*.klaviyo.com; media-src 'self' https://humane-content.cdn.prismic.io https://prismic-io.s3.amazonaws.com/humane-content/ https://player.vimeo.com https://*.akamaized.net; object-src 'none'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1c4ce6290da09358707613fe74943eb5&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Aprod; worker-src blob:; frame-ancestors 'self' https://auth.dev.humane.center/ https://auth.carry.humane.center/ https://auth.humane.center/; form-action 'self'; 1
default-src 'self'; img-src 'self' https://via.placeholder.com data: https://www.googletagmanager.com https://www.google-analytics.com https://secure.gravatar.com; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.comeet.co https://www.google.com/recaptcha/ https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://www.comeet.com; object-src 'none'; connect-src 'self' https://www.google-analytics.com; worker-src 'self' blob:; frame-src 'self' https://www.comeet.co https://www.google.com https://youtube.com https://www.youtube.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self' edge.curalate.com *.zipmoney.com.au *.userway.org *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.sheridan.com.au; 1
report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic ; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-oCLdqeKUyBbvd3rWN4swnxzu8NM=' 'nonce-eUgzH+EwGCyVyqJOWGhDob7KI8o=' 1
default-src 'self' 'unsafe-inline' https: data:; font-src 'self' data: 1
script-src 'self' 'nonce-TP/d30hHm4dD+S/ShQt5r56x' www.google-analytics.com ajax.googleapis.com maps.googleapis.com *.google.com www.gstatic.com cloud.typography.com *.pardot.com *.tnsi.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://bam.nr-data.net https://js-agent.newrelic.com https://px.ads.linkedin.com https://static.trackedweb.net https://snap.licdn.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://privacycdn.directsupply.com https://ajax.googleapis.com https://*.tels.net https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.tels.net; connect-src 'self' https://px.ads.linkedin.com https://geolocation.onetrust.com https://privacyportal.onetrust.com https://bam.nr-data.net https://r2.trackedweb.net https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.google-analytics.com https://cdn.cookielaw.org https://*.tels.net; font-src 'self' https://fonts.gstatic.com https://*.tels.net; img-src 'self' https://www.linkedin.com/ https://px.ads.linkedin.com https://www.google.com https://cdn.cookielaw.org https://branding.directsupply.com https://*.tels.net; object-src https://px.ads.linkedin.com https://r2.trackedweb.net https://pagead2.googlesyndication.com https://www.google.com https://cdn.cookielaw.org https://td.doubleclick.net https://cdn.cookielaw.org https://td.doubleclick.net; frame-src 'self' https://td.doubleclick.net/ 1
base-uri 'self';connect-src 'self';default-src 'none';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src 'none';img-src data: 'self';manifest-src 'self';media-src data: 'self';object-src 'none';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline';style-src-attr 'unsafe-inline'; 1
default-src https:; connect-src https: *; script-src 'unsafe-inline' 'unsafe-eval' https: *; style-src 'unsafe-inline' https: *; img-src 'self' data: https: www.googletagmanager.com www.google-analytics.com; font-src 'self' data: https: fonts.gstatic.com; object-src 'self'; frame-src *; frame-ancestors 'self' https://citizensadvicegateshead.org.uk; 1
default-src * 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; font-src * data:; worker-src * blob:; 1
frame-ancestors 'self' www.dbresearch.com www.dbresearch.de *.zoom.us *.db.com *.db.com:* localhost:* localhost *research-db-a2.wsodqa.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vocusdr.com *.vocuspr.com *.churnzero.net *.googleapis.com; 1
default-src * blob:;script-src 'self' 'unsafe-inline'  'unsafe-eval'  changba.com *.changba.com *.changbaimg.com *.cdn.changbaimg.com *.bootcss.com *.bokecc.com *.qbox.me *.google-analytics.com *.qq.com *.alipay.com *.alibaba.com *.aliyun.com  *.alicdn.com hm.baidu.com *.cnzz.com *.cnzz.cn *.irs01.com  irs01.com zz.bdstatic.com *.zhanzhang.baidu.com s.url.cn cdn.jsdelivr.net unpkg.com blob:;style-src * 'unsafe-inline';frame-src 'self' changba.com *.changba.com changba://* https://*.qq.com webcompt: https://* yy://*;img-src 'self' data: blob: *;media-src 'self' data: blob: *;font-src 'self' data: * 1
script-src 'unsafe-eval' 'nonce-MjQxNGRhNDgtYjQzZi00MDIyLTkyZTctNWRhNjQzY2ZiM2Q5' 'strict-dynamic' https: 'unsafe-inline' 'report-sample';style-src https://d2cg3f6oxmrhvg.cloudfront.net https: 'self' 'unsafe-inline' data:; worker-src * blob:; connect-src 'self' https: wss: data: blob:; img-src * data: blob: file:; font-src * data:; object-src 'self'; frame-src * blob:; child-src * blob:; media-src * blob: data:; base-uri 'self'; default-src *; frame-ancestors 'self' *.atlassian.net *.atl-paas.net *.atlassian.com trello.com bitbucket.org; report-uri https://web-security-reports.services.atlassian.com/csp-report/jira-frontend-static-prod 1
default-src 'self'; frame-src 'self' https://facebook.com *.facebook.com https://*.youcanbook.me https://www.google.com https://www.youtube.com *.vimeo.com *.doubleclick.net https://optimize.google.com https://js.stripe.com https://challenges.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.digitrust.mgr.consensu.org http://connect.facebook.net https://connect.facebook.net http://hm.baidu.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://optimize.google.com https://d2xfav0ywhr7jn.cloudfront.net https://cmp.quantcast.com https://secure.quantserve.com https://rules.quantcount.com https://maps.googleapis.com https://www.google-analytics.com/analytics.js https://stats.g.doubleclick.net/dc.js https://connect.facebook.net/en_US/sdk.js https://unpkg.com/@google/markerclustererplus@4.0.1/dist/markerclustererplus.min.js https://www.googletagmanager.com http://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.min.js https://cdnjs.cloudflare.com/ajax/libs/require.js/2.3.6/require.min.js http://cdnjs.cloudflare.com/ajax/libs/jqueryui/ https://js.stripe.com https://challenges.cloudflare.com/turnstile/v0/api.js https://dist.entityclouds.com/entity.js http://cdnjs.cloudflare.com/ajax/libs/jquery/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://d2xfav0ywhr7jn.cloudfront.net http://cdnjs.cloudflare.com/ajax/libs/jqueryui/ https://www.googletagmanager.com; img-src 'self' data: blob: https://awardwallet.com http://hm.baidu.com https://www.facebook.com http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://optimize.google.com https://www.gstatic.com https://d2xfav0ywhr7jn.cloudfront.net https://pixel.quantserve.com https://maps.googleapis.com https://maps.gstatic.com https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/m1.png https://lh3.googleusercontent.com https://s.yimg.com https://analytics.google.com https://dtwuzpz2q0bmy.cloudfront.net https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/jqueryui/; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com https://d2xfav0ywhr7jn.cloudfront.net; media-src 'self' 'unsafe-inline'; connect-src 'self' https://cmp.digitru.st https://vendorlist.consensu.org https://test.cmp.quantcast.com https://audit-tcfv2.cmp.quantcast.com https://www.google-analytics.com https://stats.g.doubleclick.net https://test.quantcast.mgr.consensu.org https://cmp.quantcast.com *.quantcast.mgr.consensu.org https://www.googletagmanager.com https://analytics.google.com https://maps.googleapis.com https://comet.awardwallet.com wss://comet.awardwallet.com https://dist.entityclouds.com/entity.php; report-uri /csp-report; 1
connect-src adobedc.demdex.net edge.adobedc.net *.amazonaws.com *.doubleclick.net *.googleapis.com *.kyruus.com 'self' *.visualstudio.com wss:; default-src blob: data: https: 'self'; frame-src *.agkn.com *.doubleclick.net *.google.com mdlink.ucsfmedicalcenter.org ucsfmychart.ucsfmedicalcenter.org testmyc.ucsfmedicalcenter.org 'self' *.sitecore.net *.vimeo.com *.youtube.com; script-src *.adobedtm.com *.answerscloud.com *.azurewebsites.net *.calltrk.com *.clicktale.net *.cloudflare.com *.cloudflareinsights.com *.doubleclick.net *.evaliahealth.com *.facebook.net *.foresee.com *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.invoca.net *.invocacdn.com *.jsdelivr.net *.msecnd.net *.radiomd.com 'self' *.skyword.com *.tealiumiq.com *.tiqcdn.com *.twitter.com datalayer.ucsfhealth.org 'unsafe-eval' 'unsafe-inline' *.vimeo.com *.vimeocdn.com *.visto1.net; style-src *.fonts.net *.googleapis.com 'self' 'unsafe-inline'; worker-src blob:; 1
img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.boschcarservice.com *.dxtservice.com *.bosch.com *.snap.licdn.com *.licdn.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net *.bosch.tech *.mobility-media.cloud *.newrelic.com *.nr-data.net *.youtube.com *.translate.google.com; object-src 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://ct.pinterest.com https://hal9000.redintelligence.net https://*.recaptcha.net https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.pinterest.com blob: https://*.abtasty.com https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.it https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.abtasty.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myprotein.it https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.it; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.it https://m.myprotein.it https://checkout.myprotein.it https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://static.goqubit.com https://*.qubit.com https://sgtm.myprotein.it; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'unsafe-eval' 'unsafe-inline' qna.center *.qna.center ulogin.ru/js/ulogin.js *.ampproject.org *.gstatic.com *.googleapis.com *.tiktok.com tiktok.com *.ibytedtos.com *.tiktokcdn.com *.ttwstatic.com 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.aol.com https://s.yimg.com/nq/ads/mb/native/* https://edge-mcdn.secure.yahoo.com/ybar/ https://service.cmp.oath.com https://udc.yahoo.com/ https://3p-udc.yahoo.com/ https://geo.yahoo.com/ https://3p-geo.yahoo.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.aol.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync https://search.aol.com/sugg/gossip/gossip-us-ura/ https://espanol.search.yahoo.com/sugg/gossip/gossip-e1-ura https://de.search.yahoo.com/sugg/gossip/gossip-de-ura https://ca.search.yahoo.com/sugg/gossip/gossip-ca-ura https://uk.search.yahoo.com/sugg/gossip/gossip-uk-ura https://qc.search.yahoo.com/sugg/gossip/gossip-ca_fr-ura https://fr.search.yahoo.com/sugg/gossip/gossip-fr-ura https://br.search.yahoo.com/sugg/gossip/gossip-br-ura https://graviton-ncp-content-gateway.media.yahoo.com/api/v1/gql/stream_view;default-src 'self';font-src https: data:;frame-src https://*.aol.com https://*.yimg.com https://fc.yahoo.com https://*.aolmail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.aol.com/ https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://connect.netscape.com/ https://guce.netscape.com/ https://www.compuserve.com/ https://guce.compuserve.com/ https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.aol.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/js/ https://s.yimg.com/rx/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://yep.video.yahoo.com/ https://assets.video.yahoo.net/ https://jsapi.login.aol.com/w/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' https://udc.yahoo.com/ https://3p-udc.yahoo.com/ https://geo.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'nonce-pS6YUSx93DP33XsBYHBTn9QC2hNzPPLLxy1Poyt+J3Q7tcEo' ;style-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self';manifest-src https://s.yimg.com/nq/nr/json/ 1
default-src 'self'; object-src 'self' https://pts.winsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.winsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://umfrage.winsim.de https://pts.winsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.winsim.de https://chat.winsim.de https://stats.winsim.de https://imagepool.winsim.de https://pts.winsim.de https://analytics.tiktok.com https://umfrage.winsim.de; script-src 'strict-dynamic' 'nonce-6aee24d4fc451f99779fc61fd1ae3c49' 'nonce-d67797ef857e1b60880894c69a01b4c7' 'nonce-f6f212cc71dc87957cec7e74c66b78b9' 'nonce-e96f49c6fce2be089c667d7adac4a9a5' 'nonce-544819600fc23a4f8bed3bc1240b6e39' 'nonce-7ac30faa8cb7aa52f3856c1385fff6da' 'nonce-5f1e66696760731c556a8dbf80bd7bad' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.winsim.de https://umfrage.winsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-6aee24d4fc451f99779fc61fd1ae3c49' 'nonce-d67797ef857e1b60880894c69a01b4c7' 'nonce-f6f212cc71dc87957cec7e74c66b78b9' 'nonce-e96f49c6fce2be089c667d7adac4a9a5' 'nonce-544819600fc23a4f8bed3bc1240b6e39' 'nonce-7ac30faa8cb7aa52f3856c1385fff6da' 'nonce-5f1e66696760731c556a8dbf80bd7bad' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://apis.google.com https://assets.adobedtm.com https://www.googletagmanager.com https://static.ads-twitter.com https://cdn.cookielaw.org https://www.google-analytics.com https://refinitiv.sc.omtrdc.net https://www.everestjs.net; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; img-src 'self' data: https://www.google-analytics.com https://www.google.com https://t.co https://analytics.twitter.com https://cdn.cookielaw.org;  frame-src * data:; worker-src 'self' blob:; font-src 'self' data: https://use.typekit.net; connect-src 'self' data: https://yoast.com https://www.google-analytics.com https://cdn.cookielaw.org https://stats.g.doubleclick.net; 1
default-src 'self' data: *.theconstructionindex.co.uk amp.analytics-debugger.com *.google-analytics.com *.analytics.google.com *.googleapis.com *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.youtube.com *.youtu.be *.youtube-nocookie.com *.googletagmanager.com *.ampproject.net *.ampproject.org *.googlesyndication.com *.google-analytics.com *.vimeo.com *.wistia.net cdnjs.cloudflare.com *.gstatic.com *.g.doubleclick.net *.googlevideo.com *.hotjar.com *.hotjar.io pushpad.xyz cdn.plyr.io *.audioboom.com audioboom.com api.spreaker.com *.cloudfront.net *.theabcdn.com *.chtbl.com t.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.theconstructionindex.co.uk *.tcindex.co.uk *.ampproject.org *.ampproject.net *.google-analytics.com *.g.doubleclick.net *.googleadservices.com *.googletagmanager.com *.googleapis.com *.googletagservices.com *.googlesyndication.com *.gstatic.com *.googlevideo.com *.youtube.com *.ytimg.com cdn.jsdelivr.net cdnjs.cloudflare.com *.hotjar.com pushpad.xyz code.jquery.com *.facebook.com *.facebook.net; img-src 'self' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.theconstructionindex.co.uk *.tcihost.co.uk *.tcitrader.co.uk *.tcindex.co.uk *.googletagmanager.com *.googletagmanager.com cdnjs.cloudflare.com *.googlesyndication.com *.googleadservices.com *.youtube.com *.ytimg.com *.googlevideo.com *.placeholder.com *.googleapis.com *.gstatic.com *.google-analytics.com *.twimg.com code.jquery.com pushpad.xyz audioboom.com *.theabcdn.com *.facebook.com *.facebook.net; style-src 'self' 'unsafe-inline' data: *.google.com *.google.co.uk *.google.ie *.google.no *.google.es *.google.dk *.google.gr *.google.je *.google.im *.google.in *.google.nl *.google.ae *.google.it *.google.com.au *.google.com.hk *.google.co.za *.google.co.il *.google.be *.google.ch *.google.ca *.google.se *.google.de *.google.fr *.gstatic.com *.googleapis.com cdn.jsdelivr.net code.jquery.com *.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.theconstructionindex.co.uk; worker-src 'self' blob:; font-src 'self' *.gstatic.com; 1
default-src *;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *;img-src * 'self' data: https:; connect-src * blob:;report-uri https://twsec.report-uri.com/r/d/csp/enforce 1
default-src 'self';style-src 'self' 'unsafe-inline' https://*.mobileye.com https://*.twimg.com https://*.crazyegg.com https://*.crwdcntrl.net https://*.fontawesome.com https://platform.twitter.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com https://static.mobileye.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mobileye.com https://*.cookielaw.org https://*.crazyegg.com https://static.ads-twitter.com https://*.demandbase.com https://*.crwdcntrl.net https://static.mobileye.com https://*.crwcntrl.net https://*.clarity.ms https://*.addthisedge.com https://*.moatads.com https://*.addthis.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://platform.twitter.com https://www.instagram.com https://forms.hsforms.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://js.hsforms.net https://maxcdn.bootstrapcdn.com https://www.youtube.com https://*.acsbapp.com https://*.opendns.com https://*.hs-scripts.com https://js.hs-banner.com https://js.usemessages.com/ https://js.hsadspixel.net/ https://cdn.taboola.com https://trc.taboola.com https://analytics.twitter.com https://js.hs-analytics.net https://static.ads-twitter.com https://bat.bing.com https://www.google.com https://www.googletagmanager.com https://snap.licdn.com https://www.googleadservices.com https://www.google-analytics.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://acsbapp.com;frame-src 'self' https://*.mbly.co https://*.mobileye.com https://*.crazyegg.com https://*.brightcove.net https://*.company-target.com https://*.vimeo.com https://*.addthis.com https://*.mobileye-data-services.com https://*.ixstack.net https://*.intelgeospatial.com https://*.wistia.com https://www.bloomberg.com https://*.wistia.net https://*.accessibe.com https://acsbapp.com https://*.twitter.com https://www.instagram.com https://my.matterport.com https://www.youtube.com https://www.facebook.com https://vars.hotjar.com https://bid.g.doubleclick.net;connect-src https://*.mobileye.com https://*.google.com https://*.mbly.co https://*.company-target.com https://*.demandbase.com https://cdn.linkedin.oribi.io https://*.linkedin.com https://*.crazyegg.com https://*.hsforms.com https://*.onetrust.com https://*.cookielaw.org https://*.addthis.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.clarity.ms https://*.acsbapp.com https://acsbapp.com https://bat.bing.com https://api.hubapi.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.taboola.com https://*.hubspi.com https://*.hubspot.com https://cdn.acsbapp.com https://in.hotjar.com https://www.google-analytics.com https://*.crwdcntrl.net https://stats.g.doubleclick.net;object-src 'self';media-src 'self' https://static.mobileye.com;font-src 'self' data: https://*.mobileye.com https://*.fontawesome.com https://acsbapp.com https://*.acsbapp.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;img-src 'self' data: https://*.mobileye.com https://static2.mobileye.com https://i.vimeocdn.com https://*.crazyegg.com https://id.rlcdn.com https://*.company-target.com https://*.linkedin.com https://*.cookielaw.org https://i.ytimg.com https://*.youtube.com https://s3.eu-west-1.amazonaws.com https://*.clarity.ms https://*.bing.com https://*.twitter.com https://*.twimg.com https://trc.taboola.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://www.mobileye.com https://*.acsbapp.com https://bat.bing.com https://cds.taboola.com https://t.co https://analytics.twitter.com https://*.hubspot.com https://www.google.com https://www.google.co.il https://www.googletagmanager.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://p.adsymptotic.com https://googleads.g.doubleclick.net;worker-src blob: 1
upgrade-insecure-requests; includeSubDomains 1
default-src 'self' https://*.seeburger.com https://munchkin.marketo.net https://v.qq.com https://www.youtube-nocookie.com https://*.seeburger-news.com; frame-ancestors 'self' https://*.seeburger.com https://www.googletagmanager.com; font-src 'self' data: https://*.seeburger.com https://fonts.gstatic.com; img-src 'self' data: https://*.seeburger.com https://wwwseeburgercom-160c6.kxcdn.com https://i.ytimg.com https://www.googletagmanager.com https://*.linkedin.com https://secure.curl7bike.com https://*.google-analytics.com https://www.google.de https://www.google.com; media-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.seeburger.com https://munchkin.marketo.net https://*.seeburger-news.com https://secure.curl7bike.com https://secure.leadforensics.com; connect-src 'self' wss://*.seeburger.com https://idx.liadm.com https://cdn.plyr.io https://noembed.com https://*.mktoresp.com https://*.google-analytics.com https://region1.analytics.google.com https://adservice.google.com https://analytics.google.com https://www.google.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://munchkin.marketo.net https://*.seeburger-news.com; script-src-elem 'self' 'unsafe-inline' https://*.seeburger.com https://ce.lijit.com https://www.googletagmanager.com https://cdn.plyr.io https://www.youtube.com https://munchkin.marketo.net https://*.seeburger-news.com https://snap.licdn.com https://secure.curl7bike.com https://secure.leadforensics.com https://googleads.g.doubleclick.net; report-uri https://sentry2.in2code.de/api/7/security/?sentry_key=ac5a04f3144e74ea1ccb11c69823ed60 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src https://* 'self' data: https: blob: feed.pghub.io pandg.tapad.com ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 1
frame-ancestors 'self' https://*.iprox.nl https://*.hetcak.nl 1
default-src 'self' *.yimg.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.googletagmanager.com https://tagmanager.google.com https://view.ceros.com/ https://s.amazon-adsystem.com https://fbcdotcomprod.blob.core.windows.net https://www.cdn.fortisbc.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com *.licdn.com https://code.jquery.com www.pinterest.com https://subscriptions.fortisbc.com https://webforms.fortisbc.com https://www.gstatic.com https://dev-fortisbc.managemailing.com https://subscriptions.fortisbc.com https://*.hotjar.com https://www.googletagmanager.com https://tagmanager.google.com https://*.eyereturn.com https://connect.facebook.net maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com apis.google.com ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://tagmanager.google.com https://fonts.googleapis.com https://fbcdotcomprod.blob.core.windows.net https://www.cdn.fortisbc.com https://dev-fortisbc.managemailing.com https://subscriptions.fortisbc.com https://use.typekit.net https://p.typekit.net fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com https://code.jquery.com www.google.com platform.twitter.com/css/ ct.pinterest.com s.pinimg.com *.twimg.com; img-src 'self' https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://s.amazon-adsystem.com *.linkedin.com *.licdn.com p.adsymptotic.com https://fbcdotcomprod.blob.core.windows.net www.pinterest.com https://www.cdn.fortisbc.com https://fls.doubleclick.net https://ad.doubleclick.net https://pix.upaknee.com https://*.simpli.fi https://www.facebook.com https://adservice.google.com https://*.quantserve.com https://*.tribalfusion.com https://*.doubleclick.net https://*.eyereturn.com https://*.adnxs.com maps.gstatic.com maps.googleapis.com *.google-analytics.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com ct.pinterest.com s.pinimg.com platform.twitter.com/css/ *.twimg.com data: blob:; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com data: https://fbcdotcomprod.blob.core.windows.net https://www.cdn.fortisbc.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://use.typekit.net data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.linkedin.com *.licdn.com https://fbcdotcomprod.blob.core.windows.net ct.pinterest.com https://stats.g.doubleclick.net/ https://www.cdn.fortisbc.com https://fbcfacapiprod.azurewebsites.net https://dev-fortisbc.managemailing.com https://subscriptions.fortisbc.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.yimg.com https://maps.googleapis.com accounts.google.com; media-src 'self' media.licdn.com https://livestream.com https://fbcdotcomprod.blob.core.windows.net https://www.cdn.fortisbc.com data: blob:; frame-src 'self' https://challenges.cloudflare.com https://subscriptions.fortisbc.com https://ct.pinterest.com/ https://view.ceros.com/ https://livestream.com www.linkedin.com https://fbcdotcomprod.blob.core.windows.net https://10845429.fls.doubleclick.net/ https://www.cdn.fortisbc.com https://hec.fortisbctest.com https://hec.fortisbc.com https://secure.fortisbc.com https://www.facebook.com https://globalnews.ca https://www.google.com https://vars.hotjar.com https://webforms.fortisbc.com https://www.energydepot.com https://www.plugshare.com https://careers2.hiredesk.net https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ https://vimeo.com/ apis.google.com https://rest.upaknee.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https: data: https://*.facebook.net https://*.typekit.net https://stats.g.doubleclick.net https://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://maps.googleapis.com http://www.w3.org https://cc.cdn.civiccomputing.com; 1
default-src 'self' *.wistia.com *.vimeocdn.com wss://*.foresee.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.4see.mobi *.foreseeresults.com *.bing.com *.doubleclick.net *.facebook.com *.twitter.com *.cookielaw.org;style-src 'self' 'unsafe-inline' *.vimeocdn.com *.wistia.com wss://*.foresee.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cookielaw.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeocdn.com *.wistia.com wss://*.foresee.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.cookielaw.org;img-src 'self' *.vimeocdn.com *.wistia.com wss://*.foresee.com *.thebigknow.com *.vimeo.com *.humananeighborhoodcenter.com *.everesttech.net *.everestjs.net *.demdex.net *.foresee.com *.humana.com *.ensighten.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org data: *.cloudinary.com *.cookielaw.org;object-src 'self' *.go365.com;media-src 'self' *.go365.com *.wistia.com blob:;frame-ancestors 'self' *.go365.com *.humana.com; 1
default-src 'self' *.mitel.io *.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com; img-src 'self' *.mitel.io *.trkn.us *.hubspot.com *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://prd-cdn-talkdesk.talkdesk.com *.talkdeskapp.com www.google.pt data: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mitel.io *.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com/ https://talkdeskchatsdk.talkdeskapp.com/ maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com js.hsforms.net; style-src 'self' *.mitel.io *.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com 'unsafe-inline' https://fonts.googleapis.com  maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com; font-src 'self' https://fonts.gstatic.com https://talkdeskchatsdk.talkdeskapp.com data:  maxcdn.bootstrapcdn.com code.jquery.com ajax.googleapis.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net *.mitel.io *.hubspot.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com forms.hsforms.com *.amazonaws.com https://talkdeskchatsdk.talkdeskapp.com/ https://api.talkdeskapp.com/ wss://tsock.us1.twilio.com *.google-analytics.com; frame-src 'self' https://www.google.com *.mitel.io *.hubspot.com *.hsforms.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com www.youtube.com https://forms.office.com; child-src 'self' https://www.google.com ; form-action 'self' *.hsforms.com; object-src 'self' ; worker-src 'self' blob: ; base-uri 'self' ; frame-ancestors 'self' ; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-01767ecc86304e3ab66133d23acb3820' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src https://*.big4.com.au; connect-src 'self' data: https: *.abtasty.com *.contentsquare.net; child-src 'self' https: blob:; font-src 'self' data: https:; frame-ancestors 'self' https://*.big4.com.au; frame-src  'self' https:; form-action 'self' https:; img-src 'self' data: https: blob: *.contentsquare.net; worker-src 'self' blob:; script-src 'self' 'nonce-oW2D0Z0E092qtEb3dL9xlUJpXbozXoFxVRh9zOuxQW4=' 'unsafe-eval' 'unsafe-inline' blob: 'sha256-/Tw1CUQaZj3yH2nxl9nyJFaYjrC1H/uoKb/GW4m9Cgg=' 'sha256-EGS9/79G+CXf0CN6ZS7Xb4A/InuKBTviYprKiSZx7fA=' 'sha256-cahM5LQiEzhDcHGZ7yG1S1TWdr0byoGzldv+3LkvdLM=' 'sha256-23dIBWuiV8/JZym0MK7/PmmYtK6PE7Fn20zO0X07SSY=' 'sha256-xfJWcN5UtRSbcf79ZAj033cOP//lohtNhtfXQez74hE=' 'sha256-ijmyaessuydjYbuosqDvQbpQOB+bjJoBtGaMdPgm8yA=' 'sha256-jWM8eqlKZuf+3gQmMRBYV6E95+gxgfS4XzVWwBLxKVs=' 'sha256-lmLfMaEfKezGVg8XluJHRv+5gggh45kbO5jPi66ibXE=' t.contentsquare.net app.contentsquare.com *.abtasty.com *.omappapi.com *.googletagservices.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.google.com analytics.tiktok.com atlas.microsoft.com bat.bing.com connect.facebook.net fxctag.com graph.facebook.com googleads.g.doubleclick.net google-analytics.com googletagmanager.com js.facebook.com js.adsrvr.org kit.fontawesome.com hat.thepointyspritesclub.com core.thepointyspritesclub.com r.bing.com static.zipmoney.com.au static.zip.co securepubads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com use.fontawesome.com unpkg.com www.gstatic.com www.google-analytics.com www.google.com www.googletagmanager.com js.monitor.azure.com trx-cdn.zip.co www.clarity.ms edge.fullstory.com js.stripe.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https:; report-uri /api/csp/ReportCSP 1
script-src 'report-sample' 'self' 'nonce-9ca47159ec972b42c2a85c348eea0a46'  https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-rtl-text/ https://cdn.matomo.cloud/voloocpter.matomo.cloud/ https://player.vimeo.com/api/player.js https://www.youtube.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js;base-uri 'self';connect-src 'self' https://api.mapbox.com https://events.mapbox.com https://flagsmith-api.volocloud.org https://vimeo.com https://voloocpter.matomo.cloud https://px.ads.linkedin.com/wa/;default-src 'self';font-src 'self' data:;frame-src 'self' https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com;img-src 'self' data: https://cdn.volocopter.com https://px.ads.linkedin.com/collect https://px4.ads.linkedin.com/collect;manifest-src 'self';media-src 'self' https://cdn.volocopter.com;object-src 'none';style-src 'report-sample' 'self' 'unsafe-inline';worker-src blob:; 1
frame-ancestors 'self' localhost:* aaalifefield.lightning.force.com aaalifefield.my.salesforce.com aaalifefield--c.vf.force.com aaalifefield--full.sandbox.my.salesforce.com aaalife--agentone.vf.force.com aaalifeinsurance--agentone.vf.force.com *.salesforce.com *.lightning.force.com *.google-analytics.com *.analytics.google.com *.aaalife.com app.optimizely.com *.onelogin.com *.aaalifedesk.com *.ipipeline.com  aaalife.my.salesforce.com aaalifeinsurance.lightning.force.com *.visual.force.com; report-uri https://wwwaaalife.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' ff-fieldfishercom-prod-cms.azurewebsites.net admin.fieldfisher.com 1
base-uri 'self'; default-src 'self' 'nonce-985a198a78b4e8ca23d87b1f83895416' https://cdn.shopify.com https://shopify.com; frame-ancestors none; style-src https://fonts.googleapis.com https://cdn.shopify.com https://accounts.google.com/gsi/style https://www.googletagmanager.com https://tagmanager.google.com 'self' 'unsafe-inline'; connect-src https://cdn.shopify.com https://monorail-edge.shopifysvc.com/unstable/produce_batch https://*.vicegolf.eu/api/unstable/graphql.json https://*.vicegolf.com/api/unstable/graphql.json https://privacy-banner.shopifyapps.com/customization https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.vicegolf.eu *.vicegolf.de *.vicegolf.ch *.vicegolf.co.uk *.vicegolf.se *.vicegolf.au *.vicegolf.com *.vicegolf.at https://pagead2.googlesyndication.com https://analytics.tiktok.com https://www.tiktok.com https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com https://lcap.vicegolf.com https://analytics.pangle-ads.com https://googleads.g.doubleclick.net https://www.google.com/pagead/landing https://stats.g.doubleclick.net https://*.g.doubleclick.net https://recommender.scarabresearch.com https://www.emjcd.com https://cdn.scarabresearch.com https://s.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://bat.bing.com https://ads-twitter.com https://ads-api.twitter.com https://analytics.twitter.com https://static.ads-twitter.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'self'; img-src * 'self' data: blob:; script-src https://accounts.google.com https://maps.googleapis.com https://cdn.shopify.com https://*.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://lcap.vicegolf.com https://connect.facebook.net https://*.facebook.net https://s.pinimg.com https://ct.pinterest.com https://www.facebook.com https://analytics.tiktok.com https://cdn.scarabresearch.com https://sc-static.net https://*.snapchat.com https://bat.bing.com https://accounts.google.com https://pagead2.googlesyndication.com https://www.tiktok.com https://analytics.pangle-ads.com https://www.google.com/pagead/landing https://stats.g.doubleclick.net https://www.emjcd.com https://recommender.scarabresearch.com https://www.emjcd.com https://s.amazon-adsystem.com https://ara.paa-reporting-advertising.amazon https://static.ads-twitter.com https://*.klaviyo.com https://*.mountain.com 'self' *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'nonce-985a198a78b4e8ca23d87b1f83895416'; font-src https://cdn.shopify.com https://fonts.gstatic.com https://bid.g.doubleclick.net https://td.doubleclick.net 'self'; frame-src https://accounts.google.com https://ct.pinterest.com https://td.doubleclick.net https://s.amazon-adsystem.com https://bid.g.doubleclick.net https://12205135.fls.doubleclick.net https://*.fls.doubleclick.net https://www.facebook.com 'self' 1
frame-ancestors 'self' *.staubli.com; 1
frame-ancestors 'self' https://*.elal.com https://elal.clearmash.com https://experience.adobe.com https://*.amadeus.com; 1
default-src 'self' data: ws: blob: wss: https://*.launchdarkly.com https://*.cloudfront.net https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://bam-cell.nr-data.net/ https://bam.nr-data.net/* https://api-iam.intercom.io/ https://www.edcast.me/ https://d.la2-c1cs-ord.salesforceliveagent.com/ https://*.agora.io https://*.agora.io:*/ https://*.agoraio.cn https://*.edcast.io/ https://*.edcast.com/ http://*.soc.edcast.com/ https://api-europe-edcast.io/ https://cdn.filestackcontent.com/ https://*.guideme.io/ https://*.hotjar.com/ https://*.hotjar.io/ https://*.api.osano.com/ https://*.myguide.org/ https://*.s3.amazonaws.com/ https://s3.amazonaws.com/ https://*.s3.us-east-1.amazonaws.com/ https://*.s3-us-east-1.amazonaws.com/ https://*.filestackapi.com/ https://*.company-target.com/ https://*.6sc.co/ https://*.adnxs.com/ https://www.facebook.com https://*.googleapis.com/ https://www.edcastcloud.com/ https://*.clearbit.com/ https://services.edcast.ai/ https://hlg.tokbox.com/ https://*.opentok.com/ https://api.go1.co/ https://api.unsplash.com/ https://cdn.linkedin.oribi.io/partner/ https://api2.amplitude.com/2/ https://*.csod.com/ https://*.oracle.com/;script-src 'self' blob: data: ws: wss: 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://snap.licdn.com/li.lms-analytics/ https://editor.unlayer.com/ https://widget.intercom.io/ https://js.intercomcdn.com https://*.guideme.io/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ https://d2r1yp2w7bby2u.cloudfront.net/js/ https://d1iwkfmdo6oqxx.cloudfront.net/organizations/ https://wzrkt.com/ https://*.salesforceliveagent.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://*.clearbitjs.com/ https://*.clearbit.com/ https://*.company-target.com/ https://tag.demandbase.com/ https://*.6sc.co https://*.google.com/ https://cdn.jsdelivr.net/ https://*.my.salesforce.com/ https://embedding.workato.com/r/ https://*.filestackapi.com/ https://*.osano.com/ https://*.hotjar.com/ https://www.youtube.com/ https://*.googleapis.com/ https://christus.okta.com/ https://tag.clearbitscripts.com/ https://cdn.walkme.com/ https://gateway.zscalerthree.net http://*.edcast.com/ https://*.edcast.com/ https://els-jbs-prod-cdn.jbs.elsevierhealth.com/ https://www.pagespeed-mod.com/ https://*.ckeditor.com/ https://ckeditor.iframe.ly/ https://bam.nr-data.net/ https://*.oracle.com/ https://*.clevertap-prod.com;style-src 'self' blob: data: ws: wss: 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://*.guideme.io/ https://*.my.salesforce.com/ https://service.force.com/ https://static.filestackapi.com/ https://*.ckeditor.com/ https://www.googletagmanager.com/ https://*.bootstrapcdn.com/ https://*.edcast.com/ https://lm.facebook.com/ https://*.oracle.com/;font-src 'self' blob: data: ws: wss: https://fonts.gstatic.com/s/ https://*.s3.amazonaws.com/fonts/ https://static3.avast.com/ https://*.guideme.io/ https://use.typekit.net/ https://*.edcast.com/ https://*.oracle.com/;img-src 'self' data: blob: https: http: about: android-webview-video-poster:;media-src blob: https: http:;frame-src 'self' atlassian-companion: data: blob: https:;report-uri /api/v2/csp_reports 1
;         default-src 'self' *.vtc.ru ;         script-src 'self' *.vtc.ru www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' ;         connect-src 'self' *.vtc.ru ;         img-src data: * 'self' *.vtc.ru ;         media-src 'self' *.vtc.ru ;         style-src 'self' *.vtc.ru 'unsafe-inline' ;         font-src 'self' *.vtc.ru ;         frame-src 'self' *.vtc.ru www.google.com docs.roundcube.net; 1
default-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com blob:; connect-src *; font-src 'self' data: https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com; frame-src *; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com blob: cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com https://assets.infopro-insight.com https://cdn.jsdelivr.net https://cdn.mathjax.org https://cdnjs.cloudflare.com https://code.highcharts.com https://code.jquery.com https://js.hsforms.net https://polyfill.io https://unpkg.com https://www.google.com platform.instagram.com platform.twitter.com unpkg.com; script-src-elem * 'unsafe-inline'; style-src 'self' 'unsafe-inline' assets.risk.net assets.insurancehound.co.uk assets.waterstechnology.com assets.risklibrary.net assets.centralbanking.com assets.postonline.co.uk assets.incinsight.com assets.insuranceage.co.uk assets.euinsurancetech.com assets.fx-markets.com assets.risktech-forum.com assets.infopro-insight.com assets.chartis-research.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; form-action *; frame-ancestors 'self' 1
default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com; script-src 'self' 'unsafe-inline'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none' 1
default-src 'self' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googletagmanager.com *.smartsuppcdn.com *.gopaycdn.com *.gopaycdn-test.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hostedstatus.com *.leady.com *.crazyegg.com *.hotjar.com googleads.g.doubleclick.net *.googlesyndication.com *.smartsuppchat.com *.smartsuppcdn.com *.smartsupp.com wss://*.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.google.cz *.googleapis.com cdn.getbeyond.io *.googletagmanager.com *.hotjar.com *.crazyegg.com *.facebook.net *.leady.com c.imedia.cz *.googleadservices.com *.seznam.cz *.smartsuppchat.com *.doubleclick.net *.smartsuppcdn.com *.smartsupp.com *.gopaycdn.com *.gopaycdn-test.com; img-src 'self' data: *.gopay.cz *.gopay.com goshop.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.cz *.googleapis.com https://partner.dev.gopay.cz p.typekit.net *.gstatic.com *.googletagmanager.com *.facebook.com *.seznam.cz *.smartsuppcdn.com *.maxcdn.com *.gopaycdn.com *.gopaycdn-test.com; style-src 'self' 'unsafe-inline' *.gopay.cz *.gopay.com use.typekit.net p.typekit.net *.googletagmanager.com fonts.googleapis.com *.gopaycdn.com *.gopaycdn-test.com; frame-src *; frame-ancestors *; font-src 'self' data: use.typekit.net fonts.gstatic.com; object-src 'none'; report-to 'default'; 1
default-src 'self' https: blob: data:; connect-src 'self' blob: vercel.live *.eloqua.com bat.bing.com *.linkedin.com *.googlesyndication.com google.ee youtube.com *.cookiebot.com *.sentry.io *.akamaihd.net *.oribi.io *.hotjar.io *.googleapis.com *.hotjar.com *.vimeo.com *.wistia.net *.facebook.com *.litix.io *.github.com *.giphy.com *.facebook.net *.doubleclick.net *.adroll.com *.albacross.com *.wistia.com *.wistia.net *.appcues.com *.amazonaws.com *.segment.com *.segment.io *.klausapp.com *.heapanalytics.com klausapp.com *.google-analytics.com wss://*.drift.com wss://*.hotjar.com *.google.com *.googleusercontent.com; object-src 'none'; frame-src 'self' *.anchor.fm anchor.fm vercel.live *.cookiebot.com *.spotify.com *.typeform.com *.hotjar.com *.wistia.net *.youtube.com *.soundcloud.com *.linkedin.com *.wistia.com *.facebook.net *.facebook.com *.driftt.com *.disqus.com disqus.com *.doubleclick.net *.hubapi.com; img-src 'self' 'unsafe-inline' blob: https: data: *.digitaloceanspaces.com *.klausapp.com *.klaus.app *.google-analytics.com *.doubleclick.net *.gstatic.com; font-src 'self' 'unsafe-inline' data: *.wistia.com  rsms.me *.gstatic.com *.hotjar.com *.abarba.me *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.usemessages.com; style-src 'self' 'unsafe-inline' *.disquscdn.com *.googleapis.com *.google.com rsms.me; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' bat.bing.com vercel.live *.vercel.live *.cookiebot.com *.hsappstatic.net *.hsadspixel.net *.hs-banner.com *.hs-analytics.net *.hs-scripts.com *.g2crowd.com *.albacross.com *.hotjar.com *.lfeeder.com *.doubleclick.net *.googlesyndication.com *.driftt.com *.licdn.com *.appcues.com *.adroll.com *.linkedin.com *.googletagmanager.com *.facebook.net unpkg.com *.googleapis.com *.wistia.net *.wistia.com *.segment.com *.segment.io *.klausapp.com *.heapanalytics.com *.disqus.com *.disquscdn.com *.google.com   *.google-analytics.com *.googleadservices.com; 1
frame-ancestors 'self' http://*.dev.tangelo.nl https://*.dev.tangelo.nl https://*.pub.prd.tangelo.nl http://*.pub.prd.tangelo.nl http://*.tangelo.nl https://*.tangelo.nl https://*.umicore.com https://*.umicore.com http://*.eu.umicore.com 212.113.67.182; base-uri 'self' 1
base-uri 'self'; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;block-all-mixed-content;object-src 'self';frame-src *.photonengine.com *.google.com youtube-nocookie.com www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com itch.io *.itch.io js.stripe.com;frame-ancestors 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' app.usercentrics.eu privacy-proxy.usercentrics.eu assets.adobedtm.com edge.adobedc.net ecotelcommunication.chat.digital.ringcentral.com avcheck.ecotel.de bat.bing.com www.clarity.ms; style-src 'self' 'unsafe-inline' avcheck.ecotel.de; img-src 'self' data: app.usercentrics.eu uct.service.usercentrics.eu bat.bing.com; font-src 'self' data: avcheck.ecotel.de; connect-src 'self' aggregator.service.usercentrics.eu privacy-proxy.usercentrics.eu api.usercentrics.eu consent-api.service.consent.usercentrics.eu charts3.equitystory.com edge.adobedc.net api.friendlycaptcha.com avcheck.ecotel.de a.clarity.ms; media-src 'self'; object-src 'self'; child-src 'self'; frame-src 'self' www.youtube.com www.youtube-nocookie.com ecotelcommunication.chat.digital.ringcentral.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' order.ecotel.de; base-uri 'none'; manifest-src 'self' 1
default-src ‘self’ 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src https://*.mega-image.ro https://d1lqpgkqcok0l.cloudfront.net; base-uri https://tau.collect.igodigital.com/; upgrade-insecure-requests; frame-ancestors https://*.mega-image.ro https://*.svc.mega-image.ro https://d1lqpgkqcok0l.cloudfront.net; 1
block-all-mixed-content; frame-ancestors 'self'; object-src 'none'; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://push4site.com https://legalbet.ru/ https://chat.24liveblog.com https://api.mindbox.ru https://personalization-web-stable.mindbox.ru https://*.gr-cdn.com https://legalbet.push4site.com https://vimeo.com https://yandex.ru https://cdn.carrotquest.app https://cdn.24liveblog.com https://cdn.webstoryz.com https://www.googleoptimize.com https://unpkg.com https://download.agora.io https://v.24liveblog.com https://static.cloudflareinsights.com https://*.ytimg.com http://awards.ratingruneta.ru https://cbzxy.com https://banners.adfox.ru/ https://yandex.ru cdn3.caltat.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://webmaster.foolsoft.ru https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://e.infogram.com https://*.ampproject.org  https://*.legalbet-subscription.com https://*.gr-cdn-e.eu; frame-src 'self' https://*.googletagmanager.com https://match.org.ru/ https://video.matchtv.ru https://apiwidget.webstoryz.com https://webmaster.foolsoft.ru https://www.youtube-nocookie.com/  https://player.vimeo.com https://*.soundcloud.com https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://e.infogram.com https://*.ampproject.net  https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.gr-cdn.com https://video.matchtv.ru/; object-src 'self' https://*.legalcdn.com https://webmaster.foolsoft.ru https://legalbet.ru/ https://*.legalcdn.org http://awards.ratingruneta.ru https://api.mindbox.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.legalbet-subscription.com https://*.gr-cdn-e.eu; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://webmaster.foolsoft.ru https://mc.yandex.com https://legalbet.ru/ https://mc.webvisor.com https://mc.webvisor.org  https://*.legalbet-subscription.com https://*.gr-cdn.com https://*.gr-cdn-e.eu; worker-src 'self' blob: https://push4site.com https://legalbet.push4site.com https://*.gr-cdn.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu; report-uri /csp-report/; 1
frame-ancestors outervision.com https://www.fsplifestyle.com https://www.fsp-group.com https://enermaxusa.com https://www.enermax.com; 1
default-src 'self' https://maps.googleapis.com https://www.webstream.eu https://www.dbk.de/ https://login.bistumsatlas.de https://*.doubleclick.net/ https://domradiomedien.akamaized.net https://medien.domradio.de https://dbk.de/ https://youtu.be/ https://*.readspeaker.com/  https://www.dbk-shop.de https://player.vimeo.com https://www.google.com https://www.google-analytics.com https://graph.facebook.com https://www.juicer.io https://*.katholisch.de https://www.domradio.de https://www.youtube.com https://stats.dbk.de  https://cdn.myth.theoplayer.com; img-src 'self' data: https://dbk.de/ https://*.youtube.com/ https://www.webstream.eu https://www.dbk.de/ https://stats.dbk.de https://www.google-analytics.com https://pbs.twimg.com https://*.fbcdn.net https://*.juicer.io https://*.imgur.com https://*.gstatic.com https://*.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://dbk.de/  https://www.google.com https://*.doubleclick.net https://www.webstream.eu https://www.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://*.juicer.io https://*.ytimg.com https://*.readspeaker.com https://stats.dbk.de https://*.youtube.com; font-src 'unsafe-inline' 'self' data: https://fonts.gstatic.com  https://*.juicer.io https://s3.amazonaws.com https://*.readspeaker.comd; style-src 'unsafe-inline' 'self' https://www.webstream.eu https://s3.amazonaws.com https://fonts.googleapis.com https://*.readspeaker.com https://*.juicer.io ; 1
img-src 'self' *.tile.osm.org *.bundestag.de *.tv1.eu, form-action 'self' 1
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube-nocookie.com https://identity.netlify.com/ https://www.netlifystatus.com *.usr.com;connect-src 'self' 'unsafe-inline' blob: *.cloudfront.net *.google.com *.google-analytics.com *.usr.com https://*.gstatic.com https://cdn.cookie-script.com https://consent.cookie-script.com https://fonts.googleapis.com https://fonts.gstatic.com https://geo.cookie-script.com https://identity.netlify.com https://l.sharethis.com https://maps.googleapis.com https://maps.gstatic.com https://maxcdn.bootstrapcdn.com https://platform-cdn.sharethis.com https://script.google.com https://script.googleusercontent.com https://stats.g.doubleclick.net https://ug-usr.netlify.app https://www.google-analytics.com https://www.googletagmanager.com https://www.usrobotics.com https://www.youtube-nocookie.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://www.youtube-nocookie.com *.cloudfront.net https://maxcdn.bootstrapcdn.com;frame-src 'self' https://c.sharethis.mgr.consensu.org  https://www.youtube-nocookie.com;img-src 'self' blob: data: https://platform-cdn.sharethis.com https://www.googletagmanager.com https://cdn.cookie-script.com https://www.google-analytics.com https://fonts.gstatic.com https://www.google.co.uk *.google.com https://maps.gstatic.com https://l.sharethis.com images.ctfassets.net *.cloudfront.net *.googleapis.com *.ggpht *.usr.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;object-src 'self' 'unsafe-inline' data: https://www.netlify.com https://identity.netlify.com https://www.netlifystatus.com assets.ctfassets.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com https://maps.googleapis.com https://platform-api.sharethis.com https://identity.netlify.com https://unpkg.com https://www.netlifystatus.com https://script.google.com https://script.googleusercontent.com https://maxcdn.bootstrapcdn.com *.usr.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://cdn.cookie-script.com https://www.usr.com https://ug-usr.netlify.app/ *.fontawesome.com *.cloudfront.net;manifest-src 'self' https://www.usr.com https://ug-usr.netlify.app/ 1
frame-ancestors 'self' https://cgp.cgscholar.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.dimora.jp https://*.dimora.jp http://*.google-analytics.com/ https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://b91.yahoo.co.jp https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://*.mul-pay.jp https://s.yimg.jp https://fonts.gstatic.com https://*.impact-ad.jp https://*.im-apps.net https://*.googleapis.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.googleadservices.com https://googleads.g.doubleclick.net https://*.google.co.jp https://1b3bng8fp1.execute-api.ap-northeast-1.amazonaws.com; img-src 'self' data: https://*.google-analytics.com/ https://*.twitter.com https://*.impact-ad.jp https://stats.g.doubleclick.net https://linkmaker.itunes.apple.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com https://b91.yahoo.co.jp; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; upgrade-insecure-requests; report-uri /local/ajax/CSP.php 1
default-src 'self'; base-uri 'self'; img-src https: data: ssl.gstatic.com; font-src 'self' fonts.gstatic.com *.hubspotusercontent-eu1.net f.hubspotusercontent-eu1.net *.delen.bank data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com static.hsappstatic.net; script-src https: 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com *.google-analytics.com; connect-src https: *.google-analytics.com www.google-analytics.com *.hotjar.com *.hotjar.io; frame-src 'self' *.google.com *.hotjar.com player.vimeo.com player.clevercast.com *.webflow.io vimeo.com *.vimeo.com delenhackdays.be *.dynamics.com www.google-analytics.com *.delen.be *.delen.bank *.delen.lu *.oyens.com *.typeform.com *.doubleclick.net  https://app httpsdelen://app  https://oyensappsimulator.acpt.delen.be   https://delenappsimulator.acpt.delen.be   https://login.acpt.delen.be   https://online.acpt.delen.bank  https://loginoyens.acpt.delen.be   https://delenappsimulator.acpt.delen.lu   https://delenchappsimulator.acpt.delen.lu  https://login.acpt.delen.lu  https://loginch.acpt.delen.lu platform.twitter.com https://forms-eu1.hsforms.com blog.delen.bank;; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: *.localphone.com *.localphone.co.uk *; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OTRkMTY0NGRhZGExNGExOGE4MzA0N2JjOTU1YTNiZTE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.scp.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.scp.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.scp.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.notino.pl https://www.notino.cz https://www.notino.hu https://www.notino.ro https://www.notino.sk https://www.notino.bg https://www.spa-by-clarins.com 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: ; img-src * data: ; connect-src * ; worker-src blob: ; frame-ancestors 'none'; 1
frame-ancestors 'self' https://online.gtefinancial.org; 1
child-src 'self'; frame-src 'self' *; frame-ancestors 'self' https://cloud.also.mp also.ch *.also.ch *.also.com also.com chrome-extension://*; connect-src 'self' *.also.com also.com *.usercentrics.eu *.mateti.net *.mktoresp.com https://*.hpcloud.hp.com https://d75j3d3y2ihvh1.cloudfront.net https://also01.wt-eu02.net https://px.ads.linkedin.com https://*.user.com wss://alsopolska.user.com https://*.n-able.com https://toolbox.solarwindsmsp.com analytics.google.com www.google-analytics.com https://stats.g.doubleclick.net https://fonts.googleapis.com whatfix.com *.whatfix.com *.parcellab.com https://locationservice.posti.com https://ka-p.fontawesome.com https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' *.also.com also.com https://fonts.googleapis.com https://cdn.cs.1worldsync.com https://*.hpcloud.hp.com *.cnetcontent.com cdnjs.cloudflare.com *.parcellab.com cdn.datatables.net maxcdn.bootstrapcdn.com rsms.me https://pages.solarwindsmsp.com https://*.n-able.com; font-src 'self' https://www.also.com *.1worldsync.com https://fonts.gstatic.com *.cnetcontent.com rsms.me booster.webtradecenter.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://cdnjs.cloudflare.com https://*.hpcloud.hp.com; img-src 'self' also.com *.also.com *.alsolatvia.lv filesalso.dk https://media.user.com https://static.user.com https://cdn.cs.1worldsync.com https://cdn.whatfix.com https://videos.whatfix.com data: https://www.google.com https://www.google.de analytics.google.com www.google-analytics.com www.facebook.com *.mateti.net *.usercentrics.eu *.cnetcontent.com https://*.hpcloud.hp.com *.www8-hp.com also01.wt-eu02.net *.parcellab.com *.wcfbc.net www.plugilo.com *.webtradecenter.com i.ytimg.com https://px.ads.linkedin.com https://d2xsch6h2vuht1.cloudfront.net; 1
frame-ancestors 'self' https://gateway.appone.net https://demo.external.appone.net https://test.appone.net 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.ciis.edu/report-uri/enforce 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://arz.team/logs/ https://arz.team/sidekiq/ https://arz.team/mini-profiler-resources/ https://arz.team/assets/ https://arz.team/brotli_asset/ https://arz.team/extra-locales/ https://arz.team/highlight-js/ https://arz.team/javascripts/ https://arz.team/plugins/ https://arz.team/theme-javascripts/ https://arz.team/svg-sprite/ https://meet.jit.si/external_api.js; worker-src 'self' https://arz.team/assets/ https://arz.team/brotli_asset/ https://arz.team/javascripts/ https://arz.team/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; connect-src 'self' *.itzbund.de *.readspeaker.com *.bmbfcluster.de; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.instagram.com; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com vimeo.com *.aktion-mensch.de *.bmbfcluster.de; frame-src 'self' *.readspeaker.com *.google.com *.gstatic.com *.youtube.com *.vimeo.com kumasta.buendnisse-fuer-bildung.de *.facebook.com *.instagram.com *.bmbf.de graphcommons.com www.baden-tv.com/ *.video-stream-hosting.de ;img-src 'self' data: *.materna.de *.bmbf.de *.google.com *.gstatic.com *.youtube.com *.twimg.com *.openstreetmap.org *.openstreetmap.de *.wmflabs.org *.bmbfcluster.de; font-src 'self' data:; frame-ancestors 'self'; 1
frame-ancestors 'self' my.lotame.com forumbee.com; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://*.list-manage.com https://*.bmg.com https://*.countdownmedia.com https://*.bmgproductionmusic.com https://*.bmgproductionmusic.be https://*.bmgproductionmusic.nl https://*.bmgproductionmusic.fr https://*.bmgproductionmusic.de https://cookie-consent.bmg.com https://f.vimeocdn.com https://player.vimeo.com https://www.vimeo.com https://*.bmgproductionmusic.co.uk https://analytics-eu.clickdimensions.com https://cdnjs.cloudflare.com https://cookie.bmgproductionmusic.com https://hit.uptrendsdata.com https://image.providesupport.com https://messenger.providesupport.com https://vm.providesupport.com https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://static.olark.com https://m.youtube.com https://maps.google.com https://maps.googleapis.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.youtube.com https://www.google-analytics.com; style-src 'self' 'report-sample' 'unsafe-inline' cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com; object-src 'none'; frame-src 'self' *.youtube.com *.vimeo.com *.bmg.com *.countdownmedia.com *.bmgproductionmusic.com *.bmgproductionmusic.be *.bmgproductionmusic.nl *.bmgproductionmusic.fr *.bmgproductionmusic.de *.bmgproductionmusic.co.uk maps.googleapis.com maps.google.com play.soundsgood.co thedubliners.lnk.to vm.providesupport.com www.googletagmanager.com www.youtube-nocookie.com; child-src 'self' *.vimeo.com vimeo.com www.youtube.com *.facebook.com connect.facebook.net www.googletagmanager.com; img-src 'self' data: blob: *.vimeocdn.com *.vimeo.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.ggpht.com images.musicdirector.nl ajax.googleapis.com *.ytimg.com *.youtube.com cdnjs.cloudflare.com d2zsljmk3mm9kv.cloudfront.net image.providesupport.com maps.googleapis.com www.googletagmanager.com *.bmgproductionmusic.nl *.bmgproductionmusic.be *.bmgproductionmusic.fr *.bmgproductionmusic.de *.bmgproductionmusic.co.uk; font-src 'self' data: fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com; connect-src 'self' *.google.com ajax.googleapis.com *.bmg.com *.countdownmedia.com *.bmgproductionmusic.com *.bmgproductionmusic.be *.bmgproductionmusic.nl *.bmgproductionmusic.fr *.bmgproductionmusic.de cookie-consent.bmg.com *.bmgproductionmusic.co.uk *.bmgproductionmusic.com chatapi.providesupport.com cdnjs.cloudflare.com d2zsljmk3mm9kv.cloudfront.net hit.uptrendsdata.com service.harvestmedia.net fonts.gstatic.com fonts.googleapis.com maps.googleapis.com stats.g.doubleclick.net *.google-analytics.com vimeo.com www.googletagmanager.com; manifest-src 'self'; base-uri 'self'; form-action 'self' *.facebook.com connect.facebook.net; media-src 'self' *.vimeo.com vimeo.com *.youtube.com youtube.com; worker-src 'self'; 1
block-all-mixed-content; frame-ancestors 'self' https://maps.usacarry.com 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-f93519d5492dbc82c79c07d9cc2bbeaf' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=1734030344693858; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=1734030344693858 1
frame-ancestors 'self' https://*.procaresoftware.com; 1
frame-ancestors 'self' *.humacom.com *.iofbonehealth.org *.osteoporosis.foundation 1
default-src 'self' www.mio.se static.mio.host eventproxy.mio.se data: login.mio.se www.mcdn.net insights.mio.se *.puzzel.com cert.tryggehandel.net api.hitta.se *.imbox.io fonts.gstatic.com *.googleapis.com browser.sentry-cdn.com *.youtube.com i.ytimg.com sentry.io mio.mynewsdesk.com images.prismic.io prismic-io.s3.amazonaws.com via.placeholder.com i.imgur.com mioblobstoragetest.blob.core.windows.net *.getflowbox.com *.fbcdn.net *.cloudfront.net *.atdmt.com *.adnxs.com *.google.se *.google.com *.facebook.com 9211931.fls.doubleclick.net connect.facebook.net *.hotjar.com hotjar.io *.hotjar.io *.adform.net *.google-analytics.com www.gstatic.com www.googletagmanager.com stats.g.doubleclick.net t.myvisitors.se *.triggerbee.com *.ourinsights.se *.googlesyndication.com *.googleoptimize.com *.lemonpi.io *.bing.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.mio.se static.mio.host eventproxy.mio.se data: login.mio.se www.mcdn.net insights.mio.se *.puzzel.com cert.tryggehandel.net api.hitta.se *.imbox.io fonts.gstatic.com *.googleapis.com browser.sentry-cdn.com *.youtube.com i.ytimg.com sentry.io mio.mynewsdesk.com images.prismic.io prismic-io.s3.amazonaws.com via.placeholder.com i.imgur.com mioblobstoragetest.blob.core.windows.net *.getflowbox.com *.fbcdn.net *.cloudfront.net *.atdmt.com *.adnxs.com *.google.se *.google.com *.facebook.com 9211931.fls.doubleclick.net connect.facebook.net *.hotjar.com hotjar.io *.hotjar.io *.adform.net *.google-analytics.com www.gstatic.com www.googletagmanager.com stats.g.doubleclick.net t.myvisitors.se *.triggerbee.com *.ourinsights.se *.googlesyndication.com *.googleoptimize.com *.lemonpi.io *.bing.com;style-src 'self' 'unsafe-inline' www.mio.se static.mio.host eventproxy.mio.se data: login.mio.se www.mcdn.net insights.mio.se *.puzzel.com cert.tryggehandel.net api.hitta.se *.imbox.io fonts.gstatic.com *.googleapis.com browser.sentry-cdn.com *.youtube.com i.ytimg.com sentry.io mio.mynewsdesk.com images.prismic.io prismic-io.s3.amazonaws.com via.placeholder.com i.imgur.com mioblobstoragetest.blob.core.windows.net *.getflowbox.com *.fbcdn.net *.cloudfront.net *.atdmt.com *.adnxs.com *.google.se *.google.com *.facebook.com 9211931.fls.doubleclick.net connect.facebook.net *.hotjar.com hotjar.io *.hotjar.io *.adform.net *.google-analytics.com www.gstatic.com www.googletagmanager.com stats.g.doubleclick.net t.myvisitors.se *.triggerbee.com *.ourinsights.se *.googlesyndication.com *.googleoptimize.com *.lemonpi.io *.bing.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.ampproject.org https://pixel.adsafeprotected.com https://static.adsafeprotected.com https://ad.doubleclick.net https://cse.google.com http://cse.google.com http://maps.google.com https://maps.google.com http://maps.googleapis.com https://maps.googleapis.com https://www.google.com https://www.googleapis.com https://apis.google.com https://www.google-analytics.com https://ajax.googleapis.com https://pagead2.googlesyndication.com www.googletagservices.com https://adservice.google.com https://adservice.google.fr https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.gstatic.com https://code.jquery.com http://assets.pinterest.com https://assets.pinterest.com http://log.pinterest.com https://connect.facebook.net http://bs.serving-sys.com http://ds.serving-sys.com http://logv5.xiti.com https://az124611.vo.msecnd.net https://az551914.vo.msecnd.net http://analytics-eu.clickdimensions.com https://www.googletagmanager.com 1
default-src 'self'; script-src 'report-sample' 'self' https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://use.typekit.net/gil3vgx.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' https://use.typekit.net; frame-src 'self'; img-src 'self' https://p.typekit.net; manifest-src 'self'; media-src 'self'; report-uri https://61573697fe86c15caaed69c2.endpoint.csper.io/; worker-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://*.mgbox.io/ https://*.magic.link/ https://*.fortmatic.com/ https://fortmatic.github.io/ blob: https://*.fortmatic.com https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/ https://form.typeform.com  *.hs-sites.com *.hubspot.com; img-src 'self' https://tr.lfeeder.com/ https://api.producthunt.com https://*.magic.link/ https://*.fortmatic.com/ https://fortmatic.github.io/ https://anima-uploads.s3.amazonaws.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.githubusercontent.com https://www.google.com/ *.hubspot.com data:; connect-src 'self' https://*.magic.link/ https://*.fortmatic.com/ https://api.segment.io/ https://api.mixpanel.com/ https://api.amplitude.com/ https://api.stripe.com https://api.rollbar.com *.hs-banner.com *.hubspot.com; script-src 'self' 'unsafe-inline' https://cdn.segment.com/ https://cdn.mxpnl.com/libs/mixpanel-2-latest.min.js https://www.google-analytics.com/analytics.js https://cdn.amplitude.com/ https://js.stripe.com/v3 https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://embed.typeform.com/embed.js *.hubspot.com; script-src-elem 'self' https://js.stripe.com/v3 https://cdn.segment.com/ https://www.google-analytics.com/analytics.js https://cdn.amplitude.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sc.lfeeder.com/ https://embed.typeform.com/embed.js *.usemessages.com *.hs-scripts.com *.hs-banner.com *.hsadspixel.net *.hs-analytics.net; font-src 'self'; base-uri 'self'; 1
default-src *; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.canarytechnologies.com *.headwayapp.co headwayapp.co *.pendo.io *.jsdelivr.net *.demandbase.com *.cookieyes.com cdn-cookieyes.com *.6sc.co *.revive-adserver.net *.visualwebsiteoptimizer.com *.vimeo.com *.googletagmanager.com polyfill.io *.zdassets.com *.smooch.io *.plaid.com *.hellosign.com browser.sentry-cdn.com *.explo.co https://cdn.heapanalytics.com https://heapanalytics.com *.google-analytics.com *.google.com *.googleadservices.com googleads.g.doubleclick.net *.formstack.com *.googleapis.com *.nr-data.net *.licdn.com *.hotjar.com *.jquery.com *.cloudflare.com *.amazonaws.com *.stripe.com *.berbix.com *.incode.com *.website-files.com *.salesloft.com *.trysavvy.com *.heysavvy.com *.cloudfront.net *.optimizely.com *.calendly.com *.amplitude.com *.marketo.net *.marketo.com *.mktoweb.com *.gstatic.com *.spreedly.com *.tremendous.com https://optimize.google.com https://www.googleoptimize.com *.chilipiper.com *.popt.in blob:; style-src * data: 'unsafe-inline'; img-src * data: blob:; font-src * data:; connect-src * blob: data:; child-src * blob:; frame-src * data: 1
default-src 'none'; base-uri 'none'; child-src bid.g.doubleclick.net www.youtube.com 'self' docs.google.com ensemble.nmc.edu vimeo.com nmc.hosted.panopto.com cdn.youvisit.com www.youvisit.com weatherwidget.io; connect-src 'self' *.opentable.com *.blackbaud.com *.blackbaudhosting.com *.clarity.ms *.doubleclick.net www.facebook.com adservice.google.com www.google.com www.google-analytics.com analytics.google.com translate.googleapis.com translate-pa.googleapis.com www.googletagmanager.com contact.simpletix.com cdn-graphql.youvisit.com csp.withgoogle.com; font-src data: 'self' *.otstatic.com fonts.gstatic.com; frame-src 'self' player.pbs.org *.elluciancrmrecruit.com www.adsensecustomsearchads.com syndicatedsearch.goog *.opentable.com *.adobe.com *.blackbaud.com *.blackbaudhosting.com *.doubleclick.net googleads.g.doubleclick.net www.facebook.com payment.flywire.com *.google.com www.googletagmanager.com e.issuu.com *.libanswers.com *.lightcastcc.com ensemble.nmc.edu nmcp.ssbxe.nmc.edu webcam.nmc.edu vimeo.com nmc.hosted.panopto.com app.powerbi.com www.powtoon.com www.shoppingsheet.com embed.prod.simpletix.com platform.twitter.com player.vimeo.com cdn.yoshki.com www.youtube.com cdn.youvisit.com www.youvisit.com weatherwidget.io; img-src 'self' data: secure.adnxs.com s3.amazonaws.com c.bing.com *.blackbaud.com *.blackbaudhosting.com *.clarity.ms *.doubleclick.net www.facebook.com adservice.google.com clients1.google.com www.google.com www.google-analytics.com translate.google.com translate.googleapis.com translate-pa.googleapis.com www.googleapis.com www.googletagmanager.com *.gstatic.com code.jquery.com *.nmc.edu www.onlinechatcenters.com cdn.simpletix.com *.smugmug.com syndication.twitter.com m.youtube.com sp.youvisit.com trck.youvisit.com i.ytimg.com www.ebenefits.va.gov littleworld.tv; media-src data: 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.blackbaud.com *.blackbaudhosting.com *.clarity.ms cdnjs.cloudflare.com googleads.g.doubleclick.net connect.facebook.net cse.google.com translate.google.com www.google.com www.google-analytics.com partner.googleadservices.com www.googleadservices.com ajax.googleapis.com translate.googleapis.com translate-pa.googleapis.com www.googletagmanager.com code.jquery.com *.libanswers.com *.lightcastcc.com remote.nmc.edu www.onlinechatcenters.com embed.prod.simpletix.com www.gstatic.com www.shoppingsheet.com platform.twitter.com player.vimeo.com www.youvisit.com weatherwidget.io; script-src-elem 'self' 'unsafe-inline' *.gstatic.com *.clive.cloud *.opentable.com *.otstatic.com *.blackbaud.com *.blackbaudhosting.com *.clarity.ms cdnjs.cloudflare.com googleads.g.doubleclick.net connect.facebook.net cse.google.com translate.google.com www.google.com www.google-analytics.com partner.googleadservices.com www.googleadservices.com ajax.googleapis.com translate.googleapis.com translate-pa.googleapis.com www.googletagmanager.com e.issuu.com/embed.js code.jquery.com *.libanswers.com *.lightcastcc.com list-manage.com/generate-js remote.nmc.edu www.onlinechatcenters.com www.shoppingsheet.com embed.prod.simpletix.com platform.twitter.com player.vimeo.com www.youvisit.com www.ebenefits.va.gov weatherwidget.io; script-src-attr 'unsafe-inline' *.clarity.ms; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.blackbaud.com *.blackbaudhosting.com cdnjs.cloudflare.com www.google.com fonts.googleapis.com translate.googleapis.com translate-pa.googleapis.com code.jquery.com remote.nmc.edu www.shoppingsheet.com embed.prod.simpletix.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' www.gstatic.com cdn.otstatic.com cdn.gstatic.com *.blackbaud.com *.blackbaudhosting.com cdnjs.cloudflare.com www.google.com fonts.googleapis.com translate.googleapis.com e.issuu.com/embed.js code.jquery.com remote.nmc.edu www.shoppingsheet.com embed.prod.simpletix.com 1
default-src * blob: 'unsafe-inline' 'unsafe-eval';img-src * 'self' blob: data: https:; font-src * 'self' data: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://*; img-src *; media-src * 1
frame-ancestors 'self' http://www.philips.co.in *.philips.com *.philips.co.in https://philipsigtdpv.com 1
default-src 'self' *.paniniamerica.net *.goupshot.com https://analytics.google.com https://*.cardinalcommerce.com https://events.goupshot.com:3000 https://*.googleapis.com https://*.facebook.net https://cdns.us1.gigya.com https://*.kaptcha.com https://r2.trackedweb.net https://*.braintree-api.com https://*.braintreegateway.com https://www.paypal.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.onfido.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com wss://sync.onfido.com; img-src 'self' https://media.goupshot.com https://translate.google.com https://www.gstatic.com https://*.paniniamerica.net https://quickchart.io blob: data: https://www.google.com https://www.facebook.com https://*.paypal.com https://*.googleapis.com; script-src https: 'unsafe-inline' https://cdn.goupshot.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://api.goupshot.com https://cdns.us1.gigya.com; style-src https 'unsafe-inline' https://nft.paniniamerica.net https://www.paniniamerica.net https://translate.googleapis.com https://cdn.goupshot.com https://fonts.googleapis.com https://assets.braintreegateway.com https://assets.onfido.com; frame-src * 'self' mailto: https://www.google.com https://www.youtube.com https://cdns.us1.gigya.com https://bid.g.doubleclick.net https://assets.braintreegateway.com https://*.kaptcha.com https://*.paypal.com https://*.cardinalcommerce.com https://blog.paniniamerica.net; font-src 'self' https://fonts.gstatic.com https://cdn.goupshot.com 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https: https://*.id.opendns.com; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob: *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' https://m.youtube.com https://www.youtube.com;style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self' *.youtube.com www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.ytimg.com *.youtube.com *.froala.com;font-src 'self';connect-src 'self';manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';worker-src 'self' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://s3.eu-central-1.amazonaws.com/www.ecml.at/  https://www.beachguide.org http://www.beachguide.org http://www.sprachennetzwerkgraz.at http://cc.ecml.at *.ecml.at *.streaming.at *.vimeo.com *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.twimg.com *.youtube.com *.youtu.be *.doubleclick.net; object-src 'self' *.ecml.at; 1
default-src https: wss://*.hotjar.com 'unsafe-inline';  font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' * 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self' 1
img-src 'self' data: images.ctfassets.net *.google-analytics.com *.tapad.com *.googletagmanager.com *.fls.doubleclick.net *.facebook.com *.lytics.io *.akamaihd.net *.amazon-adsystem.com *.moatads.com *.cookielaw.org *.bazaarvoice.com *.amazonaws.com *.youtube.com *.haircode.com *.google.com *.google.ca click2cart.co click2cart.com *.click2cart.com 2cart.net haircodeassetsprod.azureedge.net *.adsrvr.org images-haircode-com-prod.azureedge.net *.contentful.com feed.pghub.io ; font-src 'self' data: *.haircode.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.contentful.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.cloudinary.com *.ctfassets.net *.contentful.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com *.googleapis.com maxcdn.bootstrapcdn.com *.contentful.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.google.com *.google-analytics.com *.googletagmanager.com *.moatads.com *.cookielaw.org *.crazyegg.com pghub.io *.facebook.net *.segment.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com click2cart.co click2cart.com *.click2cart.com 2cart.net *.iesnare.com *.adsrvr.org api.ipify.org *.contentful.com feed.pghub.io pandg.tapad.com ; connect-src 'self' kardia-nonprod.azure-api.net kardia.azure-api.net *.crazyegg.com *.google-analytics.com *.doubleclick.net *.cookielaw.org api.segment.io *.adsrvr.org *.pg.com *.bazaarvoice.com *.smartcommerce.co click2cart.co click2cart.com *.click2cart.com 2cart.net *.haircode.com *.onetrust.com *.contentful.com *.segment.com privacytermsprod.azureedge.net feed.pghub.io pandg.tapad.com ; default-src 'self' *.googletagmanager.com *.fls.doubleclick.net *.tapad.com *.facebook.com *.bazaarvoice.com click2cart.co click2cart.com *.click2cart.com 2cart.net pgconsumersupport.secure.force.com *.youtube.com *.adsrvr.org pg-lex.my.salesforce-sites.com consumersupport.pg.com *.contentful.com *.segment.com privacytermsprod.azureedge.net feed.pghub.io ; 1
default-src https: wss: ; img-src data: https: http: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: ; style-src https: 'unsafe-inline' http: ; font-src data: https: ; media-src http: ; frame-src blob: https: wss: 1
default-src 'self'; media-src 'self' tagmanager.google.com *.skydio.com stream.mux.com *.mux.com *.omappapi.com blob:; object-src 'none'; style-src 'self' 'unsafe-inline' *.mutinycdn.com tagmanager.google.com www.googletagmanager.com fonts.googleapis.com *.cloudfront.net *.skydio.com *.omappapi.com; form-action 'self' *.skydio.com *.facebook.com; font-src 'self' *.cloudflare.com fonts.gstatic.com *.cloudfront.net data:; img-src 'self' *.mutinycdn.com *.mutinyhq.io *.cloudfront.net analytics.twitter.com t.co *.omappapi.com *.skydio.com *.mux.com *.google.com www.google.co.uk *.clarity.ms cdn.sanity.io *.linkedin.com p.adsymptotic.com *.google-analytics.com www.googletagmanager.com *.reddit.com *.doubleclick.net *.bing.com *.facebook.com *.bizible.com *.cookielaw.org *.bizibly.com okt.to data:; connect-src 'self' *.mutinyhq.com *.mutinyhq.io *.mutinycdn.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.skydio.com *.zi-scripts.com *.mktoutil.com track-v3.funnelytics.io *.linkedin.com ingesteer.services-prod.nsvcs.net *.litix.io *.omappapi.com https://analytics.google.com *.google.com *.mux.com production--skydio.netlify.app *.fbot.me *.clarity.ms cdn.cookielaw.org *.mktoresp.com events.attentivemobile.com www.google-analytics.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.cloud.es.io *.onetrust.com *.zoominfo.com *.cookielaw.org *.bizibly.com *.bizible.com *.oribi.io *.bing.com conversions-config.reddit.com www.redditstatic.com; child-src 'self' www.google.com boards.greenhouse.io *.youtube.com *.facebook.com *.skydio.com https://sketchfab.com https://skydio.attn.tv/ *.kuula.co kuula.co blob:; base-uri 'self'; script-src 'nonce-N7XZTP2jpUL4j/fwWs5nIJyBcNdHI+sZ' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
base-uri 'none'; connect-src 'self' https://retrocdn.net https://www.google-analytics.com; default-src 'none'; frame-ancestors 'none'; frame-src https://www.google.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; img-src 'self' https://retrocdn.net https://www.google-analytics.com data:; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.google-analytics.com/analytics.js https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://www.googletagmanager.com/gtag/js data:; media-src 'self' https://retrocdn.net data:; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com/; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: d.lernsax.de; report-uri /security-report.php 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: blob:; font-src * 'self' data:; 1
default-src 'self'  https://docs.google.com  https://www.engie.ro;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://engie.ro https://*.engie.ro  https://cdnjs.cloudflare.com  https://snap.licdn.com  https://cookie-cdn.cookiepro.com https://gateway.zscloud.net https://s.ytimg.com  https://tagmanager.google.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://s.ytimg.com/yts/jsbin/www-widgetapi-vflj3RSGk/www-widgetapi.js https://www.youtube.com/player_api https://*.facebook.net https://*.facebook.com https://*.hotjar.com   https://www.google.com/ https://www.gstatic.com/ https://ajax.googleapis.com/ https://ssl.google-analytics.com https://maps.google.com https://maps.googleapis.com https://cdn.jsdelivr.net https://www.googleadservices.com/ https://googleads.g.doubleclick.net https://*.onetrust.com;  style-src 'self' 'unsafe-inline' blob: https://engie.ro https://*.engie.ro  https://s.ytimg.com/yts/jsbin/www-widgetapi-vflQSvpsZ/www-widgetapi.js https://tagmanager.google.com https://fonts.googleapis.com/ https://ajax.googleapis.com;  img-src 'self' data: blob: https://*.engie.ro https://www.google.at  https://www.googletagmanager.com https://www.linkedin.com https://px.ads.linkedin.com https://cookie-cdn.cookiepro.com https://www.engie.ro https://gateway.zscloud.net https://www.google.ro https://www.google.com https://agentia.gdfsuez.ro/proc/img/get/85f1002bf139bebdb7f0d07b31fa14155aea9dfc_200_200_0.PNG https://ssl.gstatic.com https://www.gstatic.com  https://www.google-analytics.com  https://*.facebook.net https://*.facebook.com https://*.ytimg.com https://secure.gravatar.com https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://ajax.googleapis.com https://ssl.google-analytics.com https://*.hotjar.com https://*.doubleclick.net https://*.google.it https://ps.w.org https://s.w.org;  font-src 'self' data:  https://engie.ro https://*.engie.ro https://fonts.gstatic.com https://*.hotjar.com;  frame-src 'self' data: https://docs.google.com https://www.youtube-nocookie.com  https://www.facebook.com https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com https://engie-romania.force.com https://*.powerapps.com/ https://*.research.net https://*.gdfsuez.ro https://*.doubleclick.net; child-src 'self' data: blob: https://www.google.com/ https://www.youtube.com https://player.vimeo.com https://*.hotjar.com https://*.engie.ro; connect-src 'self' data: http://engie.ro http://*.engie.ro https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google-analytics.com https://www.facebook.com https://cookie-cdn.cookiepro.com  https://gwss.engie.ro https://*.hotjar.com https://*.hotjar.com:* wss://*.hotjar.com https://vc.hotjar.io/ https://*.onetrust.com https://*.google-analytics.com https://*.google.com https://cdn.linkedin.oribi.io https://*.hotjar.io https://*.linkedin.com; frame-ancestors 'self' data: blob: https://engie.ro https://*.engie.ro; media-src 'self' https://www.youtube.com; 1
default-src 'self';base-uri 'self';form-action 'self' www.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com maps.googleapis.com www.storemapper.co storemapper-herokuapp-com.global.ssl.fastly.net app.storyblok.com assets.findify.io undefined.kameleoon.eu chantsupport.zendesk.com static.zdassets.com widget-mediator.zopim.com ajax.googleapis.com https://cdn.cookielaw.org https://acsbapp.com https://cdn.jsdelivr.net/npm/hls.js@1.1.4/dist/hls.min.js analytics.tiktok.com bat.bing.com cdn.noibu.com connect.facebook.net googleads.g.doubleclick.net s.pinimg.com s3.target2sell.com static.target2sell.com t.contentsquare.net c.contentsquare.net intljs.rmtag.com ut.rd.linksynergy.com static.klaviyo.com static-tracking.klaviyo.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js  blob:;object-src 'self' data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com googletagmanager.com tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://tagmanager.google.com/css/css.css;img-src 'self' www.googletagmanager.com www.facebook.com www.google-analytics.com www.google.com www.google.fr image.crisp.chat a.storyblok.com maps.gstatic.com maps.googleapis.com cdn11.bigcommerce.com storemapper-herokuapp-com.global.ssl.fastly.net us.chantelle.com s3.amazonaws.com cl-media-pattern-factory.s3-eu-west-1.amazonaws.com static.kameleoon.com fonts.gstatic.com ct.pinterest.com bat.bing.com www.google.com.pk media.chantelle.cloud imagedelivery.net https://customer-undefined.cloudflarestream.com/ idsync.rlcdn.com analytics.tiktok.com connect.facebook.net consent.linksynergy.com cdn.cookielaw.org data:;media-src 'self' a.storyblok.com https://customer-undefined.cloudflarestream.com/ data: blob:;font-src 'self' fonts.googleapis.com fonts.gstatic.com acsbapp.com data:;connect-src 'self' maps.googleapis.com chantelleus.centraqa.com www.storemapper.co api.keen.io api.storyblok.com chantelle-sandbox.mybigcommerce.com checkout.us.staging.chantelle.cloud https://api.bigcommerce.com reco.target2sell.com undefined-dsn.algolia.net undefined.kameleoon.eu eu-api-visit.kameleoon.eu eu-api-tracker.kameleoon.eu static.kameleoon.com old.kameleoon.com api.kameleoon.com data.kameleoon.io api.openweathermap.org browser-intake-datadoghq.eu rum.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu/ chantsupport.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com chantelle.com sst.chantelle.com sst2.chantelle.com chantelle.us cloudflarestream.com https://customer-undefined.cloudflarestream.com/ https://region1.analytics.google.com https://cdn.cookielaw.org https://privacyportal-fr.onetrust.com https://acsbapp.com https://cdn.acsbapp.com https://process.acsbapp.com https://api-v3.findify.io https://geolocation.onetrust.com api.target2sell.com analytics.tiktok.com bat.bing.com ct.pinterest.com www.google.com www.google-analytics.com region1.google-analytics.com serv-api.target2sell.com stats.g.doubleclick.net wss://input.noibu.com/pv_part;frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.facebook.com/ https://ct.pinterest.com/;frame-ancestors app.storyblok.com vercel.app; 1
default-src 'self' *.intelli.host;script-src 'self' use.fontawesome.com www.google.com www.googletagmanager.com *.intelli.host www.gstatic.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';media-src 'self' *.intelli.host; frame-src 'self' *.intelli.host www.google.com; 1
default-src 'self'; object-src 'self' https://pts.sim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.sim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.sim.de https://chat.sim.de https://umfrage.sim.de https://pts.sim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.sim.de https://stats.sim.de https://imagepool.sim.de https://pts.sim.de https://analytics.tiktok.com https://umfrage.sim.de; script-src 'strict-dynamic' 'nonce-28a440a540997e09404958dc41476ac0' 'nonce-1c66b78c7fd0a3706b809e10def9129c' 'nonce-29f5e9ae3ccd22b63a80384e1a2bce04' 'nonce-dc25c226dd716a3df9e56d3cbf7c03e8' 'nonce-9753c923175afdf2afbb05c816478b5a' 'nonce-b0e60aade91cce69882fac32ae7a916c' 'nonce-4983180f98d78dfdbf475d9df6dcfd4a' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.sim.de https://umfrage.sim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-28a440a540997e09404958dc41476ac0' 'nonce-1c66b78c7fd0a3706b809e10def9129c' 'nonce-29f5e9ae3ccd22b63a80384e1a2bce04' 'nonce-dc25c226dd716a3df9e56d3cbf7c03e8' 'nonce-9753c923175afdf2afbb05c816478b5a' 'nonce-b0e60aade91cce69882fac32ae7a916c' 'nonce-4983180f98d78dfdbf475d9df6dcfd4a' 'self' 'unsafe-inline' https: 'report-sample' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; 1
frame-ancestors 'self' https://*.toyota.nl https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' *.payportal.net payportal.net cloudflare.com *.cloudflare.com wss://analytex.userpilot.io *.userpilot.io userpilot.io googleapis.com *.googleapis.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com jsdelivr.net *.jsdelivr.net cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com  google-analytics.com *.google-analytics.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com intuit.com *.intuit.com fontawesome.com *.fontawesome.com gravatar.com *.gravatar.com stripe.com *.stripe.com zoominfo.com *.zoominfo.com lfeeder.com *.lfeeder.com marketingautomation.services *.marketingautomation.services googleadservices.com *.googleadservices.com facebook.net *.facebook.net doubleclick.net *.doubleclick.net perfectaudience.com *.perfectaudience.com facebook.com *.facebook.com google.com *.google.com google.co.in *.google.co.in prfct.co *.prfct.co adnxs.com *.adnxs.com *.freshsuccess.com freshsuccess.com *.ckeditor.com ckeditor.com 'unsafe-inline' hatchbuck.com *.hatchbuck.com email2go.io *.email2go.io *.bootstrapcdn.com bootstrapcdn.com *.freshchat.com freshchat.com *.luckyorange.com luckyorange.com *.hs-scripts.com hs-scripts.com *.hscollectedforms.net hscollectedforms.net *.hs-analytics.net hs-analytics.net *.hs-banner.com hs-banner.com *.usemessages.com usemessages.com *.hubspot.com hubspot.com *.hsforms.com hsforms.com oktacdn.com *.oktacdn.com *.okta.com okta.com calendly.com *.calendly.com 'unsafe-eval' 1
base-uri 'self'; object-src 'none'; script-src 'self' 'report-sample'    'nonce-593ec14abc' 'nonce-8f5bf540e6' 'nonce-9f61b8e246' 'nonce-401678eccb' 'nonce-5d89f6e93d' 'nonce-e781cac615' 'nonce-e45f4b4e88' 'nonce-d43644b153' 'nonce-2f8df96bed' 'nonce-abd7f0bf09' 'nonce-2e5d37969b' 'nonce-401678eccb' 'nonce-401678eccb' 'nonce-480ed94d2d' 'nonce-da163130c0' 'nonce-593ec14abc' 'nonce-4735e0abc0' 'nonce-86d9d8c757' 'nonce-79dc2f1870' 'nonce-dff259c447' 'nonce-b914e3958c' 'nonce-3648aeb182' 'nonce-470cbfc870' 'nonce-4075255ae1' 'nonce-35d6fcbd9b' 'nonce-8617128d06' 'nonce-a16a8f3ae1' 'nonce-5ce4f99d10' 'nonce-42951f7974' 'nonce-7d8decadf6' 'nonce-70e1a7ec72' 'nonce-3280e7ea1c' 'nonce-4f1f4d672d' 'nonce-977fda8879' 'nonce-ffecbdee1b' 'nonce-c821a42c3b' 'nonce-388c3b9e37' 'nonce-5976be5db0' 'nonce-1a88b298a9' 'nonce-9207646b2c' 'nonce-82f19bcd82' 'nonce-82f19bcd82'     https://www.googletagmanager.com/ https://tracker.metricool.com/app/resources/be.js https://t3078dff3.emailsys1a.net/form/ https://cdnjs.cloudflare.com/ajax/libs/punycode/ https://cdn02.jotfor.ms/static/ https://cdn03.jotfor.ms/static/ https://form.jotformeu.com/jsform/ https://jobs.jobvite.com https://cdn.jsdelivr.net/npm/@splidejs/ https://connect.facebook.net/en_US/; form-action 'self'      ; frame-ancestors 'self'; report-uri https://64bdae064f8049a8e8accbc0.endpoint.csper.io/?v=11; 1
frame-ancestors 'self' file://* https://*.readpaper.com https://*.readpapers.com https://*.readpapers.cn https://*.readpaper.cn https://*.idea.edu.cn http://*.idea.edu.cn 1
frame-ancestors 'self' ; worker-src 'self' data: blob: https://js.arcgis.com ; default-src 'self'  ; frame-src 'self' embed https://waterschappen.mijnstem.nl https://agv.mijnstem.nl https://app.mijnstem.nl https://mijnstem.sales.ivox.be https://waternet.pti.nl https://chat1.waternet.nl https://app.cobrowser.com https://hotjar.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google.nl https://www.google.com https://recaptcha.google.com/recaptcha/ https://www.kcmsurvey.com https://platform.twitter.com https://syndication.twitter.com https://twitter.com https://facebook.com https://platform.hireserve.nl https://podcasts.apple.com https://open.spotify.com ; script-src 'self' https://js.monitor.azure.com https://dl.episerver.net https://collect.mopinion.com https://cdn.optimizely.com https://js.arcgis.com https://ytimg.com https://www.youtube.com https://epi.waternet.nl https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://www.google.com/recaptcha https://ajax.googleapis.com https://maps.gstatic.com https://app.cobrowser.com https://script.hotjar.com https://cdnjs.cloudflare.com https://cdn.nowinteract.com https://imp2.nowinteract.com https://js-agent.newrelic.com https://bam.nr-data.net https://platform.twitter.com https://cdn.syndication.twimg.com https://connect.facebook.net https://facebook.com https://platform.hireserve.nl 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-Q+8a/o63rQfS2FbM/kdZuS1YefaBDavYFe0rSXCVTY8=' 'nonce-SHeXlz7uI6gC9TKzyuufQjrA4LuSNcv5A2N4pdvR2nw=' ; style-src 'self' https://dl.episerver.net https://fonts.mopinion.com https://js.arcgis.com https://epi.waternet.nl https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://app.cobrowser.com https://platform.twitter.com https://facebook.com https://platform.hireserve.nl 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-OwlOqbP3VnAzYedGO5K7BbLR2YOoHw96wRy+VxYn414=' 'sha256-RXxNUJG3UfHAeHA4copS/oAu4QHoWavn3IraEQ+XrTk=' 'sha256-HoHeSFZ2KzRVUbA0hgnOQrMyvA5bmJp9vMDhzKnBVw8=' 'nonce-SHeXlz7uI6gC9TKzyuufQjrA4LuSNcv5A2N4pdvR2nw='; font-src 'self' https://fonts.gstatic.com https://gstatic.mopinion.com https://platform.hireserve.nl https://dl.episerver.net ; img-src 'self' data: https://www.waternet.nl https://www.google.nl https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://services.arcgisonline.com https://server.arcgisonline.com https://platform.hireserve.nl https://dl.episerver.net ; connect-src 'self' https://survey.mopinion.com https://content.hotjar.io https://vc.hotjar.io https://api.ats-platform.com https://platform.hireserve.nl https://maps.googleapis.com https://webapi.waternet.nl https://westeurope-5.in.applicationinsights.azure.com https://logx.optimizely.com https://www.google-analytics.com https://region1.analytics.google.com https://region1.google-analytics.com https://deploy.mopinion.com https://cacheorcheck.mopinion.com; form-action 'self' https://www.agv.nl https://www.waternet.nl https://www.wereldwaternet.nl; object-src 'none';base-uri 'self'; 1
default-src 'self' https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-NDI5NDIzMzhub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
script-src 'nonce-994UTi9ncSGtRsF23jfj8A==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=cbd255b1-550b-4aca-8202-371a1a39771a; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
object-src 'self'; base-uri 'self'; form-action 'self'; img-src 'self' data:; style-src fonts.googleapis.com gira.com.br www.gira.com.br; default-src 'self' gira.com.br www.gira.com.br; script-src 'self' gira.com.br www.gira.com.br; font-src 'self' https://fonts.gstatic.com gira.com.br www.gira.com.br 1
default-src 'self' www.mijngezondheid.net;          img-src 'self' data: home.mijngezondheid.net blob: https://www.mijngezondheid.net  1
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://matomo.resumedia.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.pinimg.com https://*.facebook.net 'nonce-d-1ea172e8-8299-4e2e-81ce-dc196d99f802' 'nonce-g-4e91d30a-038f-482f-a761-b87002272114' 'nonce-h-f20900d8-5546-4a89-b43e-60444f1138d0' 'nonce-b-d04316a2-a0e0-4d3e-b43b-ce9444f2bf58';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cvwizard.com https://matomo.resumedia.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.io wss://*.hotjar.com https://frstre.com https://*.linkedin.oribi.io; 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com; frame-src 'self' https://*.razorpay.com https://*.akasaair.com/  https://*.youtube.com https://*.webengage.co https://*.webengage.com https://*.numr.app https://*.rakuten.com; frame-ancestors 'self' https://*.storyblok.com https://*.rakuten.com; base-uri 'none'; form-action 'self' 1
script-src 'self' 'unsafe-inline' http://gwhs.i.gov.ph https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/bootstrap.min.js https://cdn.datatables.net/v/dt/dt-1.13.1/b-2.3.3/b-colvis-2.3.3/fh-3.3.1/r-2.4.0/datatables.min.js https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net; 1
default-src 'self' https://*.enfocus.com; navigate-to *; style-src 'unsafe-inline' 'self' https://*.enfocus.com https://*.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.enfocus.com https://*.googleapis.com https://*.doubleclick.net https://hello.myfonts.net https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://www.clarity.ms https://snap.licdn.com https://cdn.cookielaw.org https://secure.smart-business-foresight.com https://pi.pardot.com https://www.youtube.com https://d1f8f9xcsvx3ha.cloudfront.net https://*.zuora.com https://privacyportalde-cdn.onetrust.com; font-src 'self' https://*.enfocus.com https://fonts.gstatic.com data:; img-src 'self' https://*.enfocus.com https://www.google.be https://www.google.com https://c.clarity.ms https://c.bing.com https://i.ytimg.com https://yt3.ggpht.com https://*.linkedin.com https://cdn.cookielaw.org https://gwg.org https://www.gwg.org https://maps.gstatic.com https://maps.googleapis.com https://eskofo2-stage.asknet.com https://www.googletagmanager.com https://lnd.esko.com https://d1f8f9xcsvx3ha.cloudfront.net https://*.onfastspring.com data:; connect-src 'self' https://*.enfocus.com https://*.doubleclick.net https://*.googleapis.com https://cdn.linkedin.oribi.io https://r.clarity.ms https://cdn.cookielaw.org https://region1.analytics.google.com https://px.ads.linkedin.com https://www.linkedin.com https://px.ads.linkedin.com https://r.clarity.ms https://www.youtube.com https://pi.pardot.com https://www.google-analytics.com https://*.onfastspring.com https://privacyportalde-cdn.onetrust.com; child-src 'self' https://*.enfocus.com https://www.youtube.com https://www.youtube-nocookie.com https://*.onfastspring.com https://*.zuora.com; frame-ancestors 'self' https://*.enfocus.com https://*.enf-test.esko.rocks https://localhost.enf-test.esko.rocks:* 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3-eu-west-1.amazonaws.com/emergatev4/ https://cdn.emersya.com/ https://d3vmktulshtd50.cloudfront.net/ *.emersya.com:* emersya.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com data: blob:; frame-src 'self' *.emersya.com:* emersya.com https://www.youtube.com; img-src * data: blob: 1
object-src 'none'; script-src 'nonce-wiCNn4KegRDQYRZVGwo2eQ==' 'unsafe-inline' 'strict-dynamic' https: http:; base-uri 'none'; 1
default-src 'self';      connect-src 'self'      analytics.google.com/      maps.googleapis.com/      *.greenhouse.io/      cdn.linkedin.oribi.io/      *.fontawesome.com/      www.google-analytics.com/      stats.g.doubleclick.net/j/      *.addthis.com/      *.disquscdn.com/      disqus.com/      *.disqus.com/      *.hotjar.com/      wss://ws3.hotjar.com/api/;      font-src 'self' data:      *.fontawesome.com/      *.typekit.net/      fonts.googleapis.com/      maxcdn.bootstrapcdn.com/      fonts.gstatic.com/      *.disquscdn.com/;      frame-src 'self'       *.vimeo.com/      *.greenhouse.io/      *.surveymonkey.com/      www.googletagmanager.com/      www.google.com/recaptcha/      www.facebook.com/tr/      *.addthis.com/      disqus.com/      *.disqus.com/      *.hotjar.com/;      child-src www.youtube.com/;      img-src 'self' data: blob:      *.adsymptotic.com/      *.ads.linkedin.com/      www.facebook.com/      analytics.google.com/      www.google-analytics.com/      stats.g.doubleclick.net/r/      www.google.com/ads/      maps.gstatic.com/mapfiles/      maps.googleapis.com/      dashboard.umbraco.org/      umbraco.tv/      cdn.viglink.com/      *.disqus.com/      *.addthis.com/      sync.crwdcntrl.net/map/      tags.rd.linksynergy.com/      ps.eyeota.net/;      media-src 'self';      object-src 'none';      script-src 'self' 'unsafe-inline' 'unsafe-eval'      maxcdn.bootstrapcdn.com/      *.greenhouse.io/      code.jquery.com/      api.mapbox.com/      cdnjs.cloudflare.com/      unpkg.com/      *.fontawesome.com/      www.gstatic.com/recaptcha/      www.google.com/recaptcha/      analytics.google.com/      maps.googleapis.com/      marathonconsulting.atlassian.net/      www.googletagmanager.com/      www.google-analytics.com/      *.addthis.com/      *.addthisedge.com/      snap.licdn.com/      connect.facebook.net/      px.ads.linkedin.com/collect/      disqus.com/      *.disqus.com/      *.disquscdn.com/      www.linkedin.com/      *.hotjar.com/;      style-src 'self' 'unsafe-inline'      *.typekit.net/      cdnjs.cloudflare.com/      api.mapbox.com/      fonts.googleapis.com/      maxcdn.bootstrapcdn.com/      *.disquscdn.com/; 1
connect-src 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; media-src * 'self' data: https: blob:; worker-src * 'self' data: https: blob:; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-ZEJDUmZhVDE0c2htL1IzQ0h6QTRWL2grYTNiQmZ1QUo5VG1TRk9IOVhaWT06T0Y2K0Y5YU5oWUV3dVd6d1ZBbHJEOGd2QUVHUE04dHpqRkRUVEptSWN1dz0=' gp.gov.ao blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' gp.gov.ao blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src gp.gov.ao doc.gov.ao ms-word: 'self' data:;child-src blob: 'self';frame-ancestors 'self' gp.gov.ao doc.gov.ao ms-word:;worker-src blob: 'self';form-action 'self' 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://cdn.livechat-static.com https://*.livechatinc.com https://cdn.leadinfo.net https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dc.ads.linkedin.com https://diffuser-cdn.app-us1.com https://googleads.g.doubleclick.net https://maps.google.com https://googleapis.com https://marketing.guardian360.nl https://prism.app-us1.com https://px.ads.linkedin.com https://script.hotjar.com https://secure.adnxs.com https://sjs.bizographics.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://trackcmp.net https://www.google-analytics.com https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.guardian360.nl; style-src 'self' 'unsafe-inline' https://cdn.livechat-static.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://tagmanager.google.com https://www.guardian360.nl; img-src 'self' data: https://s.w.org https://ps.w.org https://*.doubleclick.net https://*.sharpspring.com https://csi.gstatic.com https://imp2.ads.linkedin.com https://*.google.nl https://maps.google.com https://googleapis.com https://maps.gstatic.com https://marketing.guardian360.nl https://px.ads.linkedin.com https://queue.livechatinc.com https://secure.adnxs.com https://secure.gravatar.com https://secure.livechatinc.com https://ssl.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.com/ads https://www.google.com/ads/user-lists/ https://www.google.com/pagead/ https://www.google.nl/ads https://www.google.nl/ads/users-lists/ https://www.google.nl/pagead/ https://www.gstatic.com https://www.guardian360.de https://www.guardian360.nl; font-src 'self' data: https://cdn.livechatinc.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://themes.googleusercontent.com https://www.guardian360.net https://www.guardian360.nl; frame-src 'self' https://connect.livechatinc.com https://www.livechat.com https://*.doubleclick.net https://consentcdn.cookiebot.com https://marketing.guardian360.nl https://secure.livechatinc.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.google.nl https://www.guardian360.de https://www.guardian360.net https://www.guardian360.nl https://www.youtube.com; connect-src 'self' https://*.doubleclick.net https://collector.leadinfo.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.guardian360.nl; upgrade-insecure-requests; block-all-mixed-content; media-src data: https://cdn.livechatinc.com https://hackerhotel.sigio.nl; object-src 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; frame-ancestors *; style-src * 'unsafe-inline'; report-uri /csp/reporting/add 1
script-src 'nonce-rJrHfBZUtAwAX04L1myOIzhxQ+TaKGFroP4DSr2t3cXMC2UQxjjQNi00288yWb08YYFYVZGmqkl9GLi1eRLleA==' 'strict-dynamic' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none' 1
frame-ancestors 'self' https://www.louisenthal.com/; 1
frame-ancestors 'self' https://ugyfelkapu.digi.hu https://salesweb.digi.hu; object-src 'self'; 1
frame-ancestors https://app.smartsheet.com http://www.casamples.com https://www.casamples.com https://www.curriculumassociates.com https://stateoflearning.curriculumassociates.com https://horizon.dev-web01.curriculumassociates.com https://horizon.stg.curriculumassociates.com https://horizon.prd.curriculumassociates.com https://horizon.curriculum-associates.local.dev/  'self'; 1
default-src 'self' https://storage.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://unpkg.com https://cdnjs.cloudflare.com https://script.tapfiliate.com https://superal.github.io https://app.termly.io https://www.google.com https://cdn.plot.ly https://maps.googleapis.com https://storage.googleapis.com https://static.cloudflareinsights.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://storage.googleapis.com;img-src 'self' data: https://bitcoin.org https://i.ytimg.com https://storage.googleapis.com;font-src 'self' https://storage.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;connect-src 'self' https://storage.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://*.lookintobitcoin.com wss://*.lookintobitcoin.com ws://*.lookintobitcoin.com https://region1.google-analytics.com;frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://app.termly.io; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.theadex.com/ *.googlesyndication.com/ *.googletagservices.com/ https://www.google.com/ *.doubleclick.net *.googleadservices.com/ https://aswpsdkeu.com/notify/v1/ua-sdk.min.js https://www.googletagmanager.com https://www.google-analytics.com https://adservice.google.com https://adservice.google.at https://adservice.google.de https://maps.google.com https://maps.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://dmp.theadex.com https://aswpsdkeu.com/notify/v1/ua-html-prompt.min.js *.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' *.usercentrics.eu *.theadex.com/ *.googlesyndication.com/ *.googletagservices.com/ https://www.google.com/ *.doubleclick.net *.googleadservices.com/; frame-ancestors 'self'; form-action 'self'; default-src 'none'; worker-src 'self' https://aswpsdkeu.com/notify/v1/ua-sdk.min.js; object-src 'none'; img-src * data:; manifest-src 'self' https://login.windows.net; connect-src 'self' *.usercentrics.eu *.mixpanel.com *.theadex.com *.analytics.google.com *.analytics-google.com *.google-analytics.com *.google-analytics *.googlesyndication.com *.marktguru.de *.marktguru.at *.google.com *.googleapis.com *.doubleclick.net; font-src fonts.gstatic.com; 1
default-src blob: wss: chat.blue.net https://fiber.nctc.com/embed/36.js bnccp.ad.bluegrassnetwork.com BNCCP.ad.bluegrassnetwork.com *.nctc.com fiber.nctc.com/embed/36.js *.socket.io *.bbb.org *.cloudflare.com in.visitors.live *.visitors.live *.gracenote.com fiber.nctc.com https://cdn.crowdfiber.io/jquery/3.3.1/jquery-ui.css *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com data: *.googletagmanager.com https://cdn.crowdfiber.io/jquery/3.3.1/jquery.min.js https://cdn.crowdfiber.io/jquery/3.3.1/jquery-ui.min.js luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' *.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com *.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de *.readspeaker.com; frame-src *.google.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com yomma.services cms.sqat.eu *.openstreetmap.org *.itzbund.de; frame-ancestors 'self'; font-src 'self' data:; 1
object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' https://privacytermsprod.azureedge.net/privacy/privacy_and_terms.json ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; form-action 'self' https://www.facebook.com https://nmdp.okta.com; 1
default-src 'self' data:;img-src * data: *.amazonaws.com *.maxcdn.com *.lfeeder.com;font-src 'self' *.tidiochat.com  p.typekit.net use.typekit.net fonts.gstatic.com cdn.jsdelivr.net;frame-src 'self' www.youtube.com calendly.com recaptcha.net *.google.com gstatic.com anybrain.us9.list-manage.com;media-src 'self' *.tidiochat.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://assets.calendly.com recaptcha.net *.gstatic.com *.tidio.co *.tidiochat.com *.googletagmanager.com *.google.com *.lfeeder.com;style-src 'self' data: 'unsafe-inline' p.typekit.net use.typekit.net fonts.googleapis.com cdn.jsdelivr.net;connect-src api.rss2json.com *.anybrain.gg *.browser-intake-datadoghq.com *.sentry.io wss://*.tidio.co *.google-analytics.com *.google.com *.googleusercontent.com *.pipedrive.com api.hunter.io https://anybrain.gg/img/anylogoanim.json *.tidio.co;worker-src blob:;upgrade-insecure-requests; 1
frame-ancestors *.cq6bn590y3-fabindiao1-s1-public.model-t.cc.commerce.ondemand.com *.cq6bn590y3-fabindiao1-p1-public.model-t.cc.commerce.ondemand.com fabindia.com webcache.googleusercontent.com *.cq6bn590y3-fabindiao1-s2-public.model-t.cc.commerce.ondemand.com *.fabindiaofficial.in *.fabindiahome.com 1
manifest-src https://cdn.appfollow.io https://appfollow.io https://q.quora.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.facebook.com/ https://www.google.com https://googleads.g.doubleclick.net; media-src https://cdn.appfollow.io https://appfollow.io https://q.quora.com https://px.ads.linkedin.com https://track.hubspot.com https://www.google-analytics.com https://www.facebook.com/ https://www.google.com https://googleads.g.doubleclick.net; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'self' 'unsafe-eval' https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://static.addtoany.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src * data:; worker-src blob:; 1
img-src * data: blob:; script-src 'unsafe-eval' 'unsafe-inline' *; worker-src 'unsafe-inline' * blob:; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-Y2NlYWQ1ZWItN2IxMi00YzI1LWFiZmEtOGZhNWNkMjY0M2Jm'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
frame-ancestors 'self' https://*.childrensnebraska.org; 1
frame-ancestors 'self'; report-uri https://logs.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub293163a918901030b79492fe1ab424cf&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=site%3Adatad0g.com 1
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://ajax.cloudflare.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ https://*.google-analytics.com/ https://www.googletagmanager.com/; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com/ https://www.googletagmanager.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.website.ultra.io https://api.website.staging.ultra.io https://download.app.ultra.io https://download.staging.app.ultra.io https://ultraio.cloudflareaccess.com/ https://*.google-analytics.com https://api-js.mixpanel.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com https://www.youtube.com https://youtube.com https://player.vimeo.com; img-src 'self' data: https://api.website.ultra.io https://api.website.staging.ultra.io https://*.google-analytics.com https://i.ytimg.com https://fonts.gstatic.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self' 'unsafe-inline' https://*.openstreetmap.org/ https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de/ https://service.bzga.de/ https://shop.bzga.de/ https://www.etracker.de/ https://static.etracker.com/ https://code.etracker.com/; img-src 'self' https://shop.bzga.de/ data: https://*.openstreetmap.org/ https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://api.mapbox.com/ https://unpkg.com/ https://piwik.bzga.de https://service.bzga.de https://www.etracker.de https://static.etracker.com https://code.etracker.com 1
default-src 'self'; style-src 'self'; script-src 'self'; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://emailbancodeoccidente.com.co https://*.tealiumiq.com https://www.clarity.ms https://sb.scorecardresearch.com https://wchat.freshchat.com https://static.browseranalytic.com https://pixel.sitescout.com https://ad.soicos.com https://apps.mypurecloud.com https://*.oracleinfinity.io https://connect.facebook.net https://*.cloudfront.net https://*.mathilde-ads.com https://googleads.g.doubleclick.net https://*.hotjar.com https://service.maxymiser.net https://static.ads-twitter.com https://service.maxymiser.net https://tags.bkrtx.com https://tags.tiqcdn.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://emailbancodeoccidente.com.co https://*.tealiumiq.com https://fonts.googleapis.com; object-src 'none'; connect-src 'self' https://emailbancodeoccidente.com.co https://*.tealiumiq.com https://i.clarity.ms https://*.mathilde-ads.com wss://*.hotjar.com https://*.hotjar.io https://adldigital.tt.omtrdc.net https://analytics.google.com https://collect.tealiumiq.com https://dashboard.chatfuel.com https://dpm.demdex.net https://mboxedge34.tt.omtrdc.net https://pb-api-occidente.avaldigitallabs.com https://collect.tealiumiq.com https://metrics.hotjar.io https://stats.g.doubleclick.net https://vc.hotjar.io https://www.bancodeoccidente.com.co https://www.google-analytics.com; font-src 'self' https://*.cloudfront.net https://fonts.gstatic.com; frame-src 'self' https://emailbancodeoccidente.com.co https://*.tealiumiq.com https://*.mathilde-ads.com https://adldigital.demdex.net https://pixel.sitescout.com https://www.youtube.com https://8702542.fls.doubleclick.net https://stags.bluekai.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com; img-src 'self' data: https://emailbancodeoccidente.com.co https://*.tealiumiq.com https://c.clarity.ms https://c.bing.com https://s7g10.scene7.com https://www.facebook.com https://*.twitter.com https://t.co https://sb.scorecardresearch.com https://pixel.sitescout.com https://www.google-analytics.com https://cm.everesttech.net https://*.mathilde-ads.com https://*.cloudfront.net https://ad.doubleclick.net https://bancodeoccidente.com.co https://*.oracleinfinity.io https://www.bancodeoccidente.com.co https://www.google.com https://www.google.com.co https://www.googletagmanager.com; 1
frame-src 'self' www.youtube.com api.recurly.com apis.google.com accounts.google.com platform.twitter.com player.vimeo.com https://td.doubleclick.net; default-src 'self' 'nonce-u6dvAqnB+LwhaYCXhEsiDg=='; connect-src 'self' api.recurly.com www.google-analytics.com *.googleapis.com b4g.baydin.com https://google.com/ccm/form-data/1031736249; script-src 'self' www.boomeranggmail.com js.recurly.com code.jquery.com https://connect.facebook.net apis.google.com ssl.google-analytics.com maxcdn.bootstrapcdn.com *.googleapis.com www.google-analytics.com www.youtube.com b4g.baydin.com www.googletagmanager.com https://appsforoffice.microsoft.com https://platform.twitter.com d3js.org cdn.optimizely.com 'nonce-u6dvAqnB+LwhaYCXhEsiDg=='; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; style-src 'self' b4g.baydin.com code.jquery.com ajax.googleapis.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline'; img-src * data: 1
default-src 'self' https://static.gitbook.com; script-src 'self' 'nonce-MjcxNDFjNGUtN2NlOC00YWJjLWI3MDAtNDhiNDQ5MzAyYTJk' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://static.gitbook.com https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' https://static.gitbook.com fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://static.gitbook.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com https://static.gitbook.com; font-src 'self' fonts.gstatic.com https://static.gitbook.com; frame-src *; object-src 'none'; base-uri 'self' https://static.gitbook.com; form-action 'self' https://static.gitbook.com; frame-ancestors https:; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; media-src 'self' http://www.qntmnet.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://analytics.apicrypt.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://*.apicrypt.org https://static.teamviewer.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.ggpht.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com; media-src 'none'; object-src 'self'; child-src 'self'; frame-src 'self' https://www.youtube.com *.google.com; worker-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; base-uri 'self'; manifest-src 'self' 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 1
script-src 'nonce-yrI/tONShFHIOzGBStkjTg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=7f6a7263-5572-43d1-b7a0-eaea7800f97a; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
frame-ancestors https://*.etracker.com https://*.etracker.de https://www.pilz.com; frame-src 'self' *.cookiebot.com *.etracker.com *.etracker.de *.pilz.com *.signalize.com *.vimeo.com *.worldpay.com vimeo.com www.facebook.com; script-src 'nonce-b0ead44adb72ae3c7ad15ec3cfd4a447' 'self' 'sha256-6NTzwwonHCuchbsHvWyXZBkztJReJYgIIszy5ZViMyA=' 'sha256-6g6TyOnnzOVNxI2m41eXkOTtoiNydslM13x3BUnHCWI=' 'sha256-PoktmZQkl424QxKfaYkCiD1VezqFkcfEzfPaJ+C+hrc=' 'sha256-RzwW8VLGlxSP8ixedNAt9A7nOVr+A1/SILBgiwcgHnM=' 'sha256-k+NpGJV/ukcTaF1DQUHWvde1eVY6jUi7zDonSNRaAO4=' 'sha256-mdi1D8Gr7PLz36EIt0sUgrhOVup/Equ9K1AGIXNTLqs=' 'sha256-rNe0S5NjVrhq4wSix1OPzmrcudsDwIXDM1LrxD0CLzI=' consent.cookiebot.com https://*.etracker.de https://*.pilz.com https://*.vimeocdn.com/ https://api.signalize.com https://connect.facebook.net https://consentcdn.cookiebot.com https://maps.googleapis.com https://player.vimeo.com https://www.googletagmanager.com stats.pilz.com; 1
default-src 'self' data: webcommon.easyweddings.com.au player.vimeo.com td.doubleclick.net js.stripe.com www.google.com player-widget.mixcloud.com w.soundcloud.com my.matterport.com cdn.landbot.io fonts.gstatic.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com bid.g.doubleclick.net *.facebook.com www.youtube.com youtu.be *.vimeo.com wistia.com fonts.gstatic.com static.helloumi.com *.firebaseio.com webcommon.easyweddings.com.au;connect-src 'self' google.com analytics.google.com *.facebook.net *.googletagmanager.com https://*.sendbird.com wss://*.sendbird.com *.cookiefirst.com pagead2.googlesyndication.com stripe.com bam.nr-data.net api.hubapi.com www.google.com forms.hscollectedforms.net graph.facebook.com n2.mouseflow.com api.easyweddings.com.au webapi.easyweddings.com.au maps.googleapis.com *.facebook.com stats.g.doubleclick.net www.google-analytics.com api.hubspot.com forms.hubspot.com bid.g.doubleclick.net *.landbot.io *.firebaseio.com wss://*.firebaseio.com *.googleapis.com; style-src 'self' 'unsafe-inline' blob: webcommon.easyweddings.com.au code.jquery.com cdn.landbot.io pro.fontawesome.com cdnjs.cloudflare.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com fonts.googleapis.com *.cookiefirst.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: script.hotjar.com static.hotjar.com consent.cookiefirst.com bam.nr-data.net js-agent.newrelic.com js.hsadspixel.net js.stripe.com servedbyadbutler.com www.gstatic.com cdn.mouseflow.com ajax.googleapis.com cdnjs.cloudflare.com maps.googleapis.com connect.facebook.net v5-cdn.easyweddings.com v6-cdn.easyweddings.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.usemessages.com www.google-analytics.com www.googletagmanager.com cdn.landbot.io *.firebaseio.com www.google.com;img-src 'self' data: blob: https://*.amazonaws.com https://*.sendbird.com hotelmedia.s3.amazonaws.com assets-destwed.easyweddings.com contentdw.easyweddings.com *.cookiefirst.com i.vimeocdn.com supplier-images.s3.amazonaws.com www.googletagmanager.com forms.hscollectedforms.net servedbyadbutler.com assets.easyweddings.com.au v4-cdn-consolidation.easyweddings.com.au prod-ew-image-global-v2.s3.amazonaws.com maps.gstatic.com easyweddings-framework-v4.s3.amazonaws.com googleads.g.doubleclick.net maps.googleapis.com easyweddings-framework-v5.s3.amazonaws.com prod-easyweddings-framework-v6.s3.amazonaws.com images-cdn.easyweddings.com.au ew-image-global.s3.amazonaws.com images.easyweddings.com.au easyweddings-framework.s3.amazonaws.com v5-cdn.easyweddings.com v6-cdn.easyweddings.com forms.hsforms.com www.google-analytics.com www.google.com www.google.com.au track.hubspot.com storage.googleapis.com wedding-website-images.s3.amazonaws.com assets.easyweddings.com *.facebook.com cdn.hotelplanner.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'wasm-unsafe-eval' https://cdn.jsdelivr.net/npm/; connect-src https://api.friendlycaptcha.com/; worker-src blob:; child-src blob:; frame-ancestors 'none'; img-src 'self' data:; 1
default-src *;connect-src *;font-src * data:;frame-src *;frame-ancestors *;img-src * data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' *;style-src 'unsafe-inline' *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: ws: *.bankofamerica.com *.ml.com institute1.bofa.com bcbolt446c5271-a.akamaihd.net bcsecure01-a.akamaihd.net brightcove04pmdo-a.akamaihd.net hlsak-a.akamaihd.net hslsslak-a.akamaihd.net www.ustrust.ml.bac-assets.com www1.bac-assets.com c.betrad.com cf-images.us-east-1.prod.boltdns.net manifest.prod.boltdns.net edge.api.brightcove.com metrics.brightcove.com sadmin.brightcove.com secure.brightcove.com players.brightcove.net api.company-target.com cdn.cookielaw.org data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com dpm.demdex.net 1359940.fls.doubleclick.net www.glance.net storage.glancecdn.net www.glancecdn.net www.myglance.net cobrowse-location.glance.net s1056.glance.net www-bofa.myglance.net cdn-bofa.myglance.net googleads.g.doubleclick.net stats.g.doubleclick.net c.evidon.com dgcollector.evidon.com l.evidon.com www.facebook.com adservice.google.com cct.google.com www.google.com www.googleadservices.com www.google-analytics.com maps.googleapis.com www.googletagmanager.com maps.gstatic.com dc.ads.linkedin.com etui.fs.ml.com rg.ml.com bankofamerica.tt.omtrdc.net cdn.tt.omtrdc.net mboxedge34.tt.omtrdc.net akamai.tiqcdn.com tags.tiqcdn.com analytics.twitter.com vjs.zencdn.net cdnapisec.kaltura.com analytics.kaltura.com cfvod.kaltura.com geolocation.onetrust.com *.glance.net assets.adobedtm.com;font-src 'self' http: https: vjs.zencdn.net data:; 1
frame-ancestors 'self' *; default-src 'self' data: wss: mc.yandex.ru mc.yandex.com fpnpmcdn.net cdnwbstts.com *.hcaptcha.com *.fptls.com *.cdnwbstts.com *.fpjs.io *.fpapi.io *.youtube.com finana.io fokusdoom.ru pay.finana.io *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com freekassa.ru freekassa.com *.freekassa.ru *.freekassa.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; object-src 'none'; script-src 'self' blob: mc.yandex.ru mc.yandex.com fpnpmcdn.net fokusdoom.ru hcaptcha.com *.google-analytics.com *.google.com.ua *.gstatic.com *.googletagmanager.com *.google.com *.jivosite.com *.freekassa.ru *.freekassa.com *.googleapis.com *.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.jivosite.com *.google.com.ua *.freekassa.ru *.freekassa.com; font-src 'self' data: *.gstatic.com 'unsafe-inline'; style-src-elem 'self' data: *.jivosite.com *.googleapis.com *.freekassa.ru *.freekassa.com 'unsafe-inline'; base-uri 'none'; form-action 'self' *; style-src 'self' *.googleapis.com *.freekassa.ru *.freekassa.com *.googletagmanager.com *.jivosite.com 'unsafe-inline' ; style-src-attr 'self' *.googleapis.com *.freekassa.ru *.freekassa.com freekassa.ru freekassa.com 'unsafe-inline'; 1
default-src 'self';script-src 'self' https://*.ceros.com https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://olivia.eu1.paradox.ai wss://ws.eu1.paradox.ai https://*.pardot.com https://player.vimeo.com https://www.youtube.com https://*.googleapis.com https://stg.eu1.paradox.ai/ wss://ws.stg.eu1.paradox.ai/ wss://ws.paradox.ai https://o1000039.ingest.sentry.io https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://stats.g.doubleclick.net https://stg.paradox.ai https://d25zu39ynyitwy.cloudfront.net https://s7g10.scene7.com https://cdn.cookielaw.org https://assets.adobedtm.com https://*.analytics.google.com https://static.hotjar.com/ https://a.omappapi.com https://*.kerry.com https://app-ab33.marketo.com https://munchkin.marketo.net https://platform.twitter.com https://platform.linkedin.com https://www.googletagmanager.com https://code.jquery.com https://dnn506yrbagrg.cloudfront.net https://siteimproveanalytics.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://script.hotjar.com https://www.gstatic.com https://a.opmnstr.com https://*.kerry.com https://kerry.tt.omtrdc.net https://snap.licdn.com https://connect.facebook.net https://*.marketo.com https://ipinfo.io https://www.kerrygroup.com https://otp.tools.investis.com https://kerry.cnddtid.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://www.google.ie https://www.linkedin.com https://i.ytimg.com https://d25zu39ynyitwy.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://s7g10.scene7.com https://cdnkdc.azureedge.net https://cm.everesttech.net https://dpm.demdex.net https://cdn.cookielaw.org https://optanon.blob.core.windows.net https://*.kerry.com https://6071260.global.siteimproveanalytics.io https://*.google-analytics.com data: https://px.ads.linkedin.com https://px4.ads.linkedin.com https://x.bidswitch.net https://www.facebook.com https://syndication.twitter.com https://*.hotjar.com https://www.kerrygroup.com https://insight.adsrvr.org https://match.sharethrough.com https://p.adsymptotic.com https://a.omappapi.com https://dev.day.com https://tags.bluekai.com https://www.googletagmanager.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://secure-gl.imrworldwide.com https://tags.rd.linksynergy.com https://match.adsrvr.org https://ads.scorecardresearch.com https://s.thebrighttag.com https://i.liadm.com https://ml314.com https://mid.rkdms.com https://match.sync.ad.cpe.dotomi.com https://odr.mookie1.com https://uipglob.semasio.net https://secure.insightexpressai.com https://eb2.3lift.com https://loadm.exelator.com https://usermatch.krxd.net https://su.addthis.com https://dmp.truoptik.com https://*.global.siteimproveanalytics.io https://www.google.com/ads/ga-audiences https://kerryportaldevreportsuite.112.2o7.net https://images.salsify.com; style-src 'self' 'unsafe-inline' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://d25zu39ynyitwy.cloudfront.net https://s7g10.scene7.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://*.kerry.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s7g10.scene7.com https://use.typekit.net https://p.typekit.net https://*.kerry.com https://*.marketo.com/ https://a.omappapi.com; connect-src 'self' https://maps.googleapis.com https://*.analytics.google.com https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://olivia.eu1.paradox.ai wss://ws.eu1.paradox.ai https://dokumfe7mps0i.cloudfront.net https://olivia.paradox.ai https://stg.eu1.paradox.ai/ wss://ws.stg.eu1.paradox.ai/ wss://ws.paradox.ai https://stg.paradox.ai https://d25zu39ynyitwy.cloudfront.net https://dpm.demdex.net https://cdn.cookielaw.org https://s7mbrstream-g1.scene7.com https://s7g10.scene7.com https://privacyportal-de.onetrust.com https://*.algolia.net https://*.google-analytics.com https://stats.g.doubleclick.net https://www.kerrygroup.com https://*.hotjar.io https://in.hotjar.com wss://*.hotjar.com https://a.opmnstr.com https://munchkin.marketo.net https://117-tlu-222.mktoresp.com https://geolocation.onetrust.com https://smetrics.kerry.com https://*.hotjar.com https://*.kerry.com https://kerry.tt.omtrdc.net https://*.mktoresp.com https://*.omappapi.com https://*.tt.omtrdc.net/ https://*.marketo.com https://*.algolianet.com https://ipinfo.io https://www.kerrygroup.com https://otp.tools.investis.com https://kerryluxembourgsarl.hb.omtrdc.net https://adobedc.demdex.net https://edge.adobedc.net https://px.ads.linkedin.com; font-src 'self' https://d1wao037kgukun.cloudfront.net https://dn2dl4laeftzg.cloudfront.net https://dokumfe7mps0i.cloudfront.net https://d25zu39ynyitwy.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://*.kerry.com https://script.hotjar.com; frame-src 'self' https://*.ceros.com https://5722629.fls.doubleclick.net/ https://www.youtube-nocookie.com https://kerry.demdex.net https://irs.tools.investis.com https://otp.tools.investis.com https://platform.twitter.com https://*.kerry.com https://vars.hotjar.com/ https://www.youtube.com https://www.google.com https://*.marketo.com/ https://www.facebook.com; media-src 'self' blob: https://*.kerry.com https://*.scene7.com http://*.scene7.com https://cdnkdc.azureedge.net; worker-src 'self' blob: 1
default-src 'self' widget.trustpilot.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://web-sdk.smartlook.com/ https://api.uxsniff.com/cdn/js/uxsnf_track.js https://teddytor.abtasty.com/ https://player.vimeo.com/api/ x.clearbitjs.com reveal.clearbit.com wwww.trustpilot.com widget.trustpilot.com js.na.chilipiper.com www.googleadservices.com tag.clearbitscripts.com bat.bing.com unpkg.com www.googleoptimize.com static.ads-twitter.com snap.licdn.com js.partnerstack.com prismic.io widget.trustpilot.com connect.facebook.net googleads.g.doubleclick.net js.intercomcdn.com js.hsleadflows.net widget.intercom.io client.axept.io static.axept.io serve.albacross.com www.google-analytics.com js.hs-analytics.net try.abtasty.com b.sf-syn.com js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net www.googletagmanager.com capterra.com sourceforge.net static.cdn.prismic.io js.hs-scripts.com analytics.google.com https://web-sdk.smartlook.com/recorder.js https://www.google.com/recaptcha/ https://www.google.com/recaptcha/api https://www.gstatic.com/recaptcha/ https://stats.beta.gouv.fr/matomo.js https://stats.beta.gouv.fr/* https://stats.beta.gouv.fr/plugins/HeatmapSessionRecording/ https://impactco2.fr/scripts/detection.js blob: *.abtasty.com *.googleapis.com; child-src 'self'; connect-src *; frame-ancestors 'self' localhost:9999 localhost:3000; style-src 'self' 'unsafe-inline' teddytor.abtasty.com common-fonts.abtasty.com https://teddytor.abtasty.com/ https://common-fonts.abtasty.com/; img-src 'self' data: https: greenly.cdn.prismic.io images.prismic.io prismic-io.s3.amazonaws.com assets.capterra.com; font-src 'self' fonts.intercomcdn.com common-fonts.abtasty.com; media-src 'self' greenly.cdn.prismic.io js.intercomcdn.com; frame-src 'self' https://greenly.cdn.prismic.io/ https://player.vimeo.com/video/ https://player.vimeo.com player.vimeo.com player.vimeo.com/ www.youtube.com youtube.com www.facebook.com wwww.trustpilot.com widget.trustpilot.com greenly.prismic.io td.doubleclick.net https://greenly.na.chilipiper.com/ https://www.google.com/recaptcha/ https://www.google.com/recaptcha/api https://recaptcha.google.com/recaptcha/ https://app.storylane.io/ 1
frame-ancestors 'self' localhost fo.ru editor.fo.ru yep.com fosite.ru localhost:3000 172.16.55.208:3000 localhost:9222 betaeditor.fo.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com fo.vin editor.fo.vin; 1
default-src 'none'; script-src 'self' piwik.bildung-rp.de https://static.b-ite.com https://cs-assets.b-ite.com https://karriere.pl.bildung-rp.de/ 'unsafe-inline' https://maps.rlp.de; connect-src 'self' https://maps.rlp.de https://piwik.bildung-rp.de https://jobs.b-ite.com; img-src 'self' data: https://sgx.geodatenzentrum.de; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self' http://*.bildung.rlp.de/ https://secure2.bildung-rp.de; frame-src 'self' https://www.youtube-nocookie.com/ https://w.soundcloud.com https://rp.db-schulkinowochen.de; font-src 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://de.page4.com https://en.page4.com; 1
default-src 'none'; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://ecpg-stage.ecpay.com.tw https://ecpg.ecpay.com.tw https://googleads.g.doubleclick.net https://*.ovotv.com https://www.google.com.tw https://www.google.com https://i.imgur.com https://imgur.com https://www.facebook.com data:; font-src 'self' https://ecpg-stage.ecpay.com.tw https://cdnjs.cloudflare.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://ecpg-stage.ecpay.com.tw https://ecpg.ecpay.com.tw https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-ovo20230821001' 'nonce-ovo20230605001' 'nonce-ovo20230629001' 'nonce-ovo20230629002' 'nonce-ovo20230629003' 'nonce-ovo20230629004' 'nonce-ovo20230605002' 'nonce-ovo20230605003' 'nonce-ovo20230605004' 'nonce-ovo20230605005' 'nonce-ovo20230605006' 'nonce-ovo20230605007' https://ecpg-stage.ecpay.com.tw https://code.jquery.com https://ct-auth.np-pay.com https://cdn.jsdelivr.net https://ecpg-stage.ecpay.com.tw https://ecpg.ecpay.com.tw https://www.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://polyfill.io https://maps.googleapis.com https://unpkg.com https://www.googletagmanager.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.google.com.tw https://www.facebook.com https://script.google.com https://script.googleusercontent.com/ https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://analytics.google.com https://ecpg-stage.ecpay.com.tw https://ecpg.ecpay.com.tw https://maps.googleapis.com https://www.google-analytics.com;frame-ancestors 'self'; form-action https://gw12.newebpay.com/ https://www.facebook.com https://gw12a.newebpay.com; frame-src https://td.doubleclick.net https://ct-auth.np-pay.com https://www.facebook.com https://www.youtube.com 1
default-src 'self'; script-src 'report-sample' 'self' 'strict-dynamic' 'sha256-l3tfobNGSDsiWwzSdX9QqvprTaL+kQGzfRzpdkbM1m0=' 'sha256-aXFWSsQLd4kfpqpWNQwLKFmiDgjd+I1iaw3mCViRRUc=' 'unsafe-inline' 'wasm-unsafe-eval' https://vrt.be https://*.vrt.be https://previewshared.mediahuis.be/cxense/cxense.vrtnu.js https://*.sentry-cdn.com https://assets.adobedtm.com https://cdn.cxense.com/cx.js https://api.cxense.com https://cdn.jsdelivr.net/npm/@snowplow/browser-plugin-performance-timing@latest/dist/index.umd.min.js https://gabe.hit.gemius.pl https://gdpr-wrapper.privacymanager.io https://gdpr.privacymanager.io https://imasdk.googleapis.com/js/sdkloader/ima3.js https://polyfill.io/v3/polyfill.min.js https://*.qualtrics.com https://www.gstatic.com https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js https://*.opecloud.com https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://www.clarity.ms; style-src 'report-sample' 'self' 'unsafe-inline' https://vrt.be https://*.vrt.be https://fonts.googleapis.com/css2; object-src 'none'; base-uri 'self'; connect-src 'self' wss://api-dev.vrt.radio/socket.io/ wss://api-stag.vrt.radio/socket.io/ wss://api.vrt.radio/socket.io/ https://vrt.be https://*.vrt.be https://*.vrtcdn.be https://vrtmax.stag.a51.be https://d33ksfmeznrrrv.cloudfront.net https://*.omtrdc.net https://*.streamtheworld.com https://*.akamaized.net https://o140591.ingest.sentry.io https://dpm.demdex.net https://siteintercept.qualtrics.com https://time.akamai.com https://license.theoplayer.com https://widevine-proxy.drm.technology/proxy https://gdpr-wrapper.privacymanager.io https://*.privacymanager.io https://*.uplynk.com https://gabe.hit.gemius.pl https://*.smartocto.com https://*.contentinsights.com https://fairplay-license.drm.technology https://csi.gstatic.com https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://vrt-live.cdn.vustreams.com https://*.buffup.net wss://*.buffup.net https://api.amplitude.com https://api-dev.vrt.radio https://api-stag.vrt.radio https://api.vrt.radio https://unpkg.com/theoplayer@6.2.1/ https://unpkg.com/theoplayer@6.7.0/ https://cdn.jsdelivr.net/npm/ua-parser-js@1.0.35/src/ua-parser.min.js https://*.opecloud.com https://*.googlesyndication.com https://*.doubleclick.net https://*.doubleverify.com https://*.clarity.ms; font-src 'self' https://vrt.be https://*.vrt.be https://buffup-web-sdk.core.buffup.net; frame-src 'self' https://vrt.be https://*.vrt.be https://vrtbe.demdex.net https://cdn.cxense.com https://*.privacymanager.io https://ls.hit.gemius.pl https://imasdk.googleapis.com https://unpkg.com/; img-src 'self' data: https://vrt.be https://*.vrt.be https://vrt.sc.omtrdc.net https://comcluster.cxense.com https://licensing.theoplayer.com https://ib.adnxs.com https://secure.adnxs.com https://*.doubleclick.net https://*.postrelease.com https://*.cxense.com https://cm.everesttech.net https://*.demdex.net https://*.opecloud.com https://*.qualtrics.com https://*.buffup.net https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googlesyndication.com; manifest-src 'self'; media-src 'self' blob: data: https://*.vrt.be https://*.vrtcdn.be https://d33ksfmeznrrrv.cloudfront.net https://*.streamtheworld.com https://*.akamaized.net https://*.uplynk.com https://*.adnxs-simple.com https://buffup-public.s3.eu-west-2.amazonaws.com https://assets.vrt.buffup.net https://*.jwplayer.com https://*.mediatailor.us-east-1.amazonaws.com https://storage.googleapis.com/wallofmoments-stubru-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-klara-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2-adhoc.appspot.com/ https://storage.googleapis.com/wom-detijdloze-adhoc.appspot.com/ https://storage.googleapis.com/wallofmoments-stubru.appspot.com/ https://storage.googleapis.com/wallofmoments-mnm.appspot.com/ https://storage.googleapis.com/wallofmoments-klara.appspot.com/ https://storage.googleapis.com/wallofmoments-radio1.appspot.com/ https://storage.googleapis.com/wallofmoments-radio2.appspot.com/ https://storage.googleapis.com/wom-detijdloze.appspot.com/ https://storage.googleapis.com/wom---radio2-benebene.appspot.com/ https://storage.googleapis.com/wom-dww.appspot.com/ https://*.googletagservices.com https://*.googlesyndication.com https://*.doubleclick.net https://*.gvt1.com https://*.adsafeprotected.com https://*.doubleverify.com https://*.moatads.com https://*.flashtalking.com https://*.adform.net https://*.mediahuis.be https://*.2mdn.net; worker-src 'self' blob:; report-uri https://vrtbe.report-uri.com/r/d/csp/enforce; report-to default; 1
font-src *.fontawesome.com *.schott-music.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com sibforms.com *.brevo.com *.gstatic.com 'self' data: https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.schott-music.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.schott-music.com *.usercentrics.eu *.google.com *.gstatic.com *.spotifycdn.com *.spotify.com e.issuu.com issuu.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com googleads.g.doubleclick.net *.googletagmanager.com *.hotjar.com sibforms.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com https://www.magezon.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com *.schott-music.com blob: *.usercentrics.eu schott-staging.s3.eu-central-1.amazonaws.com schott-production.s3.eu-central-1.amazonaws.com *.googleapis.com *.gstatic.com *.google.de www.magecomp.com integrations.etrusted.com *.isu.pub *.newsletter2go.com *.trustedshops.com *.googletagmanager.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com 'self' data: https://widgets.trustedshops.com https://widgets-qa.trustedshops.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com *.schott-music.com *.googletagmanager.com *.google-analytics.com *.usercentrics.eu *.gstatic.com *.googleapis.com cdnjs.cloudflare.com ipinfo.io *.isu.pub *.newsletter2go.com *.spotifycdn.com *.trustedshops.com *.youtube-nocookie.com *.spotify.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com sibforms.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.fontawesome.com *.schott-music.com fonts.googleapis.com fonts.gstatic.com integrations.etrusted.com *.isu.pub *.spotifycdn.com *.youtube-nocookie.com *.spotify.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com *.hotjar.com sibforms.com *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src *.schott-music.com 'self' 'unsafe-inline'; media-src *.adobe.com *.schott-music.com schott-production.s3.eu-central-1.amazonaws.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.schott-music.com *.google-analytics.com *.usercentrics.eu *.doubleclick.net *.googleapis.com *.newsletter2go.com *.google.com apiuat.test.intelligent-payments.com turnkeyuat.test.myriadpayments.com apiuat.test.myriadpayments.com apiuat.test.boipapaymentgateway.com api.intelligent-payments.com turnkey.intelligent-payments.com api.myriadpayments.com turnkey.myriadpayments.com api.boipapaymentgateway.com apiuat.test.evopaymentgateway.com api.evopaymentgateway.com *.myriadpayments.com *.evopayments.eu *.intelligent-payments.com static-eu.payments-amazon.com *.hotjar.com sibforms.com *.sibforms.com t.elasticsuite.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.schott-music.com/de/csp/report/; report-to report-endpoint; 1
frame-ancestors 'self'; form-action 'self' https://crm.zoho.com/crm/ https://desk.zoho.com/support/WebToCase 1
default-src  'self' ; connect-src  'self' www.google-analytics.com;  img-src      'self' 'unsafe-inline' 'unsafe-eval' data: i.ytimg.com image.tmdb.org *.gstatic.com *.google.com *.w.org *.gravatar.com *.vimeocdn.com;  script-src   'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com www.googletagmanager.com *.youtube.com *.vimeo.com *.googleapis.com *.google-analytics.com;  style-src    'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com;  font-src     'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com;  frame-src    'self' *.youtube.com *.vimeocdn.com *.vimeo.com;  frame-ancestors 'self';  object-src   'self' ;  1
default-src *; img-src * data: http: https: ; script-src * 'unsafe-inline' 'unsafe-eval' http: https: *.dynamicyield.com; style-src * 'unsafe-inline' http: https: ; font-src *; frame-src * http: https: *.dynamicyield.com; frame-ancestors *; form-action * http: https: ; media-src * http: https: ; connect-src * http: https: ;base-uri  *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mobilesentrix.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.gstatic.com https://*.cloudfront.net https://*.cloudflare.com https://*.braintreegateway.com https://*.paypalobjects.com https://*.fundboxpay.com https://*.behalf.com https://*.paypal.com https://*.searchanise.com https://*.reamaze.com https://*.googleapis.com https://*.newrelic.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.kxcdn.com https://*.aspnetcdn.com https://*.rawgit.com https://*.jsdelivr.net https://*.cloudflareinsights.com https://*.crazyegg.com wss://*.pusher.com;style-src 'self' 'unsafe-inline' https://*.mobilesentrix.com https://*.kxcdn.com https://*.googleapis.com https://*.reamaze.com https://*.braintreegateway.com https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.crazyegg.com;img-src 'self' data: https://*.mobilesentrix.com https://*.braintreegateway.com https://*.google-analytics.com https://*.google.com https://*.alexametrics.com https://*.google.co.in https://*.paypal.com https://*.facebook.com https://*.facebook.net https://*.googleadservices.com https://*.googletagmanager.com https://*.gravatar.com https://*.wp.com https://*.gstatic.com https://*.amazonaws.com https://*.doubleclick.net https://*.reamaze.com https://reamaze.com https://*.paypalobjects.com https://*.youtube.com https://*.ytimg.com https://*.fontawesome.com https://picsum.photos https://*.picsum.photos https://*.repairdesk.co https://*.acsbapp.com https://*.crazyegg.com;object-src 'none';connect-src 'self' https://*.mobilesentrix.com https://*.braintreegateway.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.paypal.com https://*.doubleclick.net https://*.braintree-api.com https://*.reamaze.com https://*.reamaze.io wss://*.reamaze.com https://*.amazonaws.com https://*.nr-data.net https://*.youtube.com https://*.ytimg.com https://reamaze.com https://*.fontawesome.com https://*.picsum.photos https://*.acsbapp.com https://*.googleapis.com https://*.crazyegg.com wss://*.pusher.com; 1
frame-ancestors 'self' kviku.ru kviku.helpdeskeddy.com 1
base-uri 'self'; form-action 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.twitch.tv https://*.youtube.com https://*.twitter.com https://facebook.com; 1
default-src 'self'; base-uri 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' https:; script-src-attr 'none'; script-src-elem 'report-sample' 'unsafe-inline' 'unsafe-eval' https: about: widget-mediator.zopim.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.bowtie.com.hk *.website-files.com *.cloudfront.net optimize.google.com tagmanager.google.com www.googletagmanager.com www.gstatic.com; img-src 'self' data: https:; connect-src 'self' *.webflow.com assets.bowtie.com.hk *.website-files.com cobrowse.io *.cobrowse.io wss://*.cobrowse.io ekr.zendesk.com *.zdassets.com bowtieinsurance.zendesk.com wss://widget-mediator.zopim.com widget-mediator.zopim.com api.thereviewsplace.com web.delighted.com api.sprig.com api.userleap.com *.my.sentry.io sentry.io *.mixpanel.com cdn.mxpnl.com www.facebook.com capig.bowtie.hk *.google-analytics.com www.googletagmanager.com www.google.com www.google.com.hk adservice.google.com analytics.google.com *.analytics.google.com *.doubleclick.net *.googlesyndication.com bat.bing.com *.linkedin.com cdn.linkedin.oribi.io s.yimg.com *.taboola.com; font-src 'self' data: fonts.gstatic.com *.bowtie.com.hk *.website-files.com *.cloudfront.net; form-action 'self' www.facebook.com; frame-src 'self' *.bowtie.com.hk *.website-files.com cobrowse.io *.cobrowse.io webflow.com optimize.google.com www.google.com www.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.g.doubleclick.net *.fls.doubleclick.net *.facebook.com mozbar.moz.com www.youtube.com bowtieinsurance.typeform.com calendar.google.com cdn.taboola.com; media-src 'self' ssl.gstatic.com static.zdassets.com; frame-ancestors 'self'; child-src www.facebook.com; object-src 'none'; upgrade-insecure-requests; report-uri https://report-uri.bowtie.com.hk 1
default-src 'self';connect-src *.woco-k12.org maps.googleapis.com 'self';font-src *.woco-k12.org fonts.gstatic.com data: 'self';img-src *.woco-k12.org data: maps.gstatic.com maps.googleapis.com 'self';script-src *.woco-k12.org maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval';style-src *.woco-k12.org fonts.googleapis.com 'self' 'unsafe-inline'; 1
script-src https://api-is.fusionmedstaff.com/ 'self' 'unsafe-eval' 'unsafe-inline' http://conv.indeed.com http://fmedsnowplow-js.s3.amazonaws.com http://js.hs-analytics.net https://*.hs-scripts.com/ http://static.ads-twitter.com https://*.cloudfront.net https://*.google-analytics.com https://*.google.com https://*.taboola.com https://ads.linkedin.com https://ajax.cloudflare.com https://analytics.tiktok.com https://analytics.twitter.com https://analytics.yahoo.com https://bat.bing.com https://connect.facebook.net https://conv.indeed.com https://fmedsnowplow-js.s3.amazonaws.com https://*.fullstory.com https://googleads.g.doubleclick.net https://*.hubspot.com/ https://js-na1.hs-scripts.com https://js.hs-banner.com https://js.hsleadflows.net https://l.antigena.com https://s.pinimg.com https://s.yimg.com https://sc-static.net https://snap.licdn.com https://static.cloudflareinsights.com https://tagmanager.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://*.hsforms.net https://*.stackadapt.com https://*.pandoiq.com https://*.snapchat.com/ https://api.ipify.org/ https://www.clarity.ms/ https://*.pinterest.com/ https://*.hs-sites.com/ https://*.redditstatic.com/ https://*.hscollectedforms.net/ http://*.hs-scripts.com/ https://*.intercom.io/ https://*.intercomcdn.com/ https://js.usemessages.com/; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://tagmanager.google.com https://*.stackadapt.com/; img-src 'self' data: blob: https://api-is.fusionmedstaff.com/ https://wordpress-prod.fusionmedstaff.com/ http://conv.indeed.com http://t.co http://www.glassdoor.com https://*.google-analytics.com https://*.google.com https://*.taboola.com https://bat.bing.com https://connect.facebook.net https://conv.indeed.com https://ct.pinterest.com https://dc.ads.linkedin.com https://googleads.g.doubleclick.net https://info.fusionmedstaff.com/ https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://sp.analytics.yahoo.com https://ssl.gstatic.com https://track.hubspot.com https://track.ziprecruiter.com https://www.facebook.com https://www.glassdoor.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://*.stackadapt.com https://*.pandoiq.com https://*.hsforms.com/ https://*.twitter.com/ https://c.clarity.ms https://c.bing.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self'  http://conv.indeed.com http://player.vimeo.com https://*.google.com https://*.snapchat.com https://*.doubleclick.net https://conv.indeed.com https://fusionmedstaff.staffingreferrals.com https://player.vimeo.com https://www.facebook.com https://www.googletagmanager.com https://*.pinterest.com https://*.hsforms.com https://*.hs-sites.com https://app.hubspot.com/; form-action 'self' https://tr.snapchat.com https://www.facebook.com https://forms.hsforms.com 1
default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' data: https://bat.bing.com https://analytics.tiktok.com https://paywithmybank.com https://www.redditstatic.com https://stats.g.doubleclick.net https://az620379.vo.msecnd.net https://cdn.taboola.com https://browser.sentry-cdn.com https://*.highcharts.com https://code.jquery.com https://ajax.aspnetcdn.com https://www.google.com https://www.gstatic.com https://disqus.com predictit.disqus.com https://c.disquscdn.com www.googletagmanager.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.firebaseio.com https://www.googleadservices.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://tagmanager.google.com https://www.youtube.com https://s.ytimg.com https://browser.sentry-cdn.com https://*.optimove.net https://gateway.optimove.events; style-src 'self' 'unsafe-inline' https://az620379.vo.msecnd.net https://fonts.googleapis.com https://c.disquscdn.com https://platform.twitter.com https://ton.twimg.com https://tagmanager.google.com; font-src 'self' data: https://az620379.vo.msecnd.net https://fonts.gstatic.com https://tagmanager.google.com; img-src 'self' 'unsafe-eval' data: https://*; connect-src 'self' https://analytics.tiktok.com https://stats.g.doubleclick.net wss://*.firebaseio.com https://*.services.disqus.com wss://*.predictit.org https://hub.predictit.org https://fcm.googleapis.com https://www.google-analytics.com https://www.facebook.com https://sentry.io https://*.optimove.net https://gateway.optimove.events; frame-src 'self' https://paywithmybank.com https://embed.podcasts.apple.com https://news.predictit.org https://*.libsyn.com https://*.firebaseio.com https://disqus.com https://*.twitter.com https://bid.g.doubleclick.net https://predictit.freshdesk.com https://analysis.predictit.org https://www.youtube.com https://www.google.com https://*.soundcloud.com https://widgets.itunes.apple.com https://www.facebook.com; frame-ancestors 'self'; media-src https://aristotle.com; 1
frame-ancestors 'self'; object-src 'self'; 1
frame-ancestors 'self' https://*.etracker.com www.myosram.com qa.myosram.com 1
default-src *; img-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-N2IwNmFlYjJhYTdjNDk2ZjlhZGVlZTg2NmQxYzZhMTE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.arboportaal.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.arboportaal.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.arboportaal.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' https://www.google.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://cdn.cookielaw.org https://www.gstatic.com https://youtube.com https://www.youtube.com https://youtu.be;connect-src 'self' https://www.google-analytics.com https://siteimproveanalytics.com https://www.google.com https://www.google.com/recaptcha/api.js https://cdn.cookielaw.org https://analytics.google.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://*.us.yextapis.com https://conversions-config.reddit.com https://www.redditstatic.com https://*.amplitude.com;script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://analytics.google.com https://www.google.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://cdn.cookielaw.org https://www.gstatic.com https://script.hotjar.com https://static.hotjar.com https://bat.bing.com https://aa.trkn.us https://analytics.newscred.com https://snap.licdn.com https://embed.signalintent.com https://www.youtube.com https://connect.facebook.net https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cdn.segment.com https://cdn.jsdelivr.net https://www.redditstatic.com https://cdn.amplitude.com https://siteimproveanalytics.com;frame-src 'self' https://youtu.be https://youtube.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com https://aa.trkn.us https://td.doubleclick.net;frame-ancestors 'self' https://youtu.be https://youtube.com https://www.youtube.com https://www.googletagmanager.com 1
upgrade-insecure-requests; frame-ancestors 'self';object-src data: 'unsafe-eval'; default-src 'self' *.glance.net *.humanamilitary.com *.day.com *.everesttech.net *.g.doubleclick.net *.doubleclick.net *.day.com *.mpeasylink.com *.cloud.coveo.com *.orghipaa.coveo.com  *.analytics.orghipaa.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;style-src 'self' 'unsafe-Inline' *.glance.net *.cloud.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.glance.net *.cloud.coveo.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;img-src 'self' *.glance.net *.humanamilitary.com *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com;font-src 'self' data: *.foresee.com *.humana.com *.ensighten.com *.omtrdc.net *.coremetrics.com *.cmcore.com *.answerscloud.com *.mpeasylink.com *.zscaler.net *.gigya.com *.googleadservices.com *.yimg.com *.facebook.net *.yahoo.com *.google.com *.gstatic.com *.salesforceliveagent.com *.googleapis.com *.4seeresults.com *.youtube.com *.azureedge.net  *.cloudfront.net *.dialogtech.com *.humananews.com *.linkedin.com *.longtailvideo.com *.truste.com *.prescribeitrx.com *.amazonaws.com *.glancecdn.net *.humana-government.com *.careplushealthplans.com *.healthwise.net *.humanavitality.com 193.122.6.87:7002 *.go365.com *.longtailvideo.com *.requirejs.org *.cacmedicalcenters.com *.4see.mobi *.longtailvideo.com *.foreseeresults.com *.facebook.com *.bing.com *.doubleclick.net *.xg4ken.com *.licdn.com *.twitter.com *.360yield.com *.casalemedia.com *.kargo.com *.bidswitch.net *.ad-stir.com *.tealium.com *.tealiumiq.com *.tiqcdn.com *.everesttech.net *.everestjs.net *.demdex.net *.amazon-adsystem.com *.googletagmanager.com *.deepintent.com *.gumgum.com *.teads.tv *.3lift.com *.ads-twitter.com *.onetrust.com cdn.cookielaw.org cookie-cdn.cookiepro.com 1
object-src 'none'; script-src * 'unsafe-eval' 'unsafe-inline' blob: data:; base-uri 'self' 1
frame-ancestors https://*.trueaccord.com https://flex.twilio.com 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; font-src 'self' https: data:; connect-src 'self' https:; media-src 'self'; object-src 'self'; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self' 1
default-src *.achieve.com *.dev.ffngcp.com *.stg.ffngcp.com *.prd.ffngcp.com *.browser-intake-datadoghq.com *.doubleclick.net *.tealiumiq.com *.trustpilot.com *.youtube.com https://tags.srv.stackadapt.com https://analytics.google.com https://www.google-analytics.com vimeo.com 'self'; script-src *.achieve.com *.adform.net *.array.io *.asftrk.com *.billstrk.com *.blltrk.com *.cloudfunctions.net *.criteo.com *.ctfassets.net *.doubleclick.net *.facebook.com *.freedomdebtrelief.com *.fsaitrk.com *.fsmccbll.com *.getdrip.com *.googleapis.com *.hotjar.com *.iesnare.com *.ifatrk.com *.nextdoor.com *.outbrain.com *.pinimg.com *.sentry.io *.siatrk.com *.snapchat.com *.taboola.com *.tealiumiq.com *.tiqcdn.com *.trustedform.com *.trustev.com *.trustpilot.com *.twitter.com *.youtube.com https://tags.srv.stackadapt.com https://analytics.tiktok.com https://api.securedvisit.com https://bat.bing.com https://browser-intake-datadoghq.com https://cdn-web-assets.array.io https://connect.facebook.net https://contentdsp.com/events.js https://ct.pinterest.com https://embed.sandbox.array.io https://frefi.sv.rkdms.com https://px.ads.linkedin.com https://s.yimg.com https://sc-static.net https://snap.licdn.com https://static.cloudflareinsights.com https://static.newsbreak.com https://stats.g.doubleclick.net https://tag.wknd.ai https://tags.achieve.com https://track.securedvisit.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-ZjA0Y2I3OWYtM2VkYy00MjdlLWE2NTktYmFmYjIwYzAxZTgy'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com; img-src * data:; font-src 'self' https://storage.googleapis.com; frame-src *.trustpilot.com *.vimeo.com *.youtube.com 'self'; media-src 'self' *.ctfassets.net; object-src 'self' blob: data:; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob: 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src * data: blob: ;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' ajax.cloudflare.com static.cloudflareinsights.com www.paypal.com googleads.g.doubleclick.net static.ads-twitter.com analytics.tiktok.com www.google.com www.clarity.ms connect.facebook.net script.hotjar.com static.hotjar.com widget.trustpilot.com widget.mercuryo.io www.google-analytics.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://widget.mercuryo.io; worker-src 'self' 1
frame-ancestors https://s-ryhman-hotellit.salesfra.me https://salesfra.me; 1
default-src 'self' 'unsafe-inline' hubgroup.com p.typekit.net fonts.gstatic.com fonts.googleapis.com use.typekit.net player.vimeo.com forms.hsforms.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-hubgroup.pressidium.com cookie-cdn.cookiepro.com js.hs-analytics.net js.hs-scripts.com script.crazyegg.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com js.hs-banner.com js.hsforms.net script.crazyegg.com assets.juicer.io code.jquery.com maps.googleapis.com; connect-src 'self' cdn-hubgroup.pressidium.com analytics.google.com cookie-cdn.cookiepro.com www.googletagmanager.com www.google-analytics.com js.hsforms.net script.crazyegg.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com stats.g.doubleclick.net maps.googleapis.com www.juicer.io; img-src 'self' 'unsafe-inline' cdn-hubgroup.pressidium.com www.google.co.uk www.googletagmanager.com www.google-analytics.com www.google.com maps.googleapis.com map.gstatic.com ps.w.org s.w.org forms.hsforms.com assets.juicer.io www.juicer.io pbs.twimg.com secure.gravatar.com abs.twimg.com pbs.twimg.com forms-na1.hsforms.com track.hubspot.com pbs.twimg.com maps.gstatic.com data:; style-src 'self' 'unsafe-inline' cdn-hubgroup.pressidium.com fonts.googleapis.com use.typekit.net p.typekit.net assets.juicer.io data:; font-src 'self' 'unsafe-inline' cdn-hubgroup.pressidium.com fonts.googleapis.com use.typekit.net p.typekit.net static.juicer.io fonts.gstatic.com data:; object-src 'none'; frame-src 'self' 'unsafe-inline' onpressidium.com cdn-hubgroup.pressidium.com hubgroup.com hubgroup.com/about-us/contact-us/ docs.google.com forms.hsforms.com player.vimeo.com hubgroup.dev.onpressidium.com hubgroup.com; 1
default-src 'self' https://www.clubepag.com https://api.security.pagseguro.uol.com.br https://nominatim.openstreetmap.org https://pagclube.product-commerce-qa.aws.pagseguro.uol https://www-merchant-pagclube.product-commerce-qa.aws.pagseguro.uol https://www-merchant-clubepag.product-commerce-qa.aws.pagseguro.uol https://merchant.clubepag.com https://stats.g.doubleclick.net https://assets.pagseguro.com.br https://js-agent.newrelic.com https://bam-cell.nr-data.net https://static.hotjar.com https://script.hotjar.com https://sb.scorecardresearch.com https://www.google-analytics.com https://www.googletagmanager.com ; style-src 'self' 'unsafe-inline' https://assets.pagseguro.com.br; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pagclube.product-commerce-qa.aws.pagseguro.uol https://www-merchant-pagclube.product-commerce-qa.aws.pagseguro.uol https://www-merchant-clubepag.product-commerce-qa.aws.pagseguro.uol https://merchant.clubepag.com https://stats.g.doubleclick.net https://assets.pagseguro.com.br https://js-agent.newrelic.com https://bam-cell.nr-data.net https://static.hotjar.com https://script.hotjar.com https://sb.scorecardresearch.com https://www.google-analytics.com https://www.googletagmanager.com ; img-src 'self' 'unsafe-inline' data: https://clubepag-images-prod.s3.amazonaws.com/ https://*.tile.openstreetmap.org https://www.google.com https://www.google.com.br https://sb.scorecardresearch.com https://www.google-analytics.com https://assets.pagseguro.com.br 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mailplus.nl cdn.rawgit.com cdnjs.cloudflare.com cdn.jsdelivr.net static.addtoany.com connect.facebook.net *.facebook.com siteimproveanalytics.com sdc.mineleni.nl statistiek.rijksoverheid.nl piwik.dtnr.nl ajax.googleapis.com cdn.siteimprove.net www.google.com *.google-analytics.com tagmanager.google.com *.googletagmanager.com *.ckeditor.com *.hotjar.com extreme-ip-lookup.com; connect-src 'self' *.siteimprove.com *.google-analytics.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com; img-src 'self' data: http://www.cbi.eu https://www.cbi.eu cdn.rawgit.com raw.githubusercontent.com http://www.rovid.nl https://www.rovid.nl *.rijksoverheid.nl sdc.mineleni.nl *.google-analytics.com *.doubleclick.net *.ckeditor.com statistiek.rijksoverheid.nl piwik.dtnr.nl; style-src 'self' 'unsafe-inline' http://www.cbi.eu https://www.cbi.eu *.mailplus.nl  cdnjs.cloudflare.com www.google.com tagmanager.google.com *.googleapis.com ssl.gstatic.com *.ckeditor.com; font-src 'self' themes.googleusercontent.com; media-src 'self' http://www.rovid.nl https://www.rovid.nl *.rijksoverheid.nl player.vimeo.com *.vimeocdn.com; child-src 'self' rvo.bbvms.com static.addtoany.com *.facebook.com *.siteimprove.com *.youtube.com *.hotjar.com; object-src 'self'; frame-ancestors 'self' *.gcci.ge *.sliepa.org *.afdb.org *.kemendag.go.id *.idrc.ca *.paltrade.org *.aeb.gov.rw *.thecdi.org.za *.apen.org.ni *.sidec.vn *.siicex.gob.mx *.senegalexport.com *.gufebenin.org *.gepaghana.org *.mongoltextile.mn *.must.edu.mn *.africatradefund.org http://ugandacoffeefederation.org http://www.apexb.bf *.apexb.bf *.bahamastradeinfo.gov.bs http://maliexport.com *.portailexportbenin.com myantrade.org http://pameranln.kemenperin.go.id *.blueoasiseg.com *.hbmcorp.co.id *.globalinvestmentco.co.za *.keproba.go.ke *.procuba.cu *.lebtrade.gov.lb lebtrade.gov.lb sites.google.com www.marketingengineers.nl marketingengineers.nl www.apexb.bf; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.pricespider.com *.mapbox.com js.jebbit.com blob: feed.pghub.io pandg.tapad.com ; media-src 'self' feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org *.moatads.com www.youtube.com pghub.io *.bazaarvoice.com *.pricespider.com js.jebbit.com cdn.segment.com *.lytics.io connect.facebook.net cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: cdn.pricespider.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.fls.doubleclick.net feed.pghub.io consumersupport.pg.com www.facebook.com jebbit.dreft.com td.doubleclick.net pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com *.akamaihd.net *.moatads.com www.google-analytics.com *.bazaarvoice.com *.lytics.io www.facebook.com *.pricespider.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ad.doubleclick.net cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; connect-src 'self' *.bazaarvoice.com *.google-analytics.com cdn.cookielaw.org *.doubleclick.net *.algolia.net match.adsrvr.org *.segment.com *.segment.io *.jebbit.com *.pricespider.com *.mapbox.com geolocation-db.com adservice.google.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' https://*.admooh.com https://midiabanco24horas.com.br 1
default-src https://www.google.com *.google.com www.googletagmanager.com *.googletagmanager.com *.youtube.com *.googlesyndication.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.gstatic.com 'self'; img-src 'self' data: http://*.gravatar.com/ *.google.com *.youtube.com *.googlesyndication.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com; style-src 'self' https://fonts.googleapis.com https://*.securiti.ai 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com data:; script-src https://www.google.com www.googletagmanager.com *.googletagmanager.com https://www.gstatic.com *.google.com *.youtube.com *.googlesyndication.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.gstatic.com 'self' https://ajax.googleapis.com https://*.securiti.ai 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://ajax.googleapis.com https://*.securiti.ai *.google.com *.youtube.com *.googlesyndication.com *.googleapis.com https://www.google.com www.googletagmanager.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagservices.com *.gstatic.com; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; style-src 'self' https:; script-src 'self' https: 1
frame-ancestors 'self' https://www.paypal.com https://app.storyblok.com https://analytics.tiktok.com https://www.googleoptimize.com; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' app.vwo.com *.visualwebsiteoptimizer.com https://unpkg.com https://*.zdassets.com https://m.stripe.network https://*.lovebonito.com *.lovebonito.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://*.scarabresearch.com https://*.googleoptimize.com https://static.scarabresearch.com https://www.googletagmanager.com https://static.hotjar.com https://app.storyblok.com https://script.hotjar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://s.pinimg.com https://unpkg.com https://connect.facebook.net https://analytics.tiktok.com https://www.paypal.com https://assets.adobedtm.com https://*.lovebonito.com https://sc-static.net https://*.zendesk.com; script-src-elem * 'self' https://www.google.com https://d.impactradius-event.com https://www.googleadservices.com *.visualwebsiteoptimizer.com app.vwo.com 'unsafe-inline' https://*.emarsys.net https://*.scarabresearch.com https://cdn.jsdelivr.net https://www.googleoptimize.com https://static.scarabresearch.com https://static.cloudflareinsights.com https://www.googletagmanager.com https://app.storyblok.com https://www.googleadservices.com https://static.hotjar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://s.pinimg.com https://unpkg.com https://connect.facebook.net https://analytics.tiktok.com https://googleads.g.doubleclick.net https://script.hotjar.com https://lovebonito.com https://accounts.google.com https://cdn.speedcurve.com https://secure.quantserve.com https://utt.impactcdn.com https://rules.quantcount.com https://merchant.cdn.hoolah.co https://www.paypal.com *.lovebonito.com https://*.zdassets.com https://assets.adobedtm.com https://web-sdk.aptrinsic.com https://*.midtrans.com https://*.amazonaws.com https://*.zendesk.com https://*.stripe.com https://*.klarnaservices.com *.klarnaservices.com https://api.smooch.io https://sc-static.net; report-to 'https://lovebonito.com/csp-report'; 1
default-src 'none'; img-src 'self' data:; style-src 'sha256-u63PihE3COghISHa7lKT36CKADhM8M5ovxCijvnCeGg=' 'sha256-j4KLt4kEQ312AuUqAy5XvWbcZbwKYDa26bRMNy/j9vA=' 'sha256-8Ayo8ctgXanxvG567YD3IxJJ80DsgTgZRp+KZrpXGzk='; script-src 'sha256-/nEeE86N8ykMvnpONoxUKIKVkpk2VLejLWBhR4UuEPk=' 'sha256-wcSNn2MvQ0/HuUJ8EjnWeSIxYhHiP1BoyMqWqxwWBII=' 'sha256-uX1YEkZnD94HWAnmRFGobUERw5GnYj1r/4MaQxZwOO0=' 1
frame-ancestors 'self' infopoint.asadventuregroup.com infopoint-tst.asadventuregroup.com infopoint-acc.asadventuregroup.com 1
frame-src www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.googletagmanager.com *.doubleclick.net vars.hotjar.com www.youtube.com www.booking.com air-miles.leadfamly.com app.talkjs.com *.visualwebsiteoptimizer.com app.vwo.com air-miles.campaign.playable.com; style-src 'self' 'unsafe-inline' https://loyaltygateway.com/rewards/ fonts.googleapis.com cdn.talkjs.com *.visualwebsiteoptimizer.com app.vwo.com air-miles.campaign.playable.com s3.amazonaws.com; font-src 'self' https://loyaltygateway.com/rewards/ script.hotjar.com fonts.gstatic.com air-miles.campaign.playable.com; img-src 'self' *.airmiles.nl *.airmilesshop.nl *.jibecompany.com media.umbraco.io www.googletagmanager.com www.google-analytics.com www.google.com www.google.nl *.googlesyndication.com *.doubleclick.net s3-eu-west-1.amazonaws.com cdn.talkjs.com script.hotjar.com www.facebook.com cook.shortest-route.com *.visualwebsiteoptimizer.com app.vwo.com files.cdn.leadfamly.com chart.googleapis.com wingify-assets.s3.amazonaws.com data:; connect-src 'self' *.airmiles.nl *.umbraco.io *.blob.core.windows.net *.google-analytics.com *.g.doubleclick.net www.google.com adservice.google.com *.googlesyndication.com app.talkjs.com wss://app.talkjs.com capture.trackjs.com *.visualwebsiteoptimizer.com app.vwo.com air-miles.campaign.playable.com *.api.leadfamly.com *.ingest.sentry.io *.hotjar.com *.hotjar.io wss://*.hotjar.com *.applicationinsights.azure.com https://loyaltygateway.com/rewards/ https://api.airmiles.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' 'sha256-vhJfKuHOm03RDa2OlUlpAe0ja1Qh+wpUuxHN9/pOeqU=' *.airmiles.nl www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com *.g.doubleclick.net *.adform.net *.visualwebsiteoptimizer.com app.vwo.com air-miles.campaign.playable.com *.hotjar.com connect.facebook.net https://loyaltygateway.com/rewards/ 'nonce-f2b582d0-601e-0078-279e-a5f1db000000'; frame-ancestors 'self' www.shell.nl; worker-src blob: 1
frame-ancestors 'self' http://bloom.test http://bloomudev.prod.acquia-sites.com https://bloomudev.prod.acquia-sites.com http://bloomustg.prod.acquia-sites.com https://bloomustg.prod.acquia-sites.com https://www.bloomu.edu http://bloomu.prod.acquia-sites.com https://bloomu.prod.acquia-sites.com https://bloom.ddev.site https://commonwealth.ddev.site https://www.commonwealthu.edu https://dev.admissions.bloomu.edu/ https://stage.admissions.bloomu.edu https://solutions.nuventive.com/; report-uri https://www.commonwealthu.edu/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.rusweek.news https://push.rusweek.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.rusweek.news https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.rusweek.news ; 1
frame-ancestors 'self' waag.org *.waag.org 1
default-src 'self'; img-src 'self' data: https://im16.inviewer.se https://mfstatic.com https://i3.ytimg.com https://cdn.cookielaw.org https://matomo.internetstiftelsen.se https://fonts.gstatic.com https://secure.gravatar.com https://*.libsyn.com https://*.internetstiftelsen.se https://internetstiftelsen.se https://s3-eu-north-1.amazonaws.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://mfstatic.com https://cdn.jsdelivr.net https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://graphtool.internetstiftelsen.se https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com https://www.gstatic.com https://cdn.lordicon.com https://*.readspeaker.com https://www.youtube.com https://connect.facebook.net; font-src 'self' data: https://*.onetrust.com https://fonts.gstatic.com https://*.internetstiftelsen.se; style-src 'self' 'unsafe-inline' https://*.onetrust.com https://mfstatic.com https://*.internetstiftelsen.se https://matomo.internetstiftelsen.se https://www.googletagmanager.com https://fonts.googleapis.com; manifest-src 'self' https://*.internetstiftelsen.se; connect-src 'self' https://im16.inviewer.se https://*.mediaflow.com https://api.friendlycaptcha.com https://matomo.internetstiftelsen.se https://static.internetstiftelsen.se https://www.facebook.com https://region1.google-analytics.com https://cdn.cookielaw.org https://*.onetrust.com https://cdn.lordicon.com https://*.bugsnag.com https://*.readspeaker.com https://yoast.com; frame-src 'self' https://internetstiftelsen.confetti.events https://www.google.com https://www.youtube.com https://youtube.com https://www.youtube-nocookie.com https://*.libsyn.com; frame-ancestors 'self'; media-src 'self' https://*.libsyn.com 1
script-src 'sha256-KwjsHA+EsMbb1ylKxspeOyO7bQGEm/Rrda1uQ1Vfp7k=' 'sha256-AN4pO5LfFZ8nm9ROGeE1FnW+QWU7VEOWTrAHUthWjIM=' vimeo.com *.vimeo.com 'sha256-RPhUxarK9e7g7QSlFDXObbJg5G40WNLhElVJI36zeuQ=' youtube.com *.youtube.com 'sha256-YE+WaNSJPJd1dxnTF9W6F6FxTMCH1GG1Ejw7ERjvNVI=' 'sha256-JXxRhU9rSK5ChKenB/G3/iw9g4Jhqsy0XiITIEt87+s=' *.googletagmanager.com 'sha256-zrL3ROJP63mcZH+dXLik9tcBAtowlwjOHDWFiZi5jL4=' matomo.lkab.com 'self';frame-src api.screen9.com vimeo.com *.vimeo.com *.lkab.com youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com;img-src data: w3.org/svg/2000 i.vimeocdn.com i.ytimg.com *.google-analytics.com *.googletagmanager.com matomo.lkab.com 'self' mb.cision.com;connect-src vimeo.com *.vimeo.com api.websitecarbon.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com matomo.lkab.com 'self';font-src matomo.lkab.com 'self';style-src matomo.lkab.com 'self' 'unsafe-inline';default-src 'self'; 1
https://www.kemet.com https://js.hsforms.net 1
default-src 'self'; script-src report-sample 'self' 'unsafe-inline' 'unsafe-eval' https://sidebar.bugherd.com https://www.bugherd.com https://www.youtube.com http://www.youtube.com https://widget.instabot.io https://widgetapi.instabot.io https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net data: https: wss: http://tag.demandbase.com https://addevent.com https://cdn.addevent.com https://cdn.evgnet.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://d2i34c80a0ftze.cloudfront.net https://d2iiunr5ws5ch1.cloudfront.net https://d2wy8f7a9ursnm.cloudfront.net https://explore.parexel.com https://kit.fontawesome.com https://pi.pardot.com https://snap.licdn.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com http://amd.sellingsimplified.net http://cdn.pardot.com https://pi.pardot.com http://pi.pardot.com http://cdn.jsdelivr.net http://explore.parexel.com https://testing.parexel.site http://testing.parexel.site; style-src report-sample 'self' data: 'unsafe-inline' https://form.asana.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://code.jquery.com https://d2iiunr5ws5ch1.cloudfront.net https://fonts.googleapis.com https://translate.googleapis.com https://testing.parexel.com/ http://testing.parexel.com/; img-src 'self' data: blob: https: https://d2iiunr5ws5ch1.cloudfront.net http://www.parexel.site https://img.youtube.com https://i3.ytimg.com https://bugherd-attachments.s3.amazonaws.com https://sidebar.bugherd.com https://www.google-analytics.com https://www.googletagmanager.com https://unpkg.com https://ade.googlesyndication.com https://ade.googlesyndication.com https://cookie-cdn.cookiepro.com https://d2iiunr5ws5ch1.cloudfront.net https://i3.ytimg.com https://ib.adnxs.com https://insight.adsrvr.org https://px.ads.linkedin.com https://px4.ads.linkedin.com https://secure.adnxs.com https://static.instabot.io https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://testing.parexel.com/ http://testing.parexel.com/; object-src 'self'; connect-src 'self' wss: https://sessions.bugsnag.com wss://ws-mt1.pusher.com https://static.instabot.io https://widgetapi.instabot.io https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com http://geodata.solutions https://ipinfo.io https://api.company-target.com https://cdn.linkedin.oribi.io https://content.hotjar.io https://maps.googleapis.com https://ad.doubleclick.net https://adservice.google.com https://amd.sellingsimplified.net https://chat.instabot.io https://cookie-cdn.cookiepro.com https://geodata.solutions https://geolocation.onetrust.com https://get663.com https://googleads.g.doubleclick.net https://in.hotjar.com https://ka-p.fontawesome.com https://livechat.instabot.io https://pagead2.googlesyndication.com https://privacyportal.cookiepro.com https://region1.analytics.google.com https://region1.google-analytics.com https://st.fullcircleinsights.com https://vc.hotjar.io https://widget.instabot.io https://widgetapi.instabot.io *.hotjar.com https://www.bugherd.com https://www.google.at https://www.google.ba https://www.google.be https://www.google.bg https://www.google.ca https://www.google.ch https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.kr https://www.google.co.th https://www.google.co.uk https://www.google.co.za https://www.google.com https://www.google.com.ar https://www.google.com.au https://www.google.com.hk https://www.google.com.mx https://www.google.com.my https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.sg https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lt https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.se wss://chat.instabot.io wss://ws.pusherapp.com https://tag-logger.demandbase.com https://amd.sellingsimplified.net http://amd.sellingsimplified.net https://notify.bugsnag.com https://testing.parexel.com/ http://testing.parexel.com/ https://px.ads.linkedin.com https://segments.company-target.com; font-src 'self' data: https://sidebar.bugherd.com http://www.youtube.com https://www.youtube.com https://explore.parexel.com https://form.asana.com https://*.fls.doubleclick.net https://player.vimeo.com/ https://cdnjs.cloudflare.com https://www.blacbloo.com https://at.alicdn.com https://d2iiunr5ws5ch1.cloudfront.net https://fonts.gstatic.com https://ka-p.fontawesome.com https://www.bugherd.com https://testing.parexel.com/ http://testing.parexel.com/; frame-src 'self' data https://sidebar.bugherd.com http://www.youtube.com https://www.youtube.com https://explore.parexel.com https://form.asana.com https://*.fls.doubleclick.net https://player.vimeo.com/ http://10631059.fls.doubleclick.net.x.033205b20bf0d044650a39908ae23d0cb757.d045241e.id.opendns.com http://35.71.131.137:6080 http://insight.adsrvr.org.x.97cd67fd0ae2e0448b0a07b01172d39bf9ff.d045241e.id.opendns.com https: https://10631059.fls.doubleclick.net https://content.cdntwrk.com https://www.facebook.com https://www.google.com https://www.podbean.com https://www.youtube.com http://player.vimeo.com https://testing.parexel.com/ http://testing.parexel.com/; media-src 'self' https://sidebar.bugherd.com http://www.youtube.com https://www.youtube.com https://explore.parexel.com https://form.asana.com https://*.fls.doubleclick.net https://player.vimeo.com/ https://download-video.akamaized.net https://player.vimeo.com https://mcdn.podbean.com https://6329104cef389e2c71224d98.endpoint.csper.io https://testing.parexel.com/ http://testing.parexel.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: apps.sitecore.net *.linkedin.com cdn.cookielaw.org *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google-analytics.com; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com static.cloudflareinsights.com cdn.cookielaw.org *.doubleclick.net connect.facebook.net *.google.com www.googleadservices.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hubspot.com *.hsforms.net *.hscollectedforms.net *.hsadspixel.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net forms.hsforms.com snap.licdn.com *.linkedin.com www.powr.io *.usemessages.com player.vimeo.com www.youtube.com; img-src 'self' data: ad.doubleclick.net *.google.com *.facebook.com cdn.cookielaw.org *.google-analytics.com *.gstatic.com *.googleapis.com *.doubleclick.net www.googletagmanager.com *.hsforms.com *.hubspot.com *.hotjar.com *.linkedin.com presspage-production-content.s3.amazonaws.com content.presspage.com apply.indeed.com *.tomra.com *.ytimg.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.hotjar.com *.gstatic.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com *.hotjar.com; frame-src 'self' 'unsafe-inline' *.hotjar.com *.hubspot.com *.hsforms.com ir.oms.no *.google.com www.googletagmanager.com *.tomra.com events.webcast.no sdk.companywebcast.com player.vimeo.com www.youtube-nocookie.com www.powr.io td.doubleclick.net; media-src 'self' 'unsafe-inline' data:; object-src 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' *.google.com *.doubleclick.net *.googlesyndication.com cdn.cookielaw.org www.facebook.com *.google-analytics.com *.googleapis.com www.googletagmanager.com *.hubspot.com *.hubapi.com *.hscollectedforms.net *.hsadspixel.net *.hscollectedforms *.hsforms.com *.hotjar.com *.hotjar.io cdn.linkedin.oribi.io privacyportal-eu.onetrust.com stats.g.doubleclick.net wss://*.hotjar.com; report-uri https://98603d1ae0d730603f9d85834c3df264.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' *.cookiebot.com *.euroland.com *.eurolandir.com *.coveo.com *.omtrdc.net *.adobe.com *.experian.com *.experianmarketingservices.com *.adobedtm.com *.youtube.com *.brightcove.com *.brightcove.net *.demdex.net *.everesttech.net *.omniture.com *.zencdn.net bcove.video *.api.brightcove.com api.bcovlive.io *.bcovlive.io *.sep.bcovlive.io bcovlive-a.akamaihd.net *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com *.boltdns.net brightcove.vo.llnwd.net *.llnw.net *.llnwd.net manifest.prod.boltdns.net *.media.brightcove.com *.akafms.net *.akamaihd.net *.analytics.edgekey.net *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net *.bcvp0rtal.com *.brightcovecdn.com; img-src 'self' data: *; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; font-src 'self' data: *; object-src 'none'; media-src * blob:; worker-src blob: 'self'; frame-ancestors 'self'; 1
frame-src 'self' https://www.leonidas.nl https://liveeditor.twelve.eu 1
default-src 'none'; connect-src 'self' https://adminforge.de https://piwik.adminforge.de; img-src 'self' data: https://community.adminforge.de https://piwik.adminforge.de; script-src 'self' 'unsafe-inline' https://piwik.adminforge.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; base-uri 'none'; frame-ancestors 'self' https://my.adminforge.de; form-action 'self'; block-all-mixed-content 1
default-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; img-src 'self' data: *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; media-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; font-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; style-src 'self' 'unsafe-inline' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; connect-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; frame-src 'self' *.jmark.com *.cloudfront.net *.amazonaws.com *.imgix.net *.typekit.net *.sentry-cdn.com *.marker.io *.termly.io *.cloudflare.com *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsadspixel.net *.hscollectedforms.net *.hubapi.com *.hubspot.com *.usemessages.com *.linkedin.com *.licdn.com *.gstatic.com *.google.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.youtube.com *.ytimg.com *.zoominfo.com *.oribi.io; 1
default-src 'self'; script-src 'self' 'sha256-dgu3n+AUmAeeFlNJ9PYC9rtl6HJ/hfrZoyNPRcQxLuM=' www.googletagmanager.com www.google-analytics.com ajax.googleapis.com www.youtube.com www.instagram.com  platform.instagram.com oc-cdn-public.azureedge.net connect.facebook.net platform.twitter.com; style-src 'self' 'unsafe-inline' oc-cdn-public.azureedge.net fonts.cdnfonts.com; font-src 'self' fonts.cdnfonts.com data:; connect-src 'self' www.google-analytics.com vitals.vercel-insights.com graph.facebook.com res.cloudinary.com assets.metrolinx.com; img-src 'self' res.cloudinary.com assets.metrolinx.com d3t3ozftmdmh3i.cloudfront.net i.ytimg.com data:; media-src 'self' anchor.fm d3ctxlq1ktw2nl.cloudfront.net blob:; frame-src www.youtube.com www.instagram.com oc-cdn-public.azureedge.net www.linkedin.com www.facebook.com platform.twitter.com outlook.office365.com app.sli.do; frame-ancestors 'self'; form-action 'self' 1
connect-src 'self' mc.yandex.ru mc.yandex.md chatcenter.ftc.ru chatcenter-test.ftc.ru *.kvartplata.ru www.google.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru www.gstatic.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google-analytics.com www.googletagmanager.com mc.yandex.ru www.gstatic.com; style-src 'self' 'unsafe-inline'; font-src 'self' chatcenter.ftc.ru chatcenter-test.ftc.ru data:; img-src 'self' data: chatcenter.ftc.ru chatcenter-test.ftc.ru www.google.com www.google.ru www.google-analytics.com www.googletagmanager.com mc.yandex.ru; object-src 'none'; report-uri https://www.kvartplata.ru/api/v1/cspReports; 1
frame-ancestors 'self' https://*.gls.de; default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' *.gls.de 'wasm-unsafe-eval'; img-src 'self' *.gls.de data: https://i.vimeocdn.com https://cartodb-basemaps-a.global.ssl.fastly.net https://cartodb-basemaps-b.global.ssl.fastly.net https://cartodb-basemaps-c.global.ssl.fastly.net; font-src 'self'; connect-src 'self' *.gls.de https://api.friendlycaptcha.com/api/v1/puzzle; object-src 'self'; base-uri 'none'; frame-src 'self' *.glsbank.de *.gls.de *.gls-bank.de https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com https://vr-international.vr-bankenportal.de; form-action 'self'; worker-src blob:; child-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.adsrvr.org https://js.hsadspixel.net https://www.google.com https://js.zi-scripts.com https://cdn-prod.securiti.ai https://az416426.vo.msecnd.net https://tpc.googlesyndication.com https://tags.crwdcntrl.net https://www.rumiview.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com/ajax/libs/js-cookie/2.2.0/js.cookie.min.js https://js.hsforms.net https://e.clarity.ms https://i.clarity.ms/ https://www.clarity.ms https://googleads.g.doubleclick.net https://i.clarity.ms https://www.clarity.ms https://c.clarity.ms https://analytics.twitter.com https://static.ads-twitter.com https://script.crazyegg.com https://www.googleadservices.com https://cdn.mouseflow.com https://bat.bing.com https://snap.licdn.com https://analytics.clickdimensions.com https://translate.google.com https://translate.googleapis.com https://assets.adobedtm.com https://www.googletagmanager.com *.googleapis.com *.gstatic.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com  https://cdn.jsdelivr.net/ https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com js.hs-banner.com js.hsleadflows.net https://forms.hubspot.com https://js.hscollectedforms.net https://analytics.google.com; style-src 'self' 'unsafe-inline' https://cdn-prod.securiti.ai https://cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/fontawesome.min.css https://fonts.cdnfonts.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com https://fonts.cdnfonts.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: blob:; img-src 'self' https://ad.doubleclick.net https://tags.w55c.net https://www.rumiview.com https://pixel.mediaiqdigital.com https://p.adsymptotic.com https://analytics.twitter.com https://bcp.crwdcntrl.net https://c.clarity.ms https://px.ads.linkedin.com https://c.clarity.ms https://t.co/i/adsct https://translate.google.com https://bat.bing.com https://secure.adnxs.com https://googleads.g.doubleclick.net https://www.google.com www.googletagmanager.com https://js.hsleadflows.net https://forms.hsforms.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com; media-src 'self' data: blob:; child-src 'self' https://forms.hubspot.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; connect-src 'self' https://px.ads.linkedin.com/wa/ https://ws.zoominfo.com/pixel/627c2d1b3ef5dc0012eeb849/ https://ws.zoominfo.com/pixel/61c20dcc41e2e10020e3a6ff/ https://js.zi-scripts.com https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://forms.hscollectedforms.net https://www.google.com/pagead/attribution  https://cdn.linkedin.oribi.io/partner/5099178/domain/hrci.org/token https://cdn-prod.securiti.ai https://app.securiti.ai https://player.vimeo.com https://www.youtube.com https://dc.services.visualstudio.com/v2/track https://bat.bing.com https://*.clarity.ms/collect https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://www.googleadservices.com https://www.clarity.ms/eus2-c/collect https://script.crazyegg.com https://stats.g.doubleclick.net https://translate.googleapis.com https://forms.hubspot.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://analytics.google.com https://n2.mouseflow.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://bcp.crwdcntrl.net https://tpc.googlesyndication.com https://forms.hsforms.com https://bid.g.doubleclick.net https://*.doubleclick.net https://player.vimeo.com 1
default-src 'self'; font-src data: https://assets.dm.de; script-src 'self' https://*.bazaarvoice.com https://*.mm.mojadm.sk https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.mojadm.sk https://tags.tiqcdn.com https://www.mojadm.sk; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.mojadm.sk https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cartnext.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.mojadm.sk https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.mojadm.sk https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; form-action 'self' https://*.bazaarvoice.com https://checkout.mojadm.sk https://giftcard-checkout.mojadm.sk/api/checkout https://signin.mojadm.sk; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.mojadm.sk https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://*.mojadm.sk https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.mojadm.sk https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.mojadm.sk https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
font-src *.googleapis.com https://www.gstatic.com *.fontawesome.com https://fonts.gstatic.com https://live.icecat.biz https://locator.uberall.com data: https://googletagmanager.com https://tagmanager.google.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://interface.mailcampaigns.nl/ https://www.mollie.com/ https://bancontact.girogate.be/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://view.publitas.com https://www.kiyoh.com http://www.kiyoh.com https://www.google.com https://dashboard.trustprofile.com/ https://trafic-career.talent-soft.com/ https://trafic.talent-soft.com/ http://www.trafic.com/ http://trafic.com/ https://s3-eu-west-1.amazonaws.com/ https://td.doubleclick.net https://google-analytics.com https://objects.icecat.biz/ *.trustpilot.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com http://amcglobal.sc.omtrdc.net/ dpm.demdex.net http://cm.everesttech.net/ *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://www.mollie.com https://*.amazonaws.com https://*.mapbox.com https://*.uberall.com blob: https://td.doubleclick.net https://a5.behance.net/ http://admin.fun.be/ http://www.fun.be/ http://fun.be/ https://admin.fun.be/ https://www.fun.be/ https://fun.be/ http://www.trafic.com/ http://trafic.com/ https://www.trafic.com/ https://trafic.com/ http://www.zwembadstore.be/ http://zwembadstore.be/ https://www.zwembadstore.be/ https://zwembadstore.be/ http://www.tuinhuisstore.be/ http://tuinhuisstore.be/ https://www.tuinhuisstore.be/ https://tuinhuisstore.be/ https://magentoadmin.trafic.com http://pimadmin.trafic.com/ https://pimadmin.trafic.com/ http://catalogmedia.trafic.com/ https://catalogmedia.trafic.com/ http://admin.fun.docker/ http://www.fun.docker/ http://fun.docker/ https://admin.fun.docker/ https://www.fun.docker/ https://fun.docker/ http://www.trafic.docker/ http://trafic.docker/ https://www.trafic.docker/ https://trafic.docker/ http://www.zwembadstore.docker/ http://zwembadstore.docker/ https://www.zwembadstore.docker/ https://zwembadstore.docker/ http://www.tuinhuisstore.docker/ http://tuinhuisstore.docker/ https://www.tuinhuisstore.docker/ https://tuinhuisstore.docker/ http://admin.fun.test/ http://www.fun.test/ http://fun.test/ https://admin.fun.test/ https://www.fun.test/ https://fun.test/ http://www.trafic.test/ http://trafic.test/ https://www.trafic.test/ https://trafic.test/ http://www.zwembadstore.test/ http://zwembadstore.test/ https://www.zwembadstore.test/ https://zwembadstore.test/ http://www.tuinhuisstore.test/ http://tuinhuisstore.test/ https://www.tuinhuisstore.test/ https://tuinhuisstore.test/ maps.gstatic.com maps.googleapis.com https://www.google.be/ https://funtrafic.imgix.net/ http://funtrafic.imgix.net/ https://lqip-funtrafic.imgix.net/ http://lqip-funtrafic.imgix.net/ https://story.icecat.biz https://funtrafic-large.imgix.net/media/ https://funtrafic-thumb.imgix.net/media/ https://pdpthumb-funtrafic.imgix.net https://pdplarge-funtrafic.imgix.net https://pdpfull-funtrafic.imgix.net https://content.fun.be https://adservice.google.com https://region1.analytics.google.com https://googletagmanager.com https://tagmanager.google.com https://bat.bing.com  https://pagead2.googlesyndication.com https://google-analytics.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com https://www.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.mollie.com https://locator.uberall.com https://*.mapbox.com https://view.publitas.com https://www.google.com/recaptcha/ maps.googleapis.com https://live.icecat.biz https://pet.icecat.biz https://icecat.biz/stats/scripts/track-story2.js https://bat.bing.com  https://js-agent.newrelic.com https://googletagmanager.com https://tagmanager.google.com https://td.doubleclick.net https://google-analytics.com *.trustpilot.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://*.icecat.biz blob: https://googletagmanager.com https://tagmanager.google.com *.trustpilot.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com http://dpm.demdex.net/ https://icecat.biz https://pet.icecat.biz https://locator.uberall.com https://*.mapbox.com https://live.icecat.biz https://magentoadmin.trafic.docker https://adservice.google.com https://region1.analytics.google.com https://www.google.com https://www.google.be https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://td.doubleclick.net https://google-analytics.com  https://pagead2.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri http://admin.fun.be/ http://www.fun.be/ http://fun.be/ https://admin.fun.be/ https://www.fun.be/ https://fun.be/ http://admin.fun.docker/ http://www.fun.docker/ http://fun.docker/ https://admin.fun.docker/ https://www.fun.docker/ https://fun.docker/ http://admin.fun.test/ http://www.fun.test/ http://fun.test/ https://admin.fun.test/ https://www.fun.test/ https://fun.test/ http://magentoadmin.trafic.com/ 'self' 'unsafe-inline'; 1
script-src bettercloud.com *.bettercloud.com *.googleapis.com/  *.gravatar.com googleads.g.doubleclick.net/ www.google-analytics.com/ *.hotjar.com/ js.hsadspixel.net/ js.hscollectedforms.net/ js.hs-analytics.net/ js.hs-banner.com/ www.googletagmanager.com/ cdnjs.cloudflare.com/ use.fontawesome.com fonts.googleapis.com/ browser.sentry-cdn.com/ js.hs-scripts.com/ https://js.hsforms.net/ fonts.googleapis.com/ cdn.nitropack.io nitropack.io cdn-iokbh.nitrocdn.com *.chat.api.drift.com *.api.drift.com js.driftt.com api.company-target.com client-registry.mutinycdn.com www.redditstatic.com *.marketo.com *.marketo.net trk.techtarget.com acsbapp.com tag.demandbase.com bat.bing.com cdn.cookielaw.org cdn.bizible.com snap.licdn.com s.adroll.com connect.facebook.net d.adroll.com *.d.adroll.com *.cloudfront.net *.jquery.com *.calendly.com *.unbounce.com boards.greenhouse.io fast.wistia.net *.youtube.com *.twitter.com *.ceros.com api.ceros.com *.wistia.com 'unsafe-inline' 'unsafe-eval' data: blob:; 1
frame-ancestors https://app.contentstack.com 1
frame-ancestors 'self' https://*.optimizely.com; default-src 'self'; font-src 'self' https://*.gstatic.com https://*.typekit.net https://*.sharepointonline.com data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com; img-src 'self' https: data: https://*.optimizely.com; connect-src https: wss://*.hotjar.com https://*.optimizely.com; frame-src 'self' https://*.hotjar.com https://*.snapchat.com https://*.facebook.com https://*.trustpilot.com https://*.greenhouse.io https://*.vimeo.com https://*.google.com https://*.youtube.com https://*.typeform.com https://*.optimizely.com https://*.doubleclick.net 1
base-uri 'none';child-src js.stripe.com www.youtube.com play.vidyard.com;connect-src 'self' blob: www.google-analytics.com sentry.io *.sentry.io services.mother.co s3.ca-central-1.amazonaws.com api.adbutler.com https://1WIL6RAPZV-dsn.algolia.net www.googleapis.com servedbyadbutler.com https://dpm.demdex.net https://stats.g.doubleclick.net https://solarwinds.d2.sc.omtrdc.net wss://gns3.com;default-src 'self';font-src 'self' dist.mcdn.co fonts.gstatic.com use.typekit.net;frame-src https://referrer.solarwinds.com https://solarwindsworldwidellc.demdex.net;frame-ancestors 'none';img-src 'self' blob: data: media.mcdn.co *.media.mcdn.co maps.googleapis.com www.google-analytics.com maps.gstatic.com servedbyadbutler.com cdn.vidyard.com play.vidyard.com i.ytimg.com http://metrics.solarwinds.com https://smetrics.solarwinds.com;media-src 'self' blob: assets.mcdn.co *.assets.mcdn.co;object-src 'none';style-src 'self' dist.mcdn.co fonts.googleapis.com p.typekit.net use.typekit.net 'unsafe-inline';script-src 'self' dist.mcdn.co js.stripe.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com *.sentry.io play.vidyard.com https://assets.adobedtm.com https://dpm.demdex.net https://solarwinds.d2.sc.omtrdc.net https://static.solarwinds.com https://stats.g.doubleclick.net 'nonce-81eb385a436656f5780694dc7e884f5f' 1
report-uri https://www.lecom.com.br 1
default-src https: ws: wss: data: intent: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://*.scs.co.uk 1
frame-ancestors 'self' https://beta.timescard.com https://hdfcbank.timescard.com *.timescard.com 1
script-src www.huntsman.com *.equisolve.net qmod.quotemedia.com assets.adobedtm.com app.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com www.gstatic.com *.googletagmanager.com browser-update.org fast.fonts.net cdnjs.cloudflare.com/ajax/libs/font-awesome/ *.onetrust.com cdn.cookielaw.org api.mapbox.com snap.licdn.com px.ads.linkedin.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com aorta.clickagy.com hemsync.clickagy.com *.podbean.com huntsman.jcwcreative.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; font-src www.huntsman.com *.equisolve.net qmod.quotemedia.com assets.adobedtm.com app.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com www.gstatic.com *.googletagmanager.com browser-update.org fast.fonts.net cdnjs.cloudflare.com/ajax/libs/font-awesome/ *.onetrust.com cdn.cookielaw.org api.mapbox.com snap.licdn.com px.ads.linkedin.com js.zi-scripts.com ws.zoominfo.com tags.clickagy.com aorta.clickagy.com hemsync.clickagy.com *.podbean.com huntsman.jcwcreative.com d1io3yog0oux5.cloudfront.net 1
default-src 'self' https://logrhythm.com https://disqus.com https://*.6sc.co https://*.6sense.com https://c.disquscdn.com; connect-src 'self' https://logrhythm.com https://play.vidyard.com https://api.mida.so https://secure.adnxs.com https://epsilon-cloudfront.6sense.com https://epsilon-globalaccelerator.6sense.com https://*.6sense.com https://google.com https://cdn.linkedin.oribi.io https://www.google.com https://px.ads.linkedin.com https://js.zi-scripts.com https://*.privacymanager.io https://epsilon.6sense.com https://*.6sc.co https://analytics.google.com https://*.googlesyndication.com https://ws.zoominfo.com https://bat.bing.com https://spcollector.pathfactory.com https://adservice.google.com https://*.logrhythm.com https://maps.googleapis.com https://*.fontawesome.com https://*.clarity.ms https://use.typekit.net https://050-uwt-888.mktoutil.com https://*.addthisedge.com https://ampcid.google.com https://www.googletagmanager.com https://*.ampproject.org https://*.addthis.com https://*.ampproject.net https://connect.facebook.net https://yoast.com https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://stats.g.doubleclick.net https://*.yoast.com https://d3hb14vkzrxvla.cloudfront.net https://www.g2.com https://jukebox.pathfactory.com https://www.google-analytics.com https://050-uwt-888.mktoresp.com; font-src 'self' data: https://*.logrhythm.com https://*.hotjar.com https://*.typekit.net https://*.sharepointonline.com https://spoprod-a.akamaihd.net https://fonts.gstatic.com https://cdn-app.pathfactory.com https://*.fontawesome.com https://www.gartner.com https://maxcdn.bootstrapcdn.com https://cdn.pathfactory.com https://app.cdn.lookbookhq.com; img-src https: data: blob: ; media-src 'self' blob: https://*.logrhythm.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.logrhythm.com https://logrhythm.widget.insent.ai https://openfpcdn.io https://cdn.mida.so https://js.zi-scripts.com https://ws-assets.zoominfo.com https://*.trustarc.com https://launchpad.privacymanager.io https://launchpad-wrapper.privacymanager.io https://jobs.jobvite.com https://play.vidyard.com https://yoast.com https://ws.zoominfo.com https://player.vimeo.com https://*.clarity.ms https://j.6sc.co https://cdn.jsdelivr.net https://cdn-app.pathfactory.com https://unpkg.com/web-vitals https://www.g2.com https://*.facebook.com https://cdn.syndication.twimg.com https://www.gartner.com https://www.google.com https://www.googleoptimize.com https://*.googleapis.com https://tpc.googlesyndication.com https://optimize.google.com https://www.youtube.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ampproject.org https://www.googleadservices.com https://www.gstatic.com https://*.typeform.com js-agent.newrelic.com https://bam.nr-data.net https://beacon-v2.helpscout.net https://kit.fontawesome.com https://bat.bing.com https://munchkin.marketo.net https://snap.licdn.com https://static.ads-twitter.com https://*.twitter.com https://*.hotjar.com https://app.leadsrx.com https://secure.leadforensics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://logrhythm-com.disqus.com https://app.cdn.lookbookhq.com https://jukebox.pathfactory.com https://app-abc.marketo.com https://www.brighttalk.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://*.logrhythm.com https://cdn.jsdelivr.net https://*.fontawesome.com https://yoast.com https://cdn-app.pathfactory.com https://rgsharedweb.s3.amazonaws.com https://www.googletagmanager.com/debug/ https://ka-p.fontawesome.com https://platform.twitter.com https://*.twimg.com https://*.typekit.net https://*.disquscdn.com https://www.gartner.com https://*.googleapis.com https://optimize.google.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://app.cdn.lookbookhq.com; frame-src 'self' https://logrhythm.widget.insent.ai https://demostack.app https://*.trustarc.com https://*.doubleclick.net https://shortpixel.com https://logrhythm.com https://*.logrhythm.com https://forms.office.com https://jobs.jobvite.com https://play.vidyard.com https://www.facebook.com https://*.elementor.com https://www.itcentralstation.com https://www.google.com https://tpc.googlesyndication.com https://*.twitter.com https://*.addthis.com https://*.ampproject.net https://www.slideshare.net https://*.hotjar.com https://maps.google.com https://www.gartner.com https://tags.bluekai.com https://www.g2.com https://www.youtube-nocookie.com https://googleads.g.doubleclick.net https://disqus.com https://tempest.services.disqus.com https://www.youtube.com https://bid.g.doubleclick.net https://www.brighttalk.com https://*.fls.doubleclick.net; frame-ancestors 'self' explore.logrhythm.com https://www.g2.com https://*.logrhythm.com; 1
img-src 'self' https: data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: matomo.dolibarr.org *.sf-syn.com *.transifex.net *.transifex.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.googleadservices.com *.ads-twitter.com *.twitter.com *.facebook.net *.cloudflareinsights.com *.doubleclick.net; frame-ancestors 'self'; object-src https://youtube.com; frame-src 'self' *.google.com *.twitter.com *.facebook.com *.youtube.com; img-src * data:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YTBkYTY4YTEyMzg5NGFmZDkyODFmMWIwYjk1ZTIyYjI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.zorginstituutnederland.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.zorginstituutnederland.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.zorginstituutnederland.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.3way.pl; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://cdn.jsdelivr.net https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com http://www.googletagmanager.com https://*.google-analytics.com https://humanized-www.ergohestia.pl https://humanized-kariera.ergohestia.pl https://skk.erecruiter.pl https://cdnjs.cloudflare.com https://*.google.com https://www.googleadservices.com https://unpkg.com https://*.googlecode.com https://*.hotjar.com https://*.hotjar.io https://connect.facebook.net https://googleads.g.doubleclick.net https://www.gstatic.com http://platform.twitter.com https://*.vimeocdn.com https://*.3way.pl https://www.youtube-nocookie.com https://*.cloudflare.com https://*.googlesyndication.com https://td.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; connect-src 'self' https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com https://secure.livechatinc.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.yetiz.pl https://*.googlesyndication.com https://td.doubleclick.net wss://ws.hotjar.com; default-src https://*.yetiz.pl blob:; img-src 'self' https://cdn.bsbox.pl http://cdn.bsbox.pl https://*.googleapis.com https://*.gstatic.com https://i.vimeocdn.com https://*.google-analytics.com https://www.ergohestia.pl *.gravatar.com data: https://www.facebook.com https://www.google.pl https://*.google.com https://*.3way.pl https://*.googlesyndication.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://humanized-www.ergohestia.pl https://humanized-kariera.ergohestia.pl http://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://platform.twitter.com https://e.issuu.com https://*.windows.net https://www.youtube-nocookie.com https://www.webankieta.pl data: 1
default-src *.aiaibot.com https://*.akb.ch http://domtracd.main.agkb.ch/; img-src data: https://*.google.ch https://px.ads.linkedin.com https://*.cloudfront.net https://www.facebook.com/tr/ https://*.akb.ch https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.com https://bat.bing.com https://cdn.cookielaw.org https://*.googletagmanager.com; script-src 'unsafe-inline' 'unsafe-eval' https://api.mailxpert.ch/ https://chat.aiaibot.com https://player.podigee-cdn.net/podcast-player/javascripts/podigee-podcast-player.js https://bat.bing.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.googleadservices.com https://snap.licdn.com https://*.akb.ch https://*.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.ticketpark.ch https://*.google.com https://*.gstatic.com https://www.contovista.com https://www.newhome.ch https://www.facebook.com/tr/ https://connect.facebook.net https://nl.mailxpert.ch https://cdn.cookielaw.org https://irewind.com/vue/loaders/loader-general.js; frame-src https://live.brame-gamification.com/ *.aiaibot.com https://player.podigee-cdn.net/podcast-player/ https://player.vimeo.com/video/ https://www.facebook.com https://open.spotify.com https://*.akb.ch https://*.cashgate.ch https://www.newhome.ch https://www.companymarket.ch https://b2c-stage.extranet.netcetera.biz/ https://b2c-prod.netcetera.ch https://www.youtube.com https://www.youtube-nocookie.com/ https://*.ticketpark.ch https://*.google.com https://*.gstatic.com https://my.matterport.com/show/ https://static.matterport.com/showcase https://360.newhome.ch https://embed.podcasts.apple.com https://nl.mailxpert.ch https://sra.logismata.ch/ https://irewind.com/; style-src 'unsafe-inline' 'unsafe-eval' https://api.aiaibot.com/ https://*.akb.ch https://fonts.googleapis.com https://tagmanager.google.com/debug/css.css; font-src https://*.akb.ch https://fonts.gstatic.com; connect-src https://*.googleapis.com https://api.aiaibot.com/ https://*.g.doubleclick.net https://*.google-analytics.com https://anchor.fm https://*.akb.ch https://*.google.com https://www.contovista.com https://akb.abacuscity.ch https://cdn.cookielaw.org https://*.onetrust.com https://bat.bing.com https://*.googlesyndication.com; child-src blob: https://*.akb.ch; media-src blob: https://*.cloudfront.net https://anchor.fm https://*.akb.ch; frame-ancestors https://www.jobs.ch https://*.akb.ch https://jobs.nzz.ch/; form-action https://*.akb.ch https://www.facebook.com/tr/ https://*.bankinghub.swisscom.ch; 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.mczbf.com alb.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.visualwebsiteoptimizer.com app.vwo.com www.redditstatic.com conversions-config.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-c1c11a2e49911d6217a59f81f4a80988' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com 1
frame-ancestors 'self'; default-src https: data: blob: wss:; object-src 'none'; upgrade-insecure-requests; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; connect-src https: wss:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: blob: https:; worker-src 'self' blob:; 1
frame-ancestors https://tw-edit.17f48735.public.multi-containers.ibm.com https://tw-edit-dev.968d96a4.public.multi-containers.ibm.com 1
frame-ancestors 'self' https://dvag.testfc.dlstages01.dvag.de https://dvag.devfc.dlstages01.dvag.de  https://static.testfc.dlstages01.dvag.de  https://static.devfc.dlstages01.dvag.de  https://berater.finanzanalyse.dvag https://uat.berater.finanzanalyse.dvag https://staging.berater.deutschefin.tech https://dev.berater.deutschefin.tech https://vpd.finanzanalyse.dvag https://uat.vpd.finanzanalyse.dvag https://dev.vpd.deutschefin.tech https://d01.vpd.deutschefin.tech https://d02.vpd.deutschefin.tech https://d03.vpd.deutschefin.tech https://d04.vpd.deutschefin.tech https://d05.vpd.deutschefin.tech https://d06.vpd.deutschefin.tech https://d07.vpd.deutschefin.tech https://d08.vpd.deutschefin.tech https://d09.vpd.deutschefin.tech https://d10.vpd.deutschefin.tech https://d11.vpd.deutschefin.tech https://d12.vpd.deutschefin.tech https://d13.vpd.deutschefin.tech https://d14.vpd.deutschefin.tech https://d15.vpd.deutschefin.tech https://www.finanzanalyse.dvag https://uat.finanzanalyse.dvag https://dev.deutschefin.tech https://benutzerkonto.abnahme.dvag https://benutzerkonto.dvag 1
frame-ancestors 'self' *.oxfam.de 1
default-src 'self';script-src * 'unsafe-eval' 'unsafe-inline';style-src 'self' https: 'unsafe-inline';object-src 'none';base-uri 'self';connect-src *;font-src 'self' https: data:;frame-src *;img-src * data: blob:;manifest-src 'self';media-src * blob:;worker-src blob:;report-uri https://o493024.ingest.sentry.io/api/5600945/security/?sentry_key=c20dc930a9964e91b8aab0da9fa28db0;upgrade-insecure-requests;frame-ancestors 'self' https://app.events.ringcentral.com; 1
frame-ancestors *.kameleoon.com *.speedway.fr  1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.nl; img-src 'self' https: data: blob: https://mastodon.nl; style-src 'self' https://mastodon.nl 'nonce-duskZqvnFfSPj+qRXRFl5Q=='; media-src 'self' https: data: https://mastodon.nl; frame-src 'self' https:; manifest-src 'self' https://mastodon.nl; form-action 'self'; child-src 'self' blob: https://mastodon.nl; worker-src 'self' blob: https://mastodon.nl; connect-src 'self' data: blob: https://mastodon.nl https://mastodon.nl wss://mastodon.nl; script-src 'self' https://mastodon.nl 'wasm-unsafe-eval' 1
default-src 'none'; object-src 'none'; script-src 'self' *.humaninterest.com *.visualwebsiteoptimizer.com *.clarity.ms app.vwo.com www.google-analytics.com https://cdn.segment.com https://humaninterest.com https://js.chilipiper.com https://googleads.g.doubleclick.net/pagead/ https://www.googletagmanager.com https://www.google.com/pagead/ https://www.googleadservices.com/pagead/ https://tpc.googlesyndication.com https://pagead2.googlesyndication.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://bat.bing.com https://connect.facebook.net https://secure.perk0mean.com https://player.vimeo.com/api/player.js https://static.hotjar.com https://script.hotjar.com https://*.hubspot.com https://*.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.hs-scripts.com https://js.hsadspixel.net https://js.usemessages.com; connect-src 'self' *.humaninterest.com *.humaninterest.com.test *.chilipiper.com *.visualwebsiteoptimizer.com *.clarity.ms *.hotjar.com *.hotjar.io app.vwo.com www.google-analytics.com https://humaninterest.com https://api.segment.io https://cdn.segment.com https://api.rollbar.com https://stats.g.doubleclick.net https://bat.bing.com https://adservice.google.com/pagead/ https://www.google.com/pagead/ https://*.googlesyndication.com/pagead/ https://pagead2.googlesyndication.com/pagead/ https://analytics.google.com https://graphql.contentful.com/content/v1/spaces/tj9jxg7kaxby https://assets.ctfassets.net/tj9jxg7kaxby/ https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://logs.browser-intake-datadoghq.com https://vimeo.com/api/ wss://*.hotjar.com https://*.hubspot.com https://*.hubapi.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io/partner/41889/domain/humaninterest.com/token https://px.ads.linkedin.com; img-src 'self' data data: *.humaninterest.com *.chilipiper.com *.visualwebsiteoptimizer.com *.clarity.ms chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com script.hotjar.com www.google-analytics.com https://humaninterest.com https://hi-contentful.imgix.net https://human-interest-uploads.imgix.net https://humaninterest.imgix.net https://secure.gravatar.com https://px.ads.linkedin.com https://bat.bing.com https://c.bing.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://p.adsymptotic.com https://www.linkedin.com https://px4.ads.linkedin.com https://cx.atdmt.com https://googleads.g.doubleclick.net https://dev.visualwebsiteoptimizer.com https://i.vimeocdn.com/video/ https://images.ctfassets.net/tj9jxg7kaxby/ https://www.hotjar.com/images/ https://*.hubspot.com https://*.hsforms.com https://static.hsappstatic.net; style-src 'self' 'unsafe-inline' *.chilipiper.com *.visualwebsiteoptimizer.com app.vwo.com; font-src 'self' data: script.hotjar.com; media-src https://videos.ctfassets.net/tj9jxg7kaxby/; frame-src 'self' *.google.com *.chilipiper.com *.visualwebsiteoptimizer.com app.vwo.com vars.hotjar.com https://youtube.com https://player.vimeo.com https://bid.g.doubleclick.net https://td.doubleclick.net https://datawrapper.dwcdn.net https://businesscom.go2cloud.org https://www.g2.com/categories/401-k/ https://www.g2.com/products/human-interest-401-k/ https://app.hubspot.com https://*.hs-sites.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com https://cdn.cookietractor.com https://cdnjs.cloudflare.com https://player.vimeo.com https://mktdplp901cdn.azureedge.net https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://mktdplp102cdn.azureedge.net https://api.qr-code-generator.com https://www.google.com https://www.gstatic.com https://www.vimeo.com https://vimeo.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://www.google-analytics.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com  https://stackpath.bootstrapcdn.com https://pi.pardot.com https://www2.segalco.com https://unpkg.com https://create.piktochart.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://pro.fontawesome.com https://use.typekit.net https://cdn.jsdelivr.net https://p.typekit.net; img-src 'self' data: https://mdbcdn.b-cdn.net https://umbraco.tv https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://api.qr-code-generator.com https://www.linkedin.com https://www.googletagmanager.com https://c0.piktochart.com https://create.piktochart.com https://www.gravatar.com https://i.vimeocdn.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google-analytics.com; frame-src 'self' https://app.powerbi.com https://td.doubleclick.net https://app.smartsheet.com https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://www.podbean.com https://www.google.com https://player.vimeo.com https://vars.hotjar.com; connect-src 'self' https://px.ads.linkedin.com https://analytics.google.com https://cdn.linkedin.oribi.io https://df6ccce237f9494aa7ae788755b0e742.svc.dynamics.com https://content.hotjar.io wss://wsp32.hotjar.com wss://ws32.hotjar.com https://ws32.hotjar.com https://api.qr-code-generator.com https://fonts.piktochart.com https://stats.g.doubleclick.net https://create.piktochart.com https://www.google-analytics.com https://in.hotjar.com; font-src 'self' https://ka-p.fontawesome.com https://fonts.gstatic.com https://cf.piktochart.com https://pro.fontawesome.com https://use.typekit.net; media-src 'self' https://vod-progressive.akamaized.net; 1
base-uri https://*.attn.tv 'self'; default-src 'self' ws://* 'self' 'nonce-6ebf6a629d32bec3d71bf18d5aae16d8' https://cdn.shopify.com https://shopify.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://*.attn.tv https://*.evolv.ai https://*.shopify.com https://*.typekit.net https://fonts.googleapis.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' https://*.adnxs.com https://*.afterpay.com https://*.algolia.io https://*.algolia.net https://*.algolianet.com https://*.attn.tv https://*.cloudfront.net https://*.doubleclick.net https://*.fbot.me https://*.evolv.ai https://*.gladly.com https://*.gladly.qa https://*.gladly.chat https://*.googleapis.com https://*.gstatic.com https://*.klaviyo.com https://*.liadm.com https://*.lr-in-prod.com https://*.ltmsphrcl.net https://*.nr-data.net https://*.shopifysvc.com https://*.yofi.ai https://analytics.tiktok.com https://api.fullcontact.com https://api.juniphq.com https://bat.bing.com https://bcp.crwdcntrl.net https://boards-api.greenhouse.io https://cdn.cookielaw.org https://conversions-config.reddit.com https://cookie-cdn.cookiepro.com https://ct.pinterest.com https://events.attentivemobile.com https://geolocation.onetrust.com https://lux.speedcurve.com https://hits.getelevar.com https://mgln.ai https://measurement-api.criteo.com https://r.ingest-lr.com https://s.yimg.com https://simonsignal.com https://tecovas.sjv.io https://us-central1-adaptive-growth.cloudfunctions.net https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.redditstatic.com ws://localhost:8002 ws://*.gladly.chat wss://*.gladly.chat https://*.apicdn.sanity.io 'self' https://monorail-edge.shopifysvc.com; img-src 'self' data: http://localhost:* https://*.adnxs.com https://*.bing.com https://*.cloudfront.net https://*.criteo.com https://*.dashhudson.com https://*.evolv.ai https://*.googleapis.com https://*.gstatic.com https://*.liadm.com https://*.mgln.ai https://*.pubmatic.com https://*.sanity.io https://*.shopify.com https://aa.agkn.com https://ad.360yield.com https://ad.tpmn.co.kr https://ad.tpmn.io https://ade.clmbtech.com https://ads.stickyadstv.com https://alb.reddit.com https://api.intentiq.com https://b1sync.zemanta.com https://bh.contextweb.com https://c1.adform.net https://cdn.aralego.net https://cdn.cookielaw.org https://cm.g.doubleclick.net https://contextual.media.net https://criteo-partners.tremorhub.com https://criteo-sync.teads.tv https://ct.pinterest.com https://d.turn.com https://dpm.demdex.net https://data.adxcel-ec2.com https://e.dlx.addthis.com https://eb2.3lift.com https://e1.emxdgt.com https://ei.rlcdn.com https://exchange.mediavine.com https://googleads.g.doubleclick.net https://hb.yahoo.net https://he.lijit.com https://image8.pubmatic.com https://jadserve.postrelease.com https://live.rezync.com https://loadus.exelator.com https://login.dotomi.com https://logs-01.loggly.com https://lux.speedcurve.com https://match.adsrvr.org https://match.prod.bidr.io https://match.sharethrough.com https://mgln.ai https://mid.rkdms.com https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com https://p.adsymptotic.com https://p.alcmpn.com https://partner.mediawallahscript.com https://pippio.com https://pixel.rubiconproject.com https://pixel.tapad.com https://pixel-sync.sitescout.com https://pr-bh.ybp.yahoo.com https://public-prod-dspcookiematching.dmxleo.com https://r.casalemedia.com https://rtb-csync.smartadserver.com https://s.ad.smaato.net https://s.thebrighttag.com https://scripts.juniphq.com https://segment.prod.bidr.io https://simage2.pubmatic.com https://site-assets.afterpay.com https://sp.analytics.yahoo.com https://stags.bluekai.com https://sync.aralego.com https://sync.crwdcntrl.net https://sync.graph.bluecava.com https://sync.mathtag.com https://sync.sharethis.com https://sync.srv.stackadapt.com https://sync-criteo.ads.yieldmo.com https://tags.bluekai.com https://tapestry.tapad.com https://thrtle.com https://token.rubiconproject.com https://tr.snapchat.com https://trkn.us https://trends.revcontent.com https://um.simpli.fi https://visitor.omnitagjs.com https://ws.rqtrk.eu https://www.facebook.com https://www.google-analytics.com https://www.google.com https://x.bidswitch.net https://x.dlx.addthis.com https://*.yofi.ai; media-src 'self' https://*.shopify.com https://cdn.dashhudson.com https://res.cloudinary.com; font-src 'self' data: https://*.typekit.net https://fonts.gstatic.com https://static.klaviyo.com; worker-src 'self' blob: http://localhost:3000; script-src-elem 'self' 'unsafe-inline' http://*.criteo.net http://*.klaviyo.com http://acdn.adnxs.com http://b-code.liadm.com http://bat.bing.com http://localhost:* http://static.simonsignal.com https://*.adroll.com https://*.attn.tv https://*.cloudfront.net https://*.criteo.com https://*.doubleclick.net https://*.evolv.ai https://*.fbot.me https://*.googleadservices.com https://*.googleapis.com https://*.klaviyo.com https://*.lr-in-prod.com https://*.newrelic.com https://*.shopify.com https://*.shopmy.us https://analytics.tiktok.com https://cdn.attn.tv https://cdn.cookielaw.org https://cdn.gladly.com https://cdn.gladly.qa https://cdn.ingest-lr.com https://cdn.mgln.ai https://cdn.pdst.fm https://cdn.speedcurve.com https://cdnjs.cloudflare.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://ct.pinterest.com https://js.adsrvr.org https://js.afterpay.com https://js.cnnx.link https://s.pinimg.com https://s.yimg.com https://scripts.juniphq.com https://shopify-gtm-suite.getelevar.com https://static.fbot.me https://tags.crwdcntrl.net https://tags.fullcontact.com https://utt.impactcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/add-to-calendar-button@2 https://*.yofi.ai https://*.apicdn.sanity.io; frame-src http://*.criteo.net http://localhost:* https://*.criteo.com https://*.fbot.me/ https://app.viralsweep.com https://creatives.attn.tv https://ct.pinterest.com https://insight.adsrvr.org https://*.spotify.com https://player.vimeo.com https://td.doubleclick.net https://tecovas.attn.tv 1
base-uri zonapagos.com *.zonapagos.com 1
frame-ancestors 'self' https://www.googletagmanager.com https://app.hubspot.com 1
upgrade-insecure-requests; frame-ancestors https://*.patelco.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.force.com https://*.wp.com https://*.salesforce.com; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://chatbotsmagazine.com https://*.chatbotsmagazine.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' https://*.facebook.com 1
frame-ancestors 'self' https://twitter.com; 1
default-src 'self' https: *; font-src 'self' https: data: * https://js.intercomcdn.com http://fonts.intercomcdn.com; img-src 'self' https: data: * https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' * https://*.myshopify.com https://*.facebook.com/ https://*.google.com https://www.facebook.com/ https://*.fbcdn.net https://*.hotjar.com https://*.googletagmanager.com https://*.doubleclick.net https://*.youtube.com https://*.recaptcha.net/ https://*.intercom.io/ http://localhost:3035 ws://localhost:3035 https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://calendly.com https://*.airbrake.io; style-src 'self' https: 'unsafe-inline' *; frame-src 'self' https://*.myshopify.com https://*.facebook.com/ https://*.google.com https://www.facebook.com/ https://*.fbcdn.net https://*.hotjar.com https://*.googletagmanager.com https://*.doubleclick.net https://*.youtube.com https://*.recaptcha.net/ https://*.intercom.io/ http://localhost:3035 ws://localhost:3035 https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://calendly.com https://assets.calendly.com https://*.airbrake.io; child-src 'self' * https://*.myshopify.com https://*.facebook.com/ https://*.google.com https://www.facebook.com/ https://*.fbcdn.net https://*.hotjar.com https://*.googletagmanager.com https://*.doubleclick.net https://*.youtube.com https://*.recaptcha.net/ https://*.intercom.io/ http://localhost:3035 ws://localhost:3035 https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://calendly.com https://*.airbrake.io; connect-src 'self' * https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://calendly.com https://*.airbrake.io; frame-ancestors https://*.myshopify.com https://*.shopify.com https://admin.shopify.com 1
frame-ancestors https://*.tinkoff.ru; report-uri https://sme.tinkoff.ru/common/sentry/api/56/security/?sentry_key=25374a8bcb434c9494e2bbe1d024b9aa 1
frame-ancestors 'self' *.goteborgsvarvet.se 1
connect-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; default-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; img-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; object-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; script-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; style-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; worker-src *.jmonline.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' https://*.allohealth.care https://*.allohealth.care:3000 1
frame-ancestors 'self' https://social.zalopay.vn https://socialstg.zalopay.vn https://socialdev.zalopay.vn https://h5.zdn.vn 1
child-src 'self' https://googleads.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://www.stay22.com https://*.facebook.com https://ct.pinterest.com https://*.events.com https://tr.snapchat.com https://www.eventbrite.com https://weatherwidget.io https://weatherwidget.io/*; font-src 'self' data: https://*.events.com https://fonts.gstatic.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com/*; img-src data: * https://*.events.com https://storage.googleapis.com/* https://storage.googleapis.com/dev-evensi-calendar/img/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net  https://www.eventbrite.com https://www.google.com https://js.intercomcdn.com  https://s.pinimg.com https://widget.intercom.io https://*.events.com  https://www.googletagmanager.com https://www.google-analytics.com  https://*.googleadservices.com https://*.facebook.net https://*.googlesyndication.com  https://*.googleapis.com https://pagead2.googlesyndication.com  https://adservice.google.it https://tr.snapchat.com https://tr.snapchat.com  https://adservice.google.com https://snap.licdn.com https://sc-static.net  https://www.redditstatic.com https://static.ads-twitter.com https://www.eventbrite.com  https://unpkg.com/vue@2.6.12/dist/vue.min.js https://weatherwidget.io https://weatherwidget.io/*  https://storage.googleapis.com/* https://storage.googleapis.com/dev-evensi-calendar/img/*  https://cdn.ampproject.org https://*.gstatic.com https://www.gstatic.com; 1
font-src https: data:; img-src https: data:; 1
default-src 'self' ; worker-src 'self'  data: blob:; report-uri https://eagerly.nl/reports/report.php; img-src 'self' * data:; media-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com blob: data:; connect-src 'self' https://cdn.onesignal.com https://*.googleapis.com https://www.google.de https://*.google.com.mx https://*.google.it https://*.doubleclick.net https://*.google.be https://*.google.nl https://*.google.com https://*.nr-data.net https://*.google-analytics.com https://*.ip-api.com https://*.fullsession.io https://www.tivolivredenburg.nl https://*.hotjar.com https://connect.facebook.net https://*.googletagmanager.com wss://*.hotjar.com https://*.hotjar.io https://yoast.com https://www.facebook.com https://embedr.flickr.com https://stats.g.doubleclick.net https://analytics.tiktok.com https://*.google-analytics.com; frame-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com; child-src 'self' https://www.googletagmanager.com http://humortv.vara.nl https://w.soundcloud.com https://www.mixcloud.com https://player.vimeo.com https://www.youtube.com https://player.bnnvara.nl http://www.theguitarconnection.nl https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://td.doubleclick.net https://m.facebook.com https://*.google.com https://*.spotify.com https://ilost.co https://*.vpro.nl https://anchor.fm https://www.cognitoforms.com https://vimeo.com https://www.facebook.com https://vars.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.onesignal.com https://*.facebook.net https://*.google.com https://*.newrelic.com https://*.twitter.com https://*.vimeocdn.com https://*.fullsession.io https://www.tivolivredenburg.nl https://*.youtube.com https://*.vimeo.com https://*.googleapis.com https://ilost.co https://*.tiktok.com https://*.webhare.com https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://www.cognitoforms.com https://api.w3-edge.com https://widgets.flickr.com https://embedr.flickr.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.tivolivredenburg.nl; font-src 'self' https://fonts.googleapis.com https://www.facebook.com https://fonts.gstatic.com https://www.facebook.com https://fonts.gstatic.com data:; form-action 'self' https://*.my.salesforce-sites.com https://tivolivredenburg.crmplatform.nl https://www.facebook.com https://*.my.salesforce-sites.com https://tivolivredenburg.crmplatform.nl https://www.facebook.com; frame-ancestors 'self' ; 1
default-src 'self'; connect-src 'self' https://analytics.wozhost.ch https://static.woz.ch https://staticwozch-4f11.kxcdn.com; font-src 'self' https://static.woz.ch https://staticwozch-4f11.kxcdn.com; img-src 'self' data: https://creatives.woz.ch https://creativeswozch-4f11.kxcdn.com https://static.woz.ch https://staticwozch-4f11.kxcdn.com https://media-4f11.kxcdn.com; manifest-src 'self' https://static.woz.ch https://staticwozch-4f11.kxcdn.com; media-src 'self' https://media-4f11.kxcdn.com https://creatives.woz.ch https://creativeswozch-4f11.kxcdn.com; object-src 'none'; script-src 'self' https://analytics.wozhost.ch https://static.woz.ch https://staticwozch-4f11.kxcdn.com; script-src-attr 'self'; style-src 'self' https://static.woz.ch https://staticwozch-4f11.kxcdn.com; style-src-attr 'self'; frame-ancestors 'self' 1
require-trusted-types-for 'script';report-uri /_/ChromeWebStoreConsumerFeUi/cspreport 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.google.com www.google.me stampinupcdndev.blob.core.windows.net 3dsecure.monext.fr www.google.hu secure5.arcot.com www.stampinup.com 3ds-secure.cardcomplete.com *.www.recaptcha.net/ me.kis.v2.scr.kaspersky-labs.com images.wikibuy.com assets-tracking.crazyegg.com *.b-cdn.net script.crazyegg.com 3dspayment.paylife.at *.www.google.m secure.dkb.de qa-api.stampinup.at via.placeholder.com *.usabilla.com www.pinterest.nz acs1.3ds.modirum.com acs1-3dsecure.cic.fr *.find.userpilot.io *.hotjar.com *.amazonaws.com geschuetztkaufen2.commerzbank.de qa-api.stampinup.de www.capitalkoala.com *.azureedge.net stampinup.net www.google.es www.pinterest.es osano.com hotjar.io qa-api.stampinup.ca qa.stampinup.com.au www.google.ro s.pinimg.com region1.analytics.google.com *.wlp-acs.com *.pinterest.com www.google.by www.google.lk res.cloudinary.com wss://127.0.0.1:2020 www.google.sk www.google.co.uk *.acsbapp.com  www.google.com.cy www.facebook.com www.pinterest.co.uk particuliers.societegenerale.fr kg668dbov0.execute-api.us-east-1.amazonaws.com wss://127.0.0.1:2034 3d-secure.pluscard.de wss://127.0.0.1:2029 qa-api.stampinup.nz secure4.arcot.com ask.hotjar.io www.google.gr vc.hotjar.io js.monitor.azure.com monitor.clickcease.com stats.g.doubleclick.net www.instagram.com www.google.hn qa.stampinup.uk visa-secure-bxl.ing.de www.clickcease.com clickcease.com wss://127.0.0.1:2047 visasecure1.consorsbank.de monitor.geetest.com api.recurly.com www.google.lt ssl.google-analytics.com restcountries.com www.google.ae az-api.stampinup.ca www.google.co.kr usrvcms2.stampinup.com tattle.api.osano.com prd-cdn-talkdesk.talkdesk.com my.stampinup.com connect.facebook.net *.js.monitor.azure.com/ 3dsecure.ing.fr wib.capitalone.com acsbapp.com www.youtube.com www.google-analytics.com fonts.gstatic.com az-api.stampinup.de curator-assets.b-cdn.net www.google.tt mozbar.moz.com qa-api.stampinup.com www.google.no az-api.stampinup.at js.userpilot.io www.google.com.mt talkdeskchatsdk.talkdeskapp.com/ www.google.be sessions.bugsnag.com wss://127.0.0.1:2033 etc.roboform.com qa-api.stampinup.com.au unpkg.com www.google.ie wss://127.0.0.1:2028 *.curator.io cmp.osano.com www.google.cz www.paypal.com 1eaf.cardinalcommerce.com 3dsec.cardcenter.ch www.google.tt/ www.google.gg wss://127.0.0.1:2046 az-api.stampinup.com.au qa.stampinup.nl *.recurly.com www.google.com.ng gateway.zscloud.net cdn.jsdelivr.net region1.google-analytics.com www.google.at stampinup-media.azureedge.net *.prd-cdn-talkdesk.talkdesk.com gc.kis.v2.scr.kaspersky-labs.com acs.swisscard.ch adservice.google.com api.geetest.com www.google.de *.windows.net 3ds.sia.eu *.cdn.jsdelivr.net az-api.stampinup.nz acs1-3dsecure.creditmutuel.fr d6tizftlrpuof.cloudfront.net www.google.co.jp acs1.viseca.ch www.googletagmanager.com www.google.ca api.usabilla.com ssl.gstatic.com wss://127.0.0.1:2027 data1.ahjilop.com wss://127.0.0.1:2032 wss://127.0.0.1:2026 wss://127.0.0.1:2031 www.google.bg forms.monday.com *.hotjar.io *.tsock.us1.twilio.com www.bing.com pagestates-tracking.crazyegg.com cdn.honey.io acs1-3dsecure.targobank.de www.google.com.vc *.cloudinary.com channel-cards-html.lloydsbankinggroup.com surveystats.hotjar.io www.google.co.vi www.pinterest.se www.google.md www.stampinup.uk www.pinterest.it qa.stampinup.fr www.google.co.id acs.touch.tech content.hotjar.io *.cloudfront.net www.google.fr mail.teksavvy.com 3ds.consorsfinanz.de acs3.edb.com *.facebook.net *.unpkg.com su-media.s3.amazonaws.com api.talkdeskapp.com authentication2.six-group.com www.google.com.au qa-api.stampinup.nl www.google.fi www.recaptcha.net www.pinterest.fr www.google.it www.paypalobjects.com www.google.com.do www.google.pt wss://127.0.0.1:2030 www.google.dk wss://127.0.0.1:2025 www.google.com.gi *.wss://ws2.hotjar.com/ *.uploads.userpilot.io *.clickcease.com www.google.com.ni *.stampinup.com *.js.recurly.com www.google.co.nz *.doubleclick.net api.userpilot.io i.ytimg.com www.google.pl www.pinterest.jp localhost:* secure.3ds.cornercard.ch www.google.co.ck www.google.com.ph acs2-3dsecure.cic.fr qa.stampinup.de www.google.co.cr api.talkdeskchatsdk.talkdeskapp.com acs.3ds-hanseaticbank.de www.google.ch www.google.com.tw visasecure1.comdirect.de talkdeskchatsdk.talkdeskapp.com shopping.qantas.com www.google.co.in *.gstatic.com www.google.m assets.tailwindapp.com 3dsecure.psa.at qa.stampinup.ca *.trendmicro.com *.osano.com *.api.userpilot.io *.js.userpilot.io consent.api.osano.com qa-api.stampinup.fr www.google.com.ua *.consent.cookiebot.com www.rsa3dsauth.co.uk find.userpilot.io az-api.stampinup.uk www.gstatic.com cdn.ivaws.com dc.services.visualstudio.com 3dsecure-vrp.de gateway.zscaler.net disclosure.api.osano.com wss://127.0.0.1:2024 mastercardidentitycheck.sparkassen-kreditkarten.de acs2-3dsecure.cm-cic.com cdn.curator.io www.google.hr 0eaf.cardinalcommerce.com *.stats.g.doubleclick.net www.google.com.mx www.google.im api.microsofttranslator.com *.curator-assets.b-cdn.net api.curator.io *.cdn.curator.io uploads.userpilot.io media.stampinup.com www.google.com.jm *.facebook.com authentication.cardinalcommerce.com www.pinterest.ie pouch-global-font-assets.s3.eu-central-1.amazonaws.com www.google.com.pr *.pinimg.com themes.googleusercontent.com 3ds.rpc-raiffeisen.com home-c33.nice-incontact.com acs2-3dsecure.targobank.de analytics.google.com az-api.stampinup.nl www.googleoptimize.com qa.stampinup.com www.pinterest.com userpilot.io 3dspayment.easybank.at wss://*.ws.hotjar.com paiement1.secure.lcl.fr static.geetest.com hud.crazyegg.com www.gstatic.cn 3ds.fr.ing.com *.monitor.azure.com www.google.je *.api.curator.io/ tracking.crazyegg.com verifiedbyvisa.sparkassen-kreditkarten.de *.localhost:* www.google.com.gt www.google.lu consentcdn.cookiebot.com metrics.hotjar.io qa.stampinup.at www.slant.co www2.stampinup.com wss://ws.hotjar.com www.pinterest.ca *.googleapis.com az-api.stampinup.com cdn.acsbapp.com *.userpilot.io tsock.us1.twilio.com qa-api.stampinup.uk www.google.com gateway.zscalerone.net find-x.userpilot.io az-api.stampinup.fr www.pinterest.de www.pinterest.at www.google.com.ag www.google.bs www.google.cn www.pinterest.com.au www.google.se static3.avast.com www.google.com.sv login.microsoftonline.com wss://analytex-eu.userpilot.io ct.pinterest.com log.pinterest.com assets.pinterest.com www.google.ee translate.google.com js.recurly.com visasecure2.comdirect.de wss://tsock.us1.twilio.com t.paypal.com dc.services.visualstudio.com:8893 consent.cookiebot.com *.find-x.userpilot.io object.center www.google.com.co www.google.nl hotjar.com qa.stampinup.nz; frame-ancestors 'self' www.stampinup.com clickcease.com www1.stampinup.com www.youtube.com my.stampinup.com stampinup.net hotjar.com *.facebook.com stampinup.com consent.cookiebot.com static.hotjar.com ;  1
script-src *.rmunify.com www.google-analytics.com  'unsafe-inline' 'unsafe-eval' 1
default-src 'none'; frame-ancestors 'none'; child-src blob: *.cloudfoundry.org;  style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://fonts.googleapis.com/*; connect-src 'self' *.bootstrapcdn.com *.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' blob: *.twitter.com *.ads-twitter.com *.cloudflare.com *.googleapis.com *.googletagmanager.com *.facebook.net *.jsdelivr.net  *.google-analytics.com *.gstatic.com *.google.com; img-src 'self' data: *.googletagmanager.com *.google.com *.gravatar.com *.twitter.com *.cloudfoundry.org https://t.co *.local *.google-analytics.com; object-src 'self'; font-src 'self' data: *.bootstrapcdn.com; media-src 'self' blob:; frame-src *.local *.twitter.com *.google.com *.facebook.com *.youtube.com 1
frame-ancestors https://docs.singlestore.com https://staging.docs.singlestore.com https://*.contentstack.com; 1
frame-ancestors www.lebourvil.fr; 1
frame-ancestors self https://campus.masterd.es https://www.itmasterd.es https://formacion.masterd.es https://cms2.masterd.es https://intranet.masterd.es https://aplicaciones.masterd.es https://www.cambiamostuvida.es https://somos.masterd.es https://www.estudioaudiovisualmasterd.es https://www.mdigital.es https://www.escuelaventasmasterd.es https://www.ventajasmasterd.es; 1
frame-ancestors 'self' memberapp.exerp.com webtracapp.myvscloud.com *.myfitapp.de *.myfitapp.com cockpit.mobilepro.uk.com myfitapp.brightlime.com mobileapp.legendonlineservices.co.uk; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.express-scripts.com *.accredo.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.qualtrics.com *.cigna.com cdn.cookielaw.org *.onetrust.com; child-src 'self' blob: *.brightcove.net *.express-scripts.com *.accredo.com; connect-src 'self' *.express-scripts.com expressscriptsholdin.tt.omtrdc.net dpm.demdex.net *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net dotsub.com *.accredo.com *.boltdns.net *.brightcovecdn.com *.mktoresp.com *.qualtrics.com *.akamaihd.net expressscripts.sc.omtrdc.net *.cigna.com cdn.cookielaw.org *.onetrust.com *.branch.io app.link bam.nr-data.net *.verint-cdn.com *.wevalueyourfeedback.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com *.accredo.com *.express-scripts.com *.verint-cdn.com *.wevalueyourfeedback.com; frame-src 'self' abesiemsen.github.io *.qualtrics.com expressscriptsholdingcompany.demdex.net *.accredo.com *.express-scripts.com tpidev7.com bcove.video players.brightcove.net *.doubleclick.net *.google.com; img-src 'self' data: *.accredo.com expressscripts.sc.omtrdc.net *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.boltdns.net *.qualtrics.com *.express-scripts.com dpm.demdex.net cm.everesttech.net *.googletagmanager.com *.doubleclick.net cdn.jsdelivr.net cdn.cookielaw.org *.onetrust.com *.branch.io app.link *.adsrvr.org *.google.com *.verint-cdn.com *.wevalueyourfeedback.com; media-src 'self' blob: *.brightcove.net *.brightcove.com *.dotsub.com *.express-scripts.com *.accredo.com *.boltdns.net *.brightcovecdn.com *.qualtrics.com *.akamaihd.net dotsub.com; object-src 'self' *.accredo.com *.express-scripts.com *.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.everestjs.net *.cloudflare.com *.rawgit.com *.brightcove.com *.brightcove.net *.api.brightcove.com *.zencdn.net *.dialogtech.com *.marketo.net *.qualtrics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.ads-twitter.com *.twitter.com *.accredo.com *.express-scripts.com *.cigna.com cdn.jsdelivr.net unpkg.com cdn.cookielaw.org *.onetrust.com snap.licdn.com *.facebook.net *.facebook.com *.branch.io app.link *.adsrvr.org *.google.com *.gstatic.com *.newrelic.com *.marketo.com *.verint-cdn.com *.wevalueyourfeedback.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com *.express-scripts.com *.accredo.com *.cloudflare.com cdn.jsdelivr.net *.verint-cdn.com *.wevalueyourfeedback.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' *.express-scripts.com *.accredo.com 1
default-src 'self';  connect-src 'self' px.ads.linkedin.com accounts.google.com www.facebook.com tagmanager.google.com secure.adnxs.com c.6sc.co vimeo.com cdn.linkedin.oribi.io log.cookieyes.com cdn-cookieyes.com directory.cookieyes.com wss://ws.hotjar.com wss://wsp38.hotjar.com wss://ws3.hotjar.com wss://ws38.hotjar.com wss://ws47.hotjar.com  *.hotjar.com *.hotjar.io cdn.cookielaw.org geolocation.onetrust.com ipv6.6sc.co analytics.google.com www.google-analytics.com stats.g.doubleclick.net my.yoast.com yoast.com my.wpengine.com *.cloudfront.net *.wistia.com;  font-src 'self' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com rambus.wpenginepowered.com data:; form-action 'self' www.facebook.com;  frame-ancestors 'self';  style-src 'self' rambus.wpenginepowered.com *.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline';  script-src 'self' connect.facebook.net rambus.wpenginepowered.com cdn-cookieyes.com/ www.youtube.com player.vimeo.com go.rambus.com cdn.c212.net c212.net pixel.mathtag.com cdn.cookielaw.org www.googletagmanager.com *.hotjar.com j.6sc.co snap.licdn.com www.google-analytics.com pi.pardot.com cdnjs.cloudflare.com yoast.com accounts.google.com *.wistia.com beacon-v2.helpscout.net 'unsafe-inline' 'unsafe-eval';  img-src 'self' data: rambus.wpenginepowered.com cdn-cookieyes.com googletagmanager.com b.6sc.co px.ads.linkedin.com px4.ads.linkedin.com www.google-analytics.com www.google.com www.facebook.com go.rambus.com secure.gravatar.com content.cdntwrk.com pixel.mathtag.com i.ytimg.com pbs.twimg.com wpengine.com *.wpengine.com ps.w.org yoa.st yoast.com storage.googleapis.com wp-rocket.me *.openstreetmap.org;  frame-src 'self' www.facebook.com www.slideshare.net vars.hotjar.com player.vimeo.com go.rambus.com pixel.mathtag.com www.youtube.com app.essential-addons.com wp-rocket.me smartslider3.com; 1
default-src 'self' https://dayone.me https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com blob: https://pixel.wp.com/t.gif https://i.ytimg.com/; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://accounts.google.com/gsi/client https://apis.google.com; connect-src 'self' https://dayone.me https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://apis.google.com https://accounts.google.com/gsi/ https://pixel.wp.com/t.gif https://chocolate-prod.s3.amazonaws.com https://chocolate-prod.s3.us-east-1.amazonaws.com https://dayone-syncmedia-production-new.s3.amazonaws.com https://dayone-syncmedia-production-new.s3.us-east-1.amazonaws.com https://o248881.ingest.sentry.io/api/4503976745369600/envelope/ https://public-api.wordpress.com/geo/ https://www.googleapis.com https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone-client-only/production/private/records/ https://api.apple-cloudkit.com/database/1/iCloud.com.dayoneapp.dayone/production/public/users/current https://publish.dayone.app/support/SupportFormConfig.json; frame-src https://accounts.google.com/ blob: https://content.googleapis.com/ https://www.youtube.com/ https://player.vimeo.com/video/ https://embed.spotify.com/ https://open.spotify.com/embed/playlist/; font-src 'self' data:; 1
default-src 'self' data: 'unsafe-inline' https://www.apachecon.com/ https://analytics.apache.org/ http://analytics.apache.org/; frame-src 'self' https://docs.groovy-lang.org/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.apache.org/; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://groovy-lang.org/; 1
default-src 'none'; style-src 'unsafe-inline'; sandbox 1
default-src 'self'; frame-src 'self' blob: data:; font-src 'self'; object-src 'none';img-src 'self' data: blob: https://internal.watchdox.net:8443/api https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ ; media-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src  'unsafe-inline' 'self'; connect-src 'self' https://internal.watchdox.net:3000; worker-src data: blob:; 1
base-uri 'self'; connect-src 'self' https: edge.fullstory.com rs.fullstory.com cdn.cookielaw.org geolocation.onetrust.com *.google-analytics.com www.googleadservices.com; default-src 'self'; font-src 'self' data: static.reach.com fonts.googleapis.com fonts.gstatic.com reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com; form-action 'self'; frame-ancestors 'self' *.reach.com; frame-src 'self' www.googletagmanager.com widget.trustpilot.com www.google.com reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com boards.greenhouse.io; img-src 'self' data: static.reach.com www.google.com www.google.ca www.google-analytics.com googleads.g.doubleclick.net reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com rs.fullstory.com www.googletagmanager.com www.nationaldebtrelief.com player.idomoo.com; media-src v.idomoo.com; object-src 'none'; report-uri https://o4504759309500416.ingest.sentry.io/api/4504759314284544/security/?sentry_key=efc49940164f49629b76ca34542e4687&sentry_environment=prod; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com ssc.reach.com cdn.cookielaw.org rs.fullstory.com edge.fullstory.com widget.trustpilot.com geolocation.onetrust.com boards.greenhouse.io player.idomoo.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com reachfinancial.my.site.com reachfinancial.my.salesforce-sites.com 1
default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' * 1
default-src 'self' *.chuo-bus.co.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.ricoh.com *.visualstudio.com *.fontawesome.com; img-src 'self' https://* *.chuo-bus.co.jp; script-src 'self' 'unsafe-eval' *.chuo-bus.co.jp *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.ricoh.com *.msecnd.net *.visualstudio.com 'nonce-VhPQ4HO5VWhTRw1oAyp1yw=='; style-src 'self' 'unsafe-inline' *.chuo-bus.co.jp *.ricoh.com *.fontawesome.com; frame-src 'self' *.chuo-bus.co.jp; font-src *.fontawesome.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src * blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * blob: 'unsafe-inline'; font-src * data:; frame-src *; style-src * 'unsafe-inline'; frame-ancestors https://*.flukecal.com; object-src 'none'; 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data:; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src wss://ws.dogechain.info https://chain.so 'self'; frame-ancestors 'none' 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://tribune.net.ph;block-all-mixed-content; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes'; connect-src 'self' https://*.bgp.tools:8443 wss://*.bgp.tools:8443 wss://*.bgp.tools https://*.bgp.tools; upgrade-insecure-requests; block-all-mixed-content; report-uri https://bgp.tools/internal/csp-report 1
default-src 'self'; script-src 'self' embraer.com cdn.ckeditor.com rec.smartlook.com snap.licdn.com www.googletagmanager.com www.youtube.com code.jquery.com kendo.cdn.telerik.com adservice.google.com static.hotjar.com script.hotjar.com doubleclick.net consent.cookiefirst.com cdnjs.cloudflare.com zn3efmsp28lzusdan-embraer.siteintercept.qualtrics.com tracker.sqreemtech.com d10lpsik1i8c69.cloudfront.net googleads.g.doubleclick.net pi.pardot.com www2.embraerexecutivejets.com connect.facebook.net siteintercept.qualtrics.com maps.googleapis.com d8ejoa1fys2rk.cloudfront.net www.google-analytics.com cdn.jsdelivr.net static.elfsight.com s.yimg.com analytics.twitter.com 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src 'self' cdn.ckeditor.com fonts.googleapis.com cdnjs.cloudflare.com consent.cookiefirst.com 'unsafe-inline'; font-src 'self' fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; object-src 'none'; media-src defense.embraer.com embraerx.embraer.com embraer.bynder.com d3cy9zhslanhfa.cloudfront.net 1
default-src 'self';font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.episerver.net;img-src 'self' data: *.gstatic.com *.google.com *.lakemedelsverket.open-analytics.se *.episerver.net *.vizzit.se;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vizzit.se *.readspeaker.com *.episerver.net *.kiprotect.com *.lakemedelsverket.open-analytics.se *.vo.msecnd.net *.gstatic.com *.google.com *.jquery.com *.bootstrapcdn.com *.aslint.org;style-src 'self' 'unsafe-inline' *.readspeaker.com *.bootstrapcdn.com *.episerver.net *.vizzit.se *.googleapis.com;frame-src 'self' *.screen9.com *.google.com;frame-ancestors 'self';connect-src 'self' *.vizzit.se *.lakemedelsverket.open-analytics.se *.services.visualstudio.com;report-uri /api/csp/cspreport 1
default-src 'self' data: blob: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.schepp.workers.dev/; connect-src 'self' http://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://*.ingest.sentry.io/ wss://*.piesocket.com wss://chii.liriliri.io https://chii.liriliri.io https://*.pingdom.net/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://*.izooto.com/ https://*.jwpltx.com/ https://ssl.p.jwpcdn.com/ https://t.adcell.com/ https://*.ad4m.at https://*.trafficjunky.net/ wss://knpb-media.zammad.com/ https://*.vxcdn.org/ https://*.mmapiws.com/; font-src 'self' data: http://localhost http://localhost:3000 https://*.hotjar.com/ https://fonts.gstatic.com/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/; frame-src 'self' antennapod-subscribe: castros: downcast: gpodder: icatcher: instacast: overcast: playerfm: pktc: podcastaddict: podcastguru: podcat: podkicker: rssradio: podcast: https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://cdn.izooto.com https://*.hotjar.com/ https://ad.ad-srv.net/; img-src 'self' data: blob: android-webview-video-poster: http://localhost:10001/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://*.dvdl.net/ https://via.placeholder.com/ https://source.unsplash.com/ https://images.unsplash.com/ https://*.hotjar.com/ https://*.jwpltx.com/ https://*.jwpsrv.com/ https://*.trafficjunky.net/ https://syndication.exoclick.com/ https://syndication.realsrv.com/ https://syndication.exdynsrv.com/ https://tsyndicate.com/ https://*.vxcdn.org/; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://chii.liriliri.io https://cdn.jwplayer.com/ https://content.jwplatform.com/ https://ssl.p.jwpcdn.com/ https://www.gstatic.com/ https://*.sentry-cdn.com/ https://*.pingdom.net/ https://t.adcell.com/ https://www.adcell.de/ https://ad4m.at/ https://static.hotjar.com/ https://script.hotjar.com/ https://cdn.izooto.com/ https://static.trafficjunky.com/ https://*.exoclick.com/ https://device.maxmind.com/ https://knpb-media.zammad.com/; style-src 'self' 'unsafe-inline' data: http://localhost/ https://localhost/ https://erotik.com/ https://dvderotik.com/ https://*.ffrtz.com/ https://*.erotik.com/ https://*.dvderotik.com/ https://knpb-media.zammad.com/; media-src 'self' blob: data: https://*.dvdl.net/ https://*.schepp.workers.dev/ https://*.vxcdn.org/; form-action 'self' https:; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://*.ffrtz.com; child-src 'self' 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com  oembed.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net oembed.com svc.webspellchecker.net broschuerenservice.wirtschaft.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net broschuerenservice.wirtschaft.nrw;    font-src data: *;    img-src  data: blob: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com oembed.com broschuerenservice.wirtschaft.nrw;    worker-src  'self' blob: *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com oembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com oembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de broschuerenservice.wirtschaft.nrw;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' playcanvas.com msg.playcanvas.com code.playcanvas.com relay.playcanvas.com https://js.stripe.com https://*.google.com https://*.google-analytics.com https://www.googletagmanager.com https://s3-eu-west-1.amazonaws.com https://cdn.cookielaw.org https://geolocation.onetrust.com; font-src https://playcanvas.com 'self' data:; 1
default-src * 'self' data:; script-src * 'unsafe-inline'; style-src * blob: 'unsafe-inline' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' data: blob: https:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; form-action 'self' https:; object-src https:; media-src blob: data: https:; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://static.mysph.sph.com.sg;upgrade-insecure-requests; 1
frame-ancestors 'self' https://manage.ledsmagazine.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src *;  style-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *; img-src 'self' data: *; 1
default-src 'self' https://*.clearygottlieb.com https://*.truste.com https://*.nr-data.net https://*.siteimproveanalytics.io https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.doubleclick.net https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com; script-src 'nonce-cD+UCjeKYqCEuXplrWs+Jd2WgyleBq7jIMbvgbvIoCE=' 'unsafe-eval' 'self' https://*.clearygottlieb.com https://*.jquery.com https://*.googletagmanager.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.nr-data.net; style-src 'unsafe-inline' 'self' https://*.clearygottlieb.com; font-src 'self' https://*.trustarc.com data:; img-src 'self' https://*.clearygottlieb.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.google.com.ec https://*.truste.com https://*.siteimproveanalytics.io https://*.google-analytics.com https://*.trustarc.com data:; media-src https://*.clearygottlieb.com https://*.vimeo.com https://*.akamaized.net data:; child-src https://*.clearygottlieb.com https://*.vimeo.com; frame-src https://*.clearygottlieb.com https://*.googletagmanager.com https://*.trustarc.com https://*.vimeo.com; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none' ; connect-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; style-src  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' ; object-src 'none' ; worker-src blob: ; child-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-src blob:  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; form-action  https://duckduckgo.com https://*.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; frame-ancestors 'self' https://html.duckduckgo.com; base-uri 'self' ; block-all-mixed-content ; 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://*.sharethis.com/ https://p2a.co/ *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.hs-banner.com *.facebook.net *.google-analytics.com *.google.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://p2a.co/js/embed/widget/advocacywidget.min.js https://*.google.com https://www.googletagmanager.com/ https://svc.webspellchecker.net/ https://loader.webspellchecker.net/ https://connect.facebook.net/ https://www.google-analytics.com/ https://*.sharethis.com/ https://e.infogr.am/; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google.com https://fonts.googleapis.com/ http://fonts.googleapis.com/ https://svc.webspellchecker.net/ https://*.sharethis.com/; object-src 'self' https://playlist.podbean.com; frame-ancestors 'self' https://www.googletagmanager.com/ 1
frame-ancestors 'self' https://www.mailcloud.com.tw; #   default-src 'self' *.mailcloud.com.tw; #   script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mailcloud.com.tw;    connect-src 'self' www.mailcloud.com.tw;    font-src * data:;    img-src * data:;    style-src * 'unsafe-inline';    report-uri /cgi-bin/report; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://smct.co https://www.awin1.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://smct.co https://ipl.smct.co https://ipb.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.eyeko.com https://m.eyeko.com https://checkout.eyeko.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://ln-rules.rewardstyle.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://cdn.pubnub.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
report-uri https://lorman.report-uri.com/r/d/csp/wizard; frame-ancestors 'self' 1
default-src *; img-src * data:; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.intellimizeditor.com https://intellimizeditor.com https://cdn.intellimize.co https://ajax.googleapis.com https://ajax.cloudflare.com https://analytics.twitter.com https://api.intellimize.co https://app-abk.marketo.com https://audience.nrich.ai https://bat.bing.com https://boards.greenhouse.io https://cdn.ampproject.org https://cdn.cookielaw.org https://cdn.onesignal.com https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://js.chilipiper.com https://maps.googleapis.com https://munchkin.marketo.net https://onesignal.com https://player.vimeo.com https://s.yimg.com https://sc.lfeeder.com https://script.crazyegg.com https://script.hotjar.com https://secure.esignlive.com https://secure.onespan.com https://serve.nrich.ai https://ssl.google-analytics.com https://snap.licdn.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.hotjar.com https://tag.demandbase.com https://tag.nrich.ai https://tpc.googlesyndication.com https://translate.google.com https://tribl.io https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://d41.co https://*.d41.co https://embed.ustudio.com https://asana-user-private-us-east-1.s3.us-east-1.amazonaws.com https://id.rlcdn.com https://scout-cdn.salesloft.com https://tracking.g2crowd.com https://j.6sc.co https://view.ceros.com https://app.leandata.com https://js.driftt.com https://js.zi-scripts.com https://ws-assets.zoominfo.com https://optimize.google.com https://www.googleoptimize.com/ https://extend.vimeocdn.com https://code.highcharts.com https://cdn.bizible.com https://www.vimeo.com https://vimeo.com https://cdn.jsdelivr.net https://rc-sc.js.driftt.com; style-src 'self' 'report-sample' 'unsafe-inline' https://app-abk.marketo.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://js.chilipiper.com/ https://onesignal.com https://secure.onespan.com https://tag.demandbase.com https://translate.googleapis.com https://tribl.io https://use.fontawesome.com https://cdn.jsdelivr.net https://optimize.google.com https://www.googletagmanager.com https://www.gstatic.com; form-action 'self'; base-uri 'self'; object-src 'none'; connect-src 'self' https://*.clarity.ms https://*.company-target.com https://*.nr-data.net https://308-zmt-742.mktoresp.com https://308-zmt-742.mktoutil.com https://adservice.google.com https://analytics.google.com https://api.chilipiper.com https://api.intellimize.co https://audience.nrich.ai https://bat.bing.com https://cdn.cookielaw.org https://in.hotjar.com https://log.intellimize.co https://maps.googleapis.com https://region1.google-analytics.com https://region1.analytics.google.com https://s.yimg.com https://secure.onespan.com https://serve.nrich.ai https://stats.g.doubleclick.net https://tag.nrich.ai https://tracking.chilipiper.com https://translate.googleapis.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.facebook.com https://www.google-analytics.com https://app.leandata.com https://js.zi-scripts.com https://ws.zoominfo.com https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bj https://www.google.by https://www.google.bs https://www.google.ca https://www.google.cd https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.cz https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.cg https://www.google.com.co https://www.google.com.cy https://www.google.com.cu https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.kh https://www.google.com.jm https://www.google.com.kw https://www.google.com.lb https://www.google.com.li https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.nl https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sg https://www.google.com.sv https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.com https://www.google.cu https://www.google.de https://www.google.dk https://www.google.dl https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fl https://www.google.fr https://www.google.ge https://www.google.gm https://www.google.gr https://www.google.hn https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.iq https://www.google.is https://www.google.it https://www.google.jo https://www.google.kg https://www.google.kz https://www.google.la https://www.google.lk https://www.google.li https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.nl https://www.google.no https://www.google.pl https://www.google.pt https://www.google.ro https://www.google.rw https://www.google.rs https://www.google.ru https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sn https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tn https://www.google.vu https://www.google.zm https://www.googletagmanager.com https://cs.lf-discover.com https://*.d41.co https://d41.co https://se-services.intellimize.co https://*.salesloft.com https://*.6sc.co https://www.google.co.ls https://www.google.bi https://www.google.com.af https://www.google.tt https://www.google.ws https://www.google.st https://www.google.gg https://www.google.im https://secure.adnxs.com/ https://js.driftt.com https://www.googletagmanager.com https://content.hotjar.io https://metrics.hotjar.io https://epsilon.6sense.com https://px.ads.linkedin.com https://*.6sense.com; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com https://use.fontawesome.com; frame-src https://*.esignlive.com/ https://*.onespan.com https://api.intellimize.co https://app.intellimize.co https://*.intellimizeio.com https://onespan.chilipiper.com https://apps.chilipiper.com https://app-abk.marketo.com https://bid.g.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://sandbox.esignlive.com https://secure.onespan.com https://test.api.intellimize.co https://tpc.googlesyndication.com https://tribl.io https://vars.hotjar.com https://vimeo.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://*.youtube.com https://youtube.com https://*.prod.acquia-sites.com https://embed.ustudio.com/ https://view.ceros.com/ https://app.leandata.com https://js.driftt.com https://optimize.google.com https://webikeo.fr/ https://td.doubleclick.net/ http://stg.onespan.com/ http://www.onespan.com/ https://rc-sc.driftt.com; img-src 'self' data: blob: *; manifest-src 'self'; media-src 'self'; worker-src 'none'; report-uri https://ea04e958cc13a15d0bbc4cbc506ff315.report-uri.com/r/d/csp/enforce; 1
img-src 'self' https://assets.tarkov.dev https://avatars.githubusercontent.com data: https://images.weserv.nl; frame-src 'self' https://discord.com https://challenges.cloudflare.com; style-src 'self' https://tarkov.dev https://discord.com 'unsafe-inline'; font-src 'self' https://tarkov.dev https://discord.com; form-action 'self'; script-src 'self' *.cloudflareinsights.com https://challenges.cloudflare.com wombatstats.com discord.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net 'unsafe-inline'; object-src 'none'; base-uri 'self'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://subs.bdonline.co.uk; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; media-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; frame-ancestors 'self'; report-uri /csp-report; 1
font-src *.googleapis.com *.gstatic.com *.klarnacdn.net *.cloudfront.net *.klarna.com *.zdassets.com *.mekonomen.se *.mekonomen.no *.firebase.com *.zendesk.com mekonomen.customer.eclub.se *.myvisitors.se *.triggerbee.com google-analytics.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mekonomen.se *.mekonomen.no *.facebook.com mekonomen.customer.eclub.se 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.mekonomen.se *.mekonomen.no *.facebook.com *.google.com *.castrol.com *.lubricantadvisor.com *.mobil1.se *.zendesk.com *.thule.com *.doubleclick.net *.hotjar.com mekonomen.boost.ai *.promeisterportal.com *.googletagmanager.com *.google-analytics.com mekonomen-booking.promeisterportal.com code.jquery.com *.googleapis.com mekonomen.customer.eclub.se c2m.c2management.se *.reco.se mekonomenno.customer.eclub.se *.resurs.com *.signicat.com *.promeister.com staging-booking.promeister.com *.jobylon.com *.redeal.se 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.swagger.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.mekonomen.se *.mekonomen.no cdn.cookielaw.org *.google.com *.google.co.in *.ytimg.com *.redchamps.com *.cloudfront.net *.firebase.com *.zendesk.com *.adnxs.com *.mookie1.com *.googletagmanager.com *.facebook.net *.google-analytics.com mekonomen.customer.eclub.se *.magentocommerce.com *.demdex.net *.googleadservices.com *.paypalobjects.com *.paypal.com *.sandbox.paypal.com *.bing.com *.doubleclick.net *.facebook.com *.jobylon.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net *.mekonomen.se *.mekonomen.no *.bing.com *.google.com *.adtraction.com *.adnxs.com *.firebase.com *.zdassets.com *.zopim.com *.cloudfront.net *.zendesk.com *.criteo.net *.criteo.com *.hotjar.com mekonomen.boost.ai *.mookie1.com *.promeisterportal.com code.jquery.com google-analytics.com *.googleadservices.com *.facebook.com *.facebook.net cdn.cookielaw.org *.onetrust.com mekonomen.customer.eclub.se *.authorize.net *.braintreegateway.com *.cardinalcommerce.com *.ccdc02.com *.dnky.co *.dotdigital.com *.addthis.com *.doubleclick.net *.myvisitors.se *.triggerbee.com *.dep-x.com *.jobylon.com *.redeal.se 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnacdn.net *.mekonomen.se *.mekonomen.no *.cloudfront.net *.klarna.com *.zdassets.com *.firebase.com *.zendesk.com *.google.com *.googleapis.com *.googletagmanager.com mekonomen.customer.eclub.se 'self' 'unsafe-inline'; object-src *.mekonomen.se *.mekonomen.no *.cloudfront.net *.zendesk.com code.jquery.com *.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com *.mekonomen.se *.mekonomen.no *.klarna.com *.cloudfront.net *.zendesk.com *.zdassets.com *.zopim.com *.googleapis.com *.myvisitors.se *.triggerbee.com *.google-analytics.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ *.algolia.io *.googletagmanager.com *.google-analytics.com *.stats.g.doubleclick.net *.mekonomen.se *.mekonomen.no *.facebook.com *.google.com *.doubleclick.net *.zopim.com *.zdassets.com *.zendesk.com *.cloudfront.net *.youtube.com *.firebase.com *.hotjar.com mekonomen.boost.ai *.getsentry.com *.promeisterportal.com code.jquery.com cdn.cookielaw.org *.onetrust.com webborder-test.mekonline.com webborder.mekonline.com *.redeal.se 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://google.com https://googletagmanager.com https://b.yjtag.jp https://youtube.com 1
default-src 'none';script-src 'unsafe-inline' 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://maps.googleapis.com https://az416426.vo.msecnd.net/scripts/ https://www.google-analytics.com/;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;connect-src 'self' https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://dc.services.visualstudio.com/ https://www.google-analytics.com/j/collect;font-src 'self' https://fonts.gstatic.com/s/;img-src 'self' blob: data: https://www.google.com/ https://www.google.com.au/ https://maps.googleapis.com/maps/ https://maps.gstatic.com/mapfiles/ https://img.youtube.com; child-src https://www.youtube.com https://www.google.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.twitter.com *.googletagmanager.com *.cookielaw.org static.addtoany.com cdnjs.cloudflare.com cdn.bc0a.com assets.sitescdn.net fonts.googleapis.com *.siteimprove.net ajax.googleapis.com visit.sanmanuel.com klear.com cdn.b0e8.com *.google-analytics.com *.bing.com *.amazon-adsystem.com *.clarity.ms *.siteimproveanalytics.com *.adsrvr.org *.youtube.com connect.facebook.net munchkin.marketo.net s.yimg.com googleads.g.doubleclick.net *.cloudfront.net *.viralsweep.com *.pollstream.com insiderdata360online.com *.sevenrooms.com *.i4go.com *.recaptcha.net *.gstatic.com answers-embed.yaamava.com.pagescdn.com *.byspotify.com *.instagram.com *.visrez.com *.stackadapt.com *.googleadservices.com siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.visitingmedia.com visitingmedia.com *.jquery.com *.sevenrooms.com id.eu.siteimprove.com *.quantserve.com rules.quantcount.com qvdt3feo.com *.player.vimeo.com; script-src-elem 'self' 'unsafe-inline' assets.sitescdn.net visit.sanmanuel.com cdn.siteimprove.net *.instagram.com *.googletagmanager.com cdn.cookielaw.org cdn.jsdelivr.net connect.facebook.net siteimproveanalytics.com tags.srv.stackadapt.com pixel.byspotify.com *.youtube.com munchkin.marketo.net bat.bing.com c.amazon-adsystem.com googleads.g.doubleclick.net *.google-analytics.com static.addtoany.com interactive.visrez.com secure.quantserve.com *.clarity.ms rules.quantcount.com visitingmedia.com *.sevenrooms.com code.jquery.com insiderdata360online.com  tags.srv.stackadapt.com answers-embed.yaamava.com.pagescdn.com platform.twitter.com cdnjs.cloudflare.com unpkg.com qvdt3feo.com i4m.i4go.com *.googleadservices.com klear.com https://player.vimeo.com/api/player.js; style-src 'self' 'unsafe-inline'  *.jsdelivr.net *.sitescdn.net fonts.googleapis.com visit.sanmanuel.com d1p5cqqchvbqmy.cloudfront.net *.sevenrooms.com *.visrez.com *.stackadapt.com  *.visitingmedia.com visitingmedia.com *.sevenrooms.com id.eu.siteimprove.com  *.quantserve.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://* 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com *.google-analytics.com *.reactandshare.com *.cookiebot.com *.googletagmanager.com *.analytics.google.com *.cookiebot.eu plausible.io 1
frame-ancestors 'self' *.agechecker.net mybigcommerce.com *.mybigcommerce.com shopify.com *.shopify.com myshopify.com *.myshopify.com 1
default-src 'self' https://www.youtube.com platform.twitter.com https://connect.facebook.net https://atoall.com https://jigsaw.w3.org/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://apis.google.com https://cdn.syndication.twimg.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.net http://ajax.googleapis.com https://www.instagram.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com ; img-src * 'self' 'unsafe-inline' https://atoall.com https://jigsaw.w3.org/  data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://atoall.com https://jigsaw.w3.org/ https://platform.twitter.com https://connect.facebook.net https://ton.twimg.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://atoall.com; object-src 'none'; frame-src 'self' platform.twitter.com https://www.facebook.com https://www.youtube.com https://www.instagram.com syndication.twitter.com https://www.google.com; 1
frame-ancestors 'self' https://www.zoetispetcare.com/ https://z-virtualbooth.com/ https://www.z-virtualbooth.com/ https://z-virtualbooth.com/nav-panels/2022-aaep/aaep/aaep.html/ https://service.force.com/ https://zoetis-us.secure.force.com/ https://touchpointeca.my.salesforce-sites.com/ https://service.force.com/embeddedservice/5.0/esw.min.css https://zoetis-us.secure.force.com/zoey/resource/ChatStyle https://zoetis-us.secure.force.com/zoey/embeddedService/sidebarApp.app https://www.z-virtualbooth.com/nav/dx/index.html 1
default-src 'self';script-src www.epool.ru 'unsafe-inline' 'unsafe-eval' business.cdn-tinkoff.ru tagmanager.google.com www.google-analytics.com connect.facebook.net *.yandex.ru yastatic.net sso-forms-prod.cdn-tinkoff.ru *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.webvisor.com *.webvisor.org 'self' *.retailrocket.ru cdn.ravenjs.com *.criteo.net vjs.zencdn.net www.facebook.com top-fwz1.mail.ru *.criteo.com ajax.googleapis.com *.retailrocket.net cdn.diginetica.net *.googletagmanager.com ulogin.ru *.mango-office.ru *.googleadservices.com tracking.diginetica.net cdn.jsdelivr.net *.doubleclick.net code.jquery.com vk.com cdn.pydata.org *.maps.yandex.net yandex.st *.caltat.com *.epool.ru doubleclick.net googleadservices.com *.twiago.com https://unpkg.com/swiper@6/swiper-bundle.min.js;style-src 'self' 'unsafe-inline' *.retailrocket.ru tagmanager.google.com vjs.zencdn.net maxcdn.bootstrapcdn.com *.retailrocket.net fonts.googleapis.com cdn.jsdelivr.net cdn.pydata.org cdn.diginetica.net code.jquery.com;font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com vjs.zencdn.net cdn.retailrocket.net;img-src 'self' data: ssl.gstatic.com www.google-analytics.com yandex.ru grade.market.yandex.ru *.yandex.ru counter.yadro.ru www.facebook.com ad.mail.ru yastatic.net google-analytics.bi.owox.com dis.eu.criteo.com yendex.st tracking.diginetica.net *.google.com *.doubleclick.net video.egazon.ru avatars.mds.yandex.net *.yandex.net *.criteo.com www.gstatic.com www.google.ru vk.com *.retailrocket.net ulogin.ru clck.yandex.ru www.google.com.ua gstatic.com www.googletagmanager.com *.rupool.ru *.aquamarket.ru *.azuro.ru *.ebolgarka.ru *.efontan.ru *.ekamin.ru *.emozaika.ru *.enasos.ru  *.eparilka.ru *.eskazka.ru *.estairs.ru *.evanna.ru *.evoda.ru *.evozduh.ru *.pavilions.ru *.poolmagic.ru *.super-spa.ru *.epool.ru *.egazon.ru top-fwz1.mail.ru www.google.by www.google.kz *.criteo.net *.elustra.ru *.lubluteplo.ru login.vk.com;media-src video.egazon.ru *.epool.ru blob:;worker-src 'self' *.criteo.com *.epool.ru blob:;connect-src 'self' analytics.google.com vk.com top-fwz1.mail.ru yandex.ru mc.yandex.ru *.retailrocket.net logstash.epool.ru doubleclick.net googleadservices.com cdn.jsdelivr.net api-statist.tinkoff.ru *.diginetica.net 7.evoda.ru www.evoda.ru www.google-analytics.com autocomplete.diginetica.net google-analytics.bi.owox.com *.dadata.ru *.doubleclick.net *.googleadservices.com www.google.com queries.diginetica.net cdn.diginetica.net ajax.googleapis.com mc.yandex.kz *.azuro.ru *.epool.ru *.aquamarket.ru stats.g.doubleclick.net *.retailrocket.ru www.google.ru data:;frame-src 'self' www.facebook.com *.criteo.com *.criteo.net yandex.ru connect.facebook.net code.jquery.com *.yandex.ru ulogin.ru *.twiago.com; 1
default-src blob: wss: ws: 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google.com.mx *.googleadservices.com *.bidflyer.com static.wixstatic.com static.parastorage.com wixlabs-wix-faq-11.appspot.com loadbalancer.visitor-analytics.io siteassets.parastorage.com video.wixstatic.com bundler.wix-code.com *.facebook.com *.facebook.net *.fareplace.com fareplace.com *.adyen.com *.clearsale.com *.clearsale.com.br www.googletagmanager.com fonts.gstatic.com *.google-analytics.com *.googleapis.com *.licdn.com *.linkedin.com *.doubleclick.net; frame-ancestors 'self' viva-v1-staging.jaque.dev *.vivaaerobus.io *.bidflyer.com static.wixstatic.com static.parastorage.com siteassets.parastorage.com video.wixstatic.com bundler.wix-code.com wixlabs-wix-faq-11.appspot.com loadbalancer.visitor-analytics.io; img-src 'self' 'unsafe-eval' 'unsafe-inline' photos.hotelbeds.com *.fareplace.com fareplace.com *.facebook.com *.google.com *.google.com.mx *.analytics.google.com stats.g.doubleclick.net *.doubleclick.net *.facebook.net *.adyen.com *.clearsale.com *.clearsale.com.br *.bidflyer.com static.wixstatic.com static.parastorage.com video.wixstatic.com siteassets.parastorage.com bundler.wix-code.com wixlabs-wix-faq-11.appspot.com loadbalancer.visitor-analytics.io data:; connect-src * ws: wss:; 1
default-src 'self'; child-src *; font-src http *; img-src http * data:; media-src http * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; style-src 'self' 'unsafe-inline'; connect-src *; 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://lht.mindbreeze.com 'unsafe-inline' 'unsafe-eval' https://lht-acc.mindbreeze.com 'unsafe-inline' 'unsafe-eval' https://code.etracker.com https://app.usercentrics.eu/ https://www.etracker.de/; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
frame-ancestors 'self' http://dsctouch.beazer.com http://dsctablet.beazer.com http://*.beazer.net; 1
frame-ancestors 'self' *.zendesk.com *.zdusercontent.com;script-src 'self' 'report-sample' 'unsafe-eval' *.youse.io *.youse.com.br *.zendesk.com *.voxus.com.br *.visualwebsiteoptimizer.com *.privacytools.com.br *.appsflyer.com *.criteo.com *.g.doubleclick.net *.smooch.io *.adyen.com *.googleapis.com *.google-analytics.com *.facebook.net *.hotjar.com *.googleadservices.com https://rum-static.pingdom.net/pa-5bcf7f397e84eb0016000313.js https://bat.bing.com/bat.js https://s.yimg.com/wi/ytc.js https://tag.rmp.rakuten.com/121815.ct.js https://bat.bing.com/p/action/5224078.js https://static.ads-twitter.com/uwt.js;script-src-elem 'self' 'report-sample' 'unsafe-eval' 'unsafe-inline' *.voxus.com.br *.youse.io *.youse.com.br *.zendesk.com *.visualwebsiteoptimizer.com *.privacytools.com.br *.appsflyer.com *.criteo.com *.g.doubleclick.net *.smooch.io *.datadoghq-browser-agent.com *.adyen.com *.googleapis.com https://api.ipdata.co *.hotjar.com https://www.gstatic.com https://h.online-metrix.net https://static.zdassets.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com *.google-analytics.com *.facebook.net https://static.hotjar.com/c/hotjar-441708.js *.googleadservices.com https://rum-static.pingdom.net/pa-5bcf7f397e84eb0016000313.js https://bat.bing.com/bat.js https://s.yimg.com/wi/ytc.js https://tag.rmp.rakuten.com/121815.ct.js https://bat.bing.com/p/action/5224078.js https://script.hotjar.com/modules.7d3f952308caf42c2b67.js https://static.ads-twitter.com/uwt.js;object-src 'self' https://h.online-metrix.net;font-src data: *;img-src 'self' data: *.datocms-assets.com *;form-action 'self' *.youse.io *.youse.com.br;base-uri 'self'; 1
base-uri 'self';connect-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://consent.cookiebot.com https://content.hotjar.io https://px.ads.linkedin.com https://collector.leadinfo.net https://api.leadinfo.com wss://ws.hotjar.com;default-src 'self';font-src 'self' data: https://doe.nl;form-action 'self';frame-ancestors 'self' *.cito.nl *.doe.nl;frame-src 'self' *.vimeo.com *.youtube.com *.google.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://formulieren.cito.nl https://www2.cito.nl https://www.google.com/recaptcha https://recaptcha.google.com/recaptcha https://issuu.com https://www.cito.nl;img-src 'self' data: *.ytimg.com https://www.google.com https://www.google.nl https://www.googletagmanager.com https://px.ads.linkedin.com https://www.facebook.com https://imgsct.cookiebot.com https://consentcdn.cookiebot.com;manifest-src 'self';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.google.com/recaptcha/ https://cdn.leadinfo.net https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' https://tuamc.tv 1
upgrade-insecure-requests; base-uri 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.clarity.ms cta-service-cms2.hubspot.com js.hubspot.com connect.facebook.net js.hscta.net js.jotform.com *.jotfor.ms links.services.disqus.com https://ats.rlcdn.com/ats.js c.disquscdn.com blogsdsd.disqus.com maps.googleapis.com www.google.com www.gstatic.com ajax.cloudflare.com cdnjs.cloudflare.com player.vimeo.com static.hsappstatic.net connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com js.usemessages.com js.hsleadflows.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com js.hscollectedforms.net js.hs-scripts.com snap.licdn.com www.google-analytics.com forms.hsforms.com www.googletagmanager.com static.datasciencedojo.com js.hsforms.net datasciencedojo.com *.datasciencedojo.com js.stripe.com form.jotform.com datasciencedojo.sharepoint.com https://www.facebook.com https://www.youtube.com https://dojobinder.datasciencedojo.com https://app.hubspot.com/events-visualizer.js; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'self'; connect-src 'self' https: wss:; font-src 'self' https:; frame-src 'self' https:; img-src 'self' data: https:; manifest-src 'self'; media-src 'self' https:; worker-src 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' *.kicad.org;img-src * data:;font-src 'self' fonts.gstatic.com *.kicad.org;style-src 'self' 'unsafe-inline' *.kicad.org fonts.googleapis.com;media-src 'self' *.youtube.com player.vimeo.com *.kicad.org;object-src 'self' *.youtube.com *.kicad.org;script-src 'self' 'unsafe-inline' *.kicad.org static.cloudflareinsights.com ajax.cloudflare.com;frame-src 'self' *.kicad.org *.youtube.com *.dl.osdn.jp osdn.net *.osdn.net *.rwth-aachen.de *.nchc.org.tw mirrors.gigenet.com mirrors.xtom.com mirrors.dotsrc.org mirrors.tuna.tsinghua.edu.cn mirrors.xtom.com.hk mirrors.bfsu.edu.cn mirror.liquidtelecom.com ftp.acc.umu.se osdn.mirror.constant.com mirror.math.princeton.edu plug-mirror.rcac.purdue.edu openbsd.c3sl.ufpr.br ftp.iij.ad.jp ftp.jaist.ac.jp ftp.onet.pl mirror.sjtu.edu.cn mirrors.nju.edu.cn player.vimeo.com mailto: 1
default-src 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https://jweiland.net https://stat.jweiland.net https://www.googletagmanager.com https://www.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; font-src data: 'self'; style-src 'unsafe-inline' https://jweiland.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com; img-src 'self' 'unsafe-inline' https://stat.jweiland.net data:; frame-src https://jweiland.net https://www.google.com/ https://maps.google.de/ https://player.vimeo.com/ https://www.youtube.com https://www.youtube-nocookie.com https://stat.jweiland.net/ https://www.slideshare.net/ https://de.slideshare.net/ https://consent.cookiebot.com https://consentcdn.cookiebot.com; connect-src https://jweiland.net/ https://stat.jweiland.net/ 1
default-src 'none'; connect-src 'self' https://px.ads.linkedin.com https://analytics.google.com https://l.evidon.com https://bam.nr-data.net https://maps.googleapis.com https://www.google-analytics.com; font-src https://fonts.gstatic.com; form-action 'self'; frame-src https://www.facebook.com https://www.youtube.com https://www.instagram.com https://platform.twitter.com https://player.vimeo.com https://www.linkedin.com 'self' https://papr.navcanada.ca; media-src 'self' https://papr.navcanada.ca; img-src 'self' https://www.linkedin.com https://px.ads.linkedin.com https://cdn.cluepixel.com data: https://www.facebook.com https://i.vimeocdn.com https://c.evidon.com https://l.evidon.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://snap.licdn.com https://www.instagram.com https://platform.twitter.com https://bam.nr-data.net https://c.evidon.com https://code.jquery.com https://connect.facebook.net https://js-agent.newrelic.com https://maps.googleapis.com https://searchg2-assets.crownpeak.net/crownpeak.searchg2-1.0.2.min.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://vimeo.com https://www.vimeo.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ 1
default-src 'self' www.premierhealth.com premierhealth-consumer.azurewebsites.net premierhealth-staging.azurewebsites.net premierhealth-test.azurewebsites.net mychart.premierhealthpartners.org mychartvaccines.premierhealthpartners.org *.jotform.com *.jotfor.ms *.jotform.us *.jotform.io *.jotform.net *.jotmails.com *.jotservers.com *.opendns.com vault.trustcommerce.com cms.premierhealth.com premierhealth.blob.core.windows.net; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com www.googletagmanager.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org optimize.google.com www.google-analytics.com mychart.premierhealthpartners.org mychartvaccines.premierhealthpartners.org *.teads.tv static.ctctcdn.com *.opendns.com *.jotform.com *.jotfor.ms *.jotform.us *.jotform.io *.jotform.net *.jotmails.com *.jotservers.com *.paypal.com www.premierhealth.com *.kyruus.com *.hotjar.com *.bootstrapcdn.com *.jsdelivr.net *.jquery.com *.tctm.co *.blackbaudhosting.com https://payments.blackbaud.com js.monitor.azure.com dc.services.visualstudio.com cdn.curator.io kendo.cdn.telerik.com unpkg.com 138065.cctm.xyz *.fontawesome.com demo.airbud.io api.airbud.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net mychart.premierhealthpartners.org mychartvaccines.premierhealthpartners.org static.ctctcdn.com optimize.google.com www.google-analytics.com *.jotform.com *.jotfor.ms *.jotform.us *.jotform.io *.jotform.net *.jotmails.com *.jotservers.com www.premierhealth.com *.kyruus.com *.bootstrapcdn.com *.blackbaudhosting.com https://payments.blackbaud.com cdn.curator.io code.jquery.com/ *.fontawesome.com demo.airbud.io api.airbud.io 'self' 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://delicious.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com www.honcode.ch www.google.com www.googletagmanager.com *.jotform.com *.jotfor.ms *.jotform.us *.jotform.io *.jotform.net *.jotmails.com *.jotservers.com *.paypal.com *.teads.tv www.premierhealth.com *.kyruus.com secure.adnxs.com *.ytimg.com *.blackbaudhosting.com https://payments.blackbaud.com premierhealth-consumer.azurewebsites.net premierhealth.blob.core.windows.net premierhealthdev.blob.core.windows.net premierhealth.azureedge.net premierhealthdev.azureedge.net hyropublic.blob.core.windows.net demo.airbud.io api.airbud.io; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.fontawesome.com www.premierhealth.com *.kyruus.com *.fontawesome.com; frame-src web-chat.nativechat.com www.google.com https://www.youtube.com w.soundcloud.com www.facebook.com 'self'; connect-src 'self' accounts.google.com *.google-analytics.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com stats.g.doubleclick.net listgrowth.ctctcdn.com *.teads.tv *.jotform.com *.jotfor.ms *.jotform.us *.jotform.io *.jotform.net *.jotmails.com *.jotservers.com *.paypal.com www.premierhealth.com https://tc.premierhealth.com *.opendns.com optimize.google.com www.google-analytics.com *.office.com *.premierhealth.com *.kyruus.com https://payments.blackbaud.com *.googleapis.com js.monitor.azure.com dc.services.visualstudio.com *.applicationinsights.azure.com analytics.google.com *.fontawesome.com app.launchdarkly.com clientstream.launchdarkly.com wss://web-dev.hyro.ws events.launchdarkly.com wss://web.hyro.ws; media-src 'self' data: blob:; child-src 'self' mychart.premierhealthpartners.org mychartvaccines.premierhealthpartners.org www.google.com *.jotform.com *.jotfor.ms *.jotform.us *.jotform.io *.jotform.net *.jotmails.com *.jotservers.com *.paypal.com www.premierhealth.com *.opendns.com optimize.google.com www.google-analytics.com *.office.com *.hotjar.com *.blackbaudhosting.com https://payments.blackbaud.com *.googleapis.com 1
frame-ancestors 'self' https://www.sierrarosealpacas.com/ 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://ajel.sa;block-all-mixed-content; 1
default-src 'none';  script-src 'self' 'unsafe-eval' https://ajax.googleapis.com https://static.hotjar.com https://script.hotjar.com https://static.zdassets.com https://cdn.heapanalytics.com https://www.clarity.ms;  font-src 'self' https://fonts.gstatic.com;  connect-src 'self' ws: wss: https://testvets.eu.auth0.com https://claim.eu.policies.io https://manyvets.eu.auth0.com https://claim.eu-test.policies.io  https://bbm-user-data-stag.s3.amazonaws.com https://bbm-user-data-prod.s3.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com https://in.hotjar.com https://metrics.hotjar.io https://vc.hotjar.io https://content.hotjar.io https://csmetrics.hotjar.com  https://o23349.ingest.sentry.io https://ekr.zdassets.com  https://vetportal.zendesk.com https://zendesk-eu.my.sentry.io/ https://graphql.manyvets.com https://graphql.testvets.xyz https://*.launchdarkly.com https://*.clarity.ms https://*.appsync-api.eu-west-1.amazonaws.com https://*.execute-api.eu-west-1.amazonaws.com https://manyvetsupload185509-prod.s3.eu-west-1.amazonaws.com https://manyvetsupload151026-stag.s3.eu-west-1.amazonaws.com https://heapanalytics.com https://*.algolia.net https://*.algolianet.com;  img-src 'self' data: https://heapanalytics.com  https://secure.gravatar.com https://s.gravatar.com https://*.wp.com https://*.clarity.ms https://*.bing.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/;  frame-src https://testvets.eu.auth0.com https://manyvets.eu.auth0.com https://vars.hotjar.com https://forms.office.com;  frame-ancestors 'self'; form-action 'self';  report-uri https://o23349.ingest.sentry.io/api/6235110/security/?sentry_key=55f6f4fcd87a4cbc9fbcc2ebea4b91e0&sentry_environment=production; 1
default-src 'self' 'unsafe-inline *.cardinalcommerce.com *.hotjar.com *.xendit.co *.zdassets.com *.skrill.com *.safecharge.com *.mcpayment.net *.tipalti.com *.facebook.com *.coinbase.com *.zeusx.com *.gstatic.com *.cloudflare.com *.google.com *.aws.com  *.stripe.com  *.googleapis.com  *.checkout.com  *.line-website.com *.paypal.com *.firebaseio.com *.amazonaws.com *.transferwise.tech  *.googletagmanager.com ; img-src *  'unsafe-inline' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; frame-src *; 1
frame-ancestors *.spiele-kostenlos-online.de 1
default-src 'none'; script-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.cookiebot.com *.marketo.net *.adition.com *.google.com assets.adobedtm.com connect.facebook.net snap.licdn.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com https://*.demdex.net https://*.youtube.com https://*.marketo.com https://cm.everesttech.net https://static.widget.trengo.eu https://stats.pusher.com https://assets.sitescdn.net https://assets.eu.sitescdn.net https://answers-embed.techem.de.pagescdn.com https://answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://cdn.mouseflow.com https://bat.bing.com https://documentservices.adobe.com https://acrobatservices.adobe.com https://api.staging.pso-empfehlen.dev https://api.pso-empfehlen.net https://pso-empfehlen.staging.pso-vertrieb.de https://empfehlen-admin.pso-vertrieb.de blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.2o7.net *.omtrdc.net *.scene7.com *.techem.com https://*.marketo.com https://www.gstatic.com https://assets.sitescdn.net https://assets.eu.sitescdn.net; font-src 'self' *.2o7.net *.omtrdc.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com data:; img-src 'self' *.2o7.net *.omtrdc.net blob: data: https: *.adspirit.de; frame-src  'self' *.2o7.net *.omtrdc.net *.cookiebot.com *.techem.com *.youtube.com *.yextpages.net *.marketo.com *.facebook.com https://*.demdex.net bid.g.doubleclick.net techem.prospective.de answers-embed.techem.de.pagescdn.com answers-embed.techem.de.eu.pagescdn.com https://widget.trustpilot.com https://documentservices.adobe.com https://acrobatservices.adobe.com blob:; manifest-src 'self'; connect-src 'self' *.2o7.net *.omtrdc.net *.techem.com *.scene7.com *.google.com *.facebook.com *.pusher.com *.friendlycaptcha.com *.mktoutil.com googleads.g.doubleclick.net https://cm.everesttech.net https://assets.adobedtm.com https://*.demdex.net https://*.mktoresp.com https://*.cookiebot.com https://*.trengo.eu https://*.amazonaws.com https://*.westeurope.logic.azure.com https://*.yext.com https://answers.yext-pixel.com https://cdn.linkedin.oribi.io https://o2.mouseflow.com https://px.ads.linkedin.com https://analytics.techem.de https://www.eu.yextevents.com https://prod-cdn.eu.yextapis.com https://viewlicense.adobe.io/viewsdklicense/jwt; media-src 'self' https://static.widget.trengo.eu https://*.scene7.com blob:; frame-ancestors 'self' https://techem.events.rooom.com https://www.rooom.com *.edge.agora.io:6443 *.edge.agora.io:9591 *.edge.agora.io:9593 *.edge.sd-rtn.com:6443 *.edge.sd-rtn.com:9591 *.edge.sd-rtn.com:9593 webcollector-rtm.agora.io:6443 webcollector-rtm.agora.io:9591 webcollector-rtm.agora.io:9593 ; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; connect-src 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self' 1
default-src 'self' https://forms.gle https://chat.hey.inc *.facebook.com *.youtube.com *.banregio.com *.google.com *.gstatic.com *.googleusercontent.com *.google-analytics.com *.heybanco.com *.anchor.fm *.googletagmanager.com *.doubleclick.net *.amazonaws.com *.ocularsolution.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google.com *.gstatic.com *.googletagmanager.com *.facebook.net *.appsflyer.com *.jquery.com *.google-analytics.com *.googleadservices.com *.tiktok.com *.unpkg.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.googleapis.com unpkg.com *.jsdelivr.net; img-src 'self' *.bing.com *.clarity.ms  *.googletagmanager.com *.gstatic.com *.google-analytics.com *.amazonaws.com data: *.google.com *.google.com.mx *.facebook.com *.ocularsolution.com https://i.ytimg.com; connect-src 'self' *.googlesyndication.com *.google.com.mx *.amazonaws.com *.clarity.ms *.google.com *.hey.inc *.google-analytics.com *.doubleclick.net *.tiktok.com *.cloudfunctions.net *.ipify.org mailthis.to *.banregio.com *.heybanco.com *.ocularsolution.com *.google.com; font-src 'self' *.gstatic.com data: *.googleapis.com *.amazonaws.com; form-action 'self' *.facebook.com; base-uri 'self'; script-src-elem 'self' 'unsafe-inline' *.clarity.ms *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.tiktok.com *.doubleclick.net *.appsflyer.com *.ocularsolution.com *.jquery.com *.facebook.net;  object-src 'self' https://forms.gle https://chat.hey.inc https://www.questionpro.com https://questionpro.com https://chat-fpt-standalone.hey.inc *.amazonaws.com ; frame-src 'self' https://forms.gle https://www.questionpro.com https://questionpro.com https://chat.hey.inc https://docs.google.com *.facebook.com *.amazonaws.com https://chat-fpt-standalone.hey.inc https://td.doubleclick.net *.google.com https://www.youtube.com https://surveys.questionpro.com;  1
default-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; font-src *; img-src * data:; object-src 'none'; 1
frame-ancestors 'self' *.lovecrafts.com 1
frame-src 'self' *.facebook.com *.fbcdn.net *.helpscout.net themes.googleusercontent.com *.twitter.com accounts.google.com www.google.com ssl.gstatic.com; frame-ancestors *.transcribeme.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://zoominfo.com https://ws.zoominfo.com https://lightning.us1.helium.servismatrixcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://tags.srv.stackadapt.com https://snap.licdn.com https://script.crazyegg.com https://js.zi-scripts.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tags.srv.stackadapt.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' wss://*.appsync-realtime-api.us-east-1.amazonaws.com https://*.execute-api.eu-west-1.amazonaws.com https://*.appsync-api.us-east-1.amazonaws.com https://www.google.com https://cognito-identity.us-east-1.amazonaws.com https://api.us1.helium.servismatrix.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://script.crazyegg.com https://px.ads.linkedin.com https://tags.srv.stackadapt.com https://js.zi-scripts.com https://ws.zoominfo.com https://tracking.crazyegg.com; img-src 'self' https://sborg-us1-stgcenlar.s3.amazonaws.com https://www.google.com https://px.ads.linkedin.com data: http://www.google-analytics.com https://www.linkedin.com; frame-src 'self' https://loanadministration.hosted.panopto.com https://www.google.com; frame-ancestors 'self' https://*.cenlar.com 1
block-all-mixed-content; frame-ancestors 'self' https://search.google.com https://www.google.com https://untilgone-com.cdn.ampproject.org; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: static.addtoany.com consent.truste.com *.trustarc.com *.gstatic.com *.googleapis.com *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.pt *.googleusercontent.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.facebook.net *.facebook.com *.adform.net *.doubleclick.net *.youtube.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mindbox.ru *.jivo.ru localhost:* https://greenmoney.ru https://*.greenmoney.ru https://cac.greenmoney.ru *.jivosite.com *.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://googletagmanager.com https://www.googletagmanager.com https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net mc.yandex.ru https://mc.yandex.com https://yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/maps-api-v3/ http://top-fwz1.mail.ru https://vk.com/ https://connect.facebook.net https://www.facebook.com https://ajax.googleapis.com https://*.kaspersky-labs.com https://score.juicyscore.com/static/ https://score.juicyscore.com/savedata/ https://score.juicyscore.com/saveevent/ https://tagmanager.google.com/ https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://abt.s3.yandex.net/ https://pixel.scoring.ru/pixel.js *.mindbox.ru *.jivo.ru https://www.googleoptimize.com/ https://greenmoney.ru https://*.greenmoney.ru https://cac.greenmoney.ru  *.jivosite.com *.google.com https://www.googletagmanager.com https://*.gstatic.com https://cdn.jsdelivr.net https://www.google-analytics.com https://stats.g.doubleclick.net https://googletagmanager.com https://www.googletagmanager.com https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://*.maps.yandex.net http://mc.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://maps.googleapis.com/maps/api/ https://maps.googleapis.com/maps-api-v3/ http://top-fwz1.mail.ru https://vk.com/ http://pixel.kbki.ru https://connect.facebook.net https://www.facebook.com https://ajax.googleapis.com https://*.kaspersky-labs.com https://score.juicyscore.com/static/ https://score.juicyscore.com/savedata/ https://score.juicyscore.com/saveevent/ https://tagmanager.google.com/ https://www.gstatic.com; style-src 'self' blob: data: 'unsafe-inline' *.mindbox.ru *.jivo.ru https://greenmoney.ru https://cac.greenmoney.ru https://fonts.googleapis.com  *.jivosite.com  https://*.kaspersky-labs.com https://cdn.jsdelivr.net https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com/;style-src-elem 'self' blob: data: 'unsafe-inline' *.mindbox.ru *.jivo.ru https://greenmoney.ru https://cac.greenmoney.ru https://fonts.googleapis.com https://cdn.jsdelivr.net  *.jivosite.com  https://*.kaspersky-labs.com https://googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com/; connect-src 'self' data: wss: https://uaas.yandex.ru/ https://pixel.scoring.ru/pixel *.mindbox.ru *.jivo.ru localhost:* http://localhost:4059 https://greenmoney.ru https://*.greenmoney.ru https://cac.greenmoney.ru wss://*.greenmoney.ru https://code.jquery.com  *.jivosite.com https://*.googleapis.com https://api-maps.yandex.ru https://suggest-maps.yandex.ru https://cdn.jsdelivr.net https://*.maps.yandex.net https://yandex.ru https://pixel.kbki.ru https://mc.yandex.by https://ymetrica1.com https://mc.yandex.kz https://mc.yandex.ua https://mc.yandex.com https://suggestions.dadata.ru http://top-fwz1.mail.ru https://mc.yandex.ru https://vk.com https://connect.facebook.net https://www.facebook.com/tr/ stats.g.doubleclick.net localhost:* https://www.google-analytics.com https://ajax.googleapis.com https://*.kaspersky-labs.com wss://*.kaspersky-labs.com  https://ff.kis.v2.scr.kaspersky-labs.com https://gc.kis.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com wss://gc.kfp.scr.kaspersky-labs.com wss://gc.kis.scr.kaspersky-labs.com wss://gc.kis.v2.scr.kaspersky-labs.com https://cdn.jsdelivr.net http://gj.track.uc.cn https://gjtrack.ucweb.com https://plugin.ucads.ucweb.com https://score.juicyscore.com/static/p.json https://score.juicyscore.com/data/ https://score.juicyscore.com/event/;frame-src  'self' blob: data: *.mindbox.ru *.jivo.ru localhost:* https://greenmoney.ru https://cac.greenmoney.ru https://*.kaspersky-labs.com  *.yandex.com https://yandex.ru *.yandex.ru https://*.google.com   https://mc.yandex.ru https://mc.yandex.com http://webvisor.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net  https://www.googletagmanager.com  https://www.facebook.com  https://api-maps.yandex.ru;child-src  'self' blob: localhost:* *.mindbox.ru *.jivo.ru https://cac.greenmoney.ru https://api-maps.yandex.ru  https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org;font-src  'self' data: *.mindbox.ru *.jivo.ru localhost:* https://greenmoney.ru https://cac.greenmoney.ru https://fonts.gstatic.com http://fonts.gstatic.com http://themes.googleusercontent.com;img-src 'self' localhost:* *.mindbox.ru https://greenmoney.ru https://cac.greenmoney.ru data: blob: localhost:* *.jivo.ru https://usermedia.popmechanic.ru https://top-fwz1.mail.ru https://*.maps.yandex.net api-maps.yandex.ru https://yandex.ru https://an.yandex.ru *.jivosite.com https://jivo-userdata.s3-eu-west-1.amazonaws.com https://www.facebook.com/ https://*.vk.com https://vk.com https://login.vk.com https://m.vk.com https://csi.gstatic.com/csi https://maps.googleapis.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ru https://www.google.by https://mc.yandex.ru https://mc.webvisor.org https://*.kaspersky-labs.com http://trends.revcontent.com https://ssl.gstatic.com/ https://www.gstatic.com;media-src 'self' *.mindbox.ru https://greenmoney.ru https://cac.greenmoney.ru https://cdn.jsdelivr.net *.jivo.ru *.jivosite.com;frame-ancestors 'self' https://greenmoney.ru greenmoney.ru *.greenmoney.ru http://webvisor.com https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com/ns.html; report-uri /LoggingReports/CspReport; 1
frame-ancestors 'self' https://*.pt-x.com http://localhost:9999 https://*.emandates.co.uk 1
'default-src: https:; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN' 1
default-src 'self' *.search.windows.net *.sitefinity.cloud isg-one.com *.isg-one.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.jsdelivr.net cdn.plyr.io d3js.org *.vo.msecnd.net www.googletagmanager.com snap.licdn.com *.cookiebot.com *.hotjar.com *.feathr.co *.marketo.com isg-one.com *.isg-one.com cdn.amcharts.com *.sharethis.com *.appdynamics.com *.cloudfront.net *.bidr.io jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net *.hiredesk.net *.slideshare.net fg8vvsvnieiv3ej16jby.litix.io *.stripe.com isgpay.ontrackevents.com script.crazyegg.com *.clarity.ms *.6sc.co/ https://static.srcspot.com/libs/tiphanie.js https://embed.typeform.com https://embed.typeform.com/next/embed.js https://form.typeform.com *.typeform.com e.issuu.com web-chat.nativechat.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://embed.typeform.com https://form.typeform.com *.typeform.com https://cdn.insight.sitefinity.com https://dec.azureedge.net connect.facebook.net cdnjs.cloudflare.com cdn.jsdelivr.net cdn.plyr.io *.vo.msecnd.net www.googletagmanager.com *.cookiebot.com isg-one.com *.isg-one.com *.marketo.com *.fontawesome.com *.sharethis.com jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net *.hiredesk.net *.slideshare.net *.stripe.com unpkg.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://embed.typeform.com https://form.typeform.com *.typeform.com *.google-analytics.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.sitefinity.cloud isg-one.com *.isg-one.com *.cookiebot.com px.ads.linkedin.com *.feathr.co *.adsrvr.org *.google.com *.marketo.com *.fontawesome.com https://sb.scorecardresearch.com *.googletagmanager.com jobs.jobvite.com *.wistia.com *.hiredesk.net *.slideshare.net *.stripe.com isgpay.ontrackevents.com https://p.adsymptotic.com *.6sc.co *.clarity.ms https://px4.ads.linkedin.com web-chat.nativechat.com https://cdn.insight.sitefinity.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://embed.typeform.com https://form.typeform.com *.typeform.com cdnjs.cloudflare.com *.cookiebot.com isg-one.com *.isg-one.com *.fontawesome.com jobs.jobvite.com *.slideshare.net *.stripe.com isgpay.ontrackevents.com http://script.hotjar.com https://script.hotjar.com; connect-src 'self' accounts.google.com *.google-analytics.com *.gstatic.com e.issuu.com https://embed.typeform.com https://form.typeform.com *.typeform.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.search.windows.net *.visualstudio.com *.cookiebot.com *.doubleclick.net *.feathr.co isg-one.com *.isg-one.com noembed.com cdn.plyr.io *.sharethis.com *.appdynamics.com *.eum-appdynamics.com *.snplow.net jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io *.hiredesk.net *.slideshare.net *.stripe.com isgpay.ontrackevents.com script.crazyegg.com secure.adnxs.com *.6sc.co *.clarity.ms http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google.com *.crazyegg.com *.googleapis.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://embed.typeform.com https://form.typeform.com *.typeform.com *.cookiebot.com isg-one.com *.isg-one.com cdn.plyr.io jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io *.googleapis.com; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ e.issuu.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.cookiebot.com *.hotjar.com isg-one.com *.isg-one.com *.marketo.com *.sharethis.com jobs.jobvite.com *.wistia.com embedwistia-a.akamaihd.net fg8vvsvnieiv3ej16jby.litix.io *.hiredesk.net *.slideshare.net *.stripe.com isgpay.ontrackevents.com *.libsyn.com https://www.google.com/ https://isg.qualtrics.com/ https://embed.typeform.com https://form.typeform.com *.typeform.com *.googleapis.com web-chat.nativechat.com forms.hsforms.com 1
frame-ancestors *.embroiderydesigns.com; 1
object-src 'none'; script-src 'self' https://translate.google.com https://translate.googleapis.com cdnjs.cloudflare.com dist https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com cdnjs.cloudflare.com dist https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com; style-src 'self' https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com 'unsafe-inline'; style-src-attr 'self'; frame-ancestors 'self' 1
object-src 'none'; frame-ancestors 'self'; report-uri https://interagencystandingcommittee.org/report-uri/enforce 1
script-src 'unsafe-inline' 'unsafe-eval' https: blob:;object-src https://*.maxi.rs https://*.svc.maxi.rs https://d3el976p2k4mvu.cloudfront.net; base-uri https://tau.collect.igodigital.com/; upgrade-insecure-requests; frame-ancestors https://*.maxi.rs https://*.svc.maxi.rs https://d3el976p2k4mvu.cloudfront.net; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; 1
default-src https: blob: wws: data: 'unsafe-inline' 'unsafe-eval' 'self'; frame-ancestors 'self'; connect-src *; 1
base-uri 'self'; default-src d138j1c6jn4qpg.cloudfront.net 'self'; script-src 'nonce-883f2733-ce12-4473-9c2e-800321520785' 'strict-dynamic' https: 'unsafe-inline'; img-src *; style-src d138j1c6jn4qpg.cloudfront.net 'self' 'unsafe-inline'; connect-src 'self' wss://api.internal.sierra.ai; font-src d138j1c6jn4qpg.cloudfront.net 'self'; frame-ancestors 'none'; media-src 'self' blob: 1
script-src 'self' 'unsafe-inline'; form-action 'self'; object-src 'self'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; require-trusted-types-for 'script'; upgrade-insecure-requests; font-src 'self'; media-src 'self'; child-src 'self'; img-src 'self' data: *.mapgic.org; frame-src 'self' *.mapgic.org 1
frame-ancestors 'self' vakansii.ua pro-robotu.ua training.ua resume.ua srochno.ua profi.ua jobsite.com.ua jobsite.*.ua jobsite.kiev.ua ladyjob.com.ua zarplata.ua personal.ua uajobs.com.ua job4you.com.ua 1
frame-ancestors 'self' *.elluciancloud.com; 1
frame-ancestors https://tongji.baidu.com 1
frame-src 'self' *.facebook.com *.owneriq.net *.marchex.io *.doubleclick.net *.googletagmanager.com *.youtube.com *.midas.com *.bazaarvoice.com *.comenity.net *.google.com *.jotform.com *.jotform.io *.stripe.com *.tealiumiq.com wsv3cdn.audioeye.com ct.pinterest.com *.optimizely.com *.adsrvr.org m.me intent:; frame-ancestors 'self' *.facebook.com  *.owneriq.net *.marchex.io *.doubleclick.net *.googletagmanager.com *.youtube.com  *.midas.com *.bazaarvoice.com  *.comenity.net *.google.com *.jotform.com *.jotform.io *.stripe.com *.tealiumiq.com wsv3cdn.audioeye.com ct.pinterest.com *.optimizely.com *.adsrvr.org m.me intent: 1
frame-ancestors 'self' https://*.stackoverflow.com http://*.stackoverflow.co; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MTY0OWZlZmJhNTNjNDI0ZTg0MjZjMmU2MWY4ZjFmZGM=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.igj.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.igj.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.igj.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors https://app.safe.global 'self' 1
img-src 'self' data: www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk chart.googleapis.com storage.googleapis.com ad.broadstreetads.com cdn.broadstreetads.com px.ads.linkedin.com assets.publishing.service.gov.uk static.safedrivingforlife.info media.safedrivingforlife.info; style-src 'self' fonts.googleapis.com static.safedrivingforlife.info 'nonce-mDCCb/GZk7+76e6WDTzT5A=='; frame-src 'self' player.vimeo.com www.youtube.com https://www.google.com/recaptcha/ https://js.stripe.com/v3/ https://storage.googleapis.com/ https://private-media.safedrivingforlife.info/; connect-src 'self' www.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.co.uk cdn.linkedin.oribi.io https://lrs.sdfl.spongeasaservice.com/lv7p6vnuk84bh7nax0kn/; font-src 'self' fonts.gstatic.com data: static.safedrivingforlife.info; default-src 'self' 'nonce-mDCCb/GZk7+76e6WDTzT5A=='; script-src 'self' www.googletagmanager.com *.googletagmanager.com https://www.google.com/recaptcha/ https://js.stripe.com/v3/ static.safedrivingforlife.info 'nonce-mDCCb/GZk7+76e6WDTzT5A=='; media-src 'self' storage.googleapis.com https://media.safedrivingforlife.info/; report-uri https://sentry.io/api/5040604/security/?sentry_key=2fef17899b924da6b4453a199ffbf12f 1
default-src 'self' *; img-src 'self' data: https:; style-src 'self' * 'unsafe-inline'; script-src 'self' * 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self'; default-src 'self'; child-src 'self' https://*.auth0.com https://*.dfh.dev https://*.designsforhealth.com https://*.designsforhealth.ca https://www.buzzsprout.com https://*.hotjar.com https://*.hotjar.io https://static.dfh.dev https://www.googletagmanager.com; connect-src 'self' https://testflex.cybersource.com https://flex.cybersource.com https://646i2f8h.apicdn.sanity.io https://646i2f8h.api.sanity.io https://*.dfh.dev https://*.auth0.com https://*.designsforhealth.com https://*.designsforhealth.ca https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.hubapi.com https://forms.hubspot.com https://api.hubspot.com https://*.sentry.io https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' data: https://*.hotjar.com https://*.hotjar.io; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https://cdn.sanity.io https://*.dfh.dev https://images.designsforhealth.com https://*.hotjar.com https://*.hotjar.io https://forms.hsforms.com https://track.hubspot.com https://maps.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://google.com; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://*.hotjar.com https://*.hotjar.io https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://browser.sentry-cdn.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline'; report-uri https://o795780.ingest.sentry.io/api/5801897/security/?sentry_key=a6cbbf3456244fd1a6353ab9fc71ae04 1
default-src 'self' https://nia.identitaobcana.cz; upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://nia.identitaobcana.cz matomoas.westeurope.cloudapp.azure.com; connect-src 'self' https://www.identitaobcana.cz matomoas.westeurope.cloudapp.azure.com; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; font-src 'self' data:;  script-src 'self' portal.gov.cz *.portal.gov.cz https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ matomoas.westeurope.cloudapp.azure.com 'unsafe-inline' 'unsafe-eval'; object-src 'self' blob: * 1
frame-ancestors https://forum.zenphoto.org 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.acquia.com *.radnet.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.googleadservices.com *.googleusercontent.com *.callrail.com *.globenewswire.com *.tctm.co *.gstatic.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.ytimg.com *.vimeo.com *.audioeye.com *.amazonaws.com *.fbcdn.net *.facebook.com *.facebook.net *.twitter.com *.sec.gov *.podium.com *.analyticspodium.com *.amplitude.com *.knightlab.com *.addtoany.com *.hotjar.com *.typekit.net; report-uri /report-csp-violation 1
upgrade-insecure-requests;style-src 'self' 'nonce-6AysMGqq4jBqcMG';font-src 'self';script-src 'self' 'nonce-6AysMGqq4jBqcMG' ;connect-src 'self' https://froth.zone wss://froth.zone  https://cdn.froth.zone https://proxy.froth.zone;media-src 'self' https://cdn.froth.zone https://proxy.froth.zone;img-src 'self' data: blob: https://cdn.froth.zone https://proxy.froth.zone;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://isc.sans.edu https://challenges.cloudflare.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://isc.sans.edu data:; font-src https://fonts.gstatic.com data: 'self'; connect-src 'self'; media-src 'self'; object-src 'none'; child-src 'self' https://www.sans.org; frame-src https://challenges.cloudflare.com 'self' https://www.sans.org https://www.youtube.com; frame-ancestors 'self' https://www.sans.org; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://isc.sans.edu/cspreport.html; manifest-src 'self' https://isc.sans.edu https://www.dshield.org;; report-uri https://isc.sans.edu/cspreport.html; 1
upgrade-insecure-requests; script-src * 'unsafe-inline' 'unsafe-eval' blob:; object-src *; frame-ancestors 'self' www.vliz.be vliz.be www.lifewatch.be lifewatch.be www.seachangeproject.eu seachangeproject.eu; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://maps.google.com https://ssl.google-analytics.com https://fonts.gstatic.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://maps.gstatic.com https://code.jquery.com https://cdnjs.cloudflare.com https://code.highcharts.com https://ajax.googleapis.com https://cdn.datatables.net https://kit.fontawesome.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.bernabei.it *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.freeprivacypolicy.com *.iubenda.com chimpstatic.com *.scalapay.com *.facebook.net *.facebook.com *.clickcease.com *.googletagmanager.com *.bing.com *.webgains.io *.zendesk.com *.zdassets.com *.zopim.com *.stripe.com *.clarity.ms *.kk-resources.com *.iubenda.com *.trovaprezzi.it *.twitter.com *.googleadservices.com *.kelkoogroup.net d5l1pnk7dv8vr.cloudfront.net *.hotjar.com *.freshworks.com *.freshchat.com *.smooch.io *.addtoany.com; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.bernabei.it *.google.com *.google.it *.gstatic.com *.googleapis.com *.google-analytics.com *.freeprivacypolicy.com *.scalapay.com *.facebook.net *.facebook.com *.clickcease.com *.googletagmanager.com *.bing.com *.webgains.io *.zendesk.com *.zdassets.com *.doubleclick.net *.kelkoogroup.net d5l1pnk7dv8vr.cloudfront.net; media-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.bernabei.it; connect-src 'self' *.bernabei.it *.google-analytics.com *.googleapis.com *.google.com *.iubenda.com *.clarity.ms *.zendesk.com *.zdassets.com *.doubleclick.net *.zopim.com *.webgains.io d5l1pnk7dv8vr.cloudfront.net *.hotjar.com *.freshworks.com *.freshdesk.com *.smooch.io *.sentry.io *.kelkoogroup.net wss://*.hotjar.com wss://*.zopim.com wss://*.smooch.io; 1
default-src *; style-src 'self' 'unsafe-inline' https://esse.riafy.in https://fonts.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://uat.esse.riafy.in https://unpkg.com https://cdn.jsdelivr.net https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com https://www.youtube.com https://www.googletagmanager.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://esse.riafy.in https://cdn.socket.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://uat.esse.riafy.in https://ajax.googleapis.com; frame-src 'self' 'unsafe-inline' blob: https://tawk.to https://s.tradingview.com https://www.facebook.com https://www.youtube.com https://esse.riafy.in https://td.doubleclick.net; media-src 'self' blob:; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://esse.riafy.in https://www.google.co.in https://fonts.gstatic.com https://www.googletagmanager.com 1
frame-ancestors 'self' horizons.sg *.horizons.sg 1
default-src 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.najva.com; img-src 'self' data: *.w.org *.google-analytics.com www.google.com *.clarity.ms *.gravatar.com *.openstreetmap.org *.yektanet.com *.googleapis.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com www.googleapis.com www.clarity.ms *.gravatar.com *.hotjar.com www.aparat.com *.mediaad.org *.tavoos.net *.yektanet.com *.sanjagh.com *.sabavision.com *.najva.com *.jsdelivr.net *.googleapis.com; frame-src 'self' *.aparat.com *.yektanet.com *.sabavision.com; connect-src 'self' analytics.google.com www.google-analytics.com *.clarity.ms *.doubleclick.net *.yektanet.com *.najva.com *.sabavision.com *.googleapis.com; font-src 'self' data: *.gstatic.com *.wp.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.configureconnect.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.kampyle.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.medallia.eu *.netdirector.co.uk *.omtrdc.net *.pinimg.com *.pinterest.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net cdn.cookielaw.org collector-37690.tvsquared.com config.landrover.com decibel.com landroverusa.com ldti.syndication.kbb.com leasinglandrover.de psyma.com scene7.com sophus3.com syndication.kbb.com userlike.com web.app www.leasinglandrover.de pinimg.com pinterest.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com *.onetrust.com cookie-cdn.cookiepro.com wss://lo.msg.liveperson.net data: blob:; 1
default-src 'none'; img-src 'self' https: data: blob:; connect-src 'self' https://*.polymail.co wss://*.polymail.co https://*.polymail.io wss://*.polymail.io https://sentry.io https://api.stripe.com https://backend.getbeamer.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://api.amplitude.com; style-src 'self' 'unsafe-inline' https://app.getbeamer.com; child-src 'self' https://apps.polymail.io https://unsubscriber.polymail.io https://js.stripe.com https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://image.mux.com https://app.getbeamer.com/; font-src 'self' https://js.intercomcdn.com; media-src 'self' https://stream.mux.com https://js.intercomcdn.com; script-src 'self' https://js.stripe.com https://app.getbeamer.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com 'sha256-JOVzPX2xhZTCDzjKbd1EVYNrnvJ5o7CAngTELk9FXGw=' 'sha256-4E9GP8mitoN4vKGXJJnrdp/WzLZl4nnERRBt1JYIj+k=' 'sha256-MsNBm6gTesm/3dbU3tTQ++az54aGApIUQhkat0EzKDY=' https://connect.facebook.net https://r.wdfl.co https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com;frame-ancestors 'none'; report-uri https://sentry.io/api/1809118/security/?sentry_key=29ba1bb053e247298bf9149e0d207768 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: blob:; img-src * data:; font-src https: data:; frame-ancestors 'self' *.carnival.com https://*.goccl.com https://*.goccl.co.uk https://*.uatcarnival.com https://*.carnivalcloud.net https://www.kayak.com http://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.wuata.com https://*.carnivalmeetings.com http://carnivalmeetings.wuata.com https://carnivalmeetings.wuata.com https://carnivalmeetings.com https://*.goccl.com.au http://carnivalmeetings.com.s227501.gridserver.com https://carnivalmeetings.com.s227501.gridserver.com/ https://carnivalmeetings.prod.carnivalcloud.net; worker-src blob: 1
report-uri /_csp/report-uri; report-to csp-endpoint; default-src 'self' https: www.crdbbank.co.tz; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval' cloudflare.com polyfill.io code.jquery.com; style-src 'report-sample' 'self' https: 'unsafe-inline' cloudflare.com jsdelivr.net; img-src 'self' https: data: www.gravatar.com; font-src 'self' https: data: cloudflare.com www.crdbbank.co.tz; connect-src 'self' https: ws: chat-gateway-eu1.brandembassy.com; object-src 'none'; child-src 'none'; frame-src 'self' https: youtube.com www.youtube.com youtu.be www.youtu.be chat-gateway-eu1.brandembassy.com; frame-ancestors 'none'; worker-src 'none'; manifest-src 'none'; base-uri 'none'; upgrade-insecure-requests; block-all-mixed-content 1
base-uri 'self'; default-src 'self' blob: https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.pr.acornfinance.com; manifest-src 'self'; upgrade-insecure-requests; worker-src 'self' blob:; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://mg.blogvault.net https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://forms.hsforms.com https://www.facebook.com; connect-src 'self' 'unsafe-inline' https://content.hotjar.io https://dev.visualwebsiteoptimizer.com https://sst.acornfinance.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://websitedemos.net http://*.hotjar.com:* https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.analytics.google.com https://*.api.acornfinance.com https://*.google-analytics.com https://*.hotjar.com:* https://*.hotjar.io https://*.pr.acornfinance.com https://adservice.google.com https://analytics.google.com https://api-iam.intercom.io https://api.acornfinance.com https://api.hubapi.com https://api.ipify.org https://cdn.linkedin.oribi.io https://exceptions.hubspot.com https://forms.hsforms.com https://fs.acornfinance.com https://google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://in.hotjar.com https://maps.googleapis.com https://my.yoast.com https://o489149.ingest.sentry.io https://p.adsymptotic.com https://px.ads.linkedin.com https://region1.analytics.google.com https://snap.licdn.com https://stats.g.doubleclick.net https://surveystats.hotjar.io https://vc.hotjar.io:* https://www.facebook.com https://www.google-analytics.com https://www.google.co.in wss://*.hotjar.com wss://nexus-websocket-a.intercom.io; font-src 'self' data: https://js.intercomcdn.com https://fonts.intercomcdn.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com http://script.hotjar.com https://*.hotjar.com https://*.hotjar.io https://*.your.acornfinance.com https://assets.quadpay.com https://cdn.linkedin.oribi.io https://cdn.loom.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.intercomcdn.com https://js.intercomcdn.com https://p.adsymptotic.com https://px.ads.linkedin.com https://script.hotjar.com https://snap.licdn.com https://widget.intercom.io https://widget.trustpilot.com https://your.acornfinance.com; frame-ancestors 'self' https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.studio-shed.com https://*.your.acornfinance.com https://fs.acornfinance.com https://payest.acornfinance.com https://pr.acornfinance.com https://qa.pr.acornfinance.com https://uat.pr.acornfinance.com https://www.youtube.com https://your.acornfinance.com; frame-src 'self' 'unsafe-inline' data: blob: https://wp.freemius.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.hotjar.com https://*.hotjar.io https://accounts.google.com https://app.hubspot.com https://app.lendflow.io https://cdn.linkedin.oribi.io https://forms.hsforms.com https://fs.acornfinance.com https://googletagmanager.com https://iw.lendflow.com https://js.hsadspixel.net https://optimize.google.com https://p.adsymptotic.com https://platform.twitter.com https://play.vidyard.com https://pr.acornfinance.com https://px.ads.linkedin.com https://qa.pr.acornfinance.com https://snap.licdn.com https://static.hsappstatic.net https://uat.acornfinance.com https://uat.pr.acornfinance.com https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.youtube.com https://youtu.be https://youtube.com; img-src 'self' blob: data: https://dev.visualwebsiteoptimizer.com https://static.hsappstatic.net https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com *.w.org chart.googleapis.com wingify-assets.s3.amazonaws.com https://ps.w.org https://source.unsplash.com https://library.ghostkit.io https://websitedemos.net https://*.ads.linkedin.com https://s.w.org https://*.acornfinance.com https://analytics.google.com http://script.hotjar.com https://*.acornfinance.dev https://www.acornfinance.com https://*.google-analytics.com https://*.pressablecdn.com https://*.your.acornfinance.com https://cdn.linkedin.oribi.io https://cdn.vidyard.com https://connect.facebook.net https://downloads.intercomcdn.com https://forms-na1.hsforms.com https://forms.hsforms.com https://fs.acornfinance.com https://google-analytics.com https://media.bizj.us https://optimize.google.com https://p.adsymptotic.com https://pixel.wp.com https://play.vidyard.com https://px.ads.linkedin.com https://script.hotjar.com https://secure.gaug.es https://secure.gravatar.com https://snap.licdn.com https://static.intercomassets.com https://stats.g.doubleclick.net https://thetechtribune.com https://track.hubspot.com https://translate.google.com https://www.facebook.com https://www.google-analytics.com https://www.google.ca https://www.google.co.in https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.googletagmanager.com https://www.gstatic.com https://www.nerdwallet.com https://www.primerates.com https://www.prnewswire.com https://www.studio-shed.com https://your.acornfinance.com; media-src 'self' https://js.intercomcdn.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.pr.acornfinance.com https://*.your.acornfinance.com https://api.ipify.org https://js.intercomcdn.com https://pr.acornfinance.com https://www.youtube.com https://your.acornfinance.com; object-src https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.pr.acornfinance.com https://api.ipify.org https://pr.acornfinance.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://qa.pr.acornfinance.com https://sst.acornfinance.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com http://static.hotjar.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.pr.acornfinance.com https://ajax.googleapis.com https://app.lendflow.io/ https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com https://connect.facebook.net https://forms.hsforms.com https://google-analytics.com https://iw.lendflow.com https://js.hs-analytics.net https://js.hs-banner.com/ https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.intercomcdn.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://optimize.google.com https://p.adsymptotic.com https://play.vidyard.com https://px.ads.linkedin.com https://script.hotjar.com https://secure.gaug.es https://snap.licdn.com https://static.hotjar.com https://widget.intercom.io https://widget.trustpilot.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com; script-src-attr 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://dev.visualwebsiteoptimizer.com https://js.hubspot.com https://sst.acornfinance.com http://script.hotjar.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://*.pr.acornfinance.com https://ajax.googleapis.com https://app.lendflow.io https://cdn.linkedin.oribi.io https://cdnjs.cloudflare.com https://connect.facebook.net https://forms.hsforms.com https://gc.kes.v2.scr.kaspersky-labs.com https://gc.kis.v2.scr.kaspersky-labs.com https://google-analytics.com https://iw.lendflow.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.intercomcdn.com https://maps.googleapis.com https://maxcdn.bootstrapcdn.com https://me.kis.v2.scr.kaspersky-labs.com https://optimize.google.com/ https://p.adsymptotic.com https://payest.acornfinance.com https://platform.twitter.com https://play.vidyard.com https://px.ads.linkedin.com https://secure.gaug.es https://secure.gravatar.com https://snap.licdn.com https://static.hotjar.com https://use.fontawesome.com https://widget.intercom.io https://widget.trustpilot.com https://www.google-analytics.com https://www.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://yoast.com; style-src 'self' 'unsafe-inline' s3.amazonaws.com https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://fonts.googleapis.com https://payest.acornfinance.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.acornfinance.com https://*.acornfinance.dev https://www.acornfinance.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://gc.kis.v2.scr.kaspersky-labs.com https://maxcdn.bootstrapcdn.com https://optimize.google.com/ https://widget.intercom.io; report-uri https://o489149.ingest.sentry.io/api/5995675/security/?sentry_key=b011d1ccc0f6456bb41b981294106653; 1
default-src 'self' *.prorealtime.com prorealtimesoftware: data: 'report-sample'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.prorealtime.com *.it-finance.com 'report-sample'; font-src 'self' *.prorealtime.com *.avast.com *.gstatic.com *.google.com *.googleapis.com 'report-sample'; form-action 'self' *.prorealtime.com *.it-finance.com https://p.monetico-services.com https://*.e-transactions.fr 'report-sample'; frame-ancestors 'self' https://*.prorealtime.com; frame-src 'self' *.prorealtime.com *.it-finance.com prorealtimesoftware: youtube.com www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'report-sample'; img-src 'self' *.prorealtime.com *.it-finance.com data: i.ytimg.com *.gstatic.com *.google.com *.googleapis.com 'report-sample'; object-src 'none'; script-src 'self' *.prorealtime.com 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'strict-dynamic' 'report-sample' 'sha256-HlIz/5sTYOV0W1Ejqhv8aCdpNfREkp2zWTkyhitFLqI=' 'sha256-QGYM/3J7Ocfvp0qPAKILWQGDUDT1pP14j6aJrj+ZJYM=' 'nonce-yF0cYPlRb7b7MgS20y7VMw=='; style-src 'self' *.prorealtime.com 'unsafe-inline' *.gstatic.com *.google.com *.googleapis.com 'report-sample'; report-uri /csp-report 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/ https://img.en25.com/ *.s3.amazonaws.com *.optimizely.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com/ https://sc-static.net https://browser-update.org https://cdn.cookielaw.org *.salesforceliveagent.com ttps://browser-update.org/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://geolocation.onetrust.com https://*.crazyegg.com https://www.google-analytics.com https://cdn.siteimprove.net https://unpkg.com https://*.siteimprove.com *.youtube.com https://*.userzoom.com https://cdn.jsdelivr.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com https://gba4ya26.micpn.com/p/js/ https://tr.snapchat.com/config/ https://www.google.com/pagead/ https://bat.bing.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://analytics.tiktok.com https://m5srpdpi.micpn.com https://tags.crwdcntrl.net https://ynnpkxoz.micpn.com https://tag.demandbase.com https://mi.chamberlain.edu https://static.hotjar.com https://s.adroll.com https://script.hotjar.com https://d.adroll.com https://marvel-b2-cdn.bc0a.com https://geoip-js.com *.avaamo.com https://munchkin.marketo.net https://ict.infinity-tracking.net https://js.adsrvr.org https://s.yimg.com https://waldenuniversity.referralrock.com https://cdn.mouseflow.com https://tag.mtrcs.samba.tv https://pixel.mathtag.com https://bs.serving-sys.com https://secure-ds.serving-sys.com https://pixel.admedia.com *.googlesyndication.com *.storelocatorwidgets.com https://ajax.googleapis.com https://home-c20.incontact.com https://gateway.on24.com https://www.riddle.com/ *.b0e8.com https://embedr.flickr.com https://widgets.flickr.com *.infinity-tracking.com https://c.hrzn-nxt.com https://public.flourish.studio https://www.redditstatic.com t.contentsquare.net app.contentsquare.com https://www.esyoh.com https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co *.mnixdata.com; base-uri 'none'; form-action 'self' https://www.facebook.com https://tr.snapchat.com *.salesforceliveagent.com https://rossu.secure.force.com https://auc--fullsanbox.sandbox.my.salesforce.com https://test.salesforce.com https://login.salesforce.com https://rossu.my.salesforce.com/ https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://cdn.jsdelivr.net/ https://hello.myfonts.net/ https://fast.fonts.net/ https://cdnjs.cloudflare.com/ https://optimize.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.mapbox.com https://cdn.storelocatorwidgets.com *.googletagmanager.com https://*.crazyegg.com  https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://unpkg.com; img-src 'self' data: https://tr.snapchat.com/ *.salesforceliveagent.com https://www.facebook.com/ https://webtracking.aucmed.edu/ *.google.com *.google.com.br *.google.com.uk *.google.com.ca *.google.com.fr *.google-analytics.com *.ytimg.com *.siteimproveanalytics.io https://americanuniversityofcarribean.secure.force.com https://cdn.jsdelivr.net/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net/pagead/ https://bat.bing.com/ https://www.adtalem.com/ https://*.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://www.google-analytics.com https://optimize.google.com https://webtracking.medical.rossu.edu https://analytics.tiktok.com https://rossu.secure.force.com https://webtrackingvet.rossu.edu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com https://ipv4.d.adroll.com https://pt.ispot.tv *.amazonaws.com https://sp.analytics.yahoo.com https://webtracking.chamberlain.edu https://pixel.mtrcs.samba.tv https://cu.secure.force.com https://bidagent.xad.com https://data.adxcel-ec2.com https://pixel.mathtag.com https://cdnjs.cloudflare.com https://img.storelocatorwidgets.com https://www.googleadservices.com https://arttrk.com ads-api.twitter.com analytics.twitter.com  ads-twitter.com https://bam.nr-data.net *.cookielaw.org *.b0e8.com *.salesforce-sites.com https://trkn.us *.contentsquare.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://live.staticflickr.com https://d.adroll.com https://ad.doubleclick.net https://public.flourish.studio https://l.hrzn-nxt.com https://alb.reddit.com https://analytics.pangle-ads.com https://laureateone--l1dev.sandbox.lightning.force.com/ https://px0.pbbl.co https://aa.agkn.com *.t.eloqua.com/ *.my.site.com/; media-src 'self' *.avaamo.com; frame-src 'self' *.youtube.com https://www.facebook.com/ *.doubleclick.net https://tr.snapchat.com https://vr.showmecaribbean.com/ https://e.issuu.com/ https://optimize.google.com *.cdn.optimizely.com https://waldenuniversity.referralrock.com https://insight.adsrvr.org https://s.amazon-adsystem.com https://match.adsrvr.org https://pixel.mathtag.com https://cdn.hypemarks.com https://widget.spreaker.com https://app.calconic.com https://www.google.com *.avaamo.com https://home-c20.incontact.com https://www.riddle.com https://gateway.on24.com https://cdn.yoshki.com https://massinteract.com https://www.flickr.com https://*.siteimprove.com https://public.flourish.studio https://flo.uri.sh https://www.massinteract.com https://cdn.pbbl.co https://img04.en25.com https://static.cloudflareinsights.com/ https://cdn.unibuddy.co https://unibuddy.co https://events.waldenu.edu https://investors.adtalem.com; frame-ancestors 'self'; child-src 'self' *.youtube.com blob:; font-src 'self' https://themes.googleusercontent.com https://use.typekit.net https://fonts.gstatic.com *.avaamo.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cdn.storelocatorwidgets.com https://cdn.mouseflow.com ; connect-src 'self' wss://wsp43.hotjar.com https://gtm.waldenu.edu https://cdn.cookielaw.org https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.siteimprove.com/ https://*.crazyegg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://tr.snapchat.com/ https://analytics.google.com https://bam.nr-data.net https://ipinfo.io https://www.facebook.com/tr/ https://analytics.tiktok.com https://cdn.linkedin.oribi.io *.optimizely.com https://api.company-target.com https://vc.hotjar.io https://wsp43.hotjar.com https://s.yimg.com *.mktoresp.com https://ict.infinity-tracking.net https://nas.lon.infinity-tracking.net https://pixel.mtrcs.samba.tv https://in.hotjar.com https://segments.company-target.com https://geoip-js.com *.mouseflow.com https://api.tintup.com *.amazonaws.com https://ad.doubleclick.net https://pixel.admedia.com *.mapbox.com *.storelocatorwidgets.com ads-api.twitter.com ads-twitter.com analytics.twitter.com https://917-jig-558.mktoutil.com *.infinity-tracking.com *.contentsquare.net *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://embedr.flickr.com https://bat.bing.com https://discover.waldenu.edu https://www.esyoh.com https://gtm.chamberlain.edu https://gtm.aucmed.edu https://gtm.veterinary.rossu.edu https://gtm.medical.rossu.edu https://analytics.pangle-ads.com https://laureateone--l1dev.sandbox.my.salesforce.com https://laureateone--l1dev.sandbox.my.site.com/ https://laureateone--l1dev.sandbox.file.force.com/ https://px.ads.linkedin.com/ https://tr6.snapchat.com/ *.mnixdata.com; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://js-eu1.hsforms.net https://js-eu1.hs-scripts.com https://*.usercentrics.eu https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.usemessages.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.usercentrics.eu https://*.hsforms.com https://*.hubspot.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data:; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hscollectedforms.net https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hsforms.com https://js-eu1.hsforms.net https://*.usercentrics.eu https://*.hubspot.com; media-src 'self'; object-src 'self' https://*.usercentrics.eu; frame-src 'self' https://forms-eu1.hsforms.com https://online.arzttermin-widget.de https://*.hubspot.com; frame-ancestors 'self' 1
default-src 'self' *.pharmica.co.uk *.pharmica.uk ;      script-src 'self' *.pharmica.co.uk *.pharmica.uk cdn.jsdelivr.net *.tawk.to 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org connect.facebook.net *.stripe.com *.paypal.com *.gstatic.com *.google.com googleads.g.doubleclick.net *.google-analytics.com www.googleadservices.com www.googletagmanager.com *.hotjar.com *.braintreegateway.com www.paypalobjects.com bat.bing.com s.kk-resources.com static.site24x7rum.eu s.pinimg.com;      style-src 'self' *.pharmica.co.uk *.pharmica.uk 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com www.gstatic.com *.tawk.to;      font-src 'self' *.pharmica.co.uk *.pharmica.uk *.tawk.to *.gstatic.com;      img-src 'self' stats.g.doubleclick.net tawk.link *.pharmica.co.uk *.pharmica.uk *.tawk.to data: images.dmca.com *.google.com *.google.co.uk *.facebook.com *.facebook.net *.stripe.com *.paypal.com s.kelkoogroup.net *.googletagmanager.com *.google-analytics.com bat.bing.com i.ytimg.com s3.eu-west-2.amazonaws.com ct.pinterest.com s3.amazonaws.com gen.sendtric.com googleads.g.doubleclick.net;     connect-src 'self' *.facebook.com *.pharmica.co.uk *.pharmica.uk *.googletagmanager.com cdn.ampproject.org *.hotjar.com *.hotjar.io *.tawk.to wss: *.google-analytics.com javascript: *.braintreegateway.com *.braintree-api.com *.paypal.com *.google.com stats.g.doubleclick.net s.kelkoogroup.net col.site24x7rum.eu bat.bing.com ct.pinterest.com;     frame-src * 'self' *.pharmica.co.uk *.pharmica.uk *.hotjar.com *.facebook.com *.google.com *.stripe.com *.paypal.com *.youtube.com *.pinterest.com *.pinterest.co.uk *.google-analytics.com 1
frame-ancestors 'self' https://service.valooto.com/; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com/js/siteanalyze_6003145.js ;object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https://i.ytimg.com https://lovdata.no/static/SF/sf-20211215-3636-01-01.png https://6003145.global.siteimproveanalytics.io https://szsurvey.siteimprove.com https://szsurvey-r1.siteimprove.com;frame-src https://www.youtube.com https://app.powerbi.com 'self';font-src 'self';connect-src 'self' https://pdx-col.eum-appdynamics.com https://fra-col.eum-appdynamics.com;base-uri 'self';manifest-src 'none';upgrade-insecure-requests;block-all-mixed-content;report-uri /api/mt1535/csp/report; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'unsafe-inline'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' *.mapfre.com *.mapfre.es assistencia.bbseguros.com.br *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.oe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa; 1
frame-ancestors 'self' https://accounts.icarsuite.com https://dealerships.icarsuite.com 1
frame-src https://8eac-103-170-54-70.ngrok-free.app https://20331188.hs-sites.com https://shopify.dev.kubric.io https://mm.beta.kubric.io https://app.getmodemagic.com https://getmodemagic.com https://www.youtube.com https://*.typeform.com/ https://calendly.com/ https://*.arcade.software/ https://*.storylane.io https://*.hsforms.com/ https://open.spotify.com/ https://giphy.com/ https://media.kubric.io/; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https: blob:; font-src 'self' data: https:; connect-src * 'unsafe-inline' https:; default-src *; img-src * data: 'unsafe-inline'; 1
default-src 'self' *.voyagersopris.com *.voyagersopris.com/info/dev/ *.fontawesome.com *.bfldr.com *.cookielaw.org *.pardot.com https://*.fontawesome.com/*/ https://*.googleapis/*/ *.brandfolder.io self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.userway.org *.brandfolder.iohttps://*.googleapis/*/ https://vjs.zencdn.net voyagerlearning.secure.force.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.voyagersopris.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.userway.org *.fontawesome.com *.bfldr.com *.cookielaw.org *.pardot.com https://*.fontawesome.com/*/ https://*.googleapis/*/ *.brandfolder.io https://vjs.zencdn.net https://platform-api.sharethis.com *.sharethis.com *.buzzsprout.com web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.voyagersopris.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.userway.org *.fontawesome.com *.bfldr.com https://ka-p.fontawesome.com/releases/ *.cookielaw.org *.pardot.com https://kit.fontawesome.com https://*.fontawesome.com/*/ https://*.googleapis/*/ *.brandfolder.io https://vjs.zencdn.net web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.voyagersopris.com https://cdn.jsdelivr.net https://cdn.userway.org *.fontawesome.com *.bfldr.com *.cookielaw.org https://*.fontawesome.com/*/ https://*.googleapis/*/ *.brandfolder.io *.sharethis.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.voyagersopris.com https://cdn.jsdelivr.net *.fontawesome.com *.bfldr.com *.cookielaw.org *.userway.org voyagerlearning.secure.force.com; frame-src 'self' *.voyagersopris.com *.cookielaw.org *.sharethis.com *.pardot.com *.secure.force.com *.my.salesforce-sites.com *.buzzsprout.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com *.googletagmanager.com *.cookielaw.org *.userway.org https://*.fontawesome.com/*/ https://*.googleapis/*/ https://analytics.google.com *.fontawesome.com *.sharethis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.voyagersopris.com *.bfldr.com *.fontawesome.com *.cookielaw.org *.brandfolder.io; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com *.cookielaw.org https://analytics.google.com *.pardot.com *.secure.force.com web-chat.nativechat.com; form-action 'self' *.my.salesforce-sites.com; frame-ancestors 'self'; object-src 'self' Plugin types 1
default-src https:; img-src https: data:; object-src 'none'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; base-uri 'self'; form-action 'self'; worker-src blob: https:; frame-ancestors 'self' 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://maps.noord-holland.nl https://geoapps.noord-holland.nl https://app.springcast.fm https://datalab.noord-holland.nl; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-M2Y0ZDNmMWQtNDNjYy00MjM5LWFkYjMtZTMyYjcyOTkzNWM4' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-M2Y0ZDNmMWQtNDNjYy00MjM5LWFkYjMtZTMyYjcyOTkzNWM4' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
default-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; object-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline' 1
upgrade-insecure-requests;               frame-src 'self' https://*.udir.no/ https://player.vimeo.com/ https://policy.app.cookieinformation.com/ https://qap-prod.udirqlik.no/ https://www.google.com/ https://dreambroker.com/;               frame-ancestors 'self' https://*.udir.no/  https://*.instructure.com/; 1
base-uri 'none'; font-src 'self' data: https://cdnjs.cloudflare.com *.crazyegg.com https://fonts.googleapis.com https://pub.mdpi-res.com https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src * data:; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://pub.mdpi-res.com https://fonts.googleapis.com; script-src 'self' https: 'unsafe-inline' https://cdnjs.cloudflare.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googleusercontent.com https://*.googletagmanager.com *.crazyegg.com *.cookiebot.com *.mdpi.com 'strict-dynamic' 'nonce-WPYUhwAip4H0paizujodwg=='; default-src *; connect-src 'self' ws: https://cdnjs.cloudflare.com https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googleusercontent.com https://*.googletagmanager.com https://api.iconify.design https://api.simplesvg.com/ https://api.unisvg.com/ https://fonts.googleapis.com https://pub.mdpi-res.com *.crazyegg.com *.cookiebot.com *.ingest.sentry.io/ *.mdpi.com; frame-src 'self' *.cookiebot.com; child-src 'self' blob:; worker-src 'self' blob:; 1
frame-ancestors 'self'  https://mtt.avp.tech; 1
default-src 'self' data: localhost:* *.episerver.net *.readspeaker.com *.arcgisonline.nl *.arcgisonline.com js.arcgis.com *.arcgis.com *.google.com *.googleapis.com *.hotjar.com *.hotjar.io *.prorail.nl *.spoordata.nl *.werkenbijprorail.nl *.youtube-nocookie.com www.google.nl www.googletagmanager.com tagmanager.google.com px.ads.linkedin.com www.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.recaptcha.net 'unsafe-inline' 'unsafe-eval'; connect-src https: ws: wss:; 1
default-src https: data: blob: ws: wss: mailto: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.concurra.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://livechat.udmedia.de https://www.paypalobjects.com https://www.google.com https://www.gstatic.com 'unsafe-eval'; object-src 'self'; style-src 'self' https://livechat.udmedia.de https://udmedia.de https://www.udmedia.de 'unsafe-inline'; img-src 'self' data: https://livechat.udmedia.de https://hilfe.udmedia.de https://udmedia.de https://www.udmedia.de; media-src 'self' https://livechat.udmedia.de; frame-src 'self' https://www.google.com https://livechat.udmedia.de; font-src 'self' https://www.paypalobjects.com https://livechat.udmedia.de; connect-src 'self' https://livechat.udmedia.de; 1
default-src 'self' https://www.polarhistorie.no; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://p.typekit.net https://use.typekit.net https://fonts.gstatic.com https://www.polarhistorie.no;img-src 'self' https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net https://use.fontawesome.com https://*.npolar.no https://polyfill.io https://*.jquery.com https://code.highcharts.com https://unpkg.com https://*.googleapis.com https://*.siteimprove.net https://*.amazonaws.com https://*.list-manage.com https://cdnjs.cloudflare.com; https://www.polarhistorie.nofont-src https://fonts.gstatic.com https://use.typekit.net 'self' data:;object-src 'self' https://*.npolar.no https://www.polarhistorie.no;base-uri 'none';frame-ancestors 'self' https://*.npolar.no https://www.polarhistorie.no;frame-src 'self' https://*.npolar.no https://*.spotify.com https://*.youtube.com https://*.facebook.com https://*.acast.com https://www.listennotes.com https://www.polarhistorie.no;form-action 'self' https://*.list-manage.com https://www.polarhistorie.no;media-src 'self' https: https://www.polarhistorie.no;connect-src 'self' https:; 1
default-src 'self' https://use.typekit.net https://10361108.fls.doubleclick.net/ https://cdn.cluepixel.com https://www.google.com https://*.youtube.com https://cdnjs.cloudflare.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://use.typekit.net/ https://cdn-cookieyes.com/client_data/a63c3a525e3ff2c7a6747763/banner.js https://polyfill.io/ https://cdn.jsdelivr.net/ https://connect.facebook.net/ https://maps.googleapis.com/ https://polyfill.io/v3/* https://cdn.jsdelivr.net/* https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://p.typekit.net/ https://use.typekit.net/ https://fonts.googleapis.com https://cdnjs.cloudflare.com https://script.hotjar.com https://static.hotjar.com https://www.google-analytics.com https://www.google.ca https://www.google.com https://www.googletagmanager.com; img-src 'self' data: https://cdn-cookieyes.com/ https://cdn.cluepixel.com/ https://www.google-analytics.com https://www.google.com https://www.google.ca; font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com/ data: ; media-src 'self'; object-src 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://10361108.fls.doubleclick.net/ https://www.google.com/ https://*.youtube.com https://vars.hotjar.com https://*.vimeo.com; frame-ancestors 'self' https://*.youtube.com https://vars.hotjar.com https://*.vimeo.com; base-uri 'self'; connect-src 'self' https://cdn-cookieyes.com/ https://log.cookieyes.com/ https://vc.hotjar.io/ https://maps.googleapis.com/ https://api.redirect.li https://yp.cdnstream1.com https://www.google-analytics.com https://in.hotjar.com https://*.doubleclick.net https://*.hotjar.com wss://*.hotjar.com; 1
frame-ancestors 'self' *.kalshi.com *.kalshi.co 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob: https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr6.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io https://tr.snapchat.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://m.ameliorate.com https://checkout.ameliorate.com https://www.ameliorate.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.ameliorate.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://cdn.pubnub.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' https: wss: data:; connect-src 'self' https: wss: data: *.raekdata.com *.raek.net *.cloudflare.com *.google-analytics.com *.tiktok.com *.hotjar.com *.hotjar.io *.calendly.com; style-src 'self' 'unsafe-inline' *.raekdata.com *.raek.net *.cloudflare.com *.googleapis.com *.calendly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.raekdata.com *.raek.net *.cloudflare.com *.cloudflareinsights.com *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.facebook.com *.facebook.net *.twitter.com *.ads-twitter.com *.hotjar.com *.hotjar.io *.tiktok.com *.licdn.com *.clickcease.com *.redditstatic.com *.calendly.com; object-src 'none' 1
default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self' rdrama.net watchpeopledie.tv; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com static.cloudflareinsights.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com static.cloudflareinsights.com; frame-src www.teamblind.com www.tiktok.com www.instagram.com embed.reddit.com challenges.cloudflare.com cdpn.io platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' submit.watchpeopledie.tv; img-src media.tenor.com i.imgur.io rdrama.net kiwifarms.hk media4.giphy.com files.catbox.moe media.giphy.com kiwifarms.st upload.wikimedia.org substackcdn.com 66.media.tumblr.com i.giphy.com thumbs.gfycat.com pomf2.lain.la 64.media.tumblr.com media1.tenor.com i.postimg.cc media1.giphy.com i.watchpeopledie.tv watchpeopledie.tv media0.giphy.com i.pinimg.com staging.rdrama.net videos.watchpeopledie.tv kiwifarms.net media2.giphy.com i.imgur.com preview.redd.it media3.giphy.com i.kym-cdn.com 78.media.tumblr.com live.staticflickr.com c.tenor.com pbs.twimg.com external-preview.redd.it uploads.kiwifarms.st i.ytimg.com uploads.kiwifarms.hk 37.media.tumblr.com i.redd.it uploads.kiwifarms.net i.rdrama.net data:; media-src *.googlevideo.com archive.org *.archive.org media.tenor.com i.imgur.io rdrama.net kiwifarms.hk media4.giphy.com files.catbox.moe media.giphy.com kiwifarms.st upload.wikimedia.org substackcdn.com 66.media.tumblr.com i.giphy.com thumbs.gfycat.com pomf2.lain.la 64.media.tumblr.com media1.tenor.com i.postimg.cc media1.giphy.com i.watchpeopledie.tv watchpeopledie.tv media0.giphy.com i.pinimg.com staging.rdrama.net videos.watchpeopledie.tv kiwifarms.net media2.giphy.com i.imgur.com preview.redd.it media3.giphy.com i.kym-cdn.com 78.media.tumblr.com live.staticflickr.com c.tenor.com pbs.twimg.com external-preview.redd.it uploads.kiwifarms.st i.ytimg.com uploads.kiwifarms.hk 37.media.tumblr.com i.redd.it uploads.kiwifarms.net i.rdrama.net; upgrade-insecure-requests; 1
frame-ancestors 'self' investors.lilium.com lilium-preview.gcs-web.com lilium.gcs-web.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.texthelp.com https://*.browsealoud.com https://players.brightcove.net https://vjs.zencdn.net https://cdn.rawgit.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://www.gstatic.com blob: https://cdn.siteimprove.net https://unpkg.com; frame-ancestors 'self'; report-uri https://www.mumc.nl/report-uri/enforce; block-all-mixed-content 1
frame-ancestors 'self' https://www.centerparcs.fr/booking/ https://www.centerparcs.nl/booking/ https://www.centerparcs.de/booking/ https://www.centerparcs.com/booking/ https://www.centerparcs.eu/booking/ https://www.centerparcs.ch/booking/ https://www.centerparcs.be/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://www.sunparks.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ https://ta.groupepvcp.com/booking/ 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-bJTpt9JnKIZ6YAimHiRh5g=='; 1
default-src http: https: 'unsafe-inline' 'unsafe-eval'; img-src http: https: data:; object-src 'none'; frame-ancestors 'self'; 1
frame-ancestors *.getsquirrel.co *.myshopline.com 1
default-src 'self'; script-src 'self' 'unsafe-eval'; worker-src blob:; child-src blob:; media-src 'self' https:;  script-src-elem 'self' 'unsafe-inline' https://heapanalytics.com https://*.heapanalytics.com  https://*.googletagmanager.com https://*.google-analytics.com https://*.cookielaw.org; connect-src 'self' https:; style-src 'self' 'unsafe-inline' https:; img-src * data:; font-src 'self' data:; frame-ancestors 'none'; frame-src https:; 1
frame-ancestors 'self' http://app.reskyt.com/ ; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-regular.woff2 https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-regular.woff https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-regular.ttf https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-social-regular.woff2 https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-social-regular.woff https://dudodiprj2sv7.cloudfront.net/font/glyphicons/glyphicons-social-regular.ttf data:; media-src * blob:; 1
default-src 'self'; style-src 'self' 'unsafe-inline' cssversicherung.scene7.com fonts.googleapis.com translate.googleapis.com *.mopinion.com; style-src-elem 'self' 'unsafe-inline' cssversicherung.scene7.com fonts.googleapis.com translate.googleapis.com *.mopinion.com; img-src 'self' data: *.css.ch *.pinterest.com s0.2mdn.net bat.bing.com *.mopinion.com www.facebook.com connect.facebook.net preview3.assetsadobe.com s7g10.scene7.com cssversicherung.scene7.com cm.everesttech.net dpm.demdex.net *.googlesyndication.com *.gstatic.com maps.googleapis.com *.googleadservices.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.google.com *.google.ch *.google.de *.google.at *.google.it *.google.fr *.google.li; font-src 'self' data: *.gstatic.com *.mopinion.com; object-src 'self' data: blob:; media-src 'self' data: blob: s7mbrstream-g1.scene7.com cssversicherung.scene7.com; worker-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.css.ch analytics.tiktok.com brame-static.s3.amazonaws.com translate.google.com translate.googleapis.com s.pinimg.com *.pinterest.com *.gstatic.com *.mopinion.com api.microsofttranslator.com bat.bing.com css-chat.smoope.net www.google.ch www.google.com www.google.de www.google.at www.google.it www.google.fr www.google.li *.googlesyndication.com *.datatrans.com pci-proxy.com sandbox.pci-proxy.com *.doubleclick.net www.googletagservices.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.analytics.google.com cssversicherung.scene7.com connect.facebook.net cdn.tt.omtrdc.net d2qmp7jjpd79k7.cloudfront.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.css.ch analytics.tiktok.com brame-static.s3.amazonaws.com translate.google.com translate.googleapis.com s.pinimg.com *.pinterest.com *.gstatic.com *.mopinion.com api.microsofttranslator.com bat.bing.com css-chat.smoope.net www.google.ch www.google.com www.google.de www.google.at www.google.it www.google.fr www.google.li *.googlesyndication.com *.datatrans.com pci-proxy.com sandbox.pci-proxy.com *.doubleclick.net www.googletagservices.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.analytics.google.com cssversicherung.scene7.com connect.facebook.net cdn.tt.omtrdc.net d2qmp7jjpd79k7.cloudfront.net maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com assets.adobedtm.com; connect-src 'self' wss://*.css.ch *.css.ch analytics.tiktok.com maps.googleapis.com *.cookiebot.com *.pinterest.com api.weatherapi.com *.mopinion.com www.facebook.com www.bing.com bat.bing.com *.googlesyndication.com css-api.smoope.net *.google.com *.doubleclick.net *.google-analytics.com *.analytics.google.com s7mbrstream-g1.scene7.com cssversicherung.scene7.com cssversicherung.tt.omtrdc.net dpm.demdex.net; frame-src 'self' *.css.ch analytics.tiktok.com live.brame-gamification.com *.pinterest.ch *.pinterest.com *.google.com *.googlesyndication.com *.doubleclick.net cap.attempts.securecode.com *.datatrans.com sandbox.pci-proxy.com acs.swisscard.ch *.cookiebot.com www.youtube.com assets.adobedtm.com csskranken-versicherungag.demdex.net 3dsec.cardcenter.ch *.mopinion.com css-chat.smoope.net www.facebook.com; frame-ancestors 'self' *.css.ch csskranken-versicherungag.experiencecloud.adobe.com; form-action 'self' *.datatrans.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://cssversicherung.report-uri.com/r/d/csp/enforce; report-to csp-endpoint 1
frame-ancestors 'self' https://help.patagonia.com/ https://notouchie-patagoniacommunity.cs7.force.com/ 1
frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch; object-src 'self'; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://fonts.intercomcdn.com data:; connect-src 'self' c.jobscout24.ch adservice.google.com *.g.doubleclick.net *.tealiumiq.com *.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com www.googletagmanager.com www.google.ch www.google.com www.google.de www.google.fr www.google.it wss://*.intercom.io https://*.intercom.io https://*.eu.intercom.io https://*.eu.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com *.jobs.ch *.lokalise.com https://www.facebook.com/tr/ https://ingest.webvitalize.io/ snap.licdn.com/li.lms-analytics/ dynamic.criteo.com/js/ld/ secure.leadforensics.com/js/ secure.data-insight365.com/Track/ idx.liadm.com/idex/ https://bat.bing.com *.clarity.ms/collect *.creativecdn.com; frame-src 'self' https://*.hotjar.com *.jobs.ch tpc.googlesyndication.com *.google.com landbot.io *.alisearch.ch *.criteo.com *.doubleclick.net https://maps.google.de https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://www.youtube.com https://www.vimeo.com https://player.vimeo.com https://widget.eu.criteo.com/ *.creativecdn.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com; script-src 'nonce-zH7NkjIuC7BmAtOecEGBGwArNS1AfoaFuiO+cxShff4=' 'self' 'sha256-4xaBeTeGhaTJUTflU97MvimdBrAPDQ8nIcRN627uhqQ=' 'sha256-/OiXyoYdO/5145tKU2HLrF7SBc8dlsEEMhUef8yBBP0=' 'sha256-zl6W6Kb3WQbCwq/2GhFpSTTmTKL0WJPu7xBa2A1gxrU=' https://visitor-service-eu-central-1.tealiumiq.com https://visitor-service.tealiumiq.com *.tealiumiq.com *.tiqcdn.com *.criteo.net *.hotjar.com https://www.googletagmanager.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.appcast.io https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net https://www.google.com https://www.google.ch https://www.google.de https://www.google.fr https://api.microsofttranslator.com https://sslwidget.criteo.com https://tpc.googlesyndication.com *.gstatic.com *.intercom.io *.intercomcdn.com *.landbot.io c.jobscout24.ch https://524003370.collect.igodigital.com lokalise.co lokalise.com *.lokalise.com https://connect.facebook.net https://sslwidget.criteo.com https://package.webvitalize.io/ snap.licdn.com/li.lms-analytics/ dynamic.criteo.com/js/ld/ secure.leadforensics.com/js/ secure.data-insight365.com/Track/ idx.liadm.com/idex/ https://*.hotjar.com https://bat.bing.com/ https://www.clarity.ms/ tags.creativecdn.com 'sha256-/OiXyoYdO/5145tKU2HLrF7SBc8dlsEEMhUef8yBBP0=' 'sha256-EhZylS+VkNAyZeNbVSY9oQZpK1Eu/148ksMpqd2IWJY=' 'sha256-KaIKxRygrKWFF9Qry6CqCrzyop6GuujvlA3kB2l/5PQ=' 'sha256-nw/zJx5hSauRwXfx3uVnLtTcUmT0OWIOivhvxNn3DCs=' 'sha256-nw/zJx5hSauRwXfx3uVnLtTcUmT0OWIOivhvxNn3DCs=' 'sha256-rfxMjpKvHZ5q7a0ZIT4Dzs87I4/diEeTs4ujyYs2u3g=' 'sha256-ziBMm/iX6dmVGECRsbk6tynf1XeLf3Okehr5YmdujKM='; report-uri https://o348636.ingest.sentry.io/api/5513946/security/?sentry_key=98e5add7cc8144b7a8bf44f69c20cb42; report-to csp-endpoint;  1
default-src 'self' *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com; img-src 'self' 'unsafe-inline' * data: www.w3.org;frame-src 'self' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticcontents.investis.com vars.hotjar.com in.hotjar.com *.fls.doubleclick.net www.youtube.com www.google.com irs.tools.investis.com otp.tools.investis.com ir.tools.investis.com players.brightcove.net *.webvideocore.net *.smartrecruiters.com *.investis.com cdgwebsites.com *.doubleclick.net;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net staticcontents.investis.com tagmanager.google.com viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com cdnjs.cloudflare.com *.idigitalcontents.com fast.fonts.net *.webvideocore.net *.smartrecruiters.com *.investis.com *.onetrust.com;font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com tagmanager.google.com *.idigitalcontents.com *.webvideocore.net *.smartrecruiters.com *.investis.com *.onetrust.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com staticcontents.investis.com cdn.cookielaw.org viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com *.googletagmanager.com *.google-analytics.com cdn.cookielaw.org connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com edge.api.brightcove.com *.googleapis.com tagmanager.google.com stats.g.doubleclick.net *.investisdigital.com googleads.g.doubleclick.net googleadservices.com cdn.jsdelivr.net cdnjs.cloudflare.com facebook.com www.gstatic.com pi.pardot.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com www.youtube.com *.vimeo.com *.webvideocore.net *.smartrecruiters.com *.investis.com *.jsdelivr.com *.jsdelivr.net *.go-mpulse.net *.googleadservices.com *.onetrust.com;media-src 'self' *.brightcove.com *.brightcovecdn.com *.investis.com;connect-src 'self' *.analytics.google.com *.google.com *.google-analytics.com *.facebook.net *.facebook.com region1.google-analytics.com cdn.cookielaw.org viz.tools.investis.com *.investisdigital.com edge.api.brightcove.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net *.googleapis.com *.investis.com *.jsdelivr.com *.jsdelivr.net *.go-mpulse.net *.akstat.io *.akamaihd.net *.onetrust.com;base-uri 'none'; form-action 'self'; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.sentinelassam.com;block-all-mixed-content; 1
default-src blob: 'self' ;script-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://widget.gocxl.com/ https://google.nl/pagead/1p-conversion/accountID/* https://admin.relay42.com *.r42tag.com *.visualwebsiteoptimizer.com app.vwo.com *.pingvp.com analytics.interpolis.nl *.mopinion.com *.interpolis.nl az416426.vo.msecnd.net analytics.twitter.com  www.google-analytics.com static.ads-twitter.com www.googleoptimize.com www.googletagmanager.com *.doubleclick.net *.googleadservices.com opzeggen.nl www.opzeggen.nl cdn.harvest.graindata.com widget.greenonline.nl https://static.hotjar.com https://script.hotjar.com https://js.arcgis.com *.googleanalytics.com https://optimize.google.com https://*.hotjar.io:* googleads.g.doubleclick.net tpc.googlesyndication.com;style-src 'self' 'unsafe-inline' *.pingvp.com fonts.googleapis.com fast.fonts.net js.arcgis.com widget.greenonline.nl optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://widget.gocxl.com/ ;img-src data: 'self' https://widget.gocxl.com/  *.pingvp.com *.google-analytics.com www.google.com https://t.co/i/adsct www.googletagmanager.com https://i.ytimg.com/ img.youtube.com services.arcgisonline.com server.arcgisonline.com www.google.nl interpolis.imgix.com js.arcgis.com fls.doubleclick.net interpolis.imgix.net  https://script.hotjar.com optimize.google.com www.gstatic.com https://analytics.twitter.com https://ad.doubleclick.net https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;font-src data: 'self' *.pingvp.com fonts.gstatic.com js.arcgis.com widget.greenonline.nl https://script.hotjar.com https://widget.gocxl.com/ ;connect-src 'self' https://widget.gocxl.com  https://pagead2.googlesyndication.com/pagead/landing https://google.nl/pagead/1p-conversion/accountID/* *.pingvp.com *.mopinion.com *.interpolis.nl dc.services.visualstudio.com *.google-analytics.com https://www.opzeggen.nl interpolis.imgix.net controle.achmea.consentmonitor.nl https://*.hotjar.com:* https://*.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com services.arcgisonline.com adservice.google.com geocode.arcgis.com https://ad.doubleclick.net  *.visualwebsiteoptimizer.com app.vwo.com;media-src 'self' *.pingvp.com *.interpolis.nl https://widget.gocxl.com/;object-src 'self' *.pingvp.com https://widget.gocxl.com/;child-src 'self' blob: t.svtrd.com youtube-nocookie.com www.youtube-nocookie.com *.doubleclick.net *.hotjar.com *.hotjar.io e.interpolis.nl widgets.bnr.nl www.youtube.com art19.com optimize.google.com *.pingvp.com tpc.googlesyndication.com app.vwo.com formulier.interpolis.nl https://widget.gocxl.com/;frame-ancestors 'self' www.youtube-nocookie.com youtube-nocookie.com *.doubleclick.net e.interpolis.nl https://vars.hotjar.com optimize.google.com tpc.googlesyndication.com app.vwo.com *.visualwebsiteoptimizer.com https://widget.gocxl.com/ ;form-action 'self' t.svtrd.com https://transaction.acceptemail.com https://widget.gocxl.com/;manifest-src 'self' t.svtrd.com *.interpolis.nl broker.nxtid.nl data:;upgrade-insecure-requests;block-all-mixed-content;report-uri https://interpolis.ams.report-uri.com/r/t/csp/enforce; 1
default-src https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com ws://www.bnamed.net wss://www.bnamed.net 'self';script-src 'nonce-ODI0MDc3NDY0MDY1NjAx' 'sha256-uQyoKR3lBoDKU5iLg9zKfBYNrpUw6f/mybOTAsyvaZI=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' https://tagmanager.google.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com www.gstatic.com ws://www.bnamed.net wss://www.bnamed.net 'self'; style-src https://tagmanager.google.com https://fonts.googleapis.com https://cdn.bnamed.net https://www.bnamed.net 'self' 'unsafe-inline'; object-src 'none';report-uri /reportURI 1
base-uri 'self' ;connect-src 'self' *.youtube.com consentcdn.cookiebot.com www.googletagmanager.com *.google-analytics.com *.googlesyndication.com securepubads.g.doubleclick.net *.vimeo.com *.vimeocdn.com *.raicore.com *.ternair.com *.ternairsoftware.com ep.rai.nl services.crmservice.eu stats.g.doubleclick.net *.formitable.com site-rai.rai.mobilityportal.nl maps.googleapis.com etender-connect.com;default-src 'self' ;font-src 'self' fonts.gstatic.com cdn.jsdelivr.net *.raicore.com kit.fontawesome.com ka-p.fontawesome.com maxcdn.bootstrapcdn.com data:;frame-ancestors 'self' tiki-toki.com *.stachanov.com *.amsterdam.nl penr.stachanov.com;frame-src consentcdn.cookiebot.com *.youtube.com *.googlesyndication.com www.google.com www.google.rs *.vimeo.com *.vimeocdn.com snapwidget.com ep.rai.nl *.google-analytics.com *.googleadservices.com ajax.googleapis.com fonts.googleapis.com www.google.nl www.googletagmanager.com www.googletagservices.com *.doubleclick.net stats.g.doubleclick.net preferencecenter.metstrade.com forms.office.com widget.formitable.com *.tiki-toki.com penr.stachanov.com maps.google.com widget-rai.rai.mobilityportal.nl site-rai.rai.mobilityportal.nl arai.facilitor.nl cdn.formitable.com e.issuu.com penr.stachanov.com youreka-virtualtours.be newsletters.rai.nl youtube.com preferencecenter.rai.nl;img-src 'self' *.google-analytics.com *.googlesyndication.com ep.rai.nl *.vimeo.com *.vimeocdn.com data: www.google.com www.google.rs *.raicore.com connect.facebook.net *.facebook.com *.visualwebsiteoptimizer.com maps.gstatic.com uploads.rai.mobilityportal.nl maps.googleapis.com  *.azureedge.net *.github.io *.guestplan.com;script-src 'self' www.googletagmanager.com *.google-analytics.com consentcdn.cookiebot.com *.googleadservices.com code.jquery.com cdn.jsdelivr.net unpkg.com 'unsafe-inline' 'unsafe-eval' services.crmservice.eu www.googletagservices.com securepubads.g.doubleclick.net *.googlesyndication.com adservice.google.com adservice.google.nl adservice.google.rs *.ternair.com *.ternairsoftware.com ep.rai.nl services.crmservice.eu *.raicore.com ajax.cloudflare.com cdnjs.cloudflare.com consent.cookiebot.com stats.g.doubleclick.net ep.rai.nl connect.facebook.net *.facebook.com ajax.googleapis.com www.google.com www.google.rs *.doubleclick.net fonts.gstatic.com fonts.googleapis.com www.google.nl maxcdn.icons8.com data: preferencecenter.metstrade.com snapwidget.com static.ads-twitter.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.visualwebsiteoptimizer.com *.consent.cookiebot.com *.formitable.com site-rai.rai.mobilityportal.nl maps.googleapis.com *.hotjar.com *.hotjar.io *.hotjar.com 'unsafe-inline' *.guestplan.com;style-src 'self' cdn.jsdelivr.net 'unsafe-inline' fonts.googleapis.com *.raicore.com * kit.fontawesome.com ka-p.fontawesome.com ; 1
base-uri 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://use.fontawesome.com; form-action 'self' search.google.com *.facebook.com connect.facebook.net; frame-ancestors 'self' firstvet.com *.firstvet.com; img-src * data:; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com https://optimize.google.com https://*.googletagmanager.com https://use.fontawesome.com; upgrade-insecure-requests; child-src 'self' blob: *.facebook.com connect.facebook.net; connect-src 'self' https://se.api.shop.firstvet.com https://uk.api.shop.firstvet.com http://127.0.0.1:8080 wss://127.0.0.1:24679/_nuxt/ ws://firstvet.com:24678 wss://firstvet.com:24678 http://firstvet.com:24678 https://firstvet.com:24678 connect.facebook.net *.facebook.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.g.doubleclick.net https://*.google.com https://*.google.se https://*.google.co.uk https://pagead2.googlesyndication.com *.klarnaevt.com *.firstvet.com *.sentry.io app.getsentry.com *.shop.firstvet.com *.firstvet.com *.bing.com wss://*.bing.com track.adtraction.com api.adtraction.net *.clarity.ms http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://api.stripe.com https://consentcdn.cookiebot.com https://*.dialogtrail.com *.triggerbee.com *.shop.firstvet.com:8888 *.funktionstjanster.se https://sdk.fra-02.braze.eu; default-src 'self'; frame-src 'self' *.facebook.com connect.facebook.net *.klarna.com *.klarnaevt.com https://*.facebook.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.googleoptimize.com https://js.stripe.com https://hooks.stripe.com https://bid.g.doubleclick.net https://td.doubleclick.net sdx.microsoft.com https://consentcdn.cookiebot.com https://www.youtube-nocookie.com https://www.youtube.com youtube.com https://optimize.google.com/; script-src 'self' 'unsafe-inline' https://se.api.shop.firstvet.com https://uk.api.shop.firstvet.com https://*.googletagmanager.com https://tagmanager.google.com https://*.googleoptimize.com https://optimize.google.com https://*.analytics.google.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://translate.google.com *.klarna.com *.klarnaevt.com *.sentry.io *.sentry-cdn.com connect.facebook.net shop.firstvet.com *.shop.firstvet.com firstvet.com *.firstvet.com *.bing.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-sw.js https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-core.prod.js https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-precaching.prod.js https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-strategies.prod.js https://cdn.jsdelivr.net/npm/workbox-cdn@5.1.4/workbox/workbox-routing.prod.js https://cdn.recookies.com/recookies.min.js https://*.clarity.ms https://js.stripe.com valuesportal.com *.valuesportal.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://t.myvisitors.se https://headless.dialogtrail.com https://analytics.tiktok.com https://code.jquery.com; worker-src 'self' blob: 1
default-src blob: data: *.lpsnmedia.net; connect-src 'self' data: *.liveperson.net *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com wss://va.msg.liveperson.net *.launchdarkly.com *.uhcprovider.com *.jsdelivr.net pollyfill.io *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.cloudflare.com *.optum.com *.demdex.net *.omtrdc.net *.amazonaws.com *.lpsnmedia.net 'unsafe-inline'; script-src 'self' 'unsafe-eval' *.bluecoat.com *.federateddataservices.com *.gstatic.com *.qualtrics.com *.console.glassboxsaas.com *.coveo.com *.uhcprovider.com *.jsdelivr.net https://polyfill.io/v3/polyfill.js *.uhc.com *.uhg.com c2001.report.gbss.io cdn.gbqofs.com c1001.report.gbss.io *.glassboxdigital.io *.gbqofs.io *.newrelic.com *.adobedtm.com https://unpkg.com *.nr-data.net *.licdn.com *.cloudfront.net *.optum.com *.amazonaws.com *.liveperson.net *.lpsnmedia.net blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'none' 1
frame-src 'self';                                                      img-src  *.mysedgwick.com  https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ 'self' data:;                                                     child-src 'self';                                                     object-src 'none';                                                     base-uri 'self';                                                     frame-ancestors 'self';                                                     default-src 'self' https://geolocation.onetrust.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://fonts.gstatic.com/ https://storage.googleapis.com/co;                                                     style-src 'self' https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://storage.googleapis.com 'unsafe-inline';                                                     script-src 'self' https://cdn.cookielaw.org https://storage.googleapis.com/ 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://messaging.arrt.org https://apps.arrt.org https://stdata.arrt.org 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.holaislascanarias.com/report-uri/enforce 1
default-src 'self' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://*.analytics.google.com/ https://www.google-analytics.com/ https://*.hotjar.co/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://stats.g.doubleclick.net/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.sesamnet.net/ https://*.sesamnet.ch/ https://www.google-analytics.com/ https://*.hotjar.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://npmcdn.com/isotope-layout@3/dist/; style-src-elem 'self' 'unsafe-inline' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://p.typekit.net/ https://cdnjs.cloudflare.com/ajax/libs/ https://use.fontawesome.com/ https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net/ https://code.jquery.com/; style-src 'self' 'unsafe-inline' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://cdnjs.cloudflare.com/ajax/libs/ https://code.jquery.com/ https://use.fontawesome.com/ https://fonts.googleapis.com/ https://use.typekit.net/ https://p.typekit.net; font-src 'self' https://*.sesamnet.net https://*.sesamnet.ch https://cdnjs.cloudflare.com/ajax/libs/ https://use.fontawesome.com/releases/ https://fonts.gstatic.com/ https://use.typekit.net/; frame-src 'self' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://youtube.com/ https://www.youtube.com/ https://www.google.com/; img-src 'self' https://*.sesamnet.net/ https://*.sesamnet.ch/ https://favicons https://www.googletagmanager.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://consent.cookiebot.com https://s2.adform.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net *.112.2o7.net *.danskebank.dk *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://www.danskeinvest.fi https://code.highcharts.com *.googlesyndication.com; object-src 'self' video.qbrick.com; frame-src 'self' https://td.doubleclick.net https://9826794.fls.doubleclick.net https://shared-logon.danskebank.com  https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net https://priips.danskebank.com https://android.com https://windowsphone.com video.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com; 1
script-src 'nonce-58a2dfcb15e24cbab4d5261f0f7153a1'  'self' assets.adobedtm.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-eval'; child-src 'self' *.bell.ca assets.adobedtm.com rt.newswire.ca www.youtube.com c212.net pixel.mathtag.com googleads.g.doubleclick.net static.doubleclick.net www.google.com www.gstatic.com data: 'unsafe-eval'; frame-src https://www.google.com/recaptcha/ https://www.youtube.com/embed/; default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' * data:; font-src 'self'; connect-src 'self' *.bell.ca; form-action 'self' https://export.highcharts.com/; media-src *; frame-ancestors 'none'; object-src 'self'; base-uri 'self' 1
frame-ancestors https://adminv3.luxauto.lu http://www.lessentiel.lu https://www.lessentiel.lu http://www.garage-pauly.lu https://www.garage-pauly.lu http://www.gti.lu http://automobiles-cr.lu http://www.automobiles-cr.lu https://www.garagethielen.lu http://www.reiserbann.lu https://www.reiserbann.lu https://www.smartcenter.lu https://www.marval.lu https://www.garagecastermans.lu http://www.schneiders.lu https://www.serviceautomobile.lu https://www.pirsch.lu https://www.grand-garage-mondercange.lu http://www.diegrenzgaenger.lu https://www.diegrenzgaenger.lu http://www.lesfrontaliers.lu https://www.lesfrontaliers.lu https://colle.lu https://actions-autodis.lu; 1
'unsafe-inline'  default-src 'self' style-src 'self' 'https://fonts.googleapis.com' font-src 'self' 'https://fonts.gstatic.com' frame-src youtube.com https://www.youtube.com facebook.com https://www.facebook.com twitter.com https://www.twitter.com https://playhls.media.nic.in https://platform.twitter.com; 1
frame-ancestors https://learningguild.com https://devlearn.com; 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; connect-src 'self' *.cablex.test *.google-analytics.com *.chimpstatic.com *.cookiebot.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.doubleclick.net; font-src 'self' *.cablex.test data: *.gstatic.com *.chimpstatic.com *.azurewebsites.net *.fast.fonts.net *.cablex.ch *.cablex-germany.de; frame-ancestors *.cablex.test *.azurewebsites.net *.prospective.ch *.cablex.ch *.cablex-germany.de *.chimpstatic.com; frame-src 'self' *.cablex.test *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.cookiebot.com *.prospective.ch *.youtube-nocookie.com *.youtube.com *.chimpstatic.com *.google.com; img-src 'self' *.cablex.test data: *.tile.osm.org *.tile.openstreetmap.org *.azurewebsites.net *.cablex.ch *.cablex-germany.de *.google.com *.google.de *.google-analytics.com *.googletagmanager.com *.prospective.ch *.cookiebot.com *.chimpstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.cablex.test *.google-analytics.com *.googletagmanager.com *.bing.com *.facebook.net *.twitter.com *.cookiebot.com *.prospective.ch *.linkedin.com *.chimpstatic.com *.azurewebsites.net *.cablex.ch *.cablex-germany.de https://chimpstatic.com https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.6.3/iframeResizer.min.js *.youtube.com *.doubleclick.net; style-src 'self' *.cablex.test 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com *.chimpstatic.com https://unpkg.com/swiper/swiper-bundle.min.css *.prospective.ch *.fast.fonts.net *.azurewebsites.net *.cablex.ch *.cablex-germany.de; upgrade-insecure-requests 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/; script-src-elem * 'unsafe-inline'; script-src-attr * data: 'unsafe-inline'; img-src * data: 1
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org; img-src 'self' blob: data: https://map.ir https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://cdn.goftino.com https://api.userway.org; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors https://*.ringcentral.com https://*.ringcentral.ca https://*.ringcentral.co.uk https://*.ringcentral.com.au https://*.ringcentral.eu https://support.ringcentral.biz https://outlook.live.com https://outlook.office365.com https://outlook.office.com 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://gofulllidl.ie  https://*.adyen.com  https://*.abettertomorrow-lidl.ie  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://gofulllidl.ie  https://*.adyen.com  https://*.abettertomorrow-lidl.ie; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
child-src 'self' blob: https://connect.facebook.net https://www.youtube.com sumo.com load.sumo.com fancy.com slashdot.org; connect-src 'self' https://rs.fullstory.com https://sentry.io https://api.mixpanel.com https://www.facebook.com sumome.com sumo.com load.sumo.com *.google.com www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net www.google.com ws: wss: a.mstrlytcs.com *.visualwebsiteoptimizer.com app.vwo.com *.mixpanel.com *.ingest.sentry.io https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://*.lr-in-prod.com; default-src 'none'; font-src 'self' fonts.gstatic.com *.vwo.com; frame-src 'self' *.youtube.com *.vwo.com *.visualwebsiteoptimizer.com player.vimeo.com www.google.com; img-src 'self' data: https://p.praymorenovenas.com sumo.b-cdn.net sumo.com load.sumo.com load.sumome.com www.google-analytics.com www.facebook.com www.diigo.com www.houzz.com praymoreretreat.org slashdot.org *.visualwebsiteoptimizer.com *.vwo.com https://rs.fullstory.com; script-src blob: data: 'self' 'unsafe-inline' https://edge.fullstory.com https://ajax.cloudflare.com load.sumome.com load.sumo.com sumo.b-cdn.net https://api.bufferapp.com *.facebook.com https://www.linkedin.com widgets.pinterest.com buttons.reddit.com www.reddit.com https://reddit.com www.yummly.com www.googletagmanager.com www.google-analytics.com connect.facebook.net www.soup.io images.slashdot.org www.houzz.com www.diigo.com ajax.googleapis.com *.mxpnl.com *.visualwebsiteoptimizer.com 'unsafe-eval' app.vwo.com d5phz18u4wuww.cloudfront.netdev.visualwebsiteoptimizer.com player.vimeo.com www.google.com www.gstatic.com https://cdn.logrocket.io https://cdn.lr-ingest.io https://cdn.lr-in.com https://cdn.lr-in-prod.com; style-src 'self' 'unsafe-inline' cdn.quilljs.com sumo.b-cdn.net load.sumo.com fonts.googleapis.com www.houzz.com *.vwo.com; worker-src 'self' blob: 1
default-src 'self'; script-src-elem 'self' https://cdn.usefathom.com; script-src 'self' https://cdn.usefathom.com; child-src 'self' https://hooktube.com https://www.hooktube.com https://youtube.com https://www.youtube.com https://youtu.be https://gfycat.com https://streamja.com https://streamable.com https://vimeo.com https://vine.co https://instaud.io https://player.vimeo.com; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://cdn.usefathom.com wss://ovarit.com ws://ovarit.com 1
frame-ancestors https://*.guide-piscine.fr; 1
base-uri 'none'; default-src 'self' data: https: wss: *.crazyegg.com; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://maps.googleapis.com https://www.recaptcha.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/ https://www.dealer-fp-usa.com/ https://play.webvideocore.net/ *.crazyegg.com https://www.googletagmanager.com *.hotjar.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
default-src 'self' bucket.carmodel.com www.google.com www.gstatic.com widgets.trustedshops.com *.media-amazon.com *.amazon.com *.payments-amazon.com js.stripe.com *.iubenda.com *.google-analytics.com *.googletagmanager.com api.trustedshops.com shops-si.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com *.payments-amazon.com widgets.trustedshops.com cdnjs.cloudflare.com *.googleapis.com polyfill.io js.stripe.com *.iubenda.com *.googletagmanager.com *.jquery.com; style-src 'self' 'unsafe-inline' *.iubenda.com cdnjs.cloudflare.com; 1
default-src 'self'; script-src 'self' data: https://www.gstatic.com data: https://form.typeform.com data: https://static.geetest.com data: https://*.hotjar.com data: http://gcaptcha4.geetest.com data: http://gcaptcha4.gsensebot.com data: https://analytics.twitter.com data: https://t.co data: https://connect.facebook.net data: http://gcaptcha4.geetest.com data: http://gcaptcha4.gsensebot.com data: https://connect.facebook.net data: https://connect.facebook.net data: https://static.ads-twitter.com data: http://static.ads-twitter.com data: https://static.ads-twitter.com data: http://gcaptcha4.geevisit.com data: http://static.geetest.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://www.googletagmanager.com data: https://www.google-analytics.com data: https://widget.intercom.io data: https://js.intercomcdn.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' data: wss://*.firebaseio.com data: https://*.googleapis.com data: https://www.gstatic.com data: https://*.hyperverge.co data: https://*.amazonaws.com data: https://stats.g.doubleclick.net data: https://vitals.vercel-insights.com/v1/vitals data: https://test-api.difx.com data: http://gcaptcha4.gsensebot.com data: https://*.hotjar.com data: wss://*.hotjar.com data: https://www.facebook.com data: https://*.hotjar.io data: https://api-v2.difx.com data: wss://test-api.difx.com data: wss://api-v2.difx.com data: https://api-iam.intercom.io data: wss://nexus-websocket-a.intercom.io data: https://o1100856.ingest.sentry.io data: https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: https://www.gstatic.com data: https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js data: https://*.amazonaws.com data: https://connect.facebook.net data: https://*.hotjar.com data: http://gcaptcha4.geevisit.com data: http://gcaptcha4.gsensebot.com data: https://static.ads-twitter.com data: http://static.ads-twitter.com data: https://analytics.twitter.com data: https://t.co data: https://connect.facebook.net data: https://www.google.com/recaptcha data: https://static.geetest.com data: http://static.geetest.com data: http://gcaptcha4.geetest.com data: http://static.geevisit.com/ data: https://widget.intercom.io data: https://js.intercomcdn.com/ data: https://www.google-analytics.com data: https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: http://static.geetest.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://fonts.googleapis.com data: https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' data: https://www.googletagmanager.com data: https://www.google-analytics.com data: http://static.geetest.com data: https://fonts.googleapis.com data: https://cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://cdnjs.cloudflare.com data: https://js.intercomcdn.com data: https://fonts.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: https://difx-futures-app.vercel.app blob: data: https://media.difx.com data: https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com data: https://www.google.com data: https://www.google.ae data: http://*.cloudfront.net data: https://downloads.intercomcdn.com data: https://js.intercomcdn.com data: https://www.facebook.com data: https://t.co data: https://analytics.twitter.com data: http://static.geetest.com data: https://www.googletagmanager.com data: https://www.google-analytics.com data: http://static.geevisit.com data: http://dn-staticdown.qbox.me data: https://difxio.medium.com data: https://flagcdn.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' data: https://alchemy.veriff.com data: https://www.google.com data: https://www.typeform.com data: https://form.typeform.com/ data: https://www.facebook.com data: https://*.hotjar.com data: https://api.sumsub.com 'unsafe-inline' 'unsafe-eval' data: https://*.onramper.com data: https://onramp.money data: https://*.onramp.money; 1
form-action 'self'; base-uri mifx.com; default-src mifx.com https://youtu.be/ https://google.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://youtube.com https://www.youtube.com https://cdnjs.cloudflare.com https://chatserver.comm100.com/ https://hostedmax.comm100.com/ https://chatserver.comm100.com/ https://js.hs-scripts.com https://js.hs-analytics.net https://www.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com stats.g.doubleclick.net https://trade.mql5.com/ https://metatraderweb.app/ https://googleads.g.doubleclick.net/ https://smbchatserver.comm100.com/ https://smbmaxservice.comm100.com/ https://js.hsadspixel.net/ https://api.hubapi.com/ https://bid.g.doubleclick.net/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://tiktok.com js.hs-analytics.net js.hs-banner.com vue.comm100.com *.tradingview.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com wss://api.smooch.io zendesk-eu.my.sentry.io *.zopim.io *.zopim.com site.recognia.com *.tradingcentral.com static.zdassets.com *.lottiefiles.com mifx.com *.tradays.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://sdk.iad-05.braze.com *.braze.com https://analytics.google.com https://analytics.tiktok.com https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit; object-src 'self' https://youtu.be/ https://google.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://youtube.com https://www.youtube.com https://cdnjs.cloudflare.com https://chatserver.comm100.com/ https://hostedmax.comm100.com/ https://chatserver.comm100.com/ https://js.hs-scripts.com https://js.hs-analytics.net https://www.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com stats.g.doubleclick.net https://trade.mql5.com/ https://metatraderweb.app/ https://googleads.g.doubleclick.net/ https://smbchatserver.comm100.com/ https://smbmaxservice.comm100.com/ https://js.hsadspixel.net/ https://api.hubapi.com/ https://bid.g.doubleclick.net/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://tiktok.com js.hs-analytics.net js.hs-banner.com vue.comm100.com *.tradingview.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com wss://api.smooch.io zendesk-eu.my.sentry.io *.zopim.io *.zopim.com site.recognia.com *.tradingcentral.com static.zdassets.com *.lottiefiles.com mifx.com *.tradays.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://sdk.iad-05.braze.com *.braze.com https://analytics.google.com https://analytics.tiktok.com https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit; img-src 'self' https://youtu.be/ google-analytics.com www.google-analytics.com cdnjs.cloudflare.com/ajax/libs/emojione/ img.youtube.com https://chatserver.comm100.com/ https://track.hubspot.com/ https://www.facebook.com/ stats.g.doubleclick.net https://www.google.com/ https://www.google.co.id/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com/ http://files.dev.mifx.com/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://metatraderweb.app/ https://tiktok.com js.hs-analytics.net js.hs-banner.com https://smbchatserver.comm100.com/ files.mifx.com mifx.com *.googleusercontent.com *.mifx.zendesk.com https://mifx.zendesk.com *.zdassets.com wss://widget-mediator.zopim.com *.zopim.io https://connect.facebook.net static.zdassets.com *.autochartist.com *.mifx.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit index.php data: blob:; style-src 'self' 'unsafe-inline' https://youtu.be/ https://google.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://youtube.com https://www.youtube.com https://cdnjs.cloudflare.com https://chatserver.comm100.com/ https://hostedmax.comm100.com/ https://chatserver.comm100.com/ https://js.hs-scripts.com https://js.hs-analytics.net https://www.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com stats.g.doubleclick.net https://trade.mql5.com/ https://metatraderweb.app/ https://googleads.g.doubleclick.net/ https://smbchatserver.comm100.com/ https://smbmaxservice.comm100.com/ https://js.hsadspixel.net/ https://api.hubapi.com/ https://bid.g.doubleclick.net/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://tiktok.com js.hs-analytics.net js.hs-banner.com vue.comm100.com *.tradingview.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com wss://api.smooch.io zendesk-eu.my.sentry.io *.zopim.io *.zopim.com site.recognia.com *.tradingcentral.com static.zdassets.com *.lottiefiles.com mifx.com *.tradays.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://sdk.iad-05.braze.com *.braze.com https://analytics.google.com https://analytics.tiktok.com https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit; script-src 'self' 'unsafe-inline' https://youtu.be/ https://google.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://youtube.com https://www.youtube.com https://cdnjs.cloudflare.com https://chatserver.comm100.com/ https://hostedmax.comm100.com/ https://chatserver.comm100.com/ https://js.hs-scripts.com https://js.hs-analytics.net https://www.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com stats.g.doubleclick.net https://trade.mql5.com/ https://metatraderweb.app/ https://googleads.g.doubleclick.net/ https://smbchatserver.comm100.com/ https://smbmaxservice.comm100.com/ https://js.hsadspixel.net/ https://api.hubapi.com/ https://bid.g.doubleclick.net/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://tiktok.com js.hs-analytics.net js.hs-banner.com vue.comm100.com *.tradingview.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com wss://api.smooch.io zendesk-eu.my.sentry.io *.zopim.io *.zopim.com site.recognia.com *.tradingcentral.com static.zdassets.com *.lottiefiles.com mifx.com *.tradays.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://sdk.iad-05.braze.com *.braze.com https://analytics.google.com https://analytics.tiktok.com https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit 'nonce-ff1e73721ccd38019b4d5f972457cd3d' 'strict-dynamic' https: http:; frame-ancestors 'self' https://youtu.be/ https://google.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://youtube.com https://www.youtube.com https://cdnjs.cloudflare.com https://chatserver.comm100.com/ https://hostedmax.comm100.com/ https://chatserver.comm100.com/ https://js.hs-scripts.com https://js.hs-analytics.net https://www.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com stats.g.doubleclick.net https://trade.mql5.com/ https://metatraderweb.app/ https://googleads.g.doubleclick.net/ https://smbchatserver.comm100.com/ https://smbmaxservice.comm100.com/ https://js.hsadspixel.net/ https://api.hubapi.com/ https://bid.g.doubleclick.net/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://tiktok.com js.hs-analytics.net js.hs-banner.com vue.comm100.com *.tradingview.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com wss://api.smooch.io zendesk-eu.my.sentry.io *.zopim.io *.zopim.com site.recognia.com *.tradingcentral.com static.zdassets.com *.lottiefiles.com mifx.com *.tradays.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://sdk.iad-05.braze.com *.braze.com https://analytics.google.com https://analytics.tiktok.com https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit; child-src 'self' https://youtu.be/ https://google.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://youtube.com https://www.youtube.com https://cdnjs.cloudflare.com https://chatserver.comm100.com/ https://hostedmax.comm100.com/ https://chatserver.comm100.com/ https://js.hs-scripts.com https://js.hs-analytics.net https://www.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com stats.g.doubleclick.net https://trade.mql5.com/ https://metatraderweb.app/ https://googleads.g.doubleclick.net/ https://smbchatserver.comm100.com/ https://smbmaxservice.comm100.com/ https://js.hsadspixel.net/ https://api.hubapi.com/ https://bid.g.doubleclick.net/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://tiktok.com js.hs-analytics.net js.hs-banner.com vue.comm100.com *.tradingview.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com wss://api.smooch.io zendesk-eu.my.sentry.io *.zopim.io *.zopim.com site.recognia.com *.tradingcentral.com static.zdassets.com *.lottiefiles.com mifx.com *.tradays.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://sdk.iad-05.braze.com *.braze.com https://analytics.google.com https://analytics.tiktok.com https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit; frame-src 'self' https://youtu.be/ https://google.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://youtube.com https://www.youtube.com https://cdnjs.cloudflare.com https://chatserver.comm100.com/ https://hostedmax.comm100.com/ https://chatserver.comm100.com/ https://js.hs-scripts.com https://js.hs-analytics.net https://www.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com stats.g.doubleclick.net https://trade.mql5.com/ https://metatraderweb.app/ https://googleads.g.doubleclick.net/ https://smbchatserver.comm100.com/ https://smbmaxservice.comm100.com/ https://js.hsadspixel.net/ https://api.hubapi.com/ https://bid.g.doubleclick.net/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://tiktok.com js.hs-analytics.net js.hs-banner.com vue.comm100.com *.tradingview.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com wss://api.smooch.io zendesk-eu.my.sentry.io *.zopim.io *.zopim.com site.recognia.com *.tradingcentral.com static.zdassets.com *.lottiefiles.com mifx.com *.tradays.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://sdk.iad-05.braze.com *.braze.com https://analytics.google.com https://analytics.tiktok.com https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit; connect-src 'self' https://youtu.be/ https://google.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://youtube.com https://www.youtube.com https://cdnjs.cloudflare.com https://chatserver.comm100.com/ https://hostedmax.comm100.com/ https://chatserver.comm100.com/ https://js.hs-scripts.com https://js.hs-analytics.net https://www.googletagmanager.com https://track.hubspot.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com stats.g.doubleclick.net https://trade.mql5.com/ https://metatraderweb.app/ https://googleads.g.doubleclick.net/ https://smbchatserver.comm100.com/ https://smbmaxservice.comm100.com/ https://js.hsadspixel.net/ https://api.hubapi.com/ https://bid.g.doubleclick.net/ https://standby.comm100vue.com/ https://videos.sproutvideo.com/ https://sproutvideo.com/ https://lps.dev.mifx.com/ https://lps.mifx.com/ https://lps.mifx.com/ https://analytic.mifx.com/ https://tiktok.com js.hs-analytics.net js.hs-banner.com vue.comm100.com *.tradingview.com *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com wss://api.smooch.io zendesk-eu.my.sentry.io *.zopim.io *.zopim.com site.recognia.com *.tradingcentral.com static.zdassets.com *.lottiefiles.com mifx.com *.tradays.com braze-images.com *.google-analytics.com *.analytics.google.com *.analytics.tiktok.com *.twitter.com t.co *.mixpanel.com *.mxpnl.com https://cdn.mxpnl.com https://api-js.mixpanel.com private-smart-vps.php dashboard-smart-vps.php https://sdk.iad-05.braze.com *.braze.com https://analytics.google.com https://analytics.tiktok.com https://api-client.mifx.com/v3/trading-coupon-competition/register https://api-client.mifx.com/v3/campaign-promo/loyalty-register https://api-client.mifx.com/v3/trading-competition/register-submit; worker-src 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.net *.tvsquared.com *.doubleclick.net *.cloudfront.net *.careerarc.com *.vimeo.com *.youtube.com *.abrankings.com *.googleapis.com *.unpkg.com unpkg.com; frame-ancestors 'self' *.careerarc.com; img-src https: data: *; style-src 'unsafe-inline' *; connect-src *; font-src https: data: *; child-src *; 1
frame-ancestors 'self' *; script-src https://ajax.googleapis.com/ https://eu.yextstatic.com/ 'unsafe-eval' https://www.yext.com/ 'report-sample' https://tileproxy.cloud.mapquest.com/ https://ajax.aspnetcdn.com/ https://cmp.osano.com/ https://www.yextstatic.com/ https://www.googleapis.com/ https://edge.fullstory.com/ https://yexttest.atlassian.net/ https://www.googletagmanager.com/ 'unsafe-inline' blob: https://cdnjs.cloudflare.com/ https://www.yext-static.com/ https://maps.googleapis.com/ https://www.mapquestapi.com/ https://assets.sitescdn.net/ https://apis.google.com/ 'self' https://www.google-analytics.com/; report-uri /cspreports/error 1
default-src https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com ws://www.bnamed.net wss://www.bnamed.net 'self';script-src 'nonce-Nzc4NDAwODgzODI3MDE0' 'sha256-uQyoKR3lBoDKU5iLg9zKfBYNrpUw6f/mybOTAsyvaZI=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' 'sha256-Sr+FfLApO55KEHUmp1pCdAfP+DIUvDvWeljNRs5Ts4k=' https://tagmanager.google.com https://cdn.bnamed.net https://www.bnamed.net https://www.googletagmanager.com/ https://www.google-analytics.com/ www.google.com connect.facebook.net www.facebook.com www.gstatic.com ws://www.bnamed.net wss://www.bnamed.net 'self'; style-src https://tagmanager.google.com https://fonts.googleapis.com https://cdn.bnamed.net https://www.bnamed.net 'self' 'unsafe-inline'; object-src 'none';report-uri /reportURI 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://bat.bing.com https://www.bing.com https://*.truefitcorp.com https://*.yahoo.co.jp https://adservice.google.com https://amplify.outbrain.com https://analytics.google.com https://api-env.cartfulsolutions.com https://api.cartfulsolutions.com https://apis.google.com https://assets.adobedtm.com https://assets.reflow.tv https://careers.lululemon.com https://cdn.cquotient.com https://cdn.ctnsnet.com https://cdn.honey.io https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdn.treasuredata.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://consentag.eu https://ct.pinterest.com https://d.line-scdn.net https://d38d4ysphgm9dz.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://embed.cartfulsolutions.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://i.ctnsnet.com https://images.lululemon.com https://insight.reflow.tv https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://p.teads.tv https://pay.google.com https://r.cquotient.com https://s.pinimg.com https://s.yimg.com https://s.yimg.jp https://s7mbrstream.scene7.com https://smetrics.lululemon.co.jp https://sslwidget.criteo.com https://static.ads-twitter.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.teads.tv https://tag.rmp.rakuten.com https://tez.google.com https://tokyo.in.treasuredata.com https://tpc.googlesyndication.com https://tr.outbrain.com https://translate.google.com https://wf.cartfulsolutions.com https://widget.as.criteo.com https://www.cloudflare.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.jp https://www.lululemon.co.uk https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://c.amazon-adsystem.com https://s.amazon-adsystem.com https://aax-eu.amazon-adsystem.com https://aax-fe.amazon-adsystem.com https://tk.amazon-adsystem.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
frame-ancestors 'self' *.lufthansa.com *.miles-and-more.com *.swiss.com *.amadeus.com *.amadeus.net *.brusselsairlines.com 1
object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.instagram.com *.cookie-script.com cookie-script.com *.clevercast.com *.webpushs.com *.gstatic.com *.recaptcha.net securepubads.g.doubleclick.net *.google.com *.googlesyndication.com *.googletagservices.com *.googletagmanager.com *.googleadservices.com cdnjs.cloudflare.com *.hit.gemius.pl static.chartbeat.com cdn.ampproject.org *.twitter.com fonts.googleapis.com *.rmm.be matomo.live.digitalpulse.dev; style-src 'self' 'unsafe-inline' p.typekit.net use.typekit.net web.webpushs.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.g.doubleclick.net *.googlesyndication.com *.google-analytics.com *.cookie-script.com cookie-script.com *.sendpulse.com:4434 *.gstatic.com matomo.live.digitalpulse.dev; font-src 'self' data: use.typekit.net fonts.gstatic.com; frame-src 'self' *.instagram.com player.cdn01.rambla.be player.clevercast.com www.recaptcha.net *.google.com *.googlesyndication.com *.g.doubleclick.net *.googleadservices.com *.facebook.com *.twitter.com *.hit.gemius.pl *.youtube-nocookie.com *.youtube.com *.rmm.be datawrapper.dwcdn.net; img-src 'self' 'unsafe-inline' data: *.googlesyndication.com *.google.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.sendpulse.com cdnjs.cloudflare.com *.chartbeat.net *.ytimg.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; img-src data: https: 'unsafe-inline' 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://floss.social; img-src 'self' https: data: blob: https://floss.social; style-src 'self' https://floss.social 'nonce-vVrlPBPjS5l1v/MAHpENkQ=='; media-src 'self' https: data: https://floss.social; frame-src 'self' https:; manifest-src 'self' https://floss.social; form-action 'self'; child-src 'self' blob: https://floss.social; worker-src 'self' blob: https://floss.social; connect-src 'self' data: blob: https://floss.social https://cdn.masto.host wss://floss.social; script-src 'self' https://floss.social 'wasm-unsafe-eval' 1
frame-ancestors  'self'  t.co  twitter.com; block-all-mixed-content; script-src  'self'  'sha256-8aUfZ6OfkbCvDlwL3X6v8O9A1hr/8YqzQCWm+QOkViQ='  'sha256-LCTxXkd3guWgmVlqVe2udJCJ+Rym798wMUvLlv6365Q='  'sha256-h9drxXDJnKxzozUKKGq2WFRPSK3Tsxgj7pCkKr0diRE='  'sha256-vPUfbaHq9rZbd/RaSkAV1CXDxte8tJqZMhEcbyaeZKk='  'sha256-wOoB7PackRG1ZntccQg3MFGznphhf4p4QCrF+jZVjGo='  'sha256-d/d3L2uVri+tpvEWC1iR9dH/WT1Ec2yIwbIhpocYxxo='  'sha256-WLg7p6AInstQdLsXMhbpWmn6B0j3OnLaNEc3s9sZk7w='  'sha256-2wH0B0yJ4ArnRr/aWfcn2UuA7ACS1qCMp8txWrGljsw='  'sha256-vI/vbRhxmjoU0jkdu63unk/rGDDg0oPeI5fm3YtsENs='  'report-sample'  'unsafe-inline'  'unsafe-eval'  https://*.ep-mimecast.ads-twitter.com  https://*.moatads.com  https://ajax.googleapis.com  https://analytics.twitter.com  https://browser-update.org  https://cdn.syndication.twimg.com  https://en.twitter.com  https://google-analytics.com  https://googletagmanager.com  https://kit.fontawesome.com  https://m.addthis.com  https://m.youtube.com  https://platform.twitter.com  https://s7.addthis.com  https://static.ads-twitter.com  https://ssl.google-analytics.com  https://tagmanager.google.com  https://t.co  https://use.fontawesome.com  https://v1.addthisedge.com  https://www.clarity.ms  https://www.google-analytics.com  https://www.googletagmanager.com  https://api-public.addthis.com  https://*.azureedge.net  https://public.flourish.studio  https://play.libsyn.com  https://www.bugherd.com  https://flo.uri.sh  https://*.svc.dynamics.com  https://nefeorg.bamboohr.com  https://www.youtube.com  https://embed-cdn.gettyimages.com  https://platform-api.sharethis.com  https://buttons-config.sharethis.com  https://gdpr-api.sharethis.com  https://public.tableau.com  https://my.visme.co  https://www.bugherd.com  https://sidebar.bugherd.com; style-src  'self'  'report-sample'  'unsafe-inline'  *.fontawesome.com  ajax.googleapis.com  fonts.googleapis.com  platform.twitter.com  tagmanager.google.com  ton.twimg.com  www.googletagmanager.com; object-src  'none'; child-src  'self'  platform.twitter.com  *.svc.dynamics.com  flo.uri.sh  public.flourish.studio  play.libsyn.com  s7.addthis.com  www.googletagmanager.com  www.youtube.com  *.gettyimages.com gdpr-api.sharethis.com; base-uri  'self'  *.moatads.com; form-action  'self'  *.twitter.com; worker-src  'self'; frame-src   'self'  public.tableau.com  *.youtube.com flo.uri.sh play.libsyn.com *.svc.dynamics.com *.azureedge.net embed.gettyimages.com my.visme.co sidebar.bugherd.com; 1
default-src 'self' 'unsafe-inline' blob:;script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudfare.com i.icomoon.io maps.googleapis.com www.google-analytics.com www.googletagmanager.com mktdplp102cdn.azureedge.net www.gstatic.com places.googleapis.com rum-static.pingdom.net chimpstatic.com downloads.mailchimp.com mc.us9.list-manage.com cdn.nocnsf.nl;style-src 'self' 'unsafe-inline' fonts.googleapis.com i.icomoon.io downloads.mailchimp.com cdn.nocnsf.nl;img-src 'self' data: maps.googleapis.com maps.gstatic.com images.unsplash.com http://placeimg.com www.google-analytics.com cdn.nocnsf.nl;media-src 'self' www.youtube.com youtube.com cdn.nocnsf.nl;font-src 'self' fonts.gstatic.com cdn.nocnsf.nl;frame-src * youtube.com www.youtube.com;frame-ancestors 'self' youtube.com www.youtube.com;connect-src 'self' i.icomoon.io maps.googleapis.com www.google-analytics.com region1.google-analytics.com stats.g.doubleclick.net www.gstatic.com places.googleapis.com *.svc.dynamics.com rum-static.pingdom.net rum-collector-2.pingdom.net;form-action 'self' accounts.google.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-NDI4Mzk3NzFub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
default-src 'self' https://www.gravatar.com https://player.vimeo.com *.vimeocdn.com https://packages.umbraco.org https://our.umbraco.org;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.edinburghcastle.scot https://sthesedcprodneu01.blob.core.windows.net https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://use.typekit.net https://www.youtube.com https://*.vo.msecnd.net https://visitscotlandsto-wip-web.azurewebsites.net https://visitscotlandsto-test-web.azurewebsites.net https://visitscotlandsto-prod-web.azurewebsites.net https://ajax.googleapis.com https://player.vimeo.com http://www.googleadservices.com http://platform.twitter.com https://static.ads-twitter.com https://az416426.vo.msecnd.net https://s.ytimg.com https://www.youtube.com/iframe_api https://dc.services.visualstudio.com https://maps.googleapis.com https://www.google.co.uk https://googleads.g.doubleclick.net http://connect.facebook.net https://analytics.twitter.com https://www.google.com https://www.gstatic.com https://cdn.siteimprove.net https://my2.siteimprove.com https://id.siteimprove.com;style-src 'self' 'unsafe-inline' https://www.edinburghcastle.scot https://sthesedcprodneu01.blob.core.windows.net unsafe-inline https://fonts.googleapis.com https://fast.fonts.net https://tagmanager.google.com https://use.typekit.net https://p.typekit.net https://cloud.typography.com https://cdn.siteimprove.net https://my2.siteimprove.com https://id.siteimprove.com https://www.youtube.com;img-src 'self' https://www.edinburghcastle.scot https://sthesedcprodneu01.blob.core.windows.net https://www.google-analytics.com https://p.typekit.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com data: https://i.vimeocdn.com https://www.gravatar.com http://umbraco.tv *.umbraco.tv i.ytimg.com *.umbraco.org https://our.umbraco.com https://secure.adnxs.com https://csi.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.co.uk https://www.facebook.com http://t.co https://www.youtube.com https://blog.edinburghcastle.scot https://app-hes-evnts-test-neu-01.azurewebsites.net https://app-hes-evnts-prod-neu-01.azurewebsites.net https://heseventsapi.stormid.site https://qablob.blob.core.windows.net https://prodblob.blob.core.windows.net;media-src 'self' https://www.edinburghcastle.scot https://sthesedcprodneu01.blob.core.windows.net blob:;font-src 'self' https://www.edinburghcastle.scot https://use.typekit.net https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com data: https://cloud.typography.com http://fast.fonts.net;connect-src 'self' https://dc.services.visualstudio.com https://www.edinburghcastle.scot https://app-hes-edc-wip-neu-01.azurewebsites.net https://app-hes-edc-test-neu-01.azurewebsites.net https://app-hes-edc-prod-neu-01.azurewebsites.net https://www.google-analytics.com https://region1.google-analytics.com https://our.umbraco.com/webapi/packages/v1 https://stats.g.doubleclick.net https://analytics.google.com https://region1.analytics.google.com https://www.google.co.uk;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://connect.facebook.net https://www.google.com *.doubleclick.net https://my2.siteimprove.com;worker-src 'self' blob:;upgrade-insecure-requests;block-all-mixed-content 1
report-uri https://matrixcalc.mcdir.ru/jserrors.php?csp-report=1 1
script-src 'self' https://www.splash-screen.net https://www.google-analytics.com https://activitymap.adobe.com https://t.ssl.ak.dynamic.tiles.virtualearth.net  https://dev.virtualearth.net  https://r.bing.com  https://www.gstatic.com https://cn.bing.com https://www.bing.com https://www.google.com  https://www.cdn-net.com https://cdnjs.cloudflare.com https://cloud.51degrees.com https://tags.srv.stackadapt.com https://open.weixin.qq.com https://six.cdn-net.com https://staging.cdn-net.com https://nexus.ensighten.com https://emetrics.eastwestbank.com https://www.youtube.com https://s.ytimg.com connect.facebook.net www.googleadservices.com www.googletagmanager.com cdn.glassboxcdn.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'self' https://www.google-analytics.com https://activitymap.adobe.com https://www.earnie.us https://app.earnie.us https://app.dev.bayanipay.com https://app.dev-bank.bayanipay.com https://app2.bayanipay.com https://app.bayanipay.com https://app.stg.bayanipay.com https://*.velobank.com https://*.eastwestbank.com https://bookings-us.qudini.com; frame-src https://digital.eastwestbank.com https://anchor.fm https://www.google-analytics.com https://activitymap.adobe.com https://www.google.com https://www.youtube.com https://app.bayanipay.com https://staging.cdn-net.com https://www.cdn-net.com https://eastwestbank.demdex.net https://play.app.goo.gl https://itunes.apple.com  https://android.myapp.com https://bookings-us.qudini.com velo: 1
block-all-mixed-content; frame-ancestors 'self' http://nashvillefoodbloggers.com 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://speedtest.cableonda.com https://affperformance.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://speedtest.cableonda.com https://*.inbenta.chat https://*.cybba.solutions https://ads.sonataplatform.com 'sha256-FT67iM70ozqdwzIJj2UbjRtg9DkJeJRLSkDnTfbfSBY=' 'sha256-NqqiyvEeEFJkR0Rg7jhJSR9xq1wgGitchXYzVmo6HBc=' 'sha256-O59a6NYH9S3trb0C+Whqls29Oh8Y1/cHsSMUuaB3t4o=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-AdrKFRwbXYnt+NArcWuOA3p5Uu+OM2x5iXbnbok+VTg=' 'sha256-4hoN6F9BfowQyuAhVYDwSfbq3dIEO1y5+B9LIAesRog=' 'sha256-fUkmihH4oQ4ili5Ndzz6qydXNGEhb+UluZHLbqF0wjQ=' 'sha256-YvpsOqh2/QuV1gx89Qwc0yuzUY7hu8nLw8hBQOZxsl4='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com https://*.inbenta.io https://speedtest.cableonda.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com https://*.inbenta.com https://*.inbenta.io https://speedtest.cableonda.com https://affperformance.com https://*.cybba.solutions; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com https://*.inbenta.io https://speedtest.cableonda.com; connect-src * data: https://*.crazyegg.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
script-src 'nonce-ZoYe+Voe1wWVPC1i27klIw==' 'self' cdn.cookielaw.org ajax.googleapis.com www.google-analytics.com cmp.springernature.com www.googletagmanager.com; object-src 'none'; base-uri 'none' 1
default-src * 'unsafe-eval' 'unsafe-inline' https: data: blob: about:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a-wilhelmsen.vev.site https://js.monitor.azure.com https://use.typekit.net https://platform.twitter.com https://connect.facebook.net https://platform.linkedin.com https://snap.licdn.com https://*.hotjar.com https://www.google-analytics.com https://www.google.com https://*.pardot.com https://*.wilhelmsen.com https://www.gstatic.com https://assets.juicer.io https://web-sdk-eu.aptrinsic.com https://maps.googleapis.com https://embed.vev.page *.vev.design https://s.adroll.com https://serve.albacross.com https://d.adroll.com https://www.ciaas.no/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://imgsct.cookiebot.eu https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.googletagmanager.com; object-src 'self'; frame-src 'self' viewer.mapme.com toll-calculators.herokuapp.com *.oms.no *.facebook.net utp.ucweb.com issuu.com *.issuu.com go.pardot.com ir.asp.manamind.com *.fls.doubleclick.net www.youtube.com mp.digital.wilhelmsen.com *.wilhelmsen.com *.doubleclick.net www.google.com www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://imgsct.cookiebot.eu https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.thinglink.com player.vimeo.com platform.twitter.com vars.hotjar.com https://www.ciaas.no/ app.powerbi.com; connect-src 'self' dc.services.visualstudio.com *.yandex.net *.wigoal.com uc.gre *.ucweb.com *.uc.cn *.dca0.com www.google.com stats.g.doubleclick.net new-collect.albacross.com www.juicer.io www.google-analytics.com esp-eu.aptrinsic.com *.hotjar.com *.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.google.com https://*.google.no https://google.no https://*.googletagmanager.com https://px.ads.linkedin.com/ https://consent.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://imgsct.cookiebot.eu https://consentcdn.cookiebot.com https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://cdn.linkedin.oribi.io https://maps.googleapis.com https://www.ciaas.no/ https://*.analytics.google.com; img-src 'self' data: https://assets.juicer.io https://syndication.twitter.com https://*.google-analytics.com https://www.facebook.com https://p.typekit.net https://*.linkedin.com https://*.bluestonepim.com https://maps.gstatic.com https://maps.googleapis.com https://assets.juicer.io https://www.juicer.io https://ad.doubleclick.net https://www.google.pl/ads/ https://new-collect.albacross.com https://www.ciaas.no/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://imgsct.cookiebot.eu https://pagead2.googlesyndication.com https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.vev.design https://*.googletagmanager.com https://img.sct.eu1.usercentrics.eu; font-src 'self' *.cloudfront.net *.amazonaws.com static.juicer.io fonts.gstatic.com use.typekit.net script.hotjar.com https://www.ciaas.no/ *.vev.design data:; media-src 'self' *.vev.design; base-uri 'self'; form-action 'self' connect.facebook.net; frame-ancestors 'self' www.wilhelmsen.com *.wilhelmsen.com https://www.thinglink.com; 1
frame-ancestors https://*.grupawp.pl/ 1
base-uri 'self'; form-action 'self'; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net m.addthis.com api-public.addthis.com ajax.googleapis.com www.googletagmanager.com  api.lever.co; default-src 'self' fonts.gstatic.com www.google.com ajax.googleapis.com www.googletagmanager.com api.lever.co; frame-src www.youtube.com s7.addthis.com www.google.com; img-src 'self'  s3.amazonaws.com  mkt-prod-gsg-wordpress.s3.amazonaws.com ; script-src 'self' 'unsafe-inline' www.google-analytics.com s7.addthis.com 'unsafe-eval' z.moatads.com v1.addthisedge.com m.addthis.com api-public.addthis.com  ajax.googleapis.com www.googletagmanager.com  api.lever.co; style-src 'self' fonts.googleapis.com 'unsafe-inline' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com https://www.youtube.com https://youtube.com https://unpkg.com/ https://cdnjs.cloudflare.com https://script.hotjar.com https://snap.licdn.com https://cdn.segment.com https://static.hotjar.com https://cdn.datatables.net https://app.posthog.com https://ml58lemqnh9a.i.optimole.com https://optimole.com https://i.optimole.com https://rewards-calculator.figment.io https://live-figment2023.pantheonsite.io https://www.googletagmanager.com https://figment.io https://cdn-cookieyes.com https://www.youtube.com https://www.google-analytics.com https://js-agent.newrelic.com https://ssl.google-analytics.com https://bam.nr-data.net https://s.ytimg.com https://www.youtube.com/iframe_api; img-src 'self' data: https://www.googletagmanager.com https://cdnjs.cloudflare.com https://px.ads.linkedin.com https://analytics.twitter.com https://cdn.datatables.net https://www.google.ca https://ml58lemqnh9a.i.optimole.com https://optimole.com https://i.optimole.com https://test-figment2023.panetheonsite.io https://live-figment2023.pantheonsite.io https://figment.io https://uploads-ssl.webflow.com/ https://secure.gravatar.com https://www.google-analytics.com https://live-figment2023.pantheonsite.io https://dev-figment2023.pantheonsite.io https://cdn-cookieyes.com https://i.ytimg.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.datatables.net https://app-static-prod.posthog.com https://fonts.googleapis.com https://figment.io https://live-figment2023.pantheonsite.io https://test-figment2023.panetheonsite.io; font-src 'self' data: https://cdnjs.cloudflare.com https://dev-figment2023.pantheonsite.io https://test-figment2023.panetheonsite.io https://live-figment2023.pantheonsite.io https://fonts.gstatic.com https://figment.io; object-src 'none'; frame-ancestors 'self'; frame-src 'self' https://td.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' https://api.segment.io https://content.hotjar.io wss://ws.hotjar.com ws.hotjar.com https://in.hotjar.com https://cdn.linkedin.oribi.io https://analytics-api.figment.io https://stats.g.doubleclick.net https://app.posthog.com https://analytics.google.com https://cdn.segment.com https://rewards-calculator.figment.io https://api.rollbar.com https://www.google-analytics.com https://log.cookieyes.com https://cdn-cookieyes.com https://directory.cookieyes.com https://bam.nr-data.net; 1
frame-ancestors 'self' https://*.qtx.dev https://*.dev.qtxquartz.com https://*.stage.qtxquartz.com https://www.fiercewireless.com https://www.fiercetelecom.com https://sample.dragonforms.com https://*.questexinfo.com http://resources.questex.com https://resources.questex.com 1
font-src *.yotpo.com *.googleapis.com *.gstatic.com *.autotorino.it https://fonts.gstatic.com *.typekit.net *.nimbata.com *.livechatinc.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com acsbapp.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://0merchantacsstag.cardinalcommerce.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ cloudinary.com *.cloudinary.com cdnjs.cloudflare.com *.google.com *.yotpo.com *.autotorino.it https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://bid.g.doubleclick.net https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com *.cookiebot.com https://player.vimeo.com *.videoask.com *.typeform.com *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.criteo.com youtube.com *.doubleclick.net *.criteo.net *.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://www.google.it https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: *.nimbata.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com https://img.youtube.com https://www.facebook.com https://www.youtube.com https://www.bat.bing.com *.google.com *.googleapis.com *.gstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.outbrain.com *.bidswitch.net *.doubleclick.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.rubiconproject.com *.sharethrough.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.com *.emxdgt.com *.adform.net *.omnitagjs.com *.criteo.com id5-sync.com *.ivitrack.com *.mediavine.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.pubmatic.com *.krxd.net *.thebrighttag.com *.allibo.com *.acsbapp.com *.zuko.io acsbapp.com *.shopify.com *.shopifycdn.com *.postrelease.com *.evergage.com *.cookiebot.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cloudinary.com *.cloudinary.com cdnjs.cloudflare.com https://www.youtube.com *.yotpo.com *.autotorino.it https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.googletagmanager.com https://www.googleoptimize.com https://googleads.g.doubleclick.net *.google-analytics.com https://c.paypal.com https://www.clarity.ms *.clarity.ms *.omappapi.com *.optinmonster.com *.cloudflareinsights.com https://songbirdstag.cardinalcommerce.com https://joblink.allibo.com https://connect.facebook.net https://bat.bing.com *.jquery.com *.cookiebot.com *.criteo.net *.criteo.com *.typeform.com *.microsoft.com *.livechat.com *.fontawesome.com *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.outbrain.com *.allibo.com *.acsbapp.com acsbapp.com *.mousestats.com *.jotform.io *.zuko.io *.unpkg.com unpkg.com *.shopifycdn.com *.googlesyndication.com *.evgnet.com *.evergage.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com cloudinary.com *.cloudinary.com *.yotpo.com *.googleapis.com *.autotorino.it https://fonts.googleapis.com https://www.googletagmanager.com https://www.gstatic.com *.typekit.net https://joblink.allibo.com *.typeform.com *.fontawesome.com *.nimbata.com *.livechatinc.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com cdn.dnky.co webchat.dotdigital.com unsafe-inline *.evergage.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.evergage.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com cloudinary.com *.cloudinary.com *.yotpo.com *.autotorino.it https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com *.google-analytics.com *.googlesyndication.com *.cookiebot.com https://centinelapistag.cardinalcommerce.com *.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com https://www.youtube.com https://www.clarity.ms *.clarity.ms *.optinmonster.com *.omappapi.com https://joblink.allibo.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net *.nimbata.com *.livechatinc.com *.jotform.com *.jotfor.ms *.sentry-cdn.com *.jotformeu.com *.google.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com cloudflareinsights.com *.criteo.com *.google.it *.bing.com *.acsbapp.com *.mousestats.com *.zuko.io acsbapp.com *.shopifysvc.com *.myshopify.com *.evergage.com *.typeform.com autotorino.my.salesforce.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' api.geetest.com dn-staticdown.qbox.me geetest.com accounts.google.com cdn.onesignal.com onesignal.com static.geetest.com api.geetest.com monitor.geetest.com cdn.infoset.app api.geevisit.com www.googletagmanager.com *.clevertap-prod.com s3-eu-west-1.amazonaws.com d2r1yp2w7bby2u.cloudfront.net 'unsafe-inline';object-src 'none'; 1
default-src 'self'; font-src 'self' *.kaltura.com cdnjs.cloudflare.com data: fonts.gstatic.com vjs.zencdn.net *.hotjar.com;img-src 'self' data: *.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.twitter.com *.twimg.com *.youtube.com *.kaltura.com *.linkedin.com *.6sc.co *.facebook.com *.eloqua.com *.verisk.com *.albacross.com metrics.brightcove.com *.air-worldwide.com www.google.com verisk.d1.sc.omtrdc.net t.co p.adsymptotic.com cm.everesttech.net dpm.demdex.net cf-images.us-east-1.prod.boltdns.net veriskisonetprod.112.2o7.net i.ytimg.com www.googletagmanager.com www.greatplacetowork.com cdn.cookielaw.org api.mapbox.com f1.media.brightcove.com udc-neb.kampyle.com *.maplecroft.com ajax.googleapis.com public.tableau.com www.google.co.uk nebula-cdn.kampyle.com w3.poweradvocate.com https://optimize.google.com www.gstatic.com https://jumbe.zaius.com https://6016449.global.siteimproveanalytics.io/heat.aspx https://6016449.global.siteimproveanalytics.io/image.aspx https://uploads.commoninja.com  *.optimizely.com *.udc-neb.kampyle.com;object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.google-analytics.com *.googleapis.com *.google.com www.gstatic.com *.cookielaw.org *.googletagmanager.com assets.adobedtm.com *.twimg.com kaltura.com *.cloudflare.com dl.episerver.net *.facebook.net fonts.googleapis.com players.brightcove.net az416426.vo.msecnd.net *.xactware.com *.kaltura.com *.licdn.com *.albacross.com *.oktopost.com *.6sc.co *.ads-twitter.com *.cave9tape.com okt.to geolocation.onetrust.com script.crazyegg.com www.googleadservices.com vjs.zencdn.net img.en25.com s1065293013.t.eloqua.com googleads.g.doubleclick.net *.salesforceliveagent.com *.linkedin.com nebula-cdn.kampyle.com unpkg.com cdn.mouseflow.com public.flourish.studio *.hotjar.com pi.pardot.com *.maplecroft.com www.buzzsprout.com public.tableau.com ionfiles.scribblecdn.net readymag.com js.hsforms.net *.hsforms.com *.youtube.com snap.licdn.com player.vimeo.com api-ssl.bitly.com nebula-cdn.kampyle.com  screencapture.kampyle.com/screenApi/load/0d9bccf0-07c5-4694-abf9-9f4bcf1d1ec2.js screencapture-cdn.kampyle.com www.googleanalytics.com www.googleoptimize.com https://optimize.google.com https://secure.leadforensics.com/  https://activitymap.adobe.com https://cdn-app.continual.ly/ https://cdn.commoninja.com/sdk/latest/commonninja.js https://cdn.calconic.com *.fraudblocker.com https://d1igp3oop3iho5.cloudfront.net https://siteimproveanalytics.com/js/siteanalyze_6016449.js https://code.jquery.com/jquery-3.3.1.min.js https://cdn.addevent.com/libs/atc/1.6.1/atc.min.js *.cdn.commoninja.com *.commoninja.com *.cdn.commoninja.com/wr/static https://code.jquery.com/jquery-3.6.3.min.js https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css https://cdn.optimizely.com/js/22793102135.js https://cdn-assets-prod.s3.amazonaws.com/js/preview2/22793102135.js  *.optimizely.com https://tags.srv.stackadapt.com https://js.monitor.azure.com *.herbgreencolumn.com https://qvdt3feo.com/events.j;style-src 'self' 'unsafe-inline' *.googleapis.com dl.episerver.net *.twitter.com *.twimg.com cdnjs.cloudflare.com *.verisk.com unpkg.com https://optimize.google.com https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/css/bootstrap.min.css https://app.continual.ly/ https://cdn-app.continual.ly https://tags.srv.stackadapt.com;frame-src 'self' platform.twitter.com www.google.com *.twitter.com *.youtube.com *.surveygizmo.com insuranceservicesofficeinc.demdex.net *.facebook.com bid.g.doubleclick.net *.hotjar.com *.pardot.com www.buzzsprout.com public.tableau.com verisk.postclickmarketing.com *.brightcove.net *.acast.com embed.readymag.com s1120.t.eloqua.com flo.uri.sh go.maplecroft.com player.vimeo.com go.maplecroft.com nebula-cdn.kampyle.com https://optimize.google.com https://cdnapisec.kaltura.com/ https://www.youtube-nocookie.com/ https://www.insurancejournal.tv/ https://www.bloomberg.com/ https://activitymap.adobe.com https://app.powerbi.com https://lifedemo.shinyapps.io/ https://survey.alchemer.com/ https://app.continual.ly/ https://www.commoninja.com/ https://calendar.google.com/ https://accounts.google.com/ https://a22793102135.cdn.optimizely.com/ https://capture.navattic.com/  https://td.doubleclick.net/ https://datawrapper.dwcdn.net;media-src 'self' *.kaltura.com blob: *.air-worldwide.com http://manifest.prod.boltdns.net https://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net;connect-src 'self' *.kaltura.com www.google-analytics.com *.brightcove.com dc.services.visualstudio.com dpm.demdex.net epsilon.6sense.com cdn.cookielaw.org stats.g.doubleclick.net https://c.6sc.co/ https://secure.adnxs.com/getuidj *.albacross.com http://manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.crazyegg.com www.googleapis.com veriskisonetprod.112.2o7.net verisk.d1.sc.omtrdc.net privacyportal.onetrust.com *.hotjar.com vc.hotjar.io ws: *.hotjar.com hubspot-forms-static-embed.s3.amazonaws.com https://otc.xactware.com/XactwareLms/certificationListing.xml nebula-cdn.kampyle.com  https://go.maplecroft.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://opreq.observepoint.com/ https://cdn-app.continual.ly https://app.continual.ly/ https://wss-pr.continual.ly:6001 https://www.commoninja.com https://app.calconic.com https://statistics-dot-calconic-app.appspot.com/api/stats/push https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://cdn.commoninja.com/api/v1/embed/e594afb2-85be-48ad-9c87-8296dafe748f *.optimizely.com *.hotjar.io *.linkedin.oribi.io  *.google.com https://maps.googleapis.com/ https://srv.stackadapt.com https://tags.srv.stackadapt.com *.googlesyndication.com https://px.ads.linkedin.com; child-src 'self' *.kaltura.com blob: *.air-worldwide.com insuranceservicesofficeinc.demdex.net *.surveygizmo.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.vwo.com https://www.googletagmanager.com/debug/* https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://td.doubleclick.net https://googleads.g.doubleclick.net https://adservice.google.com https://capig.bhd.com.do https://*.analytics.google.com https://analytics.google.com https://tagmanager.google.com/ https://us-central1-bhd-global.cloudfunctions.net https://api.sendgrid.com https://eg320nrx9b.execute-api.us-east-1.amazonaws.com https://static.bhd.com.do https://backend.bhd.com.do https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com https://search.bhd.com.do https://connect.facebook.net https://stats.g.doubleclick.net; img-src 'self' data: https://static.bhd.com.do https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://connect.facebook.net https://www.facebook.com https://*.google.com https://*.google.ae https://*.google.com.ag https://*.google.com.ar https://*.google.as https://*.google.com.bd https://*.google.be https://*.google.com.bo https://*.google.com.br https://*.google.by https://*.google.ca https://*.google.cf https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.de https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.es https://*.google.com.et https://*.google.fr https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gr https://*.google.com.gt https://*.google.hn https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.co.in https://*.google.je https://*.google.co.jp https://*.google.com.kh https://*.google.ki https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.co.ma https://*.google.mg https://*.google.com.mm https://*.google.mn https://*.google.com.mx https://*.google.com.ni https://*.google.nl https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.com.pa https://*.google.com.pe https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.com.sb https://*.google.sh https://*.google.sn https://*.google.sm https://*.google.st https://*.google.co.th https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.com.ua https://*.google.co.uk https://*.google.com.uy https://*.google.com.vc https://*.google.co.ve https://*.google.com.vn https://*.google.vu https://*.google.co.za https://*.google.cat https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com/; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.gstatic.com https://fonts.googleapis.com https://connect.facebook.net; font-src 'self' data: https://fonts.gstatic.com; media-src https://static.bhd.com.do; manifest-src 'self'; worker-src 'self' blob:; 1
script-src 'self'; script-src-elem 'self' 'unsafe-eval' 'nonce-Rs6T16HFRoS7tngt3HPD8xPN' 'sha256-8mhHF+WQFPbrFtZT3ILREQrpLHL4TVrQNQk6GdnEigE=' ssl.google-analytics.com platform.twitter.com cdn.syndication.twimg.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com thoughtleadershipmphasis.disqus.com www.linkedin.com graph.facebook.com c.disquscdn.com disqus.com munchkin.marketo.net https://assets.adobedtm.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com https://analytics.twitter.com https://tanzu.vmware.com  https://static.ads-twitter.com/uwt.js https://pbs.twimg.com/media https://cdn.cookie-script.com https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://beacon.crigloo.com/js/container_KAfRm6si.js https://stats.g.doubleclick.net https://smetrics.mphasis.com; object-src 'none'; base-uri 'none'; frame-src www.youtube.com platform.twitter.com syndication.twitter.com disqus.com www2.mphasis.com www.mphasis.com *.demdex.net *.doubleclick.net; 1
frame-ancestors signaviogtmplatform.my.salesforce.com signavio.force.com; 1
default-src 'self' 'unsafe-inline';connect-src https://api.growingio.com; font-src 'self' data:;script-src 'self' 'unsafe-inline' https://assets.giocdn.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.top-ru.news https://push.top-ru.news https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.top-ru.news https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.top-ru.news ; 1
base-uri 'self' https://tall.ndla.no;default-src 'self' blob:;upgrade-insecure-requests;script-src 'self' 'unsafe-inline'  'unsafe-eval' http://api-gateway.ndla-local https://*.ndlah5p.com https://h5p.org https://*.ndla.no https://players.brightcove.net http://players.brightcove.net https://players.brightcove.net *.nrk.no http://nrk.no https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://www.youtube.com https://s.ytimg.com https://cdn.auth0.com https://vjs.zencdn.net https://httpsak-a.akamaihd.net *.brightcove.com *.facebook.net *.twitter.com *.twimg.com *.brightcove.net bcove.me bcove.video *.api.brightcove.com *.o.brightcove.com players.brightcove.net hls.ak.o.brightcove.com uds.ak.o.brightcove.com brightcove.vo.llnwd.net *.llnw.net *.llnwd.net *.edgefcs.net *.akafms.net *.edgesuite.net *.akamaihd.net *.analytics.edgekey.net *.deploy.static.akamaitechnologies.com *.cloudfront.net hlstoken-a.akamaihd.net vjs.zencdn.net *.gallerysites.net ndla.no *.ndla.no cdnjs.cloudflare.com https://*.zendesk.com https://static.zdassets.com cdn.jsdelivr.net https://*.dataporten.no https://*.clarity.ms https://app-script.monsido.com;frame-src blob: http://api-gateway.ndla-local *.nrk.no nrk.no *.vg.no vg.no https://www.tv2skole.no/ *.elevkanalen.no elevkanalen.no https://www.scribd.com/ https://www.youtube.com ndla.no *.ndlah5p.com https://h5p.org *.ndla.no *.slideshare.net slideshare.net *.vimeo.com vimeo.com *.ndla.filmiundervisning.no ndla.filmiundervisning.no *.prezi.com prezi.com *.commoncraft.com commoncraft.com *.embed.kahoot.it *.brightcove.net embed.kahoot.it fast.wistia.com https://khanacademy.org/ *.khanacademy.org/ *.vg.no/ *.facebook.com *.twitter.com e.issuu.com new.livestream.com livestream.com channel9.msdn.com tomknudsen.no www.tomknudsen.no geogebra.org www.geogebra.org ggbm.at www.imdb.com imdb.com miljoatlas.miljodirektoratet.no www.miljostatus.no miljostatus.no phet.colorado.edu lab.concord.org worldbank.org *.worldbank.org ted.com embed.ted.com embed.molview.org reader.pubfront.com ebok.no trinket.io codepen.io public.flourish.studio flo.uri.sh ourworldindata.org *.sketchup.com www.gapminder.org www.facebook.com fb.watch sketchfab.com jeopardylabs.com *.uio.no;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ndla.no https://tagmanager.google.com *.twitter.com *.twimg.com cdn.jsdelivr.net;font-src 'self' data: https://*.ndla.no cdnjs.cloudflare.com https://*.clarity.ms cdn.jsdelivr.net;img-src 'self' http://api-gateway.ndla-local https://*.ndla.no https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net http://metrics.brightcove.com https://httpsak-a.akamaihd.net https://*.boltdns.net https://www.nrk.no/ https://ssl.gstatic.com https://www.gstatic.com https://*.clarity.ms https://ndla.zendesk.com tracking.monsido.com *.facebook.com *.twitter.com *.twimg.com  data:;media-src 'self' blob: https://*.ndla.no *.brightcove.com brightcove.com;connect-src  'self'  http://api-gateway.ndla-local https://*.ndla.no https://logs-01.loggly.com https://edge.api.brightcove.com https://*.brightcove.com https://bcsecure01-a.akamaihd.net https://hlsak-a.akamaihd.net https://*.google-analytics.com https://*.analytics.google.com https://*.zendesk.com https://ekr.zdassets.com https://ltiredirect.itslearning.com https://platform.itslearning.com cdn.jsdelivr.net https://*.dataporten.no https://*.clarity.ms;form-action 'self';object-src 'none';script-src-attr 'none' 1
frame-ancestors 'none';upgrade-insecure-requests; img-src 'self' data: https://accu-time.sirv.com  https://track.hubspot.com  https://px.ads.linkedin.com  https://scripts.sirv.com  https://forms-na1.hsforms.com  https://www.googletagmanager.com  https://i.vimeocdn.com  https://exceptions.hs-embed-reporting.com  https://forms.hsforms.com  https://www.linkedin.com  https://embed-ssl.wistia.com  https://updates.theme-fusion.com  https://www.google-analytics.com  https://secure.gravatar.com https://ts.w.org https://s.w.org https://ps.w.org ; default-src 'self'; script-src 'self' 'unsafe-inline' https://js.hs-scripts.com  https://js.adsrvr.org  https://js.hs-banner.com  https://js.hsleadflows.net  https://js.hs-analytics.net  https://js.hsadspixel.net  https://snap.licdn.com  https://www.googletagmanager.com  https://js.hsforms.net  https://static.hotjar.com  https://script.hotjar.com  https://scripts.sirv.com  https://ws.zoominfo.com  https://stylemixthemes.com  data:  https://fast.wistia.com  https://ajax.googleapis.com  https://yoast.com  https://www.semrush.com  https://cdn.semrush.com  https://static.semrush.com  https://www.google-analytics.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://js.hs-scripts.com  https://js.adsrvr.org  https://js.hs-banner.com  https://js.hsleadflows.net  https://js.hs-analytics.net  https://js.hsadspixel.net  https://snap.licdn.com  https://www.googletagmanager.com  https://js.hsforms.net  https://static.hotjar.com  https://script.hotjar.com  https://scripts.sirv.com  https://ws.zoominfo.com  https://stylemixthemes.com  data:  https://fast.wistia.com  https://ajax.googleapis.com  https://yoast.com  https://www.semrush.com  https://cdn.semrush.com  https://static.semrush.com  https://www.google-analytics.com ; style-src 'self' 'unsafe-inline' https://stylemixthemes.com  https://scripts.sirv.com  https://fonts.googleapis.com ; style-src-elem 'self' 'unsafe-inline' https://stylemixthemes.com  https://scripts.sirv.com  https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com  https://s0.wp.com  data:; frame-src 'self' https://insight.adsrvr.org  https://match.adsrvr.org  https://player.vimeo.com  blob:; connect-src 'self' https://px.ads.linkedin.com  https://ws.zoominfo.com  https://www.google-analytics.com  https://forms.hubspot.com  https://api.hubapi.com  https://stats.sirv.com  wss://www.semrush.com  https://vimeo.com  https://stylemixthemes.com  https://accu-time.sirv.com  https://region1.google-analytics.com  https://forms.hsforms.com  wss://ws.hotjar.com  https://vc.hotjar.io  https://content.hotjar.io  https://metrics.hotjar.io  https://yoast.com; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net js.hsadspixel.net js.hs-banner.com js.hubspotfeedback.com js.usemessages.com https://connect.facebook.net https://connect.facebook.net/* https://graph.facebook.com https://js.facebook.com *.googletagmanager.com https://js.hs-scripts.com https://js.hsleadflows.net js.hs-analytics.net js.hsforms.net js-na1.hs-scripts.com forms.hsforms.com s3.amazonaws.com cdnjs.cloudflare.com *.google-analytics.com *.analytics.google.com www.google.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.google-analytics.com *.analytics.google.com use.fontawesome.com kit.fontawesome.com https://js.hscollectedforms.net https://js.hscollectedforms.net/* https://gateway.zscalertwo.net/* https://snap.licdn.com https://snap.licdn.com/* https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com https://js.hscollectedforms.net https://js.hscollectedforms.net/* https://snap.licdn.com https://snap.licdn.com/*;  style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com *.fontawesome.com code.jquery.com *.googleapis.com cdnjs.cloudflare.com cdn-images.mailchimp.com maxcdn.bootstrapcdn.com hello.myfonts.net/count/315e84 gateway.zscalertwo.net;  img-src 'self' data: blob: *.facebook.com *.facebook.net *.fbcdn.net *.hubspot.com cdn2.hubspot.net *.freshdesk.com *.redatatech.com *.mccdn01.com forms.hsforms.com forms.hubspot.com wpjobmanager.com track.hubspot.com www.googletagmanager.com www.google.co.in www.google.com paypal.com *.gravatar.com *.w.org *.linkedin.com *.licdn.com p.adsymptotic.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com;  font-src 'self' data: hello.myfonts.net/count/315e84 maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com *.fontawesome.com;  connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com cdn.linkedin.oribi.io *.licdn.com *.hscollectedforms.net fonts.googleapis.com fonts.gstatic.com *.facebook.com *.freshdesk.com connect.facebook.net *.hubspot.com api.hubapi.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com bam.nr-data.net yoast.com www.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net ampcid.google.com https://forms.hsforms.com https://forms.hsforms.com/* https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hubspot.com https://forms.hubspot.com/* about: *.fontawesome.com;  manifest-src 'self'; base-uri 'self'; form-action 'self' *.facebook.com connect.facebook.net forms.hsforms.com forms.hubspot.com; object-src 'none'; frame-src 'self' www.linkedin.com *.facebook.com connect.facebook.net *.doubleclick.net *.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com *.vimeo.com; child-src 'self' *.facebook.com connect.facebook.net app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com www.googletagmanager.com;  media-src 'self' *.w.org media.licdn.com; prefetch-src 'self'; worker-src 'self';report-uri https://endpoint.42-q.com;report-to sanminadmin; 1
base-uri 'none'; object-src 'none'; script-src https://www.zbrushcentral.com/logs/ https://www.zbrushcentral.com/sidekiq/ https://www.zbrushcentral.com/mini-profiler-resources/ https://www.zbrushcentral.com/assets/ https://www.zbrushcentral.com/brotli_asset/ https://www.zbrushcentral.com/extra-locales/ https://www.zbrushcentral.com/highlight-js/ https://www.zbrushcentral.com/javascripts/ https://www.zbrushcentral.com/plugins/ https://www.zbrushcentral.com/theme-javascripts/ https://www.zbrushcentral.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://unpkg.com/masonry-layout@4/dist/masonry.pkgd.min.js https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.4.1/slick.min.js https://unpkg.com/masonry-layout@4/dist/masonry.pkgd.min.js https://unpkg.com/imagesloaded@4/imagesloaded.pkgd.min.js https://cdnjs.cloudflare.com/ajax/libs/slick-carousel/1.4.1/slick.min.js https://pixologic.com/zbc/masonry.min.js http://pixologic.com/zbc/imagesloaded.min.js; worker-src 'self' https://www.zbrushcentral.com/assets/ https://www.zbrushcentral.com/brotli_asset/ https://www.zbrushcentral.com/javascripts/ https://www.zbrushcentral.com/plugins/ 1
frame-ancestors *.signalsight.io 1
frame-ancestors 'self' *.nike.com.cn *.nikecloud.com.cn 1
frame-ancestors 'self' http://*.conab.gov.br https://*.conab.gov.br http://*.ceasa.gov.br https://*.ceasa.gov.br; 1
base-uri 'none';child-src 'none';connect-src 'self' cdn.cookielaw.org payment.preprod.direct.worldline-solutions.com prd-az-www.ritzparis.com payment.direct.worldline-solutions.com *.onetrust.com *.ritzparis.com *.analytics.google.com stats.g.doubleclick.net *.contentsquare.net ;default-src 'self';font-src 'self';form-action 'self';frame-ancestors 'none';frame-src ritzparis.prismic.io ritzparis-dev.prismic.io payment.preprod.direct.worldline-solutions.com payment.direct.worldline-solutions.com;img-src 'self' data: dam-media-prd.ritzparis.com media.ritzparis.com static.cdn.prismic.io images.prismic.io cdn.cookielaw.org ritzparis.twic.pics www.google.fr/ads/ga-audiences *.ritzparis.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.contentsquare.net www.facebook.com www.googletagmanager.com bat.bing.com;manifest-src 'self';media-src 'self' dam-media-prd.ritzparis.com media.ritzparis.com ritzparis-dev.cdn.prismic.io;object-src 'none';script-src 'self' 'sha256-5VrVgGfPbUH5IoPb+tGodpswZad/XDHQfqHeVD0LMG4=' *.ritzparis.com static.cloudflareinsights.com static.cdn.prismic.io cdn.cookielaw.org payment.direct.worldline-solutions.com prismic.io *.googletagmanager.com *.google-analytics.com *.analytics.google.com 'sha256-vlA+/IoVFMeZir0XBHEuSc8eRGNGZLe3WVp7KkajiPk=' 'sha256-YU03sCxX47R6bqxqxPChvbTU5oQqJ5Puob6xWTcFeHY=' 'sha256-5aSb69VmW3iXh7uFY0aXw2sRLmNO0GWwp+znslFHIgI=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' *.contentsquare.net 'sha256-697J3WKT7EkTzi85tWcYWTSIasTwcEAcsmxAZbH3ngQ=' bat.bing.com 'sha256-P4TmnK7YRDPTmdn55mI9jHpreKHeCRAsZEN+FryYMr8=' 'sha256-I0ZdFDhjkmpkLSz9o1NmuuTagiVBsP4PWSegIpEjWyA=' 'unsafe-inline' t.contentsquare.net app.contentsquare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;worker-src 'self'; 1
frame-ancestors 'self' www.therochestercornexchange.co.uk rochester-21st.s1.umbraco.io www.medwayadulteducation.co.uk; 1
frame-ancestors 'self' *.audima.co *.vlibras.gov.br; frame-src 'self' *.vlibras.gov.br *.audima.co *.slideshare.net *.issuu.com *.youtu.be *.youtube.com *.youtube-nocookie.com td.doubleclick.net bid.g.doubleclick.net www.google.com *.facebook.com *.facebook.net; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.oncoguia.org.br *.jsdelivr.net www.vlibras.gov.br vlibras.gov.br *.vlibras.gov.br *.hotjar.com ajax.cloudflare.com static.cloudflareinsights.com *.cloudfront.com *.cloudfront.net *.tail.digital *.audima.co *.issuu.com www.googletagmanager.com tagmanager.google.com *.google-analytics.com *.analytics.google.com www.googleadservices.com googleads.g.doubleclick.net www.google.com www.gstatic.com cse.google.com tag.goadopt.io connect.facebook.com connect.facebook.net *.youtu.be www.youtube.com youtube.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com tagmanager.google.com www.google.com; img-src 'self' *.googletagmanager.com www.googletagmanager.com tagmanager.google.com fonts.googleapis.com ssl.gstatic.com www.gstatic.com * data:; font-src 'self' *.jsdelivr.net fonts.gstatic.com *.vlibras.gov.br vlibras.gov.br *.audima.co data:; connect-src 'self' *.jsdelivr.net *.wiktionary.org *.vlibras.gov.br vlibras.gov.br *.audima.co cloudflareinsights.com wss://ws.hotjar.com ws.hotjar.com *.hotjar.com *.hotjar.io *.rdstation.com.br *.issuu.com *.sentry.io *.googletagmanager.com *.analytics.google.com analytics.google.com *.google-analytics.com google-analytics.com *.g.doubleclick.net *.google.com *.googlesyndication.com noembed.com *.noembed.com *.plyr.io *.rockeroo.com *.goadopt.io; media-src 'self' *.vimeo.com *.akamaized.net; object-src 'none'; base-uri 'self'; 1
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' static.addtoany.com utt.impactcdn.com cdn.inpwrd.net content.inpwrd.net *.adobedtm.com *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src content.inpwrd.net *.google.com transunion.demdex.net *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.hifiona.com *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' mysmartmove.pxf.io smartmove.pxf.io rentals-secure-uat.shareable.com rentals-api.shareable.com s.yimg.com api.iterable.com dpm.demdex.net *.tt.omtrdc.net wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.hotjar.com *.ifgza3.net smartmove.pxf.io *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data:  *.hotjar.com *.mysmartmove.com *.adobeaemcloud.com *.transunion.com *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * *.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com identityforce.pxf.io mysmartmove.pxf.io *.logs-01.loggly.com; 1
font-src 'self'; img-src 'self'; upgrade-insecure-requests 1
img-src  'self' *.lavamobiles.com *.webchutney.com *.google.com *.facebook.com *.google.co.in *.google-analytics.com *.tribalfusion.com *.g.doubleclick.net 1
upgrade-insecure-requests; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https: ; style-src 'report-sample' 'self' 'unsafe-inline' *; style-src-elem 'report-sample' 'self' 'unsafe-inline' *; base-uri 'self' *; connect-src 'self' * ; font-src 'self' * ; frame-src 'self' * ; img-src 'self' blob: data: * ; manifest-src 'self'; media-src 'self' *; worker-src *; 1
object-src 'self'; worker-src 'self'; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.jechange.fr/report-uri/enforce 1
frame-ancestors 'self' http://www.hellmanns.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
frame-ancestors 'self' https://adaptecca.es https://www.mapama.gob.es https://www.mapa.gob.es *.adobecqms.net https://www.miteco.gob.es 1
default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://store.akamai.steamstatic.com/ https://store.akamai.steamstatic.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com https://steamcommunity-a.akamaihd.net; object-src 'none'; connect-src 'self' http://store.steampowered.com https://store.steampowered.com http://127.0.0.1:27060 ws://127.0.0.1:27060 https://community.akamai.steamstatic.com/ https://steamcommunity.com/ https://steamcommunity.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://shared.akamai.steamstatic.com/ https://checkout.steampowered.com/ https://*.steamstatic.com https://*.steamcontent.com https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.cqloud.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net https://api.steampowered.com https://steamvideo-a.akamaihd.net https://video.st.dl.eccdnx.com https://vd.queniujq.cn https://*.storage.googleapis.com https://sketchfab.com; frame-src 'self' steam:  http://www.youtube.com https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://steamcommunity.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://steamcommunity.com/ embed.nicovideo.jp www.escapistmagazine.com player.youku.com www.bilibili.com https://medal.tv; frame-ancestors 'none'; 1
frame-ancestors 'self' https://*.drfuhrman.com; report-uri /csp-report.ashx 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://bothsidesofthetable.com https://*.bothsidesofthetable.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors *.office-partner.de 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.48hourprint.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
default-src 'self' https://*.kindly.ai https://*.kindlycdn.com https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443 wss://sage.kindly.ai;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://plausible.io https://chat.kindlycdn.com https://acsbapp.com;    connect-src 'self' https://plausible.io https://chat.kindlycdn.com https://acsbapp.com https://cdn.acsbapp.com/ https://*.kindly.ai wss://ws-eu.pusher.com https://sockjs-eu.push wss://*.kindly.ai;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;    img-src 'self' https://media.graphassets.com https://*.kindlycdn.com blob: data:;    media-src 'self' https://media.graphassets.com;    font-src 'self' https://fonts.gstatic.com https://chat.kindlycdn.com data:;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    frame-src https://www.youtube.com;    upgrade-insecure-requests; 1
default-src https: 'self'; script-src 'self' https://www.googletagmanager.com/ https://fonts.googleapis.com/ https://code.jquery.com/ https://loader.webspellchecker.net/ https://maps.googleapis.com/ https://ajax.googleapis.com/ https://www.maxpreps.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/ https://jspost.me/ https://cdnjs.cloudflare.com/ https://cdn.datatables.net/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://cse.google.com/ https://www.google.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.rawgit.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://cdn.datatables.net/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/; style-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.datatables.net/ https://netdna.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css https://code.jquery.com/ https://www.google.com/ https://maxcdn.bootstrapcdn.com/ 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://netdna.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com/; 1
default-src 'self' 'unsafe-eval' ws:; frame-src 'self' https://quote-request.mymsc.com/ https://notifications.mymsc.com https://identityserver.msc.com https://mscciam.b2clogin.com https://ddp-portal-prod.mymsc.com/ https://mvp-portal-prod.mymsc.com/ *.googleadservices.com  *.googletagmanager.com  *.googletagservices.com  *.googlesyndication.com  *.google-analytics.com  *.googleapis.com  *.ggpht.com  *.google.com  *.google.co.uk  *.gstatic.com  *.doubleclick.net *.hotjar.com csxd.contentsquare.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com; script-src-elem 'self' blob: 'unsafe-inline' https://t.contentsquare.net https://app.contentsquare.com https://www.clarity.ms https://www.googletagmanager.com  https://js.monitor.azure.com https://go.microsoft.com  https://www.google-analytics.com  https://s.go-mpulse.net https://s.yimg.jp https://dev.virtualearth.net https://t.ssl.ak.dynamic.tiles.virtualearth.net https://notifications.mymsc.com https://cdn.cookielaw.org https://services.mymsc.com *.googleadservices.com  *.googletagmanager.com  *.googletagservices.com  *.googlesyndication.com  *.google-analytics.com  *.googleapis.com  *.ggpht.com  *.google.com  *.google.co.uk  *.gstatic.com  *.doubleclick.net *.bing.com *.hotjar.com; img-src * 'self' data: https: content: *.contentsquare.net;  style-src * 'self' 'unsafe-inline';  media-src * blob:;  object-src 'self'; worker-src 'self' blob: data:; font-src 'self' https: data:;   connect-src 'self' https:  https://notifications.mymsc.com wss: *.contentsquare.net; child-src blob:;  frame-ancestors 'self';  base-uri 'self'; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; media-src 'self' https:; 1
default-src 'unsafe-inline' https://www.google.com/ https://www.google-analytics.com https://statistikyweb.ostrava.cz https://www.ostrava.cz http://ostrava.cz https://code.highcharts.com/highcharts.js https://cdnjs.cloudflare.com https://npmcdn.com/ https://ajax.googleapis.com/; style-src 'unsafe-inline' npmcdn.com www.ostrava.cz fonts.googleapis.com https://www.google.com/ https://se-forms.cz/; img-src data: image/svg+xml npmcdn.com https://statistikyweb.ostrava.cz statistikyweb.ostrava.cz www.ostrava.cz ostrava.cz https://www.ostrava.cz/ www.google-analytics.com https://i.ytimg.com/ https://maps.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google.com/ https://www.googleapis.com/ https://clients1.google.com/ https://ssl.gstatic.com/ https://encrypted-tbn0.gstatic.com/ https://encrypted-tbn2.gstatic.com https://encrypted-tbn1.gstatic.com/ https://encrypted-tbn3.gstatic.com; font-src fonts.gstatic.com www.ostrava.cz ostrava.cz; connect-src www.google-analytics.com https://www.ostrava.cz/ https://se-forms.cz/ https://statistikyweb.ostrava.cz; frame-src https://www.youtube-nocookie.com www.youtube.com  www.ostrava.cz ostrava.cz www.google.com https://maps.google.com/ https://cse.google.com/ https://mapy.ostrava.cz https://advbox.zachranny-kruh.cz; script-src 'unsafe-inline' 'unsafe-eval' www.ostrava.cz ajax.googleapis.com maps.google.com www.google-analytics.com code.highcharts.com cdnjs.cloudflare.com npmcdn.com www.google-analytics.com statistikyweb.ostrava.cz maps.googleapis.com cse.google.com www.google.com https://app.smartemailing.cz/ https://se-forms.cz/ https://cdn.polyfill.io/; 1
frame-ancestors  'self' *.geant.org geant.org *.geant.net geant.net; frame-src 'self' *.geant.org geant.org *.geant.net geant.net https://mstdn.social https://youtube.com https://*.youtube.com https://*.google.com https://*.google.co.uk https://*.nordu.net https://*.vimeo.com submerse.eu *.submerse.eu https://js.stripe.com https://www.youtube-nocookie.com https://*.revolugo.com https://*.canva.com https://platform.twitter.com;  1
frame-ancestors 'self' https://teams.microsoft.com https://arabic-classroom.com https://beta-drive.explaineverything.com https://drive.explaineverything.com 1
default-src 'self' wss: https://*.contentful.com https://*.kampyle.com wss://*.ooklaserver.net https://*.tigocloud.net https://*.zendesk.com https://static.zdassets.com https://ekr.zdassets.com https://*.crazyegg.com; frame-src 'self' https://*.tigocloud.net https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.youtube.com https://6493920.fls.doubleclick.net https://*.kampyle.com https://*.crazyegg.com https://*.tigo.com.bo https://khipu.com; script-src 'self' blob: https://*.tigocloud.net https://*.kampyle.com https://*.speedtestcustom.com https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://analytics.twitter.com https://static.ads-twitter.com https://www.youtube.com https://6493920.fls.doubleclick.net https://maps.googleapis.com https://www.gstatic.com/ https://sync.smartadserver.com https://cdn.smooch.io https://s.ytimg.com https://facebook.com/signals/iwl.js https://widget-mediator.zopim.com https://*.licdn.com 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' https://www.clarity.ms https://eum.instana.io https://*.crazyegg.com https://*.tigo.com.bo https://khipu.com 'sha256-Z/AlCx9qBSlRFr+8Irt7/kys2PrFeoY+csXqli+U96k=' 'sha256-aAU6VET+6nctKDKgstahQyYSaFfE/hpGFLJ/dOREHCY=' 'sha256-vtFdpshOjfLBoRlubieusOp+JyCEt7jKY56cgkWJS/Q=' 'sha256-Ri+niIDxGc2C2538WaU8umuu/wHvIFb0q5dyTCMTe3k=' 'sha256-iTEXSA6WRleLe/AaVkSUyScPgrnCJlIHbNHrhRZJA+Y=' 'sha256-Xl9qDOHilhfsIXR6pOoTBidUtMPVl7xJdwpVYive2uA=' 'sha256-eZi16SMFLk0I2ppkgR+QA78Em4+dH7fycQng8PXpEEM=' 'sha256-xq+aS8e2dxEvw6qVFuyj0MR+bGVteZlov4QYh0TvwSU=' 'sha256-l1T3p2hI/NsFmH4IT8qyW3F4BTNVb6SzHhOCQYqg7Sc=' 'sha256-FrQ57L9tMdJJ722FWKhQSqaJ3Gd4s4rKlbk+K1DW+t4=' 'sha256-5Q8BLGKvDLTXeesMgddj68enFLB5ViTOglSslBdK3kc=' 'sha256-TW+LUHBvBcHO4q029QISjk9NpnxRVTST+ce6sQ038VA=' 'sha256-XvfKhIN9BjB09yckqa/UCwGQr4u1pNpsQz4BZidY4m8='; font-src 'self' data: blob: https://fonts.gstatic.com https://*.kampyle.com https://*.zendesk.com; img-src 'self' data: blob: https://graph.facebook.com https://analytics.facebook.com https://ads.facebook.com https://business.facebook.com https://developers.facebook.com https://apps.facebook.com https://connect.facebook.com https://connect.facebook.net https://www.facebook.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.google.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googleapis.com https://*.googleadservices.com https://optimize.google.com https://www.google-analytics.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.tigocloud.net https://*.contentful.com https://*.kampyle.com https://static.zdassets.com https://*.googletagmanager.com https://images.ctfassets.net https://stats.g.doubleclick.net https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.ar https://www.google.com.bo https://www.google.com.co https://www.google.com.sv https://www.google.com.gt https://www.google.hn https://www.google.com.ni https://www.google.com.pa https://www.google.com.py https://t.co https://maps.gstatic.com https://www.facebook.com https://analytics.twitter.com https://static.ads-twitter.com https://*.speedtestcustom.com https://*.zendesk.com https://static.zdassets.com https://maps.googleapis.com https://sync.smartadserver.com https://cdn.smooch.io https://*.zopim.io https://svr.mic.edge.com.py https://*.kampyle.com https://c.clarity.ms https://c.bing.com https://*.crazyegg.com https://*.tigo.com.bo; style-src 'self' 'unsafe-inline' https://cdn.smooch.io https://tagmanager.google.com https://www.googletagmanager.com/debug/badge.css https://fonts.googleapis.com https://*.zendesk.com https://*.tigocloud.net https://*.kampyle.com https://*.crazyegg.com; connect-src * data: https://*.crazyegg.com; object-src 'none'; form-action 'self' https://www.facebook.com; base-uri 'self' https://md-scp.kampyle.com; frame-ancestors 'self' 1
frame-ancestors 'self' http://claro.com.ec http://www.claro.com.ec http://m.miclaro.com.ec https://m.miclaro.com.ec http://miclaro.com.ec https://miclaro.com.ec http://www.miclaro.com.ec https://www.miclaro.com.ec https://miclaro.ec.clarodigital.net http://miclaro.ec.clarodigital.net http://miclaro.ec https://miclaro.ec https://miclaro-ec.amx-dev.amxdigital.net http://miclaro-ec.amx-dev.amxdigital.net https://amxdigital.net http://amxdigital.net https://miclaro-ec.amx-dev.amxdigital.net/ http://miclaro-ec.amx-dev.amxdigital.net/  https://scd-te-ec-livechat-01-328a.azurewebsites.net/ http://scd-te-ec-livechat-01-328a.azurewebsites.net/ https://amx-ec-ase-livechat-client-pro.azurewebsites.net http://amx-ec-ase-livechat-client-pro.azurewebsites.net https://app.urbano.com.ec/ https://app.urbano.com.ec/plugin/etracking/etracking/ https://cdn.kushkipagos.com/ https://link.claro-nbo.uplinkbusiness.com  http://link.claro-nbo.uplinkbusiness.com https://test.claro-nbo.uplinkbusiness.com http://test.claro-nbo.uplinkbusiness.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' perfalytics.com www.googletagmanager.com ajax.googleapis.com mychart.crh.org mychartpoc.crh.org crhepic-mc02.crh.org http://mychartpoc.crh.org/mychartpoc/Scripts/lib/Widget/widget_sdk.js assets.transparently.com bbox.blackbaudhosting.com payments.blackbaud.com ajax.aspnetcdn.com https://dec.azureedge.net/ cdn.ampproject.org https://www.google.com/recaptcha/api.js www.gstatic.com assistants.enqbator.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; style-src 'self' 'unsafe-inline' mychart.crh.org bbox.blackbaudhosting.com netdna.bootstrapcdn.com kendo.cdn.telerik.com maxcdn.bootstrapcdn.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' data: blob: www.crh.org bbox.blackbaudhosting.com a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org https://dec.azureedge.net https://*.dec.sitefinity.com *.azureedge.net crhorg.sitefinity.cloud crhorg-stg.sitefinity.cloud *.crh.org www.googletagmanager.com server.arcgisonline.com assistants.enqbator.com *.google-analytics.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' ka-f.fontawesome.com maxcdn.bootstrapcdn.com data: kendo.cdn.telerik.com; frame-src 'self' bbox.blackbaudhosting.com/ mychart.crh.org www.google.com web-chat.nativechat.com; connect-src 'self' https://*.dec.sitefinity.com *.visualstudio.com assets.transparently.com ka-f.fontawesome.com mychartpoc.crh.org crhepic-mc02.crh.org mychart.crh.org perfalytics.com api.perfalytics.com assistants.enqbator.com *.google-analytics.com https://*.insight.sitefinity.com; media-src 'self' data: blob: *.crh.org *.azureedge.net; child-src 'self' mychart.crh.org crhepic-mc02.crh.org bbox.blackbaudhosting.com tcfpa10k-wcg.crh.org web-chat.nativechat.com; frame-ancestors 'self' https://www.crh.org https://mychart.crh.org 1
default-src 'self' https:; connect-src 'self' https: wss: https://localhost:3035 wss://localhost:3035 ws://localhost:3000; font-src 'self' https: data:; img-src 'self' https: data:; frame-src 'self' https:; object-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' data: blob: 1
default-src 'self' ; connect-src 'self' https://*.liquidswap.com https://*.google-analytics.com https://api.etherscan.io https://aptos-mainnet.pontem.network https://aptos-testnet.pontem.network https://control.pontem.network https://fullnode.devnet.aptoslabs.com https://fullnode.testnet.aptoslabs.com https://raw.githubusercontent.com/pontem-network/coins-registry/ https://sentrio-api.devops.mom https://sentrio-api.pontem.network https://sentry.pontem.network https://testnet-node.devops.mom https://api.notifi.network https://dpapi.prd.notifi.network https://control.devops.mom https://wallet.blocto.app https://cloudflare-ipfs.com https://staking-testnet.pontem.network https://staking-testnet.devops.mom https://staking.pontem.network https://api-js.mixpanel.com https://indexer-testnet.staging.gcp.aptosdev.com https://indexer.mainnet.aptoslabs.com https://adapter.magic.devops.mom https://*.lumio.io https://api.liquidswap.com https://liquidswap-api.dev.devops.mom https://api.mainnet.aptoslabs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://embed.typeform.com https://wallet-testnet.blocto.app https://wallet.blocto.app https://mc.yandex.ru https://mc.yandex.com; img-src 'self' data: https://mc.yandex.ru https://mc.yandex.com https://cloudflare-ipfs.com https://*.ipfs.w3s.link https://www.topaz.so ipfs://* https://raw.githubusercontent.com https://www.gitbook.com/ https://static.risewallet.io/ https://miro.medium.com/ https://tp-statics.tokenpocket.pro/ https://trustwallet.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://embed.typeform.com https://fonts.cdnfonts.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.cdnfonts.com; frame-src https://form.typeform.com https://wallet-testnet.blocto.app https://wallet.blocto.app https://global-stg.transak.com/ https://global.transak.com/; object-src 'self' blob: ; frame-ancestors * 'self'; 1
default-src 'self' enerflo.io enerflo.com *.enerflo.io *.enerflo.dev https:;script-src 'self' enerflo.io enerflo.com *.enerflo.io *.enerflo.dev https: 'unsafe-inline' http://js.hs-scripts.com/21589371.js https://app.termly.io;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;font-src 'self' data: https://fonts.gstatic.com;img-src 'self' enerflo.io enerflo.com *.enerflo.io *.enerflo.dev https: data: blob: http://td.doubleclick.net;connect-src 'self' enerflo.io enerflo.com *.enerflo.io *.enerflo.dev https: wss://*.hotjar.com https://www.google-analytics.com https://analytics.google.com http://td.doubleclick.net https://adservice.google.com;frame-src https://www.google.com https://stats.g.doubleclick.net https://td.doubleclick.net http://td.doubleclick.net https://app.termly.io https://meetings.hubspot.com https://forms.hsforms.com;frame-ancestors 'self' https://enerflo-marketing.sanity.studio; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=puba68f50445f9d2f0ddec700d7440e704b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production 1
style-src 'self' https: 'unsafe-inline'; connect-src 'self' wss: https:; img-src 'self' data: https://v2assets.zopim.io/ https://tile.openstreetmap.org; media-src 'self' https://static.zdassets.com; script-src 'self' https: 'unsafe-inline' https:; frame-src https://www.google.com; default-src 'self' 1
frame-ancestors 'self' https://*.myshopify.com https://*.mybigcommerce.com; 1
default-src 'none'; base-uri 'none'; connect-src 'self' https://cdn.hoyailog.com http://*:8787 http://*:8787/hoyabus20 http://*:8787/iloglist wss://*:*/TracerService https://*:80/api/logClientError; font-src 'self' https://cdn.hoyailog.com data:; form-action 'self' https://hoyailog.com; frame-src 'self'; frame-ancestors 'self'; img-src 'self' https://hoyanet.net https://cdn.hoyailog.com data:; manifest-src 'self' https://cdn.hoyailog.com; object-src 'self'; report-uri https://hoyailog.com/api/reportCspViolation; script-src 'report-sample' 'self' https://cdn.hoyailog.com 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https://cdn.hoyailog.com 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline';connect-src 'self' ws:;img-src 'self' data: 1
frame-ancestors 'self' https://app.amplience.net https://*.optimizely.com/ https://*.optimizelyedit.com/; script-src 'self' *.onetrust.com *.thegymgroup.com https://www.google.com https://dc.services.visualstudio.com https://www.googletagmanager.com https://www.googleoptimize.com https://connect.facebook.net https://script.hotjar.com https://analytics.tiktok.com https://*.sagepay.com/ https://maps.googleapis.com https://*.paypal.com https://services.postcodeanywhere.co.uk https://bat.bing.com https://www.sjwoe.com https://wchat.freshchat.com https://*.licdn.com https://*.snapchat.com https://linkedin.com https://*.optimizely.com https://*.optimizelyedit.com/ https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com 'strict-dynamic' 'nonce-SDixNyrUUUoJtNc8NRjeGA==' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: 1
default-src  'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://visitor-service.tealiumiq.com https://tags.tiqcdn.com https://dev.visualwebsiteoptimizer.com https://*.nrgenergy.com https://*.ads-twitter.com/ https://*.tiktok.com https://*.hotjar.com https://js.adsrvr.org/up_loader.1.1.0.js https://*.clarity.ms/s/0.6.34/clarity.js https://stg-wheelock.nrg.com https://wheelock.nrg.com https://cirro.egain.cloud https://cloud-us.analytics-egain.com https://analytics.analytics-egain.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.doubleclick.net https://reliantenergy.sc.omtrdc.net *.bbb.org https://ajax.googleapis.com https://googleads.g.doubleclick.net https://rules.quantcount.com https://*.hotjar.io https://*.hotjar.com https://reliant.egain.cloud https://www.googleadservices.com https://beacon.krxd.net https://consumer.krxd.net https://*.cirroenergy.com https://reliantenergyretails.tt.omtrdc.net https://cdn.jsdelivr.net https://assets.adobedtm.com https://analytics.analytics-egain.com https://assets.adobedtm.com https://www.googletagmanager.com https://bat.bing.com https://secure.quantserve.com https://*.contentsquare.net  https://app.leadsrx.com https://nrg.allegiancetech.com https://cdn.krxd.net https://connect.facebook.net https://siteintercept.allegiancetech.com https://*.cirroenergy.com *.contentsquare.net contentsquare.com https://www.google.com/pagead/conversion_async.js; style-src 'self' 'unsafe-inline' https://use.typekit.net https://*.hotjar.com *.bbb.org https://*.cirroenergy.com https://stg-wheelock.nrg.com https://wheelock.nrg.com https://use.fontawesome.com https://cdn.jsdelivr.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://dev.cirroenergy.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.youtube.com  https://*.sfmc-content.com https://match.adsrvr.org/ https://insight.adsrvr.org https://reliant.egain.cloud https://analytics.analytics-egain.com https://reliantenergyretailservicesllc.demdex.net https://reliantenergy.sc.omtrdc.net https://stg-wheelock.nrg.com https://wheelock.nrg.com https://*.hotjar.io https://*.hotjar.com https://*.doubleclick.net https://cdn.krxd.net csxd.cirroenergy.com; child-src blob:; img-src 'self' data: * *.contentsquare.net https://*.hotjar.com; font-src * https://*.hotjar.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://collect.tealiumiq.com https://www.redditstatic.com https://dev.visualwebsiteoptimizer.com https://px.ads.linkedin.com https://visitor-service.tealiumiq.com  https://bf94493cun.bf.dynatrace.com https://*.tiktok.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com  https://*.clarity.ms/collect wss://ws26.hotjar.com/api/v2/client/ws https://bat.bing.com https://reliantenergyretailservicesllc.demdex.net https://reliantenergy.sc.omtrdc.net https://stg-wheelock.nrg.com https://wheelock.nrg.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.doubleclick.net https://dpm.demdex.net https://*.hotjar.io https://*.hotjar.com https://*.contentsquare.net https://api.ipify.org https://app.leadsrx.com https://*.cirroenergy.com https://www.google-analytics.com https://reliantenergyretails.tt.omtrdc.net https://reliantenergy.sc.omtrdc.net https://cdn.jsdelivr.net https://assets.adobedtm.com *.contentsquare.net; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; frame-src 'self' https:; connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss: https: data: blob:; frame-ancestors 'self' *.7across.travel *.7acrosstravel *.accorplusdiscovery.com *.addthis.com *.airportparking.net.au *.avctravel.com.au *.azurewebsites.net *.bzzworld.com *.bzzworldtravel.com *.clubmedaustralia.com.au *.crownclubmarketplace.com *.cruise.ovscruise.com *.cruise.wotif.com *.cruisemegastore.com.au *.cruisepilot.com.au *.dae-travel.com *.discover365.co.nz *.discover365.co.uk *.discover365.com.au *.doubleclick.net *.driveaway.com.au *.facebook.com *.favc.com *.hightide.com.au *.IAMLVC.com *.ice-cdn.com *.icecruises.com.au *.iceenterprise.com *.icevacations.com.au *.kampyle.com *.kivac.com.mx *.latitude21resorts.com *.latitudeguestservices.com *.latitudevacationclub.com *.lifestylebywyndhamlite.com *.liveaquaresidenceclub.com *.livechatinc.com *.looking4.com *.mustdotravels.com *.my241cruise.com.au *.my241rewards.com.au *.myfuturecruisecredit.com *.optimizely.com *.ourvacationcentre.com *.ourvacationcentre.com.au *.ourvacationcentre.net *.ovctour.com *.ovscruise.com *.ovsresort.com *.qvitravelsavings.com *.rci.my241cruise.com.au *.rci.travel *.re-set.mx *.re-set.travel *.saveonresorts.com *.tawk.to *.theclub365.com.au *.tourmegastore.com.au *.travelii.mx *.travelmegastore.com.au *.travelperksplus.com *.travelsavingspassport.com *.tripauthority.com *.tripsavr.com *.tripsavr2.com *.ultiqa.com.au *.ultiqaexplore.com.au *.ultiquaexplore.com.au *.windows.net *.world2go.mx *.wotif.com *.youtube.com 7across.travel accorplusdiscovery.com agentportalui-wa-dev-usw.azurewebsites.net agentportalui-wa-qa-usw.azurewebsites.net assets.cruisemail.com.au avctravel.com.au bid.g.doubleclick.net cruise.flybuystravel.com.au cruise.ovscruise.com cruise.wotif.com cruisemegastore.com.au cruisepilot.com.au dae-travel.com discover365.co.nz discover365.co.uk discover365.com.au elcidsales.latitudeguestservices.com hightide.com.au icecruises.com.au iceenterprise.com icevacations.com.au latitudevacationclub.com lifestylebywyndhamlite.com mustdotravels.com my241cruise.com.au my241rewards.com.au myfuturecruisecredit.com ourvacationcentre.com ourvacationcentre.com.au ourvacationcentre.net ovctour.com ovscruise.com rci.my241cruise.com.au rci.travel tawk.to theclub365.com.au tour.icruiserewards.com tour.thevidalifestyle.com tourmegastore.com.au tours.icruise.com tours.tourmegastore.com.au travelmegastore.com.au travelperksplus.com ukproducthub.azureedge.net ukproducthub.blob.core.windows.net ultiqa.com.au ultiqaexplore.com.au ultiquaexplore.com.au windows.net wotif.com; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.usercentrics.eu https://privacy-proxy.usercentrics.eu https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.youtube.com *.ytimg.com *.cloudfront.net https://code.jquery.com https://snap.licdn.com https://www.bugherd.com https://sidebar.bugherd.com blob:; font-src 'self' https://fonts.gstatic.com *.bugherd.com *.cloudfront.net; style-src 'self' 'unsafe-inline' *.cloudfront.net https://fonts.googleapis.com https://www.bugherd.com; img-src 'self' https://brandzone.ngk.de https://app.usercentrics.eu https://www.google-analytics.com https://www.google.com *.ytimg.com *.cdninstagram.com *.fbcdn.net *.cloudfront.net https://*.linkedin.com https://privacy-proxy-server.usercentrics.eu data://* data: https://uct.service.usercentrics.eu https://*.amazonaws.com https://sidebar.bugherd.com https://www.googletagmanager.com https://img.youtube.com blob:; connect-src 'self' *.usercentrics.eu https://*.google-analytics.com *.doubleclick.net *.bugsnag.com wss://*.pusherapp.com wss://*.pusher.com *.pusher.com *.bugherd.com https://bugherd-attachments.s3.amazonaws.com https://cdn.linkedin.oribi.io https://api.friendlycaptcha.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://www.google-analytics.com v.calameo.com https://sidebar.bugherd.com https://*.admiralcloud.com; 1
frame-ancestors https://*.flexera.com https://*.flexera.de https://*.revenera.com https://*.revenera.de https://ecommerce-flexeracommunity.cs201.force.com https://staging-flexeracommunity.cs203.force.com; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; form-action 'self'; script-src * 'unsafe-eval' 'unsafe-inline' https:; style-src * 'self' 'unsafe-inline' https: 1
frame-ancestors 'self'  http://*.vinea.es http://*.ceca.es  https://*.ceca.es http://*.cecabank.es https://*.cecabank.es; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com pi.pardot.com *.cassiecloud.com *.wistia.com static.ada.support js.zi-scripts.com script.hotjar.com https://static.hotjar.com/ *.chilipiper.com *.forchili.com *.googleapis.com www.googletagmanager.com www.google-analytics.com analytics.google.com https://www.google.com/recaptcha/api.js *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com https://secure.geobytes.com/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/insight.min.js;style-src 'self' 'unsafe-inline' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com fonts.googleapis.com *.cassiecloud.com www.googletagmanager.com;object-src 'none';base-uri 'self';connect-src 'self' *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com *.cassiecloud.com ipapi.co js.zi-scripts.com *.chilipiper.com *.forchili.com *.ada.support ws.zoominfo.com *.wistia.com https://*.litix.io analytics.google.com *.analytics.google.com *.googleapis.com www.google-analytics.com stats.g.doubleclick.net https://px.ads.linkedin.com/;font-src 'self' data: *.livingstonintl.com *.livingston.com *.gstatic.com *.wistia.com;frame-src 'self' *.livingstonintl.com *.livingston.com *.ada.support td.doubleclick.net https://www.google.com/ https://www.youtube.com *.chilipiper.com *.forchili.com;img-src 'self' data: *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com cscript-cdn-use.cassiecloud.com *.wistia.com www.google-analytics.com www.google.com www.googletagmanager.com *.gstatic.com *.googleapis.com secure.gravatar.com *.chilipiper.com https://www.facebook.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/;manifest-src 'self';media-src 'self' blob: *.livingstonintl.com *.livingston.com lii-mkt-content.s3.amazonaws.com;worker-src 'none'; 1
default-src 'self'; img-src 'self' data: blob: https://pendo-us1-static-6231007996805120.storage.googleapis.com/ https://us1.app.pendo.io/ https://core.uniteus.io/rails/active_storage/blobs/ https://s3.amazonaws.com/static-public-v3-uudev/ https://s3.amazonaws.com/cdn-public-v3-uudev/ https://core.uniteus.io https://s3.amazonaws.com/uniteus-io-assets/ https://us1.data.pendo.io https://maps.gstatic.com https://maps.googleapis.com core; child-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://us1.app.pendo.io/ https://tableau.uniteus.io/ https://js-agent.newrelic.com/nr-spa-1016.min.js https://cdnjs.cloudflare.com/ajax/libs/rollbar.js/ https://cdn.polyfill.io https://cdn.pendo.io/agent/ https://bam.nr-data.net https://us1.data.pendo.io https://maps.googleapis.com https://*.intercom.io https://*.intercomcdn.com; font-src https://app.uniteus.io/dashboard/new/node_modules/@pendo/components/lib/fonts/ https://s3.amazonaws.com/uniteus-io-assets/ https://fast.fonts.net https://fonts.intercomcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://us1.cdn.pendo.io https://fast.fonts.net https://fonts.googleapis.com; connect-src https://us1.app.pendo.io/api/s/ https://us1.data.pendo.io/data/ https://*.browser-intake-ddog-gov.com wss://tsock.us1.twilio.com/v3/wsconnect https://*.uniteus.io https://*.uniteus.io https://*.launchdarkly.com https://*.rollbar.com https://*.intercom.io https://bam.nr-data.net wss://*.intercom.io https://ipinfo.io https://maps.googleapis.com; frame-src http://us1.app.pendo.io https://tableau.uniteus.io/ https://core.uniteus.io/ https://s3.amazonaws.com/ https://consent.uniteus.io; object-src https://core.uniteus.io/; worker-src blob:; 1
default-src 'self' 'unsafe-inline' data: *.algolia.net optanon.blob.core.windows.net stats.g.doubleclick.net api.craftcms.com go.pardot.com maps.googleapis.com geolocation.onetrust.com www.google-analytics.com googleads.g.doubleclick.net cdn.cookielaw.org downloads.microscope.healthcare.nikon.com *.healthcare.nikon.com d2yjaub2m73j9n.cloudfront.net; frame-ancestors 'self'; img-src 'self' data: i.ytimg.com cdn.cookielaw.org i.vimeocdn.com pluginicons.craft-cdn.com maps.googleapis.com maps.gstatic.com www.google.com downloads.microscope.healthcare.nikon.com www.google-analytics.com; font-src 'self' data: fast.fonts.net d2yjaub2m73j9n.cloudfront.net; script-src 'self' code.jquery.com optanon.blob.core.windows.net cdnjs.cloudflare.com cdn.jsdelivr.net polyfill.io www.youtube.com ajax.googleapis.com www.gstatic.com www.google.com mktdplp102cdn.azureedge.net maps.googleapis.com go.healthcare.nikon.com use.typekit.net  pi.pardot.com www.googletagmanager.com www.google-analytics.com 'unsafe-eval' 'unsafe-inline' blob: fast.fonts.net www.googleadservices.com cdn.cookielaw.org pages.nikoninst.com pi.pardot.com googleads.g.doubleclick.net ; style-src 'self' 'unsafe-inline' blob: cdn.jsdelivr.net optanon.blob.core.windows.net fast.fonts.net fonts.googleapis.com; frame-src 'self' www.youtube-nocookie.com player.vimeo.com js.stripe.com *.nikon.com pages.nikoninst.com bid.g.doubleclick.net; 1
frame-src https://youtube.com https://www.youtube.com https://consentcdn.cookiebot.com/; 1
default-src 'unsafe-eval' 'unsafe-inline' * data: 1
frame-ancestors 'self' https://www.matrimonios.cl https://comunidad.matrimonios.cl https://landing.matrimonios.cl 1
default-src 'self' immoscoop.be *.immoscoop.be *.www1.immoscoop.be kbc.be *.kbc.be *.sentry.io *.colibry.cloud production-co-libry.appspot.com googletagmanager.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.cookiepro.com *.cloudflare.com *.gstatic.com *.cloudfront.net *.googlesyndication.com googleoptimize.com *.googleoptimize.com  *.googleapis.com google.com *.google.com *.google-analytics.com *.licdn.com *.facebook.net facebook.com *.facebook.com *.linkedin.com *.bing.com *.doubleclick.net 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net *.googleadservices.com *.onetrust.io *.onetrust.com *.mapbox.com *.maptiler.com *.storyblok.com *.oribi.io *.adobedtm.com *.outbrain.com *.optimonk.com blob: wss: ; img-src * 'self' data: https: blob: ; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.binderpos.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data: 1
frame-ancestors 'self' pro.leparking.ch pro.dasparking.de pro.leparking.fr pro.theparking-cars.co.uk pro.theparking.ca pro.theparking-cars.com pro.leparking.be bresil.leparking.fr pro.nl.leparking.be pro.fr.theparking.ca roextpro.ads4all.fr atextpro.ads4all.fr bgextpro.ads4All.fr czextpro.ads4all.fr eeextpro.ads4all.fr grextpro.ads4all.fr hrextpro.ads4all.fr huextpro.ads4all.fr ltextpro.ads4all.fr luextpro.ads4all.fr lvextpro.ads4all.fr siextpro.ads4all.fr skextpro.ads4all.fr pro.de.leparking.ch keextpro.ads4all.fr pro.el-parking.es pro.oparking.pt pro.theparking.eu pro.el-parking.pe pro.leparking.ma pro.ilparking.it; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; default-src 'self' 'unsafe-inline'; img-src 'self' https:; frame-ancestors 'self'; block-all-mixed-content; 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://*.intercom.io https://*.intercom.io https://*.intercom.com https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.intercomusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://stats.g.doubleclick.net; font-src data: https:; frame-ancestors 'self' https://intercomrades.support https://intercom.skilljar.com https://academy.intercom.com https://academy.guests.intercom.com https://app.intercom.com https://app.eu.intercom.com https://app.au.intercom.com https://intercomrades.intercom.com https://intercomrades.eu.intercom.com https://intercomrades.au.intercom.com; frame-src 'self' https://platform.twitter.com https://staticxx.facebook.com https://www.facebook.com https://fast.wistia.net https://fast.wistia.com https://www.useloom.com https://www.loom.com https://play.vidyard.com https://player.vimeo.com https://web.microsoftstream.com https://share.synthesia.io https://embed.app.guidde.com https://share.descript.com https://app.guideflow.com https://www.youtube.com https://www.youtube-nocookie.com https://content.jwplatform.com https://players.brightcove.net https://intercom-sheets.com https://www.intercom-reporting.com https://*.sharepoint.com; img-src data: blob: https: http:; media-src data: blob: https:; object-src 'self' https://static.intercomassets.com; script-src 'self' https://connect.facebook.net https://platform.twitter.com https://static.intercomassets.com https://googleadservices.com https://googletagmanager.com https://google-analytics.com https://widget.intercom.io https://js.intercomcdn.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://intercom.help https://intercom-help.eu https://au.intercom.help 'nonce-J3gl+q0v4FX0cH8LWbADxVKAdS9YbNbiUcBPzVX62+8='; style-src 'self' 'unsafe-inline' https://fonts.intercomcdn.com https://static.intercomassets.com https://static.intercomcdn.com https://marketing.intercomassets.com https://marketing.intercomcdn.com https://intercom.help https://intercom-help.eu https://au.intercom.help https://static.intercomassets.eu https://static.au.intercomassets.com 1
frame-ancestors *.hilan.co.il ihilanet.tau.ac.il 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://cdnjs.cloudflare.com https://sentry.io https://payments.worldpay.com https://cdn.sift.com https://verify.sendwyre.com https://pay.sendwyre.com https://ajax.cloudflare.com https://*.crisp.chat https://www.googletagmanager.com; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' data: https://connect.venly.io https://*.crisp.chat https://payments.worldpay.com https://fonts.googleapis.com; media-src *; font-src 'self' data: https://connect.venly.io https://fonts.gstatic.com https://themes.googleusercontent.com https://*.crisp.chat; frame-src https://connect.venly.io https://login.arkane.network https://login.venly.io https://global.transak.com https://buy.ramp.network https://platform.twitter.com https://help.venly.io https://help.venly.market https://payments.worldpay.com https://*.crisp.chat; object-src 'none'; connect-src 'self' https://events.venly.market https://login.arkane.network https://login.venly.io https://content.arkane.network https://api-wallet.venly.io https://connect.venly.io https://sentry.io https://stats.g.doubleclick.net https://analytics.google.com https://*.analytics.google.com https://api.sendwyre.com wss://*.crisp.chat https://*.crisp.chat https://*.browser-intake-datadoghq.eu; worker-src 'self' blob: 1
frame-src 'self' *.checkout.com *.vimeo.com *.youtube.com disqus.com *.iubenda.com www.facebook.com lb.affilae.com www.compado-tracking.com sibautomation.com *.ubembed.com libs.hipay.com www.awin1.com; default-src 'self' https://maps.googleapis.com *.checkout.com *.disqus.com *.disquscdn.com *.sumo.com *.zopim.com *.iubenda.com disqus.com ekr.zdassets.com google.com www.google.com googleads.g.doubleclick.net sumo.com wss://widget-mediator.zopim.com *.wagtail.io weenect.zendesk.com www.facebook.com sibautomation.com *.google-analytics.com stats.g.doubleclick.net in-automate.sendinblue.com https://oms.salesupply.com:52222 *.clarity.ms *.bing.com static.weenect.com *.ubembed.com ipapi.co mpsnare.iesnare.com wss://mpsnare.iesnare.com *.hipay.com the.sciencebehindecommerce.com; img-src 'self' *.sumo.com *.trustpilot.com *.iubenda.com images-static.trustpilot.com static.weenect.com sumo.com *.googleapis.com www.google-analytics.com weenect.s3.eu-west-3.amazonaws.com d128mjo55rz53e.cloudfront.net www.gravatar.com v2.zopim.com v2assets.zopim.io data: stats.g.doubleclick.net www.facebook.com www.google.com www.google.fr www.googletagmanager.com googleads.g.doubleclick.net *.gstatic.com *.bing.com static.snoweb.fr static.snoweb.io cx.atdmt.com *.disqus.com *.disquscdn.com *.clarity.ms cdn.jsdelivr.net www.awin1.com; style-src 'self' *.disquscdn.com ajax.googleapis.com fonts.googleapis.com 'unsafe-inline' static.snoweb.fr static.snoweb.io unpkg.com cdn.jsdelivr.net libs.hipay.com; media-src 'self' data: mpsnare.iesnare.com; script-src 'self' script.js *.checkout.com *.cloudflare.com *.disqus.com *.disquscdn.com *.google.com *.sumo.com *.trustpilot.com *.zdassets.com *.zopim.com *.iubenda.com ajax.googleapis.com stackpath.bootstrapcdn.com www.google-analytics.com googleads.g.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net static.affilae.com tpc.googlesyndication.com sibautomation.com 'unsafe-eval' 'unsafe-inline' *.googleapis.com bat.bing.com cdn.jsdelivr.net code.jquery.com maxcdn.bootstrapcdn.com unpkg.com lb.affilae.com www.compado-tracking.com stats.g.doubleclick.net a.quora.com *.clarity.ms *.ubembed.com libs.hipay.com mpsnare.iesnare.com www.dwin1.com www.awin1.com the.sciencebehindecommerce.com; font-src 'self' fonts.googleapis.com v2.zopim.com fonts.gstatic.com data: blob: 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval';object-src 'none'; 1
script-src 'nonce-uYSJvqT8DRUWPiNbdxtkcvvs+6sy' 'unsafe-eval' 'strict-dynamic'; object-src 'none'; base-uri 'none'; 1
default-src 'self'; img-src 'self' data: data.pendo.io cdn.pendo.io pendo-static-6212581127946240.storage.googleapis.com app.pendo.io; style-src 'self' 'unsafe-inline' pendo-io-static.storage.googleapis.com pendo-static-6212581127946240.storage.googleapis.com app.pendo.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.pendo.io pendo-io-static.storage.googleapis.com pendo-static-6212581127946240.storage.googleapis.com data.pendo.io app.pendo.io cdnjs.cloudflare.com js-agent.newrelic.com; connect-src 'self' bam.nr-data.net data.pendo.io pendo-static-6212581127946240.storage.googleapis.com app.pendo.io; frame-src 'self' app.pendo.io *.uniteustraining.com *.uniteus.io *.rma.healthcare; 1
default-src 'self' * data:; font-src 'self' * data:; frame-src *; img-src * data: android-webview-video-poster:; media-src * data: blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline'; worker-src * blob:; frame-ancestors 'self' https://verizonconnect.getambassador.com/; 1
frame-ancestors "self" https://*.accelya.com:*; 1
frame-ancestors 'self' globalgatewaye4.firstdata.com; 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' https: 'unsafe-eval' 1
frame-ancestors 'self' https://www.casamentos.pt https://comunidade.casamentos.pt https://landing.casamentos.pt 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors * data: blob: ; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=29v66a5j45gig&partner=; 1
base-uri 'self';	default-src 'self';	connect-src 'self' https://reseau.coraxis.fr/ https://faq.coraxis.fr/ https://whois.coraxis.fr/;	style-src 'unsafe-inline' 'self' https://css.transform.coraxis.fr https://fonts.googleapis.com https://cdnjs.cloudflare.com https://uicdn.toast.com; font-src 'self' https://css.transform.coraxis.fr https://fonts.googleapis.com https://fonts.gstatic.com; 	script-src 'unsafe-inline' 'unsafe-eval' 'self' https://js.transform.coraxis.fr https://www.gstatic.com https://www.google.com/recaptcha/ https://maps.googleapis.com https://cdnjs.cloudflare.com https://uicdn.toast.com https://blueimp.github.io https://ajax.googleapis.com; 	img-src 'self' https://media.transform.coraxis.fr https://js.transform.coraxis.fr https://css.transform.coraxis.fr https://maps.googleapis.com https://maps.gstatic.com data:;  child-src 'self' https://www.youtube.com https://www.google.com/recaptcha/;	media-src 'self';	form-action 'self'   https://faq.coraxis.fr/ https://admin.coraxis.fr;	frame-ancestors 'self'; 1
default-src 'none';script-src 'self';connect-src 'self';img-src 'self';style-src 'self';frame-ancestors 'none'; 1
default-src ws: 'self' data: blob: 'unsafe-inline' 'unsafe-eval' rydges.com *.rydges.com *.addthis.com *.adnxs.org *.adsrvr.org *.akamaized.net *.amazonaws.com *.americanexpress.com *.android.com *.arcot.com *.aturahotels.com *.auth0.com *.azureedge.net *.bing.com *.bootstrapcdn.com *.braintree-api.com *.braintreegateway.com *.braze.com *.browser-update.org *.cardinalcommerce.com *.cendynhub.com *.clarity.ms *.cloudflare.com *.cloudflareaccess.com *.cloudfront.net *.criteo.com *.criteo.net *.d-edgeconnect.media *.datatrans.com *.demdex.net *.doubleclick.net *.duosecurity.com *.elev.io *.event-restaurants-venues.com *.eventcinemas.com.au *.everestjs.net *.everesttech.net *.facebook.com *.fontawesome.com *.gleam.io *.gleamjs.io *.google-analytics.com *.google.co.nz *.google.com *.google.com.au *.googleadservices.com *.googleapis.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io *.independentcollection.com.au *.instagram.com *.ivvy.com *.ivvy.com.au *.jquery.com *.jsdelivr.net *.kaptcha.com *.lafourchette.com *.mews-demo.com *.mintdesign.co.nz *.mycardsecure.com *.myma.ai *.ovalhotel.com.au *.paypal.com *.paypalobjects.com *.pingdom.net *.planpay.com *.priorityguestrewards.com *.qtathome.com *.qthotels.com *.quantcount.com *.quantserve.com *.resdiary.com *.rokt.com *.rsa3dsauth.co.uk *.rydges.com *.sentry-cdn.com *.sentry.io *.sg-form.com *.sharepointonline.com *.shift72.com *.smartcheckmobile.com *.sojern.com *.stripe.com *.tacdn.com *.tamgrt.com *.thehotelsnetwork.com *.tiktok.com *.typekit.net *.typography.com *.vimeo.com *.weatherwidget.io *.wistia.com *.wp.com *.wpo365.com *.wufoo.com *.wufoo.eu *.yoast.com *.youtube.com addthis.com ads.yahoo.com adx.dable.io akamaized.net amazonaws.com americanexpress.com analytics.tiktok.com android.com au.ants.vn azureedge.net bam.nr-data.net beacon-v2.helpscout.net beacon.sojern.com bing.com bootstrapcdn.com braintree-api.com braintreegateway.com braze.com browser-update.org cardinalcommerce.com cdn.forms-content.sg-form.com cdn.jsdelivr.net cendynhub.com clarity.ms cloud.typography.com cloudflare.hcaptcha.com cloudfront.net cm.mgid.com code.jquery.com connect.facebook.net contextual.media.net criteo-sync.teads.tv criteo.com criteo.net cw.addthis.com d-edgeconnect.media datatrans.com demdex.net duosecurity.com eb2.3lift.com elev.io event-restaurants-venues.com eventcinemas.com.au everestjs.net everesttech.net fontawesome.com fonts.gstatic.com gleam.io gleamjs.io google.com googletagmanager.com hotjar.com hotjar.io i.ytimg.com independentcollection.com.au instagram.com ivvy.com ivvy.com.au jquery.com js-agent.newrelic.com js.appboycdn.com js.sentry-cdn.com kaptcha.com kg668dbov0.execute-api.us-east-1.amazonaws.com lafourchette.com maxcdn.bootstrapcdn.com mews-demo.com mintdesign.co.nz mycardsecure.com myma.ai participant.connect.ap-southeast-2.amazonaws.com paypal.com pixel.advertising.com pixel.tapad.com planpay.com polyfill.io qtathome.com r.casalemedia.com resdiary.com rsa3dsauth.co.uk rtb-csync.smartadserver.com rtd-tm.everesttech.net rules.quantcount.com rum-static.pingdom.net rydges.com s-cs.send.microad.jp s.ad.smaato.net secure.adnxs.com secure.quantserve.com securepubads.g.doubleclick.net sentry-cdn.com sharepointonline.com shift72.com simage2.pubmatic.com smartcheckmobile.com sojern.com sp.analytics.yahoo.com spoprod-a.akamaihd.net static.tacdn.com stripe.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync-tm.everesttech.net sync.e-planning.net tags.bluekai.com tamgrt.com tiktok.com typekit.net ups.analytics.yahoo.com us-u.openx.net use.typekit.net via.placeholder.com vimeo.com visitor-fra01.omnitagjs.com visitor.omnitagjs.com weatherwidget.io wistia.com wp.com wpo365.com www.aexp-static.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.googletagservices.com www.surveymonkey.com yoast.com; frame-src *; object-src 'none'; img-src 'self' https: data: blob:;  upgrade-insecure-requests; report-uri https://evtgroup.report-uri.com/r/t/csp/enforce 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-SgAnyS656LtsUz/SJlAC0wv9uJfy5F' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'self' https://*.adventureacademy.com 1
script-src *.yotpo.com *.bigcommerce.com *.mybigcommerce.com *.googleadservices.com *.facebook.net *.bazaarvoice.com *.fonts.net *.googletagmanager.com *.google-analytics.com *.cookielaw.org *.zendesk.com *.zdassets.com *.cloudfront.net *.google.com *.gstatic.com *.lightboxcdn.com *.iesnare.com *.braintreegateway.com *.paypal.com *.ordergroove.com *.afterpay.com *.attn.tv *.attentivemobile.com *.doubleclick.net *.mathtag.com *.salesforce-sites.com *.tapad.com *.tiktok.com *.snapchat.com *.s3.amazonaws.com *.addrexx10.com *.crazyegg.com *.segment.com sc-static.net *.pinimg.com *.adsrvr.org *.lytics.io *.dynatrace.com *.tapad.com *.azurewebsites.net *.moatads.com *.ipify.org *.rpxnow.com *.kaptcha.com rpxnow.com *.paypalobjects.com *.googlesyndication.com *.pinterest.com *.mczbf.com *.emjcd.com pghub.io *.abtasty.com cdn11.bigcommerce.com 'self' 'unsafe-eval' 'unsafe-inline' blob: ;object-src 'none'; frame-ancestors 'self' ; 1
default-src 'self'; img-src 'self' data: arttrk.com *.tvsquared.com *.doubleclick.net *.google.com *.google-analytics.com *.facebook.com *.gstatic.com *.googleapis.com *.cellcom.com placehold.it blob: *.adsrvr.org *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.analytics.google.com insight.adsrvr.org dpm.demdex.net *.clarity.ms *.bing.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.cellcom.com *.googleapis.com *.ionicframework.com tagmanager.google.com *.net-results.io; frame-src 'self' *.google.com *.shift4test.com *.youtube.com *.cellmaps.com *.i4go.com *.facebook.com *.trustev.com *.iesnare.com *.timetrade.com *.timetradesystems.com widgets.priceyourdevice.com *.adsrvr.org arcgis.com *.arcgis.com *.cellcom.com; connect-src 'self' *.cellcom.com  *.nsight.com *.trustev.com *.iesnare.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.google.com *.googletagmanager.com *.analytics.google.com apps.net-results.com *.clarity.ms bat.bing.com; font-src 'self' *.gstatic.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.tvsquared.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net beacon.cdnma.com *.facebook.com *.facebook.net *.i4go.com *.googleapis.com *.jquery.com widgets.priceyourdevice.com *.trustev.com *.iesnare.com *.timetrade.com *.timetradesystems.com *.adsrvr.org *.net-results.io bat.bing.com *.clarity.ms cdnjs.cloudflare.com *.cellcom.com; frame-ancestors 'self' *.c-us-4wireless.com *.c-tcomputers.com *.doorcountycoop.com *.jtcrivitz.com *.lakewoodcellular.com *.arlenstvandappliance.com *.i4go; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: wss: 1
connect-src 'self' https://search.swedbank.se https://track.adform.net https://unpkg.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://swedbankab.d3.sc.omtrdc.net https://*.swedbank.net https://dpm.demdex.net https://dpm.swedbank.se https://dpu.swedbank.se https://agent.nina-nuance.com/ https://www.swedbank.com/sv https://swedbank.com/sv https://www.swedbank.com https://swedbank.com https://www.swedbank.se https://swedbank.se https://agent-locator.nina-nuance.com https://agent-fp.nina-nuance.com https://www.swedbank.dfs.investis.com https://swedbank.dfs.investis.com https://blikund.swedbank.se 1
default-src 'self' *.breitbandmessung.de:* stat.zafa.co geocode.arcgis.com wss://* 'unsafe-inline' data: sgx.geodatenzentrum.de sg.geodatenzentrum.de utility.arcgisonline.com 'unsafe-eval' 1
frame-ancestors 'self' *.gomarquis.com *.zagclients.net 1
connect-src 'self' www.google-analytics.com *.mktoresp.com *.hdms.com *.devsjr.com *.bugcrowd.com bugcrowd.com *.bugcrowdusercontent.com *.linkedin.oribi.io *.doubleclick.net *.youtube.com https://*.google.com *.clickagy.com https://js.zi-scripts.com ws.zoominfo.com *.googlesyndication.com https://*.linkedin.com ; default-src 'self'; font-src 'self' data: *.devsjr.com fonts.googleapis.com fonts.gstatic.com *.hdms.com *.youtube.com https://*.google.com; frame-src *.doubleclick.net *.devsjr.com *.youtube.com *.marketo.com www.youtube-nocookie.com *.hdms.com *.bugcrowd.com bugcrowd.com *.bugcrowdusercontent.com https://*.google.com https://*.adsrvr.org; img-src 'self' data: *.marketo.com *.google.com *.devsjr.com www.google-analytics.com/ ws.zoominfo.com *.linkedin.com *.adsymptotic.com snap.licdn.com *.hdms.com *.youtube.com https://*.google.com *.clickagy.com https://www.googletagmanager.com *.rlcdn.com *.crwdcntrl.net *.doubleclick.net *.demdex.net *.agkn.com *.openx.net *.sitescout.com; media-src 'self' *.devsjr.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.doubleclick.net *.devsjr.com munchkin.marketo.net *.marketo.com *.googleadservices.com www.google-analytics.com www.googletagmanager.com ws.zoominfo.com px.ads.linkedin.com snap.licdn.com *.hdms.com *.bugcrowd.com bugcrowd.com *.bugcrowdusercontent.com *.clickagy.com *.youtube.com https://*.google.com https://js.zi-scripts.com https://*.adsrvr.org https://*.gstatic.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com *.devsjr.com *.hdms.com *.youtube.com https://*.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maps.googleapis.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://walls.io https://*.walls.io https://api.swiftype.com https://*.google.com https://*.youtube.com https://*.onetrust.com https://static.cloudflareinsights.com https://*.lkw-walter.com https://www.gstatic.com https://*.bing.com https://*.hotjar.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://unpkg.com https://*.cloudflare.com ; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.smartsuppcdn.com ; frame-src 'self' https://*.youtube.com https://*.google.com https://walls.io https://*.walls.io https://*.youtube-nocookie.com https://*.cloudflare.com ; font-src 'self' data: https://*.hotjar.com ; form-action 'self'  ; connect-src 'self' https://cdn.cookielaw.org https://maps.googleapis.com https://*.onetrust.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.lkw-walter.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.smartsuppchat.com https://*.smartsuppcdn.com wss://*.smartsupp.com https://ipmeta.io https://*.cloudflare.com ; img-src 'self' https: data: https://*.hotjar.com ; object-src 'none'; upgrade-insecure-requests 1
default-src 'self' calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;img-src 'self' data: https:;style-src 'self' 'unsafe-inline' calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;script-src 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-zn1JYb31DHWgA6TEC8q4i8NAGZqCYJfvHt8noS21UkE=' 'sha256-M2x3v2sOL8i0LcRWPlXTIQ1ppaf6urya/5FLuss9A5A=' 'sha256-ncay0vLU4e1LwJXdiFb0cmxGvJ34kGp7AwuyvK5gqvc=' 'sha256-l6OX6+NLxF91XeeHsbFB3DhcSRC68fTuc2TRRBRlLdo=' 'sha256-5JzjenWweMw5xbQtRCoZHfweaaG9SAKri6LPl05yMfI=' 'sha256-0+YoMtIFhTMNz8UEIMKkPZv/ivTu0ON01rZU9Xh0zGw=' 'sha256-ATTCE/zHudFqF9Y9jHzAUC1lmyE7f86q6aoqC/6c6U8=' 'self' 'nonce-7bf17e6b3c6c8104e25bfa6f387119c4' 'sha256-r5xutiab4KTmYLooatnYr9fDiEXoLol7Y2uGquCBJtY=' 'sha256-wG62HSCW15AvdDKJZDpKpEwgOrHtdjYEoSlzNIO74ls=' 'sha256-yesyhxQs/MxWbnMcLu1Ujl9D4IBr9sD+qbV1tVMY6Ko=' 'sha256-Ru+d/+1U04sx9gtyKNNATTUZWPxvL/3n4vcZ2byRA7k=' 'sha256-t+Hgtk8j37GNuJChq7VcjYRCus1g7dMM0o1wmo616mY=' 'sha256-zWbjMSPA3WVtIZdI2IlyN9b9SelFbYlTOHhC3ARBm14=' 'sha256-hnbC4VL+O4TwiocYHgE10D4g+is0n5T5Nxjuj0Oyd3k=' calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;font-src 'self' data: calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;frame-ancestors 'self' ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;form-action 'self' ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net;object-src 'none';connect-src 'self' blob: calendly.com *.calendly.com *.amplitude.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.ads-twitter.com *.doubleclick.net *.youtube.com *.facebook.net *.facebook.com *.livechatinc.com *.bugsnag.com d2wy8f7a9ursnm.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com ajax.cloudflare.com clarity.ms *.clarity.ms ganttpro.com *.ganttpro.com ganttpro.azureedge.net ganttpro-services.azurewebsites.net ganttpro.cloudflareaccess.com ganttprowesteu.blob.core.windows.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat google.com;upgrade-insecure-requests 1
frame-ancestors 'self' panther.com *.panther.com app.folloze.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline'       https://analytics.twitter.com      https://api.datatrics.com      https://assetscdn-wchat.freshchat.com      https://bat.bing.com      https://c.clarity.ms      https://cdn.mouseflow.com      https://chimpstatic.com      https://connect.facebook.net      https://cdn.mouseflow.com      https://ct.pinterest.com      https://data.kameleoon.io      https://dynamic.criteo.com      https://fledge.eu.criteo.com      https://fonts.googleapis.com      https://googleads.g.doubleclick.net      https://gum.criteo.com      https://maps.googleapis.com      https://maps.gstatic.com      https://measurement-api.criteo.com      https://p.clarity.ms      https://pagead2.googlesyndication.com      https://region1.analytics.google.com      https://region1.google-analytics.com      https://s.pinimg.com      https://sc-static.net      https://script.hotjar.com      https://snippets.freshchat.com      https://static.ads-twitter.com      https://static.hotjar.com      https://static.kameleoon.com      https://stats.g.doubleclick.net      https://sslwidget.criteo.com      https://t.co      https://td.doubleclick.net      https://tpc.googlesyndication.com      https://tr.datatrics.com      https://tr.snapchat.com      https://wchat.freshchat.com      https://www.clarity.ms      https://www.facebook.com      https://www.google.com      https://www.google.nl      https://www.google-analytics.com      https://www.googleadservices.com      https://www.googletagmanager.com      https://www.gstatic.com      https://www.mollie.com      https://www.youtube.com      https://squeezely.tech       https://api.smulderstextiel.nl       https://beheer.smulderstextiel.nl       https://static.smulderstextiel.nl       https://static.smulderstextiel.be       https://static.smulderstextiles.be       https://static.smulderstextiles.fr       https://www.smulderstextiel.nl       https://www.smulderstextiel.be       https://www.smulderstextiles.be        https://www.smulderstextiles.fr       https://www.smulderstextiles.com      https://ybcb728h6d.kameleoon.eu/kameleoon.js      https://8o0oimi6gl.kameleoon.eu/kameleoon.js      https://19ioe2nlda.kameleoon.eu/kameleoon.js      https://kzb464zpgv.kameleoon.eu/kameleoon.js;            frame-ancestors 'self'       https://app.kameleoon.com       https://kameleoon.com       https://www.kameleoon.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dewebmakers.nl *.google-analytics.com *.googleapis.com *.googletagmanager.com api.salesfeed.com *.googleadservices.com *.facebook.net *.doubleclick.net *.cloudflare.com cdn.leadinfo.net *.seranking.com https://monitor.fraudblocker.com https://cdn-cookieyes.com; object-src *; style-src 'self' 'unsafe-inline' *.dewebmakers.nl cdn.leadinfo.net seomator.com fonts.googleapis.com; img-src * data:; media-src *; frame-src *; font-src *; connect-src * 1
default-src 'self' data: 'unsafe-inline' *.linkedin.com *.nkolay.com *.aktifbank.com.tr *.doubleclick.net *.google.com.tr *.maps.googleapis.com *.googleapis.com *.googleoptimize.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-eval'  'unsafe-inline' *.aktifbank.com.tr *.nkolay.com *.maps.googleapis.com *.googleapis.com *.cloudflare.com *.efilli.com *.google-analytics.com *.google.com.tr *.google.com *.googleoptimize.com *.gstatic.com  *.facebook.com  *.facebook.net *.fbcdn.net  *.linkedin.com *.googletagmanager.com; style-src 'self' 'unsafe-inline' *.aktifbank.com.tr *.linkedin.com *.nkolay.com *.googleoptimize.com *.googleapis.com 1
frame-ancestors 'self' analytics.catholica.va; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.youtube-nocookie.com https://d.agkn.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://irazor.stage.gillette.co.uk https://insight.adsrvr.org/track/up https://match.adsrvr.org https://tr6.snapchat.com https://pandg.tapad.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://*.odicci.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://www.google.co.uk https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://lime.cdncontentdelivery.com https://www.tp88trk.com https://tr.snapchat.com https://*.sjv.io https://analytics.tiktok.com https://*.contentsquare.net https://*.odicci.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://hello.myfonts.net https://campaign.odicci.com; form-action 'self' https://www.facebook.com https://www.gillette.co.uk https://gillette.co.uk https://m.gillette.co.uk https://checkout.gillette.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://code.jquery.com https://geolocation.onetrust.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://*.odicci.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://hello.myfonts.net https://pghub.io https://campaign.odicci.com https://maxcdn.bootstrapcdn.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' data: https://dc.services.visualstudio.com/v2/track; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com dl.episerver.net https://www.google.com https://www.gstatic.com *.msecnd.net/ *.matomo.cloud *.plausible.io *.googletagmanager.com *.siteimproveanalytics.com https://siteimproveanalytics.com/js/  https://cdn.siteimprove.net *.arcgis.is https://storymaps.arcgis.com/stories/ https://js.monitor.azure.com/scripts/ *.optimizely.com https://app.powerbi.com *.skyra.no https://cdn.jsdelivr.net/npm/ https://policy.app.cookieinformation.com; style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/npm/ https://www.googletagmanager.com/debug/badge.css; img-src 'self' blob: data: *.openstreetmap.org https://services.geodataonline.no/ https://lovdata.no *.siteimproveanalytics.io/ *.miljodirektoratet.no https://p-tursti-cdne.azureedge.net/ https://t-tursti-cdne.azureedge.net/ https://www.googletagmanager.com https://nasjonaleturiststier.no https://storymaps.arcgis.com; connect-src * 'self' blob: my2.siteimprove.com id.siteimprove.com pui.episerver.net *.visualstudio.com *.plausible.io *.miljodirektoratet.matomo.cloud *.miljodirektoratet.no *.vannportalen.no *.optimizely.com  https://app.powerbi.com *.skyra.no *.arcg.is *.experience.arcgis.com/ https://www.miljodirektoratet.no/ https://consent.app.cookieinformation.com/api/consent https://policy.app.cookieinformation.com/*; font-src 'self' fonts.gstatic.com hello.myfonts.net *.cloudfront.net; object-src 'none'; ; media-src 'none'; ; frame-src 'self' *.miljodirektoratet.no https://www.youtube-nocookie.com/ https://www.google.com https://app.powerbi.com/ https://storymaps.arcgis.com https://play.libsyn.com *.libsyn.com *.experience.arcgis.com/ *.arcg.is https://arcg.is/ https://experience.arcgis.com/ https://kart.barentswatch.no/ https://miljoatlas.miljodirektoratet.no *.video.qbrick.com  https://player.vimeo.com/video/ https://policy.app.cookieinformation.com/ ; child-src 'self' ; form-action 'self' ; frame-ancestors 'self' https://www.miljodirektoratet.no/ https://dsa.no/ https://dsa.no/ https://storymaps.arcgis.com; base-uri 'self' ; 1
frame-ancestors 'self' https://resideo.ziftone.com/ https://proportal.resideo.com/ https://pro.resideo.com/ https://resideostaging.staging.ziftone.com/ https://resideo.netdimensions.com/ https://deploy-preview-437--resideo-pro.netlify.com/ https://fxm/ https://resideo-pro-perks.my-rewardsonline/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ads-twitter.com *.adyen.com *.agilone.com *.algolia.net *.algolianet.com *.analytics.google.com *.api.bazaarvoice.com *.attentivemobile.com *.attn.tv *.bazaarvoice.com *.bing.com *.bounceexchange.com *.bouncex.net *.cdnbasket.net *.cdnwidget.com *.collect.igodigital.com *.contentsquare.net *.criteo.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.g.doubleclick.net *.ggpht.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googleusercontent.com *.gstatic.com *.igodigital.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.liadm.com *.mag.bazaarvoice.com *.monetate.net *.nextdoor.com *.nr-data.net *.onetrust.com *.pepperjam.com *.pinimg.com *.pinterest.com *.revlifter.io *.rsa3dsauth.co.uk *.scene7.com *.securesuite.co.uk *.smarterhq.io *.snapchat.com *.staging.bigcontent.io *.studentbeans.com *.truefitcorp.com *.twitter.com *.ventrica.io *.wknd.ai *.zdassets.com *.zendesk.com *.zopim.com ad.doubleclick.net ade.googlesyndication.com algolia.net algolianet.com analytics.tiktok.com api.addressy.com api.official-coupons.com api.official-deals.co.uk app.contentsquare.com bid.g.doubleclick.net clarks.a.bigcontent.io cdn.c1.amplience.net cdn.cookielaw.org cdn.media.amplience.net cdn.static.amplience.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com clarkscs.zendesk.com cloud.email.clarks.com cookie-cdn.cookiepro.com edgeshoppingstatic.azureedge.net ekr.zdassets.com ekr.zendesk.com fonts.googleapis.com insights.algolia.io int-ds-shared-1.monetate.org js-agent.newrelic.com kargo.clarks.com localhost:2323 marketer.monetate.net pay.google.com pippio.com *.experticity.com *.expertvoice.com private-media-node12.s3.eu-west-1.amazonaws.com res.cloudinary.com sc-static.net static.zdassets.com t.co t.contentsquare.net t.paypal.com t.pepperjamnetwork.com tagmanager.google.com td.doubleclick.net the.sciencebehindcommerce.com tr2.smarterhq.io v2assets.zopim.io zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com wss://clarkscs.zendesk.com www.ascendpartner.com www.awin1.com *.clarity.ms www.dwin1.com www.googleadservices.com www.paypal.com www.paypalobjects.com www.sandbox.paypal.com www.upsellit.com www.youtube.com youtube.com *.global-e.com *.bglobale.com https://www.clarks.co.uk/assets/ https://www.clarksusa.com/assets/ https://google.com/pay *.kaptcha.com x.bidswitch.net ib.adnxs.com dis.criteo.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com hb.yahoo.net c1.adform.net cm.adform.net visitor.omnitagjs.com r.casalemedia.com id5-sync.com ad.360yield.com matching.ivitrack.com exchange.mediavine.com jadserve.postrelease.com sync.outbrain.com simage2.pubmatic.com match.sharethrough.com criteo-partners.tremorhub.com ad.yieldlab.net sync-criteo.ads.yieldmo.com e1.emxdgt.com ib.adnxs.com dpm.demdex.net gum.criteo.com beacon.krxd.net *.smooch.io metatest.clarks.com metaevents-1p.stitcherads.com kargo.clarks.com metaevents.stitcherads.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws https://bff.prod.aws.clarks.com/graphql cognito-idp.eu-west-1.amazonaws.com https://www.clarks.com https://preview.clarks.com; worker-src blob:; font-src 'self' data: fonts.gstatic.com; frame-ancestors 'self'; upgrade-insecure-requests ; 1
frame-ancestors 'self'; frame-src 'self' https://*.mathilde-ads.com https://*.google.com https://*.google.com.co https://www.youtube.com https://td.doubleclick.net; default-src 'self'; script-src 'report-sample' 'self' https://d3kc4ryc0t7x4f.cloudfront.net https://ajax.googleapis.com https://cdn.jsdelivr.net https://*.hotjar.com https://*.browseranalytic.com https://www.gstatic.com https://*.google.com https://*.google.com.co https://*.mathilde-ads.com https://www.bancopopular.com.co https://*.facebook.net https://googleads.g.doubleclick.net https://*.doubleclick.net https://service.maxymiser.net https://tags.tiqcdn.com https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://opensheet.elk.sh https://*.mathilde-ads.com https://*.hotjar.io wss://ws.hotjar.com https://pagead2.googlesyndication.com https://analytics.google.com https://www.google-analytics.com https://www.bancopopular.com.co https://www.google.com https://www.google.com.co https://stats.g.doubleclick.net; img-src 'self' https://*.mathilde-ads.com https://www.google-analytics.com https://*.doubleclick.net https://www.bancopopular.com.co https://cs.mathilde-ads.com https://emailbancopopular.com.co https://www.facebook.com https://www.google.com https://www.google.com.co https://www.googletagmanager.com; report-uri https://64da77d985fc03c44f1c0960.endpoint.csper.io/?v=0; style-src 'report-sample' 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://d3kc4ryc0t7x4f.cloudfront.net; font-src 'self' https://fonts.gstatic.com; 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://internetcomputer.matomo.cloud https://cdn.matomo.cloud https://widget.kapa.ai https://www.google.com https://www.gstatic.com;connect-src 'self' https://*.ic0.app https://ic0.app https://icp0.io https://*.icp0.io https://internetcomputer.matomo.cloud https://cdn.matomo.cloud ic-api.internetcomputer.org mxzaz-hqaaa-aaaar-qaada-cai.raw.ic0.app https://data.jsdelivr.com https://cdn.jsdelivr.net https://kapa-widget-proxy-la7dkmplpq-uc.a.run.app;img-src 'self' data: https:;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src * data:;object-src 'none';base-uri 'self';frame-src https://motoko.agorapp.dev https://www.google.com https://internetcomputer.matomo.cloud https://www.youtube.com;frame-ancestors https://internetcomputer.matomo.cloud;form-action 'self' https://dfinity.us16.list-manage.com https://internetcomputer.org;upgrade-insecure-requests; 1
default-src 'self' *; img-src 'self' * data:; style-src 'self' 'unsafe-inline' *; form-action 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; media-src 'self' * 1
frame-ancestors *.procore.com https://app.contentful.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://chatbot2.postbank.bg/api/fonts/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chatbot2.postbank.bg/api/js/chat.js; img-src 'self' data:; frame-src 'self' https://chatbot2.postbank.bg/api/chat.html; connect-src 'self' https://localhost:53952/; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-sclotusinnline' linkhay.com vscc-hosting.mediacdn.vn static.trunkpkg.com *.mediacdn.vn *.cnnd.vn eshop-api.todo.vn eshop.bizfly.vn static.sourcetobin.com platform.twitter.com connect.facebook.net cdn.syndication.twimg.com *.sohatv.vn *.admicro.vn contineljs.com *.contineljs.com *.genmonet.com genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn *.lotuscdn.vn *.lotus.vn static.amcdn.vn deqik.com imasdk.googleapis.com; child-src 'self' lotus.vn *.lotus.vn *.mediacdn.vn *.cnnd.vn linkhay.com *.sohatv.vn sport5.vn sport5.cnnd.vn blob: *.admicro.vn *.youtube.com *.facebook.com *.twitter.com twitter.com *.youtu.be www.instagram.com instagram.com contineljs.com *.contineljs.com genmonet.com *.genmonet.com cdnstoremedia.com *.cdnstoremedia.com amcdn.com *.amcdn.com nanda.vn *.nanda.vn; form-action 'self' *.cnnd.vn wechoice.vn  *.wechoice.vn syndication.twitter.com platform.twitter.com lotus.local challenge.lotus.vn challengedev.todo.vn; object-src 'self'; media-src 'self' blob: *.lotuscdn.vn kenh14cdn.com *.sohatv.vn; 1
frame-src self youtube.com www.youtube.com https://www.googletagmanager.com www.googletagmanager.com https://www.facebook.com https://www.google.com *.prismic.io https://player.vimeo.com/ https://client-registry.mutinycdn.com http://info.arcadia.com/ https://td.doubleclick.net/ hemsync.clickagy.com https://insight.adsrvr.org/; frame-ancestors self localhost:9999 https://*.prismic.io/ 1
default-src data: filesystem: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://*.azurewebsites.net https://*.jwevent.org https://cdn.jwevent.org https://specialconventiondev.blob.core.windows.net https://*.jw-api.org https://code-a.akamaihd.net https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://ipinfo.io https://cdnjs.cloudflare.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com https://www.qantas.com https://*.jwevent.org; img-src * data: filesystem: blob:; 1
default-src 'self' 'unsafe-inline' *.ioam.de data-aac883f83b.offiziellecharts.de 1
default-src 'self' wss: https: data: 'unsafe-eval' 'unsafe-inline' 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; img-src * data: blob:; style-src 'self' 'unsafe-inline' https://assets.dcube.cloud/ https://cdn-images.mailchimp.com/ https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.typekit.net/ https://ltfl.librarything.com/ https://www.librarything.com/ https://assets.wogaa.sg/ https://p.typekit.net https://poly-webchat.vica.gov.sg https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com; font-src 'self' data: https://cdnjs.cloudflare.com https://ka-f.fontawesome.com https://use.typekit.net https://maxcdn.bootstrapcdn.com fonts.gstatic.com 'unsafe-inline'; frame-src 'self' http://eresources.nlb.gov.sg/webarchives/ https://www.powtoon.com/embed/ https://jointpoly-dev-app.12bd6ofzwxr4.us-south.codeengine.appdomain.cloud/tp/ https://jointpoly-uat-app.12j34gqapo5v.us-south.codeengine.appdomain.cloud/tp/ https://pcmap-tp.netlify.app/ https://td.doubleclick.net/ https://temasekpolytechnic.wufoo.com/ https://content.googleapis.com/ https://drive.google.com/ https://www.instagram.com/ https://flipbookpdf.net/ https://www.flipbookpdf.net/ https://momento360.com/ https://wogaa.demdex.net/ https://ltfl.librarything.com/ https://temasekpolytechnic.demdex.net/ https://www.facebook.com/ https://jointpoly-prd.mybluemix.net/ https://temasekpoly-prd.mybluemix.net/ https://cetchatbot-dev.azurewebsites.net/ https://siichatbot-dev.azurewebsites.net/ https://www.google.com/ *.youtube.com https://12053952.fls.doubleclick.net/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/; script-src 'self' http://eresources.nlb.gov.sg/webarchives/ https://cdn.lordicon.com/ https://www.google.com/ https://www.google.com.sg/ https://www.us14.list-manage.com/ https://s3.amazonaws.com/downloads.mailchimp.com/ https://ads-engagement.presage.io/ https://www.presage.io/ https://static.wufoo.com/ https://secure.wufoo.com/ https://content.googleapis.com/ https://www.instagram.com/ https://unpkg.com/ https://app-script.monsido.com/ https://cdn.jsdelivr.net/ https://poly-webchat.vica.gov.sg/ https://connect.facebook.net/ https://snap.licdn.com/ *.googletagmanager.com https://assets.dcube.cloud/ *.youtube.com *.adobedtm.com https://www.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://app-script.monsido.com https://heatmaps.monsido.com https://www.google.com/pagead/conversion_async.js https://assets.wogaa.sg/ https://analytics.tiktok.com/ https://jointpoly-prd-app.12j3temcrbtf.us-south.codeengine.appdomain.cloud/ https://unbound.syndetics.com https://ltfl.librarything.com/ https://lgapi-au.libapps.com/ https://code.jquery.com https://kit.fontawesome.com 'unsafe-inline' 'unsafe-eval' ; object-src 'self' 1
frame-ancestors app.storyblok.com 1
base-uri 'self';connect-src 'self' https://*.hearnow-cdn.com site-stats.hearnow.com https://api.spotify.com https://api.found.ee https://api.recurly.com https://stckjs.stackify.com https://rum.stackify.com *.cookieyes.com cdn-cookieyes.com;default-src 'self' https://api.recurly.com;font-src 'self' https://*.hearnow-cdn.com fonts.gstatic.com;form-action 'self' https://auth.cdbaby.com;frame-src 'self' site-stats.hearnow.com mailto: https://open.spotify.com https://accounts.spotify.com https://api.recurly.com;img-src 'self' https://*.hearnow-cdn.com site-stats.hearnow.com data: https://open.scdn.co https://www.gstatic.com cdn-cookieyes.com;media-src 'self' content.cdbaby.com;object-src 'none';script-src 'self' 'nonce-8dKDksTnMZEIcRSDbucKEEejQEjvachh' https://*.hearnow-cdn.com site-stats.hearnow.com https://found.ee/dmp/pixel.js https://*.adnxs.com https://api.recurly.com https://js.recurly.com https://stckjs.stackify.com cdn-cookieyes.com;style-src 'self' 'unsafe-inline' https://*.hearnow-cdn.com https://api.recurly.com https://js.recurly.com fonts.googleapis.com 1
default-src 'self';  connect-src 'self' https://*.doubleclick.net/ https://*.googlesyndication.com/ https://analytics.google.com/ https://api.hubapi.com/ https://forms.hscollectedforms.net/ https://csi.gstatic.com/;  frame-src 'self' https://www.googleadservices.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.google.com/ https://www.youtube.com/;  media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.youtube.com/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://www.googletagservices.com/ http://js.hs-scripts.com/ https://js.hsadspixel.net/ https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://js.hs-banner.com/;  style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://fonts.googleapis.com/;  img-src 'self' blob: data: https://api.eremedia.com/ https://googleads.g.doubleclick.net/ https://*.googlesyndication.com/ http://www.google.com/ https://i.ytimg.com/ https://track.hubspot.com/ https://forms.hsforms.com/ https://www.googletagmanager.com/;  font-src 'self';  object-src 'none';  base-uri 'self';  form-action 'self';  frame-ancestors 'none'; 1
frame-ancestors 'self' http://webvisor.com ardes.bg *.ardes.bg 1
default-src 'self' https://content.ingbank.pl; font-src 'self' https://content.ingbank.pl; style-src 'self' 'unsafe-inline' www.ing.pl https://content.ingbank.pl; img-src 'self' data: https://content.ingbank.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com; frame-src 'self' https://www.google.com https://content.ingbank.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.ingbank.pl www.ing.pl https://content.ingbank.pl adocean-pl.hit.gemius.pl *.google-analytics.com *.googletagmanager.com; object-src 'self' https://content.ingbank.pl; connect-src 'self' https://content.ingbank.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com; frame-ancestors 'self' https://content.ingbank.pl; 1
base-uri 'none'; default-src 'none'; child-src mc.yandex.com/ mc.yandex.md/ mc.yandex.ru/ metrika.yandex.ru/ www.google.com/; connect-src *.dvbank.ru/ bitrix.info/ top-fwz1.mail.ru/ mc.yandex.com/ mc.yandex.md/ mc.yandex.kz/ mc.yandex.ru/ yandexmetrica.com:29010/ yandexmetrica.com:30103/ ymetrica1.com/; font-src 'self' *.dvbank.ru/ data: fonts.gstatic.com/; form-action *.dvbank.ru/; frame-ancestors *.dvbank.ru/;  img-src 'self' *.dvbank.ru/ data: top-fwz1.mail.ru/ mc.yandex.com/ mc.yandex.kz/ mc.yandex.ru/;  media-src data:;  report-uri /violation-report-uri/; report-to csp-report-uri; script-src 'unsafe-eval' 'unsafe-inline' 'self' 'unsafe-inline' *.dvbank.ru/ bitrix.info/ top-fwz1.mail.ru/ mc.yandex.com/ mc.yandex.kz/ mc.yandex.ru/ www.google.com/ www.gstatic.com/;   style-src 'self' 'unsafe-inline' 'unsafe-inline' *.dvbank.ru/;   upgrade-insecure-requests; 1
default-src 'self' *.clarity.ms c.bing.com mediabank.valkenhorst.nl; child-src 'self' js.stripe.com p.travelsmarter.net valkexclusief-virtueletours.nl www.googletagmanager.com www.google.com www.youtube.com www.visitzuidlimburg.nl zien360.nl link.zien360.nl zien360.online *.facebook.com; connect-src 'self' wss: data: api.widget.trengo.eu gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com adservice.google.com www.google.com *.g.doubleclick.net *.facebook.com *.facebook.net *.googleapis.com *.hotjar.com *.hotjar.io *.sovendus.com *.adyen.com *.paypal.com *.klippa.com login.microsoftonline.com analytics.tiktok.com/api/ region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hojar.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com *.clarity.ms *.exponea.com api.exponea.com cdn.linkedin.oribi.io capture.duettoresearch.com www.visitzuidlimburg.nl *.bing.com px.ads.linkedin.com mediabank.valkenhorst.nl https://selfservice.valkenhorst.nl/; img-src 'self' data: ads.creative-serving.com cdn.feedbackify.com gravatar.com onlinedialogue.s3-eu-west-1.amazonaws.com/valk portal.payconiq.com s3.amazonaws.com/fby-form/ i.vimeocdn.com ta-client-assets.s3.amazonaws.com valkexclusief-virtueletours.nl video.jobpromo.nl *.google-analytics.com www.googletagmanager.com www.google.com *.analytics.google.com www.tripadvisor.com www.tripadvisor.de www.tripadvisor.nl aws-tiqets-cdn.imgix.net/images/content/ zien360.nl zien360.online cx.atdmt.com *.g.doubleclick.net *.facebook.com *.facebook.net *.gstatic.com *.google.ae *.google.al *.google.am *.google.at *.google.ba *.google.be *.google.bg *.google.by *.google.ca *.google.ch *.google.ci *.google.cl *.google.co.ao *.google.co.bw *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.ve *.google.co.za *.google.com *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.br *.google.com.co *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.om *.google.com.pa *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.sl *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.gg *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.hu *.google.ie *.google.it *.google.im *.google.iq *.google.is *.google.je *.google.jo *.google.kg *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.ne *.google.nl *.google.no *.google.pl *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.si *.google.sk *.google.sm *.google.sn *.google.sr *.google.st *.google.tn *.google.tm *.google.tt *.ggpht.com *.googleapis.com *.googletraveladservices.com *.fls.doubleclick.net ade.googlesyndication.com *.linkedin.com *.ytimg.com dashboard.umbraco.org our.umbraco.com mediabank.valkenhorst.nl imagebank.valkenhorst.nl *.adyen.com *.paypalobjects.com *.giphy.com trengo.s3.eu-central-1.amazonaws.com www.eenvacaturebij.nl/pixel/ www.visitzuidlimburg.nl script.hotjar.com t.paypal.com analytics.tiktok.com c.bing.com c.clarity.ms cdn.bfldr.com cdn-goproxy.brandfolder-svc.com dbr.dutchbicyclerental.nl cdn.linkedin.oribi.io *.brandfolder.com *.static.widget.trengo.eu *.bing.com; frame-src 'self' js.stripe.com live.tourdash.com loyaltymanager.nl myalbum.com p.travelsmarter.net ts.ticketcounter.nl valkexclusief-virtueletours.nl web-widget.mobility.here.com widget.salonhub.nl widgets.vvvzeeland.nl www.googletagmanager.com s3.eu-west-3.amazonaws.com/omnivr.nl/ www.panowalks.com www.youtube.com www.eenvacaturebij.nl www.werkenbijavifauna.nl www.werkenbijvandervalkhoteltilburg.nl www.werkenbijvandervalkhotelutrecht.nl www.visitzuidlimburg.nl zien360.nl link.zien360.nl zien360.online *.facebook.com *.facebook.net *.hotjar.com *.googlesyndication.com *.google.com *.salonized.com *.sovendus.com vimeo.com *.vimeo.com *.adyen.com *.paypal.com rtsp.me valkexclusief.typeform.com *.signicat.com *.fls.doubleclick.net *.g.doubleclick.net td.doubleclick.net vars.hotjar.com *.visa.com www.securesuite.co.uk www.rsa3dsauth.co.uk *.cardinalcommerce.com *.arcot.com *.americanexpress.com *.wlp-acs.com 3d-secure.pluscard.de acs.touch.tech *.rabobank.nl ps4acs.netcetera-payment.ch secure.dkb.de emv3ds-acs.nccc.com.tw *.3dsecure.no *.viseca.ch foriseu-vbv.mycardplace.com acs2.six-payment-services.com threedomainsecure.pekao24.pl acssbafrica.bankserv.co.za sas.redsys.es sas.mc.redsys.es acs1-3dsecure.cic.fr foriseu-vbv.mycardplace.com www.securesuite.net www.europabank.be www.ebonline.be www.centrum24.pl wirexeu-msc.mycardplace.com vkanalytics.net visa-secure-vdm.ing.de visa-secure-bxl.ing.de visasecure2.consorsbank.de visasecure2.comdirect.de visasecure.sparkassen-kreditkarten.de userapi2.danskebank.com sicher-bezahlen.sparkasse.at service.avengeradblocker.com ps4acs-mc-1.netcetera-payment.ch paiement2.secure.lcl.fr online.citadele.lv mycardsecure.com mc-id-check.firstdata.de mci.acs.sibs.pt mastercardidentitycheck.sparkassen-kreditkarten.de mastercard2.acs.cmbchina.com geschuetztkaufen2.commerzbank.de geschuetztkaufen1.commerzbank.de ecclients.btrl.ro clients.smartsecure.tsys.co.uk:446 channel-cards-html.lloydsbankinggroup.com cacs-v2.icard.com bps.itcardpaymentservice.pl authentication-acs.marqeta.com acs4.privatbank.ua acs2-3dsecure.targobank.de acs2-3dsecure.creditmutuel.fr acs2-3dsecure.cm-cic.com acs2-3dsecure.cic.fr acs2.swedbank.se acs2.sparebank1.no acs2.gpesecure.com acs2.edb.com acs2.3ds.modirum.com acs1-3dsecure.targobank.de acs1-3dsecure.creditmutuel.fr acs1-3dsecure.cm-cic.com acs1.swedbank.se acs1.sparebank1.no acs1.six-payment-services.com acs1.edb.com acs1.3ds.modirum.com acs.swedbank.se acs.six-payment-services.com acs.sibs.pt acs.mercurypaymentservices.it acs.edb.com acs.capitalone.com acs.airplus.com acs.3ds-hanseaticbank.de 3ds-secure.cardcomplete.com 3dspayment.paylife.at 3dspayment.easybank.at 3dsecure-vrp.de 3dsecure.zen.com 3dsecure.slsp.sk 3dsecure.psa.at 3dsecure.nexi.it 3dsecure.monext.fr 3dsecure.mbank.pl 3dsecure.mbank.cz 3ds-a.live.ext.prod.enfuce.com 3ds.vinea.es 3ds.sia.eu 3ds.rpc-raiffeisen.com 3ds.redsys.es 3ds.pkobp.pl 3ds.nexigroup.com *.six-group.com *.bunq.com 3ds-challenge.n26.com *.swisscard.ch *.standardbank.co.za identify.nordea.com *.brandfolder.com *.valkexclusief.nl staging.valk-to-go-shop.pages.dev shop.valk-togo.nl valkexclusief:; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com static.tacdn.com script.hotjar.com https://cdn.jsdelivr.net https://fonts.bunny.net mediabank.valkenhorst.nl; media-src 'self' static.widget.trengo.eu video.jobpromo.nl mediabank.valkenhorst.nl *.brandfolder.com; style-src 'self' 'unsafe-inline' static.tacdn.com fonts.googleapis.com *.google.com *.adyen.com https://fonts.bunny.net mediabank.valkenhorst.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.widget.trengo.eu static.widget.trengo.eu stats.pusher.com/timeline/v4/jsonp/1 js.stripe.com s.ytimg.com marketplace.mobility.here.com player.vimeo.com static.tacdn.com s3.amazonaws.com/fby-form/ widget.salonhub.nl www.googletagmanager.com www.google-analytics.com www.tripadvisor.nl www.youtube.com snap.licdn.com *.facebook.net *.feedbackify.com *.g.doubleclick.net *.googleapis.com *.google.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net *.gstatic.com *.hotjar.com *.klippa.com *.sovendus.com *.adyen.com *.paypal.com *.cdn-apple.com analytics.tiktok.com/i18n/pixel/ static.hotjar.com script.hotjar.com *.clarity.ms onlinedialogue.s3.amazonaws.com *.exponea.com capture.duettoresearch.com www.visitzuidlimburg.nl *.bing.com mediabank.valkenhorst.nl; block-all-mixed-content; report-uri /Api/ContentSecurityPolicyApi/Report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdnjs.cloudflare.com *.sharethis.com *.facebook.net *.googletagmanager.com *.acquia.com *.google-analytics.com *.newrelic.com *.nr-data.net *.yimg.com *.adform.net *.licdn.com *.azureedge.net *.adsrvr.org *.samlassertion *.gstatic.com *.taboola.com *.adobedtm.com *.vimeo.com *.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.sharethis.com *.typekit.net *.samlassertion *.googleapis.com; report-uri /report-csp-violation 1
default-src 'self' https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-NjU1ODUxNjFub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.ftrace.com  https://s2.adform.net  https://track.adform.net  https://2023-lidl-joulukalenteri.vercel.app  https://*.adnami.io  https://*.iltapulu.fi  https://*.gloria.fi  https://*.etlehti.fi  https://*.hyvaterveys.fi  https://*.kodinkuvalehti.fi  https://*.soppa365.fi  https://*.vauva.fi  https://*.iltasanomat.fi  https://*.iltalehti.fi  https://*.telkku.com  https://*.kotikokki.net  https://*.rantapallo.fi  https://*.nettiauto.com  https://*.tori.fi  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.ftrace.com  https://2023-lidl-joulukalenteri.vercel.app; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  https://s2.adform.net  https://track.adform.net  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  https://2023-lidl-joulukalenteri.vercel.app  https://*.adnami.io  https://*.iltapulu.fi  https://*.gloria.fi  https://*.etlehti.fi  https://*.hyvaterveys.fi  https://*.kodinkuvalehti.fi  https://*.soppa365.fi  https://*.vauva.fi  https://*.iltasanomat.fi  https://*.iltalehti.fi  https://*.telkku.com  https://*.kotikokki.net  https://*.rantapallo.fi  https://*.nettiauto.com  https://*.tori.fi; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
frame-ancestors 'self' http://www.1001jogos.pt 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de map.nrw *.google.com *.youtube.com oembed.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net *.tools.lehrer-werden.nrw;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com oembed.com *.youtu.be ytchannelembed.com *.tools.lehrer-werden.nrw;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.vimeo.com *.vimeocdn.com;    frame-src   'self' *.nrw.de map.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be oembed.com ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de *.tools.lehrer-werden.nrw *.vimeo.com *.vimeocdn.com;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net;    media-src *; upgrade-insecure-requests; 1
frame-ancestors 'self'            https://www.hdsr.nl           https://netwerkwaterenklimaat.nl           https://klimaatklaar.nl 1
frame-ancestors 'self' https://*.paperflite.com 1
frame-src 'self' blob: https://*.migrosbank.ch https://io.fusedeck.net/ https://api.onloan.ch/ https://mb.api.onloan.ch/ https://docs.onloan.ch/ https://www.google-analytics.com/ https://*.doubleclick.net/ https://www.googletagmanager.com/ https://services.logismata.ch/ https://cdn.cookielaw.org/ https://cdn.migros.ch/ https://migros-gruppe.jobs/ https://payment.datatrans.biz/ https://www.youtube.com/ https://chat.viseca.ch https://online.serviceocean.com https://www.onlineberatung.ch https://www.coffeeb.com/ https://pv.offerten-rechner.ch/ https://hp.offerten-rechner.ch/ https://gowago.ch/ https://blog.migrosbank.ch/ https://mb.levo-app.ch https://www.google.com; object-src 'none'; frame-ancestors 'self' https://enl.migrosbank.ch https://*.ti8m.ch; 1
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com  https://static.ads-twitter.com https://s.yimg.jp https://cdn.taboola.com https://trc.taboola.com https://d.line-scdn.net https://cdn.smartnews-ads.com https://*.yahoo.co.jp; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com https://pips.taboola.com https://cds.taboola.com https://trc-events.taboola.com https://www.facebook.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://t.co https://analytics.twitter.com https://*.smartnews-ads.com https://*.yahoo.co.jp; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com https://tsdtocl.com/; object-src 'none'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com 'unsafe-inline' https://player.vimeo.com https://www.google-analytics.com https://www.googletagmanager.com https://*.googletagmanager.com; img-src 'self' data: https://images.ctfassets.net https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://player.vimeo.com; object-src 'self'; connect-src 'self' https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com; 1
frame-src 'self' *.schoolssports.com *.socscms.com *.misocs.com *.twitter.com 1
frame-ancestors 'self'; report-uri https://www.muthootfinance.com/report-uri/enforce 1
frame-ancestors 'self'; default-src blob: https: data: *.sprinklr.com wss://*.sprinklr.com *.liveperson.net wss://*.liveperson.net 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-Eg5yn4/HKlmVeCK5N8n39A==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-aKi3YQ3kWeLb81H34MIsfg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' *.ariba.com *.theinstitutes.org https://www.suppliersolutions.com 1
worker-src 'self' https://*.piscapisca.pt blob:; object-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com d.line-scdn.net www.googletagmanager.com www.google-analytics.com connect.facebook.net https://ajax.googleapis.com https://cdn.syndication.twimg.com https://code.jquery.com https://cdn.jsdelivr.net https://www.youtube.com https://analytics.tiktok.com https://www.line-website.com; frame-src 'self' platform.twitter.com social-plugins.line.me staticxx.facebook.com www.facebook.com https://*.google.com https://www.youtube.com https://syndication.twitter.com https://www.tiktok.com; style-src 'self' fonts.googleapis.com https://platform.twitter.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://cdn.jsdelivr.net 'unsafe-inline'; img-src 'self' data: platform.twitter.com https://www.google.com https://www.google.co.jp syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com www.google-analytics.com 7premium.jp https://*.amazonaws.com http://*.amazonaws.com https://image.prd-gen.dam.7andi-gdpf.com https://ssl.google-analytics.com data: https://s3.us-west-2.amazonaws.com blob: 7premium.jp; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; connect-src 'self' https://image.prd-gen.dam.7andi-gdpf.com https://*.amazonaws.com https://www.google-analytics.com https://*.cloudfront.net https://stats.g.doubleclick.net https://analytics.google.com https://analytics.tiktok.com; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src *; media-src *; object-src *; child-src *; frame-ancestors 'self' https://gls-group.com/ https://gls-group.eu/ https://pilot.gls-group.eu/; form-action *; reflected-xss block; upgrade-insecure-requests; 1
base-uri 'self'; default-src 'self' https://*.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://embed.tawk.to https://www.google.com https://www.gstatic.com https://*.cloudfront.net https://*.vimeo.com https://www.google-analytics.com https://*.simplycast.com https://*.simplycast.ca 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' * 'self' data:; font-src *; connect-src 'self' https://*.tawk.to wss://*.tawk.to https://*.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://*.simplycast.com; img-src * 'self' data:; 1
frame-ancestors 'self' https://technocup.proctoring.online; img-src 'self' 'unsafe-inline' data: blob: *; default-src 'self' 'unsafe-inline' *; font-src 'self' data: *; frame-src 'self' https://technocup.proctoring.online https://vk.com https://id.vk.com; script-src 'self' 'unsafe-inline' https://davmedia.cups.online https://vk.com https://vk.ru https://top-fwz1.mail.ru https://mytopf.com https://www.googletagmanager.com https://www.google-analytics.com http://ajax.googleapis.com https://analytics.google.com https://mc.yandex.ru https://lcab.talk-me.ru https://widget.me-talk.ru https://static.me-talk.ru https://static.site-chat.me; style-src 'self' 'unsafe-inline' *; connect-src 'self' https://davmedia.cups.online https://tminio.tech-mail.ru https://vk.com https://vk.ru https://tminio.tech-mail.ru https://minio-stage.tech-mail.ru https://minio-stage.tech-mail.ru https://top-fwz1.mail.ru https://mytopf.com https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://mc.yandex.ru https://static.me-talk.ru https://widget.me-talk.ru wss://widget.me-talk.ru 1
frame-ancestors 'self' *.siv-ams.servebolt.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.weborama.fr *.appboycdn.com *.licdn.com *.redditstatic.com *.pinterest.com *.googlesyndication.com *.magicline.com *.googleapis.com *.woosmap.com *.cookiebot.com connect.getflowbox.com widgets.trustedshops.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.google.de www.gstatic.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net vercel.live connect.facebook.net cdn.vercel-insights.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com sc-static.net *.adform.net metrics.rsggroup.com tr.snapchat.com tr.snapchat.com/config facebook.com *.cloudflare.com analytics.tiktok.com hal9000.redintelligence.net *.zdassets.com *.pinimg.com *.bing.com *.smooch.io; connect-src 'self' data: *.servebolt.cloud *.linkedin.com *.snapchat.com *.bing.com https://facebook.com https://www.facebook.com *.magicline.com *.typekit.net *.googleapis.com *.woosmap.com *.sentry.io www.google-analytics.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net vitals.vercel-insights.com vercel.live *.adyen.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com consentcdn.cookiebot.com tr.snapchat.com tr.snapchat.com/config facebook.com sc-static.net *.adform.net metrics.rsggroup.com analytics.tiktok.com hal9000.redintelligence.net rsg-group.course-api.mysports.com facebook.com com-magicline-tenant-assets-prod.s3.eu-west-1.amazonaws.com *.zdassets.com *.zendesk.com *.pangle-ads.com *.pinterest.com *.braze.eu *.reddit.com *.pusher.com *.redditstatic.com wss://api.smooch.io wss://api.smooch.io/faye; style-src 'self' 'unsafe-inline' *.googleapis.com tagmanager.google.com *.typekit.net *.fontawesome.com; font-src 'self' data: assets.vercel.com fonts.gstatic.com *.typekit.net *.fontawesome.com; img-src 'self' blob: data: *.inlabserving.com *.bidr.io *.reddit.com *.seadform.net *.linkedin.com *.google.es *.google.it *.gstatic.com *.googleapis.com *.woosmap.com *.rsggroup.com ssl.gstatic.com www.gstatic.com *.adyen.com googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com assets.vercel.com b2b.benuta.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com tr.snapchat.com analytics.tiktok.com hal9000.redintelligence.net assets.magicline.com googleadservices.com *.googleadservices.com *.pinterest.com *.bing.com *.cookiebot.com *.zendesk.com *.zdassets.com *.braze.eu; media-src 'self' *.rsggroup.com *.streamabc.net *.typekit.net *.zdassets.com; manifest-src 'self' 1
frame-ancestors *.tostadora.fr *.tostadora.co.uk *.tostadora.com *.tostadora.it *.latostadora.com tostadora.fr tostadora.co.uk tostadora.com tostadora.it latostadora.com www.latostadora.dock:* www.tostadora.fr.dock:* www.tostadora.it.dock:* www.tostadora.co.uk.dock:* www.tostadora.com.dock:* mx.latostadora.dock:*; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ffclub.ru yastatic.net yandex.ru metrika.yandex.ru *.googleapis.com *.gstatic.com www.google-analytics.com www.google.com *.googlesyndication.com googleads.g.doubleclick.net adservice.google.com adservice.google.si adservice.google.ru *.googletagservices.com *.googleadservices.com translate.google.com cdnjs.cloudflare.com cdn.jsdelivr.net st.yandexadexchange.net an.yandex.ru mc.yandex.ru mc.yandex.ua mc.yandex.md mc.yandex.by mc.yandex.fr mc.yandex.kz mc.yandex.com googletagmanager.com *.googletagmanager.com *.google-analytics.com http://www.youtube.com https://www.youtube.com coub.com dl.metabar.ru top-fwz1.mail.ru counter.rambler.ru st.top100.ru kraken.rambler.ru player.vimeo.com rutube.ru; img-src 'self' *.ffclub.ru kraken.rambler.ru yastatic.net *.verify.yandex.ru an.yandex.ru mc.yandex.ru amc.yandex.ru *.yandex.net ad.doubleclick.net *.gstatic.com *.googleapis.com *.google-analytics.com *.googlesyndication.com translate.google.com counter.yadro.ru img.youtube.com i.ytimg.com coubsecure-s.akamaihd.net top-fwz1.mail.ru i.vimeocdn.com counter.rambler.ru data:; font-src 'self' *.ffclub.ru yastatic.net chrome-extension: data: *.gstatic.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com *.hipay.com static.cdn.prismic.io prismic.io https://html2canvas.hertzen.com/dist/html2canvas.min.js www.paypalobjects.com *.paypal.com youtube.com vimeo.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/0c356943/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com https://i.ytimg.com/vi/ http://platform.instagram.com/en_US/embeds.js https://www.instagram.com/embed.js https://graph.facebook.com/v11.0/instagram_oembed https://player.vimeo.com/api/player.js https://player.vimeo.com/ js.stripe.com http://www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com https://yt.zone-secure.net http://www.gstatic.com https://*.attraqt.io https://*.facebook.net/ https://*.teads.tv/ https://*.smartlook.com/ https://*.hotjar.com/ https://*.doubleclick.net https://*.mathtag.com https://*.tiktok.com/ https://*.ttwstatic.com *.attraqt.io *.getflowbox.com *.flbx.io;frame-src 'self' maps.googleapis.com https://player.vimeo.com/ youtube.com www.youtube.com https://www.youtube.com https://i.ytimg.com/vi/ *.prismic.io js.stripe.com www.paypalobjects.com *.paypal.com www.youtube-nocookie.com https://*.doubleclick.net https://*.facebook.net/ https://*.facebook.com/ https://*.hotjar.com/ https://*.mathtag.com https://*.tiktok.com/ *.getflowbox.com *.flbx.io;style-src 'self' 'unsafe-inline' https://i.icomoon.io https://fonts.googleapis.com https://*.ttwstatic.com/;img-src 'self' data: stagingctk.centrakor.com maps.googleapis.com maps.gstatic.com https://www.referenseo.com/ https://i.ytimg.com/vi/ https://storage.sbg.cloud.ovh.net https://centrakor.cdn.prismic.io/ https://i.picsum.photos/ https://i.vimeocdn.com/ maps.googleapis.com maps.gstatic.com *.openstreetmap.org www.paypalobjects.com *.paypal.com storage.gra.cloud.ovh.net *.google.com *.doubleclick.net *.google.fr http://www.google-analytics.com https://www.google-analytics.com https://www.centrakor.com/ https://*.teads.tv/ https://*.facebook.com/ https://*.facebook.net/ https://*.mathtag.com https://images.prismic.io/centrakor/ https://*.s3.rbx.io.cloud.ovh.net https://d2rfa446ja7yzb.cloudfront.net/ *.getflowbox.com *.flbx.io;font-src 'self' data: fonts.googleapis.com https://i.icomoon.io https://fonts.gstatic.com;connect-src 'self' maps.googleapis.com https://noembed.com https://graph.facebook.com/v11.0/instagram_oembed https://graph.facebook.com/v11.0/instagram_oembed/ https://graph.instagram.com/ https://vimeo.com/api/ www.paypalobjects.com *.paypal.com *.analytics.google.com *.doubleclick.net https://www.google-analytics.com https://*.teads.tv/ https://*.facebook.net/ https://*.googleadservices.com *.google.fr https://*.facebook.com/ https://*.smartlook.com/ https://*.smartlook.cloud/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ *.attraqt.io *.getflowbox.com *.flbx.io https://fr.adminzone-secure.net/;base-uri 'self';media-src 'self' data: *.flbx.io;report-uri /csp/report 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self' https://uui-alaska.com/ https://*.uui-alaska.com/ https://unicom-alaska.com/ https://*.unicom-alaska.com/; form-action 'self'; object-src 'none'; 1
default-src 'none'; img-src 'self' https://amazonwebservices.d2.sc.omtrdc.net https://cm.everesttech.net https://dpm.demdex.net https://aws.demdex.net https://a0.awsstatic.com/ https://*.mrc-sunrise.marketing.aws.dev data:; script-src 'self' 'unsafe-inline' https://a0.awsstatic.com/ https://d2c.aws.amazon.com/ https://*.mrc-sunrise.marketing.aws.dev ; font-src 'self' data:; media-src 'self' https://*.mrc-sunrise.marketing.aws.dev; style-src 'unsafe-inline' https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js 'self'; object-src 'none'; frame-src 'self' https://aws.demdex.net https://dpm.demdex.net data:; connect-src 'self' https://amazonwebservices.d2.sc.omtrdc.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://*.shortbread.aws.dev https://cm.everesttech.net https://vs.aws.amazon.com https://spot-bid-advisor.s3.amazonaws.com/spot-advisor-data.json https://aws.demdex.net https://dpm.demdex.net https://d1qsjq9pzbk1k6.cloudfront.net https://b0.p.awsstatic.com https://d2i2o7lgog0p0i.cloudfront.net/Prod/LogReactUIErrors https://hlwafrg42d.execute-api.us-east-1.amazonaws.com/prod/ https://aws.amazon.com https://csml-prc-prod.us-west-2.api.aws/prc/csml/logging https://dzzn6wbl7e9ou.cloudfront.net/ https://d3knqfixx3sbls.cloudfront.net/ https://dnd5zrqcec4or.cloudfront.net/Prod/v2/saveAs https://7bena91p37.execute-api.us-west-2.amazonaws.com/Prod/v1/graphql https://console.aws.amazon.com/aperture/feedback/render https://*.aperture-public-api.feedback.console.aws.dev https://d3pv0p0lgn4sbz.cloudfront.net https://d1cec4jo95y6k9.cloudfront.net https://d2c.aws.amazon.com/ https://d37oee5zp73e2j.cloudfront.net https://*.mrc-sunrise.marketing.aws.dev wss://*.transport.connect.us-east-1.amazonaws.com https://drm74kn5i7.execute-api.us-west-2.amazonaws.com/prod/pec/monitoring/logging ; 1
default-src 'none'; img-src 'self'; script-src 'none'; style-src 'self' 'unsafe-inline'; object-src 'self' blob:; media-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.predictive.dev maps.googleapis.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.google-analytics.com *.googleadservices.com *.google.co.th *.youtube.com *.doubleclick.net *.s3.ap-southeast-1.amazonaws.com *.roddonjai.com *.cloudflare.com *.cookieplus.com connect.facebook.net analytics.tiktok.com cdn-cmp.predictive.dev https://cdn.ckeditor.com https://cke4.ckeditor.com *.creativecdn.com gtm-m7drzknd-zja4m.uc.r.appspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.predictive.dev maps.googleapis.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleoptimize.com *.google-analytics.com *.googleadservices.com *.google.co.th *.youtube.com *.doubleclick.net *.s3.ap-southeast-1.amazonaws.com *.roddonjai.com *.cloudflare.com *.cookieplus.com connect.facebook.net analytics.tiktok.com cdn-cmp.predictive.dev https://cdn.ckeditor.com https://cke4.ckeditor.com *.creativecdn.com gtm-m7drzknd-zja4m.uc.r.appspot.com; img-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.doubleclick.net connect.facebook.net analytics.tiktok.com *.cookieplus.com data: *.roddonjai.com *.s3.ap-southeast-1.amazonaws.com *.google.co.th *.bopsandbox2.com *.tconfirmtest.com blob: data: *.google.com *.youtube.com https://cdn.ckeditor.com; frame-ancestors https://touch.ttbdirect.com *.tau2904.com *.roddonjai.com *.doubleclick.net bytedance: sslocal:; form-action 'self' *.ttbbank.com; 1
upgrade-insecure-requests; object-src 'none'; base-uri 'self'; frame-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; 1
frame-ancestors https://*.fxiaoke.com/ https://tongji.baidu.com/ 1
upgrade-insecure-requests; report-uri https://o6032.ingest.sentry.io/api/4505803005755392/security/?sentry_key=970f6f812c7e8254217ce59aa01bce69; frame-ancestors 'self'; default-src 'none'; script-src https: 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' *.appcues.com *.appcues.net bat.bing.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net edge.fullstory.com googleads.g.doubleclick.net grow.clearbitjs.com/api/pixel.js maps.googleapis.com player.vimeo.com snap.licdn.com ws.zoominfo.com/pixel/613e89da96cf45001cc32050 rs.fullstory.com www.clickcease.com/monitor/stat.js www.google-analytics.com www.googleoptimize.com www.googletagmanager.com; style-src https: 'report-sample' 'self' 'unsafe-hashes' 'unsafe-inline' *.appcues.com *.appcues.net cdnjs.cloudflare.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src https: 'self' *.appcues.com *.appcues.net *.google.com *.googlesyndication.com *.intentiq.com api.segment.io cdn.linkedin.oribi.io cdn.segment.com connect.facebook.net edge.fullstory.com maps.googleapis.com monitor.clickcease.com rs.fullstory.com www.facebook.com www.google-analytics.com www.google.com.au wss://*.appcues.com wss://*.appcues.net; font-src https: data: 'self' cdnjs.cloudflare.com fonts.gstatic.com; frame-src https: 'self' *.appcues.com player.vimeo.com www.facebook.com; img-src https: 'self' data: cdnjs.cloudflare.com cm.g.doubleclick.net d.adroll.com maps.googleapis.com maps.gstatic.com px.ads.linkedin.com rc.rlcdn.com rs.fullstory.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.com.au x.bidswitch.net; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
Script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://kit.fontawesome.com/2f33f11a4a.js https://cdn.jsdelivr.net/npm/sweetalert2@11 https://assets.ipzmarketing.com facebookexternalhit/1.1 facebookexternalhit/1.1 http://www.facebook.com/externalhit_uatext.php facebookcatalog/1.0  https://graph.facebook.com https://partner.googleadservices.com https://www.instagram.com https://www.facebook.com https://docs.google.com   https://cdnjs.cloudflare.com https://syndication.twitter.com https://apis.google.com https://platform.twitter.com https://fundingchoicesmessages.google.com https://wwww.fundingchoicesmessages.google.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.laprensalara.com.ve https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://www.analytics.google.com https://www.google.com; default-src 'self' 'unsafe-inline' data: https://fundingchoicesmessages.google.com facebookexternalhit/1.1 facebookexternalhit/1.1 http://www.facebook.com/externalhit_uatext.php facebookcatalog/1.0 https://graph.facebook.com https://analytics.google.com https://www.facebook.com https://csi.gstatic.com https://pagead2.googlesyndication.com https://www.laprensalara.com.ve https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://stats.g.doubleclick.net https://maps.googleapis.com; img-src 'self' 'unsafe-inline' http: https: *.laprensalara.com.ve data: data:  https://www.google-analytics.com https://www.analytics.google.com https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://assets.ipzmarketing.com  https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.cdnfonts.com https://use.fontawesome.com; font-src 'self' data: https://assets.ipzmarketing.com https://fonts.googleapis.com https://fonts.gstatic.com ; frame-src 'self' data: https://laprensalara.ipzmarketing.com/ https://www.google-analytics.com https://www.analytics.google.com https://www.adsensecustomsearchads.com https://www.instagram.com/ https://www.facebook.com https://docs.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://pagead2.googlesyndication.com https://www.youtube.com https://platform.twitter.com https://accounts.google.com https://syndication.twitter.com https://graph.facebook.com facebookexternalhit/1.1 facebookexternalhit/1.1 http://www.facebook.com/externalhit_uatext.php facebookcatalog/1.0; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src * data:; frame-ancestors cms.lcu-internal.com; 1
'self'  https://*.uhc.com https://*.eyesynergy.com 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; object-src 'self'; 1
script-src https://cdnjs.cloudflare.com https://cdn.botframework.com https://code.jquery.com https://cdn.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval' 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/ChromeWebStoreConsumerFeUi/cspreport/allowlist 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-azdjSlZDUjlVdHFVeUJJY05CODdCVS9LQWQvRnJoR0cvN2dOYzEzMnphVT06NGVOZkJYWUlaT2o2blVKNFJ5MVVQVDN5VnBLWHdWL2t5KzVwTVdXU21jWT0=';script-src-elem 'strict-dynamic' 'nonce-azdjSlZDUjlVdHFVeUJJY05CODdCVS9LQWQvRnJoR0cvN2dOYzEzMnphVT06NGVOZkJYWUlaT2o2blVKNFJ5MVVQVDN5VnBLWHdWL2t5KzVwTVdXU21jWT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
frame-ancestors 'self'; connect-src 'self' analytics.google.com www.google-analytics.com leadbooster-chat.pipedrive.com wss://*.pusher.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io *.weglot.com https://webforms.pipedrive.com https://cdn-api.weglot.com https://stats.g.doubleclick.net https://bam.nr-data.net wss://client.relay.crisp.chat https://client.crisp.chat; object-src 'none'; img-src 'self' mgtemplate.wpengine.com dmarcian2022.wpengine.com dmarcian.com via.placeholder.com p.typekit.net analytics.google.com www.googletagmanager.com www.google-analytics.com secure.gravatar.com data: *.gravatar.com *.weglot.com leadbooster-chat.pipedrive.com *.hotjar.com https://www.google.ba/ https://image.crisp.chat https://client.crisp.chat; media-src 'self' ; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.pipedrive.com *.pipedriveassets.com js.pusher.com use.typekit.net ajax.googleapis.com www.googletagmanager.com www.google-analytics.com *.dmarcian.com *.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.us-east-1.pipedriveassets.com https://js-agent.newrelic.com https://client.crisp.chat; style-src 'unsafe-inline' 'self' https://client.crisp.chat; font-src 'self' data: *.typekit.net leadbooster-chat.pipedrive.com https://client.crisp.chat; frame-src 'self' *.youtube.com *.google.com *.pipedrive.com *.dmarcian.com airtable.com vars.hotjar.com; default-src 'self' 1
script-src 'self' 'unsafe-inline' www.googleadservices.com app.perceptivepanda.com js.hsforms.net script.hotjar.com jobs.lever.co res.cloudinary.com youtube.com www.youtube.com js.hs-scripts.com js.hs-banner.com js.hsadspixel.net js.hs-analytics.net js.hsleadflows.net s.adroll.com static.hotjar.com bat.bing.com www.google-analytics.com sleeknotecustomerscripts.sleeknote.com a.quora.com googletagmanager.com www.googletagmanager.com connect.facebook.net ws.zoominfo.com tag.clearbitscripts.com client-registry.mutinycdn.com d.adroll.com j.6sc.co snap.licdn.com x.clearbitjs.com; worker-src 'self' blob:; 1
script-src 'unsafe-inline' 'unsafe-eval' https: https: 'strict-dynamic' 'nonce-Wh5/NjPOZ6nWiehUom66fg=='; default-src 'self' 'unsafe-inline' 'unsafe-eval' viewlicense.adobe.io *.adobe.io *.adobe.com *.youtube-nocookie.com *.linkedin.oribi.io *.googlesyndication.com *.googletagmanager.com *.adroll.com *.addthis.com id.rlcdn.com *.clickagy.com *.hubspotusercontent-na1.net api.ipstack.com googleads.g.doubleclick.net *.googleadservices.com *.linkedin.com public-rest40.bullhornstaffing.com *.softtek.com *.hubapi.com *.hubspotvideo.com web.powerva.microsoft.com *.gstatic.com *.ytimg.com *.vidyard.com softtek.webex.com cdn.jsdelivr.net f.hubspotusercontent30.net *.hubspot.com www.softtek.co api.html5media.info perf-.hsforms.com perf.hsforms.com js.hsforms.net js.hs-scripts.com snap.licdn.com *.google-analytics.com s.adroll.com js.hs-analytics.net js.usemessages.com js.hs-banner.com js.hsadspixel.net no-cache.hubspot.com js.hsleadflows.net p.adsymptotic.com cdn2.hubspot.net forms.hubspot.com api.hubapi.com cta-service-cms2.hubspot.com f.hubspotusercontent20.net track.hubspot.com www.googletagmanager.com app.jobcast.net cp.hubspot.com code.jquery.com unpkg.com cdnjs.cloudflare.com *.softtek.com app.hubspot.com px.ads.linkedin.com cdn2.hubspot.net play.vidyard.com static.hsappstatic.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com d.adroll.com documentcloud.adobe.com connect.facebook.net js.hscta.net no-cache.hubspot.com dsum-sec.casalemedia.com pixel.rubiconproject.com pixel.advertising.com sync.outbrain.com simage2.pubmatic.com eb2.3lift.com sync.taboola.com ads.yahoo.com x.bidswitch.net ib.adnxs.com idsync.rlcdn.com us-u.openx.net www.facebook.com viewlicense.adobe.io sync.ipredictive.com sync.ipredictive.com ups.analytics.yahoo.com sync.tidaltv.com img.webmd.com ds.reson8.com cdn.vidyard.com seg.sharethis.com mpp.vindicosuite.com global.ib-ibi.com b1img.com odr.mookie1.com dp-sync.dotomi.com pixel.prfct.co su.addthis.com aorta.clickagy.com www.linkedin.com cm.g.doubleclick.net *.doubleclick.net pippio.com *.youtube.com maxcdn.bootstrapcdn.com rc.rlcdn.com *.googleapis.com segments.company-target.com image.flaticon.com preview.hs-sites.com testnjjhb.com *.google.com *.click2sync.com www.yotube-nocookie.com e.infogram.com subscription.omnithrottle.com player.vimeo.com www2.jobdiva.com image.flaticon.com reprints2.forrester.com *.pubmatic.com *.reson8.com *.office365.com *.crazyegg.com *.zoominfo.com *.google.com.mx js.zi-scripts.com; worker-src blob:; base-uri 'none'; object-src 'none'; ; upgrade-insecure-requests; 1
frame-ancestors 'self' https://boobyday.com https://preprod.boobyday.com https://payment.morning.cat 1
frame-ancestors 'self' https://insivia.app 1
connect-src 'self' https://px.ads.linkedin.com/ https://cdn.linkedin.oribi.io https://collect.tealiumiq.com/ https://*.acsbapp.com https://bat.bing.com https://adservice.google.com https://cdn.acsbapp.com https://rs.fullstory.com https://edge.fullstory.com https://stats.g.doubleclick.net https://www.google-analytics.com https://tattle.api.osano.com   https://*.hsforms.com https://maps.googleapis.com https://5868ykqcn6-dsn.algolia.net https://my.hy.ly https://*.algolianet.com  https://*.hy.ly https://consent.api.osano.com https://www.facebook.com https://*.bozzuto.com https://ga4-project-bozzuto.bozzuto.com https://www.googleadservices.com https://pagead2.googlesyndication.com/ https://acsbapp.com; default-src 'self'; font-src 'self' data:  https://fonts.gstatic.com https://fonts.googleapis.com https://acsbapp.com https://*.acsbapp.com; frame-src 'self' blob: mailto: sms: tel: data: https://open.spotify.com https://11748100.fls.doubleclick.net/ https://pixel.mathtag.com/ https://www.facebook.com/ https://beacon.hy.ly https://*.hsforms.com https://www.google.com https://www.screencast.com https://sightmap.com https://my.hy.ly https://www.youtube.com/ https://sightmap.com/  https://schedule.tours/ https://cmp.osano.com/ https://td.doubleclick.net/; img-src 'self' https://match.sharethrough.com/  https://cs.lkqd.net/ https://sync.outbrain.com/ https://router.infolinks.com/ https://s-cs.rmp.rakuten.com/ https://pbid.pro-market.net/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://collect.tealiumiq.com/ https://capi.connatix.com/ https://sync.targeting.unrulymedia.com/  https://s.ad.smaato.net/ https://sync.1rx.io/ https://image2.pubmatic.com/ https://ads.stickyadstv.com/ https://ups.analytics.yahoo.com/  https://sync1.intentiq.com/ https://*.linksynergy.com https://browser-update.org https://*.linkedin.com https://px4.ads.linkedin.com https://px.ads.linkedin.com https://pippio.com https://d.agkn.com https://ce.lijit.com  https://eb2.3lift.com https://fei.pro-market.net https://loadm.exelator.com https://sync.bfmio.com https://stags.bluekai.com https://bcp.crwdcntrl.net https://bcp.crwdcntrl.net https://idsync.rlcdn.com https://sync.search.spotxchange.com https://ib.adnxs.com https://pixel.rubiconproject.com https://us-u.openx.net https://simplifi.partners.tremorhub.com https://pixel.tapad.com https://aa.agkn.com https://sync.intentiq.com https://pixel.mathtag.com https://um.simpli.fi https://www.googleadservices.com https://cm.g.doubleclick.net  https://bat.bing.com https://cdn.acsbapp.com https://*.acsbapp.com https://www.google-analytics.com https://www.facebook.com https://www.googletagmanager.com https://*.hs-growth-metrics.com https://api.hubspot.com https://*.hsforms.net https://*.hsforms.com https://lh3.googleusercontent.com https://s3.amazonaws.com https://googleads.g.doubleclick.net https://www.google.co.in https://www.google.com https://i.ytimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.bozzuto.com https://img.youtube.com https://www.google.ca/ https://ad.doubleclick.net https://td.doubleclick.net   https://ad.doubleclick.net/ https://s.amazon-adsystem.com/ https://ga4-project-bozzuto.bozzuto.com/ https://adservice.google.com/ https://sync.taboola.com https://cms.analytics.yahoo.com  data:; object-src 'none'; script-src 'self' http://ww25.skyw.io/ https://tags.tiqcdn.com/  https://collect.tealiumiq.com/ https://www.wufoo.com https://browser-update.org https://skyw.io https://static.oktopost.com https://snap.licdn.com https://cmp.osano.com  https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://*.hy.ly https://*.algolianet.com https://ajax.googleapis.com https://bat.bing.com https://pixel.mathtag.com https://i.simpli.fi https://www.googletagmanager.com https://cdnjs.cloudflare.com https://bat.bing.com/bat.js https://my.hy.ly https://connect.facebook.net https://tag.simpli.fi https://edge.fullstory.com https://acsbapp.com https://*.acsbapp.com https://protect-us.mimecast.com https://www.google-analytics.com/ https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://www.youtube.com/ https://sightmap.com/ https://cdn.jsdelivr.net/algoliasearch/3/algoliasearch.min.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.18.1/moment.min.js https://dni.bozzuto.com https://www.youtube.com/s/player/dac945fd/ www-widgetapi.vflset/ www-widgetapi.js https://js.hsforms.net/ https://cdn.jsdelivr.net https://lcp360.cachefly.net https://browserupdate.org https://tags.tiqcdn.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline'; style-src-elem 'self' https://fonts.googleapis.com 'unsafe-inline'; worker-src 'self' blob:; 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; 1
block-all-mixed-content;frame-ancestors *.gmx.net gmx.net adimg.uimserv.net advideo.uimserv.net www.united-internet-media.de 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://mondaynote.com https://*.mondaynote.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://js.appetize.io https://appetize.io https://fonts.googleapis.com https://fonts.gstatic.com/ https://*.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.stripe.com https://cdnjs.cloudflare.com https://*.widget.cluster.groovehq.com https://cdn.segment.com https://clarity.ms https://cdn2.hubspot.net https://*.hs-analytics.net https://*.hs-scripts.com https://*.hsforms.net https://*.hsforms.com https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hubspotfeedback.com https://feedback.hubapi.com https://*.usemessages.com https://player.vimeo.com https://snap.licdn.com https://snid.snitcher.com https://*.posthog.com; connect-src *; img-src 'self' data: https://site.appetize.io https://appetizeio-static.s3.amazonaws.com https://s3.amazonaws.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com/ https://www.google.ca https://*.google-analytics.com https://www.googletagmanager.com https://*.stripe.com https://c.clarity.ms https://track.hubspot.com https://*.hsforms.com https://c.bing.com https://i.vimeocdn.com https://px.ads.linkedin.com https://www.linkedin.com 1
frame-ancestors https://*.royalcasino.dk 1
img-src 'self' https://*.trkkn.com data: https://maps.gstatic.com/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/ https://fonts.gstatic.com/;default-src 'self' http://localhost:3000/ https://*.trkkn.com/ https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/;font-src 'self' https://*.trkkn.com data: https://fonts.gstatic.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/ https://fonts.gstatic.com/;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.trkkn.com https://maps.googleapis.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/;script-src-attr 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://gtms.trakken.de/ https://fonts.gstatic.com/;upgrade-insecure-requests;base-uri 'self' 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-bIiob8XVuEc+XB8FHEBmuGsXARMH+QP2vMfJOoG4DQiMayn8' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
default-src 'self' www.google-analytics.com; script-src 'self' *.beyondwords.io:* play.vidyard.com pi.pardot.com static.addtoany.com www.googletagmanager.com cookie-script.com ajax.googleapis.com pixel.mathtag.com www.google-analytics.com vidassets.terminus.services  snap.licdn.com tribl.io www.googleadservices.com up.pixel.ad  go.northhighland.com googleads.g.doubleclick.net view.ceros.com 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com static.hotjar.com js-agent.newrelic.com script.hotjar.com bam-cell.nr-data.net online.flippingbook.com d33i2vgywgme2s.cloudfront.net player.vimeo.com youtube.com www.youtube.com/iframe_api *.googletagmanager.com; object-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com use.fontawesome.com; img-src 'self' data:  pixel.sitescout.com wec-assets.terminus.services pixel.mathtag.com www.google.com match.adsrvr.org wec-assets-api.terminus.services www.google.co.in www.google-analytics.com p.adsymptotic.com www.google.com p.adsymptotic.com play.vidyard.com cdn.vidyard.com online.flippingbook.com d17lvj5xn8sco6.cloudfront.net insight.adsrvr.org *.linkedin.com cm.g.doubleclick.net pixel.rubiconproject.com *.yahoo.com *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; media-src 'self' d22tbkdovk5ea2.cloudfront.net:* blob:; frame-src 'self'  view.ceros.com www.youtube.com www.googletagmanager.com go.northhighland.com pixel.sitescout.com pixel.mathtag.com static.addtoany.com bid.g.doubleclick.net play.vidyard.com vars.hotjar.com online.flippingbook.com player.vimeo.com; font-src 'self'  themes.googleusercontent.com use.fontawesome.com; connect-src 'self'  *.beyondwords.io:* d22tbkdovk5ea2.cloudfront.net:* stats.g.doubleclick.net www.google-analytics.com consent.cookie-script.com bam-cell.nr-data.net in.hotjar.com ws26.hotjar.com wss://ws26.hotjar.com online.flippingbook.com fbo-b.flippingbook.com ws28.hotjar.com wss://ws28.hotjar.com player.vimeo.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ; report-uri /report-csp-violation 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.googletagmanager.com https://maps.google.com www.google.com; connect-src 'self' https://region1.google-analytics.com; frame-src 'self' https://maps.google.com www.google.com https://www.youtube.com; 1
frame-ancestors 'self' app.bankid.no; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; img-src 'self' https: data:; font-src 'self' data: 1
default-src 'none'; connect-src https://*.cbmalta.com; font-src 'self'; frame-src 'self'; img-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src https://*.cbmalta.com/program/resources/dummy.pdf; report-uri https://tecnalis.report-uri.com/r/d/csp/enforce/ 1
script-src 'self' ajax.cloudflare.com 'unsafe-inline' 'unsafe-eval' static.cloudflareinsights.com cdn.usefathom.com cdn.matomo.cloud cdn.paddle.com 1.replies.io checkout.paddle.com cdn.ampproject.org public.profitwell.com static.profitwell.com polyfill.io js.sentry-cdn.com browser.sentry-cdn.com; 1
script-src *.fontawesome.com *.highdegree.io *.mapbox.com *.chablivoy.com *.pirolane.com api.ipify.org *.pricespider.com pghub.io ct.pinterest.com s.pinimg.com *.tiktok.com unpkg.com js.braintreegateway.com www.googleadservices.com lightboxapi.azurewebsites.net *.lightboxcdn.com *.adsrvr.org *.ubembed.com s.ytimg.com www.youtube.com platform-api.sharethis.com cdn.cookielaw.org code.jquery.com geolocation.onetrust.com optanon.blob.core.windows.net *.paypalobjects.com *.gstatic.com *.paypal.com *.bazaarvoice.com *.iesnare.com *.ajax.googleapis.com *.google-analytics.com *.googletagmanager.com *.google.com *.bigcommerce.com *.facebook.net *.entrust.net *.getshogun.com *.agkn.com *.addthis.com *.addthisedge.com *.jquery.com *.ravenjs.com *.online-metrix.net *.amazonaws.com *.cloudflare.com *.growsumo.com *.newrelic.com *.nr-data.net *.crazyegg.com *.moatads.com *.cloudfront.net sc-static.net googleads.g.doubleclick.net *.googleapis.com *.tapad.app cdn.segment.com 'self' 'unsafe-eval' 'unsafe-inline'; worker-src blob: 1
frame-ancestors 'self' secure.onpointcu.com; 1
connect-src  www.listarobinson.es; img-src 'self' www.listarobinson.es data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'nonce-QituWGU4SEdvV0xTNEZiTFJCQ0tMcVkxaVBBQWwrTElvTDNZbDZmcXZBYz06ZDVtQlA2cVMxMXU5MkFPaURGcmFhc3A4NzhSeHc1dVk2ZWljNHNDZjhVdz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://px.ads.linkedin.com https://j.6sc.co https://static.hotjar.com https://tag.demandbase.com https://munchkin.marketo.net https://analytics.twitter.com https://t.co https://ws.zoominfo.com https://script.hotjar.com https://secure.adnxs.com https://in.hotjar.com https://maps.google.com https://maps.gstatic.com https://maps.googleapis.com https://s0.wp.com https://my.wpengine.com https://s2.wp.com https://use.typekit.net https://a.omwpapi.com https://a.omappapi.com https://stats.wp.com https://www.google.com https://www.gstatic.com https://tags.clickagy.com https://i.vimeocdn.com https://id.rlcdn.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://static.ads-twitter.com/uwt.js https://static.ads-twitter.com https://s0.wp.com https://a.omappapi.com https://www.google.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://i.vimeocdn.com https://id.rlcdn.com *.vimeocdn.com fonts.googleapis.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://px.ads.linkedin.com https://p.adsymptotic.com https://i.vimeocdn.com https://match.prod.bidr.io https://id.rlcdn.com https://b.6sc.co https://in.hotjar.com https://segments.company-target.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com/ https://px4.ads.linkedin.com https://pixel.wp.com https://a.omappapi.com https://p.typekit.net https://stats.wp.com https://www.google.com.my https://www.google.com https://analytics.twitter.com https://t.co https://aorta.clickagy.com https://sync.crwdcntrl.net https://aa.agkn.com https://cm.g.doubleclick.net https://us-u.openx.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com translate.googleapis.com translate.google.com www.gstatic.com www.googletagmanager.com; connect-src 'self' https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://geolocation.onetrust.com https://px.ads.linkedin.com https://ws.zoominfo.com https://api.company-target.com https://secure.adnxs.com https://c.6sc.co https://598-xvd-020.mktoresp.com https://in.hotjar.com wss://ws3.hotjar.com https://ws3.hotjar.com https://ipv6.6sc.co wss://ws42.hotjar.com https://ws42.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://api.omwpapi.com https://api.omappapi.com https://stats.wp.com wss://ws36.hotjar.com https://ws36.hotjar.com https://a.omappapi.com https://z.omappapi.com https://www.google.com https://vc.hotjar.io wss://ws16.hotjar.com https://ws16.hotjar.com https://cdn.linkedin.oribi.io https://analytics.twitter.com https://t.co https://aorta.clickagy.com https://hemsync.clickagy.com https://ws44.hotjar.com wss://ws44.hotjar.com *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://s0.wp.com https://use.typekit.net https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://i.vimeocdn.com https://id.rlcdn.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://static.ads-twitter.com/uwt.js https://www.google.com; media-src 'self' https://static.ads-twitter.com/uwt.js https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://i.vimeocdn.com https://id.rlcdn.com; frame-src 'self' https://static.ads-twitter.com https://content.castlighthealth.com https://cdn.cookielaw.org https://snap.licdn.com https://px.ads.linkedin.com https://player.vimeo.com https://vars.hotjar.com https://widgets.wp.com https://www.google.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; font-src  'self'  https://use.fontawesome.com https://fonts.gstatic.com/ https://cdnjs.cloudflare.com;        img-src 'self' https://www.google.com https://www.google.co.in https://www.google-analytics.com ; frame-ancestors 'self' https://cms.ocwen.com:9101; frame-src 'self' https://cms.ocwen.com:9101 https://bid.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net ; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com; object-src 'none'; base-uri 'self' https://cms.ocwen.com:9101; form-action 'none'; report-uri https://localhost:7113/csp-report-endpoint; 1
default-src 'self' https://*.userlane.com *.smart-tribune.com https://*.sentry.io; font-src *; frame-src 'unsafe-inline' *; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' *;connect-src 'self' https://*.userlane.com https://*.sentry.io https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://api-gateway.app.smart-tribune.com https://cdn.cookielaw.org https://*.cookiebot.com https://erde-edenred-ucf-proxy.eu.edenred.io https://*.trustpilot.com https://*.xiti.com https://*.pa-cd.com 1
frame-ancestors 'self' https://www.mscbook.com https://checkoutshopper-live.adyen.com https://virtual-tours.msccruises.com; 1
frame-ancestors 'self' https://*.braintreegateway.com https://musthaveideas.co.uk https://*.musthaveideas.co.uk; 1
frame-ancestors https://hd.co.th/ https://www.honestdocs.co/ 'self' 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: 1
frame-src 'self' *.paycomet.com *.sequracdn.com *.sequrapi.com *.soundcloud.com *.facebook.com *.brightcove.net *.google.com *.youtube.com *.vimeo.com http://10.11.12.251 *.criteo.net *.criteo.com *.trustpilot.com *.oct8ne.com *.doubleclick.net *.google.es; 1
frame-ancestors 'self' http://*.dentrodahistoria.com.br https://*.dentrodahistoria.com.br https://*.facebook.com 1
frame-ancestors https://*.trine.edu; 1
base-uri 'self' https://d6tizftlrpuof.cloudfront.net/; connect-src 'self' https://*.minpension.se/ https://*.minpension.se/piwik.php https://lilum.lightsinline.se/; default-src 'none'; form-action 'self'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' https://w.soundcloud.com/ https://e.issuu.com/; img-src 'self' data: https://via.tt.se/ https://*.minpension.se/ https://d6tizftlrpuof.cloudfront.net/ https://ssl.webserviceaward.com/; object-src 'self' https://*.minpension.se/; report-to 'self'; report-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.minpension.se/ https://piwik.minpension.se/piwik.js https://e.issuu.com/ https://ssl.webserviceaward.com/; style-src 'self' 'unsafe-inline' https://*.minpension.se/ https://d6tizftlrpuof.cloudfront.net/ https://ssl.webserviceaward.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.transak.com https://fonts.googleapis.com js.hs-scripts.com 6983209.fs1.hubspotusercontent-na1.net fonts.gstatic.com www.googletagmanager.com www.youtube.com js.usemessages.com js.hs-banner.com js.hsadspixel.net *.hscollectedforms.net js.hs-analytics.net js.hsleadflows.net *.hsforms.net *.hsforms.com js.hsforms.net api.ipify.org api.hubapi.com *.hubspot.com *.google-analytics.com stats.g.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com snap.licdn.com *.linkedin.com p.clarity.ms www.clarity.ms *.cdn-apple.com www.loom.com unpkg.com https://unpkg.com/@lottiefiles/lottie-player@2.0.4/dist/lottie-player.js https://player.vimeo.com *.onetrust.com www.google.com transak-inc.breezy.hr cdn.logr-ingest.com *.logr-ingest.com www.gstatic.com clearbitscripts.com cdn.cookielaw.org *.cookielaw.org *.nicehash.com data: ; img-src data: * ; 1
upgrade-insecure-requests;connect-src 'self' https://our.umbraco.com https://www.google-analytics.com https://analytics.google.com https://ka-f.fontawesome.com https://*.userway.org https://*.doubleclick.net https://*.attn.tv https://*.attentivemobile.com https://*.facebook.com https://cms-route-auhcb5c0hwaqdbcy.z01.azurefd.net;default-src 'self' https://cms-route-auhcb5c0hwaqdbcy.z01.azurefd.net;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://ka-f.fontawesome.com https://*.telerik.com https://*.userway.org https://*.cloudflare.com data: https://cms-route-auhcb5c0hwaqdbcy.z01.azurefd.net;frame-ancestors 'self' https://cms-route-auhcb5c0hwaqdbcy.z01.azurefd.net;frame-src 'self' https://marketplace.umbraco.com https://www.google.com https://www.youtube.com https://*.stripe.com https://*.userway.org https://*.attn.tv https://td.doubleclick.net https://www.facebook.com https://cms-route-auhcb5c0hwaqdbcy.z01.azurefd.net;img-src 'self' https://cdn.jsdelivr.net https://www.gravatar.com https://*.stripe.com https://www.googletagmanager.com https://i.ytimg.com https://cdn.userway.org https://www.google.com https://www.bing.com https://our.umbraco.com https://www.github.com https://github.com https://*.cloudflare.com https://*.facebook.com data: https://cms-route-auhcb5c0hwaqdbcy.z01.azurefd.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://code.jquery.com https://cdn.jsdelivr.net https://*.stripe.com https://*.telerik.com https://cdnjs.cloudflare.com https://*.userway.org https://*.attn.tv https://joinemaillist.musictoday.com https://*.cloudflare.com https://*.mailchimp.com https://*.facebook.net https://*.amazonaws.com https://*.list-manage.com https://*.doubleclick.net data: https://cms-route-auhcb5c0hwaqdbcy.z01.azurefd.net;style-src 'self' 'unsafe-inline' https://*.telerik.com https://*.cloudflare.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://*.userway.org https://*.mailchimp.com data: https://cms-route-auhcb5c0hwaqdbcy.z01.azurefd.net 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MmUzMjI5MWU1NWVkNDA4YzhlZDE3OWYxNzY0NjE4M2Q=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.cbg-meb.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.cbg-meb.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.cbg-meb.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js; style-src 'self' 'unsafe-inline'; frame-src *; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js; media-src *; img-src * data: 1
default-src 'self' https://c.disquscdn.com https://disqus.com; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com https://api.github.com https://disqus.com https://go.disqus.com https://*.disquscdn.com https://www.google-analytics.com https://paulirish.disqus.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com; img-src * 'self' data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://paulirish.com https://fonts.gstatic.com https://firebaseinstallations.googleapis.com https://firebaselogging.googleapis.com https://firebaseremoteconfig.googleapis.com https://www.google-analytics.com https://firebaselogging-pa.googleapis.com; frame-src 'self' https://platform.twitter.com https://accounts.google.com https://jsfiddle.net https://vimeo.com https://player.vimeo.com https://embed.verite.co https://www.youtube.com https://apis.google.com https://disqus.com https://paulirish.wufoo.com; upgrade-insecure-requests; report-uri https://paulirish.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' *www.pertanian.go.id 1
default-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu 'self' 'unsafe-eval' 'unsafe-inline' *.navexglobal.com app.pendo.io cdn.pendo.io data.pendo.io app.eu.pendo.io cdn.eu.pendo.io data.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com; connect-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu 'self' 'unsafe-eval' 'unsafe-inline' wss: *.navexglobal.com navex-be-dev.zoominsoftware.io navex-be-prod.zoominsoftware.io *.truste.com *.newrelic.com *.nr-data.net app.pendo.io data.pendo.io api.feedback.us.pendo.io app.eu.pendo.io data.eu.pendo.io api.feedback.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com app.launchdarkly.com events.launchdarkly.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu cdn.jsdelivr.net iph.zoominsoftware.io www.googletagmanager.com www.google-analytics.com app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com *.truste.com *.newrelic.com *.nr-data.net ajax.googleapis.com data: *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu app.pendo.io cdn.pendo.io data.pendo.io pendo-io-static.storage.googleapis.com pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com *.truste.com *.navexglobal.com ; img-src 'self' data: *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu cdn.pendo.io app.pendo.io data.pendo.io cdn.eu.pendo.io app.eu.pendo.io data.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com *.truste.com *.navexglobal.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com 0jjym5j2w4.execute-api.us-east-1.amazonaws.com navex-be-dev.zoominsoftware.io navex-be-prod.zoominsoftware.io; frame-src *.ethicspoint.com *.ethicspoint.eu *.navexone.eu *.navexglobal.eu *.policytech.eu ethicspoint.eu app.pendo.io portal.feedback.us.pendo.io app.eu.pendo.io portal.feedback.eu.pendo.io player.vimeo.com 'self' 'unsafe-eval' *.navexglobal.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com app.pendo.io cdn.pendo.io app.eu.pendo.io cdn.eu.pendo.io pendo-static-5068799715311616.storage.googleapis.com pendo-static-5176557049217024.storage.googleapis.com pendo-static-5938830502264832.storage.googleapis.com pendo-eu-static-5068799715311616.storage.googleapis.com pendo-eu-static-5176557049217024.storage.googleapis.com pendo-eu-static-5938830502264832.storage.googleapis.com fonts.googleapis.com *.ethicspoint.com *.typekit.net cloud.typography.com; font-src 'self' fonts.gstatic.com ajax.googleapis.com *.typekit.net fonts.gstatic.com; frame-ancestors 'self' app.pendo.io app.eu.pendo.io *.ethicspoint.eu; 1
default-src 'self'; script-src 'report-sample' 'self' data: 'unsafe-inline' https://*.appcues.com https://*.appcues.net https://js-agent.newrelic.com https://beacon-v2.helpscout.net https://connect.facebook.net/en_US/fbevents.js https://go.essentialassessment.com.au/analytics https://pi.pardot.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://player.vimeo.com/api/ https://player.vimeo.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://connect.facebook.net https://assets.calendly.com blob:; style-src 'report-sample' 'self' 'unsafe-inline' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://beacon-v2.helpscout.net; object-src https://beacon-v2.helpscout.net; base-uri 'self' https://docs.helpscout.net; connect-src 'self' https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com *.nr-data.net https://docs.helpscout.net https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com data: blob:; font-src 'self' https://beacon-v2.helpscout.net https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com data: ; frame-src 'self' https://*.appcues.com https://beacon-v2.helpscout.net https://12237382.fls.doubleclick.net https://player.vimeo.com/video/ https://embed.video.com *.google.com https://calendly.com/; img-src 'self' https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ https://www.google.com.au https://www.google.com https://www.google-analytics.com www.google-analytics.com https://i.vimeocdn.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://www.facebook.com data:; manifest-src 'self'; media-src 'self' https://beacon-v2.helpscout.net https://player.vimeo.com; child-src 'self' https://player.vimeo.com/api/ https://player.vimeo.com blob:; worker-src 'self' blob:; 1
frame-ancestors 'self' blob: https://*.gurobi.com; child-src SAMEORIGIN gurobi-dev.flywheelsites.com *.gurobi.com; default-src 'self' gurobi-dev.flywheelsites.com *.gurobi.com 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com data: cdn.plyr.io i.ytimg.com andreasmb.github.io api.lever.co vimeo.com i.vimeocdn.com cdn.linkedin.oribi.io www.google-analytics.com analytics.demandjump.com secure.adnxs.com c.6sc.co ipv6.6sc.co cdn.linkedin.oribi.io *.google-analytics.com analytics.demandjump.com secure.adnxs.com *.6sc.co *.linkedin.com *.adroll.com *.google.com *.facebook.com ipv4.d.adroll.com px.ads.linkedin.com *.6sc.co *.doubleclick.net *.googletagmanager.com a1.b0e8.com cdn.bizible.com cdn.bizibly.com *.hotjar.com *.hotjar.io ws.hotjar.com 181-zys-005.mktoresp.com pagead2.googlesyndication.com; frame-src 'self' https://*.gurobi.com *.marketo.com *.youtube.com *.vimeo.com *.google.com *.brighttalk.com *.hotjar.com static.addtoany.com whova.com calendly.com *.facebook.com *.hsforms.net *.hsforms.com *.statuspage.io 181-zys-005.mktoresp.com td.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gurobi.com *.google.com *.gstatic.com *.google-analytics.com ajax.googleapis.com munchkin.marketo.net *.marketo.com *.googleoptimize.com *.googletagmanager.com *.googleadservices.com cdn.jsdelivr.net *.hotjar.com *.hotjar.io googleads.g.doubleclick.net snap.licdn.com connect.facebook.net static.addtoany.com bat.bing.com *.adroll.com player.vimeo.com *.brighttalk.com *.bc0a.com *.b0e8.com *.6sc.co *.demandjump.com whova.com d1keuthy5s86c8.cloudfront.net *.calendly.com *.hsforms.net *.hsforms.com cdnjs.cloudflare.com *.youtube.com cdn.bizible.com cdn.bizibly.com 181-zys-005.mktoresp.com; 1
frame-ancestors 'self' http://buildertrend.pathfactory.com https://buildertrend.pathfactory.com http://explore.buildertrend.com https://explore.buildertrend.com http://explore.cbusa.us https://explore.cbusa.us https://learn.buildertrend.net 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://c.lytics.io https://cdn.segment.com https://api.ipify.org https://api.lightboxcdn.com https://www.lightboxcdn.com https://lightboxapi.azurewebsites.net https://widget-cdn.rpxnow.com https://z.moatads.com https://s3-us-west-2.amazonaws.com https://ss.click2cart.com https://analytics.tiktok.com https://tr.snapchat.com https://sc-static.net *.cloudfront.net *.agkn.org api.tiles.mapbox.com pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://c.lytics.io https://s3.lightboxcdn.com https://display.ugc.bazaarvoice.com https://maxcdn.bootstrapcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://s3-us-west-2.amazonaws.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://downloads.ctfassets.net assets.ctfassets.net videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org *.click2cart.com https://click2cart.com https://c.lytics.io https://s3.lightboxcdn.com https://40n23zgkic3y-a.akamaihd.net https://px.moatads.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://click2cart.co https://s3.us-west-2.amazonaws.com https://www.google.com https://www.google.hr i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://s3.lightboxcdn.com https://maxcdn.bootstrapcdn.com fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://pandg.tapad.com https://tr.snapchat.com www.youtube.com https://www.youtube-nocookie.com https://click2cart.co feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://www.google.com https://www.googletagmanager.com http://www.google-analytics.com https://www.googleadservices.com https://api.ipify.org https://zn8zst2cvb1znxgeq-bmwna.siteintercept.qualtrics.com https://connect.facebook.net https://www.gstatic.com https://siteintercept.qualtrics.com https://static-na.payments-amazon.com https://ssl.google-analytics.com https://js.stripe.com https://assets.adobedtm.com https://www.paypal.com https://zn9yrhiyy7ikq7gwi-bmwna.siteintercept.qualtrics.com ;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net;font-src 'self' https://fonts.gstatic.com https://use.typekit.net;img-src 'self' data: https://adservice.google.co.in https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://bmw-accessories-configurator.com https://images-na.ssl-images-amazon.com https://images-na.ssl-images-amazon.com https://assets.shopbmwusa.com http://www.google-analytics.com https://googleads.g.doubleclick.net https://www.facebook.com https://www.google.com https://www.google.co.in https://payments.amazon.com https://www.googletagmanager.com https://ssl.google-analytics.com https://shopbmwusa.com https://bmwmotor.122.2o7.net https://cache.miniusa.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://adservice.google.com https://www.paypalobjects.com;connect-src 'self' https://stats.g.doubleclick.net https://assets.shopbmwusa.com https://www.facebook.com https://www.paypal.com https://api.braintreegateway.com https://siteintercept.qualtrics.com https://payments.amazon.com https://apay-us.amazon.com https://www.google-analytics.com https://dpm.demdex.net https://payments.braintree-api.com  https://client-analytics.braintreegateway.com https://bmwgroupusa.mbwwit.com https://analytics.google.com;frame-src 'self' https://bmwna.co1.qualtrics.com https://apay-us.amazon.com https://3864313.fls.doubleclick.net https://www.google.com https://js.stripe.com https://static-na.payments-amazon.com https://8203642.fls.doubleclick.net https://td.doubleclick.net https://checkout.paypal.com https://www.paypal.com https://assets.braintreegateway.com https://www.facebook.com;frame-ancestors 'self' ;media-src 'self' https://assets.shopbmwusa.com; 1
script-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'  1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; img-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; connect-src *; font-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; media-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream:; report-uri *; child-src *; form-action *; frame-ancestors *; object-src *; frame-src *; worker-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' http: https: data: mediastream: blob:; manifest-src *; navigate-to *; base-uri *; upgrade-insecure-requests 1
frame-ancestors 'self' *.rosegal.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.svvsd.org *.twitter.com *.instagram.com *.facebook.com *.googletagmanager.com *.jsdelivr.net *.fontawesome.com *.polyfill.io *.google-analytics.com *.syndication.twimg.com *.newrelic.com *.nr-data.net *.curator.io *.google.com *.gstatic.com *.dialogflow.com *.pagespeed-mod.com unpkg.com *.list-manage.com stvrainnutrition.org *.isitesoftware.com *.calendly.com sibautomation.com *.sendinblue.com *.statuspage.io *.weglot.com *.clarity.ms *.sentry-cdn.com *.spline.design 1
default-src 'self'; media-src http://videos.ctfassets.net/ images.sparhandy.de images.deinhandy.de; script-src bat.bing.com/ eu.b2c.com/ http://fonts.gstatic.com/ http://tr.outbrain.com/ http://www.adcell.de https://*.abtasty.com/ https://*.adform.net/ https://*.amazon-adsystem.com/ https://ad.doubleclick.net https://aggregator.service.usercentrics.eu/ https://amplify.outbrain.com/ https://analytics.tiktok.com/ https://api.aklamio.com https://api.fraud0.com/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://bt.fraud0.com/api/ https://cdn.parcellab.com/ https://cdn.taboola.com https://connect.facebook.net https://*.criteo.com/ https://*.criteo.net/ https://dev.visualwebsiteoptimizer.com/ https://googleads.g.doubleclick.net/ https://iframe.duverkaufst.de https://jsctool.com https://middleware.sparhandy.de/ https://p.teads.tv/ https://pagead2.googlesyndication.com/ https://script.hotjar.com https://secure.pay1.de https://static.hotjar.com https://t.adcell.com/ https://trc.taboola.com/ https://wave.outbrain.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.dwin1.com/ https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com/ https://www.googletagservices.com/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://www.youtube.com/ https://play.google.com/ 'self' 'unsafe-eval' 'unsafe-inline' ws: wss: www.googleadservices.com/pagead/; img-src 'self' data: * editor-assets.abtasty.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ws: * wss: * https://jsctool.com rish.sparhandy.de; font-src https://common-fonts.abtasty.com https://script.hotjar.com https://secure.pay1.de https://themes.googleusercontent.com 'self'; frame-src 'self' ws: * wss: * https://app.usercentrics.eu/ https://cdn.parcellab.com/ https://www.youtube.com/; frame-ancestors 'self' https://app.contentful.com https://www.youtube.com; object-src 'self'; connect-src *.abtasty.com https://aggregator.service.usercentrics.eu/ https://api.usercentrics.eu/ https://app.usercentrics.eu/ https://cdn.parcellab.com/ https://widget.msgp.pl/ https://widgets.trustedshops.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://play.google.com/ 'self' ws: * wss: *; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 1
default-src 'self' ; frame-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.flexiloans.com http://accounts.digitallocker.gov.in https://accounts.digitallocker.gov.in https://adcanopus.go2cloud.org https://adcentmediapvtltd649.o18.click https://admattic.gotrackier.com https://affnads.gotrackier.com https://ak.gotrackier.com https://altiventechnologiespvtltd10106723.o18.click https://api-js.mixpanel.com https://api.digitallocker.gov.in https://apis.sharechat.com https://aqugencloud.com https://blog.idfy.com https://capture.kyc.idfy.com https://cdn.taboola.com https://cdn.invitereferrals.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://secure.adnxs.com https://*.taboola.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cupshup10120398.o18.click https://*.cloudfront.net https://demandesk.adzflyer.com https://digital26.gotrackier.com https://ext.digio.in https://ext.digio.in:444 https://googleads.g.doubleclick.net https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://img1.digitallocker.gov.in https://indiadotcom.gotrackier.com https://ipapi.co https://jsonip.com https://logicmiles.o18.click https://mify.gotrackier.com https://optimidea.go2cloud.org https://pentagrid-ag-scan-controller.local:1337 https://performance.gotrackier.com https://pips.taboola.com https://routesmedia.o18.click https://rum-http-intake.logs.datadoghq.com https://s3.ap-south-1.amazonaws.com https://sb-ssl.google.com https://sc-events-sdk.sharechat.com https://script.hotjar.com https://spectrum.gotrackier.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://tracking.adcanopus.com https://tracking.icubeswire.co https://tracking.salesleaf.com https://trc-events.taboola.com https://trc.taboola.com https://trk.mrndigital.in https://trk.opiclepxl.com https://vars.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.intellectadz.com https://www.ref-r.com https://wzrkt.com ; script-src-elem 'self' 'unsafe-inline' https://*.flexiloans.com http://accounts.digitallocker.gov.in https://accounts.digitallocker.gov.in https://adcanopus.go2cloud.org https://adcentmediapvtltd649.o18.click https://admattic.gotrackier.com https://affnads.gotrackier.com https://ak.gotrackier.com https://altiventechnologiespvtltd10106723.o18.click https://api-js.mixpanel.com https://api.digitallocker.gov.in https://apis.sharechat.com https://aqugencloud.com https://blog.idfy.com https://capture.kyc.idfy.com https://cdn.taboola.com https://cdn.invitereferrals.com https://cdn.jsdelivr.net https://cdn.mxpnl.com https://cdn.mxpnl https://*.taboola.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://cupshup10120398.o18.click https://*.cloudfront.net https://demandesk.adzflyer.com https://digital26.gotrackier.com https://ext.digio.in https://ext.digio.in:444 https://googleads.g.doubleclick.net https://hv-camera-web-sg.s3-ap-southeast-1.amazonaws.com https://img1.digitallocker.gov.in https://indiadotcom.gotrackier.com https://ipapi.co https://jsonip.com https://logicmiles.o18.click https://mify.gotrackier.com https://optimidea.go2cloud.org https://pentagrid-ag-scan-controller.local:1337 https://performance.gotrackier.com https://pips.taboola.com https://routesmedia.o18.click https://rum-http-intake.logs.datadoghq.com https://s3.ap-south-1.amazonaws.com https://sb-ssl.google.com https://sc-events-sdk.sharechat.com https://script.hotjar.com https://spectrum.gotrackier.com https://static.hotjar.com https://stats.g.doubleclick.net https://td.doubleclick.net https://tracking.adcanopus.com https://tracking.icubeswire.co https://tracking.salesleaf.com https://trc-events.taboola.com https://trc.taboola.com https://trk.mrndigital.in https://trk.opiclepxl.com https://vars.hotjar.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.in https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://www.intellectadz.com https://www.ref-r.com https://wzrkt.com https://ka-f.fontawesome.com https://unpkg.com https://smtpjs.com; style-src 'self' *.typekit.net fonts.googleapis.com cdn.invitereferrals.com 'unsafe-inline'; font-src 'self' *.typekit.net fonts.googleapis.com fonts.gstatic.com ka-f.fontawesome.com; img-src 'self' data: blob: *; worker-src 'self' https://*.flexiloans.com blob:; connect-src *; 1
object-src 'none';default-src 'none';connect-src https://www.wefact.nl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.cookiebot.com https://maps.googleapis.com *.clarity.ms https://c.bing.com;frame-src https://www.youtube.com https://bid.g.doubleclick.net *.cookiebot.com https://outlook.office365.com;frame-ancestors 'self';img-src https://www.wefact.nl data: *.ytimg.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://www.google.be *.cookiebot.com https://maps.gstatic.com https://maps.googleapis.com *.clarity.ms https://c.bing.com www.mollie.com;script-src https://www.wefact.nl https://www.youtube.com *.ytimg.com 'sha256-CrAe1a0TFvLsCsBw0E5Ky5SvrwDd3Kn8oyr5ns4gIUc=' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net *.cookiebot.com https://developers.google.com https://maps.googleapis.com *.clarity.ms https://c.bing.com 'sha256-HqEywe2Mupyc3mWoKoXnTO5AVzVUi7YpNaBHAq+y0U0=';style-src https://www.wefact.nl 'unsafe-inline' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com *.typekit.net;font-src 'self' data: https://fonts.gstatic.com data: *.typekit.net;manifest-src https://www.wefact.nl 1
font-src *.gstatic.com data: fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com static.lipscore.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.sagepay.com verify.monzo.com secure4.arcot.com secure5.arcot.com *.rsa3dsauth.co.uk authentication.cardinalcommerce.com danskebank-3ds-vdm.wlp-acs.com tsys.arcot.com secure7.arcot.com acs2.edb.com acs1.edb.com 3ds.nexigroup.com safekey-3.americanexpress.com sicher-bezahlen.sparkasse.at op-bxl.wlp-acs.com 3dsecure.psa.at *.mpts.modirum.com acs.swisscard.ch authentication-acs.marqeta.com 3ds.redsys.es acs2.swedbank.se acs-trides2.asseco-see.hr 3d-secure1.sbanken.no acs1.3dsecure.no mastercardidentitycheck.sparkassen-kreditkarten.de *.3ds.cornercard.ch belgium-3ds-bxl.wlp-acs.com *.3ds.modirum.com acs2.3dsecure.no acs4.privatbank.ua betalen.rabobank.nl online.citadele.lv acs.touch.tech 3dsecure.sumup.com acs1.swedbank.se 3ds2-idcheck.acdcproc.com poseidon.revolut.com 3ds-challenge.n26.com acs-jcn.dnp-cdms.jp acs.netsgroup.com danskebank-3ds-bxl.wlp-acs.com acssv.otpbank.hu acs.mercurypaymentservices.it safekey-2.americanexpress.com 3ds2-visasecure.acdcproc.com visasecure2.comdirect.de esecure.sia.eu *.hu.bpcbt.com foriseu-vbv.mycardplace.com acs.sibs.pt ssl-prd-u7f-fo-acs-pa-casa-bxl.wlp-acs.com *.vampirevape.co.uk *.nccc.com.tw 3d-secure.pluscard.de 3ds.consorsfinanz.de bnpp-3ds-bxl.wlp-acs.com *.pl.ing.com 3ds.pkobp.pl *.bkm.com.tr pay.eewosecure.com acs2.rba.hr secure2.arcot.com op-vdm.wlp-acs.com biztonsagikod.raiffeisen.hu acs.3ds-hanseaticbank.de labanquepostale-3ds-vdm.wlp-acs.com 3dsecureb.sparda.de secure.dkb.de luxembourg-3ds-bxl.wlp-acs.com acs3.luottokunta.fi emvacs.2c2p.com acs.capitalone.com 3dsecure-vrp.de *.cld.asseco-see.hr geschuetztkaufen2.commerzbank.de 3dsecure.mbank.pl acs1.luottokunta.fi threedomainsecure.pekao24.pl *.centrum24.pl 4606e363-3ds.sibs.ro acs.apata.io postbank-3ds-bxl.wlp-acs.com 3dsecure.nexi.it *.hanacard.co.kr *.3ds.bonuscard.ch 3dsecure.ing.ro *.acs.touchtechpayments.com *.citibank.co.in acs3.swedbank.se acs3.edb.com natixispaymentsolutions-3ds-bxl.wlp-acs.com 3dsecure.tatrabanka.sk acs.revolut.com acs.luminorgroup.com acs1-3dsecure.cic.fr acs2-3dsecure.cic.fr *.maybank.com.my secure-acs2ui-b1-indmum-mumrdc.wibmo.com 3d-secure2.sbanken.no 3ds.egcp.com 3dsec.postfinance.ch *.stcpay.com.sa *.secure.lcl.fr mcconsumerv2.alahli.com *.live.ext.prod.enfuce.com acs3ds2.hyundaicard.com acsv2.m2pfintech.com ecclients.btrl.ro *.zaba.hr mycardsecure.com acs1-3dsecure.targobank.de 3ds.bov.com 3dsec.cardcenter.ch *.rsa3dsauth.com visa-secure-bxl.ing.de *.secure22gw.ro *.emea.citibank.com acs.up-ng.com *.elfbar.co.uk 3debspay.boc.cn 3ds.emlpayments.com authentication2.six-group.com acs1.viseca.ch *.apac.citibank.com acs.moneta.cz *.cgbchina.com.cn 3ds.sebkort.com 3ds.soldo.com acs2.luottokunta.fi *.fssnet.co.in visa-secure-vdm.ing.de secure-acs2ui-b1-indblr-blrtdc.wibmo.com *.ccb.com.cn emvacssp.thecardservicesonline.com 3ds.optimuscards.com acs2.ufc.ge ims.euronet3dsecure.com *.3d2.icbc.com.cn *.spdb.com.cn acs2.ipakyulibank.uz *.gps.com.bh *.garanti.com.tr acs2p.gpesecure.com acs2.kasikornbank.com acs.shinhancard.com *.smartsecure.tsys.co.uk *.3ds.acssecure.com acs.gc.ge *.securepay.aeon.com.hk securehdfc-acs2ui-b1-indmum-mumsif.hdfcbank.com 3ds.banquemisr.com emv3dsauth1.secureacs.com acs.samsungcard.com acs.stripeauthentications.com secure-acs2ui-bk2-indmum-mumrdc.wibmo.com *.lostmary.co.uk secure-acs2ui-bk2-indblr-blrtdc.wibmo.com *.eglobal.com.mx acs.redbanc.cl *.standardbank.co.za *.nedsecure.co.za 3ds.rpc-raiffeisen.com *.acs.cmbchina.com acs.inecoecom.am api.ometria.com acs.mashreq.com acsus1.netsgroup.com safekey-sl.americanexpress.com *.recycleyourelectricals.org.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co *.hotjar.com *.google.com *.facebook.com *.trustpilot.com *.criteo.com account.fetchify.com *.sagepay.com *.wesupply.xyz *.weltpixel.com t.sharethis.com elfbar.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com api.agechecked.com *.cookiebot.com *.dycdn.net *.elfbar.com *.lost-mary.com *.odysee.com odysee.com *.calconic.com *.elavon.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.linkedin.com *.googletagmanager.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net static.lipscore.com blob: img.youtube.com ts.tradetracker.net www.magmodules.eu maps.googleapis.com l.sharethis.com d1f0tbk1v3e25u.cloudfront.net *.google.co.uk *.hsbc.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.sharethis.com google.co.uk *.google-analytics.com trk.ometria.com *.affiliatefuture.com/* tags.affiliatefuture.com scripts.affiliatefuture.com recycleyourelectricals.org.uk/* *.recycleyourelectricals.org.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.agechecked.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.paypal.com *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com snap.licdn.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.facebook.net *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com static.lipscore.com *.sagepay.com tm.tradetracker.net *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com maps.googleapis.com *.ometria.com platform-api.sharethis.com dn1i8v75r669j.cloudfront.net dkpklk99llpj0.cloudfront.net d81mfvml8p5ml.cloudfront.net buttons-config.sharethis.com t.sharethis.com assets.zendesk.com static.zdassets.com agechecked.com pi-live.sagepay.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.cloudfront.net *.sharethis.com googleoptimize.com *.zendesk.com r1-t.trackedlink.net google-analytics.com widget.trustpilot.com *.cookiebot.com/ cookiebot.com/* *.dycdn.net unpkg.com/* https://unpkg.com/web-vitals@2.1.0/dist/web-vitals.umd.js' *.ometria.com/* *.affiliatefuture.com/* tags.affiliatefuture.com scripts.affiliatefuture.com *.elavon.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.agechecked.com downloads.mailchimp.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net cc-cdn.com static.lipscore.com tagmanager.google.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com totalvapour.co.uk/static/* www.totalvapour.co.uk/* https://www.totalvapour.co.uk/* recycleyourelectricals.org.uk/* *.recycleyourelectricals.org.uk 'self' 'unsafe-inline'; object-src www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; media-src *.adobe.com *.zopim.com flavourwarehouse.co.uk www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com *.zdassets.com dbh4s5ja0maaw.cloudfront.net/security_video.mp4 youtube.com https://dbh4s5ja0maaw.cloudfront.net/verify/verify_product.mp4 'self' 'unsafe-inline'; manifest-src www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.agechecked.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.facebook.com *.datatrics.com api.craftyclicks.co.uk pcls1.craftyclicks.co.uk wapi.lipscore.com users.lipscore.com *.sagepay.com https://www.google-analytics.com *.ometria.com l.sharethis.com am.freshrelevance.com *.g.doubleclick.net dn1i8v75r669j.cloudfront.net ekr.zdassets.com *.craftyclicks.co.uk *.kattel.com invitejs.trustpilot.com oversight.stwaw.com www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com wss://am.freshrelevance.com kattel.com/* *.dycdn.net *.elfbar.com *.cookiebot.com cookiebot.com/* *.lost-mary.com *.stbuttons.click *.crwdcntrl.net *.odysee.com odysee.com 'self' 'unsafe-inline'; child-src www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com http: https: blob: 'self' 'unsafe-inline'; default-src www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.vampirevape.co.uk www.dotvape.co.uk www.totalvapour.co.uk www.premiervaping.com www.flavourwarehouse.co.uk www.elfbar.co.uk www.lostmary.co.uk www.skecrystalbar.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://app.securiti.ai https://cdn-prod.securiti.ai https://www.googletagmanager.com/debug/badge.css; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://cdn-prod.securiti.ai https://cdnjs.cloudflare.com/ajax/libs/fingerprintjs2/2.1.0/fingerprint2.js; img-src 'self' https://www.google-analytics.com https://app.securiti.ai data: https:; connect-src 'self' https://www.google-analytics.com https://cdn-prod.securiti.ai https://app.securiti.ai; font-src 'self' https://fonts.gstatic.com https://cdn-prod.securiti.ai https://app.securiti.ai; frame-src 'self' https://www.youtube.com https://cdn-prod.securiti.ai https://app.securiti.ai https://www.google.com/ https://chatgptprestadores.orizon.com.br; frame-ancestors 'none'; 1
default-src 'self' *.perahub.com.ph; style-src 'self' 'unsafe-inline' *.perahub.com.ph; style-src-elem 'self' 'unsafe-inline' *.force.com *.salesforce-sites.com; font-src 'self' data: *.perahub.com.ph; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.perahub.com.ph; script-src-elem 'self' 'unsafe-inline' *.salesforceliveagent.com *.salesforce.com *.force.com *.salesforce-sites.com *.recaptcha.net *.gstatic.com; frame-src 'self' data: *.youtube.com youtu.be *.force.com *.recaptcha.net; connect-src 'self' *.perahub.com.ph *.force.com; img-src 'self' blob: data: *.perahub.com.ph; frame-ancestors 'self' https://www.youtube.com; 1
default-src 'self' https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-OTk5NTUzMTFub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
frame-ancestors https://*.bancoripley.cl https://*.ripley.cl https://*.mouseflow.com 1
default-src 'self';  script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google-analytics.com  https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.ytimg.com https://bancoserfinanza.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.elementor.com https://*.infobip.com https://connect.facebook.net; style-src 'report-sample' 'self' 'unsafe-inline' https://*.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://*.elementor.com;  object-src 'self' blob:;  base-uri 'self'; connect-src 'self' blob: data: https://*.google-analytics.com https://tarjetaolimpica.com.co https://yoast.com https://bancoserfinanza.com https://stats.g.doubleclick.net https://*.elementor.com https://fonts.googleapis.com https://*.infobip.com https://analytics.google.com/g/collect; font-src 'self' data: 'unsafe-inline' https://*.gstatic.com https://*.elementor.com;  frame-src 'self' blob: https://*.youtube.com https://*.wpdownloadmanager.com https://www.google.com https://bancoserfinanza.com https://*.elementor.com https://*.infobip.com https://devserfinanza.tmsapps.co:85/; img-src 'self' blob: data: https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://secure.gravatar.com https://ps.w.org https://*.elementor.com https://updates.themepunch.tools https://d1ygi81q02zqx0.cloudfront.net https://www.segurosmundial.com.co/media/Terminos_y_Condiciones_2022.png; manifest-src 'self' blob: data:;  worker-src 'self' blob: data:; media-src 'self' blob: data: https://sliderrevolution.com; 1
default-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; report-uri https://csp.d47wgg8.com 1
frame-ancestors 'self' https://anhqv.es https://*.jonilar.com https://*.lqsa.es https://comunidadmontepinar.es 1
frame-ancestors http://jct.gov http://www.jct.gov http://jct-cms.ae-admin.com http://jct-live.ae-admin.com *.hawksearch.com *.hawksearch.net *.roccommerce.com 1
frame-src *.criteo.com *.google.com *.issuu.com *.prismic.io *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://use.fontawesome.com https://fonts.googleapis.com https://www.google.com https://maps.googleapis.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hubspotfeedback.com https://js.hsleadflows.net https://js.hscaptcha.com https://js.hsforms.net https://js.hssocials.net https://secure.smart-enterprise-acumen.com https://unpkg.com https://js-eu1.hs-scripts.com https://js-eu1.hsleadflows.net https://js-eu1.hs-analytics.net https://js-eu1.hscollectedforms.net https://js-eu1.usemessages.com https://js-eu1.hs-banner.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net cdn-cookieyes.com https://assets.calendly.com https://sc.lfeeder.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://use.typekit.net https://unpkg.com https://p.typekit.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.akixi.com 'unsafe-inline'; img-src 'self' data: https://www.google-analytics.com https://ssl.google-analytics.com https://js.hs-scripts.com https://cdn.jsdelivr.net https://secure.gravatar.com https://www.google.com https://www.google.co.uk https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://d2iiunr5ws5ch1.cloudfront.net js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hsforms.net https://forms.hsforms.com cdn-cookieyes.com https://tr.lfeeder.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net data:; connect-src 'self' https://www.google-analytics.com https://api.hubapi.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net wss://ws-mt1.pusher.com https://forms-eu1.hsforms.com *.cookieyes.com cdn-cookieyes.com; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://www.hubspot.com *.hs-sites.com *.hubspot.com play.hubspotvideo.com *.akixi.com *.hsforms.net *.hsforms.com https://calendly.com; object-src 'none'; base-uri 'self'; form-action 'self' https://forms-eu1.hsforms.com; upgrade-insecure-requests; worker-src 'self' blob:; child-src *.hsforms.com; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://luce-gas.it/report-uri/enforce 1
base-uri 'self' 'unsafe-inline' 'unsafe-eval'  https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.trustedshops.co.uk/buyerrating/info_X93D475E1BF679F083C0D1582454C3483.html https://www.trustedshops.es/evaluacion/info_X20DF4B0194522AAB4B67F1BD773A7534.html https://hooks.slack.com/services/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 https://umap.openstreetmap.fr/ https://fonts.googleapis.com https://mypudo.pickup-services.com/mypudo/mypudo.asmx https://api.trustedshops.com/rest/restricted/v2/shops https://733-cee-728.mktorest.com https://www.fna-cartegrise.fr/euro4x4parts.asp https: www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/ga.js https://va.tawk.to/v1/session/start https://embed.tawk.to/ https://www.tawk.to/; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' data:  https:; media-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self'; font-src 'self' https://embed.tawk.to/ data: fonts.gstatic.com; 1
default-src 'self' https://download.teamviewer.com/ https://dl.teamviewer.com/ https://cdn.cookielaw.org/ https://reportsession.teamviewer.com; script-src-elem 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://code.jquery.com data:; script-src data: 'unsafe-inline' 'self' https://code.jquery.com; object-src 'self'; style-src 'unsafe-inline' 'self' https://code.jquery.com; img-src 'self' https://code.jquery.com; frame-src 'self' *.teamviewer.com teamviewer8: tvassign1: tvsqcustomer1: tvcustomqs: intent: 1
default-src 'self' https://www.googletagmanager.com/gtag/js https://cdnjs.cloudflare.com https://www.youtube.com https://soft.specialcraftbox.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/js https://cdnjs.cloudflare.com https://www.youtube.com https://soft.specialcraftbox.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://secure.gravatar.com https://s.w.org/images http://www.w3.org https://ps.w.org; font-src 'self' data: https://fonts.gstatic.com ; media-src 'self'; frame-ancestors 'self'; object-src https://workspace.prudential.ug; frame-src https://*.prudential.ug https://prudential.ug https://www.youtube.com https://maps.google.com https://www.google.com; worker-src blob:https://prudential.ug; base-uri 'self'; upgrade-insecure-requests 1
default-src 'self' ; img-src https://*.paynimo.com 'self'; script-src https://*.paynimo.com https://*.jquery.com 'self' 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: filesystem:; style-src https://*.paynimo.com 'self' data: chrome-extension-resource: 'unsafe-inline'; img-src https://*.paynimo.com 'self' data: chrome-extension-resource:; frame-src https://*.paynimo.com 'self' data: chrome-extension-resource:; font-src https://*.paynimo.com 'self' data: chrome-extension-resource:; media-src https://*.paynimo.com * data: blob: filesystem:; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'none'; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://cobertura.cwpanama.com https://cwpanama.speedtestcustom.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://prodgis.lla.com https://cdn.quantummetric.com https://api.retargetly.com https://cookieless-campaign.prd-00.retargetly.com https://analytics.libertycr.com https://www.googletagmanager.com; form-action *; worker-src * blob:; 1
frame-ancestors https://*.belmontstakes.com https://belmontstakes.com https://*.thorograph.com https://thorograph.com https://*.nyra.com https://nyra.com https://*.nyrabets.com 'self' https://nyrabets.com https://*.gbetest.com https://gbetest.com https://*.dev07-broker0201.com https://dev07-broker0201.com https://*.dev07-gbeb2c.com https://dev07-gbeb2c.com https://*.test02-nyrabets.com https://test02-nyrabets.com https://*.gbe.global https://gbe.global; 1
frame-ancestors 'self' https://s.salecycle.com https://vodafoneromania.demdex.net https://vars.hotjar.com https://c1.adform.net 1
default-src 'self'; script-src 'self' ads.dragonfru.it https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/ 'nonce-DDczrex0vB4wlGzNWVUPNw=='; style-src 'self' 'unsafe-inline'; connect-src 'self' ads.dragonfru.it plausible.dragonfru.it; object-src 'self' static1.e6ai.net; media-src 'self' static1.e6ai.net; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://www.recaptcha.net/; font-src 'self'; img-src 'self' data: static1.e6ai.net ads.dragonfru.it; child-src 'none'; form-action 'self' 1
frame-ancestors 'self' https://dit.deka.de; 1
frame-ancestors 'self'; block-all-mixed-content; frame-src 'self' https://*.kliniki.pl *.google.com *.maptiler.com *.proassist.pl *.youtube.com *.facebook.com *.googletagmanager.com *.medonet.pl *.cookiebot.com vitalscheckup.com 1
default-src 'none' ; base-uri 'self' ; child-src *.cloudflarestream.com insights.hinshawlaw.com platform.twitter.com player.vimeo.com view.ceros.com www.google.com www.iheart.com www.youtube.com ; connect-src 'self' *.cloudflarestream.com *.parmonic.ai *.parmonic.com https://amplilyimagecap.azureedge.net https://awapi.blob.core.windows.net https://go.parmonic.com https://subtitles.blob.core.windows.net https://videodelivery.net parmonic.com stats.g.doubleclick.net www.google-analytics.com ; font-src 'self' data: fonts.gstatic.com www.hinshawlaw.com ; form-action 'self' ; frame-ancestors https://hinshaw.pathfactory.com *.cloudflarestream.com ; img-src blob: data: * *.parmonic.ai https://parmonic.com https://amplilyimagecap.azureedge.net ; media-src blob: *.cloudflarestream.com *.parmonic.ai https://amplilyimagecap.azureedge.net https://parmonic.com https://subtitles.blob.core.windows.net https://videodelivery.net ; object-src 'self' www.hinshawlaw.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.cloudflarestream.com *.parmonic.ai *.parmonic.com hosting.simplemaps.com https://awjs.blob.core.windows.net https://view.ceros.com/ www.google-analytics.com www.googletagmanager.com www.hinshawlaw.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com ; 1
script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' *.privy.com *.ryzeo.com *.signifyd.com *.doitcenter.com.pa *.yotpo.com accounts.livechatinc.com acsbapp.com analytics.tiktok.com api.livechatinc.com bam.nr-data.net bat.bing.com cdn-widgetsrepository.yotpo.com cdn.livechatinc.com cdn.statstrk01.com cdn.userway.org cdnapisec.kaltura.com cdns.brsrvr.com chimpstatic.com connect.facebook.net ct.pinterest.com googleads.g.doubleclick.net js-agent.newrelic.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hscollectedforms.net js-eu1.usemessages.com maps.googleapis.com na-library.klarnaservices.com na-library.playground.klarnaservices.com s.pinimg.com secure.livechatinc.com static.hsappstatic.net static.trackedweb.net staticw2.yotpo.com www.clarity.ms www.facebook.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com d1cocw0250tpxv.cloudfront.net connect.nosto.com static.klaviyo.com static-tracking.klaviyo.com cdn.jsdelivr.net pwaprod.doitcenter.com.pa www.paypal.com seguimiento.doitcenter.com.pa fonts.gstatic.com fonts.googleapis.com testingw78j8loor3-2.algolianet.com testingw78j8loor3-1.algolianet.com thumbs.nosto.com testingw78j8loor3-dsn.algolia.net use.typekit.net p.yotpo.com a.klaviyo.com static.hotjar.com script.hotjar.com hotjar.com widget01.modernretail.com view.publitas.com scripts.publitas.com secure.nmi.com mstat.acestream.net www.paypalobjects.com conoret.com www.pagespeed-mod.com ssl.google-analytics.com; report-uri /.webscale/csp-report 1
default-src https://www.youtube-nocookie.com https://www.google.com/ 'self'; connect-src https://consent.app.cookieinformation.com https://policy.app.cookieinformation.com https://cdn.jsdelivr.net https://in3.taskanalytics.com https://posten.boost.ai https://js.arcgis.com https://www.arcgis.com https://basemaps.arcgis.com https://cdn.arcgis.com https://static.arcgis.com https://utility.arcgis.com https://services.geodataonline.no https://vector.services.geodataonline.no https://geocode.arcgis.com https://stats.kaltura.com https://analytics.kaltura.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://posten-bring.force.com https://livestats.kaltura.com https://pagead2.googlesyndication.com https://klive.kaltura.com 'self'; base-uri 'self'; form-action https://tracking.bring.com https://tracking.bring.dk https://tracking.bring.se https://sporing.bring.no https://tracking.qa.bring.com https://tracking.qa.bring.dk https://tracking.qa.bring.se https://sporing.qa.bring.no 'self'; script-src https://unpkg.com https://cdnapisec.kaltura.com https://in3.taskanalytics.com https://cdnapi.kaltura.com https://posten.boost.ai https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://siteimproveanalytics.com https://acdn.adnxs.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleoptimize.com https://ssl.google-analytics.com https://policy.app.cookieinformation.com https://cloud.2.bring.com https://posten-bring.force.com https://connect.facebook.net https://assets.strossle.com https://ib.adnxs.com https://snap.licdn.com https://www.bring.se https://www.bring.dk https://www.bring.nl https://adservice.google.com https://www.googleadservices.com https://pagead2.googlesyndication.com https://cct.google https://js.arcgis.com https://ws.geonorge.no https://geocode.arcgis.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://player.vimeo.com https://posten-bring.force.com https://posten-bring.my.site.com https://widget.trustpilot.com https://www.youtube.com 'unsafe-inline' 'unsafe-eval' 'self'; frame-src https://www.google.com https://www.googletagmanager.com https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://www.gstatic.com https://player.vimeo.com/ https://www.youtube-nocookie.com https://form.typeform.com https://policy.app.cookieinformation.com https://widget.trustpilot.com https://td.doubleclick.net https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://www.youtube.com; object-src 'none'; img-src * data: blob:; style-src 'unsafe-inline' * ; font-src * data; worker-src blob:; media-src blob: https://cdnapi.kaltura.com https://cdnapisec.kaltura.com https://cfvod.kaltura.com https://www.kaltura.com 1
frame-ancestors 'self' https://*.winho.com.tw https://www.945d.tw; upgrade-insecure-requests 1
font-src fonts.gstatic.com use.typekit.net * *.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * cl.s51.exct.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com * https://js.digitalriverws.com *.adyen.com *.google.com/ instafeed.pixlee.co photos.pixlee.co *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com p.typekit.net validator.swagger.io * https://www.magezon.com https://ui1.img.digitalrivercontent.net *.adyen.com maps.googleapis.com maps.gstatic.com *.pxlecdn.com *.pixlee.com *.cdninstagram.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.googletagmanager.com * https://js.digitalriverws.com *.adyen.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.google.com/ *.marketo.com *.pxlecdn.com *.pixlee.co *.pixlee.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com * *.fontawesome.com https://js.digitalriverws.com *.marketo.com assets.pixlee.com *.addthis.com *.moatads.com *.addthisedge.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.snplow.net commerce.adobedc.net p13n-mr.adobe.io www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adobedc.net *.demdex.net *.adobe.io performance.typekit.net *.sentry.io * https://getolympus.registria.com *.adyen.com https://maps.googleapis.com bam.nr-data.net *.marketo.com *.addthis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://report-to-api.raygun.com/reports?apikey=DzufkMvfyVLTrPSJBRAIpg; report-to report-endpoint; 1
frame-ancestors https://methstreams.com https://cdn.tryandrew.shop https://nbastreamswatch.com https://watchnbastreams.com https://crackstreams.ws https://the.crackstreams.ws https://reddit.watchnbastreams.com https://mlb.trybarry.shop 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googletagmanager.com https://www.google-analytics.com/ https://www.google.com/ https://fonts.googleapis.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/ https://player.vimeo.com/ https://developers.google.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://widgets.q4app.com/ https://maxcdn.bootstrapcdn.com/ https://secure.gravatar.com/ https://s.w.org/ https://ps.w.org/; script-src 'unsafe-inline' https: *.google-analytics.com/; connect-src https://www.google-analytics.com/ 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' https://analytics-eu.clickdimensions.com https://cdn.cookielaw.org https://cdn-eu.clickdimensions.com https://connect.facebook.net https://emea3.recruitmentplatform.com https://f.vimeocdn.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://platform.linkedin.com https://player.vimeo.com/api/ https://px.ads.linkedin.com https://rhdhv.maphub.net https://snap.licdn.com https://sc.lfeeder.com https://script.hotjar.com https://static.doubleclick.net https://static.hotjar.com https://cdn.weglot.com https://unpkg.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.googleadservices.com https://www.linkedin.com https://www.youtube.com https://*.svc.dynamics.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.cookielaw.org https://cdn-eu.clickdimensions.com https://cdn.weglot.com https://emea3.recruitmentplatform.com https://f.vimeocdn.com https://rhdhv.maphub.net https://unpkg.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://adservice.google.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io https://cdn.weglot.com https://content.hotjar.io https://connect.facebook.net https://csmetrics.hotjar.com https://emea3.recruitmentplatform.com https://in.hotjar.com https://metrics.hotjar.io https://p-tec-tunnel.royalhaskoningdhv.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://vc.hotjar.io https://www.facebook.com https://www.google-analytics.com wss://ws.hotjar.com https://*.svc.dynamics.com; font-src 'self' data: https://emea3.recruitmentplatform.com https://fonts.gstatic.com https://rhdhv.maphub.net https://script.hotjar.com; frame-src 'self' https://app.meltwater.com https://www.google.com https://www.google.nl https://*.expo.royalhaskoningdhv.com https://login.windows.net https://login.microsoftonline.com https://oembed.libsyn.com https://play.libsyn.com https://player.vimeo.com https://player-telemetry.vimeo.com https://rhdhv.maphub.net https://rhdhvthirdparty.z6.web.core.windows.net https://td.doubleclick.net https://youtube.com https://view.genial.ly https://www.facebook.com https://www.linkedin.com https://www.youtube.com https://*.svc.dynamics.com; img-src 'self' data: https://*.tile.openstreetmap.org https://cdn-eu.clickdimensions.com https://cdn.cookielaw.org https://cdn.weglot.com https://i.ytimg.com https://i.vimeocdn.com https://fonts.gstatic.com https://googleads.g.doubleclick.net https://forms.office.com https://px.ads.linkedin.com https://p-tec-tunnel.royalhaskoningdhv.com https://rhdhv.maphub.net https://tr-rc.lfeeder.com https://www.facebook.com https://www.google.com https://www.google.nl https://www.gstatic.com https://www.linkedin.com https://yt3.ggpht.com https://www.googletagmanager.com https://www.google-analytics.com https://www.royalhaskoningdhv.com https://*.svc.dynamics.com; manifest-src 'self'; media-src 'self' https://67vod-adaptive.akamaized.net https://*.svc.dynamics.com/; worker-src blob:; 1
connect-src 'self' www.gstatic.com assets.adobedtm.com www.google.com www.bing.com metrics.myprime.com; 1
script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google-analytics.com https://embed.tawk.to https://www.gstatic.com https://maps.googleapis.com https://static.sdkassets.chime.aws https://code.jquery.com https://*.cloudfront.net https://js.hcaptcha.com https://cdnjs.cloudflare.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wetdry.world; img-src 'self' data: blob: https://wetdry.world https://media.wetdry.world https://media.tenor.com https://blob.jortage.com https://compliance.conversations.im; style-src 'self' https://wetdry.world 'nonce-uSesDG0p/zohi2UvACKT9w=='; media-src 'self' data: https://wetdry.world https://media.wetdry.world https://media.tenor.com https://blob.jortage.com https://compliance.conversations.im; frame-src 'self' https:; manifest-src 'self' https://wetdry.world; form-action 'self'; child-src 'self' blob: https://wetdry.world; worker-src 'self' blob: https://wetdry.world; connect-src 'self' data: blob: https://wetdry.world https://media.wetdry.world https://media.tenor.com https://blob.jortage.com https://compliance.conversations.im wss://wetdry.world https://api.tenor.com; script-src 'self' https://wetdry.world 'wasm-unsafe-eval' 1
default-src 'self' blob: data: https: wss: *.aven.com; child-src https: blob: *.aven.com; img-src 'unsafe-inline' blob: data: *.aven.com https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.aven.com; style-src 'self' 'unsafe-inline' https: *.aven.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic' script-src * data: blob: 'unsafe-inline' 'unsafe-eval' connect-src * data: blob: 'unsafe-inline' img-src * data: blob: 'unsafe-inline' frame-src * data: blob:  style-src * data: blob: 'unsafe-inline' font-src * data: blob: 'unsafe-inline' 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://widget.usersnap.com/ https://fast.wistia.com https://player.vimeo.com https://*.usersnap.com https://*.usercentrics.eu https://www.bing.com https://dev.virtualearth.net https://www.googleadservices.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net https://cdn.bttrack.com https://cdn.pdst.fm http://*.bing.com https://*.virtualearth.net https://bttrack.com https://*.ditu.live.com https://gum.criteo.com https://dynamic.criteo.com/ *.criteo.com *.criteo.net https://www.google-analytics.com/ https://static.hotjar.com https://script.hotjar.com *.google-analytics.com cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.bing.com https://static.hotjar.com https://script.hotjar.com web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://useast2devbrandsites.blob.core.windows.net https://useast2qabrandsites.blob.core.windows.net https://useast2prodbrandsites.blob.core.windows.net https://img.youtube.com https://i.vimeocdn.com/ https://*.wistia.com https://*.usercentrics.eu https://*.virtualearth.net https://*.adnxs.com https://*.googlesyndication.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://*.google.com/ https://*.bing.com https://bttrack.com https://*.dynamic.tiles.ditu.live.com https://www.google-analytics.com/ https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com *.google-analytics.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://script.hotjar.com; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://player.vimeo.com https://app.usercentrics.eu/ https://*.doubleclick.net https://gum.criteo.com *.criteo.com *.criteo.net https://clariosdigitallibrary.widen.net/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://maps.googleapis.com https://*.wistia.com https://stats.g.doubleclick.net https://*.litix.io https://*.usersnap.com https://*.vimeo.com https://vimeo.com https://*.usercentrics.eu https://*.bing.com https://www.googleadservices.com/ https://*.google.com https://*.linkedin.oribi.io https://us-central1-adaptive-growth.cloudfunctions.net https://t0.dynamic.tiles.ditu.live.com https://bttrack.com https://sslwidget.criteo.com https://px.ads.linkedin.com/ https://www.google-analytics.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.google-analytics.com; media-src 'self' data: blob: https://*.wistia.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
connect-src 'self' msyabfsbys-3.algolianet.com metrics.hotjar.io www.google.com.au www.google.com.sg metrics.hotjar.io in.hotjar.com pagead2.googlesyndication.com analytics.google.com adservice.google.com  info.dairymaster.com region1.analytics.google.com stats.g.doubleclick.net surveystats.hotjar.io www.google-analytics.com onesignal.com www.facebook.com vc.hotjar.io www.google.com msyabfsbys-dsn.algolia.net yoast.com my.yoast.com; font-src 'self' at.alicdn.com stats.g.doubleclick.net ask.hotjar.io at.alicdn.com fonts.gstatic.com script.hotjar.com github.com data:; frame-src  td.doubleclick.net vars.hotjar.com www.google.com bid.g.doubleclick.net www.youtube.com www.googletagmanager.com cdn.onesignal.com player.vimeo.com www.facebook.com 'self'; img-src 'self' www.google.co.kr www.google.gr at.alicdn.com www.google.am www.hotjar.com www.dairymaster.com analytics.twitter.com adepci4.aocdn.net ci300.aocdn.net info.dairymaster.com script.hotjar.com www.facebook.com www.google-analytics.com www.google.com www.google.hr i.ytimg.com t.co www.google.com.sg img.onesignal.com www.google.co.uk www.google.ie www.googletagmanager.com googleads.g.doubleclick.net www.google.co.in www.google.ae www.google.de connect.facebook.net dairymaster.local i.vimeocdn.com translate.google.com www.google.at www.google.be www.google.by www.google.ca www.google.ch www.google.co.id www.google.co.jp www.google.co.ke www.google.co.ma www.google.co.nz www.google.co.th www.google.co.uz www.google.co.za www.google.com.ar www.google.com.au www.google.com.br www.google.com.co www.google.com.gt www.google.com.ly www.google.com.my www.google.com.ng www.google.com.ph www.google.com.pk www.google.com.qa www.google.com.sa www.google.com.tr www.google.com.ua www.google.com.vn www.google.dk www.google.es www.google.fi www.google.fr www.google.im www.google.it www.google.md www.google.mu www.google.nl www.google.pl www.google.ru www.google.se www.google.tn www.gstatic.com secure.gravatar.com www.google.cz www.google.iq www.google.lu data: ps.w.org s.w.org; script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com analytics.twitter.com cdn.onesignal.com googleads.g.doubleclick.net onesignal.com script.hotjar.com www.google.com www.googletagmanager.com www.gstatic.com ajax.cloudflare.com connect.facebook.net info.dairymaster.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.googleadservices.com www.youtube.com gc.kis.v2.scr.kaspersky-labs.com player.vimeo.com cdn.mxpnl.com data: djtflbt20bdde.cloudfront.net me.kis.v2.scr.kaspersky-labs.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' www.dairymaster.com fonts.googleapis.com info.dairymaster.com onesignal.com ajax.googleapis.com me.kis.v2.scr.kaspersky-labs.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' ajax.googleapis.com analytics.twitter.com connect.facebook.net googleads.g.doubleclick.net info.dairymaster.com script.hotjar.com static.ads-twitter.com static.hotjar.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com ajax.cloudflare.com cdn.onesignal.com www.youtube.com onesignal.com player.vimeo.com data:; script-src-attr 'unsafe-inline'; worker-src 'self' blob:; child-src vars.hotjar.com www.google.com www.youtube.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' fonts.googleapis.com info.dairymaster.com onesignal.com translate.googleapis.com; form-action 'self' www.facebook.com info.dairymaster.com wwwstage.dairymaster.com; report-uri https://tjzackxyxpyaqmtw.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' www.google-analytics.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.google.com *.google.ch www.googletagmanager.com *.googletagmanager.com googleads.g.doubleclick.net stats.g.doubleclick.net hello.myfonts.net *.jobcloud.ch *.jobs.ch *.jobup.ch *.stellen.ch *.impieghi.ch *.ingjobs.ch *.ictcareer.ch *.jobs4sales.ch *.financejobs.ch *.medtalents.ch *.jobwinner.ch *.alpha.ch *.topjobs.ch *.jobscout24.ch *.disqus.com *.disquscdn.com disqus.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.google-analytics.com *.analytics.google.com *.google.com www.googletagmanager.com tpc.googlesyndication.com *.googletagmanager.com cdnjs.cloudflare.com js-agent.newrelic.com ajax.googleapis.com *.googleadservices.com cdn.jsdelivr.net bam.nr-data.net *.disqus.com *.disquscdn.com; frame-src tpc.googlesyndication.com; media-src 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' data: 1
frame-ancestors 'self'; base-uri 'none'; object-src 'none'; default-src 'self' blob: data: *.educatorshandbook.com; style-src 'self' 'unsafe-inline'; script-src 'self' 1
default-src 'self' *.driver.top; img-src * 'unsafe-inline' data:; script-src 'self' challenges.cloudflare.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.hotjar.com *.googlesyndication.com *.doubleclick.net *.google.com *.jsdelivr.net 'nonce-fmL2e/VnyYwlmeaFbU4W4Q=='; style-src * 'unsafe-inline'; connect-src 'self' *.googletagmanager.com *.google-analytics.com *.facebook.net *.hotjar.com *.googlesyndication.com *.doubleclick.net *.google.com; frame-src 'self' challenges.cloudflare.com youtube.com *.youtube.com youtu.be *.youtu.be *.googletagmanager.com *.google-analytics.com *.facebook.net *.hotjar.com *.googlesyndication.com *.doubleclick.net *.google.com; script-src-attr 'self' 'unsafe-inline'; font-src *; 1
script-src 'self' www.google.com www.gstatic.com https://*.websiteoptimizer.dev https://*.wlog.dev;default-src 'self' www.google.com https://*.websiteoptimizer.dev https://*.wlog.dev;frame-src 'self' www.youtube.com www.google.com;img-src 'self' data: https://insightmakercloud-files.storage.googleapis.com/ https://insightmakercloud-files-staging.storage.googleapis.com/ www.gravatar.com www.paypalobjects.com lh3.googleusercontent.com;style-src 'self' https: 'unsafe-inline';font-src 'self' https: data:;frame-ancestors 'none' 1
default-src 'self' *.go.com * data:; script-src 'self' *.go.com *.wdpromedia.com 'unsafe-inline' 'unsafe-eval' *.demdex.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.scorecardresearch.com *.licdn.com *.google-analytics.com *.yimg.com *.bing.com *.linkedin.com *.yahoo.com *.disney.com *.akamaihd.net *.omtrdc.net *.twitter.com *.ads-twitter.com *.bkrtx.com *.bluekai.com *.youtube.com *.ytimg.com *.googleadservices.com *.resonate.com *.reson8.com *.instagram.com *.cookielaw.org js.adsrvr.org; style-src 'self' 'unsafe-inline' *.wdpromedia.com *.go.com *.disney.com; img-src 'self' *.go.com *.wdpromedia.com * data: *.disney.com; connect-src 'self' *.go.com *.google-analytics.com *.disney.com * data:; font-src 'self' *.go.com *.disney.com * data:; frame-src 'self' *.go.com *.adsrvr.org *.disney.com * data:; 1
default-src https: https://*.hotjar.com:* wss://*.hotjar.com wss://*.tokbox.com 'unsafe-eval' 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; font-src https: data:; img-src https: data: blob: 'self'; worker-src blob: 'self' 1
frame-ancestors 'self' https://*.ericgoldman.org http://*.ericgoldman.org 1
default-src 'self' http://10.246.139.228 https://analytics.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://c.statcounter.com/ https://allegro.concerto.ai https://allegro-cdn.concerto.ai 'unsafe-inline' https://twitter.com https://www.google-analytics.com https://stats.g.doubleclick.net https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com; img-src 'self' blob: http://10.246.139.228 https://www.google.co.in https://analytics.google.com https://googleads.g.doubleclick.net https://c.statcounter.com/ https://allegro.concerto.ai https://allegro-cdn.concerto.ai https://www.googletagmanager.com 'unsafe-inline' data: https://pbs.twimg.com https://platform.twitter.com https://syndication.twitter.com https://img.youtube.com; style-src 'self' http://10.246.139.228 https://analytics.google.com https://googleads.g.doubleclick.net  https://c.statcounter.com/ https://allegro.concerto.ai https://allegro-cdn.concerto.ai 'unsafe-inline' https://unpkg.com/ https://fonts.googleapis.com  https://platform.twitter.com; font-src 'self' https://analytics.google.com https://googleads.g.doubleclick.net  https://c.statcounter.com/ data: https://fonts.gstatic.com; script-src 'self' http://10.246.139.228 https://analytics.google.com https://googleads.g.doubleclick.net https://www.googletagmanager.com  https://statcounter.com/ https://allegro.concerto.ai https://allegro-cdn.concerto.ai 'unsafe-eval' https://code.highcharts.com 'unsafe-inline' https://unpkg.com/ https://connect.facebook.net https://platform.twitter.com https://www.google-analytics.com; frame-src 'self' http://10.246.139.228 https://www.google.com https://platform.twitter.com https://www.facebook.com/ https://allegro.concerto.ai https://allegro-cdn.concerto.ai https://www.youtube.com/ https://td.doubleclick.net/ https://syndication.twitter.com/; object-src 'none'; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' 'unsafe-inline' 'unsafe-eval' * data:; media-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors  'self' *; child-src 'self' 'unsafe-inline' 'unsafe-eval' *; font-src 'self' https://themes.googleusercontent.com https://*.gstatic.com *; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'none'; connect-src 'self' litho.silvercloudinc.com integration.silvercloudinc.com integration-cdn.silvercloudinc.com *.google-analytics.com *.g.doubleclick.net bam.nr-data.net bam-cell.nr-data.net cdn.linkedin.oribi.io analytics.google.com px.ads.linkedin.com pixel.alpharank.io app.leadsrx.com tags.srv.stackadapt.com; font-src 'self' *.gstatic.com; frame-src nwfcu.locatorsearch.com *.google.com www.youtube.com efraudprevention.net northwestfederalcreditunionfoundation.ddockforms.com www.dinkytown.net cucalc.org td.doubleclick.net; img-src 'self' integration.silvercloudinc.com integration-cdn.silvercloudinc.com *.linkedin.com *.adsymptotic.com *.facebook.com *.google-analytics.com *.google.com images.printable.com www.w3.org *.mdhv.io tags.srv.stackadapt.com data:; media-src www.learnaboutmoneymovement.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.facebook.net *.licdn.com *.silvercloudinc.com code.jquery.com *.gstatic.com cdn.jsdelivr.net js.adsrvr.org js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net www.dinkytown.net cucalc.org analytics.google.com api.alpharank.io app.leadsrx.com tags.srv.stackadapt.com googleads.g.doubleclick.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' integration.silvercloudinc.com *.googleapis.com cdn.jsdelivr.net tags.srv.stackadapt.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self'; report-uri https://www.nwfcu.org/report-uri/enforce 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ajax.aspnetcdn.com www.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net;object-src 'self' data:;style-src 'self' 'unsafe-inline';img-src 'self' www.google-analytics.com stats.g.doubleclick.net i.ytimg.com data:;frame-src 'self' www.youtube.com;font-src 'self' data:;connect-src 'self';form-action 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; media-src * 'self' blob: ;connect-src https: wss: 1
default-src 'self' *.zohostatic.com *.cloudfront.net static.zohocdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zoho.com d17nz991552y2g.cloudfront.net *.zohostatic.com sentry.io *.zohocdn.com cdn.ravenjs.com *.googleapis.com desk.zoho.com wchat.freshchat.com unpkg.com cdn.ckeditor.com widget.freshworks.com *.runsam.com *.google.com *.gstatic.com stackpath.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com/ajax/libs/popper.js/ cdnjs.cloudflare.com/ajax/libs/Chart.js/ cdn.slaask.com js.stripe.com cdnjs.cloudflare.com/ajax/libs/bootstrap-slider/ gitcdn.github.io/bootstrap-toggle/ cdnjs.cloudflare.com/ajax/libs/moment.js/ stats.pusher.com;style-src 'self' 'unsafe-inline' static.zohocdn.com css.zohocdn.com d3el7j01zd7apf.cloudfront.net *.runsam.com *.zohostatic.com cdn.ckeditor.com widget.freshworks.com stackpath.bootstrapcdn.com *.typekit.net wchat.freshchat.com maxcdn.bootstrapcdn.com gitcdn.github.io/bootstrap-toggle/ fonts.googleapis.com data:;img-src 'self' *.zoho.com *.zohopublic.com developers.google.com maps.google.com i.ytimg.com *.zohocdn.com d3el7j01zd7apf.cloudfront.net *.googleapis.com avatars.slack-edge.com *.gstatic.com cdn.ckeditor.com cdn.slaask.com ssl.gstatic.com/accounts/strongauth/ files.runsam.com www.gravatar.com i2.wp.com via.placeholder.com cms.runsam.com samcmsuser.s3.amazonaws.com samscreenshots.s3.amazonaws.com secure.gravatar.com uploads.slaask.com data:;font-src 'self' *.zohocdn.com webfonts.zohowebstatic.com *.zohostatic.com d3el7j01zd7apf.cloudfront.net stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com use.typekit.net files.runsam.com fonts.gstatic.com data:;frame-src 'self' *.signsdev.runsam.com *.signs.runsam.com *.youtube.com *.zohopublic.com js.stripe.com *.google.com wchat.freshchat.com *.webpush.freshchat.com;connect-src 'self' wss://vts.zohopublic.com *.runsam.com *.zoho.com salesiq.zohopublic.com slaask.com *.pusher.com editnew.freshdesk.com samsignlogs.s3.amazonaws.com widget.freshworks.com ws://ws.pusherapp.com wss://remote.runsam.com;media-src 'self' samcmsuser.s3.amazonaws.com cdn.slaask.com *.zohostatic.com;prefetch-src 'self' *.zohostatic.com d3el7j01zd7apf.cloudfront.net ; 1
object-src 'none'; frame-ancestors 'self' crmc-2024-dev.web.app web.app; report-uri https://www.mastercardservices.com/en/report-uri/enforce 1
frame-ancestors *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; connect-src *.adguard-dns.com *.adguard.org filters.adtidy.org https-filtering-check.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; script-src https://cdn.paddle.com/paddle/paddle.js https://widget.cloudpayments.ru/bundles/cloudpayments.js hcaptcha.com *.hcaptcha.com https://challenges.cloudflare.com/turnstile/v0/api.js *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'unsafe-inline' 'unsafe-eval' 'self'; style-src cdn.paddle.com *.adguard.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'unsafe-inline' 'self'; img-src * data: *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; frame-src *; font-src *.adguard.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self' data:; object-src https://cdn.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; media-src cdn.adtidy.org *.agstcdn.com *.agrd.eu *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self'; report-uri /api/247/security/?sentry_key=f9f67ed550ee435e96c854cdb8278247; default-src *.adguard.com *.adguard-vpn.com *.adguard-vpn.net *.adguard.app *.adguard.info *.adguardvpn.com *.adguard-vpn.info *.adguardvpn-help.com 'self' 1
default-src 'self'; font-src 'self' *; style-src 'unsafe-inline' 'self' *; img-src https://*.googletagmanager.com/* 'self' * blob: data: image; connect-src https://*.intuit.com https://*.ingest.sentry.io/  ws://packsizenow.com wss://packsizenow.com 'self'; script-src 'self' 'nonce-wNA_XTuQVolb6Q'; frame-src youtube.com www.youtube.com; 1
default-src 'self' 'unsafe-inline' data: blob:; 1
frame-ancestors 'self' builder.io 1
default-src 'self' *.mendix.com/ *.mendixcloud.com/ play.vidyard.com/ ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.googleadservices.com/  https://munchkin.marketo.net/ https://tag.demandbase.com/ https://www.redditstatic.com/ https://googleads.g.doubleclick.net/ https://web-analytics.engagio.com/ https://dn1f1hmdujj40.cloudfront.net/  https://cdn.bizible.com/ https://www.clickcease.com/ https://www.google.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ *.mendix.com/ *.mendixcloud.com/ https://js.driftt.com https://fast.appcues.com ; connect-src 'self' *.mendix.com *.mendixcloud.com/ https://729-zyh-434.mktoresp.com/ https://api.company-target.com/  https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://fast.appcues.com wss://api.appcues.net https://api.appcues.net *.algolia.net *.algolianet.com ; font-src 'self' *.mendix.com *.mendixcloud.com/ https://cdnjs.cloudflare.com/ https://s3.amazonaws.com/dock-static.mendix.com/ https://fonts.gstatic.com https://use.typekit.net/ data: ; img-src 'self' https://www.google.com/ https://id.rlcdn.com/ https://segments.company-target.com/ https://alb.reddit.com/ https://match.prod.bidr.io/  https://q.quora.com/ https://cdn.bizible.com/  https://cdn.bizibly.com/  https://www.google.nl/ https://www.googletagmanager.com/ *.mendix.com *.mendixcloud.com/ https://www.google-analytics.com data: res.cloudinary.com/ ; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com *.mendix.com *.mendixcloud.com/ https://p.typekit.net/ https://use.typekit.net/ https://fast.appcues.com ;  frame-ancestors 'self' https://bid.g.doubleclick.net/ *.mendix.com/ *.mendixcloud.com/ ; base-uri 'self' *.mendix.com/ *.mendixcloud.com/ ; form-action 'self' *.mendix.com/ *.mendixcloud.com/ ; object-src 'self' *.mendix.com/ *.mendixcloud.com/ ; frame-src 'self'  https://js.driftt.com  play.vidyard.com/ ; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://betterhumans.pub https://*.betterhumans.pub https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' https://www.callawayconnect.com/; 1
frame-ancestors 'self' http://*.di.dk; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://statistika.rik.ee/ https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://static.addtoany.com https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://*.just.ee https://public.tableau.com https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://public.tableau.com/ https://ajax.cloudflare.com https://static.cloudflareinsights.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com https://statistika.rik.ee/ 'unsafe-eval'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://statistika.rik.ee https://ajax.cloudflare.com/ cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://static.addtoany.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com 'unsafe-inline' https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
script-src 'nonce-cad0cd2293c426a5f8d1cbcb60cf6287' 'strict-dynamic' 'unsafe-eval'; base-uri 'none'; object-src 'none'; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.securiti.ai *.onetrust.com *.googleapis.com *.lightboxcdn.com *.google.com; frame-ancestors *.gosimplr.com *.dynatrace.com *.guitarcenter.com *.onetrust.com *.nonprod-asurion53.com *.asurion.com *.asurion53.com *.google.com; frame-src *.asurion.com https://www.google.com/ https://www.facebook.com/ https://www.googletagmanager.com https://www.youtube.com https://10177734.fls.doubleclick.net https://assets.contently.com https://docs.google.com/ https://form.jotform.com/ https://submit.jotform.com/ https://aa.trkn.us https://www.lightboxcdn.com https://lightboxapi.azurewebsites.net https://asurion.az1.qualtrics.com https://siteintercept.qualtrics.com https://webforms.pipedrive.com https://*.cdn.optimizely.com https://cdn.jsdelivr.net/ https://my.asurion.com; 1
frame-ancestors 'self' https://www.hs-fresenius.de https://www.hs-fresenius.com 1
base-uri 'self';connect-src 'self' https://*.acsbapp.com https://*.cloudfront.net https://*.doubleclick.net https://*.fullstory.com https://*.google-analytics.com https://analytics.google.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.bdjf2ls.com https://secure.durango-direct.com blob: data:;default-src 'self';font-src 'self' https://acsbapp.com https://fonts.gstatic.com data:;frame-src 'self' https://www.google.com https://secure.durango-direct.com;img-src 'self' https://*.acsbapp.com https://*.chartbeat.net http://*.chartbeat.net https://*.cloudfront.net https://*.google-analytics.com https://bad-dragon-production.s3.us-west-2.amazonaws.com/ https://bad-dragon-staging.s3.us-west-2.amazonaws.com/ https://s3-us-west-2.amazonaws.com/bad-dragon-production/ https://s3-us-west-2.amazonaws.com/bad-dragon-staging/ https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com data: blob:;manifest-src 'self' https://*.cloudfront.net;script-src 'self' http://static.chartbeat.com https://*.acsbapp.com https://*.cloudfront.net https://*.fullstory.com https://*.google-analytics.com https://*.google.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://acsbapp.com https://cdnjs.cloudflare.com https://static.chartbeat.com https://tagmanager.google.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://www.bdjf2ls.com https://secure.durango-direct.com 'nonce-6fa1a6ebd12caaa0a2341b7d55368e9b';style-src 'self' 'unsafe-inline' https://*.gstatic.com https://fonts.googleapis.com https://tagmanager.google.com https://secure.durango-direct.com;worker-src 'self';report-uri /api/csp-violations 1
script-src 'self' *.parom.hu *.premiumtarskereso.hu *.szenakazal.hu *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleadservices.com *.gstatic.com *.doubleclick.net cdn.speedcurve.com creativecdn.com *.gemius.pl *.google-analytics.com *.hotjar.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.google.hu *.googlesyndication.com *.googletagservices.com fonts.gstatic.com cdn.ampproject.org *.clarity.ms connect.facebook.net bbcdn-static.bbelements.com *.quantcast.com *.quantserve.com *.quantcount.com *.ibillboard.com cdn.jsdelivr.net *.bing.com *.inmobi.com 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
base-uri 'self'; img-src 'self' https://pixel.wp.com data:; media-src 'self'; frame-src 'self' https://boards.greenhouse.io https://widgets.wp.com; font-src 'self' https://fonts.wp.com https://s0.wp.com data:; 1
frame-ancestors 'self' *.einnews.com *.einpresswire.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://e.issuu.com https://*.recaptcha.net https://tr.snapchat.com https://*.translate.naver.net https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://www.shoplooks.com blob: https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net  https://*.hotjar.com https://*.parcellab.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.ie https://*.abtasty.com https://sgtm.lookfantastic.ie; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://*.lookfantastic.com https://checkout.lookfantastic.ie https://www.glossybox.co.uk https://www.glossybox.se https://www.glossybox.com https://connect.facebook.net https://*.snapchat.com https://www.lookfantastic.com.sg https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.dk https://www.lookfantastic.cn; frame-ancestors 'self' https://live.lookfantastic.ie; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://remote.captcha.com https://*.akamaihd.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.baidu.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.shoplooks.com https://slooks.top https://slooks.me https://*.translate.naver.net https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.bing.com https://*.doubleclick.net https://s.pinimg.com https://static.ads-twitter.com https://*.google.co.uk https://google.co.uk https://lantern.roeyecdn.com https://lantern.roeye.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com blob: https://*.abtasty.com https://sgtm.lookfantastic.ie; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://www.nexterainfrastructuresolutions.com https://www.eastwesttietransmission.com https://www.palms-insurance.com https://www.gridliancewest.com https://www.floridacitygas.com https://www.horizonwesttransmission.com https://www.drivegreenlane.com https://www.nexteraenergytransmission.com https://www.nexteraenergy.com https://www.nexteraenergyresources.com https://www.nexteraenergycanada.com https://www.nexteraanalytics.com https://www.nexterawater.com https://www.distributedwater.com https://www.neetny.com https://www.empirestateline.com https://www.lonestartransmission.com https://www.transbaycable.com https://www.gridliance.com https://www.floridarenewablepartners.com https://www.palms-insurance.com https://www.nexteraenergyservices.com https://www.energycurriculum.com https://www.poweringflorida.com https://www.NexteraMitigationBanks.com https://www.35mules.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://player.vimeo.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com https://tr6.snapchat.com https://www.shoplooks.com https://api.bam-x.com https://app.qubit.com https://www.pinterest.com blob: https://*.attn.tv https://*.powerreviews.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.hotjar.com wss://*.hotjar.com https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://analytics.tiktok.com https://api.bam-x.com https://events.release.narrativ.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.skinstore.com https://tr.snapchat.com https://*.contentsquare.net https://*.attn.tv https://events.attentivemobile.com https://*.criteo.com https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://storyboard.storystream.ai https://content.storystream.ai https://*.powerreviews.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.skinstore.com https://m.skinstore.com https://checkout.skinstore.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://ssl.bing.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.pinimg.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://analytics.tiktok.com https://*.ibytedtos.com https://static.narrativ.com https://static.goqubit.com https://*.qubit.com https://d3drxpsm374orh.cloudfront.net https://*.contentsquare.net https://app.contentsquare.com https://cdn.attn.tv https://tr.snapchat.com https://*.powerreviews.com https://mpsnare.iesnare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://www.shoplooks.com https://static.shoplooks.com https://*.powerreviews.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' *.edock.it *.storeden.com *.shippypro.com 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-F7N/e3mJ3oRmkuKQt31DIw=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
frame-ancestors 'self' *.bruxelles.be *.brussel.be *.brussels.be 1
frame-ancestors 'self' https://www.bookingbuddy.com https://www.shermanscruise.com 1
default-src 'self' salesforce.okta.com *.oktacdn.com; connect-src 'self' salesforce.okta.com salesforce-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com salesforce.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' salesforce.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' salesforce.okta.com *.oktacdn.com; frame-src 'self' salesforce.okta.com salesforce-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' salesforce.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' salesforce.okta.com data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' https://confluence.internal.salesforce.com https://foundation--pie.sandbox.my.salesforce.com https://integration360.lightning.force.com https://powerofus.force.com https://pie-powerofus.usa2s.sfdc-yfeipo.force.com https://org62--62stage2.sandbox.lightning.force.com https://slack.lightning.force.com https://threatcanvas.internal.salesforce.com https://foundation.lightning.force.com https://tc.tm-as-a-service.ast.aws-dev2-uswest2.aws.sfdc.cl https://tabstg.internal.salesforce.com https://foundation.my.site.com https://integration360--i360dev.sandbox.lightning.force.com https://tabdev.internal.salesforce.com https://gus--rakesh.sandbox.lightning.force.com https://spfdev01-supportforce.cs21.force.com https://tabse.internal.salesforce.com https://cichub--stage.sandbox.lightning.force.com https://org62--62uat5sb1.sandbox.lightning.force.com https://mc-00tq6cdjppzlxr9vvx98rqyy1.pub.sfmc-content.com https://tabtst.internal.salesforce.com https://foundation--pie.builder.salesforce-communities.com https://supportforce.my.site.com https://supportforce--spfstage.sandbox.my.site.com https://foundation.builder.salesforce-communities.com https://tc.tm-as-a-service.ast-s.aws-esvc1-useast2.aws.sfdc.cl https://cichub.lightning.force.com https://sfdc-tab.internal.salesforce.com https://foundation--pie.my.salesforce.com https://supportforce.force.com https://gus.lightning.force.com https://foundation.my.salesforce.com https://org62.lightning.force.com https://foundation--pie.sandbox.my.site.com 1
script-src 'self' https://terveyskyla-lastentalo.echat.fi/embed_all.1.1.js https://terveyskyla-naistalo.echat.fi/embed_all.1.1.js https://terveyskyla-lastentalo.echat.fi/embed_all_sv.js https://cdn-eu.readspeaker.com https://analytiikka2.terveyskyla.fi https://analytiikka2.terveyskyla.fi/js/container_mckfTIex.js https://www.googletagmanager.com https://dash.cookiehub.com https://cookiehub.net https://consent-eu.cookiehub.net/ https://www.google-analytics.com 1
script-src 'strict-dynamic' 'nonce-sha256-ZUZDixfdBq9FogzEWsNE8d6jSnsBqn6HcPkqLTB4BV4' dealogic.com www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com google-analytics.com analytics.google.com www.google-analytics.com; object-src 'none'; base-uri 'self'; 1
default-src 'self' https://*.google.com/ https://*.dotomi.com/ https://card.winecountrygiftbaskets.com:82/ https://card.winecountrygiftbaskets.com/ https://images.winecountrygiftbaskets.com/ https://visitors.winecountrygiftbaskets.com/ https://www.youtube.com/ https://qwww435.americanexpress.com/ https://wcgift.com/ https://aslvwebt1.arroweyesolutions.net/ https://cards.cardways.com/ https://checkout.americanexpress.com/ https://dis.eu.criteo.com/ https://dis.us.criteo.com/ https://*.doubleclick.net/ https://stats.g.doubleclick.net/ https://echeckout.americanexpress.com/ https://gum.criteo.com/ https://*.americanexpress.com/ https://mcheckout-qa.americanexpress.com https://www.facebook.com/ https://home-c33.nice-incontact.com/ https://bat.bing.com/ https://*.winecountrygiftbaskets.com https://*.pinterest.com/ https://tpc.googlesyndication.com https://*.criteo.com https://*.criteo.net https://ups-api.houdiniinc.com; script-src 'self' https://*.pinterest.com/ https://*.googleapis.com/ https://www.googleadservices.com/ https://*.google.com/ https://www.googletagmanager.com/ https://code.murdoog.com/ https://secure-cdn.mplxtms.com/ https://www.google-analytics.com/ https://custom-wrs.api.responsys.net/ https://images.winecountrygiftbaskets.com/ https://visitors.winecountrygiftbaskets.com/ https://icm.aexp-static.com/ https://qicm.americanexpress.com/ https://qwww435.americanexpress.com/ https://adadvisor.net/ https://apis.murdoog.com/ https://aa.agkn.com/ https://checkout.americanexpress.com/ https://t.mplxtms.com/ https://api.pinterest.com/ https://api.instagram.com/ https://static.criteo.net/js/ld/ld.js https://sslwidget.criteo.com/ https://widget.eu.criteo.com/ http://s7d1.scene7.com/ https://bat.bing.com/ https://s.yimg.com/ https://sp.analytics.yahoo.com/ https://www.adobetag.com/ https://*.doubleclick.net/ https://stats.g.doubleclick.net/ https://100008590.collect.igodigital.com/ https://*.americanexpress.com/ https://mcheckout-qa.americanexpress.com https://echeckout.americanexpress.com/ https://s7d5.scene7.com/ https://connect.facebook.net/ https://*.googlesyndication.com/ https://home-c33.nice-incontact.com/ https://s.pinimg.com/ https://static-na.payments-amazon.com/OffAmazonPayments/us/sandbox/js/Widgets.js https://static-na.payments-amazon.com/v2/login.js https://*.winecountrygiftbaskets.com https://snap.licdn.com/ https://login-ds.dotomi.com/ https://core.conversant.mgr.consensu.org https://*.clarity.ms https://*.criteo.com https://*.criteo.net https://ups-api.houdiniinc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.googleapis.com/ https://www.googleadservices.com/ https://*.google.com/ https://www.googletagmanager.com/ https://code.murdoog.com/ https://secure-cdn.mplxtms.com/ https://www.google-analytics.com/ https://custom-wrs.api.responsys.net/ https://images.winecountrygiftbaskets.com/ https://visitors.winecountrygiftbaskets.com/ https://icm.aexp-static.com/ https://qicm.americanexpress.com/ https://qwww435.americanexpress.com/ https://adadvisor.net/ https://apis.murdoog.com/ https://aa.agkn.com/ https://checkout.americanexpress.com/ https://s7d1.scene7.com/ https://www.youtube.com/ https://*.americanexpress.com/ https://mcheckout-qa.americanexpress.com https://echeckout.americanexpress.com/ https://s7d5.scene7.com/ 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://*.googleapis.com/ https://fonts.gstatic.com/ https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-3.woff https://www.aexp-static.com/nav/ngn/fonts/3be50273-0b2e-4aef-ae68-882eacd611f9-1.ttf; connect-src 'self' https://*.googleapis.com/ https://*.google.com/ https://www.google-analytics.com/ https://t.mplxtms.com/tags https://wrs.adrsp.net/ https://www.youtube.com/ https://widget.eu.criteo.com/ https://images.winecountrygiftbaskets.com/ https://visitors.winecountrygiftbaskets.com/ https://www.facebook.com/ https://*.yimg.com/ https://ct.pinterest.com/ https://payments-sandbox.amazon.com/ https://bat.bing.com/ https://*.winecountrygiftbaskets.com https://stats.g.doubleclick.net https://*.clarity.ms https://*.criteo.com https://*.criteo.net https://ups-api.houdiniinc.com; img-src * data:;media-src 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://app.storyblok.com; object-src 'none'; img-src  * 'unsafe-inline' 'unsafe-eval' data:; report-uri https://1tt00t50.uriports.com/reports/enforce; report-to default 1
script-src 'self' 'unsafe-inline' *.gtranslate.net *.cloudflare.com *.google.com *.googleapis.com *.clarity.ms *.userway.org https://tdns4.gtranslate.net https://mc.yandex.ru https://www.linkedin.com https://translate.googleapis.com https://vc.hotjar.io https://www.google-analytics.com https://trc.taboola.com https://s.yimg.com https://bam.nr-data.net https://t.leady.com crazyegg.com *.crazyegg.com *.flipsnack.com *.influ2.com *.outbrain.com *.bing.com *.googletagmanager.com *.jsdelivr.net *.jquery.com *.ltts.com *.facebook.net *.licdn.com *.lfeeder.com *.doubleclick.net *.hotjar.com *.pardot.com; img-src * 'self' data:; media-src 'self' *.youtube.com *.ltts.com *.vimeo.com *.flipsnack.com; frame-src https://insight.ltts.com https://mpembed.com/  *.cloudfront.net *.matterport.com *.userway.org *.ltts.com *.questionpro.com *.flipsnack.com *.turtl.co *.linkedin.com *.youtube.com youtube.com *.vimeo.com *.facebook.com *.twitter.com www.google.com *.google.com *.hotjar.com https://www.easytourz.com/ *.sensehq.com *.influ2.com; connect-src 'self' *.clarity.ms *.userway.org https://tdns4.gtranslate.net https://mc.yandex.ru https://in.hotjar.com https://www.linkedin.com https://translate.googleapis.com https://vc.hotjar.io https://www.google-analytics.com https://trc.taboola.com https://s.yimg.com https://bam.nr-data.net https://t.leady.com crazyegg.com *.crazyegg.com *.flipsnack.com *.influ2.com; report-uri /report-csp-violation 1
default-src 'self'; frame-ancestors 'none'; font-src https://*.cloudfront.net/ https://fonts.gstatic.com https://use.fontawesome.com data: 'self'; style-src https://*.cloudfront.net/ https://fonts.googleapis.com https://use.fontawesome.com 'unsafe-inline' 'self'; script-src https://*.cloudfront.net/ https://api.rudderlabs.com https://cdn.rudderlabs.com 'unsafe-eval' 'unsafe-inline' 'self'; frame-src https://www.google.com/recaptcha/api2/ https://www.youtube.com/embed/Oaq4P-7YJBU; img-src https://*.cloudfront.net/ https://www.gravatar.com 'self'; connect-src https://api.rudderstack.com https://api.rudderlabs.com https://messagebird-dataplane.rudderstack.com 'self'; 1
frame-ancestors 'self' https://app.safe.global https://dexscreener.com https://insuretoken.net https://gnosis-safe.io 1
frame-ancestors 'self' http://mx.mercadojobs.com http://empleo.trovit.com.mx; script-src 'unsafe-inline' 'unsafe-eval' blob: https://*.openreplay.com https://*.sentry-cdn.com https://*.talenteca.com https://api.hubspot.com https://accounts.google.com https://analytics.trovit.com https://connect.facebook.net https://googleads.g.doubleclick.net https://partner.googleadservices.com https://platform.twitter.com https://static.ads-twitter.com https://script.crazyegg.com https://secure.avangate.com https://tpc.googlesyndication.com https://www.googleadservices.com https://www.googletagmanager.com https://js-na1.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://cdn.ampproject.org; worker-src 'self' blob: 1
default-src * 'unsafe-inline' data: blob: mediastream: 'unsafe-eval' 'unsafe-hashes' 'wasm-unsafe-eval' 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.consentmanager.net www.etracker.de de.etracker.com https://delivery.consentmanager.net https://use.typekit.net/eho0yem.js cdn.consentmanager.net delivery.consentmanager.ne use.typekit.net c.delivery.consentmanager.net code.etracker.com https://cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' https://cdn.consentmanager.net www.etracker.de de.etracker.com https://delivery.consentmanager.net https://use.typekit.net/eho0yem.js cdn.consentmanager.net delivery.consentmanager.net use.typekit.net c.delivery.consentmanager.net code.etracker.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; frame-ancestors 'self' https://*.etracker.com *.etracker.com; report-uri https://www.volkswagenstiftung.de/de/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' intervia.com *.intervia.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.google.com ajax.googleapis.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net 1
default-src 'self' blob:; connect-src 'self' flixtor.st wss://www.blockonomics.co www.blockonomics.co; font-src cdnjs.cloudflare.com ssl.p.jwpcdn.com; media-src *.jwplayer.com 'self' blob:; object-src *.youtube.com; frame-src *.youtube.com www.google.com challenges.cloudflare.com; frame-ancestors 'none'; child-src 'self' *.youtube.com blob:; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' img.xcdn.to image.tmdb.org flixtor.st images.weserv.nl wsrv.nl cdnjs.cloudflare.com www.blockonomics.co data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' stackpath.bootstrapcdn.com cdn.jsdelivr.net ssl.p.jwpcdn.com *.cloudflare.com *.gstatic.com flixtor.st blob:; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; worker-src * 'self' data: blob: 'unsafe-inline'; img-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1
worker-src blob:; media-src * blob:; script-src-attr 'unsafe-inline'; default-src  'self' http: 'unsafe-inline'; img-src 'unsafe-inline' http: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'               *.hs-scripts.com               *.hs-analytics.net              *.doubleclick.net                *.azureedge.net               *.azurewebsites.net              *.typekit.net               *.cookielaw.org              *.google-analytics.com              *.googletagmanager.com              *.googleadservices.com              *.g.doubleclick.net              *.gstatic.com              *.search.windows.net              *.hs-banner.com              *.textkernel.com              *.ads.linkedin.com              *.hsadspixel.net              *.hubapi.com              *.hubspot.com              *.licdn.com              *.azure.net               *.facebook.net              *.facebook.com              *.pardot.com               *.kforce.com               *.googleapis.com               *.google.com               *.dropbox.com               *.ceros.com              *.ytimg.com              *.ggpht.com              *.cloudfront.net              *.cloudflare.com              *.youtube.com              *.linkedin.com              *.monster.com               *.twitter.com               *.indeed.com              *.apply.indeed.com              http://www.google-analytics.com/analytics.js               https://snap.licdn.com/li.lms-analytics/insight.min.js               https://cdn.cookielaw.org/scripttemplates/otSDKStub.js               https://use.typekit.net/ukt6xtu.js              https://cdn.cookielaw.org/scripttemplates/6.12.0/otBannerSdk.js              http://view.ceros.com/scroll-proxy.min.js              https://www.gstatic.com/charts/loader.js              https://www.gstatic.com/charts/loader.js              http://localhost:3000/3eab5490-eadc-43d5-87bc-2657aae153dd              http://localhost:3000/0867403a-379c-4b62-a8df-69e3ad545b27              http://localhost:3000/1aaeb673-3786-4d80-849e-76ae71249686              http://localhost:3000/048650c0-1d10-426d-8e6d-e235201124d3              https://stage2.kforce.com/64ec2d2d-acc2-4834-866a-ff3384224de9              https://stage2.kforce.com/abb93004-e801-4692-a182-a51d27a9bc33              https://staging.textkernel.com/match/js/tkwidget.js              https://apply.indeed.com/indeedapply/env              https://login.monster.com/awm/en_US/awm.js              https://apis.google.com/js/api.js              https://apis.google.com/js/client.js              https://kforceuploadstage.azurewebsites.net/signalr/hubs              https://d3fw5vlhllyvee.cloudfront.net/indeedapply/s/6637e31/indeedapply-compiled.js               https://www.googletagmanager.com/              https://js.hsadspixel.net/fb.js              https://js.hs-analytics.net/              https://js.hs-banner.com/v2/20553560/banner.js              https://www.youtube.com/              http://www.googleadservices.com/;                             1
default-src https:; font-src https: data:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https:; style-src 'unsafe-inline' 'self' https:; connect-src 'self' wss: https:; 1
frame-ancestors 'self' *.azurewebsites.net *.bromcomcloud.com *.bromcomvle.com 1
default-src  http:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  http:; style-src http:  'unsafe-inline'; img-src 'self' data: http:; connect-src http:  ws:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.salesforceliveagent.com service.force.com *.my.salesforce.com *.google.com *.facebook.net *.facebook.com *.omtrdc.net *.youtube.com *.ytimg.com *.doubleclick.net *.googleapis.com *.bazaarvoice.com *.iesnare.com appleid.cdn-apple.com www.googletagmanager.com www.googleadservices.com activitymap.adobe.com qasfix-hofer.cs101.force.com cs101.salesforce.com https://www.googletagmanager.com/gtag/js *.bing.com https://s.pinimg.com/ct/core.js https://s.pinimg.com/ct/lib/main.2a04f3ee.js hofer.force.com hofer.secure.force.com https://cdn.polyfill.io/v2/polyfill.min.js static.lightning.force.com iprom.net *.iprom.net *.cookielaw.org *.onetrust.com s7g10.scene7.com tags.tiqcdn.com collect.tealiumiq.com *.my.salesforce-sites.com int-crm--c.vf.force.com; object-src 'none'; connect-src 'self' *.omtrdc.net *.demdex.net *.postcodeanywhere.co.uk *.bazaarvoice.com *.facebook.com activitymap.adobe.com sitecatalyst.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com c.la1-c1-fra.salesforceliveagent.com EU17.salesforce.com d.la1-c1-fra.salesforceliveagent.com www.zurueckzumursprung.at https://storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at *.googleapis.com *.cookielaw.org *.onetrust.com s7g10.scene7.com iprom.net collect.tealiumiq.com *.doubleclick.net *.my.salesforce.com *.my.salesforce-sites.com *.salesforceliveagent.com int-crm--c.vf.force.com; style-src 'self' 'unsafe-inline' *.bazaarvoice.com *.googleapis.com *.omtrdc.net *.my.salesforce.com service.force.com qasfix-hofer.cs101.force.com cs101.salesforce.com hofer.force.com hofer.secure.force.com *.cookielaw.org *.onetrust.com s7g10.scene7.com *.my.salesforce-sites.com *.salesforceliveagent.com int-crm--c.vf.force.com; font-src 'self' *.gstatic.com data:; frame-src 'self' *.demdex.net *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com *.customervoice360.com *.adobe.com aldisued.marketing.adobe.com *.psa.at aldisued.experiencecloud.adobe.com web-psa-preprod.mp-testing.com rest-b2b-crt-preprod.mp-testing.com psa-card-administration.mobile-pocket.com *.bazaarvoice.com *.iesnare.com www.elettershop.de t.elettershop.de *.salesforceliveagent.com service.force.com activitymap.adobe.com *.omniture.com qasfix-hofer.cs101.force.com cs101.salesforce.com *.doubleclick.net www.zurueckzumursprung.at storefinder.aldi.at https://empty-fridge-widget.vercel.app https://gewinnspiel.aldi-sued.de test.storefinder.aldi.at cs107.salesforce.com eu17.salesforce.com letaki.hofer.si *.questback.com *.my.salesforce.com *.my.salesforce-sites.com int-crm--c.vf.force.com; frame-ancestors 'self' https://aldisued.marketing.adobe.com https://aldisued.experiencecloud.adobe.com https://www.elettershop.de https://t.elettershop.de https://experience.adobe.com hofer-custom.staffbase.com unserhofer.hofer.at app.mojhofer.hofer.si mojhofer.hofer.si staffbase.com localhost:* 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com; img-src 'self' data: s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com data: blob: translate.googleapis.com translate.google.com www.google.com i.ytimg.com; connect-src 'self' maps.googleapis.com maps.google.com translate.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com data:; frame-src 'self' maps.googleapis.com maps.google.com www.youtube.com; child-src 'self' www.youtube.com; worker-src * ; report-uri https://philsys.gov.ph?gdsih-csp-report; 1
frame-ancestors repubitdigital.com www.powertradingworkshop.com www.investing.com ca.investing.com www.cliktrade.com 1
frame-ancestors *.imu.nl *.phoenixsite.nl imu.nl 1
default-src 'self';style-src 'self' 'unsafe-inline' https://www.qliro.com https://translate.googleapis.com https://*.niceincontact.com;script-src 'self' 'unsafe-inline' https://*.qliro.com https://*.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://static.zdassets.com https://cdn.cookielaw.org https://geolocation.onetrust.com 'unsafe-eval' https://translate.googleapis.com https://serve.albacross.com https://snap.licdn.com https://secure.agile-company-365.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-analytics.net https://sc.lfeeder.com https://js-eu1.hsforms.net https://*.niceincontact.com https://connect.facebook.net https://js-eu1.hsadspixel.net https://js-eu1.hubspot.com;img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bam.nr-data.net https://bam.eu01.nr-data.net https://www.gstatic.com https://translate.google.com https://v2assets.zopim.io https://assets.qliro.com https://cdn.cookielaw.org https://*.albacross.com https://px.ads.linkedin.com https://secure.data-insight365.com https://app.quartr.com https://*.hsforms.com https://track-eu1.hubspot.com https://www.linkedin.com https://tr.lfeeder.com https://*.niceincontact.com https://unpkg.com https://af-de-platform-avatars.s3.eu-central-1.amazonaws.com https://www.facebook.com https://cta-eu1.hubspot.com;font-src 'self' data: https://*.niceincontact.com;frame-src https://vars.hotjar.com https://app.quartr.com https://*.hsforms.com youtube.com www.youtube.com https://26530044.hs-sites-eu1.com https://static.hubspot.com;connect-src 'self' https://consumer-api.qliro.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://cookies-data.onetrust.io https://geolocation.onetrust.com https://idx.liadm.com forms-eu1.hscollectedforms.net https://cdn.linkedin.oribi.io  https://new-collect.albacross.com https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://*.niceincontact.com wss://*.niceincontact.com https://*.niceincontact.com https://px.ads.linkedin.com  https://api-eu1.hubapi.com  https://cta-eu1.hubspot.com;media-src https://www.qliro.com https://*.niceincontact.com https://q-com-media.s3.eu-north-1.amazonaws.com; 1
default-src 'self'; connect-src https://*.adform.net https://*.adsafety.net https://*.analytics.google.com https://*.clarity.ms https://*.contentexchange.me https://*.demdex.net https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.mathtag.com https://*.oniad.com https://*.seadform.net https://*.smartadserver.com https://*.t.eloqua.com https://*.tapad.com https://*.tawk.to https://api.feefo.com https://api-v2.tidio.co https://cdn.linkedin.oribi.io https://cdn-ukwest.onetrust.com https://collect.feefo.com https://content.hotjar.io https://cookies.ricoh-europe.com https://east.srv.stackadapt.com https://eu.srv.stackadapt.com https://events.hotjar.io https://geolocation.onetrust.com https://idx.liadm.com https://ldynamicspublicapi.leadforensics.com https://maps.googleapis.com https://privacyportal-uk.onetrust.com https://px.ads.linkedin.com https://qvdt3feo.com https://rodp.ricoh.at https://rodp.ricoh.be https://rodp.ricoh.ch https://rodp.ricoh.co.uk https://rodp.ricoh.co.za https://rodp.ricoh.com.tr https://rodp.ricoh.cz https://rodp.ricoh.de https://rodp.ricoh.dk https://rodp.ricoh.es https://rodp.ricoh.fi https://rodp.ricoh.fr https://rodp.ricoh.hu https://rodp.ricoh.ie https://rodp.ricoh.it https://rodp.ricoh.lu https://rodp.ricoh.nl https://rodp.ricoh.no https://rodp.ricoh.pl https://rodp.ricoh.pt https://rodp.ricoh.se https://rodp.ricoh.sk https://rodp.ricoh-europe.com https://rs.fullstory.com https://sentry-new.tidio.co https://srv.stackadapt.com https://surveystats.hotjar.io https://tags.srv.stackadapt.com https://uw.srv.stackadapt.com https://vc.hotjar.io https://www.googleadservices.com https://www.google-analytics.com 'self' wss://*.hotjar.com wss://*.tawk.to wss://socket.tidio.co; font-src data: https://*.tawk.to https://cookies.ricoh-europe.com https://fast.fonts.net https://fonts.gstatic.com https://resources.ricoh-europe.com https://script.hotjar.com https://use.fontawesome.com 'self'; frame-src https://*.adform.net https://*.dev.amelia.com https://*.fls.doubleclick.net https://*.ricoh-europe.com https://*.risenet.eu https://*.t.eloqua.com https://*.tawk.to https://app.livestorm.co https://bid.g.doubleclick.net https://cdn.jst.ai https://cdn.justuno.com https://discover.ricoh.co.uk https://download.ricoh-europe.com https://embed.ricohtours.com https://gestiondocumentaire.ricoh.fr https://open.spotify.com https://productquery.ricoh-europe.com https://recaptcha.google.com https://ricoh.turtl.co https://ricoh-docuware-calculator.tbtmarketing.com https://ricoh-warranty.convar.com https://s.pointerpro.com https://supportrequest.ricoh.ch https://vars.hotjar.com https://view.ceros.com https://webforms.ricoh.de https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com; img-src data: https://*.ads.linkedin.com https://*.analytics.google.com https://*.clarity.ms https://*.en25.com https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.google-analytics.com https://*.googletagmanager.com https://*.t.eloqua.com https://*.tawk.to https://ad.doubleclick.net https://ade.googlesyndication.com https://api.swiftype.com https://assets.ricoh-europe.com https://assets.turtl.co https://cdn-ukwest.onetrust.com https://east.srv.stackadapt.com https://eu.srv.stackadapt.com https://googleads.g.doubleclick.net https://i.ytimg.com https://id.rlcdn.com https://images.response.ricoh-europe.com https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://match.prod.bidr.io https://qvdt3feo.com https://resources.ricoh-europe.com https://script.hotjar.com https://secure.leadforensics.com https://segments.company-target.com https://service.maxymiser.net https://srv.stackadapt.com https://ssl.gstatic.com https://static.hotjar.com https://tags.srv.stackadapt.com https://tawk.link https://twemoji.maxcdn.com https://uw.srv.stackadapt.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com 'self'; media-src https://widget-v4.tidiochat.com 'self'; script-src https://*.adform.net https://*.adsafety.net https://*.clarity.ms https://*.contentexchange.me https://*.demdex.net https://*.en25.com https://*.googletagmanager.com https://*.mathtag.com https://*.oniad.com https://*.seadform.net https://*.smartadserver.com https://*.t.eloqua.com https://*.tapad.com https://*.tawk.to https://ajax.googleapis.com https://aly.jst.ai https://aly.justuno.com https://api.feefo.com https://api.swiftype.com https://app-static.turtl.co https://c.bing.com https://cdn.jsdelivr.net https://cdn.jst.ai https://cdn.justuno.com https://cdn.mouseflow.com https://code.jquery.com https://code.tidio.co https://connect.facebook.net https://east.srv.stackadapt.com https://edge.fullstory.com https://eu.srv.stackadapt.com https://fullstory.com https://googleads.g.doubleclick.net https://ldynamicspublicapi.leadforensics.com https://lq3-production01.s3.amazonaws.com https://maps.googleapis.com https://my.jst.ai https://my.justuno.com https://register.feefo.com https://resources.ricoh-europe.com https://rodp.ricoh.at https://rodp.ricoh.be https://rodp.ricoh.ch https://rodp.ricoh.co.uk https://rodp.ricoh.co.za https://rodp.ricoh.com.tr https://rodp.ricoh.cz https://rodp.ricoh.de https://rodp.ricoh.dk https://rodp.ricoh.es https://rodp.ricoh.fi https://rodp.ricoh.fr https://rodp.ricoh.hu https://rodp.ricoh.ie https://rodp.ricoh.it https://rodp.ricoh.lu https://rodp.ricoh.nl https://rodp.ricoh.no https://rodp.ricoh.pl https://rodp.ricoh.pt https://rodp.ricoh.se https://rodp.ricoh.sk https://rodp.ricoh-europe.com https://s.ytimg.com https://script.hotjar.com https://secure.data-creativecompany.com https://secure.leadforensics.com https://service.maxymiser.net https://snap.licdn.com https://srv.stackadapt.com https://ssl.google-analytics.com https://static.hotjar.com https://tag.demandbase.com https://tagmanager.google.com https://tags.srv.stackadapt.com https://unpkg.com https://use.fontawesome.com https://uw.srv.stackadapt.com https://view.ceros.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://widget-v4.tidiochat.com https://www.fullstory.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com 'nonce-VaQITzd/BeU3inqefbtafDU2pWVBjLZ58FcnaazggEWVAw+s5/8pt6f+iXQbuM1KhUmg1scgZsDIOmD9xXXTNg=='; style-src https://*.en25.com https://*.tawk.to https://app-static.turtl.co https://cdn.jsdelivr.net https://cookies.ricoh-europe.com https://east.srv.stackadapt.com https://eu.srv.stackadapt.com https://fast.fonts.net https://fonts.googleapis.com https://images.response.ricoh-europe.com https://qvdt3feo.com https://resources.ricoh-europe.com https://script.hotjar.com https://srv.stackadapt.com https://static.hotjar.com https://tagmanager.google.com https://tags.srv.stackadapt.com https://unpkg.com https://use.fontawesome.com https://uw.srv.stackadapt.com 'nonce-VaQITzd/BeU3inqefbtafDU2pWVBjLZ58FcnaazggEWVAw+s5/8pt6f+iXQbuM1KhUmg1scgZsDIOmD9xXXTNg==' 'self' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'unsafe-hashes'; report-uri https://ricoh.report-uri.com/r/t/csp/enforce; report-to default; 1
frame-ancestors 'self' *.vietgiaitri.com 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.consozial.de *.powtech-technopharm.com *.kommunale.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.googlesyndication.com *.outbrain.com ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.doubleclick.net connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com data: ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com *.outbrain.com ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
default-src 'self';media-src 'self' blob: *.dna.ip-only.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google-analytics.com *.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com dev.virtualearth.net *.highcharts.com https://*.facebook.net *.google-analytics.com *.googletagmanager.com *.qbrick.com forsvaret.boost.ai *.googleapis.com unpkg.com rawcdn.githack.com blob:;img-src 'self' data: http://mt1.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.openstreetmap.org *.virtualearth.net boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com *.dna.ip-only.net kommunikasjon.ntb.no;font-src 'self' fonts.gstatic.com;frame-src 'self' *.vimeo.com *.youtube.com embed.acast.com *.spinviewglobal.com *.acast.com/;connect-src 'self' opencache.statkart.no *.google-analytics.com *.googletagmanager.com *.highcharts.com *.qbrick.com https://*.facebook.net *.dna.ip-only.net wss://notification.qbrick.com/ https://connect.facebook.net/en_US/fbevents.js forsvaret.boost.ai i.ytimg.com; 1
default-src 'self' slavic401k.com *.slavic401k.com;    script-src 'self' *.hotjar.com *.cookielaw.org fast.wistia.com *.wistia.com fast.wistia.net jsd-widget.atlassian.com *.cloudflareinsights.com *.google-analytics.com *.googletagmanager.com code.jquery.com platform.twitter.com *.reciteme.com *.cloudflare.com snap.licdn.com 'unsafe-eval' 'unsafe-inline';    style-src 'self' *.cloudflare.com cloud.typography.com fast.fonts.net *.googleapis.com hello.myfonts.net maxcdn.bootstrapcdn.com s401k-cdn.s3.us-east-2.amazonaws.com unicons.iconscout.com unpkg.com stackpath.bootstrapcdn.com *.reciteme.com 'unsafe-inline'; img-src 'self' data: *.cookielaw.org fast.wistia.com *.google-analytics.com www.google.com *.wistia.com fast.wistia.net *.reciteme.com secure.gravatar.com *.linkedin.com;    font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com s401k-cdn.s3.us-east-2.amazonaws.com stackpath.bootstrapcdn.com unicons.iconscout.com *.cloudflare.com fast.wistia.net fast.wistia.com *.reciteme.com data:;    connect-src 'self' analytics.google.com *.cookielaw.org cloud.typography.com fast.fonts.net *.googleapis.com *.onetrust.com api-private.atlassian.com jsd-widget.atlassian.com fast.wistia.net *.wistia.com *.litix.io stats.g.doubleclick.net www.google-analytics.com *.reciteme.com metrics.hotjar.io content.hotjar.io *.linkedin.com wss: *.hotjar.com;    frame-src 'self' td.doubleclick.net platform.twitter.com www.calcxml.com fast.wistia.net;    form-action 'self' *.slavic401k.com;    manifest-src 'self'; media-src 'self' blob: slavic401k.com *.slavic401k.com;   object-src 'none' 1
frame-ancestors 'self' ministryschedulerpro.com volunteerschedulerpro.com rotundasoftware.com 1
default-src 'self' https://api.userway.org/ https://cdn.userway.org/ https://www.google-analytics.com https://connect.facebook.net https://script.crazyegg.com/ https://chatbot.visionbanco.com/ https://tracking.crazyegg.com/ https://stats.g.doubleclick.net/ https://www.youtube.com/ https://www.visionbanco.com https://cdn.jsdelivr.net/ https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api/siteverify https://www.gstatic.com/recaptcha/ https://www.google.com https://goo.gl/7K7WLu https://www.w3.org/2000/svg https://banner.visionbanco.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://chatbot.visionbanco.com;font-src *; img-src * 'self' data: https:; 1
frame-src 'self' blob: https://www.google.com/recaptcha/ https://www.youtube.com https://www.youtube-nocookie.com 1
upgrade-insecure-requests; object-src 'none'; frame-ancestors 'self' genius.avoxi.com orders.avoxi.com development-us1.avoxi.com staging-us1.avoxi.com staging-us2.avoxi.com local.avoxi.com core.avoxi.com development-iw1.avoxi.com development-iw2.avoxi.com development-iw3.avoxi.com development-iw4.avoxi.com development-iw5.avoxi.com shoppingcart-development-iw1.avoxi.com shoppingcart-development-iw2.avoxi.com shoppingcart-development-iw3.avoxi.com shoppingcart-development-iw4.avoxi.com shoppingcart-development-iw5.avoxi.com shoppingcart-development-us1.avoxi.com shoppingcart-staging.com shoppingcart-staging-us2.avoxi.com *.avoxi.com; 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.sa 1
font-src *.fontawesome.com *.nr-data.net *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.nr-data.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.nr-data.net *.oppwa.com *.google.com *.google.pt *.doubleclick.net *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.nr-data.net *.gstatic.com *.google.com *.google.pt *.google.com.br *.google.ch *.google.co.uk *.google.mw *.google.com.au *.google.es *.google.co.mz *.google.fr *.google.ac *.google.co.ao *.googletagmanager.com *.google-analytics.com *.g.doubleclick.com *.pinterest.com *.openstreetmap.org *.celeiro.pt *.paypalobjects.com *.facebook.com *.oppwa.com *.bird.eu *.amasty.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.avada.io *.clarity.ms *.pinterest.com *.cloudflareinsights.com *.cloudflare.com *.google.com *.google.pt *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.gstatic.com *.oppwa.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.nr-data.net *.googleapis.com *.googletagmanager.com *.oppwa.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://get.geojs.io *.avada.io *.clarity.ms *.g.doubleclick.net *.google-analytics.com *.google.pt *.openstreetmap.org *.oppwa.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' analytics.cdmon.com widget.scrads.com connect.facebook.net bat.bing.com static.ads-twitter.com static.hotjar.com *.googletagmanager.com *.doubleclick.net; style-src 'self' 'unsafe-inline' widget.scrads.com *.doubleclick.net; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.cdmon.com widget.scrads.com *.facebook.com bat.bing.com; frame-src 'self' widget.scrads.com *.facebook.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net; img-src 'self' data: hostwordpress.es *.hostwordpress.es widget.scrads.com analytics.twitter.com t.co *.facebook.com google.com google.es *.ytimg.com bat.bing.com *.google.com *.google.es; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' https://enextrunrunit.s3-us-west-2.amazonaws.com https://teams.microsoft.com 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.amkor.com amkor.com *.cookieyes.com cdn-cookieyes.com *.clarity.ms *.litix.io *.wistia.net *.wistia.com embedwistia-a.akamaihd.net *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.youtube.com; img-src 'self' data: c44f5d406df450f4a66b-1b94a87d576253d9446df0a9ca62e142.ssl.cf2.rackcdn.com cdn-cookieyes.com *.doubleclick.net *.youtube.com *.clarity.ms *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.wistia.net *.wistia.com embedwistia-a.akamaihd.net; style-src 'self' data: 'unsafe-inline' *.youtube.com fonts.googleapis.com use.fontawesome.com; 1
report-uri https://ulcm.report-uri.com/r/d/csp/enforce;base-uri 'none';object-src 'none';frame-ancestors 'self';form-action 'self' https://www.facebook.com;upgrade-insecure-requests;script-src 'self' https://www.googletagmanager.com/ https://bat.bing.com/ https://connect.facebook.net/ https://cdnjs.cloudflare.com/ https://api.swiftype.com/ https://www.google-analytics.com/ https://ajax.googleapis.com/ https://platform.twitter.com/ https://script.crazyegg.com/ 'unsafe-inline' 'strict-dynamic' 'nonce-StYGTGJnirJY5eStV4OxKi4u1kp3JUCH' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob: https://gum.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.ry.com.au https://m.ry.com.au https://checkout.ry.com.au https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://*.contentsquare.net https://app.contentsquare.com https://static.criteo.net https://*.criteo.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'self';default-src 'self' https://*.crazyegg.com;form-action 'self' https://www.facebook.com;img-src 'self' blob: data: https:;media-src 'self' https://cdn.tenantcloud.net https://tenantcloud.s3.us-west-2.amazonaws.com/;object-src 'none';frame-src https://www.google.com https://www.facebook.com https://accounts.google.com https://*.doubleclick.net https://www.youtube.com https://anchor.fm https://podcasters.spotify.com https://tenantcloud.typeform.com https://form.typeform.com;script-src 'self' 'unsafe-inline' https://cdn.tenantcloud.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://google-analytics.com https://*.googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://accounts.google.com https://*.facebook.net https://*.crazyegg.com https://*.purechat.com https://*.purechatcdn.com https://embed.typeform.com https://secure.quantserve.com/quant.js https://rules.quantcount.com/rules-p-qGKfkSMRakkcP.js https://scripts.claspo.io https://cdn.claspo.io https://app.convertful.com https://traffic.deny.network;connect-src 'self' https://cdn.tenantcloud.net https://*.google-analytics.com https://google-analytics.com https://*.googleadservices.com https://*.google.com https://stats.g.doubleclick.net https://*.facebook.com https://*.crazyegg.com https://*.purechat.com https://*.sentry.io https://app.convertful.com https://script.claspo.io https://ipapi.co https://traffic.winterhoff.io;style-src 'self' 'unsafe-inline' https://cdn.tenantcloud.net https://*.typekit.net https://cdn.jsdelivr.net/npm/remixicon@2.5.0/fonts/remixicon.css https://cdn.jsdelivr.net/npm/swiper@11/swiper-bundle.min.css https://embed.typeform.com https://www.googletagmanager.com https://fonts.googleapis.com;font-src data: https://cdn.tenantcloud.net https://*.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com;child-src blob: 1
object-src 'none'; block-all-mixed-content 1
default-src 'self'; script-src 'self' siteimproveanalytics.com *.siteimproveanalytics.io avplayer-cdn.akamaized.net 'unsafe-inline'; img-src data: 'self' siteimproveanalytics.com *.siteimproveanalytics.io; connect-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; worker-src 'self'; frame-src 'self' www.youtube-nocookie.com www.youtube.com cdn.laola1.tv player.cloud.wowza.com live.virtual-events.at vimeo.com player.vimeo.com app.lapentor.com playout.3qsdn.com avplayer-cdn.akamaized.net audiovisual.ec.europa.eu; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://mc.yandex.ru https://www.googletagmanager.com https://talkdriver.ru https://support.smsc.ru https://support.smsc.kz https://sup.smsc.ua https://plugins.stripo.email blob: 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.dk https://www.myheritage.dk  'nonce-9fd50edd46d7876f6e1085b30ddf8a54' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.dk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self'; base-uri 'self'; object-src 'none'; script-src 'self' *.hubspot.com js.hs-analytics.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-banner.com js.hs-banner.net js.usemessages.com *.hsforms.net cdn2.hubspot.net https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com/  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://snap.licdn.com https://player.vimeo.com/ 'strict-dynamic' 'nonce-tJSSLs+AwX5Oevww307vbA=='; connect-src 'self' *.hubspot.com api.hubapi.com js.hs-banner.com *.hsforms.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com static.hsappstatic.net cdn2.hubspot.net https://ajax.googleapis.com; font-src fonts.gstatic.com cdn2.hubspot.net; img-src 'self' data: *.hubspot.com *.hubspotusercontent-na1.net static.hsappstatic.net *.hsforms.com https://www.facebook.com/ *.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com/ https://www.google.com https://www.google.be; frame-src *.hubspot.com *.hsforms.com https://www.google.com https://www.facebook.com/ https://platform.twitter.com/ https://vimeo.com/ https://player.vimeo.com/; prefetch-src 'self' static.hsappstatic.net; upgrade-insecure-requests; 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.escapebox.si  https://sveze-sadje-zelenjava.si; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io  http://m.dolenjskilist.si  https://*.metropolitan.si  https://*.slo-podnapisi.eu  https://*.svet24.si  https://bivanje.si  https://creatives.sascdn.com  https://dijaski.net  https://e-vozila.si  https://enspot.si  https://fokuspokus.si  https://jejzdravo.si  https://kosarka.info  https://megasvet.si  https://moderna-zenska.si  https://nascas.si  https://necenzurirano.si  https://nogomania.si  https://nt-rc.si  https://pravi-moski.si  https://radio80.si  https://reporter.si  https://revijazeleniraj.si  https://rock-celje.si  https://rockmaribor.si  https://rokomet.net  https://smart-ad.com  https://snportal.si  https://spletnicasopis.eu  https://sprosti.se  https://studentski.net  https://vecer.com  https://velenje.com  https://www.angleskaliga.com  https://www.bambino.si  https://www.bodieko.si  https://www.dnevnik.si  https://www.dolenjskilist.si  https://www.domacebranje.com  https://www.ekohisastil.si  https://www.lepdan.si  https://www.megasvet.si  https://www.mojaozimnica.com  https://www.moji-recepti.net  https://www.monitor.si  https://www.pomurec.com  https://www.portalplus.si  https://www.portalplus.si  https://www.prlekija-on.net  https://www.razlagasanj.com  https://www.sanjskaknjiga.com  https://www.slovenskenovice.si  https://www.studentarija.net  https://www.velenje.com  https://www.vemkajjem.si  https://www.vemkajjem.si  https://www.vrtnarica.si  https://www.zenskisvet.si  https://zastarse.si  https://zdravstvena.info  https://zimski-sporti.si; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self';script-src 'self' 'nonce-x3YKOH5RnukUUi6NI6spnOd0B'; style-src 'self' 'nonce-x3YKOH5RnukUUi6NI6spnOd0B'; object-src 'none';base-uri 'self';img-src 'self' https:;connect-src 'self' https://pagure.io:8088;frame-src https://docs.pagure.org;frame-ancestors https://pagure.io; 1
connect-src 'self' wss://nexus-websocket-a.intercom.io 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.cloudflare.com https://px.ads.linkedin.com https://*.ads.linkedin.com https://*.googletagmanager.com https://*.google.com https://*.facebook.net https://www.google-analytics.com https://www.googleoptimize.com https://*.clickagy.com https://use.fontawesome.com https://fonts.googleapis.com https://*.hubspot.com https://*.hsforms.net https://*.licdn.com https://www.googleadservices.com https://*.clearbitjs.com https://*.zoominfo.com https://*.g2crowd.com https://*.hsforms.com https://*.chilipiper.com https://*.amazonaws.com https://*.facebook.com https://*.doubleclick.net https://*.hs-analytics.net https://*.hs-scripts.com https://googleads.g.doubleclick.net https://js.hs-analytics.net https://*.hsleadflows.net https://*.hsadspixel.net/ https://*.hs-banner.com https://*.hubapi.com https://boards.greenhouse.io https://player.vimeo.com https://*.vimeo.com https://*.lfeeder.com https://*.youtube.com https://cdn.linkedin.oribi.io https://pro.ip-api.com https://*.ip-api.com https://aplo-evnt.com https://*.apollo.io https://*.factors.ai https://*.clearbit.com https://*.clearbitscripts.com https://*.clarity.ms https://airtable.com https://js.hscta.net https://*.nexus-websocket-a.intercom.io https://*.6sense.com https://*.intercomcdn.com https://*.6sc.co https://*.intercom.io https://no-cache.hubspot.com https://epsilon.6sense.com https://*.hubspot.com https://*.hs-sites.com https://*.greenhouse.io https://*.dreamdata.cloud data:;img-src * 'self' data: https: 1
frame-ancestors 'self' https://www.atitesting.com https://stage-www.atitesting.com *.atitesting.com 1
frame-src 'self' https://tpc.googlesyndication.com https://td.doubleclick.net https://vars.hotjar.com https://www.facebook.com; frame-ancestors 'self'; report-uri https://support.mett.nl/api/csp/RecordReport; 1
default-src * data:; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
default-src 'self' *.saptco.com.sa *.oppwa.com *.mastercard.com ;              font-src 'self' data: fonts.gstatic.com *.googleapis.com ;              img-src * data: ;              style-src 'self' 'unsafe-inline' *.oppwa.com ppipe.net *.ppipe.net ;              script-src 'self' 'unsafe-inline' 'unsafe-eval' platform.twitter.com https://localhost *.googletagmanager.com *.google-analytics.com *.google.com *.saptco.com.sa saptco.com.sa *.googleapis.com *.gstatic.com https://www.gstatic.com code.jquery.com *.oppwa.com oppwa.com ppipe.net *.ppipe.net;              frame-src 'self' *.twitter.com https://www.youtube.com/ youtube.com  *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.mastercard.com *.ppipe.net ppipe.net oppwa.com ppipe.net *.ppipe.net ;              frame-ancestors 'self'  *.google.com *.saptco.com.sa *.oppwa.com *.mastercard.com mtf.gateway.mastercard.com saptco.com.sa https://mtf.gateway.mastercard.com ppipe.net oppwa.com *.ppipe.net ;              connect-src 'self' localhost *.google-analytics.com stats.g.doubleclick.net *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.googleapis.com ppipe.net *.ppipe.net ;              style-src-elem 'self' 'unsafe-inline' *.google.com *.saptco.com.sa saptco.com.sa *.oppwa.com *.googleapis.com oppwa.com ppipe.net *.ppipe.net ; 1
frame-ancestors 'self' https://newaccount.wsfsbank.com; 1
default-src 'self' ; base-uri 'self' ; frame-ancestors 'self' ; form-action 'self' https://js.createsend1.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://info.viterra.com https://*.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://pi.pardot.com https://analytics.tiktok.com https://static.ads-twitter.com https://connect.facebook.net https://www.work.ua https://js.createsend1.com/ https://createsend.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com ; connect-src 'self' https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.ggpht.com https://*.youtube.com https://*.google-analytics.com https://stats.g.doubleclick.net https://mobilews.viterra.com.au https://priceapi.viterra.com.au https://analytics.tiktok.com https://static.ads-twitter.com https://connect.facebook.net https://createsend.com/ ; img-src 'self' data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.youtube.com https://*.ggpht.com https://i.ytimg.com https://newscorpau.demdex.net https://*.facebook.com https://*.twitter.com https://t.co/ https://mygavilonresources.gavilon.com ; frame-src 'self' https://www.youtube.com https://*.googletagmanager.com https://*.google.com https://pr.globenewswire.com https://admin10.rabota.ua ; child-src 'self' https://www.youtube.com https://*.googletagmanager.com https://*.google.com https://pr.globenewswire.com https://admin10.rabota.ua ; 1
default-src 'self'; font-src data: https://assets.dm.de; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.ro https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.ro https://tags.tiqcdn.com https://www.dm.ro; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.ro https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cartnext.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.ro https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm.ro https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.ro https://giftcard-checkout.dm.ro/api/checkout https://signin.dm.ro; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.ro https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.ro https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.ro https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.ro https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
script-src 'nonce-7774654207fb4b43a9e3951efb0424ab' 'strict-dynamic'; default-src 'self'; object-src 'none';frame-ancestors 'none'; frame-src https://mainfreight.topdesk.net https://www.mainfreight.topdesk.net https://vimeo.com https://www.youtube.com https://www.google.com https://vars.hotjar.com https://hemsync.clickagy.com https://www.facebook.com https://player.vimeo.com; form-action 'self' https://www.facebook.com/tr/; upgrade-insecure-requests; font-src 'self'  data: https: fonts.gstatic.com https://*.hotjar.com; style-src 'self' https: fonts.googleapis.com 'unsafe-inline' https://*.hotjar.com 'unsafe-inline'; base-uri 'self'; img-src https: https://*.hotjar.com data: www.gstatic.com; connect-src 'self' https: wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; 1
default-src 'self' 'nonce-s01mlap3ijaq290i'  soicos.com *.soicos.com google.com gtm.js *.google.com googleapis.com *.googleapis.com  googletagmanager.com *.googletagmanager.com *.google-analytics.com *.gstatic.com cloudflare.com *.cloudflare.com code.jquery.com cdn.jsdelivr.net cdn.rawgit.com stackpath.bootstrapcdn.com cdn.datatables.net bing.com *.bing.com; frame-ancestors 'self'; form-action 'self'; object-src 'none'; base-uri soicos.com; font-src 'self' *.googleapis.com *.gstatic.com *.jsdelivr.net;style-src 'self' 'unsafe-hashes' 'unsafe-inline' soicos.com *.soicos.com google.com gtm.js *.google.com googleapis.com *.googleapis.com  googletagmanager.com *.googletagmanager.com *.google-analytics.com *.gstatic.com cloudflare.com *.cloudflare.com code.jquery.com cdn.jsdelivr.net cdn.rawgit.com stackpath.bootstrapcdn.com cdn.datatables.net 1
frame-ancestors 'self' https://actii.com.mx https://www.actii.com.mx; upgrade-insecure-requests; 1
https: data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.map.naver.com https://dapi.kakao.com http://dapi.kakao.com https://*.kakaocdn.net http://*.daumcdn.net https://*.daumcdn.net https://*.kakao.com http://*.kakao.com https://www.youtube.com http://*.daumcdn.net http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://*.koreatech.ac.kr; style-src 'self' 'unsafe-inline' http://*.daumcdn.net https://unpkg.com/ https://fonts.googleapis.com https://*.googleapis.com http://*.googleapis.com https://*.gstatic.com; img-src 'self' https://ssl.gstatic.com https://www.gstatic.com https://www.kogl.or.kr https://i.ytimg.com https://*.kakao.com http://*.kakao.com http://*.daumcdn.net https://*.daumcdn.net https://chart.apis.google.com http://*.naver.net https://*.naver.net data: https://*.pstatic.net http://*.pstatic.net https://*.koreatech.ac.kr http://fonts.gstatic.com https://fonts.gstatic.com http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://webzine.koreatech.ac.kr http://webzine.koreatech.ac.kr https://*.cdninstagram.com https://static.xx.fbcdn.net https://satreci.recruiter.co.kr https://img.etnews.com; font-src 'self' data: https://unpkg.com/ https://fonts.googleapis.com https://fonts.gstatic.com/; connect-src 'self' https://nelo2-col.navercorp.com http://translate.googleapis.com https://translate.googleapis.com https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; frame-src 'self' http://127.0.0.1 https://*.map.naver.com https://www.youtube.com http://postcode.map.daum.net https://postcode.map.daum.net https://player.vimeo.com/video/640195938 https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; frame-ancestors 'self' http://127.0.0.1 https://*.map.naver.com https://www.youtube.com http://postcode.map.daum.net https://postcode.map.daum.net https://player.vimeo.com/video/640195938 https://webfilter.koreatech.ac.kr https://*.koreatech.ac.kr; script-src-elem 'unsafe-inline' 'self' https://dapi.kakao.com http://dapi.kakao.com https://*.map.naver.com https://*.map.naver.net http://*.map.naver.net http://*.map.naver.com https://*.pstatic.net http://*.pstatic.net http://*.daumcdn.net http://*.google.com https://*.google.com http://*.googleapis.com https://*.googleapis.com https://*.koreatech.ac.kr; 1
frame-ancestors https://artecgroup.zendesk.com https://cloud.artec3d.com https://support.artec-group.com http://webvisor.com 1
upgrade-insecure-requests; default-src 'none'; child-src blob:; connect-src 'self' https://maps.googleapis.com https://cdn.linkedin.oribi.io https://*.outbrain.com https://analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://s.go-mpulse.net https://s2.go-mpulse.net https://c.go-mpulse.net https://*.akstat.io https://www.google-analytics.com https://*.crazyegg.com https://s.yimg.com https://adservice.google.com https://*.addthis.com https://*.boltdns.net https://stats.g.doubleclick.net https://*.brightcove.com https://*.brightcove.net  https://*.brightcovecdn.com https://syndication.twitter.com https://*.zscaler.net https://*.visualwebsiteoptimizer.com https://*.brightcove.com https://brightcove.hs.llnwd.net https://*.akamaihd.net https://m.addthis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src https:; img-src 'self' data: https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://insight.adsrvr.org https://sp.analytics.yahoo.com https://www.google.com.sg https://www.google.com https://*.outbrain.com https://secure.adnxs.com https://*.crazyegg.com https://adservice.google.com https://*.mookie1.com https://*.doubleclick.net https://*.boltdns.net https://stats.g.doubleclick.net https://*.brightcove.net https://*.brightcovecdn.com https://*.visualwebsiteoptimizer.com https://*.twitter.com https://*.twimg.com https://*.googleapis.com https://*.gstatic.com https://m.addthis.com/live/ https://*.zscaler.net https://*.google-analytics.com https://*.brightcove.com https://brightcove.hs.llnwd.net https://www.facebook.com https://t.co https://*.linkedin.com https://*.akamaihd.net; media-src 'self' https://*.akamaihd.net https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://brightcove.hs.llnwd.net https://*.boltdns.net https://*.brightcove.net https://*.brightcovecdn.com https://*.brightcove.com blob:; manifest-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://s.go-mpulse.net https://s2.go-mpulse.net https://c.go-mpulse.net https://*.akstat.io https://tagmanager.google.com https://s.yimg.com https://sp.analytics.yahoo.com https://*.crazyegg.com https://*.outbrain.com https://trk.cetrk.com https://s3.amazonaws.com https://www.instagram.com https://www.facebook.com https://*.addthisedge.com https://www.googletagmanager.com https://*.crazyegg.com https://*.visualwebsiteoptimizer.com https://*.linkedin.com https://s.ytimg.com https://cdn.syndication.twimg.com https://maps.googleapis.com https://assets.adobedtm.com https://ssl.google-analytics.com https://*.twitter.com https://static.ads-twitter.com https://addevent.com https://*.addthis.com https://graph.facebook.com https://connect.facebook.net https://www.linkedin.com https://snap.licdn.com https://m.addthisedge.com https://*.zscaler.net https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://*.brightcove.net https://vjs.zencdn.net https://www.youtube.com https://cdn-akamai.mookie1.com https://tags.tiqcdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://ton.twimg.com https://*.brightcove.net https://*.brightcove.com https://platform.twitter.com https://fonts.googleapis.com; worker-src blob:; frame-ancestors 'self'; 1
frame-ancestors 'self' http://emprotest:8080 http://emprolive:8080 http://emprodev:8080 http://ecm-live:8080 http://ecm-test:8080 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 'unsafe-eval' https://validator.swagger.io; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' data: 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://app.termly.io https://frontend.id-visitors.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://*.6sc.co/; img-src 'self' data: blob: https://flexprintmp.wpengine.com https://flexprintmp.wpenginepowered.com/ https://*.netdna-ssl.com https://*.flexprintinc.com https://flexprintinc.com https://*.gravatar.com https://*.6sc.co/ https://www.google.com/; object-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; frame-src 'self' data: blob: https://elegantthemes.com/ https://*.elegantthemes.com/ https://flexprintinc.com/ https://google.com/recaptcha/ https://*.google.com/recaptcha/ https://elabel.arsreclabel.com/; form-action 'self' data: blob: ; worker-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.fruitnet.com; 1
default-src 'self' piwik.it.hs-hannover.de consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hs-hannover.de code.jquery.com *.instagram.com *.youtube.com *.ytimg.com *.jobware.net wissen.hannover.de *.cookiebot.com; style-src 'self' 'unsafe-inline' *.hs-hannover.de; img-src 'self' data: *.hs-hannover.de *.cdninstagram.com maps.googleapis.com *.openstreetmap.org *.cookiebot.com; media-src 'self' *.youtube.com;font-src 'self' data: *.hs-hannover.de; frame-src 'self' *.hs-hannover.de *.youtube.com *.jobware.net wissen.hannover.de *.cookiebot.com; manifest-src 'self' *.hs-hannover.de; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' blob: 1
frame-src 'self' *.youtube.com *.line.me *.line-beta.biz *.line.biz *.facebook.com *.twitter.com;frame-ancestors 'self' https://admanager.line-beta.biz/ https://ladm-internal.beta-sentinel.linecorp.com/ https://rc-admanager.line.biz/ https://rc-admanager.line.biz/ https://admanager.line.biz/ https://ladm-internal.sentinel.linecorp.com/ 1
frame-ancestors 'self' http://localhost:3000 http://localhost:4005 1
frame-ancestors 'self' https://www.coursera.support 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com; worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.useinsider.com *.api.useinsider.com; img-src 'self' blob: data: https:; font-src 'self' data: https:; 1
default-src 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' uniklinikum-dresden.de youtube.com; connect-src 'self' cgcweb.med.tu-dresden.de; img-src https: 'self' uniklinikum-dresden.de data:; style-src 'unsafe-inline' 'self' uniklinikum-dresden.de; font-src 'unsafe-inline' 'self' https://www.uniklinikum-dresden.de data: uniklinikum-dresden.de; frame-src 'self' www.youtube.com cgcweb.med.tu-dresden.de ukd-navigator.de em.altruja.de altruja.de ukdd.de www.ukdd.de; media-src 'self' data: uniklinikum-dresden.de; object-src 'self'; 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-YlNIa6gdxafvokoa12l++QDHyCw=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' https://analytics.google.com https://yoast.com https://www.youtube.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://use.fontawesome.com data:; img-src 'self' 'unsafe-inline' https://scontent-maa2-1.cdninstagram.com https://ttkprestige.com https://www.google.co.in https://secure.gravatar.com https://www.googletagmanager.com https://scontent.cdninstagram.com https://i.ytimg.com data:; 1
default-src 'none'; img-src 'self' https: data: https://www.google-analytics.com/collect https://www.googletagmanager.com https://www.google.com *.hsl.org.br; manifest-src 'self' https: *.hsl.org.br; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: https://www.google-analytics.com https://www.google-analytics.com/j/collect https://www.google.com https://www.gstatic.com https://www.googletagmanager.com *.hsl.org.br; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com *.hsl.org.br; font-src 'self' https: https://fonts.googleapis.com https://fonts.gstatic.com *.hsl.org.br; frame-src 'self' https: https://www.google.com *.hsl.org.br; connect-src 'self' https: wss: *.execute-api.us-east-1.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com *.hsl.org.br; 1
frame-ancestors 'self' https://*.seafight.com https://*.y8.com https://gameplanet.onet.pl/ https://www.gry.pl/ https://www.jetztspielen.de/ https://www.spielen.com/ https://www.jeux.fr/ https://www.jeu.fr/ https://www.games.co.uk/ https://www.spelletjes.nl/ https://www.spel.nl/ https://www.juegos.com/ https://www.gioco.it/ https://www.spela.se/ https://www.ourgames.ru/ https://www.gamesgames.com/ https://www.agame.com/ https://centralagier.wp.pl/ https://www.jetztspielen.ws/ https://www.1001spiele.de/ https://www.gierkionline.pl/ https://www.grajteraz.pl/ https://www.1001giochi.it/ https://www.giochixl.it/ https://www.1001hry.cz/ https://juegosjuegos.ws/ https://www.isladejuegos.com/ https://www.elkspel.nl/ https://www.spelo.se/ https://www.1001games.com/ https://www.speltuin.nl/ https://www.1001pelit.com/ https://www.1001jeux.fr/ https://www.1001games.fr/ https://www.1001spiele.at/ https://www.mmozone.com/ https://www.mmostation.com/ https://www.mmogratis.es/ https://www.gratismmo.de/ https://www.mmorpggratuits.com/ https://www.mmoitalia.it/ https://www.mmoportugal.com/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://www.oyunkolu.com/ https://spele.nl/ https://www.dobregry.pl/ https://fotka.com/ https://www.1001games.co.uk/ https://www.1001jocuri.ro/ https://www.1001jogos.com.br/ https://www.1001jogos.pt/ https://www.igrixl.ru/ https://www.jatekokxl.hu/ https://www.juegosjuegos.ws/ https://www.paixnidiaxl.gr/ https://www.spillespill.no/ https://www.spilxl.dk/ https://www.jeux-gratuits.com/ https://www.minijuegos.com/ https://kizi.com/ https://www.browsergames.de/ https://www.isladejuegos.com/ https://www.juegosdenavegador.com/ https://www.jeuxparnavigateur.net/ https://www.jogosbrowser.com/ https://www.freemmorpglist.com/ https://www.puzzlepuzzles.de/ http://www.mmogratis.com/ https://www.sat1spiele.de/ https://www.flashgames.it/ https://www.prosiebengames.de/ https://www.spielkarussell.de/ https://www.brincar.pt/ https://www.spelle.nl/ https://www.speeleiland.nl/; 1
frame-ancestors 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://*.google-analytics.com https://www.google.com https://*.googletagmanager.com https://*.gstatic.com https://googleads.g.doubleclick.net https://connect.facebook.net https://*.googleadservices.com; connect-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://pagead2.googlesyndication.com https://*.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com https://googleads.g.doubleclick.net https://www.google.com; img-src 'self' data: blob: https://www.google.ro https://www.google.com https://imgsct.cookiebot.com https://*.gstatic.com https://sources-fgo.s3.eu-central-1.amazonaws.com https://sources-fgo-test.s3.eu-central-1.amazonaws.com https://fgo-ext-docs.s3.eu-central-1.amazonaws.com https://sources.fgo.ro https://s3.eu-central-1.amazonaws.com https://www.facebook.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; form-action 'self' https://accounts.google.com https://login.microsoftonline.com https://logincert.anaf.ro https://www.facebook.com; font-src 'self' data: https://*.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com https://www.google.com https://fgo-docs.s3.eu-central-1.amazonaws.com https://td.doubleclick.net https://www.facebook.com 1
report-uri https://sinjali.com 1
frame-ancestors 'self' https://*.canyons.edu; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.criteo.com https://static.criteo.net https://wb.messengerpeople.com https://tpc.googlesyndication.com https://ct.pinterest.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.co.in https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.co.in; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.co.in https://m.myprotein.co.in https://checkout.myprotein.co.in https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.hotjar.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.co.in; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://hertfordshire.gov.uk https://*.hertfordshire.gov.uk https://su-uk-d365-bps-hcccsc-p.crm11.dynamics.com https://su-secu-azu-d365-bps-hcccsc-d.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-t.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-u.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-l.crm11.dynamics.com https://su-uk-d365-bps-hcccsc-p.crm11.dynamics.com; 1
frame-ancestors 'none'; style-src https: 'unsafe-inline' blob: 'unsafe-eval'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.priv.center *.truendo.com https://cdn.jsdelivr.net https://embed.typeform.com *.popupsmart.com blob: 1
form-action 'self'; frame-ancestors 'self' https://jobcloud.ch https://*.jobcloud.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://*.laendlejob.at https://*.ostjob.ch https://jobs.ch https://*.jobs.ch https://*.linkedin.com https://*.jobs.nzz.ch https://jobs.nzz.ch https://*.suedostschweizjobs.ch https://*.liechtensteinjobs.li https://*.app.profilmatcher.ch https://*.indeed.ch https://*.webspidermount.com https://brame.io/ https://live.brame-gamification.com https://app.brame-gamification.com; frame-src live.brame-gamification.com app.brame-gamification.com events.lgt-cloud.com online.flippingbook.com bc.pressmatrix.com digital.feprecisionplus.com td.doubleclick.net 'self'; script-src 'nonce-piwik' lgt.containers.piwik.pro snap.licdn.com connect.facebook.net 'self'; object-src 'none'; base-uri 'self' 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://*.forewordreviews.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://secure.quantserve.com https://bookshop.org https://code.jquery.com; style-src 'unsafe-inline' https://*.forewordreviews.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net; img-src data: blob: https://*.forewordreviews.com https://www.google-analytics.com; frame-src https://*.forewordreviews.com https://www.youtube.com https://e.issuu.com https://bookshop.org https://www.google.com; frame-ancestors https://*.forewordreviews.com https://bookshop.org; font-src data: https://fonts.typekit.net https://use.typekit.net; connect-src https://*.forewordreviews.com https://www.google-analytics.com; report-uri https://www.forewordreviews.com/api/csp-error.log 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://beta.quantconnect.com https://cdn.quantconnect.com https://www.quantconnect.com https://static.intercomcdn.com https://www.googleadservices.com https://diffuser-cdn.app-us1.com https://www.googletagmanager.com https://www.googleoptimize.com https://prism.app-us1.com https://www.google-analytics.com https://widget.intercom.io https://js.intercomcdn.com/ https://js.stripe.com https://cdn.iframe.ly https://cdn.jsdelivr.net/npm/algoliasearch@3/dist/algoliasearchLite.min.js https://www.lean.io https://cdn.trackjs.com https://script.tapfiliate.com/tapfiliate.js https://public.profitwell.com https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://www.google.com/recaptcha/api.js https://www.gstatic.com https://wp-ui.app-us1.com https://trackcmp.net https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com fpjscdn.net; 1
frame-ancestors https://*.niceic.com https://niceic.com 1
default-src 'self' blob: *.fitch.group; frame-ancestors 'self' *.fitchratings.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net/npm/css-vars-ponyfill@2 *.evidon.com ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js cdn.jsdelivr.net/npm/lodash@4.17.15/lodash.min.js vjs.zencdn.net/7.3.0/video.js use.fontawesome.com your.fitch.group/rs/732-CKH-767/images/jquery.lazy.min.js unpkg.com/aos@2.3.1/dist/aos.css cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js unpkg.com/aos@2.3.1/dist/aos.js ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js *.jsdelivr.net www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.clearbitscripts.com fitchconnect.piwikpro.com cdn.polyfill.io  *.fitch.group *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbit.com *.idio.co *.googletagmanager.com fitchconnect.piwikpro.com cdn.polyfill.io *.brightcove.net *.brightcove.com munchkin.marketo.net your.fitchratings.com cdn2.funnelenvy.com script.crazyegg.com snap.licdn.com *.clearbit.com *.idio.co *.hotjar.com *.marketo.com; style-src 'self' 'unsafe-inline' blob: *.fitch.group your.fitchratings.com fonts.googleapis.com fonts.googleapis.com vjs.zencdn.net/7.7.6/video-js.css unpkg.com/aos@2.3.1/dist/aos.css *.hotjar.com use.fontawesome.com; connect-src 'self' blob: *.fitch.group *.evidon.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net your.fitch.group *.evidon.com  *.funnelenvy.com *.google-analytics.com *.analytics.google.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net unpkg.com/aos@2.3.1/dist/aos.css *.hotjar.com *.hotjar.io use.fontawesome.com; prefetch-src 'self' *.funnelenvy.com *.evidon.com 732-ckh-767.mktoresp.com *.boltdns.com *.betrad.com *.idio.co ga.clearbit.com house-fastly-signed-us-east-1-prod.brightcovecdn.com *.evidon.com  fitchconnect.piwikpro.com munchkin.marketo.net snap.licdn.com script.crazyegg.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com unpkg.com/aos@2.3.1/dist/aos.css  *.brightcove.com *.hotjar.com use.fontawesome.com; img-src 'self' data: images.ctfassets.net *.boltdns.net metrics.brightcove.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net l.betrad.com *.evidon.com fitchconnect.piwikpro.com *.linkedin.com p.adsymptotic.com *.idio.co your.fitch.group *.fitch.group httpsak-a.akamaihd.net *.hotjar.com use.fontawesome.com; font-src 'self' data: *.fitch.group fonts.gstatic.com use.fontawesome.com; frame-src unpkg.com/aos@2.3.1/dist/aos.css indd.adobe.com  'self' *.fitch.group infogram.com e.infogram.com  infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com your.fitch.group use.fontawesome.com *.hotjar.com *.evidon.com; media-src 'self' blob: *.fitch.group *.brightcove.com videos.ctfassets.net *.akamaihd.net unpkg.com/aos@2.3.1/dist/aos.css  manifest.prod.boltdns.net *.hotjar.com; object-src 'none' 1
default-src 'self' www.google.com www.gstatic.com 'unsafe-inline' ; img-src 'self' * https: http: data:  1
frame-ancestors 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://www.instagram.com https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.googleadservices.com https://matomo.aubi-plus.de https://www.google.com https://www.gstatic.com; 1
frame-src *; frame-ancestors https://*.lesmillsondemand.com 1
script-src 'nonce-IJ2bUiNM9pIpia2LKduQDA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=257774c7-f5ce-4f75-862a-08ed8eaf2f7b; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
frame-ancestors 'none'; always; 1
default-src cloudron.io *.cloudron.io; frame-src 'self' cloudron.io *.cloudron.io *.hcaptcha.com js.stripe.com; connect-src wss: https: 'self' *.cloudron.io; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src https: 'unsafe-inline'; object-src 'none'; font-src https: 'self'; frame-ancestors 'none'; base-uri 'none'; form-action 'self'; 1
default-src 'self'; frame-src 'self' https://*.google.com https://*.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' http:; style-src 'unsafe-inline' http:; img-src http: data:; font-src http: data:; sandbox allow-forms allow-scripts 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://cherkizovo-group.com/ https://www.cherkizovo-group.com  http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
script-src https://*.mydrreddys.com https://*.mydrreddys.com:8443 polyfill.io *.google-analytics.com *.google.com *.gstatic.com https://*.yellowmessenger.com https://*.webengage.com https://*.webengage.co https://*.microsoftstream.com https://*.cloudfront.net https://raw.githubusercontent.com https://www.googletagmanager.com https://*.amazonaws.com https://*.securiti.ai blob: 'self' 'unsafe-inline' 'unsafe-eval'; object-src https://*.mydrreddys.com https://*.mydrreddys.com:8443 'self'; 1
default-src 'self'; font-src data: https://assets.dm.de; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm.de https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm.de https://tags.tiqcdn.com https://www.dm.de; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm.de https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cartnext.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm.de https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm.de https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; form-action 'self' https://*.bazaarvoice.com https://checkout.dm.de https://giftcard-checkout.dm.de/api/checkout https://signin.dm.de; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.dm.de https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm.de https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm.de https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.tarteaucitron.io; img-src * 'self' data:; font-src 'self' data: fonts.gstatic.com; connect-src * 'self'; object-src 'none'; frame-src * 'self'; upgrade-insecure-requests 1
frame-ancestors 'self' https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-YmRjNGU0NWYtNzA4MS00N2EwLWJmMDgtZDVkYjNkYTNjMzJj'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-popups-to-escape-sandbox allow-top-navigation; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  * 1
default-src https://mobile.enpf.kz/JasperReports/api/sendPDFtoEmail https://mobile.enpf.kz/JasperReports/api/EnpfCalculator2 https://mobile.enpf.kz/restService/mobileservice/generic/calcPension https://web.enpf.kz https://web.enpf.kz/web/js/jquery.signalR-1.1.3.min.js https://mobileservice.enpf.kz/signalr/signalr/hubs https://public.slidesharecdn.com http://enpf24.kz https://enpf.kz https://172.31.0.130 https://www.enpf.kz https://onlinechat.enpf.kz https://www.google.com; script-src https://etels.enpf.kz https://digitalofficeps.enpf.kz/* https://digitalofficepss.enpf.kz/* wss://digitalofficeps.enpf.kz/* wss://digitalofficepss.enpf.kz/* https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://portfoliows.enpf.kz/ https://livechat.chat2desk.kz https://www.googletagmanager.com https://mc.yandex.ru https://yastatic.net https://web.enpf.kz/web/js/jquery.signalR-1.1.3.min.js https://mobileservice.enpf.kz/signalr/signalr/hubs https://web.enpf.kz  https://mobile.e-npf.kz https://api.post.kz/ https://ssl.livezilla.net https://enpf.kz https://ip-api.com/ https://api-maps.yandex.ru https://code.jquery.com https://www.gstatic.com/ https://www.google.com/ https://172.31.0.130 https://bitrix.info https://onlinechat.enpf.kz https://www.enpf.kz http://www.enpf.kz https://www.googleapis.com https://www.google-analytics.com/analytics.js  127.0.0.1:* 'unsafe-inline' 'unsafe-eval'; style-src https://etels.enpf.kz https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://livechat.chat2desk.kz https://www.gstatic.com https://enpf.kz https://code.jquery.com https://172.31.0.130 https://www.enpf.kz http://www.enpf.kz https://fonts.gstatic.com https://fonts.googleapis.com https://onlinechat.enpf.kz 'unsafe-inline'; connect-src 'self' https://cabinet.enpf.kz/restServiceCabinet/ https://nomadterminal.enpf.kz/ https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new wss://livechat.chat2desk.kz/ https://portfoliows.enpf.kz/ https://mobile.enpf.kz https://stats.g.doubleclick.net https://www.google-analytics.com/ https://mc.yandex.ru ws://localhost:8887/ws wss://mobileservice.enpf.kz/signalr/signalr/* wss://mobile.e-npf.kz https://livechat.chat2desk.kz https://mobile.e-npf.kz https://api.post.kz/ https://enpf.kz wss://127.0.0.1:* https://ip-api.com https://mobileservice.enpf.kz/ https://172.31.0.130 https://www.enpf.kz http://www.enpf.kz https://bitrix.info; font-src https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://livechat.chat2desk.kz http://enpf24.kz https://enpf.kz https://172.31.0.130 https://www.enpf.kz http://www.enpf.kz https://fonts.gstatic.com https://fonts.googleapis.com; media-src https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://172.31.0.130 https://www.enpf.kz http://www.enpf.kz https://enpf.kz https://onlinechat.enpf.kz; plugin-types application/x-shockwave-flash application/x-java-applet application/pdf application/xml; img-src https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://livechat.chat2desk.kz 'self' data: https://chart.googleapis.com https://mc.yandex.ru https://web.enpf.kz  https://code.jquery.com https://enpf.kz https://172.31.0.130 https://mobileservice.enpf.kz https://onlinechat.enpf.kz https://*.yandex.ru https://api-maps.yandex.ru https://*.yandex.net http://www.enpf.kz https://www.google-analytics.com  https://www.enpf.kz; child-src https://livechat-v2.chat2desk.kz/ https://mc.yandex.com/ https://livechat-v2.chat2desk.kz/packs/ie-11-support.js https://storage.chat2desk.kz/ wss://livechat-v2.chat2desk.kz/widget_ws_new https://onlinechat.enpf.kz https://www.google.com https://api-maps.yandex.ru http://www.enpf.kz https://www.enpf.kz https://172.31.0.130 https://enpf.kz https://www.youtube.com https://www.slideshare.net/ object-src http://gcvpproxy-egov.enpf.kz/* 1
img-src 'self' data: i.vimeocdn.com images.ctfassets.net p.typekit.net cdn.userway.org t.influ2.com/p/vt/ https://www.google-analytics.com/collect https://i.ytimg.com/vi_webp/; media-src 'self' assets.ctfassets.net videos.ctfassets.net downloads.ctfassets.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.userway.org https://cdn.userway.org/widget.js https://www.googletagmanager.com/gtag/js https://use.typekit.net/nvk1yiz.js https://pi.pardot.com/analytics https://pi.pardot.com/pd.js http://cdn.pardot.com/pd.js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://cdn.yoshki.com/yoshki-library.js https://www.influ2.com/tracker https://insights.paulhastings.com/analytics report-sample https://cdn.jsdelivr.net; font-src 'self' data: use.typekit.net cdn.userway.org; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net https://cdn.userway.org/widgetapp/bundles/udf/udf.css report-sample; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io gafzei06c4.execute-api.us-west-2.amazonaws.com/default/contactus-mailfwd 6dz7p56z7l.execute-api.us-east-1.amazonaws.com 2it1tv0w7h.execute-api.us-east-1.amazonaws.com api.userway.org soundcloud.com w.soundcloud.com vimeo.com embed.podcasts.apple.com cdn.userway.org graphql.contentful.com https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect t.influ2.com/u/ https://csr.paulhastings.com https://preview.contentful.com https://cdn.contentful.com https://www.google-analytics.com/g/collect; frame-src 'self' players.brightcove.net embed.podcasts.apple.com w.soundcloud.com soundcloud.com player.vimeo.com https://www.youtube.com/ https://cdn.yoshki.com/ https://cdn.userway.org/ https://www.youtube-nocookie.com/ https://insights.paulhastings.com/; frame-ancestors https://app.contentful.com; base-uri 'self'; object-src 'none'; default-src 'self'; report-to csp-report-endpoint; report-uri https://5favhyu9i1.execute-api.us-east-1.amazonaws.com/prod; form-action 'self'; 1
block-all-mixed-content; frame-ancestors *.lojavirus.com.br 1
frame-ancestors 'self' https://ptcarena.lookbookhq.com https://ptcarena.pathfactory.com; 1
frame-ancestors 'self' https://www.cvonline.lt https://www.cvmarket.lv https://www.cvkeskus.ee https://www.cvmarket.lt https://www.cv.lt https://www.visidarbi.lv; 1
frame-ancestors 'self' https:; default-src 'self' https://static.badgr.io; media-src *; object-src 'none'; style-src www.gstatic.com *.googleapis.com 'unsafe-inline' *.eesysoft.com 'self' ; script-src www.gstatic.com translate.google.com *.googleapis.com *.eesysoft.com 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'self'  *.datadoghq-browser-agent.com 'nonce-qjfAocSpAvxM40Clm42Mug3vzVpykiFc' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'unsafe-hashes'; font-src *.eesysoft.com 'self'; img-src * data:; connect-src * data:; frame-src 'self' *; worker-src 'self'  blob:; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub5a8d1fc4dd08905a0a05de7b26890b12&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env%3Abadgr.com%2Cservice%3Acredentials-rum%2Cversion%3Av24.05.10160402-main.14147; report-to browser-intake-datadoghq; 1
frame-ancestors 'self' https://dkcareers.team.blue https://app.teamtailor.com 1
default-src 'self' ; img-src *.yahoo.net *.klaviyo.com *.adroll.com *.consensu.org *.casalemedia.com *.3lift.com *.doubleclick.net *.adsymptotic.com *.linkedin.com *.advertising.com *.rubiconproject.com *.pubmatic.com *.licdn.com *.outbrain.com *.taboola.com *.yahoo.com *.yahoo.com www.facebook.com *.facebook.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.googletagmanager.com *.google-analytics.com *.rewardstyle.com *.scaletrk.com *.stylight.net *.everesttech.net *.mookie1.com *.w55c.net *.aralego.net *.bidr.io *.octillion.tv *.mouseflow.com *.adsrvr.org *.lijit.com *.emxdgt.com *.bing.com *.google.com *.google.bg *.salesforce.com *.zenaps.com zenaps.com fenwick.com *.fenwick.com *.admixer.co.kr *.nate.com *.meba.kr *.ad-stir.com *.dable.io *.socdm.com *.adingo.jp *.criteo.net *.linksynergy.com *.thebrighttag.com *.dmxleo.com id5-sync.com *.id5-sync.com *.clarity.ms *.dmxleo.com *.revcontent.com *.adtdp.com *.igodigital.com *.mediawallahscript.com *.kargo.com *.tpmn.co.kr *.smadex.com *.sundaysky.com *.sc-trc.com *.fwmrm.net *.adotmob.com *.sitescout.com *.clmbtech.com *.smartclip.net *.ants.vn *.microad.jp *.demdex.net *.yandex.ru *.openx.net *.addthis.com *.mgid.com *.turn.com *.mediavine.com *.ivitrack.com *.twiago.com *.stickyadstv.com *.postrelease.com *.liadm.com *.yieldmo.com *.e-planning.net *.rlcdn.com *.aralego.com *.krxd.net *.bluekai.com *.rambler.ru *.tremorhub.com *.sharethrough.com *.criteo.com *.omnitagjs.com *.mail.ru *.yieldlab.net *.adnxs.com *.doubleclick.net *.outbrain.com *.rubiconproject.com *.casalemedia.com *.taboola.com *.smartadserver.com *.teads.tv *.yahoo.com *.pubmatic.com *.3lift.com *.adscale.de *.media.net *.smaato.net *.360yield.com *.bidswitch.net *.tapad.com *.adform.net *.advertising.com *.bing.com *.paypal.com *.paypalobjects.com stats.g.doubleclick.net 'self' data: edge.disstg.commercecloud.salesforce.com www.google-analytics.com um.simpli.fi www.instagram.com www.googletagmanager.com services.postcodeanywhere.co.uk pixel.mathtag.com aa.agkn.com cx.atdmt.com www.facebook.com *.pbbl.co *.optimove.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.gstatic.com *.googleapis.com *.google.com *.adyen.com t1.stormiq.com i1.adis.ws *.cdn.media.amplience.net cdn.media.amplience.net cdn.cookielaw.org *.bazaarvoice.com ; child-src *.mouseflow.com 'self' blob: ; style-src 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fenwickuk.my.salesforce-sites.com *.my.salesforce-sites.com *.salesforce-sites.com *.googletagmanager.com googletagmanager.com *.klarnacdn.net *.force.com *.adyen.com *.adyen.com tagmanager.google.com foursixty.com cdn.jsdelivr.net fonts.googleapis.com services.postcodeanywhere.co.uk *.bazaarvoice.com fast.fonts.net service.force.com ; script-src https://www.botify.com tags.pw.adn.cloud *.newrelic.com *.klaviyo.com *.ratepay.com *.adroll.com *.consensu.org *.casalemedia.com *.3lift.com *.doubleclick.net *.adsymptotic.com *.linkedin.com *.advertising.com *.rubiconproject.com *.pubmatic.com *.licdn.com *.outbrain.com *.taboola.com *.yahoo.com *.yahoo.com www.facebook.com *.facebook.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.visualwebsiteoptimizer.com app.vwo.com *.klarna.com *.googletagmanager.com fenwickuk.my.salesforce-sites.com *.my.salesforce-sites.com *.salesforce-sites.com *.rewardstyle.com *.scaletrk.com *.salesforceliveagent.com *.polyfill.io *.mouseflow.com www.opentable.co.uk *.resy.com *.criteo.net *.igodigital.com *.igodigital.com *.force.com zenaps.com *.zenaps.com *.sciencebehindecommerce.com *.rakuten.com *.dwin1.com *.clarity.ms *.igodigital.com *.klarnaservices.com *.id5-sync.com id5-sync.com *.criteo.com *.criteo.net *.bing.com *.paypal.com *.paypalobjects.com static.trackedweb.net *.trackedlink.net *.gstatic.com static.zdassets.com *.trustpilot.com tagmanager.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.facebook.net *.cquotient.com services.postcodeanywhere.co.uk cdn.cookielaw.org service.force.com fenwickuk.my.salesforce.com *.cloudfront.net 'unsafe-inline' 'self' cdn.cquotient.com www.googletagmanager.com googleads.g.doubleclick.net *.pcapredict.com maps.googleapis.com services.postcodeanywhere.co.uk www.google-analytics.com p.cquotient.com static.hotjar.com www.googleadservices.com *.bazaarvoice.com *.salesforceliveagent.com geolocation.onetrust.com 'unsafe-eval' *.adyen.com *.advancedcommerce.services *.stylight.net ; font-src data: *.mouseflow.com *.klarnacdn.net 'self' fonts.gstatic.com googleads.g.doubleclick.net ; frame-src app.vwo.com *.visualwebsiteoptimizer.com *.klarna.com fenwickuk.my.salesforce-sites.com *.my.salesforce-sites.com *.salesforce-sites.com *.rewardstyle.com *.scaletrk.com *.cloudfront.net *.mouseflow.com *.issuu.com *.appointedd.com www.opentable.co.uk *.resy.com *.adyen.com *.doubleclick.net www.opentable.co.uk *.resy.com 'unsafe-eval' *.doubleclick.net *.megaphone.fm *.spotify.com *.zenaps.com zenaps.com *.criteo.net *.criteo.com www.sandbox.paypal.com www.paypal.com www.paypalobjects.com service.force.com 'self' *.google.com widget.trustpilot.com *.youtube.com *.vimeo.com www.facebook.com *.klarnaservices.com *.stylight.net ; connect-src *.adroll.com *.visualwebsiteoptimizer.com app.vwo.com *.nr-data.net *.klaviyo.com *.klarna.com www.google.com google.com *.googletagmanager.com *.analytics.google.com *.google.com *.rewardstyle.com *.scaletrk.com *.sciencebehindecommerce.com *.mouseflow.com *.google-analytics.com *.appspot.com *.foundit.com *.bazaarvoice.com *.force.com *.googleapis.com *.clarity.ms *.klarnaservices.com *.bing.com wss://ws.salecycle.com *.adyen.com *.criteo.com *.paypal.com *.paypalobjects.com widget.trustpilot.com wss://widget-mediator.zopim.com *.trackedweb.net ekr.zdassets.com *.klarnaevt.com stats.g.doubleclick.net www.facebook.com *.pinterest.com *.klarnauserservices.com *.optimove.events www.google-analytics.com *.hotjar.com *.optimove.net *.hotjar.io 'self' api.cquotient.com services.postcodeanywhere.co.uk cdn.cookielaw.org *.onetrust.com *.advancedcommerce.services ; media-src cdn.static.amplience.net *.amplience.net 'self' *.rewardstyle.com *.scaletrk.com static.zdassets.com *.akamaized.net player.vimeo.com *.stylight.net ; form-action *.americanexpress.com *.icicibank.com *.playground.klarna.com *.klarna.com www.facebook.com *.google.com *.paypal.com *.paypalobjects.com 'self' *.adyen.com *.bazaarvoice.com ; worker-src 'self' blob: ; upgrade-insecure-requests 1
frame-ancestors https://builder.io https://store-hr7ra7xc8x.mybigcommerce.com/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://det.social; img-src 'self' https: data: blob: https://det.social; style-src 'self' https://det.social 'nonce-cuPTYqZ/QhrkQXvqjGi5Kw=='; media-src 'self' https: data: https://det.social; frame-src 'self' https:; manifest-src 'self' https://det.social; form-action 'self'; child-src 'self' blob: https://det.social; worker-src 'self' blob: https://det.social; connect-src 'self' data: blob: https://det.social https://det.social wss://det.social; script-src 'self' https://det.social 'wasm-unsafe-eval' 1
default-src http: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' eventseeker.com data: instagram.com *.braintreegateway.com *.wcities.com http: *.fbcdn.net data: *.scdn.co *.fbsbx.com *.chromestatus.com *.youtube.com *.google.co.in *.doubleclick.net *.google-analytics.com *.ytimg.com *.twimg.com fareharbor.com *.eventseeker.com *.bbb.org *.hereapi.com *.googleapis.com *.here.com *.pinterest.com  *.cloudfront.net *.rackcdn.com  *.twitter.com  *.facebook.net *.facebook.com *.gstatic.com *.googleusercontent.com *.google.com blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://cdn.mouseflow.com https://news.quinnemanuel.com https://pi.pardot.com https://snap.licdn.com https://static.srcspot.com/libs/avril.js https://www.google.com/recaptcha/api.js https://www.redditstatic.com/ads/pixel.js https://www.gstatic.com https://www.googleadservices.com https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.22.2/moment.min.js https://cdnjs.cloudflare.com/ajax/libs/moment-timezone/0.5.34/moment-timezone-with-data-10-year-range.js https://addevent.com/libs/atc/1.6.1/atc.min.js https://cdn.addevent.com/legacy2000/libs/atc/1.6.1/atc.min.js https://www.addevent.com https://adservice.google.com; media-src https://quinnemanuel.com; connect-src 'self' https://our.umbraco.com https://n2.mouseflow.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com https://cdn.linkedin.oribi.io; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://news.quinnemanuel.com https://www.google.com https://www.youtube.com https://cdn.yoshki.com; child-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
default-src *.ewe.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ewe.de *.googletagmanager.com *.google-analytics.com www.youtube.com consent.cookiebot.com *.intelliad.de s.ytimg.com empfehlen-admin.pso-vertrieb.de connect.facebook.net www.dwin1.com *.rfihub.com *.rfihub.net *.adform.net *.adc-srv.net *.google.de *.google.com bat.bing.com *.bing.com/bat.js *.doubleclick.net *.g.doubleclick.net *.googleadservices.com *.gstatic.com *.googleapis.com *.ad4mat.de journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud journeyengine.staging.wlp.cloud *.ad4mat.at *.ad4mat.ch *.adsrvr.org consentcdn.cookiebot.com ad4m.at cdn.sitesearch360.com cdn.cai.tools.sap js.sitesearch360.com apps.mypurecloud.de; connect-src 'self' *.ewe.de global.sitesearch360.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net ewe-ckd-faq-bot-3q50idha.sapcai.eu10.hana.ondemand.com consentcdn.cookiebot.com api.mypurecloud.de insights.sitesearch360.com api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de; img-src 'self' *.ewe.de images.ctfassets.net *.intelliad.de www.google-analytics.com *.amazonaws.com *.doubleclick.net *.g.doubleclick.net *.facebook.com *.adform.net ad4m.at *.ad4m.at *.smartadserver.com *.googletagmanager.com adservice.google.com *.gstatic.com ih.adscale.de a.twiago.com dmp.ad4mat.net adservice.google.de maps.googleapis.com cdn.cai.tools.sap r.adserver01.de ad11.adfarm1.adition.com secure.adnxs.com imagesrv.adition.com blob: data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com *.ewe.de cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com *.ewe.de cdnjs.cloudflare.com; frame-src ad4m.at ad4mat.net match.adsrvr.org www.facebook.com ad4mat.at widget.whappodo.com consentcdn.cookiebot.com insight.adsrvr.org youtube.com www.youtube.com journeyengine.production.wlp.cloud ewe-journeys.production.wlp.cloud journeyengine.staging.wlp.cloud apps.mypurecloud.de *.ewe.de; media-src 'self' data.ewe.de; 1
default-src 'none';    child-src blob: *.doubleclick.net *.facebook.com *.google.com *.surveymonkey.com *.youtube-nocookie.com *.youtube.com;    connect-src 'self' *.kaplanco.com *.scene7.com *.facebook.com *.roirevolution.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.bing.com *.pinterest.com *.clarity.ms *.bazaarvoice.com *.doubleclick.net *.hubspot.com *.hsforms.com *.hubapi.com noembed.com *.luckyorange.com *.vidyard.com wss://*.visitors.live tags.srv.stackadapt.com 100.20.58.101 18.210.229.244 3.212.39.155 34.215.155.61 35.160.46.251 35.85.84.151 44.212.189.233 44.228.85.26 44.238.122.172 52.22.50.55 52.71.121.170 54.156.2.105;    font-src 'self' data: *.kaplanco.com fonts.gstatic.com *.googleapis.com use.typekit.net;    frame-src 'self' *.kaplanco.com *.bazaarvoice.com *.vimeo.com tpc.googlesyndication.com *.google.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.doubleclick.net *.surveymonkey.com *.roomstyler.com roomstyler.com *.planner5d.com planner5d.com *.pinterest.com *.hsforms.com *.hs-sites.com app.hubspot.com *.cincopa.com *.vidyard.com *.egnyte.com *.publitas.com;    img-src 'self' data: *.kaplanco.com *.scene7.com *.bing.com *.bazaarvoice.com *.google.com *.facebook.com *.facebook.net *.pinterest.com *.analytics.google.com *.google-analytics.com *.doubleclick.net *.smassets.net *.googletagmanager.com i.ytimg.com *.youtube.com *.clarity.ms roomstyler.com *.roomstyler.com *.planner5d.com planner5d.com *.floorplanner.com alivestudiosco.com *.vidyard.com *.egnyte.com cdn1.hubspot.net cdn2.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net no-cache.hubspot.com cta-service-cms2.hubspot.com track.hubspot.com *.hsforms.com static.hubspot.com static.hsappstatic.net *.fs1.hubspotusercontent-na1.net *.hubspotusercontent-na1.net tags.srv.stackadapt.com;    manifest-src images.kaplanco.com;    media-src 'self' blob: *.kaplanco.com;    object-src 'self' *.kaplanco.com;    script-src 'self' data: 'unsafe-eval' 'unsafe-inline' *.kaplanco.com *.scene7.com *.bazaarvoice.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.googleanalytics.com *.googleoptimize.com *.googleadservices.com *.bing.com *.clarity.ms *.microsoft.com *.facebook.net *.pinimg.com *.pinterest.com *.google.com polyfill.io *.gstatic.com www.youtube.com *.surveymonkey.com *.googleapis.com *.googlesyndication.com *.vimeo.com *.publitas.com *.vidyard.com *.hs-scripts.com *.hsforms.com *.hsforms.net cta-service-cms2.hubspot.com js.hscollectedforms.net js.hsleadflows.net js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net js.hubspot.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com js.hscta.net tools.luckyorange.com unpkg.com *.mountain.com east.srv.stackadapt.com eu.srv.stackadapt.com tags.srv.stackadapt.com srv.stackadapt.com uw.srv.stackadapt.com qvdt3feo.com contentdsp.com;    style-src 'self' 'unsafe-inline' *.kaplanco.com *.scene7.com *.bazaarvoice.com *.googleapis.com *.publitas.com *.typekit.net unpkg.com tags.srv.stackadapt.com;    worker-src 'self' blob: *.kaplanco.com; 1
frame-ancestors 'self' https://ccm.com https://www.ccm.com https://forms.crosscountrymortgage.com https://forms.test.crosscountrymortgage.com https://forms.dev.crosscountrymortgage.com https://application.crosscountrymortgage.com https://app.crosscountrymortgage.com https://app.vlgloan.com https://apps.crosscountrymortgage.com https://apps.test.crosscountrymortgage.com https://dev.thehomebuyerseminar.net https://thehomebuyerseminar.net 1
frame-ancestors 'self' https://www.10khits.com; 1
frame-ancestors 'self' https://*.toyota.gr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
script-src 'self' asystem-library.s3.amazonaws.com cdn.usersnap.com *.onetrust.com s.ytimg.com www.youtube.com cdn.polyfill.io browserupdate.org https://browser-update.org/ www.google-analytics.com platform.twitter.com platform.linkedin.com tagmanager.google.com www.googletagmanager.com bacardilimited.zendesk.com api.usersnap.com https://www.gstatic.com https://www.googleadservices.com https://m.addthis.com https://s7.addthis.com https://use.typekit.net https://d3mvnvhjmkxpjz.cloudfront.net https://v1.addthis.com https://www.google.com/recaptcha/ https://z.moatads.com https://googleads.g.doubleclick.net https://d29mknc5251yuj.cloudfront.net https://spl.bacardi.com https://spl.bacardilimited.com/ https://vk.com/js/api/ https://www.recaptcha.net/recaptcha/ 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.princesscasino.ro https://bingo-sw360.pragmaticplay.net 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://click2cart.co https://ss.click2cart.com locate.pricespider.com api.tiles.mapbox.com pghub.io cdn.pricespider.com wtbevents.pricespider.com cdn.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com cdn.pricespider.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org *.click2cart.com https://click2cart.com https://click2cart.co https://s3.us-west-2.amazonaws.com https://res.cloudinary.com https://www.google.com cdn.pricespider.com wwwassets.pricespider.com embeddedcloud.pricespider.com i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://maxcdn.bootstrapcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://click2cart.co https://pandg.tapad.com https://www.youtube-nocookie.com www.youtube.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.evgnet.com *.zoominfo.com *.eum-appdynamics.com polyfill.io *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.marketo.com cdn.appdynamics.com www.googletagmanager.com code.jquery.com https://snap.licdn.com/li.lms-analytics/insight.min.js *.crazyegg.com *.adsymptotic.com www.youtube.com *.hotjar.com https://tagmanager.google.com https://www.googletagmanager.com tools.cdc.gov/TemplatePackage/contrib/libs/jquery/1.12.4/jquery.js tools.cdc.gov/TemplatePackage/contrib/widgets/tp-widget-external-loader.js https://data.processwebsitedata.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com app-sjo.marketo.com code.jquery.com *.marketo.com https://tagmanager.google.com *.googleapis.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.googleapis.com data:; img-src 'self' forms.hsforms.com *.google.com *.linkedin.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://aedevstoragecdn.azureedge.net https://aeprdcmsstoragecdn.azureedge.net https://aeprdusstoragecdn.azureedge.net code.jquery.com *.googletagmanager.com *.adsymptotic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://cdn.cookielaw.org/; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com app-sjo.marketo.com *.sirva.com.au www.cdc.gov/ https://player.youku.com https://valc.atm.youku.com; connect-src 'self' api.hubapi.com forms.hubspot.com *.doubleclick.net *.evergage.com *.google-analytics.com *.crazyegg.com *.marketo.com *.eum-appdynamics.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com *.zoominfo.com https://js.hs-banner.com https://cdn.cookielaw.org https://*.onetrust.com; 1
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.hubspot.com *.hsforms.net *.hs-scripts.com *.fullstory.com https://www.youtube.com *.facebook.net *.facebook.com https://connect.facebook.net https://knapp.piwik.pro https://snap.licdn.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com/analytics.js https://www.gstatic.com knapp.containers.piwik.pro ; connect-src 'self' *.hubspot.com *.hsforms.net *.hsforms.com *.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hscollectedforms.net https://cta-eu1.hubspot.com https://region1.google-analytics.com https://www.google-analytics.com https://knapp.piwik.pro https://px.ads.linkedin.com ; img-src 'self' data: *.knapp.com *.hubspot.com *.hsforms.net *.hsforms.com *.hsforms.com https://www.googletagmanager.com *.google-analytics.com *.linkedin.com https://px4.ads.linkedin.com https://px.ads.linkedin.com *.facebook.com *.facebook.net https://secure.gravatar.com ; font-src 'self' data:; frame-src 'self' *.hubspot.com *.hsforms.net *.hsforms.com *.hsforms.com https://app.hubspot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com *.vimeo.com ; 1
default-src https: blob: data: 'self'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' ; img-src https: data: ; media-src https: blob: ; upgrade-insecure-requests; block-all-mixed-content; connect-src https: wss://*.hotjar.com; 1
block-all-mixed-content ;upgrade-insecure-requests ;default-src 'self' *.criteo.com *.criteo.net adventori.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.abtasty.com *.y-track.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com vjs.zencdn.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ui.onepay.decathlon.net *.paypal.com *.braintreegateway.com *.brightcove.net *.trylive.com *.googleapis.com sdk.privacy-center.org sdk.woosmap.com www.booxi.eu appmobile-bridge-js.s3-eu-west-1.amazonaws.com *.woosmap.com ui.onepay-qualification.decathlon.io cdn.tagcommander.com *.facebook.net *.dynatrace.com platform.commandersact.com *.commander1.com *.criteo.com *.criteo.net *.adnxs.com adventori.com www.googleadservices.com bat.bing.com *.salecycle.com *.doubleclick.net *.hotjar.com redirect3536.tagcommander.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com wurfl.io *.commandersact.com translate.google.com nxtck.com onepay-ui.decathlon.net *.contentsquare.net *.contentsquare.com www.youtube.com wss://*.hotjar.com *.loadbee.com production.transcript.decathlon.io *.decathlon.net via.batch.com *.dynamicyield.com *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io screencapture.kampyle.com screencapture-cdn.kampyle.com resources.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com pay.google.com/gp/p/js/pay.js applepay.cdn-apple.com session-replay.browser-intake-datadoghq.eu safesizepublic.ucscentral.com google.com/pay creativecdn.com *.creativecdn.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.dotomi.com cdn.amplitude.com api.amplitude.com api2.amplitude.com www.dwin1.com cdn.mookie1.com *.outbrain.com *.pinimg.com snap.licdn.com *.adition.com unpkg.com www.decathlon.be *.retailrocket.net *.cloudfront.net *.serving-sys.com static.zdassets.com widget-mediator.zopim.com *.yimg.com *.ligatus.com www.zenaps.com the.sciencebehindecommerce.com t.contentsquare.net contentsquare.com analytics.tiktok.com script.google.com *.jsdelivr.net *.cloudflare.com script.googleusercontent.com decathlon.fr *.numerized.com view.publitas.com *.syteapi.com syteapi.com exif-remover-eu.s3.amazonaws.com *.mopinion.com syte-client-inspo.s3.eu-central-1.amazonaws.com deploy.mopinion.com plugin.prod.buyfive.co api.prod.buyfive.co act-eu.rd.linksynergy.com gum.criteo.com resources.dev.buyfive.co player.vimeo.com *.buyfive.tech console.rul.ai www.youtube.com/player_api resources.prod.buyfive.co *.batch.com js.adsrvr.org/ insight.adsrvr.org/ match.adsrvr.org/ thetradedesk.com/ googleads.g.doubleclick.net/ cm.g.doubleclick.net/ stats.g.doubleclick.net/ campaignmanager.google.com/ s2.adform.net/ a1.adform.net/ flow.adform.com/ one.zemanta.com/ p1.zemanta.com/ p.teads.tv/teads-fellow.js js-tag.zemanta.com/zcpt.js track.adform.net/Serving/TrackPoint/ rtb-csync.smartadserver.com/redir sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ criteo-sync.teads.tv/um cm.adform.net/pixel criteo-partners.tremorhub.com/sync sync-criteo.ads.yieldmo.com/sync affiliation.decathlon.be/ scripts.publitas.com polyfill.io *.smart-tribune.com https://apps.mypurecloud.de;connect-src 'self' *.google-analytics.com *.analytics.google.com *.abtasty.com *.y-track.com *.woosmap.com *.brightcove.com *.paypal.com *.braintree-api.com *.braintreegateway.com *.decathlon.net *.decathlon.com *.booxi.eu api.privacy-center.org www.facebook.com *.doubleclick.net bat.bing.com browser-http-intake.logs.datadoghq.eu api.booxi.eu bf97725pbp.bf.dynatrace.com *.hotjar.com *.hotjar.io *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net qanda.decathlon.com booxi-api-be.appspot.com booxi-api.appspot.com sync.commander1.com *.boltdns.net *.akamaihd.net *.contentsquare.net tracking-api-4lasu2nlcq-ew.a.run.app *.googleapis.com wss://*.hotjar.com www.googletagmanager.com via.batch.com ws.batch.com production.transcript.decathlon.io *.klarnaservices.com rum.browser-intake-datadoghq.eu *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu ubt-lb.digital-cloud.medallia.eu sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com resources.digital-cloud-west.medallia.com https://www.google.com/pay signin.easyence.tech google.com/pay https://pay.google.com *.creativecdn.com https://session-replay.browser-intake-datadoghq.eu/api/ https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io cdn.amplitude.com api.amplitude.com api2.amplitude.com *.pinterest.com www.decathlon.be *.retailrocket.net ekr.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.salecycle.com wss://*.salecycle.com s.yimg.com the.sciencebehindecommerce.com script.google.com script.googleusercontent.com decathlon.fr *.numerized.com cache-api-6y24sun4va-ew.a.run.app settings.luckyorange.net analytics.tiktok.com *.syteapi.com syteapi.com exif-remover-eu.s3.amazonaws.com syte-client-inspo.s3.eu-central-1.amazonaws.com api.prod.buyfive.co *.mopinion.com act-eu.rd.linksynergy.com plugin.prod.buyfive.co maintenance.decathlon.be sslwidget.criteo.com vimeo.com *.buyfive.tech console.rul.ai spreadsheets.google.com resources.prod.buyfive.co fpc.decathlon.be *.batch.com t.teads.tv/track cm.teads.tv/v2/advertiser https://api-cdn.mypurecloud.de wss://webmessaging.mypurecloud.de https://api.mypurecloud.de https://fileupload.mypurecloud.de;img-src 'self' data: blob: *.decathlon.com *.cube-net.org *.cube-net.pub contents.mediadecathlon.com *.google-analytics.com *.googletagmanager.com *.brightcove.com *.brightcove.net *.paypal.com prod-wt.aws.y-track.com manager.tagcommander.com *.googleapis.com *.abtasty.com *.woosmap.com www.facebook.com www.google.com www.google.es www.google.fr www.google.it www.google.nl www.google.be www.google.pl *.doubleclick.net bat.bing.com *.gstatic.com sync.commander1.com *.atdmt.com tag.goldenbees.fr *.crm4d.com *.adsrvr.org *.adnxs.com sdk.privacy-center.org checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.klarnacdn.net voucher.decathlon.net apigift.decathlon.com site.booxi.com www.mediadecathlon.com *.boltdns.net *.mediadecathlon.com *.contentsquare.net *.googleadservices.com adservice.google.com wss://*.hotjar.com via.batch.com ws.batch.com *.onepay-v2-commons-prod-0ywm.decathlon.io screencaptue-cdn.kampyle.com resources.digital-cloud.medallia.eu udc-neb.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net *.dotomi.com *.linkedin.com *.pinterest.com *.outbrain.com *.criteo.com sync.adotmob.com prod.y-medialink.com sp.analytics.yahoo.com ext.ligatus.com www.zenaps.com www.decathlon.fr analytics.tiktok.com assets.sc-trc.com www.awin1.com www.decathlon.be decathlon.fr *.syteapi.com syteapi.com exif-remover-eu.s3.amazonaws.com syte-client-inspo.s3.eu-central-1.amazonaws.com resources.prod.buyfive.co plugin.prod.buyfive.co *.buyfive.tech console.rul.ai i.ytimg.com assets.decathlon.site www.tribord.tm.fr *.batch.com l.teads.tv/performance/http-source t.teads.tv/track p1.zemanta.com/v2/p/js/57641/PAGE_VIEW/ pixel.rubiconproject.com/tap.php ad.360yield.com/match contextual.media.net/cksync.php rtb-csync.smartadserver.com/redir/ criteo-sync.teads.tv/um cm.adform.net/pixel criteo-partners.tremorhub.com/sync ad.yieldlab.net/m sync-criteo.ads.yieldmo.com/sync server.seadform.net/serving/cookie/sync/ smart-tribune.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;style-src 'self' 'unsafe-inline' www.booxi.eu fonts.googleapis.com *.decathlon.com *.oppwa.com oppwa.com checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com *.abtasty.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.mediadecathlon.com wss://*.hotjar.com scripts.publitas.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu screencaptue-cdn.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io https://storage.googleapis.com/sl-front-xp-bucket-4v-tmoq/account/ https://storage.googleapis.com/sphere-assets-prod-71-hbfe/ *.criteo.com *.cube-net.org *.cube-net.pub 9152527.fls.doubleclick.net cdn.rawgit.com cdn.retailrocket.net cdnjs.cloudflare.com decathlon-be-fr--tst2.custhelp.com decathlon-be-fr--tst2.widget.custhelp.com decathlon-be-fr.custhelp.com decathlon-be-nl--tst2.custhelp.com decathlon-be-nl--tst2.widget.custhelp.com decathlon-be-nl.custhelp.com fonts.gstatic.com maxcdn.bootstrapcdn.com qanda.decathlon.com rrstatic.retailrocket.net unpkg.com www.googletagmanager.com *.syteapi.com syteapi.com exif-remover-eu.s3.amazonaws.com syte-client-inspo.s3.eu-central-1.amazonaws.com resources.prod.buyfive.co *.mopinion.com gum.criteo.com plugin.prod.buyfive.co *.buyfive.tech console.rul.ai smart-tribune.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;font-src 'self' data: *.decathlon.com fonts.gstatic.com *.oppwa.com oppwa.com *.abtasty.com qanda.decathlon.com *.googleapis.com *.gstatic.com *.klarnacdn.net *.onepay-v2-commons-prod-0ywm.decathlon.io resources.digital-cloud.medallia.eu nebula-cdn.kampyle.com resources.digital-cloud-west.medallia.com cdn-workshop-pop.decathlon.net https://second-life-xps.secondlifebff-prod-bkpr.decathlon.io *.cube-net.org *.cube-net.pub maxcdn.bootstrapcdn.com www.decathlon.be resources.prod.buyfive.co *.buyfive.tech console.rul.ai smart-tribune.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;object-src view.publitas.com;base-uri 'self';worker-src 'self' blob: via.batch.com *.batch.com;media-src 'self' blob: secure.brightcove.com *.brightcove.com *.brightcove.net *.boltdns.net *.mediadecathlon.com *.criteo.com bcboltbde696aa-a.akamaihd.net *.akafms.net *.akamaihd.net static.zdassets.com www.decathlon.fr decathlon.fr resources.prod.buyfive.co *.buyfive.tech console.rul.ai;frame-src 'self' *.youtube.com www.google.com/recaptcha/ saas.trylive.com/ site.booxi.eu/ reviews.decathlon.com www.facebook.com *.doubleclick.net *.atdmt.com c.paypal.com checkout.paypal.com www.paypal.com *.hotjar.com *.oppwa.com oppwa.com *.brightcove.net checkoutshopper-live.adyen.com checkoutshopper-test.adyen.com *.klarnaevt.com *.klarna.com *.klarnacdn.com qanda.decathlon.com reviews-collect-eu.satisphere.decathlon.net *.mediadecathlon.com view.publitas.com www.pinterest.com *.abtasty.com *.decathlon.net wss://*.hotjar.com players.brightcove.net screencapture.kampyle.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.eu resources.digital-cloud-west.medallia.com pay.google.com safesizepublic.ucscentral.com *.klarnaservices.com creativecdn.com *.creativecdn.com decathlon-be-fr--tst2.custhelp.com *.salecycle.com www.zenaps.com embed.windy.com decathlon-be-fr.custhelp.com helpfr.decathlon.be decathlon-be-nl.custhelp.com helpnl.decathlon.be www.youtube-nocookie.com gum.criteo.com *.pinterest.com player.vimeo.com console.rul.ai www.pinterest.fr form.jotform.com submit.jotformeu.com c1.adform.net/ insight.adsrvr.org/ https://apps.mypurecloud.de/messenger/messenger.html https://apps.mypurecloud.de/messenger/messenger-renderer.html;frame-ancestors 'self'; 1
default-src 'self' proofpointisolation.com *.proofpointisolation.com *.pendo.io data: blob: https://onenote.officeapps-df.live.com/ https://portal.productboard.com/ https://urldefense.com https://urldefense.proofpoint.com; script-src 'self' proofpointisolation.com *.proofpointisolation.com *.pendo.io 'nonce-dmVyeSBzZWN1cmU=' 'sha256-QHiPiX9KPtuCOZtmuHIuKAquRFwTfa4lIIx3nRVaLCo='; style-src 'unsafe-inline' 'self' proofpointisolation.com *.proofpointisolation.com *.pendo.io data:; img-src 'self' proofpointisolation.com *.proofpointisolation.com *.pendo.io data: blob: https://onenote.officeapps-df.live.com/ http://www.office.com/; connect-src 'self' https://proofpointisolation.com wss://proofpointisolation.com https://*.proofpointisolation.com wss://*.proofpointisolation.com https://app.getsentry.com https://sentry.io *.pendo.io *.storage.googleapis.com; object-src 'none'; report-uri /report/csp 1
default-src 'self' abacus.ai *.abacus.ai *.google-analytics.com sentry.io *.sentry.io; connect-src 'self' sentry.io *.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com ws.zoominfo.com *.clickagy.com *.abacus.ai; frame-ancestors 'self'; frame-src 'self' js.stripe.com *.google.com https://bid.g.doubleclick.net www.youtube.com *.internalreai.com *.abacus.ai; font-src 'self' static.abacus.ai fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' data: blob: *.internalreai.com *.abacus.ai *.google-analytics.com *.googleusercontent.com *.authy.com *.analytics.google.com *.googletagmanager.com https://googleads.g.doubleclick.net *.g.doubleclick.net *.google.com ws.zoominfo.com *.clickagy.com t.co analytics.twitter.com abacusai.imgix.net abacusai-external.imgix.net; media-src 'self' data: abacus.ai *.abacus.ai; object-src 'none'; script-src 'self' 'unsafe-inline' *.abacus.ai js.stripe.com cdn.plot.ly *.sentry-cdn.com *.ads-twitter.com t.co *.twitter.com *.googleapis.com *.google.com www.googletagmanager.com www.gstatic.com *.google-analytics.com *.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net code.jquery.com *.internalreai.com ws.zoominfo.com *.clickagy.com; style-src 'self' 'unsafe-inline' static.abacus.ai *.googleapis.com; worker-src 'self' abacus.ai static.abacus.ai blob: *.internalreai.com; 1
frame-ancestors 'self' *.ibm.com ; child-src blob: * 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data: https://a.omappapi.com https://api.omappapi.com https://*.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;frame-ancestors 'self';frame-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.googlesyndication.com https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;img-src 'self' https: http: data: res.cloudinary.com https://a.omappapi.com https://api.omappapi.com https://bat.bing.com https://*.clarity.ms/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;object-src 'none';connect-src 'self' https://a.omappapi.com https://api.omappapi.com https://bat.bing.com https://*.clarity.ms/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.google.com https://stats.g.doubleclick.net https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;script-src 'self' https://a.omappapi.com https://api.omappapi.com https://bat.bing.com https://*.clarity.ms/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.googletagmanager.com https://calendly.com https://calendly.com/ http://calendly.com http://calendly.com/ https://*.calendly.com https://*.calendly.com/ http://*.calendly.com http://*.calendly.com/ https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/ 'nonce-1d2a46b6c06211cae5964a3d654c68da';style-src 'self' fonts.googleapis.com/css2 https://a.omappapi.com https://*.googleapis.com https://api.omappapi.com 'unsafe-inline' https://forseasky.com https://forseasky.com/ http://forseasky.com http://forseasky.com/ https://*.forseasky.com https://*.forseasky.com/ http://*.forseasky.com http://*.forseasky.com/;form-action 'self';script-src-attr 'none';upgrade-insecure-requests 1
frame-ancestors https://new.oasis.gov.in 1
frame-ancestors 'self' *.datacore.com https://datacore.custhelp.com/ https://www.perifery.com/ 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/ https://irc.reelflix.xyz; connect-src 'self' https://reelflix.xyz:8443/socket.io/ wss://reelflix.xyz:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'report-sample' 'self' https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://mc.yandex.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://yastatic.net https://app.blinger.io; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com; base-uri 'self'; frame-src 'self' https://www.recaptcha.net viber: https://youtube.com; manifest-src 'self'; media-src 'self' https://box.bsb.by; connect-src 'self' data: https://analytics.google.com https://mc.yandex.ru https://mc.yandex.by https://www.google-analytics.com https://www.google.by wss://app.blinger.io https://stats.g.doubleclick.net https://box.bsb.by https://api-site.bsb.by/wp-json/ https://mobile.bsb.by/api/v1/ https://landing.bsb.by/api/site/ https://api.bsb.by/card-offers/api/; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: https://api-maps.yandex.ru https://yandex.ru https://core-sat.maps.yandex.net https://app.blinger.io https://blinger.io https://box.bsb.by https://www.bsb.by https://core-renderer-tiles.maps.yandex.net https://www.google.by https://www.googletagmanager.com https://www.google-analytics.com https://*.core-stv-renderer.maps.yandex.net https://mastercard-offers.digitalizm.com https://www.visa.com https://mc.yandex.ru https://pano.maps.yandex.net https://burp/favicon.ico https://zap/favicon.ico; script-src-elem 'unsafe-inline' 'self' https://app.blinger.io https://www.googletagmanager.com https://www.google-analytics.com https://api-maps.yandex.ru https://mc.yandex.ru https://core-renderer-tiles.maps.yandex.net https://yastatic.net https://www.recaptcha.net https://www.gstatic.com https://www.googleadservices.com https://core-stv-renderer.maps.yandex.net; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; worker-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://d2i34c80a0ftze.cloudfront.net *.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com https://*.cloudfront.net https://1e5e001cac52428daa2d7f8bcde3aac0.js.ubembed.com https://*.js.ubembed.com https://*.ssl.cf2.rackcdn.com https://connect.facebook.net https://snap.licdn.com https://scout-cdn.salesloft.com https://tag.demandbase.com https://metadata-static-files.sfo2.cdn.digitaloceanspaces.com https://assets.ubembed.com https://js.driftt.com https://go.league.com https://js.adsrvr.org https://pi.pardot.com https://static.hotjar.com https://script.hotjar.com unsafe-eval unsafe-inline *.visualwebsiteoptimizer.com app.vwo.com https://assets.contently.com/insights/insights.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflT-xPmY/www-widgetapi.js https://track.contently.com/track https://assets.contently.com https://eywkvsmxggi.exactdn.com platform.instagram.com www.instagram.com *.vimeo.com *.vimeocdn.com *.newrelic.com *.nr-data.net www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://d2i34c80a0ftze.cloudfront.net https://static.hotjar.com https://script.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com unsafe-inline https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com *.vimeocdn.com fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://d2i34c80a0ftze.cloudfront.net *.vidyard.com https://eywkvsmxggi.exactdn.com https://match.prod.bidr.io https://id.rlcdn.com https://px.ads.linkedin.com https://segments.company-target.com https://p.adsymptotic.com https://www.facebook.com https://static.hotjar.com https://script.hotjar.com https://px4.ads.linkedin.com https://www.google.ca/ads/ga-audiences https://e3r429ujnza.exactdn.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com wingify-assets.s3.amazonaws.com https://cdn.cookielaw.org s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://cdn.cookielaw.org https://d2i34c80a0ftze.cloudfront.net blob: https://play.vidyard.com https://geolocation.onetrust.com https://api.company-target.com https://in.hotjar.com https://*.onetrust.com https://scout.salesloft.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com/tr/ https://*.oribi.io *.visualwebsiteoptimizer.com app.vwo.com https://track.contently.com/track *.vimeo.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://d2i34c80a0ftze.cloudfront.net https://script.hotjar.com https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com; media-src 'self' https://d2i34c80a0ftze.cloudfront.net https://play.vidyard.com https://cdn.cookielaw.org https://eywkvsmxggi.exactdn.com; frame-src 'self' https://go.league.com https://d2i34c80a0ftze.cloudfront.net data: blob: https://play.vidyard.com https://vars.hotjar.com https://js.driftt.com https://insight.adsrvr.org https://www.facebook.com https://match.adsrvr.org app.vwo.com *.visualwebsiteoptimizer.com https://assets.contently.com/ https://www.youtube-nocookie.com www.instagram.com *.vimeo.com *.vimeocdn.com *.googlesyndication.com googleads.g.doubleclick.net maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' *.vimeo.com *.vimeocdn.com www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; 1
default-src 'self' https://*.stan.com.au; child-src 'self' https://www.youtube.com.au; connect-src 'self' blob: https://*.adyen.com https://*.akamaihd.net https://*.braintreegateway.com https://*.doubleclick.net https://*.google.com https://*.paypal.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://analytics.pangle-ads.com https://analytics.tiktok.com https://app.vwo.com https://bat.bing.com https://conversions-config.reddit.com https://ipv4.podscribe.com https://payments.braintree-api.com https://pixel.tapad.com https://s.amazon-adsystem.com https://sink.pdst.fm https://tr.snapchat.com https://tr6.snapchat.com https://us-central1-adaptive-growth.cloudfunctions.net https://verifi.podscribe.com https://www.facebook.com https://www.google-analytics.com https://www.redditstatic.com; form-action 'self' https://*.stan.com.au https://www.facebook.com https://checkoutshopper-live-au.adyen.com; font-src 'self' data: https://www.stan.com.au; frame-src 'self' https://*.amazon-adsystem.com https://*.doubleclick.net https://*.paypal.com https://*.stripe.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://apps.rokt.com https://checkoutshopper-live-au.adyen.com https://insight.adsrvr.org https://match.adsrvr.org https://servedby.flashtalking.com https://platform.twitter.com https://tr.snapchat.com https://www.facebook.com https://www.google.com https://www.youtube.com; img-src 'self' blob: data: https://*.adyen.com https://*.akamaihd.net https://*.bing.com https://*.doubleclick.net https://*.google.com.au https://*.google.com https://*.paypal.com https://*.stan.com.au https://*.visualwebsiteoptimizer.com https://alb.reddit.com https://analytics.twitter.com https://app.vwo.com https://chart.googleapis.com https://i.ytimg.com https://t.co https://tr.snapchat.com https://verifi.podscribe.com https://wingify-assets.s3.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.doubleclick.net https://*.paypal.com https://*.stan.com.au https://*.stripe.com https://*.visualwebsiteoptimizer.com https://analytics.tiktok.com https://analytics.twitter.com https://app.vwo.com https://apps.rokt.com https://bat.bing.com https://c.amazon-adsystem.com https://cdn.pdst.fm https://connect.facebook.net https://d34r8q7sht0t9k.cloudfront.net https://js.adsrvr.org https://redditstatic.s3.amazonaws.com https://sc-static.net https://static.ads-twitter.com https://tr.snapchat.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypalobjects.com https://www.redditstatic.com; style-src 'self' 'unsafe-inline' https://*.test.streamco.com.au https://*.visualwebsiteoptimizer.com https://app.vwo.com https://fonts.googleapis.com; worker-src 'self' blob:; report-uri https://api.stan.com.au/features/v1/collect-csp; 1
default-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' *.twl-kom.de 'unsafe-inline' 'unsafe-eval' data: https: blob: 1
frame-ancestors 'self' https://connect.veson.com 1
default-src 'unsafe-inline' 'unsafe-eval' self *.toytoy.ir ajax.aspnetcdn.com *.sendpulse.com *.pegah.tech *.mediaad.org cdnjs.cloudflare.com *.kxcdn.com trustseal.enamad.ir *.eNamad.ir www.google-analytics.com *.googletagmanager.com *.yektanet.com *.clarity.ms *.googleapis.com *.amazonaws.com www.searchanise.com *.doubleclick.net *.yandex.ru yastatic.net *.mediaad.org *.sendpulse.com *.webpushs.com *.yandex.net *.google.com *.gstatic.com searchserverapi.com https://searchserverapi.com *.twitter.com *.amplitude.com; img-src 'unsafe-inline' *.amazonaws.com c.bing.com *.sendpulse.com *.toytoy.ir trustseal.enamad.ir *.google.com *.google.nl *.clarity.ms *.gstatic.com data: www.google-analytics.com *.sendpulse.com *.googletagmanager.com *.yandex.ru yastatic.net *.amazonaws.com *.yandex.net *.cart-services.com https://searchserverapi.com; frame-src *.pegah.tech *.mediaad.org *.toytoy.ir toytoy.ir *.yektanet.com *.sendpulse.com *.clarity.ms *.aparat.com *.google.com trustseal.enamad.ir *.gstatic.com https://searchserverapi.com; font-src 'unsafe-inline' self *.googleusercontent.com *.searchanise.com *.sendpulse.com *.toytoy.ir *.google.com data: *.cart-services.com *.gstatic.com https://searchserverapi.com;connect-src self *.toytoy.ir *.pegah.tech *.mediaad.org ajax.aspnetcdn.com *.sendpulse.com cdnjs.cloudflare.com *.kxcdn.com trustseal.enamad.ir *.eNamad.ir www.google-analytics.com *.googletagmanager.com *.yektanet.com *.clarity.ms *.googleapis.com *.amazonaws.com www.searchanise.com *.doubleclick.net *.yandex.ru yastatic.net *.sendpulse.com *.webpushs.com *.yandex.net *.google.com *.cart-services.com *.gstatic.com https://pushdata.sendpulse.com:4434 https://searchserverapi.com *.amplitude.com 1
script-src 'nonce-1f78e71a2d01f655ffff2d1cbd6b7bcc948cd405a07bf61258ae69c3bf285965' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https:; object-src 'none'; base-uri 'self' acowtancy.reamaze.io 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.awin1.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.medallia.com https://*.paypal.com https://*.truefitcorp.com https://*.wepowerconnections.com https://*.zenaps.com https://adservice.google.com https://analytics.google.com https://apis.google.com https://assets.adobedtm.com https://bat.bing.com https://careers.lululemon.com https://cdn.cookielaw.org https://cdn.cquotient.com https://cdn.honey.io https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://connect.facebook.net https://ct.pinterest.com https://d38xvr37kwwhcm.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://external.quantummetric.com https://fonts.googleapis.com https://geolocation.onetrust.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://pay.google.com https://privacyportal.onetrust.com https://r.cquotient.com https://s.pinimg.com https://s7mbrstream.scene7.com https://sc-static.net https://scripts.agilone.com https://smetrics.lululemon.es https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://tag.rmp.rakuten.com https://tez.google.com https://the.sciencebehindecommerce.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://v2.waitwhile.com https://widget.as.criteo.com https://www.bing.com https://www.cloudflare.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.es https://www.paypalobjects.com https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://analytics.tiktok.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.dtvp.de *.cookiebot.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.xing-share.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.linkedin.com *.podigee.com *.podigee-cdn.net *.podlove.org *.cleverpush.com *.outbrain.com *.flockler.com *.seobility.net maps.google.com track.ewe.de chat.ato.botario.com chat.ewe.botario.com; media-src 'self' blob: data:; base-uri 'self' track.ewe.de; object-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' track.ewe.de; frame-ancestors 'self'; frame-src 'self' consentcdn.cookiebot.com plugins.flockler.com www.youtube-nocookie.com www.facebook.com b2b.ewe.de 1
frame-ancestors *.a2gov.org 1
default-src * data: gap: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self'; report-uri https://nestlefamilyclub.es/report-uri/enforce 1
frame-ancestors self https://s1.ariba.com https://service.ariba.com https://*.punchout2go.com http://*.punchout2go.com http://portal.punchout2go.com https://portal.punchout2go.com https://danafarber.edirx.com http://translate.google.com https://translate.google.com https://s1-2.ariba.com https://*.labcloudinc.com https://*.optimizely.com https://*.sciquest.com http://bchtest.edirx.com https://bchtest.edirx.com https://qa-connect.punchout2go.com http://*.edirx.com https://*.edirx.com http://finpiadev4.tch.harvard.edu:8220 http://finprd.tch.harvard.edu http://bch.edirx.com https://bch.edirx.com http://s1-2.ariba.com http://*.ariba.com https://*.stemcell.com https://youtube.com http://livechatinc.com/ https://qaapp02.xisecurenet.com/ https://*.unimarket.com/ https://*.recapture.io https://*.labfellows.org https://*.labfellowsdemo.com https://*.labfellows.com https://scn.6connex.com/ https://*.elevate.bio https://*.tradecentric.com https://*.chatbot.com https://*.chatbot.io https://*.instagram.com https://wd5-enterprise-services1.workday.com/ccx/ProcurementcXMLReceiver https://td.doubleclick.net; frame-src https://bchtest.edirx.com http://bchtest.edirx.com http://bch.edirx.com https://bch.edirx.com http://danafarber.edirx.com https://danafarber.edirx.com https://s1-2.ariba.com http://s1-2.ariba.com *.brightcove.net *.soundcloud.com *.jotformpro.com *.jotform.com *.jotform2.com *.jotform.net cdn.jotfor.ms vars.hotjar.com disqus.com *.disquscdn.com *.disqus.com *.jotform.io *.livechatinc.com *.jotform.ca *.google.com *.paymetric.com *.xipaynet.com *.xisecurenet.com *.shortstack.com https://www.youtube.com/ *.stemcell.com http://livechatinc.com/ https://calendar.time.ly/ https://platform.twitter.com/ https://syndication.twitter.com/ https://*.unimarket.com/ *.recapture.io *.labfellows.org *.labfellowsdemo.com *.labfellows.com jotpoll.com *.shortstack.page *.jotform.co https://*.instagram.com https://wd5-enterprise-services1.workday.com/ccx/ProcurementcXMLReceiver https://td.doubleclick.net https://*.chatbot.com https://*.chatbot.io https://www.googletagmanager.com; 1
frame-src *.fls.doubleclick.net *.hotjar.com *.facebook.com *.hsforms.com static.addtoany.com app.hubspot.com youtu.be youtube.com www.youtube.com *.qualtrics.com td.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://bettermarketing.pub https://*.bettermarketing.pub https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src https: data:; style-src 'self' 'unsafe-inline' https://tagmanager.google.com htps://fonts.googleapis.com; img-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.googlesyndication.com https://ad.atdmt.com https://*.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.google.co.uk https://googleads.g.doubleclick.net https://*.googlesyndication.com https://platform.twitter.com https://cdn.ampproject.org https://*.truste.com; connect-src https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.googlesyndication.com 1
frame-ancestors 'self' solution.lengow.com *.mybigcommerce.com; 1
default-src 'self'; base-uri 'none'; form-action 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self'; img-src 'self' data:; object-src 'self'; frame-ancestors 'none'; connect-src 'self' https://api.transferwise.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; style-src-elem 'self' 'unsafe-inline' https://p.typekit.net  https://use.typekit.net/ https://fonts.googleapis.com https://app.icontact.com/icp/static/human/css/signupBuilder/formGlobalStyles.css https://use.fontawesome.com/releases/v5.0.10/css/all.css https://fonts.googleapis.com/css; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/releases/v5.0.10/css/all.css; script-src-elem 'self' 'unsafe-inline' https://js.ipredictive.com/adelphic_universal_pixel.js https://ipmeta.io/plugin.js https://www.googleadservices.com/ https://widgets.pinterest.com/ https://assets.pinterest.com/js/pinit_main.js https://assets.pinterest.com/js/pinit.js https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api https://calendar.time.ly/embed.js https://secure-ds.serving-sys.com/SemiCachedScripts/ebAttribution.js https://bs.serving-sys.com/Serving/ https://www.gstatic.com/ https://www.google.com/recaptcha/api.js https://app.icontact.com/ https://searchg2-assets.crownpeak.net/crownpeak.searchg2-1.0.2.min.js https://searchg2.crownpeak.net/ https://js.adsrvr.org/up_loader.1.1.0.js https://bat.bing.com/ https://googleads.g.doubleclick.net https://connect.facebook.net/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://player.vimeo.com/api/player.js; frame-src https://calendar.google.com/ https://11385019.fls.doubleclick.net/ https://ad.ipredictive.com/ https://www.youtube.com/ https://calendar.time.ly/ https://www.google.com/ https://client.formularynavigator.com/ https://www.findhelp.com/ https://insight.adsrvr.org/ https://td.doubleclick.net/ https://amerihealth.enroll.cavulus.com/ https://priorauthlookup.amerihealthcaritas.com/ https://e.issuu.com/ https://player.vimeo.com/; font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com https://use.fontawesome.com/; connect-src https://analytics.google.com/ https://ipmeta.io/api/enrich https://bat.bing.com/p/insights/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/; img-src 'self' https://i.ytimg.com/ https://i.ytimg.com/ https://i.vimeocdn.com/ https://ad.doubleclick.net/ https://googleads.g.doubleclick.net/ https://log.pinterest.com/ https://i.pinimg.com https://bs.serving-sys.com/Serving/ https://app.icontact.com/ https://www.facebook.com/ https://bat.bing.com/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com data:; 1
base-uri 'self'; object-src 'self'; child-src 'self' https://*.youtube.com blob:; connect-src 'self' wss://proxy.pharmahub.org wss://vncproxy.pharmahub.org wss://pharmahub.org https://pharmahub.org/api/members/tools/diskusage https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.dropbox.com https://api.scite.ai https://maps.googleapis.com https://cdnapisec.kaltura.com/api_v3/index.php https://stats.kaltura.com/api_v3/index.php https://analytics.kaltura.com/api_v3/index.php https://cdnapisec.kaltura.com/p/ https://cfvod.kaltura.com/hls/p/ https://api.cdnjs.com/libraries/; default-src 'self' https://*.pharmahub.org; font-src about: chrome-extension: data: https://fonts.gstatic.com safari-extension: 'self' https://use.typekit.net https://storage.googleapis.com/speechify-website-assets/fonts/ https://cdn.scite.ai/assets/fonts/scite-icons/ https://cdnapisec.kaltura.com/html5/; form-action 'self' https://platform.twitter.com https://syndication.twitter.com; frame-ancestors 'self' https://pharmahub.org/ https://pharmahub.org/ lyoroadmap.org; frame-src 'self' https://*.pharmahub.org https://content.googleapis.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://youtube.com https://player.vimeo.com https://calendar.google.com https://www.youtube.com https://vimeo.com https://docs.google.com https://syndication.twitter.com https://platform.twitter.com; img-src * data: image: file: blob: abs.twimg.com pbs.twimg.com ton.twimg.com platform.twitter.com https://syndication.twitter.com; media-src 'self' data: blob: https://cdnapisec.kaltura.com/p/ https://cfvod.kaltura.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://maps.googleapis.com/maps-api-v3/api/js/ https://maps.googleapis.com/maps/api/js/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/vt https://www.googletagmanager.com/gtag/js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://cdnjs.cloudflare.com/ajax/libs/ScrollMagic/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ https://cdnapisec.kaltura.com/html5/ https://cdnapisec.kaltura.com/p/ https://code.jquery.com/ui/ https://cdnjs.cloudflare.com/ajax/libs/require.js/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ api.twitter.com https://cdn.syndication.twimg.com/timeline/ https://platform.twitter.com/widgets.js https://abs.twimg.com/responsive-web/client-web/ https://platform.twitter.com/js/; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://www.google.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.gstatic.com https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com/css https://platform.twitter.com/css/ https://ton.twimg.com/tfw/css/; worker-src blob:; upgrade-insecure-requests; report-uri https://csp.hubzero.org/csp-cms.php 1
frame-ancestors 'self' https://*.us-2.platformsh.site https://*.leicabiosystems.com https://punchoutcommerce.com https://*.tradecentric.com https://*.sciquest.com https://*.jaggaer.com https://*.ariba.com https://*.punchout2go.com; report-uri /report-csp-violation 1
default-src 'none'; base-uri 'self'; font-src 'self' https: data: https://fonts.gstatic.com; img-src 'self' https: https://modernmsg.com https://communityrewards.me data: blob: https://players.brightcove.net https://*.boltdns.net https://*.akamaihd.net; media-src blob: https://static.zdassets.com https://web1.acsbapp.com/ https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.akafms.net https://*.akamaihd.net https://*.cf.brightcove.com; object-src 'self'; frame-ancestors https://www.gables.com; frame-src 'self' https://acsbapp.com https://web1.acsbapp.com/ https://players.brightcove.net https://looker.realpage.com http://looker.realpage.com https://looker.communityrewards.me http://looker.communityrewards.me https://looker-dev.g5devops.com http://looker-dev.g5devops.com https://reports-dev.internal.mmops.net http://reports-dev.internal.mmops.net https://reports-staging.internal.mmops.net http://reports-staging.internal.mmops.net https://reports.communityrewards.me http://reports.communityrewards.me; script-src 'self' blob: 'unsafe-eval' https://acsbap.com https://acsbapp.com https://accessibeapp.com https://accessibe.com https://cdn.acsbapp.com https://web1.acsbapp.com/ https://*.brightcove.net https://vjs.zencdn.net https://connect.facebook.net http://fast.appcues.com https://fast.appcues.com https://*.logrocket.io https://*.lr-ingest.io https://*.logrocket.com https://*.lr-in.com https://static.filestackapi.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com/ https://ajax.googleapis.com https://maps.googleapis.com https://sentry.io https://assets.customer.io https://assets.zendesk.com https://static.zdassets.com https://widget-mediator.zopim.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hsadspixel.net https://js.usemessages.com https://js.hs-analytics.net https://js.hs-banner.com https://snap.licdn.com https://cs-cdn.realpage.com https://cdn.realpage.com https://tracking-dev.realpage.com https://www.youtube.com 'nonce-6JjZjmaQs9D8Gn6h0cZGKw=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.filestackapi.com https://cs-cdn.realpage.com https://players.brightcove.net https://fast.appcues.com; connect-src 'self' blob: https://acsbap.com https://acsbapp.com https://accessibeapp.com https://accessibe.com https://cdn.acsbapp.com https://web1.acsbapp.com/ https://en.wikipedia.org/ https://en.wiktionary.org/ https://*.akafms.net https://*.akamaihd.net https://*.api.brightcove.com http://*.boltdns.net https://*.brightcove.com https://*.brightcove.net https://*.cf.brightcove.com https://*.llnw.net https://*.llnwd.net https://*.media.brightcove.com https://hlstoken-a.akamaihd.net https://modernmsg-assets.s3.amazonaws.com https://cdn.filestackcontent.com https://*.filestackapi.com https://s3.amazonaws.com/filestack-uploads-persist-production/ https://mm-dev-filestack.s3-us-east-2.amazonaws.com/ https://filestack-uploads-persist-production.s3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://analytics.google.com/ https://maps.googleapis.com https://stats.g.doubleclick.net https://ekr.zdassets.com https://modernmsg.zendesk.com https://mminternal.zendesk.com https://modernmsgdashboard.zendesk.com https://widget-mediator.zopim.com wss://widget-mediator.zopim.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://www.facebook.com https://*.lr-in.com https://r.lr-ingest.io https://sentry.io https://cs-cdn.realpage.com https://cdn.realpage.com https://tracking-dev.realpage.com wss://api.appcues.net https://api.appcues.net; child-src 'self' blob: https://acsbapp.com; form-action 'self' https://www.realpage.com; manifest-src 'self' 1
child-src diem25.org mera25.de mera25.it mera25.se *.wp.com *.vimeo.com *.list-manage.com *.mailchimp.com app.getchunky.io *.ytimg.com *.diem25.org *.youtube.com *.youtube-nocookie.com *.stripe.com *.paypal.com *.soundcloud.com *.podbean.com *.twitter.com *.addtoany.com *.yanisvaroufakis.eu *.stoppt-die-schuldenbremse.jetzt 1
default-src https: wss: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: www.monumentalsportsnetwork.com https://appcms.monumentalsportsnetwork.com;font-src https: data: 'self'; img-src https: data: blob: ;media-src https: blob: ;worker-src https: blob:; 1
frame-ancestors 'self' http://www.magnumicecream.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com 1
default-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' *; object-src 'self' 'unsafe-inline' *;frame-ancestors 'none' https://player.vimeo.com https://attica-group.com 1
base-uri 'self';default-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  ;script-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  'unsafe-inline' 'unsafe-eval' https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com https://pendo-io-static.storage.googleapis.com;style-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  'unsafe-inline' https://cdn.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;img-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  data: 'unsafe-inline' https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;connect-src 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  https://cdn.pendo.io https://data.pendo.io https://pendo-static-6298861489225728.storage.googleapis.com;frame-ancestors 'self' *.voyagersopris.com:443 *.letrs.com:443 letrs.com:443 *.lexiaaspire.com:443 lexiaaspire.com:443  ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com/ https://www.google-analytics.com/ http://js.agkn.com/ https://cdn-stg.tapad.app/ https://aa.agkn.com/ http://d.agkn.com/ https://pandg.tapad.com/ https://pghub.io/; connect-src 'self' https://www.google-analytics.com/ https://lj18wdvpyu-dsn.algolia.net; img-src 'self' data: https://www.google-analytics.com https://pixel.tapad.com https://images.ctfassets.net https://d.agkn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' http://d.agkn.com/ https://pandg.tapad.com/ https://v.qq.com/ http://m.v.qq.com/ https://www.bilibili.com/ https://www.youtube.com/ https://www.google.com/; object-src 'self'; 1
default-src 'self'; font-src data: https://assets.dm.de; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.ba https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm-drogeriemarkt.ba https://tags.tiqcdn.com https://www.dm-drogeriemarkt.ba; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.ba https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cartnext.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm-drogeriemarkt.ba https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm-drogeriemarkt.ba https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; form-action 'self' https://*.bazaarvoice.com https://checkout.dm-drogeriemarkt.ba https://giftcard-checkout.dm-drogeriemarkt.ba/api/checkout https://signin.dm-drogeriemarkt.ba; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.ba https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.ba https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm-drogeriemarkt.ba https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.ba https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' mw-uk2-uat.thehut.net mw.thghosting.com *.midphase.com *.uk2group.com request.eprotect.vantivprelive.com request.eprotect.vantivcnp.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.dwin1.com *.hsforms.com *.hsforms.net *.puzzel.com *.google.com *.google.co.uk *.googleapis.com *.gdmdigital.com *.bing.com *.jquery.com platform.linkedin.com www.linkedin.com platform.twitter.com *.pingdom.net *.websitealive.com m.addthisedge.com ssl.google-analytics.com *.addthis.com *.trustpilot.com *.cloudfront.net *.visualwebsiteoptimizer.com *.adroll.com *.facebook.net www.googleadservices.com *.qualtrics.com www.google.com apis.google.com www.googletagmanager.com www.google-analytics.com cdn.syndication.twimg.com syndication.twitter.com platform.twitter.com fp.gdmdigital.com connect.facebook.net app.yieldify.com yieldify.com www.gstatic.com *.cloudfront.net tracking.websitealive.com secure.adnxs.com  www.youtube.com s.ytimg.com *.hcaptcha.com; img-src 'self' *.thgingenuity.com img.zohostatic.eu *.midphase.com *.uk2group.com *.puzzel.com *.bing.com www.linkedin.com *.gravatar.com ssl.google-analytics.com *.pingdom.net *.websitealive.com *.adroll.com *.licdn.com *.twimg.com *.bidswitch.net *.rlcdn.com *.licdn.com www.privacytrust.com *.twitter.com *.openx.net *.doubleclick.net *.cloudfront.net *.adnxs.com go.flx1.com pbs.twimg.com platform.twitter.com *.facebook.com csi.gstatic.com syndication.twitter.com s.c.lnkd.licdn.com *.etrust.org *.gstatic.com 55b558c7-resources.bk-partnersasia.com *.visualwebsiteoptimizer.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk stats.g.doubleclick.net data: https://script.hotjar.com http://script.hotjar.com; style-src 'self' 'unsafe-inline' *.midphase.com *.twitter.com *.puzzel.com *.google.com *.pingdom.net *.websitealive.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.cloudfront.net; frame-src 'self' *.midphase.com cdn.forms-content.sg-form.com *.uk2group.com *.puzzel.com *.hsforms.com *.hsforms.net *.facebook.net *.facebook.com https://vars.hotjar.com *.twitter.com *.websitealive.com staticxx.facebook.com *.addthis.com *.trustpilot.com *.google.com www.youtube.com app.yieldify.com accounts.google.com apis.google.com www.facebook.com *.hcaptcha.com; connect-src 'self' *.hcaptcha.com *.google-analytics.com *.sentry.io mw-uk2-uat.thehut.net mw.thghosting.com *.midphase.com m.addthis.com *.puzzel.com *.trustpilot.com *.pingdom.net *.twitter.com ws://127.0.0.1:35729 http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com geo.yieldify.com mw.thghosting.com bat.bing.com; font-src 'self' data: *.midphase.com http://script.hotjar.com https://script.hotjar.com *.puzzel.com fonts.gstatic.com maxcdn.bootstrapcdn.com stats.g.doubleclick.net; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.midphase.com *.puzzel.com; frame-ancestors 'self'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://gum.criteo.com https://fledge.eu.criteo.com blob: https://www.provenance.org https://app.qubit.com https://tr6.snapchat.com https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://*.contentsquare.net https://api.provenance.org https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.storystream.ai https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://upload.uploadcare.com https://598nyfqkt7.execute-api.eu-west-1.amazonaws.com https://analytics.tiktok.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.myvegan.com https://*.vimeocdn.com https://*.akamaized.net https://*.pndsn.com https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://d3g5d7323c2i6m.cloudfront.net https://player.vimeo.com https://tr.snapchat.com https://*.criteo.com https://*.criteo.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.myvegan.com https://m.myvegan.com https://checkout.myvegan.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai https://download-media.akamaized.net https://*.myvegan.com https://*.vimeocdn.com https://player.vimeo.com https://*.akamaized.net https://*.vimeocdn.com blob: https://*.myvegan.com; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://static.criteo.net https://*.criteo.com https://*.contentsquare.net https://app.contentsquare.com https://unpkg.com/@provenance/ https://apps.storystream.ai https://platform.twitter.com https://cdn.pubnub.com https://ucarecdn.com https://analytics.tiktok.com https://*.ibytedtos.com https://static.goqubit.com https://*.qubit.com https://cdn.pubnub.com https://tr.snapchat.com https://lantern.roeyecdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors app.contentstack.com 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.it https://www.myheritage.it  'nonce-68cca69ab276a26220717b07d2ca1473' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.it;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self' *.westend61.com *.westend61.de www.paypal.com; connect-src 'self' *.westend61.de *.westend61.com https://www.paypal.com https://stats.g.doubleclick.net https://ct.pinterest.com www.facebook.com; font-src 'self' *.westend61.com *.westend61.de; child-src 'self' *.westend61.com *.westend61.de https://player.vimeo.com https://www.paypal.com https://www.youtube.com https://www.youtube-nocookie.com ; img-src 'self' blob: data: *.westend61.de *.westend61.com https://www.paypalobjects.com https://www.google.com https://www.google.de https://t.paypal.com https://stats.g.doubleclick.net https://ct.pinterest.com https://px.ads.linkedin.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.westend61.de *.westend61.com https://www.paypal.com paypal.com https://www.paypalobjects.com https://www.google-analytics.com https://www.googletagmanager.com https://s.pinimg.com https://snap.licdn.com https://px.ads.linkedin.com app.plant-for-the-planet.org www.plant-for-the-planet.org https://connect.facebook.net; style-src 'self' 'unsafe-inline' *.westend61.com *.westend61.de ; manifest-src 'self' *.westend61.com *.westend61.de; frame-src 'self' *.westend61.com *.westend61.de https://www.paypal.com https://www.paypalobjects.com https://www.youtube-nocookie.com https://player.vimeo.com; object-src 'self' blob:; 1
script-src 'strict-dynamic' 'nonce-M49XJtnliF6sVOQcT1NYRw==' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors https://app.contentful.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/gtm.js; object-src 'none'; connect-src https: 'self' 'unsafe-eval' 'unsafe-inline' wss://*.iot.eu-west-1.amazonaws.com wss://*.hotjar.com wss://www.yougov.chat wss://www.yougov.chat; font-src 'self' https: 'unsafe-eval' 'unsafe-inline' data: https://themes.googleusercontent.com; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn-ukwest.onetrust.com https://static.hotjar.com https://connect.facebook.net https://app.storyblok.com https://sc-static.net https://cdn.keywee.co https://tr.snapchat.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://www.google.com.de https://www.google.com.pl https://www.google.com.es https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://cdn.yougov.chat https://*.yougov.chat https://script.hotjar.com; frame-ancestors 'self' https://*.yougov.chat https://app.storyblok.com http://account.yougov.com https://account.yougov.com http://*.yougov.net https://*.yougov.net; report-uri https://o198417.ingest.sentry.io/api/5594314/security/?sentry_key=f6766c04be5e496fa1fbd7ee7f3ded56&sentry_environment=production&sentry_release=undefined; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://gum.criteo.com https://*.recaptcha.net https://*.attn.tv https://www.youtube.com https://*.odicci.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://storyboard.storystream.ai https://content.storystream.ai wss://*.liveperson.net https://cdn-ukwest.onetrust.com https://ams.creativecdn.com https://*.attn.tv https://events.attentivemobile.com https://track.webgains.com https://api.webgains.io https://*.fragrancedirect.co.uk https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://heapanalytics.com https://*.odicci.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://script.hotjar.com https://heapanalytics.com https://campaign.odicci.com/; form-action 'self' https://www.facebook.com https://checkout.fragrancedirect.co.uk https://connect.facebook.net; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://geolocation.onetrust.com https://apps.storystream.ai https://analytics.tiktok.com https://static.criteo.net https://*.criteo.com https://cdn-ukwest.onetrust.com https://tags.creativecdn.com https://cdn.attn.tv https://track.webgains.com https://analytics.webgains.io https://*.fragrancedirect.co.uk https://static.hotjar.com https://script.hotjar.com https://cdn.heapanalytics.com https://heapanalytics.com https://*.odicci.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://static.hotjar.com https://script.hotjar.com https://heapanalytics.com https://campaign.odicci.com https://maxcdn.bootstrapcdn.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-jbzqHlt5Gr8y4YQ93oMhjQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com data: *.bootstrapcdn.com *.zopim.com applepay.cdn-apple.com *.gstatic.com *.flixcar.com media.flixfacts.com media.flixfacts.co.uk cdn.smooch.io *.haptikapi.com *.evergage.com cdn.evgnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.doubleclick.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com pay.google.com *.paysafe.com *.online-metrix.net *.signifyd.com *.facebook.com *.moneris.com *.circularhub.com *.flyertown.ca ct.pinterest.com *.google.ca *.doubleclick.net salsify-ecdn.com *.flixcar.com *.evergage.com cdn.evgnet.com form.typeform.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com imgs.signifyd.com maps.googleapis.com *.facebook.com *.meublesrd.com *.clarity.ms *.bing.com *.zopim.com *.zopim.io *.zdassets.com *.zendesk.com *.amazonaws.com *.flippenterprise.net *.wishabi.com *.wishabi.net *.placeholder.com px.ads.linkedin.com ct.pinterest.com googletagmanager.com *.googletagmanager.com *.google-analytics.com *.google.ca *.doubleclick.net sdk.privacy-center.org *.flixcar.com *.flix360.com *.flixfacts.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.io *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.pointandplace.com cdn.jwplayer.com haptikus-haptikappimg.haptikapi.com haptikappimg.haptikapi.com toolassets.haptikapi.com cdn.smooch.io *.evergage.com cdn.evgnet.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com esqa.moneris.com www3.moneris.com applepay.cdn-apple.com pay.google.com cdn-scripts.signifyd.com imgs.signifyd.com maps.googleapis.com developers.google.com polyfill.io *.paysafe.com *.trackedweb.net *.facebook.net secure.adnxs.com *.cobrowse.io *.zdassets.com *.zopim.com *.clarity.ms bam-cell.nr-data.net bam.nr-data.net *.bing.com *.smooch.io *.circularhub.com *.flippenterprise.net blob: snap.licdn.com *.adobedtm.com *.authorize.net *.jsdelivr.net ct.pinterest.com *.pinimg.com *.google.ca *.googletagmanager.com *.doubleclick.net *.googlesyndication.com *.tiktok.com sdk.privacy-center.org salsify-ecdn.com *.flixfacts.com *.flixcar.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.com *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.flix360.io *.pointandplace.com *.haptikapi.com *.evergage.com cdn.evgnet.com embed.typeform.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.meublesrd.com www.meublesrd.com *.flippenterprise.net *.googleapis.com tagmanager.google.com *.flixcar.com *.smooch.io *.haptikapi.com *.evergage.com cdn.evgnet.com embed.typeform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.doubleclick.net *.google.com *.google.ca *.flixcar.com *.flix360.com *.flixfacts.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.io *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.pointandplace.com cdn.smooch.io *.evergage.com cdn.evgnet.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.googleapis.com *.gstatic.com *.google.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.signifyd.com *.signifyd.com:11103 *.zopim.com *.zdassets.com *.zendesk.com *.paysafe.com *.facebook.net *.facebook.com *.clarity.ms *.trackedweb.net *.cobrowse.io *.bing.com *.smooch.io wss://widget-mediator.zopim.com *.chatid.com wss://api.cobrowse.io wss://api.smooch.io bam-cell.nr-data.net bam.nr-data.net sentry.io *.flippenterprise.net *.flippback.com *.flipp.com *.algolia.io cdn.linkedin.oribi.io *.ads.linkedin.com ct.pinterest.com *.doubleclick.net *.google.ca *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net google.com/pay gtm-serverside-tagging-387114.nn.r.appspot.com *.googlesyndication.com *.tiktok.com analytics.pangle-ads.com api.privacy-center.org salsify-ecdn.com *.internal.salsify.com *.flixfacts.com *.flixcar.com *.flixfacts.co.uk *.flixsyndication.net *.flix360.com *.flix360.io *.jwplatform.com *.jwpsrv.com *.jwpcdn.com *.cloudfront.net *.pointandplace.com *.haptikapi.com *.hellohaptik.com wss://*.hellohaptik.com wss://*.haptik.me *.evergage.com cdn.evgnet.com api.typeform.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' data: az589851.vo.msecnd.net embed.binkies3d.com binkiesproductionweu.servicebus.windows.net *.snapchat.com wss://collection.decibelinsight.net wss://bots.alphablues.com *.livechatinc.com *.getsitecontrol.com *.cookiebot.com *.decibelinsight.net *.alphablues.com *.tiktok.com *.exponea.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.lt *.google.ee *.google.lv *.google.co.uk *.google.se pildyk.lt *.pildyk.lt *.usabilla.com *.doubleclick.net google.com *.every-pay.com;      script-src 'self' binkiesteaserstorage.blob.core.windows.net az589851.vo.msecnd.net embed.binkies3d.com binkiescontentnode.blob.core.windows.net  *.livechatinc.com *.googlesyndication.com *.decibelinsight.net *.alphablues.com *.cookiebot.com *.googleadservices.com *.google-analytics.com *.facebook.net *.usabilla.com *.exponea.com *.googletagmanager.com *.pushpushgo.com *.getsitecontrol.com *.adform.net *.sc-static.net sc-static.net *.jquery.com *.doubleclick.net payment.ecommerce.sebgroup.com 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com *.cloudflare.com *.youtube.com *.ytimg.com pildyk.lt *.pildyk.lt *.tiktok.com *.ipstatp.com *.ibytedtos.com *.google.com *.googleapis.com *.google.com;      style-src 'self' 'unsafe-inline' az589851.vo.msecnd.net binkiescontentnode.blob.core.windows.net embed.binkies3d.com *.alphablues.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.google.com pildyk.lt;      img-src 'self' data: blob: az589851.vo.msecnd.net binkiesdevnode.blob.core.windows.net binkiescontentnode.blob.core.windows.net 'unsafe-inline' tele2.lt *.livechat-files.com *.livechat-static.com *.alphablues.com *.amazonaws.com *.pildyk.lt *.google-analytics.com *.facebook.com *.facebook.net *.cloudfront.net *.google.com *.google.lt *.google.ee *.google.lv *.google.co.uk *.google.se *.doubleclick.net *.pushpushgo.com *.getsitecontrol.com *.usabilla.com *.gstatic.com pildyk.lt *.pildyk.lt cdn.tele2.lt; worker-src 'self' blob: 1
default-src 'self';connect-src *;style-src 'self' 'unsafe-inline';font-src 'self' data:;script-src 'self' 'unsafe-eval' *.nmrodam.com *.imrworldwide.com *.sensic.net *.gstatic.com;img-src 'self' data: *.ardmediathek.de *.ard.de *.nmrodam.com *.imrworldwide.com;media-src * mediastream: blob:;frame-src 'self' *.ard.de *.nmrodam.com *.imrworldwide.com *.sensic.net mailto: tg: threema: fb-messenger:;frame-ancestors *;worker-src 'self' blob: 1
default-src 'self' www: fonts.googleapis.com fonts.gstatic.com js.mtnpaygw.mtnnigeria.net/mtn/v2 sdk.mtnpay.mtnnigeria.net pay.mtn.ng sdk.mtnpaygw.mtnnigeria.net test-gateway.mastercard.com mtn-ui.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net test-gateway.mastercard.com js.mtnpaygw.mtnnigeria.net js-proxy.mtnpaygw.mtnnigeria.net customui.mtnpaygw.mtnnigeria.net mtn-nga.dimelochat.com mtn-nga.ws.dimelo.com mtn-nga.messaging.dimelo.com js.mtnpay.mtnnigeria.net ui.mtnpay.mtnnigeria.net maps.googleapis.com data: vincentcabrera.fr www.google-analytics.com www.mymtn.com.ng mtnng-prod.voiceweb.eu mtnng-test.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com cpg-api.mtnpay.mtnnigeria.net/v2 https://pay.mtn.ng/ https://sdk.mtnpaygw.mtnnigeria.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' mtn-nga.dimelochat.com js.mtnpaygw.mtnnigeria.net/mtn/v2 sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com test-gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net mtn-ui.mtnpaygw.mtnnigeria.net js.mtnpaygw.mtnnigeria.net mtn-nga.ws.dimelo.com js-proxy.mtnpaygw.mtnnigeria.net customui.mtnpaygw.mtnnigeria.net mtn-nga.messaging.dimelo.com js.mtnpay.mtnnigeria.net maps.googleapis.com ui.mtnpay.mtnnigeria.net www.mymtn.com.ng mtnng-test.voiceweb.eu mtnng-prod.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com js.mtnpay.mtnnigeria.net/mtn/v2 cpg-api.mtnpay.mtnnigeria.net/v2 pay.mtn.ng https://pay.mtn.ng https://sdk.mtnpaygw.mtnnigeria.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; font-src 'self' https: data:; img-src 'self' https: data: http: vincentcabrera.fr www.google-analytics.com; connect-src 'self' ws: wss: blob: https: http: mtn-nga.dimelochat.com mtnng-prod.voiceweb.eu sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://mtf.gateway.mastercard.com https://cpg.mtnpay.mtnnigeria.net https://sdk.mtnpaygw.mtnnigeria.net test-gateway.mastercard.com mtn-nga.messaging.dimelo.com www.google-analytics.com mtnng-test.voiceweb.eu eum.mtnnigeria.net cdn.appdynamics.com mtnnigeria-astra.sandsiv.com js.mtnpay.mtnnigeria.net/mtn/v2 cpg-api.mtnpay.mtnnigeria.net/v2 pay.mtn.ng https://pay.mtn.ng https://pay.mtn.ng; frame-ancestors 'self' https://mtf.gateway.mastercard.com/ https://cpg.mtnpay.mtnnigeria.net/ sdk.mtnpay.mtnnigeria.net sdk.mtnpaygw.mtnnigeria.net https://sdk.mtnpaygw.mtnnigeria.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://jaapi.jobbnorge.no/fpagent https://fpjscdn.net/ https://about.jobbnorge.no/ https://ajax.googleapis.com https://browser-update.org https://www.jobbnorge.no/ https://fpnpmcdn.net/v3/e7LhfdPn2ASh8D5nTMpI/loader_v3.8.2.js https://connect.facebook.net https://browser-update.org/update.min.js https://s.ytimg.com https://policy.app.cookieinformation.com https://studio.simplifai.ai/is/ https://studio.simplifai.ai/is/api/conversation/init https://www.frantz.no/scripts/ https://frantz.no/scripts/landingPages/ https://adsby.bidtheatre.com/ https://sc-static.net/ https://snap.licdn.com/ https://api.frantz.no/scripts/tech/ https://api.frantz.no/scripts/widgets/ https://api.frantz.no/scripts/ https://api.frantz.no/scripts/landingpages/ https://tr.snapchat.com/ https://widget.gobistories.com/gwi/6 https://api.gobistories.com/api/v5/ https://res.cloudinary.com/gobi-technologies-as/ https://webaim.org/resources/contrastchecker/ https://matomo.jobbnorge.no ;                                                        connect-src https://matomo.jobbnorge.no https://eun1.fptls.com/ https://eun1.fptls3.com/ https://tr.snapchat.com/ https://tls-eun1.fpapi.io/ https://fp.jobbnorge.no/ https://app.emarketeer.com https://translate.googleapis.com https://about.jobbnorge.no/ https://export.jobbnorge.no/ https://jaapi.jobbnorge.no https://publicapi.jobbnorge.no https://id.jobbnorge.no/ https://www.jobbnorge.no/ https://studio.simplifai.ai/is/api/ https://www.facebook.com https://consent.app.cookieinformation.com https://policy.app.cookieinformation.com https://xp.frantz.no https://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js https://browser-update.org/update.show.min.js https://s.ytimg.com/ https://studio.simplifai.ai/ https://about.jobbnorge.no/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/ https://connect.facebook.net/ https://browser-update.org/update.min.js https://policy.app.cookieinformation.com https://adsby.bidtheatre.com https://sc-static.net https://snap.licdn.com https://www.frantz.no/scripts/ https://frantz.no/scripts/landingPages/ https://adsby.bidtheatre.com/ https://cdn.linkedin.oribi.io/partner/1077233/domain/jobbnorge.no/ https://widget.gobistories.com/gwi/6 https://api.gobistories.com/api/v5/ https://res.cloudinary.com/gobi-technologies-as/ https://webaim.org/resources/contrastchecker/;                style-src 'self' 'unsafe-inline'  https://pro.fontawesome.com/releases/v5.7.1/css/all.css https://about.jobbnorge.no/ https://fonts.googleapis.com https://pro.fontawesome.com/releases/v5.15.3/css/ https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/;               report-uri https://jobbnorge.report-uri.com/r/t/csp/reportOnly 1
frame-ancestors 'self' *.windy.com:* 1
default-src 'self' policy.cookiereports.com www.youtube-nocookie.com data: 'unsafe-eval';         style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com;         img-src 'self' policy.cookiereports.com *.google-analytics.com *.googletagmanager.com data: ;         connect-src 'self' policy.cookiereports.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com;         script-src 'self' ajax.googleapis.com www.google.com www.gstatic.com policy.cookiereports.com www.bugherd.com *.googletagmanager.com 'unsafe-inline'             'unsafe-eval' *.cloudfront.net *.youtube.com www.google-analytics.com;         font-src 'self' fonts.googleapis.com fonts.gstatic.com *.cloudfront.net www.bugherd.com data: 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketo.com *.pricespider.com *.hotjar.com *.1worldsync.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com api.tiles.mapbox.com bat.bing.com cdnjs.cloudflare.com cdn.cookielaw.org code.jquery.com connect.facebook.net googleads.g.doubleclick.net j.6sc.co malsup.github.io maxcdn.bootstrapcdn.com munchkin.marketo.net snap.licdn.com static.cloud.coveo.com stats.sa-as.com tags.srv.stackadapt.com twin-iq.kickfire.com ui.powerreviews.com us-st.smartassistant.com use.typekit.net ws.zoominfo.com www.googletagmanager.com www.google-analytics.com www.youtube.com ; style-src 'self' 'unsafe-inline' *.marketo.com *.pricespider.com *.1worldsync.com api.tiles.mapbox.com cdnjs.cloudflare.com code.jquery.com maxcdn.bootstrapcdn.com tags.srv.stackadapt.com ui.powerreviews.com us-st.smartassistant.com *.typekit.net ; img-src 'self' data: blob: *.1worldsync.com bat.bing.com b.6sc.co cdn.pricespider.com connect.facebook.net embeddedcloud.pricespider.com gojo.liquifire.com i.ytimg.com img.youtube.com p.typekit.net px.ads.linkedin.com px4.ads.linkedin.com res.cloudinary.com stats.sa-as.com *.powerreviews.com twin-iq.kickfire.com us-st.smartassistant.com us-st3-bucket.s3.amazonaws.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com www.linkedin.com http://images.salsify.com ; media-src 'self' *.s3.amazonaws.com player.vimeo.com ; frame-src 'self' *.marketo.com *.hotjar.com airtable.com td.doubleclick.net ww2.gojo.com www.youtube.com www.facebook.com *.linkedin.com *.onetrust.com ; connect-src 'self' wss: *.6sc.co *.hotjar.com *.hotjar.io *.marketo.com *.onetrust.com *.tiles.mapbox.com 180-zia-109.mktoresp.com analytics.google.com api.mapbox.com cdn.cookielaw.org cdn.linkedin.oribi.io display.powerreviews.com events.mapbox.com gojo.com secure.adnxs.com stats.g.doubleclick.net tags.srv.stackadapt.com px.ads.linkedin.com ui.powerreviews.com ws.zoominfo.com www.facebook.com www.gojo.com www.google-analytics.com ; font-src 'self' *.cloudfront.net *.1worldsync.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.typekit.net ; worker-src blob: ; child-src blob: ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.redditstatic.com www.googleadservices.com fhb-engineering.atlassian.net www.youtube.com cdn.jsdelivr.net builder.lift.acquia.com cdn.lift.acquia.com www.googletagmanager.com www.google-analytics.com production-cdn.lift.acquia.com siteimproveanalytics.com js-agent.newrelic.com bam.nr-data.net www.onlinebanktours.com *.vimeo.com ajax.googleapis.com unpkg.com connect.facebook.net connect.facebook.net/en_US/fbevents.js cdn.segment.com cdn.amplitude.com *.resonate.com *.google-analytics.com *.analytics.google.com www.facebook.com/* bat.bing.com sc-static.net snap.licdn.com *.tpc.googlesyndication.com s.pinimg.com tr.snapchat.com cds-sdkcfg.onlineaccess1.com cdn.timetrade.com api.glia.com *.salemove.com ct.pinterest.com; object-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.onlinebanktours.com cdnjs.cloudflare.com builder.lift.acquia.com *.salemove.com; img-src 'self' 'unsafe-inline' d.turn.com 10563763.fls.doubleclick.net fonts.gstatic.com r.turn.com data.adxcel-ec2.com www.googleadservices.com alb.reddit.com googleads.g.doubleclick.net www.googletagmanager.com www.facebook.com www.google.com www.google-analytics.com alpixtrack.com *.global.siteimproveanalytics.io cdn.oectours.com *.calcxml.com i.ytimg.com *.onlinebanktours.com bat.bing.com px.ads.linkedin.com *.insight-event.brandcdn.com tr.snapchat.com px.ads.linkedin.com *.adsymptotic.com ct.pinterest.com ad.doubleclick.net fhb.prod.acquia-sites.com data:; media-src 'self' 'unsafe-inline' www.youtube.com youtube.com *.youtu.be youtu.be vimeo.com *.vimeo.com cdn.oectours.com www.learnaboutmoneymovement.com fhb.com; frame-src 'self' 10563763.fls.doubleclick.net www.onlinebanktours.com onlinebanktours.com www.youtube.com *.vimeo.com www.figma.com *.doubleclick.net www.facebook.com/* bat.bing.com tr.snapchat.com ct.pinterest.com *.timetradesystems.com www04.timetrade.com; frame-ancestors 'self'; child-src 'self' 10563763.fls.doubleclick.net www.onlinebanktours.com www.youtube.com *.vimeo.com www.figma.com *.doubleclick.net www.facebook.com/* bat.bing.com tr.snapchat.com blob:; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' sessions.bugsnag.com us-east-1-decisionapi.lift.acquia.com www.google.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net alpixtrack.com www.onlinebanktours.com cdn.oectours.com api.segment.io api.amplitude.com d.turn.com ds.reson8.com connect.facebook.net/* www.facebook.com/* bat.bing.com tr.snapchat.com cdn.linkedin.oribi.io ct.pinterest.com  api.glia.com *.salemove.com wss://pubsub.salemove.com analytics.google.com *.linkedin.com *.snapchat.com 1
frame-ancestors *.igre123.net igre123.net; 1
default-src https: 'unsafe-eval' 'unsafe-inline' data: blob: 1
default-src 'self' blob: *.fitchsolutions.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ajax.googleapis.com *.doubleclick.net td.doubleclick.net *.td.doubleclick.net *.fitchsolutions.com *.googleadservices.com googleads.g.doubleclick.net *.linkedin.com *.ads.linkedin.com linkedin.com *.ampproject.org app-lon06.marketo.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com reveal.clearbit.com *.googletagmanager.com players.brightcove.net *.google-analytics.com *.analytics.google.com analytics.google.com *.evidon.com cdn2.funnelenvy.com assets.map.brightcove.com your.fitchsolutions.com snap.licdn.com static.hotjar.com munchkin.marketo.net js.idio.co script.hotjar.com s.idio.co api.idio.co cdn.jsdelivr.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com *.clearbitscripts.com *.clearbit.com *.clearbitjs.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.fitchsolutions.com *.googletagmanager.com use.fontawesome.com unpkg.com app-lon06.marketo.com cdnjs.cloudflare.com fonts.googleapis.com players.brightcove.net ; object-src 'none'; frame-src 'self' *.fitchsolutions.com *.doubleclick.net *.hotjar.com  bid.g.doubleclick.net *.fls.doubleclick.net td.doubleclick.net *.td.doubleclick.net infogram.com e.infogram.com infogram-download-eu.s3.eu-west-1.amazonaws.com infogram-download-us2.s3.eu-west-1.amazonaws.com indd.adobe.com *.evidon.com; img-src 'self' data: cf-images.us-east-1.prod.boltdns.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.twitter.com t.co googleads.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.ads.linkedin.com linkedin.com *.gstatic.com *.google.co.uk *.fitchsolutions.com metrics.brightcove.com *.evidon.com *.linkedin.com p.adsymptotic.com a.idio.co *.google-analytics.com *.analytics.google.com www.google.com www.google.co td.doubleclick.net *.td.doubleclick.net www.google.co.uk; font-src 'self' data: *.fitchsolutions.com fonts.gstatic.com use.fontawesome.com; media-src 'self' blob: *.fitchsolutions.com *.boltdns.net *.brightcove.com videos.ctfassets.net *.akamaihd.net *.brightcove.net; prefetch-src 'self' *.fitchsolutions.com *.google-analytics.com *.analytics.google.com; connect-src 'self' blob: *.fitchsolutions.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.brightcove.com *.brightcove.net 732-ckh-767.mktoresp.com fx.fitchgroup.co *.boltdns.net *.akamaihd.net *.crazyegg.com *.idio.co *.brightcovecdn.com *.marketo.net *.fitch.group *.evidon.com *.funnelenvy.com *.google-analytics.com *.analytics.google.com fonts.googleapis.com *.piwikpro.com snap.licdn.com images.ctfassets.net fonts.gstatic.com stats.g.doubleclick.net api.sjpf.io api.fpjs.io *.hotjar.com:* vc.hotjar.io:* surveystats.hotjar.io wss://*.hotjar.com *.hotjar.com *.hotjar.io notify.bugsnag.com *.clearbit.com cdn.linkedin.oribi.io *.google-analytics.com *.analytics.google.com *.clearbit.com *.linkedin.oribi.io td.doubleclick.net *.td.doubleclick.net *.google.com 1
default-src 'self' data: https://consentcdn.cookiebot.com; script-src 'strict-dynamic' 'nonce-AV83QIfr8sFFycCaDXzZm6igfIgnAh3C4If1cIvaVVE=' blob: https://dwin1.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/api.js https://*.googletagmanager.com https://www.google-analytics.com/analytics.js https://remote.captcha.com/include.js https://fat.financeads.net; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src 'self' https://www.awin1.com https://www.google.com https://consentcdn.cookiebot.com https://www.youtube.com; connect-src 'self' http://awin1.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; img-src 'self' data: https://www.financeads.net http://*.awin1.com https://*.awin1.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; 1
default-src *;img-src * data:; style-src 'self' 'unsafe-inline' *.fbstatic.cn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fbstatic.cn *.captcha.qq.com *.gtimg.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.puthiyathalaimurai.com;block-all-mixed-content; 1
frame-ancestors 'self' https://www.gobio.com *.gobio.com *.gobio.com 1
default-src https: data: wss: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com 1
base-uri https://*.tennisfame.com; default-src 'self' 'unsafe-inline' data: https: wss: http://192.168.105.45 https://ithof.staging53.com http://res.cloudinary.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://itp-atp-sls.infosys-platforms.com https://connect.facebook.net https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://*.googleapis.com https://www.google-analytics.com https://translate.google.com https://platform.twitter.com https://cdn.syndication.twimg.com https://*.sharethis.com https://count-server.sharethis.com https://ithf.disqus.com https://c.disquscdn.com https://disqus.com http://res.cloudinary.com https://www.tennisfame.com https://bbox.blackbaudhosting.com https://t.sharethis.com https://*.en25.com https://*.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.adnxs.com http://*.affec.tv https://*.hs-scripts.com https://*.dafdirect.org https://*.hs-analytics.net https://*.hsadspixel.net https://*.hscollectedforms.net https://*.licdn.com https://*.curator.io https://*.hsforms.net https://*.hsforms.com https://*.youtube.com https://*.ytimg.com https://*.hs-banner.com https://*.visme.co https://*.hubapi.com https://*.adsrvr.org https://*.rtb123.com; object-src 'self' 'unsafe-inline' data: https://www.tennisfame.com https://cdn0.scrvt.com; block-all-mixed-content; 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; connect-src 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; report-uri https://netcorr.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' apurofutbol.net embed.apurofutbol.net clarovideo.apurofutbol.net directvapg.co tv.apurofutbol.net embed.directvapg.co 1
frame-ancestors 'self' https://*.atrapalo.com.ar; report-uri /csp/report; 1
frame-ancestors 'self' support.azazie.com customerservice.azazie.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-ZyiccmzAVsUt5aAg52IYn6ms2' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self' https://metrics.hotjar.io/ https://cdn-prod.securiti.ai/consent/ https://api-js.mixpanel.com/track/ https://analytics.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com https://www.google.com/;base-uri 'self';font-src 'self' https://*.hotjar.com https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: https://storage.googleapis.com/ https://www.facebook.com/ https://googleads.g.doubleclick.net https://*.hotjar.io/ https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br/;connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com/ https://cdn-prod.securiti.ai/ https://api-js.mixpanel.com/ https://analytics.google.com/ https://www.google.com.br/ads/ https://engineering.alliar.com/ https://tech.alliar.com/ https://app.securiti.ai/ https://stats.g.doubleclick.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.br;script-src 'self' https://cdn-prod.securiti.ai/consent/ https://*.hotjar.com/ https://googleads.g.doubleclick.net/ https://analytics.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://api-js.mixpanel.com/track/ https://connect.facebook.net/ https://www.googleadservices.com/ https://*.googletagmanager.com https://www.gstatic.com/ 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com/ https://assets.allianca.com/ https://snap.licdn.com/;script-src-attr 'none';style-src 'self' https://*.hotjar.com https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.privacytools.com.br *.googleapis.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.ampproject.org *.taboola.com *.criteo.com *.criteo.net *.bing.com *.clarity.ms *.clarity.net *.facebook.net *.facebook.com *.google.com *.google.com.br *.vercel.com vercel.live *.force.com *.salesforceliveagent.com *.salesforce.com *.visualforce.com *.documentforce.com *.doubleclick.net *.zoho.com *.zohocdn.com *.zohostatic.com *.embracon.online *.embracon.com.br ws://vts.zohopublic.com wss://ws-us3.pusher.com *.zohopublic.com *.socdm.com *.yahoo.com *.outbrain.com *.emxdgt.com *.useinsider.com *.salesforce-sites.com *.handtalk.me assets.volkswagen.com *.digitaloceanspaces.com data:; img-src * data: blob:; 1
frame-ancestors *.giochi123.net giochi123.net; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.cookielaw.org www.google-analytics.com ajax.googleapis.com www.google.com google.com gstatic.com www.gstatic.com www.googletagmanager.com code.jquery.com cdn.datatables.net maxcdn.bootstrapcdn.com use.fontawesome.com files.cdn.leadfamly.com tcapweb3.slash.ph:8888 tcapweb3.slash.ph:2222 cdns.global.gigya.com dcams.app; style-src 'self' 'unsafe-inline' cdn.cookielaw.org fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.datatables.net tcapweb3.slash.ph:8888 tcapweb3.slash.ph:2222 ; font-src 'self' fonts.gstatic.com; frame-ancestors 'self' neulandtv-philipines.videomarketingplatform.co www.scanpack.com scanpack.com marlboro.test; worker-src 'self' blob:; frame-src 'self' vimeo.com player.vimeo.com neulandtv-philipines.videomarketingplatform.co iqos.buzz www.google.com neulandtv-philippines.videomarketingplatform.co scanpak.videomarketingplatform.co cleanmoves-qa.marlboro.ph tcapweb3.slash.ph:8888 tcapweb3.slash.ph:2222 cdns.us1.gigya.com cdns.eu1.gigya.com cdns.au1.gigya.com cdns.eu2.gigya.com cdns.cn1.sapcdmn.cn cdns.global.gigya.com philip-morris-philippines-b2c.leadfamly.com frontend.dcams.app; 1
frame-ancestors 'self' https://*.ciftm9oqyc-doveriebr1-p1-public.model-t.cc.commerce.ondemand.com 1
frame-ancestors 'self' https://edicoladigitale.sprintesport.it/ http://testbaba.virtualcms.it 1
connect-src 'self' https://api.suraenlinea.com https://api-flujo-ventas-digitales.herokuapp.com https://integrador-sura-sel.herokuapp.com https://maestros-ventas-digitales-pdn.herokuapp.com undefined https://validar-identidad.herokuapp.com https://ohs-ventas-movilidad-pdn.herokuapp.com https://ohs-ventas-digitales-soat-pdn.herokuapp.com https://api-flujo-ventas-soat-pdn.herokuapp.com https://*.ca.com https://*.hotjar.com wss://*.hotjar.com https://syndication.twitter.com/settings https://*.optimonk.com wss://*.tawk.to wss://*.zopim.com https://*.segurossura.com.co https://by2.uservoice.com https://segurossura.com.co https://*.wisepops.com https://nominatim.openstreetmap.org https://*.prismic.io https://*.cdn.prismic.io https://*.googlevideo.com https://tagmanager.google.com/debug https://assets.uvcdn.com https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://pgr-qa-api.pagerinc.com https://*.pager.com https://*.segurossura.com  https://*.amazonaws.com http://*.ecosistemadigitalsura.com https://appslab.suranet.com https://*.inbenta.com https://*.inbenta.io https://*.salesforce.com https://sura-sel-pagos-lab.herokuapp.com https://sura-sel-pagos-test.herokuapp.com https://api-sura-sel-pagos.herokuapp.com https://ohs-ventas-movilidad-pdn.herokuapp.com https://in.hotjar.com https://vc.hotjar.io https://apisaluddigital.suraenlinea.com https://*.fontawesome.com https://1t2v7xafne.execute-api.us-east-1.amazonaws.com https://ybsd9lvv2g.execute-api.us-east-1.amazonaws.com https://worldtimeapi.org https://*.secure.force.com https://www.google-analytics.com https://api.ipify.org https://fd-ecosistemadigitalpersonas-dllo-001.azurefd.net https://apidigital.segurossura.com.co https://stats.g.doubleclick.net https://analytics.google.com https://*.suracovid-test.form.io/seguroplaneligetest https://*.form.io/ https://parly-webchat-suraco-mastertibot.10prniy4eo5z.us-east.codeengine.appdomain.cloud https://directline.botframework.com wss://directline.botframework.com https://*.hotjar.io https://*.uc.r.appspot.com https://*.linkedin.oribi.io https://*.teads.tv https://*.clarity.ms https://*.tiktok.com https://apidigital.suraenlinea.com https://*.creativecdn.com https://*.bing.com https://*.linkedin.com https://*.google.com.co https://*.app.vwo.com https://*.medallia.eu https://*.stape.io https://*.visualwebsiteoptimizer.com;script-src 'self' https://agendamientogrmovilidad.z13.web.core.windows.net https://*.ca.com https://*.bkrtx.com https://*.gstatic.com https://*.sociomantic.com https://*.ads-twitter.com https://*.thacomo.com https://*.wisepops.com https://by2.uservoice.com https://www.suraenlinea.com https://*.prismic.io https://*.cdn.prismic.io https://cdn.syndication.twimg.com https://js.stripe.com https://s.ytimg.com  https://*.uservoice.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://*.visualwebsiteoptimizer.com https://www.googleadservices.com https://connect.facebook.net https://*.twitter.com https://pgr-qa-api.pagerinc.com https://*.pager.com https://*.segurossura.com https://*.amazonaws.com http://*.ecosistemadigitalsura.com https://*.google.com https://*.zopim.com https://*.optimonk.com https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://*.inbenta.com https://*.inbenta.io 'unsafe-inline' 'unsafe-eval' https://assets.uvcdn.com https://*.suraenlinea.com https://*.hotjar.com https://*.fontawesome.com https://service.force.com https://p.teads.tv/teads-fellow.js https://*.salesforce.com https://*.secure.force.com https://snap.licdn.com https://px.sunmedia.tv https://agendamientocsmovilidad.z13.web.core.windows.net https://parly-webchat-suraco-mastertibot.10prniy4eo5z.us-east.codeengine.appdomain.cloud https://*.clarity.ms https://*.tiktok.com https://*.adnxs.com https://*.googleoptimize.com https://*.g.doubleclick.net https://*.yimg.com https://*.go2aluna.co https://*.stape.io https://*.creativecdn.com https://*.visualwebsiteoptimizer.com https://*.googleapis.com https://*.app.vwo.com https://*.medallia.eu https://*.bing.com https://*.linkedin.com https://*.google.com.co;img-src 'self' https://api.suraenlinea.com data:  https://pop.thacomo.com https://static.placetopay.com https://pbs.twimg.com https://*.wisepops.com https://*.twimg.com https://dev.visualwebsiteoptimizer.com https://res.cloudinary.com https://*.prismic.io https://*.cdn.prismic.io https://www.segurossura.com.co https://prismic-io.s3.amazonaws.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://www.google.com https://www.facebook.com https://*.twitter.com https://t.co https://www.google.com.co http://www.sura.com https://tagmanager.google.com/debug https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://*.inbenta.com https://*.inbenta.io https://s3-us-west-2.amazonaws.com https://*.fontawesome.com https://*.gstatic.com https://*.teads.tv https://alunatrack.g2afse.com https://parly-webchat-suraco-mastertibot.10prniy4eo5z.us-east.codeengine.appdomain.cloud https://*.googletagmanager.com https://*.ads.linkedin.com https://*.clarity.ms https://*.linkedin.com https://*.bing.com;media-src https://www.youtube.com https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://*.inbenta.com https://*.fontawesome.com https://*.teads.tv https://*.inbenta.io data:; style-src 'self'  https://agendamientogrmovilidad.z13.web.core.windows.net https://*.optimonk.com https://fonts.googleapis.com https://platform.twitter.com https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css https://cdn.jsdelivr.net https://pro.fontawesome.com/releases/v5.10.2/css/all.css https://tagmanager.google.com/debug/css.css https://*.ca.com/ https://*.salesforceliveagent.com/ https://*.cloudfront.net https://*.inbenta.com https://*.fontawesome.com https://translate.googleapis.com https://*.inbenta.io https://optimize.google.com https://service.force.com https://*.teads.tv https://*.secure.force.com https://agendamientocsmovilidad.z13.web.core.windows.net https://*.unpkg.com/formiojs@latest/dist/formio.full.min.css https://cdn.botframework.com https://parly-webchat-suraco-mastertibot.10prniy4eo5z.us-east.codeengine.appdomain.cloud 'https://www.googletagmanager.com 'unsafe-inline'; 1
frame-ancestors 'self' 'darwinbox.in'; 1
frame-ancestors 'self' https://yobingo-statices.casinomodule.com/ https://www.yobingo.es/ https://www.yocasino.es/ https://www.enracha.es/ 1
default-src 'self' *.edfinancial.com *.studentaid.gov; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.powerplatform.com https://home-c72.niceincontact.com/inContact/ChatClient/js/embed.min.js https://cdn.botframework.com/botframework-webchat/latest/webchat.js https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js https://www.googletagmanager.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://connect.facebook.net/en_US/sdk.js https://cookieinfoscript.com/js/cookieinfo.min.js https://www.google.com/recaptcha/api.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/ https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/js/bootstrap.min.js https://kit.fontawesome.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; connect-src 'self' wss://unitedstates.directline.botframework.com https://unitedstates.directline.botframework.com *.powerplatform.com https://powerva.microsoft.com/api/botmanagement/v1/directline/directlinetoken https://directline.botframework.com/v3/directline/ wss://directline.botframework.com/v3/directline/conversations/ https://www.google-analytics.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://kit.fontawesome.com; font-src 'self' https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://fonts.gstatic.com/; frame-src 'self' https://home-c72.niceincontact.com/ https://*.opendns.com/ https://www.facebook.com https://www.google.com/ https://www.youtube.com; img-src 'self' data: https://edfinancial.studentaid.gov https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; form-action 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' https://mw5mercs.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://plugin.monotote.com https://isitetv.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://sgtm.thehut.de; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.thehut.de https://m.thehut.de https://checkout.thehut.de https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://s.trustpilot.com https://plugin.monotote.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://google.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com https://sgtm.thehut.de; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.geotab.com *.google.com *.google.ca *.googleapis.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.incontact.com *.salesforce.com  *.buzzsprout.com *.visualwebsiteoptimizer.com *.vidyard.com *.twitter.com *.ads-twitter.com https://www.youtube.com https://script.crazyegg.com https://googleads.g.doubleclick.net https://514004470.collect.igodigital.com/collect.js https://connect.facebook.net https://snap.licdn.com https://cmp.osano.com https://bugcrowd.com https://*.bugcrowdusercontent.com *.linkedin.com blob: https://s.saleswingsapp.com/ https://cdn.c212.net/ https://c212.net https://pixel.mathtag.com/ *.zoominfo.com *.clickagy.com *.6sc.co https://client-registry.mutinycdn.com/; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net *.zoominfo.com data:; style-src 'self' 'unsafe-inline' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.typekit.net; img-src * data:; connect-src *; object-src *; frame-src 'self' *.geotab.com *.google.com *.google.ca *.googleapis.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.youtube.com *.facebook.com *.salesforce.com https://home-c19.incontact.com *.doubleclick.net https://www.buzzsprout.com https://attendee.gotowebinar.com https://register.gotowebinar.com *.vidyard.com https://www.youtube.com https://cmp.osano.com https://www.recaptcha.net https://bugcrowd.com *.linkedin.com https://calendly.com/ https://www.youtube-nocookie.com https://pixel.mathtag.com/; media-src 'self' *.googleapis.com webtest2.geotab.com webtest3.geotab.com; frame-ancestors 'self' *.geotab.com https://geotab.my.salesforce.com; 1
img-src 'self' data: https://lh3.ggpht.com https://*.google-analytics.com *.google.com https://www.google.com https://*.googleadservices.com https://*.googleapis.com *.googlesyndication.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://maps.gstatic.com https://*.hsforms.com *.hubspot.com https://*.lenze.com/ https://*.linkedin.com https://*.hana.ondemand.com/ https://via.placeholder.com https://*.twimg.com https://platform.twitter.com https://syndication.twitter.com https://*.vimeocdn.com *.youtube.com *.ytimg.com https://i.ytimg.com https://www.google.de https://eu6.heatmap.it *.doubleclick.net https://*.hubspotusercontent40.net https://*.google.nl https://cdn.cookielaw.org https://*.ads.linkedin.com https://px.ads.linkedin.com fonts.gstatic.com *.gstatic.com gstatic.com https://www.google.hu https://www.google.co https://www.google.ch https://www.google.pt https://www.google.com.mx https://www.google.ca https://www.google.es https://www.google.sm https://www.google.com.sa https://www.google.com.tw https://www.google.com.pk https://www.facebook.com  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com blob: cdn2.hubspot.net forms.hsforms.com https://x4support.lenze.digital https://outlook.office365.com; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://kit.fontawesome.com https://*.google-analytics.com/ https://*.google.com https://www.google.com https://*.googleadservices.com https://maps.googleapis.com https://*.googlesyndication.com https://www.googletagmanager.com/ https://*.googletagservices.com https://js.hs-banner.com https://js.hs-scripts.com https://forms.hsforms.com https://*.hubspot.com https://code.jquery.com https://*.lenze.com https://snap.licdn.com/li.lms-analytics/ https://*.hana.ondemand.com/ https://geolocation.onetrust.com https://cdn.syndication.twimg.com https://platform.twitter.com https://unpkg.com https://js.usemessages.com https://m.youtube.com https://www.youtube.com https://players.yumpu.com https://polyfill.io https://u.heatmap.it https://u.heatmap.it/log.js https://*.doubleclick.net https://googleads.g.doubleclick.net https://connect.facebook.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.hscta.net https://js.hsforms.net https://js.hsleadflows.net https://cdn.jsdelivr.net https://cdn.cookielaw.org https://google-analytics.com about: https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.hscollectedforms.net https://js-na1.hs-scripts.com ajax.googleapis.com; style-src 'report-sample' 'self' 'unsafe-inline' *.google.com fonts.googleapis.com https://*.lenze.com/ https://*.hana.ondemand.com/ https://ton.twimg.com https://platform.twitter.com https://www.googletagmanager.com translate.googleapis.com; frame-src https://player.vimeo.com blob: forms.hsforms.com *.yumpu.com *.google.com *.googlesyndication.com https://*.lenze.com/ https://lenze-portal.rexx-recruitment.com www.youtube-nocookie.com youtu.be *.youtube.com *.doubleclick.net *.hana.ondemand.com https://www.googletagmanager.com https://www.linkedin.com https://platform.twitter.com https://www.facebook.com https://syndication.twitter.com https://onyx.www.linkedin.com https://www.linkedin.cn https://www.linkedin.com https://web.facebook.com https://bid.g.doubleclick.net js.hsadspixel.net *.hubspot.com js.hscollectedforms.net js.usemessages.com https://docfinderreloadedstg.blob.core.windows.net https://outlook.office365.com; media-src dai.google.com https://*.lenze.com/ data: https://*.hana.ondemand.com *.lenze.cn; object-src 'self' *.googlesyndication.com https://*.lenze.com/ https://*.hana.ondemand.com; font-src 'self' data: https://ka-f.fontawesome.com fonts.googleapis.com fonts.gstatic.com https://*.lenze.com/ https://*.hana.ondemand.com/ https://ui5.sap.com; form-action forms.hsforms.com forms.hubspot.com *.google.com https://*.lenze.com https://*.hana.ondemand.com https://syndication.twitter.com platform.twitter.com *.lenze.cn https://get.teamviewer.com; worker-src blob: www.google.com https://*.lenze.com/ https://*.hana.ondemand.com; connect-src 'self' about: https://forms.hscollectedforms.net https://region1.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://extreme-ip-lookup.com https://ka-f.fontawesome.com https://www.google-analytics.com *.google.com https://maps.googleapis.com *.googlesyndication.com https://pagead2.googlesyndication.com www.googletagservices.com forms.hsforms.com api.hubapi.com *.hubspot.com https://forms.hubspot.com https://*.lenze.com/ https://*.hana.ondemand.com/ https://privacyportal-de.onetrust.com https://scandk1.scandit.com https://*.lenze.eec.gec.io *.doubleclick.net https://cdn.jsdelivr.net https://cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com js.usemessages.com js.hsleadflows.net js.hs-banner.com js.hubspotfeedback.com js.hsadspixel.net js.hs-analytics.net js.hs-scripts.com https://geolocation.onetrust.com api.hsforms.com apps-digital-services.lenze.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://js.hscollectedforms.net https://www.google.hu https://www.google.co https://www.google.ch https://www.google.pt https://www.google.com.mx https://www.google.ca https://www.google.es https://www.google.sm https://www.google.com.sa https://www.google.com.tw https://www.google.com.pk https://www.facebook.com  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google.de; child-src blob: *.google.com *.googlesyndication.com https://*.lenze.com/ www.youtube.com *.doubleclick.net https://*.hana.ondemand.com app.hubspot.com forms.hsforms.com js.hsadspixel.net js.hscollectedforms.net js.usemessages.com; default-src 'self' blob: https://*.facebook.com https://www.google.com https://forms.hsforms.com https://forms.hubspot.com https://*.lenze.com/ https://www.linkedin.com https://*.hana.ondemand.com/ https://lenze-portal.rexx-recruitment.com https://platform.twitter.com https://syndication.twitter.com https://player.vimeo.com https://www.youtube-nocookie.com https://www.youtube.com https://www.yumpu.com https://*.doubleclick.net https://*.lenze.cn; report-uri https://csp-report.lenze.com/api/3/security/?sentry_key=38d57e3bed4640f198e8cb5a750ff134&sentry_environment=production 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ www.googletagmanager.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://ssl.google-analytics.com/urchin.js https://embed.tawk.to https://dc.services.visualstudio.com ;style-src 'self' 'unsafe-inline';img-src 'self' data: https:;media-src 'self';font-src 'self' data:;form-action 'self' *.cybersource.com;frame-ancestors 'self';frame-src 'self' www.google.com/recaptcha/;block-all-mixed-content 1
frame-ancestors 'self'; script-src *.tp88trk.com *.bigcommerce.com *.haircode.com pghub.io *.moatads.com *.online-metrix.net *.azurewebsites.net *.jquery.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.lightboxcdn.com *.lytics.io *.cookielaw.org *.onetrust.com *.crazyegg.com *.segment.com *.segment.io *.snapchat.com sc-static.net *.tapad.com *.google.com *.gstatic.com *.adsrvr.org blob: 'self' 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' https://urbanmusic.es https://www.marcaentradas.com https://metropolientradas.es https://www.metropolientradas.es https://www.eventsentradas.com https://eventsentradas.com 1
frame-ancestors 'self' app.pendo.io https://datamma.guides.nelnet.com  *.home-c73.niceincontact.com home-c73.niceincontact.com:* 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.stripe.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'self'; media-src https://files.xeovo.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' dbs.degussa-bank.de api.dbs.degussa-bank.de saofccdnprodttsxasv1wfmo.blob.core.windows.net dc.services.visualstudio.com *.luware.cloud *.service.signalr.net wss://*.service.signalr.net ecs.office.com browser.events.data.microsoft.com *.skype.com wss://*.skype.com *.teams.microsoft.com ofc-cdn.azureedge.net ecs.communication.microsoft.com wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com go-eu.trouter.communication.microsoft.com business-customer.vwd.com *.doubleclick.net www.google.de www.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com *.analytics.google.com *.usercentrics.eu chat600.realperson.de webid-gateway.de api.ahoyrtc.com;connect-src 'self' dbs.degussa-bank.de api.dbs.degussa-bank.de saofccdnprodttsxasv1wfmo.blob.core.windows.net dc.services.visualstudio.com *.luware.cloud *.service.signalr.net wss://*.service.signalr.net ecs.office.com browser.events.data.microsoft.com *.skype.com wss://*.skype.com *.teams.microsoft.com ofc-cdn.azureedge.net ecs.communication.microsoft.com wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com go-eu.trouter.communication.microsoft.com business-customer.vwd.com webid-gateway.de api.ahoyrtc.com *.usercentrics.eu wss://*.degussa-bank.de wss://*.liferay.prod.aws.degbank.local www.google.de www.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' dbs.degussa-bank.de api.dbs.degussa-bank.de saofccdnprodttsxasv1wfmo.blob.core.windows.net dc.services.visualstudio.com *.luware.cloud *.service.signalr.net wss://*.service.signalr.net ecs.office.com browser.events.data.microsoft.com *.skype.com wss://*.skype.com *.teams.microsoft.com ofc-cdn.azureedge.net ecs.communication.microsoft.com wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com go-eu.trouter.communication.microsoft.com business-customer.vwd.com webid-gateway.de api.ahoyrtc.com chat600.realperson.de *.usercentrics.eu www.google.de www.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com *.analytics.google.com;frame-src 'self' outlook.office365.com *.vimeo.com www.mr-money.de www.youtube.com *.usercentrics.eu degussapublic.factsheetslive.com;frame-ancestors 'self' *.degussa-bank.de *.liferay.prod.aws.degbank.local www.heim-und-immobilie.de *.mitarbeitervorteile.de intranet.indego.de intranet.degbank.local *.prodyna.com *.check24.de liferay-develop-iframe-test.s3.eu-central-1.amazonaws.com;img-src 'self' blob: data: dbs.degussa-bank.de api.dbs.degussa-bank.de saofccdnprodttsxasv1wfmo.blob.core.windows.net dc.services.visualstudio.com *.luware.cloud *.service.signalr.net wss://*.service.signalr.net ecs.office.com browser.events.data.microsoft.com *.skype.com wss://*.skype.com *.teams.microsoft.com ofc-cdn.azureedge.net ecs.communication.microsoft.com wss://*.trouter.teams.microsoft.com *.events.data.microsoft.com go-eu.trouter.communication.microsoft.com www.google.de www.google.com *.googleapis.com *.google-analytics.com *.gstatic.com www.googletagmanager.com *.analytics.google.com *.usercentrics.eu;worker-src blob: 1
frame-ancestors 'self' *.excelsior.com.mx *.jediteam.mx *.imagendigital.com securepubads.g.doubleclick.net *.doubleclick.net *.melodijolola.com *.salud180.com 1
default-src 'self' ; connect-src * blob:; font-src 'self'  data:; frame-src blob: squadus://* *; frame-ancestors https://meet.stageoffice.ru; img-src * blob: data:; media-src * data:; script-src 'self' 'unsafe-eval' ; style-src 'self' 'unsafe-inline' 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/; connect-src 'self' https://buergerservice.ionas.de/ https://dfs.containers.piwik.pro/ https://dfs.piwik.pro; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://dfs.containers.piwik.pro/ https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de; img-src 'self' data: https://dfs.de https://dfs.piwik.pro; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://dfs.containers.piwik.pro/ https://dfs.piwik.pro; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
frame-ancestors *.villarecruit.com *.pya.org *.crewunlimited.com; 1
frame-ancestors 'self' https://*.cosmote.gr https://*.ote.gr https://*.11888.gr https://*.giaola.gr https://joiningdots.co https://*.helppost.gr https://*.irafina.gr https://*.notia.gr 1
default-src 'none'; img-src 'self' https: data:; style-src 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; script-src https://static.cloudflareinsights.com 1
base-uri 'self'; default-src 'self' https://cdn.plaid.com/; script-src 'self' 'unsafe-eval' https://card-api.us.payments.afterpay.com https://portalapi.us.afterpay.com https://merchantportalapi.us.afterpay.com https://posapi.us.afterpay.com https://api.us.payments.afterpay.com https://*.adsrvr.org https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://maps.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.fbot.me https://*.pointmediatracker.com https://*.bidr.io https://cdn.plaid.com/link/v2/stable/link-initialize.js https://*.onetrust.com https://hbiq.net 'nonce-PPAjsdRsCmdup5UwtyLkdg==' 'nonce-APAjsdRsCmdup5UwtyLkdg==' cdn.cookielaw.org tag.rmp.rakuten.com https://*.zdassets.com 'sha256-vmJ7W12IlLYloAaCUycQnW2PNlBm1VhBCyv9LDCDAtY=' https://js.stripe.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css; img-src 'self' data: https: https://*.adsrvr.org https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net https://ad.doubleclick.net https://www.google.com https://www.google.com.au https://adservice.google.com https://googleads.g.doubleclick.net https://www.facebook.com https://*.pointmediatracker.com https://*.bidr.io https://*.onetrust.com data: https://*.afterpay.com https://8780545.fls.doubleclick.net https://*.linksynergy.com; connect-src 'self' https://card-api.us.payments.afterpay.com https://portalapi.us.afterpay.com https://merchantportalapi.us.afterpay.com https://posapi.us.afterpay.com https://api.us.payments.afterpay.com https://*.launchdarkly.com https://www.google-analytics.com https://sentry.io https://api.amplitude.com https://*.fbot.me https://*.pointmediatracker.com https://*.bidr.io https://*.afterpay.com https://sandbox.plaid.com/link/heartbeat https://*.onetrust.com https://stats.g.doubleclick.net https://*.zdassets.com https://*.zendesk.com; frame-src 'self' https://card-api.us.payments.afterpay.com https://portalapi.us.afterpay.com https://merchantportalapi.us.afterpay.com https://posapi.us.afterpay.com https://api.us.payments.afterpay.com https://*.fbot.me https://insight.adsrvr.org https://rsx.afterpay.com https://8780545.fls.doubleclick.net https://cdn.plaid.com/ https://*.onetrust.com https://js.stripe.com https://hooks.stripe.com https://stripe.com https://test-payments-threeds.afterpaytouch.dev https://prod-payments-threeds.afterpay.com https://bid.g.doubleclick.net; 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.do/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  blob: https://use.typekit.net data: https://www.googletagmanager.com https://*.adobe.com https://*.rolex.com https://bing.com https://*.bing.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://www.googleadservices.com  https://ajax.googleapis.com https://p.typekit.net https://*.approachguides.co https://approachguides.co https://*.approachguides.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://open.spotify.com  https://explorajourneys-b2b.oktapreview.com https://explorajourneys-b2c.oktapreview.com https://explorajourneystest-b2c.okta.com https://explorajourneystest-b2b.okta.com https://explorajourneys-b2b.okta.com https://explorajourneys-b2c.okta.com https://global.oktacdn.com https://*.instagram.com https://*.cdninstagram.com  https://*.explorajourneys.com https://explorajourneys.com https://maps.googleapis.com  https://assets.calendly.com https://calendly.com https://*.youtube.com https://*.google.com https://*.google.it https://*.google.fr https://*.google.de https://*.google.ch https://*.teads.tv https://maps.gstatic.com https://www.gstatic.com https://sdk.privacy-center.org https://snap.licdn.com https://*.facebook.net https://*.facebook.com https://*.linkedin.com https://api.privacy-center.org https://*.oribi.io https://*.exp360.com https://*.zencdn.net https://*.imgix.net https://*.day.com  https://*.jsdelivr.net https://*.fliphtml5.com https://fliphtml5.com https://*.acsbapp.com https://acsbapp.com https://adyen.com https://*.adyen.com; frame-ancestors 'self' https://*.explorajourneys.com https://explorajourneys.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.recaptcha.net https://plugin.monotote.com https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com https://www.shoplooks.com https://s1.thcdn.com https://www.awin1.com https://www.pinterest.com https://www.pinterest.co.uk https://d2d7do8qaecbru.cloudfront.net blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://*.abtasty.com https://tr6.snapchat.com https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ct.pinterest.com wss://lo.msg.liveperson.net https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://analytics.tiktok.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://smct.io https://*.smct.io https://*.abtasty.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://d7c4jjeuqag9w.cloudfront.net blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://www.glossybox.co.uk https://m.glossybox.co.uk https://checkout.glossybox.co.uk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://seal.digicert.com https://static.ads-twitter.com https://analytics.twitter.com https://plugin.monotote.com https://*.recaptcha.net https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.tribalfusion.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://s.pinimg.com https://s.tribalfusion.com https://a.tribalfusion.com https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io blob: https://*.abtasty.com https://tr.snapchat.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://www.shoplooks.com https://static.shoplooks.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://fonts.smct.io https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com cscglobal-marketing-website-chatbot-app-service.azurewebsites.net wss://directline.botframework.com directline.botframework.com *.botframework.com *.oribi.io *.hubspot.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.onetrust.com *.zscalertwo.net px.ads.linkedin.com *.optimizely.com; script-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.botframework.com webchat.botframework.com; worker-src mydev.cscglobal.com blob:; script-src-elem 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.botframework.com webchat.botframework.com *.licdn.com *.facebook.net *.youtube.com *.googlesyndication.com *.cookielaw.org *.zscalertwo.net *.googleoptimize.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hubspot.com *.optimizely.com 'unsafe-inline'; style-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com *.marketo.com go.corptax.com corptax.cld.bz 'unsafe-inline'; img-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.hsforms.com *.linkedin.com *.facebook.com *.doubleclick.net *.cookielaw.org *.crazyegg.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com d.adroll.mgr.consensu.org x.bidswitch.net dsum-sec.casalemedia.com idsync.rlcdn.com sync.outbrain.com pixel.rubiconproject.com *.pubmatic.com *.taboola.com eb2.3lift.com ib.adnxs.com *.yahoo.com us-u.openx.net segments.company-target.com *.hubspot.com; font-src 'self' cscmarketing-cscglobal-test.azurewebsites.net cscmarketing-cscglobal-prod-container.azurewebsites.net *.cscglobal.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.facebook.com *.verse.com *.hsforms.com *.doubleclick.net *.googlesyndication.com *.wistia.net *.wistia.com *.marketo.com go.corptax.com corptax.cld.bz *.adroll.com; object-src 'none' 1
object-src 'none'; report-uri https://www.mintz.com/report-uri/enforce 1
script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
script-src *.bigcommerce.com *.dynatrace.com *.azurewebsites.net cdn.jsdelivr.net cdnjs.cloudflare.com *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.attn.tv *.adobe.com *.crazyegg.com *.jquery.com *.doubleclick.net *.fonts.net *.googleadservices.com *.googletagmanager.com *.gorgias.chat *.xg4ken.com *.klaviyo.com *.lytics.io *.mathtag.com *.moatads.com *.cookielaw.org *.pinimg.com *.segment.com *.serving-sys.com *.sc-static.net *.tapad.com *.adsrvr.org *.tiktok.com *.afterpay.com *.bazaarvoice.com *.youtube.com *.adnxs.com *.rubiconproject.com *.yahoo.com *.bidswitch.net *.casalemedia.com *.pubmatic.com *.googleadservices.com *.braintreegateway.com *.sandbox.braintree-api.com *.gstatic.com *.cloudfront.net *.segment.com *.pgsitecore.com *.pghub.io *.online-metrix.net *.amazonaws.com *.moatads.com *.paypalobjects.com *.paypal.com *.yotpo.com *.rechargeadapter.com *.highdegree.io *.getshogun.com *.myshlf.us *.postie.com sc-static.net *.snapchat.com *.iesnare.com *.payments-amazon.com *.kaptcha.com tr.snapchat.com *.addrexx10.com *.pg.com pghub.io https://tr.snapchat.com *.tp88trk.com *.sensor.highdegree.io *.mczbf.com *.reddit.com *.pinterest.com *.redditstatic.com 'self' 'unsafe-eval' 'unsafe-inline' blob: ; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self' www.lba.de www2.lba.de; script-src 'self' *.res.bund.de 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
frame-ancestors 'self' www.alloprof.qc.ca 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: wss:; frame-ancestors 'self'; report-uri /report-csp-violation 1
default-src 'self'; font-src 'self' data: https://use.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.hiqcloud.net https://www.youtube.com https://dl.episerver.net https://ajax.googleapis.com https://connect.facebook.net https://use.typekit.net https://siteimproveanalytics.com https://script.e-space.se https://files.imbox.io https://apiv2.imbox.io https://*.rekai.se https://*.rek.ai https://www.riddle.com https://cdn.unibuddy.com https://script.extellio.com https://cdnjs.cloudflare.com; frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://*.imbox.io https://api.screen9.com https://api.kaltura.nordu.net https://dchsou11xk84p.cloudfront.net https://anchor.fm https://*.soundcloud.com https://share.transistor.fm https://mau.app.box.com https://www.podbean.com https://www.riddle.com https://unibuddy.co https://popcard.unibuddy.co https://podcasters.spotify.com https://app.powerbi.com https://survey.extellio.com https://survey.e-space.se https://embed.ur.se; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://*.typekit.net https://www.riddle.com; img-src 'self' data: https://*.hiqcloud.net https://www.facebook.com https://*.bing.com https://*.pinterest.com https://*.google.com https://*.google.se https://*.mau.se https://mau.se https://static.mediaflowpro.com https://*.typekit.net https://*.siteimproveanalytics.io https://*.amazonaws.com blob:; connect-src 'self' data: https://*.rekai.se https://*.rek.ai blob:; worker-src blob:; child-src blob:; object-src 'self'; 1
default-src blob: 'self' region1.google-analytics.com region1.analytics.google.com *.analytics.google.com *.google-analytics.com analytics.google.com www.google-analytics.com www.youtube.com https://*.googleapis.com https://stats.g.doubleclick.net; child-src blob: 'self' https://www.facebook.com/ www.youtube.com player.vimeo.com www.google.com https://*.googleapis.com;       script-src http://localhost:* 'self' 'unsafe-inline' 'unsafe-eval'  https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/gsap/ *.clarity.ms *.trustpilot.com connect.facebook.net dash.serviceform.com https://googleads.g.doubleclick.net/pagead/ https://www.googleadservices.com/pagead/ privatelease.services-int.athlon.com occasions.services-int.athlon.com privatelease.services.athlon.com occasions.services.athlon.com s.ytimg.com region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com www.perplex.nl ajax.aspnetcdn.com player.vimeo.com www.googletagmanager.com *.en25.com https://*.googleapis.com https://secure.half1hell.com https://snap.licdn.com *.piwik.pro open.spotify.com embed-cdn.spotifycdn.com;       style-src http://localhost:* 'self' 'unsafe-inline' fonts.googleapis.com occasions.services-int.athlon.com privatelease.services-int.athlon.com occasions.services.athlon.com privatelease.services.athlon.com https://www.googletagmanager.com/;  img-src 'self' http://localhost:* data: *.bing.com *.clarity.ms https://lt45.net/ https://www.lt45.net/t/ *.google.com *.linkedin.com https://www.linkedin.com/ https://www.athloncarlease.com/ https://www.google.com/ads/ https://www.google.nl/ads/ https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/ https://px4.ads.linkedin.com/ https://www.googletagmanager.com/ https://www.google.com/pagead services.perplex.eu region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com *.athlon.com *.athlon.nl *.imagin.studio www.perplex.nl *.eloqua.com http://tracking.athlon.com https://px.ads.linkedin.com https://www.google.com/ads https://rental.athlon.com https://acc-rentalathloncom.perplex.eu https://*.googleapis.com https://*.gstatic.com https://*.perplex.eu https://www.google.de/ads/ https://www.google.es/ads/ https://www.google.es/ads/ga-audiences https://www.google.es/pagead/1p-user-list/ https://www.google.nl/pagead/1p-user-list/ https://www.google.de/pagead/1p-user-list/ https://www.google.fr/pagead/1p-user-list/ https://www.google.it/pagead/1p-user-list/ https://www.google.pt/pagead/1p-user-list/ https://www.google.be/pagead/1p-user-list/ https://www.google.uk/pagead/1p-user-list/ https://www.google.pl/pagead/1p-user-list/ https://www.google.lu/pagead/1p-user-list/ https://www.google.se/pagead/1p-user-list/ p.adsymptotic.com ad.doubleclick.net;       connect-src ws://localhost:* 'self' *.clarity.ms *.doubleclick.net https://*.googleapis.com https://gsp10-ssl.ls.apple.com *.serviceform.com *.athlon.com privatelease.services.athlon.com privatelease.services-int.athlon.com occasions.services-int.athlon.com occasions.services.athlon.com *.google.com region1.google-analytics.com region1.analytics.google.com *.analytics.google.com analytics.google.com www.google-analytics.com www.athlon.nl www.athloncarlease.com *.oribi.io *.piwik.pro *.googlesyndication.com *.linkedin.com;       font-src 'self' http://localhost:* data: fonts.gstatic.com *.amazonaws.com; form-action 'self' https://www.facebook.com/tr/ secure.ogone.com;       frame-src *.trustpilot.com *.doubleclick.net https://www.facebook.com/ *.perplex.eu *.athlon.com https://www.google.com/ https://www.youtube.com/ https://player.vimeo.com/ open.spotify.com https://athlon-production.discover.chargetrip.com/; frame-ancestors *.perplex.eu *.athlon.com; 1
default-src 'none'; child-src https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com http://www.facebook.com www.facebook.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://www.google.com https://www.google.co.uk https://stage-tmp-search.clients.uk.funnelback.com http://stage-tmp-search.clients.uk.funnelback.com stage-tmp-search.clients.uk.funnelback.com https://search.sainsburys.jobs http://search.sainsburys.jobs search.sainsburys.jobs https://stats.g.doubleclick.net http://stats.g.doubleclick.net stats.g.doubleclick.net https://yoast.com http://yoast.com yoast.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.onetrust.com http://*.onetrust.com *.onetrust.com 'unsafe-inline'; font-src 'self' https://use.typekit.net http://use.typekit.net use.typekit.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' data: https:; frame-ancestors 'none'; frame-src https://player.vimeo.com http://player.vimeo.com player.vimeo.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com http://www.facebook.com www.facebook.com https://td.doubleclick.net; img-src 'self' https://s3-eu-west-2.amazonaws.com http://s3-eu-west-2.amazonaws.com s3-eu-west-2.amazonaws.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.uk data: https:; object-src 'none'; script-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://www.googletagmanager.com http://www.googletagmanager.com www.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://stage-tmp-search.clients.uk.funnelback.com http://stage-tmp-search.clients.uk.funnelback.com stage-tmp-search.clients.uk.funnelback.com https://search.sainsburys.jobs http://search.sainsburys.jobs search.sainsburys.jobs https://maps.googleapis.com http://maps.googleapis.com maps.googleapis.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://sjs.bizographics.com http://sjs.bizographics.com sjs.bizographics.com https://*.onetrust.com http://*.onetrust.com *.onetrust.com https://snap.licdn.com http://snap.licdn.com snap.licdn.com https://connect.facebook.net http://connect.facebook.net connect.facebook.net https://code.jquery.com http://code.jquery.com code.jquery.com 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' https://f.vimeocdn.com http://f.vimeocdn.com f.vimeocdn.com https://use.typekit.net http://use.typekit.net use.typekit.net https://p.typekit.net http://p.typekit.net p.typekit.net 'unsafe-inline'; worker-src 'self' https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com fast.fonts.net siteimproveanalytics.com snap.licdn.com *.googleapis.com *.cloudfront.net ipmeta.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com fast.fonts.net p.typekit.net use.typekit.net; font-src 'self' data: fast.fonts.net fonts.googleapis.com fonts.gstatic.com use.typekit.net; img-src 'self' data: www.faegrebd.com *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com *.linkedin.com *.doubleclick.net fast.fonts.net; frame-src 'self' *.google.com cdn.yoshki.com cdn.knightlab.com faegredrinker.mediasite.com html5-player.libsyn.com player.pbs.org legaltalknetwork.com sho.co *.youtube.com *.vimeo.com podcast-stream.wbez.org *.embedly.com; connect-src 'self' *.google-analytics.com analytics.google.com px.ads.linkedin.com fast.fonts.net *.doubleclick.net cdn.linkedin.oribi.io ipmeta.io; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.perfectaudience.com *.typekit.net *.smushcdn.com https://us-u.openx.net *.yahoo.com *.addthis.com *.twitter.com *.rlcdn.com *.clickagy.com https://tags.clickagy.com *.google.com *.cloudflare.com *.googleapis.com *.gstatic.com data: *.marketingautomation.services https://ws.zoominfo.com https://secure.gravatar.com https://aorta.clickagy.com https://tag.perfectaudience.com/ https://pixel-geo.prfct.co/ https://secure.adnxs.com/ https://rsms.me/ https://boards-api.greenhouse.io https://w.soundcloud.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net https://pixel.prfct.co/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.green; img-src 'self' https: data: blob: https://mastodon.green; style-src 'self' https://mastodon.green 'nonce-TahP82xTqfm5bhn2LisiFA=='; media-src 'self' https: data: https://mastodon.green; frame-src 'self' https:; manifest-src 'self' https://mastodon.green; form-action 'self'; child-src 'self' blob: https://mastodon.green; worker-src 'self' blob: https://mastodon.green; connect-src 'self' data: blob: https://mastodon.green https://files.mastodon.green wss://mastodon.green; script-src 'self' https://mastodon.green 'wasm-unsafe-eval' 1
default-src 'none';  script-src 'self' 'unsafe-eval' https://ajax.googleapis.com https://static.hotjar.com https://script.hotjar.com https://static.zdassets.com https://cdn.heapanalytics.com;  font-src 'self' https://fonts.gstatic.com;  connect-src 'self' ws: wss: https://bbm-user-data-stag.s3.amazonaws.com https://bbm-user-data-prod.s3.amazonaws.com https://testvets.eu.auth0.com https://cognito-identity.eu-west-1.amazonaws.com https://in.hotjar.com https://metrics.hotjar.io https://vc.hotjar.io https://content.hotjar.io https://csmetrics.hotjar.com  https://o23349.ingest.sentry.io https://ekr.zdassets.com  https://vetportal.zendesk.com https://zendesk-eu.my.sentry.io/ https://graphql.manyvets.com https://graphql.testvets.xyz https://*.launchdarkly.com https://claim.eu-test.policies.io https://*.appsync-api.eu-west-1.amazonaws.com https://*.execute-api.eu-west-1.amazonaws.com https://manyvetsupload185509-prod.s3.eu-west-1.amazonaws.com https://manyvetsupload151026-stag.s3.eu-west-1.amazonaws.com https://heapanalytics.com https://*.algolia.net https://*.algolianet.com;  img-src 'self' data: https://heapanalytics.com  https://secure.gravatar.com https://s.gravatar.com https://*.wp.com;  style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/;  frame-src  https://testvets.eu.auth0.com https://vars.hotjar.com;  frame-ancestors 'self'; form-action 'self';  report-uri https://o23349.ingest.sentry.io/api/6235110/security/?sentry_key=55f6f4fcd87a4cbc9fbcc2ebea4b91e0&sentry_environment=production; 1
base-uri 'self'; default-src 'self' https://account.evidos.com/; connect-src 'self' wss://portal-staging.signhost.com/ https://tattle.api.osano.com/ https://*.intercom.io/ wss://*.intercom.io/ https://uploads.intercomcdn.com/ https://uploads.intercomusercontent.com/ https://px.ads.linkedin.com/ https://hooks.zapier.com/; script-src 'self' https://account.evidos.com/ https://cmp.osano.com/  https://www.googletagmanager.com/ https://cdn.jsdelivr.net/ https://d3js.org/ https://*.intercom.io/ https://js.intercomcdn.com/ https://snap.licdn.com/ https://www.google.com/; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/ https://*.intercomcdn.com/; media-src 'self' https://js.intercomcdn.com/; img-src 'self' data: https://*.intercomcdn.com/ https://static.intercomassets.com/ https://uploads.intercomusercontent.com/ https://messenger-apps.intercom.io/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.nl/; frame-ancestors 'self'; form-action 'self' https://account.evidos.com/; 1
default-src data: blob: *;script-src blob: data: 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.fbcdn.net;style-src data: blob: 'unsafe-inline' *;connect-src blob: data: 'self' *.facebook.com *.fbcdn.net *.facebook.net *.metaenterprise.com wss://*.facebook.com:* wss://*.facebookenterprise.com:* wss://*.metaenterprise.com:* wss://edge-chat.facebook.com gateway.metaenterprise.com gateway.facebookenterprise.com rupload.metaenterprise.com rupload.facebookenterprise.com;block-all-mixed-content;upgrade-insecure-requests; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com *.lytics.io js.jebbit.com blob: feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org script.crazyegg.com js.jebbit.com js.adsrvr.org connect.facebook.net z.moatads.com cdn.segment.com pghub.io www.youtube.com *.lytics.io *.bazaarvoice.com *.pricespider.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' insight.adsrvr.org *.doubleclick.net feed.pghub.io www.facebook.com consumersupport.pg.com pgnagain.jebbit.com jebbit.ilovegain.com www.youtube.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.google-analytics.com www.googletagmanager.com pixel.tapad.com *.doubleclick.net www.facebook.com *.lytics.io *.akamaihd.net *.moatads.com *.pricespider.com *.bazaarvoice.com i.ytimg.com cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.cookielaw.org *.jebbit.com *.doubleclick.net *.crazyegg.com *.adsrvr.org *.segment.com *.segment.io *.bazaarvoice.com *.pricespider.com *.mapbox.com geolocation-db.com *.algolia.net *.algolianet.com wss: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'none';manifest-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.g.doubleclick.net *.facebook.net *.googleadservices.com *.imedia.cz *.leady.com *.googleapis.com *.google.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.hotjar.com *.gstatic.com *.cookielaw.org *.seznam.cz *.bing.com;img-src * data:;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com;font-src 'self' *.gstatic.com;object-src 'none';connect-src 'self' *.leady.com *.g.doubleclick.net *.google-analytics.com *.cookielaw.org *.onetrust.com *.googlesyndication.com *.google.com *.googleapis.com; media-src 'self'; frame-src *.google.com; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://*.google-analytics.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://*.jquery.com https://*.cloudflare.com https://*.bootstrapcdn.com https://*.fontawesome.com https://chat.ine.cl http://10.91.163.220:3000 http://10.91.160.58 http://10.91.160.58:8055 https://cdn.amcharts.com https://api.ine.gob.cl https://api.ine.gob.cl:4401 https://ve-ine.ine.cl/ *.ine.cl https://ban-api.ine.gob.cl:20002 https://apis.ine.gob.cl:9041 https://www.googletagmanager.com *.queue-it.net *.queue-it.net/script/queueclient.min.js *.queue-it.net/script/queueconfigloader.min.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://*.bootstrapcdn.com https://*.fontawesome.com https://chat.ine.cl https://*.google-analytics.com http://10.91.160.58 http://10.91.160.58:8055 http://10.91.163.220:3000 https://cdn.amcharts.com https://api.ine.gob.cl https://api.ine.gob.cl:4401 https://ve-ine.ine.cl/ *.ine.cl https://ban-api.ine.gob.cl:20002 https://apis.ine.gob.cl:9041 *.queue-it.net *.queue-it.net/script/queueclient.min.js *.queue-it.net/script/queueconfigloader.min.js; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com *.bootstrapcdn.com *.fontawesome.com netdna.bootstrapcdn.com *.ine.cl data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.fontawesome.com data: blob: *.eloqua.com track.hubspot.com https://chat.ine.cl *.ine.cl *.queue-it.net *.queue-it.net/script/queueclient.min.js *.queue-it.net/script/queueconfigloader.min.js; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://pruebas-seg.ine.gob.cl/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.jquery.com https://*.cloudflare.com https://*.bootstrapcdn.com https://chat.ine.cl https://*.google-analytics.com http://10.91.160.58:8055 http://10.91.163.220 http://10.91.163.220:3000 https://cdn.amcharts.com https://api.ine.gob.cl https://api.ine.gob.cl:4401 https://ve-ine.ine.cl/ *.ine.cl https://ban-api.ine.gob.cl:20002 https://apis.ine.gob.cl:9041 *.queue-it.net *.queue-it.net/script/queueclient.min.js *.queue-it.net/script/queueconfigloader.min.js; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://*.google-analytics.com *.doubleclick.net http://10.91.160.58:8055 http://10.91.163.220:3000 https://cdn.amcharts.com https://api.ine.gob.cl https://api.ine.gob.cl:4401 https://ve-ine.ine.cl/ *.ine.cl https://ban-api.ine.gob.cl:20002 https://apis.ine.gob.cl:9041 *.queue-it.net *.queue-it.net/script/queueclient.min.js *.queue-it.net/script/queueconfigloader.min.js; 1
upgrade-insecure-requests ; default-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; connect-src 'self' https: ; style-src 'self' 'unsafe-inline' https: ; img-src 'self' https: data: blob: ; media-src 'self' https: blob: mediastream: ; font-src 'self' https: ; object-src 'none' ; manifest-src 'self' ; frame-src 'self' https: ; child-src 'self' https: blob: ; worker-src 'self' https: blob: ; report-uri https://api.weer.nl/v1/csp/reports ; frame-ancestors 'none' 1
default-src 'self' *.letsgo.golf *.azurewebsites.net *.windows.net           *.supremegolf.com *.amazonaws.com *.google.com *.googleapis.com           bid.g.doubleclick.net www.facebook.com app.trustlock.co *.spreedly.com           *.hsforms.com blob:; script-src * 'unsafe-inline' blob:; connect-src           *; img-src * data: blob: 'unsafe-inline'; font-src * data: blob:           'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' *.genekeys.ro viataconstienta.ro genekeys-bulgaria.com genekeys.ru *.genoveklice.cz genekeys.pl genkulcsok.hu *.genekeys.nl *.genekeysnederland.nl 1
frame-ancestors 'self' https://www.sfopera.com/ 1
worker-src "none" 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' data: *.payu.in https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * 'self' data: *.payu.in *.flydubai.com *.myshopify.com https://plumrocket.com https://accounts.google.com api.razorpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com *.adobedtm.com *.omtrdc.net *.adobe.net *.magentocommerce.com *.doubleclick.net *.google.co.in *.typekit.net *.paypal.com *.ytimg.com *.swagger.io *.whiteteak.com *.bidswitch.net *.pingdom.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.criteo.com *.yahoo.net *.smartadserver.com *.rubiconproject.com *.media.net *.aralego.net *.dmxleo.com *.razorpay.com *.licdn.com *.fontawesome.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.bolt.com *.commerce-quick-checkout.com *.addthis.com *.vimeo.com *.braintreegateway.com *.stickyadstv.com *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.yahoo.com *.facebook.com *.aralego.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com https://img.youtube.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.fontawesome.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.addthis.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.net *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.net *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.yahoo.com *.facebook.com *.aralego.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com s7.addthis.com player.vimeo.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.payu.in https://accounts.google.com https://www.gstatic.com checkout.razorpay.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com unsafe-inline assets.braintreegateway.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.googleapis.com *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.sentry.io *.sentry-cdn.com *.newrelic.com *.nr-data.net *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.snplow.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com cdn.ampproject.org *.googleapis.com *.whiteteak.com *.licdn.com *.pingdom.net *.criteo.com *.adobe.net *.fontawesome.com *.adobedtm.com *.cardinalcommerce.com *.ccdc02.com *.magento-datasolutions.com *.magento-ds.com *.vimeocdn.com *.youtube.com *.commerce-quick-checkout.com *.gstatic.com *.addthis.com *.vimeo.com *.paypal.com *.google.co.in *.braintreegateway.com *.everesttech.net *.typekit.net *.demdex.net *.ytimg.com *.swagger.io *.ftcdn.net *.behance.net *.magentocommerce.com *.doubleclick.net *.bidswitch.net *.yieldmo.com *.adnxs.com *.clmbtech.com *.smaato.net *.pubmatic.com *.taboola.com *.teads.tv *.3lift.com *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.360yield.com *.rlcdn.com *.bing.com *.outbrain.com *.yahoo.com *.smartadserver.com *.rubiconproject.com *.media.net *.stickyadstv.com *.aralego.com *.dmxleo.com *.omtrdc.net *.adobedc.net *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.magedevteam.com *.linkedin.com *.braintree-api.com *.magento.com *.ampproject.org *.avada.io *.zdassets.com *.geojs.io *.razorpay.com *.paytm.in *.yellowmessenger.com *.facebook.net *.netcoresmartech.com *.bunny.net *.bidr.io *.paypalobjects.com *.yellow.ai *.facebook.com wss://r0.cloud.yellow.ai/websocket/ wss://cloud.yellow.ai/websocket/ *.linkedin.com/ wss://securegw.paytm.in/websocket/ *.cdninstagram.com ekr.zdassets.com/ https://get.geojs.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.google.com google.com *.payu.in https://accounts.google.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://pghub.io/ https://code.jquery.com/ https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://www.google-analytics.com/; img-src 'self' data: https://pixel.tapad.com/ https://www.google-analytics.com/ https://*.pg-tradenet.de/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/; frame-src 'self' https://pandg.tapad.com/; frame-ancestors 'self' https://*.pg-tradenet.de;connect-src 'self' https://*.onetrust.io/ https://cdn.cookielaw.org/ https://*.pg-tradenet.de/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/; object-src 'none' 1
frame-ancestors 'self' thenationalcampaign.org aelp.smartsparrow.com 1
default-src 'self' *.interiorhealth.ca; script-src 'self' 'unsafe-inline' *.interiorhealth.ca maps.googleapis.com js-agent.newrelic.com static.addtoany.com bam.nr-data.net www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; object-src 'self' *.interiorhealth.ca; style-src 'self'  'unsafe-inline' *.interiorhealth.ca  fonts.googleapis.com cdn.jsdelivr.net static.dialogflow.com unpkg.com; img-src 'self' *.interiorhealth.ca data: maps.googleapis.com maps.gstatic.com *.cdninstagram.com www.google-analytics.com; media-src 'self' *.interiorhealth.ca; frame-src 'self' *.interiorhealth.ca static.addtoany.com *.youtube.com www.google.com; frame-ancestors 'self' *.interiorhealth.ca; font-src 'self' *.interiorhealth.ca fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.interiorhealth.ca maps.googleapis.com bam.nr-data.net www.google-analytics.com stats.g.doubleclick.net dialogflow.cloud.google.com 1
default-src 'none'; script-src-elem 'self' 'nonce-743444ce-481f-47d2-af41dde9596657b1' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com tagmanager.google.com www.google.com snap.licdn.com *.evgnet.com 'unsafe-eval' 'unsafe-inline' *.evergage.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-mci9FRjRn34gzdmf2PjWF2dtHlzIKOupZDY7/ALscz0='; script-src 'self' 'nonce-743444ce-481f-47d2-af41dde9596657b1' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.googleadservices.com googleads.g.doubleclick.net www.gstatic.com *.googletagmanager.com tagmanager.google.com www.google.com snap.licdn.com *.algolia.net *.evgnet.com 'unsafe-eval' 'unsafe-inline' *.evergage.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-mci9FRjRn34gzdmf2PjWF2dtHlzIKOupZDY7/ALscz0='; connect-src 'self' vialtopartners.com *.vialtopartners.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com ajax.googleapis.com cdn.yoshki.com *.google-analytics.com ajax.googleapis.com www.gstatic.com *.googletagmanager.com tagmanager.google.com *.analytics.google.com *.google.com *.oribi.io *.g.doubleclick.net *.algolia.net *.evgnet.com *.evergage.com *.ads.linkedin.com vialtopartners.us-7.evergage.com https://vialto.wpengine.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com cdn.cookielaw.org cookie-cdn.cookiepro.com privacyportal.onetrust.com geolocation.onetrust.com https://vialto.wpengine.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.vialtopartners.com https://vialto.wpengine.com; img-src 'self' *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.google.com cdn.cookielaw.org *.ads.linkedin.com *.adsymptotic.com *.windows.net *.vialtopartners.com *.linkedin.com https: data: *.evergage.com 'unsafe-eval' 'unsafe-inline' *.evergage.com https://vialto.wpengine.com; media-src 'self' *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com cdn.cookielaw.org *.ads.linkedin.com *.adsymptotic.com *.windows.net *.vialtopartners.com *.youtube.com *.vimeo.com https://vialto.wpengine.com; frame-src 'self' cdn.yoshki.com *.doubleclick.net *.google.com *.podbean.com *.vimeo.com https://vialto.wpengine.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: staticcdn.co.nz www.youtube.com *.vimeo.com *.captivate.fm *.google-analytics.com *.googletagmanager.com www.google.com www.gstatic.com *.googleapis.com; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.googleapis.com; img-src 'self' data: staticcdn.co.nz shielded.co.nz i.ytimg.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; frame-src 'self' staticcdn.co.nz www.youtube.com *.vimeo.com *.captivate.fm *.spotify.com www.google.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; 1
report-uri https://extra.cw 1
default-src 'self' data: https://uoflhealth.org https://*.typekit.net/ https://fonts.gstatic.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.jsdelivr.net/ https://www.mealpro.net/ https://browser.sentry-cdn.com/ https://player.vimeo.com/ https://*.googletagmanager.com/ https://www.google-analytics.com/ https://snap.licdn.com/ https://script.crazyegg.com/ https://www.google.com/ https://*.tvsquared.com/ https://connect.facebook.net/ https://up.pixel.ad/ https://tags.w55c.net/ https://jelly.mdhv.io/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://maps.googleapis.com/ https://www.gstatic.com/ https://www.instagram.com/ https://*.hotjar.com/; connect-src 'self' https://*.scriptpro.com/ https://px.ads.linkedin.com/wa/ https://jelly-v6.mdhv.io/ https://jelly.mdhv.io/ https://www.mealpro.net/ https://ipapi.co/ https://*.yoast.com/ https://*.typekit.net/ https://vimeo.com/ https://script.crazyegg.com/ https://www.google-analytics.com/ https://www.facebook.com/ https://sentry.io/api/ https://maps.googleapis.com/ https://www.gstatic.com/ https://pagestates-tracking.crazyegg.com/ https://assets-tracking.crazyegg.com/ https://tracking.crazyegg.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://*.hotjar.com/ https://*.hotjar.io wss://*.hotjar.com; img-src 'self' data: https://embed-ssl.wistia.com/ https://www.mealpro.net/ https://qr-code.ithemes.com/ https://uoflhealth.org https://secure.gravatar.com/ https://tags.w55c.net/ https://jelly.mdhv.io/ https://www.google-analytics.com/ https://www.facebook.com/ https://px.ads.linkedin.com/ https://pixel.tapad.com/ https://match.sharethrough.com/ https://collector-16691.us.tvsquared.com/ https://www.linkedin.com/ https://pixel.sitescout.com/ https://contextual.media.net/ https://px4.ads.linkedin.com/ https://match.adsrvr.org/ https://www.google.com/ https://p.adsymptotic.com/ https://ad.sxp.smartclip.net/ https://px.britepool.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://i.vimeocdn.com/ https://ps.w.org/ https://www.googletagmanager.com https://cdn.hub.visualcomposer.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://jelly-v6.mdhv.io/ https://*.hotjar.com/ https://collector-22595.us.tvsquared.com/; style-src 'self' 'unsafe-inline' https://www.mealpro.net/ https://*.typekit.net/ https://fonts.googleapis.com/ https://sync.1rx.io/ https://bh.contextweb.com/ https://*.hotjar.com/; frame-src 'self' https://www.cdc.gov/ https://www.mealpro.net/ https://*.ket.org/ https://ket.org/ https://ondemand.viewmedica.com/ https://widget.spreaker.com/ https://www.youtube-nocookie.com/ https://www.whas11.com/ https://www.youtube.com/ https://www.facebook.com/ https://pixel.sitescout.com/ https://player.vimeo.com/ https://bid.g.doubleclick.net/ https://www.google.com/ https://embed.sounder.fm/ https://vimeo.com/ https://mychart.uoflhealth.org/ https://docs.google.com/ https://www.practicematch.com/ https://www.ket.org/ https://peace-podcast.sounder.fm/ https://maps.google.com/ https://www.instagram.com/ https://player.pbs.org/ https://*.hotjar.com/ https://*.google.com; 1
default-src 'self';img-src 'self' data: https://blog.cfbenchmarks.com https://static.ghost.org https://images.unsplash.com https://cm.g.doubleclick.net https://sync.crwdcntrl.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://forms.hsforms.com https://track.hubspot.com https://px.ads.linkedin.com https://www.linkedin.com https://aorta.clickagy.com https://pixel-sync.sitescout.com https://aa.agkn.com https://d.agkn.com https://idsync.rlcdn.com https://us-u.openx.net;media-src 'self' https://content-cfbenchmarks.s3.amazonaws.com;style-src 'self' 'unsafe-inline';script-src 'self' www.youtube.com https://ws.zoominfo.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com http://js.hs-scripts.com https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://snap.licdn.com https://tags.clickagy.com 'sha256-QwSiu6zsgPogzpkG+RVdosZFMyiGt6UKJYNMgqPrrLw=' ;frame-src www.youtube.com *.vimeo.com https://www.google.com;frame-ancestors 'self';connect-src 'self' wss://cfbenchmarks.com wss://*.cfbenchmarks.com https://cfbenchmarks.com https://*.cfbenchmarks.com cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://forms.hubspot.com https://api.hubapi.com https://forms.hscollectedforms.net https://aorta.clickagy.com https://hemsync.clickagy.com 1
frame-ancestors https://*.myworldfix.com https://*.beesads.com https://*.gamebridge.games http://*.gamebridge.games 1
frame-ancestors 'self'  https://*.weeblycloud.com  https://*.sitelock.com  https://*.mojomarketplace.com  http://*.ipage.com  http://*.yourhostingaccount.com  https://*.ecwid.com  https://platform.cloud.coveo.com  https://search.cloud.coveo.com 1
default-src 'report-sample' 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri https://nibit.report-uri.com/r/t/csp/enforce; 1
default-src 'self'; frame-src 'self' *.youtube.com *.google.com *.vimeo.com; media-src 'self' *.youtube.com *.dropbox.com *.dropboxusercontent.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com; script-src-elem 'self' *.clarity.ms *.googletagmanager.com *.googleapis.com; connect-src 'self' *.clarity.ms *.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; 1
upgrade-insecure-requests; frame-ancestors 'none'; default-src 'self'; script-src 'nonce-402be6fa20' 'strict-dynamic' 'unsafe-inline' https: http:; object-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' www.google.com *.googleapis.com; img-src 'self' www.google.de www.google-analytics.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.doubleclick.net; media-src 'self'; frame-src 'self' www.google.com *.gstatic.com www.googletagmanager.com *.doubleclick.net consent-cdn.swmh.de; font-src 'self' *.gstatic.com www.google.com *.googleapis.com; connect-src 'self' www.google-analytics.com *.doubleclick.net consent-cdn.swmh.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com fonts.googleapis.com maps.gstatic.com maps.googleapis.com media.ziraatkatilim.com.tr zkustats.ziraatkatilim.com.tr images.tapu.com ziraatkatilim.intengo.com ziraatkatilim.propturk.com www.youtube.com youtube.com i.ytimg.com data: https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.min.js https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.min.js; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.community; img-src 'self' https: data: blob: https://toot.community; style-src 'self' https://toot.community 'nonce-Wys+vGW7AAxHkpHL4nPo7w=='; media-src 'self' https: data: https://toot.community; frame-src 'self' https:; manifest-src 'self' https://toot.community; form-action 'self'; child-src 'self' blob: https://toot.community; worker-src 'self' blob: https://toot.community; connect-src 'self' data: blob: https://toot.community https://static.toot.community wss://streaming.toot.community; script-src 'self' https://toot.community 'wasm-unsafe-eval' 1
default-src 'self' *.youtube.com *.ggpht.com *.googleapis.com *.tinymdm.net *.tinymdm.fr *.doubleclick.net *.cookiebot.com *.google-analytics.com *.googlesyndication.com *.google.com *.google.fr js.stripe.com accounts.google.com *.googleusercontent.com www.googletagmanager.com calendly.com *.calendly.com s.w.org content.app-us1.com ac-image.s3.amazonaws.com arsnovasystems.img-us3.com site-tinymdm.s3.eu-west-1.amazonaws.com maps.gstatic.com data: blob:;         script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tinymdm.net *.tinymdm.fr *.googlesyndication.com cdn.polyfill.io sdk.amazonaws.com *.googleapis.com trackcmp.net *.app-us1.com *.youtube.com *.google-analytics.com *.cookiebot.com www.googletagmanager.com apis.google.com www.google.com accounts.google.com *.stripe.com www.gstatic.com arsnovasystems.activehosted.com www.googleadservices.com https://assets.calendly.com/assets/external/widget.js;         font-src 'self' data: *.tinymdm.net *.tinymdm.fr stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com fonts.bunny.net cdnjs.cloudflare.com;         style-src 'self' 'unsafe-inline' *.tinymdm.net *.tinymdm.fr accounts.google.com stackpath.bootstrapcdn.com fonts.googleapis.com https://assets.calendly.com/assets/external/widget.css www.gstatic.com fonts.bunny.net cdnjs.cloudflare.com;         connect-src 'self' wss://*.amazonaws.com https://*.youtube.com https://*.google-analytics.com https://*.doubleclick.net https://*.amazonaws.com https://maps.googleapis.com https://*.googlesyndication.com https://*.cookiebot.com https://*.google.com 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.openlayers.org openlayers.org *.openstreetmap.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.etracker.com *.etracker.de api.signalize.com; object-src 'self'; media-src 'self' *.youtube.com *.vimeo.com *.streamfarm.net; frame-src *.youtube.com *.vimeo.com *.etracker.de; img-src 'self' data: *.youtube.com *.openlayers.org openlayers.org *.openstreetmap.org; frame-ancestors 'self'; connect-src 'self' *.etracker.de; 1
frame-ancestors 'self' uptimerobot.com; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/iframe_api https://s.ytimg.com/ https://www.youtube.com/s/player/ https://*.monitor.azure.com/scripts/b/ai.3.gbl.min.js https://*.cdn.applicationinsights.io/scripts/b/ai.3.gbl.min.js https://az416426.vo.msecnd.net/scripts/b/ai.3.gbl.min.js https://www.googletagmanager.com; img-src 'self' www.google-analytics.com https://i.ytimg.com/vi/ https://www.ks-omnipharm.pl/pliki/ data:; frame-src 'self' https://www.google.com/recaptcha/ https://www.osoz.pl https://josso.osoz.pl https://www.youtube.com/ https://api.kamsoft.pl/; object-src 'none'; connect-src 'self' https://*.google-analytics.com https://dc.services.visualstudio.com/v2/track https://www.ks-omnipharm.pl/Pomoc/ wss://ks-omnipharm.pl wss://www.ks-omnipharm.pl; report-uri https://ks-omnipharm.pl/Reporting/CspReport; form-action 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: about: *.adbutler-luxon.com adbutler-fermion.com static.addtoany.com *.adobedtm.com *.ads-twitter.com *.adsrvr.org p.adsymptotic.com *.bamboohr.com bat.bing.com maxcdn.bootstrapcdn.com tags.bluekai.com capwiz.com *.cdc.gov grow.clearbitjs.com *.cmgdigital.com www.cms.gov cqrcengage.com *.crwdcntrl.net tma.custhelp.com dpm.demedex.net www.domain-of-replacement.com *.doubleclick.net *.facebook.com *.facebook.net *.feedburner.com gis.fema.gov apgb2b-reachcodeandproxy.gannettdigital.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com fusiontables.googleusercontent.com *.gstatic.com data.healthcare.gov oig.hhs.gov hootsuite.com *.hs-analytics.net *.hs-banner.com js.hsadspixel.net js.hscollectedforms.net *.hsforms.com *.hsforms.net *.hs-scripts.com api.hubapi.com *.hubspot.com rocket.nwood-kensett.k12.ia.us *.infogram.com *.informz.net *.jeffersoncms.org kff.org cdn.jsdelivr.net beacon.krxd.net snap.licdn.com px.ads.linkedin.com *.livestream.com *.marchex.io tag.marinsm.com pixel.mathtag.com texmed.medbuzz.com www.ncbi.nlm.nih.gov *.nnihcm.org block.opendns.com cdn.linkedin.oribi.io centro.pixel.ad clickserv.pixel.ad www.paypalobjects.com www.podbean.com www.powr.io *.poll-maker.com pixel-geo.prfct.co ql.tc *.qualtrics.com *.quantcount.com *.quantserve.com www.reachlocallivechat.com capture-api.reachlocalservices.com *.rlets.com rcod.rtrk.com www.rumiview.com *.scribd.com uip.semasio.net servedbyadbutler.com *.serving-sys.com *.sharethis.com i.simpli.fi tag.simpli.fi um.simpli.fi clickserv.sitescout.com pixel.sitescout.com *.slideshare.net public.slidesharecdn.com open.spotify.com storify.com t.co *.tapad.com *.tcms.com *.teletownhall.us *.texmed.org eu.thinkingchat.com reachlocal.thinkingchat.com cdn.tinymce.com *.tmait.org *.twimg.com *.twitter.com *.vimeo.com *.votervoice.net *.wakelet.com *.wufoo.com *.youtube.com *.yudu.com *.hscollectedforms.net 1
font-src fonts.gstatic.com data: *.baindepot.com *.bathdepot.com *.bathdepot.ca *.google.com *.google.ca *.bootstrapcdn.com *.g.doubleclick.net *.heatmap.it *.tawk.to *.tawk.link cdn.jsdelivr.net *.klevu.com *.ksearchnet.com wurfl.io *.affirm.com *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.paypal.com *.klaviyo.com *.gorgias.chat *.gorgias.io *.gorgias.work wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.baindepot.com *.bathdepot.com *.bathdepot.ca *.facebook.com *.hotjar.com *.hotjar.io *.google.com *.google.ca www.googleapis.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.vimeo.com vimeo.com *.affirm.com *.jotform.com *.jotfor.ms *.jotform.io *.gorgias.chat *.gorgias.io *.gorgias.work *.canadapost.ca https://sso.epost.ca 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.ytimg.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.google.com *.google.ca www.googleapis.com www.googletagmanager.com *.google.com esqa.moneris.com www3.moneris.com *.affirm.com *.affirm.ca *.booxi.com https: *.baindepot.com *.bathdepot.com *.bathdepot.ca *.online-metrix.net *.addthis.com *.houzz.com *.facebook.com *.facebook.net *.signifyd.com *.moneris.com optimize.google.com *.hotjar.com *.hotjar.io *.heatmap.it heatmap.it *.trackedlink.net *.dotdigital.com *.copami.com ajax.cloudflare.com *.dotdigital-pages.com *.demdex.net *.tawk.to *.tawk.link cdn.jsdelivr.net *.klevu.com *.ksearchnet.com wurfl.io *.g.doubleclick.net *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.dotmailer-surveys.com *.paypal.com *.vimeo.com vimeo.com *.jotform.com *.jotfor.ms *.jotform.io *.gorgias.chat *.gorgias.io *.gorgias.work https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com *.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: blob: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ytimg.com validator.swagger.io *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com maps.googleapis.com *.affirm.com *.affirm.ca *.baindepot.com *.bathdepot.com *.bathdepot.ca *.google.com *.google.ca *.google-analytics.com www.googleapis.com *.g.doubleclick.net *.googletagmanager.com *.facebook.com *.facebook.net *.ggpht.com imgs.signifyd.com *.addthis.com *.online-metrix.net *.abmr.net *.paypalobjects.com *.trackedlink.net online.swagger.io *.heatmap.it *.ytimg.com *.bing.com *.tawk.to *.tawk.link *.jsdelivr.net ajax.cloudflare.com *.klevu.com *.ksearchnet.com wurfl.io *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.dotmailer-surveys.com *.paypal.com *.jotform.com *.jotfor.ms *.jotform.io *.adentifi.com *.klaviyo.com *.static-tracking.klaviyo.com *.a.klaviyo.com *.telemetrics.klaviyo.com *ad.doubleclick.net *.static-tracking.kla *.clarity.ms *.gorgias.chat *.gorgias.io *.gorgias.work wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com *.stackadapt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ mageside.com *.canadapost.ca https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com *.vimeo.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.ytimg.com https://www.gstatic.com/recaptcha/ *.google.com *.google.ca *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com esqa.moneris.com www3.moneris.com maps.googleapis.com developers.google.com *.affirm.com *.affirm.ca 'unsafe-eval' 'unsafe-inline' *.baindepot.com *.bathdepot.com *.bathdepot.ca www.googleadservices.com *.g.doubleclick.net *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net t.trackedlink.net *.noibu.com *.addthisedge.com *.addthis.com z.moatads.com *.online-metrix.net *.signifyd.com *.trackedlink.net *.trackedweb.net *.heatmap.it *.hotjar.com *.hotjar.io *.bing.com *.dotdigital.com *.comapi.com *.tawk.to *.tawk.link cdn.jsdelivr.net ajax.cloudflare.com *.dotdigital-pages.com *.ksearchnet.com *.klevu.com wurfl.io *.paypal.com *.dotmailer-surveys.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.aptrinsic.com *.jotform.com *.jotfor.ms *.jotform.io *.klaviyo.com *.a.klaviyo.com *.telemetrics.klaviyo.com *ad.doubleclick.net *.static-tracking.kla *.clarity.ms *.gorgias.chat *.gorgias.io *.gorgias.work wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com wheeliofuncstats.azurewebsites.net *.stackadapt.com *.qvdt3feo.com qvdt3feo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.baindepot.com *.bathdepot.com *.bathdepot.ca maxcdn.bootstrapcdn.com *.klevu.com *.google.com *.google.ca fonts.googleapis.com www.googleapis.com *.heatmap.it *.ksearchnet.com *.affirm.com *.jsdelivr.net *.g.doubleclick.net *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai wurfl.io *.paypal.com *.aptrinsic.com *.jotfor.ms *.jotform.io *.klaviyo.com wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com *.stackadapt.com https://static.klaviyo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net *.vimeo.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.gstatic.com *.google.com *.affirm.com *.affirm.ca wss: *.baindepot.com *.bathdepot.com *.bathdepot.ca *.g.doubleclick.net *.hotjar.com *.hotjar.io *.noibu.com *.addthis.com *.facebook.com *.facebook.net *.signifyd.com bt.signifyd.com:11103 *.trackedweb.net *.demdex.net *.comapi.com *.tawk.to *.tawk.link *.klevu.com *.ksearchnet.com wurfl.io *.jsdelivr.net *.cloudflare.com bat.bing.com *.google-analytics.com *.google.com *.google.ca www.googleapis.com maps.googleapis.com *.newrelic.com *.nr-data.net *.pinimg.com *.pinterest.com *.heyday.ai *.paypal.com *.jotform.com *.jotfor.ms *.jotform.io *.gorgias.chat *.gorgias.io *.gorgias.work wheelioapp.azureedge.net cdnjs.cloudflare.com dashboard.wheelio-app.com *.stackadapt.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.hendyla.com *.h.local *.hendyla.local; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; 1
default-src 'self' localhost *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com mainchain.asknice.ly static.asknice.ly *.gstatic.com *.mainchain.net 'unsafe-inline';style-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com mainchain.asknice.ly static.asknice.ly 'unsafe-inline';script-src 'self' *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com mainchain.asknice.ly static.asknice.ly *.gstatic.com ipinfo.io 'unsafe-inline' 'unsafe-eval';img-src 'self' data: *.google-analytics.com *.googletagmanager.com mainchain.asknice.ly static.asknice.ly;frame-src 'self' blob: *.mainchain.net mainchain.asknice.ly static.asknice.ly *.google.com;connect-src 'self' *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com mainchain.asknice.ly static.asknice.ly *.gstatic.com *.mainchain.net; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' natalfwk.gruposancorseguros.com nfapi.gruposancorseguros.com nf-chat.gruposancorseguros.com corporate-site-content.gruposancorseguros.com maps.googleapis.com code.jquery.com/ cdn.jsdelivr.net/ js.hsforms.net/ forms.hsforms.com js.hs-scripts.com go.botmaker.com storage.googleapis.com polyfill.io *.googletagmanager.com tagmanager.google.com *.g.doubleclick.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.facebook.net www.google.com www.gstatic.com *.smileweb.net *.linkedin.com *.qualtrics.com cdnjs.cloudflare.com js.hsadspixel.net js.hscollectedforms.net js.hsleadflows.net js.hs-analytics.net forms.hubspot.com api.hubapi.com snap.licdn.com p.adsymptotic.com static.hotjar.com cdn.embluemail.com widgets-static.embluemail.com https://script.hotjar.com;object-src 'none';style-src 'self' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com natalfwk.gruposancorseguros.com fonts.googleapis.com tagmanager.google.com maxcdn.bootstrapcdn.com storage.googleapis.com static.smileweb.net;img-src 'self' natalfwk.gruposancorseguros.com cdn.jsdelivr.net cdnjs.cloudflare.com corporate-site-content.gruposancorseguros.com maps.googleapis.com www.facebook.com connect.facebook.net storage.googleapis.com data: unpkg.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.com *.google.com.ar static.smileweb.net track.hubspot.com *.hsforms.com *.linkedin.com p.adsymptotic.com *.qualtrics.com script.hotjar.com;media-src 'self' https://corporate-site-content.gruposancorseguros.com https://storage.googleapis.com;frame-src nf-viewer.gruposancorseguros.com td.doubleclick.net *.google.com *.smileweb.net *.qualtrics.com *.youtube.com;font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com natalfwk.gruposancorseguros.com maxcdn.bootstrapcdn.com connect.facebook.net static.smileweb.net script.hotjar.com;connect-src 'self' natalfwk.gruposancorseguros.com nf-chat.gruposancorseguros.com wss://*.gruposancorseguros.com corporate-site-content.gruposancorseguros.com maps.googleapis.com api.hubapi.com *.hubspot.com forms.hubspot.com www.google-analytics.com stats.g.doubleclick.net https://go.botmaker.com https://storage.googleapis.com https://m-infra.appspot.com wss://ws.botmaker.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.ar *.smileweb.net nf-mock.globallogic.com.ar *.linkedin.com siteintercept.qualtrics.com *.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://surveystats.hotjar.io;child-src www.google.com www.youtube.com data: blob: storage.googleapis.com td.doubleclick.net https://vars.hotjar.com;frame-ancestors 'none';upgrade-insecure-requests;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' *.csob.sk *.csobpoistovna.sk https://*.clarity.ms https://c.bing.com data: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.csob.sk *.csobpoistovna.sk 'unsafe-inline' 'unsafe-eval' https://ct.leady.com https://csob.piwik.pro/ppms.js https://csob.containers.piwik.pro https://track.adform.net https://s2.adform.net https://i.ctnsnet.com https://connect.facebook.net https://www.facebook.com https://app.livechatoo.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://maps.googleapis.com https://www.google-analytics.com https://s.ytimg.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://www.youtube.com https://p.teads.tv; img-src 'self' *.csob.sk *.csobpoistovna.sk https://*.auda-target.com android-webview-video-poster: https://track.adform.net https://i.ctnsnet.com https://connect.facebook.net https://www.facebook.com https://app.livechatoo.com https://www.googletagmanager.com https://cm.g.doubleclick.net https://stats.g.doubleclick.net https://*.google-analytics.com https://www.google.sk https://*.analytics.google.com https://static.hotjar.com https://script.hotjar.com https://maps.gstatic.com https://maps.googleapis.com https://gcm.ctnsnet.com https://www.google.com data: https://t.teads.tv https://cm.teads.tv https://l.teads.tv https://ct.leady.com https://t.leady.com https://server.seadform.net https://csob.containers.piwik.pro https://csob.piwik.pro; connect-src 'self' https://moja.csob.sk/delegate/session https://es6-elasticapm.csob.sk https://stats.g.doubleclick.net https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.sk api-exponea.csob.sk exponea.csob.sk https://*.hotjar.com https://*.hotjar.io:* wss://*.hotjar.com https://t.teads.tv https://cm.teads.tv https://ct.leady.com https://t.leady.com https://csob.containers.piwik.pro https://csob.piwik.pro; frame-src 'self' https://klient.csob.sk *.csob.sk *.csobpoistovna.sk https://*.auda-target.com https://www.google.com https://maps.google.com https://www.youtube.com https://app.livechatoo.com https://vars.hotjar.com https://c1.adform.net https://html5-player.libsyn.com; frame-ancestors 'self'; style-src 'self' *.csob.sk 'unsafe-inline' https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com https://csob.containers.piwik.pro; font-src 'self' *.csob.sk https://fonts.gstatic.com data: https://script.hotjar.com https://csob.containers.piwik.pro; 1
frame-src *.xq.com.tw *.esunsec.com.tw *.youtube.com *.vimeo.com *.facebook.com;frame-ancestors *.xq.com.tw *.esunsec.com.tw *.youtube.com *.vimeo.com *.facebook.com;font-src * data:;img-src * data:; 1
base-uri 'self'; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net arriva-api.test.perplex.eu webapi-arrivanl.acc.perplex.eu arriva-api.prod.perplex.eu webapi.arriva.nl wss://cxcomlive-webconvwa-weu.azurewebsites.net www.clarity.ms *.clarity.ms https://c.bing.com google-analytics.com https://*.google-analytics.com https://*.doubleclick.net; default-src 'self'; font-src 'self' data: https://aurora.cmtelecom.com https://fonts.gstatic.com https://www.cm.com; form-action 'self' *.buckaroo.nl *.chipbizz.com; frame-ancestors 'self'; frame-src 'self' data: *.youtube.com *.vimeo.com *.google.com; img-src 'self' data: *.arriva.nl arriva.nl *.perplex.eu *.google-analytics.com i.vimeocdn.com www.google.com www.google.nl *.windows.net alert-web-info.arriva.nl alert-web-info-acc.arriva.nl www.facebook.com *.cm.com www.clarity.ms *.clarity.ms https://c.bing.com https://*.ytimg.com; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.facebook.net www.clarity.ms *.clarity.ms https://c.bing.com *.elitechnology.com https://*.digitalcx.com https://*.scribit.pro; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'none'; style-src 'self'; img-src 'self'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; 1
default-src 'self' *.catapa.com *.google.com *.google.co.id *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.tawk.to *.sentry.io assets-global.website-files.com https: wss: blob:; script-src 'self' 'unsafe-eval' *.catapa.com *.google.com *.gstatic.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.tawk.to *.hotjar.com *.cloudfront.net *.cloudflare.com *.youtube.com *.sentry-cdn.com *.midtrans.com *.sharethis.com googleads.g.doubleclick.net maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdn.ampproject.org polyfill.io snap.licdn.com rec.smartlook.com use.typekit.net rec.smartlook.com connect.facebook.net *.googleoptimize.com *.maillist-manage.net assets.calendly.com assets-global.website-files.com blob: 'unsafe-inline'; img-src 'self' *.catapa.com *.google.com *.google.co.id *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.hotjar.com *.tawk.to tawk.link img.youtube.com *.cloudfront.net s3.ap-southeast-3.amazonaws.com s3.amazonaws.com stats.g.doubleclick.net cdn.jsdelivr.net  p.adsymptotic.com p.typekit.net platform-cdn.sharethis.com *.ads.linkedin.com googleads.g.doubleclick.net uploads-ssl.webflow.com *.facebook.com assets-global.website-files.com data: blob:; style-src 'self' *.catapa.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net embed.tawk.to cdnjs.cloudflare.com assets-global.website-files.com 'unsafe-inline'; font-src 'self' *.catapa.com *.gstatic.com *.tawk.to maxcdn.bootstrapcdn.com use.typekit.net script.hotjar.com cdnjs.cloudflare.com uploads-ssl.webflow.com data:; frame-src * blob:; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' * about:; font-src * data:; style-src 'unsafe-inline' *; connect-src *; img-src * data:; frame-src *; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 1
style-src 'self' 1
img-src 'self' data: bblunt.com bblunt-com.honasa-dev.net *.thedermaco.com *.bblunt.com *.mamaearth.in  *.imgix.net images.ctfassets.net honasa-bblunt-prod-images.s3.ap-south-1.amazonaws.com honasa-bblunt-images-nonprod.s3.ap-south-1.amazonaws.com honasa-ucr-be.honasa-production.net www.google-analytics.com www.google.com www.google.co.in www.googleadservices.com www.googleanalytics.com www.facebook.com connect.facebook.net www.googletagmanager.com googleads.g.doubleclick.net *.g2afse.com image.moengage.com track.bblunt.com ik.imagekit.io moe-email-campaigns.s3.amazonaws.com neo.labournet.in labournet.s3.amazonaws.com honasa-strapi-production.s3.ap-south-1.amazonaws.com static.zdassets.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bblunt.com cdn.moengage.com *.razorpay.com www.google.com www.google.co.in www.google-analytics.com www.googleoptimize.com www.googletagmanager.com www.googleadservices.com www.googleanalytics.com *.google.com googleads.g.doubleclick.net connect.facebook.net instagram.com *.twitter.com *.snapchat.com sc-static.net *.hotjar.com cdn.rudderlabs.com stackpath.bootstrapcdn.com www.facebook.com data.easyinsights.in *.g2afse.com appspot.com static.zdassets.com app.limechat.ai semrush.com yandex.com bing.com yahoo.com msn.com ahrefs.com track.bblunt.com linksg.bblunt.com pod-18.zendesk.com;worker-src 'self' blob: cdn.moengage.com stackpath.bootstrapcdn.com ; 1
frame-ancestors 'self' *.hendricksgin.com *.contentful.com 1
frame-ancestors 'self' *.imed.pt *.imed.com.pt *.acin.pt *.myshopify.com *.igest.pt igest.pt *.igest.cv igest.cv *.igest.es igest.es *.igest.co.mz igest.co.mz *.jumpseller.com 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *.pricespider.com *.doubleclick.net pghub.io *.adsrvr.org *.facebook.net *.bazaarvoice.com *.cloudflare.com api.tiles.mapbox.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' *.ctfassets.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.gstatic.com *.ctfassets.net data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.doubleclick.net *.flashtalking.com *.pghub.io *.adsrvr.org consumersupport.pg.com *.jebbit.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com www.google.com www.google.cz *.pricespider.com www.facebook.com *.bazaarvoice.com www.facebook.com cdn.cookielaw.org www.googletagmanager.com feed.pghub.io ; connect-src 'self' *.cookielaw.org *.mapbox.com *.bazaarvoice.com *.pricespider.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat graphql.contentful.com privacytermsprod.azureedge.net *.algolia.net feed.pghub.io pandg.tapad.com ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.kia.ru https://*.kia.ru blob: https://kia.ru https://*.youtube.com https://vk.com https://ok.ru https://clck.ru https://*.w3.org https://ogp.me https://mc.yandex.ru https://*.googletagmanager.com https://api-online.ecredit.one https://approval-online.e-credit.one https://bankbus.ru https://api.mobility.hyundai.ru https://api.rucrm.net https://api-maps.yandex.ru https://yastatic.net https://*.maps.yandex.net https://i.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com https://nuxtjs.org https://*.doubleclick.net/ https://top-fwz1.mail.ru https://st.top100.ru https://sys.datadrivenpromotion.com https://translate.googleapis.com data:; style-src 'self' 'unsafe-inline' https://*.kia.ru https://fonts.gstatic.com https://fonts.googleapis.com; font-src 'self' https://*.kia.ru https://fonts.gstatic.com https://fonts.googleapis.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://apply.deltacommunitycu.com https://experience.adobe.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://legalbetkz.push4site.com https://push4site.com https://us-an.gr-cdn.com/ https://check.ddos-guard.net/ https://*.ytimg.com https://static.cloudflareinsights.com http://awards.ratingruneta.ru cdn3.caltat.com https://cbzxy.com https://banners.adfox.ru/ https://yandex.ru https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://www.googleoptimize.com https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.gr-cdn.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.ampproject.org https://*.ampproject.net https://*.getresponse360.pl; frame-src 'self' https://*.soundcloud.com https://static.cloudflareinsights.com https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; worker-src 'self' blob: https://legalbetkz.push4site.com https://push4site.com https://*.gr-cdn.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; report-uri /csp-report/; 1
default-src blob: data: mediastream: filesystem: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *; 1
frame-ancestors https://www.aigconnect.aig https://www-cms.aigconnect.aig https://share.connect.aig/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com cdn.jsdelivr.net cdn.sheetjs.com *.google.com widget.trustpilot.com *.cloudflare.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.googleadservices.com *.googleoptimize.com googleads.g.doubleclick.net *.cloudfront.net js-agent.newrelic.com sibforms.com bam.eu01.nr-data.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com snap.licdn.com userlike-cdn-umm.b-cdn.net userlike-cdn-umm.b-cdn.net/umm-runtime.1f38f7aa8916e520c5c1.js *.userlike.com *.linkedin.com www.clarity.ms www.tiktok.com lf16-tiktok-web.ttwstatic.com www.googleadservices.com googleads.g.doubleclick.net *.sendinblue.com *.twitter.com *.facebook.net *.twimg.com designbysoap.b-cdn.net *.websites.data-crypt.com; img-src * data:; frame-src *; connect-src *; font-src * data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nexx.cloud https://unpkg.com/ https://cdn.jsdelivr.net/ https://cdn.optimizely.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google-analytics.com/ https://consent.trustarc.com/ https://www.googletagmanager.com/ https://tags.tiqcdn.com/ https://www.googleadservices.com/ https://bat.bing.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://googleads.g.doubleclick.net/ https://analytics.twitter.com/ https://100011006.collect.igodigital.com/ https://www.google.com/ https://www.gstatic.com/ https://www.linkedin.com/ https://maps.googleapis.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://app.gehaltsreporter.de/js/embed-library-app/app.js https://platform.twitter.com/ https://www.slideshare.net/ https://www.google.com/recaptcha/api.js https://cdn.syndication.twimg.com/ https://www.youtube.com/ https://cdncss.cloudflare.com/ https://widget.moin.ai https://cdn.optimizely.com/ https://cdnjs.cloudflare.com/ http://www.google.com/jsapi https://www.google.com/jsapi https://www.gstatic.com/charts/loader.js https://app.23degrees.io/ https://www.eye-able-cdn.com/ https://eye-able.b-cdn.net/public/lang/eyeAble_lang_en.js code.etracker.com/code/e.js https://*.trustarc.com/ code.etracker.com/code/e.js https://*.linkedin.com/ https://sdn-global-streaming-cache.3qsdn.com 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval';       script-src * data: blob: 'unsafe-inline' 'unsafe-eval';       connect-src * data: blob: 'unsafe-inline';       img-src * data: blob: 'unsafe-inline';       frame-src * data: blob:;      frame-ancestors 'self' https://my.westminster.edu;      style-src * data: blob: 'unsafe-inline';      font-src * data: blob: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.cookiebot.com https://*.inmobi.com https://*.amazonaws.com https://*.doubleclick.net https://*.dwcdn.net https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.onesignal.com https://onesignal.com https://*.gemius.pl https://*.hotjar.com https://*.facebook.net https://platform.twitter.com https://syndication.twitter.com https://cdn.syndication.twimg.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://www.google.hu https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.cookiebot.com https://*.inmobi.com https://*.amazonaws.com https://*.doubleclick.net https://*.dwcdn.net https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.onesignal.com https://onesignal.com https://*.gemius.pl https://*.hotjar.com https://platform.twitter.com https://*.google.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://fonts.googleapis.com https://*.gstatic.com; img-src * data:; font-src 'self' data: https://*.hotjar.com https://fonts.googleapis.com https://*.gstatic.com; frame-src https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.cookiebot.com https://*.inmobi.com https://*.amazonaws.com https://*.doubleclick.net https://*.dwcdn.net https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.onesignal.com https://onesignal.com https://*.gemius.pl https://*.hotjar.com https://platform.twitter.com https://syndication.twitter.com https://*.facebook.com https://*.google.com https://*.youtube.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com; connect-src 'self' https://*.agrarpiacter.hu https://agrarpiacter.hu https://*.agroforum.hu https://agroforum.hu https://*.cookiebot.com https://*.inmobi.com https://*.amazonaws.com https://*.doubleclick.net https://*.dwcdn.net https://*.list-manage.com https://*.mailchimp.com https://chimpstatic.com https://*.gemius.pl https://*.hotjar.com https://*.hotjar.io https://onesignal.com https://*.onesignal.com https://*.google.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-clear.com https://shop-id-clear.com/; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-c4d10bc990d6dd8cfc69b0479020ce38'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.zohocdn.com https://js.zohostatic.com https://cdnjs.cloudflare.com https://salesiq.zoho.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://www.googletagmanager.com https://m.addthis.com https://www.mawhiba.org https://services.mawhiba.org; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://js.zohocdn.com https://js.zohostatic.com https://cdnjs.cloudflare.com  https://salesiq.zoho.com  https://ajax.aspnetcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://m.addthis.com https://www.mawhiba.org https://services.mawhiba.org; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://js.zohocdn.com https://js.zohostatic.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://ajax.aspnetcdn.com https://www.googletagmanager.com  https://salesiq.zoho.com https://m.addthis.com https://www.mawhiba.org https://services.mawhiba.org; style-src 'self' 'unsafe-inline' https://css.zohocdn.com https://www.mawhiba.org https://services.mawhiba.org; style-src-elem 'self' 'unsafe-inline' https://css.zohocdn.com https://www.mawhiba.org https://services.mawhiba.org; style-src-attr 'self' 'unsafe-inline' https://css.zohocdn.com https://www.mawhiba.org https://services.mawhiba.org; font-src 'self' 'unsafe-inline' https://www.mawhiba.org https://services.mawhiba.org 1
default-src 'self' https://*.cargoclix.com; worker-src *.cargoclix.com; script-src 'self' *.gstatic.com *.google.com *.cargoclix.com *.leadlab.click *.googleapis.com *.youtube.com *.googletagmanager.com *.addtoany.com cdn.boldreports.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.cargoclix.com fonts.googleapis.com cdn.boldreports.com cdnjs.cloudflare.com ajax.googleapis.com 'unsafe-inline';img-src 'self' *.googleapis.com *.gstatic.com *.gravatar.com *.cargoclix.com data:; connect-src 'self' *.google-analytics.com https://*.cargoclix.com https://maps.googleapis.com https://*.leadlab.click ; font-src 'self' https://*.cargoclix.com fonts.gstatic.com data:; object-src 'none'; media-src https://*.cargoclix.com/* 'self'; form-action 'self' https://*.cargoclix.com https://ccx2 http://ccx2 https://*.safe-checkin.com; frame-ancestors 'self' https://*.cargoclix.com; frame-src https://*.youtube.com https://static.addtoany.com *.google.com; img-src * 'self' data: https:; 1
default-src 'self' emergentconnect.com rapidrad.com totalcloudpacs.com *.rapidrad.com *.totalcloudpacs.com *.googleapis.com *.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com google.com www.google.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com media.twiliocdn.com cdn.statuspage.io cdn.jsdelivr.net code.jquery.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.googleapis.com *.gstatic.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com cdn.jsdelivr.net; img-src 'self' data: *.cloudfront.net *.googleapis.com *.rapidrad.com *.totalcloudpacs.com *.gstatic.com; font-src 'self' maxcdn.bootstrapcdn.com fonts.gstatic.com; frame-src 'self' emergentconnect.com rapidrad.com totalcloudpacs.com *.rapidrad.com *.totalcloudpacs.com *.googleapis.com www.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' translate-pa.googleapis.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net translate.google.com translate.googleapis.com www.google.com www.gstatic.com; object-src 'none'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net www.gstatic.com; img-src 'self' data: cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net fonts.gstatic.com www.gstatic.com www.google.com; media-src 'none'; frame-src 'none'; font-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net netdna.bootstrapcdn.com; connect-src 'self' translate.googleapis.com 1
default-src 'self' www.cdn.neustar npacca.neustar.com *.neustar.com ns-cdn.neustar.biz *.google-analytics.com 'unsafe-inline' 1
object-src 'none'; frame-src *; frame-ancestors 'self' X-Frame-Options: SAMEORIGIN 1
frame-ancestors 'self' https://*.corcentricplatform.com https://*.determine.com; 1
default-src https:; frame-src https: blob:; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; 1
frame-ancestors 'self' https://*.verizon.com https://*.verizonwireless.com https://*.vzwcorp.com 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com https://*;connect-src 'self' https://*;img-src 'self' data: blob: https://*;frame-ancestors 'self' https://*.i-goddard.com;frame-src 'self' https://*;font-src 'self' data: https://fonts.gstatic.com;worker-src blob:;child-src blob: 1
frame-ancestors 'self' http://www.maizena.com.ar unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
frame-src *.quest-global.com quest-global.com *.youtube.com youtube.com *.vimeo.com vimeo.com *.google.com app.hubspot.com *.hubspot.com *.doubleclick.net *.googletagmanager.com googletagmanager.com 1
upgrade-insecure-requests; base-uri 'none'; font-src 'self' data: fonts.gstatic.com consent.trustarc.com; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com consent.trustarc.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com consent-pref.trustarc.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.party; img-src 'self' https: data: blob: https://mstdn.party; style-src 'self' https://mstdn.party 'nonce-8G68ICrah7UE1z2Z78mePw=='; media-src 'self' https: data: https://mstdn.party; frame-src 'self' https:; manifest-src 'self' https://mstdn.party; form-action 'self'; child-src 'self' blob: https://mstdn.party; worker-src 'self' blob: https://mstdn.party; connect-src 'self' data: blob: https://mstdn.party https://files.mstdn.party wss://mstdn.party; script-src 'self' https://mstdn.party 'wasm-unsafe-eval' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ethresear.ch/logs/ https://ethresear.ch/sidekiq/ https://ethresear.ch/mini-profiler-resources/ https://ethresear.ch/assets/ https://ethresear.ch/brotli_asset/ https://ethresear.ch/extra-locales/ https://ethresear.ch/highlight-js/ https://ethresear.ch/javascripts/ https://ethresear.ch/plugins/ https://ethresear.ch/theme-javascripts/ https://ethresear.ch/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://ethresear.ch/assets/ https://ethresear.ch/brotli_asset/ https://ethresear.ch/javascripts/ https://ethresear.ch/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors *.ringpublishing.com; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=noizz.hu::noizz_HU-master-1.1.2 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2mdn.net *.33across.com *.abt.s3.yandex.net *.ad-generation.jp *.adform.com *.adform.net *.adhouse.pro *.admanmedia.com *.admatic.com.tr *.admixer.com *.admost.com *.adnxs.com *.adpush.com.tr *.adtarget.com.tr *.adtech.com *.adtelligent.com *.adtopia.com *.advangelists.com *.advenuemedia.co.uk *.advertising.com *.adwmg.com *.air.tech *.aistekso.net *.alexametrics.com *.amazon-adsystem.com *.amazon.com *.ampproject.org *.appnexus.com *.aralego.com *.axonix.com *.baithoph.net *.beachfront.com *.bidtellect.com *.bik.gov.tr *.bildirt.com *.bizzclick.com *.clarity.ms *.cloudflare.com *.cloudflareinsights.com *.cmcm.com *.colossusssp.com *.connectad.io *.contextweb.com *.coxmt.com *.criteo.com *.criteo.net *.cubepile.com *.dailymotion.com *.devotrans.com *.districtm.io *.doubleclick.net *.e-planning.net *.emxdgt.com *.engagebdr.com *.exponential.com *.facebook.com *.facebook.net *.flashtalking.com *.freewheel.tv *.gamoshi.io *.gemius.pl *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gstatic.com *.gumgum.com *.ibillboard.com *.idealmedia.io *.ijit.com *.improvedigital.com *.indexexchange.com *.inmobi.com *.instagram.com *.jquery.com *.jsdelivr.net *.jwpcdn.com *.lijit.com *.linkedin.com *.linkwi.se *.lkqd.com *.lkqd.net *.makroo.com *.maple-team.com *.mars.media *.mediabong.com *.meta.com *.mgid.com *.moatads.com *.newborntown.com *.omnijay.com *.onesignal.com *.onnetwork.tv *.openweathermap.com *.openx.com *.optad360.io *.outbrain.com *.peak226.com *.pinterest.com *.pixad.com.tr *.player.im *.programattik.com *.pubmatic.com *.radyotelekom.com.tr *.reklamstore.com *.resultsmedia.com *.rhythmone.com *.rubiconproject.com *.sabio.us *.schema.org *.serving-sys.com *.sharethis.com *.sharethrough.com *.smaato.com *.smartadserver.com *.smartyads.com *.smrtb.com *.sonobi.com *.sovrn.com *.spotx.tv *.spotxchange.com *.static.hotjar.com *.stroeer.com *.synacor.com *.taboola.com *.tagon.co *.tebilisim.com *.teimg.com *.tevideo.org *.theadx.com *.thebrave.io *.themediagrid.com *.thubanoa.com *.tiktok.com *.tiviplayer.com *.tradingview.com *.tribalfusion.com *.ttwstatic.com *.twitter.com *.ucfunnel.com *.unrulymedia.com *.us.com *.videoomy.com *.vidoomy.com *.vidyome.com *.vimeo.com *.virgul.com *.weatherwidget.io *.webeyemob.com *.wordego.com *.x.com *.yahoo.com *.yandex.com *.yandex.ru *.yastatic.net *.yayin.com.tr *.yieldmo.com *.youtu.be *.youtube.com *.ytimg.com ads.vidoomy.com api-maps.yandex.ru buttons-config.sharethis.com c1.imgiz.com cdn.ampproject.org cdn.doubleverify.com cdn.id5-sync.com cdn.jsdelivr.net cdn.ravenjs.com gdetr.hit.gemius.pl google.com googlesyndication.com invstatic101.creativecdn.com lidertv.radyotelekom.com.tr oa.openxcdn.net onesignal.com pagead2.googlesyndication.com pcode.yads.tech pghub.io platform-api.sharethis.com player.im pool-eu.creative-serving.com script.4dex.io static-maps.yandex.ru static.cdn.pixad.com.tr tags.crwdcntrl.net trgde.adocean.pl yastatic.net; 1
default-src 'self' https://content.hotjar.io/?site_id=3259747&gzip=1/ wss://ws.hotjar.com/api/v2/client/ws?v=7&site_id=3259747/ https://pdp-service.retargetly.com/ https://analytics.google.com/ https://in.hotjar.com/ https://webto.salesforce.com/ https://csmetrics.hotjar.com/ https://maps.googleapis.com https://bid.g.doubleclick.net wss://ws.botmaker.com https://rt.idx.lat https://m-infra.appspot.com https://go.botmaker.com https://storage.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://api.retargetly.com blob:; child-src blob:; script-src 'self' 'unsafe-inline' https://script.hotjar.com/modules.1a30a0a67c3c23c13060.js https://sf16-website-login.neutral.ttwstatic.com/ https://www.tiktok.com/ https://www.instagram.com/ https://cookieless-campaign.prd-00.retargetly.com/ https://script.hotjar.com/modules.f8398e1fcf749800c3fc.js https://pdp-cdn.retargetly.com/t2.min.js https://www.youtube.com/s/player/c64a5d56/www-widgetapi.vflset/www-widgetapi.js https://www.youtube.com/iframe_api https://script.hotjar.com/modules.4741ce1934b8a0442947.js https://script.hotjar.com/modules.7c8d179adab2771ff7ea.js https://static.hotjar.com/c/hotjar-3259747.js https://embed.typeform.com/next/embed.js https://apis.google.com/js/platform.js https://tracker.metricool.com https://maps.googleapis.com https://resources-rt.idx.lat https://connect.facebook.net https://api.retargetly.com https://go.botmaker.com https://www.google.com https://www.googletagmanager.com https://storage.googleapis.com https://googleads.g.doubleclick.net https://polyfill.io https://www.google-analytics.com https://www.googleadservices.com data: blob:; img-src 'self' https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://streetviewpixels-pa.googleapis.com https://tracker.metricool.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.com.co https://www.facebook.com https://storage.googleapis.com data:; style-src 'self' 'unsafe-inline' https://sf16-website-login.neutral.ttwstatic.com/obj/tiktok_web_login_static/tiktok/falcon/embed/embed_lib_v1.0.12.css https://embed.typeform.com/next/css/widget.css https://fonts.googleapis.com https://storage.googleapis.com ; font-src 'self' data: https://fonts.gstatic.com; base-uri 'self'; form-action 'self' https://www.facebook.com https://webto.salesforce.com; frame-src https://www.tiktok.com/ https://www.instagram.com/ https://j3r0n1m0.my.site.com/ https://www.youtube.com/ https://vars.hotjar.com/ https://form.typeform.com/ https://resources-rt.idx.lat/ https://online.pubhtml5.com/ https://aratiendas.com/ https://www.facebook.com/ https://api.retargetly.com/ https://integrations.ofertia.com.co/ https://docs.google.com/ https://td.doubleclick.net/ https://cookieless-campaign.prd-00.retargetly.com/ https://web.facebook.com/ 1
default-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co *.googleapis.com *.ingest.sentry.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org d2yyd1h5u9mauk.cloudfront.net *.hotjar.com bat.bing.com www.googleoptimize.com optimize.google.com analytics.google.com user-event-tracker.crazyegg.com browser.sentry-cdn.com optimize.google.com analytics.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com www.youtube.com www.youtube-nocookie.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob: embed.typeform.com *.sibautomation.com sibautomation.com *.ingest.sentry.io analytics.tiktok.com; connect-src 'self' *.delighted.com *.hotjar.com:* *.hotjar.io:* wss://*.hotjar.com sentry.io *.google.cl 54.242.242.218 *.ampproject.org *.ampproject.net *.autofactpro.com *.autofact.com *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com plugin.autentia.mb:7777 *.googleapis.com *.ytimg.com *.google.com *.bootstrapcdn.com thrk5e664g.execute-api.us-east-1.amazonaws.com wpoxlbs3w6.execute-api.us-east-1.amazonaws.com *.google-analytics.com ofbern64r9.execute-api.us-east-1.amazonaws.com *.api.retail.autofact.com dnn506yrbagrg.cloudfront.net m21ndjph2i.execute-api.us-east-1.amazonaws.com q6x8glddsl.execute-api.us-east-1.amazonaws.com www.googleadservices.com *.bing.com *.fontawesome.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.facebook.net *.doubleclick.net *.sendinblue.com 7ep5bxwwl6.execute-api.us-east-1.amazonaws.com *.brevo.com *.ingest.sentry.io transferencia-api-contract-creator-service.retail.qa.autofact.app transferencia-api-contract-creator-service.retail.production.autofact.app transferencia-api-contract-creator-service.retail.staging.autofact.app analytics.tiktok.com; img-src 'self' script.hotjar.com bat.bing.com cdnjs.cloudflare.com img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl *.autofact.qa www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net https://static.retail.autofact.cl www.google-analytics.com data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org optimize.google.com analytics.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com; font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com:* *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ; frame-ancestors 'self' *.autofactpro.com facebook.com; frame-src 'self' docs.google.com stage-autopress-buckets.s3.us-west-1.amazonaws.com *.hotjar.com *.autofact.cl form.typeform.com accounts.google.com optimize.google.com analytics.google.com *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com staticxx.facebook.com bid.g.doubleclick.net *.culqi.com *.sibautomation.com sibautomation.com *.ingest.sentry.io *.doubleclick.net; object-src 'self' *.autofactpro.com *.autofact.cl; 1
default-src bullionstar.com *.bullionstar.com www.bullionstar.co.nz www.bullionstar.us *.google-analytics.com *.googletagmanager.com *.google.com *.twitter.com *.twimg.com *.youtube.com disqus.com *.disqus.com *.disquscdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-inline'; media-src bullionstar.com *.bullionstar.com bullionstar.co.nz *.bullionstar.co.nz bullionstar.us *.bullionstar.us *.twitter.com *.youtube.com *.googlevideo.com data:; connect-src bullionstar.com *.bullionstar.com bullionstar.co.nz *.bullionstar.co.nz bullionstar.us *.bullionstar.us ws://services.bullionstar.com wss://services.bullionstar.com ws://services.bullionstar.co.nz wss://services.bullionstar.co.nz ws://services.bullionstar.us wss://services.bullionstar.us *.google-analytics.com *.googletagmanager.com disqus.com *.disqus.com *.disquscdn.com; 1
base-uri 'self'; child-src https://www.google.com/recaptcha/ https://www.recaptcha.net/ https://www.googletagmanager.com/ns.html https://*.qq.com/ https://turing.captcha.qcloud.com https://*.geetest.com https://*.zuora.com/apps/PublicHostedPageLite.do https://jihulab.com/admin/ https://jihulab.com/assets/ https://jihulab.com/-/speedscope/index.html https://jihulab.com/-/sandbox/ https://customers.jihulab.com/ 'self' https://jihulab.com/assets/ blob: data:; connect-src 'self' https://jihulab.com wss://jihulab.com https://sentry.gitlab.net https://customers.gitlab.cn https://customers.jihulab.com https://*.qq.com/ https://*.gitlab.cn https://cdn.cookielaw.org https://*.onetrust.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; default-src 'self'; font-src 'self'; form-action 'self' https: http:; frame-ancestors 'self'; frame-src 'self' https://www.recaptcha.net/ https://customers.gitlab.cn https://customers.jihulab.com https://*.qq.com https://*.captcha.qcloud.com https://*.captcha.gtimg.com; img-src * data: blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net; manifest-src 'self'; media-src 'self' data: blob: http: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.recaptcha.net/ https://*.qq.com/ https://cdn-go.cn/aegis/aegis-sdk/ https://*.captcha.qcloud.com https://*.captcha.gtimg.com https://*.google-analytics.com https://*.gitlab.cn https://cdn.cookielaw.org https://*.onetrust.com https://cdn.bizible.com/scripts/bizible.js *.googletagmanager.com 'nonce-KFtBSLbswjkQsMjkS1bRrA=='; style-src 'self' 'unsafe-inline'; worker-src https://jihulab.com blob: data: 1
default-src 'none'; frame-src *.yandex.net *.yandex.ru yastatic.net; child-src forms.yandex.ru video.yandex.ru; object-src yandex.st; script-src 'unsafe-inline' 'nonce-I4lcTFhfbGSLiusYY2J/nw==' 'unsafe-eval' yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; style-src 'unsafe-inline' yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; connect-src 'self' yandex.st *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; font-src yastatic.net *.yandex.net *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; img-src 'self' data: *.yandex.net yandex.st yastatic.net a.tile.openstreetmap.org *.yandex.com *.yandex.ru *.yandex.ua *.yandex.by *.yandex.kz *.yandex.az *.yandex.kg *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.uz *.yandex.ee *.yandex.fr *.yandex.co.il *.yandex.com.ge *.yandex.com.am *.yandex.com.tr; report-uri https://csp.yandex.net/csp?from=promo-metrika-2016&yandex_login=undefined&yandexuid=2163031761715651699; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http:; style-src 'self' 'unsafe-inline'; img-src 'self' http: data:; connect-src 'self' http://www.clarkcountycourts.us/; font-src 'self' data: https://fonts.gstatic.com; media-src 'self'; frame-src https: 1
default-src 'self' *.gstatic.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com api.webthumbnail.org *.googletagmanager.com *.stats.g.doubleclick.net *.doubleclick.net *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; script-src 'self' 'nonce-70ee0e4f9a6653360618979507426ec2' *.facebook.com *.facebook.net *.connect.facebook.net *.twitter.com *.bannerflow.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com/analytics.js code.highcharts.com/highcharts.js *.googletagmanager.com *.stats.g.doubleclick.net *.doubleclick.net *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl *.amcharts.com; style-src 'self' 'unsafe-inline' *.facebook.com *.facebook.net *.connect.facebook.net *.bannerflow.net *.googleapis.com *.google.com *.gstatic.com *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; img-src 'self' data: *.facebook.com *.facebook.net *.connect.facebook.net *.bannerflow.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; frame-src 'self' *.google.com *.facebook.com *.facebook.net *.twitter.com *.connect.facebook.net *.bannerflow.net *.yumpu.com youtube.com https://widgets.volleystation.com https://www.openstreetmap.org https://www.vis.ignatowicz.com.pl www.youtube.com; ; report-uri /csp-report.php 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.mygeekbox.de https://m.mygeekbox.de https://checkout.mygeekbox.de https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://www.csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.google.de https://google.de https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' *.telekom.si 1
frame-ancestors 'self' https://booking.loganair.co.uk; 1
frame-ancestors 'self' http://www.giochixl.it 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.ec/report-uri/enforce 1
default-src 'none'; script-src 'self' https://plausible.io 'sha256-/6SBPqW+GW+//4nlXX6Y1nR9dWlh0gsQJ6KK71djH6A='; style-src 'self' 'unsafe-inline'; img-src 'self' https://*.digitalpurchaseorder.com https://*.digitalpurchaseorder.de; font-src 'self' https://*.digitalpurchaseorder.com https://fonts.gstatic.com data:; connect-src 'self' https://*.digitalpurchaseorder.com; media-src 'self' https://*.digitalpurchaseorder.com https://*.digitalpurchaseorder.de; manifest-src 'self'; object-src 'none'; prefetch-src 'self' https://*.digitalpurchaseorder.com; child-src 'self' https://*.digitalpurchaseorder.com; worker-src 'self'; frame-ancestors 'self' https://*.digitalpurchaseorder.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self'; script-src 'self' 'nonce-e-w4z_142kEZ8hyGGThF31615sy-vuh-YWwNG52r_SnESzbqW9krmA' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com hmbbfdi-staging.tom.augenarbeiter.de hmbbfdi-prod.tom.augenarbeiter.de datenschutz-hamburg.de *.datenschutz-hamburg.de blob:; style-src-elem 'self' 'unsafe-inline' 'report-sample'; script-src-elem 'self' 'unsafe-inline' 'report-sample'; worker-src 'self' blob:; report-uri https://datenschutz-hamburg.de/@http-reporting?csp=report&requestTime=1715652390807344 1
default-src 'self' data: www.chguadalquivir.es www.youtube.com www.eltiempo.es *.gstatic.com mappinggis.com *.google.com *.google-analytics.com *.googleapis.com www.flickr.com *.twitter.com *.twimg.com www.colectivosvip.com *.juntadeandalucia.es www.ign.es http://www.ign.es *.ideandalucia.es *.callejerodeandalucia.es gischg.chguadalquivir.es 127.0.0.1:* *.maptiler.com; script-src 'self' www.eltiempo.es *.google.com connect.facebook.net platform.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.juntadeandalucia.es *.jquery.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.juntadeandalucia.es; frame-src 'self' *.aemet.es www.youtube.com www.eltiempo.es *.google.com *.gstatic.com gischg.chguadalquivir.es *.meteoblue.com; img-src 'self' data: tile.openstreetmap.org *.google-analytics.com *.googleapis.com *.gstatic.com *.cartocdn.com *.opentopomap.org *.ign.es *.chguadalquivir.es; worker-src blob:; child-src blob:; 1
upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: 1
default-src 'unsafe-eval' 'self' data: blob: *.navattic.com *.schedulehero.io *.hs-scripts.com *.reddit.com *.g2crowd.com *.redditstatic.com *.revenuehero.io *.spotify.com *.googleapis.com *.chilipiper.com *.mouseflow.com cdn.mouseflow.com *.litix.io *.wistia.net *.wistia.com getbuilt.com *.getbuilt.com *.oktopost.com *.company-target.com *.gotolstoy.com api.hubapi.com *.hubspot.com *.influitive.com api.locize.io bat.bing.com bltstaging.wpengine.com *.salesforceliveagent.com cdn.linkedin.oribi.io connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.usemessages.com match.prod.bidr.io *.ingest.sentry.io okt.to *.pardot.com px.ads.linkedin.com snap.licdn.com *.doubleclick.net *.demandbase.com *.typekit.net www.facebook.com *.google-analytics.com *.googleadservices.com www.googleoptimize.com www.googletagmanager.com *.gstatic.com www.linkedin.com cdn.polyfill.io *.fontawesome.com web-analytics.engagio.com id.rlcdn.com *.mutinycdn.com *.mutinyhq.io *.bugsnag.com *.akamaihd.net *.hsforms.net *.hsforms.com *.cloudflare.com *.tfaforms.net *.formassembly.com *.googlesyndication.com *.mapbox.com *.dyh8ken8pc.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 'sha256-qn97DK1nF9AxGGJ/OcWjmowZekPIWIewfRhRzaqu0e0=' 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'unsafe-hashes' 'sha256-DFFLwIcztss+sv3K4A7eR4/LomZ63ZtfLANbnojNCOc=' 'sha256-RWcCDEtM029fTvR3ANpJ/hYSWtP+KIc1ZyWMPnb04z4=' 'sha256-Aajrk2aqPW2es8Zhh7RGO98KAFtogitkC5mSBKgzFd0=' 'sha256-Ui1KQYhlohvGsBwspUROv55uovYzPNEoIBzJHGNwBGQ=' 'sha256-V5Fncd0vOH18+PMxAvd4k99LdfAYlyYt6kIWs6OEZBU=' 'sha256-bxWV26JIAgfSxY6HhxygYkFiJB24Eca5rm2HVbO3dts='; font-src 'self' data: fonts.gstatic.com *.fontawesome.com *.wistia.com *.mutinycdn.com js.hs-banner.com *.bootstrapcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gotolstoy.com *.tfaforms.net *.bootstrapcdn.com *.mapbox.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *; frame-ancestors 'self' https://*.extrememusic.com 1
default-src * data: 'unsafe-inline' 'unsafe-eval' 'self' blob:; media-src * blob:; img-src * data: 'unsafe-inline' blob: *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com *.heapanalytics.com; font-src * data: 'unsafe-inline'; frame-ancestors *.amway.it; connect-src 'self' api-js.datadome.co *.amway.eu https://siteintercept.qualtrics.com https://maps.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com https://*.clarity.ms https://c.bing.com *.auryc.com https://amway-api.exponea.com https://*.ada.support; frame-src https://*.elf.site https://players.brightcove.net geo.captcha-delivery.com https://coreplus.amwayglobal.com https://coreplus-qa.amwayglobal.com https://coreplus-regional.gmb-preprod.corp.amway.net https://coreplus-stage.amwayglobal.com *.qualtrics.com https://bonus.amway-services.com https://online.flippingbook.com https://amway-achievers.web.app app.vwo.com *.visualwebsiteoptimizer.com https://www.youtube.com https://*.ada.support; worker-src 'self' blob:; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com tags.tiqcdn.com js.datadome.co *.googleapis.com *.heapanalytics.com *.qualtrics.com *.clarity.ms https://amway-api.exponea.com https://*.ada.support; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com *.googleapis.com *.gstatic.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fundingchoicesmessages.google.com quantcast.mgr.consensu.org *.youtube.com *.googlesyndication.com cdn.ampproject.org *.amazon-adsystem.com *.cookiebot.com https://contextual.media.net https://lg3.media.net https://www.clickcease.com/monitor/stat.js https://consent.cookiefirst.com https://rules.quantcount.com *.quantcast.mgr.consensu.org https://secure.quantserve.com/quant.js www.gstatic.com maps.gstatic.com cdn.datatables.net maxcdn.bootstrapcdn.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net ajax.cloudflare.com cdnjs.cloudflare.com www.googletagservices.com tpc.googlesyndication.com/sodar/sodar2.js adservice.google.es adservice.google.com https://www.google.com/pagead/conversion_async.js www.googletagmanager.com tagmanager.google.com s.ytimg.com *.taboola.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.g.doubleclick.net https://td.doubleclick.net *.youtube.com https://tsdtocl.com/ www.googletagmanager.com https://rcm-eu.amazon-adsystem.com *.googlesyndication.com *.quantcast.mgr.consensu.org *.cookiebot.com https://www.google.com/recaptcha/api2/aframe https://contextual.media.net/checksync.php https://rcm-na.amazon-adsystem.com *.assoc-amazon.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
default-src 'self' *.onetrust.com/ *.trustpilot.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.com/ *.google.co.uk/ *.matomo.cloud/ *.google-analytics.com/ *.clarity.ms/ *.g.doubleclick.net/ *.hotjar.io/ *.hotjar.com/ cdn.linkedin.oribi.io/ *.googlesyndication.com/ *.pardot.com/ *.optimizely.com/; frame-src *.8x8.com/ *.speedtestcustom.com/ gigaclearltd.statuspage.io *.doubleclick.net/ *.cdn.optimizely.com/ *.pardot.com/; style-src 'unsafe-inline' 'self' *.typekit.net/; font-src 'self' data: *.typekit.net/; img-src 'self' data: *.amazonaws.com/ *.8x8.com/ *.gigaclear.net/ *.gigaclear.com/ *.google.co.uk *.google.com/ *.onetrust.com/ *.linkedin.com/ analytics.twitter.com/ bat.bing.com/ t.co/ *.facebook.com/ *.nextdoor.com/; media-src 'self' *.amazonaws.com/; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.gigaclear.net/ *.googletagmanager.com/ googleoptimize.com/ googleads.g.doubleclick.net/ cdn.pagesense.io/; child-src static.zohocdn.com/; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' *.onetrust.com/ *.trustpilot.com/ *.8x8.com/ *.googletagmanager.com/ *.googleoptimize.com/ bat.bing.com/ static.ads-twitter.com/ snap.licdn.com/ *.facebook.net/ *.dwin1.com/ *.google-analytics.com/ *.nextdoor.com/ *.hotjar.com/ *.matomo.cloud/ *.clarity.ms/ *.g.doubleclick.net/ smct.co/ *.optimizely.com/; 1
frame-ancestors ragingbull.com app.ragingbull.com dev.ragingbull.com 1
default-src		'self' 'unsafe-inline' 'unsafe-eval'							data: blob:							localhost:2000								https://xperienceunited.com https://xperienceunited.com:8080 https://s6.xperienceunited.com:8080 *.xperienceunited.com *.xperienceunited.com:8080 wss://xperienceunited.com							*.mapbox.com							*.addthiscdn.com							fonts.googleapis.com fonts.gstatic.com							https://www.google-analytics.com  *.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com								*.google.com www.google.fi www.google.se www.google.es							maps.gstatic.com *.googleapis.com *.ggpht.com							code.jquery.com								https://www.paypalobjects.com *.paypal.com							*.youtube.com https://i.ytimg.com							*.facebook.net *.facebook.com								*.trackjs.com								*.google-analytics.com *.analytics.google.com *.googletagmanager.com *.gstatic.com;			img-src			https: data: blob:;				frame-src		tokbox.com *.youtube.com *.paypal.com;			report-uri		/csp-violation-report-endpoint?who= 1
default-src 'self';img-src * blob: data:;style-src 'self' 'unsafe-inline' *.salesforce.com *.force.com *.salesforce-sites.com;script-src-elem 'self' 'unsafe-inline' *.usercentrics.eu *.appsflyer.com *.onelink.me *.googletagmanager.com *.personio.de *.salesforce.com *.force.com *.salesforceliveagent.com *.salesforce-sites.com *.exponea.com;media-src 'self' blob: *.smartbrokerplus.de *.wocio.de;connect-src *.wocio.de *.smartbrokerplus.de *.ariva-services.de *.amazonaws.com *.sentry.io *.usercentrics.eu *.appsflyer.com *.onelink.me *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.personio.de wss://mds-cat.ariva-services.de wss://mds.ariva-services.de *.salesforce-sites.com *.doubleclick.net;font-src 'self' data: *.gstatic.com;frame-src *.usercentrics.eu *.salesforce.com *.force.com *.smartbrokerplus.de smartbrokerplus.de;frame-ancestors *.smartbrokerplus.de smartbrokerplus.de;script-src *.wocio.de *.smartbrokerplus.de 'unsafe-eval' 1
frame-ancestors 'self' *.donatelifepuertorico.org donatelifepuertorico.org *.donevidapuertorico.org donevidapuertorico.org lifelinkpr.athena.dev-applied3.com *.inetz.com *.donatelifeusvi.org donatelifeusvi.org 1
default-src 'self' *.iwan.com.tw *.iwplay.com.tw *.google.com *.google.com.tw; frame-src *.iwplay.com.tw *.iwan.com.tw www.youtube.com *.facebook.com bid.g.doubleclick.net *.facebook.net; script-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com s.ytimg.com libs.baidu.com code.jquery.com *.google-analytics.com *.facebook.net *.facebook.com *.googleapis.com www.googletagmanager.com www.youtube.com www.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.com.tw *.youtube.com ;style-src *.iwplay.com.tw *.iwan.com.tw 'unsafe-inline' www.youtube.com.tw fonts.googleapis.com *.facebook.net *.facebook.com *.google.com *.google.com.tw; img-src *.iwplay.com.tw *.google-analytics.com stats.g.doubleclick.net www.youtube.com *.google.com *.google.com.tw googleads.g.doubleclick.net *.facebook.com *.facebook.net data: ;frame-ancestors *.iwplay.com.tw *.iwan.com.tw *.google.com *.google.com.tw;font-src  fonts.gstatic.com *.googleapis.com *.google.com *.google.com.tw *.iwplay.com.tw data:;connect-src *.iwplay.com.tw *.google-analytics.com analytics.google.com stats.g.doubleclick.net; 1
default-src: 'strict-dynamic' object-src: 'none'  'self' blob: 'unsafe-inline' 'unsafe-eval' data: https://gatewayapi.wealthdesk.in https://ewg.wealthdesk.in https://eportal.incometax.gov.in/iec/foservices/#/pre-login/bl-link-aadhaar http://bandhanmutual.com http://api.bandhanmutual.com https://api.wylth.com https://demogatewayapi.wealthdesk.in https://demogatewaysdk.wealthdesk.in https://fonts.googleapis.com https://api1.efa.sg https://aware.senseforth.com https://loader.wisepops.com https://cmsstgaccount.blob.core.windows.net https://cms.bandhanmutual.com https://www.googletagmanager.com https://www.google-analytics.com https://idfcuatstorage.blob.core.windows.net https://cms.uat.bandhanamc.com https://api.uat.bandhanamc.com https://img.youtube.com https://api-ssl.bitly.com/v4/bitlinks https://stats.g.doubleclick.net https://cvprod.idfc.com https://www.google.com https://www.google.co.in http://uat.bandhanamc.com https://www.googleadservices.com https://connect.facebook.net https://www.facebook.com https://googleads.g.doubleclick.net https://www.youtube.com https://bid.g.doubleclick.net https://cms.pprod.bandhanmutual.com https://api.pprod.bandhanmutual.com https://www.gstatic.com https://netcoresmartech.com https://ajax.googleapis.com cdnt.netcoresmartech.com twa.netcoresmartech.com osjs.netcoresmartech.com snap.licdn.com aware-commons.s3.ap-south-1.amazonaws.com wdc.netcoresmartech.com https://*.hotjar.com https://*.spiky.clevertap-prod.com https://*.clevertap-prod.com https://*.wzrkt.com https://*.spiky.wzrkt.com 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline'; 1
default-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https:; font-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: data: http://fonts.gstatic.com; img-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: data: blob:; object-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https:; script-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: 'unsafe-inline' 'unsafe-eval'; style-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: 'unsafe-inline' 'unsafe-eval' http://fonts.googleapis.com/css; worker-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: blob:; media-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: blob:; connect-src self sonix.ai my.sonix.ai admin.sonix.ai api.sonix.ai https: wss://realtime.sonix.ai wss://nexus-websocket-a.intercom.io ws://nexus-websocket-a.intercom.io 1
worker-src blob:; font-src fonts.gstatic.com use.typekit.net *.fontawesome.com https://app.breeze.in/ https://sdk.breeze.in/ https://app.beta.breeze.in/ https://api.beta.breeze.in/ https://api.breeze.in/ *.maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.fonts.gstatic.com *.test.payu.in *.apitest.payu.in data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' data: *.payu.in *.app.beta.breeze.in *.api.juspay.in/orders/ *.test.payu.in *.apitest.payu.in 'self' 'unsafe-inline'; frame-ancestors 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com *.test.payu.in *.apitest.payu.in 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.google.com www.googletagmanager.com https://app.breeze.in/ https://sdk.breeze.in/ https://app.beta.breeze.in/ https://api.beta.breeze.in/ https://api.breeze.in/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' data: *.payu.in *.facebook.com *.flydubai.com *.myshopify.com *.app.beta.breeze.in *.test.payu.in *.apitest.payu.in 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net https://app.breeze.in/ https://sdk.breeze.in/ https://app.beta.breeze.in/ https://api.beta.breeze.in/ https://api.breeze.in/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com *.test.payu.in *.apitest.payu.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com beacon-qa.magento-datasolutions.com beacon-stage.magento-ds.com beacon.magento-ds.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.gstatic.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net https://sdk.breeze.in/ https://app.breeze.in/ https://app.beta.breeze.in/ https://api.beta.breeze.in/ https://api.breeze.in/ *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.payu.in *.maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.maps.google.com *.googleapis.com *.googleusercontent.com *.ggpht.com *.cardinalcommerce.com *.adobedtm.com *.breeze.in *.braintreegateway.com ccdc02.com magento-datasolutions.com *.googletagmanager.com *.paypalobjects.com *.beta.breeze.in *.google-analytics.com *.newrelic.com beacon-stage.magento-ds.com  commerce.adobe.net t.paypal.com  magento-recs-sdk.adobe.net  s.ytimg.com  www.googleapis.com  vimeo.com  www.vimeo.com  *.google.com/recaptcha *.sdk.breeze.in *.app.beta.breeze.in *.api.beta.breeze.in *.api.breeze.in blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.maxcdn.bootstrapcdn.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.fonts.googleapis.com *.test.payu.in *.apitest.payu.in 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com p13n-mr.adobe.io *.adobedc.net *.demdex.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.magento.com commerce.adobe.io *.adobe.io performance.typekit.net *.sentry.io https://sdk.breeze.in/ https://app.breeze.in/ https://app.beta.breeze.in/ https://api.breeze.in/ https://api.beta.breeze.in/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.payu.in *.googleapis.com *.gstatic.com *.app.beta.breeze.in *.api.juspay.in *.test.payu.in *.apitest.payu.in *.nr-data.net data: blob: 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.test.payu.in *.apitest.payu.in 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.departement06.fr 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.typekit.net *.livehelpnow.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * service.ariba.com *.pcahomeschoolhub.com *.ops-online.com *.viedu.org *.vistaordering.org 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com service.ariba.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * service.ariba.com photos.pixlee.co 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.gstatic.com *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com hawksearch.net *.hawksearch.net *.rainbowresource.com rrc-temp.cldev.io images.salsify.com/ res.cloudinary.com *.livehelpnow.net wac.edgecastcdn.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.turnto.com acsbapp.com *.livehelpnow.net *.polyfill.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.typekit.net *.turnto.com *.livehelpnow.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.googleapis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.turnto.com *.acsbapp.com https://searchapi-dev.hawksearch.net https://searchapi-test.hawksearch.net https://essearchapi-na.hawksearch.com https://tracking-dev.hawksearch.net https://tracking-test.hawksearch.net https://tracking-na.hawksearch.com https://recs-dev.hawksearch.net https://recs-test.hawksearch.net https://recs-na.hawksearch.com *.livehelpnow.net wss://app.livehelpnow.net/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-1aee105ce1696cc29dcfed791c6e28e5'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-ei9WHc5CzbGqoyQgrZU92lrnH' 'strict-dynamic'; frame-ancestors 'self' https://elixir-lang.org; manifest-src 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' data: blob: teveo.cu cdn.teveo.cu icecast.teveo.cu www.google.com www.gstatic.com fonts.gstatic.com stats.rsa.icrt.cu 1
default-src 'self' *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com fast.fonts.net staticcontents.investisdigital.com assets.investisdigital.com maps.googleapis.com cdn.jsdelivr.net otp.tools.investis.com sc.lfeeder.com viz.tools.investis.com www.google-analytics.com www.googletagmanager.com www.youtube.com *.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' assets.investisdigital.com fonts.googleapis.com fast.fonts.net viz.tools.investis.com; object-src 'none'; base-uri 'self'; connect-src 'self' assets.investisdigital.com cookiemanager.investisdigital.com viz.tools.investis.com cbnht0lxg5.execute-api.eu-west-1.amazonaws.com edge.api.brightcove.com stats.g.doubleclick.net www.google-analytics.com analytics.google.com *.analytics.google.com *.google.com *.google-analytics.com *.amazonaws.com maps.googleapis.com www.youtube.com *.doubleclick.net; font-src 'self' fonts.gstatic.com fast.fonts.net maps.googleapis.com viz.tools.investis.com; frame-src 'self' www.youtube.com otp.tools.investis.com irs.tools.investis.com www.googletagmanager.com *.doubleclick.net; img-src 'self' data: i.ytimg.com www.google.co.uk *.doubleclick.net maps.googleapis.com maps.gstatic.com viz.tools.investis.com metrics.brightcove.com cf-images.eu-west-1.prod.boltdns.net tr.lfeeder.com www.google-analytics.com www.google.co.in www.google.com www.googletagmanager.com maps.googleapis.com; manifest-src 'self'; media-src 'self' house-fastly-signed-eu-west-1-prod.brightcovecdn.com; report-uri https://investiscsp.report-uri.com/r/d/csp/reportOnly; worker-src 'none'; 1
child-src 'self' app.pendo.io *.youtube.com; default-src * 'unsafe-inline'; font-src 'self' fonts.gstatic.com https://fonts.intercomcdn.com data:; frame-src 'self' https://challenges.cloudflare.com app.pendo.io *.plaid.com js.stripe.com *.youtube.com https://*.doubleclick.net https://a20898485993.cdn.optimizely.com https://a20898485993.cdn-pci.optimizely.com https://www.facebook.com/ https://tpc.googlesyndication.com; img-src 'self' *.guideline.io cms-assets.guideline.com data.pendo.io cdn.pendo.io app.pendo.io pendo-static-6259783729020928.storage.googleapis.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com ads-twitter.com *.bing.com *.microsoft.com https://*.adsymptotic.com https://t.co https://*.linkedin.com https://cdn.optimizely.com https://analytics.twitter.com https://cdn.cookielaw.org https://trkn.us https://www.gravatar.com https://*.googleadservices.com https://*.intercomcdn.com https://*.intercomassets.com https://*.intercomusercontent.com alb.reddit.com data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' https://challenges.cloudflare.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'unsafe-eval' 'nonce-52842a5c31fe6441484497bd4f28d0ee' 'strict-dynamic'; worker-src 'self' *.youtube.com; base-uri 'self'; frame-ancestors 'self' app.pendo.io https://*.squareup.com https://squareup.com https://*.squareupstaging.com https://squareupstaging.com https://*.checkhq.com https://*.eddy.com https://eddy.com https://app.belfrysoftware.com https://*.joinwarp.com https://*.monograph.com https://*.enkempass.com https://central.inc https://*.keka.com; report-uri https://sentry2.guideline.tools/api/6/security/?sentry_key=f678b7ad3eade55e6da26393e869e420; 1
frame-ancestors 'self' http://localhost:8080 https://*.birds.cornell.edu https://*.ornith.cornell.edu 1
frame-ancestors 'self' http://vaistai.lt 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.at;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.at;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
default-src 'self' 'unsafe-inline' blob: https://*.zoom.us https://www.sandbox.paypal.com https://www.paypal.com; connect-src 'self' data: blob: wss://*.zoom.us https://*.zoom.us https://zoom.us; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.zoom.us https://source.zoom.us https://zoom.us https://player.vimeo.com https://platform.twitter.com https://login.totara.community https://js.stripe.com https://polyfill.io https://www.paypal.com https://www.gstatic.com https://www.recaptcha.net https://cdn.jsdelivr.net https://f.vimeocdn.com https://www.youtube.com https://s.ytimg.com; worker-src 'self' blob: ; font-src 'self' data: https://source.zoom.us https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.gstatic.com; img-src 'self' data: blob: https://*.zoom.us https://www.iss.it https://syndication.twitter.com https://www.microsoft.com https://t.paypal.com https://libapps-eu.s3.amazonaws.com https://accounts.google.com https://www.google.com https://i.ytimg.com https://i.vimeocdn.com https://img.youtube.com; style-src 'self' 'unsafe-inline' https://*.zoom.us https://f.vimeocdn.com https://fonts.googleapis.com; child-src 'self' https://*.zoom.us https://videos.sproutvideo.com https://platform.twitter.com https://opendatadpc.maps.arcgis.com https://drive.google.com https://docs.google.com https://www.paypal.com https://www.sandbox.paypal.com https://js.stripe.com https://campaign.moodle.org https://enovation.ie https://www.google.com https://player.vimeo.com https://www.youtube.com; media-src 'self' data: blob: https://*.zoom.us https://www.youtube.com https://vod-progressive.akamaized.net https://player.vimeo.com 1
frame-ancestors https://*.zscloud.net 'self' macom.com *.macom.com *.jahia.cloud.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' publuu.com secure.trust-provider.com live.brame-gamification.com wlan.klipp.at klipp.at *.piwik.pro cdn.matomo.cloud *.sendinblue.com *.brevo.com  blob: *.youtube-nocookie.com *.pay1.de *.gstatic.com *.google.com *.jsdelivr.net *.g.doubleclick.net *.smarketer.de *.sectigo.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.googleadservices.com; frame-src 'self' publuu.com secure.trust-provider.com live.brame-gamification.com klipp.at klipp-wlan.agoradesign.at *.sendinblue.com *.brevo.com youtu.be *.youtube-nocookie.com *.pay1.de *.google.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self'; frame-ancestors 'self' https://klipp.at https://klipp-wlan.agoradesign.at https://wlan.klipp.at 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ct.pinterest.com https://static.addtoany.com *.pinterest.com https://scripts.bestprice.gr https://widget.eu.criteo.com https://static.addtoany.com *.static.addtoany.com *.criteo.com *.ckeditor.com https://s.pinimg.com *.teads.tv https://region1.analytics.google.com https://tpc.googlesyndication.com *.skroutz.gr https://skroutza.skroutz.gr https://sslwidget.criteo.com https://www.ravenna.gr https://ping.contactpigeon.com https://static.criteo.net https://ajax.cloudflare.com https://skroutza.skroutz.gr https://www.contactpigeon.com *.skroutz.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr https://use.typekit.net https://collection.e-satisfaction.com https://v2.zopim.com https://static.zdassets.com;style-src 'self' 'unsafe-inline' https://www.contactpigeon.com https://ping.contactpigeon.com https://fonts.googleapis.com https://use.typekit.net https://collection.e-satisfaction.com https://p.typekit.net;object-src 'self';img-src 'self' data: *.adform.net *.postrelease.com *.facebook.net https://hb.yahoo.net/ https://cdn.e-satisfaction.com/ https://www.googletagmanager.com https://widget.eu.criteo.com https://www.google.co.uk https://s.thebrighttag.com https://beacon.krxd.net https://dpm.demdex.net https://dis.criteo.com https://ct.pinterest.com *.e1.emxdgt.com *.teads.tv https://e1.emxdgt.com/ https://dimages.contactpigeon.com https://googleads.g.doubleclick.net https://gum.criteo.com https://sync-criteo.ads.yieldmo.com https://ad.yieldlab.net https://criteo-partners.tremorhub.com https://simage2.pubmatic.com https://sync.outbrain.com https://exchange.mediavine.com https://matching.ivitrack.com https://ad.360yield.com https://id5-sync.com https://gum.criteo.com https://r.casalemedia.com https://visitor.omnitagjs.com https://cm.adform.net https://ups.analytics.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://pixel.rubiconproject.com https://contextual.media.net https://secure.adnxs.com https://ib.adnxs.com https://cm.g.doubleclick.net https://x.bidswitch.net https://googleads.g.doubleclick.net https://ping.contactpigeon.com https://collection.e-satisfaction.com https://collection.e-satisfaction.com https://ravenna.staginglh.com https://static.ravenna.gr https://www.ravenna.gr *.skroutz.gr https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr https://img.youtube.com;font-src 'self' data: https://use.typekit.net *.gstatic.com; connect-src 'self' https://www.pinterest.com https://stats.addtoany.com *.google.com https://www.google.com/ https://googleads.g.doubleclick.net/ https://ekr.zdassets.com https://pagead2.googlesyndication.com https://measurement-api.criteo.com  https://rpc.bestprice.gr *.bestprice.gr https://adservice.google.com https://ct.pinterest.com *.teads.tv https://region1.analytics.google.com https://ping.contactpigeon.com https://collection.e-satisfaction.com https://ekscapig.sleed.com https://web.facebook.com https://www.facebook.com https://socialplugin.facebook.net https://cdn.e-satisfaction.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app;frame-src *;media-src 'self'; manifest-src 'self' https://www.ravenna.gr ; frame-ancestors 'self' https://www.facebook.com ; 1
frame-ancestors 'self' vdp-editor.yeswehack.com 1
img-src 'self' https: data: cdn.paris.fr; frame-ancestors 'self' *; frame-src 'self' * 1
default-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com; worker-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com blob:; script-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com 'unsafe-inline'; style-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com 'unsafe-inline'; img-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com data:; frame-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com https://*.youtube.com https://*.serverpilot-phpversions.info; font-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com data:; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://*.googletagmanager.com https://*.googleadservices.com https://www.google.com/pagead/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.youtube.com/ https://*.ytimg.com https://*.algolia.net https://*.algolianet.com; 1
default-src 'self'; font-src 'self' https://acsbapp.com/apps/app/dist/fonts/ https://fonts.gstatic.com/ moz-extension https://cdn.acsbapp.com/ data:; child-src 'self' https://www.drphillipscenter.org https://pixel.sitescout.com/ https://bid.g.doubleclick.net https://www.youtube.com https://platform.twitter.com https://www.eventkeeper.com/ https://static.addtoany.com https://www.facebook.com; img-src 'self' https://ps.w.org/ https://s.w.org/plugins/ https://secure.gravatar.com/avatar/ https://pixel.sitescout.com/ https://cdn.acsbapp.com/ https://*.gstatic.com/ https://fonts.gstatic.com/ https://www.google.com/ https://translate.googleapis.com/ https://translate.google.com https://www.google-analytics.com/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://live.staticflickr.com https://www.facebook.com https://www.instagram.com https://ocls.info data:; frame-ancestors 'self' https://www.drphillipscenter.org/; connect-src 'self' https://accesswidget-log-receiver.acsbapp.com/ https://yoast.com/feed/widget/ https://cdn.acsbapp.com/ https://acsbapp.com/ https://process.acsbapp.com/ https://google.com/ https://www.google-analytics.com/ https://*.ocls.info/ https://www.facebook.com https://adservice.google.com ocls.info https://translate.googleapis.com https://maps.googleapis.com/ https://translate-pa.googleapis.com/; frame-src 'self' https://www.drphillipscenter.org https://pixel.sitescout.com/ http://192.168.2.184:15871 http://192.168.2.181:15871 https://bid.g.doubleclick.net https://www.youtube.com https://platform.twitter.com https://www.eventkeeper.com/ https://static.addtoany.com https://www.facebook.com; style-src 'self' https://*.googleapis.com/ https://www.gstatic.com 'unsafe-inline'; script-src 'self' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://oclsfl.patronpoint.com https://www.drphillipscenter.org/ https://acsbapp.com/ https://tag.simpli.fi/ https://www.google.com https://www.googletagmanager.com/ https://translate.google.com/ https://*.googleapis.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://platform.twitter.com https://www.paperturn-view.com https://www.eventkeeper.com/ https://static.addtoany.com https://connect.facebook.net https://static.formstack.com/ https://www.formstack.com/ http://downloads.mailchimp.com/ 'unsafe-inline'; 1
script-src 'self'; frame-ancestors 'self'; object-src 'none'; media-src 'none'; connect-src 'self'; base-uri 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval'  'self' https: data:; base-uri 'self'; 1
report-uri //www.shihuo.cn/api/cspReport;child-src jockey: shihuo: hupu: weixin: sinaweibo: weixinping: shimage: blob: data: *.shihuo.cn *.hupu.com *.googlesyndication.com *.doubleclick.net *.weibo.com https://*.etao.com http://*.etao.com www.bilibili.com *.qiniu.com *.volcengineapi.com *.snssdk.com *.volcvod.com;frame-src jockey: shihuo: hupu: weixin: sinaweibo: weixinping: shimage: blob: data: *.shihuo.cn *.hupu.com *.googlesyndication.com *.doubleclick.net *.weibo.com https://*.etao.com http://*.etao.com www.bilibili.com *.qiniu.com *.volcengineapi.com *.snssdk.com *.volcvod.com;default-src 'unsafe-inline' 'unsafe-eval' https://shihuo.cn-hangzhou.log.aliyuncs.com http://*.hupu.com https://*.hupu.com http://*.alicdn.com https://*.alicdn.com http://*.taobaocdn.com https://*.taobaocdn.com http://*.taobao.com https://*.taobao.com http://*.alimama.cn http://*.tbcdn.cn https://*.alimama.cn http://*.doubleclick.net https://*.doubleclick.net *.hoopchina.com.cn *.hupucdn.com http://*.shihuocdn.cn https://*.shihuocdn.cn *.theyaoapp.com *.dewucdn.com *.weibo.com *.google.com *.shihuo.cn http://*.shihuocdn.cn https://*.shihuocdn.cn *.qq.com *.cnzz.com http://i.theyaoapp.com https://i.theyaoapp.com *.mmstat.com *.c-cnzz.com *.aliyuncs.com *.googleadservices.com *.googleadsserving.cn *.googletagservices.com *.googlesyndication.com *.haitaodashi.cn *.baidu.com *.sinajs.cn *.gstatic.com *.appadhoc.com *.tanx.com www.bilibili.com *.qiniu.com *.qiniup.com *.volcengineapi.com *.snssdk.com *.volcvod.com data: shimage: https://davstatic.dewu.com http://davstatic.dewu.com https://dav.dewu.com http://dav.dewu.com https://cdn.jsdelivr.net http://cdn.jsdelivr.net 1
worker-src *.stripe.com *.fs1inc.com; font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net 'self' data: *.fontawesome.com *.bootstrapcdn.com *.sitejabber.com *.cloudflare.com *.googleadservices.com *.zoho.com *.zohocdn.com *.zohostatic.com *.zohopublic.com *.fs1inc.com maxcdn.bootstrapcdn.com fonts.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.facebook.com *.fs1inc.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.zoho.com *.weltpixel.com *.facebook.com 512435.stats.ryzeo.com secure.livechatinc.com js.stripe.com embedsocial.com *.googleadservices.com *.doubleclick.net *.zohocdn.com *.zohostatic.com *.zohopublic.com *.fs1inc.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io 'self' data: *.fs1inc.com *.sitejabber.com www.apptrian.com *.cloudflare.com *.googleadservices.com *.googletagmanager.com *.google.co.in *.facebook.com *.google.com pop1.screenpopper.com bat.bing.com cdn.livechatinc.com googletagmanager.com d2ldlvi1yef00y.cloudfront.net d69o642psi61v.cloudfront.net *.zoho.com *.zohocdn.com *.zohostatic.com *.zohopublic.com quickchart.io img.youtube.com https://redchamps.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.commerce-payment-services.com *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.gstatic.com *.sitejabber.com www.apptrian.com *.cloudflare.com *.twitter.com *.fontawesome.com *.googletagmanager.com *.googleadservices.com *.clickcease.com *.livechatinc.com *.doubleclick.net cdn.statstrk01.com bat.bing.com connect.facebook.net stats.ryzeo.com js.stripe.com embedsocial.com pop1.screenpopper.com screenpopper.com *.trustpilot.com *.zoho.com *.clarity.ms *.jollyoutdoorjogger.com *.zohocdn.com *.zohostatic.com *.zohopublic.com *.fs1inc.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com maps.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com *.sitejabber.com *.cloudflare.com embedsocial.com screenpopper.com *.stripe.com *.googleadservices.com *.zoho.com *.zohocdn.com *.zohostatic.com *.zohopublic.com *.fs1inc.com maxcdn.bootstrapcdn.com fonts.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.google-analytics.com www.apptrian.com *.cloudflare.com *.googleadservices.com *.google.co.in *.facebook.com stats.g.doubleclick.net api.livechatinc.com facebook.com *.bing.com *.clarity.ms *.doubleclick.net *.zoho.com *.zohocdn.com *.zohostatic.com *.zohopublic.com *.fs1inc.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.facebook.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: *.crazyegg.com; script-src 'self' *.crazyegg.com blob: https://www.googleadservices.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://d3js.org/ https://unpkg.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.jquery.com/ https://www.youtube.com/ https://cibse-pst-umbraco.dev-log10.uk/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://pagecorrect.monsido.com/ https://heatmaps.monsido.com/ https://secure.visionary-enterprise-ingenuity.com/ https://app-script.monsido.com/ https://snap.licdn.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.crazyegg.com https://cdn.jsdelivr.net/ 'unsafe-inline'; img-src * *.crazyegg.com data: umb:; frame-src 'self' *.crazyegg.com https://go.cibse.org/ https://cibse-pst-umbraco.dev-log10.uk/ https://www.youtube.com/ https://www.google.com/ https://player.vimeo.com/ https://forms.monday.com/ https://www.cognitoforms.com/ https://td.doubleclick.net/; font-src 'self' *.crazyegg.com data: ;connect-src 'self' *.crazyegg.com https://content.hotjar.io/ wss://ws.hotjar.com/ https://metrics.hotjar.io/ https://px.ads.linkedin.com/ https://*.cibse.org/ https://cibse-cct-api.dev-log10.uk/ https://stats.g.doubleclick.net/ https://region1.analytics.google.com/ https://cdn.linkedin.oribi.io/ https://idx.liadm.com/ https://heatmaps.monsido.com/ https://pagecorrect.monsido.com/ https://region1.google-analytics.com/ https://www.google-analytics.com/ 1
frame-ancestors 'self' https://optimize.google.com/ https://www.facebook.com/ 1
default-src * blob: data: cid:; img-src * data: cid: 'unsafe-inline'; media-src * data: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * blob: data: 'unsafe-inline'; style-src-elem * blob: data: 'unsafe-inline'; font-src * data:; frame-ancestors *.brgeneral.org; 1
frame-ancestors 'self' *.unitybyhardrock.com; 1
default-src https: 'unsafe-inline' data: wss://pubsub.salemove.com https://*.salemove.com https://*.glia.com https://*.twilio.com wss://*.salemove.com wss://*.glia.com wss://*.twilio.com; script-src https: 'unsafe-inline' 'unsafe-eval' data: https://*.salemove.com https://*.glia.com;media-src 'self' blob: data: https://*.salemove.com https://*.glia.com;connect-src 'self' data: wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com https://*.twilio.com wss://*.twilio.com https://*.segmint.net https://*.amazonaws.com https://*.hsforms.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.trumeasure.com https://*.googleapis.com;style-src 'self' 'unsafe-inline' data: https://*.salemove.com https://*.glia.com https://*.typekit.net https://*.googleapis.com; img-src 'self' blob: data: https://*.salemove.com https://*.glia.com https://*.google.com https://*.doubleclick.net https://*.facebook.com https://*.hsforms.com https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://azuracu.com https://*.ytimg.com; 1
default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ioc.exchange; img-src 'self' https: data: blob: https://ioc.exchange; style-src 'self' https://ioc.exchange 'nonce-uyIMWhVtCtnx+rEXX74TOg=='; media-src 'self' https: data: https://ioc.exchange; frame-src 'self' https:; manifest-src 'self' https://ioc.exchange; form-action 'self'; child-src 'self' blob: https://ioc.exchange; worker-src 'self' blob: https://ioc.exchange; connect-src 'self' data: blob: https://ioc.exchange https://files.ioc.exchange wss://ioc.exchange; script-src 'self' https://ioc.exchange 'wasm-unsafe-eval' 1
frame-ancestors 'self'; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com otp.tools.investis.com *.investisdigital.com www.google-analytics.com stats.g.doubleclick.net *.googletagmanager.com region1.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com *.investisdigital.com geoid.investisdigital.com cookiemanager.investisdigital.com *.investis.com plugins.flockler.com fl-cdn.scdn1.secure.raxcdn.com *.flockler.com www.recaptcha.net www.google-analytics.com otp.tools.investis.com page-group-v3.pid2-e1.investis.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com fast.fonts.net geoid.investisdigital.com *.flockler.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com http://house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com vimeo.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.fonts.com geoid.investisdigital.com *.jsdelivr.net; connect-src 'self' 'unsafe-inline' region1.analytics.google.com *.google-analytics.com geoid.investisdigital.com stats.g.doubleclick.net cookiemanager.investisdigital.com  https://assets.investisdigital.com; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; form-action 'self' data: ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; style-src 'self' 'unsafe-inline' data:; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.facebook.com connect.facebook.net; connect-src 'self'; frame-src 'self' www.youtube.com https://www.facebook.com; script-src-elem  'self' 'unsafe-inline' 'unsafe-eval'  www.facebook.com connect.facebook.net; 1
font-src *.klarnacdn.net *.fontawesome.com *.gstatic.com 'self' data: *.swogo.net *.tiktok.com *.jotform.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com https://connect.facebook.net/ *.cookiefirst.com *.tiktok.com *.jotform.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ egoi.page *.klarnaservices.com https://www.googletagmanager.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com www.googletagmanager.com *.google.com *.facebook.com https://connect.facebook.net/ *.cookiefirst.com *.doubleclick.net *.tiktok.com *.jotform.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io egoimmerce.e-goi.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: https://connect.facebook.net/ https://www.facebook.com/ https://www.google.pt/ https://www.kuantokusta.pt/ https://ib.adnxs.com/ https://eu-assets.klarnaservices.com/ osm.klarnaservices.com/ *.cookiefirst.com *.swogo.net *.tiktok.com *.jotform.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ e-goi.com cdn-te.e-goi.com egoi.site *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com https://www.gstatic.com/ https://js-agent.newrelic.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.nr-data.net/ https://connect.facebook.net/ https://static.cloudflareinsights.com/ *.cloudflare.com *.egoiapp.com *.piwik.org https://acdn.adnxs.com/ stats.g.doubleclick.net tpc.googlesyndication.com *.cookiefirst.com *.swogo.net https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.esm.browser.min.js *.tiktok.com *.jotform.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com egoiapp2.com *.klarnacdn.net *.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com *.cookiefirst.com https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.css *.tiktok.com *.jotform.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ ekr.zdassets.com/ https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com https://www.googletagmanager.com/ https://www.googleadservices.com/ https://ampcid.google.com *.google.com/ *.nr-data.net/ https://edw-3.egoiapp.com/ *.facebook.com https://connect.facebook.net/ *.cookiefirst.com *.swogo.net *.google.pt https://www.google.pt/ *.tiktok.com *.jotform.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors *.payback.pl 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' t1.daumcdn.net http://www18.ntis.go.kr https://www18.ntis.go.kr http://www.ntis.go.kr https://www.ntis.go.kr http://www.msit.go.kr https://www.msit.go.kr msip.go.kr filter1.nrf.re.kr cdnjs.cloudflare.com cdn.jsdelivr.net use.fontawesome.com code.jquery.com fonts.googleapis.com www.ultraq.net.nz www.thymeleaf.org www.w3.org www.kri.go.kr www.facebook.com www.youtube.com youtube.be www.instagram.com stackpath.bootstrapcdn.com translate.googleapis.com www.google.com maps.googleapis.com maps.gstatic.com search.google.com khms0.googleapis.com khms1.googleapis.com sso.nrf.re.kr api.ebook.co.kr java.sun.com tiles.apache.org www.springframework.org s1.daumcdn.net spi.maps.daum.net map.daum.net www.eprivacy.or.kr www.tiny.cloud rawgit.com fonts.gstatic.com hotline.nrf.re.kr; img-src 'self' data: *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hubspot.com builder.lift.acquia.com js.usemessages.com googleads.g.doubleclick.net app.wistia.com connect.facebook.net tpc.googlesyndication.com www.google.com www.gstatic.com static.ads-twitter.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' www.globenewswire.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.googlesyndication.com *.google.co.il *.rlcdn.com *.twitter.com *.google.co.th *.google.ae googleads.g.doubleclick.net *.google.com.vn *.google.bs embedwistia-a.akamaihd.net www.impella.com *.google.com.cy *.google.at *.google.com.co *.google.com.sa *.google.com.br *.googleapis.com *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net *.facebook.com *.facebook.net *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: data: *.akamaihd.net *.wistia.com; frame-src 'self' app.hubspot.com *.hs-sites.com fast.wistia.net fast.wistia.com *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net cdn.scite.ai; connect-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com adservice.googlesyndication.com www.google.co.uk connect.facebook.net px.ads.linkedin.com pagead2.googlesyndication.com notify.bugsnag.com us.perz-api.cloudservices.acquia.io sessions.bugsnag.com www.google.com.br www.google.co.in cdn.linkedin.oribi.io hubspot-forms-static-embed.s3.amazonaws.com adservice.google.com *.litix.io *.googleapis.com adservice.google.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.google.de *.facebook.net *.google.com *.google-analytics.com connect.facebook.net *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors http://www.naturalmedicinejournal.com https://divcomplatform.s3.amazonaws.com 1
report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' *.gs.com:* https://www.google-analytics.com https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com https://cdnjs.cloudflare.com ir-vh.akamaihd.net https://amp.akamaized.net goldmansachsindices.com:* *.goldmansachsindices.com:* https://cdn.appdynamics.com https://consent.truste.com https://consent.trustarc.com https://*.googletagmanager.com https://gs.symphony.com ; connect-src 'self' wss://*.gs.com:* http://localhost.gs.com:12030 *.gs.com:* wss://*.goldmansachsindices.com:* *.goldmansachsindices.com:* wss://goldmansachsindices.com:* goldmansachsindices.com:* https://marqueevod-vh.akamaihd.net https://assets.adobedtm.com https://gsgir.122.2o7.net https://*.tt.omtrdc.net https://view.ceros.com https://cdnjs.cloudflare.com ir-vh.akamaihd.net https://amp.akamaized.net *.launchdarkly.com https://goldmansachs.my.sentry.io https://*.openfin.co https://col.eum-appdynamics.com https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com https://*.qualtrics.com https://d3rs803rx9tc61.cloudfront.net https://qa.assets.gspublishing.com https://d2wot7r5hbi9xl.cloudfront.net https://assets.gspublishing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com ; img-src *.gs.com:* goldmansachsindices.com:* *.goldmansachsindices.com:* https://github.com:* https://gsgir.122.2o7.net data: blob: https://col.eum-appdynamics.com https://*.qualtrics.com https://d3rs803rx9tc61.cloudfront.net https://qa.assets.gspublishing.com https://d2wot7r5hbi9xl.cloudfront.net https://assets.gspublishing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://ad.doubleclick.net https://adservice.google.com https://consent.truste.com https://consent.trustarc.com http://assets.storyports.com ; style-src 'unsafe-inline' *.gs.com:* goldmansachsindices.com:* *.goldmansachsindices.com:* https://fast.fonts.net https://fonts.googleapis.com ; media-src 'self' *.gs.com goldmansachsindices.com *.goldmansachsindices.com https://marqueevod-vh.akamaihd.net ir-vh.akamaihd.net blob: https://girprod.akamaized.net https://irqa.akamaized.net https://video.goldmansachs.com https://d3rs803rx9tc61.cloudfront.net https://qa.assets.gspublishing.com https://d2wot7r5hbi9xl.cloudfront.net https://assets.gspublishing.com ; frame-ancestors 'self' https://secdiv.web.gs.com https://goldmansachs.experiencecloud.adobe.com:* https://publishing.gs.com ; worker-src blob: https://marquee.gs.com:* https://*.marquee.gs.com:* ; 1
default-src 'self' 'unsafe-inline' jobs.b-ite.com; base-uri 'self'; connect-src 'self' *.preview.kkn.zd.intranet.bund.de wss://chat.userlike.com chat.userlike.com wss://umd.userlike.com userlike.com *.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de *.cloudfront.net data-8ec206415a.dnb.de jobs.b-ite.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.youtube.com *.googleapis.com piwik.itzbund.de script.ioam.de *.de.ioam.de s.ytimg.com static.b-ite.com cs-assets.b-ite.com ajax.googleapis.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.cloudfront.net data-8ec206415a.dnb.de userlike-cdn-umm.b-cdn.net; object-src 'self' piwik.itzbund.de; media-src 'self' *.aktion-mensch.de *.sample-videos.com *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de youtu.be files.dnb.de c18004-vod.l.core.cdn.streamfarm.net *.cloudfront.net; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de my.matterport.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de *.tile.openstreetmap.org api.userlike.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de *.preview.kkn.zd.intranet.bund.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de *.cloudfront.net; frame-ancestors *.gsb.dev.materna.net *.preview.kkn.zd.intranet.bund.de piwik.itzbund.de 1
base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/shopify-channel-prod-group/1;script-src 'report-sample' 'nonce-4Y70NaGbfCvd4_iVRZksBA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';worker-src 'self' blob: 1
script-src 'self' 'unsafe-inline' 'nonce-YjEyNmEwODI5MDg2ZTY0NWFjZjc3NmNlM2RkOTc3MGE=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com ;child-src blob: 'unsafe-inline'; connect-src * 'unsafe-inline' data: blob: *.contentsquare.net; img-src * data: blob: *.contentsquare.net 'unsafe-inline'; frame-src * tel:; style-src * 'unsafe-inline'; worker-src blob: ; media-src 'self' data: blob: *; 1
img-src * data: *.hondabigwing.in:443; default-src * 'self'  https://* 'unsafe-inline' 'unsafe-eval'*.hondabigwing.in:8083;  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.secure-exchange.de/piwik/ youtube.com https://www.youtube.com/ https://secure.mobile.trotto.performgroup.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.jquery.com https://*.youtube.com https://*.google-analytics.com https://*.facebook.net https://*.twitter.com https://*.vimeo.com blob: https://*.nis.rs; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.googleapis.com/; img-src 'self' data: https://*.youtube.com https://i0.wp.com/wpmudev.com https://api012.successfactors.eu https://*.nis.eu https://*.nis.rs https://*.wpmudev.org https://wpmudev.com https://*.w.org https://*.nis.rs https://*.twitter.com http://*.desgsr.com https://*.smushcdn.com https://*.google-analytics.com https://*.gravatar.com; media-src 'self' https://*.nis.eu https://*.nis.rs; frame-src 'self' https://www.youtube.com/embed/ https://castbox.fm https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.vimeo.com; font-src 'self' data: https://*.gstatic.com; connect-src 'self' https://yoast.com https://wpmudev.com https://*.google-analytics.com; frame-ancestors 'self'; 1
script-src 'self' https://*.cloudflareinsights.com https://cloudflareinsights.com https://challenges.cloudflare.com https://*.ethicalads.io https:// 'nonce-RRrwYaLwKeMu82v47zjlIg==' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdnjs.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com data: 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src accounts.google.com *.google-analytics.com *.gstatic.com *.mktoresp.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com *.vimeo.com vimeo.com *.treasuredata.com *.shortlyst.com  *.facebook.com *.clarity.ms *.facebook.net *.bing.com *.pinimg.com *.adsrvr.org *.jquery.com *.yotpo.com cdnjs.cloudflare.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.googletagmanager.com *.youtube.com *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.shortlyst.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.yotpo.com *.cloudflare.com  *.fonts.net *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.google.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.amazonaws.com *.googlesyndication.com *.facebook.com *.google-analytics.com *.analytics.google.com *.shortlyst.com *.captainmorgan.com captainmorganstore.com *.clarity.ms *.bing.com *.google.com pinterest.com *.captainmorgan.com *.thebar.com *.diageoplatform.com *.diageohorizon.com *.yotpo.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.juicer.io; font-src 'self' *.cloudflare.com *.yotpo.com *.gstatic.com *.fontawesome.com *.bootstrapcdn.com data:; frame-src 'self' *.vimeo.com *.shortlyst.com *.google.com *.adsrvr.org *.youtube.com *.anyroad.com where-to-buy.co *.doubleclick.net; img-src 'self'  *.amazonaws.com *.vimeocdn.com *.googlesyndication.com *.drinkiq.com *.placeholder.com *.google-analytics.com *.analytics.google.com *.bing.com *.facebook.com *.clarity.ms *.pinterest.com *.google.com *.yotpo.com *.captainmorgan.com *.thebar.com *.diageoagegate.com *.diageoplatform.com *.onetrust.com *.doubleclick.net *.juicer.io *.mapbox.com *.googletagmanager.com *.google-analytics.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self' *.captainmorgan.com *.thebar.com *.diageoplatform.com; worker-src 'self' blob:; 1
'self' *.wvgw.de 1
frame-ancestors 'self' https://jionews.com https://jionewsdev1.jio.ril.com; 1
frame-ancestors 'self' vidaworld.com *.vidaworld.com 1
script-src *.bancfirst.tv *.cloudflare.com *.youtube.com *.googletagmanager.com *.sharethis.com *.basis.net *.wave2.io *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.bancfirst.bank *.googleapis.com 'unsafe-inline' ; object-src 'none';  frame-ancestors 'self' *.bancfirst.bank; worker-src blob:; script-src-elem *.bancfirst.bank *.youtube.com *.cloudflare.com *.google.com *.googletagmanager.com *.gstatic.com *.sharethis.com *.google-analytics.com 'unsafe-inline' *.wave2.io *.wave2locator.com 1
frame-ancestors 'self' https://www.vipunion.sk https://www.dovolenky.net https://www.eyca.cz https://www.tatry.cz http://www.ckkalla.cz; default-src 'self' 'unsafe-inline' localhost:* *.eucookie.eu *.gstatic.com *.googleapis.com *.google-analytics.com *.ipify.org *.doubleclick.net *.trustpilot.com www.union.sk www.google.com www.google.sk *.facebook.com *.wisepops.com app.getwisp.co wisepops.net webchat.union.sk data: ws://localhost:3523 http://localhost:3523 wss://dlauncher.ditec.sk:* wss://127.0.0.1:* code.jquery.com my.yoast.com *.hotjar.com *.hotjar.io wss://*.hotjar.com consentcdn.cookiebot.com consent.cookiebot.com cdn.cookielaw.org geolocation.onetrust.com pagead2.googlesyndication.com q.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' consentcdn.cookiebot.com consent.cookiebot.com *.eucookie.eu *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.trustpilot.com *.ipify.org *.googleadservices.com *.facebook.net cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net *.googlesyndication.com track.adform.net *.hotjar.com *.doubleclick.net *.youtube.com yoast.com cdn.jsdelivr.net cdnjs.cloudflare.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com cdn.cookielaw.org www.clarity.ms; font-src 'self' data: *.gstatic.com www.union.sk; frame-src 'self' consentcdn.cookiebot.com consent.cookiebot.com *.eucookie.eu www.google.com *.youtube.com *.trustpilot.com www.facebook.com form.123formbuilder.com ditec-dlauncher: *.hotjar.com *.soundcloud.com optimize.google.com; img-src * blob: data:; style-src * 'unsafe-inline' optimize.google.com fonts.googleapis.com; 1
default-src https: http: blob: 'unsafe-inline' 'unsafe-eval' data:; 1
script-src-elem link.sportsgirl.com.au *.wufoo.com *.pinterest.com *.jotform.com *.jotfor.ms *.squarecdn.com *.hotjar.com *.rmp.rakuten.com *.facebook.net *.googletagmanager.com *.api.useinsider.com foursixty.com *.adsrvr.org *.scarabresearch.com *.plugins.emarsys.net stockinstore.net *.reloop.com.au *.resultspage.com *.pinimg.com *.bing.com *.tiktok.com *.newrelic.com *.google-analytics.com https://wisepops.net *.wisepops.com https://3739-1.sli-r.com/r-api/ https://googleads.g.doubleclick.net *.stockinstore.net *.cloudflare.com https://maps.googleapis.com *.afterpay.com *.addressfinder.io https://www.google.com https://www.gstatic.com *.sli-r.com *.braintreegateway.com *.paypal.com https://ap-gateway.mastercard.com *.zdassets.com https://www.googleadservices.com https://staticw2.yotpo.com https://tpc.googlesyndication.com https://jp-tags.rd.linksynergy.com api.neverbounce.com *.forter.com *.surveymonkey.com *.googleapis.com *.kaltura.com *.creativecdn.com *.sli-spark.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src-elem *.jotfor.ms *.sli-r.com https://foursixty.com/ *.resultspage.com *.stockinstore.net https://assets.api.useinsider.com/ *.addressfinder.io https://fonts.googleapis.com https://staticw2.yotpo.com *.creativecdn.com 'self' 'unsafe-inline'; font-src fonts.gstatic.com 'unsafe-inline' data: *.gstatic.com *.typekit.net *.stockinstore.net *.afterpay.com *.hotjar.com *.useinsider.com *.yotpo.com *.googleapis.com *.jotfor.ms *.slant.co cdn.neverbounce.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com *.cardinalcommerce.com *.paypal.com *.yotpo.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * link.sportsgirl.com.au link.sussan.com.au 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.mastercard.com *.adsrvr.org *.useinsider.com *.linksynergy.com *.tiktok.com *.hotjar.com *.doubleclick.net *.demdex.net *.reloop.com.au *.myunidays.com *.facebook.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.yotpo.com bid.g.doubleclick.net *.youtube-nocookie.com *.bolt.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk * *.pinterest.com https://bid.g.doubleclick.net *.cloudflarestream.com videodelivery.net *.surveymonkey.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.afterpay.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.paypal.com *.sportsgirl.com.au *.suzannegrae.com.au *.sussan.com.au *.cdninstagram.com *.gstatic.com *.googleapis.com *.google.com *.google.com.au *.google.co.nz *.google.com.ua *.google.by *.google.us *.google.de *.stockinstore.net *.rakuten.com *.afterpay.com *.foursixty.com https://foursixty.com http://foursixty.com *.nr-data.net *.adsrvr.org *.linksynergy.com *.bing.com *.doubleclick.net *.resultspage.com *.resultsstage.com *.resultsdemo.com *.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com *.wisepops.net *.useinsider.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.unidays.world www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com *.cloudfront.net *.jotfor.ms *.jotform.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com *.youtube.com https://site-assets.afterpay.com/ *.kaltura.com *.facebook.com *.pinterest.com *.sli-spark.com https://yotpo-editor-production.s3.amazonaws.com *.creativecdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.addressfinder.io https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.plugins.emarsys.net *.scarabresearch.com tagmanager.google.com *.paypal.com *.resultspage.com *.resultsstage.com *.resultsdemo.com *.gstatic.com *.google.com *.sli-spark.com http://foursixty.com https://foursixty.com *.cloudfront.net *.sli-r.com *.mastercard.com *.googleapis.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.cloudflare.com *.useinsider.com *.livechatinc.com *.adsrvr.org *.newrelic.com *.wisepops.com *.getwisp.co *.wisepops.net *.linksynergy.com *.rakuten.com *.afterpay.com *.nr-data.net *.bing.com *.hotjar.com *.tiktok.com *.omtrdc.net *.2o7.net *.adobedtm.com *.demdex.net *.everesttech.net *.reloop.com.au *.myunidays.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.googleadservices.com *.yotpo.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk *.squarecdn.com https://hbiq.net songbirdstag.cardinalcommerce.com *.googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.addressfinder.io static.afterpay.com/ tagmanager.google.com fonts.google.com http://foursixty.com *.googleapis.com *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.afterpay.com *.api.useinsider.com *.reloop.com.au *.hotjar.com unsafe-inline *.yotpo.com *.squarecdn.com assets.braintreegateway.com *.jotfor.ms 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: blob: *.kaltura.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.addressfinder.io static.afterpay.com *.scarabresearch.com *.eservice.emarsys.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.paypal.com *.foursixty.com foursixty.com *.braintree-api.com *.braintreegateway.com https://connect.facebook.net http://connect.facebook.net *.doubleclick.net *.stockinstore.net http://stockinstore.net http://stockinstore.net/* *.resultspage.com *.resultsstage.com *.resultsdemo.com *.cloudflare.com *.googleapis.com *.rakuten.com *.nr-data.net *.useinsider.com *.wisepops.com *.wisepops.net *.wisepops.co *.getwisp.co *.amplitude.com *.tiktok.com *.hotjar.com *.demdex.net *.everesttech.net *.adobedtm.com *.reloop.com.au *.myunidays.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.yotpo.com *.cloudfront.net https://wisepops.net/my-wisepop *.forter.com wisepops.net www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com vimeo.com *.bolt.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk *.cardinalcommerce.com *.google.com google.com *.afterpay.com *.sentry.io *.hotjar.io *.pinterest.com wss://ws.hotjar.com/api/v2/client/ws *.zdassets.com *.bing.com *.zendesk.com *.zendesk-eu.my.sentry.io https://www.google.com.au/ads/* https://www.google.com.au/ analytics.pangle-ads.com *.kaltura.com *.creativecdn.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ajax.googleapis.com code.jquery.com www.googletagmanager.com www.youtube.com fonts.googleapis.com;  font-src 'self' fonts.gstatic.com; script-src 'self' ajax.googleapis.com code.jquery.com www.googletagmanager.com www.youtube.com 'sha256-TSHJdrewuAaYe3Td3BmmZzmWBauNsfLc3VuVK9zayzA=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-xJqrQIwtnysUoiC7tVDUVKultWRyUhJNB4/72KBQmag=' ; object-src 'self'; form-action 'none'; report-to /csp-violation-report-endpoint/ 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-qKNbexpaw9IgrGOQQU0kXPsxF' https://discuss.eroscripts.com/logs/ https://discuss.eroscripts.com/sidekiq/ https://discuss.eroscripts.com/mini-profiler-resources/ https://discourse-s3-cdn.eroscripts.com/uploads/assets/ https://discuss.eroscripts.com/extra-locales/ https://discourse-cdn.eroscripts.com/highlight-js/ https://discourse-cdn.eroscripts.com/javascripts/ https://discourse-cdn.eroscripts.com/plugins/ https://discourse-cdn.eroscripts.com/theme-javascripts/ https://discourse-cdn.eroscripts.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://unpkg.com; worker-src 'self' https://discourse-s3-cdn.eroscripts.com/uploads/assets/ https://discourse-cdn.eroscripts.com/javascripts/ https://discourse-cdn.eroscripts.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
object-src 'none'; frame-ancestors 'self' https://*.myshopify.com https://*.staplescopyandprint.ca https://*.staplesprint.ca https://*.staples.ca https://*.shopify.com/; 1
object-src 'none'; script-src 'nonce-12f28fc0b2196177dac4' 'unsafe-hashes' 'sha256-TjCOO/4Nqs+xkeAiiAImCLlLAc8MdNVDOglmgiQOJy8=' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; base-uri 'none'; report-uri https://services.lovebookonline.com/api/csp-report 1
frame-ancestors 'self' https://ihealthspot.com https://*.ihealthspot.com 1
default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com https://cdn.aplazame.com; img-src 'self' https://s-media-cache-ak0.pinimg.com https://as2.ftcdn.net https://as1.ftcdn.net https://t1.ftcdn.net https://t2.ftcdn.net https://t3.ftcdn.net https://t4.ftcdn.net https://www.google-analytics.com https://cdn.connectif.cloud https://www.google.com https://www.google.es https://www.cortinadecor.com https://cortinadecor.com https://cortinadecor.local https://googleads.g.doubleclick.net https://connect.ekomi.de https://bat.bing.com https://www.facebook.com https://blog.cortinadecor.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://www.googletagmanager.com https://optimize.google.com https://www.gstatic.com https://*.clarity.ms https://t.paypal.com https://v2assets.zopim.io https://cortinadecor.zendesk.com https://ct.pinterest.com https://*.zdusercontent.com https://c.bing.com https://static.zdassets.com https://i.ytimg.com https://www.paypalobjects.com https://d2rfa446ja7yzb.cloudfront.net https://connect.getflowbox.com https://post-image.getflowbox.com https://*.cdn.adyen.com https://scontent-lhr8-1.xx.fbcdn.net https://9mn3sm7015.execute-api.eu-west-1.amazonaws.com https://scontent-lcy1-1.xx.fbcdn.net data:; media-src 'self' https://cdn.flbx.io; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.windguru.cz https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.analytics.google.com https://region1.google-analytics.com https://eu3-api.connectif.cloud https://api.aplazame.com https://analytics.google.com https://bat.bing.com https://maps.googleapis.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com https://ekr.zdassets.com https://cortinadecor.zendesk.com wss://widget-mediator.zopim.com https://*.clarity.ms https://ekr.zendesk.com https://widget-mediator.zopim.com https://ct.pinterest.com https://adservice.google.com https://www.google.com https://sessions.bugsnag.com/ https://notify.bugsnag.com/ https://zendesk-eu.my.sentry.io https://api.smooch.io wss://api.smooch.io/faye https://analytics.tiktok.com https://www.google.es https://gateway.getflowbox.com https://a.getflowbox.com https://experience.getflowbox.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net; frame-src 'self' https://www.google.com https://checkout.aplazame.com https://cdn.aplazame.com https://www.youtube.com https://www.facebook.com https://g0.ipcamlive.com https://www.paypal.com https://www.sandbox.paypal.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live.adyen.com/ https://optimize.google.com https://ct.pinterest.com https://td.doubleclick.net https://e.issuu.com/ https://www.paypalobjects.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://www.googletagmanager.com https://optimize.google.com https://www.googleoptimize.com https://cdn.connectif.cloud https://www.google-analytics.com https://www.googleanalytics.com https://www.googleadservices.com https://apis.google.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com https://cdn.aplazame.com https://bat.bing.com https://connect.facebook.net https://www.youtube.com https://connect.ekomi.de https://www.paypal.com https://cdnjs.cloudflare.com https://*.clarity.ms https://static.zdassets.com https://s.pinimg.com https://api.smooch.io https://analytics.tiktok.com https://connect.getflowbox.com https://www.paypalobjects.com https://ct.pinterest.com/; 1
default-src 'self' *.tecob.com 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'self' *.malvernpanalytical.com *.malvernpanalytical.com.cn; connect-src 'self' https://*.clarity.ms/ https://*.hotjar.com wss://*.hotjar.com https://bat.bing.com https://segments.company-target.com https://cdn.cookielaw.org https://www.google-analytics.com *.g.doubleclick.net https://api.company-target.com https://surveystats.hotjar.io https://analytics.google.com https://*.pingdom.net http://*.pingdom.net *.visualwebsiteoptimizer.com app.vwo.com https://privacyportal-de.onetrust.com v2.clickguardian.app *.google-analytics.com *.analytics.google.com geolocation.onetrust.com api.bizzabo.com *.google.com malvernpanalytical.matomo.cloud unpkg.com cdn.jsdelivr.net cdn.linkedin.oribi.io gateway.zscalertwo.net mp-production.ent.eu-west-1.aws.found.io mp-uat.ent.eu-west-1.aws.found.io mp-development.ent.eu-west-1.aws.found.io mpfinder.azurewebsites.net www.googleapis.com prompts.maze.co pagead2.googlesyndication.com tag-logger.demandbase.com px.ads.linkedin.com cdn.horizons.confirmit.eu https://www.materials-talks.com https://www.materials-talks.jp https://www.materials-talks.kr; font-src 'self' unpkg.com cdn.jsdelivr.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com gateway.zscalertwo.net; frame-src 'self' https://virtualshowroom.tech/ *.google.com *.google.co.uk *.google.ie https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com *.recaptcha.net https://www.youtube-nocookie.com https://www.youtub.com *.youtube.com https://player.youku.com https://www.googletagmanager.com https://googleads.g.doubleclick.net/ *.visualwebsiteoptimizer.com app.vwo.com gateway.zscalertwo.net td.doubleclick.net s.company-target.com feedback.malvernpanalytical.com; frame-ancestors 'self' https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com; img-src 'self' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn data: https://c.bing.com/ https://c.clarity.ms/ https://linkedin.com/px/ https://malvern.dist.sdlmedia.com https://p3.aprimocdn.net https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com https://www.materials-talks.com https://www.materials-talks.kr https://www.materials-talks.jp unpkg.com cdn.jsdelivr.net https://px.ads.linkedin.com https://px4.ads.linkedin.com https://match.prod.bidr.io https://bat.bing.com https://www.google.com https://www.google.ac https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.com.kh https://www.google.cc https://www.google.cd https://www.google.cf https://www.google.cat https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.g.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gf https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.iq https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.io https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.com.lc https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.ne https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pk https://www.google.com.pa https://www.google.com.pe https://www.google.com.ph https://www.google.pl https://www.google.com.pg https://www.google.pn https://www.google.co.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.sm https://www.google.so https://www.google.st https://www.google.sr https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.to https://www.google.tn https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://segments.company-target.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://id.rlcdn.com https://googleads.g.doubleclick.net https://hm.baidu.com http://api.share.baidu.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com https://*.hotjar.com https://*.linkedin.com https://cdn.cookielaw.org https://p.adsymtotic.com *.google-analytics.com *.analytics.google.com *.baidu.com gateway.zscalertwo.net res.cloudinary.com sites-cm-c4f1aa-eu-west-1-malvernr12.tridion.sdlproducts.com https://latex.codecogs.com; media-src 'self' https://p3.aprimocdn.net gateway.zscalertwo.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn https://*.clarity.ms/ https://www.google.com/pagead https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com https://www2.malvernpanalytical.com https://polyfill.io https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://zz.bdstatic.com/ https://www.gstatic.com/recaptcha/ https://apis.google.com https://www.recaptcha.net https://www.youtube.com https://www.googletagmanager.com unpkg.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.cookielaw.org https://www.google-analytics.com http://www.googleadservices.com https://www.googleadservices.com https://snap.licdn.com https://static.hotjar.com https://bat.bing.com http://bat.bing.com https://tag.demandbase.com http://*.pardot.com https://script.hotjar.com https://googleads.g.doubleclick.net http://www.googletagmanager.com  https://*.baidu.com http://push.zhanzhang.baidu.com http://ada.baidu.com https://fe-resource.cdn.bcebos.com https://*.pingdom.net http://*.pingdom.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com v2.clickguardian.app *.googlesyndication.com cdn.heeet.io *.matomo.cloud gateway.zscalertwo.net sites-cm-c4f1aa-eu-west-1-malvernr12.tridion.sdlproducts.com snippet.maze.co cdn.horizons.confirmit.eu; style-src 'self' 'unsafe-inline' http://*.malvernpanalytical.com http://*.malvernpanalytical.com.cn *.malvernpanalytical.com *.malvernpanalytical.com.cn unpkg.com cdn.jsdelivr.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://sites-cm-malvernpl-production.tridion.sdlproducts.com https://sites-cm-malvernpl-test.tridion.sdlproducts.com https://sites-cm-malvernpl-development.tridion.sdlproducts.com https://sites-cm-malvern-production.tridion.sdlproducts.com https://sites-cm-malvern-test.tridion.sdlproducts.com https://sites-cm-malvern-development.tridion.sdlproducts.com gateway.zscalertwo.net *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com translate.googleapis.com; worker-src blob: blob: *.malvernpanalytical.com data:; base-uri 'self'; report-to csp-endpoint; 1
default-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; script-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; font-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; img-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; child-src http: https: data: 'self' 'unsafe-eval' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.burohappold.com *.google-analytics.com *.google.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.youtube.com *.youtu.be *.linkedin.com *.vimeo.com *.sketchfab.com *.cookiebot.com * data: ; 1
frame-ancestors 'self' *.myworkdayjobs.com *.hbm.com; upgrade-insecure-requests; script-src hbkworld.com *.hbkworld.com *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.google.com *.google-analytics.com *.crazyegg.com *.licdn.com static.cloudflareinsights.com *.cookieinformation.com *.ipify.org *.zoominfo.com *.matomo.cloud  *.piwik.pro *.wistia.com *.rlcdn.com *.doubleclick.net *.adsymptotic.com *.facebook.net *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hs-banner.com *.hsleadflows.net *.doubleclick.net *.google.com *.linkedin.com *.cloudfront.net *.clickagy.com dqm.crownpeak.com *.myworkdayjobs.com *.force.com *.gstatic.com *.clarity.ms *.cloudflare.com *.a1.typesense.net js.zi-scripts.com *.bing.com dpm.demdex.net 'unsafe-inline' blob:; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://piwik.fobos.de; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://piwik.fobos.de https://*.w.org https://wordpress.org https://secure.gravatar.com; form-action 'self' 'unsafe-inline'; 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com koruclub.airnewzealand.com auth.airnewzealand.co.nz; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info *.airnewzealand.co.nz auth.airnewzealand.co.nz ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com dnn506yrbagrg.cloudfront.net xsell.expedia.com ddc.optimahub.com www.newzealand.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' p-airnz.com ; frame-src 'self' *.google.com auth.identity.airnewzealand.com nz.fltmaps.com airpointscalculator.co.nz www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com *.airnewzealand.co.nz auth.airnewzealand.co.nz sec.windcave.com uat.windcave.com hotels.airnewzealand.co.nz airnz-cargo.chooose.today airnz-corporate.chooose.today emissions-platform.airnewzealand.co.nz oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com www.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com muscula.herokuapp.com sec.windcave.com uat.windcave.com tourismnz.sc.omtrdc.net https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'self' https: http:; report-uri /csp-report 1
frame-ancestors 'self' https://rallye-lecture.fr https://matheros.fr https://monecole.fr https://motoufo.fr; 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com https://cdn.siteblindado.com https://api.siteblindado.com https://cdnjs.cloudflare.com https://www.google.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; frame-ancestors *.bolt.com https://h.online-metrix.net unsafe-inline *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://h.online-metrix.net *.cardinalcommerce.com unsafe-inline https://www.google.com https://www.googletagmanager.com https://cdn.siteblindado.com https://api.siteblindado.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://h.online-metrix.net *.d.aa.online-metrix.net https://fonts.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://staticfiles.yviews.com.br https://service.yourviews.com.br https://yv-misc.s3.amazonaws.com https://www.google.com https://cdn.awsli.com.br/ https://cdn.siteblindado.com https://api.siteblindado.com https://seal.siteblindado.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://h.online-metrix.net *.cardinalcommerce.com https://i.konduto.com https://cdn.siteblindado.com https://api.siteblindado.com https://www.google.com https://www.gstatic.com https://cdn.awsli.com.br https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com https://commerce.adobedtm.com https://js-agent.newrelic.com/ *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.googleapis.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.net *.bolt.com qa-api.magedevteam.com http://dpm.demdex.net https://h.online-metrix.net https://mpisandbox.braspag.com.br/v2/3ds/validate https://writer.cardinalcommerce.com/stag/log https://mpisandbox.braspag.com.br/v2/3ds/enroll https://centinelapistag.cardinalcommerce.com/V1/Order/JWT/Continue *.amazonaws.com *.braspag.com.br https://viacep.com.br https://api.siteblindado.com https://seal.siteblindado.com https://commerce.adobedc.net https://commerce.adobedtm.com https://www.google.com https://www.gstatic.com https://www.paypal.com https://www.sandbox.paypal.com https://www.paypalobjects.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.k-analytix.com *.google.com.br *.konduto.com *.doubleclick.net *.hotjar.com wss://ws.hotjar.com *.hotjar.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.tidiochat.com *.fontawesome.com fonts.gstatic.com *.openstreetmap.org *.inpost.pl *.easypack24.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.przelewy24.pl *.facebook.com sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com/ *.addthis.com *.facebook.com pay.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com img.youtube.com validator.swagger.io https://images.unsplash.com *.googletagmanager.com *.google.com *.google.pl *.gstatic.com *.googleadservices.com *.google-analytics.com *.linkedin.com www.oferteo.pl unpkg.com cdnjs.cloudflare.com *.tidiochat.com tidio-images-messenger.s3.us-east-1.amazonaws.com *.facebook.com static.przelewy24.pl www.gstatic.com gstatic.com *.openstreetmap.org *.inpost.pl *.easypack24.net *.instagram.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.licdn.com *.addthis.com *.addthisedge.com *.elfsight.com *.tidio.co *.tidio.com *.tidiochat.com *.facebook.net *.tiktok.com *.pinimg.com s7.addthis.com sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com *.easypack24.net *.openstreetmap.org *.inpost.pl *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.fontawesome.com fonts.googleapis.com *.easypack24.net *.openstreetmap.org *.inpost.pl maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.cardinalcommerce.com 'self' data: *.addthis.com *.elfsight.com wss://socket.tidio.co *.tidio.com ct.pinterest.com ekr.zdassets.com/ sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com *.easypack24.net *.openstreetmap.org *.inpost.pl https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; connect-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; img-src 'self' data: mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; base-uri 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; form-action 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; object-src 'self' mardelplata.gob.ar *.mardelplata.gob.ar *.cloudflareinsights.com *.jsdelivr.net *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com; 1
script-src 'nonce-UVYDmSEdcvN3n3frIA/fhb+boIo=' 'unsafe-eval' 'strict-dynamic'; object-src 'none'; 1
frame-ancestors verdragonball.online 1
default-src 'self' 'unsafe-inline' neuronation.com *.neuronation.com herokuapp.com *.herokuapp.com amazonaws.com *.amazonaws.com sentry.dev.nn-services.de *.dev.nn-services.de *.nn-services.de stripe.com *.stripe.com stripe.network *.stripe.network chargebee.com *.chargebee.com iterable.com *.iterable.com doubleclick.com *.doubleclick.com plyr.io *.plyr.io unity3d.com *.unity3d.com *.cloud.unity3d.com googleapis.com *.googleapis.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com; img-src 'self' data: neuronation.com *.neuronation.com amazonaws.com *.amazonaws.com plyr.io *.plyr.io analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: neuronation.com *.neuronation.com amazonaws.com *.amazonaws.com stripe.com *.stripe.com chargebee.com *.chargebee.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com gstatic.com *.gstatic.com googleapis.com *.googleapis.com; child-src 'self' blob: chargebee.com *.chargebee.com neuronation.com *.neuronation.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' neuronation.com *.neuronation.com; frame-ancestors 'self' neuronation.com *.neuronation.com *.evocare.org evocare.org 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-jpQ9Qy0fe-16HmE8egytBQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src https://kredobank.com.ua; base-uri 'none'; connect-src https://kredobank.com.ua maps.googleapis.com online.kredobank.com.ua data: https: mailto:; font-src https://kredobank.com.ua data: https: http:; form-action https://kredobank.com.ua; frame-ancestors https://kredobank.com.ua; frame-src https://kredobank.com.ua www.youtube.com www.portmone.com.ua px.adhigh.net online.kredobank.com.ua; img-src https://kredobank.com.ua maps.google.com maps.gstatic.com online.kredobank.com.ua data: http: https:; manifest-src https://kredobank.com.ua; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://kredobank.com.ua ajax.googleapis.com maxcdn.bootstrapcdn.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com portmone.com.ua online.kredobank.com.ua https:; style-src 'self' 'unsafe-inline' 'report-sample' https://kredobank.com.ua fonts.googleapis.com online.kredobank.com.ua https:; worker-src 'none' 1
base-uri 'self' *.portfoliorecovery.com;              connect-src 'self' *.portfoliorecovery.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://surveystats.hotjar.io https://content.pra1.opentext.cloud https://content-preview.pra1.opentext.cloud https://content.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://ui-authoring.pra1-test.opentext.cloud https://cdn.cookielaw.org https://origin.marketinghub.opentext.com https://www.google-analytics.com https://www.analytics.google.com/g/ https://analytics.google.com/g/ https://stats.g.doubleclick.net/ https://privacyportal.onetrust.com/request/v1/consentreceipts;               default-src 'self' *.portfoliorecovery.com;              font-src 'self' *.portfoliorecovery.com https://fonts.gstatic.com https://script.hotjar.com data:;              frame-src 'self' *.portfoliorecovery.com https://portfoliorecovery.egain.cloud/ https://www.surveymonkey.com/ https://player.vimeo.com/ https://www.marketinghub.opentext.com https://www.google.com/ https://vars.hotjar.com https://bid.g.doubleclick.net https://*.cybersource.com/;              frame-ancestors 'self' *.portfoliorecovery.com;              img-src 'self' *.portfoliorecovery.com *.google-analytics.com *.googletagmanager.com https://content.pra1.opentext.cloud https://content-preview.pra1.opentext.cloud https://content.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://cdn-assets-cloud.frontify.com https://cdn.optimizely.com https://content.pra1.opentext.cloud https://ui-authoring.pra1-test.opentext.cloud https://content.pra1-dev.opentext.cloud https://origin.marketinghub.opentext.com https://www.marketinghub.opentext.com https://tags.w55c.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://aa.agkn.com https://prod.smassets.net/assets/responseweb/responseweb/ data: https://i.vimeocdn.com/video/861062727-ac8d5e060a589bdcc041d00f17d6a15bf8d2ba63372b02cf1c7eeb4f4e6d59d3-d_640 https://cdn.cookielaw.org https://analytics.convertlanguage.com https://static.hotjar.com https://script.hotjar.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.com/ https://c.bing.com/ https://i.vimeocdn.com/video/;     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.portfoliorecovery.com *.googletagmanager.com https://bat.bing.com/bat.js https://cdn.cookielaw.org/scripttemplates/ https://cloud-us.analytics-egain.com https://www.marketinghub.opentext.com https://secure.marketinghub.opentext.com https://www.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/html2canvas/1.4.1/html2canvas.min.js https://widget.surveymonkey.com https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.js https://www.google.com https://www.gstatic.com https://analytics.convertlanguage.com/mpwat.js https://googleads.g.doubleclick.net https://bat.bing.com https://static.hotjar.com https://script.hotjar.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://player.vimeo.com/api/player.js https://*.cybersource.com/;     style-src 'self' 'unsafe-inline' *.portfoliorecovery.com https://portfoliorecovery.egain.cloud/system/templates/chat/prava/css/iframe-style.css https://portfoliorecovery.egain.cloud/system/templates/chat/prava_dev/css/iframe-style.css https://fonts.googleapis.com https://www.marketinghub.opentext.com https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://static.hotjar.com https://script.hotjar.com; 1
script-src 'unsafe-inline' 'unsafe-eval' data: filesystem: www.resolver.com resolver.com *.resolver.com *.clarity.ms *.userway.org *.js.ubembed.com a.omappapi.com ajax.googleapis.com analytics.twitter.com app.ewebinar.com assets.ewebinar.com assets.ubembed.com bat.bing.com cdn.funnelytics.io cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net content.resolver.com ct.capterra.com d3pkntwtp2ukl5.cloudfront.net googleads.g.doubleclick.net i.tryinteract.com ipinfo.io jobs.jobvite.com js.chilipiper.com munchkin.marketo.net optimize.google.com play.vidyard.com snap.licdn.com static.ads-twitter.com tags.clickagy.com tags.srv.stackadapt.com ws-assets.zoominfo.com ws.zoominfo.com ws.zoominfo.com www.google-analytics.com www.google.ca www.google.com www.googleadservices.com www.googletagmanager.com www.resolver.com z.moatads.com t.unbounce.com trust.bitsighttech.com qvdt3feo.com www.resolver.com code.jquery.com js.zi-scripts.com *.hotjar.com; style-src 'unsafe-inline' https: filesystem: resolver.com cdn.jsdelivr.net cdnjs.cloudflare.com content.resolver.com fonts.googleapis.com i.tryinteract.com www.resolver.com ws.zoominfo.com ws-assets.zoominfo.com ipinfo.io d.clarity.ms *.clarity.ms jobs.jobvite.com app.ewebinar.com assets.ewebinar.com d3pkntwtp2ukl5.cloudfront.net tags.clickagy.com t.unbounce.com ; img-src https: data: filesystem: bat.bing.com www.googletagmanager.com www.resolver.com ws.zoominfo.com ws-assets.zoominfo.com ipinfo.io *.clarity.ms jobs.jobvite.com app.ewebinar.com assets.ewebinar.com d3pkntwtp2ukl5.cloudfront.net t.unbounce.com; font-src https: data: filesystem: fonts.gstatic.com content.resolver.com www.resolver.com www.resolver.com; media-src https:; form-action https:; frame-ancestors 'self'; object-src 'self'; frame-src 'self' https: 1
child-src blob: 'self';connect-src 'self' https://*.yimg.com https://*.yahoo.com https://s.yimg.com/nq/ads/mb/native/* https://service.cmp.oath.com https://www.yahoo.com/p.gif https://smetrics.att.com/id https://dpm.demdex.net/id https://video-api.yql.yahoo.com/ https://edgecast-vod.yahoo.net/ https://*.vpg.cdn.yimg.com/ https://media.zenfs.com/ https://assets.video.yahoo.net/ https://ads.adaptv.advertising.com/ https://video.adaptv.advertising.com/ https://consent.yahoo.com/ https://ganon.yahoo.com/ https://geo.yahoo.com/ https://guce.yahoo.com/ https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self';font-src https: data:;frame-src https://*.yahoo.com https://*.yimg.com https://*.ymail.com https://secure.bannerfarm.ace.advertising.com https://cmp.advertising.com https://assets.video.yahoo.net/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://consent.yahoo.com/ https://guce.yahoo.com/ https://pfs.yahoo.com https://gpt.mail.yahoo.net/sandbox https://alpha-gpt.mail.yahoo.net/sandbox https://alpha-gam.mail.yahoosandbox.net/sandbox https://canary-gam.mail.yahoosandbox.net/sandbox https://gam.mail.yahoosandbox.net/sandbox https://norrin.tbl.mail.yahoosandbox.net https://alpha-tbl.mail.yahoosandbox.net https://tbl.mail.yahoosandbox.net;img-src data: blob: http: https: https://ganon.yahoo.com/ https://geo.yahoo.com/;media-src blob: https://*.yahoo.com https://*.yimg.com;report-uri https://csp.yahoo.com/beacon/csp?src=mail-norrin;script-src 'self' https://s.yimg.com/nq/nr/ https://s.yimg.com/os/yaft/ https://s.yimg.com/ss/ https://s.yimg.com/aaq/yc/ https://s.yimg.com/ds/scripts/ https://www.gstatic.com/cv/js/sender/v1/cast_sender.js https://s.yimg.com/aaq/vzm/ https://s.yimg.com/cx/pv/ https://s.yimg.com/nq/polyfills/ https://yep.video.yahoo.com/ https://s.yimg.com/rx/ https://assets.video.yahoo.net/ https://jsapi.login.yahoo.com/w/ https://s.aolcdn.com/membership/omp-static/omp-widgets/ https://qa.checkout.yahoo.com/widget/ https://checkout.yahoo.com/widget/ https://s.yimg.com/cv/apiv2/partner-portals/att/adobe_analytics/ https://consent.cmp.oath.com/ https://opus.analytics.yahoo.com/ https://s.yimg.com/oa/ https://s.yimg.com/uc/sf/ https://s.yimg.com/cx/acookie/ 'sha256-lRMQ2lQozgbWLOqNJOrnclJXX6G77pQVIlF8SAI3++I=' 'sha256-xx5VFh71P/poOsh6S7wo5Hz/h6kNWHqOpIqJR04djx4=' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://s.yimg.com/oa/ 'nonce-O4PJx+RBKI3xNOrYty5JGFXsvqNem58IjQg8v3mz+v1coK4U' ;style-src 'self' https://s.yimg.com/nq/nr/ https://assets.video.yahoo.net/ 'unsafe-inline';worker-src 'self' blob:;manifest-src https://s.yimg.com/nq/nr/json/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
frame-ancestors 'self' https://p.anypromo.com https://p.anypromo.com:8443 1
frame-ancestors 'self'; frame-src *; 1
frame-ancestors https://*.builder.io https://builder.io http://localhost:1234 1
script-src 'self' https://optimize.google.com/optimize/editor/js/js.js https://optimize.google.com https://assets.ctfassets.net *.adalyser.com/adalyser.js *.amplify.outbrain.com *.trustpilot.com *.zdassets.com *.outbrain.com/ *.googletagmanager.com *.google-analytics.com *.googleadservices.com https://www.youtube.com https://player.vimeo.com https://connect.facebook.net http://platform.twitter.com https://a.quora.com https://websdk.appsflyer.com *.hotjar.com *.analytics.twitter.com http://cdn.mxpnl.com http://bat.bing.com/bat.js https://googleads.g.doubleclick.net https://script.hotjar.com *.ads-twitter.com http://widgets.getsitecontrol.com https://analytics.twitter.com https://tyviso.com/rewards-page/ cdn.pushcrew.com 'unsafe-inline' 'unsafe-eval'; object-src none 1
frame-ancestors 'self'; img-src data: blob: *; media-src data: blob: *; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: gap: ws: wss: *.exosite.com *.exosite.io *.statuspage.io assets.chargeover.com fast.wistia.com fonts.googleapis.com fonts.gstatic.com googletagmanager.com js.hs-scripts.com s3.us-west-1.amazonaws.com murano-content-service-prod.s3.us-west-1.amazonaws.com exosite-exchange-prod.s3.amazonaws.com  docs.exosite.io  exosite.chargeover.com  bizapi.hosted.exosite.io  bjrxlnv3yqfm.statuspage.io  support.exosite.com  m2.exosite.com  www.exosite.io 1
frame-ancestors 'self' localhost:* *.pages.dev *.tickettando.it tickettando.it; 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://app.lottiefiles.com https://lottie.host https://maps.googleapis.com https://us-east-1-decisionapi.lift.acquia.com https://bam.nr-data.net https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://*.linkedin.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' mailto: https://*.google.com https://www.mccarthyviz.com https://vimeo.com https://*.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com https://jobs.jobvite.com; img-src 'self' data: https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.ytimg.com https://*.ggpht.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://www.googletagmanager.com https://*.gstatic.com https://jobs.jobvite.com https://player.vimeo.com https://*.youtube.com https://*.ytimg.com https://lift3assets.lift.acquia.com https://production-cdn.lift.acquia.com https://js-agent.newrelic.com https://bam.nr-data.net https://snap.licdn.com https://connect.facebook.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; frame-ancestors 'self' http://preview.ceros.com http://view.ceros.com http://*.mccarthy.com https://preview.ceros.com https://view.ceros.com https://*.mccarthy.com; report-uri https://tokybd.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests 1
frame-ancestors 'self' *.pucv.cl; 1
frame-ancestors 'self' *.edumoov.com *.educartable.com *.kidiquest.com; 1
child-src 'self' https://*.docusign.com https://*.docusign.net https://*.trustcommerce.com https://*.slimpay.net https://*.slimpay.com https://*.windriverfinancialgateway.com 1
connect-src 'self' https://*.optimizely.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://livechat.lge-ku.com wss://livechat.lge-ku.com; img-src 'self' https://*.optimizely.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-agent.newrelic.com/ https://bam.nr-data.net https://cdn.rawgit.com https://www.youtube.com https://connect.facebook.net https://js.adsrvr.org/ https://*.optimizely.com https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://youtube.com www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-agent.newrelic.com/ https://bam.nr-data.net https://cdn.rawgit.com https://www.youtube.com https://connect.facebook.net https://js.adsrvr.org/ https://*.optimizely.com https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com https://youtube.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.adsrvr.org/ https://cdnjs.cloudflare.com; style-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://s.ytimg.com https://webintercept.bellomyonline.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://kit-pro.fontawesome.com https://js.adsrvr.org/ https://cdn.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' tirebuyer.com/ *.tirebuyer.com/ treadsy.com/ *.treadsy.com/ gstatic.com/ *.gstatic.com/ *.googletagmanager.com/ googletagmanager.com/ *.cdn-apple.com/ *.cybersource.com/ *.zdassets.com/ *.zopim.com/ *.paypal.com/ *.paypalobjects.com/ *.zendesk.com/ *.sentry.io/ *.paytomorrow.com/ *.affirm.com/ api.ipify.org/ pay.google.com/ *.google.com/pay https://google.com/pay *.google.com/ h.online-metrix.net/ *.googleapis.com/ *.listrakbi.com/ *.listrak.com/ *.googlecommerce.com/ *.google-analytics.com/ *.bing.com/ *.doubleclick.net/ *.hotjar.com/ *.hotjar.io/ connect.facebook.net/ intljs.rmtag.com/ *.attn.tv/ *.clarity.ms/ *.sitejabber.com/ *.linksynergy.com/ *.attentivemobile.com/ wss://ws.hotjar.com/ wss://widget-mediator.zopim.com *.go-mpulse.net *.powerreviews.com *.akstat.io *.akamaihd.net *.bizrate.com *.youtube.com *.applicationinsights.azure.com; img-src * data:; media-src *; style-src * 'unsafe-inline'; font-src * data:; 1
default-src 'self' http: https: *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com wss://*.hotjar.com *.hotjar.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.platypusshoes.com.au/ *.adobetm.com *.afterpay.com *.cloudfront.net *.demdex.net *.forter.com *.google-analytics.com *.paypal.com afterpay.com foursixty.com *.contentsquare.net *.useinsider.com *.roymorgan.com sha256-QbiTetPBJzD3st2q/dMWhIYIp6nbp7aPVEnq1vNaaDw=; style-src 'self' https: 'unsafe-inline' https://www.platypusshoes.com.au/ *.adobetm.com foursixty.com; img-src data: http: https: *.google-analytics.com *.ist-track.com *.pinterest.com *.twilio.com *.tiktok.com *.useinsider.com developers.google.com *.zopim.io *.zdassets.com; object-src 'none'; base-uri 'none'; child-src 'self'; media-src http: https: *.twilio.com; connect-src 'self' http: https: *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.criteo.com *.demdex.net *.forter.com *.foursixty.com *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.taboola.com *.truefitcorp.com *.twilio.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com bcp.crwdcntrl.net facebook.com *.contentsquare.net *.roymorgan.com foursixty.com kleber.datatoolscloud.net.au sentry.io smetrics.hypedc.com vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com wss://cdn0.forter.com api.useinsider.com api.myunidays.com wss://*.hotjar.com *.hotjar.com; font-src data: 'self' fonts.gstatic.com *.truefitcorp.com *.useinsider.com; frame-src 'self' *.formstack.com *.afterpay.com *.bazaarvoice.com *.criteo.com *.criteo.net *.demdex.net *.everesttech.net *.everestjs.net *.doubleclick.net *.facebook.com *.google.com *.hotjar.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com everestjs.net facebook.com foursixty.com google.com player.whooshkaa.com tsdtocl.com vimeo.com wss://*.hotjar.com *.hotjar.com; worker-src 'self' blob:; 1
script-src 'self' https://code.jquery.com/jquery-1.4.2.min.js 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' http://www.philips.com.au *.philips.com *.philips.com.au https://philipsigtdpv.com 1
default-src 'none'; script-src 'self' 'wasm-unsafe-eval' 'nonce-OGUxMjAzZWYtOGRlMy00OWQ4LTk2ZWEtMjBhYTUyNGE4ZDNj' false https://js.hsforms.net https://*.google-analytics.com https://www.googletagmanager.com; frame-src 'self' https://*.hubspot.com https://*.hsforms.com https://www.googletagmanager.com; frame-ancestors https://app.contentful.com; connect-src 'self' https://unpkg.com https://*.ctfassets.net https://*.hsforms.com https://i22.jobs.personio.de https://*.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://*.ctfassets.net https://*.hsforms.com https://www.googletagmanager.com; media-src 'self' https://*.ctfassets.net https://*.hsforms.com; font-src 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://*.hsforms.com; upgrade-insecure-requests; 1
default-src 'self' https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://secure.gravatar.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://youtube.com https://www.youtube.com/embed/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://secure.gravatar.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://youtube.com https://www.youtube.com/embed/; img-src * 'self' data: https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://secure.gravatar.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://youtube.com https://www.youtube.com/embed/; style-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://secure.gravatar.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://youtube.com https://www.youtube.com/embed/; font-src 'self' data: https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://secure.gravatar.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://youtube.com https://www.youtube.com/embed/; style-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com/ https://secure.gravatar.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://translate.google.com https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://youtube.com https://www.youtube.com/embed/ 1
frame-ancestors 'self' http://www.gierkionline.pl 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
frame-ancestors https://tataepp.stagingshop.com 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.jsdelivr.net https://unpkg.com *.google-analytics.com *.googletagmanager.com https://bam.nr-data.net https://js-agent.newrelic.com/ https://cdn-gl.imrworldwide.com https://secure-sg.imrworldwide.com  *.bootstrapcdn.com *.gstatic.com *.google.com *.cloudflare.com; child-src 'self' www.google.com; frame-src 'self' www.google.com https://secure-sg.imrworldwide.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net https://cdn.jsdelivr.net *.bootstrapcdn.com; frame-ancestors 'self';  object-src 'self'; base-uri 'self'; 1
worker-src * blob:; frame-ancestors 'self' https://www.youtube.com https://www.instagram.com https://www.facebook.com https://accounts.google.com https://kritique-widgets-stage.unileversolutions.com https://unilever3.demdex.net https://widget.kritique.io 1
default-src 'self' https: wss:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: 'unsafe-inline'; style-src https: 'unsafe-inline'; base-uri 'self' https:; font-src 'self' https: data:; img-src 'self' data: https:; frame-ancestors 'self'; object-src 'self' data: https:; upgrade-insecure-requests; block-all-mixed-content; worker-src 'self' data: https: blob: 1
block-all-mixed-content; script-src 'self' https://maps.googleapis.com https://cdn.perfdrive.com/aperture/aperture.js https://sdk.cashfree.com/js/ui/2.0.0/cashfree.prod.js https://ajax.aspnetcdn.com https://cdn.yellowmessenger.com https://www.clarity.ms https://connect.facebook.net https://ajax.googleapis.com https://html2canvas.hertzen.com/dist/html2canvas.js https://cdnjs.cloudflare.com https://app.yellowmessenger.com https://cdn.datatables.net/1.11.3/js/jquery.dataTables.min.js https://*.go-mpulse.net https://bat.bing.com https://content.linkedin.com https://google-analytics.com https://googletagmanager.com https://platform.linkedin.com https://r.bing.com https://s.go-mpulse.net https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://tagmanager.google.com https://toolassets.haptikapi.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' *.licdn.com *.bing.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com toolassets.haptikapi.com; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' *.fontawesome.com 'unsafe-eval' *.fontawesome.com 'strict-dynamic' *.fontawesome.com ; script-src * data: blob: 'unsafe-inline' *.fontawesome.com 'unsafe-eval' *.fontawesome.com; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' *.fontawesome.com; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' *.fontawesome.com; font-src * data: blob: 'unsafe-inline' *.fontawesome.com; 1
object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com/ https://www.googletagmanager.com https://js.monitor.azure.com azure.com https://www.google-analytics.com https://www.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://maps.googleapis.com/ https://js.monitor.azure.com azure.com https://www.google.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.gstatic.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.amrest.eu/en/report-uri/enforce; upgrade-insecure-requests 1
frame-ancestors 'self' *.bidassist.com 1
frame-ancestors 'self' http://www.jatekokxl.hu 1
frame-ancestors 'self' http://www.paixnidiaxl.gr 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.cl/report-uri/enforce 1
connect-src 'self' *.luigisbox.com *.google.com *.google.cz *.google.sk *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.googlesyndication.com skoda-dily-db3 *.doubleclick.net *.mail-komplet.cz *.groovehq.com *.europa.eu *.deepl.com *.jquery.com *.heureka.cz *.heureka.sk *.facebook.net *.jquery.com 1
frame-ancestors 'self' *.credit-agricole.com 1
child-src data: https: blob:; img-src data: https: blob:; object-src https:; font-src data: https:; connect-src https: wss: blob:; form-action https:; upgrade-insecure-requests; style-src data: 'unsafe-inline' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; default-src data: 'unsafe-inline' 'unsafe-eval' https:; media-src data: https: blob:; 1
frame-ancestors 'self'  *.interactivebrokers.com  *.interactivebrokers.ca  *.interactivebrokers.com.hk  *.interactivebrokers.hk  *.interactivebrokers.ch  *.interactivebrokers.eu  *.interactivebrokers.ie  *.interactivebrokers.lu  *.interactivebrokers.hu  *.interactivebrokers.com.sg  *.ibkr.com.sg  *.interactivebrokers.ch  *.interactivebrokers.co.uk  *.interactivebrokers.com.au  *.interactivebrokers.co.jp  *.interactivebrokers.co.in  *.ibkram.com  IBKR.docebosaas.com  *.interactiveadvisors.com  *.ibkr.com  *.ibkr.com.cn  *.clientam.com  *.clientam.ch  *.youtube.com  *.clientam.com.hk  *.go-mpulse.net  *.akstat.io  *.lynxbroker.com  impact.interactivebrokers.com  widgets.tipranks.com  site.recognia.com  *.portfolioanalyst.com  portfolioanalyst.com  www.portfolioanalyst.com  www.interactivebrokers.com  https://www.interactivebrokers.com/  ibkr.paxosclients.com  worldtrader.hsbc.ae  *.xstaging.tv  *.ibkrcampus.com  ibkrcampus.com  www.ibkrguides.com  *.greenwichcompliance.com; 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.printplace.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
default-src 'self' data: https://svc.webspellchecker.net				;				script-src 'self' 'unsafe-inline' 'unsafe-eval'														https://www.google.com https://www.googletagmanager.com https://www.gstatic.com	https://www.recaptcha.net					https://www.google-analytics.com https://js.hs-scripts.com https://js.hs-analytics.net								https://js.hs-banner.com https://js.hsforms.net https://az763204.vo.msecnd.net https://js.stripe.com						https://services.postcodeanywhere.co.uk https://www.currency.me.uk https://ajax.aspnetcdn.com							https://svc.webspellchecker.net https://gsnocs.noc.ac.uk https://www.findaphd.com https://cdnjs.cloudflare.com					https://d1bxh8uas1mnw7.cloudfront.net https://api.altmetric.com https://www.youtube.com			;				connect-src 'self' 'unsafe-inline'															https://www.google-analytics.com https://analytics.google.com https://region1.analytics.google.com						https://region1.google-analytics.com https://stats.g.doubleclick.net https://svc.webspellchecker.net						https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://api.donorfy.com	;				img-src data: *													;				font-src 'self' 'unsafe-inline'																https://gsnocs.noc.ac.uk https://fonts.googleapis.com https://fonts.gstatic.com https://svc.webspellchecker.net					https://maxcdn.bootstrapcdn.com										;				style-src 'self' 'unsafe-inline'															https://gsnocs.noc.ac.uk https://fonts.googleapis.com https://svc.webspellchecker.net https://www.findaphd.com					https://cdnjs.cloudflare.com https://az763204.vo.msecnd.net https://services.postcodeanywhere.co.uk	;				frame-src 'self' 'unsafe-inline'															https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.youtube.com						https://player.vimeo.com https://embeds.audioboom.com https://my.matterport.com https://mpembed.com						https://mars.noc.ac.uk https://forms.hsforms.com https://app.donorfy.com https://js.stripe.com							https://www.currency.me.uk https://live.brame-gamification.com/	https://campaigns.brame.io/									;				frame-ancestors 'self'												;	 1
frame-ancestors 'self' https://*.gnttv.com/  https://*.aajtak.in/ https://*.indiatoday.in/ https://www.kisantak.in/ https://*.aajtakonline.in/ https://*.indiatodayonline.in/ https://*.intoday.in/ https://*.businesstoday.in/ 1
frame-ancestors 'self' https://www.educastream.com https://enseignement-a-distance.educastream.com https://educastream.dev https://po-george.educastream.dev http://test-prepmyfuture.herokuapp.com/ https://*.1to1progress.com https://1to1.educastream.com/ https://lms.educastream.com https://*.7speaking.com lms-1to1.educastream.com https://*.educastream.com 1
default-src 'self' blob: data; frame-ancestors 'self'; form-action 'self' https://beehaw.org; manifest-src *; connect-src *; img-src https://* data:; child-src 'self'; object-src 'none'; script-src 'self' https://beehaw.org 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; frame-src https://* ; media-src https://* ; upgrade-insecure-requests; 1
default-src 'none'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' unpkg.com *.jquery.com *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google.com *.googletagmanager.com *.gstatic.com *.facebook.net *.google-analytics.com dnn506yrbagrg.cloudfront.net *.youtube.com *.ytimg.com *.crazyegg.com *.opinionstage.com *.clarity.ms *.bing.com *.hotjar.com; connect-src 'self' script.crazyegg.com stats.g.doubleclick.net *.cwp.govt.nz wss://*.inside-graph.com *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.typekit.net *.google-analytics.com *.google.com *.googletagmanager.com *.optimalworkshop.com *.opinionstage.com *.facebook.com *.clarity.ms  wss://*.hotjar.com *.hotjar.com *.hotjar.io; img-src 'self' data: *.google.com *.google.co.nz *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.typekit.net *.doubleclick.net *.gstatic.com *.facebook.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.inside-graph.com gtrk.s3.amazonaws.com *.opinionstage.com *.clarity.ms *.bing.com; style-src 'self' 'unsafe-inline' *.cwp.govt.nz *.inside-graph.com *.settled.govt.nz *.rea.govt.nz *.googleapis.com *.google.com *.opinionstage.com; font-src 'self' data: *.gstatic.com *.typekit.net ; frame-src 'self' *.inside-graph.com *.youtube.com *.doubleclick.net *.google.com *.opinionstage.com *.facebook.com; manifest-src 'self'; frame-ancestors 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz; base-uri 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz; form-action 'self' *.cwp.govt.nz *.settled.govt.nz *.rea.govt.nz *.opinionstage.com *.facebook.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss:;img-src 'self' data: https: 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-FnAxNp-MJ9jnW0NQEwB08w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; object-src 'none'; font-src 'self' data: https://static.rain.com; media-src * blob:; frame-ancestors 'self'; connect-src *; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src * blob:; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' team.live fr.team.live es.team.live ru.team.live de.team.live pl.team.live ar.team.live tr.team.live; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://get.creaform3d.com/ https://www.msn.com/ https://creaform.my.site.com/ https://a.quora.com/ https://ajax.aspnetcdn.com/ https://static.lightning.force.com/ https://d.la3-c1-ia5.salesforceliveagent.com/ https://d.la3-c1-ia4.salesforceliveagent.com/ https://creaform.my.salesforce.com/ https://service.force.com/ https://www.googleadservices.com/ https://www.gstatic.com/ https://www.google.com/ https://a.omappapi.com/app/js/ https://acuityplatform.com/Adserver/pxlj/3726197806279171821 https://*.googleapis.com/ https://analytics.tiktok.com/i18n/pixel/ https://apis.google.com/js/ https://assets.ubembed.com/universalscript/ https://b4cb121747ac4fc997b7cc96e71faab3.js.ubembed.com/ https://b92.yahoo.co.jp/rt/ https://bat.bing.com/ https://cdn.callrail.com/companies/329882866/bf9348cf6a834fc3270e/12/swap.js https://*.pushengage.com/ https://connect.facebook.net/ https://e.acuityplatform.com/ https://fast.wistia.net/ https://fast.wistia.com/ https://*.bizspring.net/ https://go.creaform3d.com/ https://hm.mieru-ca.com/service/js/ https://hpjp.mieru-ca.com/embed https://origin.acuityplatform.com/ https://pi.pardot.com/ https://script.hotjar.com/ https://secure.adnxs.com/seg https://snap.licdn.com/li.lms-analytics/ https://static.hotjar.com/ https://tags.clickagy.com/ https://urldefense.proofpoint.com/ https://wcs.naver.net/ https://ws.zoominfo.com/pixel/ https://www.clarity.ms/ https://www.google-analytics.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.msgapp.com/ https://www.optico.fr/ https://www.redditstatic.com/ads/ https://www.webtraxs.com/ https://www.youtube.com/ https://acuityplatform.com/ https://*.yimg.jp/ https://call.chatra.io/ https://chat.chatra.io/ https://optimize.google.com/ https://d3pkntwtp2ukl5.cloudfront.net/uba.js https://*.cloudfront.net/sp-2.14.0.js https://flex.msn.com/ https://tpc.googlesyndication.com/ https://*.yahoo.co.jp/ https://t.unbounce.com/ https://cdn.cookielaw.org/ https://tag.demandbase.com/0d233bb0737fd287.min.js https://*.salesforceliveagent.com/ https://*.quora.com/'; style-src 'self' 'unsafe-inline' https://creaform.my.site.com/ https://service.force.com/ https://a.omappapi.com https://fast.wistia.com https://fonts.googleapis.com https://optimize.google.com; object-src 'none'; base-uri 'self'; connect-src * 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://service.force.com/ https://fast.wistia.com https://fast.wistia.net https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com https://www.google.com https://www.youtube.com/ https://go.creaform3d.com/ https://tourmkr.com/ https://call.chatra.io/ https://chat.chatra.io/ https://*.pages.ubembed.com/ https://*.clickagy.com/ https://tpc.googlesyndication.com/ https://optimize.google.com https://demo.visao.ca/ https://sketchfab.com/ https://s.company-target.com/; img-src * data: blob: 'unsafe-inline'; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-src 'self' uzis.cz  https://www.youtube.com https://audiovisual.ec.europa.eu; frame-ancestors 'self' nzip.cz https://www.nzip.cz 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://jsd-widget.atlassian.com https://cdn.matomo.cloud https://boards-api.greenhouse.io;connect-src 'self' https://jsd-widget.atlassian.com https://api-private.atlassian.com https://icp0.io https://*.icp0.io https://internetcomputer.matomo.cloud https://cdn.matomo.cloud https://boards-api.greenhouse.io https://api.github.com;img-src 'self' data: https://images.ctfassets.net https://i.ytimg.com;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';font-src * data:;object-src 'none';base-uri 'self';frame-ancestors 'none';form-action 'self' https://dfinity.us16.list-manage.com https://internetcomputer.org;upgrade-insecure-requests;frame-src https://bugcrowd.com https://www.youtube.com; 1
default-src data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' 1
default-src 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com kit.fontawesome.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net www.garp.org *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com 'strict-dynamic' 'nonce-0TZEbUrBl4KecKFlKVhxdQ=='; style-src 'self' 'unsafe-inline' *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net www.garp.org static.hsappstatic.net; img-src https: 'self' 'unsafe-eval' js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com s3-us-west-2.amazonaws.com; font-src 'self' ka-p.fontawesome.com; connect-src 'self' *.google.com *.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net *.vidyard.com *.fontawesome.com content.hotjar.io *.hotjar.com wss://wsp14.hotjar.com wss://wsp43.hotjar.com/api/v2/client/ws stats.g.doubleclick.net static.libsyn.com cdn.linkedin.oribi.io *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com bat.bing.com hm.baidu.com; object-src 'none'; media-src 'self'; frame-src html5-player.libsyn.com forms.hsforms.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com www.garp.org *.hsforms.net *.hsforms.com *.googletagmanager.com *.twitter.com *.facebook.com fast.wistia.net *.youtube.com; base-uri 'self'; report-to /csp-violation-report-endpoint/; ; upgrade-insecure-requests; 1
script-src 'self' blob: https://www.smartsuppchat.com/ https://*.smartsuppcdn.com/ https://www.googletagmanager.com/ https://*.googleapis.com/ https://*.facebook.net/ 'nonce-Fe5ju1bXe1a5m3Dd2rsT3g==' 1
frame-ancestors https://mobz.io/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/raven.js/3.25.2/raven.js https://d10zminp1cyta8.cloudfront.net/widget.js https://js-eu1.hs-analytics.net/analytics/ https://js-eu1.hs-banner.com/v2/25492484/banner.js https://js-eu1.hscollectedforms.net/collectedforms.js https://js-eu1.hs-scripts.com/25492484.js https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js https://js-eu1.hsadspixel.net/fb.js https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://career.recruitee.com https://forms-eu1.hubspot.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json https://js-eu1.hs-analytics.net/analytics/ https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://lg.core-backbone.com; img-src 'self' data: https://forms-eu1.hsforms.com https://maps.google.com https://maps.gstatic.com https://www.google-analytics/collect https://maps.googleapis.com https://ps.w.org https://forms-eu1.hsforms.com/embed/v3/counters.gif https://track-eu1.hubspot.com https://www.facebook.com/tr/; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data: blob:; media-src https: blob:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' forms.hsforms.com forms-na1.hsforms.com; frame-ancestors 'self' player.vimeo.com/video; img-src 'self' https: data: cms.virginactive.co.za nice-sand-0200ef403-8.westeurope.2.azurestaticapps.net maps.gstatic.com forms.hsforms.com forms-na1.hsforms.com maps.googleapis.com itensitystorage.blob.core.windows.net px.ads.linkedin.com google.co.za google.co.za/pagead/ google.co.com/ads/ facebook.com/tr/ track.hubspot.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' *.diabetesdaily.com *.everydayhealth.com *.ceros.com *.googleapis.com *.zdbb.net 1
default-src cartus.com *.cartus.com; script-src 'unsafe-inline' 'unsafe-eval' cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.qumucloud.com *.trustarc.com *.googletagmanager.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com; style-src 'unsafe-inline' cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.qumucloud.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com; img-src data: blob: https: cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.googleadservices.com; frame-src data: blob: https: *.cartus.com *.qumucloud.com; font-src cartus.com *.gstatic.com *.cartus.com *.trustarc.com; connect-src cartus.com *.cartus.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.qumucloud.com *.gstatic.com *.typekit.net *.licdn.com googleads.g.doubleclick.net connect.facebook.net *.stackadapt.com *.pardot.com www.buzzsprout.com https: wss: 1
default-src http: https: 'unsafe-inline'; object-src 'none'; 1
frame-ancestors 'self' https://*.foodinfluencersunited.nl https://*.foodinfluencersunited.com 1
default-src 'self' https://d1e8vjamx1ssze.cloudfront.net; connect-src https://*.mixam.co.uk 'self' blob: data: ws: wss://hub.prod.mixam.co.uk wss://hub.staging.mixam.co.uk https://uploads.prod.mixam.co.uk https://uploads.staging.mixam.co.uk https://reporter.prod.mixam.co.uk https://reporter.staging.mixam.co.uk https://d1e8vjamx1ssze.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://bat.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.noibu.com https://maps.googleapis.com https://api.amplitude.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://apay-us.amazon.com https://services.postcodeanywhere.co.uk https://apis.google.com https://pay.google.com https://stats.g.doubleclick.net https://*.paypal.com https://www.facebook.com https://portal.afterpay.com https://portal.sandbox.afterpay.com https://static.afterpay.com https://*.afterpay.com https://www.googleadservices.com https://cdn.jsdelivr.net https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://cdn.linkedin.oribi.io https://bam.eu01.nr-data.net https://js.volt.io https://api.addressy.com https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com https://chat-webhook.frontapp.com https://sessions.bugsnag.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://api.countrystatecity.in https://*.insertchatgpt.com https://cdn.plaid.com https://dcvxs6ggqztsa.cloudfront.net https://*.northbeam.io https://*.ads.linkedin.com https://*.trustpilot.com https://*.getprintbox.com https://*.printboxteam.com https://*.storage.googleapis.com https://storage.googleapis.com https://*.browser-intake-datadoghq.com http://liam.com; font-src 'self' data: https://fonts.gstatic.com https://editor.printess.com https://d1e8vjamx1ssze.cloudfront.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.getprintbox.com https://storage.googleapis.com; img-src https://c.paypal.com https://b.stats.paypal.com https://*.getprintbox.com https://liam.com https://mixam.co.uk https://chat-assets.frontusercontent.com 'self' data: * blob:; media-src 'self' *; object-src 'none'; script-src 'self' https://js.afterpay.com https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://*.noibu.com https://bat.bing.com https://snap.licdn.com https://connect.facebook.net https://*.clarity.ms https://maps.googleapis.com https://js.stripe.com https://*.paypal.com https://m.stripe.network https://www.dropbox.com https://*.payments-amazon.com https://www.gstatic.com https://portal.afterpay.com https://portal.sandbox.afterpay.com https://*.afterpay.com https://apis.google.com https://d1e8vjamx1ssze.cloudfront.net https://www.google.com https://www.workable.com https://apply.workable.com https://pay.google.com https://cdnjs.cloudflare.com https://beacon-v2.helpscout.net https://static.hotjar.com http://cdnjs.cloudflare.com https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://js.volt.io https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com https://chat-webhook.frontapp.com https://sessions.bugsnag.com 'unsafe-eval' 'unsafe-inline' https://unpkg.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://*.insertchatgpt.com https://cdn.plaid.com https://dcvxs6ggqztsa.cloudfront.net https://*.northbeam.io https://*.trustpilot.com https://accounts.google.com https://apis.google.com https://*.getprintbox.com https://*.browser-intake-datadoghq.com; style-src 'self' blob: data: https://d1e8vjamx1ssze.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.plaid.com https://*.getprintbox.com 'unsafe-inline'; frame-src 'self' blob: data: https://interactive.edocbuilder.com https://editor.printess.com https://www.youtube.com https://www.facebook.com https://js.stripe.com https://www.google.com https://accounts.google.com https://content-sheets.googleapis.com https://vars.hotjar.com https://payments.amazon.co.uk https://payments.amazon.com https://*.payments-amazon.com https://*.paypal.com https://checkout.sandbox.volt.io/ https://checkout.volt.io/ https://*.creditkey.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://*.insertchatgpt.com https://cdn.plaid.com https://*.trustpilot.com https://www.youtube-nocookie.com https://*.trustpilot.com https://*.getprintbox.com https://*.browser-intake-datadoghq.com; 1
frame-ancestors 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self'; 1
default-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; object-src *; style-src 'self' data: 'unsafe-inline' *.uniweb.be cookiehub.net *.uniweb.be cookiehub.net fonts.googleapis.com; img-src 'self' data: https://m.stripe.com *.craft-cdn.com *.uniweb.be cookiehub.net *.uniweb.eu www.googletagmanager.com www.google-analytics.com; media-src *; frame-src 'self' data: https://js.stripe.com *.uniweb.be cookiehub.net *.uniweb.eu *.hotjar.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: *.uniweb.be cookiehub.net *.uniweb.eu fonts.gstatic.com fonts.googleapis.com; connect-src *; frame-ancestors https://*.uniweb.be cookiehub.net https://*.uniweb.eu 1
default-src * 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; 1
connect-src *.strm.yandex.net mc.yandex.com yandex.az yastatic.net yastat.net mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.admetrica.ru mc.yandex.az;img-src *.verify.yandex.ru *.ya.ru *.yandex.ru ya.ru yabs.yandex.by yabs.yandex.kz yabs.yandex.ru yabs.yandex.uz yandex.ru yandex.az 'self' yastatic.net data: mc.admetrica.ru mc.yandex.com *.mc.yandex.ru adstat.yandex.ru mc.yandex.az mc.yandex.ru favicon.yandex.net avatars.mds.yandex.net;script-src 'nonce-H0E5pzfejt/mfAFxENdH/Q==' mc.yandex.com yastatic.net yandex.az mc.yandex.ru *.mc.yandex.ru adstat.yandex.ru mc.yandex.az;child-src *.ya.ru *.yandex.ru ya.ru yandex.ru yastatic.net mc.yandex.ru mc.yandex.md mc.yandex.az yandex.az *.ya.ru *.yandex.ru ya.ru yandex.ru;style-src 'unsafe-inline' yastatic.net;report-uri https://csp.yandex.net/csp?project=morda&from=morda.big.az&showid=1715650008648230-1281255899042664849-balancer-l7leveler-kubr-yp-sas-165-BAL&h=stable-portal-mordago-91.sas.yp-c.yandex.net&yandexuid=6426648491715650008&&version=2024-05-07-547&adb=0;media-src yastatic.net;default-src 'self' yastatic.net yastat.net;font-src yastatic.net 1
default-src 'none'; frame-ancestors 'self' https://matomo.eastsussex.gov.uk; media-src 'self' https://esccgovuk.blob.core.windows.net https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk;  worker-src blob: https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://new.eastsussex.gov.uk; script-src 'self' 'sha256-l8zbJd8kXZ6zkrhwDpvnCZMy0hTHqX8L3/bCfSgiaAM=' 'sha256-rP+B3tYFuMv0SfsZavhdRMwfqW86QfTrfRz2RLBAlsk=' 'unsafe-eval' https://matomo.eastsussex.gov.uk https://www.youtube.com https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://translate-pa.googleapis.com https://translate.googleapis.com https://translate.google.com https://www.googleadservices.com https://flex.eastsussex.gov.uk https://plausible.io https://new.eastsussex.gov.uk https://connect.facebook.net https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google.com https://www.gstatic.com https://v4in1-si.click4assistance.co.uk https://www.googletagmanager.com https://maps.googleapis.com https://www.google-analytics.com https://script.crazyegg.com; connect-src 'self' https://maps.googleapis.com https://cdn.plyr.io https://matomo.eastsussex.gov.uk https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://translate.googleapis.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://plausible.io https://new.eastsussex.gov.uk https://www.google-analytics.com https://apps.eastsussex.gov.uk https://script.crazyegg.com https://tracking.crazyegg.com; frame-src 'self'  https://matomo.eastsussex.gov.uk https://esccgovuk.blob.core.windows.net https://plausible.io https://eequ.org https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://flex.eastsussex.gov.uk https://www.youtube-nocookie.com https://feedback.eastsussex.gov.uk https://new.eastsussex.gov.uk https://web.facebook.com https://www.facebook.com https://syndication.twitter.com https://platform.twitter.com/ https://eastsussex.spydus.co.uk/ https://eastsussexportal.icasework.com/ https://v4in1-ti.click4assistance.co.uk https://www.youtube.com https://www.google.com/; img-src 'self'  data: https://www.eastsussex.gov.uk  https://matomo.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://translate.googleapis.com https://translate.google.com https://www.google.com https://www.gstatic.com https://orbis-uploads-eu-west-2.s3.amazonaws.com https://flex.eastsussex.gov.uk https://new.eastsussex.gov.uk https://tile.openstreetmap.org https://platform.twitter.com https://syndication.twitter.com https://abs.twimg.com https://ton.twimg.com https://pbs.twimg.com https://eastsussexgovuk.blob.core.windows.net https://www.eastsussex.gov.uk https://v4in1-si.click4assistance.co.uk https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://i.ytimg.com https://i.ibb.co/j3jcJKv/yt.png; style-src 'self' 'unsafe-inline' https://matomo.eastsussex.gov.uk https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://translate.googleapis.com https://flex.eastsussex.gov.uk https://new.eastsussex.gov.uk https://platform.twitter.com https://ton.twimg.com https://fonts.googleapis.com; object-src 'self' https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://new.eastsussex.gov.uk; report-uri https://eastsussexgovuk.report-uri.com/r/d/csp/enforce; font-src 'self' https://www.eastsussex.gov.uk https://microsites.eastsussex.gov.uk https://new.eastsussex.gov.uk https://fonts.googleapis.com https://fonts.gstatic.com; manifest-src 'self'; 1
font-src acsbapp.com *.acsbapp.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.kaptcha.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.gstatic.com cdn.flipsnack.com acsbapp.com accounts.accessibe.com magentosignup.dotdigital.com *.dotdigital.com *.demdex.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ acsbapp.com *.acsbapp.com *.kaptcha.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.sandbox.braintreegateway.com *.google.com *.gstatic.com *.noibu.com *.facebook.net *.doubleclick.net *.ads-twitter.com *.magento.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.braintreegateway.com *.google.com *.google.ca *.gstatic.com www.googletagmanager.com acsbapp.com *.acsbapp.com assets.braintreegateway.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com payments.sandbox.braintree-api.com *.braintree-api.com *.kaptcha.com origin-analytics-sand.sandbox.braintree-api.com stats.g.doubleclick.net acsbapp.com *.acsbapp.com *.sandbox.braintreegateway.com *.sandbox.paypal.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.google.ca *.gstatic.com *.noibu.com wss://input.noibu.com *.demdex.net *.omtrdc.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com google.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.gstatic.com assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.noibu.com *.acsbapp.com *.facebook.net *.doubleclick.net *.twitter.com *.ads-twitter.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://peso.gov.in/web/report-uri/enforce 1
connect-src 'self' algolia.com *.algolia.com algolia.io *.algolia.io algolia.net *.algolia.net algolianet.com *.algolianet.com appsflyer.com *.appsflyer.com bing.com *.bing.com clarity.ms *.clarity.ms cookielaw.org *.cookielaw.org doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com google.com *.google.com googlesyndication.com *.googlesyndication.com gstatic.com *.gstatic.com maps.googleapis.com *.maps.googleapis.com mktoutil.com *.mktoutil.com mopinion.com *.mopinion.com onetrust.com *.onetrust.com pureinsurance.com *.pureinsurance.com leadmanagerfx.com *.leadmanagerfx.com clickcease.com *.clickcease.com oribi.io *.oribi.io yimg.com *.yimg.com linkedin.com *.linkedin.com t.leadmanagerfx.com monitor.clickcease.com mktoresp.com *.mktoresp.com craftcms.com *.craftcms.com datacloudstat.com *.datacloudstat.com cnaught.com *.cnaught.com cloudflare.com *.cloudflare.com taboola.com *.taboola.com; font-src 'self' mopinion.com *.mopinion.com *.gstatic.com *.appsflyer.com *.sc-static.net fonts.gstatic.com *.typekit.net assets.tailwindapp.com static.zip.co gstatic.mopinion.com; form-action 'self' *.pureinsurance.com; frame-ancestors 'self' pureinsurance.com *.pureinsurance.com https://www.pureinsurance.com/; img-src https data: 'self' *; script-src 'self' mopinion.com *.mopinion.com marketo.net *.marketo.net maps.googleapis.com *.maps.googleapis.com simpli.fi *.simpli.fi gstatic.com *.gstatic.com googletagmanager.com *.googletagmanager.com googlesyndication.com *.googlesyndication.com googleadservices.com *.googleadservices.com google.com *.google.com google-analytics.com *.google-analytics.com facebook.net *.facebook.net doubleclick.net *.doubleclick.net cookielaw.org *.cookielaw.org clarity.ms *.clarity.ms bing.com *.bing.com appsflyer.com *.appsflyer.com adsrvr.org *.adsrvr.org acq.io *.acq.io clickcease.com *.clickcease.com ads-twitter.com *.ads-twitter.com licdn.com *.licdn.com leadmanagerfx.com *.leadmanagerfx.com pureinsurance.com *.pureinsurance.com twitter.com *.twitter.com yimg.com *.yimg.com dstillery.com *.dstillery.com jsdelivr.net *.jsdelivr.net 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com dyoeg0ru3defx.cloudfront.net js.acq.io munchkin.marketo.net js.adsrvr.org action.dstillery.com snap.licdn.com tag.simpli.fi cloudflare.com *.cloudflare.com media6degrees.com *.media6degrees.com *.taboola.com; style-src 'self' 'unsafe-inline' *.pureinsurance.com *.mopinion.com *.googleapis.com; upgrade-insecure-requests; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=4zmmNx0GgrsH9rruAM7HzFcmU3VSHFjYFzYxwYpUNH4-1715652976-1.0.1.1-SF_XMneV.FR_Loa3_AmDWy1Ekyb7D5..Vp8TWSH_x.xiwO3G4KRnaFpojZyJON7IZu9KRXEhVpCHVHSR6XkRhdzl8zRyFbZSNpFClAYItaY6HtBqVCILdFkuUCnXqbAHaG83W0B.CT4bKFFofaFmJJQ1p.nmVKGhfnvotSnkUjAyRlMX7fHYBBASq4oj8eViD7fv_jQVgHcURWo7GJ4B8A; report-to cf-claqkrqmohgnsvzd 1
img-src https://*; 1
default-src 'self' *.vynetrellis.com vynetrellis.com *.rpractice.com rpractice.com; child-src 'self' blob: *.pendo.io vynetrellis.com *.vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.vynetrellis.com wss://vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.vynetrellis.com vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.vynetrellis.com vynetrellis.com *.rpractice.com rpractice.com *.pendo.io; frame-src 'self' *.vynetrellis.com vynetrellis.com previewapp.vynetrellis.com *.pendo.io; img-src 'self' *.vynetrellis.com blob: data: *.vynetrellis.com vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.vynetrellis.com vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
frame-ancestors 'self' *.mts.ru metrica.yandex.com metrica.yandex.com.tr metrika.yandex.by metrika.yandex.ru *.webvisor.com webvisor.com *.mscdev.ru ; 1
default-src 'self'; frame-ancestors 'self'; block-all-mixed-content;          frame-src 'self' https://mpembed.com https://*.tridimedya.com https://buyin.social https://*.buyin.social https://*.criteo.com https://*.criteo.net https://*.google.com https://*.doubleclick.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.efilli.com https://*.jsdelivr.net/ https://*.pinterest.com https://*.gstatic.com https://*.criteo.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.truste.com https://connect.facebook.net https://cc-spectochat.echoccs.com https://graph.facebook.com https://google-analytics.com https://googleads.g.doubleclick.net https://googletagmanager.com https://js.facebook.com https://kit.fontawesome.com https://static.criteo.net https://sslwidget.criteo.com https://script.hotjar.com https://static.hotjar.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.fontawesome.com https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.fontawesome.com cc-spectochat.echoccs.com fonts.googleapis.com www.googletagmanager.com *.payten.com.tr; object-src *.googlesyndication.com; child-src 'self' *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.criteo.com *.criteo.net connect.facebook.net www.googletagmanager.com; form-action 'self' *.efilli.com  *.google.com *.facebook.com connect.facebook.net *.isbank.com.tr *.isbank.com.tr *.isbank.com.tr *.qnbfinansbank.com *.fbwebpos.com *.garanti.com.tr *.yapikredi.com.tr *.bkm.com.tr *.payten.com.tr *.bkmexpress.com *.bkmexpress.com.tr; worker-src 'self' data: blob: *.google.com; font-src 'self' data: https://*.fontawesome.com https://*.gstatic.com; connect-src 'self' https://*.efilli.com https://*.google-analytics.com https://*.hotjar.io https://*.doubleclick.net https://*.criteo.com https://*.googlesyndication https://*.clarity.ms https://*.fontawesome.com https://*.echoccs.com https://*.google.com https://*.googlesyndication.com; img-src 'self' data: https://*.efilli.com https://*.postrelease.com https://*.google-analytics.com https://*.webflow.com https://*.pasabahcemagazalari.com https://*.google.de https://*.bing.com https://*.clarity.ms https://id5-sync.com https://hb.yahoo.net https://se.semasio.net https://*.pinterest.com https://*.thebrighttag.com https://*.krxd.net https://*.twiago.com https://*.demdex.net https://*.ads.yieldmo.com https://*.echoccs.com https://*.google.com https://*.googletagmanager.com https://*.facebook.com https://*.google.com.tr https://*.doubleclick.net https://*.bidswitch.net https://*.adnxs.com https://*.media.net https://*.rubiconproject.com https://*.sharethrough.com https://*.smartadserver.com https://*.taboola.com https://*.teads.tv https://*.3lift.com https://*.analytics.yahoo.com https://*.adform.net https://*.omnitagjs.com https://*.casalemedia.com https://*.criteo.com https://*.360yield.com https://*.ivitrack.com https://*.mediavine.com https://*.outbrain.com https://*.pubmatic.com https://*.tremorhub.com https://*.yieldlab.net https://*.ds.yieldmo.com https://*.emxdgt.com https://*.criteo.com https://*.payten.com.tr; manifest-src 'self'; media-src 'self'; base-uri 'self'; 1
default-src 'self' *.projects-abroad.net fonts.googleapis.com fonts.gstatic.com code.jquery.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdnjs.cloudflare.com native.testing.equest.com www.google.com *.docusign.net www.youtube.com youtu.be player.vimeo.com docs.google.com 'unsafe-inline' 'unsafe-eval' data: font;frame-src 'self' www.youtube.com www.vimeo.com vimeo.com www.yahoo.com www.dailymotion.com www.metacafe.com www.ustream.tv native.testing.equest.com *.amazonaws.com;connect-src 'self' *.orangehrm.com *.orangehrmlive.com;worker-src blob: 'self';img-src * 'self' data: blob: 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.trendmicro.com http://*.trendmicro.com https://*.simpli.fi https://*.adsrvr.org https://*.yimg.com https://*.mypostcardmania.com https://*.adroll.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai blob: https://*.web-2-tel.com https://*.graph.facebook.com https://*.facebook.com https://*.phluant.com https://*.stackadapt.com https://*.hereapi.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.mrappliance.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.yellowmessenger.com; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.nblyprod.com https://*.yimg.com https://*.mrappliance.com https://*.btttag.com https://*.doubleclick.net https://*.adroll.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai blob: https://*.hereapi.com; font-src https://*.cloudflare.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.nblyprod.com https://*.mrappliance.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai ; frame-src https://*.cloudflare.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.adsrvr.org https://*.rlets.com https://*.broadly.com https://*.mrappliance.com https://*.facebook.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.web-2-tel.com; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
default-src 'none'; base-uri 'self'; manifest-src 'self'; connect-src 'self' https://api.kolada.se https://youtube.com/ https://svanalytics.piwik.pro https://svanalytics.containers.piwik.pro https://rstts-eu.readspeaker.com https://vtdnntts-eu.readspeaker.com/ https://api.mediaflow.com https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://i14.inviewer.se *.sandviken.se https://m.mediaflow.com https://m1.analytics.sitevision-cloud.se https://mfstatic.com https://predict.rekai.se https://skattekollen.se https://stats.mediaflowpro.com https://uistats.sitevision.se https://v1.mediaflow.com https://v2.mediaflow.com https://view.rekai.se; font-src 'self' data: https://mfstatic.com https://static.mediaflowpro.com; form-action 'self' https://m1.analytics.sitevision-cloud.se *.sandviken.se; frame-src 'self' *.sandviken.se https://youtube.com/ https://vgs-gis.maps.arcgis.com https://api.screen9.com https://exportservice.actorsmartbook.se https://m1.analytics.sitevision-cloud.se https://marketplace.sitevision.se https://mpi.mashie.com https://play.mediaflow.com https://sandviken.ondemand.formpipe.com https://w.soundcloud.com https://www.linkedin.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://recruit.visma.com/ https://oppnadata.skr.se https://assets.mediaflowpro.com https://im14.inviewer.se https://images.citybreakcdn.com https://img.youtube.com *.sandviken.se https://media.objektvision.se https://mfstatic.com https://oppnadata.skl.se https://skattekollen.se https://static.mediaflowpro.com https://www.skidspar.se; media-src 'self' blob: https://m.mediaflow.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sandviken.se https://oppnadata.skr.se https://svanalytics.containers.piwik.pro https://cdn-eu.readspeaker.com https://code.jquery.com https://i14.inviewer.se https://m1.analytics.sitevision-cloud.se https://mfstatic.com https://oppnadata.skl.se https://platform.linkedin.com https://skattekollen.se https://static.mediaflowpro.com https://static.rekai.se https://uistats.sitevision.se  https://www.gstatic.com https://www.linkedin.com https://www.skidspar.se; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com https://cdn-images.mailchimp.com *.sandviken.se https://mfstatic.com https://oppnadata.skl.se https://skattekollen.se https://static.mediaflowpro.com https://www.gstatic.com 1
default-src https: data: blob: 'unsafe-inline'; object-src 'self'; script-src  'self' https://cdn.tiny.cloud/ https://static.zdassets.com/ https://*.meruscase.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.syndication.twimg.com/ https://merus-assets.s3.amazonaws.com/ https://*.facebook.net/ https://*.googleapis.com/ https://*.aspnetcdn.com/ https://*.microsoft.com https://maxcdn.bootstrapcdn.com/ https://*.youtube.com/ https://s.ytimg.com/ https://js.recurly.com/ https://cdn.wootric.com/ https://static.headnotepayments.com/ https://static.zdassets.com/ https://snap.licdn.com/ https://unpkg.com/ 'unsafe-eval' 'unsafe-inline' https://code.jquery.com/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://js.hs-analytics.net/ https://js.hs-scripts.com/ https://api.usemessages.com/ https://js.usemessages.com/ https://js.hsforms.net/ https://js.hsleadflows.net/; style-src 'self' 'unsafe-inline' https: 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ctrlq.org/logs/ https://ctrlq.org/sidekiq/ https://ctrlq.org/mini-profiler-resources/ https://ctrlq.org/assets/ https://ctrlq.org/extra-locales/ https://ctrlq.org/highlight-js/ https://ctrlq.org/javascripts/ https://ctrlq.org/plugins/ https://ctrlq.org/theme-javascripts/ https://ctrlq.org/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' 'sha256-QFlnYO2Ll+rgFRKkUmtyRublBc7KFNsbzF7BzoCqjgA='; worker-src 'self' https://ctrlq.org/assets/ https://ctrlq.org/javascripts/ https://ctrlq.org/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24newsrf.com https://push.24newsrf.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.24newsrf.com https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.24newsrf.com ; 1
frame-ancestors 'self' mychart.sfmc.net ecs-mc-tv101.sfmc.net; 1
default-src dock.ui.bosch.tech  *.hotjar.io *.hotjar.com wss://*.hotjar.com 'self'  script.hotjar.com vc.hotjar.io in.hotjar.com *.yandex.com *.yandex.ru *.comagic.ru extranet.buderus.com s.webtrends.com *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.google-analytics.com stats.g.doubleclick.net; media-src 'self' *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com; font-src 'self' *.hotjar.com *.yandex.ru *.comagic.ru fonts.gstatic.com data:; object-src data: 'self'  *.yandex.ru *.comagic.ru ; img-src 'self' *.buderus.com buderus.com *.azurewebsites.net http: bott-tc2.nautilus bott-fs.nautilus https: *.azurewebsites.net bott-tc2.nautilus bott-fs.nautilus blob: data: https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.yandex.ru *.comagic.ru cdn.datatables.net fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com; script-src dock.ui.bosch.tech  https: 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.comagic.ru https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com; frame-src 'self' https: mailto: bosch.mi4biz.net www.boschthermolife.com buderus-pl.boschtt-documents.com https://optimize.google.com; frame-ancestors 'self' https: bosch.mi4biz.net buderus-pl.boschtt-documents.com http://fs52-buderus-dev.kittelberger.net; connect-src http: https: wss://ws.hotjar.com wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com 1
default-src 'self' *.jjkeller.com *.gstatic.com *.mypurecloud.com; script-src 'self' tagmanager.google.com www.googletagmanager.com www.google-analytics.com learn.vubiz.com ajax.googleapis.com 'unsafe-inline' 'unsafe-eval' *.mypureconnect.com *.mypurecloud.com *.pureconnect.com *.jjkeller.com *.cloudfront.net *.us.cscp.hosted-inin.com cloud.scorm.com; frame-src 'self' *; style-src 'self' cdnjs.cloudflare.com tagmanager.google.com learn.vubiz.com fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' cdnjs.cloudflare.com *.gstatic.com data:; img-src 'self' jjk-tod-dev.s3.us-east-2.amazonaws.com jjk-tod-qas.s3.us-east-2.amazonaws.com jjk-tod-prod.s3.us-east-2.amazonaws.com jjk-training-mc.s3.us-east-2.amazonaws.com jjk-training-mc-qas.s3.us-east-2.amazonaws.com jjk-training-mc-prod.s3.us-east-2.amazonaws.com student-center-dev.s3.us-east-2.amazonaws.com student-center-prod.s3.us-east-2.amazonaws.com *.gstatic.com www.googletagmanager.com www.google-analytics.com data: www.jjkellertraining.com *.us.cscp.hosted-inin.com *.jjkeller.com; media-src 'self' data:; connect-src 'self' wss: cloud.scorm.com www.google-analytics.com metrics.articulate.com elearning.heart.org *.mypurecloud.com *.us.cscp.hosted-inin.com *.jjkeller.com 1
base-uri 'self';default-src 'self' blob:;font-src 'self' *.naf.no res.cloudinary.com script.hotjar.com fonts.gstatic.com data:;media-src 'self' *.naf.no res.cloudinary.com blob:;form-action 'self' qa-extra2-core.qa.gneis.io qa-circlekid-core.qa.gneis.io id.circlekeurope.com extra.circlekeurope.com;frame-src app.vwo.com https://*.visualwebsiteoptimizer.com omny.fm https://*.youtube.com youtube.com stage.id.naf.no id.naf.no embed.acast.com 6680107.fls.doubleclick.net web106.reachmee.com https://*.hotjar.com dntcl.qualaroo.com datawrapper.dwcdn.net consentcdn.cookiebot.com checkout.vipps.no consent.cookiebot.com google.com https://*.google.com google.no https://*.google.no tpc.googlesyndication.com tourstart.org d1omrgmvhbogxk.cloudfront.net td.doubleclick.net secure.viewer.zmags.com;child-src omny.fm https://*.youtube.com youtube.com stage.id.naf.no id.naf.no embed.acast.com 6680107.fls.doubleclick.net web106.reachmee.com vars.hotjar.com static.hotjar.com dntcl.qualaroo.com datawrapper.dwcdn.net consentcdn.cookiebot.com consent.cookiebot.com google.com;style-src 'self' *.naf.no 'unsafe-inline' 'report-sample' https://*.visualwebsiteoptimizer.com s3.amazonaws.com app.vwo.com cdn.pushcrew.com fonts.googleapis.com optimize.google.com translate.googleapis.com https://*.hotjar.com www.googletagmanager.com;img-src 'self' *.naf.no *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com chart.googleapis.com cdn.sanity.io sgtm.naf.no google.ie *.google.ie script.hotjar.com ade.googlesyndication.com data: www.naf.no res.cloudinary.com bildata.ofv.no *.google.com *.google.no *.google.dk *.google.es *.google.se *.google.de *.google.fi *.google.lv *.google.co.th *.google.pl *.google.com.tr *.google.co.uk *.google.co.nz *.google.lk *.google.co.id *.google.pt *.google.ch *.google.be *.googletagmanager.com www.googletagmanager.com *.googleapis.com pagead2.googlesyndication.com 6054118.global.siteimproveanalytics.io www.facebook.com marketing.naf.no *.clarity.ms c.clarity.ms bat.bing.com c.bing.com ad.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.gstatic.com img.youtube.com www.googleadservices.com www.analytics-debugger.com imgsct.cookiebot.com;script-src 'strict-dynamic' 'self' *.naf.no 'unsafe-inline' *.naf.no *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com consent.cookiebot.com consentcdn.cookiebot.com *.sgtm.naf.no sgtm.naf.no 'nonce-l58WcZaFtYasJj0UNPB4zA==' script.hotjar.com euwa.puzzel.com connect.facebook.net maps.googleapis.com 'report-sample';script-src-attr 'self' 'unsafe-inline' consent.cookiebot.com m.facebook.com 'report-sample';object-src 'none';connect-src 'self' *.naf.no *.visualwebsiteoptimizer.com app.vwo.com *.ent.northeurope.azure.elastic-cloud.com *.puzzel.com google.com google.ie *.google.ie googleads.g.doubleclick.net *.google.com *.cookiebot.com *.hotjar.io *.hotjar.com *.mouseflow.com vc.hotjar.io pagead2.googlesyndication.com wss://sr-naf-ch-dev.service.signalr.net wss://sr-naf-ch-test.service.signalr.net wss://sr-naf-ch-prod.service.signalr.net sr-naf-ch-dev.service.signalr.net sr-naf-ch-test.service.signalr.net sr-naf-ch-prod.service.signalr.net wss://sigr-nafch-dev.service.signalr.net wss://sigr-nafch-test.service.signalr.net wss://sigr-nafch-prod.service.signalr.net sigr-nafch-dev.service.signalr.net sigr-nafch-test.service.signalr.net sigr-nafch-prod.service.signalr.net res.cloudinary.com in.hotjar.com stats.g.doubleclick.net stage.id.naf.no id.naf.no dev-api2.naf.no test-api2.naf.no api2.naf.no dc.services.visualstudio.com *.sgtm.naf.no sgtm.naf.no api.billan.nordea.no bat.bing.com *.clarity.ms www.clarity.ms wss://*.hotjar.com maps.googleapis.com www.gstatic.com naf.matomo.cloud video-analytics-api.cloudinary.com ws.geonorge.no/ region1.google-analytics.com analytics-api-s.cloudinary.com dev-api2.naf.no test-api2.naf.no api2.naf.no;frame-ancestors https://*.naf.no https://dev.cms.naf.no https://test.cms.naf.no https://cms.naf.no;upgrade-insecure-requests;worker-src 'self' blob:;manifest-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https: 'self' yoast.com *.google.com *.mktoresp.com; img-src https: data: 'self' *.gravatar.com; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; font-src https: data: 'self' http: fonts.googleapis.com; media-src blob: 'self' *.cloudfront.net 1
base-uri 'none'; frame-ancestors 'self'; style-src 'self' optimize.google.com https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com 'unsafe-inline' www.googletagmanager.com static.freeimages.com; default-src 'none'; font-src 'self' fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com static.freeimages.com; object-src 'none'; img-src 'self' cdn.cookielaw.org images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com http://script.hotjar.com www.google-analytics.com www.googletagmanager.com optimize.google.com www.gstatic.com *.google-analytics.com *.analytics.google.com fonts.gstatic.com *.freeimages.com data: blob: 'self' images.freeimages.com media.istockphoto.com www.google-analytics.com www.google.com www.google.com.uy cdn.cookielaw.org data: www.gstatic.com static.freeimages.com; script-src 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com 'unsafe-inline' static.freeimages.com; connect-src 'self' geoapi.freeimages.com https://*.freeimages.com https://geoapi.freeimages.com cookies-data.onetrust.io getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com picspree.s3.amazonaws.com vectorhq-files.s3.amazonaws.com clipartlogo-getty.s3.amazonaws.com 365psd-getty.s3.amazonaws.com clipartme-getty.s3.amazonaws.com vectorme-getty.s3.amazonaws.com findicons-getty.s3.amazonaws.com https://*.hotjar.com https://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.google-analytics.com *.analytics.google.com analytics.google.com 'self' getty.datta.store www.google-analytics.com stats.g.doubleclick.net cdn.cookielaw.org freeimages-production.s3.amazonaws.com geoapi.freeimages.com cookies-data.onetrust.io geolocation.onetrust.com in.hotjar.com stats.g.doubleclick.net wss://*.hotjar.com static.freeimages.com; frame-src www.google.com vars.hotjar.com optimize.google.com converter.freeimages.com; script-src-elem 'self' www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org https://*.onetrust.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com https://www.google.com https://www.gstatic.com ajax.googleapis.com 'unsafe-inline' static.freeimages.com; manifest-src 'self' static.freeimages.com; form-action 'self' 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; connect-src https:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri /json/csp-violation 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src http: https: blob: data:; font-src https: data:; object-src 'none'; connect-src https: wss://api.appcues.net; frame-src https: blob: data:; 1
default-src 'self' *.bokf.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: api.ipdata.co cdn.stape.io https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.clarity.ms https://bat.bing.com *.bokf.com *.mpeasylink.com https://i.tryinteract.com https://tr-rc.lfeeder.com https://tag.clearbitscripts.com ws.sessioncam.com https://bokf.wufoo.com https://sc.lfeeder.com https://www.googleanalytics.com https://www.googleoptimize.com  https://optimize.google.com cdn.timetrade.com *.googletagmanager.com *.calcxml.com http://cdnjs.cloudflare.com http://www.google.com http://ajax.googleapis.com *.google-analytics.com http://maxcdn.bootstrapcdn.com *.cloudfront.net *.googleadservices.com app.quotemedia.com http://qmod.quotemedia.com c1.rfihub.net http://connect.facebook.net img.en25.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com *.doubleclick.net *.convertlanguage.com s3.amazonaws.com/trk.cetrk.com/9/t.js s3.amazonaws.com/trk.cetrk.com/b/t.js *.facebook.com https://www.linkedin.com/ www.gstatic.com cdn.glassboxcdn.com snap.licdn.com tracking.bokfinancial.com https://www.google-analytics.com https://ssl.google-analytics.com https://js.adsrvr.org https://insight.adsrvr.org https://extend.vimeocdn.com http://player.vimeo.com https://www.vimeo.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com vimeo.com/api/oembed.js www.bokfinancial.com www.bankofalbuquerque.com www.bankofoklahoma.com www.bankoftexas.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ fast.fonts.net https://optimize.google.com http://www.calcxml.com *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fonts.googleapis.com https://www.googletagmanager.com; img-src 'self' data: https://c.clarity.ms/c.gif https://fonts.gstatic.com https://cdn.cookielaw.org/ https://bat.bing.com https://geolocation.onetrust.com/ *.kaltura.com i.ytimg.com https://www.google-analytics.com https://tr-rc.lfeeder.com https://www.googletagmanager.com/ https://www.google.com.mx/ads/ *.mpeasylink.com http://www.google-analytics.com *.google.com https://stats.g.doubleclick.net insight.adsrvr.org *.bokfinancial.com *.bankofoklahoma.com *.bankofalbuquerque.com *.bankoftexas.com https://www.facebook.com http://www.calcxml.com https://i.vimeocdn.com px.ads.linkedin.com p.adsymptotic.com https://cm.g.doubleclick.net https://analytics.convertlanguage.com https://dpm.demdex.net https://www.linkedin.com/ https://match.adsrvr.org https://idpix.media6degrees.com https://s.thebrighttag.com https://uipglob.semasio.net https://loadm.exelator.com https://ads.scorecardresearch.com https://cw.addthis.com https://e.nexac.com https://match.sync.ad.cpe.dotomi.com https://cs.adingo.jp https://usermatch.krxd.net https://x.dlx.addthis.com https://x.bidswitch.net https://match.sharethrough.com https://simage2.pubmatic.com https://eb2.3lift.com https://load77.exelator.com https://pixel.rubiconproject.com https://su.addthis.com https://ib.adnxs.com https://pixel.tapad.com https://mid.rkdms.com/ https://dmp.truoptik.com https://i.liadm.com https://io.narrative.io https://odr.mookie1.com https://ups.analytics.yahoo.com https://ml314.com/utsync.ashx https://beacon.krxd.net https://tags.rd.linksynergy.com https://px4.ads.linkedin.com https://googleads.g.doubleclick.net https://data.adxcel-ec2.com https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; font-src 'self' data: https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ *.mpeasylink.com *.bankofalbuquerque.com *.bankofoklahoma.com *.bankoftexas.com *.bokfinancial.com fast.fonts.net *.cloudflare.com fonts.gstatic.com; connect-src 'self' https://v.clarity.ms/collect https://px.ads.linkedin.com https://bat.bing.com https://bam.nr-data.net/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://z.clarity.ms/collect chat.bok.com https://cdn.linkedin.oribi.io/ *.googleapis.com *.calcxml.com app.quotemedia.com https://cdn.linkedin.oribi.io api.addsearch.com report.bokf.glassboxdigital.io http://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://gtm-pchlzvs-yzg3y.uc.r.appspot.com; frame-src 'self' https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.calcxml.com/ https://www.clarity.ms *.mpeasylink.com *.timetrade.com https://optimize.google.com https://quiz.tryinteract.com/ https://bokf.wufoo.com https://cdn.embedly.com/ http://player.vimeo.com http://www.surveygizmo.com *.doubleclick.net adservice.google.com *.youtube.com http://www.google.com *.kaltura.com http://videos.bokf.com tracking.bokfinancial.com https://insight.adsrvr.org https://quickquote-config.optimalblue.com https://quickquote-consumer.optimalblue.com/ https://match.adsrvr.org https://*.bokf.com; frame-ancestors 'self' *.bokf.com; 1
frame-ancestors https://freight.lightning.force.com https://tableau-sandbox.uberinternal.com https://wok.uberinternal.com; 1
default-src 'self' https: data: wss://api.smooch.io/faye ; script-src 'self' http://*.googletagmanager.com http://static.klaviyo.com 'unsafe-eval' 'unsafe-inline' blob: https:; child-src lume.com https://mywallet.deals/ https://enrollnow.vip/ https://join.mywallet.deals/ https://pixel.sitescout.com https://www.googletagmanager.com https://servedby.flashtalking.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https:; font-src 'self' https://*.typekit.net data: https: ; img-src 'self' https://images.dutchie.com https://s3-us-west-2.amazonaws.com https://images.contentstack.io https://ad.ipredictive.com https://clickserv.sitescout.com https://maps.gstatic.com/ https://www.google-analytics.com https://www.googletagmanager.com/ https://pixel.sitescout.com https://i.ytimg.com/ https://raw.githubusercontent.com https://t.co https://analytics.twitter.com https://lumehelp.zendesk.com https://p23.zdusercontent.com https://media.smooch.io/ data:; 1
default-src 'self' googleads.g.doubleclick.net www.clarity.ms analytics.google.com; script-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com www.youtube.com player.vimeo.com fast.wistia.com static.cloudflareinsights.com www.googletagmanager.com https://www.google.com/recaptcha https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://*.pinimg.com https://*.pinterest.com https://*.studiodesigner.com https://*.adsrvr.org https://*.clickagy.com https://*.crazyegg.com https://*.zoominfo.com https://*.facebook.net https://*.bing.com https://*.greenhouse.io https://*.calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ googleads.g.doubleclick.net www.clarity.ms; style-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com/ https://*.greenhouse.io https://*.calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/; img-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com i.ytimg.com 2.gravatar.com secure.gravatar.com i.vimeocdn.com fast.wistia.com data: https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com/ https://www.google.pl https://*.bing.com https://www.facebook.com https://*.clickagy.com https://*.crwdcntrl.net https://*.agkn.com https://*.rlcdn.com https://*.openx.net https://*.sitescout.com https://*.demdex.net https://*.greenhouse.io https://*.doubleclick.net https://*.calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ *.clarity.ms www.google.com.vn; font-src 'self' data: https://fonts.gstatic.com data: https://mystudiomedia.wpenginepowered.com/; connect-src 'self' vimeo.com pipedream.wistia.com fast.wistia.com distillery.wistia.com embed-cloudfront.wistia.com assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.clickagy.com https://*.crazyegg.com https://*.pinterest.com https://*.doubleclick.net https://www.google.pl https://*.zoominfo.com https://*.bing.com https://*.greenhouse.io https://calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ analytics.google.com *.clarity.ms; child-src 'self' www.youtube.com player.vimeo.com https://www.google.com https://bid.g.doubleclick.net https://ct.pinterest.com https://insight.adsrvr.org https://*.greenhouse.io https://*.clickagy.com https://www.facebook.com https://calendly.com https://*.zoom.us https://mystudiomedia.wpenginepowered.com/ blob: td.doubleclick.net; media-src 'self' 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' source-expression; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: youtube.com www.youtube.com; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
img-src * data: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  https://zoom.us/ https://www.gartner.com/ https://*.yandex.ru/ https://*.yandex.by/ https://*.yandex.com/ https://*.yandex.com.tr/ https://stats.g.doubleclick.net/ https://*.facebook.net/ https://*.facebook.com/ https://*.google.com/ https://google.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.googleapis.com/ https://portal.immuniweb.com/ https://static.immuniweb.com/assets/ https://fs-static.immuniweb.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://buttons.github.io/; font-src 'self' data: https://static.immuniweb.com/ https://fs-static.immuniweb.com/ https://portal.immuniweb.com/ https://www.immuniweb.com/; block-all-mixed-content; report-uri https://www.immuniweb.com/csp/ 1
frame-ancestors 'self' https://admin.emeraldconnect.com https://admin2.emeraldconnect.com 1
upgrade-insecure-requests; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' www.buas.nl buas.us5.list-manage.com bat.bing.com squeezely.tech www.clarity.ms tr.snapchat.com snap.licdn.com *.tiktok.com cdn.jsdelivr.net cdnjs.cloudflare.com tr.datatrics.com malong.webinargeek.com webinargeek.com www.google-analytics.com www.googleadservices.com sc-static.net connect.facebook.net chimpstatic.com static.hotjar.com script.hotjar.com googleads.g.doubleclick.net www.youtube.com www.google.com ajax.googleapis.com www.googletagmanager.com consentcdn.cookiebot.com consent.cookiebot.com polyfill.io unpkg.com static.doubleclick.net cdn.unibuddy.co buas.easycruit.com; 1
base-uri 'none'; child-src 'self' blob: data: volvoconnect.com api.volvoconnect.com app.volvoconnect.com; connect-src 'self' *.api.here.com *.api.sanity.io *.apicalsolutions.com *.apicdn.sanity.io *.app.prod.shared.eu.vgtng.volvo.com *.demo.api.here.com *.execute-api.eu-north-1.amazonaws.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us-east-1.prod.aws.vgthosting.net *.prod.shared.us.vgtng.volvo.com *.pusherplatform.io *.s3.amazonaws.com *.screencast.com *.sendbird.com *.tile.openstreetmap.org *.walkme.com *.youtube.com api.volvoconnect.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.vgcs.volvo.com api.sanity.io api.volvotrucks.com apical.uksouth.cloudapp.azure.com apicdn.sanity.io assets.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.gstatic.com gateway-prod.azure-api.net gdsp-resources.azureedge.net https://iot-vgcs-dc-gw.apicalsolutions.com/api/ prod-vgcs-dc-gw.apicalsolutions.com https://qa-vgcs-dc-gw.apicalsolutions.com/api/ login.volvoconnect.com login.microsoftonline.com login.prod.volvoconnect.com login.support.na.prod.vg-cs.com natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net oprepo.prod.shared.eu.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vconnect.sems.ws vfs-customerconnect-api.azurewebsites.net vfsvolvoconnectapidev.azurewebsites.net vg-vfs-volvoconnect-api-dev.azurewebsites.net vgcs-atom.s3.eu-north-1.amazonaws.com vtrucks.prod.sems.ws wss://*.app.prod.shared.eu.vgtng.volvo.com wss://*.app.prod.shared.us.vgtng.volvo.com wss://*.prod.shared.eu.vgtng.volvo.com wss://*.prod.shared.us.vgtng.volvo.com wss://*.pusherplatform.io wss://*.sendbird.com wss://api.volvoconnect.com wss://oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net wss://sendbird.com www.google-analytics.com www.volvobuses.com wss://57tklffer0.execute-api.eu-north-1.amazonaws.com nln43j2hm8.execute-api.eu-west-1.amazonaws.com vfsvolvoconnectapiqa.azurewebsites.net vfsvolvoconnectapiprod.azurewebsites.net wss://logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net *.vgcs-atom.com wss://ws.transport-engine.prod.vgcs-atom.com transport-pattern.prod.vgcs-atom.com wss://*.vgcs-atom.com neuronths.com logbrary.prod.shared.eu-west-1.prod.aws.vgthosting.net resources.gdsp.volvo.com qa.natelematics.com *.adobedtm.com *.assetsadobe.com s3-eu.walkmeusercontent.com ec.walkme.com maps.gstatic.com api.natelematics.com us-east-1.quicksight.aws.amazon.com api.natelematics.com privacyportal-de.onetrust.com api.na.vgcs.volvo.com api.optifleet-evol.net demdex.net volvogroup.data.adobedc.net *.demdex.net *.everesttech.net everesttech.net *.adobedc.net adobedc.net api.optifleet.net api.renault-trucks.com *.volvobuses.com s3.eu-west-1.amazonaws.com volvobuses.com api.met.no volvobuses.com de.qa.l-os.com vbap-dev-euw-func-01.azurewebsites.net asddkawasdsdasd api.ko.vgcs.volvo.com *.prod.vg-cs.com wss://api.eu.vgcs.volvo.com wss://api.na.vgcs.volvo.com *.gdsp.volvo.com stage-volvobuses-com.aws.43636.vnonprod.com vbap-prod-euw-func-01.azurewebsites.net sentry.io *.sentry.io s3.eu-central-1.amazonaws.com api.eu.vgcs.volvo.com api.positronrt.com.br positronrtauth.positronrt.com.br dev-api.positronrt.com.br *.aidenbackend.com 0psyf9f4dk.execute-api.eu-west-1.amazonaws.com kbjp4quhq6.execute-api.eu-west-1.amazonaws.com 3ijxfboc28.execute-api.eu-west-1.amazonaws.com *.openstreetmap.org *.stadiamaps.com *.positronrt.com.br dashboard.natelematics.com dashboard.dev.natelematics.com dashboard.qa.natelematics.com dashboard.test.natelematics.com aswespcdev2dw4-backend.azurewebsites.net blob: data: iw.maintenanceplan-back.renault-trucks.com iw.maintenanceplan-back-qa.renault-trucks.com; default-src volvoconnect.com; frame-src 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.sendbird.com *.walkme.com api.volvoconnect.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com app.volvoconnect.com blob: chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net data: doubleclick.net https://login.microsoftonline.com login.volvoconnect.com natelematics.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com qa.natelematics.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org suptl.prod.shared.eu-west-1.prod.aws.vgthosting.net uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net suptl.prod.shared.us-east-1.prod.aws.vgthosting.net s3.eu-west-1.amazonaws.com us-east-1.quicksight.aws.amazon.com s3.amazonaws.com *.demdex.net demdex.net *.gdsp.volvo.com tnc.volvoconnect.com tnc.support.na.iot1.vg-cs.com tnc.support.eu.iot1.vg-cs.com tnc.support.na.qa.vg-cs.com tnc.support.eu.qa.vg-cs.com *.volvotrucks.us * volvotrucks.ca *.macktrucks.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.app.prod.shared.eu.vgtng.volvo.com *.googleapis.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.volvoconnect.com api.gdsp.volvo.com buttons.github.io cdn.cookielaw.org cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net d3sbxpiag177w8.cloudfront.net dev1-publish.volvo.netcentric.biz doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.volvoconnect.com login.prod.volvoconnect.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com stats.g.doubleclick.net resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.googletagmanager.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.gdsp.volvo.com; font-src 'self' *.googleapis.com *.screencast.com *.sendbird.com *.walkme.com 3b3ehuo35wzeh.cloudfront.net api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com buttons.github.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com chrome-extension: data: doubleclick.net fonts.gstatic.com gdsp-resources.azureedge.net login.volvoconnect.com maps.gstatic.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com *.gdsp.volvo.com; form-action 'self' *.app.prod.shared.eu.vgtng.volvo.com *.prod.shared.eu.vgtng.volvo.com *.prod.shared.us.vgtng.volvo.com volvoconnect.com api.volvoconnect.com login.volvoconnect.com api.na.vgcs.volvo.com api.eu.vgcs.volvo.com; frame-ancestors 'self'; img-src 'self' *.api.here.com *.demo.api.here.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.s3.amazonaws.com *.screencast.com *.sendbird.com *.tile.openstreetmap.org *.walkme.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com assets.volvo.com blob: buttons.github.io cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d2qhvajt3imc89.cloudfront.net d3b3ehuo35wzeh.cloudfront.net data: dev1-publish.volvo.netcentric.biz doubleclick.net fonts.gstatic.com gdsp-resources.azureedge.net login.volvoconnect.com maps.gstatic.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com ssl.gstatic.com stats.g.doubleclick.net storybook.js.org uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com www.google-analytics.com www.volvobuses.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com some.domain.somewhere s3-eu.walkmeusercontent.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.everesttech.net *.demdex.net demdex.net everesttech.net adobedc.net *.adobedc.net *.gdsp.volvo.com s3.eu-central-1.amazonaws.com asd assets.dev.aidenbackend.com *.openstreetmap.org *.stadiamaps.com; manifest-src 'self'; media-src assets.volvo.com *.vgcs-atom.com 'self' s3.eu-central-1.amazonaws.com; object-src 'none'; report-to csp-endpoint; report-uri https://55dafc20b00345383dabdc090f37b786.report-uri.com/r/t/csp/enforce https://api.eu.vgcs.volvo.com/sentry/api/2/security/?sentry_key=4cf46b8c92821e51de651ec6914ce9a0; style-src 'self' 'unsafe-inline' *.api.here.com *.demo.api.here.com *.googleapis.com *.here.com *.hereapi.com *.ls.hereapi.com *.screencast.com *.sendbird.com *.walkme.com api-qa.gdsp.volvo.com api.eu.prod.vgcs.volvo.com api.eu.vgcs.volvo.com api.gdsp.volvo.com api.na.prod.vgcs.volvo.com api.prod.vgcs.volvo.com buttons.github.io cdn.sanity.io cdnjs.cloudflare.com chatkit-file-service-us1.s3.amazonaws.com d3b3ehuo35wzeh.cloudfront.net doubleclick.net fonts.googleapis.com gdsp-resources.azureedge.net login.volvoconnect.com login.prod.volvoconnect.com oprepo.prod.shared.eu-west-1.prod.aws.vgthosting.net prod.api.volvotrucks.com resources.gdsp.volvo.com s3.walkmeusercontent.com sendbird.com stats.g.doubleclick.net storybook.js.org tagmanager.google.com uddi.prod.shared.eu-west-1.prod.aws.vgthosting.net vgcs-atom.s3.eu-north-1.amazonaws.com *.vgcs-atom.com *.adobedtm.com *.assetsadobe.com us-east-1.quicksight.aws.amazon.com volvogroup.data.adobedc.net *.gdsp.volvo.com; upgrade-insecure-requests; worker-src 'self' blob: data: eu-cdn.walkme.com *.walkme.com walkme.com; 1
default-src 'self'; base-uri 'self'; script-src 'nonce-9e7f3011a897f714846f69a2b16878b8' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.elitepartner.de tms.elitepartner.de *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: http: https: *.instana.io ; font-src 'self' data: *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.com.au; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info analytics.twitter.com static.ads-twitter.com secure.quantserve.com rules.quantcount.com auth.airnewzealand.co.nz auth.airnewzealand.com.au ssl.google-analytics.com cdnjs.cloudflare.com musculahq.appspot.com xsell.expedia.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' p-airnz.com ; frame-src 'self' *.google.com auth.identity.airnewzealand.com nz.fltmaps.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com sec.windcave.com uat.windcave.com hotels.airnewzealand.com.au forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html www.airnewzealand.co.nz/payment/scripts/done.html airnz-cargo.chooose.today airnz-corporate.chooose.today oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.com.au identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info ssl.google-analytics.com muscula.herokuapp.com sec.windcave.com uat.windcave.com https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'self' https:; report-uri /csp-report 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.google-analytics.com *.googletagmanager.com www.gstatic.com siteimproveanalytics.com snap.licdn.com *.googleapis.com https://cdnjs.cloudflare.com https://us1.siteimprove.com use.typekit.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com p.typekit.net use.typekit.net https://cdnjs.cloudflare.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; img-src 'self' data: *.google-analytics.com 29268.global.siteimproveanalytics.io p.adsymptotic.com px.ads.linkedin.com p.typekit.net *.google.com *.googletagmanager.com https://vuture.debevoise.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com https://media.debevoise.com https://www.newyorkdiversity.com https://cdn.yoshki.com; connect-src 'self' *.google-analytics.com analytics.google.com *.doubleclick.net cdn.linkedin.oribi.io https://media.debevoise.com; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au chatbot.digital.vic.gov.au *.chatbot.digital.vic.gov.au usercheck.vgso.vic.gov.au cdnjs.cloudflare.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com cdn.monsido.com app-script.monsido.com connect.facebook.net *.cloudfront.net media.twiliocdn.com *.youtube.com ytimg.com *.ytimg.com public.tableau.com *.openforms.com *.serving-sys.com player.vimeo.com spreadsheets.google.com cdn.storerocket.io cdn.jsdelivr.net *.mapbox.com *.googleadservices.com drive.google.com *.googleusercontent.com docs.google.com web-messenger.ingenious.ai *.smooch.io maps.googleapis.com sc-static.net ecodev.jotform.com; style-src 'self' 'unsafe-inline' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au ui.chatbot.digital.vic.gov.au fonts.googleapis.com tagmanager.google.com fast.fonts.net *.openforms.com fontlibrary.org *.googletagmanager.com web-messenger.ingenious.ai *.smooch.io drwgdblqzrfiz.cloudfront.net; img-src 'self' *.amazee.io *.analytics.google.com *.content.vic.gov.au *.doubleclick.net *.fastly.net *.google-analytics.com *.google.com *.google.com.au *.gravatar.com *.gstatic.com *.hotjar.com *.hotjar.io *.ingenious.ai *.sdp.vic.gov.au *.smooch.io *.www.vic.gov.au api.mapbox.com assets.storerocket.io au-gmtdmp.mookie1.com base.maps.vic.gov.au blob: cdn.storerocket.io content.vic.gov.au data: dhhs.vic.gov.au drwgdblqzrfiz.cloudfront.net i.ytimg.com lh3.googleusercontent.com maps.googleapis.com maps.gstatic.com secure.adnxs.com tracking.monsido.com vic-bot.netlify.app wss://*.hotjar.com www.dhhs.vic.gov.au www.facebook.com www.google.co.id www.google.co.jp www.google.co.uk www.google.co.za www.google.com www.google.com.bo www.google.com.br www.google.com.co www.google.com.eg www.google.com.mx www.google.com.na www.google.com.om www.google.com.pk www.google.com.sg www.google.com.tr www.google.com.ua www.google.fr www.google.gr www.google.hr www.google.ie www.google.it www.google.lk www.google.nl www.google.rs www.googletagmanager.com www.vic.gov.au; font-src 'self' data: www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au fonts.gstatic.com *.hotjar.com *.hotjar.io wss://*.hotjar.com fonts.gstatic.com fontlibrary.org *.smooch.io *.ingenious.ai; frame-src 'self' www.vic.gov.au content.vic.gov.au *.www.vic.gov.au *.content.vic.gov.au *.sdp.vic.gov.au *.vic.gov.au *.hotjar.com *.hotjar.io wss://*.hotjar.com *.vimeo.com vimeo.com *.youtube.com youtube.com *.youtube-nocookie.com youtube-nocookie.com batchgeo.com www.google.com app.powerbi.com macuport.com dhhs.carto.com public.tableau.com *.libsyn.com *.soundcloud.com *.openforms.com *.serving-sys.com tour.cite360.com.au *.doubleclick.net livestream.com flo.uri.sh zingtree.com control.5stream.com *.podbean.com lgi-complaint-form-uat.powerappsportals.com www.kuula.co s3-ap-southeast-2.amazonaws.com e.issuu.com deakin.h5p.com padlet.com e.infogram.com fuse.education.vic.gov.au *.arcgis.com ecodev.jotform.com app.vision6.com.au *.formsite.com digitaltender.alstom.com urldefense.com app4.vision6.com.au; manifest-src 'self'; media-src 'self' *.ingenious.ai; connect-src 'self' *.analytics.google.com *.api.go.vic.gov.au *.arcgis.com *.au.ingenious.ai *.chatbot.digital.vic.gov.au *.content.vic.gov.au *.doubleclick.net *.fastly.net *.google-analytics.com *.hotjar.com *.hotjar.io *.mapbox.com *.myvictoria.vic.gov.au *.sdp.vic.gov.au *.smooch.io *.storerocket.io *.www.vic.gov.au analytics.google.com api.go.vic.gov.au api.ipify.org chatbot.digital.vic.gov.au content.vic.gov.au corp-geo.mapshare.vic.gov.au directory.data.vic.gov.au discover.data.vic.gov.au drwgdblqzrfiz.cloudfront.net flex-api.twilio.com iam.twilio.com maps.googleapis.com secure-ds.serving-sys.com stat.data.abs.gov.au storerocket.io tsock.us1.twilio.com web-messenger.ingenious.ai wss://*.hotjar.com wss://*.smooch.io wss://tsock.us1.twilio.com www.facebook.com www.google.com www.vic.gov.au; frame-ancestors 'self' *.vic.gov.au *.shrine.org.au *.victorianveteranscouncil.org.au; 1
games.yourlifechoices.com.au 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.konverto.eu/ https://konvertoinbound.activehosted.com https://connect.facebook.net *.google-analytics.com https://www.analytics.konverto.eu/* www.googletagmanager.com https://ssl.google-analytics.com https://my.konverto.eu https://cdn1.onboard.org https://www.gstatic.com https://www.google.com;font-src 'self' fonts.gstatic.com;style-src 'unsafe-inline' https://unpkg.com fonts.googleapis.com hello.myfonts.net https://my.konverto.eu 'self';img-src 'self' data: *.facebook.com/ *.google-analytics.com/ *.google.com/ *.google.it/ https://stats.g.doubleclick.net/ https://i.ytimg.com/;frame-src player.vimeo.com www.youtube.com www.youtube-nocookie.com www.google.com konverto.onboard.org;connect-src 'self' https://analytics.konverto.eu/ *.doubleclick.net *.google-analytics.com/ wss://rol.vip.rolvoice.it/ https://my.konverto.eu https://cdn1.onboard.org/ https://country.api.rollive.it/; 1
img-src data: 'self' *.gstatic.com www.facebook.com www.google.it https://*.fna.fbcdn.net www.google.com www.google-analytics.com https://region1.google-analytics.com https://maps.googleapis.com *.ggpht *.ytimg.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://optanon.blob.core.windows.net ; 1
frame-ancestors 'self'; default-src https:; connect-src https: wss:; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.gr https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.gr https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.gr;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.gr  https://smetrics.vwfs.gr https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.gr;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.gr https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.gr https://smetrics.vwfs.gr https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.gr http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: alfiekohn.org 1
child-src 'self' *.google.com; 1
default-src 'self'; script-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com  https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.jiocloud.com https://*.cdn-apple.com https://*.facebook.net https://*.cloudfront.net https://*.wzrkt.com https://*.akamaized.net 'unsafe-inline' 'unsafe-eval' https://www.pagespeed-mod.com; img-src 'self' https://www.facebook.com https://scontent.xx.fbcdn.net https://www.google.co.in https://*.jiocloud.com https://*.officeapps.live.com https://*.cdn.office.net https://*.googletagmanager.com https://*.ytimg.com *.google-analytics.com *.googleusercontent.com blob: https://*.jiocloud.com data: ; style-src 'self' https://cdnjs.cloudflare.com https://*.jiocloud.com https://maxcdn.bootstrapcdn.com 'unsafe-inline'; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com https://stats.g.doubleclick.net https://*.facebook.com wss://*.jiocloud.com https://*.jiocloud.com https://www.facebook.com data:; font-src 'self' data: https://*.jiocloud.com ; media-src 'self' blob: https://*.jiocloud.com; frame-src 'self' personal.jiocloudpc.in testhylite.accops.com *.tejdrive.com *.google.com https://*.googleapis.com https://*.jiocloud.com https://youtube.com https://*.youtube.com https://*.officeapps.live.com https://*.cdn.office.net; frame-ancestors 'self' personal.jiocloudpc.in testhylite.accops.com *.tejdrive.com *.google.com https://*.jiocloud.com; form-action 'self' *.google.com https://*.jiocloud.com https://*.officeapps.live.com https://*.cdn.office.net https://*.jio.com https://*.jiolabs.com; worker-src 'self' blob: https://*.jiocloud.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-RPBvvQBhhCljSg-mKSHTzQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com http://www.youtube.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.doubleclick.net https://*.oswald.ai  https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://*.mobiscroll.com https://cdn.jsdelivr.net https://unpkg.com https://datacapture.dropsolid.com https://sc-static.net https://www.google.com https://www.gstatic.com https://*.unibuddy.co/ https://firebaseinstallations.googleapis.com https://cookie-cdn.cookiepro.com/ https://cdn1.fbri.co; object-src 'self'; img-src 'self' https://*.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.google.com https://*.facebook.com data: https://www.makeitfly.group https://www.google.be https://px.ads.linkedin.com https://cdn.jsdelivr.net https://www.linkedin.com https://*.snapchat.com *.google-analytics.com *.analytics.google.com https://cookie-cdn.cookiepro.com/; media-src 'self'; frame-src 'self' https://*.hotjar.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.oswald.ai https://kuula.co/ https://*.vimeo.com https://*.doubleclick.net https://*.snapchat.com https://unibuddy.co/ https://*.odisee.be https://services.libis.be/ https://firebaseinstallations.googleapis.com https://*.unibuddy.co/ https://maps.google.com https://cdnapisec.kaltura.com https://e.issuu.com https://return.flexmail.eu https://open.spotify.com/; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com data: https://pro.fontawesome.com https://*.cloudflare.com; connect-src 'self' https://*.oswald.ai https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfunctions.net *.google-analytics.com *.analytics.google.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://cookie-cdn.cookiepro.com/ 1
default-src 'self' 'unsafe-inline' *; frame-ancestors 'self'; 1
default-src http: https:; script-src 'unsafe-inline' 'unsafe-eval' http: https: blob:; style-src 'unsafe-inline' http: https: blob:; img-src * data:; font-src http: https: data: blob:; frame-ancestors 'self' https://*.goccl.co.uk https://*.uatcarnival.com https://*.syscarnival.com https://*.syscarnival.co.uk https://*.uatcarnival.com https://*.goccl.com https://*.goccl.co.uk https://*.goccl.com.au https://*.carnivalcloud.net 1
frame-ancestors *.swingeren.dk;  1
frame-ancestors 'self' *.netcine.fi netcine.fi 1
default-src 'self' data:; script-src https://s.ytimg.com https://*.googletagmanager.com https://static.hotjar.com https://diffuser-cdn.app-us1.com https://resources.digital-cloud-west.medallia.com https://script.hotjar.com https://maxcdn.bootstrapcdn.com https://mktdplp102cdn.azureedge.net https://*.serving-sys.com https://*.ufcu.org https://*.googleapis.com https://*.gstatic.com https://connect.facebook.net https://ajax.aspnetcdn.com https://*.twitter.com https://*.twimg.com https://platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://*.sharethis.com https://*.youtube.com https://trackcmp.net https://prism.app-us1.com https://*.google.com https://js.web-2-tel.com https://*.doubleclick.net https://*.visualwebsiteoptimizer.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.vwo.com https://*.flashtalking.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com *.google-analytics.com cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com *.sharethis.com https://*.ufcu.org https://*.vwo.com https://*.flashtalking.com 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://insight.adsrvr.org https://pixel.rubiconproject.com https://ib.adnxs.com https://udc-neb.kampyle.com https://match.adsrvr.org https://cm.g.doubleclick.net https://ufcu-stg.sitefinity.cloud https://ups.analytics.yahoo.com *.sharethis.com https://apple-resources.s3.amazonaws.com https://*.ufcu.org https://trkn.us https://*.google.com https://*.visualwebsiteoptimizer.com netdna.bootstrapcdn.com kendo.cdn.telerik.com https://googleads.g.doubleclick.net https://*.vwo.com https://*.flashtalking.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com *.google-analytics.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com *.sharethis.com; frame-src 'self' https://www.facebook.com/ https://resources.digital-cloud-west.medallia.com *.youtube.com https://*.serving-sys.com https://www.agentinsure.com *.doubleclick.net https://*.vwo.com https://*.flashtalking.com forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://resources.digital-cloud-west.medallia.com https://udc-neb.kampyle.com https://maps.googleapis.com https://csmetrics.hotjar.com *.hawksearch.com *.hawksearch.net *.sharethis.com https://js.web-2-tel.com wss://ws.hotjar.com https://*.serving-sys.com https://content.hotjar.io https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.flashtalking.com 'self' forms.hubspot.com *.hsforms.com *.google-analytics.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.youtube.com blob: web-chat.nativechat.com 1
default-src 'none'; 	connect-src 'self' https://play.openpolicyagent.org https://www.google-analytics.com https://kubernetesjsonschema.dev https://raw.githubusercontent.com/yannh/kubernetes-json-schema/ https://cncf.github.io/banners/banners.yml; 	font-src 'self'; 	img-src 'self' data: https:; 	manifest-src 'self'; 	script-src 'self' https://www.google-analytics.com; 	style-src 'self' 'unsafe-inline' 1
default-src 'self'; img-src 'self' https: *.google-analytics.com data: www.google.com www.gravatar.com img.youtube.com https://gezondpl-production-files.s3.amazonaws.com/sync/site; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com assets.mlcdn.com *.mailerlite.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com *.mailerlite.com tpc.googlesyndication.com data:; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' *.sentry.io *.sentry-cdn.com *.google-analytics.com www.google.com adservice.google.com adservice.google.nl adservice.google.be adservice.google.es adservice.google.de adservice.google.co.uk adservice.google.co.th adservice.google.pl adservice.google.au adservice.google.sr adservice.google.fr adservice.google.tr adservice.google.it adservice.google.ch adservice.google.pt adservice.google.com.au adservice.google.com.eg adservice.google.com.mx adservice.google.co.za adservice.google.co.id adservice.google.at tpc.googlesyndication.com www.googletagservices.com securepubads.g.doubleclick.net www.gstatic.com static.mailerlite.com cdn.mailerlite.com d24s38jd6z1bka.cloudfront.net www.googletagmanager.com cdn.ampproject.org adsfac.eu connect.facebook.net pagead2.googlesyndication.com assets.mlcdn.com adsfac.eu mlcdn.com *.adform.net; connect-src 'self' ejeylotbz1.execute-api.eu-west-1.amazonaws.com iarbv22z1h.execute-api.eu-west-1.amazonaws.com *.sentry.io *.google-analytics.com securepubads.g.doubleclick.net pagead2.googlesyndication.com csi.gstatic.com adservice.google.com www.facebook.com stats.g.doubleclick.net ad.doubleclick.net *.doubleclick.net adclick.g.doubleclick.net doublieclick.net googleads.g.doubleclick.net www.googletagmanager.com; form-action 'self' static.mailerlite.com; frame-ancestors 'none'; frame-src 'self' *.safeframe.googlesyndication.com www.google.com www.youtube.com www.onlineassessmenttool.com www.onlinequizcreator.com securepubads.g.doubleclick.net player.vimeo.com vimeo.com 10063619.fls.doubleclick.net doubleclick.net googlesyndication.com *.googlesyndication.com; object-src 'none'; base-uri 'self' gezondheidsplein-nuxt-node14-development.eba-yacsfrnc.eu-west-1.elasticbeanstalk.com; report-to ; report-uri 1
default-src https: wss:; base-uri 'none'; font-src https: data:; img-src https: data:; script-src 'strict-dynamic' 'nonce-E16bm3zxR3Rv42mVMha2lQ=='; style-src https: 'unsafe-inline' 1
font-src *.olark.com mediacdn.espssl.com *.klevu.com *.ksearchnet.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.authorize.net destinilocators.com *.duosecurity.com *.olark.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com https://www.youtube.com http://www.sandbox.paypal.com *.twitter.com *.zendesk.com *.widen.net *.widencdn.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io store.paradoxlabs.com frontiercoop.widen.net *.olark.com *.listrakbi.com lux.speedcurve.com mediacdn.espssl.com *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.bing.com *.zopim.com *.zopim.io *.doubleclick.net *.google.com *.google.co.in *.mastercard.com *.widen.net *.widencdn.net *.gstatic.com *.facebook.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.exponea.com *.authorize.net js-agent.newrelic.com bam.nr-data.net destinilocators.com *.olark.com *.listrakbi.com cdn.speedcurve.com acsbapp.com s.pinimg.com bat.bing.com ct.pinterest.com js.klevu.com *.ksearchnet.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.bing.com *.zopim.com *.zdassets.com *.google.com *.zendesk.com *.widen.net *.widencdn.net https://www.googletagmanager.com tagmanager.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.olark.com *.listrakbi.com mediacdn.espssl.com *.klevu.com *.ksearchnet.com 'unsafe-inline' assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.fontawesome.com *.bing.com *.widen.net *.widencdn.net tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.olark.com *.zopim.com *.zopim.io *.widen.net *.widencdn.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.exponea.com *.authorize.net bam.nr-data.net *.listrakbi.com lux.speedcurve.com *.acsbapp.com acsbapp.com ct.pinterest.com bat.bing.com *.olark.com *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.twitter.com *.twimg.com *.zdassets.com *.zopim.com *.zopim.io wss://widget-mediator.zopim.com *.google-analytics.com https://stats.g.doubleclick.net *.zendesk.com *.widen.net *.widencdn.net *.facebook.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.olark.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.dadata.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mod.calltouch.ru https://ipa.iitrust.ru https://*.googleapis.com https://*.yandex.ru https://yastatic.net https://api-maps.yandex.ru https://*.maps.yandex.net https://*.gstatic.com https://mc.yandex.ru https://www.googletagmanager.com https://*.dadata.ru; font-src 'self' https://fonts.gstatic.com https://*.dadata.ru data:; img-src 'self' data: https://developers.google.com https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://*.yandex.ru https://*.maps.yandex.net https://*.dadata.ru; connect-src 'self' https://ipa.iitrust.ru https://*.googleapis.com https://www.google-analytics.com https://*.gstatic.com https://mc.yandex.ru https://*.yandex.ru https://mc.yandex.md https://*.dadata.ru; child-src 'self' https://mc.yandex.md; frame-src 'self' https://www.youtube.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://clients1.google.com https://apis.google.com https://www.gstatic.com www.google.com http://cse.google.com https://cse.google.com http://cdn.jsdelivr.net http://c.la1-c1-syd.salesforceliveagent.com http://d.la1-c1-syd.salesforceliveagent.com https://d.la1-c1-syd.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com http://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://cdn.mathjax.org http://cdn.mathjax.org https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com blob: https://api.mapbox.com https://c.la1-c1-syd.salesforceliveagent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com jspreadsheet.js; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://clients1.google.com https://apis.google.com https://www.gstatic.com www.google.com http://cse.google.com https://cse.google.com http://cdn.jsdelivr.net http://c.la1-c1-syd.salesforceliveagent.com http://d.la1-c1-syd.salesforceliveagent.com https://d.la1-c1-syd.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com http://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://cdn.mathjax.org http://cdn.mathjax.org https://js-agent.newrelic.com https://bam.nr-data.net https://www.googletagmanager.com https://www.google-analytics.com https://partner.googleadservices.com blob: https://api.mapbox.com https://c.la1-c1-syd.salesforceliveagent.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com jspreadsheet.js; style-src 'self' 'unsafe-inline' https://www.google.com http://cse.google.com https://cse.google.com https://www.googletagmanager.com https://api.mapbox.com https://unpkg.com jspreadsheet.css; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.abcb.gov.au/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' orc.widepoint.com; img-src 'self' www.googletagmanager.com https://www.google-analytics.com https://perf.hsforms.com s.w.org data:;style-src 'self' 'unsafe-inline'  fonts.googleapis.com;font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hubspotfeedback.com https://js.usemessages.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hsforms.net https://js-na1.hs-scripts.com https://forms.hsforms.com ; connect-src 'self' https://forms.hsforms.com https://www.google-analytics.com ; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://js.hsforms.net/ https://forms.hsforms.com/ ; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com  https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://www.googleanalytics.com https://openspeedtest.com https://www2.discoverflow.co https://www.discoverflow.co https://discoverflow.co https://analytics.discoverflow.co; form-action *; worker-src * blob:; 1
frame-ancestors 'self' kcm.org *.kcm.org govictory.com govictorystage.wpengine.com *.govictory.com emic.org *.emic.org skadev.wpengine.com *.superkidacademy.com inthevision.wpengine.com inthevisiondev.wpengine.com inthevisionstg.wpengine.com *.insidethevision.org *.terricopelandpearsons.com *.revivalradiotv.com 1
frame-ancestors 'self' https://storyblok.com https://*.storyblok.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.google.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net https://*.kampyle.com https://*.medallia.com http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.claromarketingtool.pe http://*.claro.com.pe http://claro.clientcampaigns.live https://*.google.com.mx https://*.google.com.pe https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://tags.bkrtx.com https://stags.bluekai.com https://*.google-analytics.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://digitasgt.com https://*.ads-twitter.com https://*.twitter.com https://t.co https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.claro.com.pe https://api-prod-hn.prod.clarodigital.net https://stackpath.bootstrapcdn.com https://*.clarity.ms https://*.jsdelivr.net https://claro.clientcampaigns.live https://claro-middleware-apigw-brjb7ubo.uk.gateway.dev https://claroperupoc.vteximg.com.br https://*.clarodigital.net https://*.googleoptimize.com https://*.tiktok.com https://*.ytimg.com https://*.bootstrapcdn.com https://*.cloudflare.com https://unpkg.com https://claromarketingtool.pe https://*.claromarketingtool.pe https://api-football-v1.p.rapidapi.com https://www.youtube-nocookie.com https://cdnjs.cloudflare.com https://claro.turnosaloha.com https://hablandoclaro.pe https://netdna.bootstrapcdn.com https://analytics.pangle-ads.com https://player.twitch.tv https://cdn.onesignal.com https://smartechlatam.online https://*.api-sports.io https://*.sorteosclaro.pe https://*.bing.com https://onesignal.com https://*.onesignal.com https://cdn.mxpnl.com https://live.rezync.com https://*.lightboxcdn.com https://*.boomtrain.com https://*.cloudfront.net https://cf.ignitionone.com https://api.zetaglobal.net https://netmng.com https://*.netmng.com https://*.mixpanel.com https://*.rfihub.com https://*.rfihub.net https://*.dev-limprod.com https://*.instana.io; media-src 'self' mediastream: blob: https://*.claro.com.pe; 1
default-src: https:; frame-ancestors 'self' store.acer.com X-Frame-Options: SAMEORIGIN 1
default-src 'self'; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net stackpath.bootstrapcdn.com; font-src 'self' cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com; style-src 'self' stackpath.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com www.google-analytics.com maxcdn.bootstrapcdn.com fonts.googleapis.com; script-src 'self' 'sha256-tTmYrnxe8LUqak82dY6RR0cpJ4pHDsKC6nBsQNaecqU=' code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net www.google-analytics.com *.google.com www.googletagmanager.com 'unsafe-eval' https://ajax.googleapis.com www.google-analytics.com *.google.com www.googletagmanager.com stats.g.doubleclick.net; connect-src 'self' www.google-analytics.com *.google.com *.sunshineonline.com.au dev.sunshineonline.com.au:5001; frame-src player.vimeo.com *.flipsnack.com; frame-ancestors 'none'; form-action 'self' library.sunshineonline.com.au 1
script-src 'self' 'nonce-9b9e0129bd7e40aeae31f4a7736fd3a8' www2.silkhorseclub.jp chat1-63b.chatdealer.jp www.google-analytics.com ssl.google-analytics.com; img-src 'self' blob: data: www2.silkhorseclub.jp null www.google-analytics.com ssl.google-analytics.com img.youtube.com i.ytimg.com *.prod.boltdns.net; connect-src 'self' www2.silkhorseclub.jp chat1-63b.chatdealer.jp www.google-analytics.com ssl.google-analytics.com; 1
frame-ancestors 'self' https://altibbi.com 1
frame-ancestors https://*.veygo.com https://*.preprod-veygo.com 1
default-src 'self' https://www.csi.edu/ ; connect-src 'self' https://25live.collegenet.com/ https://www.csi.edu/ https://csi-forms.formstack.com/ https://www.google-analytics.com/ https://iq2prod1.smartcatalogiq.com/ https://static.formstack.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://25live.collegenet.com/ https://ajax.googleapis.com/ https://csi.us19.list-manage.com/ https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js https://cdn.polyfill.io/v2/polyfill.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/ https://cdnjs.cloudflare.com/ajax/libs/jquery.matchHeight/ https://cdnjs.cloudflare.com/ajax/libs/lodash.js/ https://cdnjs.cloudflare.com/ajax/libs/moment-timezone/ https://cdnjs.cloudflare.com/ajax/libs/moment.js/ https://code.jquery.com/ https://cse.google.com/ https://csi-forms.formstack.com/ https://maxcdn.bootstrapcdn.com/ https://s.ytimg.com/yts/jsbin/www-widgetapi-vfllf5xrd/www-widgetapi.js https://s.ytimg.com/yts/jsbin/www-widgetapi-vflxda_co/www-widgetapi.js https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://stackpath.bootstrapcdn.com/bootstrap/ https://static.formstack.com/ https://use.fontawesome.com/ https://www.csi.edu/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleapis.com/ https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/iframe_api/ https://tag.simpli.fi/ https://i.simpli.fi/ https://iq2prod1.smartcatalogiq.com/ ; style-src 'self' 'unsafe-inline' https://cdn-images.mailchimp.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datepicker/ https://csi-forms.formstack.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://stackpath.bootstrapcdn.com/ https://static.formstack.com/ https://use.fontawesome.com/ https://www.csi.edu/ https://www.google.com/ ; img-src * data: 'self' https://www.gstatic.com/ ; font-src * data: 'self' https://bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://use.fontawesome.com/ https://www.csi.edu/ ; form-action 'self' https://bootstrapcdn.com/ https://csi-forms.formstack.com/forms/index.php https://maxcdn.bootstrapcdn.com/bootstrap/ https://use.fontawesome.com/ https://www.csi.edu/ ; frame-src 'self' https://25live.collegenet.com/ https://app.powerbi.com/ https://cse.google.com/ https://www.google.com/ https://www.gstatic.com/ https://jics.csi.edu/ https://my.matterport.com/ https://www.youtube.com/ https://csigis.maps.arcgis.com/ https://www.google.com/maps/ ; upgrade-insecure-requests 1
default-src 'self' www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.bugherd.com *.pusher.com;connect-src 'self' *.cognitoforms.com *.amazonaws.com  *.linkedin.com *.visualstudio.com stats.g.doubleclick.net *.google-analytics.com consentcdn.cookiebot.com *.pusher.com sessions.bugsnag.com; img-src 'self' data: *.linkedin.com *.cookiebot.com *.lfeeder.com www.gravatar.com www.googletagmanager.com umbraco.tv www.google-analytics.com fakeimg.pl dashboard.umbraco.com tracking.monsido.com d2iiunr5ws5ch1.cloudfront.net bugherd-attachments.s3.amazonaws.com *.bugherd.com;font-src 'self' *.cognitoforms.com fonts.googleapis.com data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.cognitoforms.com fonts.googleapis.com;form-action 'self' *.flutter.com *.ddlnk.net;frame-src 'self' vimeo.com player.vimeo.com ir.design-portfolio.co.uk *.q4web.com platform.twitter.com consentcdn.cookiebot.com;media-src 'self' player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://aacomcrm.azurewebsites.net *.googleapis.com *.gstatic.com unpkg.com *.google.com *.googletagmanager.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com *.fontawesome.com use.fontawesome.com *.jquery.com www.brainshark.com www.juicer.io *.aacom.org https://aacom.zoom.us https://www.votervoice.net https://matchbook.aacom.org https://assets.juicer.io *.equalweb.com *.cookiebot.com https://cdn.cookielaw.org *.doubleclick.net *.googleadservices.com; style-src 'self' 'unsafe-inline' https://aacomcrm.azurewebsites.net https://assets.juicer.io *.googleapis.com *.gstatic.com unpkg.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com *.fontawesome.com use.fontawesome.com www.juicer.io *.aacom.org https://aacom.zoom.us *.equalweb.com *.cookielaw.org; font-src 'self' static.juicer.io fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data:; img-src 'self' *.aacom.org https://aacom.azurewebsites.net *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com placeimg.com https://picsum.photos/ *.picsum.photos www.brainshark.com www.juicer.io vimeo.com *.locker2.com *.cookiebot.com *.doubleclick.net *.googleadservices.com *.google.com *.cookielaw.org; media-src 'self' data: blob: https://www.youtube.com https://aacom.zoom.us https://vimeo.com/ https://player.vimeo.com https://www.brainshark.com/; form-action 'self' https://www.votervoice.net; frame-src 'self' https://www.votervoice.net https://www.youtube.com https://www.google.com https://matchbook.aacom.org https://assets.juicer.io https://vimeo.com https://player.vimeo.com https://www.juicer.io https://www.brainshark.com/ *.cookiebot.com https://aacomcrm-client.azurewebsites.net/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ www.google.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com www.juicer.io *.aacom.org https://www.votervoice.net https://matchbook.aacom.org https://assets.juicer.io *.cookielaw.org; connect-src 'self' data: https://aacomcrm.azurewebsites.net https://altaiqaservices.azurewebsites.net *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.fontawesome.com https://www.votervoice.net https://matchbook.aacom.org https://assets.juicer.io https://research.aacom.org/ https://www.juicer.io/ *.equalweb.com https://cdn.cookielaw.org *.cookielaw.org; plugin-types 'self' https://www.votervoice.net https://matchbook.aacom.org https://assets.juicer.io; 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://*.datadoghq-browser-agent.com  https://*.hotjar.com https://*.livechatinc.com https://*.googleapis.com https://*.cloudflare.com https://*.googlesyndication.com https://*.hereapi.com https://*.phluant.com https://*.stackadapt.com https://*.neighborly.com https://*.qvdt3feo.com https://qvdt3feo.com https://*.cloudflareinsights.com https://*.google-analytics.com https://*.liadm.com https://*.adsrvr.org https://*.facebook.net https://*.btttag.com https://*.doubleclick.net https://*.mouseflow.com https://*.yimg.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.typekit.net https://*.neighborly.com https://*.hotjar.com/ https://*.stackadapt.com; object-src 'none'; connect-src https://*.hotjar.com wss://*.hotjar.com wss://*.hotjar.com/api/v2/client/ws https://*.nblyprod.com https://*.googleapis.com https://rum.browser-intake-datadoghq.com https://*.neighborly.com https://*.b2clogin.com https://api2-unifiedsyncplatform.dwyergroup.com https://*.amazonaws.com https://*.livechatinc.com https://*.broadly.com https://*.hotjar.io https://*.googlesyndication.com https://*.hereapi.com https://*.stackadapt.com https://*.google-analytics.com https://*.doubleclick.net https://*.liadm.com https://*.yimg.com; font-src https://*.typekit.net https://*.gstatic.com https://*.livechatinc.com https://*.neighborly.com; frame-src https://*.youtube.com https://*.livechatinc.com https://vars.hotjar.com/ https://*.hotjar.com https://*.doubleclick.net https://*.adsrvr.org 1
upgrade-insecure-requests; frame-ancestors 'self' https://app.storyblok.com 1
script-src *.cloudflare.com *.cookielaw.org *.segment.com *.ipify.org *.moatads.com *.sharethis.com *.platform-api.sharethis.com *.snapchat.com *.paypalobjects.com *.ajax.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.google.com *.crazyegg.com *.bigcommerce.com *.facebook.net *.googleapis.com *.jquery.com *.adsrvr.org *.braintreegateway.com *.youtube.com *.entrust.net *.pinimg.com *.ads-twitter.com *.twitter.com *.googleapis.com *.cloudfront.net *.privy.com *.amazonaws.com *.addrexx10.com *.mikmak.tv *.iesnare.com *.bazaarvoice.com *.dynatrace.com *.paypal.com *.pepperjam.com *.rpxnow.com *.lightboxcdn.com *.azurewebsites.net https://sc-static.net/scevent.min.js https://www.terracycle.com/en-US/sdk.js https://unpkg.com/aos@next/dist/aos.js https://js.agkn.com/prod/v0/tag.js https://aa.agkn.com/adscores/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/recaptcha/ https://cdn.polyfill.io/v3/polyfill.min.js https://b-code.liadm.com/a-05m5.min.js https://www.tp88trk.com/scripts/sdk/everflow.js https://www.paypalobjects.com/api/checkout.min.js https://cdn-stg.tapad.app/js/pandg-sdk.js https://pghub.io/js/pandg-sdk.js https://rpxnow.com/js/lib/arcsmile-us/engage.js 'self' 'unsafe-eval' 'unsafe-inline' 1
script-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com d1io3yog0oux5.cloudfront.net; font-src www.anuvu.com *.equisolve.net qmod.quotemedia.com www.google.com fonts.googleapis.com fonts.gstatic.com google-analytics.com www.google-analytics.com googletagmanager.com www.gstatic.com browser-update.org s3.amazonaws.com mailchimp.com documentcloud.adobe.com 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com d1io3yog0oux5.cloudfront.net 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.thestrad.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://meow.social; img-src 'self' data: blob: https://meow.social https://medias.meow.social; style-src 'self' https://meow.social 'nonce-MhsRRpGOPIKUBf+a8Q/4cA=='; media-src 'self' data: https://meow.social https://medias.meow.social; frame-src 'self' https:; manifest-src 'self' https://meow.social; form-action 'self'; child-src 'self' blob: https://meow.social; worker-src 'self' blob: https://meow.social; connect-src 'self' data: blob: https://meow.social https://medias.meow.social wss://meow.social; script-src 'self' https://meow.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.xcatalyst.com *.authorize.net 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors https: 'self' *.printrunner.com *.digitalroom.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com; 1
object-src; worker-src 'self' blob: *.cyres.fr ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.cyres.fr *.googletagmanager.com *.doubleclick.net *.googleadservices.com *.google-analytics.com *.youtube.com cdn-cookieyes.com code.createjs.com; frame-src 'self' *.youtube.com *.google.com;font-src 'self' https://www.cyres.fr https://cyres.fr https://fonts.gstatic.com data:; 1
default-src 'self' data: ;   connect-src 'self' https: wss: ;   font-src 'self' chrome-extension: data: https: ;   img-src 'self' data: blob: android-webview-video-poster: about: https: ;   frame-src 'self' https: ;   script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https: ;   script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https: ;   style-src 'self' 'unsafe-inline' https: ;   style-src-elem 'self' 'unsafe-inline' https: ;   style-src-attr 'self' 'unsafe-inline' https: ;   worker-src 'self' 'unsafe-inline' https: blob: ;   frame-ancestors 'self' https://*.magnews.it https://*.magnews.com;   upgrade-insecure-requests;   block-all-mixed-content;   report-uri https://cspr-it.mag-news.it/ 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com blob: data: *.googleapis.com *.jivo.ru *.jivosite.com *.google-analytics.com *.bitrix.info bitrix.info *.yandex.ru *.maps.yandex.net *.yamentrics.ru https://yastatic.net http://yastatic.net *.pscb.ru pscb.ru *.1c-bitrix.ru *.gstatic.com; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.jivo.ru *.jivo.com; frame-ancestors *.pscb.ru metrika.yandex.ru webvisor.com *.webvisor.com; connect-src wss://*.jivosite.com *.yandex.ru *.yametrcis.ru https://*.jivosite.com 'self' bitrix.info; frame-src 'self' https: 1
default-src 'self' https:; font-src 'self' https://cdnjs.cloudflare.com https://site-assets.fontawesome.com https://maxcdn.bootstrapcdn.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://fonts.gstatic.com https://ws.zoominfo.com https://www.googletagmanager.com https://navia.my.site.com https://connect.facebook.net https://mypopups.com https://*.naviabenefits.com https://www.youtube.com https://secure.gravatar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://bat.bing.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.google.com https://stats.g.doubleclick.net https://www.youtube-nocookie.com https://*.usaepay.com https://player.vimeo.com https://smartslider3.com 1
script-src 'self' 'unsafe-inline' connect.facebook.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.google.com *.upmenu.com static.cdn-upm.com cdn.upmenu.com unpkg.com www.gstatic.com 1
frame-ancestors https://*.wika.com/ 'self'; 1
default-src 'self' https://dmbqekwh0sti7.cloudfront.net/; base-uri 'self' https://d6tizftlrpuof.cloudfront.net/live/; object-src 'self' https://www.youtube-nocookie.com/ blob:; child-src 'self' https://*.aegon.nl/ https://aegon.24sessions.com/ https://d6tizftlrpuof.cloudfront.net/ https://platform.twitter.com/ https://syndication.twitter.com/ https://apis.google.com/ https://accounts.google.com/ https://optimize.google.com/ https://static.licdn.com/ https://www.youtube-nocookie.com/ https://funnels.aegon.nl/ https://player.quadia.net/ https://www.youtube.com/ https://www.googletagmanager.com/; img-src 'self' data: stats.g.doubleclick.net www.google-analytics.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://log.firedesk.nl/aegon/ https://ssl.gstatic.com/analytics-suite/header/suite/v2/ic_tag_manager.svg https://www.gstatic.com/images/icons/material/system/1x/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://www.google.nl/pagead/ https://d6tizftlrpuof.cloudfront.net/ https://static.licdn.com/ https://bat.bing.com/ https://www.google.com/pagead/ https://www.google.co.uk/pagead/ https://googleads.g.doubleclick.net/pagead/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://www.awin1.com/sread.img https://www.awin1.com/sread.php https://s3.amazonaws.com/glancecdn/ https://s3-eu-west-1.amazonaws.com/anl-ma-staticcontent/ https://s3-eu-west-1.amazonaws.com/anl-ma-static-content/ https://www.facebook.com/ https://stats.g.doubleclick.net/ https://prd.jwpltx.com/ https://rid.webtvframework.com/ https://ad.doubleclick.net/ https://adservice.google.com/ https://www.googleadservices.com/pagead/conversion/ https://optimize.google.com/ https://apmeum.aegon.com/ https://*.novusoft.nl/static/img/ https://www.google.com/ads/ https://www.google.nl/ads/ https://secure.adnxs.com/px https://secure.adnxs.com/seg https://assets.secumail.nl/img/aegon/ https://assets.secumail.nl/img/default/ https://storage.glancecdn.net/cobrowse/ https://content.solera.nl/isa-vfoto/autotelex https://www.nl.aegon.com/ https://*.gstatic.com https://www.google.com/images/cleardot.gif https://dev.visualwebsiteoptimizer.com blob:; frame-src 'self' https://optimize.google.com https://www.youtube.com https://particulier.aegon.nl https://*.aegon.nl/ https://d6tizftlrpuof.cloudfront.net/; frame-ancestors 'self'; font-src 'self' data: aeon-cdn-prod.axlops.nl.aegon.io https://*.aegon.nl/ https://*.nl.aegon.io/ https://*.openinsuranceplatform.ibm.com/ https://aegon.24sessions.com/ https://themes.googleusercontent.com/static/fonts/opensans/ https://d6tizftlrpuof.cloudfront.net/live/resources/fonts/ https://fonts.gstatic.com/ https://*.novusoft.nl/static/fonts/ https://*.novusoft.nl/static/css/fonts/ https://player.quadia.net/ https://storage.glancecdn.net/cobrowse/ https://d6tizftlrpuof.cloudfront.net/themes/production/nlaegon-aegon-2022-font-file-url-db64c51123ddff1174f975e859558a7c.woff https://optimize.google.com https://*.mopinion.com https://fonts.mopinion.com/; form-action 'self' https://*.intra.aegon.nl https://www.verzuimsignaal2.nl/pub/request_handler.php; manifest-src 'self' https://aeon-cdn-prod.axlops.nl.aegon.io/assets/latest/favicon/aegonnl/site.webmanifest; style-src 'unsafe-inline' 'self' aeon-cdn-prod.axlops.nl.aegon.io www.googletagmanager.com tagmanager.google.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://*.openinsuranceplatform.ibm.com/ https://aegon.24sessions.com/ https://styles.24sessions.com/ui-theme.css https://d6tizftlrpuof.cloudfront.net/ https://www.glancecdn.net/cobrowse/ https://s3.amazonaws.com/glancecdn/ https://tagmanager.google.com/debug/css.css https://fonts.googleapis.com/ https://optimize.google.com/ https://*.novusoft.nl/ https://player.quadia.net/ https://storage.glancecdn.net/cobrowse/ https://*.glancecdn.net/ https://fonts.mopinion.com/ cdn.jsdelivr.net https://aeon-cdn-prod.axlops.nl.aegon.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-elem 'unsafe-inline' 'self' aeon-cdn-prod.axlops.nl.aegon.io www.googletagmanager.com tagmanager.google.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://aegon-nonlife-api-flexfunnel.novusoft.nl/static/css/themes/wvtp.min.css https://d6tizftlrpuof.cloudfront.net/live/ https://d6tizftlrpuof.cloudfront.net/ https://fonts.googleapis.com https://optimize.google.com https://*.glancecdn.net/cobrowse/styles/Cobrowse_5.4.3.css https://*.glancecdn.net/cobrowse/customstyles/CustomSkin_19459_P.css https://translate.googleapis.com/translate_static/css/translateelement.css https://www.gstatic.com https://*.glancecdn.net/ https://fonts.mopinion.com/css cdn.jsdelivr.net https://aeon-cdn-prod.axlops.nl.aegon.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; worker-src 'self' blob:; script-src 'unsafe-inline' 'self' aeon-cdn-prod.axlops.nl.aegon.io stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com 'unsafe-eval' https://*.aegon.nl/ https://*.nl.aegon.io/ https://*.openinsuranceplatform.ibm.com/ https://eu-de.appid.cloud.ibm.com/ https://cdn.botframework.com/ https://aegon.24sessions.com/ https://s.ytimg.com/yts/jsbin/ https://ajax.aspnetcdn.com/ajax/jquery.validate/1.11.1/ https://glancecdn.net/cobrowse/ https://www.glancecdn.net/cobrowse/ https://s3.amazonaws.com/glancecdn/cobrowse/ https://code.highcharts.com/9.1.0/highcharts.js https://code.highcharts.com/9.1.0/highcharts-more.js https://code.highcharts.com/9.1.0/modules/accessibility.js https://cdn.appdynamics.com/ https://platform.linkedin.com/ https://platform.twitter.com/ https://www.youtube.com/s/player/ https://www.youtube.com/iframe_api https://tagmanager.google.com/ https://googleads.g.doubleclick.net/ https://apis.google.com/ https://maps.googleapis.com/ https://code.jquery.com/ https://connect.facebook.net/ https://d6tizftlrpuof.cloudfront.net/ https://*.google-analytics.com/ https://www.google-analytics.com https://optimize.google.com/ https://*.salesforceliveagent.com/ https://*.novusoft.nl/ https://az416426.vo.msecnd.net/scripts/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleoptimize.com/optimize.js https://player.quadia.net/ https://ssl.p.jwpcdn.com/player/ https://www.googleadservices.com/pagead/ https://portal.secumail.nl/v5/assets/js/ https://www.google.com/ads/ https://www.google.nl/ads/ https://www.google.com/js/bg/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://storage.glancecdn.net/cobrowse/ https://js-agent.newrelic.com/nr-rum-1.246.1.min.js https://js-agent.newrelic.com/nr-1216.min.js https://translate-pa.googleapis.com/v1/supportedLanguages https://*.glancecdn.net/ https://*.mopinion.com https://dev.visualwebsiteoptimizer.com/j.php https://dev.visualwebsiteoptimizer.com https://js-agent.newrelic.com https://portal.secumail.nl/v6/assets/js/portal-jquery.min.js data: cdn.jsdelivr.net cdnjs.cloudflare.com https://aeon-cdn-prod.axlops.nl.aegon.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com; script-src-elem 'unsafe-inline' 'self' aeon-cdn-prod.axlops.nl.aegon.io stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/debug/bootstrap https://*.google-analytics.com/ https://aegon-nonlife-api-flexfunnel.novusoft.nl/ https://code.jquery.com/ https://az416426.vo.msecnd.net/scripts/ https://portal.secumail.nl/v5/assets/js/ https://aegon.24sessions.com/ https://d6tizftlrpuof.cloudfront.net/ https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://code.highcharts.com/ https://js-agent.newrelic.com/nr-1215.min.js https://js-agent.newrelic.com/nr-rum-1.246.1.min.js https://bam.nr-data.net/1/NRJS-a680a937ef6e365bd3c https://cdn.botframework.com/botframework-webchat/4.13.0/webchat.js https://js-agent.newrelic.com/nr-1216.min.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/4012566.js https://glancecdn.net/cobrowse/ https://www.glancecdn.net/cobrowse/ https://s3.amazonaws.com/glancecdn/cobrowse/ https://storage.glancecdn.net/cobrowse/ https://optimize.google.com/ https://www.googleoptimize.com/optimize.js https://www.googleadservices.com/pagead/ https://cdn.botframework.com/botframework-webchat/4.13.0/webchat-minimal.js https://translate.google.com/translate_a/element.js https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.nl.vdhk0GhArrQ.O/d=1/exm=el_conf/ed=1/rs=AN8SPfosN9kI5IWqIj6K48tfhRK64wmPDA/m=el_main https://translate-pa.googleapis.com/v1/supportedLanguages https://js-agent.newrelic.com/* https://js-agent.newrelic.com/552.2d6a2503-1220.js https://js-agent.newrelic.com/290.2d6a2503-1220.js https://js-agent.newrelic.com/368.2d6a2503-1220.js https://js-agent.newrelic.com/768.2d6a2503-1220.js https://js-agent.newrelic.com/775.2d6a2503-1220.js https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_GB.I_n1hHNKRQg.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq1BaON9PeD_0qd-QgiiAO9yry5vg/m=el_main https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.en_US.tvzdIv5D-Fk.O/d=1/exm=el_conf/ed=1/rs=AN8SPfq0reXC1mmnnZ1UyCZOCXrnJUuBeA/m=el_main https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.nl.JTyN52BySEs.O/d=1/exm=el_conf/ed=1/rs=AN8SPfpzThVPOJaHoq9wj-dvUsLWTH3i5w/m=el_main https://translate.googleapis.com/_/translate_http/_/js/k=translate_http.tr.nl.eyrOBZP0LRM.O/am=Cg/d=1/exm=el_conf/ed=1/rs=AN8SPfoNTgPl7r65db7DhKqDHEC07ZqHpw/m=el_main https://translate.googleapis.com/_/translate_http/_/js/ https://*.glancecdn.net/ https://*.mopinion.com https://dev.visualwebsiteoptimizer.com/j.php https://dev.visualwebsiteoptimizer.com https://js-agent.newrelic.com https://googleads.g.doubleclick.net/ https://portal.secumail.nl/v6/assets/js/portal-jquery.min.js cdn.jsdelivr.net cdnjs.cloudflare.com https://aeon-cdn-prod.axlops.nl.aegon.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maps.googleapis.com; connect-src 'self' aeon-cdn-prod.axlops.nl.aegon.io stats.g.doubleclick.net www.google-analytics.com www.googletagmanager.com tagmanager.google.com https://*.aegon.nl/ https://*.nl.aegon.io/ https://*.openinsuranceplatform.ibm.com/ https://eu-de.appid.cloud.ibm.com/ https://*.aegon.com/ https://keeper.24sessions.com/api/v1/instance/timeslots/available/ https://directline.botframework.com/ wss://directline.botframework.com/ https://*.s3-accelerate.amazonaws.com/ https://s3.eu-west-1.amazonaws.com/secumail.cloud.processed/ https://*.google-analytics.com/ https://log.firedesk.nl/aegon/ https://bat.bing.com/actionp/ https://www.linkedin.com/analytics/ https://*.novusoft.nl/ https://dc.services.visualstudio.com/ https://*.glance.net/ wss://*.glance.net/ https://www.glancecdn.net/cobrowse/ https://s3.amazonaws.com/glancecdn/ https://www.googleapis.com/youtube/ https://fra-col.eum-appdynamics.com/ https://stats.g.doubleclick.net/ https://quadia.webtvframework.com/ https://api.secumail.nl/ https://storage.glancecdn.net/cobrowse/ https://maps.googleapis.com/ https://bam.nr-data.net/1/NRJS-a680a937ef6e365bd3c https://bam.nr-data.net/events/1/NRJS-a680a937ef6e365bd3c https://translate.googleapis.com/element/log https://translate.googleapis.com/translate_a/t https://cacheorcheck.mopinion.com/ https://survey.mopinion.com https://*.mopinion.com https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing blob:; report-to csp-endpoint; report-uri /beacon/deprecated/csp https://www.aegon.nl/report-uri/enforce; style-src-attr 'unsafe-inline'; script-src-attr 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' www.youtube.com https://*.cookielaw.org https://*.onetrust.com https://www.google-analytics.com https://cdn.matomo.cloud/pagopa.matomo.cloud https://pagopa.matomo.cloud https://recaptcha.net https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://*.sapsf.eu; style-src 'self' 'unsafe-inline' recaptcha.net; object-src 'none'; form-action 'self' https://*.sapsf.eu; font-src data: 'self'; connect-src 'self' https://pagopa.matomo.cloud https://*.cookielaw.org https://*.onetrust.com https://www.google-analytics.com https://api.io.italia.it *.google-analytics.com https://*.sapsf.eu; img-src data: 'self' *.cloudfront.net recaptcha.net https://*.sapsf.eu; frame-src https://www.google.com https://recaptcha.net https://www.youtube.com https://pagopa.applytojob.com https://*.sapsf.eu sapsf.eu 1
default-src 'none'; style-src 'self' 'unsafe-inline' *.googleapis.com;  style-src-elem  'self' 'unsafe-inline' *.googleapis.com; img-src 'self' 'unsafe-inline' *.qualtrics.com *.bing.com *.quantserve.com *.facebook.com *.google.com *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.w3.org *.lpsnmedia.net *.nycm.com data:; font-src 'self'  'unsafe-inline' *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.liveperson.net *.qualtrics.com *.googletagmanager.com *.lpsnmedia.net *.googleadservices.com *.bing.com *.google-analytics.com *.facebook.net https://cdn.callreports.com https://js.acq.io *.yimg.com *.quantserve.com *.lpsnmedia.net *.yahoo.com *.doubleclick.net *.quantcount.com *.liveperson.net *.googleapis.com *.google.com; script-src-elem 'self' 'unsafe-inline' *.liveperson.net *.qualtrics.com *.googletagmanager.com *.lpsnmedia.net *.googleadservices.com *.bing.com *.google-analytics.com *.facebook.net https://cdn.callreports.com https://js.acq.io *.yimg.com *.quantserve.com *.lpsnmedia.net *.yahoo.com *.doubleclick.net *.quantcount.com *.liveperson.net *.googleapis.com; frame-src *.lpsnmedia.net/ *.liveperson.net *.qualtrics.com *.doubleclick.net *.youtube.com; connect-src 'self' *.googleapis.com *.qualtrics.com  *.google-analytics.com *.yimg.com *.doubleclick.net *.bing.com *.liveperson.net wss://va.msg.liveperson.net; form-action 'self' *.nycm.com *.qualtrics.com; object-src 'self' *.youtube.com; media-src 'self' *.lpsnmedia.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://noc.social; img-src 'self' https: data: blob: https://noc.social; style-src 'self' https://noc.social 'nonce-mqeZ/gddbQVFdRNETBwSdg=='; media-src 'self' https: data: https://noc.social; frame-src 'self' https:; manifest-src 'self' https://noc.social; form-action 'self'; connect-src 'self' data: blob: https://noc.social https://noc.social wss://noc.social; script-src 'self' https://noc.social 'wasm-unsafe-eval'; child-src 'self' blob: https://noc.social; worker-src 'self' blob: https://noc.social 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://tools.ietf.org https://cdn.syndication.twimg.com https://www.ongcindia.com https://platform.twitter.com https://ongcindia.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com; 1
font-src mediacdn.espssl.com *.gstatic.com data: *.trustarc.com *.cloudflare.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline';form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline';frame-ancestors www.gstatic.com 'self';frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com www.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com optimize.google.com *.google.com *.oraclecloud.com *.xisecurenet.com vice01.drybar.com *.hotjar.com imgs.signifyd.com h.online-metrix.net services.sdiapi.com stats.g.doubleclick.net connect.facebook.net *.doubleclick.net *.trustarc.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com youtube.com www.youtube.com vimeo.com www.vimeo.com www.xtento.com *.paymetric.com *.pixlee.com *.pixlee.co *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline';img-src px.ads.linkedin.com *.amazon-adsystem.com assets.pixlee.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de optimize.google.com *.google-analytics.com imgs.signifyd.com *.trustarc.com bat.bing.com www.google.com *.trustarc.com *.online-metrix.net connect.facebook.net *.googletagmanager.com *.linkedin.com *.facebook.com px.ads.linkedin.com *.trustarc.com *.postcodeanywhere.co.uk *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com *.pinterest.com www.xtento.com cdn.xtento.com *.pxlecdn.com https://redchamps.com *.edgecastcdn.net *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline';script-src analytics.tiktok.com *.amazon-adsystem.com *.omtrdc.net static.cloudflareinsights.com *.yottaa.com assets.pixlee.com mpsnare.iesnare.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com polyfill.io *.googleapis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com optimize.google.com *.cobrowse.com *.googletagmanager.com *.google.com *.oraclecloud.com *.gstatic.com *.amazonaws.com *.cloudflare.com helen11130.pcapredict.com *.hotjar.com bat.bing.com cdn-scripts.signifyd.com imgs.signifyd.com *.trustarc.com vice-prod.sdiapi.com services.sdiapi.com bam.nr-data.net *.doubleclick.net *.google-analytics.com connect.facebook.net js-agent.newrelic.com *.rapidspike.com *.turnto.com *.postcodeanywhere.co.uk *.licdn.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com *.pinimg.com youtube.com www.youtube.com www.xtento.com cdn.xtento.com *.pixlee.com *.pxlecdn.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval';style-src mediacdn.espssl.com *.adobe.com cdn.dnky.co webchat.dotdigital.com optimize.google.com services.postcodeanywhere.co.uk fonts.googleapis.com tagmanager.google.com *.turnto.com *.cloudflare.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline';object-src 'self' 'unsafe-inline';media-src *.adobe.com 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline';connect-src px.ads.linkedin.com analytics.tiktok.com *.yottaa.net api.addressy.com cdn.linkedin.oribi.io *.linkedin.oribi.io dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.algolia.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com *.google-analytics.com *.oraclecloud.com *.doubleclick.net bam.nr-data.net services.postcodeanywhere.co.uk analytics.google.com imgs.signifyd.com vice-prod.sdiapi.com stats.g.doubleclick.net bat.bing.com *.rapidspike.com *.turnto.com *.signifyd.com bt.signifyd.com:11103 *.algolianet.com *.sdiapi.com *.facebook.com *.hotjar.com *.hotjar.io *.trustarc.com *.listrakbi.com *.listrak.com 142.0.93.34 *.pcapredict.com insights.algolia.io *.pinterest.com *.brilliantcollector.com *.pixlee.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline';child-src http: https: blob: 'self' 'unsafe-inline';default-src 'self' 'unsafe-inline' 'unsafe-eval';base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-8QcJA59Wf9sfzsabYkmhPQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
font-src *.augustinusbader.com 'unsafe-inline' data: static.formstack.com/forms/fonts *.klevu.com https://js.intercomcdn.com/fonts/ fonts.intercomcdn.com fast.wistia.com *.yotpo.com *.googleapis.com *.gstatic.com *.fontawesome.com common-fonts.abtasty.com augustinusbader.formstack.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.augustinusbader.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.secure22gw.ro *.yotpo.com * 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://3dsecure.slsp.sk https://www.rsa3dsauth.co.uk https://3dsec.cardcenter.ch https://api-iam.intercom.io https://paiement2.secure.lcl.fr https://safekey-2.americanexpress.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.augustinusbader.com platform.twitter.com *.wlp-acs.com/ *.paypal.com tst.kaptcha.com *.cardinalcommerce.com *.checkout.paypal.com *.fls.doubleclick.net/ https://ct.pinterest.com *.hotjar.com https://augustinusbader.attn.tv https://augustinusbader-au.attn.tv *.mention-me.com https://mention-me.com/ https://js.zenlocator.com https://augustinusbader-gb.attn.tv https://augustinusbader-us.attn.tv https://tpc.googlesyndication.com https://creatives.attn.tv c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com * widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.yotpo.com consentcdn.cookiebot.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com augustinusbader.sjv.io augustinusbader.pxf.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'unsafe-inline' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.augustinusbader.com *.facebook.net www.facebook.com *.webgains.io *.ometria.com *.coview.com *.stats.g.doubleclick.net/ *.paypal.com/ *.klarnacdn.net/ *.wistia.com/ js.klevu.com services.postcodeanywhere.co.uk https://shareasale.com/ https://bat.bing.com/action/ *.contentsquare.net *.intercomassets.com https://www.google.com/ads/ga-audiences https://www.google.com/pagead/ https://www.google.fr/ads/ga-audiences https://q.quora.com/_/ad/ https://ib.adnxs.com/pixie https://www.googletagmanager.com/ https://ct.pinterest.com https://log.pinterest.com https://track.sweetanalytics.com https://insight.adsrvr.org https://match.adsrvr.org *.google.co.uk *.google.com *.google.fr *.google.au *.google.co https://shipup-assets-prod.s3-eu-west-1.amazonaws.com https://a.omappapi.com https://bam.nr-data.net https://px.steelhousemedia.com https://beacon.krxd.net https://usermatch.krxd.net https://events.attentivemobile.com https://pixel.quantserve.com assets.braintreegateway.com downloads.intercomcdn.com js.intercomcdn.com https://s3-us-west-2.amazonaws.com/s.cdpn.io/346994/ https://static.afterpay.com https://site-assets.afterpay.com/ https://images.unsplash.com *.yotpo.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com c.paypal.com checkout.paypal.com *.paypal.com connect.facebook.net graph.facebook.com business.facebook.com www.google.ie https://www.google.co.in/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.be/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.it/ https://www.google.si/ https://www.google.at/ads/ga-audiences https://www.google.im/ads/ga-audiences https://www.google.com.sg/ads/ga-audiences https://www.google.com.cy/ads/ga-audiences https://www.google.sk/ads/ga-audiences https://www.google.hu/ads/ga-audienceS https://www.google.ro/ https://www.google.es/ads/ga-audience https://zenlocator-prod-assets.s3.amazonaws.com/ blob: shipup-assets-prod.s3.eu-west-1.amazonaws.com embedwistia-a.akamaihd.net www.google.ae www.google.com.au www.google.dk uploads.commoninja.com website-assets.commoninja.com editor-assets.abtasty.com media.augustinusbader.com imgsct.cookiebot.com teddytor.abtasty.com widgets-images.abtasty.com augustinusbader.sjv.io www.ojrq.net logs-01.loggly.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googletagmanager.com/ *.augustinusbader.com *.braintreegateway.com *.facebook.net www.facebook.com *.webgains.io *.twitter.com *.ometria.com *.coview.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.paypal.com songbirdstag.cardinalcommerce.com https://augustinusbader.formstack.com https://static.formstack.com/forms/js track.webgains.com https://w-it.m-t.io https://bam.nr-data.net *.klarnacdn.net/ *.wistia.com/ js.klevu.com ascre11111.pcapredict.com services.postcodeanywhere.co.uk https://consentcdn.cookiebot.com *.doubleclick.net/ *.pingdom.net/ *.opmnstr.com/ *.contentsquare.net/ *.nr-data.net/ *.intercom.io/ https://api.ipify.org/ https://a.omappapi.com/app/js/ https://js.intercomcdn.com/ https://www.googleoptimize.com/optimize.js https://d2hrivdxn8ekm8.cloudfront.net/tag-manager static.hotjar.com https://analytics.tiktok.com https://script.hotjar.com https://s.pinimg.com https://scripts.postie.com https://bat.bing.com https://px.mountain.com https://track.sweetanalytics.com https://tag.mention-me.com https://static.mention-me.com https://cdn.attn.tv https://cdn.shipup.co https://dx.mountain.com https://gs.mountain.com https://square.site https://sdk-static.loyaltylion.net https://sdk.loyaltylion.net *.quantcount.com *.quantserve.com https://d2hrivdxn8ekm8.cloudfront.net/ https://cdn.attn.tv/growth-tag-assets/client-configs/augustinusbader.attn.tv.js https://cdn.jsdelivr.net/jquery/latest/jquery.min.js https://cdn.jsdelivr.net/momentjs/latest/moment.min.js https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.min.js https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.yotpo.com consent.cookiebot.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com connect.facebook.net graph.facebook.com business.facebook.com https://tpc.googlesyndication.com/ https://res.cloudinary.com/dthskrjhy/video/upload/v1545324364/ASR/* js.zenlocator.com https://squareup.com/ insight.adsrvr.org js.adsrvr.org static.formstack.com www.ascendpartner.com cdn.commoninja.com www.google.com try.abtasty.com teddytor.abtasty.com app.contentsquare.com *.mountain.com utt.impactcdn.com ct.pinterest.com qa-assistant.abtasty.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.augustinusbader.com static.formstack.com/forms/css js.klevu.com services.postcodeanywhere.co.uk https://cdn.shipup.co https://a.omappapi.com https://sdk.loyaltylion.net https://acdn.adnxs.com assets.braintreegateway.com https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.yotpo.com *.googleapis.com *.fontawesome.com optimize.google.com/optimize/ cdn.commoninja.com ga-assistant.abtasty.com teddytor.abtasty.com common-fonts.abtasty.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.augustinusbader.com https://augustinusbader.com/ https://fast.wistia.com https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com https://pp-ab.com blob: https://embed-cloudfront.wistia.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.augustinusbader.com *.coview.com *.braintree-api.com *.execute-api.us-east-1.amazonaws.com *.braintreegateway.com *.cardinalcommerce.com api.webgains.io track.webgains.com https://bam.nr-data.net *.paypal.com/ *.klarnaevt.com/ *.wistia.com/ services.postcodeanywhere.co.uk *.contentsquare.net/ *.omappapi.com/ *.pingdom.net/ *.nr-data.net/ https://www.facebook.com/ *.intercom.io/ https://bat.bing.com/actionp/ https://www.google-analytics.com/ *.doubleclick.net wss://nexus-websocket-a.intercom.io/ https://uscs24.ksearchnet.com/ https://stats.ksearchnet.com/ *.hotjar.com https://analytics.tiktok.com https://ct.pinterest.com https://track.sweetanalytics.com https://events.attentivemobile.com https://t.getletterpress.com *.ometria.com https://api.shipup.co https://api.zenlocator.com https://augustinusbader.attn.tv https://augustinusbader-gb.attn.tv https://augustinusbader-au.attn.tv https://augustinusbader-us.attn.tv https://api.maptiler.com https://sdk.loyaltylion.net https://platform.loyaltylion.com *.mention-me.com https://mention-me.com/ https://fg8vvsvnieiv3ej16jby.litix.io/ https://consentcdn.cookiebot.com https://www.googleoptimize.com/optimize.js https://d1lu3pmaz2ilpx.cloudfront.net https://pixel.quantcount.com https://www.google.fr/ads/ga-audiences wss://ws6.hotjar.com/api/v2/ *.cloudfront.net https://pp-ab.com https://api.addressy.com https://aa.agkn.com/adscores/ https://analytics.tiktok.com/api/v2/ wss://*.hotjar.com/api/v2/client/ws https://embedwistia-a.akamaihd.net/ https://braintree-sample-merchant.herokuapp.com/client_token https://region1.google-analytics.com/ static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com https://api.addressy.com/Capture/Interactive/Find/v1.10/json3.ws *.yotpo.com consentcdn.cookiebot.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.ksearchnet.com https://18.210.229.244/ https://3.212.39.155/ https://44.212.189.233/ https://52.22.50.55/ https://52.71.121.170/ https://54.156.2.105/ insight.adsrvr.org www.google.co.uk www.commoninja.com cdn.commoninja.com content.hotjar.io *.analytics.google.com metrics.hotjar.io www.google.com ariane.abtasty.com dcinfos-cache.abtasty.com widgets.abtasty.com try.abtasty.com api-data-connector.abtasty.com vc.hotjar.io 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.google-analytics.com portal.afterpay.com pagead2.googlesyndication.com api2.abtasty.com augustinusbader.sjv.io augustinusbader.pxf.io api-assets-manager.abtasty.com widgets-images.abtasty.com augustinusbader.formstack.com 'self' 'unsafe-inline'; child-src https://augustinusbader.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://27e0e6696e4dace4c468033f9a2cf9de.report-uri.com/r/d/csp/enforce; report-to report-endpoint; 1
frame-ancestors https://*.greatergiving.com https://*.ggo.bid https://marchofdimeslive.org 1
default-src 'self' https://dpm.demdex.net *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.fontawesome.com *.doubleclick.net *.castlighthealth.com *.mapbox.com https://*.google-analytics.com *.foresee.com cdc.112.2o7.net https://*.googletagmanager.com; child-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.google.com https://cdc.demdex.net blob:; object-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov; img-src 'self' https://dpm.demdex.net/ https://cm.everesttech.net/ *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov cdc.112.2o7.net *.google-analytics.com *.gstatic.com  https://*.googletagmanager.com data:; style-src 'self' *.cdc.gov vaccines.gov vacunas.gov *.mapbox.com *.fontawesome.com 'unsafe-inline'; script-src 'self' *.cdc.gov vaccines.gov www.vaccines.gov vacunas.gov www.vacunas.gov *.castlighthealth.com *.google-analytics.com *.adobe.com *.gstatic.com  *.googletagmanager.com *.google.com *.fontawesome.com 'unsafe-inline' 'unsafe-eval'; worker-src blob:; frame-ancestors *.cdc.gov 1
frame-ancestors 'self' *.110.com 1
frame-ancestors secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; frame-src analytics.clickdimensions.com *.doubleclick.net *.dynamics.com secure.livechatinc.com www.youtube.com www.google.com widget.clym-sdk.net 'self'; 1
frame-ancestors 'self' diffbot.com *.diffbot.com; 1
frame-ancestors 'self' http://buga23.magenta-magenta.de/; 1
frame-ancestors *.umay.club *.mycollege.kz *.codo.kz *.hrplus.kz *.nis.edu.kz *.edu.kz 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.azureedge.us *.msecnd.net *.google-analytics.com translate.google.com https://stage-api.govdelivery.com/api/add_script_subscription https://api.govdelivery.com/api/add_script_subscription https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org public.govdelivery.com https://www.googletagmanager.com https://*.hotjar.com https://cdn.sajari.com/ https://siteimproveanalytics.com/ https://*.qualtrics.com translate-pa.googleapis.com *.googleapis.com  https://cdn.insight.sitefinity.com/ 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.azureedge.us https://dec.azureedge.net https://cdn.insight.sitefinity.com 'unsafe-inline' web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com data: blob: *.azureedge.us *.google.com *.google-analytics.com https://*.insight.sitefinity.com *.blob.core.usgovcloudapi.net *.eloqua.com track.hubspot.com https://i.ytimg.com/ https://*.siteimproveanalytics.io/ re.sajari.com  https://*.qualtrics.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.azureedge.us; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://w.soundcloud.com/ https://webapps.ridemetro.org/ https://metro-houston.maps.arcgis.com/ https://*.qualtrics.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.visualstudio.com https://translate.googleapis.com *.mktoresp.com *.google-analytics.com localhost:9000 ws://localhost:9000 public.govdelivery.com https://stage-api.govdelivery.com/api/add_script_subscription https://api.govdelivery.com/api/add_script_subscription https://stats.g.doubleclick.net https://*.hotjar.com/ jsonapi-us-valkyrie.sajari.net https://*.qualtrics.com https://translate-pa.googleapis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com public.govdelivery.com https://m.youtube.com/ https://stage-api.govdelivery.com/api/add_script_subscription https://api.govdelivery.com/api/add_script_subscription https://www.google.com/ https://*.hotjar.com https://webapps.ridemetro.org/ 'self' web-chat.nativechat.com 1
frame-ancestors 'self' https://immowelt.de https://immonet.de https://www.immowelt.de https://www.immonet.de https://www.dev.immonet.de/customer/lichtblick/ https://dev.immowelt.de/customer/lichtblick/; 1
default-src 'none';child-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://youtube.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com wss://*.salesforce-sites.com data: blob:;connect-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://col.eum-appdynamics.com https://*.google-analytics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpsrv-vh.akamaihd.net https://vc.hotjar.io https://stats.g.doubleclick.net https://*.vimeo.com https://*.vimeocdn.com https://*.facebook.com https://*.facebook.net https://*.licdn.com https://*.linkedin.com https://*.linkedin.oribi.io https://*.adsymptotic.com https://*.formstack.com https://*.kore.ai wss://*.kore.ai https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.salesforce.com https://*.force.com wss://*.salesforce-sites.com https://analytics.google.com https://apis.google.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://code.jquery.com https://maxcdn.bootstrapcdn.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.doubleclick.net https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdn.appdynamics.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpltx.com https://*.mailchimp.com https://*.linkedin.com https://*.linkedin.oribi.io https://chimpstatic.com https://*.mailchimp.com https://*.vimeo.com https://*.vimeocdn.com https://*.licdn.com https://*.adsymptotic.com https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://analytics.google.com https://apis.google.com;img-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.google-analytics.com https://www.google.com https://*.gstatic.com https://*.adnxs.com https://placehold.it https://*.hotjar.com https://*.hotjar.io http://via.placeholder.com https://col.eum-appdynamics.com https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://jwpltx.com https://*.mailchimp.com https://*.doubleclick.net https://*.linkedin.com https://*.linkedin.oribi.io https://openbadges.blob.core.windows.net https://*.vimeo.com https://*.vimeocdn.com https://*.adsymptotic.com https://*.facebook.com https://*.facebook.net https://*.formstack.com https://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://analytics.google.com;media-src 'self' blob: data:;style-src 'self' 'unsafe-inline' https://*.andanet.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.andameds.com https://*.googleapis.com https://*.gstatic.com https://tagmanager.google.com https://maxcdn.bootstrapcdn.com https://*.mailchimp.com https://*.formstack.com https://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com https://*.apis.google.com;font-src 'self' data: https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.mailchimp.com;frame-src 'self' https://*.andanet.com https://*.andameds.com https://*.andanet.com:8443 https://*.andameds.com:8443 https://*.cybersource.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://content.jwplatform.com https://*.jwpcdn.com https://*.jwpsrv.com https://col.eum-appdynamics.com https://*.mailchimp.com https://*.doubleclick.net https://*.vimeo.com https://*.vimeocdn.com https://anda.formstack.com https://*.kore.ai wss://*.kore.ai https://*.force.com https://*.salesforce.com https://*.salesforce-sites.com https://*.salesforceliveagent.com 1
frame-ancestors https://*.remymartin.com 1
frame-ancestors 'self' www.snowandrock.com  ; 1
frame-ancestors 'self' https://*.gosocket.net http://*.gosocket.net; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com https://gemeente-haarlem.vmwareidentity.eu blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com api.scribit.pro *.siteimprove.com *.haarlem.nl *.openstreetmap.org; font-src 'self' data: *.googleusercontent.com *.haarlem.nl; frame-src 'self' *.youtube.com https://gemeente-haarlem.vmwareidentity.eu https://kaart.haarlem.nl https://open.spotify.com https://api.soundcloud.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl i.ytimg.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.haarlem.nl *.openstreetmap.org; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js *.haarlem.nl 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-hashes' *.haarlem.nl 'unsafe-inline'; base-uri 'self'; frame-ancestors 'self' https://zandvoort.nl 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net/en_US/fbevents.js comparison.go2jump.org/aff_goal bat.bing.com analytics.tiktok.com kleber.datatoolscloud.net.au *.salesforceliveagent.com *.lpsnmedia.net *.liveperson.net *.liveperson.com *.liveengage.net *.liveengage.com *.liveper.sn m.addthisedge.com/live/boost/ra-56b04b9ad015369f/_ate.track.config_resp ad.atdmt.com zn4zp87nbhe8rrjf7-hcf.siteintercept.qualtrics.com dnn506yrbagrg.cloudfront.net 4378726.fls.doubleclick.net 6612282.fls.doubleclick.net platform.twitter.com  cdn.sajari.net cdn.sajari.com analytics.twitter.com hcf.sc.omtrdc.net hcf.tt.omtrdc.net cdn.tt.omtrdc.net *.google.com *.googleapis.com google-maps-utility-library-v3.googlecode.com *.googlesyndication.com *.facebook.com *.facebook.net rules.quantcount.com *.quantserve.com *.ads-twitter.com s.ytimg.com www.youtube.com *.addthis.com ebm.cheetahmail.com *.doubleclick.net rum-static.pingdom.net script.crazyegg.com www.googleadservices.com www.googletagservices.com www.googletagmanager.com dpm.demdex.net hcf.demdex.net ssl.google-analytics.com  www.google-analytics.com ajax.googleapis.com assets.adobedtm.com www.gstatic.com s3.amazonaws.com/trk.cetrk.com https://dnn506yrbagrg.cloudfront.net/pages/scripts/0031/6386.js?407832 https://platform.twitter.com/oct.js *.qualtrics.com cdn.appdynamics.com www.everestjs.net c.amazon-adsystem.com pixel.mathtag.com http://dtwebsite2.datatoolscloud.net.au; object-src 'self' https:; style-src 'unsafe-inline' 'self' https:; img-src 'self' data: https: http://s7d2.scene7.com; media-src 'self' https:; frame-src https:; font-src 'self' data: fonts.gstatic.com https://cloud.typography.com global.oktacdn.com; connect-src https: http://dispatcher1.test63.aem.hcf.com.au http://s7d2.scene7.com http://dtwebsite2.datatoolscloud.net.au wss://syd-eeva.faceme.com wss://sy.msg.liveperson.net wss://api.au.uneeq.io 1
frame-src 'self' https://www.google.com https://player.vimeo.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com ; img-src 'self' https://ambank.amonline.com.my data: blob: ; font-src 'self' data: ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com ;object-src 'none'; frame-ancestors 'none'; 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://cdn.cynthia.dev; font-src 'self'; connect-src 'self'; form-action 'self'; base-uri 'none'; child-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.spellsmell.ru cdn.spellsmell.ru https://vk.com vk.com *.spellsmell.ru direct.yandex.ru https://direct.yandex.ru *.google.ru awaps.yandex.ruhttps://awaps.yandex.ru https://*.ytimg.com https://*.doubleclick.net https://*.google.com https://api-maps.yandex.ru api-maps.yandex.ru maps.yandex.ru *.talk-me.ru *.me-talk.ru https://connect.ok.ru https://www.instagram.com https://www.googletagmanager.com https://www.googleoptimize.com *.mail.ru *.tiktok.com yastatic.net https://cdn.rollbar.com https://www.google-analytics.com https://mc.yandex.ru https://yandex.st yandex.st https://*.yandex.net *.yandex.net *.yandex.ru webvisor.com; child-src  data:  blob:  https://cdn.spellsmell.ru https://vk.com vk.com *.spellsmell.ru *.google.ru *.youtube.com youtube.com https://*.google.com https://api-maps.yandex.ru api-maps.yandex.ru maps.yandex.ru https://connect.ok.ru webvisor.com https://www.tiktok.com https://www.instagram.com; 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com gala.acsevents.org main.acsevents.org relay.acsevents.org; report-uri https://secure.acsevents.org/site/XFrameViolation 1
default-src 'self'; frame-ancestors 'self'; child-src 'self'; frame-src 'self' https://e.issuu.com https://configurator.soolutions.jibe.cloud https://www.greenchoice.adviesopmaat-milieucentraal.nl/ https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://greenchoice1.expoints.nl; upgrade-insecure-requests ; style-src 'unsafe-inline' 'self' https://fast.fonts.net https://cdn.duurzaam.greenchoice.nl https://cdn.greenchoice.nl https://greenchoice.exponea.com https://cdn-greenchoice.exponea.com https://www.googletagmanager.com https://fonts.googleapis.com/ https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl https://cdn.expoints.nl; script-src 'unsafe-eval' 'self' https://cdn.duurzaam.greenchoice.nl https://api.ipify.org https://cdn.greenchoice.nl https://tracking.greenchoice.nl https://api.exponea.com https://greenchoice.exponea.com https://cdn-greenchoice.exponea.com https://api-greenchoice.exponea.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.googleanalytics.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googleadservices.com https://bat.bing.com https://googleads.g.doubleclick.net https://*.clarity.ms https://chat.omnidesk.io https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl 'nonce-wlIuQdrTOurlYXlLgeqFAYShoc67XjPkzDAmJMrz1LmRION1' https://chat.greenchoice.nl https://www.gstatic.com; img-src 'self' data: https://www.greenchoice.nl/ https://cdn.duurzaam.greenchoice.nl https://cdn.greenchoice.nl https://cdn-greenchoice.exponea.com https://ds.greenchoice.nl media.greenchoice.nl https://*.google-analytics.com https://*.analytics.google.com https://track.hubspot.com https://bat.bing.com https://www.google.com https://www.google.nl https://c.clarity.ms https://c.bing.com https://googleads.g.doubleclick.net https://fonts.gstatic.com/ https://www.googletagmanager.com https://www.gstatic.com https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl https://chat.greenchoice.nl; media-src 'self' https://chat.greenchoice.nl; font-src 'self' https://cdn.duurzaam.greenchoice.nl https://cdn.greenchoice.nl https://fonts.gstatic.com https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl https://cdn.expoints.nl; connect-src 'self' https://cdn.duurzaam.greenchoice.nl https://api.ipify.org https://tracking.greenchoice.nl https://api-greenchoice.exponea.com https://greenchoice.exponea.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://api.hubapi.com https://js.hs-banner.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.clarity.ms https://web.telemetric.dk https://insight.bellmetric.net https://greenchoice1.expoints.nl https://chat.greenchoice.nl https://greenchoice-greenchoice.digitalcx.com wss://chat.greenchoice.nl; 1
upgrade-insecure-requests;default-src 'self' play.vidyard.com;img-src 'self' https://* data: cm.g.doubleclick.net;media-src 'self' play.vidyard.com fresnel.vimeocdn.com *.vimeo.com *.youtube.com youtu.be;script-src 'self' 'unsafe-inline'  js.usemessages.com tag.demandbase.com api.hubspot.com js.usemessages.com *.googleadservices.com *.doubleclick.net www.gstatic.com  play.vidyard.com player.vimeo.com fonolo.bamboohr.com www.googletagmanager.com www.google-analytics.com www.google.com *.hubspot.com *.hsforms.net *.hsforms.com js.hscta.net js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com px.ads.linkedin.com snap.licdn.com api.hubapi.com platform.twitter.com snid.snitcher.com connect.facebook.net *.hotjar.com;style-src 'self' 'unsafe-inline' fonolo.bamboohr.com fonts.googleapis.com *.googletagmanager.com;font-src 'self' data: p.adsymptotic.com www.google.ca track.hubspot.com fonts.gstatic.com;frame-src 'self'  *.hs-sites.com *.google.com *.company-target.com *.slidesharecdn.com *.slideshare.net *.hotjar.com play.vidyard.com *.youtube.com *.vimeo.com *.hsforms.com *.hubspot.com *.facebook.com td.doubleclick.net bid.g.doubleclick.net;child-src 'self' *.youtube.com *.vimeo.com;frame-ancestors 'self' *.hubspot.com *.youtube.com *.vimeo.com;connect-src 'self'  analytics.google.com tag-logger.demandbase.com *.demandbase.com *.company-target.com cdn.linkedin.oribi.io fonolo.bamboohr.com *.facebook.com *.amazonaws.com  *.hubspot.com api.hubapi.com *.hsforms.com *.snitcher.com stats.g.doubleclick.net  *.hotjar.com *.google-analytics.com *.linkedin.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com webrtc.github.io *.zendesk.com static.zdassets.com c.na50.visual.force.com; report-uri ?OPTION=CSPREPORT 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com pro.ip-api.com sentry.io stats.g.doubleclick.net vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org data: static-cdn.ammunitiontogo.com themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.userway.org *.zopim.io data: pubads.g.doubleclick.net static-cdn.ammunitiontogo.com stats.g.doubleclick.net; manifest-src static-cdn.ammunitiontogo.com www.ammunitiontogo.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: browser.sentry-cdn.com cdn.ravenjs.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 static-cdn.ammunitiontogo.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org static-cdn.ammunitiontogo.com 1
base-uri 'self'; default-src 'self'; script-src 'self' cdn.polyfill.io www.google-analytics.com stats.g.doubleclick.net analytics.google.com 'unsafe-inline' www.googletagmanager.com; style-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; font-src 'self' data:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net analytics.google.com isell.svcapps.eogresources.com; img-src 'self' data: www.google-analytics.com analytics.google.com www.googletagmanager.com; frame-ancestors 'none'; 1
default-src 'self' * 'unsafe-inline'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com www.google.com www.youtube.com cdn.cookielaw.org www.youtube-nocookie.com snap.licdn.com connect.facebook.net b2b.intrum.com b2b.intrum.fi b2b.intrum.dk track.adform.net googleads.g.doubleclick.net pi.pardot.com www.gstatic.com *.intrum.com *.hotjar.com *.inzynk.io; font-src 'self' 'unsafe-inline' fonts.gstatic.com; object-src 'none'; img-src * 'self' data: 1
default-src 'self' http://localhost:8100 http://localhost/ http://localhost:4200 http://localhost:8100 *.hollandbakery.co.id *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.chimpstatic.com *.g.doubleclick.net https://stats.g.doubleclick.net/j *.tawk.to *.amazonaws.com ; script-src 'self' *.hollandbakery.co.id *.google.com *.gstatic.com *.googleapis.com *.g.doubleclick.net https://stats.g.doubleclick.net/j *.google-analytics.com *.tawk.to *.datatables.net *.jquery.com *.jsdelivr.net *.bootstrapcdn.com *.googletagmanager.com *.cloudflare.com *.tawk.to *.chimpstatic.com *.facebook.net data: https://hollandbakery.co.id 'unsafe-inline' 'unsafe-eval' ; style-src  data: https://hollandbakery.co.id 'unsafe-inline' 'unsafe-eval' *.datatables.net *.cloudflare.com *.gstatic.com *.hollandbakery.co.id *.googleapis.com *.g.doubleclick.net https://stats.g.doubleclick.net/j *.bootstrapcdn.com *.tawk.to *.jsdelivr.net ; font-src 'self' *.hollandbakery.co.id *.gstatic.com *.tawk.to *.bootstrapcdn.com *.chimpstatic.com *.facebook.com *.amazonaws.com ; img-src 'self' *.cloudinary.com *.cloudfront.net http://localhost/ http://localhost:8100 http://localhost:4200 *.hollandbakery.co.id *.graph.facebook.com *.googletagmanager.com *.google.com *.gstatic.com *.link *.googleusercontent.com *.facebook.com *.facebook.net *.google-analytics.com *.googleapis.com *.amazonaws.com *.g.doubleclick.net https://stats.g.doubleclick.net/j http://s3.amazonaws.com/37assets/svn/765-default-avatar.png *.tokopedia.net data: maps.gstatic.com *.ggpht *.g.doubleclick.net https://stats.g.doubleclick.net/j *.tawk.to *.jsdelivr.net; worker-src 'self' *.hollandbakery.co.id ; media-src 'self' http://localhost:4200 http://localhost:8100 http://localhost/ http://localhost:8100 *.hollandbakery.co.id *.google-analytics.com *.g.doubleclick.net; manifest-src 'self' *.hollandbakery.co.id *.google-analytics.com *.g.doubleclick.net https://stats.g.doubleclick.net/j; frame-src 'self' *.hollandbakery.co.id *.google.com *.facebook.net *.facebook.com *.youtube.com; connect-src 'self' *.hbes.co.id:* *.google-analytics.com *.googleapis.com *.hollandbakery.co.id *.embed.tawk.to *.tawk.to *.to wss: https://vsb36.tawk.to/* *.g.doubleclick.net; base-uri 'self' *.hollandbakery.co.id ; object-src 'none'; report-uri https://www.hollandbakery.co.id; 1
default-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' maps.googleapis.com *.hotjar.com static.hotjar.com script.hotjar.com consent.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com googletagmanager.com player.vimeo.com/api/player.js www.youtube.com s3.amazonaws.com clarksons.us16.list-manage.com platform-api.sharethis.com buttons-config.sharethis.com t.sharethis.com;style-src 'report-sample' 'unsafe-inline' 'self' fonts.googleapis.com cdn-images.mailchimp.com *.hotjar.com;object-src 'none'; base-uri 'self';connect-src 'self' maps.googleapis.com our.umbraco.com in.hotjar.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.com/api/v2/client/ws content.hotjar.io consentcdn.cookiebot.com *.google-analytics.com google-analytics.com *.analytics.google.com analytics.google.com l.sharethis.com bcp.crwdcntrl.net stats.g.doubleclick.net;font-src 'self' fonts.gstatic.com *.hotjar.com;frame-src 'unsafe-inline' 'unsafe-eval' 'self' tools.eurolandir.com gosf.clarksons.com marketplace.umbraco.com tools.euroland.com gamma.euroland.com youtube.com www.youtube.com player.vimeo.com vimeo.com *.vimeo.com vars.hotjar.com consentcdn.cookiebot.com go.pardot.com t.sharethis.com;img-src 'self' 'unsafe-inline' 'unsafe-eval' data: i.vimeocdn.com our.umbraco.com imgsct.cookiebot.com dashboard.umbraco.com *.hotjar.com maps.googleapis.com maps.gstatic.com platform-cdn.sharethis.com l.sharethis.com google.rs imgsct.cookiebot.com sync.sharethis.com;media-src 'self';frame-ancestors 'self' *.clarksons.com; 1
frame-ancestors http://*.so-gov.cn http://www.quanzhou.gov.cn https://www.quanzhou.gov.cn/ http://www.fjqz.gov.cn http://quanzhou.gov.cn http://fjqz.gov.cn http://aisp.quanzhou.gov.cn/ http://test.fjdz.com.cn:39099 1
frame-ancestors 'self' hubspot.com youtube.com 1
default-src 'self' https://*.abtasty.com https://*.zwitserleven.nl;script-src 'self' 'nonce-83fwmXlVCD1D96nxhSjrr8wJ' 'strict-dynamic' https: blob: https://*.abtasty.com https://*.adform.net https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://*.usefirefly.com https://*.zwitserleven.nl https://az416426.vo.msecnd.net https://bat.bing.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dl.episerver.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.contentpagina.nl https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.youtube.com;object-src 'none';style-src 'self' 'nonce-ti1LeS0W1Iz1K0Ynis5F8lUK' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://*.pega.com https://*.usefirefly.com https://*.zwitserleven.nl https://dl.episerver.net https://tagmanager.google.com https://www.contentpagina.nl/viv/ https://www.googletagmanager.com;img-src 'self' data: https://*.abtasty.com https://*.amazonaws.com https://*.cloudfront.net https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://*.zwitserleven.nl https://5827026.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://bat.bing.com https://connect.facebook.net https://dl.episerver.net https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://i.ytimg.com https://maps.gstatic.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://ssl.gstatic.com https://stats.g.doubleclick.net https://www.facebook.com https://www.linkedin.com/px/ https://www.google.nl https://www.google.com https://www.gstatic.com;media-src 'self' blob: https://storage.googleapis.com https://*.zwitserleven.nl;frame-src 'self' blob: https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://*.usefirefly.com https://*.zwitserleven.nl https://5827026.fls.doubleclick.net https://bid.g.doubleclick.net https://consentcdn.cookiebot.com https://clone-chatbot.zwitserleven.local https://ct.pinterest.com https://googleads.g.doubleclick.net https://qa-assistant.abtasty.com https://sdk.companywebcast.com https://td.doubleclick.net https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com;font-src 'self' data: https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.zwitserleven.nl;connect-src 'self' https://*.abtasty.com https://*.analytics.google.com https://*.azurewebsites.net https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com:* https://*.hotjar.io https://*.pega.com https://*.usefirefly.com https://*.zwitserleven.nl https://ad.doubleclick.net https://adservice.google.com https://api-js.mixpanel.com https://api.storyteq.com https://az416426.vo.msecnd.net https://bat.bing.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://ct.pinterest.com https://dc.services.visualstudio.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://o132438.ingest.sentry.io https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.contentpagina.nl/viv/ https://www.facebook.com/tr/ https://www.google.com wss://*.hotjar.com wss://chatbot.zwitserleven.nl wss://eu.usefirefly.com wss://euuat.usefirefly.com;frame-ancestors 'self' https://www.zwitserleven.nl https://*.zwitserleven.nl;manifest-src 'self' https://*.zwitserleven.nl;worker-src 'self' blob: https://*.zwitserleven.nl 1
script-src 'self' ssl.google-analytics.com www.pagespeed-mod.com www.googleadservices.com cdnjs.cloudflare.com unpkg.com code.jquery.com dmogdx0jrul3u.cloudfront.net ws.zoominfo.com ws-assets.zoominfo.com static.opentok.com cdn.finsweet.com assets.website-files.com js.stripe.com js.hsforms.net d3e54v103j8qbb.cloudfront.net ajax.googleapis.com connect.facebook.net dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com cdn.calibermind.com js.hs-scripts.com bat.bing.com snap.licdn.com googleads.g.doubleclick.net www.googleoptimize.com cdn.popupsmart.com cdn.usefathom.com cdn-cookieyes.com px.airpr.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net finsweet-cmslib-scripter.s3.us-east-2.amazonaws.com assets-global.website-files.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com j.6sc.co px.ads.linkedin.com vidassets.terminus.services www.facebook.com 'unsafe-inline' 'unsafe-eval' 'report-sample'; object-src asset.mavenclinic.com asset.mvnctl.net asset.qa1.mvnapp.net asset.qa2.mvnapp.net asset.staging.mvnapp.net; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub98c828d344e4e597329d4c9c232ee109&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.pharmacyregulation.org http://www.reciteme.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.unpkg.com uat-assets.pharmacyregulation.org https://*.googletagmanager.com https://*.google-analytics.com https://cc.cdn.civiccomputing.com https://svc.webspellchecker.net js-agent.newrelic.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/@popperjs/core@2.11.6/dist/umd/popper.js https://unpkg.com/tippy.js@6.3.7/dist/tippy.umd.js https://www.googletagmanager.com https://cc.cdn.civiccomputing.com/9/cookieControl-9.x.min.js https://cdn.jsdelivr.net/gh/RobinHerbots/Inputmask@5.0.8/dist/jquery.inputmask.min.js https://api.reciteme.com/asset/js https://cdn.jsdelivr.net/npm/toastify-js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/mode/yaml/yaml.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/codemirror.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/addon/display/placeholder.js https://cdnjs.cloudflare.com/ajax/libs/codemirror/5.65.12/addon/runmode/runmode.js https://cdn.jsdelivr.net/gh/cferdinandi/tabby@12.0.3/dist/js/tabby.min.js https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.min.js https://*.facebook.com https://*.facebook.net https://www.pagespeed-mod.com/v1/taas https://*.google-analytics.com; object-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' data: https://*.pharmacyregulation.org http://*.reciteme.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.unpkg.com uat-assets.pharmacyregulation.org https://*.googletagmanager.com https://*.google-analytics.com https://cc.cdn.civiccomputing.com https://svc.webspellchecker.net js-agent.newrelic.com https://*.googleapis.com http://maxcdn.bootstrapcdn.com https://unpkg.com/tippy.js@6.3.7/dist/tippy.css; img-src 'self' data: *.s3.eu-west-2.amazonaws.com https://*.pharmacyregulation.org https://cdn.jsdelivr.net http://www.reciteme.com https://api.reciteme.com https://www.youtube.com https://*.google-analytics.com https://*.googletagmanager.com d3mhed0dfgjnch.cloudfront.net https://fonts.gstatic.com; media-src  'self' data: *.s3.eu-west-2.amazonaws.com http://www.reciteme.com https://www.youtube.com; form-action  'self'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com; frame-ancestors  'self'; child-src  'self'; font-src 'self' data: https://*.pharmacyregulation.org https://maps.googleapis.com maxcdn.bootstrapcdn.com https://maps.gstatic.com http://www.reciteme.com https://api.reciteme.com https://svc.webspellchecker.net https://fonts.gstatic.com; connect-src  'self' http://www.reciteme.com https://stats.reciteme.com https://api.reciteme.com https://*.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://cc.cdn.civiccomputing.com https://apikeys.civiccomputing.com https://svc.webspellchecker.net https://bam.eu01.nr-data.net https://clapi.civiccomputing.com https://o15468.ingest.sentry.io/api/4505318583435264/envelope/; base-uri self; report-uri /report-csp-violation 1
script-src 'self' https://checkout.stripe.com https://kit.fontawesome.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://maxcdn.bootstrapcdn.com; font-src data: https://*.fontawesome.com https://maxcdn.bootstrapcdn.com; object-src 'self'; child-src 'self' https://checkout.stripe.com; connect-src 'self' https://checkout.stripe.com https://*.fontawesome.com 1
frame-ancestors http://krankenpflege-journal.site/ https://static.esanum.de https://cmeassist.academy2.de https://mailings.esanum.de 'self' krankenpflege-journal.site www.krankenpflege-journal.site https://krankenpflege-journal.site; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://analytics.rubensteintech.com https://kit.fontawesome.com https://siteimproveanalytics.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://use.typekit.net https://p.typekit.net https://cloud.typography.com/ ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://analytics.rubensteintech.com https://ka-f.fontawesome.com ; font-src 'self' data: https://fonts.gstatic.com https://ka-f.fontawesome.com https://use.typekit.net ; img-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com data: blob: https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://*.global.siteimproveanalytics.io https://steptoe.vuturevx.com/ ; frame-src 'self' mailto: https://mail.google.com/ https://cdn.yoshki.com blob: https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.podbean.com https://app.powerbi.com https://email.steptoecommunications.com https://emails.steptoecommunications.com ; worker-src 'self' blob: ; media-src 'self' data: https://vimeo.com https://www.youtube.com ; frame-ancestors 'self' ; object-src 'self' ; 1
default-src 'self'; script-src https://cdn01.basis.net https://www.mabeindex.com https://www.googletagmanager.com https://storage.googleapis.com https://media.flixfacts.com https://prod.flixgvid.flix360.io https://media.flixcar.com https://www.google.com https://www.gstatic.com https://seal.godaddy.com https://cdn.wishpond.net https://venred.s3.amazonaws.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://s3.amazonaws.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://ssl.google-analytics.com  https://connect.facebook.net https://cdn.ckeditor.com https://maps.googleapis.com; img-src 'self' data: https://pixel.sitescout.com https://googleads.g.doubleclick.net https://media.flixcar.com https://rt.flix360.com https://cx.atdmt.com https://seal.godaddy.com https://shield.sitelock.com https://www.facebook.com https://www.google.com https://www.google.com.sv https://www.google-analytics.com https://buketomnisportpweb.s3.us-east-2.amazonaws.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://cdn.ckeditor.com  https://maps.gstatic.com https://maps.googleapis.com ; style-src 'self' 'unsafe-inline' https://media.flixcar.com https://fonts.googleapis.com https://cdn.ckeditor.com; font-src 'self' https://media.flixfacts.com https://media.flixcar.com fonts.gstatic.com data:; frame-src https://pixel.sitescout.com https://www.mabeindex.com https://www.youtube.com https://media.flixcar.com https://front-notrack.indexado.production.pmbox.cloud https://www.google.com https://undefined https://venred.s3.amazonaws.com/samsung/homeshop/templates/omnisport/index.html https://www.facebook.com https://s-static.ak.facebook.com https://bid.g.doubleclick.net https://syndication-sola.com; object-src 'none'; connect-src 'self' https://google.com https://www.google.com.sv https://analytics.google.com https://api.repositorio.production.alquimio.cloud https://media.flixcar.com https://www.facebook.com https://www.google-analytics.com www.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net; media-src 'self' https://buketomnisportpweb.s3.us-east-2.amazonaws.com 1
default-src *.acscan.org *.fightcancer.org 'unsafe-inline'; script-src *.acscan.org *.fightcancer.org platform.twitter.com cdn.cookielaw.org cdn.fundraiseup.com www.googleoptimize.com www.google.com www.gstatic.com www.googletagmanager.com c.shpg.org static.fundraiseup.com static.tagboard.com *.addthis.com js.adsrvr.org *.addthisedge.com cdn.everwall.com z.moatads.com script.crazyegg.com connect.facebook.net www.google-analytics.com static.ads-twitter.com cdn.addpipe.com ajax.googleapis.com static.addtoany.com static.everyaction.com cdnjs.cloudflare.com js-agent.newrelic.com 'unsafe-inline' 'unsafe-eval'; style-src *.acscan.org *.fightcancer.org maxcdn.bootstrapcdn.com use.typekit.net p.typekit.net cdn.addpipe.com static.tagboard.com cdn.everwall.com script.crazyegg.com fonts.googleapis.com 'unsafe-inline'; img-src cdn.cookielaw.org script.crazyegg.com data: *; media-src *.youtube.com *.addpipe.com 'self'; frame-src *.canva.com script.crazyegg.com *.addthis.com *.youtube.com www.google.com insight.adsrvr.org cdn.everwall.com act.fightcancer.org 4635225.fls.doubleclick.net td.doubleclick.net *.doubleclick.net insight.adsrvr.org match.adsrvr.org www.facebook.com static.contextall.com platform.twitter.com static.addtoany.com register.vote.org absentee.vote.org verify.vote.org 'self'; child-src 'self' blob:; font-src *.acscan.org *.fightcancer.org fonts.gstatic.com themes.googleusercontent.com maxcdn.bootstrapcdn.com use.typekit.net cdn.everwall.com; connect-src *.acscan.org *.fightcancer.org *.crazyegg.com *.google-analytics.com translate.googleapis.com cdn.cookielaw.org fndrsp.net api.fundraiseup.com sentry.fundraiseup.com geolocation.onetrust.com privacyportal.onetrust.com m.addthis.com stats.g.doubleclick.net www.facebook.com stats.addtoany.com *.addpipe.com wss://*.addpipe.com; report-uri /report-csp-violation 1
frame-ancestors 'self' api.sheetmusicdirect.com *.arrangeme.com arrangeme.com 1
default-src 'self' 'unsafe-inline'; connect-src *; frame-src *; img-src *; media-src *; object-src *; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' staging.mmoculture.com now.gg 1
default-src 'self'; script-src 'self' https://matomo.uniklinik-ulm.de/piwik.js *.usercentrics.eu https://www.youtube.com d3dc1lgancj6l0.cloudfront.net https://ausschreibungen.landbw.de 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' data: https://matomo.uniklinik-ulm.de *.usercentrics.eu; frame-src 'self' https://www.betterplace-widget.org https://www.swr.de/ https://www.google.com d3dc1lgancj6l0.cloudfront.net www.youtube-nocookie.com www.youtube.com; img-src 'self' data: www.uniklinik-ulm.de *.usercentrics.eu i.ytimg.com; manifest-src 'self'; media-src 'self' d3dc1lgancj6l0.cloudfront.net; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' *.website-files.com *.bam-x.com *.narrativ.com *.planethowl.com *.braze.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.facebook.com *.facebook.net *.hotjar.com *.klaviyo.com *.segment.com *.segment.io *.webflow.com webflow.com d3e54v103j8qbb.cloudfront.net js.appboycdn.com wss://*.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/jquery-nice-select/ *.googleapis.com *.hubspot.com *.hs-scripts.com *.google.pl unpkg.com weblocks.io *.jsdelivr.net *.hsforms.com *.hsforms.net *.hscollectedforms.net js.hs-analytics.net js.hs-banner.com i.vimeocdn.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/ vimeo.com *.vimeo.com cdn.embedly.com vimeocdn.com *.vimeocdn.com *.gstatic.com; font-src 'self' data: *.webflow.com fonts.gstatic.com; object-src 'none'; style-src 'unsafe-inline' https:; base-uri 'self'; form-action 'self' webto.salesforce.com forms.hsforms.com; frame-ancestors 'none'; upgrade-insecure-requests; frame-src 'self' data: vimeo.com cdn.embedly.com *.vimeo.com vimeocdn.com *.vimeocdn.com www.google.com forms.hsforms.com *.website-files.com; img-src http: https: data:; 1
default-src v8.seco.tools 'self' 'unsafe-inline' 'unsafe-eval' data: test-secotools.service.signalr.net rc-secotools.service.signalr.net test-secotools.azurewebsites.net staging-secotools.azurewebsites.net swow-secotools.azurewebsites.net swow-rc-secotools.azurewebsites.net rc-secotools.azurewebsites.net demo-secotools.azurewebsites.net usercontent.azureedge.net prod-usercontent.azureedge.net dev-usercontent.azureedge.net test-usercontent.azureedge.net secotools.azureedge.net prod-secotools.azureedge.net demo-secotools.azureedge.net rc-secotools.azureedge.net swow-rc-secotools.azureedge.net swow-secotools.azureedge.net staging-secotools.azureedge.net test-secotools.azureedge.net dev-secotools.azureedge.net secoresources.azureedge.net common-secoresources.azureedge.net *.secotools.com www.secotools.com seco.tools *.google.com www.google-analytics.com *.google-analytics.com *.g.doubleclick.net www.googleadservices.com www.sitester.com *.ipapercms.dk *.ytimg.com *.youtube.com *.qq.com *.qpic.cn *.jotformeu.com *.jotform.me w.usabilla.com *.googletagmanager.com *.facebook.com www.facebook.com connect.facebook.net www.linkedin.com *.linkedin.com snap.licdn.com d6tizftlrpuof.cloudfront.net p.adsymptotic.com cdn.cookielaw.org www.home.sandvik manufacturingtransformation.io media-api.flockler.com api.flockler.com s3.amazonaws.com gallery.secotools.data-room.de rsms.me talenthub-storage.s3.eu-central-1.amazonaws.com *.talenthub.io sf-asset-manager.s3.amazonaws.com cdn.linkedin.oribi.io googleads.g.doubleclick.net bizzabo.com fonts.bunny.net toolassemblerservices-assets.tdm-cloud.com toolassemblerservices-assets-stg.tdm-cloud.com toolassemblerservices-assets-dvp.tdm-cloud.com www.google.ad www.google.ae www.google.al www.google.am www.google.as www.google.at www.google.az www.google.ba www.google.be www.google.bf www.google.bg www.google.bi www.google.bj www.google.bs www.google.bt www.google.by www.google.ca www.google.cat www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.cl www.google.cm www.google.cn www.google.co.ao www.google.co.bw www.google.co.ck www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr www.google.co.ls www.google.co.ma www.google.co.mz www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.co.zm www.google.co.zw www.google.com www.google.com.af www.google.com.ag www.google.com.ai www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bn www.google.com.bo www.google.com.br www.google.com.bz www.google.com.co www.google.com.cu www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.et www.google.com.fj www.google.com.gh www.google.com.gi www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.ly www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.ni www.google.com.np www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.py www.google.com.qa www.google.com.sa www.google.com.sb www.google.com.sg www.google.com.sl www.google.com.sv www.google.com.tj www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.com.vc www.google.com.vn www.google.cv www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.dz www.google.ee www.google.es www.google.fi www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.gl www.google.gm www.google.gr www.google.gy www.google.hn www.google.hr www.google.ht www.google.hu www.google.ie www.google.im www.google.iq www.google.is www.google.it www.google.je www.google.jo www.google.kg www.google.ki www.google.kz www.google.la www.google.li www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.mn www.google.ms www.google.mu www.google.mv www.google.mw www.google.ne www.google.nl www.google.no www.google.nr www.google.nu www.google.pl www.google.pn www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.rw www.google.sc www.google.se www.google.sh www.google.si www.google.sk www.google.sm www.google.sn www.google.so www.google.sr www.google.st www.google.td www.google.tg www.google.tl www.google.tm www.google.tn www.google.to www.google.tt www.google.vg www.google.vu www.google.ws; font-src 'self' swow-secotools.azurewebsites.net swow-rc-secotools.azurewebsites.net demo-secotools.azurewebsites.net secotools.azureedge.net prod-secotools.azureedge.net demo-secotools.azureedge.net rc-secotools.azureedge.net swow-rc-secotools.azureedge.net swow-secotools.azureedge.net test-secotools.azureedge.net staging-secotools.azureedge.net dev-secotools.azureedge.net fonts.gstatic.com d6tizftlrpuof.cloudfront.net fonts.bunny.net rsms.me cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' secure.secotools.com securetest.secotools.com emails.secotools.com swow-secotools.azurewebsites.net swow-rc-secotools.azurewebsites.net demo-secotools.azurewebsites.net secotools.azureedge.net prod-secotools.azureedge.net demo-secotools.azureedge.net rc-secotools.azureedge.net swow-rc-secotools.azureedge.net swow-secotools.azureedge.net test-secotools.azureedge.net staging-secotools.azureedge.net dev-secotools.azureedge.net https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net snap.licdn.com connect.facebook.net w.usabilla.com api.usabilla.com cdn.cookielaw.org https://talenthub.io https://s3.eu-central-1.amazonaws.com www.googletagmanager.com *.talenthub.io s3.eu-central-1.amazonaws.com info.secotools.com snap.licdn.com d6tizftlrpuof.cloudfront.net; script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; frame-src https://secure.secotools.com https://securetest.secotools.com *.secotools.com https://secolocator.com www.secolocator.com form.jotform.com form.jotformeu.com ipaper.ipapercms.dk www.youtube.com www.facebook.com d6tizftlrpuof.cloudfront.net step.manufacturingtransformation.io accounts.bizzabo.com forms.office.com v.qq.com test-usercontent.azureedge.net prod-usercontent.azureedge.net; connect-src https: wss://test-secotools.service.signalr.net wss://rc-secotools.service.signalr.net wss://prod-secotools.service.signalr.net; report-uri /core/api/Monitoring/SaveCSPReport 1
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://www.cv.lv https://cv.lv; 1
base-uri 'self'; font-src 'self' https: data: *.gstatic.com; form-action 'self' wellingtonnz.formstack.com *.facebook.com; frame-ancestors 'self' *.wellingtonnz-uat.com *.wellingtonnz.com; img-src 'self' data: blob: *.analytics.google.com *.cdninstagram.com *.cloudfront.net *.doubleclick.net *.facebook.com *.google-analytics.com *.google.co.nz *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.monsido.com *.siteimproveanalytics.io *.ytimg.com api.mapbox.com shielded.co.nz staticcdn.co.nz twemoji.maxcdn.com wellingtonnz.bynder.com; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline' *.google.com *.googleapis.com *.zencdn.net; script-src 'self' https: data: blob: 'unsafe-eval' 'unsafe-inline' *.analytics.google.com *.facebook.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.jquery.com *.monsido.com *.vimeo.com *.youtube.com *.zencdn.net browser-update.org code.highcharts.com siteimproveanalytics.com staticcdn.co.nz; upgrade-insecure-requests; connect-src 'self' https: wss: *.analytics.google.com *.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.monsido.com *.windows.net *.wellingtonnz.com; frame-src 'self' *.doubleclick.net *.dwcdn.net *.google.com *.infogram.com *.metservice.com *.monsido.com *.spotify.com *.vimeo.com *.youtube.com configurator.takina.co.nz configurator.wcec.co.nz goo.gl nzhistory.govt.nz omny.fm radian.mintdesign.co.nz radianstaging.mintdemo.co.nz staticcdn.co.nz viewer.mapme.com wellingtonnz.formstack.com *.facebook.com; manifest-src 'self'; media-src 'self' *.cdninstagram.com maori-dictionary-media.s3.amazonaws.com storage.googleapis.com; 1
frame-ancestors 'self' https://clientpoint.net https://*.clientpoint.net; 1
frame-ancestors 'self'; default-src 'self'  'unsafe-eval' 'unsafe-inline' http://cdn.appdynamics.com http://sin-col.eum-appdynamics.com  sin-col.eum-appdynamics.com cdn.appdynamics.com *.tt.omtrdc.net idealanalyticsapi.dbs.com maps.gstatic.com *.googleapis.com *.ggpht.com v1.addthisedge.com v1.addthis.com http://track.zmails.co.in http://tracking.zmails.org http://tracking.affiliatehub.co.in ads.instabid.tech match.adsrvr.org http://www.outbrain.com adgebra.co.in ad.admitad.com http://tracking.trubiz.in smxindia.in pixel.tapad.com http://www.media-server.com https://safe1.dbswiso.prd https://safe2.dbswiso.prd chatbanking.dbs.com directline.com directline.botframework.com qmslivechat.dbs.com wss://qmslivechat.dbs.com wss://chatbanking.dbs.com wss://directline.botframework.com tpt.mysocialpixel.com js.adsrvr.org *.fls.doubleclick.net www.googletagmanager.com tagmanager.google.com  www.google-analytics.com analytics.google.com  maps.googleapis.com  maps.gstatic.com  fonts.gstatic.com  ds-aksb-a.akamaihd.net  tags.crwdcntrl.net  googleads.g.doubleclick.net  secure-ds.serving-sys.com  px.ads.linkedin.com  bs.serving-sys.com  www.googleadservices.com  fonts.googleapis.com  sjs.bizographics.com  bcp.crwdcntrl.net  connect.facebook.net  www.google.com  www.google.com.sg  stats.g.doubleclick.net  cdnjs.cloudflare.com  s.go-mpulse.net  c.go-mpulse.net  www.gstatic.com  dbs.112.2o7.net  dbs.demdex.net  www.youtube.com  www.facebook.com  chart.googleapis.com  maxcdn.bootstrapcdn.com  somniture.dbs.com.sg  www.dbs.com  code.jquery.com  bid.g.doubleclick.net  www.dbs.com.sg  assets.adobedtm.com  m.addthis.com  s7.addthis.com  graph.facebook.com  api-public.addthis.com  m.addthisedge.com  www.linkedin.com  www.dbs.com  *.akstat.io  sp.analytics.yahoo.com  cdn.taboola.com  snap.licdn.com  amplify.outbrain.com  http://www.dbs.com  dbs.mc.eu1.kontiki.com trc.taboola.com tr.outbrain.com amplifypixel.outbrain.com login.eu1.kontiki.com www.outbrain.com lx.eu1.kontiki.com sts.dbs.com secure.adnxs.com ade.clmbtech.com insight.adsrvr.org wifi.roamm.com secure.adnxs.com thinkresult.go2cloud.org ade.clmbtech.com dpm.demdex.net dbs.sc.omtrdc.net data:; 1
default-src 'self' https://ssl.google-analytics.com/ https://www.google.com/analytics/ https://marketingplatform.google.com/about/analytics/ https://counter.yadro.ru/; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/; img-src 'self' https://mc.yandex.ru/clmap/ https://www.reklama-online.ru/ https://r-o.ru/ https://mc.yandex.ru/webvisor/15606835 https://s.r-o.ru/ data: https://*.userapi.com https://top-fwz1.mail.ru/tracker https://core-renderer-tiles.maps.yandex.net/ https://web.icq.com/whitepages/online https://status.icq.com/ https://api-maps.yandex.ru/ https://top-fwz1.mail.ru/counter https://counter.yadro.ru/hit https://ssl.google-analytics.com/ https://code-ya.jivosite.com/images/ https://code.jivo.ru/images/ https://mc.yandex.ru/metrika/ https://www.sostav.ru/images/ https://adindex.ru/ https://vk.com/emoji/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/iconify/ https://suggest-maps.yandex.ru/suggest-geo https://mc.yandex.ru/watch/ https://widget.flamp.ru/loader.js https://api.iconify.design/ https://code.iconify.design/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net/tiles https://api-maps.yandex.ru/ https://mc.yandex.ru/metrika/tag.js https://top-fwz1.mail.ru/js/code.js https://ssl.google-analytics.com/ga.js https://code-ya.jivosite.com/ https://code.jivo.ru/; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://code-ya.jivosite.com/css/ https://code.jivo.ru/; connect-src 'self' https://api.simplesvg.com/ https://ssl.google-analytics.com/ https://api.iconify.design/ https://api.unisvg.com/ wss://*.jivo.ru/ https://*.jivo.ru/ wss://*.jivosite.com/cometcn https://mc.yandex.ru/ https://mc.yandex.md/ https://top-fwz1.mail.ru/counter https://top-fwz1.mail.ru/tracker https://*.jivosite.com; media-src https://code-ya.jivosite.com/sounds/ https://code.jivo.ru/sounds/; frame-src https://yandex.ru/ https://www.youtube.com/ https://widget.flamp.ru/ https://api-maps.yandex.ru/ 1
frame-ancestors 'self' 'reborns.com' 'bearpile.com'; 1
frame-ancestors 'self' *.mathworks.com feedads.baidu.com *.mwcloudtest.com mathworks--uat.sandbox.my.site.com mathworks--dev2.sandbox.my.site.com mathworks--dev1.sandbox.my.site.com mathworks--test3.sandbox.my.site.com mathworks--mangesha.sandbox.my.site.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com *.tiktok.com sc-static.net *.sc-static.net *.licdn.com *.facebook.net *.snapchat.com https://analytics.tiktok.com https://sc-static.net https://snap.licdn.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://privacyportal.cookiepro.com https://cookie-cdn.cookiepro.com https://journeyplanner.transportforireland.ie https://maps.googleapis.com *.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com *.linkedin.oribi.io *.tiktok.com *.linkedin.oribi.io *.tiktok.com *.snapchat.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://journeyplanner-production.transportforireland.ie https://wavregisterprod.nationaltransport.ie https://wavregisterpreprod.nationaltransport.ie https://complimentscomplaintsprod.nationaltransport.ie https://complimentscomplaintspreprod.nationaltransport.ie https://publicregisterprod.nationaltransport.ie https://publicregisterpreprod.nationaltransport.ie https://publicregister.nationaltransport.ie https://wavregister.nationaltransport.ie https://complimentscomplaints.nationaltransport.ie https://journeyplanner.transportforireland.ie https://www.google.com https://www.journeyplanner.transportforireland.ie https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com *.snapchat.com; img-src 'self' data: https://ps.w.org https://www.googletagmanager.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com https://www.google-analytics.com *.linkedin.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.google-analytics.com *.googletagmanager.com google-analytics.com *.googleadservices.com *.doubleclick.net bat.bing.com *.hotjar.com disqus.com *.disqus.com www.googleadservices.com vars.hotjar.com *.google.com www.googleoptimize.com *.auth0.com secure.gravatar.com s.yimg.com sp.analytics.yahoo.com secure-cdn.mplxtms.com maps.googleapis.com www.gstatic.com js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net cdn.jsdelivr.net ajax.googleapis.com *.adroll.com *.adroll.mgr.consensu.org *.dca0.com tags.srv.stackadapt.com js.hubspot.com js.hs-scripts.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net www.youtube.com *.fullstory.com cdn.heapanalytics.com www.mczbf.com; frame-src 'self' *.upack.com *.youtube.com *.hotjar.com *.facebook.com disqus.com *.disqus.com *.doubleclick.net *.auth0.com *.google.com www.googleoptimize.com js.hsadspixel.net; report-uri /report-csp-violation 1
default-src https: 'unsafe-eval' 'unsafe-inline' http://dev.localhost:* ws://dev.localhost:* https://static.zdassets.com https://ekr.zdassets.com https://idevices.zendesk.com wss://idevices.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io; object-src 'none'; img-src 'self' data: https://*.ssl.cf2.rackcdn.com https://*.idevicesinc.com https://idevicesinc.com https://ct.pinterest.com https://s.amazon-adsystem.com; script-src 'unsafe-eval' https: https://static.zdassets.com https://code.jquery.com https://ekr.zdassets.com https://idevices.zendesk.com wss://idevices.zendesk.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io; script-src-elem 'unsafe-eval' 'unsafe-inline' https://code.jquery.com https://googleads.g.doubleclick.net https://*.ssl.cf2.rackcdn.com https://7e51131b8feb57ad5cd6-77b81384e612c61eca9f2d0f6cf883ae.ssl.cf2.rackcdn.com https://s.amazon-adsystem.com http://assets.zendesk.com https://static.hotjar.com https://www.google.com http://www.googleadservices.com http://www.googlecommerce.com https://apis.google.com https://script.hotjar.com https://s.pinimg.com http://www.google-analytics.com https://cdn.jsdelivr.net http://www.googletagmanager.com https://idevicesinc.com; style-src 'self'; https://idevicesinc.com; font-src 'self' https://fast.fonts.net https://idevicesinc.com; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com/ https://fast.fonts.net https://idevicesinc.com; 1
connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/g/; 1
default-src 'self' http://*.vtechda.com https://*.vtechda.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://*.vtechda.com https://*.vtechda.com data:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src *; img-src * 'self' http: https: data:; frame-src *; style-src 'self' 'unsafe-inline'; font-src 'self'; base-uri 'self'; form-action 'self' *.hsforms.com; object-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https:; frame-ancestors 'self' www.youtube.com www.econsumeraffairs.com; img-src 'self' data: https: http://*.trustarc.com https://fonts.gstatic.com https://www.google.com https://www.googletagmanager.com https://directus.pcaskin-dtc.colpal.cloud/ https://*.shopify.com https://*.automat-ai.com https://static.ordergroove.com https://shopify.privy.com https://d18eg7dreypte5.cloudfront.net https://*.afterpay.com; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' *.trustarc.com; upgrade-insecure-requests 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' stackpath.bootstrapcdn.com cdnjs.cloudflare.com cse.expertrec.com www.google-analytics.com adservice.google.com www.google.com partner.googleadservices.com pagead2.googlesyndication.com tpc.googlesyndication.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.youtube.com cdn.plyr.io cdn.jsdelivr.net adservice.google.co.uk fundingchoicesmessages.google.com cdn.scaleflex.it 1
frame-ancestors 'self' https://www.youtube.com/ https://indegene123-my.sharepoint.com/ https://resource.indegene.com https://resources.indegene.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ssl.google-analytics.com googletagmanager.com tagmanager.google.com; connect-src * 'unsafe-inline' www.google-analytics.com; img-src * 'unsafe-inline' www.google-analytics.com googletagmanager.com ssl.gstatic.com www.gstatic.com data: blob:; frame-src *; style-src * 'unsafe-inline'; font-src * fonts.gstatic.com data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.alkemmarketplace.in; object-src https://api.alkemmarketplace.in; img-src 'self' blob: data: https://api.alkemmarketplace.in https://apptestadmin.blob.core.windows.net; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; worker-src blob: https://api.alkemmarketplace.in; 1
img-src * data:; font-src * data:; connect-src *; form-action *; default-src 'self'; object-src *; media-src *; child-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * blob: 'unsafe-inline'; 1
default-src 'self' https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; frame-ancestors 'none'; img-src * blob: data:; style-src 'self' 'unsafe-inline'; 1
img-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com http://*.aeplcdn.com https://*.google.com https://*.google.co.in https://lh5.ggpht.com https://*.carwale.com http://*.carwale.com https://*.autobiz.in/bhrigu/pixel.gif https://*.lead2retail.in/bhrigu/pixel.gif data:;script-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://script.crazyegg.com https://dialer.cwsystem.in https://emergeapp6.ameyoemerge.in:8443 https://*.google.com/jsapi https://*.firebaseio.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://*.autobiz.in https://autobiz.in https://*.aeplcdn.com http://*.aeplcdn.com https://*.google.com/ads https://*.google.co.in/ads https://fonts.googleapis.com https://*.bootstrapcdn.com https://*.gstatic.com https://emergeapp6.ameyoemerge.in:8443 https://dialer.cwsystem.in https://code.jquery.com 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' https://*.autobiz.in https://*.lead2retail.in https://autobiz.in https://lead2retail.in;frame-src 'self' https://ops.autobiz.in https://*.lead2retail.in https://dialer.cwsystem.in https://agent1.cloudagent.in https://in-ccaas.ozonetel.com https://emergeapp6.ameyoemerge.in:8443 https://*.carwale.com/ https://*.bikewale.com/; 1
default-src 'self'; 	img-src data: blob: android-webview-video-poster: *; 	style-src 'unsafe-inline' *; 	font-src data: chrome-extension: moz-extension: safari-extension: 'self' fonts.gstatic.com cdnjs.cloudflare.com use.fontawesome.com; 	child-src 'self' www.googletagmanager.com www.youtube.com; 	connect-src wss: 'self' *.liveact.cri-mw.jp stats.g.doubleclick.net *.google-analytics.com analytics.google.com www.google.co.jp www.googletagmanager.com; 	script-src 'unsafe-inline' 'unsafe-eval' 'self' *.liveact.cri-mw.jp *.google-analytics.com www.googletagmanager.com jaysalvat.github.io code.jquery.com cdn.jsdelivr.net; 	report-uri https://e-cgift.net/reporturi.php 1
script-src 'report-sample' 'nonce-xwBrJim_j6IQVTDURjh65g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /cspreport 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hightext.de *.googletagservices.com *.doubleclick.net *.ibusiness.de *.onetoone.de *.versandhausberater.de *.neuhandeln.de *.press1.de *.google.de *.google.com *.googlesyndication.com; 1
default-src 'self' *.aiges.de aiges.de;                 script-src   'self' 'unsafe-inline' aiges.de *.aiges.de;                 style-src    'self' 'unsafe-inline' aiges.de *.aiges.de;                 font-src 'self' data: aiges.de *.aiges.de;                 media-src 'self' data: *.aiges.de aiges.de; 		object-src 'none'; 1
frame-ancestors 'self' http://*.brose.net http://brose.net https://*.brose.net https://brose.net https://*.ariba.com https://*.zkw.at http://*.zkw.at https://*.mycatalogcloud.com  http://*.mycatalogcloud.com http://*.valeo.determine.com https://*.valeo.determine.com http://valeo.determine.com https://valeo.determine.com http://*.mondigroup.com http://mondigroup.com https://*.mondigroup.com https://mondigroup.com http://*.elwitec.ch http://elwitec.ch https://*.elwitec.ch https://elwitec.ch http://*.ynovatec.ch http://ynovatec.ch https://*.ynovatec.ch https://ynovatec.ch http://prematic.ch http://*.prematic.ch https://prematic.ch https://*.prematic.ch http://brw.ch http://*.brw.ch https://brw.ch https://*.brw.ch http://uniprod-ag.ch http://*.uniprod-ag.ch https://uniprod-ag.ch https://*.uniprod-ag.ch http://montalpina.com http://*.montalpina.com https://montalpina.com https://*.montalpina.com http://sutter-hydraulik.com http://*.sutter-hydraulik.com https://sutter-hydraulik.com https://*.sutter-hydraulik.com http://bsaswiss.ch http://*.bsaswiss.ch https://bsaswiss.ch https://*.bsaswiss.ch http://salesconnect.sugarondemand.com https://salesconnect.sugarondemand.com http://*.salesconnect.sugarondemand.com https://*.salesconnect.sugarondemand.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' assets.adobedtm.com *.pdst.fm *.doubleclick.net  *.google-analytics.com  *.bing.com  *.googleadservices.com  *.facebook.net  *.techtarget.com  *.demandbase.com *.googletagmanager.com munchkin.marketo.net *.cookielaw.org *.polyfill.io *.adroll.com *.licdn.com *.mxpnl.com *.chtbl.com *.invoca.net *.livehelpnow.net addsearch.com *.youtube.com *.vidyard.com *.hotjar.com *.driftt.com *.searchcdn.com *.salesforceliveagent.com *.force.com *.salesforce.com *.salesforce-sites.com *.google.com *.googleoptimize.com *.redditstatic.com *.jsdelivr.net unpkg.com *.highcharts.com *.zi-scripts.com 1
default-src 'self' ;         					 style-src 'self' 'unsafe-inline' ;      					 img-src 'self' data: image/svg+xml https://*.google-analytics.com https://*.googletagmanager.com https://prod.smassets.net ;      					 connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://widget.surveymonkey.com ;      					 script-src 'self' 'nonce-FxNXSXN7so9hYmBlxwOH5bTuC8JFmGWTvt890n1nHZY=' 'sha256-ATReICQsd+smV/PvrA4eH+DuxsenS4SxbGcSjySJlBA=' https://*.googletagmanager.com  https://widget.surveymonkey.com https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.js 'sha256-v0BAGlBwARwRDTmWDYJoJnecS8cajrA8z2bmdrFFiHo=' ;					 font-src 'self' ; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.analytics.google.com https://*.awin1.com https://*.bazaarvoice.com https://*.braintree-api.com https://*.braintreegateway.com https://*.btttag.com https://*.criteo.com  https://osm.klarnaservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.kampyle.com https://*.klarna.com https://*.medallia.com https://*.paypal.com https://*.sheerid.com https://*.truefitcorp.com https://*.wepowerconnections.com https://*.zenaps.com https://adservice.google.com https://analytics.google.com https://apis.google.com https://apprl.com https://assets.adobedtm.com https://bat.bing.com https://careers.lululemon.com https://cdn.cookielaw.org https://cdn.cquotient.com https://cdn.honey.io https://cdn.jsdelivr.net https://cdn.quantummetric.com https://ingest.quantummetric.com https://cdnjs.cloudflare.com https://challenges.cloudflare.com https://cm.g.doubleclick.net https://cm.teads.tv https://connect.facebook.net https://ct.pinterest.com https://d38xvr37kwwhcm.cloudfront.net https://dpm.demdex.net https://e.cquotient.com https://eu-library.klarnaservices.com https://eu.klarnaevt.com https://evt-eu.klarnaservices.com https://external.quantummetric.com https://fledge.teads.tv https://fonts.googleapis.com https://geolocation.onetrust.com https://globalstaticassets.lululemon.com https://google.com https://googleads.g.doubleclick.net https://images.lululemon.com https://intljs.rmtag.com https://ln-rules.rewardstyle.com https://lululemon.quiq-api.com https://lululemonathleticacanadainc.demdex.net https://lululemoninternational-app.quantummetric.com https://lululemoninternational.quantummetric.com https://lululemonusa.tt.omtrdc.net https://maps.googleapis.com https://mpsnare.iesnare.com https://p.cquotient.com https://p.teads.tv https://pay.google.com https://privacyportal.onetrust.com https://r.cquotient.com https://rcgmal4n.klarnaservices.com https://s.apprl.com https://s.pinimg.com https://s3.eu-west-1.amazonaws.com https://s7mbrstream.scene7.com https://sc-static.net https://scripts.agilone.com https://smetrics.lululemon.de https://sslwidget.criteo.com https://static.cloudflareinsights.com https://static.criteo.com https://static.criteo.net https://stats.g.doubleclick.net https://t.teads.tv https://tag.rmp.rakuten.com https://tez.google.com https://the.sciencebehindecommerce.com https://tpc.googlesyndication.com https://tr.snapchat.com https://translate.google.com https://v2.waitwhile.com https://widget.as.criteo.com https://www.bing.com https://www.cloudflare.com https://www.dwin1.com https://www.facebook.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.lululemon.co.uk https://www.lululemon.de https://www.paypalobjects.com https://x.klarnacdn.net https://*.browser-intake-datadoghq.com https://www.datadoghq-browser-agent.com https://analytics.tiktok.com wss://lululemoninternational.quantummetric.com wss://mpsnare.iesnare.com; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; img-src * 'self' data: https:; font-src * 'self' data: https:; block-all-mixed-content; 1
frame-ancestors 'self'; frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://embed.diagrams.net; script-src http: https: 'nonce-lolAzSO8t1z7NI3M8ZIQgZ4P' 'strict-dynamic'; object-src 'self'; base-uri 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.biexcellence.com cdn.biexcellence.com *.fontawesome.com *.googleapis.com https://www.google.de/maps *.emailsys1a.net *.etracker.com *.etracker.de cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.biexcellence.com cdn.jsdelivr.net; img-src 'self' data: cdn.biexcellence.com *.fontawesome.com c.emailsys1a.net cdn.biexcellence.com cdn.jsdelivr.net *.tile.openstreetmap.org; font-src 'self' data: *.fontawesome.com cdn.biexcellence.com; media-src 'self'; object-src 'none'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com https://www.google.com/ https://t21dcdde4.emailsys1a.net/; frame-ancestors 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.biexcellence.com maja.ai *.fontawesome.com *.google-analytics.com cdn.biexcellence.com nominatim.openstreetmap.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://static.cloudflareinsights.com pixel-geo.prfct.co tag.perfectaudience.com *.marketingautomation.services googleads.g.doubleclick.net analytics.tiktok.com sibautomation.com sonda.com www.sonda.com d23wbnplfnnqu6.cloudfront.net d23wbnplfnnqu6.cloudfront.net www.datadoghq-browser-agent.com *.googletagmanager.com sonda.com www.sonda.com snap.licdn.com *.hotjar.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com *.weglot.com cdn.weglot.com *.google.com translate.google.com *.googleapis.com *.gstatic.com  www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://www.google.com.br https://analytics.twitter.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net; style-src 'self' 'unsafe-inline' d23wbnplfnnqu6.cloudfront.net *.googletagmanager.com www.googletagmanager.com cdnjs.cloudflare.com cdn.weglot.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com kendo.cdn.telerik.com  netdna.bootstrapcdn.com https://www.google.com.br https://analytics.twitter.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net data:; img-src 'self' https://googleads.g.doubleclick.net d2cqazago6uw8v.cloudfront.net ad.doubleclick.net s3-docs-sonda.s3.amazonaws.com d23wbnplfnnqu6.cloudfront.net *.linkedin.com www.googletagmanager.com sonda.com www.sonda.com www.google.cl p.adsymptotic.com px.ads.linkedin.com *.google.com *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://www.google.co.ve:* https://secure.adnxs.com:* https://pixel-geo.prfct.co:* https://us-u.openx.net:* https://www.google.com.br https://analytics.twitter.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net; media-src 'self' d2cqazago6uw8v.cloudfront.net d23wbnplfnnqu6.cloudfront.net s3-docs-sonda.s3.amazonaws.com data: blob: *.frontify.com *.cloudinary.com; child-src 'self' 13133940.fls.doubleclick.net sibautomation.com td.doubleclick.net d23wbnplfnnqu6.cloudfront.net 12163336.fls.doubleclick.net maps.google.com *.google.com vars.hotjar.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com; connect-src 'self' *.hotjar.io wss://ws.hotjar.com in-automate.brevo.com *.tiktok.com www.google-analytics.com px.ads.linkedin.com www.sonda.com sonda.com d23wbnplfnnqu6.cloudfront.net s3-docs-sonda.s3.amazonaws.com https://ws15.hotjar.com wss://ws15.hotjar.com ws24.hotjar.com wss://ws24.hotjar.com vc.hotjar.io cdn-api-weglot.com stats.g.doubleclick.net analytics.google.com in.hotjar.com cdn.weglot.com translate.googleapis.com data:  https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.gstatic.com *.frontify.com *.cloudinary.com https://www.google.com.br https://analytics.twitter.com https://ups.analytics.yahoo.com https://pixel.rubiconproject.com https://cm.g.doubleclick.net; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' ws: blob:   ;script-src      'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.onlineportalnow.com https://*.sageworksanalyst.com https://*.sageworks.com https://*.abrigo.com https://*.newrelic.com https://*.pendo.io https://*.nr-data.net https://hello.myfonts.net https://*.google-analytics.com https://*.googleapis.com https://*.form.io https://cdn.plaid.com        ;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.onlineportalnow.com https://*.sageworksanalyst.com https://*.sageworks.com https://*.abrigo.com https://*.newrelic.com https://*.pendo.io https://*.nr-data.net https://hello.myfonts.net https://*.google-analytics.com https://*.googleapis.com https://*.form.io https://cdn.plaid.com https://*.charmsolutions.ai         ;script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://*.onlineportalnow.com https://*.sageworksanalyst.com https://*.sageworks.com https://*.abrigo.com https://*.newrelic.com https://*.pendo.io https://*.nr-data.net https://hello.myfonts.net https://*.google-analytics.com https://*.googleapis.com https://*.form.io https://cdn.plaid.com https://*.charmsolutions.ai 1
default-src 'none';      style-src 'self' 'unsafe-inline' https://cloud.typography.com https://www.appleone.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net https://hello.myfonts.net https://pro.fontawesome.com https://cdn.jsdelivr.net https://use.typekit.net https://p.typekit.net https://cdnjs.cloudflare.com https://www.youtube.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com;      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://munchkin.marketo.net https://www.youtube.com https://s.ytimg.com https://s7.addthis.com https://m.addthis.com https://m.addthisedge.com https://code.jquery.com https://cdn.datatables.net https://connect.facebook.net https://ajax.googleapis.com https://www.dropbox.com https://apis.google.com https://unpkg.com https://maps.googleapis.com https://www.googleapis.com https://www.google.com https://www.gstatic.com https://plugins.eventable.com/ *.addthis.com *.addthisedge.com;       img-src 'self' https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.facebook.com https://cdn.datatables.net https://track.ziprecruiter.com https://www.youtube.com https://maps.gstatic.com https://maps.googleapis.com data: https://add.eventable.com/ https://plugins.eventable.com/;      font-src 'self' https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://pro.fontawesome.com https://fonts.gstatic.com data: https://stackpath.bootstrapcdn.com;      connect-src 'self' https://815-tmy-864.mktoresp.com https://www.facebook.com https://www.youtube.com https://www.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net;      frame-src 'self' https://appleone.com https://www.sertifi.com/allin1/ https://sandbox.sertifi.net/allin1/ https://wotcintgsvc.maxinc.com https://s7.addthis.com https://www.youtube.com https://Ain1.sharepoint.com https://accounts.google.com/ https://docs.google.com/ https://www.google.com/recaptcha/ https://add.eventable.com/ https://wotc.maximus.com https://wotcdemo.maximus.com;      frame-ancestors 'self'; object-src 'self'; form-action 'self'; base-uri 'none'; media-src 'self' https://www.youtube.com 1
upgrade-insecure-requests; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://roamresearch.com https://*.roamresearch.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: blob: wss: 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-src *; frame-ancestors 'self' https://*.googleapis.com https://*.gameandfishmag.com http://*.gameandfishmag.com https://*.androidplatform.net https://*.twixlmedia.com/ http://*.twixlmedia.com https://us.content.twixlmedia.com https://*.akamaized.net http://*.akamaized.net https://*.osgnetworks.tv file://* filesystem:; 1
default-src  https: unsafe-inline ;          script-src 'self' https: 'unsafe-inline' 'unsafe-eval';          style-src 'self' https: 'unsafe-inline';          img-src 'self' https: data:;          connect-src 'self' https:;          font-src 'self' https:; 1
default-src 'self';  img-src 'self' data: https:; frame-src https://*.five9.com https://*.youtube.com/ https://*.doubleclick.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://web-sdk-eu.aptrinsic.com https://*.googleapis.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://js.monitor.azure.com; connect-src 'self' https: https://*.googleapis.com https://*.gstatic.com https://*.five9.com data:; font-src 'self' https://fonts.gstatic.com; style-src 'self' https://web-sdk-eu.aptrinsic.com https://app.five9.com https://fonts.googleapis.com 'unsafe-inline'; 1
report-uri https://www.yelp.com/csp_block?id=84db2e0ae0064872&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1715653013; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com https://optimize.google.com *.googleanalytics.com *.google-analytics.com *.googleadservices.com *.pagead2.googelsyndication.com *.googleoptimize.com *.clarity.ms  https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://snap.licdn.com https://unpkg.com https://cdnjs.cloudflare.com *.linkedin.com https://cdn.stat-track.com *; img-src 'self' https: data: blob:;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://optimize.google.com https://fonts.googleapis.com; font-src https://fonts.gstatic.com * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src https://optimize.google.com * data:; 1
frame-ancestors 'self' https://*.anywayanyday.com 1
default-src 'self'; script-src 'self' *.youtube.com https://unpkg.com vjs.zencdn.net cdnjs.cloudflare.com *.matomo.cloud 'unsafe-inline' *.matomo.cloud; style-src 'self' fonts.googleapis.com *.youtube.com https://unpkg.com cdnjs.cloudflare.com 'unsafe-inline' vjs.zencdn.net; img-src 'self' data: *.youtube.com; media-src 'self' *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.vimeo.com; font-src 'self' fonts.gstatic.com data:; connect-src 'self' *.matomo.cloud; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.io; img-src 'self' https: data: blob: https://mstdn.io; style-src 'self' https://mstdn.io 'nonce-5T1WHT1+UWbaxj8wTejfrA=='; media-src 'self' https: data: https://mstdn.io; frame-src 'self' https:; manifest-src 'self' https://mstdn.io; form-action 'self'; child-src 'self' blob: https://mstdn.io; worker-src 'self' blob: https://mstdn.io; connect-src 'self' data: blob: https://mstdn.io https://media.mstdn.io wss://mstdn.io; script-src 'self' https://mstdn.io 'wasm-unsafe-eval' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-pLy8carpXNmGZ70JBagNFg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' spl.martini.com *.prod.bacardi.digital *.dev.bacardi.digital *.bacardilimited.com *.martini.com d2z05otmbim3z8.cloudfront.net walkinto.in www.google.com www.googletagmanager.com stats.g.doubleclick.net www.instagram.com instagram.com www.martiniracingciclismo.com www.youtube.com *.snapchat.com player.vimeo.com store.terrazza.martini.com responsibledrinking.eu www.facebook.com *.adimo.co *.adsrvr.org rfi.martini-casa-terrazza.com www.tripadvisor.co.uk contact.visitcasamartini.com www.lamaisonwellness.com www.museoauto.it 5337729.fls.doubleclick.net asystem-library.s3.amazonaws.com d.agkn.com grandhotelsitea.it www.museoauto.com my.hornblower.com pay.google.com; connect-src 'self' *.facebook.com www.facebook.com spl.martini.com *.prod.bacardi.digital *.dev.bacardi.digital maps.googleapis.com region1.google-analytics.com *.google-analytics.com *.onetrust.com *.liquidcheckout.com www.googletagmanager.com stats.g.doubleclick.net www.google-analytics.com bacardilimited.channelsight.com d3hnlaz0mzjpz0.cloudfront.net *.teads.tv *.snapchat.com *.pinterest.com *.usersnap.com https://4dvq37jqcg.execute-api.eu-west-1.amazonaws.com www.google.com googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' spl.martini.com www.googletagmanager.com d3hnlaz0mzjpz0.cloudfront.net player.vimeo.com *.prod.bacardi.digital *.dev.bacardi.digital *.onetrust.com *.instagram.com *.google-analytics.com www.google.com www.gstatic.com maps.googleapis.com www.youtube.com *.teads.tv *.snapchat.com sc-static.net *.twitter.com *.ads-twitter.com s.pinimg.com cdn.adimo.co connect.facebook.net js.adsrvr.org maxcdn.bootstrapcdn.com d29mknc5251yuj.cloudfront.net asystem-library.s3.amazonaws.com platform.vine.co fast.fonts.net *.usersnap.com cdn.jsdelivr.net my.hornblower.com pay.google.com; style-src 'self' 'unsafe-inline' fast.fonts.net fonts.googleapis.com *.prod.bacardi.digital *.dev.bacardi.digital store-locator-frontend-prod.prod.bacardi.digital cloud.typography.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; img-src * 'self' http://images.salsify.com/ images.salsify.com data: http://* https://* blob:; font-src 'self' data: https://* 1
default-src 'self' *.trancetraffic.com; script-src 'self' *.trancetraffic.com https://ssl.google-analytics.com; connect-src 'self' *.trancetraffic.com https://ssl.google-analytics.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; base-uri 'self';form-action 'self' 1
default-src 'self'; connect-src 'self' https://proxy.bella.network/pv-proxy/ wss://proxy.bella.network/pv-proxy/ws https://pulse.bella.network/api/; font-src 'self'; img-src 'self' data: https://proxy.bella.network https://api.mapbox.com; object-src https://thomas.bella.network/images/; manifest-src 'self' https://thomas.bella.network/manifest.json; script-src 'self' https://pulse.bella.network/ https://unpkg.com/leaflet@1.9.4/dist/leaflet.js; style-src 'self' 'unsafe-inline' https://unpkg.com/leaflet@1.9.4/dist/leaflet.css; report-uri https://report.bella.pm/csp 1
default-src https:; script-src 'self' cdn.cookielaw.org 'unsafe-inline' 'unsafe-eval' global.oktacdn.com aperiogroup.bamboohr.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com pi.pardot.com; style-src 'self' 'unsafe-inline' global.oktacdn.com; object-src 'self' 1
default-src 'self' fonts.gstatic.com; style-src 'self' fonts.googleapis.com 'unsafe-inline'; script-src 'self' 'unsafe-eval' maps.googleapis.com developers.google.com 'unsafe-inline'; frame-ancestors 'none'; form-action 'self'; img-src 'self' csi.gstatic.com maps.gstatic.com maps.googleapis.com data: 1
default-src 'self' data:; object-src 'none'; frame-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://www.google.com/; connect-src 'self' https://yoast.com/ https://www.google-analytics.com/ https://region1.google-analytics.com/; media-src 'self' https://player.vimeo.com/ https://download-video.akamaized.net/ https://vod-progressive.akamaized.net/; form-action 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/ https://deliveryhero.com/ https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://s.w.org/ https://ps.w.org/ https://secure.gravatar.com/ https://pubads.g.doubleclick.net/  data:; worker-src 'self' blob:; report-to csp-endpoint; 1
base-uri 'none' ;frame-ancestors 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz ;default-src 'unsafe-inline' 'self' data: ;style-src 'unsafe-inline' 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://fonts.googleapis.com ;font-src 'self' data: https://fonts.gstatic.com ;connect-src 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://pdf.zivotopisy.cz https://www.personalniagentury.cz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googleadservices.com https://adservice.google.com https://stats.g.doubleclick.net https://www.google.com https://maps.googleapis.com https://www.youtube.com/ https://h.seznam.cz ;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.seznam.cz https://c.seznam.cz ;img-src 'self' data: https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://www.google.com https://www.google.cz https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://c.seznam.cz https://*.youtube.com https://i.ytimg.com https://conv.indeed.com https://*.tile.osm.org ;frame-src https://www.easy-prace.cz https://www.zivotopisy.cz https://pdf.zivotopisy.cz https://www.personalniagentury.cz https://*.youtube.com https://www.google.com https://td.doubleclick.net ;object-src 'none' ;upgrade-insecure-requests ;report-uri https://www.easy-prace.cz/report_content_security_policy ;report-to csp 1
default-src 'self' http: https: data: blob: 'unsafe-inline';  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.gstatic.com https://munchkin.marketo.net https://maps.googleapis.com https://cdn.jsdelivr.net https://connect.facebook.net https://googleads.g.doubleclick.net https://*.onetrust.com https://livechat.jncb.com https://jncb.fluidaibot.com https://*.jncb.com https://cdn.amplitude.com https://*.instana.io/ 1
frame-ancestors 'self' https://*.lexus.co.uk https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-W07l78VL72m2HkSqViqFp7i+K9M5aAJqvwgzEEprWCBNovpw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'nonce-/Ygzt59bAC/sEUAIDD4irA==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=c1184c6f-1437-4eef-a323-3e27bea148ec; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
connect-src *.google-analytics.com www.google-analytics.com *.analytics.google.com *.practicalaction.org practicalaction.org *.cloudflare.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.cookiepro.com *.onetrust.com *.sharethis.com  *.google.com  *.ads.linkedin.com  *.linkedin.com *.bing.com *.soundcloud.com *.muchloved.com *.googlesyndication.com ; default-src 'self' 'unsafe-inline' www.googletagmanager.com; font-src 'self' data: *.practicalaction.org practicalaction.org *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.hotjar.com; frame-src 'self' data: www.google.com platform.twitter.com www.googletagmanager.com player.vimeo.com vimeo.com youtube.com www.youtube.com www.youtube-nocookie.com *.twitter.com *.cloudflare.com  *.fls.doubleclick.net *.doubleclick.net *.soundcloud.com *.kall.work *.muchloved.com; img-src 'self' data: www.google-analytics.com www.gstatic.com www.google.co.uk www.googletagmanager.com *.gravatar.com  *.vimeocdn.com  *.ytimg.com  *.twitter.com *.youtube.com *.practicalaction.org practicalaction.org  ad.doubleclick.net  *.nextdoor.com  *.cookiepro.com  bat.bing.com  *.ads.linkedin.com  *.linkedin.com  t.co *.facebook.com  *.sharethis.com platform-cdn.sharethis.com *.soundcloud.com *.googlesyndication.com; media-src 'self' blob: data: *.soundcloud.com *.youtube.com *.youtube-nocookie.com *.muchloved.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' connect.facebook.net *.muchloved.com cdn.jsdelivr.net; script-src-elem 'self' 'unsafe-inline' player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com connect.facebook.net *.cloudflare.com *.cookiepro.com code.jquery.com *.sharethis.com  static.ads-twitter.com  static.hotjar.com  bat.bing.com  snap.licdn.com  unpkg.com  ads.nextdoor.com  *.hotjar.com *.muchloved.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' blob:; style-src-elem 'self' 'unsafe-inline' *.cloudflare.com fonts.googleapis.com *.bootstrapcdn.com *.jquery.com *.fontawesome.com; worker-src 'self' blob:; 1
object-src 'none'; frame-ancestors 'self'; report-uri http://www.securite-routiere.gouv.fr/report-uri/enforce 1
default-src * 'self' data: * 'unsafe-inline' 'unsafe-eval'; script-src * 'self' data: * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline'; style-src-elem * 'self' data: 'unsafe-inline'; style-src-attr * 'self' data: 'unsafe-inline'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; child-src * 'self'; frame-src * 'self'; worker-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 1
frame-ancestors https://jbnuu.uz; 1
default-src *;img-src https: data:;font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com https://dash.sparkloop.app/styles/ 'unsafe-inline';script-src 'strict-dynamic' 'nonce-OAwe3IwxgD4rG9OXy9ZtOtAvFk8=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' webclientprint: *.googleapis.com *.gstatic.com ajax.aspnetcdn.com *.datatables.net *.bootstrapcdn.com *.google.com *.google-analytics.com img-src * data:;font-src * data:; 1
child-src 'self' https://dash.bounceexchange.com https://assets.bounceexchange.com https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://ln-rules.rewardstyle.com https://www.shoplooks.com https://www.recaptcha.net https://recaptcha.net https://vars.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://tr.snapchat.com https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://www.pinterest.com blob:; connect-src 'self' https://sgtm.biossance.com https://*.cdnbasket.net https://*.cdnwidget.com https://events.bouncex.net https://coupons.bounceexchange.com https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.liveperson.net wss://*.liveperson.net  https://services.postcodeanywhere.co.uk https://*.googleapis.com https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.baidu.com https://vc.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com wss://*.liveperson.net https://www.allsole.com/e2/ds/relay https://horizon-api.www.allsole.com/graphql https://*.ingest.sentry.io https://s1.thcdn.com; font-src 'self' data: https://assets.bounceexchange.com https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://dev.bounceexchange.com https://api.bounceexchange.com https://www.facebook.com https://m.allsole.com https://checkout.allsole.com https://www.allsole.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' https://sgtm.biossance.com https://dev.bounceexchange.com https://tag.wknd.ai https://api.bounceexchange.com https://assets.bounceexchange.com https://tag.bounceexchange.com https://dash.bounceexchange.com https://cdn.parcellab.com 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.parcellab.com https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.criteo.com https://static.criteo.net https://*.baidu.com https://remote.captcha.com https://ssl.bing.com https://*.akamaihd.net https://ln-rules.rewardstyle.com https://www.recaptcha.net https://recaptcha.net https://*.sciencebehindecommerce.com https://*.shoplooks.com https://slooks.top https://slooks.me https://static.hotjar.com https://script.hotjar.com https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://*.contentsquare.net https://app.contentsquare.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com https://s1.thcdn.com; style-src 'self' 'unsafe-inline' https://assets.bounceexchange.com https://www.allsole.com https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.shoplooks.com https://static.shoplooks.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com; upgrade-insecure-requests; report-to report-endpoint; 1
default-src 'self' 'https://fonts.googleapis.com https://fonts.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://goo.gle https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.lk https://td.doubleclick.net https://analytics.google.com https://ap-gateway.mastercard.com https://test-gateway.mastercard.com https://www.gstatic.com https://connect.facebook.net https://apis.google.com https://www.google.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://localhost https://kfc.lk https://kfc-web.azurewebsites.net https://admin-kfc-web.azurewebsites.net https://cdnjs.cloudflare.com https://code.jquery.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com 'unsafe-inline'  1
default-src 'self' *.katacoda.com learning.oreilly.com; img-src *; style-src 'self' 'unsafe-inline' *.katacoda.com *.oreilly.com cdn.oreillystatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.katacoda.com cdn.trackjs.com openfpcdn.io www.google-analytics.com www.googletagmanager.com; connect-src 'self' wss://*.katacoda.com *.katacoda.com *.launchdarkly.com *.trackjs.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' *.katacoda.com *.oreilly.com cdn.oreillystatic.com fonts.googleapis.com fonts.gstatic.com; object-src 'none'; frame-ancestors 'self' *.katacoda.com learning.oreilly.com 1
default-src https: mailto: wss: data: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src * data:; base-uri 'none'; 1
default-src 'self' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: googletagmanager.com policy.cookiereports.com visauniversity.rev-na.demo.vbrick.com https://media.eu.vbrickrev.com https://visauniversityvod.rev.vbrick.com https://media.us.vbrickrev.com https://visatv.visa.com; style-src 'self' 'unsafe-inline'  https: googleapis.com; frame-src 'self' https://visauniversity.rev-na.demo.vbrick.com https://media.eu.vbrickrev.com https://visauniversityvod.rev.vbrick.com https://media.us.vbrickrev.com https://www.youtube.com https://visatv.visa.com https://www.google.com/  https://player.vimeo.com 1
frame-src delivery2.widgetworks.com.au www.youtube.com; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://app.aiden.cx https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://static.zdassets.com https://www.google-analytics.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://a.omappapi.com ads.creative-serving.com static2.creative-serving.com www.facebook.com code.jquery.com; upgrade-insecure-requests; frame-src 'self' https://app.aiden.cx https://consentcdn.cookiebot.com https://4yfweck668yj.b-cdn.net https://*.visualwebsiteoptimizer.com https://app.vwo.com https://a.omappapi.com; child-src 'self' blob:; worker-src 'self' blob:; 1
default-src 'self'; connect-src 'self' https://cdn-eu.readspeaker.com https://app-eu.readspeaker.com https://vttts-eu.readspeaker.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data:; frame-src 'self' https://www.recaptcha.net https://www.google.com https://www.youtube.com https://app-eu.readspeaker.com; img-src 'self' data: https://piwik.ciz.nl https://i.ytimg.com; object-src 'none'; script-src 'self' https://piwik.ciz.nl https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://cdn-eu.readspeaker.com https://github.com https://www.recaptcha.net; style-src 'self' 'unsafe-inline' https://cdn-eu.readspeaker.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src https: 'self' 'unsafe-inline' data:; connect-src https: wss: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' widget.trustpilot.com trustpilot.com livechat.shellrent.com manager.shellrent.com www.google.com google.com www.google.it www.google-analytics.com fonts.gstatic.com www.gstatic.com connect.facebook.net www.facebook.com www.googletagmanager.com ajax.googleapis.com fonts.googleapis.com stats.g.doubleclick.net polyfill.io secure.gravatar.com ps.w.org shellrent.com  pro.fontawesome.com fontawesome.com ams.wpml.org wpml.org js.stripe.com stripe.com cdnjs.cloudflare.com static.cloudflareinsights.com use.fontawesome.com googleads.g.doubleclick.net googlesyndication.com tpc.googlesyndication.com unpkg.com snap.licdn.com static.ads-twitter.com t.co analytics.twitter.com cdn.linkedin.oribi.io px.ads.linkedin.com region1.analytics.google.com www.linkedin.com region1.google-analytics.com data:; 1
frame-ancestors 'self' http://www.slipcase.com https://www.slipcase.com https://marketplace.marsh.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.gstatic.com *.jsdelivr.net *.cookiepro.com *.datatables.net *.jquery.com https://twitter.github.io https://raw.githack.com https://cdnjs.cloudflare.com https://player.vimeo.com https://www.google.com *.github.io *.githack.com *.cloudflare.com *.vimeo.com *.google.com *.licdn.com *.cookielaw.org *.google-analytics.com; object-src 'self'; 1
default-src 'self' cocubes.com *.cocubes.com cocubes.in cdn.cookielaw.org www.youtube.com player.vimeo.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' cocubes.com *.cocubes.com cdn.cookielaw.org blob:; connect-src 'self' cocubes.com *.cocubes.com cocubes.in *.blob.core.windows.net cdn.cookielaw.org *.onetrust.com; img-src data: https: blob:; style-src 'unsafe-inline' https:; media-src 'self' blob: *.blob.core.windows.net cocubes.com *.cocubes.com cocubes.in; font-src data: https:;object-src 'self' cocubes.com *.cocubes.com cocubes.in *.blob.core.windows.net youtube.com player.vimeo.com; 1
default-src 'self' pure.okta.com *.oktacdn.com; connect-src 'self' pure.okta.com pure-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com pure.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' pure.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' pure.okta.com *.oktacdn.com; frame-src 'self' pure.okta.com pure-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' pure.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' pure.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'none'; script-src 'self' https://matomo.museum-digital.de; img-src 'self' data: https://matomo.museum-digital.de https://matomo.museum-digital.org https://*.museum-digital.org https://*.museum-digital.de; style-src 'self'; font-src 'self'; frame-src 'none'; object-src 'none'; base-uri 'none'; form-action 'self' https://nat.museum-digital.de; frame-ancestors 'none'; manifest-src 'self'; connect-src 'self' https://matomo.museum-digital.de; 1
script-src 'self' assets.adobedtm.com www.youtube.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ 'unsafe-inline' 1
default-src 'self'; img-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://trc.taboola.com https://www4.celibest.com https://www.celibest.com https://www.celibnord.com https://www.celibouest.com https://www.celibparis.com https://www.celiblyon.com https://www.celibrhonealpes.com https://www.celibsud.com https://www.celibsudouest.com https://toodate-rekognition.s3.eu-west-1.amazonaws.com data:; script-src 'self' https://piwiks.celibest.com https://www.google-analytics.com https://code.createjs.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://systempay.cyberpluspaiement.com https://www.paypal.com; media-src 'self'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; frame-src 'self'; frame-ancestors 'self'; child-src 'self'; object-src 'none'; 1
default-src 'self' https://www.youtube.com https://*.doubleclick.net https://*.adform.net https://jedonnemonavis.numerique.gouv.fr https://enovate.156th.com https://snap.licdn.com https://px.ads.linkedin.com https://secure.adnxs.com https://www.googletagmanager.com https://adservice.google.com https://connect.facebook.net https://www.facebook.com data: 'unsafe-inline' 1
frame-ancestors 'self' shopby.co.kr nhn-commerce.com builder.io; worker-src 'self'; child-src shopby.co.kr nhn-commerce.com shop-api.e-ncp.com; frame-src * data: blob:  1
object-src 'none'; frame-ancestors 'self'; report-uri http://dges.edu.uy/report-uri/enforce 1
frame-ancestors 'self';frame-src 'self'; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' data: *; 1
frame-ancestors  'self' https://www.eduleverse.com/  https://eduleverse.com/ https://www.eduleresource.com/ https://www.learning.moe.edu.sg/  https://vle.sandbox.sls.moe.edu.sg/ 1
default-src 'none'; connect-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data: 22h.s3.nl-ams.scw.cloud; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; base-uri 'self'; form-action 'self'  1
worker-src 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self' 1
frame-src 'self' streaming.hoshikare.jp vp1-hoshikare-prod.firebaseapp.com platform.twitter.com syndication.twitter.com www.youtube.com apps.paidy.com checkout-v2.paidy.com 1
frame-ancestors 'self';                      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.criteo.com https://*.api.useinsider.com https://*.cloudflare.com https://*.quinengine.com https://*.segmentify.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn.enhencer.com https://cdn-ukwest.onetrust.com https://connect.facebook.net https://cookie-cdn.cookiepro.com https://google-analytics.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://googletagmanager.com https://graph.facebook.com https://*.bkmexpress.com.tr https://js.facebook.com https://mc.yandex.ru https://static.criteo.net https://sslwidget.criteo.com https://ssl.google-analytics.com https://st-hummel.mncdn.com https://tagmanager.google.com https://www.google-analytics.com https://www.clarity.ms https://www.googleoptimize.com https://www.google.com https://www.googletagmanager.com https://*.useinsider.com https://*.newrelic.com https://*.nr-data.net https://*.googleapis.com https://*.sgmntfy.com https://www.gstatic.com/;                      style-src 'self' 'unsafe-inline' *.google.com *.api.useinsider.com fonts.googleapis.com https://*.cloudflare.com https://*.quinengine.com privacyportal-cdn.onetrust.com st-hummel.mncdn.com www.googletagmanager.com https://*.segmentify.com https://*.bkmexpress.com.tr https://*.useinsider.com;                      child-src 'self' blob: *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com https://*.yandex.com *.criteo.com *.criteo.net *.api.useinsider.com creativecdn.com connect.facebook.net www.googletagmanager.com https://*.googleapis.com https://*.bkmexpress.com.tr https://*.yandex.ru/;                      base-uri 'self';                      worker-src 'self' blob: www.google.com;       report-uri /WebResource.axd?cspReport=true; 1
frame-ancestors 'self' iseaint.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://tag.aticdn.net https://scripts.told.club; img-src 'self' https://*.xiti.com https://www.mesdroitssociaux.gouv.fr https://*.numerique.gouv.fr https://evolt.imgix.net data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com; font-src 'self' data:; frame-src 'self' https://www.dailymotion.com https://widget.told.club; connect-src 'self' https://*.xiti.com https://*.dev-franceconnect.fr https://app.franceconnect.gouv.fr https://api.told.club http://*.agora.msanet/openfisca/calculate https://*.gouv.fr; object-src 'none' 1
default-src 'report-sample' 'self'; script-src 'report-sample' 'self' 'unsafe-eval' https://code.jquery.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://noulcatalog.ro; script-src-attr 'report-sample' 'self' 'unsafe-inline' https://code.jquery.com; worker-src 'report-sample' 'self'; form-action 'report-sample' 'none'; frame-ancestors 'none'; img-src 'report-sample' 'self' data: https://code.jquery.com https://secure.gravatar.com https://noulcatalog.ro; connect-src 'report-sample' 'self' https://code.jquery.com https://api.pwnedpasswords.com https://extreme-ip-lookup.com https://secure.gravatar.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://noulcatalog.ro; frame-src 'report-sample' https://www.google.com https://maps.google.com;child-src 'report-sample' https://www.google.com https://maps.google.com 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' https://code.jquery.com; style-src-attr 'report-sample' 'self' 'unsafe-inline' https://code.jquery.com; style-src-elem 'report-sample' 'self' 'unsafe-inline' https://code.jquery.com; font-src 'report-sample' 'self' https://code.jquery.com  https://noulcatalog.ro; object-src 'report-sample' 'none'; upgrade-insecure-requests; report-uri /report.php; report-to csp-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.trustisto.com https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self' https://*.trustisto.com https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; img-src 'self' data: putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; font-src 'self' data: putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; connect-src 'self' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; media-src 'self' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; object-src 'self' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; frame-src * 'self' putasvipmexico.net *.putasvipmexico.net putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net 1
frame-ancestors https://*.sc.gov.br 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: 1
font-src *.cloudflare.com *.twitter.com https://vxml4.plavxml.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.googleapis.com *.artibot.ai *.artibotcdn.com *.adobedtm.com *.adobe.com includestest.ccdc02.com s.ytimg.com *.vimeocdn.com *.razorpay.com *.newrelic.com *.nr-data.net *.zohocdn.com *.zohostatic.in *.salesio.zoho.in salesio.zoho.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com api.razorpay.com *.twitter.com https://www.google.com https://www.google.co.in https://vxml4.plavxml.com https://www.facebook.com https://maps.google.com *.addthis.com *.artibot.ai dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.vimeo.com *.sandbox.paypal.com *.paypal.com *.braintreegateway.com *.braintree-api.com *.paypalobjects.com *.googletagmanager.com *.moatads.com *.addthisedge.com googleads.g.doubleclick.net *.landofcoder.com *.artibotcdn.com *.adobedtm.com includestest.ccdc02.com s.ytimg.com *.googleapis.com *.vimeocdn.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.zohocdn.com *.zohostatic.in *.salesio.zoho.in salesio.zoho.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms landofcoder.com 'self' 'unsafe-inline'; img-src *.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cdn.razorpay.com *.cloudflare.com *.gstatic.com https://vxml4.plavxml.com *.google.com *.google.co.in https://www.facebook.com *.artibot.ai *.artibotcdn.com includestest.ccdc02.com s.ytimg.com *.googleapis.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.zohocdn.com *.zohostatic.in *.salesio.zoho.in *.zohopublic.com *.zoho.com salesio.zoho.in *.zohopublic.in *.bing.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ checkout.razorpay.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com https://vxml4.plavxml.com *.google-analytics.com *.gstatic.com *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.addthis.com *.moatads.com *.addthisedge.com https://googleads.g.doubleclick.net dpm.demdex.net amcglobal.sc.omtrdc.net *.cardinalcommerce.com *.sandbox.paypal.com *.braintreegateway.com *.braintree-api.com *.artibot.ai *.landofcoder.com *.artibotcdn.com *.googleapis.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.salesio.zoho.in salesio.zoho.in *.zohocdn.com *.zohostatic.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.artibot.ai dpm.demdex.net amcglobal.sc.omtrdc.net https://vxml4.plavxml.com *.cardinalcommerce.com *.vimeo.com *.sandbox.paypal.com *.paypal.com *.braintreegateway.com *.braintree-api.com *.paypalobjects.com *.googletagmanager.com *.youtube.com *.addthis.com *.moatads.com *.addthisedge.com googleads.g.doubleclick.net *.landofcoder.com *.artibotcdn.com *.adobedtm.com includestest.ccdc02.com s.ytimg.com *.vimeocdn.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.zohocdn.com *.zohostatic.in *.salesio.zoho.in salesio.zoho.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.vimeo.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com https://vxml4.plavxml.com *.google-analytics.com *.gstatic.com *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com *.googletagmanager.com *.youtube.com *.addthis.com *.moatads.com *.addthisedge.com https://googleads.g.doubleclick.net *.cardinalcommerce.com *.sandbox.paypal.com *.braintreegateway.com *.braintree-api.com googleads.g.doubleclick.net *.artibot.ai *.landofcoder.com *.artibotcdn.com *.adobedtm.com *.adobe.com includestest.ccdc02.com s.ytimg.com *.googleapis.com *.vimeocdn.com *.razorpay.com *.newrelic.com *.nr-data.net *.zoho.in *.zohocdn.com *.zohostatic.in *.salesio.zoho.in salesio.zoho.in *.zohopublic.com *.zoho.com *.zohopublic.in *.bing.com *.clarity.ms landofcoder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.zoho.in *.salesio.zoho.in salesio.zoho.in *.zohocdn.com *.zohostatic.in *.zohopublic.com *.zoho.com *.zohopublic.in https://vxml4.plavxml.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors www.mygov.bd workflow.mygov.bd 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/ https://static.cdninstagram.com/; 1
default-src 'self' https:; script-src 'self' http: https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.tpay.me *.monitoringservice.co wss://*.monitoringservice.co *.empello.net wss://*.empello.net *.clfldcbprotect.com *.dcbprotect.com wss://*.dcbprotect.com:8080; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data: blob:; worker-src data: blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bitrix24.ru *.google.com *.gstatic.com symfony.wpro.site infostrah.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.calltouch.ru *.facebook.net *.yandex.ru yastatic.net *.doubleclick.net *.cloudflare.com *.googleoptimize.com *.ipotekalab.ru *.ibmakrus.ru; frame-src 'self' *.bitrix24.ru *.banki.ru symfony.wpro.site infostrah.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.calltouch.ru *.facebook.net *.yandex.ru yastatic.net *.doubleclick.net *.cloudflare.com *.google.com *.gstatic.com *.googleoptimize.com *.skpari.local *.ipotekalab.ru; frame-ancestors 'self' http://www.ibmakrus.ru https://strahovka102.ru *.banki.ru; object-src 'self' blob: 1
default-src 'self' play.vidyard.com; connect-src 'self' *.kampyle.com play.vidyard.com stats.g.doubleclick.net www.google-analytics.com; media-src 'self' play.vidyard.com; font-src 'self' use.fontawesome.com fonts.gstatic.com use.typekit.net data:; style-src 'self' *.kampyle.com *.readyclassroomcentral.com *.i-readycentral.com 'unsafe-inline' use.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net http://*.i-readycentral.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com use.typekit.net *.eloqua.com img.en25.com play.vidyard.com www.googletagmanager.com *.kampyle.com www.google-analytics.com http://*.i-readycentral.com; img-src 'self' *.i-readycentral.com ps.w.org cdn.vidyard.com play.vidyard.com *.eloqua.com *.googletagmanager.com *.kampyle.com www.google.com www.google-analytics.com secure.gravatar.com s.w.org data:; frame-src *.i-readycentral.com play.vidyard.com *.kampyle.com; frame-ancestors 'self' 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' * *.getclicky.com clicky.com; style-src 'self' 'unsafe-inline' *; img-src 'self' * data:; media-src 'self' *; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.hsbc.ae *.recaptcha.net *.hsbc.com.hk:* *.jsdelivr.net bat.bing.com *.amazon-adsystem.com static.ads-twitter.com tpc.googlesyndication.com lo.v.liveperson.net tags.tiqcdn.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com lpcdn.lpsnmedia.net lptag.liveperson.net accdn.lpsnmedia.net cdn.optimizely.com cdn.appdynamics.com www.googletagmanager.com www.isstmena.hsbc.ae ssl.google-analytics.com www.google-analytics.com maps.googleapis.com *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.walkme.com pixel.everesttech.net *.contentsquare.com *.qualtrics.com cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com; img-src data: * blob:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.ae *.adsrvr.org *.hsbc.com.hk:* *.amazonaws.com *.hsbc.com *.onfido.com wss://*.hsbc.com bat.bing.com *.siteintercept.qualtrics.com adservice.google.com http://127.0.0.1:5000 http://127.0.0.1:5000/* *.brightcovecdn.com www.facebook.com www.google.com ad.doubleclick.net servicing.hsbc.co.uk maps.googleapis.com www.googletagmanager.com analytics.google.com akamai.tiqcdn.com stats.g.doubleclick.net www.google-analytics.com t.co analytics.twitter.com *.tt.omtrdc.net *.sc.omtrdc.net *.demdex.net *.liveperson.net *.google.com *.walkme.com pixel.everesttech.net *.qualtrics.com *.contentsquare.com rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net col.eum-appdynamics.com cdn-assets-prod.s3.amazonaws.com *.customers.biocatch.com analytics.tiktok.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com www.googletagmanager.com td.doubleclick.net 8715533.fls.doubleclick.net *.demdex.net *.walkme.com liveperson.com *.qualtrics.com connect.facebook.net analytics.tiktok.com; frame-ancestors 'self' www.hsbc.ae; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com; worker-src 'self' blob: *.demdex.net *.lpsnmedia.net *.liveperson.net *.google.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net manifest.prod.boltdns.net; manifest-src 'self' www.hsbc.ae; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.milfmovs.com/csp-reports; report-to csp-endpoint 1
script-src 'self' s.yimg.com sp.analytics.yahoo.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net maps.googleapis.com googleads.g.doubleclick.net bat.bing.com dts57qhtf7twy.cloudfront.net insights.bizrate.com gap.bizrate.com ; 1
frame-ancestors https://admin.shopify.com 'self'; 1
frame-ancestors 'self' *.classcreator.com *.classconnection.com *.facebook.net *.facebook.com 1
script-src 'self' 'unsafe-eval' https://swyftx.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem safe data: 'unsafe-inline' https://swyftx.com https://app.intotheblock.com https://yoast.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://www.redditstatic.com https://static.ads-twitter.com https://cdn.branch.io https://analytics.tiktok.com https://bat.bing.com https://cdn.pdst.fm https://app.link https://static.hotjar.com https://script.hotjar.com https://cdn.callrail.com/ https://js.callrail.com/; frame-src 'self' blob: data: https://www.google.com/ https://*.youtube.com https://platform.twitter.com https://11770793.fls.doubleclick.net https://td.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com https://www.googletagmanager.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.lol; img-src 'self' https: data: blob: https://social.lol; style-src 'self' https://social.lol 'nonce-6R/yOJYa0rlTT86+9rztsg=='; media-src 'self' https: data: https://social.lol; frame-src 'self' https:; manifest-src 'self' https://social.lol; form-action 'self'; child-src 'self' blob: https://social.lol; worker-src 'self' blob: https://social.lol; connect-src 'self' data: blob: https://social.lol https://media.social.lol wss://social.lol; script-src 'self' https://social.lol 'wasm-unsafe-eval' 1
default-src 'self' ; connect-src *; font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' demdex.net *.demdex.net *.scene7.com *.amazonaws.com adnxs.com *.adnxs.com *.audioeye.com bidswitch.net x.bidswitch.net *.bing.com *.btttag.com adx.dable.io btttag.com cdnjs.cloudflare.com *.coach.com *.coachoutlet.com criteo.com *.criteo.net *.criteo.com *.cloudfront.net *.facebook.com *.facebook.net *.forter.com *.google.com www.google.co.jp www.google.co.kr www.google.ca www.google.com.ua www.google.co.uk www.google.se www.google.cn www.google.co.nz www.google.com.my www.google.com.vn www.google.com.au www.google.de www.google.co.il www.google.nl www.google.com.tw *.gstatic.com www.googleadservices.com *.googleapis.com www.google.co.th www.google.com.ph www.google.co.in www.google.fr www.google.com.hk www.google.co.id www.google.com.sg www.googletagmanager.com *.google-analytics.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.drivecommerce.com *.optimizely.com optimizely.com *.paypal.com www.paypalobjects.com www.res-x.com *.qualtrics.com *.quantummetric.com *.force.com *.my.salesforce.com *.salesforceliveagent.com twitter.com *.twitter.com ads-twitter.com static.ads-twitter.com t.co *.bluecore.com *.bluekai.com creativecdn.com *.creativecdn.com *.cquotient.com cquotient.com *.doubleclick.net stickyadstv.com ads.stickyadstv.com 360yield.com *.360yield.com casalemedia.com *.casalemedia.com ivitrack.com matching.ivitrack.com *.katespade.com *.katespade.jp katespade.com line-scdn.net *.line-scdn.net line.me *.line.me liadm.com *.liadm.com media.net *.media.net mediavine.com exchange.mediavine.com mediawallahscript.com partner.mediawallahscript.com postrelease.com jadserve.postrelease.com agkn.com aa.agkn.com outbrain.com sync.outbrain.com pubmatic.com simage2.pubmatic.com yahoo.co.jp *.yahoo.co.jp yimg.jp s.yimg.jp *.yahoo.com ad.smaato.net s.ad.smaato.net rqtrk.eu ws.rqtrk.eu techlab-cdn.com p11.techlab-cdn.com imgvc.com *.imgvc.com valuecommerce.com *.valuecommerce.com itag.valuecommerce.ne.jp quantummetric.com revcontent.com trends.revcontent.com rubiconproject.com pixel.rubiconproject.com sharethrough.com match.sharethrough.com smartadserver.com *.smartadserver.com taboola.com *.taboola.com tapad.com *.tapad.com teads.tv *.teads.tv *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org 3lift.com eb2.3lift.com *.tangiblee.com criteo-partners.tremorhub.com ade.clmbtech.com ad.tpmn.co.kr lcx-widgets.bambuser.com *.rakuten.co.jp *.amplience.net *.mul-pay.jp *.amazon.com m.media-amazon.com static-fe.payments-amazon.com payments.amazon.co.jp visitor.omnitagjs.com s.thebrighttag.com *.socdm.com api.addressy.com *.googlesyndication.com e1.emxdgt.com api.bluecore.app *.yieldmo.com sp.gmossp-sp.jp cs.adingo.jp cs.gssprt.jp rt.udmserve.net ad.as.amanad.adtdp.com s.seedtag.com vid.vidoomy.com cm-exchange.toast.com mixer.mobon.net *.docomo.ne.jp s-cs.send.microad.jp *.instagram.com sync.ad-stir.com sync.e-planning.net cm.adform.net sync.cenarius.orangeclickmedia.com bh.contextweb.com sync.1rx.io onetag-sys.com sync.go.sonobi.com sync.connectad.io sync.console.adtarget.com.tr www.denhamanobag.jp inv-nets.admixer.net us-u.openx.net us.ck-ie.com adn.caprofitx.com cm.mgid.com csync.loopme.me sync.bidence.net youtube.com www.youtube.com www.yext-pixel.com *.33across.com *.bigcontent.io www.buyma.com *.rakuten.com pixel.s3xified.com sync.cootlogix.com ad.yieldlab.net tapestry.support *.tapestry.support *.lijit.com *.powerreviews.com *.demandware.net usersync.gumgum.com *.rlcdn.com sync.aralego.com b.admedia.com liveapi.yext.com *.krxd.net *.mktgcdn.com fast.nexx360.io cdn.aralego.net gateway.zscalerthree.net cm.adgrx.com cms.quantserve.com odr.mookie1.com id5-sync.com code.jquery.com tst.kaptcha.com pm.w55c.net edge1.certona.net res.cloudinary.com *.qubit.com match.prod.bidr.io cm.igaw.io sync.crwdcntrl.net t.adx.opera.com *.adyen.com cs.mobfox.com mpsnare.iesnare.com i.ytimg.com sync.targeting.unrulymedia.com cm.meba.kr tag.wknd.ai *.bounceexchange.com events.bouncex.net *.cdnwidget.com *.cdnbasket.net www.linkedin.com www.tumblr.com *.medallia.com *.kampyle.com *.bluecore.app *.paidy.com data: blob:; 1
frame-ancestors https://*.protegez-vous.ca https://*.dev.lepv.toumoro.com 1
frame-ancestors *.snowsoftware.com; object-src 'none'; 1
default-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com https://postnl-prod.eu.auth0.com; img-src 'self' data: *.google-analytics.com; frame-ancestors 'none'; form-action 'self'; font-src 'self'; script-src 'self' *.googletagmanager.com; style-src 'self'; frame-src https://postnl-prod.eu.auth0.com 1
default-src 'self' 'unsafe-eval' data: *.gstatic.com *.google-analytics.com *.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.visualwebsiteoptimizer.com *.gstatic.com bat.bing.com; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https: *.gravatar.com bat.bing.com; font-src 'self' data: https:; connect-src 'self' *.datadoghq.com *.linkedin.com *.eventconnect.io *.bamboohr.com *.ada.support *.yoast.com *.facebook.com *.google.com *.google-analytics.com *.yoast.com wss://*.hotjar.com *.hotjar.io *.hotjar.com *.hubspot.com *.hubapi.com *.hsforms.com wss://ws22.hotjar.com/api/v2/client/ws stats.g.doubleclick.net https://cdnjs.cloudflare.com *.hotjar.com; media-src 'self' https:; object-src 'self'; frame-src 'self' *.doubleclick.net *.youtube.com *.jotform.com *.eventconnect.io *.ada.support xd.adobe.com/ www.google.com www.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net *.hotjar.com *.hsforms.com; frame-ancestors 'self' about: *.eventconnect.io *.ada.support; form-action 'self' *.facebook.com *.hsforms.com; 1
frame-ancestors https://deportes.marcaapuestas.es/ 1
default-src 'self' www.burkert.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.twitter.com *.partcommunity.com *.olark.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.burkert.com snap.licdn.com www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com www.linkedin.com snap.licdn.com www.googletagmanager.com cdn.yoochoose.net www.youtube.com *.twitter.com *.vo.msecnd.net *.clickdimensions.com *.twimg.com customerwidget.joinflow.com maps.google.cn maps.googleapis.com *.facebook.net *.apsislead.com *.leadenhancer.com *.olark.com *.issuu.com olark-file-uploads.s3-us-west-1.amazonaws.com s.go-mpulse.net c.go-mpulse.net sc.lfeeder.com api.plezi.co optimize.google.com www.googleoptimize.com www.google-analytics.com www.googleanalytics.com gateway.moneris.com cdnjs.cloudflare.com; img-src data: 'self' www.burkert.com www.google-analytics.com www.google.com.au www.google.com www.google.de event.yoochoose.net *.twimg.com *.twitter.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.facebook.com *.ytimg.com *.linkedin.com *.leadenhancer.com *.olark.com *.adition.com *.gstatic.com *.clickdimensions.com tr.lfeeder.com www2.solique.ch optimize.google.com www.googletagmanager.com; object-src 'self' *.googletagmanager.com; style-src 'self' 'unsafe-inline' www.burkert.com www.googletagmanager.com *.clickdimensions.com *.twitter.com *.twimg.com fonts.googleapis.com *.olark.com *.vo.msecnd.net optimize.google.com gateway.moneris.com; font-src 'self' www.burkert.com *.buerkert.de data: fonts.gstatic.com *.olark.com; connect-src 'self' www.burkert.com www.google-analytics.com *.analytics.google.com *.google-analytics.com analytics.google.com api.telavox.se relay.telavox.com wss://websocket.telavox.se *.facebook.com *.olark.com *.googleadservices.com www.google.de www.google.com *.doubleclick.net *.clickdimensions.com c.go-mpulse.net *.akstat.io trial-eum-clientnsv4-s.akamaihd.net *.akamaihd.net maps.googleapis.com *.plezi.co cdn.linkedin.oribi.io px.ads.linkedin.com event.yoochoose.net; frame-src 'self' blob: mailto: tel: *.burkert-usa-marketing.com *.facebook.com *.partcommunity.com *.twitter.com www.youtube-nocookie.com www.platform-viewer.v-ex.com *.google.com essens.info *.burkert.com *.olark.com *.issuu.com *.clickdimensions.com optimize.google.com gateway.moneris.com; worker-src 'self' blob:;frame-ancestors 'self' https://ez.local.burkert.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 1
base-uri 'self' https://fonts.googleapis.com/; object-src 'none'; script-src https: 'nonce-6bb5ecb179' 'nonce-f1c416af84' 'nonce-daa2430b79' 'nonce-903a0241e9' 'nonce-a8b0ae0507' 'nonce-48a960e81d' 'nonce-3b88f05e9a' 'nonce-d286749474' 'nonce-d286749474' 'nonce-b229ca4083' 'nonce-8cda2ec3ac' 'nonce-7151bd0fd0' 'nonce-04c30968d0' 'nonce-875d06e5a5' 'nonce-2387a04eb4' 'nonce-fadfd3655c' 'nonce-38ba220396' 'nonce-4c4d4fe4f3' 'nonce-c3ff6582ab' 'nonce-89b2495f87' 'nonce-790199cf1d' 'nonce-6abd86a999' 'nonce-49ef02b1c3' 'nonce-e42fcdd620' 'nonce-6144084cf2' 'nonce-6f7f94c4ef' 'nonce-ae4dd01002' 'nonce-69891317ec' 'nonce-d3060d5c2a' 'nonce-729ba86d23' 'nonce-31ecead2ec' 'nonce-857e0ed7aa' 'nonce-cab069377f' 'nonce-82f9cbd7d1' 'nonce-e86bc6c972' 'nonce-e69c302971' 'nonce-7237dcc9dc' 'nonce-e4f6cca1ad' 'nonce-8a902e2867' 'nonce-19d02f6aeb' 'nonce-993ecc9e46' 'nonce-ad2fe2fbe4' 'nonce-f003ccd654' 'nonce-752d5464f5' 'nonce-b04ea24057' 'nonce-6fa33c2fd6' 'nonce-5e7c4c2078' 'nonce-db694f92fc' 'nonce-345149a89b' 'nonce-472d454c83' 'nonce-6986f58e3d' 'nonce-9883c6cf1f' 'nonce-bc058e8c70' 'nonce-3fcf6bce9d' 'nonce-6115ba47ee' 'nonce-f537788847' 'nonce-8e6dbdfd8a' 'nonce-ad91f780e5' 'nonce-c3c005e5ee' 'nonce-01a7aae8ff'     'strict-dynamic' 1
frame-src 'self' https://www.google.com/ https://cartera-stage.freetls.fastly.net/ https://cartera-cdn.freetls.fastly.net/ https://client-services.rclon.com/ https://players.brightcove.net/ https://fast.wistia.com/ https://static-client-services.rclon.com/ https://stage.savingsace.com https://www.savingsace.com https://www.youtube.com https://forms.office.com https://play.vidyard.com/ https://td.doubleclick.net/ https://*.api.useinsider.com/; 1
base-uri 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://cse.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://partner.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.state.ak.us https://*.alaska.gov https://www.google.com; frame-ancestors 'self'; form-action 'self' https: https://*.state.ak.us https://*.alaska.gov; img-src 'self' https://*.state.ak.us https://*.alaska.gov https://www.google-analytics.com https://www.googleapis.com https://www.google.com https://clients1.google.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn1.gstatic.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.amazonaws.com  https://*.roeye.com https://*.twitter.com http://*.twitter.com https://*.co *.mimecast.com *.ads-twitter.com *.doubleclick.net *.bing.com *.clarity.ms data:    d3dh5c7rwzliwm.cloudfront.net    d32106rlhdcogo.cloudfront.net    dgf0rw7orw6vf.cloudfront.net    td.doubleclick.net    googleads.g.doubleclick.net    ad.doubleclick.net    maxcdn.bootstrapcdn.com    pagead2.googlesyndication.com    region1.google-analytics.com    api.consentric.io  networkfeed.tpexpress.co.uk  lantern.roeyecdn.com  cdn.jsdelivr.net lantern.roeye.com  scripts.consentric.io    tpexpress.co.uk    code.jquery.com    https://js.adsrvr.org/up_loader.1.1.0.js    *.salesforce.com    *.force.com    myaccount.tpexpress.co.uk    retailhub.tpexpress.co.uk    railinfo.preprod.tpexpress.co.uk    retailhub.preprod.tpexpress.co.uk    consent-pref.trustarc.com www.awin1.com the.sciencebehindecommerce.com *.salesforceliveagent.com *.cloudfront.net *.salesforce-sites.com    ws.sessioncam.com apps.sitecore.net maps.googleapis.com consent.truste.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com kit.fontawesome.com    ka-f.fontawesome.com *.usabilla.com d2oh4tlt9mrke9.cloudfront.net www.dwin1.com ssl.google-analytics.com consent.trustarc.com servedby.flashtalking.com    9412802.fls.doubleclick.net 2042217.fls.doubleclick.net stats.g.doubleclick.net www.google.com www.gstatic.com secure.quantserve.com    connect.facebook.net rules.quantcount.com www.facebook.com railinfo.tpexpress.co.uk fonts.gstatic.com ftedisruption.appspot.com player.vimeo.com service.force.com   d.la3-c1cs-ph2.salesforceliveagent.com edge.quantserve.com platform.twitter.com syndication.twitter.com widgets.otrl.io *.hotjar.com *.hotjar.io wss://*.hotjar.com www.youtube.com   firstrailservice.my.salesforce-sites.com fglivechat.secure.force.com   *.adsrvr.org;    img-src 'self' data: https://*.roeye.com https://*.twitter.com http://*.twitter.com https://*.co *.doubleclick.net *.bing.com *.clarity.ms www.google-analytics.com secure.adnxs.com consent.trustarc.com d6tizftlrpuof.cloudfront.net www.google.com    www.google.co.in secure.quantserve.com connect.facebook.net www.facebook.com pixel.quantserve.com ssl.google-analytics.com maps.gstatic.com *.usabilla.com    maps.googleapis.com ade.googlesyndication.com stats.g.doubleclick.net www.awin1.com d1fd8aj8bhyfe9.cloudfront.net www.google.ie syndication.twitter.com www.googletagmanager.com firstrailservice.my.salesforce-sites.com fglivechat.secure.force.com;    style-src 'self' 'unsafe-inline' https://*.roeye.com https://*.twitter.com http://*.twitter.com https://*.co *.ads-twitter.com *.mimecast.com *.doubleclick.net *.bing.com *.clarity.ms cloud.typography.com fonts.googleapis.com cdnjs.cloudflare.com service.force.com maxcdn.bootstrapcdn.com *.cloudfront.net    *.force.com *.adsrvr.org *.my.salesforce.com *.googletagmanager.com *.salesforce-sites.com; 1
default-src 'unsafe-inline' 'unsafe-eval' https: wss:; style-src 'self' 'unsafe-inline' https://static.small.chat blob: https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data: https://netdna.bootstrapcdn.com https://static.small.chat; img-src https: data: 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.com.ar https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.com.ar https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.com.ar;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.com.ar  https://smetrics.vwfs.com.ar https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.ar;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.com.ar https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.com.ar https://smetrics.vwfs.com.ar https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.ar http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
frame-ancestors 'self' https://ersties.net https://ersties.de https://en.ersties.com https://ersties.ch https://en.ersties.ch https://ersties.com 1
default-src 'self'; connect-src 'self' https://js.stripe.com/ https://www.google-analytics.com https://q.quora.com https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com data:; img-src 'self' https://www.google-analytics.com/ https://cdn.shopify.com https://apps.shopifycdn.com https://images.editor.website https://*.bigcommerce.com https://run.pstmn.io https://*.quora.com data: *; frame-ancestors 'self' ; frame-src 'self' https://js.stripe.com https://www.google.com https://player.vimeo.com https://td.doubleclick.net; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; script-src 'self' https://www.google-analytics.com/ https://js.stripe.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://a.quora.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://snap.licdn.com https://googleads.g.doubleclick.net https://www.googleadservices.com 'unsafe-eval' 'unsafe-inline' data:; style-src 'self' https://fonts.googleapis.com/ https://sdks.shopifycdn.com 'unsafe-inline' 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;;style-src 'self' 'unsafe-inline' ;img-src 'self' data:  *.tile.openstreetmap.org *.tile.opencyclemap.org; 1
base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests; child-src blob:; default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; style-src 'self' https: 'unsafe-inline'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; img-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; font-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; connect-src 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; frame-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; frame-ancestors 'self'  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; object-src data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; media-src 'self' data:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184; worker-src 'self' data: blob:  *.adform.net *.ads-twitter.com *.ads.linkedin.com *.amazon-adsystem.com *.amazonaws.com *.analytics.google.com *.aptica.es *.bannerflow.net *.bing.com *.clarity.ms *.cloudflare.com *.co-buying.com *.configcat.com *.contentful.com *.cookielaw.com *.cookielaw.org *.creativecdn.com *.ctfassets.net *.doubleclick.net *.euskaltel.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.es *.googleadservices.com *.googleapis.com *.googleoptimize.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.inbenta.com *.inconcertcc.com *.krxd.com *.krxd.net *.licdn.com *.linkedin.oribi.io *.logalty.com *.logalty.es *.masmovil.com *.mixpanel.com *.onetrust.com *.openstreetmap.org *.outbrain.com *.pinimg.com *.pinterest.com *.pinterest.es *.quantummetric.com *.racctelplus.com *.speedtestcustom.com *.taboola.com *.teads.tv *.thunderhead.com *.tiktok.com *.tile.openstreetmap.org *.twitter.com *.useinsider.com *.walmeric.com *.womtp.com *.yahoo.com *.yimg.com *.youtube-nocookie.com *.youtube.com t.co p.adsymptotic.com sjs.bizographics.com *.cstmapp.com 212.55.0.184 1
frame-ancestors 'self' https://*.sms-digital.cloud; 1
child-src 'self' blob:; connect-src * blob: data: * skd://drmtoday; img-src 'self' data: *; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com cdn.appsflyer.com; object-src 'self' data: * *.googlesyndication.com; media-src 'self' blob: *; manifest-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' blob: *.dplayer.pro *.2mdn.net static.ads-twitter.com weathergroup.activehosted.com *.adnxs.com *.adsafeprotected.com *.adsrvr.org *.amp.live *.ampproject.org *.app-us1.com *.appsflyer.com app.link *.beachfront.com *.branch.io *.cloudfront.net *.combotag.com *.cookielaw.org *.onetrust.com *.doubleclick.net *.doubleverify.com *.everesttech.net *.evidon.com *.extend.tv *.extremereach.io connect.facebook.net *.flashtalking.com *.freewheel.tv adservice.google.com tagmanager.google.com *.google.com *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.googletagservices.com *.gravatar.com *.gstatic.com *.iasds01.com *.imrworldwide.com *.innovid.com *.insightexpressai.com *.ipredictive.com *.lkqd.net *.moatads.com *.rhythmone.com *.rubiconproject.com *.scorecardresearch.com *.segment.com *.serving-sys.com *.spotx.tv *.spotxcdn.com *.spotxchange.com *.springserve.com *.telaria.com trackcmp.net *.tremorhub.com analytics.twitter.com *.unrulymedia.com *.vindicosuite.com *.w55c.net *.yumenetworks.com; style-src 'unsafe-inline' blob: 'self' fonts.googleapis.com  *.gstatic.com tagmanager.google.com *.innovid.com *.google.com *.innovid.com; frame-src *.doubleverify.com *.dvtps.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gumgum.com *.imrworldwide.com *.pubmatic.com *.serving-sys.com *.google.com 1
default-src 'self' idsecure.com.br:* www.idsecure.com.br:* main.idsecure.com.br:* report.idsecure.com.br:* wss://localhost:8181 www.google-analytics.com; font-src *; style-src * 'unsafe-inline'; script-src 'self' idsecure.com.br www.idsecure.com.br main.idsecure.com.br www.googletagmanager.com polyfill.io www.google-analytics.com; img-src 'self' idsecure.com.br www.idsecure.com.br main.idsecure.com.br report.idsecure.com.br www.google-analytics.com cdnjs.cloudflare.com data:; worker-src 'self' blob:; object-src 'none'; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://bae.st wss://bae.st https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self'; font-src 'self' https: data:; img-src 'self' https: data:; media-src 'self' https: data: blob:; child-src 'self' https: blob:; connect-src 'self' *.paypal.com *.svc.dynamics.com *.dynamics.com *.w3.org *.getgo.com *.bizzabo.com *.pheedloop.com *.bugsnag.com *.microsoft.com https://unpkg.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net *.google.com *.geolocation.onetrust.com *.onetrust.com *.linkedin.oribi.io *.oribi.io *.adroll.com *.clickdimensions.com *.cookielaw.org *.cloudflare.com *.facebook.net *.facebook.com *.googleapis.com *.typekit.net *.gstatic.com *.doubleclick.net *.twimg.com *.polyfill.io *.linkedin.com *.crazyegg.com *.licdn.com *.twitter.com *.google-analytics.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.gstatic.com https://ml314.com *.company-target.com *.demandbase.com *.6sc.co; script-src  'unsafe-inline' 'self' *.azureedge.net *.bizzabo.com *.pheedloop.com *.bugsnag.com *.paypal.com *.w3.org *.getgo.com https://unpkg.com  https://cxppusa1formui01cdnsa01-endpoint.azureedge.net *.vimeo.com *.microsoft.com *.msecnd.net *.svc.dynamics.com *.dynamics.com *.brightcove.net *.cloudfront.net *.googletagmanager.com *.fontawesome.com *.wistia.com *.nprapps.org *.google.com *.adroll.com *.ads-twitter.com *.clickdimensions.com *.cookielaw.org *.cloudflare.com *.facebook.net *.googleapis.com *.typekit.net *.gstatic.com *.doubleclick.net *.twimg.com *.polyfill.io https://polyfill.io *.linkedin.com *.crazyegg.com *.licdn.com *.twitter.com *.google-analytics.com *.google.co.in *.googleadservices.com *.googletagmanager.com *.gstatic.com https://ml314.com *.buzzsprout.com *.blubrry.com *.company-target.com *.demandbase.com *.6sc.co *.simpli.fi; style-src 'self' https: 'unsafe-inline' *.svc.dynamics.com *.dynamics.com *.paypal.com https://organizer.bizzabo.com https://site.pheedloop.com https://sessions.bugsnag.com https://unpkg.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://ml314.com *.blubrry.com;  worker-src  'self' blob:; 1
frame-src 'self' https://*.linkedin.com https://*.audioeye.com https://activitymap.adobe.com https://lordabbett.demdex.net/ https://vds.issgovernance.com https://vds.issproxy.com https://www.googletagmanager.com https://pages.exacttarget.com https://page.email.lordabbett.com https://players.brightcove.net https://*.go-mpulse.net https://html5-player.libsyn.com https://twitter.com https://*.twitter.com https://pbs.twimg.com https://*.financialtrans.com; frame-ancestors 'self' https://*.linkedin.com https://*.audioeye.com https://activitymap.adobe.com https://*.go-mpulse.net https://*.twitter.com  https://*.financialtrans.com; object-src 'self'; 1
default-src 'self' widget.arcaptcha.ir ws: wss: http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
img-src 'self' https: data: 1
default-src 'self' data: blob: ws: *.g2.com *.canddi.io *.canddi.com *.crisp.chat www.google-analytics.com *.analytics.google.com pixel.pvd.to stats.g.doubleclick.net vgkgl5kmed.execute-api.eu-west-1.amazonaws.com *.wistia.net *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.googleapis.com lcj9zwv5p3.execute-api.eu-west-1.amazonaws.com; img-src 'self' data: *.g2.com s.canddi.io pixel.pvd.to px.ads.linkedin.com www.google-analytics.com www.facebook.com www.google.com www.google.co.uk image.crisp.chat www.googletagmanager.com *.wistia.com embedwistia-a.akamaihd.net googleads.g.doubleclick.net *.googleadservices.com *.contentengine.net *.linkedin.com *.canddi.com *.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: *.canddi.com www.googletagmanager.com cdn.canddi.io s.canddi.io www.google-analytics.com www.googleadservices.com snap.licdn.com connect.facebook.net js.pvd.to googleads.g.doubleclick.net www.linkedin.com px.ads.linkedin.com *.crisp.chat www.googleoptimize.com *.wistia.com *.stripe.com *.google.com *.gstatic.com *.capterra.com *.calendly.com *.g2crowd.com; style-src 'self' 'unsafe-inline' *.crisp.chat; frame-src 'self' *.canddi.com www.facebook.com *.wistia.net *.stripe.com *.google.com *.calendy.com calendly.com *.g2.com *.youtube.com *.googleapis.com; font-src 'self' data: fonts.gstatic.com *.crisp.chat; frame-ancestors 'self' *.canddi.local *.canddi.com www.canddi.download www.canddi.download.local www.canddi.link www.canddi.link.local 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://blossm.com https://challenges.cloudflare.com https://static.ads-twitter.com/uwt.js https://*.www.blossm.com https://www.google.com https://*.blossm.com https://static.zdassets.com https://www.blossm.com https://*.zendesk.com https://*.nr-data.net https://www.google.com/recaptcha/ https://www.googletagmanager.com https://js-agent.newrelic.com https://ajax.googleapis.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://connect.facebook.net 'self' ;  style-src 'self' data: 'unsafe-inline' https://*.blossm.com https://*.www.blossm.com https://www.blossm.com https://cdnjs.cloudflare.com ; img-src https://t.co https://cdn.blossm.com https://private-cdn.blossm.com https://*.blossm.com https://static.zdassets.com blob: https://blossm.com https://www.blossm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cbpayouts.s3.amazonaws.com https://*.nr-data.net data: https://analytics.twitter.com https://*.www.blossm.com 'self' https://www.facebook.com https://blossm.zendesk.com ;  font-src 'self' data: https://*.blossm.com https://www.blossm.com https://*.www.blossm.com https://cdnjs.cloudflare.com ; connect-src wss://*.blossm.com https://blossm.com https://cbpayouts.s3.amazonaws.com https://*.www.blossm.com wss://blossm.zendesk.com wss://www.blossm.com https://*.blossm.com blob https://www.blossm.com https://*.nr-data.net https://ekr.zdassets.com wss://*.zendesk.com ws://localhost:* blob: https://www.facebook.com https://blossm.zendesk.com https://cdn.blossm.com https://private-cdn.blossm.com https://www.google-analytics.com data: 'self' ;  media-src 'self' https://*.blossm.com https://www.blossm.com https://*.www.blossm.com mediasource: blob: data: https://cbpayouts.s3.amazonaws.com https://cdn.blossm.com https://private-cdn.blossm.com https://static.zdassets.com ;  object-src 'self' https://*.blossm.com https://www.blossm.com https://*.www.blossm.com https://cbpayouts.s3.amazonaws.com https://cdn.blossm.com https://private-cdn.blossm.com ; frame-src https://*.incodesmile.com https://*.blossm.com https://www.blossm.com https://blossm.com https://challenges.cloudflare.com https://www.google.com/recaptcha/ 'self' ;  child-src 'self' blob: blob ;  worker-src 'self' blob: blob ;  form-action 'self' https://*.blossm.com https://blossm.com https://www.blossm.com https://*.www.blossm.com ;  manifest-src 'self' https://*.blossm.com https://blossm.com https://www.blossm.com https://*.www.blossm.com ; 1
default-src 'self' 'unsafe-inline' data: *.groupe-mediactive.fr *.typekit.net *.pingdom.net fg.cdn.mediactive-network.net cdn.mediactive-network.net *.cedexis.com; frame-src 'self'; object-src 'self'; child-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' *.opmnstr.com *.mstrlytcs.com cdn.bizneo.com *.plausible.io cdn-widget.callpage.io hassets.adoberesources.net assets.adoberesources.net documentcloud.adobe.com *.sharethis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.bizneo.com go.bizneo.com *.clarity.ms cdn.jsdelivr.net assets.adoberesources.net *.hotjar.com *.ads-twitter.com *.twitter.com *.facebook.net appvizer.one *.optmnstr.com *.omappapi.com *.licdn.com *.opmnstr.com *.google-analytics.com *.googleapis.com *.googletagmanager.com sjs.bizographics.com *.googleadservices.com bat.bing.com *.marketo.net *.marketo.com *.linkedin.com *.doubleclick.net onesignal.com *.onesignal.com *.google.com cdn.ampproject.org *.googleanalytics.com *.googleoptimize.com optimize.google.com *.optimize.google.com *.omwpapi.com *.addthis.com *.moatads.com *.addthisedge.com ipinfo.io plausible.io cdnjs.cloudflare.com cdn-widget.callpage.io *.sharethis.com *.consensu.org cdn.convertbox.com mythemeshop.com polyfill.io data:; img-src 'self' https: data: cdn.bizneo.com *.googletagmanager.com *.google-analytics.com optimize.google.com assets.adoberesources.net lh3.googleusercontent.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.bizneo.com go.bizneo.com *.fontawesome.com *.googleapis.com *.marketo.com *.omappapi.com cdnjs.cloudflare.com optimize.google.com fonts.googleapis.com onesignal.com cdn-widget.callpage.io *.typekit.net cdn.convertbox.com fonts.bunny.net *.sharethis.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: cdn.bizneo.com fonts.gstatic.com *.typekit.net; frame-src https://www.facebook.com https://optimize.google.com https://www.youtube.com go.bizneo.com *.addthis.com *.consensu.org www.icegram.com td.doubleclick.net documentcloud.adobe.com *.sharethis.com; object-src 'none'; worker-src 'self' blob:; child-src 'self' *.hotjar.com *.marketo.com go.bizneo.com *.addthis.com www.bizneo.com; connect-src 'self' px.ads.linkedin.com *.google-analytics.com *.google.com *.bing.com *.facebook.com *.omappapi.com *.clarity.ms *.googlesyndication.com appvizer.one *.mktoresp.com *.mktoutil.com *.hotjar.com go.bizneo.com *.g.doubleclick.net onesignal.com *.omwpapi.com wss://*.hotjar.com *.addthis.com *.addthiscdn.com plausible.io ipinfo.io cdnjs.cloudflare.com ariadne.appvizer.one cdn.linkedin.oribi.io api.callpage.io geoipapi.callpage.io api-cdn6.callpage.io *.sharethis.com *.consensu.org app.convertbox.com *.adobe.io wss://*.adobe.io *.sharethis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  style-src 'self' 'unsafe-inline'; img-src *; 1
default-src 'none';media-src 'self' www.wellsfargomedia.com https://*.wellsfargo.com:* www.wellsfargo.com;font-src 'self' www15.wellsfargomedia.com retailservices-mfe.cfapps.wellsfargo.net retailservices-mfe.wellsfargo.com https://*.wellsfargo.com:* data: stm-connect.secure.evetest.wellsfargo.com:23621;frame-src 'self' ciaanalytics.wellsfargo.com connect.secure.wellsfargo.com www.bing.com wifp.wellsfargo.com https://*.wellsfargo.com:* wifp.ceo.wellsfargo.com;style-src 'unsafe-inline' 'self' wca.sec.wellsfargo.com www.bing.com www.wellsfargo.com retailservices-mfe.cfapps.wellsfargo.net retailservices-mfe.wellsfargo.com https://*.wellsfargo.com:* ceomedia.wf.com;base-uri 'none';report-uri /reporting/csp;frame-ancestors 'none';script-src 'self' 'nonce-3fec59820221f529' www.wellsfargo.com www.bing.com c1.wfinterface.com dev.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com ssl.google-analytics.com www.google-analytics.com ajax.googleapis.com wca.wellsfargo.com wca.sec.wellsfargo.com wcafs.sec.wellsfargo.com wellspa.sec.wellsfargo.com wellspa.wellsfargo.com ceomedia.wf.com wifp.wellsfargo.com wifp.ceo.wellsfargo.com retailservices-mfe.cfapps.wellsfargo.net retailservices-mfe.wellsfargo.com https://*.wellsfargo.com:*  six.cdn-net.com wcafs.wellsfargo.com;connect-src 'self' stats.g.doubleclick.net https://globalsiteanalytics.com/resource/resource.png www.bing.com www.google-analytics.com t0.ssl.ak.dynamic.tiles.virtualearth.net connect.secure.staging.wellsfargo.com connect.secure.wellsfargo.com wca.wellsfargo.com wcafs.wellsfargo.com wca.sec.wellsfargo.com pdx-col.eum-appdynamics.com rubicon.wellsfargo.com dev.virtualearth.net wfgaccess.wellsfargo.com retailservices-mfe.cfapps.wellsfargo.net retailservices-mfe.wellsfargo.com wcafs.sec.wellsfargo.com wellspa.sec.wellsfargo.com https://*.medallia.com https://*.kampyle.com https://*.wellsfargo.com:* wellspa.wellsfargo.com;img-src 'self' stats.g.doubleclick.net data: blob: t0.ssl.ak.dynamic.tiles.virtualearth.net t1.ssl.ak.dynamic.tiles.virtualearth.net www.adobe.com www.wellsfargo.com www.google-analytics.com ssl.google-analytics.com ceomedia.wf.com www.bing.com wca.wellsfargo.com wca.sec.wellsfargo.com retailservices-mfe.cfapps.wellsfargo.net retailservices-mfe.wellsfargo.com wcafs.sec.wellsfargo.com wellspa.sec.wellsfargo.com https://*.kampyle.com https://*.wellsfargo.com:* wellspa.wellsfargo.com;object-src 'self' wifp.wellsfargo.com https://*.wellsfargo.com:* wifp.ceo.wellsfargo.com; 1
default-src 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
connect-src 'self' https://maps.googleapis.com; default-src 'self'; font-src 'self' data:  https://use.fontawesome.com  https://fonts.gstatic.com  ; frame-src 'self' https://www.google.com  https://www.youtube.com  ; img-src 'self' data: https://secure.gravatar.com  https://wordpress.slimcd.com  https://s.w.org   ; script-src script-src 'self' 'unsafe-inline' data:  https://use.fontawesome.com  https://maps.google.com  https://www.google.com  https://www.gstatic.com  'unsafe-eval' ; script-src-elem script-src-elem 'self' 'unsafe-inline' https://use.fontawesome.com  https://maps.google.com  https://www.google.com  https://www.gstatic.com  ; style-src style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  ; style-src-elem style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://use.fontawesome.com  ; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.analytics.google.com https://forms.hscollectedforms.net https://api.hubspot.com https://consentcdn.cookiebot.com https://d8ejoa1fys2rk.cloudfront.net https://connect.facebook.net https://platform.twitter.com https://analytics.twitter.com https://en.twitter.com https://cdn.syndication.twimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://unpkg.com https://js.hs-banner.com https://www.cookiebot.com https://www.facebook.com https://www.facebook.net https://www.visualwebsiteoptimizer.com https://www.youtube.com https://www.doubleclick.net https://js.hs-scripts.com https://www.jquery.com https://www.google-analytics.com https://snap.licdn.com  https://static.ads-twitter.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.usemessages.com https://js.hsleadflows.net https://js.hscollectedforms.net https://www.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://www.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://www.usemessages.com https://www.googleoptimize.com https://player.vimeo.com https://www.vimeo.com https://f.vimeocdn.com https://embed.calculoid.com https://ajax.googleapis.com https://boards.greenhouse.io https://cdn.pushcrew.com https://www.cloudfront.net https://js.hsforms.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget-hosts.mavenoid.com/custom-embedding-scripts/ https://app.mavenoid.com/embedded/ https://cdn.matomo.cloud/evbox.matomo.cloud/ https://open.spotify.com/embed/iframe-api/v1 https://embed-cdn.spotifycdn.com https://js.hubspot.com/web-interactives-embed.js;style-src 'self' 'unsafe-inline' 'unsafe-eval' ton.twimg.com licdn.com platform.twitter.com fonts.googleapis.com https://unpkg.com https://cdn.pushcrew.com;object-src 'none';base-uri 'self';connect-src 'self' *.analytics.google.com https://googleads.g.doubleclick.net https://www.google.com https://forms.hscollectedforms.net https://branding.evbox.com https://consentcdn.cookiebot.com https://api.hubspot.com https://consentcdn.cookiebot.com https://forms.hubspot.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com fonts.googleapis.com fonts.gstatic.com embed.calculoid.com www.gstatic.com api.calculoid.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://byndair.bynder.com blob: https://preproduction.evbox.com https://evbox.com https://cdn.linkedin.oribi.io https://o442183.ingest.sentry.io/api/5440054/envelope/ https://app.mavenoid.com/embedded/ https://api.mavenoid.com/api/graphql https://pagead2.googlesyndication.com/pagead/ wss://tsock.us1.twilio.com/v3/wsconnect https://evbox.matomo.cloud/ https://lottie.host/ https://px.ads.linkedin.com/ *.hubspot.com;font-src 'self' data: https://embed.calculoid.com https://fonts.gstatic.com https://app.mavenoid.com/fonts/;frame-src 'self' https://oplaadpalen.nl https://chargepoints.eco-movement.com https://www.zeemaps.com https://consentcdn.cookiebot.com https://www.facebook.com https://www.youtube.com https://boards.greenhouse.io https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://map.openchargemap.io/ https://lottie.host/ https://open.spotify.com/ https://3950862.hs-sites.com/;img-src 'self' data: https://imgsct.cookiebot.com/ https://volt-staging.evbox.com https://volt-preprod.evbox.com https://volt.evbox.com https://evbox.com https://p.adsymptotic.com https://www.linkedin.com https://analytics.twitter.com https://community.modx.com https://forms.hsforms.com https://staging.evbox.com https://modx-community.s3.dualstack.us-east-1.amazonaws.com https://px.ads.linkedin.com https://t.co https://track.hubspot.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.nl https://www.google.fr https://www.googletagmanager.com https://www.gravatar.com https://googleads.g.doubleclick.net https://bynder-public-eu-central-1.s3.amazonaws.com https://www.googleusercontent.com https://ev-database.org https://cdn.pushcrew.com https://lh1.googleusercontent.com https://lh2.googleusercontent.com https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://i1.ytimg.com https://mavenoidfiles.com/ *.hsforms.com https://cta-service-cms2.hubspot.com https://static.hubspot.com https://static.hsappstatic.net/;manifest-src 'self';media-src 'self' https://app.mavenoid.com/sounds/;worker-src 'none'; 1
default-src 'unsafe-inline' 'self' ;script-src  'unsafe-inline' 'self' https://challenges.cloudflare.com static.cloudflareinsights.com; connect-src 'self'  cloudflareinsights.com;img-src  'self'   data: ; frame-src  https://challenges.cloudflare.com ; object-src 'none' 1
frame-ancestors https://*.woman.at https://*.vgn.at; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors https://wpp-wdcee.wirecard.com 1
object-src 'none'; script-src 'self' 'nonce-cd950a099f0641bd9ecefef51246d864' 'sha256-bYH6V1Wby/yQdY+2mNHLWDwG3e3AUGv1/pm0vhS1/2Q=' https://snap.licdn.com/ https://f.vimeocdn.com/ https://acdn.adnxs.com/ https://maps.googleapis.com/ https://otp.tools.investis.com/ https://cc.cdn.civiccomputing.com/ http://s7.addthis.com/ https://www.googletagmanager.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com ; style-src 'self' 'unsafe-inline' https://sse-prelive.emperordev.com https://cc.cdn.civiccomputing.com/ https://fonts.googleapis.com/ https://tools.eurolandir.com/ ; img-src 'self' data: https://sse-prelive.emperordev.com https://ib.adnxs.com/ https://analytics.twitter.com/ https://t.co/ https://i.vimeocdn.com/ https://www.sserenewables.com/ https://tiscreport.org/ https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com/collect https://p.adsymptotic.com/d/px https://tr.lfeeder.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat ; frame-src 'self' https://sse-prelive.emperordev.com  https://td.doubleclick.net/ https://indd.adobe.com/ https://otp.tools.investis.com/ https://irs.tools.investis.com/ https://tools.eurolandir.com/ https://www.youtube.com https://www.ustream.tv https://www.facebook.com https://player.vimeo.com https://www.google.com 1
frame-ancestors 'self' https://lbhill1-dev.gosshosted.com https://activehousing.co.uk https://lbhill1-prp.gov.uk https://lbhill1-tst.gosshosted.com; report-to csp-endpoint; report-uri https://www.hillingdon.gov.uk/csp-reports; 1
default-src https: data: 'self' blob: data:; style-src 'self' 'unsafe-inline' *.content-cms.com *.shopperapproved.com *.cloudfront.net https://www.googletagmanager.com fonts.googleapis.com use.fontawesome.com *.mypurecloud.com *.sociablekit.com *.bootstrapcdn.com *.google.com;font-src 'self' *.bing.com *.cloudfront.net fonts.gstatic.com use.fontawesome.com *.bootstrapcdn.com *.mypurecloud.com *.google.com blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tokenex.com *.pinterest.com *.pinimg.com *.content-cms.com *.consumersadvocate.org *.zapier.com *.roeyecdn.com *.upsellit.com *.iconnode.com *.bing.com https://googleads.g.doubleclick.net *.sciencebehindecommerce.com *.awin1.com *.convertexperiments.com *.amazon-adsystem.com *.cloudfront.net https://www.dwin1.com *.cloudflare.com https://partner.googleadservices.com https://googleads.g.doubleclick.net https://v2.crocdn.com https://woobox.com *.instagram.com www.shopperapproved.com www.googleadservices.com *.facebook.net www.google-analytics.com www.googletagmanager.com *.google.com *.sociablekit.com *.pure.cloud *.pages04.net *.hotjar.com  *.clarity.ms *.ceros.com *.b0e8.com *.marinsm.com *.prfct.co *.bing.com *.evidence.io unpkg.com *.digicert.com *.gstatic.com *.auth0.com optimize.google.com www.googleoptimize.com blob: data:;connect-src 'self' *.amazon-adsystem.com *.pinterest.com *.pinimg.com *.content-cms.com *.consumersadvocate.org *.bing.com *.upsellit.com *.iconnode.com *.sciencebehindecommerce.com *.awin1.com *.convertexperiments.com *.cloudfront.net https://api.ipify.org https://images.sociablekit.com https://csp.withgoogle.com wss://streaming.usw2.pure.cloud api.usw2.pure.cloud www.google-analytics.com stats.g.doubleclick.net *.clarity.ms *.facebook.com *.google.com *.evidence.io *.accentapi.com wss://wss.evidence.io *.hotjar.com wss://ws8.hotjar.com *.generalitravelinsurance.com *.gstatic.com *.auth0.com blob: data:;img-src data: 'self' *.content-cms.com *.roeye.com *.day.com *.upsellit.com *.doubleclick.net *.consumeraffairs.com *.awin1.com *.iconnode.com *.convertexperiments.com https://googleads.g.doubleclick.net *.cloudfront.net https://www.googleapis.com/generate_204 https://lh3.googleusercontent.com www.shopperapproved.com *.generalitravelinsurance.com www.google-analytics.com www.googletagmanager.com *.google.com *.gstatic.com  *.clarity.ms *.bc0a.com *.b0e8.com *.prfct.co *.facebook.com *.adnxs.com *.bing.com *.bc0a.com *.sociablekit.com *.pages04.net *.accentapi.com *.digicert.com *.evidence.io evidenceapp.s3-us-west-2.amazonaws.com *.cloudfront.net blob: data:; frame-src 'self' *.tokenex.com *.pinterest.com *.pinimg.com *.content-cms.com *.upsellit.com *.zapier.com *.zapier.app *.generalitravelinsurance.com *.awin1.com *.iconnode.com *.cloudfront.net https://afs.googlesyndication.com *.youtube.com *.bing.com *.ggatravelservices.com *.ceros.com *.facebook.com *.instagram.com https://woobox.com https://player.vimeo.com https://map.openupforbusiness.com *.research.net *.surveymonkey.com *.amazon-adsystem.com *.doubleclick.net *.hotjar.com *.google.com www.googleoptimize.com *.pages04.net blob: data:; frame-ancestors 'self' *.generalitravelinsurance.com *.vacationprotection.com *.vacationrentalinsurance.com *.generalipartner.com 1
frame-ancestors 'self' https://roserocket.com https://network.roserocket.com 1
form-action 'self'; connect-src traceless.io www.traceless.io secure.point.co api.stripe.com www.dinopass.com www.google-analytics.com sentry.io traceless-staging-files.s3.us-west-2.amazonaws.com traceless-staging-files.s3.amazonaws.com api-iam.intercom.io wss://nexus-websocket-a.intercom.io stats.g.doubleclick.net graphql.contentful.com sdk.split.io auth.split.io streaming.split.io events.split.io consentcdn.cookiebot.com uploads.intercomcdn.com www.redditstatic.com; img-src 'self' *.google-analytics.com *.googleusercontent.com *.gravatar.com www.googletagmanager.com gravatar.com *.wp.com cdn.auth0.com traceless.io staging-assets.traceless.io assets.traceless.io downloads.intercomcdn.com js.intercomcdn.com static.intercomassets.com images.ctfassets.net videos.ctfassets.net platform.slack-edge.com traceless.com cdn.usefathom.com imgsct.cookiebot.com gifs.intercomcdn.com alb.reddit.com; frame-ancestors; frame-src *.stripe.com https://hooks.stripe.com https://www.youtube.com consentcdn.cookiebot.com intercom-sheets.com; style-src 'self' fonts.googleapis.com fonts.traceless.io staging-assets.traceless.io fonts.traceless.io.s3-us-west-2.amazonaws.com assets.traceless.io unpkg.com 'unsafe-inline'; default-src 'self'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.traceless.io.s3-us-west-2.amazonaws.com fonts.traceless.io staging-assets.traceless.io assets.traceless.io js.intercomcdn.com fonts.intercomcdn.com; media-src 'self' js.intercomcdn.com; script-src 'self' browser.sentry-cdn.com traceless.us4.list-manage.com www.google-analytics.com www.googletagmanager.com cdn.jsdelivr.net assets.traceless.io js.stripe.com cdnjs.cloudflare.com widget.intercom.io js.intercom.io js.intercomcdn.com cdn.polyfill.io cdn.split.io consent.cookiebot.com consentcdn.cookiebot.com cdn.usefathom.com www.redditstatic.com conversions-config.reddit.com 1
default-src 'none'; base-uri 'self'; form-action 'none'; img-src 'self' data:; script-src 'self' 'unsafe-eval' 'sha256-XzTveO0B6IM8YRqAkdroV+PrFE4zaHt0A4z5uQ9CwzI='; style-src 'self' 'unsafe-inline'; font-src 'self'; worker-src 'self'; object-src 'self'; media-src 'self'; frame-ancestors 'none'; manifest-src 'self'; connect-src 'self' * 1
default-src 'self' data: https://consentcdn.cookiebot.com; script-src 'strict-dynamic' 'nonce-sTGxl+aFc1a9Vq52ffNrs1LZFH/1bGpr97bqr4hGL+c=' blob: https://dwin1.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/api.js https://*.googletagmanager.com https://www.google-analytics.com/analytics.js https://remote.captcha.com/include.js https://fat.financeads.net; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src 'self' https://www.awin1.com https://www.google.com https://consentcdn.cookiebot.com https://www.youtube.com; connect-src 'self' http://awin1.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; img-src 'self' data: https://www.financeads.net http://*.awin1.com https://*.awin1.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; 1
frame-ancestors 'self' https://app.kontent.ai http://isolvedhcm.lookbookhq.com https://isolvedhcm.lookbookhq.com http://isolvedhcm.pathfactory.com https://isolvedhcm.pathfactory.com http://pathfactory.isolvedhcm.com https://pathfactory.isolvedhcm.com;frame-src https://2486383.hs-sites.com https://app.hubspot.com https://s7.addthis.com https://players.brightcove.net https://td.doubleclick.net https://bid.g.doubleclick.net https://js.driftt.com https://www.facebook.com https://www.gartner.com https://www.google.com https://forms.hsforms.com https://forms.office.com https://app.kontent.ai https://forms.monday.com http://isolvedhcm.lookbookhq.com https://isolvedhcm.lookbookhq.com http://isolvedhcm.pathfactory.com https://isolvedhcm.pathfactory.com http://pathfactory.isolvedhcm.com https://pathfactory.isolvedhcm.com https://js.stripe.com https://tribl.io https://platform.twitter.com https://www.youtube.com https://form.jotform.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://eldritch.cafe; img-src 'self' data: blob: https://eldritch.cafe https://eldritchcafe.files.fedi.monster; style-src 'self' https://eldritch.cafe 'nonce-oyAX0auKZmXYMMUDpmTNSw=='; media-src 'self' data: https://eldritch.cafe https://eldritchcafe.files.fedi.monster; frame-src 'self' https:; manifest-src 'self' https://eldritch.cafe; form-action 'self'; child-src 'self' blob: https://eldritch.cafe; worker-src 'self' blob: https://eldritch.cafe; connect-src 'self' data: blob: https://eldritch.cafe https://eldritchcafe.files.fedi.monster wss://eldritch.cafe; script-src 'self' https://eldritch.cafe 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.moneyfarm.com 1
default-src 'self' *.heg-cp.com www.google-analytics.com; font-src 'self' fonts.gstatic.com; img-src 'self' *.wsimg.com paintbrush.heg-cp.com www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tags.tiqcdn.com cdn.polyfill.io www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.heg-cp.com; object-src 'none'; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; 1
frame-ancestors 'self' *.force.com *.salesforce.com *.lightning.com *.sony.com https://zingtree.com 1
default-src 'self' 'unsafe-inline' *.yextevents.com *.sitescdn.net *.sitescdn.com *.googlesyndication.com ; 	connect-src 'self' *.yextevents.com *.sitescdn.net *.sitescdn.com *.outbrain.com www.google.com *.onetrust.com *.bing.com *.googlesyndication.com *.demdex.net *.tvpixel.com *.amplifoninternal.com https://*.adroll.com http://*.adroll.com https://us-u.openx.net http://us-u.openx.net https://idsync.rlcdn.com http://idsync.rlcdn.com https://ib.adnxs.com http://ib.adnxs.com https://x.bidswitch.net http://x.bidswitch.net https://ads.yahoo.com http://ads.yahoo.com https://eb2.3lift.com http://eb2.3lift.com https://trc.taboola.com http://trc.taboola.com https://simage2.pubmatic.com https://simage2.pubmatic.com http://simage2.pubmatic.com http://simage2.pubmatic.com https://sync.outbrain.com https://sync.outbrain.com http://sync.outbrain.com http://sync.outbrain.com https://pixel.rubiconproject.com https://pixel.rubiconproject.com http://pixel.rubiconproject.com http://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com http://dsum-sec.casalemedia.com https://pixel.advertising.com https://pixel.advertising.com http://pixel.advertising.com http://pixel.advertising.com *.omtrdc.net *.doubleclick.net *.tribalfusion.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net cm.teads.tv ct.pinterest.com smetrics.miracle-ear.com amplifongroup.tt.omtrdc.net maps.googleapis.com www.youtube-nocookie.com www.google-analytics.com stats.g.doubleclick.net amplifon.d3.sc.omtrdc.net dpm.demdex.net in.hotjar.com lasteventf-tm.everesttech.net vc.hotjar.io trc-events.taboola.com pips.taboola.com cds.taboola.com *.linkedin.oribi.io cdn.cookielaw.org; 	script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' *.yextevents.com *.sitescdn.net *.sitescdn.com unpkg.com *.licdn.com *.googlesyndication.com *.adsrvr.org *.clarity.ms *.hrzn-nxt.com *.tvpixel.com *.rlets.com *.typixel.com *.adroll.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.yahoo.com *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.casalemedia.com *.advertising.com *.jsdelivr.net *.adroll.com *.doubleclick.net *.tribalfusion.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net smetrics.miracle-ear.com js-tag.zemanta.com ads.nextdoor.com bat.bing.com connect.facebook.net www.google-analytics.com assets.adobedtm.com maps.googleapis.com solutions.invocacdn.com pnapi.invoca.net www.google.com www.youtube.com www.gstatic.com www.googletagmanager.com s.pinimg.com p.teads.tv tag.simpli.fi i.simpli.fi static.hotjar.com script.hotjar.com www.everestjs.net www.youtube-nocookie.com amplify.outbrain.com tr.outbrain.com www.googleadservices.com cdn.taboola.com amplifon.d3.sc.omtrdc.net googleads.g.doubleclick.net trc.taboola.com cdn.cookielaw.org; 	style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.jsdelivr.net fonts.googleapis.com www.youtube-nocookie.com; 	img-src 'self' *.yextevents.com *.sitescdn.net *.sitescdn.com *.1rx.io *.smaato.net *.googlesyndication.com *.adsrvr.org *.hrzn-nxt.com *.videoamp.com *.mdhv.io *.adxcel-ec2.com *.adroll.com *.openx.net *.rlcdn.com *.adnxs.com *.bidswitch.net *.yahoo.com *.3lift.com *.taboola.com *.pubmatic.com *.outbrain.com *.rubiconproject.com *.casalemedia.com *.advertising.com *.doubleclick.net *.tribalfusion.com *.googleadservices.com *.postimg.cc *.ibb.co p1.zemanta.com flask.nextdoor.com cm.teads.tv www.google.hu l.teads.tv t.teads.tv ct.pinterest.com bat.bing.com www.facebook.com www.google-analytics.com www.google.com www.google.it maps.gstatic.com maps.googleapis.com cm.everesttech.net amplifon.d3.sc.omtrdc.net i.ytimg.com dev.day.com tr.outbrain.com googleads.g.doubleclick.net www.youtube-nocookie.com lh3.googleusercontent.com dpm.demdex.net cds.taboola.com trc.taboola.com connect.facebook.net um.simpli.fi www.googleadservices.com cm.g.doubleclick.net simplifi.partners.tremorhub.com pixel.tapad.com aa.agkn.com sync.intentiq.com loadm.exelator.com sync.bfmio.com stags.bluekai.com bcp.crwdcntrl.net ce.lijit.com idsync.rlcdn.com sync.search.spotxchange.com ib.adnxs.com pixel.rubiconproject.com us-u.openx.net fei.pro-market.net 8462007.fls.doubleclick.net d.agkn.com *.linkedin.com cdn.cookielaw.org data:; 	frame-src 'self' *.yextevents.com *.sitescdn.net *.sitescdn.com *.googlesyndication.com *.pinterest.com *.adsrvr.org *.doubleclick.net *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net www.pinterest.com amplifon.demdex.net www.youtube-nocookie.com www.google.com vars.hotjar.com www.facebook.com 8462007.fls.doubleclick.net bid.g.doubleclick.net cdn.cookielaw.org; 	font-src 'self' fonts.gstatic.com fonts.googleapis.com; 1
frame-ancestors 'self' https://okamba.experiencecloud.adobe.com; 1
frame-ancestors 'self' https://*.panerabread.com https://*.paneracloud.com https://assets.adobedtm.com https://panera.sc.omtrdc.net https://*.adobe.com; 1
frame-ancestors 'self' theline.idemia.com; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline' 'unsafe-hashes'; font-src * data: blob: 'unsafe-inline'; worker-src blob: 1
default-src 'self' https: 'unsafe-inline';object-src 'none';base-uri https://localizestaging.com;frame-ancestors https://editor.localizejs.com;report-uri https://app.localizestaging.com/api/csp/violation-report 1
default-src 'self' https://achareh.co https://*.achareh.co; object-src 'none'; base-uri 'self'; connect-src 'self' blob: https://achareh.co https://*.achareh.co https://achareh.ir https://*.achareh.ir https://achareh.co https://*.achareh.co https://ubaar.ir https://*.ubaar.ir https://yektanet.com/ https://*.yektanet.com/ https://mediaad.org https://*.mediaad.org https://ma-cdn.pegah.tech https://achareh-livechat1.dolphinai.ir wss://achareh-livechat1.dolphinai.ir https://stats.g.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googleapis.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ wss://*.achareh.ir https://static-ebcom.mci.ir https://*.arvancloud.ir https://clarity.ms https://*.clarity.ms https://c.bing.com https://zebline.com https://*.zebline.com; script-src 'sha256-PIEsbTDfW0lB4NS2x1QQJsmhwaHGX2VtjMLYhGKlBG0=' 'self' 'self' https://achareh.co https://*.achareh.co https://hotjar.com https://*.hotjar.com https://yektanet.com https://*.yektanet.com https://mediaad.org https://*.mediaad.org https://achareh-livechat1.dolphinai.ir https://static-ebcom.mci.ir https://www.googletagmanager.com https://www.clarity.ms https://sdk.zebline.io; frame-src 'self' https://*.aparat.com https://*.hotjar.com https://achareh-livechat1.dolphinai.ir https://mediacdn.mediaad.org https://player.arvancloud.ir; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; img-src 'self' https: blob: data:; media-src 'self' https: blob: data:; report-uri https://sentry.ubaar.ir/api/12/security/?sentry_key=133626d5faab4b0da12bbfb4617e6c8a 1
frame-ancestors tgs.aero 1
default-src 'self' 'unsafe-hashes'          data:          www.serviceplancenter.com           ajax.googleapis.com         ;                       img-src 'self' 'unsafe-hashes' data:;                   script-src  'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval'         'sha256-/UKhfltVzwBOwZTnqpnDSNfLyQS5pSFbXh51c24b/9c='   'sha256-i1nfdOENn1IRsMXiJ9F2d88dDwDAhen8/eLB3OPB8hg='          data:          ;                  style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval'         data:    ;          1
frame-ancestors 'self' https://sds.mysunpower.com https://eddie.mysunpower.com 1
frame-ancestors https://members.cafepress.com  https://members.cafepress.co.uk https://members.cafepress.ca https://members.cafepress.com.au; 1
fintest.cmbchina.cn fintest.cmburl.cn tcexam.cmbchina.cn 'unsafe-inline' 'unsafe-eval'; 1
default-src https: data: 'self' *.rpsgroup.com; frame-src 'self' dashboards.webreality.co.uk https://*.doubleclick.net https://*.google.com *.vimeo.com *.hsforms.com https://*.livestorm.co *.hubspot.com *.alchemer.eu *.youtube.com *.bcast.fm *.rpsgroup.com rpspd.maps.arcgis.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.google-analytics.com *.googletagmanager.com *.fonts.net *.createsend1.com google.com *.google.com *.googleapis.com gstatic.com *.gstatic.com cdn.3cx.com *.vimeo.com *.marker.io *.onetrust.com *.hotjar.com *.luckyorange.com *.licdn.com *.hubspot.com *.hscollectedforms.net *.hsadspixel.net *.hs-scripts.com *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.usemessages.com *.doubleclick.net *.stackadapt.com *.juicer.io *.rpsgroup.com cdn-cookieyes.com px.ads.linkedin.com *.tidio.co *.tidiochat.com; img-src 'self' data: https: *.google-analytics.com google-analytics.com google-analytics.com *.umbraco.org gravatar.com *.gravatar.com gstatic.com *.gstatic.com i1.wp.com *.rpsgroup.com *.tidiochat.com; style-src 'self' 'unsafe-inline' *.fonts.net *.cloudfront.net *.typekit.net *.googleapis.com fonts.googleapis.com *.luckyorange.com *.juicer.io *.stackadapt.com *.rpsgroup.com *.tidiochat.com; frame-ancestors 'self' consultationspace.com www.rpsgroup.com rps.wrcdn.net toneofvoice.rpsgroup.com *.rpsgroup.com; connect-src 'self' *.analytics.google.com analytics.google.com *.doubleclick.net https://*.cookiescan.com https://*.google-analytics.com *.marker.io *.onetrust.com *.googlesyndication.com *.luckyorange.com *.hubapi.com *.hubspot.com *.hscollectedforms.net *.visitors.live/ajax *.linkedin.oribi.io *.googleapis.com *.stackadapt.com *.hsforms.com *.amazonaws.com *.juicer.io wss: *.hotjar.io *.rpsgroup.com px.ads.linkedin.com *.cookieyes.com cdn-cookieyes.com *.google.com *.tidiochat.com; font-src 'self' d3e85ikkjrhqme.cloudfront.net *.typekit.net *.gstatic.com *.googleapis.com *.juicer.io *.rpsgroup.com *.tidiochat.com; 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-eval' https://*.calltrk.com https://*.callrail.com https://*.adobedtm.com https://*.googleapis.com https://*.cloudflare.com https://*.bootstrapcdn.com/ https://*.jquery.com https://*.sitescdn.net https://*.livechatinc.com https://*.nblyprod.com https://www.googletagmanager.com https://*.demdex.net https://*.addthis.com/ https://*.moatads.com https://*.addthisedge.com https://*.pinterest.com https://*.pagescdn.com https://*.amazonaws.com https://www.google-analytics.com https://*.facebook.net https://*.rlets.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.reachlocallivechat.com https://reachlocallivechat.com https://chat.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.optimizely.com about://www.reachlocallivechat.com https://*.btttag.com https://*.mollymaid.com https://*.cloudflareinsights.com https://*.bing.com  https://*.doubleclick.net https://*.krxd.net https://*.google-analytics.com https://*.simpli.fi https://*.googleadservices.com https://*.googletagmanager.com https://*.mathtag.com https://*.thinkingchat.com https://www.reachlocallivechat.com https://*.liadm.com https://*.adroll.com https://*.yimg.com https://*.adsrvr.org https://*.33across.com https://*.outlook.com https://*.hibu.com https://*.web-2-tel.com https://*.tvsquared.com https://*.stackadapt.com https://*.crazyegg.com https://*.convertexperiments.com https://*.cloudfunctions.net blob: https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.graph.facebook.com https://*.facebook.com https://*.localiq.com https://*.hereapi.com https://*.phluant.com https://*.podium.com https://adservice.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.fivestarpainting.com https://*.stackadapt.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.hereapi.com https://*.podium.com; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.fivestarpainting.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://www.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://rum.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.liadm.com https://*.yimg.com https://*.bing.com https://*.adsrvr.org https://*.doubleclick.net https://*.btttag.com https://*.stackadapt.com https://*.crazyegg.com https://*.convertexperiments.com https://*.cloudfunctions.net https://*.googlesyndication.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.facebook.com https://*.localiq.com https://*.hereapi.com https://adservice.google.com https://*.podium.com https://*.analyticspodium.com https://*.googleadservices.com; font-src https://*.cloudflare.com https://*.typekit.net https://*.nblyprod.com https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.fivestarpainting.com https://*.stackadapt.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.podium.com; frame-src https://*.cloudflare.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://*.nblyprod.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.doubleclick.net https://*.adsrvr.org https://*.rlets.com https://*.broadly.com https://*.fivestarpainting.com https://*.stackadapt.com https://*.infogram.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai ; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai https://*.hereapi.com; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: https://*.hereapi.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://analyze.site.sa https://www.google.com/recaptcha/  https://google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://maps.gstatic.com/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://analyze.site.sa/; object-src https://google.com/ 'self'; img-src 'self' * data:; font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; worker-src blob: 1
frame-ancestors 'self'; connect-src 'self' https://opendata.rdw.nl/resource/m9d7-ebf2.json https://lt45.net/ https://insight.bellmetric.net https://pagead2.googlesyndication.com https://ad.doubleclick.net https://logx.optimizely.com https://adservice.google.com https://api.digitalcx.com https://web.telemetric.dk https://cgp.www.ohra.nl https://ohra01.wt-eu02.net; default-src 'self'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://viewer.kcmg.nl https://insight.bellmetric.net 'unsafe-inline'; img-src 'self' *.optimizely.com *.doubleclick.net https://www.google.com https://img.valuechecker.net https://fbc.wcfbc.net https://www.google.nl https://www.facebook.com/ https://ohra01.wt-eu02.net https://web.telemetric.dk https://insight.bellmetric.net data: ; font-src 'self' data:; form-action 'self' https://www.facebook.com/tr/; frame-src 'self' *.optimizely.com https://informatie.cz.nl/ https://www.contentpagina.nl/ohr/bouncewerving/index.jsp *.doubleclick.net https://www.facebook.com/ https://8091551.fls.doubleclick.net https://player.cdn.vixyvideo.com https://platform.vixyvideo.com 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com; child-src 'self' *.youtube.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com www.googletagmanager.com www.google-analytics.com https://delft1.expoints.nl *.monsido.com api.scribit.pro *.google-analytics.com; font-src 'self' data: *.googleusercontent.com https://delft1.expoints.nl https://cdn.expoints.nl; frame-src 'self' *.youtube.com https://delft1.expoints.nl https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com; img-src 'self' data: www.googletagmanager.com www.google-analytics.com https://www.toegankelijkheidsverklaring.nl https://delft1.expoints.nl https://tracking.monsido.com/ i.ytimg.com; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com www.googletagmanager.com www.google-analytics.com https://delft1.expoints.nl 'sha256-MXSDaSk9iOVBAZomml6T0509TZG/Q/7rccFiG/GlaL4=' *.monsido.com 'sha256-zH2S2/S9JBe2/gqn8+AY4z+P3Gbx9cfCj4kN2FL+H2Q=' 'sha256-1P65VV5GaqQOzZspHLMrgG8wudpJ5Y4Apv/2GCuRhZU=' *.scribit.pro www.youtube.com 'nonce-Wm1NMU9HUmxaR1kwTW1ZeU1XWTI='; script-src-attr 'self'; script-src-elem 'self' scribit-pro-hosting.storage.googleapis.com www.googletagmanager.com www.google-analytics.com https://delft1.expoints.nl 'sha256-MXSDaSk9iOVBAZomml6T0509TZG/Q/7rccFiG/GlaL4=' *.monsido.com 'sha256-zH2S2/S9JBe2/gqn8+AY4z+P3Gbx9cfCj4kN2FL+H2Q=' 'sha256-1P65VV5GaqQOzZspHLMrgG8wudpJ5Y4Apv/2GCuRhZU=' *.scribit.pro www.youtube.com 'nonce-Wm1NMU9HUmxaR1kwTW1ZeU1XWTI='; style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://delft1.expoints.nl; base-uri 'self'; frame-ancestors 'self' 1
child-src 'self' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.hotjar.com https://*.sitescout.com https://cataniaoils.com; connect-src 'self' 'unsafe-inline' https://*.akamaihd.net https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.company-target.com https://*.convertiv.com https://*.cookiebot.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.getelevar.com https://*.google-analytics.com https://*.google.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.klaviyo.com https://*.linkedin.com https://*.litix.io https://*.mktoresp.com https://*.mktoutil.com https://*.omappapi.com https://*.optimizely.com https://*.shopify.com https://*.wistia.com https://*.youtube.com https://cataniaoils.com https://cdn.linkedin.oribi.io https://maps.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com self wss://*.hotjar.com; default-src 'self' 'unsafe-inline' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.getelevar.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.klaviyo.com https://*.shopify.com https://cataniaoils.com self; font-src 'self' data: https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.gstatic.com https://cataniaoils.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.cookiebot.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.google.com https://*.hotjar.com/ https://*.instagram.com https://*.issuu.com https://*.klaviyo.com https://*.marketo.com https://*.shopify.com https://*.sitescout.com https://*.vimeo.com https://*.wistia.com/ https://*.youtube.com https://cataniaoils.com https://s-static.ak.facebook.com https://tagmanager.google.com; img-src 'self' data: https://*.adentifi.com https://*.adnxs.com https://*.adroll.com https://*.adsymptotic.com https://*.agkn.com https://*.akamaihd.net https://*.bidr.io https://*.bidswitch.net https://*.cardlytics.com https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.company-target.com https://*.convertiv.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.hr https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.klaviyo.com https://*.linkedin.com https://*.openx.net https://*.owneriq.net https://*.predictiveresponse.net https://*.reson8.com https://*.rlcdn.com https://*.shopify.com https://*.sitescout.com https://*.wistia.com https://*.wordpress.com https://*.wp.com https://*.yahoo.com https://*.youtube.com https://amps-production.imgix.net https://cataniaoils.com https://googleads.g.doubleclick.net https://img.youtube.com https://maps.googleapis.com https://storage.pardot.com https://www.googletagmanager.com self; media-src 'self' blob: data: file: https://*.akamaihd.net https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.wistia.com/ https://cataniaoils.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adnxs.com/ https://*.adroll.com https://*.ads-twitter.com https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.cookiebot.com https://*.crazyegg.com https://*.demandbase.com https://*.doubleclick.net https://*.driftt.com https://*.facebook.com https://*.facebook.net https://*.getelevar.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.instagram.com https://*.jsdelivr.net https://*.klaviyo.com https://*.licdn.com https://*.marketo.com https://*.marketo.net https://*.optmnstr.com https://*.pardot.com https://*.pixel.ad https://*.predictiveresponse.net https://*.shopify.com https://*.twitter.com https://*.vimeo.com https://*.wistia.com https://cataniaoils.com https://connect.facebook.net https://tagmanager.google.com https://unpkg.com https://wistia.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com self; style-src 'self' 'unsafe-inline' https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://*.doubleclick.net https://*.facebook.com https://*.getelevar.com https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gravatar.com https://*.jsdelivr.net https://*.klaviyo.com https://*.marketo.com https://*.shopify.com https://cataniaoils.com https://tagmanager.google.com self; worker-src 'self' blob: data: file: filesystem: https://*.cataniaoils.com https://*.cataniastaging.wpengine.com https://*.convertiv.com https://cataniaoils.com 1
frame-ancestors https://passport.tutorabc.com https://www.tutorabc.com https://omsorder.tutorabc.com https://consultant.tutorabc.com 1
default-src 'none'; base-uri 'self'; connect-src 'self' 'unsafe-eval' https://d3oam8dvxlog8e.cloudfront.net https://a.tiles.mapbox.com https://analytics.google.com https://api.abenity.com https://api.mapbox.com https://app.wistia.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://cdn.linkedin.oribi.io https://distillery.wistia.com https://distillery.wistia.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://events.mapbox.com https://fast.wistia.com https://fast.wistia.net https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://cloud.typography.com https://fast.wistia.com https://fast.wistia.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://storage.googleapis.com https://use.fontawesome.com data:; form-action https:; frame-ancestors 'self'; frame-src 'self' https://abenityinc.freshdesk.com https://accounts.google.com https://calendly.com https://docs.google.com https://fast.wistia.com https://fast.wistia.net https://platform.twitter.com https://td.doubleclick.net https://www.google.com https://www.googletagmanager.com https://www.youtube.com; img-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://assets.abenity.com https://a.tiles.mapbox.com https://abenity.s3.amazonaws.com https://abs.twimg.com https://analytics.google.com https://api.mapbox.com https://b.tiles.mapbox.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://chart.apis.google.com https://d300tb5wusuhi2.cloudfront.net https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fonts.gstatic.com https://fast.wistia.com https://fast.wistia.net https://i.ytimg.com https://img.youtube.com https://p.adsymptotic.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://s3.amazonaws.com https://static.accessdevelopment.com https://stats.g.doubleclick.net https://syndication.twitter.com https://trk.crozdesk.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com data:; manifest-src 'self'; media-src 'self' https://d3oam8dvxlog8e.cloudfront.net https://embed-cloudfront.wistia.com https://embed-fastly.wistia.com https://embed-ssl.wistia.com https://embedwistia-a.akamaihd.net https://fast.wistia.com blob: data:; object-src 'self' https://embedwistia-a.akamaihd.net https://embed-fastly.wistia.com; script-src 'self' 'unsafe-inline' https://d3oam8dvxlog8e.cloudfront.net https://abenity.ontraport.com https://api.mapbox.com https://app.wistia.com https://assets.calendly.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bat.bing.com https://cdn.walkme.com https://distillery.wistia.com https://fast.wistia.com https://fast.wistia.net https://www.googletagmanager.com https://js-agent.newrelic.com https://optassets.ontraport.com https://platform.twitter.com https://s3.amazonaws.com https://snap.licdn.com https://ssl.google-analytics.com https://trk.crozdesk.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://d3oam8dvxlog8e.cloudfront.net https://abenity.s3.amazonaws.com https://api.mapbox.com https://cloud.typography.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://use.fontawesome.com;worker-src 'self' blob:; report-uri https://api.abenity.com/public/csp-logger.json; 1
default-src 'self'; script-src 'report-sample' 'self' https://www.google.com/recaptcha/api.js; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri https://64355e43f1e3671a291360c3.endpoint.csper.io/?v=1; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; frame-ancestors 'self' 1
frame-ancestors 'self' *.intergrall.com.br *.uranet.com.br; 1
base-uri 'self';object-src 'none';connect-src 'self' *.h2w1h50fwn.online *.ravens-hm.online *.raven-hm.online *.raven-eyes.online *.google.com *.amazonaws.com *.sentry.io https://*.mapbox.com https://*.googleapis.com wss://*.raven-hm.online https://alpha.raven-eyes.online:8889;default-src 'self' https://www.google.com;form-action 'self';img-src * 'unsafe-inline' data: https://ravens-hm.online ui-avatars.com;media-src 'self' *.h2w1h50fwn.online *.raven-hm.online *.raven-eyes.online;script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://js.sentry-cdn.com *.cloudflare.com *.google.com *.gstatic.com *.bunny.net https://m.ravens-hm.online/matomo.js https://*.googleapis.com https://unpkg.com https://vjs.zencdn.net;style-src 'self' 'unsafe-inline' *.bunny.net https://*.sentry-cdn.com https://*.googleapis.com https://*.gstatic.com https://unpkg.com https://vjs.zencdn.net;frame-src 'self' *.cloudflare.com *.google.com;font-src 'self' *.bunny.net https://*.googleapis.com https://*.gstatic.com data: 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-sfd5mULlXQ7mFijmBenY9h0gv' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https:; child-src blob: data: https: 1
default-src 'self' data:     *     blob:     data:     ;  img-src 'self' data:     *     blob:     data:     ;  frame-src 'self'     *     ;  style-src 'self' 'unsafe-inline'     *     blob:     data:     ;  style-src-elem 'self' 'unsafe-inline'     *     blob:     data:     ;  font-src 'self' data:     *     blob:     data:     ;   script-src 'self' 'unsafe-inline' 'unsafe-eval'     *     blob:     data:     ;  script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'     *     blob:     data:     ;  connect-src     *     blob:     data:     ; 1
connect-src 'self' *.analytics.google.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com api.hsforms.com api.hubapi.com cdn.jsdelivr.net consent.api.osano.com forms.hscollectedforms.net google.com pagead2.googlesyndication.com px.ads.linkedin.com tattle.api.osano.com unpkg.com www.facebook.com; default-src 'self'; font-src 'self' data: fonts.gstatic.com; form-action 'self' www.facebook.com; frame-ancestors 'self'; frame-src 'self' cmp.osano.com jobs.ashbyhq.com td.doubleclick.net www.facebook.com; img-src 'self' blob: data: *; media-src 'self' *; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' blob: *.googletagmanager.com cmp.osano.com connect.facebook.net googleads.g.doubleclick.net i.simpli.fi jobs.ashbyhq.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net snap.licdn.com tag.simpli.fi www.google.com www.googleadservices.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.24i7-news.com https://push.24i7-news.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.24i7-news.com https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.24i7-news.com ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' intersolute.de *.intersolute.de *.youtube-nocookie.com *.openstreetmap.fr *.figma.com *.seobility.net; object-src 'self'; img-src * data:;; base-uri 'none'; form-action 'self' intersolute.de *.intersolute.de *.youtube-nocookie.com *.openstreetmap.fr *.figma.com *.seobility.net; frame-ancestors 'self' intersolute.de *.intersolute.de *.youtube-nocookie.com *.openstreetmap.fr *.figma.com *.seobility.net; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com *.cookielaw.org https://polyfill.io *.addthis.com *.moatads.com *.addthisedge.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net https://snap.licdn.com/li.lms-analytics/insight.min.js https://pi.pardot.com https://go.btireland.com https://snap.licdn.com https://dec.azureedge.net; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.typekit.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com web-chat.nativechat.com https://img.youtube.com/ *.cookielaw.org https://alb.reddit.com/ https://px.ads.linkedin.com/ https://www.google.com https://www.google.es https://www.google.ie https://px4.ads.linkedin.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net; frame-src 'self' go.btireland.com s7.addthis.com www.google.com *.youtube.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.cookielaw.org *.addthis.com *.btireland.com *.doubleclick.net *.onetrust.com *.linkedin.orbi.io *.oribi.io *.analytics.google.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com web-chat.nativechat.com *.addthis.com; form-action 'self' go.btireland.com 1
default-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://uistats.sitevision.se/ https://www.browsealoud.com/ https://www.netpublicator.com/ https://code.jquery.com/ https://skattekollen.se/ https://docs.netpublicator.com/ https://karlstad.containers.piwik.pro/ https://oppnadata.skl.se/ https://oppnadata.skr.se/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline' https://karlstad.imagevault.app/ https://skattekollen.se/ https://oppnadata.skl.se/ https://oppnadata.skr.se/ https://www.gstatic.com/ https://static-chat.kundo.se/ https://chat.kundo.se; object-src 'none'; base-uri 'self'; connect-src 'self' https://plus.browsealoud.com/ https://uistats.sitevision.se https://www.browsealoud.com/ https://youtube.com https://vimeo.com/ https://turid.visitvarmland.com/public/api/ https://karlstadskommunonline.sharepoint.com/ https://skattekollen.se/ https://eu-api.friendlycaptcha.eu/ https://karlstad.piwik.pro/ https://speech-eu.speechstream.net/ https://oppnadata.skl.se/ https://api.kolada.se/ wss://ws-eu.pusher.com/app/ https://*.pusher.com/ https://turid.visitvarmland.com/api/v8/; frame-ancestors 'self' https://eu.opencitiesplanner.bentley.com/; font-src 'self' data:; frame-src 'self' https://www.youtube.com https://youtube.com https://gi.karlstad.se/ https://lex2api.evarmland.se/ https://org-1329.chat.kundo.se https://player.vimeo.com https://mpi.mashie.com/ https://online.infracontrol.com/ https://oppnadata.skl.se/ https://oppnadata.skr.se/ https://view.wec360.com/ https://www.idrelay.com/ https://trk.idrelay.com/ https://api.screen9.com/; img-src 'self' https://i.ytimg.com https://karlstad.imagevault.app/ https://static.netpublicator.com https://img.turid.visitvarmland.com https://karlstad.se/imagevault/ https://i.vimeocdn.com/ https://karlstad.piwik.pro/ https://oppnadata.skl.se/ https://oppnadata.skr.se/ https://kundo.se https://static.kundo.se https://chat.kundo.se turid.visitvarmland.com https://skattekollen.se/ https://www.netpublicator.com/ https://docs.netpublicator.com/; manifest-src 'self' https://skattekollen.se/; media-src 'self' https://speech-eu.speechstream.net/ blob:; worker-src blob:; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' https: data:; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; connect-src 'self' https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.nz; img-src 'self' https: data: blob: https://mastodon.nz; style-src 'self' https://mastodon.nz 'nonce-YpTJOnzNZxjKZ5VxAxduag=='; media-src 'self' https: data: https://mastodon.nz; frame-src 'self' https:; manifest-src 'self' https://mastodon.nz; form-action 'self'; child-src 'self' blob: https://mastodon.nz; worker-src 'self' blob: https://mastodon.nz; connect-src 'self' data: blob: https://mastodon.nz https://mastodon.nz wss://mastodon.nz; script-src 'self' https://mastodon.nz 'wasm-unsafe-eval' 1
default-src 'self'; style-src 'self' *.googleapis.com 'unsafe-inline' app.pendo.io cdn.pendo.io pendo-static-4797646009073664.storage.googleapis.com; worker-src blob:; script-src-elem 'self' cdn.jsdelivr.net/npm/pdfjs-dist@2.11.338/legacy/build/pdf.worker.js cdn.pendo.io app.pendo.io data.pendo.io 'sha256-N8o7FJ1pTuisMm9tW2WBS8OOgSHchbeFRNsEPvYJZXA='; connect-src 'self' *.visualstudio.com *.js.org blob: app.pendo.io data.pendo.io pendo-static-4797646009073664.storage.googleapis.com; font-src 'self' *.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn.jsdelivr.net/npm/pdfjs-dist@2.11.338/legacy/build/pdf.worker.js app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4797646009073664.storage.googleapis.com data.pendo.io; img-src 'self' data: blob: cdn.pendo.io app.pendo.io pendo-static-4797646009073664.storage.googleapis.com data.pendo.io; frame-src 'self' nextech.cardconnect.com:* nextech-payfac-ui-dev.azurewebsites.net nextech-payfac-ui-qa.azurewebsites.net payfac.nextech.com app.pendo.io; frame-ancestors app.pendo.io;child-src app.pendo.io; 1
default-src 'none'; script-src 'self' https://*.doubleclick.net https://addtocalendar.com https://*.googletagmanager.com https://*.google-analytics.com https://kudamoscow.ru https://i2.wp.com https://gravatar.com https://cackle.me https://*.cackle.me https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://api-maps.yandex.ru  https://*.maps.yandex.ru https://maps.yandex.ru https://yastatic.net https://an.yandex.ru https://mc.yandex.ru https://matchid.adfox.yandex.ru https://top-fwz1.mail.ru https://counter.rambler.ru https://www.gstatic.com https://yandex.ru https://*.yandex.ru 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' *; frame-src https://*.doubleclick.net/ https://*.cackle.me/ https://www.youtube.com/ https://*.yastatic.net/ https://yastatic.net/ https://*.yandex.ru https://*.yandex.com; object-src 'none'; base-uri 'self'; form-action 'self' https://kudamoscow.ru; frame-ancestors 'none'; manifest-src 'self' https://kudamoscow.ru/favicon/site.webmanifest; connect-src 'self' wss://*.cackle.me https://cackle.me https://analytics.google.com https://*.yandex.ru https://yandex.ru https://*.yandex.com https://*.yandex.net https://*.google-analytics.com https://analytics.google.com https://*.doubleclick.net/; media-src 'self' https://*.yandex.ru https://*.yandex.net https://*.yandex.com 1
frame-ancestors 'self', upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pdk.io https://js.stripe.com https://static.zdassets.com https://code.createjs.com https://www.gstatic.com https://www.googletagmanager.com https://firebase.googleapis.com; connect-src 'self' https://*.pdk.io wss://*.pdk.io https://*.googleapis.com https://prodatakey.zendesk.com https://*.sentry.io https://*.zdassets.com https://firestore.googleapis.com https://app-measurement.com https://www.google-analytics.com; img-src 'self' data: https://*.pdk.io https://prodatakey.zendesk.com https://www.google-analytics.com; font-src 'self' https://*.pdk.io https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.pdk.io https://*.googleapis.com; frame-src 'self' https://*.pdk.io https://js.stripe.com https://www.youtube.com https://www.youtube-nocookie.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.cookieyes.com cookieyes.com *.hackerone.com hackerone.com *.gstatic.com *.google.com maps.googleapis.com *.adroll.com *.consensu.org *.hscollectedforms.net *.hsleadflows.net *.hs-banner.com *.licdn.com www.googleoptimize.com www.linkedin.com connect.facebook.net s.adroll.com ml314.com js.hs-scripts.com script.hotjar.com static.hotjar.com js.hs-analytics.net player.vimeo.com www.googletagmanager.com dev.visualwebsiteoptimizer.com sjs.bizographics.com www.google-analytics.com px.ads.linkedin.com djtflbt20bdde.cloudfront.net ajax.googleapis.com *.hsforms.com *.hsforms.net ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https: djtflbt20bdde.cloudfront.net fonts.googleapis.com js.hsforms.net; img-src 'self' data: https: media.nominet.uk maps.googleapis.com track.hubspot.com stats.g.doubleclick.net www.gravatar.com dev.visualwebsiteoptimizer.com www.google-analytics.com www.googletagmanager.com js.hsforms.net; font-src 'self' data: https: fonts.gstatic.com; connect-src 'self' https: wss: www.gov.uk yoast.com *.hotjar.com js.hsforms.net; media-src 'self' https: media.nominet.uk; object-src 'self' *.cloudfront.net js.hsforms.net; frame-src 'self' https: www.youtube.com player.vimeo.com djtflbt20bdde.cloudfront.net vars.hotjar.com *.hackerone.com hackerone.com js.hsforms.net; frame-ancestors 'self' *.hackerone.com hackerone.com js.hsforms.net; form-action 'self' *.theukdomain.uk theukdomain.uk forms.hsforms.com *.facebook.com js.hsforms.net; base-uri 'self' *.helpscout.net js.hsforms.net 1
frame-ancestors 'none'; report-uri /csp-report.php 1
frame-ancestors 'self' www.kutxabank.es; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://mc.yandex.ru  https://www.google.com https://www.googletagmanager.com  https://ssl.google-analytics.com  https://connect.facebook.net https://www.google-analytics.com/analytics.js https://api-maps.yandex.ru https://yastatic.net https://core-renderer-tiles.maps.yandex.net; img-src 'self' data: image/svg+xml https://cdn.plyr.io https://ssl.google-analytics.com https://s-static.ak.facebook.com https://mc.yandex.ru/metrika/advert.gif https://www.facebook.com https://www.google-analytics.com https://api-maps.yandex.ru https://core-renderer-tiles.maps.yandex.net https://vsrobotics.ru; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' https://vsrobotics.ru; font-src 'self' https://themes.googleusercontent.com; frame-src https://www.google.com https://www.facebook.com https://s-static.ak.facebook.com; object-src 'none'; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com 1
default-src 'self'; script-src-elem dev.pango-cloud.com stage.pango-cloud.com www.pango-cloud.com pango-cloud.com www.pango-cloud.com developer.aura.com www.google.com www.gstatic.com *.google.com *.netlify.app *.google-analytics.com cdn.jsdelivr.net *.firebaseio.com; style-src 'self' 'unsafe-inline' https:; frame-src 'unsafe-eval' https://*; connect-src 'self' https://* ws: data:; img-src https://* data:; worker-src 'self' blob:; font-src 'self' cdn.jsdelivr.net; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src * data:;media-src blob: 'self' data:;worker-src blob: 'self' data:; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://admin.arbfile.org; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://distillery.wistia.com https://embed-ssl.wistia.com https://fast.wistia.com https://fast.wistia.net https://polyfill.io https://subrogation.connectedcommunity.org https://p.typekit.net https://use.typekit.net https://workforcenow.adp.com https://www.arbfile.org https://www.dfs.ny.gov https://www.google-analytics.com https://www.googletagmanager.com https://www.research.net https://embed-cloudfront.wistia.com https://pipedream.wistia.com https://fonts.googleapis.com https://fg8vvsvnieiv3ej16jby.litix.io https://communications.arbfile.org data: blob: 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src 'self' 'unsafe-inline' *.fonts.net *.upsales.com *.bidtheatre.com *.google.com *.googleapis.com; connect-src 'self' *.fonts.net *.upsales.com *.bidtheatre.com *.google-analytics.com *.googletagmanager.com *.google.com *.doubleclick.net *.googleapis.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.hcaptcha.com *.reachmee.com *.youtube.com *.vimeo.com *.google.com *.doubleclick.net *.googletagmanager.com; child-src 'self';font-src * data:; object-src 'none'; manifest-src 'self' 'unsafe-inline' data:; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' ; style-src https://www.google.com/uds/api/picker/ 'self' 'unsafe-inline'; font-src 'self' data: ; img-src * 'self' blob: data: ; object-src 'self' blob: ; media-src https://s3-de-central.profitbricks.com 'self' blob: ; child-src * ; frame-ancestors 'none'; connect-src 'self' ; 1
default-src 'self' https://bat.bing.com https://www.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://cds-sdkcfg.onlineaccess1.com/common.js https://www.googletagmanager.com/ https://s7.addthis.com/js/300/addthis_widget.js https://cdn.jsdelivr.net/ https://bat.bing.com/ https://i.simpli.fi/ https://up.pixel.ad/assets/up.js https://siteimproveanalytics.com/js/ https://cdn.levelaccess.net/accessjs/ https://static.srcspot.com/libs/perl.js https://*.g.doubleclick.net/ https://*.hotjar.com/ https://*.cloudflareinsights.com/ https://*.cloudflare.com/ rlforms.referlive.com https://tag.simpli.fi/ https://*.adobeconnect.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://use.fontawesome.com/ https://cdn.jsdelivr.net/ rlforms.referlive.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com/ https://script.hotjar.com; img-src 'self' *.gstatic.com *.googleapis.com https://script.hotjar.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://bat.bing.com/ https://*.global.siteimproveanalytics.io/ https://www.google.com/ https://pixel.sitescout.com/ https://*.clarity.ms/ https://www.firstmerchants.com/ https://*.cloudfront.net/ rlforms.referlive.com https://simpli.fi/ https://doubleclick.net  https://googleads.g.doubleclick.net https://cm.g.doubleclick.net; media-src 'self' data: blob: *.frontify.com *.cloudinary.com https://*.adobeconnect.com https://script.hotjar.com; frame-src 'self' https://*.doubleclick.net/ https://pixel.sitescout.com/ https://calculators.fintactix.com/ https://www.youtube.com/ https://player.vimeo.com/ https://*.adobeconnect.com https://pixel-sync.sitescout.com; frame-ancestors 'self'; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com blob:; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com https://*.googleapis.com/ https://api.addsearch.com/ https://*.google.com/ https://*.g.doubleclick.net/ *.hotjar.com/ *.hotjar.io/ wss://ws.hotjar.com/ https://www.clarity.ms/ https://*.clarity.ms/ https://api.levelaccess.net/ https://*.firstmerchants.com:* wss://*.firstmerchants.com:* rlforms.referlive.com https://www.googleadservices.com https://bat.bing.com; 1
frame-ancestors 'self' https://api.scrivito.com https://punchoutcommerce.com https://www.trox.de https://trox-extern.com https://psp40.onventis.com https://psp22.onventis.com https://trox4u.troxgroup.com 1
frame-ancestors 'self' https://www.metrolisboa.pt/ 1
frame-ancestors 'self' mytst.acpny.com my.acpny.com; 1
frame-ancestors 'self'; base-uri 'self'; form-action assets.koempf24.de gpc-sys.pay1.de pixi.koempf24.de ratenkauf.easycredit.de threedssvc.pay1.de www.mollie.com www.paypal.com www.sofort.com www.koempf24.de backoffice.koempf24.de 'self' https://threedssvc.pay1.de https://gpc-sys.pay1.de https://www.paypal.com https://www.sofort.com https://ratenkauf.easycredit.de https://seu2.cleverreach.com https://*.mollie.com https://*.mollie.nl https://pay.twint.ch https://r2.girogate.de https://www.paydirekt.de/ https://pay.klarna.com/eu/hpp/payments/* 1
default-src 'self' blob: https://*.avrotros.org https://*.avrotros.nl https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://worldtimeapi.org https://*.gstatic.com https://webchat.eazy.im https://www.riddle.com;         font-src data: https://fonts.gstatic.com https://*.avrotros.nl https://*.avrotros.org https://webchat.eazy.im https://s3-eu-west-1.amazonaws.com;         img-src * data: 'report-sample';         script-src data: 'unsafe-inline' 'unsafe-eval' https://*.avrotros.org https://*.avrotros.nl https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://platform.twitter.com https://worldtimeapi.org https://polyfill.io https://*.gstatic.com https://webchat.eazy.im https://api.smooch.io https://api.eu-1.smooch.io https://www.riddle.com https://s3-eu-west-1.amazonaws.com 'report-sample';         style-src * 'unsafe-inline' 'report-sample';         connect-src * https://fonts.gstatic.com;         media-src * data:;         frame-src *;         object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.avrotros.org https://*.avrotros.nl https://radiobox2.omroep.nl https://players.brightcove.net https://localfocus2.appspot.com https://storify.com https://embed.vpro.nl https://s3.amazonaws.com https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://cdn.knightlab.com https://www.sutori.com https://www.dumpert.nl https://public.flourish.studio https://flo.uri.sh https://rekentools.webbridge.nl;         base-uri 'self';         form-action 'self' 'report-sample';         manifest-src 'self' https://accounts.google.com;         worker-src 'self' blob:;         report-uri https://europe-west1-avrotros-im-web-2-prod.cloudfunctions.net/csp-reporter 1
frame-ancestors 'self' *.sompojapan.com.tr  *.somposigorta.com.tr *.onesignal.com *.os.tc 1
frame-src 'self' https://test.transafe.com https://post.live.transafe.com https://live.transafe.com https://www.facebook.com https://pixel.everesttech.net https://fleetcor.demdex.net https://11031149.fls.doubleclick.net https://www.everestjs.net https://www.youtube.com https://www.google.com https://usr58.dayforcehcm.com https://13264471.fls.doubleclick.net https://api.rlcdn.com https://cdn.plaid.com  https://td.doubleclick.net  https://www.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://sectraprodstorage01.blob.core.windows.net https://sectrastagestorage01.blob.core.windows.net https://sectradevstorage01.blob.core.windows.net *.gravatar.com https://fonts.googleapis.com https://websolutions.ne.cision.com https://mb.cision.com https://publish.ne.cision.com https://code.highcharts.com https://analytics-eu.clickdimensions.com https://*.vo.msecnd.net https://cdn-eu.clickdimensions.com https://cdn.jobylon.com https://static-eu.jobylon.com https://pro.ip-api.com https://tv.streamfabriken.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://yoast.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.spotify.com https://*.wg.spotify.com https://*.spotifycdn.com https://*.scdn.co https://*.libsyn.com https://matomotracking.sectra.com https://matomodashboard.sectra.com https://code.jquery.com data:; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'self'; 1
default-src 'self'; frame-ancestors 'none';style-src 'self' fonts.googleapis.com;font-src fonts.gstatic.com;object-src 'none';require-trusted-types-for 'script'; 1
frame-ancestors 'self' https://universalspartan.rehabmart.com https://medical.universalspartan.com 1
default-src 'self' blob: *.prv.se  https://www.googletagmanager.com/ prv.imagevault.app prv.imagevault.media amp.azure.net tracking.prv.se teliacompany.com *.teliacompany.com licdn.com *.licdn.com facebook.net *.facebook.net 'unsafe-inline' data: netdna.bootstrapcdn.com wds.callguide.telia.com;              script-src 'self' blob: *.prv.se https://www.gstatic.com/recaptcha/releases/ www.google.com/recaptcha/  https://www.googletagmanager.com/ m.extellio.com amp.azure.net tracking.prv.se script.e-space.se tracker.e-space.se 'unsafe-inline' 'unsafe-eval' player.vimeo.com www.browsealoud.com wds.callguide.telia.com wds.ace.teliacompany.com connect.facebook.net mmxdebe-d6b9.kxcdn.com;              connect-src 'self' chat.ace.teliacompany.net wds.callguide.telia.com https://www.prv.se/edit/ImageVault.EPiServer.UI/11.12.36/ClientResources/Common/scripts/ netdna.bootstrapcdn.com tracking.prv.se m.extellio.com tracker.e-space.se www.browsealoud.com plus.browsealoud.com https://speech-eu.speechstream.net/Generator/voice/Alva vc.hotjar.io *.teliacompany.com api.ace.teliacompany.net *.local.metamatrix.se  *.prv.se *.prv.se/edit/Shell/epiproducts *.prv.se/edit/cms/ www.prv.se/edit/Shell/epiproducts;              frame-ancestors 'self' https://tc.prv.se;              frame-src survey.extellio.com  www.google.com form.apsis.one prv.imagevault.app web103.reachmee.com player.vimeo.com *.teliacompany.com *.local.metamatrix.se *.prv.se; 1
frame-ancestors 'self' https://app.ecwid.com https://userway.org 1
default-src 'self' https://*; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; frame-ancestors 'self' https://*; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors https://*.peta.org https://*.peta2.com; 1
frame-ancestors 'self' *.ncmec.org *.missingkids.org *.adobecqms.net *.ncmecad.net *.articulate.com articulateusercontent.com ncmec.docebosaas.com learn.secondcity.com *.dcbstatic.com; 1
default-src 'self'; object-src 'none'; form-action 'none'; report-to csp-endpoint; 1
default-src * https://* script-src 'unsafe-eval' 'unsafe-inline' style-src 'self' 'unsafe-inline' img-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ws: wss: *.yahoo.com *.optimizely.com *.hotjar.com *.snapchat.com google.com *.google.com *.google.com.ar *.google.co.in *.google-analytics.com google-analytics.com *.googletagmanager.com *.googlesyndication.com *.googleadservices.com *.googleapis.com *.zendesk.com *.yext.com *.hotjar.io everestjs.net *.everestjs.net jsdelivr.net *.jsdelivr.net *.adobedtm.com *.amplitude.com *.kmtx.io *.zdassets.com *.youtube.com *.facebook.com *.simonsignal.com *.tiktok.com *.bing.com *.quantserve.com *.quantcount.com *.fbot.me *.useinsider.com *.doubleclick.net *.facebook.net *.micpn.com *.yimg.com *.cloudfront.net *.rakuten.com *.criteo.net *.criteo.com *.clarity.ms *.linksynergy.com *.gstatic.com gstatic.com *.mountain.com fontawesome.com *.fontawesome.com blinkfitness.com *.blinkfitness.com *.demdex.net *.getletterpress.com *.agkn.com *.sentry.io *.everesttech.net *.bidr.io *.casalemedia.com *.emxdgt.com *.crwdcntrl.net *.3lift.com *.sharethrough.com *.rlcdn.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.socdm.com *.omnitagjs.com *.stickyadstv.com *.360yield.com *.ivitrack.com *.liadm.com *.mediavine.com *.outbrain.com *.pubmatic.com *.revcontent.com *.smaato.net *.yieldmo.com *.tremorhub.com *.bluekai.com pippio.com *.pippio.com *.openx.net *.adsrvr.org *.clmbtech.com *.adgrx.com *.infolinks.com *.krxd.net *.smarty.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ODNlZTNlZDhmNTdjNGFjM2FkOWMxZjBlNjY0NTVjZDI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.aivd.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.aivd.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.aivd.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-src https://www.youtube-nocookie.com https://*.google.com 1
form-action 'self' https://coworkingresources.org https://*.coworkingresources.org https://www.facebook.com https://getkisi.com https://*.getkisi.com https://production-b3jhdbaf6q-uk.a.run.app https://staging-b3jhdbaf6q-uk.a.run.app https://*.hsforms.com https://*.hsforms.net https://*.hubspot.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://api.na.chilipiper.com/marketing/getkisi https://a.clickcertain.com https://a.omappapi.com https://a.optmnstr.com https://w.appzi.io/ https://a.quora.com https://a.remarketstats.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://connect.facebook.net https://www.chatbase.co/ https://www.chatbase.co/embed.min.js https://d.adroll.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://idsync.rlcdn.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.na.chilipiper.com/marketing.js https://js.usemessages.com https://production-b3jhdbaf6q-uk.a.run.app https://staging-b3jhdbaf6q-uk.a.run.app https://netlify-cdp-loader.netlify.app https://s.adroll.com https://ssl.google-analytics.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://tagmanager.google.com https://use.typekit.net https://optimize.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.ads-twitter.com https://static.ads-twitter.com/uwt.js https://www.redditstatic.com https://www.youtube.com https://*.smartlook.cloud https://*.smartlook.com https://*.hsforms.net https://*.hsforms.com https://*.hubspot.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.typekit.net/* 1
default-src 'self' auriga.com *.google.com *.google.ru *.gstatic.com *.googleapis.com *.youtube-nocookie.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' auriga.com *.google.com *.google.ru *.gstatic.com *.googleapis.com *.pingdom.net *.hotjar.com *.hotjar.io snap.licdn.com *.snitcher.com *.googleadservices.com *.googletagmanager.com tag.manager.google.com *.google-analytics.com *.vk.com https://vk.com *.facebook.net *.facebook.com stats.g.doubleclick.net googleads.g.doubleclick.net *.youtube-nocookie.com *.yastatic.net https://yastatic.net *.yandex.net; script-src-elem 'self' *.zoominfo.com *.yandex.ru *.yandex.com *.clickagy.com 'unsafe-inline' auriga.com *.google.com *.google.ru https://www.google.com *.gstatic.com *.googleapis.com *.pingdom.net *.hotjar.com *.hotjar.io snap.licdn.com *.snitcher.com *.googleadservices.com *.googletagmanager.com tag.manager.google.com *.google-analytics.com *.vk.com https://vk.com *.linkedin.com *.facebook.net *.facebook.com googleads.g.doubleclick.net stats.g.doubleclick.net *.youtube-nocookie.com *.yastatic.net https://yastatic.net *.yandex.net; style-src 'self' 'unsafe-inline' auriga.com *.google.com *.google.ru *.gstatic.com *.googleapis.com maxcdn.bootstrapcdn.com *.fontawesome.com; img-src 'self' data: *; media-src 'self' auriga.com *.google.com *.google.ru *.youtube.com; frame-src 'self' auriga.com *.youtube.com *.yandex.ru *.hotjar.com *.facebook.com *.webvisor.com https://www.facebook.com *.google.com *.gstatic.com *.youtube-nocookie.com cvonline.lt www.cvonline.lt; font-src 'self' data: auriga.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com; connect-src 'self' auriga.com *.snitcher.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.pingdom.net *.google-analytics.com *.googletagmanager.com tag.manager.google.com stats.g.doubleclick.net *.facebook.com *.facebook.net *.yandex.ru *.yandex.com *.yastatic.net *.yandex.net; 1
frame-ancestors 'self' https://cocc.instructure.com; 1
style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com 1
frame-ancestors facebook.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.au; img-src 'self' https: data: blob: https://mastodon.au; style-src 'self' https://mastodon.au 'nonce-0vp2AXwsfXRso0WKooYkfg=='; media-src 'self' https: data: https://mastodon.au; frame-src 'self' https:; manifest-src 'self' https://mastodon.au; form-action 'self'; child-src 'self' blob: https://mastodon.au; worker-src 'self' blob: https://mastodon.au; connect-src 'self' data: blob: https://mastodon.au https://mastodon.au wss://stream.mastodon.au; script-src 'self' https://mastodon.au 'wasm-unsafe-eval' 1
frame-ancestors map.mchs.gov.by mchs.gov.by 1
frame-ancestors 'self' absencetracker.com *.absencetracker.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.crazyegg.com https://js.hubspot.com https://nonce-injection.ecowaters-cloudflare-account.workers.dev https://js-na1.hs-scripts.com https://www.gstatic.com/ https://www.youtube.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsforms.net https://cdn.userway.org https://www.googletagmanager.com https://*.google.com https://*.rumiview.com https://*.bing.com https://*.clarity.ms https://www.google-analytics.com/ https://maps.googleapis.com/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com https://connect.facebook.net https://*.cloudfront.net https://api.bluecore.com/triggermail.js/ecowater.js https://assets.adobedtm.com/175f7caa2b90/28cce541436d/launch-6a7c59bdc5d4.min.js https://bat.bing.com/bat.js https://connect.facebook.net/en_US/fbevents.js https://d10lpsik1i8c69.cloudfront.net/w.js https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://k.clarity.ms/s/0.6.34/clarity.js https://prism.app-us1.com/ https://trackcmp.net/t_prism_sitemessages.php https://twin-iq.kickfire.com/twin.js https://www.google-analytics.com/gtm/optimize.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/QENb_qRrX0-mQMyENQjD6Fuj/recaptcha__en.js https://www.rumiview.com/containers/e49b0c40-4512-49ab-bd25-0b17a7b5ba30.js;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://d10lpsik1i8c69.cloudfront.net https://stackpath.bootstrapcdn.com;object-src 'none';base-uri 'self';connect-src 'self' https://cta-service-cms2.hubspot.com https://js.hs-banner.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://script.crazyegg.com https://exceptions.hubspot.com https://*.clarity.ms https://cdn.userway.org https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com https://api.userway.org https://bat.bing.com https://api-preview.luckyorange.com https://settings.luckyorange.net https://maps.googleapis.com/ https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com wss://in.visitors.live wss://visitors.live;font-src 'self' data: https://js.hs-banner.com https://stackpath.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://app.mapline.com https://app.hubspot.com https://td.doubleclick.net/ https://forms.hsforms.com https://static.hsappstatic.net/ https://10874975.fls.doubleclick.net https://www.facebook.com https://www.google.com https://www.youtube.com/ https://costcous.centah.com;img-src 'self' 'unsafe-inline' data: https://perf-na1.hsforms.com https://i.ytimg.com https://track.hubspot.com https://secure.gravatar.com https://cdn.userway.org https://forms-na1.hsforms.com https://forms.hsforms.com https://*.bing.com https://*.googletagmanager.com https://maps.googleapis.com/ https://c.clarity.ms https://maps.gstatic.com/ https://www.google-analytics.com https://d10lpsik1i8c69.cloudfront.net https://twin-iq.kickfire.com https://www.facebook.com https://www.google.com https://www.rumiview.com;manifest-src 'self';media-src 'self' https://d10lpsik1i8c69.cloudfront.net;worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src 'self' *.twitter.com wss://*.iesnare.com https://*.iesnare.com https://c868f50ba0a44ab1a49811d2861c57f7.svc.dynamics.com https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com/ data: https://www.google.com *.youtube.com *.youtube-nocookie.com; img-src 'self' *.twimg.com https://cifas.matomo.cloud/ *.twitter.com https://assets-gbr.mkt.dynamics.com/ https://9e23f0c0cf4b40e984c4ecab298228a7.svc.dynamics.com data: *.cifas.org.uk *.google-analytics.com; frame-ancestors 'self' *.twitter.com https://syndication.twitter.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com *.google-analytics.com https://mpsnare.iesnare.com https://cdn.matomo.cloud/cifas.matomo.cloud/ https://www.youtube.com https://mktdplp102cdn.azureedge.net/ blob: 'unsafe-eval' https://www.google.com http://www.google-analytics.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://www.googletagmanager.com 1
connect-src 'self' https: ws: wss: wss://nexus-websocket-a.intercom.io 1
default-src 'none'; img-src 'self' https://cadillacfairview.sc.omtrdc.net https://*.ctfassets.net https://d3j72de684fey1.cloudfront.net https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://cm.everesttech.net https://www.google-analytics.com *.cookielaw.org *.demdex.net *.facebook.com https://assets.cadillacfairview.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://maps.googleapis.com https://customsearch.googleapis.com https://d1p5cqqchvbqmy.cloudfront.net https://cadillacfairview.talcura.com https://analytics.tiktok.com https://www.googletagmanager.com https://www.google-analytics.com *.cookielaw.org https://www.youtube.com https://www.google.com https://www.gstatic.com connect.facebook.net; connect-src 'self' 'unsafe-eval' https://www.cadillacfairview.com https://*.form.io https://cdn.mappedin.com *.demdex.net https://cm.everesttech.net https://assets.adobedtm.com https://cadillacfairview.sc.omtrdc.net https://api-gateway.mappedin.com https://leasing-data-poc.s3.amazonaws.com https://d3j72de684fey1.cloudfront.net https://mipubapistorageprod.blob.core.windows.net https://*.ctfassets.net https://assets.cadillacfairview.com https://analytics.tiktok.com https://www.google-analytics.com https://maps.googleapis.com https://customsearch.googleapis.com *.google.com https://*.gstatic.com https://*.doubleclick.net data: blob: *.cookielaw.org *.onetrust.com; manifest-src 'self'; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self' https://*.form.io; frame-src 'self' *.demdex.net https://*.youtube.com https://cadillacfairview.talcura.com https://*.ctfassets.net *.google.com https://my.matterport.com/ https://player.vimeo.com https://assets.cadillacfairview.com data: blob:; media-src 'self' https://*.ctfassets.net https://assets.cadillacfairview.com 1
frame-ancestors 'self' https://*.norisbank.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.usercentrics.eu http://dpm.demdex.net http://assets.adobedtm.com http://*.googletagmanager.com http://googleads.g.doubleclick.net blob: 1
frame-ancestors 'self'; frame-src https://gateway.fxhash2.xyz https://fs-emulator.fxhash2.xyz https://onchfs.fxhash2.xyz https://challenges.cloudflare.com https://*.spotify.com/ https://spotify.com https://*.youtube.com/ https://youtube.com https://*.twitter.com/ https://twitter.com https://codepen.io https://openprocessing.org https://checkout.usewinter.com/ https://widget.wert.io https://centinelapi.cardinalcommerce.com https://verify.walletconnect.com/ 'self'; 1
default-src 'self' https://validator.w3.org https://imis.aami.org https://vimeo.com https://player.vimeo.com placehold.it https://flickr.com flickr.com www.flickr.com live.staticflickr.com embedr.flickr.com http://kitchen.screenfeed.com screenfeed.com https://farm8.staticflickr.com aamiblog.org https://cdn.sitesearch360.com *.sitesearch360.com https://cdn.jsdelivr.net https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com *.surveymonkey.com *.google.com *.go.aami.org *.adobedtm.com *.adzerk.net *.zkcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://use.fontawesome.com https://platform.twitter.com https://twitter.com https://imis.aami.org/aami/certification_directory https://vimeo.com https://*.googletagmanager.com/ https://flickr.com flickr.com www.flickr.com live.staticflickr.com https://embedr.flickr.com http://kitchen.screenfeed.com screenfeed.com widgets.flickr.com snap.licdn.com www.youtube.com *.aami.org https://cdn.sitesearch360.com *.sitesearch360.com https://cdn.jsdelivr.net *.surveymonkey.com *.google.com *.go.aami.org *.adobedtm.com *.adzerk.net *.zkcdn.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.sitesearch360.com *.sitesearch360.com *.surveymonkey.com *.google.com *.go.aami.org *.adobedtm.com *.adzerk.net *.zkcdn.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: screenfeed.com; img-src 'self' https://www.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://flickr.com flickr.com www.flickr.com live.staticflickr.com embedr.flickr.com https://px.ads.linkedin.com https://insights.sitesearch360.com https://cdn.jsdelivr.net https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com *.sitesearch360.com https://array.aami.org *.surveymonkey.com *.google.com *.go.aami.org *.adobedtm.com *.adzerk.net *.zkcdn.net; media-src 'self' data: blob: https://vimeo.com https://flickr.com flickr.com www.flickr.com live.staticflickr.com embedr.flickr.com https://player.vimeo.com screenfeed.com https://player.captivate.fm https://photos.app.goo.gl https://cdn.jsdelivr.net https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com; form-action 'self' *.surveymonkey.com *.google.com *.go.aami.org *.adobedtm.com *.adzerk.net *.zkcdn.net; frame-src 'self' https://html5-player.libsyn.com https://www.youtube.com https://platform.twitter.com https://imis.aami.org/aami/certification_directory https://vimeo.com https://player.vimeo.com https://flickr.com flickr.com www.flickr.com live.staticflickr.com embedr.flickr.com http://kitchen.screenfeed.com screenfeed.com https://player.captivate.fm https://cdn.jsdelivr.net https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com https://syndication.twitter.com https://www.surveymonkey.com https://www.google.com/ https://go.aami.org https://assets.adobedtm.com https://static.adzerk.net https://s.zkcdn.net; frame-ancestors 'self' widget.surveymonkey.com https://maps.google.com/ https://go.aami.org https://assets.adobedtm.com https://static.adzerk.net https://s.zkcdn.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com screenfeed.com widget.surveymonkey.com https://maps.google.com/ go.aami.org https://assets.adobedtm.com https://static.adzerk.net https://s.zkcdn.net; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com screenfeed.com https://embedr.flickr.com https://farm8.staticflickr.com https://cdn.sitesearch360.com https://insights.sitesearch360.com https://www.google-analytics.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://global.sitesearch360.com/sites https://cdn.jsdelivr.net https://analytics.google.com https://widget.surveymonkey.com https://maps.google.com/ https://go.aami.org https://assets.adobedtm.com https://static.adzerk.net https://s.zkcdn.net; object-src https://photos.app.goo.gl https://photos.google.com https://lh3.googleusercontent.com https://maps.google.com/ *.adobedtm.com *.adzerk.net *.zkcdn.net; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src * data:; font-src * data:; connect-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com www.googletagmanager.com cdnjs.cloudflare.com boards.greenhouse.io cdn.mathjax.org a.omappapi.com edge.marker.io www.google.com www.gstatic.com; frame-ancestors 'none'; frame-src 'self' www.youtube.com https://boards.greenhouse.io player.vimeo.com www.google.com https://app.marker.io/; 1
frame-ancestors https://*.wfscorp.com 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.nowanimes.com/ https://nowanimes.com/ https://www.xpanimes.com/ https://xpanimes.com/ http://trueliketop.org/ https://megatecnobr.com/ https://www.legiaotec.club/ https://tectecno.com/ https://tecnodisco.com/ https://uptecnologia.org/ https://techdiniz.com/; 1
{"default-src":"self","report_to":"default","include_subdomains":true} 1
default-src 'self' https://assets.stuudium.net; style-src 'unsafe-inline' https://assets.stuudium.net 1
frame-ancestors 'self' *.flexera.com *.app.flexera.com *.rightscale.com *.flexnetmanager.com localhost:*; 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data: 'unsafe-inline' 'unsafe-eval';script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.authorize.net *.ckeditor.com *.geonetric.com *.google.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.usablenet.com *.loyalhealth.com *.newrelic.com *.adsrvr.org *.in.applicationinsights.azure.com; report-uri /report-csp-violation 1
block-all-mixed-content; upgrade-insecure-requests; form-action 'self' 1
upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: *.officialaccount.me *.zalo.cloud *.zalo.me *.zaloapp.com *.zapps.vn *.zdn.vn *.zadn.vn *.zascdn.me *.adtima.vn *.adtimaserver.vn *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.googleapis.com *.scorecardresearch.com *.doubleclick.net *.criteo.net *.criteo.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' https: *.officialaccount.me *.zalo.cloud *.zalo.me *.zaloapp.com *.zapps.vn *.zdn.vn *.zadn.vn *.zascdn.me *.adtima.vn  *.adtimaserver.vn blob:; font-src * data:; img-src * data: blob:; media-src * blob:; connect-src 'self' wss://*.chat.zalo.me https: *.officialaccount.me *.zalo.cloud *.zalo.me *.zaloapp.com *.zapps.vn *.zdn.vn *.zadn.vn *.zascdn.me *.adtima.vn *.adtimaserver.vn *.zing.vn *.zingnews.vn *.baomoi.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.googletagservices.com *.googleapis.com *.scorecardresearch.com *.doubleclick.net *.criteo.net *.criteo.com *.jsdelivr.net htlb.casalemedia.com prebid-asia.creativecdn.com *.youtube.com *.facebook.com blob:; child-src 'self' https: *.officialaccount.me *.zalo.cloud *.zalo.me *.zaloapp.com *.zapps.vn *.zdn.vn *.zadn.vn *.zascdn.me *.adtima.vn *.adtimaserver.vn *.zing.vn *.zingnews.vn *.baomoi.com *.criteo.com *.youtube.com *.facebook.com wvjbscheme://* blob: 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-SXNmQlpETEU2dmxXczRwbzhUYWF3QnFscmZ6bFQ2b1pYclU1N2NoZUpqZz06UllXbE5GQzFpSk1EMnY5YXhsUDlpREhxNzhpVWVNWTJiLzlkbzRkdEUwbz0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self' 1
font-src https: data:; 1
base-uri 'self'; default-src 'self'; script-src 'nonce-MzVhNTYyODctODEwMi00ZmViLWFlMDUtMjRlYjA5NjdlMGFh' 'self' https://connect.facebook.net https://gateway.zscaler.net 'sha256-o8MsT+ybfaDcjwBFA3ry6ORJMj8ZubWycesh6WKQJhU=' 'sha256-+S6pgEqdb8TFlYZOjIV5ocKPJ3kFRAXQi8TUN7+xpmQ=' https://recaptcha.net https://www.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com/maps/api/ 'sha256-islgbgq+YlN6XMfIX8L9NlMWSOOO3qorYzkxBcxLUTI=' 'sha256-FyhF119vYBjexIV5MJoh7n99U/CGrzJZghVkL/z0TB0=' 'sha256-UcKneRapMcuCJzIVhysuxYBI1ywOAC8n1SUytvNAKXE=' 'sha256-bjutey+CqpCYK+tiaVkhk+cex4n3KsfIjMR7/kz/d/k=' 'sha256-a5L9kw5QLIWBCliPy4U99GDxrjb+wzX5Y1tonMFFNss='; style-src 'nonce-MzVhNTYyODctODEwMi00ZmViLWFlMDUtMjRlYjA5NjdlMGFh' 'self' https://fonts.googleapis.com https://aioapps-qa.hkbn.net 'sha256-QTTeE5LBaII+tJ6ngkLeeEoGNof3Nvqqfhh/RE1rZg4=' 'sha256-RCMj/9VQhfHisi3lTuQ2jwck71n1i0dOVzxbSJoaU6U=' 'sha256-uBwO5wj060MA3ZtGq06LqGvy2kcdrcexynL25MmhSiY='; object-src 'none'; img-src 'self' https://www.facebook.com https://www.google.com.hk https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://img.youtube.com data: maps.gstatic.com *.googleapis.com *.ggpht.com https://www.hkbnes.net; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://*.doubleclick.net https://recaptcha.net https://www.youtube.com www.youtube.com; font-src 'self' https://fonts.gstatic.com; child-src https://www.youtube.com/ https://s.ytimg.com; 1
default-src *.tradingtechnologies.com *.ttstage.com *.pcdn.co *.pardot.com https: ;  upgrade-insecure-requests;  base-uri 'self'; form-action 'self' *.tradingtechnologies.com *.pardot.com; frame-ancestors 'none';  style-src 'self' 'unsafe-inline' *.pcdn.co;  script-src 'self' 'unsafe-inline' *.pcdn.co *.tradingtechnologies.com *.google-analytics.com analytics.google.com *.googletagmanager.com *.ads-twitter.com *.googleapis.com/customsearch/ *.twitter.com *.pardot.com ;  img-src 'self' secure.gravatar.com *.pcdn.co *.pagely.com *.google-analytics.com analytics.google.com *.google.com/ads/ *.googletagmanager.com t.co analytics.twitter.com stats.g.doubleclick.net i.ytimg.com;  connect-src 'self' *.tradingtechnologies.com *.ttstage.com *.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.pcdn.co analytics.google.com ;  media-src 'self' *.pcdn.co *.youtube.com *.youtube-nocookie.com; object-src 'self' *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.ytimg.com *.pcdn.co; frame-src 'self' *.tradingtechnologies.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.pcdn.co; 1
img-src 'self' data: images.ctfassets.net *.google-analytics.com *.ytimg.com *.tapad.com *.googletagmanager.com *.fls.doubleclick.net *.doubleclick.net *.facebook.com *.lytics.io *.akamaihd.net *.amazon-adsystem.com *.moatads.com *.cookielaw.org *.bazaarvoice.com *.amazonaws.com *.youtube.com *.haircode.com *.google.com *.google.ca click2cart.co *.agkn.com *.snapchat.com *.agkn.com *.pricespider.com consumersupport.pg.com *.mapbox.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io ; font-src 'self' data: *.haircode.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.agkn.com *.pricespider.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.cloudinary.com *.ctfassets.net *.onetrust.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com *.googleapis.com maxcdn.bootstrapcdn.com *.pricespider.com *.mapbox.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.cloudflare.com *.google.com *.google-analytics.com *.googletagmanager.com *.moatads.com *.cookielaw.org *.crazyegg.com pghub.io *.facebook.net *.segment.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com click2cart.co *.iesnare.com *.pricespider.com consumersupport.pg.com sc-static.net *.mapbox.com *.onetrust.io cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; connect-src 'self' https://privacytermsprod.azureedge.net kardia-nonprod.azure-api.net kardia.azure-api.net *.crazyegg.com *.google-analytics.com *.doubleclick.net *.cookielaw.org api.segment.io *.adsrvr.org *.pg.com *.bazaarvoice.com *.smartcommerce.co click2cart.co *.haircode.com *.snapchat.com *.pricespider.com wss://wtbstream.pricespider.com consumersupport.pg.com *.mapbox.com *.onetrust.io cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; default-src 'self' *.googletagmanager.com *.fls.doubleclick.net *.tapad.com *.facebook.com *.bazaarvoice.com click2cart.co pgconsumersupport.secure.force.com *.youtube.com *.snapchat.com pg-lex.my.salesforce-sites.com consumersupport.pg.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io ; frame-src 'self' consumersupport.pg.com *.youtube.com *.doubleclick.net tr.snapchat.com feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://www.google.com/recaptcha/api.js https://*.gstatic.com; style-src 'report-sample' 'self' 'unsafe-inline' https://*.googleapis.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.googleapis.com; font-src 'self' data: https://*.gstatic.com https://maxcdn.bootstrapcdn.com; frame-src 'self' https://www.google.com/ https://*.youtube.com; img-src 'self' https://*.gstatic.com data: https:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src https://*.ilive.cn https://*.lenovo.com.cn https://*.ifeng.com https://wbd.kuwo.cn https://*.bdxiguaimg.com https://hm.baidu.com data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' * boxtec.ch *.boxtec.ch *.boxtec.shop boxtec.shop *.boxtec.eu boxtec.eu *.tisnet.ch tisnet.ch telemedia.ch *.telemedia.ch; object-src 'none' 1
frame-ancestors 'none'; default-src 'self' *.zendesk.com assets.digitalclimatestrike.net *.digitalclimatestrike.net *.vimeo.com *.youtube.com *.instagram.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.googleapis.com *.gstatic.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com www.facebook.com *.zdassets.com data:; script-src 'self' *.zendesk.com *.instagram.com *.googleapis.com *.gstatic.com *.googletagmanager.com connect.facebook.net *.licdn.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com *.zdassets.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.digitalclimatestrike.net px.ads.linkedin.com *.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.zendesk.com *.instagram.com *.parcelpoint.com.au *.staging.parcelpoint.com.au *.googleapis.com *.gstatic.com *.cdninstagram.com *.zopim.com wss://widget-mediator.zopim.com *.zdassets.com *.digitalclimatestrike.net 'unsafe-inline' data: 1
base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: about: d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net ajax.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.googletagmanager.com *.google-analytics.com snap.licdn.com *.ads-twitter.com *.youtube.com *.facebook.net *.facebook.com *.doubleclick.net *.clarity.ms load.sumo.com load.sumome.com ws.zoominfo.com *.hsforms.net js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com *.hubspot.com *.influ2.com *.smartlook.com sc.lfeeder.com; style-src 'self' 'unsafe-inline' d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com www.gstatic.com; img-src data: https:; object-src 'none'; form-action 'self' https://www.facebook.com https://forms.hsforms.com; frame-ancestors 'self'; default-src blob: 'self' d17ocfn2f5o4rl.cloudfront.net d1g7hi6xjvmqyj.cloudfront.net *.doubleclick.net *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.smartlook.cloud *.googlesyndication.com *.influ2.com www.google-analytics.com analytics.google.com *.hscollectedforms.net *.clarity.ms www.youtube.com www.google.com sumo.com sumome.com *.oribi.io *.zoominfo.com yoast.com *.linkedin.com *.hubspot.com 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; media-src * 'self' https: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self' https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net; font-src 'self' data: https://ucarecdn.com https://*.ucarecdn.com https://fonts.gstatic.com; frame-src 'self' https://ucarecdn.com https://*.uploadcare.com https://js.stripe.com https://calendly.com https://*.google.com https://*.youtube.com https://*.facebook.com https://codepen.io https://codesandbox.io https://*.codesandbox.io https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://td.doubleclick.net; child-src 'self' blob:; media-src blob: data: https://ucarecdn.com https://*.ucarecdn.com; style-src 'self' 'unsafe-inline' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://unpkg.com https://js.stripe.com https://*.calendly.com https://*.googleapis.com https://*.zapier.com https://*.integrately.com; connect-src 'self' blob: https://*.cloudfront.net https://*.uploadcare.com https://*.s3-accelerate.amazonaws.com https://ucarecdn.com https://*.ucarecdn.com https://*.algolia.net https://*.algolianet.com https://js.stripe.com https://*.statuspage.io https://*.pingdom.net wss://ws.pusherapp.com https://api.rollbar.com https://*.helpscout.net https://zapier.com https://*.zapier.com/ https://*.integrately.com https://api.getrewardful.com/ https://*.segment.io https://cdn.segment.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://*.facebook.com https://bat.bing.com https://cdn.linkedin.oribi.io https://*.linkedin.com/ https://registry.npmjs.org https://*.split.io; img-src 'self' blob: data: https://*.uploadcare.com https://ucarecdn.com https://*.ucarecdn.com https://*.ucr.io https://q.stripe.com https://*.calendly.com https://zapier-images.imgix.net https://zapier.com https://*.zapier.com https://integrately.com https://*.amazonaws.com https://*.travis-ci.com https://*.travis-ci.org https://github.com https://codesandbox.io https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.g.doubleclick.net https://i.ytimg.com https://bat.bing.com *.google.com *.google.at *.google.com.au *.google.be *.google.bg *.google.com.br *.google.by *.google.ca *.google.ch *.google.cn *.google.cz *.google.de *.google.dk *.google.es *.google.fi *.google.fr *.google.gr *.google.com.hk *.google.hr *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.co.in *.google.it *.google.co.jp *.google.co.kr *.google.kz *.google.lt *.google.lv *.google.me *.google.com.mx *.google.com.my *.google.nl *.google.no *.google.co.nz *.google.com.ph *.google.pl *.google.pt *.google.ru *.google.se *.google.com.sg *.google.si *.google.sk *.google.co.th *.google.com.tr *.google.com.tw *.google.com.ua *.google.co.uk *.google.com.vn *.google.rs *.google.cl *.google.com.ar *.google.com.ph *.google.ee https://*.customer.io https://*.facebook.com https://cx.atdmt.com https://p.adsymptotic.com https://*.linkedin.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ucarecdn.com https://*.ucarecdn.com https://*.uploadcare.com https://*.cloudfront.net https://js.stripe.com https://m.stripe.network https://*.statuspage.io https://*.pingdom.net https://zapier.com https://cdn.zapier.com https://*.integrately.com https://r.wdfl.co https://*.codepen.io https://*.helpscout.net/ https://*.google.com https://*.gstatic.com https://cdnjs.cloudflare.com https://cdn.rollbar.com https://assets.customer.io https://cdn.segment.com https://cdn.segment.io https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.googleadservices.com https://tpc.googlesyndication.com https://*.facebook.net https://snap.licdn.com https://bat.bing.com; frame-ancestors 'self'; report-uri https://app.uploadcare.com/apps/api/v0.1/csp/report/ 1
default-src 'self' *.googleapis.com *.hotjar.com *.youtube.com googleads.g.doubleclick.net *.monsido.com; script-src 'nonce-WrTcueE9lCNA3LAa' 'self' 'unsafe-inline' 'unsafe-eval'  *.wufoo.com *.googleapis.com *.addthisedge.com *.moatads.com *.addthis.com *.monsido.com staticcdn.co.nz *.highcharts.com *.googleapis.com *.hotjar.com *.facebook.net *.youtube.com www.google.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com; script-src-elem 'self' 'unsafe-inline' *.wufoo.com *.googleapis.com *.addthisedge.com *.moatads.com *.addthis.com *.monsido.com staticcdn.co.nz *.highcharts.com *.googleapis.com *.hotjar.com *.facebook.net *.youtube.com www.google.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com fonts.googleapis.com; connect-src 'self' *.ecan.govt.nz *.highcharts.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.addthis.com *.googleapis.com *.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; img-src 'self' blob: data: https://www.google.co.nz https://*.hotjar.com *.vimeocdn.com staticcdn.co.nz ecan.govt.nz *.ecan.govt.nz *.googleapis.com *.gstatic.com *.monsido.com shielded.co.nz *.youtube.com *.facebook.com *.ytimg.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; font-src 'self' data: https://*.hotjar.com fonts.gstatic.com staticcdn.co.nz; frame-src * data: blob: https://*.hotjar.com ;frame-ancestors 'self'; base-uri 'self';report-uri https://o4505163166515200.ingest.sentry.io/api/4505326961033216/security/?sentry_key=82e73ff171f9e2e7a10cf15a0f705a4e 1
base-uri 'none'; default-src 'self' data: blob: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://webmedia.ypsilon.net https://api.specials.de https://b2b.specials.de https://flr.ypsilon.net https://code.etracker.com https://www.etracker.de/ https://widgets.regiondo.net/ https://app.cituro.com/ https://app.usercentrics.eu https://webmedia.ypsilon.net; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' *.cybersource.com; object-src 'none'; 1
frame-ancestors *.jabraenhance.com 1
frame-ancestors 'self'; upgrade-insecure-requests; object-src 'none';base-uri 'none' 1
default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' https://netlify-cdp-loader.netlify.app 'sha256-vA9I4Z78x0EssVwjK01meHcPuZ+FqT7w+7mwK/+zTgc='; img-src 'self' data:; frame-src 'self' https://outreach.abetterinternet.org; font-src 'self' data:; media-src 'self'; object-src 'self'; 1
worker-src blob:; font-src *.fontawesome.com *.gstatic.com 'self' data: *.cloudfront.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.hsforms.com *.hubspot.com *.amazonaws.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.prooftag.com *.google.com *.googletagmanager.com *.hubspot.com *.hsadspixel.net *.hscollectedforms.net *.usemessages.com *.amazonaws.com www.xtento.com forms.hsforms.com *.doubleclick.net ct.pinterest.com www.theoceanrace.com vars.hotjar.com theoceanrace.geovoile.com service.force.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io 'self' data: *.cloudfront.net *.google-analytics.com *.hubspot.com *.hubspot.net *.hsforms.com blob: www.xtento.com cdn.xtento.com media.ulysse-nardin.com eu3-cdn.inside-graph.com www.google.ch *.facebook.com ct.pinterest.com *.ads.linkedin.com bat.bing.com www.google.fr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.gstatic.com *.cookielaw.org *.jsdelivr.net *.hotjar.com *.newrelic.com *.inside-graph.com *.google-analytics.com *.hsforms.net *.hsforms.com *.hs-scripts.com *.hsleadflows.net *.hs-banner.com *.hsadspixel.net *.hubspotfeedback.com *.usemessages.com *.hs-analytics.net *.hscollectedforms.net *.hubspot.net *.hubapi.com www.xtento.com cdn.xtento.com bat.bing.com snap.licdn.com connect.facebook.net s.pinimg.com cdnjs.cloudflare.com service.force.com tfour.my.salesforce.com *.salesforceliveagent.com static.lightning.force.com tfour.my.site.com 125268c633e8.eu-west-1.sdk.awswaf.com 125268c633e8.f70af3f4.eu-west-1.token.awswaf.com www.clarity.ms *.analytics.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com eu3-cdn.inside-graph.com service.force.com tfour.my.site.com 'self' 'unsafe-inline'; object-src blob: 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net media.ulysse-nardin.com google.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://geoip-js.com t.elasticsuite.io *.google-analytics.com *.cookielaw.org *.onetrust.com *.hubspot.com *.hubapi.com *.usemessages.com *.hsleadflows.net *.hs-banner.com *.hubspotfeedback.com *.hsadspixel.net *.hs-scripts.com *.hs-analytics.net *.hsforms.com *.amazonaws.com *.mapbox.com *.doubleclick.net eu3-live.inside-graph.com wss://eu3-live.inside-graph.com/ ct.pinterest.com *.hotjar.com *.hotjar.io wss://ws29.hotjar.com/api/v2/client/ws tfour.my.site.com 125268c633e8.f70af3f4.eu-west-1.token.awswaf.com *.linkedin.com *.analytics.google.com 'self' 'unsafe-inline'; child-src *.hubspot.com *.hsforms.com *.hsadspixel.net *.hscollectedforms.net *.usemessages.com blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; font-src 'self' blob: data: https://assets.vercel.com https://vercel.live/ *.abtasty.com *.gstatic.com *.googleapis.com; form-action 'self'; frame-ancestors 'self' localhost:* https://mkt-website-studio.tgtg.ninja/; img-src 'self' data: blob: https://vercel.com https://vercel.live/ https://sockjs-mt1.pusher.com/ https://cdn.sanity.io https://images.tgtg.ninja https://i.vimeocdn.com https://apptoogoodtogo.com https://dashboard.feedbucket.app https://www.googletagmanager.com https://*.ytimg.com https://*.googletagmanager.com https://*.abtasty.com https://*.hotjar.com https://*.bing.com https://bat.bing.com https://*.doubleclick.net https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.amazonaws.com https://*.google.es; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-CEQubJ00irQSPL05CsAxWQ==' 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src 'self' https://vercel.com https://vercel.live/ https://player.vimeo.com www.youtube.com policy.app.cookieinformation.com *.hotjar.com https://*.doubleclick.net; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://rmbutterfly.com https://*.rightmessage.com https://*.orbi.io https://*.liadm.com https://*.livechatinc.com https://*.adsymptotic.com https://*.linkedin.com https://*.licdn.com https://*.lk-cs.com https://*.schemaapp.com https://woobox.com https://lkcs.lkcsmap.com https://d3rxaij56vjege.cloudfront.net/ https://trackcmp.net https://*.app-us1.com https://*.amazonaws.com https://*.formstack.com https://*.ubembed.com https://*.gstatic.com https://chat.lk-cs.com wss://*.hotjar.com https://platform.twitter.com https://*.sitefinity.com https://dec.azureedge.net https://lkcssecurehosting.com https://vars.hotjar.com https://cdn.schemaapp.com https://www.facebook.com https://www.google.com https://*.google.com https://*.hotjar.io https://maps.google.com https://securenetgate9.com https://trkn.us https://*.leadforensics.com https://*.lk-cs.com https://*.securenetgate9.com https://www.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://s.ytimg.com https://*.facebook.com https://app.termly.io https://www.googletagmanager.com https://netdna.bootstrapcdn.com https://*.typekit.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://clients.lk-cs.com https://lkcsunix.com https://maps.googleapis.com https://content-partnersbadge-pa.googleapis.com https://secure.adnxs.com https://maps.gstatic.com https://stats.g.doubleclick.net https://*.vimeo.com https://*.sharefile.com https://*.calendly.com https://calendly.com https://*.youtube.com https://*.hotjar.com; frame-ancestors 'self' https://lkcsweb.activehosted.com https://lkcs.sharefile.com https://*.vimeo.com https://www.youtube.com https://*.calendly.com https://calendly.com https://*.rightmessage.com; report-uri https://lkcs.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://jionews.com https://jionewsdev1.jio.ril.com https://jionews.pie.news https://stgjionews.pie.news https://devjionews.pie.news 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://e1.envoke.com https://engage.envoke.com/ext/embed/engagements/ https://eml.envoke.com/ext/embed/engagements/ https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://js.intercomcdn.com https://widget.intercom.io/widget/ev9a263d https://w338l7p6z1nt.statuspage.io https://files.envoke.com/web_files/812/scripts/nvk.js https://player.vimeo.com/api/player.js https://sc.lfeeder.com/lftracker_v1_bElvO73rqp18ZMqj.js https://code.jquery.com/jquery-3.5.1.min.js https://use.fontawesome.com/ba2b83a682.js https://ct.capterra.com/capterra_tracker.js https://cdnjs.cloudflare.com/ajax/libs/ https://unpkg.com/micromodal/dist/micromodal.min.js https://unpkg.com/alpinejs https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/js/select2.min.js https://nitroscripts.com/DRmPoMiPKLjZyQPgQZXjcnTyhLJGpiKT; style-src 'self' 'unsafe-inline' data: https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://e1.envoke.com/css/nvk-content.min.css https://cdn.jsdelivr.net/npm/select2@4.1.0-rc.0/dist/css/select2.min.css; img-src 'self' http: https: data: https://e1.envoke.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ga-audiences https://capterra.s3.amazonaws.com/assets/images/ https://assets.capterra.com; connect-src 'self' https://*.envoke.com/form.php https://*.google.com https://*.google.ca https://*.google.co.uk https://*.google.com.au https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://stats.g.doubleclick.net https://api-iam.intercom.io/messenger/web/ wss://nexus-websocket-a.intercom.io/pubsub/; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://fonts.intercomcdn.com/messenger-m4/ https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/; media-src 'self' https://js.intercomcdn.com; child-src 'self' https://*.google.com https://td.doubleclick.net https://player.vimeo.com https://w338l7p6z1nt.statuspage.io; frame-ancestors 'self'; report-to envoke-csp; report-uri https://envoke.report-uri.com/r/d/csp/enforce 1
frame-src  https://jofo.me https://ok.ru https://embed-player.space https://tgwidget.com https://*.yapfiles.ru https://*.film.ru http://*.film.ru https://*.ivi.ru https://*.twitter.com https://*.podster.fm https://*.u-stream.in https://onepleeer.ru https://video.ridus.ru https://rutube.ru https://*.vk.com https://vk.com http://*.videosom.ru https://coub.com https://*.yandex.ru https://yastatic.net https://*.facebook.com https://*.soundcloud.com/ https://*.google.com https://*.sibnet.ru https://*.viqeo.tv https://*.adtng.com https://cowork.team https://gamesfromheaven.com https://*.facebook.com https://twitter.com https://vk.com http://vk.com http://*.ustream.tv https://*.vimeo.com https://*.youtube.com https://yastatic.net https://ulogin.ru https://*.pinterest.com https://*.jsdelivr.net https://*.instagram.com; 1
form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.transcat.ca *.transcat.com *.tfaforms.com *.tfaforms.net *.hsforms.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.tfaforms.com https://*.cloudfront.net https://us-cdn.inside-graph.com https://fonts.googleapis.com https://service.force.com https://cdn.jst.ai https://cdn.amazon.channels.magento.com https://*.hotjar.com *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com fonts.googleapis.com widget.freshworks.com m2epro.freshdesk.com *.googleapis.com *.gstatic.com *.transcat.ca *.transcat.com *.tfaforms.net *.tfaforms.com *.hsforms.com tagmanager.google.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudfront.net https://www.tfaforms.com https://www.googlecommerce.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.cenpos.com https://apis.google.com https://bat.bing.com https://cdn.b0e8.com https://cdn.bc0a.com https://cdn.jsdelivr.net https://cdn.inspectlet.com https://cdn.bizible.com https://connect.facebook.net https://ssl.google-analytics.com https://st1.dialogtech.com https://us-tracker.inside-graph.com https://assets.adobedtm.com https://googleads.g.doubleclick.net https://static.trackedweb.net https://www.gstatic.com https://fonts.googleapis.com https://service.force.com https://*.salesforceliveagent.com https://my.jst.ai https://online.flippingbook.com https://cdn.jst.ai https://aly.jst.ai https://www.googleadservices.com https://us-live.inside-graph.com https://cdn.amazon.channels.magento.com https://use.typekit.net https://us-cdn.inside-graph.com https://static.hotjar.com https://script.hotjar.com https://*.dotdigital-pages.com https://solutions.invocacdn.com https://cdn.heapanalytics.com https://pnapi.invoca.net/ https://home-c52.nice-incontact.com/ https://*.hotjar.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.cenpos.com *.cenpos.net *.google.com *.gstatic.com *.cardinalcommerce.com widget.freshworks.com m2epro.freshdesk.com s7.addthis.com *.transcat.com *.transcat.ca *.tfaforms.com *.tfaforms.net *.hsforms.net *.hsforms.com js.hs-scripts.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' *.adobe.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com 'self' 'unsafe-inline'; img-src 'self' data: about: http://www.transcat.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://*.cloudfront.net https://bat.bing.com https://cdn.bizible.com https://amcglobal.sc.omtrdc.net https://ssl.google-analytics.com https://cm.everesttech.net https://st2.dialogtech.com https://*.smarterspecies.com https://*.transcat.com https://a.b0e8.com https://online.flippingbook.com https://www.paypalobjects.com https://googleads.g.doubleclick.net https://i.ytimg.com https://stats.g.doubleclick.net https://cdn.bizibly.com https://p.typekit.net https://us-cdn.inside-graph.com https://c.bing.com https://heapanalytics.com https://*.hotjar.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net validator.swagger.io *.ftcdn.net *.behance.net 'self' data: *.tfaforms.net *.tfaforms.com *.hsforms.com *.transcat.ca *.transcat.com *.gstatic.com data: 'self' 'unsafe-inline'; frame-src 'self' https://bid.g.doubleclick.net https://amc.demdex.net https://us-live.inside-graph.com https://www.cenpos.net https://www.google.com https://www.youtube.com https://maps.google.com https://www.facebook.com https://www.tfaforms.com https://online.flippingbook.com https://vars.hotjar.com https://*.dotdigital-pages.com https://home-c52.nice-incontact.com https://*.hotjar.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.cenpos.net *.cenpos.com *.google.com *.gstatic.com *.cardinalcommerce.com *.transcat.com *.transcat.ca *.tfaforms.com *.tfaforms.net *.hsforms.net *.hsforms.com *.weltpixel.com 'self' 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://*.cloudfront.net https://us-cdn.inside-graph.com https://c1.sfdcstatic.com https://use.typekit.net https://*.hotjar.com fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: *.transcat.ca *.transcat.com data: 'self' 'unsafe-inline'; connect-src 'self' https://aly.jst.ai https://my.jst.ai https://bat.bing.com https://*.cloudfront.net https://dpm.demdex.net https://hn.inspectlet.com https://ixfd1-api.bc0a.com https://r2.trackedweb.net https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://us-live.inside-graph.com wss://us-live.inside-graph.com https://fbo-b.flippingbook.com https://tcatptcopy-transcat.cs34.force.com https://cdn.amazon.channels.magento.com https://online.flippingbook.com https://*.hotjar.com wss://*.hotjar.com https://us-cdn.inside-graph.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adobe.io performance.typekit.net *.sentry.io widget.freshworks.com m2epro.freshdesk.com ekr.zdassets.com/ t.elasticsuite.io *.google-analytics.com *.transcat.ca *.transcat.com *.tfaforms.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; default-src 'self' https://*.cloudfront.net https://*.hotjar.com *.asc-stage-magento.com asc-stage-magento.com *.channels.magento.com channels.magento.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://*.wcaworld.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://maps.googleapis.com https://calculator.pledge.io; font-src 'self' data: https://*.typekit.net https://*.gstatic.com; img-src 'self' data: https://*.wcaworld.com https://www.googletagmanager.com https://*.googleapis.com https://mcusercontent.com https://gallery.mailchimp.com https://*.gstatic.com; connect-src 'self' https://*.wcaworld.com https://www.google-analytics.com https://maps.googleapis.com; object-src 'self' data: blob: https://*.wcaworld.com; frame-src 'self' blob: https://*.wcaworld.com https://calculator.pledge.io https://www.youtube.com 1
frame-ancestors 'self' https://*.model-t.cc.commerce.ondemand.com https://*.freedom.com.au 1
default-src *; connect-src * blob: ; media-src * blob: data:; ; object-src * data: blob:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self' https://scatbook.com https://darkfans.com; 1
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/backupdr 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://static.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com *.kampyle.com *.medallia.com; style-src 'self' 'unsafe-inline' https://shareowneronline.com https://eqsolprodusapp.blob.core.windows.net https://fast.fonts.net *.kampyle.com *.medallia.com https://eq-sol-prod-us-fd-main-b2c.azurefd.net/; img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://eq-sol-prod-us-fd-main-b2c.azurefd.net/ https://shareowneronline.com https://eqsolprodusapp.blob.core.windows.net *.kampyle.com *.medallia.com; connect-src 'self' https://devadfs.usatest.eqtest.internal/ https://shareowneronline.com https://www.google-analytics.com https://eqsolprodusapp.blob.core.windows.net https://eqsolprodusb2cmain.b2clogin.com/ *.kampyle.com *.medallia.com https://eqsolprodusapp.blob.core.windows.net/sol-media https://eq-sol-prod-us-fd-main-b2c.azurefd.net/ https://shareowneronline.com https://region1.google-analytics.com; child-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.googletagmanager.com https://devadfs.usatest.eqtest.internal/ https://www.google.com/ https://sso-us.equiniti.com https://djcs.factsetdigitalsolutions.com https://custom.factsetdigitalsolutions.com *.kampyle.com *.medallia.com http://www.abbvie.com; 1
default-src 'self' https://www.google.com/ads/ https://s7.addthis.com/ https://api-public.addthis.com/ https://www.youtube-nocookie.com/ https://jnn-pa.googleapis.com/ https://play.google.com/ https://stats.g.doubleclick.net/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://use.fontawesome.com/ https://www.youtube-nocookie.com/; img-src 'self' https://jbs.i-maxpr.com/ data: https://www.google-analytics.com/ https://www.facebook.com/ https://www.google.com.br/ https://i.ytimg.com/ https://yt3.ggpht.com/; connect-src 'self' https://cdn.cookielaw.org/ https://s7.addthis.com/ https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data:application/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://use.fontawesome.com/; connect-src 'self' https://cdn.cookielaw.org/ https://s7.addthis.com/; media-src 'self' https://s7.addthis.com/; object-src 'self'; child-src 'self'; frame-src 'self' https://www.youtube.com; worker-src 'self'; form-action 'self'; base-uri 'self'; frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://rec.smartlook.com https://www.google-analytics.com https://cdn.cookielaw.org/ https://fonts.googleapis.com/ https://s7.addthis.com/ https://www.googletagmanager.com/ https://z.moatads.com/ https://www.google-analytics.com/ https://v1.addthisedge.com/ https://m.addthis.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://rec.smartlook.com/recorder.js https://s7.addthis.com/js/300/addthis_widget.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; 1
script-src https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js.hcaptcha.com https://region1.google-analytics.com https://consent.cookiebot.com 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/dist/feather.min.js https://js.monitor.azure.com https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com *.thehotelsnetwork.com https://www.bokabord.se/widget.min.js https://connect.facebook.net https://snap.licdn.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://static.proposales.com/embed.js https://bat.bing.com/p/action/56342803.js https://bat.bing.com/bat.js https://s.pinimg.com/ct/lib/main.b4887131.js https://s.pinimg.com/ct/core.js https://analytics.tiktok.com https://sc-static.net/scevent.min.js 'self' https://*.googletagmanager.com https://www.googletagmanager.com https://d1igp3oop3iho5.cloudfront.net/v2/iJ-onyHbFHNk0RfbWCOB9Q-eu1/ https://*.googleapis.com https: https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com 'unsafe-eval' blob:; frame-src https://www.google.com https://tpc.googlesyndication.com https://tbs.tradedoubler.com https://consentcdn.cookiebot.com https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com https://pal-test.adyen.com/ https://pal.adyen.com/ https://pal-live.adyen.com/ https://3ds-a.live.ext.prod.enfuce.com/ *.thehotelsnetwork.com https://app.waiteraid.com https://tr-shadow.snapchat.com https://ct.pinterest.com https://tr.snapchat.com https://td.doubleclick.net https://player.vimeo.com/ 'self' https://www.googletagmanager.com *.google.com https://booking.caspeco.net/; font-src https://use.typekit.net data: https://cdn.proposales.com *.thehotelsnetwork.com 'nonce-cb9d3d2a-4223-4d89-b5c2-15731518b5d1' 'self' https://fonts.gstatic.com; style-src https://use.typekit.net https://p.typekit.net https://consent.cookiebot.com https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com https://inbox.proposales.com *.thehotelsnetwork.com https://www.bokabord.se/static/css/modal.css https://bat.bing.com/bat.js 'self' https://*.googletagmanager.com 'unsafe-inline' https://fonts.googleapis.com; img-src https://www.facebook.com/privacy_sandbox/pixel/ 'self' data: https://bookings.elite.se https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://www.google.com/ads/ https://www.google.se/ads/ https://www.google.no/ads/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com https://imgstatic.eu https://linkcenterus.derbysoftca.com https://imgsct.cookiebot.com https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com https://cdf6519016.cdn.adyen.com/ *.thehotelsnetwork.com https://bat.bing.com https://ct.pinterest.com https://www.pinterest.com https://px.ads.linkedin.com https://tr.snapchat.com https://www.linkedin.com/px https://www.facebook.com/tr/ https://stats.g.doubleclick.net https://pxl.upsales.com/ https://*.googletagmanager.com https://*.google-analytics.com https://jumbe.eu1.odp.optimizely.com/v2/; connect-src https://tr6.snapchat.com/p https://bat.bing.com http://localhost:* https://googleads.g.doubleclick.net https://www.google.com/pagead/ https://adservice.google.com/pagead/ https://maps.googleapis.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://js.monitor.azure.com https://checkoutshopper-test.adyen.com https://checkoutshopper.adyen.com https://checkoutshopper-live.adyen.com ws://rrpmn45g-9378.euw.devtunnels.ms:* ws://nd292235-9378.euw.devtunnels.ms:* ws://41jmgw9r-9378.euw.devtunnels.ms:* ws://59w2h3s5-9378.euw.devtunnels.ms:* ws://kl5wn1hh-5001.euw.devtunnels.ms:* ws://nc304lqx-9378.euw.devtunnels.ms:* https://secure.proposales.com *.thehotelsnetwork.com https://app.waiteraid.com https://snap.licdn.com https://cdn.linkedin.oribi.io https://tr-shadow.snapchat.com https://ct.pinterest.com https://analytics.tiktok.com https://tr.snapchat.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://vimeo.com/api/ 'self' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com; default-src 'self'; base-uri 'self'; 1
frame-ancestors http://*.indecopi.gob.pe 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self';  img-src 'self' data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://nrw.social; img-src 'self' https: data: blob: https://nrw.social; style-src 'self' https://nrw.social 'nonce-IS8KqotHawaF2WlJvkuTYQ=='; media-src 'self' https: data: https://nrw.social; frame-src 'self' https:; manifest-src 'self' https://nrw.social; form-action 'self'; child-src 'self' blob: https://nrw.social; worker-src 'self' blob: https://nrw.social; connect-src 'self' data: blob: https://nrw.social https://nrw.social wss://nrw.social; script-src 'self' https://nrw.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://*; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
object-src 'none'; script-src 'self' blob: https://*.ampproject.org/ https://*.paypal.com/ https://platform.twitter.com https://platform.x.com https://songbirdstag.cardinalcommerce.com/edge/v1/ https://checkout.razorpay.com/ https://cdn.checkout.com/ 'nonce-PqHIYvdtker2fmTd7BWDBg=='; base-uri 'none'; default-src 'self' https: data: blob: wss: 'unsafe-inline' 1
default-src 'self' https://8gvyw6q6yj.execute-api.eu-west-1.amazonaws.com https://argentwebsite.prismic.io argentwebsite.cdn.prismic.io images.prismic.io platform.twitter.com syndication.twitter.com twitter.com https://optimize.google.com https://script.google.com https://script.googleusercontent.com https://api.compound.finance/api/v2/ctoken https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' www.googletagmanager.com www.google-analytics.com syndication.twitter.com platform.twitter.com *.twimg.com https://optimize.google.com https://snap.licdn.com 'unsafe-inline'; style-src 'self' platform.twitter.com https://optimize.google.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com 'unsafe-inline'; img-src 'self' https://px.ads.linkedin.com https://dv3jj1unlp2jl.cloudfront.net api.producthunt.com images.prismic.io argentwebsite.cdn.prismic.io prismic-io.s3.amazonaws.com stats.g.doubleclick.net syndication.twitter.com *.twimg.com platform.twitter.com https://www.google.co.uk https://www.google.com https://fonts.gstatic.com data: www.google-analytics.com https://twitter.com 'self'; font-src 'self' https://fonts.gstatic.com data: 'self'; frame-src https://dune.xyz https://www.youtube.com https://optimize.google.com https://platform.twitter.com https://twitter.com https://syndication.twitter.com https://duneanalytics.com https://embed.theblockcrypto.com; frame-ancestors 'self' 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' *.wellsfargo.com *.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com https://*.google.com https://*.wf.com https://*.tt.omtrdc.net https://*.google.com; img-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://*.medallia.com https://www.facebook.com https://cx.atdmt.com https://analytics.twitter.com https://t.co https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://s-a.innovid.com https://www.emjcd.com https://cj.dotomi.com https://www.mczbf.com https://*.mktgcdn.com https://*.postrelease.com https://wellsfargobankna.experiencecloud.adobe.com; object-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://*.doubleclick.net https://*.advanced-web-analytics.com; font-src 'self' data: *.wellsfargomedia.com *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.nuance.com; script-src 'nonce-f3bf96b3-dc2b-4cad-bcc1-84113393c30a' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.nuance.com https://wellsfargobank.tt.omtrdc.net https://cdn.tt.omtrdc.net;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com ; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com www.youtube.com www.youtube-nocookie.com www.google-analytics.com js.zi-scripts.com www.googletagmanager.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.google-analytics.com; connect-src 'self' js.zi-scripts.com ws.zoominfo.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' go.tsico.com www.youtube-nocookie.com www.google.com; worker-src 'self' blob: 1
script-src 'self' https://*.grantstreet-cdn.com https://*.govhub.com https://*.grantstreet.com:* https://vault.county-taxes.com https://www.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://secure.gravatar.com https://admin.typeform.com https://*.paypal.com https://*.paypalobjects.com 'nonce-49aca089e989ea55518f9c71bc92ba26'; connect-src 'self' https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://*.county-taxes.com:* https://county-taxes.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://pay.google.com https://google.com/pay https://www.google.com/pay https://*.algolia.io https://*.algolia.net https://*.algolianet.com stats.g.doubleclick.net https://translation.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://s3.amazonaws.com https://cdn-grantstreet-com.s3.amazonaws.com https://www.google.com; object-src 'none'; frame-ancestors 'self' https://*.govhub.com https://govhub.com https://*.pay-hub.net https://pay-hub.net https://atcwebsite-gsg.azurewebsites.net https://sbcountyatc.gov; report-uri https://o168195.ingest.sentry.io/api/1432778/security/?sentry_key=10c054b10b974c81b73423a0d835e640; 1
default-src 'self'; base-uri 'self'; object-src 'self'; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://ajax.cloudflare.com/cdn-cgi/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src https: data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.googleapis.com/youtube/ https://www.google-analytics.com https://stats.g.doubleclick.net; frame-ancestors 'self'; frame-src 'self' https://www.google.com https://www.youtube.com https://videolevels.com https://www.facebook.com https://web.facebook.com https://m.facebook.com https://suite.icareus.com https://cdn.jwplayer.com https://otse.kvmh.ee; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.klaviyo.com  *.termageddon.com *.hsappstatic.net *.vimeo.com connect.facebook.net *.fontawesome.com www.google-analytics.com *.clarity.ms snap.licdn.com cdn4.mxpnl.com *.g.doubleclick.net www.googletagmanager.com js.hsforms.net s7.addthis.com boards.greenhouse.io www.googleoptimize.com static.addtoany.com *.tiqcdn.com cdn.jsdelivr.net js.hs-scripts.com www.google.com *.cdnma.com www.gstatic.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net; style-src 'self' 'unsafe-inline' *.termageddon.com *.klaviyo.com *.fontawesome.com *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; img-src 'self' data: s.w.org ps.w.org px4.ads.linkedin.com cdn.jsdelivr.net  *.fontawesome.com *.clarity.ms *.gravatar.com www.glassdoor.com *.hubspot.com *.hsforms.com *.doubleclick.net www.google.com px.ads.linkedin.com www.facebook.com *.bing.com www.google-analytics.com www.googletagmanager.com; font-src 'self' data: cdn.jsdelivr.net *.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src 'self' www.youtube.com *.hubspot.com *.vimeo.com *.hsforms.com www.facebook.com td.doubleclick.net www.google.com static.addtoany.com; connect-src 'self' *.ads.linkedin.com *.klaviyo.com *.termageddon.com collect.tealiumiq.com forms.hscollectedforms.net www.google-analytics.com *.doubleclick.net *.clarity.ms pagead2.googlesyndication.com *.google.com api-js.mixpanel.com forms.hsforms.com *.amazonaws.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.situsamc.com *.pantheonsite.io *.vimeo.com fonts.gstatic.com *.googletagmanager.com *.google-analytics.com *.jsdelivr.net *.googleapis.com *.trustarc.com *.licdn.com *.hs-scripts.com *.marketo.net *.marketo.com *.hs-analytics.net *.hs-banner.com *.newrelic.com *.nr-data.net *.linkedin.com *.google.com *.hsforms.com *.hubspot.com *.doubleclick.net *.hsadspixel.net *.hscollectedforms.net *.mktoresp.com *.hubapi.com *.ceros.com *.sharethis.com *.oribi.io *.soundcloud.com *.coveo.com *.canva.com *.zohopublic.com *.typeform.com; frame-ancestors none 'self'; font-src 'self' data: *.gstatic.com; report-uri /report-csp-violation 1
frame-ancestors 'self'; report-uri https://r4com.report-uri.io/r/default/csp/enforce 1
default-src 'self'; style-src https: 'unsafe-inline'; style-src-elem https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: data: wss:; font-src https:; frame-src https:; img-src https: data: 'self'; worker-src blob: https:; media-src blob: https: 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' fonts.googleapis.com *.spencerfane.com pi.pardot.com; script-src-elem 'self' 'unsafe-inline' fonts.googleapis.com *.spencerfane.com pi.pardot.com; script-src-attr 'self' fonts.googleapis.com *.spencerfane.com pi.pardot.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: secure.gravatar.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 1
default-src *; style-src * 'unsafe-inline'; worker-src 'self' blob: ; script-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors kcls.org *.kcls.org kcls.bibliocms.com *.kcls.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src kcls.org *.kcls.org kcls.bibliocms.com *.kcls.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://manage.vehicleservicepros.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' *.google.com *.google.no *.googleadservices.com adservice.google.de *.g.doubleclick.net *.googlesyndication.com static.sojern.com csi.gstatic.com api.hubapi.com forms.hubspot.com blob:;               script-src 'self' 'unsafe-eval' 'unsafe-inline' *.analytics.google.com *.googletagmanager.com *.googleapis.com www.gstatic.com *.google-analytics.com connect.facebook.net *.googletagservices.com *.cookiebot.com *.skyra.no *.mapbox.com www.youtube.com player.vimeo.com *.google.com *.google.no *.googleadservices.com adservice.google.de *.g.doubleclick.net *.googlesyndication.com static.sojern.com csi.gstatic.com api.hubapi.com forms.hubspot.com;               script-src-elem 'self' 'unsafe-inline' *.analytics.google.com *.googletagmanager.com *.googleapis.com www.gstatic.com *.google-analytics.com connect.facebook.net *.googletagservices.com *.cookiebot.com *.skyra.no *.mapbox.com www.youtube.com player.vimeo.com *.google.com *.google.no *.googleadservices.com adservice.google.de *.g.doubleclick.net *.googlesyndication.com static.sojern.com csi.gstatic.com api.hubapi.com forms.hubspot.com https://snapsea.fra1.digitaloceanspaces.com/ https://app.snapsea.io/ blob:;              connect-src 'self' ws: www.facebook.com www.dalsnibba.no dalsnibba.no *.sanity.io vitals.vercel-insights.com vimeo.com *.hsforms.com *.google.com *.google.no *.googleadservices.com adservice.google.de *.g.doubleclick.net *.googlesyndication.com static.sojern.com csi.gstatic.com api.hubapi.com forms.hubspot.com *.analytics.google.com *.googletagmanager.com *.googleapis.com www.gstatic.com *.google-analytics.com connect.facebook.net *.googletagservices.com *.cookiebot.com *.skyra.no *.mapbox.com;              worker-src 'self' blob:;              frame-src 'self' www.youtube.com player.vimeo.com *.google.com *.google.no *.googleadservices.com adservice.google.de *.g.doubleclick.net *.googlesyndication.com static.sojern.com csi.gstatic.com api.hubapi.com forms.hubspot.com *.analytics.google.com *.googletagmanager.com *.googleapis.com www.gstatic.com *.google-analytics.com connect.facebook.net *.googletagservices.com *.cookiebot.com *.skyra.no *.mapbox.com https://snapsea.fra1.digitaloceanspaces.com/ https://app.snapsea.io/;              img-src 'self' res.cloudinary.com d3qvqlc701gzhm.cloudfront.net *.google.com *.google.no *.googleadservices.com adservice.google.de *.g.doubleclick.net *.googlesyndication.com static.sojern.com csi.gstatic.com api.hubapi.com forms.hubspot.com *.analytics.google.com *.googletagmanager.com *.googleapis.com www.gstatic.com *.google-analytics.com connect.facebook.net *.googletagservices.com *.cookiebot.com *.skyra.no *.mapbox.com data: http: https: blob:;               media-src 'self' res.cloudinary.com *.google.com *.google.no *.googleadservices.com adservice.google.de *.g.doubleclick.net *.googlesyndication.com static.sojern.com csi.gstatic.com api.hubapi.com forms.hubspot.com data: http: https:;               style-src 'self' 'unsafe-inline' *.mapbox.com *.google.com *.google.no *.googleadservices.com adservice.google.de *.g.doubleclick.net *.googlesyndication.com static.sojern.com csi.gstatic.com api.hubapi.com forms.hubspot.com https://snapsea.fra1.digitaloceanspaces.com/ https://app.snapsea.io/ fonts.googleapis.com www.googletagmanager.com;               object-src 'none';               report-uri https://netlifedesign.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com  https://culoansaver.com https://delivery.datatrac.net *.datatrac.net https://3riversfculocator.wave2.io https://*.msecnd.net apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://s.ytimg.com https://publish.twitter.com platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://www.googletagmanager.com *.msecnd.net https://stackpath.bootstrapcdn.com/ https://cdn.boomcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://code.jquery.com/ https://www.google-analytics.com/analytics.js https://www.onlinebanktours.com/external/v5/BCM_Light_Box.js *.addthis.com *.addthisedge.com https://graph.facebook.com https://z.moatads.com https://api.alpharank.io apis.google.com *.simpli.fi *.salemove.com *.glia.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://www.googleanalytics.com https://www.google-analytics.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-src.js https://dev.virtualearth.net https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/smartbanner.js/1.16.0/smartbanner.min.js https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com https://api.stlouisfed.org; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com *.datatrac.net www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://stackpath.bootstrapcdn.com/bootstrap/4.1.2/css/bootstrap.min.css https://cdn.boomcdn.com/libs/owl-carousel/2.3.4/assets/owl.theme.default.min.css https://cdn.boomcdn.com/libs/owl-carousel/2.3.4/assets/owl.carousel.min.css https://use.fontawesome.com/ https://cdn.boomcdn.com/ https://www.onlinebanktours.com/external/v5/BCM_Ad_Styles.css *.salemove.com *.glia.com recruitingbypaycor.com https://fonts.googleapis.com https://assets.sitescdn.net *.canva.com *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.theme.default.min.css https://cdnjs.cloudflare.com/ajax/libs/smartbanner.js/1.16.0/smartbanner.min.css; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net; img-src 'self' *.gstatic.com *.datatrac.net *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: *.datatrac.net blob: *.eloqua.com track.hubspot.com https://cdn.oectours.com/media/ https://www.onlinebanktours.com https://i.ytimg.com https://www.googletagmanager.com *.googleusercontent.com *.simpli.fi https://www.googleadservices.com *.doubleclick.net *.tremorhub.com *.yahoo.com *.bfmio.com *.rlcdn.com *.lijit.com *.tapad.com https://bcp.crwdcntrl.net *.agkn.com *.exelator.com *.bluekai.com *.pubmatic.com https://fei.pro-market.net *.advertising.com *.spotxchange.com *.rubiconproject.com *.openx.net https://ib.adnxs.com *.intentiq.com https://ads.stickyadstv.com *.google.com https://sync.mathtag.com https://secure.insightexpressai.com https://1f2e7.v.fwmrm.net https://pbid.pro-market.net https://match.adsrvr.org https://segments.company-target.com https://jelly.mdhv.io https://sync.tidaltv.com https://www.entitytag.co.uk https://www.totaljobs.com *.webmd.com https://pippio.com https://tag.apxlv.com *.salemove.com *.glia.com https://www.google-analytics.com https://www.googletagmanager.com https://assets.sitescdn.net *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net; media-src 'self' data: blob: *.glia.com https://www.eventbrite.com; child-src 'self' https://cdn.flipsnack.com https://culoansaver.com *.datatrac.net https://delivery.datatrac.net https://3riversfculocator.wave2.io https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.onlinebanktours.com *.datatrac.net *.addthis.com *.timetrade.com https://webchat.3riversfcu.com *.tryinteract.com *.salemove.com *.glia.com https://forms.monday.com https://survey.alchemer.com https://reporting.alchemer.com *.culookup.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://dev.virtualearth.net 3riversfcu.hosted.panopto.com *.glia.com https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://supportform.3riversfcu.org https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com; connect-src 'self' wss: accounts.google.com https://*.dec.sitefinity.com 3riversfcu.hosted.panopto.com *.datatrac.net *.mktoresp.com https://dc.services.visualstudio.com/v2/ https://pixel.alpharank.io https://www.google-analytics.com https://stats.g.doubleclick.net *.salemove.com *.glia.com https://forms.monday.com https://survey.alchemer.com https://reporting.alchemer.com *.culookup.com https://abe-embedded-web.s3.amazonaws.com/glia-custom-renderer-latest.js https://info.autobooks.co recruitingbypaycor.com https://dev.virtualearth.net *.glia.com https://www.eventbriteapi.com https://www.eventbrite.com https://assets.sitescdn.net *.canva.com https://analytics.google.com/ *.segmint.net *.cloudfront.net https://cdn.jsdelivr.net https://supportform.3riversfcu.org https://static.3riversfcu.org https://cdn.timetrade.com/scripts/lightbox/latest/lightbox.js consumer.optimalblue.com https://api.stlouisfed.org; object-src 'none'; 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; 1
base-uri 'self'; default-src 'self'; object-src 'none'; connect-src 'self' https://forms-eu1.hscollectedforms.net https://events.eu1.segmentapis.com https://popup.wisepops.com https://app.ewebinar.com https://embedwistia-a.akamaihd.net https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://*.google.com https://*.google.fr https://api.ewebinar.com https://*.inspectlet.com wss://ws.inspectlet.com https://my.yoast.com/api/ https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://ibabs.ewebinar.com https://cdn.wisepops.com https://tracking.wisepops.com https://squeaky.ai/api/graphql wss://gateway.squeaky.ai wss://squeaky.ai/api/graphql https://*.clarity.ms https://cdn.segment.com https://*.doubleclick.net *.hs-banner.com *.hubspot.com *.hubapi.com *.hsforms.com *.wistia.com https://fast.wistia.net *.litix.io *.facebook.com *.segment.io *.salesfeed.com stats.g.doubleclick.net https://*.googlesyndication.com https://www.google.nl/ads/ https://*.google-analytics.com https://app.ewebinar.com https://ibabs.ewebinar.com https://bat.bing.com; font-src 'self' 'unsafe-inline' data: *.ibabs.eu *.ibabsonline.eu *.gstatic.com https://js-eu1.hs-banner.com/v2/ https://fast.wistia.com; frame-src 'self' https://*.doubleclick.net *.youtube-nocookie.com *.youtube.com youtube.com https://sdk.companywebcast.com https://*.google.com *.facebook.com *.hsforms.com *.hubspot.com *.hs-sites-eu1.com https://app.ewebinar.com https://ibabs.ewebinar.com https://platform.twitter.com; img-src 'self' 'unsafe-inline' data: *.ibabs.eu *.ibabsonline.eu *.ibabs.fr *.facebook.com https://*.google.com https://*.google.co.uk https://*.google.fr https://connect.facebook.net https://*.inspectlet.com https://fast.wistia.com https://bat.bing.com https://c.bing.com https://*.clarity.ms https://ewebinar.imgix.net https://4788601.fs1.hubspotusercontent-na1.net https://4788601.fs1.hubspotusercontent-eu1.net https://hubspot-no-cache-eu1-prod.s3.amazonaws.com https://assets.ewebinar.com https://app.ewebinar.com https://ibabs.ewebinar.com https://cdn.wisepops.com *.wistia.com https://syndication.twitter.com https://*.hsappstatic.com https://*.hsappstatic.net https://*.googletagmanager.com https://*.hubspot.com *.hubspotusercontent00.net *.hubspot.net *.hs-sites.com *.hsforms.com *.salesfeed.com https://*.lfeeder.com https://*.w.org https://*.google.com https://*.google.nl *.google-analytics.com *.doubleclick.net *.azurewebsites.net *.ibabs.co.uk *.gravatar.com *.linkedin.com; script-src 'self' blob: *.ibabs.eu *.ibabs.com *.ibabsonline.eu https://yoast.com/shared-assets/ https://loader.wisepops.com https://cdn.linkedin.oribi.io https://cdn.wisepops.com https://tracking.wisepops.com https://*.clarity.ms https://cdn.squeaky.ai https://www.youtube.com/iframe_api https://px.ads.linkedin.com https://fast.wistia.com https://app.wistia.com *.hsforms.net *.hscollectedforms.net *.usemessages.com *.segment.com *.hs-banner.com *.hsforms.com *.hsadspixel.net https://app.ewebinar.com https://assets.ewebinar.com https://ibabs.ewebinar.com *.licdn.com *.lfeeder.com *.companywebcast.com https://*.inspectlet.com https://www.googleadservices.com/pagead/conversion_async.js https://www.google-analytics.com/plugins/ua/linkid.js https://bat.bing.com/bat.js *.salesfeed.com https://googleads.g.doubleclick.net/j/collect https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://*.google.com https://*.google.fr https://www.google-analytics.com https://www.googletagmanager.com/gtag/ https://www.googletagmanager.com/gtm.js https://platform.twitter.com https://platform.linkedin.com https://www.link-page.info/tracking_19299.js https://bat.bing.com https://www.link-page.info/tracking_19299/ 'unsafe-inline' 'unsafe-eval' *.facebook.net *.hs-analytics.net *.hs-scripts.com *.hubspot.com *.hscta.net *.hsleadflows.net; media-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.ibabs.com *.wistia.com https://fast.wistia.net https://embedwistia-a.akamaihd.net; style-src 'self' 'unsafe-inline' *.ibabsonline.eu *.hs-sites.com *.salesfeed.com *.googleapis.com; 1
frame-ancestors 'self' http://localhost:3333 https://gentux.sanity.studio https://*.optimizely.com 1
default-src mebhome.ru www.mebhome.ru m.mebhome.ru https://img.mebhome.ru https://ssl.google-analytics.com telemetry.jivosite.com bid.g.doubleclick.net *.googleapis.com antisovetnic.ru youtube.com *.youtube.com *.jivosite.com *.yandex.ru *.mail.ru *.doubleclick.net *.spim.ru spim.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.mebhome.ru stats.g.doubleclick.net antisovetnic.ru kicksovetnik.ru www.youtube.com vk.com core-renderer-tiles.maps.yandex.net https://mc.yandex.com/ https://code.jquery.com ajax.googleapis.com w2ui.com https://yastatic.net http://cdn.rawgit.com https://cdn.cloudflare.com/ http://cdnjs.cloudflare.com/ *.mail.ru https://ssl.google-analytics.com bid.g.doubleclick.net ssl.google-analytics.com google-analytics.com spim.ru yandex.st *.criteo.net *.criteo.com cdn.rutarget.ru *.mail.ru *.yandex.ru *.googleadservices.com www.google-analytics.com *.begun.ru *.jivosite.com cdn.retailrocket.ru *.doubleclick.net https://www.google.com https://www.gstatic.com *.rambler.ru; child-src blob: https://mc.yandex.ru;  frame-src 'self' pay.yandex.ru rutube.ru *.1tv.ru http://www.mebhome.ru https://code.jivosite.com yandex.ru webvisor.ru api-maps.yandex.ru  antisovetnic.ru img.mebhome.ru https://img.mebhome.ru andria.ru https://www.google.com/ https://bid.g.doubleclick.net/ https://ren.tv/ youtube.com *.youtube.com *.criteo.com tag.rutarget.ru cdn.rutarget.ru *.criteo.net yastatic.net blob: https://mc.yandex.ru; object-src 'self' blob: *; img-src 'self' blob: * https://mc.yandex.ru spimg.ru *.spim.ru  antisovetnic.ru pozvonok.ru *.pozvonok.ru data:; font-src 'self' * data: blob:; connect-src 'self' pay.yandex.ru https://mc.yandex.com/ https://www.youtube.com https://ssl.google-analytics.com https://suggestions.dadata.ru mc.yandex.md https://www.google.com/ https://www.google.ru/ *.mail.ru *.jivosite.com  antisovetnic.ru https://tracking.retailrocket.net/ https://dsp.retailrocket.net/ https://mc.yandex.ru wss://*.jivosite.com/;  style-src 'unsafe-inline' 'unsafe-eval' 'self' *; report-uri /csp/csp.php 1
frame-ancestors 'self' https://portal.ukbonn.de https://portal-test.ukbonn.de; 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; media-src 'self' data: mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org script.crazyegg.com pghub.io www.youtube.com *.bazaarvoice.com mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io www.youtube.com consumersupport.pg.com pandg.tapad.com ; img-src 'self' images.ctfassets.net pixel.tapad.com cdn.cookielaw.org www.googletagmanager.com *.ytimg.com *.bazaarvoice.com data: feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org geolocation.onetrust.com script.crazyegg.com *.google-analytics.com *.bazaarvoice.com az-apigateway-cs-prod-20180702.azure-api.net geolocation-db.com *.algolia.net wss: mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' 'unsafe-inline' https://*.google-analytics.com/ https://www.google.com/ https://fonts.googleapis.com https://analytics.google.com https://accounts.google.com/ https://cdn.cookielaw.org https://mavieencouleurs.matomo.cloud https://www.facebook.com https://9295380.fls.doubleclick.net/ https://api.flymenu.fr/ https://app.flymenu.fr https://www.google.mu https://graph.facebook.com/ https://www.google.fr https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://ct.pinterest.com https://appleid.cdn-apple.com/ https://privacyportal.onetrust.com https://front-secure.pixibox.com/ https://z-m-graph.facebook.com https://unilever.demdex.net/ https://*.googlesyndication.com/ https://www.youtube.com/ https://dpm.demdex.net/ https://kx1.co/ https://geolocation.onetrust.com/ https://td.doubleclick.net/ https://*.mavieencouleurs.fr data:; font-src 'self' *.mavieencouleurs.fr localhost https://fonts.gstatic.com https://cdnjs.cloudflare.com https://themes.googleusercontent.com data:; img-src 'self' https://*.google-analytics.com/ https://kwptg.kantarworldpanel.fr https://ad.doubleclick.net/ https://www.google-analytics.com/ https://td.doubleclick.net/ https://www.facebook.com https://www.google-analytics.com https://ct.pinterest.com/ https://www.google.mu https://www.google.fr https://cdn.cookielaw.org/ *.googlesyndication.com/ https://www.google.com/ https://www.googletagmanager.com/ https://*.mavieencouleurs.fr data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com http://kx1.co http://ajax.googleapis.com https://connect.facebook.net https://cdn.cookielaw.org https://s.pinimg.com/ https://www.google-analytics.com https://app.flymenu.fr https://*.google-analytics.com/ cdn.rawgit.com https://accounts.google.com https://api.flymenu.fr https://cdnjs.cloudflare.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://unilever.d3.sc.omtrdc.net http://kx1.co http://ajax.googleapis.com https://connect.facebook.net https://cdn.cookielaw.org https://s.pinimg.com https://www.google-analytics.com https://cdn.matomo.cloud https://assets.adobedtm.com https://app.flymenu.fr https://appleid.cdn-apple.com/ https://www.youtube.com/ https://google-analytics.com/ cdn.rawgit.com https://accounts.google.com https://api.flymenu.fr https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://accounts.google.com https://*.mavieencouleurs.fr data: https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.mavieencouleurs.fr https://api.flymenu.fr/ https://accounts.google.com data: https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.mavieencouleurs.fr/report-uri/enforce; upgrade-insecure-requests 1
base-uri https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io https://*.golinks.com https://*.golinks.dev; connect-src 'self' https://*.hscollectedforms.net https://fonts.googleapis.com https://*.6sc.co/ https://*.chilipiper.com/ https://*.clearbit.com/ https://x.clearbitjs.com/ https://tag.clearbitscripts.com/ https://api.company-target.com/ https://secure.adnxs.com/ https://www.g2.com https://golinks.io https://golinks.com https://golinks.dev https://*.factors.ai/ https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://accounts.google.com/ https://analytics.google.com/ wss://*.intercom.io/ https://*.intercomcdn.com/ https://*.intercom.io/ https://www.facebook.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.google.com/ https://*.doubleclick.net/ https://*.hubspot.com/ https://api.hubapi.com/ https://js.hs-scripts.com/ https://cdn2.hubspot.net https://*.hubspotusercontent00.net https://*.hubspotusercontent10.net https://*.hubspotusercontent20.net https://*.hubspotusercontent30.net https://*.hubspotusercontent40.net https://*.hscollectedforms.net https://js.hsleadflows.net https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-banner.net https://*.hsforms.com https://*.hsforms.net https://static.hsappstatic.net https://js.hubspotfeedback.com https://feedback.hubapi.com https://p.adsymptotic.com https://snap.licdn.com https://*.ads.linkedin.com https://*.linkedin.oribi.io https://sjs.bizographics.com https://js.usemessages.com https://*.vidyard.com https://*.hsforms.com/ https://*.fullstory.com https://ka-p.fontawesome.com/ https://kit.fontawesome.com; default-src 'self' ;font-src 'self' data: https://*.intercomcdn.com/ https://fonts.gstatic.com/ https://ka-p.fontawesome.com/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/;frame-src 'self' https://*.chilipiper.com/ https://jobs.ashbyhq.com/ https://www.facebook.com/ https://optimize.google.com https://s.company-target.com/ https://app.hubspot.com/ https://forms.hsforms.com/ https://js.hsforms.net/ https://www.google.com/ https://*.googletagmanager.com/ https://accounts.google.com/ https://js.stripe.com/ https://www.youtube.com/ https://*.loom.com/ https://*.doubleclick.net/ https://www.g2.com/products/;img-src 'self' data: https: blob: https://rs.fullstory.com https://www.g2.com/products/golinks/ https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://favicon-cdn.golinks.io https://www.g2.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://ka-p.fontawesome.com/ https://ws.zoominfo.com/ ;media-src 'self' https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.dev/ https://*.golinks.com/ ; object-src 'none'; report-uri https://www.golinks.io/csp-violation-report.php; script-src 'self' 'strict-dynamic' 'nonce-YWI2NGJjMDdhMTY1MjhjZDBlOTAyOWMwYmZiYmNhYTc4ZTgyYWZjMzU3MDdkYTY2NWI0NjI0ZWIzMzhhZjdiZg==' https: https://*.golinks.io/ https://jobs.ashbyhq.com/ https://connect.facebook.net/ https://api.hubapi.com/ https://code.jquery.com/ https://widget.intercom.io/ https://js.intercomcdn.com/ https://cdn.polyfill.io/ https://d3js.org/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/npm/bootstrap-tourist@0.3.2/ https://cdnjs.cloudflare.com/ajax/libs/ https://*.google-analytics.com/ https://analytics.google.com/ https://*.googletagmanager.com https://bid.g.doubleclick.net/ https://*.hubspot.com https://*.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://www.g2.com/ https://ws.zoominfo.com/ https://js.hs-scripts.com/ https://www.g2.com/products/ https://*.fullstory.com; style-src 'self' 'unsafe-inline' https://golinks.io https://golinks.com https://golinks.dev https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://fonts.googleapis.com/ https://accounts.google.com/ https://*.googletagmanager.com https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdn.jsdelivr.net/npm/bootstrap-tourist@0.3.2/ https://ka-p.fontawesome.com/ https://cdnjs.cloudflare.com/ajax/libs/animate.css/ https://cdnjs.cloudflare.com/ajax/libs/c3/ https://optimize.google.com/optimize/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-tour/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://js.locatorsearch.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google.com https://www.gstatic.com https://cdn-cs.conductor.com https://static.hotjar.com https://script.hotjar.com https://teachersfcustaging.demo.coconutcalendar.com https://appointments.teachersfcu.org https://resources.digital-cloud-west.medallia.com http://resources.digital-cloud-west.medallia.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://fonts.googleapis.com https://www.googletagmanager.com https://connect.facebook.net https://cdnjs.cloudflare.com https://js.locatorsearch.com https://bam.nr-data.net https://www.google.com https://www.gstatic.com https://js-agent.newrelic.com https://cdn-cs.conductor.com https://static.hotjar.com https://script.hotjar.com https://teachersfcustaging.demo.coconutcalendar.com https://appointments.teachersfcu.org https://share.teachersfcu.org https://resources.digital-cloud-west.medallia.com http://resources.digital-cloud-west.medallia.com https://players.brightcove.net https://vjs.zencdn.net https://cdn.jsdelivr.net https://static.addtoany.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' https://players.brightcove.net blob:; frame-ancestors 'self' https://teachersfcustaging.demo.coconutcalendar.com https://appointments.teachersfcu.org; report-uri https://www.teachersfcu.org/report-uri/enforce 1
default-src 'self'; font-src 'self'; frame-src *; img-src 'self' data:; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; form-action 'self'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' kalibrr.com *.kalibrr.com kalibrr.id *.kalibrr.id kalibrr.ph *.kalibrr.ph kalibrr.vn *.kalibrr.vn *.blitzllama.com *.zendesk.com https://static.zdassets.com https://ekr.zdassets.com *.zopim.com appleid.cdn-apple.com connect.facebook.net *.facebook.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com d36lvucg9kzous.cloudfront.net s1.webspellchecker.net js.stripe.com www.googletagmanager.com *.inspectlet.com *.googleapis.com *.newrelic.com *.nr-data.net platform.twitter.com static.ads-twitter.com apis.google.com ajax.cloudflare.com tagmanager.google.com analytics.twitter.com analytics.trovit.com *.effectivemeasure.net jscdn.appier.net track.adform.net cdn.ckeditor.com https://optimize.google.com; form-action 'self'; frame-src 'self' https://staticxx.facebook.com https://web.facebook.com https://accounts.google.com https://www.facebook.com https://docs.google.com https://www.youtube.com https://www.google.com https://optimize.google.com https://snap.licdn.com *.blitzllama.com; frame-ancestors http://careers.aboitiz.com https://careers.aboitiz.com https://careers-uat.aboitiz.com http://citysavings.com.ph https://citysavings.com.ph; 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.footjoy.com *.akamaihd.net *.ondemand.com *.pingdom.net *.google-analytics.com *.googletagmanager.com *.bootstrapcdn.com *.newrelic.com *.nr-data.net; frame-src 'self' *.ondemand.com *.footjoy.com *.inforcloudsuite.com *.acushnetgolf.com http: https: data:; frame-ancestors 'self' *.ondemand.com *.inforcloudsuite.com *.acushnetgolf.com http: https: data:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.ondemand.com; img-src * blob: data:; font-src 'self' *.googleapis.com *.gstatic.com *.ondemand.com *.bootstrapcdn.com data:; connect-src 'self' *.pingdom.net *.ondemand.com *.google-analytics.com *.nr-data.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.cat; img-src 'self' data: blob: https://toot.cat https://pool.jortage.com/tootcat/ https://toot.cat/system/ https://blob.jortage.com; style-src 'self' https://toot.cat 'nonce-vssS+Z1e0qphB85xVlf+lw=='; media-src 'self' data: https://toot.cat https://pool.jortage.com/tootcat/ https://toot.cat/system/ https://blob.jortage.com; frame-src 'self' https:; manifest-src 'self' https://toot.cat; form-action 'self'; child-src 'self' blob: https://toot.cat; worker-src 'self' blob: https://toot.cat; connect-src 'self' data: blob: https://toot.cat https://pool.jortage.com/tootcat/ https://toot.cat/system/ https://blob.jortage.com wss://toot.cat; script-src 'self' https://toot.cat 'wasm-unsafe-eval' 1
report-to slardar-endpoint; frame-ancestors 'self'; 1
frame-ancestors 'self' https://1.awardhq.com https://www.1.awardhq.com https://fedex.awardhq.com https://us.hiltonhhonorsshopping.com  https://diamondmall.hiltonhhonorsshopping.com https://shop-with-points.marriott.com https://shop.wyndhamrewards.com https://accor.awardhq.com https://giving.ihg.com https://catalog.ihg.com https://yourjourney.ihgrewardsclub.com https://yourrewards.awardhq.com; 1
default-src *;img-src 'self';font-src 'self' https://fonts.gstatic.com;style-src 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'strict-dynamic' 'nonce-Ups9zzdb8vZD1NfC3JLrgF2o4Zw=' https: 'unsafe-inline';frame-src https://www.google.com/recaptcha/;base-uri 'none';object-src 'none';report-to main-endpoint; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://stackpath.bootstrapcdn.com https://*.googletagmanager.com https://*.googleadservices.com https://*.google-analytics.com https://*.doubleclick.net https://*.google.de https://*.google.com https://*.youtube.com/ https://*.vimeo.com/ https://*.tempo-team.com https://*.tempo-team.de https://*.algolianet.com https://*.algolia.net https://*.github.io https://*.packagist.org https://*.contao.org https://*.composer-resolver.cloud https://*.facebook.net https://*.facebook.com https://*.googleadservices.com https://*.my.salesforce-sites.com https://*.randstad-easydrive.de data: blob: 1
frame-ancestors 'self' pmt.honeywell.com sps.honeywell.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://one.binalyze.com;connect-src *;worker-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval';font-src 'self' https://one.binalyze.com https://fonts.gstatic.com;frame-src 'self' https://one.binalyze.com https://cdn.binalyze.com;media-src 'self' https://storage.googleapis.com/studio1-prod-blob/ https://one.binalyze.com;style-src 'self' 'unsafe-inline' https: https://one.binalyze.com https://js.userflow.com;img-src 'self' data: https://js.userflow.com https://one.binalyze.com https://storage.googleapis.com/studio1-prod-blob/;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none' 1
frame-ancestors 'self' natdcp.com ndcp-zend.natdcp.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.fck.de 1
frame-ancestors 'self' https://student-stg.elsanow.co https://student.elsaspeak.com 1
script-src 'self' 'strict-dynamic' 'unsafe-inline' https:; script-src-elem 'self' 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com db.revoffers.com sp.analytics.yahoo.com s.yimg.com insight.adsrvr.org api.privy.com www.google-analytics.com dpm.demdex.net *.userway.org app.termly.io js.driftt.com *.slack.com diamondcbd.go2cloud.org *.fls.doubleclick.net global.ib-ibi.com tags.bluekai.com pixel.tapad.com uipglob.semasio.net dsum-sec.casalemedia.com player.vimeo.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.cloudfront.net app.shop.pe *.intercomcdn.com; connect-src 'self' stats.g.doubleclick.net s.yimg.com db.revoffers.com db.trackcb.com www.google-analytics.com a.klaviyo.com fast.a.klaviyo.com static-forms.klaviyo.com telemetrics.klaviyo.com app.termly.io js.driftt.com widget.privy.com *.privy.com *.userway.org *.ipqualityscore.com *.yotpo.com *.authorize.net track.flexlinks.com vimeo.com shop.pe *.datadome.co *.intercom.io wss://*.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com bam.nr-data.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://track.segmetrics.io *.cloudfront.net *.google.com api.agechecker.net https://db.trackcb.com app.shop.pe shopper.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.mantisadnetwork.com *.leadsrx.com https://o1281800.ingest.sentry.io/api/6614326/store/ https://o1281800.ingest.sentry.io/api/6614326/envelope/; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com use.fontawesome.com *.cloudfront.net *.intercomcdn.com https://*.hotjar.com https://cdn.userway.org cdn.agechecker.net *.cdnfonts.com; frame-src 'self' nytrng.com *.revoffers.com *.driftt.com *.userway.org *.go2cloud.org *.fls.doubleclick.net track.flexlinks.com *.vimeo.com *.googlevideo.com *.gvt1.com video.google.com *.youtu.be *.youtube.com https://*.hotjar.com app.termly.io; img-src 'self' upx.provenpixel.com telemetrics.klaviyo.com insight.adsrvr.org *.google.com *.google.pl *.google.us sp.analytics.yahoo.com www.google-analytics.com *.userway.org privymktg.com google-analytics.com dpm.demdex.net *.privy.com diamondcbd.go2cloud.org service.trafficroots.com sigma2.pubmatic.com *.adsrvr.org *.google.am *.doubleclick.net *.mantisadnetwork.com *.shareasale.com *.shareasale-analytics.com i.vimeocdn.com data: *.truoptik.com *.google.me *.adnxs.com *.bluekai.com *.ib-ibi.com *.semasio.net *.yotpo.com *.dotomi.com *.media6degrees.com https://usermatch.krxd.net https://*.hotjar.com *.cloudfront.net img.agechecker.net api.agechecker.net blob: shopper.shop.pe *.intercomcdn.com *.intercomassets.com *.intercomcdn.eu *.intercomusercontent.com *.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com *.intercomassets.eu *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com *.ipqualityscore.com *.yotpo.com www.googletagmanager.com s.btstatic.com *.cloudflareinsights.com *.driftt.com *.klaviyo.com *.authorize.net s.thebrighttag.com cdn-swell-assets.yotpo.com static.klaviyo.com www.google-analytics.com static.cloudflareinsights.com *.userway.org *.termly.io *.privy.com shop.pe *.cloudfront.net *.s3.amaonaws.com *.shop.pe js.intercomcdn.com *.intercom.io https://*.hotjar.com app.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com cdnjs.cloudflare.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' static-tracking.klaviyo.com *.mantisadnetwork.com upx.provenpixel.com s.yimg.com www.greenaffiliates.com db.revoffers.com cdn-loyalty.yotpo.com www.googletagmanager.com s.btstatic.com static.cloudflareinsights.com a.klaviyo.com www.google-analytics.com cdn-swell-assets.yotpo.com s.thebrighttag.com static.klaviyo.com *.userway.org app.termly.io js.driftt.com *.privy.com shop.pe *.ipqualityscore.com *.cloudfront.net ajax.cloudflare.com *.authorize.net *.gstatic.com shareasale-analytics.com *.s3.amazonaws.com *.shop.pe *.datadome.co *.yotpo.com *.intercom.io *.intercomcdn.com *.newrelic.com bam.nr-data.net *.hotjar.com *.facebook.net sdk.trackcb.com https://tag.segmetrics.io cdn.agechecker.net app.shop.pe *.mantis.marketing *.sitescout.com *.bidr.io *.crwdcntrl.net *.leadsrx.com player.vimeo.com cdnjs.cloudflare.com https://assets.secure.checkout.visa.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://js.authorize.net https://jstest.authorize.net https://polyfill.io https://sandbox-assets.secure.checkout.visa.com https://songbird.cardinalcommerce.com https://songbirdstag.cardinalcommerce.com https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' cdn-swell-assets.yotpo.com maxcdn.bootstrapcdn.com *.klaviyo.com *.privy.com *.gstatic.com *.cloudfront.net *.addshoppers.com *.userway.org https://*.hotjar.com *.cdnfonts.com cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' app.hubspot.com cdn-3.convertexperiments.com cdnjs.cloudflare.com connect.facebook.net cta-service-cms2.hubspot.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com platform.twitter.com play.vidyard.com run.pstmn.io script.crazyegg.com script.hotjar.com static.hotjar.com static.hsappstatic.net use.typekit.net www.googletagmanager.com www.google-analytics.com www.hubspot.com 'strict-dynamic' 'nonce-sOOjwomoQtYtrXSb+ZCPFQ=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
frame-ancestors 'self' https://www.sosbornebyerne.dk/ 1
default-src 'self'; style-src https: 'unsafe-inline'; script-src 'self' 'unsafe-eval' https://code.jquery.com/ https://abs.firstssl.ru/ https://maps.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.ckeditor.com/ https://vk.com/ https://www.youtube.com/ https://cse.google.com/ https://*.chathost.ru/ https://*.carrotquest.app/ https://www.googletagmanager.com/ https://www.google.com/ https://my.firstssl.ru/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://tag.marinsm.com/ https://mc.yandex.ru/ https://top-fwz1.mail.ru/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ 'unsafe-inline'; img-src * data:; connect-src 'self' https://api.carrottrack.app/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://*.carrottrack.io/ https://*.carrotquest.app/ wss://*.carrotquest.app/ https://stats.g.doubleclick.net/ https://top-fwz1.mail.ru/ https://mc.yandex.ru/ https://*.chathost.ru/; frame-src 'self' https://abs.firstssl.ru/ https://www.youtube.com/ https://www.google.com/ https://bid.g.doubleclick.net/; font-src 'self' https://netdna.bootstrapcdn.com/ data: https://fonts.gstatic.com/ https://*.carrotquest.app/; media-src 'self' https://*.carrotquest.app/; object-src 'none'; frame-ancestors 'self' https://metrika.yandex.ru; 1
frame-src 'self' https://experience.arcgis.com/ https://*.adform.net https://connect.facebook.net https://c1.adform.net https://platform.twitter.com/ https://a.flexbooker.com/ https://www.snappayglobal.com/ https://stage.snappayglobal.com/ https://www.youtube.com/ https://player.vimeo.com/ https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://hctra.maps.arcgis.com https://www.google.com/maps/ https://www.google.com/maps https://www.google.com https://www.trustedsite.com https://cse.google.com/ https://public.earthcam.net ;          default-src 'self';          script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.clarity.ms  https://t.clarity.ms  https://*.stackadapt.com https://*.tvsquared.com  https://*.tvsquared.com/tv2track.js  https://qvdt3feo.com/events.js   https://tags.srv.stackadapt.com https://connect.facebook.net  https://*.adform.net https://www.clarity.ms  https://ads.nextdoor.com  https://platform.twitter.com/js/tweet.b81b6d7af2d75db873cff6099e4f433a.js https://platform.twitter.com/widgets.js https://request.eprotect.vantivprelive.com https://request.eprotect.vantivcnp.com https://bam.nr-data.net https://js-agent.newrelic.com https://cse.google.com https://www.google.com/cse/ https://clients1.google.com https://www.google-analytics.com https://cdn.ywxi.net https://www.googletagmanager.com https://www.google.com https://*.gstatic.com;         img-src blob: data: 'self' https://www.facebook.com https://*.stackadapt.com  https://tags.srv.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js  https://*.mdhv.io   https://*.clarity.ms  https://c.clarity.ms https://pbs.twimg.com https://syndication.twitter.com https://cdn.ywxi.net https://smetrics.hctra.org https://clients1.google.com https://www.google.com/cse/ https://www.google-analytics.com https://www.googleapis.com/ https://ssl.gstatic.com https://encrypted-tbn0.gstatic.com/images https://encrypted-tbn1.gstatic.com/images https://encrypted-tbn2.gstatic.com/images https://encrypted-tbn3.gstatic.com/images https://traffic.houstontranstar.org https://www.adobe.com/images/shared/download_buttons/;          object-src 'self';          plugin-types application/x-shockwave-flash application/pdf;         style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://www.google.com/cse/static/;          connect-src 'self' https://connect.facebook.net https://*.clarity.ms  https://*.stackadapt.com https://*.tvsquared.com https://*.tvsquared.com/tv2track.js https://qvdt3feo.com/events.js  https://y.clarity.ms https://t.clarity.ms  https://tags.srv.stackadapt.com  https://*.adform.net  https://www.google-analytics.com https://s3-us-west-2.amazonaws.com/mfesecure-public/host/ https://bam.nr-data.net https://triposcert.vantiv.com https://tripos.vantiv.com https://www.googletagmanager.com https://analytics.google.com;         form-action 'none';         frame-ancestors 'self';         report-uri /api/sessions/CspViolationLog/ReportViolation/ 1
frame-ancestors 'self' https://*.youtube.com 1
frame-ancestors 'self' *.klekt.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://*.gstatic.com https://*.doubleclick.net https://www.googleadservices.com https://*.google-analytics.com https://*.google.com https://www.facebook.com https://connect.facebook.net https://*.link.sg https://storage.googleapis.com https://*.googleapis.com https://s.go-mpulse.net https://*.nedigital.sg; script-src-elem 'self' 'unsafe-inline' https://s.go-mpulse.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://*.google.com; connect-src 'self' https://pagead2.googlesyndication.com https://*.google.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://pass.link.sg https://*.fairprice.com.sg https://*.web.plus.com.sg https://digital.plus.com.sg https://rum.browser-intake-datadoghq.com https://web.plus.com.sg https://*.split.io https://api.link.sg https://stats.g.doubleclick.net https://c.go-mpulse.net https://*.akstat.io https://*.akamaihd.net https://www.google.com.sg; img-src 'self' data: https://*.google-analytics.com https://*.prod-media.nedigital.sg https://*.cloudfront.net *; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://*.gstatic.com https://*.googleapis.com https://*.nedigital.sg; frame-src 'self' https://td.doubleclick.net https://*.google.com https://*.gstatic.com https://www.googletagmanager.com https://*.fls.doubleclick.net https://www.facebook.com; font-src 'self' data: blob: https://*.gstatic.com https://*.googleapis.com https://*.nedigital.sg; child-src 'self' blob:; worker-src 'self' blob:; frame-ancestors 'self' https://*.link.sg; 1
frame-ancestors https://trustmark.sbresources.com/ https://investorrelations.trustmark.com/ https://expert.trustmark.com/ https://trustmark.custhelp.com/ http://www.trustmarkforeclosedproperties.com/ https://jobs-trustmark.icims.com/ https://intranet-trustmark.icims.com/ https://careers-fisherbrownbottrell.icims.com/ https://onboarding-trustmark.icims.com/ https://reorganizationcareers-trustmark.icims.com/ https://trustmark--tst2.custhelp.com/ https://dev.sbresources.com https://trustmarkcorp2020index.s4.q4web.com/ https://mortgagewebcenter.com https://trustmark.mortgagewebcenter.com/ https://www.mytrustmark.com http://trustmarkforeclosedproperties.trustmark.local https://www.trustmarkforeclosedproperties.com/ https://www-lc3t.myappro.com/login/trustmark https://www-lc3.myappro.com/login/trustmark https://www-aola52t.myappro.com/approonline/A52/Trustmark/co/ https://www-aolb52p.myappro.com/approonline/B52/Trustmark/co/ https://www-aola52t.myappro.com/ https://trustmark-stage.adobemsbasic.com/ https://trustmark-prod.adobemsbasic.com/ https://trustmark.com/ https://trustmarkforeclosedproperties.trustmark.local https://www.trustmarkforeclosedproperties.com 1
frame-ancestors 'self' *.resulticks.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://breeze.town; img-src 'self' https: data: blob: https://breeze.town; style-src 'self' https://breeze.town 'nonce-ciGhDCEFeLYg9eIPQknsUQ=='; media-src 'self' https: data: https://breeze.town; frame-src 'self' https:; manifest-src 'self' https://breeze.town; connect-src 'self' data: blob: https://breeze.town https://truevault01.breezetech.solutions:9000/minio/breezetown wss://breeze.town; script-src 'self' https://breeze.town; child-src 'self' blob: https://breeze.town; worker-src 'self' blob: https://breeze.town 1
default-src * data: blob: 'self';script-src 'self' *.ragic.com 'unsafe-inline' 'unsafe-eval' appleid.cdn-apple.com zapier.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.crisp.chat *.googletagmanager.com *.stripe.com www.instagram.com *.facebook.net *.twitter.com *.slideshare.net www.redditstatic.com cdn.amcharts.com 127.0.0.1:* cdn.zapier.com;style-src 'self' fonts.googleapis.com cdn.zapier.com *.ragic.com *.crisp.chat data: blob: 'unsafe-inline';font-src 'self' fonts.gstatic.com fonts.googleapis.com cdn.zapier.com *.ragic.com *.crisp.chat;frame-src 'self' www.instagram.com *.ragic.com *.google.com *.facebook.com *.twitter.com office.com www.youtube.com *.youku.com *.stripe.com *.slideshare.net view.officeapps.live.com; 1
frame-ancestors vertretung-dev04.allianz.de vertretung-dev02.allianz.de vertretung-dev01.allianz.de vertretung-stg2.allianz.de vertretung-stg1.allianz.de vertretung.allianz.de www-dev04.allianz.de www-dev02.allianz.de www-dev01.allianz.de www-stg2.allianz.de www-stg1.allianz.de www.allianz.de www.allianz-vor-ort.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.analytics.google.com ws.zoominfo.com www.googletagmanager.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hsforms.net https://app-sj25.marketo.com https://player.vimeo.com/; img-src 'self' https://i.vimeocdn.com/ https://forms.hsforms.com https://forms-na1.hsforms.com data:; font-src 'self' data:; 1
frame-ancestors 'self' https://*.minervaproject.com https://*.kgi.edu https://dev.harald.schil.ly https://*.doulos.com https://*.codesignal.com https://roamresearch.com; 1
default-src	'self'; script-src	'self' 'unsafe-inline'	https://*.demdex.net/	https://*.onetrust.com/	https://*.clarity.ms	https://tag-logger.demandbase.com	https://tag.demandbase.com	https://web.demandbase.com	https://api.company-target.com/api/v2/ip.json	https://assets.adobedtm.com/	https://bat.bing.com/	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net/	https://connect.facebook.net/	https://dc.ads.linkedin.com/	https://googleads.g.doubleclick.net/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://sjs.bizographics.com/	https://www.google.com/	https://www.google.com/recaptcha/	https://www.google.de/	https://www.googleadservices.com/	https://www.googletagmanager.com/	https://www.gstatic.com/recaptcha/	https://www.youtube.com/	; style-src	'self' 'unsafe-inline'	https://fonts.googleapis.com/	; connect-src	'self'	blob: 	https://*.112.2o7.net/	https://*.clarity.ms	https://*.data.adobedc.net/	https://*.demdex.net/	https://*.omtrdc.net/	https://*.onetrust.com/	https://airfiltration.mann-hummel.com/	https://assets.adobedtm.com/	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://cm.everesttech.net/	https://dc.ads.linkedin.com/	https://fleetdirect.mann-hummel.com/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://oem.mann-hummel.com/	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://sjs.bizographics.com/	https://tag-logger.demandbase.com	https://api.company-target.com/api/v2/ip.json	https://tridim.mann-hummel.com/	https://www.facebook.com/	https://www.google-analytics.com/	https://www.mann-filter.com/	https://www.mann-hummel.com/	https://www.purolatornow.com/; font-src	data:	https://fonts.gstatic.com/	; img-src	'self' data:	blob:	https://*.112.2o7.net/	https://*.clarity.ms	https://*.data.adobedc.net/	https://*.demdex.net/	https://*.doubleclick.net/	https://*.ggpht.com/	https://*.google.com/	https://*.google.de/	https://*.googleapis.com/	https://*.omtrdc.net/	https://ad.doubleclick.net/	https://ade.googlesyndication.com/	https://assets.adobedtm.com/	https://bat.bing.com/	https://c.bing.com	https://cm.everesttech.net/	https://googleads.g.doubleclick.net/	https://i.ytimg.com/	https://id.rlcdn.com	https://maps.gstatic.com/	https://p.adsymptotic.com/	https://px.ads.linkedin.com	https://px4.ads.linkedin.com/	https://s7g10.scene7.com/	https://s7ips3.scene7.com	https://smetrics.filtron.eu	https://www.facebook.com/	https://www.googletagmanager.com/	; form-action	'self'	https://newsletter.filtron.eu/	; frame-src	'self'	https://*.assetsadobe.com	https://*.demdex.net/	https://*.doubleclick.net/	https://*.filtron.eu/	https://*.scene7.com	https://bid.g.doubleclick.net/	https://cdn.linkedin.oribi.io/	https://cloud.mann-hummel-filtration.com/	https://dc.ads.linkedin.com/	https://gw.linkedin.oribi.io/	https://recaptcha.google.com/recaptcha/	https://s.company-target.com	https://sjs.bizographics.com/	https://www.facebook.com/	https://www.google.com/recaptcha/	https://www.nothinggetsbyus.com/	https://www.youtube-nocookie.com/	https://www.youtube.com/	; base-uri 'none'; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors https://mynikonhub.nikonlenswear.co.uk https://dev.mynikonhub.nikonlenswear.co.uk/ https://uat.mynikonhub.nikonlenswear.co.uk/; 1
frame-src https://ganeshaoperationexpert.com https://www.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com maps.googleapis.com browser-update.org googleapis.com polyfill.io *.googleapis.com *.polyfill.io google-analytics.com stats.g.doubleclick.net;  style-src 'self' 'unsafe-inline' fonts.googleapis.com; object-src 'none';  base-uri 'self';  connect-src 'self' stats.g.doubleclick.net maps.googleapis.com *.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' *.marketdata.feeds.iress.com videos.gold.org *.youtube.com; img-src 'self' *.googletagmanager.com *.google-analytics.com data: maps.googleapis.com maps.gstatic.com thevault.exchange i.ytimg.com *.staticflickr.com; manifest-src 'self';  media-src 'self' thevault.exchange;  worker-src 'none'; 1
default-src https://*.yandex.ru  'self'; script-src https://yastatic.net https://*.mail.ru https://*.yandex.net https://*.skbbank.ru https://*.sinara.ru 'self' 'unsafe-eval' 'unsafe-inline'; script-src-elem https://*.googleadservices.com https://*.google-analytics.com https://yastatic.net https://*.sendsay.ru https://*.mail.ru https://vk.com https://*.yandex.ru https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com https://*.googletagmanager.com https://*.kbki.ru 'self' 'unsafe-inline'; connect-src https://*.gov.ru https://suggestions.dadata.ru https://*.amplitude.com https://*.google.com https://*.doubleclick.net https://sendsay.ru https://*.sendsay.ru https://*.kbki.ru https://*.yandex.ru https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com https://*.scoring.ru 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src https://*.doubleclick.net https://*.google.com https://vk.com https://*.google.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com https://*.mail.ru https://*.sinara.ru https://*.google-analytics.com 'self' blob: data:; frame-src https://youtube.com https://*.youtube.com https://rutube.ru https://*.rutube.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com 'self' blob: data: 1
default-src 'self' https://*.dcube.cloud/ ; script-src 'self' 'sha256-7tJzJRhCSII909o84m4q85UWUc5EDMrrjsQXbeH+qlc=' blob: https://assets.dcube.cloud https://*.wogaa.sg https://assets.adobedtm.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://va.ecitizen.gov.sg https://*.cloudfront.net https://printjs-4de6.kxcdn.com https://unpkg.com https://wogadobeanalytics.sc.omtrdc.net https://connect.facebook.net https://graph.facebook.com https://facebook.com https://www.facebook.com https://*.googletagmanager.com https://*.licdn.com https://webchat.vica.gov.sg https://vica.gov.sg https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://www.instagram.com https://script.wiz.gov.sg/widget.js https://script-staging.wiz.gov.sg/widget.js wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/algoliasearch@4.20.0/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.60.0/dist/instantsearch.production.min.js ; object-src 'self' ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.cloudfront.net https://va.ecitizen.gov.sg https://*.wogaa.sg https://cdnjs.cloudflare.com https://datagovsg.github.io https://webchat.vica.gov.sg https://vica.gov.sg https://unpkg.com https://script.wiz.gov.sg/widget.css https://script-staging.wiz.gov.sg/widget.css https://assets.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css ; img-src * ; media-src * ; frame-src https://form.gov.sg/ https://wogaa.demdex.net/ https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://vimeo.com https://www.google.com https://checkfirst.gov.sg https://www.checkfirst.gov.sg https://docs.google.com https://nlb.ap.panopto.com https://www.google.com/recaptcha/ https://accounts.google.com https://www.gstatic.com/recaptcha/ https://data.gov.sg https://*.data.gov.sg https://calendar.google.com https://datastudio.google.com https://lookerstudio.google.com https://*.fls.doubleclick.net https://www.facebook.com https://m.facebook.com/ https://www.instagram.com https://api.id.gov.sg/ ; frame-ancestors 'none' ; font-src * data: ; connect-src 'self' https://dpm.demdex.net https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.wogaa.sg https://va.ecitizen.gov.sg https://ifaqs.flexanswer.com https://*.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://wogadobeanalytics.sc.omtrdc.net https://data.gov.sg https://api-production.data.gov.sg https://api.isomer.gov.sg https://webchat.vica.gov.sg https://chat.vica.gov.sg https://vica.gov.sg https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com wss://chat.vica.gov.sg https://api-vica-ana.vica.gov.sg/api/v1/response-ratings https://bucket-vica.vica.gov.sg https://autocomplete.vica.gov.sg https://static.zdassets.com https://ekr.zdassets.com https://*.zendesk.com https://*.zopim.com https://ask.gov.sg https://staging.ask.gov.sg wss://*.zendesk.com wss://*.zopim.com https://*.dcube.cloud/ https://console-flex-api.ap.sabio.cloud https://authmiddleware.ap.sabio.cloud https://1v7dzgzjkk-1.algolianet.com/ ; 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-N2RkYTQ0MWYtNjJkZC00MGU2LWI1NTEtN2FmODA0OThmNTA4' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://*.timeblockr.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://*.timeblockr.com https://*.readspeaker.com; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-N2RkYTQ0MWYtNjJkZC00MGU2LWI1NTEtN2FmODA0OThmNTA4' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://*.timeblockr.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://*.timeblockr.com;  1
frame-ancestors 'self' https: *.wigmore-hall.org.uk; frame-src 'self' https: *.wigmore-hall.org.uk 1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; report-uri /nelmio/csp/report 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.hcaptcha.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self' *.hcaptcha.com *.google.com *.vimeo.com; connect-src 'self' *.hcaptcha.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; font-src 'self' data:;manifest-src 'self';media-src 'self' *.vimeo.com *.akamaized.net data:; object-src 'self'; 1
frame-ancestors 'self' *.abelandcole.co.uk https://abelandcoleb2c.b2clogin.com 1
default-src 'self' 'unsafe-inline' data: *.eatclub.com *.myeatclub.com *.typekit.net unpkg.com *.google.com *.googleapis.com *.cloudfront.net *.sentry.io *.sentry-cdn.com *.braintreegateway.com *.freedompay.com newrelic.com *.newrelic.com *.googletagmanager.com *.fastly.net *.googleadservices.com bat.bing.com connect.facebook.net www.facebook.com *.google-analytics.com *.inspectlet.com *.newrelic.com *.doubleclick.net *.nr-data.net *.optimizely.com *.hs-scripts.com *.leadpages.net *.hsforms.net *.hsforms.com *.licdn.com *.workable.com *.hsadspixel.net *.hsleadflows.net *.hs-analytics.net *.hs-banner.com *.amazonaws.com *.lpages.co *.linkedin.com *.leadpages.io *.gstatic.com *.hubspot.com *.hubapi.com p.adsymptotic.com *.cloudflare.com *.github.io opensource.twitter.dev *.statuspage.io *.bootstrapcdn.com code.jquery.com *.onetrust.com eatclub.looker.com assets.website-files.com *.webflow.com cdn.jsdelivr.net cdn.embedly.com assets-global.website-files.com *.productfruits.com wss://*.productfruits.com sentry.io; frame-ancestors 'self' *.eatclub.com *.myeatclub.com *.inspectlet.com 1
'default-src' 'unsafe-inline' 'unsafe-eval' 'self' api.sacscoc.org googleapis.com *.googleapis.com google.com *.google.com gstatic.com *.gstatic 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss:; worker-src * blob:; frame-ancestors 'self' localhost:* *.citybreak.com citybreak.com; report-uri https://www.citybreak.com/report-uri/enforce 1
frame-src 'self' youtube.com player.vimeo.com app.termly.io forms.hsforms.com app.hubspot.com player.captivate.fm; 1
default-src 'self'; img-src 'self' data: https://api.mapbox.com https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.mapbox.com https://js.stripe.com/v3/ https://cse.google.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://api.mapbox.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://api.mapbox.com https://js.stripe.com/v3/ https://www.google-analytics.com; frame-src 'self' https://js.stripe.com https://calendar.google.com https://drive.google.com; 1
frame-ancestors 'self' https://*.bridgeclimb.com 1
frame-ancestors 'self' www.misericordia.edu misericordia.edu mymu.misericordia.edu; 1
frame-ancestors 'self' *.safecu.org *.safecuhb.org; object-src 'none' 1
frame-ancestors 'self' rockwellautomation.com rockwellautomation.com.cn *.rockwellautomation.com *.rockwellautomation.com.cn *.rockwellautomation.adobecqms.net ra.pisrc.net rabot.pisrc.net localhost localhost:*; 1
default-src 'self'; script-src data: blob: 'unsafe-inline' 'self' 'unsafe-eval' *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net snap.licdn.com *.k-analytix.com *.wp.com *.igodigital.com *.privacytools.com.br *.fullstory.com *.facebook.net *.k-analytix.com *.online-metrix.net *.gstatic.com *.handtalk.me plugin.handtalk.me; style-src data: blob: 'self' 'unsafe-inline' *.wp.com *.privacytools.com.br *.googleapis.com *.handtalk.me; img-src 'self' data: blob: *.bvsnet.com.br *.wp.com boavistaservicos.com.br *.boavistaservicos.com.br *.ytimg.com *.gravatar.com *.igodigital.com *.privacytools.com.br *.doubleclick.net *.googletagmanager.com *.google.com *.google.com.br *.facebook.com.br *.facebook.com *.linkedin.com *.google-analytics.com *.handtalk.me plugin.handtalk.me; font-src 'self' data: blob: *.wp.com 'unsafe-inline' *.gstatic.com; connect-src 'self' data: blob: ws: wss: *.konduto.com *.fullstory.com *.oribi.io *.privacytools.com.br *.google.com *.google-analytics.com *.doubleclick.net *.handtalk.me; frame-src 'self' data: blob: *.wp.com *.boavistaservicos.com.br *.youtube.com *.facebook.com *.doubleclick.net *.google.com *.google-analytics.com *.handtalk.me 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fastly.boarshead.com *.typekit.net ajax.googleapis.com *.addthis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.bugherd.com *.facebook.net *.facebook.com www.google-analytics.com *.chartbeat.com *.pinterest.com *.youtube.com *.serving-sys.com *.ytimg.com a248.e.akamai.net dnn506yrbagrg.cloudfront.net *.addthisedge.com *.twitter.com *.newrelic.com cdn.ampproject.org *.google.com *.nr-data.net hosted.where2stageit.com *.omnivirt.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://edge.marker.io https://marker.io *.pinimg.com *.chicoryapp.com chicoryapp.com *.quantserve.com *.quantcount.com *.cookielaw.org *.onetrust.com *.blob.core.windows.net *.moatads.com cdnjs.cloudflare.com https://cdn.tiny.cloud *.ensighten.com *.adsrvr.org *.pdst.fm *.spotify.com *.spotifycdn.com https://analytics.tiktok.com *.addtoany.com; font-src 'self' data: *.typekit.net *.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io https://edge.marker.io *.onetrust.com https://fastly.boarshead.com; style-src 'self' 'unsafe-inline' https://fastly.boarshead.com tagmanager.google.com fonts.googleapis.com *.myfonts.net *.onetrust.com *.typography.com https://cdn.tiny.cloud *.typekit.net *.googletagmanager.com; img-src 'self' blob: data: https://fastly.boarshead.com *.typekit.net www.google-analytics.com *.facebook.com *.chartbeat.net *.ytimg.com img.youtube.com *.adsrvr.org *.pinterest.com *.doubleclick.net *.gstatic.com *.google.com loadm.exelator.com ib.adnxs.com odr.mookie1.com tags.rd.linksynergy.com image2.pubmatic.com i.liadm.com io.narrative.io dmp.truoptik.com e.nexac.com match.sharethrough.com pixel.advertising.com pixel.tapad.com ads.scorecardresearch.com x.bidswitch.net adadvisor.net t.mookie1.com *.boarshead.com boarshead.com load77.exelator.com *.cdninstagram.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://media.marker.io https://marker.io https://edge.marker.io *.mathtag.com *.quantserve.com *.cookielaw.org *.twitter.com https://sp.tinymce.com/ *.docker.localhost/ https://www.googletagmanager.com; connect-src 'self' performance.typekit.net *.facebook.com *.addthis.com www.googletagmanager.com *.boarshead.com *.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://api.marker.io https://ssr.marker.io https://*.pinterest.com chicoryapp.com *.chicoryapp.com *.cookielaw.org *.blob.core.windows.net *.onetrust.com *.doubleclick.net *.nr-data.net *.cloudfunctions.net https://adservice.google.com https://www.google.com *.sentry.io https://analytics.tiktok.com; frame-src 'self' *.youtube.com *.addthis.com *.twitter.com *.facebook.com *.facebook.net *.doubleclick.net *.google.com locations.boarshead.com *.omnivirt.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io/ *.chicoryapp.com chicoryapp.com https://app.marker.io https://ct.pinterest.com https://*.adsrvr.org https://*.spotify.com; child-src https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://marker.io; media-src 'self' *.vimeo.com download-video.akamaized.net gcs-vimeo.akamaized.net *.vimeocdn.com *.omnivirt.com *.youtube.com vod-progressive.akamaized.net https://media.marker.io https://marker.io https://marker.io https://edge.marker.io; form-action *; report-uri https://boarshead.endpoint.csper.io; 1
default-src 'self'; script-src 'self' https://assets.panascais.net https://s.ytimg.com https://www.youtube.com https://vimeo.com https://player.vimeo.com; style-src https://assets.panascais.net 'unsafe-inline'; img-src 'self' https://static.panascais.net https://images.panascais.net https://videos.panascais.net https://i.ytimg.com https://img.youtube.com https://i.vimeocdn.com data: blob:; font-src https://static.panascais.net; connect-src 'self' https://static.panascais.net https://assets.panascais.net https://images.panascais.net https://noembed.com https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com https://api.mapbox.com https://events.mapbox.com; media-src https://static.panascais.net https://videos.panascais.net; child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com blob:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://vimeo.com https://player.vimeo.com; manifest-src 'self'; object-src 'none'; worker-src 'self' blob:; block-all-mixed-content; upgrade-insecure-requests; base-uri 'self'; report-uri https://panascais.net/api/report/content-security-policy; 1
base-uri 'self'; connect-src 'self' vimeo.com https://*.google-analytics.com myafiklmem--int.sandbox.my.site.com myafiklmem--uat.sandbox.my.site.com my.afiklmem.com cdn.decibelinsight.net wss://cdn.decibelinsight.net collection.decibelinsight.net wss://collection.decibelinsight.net cdn.linkedin.oribi.io px.ads.linkedin.com stats.g.doubleclick.net; default-src 'self' afiklmem.com; font-src 'self' fonts.gstatic.com my.afiklmem.com; frame-src 'self' player.vimeo.com www.recaptcha.net www.google.com my.matterport.com; img-src 'self' data: brix.afiklmem.com px.ads.linkedin.com www.linkedin.com https://*.google-analytics.com www.googletagmanager.com i.vimeocdn.com stats.g.doubleclick.net tr.lfeeder.com my.matterport.com cdn-2.matterport.com; object-src 'none'; report-uri /report/content-securicy-policy-violation; upgrade-insecure-requests; script-src 'self' 'nonce-267c526567ae7bb4c0143c8330918cd2' 'unsafe-eval' myafiklmem--int.sandbox.my.site.com myafiklmem--uat.sandbox.my.site.com my.afiklmem.com www.googletagmanager.com sc.lfeeder.com www.recaptcha.net www.gstatic.com snap.licdn.com px.ads.linkedin.com www.linkedin.com https://*.google-analytics.com cdn.decibelinsight.net collection.decibelinsight.net; form-action 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com myafiklmem--int.sandbox.my.site.com myafiklmem--uat.sandbox.my.site.com my.afiklmem.com 1
frame-ancestors 'self' *.tcgplayer.com *.channelfireball.com app.optimizely.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' *.crazyegg.com galleribygrail.containers.piwik.pro *.gstatic.com *.grail.com; font-src 'self' data: https: *.crazyegg.com; img-src 'self' data: https: *.crazyegg.com; object-src 'none'; 1
default-src 'self' energyhub.com unpkg.com lottie.host https://app.getreprise.com/launch/96mYVG6/ www.energyhub.com test-energyhub.pantheonsite.io dev-energyhub.pantheonsite.io getnitropack.com to.getnitropack.com nitropack.io cdn-hokkh.nitrocdn.com cdn-hohhl.nitrocdn.com cdn-hohij.nitrocdn.com *.nitrocdn.com api.getnitropack.com vimeo.com www.vimeo.com player.vimeo.com *.vimeocdn.com youtube.com www.youtube.com open.spotify.com bugcrowd.com assets.bugcrowdusercontent.com stats.g.doubleclick.net acsbapp.com *.acsbapp.com js.hsleadflows.net js-na1.hs-scripts.com track.hubspot.com perf.hsforms.com forms-na1.hsforms.com gstatic.com www.gstatic.com api.hubapi.com forms.hubspot.com hubspot.com js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net api.livechatinc.com secure.livechatinc.com google.com www.google.com google.ro www.google.ro www.google-analytics.com google-analytics.com *.google-analytics.com googletagmanager.com www.googletagmanager.com googleads.g.doubleclick.net js.hs-scripts.com cdn.livechatinc.com boards.greenhouse.io boards-api.greenhouse.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com js.hsforms.net devmatroid.wpengine.com devmatroid.wpengine.com cdnjs.cloudflare.com unpkg.com secure.gravatar.com fonts.googleapis.com fonts.gstatic.com browser.sentry-cdn.com app.hubspot.com static.hsappstatic.net  app.truconversion.com wss://io.truconversion.com *.truconversion.com 6751124.fs1.hubspotusercontent-na1.net cdn-cookieyes.com *.cookieyes.com *.google.com.* 'unsafe-inline' 'unsafe-eval' data: blob: ; 1
block-all-mixed-content; default-src 'self' 'unsafe-eval' 'unsafe-inline'; script-src 'self' https://up.nttdata.com/ https://app.secureprivacy.ai https://www.googleadservices.com http://fast.wistia.net https://www.google.co.uk https://www.youtube.com https://secure.hiss3lark.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://region1.google-analytics.com https://www.google-analytics.com http://report.datamints.com https://www.googletagmanager.com http://pi.pardot.com http://cdn.pardot.com https://cdn.cookielaw.org https://snap.licdn.com/ https://static.ads-twitter.com https://static.ads-twitter.com https://connect.facebook.net https://px.ads.linkedin.com https://analytics.twitter.com 'unsafe-eval' https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://snap.licdn.com https://wec-assets.terminus.services https://cdn.getsmartcontent.com https://s.getsmartcontent.com https://pagead2.googlesyndication.com https://chat-snippet.terminusplatform.com https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://chat-snippet.terminusplatform.com 'unsafe-inline'; style-src 'self'  https://app.secureprivacy.ai https://fonts.googleapis.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline';  img-src data: 'self' https://assets-jpcust.jwpsrv.com/ https://cdn.jwplayer.com/ https://p.adsymptotic.com/d/px/ https://app.secureprivacy.ai https://mc-a78accac-9008-4b4a-a630-822738-cdn-endpoint.azureedge.net https://mc-df12be52-7d83-4f7a-b108-778850-cdn-endpoint.azureedge.net https://mc-8afc6902-e56c-432c-8c3f-3991-cdn-endpoint.azureedge.net https://googleads.g.doubleclick.net https://www.google.co.uk https://px4.ads.linkedin.com https://ps.eyeota.net https://tags.bluekai.com/ https://x.bidswitch.net/ https://us-u.openx.net/ https://dpm.demdex.net/ https://id5-sync.com https://attr.ml-api.io https://secure.adnxs.com https://ads.avct.cloud https://s.ml-attr.com https://ads.avocet.io http://www.googletagmanager.com https://www.google.it https://www.google.com https://www.google-analytics.com http://report.datamints.com https://cdn.cookielaw.org/ https://px.ads.linkedin.com https://t.co https://www.linkedin.com https://www.linkedin.com https://www.facebook.com https://optimize.google.com https://match.adsrvr.org https://wec-assets.terminus.services https://www.google.hu https://px.ads.linkedin.com https://ad.doubleclick.net https://www.linkedin.com https://di3c8wks3odob.cloudfront.net; media-src 'self' https://mc-a78accac-9008-4b4a-a630-822738-cdn-endpoint.azureedge.net https://mc-df12be52-7d83-4f7a-b108-778850-cdn-endpoint.azureedge.net https://mc-8afc6902-e56c-432c-8c3f-3991-cdn-endpoint.azureedge.net; font-src 'self' https://fonts.gstatic.com https://ka-p.fontawesome.com data:; connect-src 'self' https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://pagead2.googlesyndication.com/ https://cdn.linkedin.oribi.io/ https://api-prod.secureprivacy.ai https://region1.google-analytics.com https://report.datamints.com https://privacyportal-de.onetrust.com https://stats.g.doubleclick.net https://www.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://px.ads.linkedin.com https://chat-team-management.terminus.services https://chat-visitor-info.terminus.services https://iotas.terminus.services wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-messaging.terminus.services; child-src 'self'  http://fast.wistia.net https://player.vimeo.com https://www.gstatic.com https://www.google.com https://w.soundcloud.com https://www.ivoox.com https://open.spotify.com https://www.youtube-nocookie.com https://8494019.fls.doubleclick.net; object-src 'self'; form-action 'self' ; frame-ancestors 'self'; frame-src https://nttdatanewyear.com/ https://diadegalicia2023.com/ https://www.diadegalicia2023.com/ https://api.dolffia.com/ https://player.simplecast.com/ https://embed.podcasts.apple.com/ https://www.ivoox.com/ https://player.hihaho.com/ https://app.secureprivacy.ai https://w.soundcloud.com https://optimize.google.com https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/bframe https://www.youtube-nocookie.com https://api.nttdatanewyear.com/ https://10155546.fls.doubleclick.net https://ad.doubleclick.net https://td.doubleclick.net 1
default-src 'self' *.episerver.net *.jquery.com *.soundcloud.com *.podbean.com player.vimeo.com *.youtube.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com; frame-ancestors 'self' *.vhb.com; script-src 'self' http://localhost:* http://localhost:51381 http://localhost:50093 http://localhost:55256 http://localhost:52756 http://localhost api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com 'unsafe-inline' 'unsafe-eval'; connect-src 'self' ws://localhost:49369 http://localhost:* ws://localhost:* ws://localhost:52756 http://localhost:50093 http://localhost:51381 ws://localhost:51381 ws://localhost:50093  http://localhost:52756 ws://localhost:55256 http://localhost:55256 http://localhost:49369 api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src  * data: blob: 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com;base-uri 'self'; form-action 'self'; 1
default-src 'self' https://api-site.backbase.com; connect-src 'self' https://cms-site.backbase.com/graphql https://ka-p.fontawesome.com https://kit.fontawesome.com https://vimeo.com *.wistia.com https://*.litix.io https://embedwistia-a.akamaihd.net c.6sc.co https://ipv6.6sc.co https://epsilon.6sense.com https://ws.zoominfo.com *.mktoresp.com *.mktoutil.com https://*.google-analytics.com https://*.clickagy.com *.adnxs.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://epsilon-cloudfront.6sense.com https://api.schedule.zoominfo.com backbase.dynamicvideo.uk https://js.zi-scripts.com https://bat.bing.com https://pagead2.googlesyndication.com https://*.clarity.ms https://px.ads.linkedin.com https://analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://epsilon-globalaccelerator.6sense.com https://scout.salesloft.com https://adservice.google.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://kit.fontawesome.com *.marketo.net *.marketo.com https://www.google.com https://www.gstatic.com j.6sc.co https://*.hotjar.com https://ws.zoominfo.com https://snap.licdn.com https://www.googleoptimize.com https://googleads.g.doubleclick.net *.wistia.com https://www.youtube.com https://player.vimeo.com https://*.google-analytics.com https://www.googleadservices.com https://tags.clickagy.com backbase.dynamicvideo.uk https://js.zi-scripts.com https://bat.bing.com https://ws-assets.zoominfo.com/formcomplete.js https://*.clarity.ms https://static.ads-twitter.com https://scout-cdn.salesloft.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://kit.fontawesome.com *.marketo.net *.marketo.com https://www.google.com https://www.gstatic.com j.6sc.co https://*.hotjar.com https://ws.zoominfo.com https://snap.licdn.com https://www.googleoptimize.com https://googleads.g.doubleclick.net https://tags.clickagy.com https://ws-assets.zoominfo.com https://schedule.zoominfo.com backbase.dynamicvideo.uk; child-src 'self' blob: https://www.youtube.com; frame-src https://www.youtube.com https://*.wistia.com/ *.marketo.net *.marketo.com https://www.google.com https://vars.hotjar.com https://td.doubleclick.net; frame-ancestors 'self' https://api-site.backbase.com https://cms-site.backbase.com; media-src 'self' blob: https://api-site.backbase.com https://cms-site.backbase.com *.backbase.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://backbase.dynamicvideo.uk; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com *.marketo.net *.marketo.com https://backbase.dynamicvideo.uk https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.marketo.net *.marketo.com https://backbase.dynamicvideo.uk; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com *.wistia.com https://ka-p.fontawesome.com; img-src 'self' data: https://api-site.backbase.com https://cms-site.backbase.com *.backbase.com backbase.com *.wistia.com *.marketo.net *.marketo.com b.6sc.co https://*.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.be https://www.google.nl https://*.clickagy.com https://*.agkn.com https://*.rlcdn.com https://cm.g.doubleclick.net https://pixel-sync.sitescout.com https://sync.crwdcntrl.net https://dpm.demdex.net https://stags.bluekai.com https://*.openx.net https://www.googletagmanager.com https://s.ml-attr.com https://secure.adnxs.com https://attr.ml-api.io https://backbase.dynamicvideo.uk https://fonts.gstatic.com https://*.bing.com https://*.clarity.ms https://www.google.com.pe https://www.google.it https://t.co https://analytics.twitter.com https://www.google.com.mx https://scout.US4.salesloft.com https://i.ytimg.com https://www.facebook.com; form-action 'self' https://api-site.backbase.com backbase.dynamicvideo.uk; manifest-src 'self'; upgrade-insecure-requests; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.sierratel.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://api.w.org https://www.google.com https://www.google-analytics.com https://speedtest.sti.net https://cdn.plyr.io https://cdn.acsbapp.com https://acsbapp.com https://maps.googleapis.com https://maps.gstatic.com http://code.jquery.com https://secure.gravatar.com https://ps.w.org https://code.jquery.com https://cdn.jsdelivr.net https://www.googleapis.com https://s.w.org https://library.elementor.com https://www.youtube.com https://www.youtube-nocookie.com https://i.ytimg.com 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google.com; connect-src 'self' https://*.google-analytics.com; img-src 'self' data: https://*.google-analytics.com https://www.googletagmanager.com; report-uri https://difer.report-uri.com/r/d/csp/enforce; report-to default 1
frame-src 'self' https://gdpr-api.sharethis.com https://acrobatservices.adobe.com/view-sdk/ https://my.matterport.com/ https://www.shopriteholdings.co.za       https://iframely.net https://flo.uri.sh/ https://audio.beyondwords.io https://www.instagram.com https://maps.shopriteholdings.co.za https://www.youtube.com https://www.google.com       https://public.flourish.studio/resources/embed.js https://player.vimeo.com/ https://*.bitrix24.eu https://irhosted.profiledata.co.za https://*.woxo.tech;     object-src 'self' https://www.shopriteholdings.co.za https://static.ads-twitter.com/ https://www.youtube.com https://www.google.com;     media-src 'self' https://www.youtube.com;     script-src 'self' https://acrobatservices.adobe.co https://www.youtube.com https://www.shopriteholdings.co.za 'unsafe-eval' 'unsafe-inline';     script-src-elem 'self' https://platform-api.sharethis.com https://t.sharethis.com https://gdpr-api.sharethis.com/ https://public.flourish.studio/resources/ https://static.ads-twitter.com/uwt.js https://proxy.beyondwords.io/npm/@beyondwords/audio-player@latest/dist/module/iframe-helper.js       https://www.instagram.com/embed.js https://iframely.net/ https://connect.facebook.net/ https://static.hotjar.com https://cdn2.woxo.tech https://script.hotjar.com/ https://platform-api.sharethis.com/js/sharethis.js       https://buttons-config.sharethis.com https://www.shopriteholdings.co.za https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://acrobatservices.adobe.com 'unsafe-inline';     child-src 'self' https://maps.shopriteholdings.co.za;     frame-ancestors 'self' https://www.shopriteholdings.co.za https://maps.shopriteholdings.co.za; 1
connect-src 'self' blob: *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;default-src 'self' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;frame-ancestors *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;font-src 'self' data: *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;media-src 'self' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;img-src 'self' blob: data: *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;frame-src 'self' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co;style-src 'self' 'unsafe-inline' *.3dsecure.no *.akamaized.net *.amazon.co.uk *.amazon.com *.amazonaws.com *.amazonpay.com *.analytics.google.com *.arcot.com *.awin1.com *.barclaycard.co.uk *.barclays.co.uk *.braintree-api.com *.braintree.com *.braintreegateway.com *.cardinalcommerce.com *.cloudfront.net *.criteo.com *.cxmlpg.com *.dekopay.com *.dwin1.com *.facebook.com *.facebook.net *.freespee.com *.google-analytics.com *.google.co.uk *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.gstatic.com *.icons8.com *.intercom.io *.intercomcdn.com *.kaptcha.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.klarnaservices.com *.klarnauserservices.com *.monzo.com *.mycardsecure.com *.newrelic.com *.nr-data.net *.openpay.com.au *.partpay.co.nz *.partpay.co.uk *.paymentexpress.com *.payments-amazon.com *.paypal.com *.paypalobjects.com *.queue-it.net *.securesuite.co.uk *.shopto.net *.sift.com *.ssl-images-amazon.com *.trustedsite.com *.trustpilot.com *.typekit.net *.vimeo.com *.vimeocdn.com *.youtube.com *.ywxi.net *.zenaps.com *.zip.co acs.apata.io acs.revolut.com acs1.mpts.modirum.com acs1.swedbank.se acs3.mpts.modirum.com ad.360yield.com ad.sxp.smartclip.net ad.yieldlab.net analytics.google.com analytics.tiktok.com analytics.twitter.com angus.finance-calculator.co.uk beacon.krxd.net cdn-images.mailchimp.com channel-cards-html.lloydsbankinggroup.com chimpstatic.com cm.adform.net cm.g.doubleclick.net contextual.media.net cotads.adscale.de criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net dynamic.criteo.com e1.emxdgt.com eb2.3lift.com eep.io emailsignature.trustpilot.com exchange.mediavine.com gallery.mailchimp.com gbemv3dsecure.garanti.com.tr google.com googleads.g.doubleclick.net gum.criteo.com hexagon-analytics.com https://*.google-analytics.com https://*.imgur.com https://2017.dc-test.de https://d23yuld0pofhhw.cloudfront.net https://hexagon-analytics.com https://www.dc-solution.de https://www.facebook.com https://www.shopto.net https://www.shopto.net/userdata/files/WelcomeToShopTo.mp4 i.liadm.com i.vimeocdn.com i.ytimg.com ib.adnxs.com id5-sync.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com lantern.roeye.com lantern.roeyecdn.com match.sharethrough.com matching.ivitrack.com mc.us15.list-manage.com mcusercontent.com net.us15.list-manage.com pagead2.googlesyndication.com partpayassets.blob.core.windows.net pay.google.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com safekey-3.americanexpress.com secure.adnxs.com simage2.pubmatic.com socialplugin.facebook.net songbird.cardinalcommerce.com static.ads-twitter.com static.zipmoney.com.au stats.g.doubleclick.net sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com t.co td.doubleclick.net unpkg.com uplay.exertisztorm.net ups.analytics.yahoo.com visa-secure-bxl.ing.de visa-secure-vdm.ing.de visitor.omnitagjs.com www.clicksafe.lloydstsb.com www.google.co.uk www.google.com www.google.pt www.instagram.com www.pagespeed-mod.com www.paypalobjects.com www.rsa3dsauth.co.uk www.safekey.americanexpress.com www.tag4arm.com x.bidswitch.net zip-co-media.imgix.net zip.co; 1
default-src 'self' data: *; style-src 'self' 'unsafe-inline' *; frame-ancestors 'self'; script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js https://cdn.syndication.twimg.com https://code.jquery.com https://js.intercomcdn.com https://kit.fontawesome.com/4f31121362.js https://cdn.jsdelivr.net/npm/algoliasearch@4.5.1/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4.8.3/dist/instantsearch.production.min.js https://platform.twitter.com https://stackpath.bootstrapcdn.com https://static.cloudflareinsights.com https://widget.intercom.io https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: blob: ; frame-src 'self' *.cloudflarestream.com *.vimeo.com 1
default-src https: data: wss: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-src 'self' *; frame-ancestors 'self' * 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bark.lgbt; img-src 'self' data: blob: https://bark.lgbt https://media.bark.lgbt; style-src 'self' https://bark.lgbt 'nonce-+ZFMBveAK2+U8lwjAWr6cA=='; media-src 'self' data: https://bark.lgbt https://media.bark.lgbt; frame-src 'self' https:; manifest-src 'self' https://bark.lgbt; form-action 'self'; child-src 'self' blob: https://bark.lgbt; worker-src 'self' blob: https://bark.lgbt; connect-src 'self' data: blob: https://bark.lgbt https://media.bark.lgbt wss://bark.lgbt; script-src 'self' https://bark.lgbt 'wasm-unsafe-eval' 1
frame-ancestors https://app.pendo.io https://consentcdn.cookiebot.com https://consent.cookiebot.com; default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.cookielaw.org https://*.onetrust.com https://*.pendo.io https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://consentcdn.cookiebot.com;  font-src 'self' https://use.typekit.net https://p.typekit.net https://fonts.gstatic.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://*.pendo.io https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com; connect-src 'self' https://*.pendo.io https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://api.ipify.org https://cdn.cookielaw.org https://*.onetrust.com https://*.cookiebot.com https://*.auth0.com; img-src 'self' data: image/svg+xml https://cdn.cookielaw.org https://*.pendo.io  https://*.connectiverx.com https://*.connectiverx-dev.com https://*.connectiverx-qa.com https://*.connectiverx-uat.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; frame-src 'self' https://app.pendo.io https://www.google.com/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.auth0.com; worker-src 'self' 1
default-src 'self' 'unsafe-inline' http://www.youtube.com http://youtube.googleapis.com http://www.google-analytics.com http://www.googleapis.com http://www.google.com http://www.gstatic.com http://www.kamis.or.kr http://curation.dgist.ac.kr wss://127.0.0.1:14440/ wss://127.0.0.1:14441/ wss://127.0.0.1:14442/ wss://127.0.0.1:14443/ wss://127.0.0.1:14444/ wss://127.0.0.1:14445/ wss://127.0.0.1:14446/ wss://127.0.0.1:14447/ wss://127.0.0.1:14448/ wss://127.0.0.1:14449/ http://stats.g.doubleclick.net; img-src 'self' 'unsafe-inline' data: http://t1.daumcdn.net http://map.daumcdn.net http://map0.daumcdn.net  http://map1.daumcdn.net http://map2.daumcdn.net http://map3.daumcdn.net http://img.youtube.com http://i.ytimg.com http://s1.daumcdn.net http://www.google.com http://clients1.google.com http://www.adsensecustomsearchads.com http://curation.dgist.ac.kr http://my.dgist.ac.kr http://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://developers.kakao.com http://t1.kakaocdn.net http://dapi.kakao.com http://t1.daumcdn.net http://www.youtube.com http://www.googletagmanager.com http://api.rss2json.com http://www.google.com http://clients1.google.com http://partner.googleadservices.com http://www.gstatic.com http://cse.google.com http://www.kamis.or.kr http://curation.dgist.ac.kr http://www.google-analytics.com;object-src 'self'; frame-src 'self' http://www.data.go.kr http://kapi.kakao.com 'unsafe-inline' http://kauth.kakao.com 'unsafe-inline' http://www.youtube-nocookie.com 'unsafe-inline' http://www.google.com 'unsafe-inline' http://www.youtube.com  'unsafe-inline' http://www.epeople.go.kr 'unsafe-inline' http://www.adsensecustomsearchads.com 'unsafe-inline' http://www.plainkorean.kr 'unsafe-inline'; font-src 'self' data: ; frame-ancestors 'self'; 1
script-src 'nonce-f16f50a9-b9c7-47c7-bfca-f7a6df2e72dd' 'strict-dynamic';base-uri 'none';form-action 'self' hmwk.ru disser.me accounts.google.com oauth.vk.com id.vk.com login.vk.com oauth.yandex.ru passport.yandex.ru;object-src 'none';default-src 'self';report-uri /shared/csp-report;img-src 'self' data: vk.com m.vk.com login.vk.com *.livetex.ru www.facebook.com connect.facebook.com yandex.ru mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net www.google-analytics.com analytics.google.com ssl.google-analytics.com www.google.com www.google.kz www.google.ru *.livetex.me www.googletagmanager.com core-renderer-tiles.maps.yandex.net api-maps.yandex.ru cdn.nanotech42.com/images/ i.ibb.co dmp.one pxl.hot-wifi.ru whitesaas.com/api/phone/check counter.yadro.ru/id/finmed.gif dmg.digitaltarget.ru/1/ *.dmg.digitaltarget.ru/1/ statik-us.info/loadfp acint.net/rmatch get4click.ru/api/get-cookie/ profilepxl.ru/c/sape_match;font-src 'self' data: *.livetex.me fonts.gstatic.com www.googletagmanager.com cdn.jsdelivr.net/npm/mathjax@3/es5/output/chtml/fonts/ fonts.googleapis.com;style-src 'self' 'unsafe-inline' www.gstatic.com hcaptcha.com *.hcaptcha.com fonts.googleapis.com;child-src 'self' blob: mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net;frame-src 'self' blob: *.livetex.me www.youtube.com www.facebook.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net hcaptcha.com *.hcaptcha.com rupertino.ru sonar.semantiqo.com https://hmwk.ru https://www.homeworkpro.ru https://xn--b1aqehcmro.xn--p1ai https://homewokpro.ru;frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com https://webvisor.com http://*.webvisor.com https://*.webvisor.com https://hmwk.ru https://www.homeworkpro.ru https://xn--b1aqehcmro.xn--p1ai https://homewokpro.ru;connect-src 'self' www.facebook.com connect.facebook.com www.google-analytics.com analytics.google.com ssl.google-analytics.com mc.yandex.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz mc.webvisor.com mc.webvisor.org yastatic.net stats.g.doubleclick.net statusnpd.nalog.ru hcaptcha.com *.hcaptcha.com *.livetex.ru *.livetex.me uaas.yandex.ru eun1.fptls.com eun1.fptls3.com dmp.one c.dmp.one profilepxl.ru/t/ green.concilio.ru/app/app.php profilepxl.ru/invoke; 1
frame-ancestors 'self' https://my.stcu.org https://spokanestaging.orb.alkamitech.com https://developer.dev.alkamitech.com 1
default-src https: 'unsafe-eval' 'unsafe-inline';object-src 'self'; 1
font-src 'self'; frame-src 'self' https://zaubar-cms-git-feature-mainauproject-zaubar.vercel.app/ https://mainau-anmeldung.newsletter2go.com/ https://79237.hc-apps.de https://79212.online-adventskalender.de https://www.paperturn-view.com/; img-src 'self' data: https://icons.clearapis.com/; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://tagmanager.google.com https://www.google.com https://www.google.de https://maps.google.de https://www.googletagmanager.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://polyfill.io; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://tagmanager.google.com https://www.google.com https://www.google.de https://fonts.googleapis.com https://maps.google.de https://www.googletagmanager.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://polyfill.io; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src 'self' wss: 'unsafe-eval' 'unsafe-inline' data: blob: *.youtube.com *.youtu.be *.google.com google.com *.google-analytics.com *.hotjar.com *.googleapis.com *.gstatic.com *.doubleclick.net *.legistar.com *.governmentjobs.com *.soundcloud.com *.vimeo.com *.fontawesome.com *.juicer.io *.googletagmanager.com *.jsdelivr.net *.ctctcdn.com *.hawaiicovid19.com *.cityhealthuc.com *.jotform.com *.hawaii.gov *.facebook.net *.facebook.com unpkg.com *.unpkg.com *.licdn.com *.linkedin.com 1
default-src 'self'; object-src 'self'; img-src * data:; font-src 'self' fonts.gstatic.com; connect-src 'self' api.chatling.ai chatling.ai u.clarity.ms www.youtube.com api.typeform.com cta-service-cms2.hubspot.com s.clarity.ms w.clarity.ms o.clarity.ms z.clarity.ms px.ads.linkedin.com pagead2.googlesyndication.com cdn.linkedin.oribi.io region1.analytics.google.com analytics.google.com forms.hscollectedforms.net q.clarity.ms x.clarity.ms r.clarity.ms service.google.com adservice.google.com www.facebook.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com js.hs-banner.com call.corefy.com region1.google-analytics.com api.hubspot.com api.hubapi.com forms.hubspot.com m.clarity.ms e.clarity.ms i.clarity.ms b.clarity.ms d.clarity.ms h.clarity.ms l.clarity.ms a.clarity.ms n.clarity.ms www.google-analytics.com stats.g.doubleclick.net; style-src 'unsafe-inline' 'self' embed.typeform.com fonts.googleapis.com www.gstatic.com; frame-src 'self' embed.chatling.ai form.typeform.com paycore-5818496.hs-sites.com call.corefy.com td.doubleclick.net forms.hsforms.com app.hubspot.com bid.g.doubleclick.net www.google.com www.facebook.com e.infogram.com www.youtube.com; frame-ancestors 'self' form.typeform.com; script-src 'unsafe-inline' 'self' a.quora.com chatling.ai embed.typeform.com js.hubspot.com snap.licdn.com static.hsappstatic.net js.hsforms.net js.usemessages.com googleads.g.doubleclick.net www.googleadservices.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hs-scripts.com www.clarity.ms l.clarity.ms chart.googleapis.com ajax.cloudflare.com static.cloudflareinsights.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com connect.facebook.net 1
default-src 'self' cityseeker.com data: *.fbcdn.net *.tapayments.com *.viator.com *.tamg.cloud *.accdab.net *.cdn-net.com *.cloudflare.com *.wcities.com *.fbsbx.com *.itstourvideo.tv *.doubleclick.net *.vimeo.com *.youtube.com *.what3words.com *.googletagmanager.com *.google.co.in *.doubleclick.net *.google-analytics.com *.cityseeker.com *.apple-mapkit.com *.apple.com *.hereapi.com *.googleapis.com *.here.com *.pinterest.com *.cloudfront.net *.rackcdn.com *.resy.com *.twitter.com *.facebook.net *.facebook.com *.googletagmanager.com *.gstatic.com *.googleusercontent.com *.google.com blob: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; frame-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com *.msecnd.net https://wsba.app.box.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://i0.wp.com https://widgets.guidestar.org https://www.googletagmanager.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://wsba.app.box.com https://www.google.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.analytics.google.com *.gstatic.com *.frontify.com *.cloudinary.com stats.g.doubleclick.net https://dc.services.visualstudio.com; 1
default-src 'self'; script-src 'self; img-src 'self'; object-src 'none'; font-src 'self'; frame-ancestors 'none' https: 1
default-src 'none';child-src 'self';script-src 'self' nonce-rujgj1JYk24m9bAZWLBas9aQO0UHQwsT about: https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://browser.sentry-cdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sentry.io https://o103315.ingest.sentry.io;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' data: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://tile.openstreetmap.org;frame-ancestors 'none';frame-src 'self' https://www.google.com/recaptcha/ https://local-sapphire.arista.io:447/ https://develop-sapphire.arista.io/ https://sapphire.arista.io/ blob:;font-src 'self' https://fonts.gstatic.com data:;connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://sentry.io/api/ data: wss://www.arista.io o103315.ingest.sentry.io;manifest-src 'self';block-all-mixed-content; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://linfan.moe wss://linfan.moe https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com; font-src 'self' https://assets.tomorrow.one; object-src 'none'; media-src 'self' https://videos.ctfassets.net https://assets.tomorrow.one; connect-src 'self' https://api.staging.aws.tomorrow.one https://api.tomorrow.one https://web.staging.internal.aws.tomorrow.one https://www.tomorrow.one https://www.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.adjust.com https://evnt.byspotify.com https://analytics.tiktok.com https://www.facebook.com https://ct.pinterest.com https://bat.bing.com *.clarity.ms https://tr.snapchat.com https://trc-events.taboola.com https://trc.taboola.com https://s2s.adjust.com https://www.financeads.net; frame-src https://cdn.podigee.com https://player.podigee-cdn.net https://player.vimeo.com https://ueber-morgen.podigee.io https://www.facebook.com https://bid.g.doubleclick.net https://tpc.googlesyndication.com https://optimize.google.com https://www.pinterest.com https://tr.snapchat.com https://www.surveymonkey.com; img-src 'self' data: https://assets.tomorrow.one https://content.live.aws.tomorrow.one https://images.ctfassets.net https://images.podigee.com www.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.google.de https://www.google-analytics.com https://www.facebook.com https://connect.facebook.net https://ct.pinterest.com https://www.pinterest.com https://bat.bing.com https://c.bing.com *.clarity.ms https://optimize.google.com https://tr.snapchat.com https://www.financeads.net https://prod.smassets.net; worker-src 'none'; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://connect.facebook.net https://cdn.adjust.com https://pixel.byspotify.com https://analytics.tiktok.com https://tr.snapchat.com https://s.pinimg.com https://ct.pinterest.com https://bat.bing.com https://www.clarity.ms https://optimize.google.com https://cdn.taboola.com https://trc.taboola.com https://sc-static.net https://widget.surveymonkey.com https://ajax.googleapis.com; manifest-src 'self' https://assets.tomorrow.one; 1
script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com/recaptcha/releases/ https://tagmanager.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tagm.hapimag.com https://new-hapimag-com.disqus.com/ https://static.guuru.com/ https://cdn.cookielaw.org/ https://bat.bing.com/ https://www.googleadservices.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.cloudflare.com https://*.youtube.com https://*.youtube-nocookie.com http://www.youtube.com/iframe_api https://*.pinimg.com https://*.scarabresearch.com https://*.cloudflareinsights.com https://*.redditstatic.com https://*.ubembed.com/ https://*.js.ubembed.com/ https://*.spoteffects.net; frame-ancestors 'self'; form-action 'self' 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://upload.cx:8443/socket.io/ wss://upload.cx:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self' http://*.sprxcms.com https://*.sprxcms.com http://*.tiarccms.co.uk https://*.tiarccms.co.uk https://*.sparxvr.com https://*.sprxvr.com; 1
default-src https: 'unsafe-inline'; img-src  https: 'self' data:; 1
default-src 'self'  ; style-src 'self' 'unsafe-hashes' 'sha256-bKlnkj8adMNnkA/TTOQ/kvIo/nsY7vUFdeD8ym1aJpg=' 'sha256-KQbQ6ku9BEglpV4Qt1nG9rzxnb4cUMUHYJM6sid6/I8=' 'sha256-alE5suRrdbebLKtLiE2Hg1aXIMnxRfgBA0ZeNjq9NmU=' 'sha256-TtQ7ixpFiJbIBDwz7yUOVMWnecUeZZNoy38BmYC1uDE=' 'sha256-hE7yiZ4SBrgc2jzC1qXiQW+fKAxgW5j3LKWDQ4WrvcA=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-LUSpmpDka5d1eNM83iv5MIF9w+VcDX28GDgb80cr5Zk=' 'sha256-zfxvpSDYX+8hVV2kZaaMpwfJwHzifsZewwzzM4MOIfw=' 'sha256-HM3TDTqZAXAXyMIKAYi/2OiZZCAtHdj/imXzEShnwoQ=' 'sha256-nMxMqdZhkHxz5vAuW/PAoLvECzzsmeAxD/BNwG15HuA=' 'sha256-wPdukxe1oeJdx9X21itB1sRjn5v+scGOtVbspm/NI9o=' 'sha256-qQUBUjasnJdhrNlgzajDJnnOf9HGERy1tkajP7dru0c=' 'sha256-bJSUelnavo57IXT6QlwPwpl3oOQUU/jnHgrykZL45Jg='; style-src-elem 'self' https://statics.goltelevision.com https://fonts.googleapis.com 'sha256-4/2nIlfwIVTJ1+JcNQ6LkeVWzNS148LKAJeL5yofdN4=' 'sha256-wIuuK5ba7OAcKAanTmQNfXsquALURJjbDNey9fYOgrk=' 'sha256-MmexY5TvGETQJqrtJ6f8kSEYdd+y7gus2NY+YHH5/vM=' 'sha256-nDhLw//a9aZnveUH3QKINzipBHNw9ZnXKloj4TihMF0=' 'sha256-hzT5Kl86/9USQu6e2LV/51fwNBbSK2y+7k0yLMCvL6c=' 'sha256-ccTZj0GtzQtzTKQ3seTn147YGq4fFUd2iTYlF4yhdoM=' 'sha256-PLhQ1IguHjjEeFz1rcHAp1G0kdXEviAPtpMGhKEoxLw=' 'sha256-uN6eefebeknnbvlKWg8VrkRpLQGz0BPZh4VgakqZTW8=' 'sha256-cAKDo61crfQPZrlW6nDoMtrKcKtIISquPs9rNMT4cNQ=' 'sha256-CASHUmTb7vGUQqsaUYgofI0TXWMjOSr6Xw5MXDpGV+Q=' 'sha256-GZMJM92MJhMbP9NPocU6cCSR3vgc9lMvnPT7fyetGSc=' 'sha256-Osust2SMduROWCSJzYTjYl1Ga0pydKi3Y8A+HEvm8HA=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-+WXIHZMeGYNO5medOO3R75Ep89muvBCBUfqjzJag/mo=' 'sha256-9NRlzTHkLkK1Ja16G3o0Ayns7a01NFwL2vjlUIkpsVM='; worker-src blob:; media-src blob: https://vod.goltelevision.com https://play.goltelevision.com https://d1vdk22eeu518c.cloudfront.net https://d178lq3bc24r75.cloudfront.net https://d320yvtdqi6z1s.cloudfront.net; script-src-elem 'self' https://consent.cookiebot.com https://imasdk.googleapis.com https://statics.goltelevision.com https://www.gstatic.com http://www.gstatic.com https://consentcdn.cookiebot.com https://r.sascdn.com https://ced-ns.sascdn.com https://ced.sascdn.com https://www3.smartadserver.com https://s0.2mdn.net https://pagead2.googlesyndication.com https://www.google.com https://www.googletagmanager.com 'sha256-iWwmqeDffLaDZS4xnBhzTNWMTxX0T2yDRsfZNdWGYZE=' 'sha256-AKbj2Z6mbr41TLtF1LXr2x0mBr1WuLBPS6y661sPyvk=' 'sha256-7DwwwNdSraN3hUQ4/QAUb3fmBVAF99+kTaRmhxzht/g='; img-src 'self' data: https://statics.goltelevision.com https://static.goltelevision.com https://estaticos.goltelevision.com https://imgsct.cookiebot.com https://cdn.jwplayer.com https://pagead2.googlesyndication.com https://euw1.smartadserver.com https://euw2.smartadserver.com https://itx5.smartadserver.com https://itx4.smartadserver.com https://www.google.es https://www.googletagmanager.com; connect-src 'self' https://consentcdn.cookiebot.com https://id5-sync.com https://securepubads.g.doubleclick.net https://region1.analytics.google.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://play.goltelevision.com https://vod.goltelevision.com https://d1vdk22eeu518c.cloudfront.net  https://a-fds.goltelevision.com  https://infinity-c9.goltelevision.com  https://infinity-c8.goltelevision.com  https://infinity-c7.goltelevision.com  https://infinity-c6.goltelevision.com  https://infinity-c5.goltelevision.com  https://infinity-c4.goltelevision.com  https://infinity-c2.goltelevision.com  https://infinity-c1.goltelevision.com  https://infinity-c01.goltelevision.com  https://infinity-c02.goltelevision.com  https://infinity-c19.goltelevision.com  https://infinity-c18.goltelevision.com  https://infinity-c16.goltelevision.com  https://infinity-c15.goltelevision.com  https://infinity-c12.goltelevision.com  https://infinity-c11.goltelevision.com  https://infinity-c10.goltelevision.com  https://infinity-c15.goltelevision.com; font-src 'self' https://statics.goltelevision.com data: https://fonts.gstatic.com; frame-src https://consentcdn.cookiebot.com http://imasdk.googleapis.com https://imasdk.googleapis.com https://www.google.com https://td.doubleclick.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://www.googletagmanager.com https://www.google-analytics.com https://*.g.doubleclick.net https://snap.licdn.com https://*.googlesyndication.com https://img.en25.com https://connect.facebook.net https://static.ads-twitter.com https://ws.zoominfo.com https://*.googleadservices.com https://*.google.com https://*.brightcove.com https://*.gstatic.com https://maps.googleapis.com https://*.hotjar.com https://*.clarity.ms https://vjs.zencdn.net https://secure.p04.eloqua.com https://tag.demandbase.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com https://*.opendns.com https://opencdn.fpjs.sh https://fpnpmcdn.net https://*.linkedin.com https://*.gartner.com https://cdnjs.cloudflare.com https://openfpcdn.io; object-src 'self'; style-src 'self' 'unsafe-inline' https://*.viavisolutions.com https://*.googleapis.com https://tags.srv.stackadapt.com https://www.googletagmanager.com https://players.brightcove.net https://www.gartner.com https://*.brightcove.com; img-src 'self' about: blob: data: https://*.viavisolutions.com http://comms.viavisolutions.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googlesyndication.com https://*.google.com https://maps.gstatic.com https://maps.googleapis.com https://*.clarity.ms https://t.co https://analytics.twitter.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://www.facebook.com https://*.brightcove.com https://ws.zoominfo.com https://*.boltdns.net https://fonts.gstatic.com https://id.rlcdn.com https://segments.company-target.com https://tags.srv.stackadapt.com https://stickerly.pstatic.net https://players.brightcove.net https://*.gartner.com; media-src 'self' blob: https://*.brightcovecdn.com https://*.boltdns.net https://*.media.brightcove.com https://*.akamaihd.net https://*.cf.brightcove.com; frame-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://td.doubleclick.net https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com; frame-ancestors 'self' https://*.viavisolutions.com https://viavi.seismic.com; child-src 'self' blob: https://*.viavisolutions.com https://players.brightcove.net https://view.ceros.com https://*.youtube.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://www.facebook.com https://s.company-target.com https://widget.spreaker.com https://packetpushers.net https://*.gartner.com https://*.linkedin.com; font-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://players.brightcove.net https://*.brightcove.com; connect-src 'self' https://*.viavisolutions.com https://players.brightcove.net https://*.gstatic.com https://www.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.google.com https://maps.googleapis.com https://*.g.doubleclick.net https://tags.srv.stackadapt.com https://*.brightcove.com https://ws.zoominfo.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.clarity.ms https://*.boltdns.net https://*.akamaihd.net https://cdn.linkedin.oribi.io https://www.facebook.com https://api.company-target.com https://tag-logger.demandbase.com https://*.opendns.com https://px.ads.linkedin.com https://api.fpjs.io https://www.feedrapp.info; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://furry.engineer; img-src 'self' data: blob: https://furry.engineer; style-src 'self' https://furry.engineer 'nonce-x5fj3BEjRDjzHFki91fITg=='; media-src 'self' data: https://furry.engineer; frame-src 'self' https:; manifest-src 'self' https://furry.engineer; form-action 'self'; child-src 'self' blob: https://furry.engineer; worker-src 'self' blob: https://furry.engineer; connect-src 'self' data: blob: https://furry.engineer wss://furry.engineer; script-src 'self' https://furry.engineer 'wasm-unsafe-eval' 1
default-src 'self' http://www.cmbwinglungbank.com http://cmf https://www.cmbwinglungbank.com http://ac.cmbwinglungbank.com https://ac.cmbwinglungbank.com https://www.cmbwinglungsec.com http://www.cmbwinglungsec.com http://www.winglungbank.com https://www.winglungbank.com http://ac.winglungbank.com https://ac.winglungbank.com https://www.winglungsec.com https://www.winglungfutures.com http://www.winglungsec.com http://www.winglungfutures.com fc10.etwealth.com http://cmblive.hlslive.zh.cmbchina.com https://demo02.etwealth.com http://demo02.etwealth.com https://m2.cmbwinglungbank.com *.cmbchina.com https://cms.aqumon.com https://push.cmbwinglungbank.com;style-src 'self' 'unsafe-inline';img-src 'self' data:;font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://api.map.baidu.com; frame-ancestors 'self' fc10.etwealth.com http://cmblive.hlslive.zh.cmbchina.com https://hkwallet.moneydata.hk *.winglungbank.com *.cmbwinglungbank.com *.cmbwinglungsec.com *.winglungsec.com *.cmbchina.com https://cms.aqumon.com; 1
default-src 'self' fonts.gstatic.com fonts.googleapis.com bf56065spx.bf.dynatrace.com www.google.com www.gstatic.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' js-cdn.dynatrace.com www.google-analytics.com www.google.com www.gstatic.com; img-src 'self' data: www.google-analytics.com www.google.com www.gstatic.com 1
default-src 'self' https: data: blob: nonce- sha256- 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' localhost *.vapesupplies.com *.e-liquids.uk vapemail.uk *.notblowingsmoke.com recaptcha.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hostux.social; img-src 'self' https: data: blob: https://hostux.social; style-src 'self' https://hostux.social 'nonce-MnpvZVMjLGdJq/fx5e7qlA=='; media-src 'self' https: data: https://hostux.social; frame-src 'self' https:; manifest-src 'self' https://hostux.social; form-action 'self'; child-src 'self' blob: https://hostux.social; worker-src 'self' blob: https://hostux.social; connect-src 'self' data: blob: https://hostux.social https://hostux.social wss://hostux.social; script-src 'self' https://hostux.social 'wasm-unsafe-eval' 1
frame-ancestors widgetcalculator.otpbanka.rs ebank.otpbanka.rs www.otpbanka.rs otpbanka.rs; 1
default-src https: data: *.crisp.chat *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com wss://*.crisp.chat 'unsafe-inline' 'unsafe-eval' always; worker-src 'self' blob:; img-src 'self' *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; media-src 'self' *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; object-src 'self' https://* blob: data:; connect-src 'self' *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* wss://*; font-src 'self' https://* blob: data:; frame-src 'self' *.facebook.com *.tumblr.com *.pinterest.com *.google-analytics.com *.doubleclick.net *.youtube.com *.googleapis.com https://* blob: data:; 1
script-src 'self' https://*.google.com https://js.monitor.azure.com https://www.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://*.msecnd.net 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * data: blob: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' *.teckids.org; img-src 'self' data: *.teckids.org; media-src 'self' *.teckids.org; object-src 'self' *.teckids.org; frame-src 'self' *.teckids.org; form-action 'self' *.teckids.org 1
frame-ancestors https://snapsheetvice.com https://www.rvezy.com https://*.openly.com https://loggerhead.insurance https://*.unqork.io https://*.ourbranch.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' data:; form-action *; frame-src blob: *; frame-ancestors 'self'; connect-src *; upgrade-insecure-requests; 1
frame-src ops-cb.namabank.com.vn ops-static.namabank.com.vn ; 1
default-src 'none'; child-src 'self' www.youtube.com www.googletagmanager.com; connect-src 'self' *.typekit.net *.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net *.ads.linkedin.com metrics.hotjar.io vc.hotjar.io createsend.com *.createsend.com; font-src 'self' *.typekit.net *.ytimg.com *.youtube.com www.googletagmanager.com data:; frame-src 'self' *.youtube.com www.youtube-nocookie.com www.googletagmanager.com recaptcha.google.com www.google.com; img-src 'self' *.jandenul.com *.typekit.net *.ytimg.com *.youtube.com www.googletagmanager.com *.ads.linkedin.com *.basemaps.cartocdn.com www.google-analytics.com data:; manifest-src 'self'; media-src 'self'; script-src 'self' 'report-sample' https://content.linkedin.com https://google-analytics.com https://googletagmanager.com https://js.createsend1.com https://m.youtube.com https://platform.linkedin.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.net https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com momentjs.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://content.linkedin.com https://google-analytics.com https://googletagmanager.com https://js.createsend1.com https://m.youtube.com https://platform.linkedin.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.net https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.google.com momentjs.com; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net *.licdn.com tagmanager.google.com www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' www.google-analytics.com *.linkedin.com stats.g.doubleclick.net; base-uri 'self'; form-action 'self' http://staging.jdn-ds-jandenulcom.calibrate.dev createsend.com *.createsend.com; frame-ancestors 'self'; report-uri https://www.jandenul.com/log-report-uri/enforce; block-all-mixed-content 1
frame-ancestors 'self' https://*.office365.com https://*.office.com  https://*.outlook.com https://*.live.com; 1
default-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com; font-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.gstatic.com *.googleapis.com; script-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com 'unsafe-inline' 'unsafe-eval' *.calendly.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.doubleclick.net *.zdassets.com *.hotjar.com *.stripe.com *.cloudflare.com *.ctctcdn.com *.vimeocdn.com *.facebook.net cdn.jsdelivr.com *.cookiebot.com; child-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.amazonaws.com *.cloudfront.net *.vimeo.com *.doubleclick.net code.jquery.com; style-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com 'unsafe-inline' *.cloudflare.com *.ctctcdn.com *.googleapis.com; img-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com *.g2.com *.google.com *.googletagmanager.com *.facebook.com *.google-analytics.com s3.amazonaws.com imgsct.cookiebot.com; connect-src *; frame-src 'self' data: *.waiverforever.com *.waiverforever.cn *.herokuapp.com calendly.com *.calendly.com *.vimeo.com *.google.com *.doubleclick.net *.hotjar.com consentcdn.cookiebot.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adoberesources.net *.apolloplatform.com *.brightcove.com *.brightcove.net *.clarity.ms *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.ftsites.com *.fti-cloud.com *.kampyle.com *.marketo.com *.marketo.net *.mktoutil.com *.qualtrics.com *.twimg.com *.yimg.com amplify.outbrain.com apps.mypurecloud.com assets.adoberesources.net bat.bing.com browser-update.org cdn.cookielaw.org cdn.decibelinsight.net classify.gofurther.com connect.facebook.net documentcloud.adobe.com platform.twitter.com resources.digital-cloud-west.medallia.com schema.apolloplatform.com script.mfilterit.net snap.licdn.com ssl.google-analytics.com static.ads-twitter.com static.cloudflareinsights.com tr.outbrain.com up.pixel.ad vjs.zencdn.net wss://*.decibelinsight.com wss://*.decibelinsight.net www.google-analytics.com www.googletagmanager.com zn9nsigbnk054lp8n-frk.siteintercept.qualtrics.com ;  connect-src 'self' *.adobe.io *.akamaihd.net *.apolloplatform.com *.clarity.ms *.analytics.google.com *.boltdns.net *.brightcove.com *.brightcove.net *.browser-intake-datadoghq.com *.decibelinsight.com *.decibelinsight.net *.doubleclick.net *.franklintempleton.com *.frk.com *.ftsites.com *.fti-cloud.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.kampyle.com *.marketo.com *.mktoresp.com *.mktoutil.com *.onetrust.com *.onetrust.io *.qualtrics.com *.cloudhub.io *.widen.net *.widencdn.net 848-iap-939.mktoresp.com adservice.google.com bat.bing.com cdn.cookielaw.org cdn.linkedin.oribi.io classify.gofurther.com dc.services.visualstudio.com fti.wsodqa.com hummingbirdwebsocket-va7.cloud.adobe.io resources.digital-cloud-west.medallia.com pdswebapi.fti-cloud.com s.yimg.com wss://*.decibelinsight.com wss://*.decibelinsight.net www.facebook.com www.fti.wallst.com wss://*.adobe.io ;  img-src 'self' data: *.adsymptotic.com *.akamaihd.net *.analytics.google.com *.boltdns.net *.brightcove.com *.cookielaw.org *.doubleclick.net *.facebook.com *.fti-cloud.com *.franklintempleton.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kampyle.com *.linkedin.com *.qualtrics.com *.stocksnap.io *.twimg.com *.widen.net *.widencdn.net analytics.twitter.com bat.bing.com browser-update.org c.bing.com c.clarity.ms classify.gofurther.com d21y75miwcfqoq.cloudfront.net di.rlcdn.com fa.aidemsrv.com fml-x.com franklintempletonprod.widen.net pixel.sitescout.com platform.twitter.com px.ads.linkedin.com r.turn.com resources.digital-cloud-west.medallia.com rtp-static.marketo.com sp.analytics.yahoo.com syndication.twitter.com t.co tr.outbrain.com tk-static.fml-x.com www.google.at www.google.be www.google.bg www.google.ca www.google.ch www.google.cn www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.za www.google.com.ar www.google.com.au www.google.com.bn www.google.com.br www.google.com.cy www.google.com.hk www.google.com.im www.google.com.mt www.google.com.mx www.google.com.my www.google.com.ph www.google.com.sg www.google.com.sl www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.uy www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hu www.google.ie www.google.it www.google.jo www.google.li www.google.lt www.google.lu www.google.lv www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.ru www.google.si www.google.sk assets.adoberesources.net lh3.googleusercontent.com ;  font-src 'self' data: *.ftsites.com fonts.googleapis.com fonts.gstatic.com templeton.com *.franklintempleton.com *.franklintempleton.lu *.typekit.net ;  style-src 'self' 'unsafe-inline' *.franklintempleton.com *.ftsites.com *.googletagmanager.com *.kampyle.com *.marketo.com fonts.googleapis.com fonts.gstatic.com platform.twitter.com *.typekit.net ;  worker-src blob: *.decibel.net ; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-ae68428517a93407bac072cb96c6687e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
connect-src 'self' data: https://execution-ci360.icabanken.se https://delivery-ci360.icabanken.se https://analytics.icabanken.se https://*.google.se https://*.google.com https://*.google.co.uk https://*.google.es https://*.google.no https://*.google.fr https://*.google.de https://*.google.fi https://*.google.dk https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net/ https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://t2lcib.ica.se/ https://cms.icabanken.se https://privat.icabanken.se https://login.icabanken.se https://ims.icagruppen.se https://apimgw-pub.ica.se https://digital-assistant.ica.se https://calm-hill-02d934703.2.azurestaticapps.net http://*.mopinion.com execution-ci360.test.icabanken.se; default-src 'self'; font-src 'self' https://assets.icanet.se data: https://*.mopinion.com; frame-src 'self' bankid: https://secure.msse.se https://analytics.icabanken.se https://login.icabanken.se https://*.mopinion.com https://player.cvm3.se; img-src 'self' data: https://content-ci360.icabanken.se https://analytics.icabanken.se https://*.google.se https://*.google.com https://*.google.co.uk https://*.google.es https://*.google.no https://*.google.fr https://*.google.de https://*.google.fi https://*.google.dk https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net/ https://assets.icanet.se https://bilder.hemnet.se https://cms.icabanken.se https://*.mopinion.com https://calm-hill-02d934703.2.azurestaticapps.net; media-src data:; script-src 'self' 'unsafe-inline' https://execution-ci360.icabanken.se https://delivery-ci360.icabanken.se https://analytics.icabanken.se https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://s2.adform.net https://track.adform.net https://digital-assistant.ica.se https://js-agent.newrelic.com https://calm-hill-02d934703.2.azurestaticapps.net https://*.mopinion.com execution-ci360.test.icabanken.se; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://analytics.icabanken.se https://assets.icanet.se https://digital-assistant.ica.se https://calm-hill-02d934703.2.azurestaticapps.net https://*.mopinion.com 1
default-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' cookiehub.net https://dash.cookiehub.com/; img-src 'self' https://kvika.cdn.prismic.io https://prismic-io.s3.amazonaws.com images.prismic.io assets.kvika.is https://assets.vercel.com https://www.facebook.com data:; font-src 'self' data:; manifest-src 'self'; script-src 'self' https://cookiehub.net/c2/cbd8fa92.js 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; connect-src 'self' cdn.segment.com api.segment.io *.segmentapis.com https://api.staging.kvika.is o394619.ingest.sentry.io https://prod-232.westeurope.logic.azure.com https://api.kvika.is cookiehub.net consent.cookiehub.net https://vitals.vercel-insights.com/v1/vitals https://consent.cookiehub.net/log https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://*.algolia.net https://*.algolianet.com https://region1.google-analytics.com https://prod-215.westeurope.logic.azure.com:443 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; frame-src www.google.com https://kvika.prismic.io/ https://www.youtube.com https://vimeo.com https://vercel.live/; object-src 'none'; frame-ancestors 'none'; media-src 'none'; worker-src 'none'; child-src 'none'; form-action 'none'; script-src-elem 'self' cdn.segment.com api.segment.io www.google.com https://www.gstatic.com https://static.cdn.prismic.io https://prismic.io https://www.youtube.com https://cdn.vercel-insights.com/v1/script.debug.js https://vercel.live/_next-live/feedback/feedback.js https://cookiehub.net/c2/cbd8fa92.js 'sha256-gWCqfvMz6gFY4H/Mp7RV+XjLH7rk7PPLATCuGeG+iXI=' 'sha256-Yp8iS3F034uTKuR4TdrPhoUldVQPTmqM7o6bdu1USS8=' 'sha256-JvbmMLt1q/lwi8wQLTE/LnQWNGjodcH1QIUO/5GGdRA=' 'sha256-gl8xNJRHfG8vAtbpa3dnM5IFgTj+MX2Jj/YAo8X8afQ=' 'sha256-X9ULMWyazaLadUxVXpgiextyE/U3aX2FK/rcjrya3gc=' 'sha256-WNPGWdj2di0h2Lb/r3IDKqFbnj0Cx3ECli0VsVTGtVE=' 'sha256-uMeGRS4Ymwe80vgv/35Fz7dbN5np7QoZJ3uutNOoCSk=' 'sha256-km+zOqalmwWcNr9vswrWcmXNpD78mtPohx8sh9YexGc=' https://www.googletagmanager.com http://www.googletagmanager.com https://region1.google-analytics.com connect.facebook.net/ 'unsafe-eval' https://static.cdn.prismic.io localhost:3000  https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://cookiehub.net/c2/cbd8fa92.js ; 1
frame-ancestors 'self' *.websitepulse.com *.websitepulse.net *.mywebreports.net http://ns.de/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.rawgit.com *.liveperson.net *.lpsnmedia.net https://*.google.com *.googleapis.com *.google-analytics.com *.mywebreports.net *.websitepulse.com https://www.googletagmanager.com https://www.gstatic.com https://platform.twitter.com https://platform.linkedin.com https://websitepulseblog.disqus.com https://assets.pinterest.com https://*.cloudflare.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-+Hq058KBz4UTjw6sfEWKlg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self'; connect-src 'self' bam.nr-data.net *.cookielaw.org *.onetrust.com; font-src 'self' *.onetrust.com *.fontawesome.com *.typekit.net; frame-src 'self' www.google.com; img-src 'self' data: *.cookielaw.org *.jsdelivr.net s3.eu-west-3.amazonaws.com; media-src 'self' s3.eu-west-3.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cookielaw.org *.newrelic.com *.onetrust.com www.googletagmanager.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.typekit.net *.onetrust.com *.fontawesome.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com https://use.typekit.net; worker-src 'none'; base-uri 'self'; report-uri https://www.perrigo.com/report-uri/enforce 1
upgrade-insecure-requests; frame-ancestors 'self' https: http: www.colombiaaprende.edu.co; default-src 'self' d2m1zw38230ngs.cloudfront.net d3j4pzt8k2yqfj.cloudfront.net ; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com www.youtube.com translate.googleapis.com translate-pa.googleapis.com translate.google.com fonts.googleapis.com d2m1zw38230ngs.cloudfront.net use.edgefonts.net; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net translate.googleapis.com translate.google.com fonts.googleapis.com d2m1zw38230ngs.cloudfront.net; font-src 'self' fonts.gstatic.com fonts.googleapis.com themes.googleusercontent.com; img-src 'self' data: www.google-analytics.com www.gstatic.com d2m1zw38230ngs.cloudfront.net d3j4pzt8k2yqfj.cloudfront.net contenidos.colombiaaprende.edu.co colombiaaprende.edu.co www.colombiaaprende.edu.co movil.colombiaaprende.edu.co contactomaestro.colombiaaprende.edu.co eco.colombiaaprende.edu.co bibliotecadigital.colombiaaprende.edu.co redaprende.colombiaaprende.edu.co campus.colombiaaprende.edu.co i.ytimg.com barcelobavaro.odilo.us covers.odilo.io www.googletagmanager.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com translate.googleapis.com fonts.googleapis.com cdn.jsdelivr.net; frame-src view.genial.ly  www.facebook.com facebook.com www.youtube.com youtube.com www.colombiaaprende.edu.co colombiaaprende.edu.co fonts.gstatic.com; form-action 'self' https: http: www.colombiaaprende.edu.co; media-src 'self'; 1
connect-src 'self' https://matomo.heinlein-support.de https://numbers.heinlein-support.de; font-src 'self'; frame-src 'self'; img-src 'self' https://cdn.redoc.ly/redoc/; object-src 'self'; script-src 'self' https://matomo.heinlein-support.de https://numbers.heinlein-support.de; style-src 'self'; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://www.heinlein-support.de/report-uri/enforce 1
default-src 'self' *.crazyegg.com; script-src *.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src *.crazyegg.com * data:; style-src *.crazyegg.com 'self' 'unsafe-inline' *; font-src * data:; connect-src *.crazyegg.com *; frame-src *.crazyegg.com * data:; worker-src 'blob:' * 1
default-src 'self'; img-src 'self' blob: data: https://*.adsymptotic.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.cookiebot.com https://*.doubleclick.net https://*.expoints.nl https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://*.visualwebsiteoptimizer.com https://*.youtube.com https://analytics.twitter.com https://app.vwo.com https://cdn.pushcrew.com https://geodata.nationaalgeoregister.nl https://i.vimeocdn.com https://i.ytimg.com https://service.pdok.nl https://t.co https://wingify-assets.s3.amazonaws.com https://www.facebook.com https://www.vimeo.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.expoints.nl https://*.google.com https://*.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://fonts.googleapis.com https://s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.clarity.ms https://*.cookiebot.com https://*.enexis.nl https://*.doubleclick.net https://*.expoints.nl https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googleadservices.com https://*.googleanalytics.com https://*.googleoptimize.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.licdn.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://connect.facebook.net https://extreme-ip-lookup.com https://maps.googleapis.com https://nlmaps.nl https://static.ads-twitter.com; connect-src 'self' https://*.ads.linkedin.com https://*.analytics.google.com https://*.clarity.ms https://*.cookiebot.com https://*.doubleclick.net https://*.expoints.nl https://*.google-analytics.com https://*.google.com https://*.google.nl https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.identity.oraclecloud.com https://*.oribi.io https://*.pdok.nl https://*.visualwebsiteoptimizer.com https://app.vwo.com https://geodata.nationaalgeoregister.nl https://vimeo.com https://www.facebook.com wss://*.hotjar.com https://enexis-prod-signalr.service.signalr.net wss://enexis-prod-signalr.service.signalr.net; frame-src 'self' https://*.enexis.nl https://*.doubleclick.net https://*.expoints.nl https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.mendixcloud.com https://*.netbeheernederland.nl https://*.pti.nl https://*.visualwebsiteoptimizer.com https://app.vwo.com https://consentcdn.cookiebot.com https://player.vimeo.com https://td.doubleclick.net https://www.facebook.com https://www.youtube-nocookie.com; font-src 'self' data: https://*.expoints.nl https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com; object-src 'none'; worker-src 'self' blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://noauthority.social; img-src 'self' https: data: blob: https://noauthority.social; style-src 'self' https://noauthority.social 'nonce-k+ahC5KVJdT61u6u59gOmQ=='; media-src 'self' https: data: https://noauthority.social; frame-src 'self' https:; manifest-src 'self' https://noauthority.social; form-action 'self'; child-src 'self' blob: https://noauthority.social; worker-src 'self' blob: https://noauthority.social; connect-src 'self' data: blob: https://noauthority.social https://static.noauthority.social wss://noauthority.social; script-src 'self' https://noauthority.social 'wasm-unsafe-eval' 1
default-src 'self';media-src 'self' cdn.conversationalsdevelopment.nl/oxxio/client/v3/sounds/beep.mp3;script-src 'self' 'unsafe-inline' 'unsafe-eval' script.adcalls.nl/e907d5da-14dc-4967-b180-03e37a3022be.js acdn.adnxs.com/dmp/up/pixie.js mktdplp102cdn.azureedge.net bat.bing.com cdn-dxp.enecogroup.com cdn.conversationalsdevelopment.nl api.seamly-app.com *.g.doubleclick.net svc.dynamics.com connect.facebook.net www.google-analytics.com www.googleadservices.com www.google.nl pagead2.googlesyndication.com www.google.com/recaptcha/api.js www.gstatic.com *.googletagmanager.com static.hotjar.com script.hotjar.com pixels.lemonpi.io snap.licdn.com/li.lms-analytics/insight.min.js snap.licdn.com/li.lms-analytics/insight.beta.min.js snap.licdn.com/li.lms-analytics/insight.old.min.js d10lpsik1i8c69.cloudfront.net tools.luckyorange.com s.pinimg.com ct.pinterest.com static.queue-it.net assets.queue-it.net eneco.queue-it.net www.reddit.com ads.reddit.com www.redditstatic.com tdn.r42tag.com api.salesfeed.com d3or5d0jdz94or.cloudfront.net static.ads-twitter.com w.usabilla.com api.usabilla.com d6tizftlrpuof.cloudfront.net;connect-src 'self' wss: api.adcalls.nl *.in.applicationinsights.azure.com bat.bing.com api.seamly-app.com api-digital.enecogroup.com ad.doubleclick.net stats.g.doubleclick.net bf53370xjr.bf.dynatrace.com *.google-analytics.com *.analytics.google.com pagead2.googlesyndication.com www.google.com stm.oxxio.nl www.googletagmanager.com *.hotjar.com vc.hotjar.io d.lemonpi.io px.ads.linkedin.com settings.luckyorange.com settings.luckyorange.net *.visitors.live pubsub.googleapis.com api.luckyorange.com ct.pinterest.com www.reddit.com www.redditstatic.com conversions-config.reddit.com d3or5d0jdz94or.cloudfront.net collect.kosi-analytics.io api.usabilla.com;img-src 'self' data: ib.adnxs.com bat.bing.com cdn-dxp.enecogroup.com *.frontify.com lt45.net www.lt45.net www.rkn3.net rkn3.net ds1.nl www.ds1.nl *.fls.doubleclick.net ad.doubleclick.net *.g.doubleclick.net www.facebook.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com www.google.nl ade.googlesyndication.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com script.hotjar.com d.lemonpi.io px.ads.linkedin.com www.linkedin.com px4.ads.linkedin.com d10lpsik1i8c69.cloudfront.net ct.pinterest.com www.reddit.com ads.reddit.com alb.reddit.com t.svtrd.com analytics.twitter.com t.co w.usabilla.com d6tizftlrpuof.cloudfront.net img.youtube.com;font-src 'self' cdn-dxp.enecogroup.com fonts.gstatic.com script.hotjar.com d6tizftlrpuof.cloudfront.net;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net;frame-src 'self' *.fls.doubleclick.net bid.g.doubleclick.net td.doubleclick.net www.google.com vars.hotjar.com ct.pinterest.com t.svtrd.com d6tizftlrpuof.cloudfront.net *.youtube.com;child-src 'self' blob:;object-src 'none' 1
font-src 'self' data:; img-src https: data:; default-src https: 'unsafe-inline' 'unsafe-eval' 1
base-uri 'self' https://*.exponea.com; font-src 'self' data: https://babywalz.omq.de https://*.paypalobjects.com https://*.abtasty.com; form-action 'self' https://*.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://*; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.aboutyou.cloud https://*.adyen.com https://*.omq.de https://*.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com https://*.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.moderne-hausfrau.de https://*.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://*.paypal.com https://babywalz.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://*.sovendus.com https://*.abtasty.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://*.adyen.com https://*.paypal.com https://*.moderne-hausfrau.de https://*.scayle.cloud https://*.awin1.com https://td.doubleclick.net https://*.criteo.com https://*.sovendus-benefits.com https://*.sovendus-connect.com https://tbs.tradedoubler.com https://*.bazaarvoice.com https://*.trustpilot.com https://*.abtasty.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.moderne-hausfrau.de https://*.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://*.paypal.com https://*.paypalobjects.com https://babywalz.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://*.facebook.net https://*.criteo.com https://*.sovendus.com https://*.bing.com https://*.hotjar.com https://*.abtasty.com https://*.bazaarvoice.com https://mpsnare.iesnare.com https://*.trustpilot.com https://insitez.blob.core.windows.net; connect-src 'self' https://*.moderne-hausfrau.de https://*.scayle.cloud https://*.aboutyou.cloud/ https://*.adyen.com https://*.paypal.com https://*.paypalobjects.com https://x.klarnacdn.net https://*.vhwmcs.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://*.exponea.com https://*.googletagmanager.com https://*.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://*.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.google.com https://*.doubleclick.net https://*.criteo.com https://*.sovendus.com https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://*.abtasty.com https://*.walz.de https://*.mixpanel.com https://*.informizely.com; media-src https://a.storyblok.com https://*.walz.de; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def; 1
default-src https: http: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com/ https://px.ads.linkedin.com/ https://www.google.com/ *.visualwebsiteoptimizer.com https://cdn.optimizely.com/ app.vwo.com https://dev.visualwebsiteoptimizer.com https://snapwidget.com/ https://prd3-staging-my-global.sites.brunel.net/ https://cdn01.brunel.net/ https://script.hotjar.com/ https://www.recaptcha.net/ https://hcaptcha.com/ https://www.gstatic.com/ https://my.brunel.at/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://www.brunel.net/ https://track.hvnj.de/ https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googleanalytics.com https://www.googletagmanager.com/ https://optimize.google.com/ https://www.googleoptimize.com/ https://dtch.brunel.nl/ https://cdn.cookielaw.org/ https://maps.googleapis.com/ https://static.ads-twitter.com/ https://bat.bing.com/ https://www.redditstatic.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://track.adform.net/ https://www.youtube.com/ https://mc.yandex.ru/ https://static.hotjar.com/ https://az416426.vo.msecnd.net/ https://www.clarity.ms/ https://api-publication-search-prd.azurewebsites.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://cm.to/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/ https://acc2-my-global.sites.brunel.net/ https://acc2-www-cn.sites.brunel.net/; style-src 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://fonts.googleapis.com https://optimize.google.com/ https://prd3-staging-my-global.sites.brunel.net/ https://prd3-staging-www-net.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://www.brunel.net/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunel.at/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://privacyportalde-cdn.onetrust.com/ https://fonts.googleapis.com/ https://acc2-my-nl.sites.brunel.net/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/ https://acc2-my-global.sites.brunel.net/ https://acc2-www-cn.sites.brunel.net/; img-src 'unsafe-inline' data: https://www.talent.com https://www.googleadservices.com/ https://ad.doubleclick.net *.visualwebsiteoptimizer.com https://cdn.optimizely.com/ https://www.google.be/ https://px4.ads.linkedin.com/ chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://dev.visualwebsiteoptimizer.com https://prd3-staging-my-global.sites.brunel.net/ https://maps.googleapis.com/ https://www.gstatic.com/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://prd3-staging-www-net.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://analytics.twitter.com/ https://www.linkedin.com/ https://my.brunel.at/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://www.brunel.net/ https://track.hvnj.de/ https://optimize.google.com/ https://script.hotjar.com/ https://snapwidget.com/ https://pagead2.googlesyndication.com/ https://prod.smassets.net/ https://prod.smassets.net/ https://click.werkzoeken.nl/ https://click.technicus.nl/ https://click.ictergezocht.nl/ https://googleads.g.doubleclick.net/ https://lt45.net/ https://conv.indeed.com/ https://online.brunel.nl/ https://maps.gstatic.com/ https://optanon.blob.core.windows.net/ https://www.googletagmanager.com/ https://i.ytimg.com/ https://img.youtube.com/ https://www.brunel.net/ http://www.w3.org/ https://acc2-www-nl.sites.brunel.net/ http://www.w3.org/ https://acc2-my-nl.sites.brunel.net/ https://dc.ads.linkedin.com/ https://alb.reddit.com/ https://t.co/ https://bat.bing.com/ https://www.google-analytics.com/ https://px.ads.linkedin.com/ https://www.facebook.com/ https://c.clarity.ms/ https://www.google.com/ https://www.google.nl/ https://c.bing.com/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://cm.to/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/ https://acc2-my-global.sites.brunel.net/ https://acc2-www-cn.sites.brunel.net/; connect-src 'unsafe-inline' https://google.com https://conversions-config.reddit.com/ https://www.redditstatic.com/ https://googleads.g.doubleclick.net/ https://px.ads.linkedin.com/ https://www.google.com/ *.visualwebsiteoptimizer.com https://cdn.optimizely.com/ *.optimizely.com https://tapi.optimizely.com/ https://pagead2.googlesyndication.com/ https://errors.client.optimizely.com/ https://*.hotjar.io https://logx.optimizely.com/ https://*.hotjar.com wss://*.hotjar.com/  *.visualwebsiteoptimizer.com wss://wsp6.hotjar.com/ https://wsp6.hotjar.com/ https://csmetrics.hotjar.com/ app.vwo.com wss://ws24.hotjar.com/ wss://ws35.hotjar.com/ https://cdn.linkedin.oribi.io/ https://prd3-staging-my-global.sites.brunel.net/ https://optimize.google.com/ https://pp-public-p-swe.piwik.pro/ https://ws21.hotjar.com/ wss://ws21.hotjar.com/ wss://ws26.hotjar.com/ https://ws26.hotjar.com/ wss://ws25.hotjar.com/ wss://ws29.hotjar.com/ https://ws29.hotjar.com/ https://ws10.hotjar.com/ wss://ws10.hotjar.com/ https://ws42.hotjar.com/ wss://ws42.hotjar.com/ https://ws5.hotjar.com/ wss://ws5.hotjar.com/ wss://ws37.hotjar.com/ https://www.brunel.net/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://ws24.hotjar.com/ wss://ws8.hotjar.com/ https://prd3-staging-www-net.sites.brunel.net/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunel.at/ https://region1.google-analytics.com/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://surveystats.hotjar.io/ https://optanon.blob.core.windows.net/ https://dtch.brunel.nl/ https://geolocation.onetrust.com/ https://dtch.brunel.nl/wss:// ws1.hotjar.com/ https://k.clarity.ms/ https://mc.yandex.ru/ https://snapwidget.com/ https://bat.bing.com/ https://acc2-my-nl.sites.brunel.net/ https://privacyportal-de.onetrust.com/ https://privacyportalde-cdn.onetrust.com/ https://noembed.com/ https://cdn.plyr.io/ https://cdn.cookielaw.org/ https://www.google-analytics.com/ https://dc.services.visualstudio.com/ https://stats.g.doubleclick.net/ https://maps.googleapis.com/ https://in.hotjar.com/ wss://ws17.hotjar.com/ https://ws17.hotjar.com/ https://j.clarity.ms/ https://www.clarity.ms/ https://api-publication-search-prd.azurewebsites.net/ https://acc2-www-nl.sites.brunel.net/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://a.clarity.ms/ https://b.clarity.ms/ https://c.clarity.ms/ https://d.clarity.ms/ https://e.clarity.ms/ https://f.clarity.ms/ https://g.clarity.ms/ https://h.clarity.ms/ https://i.clarity.ms/ https://j.clarity.ms/ https://k.clarity.ms/ https://l.clarity.ms/ https://m.clarity.ms/ https://n.clarity.ms/ https://o.clarity.ms/ https://p.clarity.ms/ https://q.clarity.ms/ https://r.clarity.ms/ https://s.clarity.ms/ https://t.clarity.ms/ https://u.clarity.ms/ https://v.clarity.ms/ https://w.clarity.ms/ https://x.clarity.ms/ https://y.clarity.ms/ https://z.clarity.ms/ https://cm.to/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/ https://acc2-my-global.sites.brunel.net/ https://acc2-www-cn.sites.brunel.net/; frame-src 'unsafe-inline' https://d3ms8mre5rhtvu.cloudfront.net/ https://embed-standalone.spotify.com/ app.vwo.com *.visualwebsiteoptimizer.com *.cdn.optimizely.com https://www.brunel.net/ https://widgets.bnr.nl/ https://td.doubleclick.net https://brunel-career.talent-soft.com/ https://snapwidget.com/ https://www.ecomatcher.com/ https://newassets.hcaptcha.com/ https://optimize.google.com/ https://cm.to/ https://hmmh.scnem.com/ https://45years.brunel.net/ https://open.spotify.com/ https://pages.cm.com/ https://werkenbij.brunel.nl/ https://www.pingvp.com/ https://www.surveymonkey.com/ https://tpc.googlesyndication.com/ https://www.recaptcha.net/ https://www.youtube.com/ https://vars.hotjar.com/ https://track.adform.net/ https://mc.yandex.ru/ https://track.adform.net/ https://api-publication-search-prd.azurewebsites.net/ https://www.facebook.com/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://10418678.fls.doubleclick.net/ https://cm.to/ https://pages.cm.com/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/ https://acc2-my-global.sites.brunel.net/ https://acc2-www-cn.sites.brunel.net/; script-src-elem 'unsafe-inline' https://dev.visualwebsiteoptimizer.com https://optimizely.s3.amazonaws.com/ https://cdn3.optimizely.com/ https://app.optimizely.com/ https://cdn-assets-prod.s3.amazonaws.com/ https://cdn.optimizely.com/ austlria.com https://prd3-staging-my-global.sites.brunel.net/ https://hcaptcha.com/ https://optimize.google.com/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://prd3-staging-www-net.sites.brunel.net/ https://my.brunel.at/ https://my.brunel.nl/ https://my.brunel.de/ https://my.brunel.ch/ https://my.brunelswitzerland.ch/ https://my.brunel.be/ https://my.brunel.cz/ https://www.brunel.net/ https://track.hvnj.de/ https://snapwidget.com/ https://acc2-www-nl.sites.brunel.net/ https://ajax.googleapis.com/ https://tpc.googlesyndication.com/ https://click.werkzoeken.nl/ https://www.clear-reports.com/ https://widget.surveymonkey.com/ https://www.gstatic.com/ https://www.recaptcha.net/ https://s2.adform.net/ https://analytics.twitter.com/ https://script.hotjar.com/  https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://www.googleoptimize.com/ https://acc2-www-nl.sites.brunel.net/FED/UMB/static/js/ https://acc2-my-nl.sites.brunel.net/ https://dtch.brunel.nl/ https://cdn.cookielaw.org/ https://maps.googleapis.com/ https://static.ads-twitter.com/ https://bat.bing.com/ https://www.redditstatic.com/ https://snap.licdn.com/ https://track.adform.net/ https://www.youtube.com/ https://mc.yandex.ru/ https://static.hotjar.com/ https://az416426.vo.msecnd.net/ https://www.clarity.ms/  https://connect.facebook.net/ https://a.clarity.ms/ https://b.clarity.ms/ https://c.clarity.ms/ https://d.clarity.ms/ https://e.clarity.ms/ https://f.clarity.ms/ https://g.clarity.ms/ https://h.clarity.ms/ https://i.clarity.ms/ https://j.clarity.ms/ https://k.clarity.ms/ https://l.clarity.ms/ https://m.clarity.ms/ https://n.clarity.ms/ https://o.clarity.ms/ https://p.clarity.ms/ https://q.clarity.ms/ https://r.clarity.ms/ https://s.clarity.ms/ https://t.clarity.ms/ https://u.clarity.ms/ https://v.clarity.ms/ https://w.clarity.ms/ https://x.clarity.ms/ https://y.clarity.ms/ https://z.clarity.ms/ https://privacyportalde-cdn.onetrust.com/ https://tst4-www-nl.sites.brunel.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://mc.yandex.ru/metrika/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://cm.to/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/ https://acc2-my-global.sites.brunel.net/ https://acc2-www-cn.sites.brunel.net/; font-src 'unsafe-inline' https://script.hotjar.com/ https://optimize.google.com/ https://prd3-staging-my-global.sites.brunel.net/ https://prd3-staging-my-de.sites.brunel.net/ https://prd3-staging-my-nl.sites.brunel.net/ https://prd3-staging-my-cz.sites.brunel.net/ https://prd3-staging-my-at.sites.brunel.net/ https://prd3-staging-my-ch.sites.brunel.net/ https://prd3-staging-my-be.sites.brunel.net/ https://prd3-staging-www-net.sites.brunel.net/ https://prd3-staging-www-cn.sites.brunel.net/ https://privacyportalde-cdn.onetrust.com/ https://acc2-my-nl.sites.brunel.net/ https://acc2-www-nl.sites.brunel.net/ https://fonts.gstatic.com/ https://acc2-umbrella.sites.brunel.net/ https://brunel.containers.piwik.pro/ https://cdn.cookielaw.org/ https://brunel.piwik.pro/ https://dtch.brunel.net/ https://vc.hotjar.io/ https://dtch.www.brunel.net/ https://acc2-my-de.sites.brunel.net/ https://apply-with-seek-button.seek.com.au/ https://www.brunel.com.cn/ https://myglobal.brunel.net/ https://cdn01.brunel.net/ https://px.ads.linkedin.com/ https://brunel.containers.piwik.pro/ https://acc2-my-global.sites.brunel.net/ https://acc2-www-cn.sites.brunel.net/; media-src 'unsafe-inline' https://cdn01.brunel.net/ https://brunel.net https://acc2-my-global.sites.brunel.net/ https://acc2-www-cn.sites.brunel.net/; 1
default-src 'none'; connect-src https://cdn.cookielaw.org https://*.contentsquare.net  https://region1.analytics.google.com https://*.mediarithmics.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.thcdn.com https://asgard.thehut.net https://cpwidgets.thehut.net https://cdn.ampproject.org https://bat.bing.com https://www.facebook.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://*.google-analytics.com https://ampcid.google.com https://adservice.google.com https://the.sciencebehindecommerce.com https://sf-hs-sg.ibytedtos.com https://ct.pinterest.com; font-src 'self' https://blogscdn.thehut.net https://fonts.gstatic.com https://fonts.googleapis.com https://*.thcdn.com; form-action 'self' https://tr.snapchat.com https://connect.facebook.net https://www.facebook.com https://syndication.twitter.com https://survey.g.doubleclick.net; child-src 'self' https://*.contentsquare.net https://sightmill.com https://woobox.com https://ct.pinterest.com https://open.spotify.com https://www.tiktok.com https://widget.trustpilot.com https://gum.criteo.com https://static.criteo.net https://platform.twitter.com https://syndication.twitter.com https://www.facebook.com https://www.instagram.com https://www.youtube.com https://vimeo.com https://tr.snapchat.com https://*.doubleclick.net https://www.pinterest.com; img-src https://*.contentsquare.net https: data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://sightmill.com https://cdn.cookielaw.org  https://*.contentsquare.net https://app.contentsquare.com  https://dynamic.criteo.com https://*.mediarithmics.com https://adservice.google.com https://*.ibytedtos.com https://geolocation.onetrust.com https://cdn.ampproject.org https://blogscdn.thehut.net https://*.thcdn.com https://cdn.woobox.com https://analytics.twitter.com/ https://bat.bing.com https://cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.3/modernizr.min.js https://code.jquery.com/jquery-3.6.0.min.js https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://sc-static.net https://sslwidget.criteo.com https://widget.eu.criteo.com https://static.criteo.net https://static.ads-twitter.com https://www.dwin1.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.instagram.com https://www.tiktok.com https://s16.tiktokcdn.com https://survey.g.doubleclick.net https://*.google.co.uk https://s.pinimg.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://blogscdn.thehut.net https://*.thcdn.com https://fonts.google.com https://fonts.googleapis.com https://s16.tiktokcdn.com; frame-ancestors 'self'; media-src 'self'; object-src 'none'; worker-src blob: 'self'; upgrade-insecure-requests; report-uri https://csp.thehut.net/blogs 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: javascript:; frame-src *; frame-ancestors *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cc.cdn.civiccomputing.com https://assets.buzzsprout.com https://www.buzzsprout.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://analytics.rubensteintech.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://www.googletagmanager.com https://maps.gstatic.com https://www.gstatic.com https://snap.licdn.com https://www.linkedin.com https://static.ads-twitter.com https://px.ads.linkedin.com https://analytics.twitter.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://s.ytimg.com https://cdn.plyr.io https://cse.google.com https://siteimproveanalytics.com https://player.vimeo.com https://ssl.p.jwpcdn.com https://s7.addthis.com ; frame-src https://www.buzzsprout.com https://www.facebook.com https://platform.twitter.com https://www.youtube.com https://cdn.plyr.io https://t.co https://cdn.yoshki.com https://player.vimeo.com 'self' https://*.google.com; connect-src 'self' https://apikeys.civiccomputing.com https://analytics.twitter.com https://cdn.plyr.io https://cse.google.com https://maps.googleapis.com https://vimeo.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/ https://cdn.linkedin.oribi.io https://analytics.rubensteintech.com https://clapi.civiccomputing.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://use.typekit.net https://hello.myfonts.net https://platform.twitter.com https://assets.buzzsprout.com https://ssl.p.jwpcdn.com ; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://use.typekit.net https://p.typekit.net https://ssl.p.jwpcdn.com data: ; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://assets.buzzsprout.com https://www.buzzsprout.com https://www.google-analytics.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://*.siteimproveanalytics.io https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://p.typekit.net https://t.co https://analytics.twitter.com data:; form-action 'self' https://www.facebook.com; child-src https://www.facebook.com https://staticxx.facebook.com https://platform.twitter.com; object-src 'none'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co; form-action 'self' https://www.facebook.com https://www.mioskincare.fr https://m.mioskincare.fr https://checkout.mioskincare.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.smct.co https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.bubbi.ai *.jobylon.com *.here.com *.imbox.se *.googleoptimize.com *.googletagmanager.com *.google-analytics.com *.facebook.net *.imbox.io *.bing.com *.googleadservices.com *.doubleclick.net *.clarity.ms *.klarna.com *.gstatic.com *.google.com *.mynewsdesk.com *.cookiebot.com;font-src 'self' data:;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.imbox.se *.here.com *.facebook.net *.imbox.io *.bing.com *.googleadservices.com *.doubleclick.net *.clarity.ms *.klarna.com *.gstatic.com *.google.com *.mynewsdesk.com *.cookiebot.com;object-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cegos.fr *.cegos.com https://www.gstatic.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/pagead/conversion/ https://www.google.fr/pagead/attribution/ https://www.gstatic.com/wcm/ https://www.gstatic.com/recaptcha/api2/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.linkedin.com/px/ https://px.ads.linkedin.com/collect/ https://platform.linkedin.com/ https://snap.licdn.com/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/timeline/ https://sjs.bizographics.com/insight.min.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://static.hotjar.com/ https://script.hotjar.com/ https://munchkin.marketo.net/ https://*.marketo.com/ https://connect.facebook.net/ https://www.youtube.com/ https://s.ytimg.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.kameleoon.com/ https://*.kameleoon.net https://*.kameleoon.eu https://kick-my-bot.s3-eu-west-1.amazonaws.com https://chat-window.kmblabs.com/ https://d134jvmqfdbkyi.cloudfront.net https://d24s38jd6z1bka.cloudfront.net https://d1986lffsl15jz.cloudfront.net https://bat.bing.com https://*.abtasty.com https://flagship.com https://cdn.segment.com https://cdn.matomo.cloud/ https://cegos.matomo.cloud/ https://*.clarity.ms https://accounts.google.com https://*.easy-lms.com; object-src 'self'; base-uri 'none'; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kdo.de; style-src 'self' *.kdo.de 'unsafe-inline'; connect-src 'self' *.kdo.de; img-src 'self' *.kdo.de *.openstreetmap.org data:; worker-src blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fairy.id; img-src 'self' data: blob: https://fairy.id; style-src 'self' https://fairy.id 'nonce-zAv3mY7XUD34K0Ep6RlcvQ=='; media-src 'self' data: https://fairy.id; frame-src 'self' https:; manifest-src 'self' https://fairy.id; form-action 'self'; child-src 'self' blob: https://fairy.id; worker-src 'self' blob: https://fairy.id; connect-src 'self' data: blob: https://fairy.id wss://fairy.id; script-src 'self' https://fairy.id 'wasm-unsafe-eval' 1
default-src 'self';                                  script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 img-src data: 'self' blob: data:  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 style-src 'self' 'unsafe-inline'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 font-src 'self'  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d ;                                 frame-src  https://stats.ise.fraunhofer.de  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com  https://cdnjs.cloudflare.com  https://platform.twitter.com  https://cdn.syndication.twimg.com/  http://*.tile.openstreetmap.org  https://api.tiles.mapbox.com  https://api.mapbox.com  https://wisskomm.social/@energy_charts_d                                 frame-ancestors  leonid.muc.zae-bayern.de  grizzly.rheintal-hosting.ch  kkl.swissscreen.com ;                                 object-src 'none' 1
default-src https: 'unsafe-inline'; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' http://porrtogo.staffbase.com https://porrtogo.staffbase.com http://staffbase.com capacitor://porrtogo.staffbase.com capacitor://staffbase.com localhost:* 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://maps.google.com https://maps.gstatic.com 'unsafe-eval' https://analytics.rubensteintech.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.gstatic.com https://ssl.p.jwpcdn.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://siteimproveanalytics.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://cloud.webtype.com https://fonts.googleapis.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.plyr.io https://vimeo.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://privacyportal.onetrust.com/request/v1/consentreceipts; font-src 'self' https://maps.gstatic.com https://fonts.gstatic.com https://use.typekit.net https://cloud.webtype.com data:; img-src 'self' https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://pls.webtype.com https://www.google-analytics.com https://img.youtube.com https://i.vimeocdn.com https://*.global.siteimproveanalytics.io https://stats.g.doubleclick.net https://cdn.cookielaw.org/ data:; object-src 'self'; frame-src 'self' https://information.huntonak.com https://cdn.yoshki.com https://www.youtube.com https://player.vimeo.com https://app.powerbi.com https://share.hsforms.com/ https://www.youtube-nocookie.com; 1
default-src https: data: 'unsafe-inline'; 1
frame-ancestors 'self' https://accesspay.trumpet.app/ https://trumpet.app/ 1
default-src https: 'self' data: 'unsafe-inline' 1
connect-src 'self' ws: *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.youtube.com *.vimeo.com *.vimeocdn.com *.onetrust.com *.cookielaw.org *.cookiepro.com *.marker.io *.amazonaws.com  *.umbraco.com *.google.com; default-src 'self' *.google-analytics.com *.googletagmanager.com; font-src 'self' *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.youtube.com *.vimeo.com *.vimeocdn.com *.onetrust.com *.cookielaw.org *.cookiepro.com *.marker.io *.umbraco.com *.google.com; form-action 'self' *.onetrust.com *.google.com; frame-ancestors 'self'; frame-src 'self' *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.youtube.com vimeo.com *.vimeo.com *.vimeocdn.com *.onetrust.com *.cookielaw.org *.cookiepro.com *.marker.io *.umbraco.com *.google.com; img-src 'self' data: *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.youtube.com *.vimeo.com *.vimeocdn.com *.onetrust.com *.cookielaw.org *.cookiepro.com *.marker.io *.umbraco.com *.gravatar.com *.google.com *.picsum.photos picsum.photos; media-src 'self' *.googletagmanager.com *.gstatic.com  *.googleapis.com *.google-analytics.com *.googleanalytics.com www.youtube.com *.vimeo.com *.vimeocdn.com *.onetrust.com *.cookielaw.org *.cookiepro.com *.marker.io *.umbraco.com *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com www.youtube.com *.vimeo.com *.vimeocdn.com *.onetrust.com *.cookielaw.org *.cookiepro.com *.marker.io *.umbraco.com unpkg.com *.google.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googleanalytics.com *.youtube.com *.vimeo.com *.onetrust.com *.cookielaw.org *.cookiepro.com *.marker.io *.umbraco.com unpkg.com *.google.com; worker-src 'self' *.google.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.slimcd.com recruitingbypaycor.com *.crazyegg.com *.scarabresearch.com https://www.google-analytics.com www.googletagmanager.com *.google-analytics.com sc-static.net *.quantserve.com *.quantcount.com *.youtube.com *.teads.tv http://api.ipstack.com *.googleadservices.com *.merchantware.net *.snapchat.com *.tiktok.com *.niceincontact.com *.rezync.com *.boomtrain.com *.rfihub.net *.ensighten.com *.rapidscansecure.com *.ipdata.co *.doubleclick.net *.cloudflareinsights.com *.ipdata.com *.kargo.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net https://livechat-static-de-na1.niceincontact.com *.niceincontact.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.typekit.net data: https://livechat-static-de-na1.niceincontact.com *.niceincontact.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.windows.net *.crazyegg.com *.google-analytics.com *.googletagmanager.com www.googletagmanager.com https://www.google-analytics.com *.google.com *.googletagmanager.com *.adsrvr.org spotxbeacons.com *.doubleclick.net *.quantserve.com *.teads.tv *.emarsys.net *.amazonaws.com *.rezync.com *.liadm.com *.choozle.com *.rapidscansecure.com *.pangle-ads.com google.com; media-src 'self' data: blob:; frame-src *.kargo.com *.doubleclick.net *.rfihub.com *.niceincontact.com *.adsrvr.org *.cloudfront.net *.snapchat.com *.youtube.com *.suntancity.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com recruitingbypaycor.com *.crazyegg.com *.doubleclick.net *.snapchat.com *.rfihub.com *.adsrvr.org *.cloudfront.net *.kargo.com *.doubleclick.net *.rfihub.com *.niceincontact.com *.adsrvr.org *.scarabresearch.com; connect-src 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.crazyegg.com *.scarabresearch.com *.google-analytics.com https://www.google-analytics.com *.doubleclick.net analytics.google.com *.emarsys.net *.teads.tv *.merchantware.net *.snapchat.com *.tiktok.com wss://chat-gateway-de-na1.niceincontact.com *.niceincontact.com *.boomtrain.com *.cloudflare.com *.facebook.com *.pangle-ads.com google.com *.kargo.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.arsy.cz http: https: https://track.adform.net https://cdn.jsdelivr.net https://www.smartsuppchat.com/ https://ads.google.com/ https://analytics.google.com/ https://sklik.cz/; worker-src 'self' http: https: https://track.adform.net https://cdn.jsdelivr.net https://www.smartsuppchat.com/ https://ads.google.com/ https://analytics.google.com/ https://sklik.cz/; frame-ancestors https://www.facebook.com/ https://www.messenger.com/; frame-src github.io https://www.google.com/ https://analytics.google.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://www.smartsuppchat.com/ https://s7.addthis.com/ https://cdn.jsdelivr.net https://widget.packeta.com https://walkinto.in/ https://ads.google.com/ https://track.adform.net https://sklik.cz/ https://wlk.im/ *.youtube.com 'self'; form-action 'self' https://*.facebook.com; font-src *.gstatic.com *.typekit.net *.arsy.cz 'self'; object-src 'none'; style-src https://www.arsyline.cz/cookies/cookies_script_dark.css fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' *.typekit.net data: *.arsy.cz 'self'; base-uri 'none'; 1
frame-ancestors www.homecredit.cz www.homecredit.sk *.ci360.sas.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.homecredit.cz www.homecredit.sk www.youtube.com *.doubleclick.net cdn.siteone.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.homecredit.cz www.homecredit.sk execution-360.homecredit.cz www.googleadservices.com *.googleadservices.com www.googletagmanager.com cdn.cookielaw.org *.bing.com www.youtube.com *.seznam.cz *.smartlook.com *.googleadservices.com *.googleadservices.net *.doubleclick.net *.facebook.net cdn.siteone.io pagead2.googlesyndication.com; connect-src 'self' execution-360.homecredit.cz *.onetrust.com cdn.cookielaw.org sentry.siteone.cz *.google-analytics.com *.bing.com *.smartlook.cloud *.facebook.net *.googlesyndication.com *.siteone.io; img-src 'self' data: www.homecredit.cz www.homecredit.sk content-360.homecredit.cz *.siteone.io *.siteone.cz cdn.cookielaw.org *.bing.com *.seznam.cz *.googlesyndication.com www.google.com www.google.cz www.facebook.com googleads.g.doubleclick.net  *.ytimg.com; 1
media-src  * blob: 1
frame-ancestors 'self' *.e-spirit.hosting; base-uri 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://wchat.freshchat.com; font-src 'self' data: https://*.gstatic.com; img-src 'self' data: https://cmsaccom.computicket.com https://content.computicket.com https://*.computicket.com https://www.google-analytics.com https://*.google.co.in https://*.gstatic.com https://*.googleapis.com https://*.google.com https://img.icons8.com; frame-src https://*.freshchat.com https://*.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'	https://*.google.com https://www.googletagmanager.com	https://www.google-analytics.com https://*.freshchat.com https://*.googleapis.com; connect-src 'self' wss://*.computicket.com/ https://*.google.com https://*.computicket.com https://www.google-analytics.com https://maps.googleapis.com/ https://*.doubleclick.net; 1
frame-ancestors 'self' https://*.skatewarehouse.com http://*.skatewarehouse.com; 1
frame-ancestors 'self' https://*.lappdomain.lappgroup.com; 1
frame-src https://www.google.com;script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://analytics.tiktok.com https://snap.licdn.com https://cdn.jsdelivr.net https://*.usabilla.com https://*.cdn.apollographql.com https://cdn.cookielaw.org https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://sgtm.allinclusive-collection.com https://hydehotels.com https://top-fwz1.mail.ru https://*.sojern.com https://ad.doubleclick.net https://*.newrelic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cdn.apollographql.com https://maps.googleapis.com https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://hydehotels.com https://top-fwz1.mail.ru https://*.sojern.com https://ad.doubleclick.net;img-src https: data: 'self' 'unsafe-inline';default-src 'self' 'unsafe-inline' data: https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.googletagmanager.com https://sgtm.allinclusive-collection.com https://*.cookielaw.org https://*.onetrust.com https://*.googleapis.com https://*.gstatic.com https://*.analytics.google.com https://www.google-analytics.com https://images.ctfassets.net https://*.imgix.net https://hydehotels.com https://top-fwz1.mail.ru https://*.sojern.com https://ad.doubleclick.net https://bam.nr-data.net;object-src 'none' 1
frame-ancestors 'self' texas.simpleviewcms.com www.traveltexas.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.cib.bnpparibas cdn.cookielaw.org www.google-analytics.com www.googleadservices.com https://*.googletagmanager.com www.youtube.com js-agent.newrelic.com bam.eu01.nr-data.net player.ausha.co cdn.polyfill.io snap.licdn.com https://*.teads.tv https://*.bnpparibas.com https://www.google.com https://*.gstatic.com https://platform.twitter.com https://player.ausha.co https://cvn.bnpparibas.com https://activitymap.adobe.com https://cdn.jsdelivr.net https://*.doubleclick.net; style-src 'self' 'unsafe-inline' 'report-sample' js-agent.newrelic.com https://*.cib.bnpparibas https://*.bnpparibas.com https://*.mediahub.bnpparibas https://cdn.jsdelivr.net https://fonts.googleapis.com/ https://googletagmanager.com https://*.googletagmanager.com https://*.gstatic.com/ ; object-src 'self' 'unsafe-inline'; base-uri 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://*.cib.bnpparibas cdn.cookielaw.org bam.eu01.nr-data.net geolocation.onetrust.com bnp-privacy.my.onetrust.com https://cdn.linkedin.oribi.io https://*.teads.tv https://*.bnpparibas.com https://adservice.google.com https://cib.sc.omtrdc.net https://px.ads.linkedin.com; font-src 'self' 'unsafe-inline' data: https://*.cib.bnpparibas https://*.gstatic.com https://*.doubleclick.net; frame-src 'self' 'unsafe-inline' www.youtube.com player.ausha.co https://*.bnpparibas.com https://*.cib.bnpparibas https://www.google.com https://embed.podcasts.apple.com https://players.brightcove.net https://player.vimeo.com https://open.spotify.com https://www3.actito.com https://*.doubleclick.net https://*.teads.tv/ ; img-src 'self' 'unsafe-inline' https://*.cib.bnpparibas https://cib.bnpparibas data: cib.sc.omtrdc.net www.google.com pbs.twimg.com www.google.fr secure.gravatar.com i.ytimg.com px.ads.linkedin.com https://*.teads.tv https://cdn.cookielaw.org https://*.doubleclick.net https://*.gstatic.com https://*.googletagmanager.com; manifest-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline' https://*.mediahub.bnpparibas https://mediahub.bnpparibas https://dam.bnpparibas.com 1
default-src 'self' https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ db.onlinewebfonts.com https://www.search.gov.sg https://search.gov.sg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com *.google-analytics.com https://www.youtube.com/iframe_api https://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com blob: https://*.wogaa.sg https://assets.adobedtm.com/ https://cdnjs.cloudflare.com/ https://www.caas.gov.sg https://www.recaptcha.net/recaptcha/api.js https://www.googletagmanager.com/ https://assets.dcube.cloud/ http://code.jquery.com/ https://api.search.gov.sg https://www.search.gov.sg 'self' web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://assets.wogaa.sg/fonts/ db.onlinewebfonts.com static.parastorage.com static.wixstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://www.search.gov.sg 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ https://d33wubrfki0l68.cloudfront.net/ https://caas.gov.sg/ https://www.caas.gov.sg/ https://assets.search.gov.sg 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://assets.wogaa.sg/fonts/ static.parastorage.com static.wixstatic.com db.onlinewebfonts.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://www.search.gov.sg; frame-src https://wogaa.demdex.net/ https://platform.twitter.com/ https://www.facebook.com/ https://syndication.twitter.com/ https://www.google.com/ https://www.youtube.com/ https://www.recaptcha.net/ https://web.facebook.com/ http://maps.google.com https://www.search.gov.sg https://search.gov.sg 'self' web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://*.wogaa.sg https://dpm.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ https://www.google-analytics.com/ https://api.search.gov.sg https://assets.search.gov.sg; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com; frame-ancestors 'self' 1
img-src 'self'; script-src 'self' blob:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net; font-src 'self'; worker-src blob:; connect-src 'self' https://*.zotero.org https://t0guvf0w17.execute-api.us-east-1.amazonaws.com https://v1snar4wu4.execute-api.us-east-1.amazonaws.com https://zbib-data.s3.amazonaws.com; object-src 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; img-src * blob: data:; font-src * data:; worker-src * blob:; child-src * blob: gap:; media-src * blob: 1
script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:; 1
default-src 'self' www.compassionandchoices.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://acsbapp.com/apps/app/dist/js/app.js https://cdn.acsbapp.com/  https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org amplify.outbrain.com *.hotjar.com https://vc.hotjar.io/* *.hotjar.io tags.wdsvc.net www.googletagmanager.com tag.simpli.fi tr.outbrain.com www.youtube.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.cloudfront.net *.ngpvan.com *.verygoodvault.com *.msecnd.net https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js compassionandchoices.bamboohr.com tags.srv.stackadapt.com https://www.dafdirect.org https://wave.outbrain.com https://acsbapp.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.cloudfront.net hello.myfonts.net https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css tags.srv.stackadapt.com https://www.dafdirect.org/; font-src 'self' https://acsbapp.com/ fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.cloudfront.net; img-src 'self' *.insight.adsrvr.org *.acsbapp.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com tr.outbrain.com bcp.crwdcntrl.net *.everyaction.com *.doubleclick.net www.googletagmanager.com *.cloudfront.net resources.bamboohr.com tags.srv.stackadapt.com https://www.dafdirect.org/ https://insight.adsrvr.org https://mid.rkdms.com https://loadm.exelator.com https://secure.insightexpressai.com https://uipglob.semasio.net https://s.thebrighttag.com https://match.adsrvr.org https://match.sync.ad.cpe.dotomi.com; media-src 'self' data: blob:; child-src * 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.doubleclick.net *.hotjar.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com wss://*.hotjar.com *.hotjar.com *.everyaction.com *.doubleclick.net https://dc.services.visualstudio.com/v2/track https://advocator.ngpvan.com *.ngpvan.com *.wdsvc.net *.adsrvr.org https://cdn.acsbapp.com/ tags.srv.stackadapt.com compassionandchoices.bamboohr.com https://content.hotjar.io https://acsbapp.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://play-lh.googleusercontent.com https://is1-ssl.mzstatic.com https://cdn-api.weglot.com  https://googleads.g.doubleclick.net https://www.googleadservices.com https://analytics.google.com https://analytics.google.com https://ttcu.locatorsearch.net https://*.vimeo.com https://*.pure.cloud https://*.paypalobjects.com https://*.giveworx.com https://www.datadoghq-browser-agent.com https://ttcu.com https://*.ttcu.com https://*.pinterest.com https://t.co https://analytics.twitter.com https://ajax.cloudflare.com https://*.qualtrics.com https://marketing.ttcu.com https://s.pinimg.com/ https://static.ads-twitter.com https://*.cloudflareinsights.com https://*.addthis.com https://*.issuu.com https://*.lk-cs.com https://ttcu.locatorsearch.com https://cdn.weglot.com https://c.bing.com https://api.shelf.io https://*.adsrvr.org https://*.clarity.ms https://*.schemaapp.com https://cds-sdkcfg.onlineaccess1.com https://*.addthisedge.com wss://*.hotjar.com https://s3.amazonaws.com https://*.youtube-nocookie.com https://*.formstack.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.facebook.com https://www.gstatic.com https://connect.facebook.net https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com; frame-ancestors 'self' https://www.youtube.com https://*.vimeo.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://use.typekit.net data: https://www.googletagmanager.com https://ajax.googleapis.com https://p.typekit.net https://www.google-analytics.com https://stats.g.doubleclick.net https://*.iubenda.com http://*.iubenda.com https://*.adobe.com https://*.adobedtm.com https://*.gruppoiren.it https://gruppoiren.sharepoint.com https://dev01.codeland.it https://*.teleborsa.it https://www.google.com https://*.google-analytics.com https://*.googleapis.com http://*.googleapis.com https://maps.google.com https://*.youtube.com https://youtube.com https://*.gstatic.com https://www.gstatic.com https://codeland.us14.list-manage.com https://*.amazonaws.com https://eep.io https://*.mailchimp.com https://liveservice.cloud-care.it wss://*.cloud-care.it https://*.cloud-care.it https://*.acsbapp.com https://acsbapp.com https://*.licdn.com https://*.linkedin.com; frame-ancestors 'self'; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://lat-team.com:8443/socket.io/ wss://lat-team.com:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src https://e.widgetbot.io/; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors https://gstournaments.com/ https://www.gstournaments.com/ https://www.gsgaming.com https://gsgaming.com https://www.gamersaloon.com https://gamersaloon.com https://www.fifaaddiction.com https://fifaaddiction.com https://plusgamingmagazine.com https://www.plusgamingmagazine.com https://www.footballmag.nl https://footballmag.nl https://gagner-argent-jeux-video.com https://www.gagner-argent-jeux-video.com https://nba2kw.com https://www.nba2kw.com https://prosportsextra.com/ https://www.epkdesign.com https://epkdesign.com http://playfuzzword.com 1
default-src 'self' *.phonebooky.com *.booky.ph *.bky.ph;script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com static.clevertap.com sg1.wzrkt.com d2r1yp2w7bby2u.cloudfront.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' 'unsafe-inline' *.booky.ph booky-nonprod-images.s3-ap-southeast-1.amazonaws.com booky-merchant-dashboard.s3.amazonaws.com *.bky.ph *.phonebooky.com data: *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com;object-src 'none';media-src 'self' static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com;font-src 'self' data: fonts.gstatic.com;report-uri /report-violation;worker-src none;connect-src 'self' *.phonebooky.com *.booky.ph *.bky.ph https://api.v5.booky.ph/booky-apollo-serverless static.zdassets.com ekr.zdassets.com bookymanila.zendesk.com wss://widget-mediator.zopim.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net www.google.com www.google.com.ph *.googleapis.com maps.gstatic.com *.ggpht.com analytics.google.com;script-src-attr 'self' 'unsafe-inline';upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;frame-ancestors 'self' 1
frame-ancestors https://builder.io 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-hf3JRZl6WEhYEoUQRRV7EQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src https://*.1fbusa.com *.leadsrx.com *.hubspot.com *.hubapi.com *.google-analytics.com *.doubleclick.net *.facebook.com *.snapchat.com; font-src 'self' *.hubspot.com *.cloudflare.com; img-src 'self' *.hubspot.com *.hubspot.net *.hsappstatic.net *.google.com *.google-analytics.com *.leadsrx.com *.snapchat.com *.facebook.com; script-src 'self' *.cloudflare.com *.googletagmanager.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net sc-static.net *.leadsrx.com *.google-analytics.com *.facebook.net *.snapchat.com 'unsafe-inline'; style-src 'self' *.cloudflare.com *.hsappstatic.net 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self'; child-src blob:; media-src * 'self' data: https: blob:; style-src 'self' 'unsafe-inline' *; img-src * 'self' data: https: blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; font-src * data: https:; frame-src * 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * blob: data: 'unsafe-inline';connect-src * 'unsafe-inline'; frame-src * 1
frame-ancestors https://vpai.pxb7.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://*.eqads.com https://*.msecnd.net https://*.cookielaw.org https://*.cloudflare.com https://*.facebook.net https://*.googleapis.com https://*.gstatic.com https://*.crazyegg.com https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.doubleclick.net https://*.vimeo.com https://*.secure.payconex.net; worker-src * blob:; worker-src blob:; img-src * blob: data:; 1
default-src 'self' https: data: blob:; connect-src https: wss:;script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline' blob:; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://www.riskdataobject.com; upgrade-insecure-requests; 1
frame-ancestors https://*.paxum.com 1
frame-ancestors www.gstatic.com *.stripe.com stripe.com 'self'; object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' https://hayward.com/customer/account/logout/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src https://haywardpools.tfaforms.net/ https://stackpath.bootstrapcdn.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/css/font-awesome.min.css *.adobe.com fonts.googleapis.com *.yotpo.com *.googleapis.com unsafe-inline assets.braintreegateway.com static.ecorebates.com 'self' 'unsafe-inline'; script-src https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-2.2.4.min.js https://code.jquery.com/jquery-3.2.1.min.js https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.3.5/jquery.fancybox.min.js https://html5.dcatalog.com/dcviewer.js https://api.ipify.org/ https://unpkg.com/react@18/umd/react.production.min.js https://unpkg.com/react-dom@18/umd/react-dom.production.min.js https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://haywardpools.tfaforms.net/ assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com pay.google.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com tfaforms.com adobedc.demdex.net *.yotpo.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com static.ecorebates.com hayward.ecorebates.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src https://www.youtube.com 'self' *.adobe.com www.totallyhayward.com 'self' 'unsafe-inline'; img-src https://hayward-pool-assets.com https://haywardpools.tfaforms.net assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.yotpo.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; frame-src http://www.haywardnet.com https://html5.dcatalog.com https://haywardpools.tfaforms.net https://maps.google.com/ blob: fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com pay.google.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com haywardpools.tfaforms.net *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; font-src https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.4.0/ *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com static.ecorebates.com data: 'self' 'unsafe-inline'; connect-src https://www.haywardnet.com/inground/products/energysolutions/getEnergyCalculatorResults.cfm https://hayward.ecorebates.com/ https://hayward-test-jsons.s3.amazonaws.com/data/locationData.json https://hayward-test-jsons.s3.amazonaws.com/data/featuresData.json https://hayward-test-jsons.s3.amazonaws.com/data/materialData.json https://hayward-test-jsons.s3.amazonaws.com/data/propertyTypeData.json https://hayward-test-jsons.s3.amazonaws.com/data/shapeSizeData.json https://hayward-test-jsons.s3.amazonaws.com/data/galleryData.json https://www.youtube.com https://assets.adobedtm.com/ https://adobedc.demdex.net/ https://edge.adobedc.net https://us-east-1-otel.formassembly.com/v1/traces https://stats.g.doubleclick.net/g/collect dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com thm.visa.com api.addressy.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com bam.nr-data.net js-agent.newrelic.com *.yotpo.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; default-src  'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self';font-src 'self' fonts.gstatic.com https://cdnjs.cloudflare.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com  https://www.google-analytics.com https://www.googletagmanager.com https://browser-update.org https://v4in1-si.click4assistance.co.uk https://maxcdn.bootstrapcdn.com https://*.salford.gov.uk;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.gstatic.com;img-src 'self' https://api.os.uk https://*.salford.gov.uk https://cdnjs.cloudflare.com https://server.arcgisonline.com https://www.googletagmanager.com https://www.google-analytics.com https://v4in1-si.click4assistance.co.uk data:;frame-src 'self' https://www.youtube-nocookie.com v4in1-si.click4assistance.co.uk https://lightwidget.com https://v4in1-ti.click4assistance.co.uk;connect-src https://*.salford.gov.uk https://region1.google-analytics.com https://www.google-analytics.com  https://stats.g.doubleclick.net https://www.youtube-nocookie.com data:;frame-ancestors 'self'; script-src-elem 'self' 'unsafe-inline' https://cdn.lightwidget.com https://platform.twitter.com https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://www.googletagmanager.com https://browser-update.org https://v4in1-si.click4assistance.co.uk https://*.salford.gov.uk https://code.jquery.com https://www.google.com https://www.gstatic.com 1
frame-ancestors https://cms.aitworldwide.com https://cms.prod.aitworldwide.com https://aitworldwide.com https://www.aitworldwide.com https://prod.aitworldwide.com 1
default-src * data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' *.local *.umbraco.io *.selfmade.com 1
font-src 'self' https://use.typekit.net/ https://cdn.curator.io/ https://fonts.gstatic.com/ https://cdnapisec.kaltura.com/; object-src 'none'; frame-ancestors 'self' https://experience.elluciancloud.com/ 1
child-src https://www.youtube.com https://bid.g.doubleclick.net; connect-src 'self' https://forms.hscollectedforms.net https://*.linkedin.oribi.io https://forms.hsforms.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://*.hubspot.com https://*.hubapi.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ads.linkedin.com https://bat.bing.com; default-src 'self'; font-src 'self' https://use.fontawesome.com https://*.hotjar.com; frame-src https://*.facebook.com https://app.hubspot.com https://forms.hsforms.com https://www.youtube.com https://*.hotjar.com; img-src 'self' data: https://www.employers.com https://bat.bing.com https://www.google-analytics.com https://www.google.com https://www.linkedin.com https://*.ads.linkedin.com https://www.facebook.com https://t.co https://analytics.twitter.com https://track.hubspot.com https://*.hsforms.com https://p.adsymptotic.com https://*.hotjar.com https://*.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net/ https://js.hsforms.net https://js.hsleadflows.net https://www.youtube.com https://bat.bing.com https://connect.facebook.net https://unpkg.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://ajax.googleapis.com https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://static.ads-twitter.com https://168825.tctm.co https://*.usemessages.com https://snap.licdn.com https://*.hotjar.com https://app.hubspot.com https://static.hsappstatic.net/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://unpkg.com/ https://*.fontawesome.com/ https://*.hotjar.com; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; block-all-mixed-content; form-action *; frame-ancestors 'self' https://heatmap.it/; upgrade-insecure-requests; base-uri 'self'; 1
connect-src * https://*.decibelinsight.net * https://*.decibel.com * wss://collection.decibelinsight.net/i/14080/  * wss://*.decibelinsight.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' www.raa.se *.raa.se raa.diva-portal.org *.readspeaker.com *.vimeo.com *.bokinfo.se *.cloudfront.net *.mynewsdesk.com sketchfab.com feeds.feedburner.com k-blogg.se *.flickr.com *.staticflickr.com *.elementor.com *.typekit.net *.google.com *.gravatar.com *.youtube.com code.jquery.com libguides-proc-eu.springyaws.com lgapi-eu.libapps.com libapps-eu.s3.amazonaws.com *.youtu.be *.youtube-nocookie.com webshop.publit.com *.infra.entryscape.com webstats.sgit.se webbanalys.sgit.se widget.publit.com *.hotjar.io ws: ws.hotjar.com *.anpdm.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.readspeaker.com *.typekit.net code.jquery.com *.google.com *.gstatic.com cdn.jsdelivr.net unpkg.com *.hotjar.com catalog.raa.se static.entryscape.com webstats.sgit.se *.publit.com webbanalys.sgit.se widget.publit.com *.libapps.com; style-src 'self' 'unsafe-inline' *.readspeaker.com *.libapps.com *.googleapis.com unpkg.com; font-src 'self' data: *.wp.com *.typekit.net fonts.gstatic.com static.entryscape.com *.libapps.com; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ampproject.org fpnpmcdn.net *.gstatic.com *.googletagmanager.com *.hotjar.com *.fbcdn.net https://ssl.gstatic.com https://www.google-analytics.com *.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org *.adform.net https://static.zdassets.com *.zendesk.com connect.facebook.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com www.youtube.com www.googletagmanager.com cdnjs.cloudflare.com cdn.jsdelivr.net js.hsforms.net issuu.com  *.cookiebot.com snap.licdn.com *.survicate.com *.sitecampaign.com www.google-analytics.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.com *.sleeknote.com *.hs-scripts.com www.googleadservices.com *.usemessages.com *.hs-analytics.net *.hs-banner.com  *.google.com *.hubspot.com *.gstatic.com *.useberry.com *.alinea.dk *.pinimg.com *.adform.net *.apsis.one *.pinterest.com *.googlesyndication.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com *.survicate.com *.gstatic.com *.googleapis.com; img-src 'self' data: blob: www.bugherd.com bugherd-attachments.s3.amazonaws.com *.hsforms.com *.alinea.dk alinea.dk *.linkedin.com *.cookiebot.com www.facebook.com *.sitecampaign.com *.sleeknote.com *.google.com *.google.se *.google.ro *.google.dk *.google.it *.google.co.uk www.googletagmanager.com www.google-analytics.com *.hubspot.com *.doubleclick.net *.gstatic.com; media-src 'self'; frame-src 'self' player.vimeo.com *.alinea.dk alinea.dk www.youtube.com *.cookiebot.com *.doubleclick.net www.google.com vimeo.com *.hsforms.com issuu.com www.facebook.com *.alinea.dk youtu.be *.pinterest.com ; font-src 'self' *.sitecampaign.com *.survicate.com *.gstatic.com; connect-src 'self' *.alinea.dk *.alinea.dk:9200 *.pusher.com api.dataforsyningen.dk hubspot-forms-static-embed-eu1.s3.amazonaws.com *.hsforms.com *.sitecampaign.com *.cookiebot.com *.google-analytics.com *.doubleclick.net *.linkedin.com *.usemessages.com *.hubspot.com *.google.ro *.google.dk *.google.com *.google.it *.google.co.uk *.hotjar.com *.hotjar.io *.googleapis.com www.facebook.com *.survicate.com www.googletagmanager.com wss://ws.hotjar.com wss://ws-mt1.pusher.com *.pinterest.com client-rapi.recombee.com adservice.google.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://mynfon.net https://partners.nfon.com; 1
script-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:;style-src 'self' 'unsafe-inline' https:;default-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-ancestors 'self' https:; 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.octapharma.com https://app.storyblok.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' www.instagram.com *.svc.dynamics.com ajax.aspnetcdn.com mktdplp102cdn.azureedge.net player.vimeo.com radiomd.com public.earthcam.net healthcare.healthrecordwizard.com connect.facebook.net *.hotjar.com www.youtube.com www.google-analytics.com bam.nr-data.net www.googletagmanager.com js-agent.newrelic.com www.gstatic.com maps.googleapis.com unpkg.com cdn.jsdelivr.net www.google.com optimize.google.com ajax.googleapis.com cdnjs.cloudflare.com blob: *.mapsindoors.com *.containers.piwik.pro; object-src 'self' 'unsafe-eval' 'unsafe-inline' healthcare.healthrecordwizard.com; frame-ancestors 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://discord.com; font-src 'self'; frame-src 'self' https://www.youtube.com; img-src 'self' data: https://avatars.githubusercontent.com https://img.shields.io https://github.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self' *.hotjar.com *.hotjar.io app.cloud.scorm.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com knowany.service.signalr.net knowany-dev.service.signalr.net knowany-prodb.service.signalr.net stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-prodb.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com; script-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.com *.hotjar.io app.cloud.scorm.com app.getbeamer.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com js.recurly.com knowany.service.signalr.net knowany-dev.service.signalr.net knowany-prodb.service.signalr.net stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-prodb.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google.com www.google-analytics.com www.google-analytics.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' *.hotjar.com *.hotjar.io app.cloud.scorm.com app.getbeamer.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com fonts.googleapis.com fonts.gstatic.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com js.recurly.com knowany.service.signalr.net knowany-dev.service.signalr.net knowany-prodb.service.signalr.net netdna.bootstrapcdn.com stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-prodb.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com; img-src 'self' data: *.hotjar.com *.hotjar.io *.knowledgeanywhere.com *.lynda.com *.opensesame.com app.cloud.scorm.com app.getbeamer.com backend.getbeamer.com blob: bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com i.vimeocdn.com i.ytimg.com knowany.service.signalr.net knowany-dev.service.signalr.net knowany-prodb.service.signalr.net media.licdn.com stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-prodb.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com www.google-analytics.com; font-src 'self' *.hotjar.com *.hotjar.com *.hotjar.io app.cloud.scorm.com app.getbeamer.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com fonts.googleapis.com fonts.gstatic.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com knowany.service.signalr.net knowany-dev.service.signalr.net knowany-prodb.service.signalr.net netdna.bootstrapcdn.com stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-prodb.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com; media-src *.hotjar.com *.hotjar.io app.cloud.scorm.com backend.getbeamer.com bookmarklet-prototype.lrs.io content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com knowany.service.signalr.net knowany-dev.service.signalr.net knowany-prodb.service.signalr.net stats.g.doubleclick.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-prodb.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google-analytics.com; frame-src 'self' *.hotjar.com *.hotjar.io *.vimeo.com *.youtube.com app.cloud.scorm.com app.cloud.scorm.com app.getbeamer.com app.pandadoc.com backend.getbeamer.com bookmarklet-prototype.lrs.io cloud.scorm.com content-dev.knowledgeanywhere.com galatea-content-dev.knowledgeanywhere.com https://content.fordservicetraining.com https://content.learn.synchronybusiness.com https://content.proteamuniversity.com https://content-dev.thenewlearner.com https://content-prod.knowledgeanywhere.com https://content-prod.thenewlearner.com https://www.fordservicetraining.com knowany.service.signalr.net knowany-dev.service.signalr.net knowany-prodb.service.signalr.net players.brightcove.net stats.g.doubleclick.net vod-progressive.akamaized.net wss://knowany.service.signalr.net wss://knowany-demo.service.signalr.net wss://knowany-dev.service.signalr.net wss://knowany-prodb.service.signalr.net wss://knowany-staging.service.signalr.net wss://ws.hotjar.com www.google.com www.google-analytics.com; 1
base-uri 'none'; object-src 'none'; script-src https://www.elektronauts.com/logs/ https://www.elektronauts.com/sidekiq/ https://www.elektronauts.com/mini-profiler-resources/ https://www.elektronauts.com/assets/ https://www.elektronauts.com/brotli_asset/ https://www.elektronauts.com/extra-locales/ https://www.elektronauts.com/highlight-js/ https://www.elektronauts.com/javascripts/ https://www.elektronauts.com/plugins/ https://www.elektronauts.com/theme-javascripts/ https://www.elektronauts.com/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; worker-src 'self' https://www.elektronauts.com/assets/ https://www.elektronauts.com/brotli_asset/ https://www.elektronauts.com/javascripts/ https://www.elektronauts.com/plugins/ 1
frame-ancestors 'self' *.uniqa.at app.storyblok.com; object-src 'none'; worker-src 'self' blob: https://*.uniqaat.link https://*.uniqa.at; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.storyblok.com https://*.uniqa.at https://www.googletagmanager.com https://assets.adobedtm.com https://activitymap.adobe.com https://sitecatalyst.omniture.com https://cdn1.api.trustedshops.com https://api.trustedshops.com https://connect.facebook.net https://googleads.g.doubleclick.net https://uniqaitservicesgmbh.d3.sc.omtrdc.net https://uniqaitservicesgmbh.tt.omtrdc.net https://www.facebook.com https://www.google.com https://www.google.at https://www.googleadservices.com https://bot-t.testcloud.uniqa.at https://bot.cloud.uniqa.at https://smartform-react-t.testcloud.uniqa.at https://smartform-react.cloud.uniqa.at https://*.serving-sys.com https://*.mindtake.com https://maps.googleapis.com https://smartform-api.cloud.uniqa.at https://smartform-api-t.testcloud.uniqa.at https://www.gstatic.com https://w.usabilla.com https://s.pinimg.com https://ct.pinterest.com https://secure.adnxs.com https://sw-assets.ekomiapps.de https://smart-widget-assets.ekomiapps.de https://smartforms.ekomi.com https://prep-cookie-banner.unext-test.uniqa.cloud https://*.uniqaat.link; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.eu.usercentrics.eu https://sdp.eu.usercentrics.eu https://app.usercentrics.eu https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://fast-static.smarketer.de https://fast.smarketer.de https://www.google.com https://www.youtube.com https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://app.usercentrics.eu/latest/main.js https://privacy-proxy.usercentrics.eu https://www.googletagmanager.com https://static.b-ite.com https://cs-assets.b-ite.com https://api.usercentrics.eu https://tarteaucitron.io; frame-ancestors 'self' 1
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://cdn.iubenda.com https://www.iubenda.com https://cs.iubenda.com https://www.googletagmanager.com https://js.hs-analytics.net https://*.hubapi.com/ https://app.hubspot.com/ https://connect.facebook.net/ https://js.hs-analytics.net/ https://js.hs-banner.com/9412099.js https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/collectedforms.js https://js.hsleadflows.net/leadflows.js https://platform.linkedin.com/in.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/ https://www.google-analytics.com/analytics.js https://www.googleadservices.com/ https://www.googletagmanager.com/gtag/js 'strict-dynamic' 'nonce-mjq0odqyntc2niwzndcxodc3ntkz' https://static.hsappstatic.net https://js.hubspot.com https://*.hotjar.com 'nonce-4CMFgRau79R4T0tuNMfQGA=='; script-src-elem 'self' 'unsafe-inline' https://cdn.iubenda.com https://www.iubenda.com https://cs.iubenda.com https://ajax.googleapis.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://js.hs-analytics.net https://*.hubapi.com/ https://app.hubspot.com/ https://connect.facebook.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net/ https://js.hsleadflows.net https://platform.linkedin.com https://platform.twitter.com https://snap.licdn.com https://www.googleadservices.com https://www.googletagmanager.com https://static.hsappstatic.net https://js.hubspot.com https://*.hotjar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.hsappstatic.net https://*.hotjar.com; img-src 'self' data: https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://static.hsappstatic.net https://px.ads.linkedin.com https://*.hubspotusercontent40.net https://i.ytimg.com https://track.hubspot.com https://*.hsforms.com https://*.hubspot.com https://www.facebook.com https://*.hotjar.com; font-src 'self' https://25688260.fs1.hubspotusercontent-eu1.net/ https://fonts.gstatic.com https://*.hotjar.com; connect-src 'self' https://hits-i.iubenda.com https://cp.hubspot.com https://region1.analytics.google.com https://forms-eu1.hsforms.com https://forms.hubspot.com https://cta-service-cms2.hubspot.com https://region1.google-analytics.com https://www.googletagmanager.com https://forms-na1.hsforms.com https://js.hs-banner.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api.hubapi.com https://forms.hsforms.com https://cdn.linkedin.oribi.io https://forms.hscollectedforms.net  https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://app.hubspot.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.co.uk https://www.google.com; media-src 'self' https://f.hubspotusercontent40.net; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/ https://forms.hsforms.com https://platform.twitter.com https://www.youtube.com https://td.doubleclick.net; worker-src 'none'; form-action 'self' https://forms.hsforms.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri https://61b7343f14685c32c2347988.endpoint.csper.io; 1
worker-src blob:; font-src *.microsoftstore.com.cn http://c.s-microsoft.com/ *.microsoft.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.95516.com *.alipay.com *.microsoftstore.com.cn 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.microsoftstore.com.cn *.live.com https://publisher.liveperson.net/ *.clicktale.net/ *.gfx.ms https://open.weixin.qq.com https://microsoft.com/* https://shopin3d-dev.azurefd.net https://shopin3d-ppe.azurefd.net https://shopin3d.azurefd.net https://microsoft.com https://www.microsoft.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com https://unpkg.com *.jd.com *.bing.com *.baidu.com *.live.com *.pvxt.net *.msafflnk.net *.google.com *.google.com.hk *.googleadservices.com *.microsoft.com *.doubleclick.net *.s-microsoft.com *.microsoftstore.com.cn *.ipinyou.com blob: *.akamaized.net *.clicktale.net *.youku.com *.xtgreat.com *.iqiyi.com *.sohu.com *.sina.com.cn *.xelements.cn *.qq.com *.chinacloudapi.cn *.streaming.mediaservices.chinacloudapi.cn data: 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.baidu.com https://unpkg.com *.live.com *.wx.qq.com *.bing.com *.msecnd.net *.adobedtm.com *.impactradiuscdn-event.com *.microsoft.com *.microsoftstore.com.cn *.gfx.ms https://wcpstatic.microsoft.com/mscc/lib/v2/wcp-consent.js http://amp.azure.net/libs/amp/1.8.0/azuremediaplayer.min.js *.clicktale.net app.contentsquare.com *.ipinyou.com *.azure.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.baidu.com *.live.com *.bing.com *.microsoftstore.com.cn *.microsoft.com *.akamaized.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.microsoftstore.com.cn blob: *.chinacloudapi.cn http://commondatastorage.googleapis.com *.streaming.mediaservices.chinacloudapi.cn 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.pvxt.net https://unpkg.com *.live.com *.bing.com *.baidu.com *.msafflnk.net *.microsoft.com *.microsoftstore.com.cn blob: https://consentreceiverfd-prod.azurefd.net/v1/consent http://code.vostrel.net/jquery.reel.cur *.tt.omtrdc.net *.clicktale.net *.applicationinsights.azure.cn https://storevideo.streaming.mediaservices.chinacloudapi.cn https://app-exp-dev-chinaeast2-001.chinacloudsites.cn https://app-exp-uat-chinaeast2-001.chinacloudsites.cn https://app-exp-prod-chinaeast2-001.chinacloudsites.cn 'self' 'unsafe-inline'; child-src blob: http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.fleetdeck.io https://cognito-idp.us-west-2.amazonaws.com/ https://*.googleapis.com https://*.googlesyndication.com https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google.com https://*.doubleclick.net/ https://heapanalytics.com/ https://*.heapanalytics.com/ https://js.stripe.com/; script-src 'self' 'unsafe-inline' https://cognito-idp.us-west-2.amazonaws.com/ https://fonts.googleapis.com/ https://*.googleapis.com https://*.googlesyndication.com https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google.com https://googleads.g.doubleclick.net/ https://heapanalytics.com/ https://*.heapanalytics.com/ https://js.stripe.com/; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
default-src 'self' https://dl.dropboxusercontent.com https://www.youtube.com https://forms.tildaapi.com https://sber-solutions.ru 'unsafe-eval' 'unsafe-inline' https://mc.yandex.ru; style-src 'unsafe-inline' 'self' https://cdn.jsdelivr.net https://static.tildacdn.com https://static3.tildacdn.com https://app.comagic.ru; frame-ancestors 'self' https://partners.dasreda.ru https://partners.dev.dasreda.ru https://partners.uat.dasreda.ru; script-src-elem 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://neo.tildacdn.com https://www.googletagmanager.com https://mc.yandex.ru https://app.comagic.ru http://st.yagla.ru https://connect.facebook.net https://top-fwz1.mail.ru https://www.google-analytics.com http://st.hybrid.ai https://dss.hybrid.ai https://static.tildacdn.com https://emd.hybrid.ai; font-src 'self' https://app.comagic.ru https://static.tildacdn.com; connect-src 'self' https://feeds.tildaapi.com https://suggestions.dadata.ru https://forms.tildaapi.com https://server.comagic.ru https://mc.yandex.ru https://app.comagic.ru https://tracker.comagic.ru https://www.google-analytics.com https://stats.g.doubleclick.net https://stat.tildacdn.com https://analytics.google.com https://neo.tildacdn.com; img-src 'self' https://static.tildacdn.com https://www.facebook.com https://top-fwz1.mail.ru https://dss.hybrid.ai https://* data:; 1
default-src 'self' beruby.com; script-src 'self' 'unsafe-inline' beruby.com https://coupons.valassis.eu https://www.dwin2.com https://cdn.cpx-research.com https://widget.proyectosyseguros.com:9080 https://bam.nr-data.net https://js-agent.newrelic.com https://cdn.cibernova.es https://bots.cibernova.es https://platform.twitter.com https://appleid.cdn-apple.com https://apis.google.com https://unpkg.com https://connect.facebook.net https://static.ads-twitter.com https://accounts.google.com https://analytics.tiktok.com https://www.google.com https://www.gstatic.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cdn.jsdelivr.net https://kit.fontawesome.com https://ka-f.fontawesome.com https://kit-free.fontawesome.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://googleads.g.doubleclick.net 'unsafe-eval' beruby.com; style-src 'self' 'unsafe-inline' beruby.com https://widget.proyectosyseguros.com:9080 https://cdn.cibernova.es https://kit.fontawesome.com https://ka-f.fontawesome.com https://kit-free.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cdn.jsdelivr.net; img-src 'self' data: * beruby.com *.beruby.com https://gravatar.com https://www.google-analytics.com https://eurob2b.amilon.eu https://www.google.com https://www.google.es https://syndication.twitter.com; font-src 'self' data: beruby.com https://widget.proyectosyseguros.com:9080 https://ka-f.fontawesome.com https://kit.fontawesome.com https://kit-free.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://www.proyectosyseguros.com; frame-src 'self' beruby.com https://coupons.valassis.eu https://bots.cibernova.es https://offers.cpx-research.com https://persona.ly https://td.doubleclick.net https://www.google.com https://accounts.google.com https://www.facebook.com https://platform.twitter.com; connect-src 'self' beruby.com https://bam.nr-data.net https://jsscriptv1-live.cpx-research.com  https://www.google.es https://stats.g.doubleclick.net https://region1.analytics.google.com https://region1.google-analytics.com https://analytics.tiktok.com https://ka-f.fontawesome.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://widget.proyectosyseguros.com:9080; frame-ancestors 'self' beruby.com; 1
frame-ancestors 'self' https://*.bungalow.com 1
img-src *; media-src 'self'; font-src *; frame-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests 1
default-src 'self' ; connect-src 'self' https://dc.services.visualstudio.com/v2/track https://pui.episerver.net/api/telemetryconfig https://maps.googleapis.com https://www.google-analytics.com https://region1.google-analytics.com/g/collect https://esp-eu.aptrinsic.com/ https://*.cookieinformation.com/ https://stats.g.doubleclick.net/j https://pagecorrect.monsido.com/ https://tr-shadow.snapchat.com/ https://tr.snapchat.com/ https://stats.g.doubleclick.net/ https://cdn.linkedin.oribi.io/partner/1648329/ https://vc.hotjar.io/sessions/3312419 https://*.hotjar.com https://*.jotform.com wss://eu-sockets.jotform.io https://oc-cdn-public-eur.azureedge.net/livechatwidget/configs/ ws://localhost:* wss://*.hotjar.com/api/v2/client/ws https://content.hotjar.io/ https://csp.withgoogle.com/csp/ https://surveystats.hotjar.io/ https://ask.hotjar.io/ https://heatmaps.monsido.com https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ https://api.gobistories.com/api/v5/ https://res.cloudinary.com/gobi-technologies-as/; font-src 'self' https://fonts.gstatic.com/ https://*.cloudfront.net/ https://*.typekit.net/ https://script.hotjar.com; frame-src 'self' https://policy.app.cookieinformation.com/ https://www.youtube-nocookie.com/ https://togkart.banenor.no/ https://oc-cdn-public-eur.azureedge.net/ https://tr-shadow.snapchat.com/ https://tr.snapchat.com/ https://*.jotform.com https://*.jotfor.ms https://*.jotform.io https://9742880.fls.doubleclick.net/ https://cse.google.com/ https://banenor.maps.arcgis.com/ https://td.doubleclick.net/ https://consentcdn.cookiebot.com/ https://rtd.banenor.no/; img-src 'self' https://s3-eu-west-1.amazonaws.com/hj-insights/surveys/ https://script.hotjar.com https://maps.gstatic.com https://maps.googleapis.com https://tracking.monsido.com/ https://ib.adnxs.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/px/ https://www.facebook.com/tr/ https://no-gmtdmp.mookie1.com/ https://*.gstatic.com/ https://*.jotfor.ms/ https://*.jotform.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cse.google.com/ https://www.google.com/ https://clients1.google.com https://www.googleapis.com https://ad.doubleclick.net/ https://tr.snapchat.com/ https://imgsct.cookiebot.com/ https://www.banenor.no https://www.banenoreiendom.no https://www.godslokka.no https://www.nyeoslos.no https://www.skistasjonsby.no https://www.trondheimsentralstasjon.no https://www.sundlandverk.no https://oppslagsverk.banenor.no data: https://banenor.papirfly.no/ https://res.cloudinary.com/gobi-technologies-as/; script-src 'self' https://static.hotjar.com https://js.monitor.azure.com https://maps.googleapis.com https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://code.jquery.com https://web-sdk-eu.aptrinsic.com/api/aptrinsic.js https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://www.google-analytics.com/ https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://policy.app.cookieinformation.com/ https://policy.app.cookieinformation.com/uc.js https://pagecorrect.monsido.com/ https://tracking.monsido.com/ https://app-script.monsido.com https://static.hotjar.com/c/hotjar-3312419.js https://script.hotjar.com/ https://acdn.adnxs.com/dmp/up/pixie.js https://cdn.mookie1.com/containr.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://sc-static.net/scevent.min.js https://stats.g.doubleclick.net/ https://tr-shadow.snapchat.com/ https://connect.facebook.net/ https://tr.snapchat.com/ https://*.jotformeu.com/ https://*.jotform.com https://*.jotfor.ms https://*.google.com/ https://heatmaps.monsido.com/v1/heatmaps.js https://snap.licdn.com/ https://consentcdn.cookiebot.com/ https://consent.cookiebot.com/ 'unsafe-inline' 'unsafe-eval' https://widget.gobistories.com/gwi/6; style-src 'self' https://js.monitor.azure.com https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net/ https://web-sdk-eu.aptrinsic.com/style.css https://oc-cdn-public-eur.azureedge.net/livechatwidget/ https://fonts.googleapis.com/ https://*.typekit.net/ https://www.googletagmanager.com/  https://*.jotfor.ms https://www.google.com/cse/ 'unsafe-inline'; media-src 'self' https://banenor.papirfly.no/ https://res.cloudinary.com/gobi-technologies-as/ data: blob: *; 1
block-all-mixed-content; base-uri 'none'; default-src 'self' refx-static.b-cdn.net; script-src 'self' 'nonce-92c8b8a384e4027d63f5f5f8bcea1867fc03346ab109200c8f025d042b83c2f4' 'strict-dynamic' refx-static.b-cdn.net w.soundcloud.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googleapis.com/ translate.google.com *.fontawesome.com; style-src 'self' 'unsafe-inline' refx-static.b-cdn.net *.googleapis.com *.fontawesome.com *.gstatic.com; child-src 'self' www.google.com www.youtube.com w.soundcloud.com; img-src 'self' data: refx-static.b-cdn.net i.ytimg.com www.gstatic.com/images/ translate.google.com *.googleapis.com maps.gstatic.com/mapfiles/ cdn.jsdelivr.net/emojione/; font-src 'self' data: refx-static.b-cdn.net fonts.gstatic.com *.fontawesome.com; connect-src 'self' *.googleapis.com *.fontawesome.com; worker-src 'self' 1
default-src 'self' https://*.synlab.com/ https://synlab.com.ddev.ddev.site/ https://use.fontawesome.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com/ https://stats.g.doubleclick.net/; script-src 'self' https://www.synlab.com/ https://synlab.com.ddev.ddev.site/ https://*.googleapis.com https://*.googletagmanager.com/ https://*.google-analytics.com/; style-src 'self' 'unsafe-inline' https://*.synlab.com/ https://synlab.com.ddev.ddev.site/ https://*.googleapis.com; frame-src https://*.vimeo.com; img-src data: https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.synlab.com/ https://synlab.com.ddev.ddev.site/ https://*.google.de/ https://*.google.com/ https://*.google-analytics.com/; frame-ancestors 'self' https://*.synlab.com; 1
frame-ancestors 'self'; report-uri https://www.inalco.fr/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.googletagmanager.com https://api.firststreet.org https://events.statsigapi.net https://plausible.io https://featuregates.org https://googleads.g.doubleclick.net https://calendly.com; child-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://raw.githubusercontent.com https://assets.firststreet.org https://assets.calendly.com; font-src 'self'; frame-src 'self' https://calendly.com; media-src 'self' https://assets.firststreet.org; connect-src 'self' https://maps.googleapis.com https://www.googletagmanager.com https://api.firststreet.org https://events.statsigapi.net https://plausible.io https://featuregates.org https://www.google-analytics.com https://server.api.mailchimp.com https://calendly.com 1
default-src 'self' *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms *.doubleclick.net *.wistia.com js.intercomcdn.com; style-src 'self' 'unsafe-inline'; connect-src 'self' wss: *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.google.com *.wistia.com *.facebook.com *.facebook.net *.bing.com *.clarity.ms *.doubleclick.net *.intercom.io calendly.com *.calendly.com *.paperlesspipeline.com; img-src 'self' data: *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.bing.com *.wistia.com *.clarity.ms *.calendly.com; script-src 'self' 'unsafe-inline' www.facebook.com connect.facebook.net www.google.com stats.g *.doubleclick.net *.wistia.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com widget.intercom.io js.intercomcdn.com api-iam.intercom.io *.paperlesspipeline.com bat.bing.com *.clarity.ms *.calendly.com; frame-src 'self' calendly.com *.calendly.com *.facebook.com *.doubleclick.net *.wistia.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.topdanmark.dk *.topdanmark.com *.topdanmark.cloud https://www.googletagmanager.com *.googletagmanager.com *.cookieinformation.com https://dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.imgeng.in *.google.dk *.google.se *.google.no *.google.nl *.google.gl *.google.gr *.google.pl *.google.iq www.google.com www.google-analytics.com https://www.google-analytics.com www.facebook.com widget.trustpilot.com *.doubleclick.net https://connect.facebook.net https://www.googleadservices.com www.googleadservices.com topdanmark.leadfamly.com trustpilot.com *.danid.dk cdnjs.cloudflare.com https://polyfill.io www.youtube.com *.ditonlinebetalingssystem.dk *.dawa.aws.dk *.scalepoint.com www.talenthub.io https://talenthub.io https://s3.eu-central-1.amazonaws.com/talenthub.io *.googleapis.com *.form.io https://app.vwo.com https://cdn.jsdelivr.net https://via.ritzau.dk https://leadvalidator.dk https://bat.bing.com https://www.clarity.ms https://static.zdassets.com *.insurely.com; frame-ancestors 'self' *.ci360.sas.com; 1
frame-ancestors *.firstclasswatches.co.uk *.firstclasswatches.com 1
default-src 'self'; script-src www.googletagmanager.com kit.fontawesome.com code.jquery.com cse.google.com cdn.insight.sitefinity.com dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com web.edgewood.edu www.edgewood.edu td.doubleclick.net/ https://td.doubleclick.net/ 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.technolutions.net https://cdnjs.cloudflare.com https://doublethedonation.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://static.formstack.com https://edgewood.edu *.vimeocdn.com https://insight.adsrvr.org https://edgewood.aidcalculator.com/ *.aidcalculator.com/ *.edgewood.edu *.hotjar.com *.google-analytics.com *.doubleclick.net *.monsido.com *.eab.com https://*.hotjar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.technolutions.net https://cdnjs.cloudflare.com https://doublethedonation.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://static.formstack.com https://edgewood.edu *.vimeocdn.com https://*.hotjar.com *.hotjar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.edgewood.edu https://tk0x1.com www.google.com clients1.google.com px.ads.linkedin.com https://insight.adsrvr.org https://*.monsido.com https://*.google-analytics.com https://trkn.us https://marvel-b1-cdn.bc0a.com https://srv.stackadapt.com https://bbox.blackbaudhosting.com https://edgewood-college.formstack.com https://doublethedonation.com https://edgewood.edu *.vimeo.com https://*.hotjar.com *.hotjar.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com doublethedonation.com static.formstack.com https://edgewood.edu https://*.hotjar.com *.hotjar.com; frame-src 'self' https://insight.adsrvr.org https://massinteract.com https://www.youtube.com https://www.facebook.com https://cdn.yoshki.com https://www.google.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com https://*.edgewood.edu https://edgewood-college.formstack.com https://afs.googlesyndication.com https://cse.google.com https://edgewood.edu *.vimeo.com https://d1eoo1tco6rr5e.cloudfront.net/ https://td.doubleclick.net/ https://edgewood.aidcalculator.com/ *.aidcalculator.com/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com analytics.google.com https://*.google-analytics.com https://*.fontawesome.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://*.technolutions.net https://*.monsido.com https://doublethedonation.com https://payments.blackbaud.com https://csp.withgoogle.com https://cse.google.com/ https://*.hotjar.com https://*.hotjar.io *.hotjar.com *.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://cdn.edgewood.edu https://edgewood.edu https://vimeo.com https://youtube.com *.vimeo.com https://player.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
base-uri 'self' https://desk.maila.net.br; default-src 'self' ws: wss: https://images.zammad.com; font-src 'self' data:; img-src * data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-cA83xUYzv38FVkQexEPd5g=='; style-src 'self' 'unsafe-inline'; frame-src www.youtube.com player.vimeo.com 1
default-src 'self' blob: data: *.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: redtrack.thebraintumourcharity.org *.google.com *.google.co.uk *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.stripe.com *.paypal.com *.paypalobjects.com www.sandbox.paypal.com *.hotjar.com service.force.com thebraintumourcharity.my.salesforce.com thebraintumourcharity.my.salesforce-sites.com *.salesforceliveagent.com cookiehub.net *.cookiehub.eu *.civiccomputing.com *.licdn.com *.linkedin.com *.facebook.net *.facebook.com *.youtube.com cdn.usefathom.com *.tiktok.com *.ttwstatic.com tfaforms.com cdn.getaddress.io static.lightning.force.com; style-src 'self' 'unsafe-inline' blob: data: cdn.usefathom.com service.force.com cookiehub.net *.civiccomputing.com *.linkedin.com thebraintumourcharity.my.salesforce-sites.com static.lightning.force.com *.ttwstatic.com; img-src 'self' data: assets.thebraintumourcharity.org *.google.com *.google.co.uk *.google-analytics.com *.googletagmanager.com maps.gstatic.com *.stripe.com *.facebook.com cdn.usefathom.com cookiehub.net *.cookiehub.eu *.civiccomputing.com *.linkedin.com *.paypal.com *.paypalobjects.com upload.wikimedia.org static.lightning.force.com; manifest-src 'self'; media-src 'self' assets.thebraintumourcharity.org; child-src 'self'; worker-src 'self' blob: data:; object-src 'self'; frame-src 'self' *.google.com *.stripe.com app.acuityscheduling.com *.paypal.com *.paypalobjects.com *.facebook.com *.googletagmanager.com *.doubleclick.net www.sandbox.paypal.com assets.braintreegateway.com tfaforms.com *.cookiehub.eu *.cookiehub.net *.civiccomputing.com www.tfaforms.com service.force.com thebraintumourcharity.my.salesforce-sites.com static.lightning.force.com *.youtube.com *.tiktok.com *.vimeo.com *.spotify.com; connect-src 'self' *.google.com *.google-analytics.com *.googleapis.com *.googlesyndication.com *.doubleclick.net checkout.stripe.com api.stripe.com cdn.linkedin.oribi.io analytics.tiktok.com wss://ws.hotjar.com *.hotjar.io *.facebook.com service.force.com app.acuityscheduling.com *.paypal.com *.cookiehub.eu *.cookiehub.net *.civiccomputing.com www.sandbox.paypal.com tfaforms.com redtrack.thebraintumourcharity.org thebraintumourcharity.my.salesforce-sites.com api.getaddress.io static.lightning.force.com px.ads.linkedin.com ds.cookiehub.net; frame-ancestors 'self' thebraintumourcharity.my.salesforce.com; upgrade-insecure-requests ; 1
img-src 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; report-uri https://psi.pixum.com/?ns=content-security-policy&service=base&module=status&action=report 1
default-src 'self'; script-src 'self' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.usemessages.com https://player.vimeo.com https://script.hotjar.com https://snap.licdn.com https://static.hotjar.com https://www.youtube.com https://js.hsforms.net http://js.hs-scripts.com https://js.hubspot.com/web-interactives-embed.js https://www.googleadservices.com http://*.googlesyndication.com https://www.google.com https://www.google.nl https://cdn.leadinfo.net; connect-src 'self' 'unsafe-inline' https://api.hubspot.com https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://content.hotjar.io https://forms.hubspot.com https://in.hotjar.com https://metrics.hotjar.io https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://vc.hotjar.io https://vimeo.com wss://ws.hotjar.com https://*.hsforms.com https://*.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net https://*.hubspot.com https://px.ads.linkedin.com https://collector.leadinfo.net https://api.leadinfo.com; img-src 'self' 'unsafe-inline' data: https://www.facebook.com https://www.google.nl https://www.googletagmanager.com https://i.vimeocdn.com https://i.ytimg.com https://*.ads.linkedin.com https://track.hubspot.com https://*.hsforms.com https://*.hubspot.com https://googleads.g.doubleclick.net https://www.google.com https://imgsct.cookiebot.com; child-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self' https://backend.anewspring.prod.verveagency.com https://app.hubspot.com https://player.vimeo.com https://www.youtube.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://forms.hsforms.com https://*.hs-sites.com http://tpc.googlesyndication.com https://td.doubleclick.net; 1
frame-ancestors 'self' *.funbridge.com ggdev08.csgames.net 1
default-src 'self'; script-src 'self' cdnjs.cloudflare.com static.cloudflareinsights.com analytics.nodecraft.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: nodecraft.com; child-src 'none'; font-src 'self' fonts.gstatic.com; connect-src 'self' api.nodecdn.net analytics.nodecraft.com; prefetch-src 'none'; object-src 'none'; form-action 'none'; frame-ancestors 'none'; upgrade-insecure-requests; 1
default-src 'self' blob: https://api2.amplitude.com https://*.zopim.com *.gentu.com.au *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com wss://*.zopim.com wss://*.smooch.com https://js.intercomcdn.com *.magentus.com; connect-src 'self' *.smooch.io wss://*.smooch.io https://api2.amplitude.com *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com wss://*.zopim.com *.gentu.com.au https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io  https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com wss://ws-api.production.genie-platform-production.com/websocket https://support.geniesolutions.com.au https://api.production.genie-platform-production.com https://production-template-public-images.s3.ap-southeast-2.amazonaws.com https://*.browser-intake-datadoghq.com https://*.geniesolutions.cloud *.magentus.com; font-src 'self' data: https://fonts.gstatic.com *.gentu.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com https://js.intercomcdn.com https://fonts.intercomcdn.com *.magentus.com; frame-src 'self' https://app.powerbi.com/ *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://www.youtube.com blob: https://*.geniesolutions.cloud *.magentus.com; img-src 'self' https://support.geniesolutions.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com data: blob: https://v2assets.zopim.io http://production-template-public-images.s3.amazonaws.com https://*.gentu.com.au https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://*.magentus.com; script-src 'self' blob: *.smooch.io https://app.powerbi.com *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://c.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la2s-core1.sfdc-vwfla6.salesforceliveagent.com https://c.la1-core1.sfdc-vwfla6.salesforceliveagent.com https://d.la1-core1.sfdc-vwfla6.salesforceliveagent.com *.gentu.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.magentus.com 'sha256-4ahLko5vU/CyrnVEylFrEST+snqnQGVDj3Bn7HsRCMw=' 'nonce-4NRJpQNYRWhKUyyrEEZWu6IJZ97eLDK4PJu6OObPMc0=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.gentu.com.au *.force.com https://geniesolutions--uatfull.sandbox.my.salesforce.com https://magentus.my.salesforce.com https://help.geniesolutions.com.au https://gentu-production-assets.s3-ap-southeast-2.amazonaws.com blob: *.magentus.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bicomsystems.com/ data: ; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; connect-src 'self' https://www.bicomsystems.com/ wss: 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://mvp.professional.works 1
frame-ancestors 'self' easypay5.com 1
connect-src 'self' https: *.hypd.co wss://*.hotjar.com 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=HK&lang=zh-Hant-HK&device=desktop&yrid=7v1spbdj45eja&partner=; 1
img-src 'self' data: *.insurance188.com brace.video.qq.com *.ebay.com *.salesforce.com *.ebay.cn myun-hw-s3.myun.tv *.myun.tv static.mudu.tv www.google-analytics.com *.salesforce.com *.force.com btrace.video.qq.com vm.gtimg.cn vpic.video.qq.com *.force.com rcgi.video.qq.com isdspeed.qq.com; 1
script-src 'unsafe-inline' 'unsafe-eval' http://127.0.0.1:* http://localhost:* docker:* dockerhost:* *.ad.questel.com:* *.kube-dev.qal.questel.fr:* *.kube-poc.qal.questel.fr:* *.orbit.com orbit.com *.orbit-intelligence.cn orbit-intelligence.cn *.questel.fr *.questel.com *.freshworks.com *.trychameleon.com *.google.com *.google.com.hk *.googleapis.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 1
frame-ancestors 'self' http://www.vaseline.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com d3vqdsjiuv1717.cloudfront.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: instant.page blob: *.clarity.ms *.jsdelivr.net *.googletagmanager.com *.netlify.app *.googleapis.com *.gstatic.com *.google-analytics.com *.bing.com *.bugsnag.com *.ytimg.com *.youtube.com *.indebted.co *.netlify.com *.nsvcs.net *.cloudflare.com *.navattic.com *.plyr.io noembed.com wss://*.twilio.com *.make.com *.zapier.com *.clearbitscripts.com *.licdn.com *.oribi.io *.linkedin.com *.visualwebsiteoptimizer.com paperform.co *.paperform.co https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.clearbitjs.com pageimprove.io *.clearbit.com *.frontapp.com *.ably-realtime.com wss://front-us-realtime.ably.io *.browser-intake-datadoghq.com *.cookiebot.com 1
default-src 'self' *.innerrange.com *.innerrange.cloud *.skytunnel.com *.skytunnel.com.au; form-action 'self' *.innerrange.com *.innerrange.cloud *.skytunnel.com *.skytunnel.com.au; report-to default 1
block-all-mixed-content; default-src https:; media-src https: blob: data:; style-src https: 'unsafe-inline'; font-src https: data:; script-src https: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; connect-src https: wss:; frame-src https:; prefetch-src https:; frame-ancestors https:; form-action https:; 1
default-src * self blob: data: gap:; style-src * self 'unsafe-inline' blob: data: gap: 'unsafe-eval' https://cdn-fnphg.nitrocdn.com/; script-src * 'self' 'unsafe-eval' 'unsafe-inline' blob: data: gap: https://cdn-fnphg.nitrocdn.com/ https://nitroscripts.com/; object-src * 'self' blob: data: gap:; img-src * self 'unsafe-inline' blob: data: gap: https://cdn-fnphg.nitrocdn.com/; connect-src self * 'unsafe-inline' blob: data: gap: https://cdn-fnphg.nitrocdn.com/ https://to.getnitropack.com/; frame-src * self blob: data: gap:; worker-src * self blob: data: gap: https://cdn-fnphg.nitrocdn.com/; child-src * self blob: data: gap:; font-src * self blob: data: gap: https://cdn-fnphg.nitrocdn.com/ 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.calcxml.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://accounts.google.com https://cdnapisec.kaltura.com https://bam-cell.nr-data.net https://bam.nr-data.net https://*.newrelic.com https://embed.widget.cx https://global.localizecdn.com/localize.js ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com http: https:; base-uri 'self'; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://cdnapisec.kaltura.com data: ; img-src 'self' https://www.calcxml.com https://cfvod.kaltura.com https://global.localizecdn.com https://cdn.careeronestop.org blob: data: ; media-src 'self' https://cdnapisec.kaltura.com https://www.careeronestop.org https://cdn.careeronestop.org https://cfvod.kaltura.com blob: data: ; frame-src 'self' https://accounts.google.com https://www.careeronestop.org https://web2.0calc.com blob: ; connect-src 'self' www.learningexpresshub.com *.learningexpresshub.info https://www.calcxml.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdnapisec.kaltura.com https://analytics.kaltura.com https://cfvod.kaltura.com https://www.careeronestop.org https://cdn.careeronestop.org *.cloudfront.net https://bam-cell.nr-data.net https://bam.nr-data.net https://global.localizecdn.com https://api.widget.cx https://*.amazonaws.com https://accounts.google.com https://metrics.articulate.com; worker-src 'self' blob: 1
img-src 'self' data: middlesexhealth.org res.cloudinary.com *.marchex.io *.gstatic.com *.googleapis.com *.ggpht www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.googleadservices.com *.doubleclick.net *.google.com *.facebook.com *.facebook.net *.ytimg.com *.hotjar.com *.hotjar.io tags.w55c.net ib.adnxs.com beacon.krxd.net usermatch.krdx.net ads.stickyadstv.com aa.agkn.com sync.search.spotxchange.com *.exelator.com ce.lijit.com x.bidswitch.net *.mookie1.com pixel.advertising.com ups.analytics.yahoo.com ads.scorecardresearch.com us-u.openx.net id5-sync.com analytics.twitter.com eb2.3lift.com image2.pubmatic.com match.sharethrough.com contextual.media.net match.srvr.org ad.sxp.smartclip.net px.britepool.com bh.contextweb.com tags.bluekai.com idsync.rlcdn.com pippio.com pixel.rubiconproject.com pixel.tapad.com match.adsrvr.org dsum-sec.casalemedia.com dpm.demdex.net sync.go.sonobi.com *.google.com.ar d.agkn.com *.google.co.in *.google.com.co *.google.es *.google.com.mx *.google.co.cr *.google.co.ve *.google.com.pe *.google.com.ph rtb-csync.smartadserver.com *.google.com.cu *.google.com.gt *.google.cl *.google.hn *.google.com.ec *.google.com.bo *.google.it *.google.com.sv *.google.com.uy *.google.co.uk *.google.com.do *.google.com.pa *.google.ru *.google.ca *.google.co.ke *.google.com.ni *.google.com.br *.google.co.jp *.google.ro *.google.fr *.google.de *.google.bt *.google.co.il *.google.co.ma *.google.co.uz *.google.com.pr *.google.com.py *.google.im *.google.jo *.google.iq *.google.com.jm *.google.com.tr *.google.nl *.google.co.nz *.google.am *.google.com.pk *.google.ad *.google.ae *.google.be *.google.ch *.google.co.id *.google.co.kr *.google.com.au *.google.com.kw *.google.com.ng *.google.com.qa *.google.com.sg *.google.com.vn *.google.gr *.google.pl *.google.pt *.google.tt *.google.se syndication.twitter.com acsbapp.com *.acsbapp.com usermatch.krxd.net s.amazon-adsystem.com analytics.middlesexhealth.org; connect-src 'self' www.google-analytics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.facebook.net *.facebook.com *.doubleclick.net *.google.com subwayblaze.com stats.g.doubleclick.net maps.googleapis.com acsbapp.com *.acsbapp.com mychart.middlesexhealth.org analytics.middlesexhealth.org; base-uri 'self'; frame-src 'self' bid.g.doubleclick.net www.googletagmanager.com www.google.com standalonechat.custhelp.com *.facebook.com www.youtube.com platform.twitter.com *.hotjar.com *.hotjar.io *.fls.doubleclick.net tpc.googlesyndication.com widgets.justgiving.com player.vimeo.com docs.google.com s.amazon-adsystem.com mychart.middlesexhealth.org mychart-np.et1124.epichosted.com 'nonce-OEVBMUYxMTQtRjRDNC0xNTQwLUI1RjQ2M0I4NkNEMDNCQjg='; style-src 'self' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com use.fontawesome.com acsbapp.com *.acsbapp.com mychart.middlesexhealth.org mychart-np.et1124.epichosted.com 'unsafe-inline'; script-src 'self' *.marchex.io maps.googleapis.com tagmanager.google.com www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.doubleclick.net www.google.com *.facebook.net www.youtube.com *.twitter.com *.hotjar.com *.hotjar.io widgets.justgiving.com acsbapp.com *.acsbapp.com mychart.middlesexhealth.org mychart-np.et1124.epichosted.com analytics.middlesexhealth.org 'sha256-z8HvbL92WDOyxzQMY+yhunyy9G0BtBQw/JKoqAArp4M=' 'sha256-neHSFcGerCjk/f80zRm6wrIkmhJzp5k/e2k1Z43Rf34=' 'sha256-JYPKAdKpmqvinjkdbs61NfJ/z1j4ompNBe6yn50GdE8=' 'sha256-yx51GW2W4+6lhHmmmQBOnWJ84WkQ5BkJmVLsuVvyMCM=' 'sha256-RpEYUDTEwSfM8w+xxGHAamEeB1VXYYzrSmPJlOQf/VI=' 'sha256-4dOjWZLiI2jPrNg0SbxLAcql6pFi0N54lpRMbzjYNk8=' 'sha256-T3f7Y+N5F8hopfT+Q/3n37iMrPOiRG+NNM35BdzVqq8=' 'sha256-M1DEmsewC7IlDEHWd35hsxX7eF4DrCdhnT/mezLByco=' 'sha256-TFkj3JiFJFZ6eMPimcbMkT42KYv6k4TJzo6r/hR5ArY=' 'sha256-EntWS0hFrz2vH7susM+dPUxvHlL6sBswmM8K80E5oUk=' 'sha256-R7/tKi0cGqEEByPtfjDbrPkylAffNU9mwp3FPqYkA/A=' 'sha256-8oRhPVElixy01PFtJM/UB7+cvWhQBKpkvdgL7ARapTQ=' 'sha256-80KNIIf9j0xcqVYELBs9oGlnz61CQiui6pP1GVHqDg8=' 'sha256-j/wa/Cf3wUT+s6GSvm6r6T/d0dKZgySbHl6WNHyH2QA=' 'sha256-8hXF+oX2sXnrVI0KaBT20t4ioBZxC9TKHAcKg7rPGds=' 'nonce-OEVBMUYxMTQtRjRDNC0xNTQwLUI1RjQ2M0I4NkNEMDNCQjg='; font-src 'self' data: fonts.googleapis.com use.fontawesome.com fonts.gstatic.com *.hotjar.com *.hotjar.io acsbapp.com *.acsbapp.com; default-src 'self' www.rnengage.com stats.g.doubleclick.net standalonechat.widget.custhelp.com adservice.google.com res.cloudinary.com; 1
frame-ancestors 'self' https://buttercms.com 1
default-src 'self'; connect-src 'self' matomo.sib.swiss noembed.com cdn.plyr.io sentry-dev.vital-it.ch www.vital-it.ch; font-src 'self' fonts.bunny.net cdn.jsdelivr.net fonts.gstatic.com cdnjs.cloudflare.com data: ; img-src 'self' www.sib.swiss matomo.sib.swiss data: i.ytimg.com *.twitter.com wayf.switch.ch infozentrum.ethz.ch; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.sib.swiss cdn.plyr.io www.youtube.com wayf.switch.ch cdnjs.cloudflare.com code.jquery.com static.filestackapi.com cdn.datatables.net ajax.googleapis.com player.vimeo.com; style-src 'self' 'unsafe-inline' cdn.plyr.io fonts.bunny.net wayf.switch.ch cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com cdn.datatables.net; frame-src 'self' www.youtube-nocookie.com player.vimeo.com; frame-ancestors 'self' https://sibcloud.sharepoint.com/ https://intranet.sib.swiss/; 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'nonce-v3kau38zbagv2vpm' https://*.mta.info https://*.mylirr.org https://*.mapbox.com https://*.sentry.io data: blob:; style-src 'self' 'unsafe-inline' 1
form-action 'self' https://www.facebook.com/tr/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://crowdin.com https://cdn.jsdelivr.net http://cdn.crowdin.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com https://*.google-analytics.com https://*.stripe.com https://*.cloudflare.com connect.facebook.net https://djtflbt20bdde.cloudfront.net *.amplitude.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com https://*.outbrain.com https://*.sentry-cdn.com https://beacon-v2.helpscout.net https://cdn.checkout.com https://*.cloudinary.com https://*.elfsight.com; child-src 'self' http://crowdin.com http://cdn.crowdin.com https://*.facebook.com https://www.google.com/recaptcha/ https://*.youtube.com https://*.youtu.be https://*.vimeo.com https://*.stripe.com https://djtflbt20bdde.cloudfront.net https://connect.facebook.net https://bid.g.doubleclick.net https://*.checkout.com; base-uri 'self'; img-src * data:; media-src 'self' blob: https://*.cloudinary.com; style-src 'self' 'unsafe-inline' http://crowdin.com http://cdn.crowdin.com https://fonts.googleapis.com https://*.stripe.com https://djtflbt20bdde.cloudfront.net https://use.fontawesome.com https://cdnjs.cloudflare.com; connect-src 'self' https://*.cloudinary.com https://*.stripe.com *.helpscoutdocs.com *.helpscout.net *.amplitude.com *.facebook.com api.unsplash.com api.typeform.com images.unsplash.com *.google-analytics.com *.analytics.google.com analytics.google.com *.algolia.net *.algolianet.com https://maps.googleapis.com stats.g.doubleclick.net analytics.tiktok.com https://*.ingest.sentry.io https://d3hb14vkzrxvla.cloudfront.net https://*.checkout.com https://*.outbrain.com  https://*.elfsight.com; default-src 'self' https://djtflbt20bdde.cloudfront.net; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://js.hsforms.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://kit.fontawesome.com https://assets.buzzsprout.com https://www.buzzsprout.com https://maps.googleapis.com https://maps.google.com https://www.google.com https://analytics.rubensteintech.com https://www.google-analytics.com https://use.typekit.net https://p.typekit.net https://www.googletagmanager.com https://maps.gstatic.com https://www.gstatic.com https://snap.licdn.com https://www.linkedin.com https://static.ads-twitter.com https://px.ads.linkedin.com https://analytics.twitter.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://www.youtube.com https://s.ytimg.com https://cdn.plyr.io https://cse.google.com https://siteimproveanalytics.com https://player.vimeo.com; frame-src https://forms.hsforms.com https://www.buzzsprout.com https://www.facebook.com https://platform.twitter.com https://www.youtube.com https://cdn.plyr.io https://t.co https://cdn.yoshki.com https://player.vimeo.com 'self' https://*.google.com; connect-src 'self' https://forms.hscollectedforms.net https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://forms.hubspot.com https://ka-f.fontawesome.com https://analytics.twitter.com https://cdn.plyr.io https://cse.google.com https://maps.googleapis.com https://vimeo.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://www.facebook.com/tr/; style-src 'self' 'unsafe-inline' https://p.typekit.net https://fonts.googleapis.com https://maps.googleapis.com https://www.google.com https://cloud.typography.com https://use.typekit.net https://hello.myfonts.net https://platform.twitter.com https://assets.buzzsprout.com; font-src 'self' https://ka-f.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://use.typekit.net https://p.typekit.net data:; img-src 'self' https://www.google.com https://track.hubspot.com https://forms-na1.hsforms.com https://forms.hsforms.com https://maps.googleapis.com https://maps.gstatic.com https://assets.buzzsprout.com https://www.buzzsprout.com https://www.google-analytics.com https://analytics.google.com https://google-analytics.com https://*.analytics.google.com https://*.google-analytics.com https://*.siteimproveanalytics.io https://stats.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://www.facebook.com https://p.typekit.net https://t.co data:; form-action 'self' https://forms.hsforms.com https://www.facebook.com; child-src https://www.facebook.com https://staticxx.facebook.com https://platform.twitter.com; object-src 'none'; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://nicecrew.digital wss://nicecrew.digital https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';frame-src 'self' https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net www.google.com code.jquery.com www.googleapis.com maps.googleapis.com www.gstatic.com maps.gstatic.com www.google.com maps.google.com www.googleadservices.com googleads.g.doubleclick.net www.youtube.com www.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com www.twimg.com platform.linkedin.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ js.hs-scripts.com js.hs-analytics.net www.en25.com cdn.ampproject.org cdn.cookielaw.org www.googletagmanager.com polyfill.io browser-update.org www.addthis.com snap.licdn.com sc-static.net analytics.tiktok.com static.ads-twitter.com analytics.twitter.com myaccount.esbecars.com http://10.80.46.60:15871 cdnjs.cloudflare.com tr.snapchat.com; style-src 'self' 'unsafe-inline' www.googleapis.com www.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ www.twimg.com hello.myfonts.net www.google.com myaccount.esbecars.com fonts.googleapis.com cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: cmsplatform-dev-ep-01.azureedge.net cmsplatform-tst-ep-01.azureedge.net cmsplatform-pre-ep-01.azureedge.net cmsplatform-prd-ep-01.azureedge.net cdn.esb.ie pre-cdn.esb.ie tst-cdn.esb.ie dev-cdn.esb.ie myaccount.esbecars.com fonts.googleapis.com; img-src 'self' www.gstatic.com www.googleapis.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com web.facebook.com www.facebook.com www.redditstatic.com *.ads.linkedin.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ www.twimg.com tr.snapchat.com ad.doubleclick.net data: blob: www.eloqua.com track.hubspot.com cdn.cookielaw.org img.youtube.com cmsplatform-dev-ep-01.azureedge.net cmsplatform-tst-ep-01.azureedge.net cmsplatform-pre-ep-01.azureedge.net cmsplatform-prd-ep-01.azureedge.net cdn.esb.ie pre-cdn.esb.ie tst-cdn.esb.ie dev-cdn.esb.ie www.google.com i.ytimg.com t.co www.esbstaffservices.com analytics.twitter.com www.google.ie myaccount.esbecars.com *.ggpht.com https://10.80.46.60:15871 maps.gstatic.com maps.google.com maps.googleapis.com; media-src 'self' data: blob: cmsplatform-dev-ep-01.azureedge.net cmsplatform-tst-ep-01.azureedge.net cmsplatform-pre-ep-01.azureedge.net cmsplatform-prd-ep-01.azureedge.net cdn.esb.ie pre-cdn.esb.ie tst-cdn.esb.ie dev-cdn.esb.ie; frame-src 'self' www.addthis.com www.soundcloud.com www.google.com www.youtube.com youtu.be player.vimeo.com www.doubleclick.net td.doubleclick.net tr.snapchat.com *.fls.doubleclick.net http://10.80.46.60:15871 https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com pay.elavonpaymentgateway.com; connect-src 'self' blob: accounts.google.com www.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com cdn.cookielaw.org *.google-analytics.com *.analytics.google.com privacyportal-eu.onetrust.com soundcloud.com stats.g.doubleclick.net www.addthis.com maps.googleapis.com tr.snapchat.com www.onetrust.com analytics.tiktok.com myaccount.esbecars.com wss://myaccount.esbecars.com http://10.80.46.60:15871 privacyportal-de.onetrust.com dc.services.visualstudio.com cdn.linkedin.oribi.io; 1
worker-src 'self' blob: 1
script-src https://avdonl-s-checkout-fe.azureedge.net/cdn/static/js/main.js https://avdonl-p-checkout-fe.azureedge.net/cdn/static/js/main.js https://checkout-cdn.avarda.com/cdn/static/js/main.js https://stage.checkout-cdn.avarda.com/cdn/static/js/main.js https://bat.bing.com https://*.clerk.io https://*.commerce-connector.com https://policy.app.cookieinformation.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://api.coolrunner.dk https://*.criteo.net https://*.criteo.com 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://*.med24.dk/ blob: https://*.med24.no/ blob: https://*.med24.se/ https://connect.facebook.net https://*.getsitecontrol.com 'unsafe-eval' 'unsafe-inline' https://optimize.google.com/ https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://translate.google.com https://tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://widget.intercom.io https://js.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://*.playground.klarna.com https://*.playground.klarnaevt.com https://chimpstatic.com https://at.med24.dk https://at.med24.se https://at.med24.no https://s.kk-resources.com https://*.fls.doubleclick.net https://*.crazyegg.com https://js.go2sdk.com/v2/tune.js https://*.mouseflow.com 'unsafe-eval' 'unsafe-inline' https://*.perfectcorp.com 'unsafe-eval' 'unsafe-inline' https://checkout.reepay.com https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com/iframe_api https://www.youtube.com/s/player/5683fc5e/www-widgetapi.vflset/www-widgetapi.js ; font-src https://stage.checkout-cdn.avarda.com https://checkout-cdn.avarda.com https://avdonl-s-checkout-fe.azureedge.net/cdn/ https://avdonl-s-checkout-fe.azureedge.net/cdn/ 'self' data: https://*.getsitecontrol.com https://*.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com https://*.mouseflow.com https://*.perfectcorp.com; img-src https://stage.checkout-cdn.avarda.com https://checkout-cdn.avarda.com https://avdonl-s-checkout-fe.azureedge.net/cdn/images/ https://avdonl-p-checkout-fe.azureedge.net/cdn/images/ https://avarda.com/media/ https://bat.bing.com https://*.commerce-connector.com https://*.criteo.net https://*.criteo.com 'self' data: https://www.facebook.com https://*.getsitecontrol.com https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://translate.google.com https://stats.g.doubleclick.net https://www.google.com https://www.google.dk https://www.google.se https://www.google.no https://www.google.de https://www.google.co.uk https://ade.googlesyndication.com https://static.intercomassets.com https://js.intercomcdn.com https://gifs.intercomcdn.com https://downloads.intercomcdn.com https://*.klarna.com https://*.klarnacdn.net https://*.playground.klarnaevt.com https://s.kelkoogroup.net https://collect.med24.dk https://collect.med24.no https://collect.med24.se https://miljoevenlig-pakning.dk https://*.doubleclick.net https://*.mouseflow.com https://www.partner-ads.com https://*.perfectcorp.com https://*.makeupar.com https://*.beautycircle.com https://*.sleeknote.com https://i.ytimg.com; frame-src https://*.commerce-connector.com https://policy.app.cookieinformation.com https://consentcdn.cookiebot.com https://*.criteo.net https://*.criteo.com 'self' https://www1.emarsys.net https://connect.facebook.net https://www.facebook.com https://*.getsitecontrol.com https://optimize.google.com/ https://www.google.com https://www.googletagmanager.com https://adservice.google.com/ https://*.klarna.com https://*.klarnacdn.net https://form.jotform.com https://submit.jotformeu.com https://*.fls.doubleclick.net https://*.doubleclick.net https://*.mouseflow.com https://*.perfectcorp.com https://checkout.reepay.com https://*.sleeknote.com https://widget.trustpilot.com https://www.youtube.com/ https://www.youtube-nocookie.com; default-src 'self'; style-src 'self' 'unsafe-inline' https://optimize.google.com/ https://*.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com https://*.sleeknote.com; connect-src 'self' https://*.getsitecontrol.com https: wss://*.intercom.io https://*.mouseflow.com https://*.perfectcorp.com; object-src 'self'; worker-src 'self'; child-src https://*.getsitecontrol.com https://*.mouseflow.com https://*.perfectcorp.com; media-src https://*.gstatic.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.crushftp.com *.stripe.com *.paypalobjects.com *.google-analytics.com *.crushsync.com *.taltosparipa.com *.youtube.com *.youtube-nocookie.com *.ytimg.com noembed.com *.googletagmanager.com; 1
default-src 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com wss://*.hotjar.com wss://*.ounass.ae:7071 www.ounass.ae ar.ounass.ae en-saudi.ounass.com saudi.ounass.com oman.ounass.com ar-oman.ounass.com kuwait.ounass.com ar-kuwait.ounass.com bahrain.ounass.com ar-bahrain.ounass.com www.ounass.qa ar.ounass.qa;frame-src 'self' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com wss://*.hotjar.com wss://*.ounass.ae:7071;font-src 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com wss://*.hotjar.com wss://*.ounass.ae:7071;img-src * 'self' data: t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com wss://*.hotjar.com wss://*.ounass.ae:7071;script-src 'self' 'unsafe-inline' 'unsafe-eval' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com wss://*.hotjar.com wss://*.ounass.ae:7071;style-src 'self' 'unsafe-inline' t.co *.t.co facebook.com *.facebook.com criteo.net *.criteo.net criteo.com *.criteo.com myamber.ae *.myamber.ae myamber1.ae *.myamber1.ae myamber.dev *.myamber.dev creativecdn.com *.creativecdn.com snapchat.com *.snapchat.com googleadservices.com *.googleadservices.com googleapis.com *.googleapis.com doubleclick.net *.doubleclick.net google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com facebook.net *.facebook.net google.com *.google.com onesignal.com *.onesignal.com ads-twitter.com *.ads-twitter.com twitter.com *.twitter.com sc-static.net *.sc-static.net atgcdn.ae *.atgcdn.ae gstatic.com *.gstatic.com quantummetric.com *.quantummetric.com salesforceliveagent.com *.salesforceliveagent.com force.com *.force.com youtube.com *.youtube.com ctfassets.net *.ctfassets.net newrelic.com *.newrelic.com nr-data.net *.nr-data.net sc-static.net *.sc-static.net apple.com *.apple.com cdn-apple.com *.cdn-apple.com livechatinc.com *.livechatinc.com mpsnare.iesnare.com *.mpsnare.iesnare.com rezync.com *.rezync.com cleverTap.com *.cleverTap.com wzrkt.com *.wzrkt.com cloudfront.net *.cloudfront.net ounass.com *.ounass.com tiktok.com *.tiktok.com enhencer.com *.enhencer.com hotjar.com *.hotjar.com hotjar.io *.hotjar.io yandex.ru *.yandex.ru yandex.com *.yandex.com mail.ru *.mail.ru checkout.tabby.ai *.checkout.tabby.ai clevertap-prod.com *.clevertap-prod.com cdn.tamara.co *.cdn.tamara.co cdn-sandbox.tamara.co *.cdn-sandbox.tamara.co googlesyndication.com *.googlesyndication.com pangle-ads.com *.pangle-ads.com wss://*.hotjar.com wss://*.ounass.ae:7071 1
frame-ancestors 'self' lobe-search.squiz.cloud lbedev.home.ukpreview.empro.verintcloudservices.com lbeqa.home.ukpreview.empro.verintcloudservices.com lbe.home.uk.empro.verintcloudservices.com lbe.portal.uk.empro.verintcloudservices.com lbe.clients.squiz.net https://lbedev.ukpreview.empro.verintcloudservices.com https://lbeqa.ukpreview.empro.verintcloudservices.com https://lbe.uk.empro.verintcloudservices.com https://www.enfield.gov.uk/ 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=TW&lang=zh-Hant-TW&device=desktop&yrid=5oltvhdj45i74&partner=; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: http: data: 1
frame-ancestors 'self' https://*.canvas.org http://*.canvas.org; 1
frame-ancestors 'self' *.offenbach.de vhskurse.offenbach.de www-offenbach-de.translate.goog 1
default-src 'self' 'unsafe-inline' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: https://js.hsforms.net/*; style-src 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; connect-src * https://3xd036ih17q1nzvrw17q3vhz-wpengine.netdna-ssl.com; font-src 'self' 'unsafe-inline' https: data:; media-src *; form-action https: *.hsforms.com; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://vtm-test.cutm.nfrance.com/libraries/jstree/dist/jstree.min.js https://tmcsi.widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://tmcsi.pp-widgets.secutix.com/stx-widgets/Newsletter/v1/Newsletter.js https://www.google.com/recaptcha/api.js https://public.message-business.com/Javascript/form/MB_Form_JsApp.js https://stx-gravity-p1-widgets.quantum.secutix.com https://stx-gravity-p1-widgets.quantum.secutix.com/stx-widgets/v2/Widgets.js cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://forms.sbc35.com forms.sbc35.com https://tarteaucitron.io tarteaucitron.io https://cdn.tarteaucitron.io cdn.tarteaucitron.io https://matomo-pp.cutm.nfrance.net matomo-pp.cutm.nfrance.net connect.facebook.net cdn.onesignal.com platform.twitter.com www.youtube.com www.recaptcha.net www.gstatic.com onesignal.com https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://stx-gravity-p1-widgets.quantum.secutix.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' https://vtm-test.cutm.nfrance.com vtm-test.cutm.nfrance.com https://vtm-preprod.cutm.nfrance.com vtm-preprod.cutm.nfrance.com https://metropole.toulouse.fr metropole.toulouse.fr https://public.message-business.com public.message-business.com https://tmcsi.widgets.secutix.com tmcsi.widgets.secutix.com https://tmcsi.pp-widgets.secutix.com tmcsi.pp-widgets.secutix.com https://tmcsi-dasc.pp-shop.secutix.com tmcsi-dasc.pp-shop.secutix.com https://tmcsi-dasc.shop.secutix.com tmcsi-dasc.shop.secutix.com https://matomo.toulouse-metropole.fr https://optanon.blob.core.windows.net https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com ajax.googleapis.com https://www.google.com www.google.com https://svc.webspellchecker.net svc.webspellchecker.net https://cdn.jsdelivr.net cdn.jsdelivr.net https://stx-gravity-p1-widgets.quantum.secutix.com; report-uri https://metropole.toulouse.fr/report-uri/enforce; report-to default 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ruby.social; img-src 'self' https: data: blob: https://ruby.social; style-src 'self' https://ruby.social 'nonce-mmJcQ+SySUyljGS3qj+ZjQ=='; media-src 'self' https: data: https://ruby.social; frame-src 'self' https:; manifest-src 'self' https://ruby.social; form-action 'self'; child-src 'self' blob: https://ruby.social; worker-src 'self' blob: https://ruby.social; connect-src 'self' data: blob: https://ruby.social https://cdn.masto.host wss://ruby.social; script-src 'self' https://ruby.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://googletagmanager.com https://*.googletagmanager.com http://widget.trustpilot.com https://widget.trustpilot.com http://*.trustpilot.com https://*.trustpilot.com http://eu.fw-cdn.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://fonts.gstatic.com http://1786062.fls.doubleclick.net https://*.google.com https://cdn.mouseflow.com https://connect.facebook.net http://cdn.segment.com http://www.googleadservices.com https://www.facebook.com https://wchat.eu.freshchat.com https://580252997365538.eu.webpush.freshchat.com https://*.freshchat.com https://*.google.pl https://*.google.be https://*.google.ie https://*.google.nl https://*.google.co.za https://*.google.ae https://*.google.co.uk https://www.travelcounsellors.co.uk https://o2.mouseflow.com https://src.freshmarketer.eu https://mediacdn.travelcounsellors.com https://vjs.zencdn.net https://files.travelcounsellors.com https://content.travelcounsellors.com https://maps.googleapis.com https://www.youtube.com https://maps.gstatic.com https://cdn.cookielaw.org https://*.google.co.in https://p.typekit.net https://use.typekit.net *.typekit.net *.mouseflow.com https://geolocation.onetrust.com *.travelcounsellors.io https://asset-store.public.qa.travelcounsellors.io https://asset-store.public.prod.travelcounsellors.io https://testqa.travelcounsellors.com https://*.vimeo.com  data: w3.org/svg/2000; script-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://googletagmanager.com https://*.googletagmanager.com http://widget.trustpilot.com https://widget.trustpilot.com http://*.trustpilot.com https://*.trustpilot.com http://eu.fw-cdn.com https://dev.visualwebsiteoptimizer.com https://*.visualwebsiteoptimizer.com https://*.google-analytics.com https://*.analytics.google.com https://*.doubleclick.net https://*.g.doubleclick.net https://fonts.gstatic.com http://1786062.fls.doubleclick.net https://*.google.com https://cdn.mouseflow.com https://connect.facebook.net http://cdn.segment.com http://www.googleadservices.com https://www.facebook.com https://wchat.eu.freshchat.com https://580252997365538.eu.webpush.freshchat.com https://*.freshchat.com https://*.google.pl https://*.google.be https://*.google.ie https://*.google.nl https://*.google.co.za https://*.google.ae https://*.google.co.uk https://www.travelcounsellors.co.uk https://o2.mouseflow.com https://src.freshmarketer.eu https://mediacdn.travelcounsellors.com https://vjs.zencdn.net https://files.travelcounsellors.com https://content.travelcounsellors.com https://maps.googleapis.com https://www.youtube.com https://maps.gstatic.com https://cdn.cookielaw.org https://*.google.co.in https://p.typekit.net https://use.typekit.net *.typekit.net *.mouseflow.com https://geolocation.onetrust.com *.travelcounsellors.io https://asset-store.public.qa.travelcounsellors.io https://asset-store.public.prod.travelcounsellors.io https://testqa.travelcounsellors.com https://*.vimeo.com; object-src 'self'; frame-ancestors 'self' https://googletagmanager.com https://widget.trustpilot.com; 1
default-src 'self'; child-src 'self' https://*.holidaytaxis.com https://www.facebook.com https://staticxx.facebook.com; connect-src 'self' https://*.holidaytaxis.com https://*.cdninstagram.com https://https//www.facebook.com https//www.facebook.com https://*.facebook.net https://*.feefo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://widget.trustpilot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://a.klaviyo.com https://telemetrics.klaviyo.com https://*.8x8.com https://endpoint-app-uk.cognigy.ai wss://*.facebook.com wss://*.holidaytaxis.com wss://endpoint-app-uk.cognigy.ai https://consentcdn.cookiebot.com; font-src 'self' https://*.holidaytaxis.com https://fonts.gstatic.com data:; frame-src https://*.holidaytaxis.com https://*.conxxe.com https://*.doubleclick.net https://*.worldpay.com https://widget.trustpilot.com https://widgets.wp.com https://*.8x8.com https://consentcdn.cookiebot.com; img-src 'self' https://*.holidaytaxis.com https://holidaytaxis.com https://*.awin1.com https://*.doubleclick.net https://*.feefo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.quora.com https://*.vzaar.com https://bat.bing.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.com https://www.google.com.au https://www.google.de https://www.google.dk https://www.google.es https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.se https://*.adroll.com https://*.bidswitch.net https://*.adnxs.com https://crossmetrix.com https://*.openx.net https://*.yahoo.com https://*.rlcdn.com https://www.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://a.klaviyo.com https://telemetrics.klaviyo.com https://d3k81ch9hvuctc.cloudfront.net https://*.8x8.com https://imgsct.cookiebot.com data:; media-src data:; script-src 'self' https://*.holidaytaxis.com https://*.doubleclick.net https://*.dwin1.com https://*.dwin2.com https://*.facebook.com https://*.facebook.net https://*.feefo.com https://*.google-analytics.com https://*.quora.com https://*.worldpay.com https://ajax.googleapis.com https://bat.bing.com https://d2oh4tlt9mrke9.cloudfront.net https://dn1i8v75r669j.cloudfront.net https://maps.googleapis.com https://tagmanager.google.com https://widget.trustpilot.com https://www.googleadservices.com https://*.googletagmanager.com https://www.zenaps.com https://*.adroll.com https://*.bidswitch.net https://*.adnxs.com https://crossmetrix.com https://*.openx.net https://*.yahoo.com https://*.rlcdn.com https://static.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com https://a.klaviyo.com https://telemetrics.klaviyo.com https://static-forms.klaviyo.com https://*.8x8.com https://consentcdn.cookiebot.com https://consent.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.holidaytaxis.com https://*.worldpay.com https://cdn.materialdesignicons.com https://fonts.googleapis.com https://maps.googleapis.com https://static.klaviyo.com https://*.8x8.com 'unsafe-inline' 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-6l7B5D0c0SOl5ZJAf4SE8Q=='; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.linkedin.com *.google.com *.cloudfront.net analytics.videomyjob.com *.googlesyndication.com *.websitecarbon.com *.onetrust.com *.userway.org https://cdn.linkedin.oribi.io https://api.websitecarbon.com *.cookielaw.org https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com ; font-src 'self' data: *.userway.org https://fonts.gstatic.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net https://static.cloudflareinsights.com *.websitecarbon.com *.userway.org https://googleads.g.doubleclick.net https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://app.bowencraggs.com *.cookielaw.org https://unpkg.com *.addevent.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.gstatic.com  ; style-src 'self' 'unsafe-inline' *.userway.org *.haleon.com https://cloud.typography.com https://fonts.googleapis.com; img-src 'self' *.googlesyndication.com data: *.doubleclick.net *.linkedin.com *.userway.org https://a-cf65.ch-static.com https://*.cdninstagram.com https://i.ytimg.com https://analytics.twitter.com https://www.facebook.com https://t.co https://px.ads.linkedin.com https://cdn.cookielaw.org *.addevent.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.co.uk https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com; child-src 'self' https://www.google.com ; frame-src 'self' https://*.soundcloud.com *.cloudfront.net *.doubleclick.net https://www.googletagmanager.com/ *.investis.com https://www.connectidfeed.com *.userway.org https://www.linkedin.com https://www.facebook.com https://player.vimeo.com *.eurolandir.com *.euroland.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://glasgow.social; img-src 'self' https: data: blob: https://glasgow.social; style-src 'self' https://glasgow.social 'nonce-DsgHNiIiP/XiSkfOZ5M4Mg=='; media-src 'self' https: data: https://glasgow.social; frame-src 'self' https:; manifest-src 'self' https://glasgow.social; form-action 'self'; child-src 'self' blob: https://glasgow.social; worker-src 'self' blob: https://glasgow.social; connect-src 'self' data: blob: https://glasgow.social https://files.glasgow.social wss://glasgow.social; script-src 'self' https://glasgow.social 'wasm-unsafe-eval' 1
font-src * 1
frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com, object-src 'self' 1
default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data: avatars.githubusercontent.com;object-src 'none';script-src 'self' 'unsafe-eval';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' http: https:;child-src https://p.datadoghq.eu 1
frame-ancestors 'self' https://www.sto.com 1
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' static.addtoany.com utt.impactcdn.com cdn.inpwrd.net content.inpwrd.net *.adobedtm.com *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src ciqtracking.com content.inpwrd.net *.google.com transunion.demdex.net *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.hifiona.com *.transunion.com blob: *.crwdcntrl.net *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' identityforce.pxf.io analytics.google.com bat.bing.com transunionprod.112.2o7.net mysmartmove.pxf.io smartmove.pxf.io rentals-secure-uat.shareable.com rentals-api.shareable.com s.yimg.com api.iterable.com dpm.demdex.net *.tt.omtrdc.net wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.ifgza3.net *.hotjar.com smartmove.pxf.io *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: *.identityforce.com *.hotjar.com  *.mysmartmove.com *.adobeaemcloud.com *.transunion.com *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; style-src * *.hotjar.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com identityforce.pxf.io mysmartmove.pxf.io *.logs-01.loggly.com; 1
frame-ancestors 'self' https://*.kontent.ai https://app.kontent.ai 1
frame-ancestors https://herbies.postaffiliatepro.com https://affiliate.herbiesheadshop.com https://admin.1703.team 1
default-src https: 'self' 'unsafe-inline'; script-src 'sha256-3p92SJD8CXkk+qFYBQcLpznEXdZaeopsQNJh0ZF/a+U=' 'self' plausible.bots.gg 'unsafe-eval'; frame-src 'self'; report-uri https://sentry.bots.gg/api/2/security/?sentry_key=44c78635d3e3437ca4aa97df6664edc7 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://dresden.network; img-src 'self' https: data: blob: https://dresden.network; style-src 'self' https://dresden.network 'nonce-lgZboRrBd92H61tGSKrbCw=='; media-src 'self' https: data: https://dresden.network; frame-src 'self' https:; manifest-src 'self' https://dresden.network; form-action 'self'; child-src 'self' blob: https://dresden.network; worker-src 'self' blob: https://dresden.network; connect-src 'self' data: blob: https://dresden.network https://dresden.s3proxy.de wss://dresden.network; script-src 'self' https://dresden.network 'wasm-unsafe-eval' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net cdnjs.cloudflare.com cdn.jsdelivr.net maps.googleapis.com cdn.datatables.net www.googletagmanager.com www.google-analytics.com snap.licdn.com static.ads-twitter.com siteimproveanalytics.com pi.pardot.com go.intrustbank.com player.vimeo.com 'self' cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.datatables.net *.typekit.net cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com pbs.twimg.com *.twimg.com data: blob: www.glassdoor.com syndication.twitter.com static.licdn.com platform.twitter.com *.dec.sitefinity.com px.ads.linkedin.com *.siteimproveanalytics.io www.googletagmanager.com analytics.twitter.com i.vimeocdn.com t.co 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com data: use.typekit.net; frame-src player.vimeo.com www.google.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.mktoresp.com maps.googleapis.com thefontzone.com analytics.google.com *.linkedin.com www.google-analytics.com stats.g.doubleclick.net 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com badge.stumbleupon.com *.facebook.com 'self' web-chat.nativechat.com 1
frame-ancestors 'self'; frame-src 'self' smartrecruiters.com *.smartrecruiters.com youtube.com *.youtube.com *.wistia.net 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.magicmovies.com/csp-reports; report-to csp-endpoint 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.parcellab.com *.taskrabbit.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.it *.pinterest.com s.pinimg.com api.pinpiaa.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-M2Y0MmI1MDRkZWJjNDY4Nzk1ZjY2Y2RkMjFjMTAwYWI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.sbv-z.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.sbv-z.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.sbv-z.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src https:; style-src 'unsafe-inline' *; script-src 'unsafe-eval' 'unsafe-inline' *; object-src 'none'; frame-src * data: 1
img-src data: https://www.avaruus.net https://client.crisp.chat https://image.crisp.chat https://storage.crisp.chat; font-src https://www.avaruus.net https://client.crisp.chat; media-src https://www.avaruus.net https://client.crisp.chat; style-src 'unsafe-inline' https://www.avaruus.net https://client.crisp.chat; frame-src https://game.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://client.crisp.chat https://settings.crisp.chat; connect-src https://www.avaruus.net https://client.crisp.chat https://storage.crisp.chat wss://client.relay.crisp.chat wss://stream.relay.crisp.chat 1
img-src blob: https: data:; upgrade-insecure-requests 1
default-src https://disqus.com https://*.disquscdn.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://c.disquscdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.jsdelivr.net https://*.disquscdn.com https://*.disqus.com https://gapl.hit.gemius.pl https://ssl.google-analytics.com https://cdnjs.cloudflare.com; img-src 'self' data: https://ssl.google-analytics.com https://cdn.viglink.com https://*.disqus.com https://juicebox.net https://stats.g.doubleclick.net; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; frame-src 'self' https://ls.hit.gemius.pl https://disqus.com https://ljsp.lwcdn.com https://*.dcs.redcdn.pl https://www.facebook.com https://www.youtube.com; frame-ancestors 'self'; connect-src 'self' https://*.google-analytics.com https://*.disqus.com; base-uri 'self'; 1
upgrade-insecure-requests; default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://maps.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com ; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com ; font-src 'self' https://fonts.gstatic.com data:;  connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://bam.nr-data.net https://maps.googleapis.com;  img-src 'self' data: *.pantheonsite.io *.wlrk.com https://wlrk.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://secure.gravatar.com; 1
frame-ancestors 365datascience.com *.365datascience.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.casinos.at *.lotterien.at *.cloudfront.net *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.google.at *.googletagmanager.com *.gstatic.com *.usercentrics.eu *.econda-monitor.de *.quandoo.at *.vimeo.com *.youtube.com track.adform.net s2.adform.net *.friendlycaptcha.com *.friendlycaptcha.eu; 1
script-src 'self' *.webshark.hu webshark.hu *.jsdelivr.net *.smartlook.com *.hotjar.com *.disqus.com *.google.com 'unsafe-inline' 'unsafe-eval' *.facebook.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net *.gstatic.com; frame-src 'self' *.webshark.hu *.facebook.com *.hotjar.com *.youtube.com *.google.com; object-src 'self'; worker-src 'self' blob:; 1
default-src 'self' https://kleio-public.spgroup-prod.magnolia-platform.com blob: data:; base-uri 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; form-action 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; frame-ancestors 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; object-src 'self' https://kleio-public.spgroup-prod.magnolia-platform.com; img-src * 'self' data: https://kleio-public.spgroup-prod.magnolia-platform.com; font-src 'self' data: https://kleio-public.spgroup-prod.magnolia-platform.com; style-src 'self' 'unsafe-inline' https://kleio-public.spgroup-prod.magnolia-platform.com; connect-src 'self' data: *.google-analytics.com *.doubleclick.net https://api.mapbox.com https://events.mapbox.com https://rum.browser-intake-datadoghq.com https://caspersky-api.tkg-qa.spdigital.io https://caspersky-api.tkg.spdigital.io https://ifaqs.flexanswer.com https://analytics.google.com https://cdn.linkedin.oribi.io https://public.api.sandbox.spdigital.sg https://console-flex-api.ap.sabio.cloud https://crapi-proxy.tkg.spdigital.io/k2 https://kleio-public.spgroup-prod.magnolia-platform.com; media-src 'self' https://www.spgroup.com.sg https://view.vzaar.com https://kleio-public.spgroup-prod.magnolia-platform.com; frame-src 'self' https://www.google.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://iframe.dacast.com https://prod-nplayer.dacast.com https://www.youtube.com https://view.vzaar.com https://kleio-public.spgroup-prod.magnolia-platform.com; script-src 'self' 'unsafe-inline' blob: data: 'unsafe-eval' https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://snap.licdn.com https://kleio-public.spgroup-prod.magnolia-platform.com; 1
default-src 'none'; img-src 'self' https://d3t0im579cvxtw.cloudfront.net data:; style-src 'self' 'unsafe-inline'; script-src 'self' data: https://tracking2.miloncare.com; connect-src 'self' https://tracking2.miloncare.com https://dio7q6x5myw9r.cloudfront.net; font-src 'self'; 1
default-src https: 'unsafe-inline'; font-src https: data: 'unsafe-inline'; img-src https: data: 'unsafe-inline'; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data: 'self'; frame-ancestors 'none' 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src https://* 'self' data: https: blob: feed.pghub.io pandg.tapad.com ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; frame-ancestors * 'self' data: https: blob: ; 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/ https://www.buymusic.club; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://widget-api.formitable.com https://region1.analytics.google.com https://*.google-analytics.com https://cdn.linkedin.oribi.io https://www.buymusic.club wss://ws.hotjar.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.hotjar.com https://*.hotjar.io; frame-ancestors 'none'; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com https://www.buymusic.club https://newassets.hcaptcha.com; img-src 'self' data: https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be/ https://*.ytimg.com/ https://d12xfkzf9kx8ij.cloudfront.net/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://legacy.abconcerts.be/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.hotjar.com https://*.hotjar.io https://snapchat.com https://*.snapchat.com https://px.ads.linkedin.co https://px.ads.linkedin.com https://*.linkedin.com https://www.buymusic.club https://fonts.gstatic.com https://www.googletagmanager.com; media-src 'self' p.scdn.co/mp3-preview/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://www.buymusic.club https://hcaptcha.com 'nonce-Thn5t1xRhZn0k1cF/U4Mtg=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://widget.formitable.com https://www.googletagmanager.com; upgrade-insecure-requests 1
frame-ancestors 'self' default-src 'self' script-src 'self'; 1
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests; frame-src 'self' www.googletagmanager.com cdn.cookielaw.org costconextcom.bigscoots-staging.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https://i.ytimg.com/ https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.ca/ https://www.google.com/ https://www.googletagmanger.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://p.adsymptotic.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://camso.co/ https://stage.camso.co/ https://preprod.camso.co/ https://partstreamstg.arinet.com/ https://partstreams.arinet.com/ http://partstreamstg.arinet.com/ https://partstream.arinet.com/ https://cdn.datamanager.arinet.com/ https://c.clarity.ms/ https://segment.prod.bidr.io/ https://c.bing.com/ https://beyond-road.selector.michelingroup.com/ data:; frame-ancestors https://camso.co/ https://preprod.camso.co/ https://stage.camso.co/ http://localhost:4200 https://stage.beyond-road.selector.michelingroup.com/ https://beyond-road.selector.michelingroup.com/ https://www.rubbertracksolutions.com/ 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.google.com.hk https://*.google.com.sg https://*.google.de https://*.google.com.my https://*.google.co.uk https://*.google.co.in https://*.google.cn https://*.google.com.tw https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.ctfassets.net https://sentry.io https://*.contentful.com https://*.youtube.com data:; 1
upgrade-insecure-requests;base-uri 'self'; default-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net static.ads-twitter.com connect.facebook.net analytics.tiktok.com assets-cli.s5.udesk.cn xreal.s5.udesk.cn blob: https://basevistor.s5.udesk.cn d.line-scdn.net cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.js cdnjs.cloudflare.com/ajax/libs/jsencrypt/2.3.1/jsencrypt.js *.xreal.com design-minio-test.xreal.work:9000; style-src 'self' 'unsafe-inline' xreal.s5.udesk.cn fonts.googleapis.com; object-src none; form-action 'self' www.facebook.com; font-src 'self' fonts.gstatic.com www.googletagmanager.com data: ; connect-src 'self' *.nreal.ai *.nreal.cn *.xreal.com https://design-minio-test.xreal.work:9000 analytics.google.com pagead2.googlesyndication.com analytics.tiktok.com stats.g.doubleclick.net manage.kmail-lists.com *.nreal.work *.sentry.io data: https://basevistor.s5.udesk.cn wss://basevistor.s5.udesk.cn https://www.google-analytics.com; img-src 'self' *.nreal.ai *.nreal.cn *.xreal.com https://design-minio-test.xreal.work:9000 www.google.com.hk www.google.com www.google-analytics.com www.googletagmanager.com analytics.twitter.com t.co/1/i/adsct www.facebook.com s5-cs-pub-std.oss-ap-southeast-1.aliyuncs.com xreal.s5.udesk.cn blob: data: ; style-src-elem 'self' 'unsafe-inline' xreal.s5.udesk.cn fonts.googleapis.com blob: ; frame-src 'self' *.nreal.ai *.nreal.cn *.xreal.com  https://design-minio-test.xreal.work:9000 td.doubleclick.net xreal.s5.udesk.cn www.facebook.com; media-src 'self' *.nreal.ai *.nreal.cn *.xreal.com https://design-minio-test.xreal.work:9000; frame-ancestors 'self'; manifest-src 'self'; 1
frame-ancestors 'self' https://www.supplyworkscatalogs.com 1
img-src 'self' api.paylibo.com xzone.cz csfd.cz *.seznam.cz *.zbozi.cz blob: data: tracking.smartemailing.cz *.twisto.cz i.ibb.co *.xzone.cz *.xzone.sk *.xzone.hu *.xzone.de *.xzone.at *.gamlery.pl *.ceneo.pl *.gamlery.cz *.gameexpres.sk *.csfd.cz www.google-analytics.com www.google.com www.google.cz www.google.sk www.google.hu googleads.g.doubleclick.net www.googletagmanager.com *.googleadservices.com stats.g.doubleclick.net www.facebook.com https://connect.facebook.net https://script.hotjar.com cdnjs.cloudflare.com steamcdn-a.akamaihd.net static.muve.cz ssl.heureka.cz *.heureka.cz *.heureka.sk *.estores.cz *.filmexpres.cz *.dvdexpres.sk *.gameexpress.hu *.seznam.cz *.cdninstagram.com *.supportbox.cz *.arukereso.hu *.steamstatic.com s.kelkoogroup.net; frame-ancestors g; script-src 'strict-dynamic' 'nonce-66c401c4644fff89a01a896526203362' 'unsafe-eval' http: https:; object-src 'none'; base-uri 'none'; form-action 'self' *.facebook.com *.csob.cz moja.tatrabanka.sk *.gopay.com *.gopay.cz *.homecredit.cz *.hccs.cz; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.ikeajpapi.com www.aawrnstrk.com insight.adsrvr.org js.adsrvr.org ipac.ctnsnet.com *.doubleclick.net stats.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com d.line-scdn.net tr.line.me *.twitter.com ads-twitter.com *.ads-twitter.com *.yimg.com *.yimg.jp *.yahoo.co.jp ct.pinterest.com s.pinimg.com *.teads.tv consentag.eu cdn.ctnsnet.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com www.googleapis.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
script-src *.cloudflare.com *.cookielaw.org *.segment.com *.ipify.org *.moatads.com *.sharethis.com *.platform-api.sharethis.com *.paypalobjects.com *.ajax.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.google.com *.crazyegg.com *.bigcommerce.com *.facebook.net *.googleapis.com *.jquery.com *.adsrvr.org *.braintreegateway.com *.youtube.com *.entrust.net *.pinimg.com *.ads-twitter.com *.twitter.com *.googleapis.com *.cloudfront.net *.privy.com *.amazonaws.com *.addrexx10.com *.iesnare.com *.bazaarvoice.com *.dynatrace.com  *.tp88trk.com *.paypal.com *.pepperjam.com *.rpxnow.com *.lightboxcdn.com *.azurewebsites.net *.mikmak.tv https://sc-static.net/scevent.min.js https://www.terracycle.com/en-US/sdk.js https://unpkg.com/aos@next/dist/aos.js https://js.agkn.com/prod/v0/tag.js https://aa.agkn.com/adscores/ https://googleads.g.doubleclick.net/ https://www.gstatic.com/recaptcha/ https://cdn.polyfill.io/v3/polyfill.min.js https://b-code.liadm.com/a-05m4.min.js https://www.tp88trk.com/scripts/sdk/everflow.js https://www.paypalobjects.com/api/checkout.min.js https://cdn-stg.tapad.app/js/pandg-sdk.js https://pghub.io/js/pandg-sdk.js https://rpxnow.com/js/lib/gleem-us/engage.js 'self' 'unsafe-eval' 'unsafe-inline' 1
default-src https: data: 'unsafe-inline'; font-src 'self' data: https://js.arcgis.com; img-src https: data: blob:; media-src https: data: blob:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval' https://www.bayerninfo.de https://verkehrsinfo-bw.de https://js.arcgis.com; object-src 'none'; frame-src https:; form-action 'self'; base-uri 'self'; frame-ancestors 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline' m.panelook.com; script-src 'self' 'unsafe-inline' m.panelook.com;img-src 'self'  m.panelook.com 1
default-src 'self' google-analytics.com manifest-src; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com *.googletagmanager.com www.google-analytics.com polyfill.io www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com hotjar.com https://connect.facebook.net crelan-be-website.scalecity.space vwdservices.com s.ytimg.com https://px.ads.linkedin.com px.ads.linkedin.com youtube.com vimeo.com snap.licdn.com www.linkedin.com tagmanager.google.com *.googleadservices.com https://googleads.g.doubleclick.net w3.org *.crazyegg.com https://cdn.jsdelivr.net *.google.com *.google.be *.googleoptimize.com *.facebook.com *.doubleclick.net *.crelan.be *.facebook.net sc-crelan-server-side-tagging.ew.r.appspot.com blob: https://*.skedify.io; style-src 'self' 'unsafe-inline' *.googleapis.com *.googleusercontent.com *.hotjar.com *.google.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org cdnjs.cloudflare.com *.crazyegg.com *.google.com *.google.be *.googleadservices.com *.facebook.com *.facebook.net; img-src 'self'  *.googletagmanager.com *.googleadservices.com cookie-cdn.cookiepro.com https://www.google-analytics.com *.gstatic.com maps.googleapis.com w3.org  data: *.crazyegg.com blog.crelan.be *.google.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net *.linkedin.com; media-src *.youtube.com *.twitter.com *.vimeo.com 'self' https://maps.googleapis.com *.googletagmanager.com w3.org *.google.com *.googleadservices.com *.google.be *.google.de *.facebook.com *.doubleclick.net *.facebook.net; frame-src 'self' in.hotjar.com vc.hotjar.io google-analytics.com stats.g.doubleclick.net crelan-be-website.scalecity.space *.crelan-int.be *.vwdservices.com maps.googleapis.com w3.org www.google.com www.youtube.com player.vimeo.com *.crazyegg.com  *.alchemer.eu *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.googleadservices.com https://*.skedify.io; font-src 'self' *.gstatic.com *.googleusercontent.com w3.org data:; connect-src 'self' cookie-cdn.cookiepro.com *.google-analytics.com in.hotjar.com vc.hotjar.io stats.g.doubleclick.net maps.googleapis.com *.googletagmanager.com w3.org *.crazyegg.com *.google.com *.google.be *.facebook.com *.doubleclick.net *.facebook.net *.onetrust.com sc-crelan-server-side-tagging.ew.r.appspot.com *.sc-crelan-server-side-tagging.ew.r.appspot.com *.googleadservices.com *.googlesyndication.com https://px.ads.linkedin.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net http://webvisor.com https://metrika.yandex.ru; 1
default-src 'self'; img-src 'self' cache.travelfish.org cache2.travelfish.org cache3.travelfish.org assets.calendly.com data: ; style-src 'self' cache.travelfish.org cache2.travelfish.org cache3.travelfish.org fonts.gstatic.com fonts.googleapis.com use.fontawesome.com assets.calendly.com 'nonce-MDViYzk5NzA5MTJh'; font-src fonts.gstatic.com use.fontawesome.com; script-src 'self' assets.calendly.com cdnjs.cloudflare.com 'nonce-MDViYzk5NzA5MTJh'; frame-src 'self' calendly.com 'nonce-MDViYzk5NzA5MTJh'; connect-src 'self' nasigoreng.travelfish.org 'nonce-MDViYzk5NzA5MTJh'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ajax.googleapis.com https://rum-static.pingdom.net https://cdnjs.cloudflare.com https://fast.wistia.com https://pi.pardot.com https://translate.google.com http://translate.google.com https://translate.googleapis.com https://www.google-analytics.com https://bpasblog.disqus.com https://challenges.cloudflare.com https://www.dinkytown.net; style-src 'self' https://fast.wistia.net https://bpas.com 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com http://translate.google.com https://www.dinkytown.net; default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'     adsrvr.org *.adsrvr.org    adventurervsales.com *.adventurervsales.com     amazonaws.com *.amazonaws.com    arrkannrv.com *.arrkannrv.com    asrvm.com *.asrvm.com    auryc.com *.auryc.com     automanager.com *.automanager.com automanager.blob.core.windows.net    authorize.net *.authorize.net     calendly.com *.calendly.com     callersiq.com *.callersiq.com    cdl.impel.io    cdn.spincar.com    cdninstagram.com *.cdninstagram.com    cdn1.traderonline.com    chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay-var.com     chasepaymentechhostedpay.com *.chasepaymentechhostedpay.com    cliffjonesrv.com *.cliffjonesrv.com    cloudflare.com *.cloudflare.com    collier-rv-photos.s3.amazonaws.com    coloradorvcenter.com *.coloradorvcenter.com     content.homenetiol.com    crowleyauto.com *.crowleyauto.com    ddrv.com *.ddrv.com    dealer-cdn.com *.dealer-cdn.com     dealerspike.com *.dealerspike.com     digital.thisisride.com    dlrwebservice.com *.dlrwebservice.com    dms.rvimg.com    doubleclick.net *.doubleclick.net     dynamicweb.com *.dynamicweb.com    emfluence.com *.emfluence.com cdn.emailer.emfluence.com     facebook.com *.facebook.com connect.facebook.net    formstack.com *.formstack.com winnebago.formstack.com    foursixty.com *.foursixty.com    funtimecampers.com *.funtimecampers.com     gerzenys-rv-world-photos.s3.amazonaws.com    google.com *.google.com     gstatic.com *.gstatic.com     googleapis.com *.googleapis.com      googleadservices.com *.googleadservices.com     googletagmanager.com *.googletagmanager.com     google-analytics.com *.google-analytics.com     gorollick.com *.gorollick.com    greatalaskanholidays.com *.greatalaskanholidays.com    ik.imagekit.io    inboundapi.com *.inboundapi.com    inboundgeo.com *.inboundgeo.com    interactcp.com *.interactcp.com     images.unitsinventory.com    jquery.com *.jquery.com code.jquery.com     lamesarv.com *.lamesarv.com     level5marketing.com *.level5marketing.com     linkedin.com *.linkedin.com    licdn.com *.licdn.com snap.licdn.com     lmrvwebsite.blob.core.windows.net     mantellirv.com *.mantellirv.com    matterport.com *.matterport.com my.matterport.com    microsoftonline-p.com *.microsoftonline-p.com    minardsleisureworld.com *.minardsleisureworld.com    moixrvsupercenter.com *.moixrvsupercenter.com    netsourcemedia.com *.netsourcemedia.com    nhtsa.gov *.nhtsa.gov api.nhtsa.gov    nirvc.com *.nirvc.com     netdna-ssl.com *.netdna-ssl.com    northtrailrv.com *.northtrailrv.com     office.com *.office.com    owascorv.com *.owascorv.com    pixelmotiondemo.com *.pixelmotiondemo.com    polyfill.io *.polyfill.io     poulsborv.com *.poulsborv.com    reliablerv.com *.reliablerv.com    rexandsonsrvs.com *.rexandsonsrvs.com    rnrrv.com *.rnrrv.com     rv-inventory.s3.amazonaws.com    rollick.io *.rollick.io    roysrv.com *.roysrv.com     rvhotlinecanada.com *.rvhotlinecanada.com    rvonedata.com *.rvonedata.com    rvtrader.com *.rvtrader.com    rvwsplatform.com *.rvwsplatform.com    s3.us-east-2.amazonaws.com    secureoffersites.com *.secureoffersites.com    secureservercdn.net    stlrv.net *.stlrv.net     transwest.com *.transwest.com    trianglerv.com *.trianglerv.com    r.turn.com     van.life *.van.life    vimeo.com *.vimeo.com    voyagerrv.ca *.voyagerrv.ca     warp10admin-storage85050-dev.s3.amazonaws.com    ws.aimbase.com    wsqa.aimbase.com     www.gatesvillerv.com    youtube.com *.youtube.com    youtube-nocookie.com *.youtube-nocookie.com     i3.ytimg.com    *.cwsplatform.com    automanagerprodcdn.azureedge.net    www.shaferrv.com    tdrvehicles2.azureedge.net    portal.waynereaves.net    cdn.impel.io       blob: data:; 1
default-src * data: 'unsafe-inline' 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sleeknotestaticcontent.sleeknote.com/ https://cdn.polyfill.io/ https://avp.pravp.com/ https://assets-ctb.pernod-ricard.io/ https://www.googletagmanager.com/ https://sleeknotecustomerscripts.sleeknote.com/ https://c.evidon.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://webform-console.pernod-ricard.io/ https://www.google.com/ https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://matomojs.trackify.info/ https://matomo.pernod-ricard.io/ https://open.spotify.com/ https://open.spotifycdn.com/ https://cdnjs.cloudflare.com/ https://snap.licdn.com; style-src 'self' blob: data: https: 'unsafe-inline' 'unsafe-eval' https://assets-ctb.pernod-ricard.io/; worker-src blob:; 1
default-src 'self' https://medieninhalte.edeka/; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.friendlycaptcha.com/ *.awswaf.com; worker-src 'self' blob:; child-src 'self' blob:; connect-src https://api.friendlycaptcha.com/ https://dev.login.edeka/ https://test.login.edeka/ https://login.edeka/ *.awswaf.com; 1
default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; script-src 'self'; connect-src 'self' https://api.methodicalmind.com https://msd-prod-data-dumps-us-east-1.s3.amazonaws.com; frame-ancestors 'self' 1
default-src 'self' http: https: data: 'unsafe-inline';script-src https: *.trustlogo.com *.secure.comodo.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' *.statistik.at *.local *.google.com *.gstatic.com *.statistik *.openstreetmap.org 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: 1
default-src 'self' ghostboard.io *.ghostboard.io;script-src 'self' ghostboard.io *.ghostboard.io plausible.io *.plausible.io *.stripe.com *.gstatic.com *.githubusercontent.com getreditus.com *.getreditus.com 'unsafe-inline';img-src 'self' ghostboard.io * *.ghostboard.io data: https:;font-src 'self' ghostboard.io *.ghostboard.io *.gstatic.com;frame-ancestors 'self' *;frame-src 'self' *.stripe.com https://ghostboard.io/public/* https://test.ghostboard.io/public/*;connect-src 'self' wss: ghostboard.io *.ghostboard.io *.gstatic.com plausible.io;base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.eoportal.org eoportal.org *.youtube.com *.gsfc.nasa.gov *.astrocast.com cdn.arcgis.com *.dlr.de *.skatelescope.org *.skatelescope.org *.wixstatic.com *.esa.int *.cloudfront.net *.nasa.gov *.vimeo.com exolaunch.com *.hayabusa2.jaxa.jp *.jaxa.jp *.desy.de *.soundcloud.com *.prnewswire.com *.tubitak.gov.tr *.s3.us-west-2.amazonaws.com *.akamaihd.net *.googleapis.com *.asc-csa.gc.ca spacewerx.us; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' https://a.cms.omniupdate.com https://cms.collegeofthedesert.edu; 1
default-src 'self' app.cloutly.com https://*.clarity.ms https://stats.g.doubleclick.net https://*.rackcdn.com https://*.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://ourworldindata.org/grapher/ https://edweek.carto.com/builder/ *.languagecourse.net https://widget.getyourguide.com/ https://mc.yandex.ru/watch/ *.twitter.com *.google.com/ *.googleapis.com https://*.google-analytics.com/ https://staticxx.facebook.com https://g.jwpsrv.com https://www.paypal.com/ https://sis.redsys.es/ https://tunein.com/ https://*.youtube.com bid.g.doubleclick.net https://pay.skrill.com *.moneybookers.com https://vt-api.com.es/ www.facebook.com; img-src 'self' data: *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.addtoany.com/ https://static.cloudflareinsights.com/ https://app.cloutly.com https://g.alicdn.com/code/ https://*.clarity.ms https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://www.youtube.com/ https://securepubads.g.doubleclick.net/ https://kit.fontawesome.com/ https://www.googletagservices.com/ https://*.googlesyndication.com/ https://estatic.languagecourse.net/ https://instant.page/ https://*.getyourguide.com/ https://bat.bing.com/ https://mc.yandex.ru/metrika/tag.js *.twimg.com *.gstatic.com *.google.com *.twitter.com https://code.jquery.com https://www.googletagmanager.com https://s.ytimg.com/ https://ssl.p.jwpcdn.com https://content.jwplatform.com *.googleapis.com *.google-analytics.com connect.facebook.net https://unpkg.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com maxcdn.bootstrapcdn.com *.cloudflare.com apis.google.com; font-src 'self' https://unpkg.com/bootstrap@3.4.1/ https://estatic.languagecourse.net https://cdnjs.cloudflare.com https://kit-free.fontawesome.com/ ssl.p.jwpcdn.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com https://estatic.languagecourse.net; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdnjs.cloudflare.com *.twimg.com *.twitter.com https://kit-free.fontawesome.com https://unpkg.com/ https://ssl.p.jwpcdn.com fonts.googleapis.com code.jquery.com *.bootstrapcdn.com https://estatic.languagecourse.net/ 1
frame-ancestors www.iluma.ai 1
frame-ancestors 'self' cultura.biografieonline.it www.facebook.com; 1
connect-src *.google-analytics.com www.google-analytics.com script.crazyegg.com stats.g.doubleclick.net analytics.tiktok.com *.analytics.google.com earthshotprize.org www.facebook.com *.googletagmanager.com analytics.google.com *.googlesyndication.com *.crazyegg.com adservice.google.com earthshotprize.bamboohr.com; default-src 'self' 'unsafe-inline' *.googletagmanager.com cdn.jsdelivr.net fonts.gstatic.com scontent-lcy1-1.cdninstagram.com scontent-lcy1-2.cdninstagram.com *.crazyegg.com; frame-src www.google.com platform.twitter.com www.googletagmanager.com www.facebook.com www.youtube-nocookie.com www.instagram.com *.instagram.com earthshotprize.org player.vimeo.com *.vimeo.com *.youtube.com *.googlesyndication.com *.doubleclick.net *.crazyegg.com; img-src 'self' data: *.google-analytics.com cdn.jsdelivr.net t.co analytics.twitter.com www.facebook.com www.google.com www.google.co.uk googleads.g.doubleclick.net i.ytimg.com scontent-lcy1-1.cdninstagram.com scontent-lcy1-2.cdninstagram.com sa.earthshotprize.org player.vimeo.com *.googletagmanager.com www.google.com.au *.crazyegg.com resources.bamboohr.com; script-src-elem 'self' 'unsafe-inline'  player.vimeo.com vimeo.com apis.google.com www.youtube.com www.youtube-nocookie.com platform.twitter.com googletagmanager.com www.googletagmanager.com www.google.com google.com www.gstatic.com gstatic.com www.google-analytics.com ps://static.ads-twitter.com/uwt.js fonts.googleapis.com cdn.jsdelivr.net static.ads-twitter.com connect.facebook.net googleads.g.doubleclick.net analytics.tiktok.com script.crazyegg.com www.googleadservices.com sa.earthshotprize.org tpc.googlesyndication.com *.crazyegg.com www.instagram.com www.instagram.com/embed.js earthshotprize.bamboohr.com; style-src 'self' 'unsafe-inline'  cdn.jsdelivr.net fonts.googleapis.com script.crazyegg.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com *.crazyegg.com; worker-src       'self'       blob:; 1
font-src 'self'; frame-src 'self';frame-ancestors 'self';object-src 'none';base-uri 'self';form-action 'self'; style-src 'self' 'unsafe-inline' 'unsafe-hashes'; connect-src 'self' https://piwik3.glamus.de;script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://piwik3.glamus.de; media-src 'self';img-src 'self' data https://piwik3.glamus.de; upgrade-insecure-requests; 1
default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; upgrade-insecure-requests; base-uri 'none'; object-src 'none'; worker-src 'none'; child-src 'none'; frame-src 'none'; connect-src 'self'; form-action 'self'; 1
frame-ancestors 'self' http://*.storyblok.com/ https://*.storyblok.com/ 1
default-src 'self' 'unsafe-inline' data: https://piwik.bzga.de/ https://service.bzga.de/ https://www.quit-the-shit.net 1
default-src 'unsafe-inline' data: https: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.msecnd.net *.google.com *.gstatic.com; 1
default-src 'self' *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.twitter.com sjgov.org www.sjgov.org api-us1.cludo.com *.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.twitter.com unpkg.com translate.google.com www.googletagmanager.com customer.cludo.com votinginfotool.org www.tickcounter.com translate-pa.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com customer.cludo.com votinginfotool.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com ka-f.fontawesome.com; img-src 'self' *.gstatic.com *.googleapis.com https://www.wrh.noaa.gov *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.typekit.net stackpath.bootstrapcdn.com *.google.com sjgov.org www.sjgov.org resource.sjgov.org customer.cludo.com vit-logos.votinginfoproject.org votinginfotool.org; media-src 'self' data: blob: https://resource.sjgov.org/; frame-src 'self' https://sjc-gis.maps.arcgis.com/ https://*.google.com/ *.verkada.com https://www.uyt.co/ https://www.youtube.com/ https://childsupport.ca.gov/ https://feed.mikle.com https://www.dhs.gov *.twitter.com https://sanjoaquin.granicus.com/ https://www.publicpurchase.com/ www.facebook.com https://user.govoutreach.com/ https://publicrealtime.dm1.tech/ *.vimeo.com www.tickcounter.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.typekit.net stackpath.bootstrapcdn.com *.verkada.com *.twitter.com *.vimeo.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.typekit.net stackpath.bootstrapcdn.com *.fontawesome.com *.verkada.com *.cludo.com sjgov.org translate.googleapis.com maps.googleapis.com www.googleapis.com translate-pa.googleapis.com; object-src 'self'; 1
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net bat.bing.com *.brightcove.net *.hsbc.com.tw *.recaptcha.net *.hsbc.com.cn *.g.doubleclick.net *.walkme.com ssl.google-analytics.com www.google.com connect.facebook.net tags.tiqcdn.com *.isstprod.hsbc.com.cn s.yimg.com www.gstatic.cn cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com; img-src data: * analytics.tiktok.com; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com http://127.0.0.1:5000/* *.hsbc.co.uk bat.bing.com adservice.google.com *.facebook.com *.siteintercept.qualtrics.com *.brightcove.com *.googletagmanager.com *.hsbc.com.cn *.doubleclick.net *.g.doubleclick.net *.walkme.com *.hsbc.com.tw *.prod.boltdns.net *.api.brightcove.com *.akamaihd.net analytics.google.com *.google-analytics.com *.liveperson.net *.sy.cobrowse.liveperson.net *.analytics.google.com www.google.com ad.doubleclick.net *.isstprod.hsbc.com.cn stats.g.doubleclick.net *.google.com.tw brightcove.hs.llnwd.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.recaptcha.net *.menlosecurity.com *.id.opendns.com *.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net analytics.tiktok.com; frame-ancestors 'self' *.hsbc.com.tw; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.hsbc.com.tw *.couponmate.com *.avast.com *.alicdn.com *.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.hsbc.com.tw *.sy.cobrowse.liveperson.net *.googletagmanager.com; object-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.hsbc.com.tw *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; manifest-src *.hsbc.com.tw; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com; 1
script-src-attr 'none';base-uri 'self';font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';form-action 'self' *.facebook.com;frame-src 'self' https://htmx.org https://challenges.cloudflare.com https://www.facebook.com https://td.doubleclick.net/ https://js.stripe.com/ https://www.youtube.com https://www.youtube-nocookie.com https://accounts.google.com;object-src 'none';upgrade-insecure-requests; 1
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://*.webvisor.com http://*.webvisor.com https://webvisor.com http://webvisor.com 1
frame-src 'self' *.antoniusziekenhuis.nl antonius.ubicast.tv; object-src 'none'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' *.google-analytics.com *.googletagmanager.com cdn.jsdelivr.net 'unsafe-inline'; style-src 'self' cdn.jsdelivr.net 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors https://admin.shopify.com https://plugins-cdn.datocms.com https://trackdesk.admin.datocms.com 1
default-src https://*; script-src 'self' *.googleapis.com https://ws.sharethis.com https://js.arcgis.com https://s.w.org https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://*.pingdom.net https://*.google-analytics.com https://*.facebook.net https://*.ads-twitter.com https://*.licdn.com https://*.twitter.com https://*.youtube.com https://*.ytimg.com https://*.google.com https://*.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://* data: 'unsafe-inline';img-src https://* data:; font-src 'self' *.gstatic.com https://maxcdn.bootstrapcdn.com data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss://* https://*; 1
frame-ancestors 'self' *.ssnc.cloud learningcenter.wealthmsi.com learningcenter-uat.wealthmsi.com betaretirement.financialtrans.com retirement.financialtrans.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  blob: *.cookielaw.org *.onetrust.com *.googletagmanager.com *.google-analytics.com *.msecnd.net  *.visualstudio.com *.vimeo.com https://vimeo.com; frame-src 'self' *.vimeo.com https://vimeo.com; font-src 'self' data:; img-src 'self' *.cookielaw.org *.onetrust.com *.google-analytics.com data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.wistia.com *.hotjar.com *.linkedin.com *.cloudfront.net www.googleadservices.com www.googletagmanager.com www.google-analytics.com cdn.callrail.com *.helpscout.net *.atlassian.net *.marketo.net *.aciworldwide.com *.vimeo.com cdn.cookielaw.org geolocation.onetrust.com connect.facebook.net static.ads-twitter.com analytics.twitter.com bat.bing.com static.oktopost.com snap.licdn.com siteimproveanalytics.com *.6sc.co script.crazyegg.com *.doubleclick.net okt.to cdn.siteimprove.net *.omappapi.com platform.twitter.com *.twimg.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net secure.harm6stop.com js.callrail.com *.zoominfo.com unpkg.com *.unpkg.com *.crazyegg.com *.userback.io;style-src 'self' 'unsafe-inline' *.myfonts.net *.atlassian.net *.marketo.net fonts.googleapis.com *.aciworldwide.com platform.twitter.com www.googletagmanager.com *.omappapi.com *.crazyegg.com *.typekit.net *.userback.io;img-src 'self' data: *.gravatar.com embedwistia-a.akamaihd.net *.wistia.com wp-rocket.me www.google-analytics.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com www.google.com *.wpengine.com *.w.org *.aciworldwide.com *.awscloud.com *.vimeo.com *.vimeocdn.com t.co *.linkedin.com *.6sc.co *.siteimproveanalytics.io bat.bing.com www.facebook.com *.adsymptotic.com *.omappapi.com *.twimg.com platform.twitter.com syndication.twitter.com *.truste.com track.hubspot.com forms.hsforms.com okt.to qr-code.ithemes.com *.twitter.com cdn.cookielaw.org *.crazyegg.com placekitten.com;frame-src *.flipsnack.com *.crazyegg.com *.aciworldwide.com player.vimeo.com *.libsyn.com *.cloudfront.net;worker-src 'self' blob:;object-src 'none'; 1
frame-src 'self' https://www.google.com https://keycloak.nl.ci.fdmg.org https://login.company.info; frame-ancestors 'self' https://companyinfo.nl https://*.ci.fdmg.org  https://company.info; object-src 'none'; 1
connect-src 'self' https://apis.google.com https://dev.onepay.vn/home/; 1
frame-ancestors * 'self'; default-src * 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; object-src * 'self'; frame-src * 'self'; child-src * 'self' blob:; img-src * 'self' data: blob:; font-src * 'self' data:; connect-src * 'self'; manifest-src * 'self'; base-uri 'self'; form-action * 'self'; media-src * 'self'; worker-src * 'self' blob:; 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http:;  worker-src 'self' blob: https: http:;  style-src 'self' 'unsafe-inline' https: http:;  frame-src 'self' 'unsafe-eval' 'unsafe-inline' https: http:;  img-src * blob: data:;  font-src 'self' data: https: http:;  media-src 'self' https://cdn.depauli.com;  connect-src *; 1
frame-ancestors 'self' *.feedzai.com;default-src 'self' *.feedzai.com https: wss: blob: 'unsafe-inline' 'unsafe-eval';font-src https: data:;img-src https: data:;form-action 'self' forms.hsforms.com accounts.google.com;base-uri 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.feedzai.com consent-manager.metomic.io config.metomic.io js.usemessages.com js.hs-scripts.com js.hsforms.net forms.hsforms.com js.hs-banner.com fast.wistia.net js.hs-analytics.net js.hsadspixel.net *.hotjar.com www.googleadservices.com www.googletagmanager.com googletagmanager.com www.google-analytics.com static.hsappstatic.net googleads.g.doubleclick.net cdnjs.cloudflare.com ajax.googleapis.com snap.licdn.com cdn.jsdelivr.net config.confirmic.com consent-manager.confirmic.com js.hsadspixel.net distillery.wistia.com pipedream.wistia.com wistia.com track.hubspot.com cdn.linearicons.com greenhouse.io cdn.datatables.net www.google.com tag.demandbase.com boards.greenhouse.io maps.googleapis.com cdn.cookielaw.org fast.wistia.com js.hscta.net cta-service-cms2.hubspot.com unpkg.com;object-src 'none' 1
default-src 'self';script-src 'self' 'nonce-p7899SFgKV54qVimNeqdGSz7POT4HTalPZD55NvowDo=' ajax.cloudflare.com cdnjs.cloudflare.com www.google.com www.gstatic.com secure.wufoo.com static.wufoo.com cc.cdn.civiccomputing.com maps.googleapis.com player.vimeo.com *.googletagmanager.com googletagmanager.com www.google-analytics.com tools.eurolandir.com 3xscreen.videosync.fi s3.amazonaws.com laingorourke.us1.list-manage.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;object-src 'none';connect-src 'self' maps.googleapis.com our.umbraco.com *.google-analytics.com google-analytics.com apikeys.civiccomputing.com clapi.civiccomputing.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com region1.google-analytics.com region1.analytics.google.com printreleaf.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.wufoo.com www.google.com printreleaf.com marketplace.umbraco.com youtube.com www.youtube.com player.vimeo.com forms.zohopublic.eu tools.eurolandir.com my.matterport.com;img-src 'self' data: *.googleusercontent.com i.vimeocdn.com dashboard.umbraco.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com www.google.co www.google.co.uk i.ytimg.com www.google-analytics.com accounts.google.co.uk;frame-ancestors 'self';upgrade-insecure-requests ;block-all-mixed-content 1
default-src 'self' syndetics.com www.google-analytics.com; script-src 'self' blob: http://www.vpl.ca https://www.vpl.ca data: 'unsafe-inline' 'unsafe-eval' code.jquery.com www.google.com https://www.google-analytics.com https://www.googletagmanager.com www.gstatic.com https://unpkg.com cdnjs.cloudflare.com m.addthis.com s7.addthis.com tagmanager.google.com v1.addthis.com platform.instagram.com platform.twitter.com cdn.syndication.twimg.com assets.pinterest.com script.crazyegg.com trk.cetrk.com www.flickr.com bclibraries.org translate.google.com https://translate.googleapis.com https://translate-pa.googleapis.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'unsafe-inline' www.vpl.ca https://unpkg.com https://cdnjs.cloudflare.com tagmanager.google.com themes.googleusercontent.com fonts.googleapis.com code.jquery.com https://platform.twitter.com https://typekit.net https://p.typekit.net https://use.typekit.net https://translate.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net/gh/jonthornton/jquery-timepicker@1.14.0/jquery.timepicker.min.css https://cdn.jsdelivr.net/gh/jackocnr/intl-tel-input@v17.0.19/build/css/intlTelInput.min.css https://cdn.jsdelivr.net/npm/normalize.css; img-src 'self' data: *.vpl.ca https://www.vpl.ca *.googleapis.com https://platform.twitter.com https://pbs.twimg.com services.arcgisonline.com syndetics.com secure.syndetics.com https://cdnjs.cloudflare.com www.flickr.com www.instagram.com *.staticflickr.com *.google-analytics.com syndication.twitter.com scontent-sea1-1.cdninstagram.com *.sndcdn.com m.addthis.com *.gstatic.com www.addthis.com log.pinterest.com gtrk.s3.amazonaws.com trk.cetrk.com geo.yahoo.com https://img.youtube.com/ https://www.google.com https://translate.google.com https://server.arcgisonline.com; media-src 'self' www.youtube.com soundcloud.com; child-src 'self' m.addthis.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com  assets.pinterest.com; font-src 'self' themes.googleusercontent.com https://cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://use.typekit.net; connect-src 'self' *.google-analytics.com translate-pa.googleapis.com cdnjs.cloudflare.com https://www.optimalworkshop.com m.addthis.com v1.addthis.com https://translate.googleapis.com; frame-src 'self' edge.addthis.com m.addthis.com https://platform.twitter.com s7.addthis.com www.google.com www.youtube.com w.soundcloud.com www.instagram.com syndication.twitter.com assets.pinterest.com player.vimeo.com;     1
font-src fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.bootstrapcdn.com *.fontawesome.com *.gstatic.com *.facebook.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.carcarekiosk.com/ *.facebook.com *.doubleclick.net *.paypal.com *.kaptcha.com *.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.cloudflare.com *.facebook.com *.facebook.net *.google.com *.google.com.mx *.gstatic.com *.googleusercontent.com *.paypal.com *.icons8.com *.marketo.net *.amazonaws.com *.magecomp.com *.bizibly.com *.showmethepartsdb2.com *.showmethepartsdb.com 7ec3985af1.nxcli.io *.fram.com *.linkedin.com *.doubleclick.net *.yahoo.com *.yahoo.net cbaa309e81.nxcli.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.cloudflare.com *.twitter.com *.fontawesome.com *.newrelic.com *.nr-data.net *.facebook.net *.doubleclick.net *.gstatic.com *.bizible.com *.bing.com *.marketo.net *.livechatinc.com *.weglot.com *.licdn.com *.hotjar.com *.boomtrain.com *.linkedin.com *.ipify.org s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com tagmanager.google.com ssl.google-analytics.com connect.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://cdn.weglot.com *.fontawesome.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.rackcdn.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://cdn.weglot.com cdn-api-weglot.com *.cloudflare.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.facebook.com *.gstatic.com *.googleapis.com *.boomtrain.com *.linkedin.com *.livechatinc.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'  https://findadoctor.rsfh.com https://dev.px.roperstfrancis.connecthealthcare.com https://callcenter.rsfh.com http://careline 1
default-src 'self';child-src 'self' www.youtube.com livemap.getwemap.com *.fls.doubleclick.net;img-src 'self' www.google.com www.facebook.com ws-events.fr www.google-analytics.com *.youtube.com i.ytimg.com www.googletagmanager.com axeptio.imgix.net favicons.axept.io *.gstatic.com www.google.fr 'unsafe-inline' data: maps.gstatic.com *.googleapis.com *.ggpht livemap.getwemap.com ad.doubleclick.net;script-src 'self' 'unsafe-inline' www.google-analytics.com s.ytimg.com www.youtube.com www.googletagmanager.com maps.googleapis.com unpkg.com ws-events.fr livemap.getwemap.com api.getwemap.com static.axept.io api.axept.io client.axept.io googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net region1.analytics.google.com www.google.com analytics.tiktok.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com livemap.getwemap.com;frame-src blob: 'self' livemap.getwemap.com www.youtube.com *.fls.doubleclick.net td.doubleclick.net;connect-src 'self' 'unsafe-inline' www.google-analytics.com s.ytimg.com www.youtube.com www.googletagmanager.com maps.googleapis.com unpkg.com ws-events.fr livemap.getwemap.com api.getwemap.com static.axept.io api.axept.io client.axept.io googleads.g.doubleclick.net stats.g.doubleclick.net connect.facebook.net region1.analytics.google.com www.google.com analytics.tiktok.com fonts.googleapis.com fonts.gstatic.com; 1
object-src 'none'; frame-ancestors 'self'; form-action 'self' ddlnk.net kie-14655.azurewebsites.net kie-14655.design-portfolio.info edit.kie-14655.design-portfolio.info kier.co.uk login.microsoftonline.com; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' https://*.kvno.de https://*.cleverreach.com https://www.deutsches-ausschreibungsblatt.de https://*.kvnoportal.de/ https://*.kvnoportal.kvno.kv-safenet.de/ https://kvnoportal.kvno.kv-safenet.de/ 1
base-uri 'self'; block-all-mixed-content; frame-src 'self' https://player.vimeo.com app.hubspot.com youtube.com https://www.youtube.com assets.ctfassets.net https://consent-pref.trustarc.com; style-src 'self' 'unsafe-inline'; img-src 'self' https://i.vimeocdn.com data: https://i.ytimg.com https://images.ctfassets.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://analytics.google.com https://*.g.doubleclick.net https://*.google.com https://track.hubspot.com https://forms.hsforms.com https://consent.trustarc.com https://i.ytimg.com https://consent.truste.com; form-action 'self'; frame-ancestors 'self' resources.planetscale.com 1
frame-ancestors 'self' http://tw2prod-cms.technologyevaluation.com ; 1
frame-ancestors 'self' twitter.com t.co;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.ep-mimecast.ads-twitter.com https://analytics.twitter.com https://apis.google.com https://cdn.syndication.twimg.com https://content.linkedin.com https://connect.facebook.net https://emailoctopus.com https://en.twitter.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://m.youtube.com https://maps.googleapis.com https://maps.google.com https://platform.twitter.com https://platform.linkedin.com https://static.ads-twitter.com https://static-exp1.licdn.com https://snap.licdn.com https://t.co https://tagmanager.google.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com;style-src 'self' 'report-sample' 'unsafe-inline' *.licdn.com emailoctopus.com fonts.googleapis.com platform.twitter.com ton.twimg.com tagmanager.google.com www.googletagmanager.com;object-src 'none';child-src 'self' *.facebook.com connect.facebook.net platform.twitter.com www.youtube.com www.googletagmanager.com;frame-src 'self' https://maps.google.com  https://www.google.com;base-uri 'self';form-action 'self' *.facebook.com *.twitter.com connect.facebook.net;worker-src 'self' blob: 1
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-cookieyes.com https://clearout.io https://www.clearout.io https://api.clearout.io https://embed.lpcontent.net https://www.googletagmanager.com https://ajax.googleapis.com https://tracking.g2crowd.com https://script.tapfiliate.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://linkedin.com/ https://snap.licdn.com/ https://www.google.com https://assets.calendly.com https://www.calendly.com https://wchat.freshchat.com https://www.gstatic.com https://dev.clearout.io https://clearout.io https://cdn.mxpnl.com https://cdnjs.cloudflare.com https://chimpstatic.com https://connect.facebook.net  https://analytics.clearout.io  https://cdn.taboola.com/ https://sc.lfeeder.com/ https://cdnjs.cloudflare.com https://trc.taboola.com https://www.clarity.ms https://clarity.microsoft.com https://web-sdk.smartlook.com https://asset.b3mxnuvcer.com https://y.clarity.ms; style-src 'unsafe-inline' https://www.google.com https://www.googletagmanager.com https://wchat.freshchat.com https://dev.clearout.io https://clearout.io https://fonts.googleapis.com https://assets.calendly.com http://clearout.io/; frame-ancestors 'self'; base-uri 'self'; report-uri https://clearout.report-uri.com/r/d/csp/enforce; report-to default; 1
default-src 'self' *.wenxiaozhan.cn *.wenxiaozhan.com *.wenshushu.cn *.wenshushu.com hm.baidu.com http: https: ws: wss: data: blob: 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
upgrade-insecure-requests; frame-ancestors https://*.golfonline.co.uk; default-src https: data: blob: 'unsafe-inline' 'unsafe-eval';report-uri /ClientSideErrorLogger.ashx?mode=csp-report 1
connect-src 'self' *.cfbenchmarks.com; 1
default-src 'self';img-src http: https: 'self' 'unsafe-inline';frame-src 'self' https://www.google.com/recaptcha/;script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;style-src 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha;form-action 'self' https://www.google.com/recaptcha/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-9UodN2KwoEGh60IVVZets4+ier9fgb1hsSx6/zP8ADzTIVgC' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://www.webcms.lu https://webcms.lu; 1
default-src * data: ;script-src 'self' 'unsafe-eval' 'unsafe-inline' platform.twitter.com syndication.twitter.com https://www.vimeo.com https://tagmanager.google.com https://*.cloudflare.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://js-agent.newrelic.com https://www.gstatic.com https://www.googleadservices.com https://www.google.com https://www.googleoptimize.com https://polyfill.io https://js.adsrvr.org https://*.siteimprove.net https://siteimproveanalytics.com https://connect.facebook.net https://snap.licdn.com https://www.fullstory.com https://fullstory.com https://googleads.g.doubleclick.net https://*.newrelic.com https://*.adsymptotic.com https://*.nr-data.net https://*.googleapis.com https://*.analytics.google.com https://analytics.google.com https://tags.srv.stackadapt.com https://*.stackadapt.com; style-src 'self' 'unsafe-inline' https://cloud.typenetwork.com https://*.cloudflare.com https://*.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com https://*.typekit.net https://tags.srv.stackadapt.com https://*.stackadapt.com; font-src 'self' data: https://*.typekit.net https://fonts.gstatic.com https://*.bootstrapcdn.com; connect-src 'self'  https://tagmanager.google.com https://analytics.google.com https://*.energytrust.org https://*.ipstack.com https://*.google-analytics.com https://*.analytics.google.com https://*.linkedin.com https://*.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.nr-data.net https://*.pantheonsite.io https://*.energytrust.org  https://*.googleapis.com https://tags.srv.stackadapt.com https://*.stackadapt.com; frame-src 'self' platform.twitter.com https://*.doubleclick.net https://match.adsrvr.org https://insight.adsrvr.org https://www.facebook.com https://*.youtube.com https://player.vimeo.com https://youtu.be https://*.google.com https://*.orgchartnow.com 1
default-src 'self' *.snpmarket.com snpmarket.com api.snp.market blob: data: wss: 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://yandex.ru https://mc.yandex.ru https://admin.verbox.ru https://widget.apibcknd.com https://static.me-talk.ru https://yastatic.net http://yastatic.net https://chat.s3.yandex.net https://suggestions.dadata.ru https://widgets.2gis.com https://api-maps.yandex.ru https://www.gstatic.com https://profilepxl.ru https://cfv4.com https://acint.net https://manalyticshub.com https://pixel.hot-wifi.ru https://get4click.ru https://pixel.detmir.ru https://pxl.knam.pro https://fonts.googleapis.com https://me-talk.ru https://widget.me-talk.ru https://stats.g.doubleclick.net https://e-solution.pickpoint.ru https://core-renderer-tiles.maps.yandex.net https://pvzimage.cdek.ru https://captcha-api.yandex.ru 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://md-scp.kampyle.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://assets.adobedtm.com https://unpkg.com https://www.google-analytics.com https://9873963.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://m.clarity.ms https://stats.g.doubleclick.net https://www.clarity.ms https://analytics.newscred.com https://snap.licdn.com https://www.google-analytics.com https://www.stoneshot.com https://cdn.cookielaw.org https://www.googletagmanager.com https://api.bnpparibas-am.com https://api.staging.bnpparibas-am.com https://player.ausha.co https://apidata.staging.bnpparibas-am.com https://apidata.bnpparibas-am.com; font-src 'self' 'unsafe-inline' data: https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://fonts.gstatic.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; img-src 'self' https://nextgen.am.bnpparibas https://bnpparibas-am-com.go-vip.net https://bnpparibas-am.com https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://bnppampublicglobalprod.112.2o7.net https://diversification.bnpparibas-am.com https://pixel.wp.com https://secure.gravatar.com https://bnppampublicglobaldev.112.2o7.net https://ad.doubleclick.net https://www.linkedin.com https://udc-neb.kampyle.com data:  https://resources.digital-cloud.medallia.eu https://px.ads.linkedin.com https://cdn.cookielaw.org https://www.stoneshot.com https://www.google-analytics.com https://pixel.welcomesoftware.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; base-uri 'self'; object-src 'self'; media-src 'self' https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://www.youtube.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://audio.ausha.co https://audiofiles.ausha.co; child-src 'self' https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://www.youtube.com https://widgets.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://td.doubleclick.net https://9054818.fls.doubleclick.net https://www.youtube.com https://resources.digital-cloud.medallia.eu https://9873963.fls.doubleclick.net https://bnpparibas-am.libcast.com https://embed.api.video https://player.ausha.co; worker-src 'self';style-src 'self' 'unsafe-inline' https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://s0.wp.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://fonts.googleapis.com https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com; connect-src 'self' https://nextgen.am.bnpparibas https://canary-api.bnpparibas-am.com https://canary-api.staging.bnpparibas-am.com https://bnpparibas-am-com.go-vip.net https://bnpparibas-am-com-staging.go-vip.net https://bnpparibas-am-com-develop.go-vip.net https://bnp-privacy.my.onetrust.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://region1.google-analytics.com https://dpm.demdex.net https://resources.digital-cloud.medallia.eu https://apidata.staging.bnpparibas-am.com https://apidata.bnpparibas-am.com https://stats.g.doubleclick.net https://api.staging.bnpparibas-am.com https://api.bnpparibas-am.com https://www.stoneshot.com https://cdn.cookielaw.org https://www.google-analytics.com https://www.google-analytics.com; 1
default-src             'self'             westbahn.at             *.westbahn.at             'unsafe-inline'             data:             https:             https://*.hotjar.com             https://*.hotjar.io             wss://*.hotjar.com             wss://io.fusedeck.net         ; 1
frame-ancestors https://developer.equifax.com/; 1
frame-ancestors 'self' *.fizy.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.youtube.com s.ytimg.com cm.g.doubleclick.net soma.smaato.net us-u.openx.net bossgmarketingmedia.blob.core.windows.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com *.adobedtm.com *.demdex.net ocbcbosdev.112.2o7.net *.ocbc.demdex.net *.everesttech.net *.tt.omtrdc.net *.omtrdc.net *.bankofsingapore.com *.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com *.linkedin.com px.ads.linkedin.com snap.licdn.com linkedin.com px4.ads.linkedin.com sjs.bizographics.com p.adsymptotic.com *.xerevo.com https://anchor.fm; img-src 'self' 'unsafe-inline' *.google.com *.googleapis.com bossgmarketingmedia.blob.core.windows.net *.google.com.sg *.google-analytics.com stats.g.doubleclick.net cm.g.doubleclick.net soma.smaato.net us-u.openx.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com dpm.demdex.net ocbcbosdev.112.2o7.net fast.ocbc.demdex.net *.tt.omtrdc.net *.sc.omtrdc.net *.omtrdc.net smetrics.bankofsingapore.com *.everesttech.net fast.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com dc.ads.linkedin.com px.ads.linkedin.com snap.licdn.com linkedin.com p.adsymptotic.com *.xerevo.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com; child-src 'self' *.ocbc.com; frame-src 'self' *.ocbc.local *.ocbc.com productgroup.bankofsingapore.com *.youtube.com bossgmarketingmedia.blob.core.windows.net cm.g.doubleclick.net soma.smaato.net us-u.openx.net tags.bluekai.com x.bidswitch.net s.acxiomapac.com trc.taboola.com *.fls.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com ocbcbosdev.112.2o7.net ocbc.demdex.net *.demdex.net *.tt.omtrdc.net smetrics.bankofsingapore.com *.everesttech.net fast.partnerID.demdex.hnet insight.adsrvr.org *.sqreemtech.com *.googletagmanager.com *.doubleclick.net *.google.com *.googleapis.com *.demdex.net https://anchor.fm; media-src 'self' 'unsafe-inline' productgroup.bankofsingapore.com bossgmarketingmedia.blob.core.windows.net *.youtube.com cm.g.doubleclick.net *.facebook.net *.facebook.com assets.adobedtm.com *.doubleclick.net *.google.com *.googleapis.com; connect-src 'self' 'unsafe-inline' *.google-analytics.com assets.adobedtm.com dpm.demdex.net ocbcbosdev.112.2o7.net fast.ocbc.demdex.net *.tt.omtrdc.net smetrics.bankofsingapore.com *.amazonaws.com *.googletagmanager.com *.google.com *.googleapis.com snap.licdn.com cdn.linkedin.oribi.io gw.linkedin.oribi.io ocbc.sc.omtrdc.net stats.g.doubleclick.net stats.g.doubleclick.net; 1
default-src https: ; object-src 'none'; img-src * data:; font-src * data:; script-src 'unsafe-inline' *; style-src 'unsafe-inline' *; frame-ancestors 'self' https://newcockpit.eqs.com; 1
default-src: *://*.turktrust.com.tr:* *://www.google-analytics.com:* 1
frame-ancestors 'self'; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=www.komputerswiat.pl::mototech_master-1.64.1 1
object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com https://www.magnetmail.net https://tracking.magnetmail.net https://use.typekit.net https://cdn.jsdelivr.net *.feathr.co *.adroll.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdn.jsdelivr.net/; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://use.typekit.net data: https://cdn.jsdelivr.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://literacyworldwide.org https://p.typekit.net *.feathr.co *.adroll.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.magnetmail.net; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.feathr.co *.adroll.com; 1
object-src data:; base-uri 'self' studio.plasmic.app analytics.plasmic.app; frame-ancestors 'self' studio.plasmic.app analytics.plasmic.app partners.abnormalsecurity.com cms.abnormalsecurity.com staging-cms.abnormalmarketing.dev 1
default-src * https:; frame-ancestors 'self'; img-src * data:; font-src * data:; style-src * 'unsafe-inline'; script-src 'self' https://*.jquery.com https://*.bootstrapcdn.com https://*.wp.com https://debugme.eu https://*.facebook.com *.fbcdn.net https://*.twitter.com https://*.youtube.com  *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https://*.youtube.com *.youtube.com *.youtube-nocookie.com *.google.com 127.0.0.1:* https:; media-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com 127.0.0.1:* https:; object-src 'self' *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com *.google.com 127.0.0.1:* https:; 1
frame-ancestors 'self' https://images.puppyfinder.com https://members.puppyfinder.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com www.gov.cn zfwzgl.www.gov.cn *.cnzz.com zfwzgl.www.gov.cn www.changde.gov.cn; object-src 'self'; frame-ancestors http://www.hunan.gov.cn http://120.226.245.226:33525 http://120.226.245.226:33526 1
default-src 'self'  'unsafe-inline' 'unsafe-eval' *.qtsdatacenters.com;              child-src 'self'  *.adobe.com *.vimeo.com *.gtsdatacenters.com;     frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.youtube.com *.youtu.be *.qtsdatacenters.com *.vimeo.com *.company-target.com *.driftt.com td.doubleclick.net;             connect-src 'self' *.company-target.com *.google.com *.googleapis.com *.crazyegg.com *.doubleclick.net *.google-analytics.com tag-logger.demandbase.com px.ads.linkedin.com/wa/ www.facebook.com/tr ibc-flow.techtarget.com/;              font-src 'self' data: *.gstatic.com *.typekit.net;              img-src * data:;              manifest-src 'self';              media-src 'self' *.bc0a.com *.azure.com;              object-src 'self';              script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.vimeocdn.com *.pardot.com *.qtsdatacenters.com *.polyfill.io *.google.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.marchex.io *.bc0a.com *.b0e8.com *.googletagmanager.com *.driftt.com *.doubleclick.net *.crazyegg.com *.google-analytics.com *.demandbase.com snap.licdn.com/li.lms-analytics/insight.min.js ws.zoominfo.com/pixel/ trk.techtarget.com connect.facebook.net/;              style-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.googleapis.com *.typekit.net *.gstatic.com; 1
img-src 'self' *.zlb.de *.voebb.de *.ytimg.com *.vimeocdn.com https://*.genial.ly data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com matomo.zlb.de *.vimeo.com vimeo.com *.youtube.com https://www.youtube.com https://*.genial.ly  https://zlb-booking.eventis.online blob:; frame-src *.google.com *.youtube.com https://www.youtube.com https://www.youtube-nocookie.com *.vimeo.com vimeo.com https://view.genial.ly; connect-src 'self' matomo.zlb.de https://*.googleapis.com *.google.com https://*.gstatic.com  https://*.genial.ly data: blob:; font-src 'self' https://fonts.gstatic.com https://*.genial.ly; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://zlb-booking.eventis.online https://*.genial.ly; worker-src blob:; form-action 'self'; object-src 'none'; 1
default-src 'self' https://crm.zohopublic.eu https://crm.zoho.eu https://*.fls.doubleclick.net https://*.cloudfront.net https://www.googletagmanager.com https://*.jungleminds.com https://*.imc.com https://*.cdn.prismic.io https://player.vimeo.com https://www.youtube.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://crm.zoho.eu https://connect.facebook.net https://snap.licdn.com https://www.redditstatic.com https://bat.bing.com https://amplify.outbrain.com https://*.doubleclick.net https://*.fls.doubleclick.net https://analytics.google.com https://www.google-analytics.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/count/389847; img-src * data: blob: 'unsafe-inline'; connect-src 'self' https://wd5-services1.myworkday.com https://analytics.google.com https://*.doubleclick.net https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 1
object-src 'none';frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://maps.google.com https://*.twitter.com ;script-src 'self' https://fonts.googleapis.com https://www.youtube.com https://ajax.googleapis.com https://*.twitter.com https://ssl.google-analytics.com https: http: 'nonce-dc60a4b7ec004097a84ad631bc2f886c' 'strict-dynamic' 'unsafe-inline' ;base-uri 'self';font-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com https://cdnjs.cloudflare.com https://use.fontawesome.com;form-action 'self' https://*.twitter.com ;manifest-src 'self';block-all-mixed-content;img-src 'self' data: https://netsential.com https://*.google-analytics.com https://*.ytimg.com data: https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.twitter.com https://*.twimg.com https://twitter-badges.s3.amazonaws.com/ data: https://*.netsential.com https://netsential.com https://*.ytimg.com https://www.facebook.com;report-uri /Content_Security_Policy.aspx 1
default-src 'self' https://*.eum-appdynamics.com/; script-src https://*.appdynamics.com/  https://*.salesforceliveagent.com/ 'self' 'unsafe-eval' 'unsafe-inline'; connect-src 'self' https://*.powerbi.com https://*.eum-appdynamics.com/ https://cloud-api.highcharts.com/openincloud https://portal.knowledgebase.net https://*.salesforceliveagent.com/; img-src 'self' data: https:; style-src 'self' 'unsafe-inline';object-src 'self'; font-src 'self'; frame-src 'self' https://*.take-survey.dev.wkelms.com/ https://*.stgsurvey.wkelms.net/ https://*.survey.wkelms.net/ https://docs.microsoft.com/en-us/ http://www.google.com/intl/en/chrome/business/ https://*.powerbi.com mailto:;frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.vaasa.fi https://*.waltti.fi 1
script-src-elem 'self' 'unsafe-inline' https://js.monitor.azure.com https://js.cdn.applicationinsights.io https://js0.cdn.applicationinsights.io https://js0.cdn.monitor.azure.com https://js2.cdn.applicationinsights.io https://js2.cdn.monitor.azure.com https://az416426.vo.msecnd.net https://cdn.jobgether.com https://cdn.jsdelivr.net https://cdn.growthbook.io https://ka-p.fontawesome.com https://app.ablecdp.com https://kit.fontawesome.com https://ajax.googleapis.com https://track.jobgether.com https://client.crisp.chat https://api.mapbox.com https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://app.ablecdp.com https://d3no41yaodisss.cloudfront.net; worker-src https://api.mapbox.com https://jobgether.com blob: https://jobgether.com/~partytown/partytown-sw.js https://www.googletagmanager.com/gtm.js https://connect.facebook.net/en_US/fbevents.js; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mementomori.social; img-src 'self' data: blob: https://mementomori.social https://media.mementomori.social; style-src 'self' https://mementomori.social 'nonce-/yatrLhzp2t1NS5XvqnIPA=='; media-src 'self' data: https://mementomori.social https://media.mementomori.social; frame-src 'self' https:; manifest-src 'self' https://mementomori.social; form-action 'self'; child-src 'self' blob: https://mementomori.social; worker-src 'self' blob: https://mementomori.social; connect-src 'self' analytics.dude.fi data: blob: https://mementomori.social https://media.mementomori.social wss://mementomori.social; script-src 'self' https://mementomori.social 'wasm-unsafe-eval' analytics.dude.fi 1
worker-src 'self' blob:;img-src 'self' * data:;script-src 'self' * 'unsafe-eval' storage.googleapis.com googletagmanager.com 'unsafe-inline' *.facebook.net *.facebook.com *.google-analytics.com applepay.cdn-apple.com *.googletagmanager.com x.klarnacdn.net *.klarna.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cookiebot.com *.cookiebot.com blob:;connect-src 'unsafe-eval' 'unsafe-inline' 'self' google.com *.google.com api.addressy.com *.facebook.net *.facebook.com *.googletagmanager.com googletagmanager.com *.google-analytics.com storage.googleapis.com api.yotpo.com api-cdn.yotpo.com *.klarnaevt.com x.klarnacdn.net *.klarna.com *.api.commercecloud.salesforce.com *.collect.igodigital.com *.criteo.com api.cquotient.com *.doubleclick.net wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cookiebot.com *.cookiebot.com https://sfcc.predatornutrition.com sfcc.predatornutrition.com clarity.ms *.clarity.ms;default-src 'unsafe-eval' 'unsafe-inline' 'self' api.addressy.com *.facebook.net *.facebook.com googletagmanager.com *.google-analytics.com storage.googleapis.com *.googletagmanager.com wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com cookiebot.com *.cookiebot.com;media-src *;script-src-attr 'unsafe-inline' x.klarnacdn.net x.klarnacdn.net *.klarna.com wisepops.net *.wisepops.net wisepops.com *.wisepops.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com;frame-src 'self' *;upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self'; base-uri 'self'; connect-src 'self' https://api-prod.omnivore.app https://proxy-prod.omnivore-image-cache.app https://accounts.google.com https://proxy-demo.omnivore-image-cache.app https://storage.googleapis.com https://widget.intercom.io https://api-iam.intercom.io https://static.intercomassets.com https://downloads.intercomcdn.com https://platform.twitter.com wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://tools.applemediaservices.com; font-src 'self' data: https://cdn.jsdelivr.net https://js.intercomcdn.com https://fonts.intercomcdn.com; form-action 'self' https://api-prod.omnivore.app https://getpocket.com/auth/authorize https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://www.notion.so https://api.notion.com; frame-ancestors 'none'; frame-src 'self' https://accounts.google.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' accounts.google.com https://widget.intercom.io https://js.intercomcdn.com https://platform.twitter.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net https://www.gstatic.cn/; style-src 'self' 'unsafe-inline' https://accounts.google.com https://cdnjs.cloudflare.com; img-src 'self' blob: data: https:; worker-src 'self' blob:; media-src https://js.intercomcdn.com; 1
default-src 'self' go.sg https://www.csa.gov.sg https://cdn1.readspeaker.com; script-src apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://s.ytimg.com https://publish.twitter.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net unpkg.com/@frontify/ cloudinary.com *.gov.sg gov.sg https://www.csa.gov.sg https://ihp.csa.gov.sg sharethis.com embedsocial.com https://www.googletagmanager.com https://cdn1.readspeaker.com https://wwww.youtube.com https://assets.wogaa.sg jquery.com https://www.twimg.com https://www.google.com https://www.gstatic.com https://api.ihp.csa.gov.sg 'self' *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ embedsocial.com https://assets.wogaa.sg https://cdn.insight.sitefinity.com https://dec.azureedge.net https://www.google.com jsdelivr.net https://cdn1.readspeaker.com https://www.googleapis.com https://www.twimg.com https://www.gstatic.com https://cdn.jsdelivr.net 'self' web-chat.nativechat.com 'unsafe-inline'; img-src platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ data: blob: https://www.google.com https://www.google.com.sg https://cdn.insight.sitefinity.com *.gov.sg gov.sg www.csa.gov.sg frontify.com cloudinary.com https://www.youtube.com https://www.twimg.com https://www.gstatic.com https://www.googleapis.com 'self' *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: jsdelivr.net https://www.google.com; frame-src embedsocial.com https://www.youtube.com https://assets.wogaa.sg https://e.issuu.com/embed.html https://www.google.com https://www.checkfirst.gov.sg/ https://cdn1.readspeaker.com https://app-eas.readspeaker.com https://rstts-eas.readspeaker.com *.readspeaker.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src data: accounts.google.com mktoresp.com frontify.com cloudinary.com *.gov.sg gov.sg https://stats.g.doubleclick.net https://www.csa.gov.sg https://ihp.csa.gov.sg https://www.youtube.com https://assets.wogaa.sg https://snowplow-web.wogaa.sg https://www.google.com https://analytics.google.com https://www.checkfirst.gov.sg/ https://cdn1.readspeaker.com https://app-eas.readspeaker.com https://rstts-eas.readspeaker.com https://media-eas.readspeaker.com https://www.googleapis.com https://www.gstatic.com https://api.ihp.csa.gov.sg *.readspeaker.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: frontify.com cloudinary.com https://www.youtube.com https://www.google.com https://www.google.com.sg; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com frontify.com cloudinary.com embedsocial.com https://www.youtube.com https://assets.wogaa.sg https://www.google.com https://www.checkfirst.gov.sg/ https://cdn1.readspeaker.com 'self' web-chat.nativechat.com; form-action 'self' https://login.microsoftonline.com https://www.csa.gov.sg https://www-origin.csa.gov.sg https://web-intranet.csa.gov.sg https://cdn1.readspeaker.com https://app-eas.readspeaker.com; frame-ancestors 'self' embedsocial.com https://www.youtube.com https://assets.wogaa.sg https://www.google.com https://www.checkfirst.gov.sg/ https://cdn1.readspeaker.com https://app-eas.readspeaker.com; object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:     https://advertiserpro.flexoffers.com/     https://api.joinnow.live/     https://bat.bing.com/     https://browser.sentry-cdn.com/     https://cdn.foxycart.com/     https://cdn.jsdelivr.net/     https://cdn.jwplayer.com/     https://cdn.knightlab.com/     https://cdn.pdst.fm/     https://cdnjs.cloudflare.com/     https://code.jquery.com/     https://connect.facebook.net/     https://connect.facebook.net/     https://diffuser-cdn.app-us1.com/     https://ef.richdadworld.com/     https://experts.richdadworld.com/     https://google.com/     https://googleads.g.doubleclick.net/     https://intljs.rmtag.com/     https://joinnow.live/     https://ka-f.fontawesome.com/     https://kit.fontawesome.com/     https://o228308.ingest.sentry.io/     https://pei.activehosted.com/     https://prism.app-us1.com/     https://richdad.foxycart.com/     https://richdadespanol.foxycart.com/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://script.hotjar.com/     https://sealserver.trustkeeper.net/     https://sealserver.trustwave.com/     https://ssl.p.jwpcdn.com/     https://static.hotjar.com/     https://tags.rd.linksynergy.com/     https://td.doubleclick.net/     https://trackcmp.net/     https://tracker.marinsm.com/     https://unpkg.com/     https://use.fontawesome.com/     https://ut.rd.linksynergy.com/     https://vc.hotjar.io/     https://vjs.zencdn.net/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googletagmanager.com/     https://www.gstatic.com/     https://www.peicoachnetwork.com/     https://www.richdadworld.com/     https://ajax.googleapis.com/     https://cdn.datatables.net/     https://maxcdn.bootstrapcdn.com/     https://www.upsellit.com/; style-src 'self' 'unsafe-inline'     https://cdn.foxycart.com/     https://cdn.joinnow.live/     https://cdn.jsdelivr.net/     https://cdn.knightlab.com/     https://cdnjs.cloudflare.com/     https://experts.richdadworld.com/     https://fonts.googleapis.com/     https://netdna.bootstrapcdn.com/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://use.fontawesome.com/     https://www.peicoachnetwork.com/     https://maxcdn.bootstrapcdn.com/     https://cdn.datatables.net/     https://www.richdadworld.com/; img-src 'self' data: blob:     https://api.joinnow.live/     https://assets-jpcust.jwpsrv.com/     https://bat.bing.com/     https://cdn.jwplayer.com/     https://dev.richdadworld.com/     https://experts.richdadworld.com/     https://googleads.g.doubleclick.net/     https://idsync.rlcdn.com/     https://pei.activehosted.com/     https://prd.jwpltx.com/     https://richdad.com/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://sealserver.trustkeeper.net/     https://sealserver.trustwave.com/     https://stats.g.doubleclick.net/     https://trackcmp.net/     https://use.fontawesome.com/     https://www.facebook.com/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googletagmanager.com/     https://www.gravatar.com/     https://www.peicoachnetwork.com/     https://cdn.datatables.net/     https://www.richdadworld.com/; font-src 'self' data:     https://cdn.knightlab.com/     https://fonts.gstatic.com/     https://ka-f.fontawesome.com/     https://netdna.bootstrapcdn.com/     https://recaptchaenterprise.googleapis.com/     https://ssl.p.jwpcdn.com/     https://maxcdn.bootstrapcdn.com/     https://use.fontawesome.com/; media-src 'self' blob:     https://experts.richdadworld.com/     https://joinnow.live/     https://profedu.hs.llnwd.net/     https://richdadworld.com/     https://recaptchaenterprise.googleapis.com/     https://use.fontawesome.com/     https://www.peicoachnetwork.com/     https://www.richdadworld.com/     https://videos-cloudfront-usp.jwpsrv.com/     https://cdn.jwplayer.com/; connect-src 'self'     https://analytics.google.com/     https://api.joinnow.live/     https://apidev.thepei.com/     https://assets-jpcust.jwpsrv.com/     https://bat.bing.com/     https://cdn.jwplayer.com/     https://content.hotjar.io/     https://experts.richdadworld.com/     https://google.com/     https://joinnow.live/     https://richdadworld.com/     https://ka-f.fontawesome.com/     https://metrics.hotjar.io/     https://o228308.ingest.sentry.io/     https://pagead2.googlesyndication.com/     https://pei.activehosted.com/     https://prd.jwpltx.com/     https://profedu.hs.llnwd.net/     https://pxy.thepei.com/     https://www.richdadespanol.com/     https://recaptchaenterprise.googleapis.com/     https://sheets-proxy.knightlab.com/     https://ssl.p.jwpcdn.com/     https://stats.g.doubleclick.net/     https://td.doubleclick.net/     https://td.doubleclick.net/     https://thepei.com/     https://track.flexlinkspro.com/     https://us-central1-adaptive-growth.cloudfunctions.net/     https://vc.hotjar.io/     https://videos-cloudfront-usp.jwpsrv.com/     https://vc.hotjar.io/     https://www.google-analytics.com/     https://www.google.com/     https://www.googleadservices.com/     https://www.googleadservices.com/     https://www.peicoachnetwork.com/     wss://ws.hotjar.com/; frame-src 'self'     https://agelessbeautysolutions.com/     https://cfclassic.richdad.com/     https://experts.richdadworld.com/     https://google.com/     https://www.googletagmanager.com/     https://joinnow.live/     https://pei.activehosted.com/     https://richdad.foxycart.com/     https://richdadworld.com/     https://richdadespanol.com/     https://richdadespanol.foxycart.com/     https://recaptchaenterprise.googleapis.com/     https://tags.rd.linksynergy.com/     https://td.doubleclick.net/     https://vc.hotjar.io/     https://www.facebook.com/     https://www.google.com/     https://www.monthlyshoppingdollars.com/     https://www.richdadworld.com/     https://www.richdadespanol.com/     https://www.thepeionline.com/     https://cdn.jwplayer.com/     https://www.peicoachnetwork.com/; frame-ancestors 'self'     https://agelessbeautysolutions.com/     https://api.joinnow.live/     https://cfclassic.richdad.com/     https://experts.richdadworld.com/     https://joinnow.live/     https://richdad.foxycart.com/     https://richdadespanol.com/     https://richdadespanol.foxycart.com/     https://recaptchaenterprise.googleapis.com/     https://vc.hotjar.io/     https://www.carletonsheets.com/     https://www.peicoachnetwork.com/     https://www.thepeionline.com/; worker-src 'self' blob: 1
default-src 'none'; child-src https://www.lolli.com; connect-src https://*.algolia.net https://*.algolianet.com https://wa.appsflyer.com https://wa.onelink.me data: https://bat.bing.com https://sdk.iad-05.braze.com https://cdn.contentful.com/spaces/lcg55p58f347/ https://images.ctfassets.net/lcg55p58f347/ https://firestore.googleapis.com/ https://identitytoolkit.googleapis.com/v1/ https://securetoken.googleapis.com/v1/token https://www.googleapis.com/identitytoolkit/v3/ https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ga-audiences https://*.g.doubleclick.net https://measurement.lolli.com/g/collect https://api.rollbar.com/api/1/item/ https://tr.snapchat.com https://cdn.contentful.com/spaces/lcg55p58f347/environments/master/entries https://api.dwolla.com https://firebaseinstallations.googleapis.com/v1/projects/lolli-prod-fire/ https://firebaseremoteconfig.googleapis.com/v1/projects/lolli-prod-fire/ https://api.lolli.com https://www.lolli.com https://connect.lolli.com; font-src 'self'; form-action https://tr.snapchat.com https://api.lolli.com https://www.lolli.com https://www.lolli.com/account/login; frame-ancestors https://www.lolli.com; frame-src https://lolli.webpush.freshchat.com https://lollicare.freshchat.com https://www.google.com/recaptcha/ https://www.google.com/recaptcha/enterprise/ https://tr.snapchat.com https://optimize.google.com https://lolli-prod-fire.firebaseapp.com https://www.lolli.com https://connect.lolli.com https://widgets.moneydesktop.com; img-src 'self' data: https://bat.bing.com https://appboy-images.com https://braze-images.com https://images.ctfassets.net/lcg55p58f347/ https://*.g.doubleclick.net https://measurement.lolli.com/collect https://www.googletagmanager.com https://content.moneydesktop.com https://alb.reddit.com/rp.gif https://tr.snapchat.com https://static.lolli.com; manifest-src https://www.lolli.com/site.webmanifest; media-src; object-src 'none'; script-src https://websdk.appsflyer.com/ https://cdn.dwolla.com/1/dwolla.min.js https://apis.google.com/js/api.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/recaptcha/enterprise.js 'sha256-Hbqi1Bk2d4kW2fR3hLXcsQs+cdjU6yX3f4U3jGxcZYk=' 'sha256-v8QvaXibYxZyRlPckpp91vb6eZuajj1Vc8RZYgS5e4Q=' https://www.lolli.com https://bat.bing.com https://js.appboycdn.com https://connect.facebook.net/en_US/fbevents.js https://assetscdn-wchat.freshchat.com/static/assets/ https://rts-static-prod.freshworksapi.com https://lollicare.freshchat.com/js/widget.js https://www.googleadservices.com https://measurement.lolli.com https://www.googletagmanager.com/gtag/ https://apis.google.com/_/scs/abc-static/_/js/ 'sha256-kGUQiECb7HTB3+cdt9SV9OGtiju37vTHScB5TlU3tzo=' https://optimize.google.com https://www.googleoptimize.com 'sha256-f8nS1SFG7RGs3fmDwVLRaylqBvCgeiVA8jtz4xPg7+s=' https://www.redditstatic.com/ads/pixel.js https://sc-static.net/scevent.min.js https://analytics.twitter.com/i/adsct https://static.ads-twitter.com/uwt.js https://connect.facebook.net/signals/config/712536369102043 'sha256-w88c9dDyrmROGT5sV4Hdyw1CHcB7SNnicY20d5snt38=' 'sha256-peQh3eiuRnoEJ+AAgfBEv1T1oG7FDmbjJSNevHTSSvQ=' 'sha256-f8nS1SFG7RGs3fmDwVLRaylqBvCgeiVA8jtz4xPg7+s='; style-src 'self' 'unsafe-inline' https://lollicare.freshchat.com/ https://optimize.google.com/optimize/editor/css/; 1
img-src * data:; font-src * data:;  connect-src *; media-src * data: blob:; object-src *; frame-ancestors "self" https://advancedmd-hub.knowledgeowl.com https://static-100.advancedmd.com https://static-999.advancedmd.com; 1
script-src 'self' 'nonce-KBWmtLN2plbHh6MXhvWWhGbTRZQ3NTd0FBQW9R' 'unsafe-inline' kingbrand.com www.kingbrand.com shop.kingbrand.com;object-src 'none'; base-uri 'self'; 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:;  style-src 'self' 'unsafe-inline' https:;  img-src 'self' data: https:;  connect-src 'self' https://*.hsforms.com http://*.hubapi.com https://*.hubspot.com https://*.hs-sites.com https://analytics.google.com https://*.google-analytics.com https://sidebar.bugherd.com https://*.doubleclick.net https://*.google.com https://*.vimeo.com https://static.addtoany.com http://*.referralrock.com https://fullstory.com https://*.linkedin.com https://*.hotjar.com https://content.hotjar.io wss://*.hotjar.com https://conversions-config.reddit.com https://c.sf-syn.com https://www.getapp.com;  font-src 'self' https: data:;  object-src 'none';  frame-ancestors 'self';  base-uri 'self'; frame-src https://sidebar.bugherd.com https://*.google.com https://*.google-analytics.com https://*.vimeo.com https://*.hsforms.com http://*.hubapi.com https://*.doubleclick.net https://static.addtoany.com http://*.referralrock.com https://fullstory.com https://*.linkedin.com https://*.hubspot.com https://*.hs-sites.com https://*.hotjar.com https://content.hotjar.io wss://*.hotjar.com https://conversions-config.reddit.com https://c.sf-syn.com https://www.getapp.com;  1
connect-src * ws:; img-src 'self' 'unsafe-inline' data: cdn.shopify.com cdn2.shopify.com cdn-images-1.medium.com medium.com images.contentful.com images.ctfassets.net www.nova.is *.google-analytics.com www.google.com www.google.is www.facebook.com stats.g.doubleclick.net *.gstatic.com http://kort.samsyn.is https://www.sitewatch.is eu2.siteimprove.com *.global.siteimproveanalytics.io *.cloudfront.net bat.bing.com support.nova.is v2assets.zopim.io mpi.borgun.is novadesk.zendesk.com server.seadform.net; font-src 'self' fonts.googleapis.com/css fonts.gstatic.com; object-src 'self'; media-src 'self' blob: videos.contentful.com videos.ctfassets.net support.nova.is; manifest-src 'self'; script-src 'self' 'nonce-6cdc1aa7-0f5e-493a-9b34-01698f97e5f5' 'unsafe-inline' 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com connect.facebook.net tagmanager.google.com *.google.com https://platform.twitter.com https://connect.facebook.net https://www.facebook.com https://kort.samsyn.is api.autopilothq.com cdn.embedly.com static.zdassets.com; style-src 'self' 'unsafe-inline' blob: 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com blob: kort.samsyn.is hello.myfonts.net cdn.embedly.com mpi.borgun.is cdn.cookiehub.eu 1
default-src  'self'; img-src  'self'; script-src  'self'; object-src  'self'; style-src  'self' 'unsafe-inline'; 1
script-src 'self' 'sha256-AIQ71vC/cbv/iqjppDIzKmgomz6eW5/k5hz3XvRuCKE=' 'sha256-va6TOOjz2O22I13r7TKpGTYrmwQl7hID00pD+ETzAdM=' 'sha256-heANn1E8Yn/qF1A0lZCrnC4ilwDUOW7Z7evrkSgxFR8=' 'sha256-BMYxtlO2hL/pehK8YAu8xRZ9jL4BQUiXnn3WovaMdIM=' 'sha256-IbH1Ihx32vNxIPMwlmBbNkjlXta98Wx2gfSuspwc62U=' 'sha256-uUGh27mkxFtZNzF/ByZ7D7sYXa8sltfuYLBXw19uotc=' 'sha256-n7z4INwcAkTKOdFpSCbW0ljQM78wYIsX2hGldWJmQAM=' 'sha256-7BAcmBfaSuowENlKq0JUN8LsI3jbdO5c8K2BclnHCgU=' 'sha256-O0Kte81KfNR2Zr0NGw0tr/lT4VMU8bBXf1HZChkuChI=' 'sha256-w20TOnoqCiPZGNds65jI57FSvIq5TKuof8cVjjVA1EE=' 'sha256-paUsbkTbSfxKpuhYfSCnZaRi3xHaOisQ+jOYFtIZRco=' 'sha256-A+Yjb3xhGL5QoIPZPtTRpHpzodNRIsDfcVz/UI2vfwg=' 'sha256-bL63edAiBQUXjZMqy57RmDZEpd2wty21w7e9ocyuV4A=' 'sha256-wlVGSvV56aMXMmGh9FumPemeT/ueqzjElAZB3Xveojg=' 'sha256-nRUjnpDfxYvKLKTfCXn9k6ALcaBHbD12VGQY0XzdSXA=' 'sha256-XT/SJjKhuAoxfoOAdYPuEqzExkNgTryWmSh74xu85Xc=' 'sha256-9+bCXmCH7rvBmMvNli/g/8wB2HzkzUUFzSeAdQfvvXM=' 'sha256-rbb17uLBFanQt669VKrpgvkYiqPvygMZ/TSEY8gxfDc=' 'sha256-243kzjxy1sReMb9O9ucZU2KPAgdO2KDqBuESoP5R7Hg=' 'sha256-L5APfdQoICyyu1LncBgMQXz2Cyt35jkRMtuq1tlTM0E=' 'sha256-KhbBK1W+t2ppnDcn2tBLGdjjIoWWXMaj+rzURZ4kfG8=' 'sha256-qw7UDibYMW5FsmfqYre81D8aQz9Ig4Vu3q37Fv7CWUE=' 'sha256-RlONmandIqG29OoZalJmIE+hy/HKK4icbsQh9rNCUxg=' 'sha256-YFb3GiEgChZVtZPCox97PG7imh4OHvwmXNUpbJQefAc=' 'sha256-b3VFmkBB+Dd9QhUtmEcVzIY7c8aVWdWOFrz5nt5JXW8=' 'sha256-T8fdTKma0sQum2en0NkD+0VmlGbd2pK5W5dTLjwaj1E=' 'sha256-B6ae1solGMdp100CEJqwCaOBpwXkQsQv1iT8LJdm2S8=' 'sha256-6aUZ1r3vDv2jbBgP0ak1c/VFuLjV8V7k8kYssyDCFMg=' 'sha256-dcjkGi6HbaBCVti20IlbRizKaBpmBm9R+WuDbLsVgkY=' 'sha256-Nko+FKK4HTlTt8BILHjSfHznZWbVsty2suK0cj+Dxh4=' 'sha256-3Wm/AUruDTm1zeyL5HBD4m5vWSx0uKpDm9pruGctOPA=' 'sha256-b5TlYbCiggWejRQSyEnVeh05xS30FXTzTwKD5fAX26g=' 'sha256-gvZoYP95M3bOOA38b8TWsEbLte9G3BvEaw2Cq7rXkws=' 'sha256-F+D2YA1vJAt4HUuZPTUntKwe2CaScBZi/d4JZSZHSdA=' 'sha256-IOFpjDkdQi15gLIDUMv3oHdZxSB+DKfwlZwDUAp2K6g=' 'sha256-b0WdRqkjfLCW+hdbOTh/0LEToM39GKp5tklHJ9mYg24=' 'sha256-TI77cnJmXFjkCezVLceoEtQn1IvBgBZTG67cu7+IMso=' 'sha256-2YylypI4lDxpNpagwNrDyzKSNw09V0YvqYJet1XGynM=' 'sha256-iGUSlYfxa5hvU3+8AvMcr8Iui13nfeAvfcnkt4mN9/Q=' 'sha256-lKKyGJkWi3k8TGTg5AT3FZUGQ5woYymqhWli6KSI1A4=' 'sha256-pm1xOW3PChyQDSi3FMnXJhv/3TNZvKA3NkH3ejjTvLg=' 'sha256-pm1xOW3PChyQDSi3FMnXJhv/3TNZvKA3NkH3ejjTvLg=' 'sha256-1JqVY+/ccgQLZRJxXmARuuw7prmC8dMdzxGcGqfFG7U=' 'sha256-k0x6LEf752lnSYLElXf3ATwTqJmyoHBip3m52Zi+4uU=' 'sha256-ezqZ42NGLbV7IXa4+Y1aKeB5GC0mTr4r9JyG6vn76Yg=' 'sha256-8SRDksOYKw+w4Uj6jD2FGI5KWcNo/joOOPHsr9s/FDU=' 'sha256-narskeCfkY2s7lLNmY8VHv68tI08F9lzSHgA76rk5Ss=' 'sha256-ZJNZf3QmWNfWyxiCv6DvfM4cWA2sviCbc4BQNcWaF9g=' 'sha256-+XBHbZ7fVywUMEU7R5jpkqOSKC30pe/lwGut1FCvUYk=' 'sha256-OPUmYyN6abaLCx4ntHJqQQ0caI1h24wl12BuqBMMw4s=' 'sha256-hW1qT63zTErxFM2yM24ws4nkuPvVIRvCiOlcsox55d0=' 'sha256-B/Qg/yz3J8z0JnJDkHL+z9W91d+45W898TuNR75ubTQ=' 'sha256-jAesQ02hAHaCDp0hwlcvJPoagAsNK3SqWC88YQkoWN0=' 'sha256-Wit2mSrHkp1EKrmuguCZCm90V8Rn08JEG1zNP/qe5Bc=' 'sha256-hNTOFD/Vw4DGG+8dAHPkSr5DUnh0U7SCWDcbptGUdVs=' 'sha256-cOXpSszfPpqHXYdBqhnu2aEAKzNl1F3r/7hbKfXSTaU=' 'sha256-IcTwDbvDzSegNrYlXdBM+JYmM/qR+a6CzL/Ow9IuEvQ=' 'sha256-+jWOldyMR2URwkWCUpRCJgIHZsoFl5TbuP4IUjhfhKU=' 'sha256-2hSMjUqy4QvCAaS3Z+fInO9QheS0ujG6RGRybSsmIoo=' 'sha256-hpT5H9tpmbgsHZj57qeb58F23eiFSs83Vg6BuzOpLDM=' 'sha256-U3TMn3zWli0V2ForAElNKtOhC3tBR6Ru+DSPyQN8Jwo=' 'sha256-x/itwPidv9+L6cMMmKjJdNvw0/a1pvm5LG/OPueCiOw=' 'sha256-9JFFZm0EXX9aREfth5eKjWP7VJHoCw8+dRpinXi72i0=' 'sha256-2ql5a5KJ1zVedzgVslZDx9GH6Ugw0WnmESRO4JIA9Jg=' 'sha256-pazvKIH8e9CDlbFL3OvExx14t+N5TKd63cGA2PT/p/w=' 'sha256-scJxNFktHRyFZnIWgn0nQYbPmGHgvEvodDns5ULBEtY=' 'sha256-KQ572gsMoe2ApGGtNKt8sn6RzlAMGeMavN3hrQg0lUg=' 'sha256-nWswRGJb0wwpsoO4r80ucYihPTeSwBhpZlIet03tB0o=' 'sha256-O6Vo4q1EFTdbDmEUJyY9WIpqFH3S8QifA3BDEktBsO8=' 'sha256-5m+l5iHs/jzDD9DpsWY7uI2+kr3jEDoY20zgp/e6hI0=' 'sha256-wgHn5tXAjwNChO+bHx/FK5jc4ikIVKLydM38+ADva40=' 'sha256-AIQ71vC/cbv/iqjppDIzKmgomz6eW5/k5hz3XvRuCKE=' 'sha256-zFoNT0LEtXSxSMk77COnbvUQMmA4DJrw/cdRHhK308A=' 'sha256-q3syjA3qBX6LMgSFYiOYnSlzu/1OtrVQWG9UDlXvWcw=' 'sha256-yz2f3lFWqx08irfpWSgh+1Dxd9VY26GupxXA3haM3Nc=' 'sha256-yz2f3lFWqx08irfpWSgh+1Dxd9VY26GupxXA3haM3Nc=' 'sha256-rpO1Bl/aKD5NBSBEPVeszMrwWRItjfHGzt6cD0b8Fs0=' 'sha256-K7hOQOHspSGkAPwbYkdc6C9mo4ZY1V5aYuefwJxme5c=' 'unsafe-hashes' 'sha256-BL+migHG9cUjN4WqK7SGkEKhSlGmW4AxaSRpSr77zoA=' 'sha256-UuctKm/nbgC4ykT2oycIwwVuAZ1CcEeoJWP+KOY+etg=' 'sha256-Dpt5+Qc+DNpGD/gLKwgaXaes6p2yY6Vg5Uv7Kdcno/M=' https://plausible.io/js/script.js https://code.jquery.com/jquery-3.6.4.min.js https://js.hsforms.net/forms/embed/v2.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://*.cookiebot.com https://js.hs-scripts.com/4109677.js https://www.googletagmanager.com/gtag/ https://js.hscollectedforms.net/collectedforms.js https://js.hs-analytics.net/analytics/ https://js.hsleadflows.net/leadflows.js https://googleads.g.doubleclick.net/pagead/ https://js.hsadspixel.net/fb.js https://snap.licdn.com/li.lms-analytics/insight.min.js  https://*.wistia.com https://*.wistia.net https://js.hs-banner.com/integrations.js https://js.hubspot.com/web-interactives-embed.js https://js.hs-banner.com/v2/4109677/banner.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://*.googletagmanager.com ; object-src 'self'; base-uri 'self'; 1
default-src 'self'  'unsafe-hashes' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://youtube.com  https://www.google.com/recaptcha/ https://cdn.userway.org https://www.gstatic.com/recaptcha/ https://cdn.cookielaw.org  https://js.hs-scripts.com  https://js.hsforms.net https://ajax.googleapis.com https://play.vidyard.com https://www.googletagmanager.com   https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com 'unsafe-hashes' 'unsafe-inline'; style-src  'self' https://fonts.googleapis.com/ https://cdn.userway.org  'unsafe-hashes' 'unsafe-inline'; img-src 'self'  https://play.vidyard.com https://track.hubspot.com https://cdn.userway.org https://perf.hsforms.com https://cdn.vidyard.com https://forms-na1.hsforms.com https://forms.hsforms.com https://no-cache.hubspot.com data: https://www.google-analytics.com  https://cdn.cookielaw.org;font-src 'self' https://cdn.userway.org  data: https://fonts.gstatic.com; media-src 'self' https://cdn.userway.org ;connect-src 'self' https://www.google-analytics.com https://cdn.userway.org https://api.userway.org/ https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.youtube.com https://forms.hsforms.com  https://forms.hubspot.com;frame-src 'self' https://www.youtube.com https://cdn.userway.org https://play.vidyard.com https://js.hsforms.net https://forms.hsforms.com https://maps.google.com  https://www.google.com/recaptcha https://www.google.com 1
frame-ancestors 'self' www.cajasur.es; 1
default-src *.sanuk.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.us-1.gladly.chat *.cdn.gladly.com *.gladly.com tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.sanuk.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net *.cdn.gladly.com *.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; style-src *.sanuk.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io *.cdn.gladly.com *.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.sanuk.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com; worker-src *.sanuk.com blob: *.osano.com; child-src *.sanuk.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; report-uri https://www.sanuk.com/_/csp-reports 1
object-src 'none'; base-uri 'self'; frame-ancestors 'self' https://*.mockflow.com https://mockflow.com;  script-src https://www.googletagmanager.com https://kb.wowto.ai https://view.subpage.app  https://*.hs-scripts.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.usemessages.com https://*.hs-analytics.net https://*.hubspot.com https://*.hsleadflows.net https://*.hsforms.net https://*.hubspotfeedback.com view.subpage.app https://app.wowto.ai https://app.wowto.ai https://ajax.googleapis.com ajax.cloudflare.com static.cloudflareinsights.com https://assets.calendly.com https://checkout.paddle.com https://checkout.paddle.com https://cdn.paddle.com http://ip-api.com https://d20hhedk3h2l88.cloudfront.net https://apis.google.com https://www.google.com https://www.google-analytics.com static.chartbeat.com cdn.paddle.com 'self' 'unsafe-eval'  'nonce-f1fd21e52ce941bb9b5cce23b7bf3232' 'nonce-70cb3fedcfc54e6ab5423eed487e6ceb' 'nonce-ff557728a464420d898babefd4c46cd0' 'nonce-3b21b1a01d02485c9e6ac768638f3046' 'nonce-9c0e859962924db1960da34c017c0a8a' 'nonce-24b4a989c575494987eda1c656ce71c3' 'nonce-26cefaf1dd51419ea885b6921a4bfa56' 'nonce-acc688fe0cd948af87ce1e5a131e805a' 'nonce-4922d08e73cb4870916f7f70339a3b67' 'nonce-47c41abc52c2492bbf55940f4a8e9d7d' 1
upgrade-insecure-requests; default-src 'self' 'report-sample'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: *.authorize.net *.hotjar.com *.hotjar.io *.clarity.ms *.opendns.com https://cdnjs.cloudflare.com/ajax/libs/select2/ *.jwpcdn.com *.olark.com *.google.com *.ckeditor.com *.scorm.com *.google-analytics.com *.googletagmanager.com *.bing.com *.marchex.io https://stats.g.doubleclick.net *.doubleclick.net *.gstatic.com https://seal-alaskaoregonwesternwashington.bbb.org *.youtube-nocookie.com *.youtube.com *.youtu.be *.ytimg.com onlineed.api.oneall.com unpkg.com data:; object-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' *.olark.com *.onlineed.com *.onlineed.net *.googleapis.com *.ckeditor.com *.scorm.com *.bbb.org https://cdnjs.cloudflare.com/ajax/libs/select2/; img-src * data: blob: android-webview-video-poster:; media-src 'self' 'report-sample' blob: *.cloudfront.com *.onlineed.com *.onlineed.net *.google.com *.olark.com *.gstatic.com *.youtube-nocookie.com *.youtube.com *.youtu.be *.ytimg.com; frame-src 'self' 'report-sample' *.authorize.net onlineed.api.oneall.com *.scorm.com *.ckeditor.com *.youtube-nocookie.com *.youtube.com *.youtu.be *.vimeo.com *.olark.com *.google.com; font-src 'self' 'report-sample' *.olark.com *.hotjar.com *.gstatic.com http://fonts.gstatic.com *.google.com *.ckeditor.com *.jwpcdn.com data: blob: *.googleapis.com *.fontawesome.com; connect-src 'self' *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.clarity.ms https://s3.amazonaws.com/www.onlineed.com/ https://s3-us-west-2.amazonaws.com/onlineed-test/ *.opendns.com *.olark.com *.google.com *.onlineed.com *.googleapis.com *.onlineed.net *.bbb.org *.googletagmanager.com *.google-analytics.com https://stats.g.doubleclick.net *.doubleclick.net *.bing.com; frame-ancestors 'self'; form-action 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval' ; child-src blob: ; worker-src 'self' https://via.batch.com blob: ; script-src * 'unsafe-inline' 'unsafe-eval' ; connect-src * ; media-src * ; img-src * data: blob: ; frame-src *; style-src * data: 'unsafe-inline'; font-src * data: ; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net https://code.jquery.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://kendo.cdn.telerik.com/2017.2.504/js/kendo.all.min.js https://gateway.answerscloud.com/beaumont-org/production/gateway.min.js https://gateway.foresee.com/sites/beaumont-org/production/gateway.min.js https://cookie-cdn.cookiepro.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.2/js/bootstrap.min.js https://cdn.kyruus.com https://api.enqbator.com https://w.usabilla.com https://api.usabilla.com https://d6tizftlrpuof.cloudfront.net https://www.googletagmanager.com http://cdn.b0e8.com https://104413.tctm.xyz/ https://104413.tctm.co/ https://104413.cctm.xyz/ https://kit.fontawesome.com *.sharethis.com FAD West/South databsase DBFINDP01 aorta.clickagy.com hemsync.clickagy.com *.adsrvr.org https://js.zi-scripts.com https://tags.clickagy.com 'self' 'unsafe-inline' 'unsafe-eval' web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org *.eloqua.com *.en25.com; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://unpkg.com/ionicons@4.5.10-0/dist/css/ionicons.min.css https://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com/releases/v5.14.0/css/all.css https://use.fontawesome.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css https://cdn.kyruus.com https://d6tizftlrpuof.cloudfront.net https://cdnjs.cloudflare.com 'self' 'unsafe-inline' web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.beaumont.org/images/ https://kloggyr-service.kyruus.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://cdn-images.kyruus.com https://cdn.kyruus.com http://a.b0e8.com/brightedge3.php https://a1.b0e8.com/brightedge3.php https://kyruus-app-static.kyruus.com https://www.beaumont.edu https://www.beaumont.org https://a1.b0e8.com *.sharethis.com 'self' web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com/ https://unpkg.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdn.kyruus.com https://d6tizftlrpuof.cloudfront.net; frame-src https://www.beaumont.org/MyChart/mychart.dev.html https://info.beaumont.org https://www.youtube.com https://d6tizftlrpuof.cloudfront.net https://mroexpress.mrocorp.com https://secure.beaumont.org/ https://w.soundcloud.com/ https://www.google.com https://e.issuu.com https://www.auntbertha.com https://player.vimeo.com https://beaumonthealth.smugmug.com https://www.facebook.com https://platform.twitter.com https://external-stage.beaumont.org *.adsrvr.org https://hemsync.clickagy.com 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.gstatic.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com https://cookie-cdn.cookiepro.com/ https://api.enqbator.com https://doctors.beaumont.org https://maps.googleapis.com https://analytics.google.com https://mroexpress.mrocorp.com https://forms.office.com https://stats.g.doubleclick.net https://adservice.google.com https://www.google.com/pagead/ https://104413.tctm.xyz/ https://104413.tctm.co/ https://104413.cctm.xyz/ https://careers.beaumont.org *.doubleclick.net https://aorta.clickagy.com https://hemsync.clickagy.com 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://info.beaumont.org/ https://secure.beaumont.org 'self' web-chat.nativechat.com 1
frame-ancestors 'self' www.facebook.com www.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.jsdelivr.net *.addsearch.com *.doubleclick.net code.jquery.com translate.google.com www.gstatic.com fonts.gstatic.com *.fontawesome.com *.bootstrapcdn.com www.rumiview.com; script-src-elem  'unsafe-inline' 'self' *.addthis.com *.addthisedge.com code.jquery.com cdn.jsdelivr.net translate.google.com *.googleapis.com *.fontawesome.com assets.adobedtm.com *.fullstory.com fullstory.com js.braintreegateway.com addsearch.com www.google-analytics.com www.googletagmanager.com www.rumiview.com connect.facebook.net www.gstatic.com *.searchcdn.com www.google.com maxcdn.bootstrapcdn.com; script-src  'unsafe-eval' 'unsafe-inline' 'self' *.addthis.com *.addthisedge.com code.jquery.com cdn.jsdelivr.net translate.google.com *.googleapis.com *.fontawesome.com assets.adobedtm.com *.fullstory.com js.braintreegateway.com addsearch.com www.google-analytics.com www.googletagmanager.com www.rumiview.com *.searchcdn.com www.gstatic.com www.google.com maxcdn.bootstrapcdn.com; connect-src 'self' *.addthis.com *.fontawesome.com *.googleapis.com *.bootstrapcdn.com www.google-analytics.com www.nccwebsite.org connect.facebook.net payments.sandbox.braintree-api.com www.googletagmanager.com stats.g.doubleclick.net payments.braintree-api.com client-analytics.braintreegateway.com *.fullstory.com maxcdn.bootstrapcdn.com; style-src-elem 'self' 'unsafe-inline' *.addsearch.com maxcdn.bootstrapcdn.com fonts.googleapis.com netdna.bootstrapcdn.com *.cloudfront.net maxcdn.bootstrapcdn.com; img-src * data: blob:; media-src 'self' s3.amazonaws.com; frame-ancestors 'self'; object-src 'self'; base-uri 'self'; report-uri https://services.spinudev.com/csp/cspreport; worker-src; frame-src 'self' www.facebook.com www.linkedin.com www.youtube.com assets.braintreegateway.com assets.adobedtm.com *.doubleclick.net www.google.com; form-action 'self' *.psionline.com *.psiexams.com; manifest-src 'self' https://www.nccwebsite.org/manifest.json; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.onestopenglish.com; 1
script-src 'self' 'unsafe-inline' https://apis.google.com https://code.jquery.com https://maps.googleapis.com 1
default-src 'self' 'unsafe-inline' blob: data: *.lk-cs.com https://myconsumers.org *.myconsumers.org http://www.myconsumers.org https://woobox.com *.hotjar.com https://*.optimizely.com https://*.s3.amazonaws.com https://tagmanager.google.com https://www.googleadservices.com https://d.impactradius-event.com https://kingsumo.com https://www.livelook.com *.idevdesign.net *.marketo.com consumerscreditunion.mktoweb.com *.marketopreview.com https://lkcssecurehosting.com *.creatio.com https://www.learnaboutmoneymovement.com https://feed.mikle.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com https://*.onlineaccess1.com https://consumer-credit-union.4cna.net https://*.loggly.com https://*.googletagmanager.com *.google-analytics.com https://analytics.google.com https://prod.northstar.ellielabs.com https://*.googlesyndication.com wss://*.hotjar.com *.hotjar.io https://google.com https://cms.myconsumers.org https://widget.ellieservices.com/* https://widget.ellieservices.com/latest/launcher.js https://*.creatio.com https://prod.northstar.ellielabs.com/* https://logx.optimizely.com/* https://logx.optimizely.com/v1/events https://clients.lk-cs.com https://www.google-analytics.com analytics.google.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://protect-us.mimecast.com *.bing.com https://prod.northstar.ellielabs.com https://cms.myconsumers.org https://widget.ellieservices.com/* https://widget.ellieservices.com/latest/launcher.js https://*.creatio.com consumer-credit-union.4cna.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://myconsumers.org https://utt.impactcdn.com https://clients.lk-cs.com/id/62161/custom/rates/ *.googleapis.com *.gstatic.com https://cdnjs.cloudflare.com https://cdn.polyfill.io https://stackpath.bootstrapcdn.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org *.googletagmanager.com *.lk-cs.com *.cobrowse.oraclecloud.com maps.google.com https://static.hotjar.com https://lkcssecurehosting.com https://cdn.optimizely.com https://woobox.com https://kingsumo.com https://*.optimizely.com https://*.hotjar.com https://*.s3.amazonaws.com https://lkcssecurehosting.com https://optimizely.s3.amazonaws.com tagmanager.google.com *.googleadservices.com *.impactradius-event.com *.doubleclick.net *.kingsumo.com *.livelook.com *.marketo.com *.cloudflareinsights.com *.google.com consumerscreditunion.mktoweb.com *.marketopreview.com https://lkcssecurehosting.com https://www.learnaboutmoneymovement.com https://*.mikle.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com https://analytics.google.com https://cucalc.org https://cms.myconsumers.org https://widget.ellieservices.com https://widget.ellieservices.com/latest/launcher.js https://*.creatio.com https://bat.bing.com/ https://stats.g.doubleclick.net https://analytics.google.com https://sjrtp8.marketo.com https://prod.northstar.ellielabs.com consumer-credit-union.4cna.net https://consumer-credit-union.4cna.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com *.twimg.com https://clients.lk-cs.com https://lkcssecurehosting.com https://tagmanager.google.com *.livelook.com https://clients.lk-cs.com data: *.marketo.com *.google.com consumerscreditunion.mktoweb.com *.marketopreview.com https://*.mikle.com http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com https://consumer-credit-union.4cna.net https://*.loggly.com https://www.googletagmanager.com https://cucalc.org consumer-credit-union.4cna.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.cloudfront.net consumerscreditunion.mktoweb.com *.marketopreview.com *.hotjar.com *.marketo.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com; img-src 'self' *.doubleclick.net *.lk-cs.com *.myconsumers.org *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.cobrowse.oraclecloud.com http://www.myconsumers.org platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com consumerscreditunion.mktoweb.com *.marketopreview.com *.marketo.com https://lkcssecurehosting.com https://www.learnaboutmoneymovement.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://*.mktoresp.com http://js.hsforms.net https://forms.hsforms.com https://consumer-credit-union.4cna.net https://*.loggly.com https://*.googletagmanager.com https://consumer-credit-union.4cna.net *.bing.com https://www.ojrq.net https://logs-01.loggly.com; media-src 'self' https://www.learnaboutmoneymovement.com https://lkcssecurehosting.com http://www.myconsumers.org https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com data: blob:; form-action 'self' *.lk-cs.com *.myconsumers.org *.vimeo.com *.youtube.com *.livelook.com consumerscreditunion.mktoweb.com *.marketopreview.com *.marketo.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com consumer-credit-union.4cna.net https://consumer-credit-union.4cna.net; frame-src 'self' data: *.myconsumers.org *.google.com https://*.google.com *.youtube.com https://consumer-credit-union.4cna.net *.cobrowse.oraclecloud.com http://www.myconsumers.org https://lkcssecurehosting.com https://cdn.optimizely.com https://vimeo.com https://woobox.com *.woobox.com *.hotjar.com *.doubleclick.net *.livelook.com https://kingsumo.com https://clients.lk-cs.com consumerscreditunion.mktoweb.com *.marketopreview.com *.marketo.com https://feed.mikle.com https://stats.g.doubleclick.net http://205-afh-840.mktoresp.com http://js.hsforms.net http://*.mktoresp.com https://forms.hsforms.com https://cds-sdkcfg.onlineaccess1.com https://cucalc.org https://prod.northstar.ellielabs.com https://api.elliemae.com https://idp.elliemae.com https://na3.docusign.net https://na.account.docusign.com consumer-credit-union.4cna.net https://platform.twitter.com/; connect-src 'self' https://logx.optimizely.com https://logx.optimizely.com/v1/events https://clients.lk-cs.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://sjrtp8.marketo.com wss://ws.hotjar.com/ https://metrics.hotjar.io/ https://content.hotjar.io/ https://content.hotjar.io/ https://bat.bing.com/ https://bat.bing.com/ consumer-credit-union.4cna.net https://consumer-credit-union.4cna.net https://www.myconsumers.org/; 1
frame-ancestors 'self' *.vendhq.com *.retail.lightspeed.app; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub141debbb5c4dc4c0034c0aedd3e2f56c&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:production; 1
frame-ancestors *.pfister.ch:9002 'self' 1
default-src 'self'; child-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://www.google.com https://www.gstatic.com https://www.recaptcha.net https://www.google.com/recaptcha https://www.gstatic.com/recaptcha https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net/npm/exif-js@2.3.0/exif.min.js https://cdn.jsdelivr.net/npm/uuidv4@6.2.13/build/lib/uuidv4.min.js https://cdnjs.cloudflare.com/ajax/libs/html5-qrcode/1.2.4/html5-qrcode.min.js; img-src 'self' data: https://baggage-files-prod.s3.eu-west-2.amazonaws.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline'  https://cdn.cookielaw.org https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://www.recaptcha.net https://cdn.cookielaw.org; connect-src 'self' https://www.google-analytics.com https://cdn.cookielaw.org https://s3.eu-west-2.amazonaws.com/baggage-files-prod https://wtss-api.mybag.aero; frame-src 'self' https://fonts.gstatic.com https://google.com https://www.recaptcha.net https://recaptcha.google.com/recaptcha https://www.google.com/recaptcha; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'none'; 1
default-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; connect-src https: wss:; form-action 'self' www.facebook.com forms.hsforms.com; object-src 'self'; base-uri 'self'; 1
default-src 'none'; manifest-src 'self'; script-src 'self' 'unsafe-eval' https://app.intotheblock.com https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://code.jquery.com/ https://stackpath.bootstrapcdn.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://www.google.com/ https://cdn.siftscience.com/ https://www.gstatic.com/; object-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://stackpath.bootstrapcdn.com/; img-src 'self' https://v2uploads.zopim.io/ https://rocketlab.g2afse.com/ https://purecatamphetamine.github.io/ https://20841010p.rfihub.com/ data:; media-src 'self' https://static.zdassets.com/; frame-src 'self' https://www.youtube.com/ https://buy.moonpay.com/ https://buy-staging.moonpay.com/ https://buy-sandbox.moonpay.com/ https://pay.testwyre.com/ https://vars.hotjar.com/ https://www.google.com/recaptcha/; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/; connect-src 'self' wss://socket-testing.cryptomkt.com/ https://socket-testing.cryptomkt.com/ wss://socket.cryptomkt.com/ https://socket.cryptomkt.com/ wss://api.exchange.cryptomkt.com/ https://api.exchange.cryptomkt.com/ https://api.intotheblock.com/ https://ekr.zdassets.com/ https://cryptomkt.zendesk.com/ wss://widget-mediator.zopim.com/ https://id.zopim.com/ https://widget-mediator.zopim.com/ https://api-uat.kushkipagos.com/ https://api.kushkipagos.com/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.googletagmanager.com/ https://extend.vimeocdn.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.msecnd.net www.votervoice.net js.usemessages.com js.hscollectedforms.net js.hs-banner.com js-na1.hs-scripts.com 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://forms.hsforms.com 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-ancestors 'self' *.Eventpedia.us https://app.hubspot.com; connect-src accounts.google.com https://www.google-analytics.com *.mktoresp.com *.visualstudio.com *.hubspot.com https://stats.g.doubleclick.net https://forms.hscollectedforms.net 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.votervoice.net app.hubspot.com www.podbean.com 'self' web-chat.nativechat.com; frame-src https://app.hubspot.com 'self' web-chat.nativechat.com https://www.youtube.com https://apis.google.com https://accounts.google.com 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
frame-ancestors *.peugeot.ba *.fiat-bih.ba fiat-bih.ba *.olx.com olx.ba 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; upgrade-insecure-requests 1
"default-src 'self';" always; 1
frame-src 'self' *.eqs.com *.facebook.com *.youtube.com *.equitystory.com *.vimeo.com; default-src  'self' *.eqs.com *.crazyegg.com *.azurewebsites.net *.windows.net data: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' api.mapbox.com *.crazyegg.com *.azurewebsites.net *.windows.net *.eqs.com https:;child-src 'self' blob: data: *.facebook.com *.youtube.com *.azurewebsites.net;style-src 'unsafe-inline' 'self' api.mapbox.com *.crazyegg.com *.azurewebsites.net *.windows.net https:; img-src 'self' blob: data: *.facebook.com *.onetrust.com *.linkedin.com *.twitter.com *.azurewebsites.net *.windows.net t.co *.eqs.com https://www.google.com https://www.google.co.uk *.www.google-analytics.com https://www.google-analytics.com; connect-src 'self' blob: data: *.crazyegg.com *.onetrust.com *.onetrust.com *.mapbox.com *.linkedin.oribi.io https://region1.analytics.google.com https://stats.g.doubleclick.net *.google-analytics.com 1
frame-ancestors 'self' https://*.forbole.com 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; script-src 'self' https: https://matomo.lico.nl/matomo.js 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' ws: wss: https: http://localhost:3035 ws://localhost:3035 ws://dev.lico.nl:3035 ws://code.lico.nl:3035 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.13chats.com https://cdn-cookieyes.com  https://connect.facebook.net https://*.hotjar.com https://www.clarity.ms https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google-analytics.com; object-src 'none'; base-uri 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://cdn.jsdelivr.net https://use.fontawesome.com; report-uri https://proximaresearch.com 1
frame-ancestors https://forestpreservewillcounty-cms.ae-admin.com/ https://forestpreservewillcounty.ae-admin.com/ https://www.reconnectwithnature.org/ 1
script-src 'unsafe-inline' 'unsafe-eval' http: https: data: https://*.thelashlounge.com https://*.newrelic.com  https://*.google.com https://*.googleapis.com https://*.googleanalytics.com https://*.clickdimensions.com https://*.gstatic.com https://checkout.stripe.com; style-src 'unsafe-inline' http: https: data: https://*.thelashlounge.com https://*.googleapis.com https://*.newrelic.com https://*.gstatic.com; img-src http: https: data: https://*.thelashlounge.com; font-src http: https: data:; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com static.hsappstatic.net cdn2.hubspot.net no-cache.hubspot.com js.hscollectedforms.net js.hscta.net api.hubapi.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hubspotfeedback.com feedback.hubapi.com js.hs-banner.com www.googletagmanager.com www.google.com app.hubspot.com www.google-analytics.com snap.licdn.com js.hs-scripts.com tribl.io j.6sc.co static.oktopost.com ssl.google-analytics.com trk.techtarget.com www.clarity.ms js.qualified.com js.zi-scripts.com okt.to googleads.g.doubleclick.net w.clarity.ms tracking.g2crowd.com js.hsforms.com js.hsforms.net www.gstatic.com 516015.fs1.hubspotusercontent-na1.net 19820949.fs1.hubspotusercontent-na1.net play.hubspotvideo.com play.vidyard.com platform.twitter.com connect.facebook.net platform.linkedin.com s3-us-west-2.amazonaws.com js.driftt.com edge.marker.io www.brighttalk.com www.recaptcha.net www.gstatic.cn embed.typeform.com code.jquery.com www.googleadservices.com;; upgrade-insecure-requests 1
frame-ancestors 'self' localhost 1
frame-ancestors 'self' https://*.alpin.de; 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline';img-src  https: data: 1
default-src 'self'; frame-src http: https: *.google.com;img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: *.googletagmanager.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com;connect-src 'self' data: http: https: *.google-analytics.com; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; manifest-src 'self' feed.pghub.io pandg.tapad.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
frame-ancestors 'self' http://www.philips.ca *.philips.com *.philips.ca https://philipsigtdpv.com 1
frame-ancestors 'self' https://manage.rdhmag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' https://pretix.eu https://static.pretix.space; script-src  'self' 'unsafe-eval' https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io; object-src 'none'; frame-src 'self' https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io https://www.youtube-nocookie.com; style-src 'self' 'unsafe-inline' data: https://cdn.pretix.space https://pretix.eu https://static.pretix.space https://support.rami.io; connect-src 'self' https://cdn.pretix.space https://pretix.eu https://static.pretix.space https://support.rami.io ws://support.rami.io; img-src 'self' data: https://cdn.pretix.space https://matomo.rami.io https://pretix.eu https://static.pretix.space https://support.rami.io; font-src 'self' https://pretix.eu https://static.pretix.space; media-src 'self' data: https://cdn.pretix.space https://pretix.eu https://static.pretix.space; form-action 'self' https: https://pretix.eu 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com *.googletagmanager.com https://static.addtoany.com https://graph.facebook.com; style-src 'self' 'unsafe-inline' ; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-JCWSz+tMSFNgwdQ+XtiKqMmiWsLuZDOqZpY43JMzvqrUNUuw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' code.jquery.com www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.google.com browser.sentry-cdn.com rum-static.pingdom.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app b.sf-syn.com; worker-src 'self' blob: data:; prefetch-src 'self'; frame-src 'self' www.google.com; connect-src 'self' *.pingdom.net stats.g.doubleclick.net google-analytics.com *.google-analytics.com; img-src 'self' data: stationerycentral.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com google.com *.google.com dynasend.com *.dynasend.com dynasend.netlify.app b.sf-syn.com; font-src 'self' data: fonts.gstatic.com cloudfront.net *.cloudfront.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app; manifest-src 'self'; style-src 'unsafe-inline' 'self' fonts.gstatic.com fonts.googleapis.com; frame-ancestors 'self'; form-action 'self'; script-src-elem 'self' 'unsafe-inline' code.jquery.com www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com www.google.com browser.sentry-cdn.com rum-static.pingdom.net googletagmanager.com *.googletagmanager.com dynasend.com *.dynasend.com dynasend.netlify.app www.gstatic.com b.sf-syn.com 1
frame-ancestors 'self' https://app.brivity.com https://www.brivity.com 1
connect-src 'self' cdn-eu.cookietractor.com app.cookietractor.com https://gtm.afaforsakring.se graphql.contentful.com hooks.slack.com https://www.youtube-nocookie.com https://in.hotjar.com/api/ https://ask.hotjar.io/api/ https://metrics.hotjar.io https://vc.hotjar.io/ https://surveystats.hotjar.io/ wss://ws.hotjar.com/api/ https://content.hotjar.io/ assets.strossle.com strossle.com bonfire.spklw.com connect.facebook.net www.facebook.com https://afaforsakring.psplugin.com wss://afaforsakring.psplugin.com; child-src https://www.youtube-nocookie.com; frame-src https://www.youtube-nocookie.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.facebook.com/; 1
img-src 'self' d8yi8jifmzjzr.cloudfront.net d1lbs1a20jqs8l.cloudfront.net d2f94ihqbiayoj.cloudfront.net d3geq2kneybzsf.cloudfront.net d2js22npb95j0e.cloudfront.net d39eo07iavn1vt.cloudfront.net https: blob: data:; default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; frame-ancestors www.instantprint.co.uk 1
frame-ancestors https://systest.prophix.com https://webstaging.prophix.com https://*.prophix.com systest.prophix.com preprod.prophix.com https://*.prophix-devops.com https://*.uk.prophix.cloud https://*.us1.prophix.cloud https://*.us2.prophix.cloud https://*.ca.prophix.cloud https://*.eu.prophix.cloud https://*.ap.prophix.cloud https://*.au.prophix.cloud https://*.sa.prophix.cloud https://*.prophix.cloud https://*.prophixdemo.cloud https://*.prophixdemo.com https://*.devops-uat.cloud resources.prophix.com prophix.pathfactory.com prophix.lookbookhq.com https://liveus1-portal.prophix-uat.cloud https://*.prophix-uat.cloud 1
frame-ancestors https://microwave.exactoffice.hu/ https://cellkabel.exactoffice.hu/ https://hirsat.exactoffice.hu/ https://www.cellkabel.hu/ https://www.hirsat.hu/ https://www.micro-wave.hu https://www.kabelszat2002.hu/ https://cellkabel.hu/ https://hirsat.hu/ https://micro-wave.hu https://kabelszat2002.hu/ 1
default-src https: 'unsafe-inline';script-src https: 'unsafe-inline' 'unsafe-eval';img-src https: data: 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.echosdunet.net/report-uri/enforce 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sfml-dev.org www.gstatic.com www.google.com www.google-analytics.com ssl.google-analytics.com; connect-src 'self' www.google-analytics.com; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' *.sfml-dev.org fonts.googleapis.com; media-src https: data:; font-src 'self' fonts.gstatic.com; base-uri 'self'; form-action 'self'; frame-src https: data: 1
base-uri 'self';default-src 'none';script-src 'nonce-QGl8EG3Ecr' 'unsafe-inline';style-src 'nonce-QGl8EG3Ecr' *.3ps.team *.assemblytoolbox.com assemblytoolbox.com fonts.googleapis.com fonts.gstatic.com www.gstatic.com charts.mongodb.com *.microsoftonline.com;img-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com maps.gstatic.com *.googleapis.com maps.google.com *.ggpht.com charts.mongodb.com data: blob: *.microsoftonline.com s3.amazonaws.com *.s3.amazonaws.com;font-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com fonts.googleapis.com fonts.gstatic.com data: *.microsoftonline.com;connect-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com wss://*.assemblytoolbox.com wss://*.pusher.com wss://*.3ps.team maps.googleapis.com maps.google.com *.pusher.com expressentry.melissadata.net wss://*.chime.aws *.chime.aws *.microsoftonline.com;worker-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com blob: *.microsoftonline.com;object-src *.3ps.app *.3ps.team *.assemblytoolbox.com assemblytoolbox.com *.microsoftonline.com;media-src *.3ps.team *.assemblytoolbox.com *.microsoftonline.com assemblytoolbox.com;frame-src *.3ps.team *.assemblytoolbox.com assemblytoolbox.com charts.mongodb.com *.microsoftonline.com;form-action 'self' https: *.servicechannel.com;frame-ancestors 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.cloudflare.com *.cookieyes.com cdn-cookieyes.com *.googleapis.com *.google.com *.youtube.com *.facebook.com numerique.disqus.com *.facebook.net *.gstatic.com *.googletagmanager.com *.pinterest.com *.instagram.com *.numerique.ca *.mamachine *.local *.cdninstagram.com kit.fontawesome.com cdn.jsdelivr.net *.acsbapp.com acsbapp.com *.accessibe.com 67.207.94.120 35.196.122.47; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; object-src 'none'; style-src 'self' 'unsafe-inline' https:; img-src https: data: blob:; frame-src unit4.com *.unit4.com *.adsrvr.org vars.hotjar.com *.driftt.com *.drift.com *.reactful.com unit4.valuestoryapp.com player.vimeo.com vimeo.com www.googletagmanager.com m.youtube.com *.opendns.com gateway.zscloud.net mozbar.moz.com notify.bluecoat.com internetbaik.telkomsel.com *.6sense.com youtube.com www.youtube.com; child-src unit4.com *.unit4.com *.adsrvr.org vars.hotjar.com *.driftt.com *.drift.com *.reactful.com unit4.valuestoryapp.com player.vimeo.com vimeo.com www.googletagmanager.com m.youtube.com *.opendns.com gateway.zscloud.net mozbar.moz.com notify.bluecoat.com internetbaik.telkomsel.com *.6sense.com youtube.com www.youtube.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com api.hubapi.com stats.g.doubleclick.net; script-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com dock.ui.bosch.tech btm.bosch.com js-agent.newrelic.com bam-cell.nr-data.net *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com *.googleapis.com *.gstatic.com *.googleadservices.com googleads.g.doubleclick.net www.youtube.com https://s.ytimg.com js.usemessages.com merch.directpos.de www.computop-paygate.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com *.gstatic.com data:; style-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.googleapis.com 'unsafe-inline'; img-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com *.google-analytics.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.google.com https://i.ytimg.com data:; frame-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com www.youtube.com www.youtube-nocookie.com merch.directpos.de www.computop-paygate.com; connect-src 'self' *.securityandsafetythings.com *.azena.com *.store.boschaftermarket.com *.boschmarketplace.com https://noembed.com https://cdn.plyr.io dock.ui.bosch.tech btm.bosch.com js-agent.newrelic.com bam-cell.nr-data.net *.google.de *.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com api.hubapi.com *.googleadservices.com stats.g.doubleclick.net merch.directpos.de www.computop-paygate.com 1
img-src http: https: data: 1
frame-ancestors 'self' https://magazine.cheex.me https://help.getcheex.com https://social.getcheex.com/ https://social2.getcheex.com 1
frame-ancestors 'self' https://manage.noln.net  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' https://prod.bikinivillage.com https://lver04aapaj15wprod.dxcloud.episerver.net; 1
font-src *.gstatic.com *.carrotquest.app *.flocktory.com streamerce.ru *.loreal.io data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com www.pharmacosmetica.ru *.rigla.ru rigla.ru https://webvisor.com https://*.webvisor.com https://metrika.yandex.ru https://*.yandex.net https://mc.yandex.ru https://mc.yandex.az https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.webvisor.com https://mc.webvisor.org https://yastatic.net 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com www.googletagmanager.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.com makeupstat.ru *.makeupstat.ru *.doubleclick.net *.flocktory.com *.modiface.com *.streamerce.ru *.1dmp.io *.facebook.com *.creativesoldiers.ru *.mail.ru *.adhigh.net *.weborama.fr www.youtube-nocookie.com *.ok.ru *.loreal.com.ru skinq-lamoda-landing.l2.oggettoweb.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com metrica.yandex.ru vk.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com yandex.ru *.yandex.ru *.yandex.net *.google.com *.google.ru *.googletagmanager.com *.maps.yandex.net vk.com *.vk.me *.mail.ru *.mneniya.pro *.carrotquest.app *.carrotquest.io *.mobfox.com *.betweendigital.com *.onaudience.com *.adnxs.com *.digitaltarget.ru *.bestssp.com *.whiteboxdigital.ru *.rutarget.ru *.admixer.net *.1dmp.io *.aidata.io *.weborama.fr *.doubleclick.net *.adriver.ru *.bidswitch.net *.facebook.com flocktory.com *.flocktory.com *.hybrid.ai *.openx.net *.retailrocket.net *.scaletrk.com *.jivosite.com pafutos.com lenkmio.com *.admitad.com *.asbmit.com artfut.com advertising.com *.advertising.com *.adform.net adform.net *.adhigh.net *.mts.ru *.popmechanic.ru *.userapi.com *.360yield.com *.stevensegallery.com streamerce.ru *.analytics.yahoo.com *.rubiconproject.com vichy.ru *.pubmatic.com *.taboola.com *.loreal.io *.smartadserver.com *.gumgum.com blob: *.vichyconsult.ru *.mindbox.ru cstatic.weborama-tech.ru data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com *.mindbox.ru *.yandex.ru *.maps.yandex.net yastatic.net *.yastatic.net *.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.mail.ru vk.com *.facebook.net cdn.jsdelivr.net *.carrotquest.io *.retailrocket.ru *.tkrconnector.com *.artfut.com *.doubleclick.net *.jivosite.com *.youtube.com *.facebook.com *.fbcdn.net *.modiface.com *.cloudflare.com *.carrotquest.app *.carrottrack.io *.nr-data.net flocktory.com *.flocktory.com *.hybrid.ai *.jsdelivr.net *.lenmit.com *.newrelic.com *.retailrocket.net *.ttarget.ru *.unpkg.com *.jquery.com *.popmechanic.ru streamerce.ru dsf-cdn.loreal.io *.loreal.io *.tiktok.com *.weborama.fr *.ok.ru *.loreal.com.ru inside-our-products.wsf-e-loreal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.google.com *.googleapis.com *.jivosite.com wss://*.jivosite.com *.retailrocket.net *.flocktory.com *.googletagmanager.com www.googletagmanager.com *.cloudflare.com *.popmechanic.ru streamerce.ru *.loreal.io *.mindbox.ru *.carrotquest.app 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.jivosite.com *.carrotquest.app *.flocktory.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.mindbox.ru yandex.ru *.yandex.ru *.yandex.net *.google.com *.google.ru *.googleapis.com *.googletagmanager.com *.dadata.ru *.carrotquest.app ws://*.carrotquest.app wss://*.carrotquest.app *.carrotquest.io *.carrottrack.io *.jivosite.com wss://*.jivosite.com *.modiface.com *.doubleclick.net *.retailrocket.net *.mail.ru vk.com *.adhigh.net *.nr-data.net *.hybrid.ai *.weborama.fr *.akamai.com *.facebook.com *.popmechanic.ru streamerce.ru *.loreal.io *.visualstudio.com *.mux.com/ cdn.jsdelivr.net inside-our-products.wsf-e-loreal.com *.carrottrack.app 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' 'unsafe-inline' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-6f317a7d-6047-4ce9-9a0f-41382a15d899' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.ru https://www.googletagmanager.com https://www.google-analytics.com https://points.boxberry.de https://widget.cdek.ru https://api-maps.yandex.ru https://*.maps.yandex.net https://yastatic.net; style-src 'self' 'unsafe-inline' https://points.boxberry.de https://widget.cdek.ru; img-src 'self' data: https://mc.yandex.ru https://www.google-analytics.com https://points.boxberry.de https://api-maps.yandex.ru https://*.maps.yandex.net https://widget.cdek.ru https://pvzimage.cdek.ru; connect-src 'self' https://mc.yandex.ru https://www.google-analytics.com https://widget.cdek.ru https://pim.solvos.ru; font-src 'self' https://fonts.gstatic.com; frame-src https://points.boxberry.de; manifest-src 'self'; 1
child-src *.facebook.com connect.facebook.net ;connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net *.facebook.com connect.facebook.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com *.flockler.com https://*.omappapi.com https://analytics.tiktok.com https://*.cognitoforms.com https://apps.elfsight.com https://cdn.linkedin.oribi.io ;default-src 'self' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com ;font-src 'self' data: https://fonts.gstatic.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io ;form-action 'self' *.facebook.com connect.facebook.net secure.oxfamnovib.nl ;frame-ancestors 'self' ;frame-src 'self' https://bid.g.doubleclick.net https://atlas.oxfamnovib.nl https://11674542.fls.doubleclick.net https://www.google.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.facebook.com connect.facebook.net https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io app.vwo.com *.visualwebsiteoptimizer.com www.youtube.com mchd-1sbqh9xf5gt4z7rdck6c-78.pub.sfmc-content.com https://cloud.supporters.oxfamnovib.nl https://twitframe.com https://platform.twitter.com https://www.anbigift.nl https://actions.oxfam.org ;img-src 'self' data: www.googletagmanager.com  https://ssl.gstatic.com  https://www.gstatic.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.nl https://11674542.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com *.facebook.com *.facebook.net *.fbcdn.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com flockler.com *.flockler.com https://*.omappapi.com https://analytics.twitter.com/ https://t.co/ https://i.ytimg.com https://px.ads.linkedin.com https://www.linkedin.com ;report-uri /cspreport ;script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://graph.facebook.com https://js.facebook.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-eval' *.visualwebsiteoptimizer.com app.vwo.com https://*.optnmnstr.com https://*.omappapi.com ;script-src-elem 'self' https://www.googletagmanager.com https://*.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com/recaptcha/ https://connect.facebook.net https://*.hotjar.com *.visualwebsiteoptimizer.com 'unsafe-inline' *.flockler.com https://*.optnmnstr.com https://*.omappapi.com https://analytics.tiktok.com https://*.cognitoforms.com https://code.jquery.com https://platform.twitter.com https://static.ads-twitter.com https://apps.elfsight.com https://static.elfsight.com https://storage.elfsight.com https://www.youtube.com https://apis.google.com https://snap.licdn.com https://pym.nprapps.org ;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com https://*.omappapi.com ;style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com *.flockler.com https://*.omappapi.com ;worker-src 'self' blob:; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://iframe-mdm.kahlua.com *.sleeknote.com; worker-src blob: 'self' 1
default-src 'self' 'unsafe-inline' *.affinitysolutions.com *.uchooserewards.com *.gstatic.com images.affinitysolutions.com fonts.googleapis.com www.google.com cas-webapp.internal.ondotsystems.com:18226 *.afssn.com; frame-ancestors 'self' 1
base-uri 'self'; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://secure.gravatar.com; media-src 'self'; 1
script-src https://*.lex-com.net/ 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://mykrone.green ; img-src 'self' data:; object-src 'none'; media-src 'none'; child-src 'self' blob: data:; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' frag-einen-anwalt.de *.frag-einen-anwalt.de 123recht.de *.123recht.de wohnungsboerse.net *.wohnungsboerse.net trauer.de *.trauer.de briefeguru.de *.briefeguru.de pflege-durch-angehoerige.de *.pflege-durch-angehoerige.de immobilienscout24.de *.immobilienscout24.de berlin.de *.berlin.de merkur-online.de *.merkur-online.de *.cdn.ampproject.org *.google.de *.google.com merkur-online.de *.merkur-online.de immoverkauf24.de *.immoverkauf24.de; report-uri /include/cspreport.asp 1
default-src * 'unsafe-inline'; img-src * data:; media-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src-elem * 'unsafe-inline'; frame-src *; connect-src *; worker-src * blob: 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz *.seznam.cz admin.sdovolena.cz *.sdovolena.seznam.cz http://sdovolena.seznam.cz https://sdovolena.seznam.cz *.szn.cz *.szn.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com *.sdn.cz *.sdn.cz *.szn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.hit.gemius.pl *.mapy.cz www.googleadservices.com connect.facebook.net www.google-analytics.com https://www.googletagmanager.com/gtag/js *.sdovolena.seznam.cz https://sdovolena.seznam.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' browser.sentry-cdn.com *.sdn.cz *.sdn.cz *.szn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.seznam.cz *.sklik.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.hit.gemius.pl *.mapy.cz www.googleadservices.com connect.facebook.net www.google-analytics.com https://www.googletagmanager.com/gtag/js *.sdovolena.seznam.cz https://sdovolena.seznam.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz 1
frame-ancestors 'self' https://*.irem.org https://app.dev.lobbycre.com https://app.qa.lobbycre.com https://app.staging.lobbycre.com https://app.lobbycre.com; 1
frame-ancestors https://*.builder.io https://builder.io http://localhost:3000 https://*.omgyes.com 1
object-src 'none';script-src 'unsafe-inline' 'unsafe-eval'  https://apis.google.com  https://az416426.vo.msecnd.net  https://www.google.com  https://www.gstatic.com  https://fonts.googleapis.com 'self' 1
default-src 'self' 'self' https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/; img-src 'self' https://www.facebook.com https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://t.co https://*.twitter.com https://www.google-analytics.com https://www.googletagmanager.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://widget.intercom.io/widget/ https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com www.googletagmanager.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net images.prismic.io https://lessonup.cdn.prismic.io *.hsforms.net *.hsforms.com *.hubspot.com cdn2.hubspot.net static.hsappstatic.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net; style-src 'self' unsafe-inline https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ 'unsafe-inline' https://optimize.google.com 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com cloud.typography.com/6162672/684584/css/fonts.css https://www.vangoghmuseum.nl/statics/fonts/796821/50011F6B07DC2A0F8.css https://fonts.googleapis.com/; media-src 'self' https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ https://js.intercomcdn.com; font-src 'self' https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.googleapis.com/; frame-src 'self' https://www.avo.app/ https://webforms.pipedrive.com/ https://vars.hotjar.com/ https://www.facebook.com/tr/ https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://intercom-sheets.com https://js.stripe.com https://hooks.stripe.com youtube.com www.youtube.com *.hsforms.net *.hsforms.com *.hubspot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net https://i.ytimg.com/ https://www.facebook.com/ *.pipedriveassets.com/ https://webforms.pipedrive.com https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ *.googletagmanager.com *.g.doubleclick.net http://*.hotjar.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' https://*.twitter.com https://*.ads-twitter.com 'unsafe-inline' https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com *.googleapis.com *.googleadservices.com 'unsafe-inline' https://www.googletagmanager.com 'self' https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com/iframe_api https://js.stripe.com https://images.prismic.io/ https://lessonup.cdn.prismic.io *.hscollectedforms.net *.hsleadflows.net *.hsadspixel.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.usemessages.com *.hs-banner.net *.hubspotfeedback.com static.hsappstatic.net *.hsforms.net *.hsforms.com *.hubspot.com cdn2.hubspot.net; connect-src 'self' https://api.avo.app/ https://collector.test.lessonup.dev https://collector.lessonup.com/ https://stats.g.doubleclick.net https://collector.test.lessonup.com https://vc.hotjar.io/ ws://localhost:3200/site https://in.hotjar.com/api/ https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://optimize.google.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://api-iam.intercom.io/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://api.stripe.com *.hubapi.com *.hsforms.net *.hsforms.com *.hubspot.com *.hscollectedforms.net; child-src 'self' https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://intercom-sheets.com; form-action 'self' https://www.facebook.com/ https://*.lessonup.com *.lessonup.com http://localhost:3100/ http://localhost:3050/ http://localhost:3000/ http://localhost:3002/ http://localhost:3200/ https://test.lessonup.dev/ https://staging.lessonup.com/ https://lessonup.com/ https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io *.hsforms.net *.hsforms.com *.hubspot.com 1
frame-ancestors 'self' kedge.edu *.kedge.edu; 1
default-src 'self' *.visla.us wss://*.visla.us *.s3.us-west-2.amazonaws.com *.google-analytics.com *.analytics.google.com *.intercom.io wss://*.intercom.io *.intercomcdn.com; style-src 'self' *.visla.us 'unsafe-inline' *.typeform.com; script-src 'self' 'unsafe-inline' *.visla.us apis.google.com accounts.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.g.doubleclick.net *.getreditus.com *.intercom.io *.intercomcdn.com *.typeform.com; connect-src 'self' * *.visla.us *.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.getreditus.com; frame-src 'self' accounts.google.com td.doubleclick.net visla://record *.visla.us *.vislaus.cn *.youtube.com intercom-sheets.com *.typeform.com; font-src 'self' data: fonts.gstatic.com fonts.intercomcdn.com; img-src 'self' data: * *.s3.us-west-2.amazonaws.com *.vimeocdn.com pixabay.com *.pexels.com *.googleusercontent.com *.producthunt.com *.googletagmanager.com *.google-analytics.com *.getreditus.com; media-src 'self' *.visla.us blob: *.s3.us-west-2.amazonaws.com *.vimeo.com pixabay.com vod-progressive.akamaized.net *.intercomcdn.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' https://*.bedfordborough.gov.uk; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://*.cloudfront.net https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://acsbapp.com https://accessibe.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; img-src 'self' https://www.gstatic.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com data:; font-src 'self' https://use.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://player.vimeo.com https://www.google.com https://referral01.elara.com https://referral01.elarastaging.wpengine.com; worker-src 'self' blob:; connect-src 'self' https://cdn.acsbapp.com https://www.google-analytics.com https://maps.googleapis.com https://olivia.paradox.ai; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://vercel.live https://network.us20.list-manage.com;object-src 'none';base-uri 'self';form-action 'self';frame-ancestors 'none';upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com polyfill.io static.addtoany.com unpkg.com themes.googleusercontent.com www.facebook.com connect.facebook.net www.youtube-nocookie.com kuhn.piwik.pro kuhn.containers.piwik.pro *.youtube.com cdn.ckeditor.com cxppusa1formui01cdnsa01-endpoint.azureedge.net *.dynamics.com www.google.com www.google.fr *.gstatic.com data: send.hsbrowserreports.com static.hsappstatic.net *.hs-scripts.com *.hs-banner.com *.hscollectedforms.net *.hs-analytics.net *.hsadspixel.net *.hsleadflows.net *.hsforms.com *.hsforms.net *.hubapi.com *.hubspot.com www.googletagmanager.com *.doubleclick.net *.ytimg.com *.genial.ly *.kuhn.com www.google.com/recaptcha www.gstatic.com/recaptcha www.googleadservices.com *.genially.com; font-src 'self' kuhn.containers.piwik.pro; frame-src 'self' insight.adsrvr.org static.addtoany.com www.youtube-nocookie.com *.doubleclick.net www.google.com *.google.com/recaptcha *.genial.ly *.genially.com; img-src 'self' fmgaggi.com kuhn.containers.piwik.pro *.amazonaws.com *.hsforms.com *.hsforms.net *.hubspot.com www.facebook.com *.gstatic.com *.doubleclick.net maps.googleapis.com data: *.dynamics.com cxppusa1formui01cdnsa01-endpoint.azureedge.net img.youtube.com; style-src 'self' cdn.ckeditor.com fonts.googleapis.com kuhn.containers.piwik.pro https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' data: *.topachat.com *.groupe-ldlc.com *.affilae.com www.recaptcha.net www.gstatic.com wss:;img-src 'self' blob: *.topachat.com i.ytimg.com data:;frame-ancestors 'self'; 1
frame-ancestors 'self' https://*.moody.edu 1
frame-ancestors *; report-uri /report-csp-violation 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net *.google-analytics.com https://google.com https://www.google.com https://www.gstatic.com https://www.youtube.com https://www.youtube-nocookie.com gist.github.com https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://github.githubassets.com https://cdnjs.cloudflare.com;img-src 'self' data: https://cdndn.s3.us-west-1.amazonaws.com;font-src 'self' https://fonts.gstatic.com;connect-src 'self';media-src 'self' data: https://cdndn.s3.us-west-1.amazonaws.com;object-src 'none';child-src 'self';frame-src 'self' https://google.com https://www.google.com https://www.youtube-nocookie.com;frame-ancestors 'self';form-action 'self';base-uri 'self' 1
default-src 'self' https: blob: https://client-api.arkoselabs.com/ https://check3.tiaabank.com/ https://h.online-metrix.net/ https://12761246.fls.doubleclick.net/ https://td.doubleclick.net/ https://www.google.com/ https://cdn-prod.securiti.ai/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://analytics.google.com/ https://ad.doubleclick.net/ https://px.ads.linkedin.com/ https://assets.contentstack.io/ https://ingesteer.services-prod.nsvcs.net/ https://app.netlify.com/ https://gateway.zscalertwo.net/ https://www.googletagmanager.com/ https://content.hotjar.io/ https://metrics.hotjar.io/ wss://ws.hotjar.com/ https://app.securiti.ai/ https://stats.g.doubleclick.net *.fiscloudservices.com apps.mypurecloud.com; script-src 'self' 'unsafe-eval' 'nonce-YzE1MGUwYjMtOWEyZi00NDJiLTljNDQtMDI5MDQzZDg1ZGMy' 'unsafe-inline' 'strict-dynamic' https://check3.tiaabank.com/; script-src-elem 'self' 'unsafe-inline' https: assets.contentstack.io netlify-cdp-loader.netlify.app netlify-rum.netlify.app client-api.arkoselabs.com gateway.zscalertwo.net www.googletagmanager.com cdn-prod.securiti.ai static.hotjar.com snap.licdn.com bat.bing.com googleads.g.doubleclick.net connect.facebook.net script.hotjar.com check3.tiaabank.com action.dstillery.com action.media6degrees.com www.googleadservices.com players.brightcove.net; style-src 'self' 'nonce-YzE1MGUwYjMtOWEyZi00NDJiLTljNDQtMDI5MDQzZDg1ZGMy'; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://cdn-prod.securiti.ai/ https://gateway.zscalertwo.net/ https://www.googletagmanager.com/ https://cdn-prod.securiti.ai/ https://static.hotjar.com/ https://snap.licdn.com/ https://bat.bing.com/ https://googleads.g.doubleclick.net/ https://action.dstillery.com https://www.googleadservices.com/ https://action.media6degrees.com/ https://www.googleadservices.com/; img-src 'self' blob: data: https: images.contentstack.io check3.tiaabank.com ad.doubleclick.net www.google.com www.googletagmanager.com px.ads.linkedin.com bat.bing.com www.facebook.com www.linkedin.com *.d.aa.online-metrix.net gateway.zscalertwo.net action.dstillery.com www.googleadservices.com apply.everbank.com action.media6degrees.com metrics.brightcove.com; font-src 'self' data:; object-src 'self' blob:; base-uri 'self'; form-action *; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; frame-src 'self' 'nonce-YzE1MGUwYjMtOWEyZi00NDJiLTljNDQtMDI5MDQzZDg1ZGMy' https: https://app.netlify.com/ https://client-api.arkoselabs.com/ https://gateway.zscalertwo.net/ https://12761246.fls.doubleclick.net/ https://td.doubleclick.net/ https://check3.tiaabank.com/ https://h.online-metrix.net/ https://tiaacref.locatorsearch.net/ https://0.fls.doubleclick.net/ apps.mypurecloud.com; connect-src 'self' wss: https: cdn-prod.securiti.ai app.securiti.ai ws.hotjar.com *.hotjar.io px.ads.linkedin.com www.google.com check3.tiaabank.com ingesteer.services-prod.nsvcs.net googleads.g.doubleclick.net www.google-analytics.com analytics.google.com bat.bing.com apply.everbank.com stats.g.doubleclick.net vc.hotjar.io *.algolia.net insights.algolia.io ookh1nfe65-2.algolianet.com ookh1nfe65-1.algolianet.com ookh1nfe65-3.algolianet.com edge.api.brightcove.com; 1
default-src https: wss: http:; child-src 'self' http://www.youtube.com https://www.youtube.com http://www.google.com/ https://www.google.com/ http://www.google.com/maps/ https://www.google.com/maps/ http://www.opinionstage.com/polls/ https://www.opinionstage.com/polls/ http://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/anchor http://www.google.com/recaptcha/api2/bframe https://www.google.com/recaptcha/api2/bframe http://player.vimeo.com/ https://player.vimeo.com/ http://stage.midas-pps.tractivity.co.uk/ https://stage.midas-pps.tractivity.co.uk/ *.cloudfront.net/butotv/live/ https://y84kj.videomarketingplatform.co/ http://www.facebook.com/ https://www.facebook.com/ http://www.instagram.com/ https://www.instagram.com/ *.stockport.gov.uk *.smbcdigital.net http://stockportmaps.github.io https://stockportmaps.github.io blob: http://vars.hotjar.com/ https://vars.hotjar.com/ http://embed.buto.tv/ https://embed.buto.tv/ http://butoembed.twentythree.net/ https://butoembed.twentythree.net/ http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com http://my.matterport.com https://my.matterport.com; font-src 'self' http://font.googleapis.com https://font.googleapis.com http://maxcdn.bootstrapcdn.com/font-awesome/ https://maxcdn.bootstrapcdn.com/font-awesome/ http://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ http://kit.fontawesome.com/ https://kit.fontawesome.com/ http://ka-p.fontawesome.com/ https://ka-p.fontawesome.com/ http://fonts.gstatic.com/ https://fonts.gstatic.com/ http://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ https://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ http://design-system.stockport.gov.uk/ https://design-system.stockport.gov.uk/ http://static.tacdn.com https://static.tacdn.com data: http://s3-eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com http://api.reciteme.com/assets/ https://api.reciteme.com/assets/; img-src 'self' http://khms0.googleapis.com https://khms0.googleapis.com http://khms1.googleapis.com https://khms1.googleapis.com http://geo0.ggpht.com https://geo0.ggpht.com http://geo1.ggpht.com https://geo1.ggpht.com http://geo2.ggpht.com https://geo2.ggpht.com http://geo3.ggpht.com https://geo3.ggpht.com http://cbks0.googleapis.com https://cbks0.googleapis.com http://csi.gstatic.com https://csi.gstatic.com http://maps.gstatic.com https://maps.gstatic.com http://maps.googleapis.com https://maps.googleapis.com http://images.contentful.com/ https://images.contentful.com/ http://images.ctfassets.net https://images.ctfassets.net http://www.google-analytics.com/r/collect https://www.google-analytics.com/r/collect http://www.google-analytics.com/collect https://www.google-analytics.com/collect http://stats.g.doubleclick.net/r/collect https://stats.g.doubleclick.net/r/collect http://s3-eu-west-1.amazonaws.com/ https://s3-eu-west-1.amazonaws.com/ http://maps.stockport.gov.uk/ https://maps.stockport.gov.uk/ http://interactive.stockport.gov.uk/ https://interactive.stockport.gov.uk/ http://ads.astuntechnology.com/ https://ads.astuntechnology.com/ http://s3-eu-west-1.amazonaws.com/ https://s3-eu-west-1.amazonaws.com/ http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ http://customer.cludo.com/img/ https://customer.cludo.com/img/ http://uk1.siteimprove.com/ https://uk1.siteimprove.com/ http://stockportb.logo-net.co.uk/ https://stockportb.logo-net.co.uk/ http://cloudfront.net/butotv/ https://cloudfront.net/butotv/ data: http://www.tripadvisor.co.uk/ https://www.tripadvisor.co.uk/ http://syndication.twitter.com/i/ https://syndication.twitter.com/i/ http://platform.twitter.com/css/ https://platform.twitter.com/css/ http://pbs.twimg.com/ https://pbs.twimg.com/ http://1.bp.blogspot.com/-v6yARqgGaBc/WKL2ZtO9lhI/AAAAAAAAEDU/0CJfMgpdnWg0i6-Wd87E1vTtdKk4TeikQCLcB/s1600/Fake-or-Counterfeit-Bathmate-Pumps.png https://1.bp.blogspot.com/-v6yARqgGaBc/WKL2ZtO9lhI/AAAAAAAAEDU/0CJfMgpdnWg0i6-Wd87E1vTtdKk4TeikQCLcB/s1600/Fake-or-Counterfeit-Bathmate-Pumps.png http://content.govdelivery.com/attachments/fancy_images/UKSMBC/2018/01/1741761/reviewoverlay_original.png https://content.govdelivery.com/attachments/fancy_images/UKSMBC/2018/01/1741761/reviewoverlay_original.png http://app.meetami.ai https://app.meetami.ai *.cloudfront.net/butotv/live/ http://www.facebook.com/ https://www.facebook.com/ *.siteimproveanalytics.io/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ blob: http://spatial.stockport.gov.uk/ https://spatial.stockport.gov.uk/ http://ssl.gstatic.com/ https://ssl.gstatic.com/ http://www.gstatic.com/ https://www.gstatic.com/ http://lh3.googleusercontent.com/ https://lh3.googleusercontent.com/ http://api.reciteme.com/ https://api.reciteme.com/ http://aomg-sr-app-live.s3.eu-west-1.amazonaws.com/ https://aomg-sr-app-live.s3.eu-west-1.amazonaws.com/ http://forms.hsforms.com https://forms.hsforms.com http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com; style-src 'self' 'unsafe-inline' http://cludo.com/css/ https://cludo.com/css/ http://customer.cludo.com/css/ https://customer.cludo.com/css/ http://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ https://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ http://s3-eu-west-1.amazonaws.com/ https://s3-eu-west-1.amazonaws.com/ http://maxcdn.bootstrapcdn.com/font-awesome/ https://maxcdn.bootstrapcdn.com/font-awesome/ http://kit.fontawesome.com/ https://kit.fontawesome.com/ http://ka-p.fontawesome.com/ https://ka-p.fontawesome.com/ http://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ http://fonts.googleapis.com/ https://fonts.googleapis.com/ http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ http://maps.stockport.gov.uk/ https://maps.stockport.gov.uk/ http://design-system.stockport.gov.uk/ https://design-system.stockport.gov.uk/ http://cloudfront.net/butotv/ https://cloudfront.net/butotv/ http://tripadvisor.com https://tripadvisor.com http://tripadvisor.co.uk https://tripadvisor.co.uk http://static.tacdn.com https://static.tacdn.com data: http://platform.twitter.com/css/ https://platform.twitter.com/css/ http://stockportb.logo-net.co.uk/Delivery/ https://stockportb.logo-net.co.uk/Delivery/ *.cloudfront.net/butotv/live/ http://tagmanager.google.com/ https://tagmanager.google.com/ http://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.css http://unpkg.com/ https://unpkg.com/ http://api.mapbox.com/ https://api.mapbox.com/ http://api.reciteme.com/ https://api.reciteme.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/ http://maps.googleapis.com https://maps.googleapis.com http://apis.google.com https://apis.google.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js http://tagmanager.google.com/ https://tagmanager.google.com/ http://api.cludo.com/scripts/ https://api.cludo.com/scripts/ http://customer.cludo.com/scripts/ https://customer.cludo.com/scripts/ http://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ https://cdnjs.cloudflare.com/ajax/libs/cookieconsent2/ http://design-system.stockport.gov.uk/ https://design-system.stockport.gov.uk/ http://s3.eu-west-1.amazonaws.com/ https://s3.eu-west-1.amazonaws.com/ http://maps.stockport.gov.uk/ https://maps.stockport.gov.uk/ http://js.buto.tv/video/ https://js.buto.tv/video/ http://siteimproveanalytics.com/js/ https://siteimproveanalytics.com/js/ http://logo-net.co.uk/Delivery/ https://logo-net.co.uk/Delivery/ http://www.opinionstage.com/assets/loader.js https://www.opinionstage.com/assets/loader.js http://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/api.js http://www.gstatic.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ http://d26b395fwzu5fz.cloudfront.net/keen-tracking-1.1.3.min.js https://d26b395fwzu5fz.cloudfront.net/keen-tracking-1.1.3.min.js http://www.jscache.com/ https://www.jscache.com/ http://tripadvisor.com https://tripadvisor.com http://tripadvisor.co.uk https://tripadvisor.co.uk http://static.tacdn.com https://static.tacdn.com http://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js https://cdnjs.cloudflare.com/ajax/libs/clipboard.js/1.7.1/clipboard.min.js http://platform.twitter.com/ https://platform.twitter.com/ http://cdn.syndication.twimg.com/timeline/ https://cdn.syndication.twimg.com/timeline/ http://platform.twitter.com/css/ https://platform.twitter.com/css/ http://local.tractivity.co.uk/wp-includes/js/ https://local.tractivity.co.uk/wp-includes/js/ http://stage.midas-pps.tractivity.co.uk/ https://stage.midas-pps.tractivity.co.uk/ http://content.govdelivery.com/overlay/js/4939.js https://content.govdelivery.com/overlay/js/4939.js http://core-api-eu1.cludo.com/ https://core-api-eu1.cludo.com/ http://app.meetami.ai/ https://app.meetami.ai/ http://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ https://stockportgov-design-system.s3-eu-west-1.amazonaws.com/ wss://chat.meetami.ai/ wss://chat.meetami.ai/socket.io/ http://cdn.trackjs.com/releases/current/tracker.js https://cdn.trackjs.com/releases/current/tracker.js http://feed2js.org/feed2js.php https://feed2js.org/feed2js.php http://connect.facebook.net/ https://connect.facebook.net/ http://widget.wheredoivote.co.uk/ https://widget.wheredoivote.co.uk/ http://static.hotjar.com/ https://static.hotjar.com/ http://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js http://unpkg.com/ https://unpkg.com/ http://api.mapbox.com/ https://api.mapbox.com/ http://script.hotjar.com/ https://script.hotjar.com/ http://spatialgeojson.s3.eu-west-1.amazonaws.com https://spatialgeojson.s3.eu-west-1.amazonaws.com http://spatialgeojson.s3-eu-west-1.amazonaws.com https://spatialgeojson.s3-eu-west-1.amazonaws.com http://www.browsealoud.com/ https://www.browsealoud.com/ http://plus.browsealoud.com/ https://plus.browsealoud.com/ http://speech.speechstream.net/ https://speech.speechstream.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://api.reciteme.com https://api.reciteme.com http://js-eu1.hsforms.net https://js-eu1.hsforms.net http://js-eu1.hs-scripts.com https://js-eu1.hs-scripts.com http://js-eu1.hscollectedforms.net https://js-eu1.hscollectedforms.net http://js-eu1.hs-analytics.net https://js-eu1.hs-analytics.net http://js-eu1.hs-banner.com https://js-eu1.hs-banner.com http://js-eu1.hsadspixel.net https://js-eu1.hsadspixel.net http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com http://www.freeprivacypolicy.com https://www.freeprivacypolicy.com; connect-src 'self' http://api.cludo.com/ https://api.cludo.com/ http://buto-ping-middleman.buto.tv/ https://buto-ping-middleman.buto.tv/ http://kinesis-ping-middleman.buto.tv https://kinesis-ping-middleman.buto.tv http://kinesis.eu-west-1.amazonaws.com/ https://kinesis.eu-west-1.amazonaws.com/ http://zldiarvaya.execute-api.eu-west-1.amazonaws.com/prod/ https://zldiarvaya.execute-api.eu-west-1.amazonaws.com/prod/ http://13bg9nmobj.execute-api.eu-west-1.amazonaws.com/production/player-analytics https://13bg9nmobj.execute-api.eu-west-1.amazonaws.com/production/player-analytics http://core-api-eu1.cludo.com/ https://core-api-eu1.cludo.com/ http://api-eu1.cludo.com/ https://api-eu1.cludo.com/ http://event-collector.buto.tv/ https://event-collector.buto.tv/ http://app.meetami.ai/ https://app.meetami.ai/ http://chat.meetami.ai/ https://chat.meetami.ai/ wss://chat.meetami.ai/ wss://chat.meetami.ai/socket.io/ http://localhost/sitereplier/chats/enabled/ https://localhost/sitereplier/chats/enabled/ *.stockport.gov.uk *.smbcdigital.net http://api.mapbox.com/ https://api.mapbox.com/ http://events.mapbox.com/ https://events.mapbox.com/ http://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css http://kit.fontawesome.com/ https://kit.fontawesome.com/ http://api.buto.tv/ https://api.buto.tv/ http://spatialgeojson.s3.eu-west-1.amazonaws.com https://spatialgeojson.s3.eu-west-1.amazonaws.com http://spatialgeojson.s3-eu-west-1.amazonaws.com https://spatialgeojson.s3-eu-west-1.amazonaws.com http://report.23video.com/ https://report.23video.com/ http://plus.browsealoud.com/ https://plus.browsealoud.com/ http://www.browsealoud.com/ https://www.browsealoud.com/ http://speech.speechstream.net/ https://speech.speechstream.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ http://region1.google-analytics.com/g/collect https://region1.google-analytics.com/g/collect http://maps.googleapis.com https://maps.googleapis.com http://stats.reciteme.com https://stats.reciteme.com http://api.reciteme.com https://api.reciteme.com http://s3.eu-west-1.amazonaws.com/maps.stockport.gov.uk/ https://s3.eu-west-1.amazonaws.com/maps.stockport.gov.uk/ http://raw.githubusercontent.com/OrdnanceSurvey/ https://raw.githubusercontent.com/OrdnanceSurvey/ http://api.os.uk/ https://api.os.uk/ http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com http://forms.hsforms.com https://forms.hsforms.com http://forms-eu1.hscollectedforms.net https://forms-eu1.hscollectedforms.net http://api-eu1.hubapi.com https://api-eu1.hubapi.com http://hubspot-forms-static-embed-eu1.s3.amazonaws.com/ https://hubspot-forms-static-embed-eu1.s3.amazonaws.com/; media-src 'self' blob: http://www.youtube.com/ https://www.youtube.com/ *.cloudfront.net/butotv/live/ http://wpc.196c.planetstream.net/00196C/audio/ https://wpc.196c.planetstream.net/00196C/audio/ http://app.meetami.ai/ https://app.meetami.ai/ *.meetami.ai/ http://api.reciteme.com/ https://api.reciteme.com/; object-src 'self' http://www.youtube.com https://www.youtube.com http://www.youtube.com https://www.youtube.com; manifest-src 'self' http://localhost:5000/assets/images/ui-images/sg/manifest.json https://localhost:5000/assets/images/ui-images/sg/manifest.json; frame-ancestors 'self' *.stockport.gov.uk *.smbcdigital.net *.meetami.ai/ *.chat.meetami.ai/ http://forms.stockport.gov.uk https://forms.stockport.gov.uk http://app.contentful.com https://app.contentful.com http://forms-eu1.hsforms.com https://forms-eu1.hsforms.com http://my.matterport.com https://my.matterport.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-Nzg4YmU3YWI4ZjFkNGY2MDlmZDExZmVhZTBlOGNjODk=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.regelhulp.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.regelhulp.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.regelhulp.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' https://content-eu-1.content-cms.com https://cdn.plyr.io https://consent.trustarc.com http://consent-pref.trustarc.com https://onetag-sys.com https://www.youronlinechoices.com https://insight.adsrvr.org https://eb2.3lift.com https://analytic.underarmour.com https://dpm.demdex.net https://www.facebook.com https://cm.everesttech.net https://tr-shadow.snapchat.com https://tr.snapchat.com 'unsafe-inline'; script-src 'self' https://content-eu-1.content-cms.com https://consent.trustarc.com http://consent.trustarc.com https://cdn.plyr.io http://assets.adobedtm.com https://sc-static.net https://analytics.tiktok.com https://connect.facebook.net https://tr-shadow.snapchat.com https://tr.snapchat.com 'unsafe-inline' 'unsafe-eval'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' https://underarmourinc.demdex.net https://consent-pref.trustarc.com https://tr-shadow.snapchat.com https://tr.snapchat.com https://www.facebook.com/; img-src 'self' data: https://content-eu-1.content-cms.com https://consent.trustarc.com http://consent.trustarc.com https://cdn.plyr.io https://www.facebook.com http://analytic.underarmour.com https://cm.everesttech.net https://analytics.underarmour.com https://dpm.demdex.net; connect-src 'self' https://analytics.pangle-ads.com/api/v2/pangle_pixel https://content-eu-1.content-cms.com https://localhost:3030 https://consent.trustarc.com http://consent.trustarc.com https://cdn.plyr.io/ https://x91o30go6a.execute-api.eu-west-1.amazonaws.com https://s2dl86f4p2.execute-api.eu-west-1.amazonaws.com https://dpm.demdex.net https://analytic.underarmour.com https://analytics.tiktok.com https://tr-shadow.snapchat.com https://tr.snapchat.com https://tr6.snapchat.com; 1
worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *.adsrvr.org pghub.io *.google.com www.gstatic.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.flashtalking.com *.pghub.io *.adsrvr.org consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org feed.pghub.io ; default-src 'none' feed.pghub.io pandg.tapad.com ; connect-src 'self' *.cookielaw.org *.google-analytics.com *.contentful.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' https://*.arnette.com https://*.luxottica.com https://*.essilorluxottica.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.ahfproducts.com *.dev.ahfproducts.com *.youtube.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.addthis.com *.addthisedge.com *.moatads.com *.hs-scripts.com *.hsforms.net *.hsforms.com *.getcandid.com *.hsadspixel.net *.hs-banner.com *.hsleadflows.net *.hscollectedforms.net *.hs-analytics.net content-getcandid.netdna-ssl.com googleads.g.doubleclick.net *.8x8.com widgets.pinterest.com *.roomvo.com *.bruce.com *.hartco.com *.robbins.com *.ahfcontract.com *.armstrongflooring.com *.tmbrflooring.com *.usemessages.com sibforms.com widget.tagembed.com cdn.tagembed.com kit.fontawesome.com cdn.oribi.io vidassets.terminus.services snap.licdn.com pi.pardot.com; frame-src 'self'  *.youtube.com *.addthis.com *.getcandid.com *.facebook.com *.8x8.com *.roomvo.com *.hsforms.com *.google.com sibforms.com; object-src 'self' 1
script-src 'unsafe-inline' self; 1
default-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.powerreviews.com https://*.salemove.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bland.starone.org https://h.online-metrix.net https://*.salemove.com https://*.glia.com https://glia-applets.com https://www.google.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.powerreviews.com https://*.newtonsoftware.com https://recruitingbypaycor.com https://*.visualcalc.com https://*.checkout.visa.com https://*.locatorsearch.com https://*.salemove.com wss://*.salemove.com https://addsearch.com https://*.searchcdn.com blob: https://www.starone.org; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.typekit.net; style-src 'self' 'unsafe-inline' https://*.salemove.com https://*.glia.com https://glia-applets.com https://*.powerreviews.com https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://www.starone.org https://*.typekit.net https://fonts.googleapis.com https://*.powerreviews.com https://*.salemove.com https://*.addsearch.com https://*.cloudfront.net; connect-src 'self' blob: data: https://www.starone.org https://starone.org wss://127.0.0.1:* https://bland.starone.org https://*.online-metrix.net https://starone.org https://*.powerreviews.com https://analytics.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://*.salemove.com wss://*.salemove.com https://*.glia.com https://glia-applets.com wss://*.glia.com https://*.twilio.com wss://*.twilio.com; img-src 'self' blob: data: https://bland.starone.org https://*.online-metrix.net https://aa.trkn.us https://content-cdn.com  https://res.cloudinary.com https://*.powerreviews.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.locatorsearch.com https://*.salemove.com https://*.glia.com https://glia-applets.com https://addsearch.com https://*.addsearch.com https://*.cloudfront.net; frame-src 'self' https://bland.starone.org https://h.online-metrix.net https://campaign.documatix.com  https://mortgage.starone.org https://www.youtube.com https://recruitingbypaycor.com https://*.newtonsoftware.com https://*.doubleclick.net https://*.locatorsearch.com; media-src 'self' https://*.salemove.com https://*.glia.com https://glia-applets.com https://*.powerreviews.com 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests ; default-src 'self' https://forms.hsforms.com https://*.lottiefiles.com https://www.google-analytics.com https://api.lever.co; font-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com data: 'unsafe-inline' https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://youtube.com https://open.spotify.com https://player.vimeo.com; img-src 'self' data: https://secure.gravatar.com https://forms.hsforms.com https://forms-na1.hsforms.com https://googletagmanager.com https://i.vimeocdn.com/ https://www.googletagmanager.com; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' https://leolabs.space https://www.leolabs.space https://www.googletagmanager.com https://unpkg.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://www.bugherd.com https://js.hsforms.net 'unsafe-eval' https://player.vimeo.com https://andreasmb.github.io  https://youtube.com https://www.youtube.com; style-src 'self' https://cdnjs.cloudflare.com https://unpkg.com https://stackpath.bootstrapcdn.com 'unsafe-inline' https://fonts.googleapis.com; 1
base-uri 'self'; default-src 'self' *.google-analytics.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net alt.khronos.org www.ssa.gov  cdn.mathjax.org www.opengl.org *.gstatic.com unpkg.com www.recaptcha.net *.disquscdn.com *.disqus.com *.google.com www.google-analytics.com *.cloudflare.com acsbapp.com *.googleapis.com *.bootstrapcdn.com www.recaptcha.n *.googletagmanager.com googleadmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net alt.khronos.org  www.ssa.gov  cdn.mathjax.org *.gstatic.com www.recaptcha.net *.polyfill.io *.disquscdn.com *.disqus.com *.googleapis.com *.bootstrapcdn.com www.recaptcha.net img.shields.io unpkg.com cdnjs.cloudflare.com   www.youtube.com; style-src 'self' 'unsafe-inline' www.ssa.gov use.fontawesome.com fonts.googleapis.com *.bootstrapcdn.com platform.twitter.com *.google.com  *.cloudflare.com *.disquscdn.com; frame-ancestors 'self'; frame-src 'self' cx20.github.io cdn.knightlab.com www.youtube-nocookie.com tamrat-b.github.io  sketchfab.com *.babylonjs.com disqus.com  www.recaptcha.net www.youtube.com *.google.com; img-src 'self' data: blob: avatars.githubusercontent.com www.ssa.gov  wikimedia.org *.disquscdn.com *.disqus.com *.gstatic.com *.googleapis.com github.com cdn.khronos.org img.shields.io *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; child-src 'self' www.youtube.com; object-src  data: *.github.io *.babylonjs.com; connect-src blob: 'self' api.github.com alt.khronos.org *.google-analytics.com *.analytics.google.com analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; form-action 'self' www.paypal.com cdn.khronos.org ;font-src 'self' data: fonts.gstatic.com use.fontawesome.com; 1
default-src 'self'; style-src * 'unsafe-inline'; img-src * 'self' data:; media-src * 'self'; font-src * 'self' data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'self'; frame-src * 'self'; worker-src * 'self' blob: 1
script-src 'sha256-9+E4OlpS7bdUe51C5Qrvb2ds1+okAVVSUA/7ILZ0A14=' 'self' https://*.stripe.com; child-src 'none'; connect-src https://*.stripe.com 'self' https://*.iubenda.com https://*.pwnedpasswords.com https://www.federacy.report; default-src 'none'; font-src 'self' https://*.gstatic.com data:; frame-src https://*.stripe.com 'self'; img-src https://*.stripe.com 'self' data:; manifest-src 'none'; media-src 'none'; object-src 'none'; style-src https://*.googleapis.com 'unsafe-inline' 'self'; worker-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action https://*.federacy.com; report-uri https://1392f01d6bc3000db9255bc87fe01447.report-uri.com/r/d/csp/enforce 1
default-src 'self' ws: wss: data:;              script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hsforms.net *.hsforms.com js.monitor.azure.com bugherd-attachments.s3.amazonaws.com https://www.gstatic.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://dl.episerver.net *.hotjar.com *.hotjar.io *.youtube.com *.ytimg.com *.google-analytics.com *.googleapis.com *.google.com *.sketchfab.com up.pixel.ad *.bugherd.com  *.cloudfront.net *.licdn.com *.adsymptotic.com *.googletagmanager.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' bugherd-attachments.s3.amazonaws.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://dl.episerver.net *.hotjar.com *.hotjar.io *.youtube.com *.ytimg.com *.google-analytics.com *.googleapis.com *.google.com *.sketchfab.com up.pixel.ad *.bugherd.com  *.cloudfront.net *.licdn.com *.adsymptotic.com *.googletagmanager.com;                            style-src-elem 'self' 'unsafe-inline' *.bugherd.com *.jsdelivr.net *.googleapis.com *.typekit.net *.cloudfront.net *.episerver.net;              style-src 'self' 'unsafe-inline' *.bugherd.com *.jsdelivr.net *.googleapis.com *.typekit.net *.cloudfront.net *.episerver.net;              font-src 'self' bugherd-attachments.s3.amazonaws.com *.gstatic.com *.typekit.net *.bugherd.com *.cloudfront.net;               connect-src 'self' ws: wss: *.hsforms.com *.hsforms.net px.ads.linkedin.com bugherd-attachments.s3.amazonaws.com https://dc.services.visualstudio.com *.linkedin.com *.linkedin.oribi.io *.hotjar.com *.hotjar.io wss://ws1.hotjar.com/api/v2/client/ws *.google-analytics.com *.googleapis.com *.gstatic.com https://stats.g.doubleclick.net *.bugsnag.com *.bugherd.com *.episerver.net data:;               img-src 'self' data: *.hsforms.com *.hsforms.net bugherd-attachments.s3.amazonaws.com *.youtube.com *.hotjar.com https://sketchfab.com/ *.google.com pixel.sitescout.com *.cloudfront.net *.ytimg.com *.google-analytics.com *.sitescout.com *.episerver.net *.linkedin.com *.adsymptotic.com;               frame-src 'self' data: *.google.com *.youtube.com *.hotjar.com https://sketchfab.com *.sitescout.com *.googletagmanager.com;              child-src *.youtube.com *.hotjar.com;    frame-ancestors 'self' *.skillsoftcompliance.com *.skillport.com; 1
upgrade-insecure-requests; default-src 'none'; base-uri 'none'; form-action https://mailer.nautile.tech; child-src 'none'; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com data:; img-src 'self' data: i.ytimg.com; media-src 'self' blob:; connect-src 'self' https://mailer.nautile.tech https://nautile-anniversaire.lecode.workers.dev https://nautile-anniversaire-production.lecode.workers.dev; frame-src 'self' www.youtube-nocookie.com www.youtube.com; object-src 'self' https://www.youtube.com; script-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.govmetric.com *.servmetric.com requirejs.org *.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' *.govmetric.com data:; 1
default-src 'self' 'unsafe-inline' d2f5cg397c40hu.cloudfront.net *.disquscdn.com disqus.com *.googleapis.com github.githubassets.com stats.g.doubleclick.net; script-src 'self' cdn.jsdelivr.net www.google.com player.vimeo.com d2f5cg397c40hu.cloudfront.net maps.googleapis.com js.stripe.com www.facebook.com connect.facebook.net https://connect.facebook.net platform.twitter.com *.disqus.com *.disquscdn.com www.google-analytics.com www.gstatic.com recaptcha.net 'unsafe-inline' 'unsafe-eval' *.algolianet.com *.algolia.net gist.github.com *.helpscout.net ssl.google-analytics.com *.gstatic.cn *.googletagmanager.com tagmanager.google.com cdn-cookieyes.com *.googleoptimize.com optimize.google.com www.klaviyo.com cdnjs.cloudflare.com *.licdn.com *.redditstatic.com static.klaviyo.com static-tracking.klaviyo.com accounts.google.com www.clarity.ms; frame-src 'self' www.youtube.com www.google.com recaptcha.net js.stripe.com player.vimeo.com www.facebook.com web.facebook.com platform.twitter.com e.widgetbot.io disqus.com optimize.google.com; frame-ancestors 'self'; img-src * data:; font-src 'self' d2f5cg397c40hu.cloudfront.net fonts.gstatic.com recaptcha.net data: *.googleapis.com; connect-src 'self' www.google-analytics.com www.facebook.com stats.g.doubleclick.net *.algolia.net links.services.disqus.com syndication.twitter.com *.algolianet.com r2cn6b0sec-dsn.algolia.net recaptcha.net https://ssl.google-analytics.com https://d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net maps.googleapis.com *.widgetbot.io *.cookieyes.com cdn-cookieyes.com manage.kmail-lists.com cdn.linkedin.oribi.io static-forms.klaviyo.com *.klaviyo.com *.clarity.ms; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com recaptcha.net *.algolianet.com *.algolia.net *.google-analytics.com *.disquscdn.com *.googleapis.com github.githubassets.com optimize.google.com www.googletagmanager.com *.klaviyo.com; report-uri /_csp-report; 1
frame-ancestors 'self' https://*.smartersign.com 1
default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://fast.appcues.com https://api.appcues.net wss://api.appcues.net https://vulpix.appcues.com https://appcues-content-api-prod.herokuapp.com https://nh436jpc4i.execute-api.us-west-2.amazonaws.com https://104cl9psz3.execute-api.us-west-2.amazonaws.com https://appcues-quickstart.s3-us-west-2.amazonaws.com https://*.firebase.com wss://*.firebaseio.com https://*.firebaseio.com; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; font-src https: data:; frame-src https:; img-src https: data:; media-src blob: data: https:; object-src https:; style-src 'unsafe-inline' https: 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-PEeGc5OMjwNt7thJIf3AtA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-src 'self' *.jict.fi https://www.recaptcha.net https://www.google.com; object-src 'self' *.jict.fi; style-src 'self' 'unsafe-inline' *.jict.fi fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com maxcdn.bootstrapcdn.com; base-uri 'self' *.jict.fi; form-action 'self' *.jict.fi; frame-ancestors 'self' *.jict.fi; upgrade-insecure-requests 1
frame-ancestors https://*.nywerk.de https://*.test https://vinylfuture.com.ddev.site https://deejay.de https://vinylfuture.com https://*.deejay.de https://*.vinylfuture.com; 1
frame-ancestors 'self' *.mailmeteor.com 1
default-src 'none'; font-src 'self' data: obcan.justice.sk; script-src 'self' 'unsafe-inline' 'unsafe-eval' obcan.justice.sk; connect-src 'self' api.justice.gov.sk obchodnyvestnik.justice.gov.sk obcan.justice.sk; img-src 'self' data: a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org obcan.justice.sk; style-src 'self' 'unsafe-inline' obcan.justice.sk; base-uri 'self'; form-action 'self'; frame-src www.openstreetmap.org 1
frame-ancestors https://jbase.unitedtranzactions.com 1
default-src 'self' https://* http://www.gmv.com http://gmv.com; script-src 'self' https://* http://www.gmv.com http://gmv.com  'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://* http://www.gmv.com http://gmv.com data:; font-src 'self' data:; connect-src 'self' https://* http://www.gmv.com http://gmv.com; frame-src 'self' https://* http://www.gmv.com http://gmv.com 1
default-src 'self' www.facebook.com player.vimeo.com gcs-vimeo.akamaized.net vod-progressive.akamaized.net; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' use.typekit.net www.googletagmanager.com tagmanager.google.com www.google-analytics.com analytics.google.com maps.googleapis.com connect.facebook.net www.facebook.com cdn.cookielaw.org www.googleadservices.com https://*.crazyegg.com https://appds8093.blob.core.windows.net; connect-src 'self' cdn.cookielaw.org www.google-analytics.com analytics.google.com www.facebook.com https://*.onetrust.com https://*.mapbox.com https://*.tiles.mapbox.com https://*.bugsnag.com https://*.crazyegg.com https://*.g.doubleclick.net https://appds8093.blob.core.windows.net; img-src 'self' data: blob: p.typekit.net www.facebook.com connect.facebook.net www.google-analytics.com analytics.google.com www.googletagmanager.com nolocdnv.azureedge.net cdn.cookielaw.org https://*.mapbox.com https://*.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com tagmanager.google.com https://*.mapbox.com https://*.typekit.net https://appds8093.blob.core.windows.net; font-src 'self' data: use.typekit.net fonts.gstatic.com https://appds8093.blob.core.windows.net; manifest-src 'self'; frame-src 'self' www.googletagmanager.com www.facebook.com; child-src blob:; worker-src blob:; report-uri https://bubbas33.report-uri.com/r/d/csp/enforce 1
default-src 'self'; connect-src 'self' *.readspeaker.com https://www.piwik.bayern.de/ wss://*.assistent.bayern.de/chat/widget/; manifest-src 'self'; img-src 'self' data: https://*.assistent.bayern.de/bot-media/ https://*.assistent.bayern.de/static/ https://i.ytimg.com/; font-src 'self' data: https://*.assistent.bayern.de/static/; frame-src *.readspeaker.com https://geoportal.bayern.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; media-src 'self' *.readspeaker.com; prefetch-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.piwik.bayern.de/piwik/piwik.js https://*.assistent.bayern.de/static/ 1
object-src 'self'; block-all-mixed-content; frame-ancestors 'self' secpoint.com *.secpoint.com; 1
default-src 'self' https://fbcdn.net adsymptotic.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assistant.kpt-dev.ch https://assistant.kpt-int.ch https://assistant.kpt.ch https://www.youtube.com youtu.be youtube.com ytimg.com *.pinimg.com gtm.js https://*.licdn.com https://snap.licdn.com https://www.linkedin.com *.pinterest.com https://connect.facebook.net https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://googletagmanager.com https://ajax.googleapis.com https://ssl.google-analytics.com https://cdn.cookielaw.org https://googleadservices.com https://www.googleadservices.com https://geoloaction.onetrust.com https://google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://*.hotjar.com https://*.crazyegg.com;             style-src 'self' 'unsafe-inline' https://assistant.kpt-dev.ch https://assistant.kpt-int.ch https://assistant.kpt.ch https://fonts.googleapis.com https://tagmanager.google.com https://optimize.google.com https://*.crazyegg.com https://*.googletagmanager.com;             font-src 'self' data: https://fonts.googleapis.com https://*.hotjar.com https://fonts.gstatic.com;             connect-src 'self' *.licdn.com *.pinimg.com *.pinterest.com https://*.google.com https://*.google.ch https://region1.google-analytics.com https://*.google-analytics.com https://google-analytics.com https://cdn.cookielaw.org https://*.analytics.google.com https://geolocation.onetrust.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.crazyegg.com;             img-src 'self' data: https://www.facebook.com https://ct.pinterest.com/v3 *.pinterest.com *.linkedin.com *.licdn.com *.pinimg.com https://*.google-analytics.com https://*.analytics.google.com https://ssl.gstatic.com https://googleads.g.doubleclick.net https://www.gstatic.com https://*.google.com https://*.google.ch https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://stats.g.doubleclick.net https://google-analytics.com https://optimize.google.com https://*.hotjar.com https://*.crazyegg.com https://cdn.cookielaw.org;             frame-src 'self' https://www.youtube.com https://bid.g.doubleclick.net https://optimize.google.com https://*.hotjar.com https://*.pinterest.com https://*.issuu.com https://e.issuu.com;    media-src 'self' youtube.com ytimg.com youtu.be;             upgrade-insecure-requests;              block-all-mixed-content; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googletagmanager.com;     style-src 'unsafe-inline' 'unsafe-eval' 'self'; 1
object-src 'none'; frame-ancestors 'self' https://deploy.mca.tid.es https://deploy.tid.es *.o2.de *.o2.com *.o2online.de *.telefonica.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.tiktok.com *.o2.com *.o2.de *.spatialbuzz.com *.usercentrics.eu *.baqend.com *.o2online.de *.telefonica.de *.o9.de *.googletagmanager.com *.trbo.com *.google-analytics.com *.kampyle.com *.adoberesources.net *.matelso.de *.contentsquare.net *.nowinteract.com *.demoup.com *.auracognitive.com *.adtelligence.de *.aklamio.com *.promisejs.org *.usabilla.com *.jsdelivr.net *.cloudflare.com *.abtasty.com *.blob.core.windows.net *.blau.o9.de *.blau.de *.ad4m.at track.adform.net www.facebook.com *.doubleclick.net adservice.google.com a.twiago.com www.youtube.com o2-music-cms-a.preprod.ava-digi.de www.google.co.in analytics.google.com dpm.demdex.net www.google-analytics.com imagesrv.adition.com www.google.com dsum-sec.casalemedia.com rtb-csync.smartadserver.com ih.adscale.de trc.taboola.com ad11.adfarm1.adition.com ad4m.at *.spatialbuzz.net 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-fQf3aZEHukTX6W/K/VQ4cg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src 'self' api.celebrationcinema.com api2.celebrationcinema.com *.google-analytics.com 127.0.0.1 google-analytics.com *.braintreegateway.com *.braintree-api.com *.tiktok.com *.google-analytics.com *.doubleclick.net *.facebook.net https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr celebrationcinema.com *.celebrationcinema.com https://barcodeapi.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com *.tagmanager.google.com *.google.com *.tiktok.com *.google-analytics.com *.doubleclick.net *.adroll.com *.surveymonkey.com https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr recruitingbypaycor.com *.recruitingbypaycor.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.googletagmanager.com *.tagmanager.google.com *.google.com https://celebrationcinema.com https://themidtowngr https://123gr https://studioparkgr; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.doubleclick.net *.google.com *.adsrvr.org *.demdex.net *.bluekai.com *.rubiconproject.com *.yahoo.com api.celebrationcinema.com 127.0.0.1 http://127.0.0.1 https://127.0.0.1 https://bystudioc-stage.azurewebsites.net https://bystudioc-sync-auto.azurewebsites.net https://celebrationcinema.com * https://barcodeapi.org; media-src 'self' data: blob:; frame-src *.helpscoutdocs.com *.braintreegateway.com 'self' *.youtube.com *.spotify.com *.google.com *.surveymonkey.com recruitingbypaycor.com *.recruitingbypaycor.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com *.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com open.spotify.com/ https://moviecelebrationapi.peachdigital.com *.braintree-api.com/ *.braintreegateway.com/ *.helpscoutdocs.com; connect-src 'self' *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.braintree-api.com/ *.braintreegateway.com/ *.tiktok.com *.google-analytics.com *.doubleclick.net d.adroll.com api.celebrationcinema.com *.googleapis.com maps.googleapis.com celebrationcinema.com *.celebrationcinema.com; 1
default-src 'self' data: blob: *.octopus.com.hk *.octopuscards.com *.octopusrewards.com.hk *.online-octopus.com *.octopus-cards.com *.oepay.octopus-cards.com *.comm.octopus.com.hk *.youtube.com *.google.com *.google.com.hk *.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.googleadservices.com ade.googlesyndication.com *.g.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net www.facebook.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://misaludapp.com https://www.lifesenssei.com https://www.quironsalud.es 1
img-src * data: blob: 'unsafe-inline';  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com; img-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self'; object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.wales; img-src 'self' https: data: blob: https://toot.wales; style-src 'self' https://toot.wales 'nonce-65DarcpMav6DYfXZOWYQlg=='; media-src 'self' https: data: https://toot.wales; frame-src 'self' https:; manifest-src 'self' https://toot.wales; form-action 'self'; child-src 'self' blob: https://toot.wales; worker-src 'self' blob: https://toot.wales; connect-src 'self' data: blob: https://toot.wales https://cdn.masto.host wss://toot.wales; script-src 'self' https://toot.wales 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.lawschooldata.org; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googletagmanager.com *.googleusercontent.com *.google-analytics.com *.google.com *.googleapis.com *.myabsorb.com *.doubleclick.net *.windows.net *.walkme.com *.jquery.com *.createjs.com *.youtube.com *.youtube-nocookie.com *.onetrust.com *.facebook.net *.facebook.com *.cookielaw.org *.licdn.com *.adsymptotic.com *.linkedin.com *.jnjvision.asia *.nr-data.net *.ckeditor.com *.brightcove.net *.brightcove.com *.brightcovecdn.com *.zencdn.net *.boltdns.net *.jjvcpro.com *.jnjcommerce.com *.mouseflow.com *.hotjar.com *.hotjar.io *.googleanalytics.com *.googleoptimize.com *.optimize.google.com *.fonts.gstatic.com *.newrelic.com *.xml; object-src *; img-src * data: blob:; frame-src *; font-src * data: blob: 'unsafe-inline'; report-uri /report-csp-violation 1
default-src 'none';script-src 'self' 'nonce-z1dGBFgYwYLnQAyVvGUMctig' 'unsafe-eval' https://player.vimeo.com/api/player.js https://www.instagram.com/embed.js https://platform.twitter.com/widgets.js https://platform.twitter.com/js/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/ https://tags.tiqcdn.com https://tags.tiqcdn.cn https://tags-eu.tiqcdn.com https://snap.licdn.com https://*.googletagmanager.com/ https://*.google-analytics.com/ https://cdn.cookielaw.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;object-src 'self';style-src 'self' 'unsafe-inline' https://lf16-tiktok-web.ttwstatic.com/obj/tiktok-web/tiktok/falcon/embed/;img-src 'self' https://i.ytimg.com https://i.vimeocdn.com/video/ https://cldnr.talpa.network https://*.google-analytics.com/ https://*.googletagmanager.com/ https://cdn.cookielaw.org;media-src 'self';frame-src 'self' https://www.youtube.com https://player.vimeo.com https://open.spotify.com https://w.soundcloud.com https://www.facebook.com https://www.linkedin.com https://www.instagram.com https://platform.twitter.com https://www.tiktok.com https://embed.kijk.nl https://*.sbs6.nl https://*.net5.nl https://*.veronicatv.nl https://*.sbs9.nl https://*.talpanetwork.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;font-src 'self' data:;connect-src 'self' https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://talpanetwork-privacy.my.onetrust.com;base-uri 'self';child-src 'self';form-action 'self';frame-ancestors 'self';manifest-src 'self';worker-src 'self';upgrade-insecure-requests 1
default-src 'self' https://*.clarity.ms https://c.bing.com https://api2.branch.io https://*.bestshopping.com www.pointer.it https://*.ipqualityscore.com https://cdn.branch.io *.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://www.facebook.com wss://*.hotjar.com https://*.hotjar.com:* https://*.hotjar.io https://js.tncid.app https://px.tncid.app https://bd.tncid.app; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://js.tncid.app/tnc.min.js https://js.tncid.app/tnc.js https://js.tncid.app/01_adform.js https://js.tncid.app/06_pubmatic.js https://js.tncid.app/09_nielsen.js https://app.link https://cdn.branch.io https://optimize.google.com https://www.ipqualityscore.com https://www.dwin2.com https://tm.tradetracker.net/conversion https://*.hotjar.com https://*.hotjar.io https://ad.zanox.com/ppl/ https://action.metaffiliation.com https://*.bestshopping.com seal.godaddy.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://d1op479sbjfgkw.cloudfront.net https://d131uo10gdublu.cloudfront.net https://connect.facebook.net https://platform.twitter.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net; img-src * data:; style-src 'self' 'unsafe-inline' https://*.bestshopping.com https://maxcdn.bootstrapcdn.com https://optimize.google.com https://fonts.googleapis.com; font-src 'self' https://*.bestshopping.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://*.hotjar.com https://*.hotjar.io  data:; frame-src *; object-src 'self' https://*.bestshopping.com; child-src https://*.bestshopping.com https://*.hotjar.com https://*.hotjar.io; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' www.google-analytics.com; 1
default-src 'self'; frame-src 'self' 'unsafe-inline' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com; connect-src 'self' *:888 google-analytics.com trustzonevpn.info googletagmanager.com; font-src 'self' data: fonts.gstatic.com googletagmanager.com; form-action 'self'; img-src 'self' data: *.google.com trustzoneurl.com trustzonepost.xyz trustzonevpn.info get-trust-vpn.info trust.zone stats.g.doubleclick.net google-analytics.com syndication.twitter.com *.basemaps.cartocdn.com googletagmanager.com; manifest-src 'self'; style-src 'self' 'unsafe-inline' get-trust-vpn.info; script-src 'self' 'unsafe-eval' 'nonce-8107f4bd4c218ca9b509f5c82f92e9bf' google.com gstatic.com googletagmanager.com trustzonevpn.info get-trust-vpn.info trustzoneurl.com platform.twitter.com connect.facebook.net; report-uri http://intrustedzone.site/_csp_log 1
default-src 'none';media-src https://media.equityapartments.com https://www.youtube.com;connect-src 'self' https://cdn.cookielaw.org https://ka-f.fontawesome.com https://maps.googleapis.com https://analytics.google.com https://www.google-analytics.com  https://stats.g.doubleclick.net https://www.youtube.com/;frame-src https://td.doubleclick.net https://6677643.fls.doubleclick.net https://www.youtube.com/ https://my.matterport.com/ https://viewer.panoskin.com/;form-action 'self';img-src * 'self' data: *;object-src 'none';sandbox allow-downloads allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts;base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.google.com ka-f.fontawesome.com www.youtube.com www.google.com maps.googleapis.com googleads.g.doubleclick.net tracker.marinsm.com bat.bing.com connect.facebook.net www.googleadservices.com maps.google.com ajax.googleapis.com code.jquery.com www.google-analytics.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.cookielaw.org www.googletagmanager.com kit.fontawesome.com cdn.cookielaw.org b.clarity.ms e.clarity.ms f.clarity.ms d.clarity.ms g.clarity.ms s.dca0.com;style-src-elem 'self' 'unsafe-inline' code.jquery.com fonts.googleapis.com www.google-analytics.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ka-f.fontawesome.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com *.cognitoforms.com https:; font-src https: data:; img-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com *.cognitoforms.com https:; style-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net *.googleapis.com *.gstatic.com *.facebook.net px.ads.linkedin.com snap.licdn.com *.cognitoforms.com https:; 1
frame-ancestors 'self' *.mastercard.com *.gatwickparking.co.uk 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bitbang.social; img-src 'self' https: data: blob: https://bitbang.social; style-src 'self' https://bitbang.social 'nonce-TuER0p3O4UOZwxQTd5Iuww=='; media-src 'self' https: data: https://bitbang.social; frame-src 'self' https:; manifest-src 'self' https://bitbang.social; connect-src 'self' data: blob: https://bitbang.social https://files.bitbang.social wss://bitbang.social; script-src 'self' https://bitbang.social 'wasm-unsafe-eval'; child-src 'self' blob: https://bitbang.social; worker-src 'self' blob: https://bitbang.social 1
default-src 'none'; base-uri 'self'; child-src 'self' https://www.google.com/recaptcha/ https://app.hubspot.com/ blob: https://mc.yandex.ru blob: https://mc.yandex.ru; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net track.gaconnector.com js.hscollectedforms.net js.usemessages.com https://*.hubspot.com https://*.hubapi.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://salesiq.zohopublic.eu wss://vts.zohopublic.eu https://static.zohocdn.com https://informer.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://css.zohocdn.com https://d1uuj3mi6rzwpm.cloudfront.net; form-action 'self'; frame-ancestors 'self' metrika.yandex.ru; frame-src * https://www.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.hubspot.com blob: https://mc.yandex.ru blob: https://mc.yandex.ru; img-src 'self' * data: https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://ssl.gstatic.com www.googletagmanager.com https://*.hsforms.com https://*.hubspot.com https://informer.yandex.ru https://mc.yandex.com https://mc.yandex.ru; media-src 'self' https: https://d1uuj3mi6rzwpm.cloudfront.net; object-src 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.google.com https://www.google.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.google-analytics.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.net https://*.hs-scripts.com https://*.hubspot.com https://app.hubspot.com https://forms.hsforms.com https://forms.hscollectedforms.net https://*.usemessages.com https://salesiq.zohopublic.eu https://css.zohocdn.com https://js.zohocdn.com https://js.zohostatic.eu https://static.zohocdn.com wss://vts.zohopublic.eu https://connect.facebook.net https://sc.lfeeder.com https://px.ads.linkedin.com https://snap.licdn.com https://informer.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://mc.yandex.az https://mc.yandex.by https://mc.yandex.co.il https://mc.yandex.com https://mc.yandex.com.am https://mc.yandex.com.ge https://mc.yandex.com.tr https://mc.yandex.ee https://mc.yandex.fr https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.lt https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.ru https://mc.yandex.tj https://mc.yandex.tm https://mc.yandex.ua https://mc.yandex.uz https://yastatic.net https://d1uuj3mi6rzwpm.cloudfront.net; style-src 'self' * 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://d1uuj3mi6rzwpm.cloudfront.net; report-uri /logger/csp 1
script-src 'self' 'unsafe-inline' api.company-target.com/api/ stats.g.doubleclick.net www.googletagmanager.com munchkin.marketo.net snap.licdn.com connect.facebook.net view.ceros.com sc.lfeeder.com www.clarity.ms directline.botframework.com q.clarity.ms/collect googleads.g.doubleclick.net www.youtube.com jnn-pa.googleapis.com pcl-prd-hrchatbot-web.azurewebsites.net pcl-stg-hrchatbot-web.azurewebsites.net pcl-dev-hrchatbot-bsweb.azurewebsites.net cdn.botframework.com pcl.egnyte.com urldefense.com www.logicmonitor.com docs.rapid7.com www.google-analytics.com cdn.cookielaw.org; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://www.googletagmanager.com/ http://s7.addthis.com/ https://m.addthis.com/ https://z.moatads.com/ https://v1.addthisedge.com/ 'self' cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://mma.prnewswire.com/ https://www.addthis.com/ 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://www.google-analytics.com/; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://s7.addthis.com/ 'self' web-chat.nativechat.com; frame-src web-chat.nativechat.com 'self' 1
frame-ancestors innio.com *.innio.com myplant.io *.myplant.io *.jenbacher.com *.jenbacher.us *.waukeshaengine.com; 1
default-src 'self' *.speedship.com https://speedship.com https://www.speedship.com ; frame-src 'self' *.speedship.com https://speedship.com https://www.speedship.com https://service.force.com https://auth.wwex.com https://whatfix.com https://*.whatfix.com https://transaction.hostedpayments.com *.quicksight.aws.amazon.com blob: ; img-src 'self' *.speedship.com https://speedship.com https://www.speedship.com https://wwex.com https://www.google-analytics.com https://*.gravatar.com data: ; script-src 'self' *.speedship.com https://speedship.com https://www.speedship.com 'unsafe-inline' *.force.com *.salesforceliveagent.com https://*.whatfix.com https://whatfix.com https://www.google-analytics.com https://code.jquery.com https://wwex.com *.quicksight.aws.a2z.com https://d758cqe2bs24d.cloudfront.net blob: ; style-src 'self' 'unsafe-inline' *.force.com *.typekit.net ; object-src 'none' ; font-src 'self' *.typekit.net https://fonts.gstatic.com data: ; connect-src 'self' *.speedship.com https://speedship.com https://www.speedship.com https://nextgen-document-store-prod2-us-east-1.s3.amazonaws.com https://*.launchdarkly.com https://*.datadoghq.com https://session-replay.browser-intake-datadoghq.com https://rum-http-intake.logs.datadoghq.com https://auth.wwex.com https://ka-f.fontawesome.com https://*.whatfix.com https://whatfix.com wss://localhost:* wss://localhost.qz.io:* *.quicksight.aws.amazon.com 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; worker-src blob: ; child-src * blob: ; img-src * data: blob: ; connect-src * https://*.netlify.app https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://widgets.swaven.com;, upgrade-insecure-requests; 1
default-src 'none'; script-src 'self'; connect-src 'self' https://*.us-east-1.amazonaws.com/ https://*.execute-api.us-east-1.amazonaws.com/test/rpas https://*.execute-api.us-east-1.amazonaws.com/test/provisionedrpas; img-src 'self' data:; style-src 'self' fonts.googleapis.com 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; base-uri 'self';form-action 'self'; font-src fonts.gstatic.com; manifest-src 'self'; 1
frame-ancestors 'self' *.empowerfcu.com *.zagclients.net report-uri https://empower.report-uri.com/r/d/csp/wizard 1
frame-ancestors 'self'; report-uri frame-src 'self'; frame-ancestors 'self'; report-uri https://entertainmentcareers.report-uri.com/r/d/csp/enforce 1
upgrade-insecure-requests; frame-ancestors 'self' nowsecure.pathfactory.com discover.nowsecure.com; 1
style-src 'self' https://www.youraccessone.com https://youraccessone.com  https://js-agent.newrelic.com https://cdn.walkme.com https://pciapply.com 'unsafe-inline';script-src 'self' https://youraccessone.com https://www.youraccessone.com https://h.online-metrix.net https://cdn.walkme.com https://playerserver.walkme.com  https://js-agent.newrelic.com https://pciapply.com 'unsafe-eval' 'unsafe-inline';form-action 'self' https://pciapply.com; 1
default-src 'self';         script-src 'self' 'unsafe-eval' 'unsafe-inline'             ajax.cloudflare.com             app.storyblok.com             atlas-aws.s3.amazonaws.com             connect.facebook.net             fast.fonts.net             js.hsadspixel.net             io.leadingreports.de             m.excentos.com             snap.licdn.com             tagmanager.google.com             walls.io             www.google-analytics.com             www.google.com             www.googleadservices.com             www.googletagmanager.com             googleads.g.doubleclick.net             *.azureedge.net.mcas.ms             *.aiaibot.com             *.bing.com             *.clarity.ms             *.datareporter.eu             *.excentos.com             *.leadinfo.com             *.googleapis.com             *.usemessages.com             *.hubspot.com             *.hsleadflows.net             *.hs-scripts.com             *.hs-banner.com             *.hs-analytics.net             *.mpembed.com             *.teads.tv             *.azureedge.net             *.svc.dynamics.com             *.blob.core.windows.net             mktdplp102cdn.azureedge.net             siteimproveanalytics.com             portal.combeenation.com             www.gstatic.com;         style-src 'self' 'unsafe-inline'             app.storyblok.com             atlas-aws.s3.amazonaws.com             fast.fonts.net             fonts.googleapis.com             *.excentos.com             *.leadinfo.com             tagmanager.google.com             walls.io             *.aiaibot.com             *.bing.com             *.clarity.ms             *.datareporter.eu             *.teads.tv             *.mpembed.com;         media-src 'self'             *.svc.dynamics.com             a.storyblok.com;         frame-src 'self'             *.aiaibot.com             *.bing.com             *.clarity.ms             *.hubspot.com             *.leadinfo.com             *.doubleclick.net             *.jigsawexplorer.com             *.jigsawplanet.com             *.walls.io             *.svc.dynamics.com             *.teads.tv             mpembed.com             keba.schreib.biz             player.youku.com             portal.combeenation.com             www.facebook.com             www.google.com             www.youtube.com;         img-src 'self'             a.storyblok.com             googleads.g.doubleclick.net             img.youtube.com             img2.storyblok.com             jobs.keba.com             keba.com             lh3.googleusercontent.com             *.googleapis.com             *.svc.dynamics.com             maps.gstatic.com             px.ads.linkedin.com             s3.amazon.aws.com             ssl.gstatic.com             stats.g.doubleclick.net             www.facebook.com             www.google-analytics.com             www.googletagmanager.com             www.google.at             www.google.com             www.gstatic.com             www.keba.com             www.linkedin.com             salesviewer.org             connect.facebook.net             ad.doubleclick.net             *.excentos.com             *.leadinfo.com             *.aiaibot.com             *.bing.com             *.clarity.ms             *.linkedin.com             *.mpembed.com             *.teads.tv             *.siteimproveanalytics.io             track.hubspot.com             data:;         font-src 'self'             *.excentos.com             *.aiaibot.com             *.mpembed.com             fonts.gstatic.com             jobs.keba.com             data:;         connect-src 'self'             server01.io.leadingreports.de             stats.g.doubleclick.net             js.hs-banner.com             api.hubapi.com             px.ads.linkedin.com             *.google-analytics.com             *.analytics.google.com             *.bing.com             *.clarity.ms             *.datareporter.eu             *.excentos.com             *.leadinfo.com             *.aiaibot.com             *.googleapis.com             *.teads.tv             *.hubspot.com             *.linkedin.oribi.io             *.svc.dynamics.com             *.azureedge.net.mcas.ms             assets-eur.mkt.dynamics.com             mcas-proxyweb.mcas.ms             salesviewer.org             salesviewer.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://lib-us-2.brilliantcollector.com https://lib-us-3.brilliantcollector.com https://*.harryrosen.com https://*.monetate.net https://*.doubleclick.net https://*.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://*.google.com https://www.gstatic.com https://www.googleadservices.com https://www.googletagmanager.com https://*.newrelic.com https://*.coremetrics.com https://www.facebook.com https://collector.tealeaf.ibmcloud.com https://h.online-metrix.net/fp/tags.js https://static.zdassets.com https://*.adform.net https://*.taboola.com https://analytics.tiktok.com https://sf19-scmcdn-va.ibytedtos.com https://ash-telemetry.production.bot-brain.com https://*.bing.com https://*.criteo.net https://*.criteo.com https://*.pinimg.com https://sc-static.net https://*.xtlo.net https://api.cloudsponge.com https://cdn.syteapi.com https://*.mczbf.com https://*.qualtrics.com https://*.quantserve.com https://*.quantcount.com https://*.dynamicyield.com https://*.adroll.com https://*.licdn.com https://*.linkedin.com https://*.twitter.com https://*.ads-twitter.com https://*.klarnaservices.com https://*.klarna.com https://*.paypal.com https://*.paypalobjects.com https://*.adsrvr.org https://h7mmhw2x4a.execute-api.eu-west-1.amazonaws.com https://*.personifyxpassets.com https://d38xvr37kwwhcm.cloudfront.net https://*.opentok.com https://*.solarwinds.cloud https://*.stackadapt.com https://cdn.segment.com wss://*.noibu.com https://*.noibu.com https://*.netomi.com https://js.narvar.com https://js-st01.narvar.qa https://*.clarity.ms https://js.braintreegateway.com https://*.snapchat.com https://*.pinterest.com; frame-ancestors https://*.harryrosen.com https://*.amplience.net; 1
default-src 'self'; img-src 'self' data: https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com https://*.google-analytics.com https://www.googletagmanager.com https://i.ytimg.com https://pbs.twimg.com https://px.ads.linkedin.com/collect https://www.linkedin.com/px https://px4.ads.linkedin.com https://maps.googleapis.com/maps/ https://static.hotjar.com https://script.hotjar.com https://online.flippingbook.com/ https://d17lvj5xn8sco6.cloudfront.net; media-src 'self' https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com; font-src 'self' data: https://static.schubergphilis.com/media/ https://sbpaweupweb02sta03.blob.core.windows.net https://sbpaweupweb02sta01.blob.core.windows.net https://sbppweupweb02sta01.blob.core.windows.net https://sbppweupweb02cdn01.azureedge.net https://sbpaweupweb02cdn01.azureedge.net *.schubergphilis.com https://script.hotjar.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline'  'unsafe-inline' sentry.io *.sentry-cdn.com https://static.hotjar.com https://script.hotjar.com; script-src 'self' 'self' 'unsafe-inline' https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js www.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com/ https://online.flippingbook.com/EmbedScriptUrl.aspx https://static.hotjar.com https://script.hotjar.com https://d33i2vgywgme2s.cloudfront.net; connect-src 'self' https://schubergphilis.com sentry.io *.sentry.io https://*.google-analytics.com/ https://region1.google-analytics.com/g/collect https://maps.googleapis.com/maps/api/ https://metrics.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io https://content.hotjar.io https://events.hotjar.io https://surveystats.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://fbo-b.flippingbook.com https://online.flippingbook.com/; form-action 'self'; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://vars.hotjar.com https://online.flippingbook.com; frame-ancestors 'self'; object-src 'none' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://analytics.tiktok.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://*.criteo.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.popinabox.co.uk https://m.popinabox.co.uk https://checkout.popinabox.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' https://www.rust-lang.org; font-src 'self' 1
default-src 'self' https://www.lufthansagroup.com https://*.lufthansagroup.careers https://s.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com; script-src 'self'  *.ytimg.com *.youtube.com *.youtube-nocookie.com ; style-src 'self'  https://www.lufthansagroup.com https://*.lufthansagroup.careers; object-src 'self'; 1
default-src 'self'; frame-src 'self' https://newassets.hcaptcha.com; connect-src 'self' https://api.addsearch.com https://flowcrypt.s3.amazonaws.com; script-src 'self' https://hcaptcha.com; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='; font-src 'self' data:; object-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.beigene.com api.tiles.mapbox.com *.mapbox.com npmcdn.com cdn.jsdelivr.net cdn.cookielaw.org static.ads-twitter.com cdnjs.cloudflare.com www.google-analytics.com pi.pardot.com bat.bing.com code.jquery.com cookie-cdn.cookiepro.com js.qualified.com snap.licdn.com www.googletagmanager.com www.gstatic.com www.beigene.com; style-src 'self' 'unsafe-inline' code.jquery.com *.beigene.com api.tiles.mapbox.com *.mapbox.com unpkg.com *.icims.com *.vidyard.com *.bioz.com fonts.googleapis.com; object-src 'self' *.bioz.com; base-uri 'self'; connect-src 'self' *.beigene.com cdn.linkedin.oribi.io *.mapbox.com api.tiles.mapbox.com cdn.cookielaw.org *.go-mpulse.net *.vidyard.com *.bioz.com *.google.com *.google.com.ar app.qualified.com bat.bing.com cookie-cdn.cookiepro.com stats.g.doubleclick.net www.google-analytics.com www.googleadservices.com wss://ws.qualified.com; font-src 'self' data: *.beigene.com *.bioz.com fonts.gstatic.com; frame-src 'self' *.beigene.com *.icims.com app.qualified.com go.beigene.com play.vidyard.com *.bioz.com; img-src 'self' *.beigenemedical.com www.linkedin.com data: cdn.cookielaw.org assets.codepen.io analytics.twitter.com *.adsymptotic.com *.beigene.com t.co *.icims.com *.googleapis.com *.ads.linkedin.com www.google-analytics.com *.google.com www.googletagmanager.com *.gravatar.com; manifest-src 'self' *.beigene.com; media-src 'self' *.beigene.com blob:; worker-src 'self' blob: 1
default-src ‘none’; script-src ‘self’; connect-src ‘self’; img-src ‘self’; style-src ‘self’; frame-ancestors ‘self’; form-action ‘self’; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com globalclient.visa.com globalcheckout.visa.com globaldeveloper.visa.com globalresponse.visa.com images.globalclient.visa.com app.globalclient.visa.com usa.visa.com tracking.cpa.qa.web.visa.com cdn.visa.com *.foleon.com *.linkedin.com *.demandbase.com *.fontawesome.com *.googleapis.com *.doubleclick.net *.simpli.fi *.licdn.com *.tiqcdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.youtube.com googlesyndication.com *.company-target.com fonts.gstatic.com *.tiqcdn.com cnv.event.prod.bidr.io *.rlcdn.com dsum-sec.casalemedia.com partners.tremorhub.com pixel.rubiconproject.com *.vidyard.com; img-src *; font-src *; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://sgtm.perriconemd.it; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.perriconemd.it https://checkout.perriconemd.it https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://cdn.trackjs.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://ln-rules.rewardstyle.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://sgtm.perriconemd.it; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' data: ;connect-src 'self' https://queue.simpleanalyticscdn.com https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.giosg.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha https://stats.g.doubleclick.net https://service.giosg.com https://*.uefa.com https://*.umbraco.com https://*.umbraco.org https://www.facebook.com https://execution-ci360.santander.nl https://*.ci360.sas.com https://cdn.cookielaw.org https://*.tt.omtrdc.net;child-src 'self' https://www.facebook.com;font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://script.hotjar.com https://fonts.googleapis.com https://fonts.gstatic.com;form-action 'self' https://www.facebook.com;frame-ancestors 'self' https://www.facebook.com https://*.ci360.sas.com;frame-src 'self' https://*.santander.nl https://*.santander.be https://*.clients.giosgusercontent.com https://www.google.com/recaptcha/ https://www.youtube.com https://player.vimeo.com https://vars.hotjar.com https://players.brightcove.net https://*.trustpilot.com https://static.addtoany.com https://www.facebook.com https://www.santandermarketingoverlay.nl https://optimize.google.com https://*.uefa.com https://*.chooose.today;img-src 'self' data: https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com https://*.google-analytics.com https://*.analytics.google.com https://*.umbraco.com https://*.umbraco.org https://*.uefa.iom https://giosg-chat-public-eu.s3.amazonaws.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://www.gravatar.com https://secure.gravatar.com https://stats.g.doubleclick.net https://www.google.com https://www.google.nl https://maps.gstatic.com https://*.googleapis.com https://*.ggpht.com https://static.addtoany.com https://www.facebook.com https://delivery-ci360.santander.com https://content-ci360.santander.nl https://*.ci360.sas.com https://optimize.google.com https://static.hotjar.com https://script.hotjar.com;manifest-src 'self';media-src 'self' data: https://www.gravatar.com https://secure.gravatar.com https://player.vimeo.com https://www.youtube.com https://*.ytimg.com https://*.uefa.com https://*.umbraco.com https://*.umbraco.org https://www.facebook.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://scripts.simpleanalyticscdn.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://code.jquery.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maxcdn.bootstrapcdn.com https://static.hotjar.com https://script.hotjar.com  https://service.giosg.com https://*.trustpilot.com https://www.dwin1.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/pagead/ https://www.google.nl/pagead/ https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://www.googleoptimize.com https://*.uefa.com https://static.addtoany.com https://connect.facebook.net https://execution-ci360.santander.nl https://stackpath.bootstrapcdn.com https://*.ci360.sas.com https://optimize.google.com https://www.googleadservices.com https://*.onetrust.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.financeads.net;style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://service.giosg.com https://fonts.gstatic.com https://*.uefa.com https://static.addtoany.com https://stackpath.bootstrapcdn.com https://optimize.google.com https://fonts.googleapis.com https://static.hotjar.com https://script.hotjar.com;report-uri /CspReport/Report; 1
frame-ancestors 'self' https://meetings.hubspot.com https://fast.wistia.net https://www.google.com https://www.youtube.com; 1
default-src 'self';    connect-src 'self' https://cdn.segment.com https://unpkg.com https://www.google-analytics.com https://api.segment.io https://app.posthog.com https://api.management.inkeep.com/graphql https://api.inkeep.com wss://api.inkeep.com/graphql https://*.algolia.net https://fonts.gstatic.com https://us.i.posthog.com;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://cdn.segment.com https://*.getkoala.com https://cdn.lr-in-prod.com;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net;    img-src 'self' blob: data: https://www.gravatar.com https://i2.wp.com https://www.googletagmanager.com https://mintlify.b-cdn.net https://mintlify.s3-us-west-1.amazonaws.com https://*;    font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.cdnfonts.com;    frame-src 'self' https://importer.tableflow.com https://www.youtube.com;    media-src 'self' https://mintlify.s3-us-west-1.amazonaws.com;    object-src 'none';    base-uri 'self';    form-action 'self' https://github.com https://accounts.google.com https://komdhjulitbsuiwdonqm.supabase.co https://sb.resend.com;    frame-ancestors 'none';    block-all-mixed-content;    upgrade-insecure-requests; 1
frame-ancestors 'self' *.facebook.com *.internalfb.com instagram.com *.newrelic.com *.paypal.com 1
default-src 'self' https://dev.visualwebsiteoptimizer.com https://*.cj.com https://*.itoolab.com https://*.itoolab.net https://*.clarity.ms wss://*.hotjar.com https://*.hotjar.com https://*.smartlook.cloud https://fonts.googleapis.com https://cj.luckydogsoft.workers.dev https://www.sjwoe.com https://www.mczbf.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://*.gstatic.com https://*.google.com https://q.quora.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.googletagmanager.com https://cdn.paddle.com https://bat.bing.com https://www.linkconnector.com 'unsafe-inline'; script-src 'self' https://dev.visualwebsiteoptimizer.com https://*.cj.com https://*.youtube.com https://web-sdk.smartlook.com https://static.hotjar.com https://www.clarity.ms https://platform.twitter.com https://cj.luckydogsoft.workers.dev https://www.mczbf.com https://order.luckydogsoft.com https://*.itoolab.com https://*.itubego.com https://js.stripe.com https://cdn.paddle.com https://www.googletagmanager.com https://www.googleoptimize.com https://www.googleadservices.com https://optimize.google.com https://googleads.g.doubleclick.net https://apis.google.com https://unpkg.com https://www.google-analytics.com https://bat.bing.com https://script.hotjar.com https://www.linkconnector.com https://cdn.bootcss.com https://www.google.com https://www.gstatic.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.cj.com https://*.itoolab.com https://www.youtube-nocookie.com https://vars.hotjar.com https://platform.twitter.com https://order.luckydogsoft.com https://itoolab.com https://itubego.com https://js.stripe.com https://*.paddle.com https://create-checkout.paddle.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://www.youtube.com https://www.linkconnector.com https://*.cloudfront.net 'unsafe-inline'; font-src 'self' https://*.cj.com https://*.gstatic.com data:; img-src 'self' https://itubego.com https://dev.visualwebsiteoptimizer.com https://*.cj.com https://i.ytimg.com https://bat.bing.com https://www.google-analytics.com https://order.luckydogsoft.com https://*.gstatic.com https://*.google.com https://www.googletagmanager.com https://img1.doctorsim.com https://www.emjcd.com https://www.linkconnector.com data:; 1
frame-ancestors 'self' *.conte.it; 1
default-src 'self' https://www.google-analytics.com https://sdk.apptentive.com https://api.apptentive.com;font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://unpkg.com data:;img-src 'self' https://www.google.com https://platform-cdn.sharethis.com https://s4desktop.com              https://www.google.co.in  https://www.google-analytics.com  https://s3.amazonaws.com;frame-ancestors 'self' https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com               https://4654125057.encompasstpoconnect.com;frame-src 'self' https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com https://bid.g.doubleclick.net https://www.google.com http://dntcl.qualaroo.com https://s4desktop.com;script-src 'self' 'nonce-RvoDsflgPnJCzBHj0LschQ=='  https://sdk.apptentive.com https://api.apptentive.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://s4desktop.com https://platform-api.sharethis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://buttons-config.sharethis.com https://www.googletagmanager.com https://www.google-analytics.com https://unpkg.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net https://cl.qualaroo.com http://cl.qualaroo.com https://turbo.qualaroo.com;style-src 'self'  https://sdk.apptentive.com  https://api.apptentive.com        https://maxcdn.bootstrapcdn.com  https://use.fontawesome.com      https://fonts.googleapis.com         https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://unpkg.com https://s4desktop.com  https://cdn.jsdelivr.net;object-src 'none';base-uri 'self' https://cms-uat.mortgagequestions.com https://uat.mortgagequestions.com; 1
script-src http: https: https://guardian.com.my  'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://v2assets.zopim.io wss://*.zopim.com *.emarsys.net *.scarabresearch.com; style-src 'self' blob: https: 'unsafe-inline' https://guardian.com.my; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src data: 'self' fonts.gstatic.com  dsf-cdn.loreal.io; frame-src *.emarsys.net *.scarabresearch.com *.facebook.com *.google.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.guardianmy.me play.guardian.com.my dsf-cdn-staging.loreal.io 6493187.fls.doubleclick.net; 1
font-src *.gstatic.com data: *.bglobale.com *.global-e.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.fontawesome.com *.sfmc-content.com *.exacttarget.com *.buccellati.com *.serving-sys.com *.google.com *.livestory.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.twitter.com *.buccellati.com *.serving-sys.com *.google.com https://seo.mageplaza.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.adyen.com *.bglobale.com *.global-e.com *.twitter.com *.cookiebot.com *.trustcommander.net *.buccellati.com *.youtu.be *.yimg.jp *.doubleclick.net *.serving-sys.com *.google.com *.livestory.io *.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com *.bird.eu *.bglobale.com *.global-e.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.google.com *.usercentrics.eu *.payments-amazon.com *.buccellati.com *.youtu.be *.facebook.com *.pinimg.com *.pinterest.com *.serving-sys.com *.doubleclick.net *.livestory.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com *.googleapis.com s7.addthis.com *.bglobale.com *.global-e.com *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.addtoany.com *.zdassets.com *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com *.buccellati.com *.trustcommander.net *.doubleclick.net *.yimg.jp *.yahoo.co.jp *.pinimg.com *.serving-sys.com *.livestory.io *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bglobale.com *.global-e.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sfmc-content.com *.exacttarget.com *.retailtune.com *.buccellati.com *.trustcommander.net *.serving-sys.com *.google.com *.livestory.io unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.youtube.com *.zdassets.com *.zencdn.net *.buccellati.com *.youtu.be *.seecommerce.wardacloud.com *.amazonaws.com *.cloudfront.net *.serving-sys.com *.google.com *.livestory.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com ekr.zdassets.com/ *.bglobale.com *.global-e.com *.wlp-acs.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google-analytics.com *.zendesk.com *.zopim.com *.zdassets.com *.doubleclick.net *.retailtune.com *.sfmc-content.com *.exacttarget.com *.buccellati.com *.wardacloud.com *.amazonaws.com *.cloudfront.net *.trustcommander.net *.youtube.com *.youtu.be *.commander1.com *.googleapis.com *.plyr.io *.noembed.com *.yimg.jp *.pinterest.com *.serving-sys.com *.google.com *.livestory.io https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self' banesco.qualtrics.com; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: consent.cookiebot.com consentcdn.cookiebot.com cookiebot.com cdnjs.cloudflare.com www.google-analytics.com connect.facebook.net www.googletagmanager.com www.gstatic.com static.ads-twitter.com a.quora.com quora.com snap.licdn.com s-na1.hs-scripts.com js-na1.hs-scripts.com hs-scripts.com js.hsforms.net hs-scripts.com www.clarity.ms clarity.ms js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net js.hsadspixel.net js.hubspot.com googleads.g.doubleclick.net bizzabo.com organizer.bizzabo.com events.bizzabo.com wp.com stats.wp.com www.google.com cdn.userway.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com yoast.com; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
frame-ancestors https://*.blackroll.com; 1
default-src 'self' https://www-assets.kolide.com; font-src 'self' https://www-assets.kolide.com https://fonts.gstatic.com data:; img-src http://www.googletagmanager.com 'self' https: data:; media-src 'self' https://www-assets.kolide.com https://lp.kolide.co; object-src 'none'; style-src 'self' https: 'unsafe-inline' blob:; base-uri 'self'; frame-ancestors 'self' https://www-assets.kolide.com; script-src https://js.stripe.com https://www.googletagmanager.com/gtag/js https://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsadspixel.net https://js.usemessages.com https://static.hsappstatic.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tocbot/4.23.0/tocbot.min.js https://cdnjs.cloudflare.com/ajax/libs/mermaid/9.3.0/mermaid.min.js https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://plausible.io https://www.redditstatic.com/ https://www-assets.kolide.com https://app.kolide.com https://k2.kolide.com https://auth.kolide.com https://k2-marketing.herokuapp.com https://www.kolide.com https://gist.github.com https://platform.twitter.com https://www.googletagmanager.com/gtm.js https://js.hsforms.net/forms/embed/v2.js https://sdk.avoma.com/scheduler-router.js 'nonce-1097701125bba1646521399f9bb812fb'; frame-src https://www.google.com https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://js.stripe.com https://meetings.hubspot.com https://app.hubspot.com https://www.loom.com https://speakerdeck.com https://platform.twitter.com https://www.youtube.com https://open.spotify.com https://www.googletagmanager.com https://forms.hsforms.com https://book.avoma.com; connect-src https://*.bugsnag.com https://www.google-analytics.com https://forms.hubspot.com https://api.hubapi.com/ https://api.hubspot.com/ https://js.hs-banner.com https://plausible.io https://cdn.linkedin.oribi.io https://www-assets.kolide.com k2.kolide.com app.kolide.com auth.kolide.com k2-marketing.herokuapp.com www.kolide.com wss://k2-marketing.herokuapp.com wss://app.kolide.com wss://auth.kolide.com wss://k2.kolide.com wss://www.kolide.com https://forms.hsforms.com 1
default-src 'self' data: https://consentcdn.cookiebot.com; script-src 'strict-dynamic' 'nonce-2yfT0UeogAgaTnEzZzaGRuZVw6UXKRsRxib7SjXJLEY=' blob: https://dwin1.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/api.js https://*.googletagmanager.com https://www.google-analytics.com/analytics.js https://remote.captcha.com/include.js https://fat.financeads.net; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; frame-src 'self' https://www.awin1.com https://www.google.com https://consentcdn.cookiebot.com https://www.youtube.com; connect-src 'self' http://awin1.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net; img-src 'self' data: https://www.financeads.net http://*.awin1.com https://*.awin1.com https://ssl.gstatic.com https://www.gstatic.com https://lh3.googleusercontent.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; 1
script-src http: https: https://shop.harpersbazaar.com *.listrakbi.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' blob: https: 'unsafe-inline' https://shop.harpersbazaar.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com; frame-src www.googletagmanager.com assets.braintreegateway.com *.youtube.com *.attn.tv *.interest.com *.youtu.be *.vimeo.com *.stripe.com; worker-src blob: 'self'; 1
default-src 'self' ; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com ; style-src 'self' data: https://hcaptcha.com https://*.hcaptcha.com https://use.fontawesome.com ; font-src 'self' https://use.fontawesome.com ; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com ; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://js.cexplorer.io https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net ; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.google-analytics.com https://*.googleapis.com https://search.studyaustralia.gov.au https://*.theaccessplatform.com https://*.svc.dynamics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.au;font-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.gstatic.com; script-src  'self' 'unsafe-inline' https://*.clarity.ms https://*.facebook.net https://www.youtube.com https://*.google-analytics.com https://*.hotjar.com https://mktdplp102cdn.azureedge.net https://mtestaus.hotcoursesabroad.com https://search.studyaustralia.gov.au https://*.theaccessplatform.com https://*.svc.dynamics.com https://www.amcharts.com https://maps.googleapis.com https://maps.gstatic.com https://*.prod.aws.idp-connect.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://*.g.doubleclick.net https://www.googleadservices.com;img-src 'self' https://i.ytimg.com https://*.bing.com https://*.clarity.ms https://www.facebook.com https://ad.doubleclick.net https://ade.googlesyndication.com https://*.fls.doubleclick.net https://*.hotjar.com https://*.googletagmanager.com https://*.google.com.au https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.prod.aws.idp-connect.com  https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.googleusercontent.com https://*.svc.dynamics.com data:;media-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://css-intl.prod.aws.idp-connect.com https://fonts.googleapis.com https://*.hotjar.com; frame-src 'self' https://www.facebook.com https://forms.office.com https://mktdplp102cdn.azureedge.net https://app.powerbi.com https://*.svc.dynamics.com https://www.amcharts.com https://js-intl.prod.aws.idp-connect.com https://*.google.com  https://mtestaus.hotcoursesabroad.com https://www.youtube.com https://search.studyaustralia.gov.au https://*.theaccessplatform.com https://*.g.doubleclick.net https://*.fls.doubleclick.net; 1
default-src 'self';style-src 'self' 'nonce-MDQuNDg0NyMhMDUxNCAyNOKCrDE2';script-src 'self' 'nonce-MDQuNDg0NyMhMDUxNCAyNOKCrDE2' 'sha256-+MMnV71yMCjTyI7EM5tX0cyo5Eee7C20ECssES0Igjc=' 'sha256-3LKhIej4e9q6E1aE2rJJUmYCVSpST0KSuPvWU/02ARg=' 'sha256-4URc27M3VCaVxeE8VJ//hRAf/ZghgsxXn3mqDVj6Z/Q=' 'sha256-gT8tfv/jAOqd3PPjqhBLpTaOGjElvzgRmc8z0jIGcI0=' 'sha256-w3fIZ90TmhzyBjQOYuVue16FVWEyFnX0o+a6VRlW6kw=' 'sha256-YnlvgfTV+2uktXlKDNsm4wnYmBHLopw05nQNoEsoOrc=' 'sha256-UDGoMN+r63VOf11uBuuUVlXVDKQqqAR14UJmuiNKWPs=' dl.episerver.net ajax.cloudflare.com static.dloudflareinsights.com cdn.vizzit.se tag.vizzit.se;connect-src 'self' www.vizzit.se;img-src 'self';frame-src 'self' www.youtube.com;report-uri /api/ContentSecurityPolicyReportViolation/Add 1
default-src 'self';   img-src data: *.opkansas.org *.google.com *.gstatic.com *.googletagmanager.com; frame-src *.opkansas.org *.adsensecustomsearchads.com *.google.com *.youtube.com overlandpark.maps.arcgis.com maps.opkansas.org player.flipsnack.com cdn.flipsnack.com embed.wakelet.com;   connect-src *.opkansas.org *.google-analytics.com *.doubleclick.net *.cloudfront.net *.ctctcdn.com *.constantcontact.com;   script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.google-analytics.com fonts.googleapis.com use.fontawesome.com use.typekit.net *.cloudfront.net *.ctctcdn.com cdnjs.cloudflare.com *.gstatic.com  *.youtube.com embed-assets.wakelet.com; style-src 'self' 'unsafe-inline' *.google.com fonts.googleapis.com use.fontawesome.com *.typekit.net  *.cloudfront.net cdn.jsdelivr.net *.ctctcdn.com;   font-src 'self' data: fonts.googleapis.com fonts.gstatic.com use.fontawesome.com use.typekit.net *.cloudfront.net cdn.jsdelivr.net;   media-src 'self' *.vimeo.com *.akamaized.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://geolocation.onetrust.com https://knowledgetags.yextpages.net https://visionsfcu.org https://www.visionsfcu.org *.docusign.net use.fontawesome.com siteimproveanalytics.com *.google-analytics.com seal.websecurity.norton.com *.siteimprove.com *.googleapis.com *.gstatic.com *.btstatic.com *.onelink-translations.com *.visionsfcu.org *.googleadservices.com snap.licdn.com *.facebook.net *.g.doubleclick.net *.mathtag.com *.googletagmanager.com *.adnxs.com web.baconpay.com *.fcc.gov https://geocoding.geo.census.gov/ *.w3.org *.google.com *.documatix.com origin.xtlo.net *.xtlo.net *.extole.io *.stickleyonsecurity.com *.votervoice.net referrerals.visionsfcu.org *.cloudsponge.com cloudsponge.com customer.jrni.com visionsfcu.jrni.com https://player.vimeo.com/video/ https://player.vimeo.com/api/player.js https://cds-sdkcfg.onlineaccess1.com www.youtube.com *.thebrighttag.com facebook.com *.facebook.com insight.adsrvr.org cdnjs.cloudflare.com visionsfcu.cudlautosmart.com *.infogram.com *.salemove.com *.glia.com https://*.fls.doubleclick.net https://www.youtube.com/ https://expert.visionsfcu.org/ https://ads.o142.com https://files.marcomcentral.app.pti.com https://www.stgfinalyticsdemo.com https://www.finalyticsdemo.com stgfinalyticsdata.com finalyticsdata.com https://finpixel.s3.us-east-2.amazonaws.com/finalytics.js https://stgfinpixel.s3.us-east-2.amazonaws.com/finalytics.js https://finpixel.s3.us-east-2.amazonaws.com/controlbar.js https://stgfinpixel.s3.us-east-2.amazonaws.com/controlbar.js https://extractable-finalytics-storage.s3.us-west-2.amazonaws.com https://finalyticsprod.s3.us-east-2.amazonaws.com https://dfy3oyzv6dw2d.cloudfront.net https://extractable-finalytics-storage.s3.us-west-2.amazonaws.com/pixel/finalytics.js https://extractable-finalytics-stable.s3.us-west-2.amazonaws.com https://d1v4vw9mwf7wyh.cloudfront.net https://cdn.jsdelivr.net https://unpkg.com https://polyfill.io https://esus-visionsfcu.onelink-translations.com; connect-src 'self' *.visionsfcu.org https://visionsfcu.org https://www.visionsfcu.org https://cdn.cookielaw.org https://geolocation.onetrust.com *.onetrust.com https://www.google-analytics.com *.googleapis.com https://stats.g.doubleclick.net/ *.cloudsponge.com wss://*.salemove.com https://*.salemove.com wss://*.glia.com https://*.glia.com *.kadince.com stgfinalyticsdata.com finalyticsdata.com https://stgfinpixel.s3.us-east-2.amazonaws.com/finalytics.js https://finpixel.s3.us-east-2.amazonaws.com/finalytics.js https://stgfinpixel.s3.us-east-2.amazonaws.com/controlbar.js https://finpixel.s3.us-east-2.amazonaws.com/controlbar.js https://extractable-finalytics-storage.s3.us-west-2.amazonaws.com/pixel/finalytics.js https://extractable-finalytics-storage.s3.us-west-2.amazonaws.com https://finalyticsprod.s3.us-east-2.amazonaws.com https://dfy3oyzv6dw2d.cloudfront.net https://extractable-finalytics-stable.s3.us-west-2.amazonaws.com https://d1v4vw9mwf7wyh.cloudfront.net https://bam.nr-data.net https://bam-cell.nr-data.net https://*.xtlo.net https://thefontzone.com https://px.ads.linkedin.com/wa/ cdn.cookielaw.org wt.dm00.com data: https://www.googletagmanager.com; font-src 'self' *.cloudsponge.com use.fontawesome.com http://fonts.gstatic.com *.xtlo.net https://fonts.gstatic.com https://files.marcomcentral.app.pti.com data:; frame-src 'self' https://*.bloomfire.com https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://s.amazon-adsystem.com/ https://expert.visionsfcu.org/ https://customer.jrni.com/ https://*.visionsfcu.org *.docusign.net use.fontawesome.com siteimproveanalytics.com *.google-analytics.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ seal.websecurity.norton.com *.siteimprove.com *.googleapis.com *.gstatic.com *.btstatic.com *.onelink-translations.com *.visionsfcu.org *.googleadservices.com snap.licdn.com *.facebook.net *.g.doubleclick.net *.mathtag.com *.googletagmanager.com *.adnxs.com web.baconpay.com *.fcc.gov https://geocoding.geo.census.gov/ *.w3.org *.google.com *.documatix.com origin.xtlo.net *.xtlo.net *.extole.io *.stickleyonsecurity.com *.votervoice.net referrerals.visionsfcu.org *.cloudsponge.com cloudsponge.com customer.jrni.com visionsfcu.jrni.com https://player.vimeo.com/video/ https://player.vimeo.com/api/player.js https://cds-sdkcfg.onlineaccess1.com www.youtube.com *.thebrighttag.com facebook.com *.facebook.com insight.adsrvr.org cdnjs.cloudflare.com visionsfcu.cudlautosmart.com *.infogram.com *.salemove.com *.glia.com https://www.youtube.com/ https://www.youtube-nocookie.com https://ads.o142.com; img-src * data:; object-src 'self' https://*.bloomfire.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://origin.extole.io https://referrals.visionsfcu.org https://*.xtlo.net *.googletagmanager.com *.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://snap.licdn.com https://wt.dm00.com/ https://siteimproveanalytics.com https://d1v4vw9mwf7wyh.cloudfront.net/ https://dfy3oyzv6dw2d.cloudfront.net finalyticsdata.com stgfinalyticsdata.com cdn.cookielaw.org *.onetrust.com blob: cds-sdkcfg.onlineaccess1.com https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com https://www.votervoice.net maps.googleapis.com; frame-ancestors 'self' https://visionsfcu.org https://digital.visionsfcu.org http://dev-01.q2developer.com; report-uri https://visionsfcu.org/report-uri/enforce 1
default-src 'self' nrbe.pstatic.net; img-src 'self' data: kaeri.re.kr  *.fbcdn.net  *.daumcdn.net  external.ficn2-1.fna.fbcdn.net *.kaeri.re.kr external-ssn1-1.xx.fbcdn.net nrbe.pstatic.net *.youtube.com i.ytimg.com ssl.pstatic.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.juso.go.kr t1.daumcdn.net nrbe.pstatic.net developers.kakao.com *.com openapi.map.naver.com www.googletagmanager.com www.google-analytics.com *.youtube.com maps.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com ssl.daumcdn.net connect.facebook.net graph.facebook.com; frame-src 'self'  postcode.map.daum.net  nollaplace.com *.youtube.com; style-src 'self' 'unsafe-inline' *.daumcdn.net fonts.googleapis.com cdn.jsdelivr.net; connect-src 'self' 'unsafe-inline' www.google-analytics.com *; font-src 'self' data: fonts.gstatic.com cdn.jsdelivr.net; 1
frame-ancestors https://getfoureyes.com https://*.getfoureyes.com https://4eyes.io https://*.4eyes.io 1
block-all-mixed-content; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' apis.google.com bat.bing.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net gdpr.madwire.com js.driftt.com maps.googleapis.com googleapis.com platform.twitter.com www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.googleadservices.com der.joshuarms.com po.joshuarms.com apiv2.popupsmart.com accounts.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com accounts.google.com; img-src 'self' data: a.mktgcdn.com bat.bing.com d22s7xnafxduco.cloudfront.net maps.googleapis.com googleapis.com maps.gstatic.com s3.amazonaws.com stats.g.doubleclick.net topratedlocal.s3.amazonaws.com www.facebook.com www.google.com www.google-analytics.com www.yextstatic.com der.joshuarms.com apiv2.popupsmart.com pagead2.googlesyndication.com analytics.google.com *.analytics.google.com; connect-src 'self' bat.bing.com www.facebook.com googleapis.com maps.googleapis.com www.google-analytics.com stats.g.doubleclick.net der.joshuarms.com apiv2.popupsmart.com accounts.google.com analytics.google.com *.analytics.google.com pagead2.googlesyndication.com www.google.co.uk; font-src 'self' fonts.gstatic.com; frame-src 'self' accounts.google.com bid.g.doubleclick.net facebook.com js.driftt.com www.google.com player.vimeo.com po.joshuarms.com apiv2.popupsmart.com; frame-ancestors 'self' 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; report-to csp-endpoint; 1
frame-ancestors *.hss.com *.hsstraining.com 1
default-src 'self' *.affinitywater.co.uk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.affinitywater.co.uk *.google.com *.google.co.uk *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.addthis.com *.addthisedge.com *.moatads.com *.civiccomputing.com *.qualtrics.com siteimproveanalytics.com *.siteimproveanalytics.com *.puzzel.com *.jquery.com *.engagor.com *.reciteme.com *.one.network *.youtube.com *.youtube-nocookie.com cdnjs.cloudflare.com unpkg.com *.facebook.net *.klaviyo.com js.adsrvr.org *.smooch.io *.quantserve.com *.quantcount.com prreqcroab.icu *.tvsquared.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.affinitywater.co.uk *.googleapis.com *.puzzel.com *.engagor.com *.reciteme.com *.typekit.net cdnjs.cloudflare.com unpkg.com *.jquery.com *.klaviyo.com *.doubleclick.net; font-src 'self' *.affinitywater.co.uk *.gstatic.com *.puzzel.com *.engagor.com *.reciteme.com *.typekit.net cdnjs.cloudflare.com; img-src 'self' data: *.affinitywater.co.uk *.siteimproveanalytics.io *.google.com *.google.co.uk *.googleapis.com *.qualtrics.com *.reciteme.com cdnjs.cloudflare.com *.facebook.com www.googletagmanager.com *.cloudfront.net *.engagor.com prreqcroab.icu *.tvsquared.com dpm.demdex.net *.quantserve.com *.doubleclick.net; frame-src 'self' *.affinitywater.co.uk *.google.com *.google.co.uk *.addthis.com *.one.network *.youtube.com *.youtube-nocookie.com *.vimeo.com *.facebook.com *.doubleclick.net insight.adsrvr.org *.engagor.com; connect-src 'self' ws: *.affinitywater.co.uk *.addthis.com *.civiccomputing.com *.google-analytics.com *.doubleclick.net *.qualtrics.com *.engagor.com *.smooch.io *.reciteme.com *.facebook.com *.puzzel.com *.klaviyo.com; media-src 'self' *.affinitywater.co.uk *.reciteme.com *.engagor.com; 1
upgrade-insecure-requests; img-src 'self' data: https://secure.gravatar.com  https://www.google.co.uk  https://www.google-analytics.com  https://www.google.com.np  https://www.google.com.qa  https://stats.g.doubleclick.net  https://region1.analytics.google.com  https://www.googletagmanager.com  https://www.google.fr  https://i.vimeocdn.com  https://analytics.google.com  https://www.google.ie  https://www.google.at  https://www.google.co.in  https://www.google.ru  https://www.google.fi  https://www.google.de  https://www.google.nl  https://www.google.com.ph  https://www.google.com.br  https://www.google.com.mx  https://www.google.ca  https://www.google.mn  https://www.digitalbarriers.com  https://www.google.com.au  https://www.google.com.sg  https://www.google.it  https://www.google.ro  https://www.google.com.pk  https://www.google.co.id  https://www.google.co.jp  https://www.google.com.ng  https://www.google.be  https://hm.baidu.com  https://www.google.com.my  https://www.google.ae  https://www.google.co.za  https://www.google.tn  https://www.google.lu  https://www.google.es  https://www.google.com.tw  https://www.google.dk  https://www.google.cz  https://www.google.se  https://www.google.pl  https://www.google.com.eg  https://www.google.no  https://www.google.li  https://www.google.co.ug  https://www.google.bg  https://cdn.honey.io  https://www.google.lt  https://www.google.com.ua  https://www.google.com.bn  https://www.google.co.ma  https://www.google.by  https://www.google.hu  https://www.google.co.il  https://www.google.com.co  https://www.google.hn  https://www.google.com.sa  https://www.google.com.mt  https://www.google.com.tr  https://www.google.jo  blob:  https://www.google.com.hk  https://www.google.com.vn  https://www.google.co.kr  https://www.google.gr  https://www.google.hr  https://pos.baidu.com  https://www.google.ch  https://www.google.co.ke  https://www.google.co.nz  https://www.google.sk  https://www.google.al  https://digitalbarriers.com  https://www.google.az  https://www.google.com.ar  https://www.google.com.gh  https://www.google.ps  https://www.google.co.th  https://www.google.je  https://www.google.com.bd  https://www.google.me  https://www.google.pt  https://www.google.com.pa  https://www.google.dz  https://www.google.lk  https://csi.gstatic.com  https://www.google.com.jm  https://www.google.com.bz  https://www.google.mk  https://www.google.lv  https://www.google.cn  https://translate.google.com  ; default-src 'self'; script-src 'self' 'unsafe-inline' data:  https://www.google.com  https://www.googletagmanager.com  https://cdnjs.cloudflare.com  https://www.google-analytics.com  https://www.gstatic.com  https://unpkg.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://utq.vvipquan.com  https://code.jquery.com  https://connect.facebook.net  https://www.pagespeed-mod.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://digitalbarriers.com  https://apis.google.com  'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://www.google.com  https://www.googletagmanager.com  https://cdnjs.cloudflare.com  https://www.google-analytics.com  https://www.gstatic.com  https://unpkg.com  https://gc.kis.v2.scr.kaspersky-labs.com  https://utq.vvipquan.com  https://code.jquery.com  https://connect.facebook.net  https://www.pagespeed-mod.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://digitalbarriers.com  https://apis.google.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://cdn.honey.io  https://digitalbarriers.com  https://gc.kis.v2.scr.kaspersky-labs.com ; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com  https://ff.kis.v2.scr.kaspersky-labs.com  https://cdn.honey.io  https://digitalbarriers.com  https://gc.kis.v2.scr.kaspersky-labs.com ; connect-src 'self' https://lottie.host  https://www.google-analytics.com  https://region1.analytics.google.com  https://stats.g.doubleclick.net  https://www.google.co.uk  https://analytics.google.com  https://www.google.com.np  https://yoast.com  https://www.google.ie  https://www.google.de  https://www.google.com.sg  https://www.google.it  https://www.google.com.pk  https://www.google.co.id  https://www.google.ca  https://hm.baidu.com  https://www.google.com.ph  https://www.google.co.jp  https://www.google.com.my  https://www.google.lu  https://www.google.nl  https://www.google.co.in  https://www.google.com.au  https://www.google.dk  https://www.google.co.za  https://www.google.com.tw  https://www.google.fr  https://www.google.cz  https://www.google.se  https://www.google.tn  https://www.google.co.ug  https://www.google.com.eg  https://www.google.com.br  https://www.googletagmanager.com  https://www.google.com.co  https://www.google.ae  https://www.google.hn  https://www.google.com.sa  https://www.google.com.qa  https://www.google.co.ma  https://www.google.com.hk  https://www.google.com.mx  https://www.google.es  https://www.google.bg  https://www.google.co.ke  https://www.google.co.il  data:  https://www.google.com.ng  https://www.google.com.gh  https://www.google.at  https://www.google.com.vn  https://www.google.com.tr  https://www.google.ro  https://www.google.be  https://www.google.co.nz  https://www.google.com.ua  https://www.google.pt  https://www.google.com.ar  https://www.google.sk  https://www.google.lk  https://www.google.hr  https://www.google.lt  https://www.google.mk  https://www.google.je  https://translate.googleapis.com;  frame-src 'self' https://player.vimeo.com  https://td.doubleclick.net  https://www.google.com  https://www.googletagmanager.com  http://153.11.216.220  https://www.youtube.com  https://static.contextall.com  https://mozbar.moz.com  http://25.19.243.209  https://feedback-pa.clients6.google.com  http://25.19.243.80;  media-src 'self' data:  https://digitalbarriers.com;  font-src 'self' https://fonts.gstatic.com  data:  https://www.slant.co  https://digitalbarriers.com;  manifest-src 'self' https://digitalbarriers.com;  worker-src 'self' blob:; 1
child-src 'self' blob:;connect-src 'self' https://www.google-analytics.com https://cdn.polyfill.io https://maps.googleapis.com facebook.com google-analytics.com cdn.islandsbanki.is 12pjqcn2sm-dsn.algolia.net https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://consentcdn.cookiebot.com/ https://edge.adobedc.net https://adobedc.demdex.net https://widget.datablocks.se https://hub.mfn.se/ https://auth-test.isbank.is https://auth.islandsbanki.is https://*.google-analytics.com;default-src 'self';img-src 'self' data: https://imgsct.cookiebot.com/ https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io;font-src 'self' data: https://cdn.islandsbanki.is/;object-src 'none';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.prismic.io https://maps.googleapis.com https://prismic.io https://www.google.com https://www.youtube.com https://s.ytimg.com https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://www.googletagmanager.com https://www.gstatic.com https://siteimproveanalytics.com *.adobedc.net https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://assets.adobedtm.com https://*.infogram.com 'nonce-060d7b03-2b4f-44d9-9bbb-e5d412eed04c' 'sha256-QsLvY8Rx6B9JCjWGBE5gM3IN+2uclV2FJAUWMC4o58k=' 'sha256-1gIG1EI7ABKBfq8rVwk7j2MeEOIlut5+TbLxyAnCYTA=' 'sha256-yjbQYTDTGeh83tID7X4P8shfeXu07tD4iLjoMIr+e4w=' 'sha256-qEXb+QLuCAPNTPbZxHzxcXrnG22qOg/k7niD2csPshA=' 'sha256-gtKFj0yNetpIDkA36Pz+kl6/tx8y2XsLtD/uFt4lUYk=' 'sha256-n0UoCqE+tc6d0M/TW1hby5V7TqhUT2/yOVXzYgrjQr8=' 'sha256-4cFcsF0wg+c2o8ebtN0UyYJ+eUB2WN4lNfLtNhFrMOY=' 'sha256-RgYYoXl/1zyaVcUYLbP8Tl2uUKYE/5LSR4MZcXx3uSw=' 'sha256-bThgwhxJzyVwHL27q9n7UkF9smMI1M+u/xI4Ln1n6NY=' 'sha256-mGbGbnWys+WQjkr/v68zcXw5O6y8X97qI+UtewXd0yk=';style-src 'self' 'unsafe-inline' blob: *.adobedc.net;frame-src https://*.islandsbanki.is https://*.isbank.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://www.youtube.com https://consentcdn.cookiebot.com https://www.vib.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com https://isb-website.prismic.io/ https://www.recaptcha.net/ https://auth-test.isbank.is/ https://auth.islandsbanki.is/ https://islandsbanki-frodi-authentication.dev.kube.isbank.is https://*.featureupvote.com;worker-src 'self' blob: 1
default-src 'self' *.consumer.org.nz; font-src *; img-src 'self' data: *; object-src 'none'; style-src 'self' 'unsafe-inline' *.consumer.org.nz *.marketo.com api.addressfinder.io *.googleapis.com consumer-nz-assets.s3.amazonaws.com uploads-cnz.s3-ap-southeast-2.amazonaws.com uploads-cnz.s3.ap-southeast-2.amazonaws.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com d1y1ao4aj0rzc0.cloudfront.net; frame-src 'self' *.consumer.org.nz *.doubleclick.net *.marketo.com consumertest.shinyapps.io donorbox.org e.infogram.com *.spotify.com platform.twitter.com player.vimeo.com www.rnz.co.nz staticcdn.co.nz *.facebook.com www.googletagmanager.com www.iheart.com www.recaptcha.net www.youtube.com yabblezone.net survey.alchemer.com www.instagram.com optimize.google.com *.visualwebsiteoptimizer.com app.vwo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.consumer.org.nz *.google-analytics.com munchkin.marketo.net *.marketo.com *.algolia.net *.algolianet.com api.addressfinder.io *.nr-data.net bat.bing.com bat.bing-int.com connect.facebook.net consumer-nz-assets.s3.amazonaws.com donorbox.org e.infogram.com platform.twitter.com player.vimeo.com staticcdn.co.nz uploads-cnz.s3-ap-southeast-2.amazonaws.com www.googletagmanager.com www.gstatic.com www.recaptcha.net www.youtube.com www.instagram.com *.googleapis.com translate.google.com cdnjs.cloudflare.com/ajax/libs/iframe-resizer/3.5.16/iframeResizer.min.js survey.alchemer.com www.surveygizmo.com www.googleoptimize.com optimize.google.com analytics.tiktok.com cdn.raygun.io www.googleadservices.com *.doubleclick.net ajax.cloudflare.com snap.licdn.com *.visualwebsiteoptimizer.com app.vwo.com widget.surveymonkey.com d1y1ao4aj0rzc0.cloudfront.net uploads-cnz.s3.amazonaws.com; connect-src 'self' *.consumer.org.nz *.marketo.net *.algolia.io *.algolia.net *.algolianet.com *.doubleclick.net *.google-analytics.com *.mktoresp.com *.mktoutil.com *.google.com api.addressfinder.io *.nr-data.net bat.bing.com bat.bing-int.com www.facebook.com www.instagram.com *.googleapis.com analytics.tiktok.com www.googletagmanager.com *.raygun.io cdn.linkedin.oribi.io *.visualwebsiteoptimizer.com app.vwo.com; worker-src 'self' blob:; report-uri report-to-api.raygun.com/reports-csp?apikey=0DrrEZ5IGC5CYxKjtrP5aA== 1
img-src data: *; 1
default-src 'self' ; connect-src 'self' https://socketusercontent.com *.api.sanity.io *.crowdin.com *.getkoala.com *.hubspot.com *.hscollectedforms.net https://crowdin.com/api/v2/jipt/cookie https://crowdin.com/api/v2/jipt/project/SocketSecurity https://crowdin.com/api/v2/jipt/project/SocketSecurity/strings wss://api.getkoala.com https://api.github.com ; frame-src 'self' *.hubspot.com *.loom.com *.spotify.com *.syntax.fm https://crowdin.com https://platform.twitter.com https://www.youtube.com ; img-src * data: ; object-src 'none' ; script-src 'self' *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.usemessages.com *.getkoala.com *.crowdin.com https://www.youtube.com https://platform.twitter.com ; style-src 'self' 'unsafe-inline' *.crowdin.com fonts.googleapis.com ; font-src 'self' fonts.gstatic.com ; base-uri 'none' ; frame-ancestors https://socket.sanity.studio 'self' ; form-action 'self' https://github.com ; worker-src 'self' *.usemessages.com *.getkoala.com *.crowdin.com ; 1
frame-ancestors https://myportal.cccs.edu https://myportaladmin.cccs.edu https://experience.elluciancloud.com; 1
frame-ancestors 'none';object-src 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pony.social; img-src 'self' data: blob: https://pony.social https://cdn.pony.social; style-src 'self' https://pony.social 'nonce-8UnrOXZl4sA3v/SOs9ioOQ=='; media-src 'self' data: https://pony.social https://cdn.pony.social; frame-src 'self' https:; manifest-src 'self' https://pony.social; form-action 'self'; child-src 'self' blob: https://pony.social; worker-src 'self' blob: https://pony.social; connect-src 'self' data: blob: https://pony.social https://cdn.pony.social wss://pony.social; script-src 'self' https://pony.social 'wasm-unsafe-eval' 1
default-src 'self' https://www.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: http: blob: https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com; base-uri 'self'; connect-src 'self' https://www.googleapis.com https://*.google-analytics.com https://*.googleapis.com https://www.googleapis.com https://storage.googleapis.com https://sworkit-user.firebaseio.com https://sworkit-api.herokuapp.com https://*.hubspot.com https://yoast.com https://my.wpengine.com https://www.facebook.com https://*.hubapi.com https://hubspot-forms-static-embed.s3.amazonaws.com https://us-central1-sworkit-user.cloudfunctions.net https://*.giftup.app https://forms.hsforms.com https://api-iam.intercom.io https://www.google-analytics.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com; img-src 'self' https://*.wpengine.com https://www.gstatic.com https://s.w.org http://sworkit.com https://www.gravatar.com/ https://sworkit-staging.flywheelsites.com https://www.googletagmanager.com https://storage.googleapis.com https://*.stripe.com https://*.giftup.app https://7984145.fs1.hubspotusercontent-na1.net https://initiatives.sworkit.com https://f.hubspotusercontent40.net https://i.ytimg.com https://*.hsforms.com https://*.hubspot.com https://www.facebook.com https://www.google-analytics.com blob: data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com data:; media-src 'self' https://storage.googleapis.com https://js.intercomcdn.com; form-action 'self' https://*.hsforms.com https://www.facebook.com https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; child-src 'self' https://sworkit.com https://www.facebook.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'self' https://static.hsappstatic.net https://sworkit-user.firebaseapp.com https://app.sworkit.com https://*.hubspot.com https://www.facebook.com https://*.hsforms.com https://www.youtube.com https://js.hsforms.net https://www.google.com https://*.stripe.com https://*.giftup.app; frame-ancestors 'self' https://*.sworkit.com 1
frame-ancestors 'self' https://admin.vitrine.ynov.com; 1
default-src https: 'self' *.yhlsoft.com *.advyzon.com *.advisorservices.com *.tdainstitutional.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * data:; frame-ancestors 'self' *.yhlsoft.com *.advyzon.com *.advisorservices.com *.tdainstitutional.com investwithintegrity.com www.logicwealthmanagement.com jvglobalcap.com protrading.stirlingshire.com ss-live-prod.etnasoft.us *.force.com *.salesforce.com *.visualforce.com push.yhlsoft.net; font-src * data:; connect-src wss: https:; media-src 'self' *.zdassets.com data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://writing.exchange; img-src 'self' https: data: blob: https://writing.exchange; style-src 'self' https://writing.exchange 'nonce-5sNeZNrrSoukQblbEHDI5g=='; media-src 'self' https: data: https://writing.exchange; frame-src 'self' https:; manifest-src 'self' https://writing.exchange; form-action 'self'; child-src 'self' blob: https://writing.exchange; worker-src 'self' blob: https://writing.exchange; connect-src 'self' data: blob: https://writing.exchange https://cdn.masto.host wss://writing.exchange; script-src 'self' https://writing.exchange 'wasm-unsafe-eval' 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors onestream.live 'self'; worker-src blob: https://onestream.live/ http://onestream.live/; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.cookiefirst.com connect.onestream.live cdn.firstpromoter.com www.googletagmanager.com client.crisp.chat www.google.com connect.facebook.net googleads.g.doubleclick.net www.gstatic.com www.youtube.com code.jquery.com cdnjs.cloudflare.com www.clarity.ms analytics.tiktok.com www.mczbf.com snap.licdn.com  bat.bing.com consent.cookiebot.com consentcdn.cookiebot.com; 1
frame-ancestors 'self' https://*.biblesociety.org.uk https://*.bydmaryjonesworld.org.uk; 1
script-src 'self' https://*.googleapis.com *.gstatic.com www.google-analytics.com ajax.googleapis.com ajax.aspnetcdn.com use.typekit.net us1.siteimprove.com siteimproveanalytics.com cdnjs.cloudflare.com kit.fontawesome.com static.getclicky.com in.getclicky.com player.vimeo.com www.googletagmanager.com clicky.com fast.fonts.net snap.licdn.com px.ads.linkedin.com stackpath.bootstrapcdn.com cdn.datatables.net code.jquery.com unpkg.com js.adsrvr.org connect.facebook.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';script-src 'nonce-861a1847-8ec1-47eb-bb1b-e9a5e8b4ee88' 'strict-dynamic' https://*.google.com https://*.google.com.au https://*.google-analytics.com https://*.split.io https://pagead2.googlesyndication.com https://*.awswaf.com https://*.brainfi.sh;style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://www.googletagmanager.com/ https://fonts.googleapis.com/ *.freshchat.com;img-src 'self' data: https://res.cloudinary.com/madpaws/image/ http://mtc.qantas.com/ https://smtc.qantas.com/ https://pagead2.googlesyndication.com https://fonts.gstatic.com/s/i/ https://www.googletagmanager.com/ https://api.mapbox.com/ https://unpkg.com/;font-src 'self' https://script.hotjar.com https://fonts.gstatic.com/;connect-src 'self' https://o53414.ingest.sentry.io/api/5833079/ https://cdn.segment.com/v1/projects/ https://api.segment.io/v1/ https://in.au1.segmentapis.com/v1/ https://staging-api.madpaws.com.au/api/v1/ https://test-api.madpaws.com.au/api/v1/ https://api.madpaws.com.au/api/v1/ https://api-js.mixpanel.com/track/ http://dpm.demdex.net/ http://qantasairways.tt.omtrdc.net/m2/ https://bam.nr-data.net/ https://api.trafficguard.ai/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.google.com.au https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.awswaf.com https://*.split.io https://*.brainfi.sh;base-uri 'self';frame-ancestors 'none';frame-src *.freshchat.com https://qantas.demdex.net/ http://fast.qantas.demdex.net/ https://accounts.google.com/ https://www.google.com 1
"frame-ancestors 'self';" 1
frame-ancestors 'self' http://www.philips.com.sg *.philips.com *.philips.com.sg https://philipsigtdpv.com 1
script-src 'unsafe-eval' 'self' blob: *.mpeasylink.com *.omtrdc.net *.bcbsmt.com *.convertlanguage.com *.walkme.com *.jquery.com *.brightcove.com *.marinsm.com *.clarity.ms *.steelhousemedia.com *.stackadapt.com  'sha256-Rqz5HBTdDZqvx9tFQtMxkOrL6I7oKHMPUmejT+2LMw8=' 'sha256-0rnAJ6vApAwYvkwKRItvYvJBuC2Tc6FUGnpWWGKm0s0=' 'sha256-E3D70tU+C9GFn1aNG7ja3BGmXO6SUTBfXNPkiks6YKM=' 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-wdeGPZ1HJ+lMQiVfS4znvmAO3Fmlc1V4FXPoN7598Kk=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-SwyKbZ54VAT7TGzBcl3GoAg00lZI99A0vLQ3BHuFvUY=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.mpeasylink.com *.bcbsmt.com hcsc.demdex.net *.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.doubleclick.net 1
frame-ancestors 'none';            upgrade-insecure-requests;            default-src 'self';            style-src 'self' 'unsafe-inline';            font-src 'self' data:;            script-src 'self' 'sha256-zB736t7NbCRmG8L7CKvKSlKHzxbV3qI2+yuVEdWN1ng=' 'sha256-pEWie+y9Xg/sQLgxqfRcy8H/F0zyQq+Uxlh1aqzZdV4=' *.googletagmanager.com googletagmanager.com https://www.google-analytics.com/analytics.js *.hotjar.com hotjar.com;            img-src 'self' https://strapi-uploads-bucket.s3.amazonaws.com/ https://www.google-analytics.com/ data:;            connect-src 'self' *.google-analytics.com/ stats.g.doubleclick.net/ *.coingecko.com/api/v3/ *.orionx.com/ticker *.hotjar.io/sessions/ *.hotjar.com/ https://client.orionx.com/graphql;            child-src 'self';            frame-src https://vars.hotjar.com/;            object-src 'none';            worker-src 'self';            form-action 'none';             1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' yoast.com js-eu1.hubspot.com/web-interactives-embed.js www.google.com/recaptcha/ www.gstatic.com/recaptcha/  script.hotjar.com static.hotjar.com www.google-analytics.com  js-eu1.hs-analytics.net cdn.linkedin.oribi.io px.ads.linkedin.co googleads.g.doubleclick.net snap.licdn.com www.googletagmanager.com connect.facebook.net cdn.jsdelivr.net js-eu1.hs-analytics.nt js-eu1.hs-banner.com js-eu1.hs-scripts.com js-eu1.hsadspixel.net js-eu1.hscollectedforms.net js-eu1.hsforms.net js-eu1.hsleadflows.net js-eu1.usemessages.com static.hsappstatic.net static.smartrecruiters.com www.smartrecruiters.com ; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net fonts.googleapis.com; object-src 'self'; base-uri 'self'; connect-src 'self' region1.analytics.google.com/g/collect content.hotjar.io wsp6.hotjar.com wsp24.hotjar.com in.hotjar.com stats.g.doubleclick.net cdn.linkedin.oribi.io www.google-analytics.com api-eu1.hubspot.com api-eu1.hubapi.com js-eu1.hs-banner.com forms-eu1.hscollectedforms.net forms-eu1.hsforms.com forms-eu1.hubspot.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' app.hubspot.com static.hsappstatic.net www.gstatic.com/recaptcha/  app-eu1.hubspot.com player.vimeo.com www.facebook.com mktg.blueoptima.com www.youtube.com forms-eu1.hsforms.com; img-src 'self' data: www.google.ie/ads/ga-audiences www.google.com www.google.co.in px.ads.linkedin.com  www.facebook.com forms-eu1.hsforms.com forms.hsforms.com i.ytimg.com track-eu1.hubspot.com ; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://itatorrents.xyz:8443/socket.io/ wss://itatorrents.xyz:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
frame-src *.gmscolor.com startspectro: startscale: *.userzoom.com *.walkme.com 1
default-src 'self' https://youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com http://cdn4.mxpnl.com https://fonts.googleapis.com https://fonts.gstatic.com/ http://www.youtube.com/ https://s3-us-west-2.amazonaws.com/ https://ct.pinterest.com/ https://test-toybox.myshopify.com/ https://toyboxlabs.myshopify.com/ https://cdn.shopify.com/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net https://s.pinimg.com/ http://static.ads-twitter.com http://www.googleadservices.com http://www.google-analytics.com https://analytics.twitter.com https://connect.facebook.net https://toysearch-test.herokuapp.com/getHomeToyData https://toysearch-prod.herokuapp.com/getHomeToyData https://search.make.toys/  https://content.make.toys/ https://toyboxlabs.myshopify.com https://search.make.toys https://content.make.toys;connect-src * data:;frame-src *;img-src * blob: data:;frame-ancestors https://*.myshopify.com;media-src *;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;font-src https://fonts.gstatic.com 'self';base-uri 'self';form-action 'self';object-src 'none';script-src-attr 'none' 1
connect-src 'self' wss://ws.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://content.hotjar.io https://cdn.linkedin.oribi.io; default-src 'self' https:; font-src 'self' data: https://fonts.gstatic.com; img-src 'unsafe-inline' https: data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager https://static.hotjar.com https://script.hotjar.com https://www.google-analytics.com https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net https://cdn.jsdelivr.net https://cdn.jsdelivr.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https:; worker-src 'self' blob:; 1
frame-ancestors 'self' https://www.johnsoncontrols.com 1
default-src 'self' https://*.wistia.com https://*.wistia.net ; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net;frame-src https://fast.wistia.com https://fast.wistia.net *.google.com https://s3.us-west-1.amazonaws.com; script-src-elem 'unsafe-inline' https: *.gstatic.com; object-src 'none';frame-ancestors 'none';manifest-src 'self';base-uri 'none';script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.wistia.com https://*.wistia.net https://src.litix.io www.gstatic.com *.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com *.google-analytics.com www.googletagmanager.com bat.bing.com polyfill.io *.googleapis.com *.google.com cdn.jsdelivr.net code.jquery.com;connect-src 'self' https://*.clarity.ms https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net *.google-analytics.com *.google.com www.googletagmanager.com *.googleapis.com bat.bing.com stats.g.doubleclick.net; img-src https: 'self' data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net ;style-src https: 'unsafe-inline' 'self' blob https://fast.wistia.com ;font-src 'self' data: https://*.typekit.net https://*.wistia.com pro.fontawesome.com fonts.gstatic.com maxcdn.bootstrapcdn.com; worker-src 'self' blob: 1
report-uri https://www.yelp.com/csp_block?id=a4b05197df039956&page=enforced_by_default_directives&policy_hash=4a31667603ab2e38c60aeeb09daa5097&site=www&timestamp=1715648848; object-src 'self'; base-uri 'self' https://*.yelpcdn.com https://*.adsrvr.org https://6372968.fls.doubleclick.net; font-src 'self' data: https: 1
frame-ancestors 'self' www.cv.ee cv.ee www.cv.lv cv.lv www.prakse.lv prakse.lv https://www.fritz-henkel.com https://fritz-henkel.com dm.henkel-dam.com; 1
default-src 'self' *.associatedasset.com *.aamresales.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.doubleclick.net *.hotjar.com *.hotjar.io *.vimeocdn.com *.vimeo.com *.youtube.com *.msecnd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.associatedasset.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.hotjar.com *.hotjar.io *.vimeocdn.com *.msecnd.net; style-src 'self' 'unsafe-inline' *.msecnd.net; connect-src 'self' *.associatedasset.com wss://*.associatedasset.com *.google.com *.google-analytics.com *.googleadservices.com *.clickdimensions.com *.doubleclick.net *.hotjar.com *.hotjar.io; frame-ancestors 'self' 1
frame-ancestors 'self' https:; default-src 'self' https: wss:; script-src 'report-sample' 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'report-sample' 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline' data:; img-src 'self' blob: https: data: 1
style-src 'self' 'unsafe-inline'; 1
default-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com cdn.checkout.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.facebook.com https://connect.facebook.net; media-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://js.intercomcdn.com; frame-src 'self' *.googletagmanager.com https://bid.g.doubleclick.net https://td.doubleclick.net *.google.com https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com; connect-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://o18635.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://*.googleapis.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.facebook.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://www.facebook.com https://payment-3ds.com; report-uri https://o18635.ingest.sentry.io/api/1453113/security/?sentry_key=17e7a309684a4cc5a82504db707f1e7a 1
default-src *.crazyegg.com blob: 'self' https: 'unsafe-inline' 'unsafe-eval' 1
default-src https: data: ws: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.dtnr.nl *.obi4wan.com *.pusher.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com;connect-src 'self' wss: piwik.dtnr.nl *.obi4wan.com app.obi4wan.ai *.pusher.com service.pdok.nl;img-src 'self' www.tenderned.nl data: *.obi4wan.com;media-src 'self' www.rovid.nl 1
script-src 'unsafe-eval' blob: 'self' 'unsafe-inline'; default-src 'self' data: blob: https://media.starcitizen.tools https://api.flickr.com; style-src 'self' data: blob: https://media.starcitizen.tools https://api.flickr.com 'unsafe-inline'; object-src 'none'; report-uri /api.php?action=cspreport&format=json 1
frame-ancestors 'self' https://*.meetville.com 1
default-src 'none'; img-src 'self' https://status.icq.com/; style-src 'self' 'unsafe-inline'; font-src 'self'; media-src 'self'; script-src 'self' 'unsafe-inline'; connect-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 1
report-to 'https://stratixsystems.com'; 1
frame-ancestors 'self' https://www.toyotaalbania.al https://www.toyota.hr https://www.toyota.ie https://www.toyota.ge https://www.toyota.gr https://www.toyota.it https://www.toyota.lt https://www.toyota.md https://www.toyota.no https://www.toyota.ru https://www.toyota.es https://www.toyota.ua https://www.toyota.am https://www.toyota.ba https://*.toyota.be https://www.toyota.com.cy https://www.toyota.ee https://www.toyota.de https://www.toyota.hu https://www.toyota.kz https://www.toyota.lu https://www.toyota.fr https://www.toyota.pl https://www.toyota.rs https://www.toyota.se https://www.toyota.at https://www.toyota.bg https://www.toyota.cz https://www.toyota.fi https://www.toyota-gib.com https://www.toyota.is https://www.toyota-kosovo.com http://www.toyota.com.mk https://www.toyotacg.me https://www.toyota.pt https://www.toyota.sk https://*.toyota.ch https://www.toyota.az https://www.toyota-canarias.es https://www.toyota.dk https://www.toyota.fr https://www.toyota.co.uk https://www.toyota.co.il https://www.toyota.lv http://toyota.com.mt https://www.toyota.nl https://www.toyota.ro https://www.toyota.si https://www.toyota.com.tr https://www.toyota-europe.com https://*.toyota.eu 1
frame-ancestors 'self' http://www.philips.co.jp *.philips.com *.philips.co.jp https://philipsigtdpv.com 1
default-src 'self' http: https: data: blob: 'unsafe-inline'; frame-ancestors 'self' 1
frame-ancestors 'self' plays.org; 1
frame-ancestors 'self' https://hilfe.bruegelmann.de https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
default-src 'self' 'unsafe-inline' data: *.1stcentralinsurance.com *.analytics-egain.com *.youtube-nocookie.com *.2o7.net *.adobedtm.com *.bootstrapcdn.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.egain.cloud *.facebook.com *.facebook.net *.feefo.com *.fontawesome.com *.frontify.com *.github.io *.google.co.uk *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.instagram.com *.klick2contact.com *.omguk.com *.opendns.com *.optimizely.com *.sessioncam.com *.trustpilot.com *.twitter.com *.youtube.com *.cookielaw.org *.gbqofs.com *.gbss.io *.onetrust.com; frame-ancestors 'self' *.1stcentralinsurance.com; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://api.lever.co; frame-src 'self' https://www.youtube.com https://www.google.com; img-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://www.googletagmanager.com https://www.gstatic.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://unpkg.com https://www.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-hashes' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://cdn.jsdelivr.net mdbootstrap.com use.fontawesome.com; report-uri http://www.tri.global/report-uri/enforce; block-all-mixed-content 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' www.youtube.com s.ytimg.com www.everestjs.net *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.googleadservices.com www.googletagservices.com tpc.googlesyndication.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com display.wayin.com ddc.optimahub.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js; style-src 'unsafe-inline' p-airnz.com tagmanager.google.com static.hotjar.com script.hotjar.com; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com data:; media-src 'self' p-airnz.com ; frame-src 'self' www.youtube.com www.everestjs.net pixel.everesttech.net *.demdex.net *.doubleclick.net www.googletagmanager.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ tpc.googlesyndication.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com xd.wayin.com display.engagesciences.com; connect-src 'self' api.airnz.io api.airnz.ai auth.airnewzealand.co.nz auth.grabaseat.co.nz *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com pagead2.googlesyndication.com *.optimizely.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://widget.timatic.iata.org/api/; object-src 'none'; frame-ancestors 'none'; report-uri /csp-report 1
script-src 'nonce-24RPSV8oOylvjMHx+0mEEw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=ffa17f14-319e-4974-b6af-59527d38876c; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://mastodon.de 'wasm-unsafe-eval'; font-src 'self' https://mastodon.de; img-src 'self' data: blob: https://mastodon.de https://media.mastodon.de; style-src 'self' https://mastodon.de 'nonce-MLFhGmih4G1D0xKzRHNZRA=='; media-src 'self' data: https://mastodon.de https://media.mastodon.de; frame-src 'self' https:; child-src 'self' blob: https://mastodon.de; worker-src 'self' blob: https://mastodon.de; connect-src 'self' blob: data: wss://mastodon.de https://mastodon.de https://media.mastodon.de; manifest-src 'self' https://mastodon.de; form-action 'self' 1
default-src data: https: wss: about: 'self' *.useinsider.com *.api.useinsider.com wss://*.hotjar.com wss://*.api.useinsider.com *.hotjar.io wss://*.hotjar.io;script-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' 'report-sample' *.useinsider.com *.api.useinsider.com web-sdk.smartlook.com connect.facebook.net bancocuscatlan.activehosted.com *.googleadservices.com api.livechatinc.com cdn.livechatinc.com *.hotjar.com *.hotjar.io *.bancocuscatlan.com stats.bancocuscatlan.com/bancadigital/jquery-ui-css-min.js *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com *.google-analytics.com maps.googleapis.com cdn.jsdelivr.net cdn.jsdelivr.net connect.facebook.net;style-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' *.useinsider.com *.api.useinsider.com *.googletagmanager.com unpkg.com cdnjs.cloudflare.com fonts.googleapis.com unicons.iconscout.com fonts.googleapis.com cdn.jsdelivr.net cdn.jsdelivr.net;img-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' *.facebook.com www.google.com.gt *.useinsider.com *.api.useinsider.com ac-image.s3.amazonaws.com bancocuscatlan.img-us3.com cdn.livechatinc.com dsf4amlss2x9u.cloudfront.net *.bancocuscatlan.com *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com *.google.com.sv *.googleusercontent.com *.googletagmanager.com *.googletagmanager.com *.google-analytics.com i.ytimg.com *.ytimg.com;connect-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' *.useinsider.com *.api.useinsider.com *.bancocuscatlan.com:8243/webapi/ content.hotjar.io manager.eu.smartlook.cloud api.ipify.org api.livechatinc.com *.cloudfront.net *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.hotjar.io wss://*.api.useinsider.com *.bancocuscatlan.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com;font-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' *.useinsider.com *.api.useinsider.com cdnjs.cloudflare.com fonts.gstatic.com unicons.iconscout.com fonts.gstatic.com cdn.livechatinc.com;frame-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' *.useinsider.com *.api.useinsider.com bancadigital.bancocuscatlan.com secure.livechatinc.com vars.hotjar.com *.hotjar.io *.google.com *.googletagmanager.com youtube.com *.youtube.com *.youtube-nocookie.com;object-src 'none';worker-src blob:;base-uri 'self';media-src data: https: wss: about: 'self' *.useinsider.com *.api.useinsider.com *.cloudfront.net *.bancocuscatlan.com;frame-ancestors 'self' *.useinsider.com *.api.useinsider.com https://api.useinsider.com/ 1
script-src 'self' 'unsafe-inline' *.newrelic.com *.google.com *.googletagmanager.com *.google-analytics.com *.youtube.com *.licdn.com *.clickdimensions.com *.azureedge.net *.ads-twitter.com *.twitter.com *.clarity.ms *.addthis.com *.botframework.com *.buzzsprout.com *.vimeo.com *.googleadservices.com *.vo.msecnd.net *.gstatic.com; frame-src 'self' *.google.com *.twitter.com *.svc.dynamics.com *.youtube.com *.clickdimensions.com *.microsoft.com *.buzzsprout.com *.vimeo.com *.eventbrite.com *.office.com *.cloud.microsoft *.eventbrite.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss://*.hotjar.com; frame-ancestors 'self'; object-src 'none'; worker-src blob:; 1
default-src https: data: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src https: wss: blob:; img-src http: https: data: blob: about:; font-src http: https: data:; frame-src https: blob:; report-uri /api/csp/report 1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; img-src https: data:; frame-src https:; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https: *.ometria.com; frame-ancestors 'self' www.youtube.com; img-src 'self' data: https: http://*.trustarc.com https://fonts.gstatic.com https://www.google.com https://www.googletagmanager.com https://directus.filorga-us.colpal.cloud https://directus.dev-filorga-us.colpal.cloud https://*.shopify.com https://*.yotpo.com https://tvspix.com http://trk.ometria.localhost https://d3g420rgevyqxw.cloudfront.net https://cdn.automat-ai.com https://static.ordergroove.com https://shopify.privy.com https://d18eg7dreypte5.cloudfront.net https://*.afterpay.com; object-src 'none'; script-src-attr 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' *.trustarc.com; upgrade-insecure-requests 1
default-src 'self' https://wchat.freshchat.com https://hooks.stripe.com https://js.stripe.com;style-src 'self' 'unsafe-inline'  https://baremetrics-dunning.baremetrics.com/css/barepay.css https://wchat.freshchat.com/css/widget.css https://js.stripe.com/v3/* https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://checkout.stripe.com/checkout.js https://www.google-analytics.com https://ajax.googleapis.com https://script.crazyegg.com use.fontawesome.com www.google.com cdnjs.cloudflare.com www.gstatic.com grok-2018.local:8890 www.googletagmanager.com d36mpcpuzc4ztk.cloudfront.net baremetrics-dunning.baremetrics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://wchat.freshchat.com/js/widget.js  https://js.stripe.com https://hooks.stripe.com https://js.stripe.com/v3/*;connect-src 'self'  https://script.crazyegg.com https://stats.g.doubleclick.net https://tracking.crazyegg.com https://dunning.baremetrics.com/customer_status https://script.crazyegg.com https://www.google-analytics.com https://checkout.stripe.com;object-src 'none';font-src 'self' data: https://fonts.gstatic.com/;img-src 'self' data: https://secure.gravatar.com https://www.google.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com https://q.stripe.com www.gstatic.com;frame-src https://www.youtube.com https://checkout.stripe.com https://js.stripe.com https://platform.twitter.com www.google.com 1
default-src https: data: blob: filesystem: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' https://*.google.com https://*.fonts.gstatic.com X-Frame-Options: SAMEORIGIN  1
frame-ancestors 'self' https://analytics.interworks.com https://blackstone.tableau.com https://bx.com http://events1.social27.com https://events1.social27.com https://interworks.co.uk http://s27-events-ui-staging.azurewebsites.net https://s27-events-ui-staging.azurewebsites.net https://tableau.interworks.co.uk https://interworks.com; upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://service.pdok.nl https://kadasterbv.containers.piwik.pro https://kadasterbv.piwik.pro; connect-src 'self' https://service.pdok.nl https://api.pdok.nl https://geodata.nationaalgeoregister.nl https://kadasterbv.piwik.pro https://api.kadaster.nl; img-src 'self' https://service.pdok.nl https://api.pdok.nl https://geodata.nationaalgeoregister.nl https://www.toegankelijkheidsverklaring.nl; frame-src 'self'; frame-ancestors 'none' 1
default-src * data: blob: ws: wss: gap://ready file://*; style-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob:; worker-src 'self' blob:; frame-src * blob:; child-src blob: gap:; frame-ancestors 'none'; 1
default-src 'none'; media-src 'self'; script-src-elem 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src *.irbnet.org 'self' data:; style-src-elem 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';base-uri 'self';form-action 'self'; frame-ancestors 'self'; font-src 'self'; 1
default-src 'self' 'unsafe-inline'   ssl.google-analytics.com  pagead2.googlesyndication.com  www.googletagmanager.com  www.google-analytics.com  www.googleadservices.com  snap.licdn.com  assets.pcrl.co  partner.googleadservices.com  adservice.google.com.ar  widget.intercom.io  tpc.googlesyndication.com  adservice.google.com  connect.facebook.net  googleads.g.doubleclick.net  system.picreel.com  js.intercomcdn.com  www.youtube.com  app.picreel.com  *.googleapis.com  *.facebook.com  *.google.com  *.google.com.ar  stats.g.doubleclick.net  *.hotjar.com  *.linkedin.com  *.gstatic.com  *.jquery.com  fonts.gstatic.com  p.adsymptotic.com  api-iam.intercom.io  wss://nexus-websocket-a.intercom.io  bid.g.doubleclick.net  static.intercomassets.com  https://*.intercomcdn.com  *.fontawesome.com  i.ytimg.com  vc.hotjar.io  https://*.hotjar.com  https://*.hotjar.io  wss://*.hotjar.com;           child-src 'self'  https://vars.hotjar.com/  https://newsletter-link.nosis.com  https://googleads.g.doubleclick.net  https://www.facebook.com  https://bid.g.doubleclick.net  http://app.picreel.com  https://tpc.googlesyndication.com  https://www.google.com  https://www.youtube.com;         img-src 'self' data:         https://www.google-analytics.com  https://px.ads.linkedin.com; 1
default-src *.cookie-script.com 'self' 'unsafe-inline' 'unsafe-eval' *.teluq.ca *.google-analytics.com *.googleapis.com www.google-analytics.com www.googletagmanager.com *.g.doubleclick.net *.doubleclick.net *.google.com *.google.ca *.withgoogle.com *.gstatic.com *.googleadservices.com *.ggpht.com *.youtube.com *.livechatinc.com www.facebook.com connect.facebook.net cdnjs.cloudflare.com ssl.p.jwpcdn.com; font-src * data:; img-src * data:; 1
child-src  https://*.doubleclick.net js.stripe.com *.clarity.ms vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.googletagmanager.com www.youtube.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com  ; connect-src 'self' data: blob: *.onfido.com wss://*.onfido.com clarity.microsoft.com *.clarity.ms snappcar.nl dzklgi3s0q69j.cloudfront.net api.woosmap.com api-js.mixpanel.com api.snappcar.de api.snappcar.nl api2.branch.io apitst1.snappcar.nl ekr.zdassets.com snappcar.zendesk.com in.hotjar.com  https://*.doubleclick.net tst1.snappcar.nl *.hotjar.com wss://*.hotjar.com vc.hotjar.io wss://api.snappcar.de wss://api.snappcar.nl wss://apitst1.snappcar.nl www.facebook.com www.google-analytics.com www.google.com www.snappcar.nl api.trustpilot.com ka-f.fontawesome.com sentry.io bat.bing.com rum-collector-2.pingdom.net unpkg.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com    https://*.hotjar.com  https://*.hotjar.io  wss://*.hotjar.com  https://consent.cookiebot.com  https://consentcdn.cookiebot.com  https://*.woosmap.com  https://*.getsitecontrol.com *.getsitectrl.com; default-src 'self' api.snappcar.de api.snappcar.nl  https://*.doubleclick.net cdn.snappcar.nl connect.facebook.net linkmaker.itunes.apple.com sentry.io web.facebook.com widget.trustpilot.com wss://api.snappcar.de wss://api.snappcar.nl www.facebook.com www.google-analytics.com www.google.nl www.googleadservices.com www.googletagmanager.com ajax.googleapis.com api-js.mixpanel.com api.trustpilot.com api2.branch.io appleid.cdn-apple.com assets.customer.io blog.snappcar.nl cdn.branch.io cdn.mxpnl.com cdn.siftscience.com dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net fonts.googleapis.com fonts.gstatic.com hexagon-analytics.com in.hotjar.com js.stripe.com maps.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com   maps.gstatic.com script.hotjar.com static.hotjar.com track.customer.io vars.hotjar.com vc.hotjar.io *.clarity.ms www.gstatic.com www.snappcar.nl www.youtube.com www.lt45.net www.google.ie bat.bing.com heiseonline.github.io rum-collector-2.pingdom.net rum-static.pingdom.net unpkg.com  https://*.hotjar.com  https://*.hotjar.io  wss://*.hotjar.com  https://*.woosmap.com  https://*.getsitecontrol.com *.getsitectrl.com; font-src 'self' connect.facebook.net d3ef8kpmd7tehc.cloudfront.net dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net fonts.googleapis.com fonts.gstatic.com js.stripe.com ka-f.fontawesome.com kit-free.fontawesome.com optimize.google.com script.hotjar.com snappcar static.hotjar.com *.clarity.ms staticxx.facebook.com use.fontawesome.com vars.hotjar.com web.facebook.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com youtube.com maxcdn.bootstrapcdn.com  https://*.hotjar.com  https://*.woosmap.com  https://*.getsitecontrol.com *.getsitectrl.com data 'unsafe-inline' data:; frame-src  https://*.doubleclick.net js.stripe.com optimize.google.com *.clarity.ms vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com    https://*.hotjar.com  https://consentcdn.cookiebot.com  https://*.woosmap.com; img-src 'self' https://assets.onfido.com/ www.googleadservices.com theme.zdassets.com accounts.google.com apitst1.snappcar.nl blog.snappcar.nl cbks0.googleapis.com cdn.branch.io cdn.snappcar.nl connect.facebook.net www.snappcar.nl d3ef8kpmd7tehc.cloudfront.net dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net emailsignature.trustpilot.com *.clarity.ms  https://*.doubleclick.net hexagon-analytics.com l.facebook.com l.instagram.com linkmaker.itunes.apple.com lt45.net maps.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com   maps.gstatic.com snappcarblogse.files.wordpress.com track.customer.io tst1.snappcar.nl web.facebook.com www.adyen.com www.facebook.com www.google-analytics.com www.google.com www.google.de www.google.nl www.googletagmanager.com www.gstatic.com www.lt45.net www.snappcar.de www.google.ie bat.bing.com data data: s3-eu-west-1.amazonaws.com d2j07qayxax6cc.cloudfront.net  https://*.hotjar.com  https://*.woosmap.com  https://*.getsitecontrol.com *.getsitectrl.com; media-src dzklgi3s0q69j.cloudfront.net  https://*.hotjar.com  https://*.woosmap.com; script-src-elem 'self' cdn.polyfill.io static.zdassets.com adservice.google.com ajax.googleapis.com api.mixpanel.com api.snappcar.de api.snappcar.nl apitst1.snappcar.nl app.link appleid.cdn-apple.com assets.customer.io cdn.branch.io cdn.mxpnl.com cdn.siftscience.com cdn.snappcar.nl code.jquery.com connect.facebook.net d3ef8kpmd7tehc.cloudfront.net dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net facebook.com  https://*.doubleclick.net clarity.microsoft.com *.clarity.ms hotjar.com hotjar.io itunes.apple.com js.stripe.com ka-f.fontawesome.com kit.fontawesome.com maps.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com   mixpanel.com optimize.google.com script.hotjar.com sentry.io static.hotjar.com widget.trustpilot.com ws2.hotjar.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.snappcar.nl www.youtube.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com 'unsafe-inline' bat.bing.com heiseonline.github.io rum-static.pingdom.net snappcar.nl unpkg.com cdn.jsdelivr.net  https://*.hotjar.com  https://consent.cookiebot.com  https://consentcdn.cookiebot.com  https://*.woosmap.com  https://*.getsitecontrol.com *.getsitectrl.com; script-src 'self' cdn.polyfill.io code.jquery.com cdn.jsdelivr.net stackpath.bootstrapcdn.com static.zdassets.com assets.zendesk.com ajax.googleapis.com app.link appleid.cdn-apple.com assets.customer.io cdn.branch.io cdn.mxpnl.com cdn.siftscience.com connect.facebook.net clarity.microsoft.com *.clarity.ms dgu73kunzs7kw.cloudfront.net dzklgi3s0q69j.cloudfront.net  https://*.doubleclick.net js.stripe.com maps.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com   script.hotjar.com static.hotjar.com widget.trustpilot.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.youtube.com maxcdn.bootstrapcdn.com  https://*.hotjar.com 'unsafe-eval' 'unsafe-inline' bat.bing.com heiseonline.github.io rum-static.pingdom.net d3ef8kpmd7tehc.cloudfront.net unpkg.com  https://*.woosmap.com  https://*.getsitecontrol.com *.getsitectrl.com; style-src-elem 'self' dzklgi3s0q69j.cloudfront.net fonts.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com   optimize.google.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com 'unsafe-inline' snappcar.nl  https://*.hotjar.com  https://*.woosmap.com; style-src 'self' dzklgi3s0q69j.cloudfront.net stackpath.bootstrapcdn.com fonts.googleapis.com  https://*.googleapis.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com    https://*.hotjar.com  https://*.woosmap.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; script-src-attr 'unsafe-inline'; style-src-attr 'unsafe-inline'; worker-src 'self' blob:; 1
frame-ancestors 'self' *.alation.com www.alationuniversity.com *.alationuniversity.com *.splashthat.com https://app.contentful.com app.optimizely.com 1
img-src * data:; style-src 'self' 'unsafe-inline'; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.googleapis.com *.google.com www.youtube-nocookie.com *.vimeocdn.com *.vimeo.com fonts.gstatic.com www.googletagmanager.com www.google-analytics.com *.facebook.net *.altruja.de altruja.de; 1
default-src 'self'; script-src 'self' https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://*.google-analytics.com/; style-src 'self' 'unsafe-inline'; font-src * 'unsafe-inline'; connect-src *; frame-src * 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.mygeekbox.co.uk https://m.mygeekbox.co.uk https://checkout.mygeekbox.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
upgrade-insecure-requests; frame-ancestors 'self' *.packlane.com *.digitalroom.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com; 1
frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com teams.cloud.microsoft outlook.cloud.microsoft m365.cloud.microsoft self 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.calendly.com https://*.hotjar.com *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hsforms.net *.hsforms.com *.hsleadflows.net *.hscollectedforms.net *.hubspot.com https://cdn.calconic.com/static/js/calconic.min.js https://cdn.omniconvert.com/ https://cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.g.doubleclick.net https://js.usemessages.com https://sc.lfeeder.com https://snap.licdn.com https://static.ads-twitter.com https://tag.demandbase.com https://*.google-analytics.com https://www.googleoptimize.com/optimize.js https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://www.vimeo.com https://vimeo.com https://www.youtube.com; style-src 'unsafe-inline' 'self' https://cdnjs.cloudflare.com https://*.calendly.com https://*.googleapis.com https://growcreate.co.uk https://*.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://pagead2.googlesyndication.com *.hubapi.com *.hubspot.com *.hsforms.com *.hscollectedforms.net https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.co.uk https://www.google.com https://app.omniconvert.com https://consentcdn.cookiebot.com https://growcreate.co.uk https://our.umbraco.com https://px.ads.linkedin.com https://tag-logger.demandbase.com https://vimeo.com https://api.company-target.com *.calconic.com https://calendly.com; font-src 'self' data: https://*.gstatic.com https://*.hotjar.com; frame-src 'self' *.hs-sites.com *.hubspot.com *.hsforms.net *.hsforms.com https://calendly.com https://www.google.com https://consentcdn.cookiebot.com https://player.vimeo.com https://s.company-target.com https://td.doubleclick.net youtube.com www.youtube.com; child-src *.hsforms.com; img-src 'self' data: https://assets.calendly.com https://pagead2.googlesyndication.com https://*.hotjar.com *.hubspotusercontent-na1.net *.hsforms.com *.hsforms.net *.hubspot.com https://id.rlcdn.com https://imgsct.cookiebot.com https://our.umbraco.com https://px.ads.linkedin.com https://raw.githubusercontent.com https://tr.lfeeder.com https://www.google.co.uk https://www.google.pt https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://analytics.twitter.com https://t.co https://i.ytimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' www.abaxis.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://cms.feq.ca 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.parcellab.com *.mypurecloud.de *.survicate.com *.adform.net insight.adsrvr.org js.adsrvr.org *.bing.com *.doubleclick.net *.facebook.com *.facebook.net s.pinimg.com ct.pinterest.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
frame-ancestors *.ncsoft.jp lineagem-jp.com *.plaync.com 1
base-uri 'self'; default-src 'self' https:; img-src 'self' https: data:; object-src 'self'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: wss:; font-src 'self' https: data: 1
frame-ancestors 'self' my.bonify.de www.bonify.de pages.bonify.de sso.bonify.de 1
default-src 'self' http: https: data: blob: 'unsafe-eval' 'unsafe-inline'; connect-src * 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';connect-src https://*.jooancloud.com:443 1
default-src 'self' data: analytics.google.com *.googleadservices.com https://onlia.zendesk.com https://static.zdassets.com/ekr/snippet.js https://ekr.zdassets.com/compose/ https://static.zdassets.com/ https://v2assets.zopim.io wss://widget-mediator.zopim.com/s/W/ws/ https://widget-mediator.zopim.com https://p27.zdusercontent.com/ https://dc.services.visualstudio.com/v2/track https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://c.la3-core1.sfdc-yfeipo.salesforceliveagent.com https://d.la3-core1.sfdc-yfeipo.salesforceliveagent.com *.trustpilot.com optimize.google.com d6tizftlrpuof.cloudfront.net *.digitalcx.com *.elitechnology.com *.usabilla.com *.eqads.com *.onliasense.ca *.gstatic.com *.doubleclick.net fonts.googleapis.com tagmanager.google.com maps.google.com maps.google.ca *.googleapis.com *.googleapis.ca *.ggpht.com www.youtube.com https://onlia-ca-pixel-cynolytics.outshared.services/ https://connect.facebook.net https://s-static.ak.facebook.com https://www.facebook.com https://www.google.com www.google.ca *.google-analytics.com https://*.analytics.google.com wss://*.smooch.io https://*.smooch.io https://*.googletagmanager.com https://www.googleoptimize.com https://surfly.com/  https://*.tvsquared.com https://player.vimeo.com/ https://ucc.oc365s.com wss://*.hotjar.com *.hotjar.com vc.hotjar.io content.hotjar.io https://*.trustev.com https://*.iesnare.com wss://mpsnare.iesnare.com/ https://static.ads-twitter.com/ *.twitter.com *.stackadapt.com https://t.co/ https://bat.bing.com/ https://bat.bing.com/action/0* https://www.instagram.com/ 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-382776ebed884c9195b81464dc9367e8' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self' https://www.leedonline.com https://leedonline-api.usgbc.org 1
script-src 'self' 'unsafe-inline' blob: https://vercel.live https://static.hotjar.com https://script.hotjar.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://sc-static.net https://tr.snapchat.com https://www.googleadservices.com https://connect.facebook.net https://analytics.tiktok.com https://static.ads-twitter.com https://translate.google.com https://translate.googleapis.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://www.googletagmanager.com https://fonts.googleapis.com https://www.gstatic.com; font-src 'self' https://script.hotjar.com https://fonts.gstatic.com; connect-src 'self' *.sentry.io https://vitals.vercel-insights.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://tr.snapchat.com https://tr6.snapchat.com https://vercel.live https://analytics.tiktok.com https://translate.google.com; img-src 'self' data: https:; frame-src 'self' https://www.youtube.com https://www.google.com https://td.doubleclick.net https://tr.snapchat.com https://vercel.live; media-src 'self' https://static.gust.edu.kw/; 1
script-src http://www.chu-bordeaux.fr https://www.chu-bordeaux.fr https://piwikpro.chu-bordeaux.fr  'unsafe-inline' 'unsafe-eval'; style-src 'self'  'unsafe-inline'; object-src 'none'; frame-ancestors http://www.chu-bordeaux.fr https://www.chu-bordeaux.fr https://piwikpro.chu-bordeaux.fr ; worker-src 'self' 1
frame-ancestors https://page.blubybcadigital.id 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-NTUxMGE3NWY2YjdkNGNlMw==' 'nonce-YzM1ZGJhM2Y0MDQ3YWFkYw==' https://cdn.jsdelivr.net/gh/alpinejs/alpine@v2.8.2/dist/alpine.min.js https://code.jquery.com/jquery-3.2.1.min.js https://code.jquery.com/jquery-3.5.1.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.1/Chart.min.js; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests; connect-src * https:; img-src * blob: data: https:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src * blob: data:; worker-src * blob: data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: image: 1
default-src 'self' https://www.pagador.com.br https://transactionsandbox.pagador.com.br https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: https: http:; script-src 'self' https://www.pagador.com.br 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline' 'unsafe-eval'; 1
frame-src 'self' https://www.google.com https://*.powerbi.com https://*.doubleclick.net https://veltec.atlassian.net https://veltec3g-o-que-ha-de-novo.s3-sa-east-1.amazonaws.com https://app.pendo.io; frame-ancestors 'self' https://ce.vfleets.com.br https://vfleets.com.br https://canary.vfleets.com.br http://mobile.trimble.com.br; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; img-src 'self' data: https://*.vfleets.com.br https://*.alk.com https://*.cloudfront.net https://veltec.atlassian.net https://api.media.atlassian.com https://www.google-analytics.com https://www.google.com.br https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.powerbi.com https://*.amazonaws.com https://cdn.pendo.io	https://pendo-io-static.storage.googleapis.com https://data.pendo.io https://app.pendo.io https://pendo-static-6476096253526016.storage.googleapis.com https://veltec3g-o-que-ha-de-novo.s3-sa-east-1.amazonaws.com https://vfleets-imagens.s3.sa-east-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.powerbi.com https://*.googletagmanager.com https://api.ipify.org https://www.google-analytics.com https://*.clarity.ms https://c.bing.com https://tracksale.co https://app.track.co https://cdn.pendo.io https://pendo-io-static.storage.googleapis.com https://data.pendo.io https://app.pendo.io https://pendo-static-6476096253526016.storage.googleapis.com https://vfleets-i18n.s3.sa-east-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://*.vfleets.com.br https://*.powerbi.com https://*.googleapis.com https://cdn.pendo.io; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; font-src * data:; style-src 'unsafe-inline' *; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js http://cdn.jsdelivr.net http://d3js.org/d3.v4.min.js http://cdnjs.cloudflare.com http://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.0/Chart.min.js http://cdnjs.cloudflare.com/ajax/libs/chartjs-plugin-doughnutlabel/2.0.3/chartjs-plugin-doughnutlabel.js https://static.hotjar.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://www.aesindiana.com/report-uri/enforce 1
default-src 'self' 'unsafe-inline' api-gateway.mappedin.com vars.hotjar.com www.youtube.com connect.facebook.net bid.g.doubleclick.net www.facebook.com *.googlesyndication.com pagesense-collect.zoho.com cdn.curator.io api.curator.io ad.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-gateway.mappedin.com d1p5cqqchvbqmy.cloudfront.net *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.edgenyc.dev.dd:8083 *.dev-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com static.hotjar.com stats.g.doubleclick.net connect.facebook.net script.hotjar.com *.gstatic.com js-agent.newrelic.com bam.nr-data.net www.youtube.com s.ytimg.com cdn.ampproject.org secure.leadforensics.com static.ads-twitter.com snap.licdn.com sjs.bizographics.com px.ads.linkedin.com dc.ads.linkedin.com analytics.twitter.com adadvisor.net js.hs-scripts.com js.hs-analytics.net bat.bing.com/ www.googleadservices.com googleads.g.doubleclick.net cdn.jsdelivr.net cdnjs.cloudflare.com *.adform.net *.googlesyndication.com *.pagesense.io *.clarity.ms pagesense-collect.zoho.com static.zohocdn.com *.curator.io ad.doubleclick.net *.sojern.com *.cookielaw.org script.crazyegg.com *.quantserve.com *.quantcount.com *.yieldoptimizer.com js.adsrvr.org analytics.tiktok.com *.adnxs.com *.teads.tv static.zdassets.com ekr.zdassets.com wss://pod-19.zendesk.com pod-19.zendesk.com; object-src 'none'; img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ca *.googleapis.com *.googlesyndication.com *.edgenyc.dev.dd:8083 *.dev-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com static.hotjar.com stats.g.doubleclick.net connect.facebook.ne script.hotjar.com connect.facebook.net *.gstatic.com js-agent.newrelic.com bam.nr-data.net *.youtube.com s.ytimg.com cdn.ampproject.org secure.leadforensics.com static.ads-twitter.com snap.licdn.com sjs.bizographics.com *.ads.linkedin.com analytics.twitter.com adadvisor.net js.hs-scripts.com js.hs-analytics.net bat.bing.com www.googleadservices.com d3j72de684fey1.cloudfront.net cdn.jsdelivr.net *.clarity.ms *.pagesense.io *.googlesyndication.com *.adform.net pagesense-collect.zoho.com *.bing.com *.doubleclick.net *.cookielaw.org *.adnxs.com *.sojern.com *.adsrvr.org *.facebook.com *.streetmetrics.io *.quantserve.com analytics.tiktok.com *.adnxs.com *.teads.tv *.rlcdn.com tag.adaraanalytics.com *.demdex.net *.stackadapt.com *.analytics.yahoo.com *.yieldoptimizer.com *.turn.com edgenyc.zendesk.com related.zendesk.com *.seadform.net; frame-src 'self' www.youtube.com player.vimeo.com twitter.com x.com www.dailymotion.com insight.adsrvr.org fledge.teads.tv www.google.com *.fls.doubleclick.net *.adform.net; frame-ancestors 'self' *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com *.ddev.site; font-src 'self' data: fonts.gstatic.com *.googleapis.com edgenyc.ddev.site dev-www.edgenyc.com stage-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com cdn.curator.io; connect-src 'self' blob: *.mappedin.com d3j72de684fey1.cloudfront.net sentry.io *.google-analytics.com *.clarity.ms pagesense-collect.zoho.com *.googletagmanager.com *.google.com *.googleapis.com *.edgenyc.dev.dd:8083 *.dev-www.edgenyc.com *.loadtest.edgenyc.com *.edgenyc.com *.edgenycstg.prod.acquia-sites.com *.edgenycra.prod.acquia-sites.com static.hotjar.com stats.g.doubleclick.net connect.facebook.ne script.hotjar.com connect.facebook.net *.gstatic.com js-agent.newrelic.com bam.nr-data.net www.youtube.com s.ytimg.com cdn.ampproject.org secure.leadforensics.com static.ads-twitter.com snap.licdn.com sjs.bizographics.com px.ads.linkedin.com dc.ads.linkedin.com analytics.twitter.com adadvisor.net js.hs-scripts.com js.hs-analytics.net bat.bing.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com *.pagesense.io *.adform.net api.curator.io *.cookielaw.org *.onetrust.com ad.doubleclick.net beacon.sojern.com *.onetrust.com analytics.tiktok.com *.adnxs.com *.teads.tv script.crazyegg.com ekr.zdassets.com edgenyc.zendesk.com wss://pod-19.zendesk.com; report-uri /report-csp-violation 1
script-src 'unsafe-eval' 'unsafe-inline' http: https: https://mcprod.bel-bo.be/; style-src 'self' blob: https: 'unsafe-inline' https://mcprod.bel-bo.be/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' https://fonts.gstatic.com *.useinsider.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.google.com *.vimeo.com *.kiyoh.com *.issuu.com *.useinsider.com *.adobe.com *.doubleclick.net *.pinterest.com; 1
script-src-attr 'none' 'report-sample'; object-src 'none'; upgrade-insecure-requests; script-src 'self' adservice.google.hu adservice.google.com.mt adservice.google.co.zm adservice.google.lv adservice.google.az adservice.google.com.br adservice.google.ml adservice.google.com.na adservice.google.ki adservice.google.co.id adservice.google.ws adservice.google.com.ag adservice.google.com.eg adservice.google.co.cr *.cloudflareinsights.com adservice.google.com.pg adservice.google.gt recaptcha.net adservice.google.ca adservice.google.co.kr adservice.google.jo adservice.google.com.ua adservice.google.co.tz *.doubleverify.com adservice.google.com.py adservice.google.com.tr adservice.google.iq adservice.google.fr adservice.google.bg adservice.google.co.jp adservice.google.com.pk adservice.google.com.bz adservice.google.gl adservice.google.kg *.google-analytics.com adservice.google.so adservice.google.ga adservice.google.ae adservice.google.cd adservice.google.com.gh adservice.google.es adservice.google.cz *.s-onetag.com adservice.google.co.ug adservice.google.com.kw adservice.google.dz adservice.google.sk adservice.google.com.om adservice.google.ad adservice.google.lt adservice.google.cv *.googletagmanager.com *.crsspxl.com adservice.google.tn adservice.google.gr adservice.google.gg adservice.google.dm adservice.google.co.vi adservice.google.rw adservice.google.com.ly adservice.google.ne *.googlesyndication.com adservice.google.tl adservice.google.com.kh adservice.google.co.zw adservice.google.com.ai adservice.google.co.il adservice.google.fi adservice.google.ro adservice.google.ht *.script.ac *.4dex.io adservice.google.rs adservice.google.as adservice.google.nl adservice.google.com.tj adservice.google.com.pr adservice.google.at *.consentmanager.net adservice.google.com.np adservice.google.com.lb adservice.google.al adservice.google.tm adservice.google.tt adservice.google.co.ls adservice.google.com.cu adservice.google.mg a.fsdn.com adservice.google.com.bn *.moatads.com adservice.google.nr adservice.google.to adservice.google.lu adservice.google.li adservice.google.ru adservice.google.com.ng adservice.google.sm adservice.google.com.bh adservice.google.td adservice.google.ie adservice.google.com.et adservice.google.mu adservice.google.md http://c.sf-syn.com adservice.google.com.pe adservice.google.co.uk adservice.google.com.vc adservice.google.gm adservice.google.com.bd adservice.google.com.tw adservice.google.com.ni adservice.google.co.ao adservice.google.la adservice.google.de adservice.google.hn adservice.google.gy adservice.google.si adservice.google.lk adservice.google.com.co adservice.google.co.th *.microsofttranslator.com adservice.google.fm adservice.google.com.gi adservice.google.im *.gstatic.com adservice.google.com.sb adservice.google.com.ec adservice.google.com.sa adservice.google.cg adservice.google.co.bw adservice.google.je adservice.google.co.ck adservice.google.ch adservice.google.ci adservice.google.mw adservice.google.co.ve adservice.google.com.bo adservice.google.is adservice.google.pl *.google.com adservice.google.com.hk adservice.google.com.fj adservice.google.co.in adservice.google.com.ph adservice.google.com.cy adservice.google.mn adservice.google.st adservice.google.ms adservice.google.com.mm adservice.google.com.sg adservice.google.vu adservice.google.com.ar adservice.google.com.sv adservice.google.co.mz adservice.google.com.jm adservice.google.co.ke translate.google.cn adservice.google.mv adservice.google.cl adservice.google.co.nz adservice.google.bi adservice.google.tg adservice.google.dk adservice.google.ge adservice.google.com.au adservice.google.ps adservice.google.it adservice.google.com.pa *.2mdn.net adservice.google.se adservice.google.sn adservice.google.bj ml314.com translate.googleapis.com http://*.pro-market.net adservice.google.com.af *.lijit.com adservice.google.com.my *.tiny.cloud adservice.google.nu adservice.google.dj adservice.google.co.uz btloader.com *.microsoft.com *.licdn.com *.doubleclick.net adservice.google.bf adservice.google.com.qa *.recaptcha.net *.googletagservices.com *.adsafeprotected.com adservice.google.bt *.slashdotmedia.com adservice.google.cm *.trustarc.com adservice.google.com.mx adservice.google.ee adservice.google.com.vn adservice.google.bs adservice.google.pt adservice.google.me adservice.google.no adservice.google.sr http://b.sf-syn.com *.flashtalking.com adservice.google.kz *.gstatic.cn adservice.google.hr adservice.google.be adservice.google.com.uy *.googleadsserving.cn adservice.google.sc adservice.google.mk adservice.google.vg adservice.google.cf adservice.google.com.gt adservice.google.co.za *.sharethrough.com *.adnxs.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' http://*.pro-market.net *.crsspxl.com a.fsdn.com *.google.com http://c.sf-syn.com http://b.sf-syn.com *.googlesyndication.com *.safeframe.usercontent.goog *.doubleclick.net *.googletagmanager.com *.recaptcha.net recaptcha.net *.youtube.com www.youtube-nocookie.com  *.consentmanager.net *.adnxs.com *.indexww.com *.rubiconproject.com *.lijit.com *.btloader.com; frame-ancestors 'self'; form-action 'self' lists.sourceforge.net 1
default-src * ; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'unsafe-inline'; img-src * data: https://ct.capterra.com; media-src *; frame-src *; frame-ancestors *; child-src *; font-src * https://themes.googleusercontent.com http://themes.googleusercontent.com; connect-src *; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.paderborn.de *.krz.de 1
frame-ancestors http://myota.tradingacademy.com https://myota.tradingacademy.com; child-src https://www.google.com/ https://www.youtube.com/; 1
frame-ancestors 'self' https://app.storyblok.com https://www.waz.de https://widget.mcmakler.de/ https://das-immo-journal.de/ https://nebenan.de https://kampagnen.nebenan.de https://www.aktuelle-grundstueckspreise.de/ https://www.anwalt.org/ https://www.scheidung.org/ https://www.mietrecht.com/ https://www.schuldnerberatung.de/ https://www.degussa-bank.de/ https://www.hausverkauf.de/ https://www.miet-check.de/ https://www.ratgeber-eigentumswohnung.de/ https://www.miete-aktuell.de/ https://googleapis.com/ 1
frame-ancestors 'self' http://www.ponds.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
default-src https: https: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' https://www.pildorasdefe.net/cc-sty/nopre.css connect.facebook.net/es_LA/sdk.js 'unsafe-inline' *.googleapis.com apis.google.com https://platform.twitter.com; font-src 'self' apis.google.com https://platform.twitter.com *.gstatic.com data:; media-src 'self' https://platform.twitter.com apis.google.com; img-src 'self' apis.google.com * data:; object-src 'self'; base-uri 'none'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.marches-publics.info https://*.aws-achat.info https://code.jquery.com https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.google-analytics.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com; style-src 'self' 'unsafe-inline' https://*.marches-publics.info https://*.aws-achat.info; object-src 'none'; frame-ancestors 'self' https://*.awsolutions.fr https://*.achatsolutions.fr https://*.marcoweb.fr http://* https://*  ; 1
default-src 'none'; style-src https://cdn.stitchfiddle.com 'unsafe-inline' https://fonts.googleapis.com/; font-src https://cdn.stitchfiddle.com data: https://fonts.googleapis.com/ https://fonts.gstatic.com/ data:; img-src https://www.stitchfiddle.com https://cdn.stitchfiddle.com data: blob:; script-src www.stitchfiddle.com 'nonce-3IRe0l9Enl0HM1Z9' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; worker-src www.stitchfiddle.com; child-src www.stitchfiddle.com; connect-src https://www.stitchfiddle.com; frame-src www.stitchfiddle.com https://www.google.com/recaptcha/; object-src www.stitchfiddle.com; base-uri 'none';  report-uri https://www.stitchfiddle.com/ajax/log/csp; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.vimeo.com *.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' *.google.com *.gstatic.com player.vimeo.com; object-src 'none'; connect-src 'self' https://yoast.com; font-src 'self' data:; frame-src 'self' https://wykresy-pkpcargo2023.lkwadrat3.nazwa.pl https://www.google.com *.vimeo.com *.youtube.com; img-src 'self' data: https://mapa-lokomotyw.pkpcargo.com https://secure.gravatar.com; worker-src blob: 1
default-src 'none' ; prefetch-src 'self' *.favro.com favro.com  ; img-src 'self' data: *.favro.com favro.com https: ; font-src 'self' data: *.favro.com favro.com https://fonts.intercomcdn.com https://assets-global.website-files.com/ https://assets.website-files.com/ https://fonts.gstatic.com/ ; media-src 'self' *.favro.com favro.com js.intercomcdn.com ; script-src 'self' *.favro.com favro.com *.hotjar.com https://www.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://www.googleadservices.com/pagead/conversion_async.js https://www.google.com/pagead/ https://www.googleadservices.com/pagead/conversion/ https://connect.facebook.net/ https://tracking.g2crowd.com/attribution_tracking/conversions/ https://widget.intercom.io https://js.intercomcdn.com https://snippet.growsumo.com/growsumo.min.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com/ https://sc.lfeeder.com/ https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js https://assets-global.website-files.com/5eb8d3f3c300199312debf24/js/ https://assets.website-files.com/5eb8d3f3c300199312debf24/js/ https://ajax.googleapis.com/ajax/libs/webfont/ 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-PUK4uAowAIILmmLF0yVB4qyKfF9UeStgCS45Nw28mmQ='; style-src 'self' *.favro.com favro.com 'unsafe-inline' https://assets-global.website-files.com https://assets.website-files.com https://fonts.googleapis.com ; frame-src 'self' *.favro.com favro.com *.hotjar.com *.youtube.com https://intercom-sheets.com https://favrotemplates.com ; connect-src 'self' *.favro.com favro.com wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://*.intercom.io *.intercom.io https://uploads.intercomcdn.com https://grsm.io https://secure.adnxs.com/getuidj https://cdn.linkedin.oribi.io/ https://assets-global.website-files.com/5eb8d3f3c300199312debf24/ https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com/ ; child-src 'self' *.favro.com favro.com  ; form-action 'self' *.favro.com favro.com intercom.help ; manifest-src 'self' *.favro.com favro.com  ; object-src 'none'  ; report-uri https://favro.com/csp-reports ; 1
frame-ancestors 'self' https://dxpdev.cryosinternational.com https://dxptest.cryosinternational.com https://dxp.cryosinternational.com https://dxpcoredev.cryosinternational.com https://dxpcoretest.cryosinternational.com https://dxpcore.cryosinternational.com; media-src * data:; 1
frame-ancestors 'self' http://localhost:3000 https://anicrush.to https://anicrush.cc 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://zirk.us; img-src 'self' https: data: blob: https://zirk.us; style-src 'self' https://zirk.us 'nonce-65YoqrZaTaqVn3BAsDsCFA=='; media-src 'self' https: data: https://zirk.us; frame-src 'self' https:; manifest-src 'self' https://zirk.us; form-action 'self'; child-src 'self' blob: https://zirk.us; worker-src 'self' blob: https://zirk.us; connect-src 'self' data: blob: https://zirk.us https://cdn.masto.host wss://zirk.us; script-src 'self' https://zirk.us 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google-analytics.com https://unpkg.com https://cdn.mxpnl.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://*.weglot.com  https://cdn.cookielaw.org https://my.wpengine.com; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://www.google.com; img-src 'self' https://*.cookielaw.org data: https://dify.wpengine.com https://secure.gravatar.com https://wpengine.com https://www.google-analytics.com https://cdnjs.cloudflare.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https://app.optimizely.com; img-src * data: 1
frame-ancestors *.jogos123.net jogos123.net; 1
frame-ancestors 'self' grn-www.searay.com; 1
form-action 'self'; report-to csp-endpoint; upgrade-insecure-requests; 1
default-src 'self' https://my-estub.com https://www.snapengage.com/ http://storage.googleapis.com/code.snapengage.com/; script-src 'self' https://www.snapengage.com/ http://storage.googleapis.com/code.snapengage.com/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' https://www.snapengage.com/ https://storage.googleapis.com/code.snapengage.com/; frame-ancestors 'self'; 1
default-src 'self' https://designit-web.imgix.net https://designit.b-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://static.cloudflareinsights.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://ssl.google-analytics.com https://tagmanager.google.com https://connect.facebook.net https://www.eventbrite.com https://*.hs-scripts.com https://*.hsforms.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://secure.haig7anax.com https://static.hotjar.com https://script.hotjar.com https://*.hsadspixel.net https://snap.licdn.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://designit-web.imgix.net https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.no https://googleads.g.doubleclick.net https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://secure.spit0stge.com https://forms-eu1.hsforms.com https://*.hubspot.com https://*.hsforms.com https://px.ads.linkedin.com https://i.ytimg.com; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com https://www.eventbrite.com https://www.facebook.com https://embed.podcasts.apple.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://*.hsforms.com; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://api.craftcms.com https://www.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://idx.liadm.com https://*.hubspot.com https://*.hscollectedforms.net https://*.hsforms.com https://designit-web.imgix.net wss://ws.hotjar.com https://*.hotjar.io https://*.hubapi.com https://cdn.linkedin.oribi.io; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://*.hsforms.com; 1
default-src 'self';                 script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com https://www.googleoptimize.com *.mastercraft.com *.px.octillion.tv *.octillion.tv https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.clarity.ms/ *.doubleclick.net tagmanager.google.com www.googletagmanager.com *.livechatinc.com *.youtube.com *.google.com *.googleoptimize.com *.googleadservices.com *.livechat-static.com https://cdn.userway.org/widget.js *.userway.org *.usersnap.com *.zmags.com https://www.google.com/recaptcha/ *.gstatic.com *.widget.usersnap.com *.resources.usersnap.com https://ethn.io/ https://connect.facebook.net *.doubleclick.net *.facebook.net *.facebook.com https://bat.bing.com/bat.js *.bat.bing.com *.bing.com  https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://www.googleadservices.com https://googleads.g.doubleclick.net blob:;                 style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com *.livechatinc.com *.googleapis.com *.usersnap.com *.zmags.com *.mastercraft.com https://optimize.google.com https://fonts.googleapis.com;                 media-src 'self' *.livechatinc.com *.youtube.com *.google.com *.livechat-static.com *.mastercraft.com;                  object-src 'self' *.livechatinc.com *.youtube.com *.google.com *.mastercraft.com;                  img-src 'self' data: www.google-analytics.com *.livechatinc.com *.livechat-files.com *.i.ytimg.com https://www.google.com https://google.com *.googleads.g.doubleclick.net *.facebook.com *.bat.bing.com *.bing.com *.usersnap.com *.userway.org *.livechat-static.com *.w3.org http://www.w3.org/2000/svg http://www.w3.org/1999/xlink *.mastercraft.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com  *.googleusercontent.com https://www.youtube.com https://i.ytimg.com https://googleads.g.doubleclick.net data:;                 font-src 'self' fonts.gstatic.com *.userway.org *.widget.usersnap.com *.gstatic.com *.facebook.com *.googleads.g.doubleclick.net *.bat.bing.com *.bing.com *.mastercraft.com https://fonts.gstatic.com *.at.alicdn.com data:;                 connect-src 'self' *.userway.org *.px.octillion.tv *.octillion.tv https://*.google.com/ *.doubleclick.net *.clarity.ms *.usersnap.com *.mastercraft.com https://*.googleapis.com https://*.gstatic.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.google.com https://*.gstatic.com data: blob:;                 style-src-elem 'self' 'unsafe-inline' *.zmags.com *.userway.org fonts.googleapis.com *.userway.org *.cdn.userway.org *.mastercraft.com https://fonts.googleapis.com;                 worker-src blob:;                 frame-src mailto: tel: www.google.com www.youtube.com *.td.doubleclick.net https://*.td.doubleclick.net/ *.mastercraft.com https://bid.g.doubleclick.net https://td.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://hosted.where2getit.com/ https://cdn.userway.org/ https://optimize.google.com https://ethn.io/ *.google.com https://bid.g.doubleclick.net; 1
default-src 'none'; font-src 'self'; form-action 'self'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'none'; frame-ancestors 'none' 1
default-src 'self' data:; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://player.vimeo.com https://www.youtube.com https://statistik.kug.ac.at; style-src 'self' 'unsafe-inline'; connect-src 'self' https://statistik.kug.ac.at data:; img-src 'self' https://img.youtube.com https://tiles.wmflabs.org https://c.tile.openstreetmap.org; form-action 'self' https://search-kug.obvsg.at; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://services.phaidra.kug.ac.at; media-src 'self'; child-src 'self' blob: https://player.vimeo.com https://www.youtube.com 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-17ba2c613b5e4254b1ff8f473ccfc40d' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self' *.brandcdn.com *.adsrvr.org *.cloudfront.net https://www.youtube.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.brandcdn.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://ajax.googleapis.com https://code.jquery.com https://secure.gravator.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.demdex.net *.adsrvr.org https://azekco-media.s3.amazonaws.com https://s3.amazonaws.com https://www.google-analytics.com https://*.w.org https://secure.gravatar.com data:; font-src 'self' data:; 1
block-all-mixed-content; frame-ancestors *.cisco.com *.devnetcloud.com;frame-src docs.google.com www.youtube.com www.youtube-nocookie.com; report-uri https://qoeujrgmve.execute-api.ap-northeast-1.amazonaws.com/prod/report 1
base-uri 'self'; object-src 'self'; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd771a23f8cb1e4f45f24b5fd37e11a96&dd-evp-origin=content-security-policy&ddsource=csp-report; script-src 'nonce-r0QiTUpibHkMEMS0Knuc5JxCRZbhHio+' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http: 1
default-src 'self' https://maps.googleapis.com;script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com www.gstatic.com www.googletagmanager.com cookie-cdn.cookiepro.com;style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com;img-src 'self' https://secure.gravatar.com maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com https://telpark.cmspro.telpark.com https://www.googletagmanager.com https://www.google.es/ https://telpark.com/ https://stats.g.doubleclick.net data:;font-src 'self' fonts.googleapis.com fonts.gstatic.com data:; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/;connect-src 'self' https://*.google-analytics.com cookie-cdn.cookiepro.com https://maps.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://geolocation.onetrust.com https://region1.analytics.google.com https://stats.g.doubleclick.net/; 1
default-src 'self' blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://snap.licdn.com https://cmp.osano.com https://www.clarity.ms https://cl.qualaroo.com https://cdn.mouseflow.com https://js.adsrvr.org https://js.monitor.azure.com https://fxctag.com https://turbo.qualaroo.com https://maps.googleapis.com https://pi.pardot.com https://minerals.prep.global.weir https://www.google.com;script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://js.adsrvr.org https://js.monitor.azure.com https://cmp.osano.com https://fxctag.com https://cdn.mouseflow.com https://www.clarity.ms https://www.google-analytics.com https://snap.licdn.com https://*.qualaroo.com https://www.youtube.com https://maps.googleapis.com https://pi.pardot.com https://minerals.prep.global.weir https://esco.prep.global.weir https://www.gstatic.com https://go.esco.weir https://www.google.com https://s7.addthis.com https://player.vimeo.com https://adriano-au.avanser.com https://*.visualwebsiteoptimizer.com https://*.vwo.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.vwo.com;img-src 'self' data: https://www.google-analytics.com https://*.google.com https://s3.amazonaws.com https://*.clarity.ms https://match.adsrvr.org https://*.linkedin.com https://fxctag.com https://www.google.ca https://maps.googleapis.com https://www.googletagmanager.com https://www.google.com.au https://www.google.com.do https://www.google.co.za https://www.google.com.my https://www.google.co.id https://www.google.ie https://www.google.co.in https://www.google.com.pg https://www.google.com.pa https://pagead2.googlesyndication.com https://maps.gstatic.com https://www.google.es https://c.bing.com https://www.google.com.hk https://www.google.com.pe https://www.google.bf http://ad.doubleclick.net https://www.google.com.br https://i.ytimg.com https://stats.g.doubleclick.net https://www.google.co.uk https://*.visualwebsiteoptimizer.com;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.vwo.com data:;media-src 'self';frame-src 'self' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://*.tools.investis.com https://dntcl.qualaroo.com https://*.adsrvr.org https://www.google.com https://player.vimeo.com https://*.adsrvr.cn https://*.ceros.com https://www.connectidfeed.com/ https://*.vwo.com;report-uri https://cspreportviolations.report-uri.com/r/d/csp/reportOnly;worker-src blob:;connect-src 'self' wss: https://*.clarity.ms https://px.ads.linkedin.com https://dc.services.visualstudio.com https://*.osano.com https://pagead2.googlesyndication.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://vimeo.com https://*.google.com.au https://*.googleapis.com https://*.google.com.do https://*.google.com.pg https://*.google.com.hk https://*.visualwebsiteoptimizer.com https://*.vwo.com; 1
connect-src * blob: https://*.browser-intake-datadoghq.com https://*.browser-intake-us3-datadoghq.com https://*.logs.aon-cw.datadoghq.com https://*.logs.datadoghq.com https://api.segment.io;default-src 'self' aondentists.com *.aondentists.com aondentists.info *.aondentists.info aonattorneys.com *.aonattorneys.com aonattorneys.info *.aonattorneys.info hpsocover.com *.hpsocover.com hpsocover.info *.hpsocover.info nsocover.com *.nsocover.com nsocover.info *.nsocover.info aoncover.com *.aoncover.com aoncover.info *.aoncover.info aon7eleven.com *.aon7eleven.com coverwallet.com *.coverwallet.com *.intercom.io *.plaid.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com *.intercomcdn.com *.hotjar.com https://static.dwcdn.net https://www.slant.co/fonts/* https://use.typekit.net;frame-ancestors 'self' https://*.aon7eleven.com https://*.aondentists.com https://*.aonattorneys.com https://*.aoncover.com https://*.aondigital.com https://*.hpsocover.com https://*.nsocover.com https://*.coverwallet.com *.chasepaymentechhostedpay.com *.chasepaymentechhostedpay-var.com *.floridariskpartners.com *.reedinsla.com *.northimprovement.com *.cyber1insurance.com westcoastri.com *.jpeterassociates.com *.escueta-ins.com *.betterbind.com insuremybusines.com nyinsurance.us guava-ellipse-7mt4.squarespace.com *.wecare-insurance.com *.dcruzagency.com insurewithpen.com *.pattersonins.com https://lawyerspacific.com https://www.getinsuranceeasy.com https://www.bunkeryourrisk.com https://ald-ins.com https://www.riskwell.com https://www.insurancetrak.com https://nextgeninsurance.com https://adaptiveinsurance.net https://www.onguardinsurance.com https://www.sohiinsurance.com https://www.insuranceexchange.com *.thehartford.com https://qawww.thehartford.com;frame-src 'self' blob: *.aondentists.com *.aondentists.info *.aonattorneys.com *.aonattorneys.info *.hpsocover.com *.hpsocover.info *.nsocover.com *.nsocover.info *.aoncover.com *.aoncover.info *.aon7eleven.com *.coverwallet.com *.fatzebra.com.au *.filestackcontent.com *.stripe.com https://calendly.com *.plaid.com *.chasepaymentechhostedpay-var.com *.hotjar.com *.paypal.com *.amazon-adsystem.com https://www.chasepaymentechhostedpay.com *.cloudfront.net *.doubleclick.net https://cacentral1.pcipal.cloud https://useast1.pcipal.cloud https://documents.starrinsure.com/ https://bid.g.doubleclick.net https://optimize.google.com https://acordgen.s3-us-west-2.amazonaws.com/ https://js.braintreegateway.com https://assets.braintreegateway.com https://www.youtube.com https://app.getresponse.com https://www.google.com https://www.youtube.com https://s3.amazonaws.com https://datawrapper.dwcdn.net https://*.pinterest.com https://payment.thehartford.com https://qa-payment.thehartford.com https://qa2-payment.thehartford.com https://qawww.thehartford.com https://block.opendns.com https://aon-crha.okta.com;img-src * data: blob: https://optimize.google.com https://www.google-analytics.com;media-src https://js.intercomcdn.com;object-src 'self' *.aoncover.com *.filestackcontent.com;script-src 'self' data: blob: *.coverwallet.com 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.rawgit.com *.newrelic.com *.google.com *.googleadservices.com https://googleads.g.doubleclick.net https://app.getresponse.com https://platform-api.sharethis.com https://js.maxmind.com https://js.intercomcdn.com https://connect.facebook.net *.intercom.io *.salesforceliveagent.com *.auth0.com *.calendly.com *.stripe.com *.plaid.com *.filestackapi.com *.cloudflare.com *.sentry-cdn.com *.customer.io *.mxpnl.com *.segment.com *.segment.io *.cloudfront.net *.intercomcdn.com *.intercom.io *.googleapis.com *.browser.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.hotjar.com https://cdn.jsdelivr.net https://bat.bing.com *.paypal.com https://snap.licdn.com https://static.ads-twitter.com *.pingdom.net *.gstatic.com *.quora.com https://cdn.amplitude.com *.nr-data.net *.twitter.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://www.googleoptimize.com https://snap.licdn.com https://optimize.google.com https://js.braintreegateway.com https://unpkg.com/braintree-isomorphic-functions@1.0.14/lib/braintree-isomorphic-functions.js https://assets.braintreegateway.com https://unpkg.com/i18next@21.6.4/dist/umd/i18next.min.js https://a.mgid.com/mgsensor.js https://www.gstatic.com https://www.datadoghq-browser-agent.com https://register.feefo.com https://api.feefo.com/api/javascript/aon-digital https://register.feefo.com//feefo-widget-v2/js/feefo-widget.js https://register.feefo.com//feefo-widget-v2/js/*.feefo-widget.js https://static.mobilemonkey.com/js/business_0da5f9e5-4621-416b-b1af-f214726b0d72-07642078.js https://datawrapper.dwcdn.net/* https://datawrapper.dwcdn.net https://*.ubembed.com https://*.pinimg.com https://cdn.ywxi.net/js/1.js https://*.taboola.com https://tags.srv.stackadapt.com https://cdn.gbqofs.com https://*.usabilla.com https://analytics.tiktok.com https://*.resellerratings.com https://www.clarity.ms/tag/uet/* https://www.clarity.ms https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://qvdt3feo.com https://tags.srv.stackadapt.com/events.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://*.pinterest.com https://metrics1.aon.com;style-src 'self' 'unsafe-inline' https://app.getresponse.com *.googleapis.com *.filestackapi.com *.calendly.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://optimize.google.com https://assets.braintreegateway.com https://tags.srv.stackadapt.com https://register.feefo.com https://static.dwcdn.net https://static.dwcdn.net/css https://datawrapper.dwcdn.net https://datawrapper.dwcdn.net/lib/blocks https://*.resellerratings.com https://use.typekit.net https://p.typekit.net; 1
frame-ancestors 'self' *.prudential.com; img-src * data:; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.pgim.com *.jennison.com *.pgimquantitativesolutions.com *.pgimwadhwani.com *.aws.prudential.com cdn.pficdn.com *.pruvpcaws074.prudential.com *.scene7.com video.limelight.com assets.video.limelight.com *.llnw.net nexus.ensighten.com cdn.cookielaw.org service.maxymiser.net *.ceros.com *.highcharts.com *.everviz.com *.onetrust.com *.adobedtm.com placeimg.com *.demandbase.com *.mouseflow.com *.company-target.com *.bluekai.com *.doubleclick.net *.adsrvr.org *.google.com *.google.co.uk *.google.co.in *.google.de *.google.it *.google.fr *.google.es *.google.co.jp *.google.ca www.googletagmanager.com www.google-analytics.com www.googleadservices.com analytics.twitter.com static.ads-twitter.com t.co *.company-target.com bat.bing.com *.en25.com *.adsymptotic.com pixel.mathtag.com *.sc.omtrdc.net *.tt.omtrdc.net *.eloqua.com snap.licdn.com tags.bkrtx.com *.linkedin.com *.demdex.net pgim.piwik.pro pgim.containers.piwik.pro *.chartblocks.com cdnjs.cloudflare.com *.cloudfront.net *.micpn.com *.pub.sfmc-content.com *.prudential.com *.exacttarget.com match.prod.bidr.io id.rlcdn.com www.ssa.gov wave.webaim.org cm.everesttech.net cdn.linkedin.oribi.io *.clarity.ms *.bing.com prudentialglobalqa.112.2o7.net prudentialusprod.112.2o7.net *.googlesyndication.com *.adobedc.net 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' wss://tsock.us1.twilio.com/v3/wsconnect https://api.talkdeskapp.com https://talkdeskchatsdk.talkdeskapp.com https://qa-cdn-talkdesk.talkdeskdev.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://iris.epremiuminsurance.com https://www.paycomonline.net;    font-src 'self' https://talkdeskchatsdk.talkdeskapp.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com;    script-src 'unsafe-inline' 'unsafe-eval' 'self' https://talkdeskchatsdk.talkdeskapp.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ajax.googleapis.com http://ajax.googleapis.com https://www.googletagmanager.com;    style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;    frame-ancestors 'self' https://iris.epremiuminsurance.com;        img-src * 'self' data: https: https://iris.epremiuminsurance.com 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-xscJI5g6g9YIcdGXm6YMXg=='; 1
img-src 'self'; script-src 'self';  frame-ancestors 'self' https://www.kymmis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:3001 https://www.pxl.to https://app.pxl.to https://demo.pxl.to http://localhost:3000 https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.testimonial.to https://cdn.firstpromoter.com https://t.firstpromoter.com https://api.giphy.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.twitch.tv https://*.spotify.com https://unpkg.com https://nominatim.openstreetmap.org https://*.cdnfonts.com https://*.youtube-nocookie.com https://studio.pxl.to https://testimonial.to https://*.testimonial.to; img-src * data: 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' chrome-extension https: wss:; img-src https: data: blob:; object-src 'none'; frame-ancestors *.zurich.ch *.autosense.ch  'self'; worker-src blob:; 1
default-src 'self'; block-all-mixed-content; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://td.doubleclick.net https://www.youtube.com https://player.vimeo.com/video *.google.com https://consentcdn.cookiebot.com; img-src 'self' https://www.google.pl https://www.google.com https://*.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://*.googletagmanager.com https://wa-rekrutacja.ur.edu.pl https://consentcdn.cookiebot.com https://imgsct.cookiebot.com data:; script-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://a.omappapi.com https://snap.licdn.com https://connect.facebook.net https://www.google-analytics.com https://*.ur.edu.pl 'unsafe-eval' https://*.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://a.omappapi.com https://fonts.googleapis.com wa-rekrutacja.ur.edu.pl; connect-src 'self' https://googleads.g.doubleclick.net  https://www.google.com https://api.omappapi.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://pagead2.googlesyndication.com https://wa-rekrutacja.ur.edu.pl wss://wa-rekrutacja.ur.edu.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://consentcdn.cookiebot.com 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://infosecwriteups.com https://*.infosecwriteups.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src 'self' www.youtube.com www.google-analytics.com region1.google-analytics.com stats.g.doubleclick.net maps.googleapis.com;  child-src 'self' www.youtube.com www.youtube-nocookie.com www.google.com cse.google.com player.vimeo.com;  script-src https://localhost:* 'self' 'unsafe-inline' 'unsafe-eval' s.ytimg.com region1.google-analytics.com region1.analytics.google.com www.googletagmanager.com www.google-analytics.com cse.google.com cse.google.nl www.google.nl www.google.com www.youtube.com www.gstatic.com www.googleapis.com www.perplex.nl maps.google.com maps.googleapis.com;  style-src https://localhost:* 'self' 'unsafe-inline' www.google.com cse.google.com fonts.googleapis.com;  img-src https://localhost:* 'self' data: betaisalanl.perplex.eu services.perplex.eu region1.google-analytics.com region1.analytics.google.com www.google-analytics.com www.google.com www.googleapis.com clients1.google.com encrypted-tbn0.gstatic.com encrypted-tbn1.gstatic.com encrypted-tbn2.gstatic.com encrypted-tbn3.gstatic.com www.perplex.nl www.isala.nl maps.gstatic.com mt.googleapis.com maps.google.com maps.googleapis.com *.g.doubleclick.net https://isalajaarversl.wpengine.com www.gravatar.com;  font-src https://localhost:* 'self' data: fonts.gstatic.com;  form-action 'self' secure.ogone.com;  connect-src wss://localhost:* 'self' region1.google-analytics.com region1.analytics.google.com www.google-analytics.com;  report-uri https://perplex.report-uri.com/r/default/csp/enforce;  upgrade-insecure-requests;  block-all-mixed-content; 1
default-src 'self' data:; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://*.etracker.com; frame-src 'self' https://open.spotify.com https://mafo1.myaudience.de/ https://www.youtube-nocookie.com/; script-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://static.newsletter2go.com https://mafo1.myaudience.de https://static.etracker.com https://code.etracker.com https://www.etracker.de https://www.evergabe.nrw.de; style-src 'self' https://static.hotjar.com https://script.hotjar.com 'unsafe-inline'; object-src 'none'; worker-src 'none'; connect-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://api.newsletter2go.com https://www.etracker.de; img-src 'self' data: https://static.hotjar.com https://script.hotjar.com https://files.newsletter2go.com https://images.fdbserver.de https://mafo1.myaudience.de; font-src 'self' https://script.hotjar.com; upgrade-insecure-requests 1
report-uri https://services.madcapsoftware.com/api/CSPReport/Post;                                             default-src 'self' https://scripts.sirv.com https://*.sirv.com;                  manifest-src 'self' https://login.microsoftonline.com *.madcapsoftware.com;                  connect-src 'self' blob: *.litix.io/ https://embed-cloudfront.wistia.com/ https://distillery.wistia.com/ https://fast.wistia.com https://fast.wistia.net https://pipedream.wistia.com/ https://fast.wistia.net/embed/channel/ https://tracking.g2crowd.com/ https://google.com *.convertexperiments.com https://ws.zoominfo.com *.google-analytics.com *.analytics.google.com https://js.zi-scripts.com https://aorta.clickagy.com https://hemsync.clickagy.com https://settings.luckyorange.net https://in.visitors.live/ajax https://*.luckyorange.com https://madcap.sirv.com https://stats.sirv.com https://video.sirv.com https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://data.stbuttons.click/data https://api.hubapi.com https://forms.hscollectedforms.net https://cdn.linkedin.oribi.io https://consent-pref.trustarc.com https://analytics.google.com https://api-preview.luckyorange.com/public-auth https://www.g2.com https://www.googletagmanager.com https://fonts.gstatic.com https://public-auth-dot-lucky-orange.appspot-preview.com wss://realtime.luckyorange.com https://settings.luckyorange.com wss://*.visitors.live https://pubsub.googleapis.com https://api.luckyorange.com https://maps.googleapis.com https://www.google-analytics.com https://adservice.google.com/pagead/ https://dc.services.visualstudio.com https://f1.madcapsoftware.com https://scripts.sirv.com https://in.requestmetrics.com https://jsonapi.sajari.net https://l.sharethis.com https://stats.g.doubleclick.net https://www.cognitoforms.com https://www.google.com/pagead/ https://*.googleusercontent.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com https://www.google.ca https://www.google.ie https://www.google.co.uk https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/;                  font-src 'self' data: https://storage.googleapis.com/lucky-orange-public/fonts/ https://fast.wistia.com/assets/external/fonts/ https://use.fontawesome.com https://s3.amazonaws.com/luckyorange-clickstream/fonts/ https://consent.trustarc.com/ https://f1.madcapsoftware.com/websiteFonts/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com https://www.cognitoforms.com; form-action 'self' https://forms.hsforms.com/ *.google.com; frame-ancestors 'self' https://cdn.talentlms.com/madcappm/ https://madcappm.talentlms.com/ https://cdn.talentlms.com/engine/V2/ https://qasecurityheadersclickjacking1.mcoutputqa.com https://dssecurityheadersclickjacking.mcoutputdev.com https://dev.madcaprnd.com/client https://qa.madcaprnd.com https://app.storyblok.com;                  frame-src 'self' https://fast.wistia.com/ https://hemsync.clickagy.com https://f1.madcapsoftware.com https://madcap.sirv.com https://consent-pref.trustarc.com/ https://forms.hsforms.com https://www.youtube-nocookie.com https://www.g2.com https://optimize.google.com https://talk.hyvor.com *.google.com *.doubleclick.net *.googlesyndication.com https://c.sharethis.mgr.consensu.org https://js.driftt.com https://www.youtube.com https://calendly.com https://t.sharethis.com;                  img-src 'self' data: https://tools.luckyorange.com/messenger/img/ https://embed-ssl.wistia.com/ https://fast.wistia.com/ https://exceptions.hs-embed-reporting.com https://google.com/pagead/ https://stats.g.doubleclick.net https://pd.sharethis.com https://track.hubspot.com *.google-analytics.com *.analytics.google.com https://forms-na1.hsforms.com https://forms.hsforms.com https://consent-pref.trustarc.com/ https://consent.trustarc.com/ https://fonts.gstatic.com https://analytics.google.com https://www.g2.com https://optimize.google.com https://d10lpsik1i8c69.cloudfront.net https://*.privacysandbox.googleadservices.com https://assets.madcapsoftware.com https://*.linkedin.com https://linkedin.com https://www.linkedin.com https://ads.linkedin.com https://px.ads.linkedin.com https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com/collect https://prd.jwpltx.com/v1/jwplayer6/ping.gif https://www.google.com.mx/ https://www.google.com.ec https://www.google.com.ua https://www.google.co.uk https://www.google.ie https://www.google.ca https://f1.madcapsoftware.com https://googleads.g.doubleclick.net https://madcap.sirv.com https://maps.googleapis.com https://maps.gstatic.com https://platform-cdn.sharethis.com https://secure.gravatar.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://p.adsymptotic.com https://*.googleusercontent.com https://assets.madcapsoftware.com/branding/ https://l.sharethis.com https://www.googleadservices.com https://assets.madcapsoftware.com/websiteImages/ https://i.ytimg.com https://assets.calendly.com;                  media-src 'self' blob: data: https://webinararchive.madcapsoftware.com https://f1.madcapsoftware.com https://madcap.sirv.com https://video.sirv.com https://scripts.sirv.com https://js.driftt.com dai.google.com;                  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://fast.wistia.com/embed/medias/ https://fast.wistia.com/assets/external/ https://cdn-4.convertexperiments.com https://no-cdn.convertexperiments.com https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com https://djtflbt20bdde.cloudfront.net/ https://use.fontawesome.com/ https://js.hsforms.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js-na1.hs-scripts.com/ https://js.hs-banner.com https://js.hsadspixel.net https://consent.trustarc.com/ https://tracking.g2crowd.com/ https://static.cognitoforms.com/ https://d10lpsik1i8c69.cloudfront.net https://tools.luckyorange.com https://ssl.google-analytics.com https://optimize.google.com https://talk.hyvor.com https://connect.facebook.net/en_US/sdk.js https://platform-api.sharethis.com/js/sharethis.js https://t.sharethis.com https://www3.madcapsoftware.com/ https://tpc.googlesyndication.com/ https://www.google.com/pagead/ https://assets.madcapsoftware.com https://az416426.vo.msecnd.net https://buttons-config.sharethis.com https://cdn.requestmetrics.com https://googleads.g.doubleclick.net https://www.google.com https://js.driftt.com https://platform-api.sharethis.com https://scripts.sirv.com https://video.sirv.com https://madcap.sirv.com https://stats.sirv.com https://snap.licdn.com https://www.googleanalytics.com https://www.google-analytics.com https://google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com https://app.storyblok.com/f/storyblok-latest.js https://app.storyblok.com/f/storyblok-v2-latest.js https://www.googleadservices.com https://count-server.sharethis.com https://services.cognitoforms.com https://www.cognitoforms.com https://www.gstatic.com https://maps.googleapis.com https://www.madcapsoftware.com https://f1.madcapsoftware.com https://assets.calendly.com https://ssl.p.jwpcdn.com/;                  style-src 'self' 'unsafe-inline' https://tools.luckyorange.com/messenger/css/ https://fast.wistia.com/embed/channel/project/ https://use.fontawesome.com/ https://scripts.sirv.com https://www.googletagmanager.com/ https://optimize.google.com https://www3.madcapsoftware.com/ https://scripts.sirv.com/sirvjs/ https://fonts.googleapis.com https://www.cognitoforms.com https://www.madcapsoftware.com https://app.storyblok.com https://assets.calendly.com;                  worker-src blob:;                  child-src blob:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob:; 1
upgrade-insecure-requests; connect-src *.applicationinsights.azure.com *.clarity.ms *.liscr.com www.google-analytics.com; default-src 'self' *.liscr.com; font-src 'self' fonts.gstatic.com; frame-ancestors *.liscr.com; frame-src 'self' mailto: *.liscr.com secure.nmi.com; img-src 'self' data: *.clarity.ms *.liscr.com www.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monitor.azure.com *.clarity.ms www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.liscr.com fonts.googleapis.com; 1
frame-ancestors 'self' www2.suresupport.com; 1
default-src data: 'self' https://forms.office.com https://umap.openstreetmap.fr/ https://www.b2b-center.ru/ https://api.hh.ru/ https://*.doubleclick.net https://www.youtube.com https://bitrix.info https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com ;style-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/  https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com;img-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/ https://*.1c-bitrix-cdn.ru https://www.googletagmanager.com https://googleadservices.com  https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com data: blob:;script-src data: 'unsafe-inline' 'unsafe-eval' 'self' https://forms.office.com https://www.b2b-center.ru/ https://api.hh.ru/ https://www.googleadservices.com https://yastatic.net https://*.doubleclick.net https://www.gstatic.com https://bitrix.info https://cdnjs.cloudflare.com https://mod.calltouch.ru https://connect.facebook.net https://www.googletagmanager.com https://yandex.ru https://googleads.g.doubleclick.net https://www.google.com/ads/user-lists/ https://www.google.ru/ads/user-lists/ https://mc.yandex.ru https://api-maps.yandex.ru  http://*.maps.yandex.net https://*.facebook.com https://www.google.com https://stats.g.doubleclick.net https://www.google.ru https://www.google-analytics.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.youtube.com platform.twitter.com code.jquery.com connect.facebook.net web.facebook.com www.google-analytics.com cdnjs.cloudflare.com fonts.googleapis.com embedr.flickr.com widgets.flickr.com; connect-src 'self' https: blob: www.googletagmanager.com; img-src 'self' image.mfa.go.th syndication.twitter.com www.google.com www.google.co.th i.ytimg.com data: blob:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com; base-uri 'self'; form-action 'self'; font-src 'self' cdnjs.cloudflare.com data:; object-src 'self' wb.mfa.go.th; media-src 'self' blob: ;frame-src 'self' www.youtube.com www.facebook.com web.facebook.com platform.twitter.com syndication.twitter.com wb.mfa.go.th; frame-ancestors 'self' www.youtube.com www.facebook.com web.facebook.com wb.mfa.go.th; manifest-src 'self'; upgrade-insecure-requests 1
img-src *.ead.br data: 'self'; object-src 'self'; script-src 'self'  'report-sample'  'unsafe-inline'  'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.2/lazysizes.min.js static.cloudflareinsights.com https://www.google.com/recaptcha/api.js www.gstatic.com static.cloudflareinsights.com https://static.zenvia.com/embed/js/zenvia-chat.min.js 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://code.jquery.com/ https://clients3.weblink.com.au/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com/gtm.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/hotjar-2877749.js https://www.google-analytics.com/analytics.js https://connect.facebook.net/en_US/fbevents.js https://ws.zoominfo.com/pixel/615b474d39247c001cc2f2f2 https://www.googletagmanager.com/gtag/js https://script.hotjar.com/modules.5dca1694a4338dade13b.js https://connect.facebook.net/signals/config/1761455807365259 https://connect.facebook.net/signals/config/685668156287079 https://pi.pardot.com/pd.js https://pi.pardot.com/analytics https://marketing.aes.com/analytics https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js https://js-agent.newrelic.com/async-api.6bb277af-1225.min.js https://js-agent.newrelic.com/lazy-loader.48127245-1225.min.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://cdn.cookielaw.org/consent/27cd7b43-53f3-46bb-9267-e0af03db8d70/OtAutoBlock.js https://siteintercept.qualtrics.com https://googleads.g.doubleclick.net https://zn9sohtzqeoni8wpq-aescorp.siteintercept.qualtrics.com https://cdn.cookielaw.org/scripttemplates/202209.1.0/otBannerSdk.js https://zncwhklt9qhc4tztc-aescorp.siteintercept.qualtrics.com https://www.google.co.in/pagead https://www.gstatic.com/recaptcha/releases https://script.hotjar.com https://js-agent.newrelic.com https://bam.nr-data.net https://connect.facebook.net https://apps.mypurecloud.com https://dhqbrvplips7x.cloudfront.net https://www.googleadservices.com/ https://www.gstatic.com/ https://cdn.cookielaw.org/ https://eb2.3lift.com/ https://www.google.co.in/ https://pippio.com/ https://widgets.hive.genesys.com/ https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/cxbus.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/widgets-core.min.js https://d2uinmo2bcbdsn.cloudfront.net/pureconnect-widgets/91/plugins/webchat.min.js https://d2uinmo2bcbdsn.cloudfront.net/ https://snap.licdn.com/ https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js http://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/gsap.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.5/ScrollTrigger.min.js https://cdnjs.cloudflare.com/ajax/libs/jarallax/2.1.3/jarallax.min.js https://pym.nprapps.org/pym.v1.min.js http://cdn.jsdelivr.net http://d3js.org/d3.v4.min.js http://cdnjs.cloudflare.com http://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.7.0/Chart.min.js http://cdnjs.cloudflare.com/ajax/libs/chartjs-plugin-doughnutlabel/2.0.3/chartjs-plugin-doughnutlabel.js https://static.hotjar.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d3js.org https://platform.twitter.com https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://www.aes-ohio.com/report-uri/enforce 1
default-src 'self' 'unsafe-inline' https://colesonline.sc.omtrdc.net https://colessupermarketspty.tt.omtrdc.net https://nebula-cdn.kampyle.com;script-src 'self' 'unsafe-inline' https://www.colesgroupprofile.com.au https://assets.adobedtm.com https://cm.everesttech.net https://colesonline.demdex.net https://dpm.demdex.net https://adobedc.demdex.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://*.googletagmanager.com https://www.adservice.google.com https://analytics.google.com;connect-src https://api.colesgroupprofile.com.au https://dc.services.visualstudio.com https://assets.adobedtm.com https://cm.everesttech.net https://colesonline.demdex.net https://dpm.demdex.net https://colesonline.sc.omtrdc.net https://colessupermarketspty.tt.omtrdc.net https://adobedc.demdex.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://cdn.decibelinsight.net https://collection.decibelinsight.net wss://collection.decibelinsight.net https://*.googletagmanager.com https://analytics.google.com https://*.g.doubleclick.net;img-src 'self' data: https://assets.adobedtm.com https://cm.everesttech.net https://colesonline.demdex.net https://dpm.demdex.net https://colesonline.sc.omtrdc.net https://adobedc.demdex.net https://nebula-cdn.kampyle.com https://udc-neb.kampyle.com https://*.googletagmanager.com https://analytics.google.com https://*.google.com.au;object-src 'self' data:;frame-src 'self' data: https://assets.adobedtm.com https://colesonline.demdex.net https://dpm.demdex.net https://adobedc.demdex.net https://nebula-cdn.kampyle.com; 1
frame-src 'self' https://media.chelseapiers.com https://playbook.chelseapiers.com https://www.chelseapiers.com https://www.chelseapiersct.com https://signs.reachcm.com https://www.fitmetrix.io https://www.youtube.com https://bid.g.doubleclick.net https://apps.dashplatform.com https://apps2.dashplatform.com https://pr.dashplatform.com www.googletagmanager.com https://snapwidget.com https://www.paycomonline.net https://www.today.com https://abcnews.go.com https://w3.cdn.anvato.net http://players.brightcove.net https://giphy.com https://www.goodmorningamerica.com https://player.vimeo.com https://dockwa.com/ https://chelseapiers.zohobookings.com https://crmplus.zoho.com https://widgets.resy.com/ https://www.opentable.com/ https://forms.zohopublic.com https://salesiq.zohopublic.com/ https://apps.daysmartrecreation.com https://fitness.chelseapiers.com 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-d7f5cfc7-0baf-46c3-bf51-1adbf09e38dd' https://www.google.com/recaptcha/api.js; 1
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com; style-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com 'unsafe-inline'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com 'unsafe-inline'; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://res.cloudinary.com data: 1
default-src 'self'; manifest-src *; child-src 'none'; worker-src 'self'; frame-src https://youtube.com https://www.youtube.com https://platform.twitter.com https://embed.tidal.com https://w.soundcloud.com https://www.mixcloud.com https://open.spotify.com https://player.twitch.tv https://embed.music.apple.com https://embed.wavlake.com https://challenges.cloudflare.com; style-src 'self' 'unsafe-inline'; connect-src *; img-src * data: blob:; font-src 'self'; media-src * blob:; script-src 'self' 'wasm-unsafe-eval' https://platform.twitter.com https://embed.tidal.com https://challenges.cloudflare.com; 1
frame-ancestors simedarby.com *.simedarby.com youtube.com *.youtube.com facebook.com *.facebook.com vimeo.com *.vimeo.com; report-uri /report-csp-violation 1
frame-ancestors 'none' script-src 'self' discoveryeducation.com *.discoveryeducation.com 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self'; font-src 'none'; connect-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'none'; report-uri https://dnet.report-uri.com/r/d/csp/enforce 1
script-src 'self' 'unsafe-inline' https://8p5hc7qtxsbb.statuspage.io https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com/ https://tagmanager.google.com https://*.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://app.mavenoid.com https://www.google.com/ https://www.google-analytics.com/ https://8p5hc7qtxsbb.statuspage.io https://www.googletagmanager.com https://*.easee.cloud https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; img-src * https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com data:; font-src 'self' https://app.mavenoid.com https://fonts.gstatic.com/ https://*.easee.com data; connect-src 'self' https://payment-production-receipts-bundles.s3.eu-west-1.amazonaws.com https://o442183.ingest.sentry.io https://api.mavenoid.com *.easee.cloud wss://*.easee.cloud wss://*.easee.com https://*.beta.easee.cloud https://*.easee.com https://8p5hc7qtxsbb.statuspage.io/ https://www.google-analytics.com https://logs.browser-intake-datadoghq.eu/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://www.youtube.com https://8p5hc7qtxsbb.statuspage.io/ https://www.google.com/; frame-ancestors https://easee.zendesk.com/ https://*.apps.zdusercontent.com/ 1
default-src 'self' ;script-src 'self' 'unsafe-inline' data: *.googleapis.com *.twitter.com *.facebook.net www.googleadservices.com www.gstatic.com www.google.com google.com google.co.uk http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io use.fontawesome.com storage.bannernow.com c.bannerflow.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com www.gstatic.com tagmanager.google.com maxcdn.bootstrapcdn.com cdn-images.mailchimp.com use.fontawesome.com fonts.bunny.net;img-src 'self' * data:;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com fonts.bunny.net use.fontawesome.com;connect-src 'self' fonts.googleapis.com insights.hotjar.com wss://*.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;frame-src 'self' www.google.com vars.hotjar.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io storage.bannernow.com c.bannerflow.net;worker-src 'self' self blob: 'unsafe-inline'; 1
default-src 'self' ; script-src 'self' 'nonce-3a8ae3a7-e13a-44df-b306-ada6a9686b36' https://*.googletagmanager.com https://www.googletagmanager.com/gtm.js https://attacker.com/test.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://www.google.com/recaptcha/api.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons@4.28.0/dist/feather.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.min.js https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js  https://s.apac01.idio.episerver.net/ia.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js  https://cdn.jsdelivr.net.test.js  https://test.com/scripts/b/ai.2.min.js https://cdn.jsdelivr.net/npm/test/dist/feather.min.js https://js.monitor.azure.com/scripts/b/ai.2.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js https://cdn.jsdelivr.net/npm/feather-icons@4.29.0/dist/feather.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.4/tiny-slider.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta2/dist/css/bootstrap.min.css https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://83202.global.siteimproveanalytics.io https://www.google-analytics.com/collect https://i.vimeocdn.com/video/ https://a.apac01.idio.episerver.net https://www.googletagmanager.com https://9146450.fls.doubleclick.net https://ad.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://js.monitor.azure.com/scripts/b/ai.2.min.js; font-src 'self' https://fonts.gstatic.com; object-src 'none'; ; frame-src 'self' https://www.youtube.com/ https://player.vimeo.com/ https://embed.podcasts.apple.com/ https://www.google.com/ https://iframes.perpetualequity.com.au/ https://events.miraqle.com https://www.podbean.com/ https://9146450.fls.doubleclick.net https://omny.fm/shows/the-point-professional-investing-in-australia-with/ https://omny.fm/shows/nights/ https://service-defaultp.production.shootsta.com/; child-src 'self' https://www.google.com/; 1
default-src 'none';font-src 'self';style-src 'self' *.stripe.com;img-src 'self' data: *.stripe.com ;connect-src 'self'; form-action 'self' *.mobilecheckin.net ;object-src 'none';base-uri 'none';script-src 'self' 'nonce-ZSun567s' *.stripe.com; media-src 'self';frame-src 'self' *.stripe.com *.youtube.com; frame-ancestors *.stripe.com *.youtube.com; 1
default-src 'self' *.googlesyndication.com mywishlist.ru *.w3.org finance.ua *.google.com.ua googleads.g.doubleclick.net *.google.com img.gismeteo.ru partner.googleadservices.com; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; manifest-src 'self' feed.pghub.io pandg.tapad.com ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; media-src * blob: 'unsafe-inline' ; 1
default-src 'self'; font-src 'self'; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' hello.myfonts.net; 1
default-src 'self'; frame-ancestors 'self' https://*.aon.bz https://aonverzekering.nl https://*.aonverzekeringen.nl https://*.meeus.com https://meeus.com https://*.nkc.nl https://nkc.nl; img-src 'self' https: data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://www.facebook.com/tr https://ad.doubleclick.net https://px.ads.linkedin.com storage.googleapis.com/storyteq-content-delivery-pqenr3o6/ prd.jwpltx.com https://optimize.google.com https://*.visualwebsiteoptimizer.com https://*.vwo.com; worker-src 'self' blob: https://www.aonverzekeringen.nl; style-src 'self' 'unsafe-inline' https://www.aonverzekeringen.nl fast.fonts.net https://fonts.googleapis.com https://storage.googleapis.com/storyteq-video-player/dist/video-js.min.css https://storage.googleapis.com/storyteq-video-player/dist/video-js-theme.min.css https://tagmanager.google.com https://optimize.google.com https://*.visualwebsiteoptimizer.com https://*.vwo.com; font-src 'self' https://www.aonverzekeringen.nl fast.fonts.net https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io data: https://optimize.google.com https://*.visualwebsiteoptimizer.com https://*.vwo.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.aonverzekeringen.nl https://www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com tagmanager.google.com https://*.hotjar.com https://*.hotjar.io https://js-agent.newrelic.com https://bam.nr-data.net https://cloudstatic.obi4wan.com https://*.pusher.com https://connect.facebook.net https://fls.doubleclick.net https://snap.licdn.com https://www.googleadservices.com https://ad.doubleclick.net https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://maps.googleapis.com/ https://storage.googleapis.com/storyteq-video-player/dist/storyteq-video-player.min.js https://content.jwplatform.com/libraries/oNX7JPx1.js https://ssl.p.jwpcdn.com/player/v/ https://bat.bing.com https://www.google.com/pagead/conversion_async.js https://*.adform.net https://*.cookielaw.org https://*.onetrust.com https://www.googleoptimize.com https://optimize.google.com https://cdn.linkedin.oribi.io https://*.aonverzekeringen.nl https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.live.wem.io; connect-src 'self' ws: https://www.aonverzekeringen.nl https://api.aonverzekeringen.nl *.hotjar.com *.hotjar.io https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://bam.nr-data.net https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://obipubvideo.s3.eu-central-1.amazonaws.com https://app.obi4wan.ai https://stats.g.doubleclick.net api.storyteq.com/ https://bat.bing.com https://maps.googleapis.com/ https://*.cookielaw.org https://*.onetrust.com https://optimize.google.com https://cdn.linkedin.oribi.io https://*.aonverzekeringen.nl https://*.visualwebsiteoptimizer.com https://*.vwo.com; media-src storage.googleapis.com/storyteq-content-delivery-pqenr3o6/; frame-src 'self' https://*.aonverzekeringen.nl https://*.nkc.nl https://www.finly.nl https://*.nl.aon.bz *.aon.nl *.aondirect.nl https://*.hotjar.com https://*.hotjar.io https://*.youtube-nocookie.com https://meeus.webpower.eu https://players.brightcove.net https://*.fls.doubleclick.net https://mijnschademelding-accp.mendixcloud.com/SSO/ https://mijnschademelding.mendixcloud.com/ https://iam.aon.com/app/aon_cedmyconnectaccp_1/exk74j30d2Fu6sksU357/sso/saml https://optimize.google.com https://*.visualwebsiteoptimizer.com https://*.live.wem.io https://*.vwo.com https://directdoorgaan.nl; form-action 'self' https://mijnschademelding-test.mendixcloud.com/login/ https://mijnschademelding-accp.mendixcloud.com/login/ https://mijnschademelding.mendixcloud.com/login/ https://ced-schademelding-accp.aonverzekeringen.nl/login/ https://ced-schademelding.aonverzekeringen.nl/login/ https://ced-schademelding-test.nkc.nl/login/ https://ced-schademelding-accp.nkc.nl/login/ https://ced-schademelding.nkc.nl/login/ https://ced-schademelding-accp.aonverzekeringen.nl/preflight/ https://ced-schademelding.aonverzekeringen.nl/preflight/ https://ced-schademelding-test.nkc.nl/preflight/ https://ced-schademelding-accp.nkc.nl/preflight/ https://ced-schademelding.nkc.nl/preflight/; object-src 'none'; base-uri https://www.aonverzekeringen.nl 1
frame-ancestors 'self' shop.eriks.nl *.shop.eriks.nl; upgrade-insecure-requests; script-src eriks.nl *.eriks.nl *.shop.eriks.nl *.vimeo.com *.cookiebot.com unpkg.com blueconic.net *.blueconic.net *.marketo.net pages.eriks.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com apeagle.io *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com dqm.crownpeak.com *.twimg.com *.twitter.com twitter.com *.facebook.net *.cobrowser.com *.google.com *.gstatic.com *.hsforms.net *.hsforms.com *.elfsight.com snap.licdn.com static.hotjar.com script.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com ubembed.com *.ubembed.com js.ubembed.com *.js.ubembed.com c.leadlab.click 'self' 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.smoove.io https://*.wix.com https://*.editorx.com 1
default-src 'self' *.edenred.be *.edenredcdn.com *.edenred.io *.edenred.sk *.mojedenred.sk *.hungryminds.host *.edenred.net *.edenred.com *.zendesk.com *.zdassets.com *.outspot.be *.youtube.com *.msecnd.net tag.aticdn.net wrflkmr.pa-cd.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.edenred.be *.edenred.io *.edenred.sk *.edenredcdn.com *.mojedenred.sk *.edenred.net *.edenred.com *.zendesk.com *.zdassets.com *.google.com www.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleapis.com *.googletagservices.com maxcdn.bootstrapcdn.com *.onetrust.com *.cookielaw.org *.windows.net *.jquery.com tag.aticdn.net wrflkmr.pa-cd.com tagmanager.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.net www.facebook.com *.linkedin.com *.licdn.com bat.bing.com;object-src 'self' *.edenredcdn.com *.google.com www.googletagmanager.com *.zendesk.com *.zdassets.com *.google-analytics.com *.googletagservices.com *.edenred.net *.edenred.io *.edenred.com tag.aticdn.net wrflkmr.pa-cd.com;style-src 'self' 'unsafe-inline' *.edenredcdn.com *.google.com *.googleapis.com *.windows.net *.cookielaw.org *.onetrust.com *.edenred.net *.edenred.com *.edenred.be *.mojedenred.sk *.edenred.sk;img-src 'self' * data: *.edenredcdn.com *.google.com *.doubleclick.net *.cookielaw.org *.facebook.net www.facebook.com *.linkedin.com *.licdn.com bat.bing.com;media-src 'self' *.youtube.com *.edenredcdn.com;frame-src 'self' *.edenred.be *.edenredcdn.com *.edenred.net *.edenred.io *.edenred.com *.edenred.sk *.mojedenred.sk *.zendesk.com *.zdassets.com *.outspot.be *.netdna-ssl.com *.youtube.com *.gstatic.com *.google.com *.emsecure.net *.azurewebsites.net tag.aticdn.net wrflkmr.pa-cd.com;font-src 'self' data: *.edenredcdn.com *.googleapis.com *.gstatic.com *.edenred.net *.edenred.com;connect-src 'self' *.edenred.be *.edenred.com *.edenredcdn.com *.edenred.io *.hungryminds.host *.zendesk.com *.zdassets.com *.youtube.com *.visualstudio.com *.cookielaw.org *.googleapis.com *.google-analytics.com tag.aticdn.net wrflkmr.pa-cd.com *.google.com *.doubleclick.net bat.bing.com *.linkedin.com www.facebook.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com;base-uri 'self' *.edenred.be *.edenredcdn.com *.edenred.io *.edenred.sk *.mojedenred.sk *.hungryminds.host *.edenred.net *.edenred.com *.zendesk.com *.zdassets.com *.outspot.be *.youtube.com tag.aticdn.net wrflkmr.pa-cd.com *.google-analytics.com www.googletagmanager.com tagmanager.google.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.net www.facebook.com *.linkedin.com *.licdn.com bat.bing.com;child-src 'self' *.edenred.be *.edenred.io *.edenred.sk *.mojedenred.sk *.hungryminds.host *.edenred.net *.edenred.com *.outspot.be *.netdna-ssl.com *.youtube.com *.gstatic.com *.google.com *.googleapis.com *.emsecure.net tag.aticdn.net wrflkmr.pa-cd.com *.google-analytics.com www.googletagmanager.com tagmanager.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.net www.facebook.com *.linkedin.com *.licdn.com bat.bing.com;form-action 'self' *.edenred.net *.edenred.com *.edenred.io;frame-ancestors 'self' *.edenred.be *.edenred.io *.edenred.sk *.mojedenred.sk;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' 'unsafe-inline' https://*.klaviyo.com; style-src 'self' 'unsafe-inline' https://*.google.com https://*.googletagmanager.com https://*.trustedshops.com https://*.klaviyo.com https://*.klarnacdn.net https://*.storyblok.com https://fonts.googleapis.com https://orbitvu.co https://*.orbitvu.co https://orbitvu.cloud https://*.orbitvu.cloud; media-src 'self' 'unsafe-inline' https://static.zdassets.com https://*.storyblok.com https://*.vimeo.com https://*.akamaized.net https://d33wubrfki0l68.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.etracker.de https://code.etracker.com https://*.smooch.io https://js.sentry-cdn.com https://*.mouseflow.com https://track.revend.ai https://*.redditstatic.com https://*.clarity.ms https://widget.trustpilot.com https://sc-static.net https://*.snapchat.com https://analytics.tiktok.com https://*.netlify.com https://*.netlify.app https://*.cookiebot.com https://*.impactradius-event.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.trustedshops.com https://js.klarna.com https://*.klarnaservices.com https://*.klarnauserservices.com https://*.klarnaevt.com https://*.klaviyo.com https://*.twitter.com https://*.ads-twitter.com https://*.googletagmanager.com https://*.google.com https://polyfill.io https://*.affirm.com https://*.ytimg.com https://*.googleadservices.com https://*.bing.com https://*.facebook.net https://*.google-analytics.com https://*.doubleclick.net https://*.zopim.com https://*.zendesk.com https://ekr.zdassets.com https://*.youtube.com https://*.googleapis.com https://*.gstatic.com https://*.googlesyndication.com https://static.zdassets.com https://d10zminp1cyta8.cloudfront.net https://cdnjs.cloudflare.com https://career.recruitee.com https://*.convertflow.co https://*.storyblok.com https://*.recaptcha.net https://orbitvu.co https://*.orbitvu.co https://orbitvu.cloud https://*.orbitvu.cloud https://*.soundboks.com https://*.i.posthog.com; connect-src 'self' https://*.clarity.ms https://*.etracker.de wss://*.smooch.io https://*.smooch.io https://*.mouseflow.com https://ekr.zendesk.com https://*.myshopify.com https://*.facebook.com https://analytics.tiktok.com https://*.snapchat.com https://*.doubleclick.net https://track.revend.ai https://analytics.pangle-ads.com https://imp.i127484.net https://bat.bing.com https://soundboks.zendesk.com https://soundboks.imgix.net https://*.cookiebot.com https://js.klarna.com https://*.klarnaservices.com https://*.klarnauserservices.com https://*.klarnaevt.com https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.soundboks.com https://sentry.io https://*.sentry.io https://*.ip-api.com https://*.rollbar.com https://*.klaviyo.com https://*.kmail-lists.com https://*.affirm.com https://*.google.com https://*.google-analytics.com https://*.googlesyndication.com https://*.zdassets.com wss://*.zopim.com wss://*.zendesk.com https://api.storyblok.com wss://socket.storyblok.com https://career.recruitee.com https://orbitvu.co https://*.orbitvu.co https://orbitvu.cloud https://*.orbitvu.cloud https://maps.google.com https://*.googleapis.com https://*.redditstatic.com https://*.i.posthog.com; img-src 'self' data: blob: https://*.netlify.app https://*.shopify.com https://*.soundboks.com https://*.twitter.com https://*.zendesk.com https://*.twitter.com https://alb.reddit.com https://*.googletagmanager.com https://*.clarity.ms https://*.trustedshops.com https://*.buttercms.com https://*.snapchat.com http://*.hotjar.com https://analytics.tiktok.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://images.unsplash.com https://*.loggly.com https://soundboks.imgix.net https://*.klarnaservices.com https://*.klarnauserservices.com https://*.atdmt.com https://*.fbcdn.net https://*.facebook.com:* https://*.bing.com https://*.klaviyo.com https://*.cdninstagram.com https://t.co https://*.google-analytics.com https://*.google.com https://*.google.dk https://*.google.se https://*.gstatic.com https://*.googleapis.com https://*.facebook.com https://*.doubleclick.net https://*.cloudfront.net https://*.youtube.com https://i.ytimg.com https://v2assets.zopim.io https://*.zopim.com https://*.amazonaws.com https://*.storyblok.com https://static.zdassets.com https://orbitvu.co https://*.orbitvu.co https://orbitvu.cloud https://*.orbitvu.cloud https://imgsct.cookiebot.com; font-src 'self' data: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://*.klarnacdn.net https://widgets.trustedshops.com https://fonts.gstatic.com https://fonts.googleapis.com d33wubrfki0l68.cloudfront.net https://*.storyblok.com https://*.zopim.com https://*.amazonaws.com; frame-ancestors 'self' https://buttercms.com https://app.storyblok.com https://netlify.app https://*.youtube.com; frame-src https://widget.trustpilot.com https://js.klarna.com https://*.snapchat.com https://*.netlify.com https://*.soundboks.com https://*.cookiebot.com https://*.amazonaws.com https://*.hotjar.com https://*.doubleclick.net http://*.hotjar.io https://*.hotjar.io https://*.klarnaservices.com https://*.facebook.com https://*.affirm.com https://*.zopim.com https://*.google.com https://*.recaptcha.net https://*.youtube.com; object-src 'none'; 1
frame-ancestors 'self' https://www.vodafone.de https://kabel.vodafone.de https://gigakombi.vodafone.de 1
default-src 'self'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://tagmanager.google.com https://*.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://js.appboycdn.com https://polyfill.io https://analytics.tiktok.com https://cdn.pdst.fm 'sha256-tugJqoPf7X2uqHgOWaae7aTIM3YprRfpRxsis23ke8Q=' 'sha256-ZhFP87cciS37uYEvdfRm4n49sodK2ZxPv7jiEYYS5i8=' 'sha256-zhPZteDOZxJblI6dgWh+atU2QJ64sivXUL15V31StCk=' 'sha256-aG6kMMHdH/Z9hK+eMaZJANrW2wsK8sGYz5UyFH+i3/o=' 'sha256-XPnKX8fj+vZrtZAoom2lMV0etZnxXrjAf7yWO4QeLaM=' 'sha256-iAydicCfNoGpOAtTWXbvR8Yzp1eueUQZrA16wIE1OL4=' 'sha256-pSpy+pBPy0HUQiY46i94MfLT2EoGVnP2733S63YC1og=' 'sha256-KKNq/1OtpqYzS4u4dTttf3kz3uCITT0ZYPGgTIzOmoo=' 'sha256-8dsSIGz252sz7rOLTvszqt/2gCg33KX3RJxjLtKxwMA=' 'sha256-uK3yorDdOTqp0AyWRVqBW/qKtFZ8jyTpHWQBWEPtEGA=' 'sha256-1R0R5FKN+G/4swwDHMpqIDgVMcCJFZ8fhAIwvCudQ7c=' 'sha256-cshYyI2jskutxB0i89pcV+W2nPo5iJIXE+1oL1ufyAU=' 'sha256-6hNtX4kWtSgUDaXQfYFXPC3Tzi0I6aBJ4qTGDy2Dasw=' https://staticcdn.co.nz; connect-src 'self' https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://*.sharesies.com https://*.uat.opsies.net.nz https://sdk.iad-05.braze.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.nz https://*.google.ca https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://www.google-analytics.com https://rs.sharesies.com https://cdn.growthbook.io https://assets.ctfassets.net https://cdn.contentful.com https://api.convertkit.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://api.hsforms.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://hello.myfonts.net https://tagmanager.google.com https://use.fontawesome.com; font-src 'self' data: https://fonts.gstatic.com https://js.intercomcdn.com https://use.fontawesome.com; img-src 'self' data: https://*.sharesies.com https://*.uat.opsies.net.nz https://*.sharesies.nz https://*.sharesies.com.au https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://*.intercomcdn.com https://*.intercomassets.com https://fairfax.demdex.net https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://adservice.google.co.nz https://adservice.google.com.au https://www.googleadservices.com https://*.google.co.nz https://*.google.ca https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://www.facebook.com https://connect.facebook.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://appboy-images.com https://braze-images.com https://cdn.braze.eu https://images.ctfassets.net https://sharesies.imgix.net https://beacon.krxd.net https://i.ytimg.com https://staticcdn.co.nz; media-src 'self' https://*.intercomcdn.com https://videos.ctfassets.net; frame-src https://intercom-sheets.com https://anchor.fm https://www.youtube.com https://embed.podcasts.apple.com https://open.spotify.com https://podcasters.spotify.com https://embed-standalone.spotify.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://omny.fm https://td.doubleclick.net/ https://staticcdn.co.nz; manifest-src 'self'; 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src 'unsafe-inline' 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://cdn.perfdrive.com https://maps.googleapis.com/ static.hotjar.com script.hotjar.com www.gstatic.com bat.bing.com googleads.g.doubleclick.net www.googleadservices.com www.google.com connect.facebook.net www.google-analytics.com code.jquery.com cdnjs.cloudflare.com www.googletagmanager.com; style-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-hashes' code.jquery.com https://fonts.googleapis.com; object-src 'none'; frame-src *.google.com https://tpc.googlesyndication.com www.google.com www.youtube.com vars.hotjar.com; child-src 'none'; img-src 'self' https://servicios.bipdrive.com:8196 https://hopper.bipdrive.com:8196 https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com connect.facebook.net *.google-analytics.com data: www.google.it bat.bing.com www.google.com.py googleads.g.doubleclick.net maps.googleapis.com www.facebook.com www.google.es www.google.com maps.gstatic.com www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.hotjar.io https://cas.avalon.perfdrive.com wss://*.hotjar.com https://googleads.g.doubleclick.net https://*.googleapis.com *.google.com https://*.gstatic.com wss://wsp39.hotjar.com https://adservice.google.com wss://wsp27.hotjar.com https://region1.analytics.google.com wss://wsp18.hotjar.com in.hotjar.com vc.hotjar.io www.google.com bat.bing.com www.bipdrive.com www.google-analytics.com stats.g.doubleclick.net; manifest-src 'none'; base-uri 'self'; form-action 'self' https://www.bipdrive.com/; media-src 'self' www.bipdrive.com; worker-src 'none'; 1
frame-ancestors 'self'  *.dastelefonbuch.de *.schatten.dastelefonbuch.de *.telefonbuch.de *.meinungsmeister.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: wss://*.hotjar.com wss://*.zopim.com http://*.hotjar.com:* http://*.hotjar.io http://*.googletagmanager.com http://*.google-analytics.com http://*.gstatic.com http://*.googleapis.com http://*.youtube.com http://*.facebook.com http://*.facebook.net http://*.ads-twitter.com http://*.twitter.com http://t.co http://*.doubleclick.net http://*.adform.net http://*.clarovideo.net http://*.claromusica.com http://*.adsrvr.org http://*.claropr.com https://*.hotjar.com:* https://*.hotjar.io https://*.googletagmanager.com https://*.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://*.twitter.com https://t.co https://www.google.com https://*.doubleclick.net https://*.adform.net https://*.clarovideo.net https://*.claromusica.com https://*.adsrvr.org https://*.claropr.com https://fonts.gstatic.com https://empresas.claropr.com https://mt0.google.com https://mt1.google.com https://mt2.google.com https://mt3.google.com https://*.userway.org https://api-prod-pr.prod.clarodigital.net https://api-prod-general.prod.clarodigital.net https://code.jquery.com https://cdnjs.cloudflare.com https://*.caspio.com https://*.clarity.ms https://www.google.com.mx; media-src mediastream:; 1
frame-ancestors 'self'; frame-src https://ims2.dpgmedia.be https://www.youtube.com https://www.tiktok.com https://www.instagram.com https://player.vimeo.com https://go.advertising.dpgmedia.be https://be.dpgmediagroup.com https://go.dpgmediagroup.com https://go.dpgmedia.nl https://anchor.fm https://vars.hotjar.com https://cmp.jezofficial.be https://ls.hit.gemius.pl http://ls.hit.gemius.pl https://advertising-module.api.dpgmedia.cloud https://www.google.com https://open.spotify.com; 1
frame-ancestors 'none'; default-src 'self' blob: https://*.smit.ee https://*.smit.prelive https://talendipank.ee wss://*.smit.ee; script-src 'self' 'unsafe-eval' blob: https://smit.ee https://*.smit.ee https://*.gstatic.com https://*.googleapis.com https://*.google.com https://piwik.smit.ee https://youtube.com https://*.youtube.com 'unsafe-inline'; img-src 'self' data: https://placehold.it https://*.gstatic.com https://*.googleapis.com https://*.google.com https://piwik.smit.ee https://*.smit.ee https://*.youtube.com https://tiles.maaamet.ee; style-src 'self' 'unsafe-inline' https://*.google.com; font-src 'self'; frame-src 'self' https://*.youtube.com https://*.facebook.com https://*.google.com; object-src https://www.smit.ee https://*.www.smit.ee 1
default-src 'self' *; img-src 'self' * blob: data: www.facebook.com www.google-analytics.com www.google.com www.gstatic.com *.opera.hu opera.hu; child-src 'self' *.google.com *.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com www.youtu.be player.vimeo.com flo.uri.sh insight.adsrvr.org *.opera.hu opera.hu kelesys.opera.hu; form-action 'self' syndication.twitter.com platform.twitter.com www.facebook.com; frame-ancestors 'self'; frame-src 'self' 'unsafe-inline' *.google.com *.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com www.youtu.be player.vimeo.com flo.uri.sh insight.adsrvr.org *.opera.hu opera.hu match.adsrvr.org www.pinterest.com hu.pinterest.com ct.pinterest.com open.spotify.com kelesys.opera.hu; connect-src 'self' www.google-analytics.com client.crisp.chat wss://client.relay.crisp.chat www.facebook.com stats.g.doubleclick.net ct.pinterest.com *.opera.hu opera.hu cdn.linkedin.oribi.io analytics.tiktok.com region1.google-analytics.com  maps.googleapis.com www.google.hu region1.analytics.google.com kelesys.opera.hu; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com apis.google.com www.googletagmanager.com www.google-analytics.com platform.twitter.com facebook.com www.facebook.com platform.twitter.com connect.facebook.net cookiescriptcdn.pro *.crisp.chat cdnjs.cloudflare.com public.flourish.studio  www.googleadservices.com googleads.g.doubleclick.net static.ads-twitter.com s.pinimg.com js.adsrvr.org snap.licdn.com *.youtube.com  maps.googleapis.com googleapis.com analytics.twitter.com analytics.tiktok.com kelesys.opera.hu; font-src 'self' * blob: data: fonts.gstatic.com *.crisp.chat; style-src 'self' fonts.googleapis.com googleapis.com 'unsafe-inline' cookiescriptcdn.pro *.crisp.chat cdnjs.cloudflare.com googleads.g.doubleclick.net; object-src 'self' * kelesys.opera.hu 1
frame-ancestors 'self' *.bunq.com *.bunq.net 1
connect-src 'self' surveys.enalyzer.com https://*.servmetric.com *.readspeaker.com ;default-src 'self' ;font-src 'self' data: *.typekit.net ;form-action 'self' https://easionsurvey.parantion.nl https://apps.parantion.nl ;frame-ancestors 'self' ;frame-src 'self' surveys.enalyzer.com *.formdesk.com *.govmetric.com *.youtube-nocookie.com *.youtube.com *.storing24.nl gis.apeldoorn.nl https://*.google.com ;img-src 'self' gis.apeldoorn.nl https://www.toegankelijkheidsverklaring.nl https://*.govmetric.com https://*.global.siteimproveanalytics.io https://i.ytimg.com ;script-src 'self' surveys.enalyzer.com *.formdesk.com *.readspeaker.com 'nonce-BuitenlnScr' 'nonce-SiteImp' ajax.googleapis.com *.youtube.com https://*.servmetric.com https://*.govmetric.com https://siteimproveanalytics.com https://*.google.com ;style-src 'self' 'nonce-BuitenlnSty' *.typekit.net *.readspeaker.com https://*.servmetric.com https://*.govmetric.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://celeb-lb-prod.danskebank.com https://consent.cookiebot.com https://s2.adform.net https://siteimproveanalytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://assets.adobedtm.com https://snap.licdn.com https://www.linkedin.com https://px.ads.linkedin.com https://imasdk.googleapis.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleusercontent.com https://android.com https://windowsphone.com *.qbrick.com *.dna.ip-only.net *.112.2o7.net https://danskebank.dk *.danskebank.dk *.danskebank.no *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://dpm.demdex.net https://static.licdn.com https://w3.org https://fbcdn.net https://cloud-emea.analytics-egain.com https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com *.qualtrics.com https://www.danskeinvest.no https://www.danskeinvest.fi https://code.highcharts.com *.googlesyndication.com; object-src 'self' video.qbrick.com; frame-src 'self' https://9861163.fls.doubleclick.net  https://shared-logon.danskebank.com https://authorize.omniture.com https://sitecatalyst.omniture.com *.demdex.net https://priips.danskebank.com https://www.danskeinvest.dk https://android.com https://windowsphone.com video.qbrick.com *.112.2o7.net *.danskebank.dk *.danskebank.no *.danskebank.fi https://danid.dk *.facebook.com *.facebook.net https://facebook.net https://*.facebook.net https://twitter.com *.omtrdc.net https://static.licdn.com https://w3.org https://fbcdn.net https://analytics.analytics-egain.com https://track.adform.net https://linkmaker.itunes.apple.com https://www.danskeinvest.no/ *.qualtrics.com; 1
frame-ancestors 'self' https://*.lexus.fi https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com chat.g2khosting.com www.googletagmanager.com connect.facebook.net www.google-analytics.com; 1
default-src 'self'; script-src 'self'; script-src-elem 'self'; script-src-attr 'self'; style-src 'self'; style-src-elem 'self'; style-src-attr 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self'; frame-ancestors 'self' https://scripts.zdv.uni-mainz.de; form-action 'self' metager.org metager.de 1
frame-ancestors 'self' *.sf.gov *.sfgov.org *.ca.gov sf.courts.ca.gov sf-fire.org sfport.com sfpublicdefender.org www.flysfo.com www.sfanimalcare.org www.sfartscommission.org asianart.org www.sfassessor.org sfbos.org www.calacademy.org www.dcyf.org www.sfcityattorney.org www.sfhsa.org www.sfcdcp.org sfdistrictattorney.org sfenvironment.org www.sfdph.org sfethics.org www.famsf.org sfplanning.org sfdhr.org www.sfmta.com sfocii.org www.sfpuc.org www.sfpublicworks.org sfrecpark.org www.sfcityhallevents.org mysfers.org sfhss.org sfpl.org www.sfusd.edu www.sfsheriff.com sftreasurer.org fwarmemorial.org; report-uri /report-csp-violation 1
form-action 'self'; upgrade-insecure-requests; 1
frame-ancestors 'self' sdk-cdn.onlineaccess1.com sdk-stg.onlineaccess1.com online.dfcufinancial.com aus-temporary.q2ebanking.com; upgrade-insecure-requests; 1
default-src 'none';base-uri 'self';style-src 'self' 'unsafe-inline' https: fonts.googleapis.com;font-src 'self' https: data:;img-src 'self' https: data:;media-src 'self' https:;script-src blob: icepanel.io www.youtube.com/iframe_api www.youtube.com/s/player/;form-action 'none';connect-src https: wss: api-js.mixpanel.com;manifest-src 'self' https:;frame-src https: youtube.com www.youtube.com;frame-ancestors 'none';upgrade-insecure-requests; 1
default-src https:; style-src https: 'unsafe-inline'; 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-eval' 'unsafe-inline' https:; style-src 'unsafe-inline' https:; worker-src https: data: blob:; 1
frame-ancestors https://*.envoituresimone.com http://localhost:* ionic://localhost *.kameleoon.com *.kameleoon.eu *.kameleoon.io 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src 'unsafe-inline' 'unsafe-eval' data: blob: https:; connect-src https: data: blob:; font-src https: data:; img-src https: data:; form-action 'self' https:; object-src https:; media-src blob: data: https:; style-src https: 'unsafe-inline'; frame-ancestors 'self' https://static.mysph.sph.com.sg; upgrade-insecure-requests; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'         use.fontawesome.com *.googlesyndication.com *.google-analytics.com  telfordhomes.london www.telfordhomes.london fonts.googleapis.com fonts.gstatic.com         consent.cookiebot.com consentcdn.cookiebot.com pbs.twimg.com www.googletagmanager.com *.analytics.google.com         static-ssl.responsetap.com www.youtube.com youtube.com www.google-analytics.com static.hotjar.com         i.ctnsnet.com connect.facebook.net tags.crwdcntrl.net analytics.tiktok.com pixel.mathtag.com         service.giosg.com www.google.co.uk maps.gstatic.com *.hotjar.com *.hotjar.io www.gstatic.com         *.teads.tv *.typekit.net *.typekit.com *.homeviews.com *.adsrvr.org p.teads.tv www.facebook.com         telfordmaster.appealstaging.co.uk         *.youtube.com *.vimeo.com *.vimeocdn.com         maps.googleapis.com www.google.com google.com bcp.crwdcntrl.net *.doubleclick.net *.responsetap.com; 1
frame-ancestors 'self' https://www.naturalhr.com; 1
frame-ancestors 'self' https://frida.main.messefrankfurt.com/ 1
script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://services.mypetcloud.com https://quote.figopetinsurance.com https://wonderful-grass-0bd7e0310.3.azurestaticapps.net/ https://*.sleeknote.com https://*.gstatic.com https://*.adobedtm.com https://sc-static.net https://*.licdn.com https://*.pinimg.com https://*.pinterest.com https://*.rackcdn.com http://*.rtb123.com https://*.oribi.io https://*.f7egtrk.com https://*.googletagmanager.com https://*.contentful.com https://*.ctfassets.net https://*.snapchat.com https://*.tiktok.com https://*.acsbapp.com https://acsbapp.com https://*.gonorth.io https://*.doubleclick.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.com.mx https://*.google.ca https://*.redditstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://figotp.force.com https://static.lightning.force.com https://*.visualforce.com https://*.documentforce.com https://*.googleapis.com https://*.azurewebsites.net https://*.reddit.com https://*.googleadservices.com https://*.adsymptotic.com http://script.crazyegg.com https://*.figopetinsurance.com https://*.mypetcloud.com https://ptzinsurance.tt.omtrdc.net https://figo.my.site.com https://www.google-analytics.com https://*.tapad.com https://pippio.com https://*.hotjar.io https://*.hotjar.com/ https://*.simpli.fi https://*.google-analytics.com https://*.rtb123.com http://*.crazyegg.com https://*.hotjar.com https://ptzinsurance.tt.omtrdc.net https://google.com https://sync.1rx.io http://*.xtlo.net https://*.xtlo.net https://*.salesforce-sites.com https://*.stackadapt.com https://*.bing.com https://*.clarity.ms https://*.googlesyndication.com https://*.pangle-ads.com https://*.exct.net https://pvdpix.com https://player.vimeo.com https://vimeo.com http://cdn.evgnet.com https://cdn.evgnet.com; frame-ancestors 'self' data: https://wonderful-grass-0bd7e0310.3.azurestaticapps.net/ https://figo.my.salesforce.com/ https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.visualforce.com https://*.documentforce.com https://*.googleadservices.com https://*.acsbapp.com https://app.contentful.com https://*.diamondasaservice.com https://*.clarity.ms https://*.stackadapt.com https://*.bing.com https://player.vimeo.com https://vimeo.com; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: ws: wss: data: https://services.mypetcloud.com https://quote.figopetinsurance.com https://wonderful-grass-0bd7e0310.3.azurestaticapps.net/ https://*.sleeknote.com https://*.gstatic.com https://*.adobedtm.com https://sc-static.net https://*.licdn.com https://*.pinimg.com https://*.pinterest.com https://*.rackcdn.com http://*.rtb123.com https://*.oribi.io https://*.f7egtrk.com https://*.googletagmanager.com https://*.contentful.com https://*.ctfassets.net https://*.snapchat.com https://*.tiktok.com https://*.acsbapp.com https://acsbapp.com https://*.gonorth.io https://*.doubleclick.net https://*.linkedin.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.com.mx https://*.google.ca https://*.redditstatic.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://figotp.force.com https://static.lightning.force.com https://*.visualforce.com https://*.documentforce.com https://*.googleapis.com https://*.azurewebsites.net https://*.reddit.com https://*.googleadservices.com https://*.adsymptotic.com http://script.crazyegg.com https://*.figopetinsurance.com https://*.mypetcloud.com https://ptzinsurance.tt.omtrdc.net https://figo.my.site.com https://www.google-analytics.com https://*.tapad.com https://pippio.com https://*.hotjar.io https://*.hotjar.com/ https://*.simpli.fi https://*.google-analytics.com https://*.rtb123.com http://*.crazyegg.com https://*.hotjar.com https://ptzinsurance.tt.omtrdc.net https://google.com https://sync.1rx.io http://*.xtlo.net https://*.xtlo.net https://*.salesforce-sites.com https://*.stackadapt.com https://*.bing.com https://*.clarity.ms https://*.googlesyndication.com https://*.pangle-ads.com https://*.exct.net https://pvdpix.com https://player.vimeo.com https://vimeo.com http://cdn.evgnet.com https://cdn.evgnet.com; 1
report-uri https://fifauteam.com/ 1
default-src *; img-src * blob: data:; style-src 'unsafe-inline' *; script-src 'unsafe-inline' 'unsafe-eval' *; font-src * data:; frame-src 'self' *.cxf-public-multisite.prod-mul-we-cxf.michelin.fr *.youtube.com *.google.com *.hcaptcha.com www.googletagmanager.com *.doubleclick.net *.pixlee.com *.pixlee.co empower.my.salesforce.com 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.piano.io *.tinypass.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net cdn.ampproject.org *.googlesyndication.com adservice.google.com *.ampproject.net cdn.linkedin.oribi.io forms.hubspot.com forms.hscollectedforms.net api.hubapi.com js.hs-banner.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thecyberwire.com *.piano.io *.tinypass.com www.npttech.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net code.jquery.com pay.gocardless.com cdn.ampproject.org snap.licdn.com js-na1.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com js.hsadspixel.net; frame-src 'self' *.tinypass.com *.megaphone.fm *.vimeo.com *.youtube.com cyberwire.wufoo.com *.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: i.vimeocdn.com www.googletagmanager.com www.google.com translate.google.com *.google-analytics.com *.analytics.google.com www.gstatic.com *.linkedin.com *.adsymptotic.com forms.hsforms.com track.hubspot.com; media-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; report-uri /csp/report 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.googletagmanager.com *.google.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com cdn.ampproject.org https://unpkg.com/@google/ https://js.hs-banner.com https://js.hsadspixel.net https://js.hscollectedforms.net https://*.userway.org *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com maxcdn.bootstrapcdn.com https://*.userway.org 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.googletagmanager.com https://stats.g.doubleclick.net https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.userway.org *.eloqua.com *.google-analytics.com 'self' https://delicious.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: maxcdn.bootstrapcdn.com https://*.userway.org; frame-src 'self' *.google.com https://*.userway.org forms.hsforms.com; connect-src accounts.google.com *.gstatic.com *.googleapis.com https://api.hubapi.com https://forms.hubspot.com https://*.userway.org localhost:3000 ws://localhost:3000 *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' forms.hubspot.com *.hsforms.com; media-src 'self' https://*.userway.org data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com web.facebook.com badge.stumbleupon.com https://*.userway.org/ *.googleapis.com https://www.google.com platform.twitter.com 1
default-src 'self'; frame-src 'self' https://pitc-posa-prod.ocp.cloudscale.puzzle.ch/puzzle/activity https://www.youtube.com https://www.openstreetmap.org https://www.gstatic.com https://www.google.com https://widget.allourideas.org https://unpkg.com https://assets7.lottiefiles.com; font-src 'self' https://fonts.gstatic.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://matomo.puzzle.ch https://www.google.com https://www.gstatic.com https://unpkg.com https://assets7.lottiefiles.com blob:; connect-src 'self' https://unpkg.com https://assets7.lottiefiles.com https://matomo.puzzle.ch; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' googletagmanager.com *.facebook.net/ cdn.cookielaw.org/ google-analytics.com/ assets.zendesk.com/ https: http:; script-src-attr 'self' 'unsafe-inline' https: http:; base-uri 'none'; 1
default-src 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self';style-src 'unsafe-inline' 'self';object-src 'none';base-uri 'self';connect-src 'self' https://app.tryroll.com https://nftx.ethereumdb.com https://raw.githubusercontent.com https://umaproject.org https://unpkg.com https://www.gemini.com https://yearn.science https://rpc-mainnet.lachain.io https://api.thegraph.com;font-src 'self';frame-src 'self';img-src 'self' data: https://lachain.io https://etherscan.io https://s2.coinmarketcap.com https://upload.wikimedia.org https://cryptologos.cc https://raw.githubusercontent.com https://offchainlabs.com https://st3.latoken.com;manifest-src 'self';media-src 'self';worker-src 'none'; 1
default-src 'self' muenzeoesterreich.at *.muenzeoesterreich.at;         worker-src blob:;         connect-src 'self' stats.g.doubleclick.net login506.piwik.pro login506.containers.piwik.pro             eu-api.friendlycaptcha.eu nominatim.openstreetmap.org;         font-src 'self' fonts.gstatic.com player.podigee-cdn.net data:;         frame-src www.youtube.com player.podigee-cdn.net login506.piwik.pro login506.containers.piwik.pro             www.youtube-nocookie.com test.mpay24.com www.mpay24.com;         img-src 'self' login506.containers.piwik.pro login506.piwik.pro maps.omniscale.net;         script-src 'self' googleads.g.doubleclick.net             login506.piwik.pro login506.containers.piwik.pro             'nonce-VgIlaMfAN5dCAEr/15X4WJCD';         script-src-elem 'self' openlayers.org www.googleadservices.com googleads.g.doubleclick.net             login506.piwik.pro login506.containers.piwik.pro secure.adnxs.com pxl.jivox.com             player.podigee-cdn.net routing.eps.or.at track.adform.net s2.adform.net www.youtube.com             'nonce-VgIlaMfAN5dCAEr/15X4WJCD';         style-src 'self' secure.adnxs.com;         style-src-elem 'self' fonts.googleapis.com player.podigee-cdn.net openlayers.org             'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs='             'sha256-DtJ0G5eArSV7tvvFUUeV7iyiWfBGflIkRW64/tmMWUk=' 'sha256-UUAiPi6sSmGSyHT1S5Ra837pVZL+ia6mR7BdEvi6zRA='              'nonce-VgIlaMfAN5dCAEr/15X4WJCD';         base-uri 'self';         object-src 'none';         report-to csp-endpoint;         report-uri https://reports.austrian-mint.at 1
default-src 'self';font-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';frame-ancestors 'none' 1
frame-ancestors 'self' https://wood.showpad.biz https://www.wood.showpad.biz https://www.wood.showpad.com https://wood.showpad.com 1
default-src 'self' https://www.stepstone.com *.plausible.io ; img-src 'self' https://cdn.sanity.io/ https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ data:; script-src 'self' https://plausible.io/js/script.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';  font-src 'self'; media-src 'self' https://www.thestepstonegroup.com https://cdn.sanity.io/ https://cdnjs.cloudflare.com/ajax/libs/flag-icon-css/ ; frame-src 'none'; object-src 'none'; connect-src 'self' https://www-preview.stepstone.com  https://47f7bu3mk7pdr26z6rc4f4gxzu0pbuqn.lambda-url.eu-central-1.on.aws/  https://plausible.io/ *.plausible.io https://plausible.io ; 1
default-src 'self' static.searchinform.ru searchinform.ru;
            font-src    'self' static.searchinform.ru fonts.gstatic.com maxcdn.bootstrapcdn.com;
            img-src     'self' https://* http://* data: blob:;
            style-src   'self' 'unsafe-inline' https://* http://*;
            script-src  'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com facecast.net googleads.g.doubleclick.net  maxcdn.bootstrapcdn.com static.searchinform.ru www.google-analytics.com www.googleadservices.com www.googletagmanager.com mc.yandex.ru connect.facebook.net snap.licdn.com cdnjs.cloudflare.com www.google.com www.gstatic.com *.jivosite.com *.jivo.ru *.yandex.ru yandex.ru yandex.com searchinform.ru yastatic.net *.webvisor.com *.webvisor.org ;
            child-src   'self' facecast.net www.google.com www.gstatic.com anketa.searchinform.ru bid.g.doubleclick.net www.youtube-nocookie.com www.youtube.com *.doubleclick.net *.yandex.ru yandex.ru;
            connect-src 'self' wss: *.jivo.ru *.jivosite.com mc.yandex.ru www.google-analytics.com stats.g.doubleclick.net static.searchinform.ru *.googlesyndication.com *.yandex.md *.google.com;
            media-src   'self' *.jivosite.com *.jivo.ru;
         1
default-src 'self' 'unsafe-inline' google.com *.google.com gstatic.com *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' google.com *.google.com gstatic.com *.gstatic.com yandexcloud.net *.yandexcloud.net; style-src 'unsafe-inline' *; img-src *; media-src *; frame-src https://privetmir.ru https://form.privetmir.ru https://www.google.com https://smartcaptcha.yandexcloud.net; 1
frame-ancestors 'self' http://lseg.com http://www.lseg.com http://www.mtsmarkets.com http://mtsmarkets.com https://www.unavista.com https://www.unavista.londonstockexchange.com https://lseg.com https://www.lseg.com https://www.mtsmarkets.com https://mtsmarkets.com http://refinitiv.lookbookhq.com https://refinitiv.lookbookhq.com http://resourcehub.refinitiv.com https://resourcehub.refinitiv.com http://www.refinitiv.com https://www.refinitiv.com http://refinitiv.pathfactory.com https://refinitiv.pathfactory.com 1
upgrade-insecure-requests; frame-ancestors 'self'  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.fundlater.com.au *.invest.rask.com.au; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.google.com.au *.google.ca *.gstatic.com *.google-analytics.com *.googleadservices.com *.pingdom.net js.hs-analytics.net *.cloudfront.net js-agent.newrelic.com *.doubleclick.net *.nr-data.net *.mastersoftgroup.com *.quantserve.com *.idmanagedsolutions.com *.addthis.com *.xg4ken.com *.lightboxcdn.com *.brightcove.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.cloudflare.com *.onmodulus.net *.bootstrapcdn.com *.tradingroom.com.au *.services.visualstudio.com *.azurewebsites.net *.windows.net *.msecnd.net *.bing.com  is-ff-cdn-www.azureedge.net is-gb-cdn-www.azureedge.net is-rs-cdn-www.azureedge.net is-pz-cdn-www.azureedge.net is-ct-cdn-www.azureedge.net is-jw-cdn-www.azureedge.net is-develop-cdn-www.azureedge.net is-uat-cdn-www.azureedge.net is-master-stg-cdn-www.azureedge.net  *.investsmart.com.au *.intelligentinvestor.com.au *.eurekareport.com.au *.fundlater.com.au *.invest.rask.com.au *.yourshare.com.au image.mail.eurekareport.com.au ii-uploads.s3.amazonaws.com *.intercom.io wss://*.intercom.io *.intercom.com *.intercomcdn.com *.intercomassets.com intercom-sheets.com dnn506yrbagrg.cloudfront.net/pages/scripts/0018/4016.js *.crazyegg.com s3.amazonaws.com/trk.cetrk.com/ gtrk.s3.amazonaws.com *.disqus.com disqus.com *.disquscdn *.disquscdn.com *.typekit.net pub.s7.exacttarget.com cl.s7.exct.net *.coveritlive.com *.segment.com *.segment.io *.kissmetrics.com https://pixel.tapad.com  *.adsrvr.org *.quantcount.com *.dianomi.com *.jquery.com cdn.jsdelivr.net *.highcharts.com *.mypropertytools.com.au *.static.omnilife.com.au static.omnilife.com.au outlook.office365.com  placehold.it placeholdit.imgix.net fakeimg.pl fullstory.com *.fullstory.com *.facebook.net *.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* ws://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.mixpanel.com *.mxpnl.com *.bugherd.com *.bugsnag.com https://omny.fm/ marketo.net *.marketo.net *.mktoresp.com app-sn04.marketo.com *.dacast.com *.viglink.com *.pusher.com ws://*.pusherapp.com wss://*.pusherapp.com *.bloomberg.com *.afr.com *.2gb.com *.forbes.com *.smh.com.au *.economist.com *.asx.com.au *.abc.net.au *.skynews.com.au *.theaustralian.com.au *.seniorsnews.com.au *.appcues.com *.firebaseio.com *.firebase.com appcues-quickstart.s3-us-west-2.amazonaws.com *.cloudinary.com *.appcues.net appcues-content-api-prod.herokuapp.com nh436jpc4i.execute-api.us-west-2.amazonaws.com 104cl9psz3.execute-api.us-west-2.amazonaws.com wss://api.appcues.net wss://*.firebaseio.com calendly.com *.calendly.com https://portal.ttds.com.au/ http://thetermdepositshop.com.au/ *.inspectlet.com https://*.buzzsprout.com www.buzzsprout.com *.imgix.net vimeocdn.com *.vimeocdn.com vimeo.com *.vimeo.com *.zoho.com abr.business.gov.au https://www.googleoptimize.com *.reviews.io *.reviews.co.uk *.redditstatic.com *.reddit.com *.spotify.com *.taboola.com pixel.byspotify.com evnt.byspotify.com streamyard.com *.streamyard.com https://streamyard.com/ *.oktopost.com *.okt.to okt.to *.linkedin.com *.licdn.com *.oribi.io *.googlesyndication.com analytics.tiktok.com playlist.megaphone.fm dev.visualwebsiteoptimizer.com *.wistia.com *.framer.com blob: *.rask.com.au *.raskmedia.com.au  *.rask.com.au *.googleusercontent.com 1
default-src 'self' https://miro.com https://player.vimeo.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.sgfleet.com https://apps.jobadder.com sgintau-gqlgateway-api.azurewebsites.net api-dev.sgfleet.com sgintauwwwstorage.blob.core.windows.net dc.services.visualstudio.com *.googletagmanager.com www.google-analytics.com *.google-analytics.com tagmanager.google.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.proxy.sgfleet.com clients.yomdel.com accounts.google.com *.marketo.com *.hotjar.com *.msecnd.net *.licdn.com *.youtube.com *.doubleclick.net https://miro.com 'self' 'unsafe-inline' 'unsafe-eval' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://pages.sgfleet.com sgintauwwwstorage.blob.core.windows.net tagmanager.google.com *.marketo.com *.hotjar.com *.msecnd.net *.licdn.com *.youtube.com *.doubleclick.net 'self' 'unsafe-inline' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.jato.com https://apps.jobadder.com *.google.com.au *.google.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.capnetwork.co.uk images.capnetwork.co.uk *.linkedin.com *.doubleclick.net *.vimeocdn.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-ancestors 'self' https://taxtools.motivagroup.co.uk/ https://miro.com  https://player.vimeo.com; connect-src accounts.google.com *.sgfleet.com https://dc.services.visualstudio.com https://content.hotjar.io wss://ws.hotjar.com/api/v2/client/ws *.hotjar.com *.marketo.com *.google.com *.mktoresp.com https://miro.com https://dc.services.visualstudio.com/v2/track' *.googlesyndication.com https://google.com *.google-analytics.com *.doubleclick.net https://maps.googleapis.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://apply.jobadder.com/ https://pages.sgfleet.com/ https://servicebooking.fleetassist.co.uk/ https://atlas.fleetassist.co.uk/ https://www.google.com/ *.marketo.com *.hotjar.com *.msecnd.net *.licdn.com *.youtube.com *.doubleclick.net https://taxtools.motivagroup.co.uk/ https://player.vimeo.com 'self' web-chat.nativechat.com; frame-src https://player.vimeo.com *.doubleclick.net https://www.google.com/ https://pages.sgfleet.com https://servicebooking.fleetassist.co.uk https://taxtools.motivagroup.co.uk https://atlas.fleetassist.co.uk *.marketo.com *.jobadder.com 'self' forms.hsforms.com web-chat.nativechat.com 1
frame-ancestors 'self' https://*.ph-karlsruhe.de; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src https: data: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; style-src https: data: 'unsafe-eval' 'unsafe-inline'; connect-src https: data:; font-src https: data:; upgrade-insecure-requests; 1
default-src 'self' *.facebook.com ; img-src * data: 'self' ; style-src 'self' 'unsafe-inline' unpkg.com fonts.googleapis.com qscdn.azureedge.net cdnjs.cloudflare.com cdn.jsdelivr.net partstream.arinet.com *.fontawesome.com unpkg.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com cdnjs.cloudflare.com cdn.jsdelivr.net *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.com *.facebook.net *.doubleclick.net *.google.no *.klarna.com *.klarnaevt.com services.arinet.com partstream.arinet.com *.fontawesome.com *.dibspayment.eu unpkg.com ; connect-src 'self' adressesok.posten.no cdnjs.cloudflare.com cdn.jsdelivr.net *.googletagmanager.com *.google.com *.google-analytics.com *.doubleclick.net *.facebook.com *.klarna.com *.klarnaevt.com services.arinet.com ; font-src data: 'self' fonts.googleapis.com fonts.gstatic.com qscdn.azureedge.net cdnjs.cloudflare.com *.fontawesome.com ; frame-src * data: 'self'; child-src * data: 'self'; 1
default-src 'self' *.kinoplan.io; report-uri https://sentry.kinoplan.tech/api/13/csp-report/?sentry_key=79a56ddb03474a1eb318c77391692ec1; connect-src 'self' *.kinoplan24.ru *.kinoplan.io wss://* mc.yandex.ru mc.yandex.com www.google-analytics.com https://ssl.google-analytics.com https://sentry.kinoplan.tech https://servicedesk.dcp24.ru https://stats.g.doubleclick.net *.jivo.ru *.jivosite.com; child-src blob: 'self' mc.yandex.ru mc.yandex.com; style-src 'self' 'unsafe-inline' https: data: blob: *.kinoplan.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kinoplan.io ssl.google-analytics.com www.google-analytics.com mc.yandex.ru mc.yandex.com captcha-api.yandex.ru https://tagmanager.google.com/ https://www.googletagmanager.com https://cdn.nolt.io/ *.jivo.ru *.jivosite.com; img-src blob: 'self' ssl.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com www.google-analytics.com mc.yandex.ru mc.yandex.com *.dcp24.ru *.kinoplan24.ru kinoplan24.ru *.kinoplan.io kinoplan.io kinoplan.ru img.youtube.com data: *.jivo.ru *.jivosite.com; font-src 'self' https://fonts.gstatic.com *.kinoplan.io; frame-src 'self' *.kinoplan24.ru *.dcp24.ru *.kinoplan.io blob: mc.yandex.ru mc.yandex.com captcha-api.yandex.ru https://www.youtube.com https://kinoplan.nolt.io https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com; media-src 'self' https:; worker-src blob: 'self' 1
default-src 'self'; script-src 'self' https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com 'unsafe-inline'; style-src 'self' https://fonts.googleapis.com https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com 'unsafe-inline'; media-src 'self' https://www.youtube.com; frame-src 'self' https://www.youtube.com https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com; img-src 'self' data: https://iamsmart.livekefu.com https://uat-iamsmart.livekefu.com https://api.hkmapservice.gov.hk https://img.youtube.com; font-src 'self' https://fonts.gstatic.com 1
frame-ancestors 'self' https://elma-test.gvh.de 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' nonce-3c3f5624-0410-4562-aaea-cbf8186db7d7 http://www.google-analytics.com https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://code.ionicframework.com https://code.jquery.com https://connect.facebook.net https://d3op16id4dloxg.cloudfront.net https://fonts.googleapis.com https://gitcdn.github.io https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://qnabot.com https://surveyjs.azureedge.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://ssl.google-analytics.com https://connect.facebook.net https://maps.googleapis.com https://api.flickr.com https://rvid.imperium.com http://rvid.imperium.com https://www.google.com https://ajax.googleapis.com https://googleads.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://pixel.mathtag.com https://analytics.tiktok.com https://static.ads-twitter.com https://js.go2sdk.com/v2/tune.js http://pixel.mathtag.com/event/js;style-src 'self' 'unsafe-inline' https://az416426.vo.msecnd.net https://cdnjs.cloudflare.com https://code.ionicframework.com https://code.jquery.com https://connect.facebook.net https://d3op16id4dloxg.cloudfront.net https://fonts.googleapis.com https://gitcdn.github.io https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://qnabot.com https://surveyjs.azureedge.net https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com;img-src 'self' data: https://images.pexels.com https://www.facebook.com https://www.google.co.in https://www.google.co.au https://www.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://qnabot.com http://www.google-analytics.com https://farm9.static.flickr.com https://farm8.static.flickr.com https://stgadmin.panel-cube.com https://admin.panel-cube.com https://d30s7yzk2az89n.cloudfront.net https://www.google.com.au http://sandbox.giftpay.com https://googleads.g.doubleclick.net https://netdna.bootstrapcdn.com https://pcqa.blob.core.windows.net https://pcstatic.blob.core.windows.net https://panel-cube.com https://www.virtualrewardcenter.com https://bgsurveys.go2cloud.org https://ssl.google-analytics.com https://pixel.mathtag.com https://designstoreage.blob.core.windows.net https://www.google.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.ionicframework.com;frame-src 'self' http://qnabot.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.youtube.com https://portal.qnabot.com https://web.facebook.com https://www.facebook.com https://www.google.com https://magic.veriff.me https://pixel.mathtag.com https://tracking.gopsjump.com.au https://www.samplicio.us;frame-ancestors 'self' https://web.facebook.com; 1
default-src 'self' blob: ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.pinterest.com *.diageoai.com *.amplifyapp.com *.vimeo.com *.seedlipdrinks.com *.treasuredata.com *.channeladvisor.com *.eum-appdynamics.com *.appdynamics.com *.quantummetric.com *.klaviyo.com *.facebook.com *.facebook.net *.clarity.ms *.bing.com *.pinimg.com *.adsrvr.org *.jquery.com *.yotpo.com *.cloudflare.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.google.com *.google-analytics.com *.gstatic.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.onetrust.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.cloudflare.com *.shopifycdn.com *.klaviyo.com *.yotpo.com *.fonts.net *.typekit.net *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.diageoagegate.com *.amazonaws.com *.googlesyndication.com *.google.com https://api *.quantummetric.com *.myshopify.com *.onetrust.com *.eum-appdynamics.com *.appdynamics.com *.klaviyo.com *.clarity.ms *.bing.com *.pinterest.com *.thebar.com *.diageoplatform.com *.yotpo.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.analytics.google.com *.shortlyst.com *.juicer.io ws: wss: gap://ready ; font-src 'self' *.typekit.net *.fonts.com *.cloudflare.com *.gstatic.com *.yotpo.com *.fontawesome.com *.bootstrapcdn.com data: blob:; frame-src 'self' *.faire.com *.vimeo.com *.facebook.com *.facebook.net *.pinterest.com *.google.com *.shortlyst.com *.thebar.com *.threedium.co.uk https://*.interactnow.tv *.adsrvr.org *.youtube.com *.anyroad.com where-to-buy.co *.doubleclick.net; img-src 'self' *.google.co.uk *.diageoai.com *.diageohorizon.com *.amplifyapp.com *.vimeocdn.com *.eum-appdynamics.com *.ytimg.com *.youtube.com *.seedlipdrinks.com *.shopify.com *.salsify.com *.thoriumd.com *.bing.com *.facebook.com *.clarity.ms *.pinterest.com *.yotpo.com *.thebar.com *.diageoplatform.com *.onetrust.com *.doubleclick.net *.juicer.io *.mapbox.com *.google.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.seedlipdrinks.com *.thebar.com *.thoriumd.com *.diageoplatform.com; worker-src blob:; frame-ancestors 'self' *.shop-au-seedlip.com *.shopalyst.com *.diageoplatform.com *.shortlyst.com *.thoriumd.com *.thebar.com https://*.interactnow.tv; 1
default-src 'self' 'unsafe-inline' *.amazonaws.com *.google.com *.google-analytics.com *.googletagmanager.com *.bc0a.com *.b0e8.com api.brightedge.com *.youtube.com *.vimeo.com vimeo.com *.gstatic.com *.oniqa.com *.cookielaw.org *.hotjar.com *.onistaged.com *.typekit.net *.onenorth.com *.thinkbrg.com *.vidyard.com embed.vidyard.com *.libsyn.com *.doubleclick.net snap.licdn.com cdn.linkedin.oribi.io *.ceros.com; object-src 'self'; img-src 'self' *.amazonaws.com *.google.com *.google-analytics.com *.googletagmanager.com *.bc0a.com *.b0e8.com *.youtube.com *.vimeo.com vimeo.com px.ads.linkedin.com *.linkedin.com *.gstatic.com *.oniqa.com *.cookielaw.org *.onistaged.com *.typekit.net *.onenorth.com *.thinkbrg.com *.vidyard.com data:; font-src 'self' *.typekit.net data:; 1
default-src https://*.google-analytics.com https://suggestions.dadata.ru https://*.doubleclick.net https://sendsay.ru https://*.sendsay.ru https://*.google.com https://*.gstatic.com https://*.yandex.ru https://uaas.yandex.ru https://*.amplitude.com https://amdgstat.ru https://*.amdgstat.ru https://*.skcrtxr.com https://*.beeline.ru 'self'; script-src https://*.doubleclick.net https://*.artfut.com https://*.googleadservices.com https://yastatic.net https://*.mail.ru https://*.googletagmanager.com https://*.google-analytics.com https://*.yandex.ru https://*.yandex.net https://*.sendsay.ru https://*.vk.com https://vk.com https://*.amdgstat.ru https://*.terratraf.io https://*.soloway.ru https://*.adhigh.net https://*.adriver.ru https://*.bumlam.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.skcrtxr.com https://*.beeline.ru 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src https://*.doubleclick.net https://*.google.com https://vk.com https://*.google.ru https://*.yandex.ru https://*.yandex.net https://*.mail.ru https://*.google-analytics.com https://*.webvisor.com https://*.adhigh.net https://*.adriver.ru https://*.bumlam.com https://*.amdgstat.ru https://*.skcrtxr.com https://*.beeline.ru 'self' blob: data:; frame-src https://youtube.com https://*.youtube.com https://rutube.ru https://*.rutube.ru https://*.yandex.ru https://*.yandex.net https://*.yandex.by https://*.yandex.com https://*.yandex.com.tr https://*.webvisor.com https://*.google.com https://recaptcha.google.com/recaptcha/ https://*.gstatic.com https://*.skcrtxr.com https://*.beeline.ru 'self' blob: data:; font-src 'self' data: 1
object-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; frame-ancestors 'self' 'self'; form-action 'self' https://survey.g.doubleclick.net/ https://www.facebook.com/tr/ https://forms.hsforms.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://cdn.jst.ai/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/ https://p.typekit.net/ https://use.typekit.net/ https://optimize.google.com https://connect.podium.com/ https://cdn.jsdelivr.net/ *.udev1a.net *.usablenet.com *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com p.typekit.net use.typekit.net 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://tools.justuno.com/ https://adservice.google.ca/ https://adservice.google.com/ https://adservices.brandcdn.com/ https://analytics.jst.ai/ https://api.braintreegateway.com/ https://bam.nr-data.net/ https://cdn.jsdelivr.net/ https://cdn.jst.ai/ https://cdn.livechatinc.com/ https://client-analytics.braintreegateway.com/ https://connect.facebook.net/ https://d.adroll.mgr.consensu.org/consent/iabcheck/KLHAGB4PQRDAZK2BRGDAY3 https://d10lpsik1i8c69.cloudfront.net/w.js https://forms.hsforms.com/ https://googleads.g.doubleclick.net/ https://js-agent.newrelic.com/ https://js.braintreegateway.com/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hs-scripts.com/ https://js.hscollectedforms.net/ https://js.hsforms.net/ https://maps.google.com/ https://maps.googleapis.com https://my.jst.ai/ https://s.adroll.com/ https://script.hotjar.com/ https://secure.livechatinc.com/ https://static.hotjar.com/ https://survey.g.doubleclick.net/ https://tag.brandcdn.com/autoscript/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/js https://www.google-analytics.com/plugins/ua/ec.js https://www.google.com/pagead/conversion_async.js https://www.google.com/recaptcha/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.paypalobjects.com/ https://apis.google.com/ https://www.google.com/ https://d.adroll.com/consent/check/ https://adservice.google.com.ua/ https://cdn.quantummetric.com/qscripts/quantum-watsons.js https://pippio.com/api/sync/ https://adservice.google.pl/ https://api.livechatinc.com/ *.purechat.com *.purechatcdn.com https://www.googleapis.com/youtube/ https://*.paypal.com https://optimize.google.com https://aly.jst.ai https://jslib.emotive.io https://loader.wisepops.com https://live.rezync.com/ https://*.rfihub.net/ cdn.wisepops.com https://s.pinimg.com/ https://call.chatra.io/chatra.js https://connect.podium.com/ https://www.clickcease.com/ https://aa.trkn.us/ https://js.hsadspixel.net/ https://www.youtube.com/ https://jslib.emotive.io/ https://tag.simpli.fi/ *.udev1a.net *.usablenet.com assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org tools.justuno.com cdnjs.cloudflare.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; media-src 'self' https://cdn.livechatinc.com *.adobe.com 'self' 'unsafe-inline'; img-src 'self' data: https://nextroll.com/ https://www.google.pl/ https://adservice.google.pl/ https://b.stats.paypal.com https://c.paypal.com https://checkout.paypal.com https://d.adroll.com https://forms.hsforms.com https://googleads.g.doubleclick.net https://graphics.jst.ai https://insight-event.brandcdn.com https://insight.adsrvr.org https://track.hubspot.com https://watsons-cincinnati.s3.us-east-2.amazonaws.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.paypalobjects.com https://www.magentocommerce.com https://www.xtento.com https://chd.stats.paypal.com/counter2.cgi https://perf.hsforms.com/embed/v3/counters.gif https://pixel.advertising.com/ups/55980/sync https://dsum-sec.casalemedia.com/rum https://pixel.rubiconproject.com/tap.php https://sync.outbrain.com/cookie-sync https://simage2.pubmatic.com/AdServer/Pug https://d.adroll.com/cm/r/in https://sync.taboola.com/sg/adroll-network/1/rtb-h https://eb2.3lift.com/xuid https://ups.analytics.yahoo.com/ups/55980/sync https://www.google.com.ua/pagead/1p-user-list/984698218/ https://www.google.com.ua/ads/ga-audiences https://ads.yahoo.com/cms/v1 https://www.google.com.ua/pagead/ https://forms.hubspot.com/collected-forms/submit/form mage https://dpm.demdex.net the image https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com https://cbks0.googleapis.com/cbk https://lh3.ggpht.com/ https://geo0.ggpht.com/cbk https://geo1.ggpht.com/cbk https://geo2.ggpht.com/cbk https://geo3.ggpht.com/cbk https://match.sharethrough.com https://dub.stats.paypal.com https://optimize.google.com https://i.ytimg.com/ cdn.wisepops.com cdn.klarna.com https://khms0.googleapis.com/kh https://khms1.googleapis.com/kh https://cm.g.doubleclick.net https://secure.adnxs.com https://ct.pinterest.com/v3/ https://segment.prod.bidr.io/ https://assets.podium.com/ https://*.krxd.net/ https://www.gstatic.com/ https://ib.adnxs.com/ https://us-u.openx.net/ https://image2.pubmatic.com/ https://idsync.rlcdn.com/ https://x.bidswitch.net/ https://forms-na1.hsforms.com/ https://podium-prod.s3.amazonaws.com/ https://odr.mookie1.com/ https://match.adsrvr.org/ https://*.addthis.com/ https://*.agkn.com/ https://*.doubleclick.net/ https://*.truoptik.com/ https://*.linksynergy.com/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com maps.googleapis.com maps.gstatic.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com d.adroll.com graphics.jst.ai paypal.com blob: arttrk.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; frame-src 'self' https://survey.g.doubleclick.net/ https://forms.hsforms.com/ https://adservices.brandcdn.com https://assets.braintreegateway.com https://bid.g.doubleclick.net https://c.paypal.com https://cdn.jst.ai https://d1eoo1tco6rr5e.cloudfront.net https://insight.adsrvr.org https://my.matterport.com https://secure.livechatinc.com https://vars.hotjar.com https://www.google.com https://www.xtento.com https://app.hubspot.com https://www.facebook.com/ https://cdn.flipsnack.com/ https://ssl.kaptcha.com/ https://optimize.google.com https://js.hsforms.net/ https://www.youtube.com/ https://*.rfihub.com/ https://www.pinterest.com https://chat.chatra.io/ https://ct.pinterest.com/ https://aa.trkn.us/ https://firebuilder.travisindustries.com/ https://player.flipsnack.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://www.xtento.com https://connect.podium.com/ https://cdn.livechatinc.com/ fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com https://www.gstatic.com use.typekit.net data: 'self' 'unsafe-inline'; connect-src 'self' https://api.livechatinc.com/ wss://ws3.hotjar.com/api/ https://analytics.jst.ai/api/analytics/ https://analytics.jst.ai/api/session/ https://d.adroll.com/segment/KLHAGB4PQRDAZK2BRGDAY3/N6CLSWZXNVDYXMAGWZ7HLO https://forms.hubspot.com/collected-forms/v1/config/json https://my.jst.ai/ifm_4.1.html https://my.jst.ai/promocode/getcode_4.1.html https://settings.luckyorange.net https://stats.g.doubleclick.net/j/collect https://www.facebook.com/tr/ https://www.google-analytics.com/collect https://www.google-analytics.com/j/collect https://in.hotjar.com/api/v2/client/sites/1661351/visit-data https://watsons-app.quantummetric.com https://hubspot-forms-static-embed.s3.amazonaws.com/prod/5117171/968477ab-7ead-4482-a503-614d359cdde8.json.gz https://www.google.com/recaptcha/api.js https://forms.hsforms.com/emailcheck/ https://forms.hubspot.com/collected-forms/submit/form *.purechat.com https://*.braintree-api.com https://*.braintreegateway.com https://*.paypal.com https://*.hotjar.com https://*.hotjar.io https://bam.nr-data.net/ https://aly.jst.ai/ *.emotiveapp.co https://popup.wisepops.com/my-wisepop tracking.wisepops.com https://maps.googleapis.com https://ct.pinterest.com/user/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://mind-flayer.podium.com/ https://activity.wisepops.com/ https://api.hubapi.com/ https://api.amplitude.com/ https://api.lab.amplitude.com/ https://lab.analyticspodium.com/sdk/vardata https://api2.analyticspodium.com/2/httpapi https://forms.hscollectedforms.net/ *.udev1a.net *.usablenet.com https://js.hs-banner.com/v2/cf-location https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/ https://ipgeolocation.abstractapi.com/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com d.adroll.com s.adroll.com my.jst.ai 'self' 'unsafe-inline'; default-src none 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://www.youtube-nocookie.com https://insight.adsrvr.org https://match.adsrvr.org https://www.pinterest.com https://pandg.tapad.com https://www.pinterest.co.uk blob: https://*.odicci.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://ct.pinterest.com https://lime.cdncontentdelivery.com https://tr.snapchat.com https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com https://*.contentsquare.net https://*.sjv.io https://*.odicci.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net https://campaign.odicci.com; form-action 'self' https://www.facebook.com https://www.braunshop.co.uk https://checkout.braunshop.co.uk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://*.thcdn.com https://player.vimeo.com https://vod-progressive.akamaized.net https://download-media.akamaized.net https://download-video.akamaized.net https://*.braunshop.co.uk; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://js.adsrvr.org https://s.pinimg.com https://static.ads-twitter.com https://analytics.twitter.com https://d.impactradius-event.com https://pghub.io https://apps.storystream.ai https://platform.twitter.com https://cdn.pubnub.com https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://*.odicci.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net https://maxcdn.bootstrapcdn.com https://campaign.odicci.com https://maxcdn.bootstrapcdn.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' 51.120.76.97; 1
report-uri https://www.prubeneficial.cm/ 1
frame-ancestors www.epl.ca *.www.epl.ca epl.ca *.epl.ca epl.bibliocms.com *.epl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.epl.ca *.www.epl.ca epl.ca *.epl.ca epl.bibliocms.com *.epl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self';img-src * data:;connect-src 'self' *.google-analytics.com;frame-src 'self' *.google.com *.wp.com;font-src 'self' fonts.gstatic.com *.bootstrapcdn.com data:;style-src 'self' *.googleapis.com *.bootstrapcdn.com *.datatables.net *.wp.com 'unsafe-inline';style-src-elem 'self' *.googleapis.com *.bootstrapcdn.com *.datatables.net *.wp.com 'unsafe-inline';script-src *.pic.cat pic.cat *.pic.es pic.es *.googleapis.com *.gstatic.com *.bootstrapcdn.com *.wp.com *.wordpress.com *.google-analytics.com *.google.com *.datatables.net 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://*.eprocessingnetwork.com https://www.cocardgateway.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.eprocessingnetwork.com https://www.cocardgateway.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://*.eprocessingnetwork.com https://www.cocardgateway.net; frame-src https://*.eprocessingnetwork.com https://www.cocardgateway.net https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: https://*.eprocessingnetwork.com https://www.cocardgateway.net https://seal-houston.bbb.org https://sealserver.trustwave.com; connect-src 'self' https://*.eprocessingnetwork.com https://www.cocardgateway.net ws://localhost:13000/; font-src 'self' data: https://*.eprocessingnetwork.com https://www.cocardgateway.net; object-src https://*.eprocessingnetwork.com https://www.cocardgateway.net https://www.youtube.com; frame-ancestors https://*.eprocessingnetwork.com; 1
default-src 'self'; connect-src 'self' https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.doubleclick.net https://*.fontawesome.com https://cdn.plyr.io https://*.timeblockr.com https://noembed.com https://*.tawk.to wss://*.tawk.to https://*.facebook.com https://*.facebook.net https://*.leadinfo.net https://*.leadinfo.com https://in.logtail.com https://*.browsealoud.com https://*.speechstream.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://*.visualstudio.com https://*.clarity.ms https://*.tiktok.com https://*.amazonaws.com https://*.recras.nl https://*.hubspot.com https://*.hubapi.com https://*.hs-banner.com https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://*.bing.com https://*.cookiebot.com https://*.elfsight.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://*.linkedin.com https://*.googleadservices.com https://px.ads.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://cdn.trustindex.io https://*.recras.nl https://dashboard.webwinkelkeur.nl https://polyfill.io https://*.hubspot.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.usemessages.com https://*.hs-banner.com https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.fontawesome.com https://connect.facebook.net https://*.amazonaws.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.gstatic.com https://*.googleadservices.com https://*.googletagservices.com https://*.googleoptimize.com https://*.googlesyndication.com https://www.youtube.com https://player.vimeo.com https://*.timeblockr.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://*.browsealoud.com https://*.mailplus.nl https://*.leadinfo.net https://chimpstatic.com https://*.cookiebot.com https://*.calendly.com https://*.activehosted.com https://*.typekit.net https://*.hotjar.com https://*.pinterest.com https://*.licdn.com https://*.tiktok.com https://*.bing.com https://*.clarity.ms https://*.redditstatic.com https://*.adsafeprotected.com https://*.elfsight.com https://*.lfeeder.com https://*.app-us1.com data: blob: https://*.eventix.io https://*.trustedshops.com https://it.recastsoftware.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://*.gstatic.com https://*.mailplus.nl https://cdn.plyr.io https://*.recras.nl https://*.timeblockr.com https://*.hotjar.com https://*.cloudflare.com https://*.tawk.to https://*.leadinfo.net https://*.leadinfo.com https://*.googleapis.com https://it.recastsoftware.com; font-src 'self' https://fonts.gstatic.com https://cdn.trustindex.io https://*.fontawesome.com https://dashboard.webwinkelkeur.nl https://*.typekit.net https://*.timeblockr.com https://*.tawk.to https://*.hotjar.com https://*.cloudflare.com data: https://*.trustedshops.com https://*.leadinfo.net; img-src 'self' https://secure.gravatar.com https://*.tawk.to https://*.timeblockr.com https://*.typekit.net https://*.cloudflare.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.ci https://*.google.com https://*.google.de https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.hu https://*.google.ie https://*.google.is https://*.google.lu https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.sr https://*.google.tn https://*.google.com.bd https://*.google.com.bh https://*.google.com.eg https://*.google.com.et https://*.google.com.mt https://*.google.com.pa https://*.google.com.ph https://*.google.com.py https://*.google.com.tn https://*.google.com.tr https://*.google.com.ua https://*.google.com.vn https://*.google.co.by https://*.google.co.et https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.co.za https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleusercontent.com https://*.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.cdninstagram.com https://*.facebook.com https://cdn.trustindex.io https://*.hotjar.com https://*.linkedin.com https://*.bing.com https://*.trustedshops.com https://*.hubspot.com https://*.hubspotusercontent-na1.net https://*.hsforms.com https://*.clarity.ms https://*.reddit.com https://*.mailplus.nl https://i.ytimg.com https://*.lfeeder.com https://*.tiktok.com https://*.amazonaws.com https://cdn.jsdelivr.net data: https://*.leadinfo.net https://*.leadinfo.com https://*.cookiebot.com https://woo.com https://*.mollie.com http://www.liquit.com; media-src 'self' https://vimeo.com https://player.vimeo.com https://*.akamaized.net blob:; frame-src 'self' https://www.youtube.com https://youtu.be https://*.youtube-nocookie.com https://youtube-nocookie.com https://player.vimeo.com https://calendly.com https://*.google.com https://*.googlesyndication.com https://*.doubleclick.net https://dashboard.webwinkelkeur.nl https://*.facebook.com https://consentcdn.cookiebot.com https://*.hubspot.com https://*.hsforms.com https://*.hs-sites.com https://*.klantenvertellen.nl https://open.spotify.com https://*.recras.nl https://*.stager.nl https://*.stager.co blob: https://it.recastsoftware.com; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.make.com https://*.hsforms.com https://*.hubspot.com https://*.mailplus.nl https://*.mollie.com 1
default-src 'self' *.tenancydepositscheme.com *.thedisputeservice.co.uk; script-src 'self' 'unsafe-inline' *.tenancydepositscheme.com *.google.com *.googleapis.com *.livechatinc.com *.landbot.io *.vertical.plus *.gstatic.com *.livechat-static.com *.firebaseio.com cdnjs.cloudflare.com code.createjs.com *.google-analytics.com *.hotjar.com *.bing.com *.smartlook.com *.smartlook.cloud *.licdn.com *.googletagmanager.com *.doubleclick.net *.ads-twitter.com *.facebook.net *.tiktok.com *.outbrain.com api.swiftype.com app.mailjet.com *.dotdigital-pages.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net fonts.googleapis.com www.gstatic.com maxcdn.bootstrapcdn.com *.landbot.io *.hotjar.com; img-src * 'self' data:; font-src 'self' data: fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com cdn.livechatinc.com secure.livechatinc.com cdn.landbot.io *.hotjar.com; connect-src 'self' *.googleapis.com *.google.com *.landbot.io *.livechatinc.com *.firebaseio.com wss://*.firebaseio.com apikeys.civiccomputing.com *.smartlook.com *.smartlook.cloud *.hotjar.com *.hotjar.io *.linkedin.oribi.io *.google-analytics.com *.doubleclick.net *.tiktok.com *.linkedin.com *.outbrain.com *.bing.com wss://ws.hotjar.com; media-src 'self' cdn.livechatinc.com secure.livechatinc.com cdn.livechat-static.com; object-src 'self'; child-src 'self' *.livechatinc.com google.com fonts.google.com; frame-src 'self' *.tenancydepositscheme.com *.livechatinc.com www.google.com *.landbot.io *.firebaseio.com *.facebook.com *.youtube.com *.youtube-nocookie.com *.vimeo.com x7qru.mjt.lu td.doubleclick.net *.dotdigital-pages.com; manifest-src 'self' 1
default-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self'; connect-src 'self' https://onionoo.torproject.org/; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-same-origin allow-scripts; object-src 'self'; 1
base-uri https://www.pfeiffer-vacuum.com; font-src 'self' https: data:; form-action *; frame-ancestors *; img-src 'self' https: data:; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' pfeiffervacuum-bf09.kxcdn.com; upgrade-insecure-requests; default-src 'self' data:; media-src cdn.plyr.io youtu.be www.youtube.com www.pfeiffer-vacuum-china.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usercentrics.eu *.storyblok.com www.googletagmanager.com www.google-analytics.com api.privacyhub.pro blob: pfeiffervacuum-bf09.kxcdn.com engagement.juneapp.com www.pfeiffer-vacuum-china.com www.youtube.com youtu.be; connect-src 'self' *.usercentrics.eu region1.analytics.google.com *.google-analytics.com/ *.doubleclick.net https://sso.pfeiffer-vacuum.com/auth/ *.sentry.io   api.friendlycaptcha.com engagement.juneapp.com smc-lp.s4hana.ondemand.com cdn.plyr.io noembed.com; frame-src 'self' https://sso.pfeiffer-vacuum.com/auth/ app.usercentrics.eu www.youtube.com api.privacyhub.pro www.pfeiffer-vacuum-china.com https://www.pfeiffer-vacuum.com; worker-src 'self' blob:; child-src 'self' blob:; report-uri https://o4504961394343936.ingest.sentry.io/api/4505364029440000/security/?sentry_key=513777765135426b8f5d5822761bf101 1
connect-src 'self' cdn.linkedin.oribi.io hemsync.clickagy.com aorta.clickagy.com *.nexmoproxy.cn api.leadpages.io *.opentok.com *.tokbox.com *.marketgate.com heapanalytics.com *.fullstory.com speedyrhino.co api.autopilothq.com analytics.google.com adservice.google.com ad.doubleclick.net *.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net www.google.com www.facebook.com *.service.signalr.net wss://*.service.signalr.net googleads.g.doubleclick.net wss://*.tokbox.com wss://*.nexmoproxy.cn connect.transactiongateway.com secure.nmi.com px.ads.linkedin.com; font-src *.marketgate.com 'self' data: fonts.gstatic.com; form-action 'self' www.facebook.com; frame-src 'self' *.marketgate.com *.ecrm-online.com *.adsrvr.org hemsync.clickagy.com speedyrhino.co ecrmlp.lpages.co bid.g.doubleclick.net www.facebook.com www.youtube.com docs.paymentjs.firstdata.com www.google.com *.googlesyndication.com anchor.fm googleads.g.doubleclick.net connect.transactiongateway.com secure.nmi.com ; img-src blob: 'self' cid *.marketgate.com *.ecrm-online.com *.rangeme.com stripoemailstorage.blob.core.windows.net rs.fullstory.com heapanalytics.com *.gstatic.com *.googlesyndication.com ad.doubleclick.net *.linkedin.com data: www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com rangeme.imgix.net www.rapidscansecure.com p.adsymptotic.com https://*.g.doubleclick.net https://*.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; media-src *.marketgate.com 'self' blob:; script-src 'unsafe-eval' 'self' 'unsafe-inline' js.zi-scripts.com tags.clickagy.com js.adsrvr.org embed.lpcontent.net fonts.googleapis.com heapanalytics.com cdn.heapanalytics.com connect.facebook.net edge.fullstory.com googleads.g.doubleclick.net *.marketgate.com snap.licdn.com speedyrhino.co static.opentok.com *.google-analytics.com www.googleadservices.com https://*.googletagmanager.com www.google.com docs.paymentjs.firstdata.com www.rapidscansecure.com fullstory.com *.googlesyndication.com connect.transactiongateway.com secure.nmi.com; worker-src blob:; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.marketgate.com fonts.googleapis.com cdn.heapanalytics.com www.googletagmanager.com connect.transactiongateway.com secure.nmi.com; default-src 'self' 'unsafe-inline' *.doubleclick.net connect.facebook.net edge.fullstory.com *.marketgate.com px.ads.linkedin.com rs.fullstory.com snap.licdn.com speedyrhino.co static.opentok.com www.facebook.com *.google-analytics.com www.google.com *.googletagmanager.com; frame-ancestors 'self' *.rangeme.com; object-src 'none'; report-uri https://a676292ad05078bd4ae200f3acaff477.report-uri.com/r/d/csp/wizard 1
default-src 'self'; child-src 'self' blob: *.koblenz.de https://client.rlpdirekt.de/ https://kb.ionas.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; connect-src 'self' *.koblenz.de https://api.service-digitale-verwaltung.de https://app-eu.readspeaker.com https://buergerservice.ionas.de/ https://f1-eu.readspeaker.com https://i.ytimg.com/ https://rstts-eu.readspeaker.com https://sgx.geodatenzentrum.de https://tracking-nc.chamaeleon.de https://web3d.basemap.de; font-src 'self' data: *.koblenz.de; frame-ancestors 'self' https://ride2go.com; frame-src 'self' *.koblenz.de https://client.rlpdirekt.de https://geoportal.koblenz.de/cmsclient/ https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://my.mission360.de https://public.tableau.com https://ride2go.com https://www.stadtradeln.de https://www.visit-koblenz.de/ https://www.watch-my-city.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; img-src 'self' blob: data: 'unsafe-inline' *.koblenz.de https://buergerservice.ionas.de/ https://client.rlpdirekt.de https://client.rlpdirekt.de/ https://dam.destination.one https://i.ytimg.com/ https://public.tableau.com https://s.ytimg.com/ https://sgx.geodatenzentrum.de https://tracking-nc.chamaeleon.de https://wahlen.koblenz.de https://www.koblenz-baut.de https://www.koblenz.de https://www.koveb.de; media-src *.koblenz.de https://www.stadtwerke-koblenz.de; object-src *.koblenz.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.koblenz.de https://f1-eu.readspeaker.com https://public.tableau.com https://tracking-nc.chamaeleon.de https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' *.koblenz.de https://api.service-digitale-verwaltung.de https://f1-eu.readspeaker.com https://i.ytimg.com/ https://public.tableau.com https://s.ytimg.com/ https://tracking-nc.chamaeleon.de https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-attr 'self' 'unsafe-inline' *.koblenz.de; style-src 'self' 'unsafe-inline' *.koblenz.de https://api.service-digitale-verwaltung.de https://f1-eu.readspeaker.com; style-src-elem 'self' 'unsafe-inline' *.koblenz.de https://api.service-digitale-verwaltung.de https://f1-eu.readspeaker.com; style-src-attr 'self' 'unsafe-inline' *.koblenz.de; worker-src 'self' blob:; report-to main 1
upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org *.facebook.net pghub.io *.crazyegg.com *.tapad.com feed.pghub.io ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org www.facebook.com feed.pghub.io ; connect-src 'self' *.cookielaw.org *.crazyegg.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors https://medinet.mediclin.de 1
default-src https: wss: data: 'self' 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' data:; font-src https: data: ; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * 'unsafe-inline' 'unsafe-eval';connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
base-uri 'self';frame-ancestors 'self' https://www.katholisch.de https://www.youtube.com https://www.youtube-nocookie.com https://gis.bistum-muenster.de https://s3-eu-west-1.amazonaws.com/ https://eu2.cleverreach.com/ https://foerderwegweiser.energie-und-kirche.de; default-src 'self' https://api.instagram.com https://statistik.kampanile.de https://www.youtube.com https://maps.googleapis.com cloud.ccm19.de https://foerderwegweiser.energie-und-kirche.de; script-src 'self' 'unsafe-inline' https://api.instagram.com https://statistik.kampanile.de/ https://maps.googleapis.com cloud.ccm19.de https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/ https://foerderwegweiser.energie-und-kirche.de; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cloud.ccm19.de; font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: 'self' https://s3-eu-west-1.amazonaws.com https://maps.googleapis.com https://maps.gstatic.com cloud.ccm19.de; media-src 'self' https://www.youtube.com ; frame-src 'self' https://www.katholisch.de https://www.youtube.com https://www.youtube-nocookie.com https://gis.bistum-muenster.de cloud.ccm19.de https://www.google.com/recaptcha/api2/ https://foerderwegweiser.energie-und-kirche.de; form-action 'self' https://*.cleverreach.com; object-src 'self' 1
report-uri https://a17pcny.report-uri.com/r/d/csp/reportOnly;base-uri 'self';connect-src 'self' *.ucweb.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com *.omappapi.com https://aspen-ideas-festival-staging-latest.s3.us-east-2.amazonaws.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://pagead2.googlesyndication.com https://*.googlesyndication.com https://cdn.cookielaw.org https://px.ads.linkedin.com https://geolocation.onetrust.com;default-src 'self';form-action 'self' https:;img-src 'self' blob: data: https:;media-src 'self' https:;object-src 'self';script-src 'self' 'sha256-QKwbwdoY4k4tChk4+L0ZPyLD1azvqKk7hZ6QSZpR0dM=' 'sha256-mP9sgP9b6xUCRX4Zy+NEY95vGPh+Bm89PMhZa7/BHhM=' 'sha256-D8LGgJKJPUpcDqx9dlhamVEKBsNumxGRRhrGs1qBIEc=' 'sha256-ft3ocpwp/95eFBxBtYKaweYUPkf+Vg8E004wnXb4L40=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-xCN0pm2ESOLj1Qtv/6BFZYIfF68bbXH6ftAH+4EEGlY=' 'sha256-9nODlKrhuzyiWlwvzCTkdRs7JHpiO01oEIwh41b82Qw=' 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM=' a.omappapi.com *.youtube.com *.omappapi.com analytics.twitter.com s.ytimg.com ajax.googleapis.com fast.fonts.net a.opmnstr.com cdnjs.cloudflare.com connect.facebook.net snap.licdn.com static.ads-twitter.com www.google-analytics.com www.googletagmanager.com www.youtube.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://trackcmp.net https://cdn.cookielaw.org https://*.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://px.ads.linkedin.com https://geolocation.onetrust.com 'nonce-lRFGGDwP6bgwZgtZSJB2aUc8PGyq2uk7';style-src 'self' 'unsafe-inline' fast.fonts.net https://fast.fonts.net https://fonts.googleapis.com https://a.omappapi.com;frame-src 'self' https://www.youtube.com https:;font-src https: data: *.fonts.net fast.fonts.net fonts.gstatic.com;worker-src 'none' 1
frame-ancestors 'self' eu.opencitiesplanner.bentley.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com translate.googleapis.com *.jsctool.com jsctool.com; connect-src *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de cdn.cookielaw.org ws://simonmobile.de ws://simonmobil.de privacyportal-eu.onetrust.com bing.com *.bing.com vodafone.de *.vodafone.de *.demdex.net demdex.net *.omtrdc.net omtrdc.net *.trustedshops.com *.etrusted.com *.trustbadge.com *.clarity.ms clarity.ms geolocation.onetrust.com maps.googleapis.com *.kampyle.com kampyle.com *.jsctool.com jsctool.com doubleclick.net *.doubleclick.net googlesyndication.com *.googlesyndication.com analytics.tiktok.com *.analytics.tiktok.com google.com *.google.com amazon-adsystem.com *.amazon-adsystem.com paa-reporting-advertising.amazon *.paa-reporting-advertising.amazon; frame-src 'self' directus.br.extranet.addmore.cloud test.oppwa.com test.ppipe.net *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de adform.net *.adform.net facebook.com *.facebook.com *.doubleclick.net doubleclick.net *.demdex.net demdex.net *.amazon-adsystem.com amazon-adsystem.com *.kampyle.com kampyle.com *.youtube.com youtube.com *.jsctool.com jsctool.com googlesyndication.com *.googlesyndication.com; img-src 'self' data: 'unsafe-inline' test.oppwa.com was.vodafone.de cdn.cookielaw.org *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de bing.com *.bing.com google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl *.seadform.net seadform.net *.doubleclick.net doubleclick.net widgets.trustedshops.com www.gstatic.com gstatic.com *.clarity.ms clarity.ms *.googleadservices.com googleadservices.com *.kampyle.com kampyle.com maps.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' test.oppwa.com *.simonmobile.de simonmobile.de *.simonmobil.de simonmobil.de vodafone-affiliate.de *.vodafone-affiliate.de google.com *.google.com google.de *.google.de google.nl *.google.nl facebook.com *.facebook.com facebook.de *.facebook.de facebook.nl *.facebook.nl adform.net *.adform.net adform.com *.adform.com amazon-adsystem.com *.amazon-adsystem.com bing.com *.bing.com was.vodafone.de googletagmanager.com *.googletagmanager.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net facebook.net *.facebook.net cdn.cookielaw.org *.cookielaw.org tags.tiqcdn.com my.tealiumiq.com geolocation.onetrust.com *.onetrust.com widgets.trustedshops.com *.clarity.ms clarity.ms *.kampyle.com kampyle.com *.googlesyndication.com googlesyndication.com maps.googleapis.com *.jsctool.com jsctool.com *.analytics.tiktok.com analytics.tiktok.com; worker-src 'self' blob: 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com *.eloqua.com *.en25.com *.google.com *.hsforms.net *.timevaluecalculators.com hello.myfonts.net https://*.hsforms.com https://*.hsleadflows.net https://*.hubspot.com https://dec.azureedge.net/ https://www.youtube.com/iframe_api munchkin.marketo.net www.googletagmanager.com cdn.userway.org https://*.hotjar.com https://usrwy.com/widget.js https://js.hs-banner.com/3599095.js https://player.vimeo.com/api/player.js https://tags.srv.stackadapt.com/events.js https://js.hscollectedforms.net/collectedforms.js cdnjs.cloudflare.com/ajax/libs/angular-filter/0.5.17/angular-filter.min.js siteimproveanalytics.com/js/siteanalyze_82285.js https://amplify.review-alerts.com/ https://bat.bing.com/bat.js https://bat.bing.com/p/action/56355930.js https://bat.bing.com/ https://api.userway.org https://up.pixel.ad https://www.sitescout.com https://llxp.additionfi.com https://googleads.g.doubleclick.net https://js.hs-banner.com https://js.adsrvr.org https://cdn.userway.org https://analytics.tiktok.com https://cunexus-dmz.additionfi.com/ https://collector-29671.us.tvsquared.com/ https://js.hscta.net 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.timevaluecalculators.com https://tags.srv.stackadapt.com/sa.css *.additionfi.com https://insight.adsrvr.org https://cdn.userway.org/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.timevaluecalculators.com *.google.com *.google-analytics.com https://*.hubspot.com https://*.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com pages.mycfe.com pages.additionfi.com cdn.userway.org/ https://rqfi3tmw.cdn.imgeng.in https://82285.global.siteimproveanalytics.io/image.aspx https://82285.global.siteimproveanalytics.io/heat.aspx https://rtx-source-icons.s3.amazonaws.com/logos/google.png https://rtx-source-icons.s3.amazonaws.com/logos/facebook.png images.additionfi.com *.lemonadelxp.com *.additionfi.com https://bat.bing.com https://www.googletagmanager.com https://pixel.sitescout.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.userway.org; frame-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.doubleclick.net https://*.hsforms.com https://app.hubspot.com https://vars.hotjar.com/ cdn.userway.org/ https://forms.hubspot.com/ https://form.jotform.com/ https://insight.adsrvr.org https://pixel.sitescout.com https://match.adsrvr.org https://cunexus-dmz.additionfi.com/ 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.google-analytics.com *.mktoresp.com https://*.hubspot.com https://*.hsforms.com https://maps.googleapis.com https://api.userway.org/api/tunings/1fJAlvpd8l in.hotjar.com vc.hotjar.io wss://ws2.hotjar.com/ wss://ws6.hotjar.com/api/v1/client/ws https://tags.srv.stackadapt.com/saq_pxl https://tags.srv.stackadapt.com/js_tracking https://tags.srv.stackadapt.com/sa.jpeg https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://amplify.review-alerts.com/public/api/analytics https://amplify.review-alerts.com/public/api/testimonials https://api.ipify.org/ https://api.userway.org https://amplify.review-alerts.com *.additionfi.com https://analytics.tiktok.com https://cdn.userway.org https://www.google-analytics.com https://cunexus-dmz.additionfi.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob: https://pages.additionfi.com/; child-src https://cunexus-dmz.additionfi.com/ 'self' web-chat.nativechat.com; object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' media-library.cloudinary.com js-agent.newrelic.com bam.nr-data.net cdn.plyr.io www.googletagmanager.com www.google-analytics.com connect.facebook.net www.youtube.com player.vimeo.com d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net chat.satis.fi prod-satisfilabs-resources-gcs.satis.fi https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js; media-src res.cloudinary.com www.youtube.com m.youtube.com vimeo.com d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net; img-src 'self' data: res.cloudinary.com i.ytimg.com i.vimeocdn.com d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net prod-satisfilabs-resources-gcs.satis.fi www.facebook.com www.google-analytics.com; frame-src 'self' console.cloudinary.com cloudinary.com w.soundcloud.com player.vimeo.com www.youtube.com www.youtube-nocookie.com chat.satis.fi www.facebook.com; style-src 'unsafe-inline' 'self' 'unsafe-inline' cdn.plyr.io use.typekit.net p.typekit.net d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net chat.satis.fi; manifest-src 'self' d3tv224zqupjvw.cloudfront.net d35y46dv539h1e.cloudfront.net; font-src 'self' use.typekit.net prod-satisfilabs-resources-gcs.satis.fi; connect-src 'self' https://ramp.mysticaquarium.org api.swiftype.com vimeo.com cdn.plyr.io https://d35y46dv539h1e.cloudfront.net noembed.com bam.nr-data.net chat.satis.fi prod-satisfilabs-resources-gcs.satis.fi www.google-analytics.com; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.library.wales/?eID=error 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.twitter.com https://twitter.com https://cdn.ampproject.org https://*.googleapis.com https://marketing.linknacional.com.br https://cdn.ampproject.org https://tagmanager.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://*.googlesyndication.com https://*.googleapis.com https://w.org https://*.w.org https://twitter.com https://*.twitter.com https://*.twimg.com https://cdn.ampproject.org https://*.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://marketing.linknacional.com.br https://www.google.com https://www.gstatic.com https://tagmanager.google.com https://apis.google.com; img-src 'self' data: https://*.googlesyndication.com https://*.fbcdn.net/ https://*.twimg.com https://twitter.com https://*.twitter.com https://*.googleusercontent.com https://www.facebook.com  https://secure.gravatar.com https://ssl.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; object-src 'self'; font-src 'self' data: https://*.twitter.com https://*.twimg.com https://fonts.gstatic.com https://s0.wp.com; connect-src 'self' https://*.elegantthemes.com https://*.googlesyndication.com https://*.twitter.com https://twitter.com https://cdn.ampproject.org https://www.facebook.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://api.linknacional.com.br https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; frame-src 'self' https://discord.com/ https://googleads.g.doubleclick.net https://*.googlesyndication.com https://twitter.com https://*.twitter.com https://www.youtube-nocookie.com https://www.facebook.com https://marketing.linknacional.com.br https://www.youtube.com https://bid.g.doubleclick.net https://*.google.com/; style-src-elem 'self' 'unsafe-inline' https://twitter.com https://*.twitter.com https://*.twimg.com https://cdn.ampproject.org https://fonts.googleapis.com https://marketing.linknacional.com.br; 1
*.coupa.com *.ariba.com *.sciquest.com *.tradecentric.com *tradecentric.com *.punchout2go.com https://portal.tradecentric.com https://portal.tradecentric.com https://stage-portal.tradecentric.com https://dev-portal.tradecentric.com 1
frame-ancestors 'self' https://*.etracker.com https://*.etracker.de https://*.zohopublic.eu; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-BOAl2ZwLRGIRSljT6mPdoQGWySiWyHlCyB1J+BM8Of/GyNnM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://flemingcollege.ca https://*.flemingcollege.ca https://*.flemingc.on.ca:* https://fleming.desire2learn.com; 1
frame-src 'self' js.tito.io *.youtube.com 1
script-src 'strict-dynamic' 'nonce-4f54ecbf565090541194da573e5ce3ea' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; require-trusted-types-for 'script'; frame-ancestors  'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://*.questapartments.com.au https://*.questapartments.co.nz https://*.questapartments.co.uk https://*.googletagmanager.com https://*.hotjar.com https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.curator.io https://tracker.d-edgeconnect.media https://unpkg.com/@googlemaps/markerclustererplus/dist/index.min.js https://*.doubleclick.net https://www.tfaforms.com https://cookie-cdn.cookiepro.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://cdn.curator.io https://www.tfaforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://stackpath.bootstrapcdn.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://*.googletagmanager.com https://*.questapartments.com.au https://*.questapartments.co.nz https://*.questapartments.co.uk https://curator-assets.b-cdn.net https://www.tfaforms.com https://*.googlesyndication.com https://cookie-cdn.cookiepro.com https://*.doubleclick.net https://www.google.com https://www.google.com.au; media-src 'self' data: blob: https://curator-assets.b-cdn.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.questapartments.com.au https://*.questapartments.co.nz https://*.questapartments.co.uk https://www.google.com https://*.doubleclick.net; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://*.googleapis.com https://*.hotjar.io wss://ws.hotjar.com https://*.googlesyndication.com https://*.questapartments.com.au https://*.questapartments.co.nz https://*.questapartments.co.uk https://api.curator.io https://k2lpup0nm4.execute-api.ap-southeast-2.amazonaws.com https://www.tfaforms.com https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://*.doubleclick.net https://*.google.com https://*.google.com.au; 1
frame-ancestors 'self' https://www.livesupportteam.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: http://localhost:* http://*.warungsbotop.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com http://*.sbobet.com; img-src data: http://localhost:* http://*.warungsbotop.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com; report-uri https://csp.trackittk.net/z/3693b3a4-1444-448c-93f9-abfaa546d0e0; frame-src data: http://localhost:* http://*.warungsbotop.com http://apmcmwrew.cedexis.cc https://*.sbotop.com *.google.com *.google.com.tw https://www.googletagmanager.com http://blog.sbotop.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sportradar.com *.sportradarserving.com *.digitru.st *.bidswitch.net *.sbotop.co.uk *.connextra.com https://dev.visualwebsiteoptimizer.com https://*.cdnrocket.net/ https://*.cloudswiftcdn.net/ https://*.speedysurfcdn.net/ https://*.rapidflarecdn.net/ https://*.lightningspeedcdn.net/ https://connect.facebook.net www.facebook.com https://*.youtube.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com; worker-src data: blob: https://dev.visualwebsiteoptimizer.com; frame-ancestors 'self' data: https://*.sbotop.com; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  https://www.googleadservices.com *.facebook.net *.facebook.com script.crazyegg.com *.doubleclick.net https://media.busyrooms.co https://maps.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://bat.bing.com https://f24.org https://az416281.vo.msecnd.net https://app-wallee.com https://data.my.permaleads.ch *.youtube.com https://s.ytimg.com https://io.fusedeck.net https://cdn.fusedeck.net wss://io.fusedeck.net https://snap.licdn.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://fuse.reka.ch https://*.onesignal.com https://onesignal.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://reka-cdn.busyrooms.co https://reka-stage-cdn.busyrooms.co https://cdn.segment.com https://linkedin.oribi.io https://googletagmanager.com https://ibe.reka.ch https://live.reka.ch;style-src 'self' 'unsafe-inline'  https://fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com https://media.busyrooms.co https://tagmanager.google.com https://az416281.vo.msecnd.net https://app-wallee.com https://bat.bing.com *.vo.msecnd.net/fonts/amenity-fonts/style.css https://cdn.fusedeck.net https://*.onesignal.com https://onesignal.com https://cdn.trustyou.com https://reka-cdn.busyrooms.co https://reka-stage-cdn.busyrooms.co https://ibe.reka.ch https://live.reka.ch;img-src 'self' data:  *.facebook.com *.doubleclick.net maps.googleapis.com maps.gstatic.com https://media.busyrooms.co https://www.google.com https://www.google.de https://www.google.ch https://www.google.fr https://www.google.it https://reka-cdn.busyrooms.co https://ssl.gstatic.com https://f24.org https://app-wallee.com https://bat.bing.com https://az416281.vo.msecnd.net https://khms0.googleapis.com https://khms1.googleapis.com https://io.fusedeck.net https://cdn.fusedeck.net wss://io.fusedeck.net https://az275753.vo.msecnd.net https://px.ads.linkedin.com *.google-analytics.com *.analytics.google.com https://fuse.reka.ch https://*.onesignal.com https://onesignal.com https://cdn.trustyou.com https://reka-stage-cdn.busyrooms.co https://track.adform.net https://ibe.reka.ch https://live.reka.ch;font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com/ https://media.busyrooms.co https://fonts.googleapis.com https://app-wallee.com https://addajet.blob.core.windows.net https://cdn.trustyou.com https://reka-cdn.busyrooms.co https://reka-stage-cdn.busyrooms.co https://ibe.reka.ch;connect-src 'self'  https://busyrooms.azure-api.net https://www.youtube.com https://vimeo.com https://app-wallee.com https://bat.bing.com https://script.crazyegg.com https://*.facebook.com https://*.doubleclick.net https://tracking.crazyegg.com https://stage.reka.ch https://io.fusedeck.net https://cdn.fusedeck.net wss://io.fusedeck.net https://maps.googleapis.com https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck *.google-analytics.com *.analytics.google.com https://consentcdn.cookiebot.eu wss://fuse.reka.ch https://*.onesignal.com https://onesignal.com https://data.my.permaleads.ch https://api.segment.io https://cdn.segment.com https://linkedin.oribi.io https://px.ads.linkedin.com https://cdn.linkedin.oribi.io https://ibe.reka.ch https://live.reka.ch;frame-src 'self'  *.facebook.com *.google.com *.google.ch *.google.de *.google.fr *.google.it *.doubleclick.net *.reka.ch *.youtube.com https://www.yumpu.com https://app-wallee.com blob: https://feed.yellow.webcam https://io.fusedeck.net https://cdn.fusedeck.net wss://io.fusedeck.net https://consentcdn.cookiebot.eu https://*.onesignal.com https://onesignal.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://api.trustyou.com https://my.matterport.com https://*.surveymonkey.com;object-src 'self' blob: ;manifest-src 'self' ; 1
frame-ancestors 'self' profectus.prod.stonebridge.uk.com 1
frame-ancestors 'self' https://2gis.ru https://zoon.ru https://sravni.ru https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com 1
frame-ancestors https://vk.com https://*.vk.com https://ok.ru https://*.ok.ru https://my.mail.ru https://*.mail.ru https://yandex.ru https://*.yandex.ru https://yandex.com https://*.yandex.com 'self'; 1
base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'strict-dynamic' https: http: 'sha256-XXk4Sbf06bZ8Sa6UDk8gxjKBiy/w3phFpAtI4Kw9ykw=';  script-src-elem https://gweb-elastifile-staging.uc.r.appspot.com https://elastifile.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.mediav.com *.netstatic.net; connect-src 'self' wss: *.127.net *.126.net *.163.com *.126.com *.yeah.net *.188.com *.netease.com *.qiyukf.com qiyukf.com *.youdao.com *.163yun.com; report-uri https://countly.mail.163.com/stats/csp 1
worker-src blob:; script-src 'self' blob: assets.adobedtm.com www.allegion.com code.metalocator.com kryptonite.inbenta.com maps.googleapis.com connect.facebook.net cdn.cookielaw.org www.gstatic.com s.ytimg.com www.google.com www.googletagmanager.com www.google-analytics.com privacyportal-cdn.onetrust.com www.calendarwiz.com sdk.inbenta.io cdn.inbenta.io api.inbenta.io snap.licdn.com static.hotjar.com script.hotjar.com hackerone.com developerportal.blob.core.windows.net by2.uservoice.com metrics.allegion.com 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors https://www.rldatix.com/ https://rldatix.com/ https://cms.rldatix.com/ 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-ebb12db9-3fa5-4dcc-9352-486cf3362717' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://www.google-analytics.com https://content.hotjar.io wss://ws.hotjar.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://analytics.google.com/ https://metrics.hotjar.io https://www.youtube.com/ https://toppanmerrill2.local https://www.google.com https://www.gstatic.com https://www.youtube.com https://js.hs-banner.com https://js.hs-analytics.net https://*.hubspot.com https://*.hsforms.com https://www.w3.org https://*.addtoany.com https://www.google-analytics.com/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://analytics.google.com https://stats.g.doubleclick.net/ www-widgetapi.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.livechat-static.com https://go.toppanmerrill.com https://api.livechatinc.com https://cdn.livechatinc.com/ https://connect.livechatinc.com/ https://consent.cookiefirst.com/ https://script.hotjar.com/ https://snap.licdn.com/ https://static.hotjar.com/ https://snap.licdn.com/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com https://www.googletagmanager.com/ https://cdn.jsdelivr.net/ https://maxcdn.bootstrapcdn.com https://toppanmerrill2.local https://js.hs-banner.com https://js.hsforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.hsleadflows.net https://static.addtoany.com https://*.gstatic.com https://www.youtube.com https://www.google.com https://googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://snap.licdn.com ttps://snap.licdn.com/ https://static.hotjar.com/ https://snap.licdn.com/li.lms-analytics/ https://snap.licdn.com/ https://www.googletagmanager.com/ https://script.hotjar.com wss://ws.hotjar.com/ https://content.hotjar.io https://px.ads.linkedin.com/ https://cdnjs.cloudflare.com/; style-src 'self' 'unsafe-inline' https://cdn.livechat-static.com https://fonts.googleapis.com https://consent.cookiefirst.com https://www.w3.org https://maxcdn.bootstrapcdn.com/; img-src 'self' 'unsafe-inline' data: https://cdn.livechat-static.com https://i.ytimg.com https://api.text.com https://yoast.com https://yoa.st https://ps.w.org https://px4.ads.linkedin.com https://www.linkedin.com https://www.googletagmanager.com/ https://forms-na1.hsforms.com/ https://px.ads.linkedin.com https://px.ads.linkedin.com/ https://www.google.com/ https://toppanmerrill2.local/sec-connect/ https://www.s.w.org https://www.google-analytics.com/ https://forms.hsforms.com https://track.hubspot.com forms-na1.hsforms.com https://www.google.com https://px.ads.linkedin.com; connect-src 'self' https://api.cookiefirst.com https://vc.hotjar.io https://yoast.com https://metrics.hotjar.io https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://googleads.g.doubleclick.net https://content.hotjar.io/ wss://ws.hotjar.com https://px.ads.linkedin.com https://www.google.com https://consent.cookiefirst.com https://edge.cookiefirst.com; font-src 'self' 'unsafe-inline' data: https://s0.wp.com https://fonts.gstatic.com; frame-ancestors 'self' content.toppanmerrill.com toppanmerrill.seismic.com; frame-src 'self' 'unsafe-inline' https://connect.livechatinc.com https://secure.livechatinc.com https://www.youtube-nocookie.com/ https://go.toppanmerrill.com/ https://w.soundcloud.com/ https://www.google.com/ https://www.youtube.com/ https://static.addtoany.com/; worker-src blob: 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com client.crisp.chat; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com client.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' client.crisp.chat app.pipe.co app.sgwidget.com; frame-src 'self' customer-j1xcshlu429cayr4.cloudflarestream.com; connect-src 'self' app.pipe.co wss://client.relay.crisp.chat client.crisp.chat storage.crisp.chat yoast.com; img-src 'self' data: image.crisp.chat client.crisp.chat storage.crisp.chat secure.gravatar.com; worker-src 'self' blob:; media-src 'self' storage.crisp.chat; 1
default-scr https: data:  'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 1
base-uri 'self'; font-src 'self'; form-action 'none'; frame-ancestors 'none'; img-src 'self' https: http: data: blob:; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src 'self'; connect-src 'self' https: http: wss: ws:; frame-src https:; manifest-src 'self'; media-src 'self' https: http:; script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; connect-src 'self' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' *;base-uri 'self' *;form-action 'self' *; font-src * data:; 1
frame-src https://www.justiz-bw.de/ http://www.justiz-bw.de/ 'self'  https://open.spotify.com https://www.youtube.com https://maps.google.com; base-uri 'self'; object-src 'none'; script-src https://webstatistik.landbw.de/ https://vrweb15.linguatec.org/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src https://webstatistik.landbw.de/ https://vrweb15.linguatec.org/ 'self' data: https://webstatistik.landbw.de/; form-action http://www.justiz-bw.de/ 'self'; default-src 'self' https://webstatistik.landbw.de/ https://vrweb15.linguatec.org/; connect-src 'self' https://webstatistik.landbw.de/ https://vrweb15.linguatec.org/; font-src 'self' data: ; 1
frame-ancestors https://cms.luks.ch; 1
default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'self'; connect-src 'self'; object-src 'none'  1
script-src 'self' 'unsafe-eval' 'unsafe-inline' unpkg.com *.jotform.com *.calendly.com calendly.com *.googleapis.com *.linkedin.com *.cookielaw.org *.yoast.com *.cloudfront.net *.ltimindtree.com *.en25.com acsbapp.com *.acsbapp.com *.acsbap.com *.cookielaw.org *.mouseflow.com *.doubleclick.net *.marketo.net *.hotjar.com *.licdn.com *.demandbase.com *.techtarget.com *.terminus.services *.zoominfo.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.influ2.com *.cloudflare.com *.github.io *.jsdelivr.net *.jquery.com *.unpkg.com *.clarity.ms *.youtube.com; object-src *.youtube.com 'self' *.vimeo.com *.calendly.com *.jotform.com; frame-ancestors 'self' https://next.brella.io/; child-src 'self' 'unsafe-inline' *.calendly.com calendly.com *.vimeo.com *.linkedin.com *.dionglobal.in *.jotform.com *.cloudfront.net *.youtube.com *.ltimindtree.com *.en25.com *.acsbapp.com *.acsbap.com *.cookielaw.org *.mouseflow.com *.doubleclick.net *.marketo.net *.hotjar.com *.licdn.com *.demandbase.com *.techtarget.com *.terminus.services *.zoominfo.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.influ2.com *.cloudflare.com *.github.io *.jsdelivr.net *.jquery.com *.company-target.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/api/player.js; img-src 'self' data: *.ytimg.com *.vimeocdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; frame-src youtube.com www.youtube.com *.vimeo.com; 1
frame-ancestors *.youtube.com *.pearsoncmg.com *.pearsonsupport.com *.pearson.com *.ecollege.com *.mathxl.com; 1
default-src https: wss:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors 'self'; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://analytics.tiktok.com https://static.doubleclick.net https://access.equalweb.com https://s.yimg.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.com.br https://tagmanager.google.com https://cdn.cookielaw.org https://code.jquery.com https://cdn.krxd.net https://connect.facebook.net https://beacon.krxd.net https://consumer.krxd.net https://plugin.handtalk.me https://*.youtube.com https://s.ytimg.com https://cdn.equalweb.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://edge.adobedc.net https://tcp.googlesyndication.com https://pixel.mathtag.com https://maps.googleapis.com ; img-src 'self' data: blob: https://ad.doubleclick.net https://match.adsrvr.org https://pixel.rubiconproject.com https://yt3.ggpht.com https://pixel.mathtag.com https://sp.analytics.yahoo.com https://*.fls.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://adservice.google.com https://lh3.googleusercontent.com https://cdn.cookielaw.org https://beacon.krxd.net https://usermatch.krxd.net https://cm.g.doubleclick.net https://stags.bluekai.com https://ib.adnxs.com https://sync.mathtag.com https://analytics.twitter.com https://cms.analytics.yahoo.com https://sync.navdmp.com https://global.ib-ibi.com https://www.facebook.com https://i.ytimg.com https://www.google.com https://www.google.com.br https://googleads.g.doubleclick.net https://access.equalweb.com https://plugin.handtalk.me https://test.cocacola.com.br https://stage.cocacola.com.br https://www.coca-cola.com.br https://hub-singleserve-invoice-homolog.s3.amazonaws.com https://hub-singleserve-invoice-stage.s3.amazonaws.com https://hub-singleserve-invoice-production.s3.amazonaws.com https://hub-gamers-invoice-homolog.s3.amazonaws.com https://hub-gamers-invoice-stage.s3.amazonaws.com https://hub-gamers-invoice-production.s3.amazonaws.com https://hub-worldcup-invoice-test.s3.amazonaws.com https://hub-worldcup-invoice-homolog.s3.amazonaws.com https://hub-worldcup-invoice-stage.s3.amazonaws.com https://hub-worldcup-invoice-production.s3.amazonaws.com https://*.privacysandbox.googleadservices.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://immakers.go2cloud.org https://image2.pubmatic.com https://dsum-sec.casalemedia.com https://idsync.reson8.com https://eb2.3lift.com https://idsync.rlcdn.com https://x.bidswitch.net https://sync.go.sonobi.com https://ad.360yield.com https://ads.stickyadstv.com https://sync.search.spotxchange.com https://pixel.tapad.com https://x.dlx.addthis.com https://ups.analytics.yahoo.com https://us-u.openx.net https://uipus.semasio.net https://loadm.exelator.com https://su.addthis.com https://maps.googleapis.com https://img.youtube.com ; style-src 'self' 'unsafe-inline' blob: https://www.googletagmanager.com https://*.gstatic.com https://tagmanager.google.com https://fonts.googleapis.com https://*.gstatic.com https://cdn.cookielaw.org https://code.jquery.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://plugin.handtalk.me ; child-src 'self' blob:; object-src 'none' ; frame-src 'self' https://s.amazon-adsystem.com https://access.equalweb.com https://*.doubleclick.net https://www.googletagmanager.com https://plugin.handtalk.me https://www.google.com https://cdn.krxd.net https://*.youtube.com https://www.facebook.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://pixel.mathtag.com ; connect-src 'self' data: https://checkip.amazonaws.com https://pagead2.googlesyndication.com https://analytics.tiktok.com https://play.google.com https://googleads.g.doubleclick.net https://jnn-pa.googleapis.com https://hub-singleserve-invoice-homolog.s3.amazonaws.com https://hub-singleserve-invoice-stage.s3.amazonaws.com https://hub-singleserve-invoice-production.s3.amazonaws.com https://hub-gamers-invoice-homolog.s3.amazonaws.com https://hub-gamers-invoice-stage.s3.amazonaws.com https://hub-gamers-invoice-production.s3.amazonaws.com https://hub-worldcup-invoice-test.s3.amazonaws.com https://hub-worldcup-invoice-homolog.s3.amazonaws.com https://hub-worldcup-invoice-stage.s3.amazonaws.com https://hub-worldcup-invoice-production.s3.amazonaws.com https://s.yimg.com https://stats.g.doubleclick.net https://us-central1-kora-nlp-prod.cloudfunctions.net https://www.google-analytics.com https://la.ces.coke.com https://plugin.handtalk.me https://stage-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://prod-latam-cds-us-west-2-s3-config.s3.amazonaws.com https://gamma-latam-us-west-2-api-config.s3.amazonaws.com https://prod-latam-us-west-2-api-config.s3-us-west-2.amazonaws.com https://pyhdy1j3zh.execute-api.us-west-2.amazonaws.com https://8lioi8nl48.execute-api.us-west-2.amazonaws.com https://cdn.equalweb.com https://access.equalweb.com https://translation.handtalk.me https://translation-v3.handtalk.me https://www.facebook.com https://gamma-login.latam.coca-cola.com https://login.latam.coca-cola.com https://assets.adobedtm.com https://adobedc.demdex.net https://edge.adobedc.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://adservice.google.com https://aadb2c-apig.latam.gcds.coke.com https://aadb2c-apig.gamma.latam.gcds.coke.com https://aadb2c-apig.alpha.latam.gcds.coke.com https://analytics.google.com https://maps.googleapis.com ; form-action 'self' https://www.facebook.com ; font-src 'self' data: https://fonts.gstatic.com ; 1
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; 1
frame-ancestors 'self'; report-uri https://bakerdist.report-uri.com/r/t/csp/enforce 1
frame-ancestors 'self' https://nnss.gov; 1
child-src https://*.afilio.de; connect-src https://*.afilio.de https://*.algolia.net https://*.etrusted.com https://*.getvero.com https://*.hotjar.com https://*.hotjar.io https://bigquery.googleapis.com https://firestore.googleapis.com https://identitytoolkit.googleapis.com https://securetoken.googleapis.com https://us-central1-afilio-de.cloudfunctions.net wss://*.afilio.de wss://*.hotjar.com wss://*.upscope.io; default-src 'none'; font-src https://*.afilio.de https://*.hotjar.com; frame-ancestors https://*.afilio.de; frame-src blob: https://*.afilio.de https://*.calendly.com https://*.cloudflarestream.com https://*.hotjar.com https://afilio-de.firebaseapp.com/ https://calendly.com; img-src data: https://*.afilio.de https://*.hotjar.com; manifest-src https://*.afilio.de; media-src https://*.afilio.de; object-src https://*.afilio.de; script-src https://*.afilio.de https://*.calendly.com https://*.cloudflarestream.com https://*.getvero.com https://*.hotjar.com https://*.upscope.io https://apis.google.com https://d3qxef4rp70elm.cloudfront.net; style-src 'unsafe-inline' https://*.afilio.de; report-uri https://o1357534.ingest.sentry.io/api/4504418313502720/security/?sentry_key=213bcc9a958643b79f4762ab22959b99 1
report-uri https://www.bodycote.com 1
upgrade-insecure-requests;                     style-src 'self' 'unsafe-inline' c.lytics.io *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pricespider.com www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org cdn.segment.com *.doubleclick.net connect.facebook.net pghub.io c.lytics.io cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com;                     worker-src 'self' blob: feed.pghub.io pandg.tapad.com;                     manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com;                     font-src 'self' assets.ctfassets.net feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com;                     frame-src 'self' www.youtube-nocookie.com *.doubleclick.net feed.pghub.io consumersupport.pg.com *.jebbit.com pandg.tapad.com;                     img-src 'self' data: images.ctfassets.net www.google-analytics.com cdn.cookielaw.org pixel.tapad.com www.facebook.com c.lytics.io *.mapbox.com *.pricespider.com *.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com;                     connect-src 'self' *.google-analytics.com *.analytics.google.com cdn.cookielaw.org match.adsrvr.org *.segment.com *.segment.io *.doubleclick.net *.mapbox.com *.algolia.net *.algolianet.com *.pricespider.com *.pgapi.io *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com;                     default-src 'none' feed.pghub.io pandg.tapad.com; 1
default-src 'self';script-src 'self' 'nonce-Gw1rSTqdqyzM2v+qYOtutTWP' https://stwithyouwebdevjes.blob.core.windows.net https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.umbraco.com https://cc.cdn.civiccomputing.com https://wearewithyougw.whoson.com https://wearewithyou.whoson.com https://www.cqc.org.uk https://bbox.blackbaudhosting.com https://payments.blackbaud.com 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-jXCiyj7IqRkspy3SwKoMgAoK6csbNKd+e330tXgPbxo=';style-src 'self' 'unsafe-inline' https://stwithyouwebdevjes.blob.core.windows.net https://fonts.googleapis.com https://wearewithyougw.whoson.com https://wearewithyou.whoson.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com;img-src 'self' https://stwithyouwebdevjes.blob.core.windows.net https://*.googletagmanager.com https://*.google-analytics.com https://*.umbraco.com data: https://wearewithyougw.whoson.com https://wearewithyou.whoson.com https://www.cqc.org.uk https://bbox.blackbaudhosting.com;media-src 'self' https://stwithyouwebdevjes.blob.core.windows.net https://bbox.blackbaudhosting.com blob:;frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://wearewithyou.whoson.com https://bbox.blackbaudhosting.com https://payments.blackbaud.com;font-src 'self' https://fonts.gstatic.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://bbox.blackbaudhosting.com https://payment.service.blackbaudhost.com https://bbms.blackbaud.com https://sky.blackbaudcdn.net https://payments.blackbaud.com blob:;report-uri /log/error 1
frame-ancestors 'self' https://dentego.remo.jobs 1
default-src 'none'; block-all-mixed-content; upgrade-insecure-requests; base-uri 'self'; connect-src 'self' sentry.io *.analytics.google.com *.google-analytics.com *.mktoresp.com *.doubleclick.net t.co t.c *.demdex.net *.snapchat.com *.pinterest.com assets.adobedtm.com *.blueconic.net sc-static.net *.facebook.net www.googletagmanager.com *.hotjar.com searchrys.com *.kampyle.com cdn.nowinteract.com bat.bing.com *.energiedirect.nl *.innogynederland.nl *.iadvize.com essent.tt.omtrdc.net *.contentsquare.net wss://*.iadvize.com *.membergetmember.co www.google.com/pagead/ *.amazonaws.com *.qualtrics.com; font-src 'self' *.energiedirect.nl *.innogynederland.nl fonts.gstatic.com *.iadvize.com; form-action 'self' tr.snapchat.com/cm/i tr.snapchat.com/p www.facebook.com/tr/ *.qualtrics.com *.homeqgo.nl; frame-src *.doubleclick.net vars.hotjar.com *.energiedirect.nl *.facebook.com *.kampyle.com tr.snapchat.com www.youtube-nocookie.com www.youtube.com *.demdex.net *.iadvize.com *.zonatlas.nl *.tetraeder.com www.google.com *.qualtrics.com; frame-ancestors 'self'; img-src 'self' data: blob: *.s3.eu-central-1.amazonaws.com analytics.twitter.com *.googleadservices.com www.google.at www.google.no www.google.co.id www.google.pl www.google.pt www.google.gr www.google.it www.google.com.tr www.google.co.uk www.google.se www.google.be www.google.com www.google.de www.google.nl www.google.es www.google.fr t.co searchrys.com *.kampyle.com cx.atdmt.com dpm.demdex.net cm.everesttech.net bat.bing.com www.facebook.com *.energiedirect.nl *.innogynederland.nl *.analytics.google.com *.google-analytics.com google.ie *.doubleclick.net www.googletagmanager.com px.ads.linkedin.com/collect www.linkedin.com/px/ www.gstatic.com/images/branding lt45.net ds1.nl *.iadvize.com *.contentsquare.net swa.essent.nl *.qualtrics.com; object-src 'self' *.energiedirect.nl *.innogynederland.nl; script-src 'unsafe-inline' www.googleadservices.com www.google-analytics.com assets.adobedtm.com *.blueconic.net sc-static.net *.facebook.net www.googletagmanager.com www.google.com static.hotjar.com script.hotjar.com searchrys.com *.kampyle.com cdn.nowinteract.com bat.bing.com energiedirect.nl *.energiedirect.nl *.innogynederland.nl *.doubleclick.net *.iadvize.com *.contentsquare.net *.contentsquare.com *.membergetmember.co www.gstatic.com *.qualtrics.com; style-src 'self' *.energiedirect.nl *.innogynederland.nl fonts.googleapis.com *.iadvize.com *.contentsquare.net 'unsafe-inline'; child-src blob:; worker-src blob:; 1
child-src 'self' blob: ; connect-src 'self' https://api.lab.amplitude.com/ https://api2.amplitude.com/ https://m.stripe.com/ https://r.stripe.com/ https://js.checkout.com/framesv2/log https://*.logs.datadoghq.eu/ https://*.browser-intake-datadoghq.eu/ https://browser-intake-datadoghq.eu/ https://firestore.googleapis.com/ https://firebasestorage.googleapis.com/v0/b/ https://firebase.googleapis.com/v1alpha/projects/ https://firebaselogging-pa.googleapis.com/v1/firelog/legacy/log https://firebaseinstallations.googleapis.com/v1/projects/ https://firebaseremoteconfig.googleapis.com/v1/projects/ https://securetoken.googleapis.com/v1/token https://www.googleapis.com/identitytoolkit/v3/relyingparty/ https://identitytoolkit.googleapis.com/v1/ https://*.smartlook.com https://*.smartlook.cloud https://www.google-analytics.com/ https://auth.alpha.sundayapp.xyz/ https://sunday-eu-alpha.eu.auth0.com/ https://auth.sundayapp.io/ https://sunday-eu-production.eu.auth0.com/ https://edge.api.flagsmith.com/ https://play.google.com/ https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://google.com/pay https://www.google.com/pay https://pay.google.com/ https://api.sundayapp.io https://api.vpos.sundayapp.io https://api.refresh-bill.sundayapp.io https://api.payment.sundayapp.io https://api.voucher.sundayapp.io https://api.billing.sundayapp.io https://api.receipt.sundayapp.io https://api.user-account.sundayapp.io https://api.venue-feedback.sundayapp.io https://api.loyalty-dispatcher.sundayapp.io https://api.consent-manager.sundayapp.io https://api.menu-back-end.sunday.cloud https://api.payment-terminal.sunday.cloud https://fp.sundayapp.io https://grpc.vpos.sundayapp.io https://webhooks.sundayapp.io/b2c-analytics/ingest https://api.paygreen.fr/ https://api.checkout.com/tokens ; default-src 'self' ; font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ ; frame-src * ; img-src 'self' data: https://www.google.com/images/cleardot.gif https://firebasestorage.googleapis.com/v0/b/ https://storage.googleapis.com/public-sunday-production/ blob: https://s.gravatar.com/ https://cdn.auth0.com/avatars/ https://*.googleusercontent.com/ https://*.wp.com/cdn.auth0.com/avatars/ https://www.gstatic.com/ https://media.zelty.fr https://*.amazonaws.com/ http://*.amazonaws.com/ https://api.sundayapp.io https://api.menu-back-end.sunday.cloud https://storage.googleapis.com/menu-pictures-sunday-production/ ; object-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io/v2/ https://js.stripe.com/ https://www.googletagmanager.com/gtag/ https://apis.google.com/ https://pay.google.com/gp/p/js/pay.js https://core.spreedly.com/iframe/iframe-v1.min.js https://cdn.checkout.com/js/framesv2.min.js https://www.google.com/maps/api/js/ https://www.gstatic.com/ https://fpnpmcdn.net/ https://*.smartlook.com https://*.smartlook.cloud https://pgjs.paygreen.fr/ ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com/ ; worker-src 'self' blob: ; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://*.zenaps.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://wb.messengerpeople.com https://ct.pinterest.com https://*.recaptcha.net https://tr.snapchat.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://dekopay.preprod.k8s.dekopay.org https://pay.deko.finance https://ln-rules.rewardstyle.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.pndsn.com https://23q3fg4xjd.execute-api.eu-west-1.amazonaws.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com; form-action 'self' https://www.facebook.com https://checkout.mp.com https://connect.facebook.net https://m.mp.com https://www.mp.com https://ct.pinterest.com https://tr.snapchat.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://*.googletagservices.com https://*.google.co.uk https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://*.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.googlesyndication.com https://static.ads-twitter.com https://*.twitter.com https://s.pinimg.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://sc-static.net https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://twitter.com https://tpc.googlesyndication.com https://*.baidu.com https://www.google.com https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://apps.storystream.ai https://platform.twitter.com https://cdn.pubnub.com https://assets.dekopay.com https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; report-to report-endpoint 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' siteimproveanalytics.com *.comm100.com unpkg.com *.form.io *.youtube.com *.recollect.net *.twitter.com *.niagararegion.ca maps.niagararegion.ca *.ytimg.com *.syndication.twimg.com *.surveygizmo.com *.googletagmanager.com *.createsend1.com *.gstatic.com *.googleapis.com *.google-analytics.com *.google.com *.siteimprove.com translate.googleapis.com *.moneris.com niagaraopendata.ca; object-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://app.yellowmessenger.com https://cdn.yellowmessenger.com https://connect.facebook.net https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://staging.yellowmessenger.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *; frame-src 'self' https://www.google.com; img-src 'self' data: *; manifest-src 'self'; media-src 'self' *; connect-src 'self' https://app.yellowmessenger.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://app.yellowmessenger.com; 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://www.apcoa.co.uk https://vm-apcoa-typo3-04 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de *.facebook.com *.solvemate.com https://*.zohocdn.com https://*.zohopublic.eu https://*.newsletter2go.com https://*.linkedin.com https://www.apcoa.se https://*.zohostatic.eu https://*.zoho.eu https://*.wikimedia.org https://www.googletagmanager.com https://*.click4assistance.co.uk https://*.cookiebot.com https://*.tiktok.com https://*.apcoa.de;  script-src      'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.bootstrapcdn.com https://*.pxia.de https://vm-apcoa-typo3-04 https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.google.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.mana-hr.net https://*.facebook.net https://www.google-analytics.com/ https://*.doubleclick.net https://*.zoho.eu https://*.zohocdn.com https://*.newsletter2go.com;  script-src-elem 'self' 'unsafe-inline' https://*.park-control.de/ https://www.google-analytics.com/analytics.js https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.google.com https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com *.solvemate.com www.googleadservices.com *.facebook.net *.doubleclick.net *.mana-hr.net https://*.zoho.eu https://*.zohostatic.eu *.zohocdn.com https://*.newsletter2go.com https://www.google-analytics.com https://sc-static.net stats.docu.info https://leie.apcoa.no https://services.apcoa.no https://tr.snapchat.com *.livechatinc.com https://*.licdn.com https://*.hotjar.com https://*.click4assistance.co.uk https://*.zendesk.com https://*.zdassets.com https://*.tiktok.com;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com *.solvemate.com https://*.zohocdn.com *.bootstrapcdn.com https://*.zohostatic.eu;  font-src        'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.com *.zohocdn.com https://*.zohostatic.eu;  frame-src       'self' https://consentcdn.cookiebot.com https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com *.apcoa.de *.mana-hr.net *.mana-jobs.de https://maps.google.com http://europark.easycruit.com https://tr.snapchat.com https://*.zohopublic.eu https://*.zoho.eu *.apcoa.no https://*.facebook.com https://*.livechatinc.com https://apcoa-rec.trustit.org http://prelive02.apcoa.com https://docs.google.com https://*.click4assistance.co.uk https://*.q2c.eu https://*.apcoa.se https://*.doubleclick.net https://*.googletagmanager.com;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.park-control.de https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com *.google.com *.doubleclick.net *.solvemate.com *.facebook.com https://*.zoho.eu *.zohopublic.eu wss://vts.zohopublic.eu https://*.newsletter2go.com https://tr.snapchat.com https://*.linkedin.oribi.io https://pagead2.googlesyndication.com https://*.zdassets.com https://*.zendesk.com https://www.apcoa.co.uk https://*.apcoa.de https://*.pangle-ads.com https://*.tiktok.com;  media-src       'self' data: https://*.googleapis.com https://fonts.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com *.solvemate.com *.zohocdn.com; 1
default-src data: https: 'self' *.swiftmedical.com swiftmedical.com *.hubspot.net 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' *.pure.cloud 1
"default-src 'self';"; 1
frame-ancestors 'self' https://*.zoocasa.com; 1
default-src 'self' mailto: tel:; font-src https: data: blob:; img-src https: data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; frame-ancestors 'self'; frame-src https: mailto: tel:; connect-src https: blob:; media-src https: mediastream: blob: 1
default-src 'self' https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://widget.driftqa.com/ https://*.driftt.com;       img-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://cdn.datatables.net https://localtimes.info https://ajax.googleapis.com https://www.googletagmanager.com https://deathbycaptcha.groovehq.com https://www.gstatic.com https://ssl.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://bat.bing.com https://www.redditstatic.com https://alb.reddit.com data:;       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://kit.fontawesome.com https://js.driftt.com https://bat.bing.com https://widget.drift.com https://widget.driftqa.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://localtimes.info https://cdn.datatables.net https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.google.com https://tagmanager.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://fonts.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://deathbycaptcha.groovehq.com https://js.driftt.com https://www.redditstatic.com data:;       style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://cdn.datatables.net https://ajax.googleapis.com https://stackpath.bootstrapcdn.com https://www.google.com https://www.googletagmanager.com https://deathbycaptcha.groovehq.com https://code.jquery.com;       frame-src https://www.google.com https://js.driftt.com https://widget.drift.com https://bid.g.doubleclick.net https://deathbycaptcha.groovehq.com/ https://widget.driftqa.com https://*.driftt.com https://announcement-tracer.widget.drift.com;       frame-ancestors 'none';       font-src https://static.deathbycaptcha.com https://ka-f.fontawesome.com https://fonts.gstatic.com https://cdn.jsdelivr.net data:;       connect-src https://ka-f.fontawesome.com https://www.google-analytics.com https://*.deathbycaptcha.com       https://deathbycaptcha.com https://*.deathbycaptcha.me https://*.deathbycaptcha.com.br https://bat.bing.com;       object-src 'none';       media-src 'self' https://*.deathbycaptcha.com data: 1
default-src 'self' ansoniacreditdata.com fonts.googleapis.com fonts.gstatic.com cdn.polyfill.io cdnjs.cloudflare.com code.highcharts.com api.anscers.com *.ncscredit.com www.youtube.com data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com  data:; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com *.sleeknote.com *.spotify.com; worker-src blob: 'self' 1
default-src 'self' https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' tour.nira.com https://cdn-cookieyes.com/client_data/b431b41e89e89271ca596e63/banner.js https://cdn-cookieyes.com/client_data/b431b41e89e89271ca596e63/script.js ce-user-scripts-production.s3.amazonaws.com script.crazyegg.com scout-cdn.salesloft.com js.usemessages.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ js.hsleadflows.net cdn.cookielaw.org d10zminp1cyta8.cloudfront.net js.hsforms.net forms.hsforms.com www.clickcease.com *.adroll.com player.vimeo.com analytics.tiktok.com www.googleadservices.com *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net snap.licdn.com cdnjs.cloudflare.com *.typeform.com *.consensu.org connect.facebook.net chimpstatic.com platform.twitter.com www.googletagmanager.com *.siteblimp.com cdn.amplitude.com a.omappapi.com; font-src 'self' data: fonts.gstatic.com; worker-src blob:; object-src 'none'; base-uri 'self'; img-src 'self' https: data:; frame-src 'self' www.g2.com nira-com.chilipiper.com tour.nira.com platform.twitter.com app.hubspot.com player.vimeo.com hnshah.typeform.com fast.wistia.net www.google.com www.google.com/recaptcha recaptcha.google.com/recaptcha www.facebook.com forms.hubspot.com forms.hsforms.com www.youtube.com 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' us-central1-adaptive-growth.cloudfunctions.net cdn.pdst.fm www.googletagmanager.com www.google-analytics.com code.jquery.com cdn.jsdelivr.net share.social9.com sharecdn.social9.com www.google.com www.gstatic.com maps.googleapis.com googleapis.com static.addtoany.com www.paypal.com connect.facebook.net analytics.google.com nd.transact.nab.com.au demo.transact.nab.com.au; frame-src 'self' www.youtube.com docs.google.com docs.google.com.au download.altronics.com.au www.google.com www.google.com.au my.matterport.com www.paypal.com www.facebook.com analytics.google.com acs-ap-southeast-2.ndsprod.nds-sandbox-issuer.com demo.transact.nab.com.au; connect-src 'self' us-central1-adaptive-growth.cloudfunctions.net cdn.pdst.fm www.googletagmanager.com www.google-analytics.com analytics.google.com www.paypal.com demo.transact.nab.com.au maps.googleapis.com; img-src 'self' maps.gstatic.com www.google-analytics.com images.altronics.com.au sharecdn.social9.com maps.googleapis.com googleapis.com analytics.google.com www.paypal.com t.paypal.com www.facebook.com data:; style-src 'unsafe-inline' 'self' cdn.jsdelivr.net cdnjs.cloudflare.com use.fontawesome.com sharecdn.social9.com fonts.googleapis.com www.paypal.com analytics.google.com; font-src 'self' use.fontawesome.com fonts.gstatic.com;frame-ancestors 'self'; 1
default-src * http: https:; style-src 'self' 'unsafe-inline' http: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: portalcloud.oni.pt; frame-ancestors 'self' *.gigas.com portalcloud.oni.pt;img-src data: 'self' 'unsafe-inline' 'unsafe-eval' http: https:; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://snap.licdn.com *.doubleclick.net assets.adobedtm.com www.googletagmanager.com app-script.monsido.com forms.cwp.gov.sg cse.google.com clients1.google.com *.google-analytics.com *.facebook.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com va.ecitizen.gov.sg assets.wogaa.sg https://*.dcube.cloud *.google.com.sg *.googleadservices.com *.vica.gov.sg https://analytics.google.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com assets.wogaa.sg https://assets.dcube.cloud/fonts/ *.vica.gov.sg www.googletagmanager.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: *.doubleclick.net https://px.ads.linkedin.com https://tracking.monsido.com *.vica.gov.sg wogadobeanalytics.sc.omtrdc.net *.adsymptotic.com https://cm.everesttech.net/ https://dpm.demdex.net/ forms.cwp.gov.sg www.google.com www.google.com.sg clients1.google.com va.ecitizen.gov.sg *.google-analytics.com *.facebook.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com *.googleadservices.com https://analytics.google.com/ www.googletagmanager.com blob: 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com assets.wogaa.sg https://assets.dcube.cloud/fonts/ va.ecitizen.gov.sg s3-us-west-2.amazonaws.com *.vica.gov.sg data:; frame-src https://*.demdex.net/ *.facebook.com forms.cwp.gov.sg www.youtube.com *.onemap.sg *.onemap.gov.sg cse.google.com *.doubleclick.net online.pubhtml5.com *.google.com *.gstatic.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.facebook.com *.doubleclick.net snowplow-sentiments.wogaa.sg api.sentiments.wogaa.sg dpm.demdex.net snowplow-web.wogaa.sg https://*.dcube.cloud va.ecitizen.gov.sg *.mktoresp.com *.google-analytics.com *.vica.gov.sg wss://chat.vica.gov.sg/ https://analytics.google.com/ 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com web.facebook.com badge.stumbleupon.com *.facebook.com https://forms.cwp.gov.sg 'self' web-chat.nativechat.com 1
frame-ancestors 'self' https://teams.microsoft.com 1
Content-Security-Policy: default-src f1miamigp.com *.pcdn.co *.okta.com 1
img-src * data: 1
default-src https:; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 'unsafe-eval' 'report-sample'; img-src https: data:; form-action https:; connect-src https: wss:; object-src 'none'; worker-src https: wss: blob:; upgrade-insecure-requests 1
frame-ancestors *.wizard101.com *.pirate101.com 1
default-src 'self' https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ https://use.fontawesome.com/releases/v5.3.1/css/ https://cdn-prod.securiti.ai/ https://fonts.googleapis.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn-prod.securiti.ai/ https://app.securiti.ai/ https://cdnjs.cloudflare.com/ajax/libs/ https://code.jquery.com/jquery-3.3.1.min.js https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ https://connect.facebook.net/ https://www.facebook.com/tr/;font-src 'self' https://use.fontawesome.com/releases/v5.3.1/webfonts/ https://fonts.gstatic.com/;connect-src 'self' https://www.google-analytics.com/ https://cdn-prod.securiti.ai/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://app.securiti.ai/; frame-src 'self' https://www.google.com/recaptcha/ https://calculadora.registrodeimoveis.org.br/ https://www.youtube.com/ https://docs.google.com/;frame-ancestors 'self' ; img-src 'self' https://www.registrodeimoveis.org.br/ https://registrodeimoveis.org.br/ http://www.testes.registrodeimoveis.org.br/ http://testes.registrodeimoveis.org.br/ https://www.facebook.com/tr/ https://connect.facebook.net/ https://*.googleapis.com/ https://www.google.com.br/ https://www.google-analytics.com/ https://i.ytimg.com blob: data: ; 1
default-src 'self';			script-src 'self' 'unsafe-inline' 'unsafe-eval' content.brightsign.biz pi.pardot.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.googleadservices.com *.g.doubleclick.net *.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com player.vimeo.com connect.facebook.net *.hotjar.com js.zi-scripts.com ws-assets.zoominfo.com schedule.zoominfo.com *.bugherd.com *.pusher.com *.calendly.com *.segment.io cdn-cookieyes.com;			style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com tagmanager.google.com fonts.googleapis.com *.hotjar.com *.calendly.com cdn-cookieyes.com;			object-src 'none';			base-uri 'self';			connect-src 'self' *.analytics.google.com adservice.google.com *.g.doubleclick.net *.googlesyndication.com *.google-analytics.com *.googletagmanager.com *.google.com *.facebook.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.hotjar.com *.hotjar.io wss://*.hotjar.com js.zi-scripts.com ws.zoominfo.com api.schedule.zoominfo.com *.bugherd.com sessions.bugsnag.com *.pusher.com  wss://*.pusher.com *.brightsign.biz *.google.pl *.google.si notify.bugsnag.com log.cookieyes.com cdn-cookieyes.com;			font-src 'self' data: fonts.gstatic.com *.hotjar.com;			form-action 'self' connect.facebook.net www.facebook.com;			frame-ancestors 'self';			frame-src 'self' bid.g.doubleclick.net td.doubleclick.net *.googlesyndication.com *.google.com *.facebook.com player.vimeo.com *.youtube.com *.youtube-nocookie.com *.bugherd.com *.calendly.com calendly.com;			img-src 'self' *.pardot.com *.brightsign.biz data: *.vimeocdn.com *.google.com *.google-analytics.com  *.googletagmanager.com *.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com *.gstatic.com *.facebook.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com secure.gravatar.com *.cloudfront.net tools.applemediaservices.com apple-resources.s3.amazonaws.com *.hotjar.com *.bugherd.com bugherd-attachments.s3.amazonaws.com www.linkedin.com cdn-cookieyes.com;			manifest-src 'self';			media-src 'self' brightsignbiz.s3.amazonaws.com;			worker-src 'none';			report-uri https://updates.synapseresults.com/csp-violation-report/;		 1
frame-ancestors 'self' https://prdsales.int.n-ergie https://prdnetz.int.n-ergie https://prdnim.int.n-ergie https://prduews.int.n-ergie https://*.usercentrics.eu; 1
default-src www.google.com www.gstatic.com *.pendo.io pendo-static-4766602228924416.storage.googleapis.com pendo-io-static.storage.googleapis.com cdn.cookielaw.org 'self' 'unsafe-inline' 'unsafe-eval' blob: ; img-src 'self' data: blob: *.pendo.io pendo-static-4766602228924416.storage.googleapis.com; frame-ancestors 'self' https://www.ep.com https://shop.ep.com app.pendo.io 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.studentsofhistory.com https://www.educationalistmethod.com https://www.studentsofcivics.com 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;media-src 'self' 'unsafe-inline' *;font-src 'self' 'unsafe-inline' *;frame-src 'self' *; img-src 'self' data: *;connect-src * 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: filesystem: *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com;frame-ancestors 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://*.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://www.pinterest.com https://www.pinterest.co.uk https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://ct.pinterest.com https://analytics.tiktok.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://c.lytics.io; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://checkout.toblerone.co.uk https://www.toblerone.co.uk/ https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net  https://s1.thcdn.com/ https://s.pinimg.com https://analytics.tiktok.com https://*.ibytedtos.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://c.lytics.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com/ https://c.lytics.io; upgrade-insecure-requests; report-to report-endpoint 1
script-src www.gstatic.com *.360-value.com 360-value.com www.googletagmanager.com find pcagentgroup.com stillwater.com stillwaterinsurance.com *.stillwater.com *.stillwaterinsurance.com https://verify.authorize.net https://www.google-analytics.com https://seal.digicert.com *.providesupport.com *.googleapis.com https://na4.smartcommunications.cloud https://js-agent.newrelic.com *.nr-data.net https://connect.facebook.net https://www.demotech.com demotech.com *.smartystreets.com 'unsafe-eval' 'unsafe-inline'; object-src www.gstatic.com www.googletagmanager.com find pcagentgroup.com stillwater.com stillwaterinsurance.com *.stillwater.com *.stillwaterinsurance.com https://verify.authorize.net https://www.google-analytics.com https://seal.digicert.com *.providesupport.com *.googleapis.com https://na4.smartcommunications.cloud https://js-agent.newrelic.com *.nr-data.net https://connect.facebook.net *.demotech.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.stillwater.com *.cloudinsurer.com *.majesco.com:9443 capacitor://localhost http://localhost; worker-src 'self' blob: 1
font-src 'self' data: *.4flow.cloud  https://fonts.gstatic.com; frame-src 'self' data: *.4flow.cloud ; frame-ancestors 'self' *.4flow.cloud ; connect-src 'self' *.4flow.cloud *.4flow.net https://stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.4flow.cloud https://www.google-analytics.com; img-src 'self' data: *.4flow.cloud *.4flow.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' *.4flow.cloud https://fonts.googleapis.com; default-src 'self' blob: *.4flow.cloud https://www.google.com https://www.youtube.com;, 1
frame-ancestors 'self' outlook.office.com outlook.office365.com *.microsoft.com; 1
report-uri /tpicap/report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cytron.io *.cytron.io cytrontech.vn *.google.com www.googletagmanager.com www.google-analytics.com *.googleadservices.com www.youtube.com *.googleapis.com *.fbcdn.net *.facebook.net *.facebook.com analytics.tiktok.com analytics.pangle-ads.com *.gstatic.com *.googlesyndication.com *.sharethis.com *.omise.co *.stripe.com *.getresponse.com *.gr-cdn.com fonts.bunny.net *.messagebird.com *.bing.com *.goaffpro.com cdn.ampproject.org gist.github.com github.githubassets.com emgithub.com *.emgithub.com *.githubusercontent.com *.addtoany.com developers.onemap.sg *.cloudflare.com *.doubleclick.net *.clarity.ms  *.genial.ly bothelp.io code.jquery.com cdn.jsdelivr.net blob:; img-src * data: blob:; media-src * blob:; 1
frame-ancestors 'self' *.rksk.dk 1
default-src 'self' 'unsafe-inline' https://*;img-src 'self' data: 'unsafe-inline' https://*;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*;style-src 'self' 'unsafe-inline' https://*;font-src 'self';object-src 'none'; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com *.onetrust.com; img-src * data: ; font-src 'self' data: privacyportal-cdn.onetrust.com; connect-src *; object-src 'none'; child-src *.usatoday.com *.themuse.com *.dayforcehcm.com *.office.com *.google.com *.youtube.com *.gannett.com *.formstack.com *.gstatic.com *.app.com *.onetrust.com; frame-ancestors *; upgrade-insecure-requests; sandbox allow-forms allow-modals allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox; base-uri 'self'; report-uri https://reporting-api.gannettinnovation.com; report-to default 1
default-src 'unsafe-inline' 'unsafe-eval' https: blob:;img-src * data: blob:;font-src * data:; 1
frame-ancestors 'none'; font-src 'self'; form-action 'self'; img-src 'self' data: https://imgsct.cookiebot.com https://px.ads.linkedin.com *.basemaps.cartocdn.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; object-src 'self'; 1
default-src 'none'; connect-src 'self' https://mas.bicyclerollingresistance.com; font-src 'self' data: https://cdn.bicyclerollingresistance.com; form-action 'self' https://www.mollie.com https://www.paypal.com; frame-src data: https://disqus.com https://www.youtube-nocookie.com; img-src https: data:; script-src 'self' https://cdn.bicyclerollingresistance.com https://mas.bicyclerollingresistance.com https://bicyclerollingresistance.disqus.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://c.disquscdn.com 'unsafe-inline'; frame-ancestors 'none'; report-uri https://www.bicyclerollingresistance.com/csp/report 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.aseglobal.com *.website-files.com https://d3e54v103j8qbb.cloudfront.net https://platform-api.sharethis.com https://buttons-config.sharethis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.aseglobal.com *.website-files.com https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' data: *.website-files.com https://fonts.gstatic.com; img-src 'self' data: *.aseglobal.com *.website-files.com https://d3e54v103j8qbb.cloudfront.net; connect-src 'self' https://platform-api.sharethis.com https://l.sharethis.com/ https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com; media-src 'self' *.aseglobal.com *.website-files.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
default-src 'self' tpc.googlesyndication.com;prefetch-src 'self' tpc.googlesyndication.com *.googlesyndication.com;connect-src 'self' securepubads.g.doubleclick.net csi.gstatic.com api.hubspot.com forms.hubspot.com pagead2.googlesyndication.com www.google-analytics.com www.facebook.com stats.g.doubleclick.net api.hubapi.com forms.hsforms.com ct.pinterest.com api.traversedlp.com onesignal.com hubspot-forms-static-embed.s3.amazonaws.com analytics.google.com region1.analytics.google.com k.p-n.io;font-src 'self' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com use.typekit.net data:;img-src 'self' data: * s3.amazonaws.com aimmedia.com *.aimmedia.com www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net *.cuisinelibrary.com images.contentful.com former.cuisineathome.com images.ctfassets.net tpc.googlesyndication.com www.google.com securepubads.g.doubleclick.net www.facebook.com pagead2.googlesyndication.com ad.doubleclick.net csi.gstatic.com *.amazon-adsystem.com images-na.ssl-images-amazon.com images.ahpc.us track.hubspot.com forms.hubspot.com pix.revjet.com cdn.revjet.com log.pinterest.com ct.pinterest.com media.pushlycdn.com;manifest-src 'self';media-src 'self' data: videos.ctfassets.net s3.amazonaws.com assets.ctfassets.net;object-src 'self';script-src 'self' 'unsafe-inline' blob: www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com code.jquery.com securepubads.g.doubleclick.net connect.facebook.net browser-update.org adservice.google.com cdn.ampproject.org www.googletagservices.com images.ahpc.us js.hs-scripts.com *.augusthome.com optimize.google.com tpc.googlesyndication.com pagead2.googlesyndication.com js.hs-analytics.net js.hsleadflows.net js.usemessages.com vjs.zencdn.net js.hs-banner.com assets.pinterest.com browser-update.org stackpath.bootstrapcdn.com js.hsadspixel.net assets.pinterest.com s.pinimg.com ndn.statistinamics.com js-na1.hs-scripts.com static.traversedlp.com *.s3.amazonaws.com cdn.onesignal.com onesignal.com js.hsforms.net forms.hsforms.com bat.bing.com www.aimmedia.com cdn.p-n.io js.hubspot.com olytics.omeda.com;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net vjs.zencdn.net onesignal.com olytics.omeda.com;base-uri 'self' optimize.google.com;form-action 'self' *;frame-ancestors 'self' optimize.google.com;frame-src 'self' www.youtube.com staticxx.facebook.com tpc.googlesyndication.com optimize.google.com www.googletagservices.com www.megaphone.fm www.google.com *.safeframe.googlesyndication.com assets.pinterest.com playlist.megaphone.fm www.facebook.com pagead2.googlesyndication.com forms.hubspot.com cdn.onesignal.com cuisineathome.os.tc forms.hsforms.com ct.pinterest.com;worker-src 'self' k.p-n.io; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.finam.dev https://*.finam.ru https://*.limex.me https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://mc.yandex.ru https://*.jquery.com https://*.bootstrapcdn.com https://*.fontawesome.com https://*.datatables.net https://www.google.com https://www.gstatic.com https://www.youtube.com https://youtube.com; style-src 'self' 'unsafe-inline' https://*.finam.ru https://*.bootstrapcdn.com https://*.datatables.net https://*.whotrades.com https://whotrades.com https://*.googleapis.com; frame-src  'self' https://*.finam.dev https://*.finam.ru https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://coreapp.ai https://*.coreapp.ai https://mc.yandex.ru https://www.google.com https://www.youtube.com https://youtube.com https://rutube.ru https://vk.com; connect-src 'self' ws: wss://whotrades.com https://*.finam.ru https://limex.com https://limex.me https://*.whotrades.net https://*.whotrades.com  https://whotrades.com https://*.j2t.com https://*.just2trade.com https://mc.yandex.ru https://mc.yandex.md https://mc.yandex.com https://coreapp.ai https://fin-masters.ru ; img-src 'self' data: https://*.yandex.net https://*.finam.ru https://*.limex.me https://*.whotrades.net https://*.whotrades.com https://whotrades.com https://*.ytimg.com https://mc.yandex.ru https://www.gstatic.com https://*.amazonaws.com; font-src 'self' https://*.finam.ru https://fonts.gstatic.com https://yastatic.net; object-src 'none'; report-uri https://str.finam.ru/api/23/security/?sentry_key=fe9f28263f094167b5cfa62b358185d3&sentry_environment=prod_finms 1
frame-src 'self'  https://*.zf.com https://*.dynamics.com/ https://embed.neospace.io/ https://app.powerbi.com https://684e6358a25146d7b2463db408d33a1e.svc.dynamics.com https://maps.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com; child-src 'self'  https://*.youtube.com https://*.youtube-nocookie.com https://*.instagram.com https://*.twitter.com ; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net https://cdnapi.kaltura.com https://api.de.kaltura.com https://cdnapisec.kaltura.com https://*.zf.com https://skk.erecruiter.pl https://mktdplp102cdn.azureedge.net/public/latest/js/form-loader.js https://vjs.zencdn.net https://cdn.syndication.twimg.com https://cdn.cookielaw.org https://*.twitter.com https://*.facebook.net https://*.piwik.pro https://maps.googleapis.com; frame-ancestors 'self' https://*.zf.com https://araiv.com https://www.zffcn.com https://zf-lifetec.com https://*.dynamics.com/ https://*.microsoft.com https://*.azureedge.net; 1
frame-ancestors 'self' http://localhost http://localhost:4100 http://localhost:4200 http://localhost:4202 https://nakachain.xyz/ https://dev.nakachain.xyz/ https://*.nakachain.xyz/ https://ordinals.com https://dev.runechain.com https://runechain.com https://*.runechain.com https://dev.eternalai.org https://eternalai.org https://*.eternalai.org https://*.tradingview.com/ https://www.tradingview-widget.com; frame-src 'self' http://localhost http://localhost:4100 http://localhost:4200 http://localhost:4202 https://nakachain.xyz/ https://dev.nakachain.xyz/ https://*.nakachain.xyz/ https://ordinals.com https://dev.runechain.com https://runechain.com https://*.runechain.com https://dev.eternalai.org https://eternalai.org https://*.eternalai.org https://*.tradingview.com/ https://www.tradingview-widget.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rnv-online.de *.cookiebot.com www.google.com www.gstatic.com www.googletagmanager.com https://ajax.googleapis.com https://siteimproveanalytics.com https://cdn.siteimprove.net https://widget.solvemate.com https://player.podigee-cdn.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: https://*.rnv-online.de https://images.solvemate.com https://widget.solvemate.com https://*.siteimproveanalytics.io https://www.googletagmanager.com https://img.youtube.com https://i.ytimg.com https://imgsct.cookiebot.com; base-uri 'self' https://widget.solvemate.com; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com *.rnv-online.de www.google.com https://widget.solvemate.com https://player.podigee-cdn.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; form-action 'self' https://www.rnv-online.de https://*.cleverreach.com; style-src 'self' 'unsafe-inline' *.cookiebot.com https://widget.solvemate.com https://player.podigee-cdn.net 'report-sample'; font-src 'self' data: https://*.rnv-online.de https://widget.solvemate.com https://player.podigee-cdn.net; worker-src blob:; connect-src 'self' https://www.rnv-online.de https://consentcdn.cookiebot.com https://api.solvemate.com https://widget.solvemate.com https://noembed.com; frame-ancestors 'self' https://*.rnv-online.de; report-uri https://www.rnv-online.de/@http-reporting?csp=report&requestTime=1715637643032838 1
default-src 'self';img-src 'self' https://cdn.dnsimple.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.kampyle.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.medallia.eu *.netdirector.co.uk *.omtrdc.net *.pinimg.com *.pinterest.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net b-cdn.net config.landrover.com decibel.com landroverusa.com leasinglandrover.de psyma.com scene7.com sophus3.com syndication.kbb.com userlike.com web.app www.leasinglandrover.de pinimg.com pinterest.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com *.configureconnect.com wss://lo.msg.liveperson.net data: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net/ https://ajax.cloudflare.com/ https://tag.goadopt.io https://app.cybba.solutions/user https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/en_US/fbevents.js https://consumidor.quod.com.br/ https://d2rp1k1dldbai6.cloudfront.net/ https://extend.vimeocdn.com/ https://files1.cybba.solutions/ https://script.hotjar.com/ https://connect.facebook.net https://px4.ads.linkedin.com https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://snap.licdn.com/ https://static.hotjar.com/ https://tag.rmp.rakuten.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googleoptimize.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.rtb123.com/ https://www.youtube.com/ https://storage.googleapis.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://px4.ads.linkedin.com https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://snap.licdn.com https://optimize.google.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.google.com/ https://cdn.linkedin.oribi.io https://analytics.google.com/ https://disclaimer-api.goadopt.io https://gy6d96.api.infobip.com https://vc.hotjar.io https://in.hotjar.com https://pro.ip-api.com https://stats.g.doubleclick.net https://www.google-analytics.com wss://ws2.hotjar.com https://directline.botframework.com/; font-src 'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:; frame-src 'self' https://www.youtube.com https://optimize.google.com https://player.vimeo.com https://connect.facebook.net https://px4.ads.linkedin.com https://www.facebook.com https://px.ads.linkedin.com https://www.linkedin.com https://snap.licdn.com https://vars.hotjar.com; img-src 'self' https://consent.linksynergy.com https://googleads.g.doubleclick.net https://i.vimeocdn.com https://images.quod.com.br https://px.ads.linkedin.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://connect.facebook.net https://px4.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://snap.licdn.com https://p.adsymptotic.com https://optimize.google.com https://www.gravatar.com data:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'none'; base-uri 'self' https://altoplan.de https://www.altoplan.de; child-src 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data: 1
default-src 'unsafe-inline' 'self' 'unsafe-eval' data: yandex.ru *.yandex.ru 1
default-src 'self' 'unsafe-inline' https://px.ads.linkedin.com/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://cdn.cookielaw.org/  'unsafe-eval';frame-src 'self' https://www.cvent.com/ https://cvent.me/ https://td.doubleclick.net/ https://player.vimeo.com/ https://www.google.com/ https://www.facebook.com/ https://go.planmeca.com/ https://www.instagram.com/ https://www.expressmagnet.eu/ https://planmecauniversity.formstack.com/ https://app.acuityscheduling.com/ https://app.smartsheet.com/ https://jobs.localjobnetwork.com/ *.adsrvr.org/ https://go.pardot.com/;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.cvent-assets.com/ https://www.cvent.com/ https://use.typekit.net/ https://dl.episerver.net/ https://cdn.jsdelivr.net/ https://cdn.cookielaw.org/ https://az416426.vo.msecnd.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://pi.pardot.com/pd.js https://snap.licdn.com/ https://pixel-geo.prfct.co/ https://tag.marinsm.com/ https://js.hs-scripts.com/ https://assets.ubembed.com/ https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://googleads.g.doubleclick.net/ https://player.vimeo.com/ https://js.adsrvr.org/ https://www.google.com/ https://www.gstatic.com/ https://edbffcf8ca294c9a869d448b435b34d4.js.ubembed.com/ https://koi-3qnpluiqjk.marketingautomation.services/ https://opusdental.us7.list-manage.com/ https://analytics.clickdimensions.com/ https://script.crazyegg.com/ https://maps.googleapis.com/ https://www.instagram.com/embed.js https://ecn.dev.virtualearth.net/ https://*.bing.com/ https://dev.virtualearth.net/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/ https://pi.pardot.com/ https://go.planmeca.com/ https://tag.perfectaudience.com/ https://*.formstack.com/ https://ajax.googleapis.com/;font-src 'self' https://www.cvent-assets.com/ https://fonts.gstatic.com/ https://static.formstack.com/ https://use.typekit.net/ data:;img-src * 'self' data: https://cdn.cookielaw.org/ https://www.facebook.com/ https://www.google.com/ https://track.hubspot.com/ https://www.google.se/ https://forms.hsforms.com/ https://px.ads.linkedin.com/ https://secure.adnxs.com/ https://pixel-geo.prfct.co/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://maps.gstatic.com/ https://i.vimeocdn.com/ https://t.ssl.ak.dynamic.tiles.virtualearth.net/ https://r.bing.com/ https://mb.cision.com/ https://*.linkedin.com/ https://www.google.fi/ https://ups.analytics.yahoo.com/ https://us-u.openx.net/ *.analytics.google.com/ *.google-analytics.com/ https://analytics.twitter.com/ *.doubleclick.net/ https://www.google.co.in/ https://www.google.ie/;connect-src 'self' https://www.cvent.com/ https://cdn.cookielaw.org/ https://dc.services.visualstudio.com/ https://forms.hscollectedforms.net/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://script.crazyegg.com/ https://maps.googleapis.com/ https://vimeo.com/ https://www.bing.com/ https://geolocation.onetrust.com/ https://tracking.crazyegg.com/ https://*.formstack.com/ *.analytics.google.com/ *.google-analytics.com/ https://analytics.google.com *.onetrust.com https://*.linkedin.com/ https://publish.ne.cision.com/;style-src 'self' https://www.cvent-assets.com/ https://r.bing.com/ 'unsafe-inline' https://fonts.googleapis.com/ https://static.formstack.com/ https://go.planmeca.com/https://www.cvent.com/;worker-src blob:;frame-ancestors 'self' cvent.com *.cvent.com; 1
upgrade-insecure-requests; frame-ancestors https://www.myrtlebeach.com; 1
frame-ancestors 'self'; default-src *.google-analytics.com *.google.com *.google.cz www.googletagmanager.com *.googleapis.com *.doubleclick.net *.linkedin.oribi.io www.youtube.com i.ytimg.com yt3.ggpht.com sprymedia.co.uk static.teamguru.com connect.facebook.net platform.twitter.com *.smartlook.cloud rec.smartlook.com snap.licdn.com px.ads.linkedin.com *.gstatic.com p.adsymptotic.com *.vimeo.com 'self' 'unsafe-inline' 'unsafe-eval' blob:; img-src *.teamguru.com *.youtube.com *.linkedin.com *.ytimg.com *.ggpht.com 'self' 1
default-src blob: https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval';img-src 'self' data: https:;font-src 'self' data: https:;worker-src blob: https:;frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ravenation.club; img-src 'self' https: data: blob: https://ravenation.club; style-src 'self' https://ravenation.club 'nonce-17dbH50kxEx8yZu5drVSOQ=='; media-src 'self' https: data: https://ravenation.club; frame-src 'self' https:; manifest-src 'self' https://ravenation.club; form-action 'self'; child-src 'self' blob: https://ravenation.club; worker-src 'self' blob: https://ravenation.club; connect-src 'self' data: blob: https://ravenation.club https://media.ravenation.club wss://ravenation.club; script-src 'self' https://ravenation.club 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline'; font-src 'self' fonts.gstatic.com; img-src 'self' wjd.nu; script-src-elem 'self' 'unsafe-inline' code.jquery.com; style-src-elem 'self' fonts.googleapis.com; 1
default-src 'self' maxcdn.bootstrapcdn.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.onlineafspraken.nl *.facebook.net  *.jsdelivr.net *.mouseflow.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;script-src-elem 'self' 'unsafe-inline' *.onlineafspraken.nl *.facebook.net *.jsdelivr.net *.mouseflow.com portal.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;connect-src 'self' *.jsdelivr.net *.onlineafspraken.nl code.jquery.com portal.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;manifest-src 'self';img-src 'self' *.onlineafspraken.nl *.facebook.net *.facebook.com *.ytimg.com data: *.websecurityscan.eu *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.google.com *.google.nl *.gstatic.com *.doubleclick.net;style-src 'self' 'unsafe-inline' *.onlineafspraken.nl fonts.googleapis.com maxcdn.bootstrapcdn.com *.websecurityscan.eu;style-src-elem 'self' 'unsafe-inline' *.onlineafspraken.nl fonts.googleapis.com maxcdn.bootstrapcdn.com *.websecurityscan.eu;base-uri 'self';frame-src 'self' *.facebook.com *.youtube.com *.youtu.be *.google.com portal.websecurityscan.eu;font-src 'self' *.onlineafspraken.nl maxcdn.bootstrapcdn.com fonts.gstatic.com 1
script-src 'nonce-uljSN7ZqL5W89kGDFPjtdw==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=AFaeAbxO0Yj4zXjCcmCxI-i3Dylg3tu8laGd0XcaOwqA8pxNG-vhguyeDJ3xqcDQyx-i&policy_id=9&user_id=&request_id=4e067358-e4f5-46d8-9a9d-0ee8ac6028aa; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
default-src https://www.prioritycolo.com https://mrtg.prioritycolo.com https://api.na.bambora.com https://api.paypal.com https://www.google.com https://www.gstatic.com 'unsafe-inline'; 1
default-src 'self' *.atlantiscasino.com *.curator.io curator-assets.b-cdn.net *.doubleclick.net *.fontawesome.com *.google.com *.googleapis.com *.google-analytics.com *.jotform.com *.jotfor.ms *.monarchblackhawk.com *.monarchrewards.com *.opentable.com *.otstatic.com *.triptease.io atlantiscasino.com insiderdata360online.com monarchblackhawk.com monarchrewards.com in.hotjar.com reservations.travelclick.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accuweather.com *.curator.io curator-assets.b-cdn.net *.doubleclick.net *.eloqua.com *.en25.com *.facebook.com *.fontawesome.com *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.jotform.com *.jotfor.ms *.jscache.com *.jsdelivr.net *.linkedin.com *.opentable.com *.otstatic.com *.sojern.com *.tacdn.com *.tripadvisor.com *.twimg.com *.twitter.com *.wufoo.com *.youtube.com *.triptease.io *.hotjar.com *.adsrvr.org ajax.aspnetcdn.com cdn.ampproject.org cdnjs.cloudflare.com cdn.digitrust.mgr.consensu.org connect.facebook.net dec.azureedge.net googleapis.com insiderdata360online.com js.hs-analytics.net js.hs-scripts.com munchkin.marketo.net platform.stumbleupon.com reservations.travelclick.com s.ytimg.com wwws-usa2.givex.com www.tcgms.net; style-src 'self' 'unsafe-inline' *.accuweather.com *.curator.io curator-assets.b-cdn.net *.google.com *.googleapis.com *.gstatic.com *.jotfor.ms *.opentable.com *.otstatic.com *.tacdn.com *.twimg.com *.twitter.com dec.azureedge.net kendo.cdn.telerik.com netdna.bootstrapcdn.com; font-src 'self' *.gstatic.com *.jotfor.ms *.opentable.com *.otstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.tacdn.com; img-src 'self' *.adsrvr.org *.atlantiscasino.com *.curator.io curator-assets.b-cdn.net *.dec.sitefinity.com *.facebook.com *.google-analytics.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.jotfor.ms *.jotform.com *.linkedin.com *.monarchblackhawk.com *.monarchrewards.com *.noaa.gov *.sojern.com *.twimg.com *.twitter.com *.youtube.com atlantiscasino.com collector-6672.tvsquared.com dec.azureedge.net delicious.com monarchblackhawk.com monarchrewards.com platform.tumblr.com static.licdn.com static.tacdn.com www.redditstatic.com data: blob: *.accuweather.com *.atlantiscasino.com *.doubleclick.net *.eloqua.com *.google.com *.googletagmanager.com *.monarchblackhawk.com *.monarchrewards.com *.tripadvisor.com atlantiscasino.com i.ytimg.com insiderdata360online.com monarchblackhawk.com monarchrewards.com oxblue.com track.hubspot.com *.logtrackback.com placedog.net placekitten.com; media-src 'self' data: blob: *.atlantiscasino.com *.curator.io curator-assets.b-cdn.net *.monarchblackhawk.com *.monarchrewards.com atlantiscasino.com monarchblackhawk.com monarchrewards.com; frame-src 'self' *.atlantiscasino.com *.chargerback.com *.doubleclick.net *.facebook.com *.freedompay.com *.google.com *.googletagmanager.com *.jotform.com *.monarchblackhawk.com *.monarchrewards.com *.opentable.com *.speedrfp.com *.travelsmarter.net *.tripadvisor.com *.triptease.io *.videopoker.com *.wufoo.com *.youtube.com atlantiscasino.com cdn.digitrust.mgr.consensu.org hpc.freedompay.com monarchblackhawk.com monarchrewards.com tcgms.net insight.adsrvr.org vars.hotjar.com widget-seat.rguest.com www.kenousa.com www.tcgms.net wwws-usa2.givex.com s.tradingview.com tpc.googlesyndication.com reservemodernwidget.onagilysys.com *.flipsnack.com; 1
font-src fonts.gstatic.com use.typekit.net *.webengage.com *.webengage.co *.lively.li *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com/tr/ *.webengage.com *.webengage.co *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.freshchat.com https://www.facebook.com *.trustpilot.com https://caratlane.demdex.net *.google.com *.criteo.com/ *.rudderstack.com *.rudderlabs.com *.webengage.com *.webengage.co *.lively.li wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.zego.im *.coolzcloud.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://*.talkable.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * speedsize.com *.speedsize.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.caratlane.us *.caratlane.com *.webengage.com *.webengage.co *.google.co.in *.google.com *.bing.com *.adsrvr.org *.pinterest.com wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.cloudfront.net *.aralego.net *.bidswitch.net *.criteo.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.socdm.com *.casalemedia.com *.dable.io *.adingo.jp *.adgrx.com *.adnxs.com *.yieldmo.com *.clmbtech.com *.smaato.net *.pubmatic.com *.outbrain.com *.rlcdn.com *.360yield.com *.doubleclick.net *.stickyadstv.com *.aralego.com *.lively.li *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.s3.ap-south-1.amazonaws.com *.adform.net *.zego.im *.coolzcloud.com *.klarnacdn.net *.klarna.com *.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com speedsize.com *.speedsize.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.freshchat.com *.gstatic.com *.facebook.com *.trustpilot.com *.criteo.com *.criteo.net https://bam.nr-data.net *.google.com https://maps.googleapis.com https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/en_gb/common.js https://maps.googleapis.com/maps-api-v3/api/js/46/8/intl/en_gb/util.js https://www.google.com/recaptcha/api2/webworker.js *.caratlane.com *.rudderstack.com *.rudderlabs.com *.webengage.com *.webengage.co *.mountain.com *.bing.com *.clarity.ms *.lively.li *.pinimg.com *.stackadapt.com https://qvdt3feo.com *.klarnaservices.com *.klarna.com wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.zego.im *.coolzcloud.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com https://d2jjzw81hqbuqv.cloudfront.net *.googletagmanager.com *.facebook.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.freshchat.com *.webengage.com *.webengage.co *.stackadapt.com *.lively.li *.klarnacdn.net wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.zego.im *.coolzcloud.com *.amazonaws.com *.fontawesome.com unsafe-inline assets.braintreegateway.com speedsize.com *.speedsize.com *.trustpilot.com 'self' 'unsafe-inline'; object-src *.caratlane.us 'self' 'unsafe-inline'; media-src *.adobe.com *.caratlane.us *.lively.li wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.zego.im *.coolzcloud.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.freshchat.com *.doubleclick.net https://www.facebook.com https://bam.nr-data.net https://sslwidget.criteo.com/event https://widget.us.criteo.com/event *.caratlane.com *.rudderstack.com *.rudderlabs.com *.webengage.com *.webengage.co *.caratlane.us *.stackadapt.com *.clarity.ms *.googleapis.com *.criteo.com *.mountain.com *.pinterest.com *.facebook.net wss://253ul4moik.execute-api.ap-south-1.amazonaws.com *.klarnaevt.com *.klarna.com *.lively.li *.execute-api.ap-south-1.amazonaws.com *.webflow.com *.gumlet.io *.coolzcloud.com wss://accesshub-wss.coolzcloud.com *.zego.im wss://accesshub-wss.zego.im *.zegocloud.com wss://accesshub-wss.zegocloud.com wss://weblogger1793642705-api.coolzcloud.com *.amazonaws.com *.us-global-uscl.s3.us-east-2.amazonaws.com *.us-global-uscl.s3.amazonaws.com *.stripe.com klarna.com *.klarnacdn.net *.google-analytics.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com speedsize.com *.speedsize.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src speedsize.com *.speedsize.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; child-src blob: feed.pghub.io pandg.tapad.com ; media-src * 'self' data: https: blob: ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: https: ; frame-src * ; 1
default-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';script-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob:  'self' 'unsafe-inline' 'unsafe-eval';style-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self' 'unsafe-inline';img-src * data: blob: filesystem: cid:;connect-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob: data:  'self';base-uri *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';form-action *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';object-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';frame-ancestors *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';font-src data: *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net 'self';media-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob: file: blob: https://videodelivery.net 'self';frame-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net https://www.youtube.com https://player.vimeo.com data: mailto: blob: ;manifest-src 'self';worker-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob: 'self';child-src *.opterus.net *.pndsn.com *.cloudflare.com videodelivery.net blob: 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval';               img-src 'self' data: https://adfs5.metro.info https://www.google-analytics.com *.qualtrics.com 1634.global.siteimproveanalytics.io ssl.siteimprove.com *.facebook.com csi.gstatic.com maps.googleapis.com maps.gstatic.com *.twimg.com *.twitter.com www.gstatic.com app.miag.com maintenance.metroag.de mfpembedcdnweu.azureedge.net *.metroag.de *.metroag.eu *.metrogroup.de *.miag.com *.metro-cc.com *.metronom.com *.metro-wholesale.de *.metro-wholesale.com *.metro-properties.de *.metro-gruenderstudie.de *.metro-startupstudy.com *.metrosystems.ro *.metro-advertising.de *.metro-advertising.com *.metro-advertising.pl *.handel-erklaert.de *.metro-sourcing.hk *.metro-logistics.de *.metro-campus.de *.metro-services.in *.metro-services.pl *.mpulse.de *.metro-unboxed.de *.metro-unboxed.com *.metro-potentials.com *.arbeitgeber-ahd.de *.metro-competencies.com *.metro-trainingcenter.de www.openpetition.de *.wirsindgekommenumzubleiben.de *.metro-global-solution-center.in *.metro.digital *.metro-gsc.in *.metro-gsc.pl *.metro-gsc.com px.ads.linkedin.com bscmiagbot.metro.de i.ytimg.com https://www.googletagmanager.com;        style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cloud.typography.com *.metroag.de *.twitter.com www.gstatic.com d1azc1qln24ryf.cloudfront.net *.twimg.com;        font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com fonts.googleapis.com d1azc1qln24ryf.cloudfront.net www.openpetition.de;        frame-src 'self' *.facebook.com www.youtube.com *.walls.io plugins.flockler.com charts3.equitystory.com *.twitter.com www.google.com dev.dieproduktion.de *.own-business-day.com forms.office.com login.microsoftonline.com t.email.metro.de feedback.metro-cc.com metro.online-report.eu bscmiagbot.metro.de;        upgrade-insecure-requests;               block-all-mixed-content;        script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com *.qualtrics.com ssl.siteimprove.com siteimproveanalytics.com connect.facebook.net ajax.googleapis.com code.jquery.com  maps.googleapis.com www.youtube.com s.ytimg.com code.highcharts.com cdn.jsdelivr.net edge-cdn.net dl.videos.metrosystems.net *.twimg.com *.twitter.com www.gstatic.com  mfpembedcdnweu.azureedge.net app.mailjet.com www.openpetition.de bscmiagbot.metro.de snap.licdn.com;        connect-src 'self' *.google-analytics.com *.qualtrics.com *.twitter.com *.facebook.com bscmiagbot.metro.de 1634.global.siteimproveanalytics.io;        frame-ancestors 'self';                   worker-src blob:;        media-src 'self' data:; 1
frame-ancestors 'self' http://metrocouncil.granicus.com 1
default-src 'self' https://www.mirdvornikov.ru; connect-src 'self' https://yandex.ru/ads/adfox/1503404/ https://top-fwz1.mail.ru  https://mc.yandex.com/ https://yandex.ru/clck/ https://analytics.google.com https://region1.analytics.google.com https://region1.google-analytics.com https://www.mirdvornikov.ru https://www.facebook.com/tr/ https://o354851.ingest.sentry.io https://widget.me-talk.ru wss://widget.me-talk.ru wss://widget.apibcknd.com https://widget.apibcknd.com https://static.me-talk.ru/API/DOCS/onlineChatAssets/json/f/3/f302aeeda1c251762669ddab75ed76ca/ https://www.google-analytics.com https://stats.g.doubleclick.net https://mc.webvisor.org https://mc.yandex.md https://mc.yandex.ru;  font-src 'self' https://yastatic.net/ https://www.mirdvornikov.ru data: https://maxcdn.bootstrapcdn.com;  form-action 'self' https://pay.modulbank.ru https://www.mirdvornikov.ru https://www.facebook.com/tr/ https://money.yandex.ru/eshop.xml https://yoomoney.ru/;  frame-src 'self'  https://mc.yandex.com https://vk.com/widget_community.php https://login.vk.com https://www.mirdvornikov.ru  https://www.banki.ru/insurance/ https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://www.youtube.com https://yandex.ru https://f302aeeda1c251762669ddab75ed76ca.me-talk.ru blob: https://mc.yandex.ru;  img-src 'self' https://top-fwz1.mail.ru/ https://banners.adfox.ru/ https://ads.adfox.ru/ https://www.mirdvornikov.ru https://mc.yandex.com/sync_cookie_image_check https://vk.com/images/upload.gif https://googleads.g.doubleclick.net www.googletagmanager.com https://www.facebook.com/tr/ https://www.google.ae/ads/ga-audiences data: https://api-maps.yandex.ru https://static.me-talk.ru/uploads/avatars/ https://avatars.mds.yandex.net https://img.youtube.com https://mc.webvisor.org https://mc.yandex.ru https://*.maps.yandex.net https://www.google-analytics.com  https://www.google.ru/ads/ga-audiences https://stats.g.doubleclick.net https://www.google.com/ads/;  object-src 'self' https://www.mirdvornikov.ru;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.yandex.com/ https://banners.adfox.ru/ https://yandex.ru/ads/system/context.js https://vk.com/js/api/openapi.js https://top-fwz1.mail.ru https://widget.me-talk.ru/ https://www.banki.ru/static/bundles/ https://top-fwz1.mail.ru/js/code.js https://www.mirdvornikov.ru https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://connect.facebook.net/ https://www.googletagmanager.com https://js.sentry-cdn.com/ https://www.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://static.me-talk.ru/cabinet/build/chat/ https://browser.sentry-cdn.com https://suggest-maps.yandex.ru https://lux.speedcurve.com https://cdn.speedcurve.com/js/lux.js https://mc.yandex.ru https://yastatic.net https://ajax.googleapis.com https://api-maps.yandex.ru https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js https://lcab.talk-me.ru/support/support.js https://static.me-talk.ru/API/DOCS/onlineChatAssets/json/f/3/f302aeeda1c251762669ddab75ed76ca/www.mirdvornikov.ru.js https://*.maps.yandex.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com;  style-src 'self' 'unsafe-inline' https://www.mirdvornikov.ru;  child-src blob: https://mc.yandex.ru; manifest-src https://www.mirdvornikov.ru/manifest.json; 1
default-src 'self' www.cut-e.net fastpath.isvinternet.com op.scharley.ch www.youtube.com player.vimeo.com; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; connect-src 'self' eits.maptq.com eyeintheskyweuropeprod.blob.core.windows.net vidassesscusprod1stdht-secondary.blob.core.windows.net vidassessprodcn-secondary.blob.core.windows.net vidassesssbrprod1stdht-secondary.blob.core.windows.net vidassessseaprod1stdht-secondary.blob.core.windows.net vidassesssinprod1stdht-secondary.blob.core.windows.net viadassesseauprod1stdht-secondary.blob.core.windows.net storagewepvidassess01-secondary.blob.core.windows.net vidassesscusprod1stdht.blob.core.windows.net vidassessprodcn.blob.core.windows.net vidassesssbrprod1stdht.blob.core.windows.net vidassessseaprod1stdht.blob.core.windows.net vidassesssinprod1stdht.blob.core.windows.net viadassesseauprod1stdht.blob.core.windows.net storagewepvidassess01.blob.core.windows.net mediastorageweu1prod.keydelivery.westeurope.media.azure.net mediastorageweu1prod-euwe.streaming.media.azure.net mediastorageweu1prodstd.blob.core.windows.net orchestration.westeurope.cloudapp.azure.com; img-src data: https: blob:; style-src 'unsafe-inline' https:; media-src 'self' blob: eyeintheskyweuropeprod.blob.core.windows.net maptq.com staticfilescdn2.maptq.com vidassesscusprod1stdht-secondary.blob.core.windows.net vidassessprodcn-secondary.blob.core.windows.net vidassesssbrprod1stdht-secondary.blob.core.windows.net vidassessseaprod1stdht-secondary.blob.core.windows.net vidassesssinprod1stdht-secondary.blob.core.windows.net viadassesseauprod1stdht-secondary.blob.core.windows.net storagewepvidassess01-secondary.blob.core.windows.net localhost vidassess.blob.core.cloudapi.de vidassessprod.blob.core.cloudapi.de vidstorage.maptq.com mediastorageweu1prod-euwe.streaming.media.azure.net; font-src data: https: 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.invgate.com https://www.google-analytics.com *.hubspot.com https://scripts.claspo.io ; script-src-elem 'self' *.invgate.com https://snid.snitcher.com *.hubspot.net *.hubspot.com *.claspo.io https://logs.convertexperiments.com/log *.convertexperiments.com https://cdn-4.convertexperiments.com *.hotjar.com https://pagead2.googlesyndication.com https://td.doubleclick.net https://q.quora.com https://a.quora.com https://clarity.microsoft.com https://app.vwo.com https://dev.visualwebsiteoptimizer.com https://optimize.google.com https://js-na1.hs-scripts.com https://js.usemessages.com https://js.intercomcdn.com https://widget.intercom.io https://api.ipify.org https://www.clickcease.com https://web-sdk.smartlook.com https://www.clarity.ms https://s3.amazonaws.com/scripts-clickmeter-com/js/conversion.js https://tpc.googlesyndication.com https://grow.clearbitjs.com https://reveal.ip2c.net https://www.gstatic.com https://www.invgate.com https://cdn.claspo.io https://c.sf-syn.com https://www.googleanalytics.com https://www.google.com https://www.google.com.ar https://www.googleadservices.com https://www.redditstatic.com https://www.invgate.com https://script.claspo.io https://scripts.claspo.io https://static.hsappstatic.net https://platform.linkedin.com https://cdnjs.cloudflare.com https://js.hsleadflows.net https://connect.facebook.net https://js.hs-analytics.net https://platform.twitter.com https://www.googletagmanager.com https://www.googleoptimize.com https://cdn-cookieyes.com https://bat.bing.com https://thedigitalprojectmanager.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://px.ads.linkedin.com https://js.hsforms.net https://js.hs-banner.com https://js.hsadspixel.net  https://www.google-analytics.com https://js.hs-scripts.com https://snap.licdn.com https://*.getkoala.com https://*.cdn.getkoala.com 'unsafe-inline' ; style-src 'self' https://optimize.google.com https://cdn2.hubspot.net https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com https://www.invgate.com  https://www.googletagmanager.com *.invgate.com 'unsafe-inline' https://*.getkoala.com https://*.cdn.getkoala.com ; img-src 'self' data: *.hubspot.net *.hubspot.com *.googleusercontent.com *.googleusercontent.google.com *.invgate.com  *.claspo.io *.clarity.ms *.bing.com *.hotjar.com https://dev.visualwebsiteoptimizer.com https://c.clarity.ms https://connect.facebook.net https://is1-ssl.mzstatic.com https://grow.clearbitjs.com https://cdn-cookieyes.com https://alb.reddit.com https://ct.capterra.com https://www.googletagmanager.com https://www.invgate.com https://invgate.com https://api-na1.hubapi.com https://i.ytimg.com https://forms.hsforms.com https://forms-na1.hsforms.com https://q.quora.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.ar https://t.co https://analytics.twitter.com https://2529496.fs1.hubspotusercontent-na1.net  https://bat.bing.com https://px.ads.linkedin.com https://www.linkedin.com https://www.facebook.com  https://www.google-analytics.com https://optimize.google.com https://perf.hsforms.com https://cdn.claspo.io https://*.getkoala.com https://*.cdn.getkoala.com https://*.google.co.ve/ https://drive.google.com/thumbnail https://drive.lienuc.com/uc; font-src 'self' data: *.invgate.com *.hotjar.com https://fonts.intercomcdn.com https://www.invgate.com https://fonts.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com ; connect-src 'self' https://snid.snitcher.com https://www.google.com.ar/ads *.convertexperiments.com *.invgate.com https://q.quora.com *.hubspot.net *.hubspot.com *.claspo.io *.clarity.ms *.hotjar.io https://dev.visualwebsiteoptimizer.com https://pagead2.googlesyndication.com https://monitor.clickcease.com https://content.hotjar.io wss://ws.hotjar.com https://in.hotjar.com https://metrics.hotjar.io wss://nexus-websocket-a.intercom.io https://api-iam.intercom.io https://manager.eu.smartlook.cloud https://analytics.google.com https://e.clarity.ms https://reveal.ip2c.net https://www.facebook.com https://www.invgate.com https://script.claspo.io https://adservice.google.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://log.cookieyes.com https://cdn-cookieyes.com  https://api.hubapi.com https://www.google-analytics.com https://directory.cookieyes.com https://bat.bing.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://connect.facebook.net https://googleads.g.doubleclick.net https://*.getkoala.com wss: wss://*.getkoala.com https://*.analytics.google.com https://*.ads.linkedin.com/wa/ https://www.googleapis.com https://conversions-config.reddit.com https://www.redditstatic.com https://px.ads.linkedin.com/attribution_trigger; frame-src 'self' *.hubspot.com https://www.youtube-nocookie.com https://td.doubleclick.net https://optimize.google.com https://embed-standalone.spotify.com https://embed.podcasts.apple.com https://tpc.googlesyndication.com https://fast.wistia.net https://www.google.com https://conversions.clickmeter.com https://clickmeter.com https://c.sf-syn.com/conversion_zone_announce/InvGate-Service-Desk https://forms.hsforms.com https://www.invgate.com https://www.googletagmanager.com https://platform.twitter.com https://www.facebook.com https://www.youtube.com https://open.spotify.com https://play.hubspotvideo.com https://meetings.hubspot.com ; report-uri https://invgate.report-uri.com/r/d/csp/reportOnly ; report-to default ; frame-ancestors http://*.invgate.co.uk https://*.invgate.co.uk 1
default-src 'self' https://*.wogaa.sg https://*.dcube.cloud/ https://search.gov.sg; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ *.fontawesome.com cdn.jsdelivr.net 'self' *.googletagmanager.com 'unsafe-inline' 'unsafe-eval' https://cdn.insight.sitefinity.com munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.pagespeed-mod.com www-skillsfuture-gov-sg.cwp-stg.sg www-skillsfuture-gov-sg-admin.cwp-stg.sg www-skillsfuture-revamp-gov-sg-admin.cwp.sg www-skillsfuture-revamp-gov-sg.cwp.sg www-skillsfuture-gov-sg-admin.cwp.sg www.skillsfuture.gov.sg https://api.search.gov.sg https://www.search.gov.sg https://search.gov.sg *.doubleclick.net *.licdn.com https://*.wogaa.sg https://*.dcube.cloud https://walls.io/ https://pixel.mathtag.com/ https://*.adform.net/ https://cdn.evgnet.com/ https://public.tableau.com/ https://skillsfuturesingapore.us-7.evergage.com/ web-chat.nativechat.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net *.fontawesome.com 'self' 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://www.search.gov.sg https://*.wogaa.sg https://*.dcube.cloud web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' https://delicious.com https://dec.azureedge.net *.eloqua.com track.hubspot.com www-skillsfuture-gov-sg.cwp-stg.sg www-skillsfuture-gov-sg-admin.cwp-stg.sg www-skillsfuture-revamp-gov-sg-admin.cwp.sg www-skillsfuture-revamp-gov-sg.cwp.sg www-skillsfuture-gov-sg-admin.cwp.sg www.skillsfuture.gov.sg https://assets.search.gov.sg adserver.adtech.de secure.adnxs.com *.doubleclick.net *.google.com *.google.com.sg https://px.ads.linkedin.com/ https://pixel.mathtag.com/ https://public.tableau.com/ https://px4.ads.linkedin.com/ web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: cdn.jsdelivr.net *.fontawesome.com https://*.wogaa.sg/fonts/ https://*.dcube.cloud https://www.searchsg.wogaa.sg *.search.gov.sg; frame-src 'self' *.cwp.sg *.cwp-stg.sg https://padlet.com/ https://*.walls.io/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ badge.stumbleupon.com *.google.com *.onemap.gov.sg *.onemap.sg https://search.gov.sg https://www.search.gov.sg/ *.facebook.com *.twitter.com *.doubleclick.net https://pixel.mathtag.com/ https://public.tableau.com/ web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.google-analytics.com *.fontawesome.com https://api.search.gov.sg 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google.com https://assets.search.gov.sg https://*.wogaa.sg https://*.dcube.cloud https://stats.g.doubleclick.net/ https://cdn.linkedin.oribi.io/ https://skillsfuturesingapore.us-7.evergage.com/ https://px.ads.linkedin.com/; media-src 'self' data: blob: www-skillsfuture-gov-sg.cwp-stg.sg www-skillsfuture-gov-sg-admin.cwp-stg.sg www-skillsfuture-revamp-gov-sg-admin.cwp.sg www-skillsfuture-revamp-gov-sg.cwp.sg www-skillsfuture-gov-sg-admin.cwp.sg www.skillsfuture.gov.sg; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' *.google.com *.onemap.gov.sg *.onemap.sg https://search.gov.sg https://www.search.gov.sg/ *.facebook.com *.doubleclick.net web-chat.nativechat.com; frame-ancestors 'self' https://search.gov.sg https://www.search.gov.sg/ 1
default-src 'self' https://cdnjs.cloudflare.com https://pixel.sitescout.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://adservice.google.com 'unsafe-inline'; connect-src 'self' https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://adservice.google.com https://maps.googleapis.com; frame-src https://form.asana.com  https://intranet.anbank.com https://app.acuityscheduling.com https://vimeo.com https://videos.sproutvideo.com https://td.doubleclick.net https://player.vimeo.com https://pixel.sitescout.com https://maps.googleapis.com https://www.googletagmanager.com https://filter.techloq.com https://tpc.googlesyndication.com https://www.google.com https://anbank.na2.echosign.com https://www.canva.com https://www.youtube.com; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * data: 'unsafe-inline'; img-src * data:; media-src * data:; font-src * data:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1388a512063760fff04504543f514f27&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=CSP 1
frame-ancestors 'self' *.rcashasp1.com *.heatingandcooling.com *.yardimarketplace.com; report-uri https://gemaire.report-uri.com/r/t/csp/enforce 1
default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.cloudflare.com cdn.segment.com cdn.ampproject.org ajax.cloudflare.com static.cloudflareinsights.com boards.greenhouse.io *.algolia.net *.algolianet.com buttons.github.io yastatic.net www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net bam.nr-data.net js-agent.newrelic.com discover.clickhouse.com munchkin.marketo.net player.vimeo.com connect.facebook.net cdn-prod.securiti.ai cookie-cdn.cookiepro.com www.youtube.com https://js.driftt.com https://widget.drift.com https://snap.licdn.com https://tag.clearbitscripts.com https://x.clearbitjs.com https://app.clearbit.io https://cdn-prod.securiti.ai marketo.clearbit.com;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com discover.clickhouse.com https://cdn-prod.securiti.ai;img-src * 'self' data: https:;object-src 'self' blog-images.clickhouse.com;connect-src 'self' https://boards-api.greenhouse.io/ https://apim.workato.com/ https://api.segment.io/v1/ https://api.segment.io/ https://cdn.segment.com/v1/projects/dZuEnmCPmWqDuSEzCvLUSBBRt8Xrh2el/settings https://cdn.segment.com/v1/projects/pYKX60InlEzX6aI1NeyVhSF3pAIRj4Xo/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* http://clickhouse.com *.google-analytics.com api.github.com cdn.ampproject.org *.algolia.net *.algolianet.com *.ingest.sentry.io hn.algolia.com www.reddit.com bam.nr-data.net *.mktoresp.com yoast.com cdn.segment.com api.vimeo.com cdn-prod.securiti.ai app.securiti.ai cookie-cdn.cookiepro.com geolocation.onetrust.com privacyportal.cookiepro.com *.clickhouse.com https://cdn.plyr.io https://noembed.com https://cdn.linkedin.oribi.io https://app.clearbit.io https://app.clearbit.com https://clickhouse.cloud/api/galaxy https://cdn.growthbook.io/;frame-src 'self' blob: https://www.youtube-nocookie.com www.youtube.com player.vimeo.com blog-images.clickhouse.com boards.greenhouse.io discover.clickhouse.com webto.salesforce.com bid.g.doubleclick.net app.hex.tech *.clickhouse.com https://js.driftt.com https://widget.drift.com;font-src 'self' fonts.gstatic.com data:;form-action 'self' webto.salesforce.com;frame-ancestors 'self' https://*.clickhouse.com;prefetch-src 'self'; 1
default-src 'none'; connect-src 'self' https://bebrussels.matomo.cloud https://*.ingest.sentry.io; manifest-src 'self'; script-src 'self' 'unsafe-inline' http: https: 'nonce-M2E2NDFhZGItMjc0Yi00NmEyLWFmYjctNTQ5ZTIwMmE2Nzdl' 'strict-dynamic'; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data:; font-src 'self' https://fonts.gstatic.com; object-src 'none'; media-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; frame-src https://www.google.com; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-bHx4vyKceh9mSYK6Vrkrew==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'none' ; script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'unsafe-inline'; img-src * data:; object-src 'none'; base-uri 'none'; frame-ancestors *.comedia.it 'self'; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://use.fontawesome.com 'unsafe-inline'; font-src * data:; connect-src * https:; manifest-src 'self'; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.recaptcha.net *.licdn.com connect.facebook.net lptag.liveperson.net tags.tiqcdn.com www.googletagmanager.com www.google-analytics.com www.googleadservices.com ssl.google-analytics.com googleads.g.doubleclick.net cdn.optimizely.com cdn.appdynamics.com *.v.liveperson.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com; img-src data: * android-webview-video-poster: android-webview:; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.co.uk adservice.google.com *.qualtrics.com *.boltdns.net *.brightcovecdn.com *.brightcove.com ad.doubleclick.net www.facebook.com www.google.com www.googletagmanager.com *.googleapis.com analytics.google.com *.doubleclick.net www.google-analytics.com www.google.com.vn *.dbankcloud.com www.google.com.hk *.baidu.com http://127.0.0.1:5000 http://127.0.0.1:5000/* rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk cdn.linkedin.oribi.io *.siteintercept.qualtrics.com cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net sts-aad.auth.hsbc.com *.zscloud.net gateway.zscalerthree.net gateway.zscaler.net 8783714.fls.doubleclick.net connect.facebook.net analytics.tiktok.com; frame-ancestors 'self' www.hsbc.com.vn; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com *.jsdelivr.net fonts.googleapis.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com *.prod.boltdns.net ssl.gstatic.com lpcdn.lpsnmedia.net; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report; 1
frame-ancestors www.telekom.de digitizer.app geschaeftskunden.telekom.de cloud.telekom.de public.telekom.de 1
frame-ancestors https://*.kbase.us; 1
default-src https:; base-uri 'self'; connect-src 'self' https: wss://*; script-src 'unsafe-eval' 'unsafe-inline' https: *.typekit.net cookies.praguebest.cz; style-src 'self' 'unsafe-inline' *.googleapis.com *.typekit.net cookies.praguebest.cz; font-src 'self' data:;object-src 'none'; report-uri https://praguebest.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' ; img-src 'self' data: https:; 1
frame-ancestors *.skad.ru skad.ru metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr *.webvisor.com webvisor.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.paypalobjects.com https://tvwh62.grueneerde.com app.usercentrics.eu *.publitas.com https://s2.adform.net https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net https://scripts.publitas.com; img-src 'self' *.usercentrics.eu https://tvwh62.grueneerde.com https://track.adform.net https://googleads.g.doubleclick.net https://www.google.com https://google.com 'nonce-fbfe4982-9a0a-4baf-9071-b6ae112fd315' data:; connect-src 'self' https://tvwh62.grueneerde.com https://track.adform.net *.usercentrics.eu; font-src 'self' data: https://fonts.gstatic.com www.grueneerde.com; object-src 'self'; manifest-src 'self'; media-src 'self' https://presse.grueneerde.com https://karriere.grueneerde.com; frame-ancestors 'self'; base-uri 'none'; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com shopberatung.grueneerde.com http://www.grueneerdeapps.com https://media.grueneerde.com https://beteiligungsmodell.grueneerde.com https://www.sandbox.paypal.com https://www.paypal.com https://meet.jit.si https://my.matterport.com https://vimeo.com app.usercentrics.eu https://tvwh62.grueneerde.com https://track.adform.net https://*.gpwebpay.com https://view.publitas.com https://bid.g.doubleclick.net; form-action 'self' 'unsafe-inline' https://www.sandbox.paypal.com https://www.paypal.com; block-all-mixed-content; 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://prime-psf.2b-advice.com https://2badvice-cdn.azureedge.net https://maps.google.com https://d1c1fyrod5p5bz.cloudfront.net https://www.google-analytics.com https://heatmaps.monsido.com https://d44wixjfbtz1l.cloudfront.net https://www.googletagmanager.com https://app-script.monsido.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://d2o7emhzwey5ns.cloudfront.net https://2badvicecdn.azureedge.net; object-src 'self' 1
base-uri 'self'; default-src 'self'; script-src 'nonce-fiXfrY+SToS2TV8AyuWplw=='  'unsafe-eval' 'strict-dynamic'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; 1
frame-ancestors 'self' https://cms.lko.at ; 1
upgrade-insecure-requests;block-all-mixed-content;  script-src 'self' google.com www.google.com www.gstatic.com ajax.aspnetcdn.com cdn.moengage.com cdnjs.cloudflare.com kit.fontawesome.com maps.googleapis.com connect.facebook.net edge.fullstory.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.g.doubleclick.net; script-src-elem 'self' 'unsafe-inline' google.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.g.doubleclick.net bat.bing.com cdn.lr-in.com cdnjs.cloudflare.com connect.facebook.net kit.fontawesome.com edge.fullstory.com www.google-analytics.com cdn.moengage.com app-cdn.moengage.com ajax.aspnetcdn.com maps.googleapis.com www.google.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' google.com fonts.googleapis.com app-cdn.moengage.com cdnjs.cloudflare.com; style-src-attr 'unsafe-inline'; img-src 'self' data: app-cdn.moengage.com bat.bing.com www.facebook.com www.gstatic.com pixel.locker2.com images.ctfassets.net maps.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net google.com *.google.com *.analytics.google.com stats.g.doubleclick.net image.moengage.com www.google.co.in www.google.com.au www.google.com.mx www.google.sc fonts.gstatic.com streetviewpixels-pa.googleapis.com translate.google.com api.fillr.com www.google.co.id www.google.com.br; font-src 'self' data: app-cdn.moengage.com fonts.gstatic.com ka-p.fontawesome.com; connect-src 'self' app-cdn.moengage.com edge.fullstory.com ka-p.fontawesome.com kit.fontawesome.com sdk-01.moengage.com *.google-analytics.com *.analytics.google.com *.googleadservices.com *.g.doubleclick.net *.googletagmanager.com *.google.com google.com analytics.google.com rs.fullstory.com bat.bing.com maps.googleapis.com dashboard-01.moengage.com properties www.facebook.com translate.googleapis.com; frame-src 'self' cdn.moengage.com td.doubleclick.net *.g.doubleclick.net google.com www.google.com; worker-src blob:; frame-ancestors 'self'; 1
script-src         	'self'         	blob:         	https://www.google.com/recaptcha/         	https://www.gstatic.com/recaptcha/         	maps.googleapis.com         	www.googleadservices.com         	googleads.g.doubleclick.net         	srv2.wa.marketingsolutions.yahoo.com         	*.googletagmanager.com         	ssl.google-analytics.com         	www.google-analytics.com         	dash.unbeatable.com         	none 		; 		object-src 			'self' 		; 		child-src 			'self' 			blob: 			none 		; 		frame-src 			'self' 			blob: 			*.youtube.com 			*.youtube-nocookie.com 			*.vimeo.com 			https://www.google.com/recaptcha/ 			*.thegenealogist.co.uk 			none 		; 		connect-src 			'self' 			*.thegenealogist.co.uk 			*.thegenealogist.com 			*.google-analytics.com 			*.analytics.google.com 			*.googletagmanager.com 			https://stats.g.doubleclick.net 			https://sentry.io 			https://*.sentry.io 			https://api.maptiler.com/tiles/ 			https://atlas.microsoft.com/map/ 			https://maps.googleapis.com 			none 		; 1
frame-ancestors 'self' *.techdata.com *.techdata.ca *.cstenet.com *.techdata.eu *.tdebusiness.cloud; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data:  *.truste.com *.trustarc.com *.modernizr.com *.vimeo.com *.hscollectedforms.net *.hsadspixel.net *.akamaihd.net cdnjs.cloudflare.com *.chromogenix.com code.jquery.com maps.googleapis.com *.jquery.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net cdn.datatables.net momentjs.com *.allibo.com js.hs-scripts.com consent.trustarc.com *.trustarc.com *.hs-scripts.com *.hsforms.com *.hsforms.net *.hs-banner.com *.hs-analytics.net track.hubspot.com *.izasamedical.es *.jsdelivr.net code.highcharts.com forms.hsforms.com *.licdn.com *.unpkg.com unpkg.com werfen.aistechnology.es js-eu1.hubspot.com *.hubspot.com *.hs-banner.com *.hsforms.com google.com *.hs-sites-eu1.com; worker-src 'self' 'unsafe-inline' blob: data:  *.werfen.com; style-src 'self' 'unsafe-inline' data:  *.truste.com *.trustarc.com *.jsdelivr.net cdn.datatables.net cdnjs.cloudflare.com *.akamaihd.net *.chromogenix.com code.jquery.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.izasascientific.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.izasamedical.es *.aistechnology.es *.hsforms.com; img-src 'self' data: blob:  *.truste.com *.trustarc.com *.linkedin.com cdn.datatables.net *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.allibo.com *.trustarc.com track.hubspot.com cdnjs.cloudflare.com forms.hsforms.com *.aistechnology.es track-eu1.hubspot.com forms-eu1.hsforms.com *.hubspot.com  *.hs-banner.com  *.hsforms.com  *.google.com  *.hs-sites-eu1.com ; font-src 'self' data:  *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.typekit.com *.googleapis.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.hsforms.com; object-src 'self' data:  *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.hsforms.com; default-src 'self' data:  *.truste.com *.trustarc.com *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.izasamedical.es *.hsforms.com; connect-src 'self' data:  api.hubapi.com *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.izasamedical.es forms.hsforms.com forms.hubspot.com *.articulate.com wowza.aistechnology.es *.oribi.io forms-eu1.hscollectedforms.net *.hubspot.com *.hs-banner.com *.hsforms.com google.com *.hs-sites-eu1.com; child-src 'self' data:  *.vimeo.com *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.youtube.com forms.hsforms.com bcove.video werfen.aistechnology.es *.embedly.com *.hs-sites-eu1.com werfen.sharepoint.com; form-action 'self' data:  *.truste.com *.trustarc.com *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com ilservices.ilww.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com *.izasamedical.es *.izasascientific.com forms.hsforms.com forms.hubspot.com *.hsforms.com; media-src 'self' blob: data:  *.akamaihd.net *.chromogenix.com *.bootstrapcdn.com *.googleapis.com *.typekit.com *.gstatic.com *.typekit.net *.werfen.com *.icims.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.mapbox.com *.openstreetmap.org *.brightcove.net *.brightcove.com *.zencdn.net *.google.com *.google.es *.boltdns.net *.trustarc.com wowza.aistechnology.es; frame-src 'self' blob: data:  *.hsforms.com *.google.com players.brightcove.net *.werfen.com *.trustarc.com bcove.video; frame-ancestors 'self' blob: data:  *.werfen.com report-to browser; 1
frame-ancestors 'self' https://*.abp.io; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* widget.trustpilot.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.treasuredata.com *.google.com *.gstatic.com js.adsrvr.org cdnjs.cloudflare.com *.resonate.com js.monitor.azure.com *.diageohorizon.com *.diageoplatform.com *.diageoagegate.com *.anyroad.com *.googletagmanager.com *.youtube.com *.vimeo.com vimeo.com *.google-analytics.com *.cloudfunctions.net *.shortlyst.com *.juicer.io assets.juicer.io *.mapbox.com *.shortlyst.com *.onetrust.com *.google-analytics.com stats.g.doubleclick.net *.fontawesome.com; style-src 'self' 'unsafe-inline' *.fonts.net *.bootstrapcdn.com *.diageohorizon.com *.myfonts.net *.fontawesome.com *.googleapis.com *.mapbox.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.google.com *.diageohorizon.com dc.services.visualstudio.com *.mapbox.com *.onetrust.com *.doubleclick.net *.google-analytics.com *.juicer.io; font-src 'self' data: *.gstatic.com *.bootstrapcdn.com *.fontawesome.com; frame-src 'self' *.google.com *.youtube.com *.vimeo.com vimeo.com *.adsrvr.org *.anyroad.com where-to-buy.co *.doubleclick.net *.vtinfo.com; img-src 'self' *.diageoagegate.com *.diageoplatform.com *.drinkiq.com *.onetrust.com *.googletagmanager.com *.doubleclick.net *.juicer.io *.mapbox.com *.google-analytics.com *.cloudfunctions.net data: blob:; manifest-src 'self'; media-src 'self'; worker-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' consent.trustarc.com consent.truste.com https://palig.planfamiliaprotegida.com https://tagmanager.google.com https://*.googletagmanager.com https://analytics.twitter.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net static.ads-twitter.com app.icontact.com www.google.com www.gstatic.com maps.google.com widget.surveymonkey.com *.googleapis.com youtube.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com fonts.googleapis.com app.icontact.com tagmanager.google.com; img-src 'self' data: *.trustarc.com https://analytics.twitter.com *.smassets.net *.mzstatic.com https://pbs.twimg.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://www.facebook.com maps.gstatic.com *.googleapis.com t.co https://i.ytimg.com *.fbcdn.net stats.g.doubleclick.net www.google.com app.icontact.com maps.google.com *.gstatic.com secure.surveymonkey.com; font-src 'self' consent.trustarc.com fonts.gstatic.com; media-src 'self' *.fbcdn.net https://video.twimg.com; frame-src 'self' itmss: *.trustarc.com https://*.salesforce-sites.com https://www.youtube-nocookie.com www.youtube.com www.google.com https://connect.facebook.net https://www5.recruitingcenter.net https://www.facebook.com *.surveymonkey.com castbox.fm embed.podcasts.apple.com; form-action 'self' https://*.salesforce.com https://app.icontact.com https://connect.facebook.net https://www.facebook.com/tr/; connect-src 'self'  https://*.facebook.com https://maps.googleapis.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com stats.g.doubleclick.net; 1
default-src 'self' *.matomo.cloud; style-src 'self' 'unsafe-inline'; script-src 'self' *.jobbase.io *.onlyfy.jobs *.23degrees.io *.23degrees.eu *.matomo.cloud twitter.com *.twitter.com youtube.com *.youtube.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.apg.at *.placeholder.com twitter.com *.twitter.com data:; font-src 'self' data:; frame-src 'self'  *.spotify.com *.office365.com *.learnconsult.com youtube.com *.youtube.com youtube-nocookie.com *.youtube-nocookie.com linkedin.com *.linkedin.com twitter.com *.twitter.com 23degrees.io *.23degrees.io 23degrees.eu *.23degrees.eu prescreen.io *.prescreen.io apg.at *.apg.at *.jobbase.io *.onlyfy.jobs 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.multicert.com https://multicert.com https://cloud4.go-contact.com:3001 https://cloud4.go-contact.com:3002 https://cloud4.go-contact.com:50002 https://www.google-analytics.com https://www.googletagmanager.com;   script-src 'self' 'unsafe-inline' 'unsafe-eval' https://egoi.site/380489_multicert.com.js https://egoi.site https://*.e-goi.com https://edw-1.egoiapp.com https://marketing.egoi.page https://cdn.egoi.page https://www.multicert.com https://multicert.com https://*.byside.com *.autenticacao.gov.pt www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com stats.g.doubleclick.net https://*.hotjar.com;   style-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.multicert.com https://multicert.com *.autenticacao.gov.pt fonts.googleapis.com https://*.hotjar.com https://*.byside.com;   connect-src 'self' https://www.multicert.com https://multicert.com blob: https://multicert.com https://www.multicert.com https://cloud4.go-contact.com:3001 https://cloud4.go-contact.com:3002 https://cloud4.go-contact.com:50002 https://*.byside.com www.google-analytics.com region1.analytics.google.com *.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com wss://*.byside.com;   img-src 'self' https: data: blob: https://*.hotjar.com ;   font-src 'self' https://*.byside.com fonts.gstatic.com https://script.hotjar.com data:;   object-src 'self';   base-uri 'self';   form-action 'self' https://multicert.com https://tsa.multicert.com https://mtrust.pt;   frame-src 'self' 'unsafe-inline' https://marketing.egoi.page https://cdn.egoi.page https://www.multicert.com https://multicert.com youtube.com www.youtube.com  www.google.com www.gstatic.com;   frame-ancestors 'self' https://www.multicert.com https://multicert.com;   report-uri https://www.multicert.com/report-uri/csp-violation;   report-to default; 1
frame-ancestors 'self' *.1hotels.com 1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.de *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://js.hcaptcha.com/ https://maps.googleapis.com https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: unpkg.com; connect-src 'self' *.openbank.de *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.de px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com www.facebook.com; media-src 'self' *.openbank.com *.youtube.com; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com blob: https://newassets.hcaptcha.com *.doubleclick.net ;frame-ancestors 'self' https://openbank.campaign.adobe.com; 1
default-src 'self';           img-src 'self' data: https://s7d9.scene7.com/ https://dev-aem-ledcor.ledcor.com/ https://stage-aem-ledcor.ledcor.com/ https://dev.day.com/ https://ledcorprod.112.2o7.net/ https://ledcorstage.112.2o7.net/ https://ledcordev.112.2o7.net/ 'unsafe-inline';           script-src 'self' https://documentservices.adobe.com/ https://acrobatservices.adobe.com/ https://assets.adobedtm.com/ https://s7d9.scene7.com/ https://www.googletagmanager.com/ https://dev-aem-ledcor.ledcor.com/ https://stage-aem-ledcor.ledcor.com/ https://dev.day.com/ https://ledcorprod.112.2o7.net/ 'unsafe-inline' 'unsafe-eval' blob:;           style-src 'self' https://fast.fonts.net https://s7d9.scene7.com/ 'unsafe-inline';           connect-src 'self' https://ledcorinc.tt.omtrdc.net/ https://viewlicense.adobe.io/ https://s7d9.scene7.com/ https://www.google-analytics.com https://s7mbrstream.scene7.com/ 'unsafe-inline' 'unsafe-eval';           frame-src 'self' https://documentservices.adobe.com/ https://acrobatservices.adobe.com/ https://www.youtube.com/ https://forms.ledcor.com/ https://formstest.stage-aem-ledcor.ledcor.com/;           media-src 'self' https://s7d9.scene7.com/ https://dev-aem-ledcor.ledcor.com/ 'unsafe-inline' 'unsafe-eval' blob:; 1
script-src 'self' https://vimeo.com https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com 'unsafe-inline' 'unsafe-eval' 1
object-src 'none'; form-action 'self' https://cl.s4.exct.net/subscribe.aspx https://www.facebook.com/tr/; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.onesignal.com   https://onesignal.com https://www.google.com https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.civiccomputing.com https://*.youtube.com https://*.azure.com https://*.google.com https://*.gstatic.com https://*.hackerone.com https://hackerone.com 'unsafe-eval' blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.licdn.com https://*.hackerone.com https://hackerone.com; style-src 'self' 'unsafe-inline' https://*.typekit.net; frame-src 'self' https://*.youtube.com https://*.google.com https://*.hackerone.com https://hackerone.com; connect-src 'self' https://*.civiccomputing.com https://*.visualstudio.com https://*.umbraco.com https://*.analytics.google.com https://*.doubleclick.net https://*.oribi.io https://*.google-analytics.com; font-src 'self' 'unsafe-inline' data: https://*.typekit.net; img-src 'self' https://*.gravatar.com https://*.umbraco.com data: https://*.vimeocdn.com https://*.google.co.uk https://*.linkedin.com https://*.google-analytics.com 1
default-src 'self';               frame-src 'self' www.google.com www.youtube.com live.brame-gamification.com *.paypal.com www.facebook.com weatherwidget.io tpc.googlesyndication.com td.doubleclick.net;              media-src 'self';               img-src 'self' data: maps.gstatic.com sp.analytics.yahoo.com maps.googleapis.com *.paypal.com uip.semasio.net www.google.com www.facebook.com www.google.gr bold.adman.gr cdn.cookielaw.org www.googletagmanager.com www.google.nl ads.travelaudience.com sherlock.adman.gr ad.doubleclick.net googleads.g.doubleclick.net adservice.google.com tr.outbrain.com cm.g.doubleclick.net ad.yieldlab.net pixel.rubiconproject.com image2.pubmatic.com ice.360yield.com ih.adscale.de ib.adnxs.com ads.betweendigital.com p1.zemanta.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.paypalobjects.com *.braintreegateway.com sp.analytics.yahoo.com connect.facebook.net s.yimg.com maps.googleapis.com www.googletagmanager.com www.google.com www.youtube.com www.gstatic.com cdn.cookielaw.org weatherwidget.io ads.travelaudience.com www.googleadservices.com theferries.com tpc.googlesyndication.com tr.outbrain.com amplify.outbrain.com wave.outbrain.com js-tag.zemanta.com;               connect-src 'self' maps.googleapis.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.braintree-api.com cdn.cookielaw.org *.analytics.google.com stats.g.doubleclick.net s.yimg.com privacyportal-eu.onetrust.com geolocation.onetrust.com adservice.google.com www.google.com www.google.gr tr.outbrain.com;              style-src 'self' 'unsafe-inline' fonts.googleapis.com;              font-src 'self' fonts.gstatic.com;       object-src 'none' 1
frame-ancestors 'self' https://urednideska.sfzp.cz 1
default-src 'self' 'unsafe-eval' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://www.facebook.com https://www.google.com/  https://www.youtube-nocookie.com/ http://www.un.org/  https://player.vimeo.com/ https://i.vimeocdn.com/  https://open.spotify.com/ https://jobsapi.ceipal.com/ https://www.clarity.ms/ https://analytics.google.com/ https://cdnjs.cloudflare.com/ https://serve.nrich.ai/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net  https://comvivasocial.com/ https://platform.twitter.com https://www.googletagmanager.com http://platform.twitter.com/ https://ajax.googleapis.com/  https://s0.wp.com/ https://stats.wp.com/ https://s1.wp.com/ https://tracker.factoreal.com/  https://open.spotify.com/ https://jobsapi.ceipal.com/ https://cdnjs.cloudflare.com/ https://serve.nrich.ai https://tag.nrich.ai https://audience.nrich.ai https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://www.clarity.ms https://adservice.google.com https://p.clarity.ms https://js.hsadspixel.net/fb.js https://js.hsforms.net/forms/embed/v2.js https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js; style-src 'self' 'unsafe-inline' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net http://fonts.googleapis.com https://open.spotify.com/ https://cdnjs.cloudflare.com/  https://cdn.jsdelivr.net/; img-src 'self' 'unsafe-inline' data: https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://px.ads.linkedin.com https://t.co https://www.google.co.in https://stats.g.doubleclick.net https://p.adsymptotic.com https://www.facebook.com https://www.google.com/ http://t.co https://ps.w.org/ *.gravatar.com https://s.w.org/ https://i.ytimg.com http://img.youtube.com https://img.youtube.com https://cdn1.iconfinder.com https://pixel.wp.com/ https://majorelevents.in/ https://www.comviva.com/ https://i.vimeocdn.com/ https://open.spotify.com/ https://tag.nrich.ai https://audience.nrich.ai https://track.hubspot.com https://forms.hsforms.com https://www.googletagmanager.com https://c.clarity.ms https://c.bing.com https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1; connect-src 'self' 'unsafe-inline' https://analytics.twitter.com https://code.jquery.com https://connect.facebook.net https://googleads.g.doubleclick.net https://snap.licdn.com https://static.ads-twitter.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.mahindracomviva.com https://www.youtube.com https://fonts.gstatic.com https://static.doubleclick.net https://www.facebook.com https://www.google.com/ https://stats.g.doubleclick.net https://developer.hirexp.com/ https://majorelevents.in/ https://app.factoreal.com/ https://requestint.comviva.com:81/ https://request.comviva.com/ https://open.spotify.com/ https://jobsapi.ceipal.com/ https://pagead2.googlesyndication.com https://q.clarity.ms https://forms.hscollectedforms.net https://analytics.google.com https://api.ceipal.com https://p.clarity.ms https://cdn.linkedin.oribi.io https://k.clarity.ms/collect  https://px.ads.linkedin.com/wa/ https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://x.clarity.ms/collect https://forms.hsforms.com/emailcheck/v1/json-ext?hs_static_app=forms-embed&hs_static_app_version=1.4638&X-HubSpot-Static-App-Info=forms-embed-1.4638&portalId=40756424&formId=a7ef1552-f4ee-4204-9f3e-796fbf453eea&includeFreemailSuggestions=true https://w.clarity.ms/collect https://socxo-in-wa-traffic.azurewebsites.net/enterprise/track https://z.clarity.ms/collect https://d.clarity.ms/collect; font-src 'self' data: http://fonts.gstatic.com https://cdn.jsdelivr.net; report-uri https://www.comviva.com; frame-src 'self' https://td.doubleclick.net https://www.google.com https://www.facebook.com https://bid.g.doubleclick.net https://jobsapi.ceipal.com https://www.youtube.com https://open.spotify.com https://www.youtube-nocookie.com/ https://forms.hsforms.com/; upgrade-insecure-requests 1
base-uri 'self'; default-src 'none'; child-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net; connect-src 'self' https://*.google-analytics.com https://sentry.io https://*.ingest.sentry.io https://*.vimeocdn.com/ https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' https://*.hotjar.com data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://staticcdn.co.nz https://*.vimeo.com/ https://*.powerbi.com/ https://powerbi.com/; img-src 'self' https://*.google-analytics.com https://shielded.co.nz https://staticcdn.co.nz https://*.vimeo.com/ https://*.vimeocdn.com/ https://*.googletagmanager.com https://*.hotjar.com blob: data:; media-src https://*.vimeocdn.com/; object-src 'self' blob:; manifest-src 'self'; script-src 'self' https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://googleads.g.doubleclick.net https://*.gstatic.com https://static.doubleclick.net https://polyfill.io https://staticcdn.co.nz/ https://browser.sentry-cdn.com https://*.vimeocdn.com/ https://*.hotjar.com https://unsafe-inline unsafe-inline 'unsafe-inline'; style-src 'self' https://hello.myfonts.net https://*.vimeocdn.com/ https://*.hotjar.com https://unsafe-inline unsafe-inline 'unsafe-inline'; report-uri https://o115950.ingest.sentry.io/api/6521288/security/?sentry_key=a79b5568564347a2937890e4932796e3&sentry_environment=live; upgrade-insecure-requests 1
default-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' data:; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; font-src https: data:; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.boafoda.webcam:9080 www.boafoda.webcam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.boafoda.webcam wss://www.boafoda.webcam *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715654127 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adnxs.com *.chimpstatic.com visitjersey.email *.cloudfont.net *.googletagmanager.com blob: *.google-analytics.com https: data:;style-src 'self' 'unsafe-inline'  https: data:;connect-src 'self' *.google-analytics.com *.analytics.google.com *.doubleclick.net *.teads.tv *.crowdriff.com *.plyr.io sojpublicdata.blob.core.windows.net *.mapbox.com *.algolia.net *.algolianet.com *.tripadvisor.com *.vimeo.com *.akamaized.net *.trackedweb.net *.bugsnag.com *.cookiescan.com *.googlesyndication.com noembed.com *.facebook.com *.google.com *.clarity.ms *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.linkedin.oribi.io *.linkedin.com data:;font-src 'self' static.tacdn.com *.gstatic.com data:;img-src 'self' cdn.jersey.com *.google-analytics.com *.analytics.google.com *.cookiescan.com *.facebook.com *.linkedin.com t.co *.doubleclick.net *.google.je *.google.com *.google.co.uk *.netdna-ssl.com *.gravatar.com *.adsymptotic.com *.adnxs.com *.yahoo.com *.teads.tv *.googleadservices.com static.tacdn.com *.vimeocdn.com *.clarity.ms *.bing.com *.cloudfront.net *.magicseaweed.com *.ytimg.com *.google.nl blob: *.youtube.com *.adsrvr.org *.sojern.com *.amazonaws.com *.tripadvisor.co.uk *.cookiebot.com *.googletagmanager.com *.gstatic.com *.facebook.net manychat.com *.adform.net data:;frame-src 'self' *.vimeo.com vimeo.com *.youtube.com *.flipsnack.com *.google.com *.instagram.com *.facebook.com *.hdontap.com visitjersey.email *.crowdriff.com magicseaweed.com *.cookiebot.com *.snapsea.io *.ipcamlive.com *.doubleclick.net ;form-action 'self' *.facebook.com ;object-src 'none' ;frame-ancestors 'self' *.jersey.com visitjersey.email ;base-uri 'none' ; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-R2iWxGFug7IYLqkvCSZgUimbn/ZLGEC9KFvXnJaD7euzetRd' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://comments.thisisjoes.site/css/commento.css; script-src 'self' https://comments.thisisjoes.site/js/commento.js 'sha256-vMtQcJSuYQ9vT466zoX9Jupbj7RcyYiQ49QFIyjwmFA=' 'sha256-Xqn5+sETPwe3gkjknJH61D20vHkP4QWttDf4ppiRDxc=' 'sha256-H3zuUnLxIYuJLxlUpvSECaCePKffs/QrvqhNnXu1yP4=' 'sha256-LAIiWf46wQ8g5qSN3CJQfxCYqZN1+SZTHE+mpdj5rBA=' 'sha256-QZY6iMxnzNLtdAAih0Wu2+xasm0SalrRVMRwpNW7S2w=' 'sha256-MBt7klmn7CZ9KPeqIX3OmaQpWWN79t9ISa81yI92CC0=' 'sha256-pdinlOpCK7otJrhTwb41mIUmk+S2J1tgtjYn6zwAIQA='; frame-src 'self' https://*.thisisjoes.site;frame-ancestors 'self' https://*.thisisjoes.site https://scalar.vector.im; media-src blob: https://*.thisisjoes.site; object-src 'none'; base-uri 'self'; worker-src 'self' blob:;img-src 'self' data: https://*.thisisjoes.site; connect-src 'self' https://*.thisisjoes.site wss://comments.thisisjoes.site; font-src 'self' https://comments.thisisjoes.site; 1
default-src 'self'; connect-src 'self' *.readspeaker.com *.google-analytics.com stats.g.doubleclick.net *.googleapis.com; font-src 'self' *.gstatic.com data: cdn.jsdelivr.net; frame-src 'self' *.google.com menafn.com *.youtube-nocookie.com *.true-markets.net *.youtube.com; img-src 'self' data: *.google-analytics.com *.readspeaker.com *.gstatic.com *.google.com *.googleapis.com i.ytimg.com *.google.jo *.facebook.com; manifest-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.readspeaker.com *.jsdelivr.net *.facebook.net *.youtube.com ; style-src 'self' 'unsafe-inline' *.googleapis.com *.readspeaker.com *.jsdelivr.net ; media-src 'self'; form-action 'self'  *.com/search/; worker-src 'self'; child-src 'self'; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src *; img-src * data:; style-src 'self' 'unsafe-inline' assetscdn.stackla.com vjs.zencdn.net fonts.googleapis.com; font-src 'self' 'unsafe-inline' fonts.gstatic.com assetscdn.stackla.com data:; child-src 'self' *.stylelabs.cloud;  connect-src 'self' *; media-src *.stylelabs.cloud; block-all-mixed-content; 1
frame-ancestors https://*.storyblok.com https://*.complex.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-p8tVKwxb4OQpEQP6Ybsb53g5M' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' *.mercyone.org *.authorize.net; 1
child-src www.google.com; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.krystal.io *.adroll.com *.facebook.net *.redditstatic.com *.googletagmanager.com *.cookiepro.com; 1
default-src 'self' about: ; base-uri 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.openlayers.org openlayers.org *.openstreetmap.org *.podigee.com player.podigee-cdn.net fonts.googleapis.com googletagmanager.com tagmanager.google.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.delivery.consentmanager.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.etracker.com *.etracker.com *.etracker.de *.googletagmanager.com tagmanager.google.com *.googleapis.com *.google.com *.gstatic.com *.openlayers.org openlayers.org *.pixelpark.com *.openstreetmap.org *.inqa.de *.google-analytics.com *.podigee.com player.podigee-cdn.net consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org *.consentmanager.net *.consentmanager.net *.delivery.consentmanager.net about: ; object-src 'self'; font-src 'self' data: *.podigee.com player.podigee-cdn.net fonts.gstatic.com; media-src 'self' *.inqa.de streaming.bmas.de; img-src 'self' data: test-web01-inqa-de-info.pixelpark.net *.inqa.de ssl.gstatic.com *.google.com *.googletagmanager.com *.gstatic.com *.openlayers.org openlayers.org *.openstreetmap.org *.pixelpark.com *.inqa.de *.google-analytics.com consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org api.maptiler.com *.consentmanager.net about: ; frame-ancestors 'self' *.etracker.com; frame-src cdn.consentmanager.mgr.consensu.org *.streamlock.net *.google.com *.gstatic.com *.pixelpark.com player.podigee-cdn.net *.podigee.com *.youtube-nocookie.com *.youtube.com consentmanager.mgr.consensu.org cdn.consentmanager.mgr.consensu.org *.consentmanager.net *.delivery.consentmanager.net; form-action 'self'; connect-src 'self' test-web01-inqa-de-info.pixelpark.net *.inqa.de https://api.maptiler.com static.etracker.com *.etracker.com *.etracker.de *.google-analytics.com *.googletagmanager.com; report-uri /site/servlet/csp-report; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.besse.fr https://*.garagesconseils.fr http://*.cnamt.fr ; 1
frame-ancestors https://resources.accusoft.com https://staging.accusoft.usdphosting.com 'self' 1
default-src 'self'; child-src 'self' https://*.googlesyndication.com https://player.vimeo.com https://www.youtube.com https://sibautomation.com https://*.hotjar.com https://*.sibforms.com/ https://tr.snapchat.com https://rxfrance.outgrow.us https://*.safeframe.usercontent.goog https://*.g.doubleclick.net https://platform.twitter.com https://www.vip-studio360.fr https://www.facebook.com https://*.abtasty.com https://*.googleadservices.com https://*.criteo.com https://*.brevo.com/ https://*.google.com https://player.ausha.co/; connect-src 'self' https://cdn.cookielaw.org https://*.googlesyndication.com https://maps.googleapis.com https://tr.snapchat.com https://matomo.reds.rxweb-pre.com https://privacyportal.onetrust.com https://bam.nr-data.net https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.piwik.pro https://*.abtasty.com https://*.ingest.sentry.io https://*.brevo.com https://api-js.mixpanel.com https://*.doubleclick.net https://*.linkedin.com https://*.clarity.ms https://*.criteo.com https://*.bing.com; font-src 'self' https://common-fonts.abtasty.com; frame-src 'self' https://*.googlesyndication.com https://player.vimeo.com https://www.youtube.com https://sibautomation.com https://*.hotjar.com https://*.sibforms.com/ https://tr.snapchat.com https://rxfrance.outgrow.us https://*.safeframe.usercontent.goog https://*.g.doubleclick.net https://platform.twitter.com https://www.vip-studio360.fr https://www.facebook.com https://*.abtasty.com https://*.googleadservices.com https://*.criteo.com https://*.brevo.com/ https://*.google.com https://player.ausha.co/; img-src 'self' 'unsafe-inline' data: https://*.googlesyndication.com https://*.doubleclick.net https://*.openstreetmap.fr https://maps.gstatic.com https://www.google.com https://www.google.fr https://*.linkedin.com https://www.facebook.com https://img.mailinblue.com https://*.s3.eu-west-3.amazonaws.com https://*.google-analytics.com https://cdn.cookielaw.org https://syndication.twitter.com https://*.bing.com https://*.googletagmanager.com https://*.criteo.com https://*.abtasty.com https://static.observatoiredelafranchise.fr/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://adservice.google.fr https://connect.facebook.net https://snap.licdn.com https://sibautomation.com https://sc-static.net https://*.hotjar.com https://*.criteo.com https://*.criteo.net https://www.googletagmanager.com https://*.google-analytics.com https://www.googletagservices.com https://js-agent.newrelic.com https://*.googlesyndication.com https://*.doubleclick.net https://bam.nr-data.net https://maps.googleapis.com https://*.google.com https://platform.twitter.com https://*.googleadservices.com https://*.clarity.ms https://*.piwik.pro https://*.brevo.com https://*.bing.com https://player.ausha.co https://*.abtasty.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' https://*.abtasty.com https://cdn.cookielaw.org 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 'nonce-Kp/spUnqY59YR0aTEnSyTw=='; base-uri 'none'; report-uri https://sentry.io/api/785453/security/?sentry_key=a2dd90458f3c4ca2bb4118777178d99f&sentry_environment=production 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://static.ads-twitter.com https://connect.facebook.net https://analytics.twitter.com http://*.olark.com; connect-src 'self' https://api.mapbox.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net http://*.olark.com; img-src 'self' https://fourwalls.rentler.com https://www.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net www.googletagmanager.com https://www.facebook.com https://t.co data: http://*.olark.com; font-src 'self' fonts.gstatic.com http://*.olark.com; media-src 'self' http://*.olark.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' http://*.olark.com; base-uri 'self'; form-action 'self'; frame-src http://*.olark.com; frame-ancestors 'self' 1
default-src 'self'; script-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu  https://static.lightning.force.com/ https://service.force.com/ https://bicx.secure.force.com https://bi.force.com https://*.salesforceliveagent.com/ https://bicx.my.salesforce.com/ https://bicx.my.salesforce-sites.com/ https://cdn-ukwest.onetrust.com/scripttemplates/     https://cdn-ukwest.onetrust.com/ https://geolocation.onetrust.com/ https://privacyportal-uk.onetrust.com/      https://dl.episerver.net/           https://id.siteimprove.com/           https://my2.siteimprove.com/           https://cdn.siteimprove.net/           https://ajax.googleapis.com/           https://www.youtube-nocookie.com/           https://www.youtube.com/           http://play.google.com/           https://play.google.com/           https://*.vo.msecnd.net/           https://player.vimeo.com/           https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl3m9ZW-/www-widgetapi.js           http://login.edialog24.com/           https://connect.facebook.net/           https://www.googletagmanager.com/           http://www.googleadservices.com/           https://www.google-analytics.com           https://www.google.com/           https://www.google.no/           https://googleads.g.doubleclick.net/           https://stats.g.doubleclick.net/           https://d8ejoa1fys2rk.cloudfront.net/ https://siteimproveanalytics.com/ https://dl.episerver.net/  https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://web-sdk-eu.aptrinsic.com/api/ https://ucv.bynder.com/ https://code.jquery.com/  https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://res.cloudinary.com/gobi-technologies-as/ blob: https://d.la2s-core1.sfdc-yzvdd4.salesforceliveagent.com/ https://bilogin.b2clogin.com/; style-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline'  https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu    https://static.lightning.force.com/                   https://service.force.com/         https://bicx.secure.force.com         https://bi.force.com          https://d.la3-c1cs-cdg.salesforceliveagent.com/           https://d.la1-c1cs-cdg.salesforceliveagent.com/           https://bicx.my.salesforce.com/           https://bicx.my.salesforce-sites.com/                  https://cdn-ukwest.onetrust.com/scripttemplates/           https://dl.episerver.net/           https://id.siteimprove.com/           https://my2.siteimprove.com/           https://cdn.siteimprove.net/           https://ajax.googleapis.com/           https://www.youtube-nocookie.com/           https://www.youtube.com/           http://play.google.com/           https://play.google.com/           https://*.vo.msecnd.net/           https://player.vimeo.com/           https://s.ytimg.com/yts/jsbin/www-widgetapi-vfl3m9ZW-/www-widgetapi.js           http://login.edialog24.com/           https://connect.facebook.net/           https://www.googletagmanager.com/           http://www.googleadservices.com/           https://www.google-analytics.com           https://www.google.com/           https://www.google.no/           https://googleads.g.doubleclick.net/           https://stats.g.doubleclick.net/           https://d8ejoa1fys2rk.cloudfront.net/   https://d.la1-c1cs-fra.salesforceliveagent.com/  https://c.la1-c1-cdg.salesforceliveagent.com/  https://d.la1-c1-cdg.salesforceliveagent.com/   https://d.la3-c1-cdg.salesforceliveagent.com/   https://siteimproveanalytics.com/    https://dl.episerver.net/  https://unpkg.com/@gobistories/ https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://web-sdk-eu.aptrinsic.com/  https://cdn.jsdelivr.net/; object-src 'none'; base-uri 'self'; connect-src 'self'  https://bicx.secure.force.com/ https://static.lightning.force.com/           https://bicx.my.salesforce.com/           https://bicx.my.salesforce-sites.com/           https://id.siteimprove.com/           https://my2.siteimprove.com/           https://cdn-ukwest.onetrust.com/           https://geolocation.onetrust.com/           https://privacyportal-uk.onetrust.com/           https://www.youtube-nocookie.com/           https://www.youtube.com/           http://play.google.com/           https://play.google.com/           https://www.google.com/           https://www.google.no/           https://region1.google-analytics.com/           https://www.google-analytics.com/           https://vimeo.com/           https://player.vimeo.com/           https://dc.services.visualstudio.com/           https://stats.g.doubleclick.net/           https://www.facebook.com/           https://d8ejoa1fys2rk.cloudfront.net/           https://sentry10.bynder.cloud/           https://media.bi.no/           https://jsonplaceholder.typicore.com/ 		https://easycruit.com/   https://api.gobistories.com/  https://media-proxy.gobistories.com/ https://pagead2.googlesyndication.com/ https://esp-eu.aptrinsic.com/rte/v1/configuration/ https://googleads.g.doubleclick.net/  https://easycruit.com/api/ https://www.easycruit.com/ https://web-sdk-eu.aptrinsic.com/ https://esp-eu.aptrinsic.com/ https://res.cloudinary.com/gobi-technologies-as/ https://bilogin.b2clogin.com/; font-src 'self' data: https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net https://www.bi.no https://www.bi.edu https://d8ejoa1fys2rk.cloudfront.net/   https://dl.episerver.net/  https://dhm5hy2vn8l0l.cloudfront.net/graphik/ https://dhm5hy2vn8l0l.cloudfront.net/lato/ https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com/; frame-src 'self' https://bicx--compoc.sandbox.my.site.com/   https://bicx--compoc.sandbox.lightning.force.com/    https://bicx--compoc.sandbox.my.salesforce.com/    https://service.force.com/   https://bicx.secure.force.com    https://bi.force.com           http://play.google.com/           https://www.youtube.com/           https://www.youtube-nocookie.com/           https://5995713.fls.doubleclick.net/           https://my2.siteimprove.com/         https://bi.easycruit.com/     https://www.facebook.com/  https://www.googletagmanager.com/ https://td.doubleclick.net/; img-src 'self' https://www.bi.no/ https://www.bi.edu/  https://app-bino-prod-001.azurewebsites.net/ https://app-bino-prod-001-staging.azurewebsites.net  https://6000471.global.siteimproveanalytics.io/           https://d2csxpduxe849s.cloudfront.net/       https://img.youtube.com/           https://i.ytimg.com/           https://www.facebook.com/           https://www.google-analytics.com/           https://www.google.com/           https://www.google.no/   https://dl.episerver.net/    https://media-proxy.gobistories.com/  https://cdn-ukwest.onetrust.com/ https://www.bynder.com/ https://ad.doubleclick.net/ http://www.w3.org/2000/svg/ https://res.cloudinary.com/gobi-technologies-as/ data:; manifest-src 'self'; media-src 'self' https://media-proxy.gobistories.com/ blob:; report-uri https://631adb1029ad77a9b5a12c7b.endpoint.csper.io/?v=0/; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.youtube.com https://s.ytimg.com https://chart.rsf.ru https://*.yandex.ru https://cdnjs.cloudflare.com https://s7.addthis.com https://*.yandex.net https://yastatic.net https://www.gravatar.com https://csi.gstatic.com/ http://maps.google.com/; 1
connect-src 'self' *.analytics.google.com *.google-analytics.com *.googleadservices.com *.here.com *.hotjar.com *.onetrust.com *.pinterest.com *.sharetobuy.com cdn.cookielaw.org consentag.mgr.consensu.org content.hotjar.io insight.reflow.tv lm.serving-sys.com platform.twitter.com secure-ds.serving-sys.com stats.g.doubleclick.net wss://*.hotjar.com https://www.sharetobuy.com/wp; font-src 'self' *.googleapis.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com data: https://www.sharetobuy.com/wp; frame-src *.crwdcntrl.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.kuula.co *.spec.co *.theviewer.co *.twitter.com *.vimeo.com *.youtube.com andrewhorwitz.com app.immoviewer.com app.lapentor.com app.theviewer.co assets.reflow.tv cgitours.soresi.co.uk consentag.eu consentag.mgr.consensu.org dropbox.com embed360.s3.eu-west-2.amazonaws.com Imagine-Living.vr-360-tour.com kuula.co lm.serving-sys.com MadeSnappy my.matterport.com network-homes.vr-360-tour.com notting-hill-genesis.vr-360-tour.com octavia.vr-360-tour.com orders.captureenhanced.com roundme.com seekbeak.com spec.co/wp/wp-login.php static.addtoany.com tagmanager.google.com theviewer.co tour.giraffe360.com vars.hotjar.com Viewber vimeo.com www.accelevents.com www.dropbox.com www.googletagmanager.com www.icreatevr.com www.instagram.com www.madesnappy.co.uk www.photoplan.co.uk www.reevo360.com www.tidyworkdevelopment.co.uk https://kuula.co/share/collection/ https://my.matterport.com https://octavia-homes.vr-360-tour.com/ https://octavia.vr-360-tour.com https://orders.reevo360.com https://sketchfab.com/models/ https://sovereign-network-homes.vr-360-tour.com/ https://storage.viewit360.co.uk https://tidyworkdevelopment.co.uk/tidyworkdevelopment.co.uk/ https://tours.daviddaniels.co.uk/tour/ https://view.ricohtours.com/ https://vr.photoplan360.com/; child-src *.crwdcntrl.net *.doubleclick.net *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.kuula.co *.spec.co *.theviewer.co *.twitter.com *.vimeo.com *.youtube.com andrewhorwitz.com app.immoviewer.com app.lapentor.com app.theviewer.co assets.reflow.tv cgitours.soresi.co.uk consentag.eu consentag.mgr.consensu.org dropbox.com embed360.s3.eu-west-2.amazonaws.com Imagine-Living.vr-360-tour.com kuula.co lm.serving-sys.com MadeSnappy my.matterport.com network-homes.vr-360-tour.com notting-hill-genesis.vr-360-tour.com octavia.vr-360-tour.com orders.captureenhanced.com roundme.com seekbeak.com spec.co/wp/wp-login.php static.addtoany.com tagmanager.google.com theviewer.co tour.giraffe360.com vars.hotjar.com Viewber vimeo.com www.accelevents.com www.dropbox.com www.googletagmanager.com www.icreatevr.com www.instagram.com www.madesnappy.co.uk www.photoplan.co.uk www.reevo360.com www.tidyworkdevelopment.co.uk https://kuula.co/share/collection/ https://my.matterport.com https://octavia-homes.vr-360-tour.com/ https://octavia.vr-360-tour.com https://orders.reevo360.com https://sketchfab.com/models/ https://sovereign-network-homes.vr-360-tour.com/ https://storage.viewit360.co.uk https://tidyworkdevelopment.co.uk/tidyworkdevelopment.co.uk/ https://tours.daviddaniels.co.uk/tour/ https://view.ricohtours.com/ https://vr.photoplan360.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.addtoany.com *.app-us1.com *.cloudflare.com *.crwdcntrl.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.gstatic.com *.here.com *.hotjar.com *.kuula.co *.onetrust.com *.pinimg.com *.spec.co *.theviewer.co *.twimg.com *.twitter.com *.vimeo.com assets.reflow.tv bs.serving-sys.com cdn.cookielaw.org cdn.ctnsnet.com cdn.jsdelivr.net cgitours.soresi.co.uk connect.facebook.net consentag.eu consentag.mgr.consensu.org embed360.s3.eu-west-2.amazonaws.com geolocation.onetrust.com i.ctnsnet.com insight.reflow.tv kuula.co network-homes.vr-360-tour.com notting-hill-genesis.vr-360-tour.com octavia.vr-360-tour.com secure-ds.serving-sys.com seekbeak.com spec.co tagmanager.google.com theviewer.co trackcmp.net www.accelevents.com www.googletagmanager.com www.instagram.com www.madesnappy.co.uk www.reevo360.com https://www.sharetobuy.com/wp 1
report-uri https://enercalc.com 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https: 1
frame-ancestors *.insideevs.de insideevs.de 1
default-src https://www.affinitycu.ca; base-uri https://www.affinitycu.ca https://acu-pubweb-staging.azurewebsites.net/; form-action 'self' https://webto.salesforce.com https://salesforce.com; connect-src 'self' https://webto.salesforce.com https://salesforce.com https://www.affinitycu.ca/_layouts/15/RatesService.aspx https://chatserver13.comm100.io https://max13.comm100.io https://www.bankofcanada.ca https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://max3.comm100.io https://chatserver3.comm100.io https://www.google-analytics.com https://www.affinitycu.ca https://maps.googleapis.com  https://api.insight.sitefinity.com; font-src 'self' https://fonts.gstatic.com https://vue.comm100.io https://chatserver.comm100.io https://vue.comm100.com https://chatserver.comm100.com/visitorside/fonts/sourcesanspro-regular.woff data:; frame-src 'self' https://affinitycu-my.sharepoint.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.office.com/ https://www.google.com/ https://player.vimeo.com/ https://acu-pubwebforms-staging.azurewebsites.net/ https://www.affinitycu.ca https://www.youtube.com https://acu-pubwebforms.azurewebsites.net/ https://e.issuu.com/; media-src https://chatserver3.comm100.io; frame-ancestors 'self' https://www.affinitycu.ca; img-src 'self' https://acu1.azureedge.net blob: https://ads.stickyadstv.com https://chatserver13.comm100.io https://pixel.rubiconproject.com https://simage2.pubmatic.com https://image6.pubmatic.com https://us-u.openx.net https://dsum-sec.casalemedia.com https://cm.g.doubleclick.net https://ups.analytics.yahoo.com https://pixel.advertising.com https://ib.adnxs.com https://i.ytimg.com https://ads.yahoo.com https://chatserver3.comm100.io https://public-prod-dspcookiematching.dmxleo.com https://www.google-analytics.com https://a.tribalfusion.com https://77763.global.siteimproveanalytics.io https://bs.serving-sys.com https://s.tribalfusion.com https://tags.bluekai.com/ https://pixel.tapad.com/ https://dpm.demdex.net https://aa.agkn.com/adscores/ https://sync.search.spotxchange.com https://loadus.exelator.com https://odr.mookie1.com https://ads.scorecardresearch.com https://id5-sync.com https://analytics.twitter.com https://t.mookie1.com data: https://maps.googleapis.com https://maps.gstatic.com https://o2.eyereturn.com https://tags.w55c.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/js/bootstrap.bundle.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com https://www.gstatic.com/ https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com/ajax/libs/Chart.js/3.7.0/chart.min.js https://www.youtube.com https://standby.comm100vue.com https://vue.comm100.com https://siteimproveanalytics.com https://www.google-analytics.com https://hostedmax.comm100.com https://chatserver.comm100.com https://code.jquery.com https://www.googletagmanager.com https://ajax.googleapis.com https://maps.googleapis.com https://cdn.insight.sitefinity.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/vyz5nal.css https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css fonts.googleapis.com fonts.googleapis.com3.comm100.io https://www.bankofcanada.ca https://api.ssllabs.com https://hstspreload.org https://http-observatory.security.mozilla.org https://securityheaders.com https://sshscan.rubidus.com https://tls.imirhil.fr https://tls-observatory.services.mozilla.com https://www.immuniweb.com https://max3.comm100.io https://chatserver3.comm100.io https://www.google-analytics.com https://acu-pubweb-test.azurewebsites.net https://maps.googleapis.com https://api.insight.sitefinity.com; manifest-src 'self'; 1
report-uri "https://enflow.report-uri.com/r/d/csp/reportOnly" 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://twit.social; img-src 'self' https: data: blob: https://twit.social; style-src 'self' https://twit.social 'nonce-J+QyIVp51baxsnty6is4bQ=='; media-src 'self' https: data: https://twit.social; frame-src 'self' https:; manifest-src 'self' https://twit.social; form-action 'self'; child-src 'self' blob: https://twit.social; worker-src 'self' blob: https://twit.social; connect-src 'self' data: blob: https://twit.social https://cdn.masto.host wss://twit.social; script-src 'self' https://twit.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://www.google.com https://code-ya.jivosite.com https://bid.g.doubleclick.net https://yandex.ru; 1
base-uri 'none'; object-src 'none'; script-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com https://www.googletagmanager.com https://tools.luckyorange.com 'unsafe-eval' 'strict-dynamic' 'nonce-yew/v2tGaql/kyASw/BYPw=='; ; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.discordapp.com discord.com e.widgetbot.io *.helpscout.net *.360yield.com bing.com *.bing.com youtube.com *.youtube.com *.wistia.net wistia.net wistia.com *.wistia.com cdn.ampproject.org happyfoxchat.com *.happyfoxchat.com *.dianomi.com tiktok.com *.tiktok.com decide.dev *.decide.dev itstracking.com *.itstracking.com *.optipub.com *.angelpub.com *.angelnexus.com *.wealthdaily.com *.energyandcapital.com *.outsiderclub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.gstatic.com *.googletagmanager.com *.google.com google.com anchor.fm *.google-analytics.com *.googleadservices.com *.googleapis.com *.googleusercontent.com *.googleoptimize.com *.blueconic.net *.doubleclick.net pd.trysera.com *.cloudflare.com *.criteo.net *.criteo.com addevent.com *.addevent.com *.bootstrapcdn.com *.rawgit.com *.github.io *.jquery.com *.pingdom.net *.taboola.com *.outbrain.com *.hotjar.com *.yahoo.com *.liadm.com *.yimg.com *.twimg.com *.twitter.com *.ads-twitter.com *.pinimg.com *.pinterest.com *.onesignal.com onesignal.com *.litix.io *.soundcloud.com *.akamaihd.net *.amzglt.com amzglt.com t.co lockerdome.com trk.lockerdome.com *.zedo.com cm.mgid.com *.go2cloud.org bbm.iljmp.com secure.verifiedlink.net px.khmtrack.com tracking.imspublishergroup.com cdn.jsdelivr.net powerinboxedge.com *.powerinboxedge.com lockerdomecdn.com *.lockerdomecdn.com *.norton.com *.facebook.net *.facebook.com *.gravatar.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *; style-src 'self' 'unsafe-inline' onesignal.com *.github.io *.twitter.com *.twimg.com cdn.jsdelivr.net *.outsiderclub.com *.energyandcapital.com *.wealthdaily.com *.angelpub.com *.protradertoday.com *.longevityinsiderhq.com *.greenchipstocks.com *.bootstrapcdn.com *.googleapis.com; 1
frame-ancestors https://*.imoney.my 1
frame-ancestors 'self' insite; 1
frame-ancestors http://cubki.jp http://*.cubki.jp https://cubki.jp https://*.cubki.jp http://newrope.biz http://*.newrope.biz https://newrope.biz https://*.newrope.biz 1
frame-ancestors https://trscms.us.aegon.com/ https://trs-cms.us.aegon.com; 1
font-src *.typekit.net *.gstatic.com fonts.gstatic.com use.typekit.net maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.convergepay.com/ *.elavonaws.com/ https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.braintreegateway.com *.paypal.com google.com *.google.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.elavonaws.com/ api.demo.convergepay.com api.convergepay.com td.doubleclick.net obs.segreencolumn.com www.paypalobjects.com *.google.com/ https://plumrocket.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.paypal.com *.typekit.net *.gstatic.com p.typekit.net validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.mastercard.com/ https://www.magezon.com c.clarity.ms bat.bing.com static-na.payments-amazon.com www.shopperapproved.com track.linksynergy.com www.facebook.com csi.gstatic.com www.google.com www.google.ca www.google.co.in www.google.com.mx www.google.com.sg www.google.de www.google.nl www.googletagmanager.com googleads.g.doubleclick.net *.nr-data.net obs.segreencolumn.com *.bing.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.commerce-payment-services.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.typekit.net google.com *.google.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.elavongateway.com/ *.convergepay.com/ *.mastercard.com/ ajax.cloudflare.com api.demo.convergepay.com demo.convergepay.com libs.fraud.elavongateway.com static-na.payments-amazon.com www.shopperapproved.com www.googlecommerce.com bat.bing.com www.clarity.ms tag.rmp.rakuten.com connect.facebook.net www.googletagmanager.com googleads.g.doubleclick.net *.newrelic.com *.nr-data.net obs.segreencolumn.com ob.segreencolumn.com cdn.logrocket.io cdn.lr-ingest.io cdn.lr-in.com cdn.lr-in-prod.com cdn.lr-ingest.com *.google.com/ ssl.google-analytics.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com google.com *.google.com *.adobe.io performance.typekit.net *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.convergepay.com/ *.elavonaws.com/ n.clarity.ms bat.bing.com stats.g.doubleclick.net www.facebook.com bid.g.doubleclick.net www.googletagmanager.com *.newrelic.com *.nr-data.net adservice.google.com www.google.com obs.segreencolumn.com *.logrocket.io *.lr-ingest.io *.logrocket.com *.lr-in.com *.lr-in-prod.com *.lr-ingest.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /.webscale/csp-report; 1
default-src 'self' https: 'unsafe-inline' 1
default-src 'self';connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://*.intercom.io https://*.intercomcdn.com wss://nexus-websocket-a.intercom.io https://widgets.marqeta.com/ https://api.levelcard.co.uk/ https://api.ideal-postcodes.co.uk/;script-src 'unsafe-inline' 'self' https://widgets.marqeta.com/ https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.intercom.io https://*.intercomcdn.com https://*.appsflyer.com;style-src 'self' 'unsafe-inline' https://widgets.marqeta.com/;frame-src 'self' 'nonce-YmU4MTI4ZWItODc5Ni00ZmFiLTkzMDYtMzQ4YmM4ZWY1ZWMw' https://widgets.marqeta.com/;img-src 'self' https://www.google-analytics.com https://*.facebook.com https://*.intercomcdn.com https://*.intercomassets.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' https://www.google-analytics.com/ https://www.google.com/ https://www.custard.com/ https://use.fontawesome.com/ https://fonts.gstatic.com/ https://analytics.google.com/ https://www.youtubec.com; script-src 'self' https://www.google.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.gstatic.com/ https://use.fontawesome.com/ https://www.youtube.com https://unpkg.com/axios/dist/ https://unpkg.com/qs/ https://cdnjs.cloudflare.com/ajax/libs/ https://analytics.google.com/ https://connect.facebook.net https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/  https://use.fontawesome.com/ 'unsafe-inline'; img-src 'self' https://www.custard.com/ https://dev.custard.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://maps.googleapis.com/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://secure.gravatar.com/avatar/ data:; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data:; object-src 'self'; frame-ancestors 'self'; connect-src 'self' https://www.custard.com/ https://analytics.google.com/ https://maps.googleapis.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com; form-action 'self' https://login.microsoftonline.com https://analytics.google.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/g/ https://stats.g.doubleclick.net/ https://analytics.google.com/g/collect; frame-src 'self' https://www.custard.com https://www.google.com https://www.facebook.com https://www.youtube.com; worker-src blob:; upgrade-insecure-requests; 1
default-src data: https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; font-src https: data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src https: wss:; worker-src blob: 1
frame-ancestors 'self' https://*.spotdraft.com http://localhost:4200 1
default-src *.koolaburra.com data: 'unsafe-eval' 'unsafe-inline' blob: ws: dms.deckers.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com via.placeholder.com *.deckers.layer0-perma.link *.cquotient.com d.emails.teva.com email.ugg.com email.hoka.com email.koolaburra.com email.sanuk.com email.teva.com *.emails.teva.com blog.ugg.com events.hoka.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp blog.uggaustralia.com www.teva-eu.com scripts.deckers.com rum.ingress.edgio.net *.g.doubleclick.net edgeshoppingstatic.azureedge.net s.retargeted.co *.joinhoney.com d3nocrch4qti4v.cloudfront.net df45ay5pw60dy.cloudfront.net cx.atdmt.com cdn.optimizely.com *.bglobale.com *.formstack.com *.deckers.coremedia.cloud rum-http-intake.logs.datadoghq.com www.datadoghq-browser-agent.com rum.ingress.layer0.co rum.layer0.co *.pingdom.net *.pitneybowes.com pippio.com hosted.where2getit.com res.cloudinary.com splashthat.eu *.klarnacdn.net *.klarnaservices.com *.klarna.com dfp.bouncex.net *.bounceexchange.com *.medallia.eu *.kampyle.com cdn.pdst.fm sink.pdst.fm us-central1-adaptive-growth.cloudfunctions.net *.contentsquare.net *.contentsquare.com *.dynamicyield.com *.dy-api.com *.forter.com pay.google.com *.cdn4.forter.com *.linksynergy.com *.paypal.com *.cloud.coveo.com *.amazon-adsystem.com cartera-cdn.freetls.fastly.net *.abtasty.com guarantee-cdn.com static-fe.payments-amazon.com ad.as.amanad.adtdp.com ad.caprofitx.adtdp.com ad.yieldlab.net ade.clmbtech.com *.socdm.com adx.dable.io au.ants.vn c.bing.com cm-exchange.toast.com cm.mgid.com r.casalemedia.com contextual.media.net criteo-sync.teads.tv cs.adingo.jp point.widget.rakuten.co.jp *.rakuten.co.jp static.rakuten.com *.yimg.jp *.yahoo.co.jp ads.yahoo.com deckers.candypop.jp cs.gssprt.jp eb2.3lift.com *.sharethrough.com rapid-cdn.yottaa.com pixel.advertising.com pixel.tapad.com *.ac.bcon.ecdns.net *.smartadserver.com secure.adnxs.com simage2.pubmatic.com *.criteo.net *.criteo.com sync.outbrain.com us-u.openx.net duuytoqss3gu4.cloudfront.net *.osano.com x.bidswitch.net visitor.omnitagjs.com d.line-scdn.net *.ads.yieldmo.com tr.line.me *.taboola.com *.ad-stir.com tk.jrs5.com *.adsrvr.org cdn.smartnews-ads.com payments-fe.amazon.com m.media-amazon.com chimpstatic.com static.hotjar.com content.hotjar.com t.cfjump.com chipstatic.com cdn.unidays.world api.myunidays.com *.veinteractive.com *.pixlee.com *.pixlee.co *.pxlecdn.com *.cartfulsolutions.com *.global-e.com *.powerreviews.com *.truefitcorp.com *.terracycle.com www.truefit.com *.typekit.net widgets.trustedshops.com *.etrusted.com idsync.rlcdn.com *.zenaps.com cnstrc.com *.strut.fit *.rewardstyle.com *.motionpoint.com s-cs.send.microad.jp *.smaato.net *.e-planning.net *.zemanta.com *.artlabs.ai *.onetrust.com *.stylitics.com *.g.doubleclick.net *.kampyle.com *.fls.doubleclick.net *.doubleclick.net adservice.google.com *.googleadservices.com adservice.google.com www.googletagmanager.com ampcid.google.com *.googlesyndication.com api.amplitude.com translate.googleapis.com apis.google.com www.google-analytics.com ssl.google-analytics.com maps.googleapis.com www.google.ca www.google.com translate.google.com fonts.googleapis.com api.cognitive.microsofttranslator.com browser.translate.yandex.net jjfblogammkiefalfpafidabbnamoknm bmnlcjabgnpnenekpadlanbbkooimhnj chhjbpecpncaggjpdakmflnfcopglcmi bfkjochdalcdahjnliojhpldoogkbglc pfldcnnaiaiaogmpfdjjpdkpnigplfca ajax.googleapis.com *.gstatic.com s.w.org *.ediemidnightzombies.com www.gravatar.com *.attn.tv events.attentivemobile.com *.afterpay.com www.instagram.com *.analytics.yahoo.com alb.reddit.com www.redditstatic.com *.hotjar.com *.artlabs.ai downloads.mailchimp.com *.au.hoka.com hokacustomercare.zendesk.com hokanzcustomercare.zendesk.com accentgroupsupport.zendesk.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net *.bouncexchange.com events.bouncex.net www.facebook.com connect.facebook.net *.zdassets.com *.zopim.com widget-mediator.zopim.com *.list-manage.com *.us14.list-manage.com *.gladly.com js.verygoodvault.com *.datadome.co *.captcha-delivery.com *.cdn.gladly.com api.us-1.gladly.chat ws.us-1.gladly.chat tnt8r4ypmtr.live.verygoodproxy.com vgs-collect-keeper.apps.verygood.systems cdn.studentbeans.com *.90d.io *.smooch.io www.clarity.ms gladly-production.sinter-collect.com tracead.com www.dwin1.com *.zenaps.com *.adyen.com *.addthis.com *.addthisedge.com *.moatads.com intljs.rmtag.com *.likeshop.me cdn.cookielaw.org www.gstatic.com fonts.gstatic.com sc-static.net bat.bing.com www.bing.com cdn.yottaa.com qoe-1.yottaa.net *.tealiumiq.com *.sitelabweb.com cdn.quadpay.com csp-reporting.cloudflare.com d38d4ysphgm9dz.cloudfront.net d35u1vg1q28b3w.cloudfront.net d2o5idwacg3gyw.cloudfront.net d6tizftlrpuof.cloudfront.net d38d4ysphgm9dz.cloudfront.net nsg.symantec.com px.owneriq.net tags.w55c.net mc.yandex.ru mc.yandex.com mc.yandex.kz yandex.net api.pinpiaa.com omwbh6dj4a.execute-api.ap-southeast-2.amazonaws.com cmp.osano.com *.usabilla.com *.newgistics.com mpsnare.iesnare.com *.cdnwidget.com *.cdnbasket.net resources.digital-cloud.medallia.eu t.co platform.twitter.com static.ads-twitter.com analytics.twitter.com tag.rmp.rakuten.com point.widget.rakuten.co.jp analytics.tiktok.com cdn.loom.com *.usw2.cordial.com hokaoneone.locally.com tr.snapchat.com www.awin1.com hm.baidu.com *.parcellab.com analytics.convertlanguage.com *.verygoodvault.com ugg.review.eprize.com ugg.promo.eprize.com www.paypalobjects.com www.youtube.com *.brightcove.com *.pinterest.com s.pinimg.com *.cheqzone.com i.ytimg.com cdn.jsdelivr.net call.chatra.io services.sheerid.com cdn.honey.io i.honey-images.com cdn.joinhoney.com cdn.ivaws.com *.capitaloneshopping.com *.locally.com cdn.dashhudson.com images.dashhudson.com s7.addthis.com *.dashhudson.com likeshop.me trial-eum-clientnsv4-s.akamaihd.net tags.tiqcdn.com code.jquery.com maxcdn.bootstrapcdn.com strutagiocdn.blob.core.windows.net frame.hub-box.com sandbox.frame.hub-box.com analytics.google.com *.analytics.google.com *.google-analytics.com ampcid.google.co.in ampcid.google.co.jp ampcid.google.com.ph ampcid.google.com.pk ampcid.google.cz ampcid.google.dk ampcid.google.ee ampcid.google.es ampcid.google.fr ampcid.google.ge ampcid.google.hu ampcid.google.ht ampcid.google.kz ampcid.google.lt ampcid.google.mn ampcid.google.nl ampcid.google.no ampcid.google.pl ampcid.google.bs ampcid.google.by ampcid.google.ca ampcid.google.cl ampcid.google.co.il ampcid.google.co.kr ampcid.google.co.nz ampcid.google.co.ve ampcid.google.co.za ampcid.google.co.zw ampcid.google.com.au ampcid.google.com.ec ampcid.google.com.jm ampcid.google.com.mx ampcid.google.com.pr ampcid.google.com.sg ampcid.google.com.tr ampcid.google.com.ua ampcid.google.de ampcid.google.gr ampcid.google.ie ampcid.google.it ampcid.google.mv ampcid.google.ru ampcid.google.ro ampcid.google.se ampcid.google.pt ampcid.google.hr ampcid.google.at ampcid.google.az ampcid.google.be ampcid.google.bg ampcid.google.ch ampcid.google.co.id ampcid.google.co.ma ampcid.google.co.th ampcid.google.com.ar ampcid.google.com.br ampcid.google.com.bz ampcid.google.com.co ampcid.google.com.cy ampcid.google.com.do ampcid.google.com.gt ampcid.google.com.hk ampcid.google.com.mt ampcid.google.com.ng ampcid.google.com.ni ampcid.google.com.pe ampcid.google.com.py ampcid.google.com.sa ampcid.google.com.tj ampcid.google.com.tw ampcid.google.com.uy ampcid.google.dm ampcid.google.dz ampcid.google.fi ampcid.google.hn ampcid.google.lu ampcid.google.lv ampcid.google.ps ampcid.google.rs ampcid.google.si ampcid.google.sk ampcid.google.cn ampcid.google.co.id ampcid.google.co.th ampcid.google.co.hk ampcid.google.co.pe ampcid.google.co.tw ampcid.google.co.uy ampcid.google.tn ampcid.google.ae ampcid.google.lk ampcid.google.com.bh ampcid.google.com.vn www.google.al www.google.at www.google.am www.google.az www.google.ba www.google.be www.google.bg www.google.by www.google.ch www.google.fi www.google.ie www.google.ps www.google.tt www.google.co.bz www.google.co.il www.google.co.in www.google.co.jp www.google.co.kr www.google.co.ma www.google.com.au www.google.com.co www.google.com.do www.google.com.gh www.google.com.gt www.google.com.lb www.google.com.mx www.google.com.ng www.google.com.om www.google.com.ph www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.tr www.google.com.ua www.google.com.py www.google.co.ke www.google.co.th www.google.lk www.google.tn www.google.bf www.google.co.nz www.google.co.uk www.google.is www.google.im www.google.cz www.google.de www.google.ee www.google.es www.google.fr www.google.ge www.google.gr www.google.hr www.google.ht www.google.hu www.google.ie www.google.it www.google.lt www.google.md www.google.me www.google.mk www.google.mt www.google.no www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.ae www.google.bs www.google.cl www.google.co.cr www.google.co.ve www.google.co.vi www.google.co.za www.google.com.ec www.google.com.hk www.google.com.jm www.google.com.kw www.google.com.pa www.google.com.sg www.google.mv www.google.co.id www.google.com.my www.google.com.pk www.google.com.vn www.google.dk www.google.mn www.google.kz www.google.vg www.google.hn www.google.com.eg www.google.ad www.google.je www.google.co.bw www.google.com.ar www.google.com.bd www.google.com.bo www.google.com.br www.google.com.cy www.google.com.pe www.google.com.sv www.google.com.uy www.google.com.qa www.google.dz www.google.iq www.google.jo www.google.sk www.google.si www.google.nl www.google.lv www.google.lu www.google.lv www.google.kg www.google.dm www.google.co.uz www.google.sr www.google.je www.google.gg www.google.com.qa www.google.mt www.google.com.bn www.google.com.bh www.google.co.uz www.google.cn www.google.tn www.google.mg www.google.com.ai www.google.li www.google.as www.google.dj www.google.com.mt www.google.ga www.google.sn www.google.com.gi www.google.mu www.google.gy; font-src *.koolaburra.com *.demandware.net *.commercecloud.salesforce.com *.truefitcorp.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp use.typekit.net *.osano.com *.klarnacdn.net cdn.gladly.com *.deckers.coremedia.cloud cdn.dynamicyield.com fonts.googleapis.com cdn.loom.com *.global-e.com cdn.honey.io likeshop.me script.hotjar.com cdn.joinhoney.com fonts.gstatic.com use.fontawesome.com cdn.ivaws.com *.strut.fit *.deckers.layer0-perma.link data: *.wistia.com static.formstack.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com *.medallia.eu *.kampyle.com; style-src *.koolaburra.com *.deckers.coremedia.cloud *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.demandware.net *.veinteractive.com *.bounceexchange.com cdn.dynamicyield.com *.klarnacdn.net ui.powerreviews.com *.osano.com web-assets.stylitics.com use.fontawesome.com ui.powerreviews.com cdn.honey.io cdn.joinhoney.com js.verygoodvault.com *.global-e.com *.truefitcorp.com *.deckers.layer0-perma.link www.truefit.com cdn.90d.io cdn.gladly.com chat-sdk.cdn.gladly.com *.typekit.net www.karmanow.com *.parcellab.com *.formstack.com translate.googleapis.com d3nocrch4qti4v.cloudfront.net d6tizftlrpuof.cloudfront.net cdn.ivaws.com www.paypalobjects.com *.pxlcdn.com fonts.googleapis.com *.adyen.com *.medallia.eu *.kampyle.com downloads.mailchimp.com data: 'unsafe-inline'; form-action *.koolaburra.com *.demandware.net *.commercecloud.salesforce.com *.sandbox.us01.dx.commercecloud.salesforce.com *.hokaoneone.eu payments.amazon.co.jp www.amazon.co.jp *.demandware.net *.snapchat.com www.facebook.com *.adyen.com email.teva.com email.ugg.com email.hoka.com email.sanuk.com email.koolaburra.com *.securev2.global-e.com *.secure5.arcot.com *.securesuite.co.uk *.3ds.borica.bg *.acs1.icicibank.com *.sps-system.com centinelapi.cardinalcommerce.com accentgroup.formstack.com; media-src *.koolaburra.com blob: dms.deckers.com res.cloudinary.com *.demandware.net *.commercecloud.salesforce.com *.90d.io static.zdassets.com cdn.dashhudson.com images.dashhudson.com chat-sdk.cdn.gladly.com cdn.gladly.com media.cdn.gladly.com; worker-src *.koolaburra.com blob: *.osano.com; child-src *.koolaburra.com *.demandware.net *.hokaoneone.com *.hokaoneone.eu *.hokaoneone.jp *.commercecloud.salesforce.com *.snapchat.com guarantee-cdn.com v3.rest-ar.com *.osano.com *.doubleclick.net vars.hotjar.com www.awin1.com *.afterpay.com px.owneriq.net pal-test.adyen.com *.americanexpress.com *.facebook.com *.pixlee.co *.zenaps.com *.bounceexchange.com d6tizftlrpuof.cloudfront.net www.paypalobjects.com www.paypal.com ln-rules.rewardstyle.com nsg.symantec.com *.pinterest.com track.usw2.cordial.com *.global-e.com wkxppshj-qx.global.ssl.fastly.net checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.sandbox.paypal.com *.ediemidnightzombies.com *.studentbeans.com *.myunidays.com point.widget.rakuten.co.jp *.bglobale.com www.google.com *.amazon-adsystem.com *.truefitcorp.com *.locally.com *.strut.fit www.pubxtags.com tracead.com photos.pixlee.com *.splashthat.eu hosted.where2getit.com sketchfab.com *.criteo.com *.datadome.co *.captcha-delivery.com *.criteo.net www.youtube.com *.verygoodvault.com pay.google.com www.terracycle.com sandbox.frame.hub-box.com frame.hub-box.com ugg.promo.eprize.com ugg.review.eprize.com d.emails.teva.com creatives.attn.tv *.artlabs.ai app.collectivevoice.com *.medallia.eu *.kampyle.com; report-uri https://www.koolaburra.com/_/csp-reports 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none' script-src 'self' https://www.hubspot.com https://*.hsappstatic.net https://*.hs-analytics.net https://*.hs-banner.com https://*.hsforms.net https://*.hsleadflows.net https://*.hs-scripts.com https://*.hubspotfeedback.com https://*.usemessages.com https://js.hubspot.com https://*.hsadspixel.net https://*.hscollectedforms.net https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://*.google-analytics.com https://www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src * blob:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' *.vergic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marketingcloudfx.com *.googleadservices.com *.azureedge.net download.pi.dynamics.com *.googleapis.com *.gstatic.com *.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com *.twitter.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdn.jsdelivr.net https://kit.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com/2021.1.119/js/kendo.all.min.js https://kendo.cdn.telerik.com/2021.1.119/js/kendo.aspnetmvc.min.js https://www.googletagmanager.com *.pricespider.com *.happyfoxchat.com *.bing.com *.clarity.ms https://googleads.g.doubleclick.net *.adsrvr.org https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com www.googleadservices.com www.google.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.twimg.com https://cdnjs.cloudflare.com https://ka-p.fontawesome.com; font-src 'self' data: fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://ka-p.fontawesome.com; img-src 'self' data: blob: *.dynamics.com *.doubleclick.net *.google.com *.praxair.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.twimg.com *.eloqua.com track.hubspot.com https://cdnjs.cloudflare.com https://www.paypalobjects.com *.bing.com https://*.analytics.google.com *.clarity.ms google.com https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://www.google.com googleads.g.doubleclick.net www.google.com https://ad.doubleclick.net https://ade.googlesyndication.com; media-src 'self' data: blob:; frame-src 'self' https://www.youtube.com/ *.smartercommercecloud.com *.happyfoxchat.com *.dynamics.com *.pricespider.com *.google.com https://bid.g.doubleclick.net bid.g.doubleclick.net *.adsrvr.org; frame-ancestors 'self' *.aquiire.net  https://fscm92dev.bidmc.org:8453/ *.apci.com https://srm.america.apci.com:9080/ *.utexas.edu *.gep.com *.vinimaya.com *.bidmc.org *.utmb.edu *.washington.edu  *.coupahost.com *.ariba.com *.sciquest.com *.oraclecloud.com *.govsci.com; child-src 'self' apiint.paymentsite.com *.dynamics.com *.twitter.com *.google.com *.facebook.com https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ badge.stumbleupon.com https://www.sandbox.paypal.com https://pilot-payflowlink.paypal.com https://www.computop-paygate.com *.smartercommercecloud.com; connect-src 'self' *.cloudflare.com *.marketingcloudfx.com *.azure.com *.dynamics.com *.microsoft.com *.google.com stats.g.doubleclick.net *.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://ka-p.fontawesome.com https://www.google-analytics.com https://widget.happyfoxchat.com https://happyfoxchat.com *.pricespider.com *.webpagefx.org *.clarity.ms https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com; 1
frame-ancestors 'self' https://*.ariba.com https://fswlcdcqvm01.nyumc.org:8071 https://peoplesoftfscm.nyumc.org https://fswlcdcpvm01.nyumc.org:8236 https://psfsprd.shawinc.com 1
script-src https://connect.facebook.net https://linkprotect.cudasvc.com https://www.googletagmanager.com https://fonts.gstatic.com *.hotjar.com *.google-analytics.com *.americaneagle.com *.hawksearch.com *.google.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval' data: 1
connect-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; default-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; img-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; object-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; script-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; style-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline'; worker-src *.rac.com.br *.gazetadepiracicaba.com.br *.googletagmanager.com *.googlesyndication.com *.google-analytics.com *.google.com *.google.com.br *.adservice.google.com *.ampproject.org *.ampproject.net *.taboola.com *.denakop.com *.doubleclick.net *.teads.tv *.youtube.com * data: blob: 'self' data 'unsafe-eval' 'unsafe-inline' 1
base-uri 'self';default-src 'none';font-src 'self' https://*.hotjar.com;script-src 'self' https://cdn.mxpnl.com 'nonce-2c13ea86-fc53-46ea-90cc-fb86aed525b9' https://connect.facebook.net https://staticxx.facebook.com https://static.ads-twitter.com https://apis.google.com https://accounts.google.com https://analytics.twitter.com https://*.hotjar.com;style-src 'self' 'unsafe-inline';img-src 'self' https://*.makeorg.tech https://*.make.org https://*.placebymake.org https://*.webflow.com data: https://t.co https://*.facebook.com https://*.facebook.net https://analytics.twitter.com https://*.hotjar.com;connect-src 'self' https://make.org/backend https://make.org https://*.makeorg.tech https://*.make.org https://*.placebymake.org https://api-eu.mixpanel.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' https://*.facebook.com https://*.google.com https://*.hotjar.com;object-src 'none';media-src 'none';manifest-src 'self';frame-ancestors 'none' 1
default-src googleads.g.doubleclick.net analytics.google.com region1.analytics.google.com www.googleoptimize.com www.googletagmanager.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' j.6sc.co cdn.bizible.com cdn.cookielaw.org script.crazyegg.com img04.en25.com googleads.g.doubleclick.net www.google-analytics.com www.googleoptimize.com www.googletagmanager.com cdn.intellimize.co snap.licdn.com cleo.widget.insent.ai; script-src-elem 'self' 'unsafe-inline' j.6sc.co cdn.bizible.com www.cleo.com intellimizeditor.com cdn.cookielaw.org script.crazyegg.com img04.en25.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com ssl.google-analytics.com www.google-analytics.com translate.googleapis.com apis.google.com translate.google.com www.googleoptimize.com www.googletagmanager.com cdn.intellimize.co gc.kis.v2.scr.kaspersky-labs.com snap.licdn.com cleo.widget.insent.ai www.youtube.com ws-assets.zoominfo.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' www.cleo.com fonts.googleapis.com www.googletagmanager.com www.gstatic.com cdn.honey.io; style-src-attr 'unsafe-inline'; img-src 'self' data: blob: android-webview-video-poster b.6sc.co px4.ads.linkedin.com px.ads.linkedin.com s3.amazonaws.com region1.analytics.google.com cdn.bizible.com cdn.bizibly.com www.cleo.com www.content.cleo.com cdn.cookielaw.org ftrk.crazyegg.com ad.doubleclick.net googleads.g.doubleclick.net stats.g.doubleclick.net www.google.ae www.google.am www.google-analytics.com translate.googleapis.com www.google.at www.google.az www.google.be www.google.bg www.google.by www.google.ca www.google.ch www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr adservice.google.com analytics.google.com translate.google.com www.google.com www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.br www.google.com.co www.google.com.do www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.kh www.google.com.lb www.google.com.mm www.google.com.mx www.google.com.my www.google.com.ng www.google.com.np www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.sa www.google.com.sg www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vn www.google.co.nz www.google.co.th www.google.co.tz www.google.co.ug www.google.co.uk www.google.co.uz www.google.co.za www.google.co.zm www.google.co.zw www.google.cz www.google.de www.google.dk www.google.dz www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.ie www.google.iq www.google.it www.google.lk www.google.mw www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.googletagmanager.com fonts.gstatic.com cdn.honey.io www.linkedin.com uploads-ssl.webflow.com i.ytimg.com; font-src 'self' data: account.affilitizer.com cdn.blerp.com fonts.gstatic.com cdn.megabonus.com puhuiti.oss-cn-hangzhou.aliyuncs.com cdn.scite.ai www.slant.co use.typekit.net static.zip.co; connect-src 'self' data: c.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com epsilon-globalaccelerator.6sense.com px.ads.linkedin.com region1.analytics.google.com i.clean.gg view.cleo.com cdn.cookielaw.org app.crazyegg.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com script.crazyegg.com tracking.crazyegg.com stats.g.doubleclick.net cdnml.global-cache.online www.googleadservices.com region1.google-analytics.com www.google-analytics.com translate.googleapis.com translate-pa.googleapis.com www.google.ca www.google.co.in www.google.co.ke adservice.google.com analytics.google.com www.google.com www.google.com.au www.google.com.co www.google.com.ph www.google.com.pk www.google.com.sg www.google.com.vn www.google.co.uk www.google.de www.google.nl www.google.pl service5.gstatic-cache.com api.intellimize.co log.intellimize.co geolocation.onetrust.com privacyportal.onetrust.com ws.zoominfo.com; media-src 'self' data: ssl.gstatic.com; child-src 'self' blob: cleo.widget.insent.ai; frame-src 'self' blob: static.addtoany.com test.api.intellimize.co resources.cleo.com td.doubleclick.net www.google.com www.googletagmanager.com api.intellimize.co 117179045.intellimizeio.com mozbar.moz.com 117179045.test.intellimizeio.com cleo.widget.insent.ai www.youtube.com gateway.zscalerthree.net gateway.zscalertwo.net gateway.zscloud.net; worker-src 'self' blob:; frame-ancestors 'self' engage.cleo.com get.cleo.com resources.cleo.com www.cleo.com cleo.com lookbookhq.com pathfactory.com ubpages.com unbounce.com unbouncepages.com; form-action 'self' view.cleo.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://report-csp.darwinapps.com/csp-report-endpoint 1
default-src * 'unsafe-inline' 'unsafe-eval';img-src data: blob: * ;frame-ancestors 'self' www.moneynet.com.tw; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://use.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-eu.cookietractor.com https://cdn-eu.cookietractor.com/cookietractor.js https://bankgirot.containers.piwik.pro; font-src 'self' https://use.fontawesome.com; img-src 'self' 'unsafe-inline' data: https://cdn-eu.cookietractor.com/ext/3f764701-4d11-4f95-9649-a4452947a29f/localhost/sv-SE.js https://bankgirot.containers.piwik.pro; frame-src 'self'  https://cdn-eu.cookietractor.com ; connect-src 'self' https://bankgirot.containers.piwik.pro https://app.cookietractor.com 1
default-src 'self' https://partner.googleadservices.com/ https://afs.googlesyndication.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/ www.google-analytics.com/ https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://*.online-metrix.net/  https://metrics.myfrs.com/ https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate-pa.googleapis.com/ https://translate.googleapis.com/ https://translate.google.com/ https://*.online-metrix.net/  https://metrics.myfrs.com/ http://translate.google.com/ https://www.google.com/ http://www.google.com/ http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://use.fontawesome.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://players.brightcove.net/ http://players.brightcove.net/ https://translate.google.com/; script-src 'self' 'unsafe-eval' https://partner.googleadservices.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/  https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate.google.com/ https://www.gstatic.com/ https://use.fontawesome.com/ http://www.gstatic.com/ https://www.google.com/ http://www.google.com/ http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://secure.brightcove.com/ https://ssl.bing.com/ http://www.bing.com  http://api.microsofttranslator.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://www.myfrs.com/ https://www.myfrs.com/  http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ www.google-analytics.com/ https://ssl.google-analytics.com/  ajax.googleapis.com/ https://www.zazachat.com/ http://www.zazachat.com/ www.jquery.com/ json.org sizzlejs.com https://www.zazamagic.aspx https://translate.google.com/ 'unsafe-inline'; style-src 'self' https://partner.googleadservices.com/ https://kit.fontawesome.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net http://releases.flowplayer.org/ https://use.fontawesome.com/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ http://api.microsofttranslator.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ https://translate.google.com/ 'unsafe-inline' 'unsafe-eval'; object-src 'self' https://partner.googleadservices.com/ https://cse.google.com/ https://www.google.com/cse/static/ https://www.googletagmanager.com/ https://kit.fontawesome.com/ https://www.gstatic.com/  https://www.googletagmanager.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://js.intercomcdn.com/ https://widget.intercom.io https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net http://releases.flowplayer.org/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://hewitt.lipperweb.com/ https://sadmin.brightcove.com/ http://admin.brightcove.com/ https://secure.brightcove.com/ https://translate.google.com/; img-src https://afs.googlesyndication.com/ https://www.gstatic.com/ https://*.gstatic.com/ https://clients1.google.com/ https://kit.fontawesome.com/ https://*.intercomcdn.com/ https://static.intercomassets.com wss://nexus-websocket-a.intercom.io/ https://api-iam.intercom.io https://widget.intercom.io http://myfrs.com/ https://myfrs.com/ wss://app.livehelpnow.net/ https://app.livehelpnow.net https://*.online-metrix.net/  https://metrics.myfrs.com/ https://api-iam.intercom.io https://widget.intercom.io https://js.intercomcdn.com/ https://kit.fontawesome.com/7e7cfee65e.js https://fonts.googleapis.com/ https://fonts.gstatic.com https://ka-p.fontawesome.com/   https://www.livehelpnow.net https://cdn.livehelpnow.net/ https://cdn.polyfill.io/ https://developer.livehelpnow.net https://translate.google.com/ https://www.gstatic.com/ https://releases.flowplayer.org/ https://www.timevaluecalculators.com/ https://use.fontawesome.com/ https://hewitt.lipperweb.com/ https://ssl.google-analytics.com/ https://sadmin.brightcove.com/ https://secure.brightcove.com/ http://admin.brightcove.com/ https://translate-pa.googleapis.com/ https://translate.googleapis.com/ http://api.microsofttranslator.com/ http://www.microsofttranslator.com/ https://ssl.microsofttranslator.com/ data: http://www.myfrs.com/ https://www.myfrs.com/ https://www.zazachat.zazasoftware.com/ www.google-analytics.com/ http://www.zazachat.com/ http://zazachat.zazasoftware.com/ https://www.google.com/ http://www.google.com/ 1
default-src https: 'unsafe-inline'; frame-ancestors 'none' 1
default-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://ssl.google-analytics.com; connect-src * 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com; img-src * data: blob: 'unsafe-inline'https://www.google-analytics.com https://www.googletagmanager.com; script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com; frame-src *; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://app.pia4you.com http://erika.hotainment.info 1
frame-ancestors 'self'; block-all-mixed-content; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.vibe.co https://*.jotform.com https://*.jotform.io https://*.jotfor.ms https://cdnjs.cloudflare.com/ajax/libs/punycode/1.4.1/punycode.js https://*.clarity.ms https://*.wistia.com https://*.wistia.net https://120481.tctm.co https://ajax.googleapis.com https://*.calendly.com https://bat.bing.com https://connect.facebook.net https://fast.wistia.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://maps.google.com https://maps.googleapis.com https://m.youtube.com https://r.bing.com https://ssl.google-analytics.com https://src.litix.io https://tagmanager.google.com https://use.typekit.net https://www.apex.live https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://apex.live;style-src 'self' 'report-sample' 'unsafe-inline' blob: *.jotfor.ms *.typekit.net *.bing.com ajax.googleapis.com fonts.googleapis.com fast.wistia.com tagmanager.google.com www.googletagmanager.com;object-src embedwistia-a.akamaihd.net https://www.apex.live; child-src 'self' blob: https://*.jotform.com *.facebook.com connect.facebook.net https://anchor.fm https://podcasters.spotify.com/ https://*.wistia.com https://*.wistia.net www.googletagmanager.com www.youtube.com https://www.google.com; base-uri 'self'; form-action 'self' https://*.jotform.com *.facebook.com connect.facebook.net; worker-src 'self' blob:; 1
base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com fonts.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.tealiumiq.com *.youtube.com ajax.googleapis.com ajax.microsoft.com bam.nr-data.net cdnjs.cloudflare.com commonspirit.experiencecloud.adobe.com experience.adobe.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com pc-dignityhealth-visitor-service.tealiumiq.com tags.tiqcdn.com use.typekit.net; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube.com commonspirit.demdex.net docasap.com www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.youtube.com bam.nr-data.net cdn.jotfor.ms data: dpm.demdex.net i.ytimg.com login.commonspirit.org s3.amazonaws.com use.typekit.net www.google.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.google.com bam.nr-data.net dpm.demdex.net fid.agkn.com fonts.googleapis.com identity-api.commonspirit.org identity-func.commonspirit.org login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com readaloud.googleapis.com translate.googleapis.com; default-src 'self' *.dignityhealth.org commonspirit.demdex.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms data: use.typekit.net; 1
default-src 'self' data: *.google-analytics.com analytics.google.com crm.assist.ru *.googletagmanager.com mc.yandex.ru bitrix.info www.google.com/maps; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com analytics.google.com mc.yandex.ru bitrix.info; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' crm.assist.ru; frame-src 'self' www.google.com/maps *.belassist.by; base-uri 'self'; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: data: mc.yandex.ru; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' mc.yandex.ru bitrix.info *.google-analytics.com analytics.google.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com analytics.google.com bitrix.info mc.yandex.ru; 1
block-all-mixed-content; frame-ancestors 'self' https://tome.app; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-MTgyNDUyYzgtY2QxMC00Zjk4LWJhNTEtMzRjMjNjZjAxNmQ4'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
script-src  'self'  'unsafe-inline'  'unsafe-eval'  https://www.googletagmanager.com  https://platform.twitter.com  https://ajax.googleapis.com  https://cc.cdn.civiccomputing.com  https://cdn.ywxi.net  https://bat.bing.com  https://platform.twitter.com  https://www.google-analytics.com  https://www.googleadservices.com  https://cdn.syndication.twimg.com  https://googleads.g.doubleclick.net   https://www.trustedsite.com  https://app.viralsweep.com  https://ww.trustedsite.com  https://webchat.dotdigital.com  https://cdn.rawgit.com/  https://staplesblog.azurewebsites.net https://www.mczbf.com https://connect.facebook.net https://ssl.kaptcha.com/ http://18.134.42.191 https://static.trackedweb.net https://ui.powerreviews.com https://static.powerreviews.com https://mpsnare.iesnare.com https://cdnjs.cloudflare.com https://static.ads-twitter.com https://analytics.twitter.com https://paypage-cdn.adflex.co.uk https://email-staples.co.uk https://snap.licdn.com https://www.clarity.ms https://*.clarity.ms https://c5.adalyser.com https://policy.cookiereports.com https://widget.trustpilot.com https://*.dwin1.com https://*.awin1.com https://*.zenaps.com https://the.sciencebehindecommerce.com https://www.clickcease.com https://analytics.tiktok.com https://*.cookiebot.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.skypack.dev https://vcc-eu8.8x8.com https://lantern.roeyecdn.com https://js.braintreegateway.com https://www.paypal.com https://pay.google.com https://songbird.cardinalcommerce.com https://cdn.debugbear.com 1
frame-ancestors 'self' www.visually.io visually.io loomi.me vsly.local:8000; 1
frame-ancestors 'self' *.excelsior.com.mx *.jediteam.mx *.imagendigital.com 1
default-src 'self'; script-src 'self' https://diariobitcoin.b-cdn.net https://cdn-cookieyes.com https://*.diariobitcoin.care https://chimpstatic.com https://www.googletagmanager.com https://platform.twitter.com https://platform.x.com https://connect.facebook.net https://cdnjs.cloudflare.com https://onesignal.com https://*.onesignal.com https://mc.us13.list-manage.com https://downloads.mailchimp.com https://*.highcharts.com https://*.intotheblock.com https://stats.wp.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://fonts.cdnfonts.com https://*.twitter.com https://*.x.com https://*.googleusercontent.com https://diariobitcoin.b-cdn.net https://secure.gravatar.com https://mcusercontent.com https://ps.w.org https://wpadvancedads.com https://www.bitven.com https://pixel.wp.com https://cdn-cookieyes.com data:; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https://fonts.cdnfonts.com https://onesignal.com https://downloads.mailchimp.com https://*.typekit.net https://*.googleapis.com https://*.diariobitcoin.care; object-src 'none'; font-src 'self' https://fonts.cdnfonts.com https://*.typekit.net https://fonts.gstatic.com data:; frame-src 'self' https://platform.twitter.com https://platform.x.com https://www.facebook.com https://connect.facebook.com; worker-src 'self' blob:; connect-src 'self' https://onesignal.com https://analytics.google.com https://stats.g.doubleclick.net https://*.diariobitcoin.care https://*.intotheblock.com https://log.cookieyes.com https://cdn-cookieyes.com; script-src-elem 'self' https://diariobitcoin.b-cdn.net https://cdn-cookieyes.com https://*.diariobitcoin.care https://chimpstatic.com https://www.googletagmanager.com https://platform.twitter.com https://platform.x.com https://connect.facebook.net https://cdnjs.cloudflare.com https://onesignal.com https://*.onesignal.com https://mc.us13.list-manage.com https://downloads.mailchimp.com https://*.highcharts.com https://*.intotheblock.com https://stats.wp.com 'unsafe-inline' 'unsafe-eval';  1
base-uri 'self'; child-src 'self' gap: *; frame-src 'self' gap: *; connect-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.cookiebot.com; default-src 'self' gap: *.microsoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com fonts.gstatic.com *.hotjar.com *.cookiebot.com; img-src 'self' data: *.pordata.pt *.pordatakids.pt stats.g.doubleclick.net *.google-analytics.com *.microsoft.com *.gstatic.com *.facebook.com *.facebook.net *.google.com *.google.pt *.googleusercontent.com *.googletagmanager.com *.flourish.studio *.hotjar.com *.cookiebot.com blob:; media-src 'self'; object-src 'self' *.pordata.pt *.pordatakids.pt; script-src 'self' *.datatables.net *.pordata.pt *.pordatakids.pt ajax.googleapis.com *.google-analytics.com stats.g.doubleclick.net *.google.com *.cloudflare.com *.facebook.com *.facebook.net *.google.pt *.microsoft.com *.realtimestatistics.net *.googletagmanager.com *.typeform.com *.flourish.studio *.hotjar.com *.cookiebot.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.pordata.pt *.pordatakids.pt *.google.com *.googleapis.com *.typeform.com 'unsafe-inline'; frame-ancestors 'self' gap: *.pordata.pt *.pordatakids.pt; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=Yka3rRf5%2Fd88m1DoS%2FRjVaIPgD4yzRBHK42CQ3Or4w8k7Dc66OUzJdJnQCevZYGVCsZMpxT8bfgGr%2Bu51gbKkQ%3D%3D; 1
frame-ancestors 'self' https://*.evercore.com 1
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com *.jsdelivr.net; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com *.jsdelivr.net; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com *.my.salesforce-scrt.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com *.my.site.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' *.sandbox.my.site.com; 1
default-src 'self'; connect-src 'self' *.google-analytics.com https://cdn.linkedin.oribi.io https://*.hotjar.io https://*.hotjar.com *.analytics.google.com *.googletagmanager.com www.google-analytics.com https://*.addthis.com; frame-src 'self' *.eurolandir.com *.euroland.com www.youtube.com https://www.youtube-nocookie.com https://*.addthis.com www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.googleadservices.com https://www.google.com snap.licdn.com https://*.facebook.net https://*.hotjar.com https://www.youtube.com *.googletagmanager.com use.fontawesome.com www.google-analytics.com https://www.youtube-nocookie.com https://addthisevent.com https://*.addthisevent.com https://*.addevent.com www.gstatic.com www.google.com graph.facebook.com www.linkedin.com https://*.addthis.com https://*.addthisedge.com; font-src 'self' https://fast.fonts.net https://use.fontawesome.com data:; style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fast.fonts.net; img-src 'self' https://googleads.g.doubleclick.net https://www.google.com https://www.facebook.com https://px.ads.linkedin.com https://*.cloudfront.net *.google-analytics.com *.googletagmanager.com https://*.cdninstagram.com *.fbcdn.net external.xx.fbcdn.net http://pbs.twimg.com media.licdn.com i.ytimg.com scontent.xx.fbcdn.net image-store.slidesharecdn.com www.google-analytics.com https://addevent.com https://*.addevent.com data:; 1
font-src fonts.gstatic.com use.typekit.net data: static.klaviyo.com *.klaviyo.com *.gstatic.com *.opayo.eu.elavon.com *.googleapis.com savile-row.co.uk maxcdn.bootstrapcdn.com *.fontawesome.com *.stripe.com *.google.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cardinalcommerce.com *.paypal.com * *.savile-row.whoson.com *.awin1.com *.zenaps.com *.facebook.com *.nosto.com *.nos.to *.opayo.eu.elavon.com *.stripe.com *.google.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.savile-row.whoson.com savile-row.whoson.com *.zenaps.com *.clear-reports.com *.awin1.com *.trust-provider.com *.doubleclick.com *.doubleclick.net *.criteo.net *.criteo.com *.hotjar.com *.trustpilot.com www.facebook.com savile-row.co.uk *.pdmntn.com *.google.com *.nosto.com *.nos.to *.opayo.eu.elavon.com *.stripe.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com p.typekit.net www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.klaviyo.com *.omappapi.com *.cookie-script.com *.instagram.com *.cdninstagram.com services.postcodeanywhere.co.uk *.whoson.com * *.zenaps.com *.catalink.com *.clear-reports.com *.awin1.com *.doubleclick.net pixel.tapad.com pixel-sync.sitescout.com ad.turn.com *.criteo.net *.omnitagjs.com *.smaato.net *.smartclip.net *.taboola.com *.outbrain.com *.criteo.com *.liadm.com *.ivitrack.com/ *.tremorhub.com/ *.yieldmo.com/ *.gstatic.com *.advertising.com *.yahoo.com *.openx.net *.adnxs.com *.mgid.com *.adform.net *.amazon.com *.payments-amazon.com *.adsymptotic.com *.linkedin.com www.facebook.com *.bing.com *.riskified.com savilerowco.com *.savilerowco.com *.nosto.com *.trust-provider.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.ytimg.com *.cloudfront.net savile-row.co.uk maxcdn.bootstrapcdn.com *.dwin1.com *.nos.to *.opayo.eu.elavon.com ebizmarts-website.s3.amazonaws.com *.stripe.com *.google.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com commerce.adobe.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.klaviyo.com *.typekit.net *.omappapi.com google.com widget.manychat.com *.cookie-script.com *.newrelic.com *.nr-data.net services.postcodeanywhere.co.uk savile-row.whoson.com *.whoson.com *.zenaps.com *.catalink.com *.clear-reports.com *.bing.com *.hotjar.com *.pdmntn.com *.doubleclick.com *.doubleclick.net *.dwin1.com *.awin1.com *.trust-provider.com *.trustpilot.com *.nosto.com *.popupdomination.com *.criteo.net *.criteo.com *.licdn.com www.facebook.com *.riskified.com *.google-analytics.com *.gstatic.com *.google.com *.amazon.co.uk *.amazon.com smhttp-ssl-85991.nexcesscdn.net savile-row.co.uk *.paypalobjects.com cm.g.doubleclick.net ib.adnxs.co sync-criteo.ads.yieldmo.com sync.outbrain.com dpm.demdex.net widget.freshworks.com m2epro.freshdesk.com *.nos.to *.opayo.eu.elavon.com lantern.roeyecdn.com *.stripe.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline *.klaviyo.com *.omappapi.com *.typekit.net *.cookie-script.com services.postcodeanywhere.co.uk *.googleapis.com *.whoson.com *.gstatic.com *.trustedshops.com *.usercentrics.eu savile-row.co.uk maxcdn.bootstrapcdn.com widget.freshworks.com m2epro.freshdesk.com *.nosto.com *.nos.to *.opayo.eu.elavon.com *.trustpilot.com *.fontawesome.com *.stripe.com *.google.com https://static.klaviyo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com *.adobe.io performance.typekit.net commerce.adobedtm.com commerce.adobedc.net api.magento.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com pagead2.googlesyndication.com *.klaviyo.com capig.stape.cloud *.omappapi.com gweu.stape.io *.cookie-script.com *.newrelic.com *.nr-data.net *.instagram.com *.belvgdev.com services.postcodeanywhere.co.uk *.hotjar.com savile-row.whoson.com *.savile-row.whoson.com *.catalink.com *.clear-reports.com *.awin1.com *.bing.com *.google-analytics.com *.doubleclick.com *.doubleclick.net *.googleapis.com *.riskified.com *.trustpilot.com *.nosto.com *.payments-amazon.com savile-row.co.uk *.dwin1.com *.google.com cm.g.doubleclick.net ib.adnxs.co sync-criteo.ads.yieldmo.com sync.outbrain.com *.criteo.com widget.freshworks.com m2epro.freshdesk.com *.nos.to *.opayo.eu.elavon.com *.stripe.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src savile-row.co.uk *.newrelic.com *.nr-data.net *.omappapi.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self';frame-src 'self' https://play.mediaflowpro.com/ https://www.youtube.com/ https://e.issuu.com/;form-action 'self';base-uri 'self';default-src 'self';script-src 'self' 'nonce-c4cXm2uFoIcbaMIS5bNqZmxuKo2aGiT9O+TaUEhMivY=' 'strict-dynamic' *.vo.msecnd.net;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com;img-src 'self' https://im16.inviewer.se/ https://assets.mediaflowpro.com/ *.gstatic.com data:;connect-src 'self' 'nonce-c4cXm2uFoIcbaMIS5bNqZmxuKo2aGiT9O+TaUEhMivY=' 'strict-dynamic' *.googleapis.com *.vizzit.se; 1
frame-ancestors 'self' http://localhost:8080 http://*.localhost:8080 https://*.master-dev.d3jehkguztxip4.amplifyapp.com https://master-dev.d3jehkguztxip4.amplifyapp.com https://*.master-staging.d3jehkguztxip4.amplifyapp.com https://master-staging.d3jehkguztxip4.amplifyapp.com https://*.master-production.d3jehkguztxip4.amplifyapp.com https://master-production.d3jehkguztxip4.amplifyapp.com http://*.university-env.eba-mng6mpie.us-west-2.elasticbeanstalk.com http://university-env.eba-mng6mpie.us-west-2.elasticbeanstalk.com https://*.university-env.eba-mng6mpie.us-west-2.elasticbeanstalk.com https://university-env.eba-mng6mpie.us-west-2.elasticbeanstalk.com https://*.university.moon-audio.com https://university.moon-audio.com; 1
frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; 1
worker-src 'self'; default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://design.freelance.de https://insights.freelance.de https://js-eu1.hsforms.net/forms/v2.js https://consentcdn.cookiebot.com/ https://consent.cookiebot.com https://js.stripe.com https://cdn.jsdelivr.net/gh/fancyapps/fancybox@3.5.2/dist/jquery.fancybox.min.js https://cdn.polyfill.io/v3/polyfill.min.js https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.googletagmanager.com https://unpkg.com/esri-leaflet-geocoder@2.2.6 https://unpkg.com/leaflet@1.2.0/dist/leaflet.js https://unpkg.com/esri-leaflet@2.1.1/dist/esri-leaflet.js https://rawgit.com/nguyenning/Leaflet.defaultextent/master/dist/leaflet.defaultextent.js https://unpkg.com/esri-leaflet-renderers@2.0.4/dist/esri-leaflet-renderers-debug.js https://rawgit.com/w8r/esri-leaflet-legend/master/dist/esri-leaflet-legend-compat.js https://tagmanager.google.com https://snap.licdn.com https://cdn.mouseflow.com/projects/0b6a218d-bb1b-445c-a6ab-73da76b248df.js https://app.storyblok.com/f/storyblok-v2-latest.js https://googleads.g.doubleclick.net https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.usemessages.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hsadspixel.net; img-src 'self' data: https://insights.freelance.de https://*.freelance.de/ https://www.google-analytics.com https://www.gstatic.com/images/icons/material/system/1x/keyboard_arrow_up_white_48dp.png https://ssl.gstatic.com/analytics-suite/header/legacy/v1/ic_tag_manager.svg https://www.google-analytics.com/collect https://www.google.com/ads/ https://www.google.de/ads/ https://www.googletagmanager.com https://ssl.gstatic.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/ https://pci.usd.de/compliance/ https://www.sandbox.paypal.com/ https://www.paypal.com/ https://www.paypalobjects.com https://marktanalystonline.de/ https://*.arcgisonline.com https://*.doubleclick.net https://*.ads.linkedin.com https://*.doubleclick.net/r/collect https://*.tile.openstreetmap.org https://img.youtube.com https://a.storyblok.com https://www.kununu.com https://imgsct.cookiebot.com https://www.google.com/pagead/1p-user-list/ https://www.google.de/pagead/1p-user-list/ https://forms-eu1.hsforms.com https://track-eu1.hubspot.com; style-src 'self' 'unsafe-inline' https://design.freelance.de https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/ https://w8r.name/esri-leaflet-legend/example/css/style.css https://rawgit.com/nguyenning/Leaflet.defaultextent/master/dist/leaflet.defaultextent.css https://unpkg.com/leaflet@1.2.0/dist/leaflet.css https://unpkg.com/esri-leaflet-geocoder@2.2.6/dist/esri-leaflet-geocoder.css https://www.googletagmanager.com; font-src 'self' data: https://design.freelance.de https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self'; connect-src 'self' https://design.freelance.de https://insights.freelance.de https://www.google-analytics.com https://www.google.com https://www.google.de/ads/ https://forms-eu1.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://secure.geonames.org https://api.stripe.com https://consentcdn.cookiebot.com https://marktanalystonline.de https://geocode.arcgis.com https://*.doubleclick.net https://cdn.linkedin.oribi.io https://o2.mouseflow.com https://api.storyblok.com https://px.ads.linkedin.com/wa/ https://api-eu1.hubspot.com https://forms-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://api-eu1.hubapi.com https://px.ads.linkedin.com; child-src 'self' https://design.freelance.de https://www.youtube.com https://www.google.com https://insights.freelance.de; frame-src 'self' https://forms-eu1.hsforms.com https://design.freelance.de https://consentcdn.cookiebot.com https://consent.cookiebot.com https://js.stripe.com https://hooks.stripe.com https://www.google.com https://www.google.de https://www.youtube.com https://*.doubleclick.net https://app-eu1.hubspot.com; frame-ancestors 'self' https://app.storyblok.com; media-src 'self' https://a.storyblok.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval' *.actian.com *.wpengine.com; connect-src *; font-src * data:; media-src * 'unsafe-inline'; frame-ancestors *.actian.com; frame-src *; object-src * data: 'unsafe-eval' 1
frame-ancestors 'self';manifest-src 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data:; font-src * data: 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; manifest-src 'self'; 1
frame-ancestors 'self' hxa.stage.cosmicdev.com cms.heterodoxacademy.org 1
frame-ancestors https://devkbs-intranet.kbs.drv https://devkbs-preview-intranet.kbs.drv https://devqs-preview-intranet.kbs.drv https://test-preview-intranet.kbs.drv https://preview-intranet.kbs.drv https://intranet.kbs.drv/ https://devkbs-kn.kbs.drv/ https://devkbs-preview-kn.kbs.drv/ https://devqs-preview-kn.kbs.drv/ https://test-preview-kn.kbs.drv/ https://preview-kn.kbs.drv/ https://preview-knappschaft.kbs.drv/ https://www.knappschaft.de/ ;default-src 'self' ;base-uri 'self';connect-src 'self' https://matomo.kbs.de https://*.usercentrics.eu https://*.jwpcdn.com/ https://kbs-crm.de/ ;font-src 'self' data: https://matomo.kbs.de/ ;frame-src 'self' https://*.usercentrics.eu/ https://www.youtube-nocookie.com/ https://media.kbs.de/ ;manifest-src 'self' ;script-src 'self' 'strict-dynamic' https://matomo.kbs.de 'nonce-PQPSIMR3LLWPRL2N86UM0TNX4' https://*.usercentrics.eu 'nonce-1B6VIKYILVSHQ78QW5O2O4HZH' https://cdnjs.cloudflare.com 'nonce-VABHYK5G27KQI41103TOTEXNY' https://*.jwpcdn.com/ 'sha256-Fj5VY1mKirRKaBNO3rnUPuRY2K+HMNunohrHd7uI92M=' https://kbs-crm.de 'nonce-JS2P1RUC42YA8O3KOMUW6LMTZ' 'nonce-A9LNPJ1B6VIKYILVSHQ78QW5O' 'sha256-qOoAYgxJFioN5WQ+2Fa9UYYu1jVPPawhcCgKvJmV0aU=' 'sha256-o9eR0L3nVUQWeFPSFLbWNe6w60iaDxbx5shT66RrxrE=' 'nonce-o9eR0L3nVUQWeFPSFLbWNe6w60iaDxbx5shT66RrxrE=' 'nonce-2O4HZHPLXM1QX2Z7JTYZ6MJ34' 'nonce-WFVUD0C35N6D9MKZFWQNW7IWO' 'nonce-UB7STFTX3VHOONQ6BG1A9LNPJ' 'nonce-WABHYK5G27KQI41103TOTEXNX' 'nonce-SSJJ28G0DZGS1SRMZXD19DAIU' 'nonce-WGR4IVRK6CDBF405QZY9CE8P0' 'nonce-FOR4IVRK6CDBF405QZY9CE8P1' 'nonce-SRMZXD19DAIUVABHYK5G27KQI' 'nonce-L2N86UM0TNX4SSJJ28G0DZGS1' 'sha256-ps6OBGdM2FUJskuVg0pm206ssj82C/G7IfF4R1o5AyA=' ;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://kbs-crm.de ;img-src 'self' data: https://matomo.kbs.de/ https://*.usercentrics.eu https://www.kbs.de/ https://*.openstreetmap.org https://jwpltx.com/ ; 1
frame-ancestors 'self' http://www.philips.fi *.philips.com *.philips.fi https://philipsigtdpv.com 1
defalut-src &#8217;self&#8217; 1
style-src https://www.pciapply.com https://pciapply.com 'self' 'unsafe-inline';script-src https://www.pciapply.com https://pciapply.com https://vcc-na4.8x8.com https://vcc-na4b.8x8.com https://app.iscanonline.com https://api.twilio.com https://js-agent.newrelic.com https://bam.nr-data.net 'self' 'unsafe-eval' 'unsafe-inline';form-action 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info https://cdn.eye-able.com https://*.quentn-site.com https://quentn.s3-eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info https://cdn.eye-able.com  https://*.quentn-site.com https://quentn.s3-eu-west-1.amazonaws.com; img-src 'self' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info  https://cdn.eye-able.com  https://*.quentn-site.com data: ; font-src 'self' 'unsafe-inline' data: https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info ; connect-src 'self' https://*.kvv-efa.de https://*.kvv.de  https://*.vbk.info https://*.avg.info ; media-src 'self' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info ; object-src 'self' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info; child-src 'self'; frame-src 'self' https://*.smartmobilitymap.de https://whitelabel.vergabe24.de https://homezone.regiomove.de https://tuerchen.app https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info https://www.youtube.com https://www.youtube-nocookie.com https://*.quentn-site.com; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://*.kvv-efa.de https://*.kvv.de https://*.vbk.info https://*.avg.info; base-uri 'self' 1
default-src *.bing.com *.clarity.ms *.incontact.com c.speedtestcustom.com southcentralconnect.speedtestcustom.com *.speedtestcustom.com *.cloudflare.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
default-src 'none'; font-src 'self'; img-src 'self'; script-src 'self'; style-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'none' 1
upgrade-insecure-requests; default-src 'self' ; script-src-elem 'self' 'unsafe-inline' https://web.cvent.com https://js-agent.newrelic.com https://t.sharethis.com https://fast.wistia.net https://fast.wistia.com https://buttons-config.sharethis.com https://platform-api.sharethis.com https://static-assets.ripplingcdn.com https://ws.zoominfo.com https://lltrck.com https://www.clarity.ms https://snap.licdn.com https://unpkg.com https://code.jquery.com https://js.hsforms.net https://www.googletagmanager.com https://global.apexanalytix.com; worker-src 'self' blob: data: https://ws.zoominfo.com https://lltrck.com https://www.clarity.ms https://snap.licdn.com https://unpkg.com https://code.jquery.com https://js.hsforms.net https://www.googletagmanager.com; connect-src 'self' https://bam.nr-data.net https://embed-cloudfront.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://pipedream.wistia.com https://distillery.wistia.com https://fast.wistia.com https://l.sharethis.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://px.ads.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/jquery-3.6.0.min.js https://global.apexanalytix.com https://js.hsforms.net https://lltrck.com https://snap.licdn.com https://unpkg.com https://ws.zoominfo.com https://www.clarity.ms https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' blob: data: https://pipedream.wistia.com https://distillery.wistia.com https://dev-apexanalytix.pantheonsite.io; img-src 'self' 'unsafe-inline' data: https://www.googletagmanager.com https://l.sharethis.com https://embed-ssl.wistia.com https://fast.wistia.com https://platform-cdn.sharethis.com https://fast.wistia.net https://secure.gravatar.com https://forms-na1.hsforms.com https://forms.hsforms.com https://lltrck.com https://px.ads.linkedin.com; font-src 'self' 'unsafe-inline' data: https://fast.wistia.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://insider.spendmatters.com https://web.cvent.com https://w.soundcloud.com https://t.sharethis.com https://www.google.com https://www.youtube.com https://content.googleapis.com https://accounts.google.com https://forms.hsforms.com https://fast.wistia.net https://ats.rippling.com; frame-ancestors 'self'; object-src 'self'; form-action 'self' https://forms.hsforms.com ; 1
default-src * 'self' blob:; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'report-sample' https://*.abtasty.com https://*.tealiumiq.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com try.abtasty.com https://ajax.aspnetcdn.com https://*.evivanlanschot.nl https://tags.tiqcdn.com *.visualwebsiteoptimizer.com app.vwo.com https://*.relay42.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.vimeo.com https://vimeo.com https://unpkg.com https://static.hotjar.com https://connect.facebook.net https://googleads.g.doubleclick.net  http://tdn.r42tag.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com http://a.svtrd.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://consent.cookiebot.com https://www.googleadservices.com https://*.googletagmanager.com https://*.hostedbypoort80.nl; font-src 'self' data: * https://*.hotjar.com; img-src 'self' data: blob: * editor-assets.abtasty.com https://img.youtube.com/ *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://apple-resources.s3.amazonaws.com https://tools.applemediaservices.com https://play.google.com https://*.umbraco.com https://*.umbraco.org http://www.gravatar.com https://*.evivanlanschot.nl http://*.evivanlanschot.nl https://*.vanlanschot.nl http://*.vanlanschot.nl https://www.google.nl https://www.google-analytics.com http://www.googletagmanager.com/ http://evi-nl-www.local.poort80.nl https://*.poort80.nl https://googleads.g.doubleclick.net https://www.google.com/pagead https://i.vimeocdn.com http://*.svtrd.com https://www.google.com https://*.r42tag.com https://cm.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; style-src 'self' 'unsafe-inline' static-src.linkedin.com *.licdn.com try.abtasty.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com http://code.jquery.com; connect-src 'self' https://media-src.linkedin.com/media/ *.googlesyndication.com www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com *.abtasty.com wss://localhost:* tags.tiqcdn.com tags.tiqcdn.cn tags-eu.tiqcdn.com collect-ap-east-1.tealiumiq.com collect-ap-northeast-1.tealiumiq.com collect-ap-northeast-2.tealiumiq.com collect-ap-northeast-3.tealiumiq.com collect-ap-southeast-1.tealiumiq.com collect-ap-southeast-2.tealiumiq.com collect-ap-south-1.tealiumiq.com collect-ca-central-1.tealiumiq.com collect-eu-central-1.tealiumiq.com collect-eu-west-1.tealiumiq.com collect-eu-west-2.tealiumiq.com collect-eu-west-3.tealiumiq.com collect-sa-east-1.tealiumiq.com collect-us-east-1.tealiumiq.com collect-us-east-2.tealiumiq.com collect-us-west-1.tealiumiq.com collect-us-west-2.tealiumiq.com collect.tealiumiq.com visitor-service-ap-northeast-1.tealiumiq.com visitor-service-ap-northeast-2.tealiumiq.com visitor-service-ap-northeast-3.tealiumiq.com visitor-service-ap-southeast-1.tealiumiq.com visitor-service-ap-southeast-2.tealiumiq.com visitor-service-ap-south-1.tealiumiq.com visitor-service-ca-central-1.tealiumiq.com visitor-service-eu-central-1.tealiumiq.com visitor-service-eu-west-1.tealiumiq.com visitor-service-eu-west-2.tealiumiq.com visitor-service-eu-west-3.tealiumiq.com visitor-service-sa-east-1.tealiumiq.com visitor-service-us-east-1.tealiumiq.com visitor-service-us-east-2.tealiumiq.com visitor-service-us-west-1.tealiumiq.com visitor-service-us-west-2.tealiumiq.com visitor-service.tealiumiq.com api.tealiumiq.com *.visualwebsiteoptimizer.com app.vwo.com https://evi-test.hostedbypoort80.nl/* https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.analytics.google.com https://*.umbraco.com https://*.umbraco.org https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha https://stats.g.doubleclick.net https://analytics.google.com https://*.facebook.com https://*.analytics.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-ancestors 'self'; frame-src 'self' https://www.googletagmanager.com/ https://td.doubleclick.net/ https://outlook.office365.com/ https://www.youtube.com/ app.vwo.com *.visualwebsiteoptimizer.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.facebook.com https://player.vimeo.com https://www.google.com/ http://t.svtrd.com https://consentcdn.cookiebot.com http://*.fls.doubleclick.net https://*.hostedbypoort80.nl; worker-src 'self' blob:;object-src 'none';media-src blob: *;child-src blob: lnkd-communities: voyager: *;report-uri https://www.linkedin.com/platform-telemetry/csp?f=l 1
frame-ancestors 'self' https://*.bigbrotherawards.nl 1
default-src 'self'  wss:; connect-src 'self' *.google-analytics.com *.google.com *.googleapis.com *.salemove.com *.hubapi.com *.hubspot.com stats.g.doubleclick.net *.doubleclick.net *.segmint.net *.stackadapt.com *.banno.com *.qualtrics.com *.twilio.com wss://*.twilio.com *.salemove.com wss://*.salemove.com *.atlassian.net *.glia.com wss://*.glia.com ws: wss:; font-src 'self' 'unsafe-inline' data: *.googleapis.com *.gstatic.com *.typekit.net *.salemove.com; frame-ancestors 'self'; frame-src 'self' *.lpsnmedia.net *.youtube.com  *.vimeo.com *.liveperson.net *.google.com *.fliphtml5.com *.segmint.net *.busey.com; img-src 'self' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.stackadapt.com *.hubspot.com *.facebook.com *.segmint.net *.salemove.com *.lpsnmedia.net banno.com *.banno.com *.banno-staging.com *.cms.banno-staging.com *.hsforms.com *.cloudfront.net *.hs-embed-reporting.com *.qualtrics.com *.glia.com data: blob: *.banno.com banno.com; media-src 'self' *.lpsnmedia.net banno.com *.salemove.com *.banno.com *.banno-staging.com *.cms.banno-staging.com *.glia.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.google.com banno.com *.banno.com *.banno-staging.com *.salemove.com *.splash-screen.net  siteimproveanalytics.com *.hs-scripts.com *.hs-banner.com *.liveperson.net *.hsleadflows.net *.hsadspixel.net *.hs-analytics.net *.lpsnmedia.net *.facebook.net *.segmint.net *.stackadapt.com tags.srv.stackadapt.com *.gstatic.com *.qualtrics.com *.glia.com *.hubspot.com *.banno.com banno.com; style-src 'self' 'unsafe-inline'  *.googleapis.com *.typekit.net *.stackadapt.com *.segmint.net *.salemove.com *.glia.com 1
default-src 'self'; img-src 'self' data:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src gstatic.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; script-src qmod.quotemedia.com app.quotemedia.com google.com www.google.com www.google-analytics.com gstatic.com www.gstatic.com website-search.ent.us-east-1.aws.found.io connect.facebook.net browser-update.org www.googletagmanager.com snap.licdn.com js.adsrvr.org match.adsrvr.org googleads.g.doubleclick.net px.ads.linkedin.com www.facebook.com  ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; connect-src qmod.quotemedia.com app.quotemedia.com google.com www.google.com www.google-analytics.com gstatic.com www.gstatic.com website-search.ent.us-east-1.aws.found.io connect.facebook.net browser-update.org www.googletagmanager.com snap.licdn.com js.adsrvr.org match.adsrvr.org googleads.g.doubleclick.net px.ads.linkedin.com www.facebook.com  ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com gstatic.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com fonts.gstatic.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; img-src api.mapbox.com data: prnewswire.com prnewswire2-a.akamaihd.net globenewswire.com businesswire.com www.google.com www.google.com.pe www.googletagmanager.com px4.ads.linkedin.com px.ads.linkedin.com www.linkedin.com www.facebook.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; frame-src google.com www.google.com youtube.com youtube-nocookie.com vimeo.com insight.adsrvr.org match.adsrvr.org td.doubleclick.net content.equisolve.net www.googletagmanager.com content.equisolve-dev.com  ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; object-src gstatic.com ir.stockpr.com www.clevelandcliffs.com d1io3yog0oux5.cloudfront.net; 1
frame-ancestors 'self' gather.town http://*.meinephbern.ch https://nik.staffbase.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.gather.town *.google-analytics.com *.doubleclick.net *.google.com *.google.ch *.landbot.io *.firebaseio.com *.facebook.com *.googleapis.com *.newsroom.co wss://s-usc1c-nss-278.firebaseio.com *.hotjar.com wss://*.hotjar.com *.linkedin.com *.hotjar.io *.tiktok.com *.snapchat.com; report-uri /report-csp-violation 1
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; style-src  'self' 'unsafe-inline' *; font-src * 'self' data: 1
base-uri 'self' https://fonts.googleapis.com/ https://www.googletagmanager.com/; default-src 'self' s.w.org; object-src 'none'; script-src https://*.lukasiewicz.gov.pl  'nonce-OGFiMzM3NTQ2NQ==' 'nonce-ZGUzYjQwNzUwMA==' 'nonce-M2E1MTAwNGU3ZA==' 'nonce-ODViNTgyZDJlNg==' 'nonce-Zjk0ODQ1MGM0Nw==' 'nonce-MGI1OTBjNTMyYg==' 'nonce-NTI2NWJmZmIzNQ==' 'nonce-NzU4MDM3MWFjNg==' 'nonce-N2YwYjM5NzgwYg==' 'nonce-NDNiMTk1MzYwYQ==' 'nonce-ODBmZDBkYTY5OQ==' 'nonce-OGQ0MjQ1ZDJhYg==' 'nonce-ZTM2NGNhN2Q5OA==' 'nonce-MGJhZGFmN2ZkYw==' 'nonce-ZTYwYWFmNTVhNQ==' 'nonce-NWFlNGRkZDlkZQ==' 'nonce-YTliNWNmMjAzOA==' 'nonce-OWE1ODNiZTA1OA==' 'nonce-MzhmMWU4ZTIxNg==' 'nonce-ZTJhNmEyMjg5Mw==' 'nonce-ZGY3NjgyNjhmNg==' 'nonce-YTEyZDg3NDIzYQ==' 'nonce-OTU0YWEzNGRmMA==' 'nonce-YTIzNWRiZTUzZA==' 'nonce-NzkwNjUyZTZlMA==' 'nonce-NjVmZTE0MTAxZQ==' 'nonce-NWVhZDlkM2MxNA==' 'nonce-ZTZmN2FiMTg1MQ==' 'nonce-OGU4MzNhZTU0Yg==' 'nonce-NTRiYjdiZDM4Ng==' 'nonce-YmQ5MWQ5N2U4Ng==' 'nonce-YzAzYzk4YzIzNA==' 'nonce-YjFlMGE4NjliZA==' 'nonce-Y2Q2OWQ5NDdmMQ==' 'nonce-YjA1MjRkNmQ4Mg==' 'nonce-MjdiN2Q0YTk2Nw==' 'nonce-OWRjYzQ2ZDIyNA==' 'nonce-MWVkNDNhMTM2Nw==' 'nonce-ODYwYTg2ZTQ5Zg==' 'nonce-MzMzZmNhNzljYw==' 'nonce-ODZkY2NmMmE0Yg==' 'nonce-ODE4NjVlNjMzYQ==' 'nonce-ZjQ5ZmIwMjdlOA==' 'nonce-NWJhMGZmNjE0OQ==' 'nonce-Yjg0MWI5Y2I0Mg==' 'nonce-YmQ3ZGEwNGY2NQ==' 'nonce-ZGE5YWQ1MWNiOA==' 'nonce-NDc0OTViODllOQ==' 'nonce-YzgwYmNlM2MxYg==' 'nonce-OGJkMjA5MzM2Mg==' 'nonce-YzZiZGMwM2Q2OA==' 'nonce-Mjk2MzcwYWFkMA==' 'nonce-OWJkYjBkMDAyNA==' 'nonce-YzQ4NjUzNWJmMA==' 'nonce-YjIzNjg2YjIzYQ==' 'nonce-ZjExMzcyZjExYw==' 'nonce-ODIxYTliZDMzZQ==' 'nonce-ZjcyMjY2NjJiMg==' 'nonce-NDQyZWQ4MmE2Zg==' 'nonce-NGQyN2EyZWFkZQ==' 'nonce-ZjdjMDE3NmYxNg==' 'nonce-MTJkZDgzZTRmNg==' 'nonce-N2U2MGVkOWViMQ==' 'nonce-NTgxZjUyYTMzNA==' 'nonce-YTJmOGE5NmFjZQ==' 'nonce-YWQ2NzE4MDI2Yg==' 'nonce-MjEyZTFkYTYxOQ==' 'nonce-ZTFiMTZhYzRhYg==' 'nonce-MDI4MTgxZDc3Yw==' 'nonce-NTJjNjg1NDcwZQ==' 'nonce-YTZkNDdmMmVmMA==' 'nonce-ZmIyZjVlMjk1NA==' 'nonce-Y2Q5N2ViNTNhNw==' 'nonce-YjA4OGUyNGExMw==' 'nonce-ZTA5ZmU4MmQ2MA==' 'nonce-ZTBiYzRjMDU1ZA==' 'nonce-NWUxZDc0MTQzMw==' 'nonce-OGU3ODEzOGIxYw==' 'nonce-NGQ1YjdkMjc1NQ==' 'nonce-NWI5NWEyNzVjNg==' 'nonce-NTE3MjA0ZGFkMA==' 'nonce-M2QwNTRjZWQzNA==' 'nonce-MTA4ZTA3M2I1Ng==' 'nonce-MzYyYjA0NmYwYg==' 'nonce-M2UxOGMzZDA5Nw==' 'nonce-Yjc4ZDliZTQxYg==' 'nonce-MGIzNTM5NTlmMg==' 'nonce-YTI1OTk4NmU1ZQ==' 'nonce-YTllOWZlZTg2YQ==' 'nonce-YjU1YTNmMDg3MA==' 'nonce-ZjkwMTJiY2Y2Mw==' 'nonce-ZmIwODhlN2M0Ng==' 'nonce-NWI1Nzc5M2Y0OA==' 'nonce-NjlkYjk1Mjk4NA==' 'nonce-NDEyMmE1YWJjMA==' 'nonce-NjNjYzQwZDhiOA==' 'nonce-YjFhMzkzN2M5ZQ==' 'nonce-MmRmMTFlMjUzOQ==' 'nonce-YzRkNTY3ZmY1Mw==' 'nonce-YWI5ZmI2OGRiYw==' 'nonce-Y2VmY2U0NTRlOA==' 'nonce-Zjg5NDBiMWM5MQ==' 'nonce-NjQyYzZjMzZhYw==' 'nonce-Y2M2Nzg4OGIxMw==' 'nonce-NmNmOWU3ZGIzOA==' 'nonce-MWRhODMyNWJmMw==' 'nonce-N2NmMmViOGI4ZA==' 'nonce-OTNlY2UwMGVkNQ==' 'nonce-NTZjYTA4Y2Y5OQ==' 'nonce-YjljNGY0NTkxYw==' 'nonce-ZmRmNjdiODEzZQ==' 'unsafe-hashes' 'sha256-Aajrk2aqPW2es8Zhh7RGO98KAFtogitkC5mSBKgzFd0=' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: data:; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' https://i.ytimg.com https://wp-cl.mobilems.pl https://*.google-analytics.com https://*.analytics.google.com https://ps.w.org https://s.w.org  https://secure.gravatar.com data:; connect-src 'self' https://www.youtube.com https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net; child-src 'self' https://www.youtube-nocookie.com https://open.spotify.com https://embed.podcasts.apple.com https://www.youtube.com https://www.google.com https://platform.twitter.com https://maps.google.com https://innovatorium2023.systemcoffee.pl; form-action 'self'; media-src 'self'; manifest-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.google.com https://innovatorium2023.systemcoffee.pl; 1
block-all-mixed-content; object-src 'none'; default-src 'self'; base-uri 'self'; font-src 'self' data:; img-src 'self' data: https:; connect-src 'self' https:; frame-src 'self' https:; script-src-elem 'self' https:; script-src 'self' https:; style-src 'self' https: 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem: gmpg.org www.youtube.com www.googletagmanager.com 1
default-src 'self'; frame-src 'self'; object-src 'self'; script-src 'self' https://statistiek.rijksoverheid.nl; style-src 'self';frame-ancestors 'self'; child-src 'self'; upgrade-insecure-requests; base-uri 'self'; media-src 'self' data: 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' 1
default-src 'self' data: *.iisertvm.ac.in *.google.com *.googleapis.com *.gstatic.com *.youtube.com; img-src * *.iisertvm.ac.in; script-src 'self' 'unsafe-inline' translate.google.com *.googleapis.com *.google.com *.youtube.com *.iisertvm.ac.in; style-src 'self' 'unsafe-inline' *.gstatic.com *.googleapis.com *.iisertvm.ac.in; 1
frame-src https://www.youtube.com/ https://*.partners.gupshup.io https://ssl-proxy.quickwork.co https://api.gupshup.io https://console.gupshup.io https://www.gupshup.io;frame-ancestors self https://console.gupshup.io https://www.gupshup.io https://api.gupshup.io https://ssl-proxy.quickwork.co https://*.partners.gupshup.io https://www.youtube.com/ 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
default-src 'self';script-src 'self' blob: www.googletagmanager.com www.google-analytics.com www.google.com *.youtube.com www.gstatic.com *.wistia.com *.egbc.ca libs.na.bambora.com 'unsafe-inline';style-src 'self' *.egbc.ca 'unsafe-inline';connect-src 'self' embedwistia-a.akamaihd.net *.litix.io *.wistia.com *.google-analytics.com *.egbc.ca;font-src 'self' data: *.wistia.com fonts.gstatic.com *.egbc.ca;img-src 'self' data: blob: *.wistia.com www.google-analytics.com www.googletagmanager.com *.egbc.ca;media-src 'self' blob: *.wistia.com;object-src 'none';frame-ancestors localhost:44339 *.egbc.ca;frame-src 'self' *.egbc.ca *.wistia.com *.google.com *.youtube.com libs.na.bambora.com;report-uri https://egbc.report-uri.com/r/d/csp/enforce 1
upgrade-insecure-requests; default-src 'self' https://www.google-analytics.com; script-src 'unsafe-eval' 'self' https://www.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://*.hotjar.com 'unsafe-inline' https://connect.facebook.net https://hcaptcha.com https://*.hcaptcha.com https://player.vimeo.com https://www.googleadservices.com https://analytics.tiktok.com static.cloudflareinsights.com https://cdnjs.cloudflare.com https://bice.modyocdn.com https://www.youtube.com/ https://snap.licdn.com/; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com/ https://www.google-analytics.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://fonts.googleapis.com/ https://*.hotjar.com http://cdn.materialdesignicons.com https://hcaptcha.com https://*.hcaptcha.com;img-src 'unsafe-inline' 'self' https://www.google-analytics.com https://ssl.gstatic.com/ https://*.hotjar.com https://cloud.modyocdn.com https://bice.modyocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.cl https://googleads.g.doubleclick.net https://www.google.com https://google.com data: https://www.facebook.com https://px.ads.linkedin.com/;font-src 'self' 'unsafe-inline' https://pro.fontawesome.com/ https://fonts.gstatic.com/ https://*.hotjar.com https://cloud.modyocdn.com http://cdn.materialdesignicons.com data:;connect-src https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://hcaptcha.com https://*.hcaptcha.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://federation-bsp.dev.bicevida.cl https://federation-bsp.bicevida.cl https://www.bicevida.cl https://*.g.doubleclick.net https://*.google.com https://*.google.cl https://banco.bice.cl https://analytics.tiktok.com cloudflareinsights.com https://px.ads.linkedin.com/;frame-src https://hcaptcha.com https://*.hcaptcha.com https://player.vimeo.com https://aplicaciones.bicevida.cl https://cloud.bicevida.cl https://www.youtube.com/; 1
frame-ancestors 'self' *.mobility.ch 1
default-src 'self' *.adobeaemcloud.com/ *.youtube.com/ https://app.chargebee.com/ *.googlesyndication.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/  *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.my.site.com/ *.comdirect.de/ *.force.com/ *.salesforce-sites.com/ https://vimeo.com/ *.blueconic.net/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; style-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.my.salesforce-sites.com *.tiktok.com *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.youtube.com youtube.com https://app.chargebee.com/  *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ *.focusgames.co.uk/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.pinimg.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.force.com/ *.salesforce-sites.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ https://start.video-stream-hosting.de/ *.nutriciaflocare.com/ *.b-cdn.net/ *.amazonaws.com/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline'; script-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ https://js-agent.newrelic.com/ *.my.salesforce-sites.com *.licdn.com *.usercentrics.eu *.tiktok.com *.monitor.azure.com/ https://s7g10.scene7.com/ *.teads.tv/ *.youtube.com/ *.channelsight.com/ *.typekit.net/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.salesforceliveagent.com/ *.force.com/ *.salesforce.com/ *.squarelovin.com/ https://squarelovin.com/ https://app.chargebee.com/ *.paypal.com/ *.nxtck.com/ *.googlesyndication.com/ *.adyen.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.hotjar.com/ *.focusgames.co.uk/ *.outbrain.com/ *.google.com/ *.google.com.ph/ *.google.co.in/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.aptaclub.at/ *.milupa.at/ *.aptaclub.ch/ *.milupa.ch/ *.aptaclub.com.vn/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ *.widgets.trustedshops.com/ www.youtube.com *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.force.com/ *.salesforce-sites.com/ *.linkedin.oribi.io/ *.adnxs.com/ *.vivenio.de/ *.doubleclick.net/ *.amazon-adsystem.com/ *.google.ie/ *.google.co.in/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.usercentrics.eu https://www.aptaclub.de/ *.aptaclub.de/ https://www.aptaclub.at/ *.aptaclub.at/ https://www.aptaclub.ch/ *.aptaclub.ch/ https://www.nutricia.de/ *.nutricia.de/ https://www.danonino.ch/ *.danonino.ch/ https://www.fruchtzwerge.at/ *.fruchtzwerge.at/ https://www.fruchtzwerge.de/ *.fruchtzwerge.de/ https://www.milupa.at/ *.milupa.at/ https://www.milupa.de/ *.milupa.de/ https://s7g10.scene7.com/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.force.com/ *.salesforce.com/ *.visualforce.com/ *.digital4danone.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.assetsadobe.com/ *.adyen.com/ *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.de/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.focusgames.co.uk/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.pinterest.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ *.adotmob.com/ *.goldenbees.fr  *.taboola.com/ *.mediavine.com/ *.ivitrack.com/ *.tremorhub.com/ *.spx.smartclip.com/ *.liadm.com/ *.smaato.net/ *.ads.yieldmo.com/ *.bing.com/ *.advertising.com/ *.criteo.com/ *.3lift.com/ *.smartadserver.com/ *.360yield.com/ *.pubmatic.com/ *.casalemedia.com/ *.yahoo.com/ *.teads.tv/ *.adform.net/ *.adscale.de/ *.media.net/ *.yieldlab.net/ *.bidswitch.net/ *.sharethrough.com/ *.twiago.com/ *.stickyadstv.com/ *.omnitagjs.com/ *.ad.smaato.net/ *.sxp.smartclip.net/ *.rubiconproject.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.blueconic.net/ *.force.com/ *.salesforce-sites.com/ https://sgtm.nutricia.de/ *.google.com/ *.amazon-adsystem.com/ *.google.fr/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.id5-sync.com/ *.trustedshop.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; frame-src 'self' *.office.com/ https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.my.salesforce-sites.com *.akamaized.net *.teads.tv/ *.nutricia.de *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ *.force.com/ *.salesforce.com/ *.paypal.com  *.adyen.com/ https://app.chargebee.com/ *.squarelovin.com/ https://squarelovin.com/ *.googlesyndication.com/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/  *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.hotjar.com/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ *.trustcommander.net/ *.amazon-adsystem.com/ *.flockler.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.blueconic.net/ *.my.site.com/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.trustcommander.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ *.comdirect.de/ https://vimeo.com/ *.tagcommander.com/ *.force.com/ *.salesforce-sites.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; connect-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.s3.eu-west-1.amazonaws.com/ https://bam.eu01.nr-data.net/ *.my.salesforce-sites.com *.usercentrics.eu *.teads.tv/ https://s7g10.scene7.com/ https://dc.services.visualstudio.com/ https://sgtm.fruchtzwerge.de/ https://sgtm.aptaclub.de/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/  *.force.com/ *.salesforce.com/ *.google-analytics.com/ https://app.chargebee.com/ *.analytics.google.com/ *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.googlesyndication.com/ *.adyen.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.danone-dtc.net/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/ *.commercetools.com/ *.google-analytics.com *.facebook.com/ *.omtrdc.net/ *.hotjar.com/ *.pinterest.com/ *.trustcommander.net/ *.commander1.com/ *.sharethis.com/ *.doubleclick.net/ *.blueconic.net/ *.aptaclub.at/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.milupa.de/ *.milupa.at/ *.fruchtzwerge.de/ *.fruchtzwerge.at/ *.danonino.ch/ *.aptaclub.ch/ *.my.site.com/ *.trustcommander.net/ *.comdirect.de/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ *.linkedin.oribi.io/ *.force.com/ *.salesforce-sites.com/ *.google-analytics.com/ *.amazon-adsystem.com/ https://sgtm.nutricia.de/ *.digital4danone.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/; font-src 'self' https://danone.github.io/aem.edp-dach-fruchtzwerge/ *.danone-dtc.net *.typekit.net/ *.scene7.com/ *.adobeaemcloud.com/ https://cdn.jsdelivr.net/ data: *.salesforce.com/ *.adyen.com/ *.squarelovin.com/ https://app.chargebee.com/  https://squarelovin.com/ *.googlesyndication.com/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ https://vjs.zencdn.net/; media-src 'self' *.lpsnmedia.net/ *.squarelovin.com/ https://squarelovin.com/ *.comdirect.de/ https://bittesehr.net/ *.bittesehr.net/ *.trustedshops.com/ *.fruchtzwerge.de/ *.outbrain.com/ *.focusgames.com/ *.focusgames.co.uk/ *.my.site.com/ *.trustcommander.net/ *.blueconic.net/ *.hotelagentur-dettling.de/ *.vivenio.de/ http://hotelagentur-dettling.de/ https://vimeo.com/ https://app.chargebee.com/ *.force.com/ *.salesforce-sites.com/ *.amazon-adsystem.com/ *.googlesyndication.com/ *.google-analytics.com/ *.analytics.google.com/ *.googlesyndication.com/ *.adnxs.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.google.com.ph/ *.google.com/ *.gstatic.com/ *.googleapis.com/ *.googletagmanager.com/ *.trustcommander.net/ *.commander1.com/ *.tagcommander.com/ *.google.de/ *.zoikal.co.uk/ https://zoikal.co.uk/ *.userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ *.start.video-stream-hosting.de/ *.nutriciaflocare.com/ https://start.video-stream-hosting.de/ *.amazonaws.com/ *.b-cdn.net/ *.userlike.com/ *.criteo.net/ *.criteo.com/ *.google.es/ *.bing.com/ *.krxd.net/ *.emxdgt.com/ *.postrelease.com/ *.id5-sync.com/ *.yahoo.net/ https://www.jedeflaschegewinnt.de/ media-src 'self' *.digital4danone.com/ 1
upgrade-insecure-requests; frame-ancestors 'self'; form-action 'self'; 1
frame-ancestors 'self' https://*.cert-in.org.in 1
base-uri 'self';child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com https://jsapi.login.yahoo.com https://www.yahoo.com https://guce.yahoo.com/ https://ups.analytics.yahoo.com https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://gpt.mail.yahoo.net/sandbox https://guce.oath.com/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://pfs.yahoo.com;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com https://www.yahoo.com;media-src https://*.ah.yahoo.com https://s.yimg.com;object-src 'none';report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://e2e.fc.yahoo.com https://pr.comet.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://opus.analytics.yahoo.com/tag/opus.js https://consent.cmp.oath.com/cmp.js https://search.yahoo.com https://*.search.yahoo.com 'nonce-TB8W98+5IHbkmZElA60zdtUzQ05IrQ/CNweXkJLFMHSxdX2A' ;style-src * 'unsafe-inline' 1
default-src 'unsafe-inline' 'unsafe-eval' blob: data: *.gegridsolutions.com think-grid.org http://*.think-grid.org *.think-grid.org www.gedigitalenergy.com https://appdash.gedigitalenergy.com *.bootstrapcdn.com *.googletagmanager.com *.googlesyndication.com *.addthis.com snap.licdn.com *.linkedin.com *.jabmo.app api.ipify.org secure.adnxs.com *.cloudfront.net *.evidon.com *.6sc.co *.sharethis.com platform.twitter.com *.google-analytics.com *.analytics.google.com analytics.google.com *.marketo.net *.marketo.com *.adobedtm.com cm.everesttech.net *.demdex.net c.sharethis.mgr.consensu.org *.mktoutil.com *.mktoresp.com gepowerandwater.tt.omtrdc.net gepowerandwater.d2.sc.omtrdc.net z.moatads.com v1.addthisedge.com www.googleadservices.com *.doubleclick.net www.google.com connect.facebook.net www.facebook.com p.adsymptotic.com citia.com *.youtube.com addsearch.com *.addsearch.com *.searchcdn.com www.mygegrid.com *.cloudflare.com *.cdntwrk.com *.uberflip.com *.zencdn.net *.jsdelivr.net *.jquery.com dqm.crownpeak.com *.googleapis.com *.crownpeak.net *.gstatic.com http://*.cloudfront.net https://*.cloudfront.net export.highcharts.com *.webflow.com https://www.youtube.com dfjwbjdffd4z4.cloudfront.net https://ssl.p.jwpcdn.com player.vimeo.com *.vimeocdn.com https://cdn.linkedin.oribi.io https://siteimproveanalytics.com *.siteimproveanalytics.io https://*.hotjar.com wss://*.hotjar.com https://*.bing.com https://*.hotjar.io https://*.clarity.ms *.addtoany.com https://*.elfsight.com https://*.elfsightcdn.com https://*.gevernova.com; frame-ancestors 'self' https://www.gegridsolutions.com https://resources.gegridsolutions.com resources.grid.gevernova.com http://resources.grid.gevernova.com https://appdash.gedigitalenergy.com https://*.gevernova.com; object-src 'self'; form-action 'self' https://www.gegridsolutions.com https://*.gevernova.com https://resources.gegridsolutions.com resources.grid.gevernova.com http://resources.grid.gevernova.com export.highcharts.com http://export.highcharts.com https://dqm.crownpeak.com; report-to 'none' 1
script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://matomo.liberties.eu https://use.typekit.net https://polyfill.io https://js.stripe.com https://www.recaptcha.net https://www.gstatic.com https://d1072trjkrt9qn.cloudfront.net 1
base-uri 'none'; object-src 'none'; script-src 'nonce-brBLOMaoBYyPjSWC' https://www.google.com 'self' https://www.googletagmanager.com https://fundingchoicesmessages.google.com https://pagead2.googlesyndication.com https://partner.googleadservices.com https://adservice.google.com https://tpc.googlesyndication.com;worker-src blob: 'self';img-src data: blob: 'self' https://fundingchoicesmessages.google.com https://www.gstatic.com  https://pagead2.googlesyndication.com 1
default-src 'self'  https://www.bmwperformancecenter.com https://bmwperformancecenter.com; media-src https://bmwpc.s3.wasabisys.com/ https://scontent.cdninstagram.com ;frame-ancestors 'none';connect-src https://www.bmwperformancecenter.com/ https://www.googleapis.com  https://stats.g.doubleclick.net  https://connect.facebook.net https://d.adroll.com  https://www.google-analytics.com  https://bmwperformancecenter.com/ https://graph.facebook.com https://cdn.cookielaw.org/; frame-src * https://td.doubleclick.net 'unsafe-inline'; style-src * 'unsafe-inline';font-src * https://www.bmwperformancecenter.com/ https://bmwperformancecenter.com/ https://fonts.gstatic.com/ data: ; img-src * https://www.bmwperformancecenter.com/ https://bmwperformancecenter.com/ data: ; script-src-elem 'self' https://cdn.cookielaw.org/ https://www.bmwperformancecenter.com/  https://bmwperformancecenter.com/ https://www.google-analytics.com https://s.adroll.com https://d.adroll.com https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net 'unsafe-inline' 1
default-src www.nac.gov.pl ajax.googleapis.com fonts.googleapis.com *.gstatic.com www.facebook.com 'self'; script-src www.nac.gov.pl 'self' 'unsafe-inline'; style-src www.nac.gov.pl ajax.googleapis.com fonts.googleapis.com 'self' 'unsafe-inline'; img-src www.nac.gov.pl 'self'  www.szukajwarchiwach.gov.pl: default-src fonts.gstatic.com www.google-analytics.com matomo.archiwa.gov.pl stats.g.doubleclick.net www.facebook.com 'self'; script-src ajax.googleapis.com www.google-analytics.com connect.facebook.net matomo.archiwa.gov.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src ajax.googleapis.com fonts.googleapis.com 'self' 'unsafe-inline'; img-src data: photos.szukajwarchiwach.gov.pl www.facebook.com www.google.com www.google.pl http://lublin.ap.gov.pl https://i0.wp.com 'self' 1
default-src *;img-src * 'self' data: https: https://cdn.sekerbank.com.tr; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' * 1
default-src 'self'  https://*.lapetite.com *.agkn.com *.datasteam.io *.dca0.com dca0.com https://*.addevent.com https://*.adroll.com https://*.bing.com https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.com https://*.foresee.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.hotjar.io https://*.hubspot.com https://*.jquery.com https://*.learningcaregroup.com https://*.mpeasylink.com https://*.youtube.com https://*.google-analytics.com wss://*.hotjar.com https://api.segment.io *.hiconversion.net *.hiconversion.com https://*.demdex.net https://*.clarity.ms *.obviyo.net https://cdn.segment.com/ https://*.basis.net https://*.sitescout.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.lapetite.com https://media.winnie.com https://cdn.segment.com *.dca0.com dca0.com https://*.adroll.com https://*.agkn.com https://*.bing.com https://*.cloudfront.net https://*.cluep.com https://*.convertlanguage.com https://*.datasteam.io https://*.dialogtech.com https://*.everestjs.net https://*.facebook.net https://*.foresee.com https://*.google.com https://*.googleadservices.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.hiconversion.com https://*.hotjar.com https://*.mpeasylink.com https://*.simpli.fi https://*.youtube.com https://addevent.com https://d.adroll.mgr.consensu.org https://googleads.g.doubleclick.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-scripts.com https://s.ytimg.com https://www.googletagmanager.com https://api.segment.io *.hiconversion.net *.hiconversion.com https://*.clarity.ms https://*.invocacdn.com https://*.invoca.net https://*.zoominfo.com https://*.basis.net https://*.sitescout.com ;style-src 'self' 'unsafe-inline' https://*.lapetite.com https://*.foresee.com https://*.googleapis.com https://*.jquery.com https://*.mpeasylink.com https://es.childtime.com *.hiconversion.net *.hiconversion.com *.obviyo.net ;img-src 'self'  http://* https://* data: *.hiconversion.net *.hiconversion.com ; 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; object-src 'none'; form-action 'self'; frame-src 'self' 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline' exe.in.th *.exe.in.th; frame-src 'self' exe.in.th *.exe.in.th https://www.google.com; img-src *; script-src 'self' 'unsafe-inline' https://cdn.exe.in.th https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://analytics.tiktok.com https://d.line-scdn.net; connect-src 'self' https://www.google-analytics.com https://analytics.google.com; report-to https://security.exe.in.th/csp 1
frame-ancestors 'self' https://reader.bookfusion.com 1
script-src 'self' 'unsafe-inline' https://collabstr.involve.me *.wisepops.com https://wisepops.net/loader.js https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.js https://accounts.google.com/gsi/client sdk.amazonaws.com cdnjs.cloudflare.com *.stripe.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.google.com https://www.instagram.com/ https://platform.twitter.com/ https://www.tiktok.com/ *.tiktokcdn.com *.ibytedtos.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com connect.facebook.net *.bing.com *.clarity.ms https://cdn.tiny.cloud https://www.google.com/recaptcha/api.js www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.css https://accounts.google.com/gsi/style cdnjs.cloudflare.com fonts.googleapis.com *.tiktokcdn.com https://cdn.tiny.cloud ajax.googleapis.com; connect-src 'self' https://pagead2.googlesyndication.com/ https://wisepops.net *.wisepops.net *.wisepops.com https://accounts.google.com/gsi/ https://analytics.google.com ws: wss: *.google-analytics.com *.g.doubleclick.net collabstr.s3.amazonaws.com cognito-identity.us-west-1.amazonaws.com collabstr.s3-us-west-1.amazonaws.com *.stripe.com *.ibytedtos.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io *.clarity.ms *.bing.com https://google.com https://www.google.com/recaptcha/api.js www.gstatic.com https://www.facebook.com; img-src 'self' blob: data: *; media-src 'self' d5ik1gor6xydq.cloudfront.net blob: data: *; frame-ancestors 'self' https://*.koji-apps.com https://withkoji.com https://app.involve.me; font-src 'self' blob: data: * cdnjs.cloudflare.com fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com; default-src 'self'; frame-src 'self' https://collabstr.involve.me https://td.doubleclick.net/ https://accounts.google.com/gsi/ *.stripe.com bid.g.doubleclick.net https://www.youtube.com/ http://collabstr.com/ https://collabstr.com/ http://limbani.xyz/ https://limbani.xyz/ https://www.instagram.com/ https://platform.twitter.com/ https://www.tiktok.com https://vars.hotjar.com https://www.facebook.com/ https://www.google.com www.gstatic.com 1
frame-ancestors https://*.goforward.com 1
frame-ancestors 'self' http://www.philips.cz *.philips.com *.philips.cz https://philipsigtdpv.com 1
frame-ancestors 'self' https://www.bayard-jeunesse.com https://app.bayam.tv https://preprod.sso.bayard-jeunesse.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://zeroes.ca; img-src 'self' https: data: blob: https://zeroes.ca; style-src 'self' https://zeroes.ca 'nonce-w+ogcilUIL+VnHmAA6B2hw=='; media-src 'self' https: data: https://zeroes.ca; frame-src 'self' https:; manifest-src 'self' https://zeroes.ca; form-action 'self'; child-src 'self' blob: https://zeroes.ca; worker-src 'self' blob: https://zeroes.ca; connect-src 'self' data: blob: https://zeroes.ca https://media.zeroes.ca wss://zeroes.ca; script-src 'self' https://zeroes.ca 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.kameleoon.com *.kameleoon.eu *.providence.org pccdev.crm.dynamics.com patientfacingcontactcenteruat.crm.dynamics.com ; 1
style-src 'self' 'unsafe-inline' https://onzoomfront3.zoom.us https://www.youtube.com fonts.googleapis.com source.zoom.us source.zoom.us *.zoom.us ; script-src 'self' blob: 'report-sample' 'nonce-_spgTNZARZykCfQSguqxPw' 'sha256-ZvIVXR/X/GICftXQTjYtm9U1DZAYplXroSmFyTO2IaQ=' 'sha256-fXNufKxGoaQL7P7kMoKfRvZEwttJ+TBeztY9Y+CiraE=' 'sha256-dOnS4NZ7q/I5e8vj3GrApcGP/2COoRpp6/TA7UiT+Lk=' 'sha256-Djj0LfiqMY/UlApZ3C98zn0jP578lN95FTnB9Im5iio=' https://onzoomfront3.zoom.us source.zoom.us zoom.us https://*.pledge.to https://www.google-analytics.com https://www.youtube.com https://static.ada.support https://*.paypal.com https://*.paypalobjects.com https://*.trustarc.com https://*.hotjar.com https://www.googletagmanager.com https://*.stripe.com https://cdn.cookielaw.org https://geolocation.onetrust.com *.adroll.com connect.facebook.net snap.licdn.com static.ads-twitter.com analytics.twitter.com source.zoom.us zoom.us d27xp8zu78jmsf.cloudfront.net *.zoom.us *.solvvy.com *.zopim.com zopim.com  *.qualtrics.com; base-uri 'none'; frame-src 'self' blob: https://*.zoom.us https://onzoomfront3.zoom.us https://*.pledge.to https://cdn-fastly.obsproject.com https://www.youtube.com https://zoom.ada.support https://*.paypal.com https://*.paypalobjects.com https://*.trustarc.com https://*.hotjar.com https://*.pledge.to https://*.stripe.com 9513928.fls.doubleclick.net zoommtg://* zoommtg://* zoomus://* https://www.google.com https://www.gstatic.com https://www.recaptcha.net *.solvvy.com *.zopim.com zopim.com zoom.us  *.qualtrics.com; img-src 'self' blob: data: https: ; connect-src 'self' blob: data: wss://eventsws.zoom.us/ws/expo wss://*.zoom.us/xmpp-websocket wss://eu01eventsws.zoom.us/ws/expo wss://goeventsws.zoom.us/ws/expo https://zoom.us https://*.zoom.us https://onzoomfront3.zoom.us https://eventdirectory-events.s3.dualstack.us-east-1.amazonaws.com/ https://zoomeventinfo.zoom.us/ https://www.google-analytics.com https://zoom.ada.support https://rollout.ada.support https://static.ada.support https://*.paypal.com https://*.hotjar.com https://*.datadoghq.com https://*.hotjar.io https://*.live-video.net wss://*.hotjar.com https://go.pardot.com https://cdn.cookielaw.org https://*.stripe.com https://*.onetrust.com https://zoom-tos.s3.amazonaws.com  https://eventdirectory-events.s3.us-east-1.amazonaws.com wss://*.zoom.us https://*.zoom.com.cn wss://*.zoom.com.cn *.solvvy.com *.zopim.com zopim.com wss://*.zopim.com https://*.zoomonprem.com wss://*.zoomonprem.com  *.qualtrics.com; child-src 'self' blob:; object-src 'none'; upgrade-insecure-requests; media-src 'self' blob: data: https://*.zoom.us https://eventdirectory-events.s3.dualstack.us-east-1.amazonaws.com/ https://onzoomcontent3.zoom.us/ https://d2v9kxxnwn8pfp.cloudfront.net https://onzoomcontent3.zoom.us https://eventdirectory-events.s3.us-east-1.amazonaws.com *.live-video.net ; default-src 'self' https://www.paypal.com; font-src 'self' https://onzoomfront3.zoom.us data: https://fonts.gstatic.com https://*.hotjar.com source.zoom.us scource.zoom.us *.zoom.us ; report-uri /api/v1/stats/csp-report 1
default-src http: https: 'unsafe-inline'; img-src http: https: data:; object-src 'none'; 1
default-src: 'self' 'unsafe-inline' 'unsafe-eval' https://*.inductiveautomation.com https://*.inductiveuniversity.com https://icccdn.s3.amazonaws.com https://icccdn-production.s3.amazonaws.com https://icccdn-staging.s3.amazonaws.com https://code.jquery.com https://*.wistia.com http://*.embedwistia-a.akamaihd.net https://*.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.opentracker.net https://*.crazyegg.com https://*.litix.io https://*.marketo.net https://*.mktoresp.com https://*.facebook.net https://*.linkedin.com https://*.stripe.com https://*.stripe.network https://*.akamaized.net  https://*.vimeocdn.com https://*.vimeo.com https://*.getsitecontrol.com data: 'report-sample'; block-all-mixed-content; 1
default-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.google.com *.googleapis.com *.wistia.com api.hubapi.com forms.hubspot.com wss://auntbertha.zendesk.com; script-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-eval' 'unsafe-inline' *.demdex.net *.google.com *.googleapis.com *.gstatic.com *.statuspage.io *.wistia.com api.rollbar.com assets.adobedtm.com cdn.rollbar.com cdnjs.cloudflare.com/ajax/libs/ connect.facebook.net facebook.com https://*.zopim.com https://*.zopim.io https://chat-api.spartez-software.com https://ekr.zdassets.com https://spartezchatfiles.b-cdn.net https://static.zdassets.com https://www.googletagmanager.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js-na1.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.stripe.com js.usemessages.com static.cloudflareinsights.com track.hubspot.com www.atlassian.com/software/statuspage www.googleadservices.com www.google-analytics.com www.statuspage.com https://cdn.amplitude.com us-central1-searchbertha-hrd.cloudfunctions.net https://program-editor-ui-bqlyzw342a-uc.a.run.app/ https://data-quality-ui-bqlyzw342a-uc.a.run.app/ https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; style-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com blob: data: file: filesystem: https://netdna.bootstrapcdn.com https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; img-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.doubleclick.net *.everesttech.net *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hubspot.com *.wistia.com data: https://*.zopim.com https://*.zopim.io https://www.googletagmanager.com https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net/ https://chat-api.spartez-software.com/ https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; font-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.gstatic.com data: https://*.zopim.com https://*.zopim.io https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; frame-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.careunify.com *.google.com *.periscopedata.com *.statuspage.io *.stripe.com us-central1-searchbertha-hrd.cloudfunctions.net https://program-editor-ui-bqlyzw342a-uc.a.run.app/ https://data-quality-ui-bqlyzw342a-uc.a.run.app/ https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; connect-src *.auntbertha.com *.auntberthaqa.com *.auntbertha-qa.com *.findhelp.center *.findhelp.com *.findhelp-qa.com *.findhelp.org *.findhelp-qa.org 'self' *.akamaihd.net *.demdex.net *.googleapis.com *.hubapi.com *.hubspot.com *.rollbar.com *.wistia.com auntbertha.zendesk.com ekr.zdassets.com wss://*.zopim.com www.google-analytics.com https://api.ipify.org/ https://chat-api.spartez-software.com/ wss://chat-ws.spartez-software.com/ https://api2.amplitude.com/2/httpapi https://program-api-bqlyzw342a-uc.a.run.app/ https://trusted-networks-cloud-run-bqlyzw342a-uc.a.run.app/; object-src 'none'; media-src 'self' blob: data:; 1
default-src 'self' https://*.wogaa.sg https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net/ staticxx.facebook.com *.youtube.com cse.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.wogaa.sg *.googletagmanager.com https://*.dcube.cloud https://assets.adobedtm.com/ static.doubleclick.net *.google-analytics.com connect.facebook.net apis.google.com www.youtube.com s.ytimg.com *.google.com;img-src 'self' data: https://wogadobeanalytics.sc.omtrdc.net/ https://cm.everesttech.net/ https://dpm.demdex.net/ i.ytimg.com yt3.ggpht.com www.google-analytics.com  ssl.google-analytics.com *.google.com *.gstatic.com www.googleapis.com;connect-src 'self' https://*.wogaa.sg https://*.dcube.cloud https://dpm.demdex.net googleads.g.doubleclick.net www.google-analytics.com;style-src 'self' 'unsafe-inline' https://assets.wogaa.sg/ https://assets.dcube.cloud/fonts/ fonts.gstatic.com fonts.googleapis.com *.google.com;font-src 'self' data: https://assets.wogaa.sg/fonts/ https://assets.dcube.cloud/fonts/ fonts.gstatic.com fonts.googleapis.com *.google.com;media-src 'self' *.googlevideo.com; 1
frame-ancestors 'self' umziehen.de *.umziehen.de 1
default-src 'self'; frame-ancestors 'self' www.calwater.com; frame-src 'self' www.calwater.com connect.livechatinc.com calwater.maps.arcgis.com player.vimeo.com secure.livechatinc.com www.google.com survey123.arcgis.com www.youtube.com youtube.com; connect-src 'self' www.calwater.com my.yoast.com to.getnitropack.com maps.googleapis.com www.facebook.com; worker-src 'self' blob: www.calwater.com; img-src 'self' data: www.calwater.com analytics.convertlanguage.com www.facebook.com 26901.global.siteimproveanalytics.io cdn-ljbch.nitrocdn.com; font-src 'self' data: www.calwater.com fonts.gstatic.com maxcdn.bootstrapcdn.com s0.wp.com cdn-ljbch.nitrocdn.com maps.google.com; media-src 'self' www.calwater.com cdn-ljbch.nitrocdn.com; form-action 'self' www.calwater.com myaccount.calwater.com; object-src 'self' 'unsafe-inline' www.calwater.com cdn.livechat-static.com; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' www.calwater.com es.calwater.com analytics.convertlanguage.com cdn.livechatinc.com api.livechatinc.com connect.livechatinc.com www.google.com fonts.googleapis.com fonts.gstatic.com www.nitroscripts.com connect.facebook.net www.facebook.com cdn.livechat-static.com https://siteimproveanalytics.com www.siteimproveanalytics.com https://yoast.com my.yoast.com https://nitroscripts.com cdn-ljbch.nitrocdn.com maps.google.com player.vimeo.com www.gstatic.com maps.googleapis.com; style-src 'self' data: 'unsafe-inline' www.calwater.com cdn.livechat-static.com fonts.googleapis.com maxcdn.bootstrapcdn.com www.facebook.com cdn-ljbch.nitrocdn.com; 1
default-src 'none'; style-src 'unsafe-inline'; 1
default-src 'self' * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; font-src 'self' * data:; connect-src 'self' *; frame-src 'self' *; report-uri https://fundraisingbox.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://acsbapp.com/apps/app/dist/js/loader.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.8.1/jquery.validate.js https://ajax.aspnetcdn.com/ajax/mvc/4.0/jquery.validate.unobtrusive.min.js https://acsbapp.com/apps/app/dist/js/app.js https://www.google-analytics.com/analytics.js https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/api/js/ https://platform.twitter.com/ https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://syndication.twitter.com/ https://s.ytimg.com/ https://publish.twitter.com/ https://twimg.com/ https://platform.linkedin.com https://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.adroll.com/j/ https://d.adroll.com/consent/check/ https://d.adroll.com/pixel/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/consentconfig/ https://cdnjs.cloudflare.com/ajax/libs/angular.js/ https://www.googletagmanager.com/gtag/ https://ajax.googleapis.com/ajax/libs/ https://snap.licdn.com/ https://lex.33across.com/; style-src 'self' 'unsafe-inline' netdna.bootstrapcdn.com kendo.cdn.telerik.com https://www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://platform.twitter.com/css/ https://fast.fonts.net https://fonts.googleapis.com/; font-src 'self' https://cdn.acsbapp.com/apps/app/dist/fonts/* fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com; img-src 'self' image/* https://cdn.acsbapp.com/apps/app/dist/media/logomono.svg *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com https://d.adroll.com https://img.youtube.com/vi/ *.rubiconproject.com *.casalemedia.com *.pubmatic.com *.outbrain.com *.bidswitch.net *.yahoo.com https://eb2.3lift.com https://sync.taboola.com https://us-u.openx.net https://idsync.rlcdn.com https://ib.adnxs.com https://cm.g.doubleclick.net https://sync.mathtag.com https://*.google.com https://match.adsrvr.org https://pippio.com *.krxd.net *.bluekai.com https://new.aam.com https://px.ads.linkedin.com/ data:; media-src 'self'; form-action 'self'; frame-src 'self' https://*.cookiebot.com https://www.youtube.com/ https://www.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' https://process.acsbapp.com/apps/app/* https://cdn.acsbapp.com/cache/app/en.build.json https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://cdn.acsbapp.com/config/aam.com/config.json https://new.aam.com https://www.facebook.com/tr/ https://consentcdn.cookiebot.com/consentconfig/ https://maps.googleapis.com/ https://careers.aam.com https://www.google-analytics.com/ https://px.ads.linkedin.com/; object-src 'none'; 1
child-src 'self' https://*.google.com https://*.stripe.com https://*.facebook.com https://widget.trustpilot.com/ https://carcouk.autoserver.co.uk; frame-ancestors 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-veXkXR3OwQ1y7b4DDPjDD6S+W6jNA2bYTF8BBOhYcKmmt4Q6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
img-src 'self' blob: data: *.payot.ch https://www.olf.ch/ https://i.ytimg.com/ https://*.google-analytics.com https://*.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ,    style-src 'self' 'unsafe-inline' http://fonts.googleapis.com/,    font-src 'self' https://fonts.gstatic.com/,    connect-src 'self' https://maps.googleapis.com/ https://stats.g.doubleclick.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat,    frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://mailing.cdi.ch/ http://tp.srgssr.ch/ https://www.jobup.ch/,    media-src 'self' http://prod.payot.ch https://prod.payot.ch *.payot.ch    script-src 'self' https://*.googletagmanager.com     1
default-src * blob: data: http: https: 'unsafe-inline' 'unsafe-eval'; 1
default-src ‘self’; 1
style-src 'self' blob: https: 'unsafe-inline' https://www.suryadental.com.br/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.tolvnow.com data:; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.sunset.systems *.hotjar.com *.criteo.com *.tolvnow.com *.googleadservices.com *.g.doubleclick.net *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.uc.r.appspot.com *.google.com.br *.facebook.net *.facebook.com *.rdstation.com.br *.trustvox.com.br *.smarthint.co *.criteo.net *.solucx.com.br *.btg360.com.br *.voxus.com.br  *.voxus.tv *.ipify.org *.loggly.com *.secure.adnxs.com *.sp.analytics.yahoo.com *.soclminer.com.br *.optinmonster.com *.omappapi.com; 1
frame-ancestors 'self' covideo.com *.covideo.com vidmails.com *.vidmails.com eleadcrm.com *.eleadcrm.com forddirectcrm.com *.forddirectcrm.com usherpa.com *.usherpa.com *.autoipacket.com *.autoipacket.net *.ipacket.us *.ipacket.info dealersocket.com *.dealersocket.com dealersocket.engineering *.dealersocket.engineering linkedin.com *.linkedin.com *.kennected.video watch.kennected.video; 1
frame-ancestors https://v3.squads.so https://hub.sentre.io/ https://788652e9.snowflake-safe.pages.dev/ https://safe.snowflake.so/ 1
default-src 'self' *; style-src 'self' 'unsafe-inline' https://*.vercel.app https://fonts.googleapis.com https://tags.srv.stackadapt.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://cdn.mouseflow.com https://js.adstk.io https://i.loopme.me https://js.adsrvr.org https://*.googletagmanager.com https://tags.tiqcdn.com https://static.ads-twitter.com https://*.btstatic.com https://tags.srv.stackadapt.com https://*.yimg.com https://*.googleadservices.com https://*.facebook.net https://acdn.adnxs.com https://*.vercel.app https://api-engage-us.sitecorecloud.io https://cdn.cookielaw.org https://acsbapp.com https://*.acsbapp.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://*.vercel.app; img-src * data:; object-src 'none'; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net *.youtube.com *.investisdigital.com google-analytics.com cookiemanager.investisdigital.com *.google-analytics.com *.doubleclick.net m.clarity.ms n.clarity.ms *.clarity.ms  analytics.google.com assets.investisdigital.com region1.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com *.investisdigital.com player.vimeo.com fast.fonts.net cdn.rawgit.com *.investisdigital.com www.recaptcha.net otp.tools.investis.com cookiemanager.investisdigital.com m.clarity.ms www.clarity.ms assets.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com fast.fonts.net api2.fonts.com assets.investisdigital.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com fast.fonts.net api2.fonts.com cdnjs.cloudflare.com 1
default-src 'none'; style-src 'self'; img-src 'self'; frame-ancestors 'none'; form-action 'none'; 1
script-src 'self' google.com gstatic.com 'nonce-48c93e681996341e2705d3b7870b4180';script-src-attr 'unsafe-inline';style-src 'self' 'unsafe-inline';style-src-elem 'self' 'unsafe-inline';frame-ancestors 'self';img-src 'self' routesms.com static.routesms.com routemobile.com; 1
default-src  'self' https://cdnjs.cloudflare.com https://fonts.gstatic.com ; connect-src 'self' api.marker.io ssr.marker.io api.datatables.net; frame-src  'self' app.marker.io www.google.com/recaptcha/ https://app.powerbi.com ; script-src  'self' 'unsafe-inline' 'unsafe-eval' www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://nightly.datatables.net https://assettrack.cx https://ajax.googleapis.com https://code.jquery.com https://code.iconify.design https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://edge.marker.io https://api.marker.io https://openfpcdn.io/fingerprintjs/ https://app.powerbi.com https://debug.datatables.net https://api.datatables.net ; style-src  'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://nightly.datatables.net https://assettrack.cx https://ajax.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com https://debug.datatables.net https://api.datatables.net ; img-src  'self' data: blob https://media.marker.io https://app.marker.io https://edge.marker.io https://ajax.googleapis.com  ; 1
default-src 'none'; connect-src 'self' https:; font-src 'self'; frame-ancestors https:; img-src 'self'; manifest-src 'self'; script-src 'self' 'nonce-script/tCg2Wu8HI9aiB+QXpFYNrLDO' 'nonce-script/IcKqktIxA0Z7YDTFPVx4B1VC' 'nonce-script/fvCSWGUMk/E8KIUL9oBl9Hfr' 'nonce-script/k0241omLT0QR86+GjImM8voF' 'nonce-script/5FXjTmq9P+186cGZM3F/zic5' 'nonce-script/SKVoEvolbia9DUjepW/UtK0p' 'nonce-script/OBktykjsdObk8R7n/dxw+vcZ' cdnjs.cloudflare.com static.cloudflareinsights.com; style-src 'self' 'nonce-style/JyigjZwobCH9x8egkyTCdsfe' 'nonce-stylesheet/Y1SfBD5NulcQonOE7En94H4c' 'nonce-stylesheet/pG8cZQknbfzkCFryFciY2HRz' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' cdnjs.cloudflare.com; media-src 'self'; report-uri https://eric.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 1
default-src 'self'; frame-src: 'self'; frame-ancestors: 'self'; 1
manifest-src 'self'; script-src 'self' 'unsafe-eval' https://www.gstatic.com/cv/js/sender/v1/cast_sender.js; style-src 'self' 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: blob: https://immortuos.life:8443/socket.io/ wss://immortuos.life:8443/socket.io/ https://immortuos.life/ https://hls.immortuos.live/; font-src 'self' https: data:; form-action 'self'; frame-src 'self' https:; media-src 'self' https: blob: about: https://sound.immortuos.live:8878/ https://immortuos.life/; worker-src https: blob:; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'none'; script-src 'self' https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com https://js.stripe.com https://www.gstatic.com https://www.google.com https://maps.googleapis.com https://player.vimeo.com 'nonce-sT8Dr3HMavHtszsVPnD+xg==' 'unsafe-eval'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: blob: https://optimuscloud.blob.core.windows.net https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://chart.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://js.stripe.com https://www.google.com https://player.vimeo.com; worker-src 'self' blob:; form-action 'self'; connect-src 'self' https://*.mycirrus.cloud wss://*.mycirrus.cloud https://optimuscloud2.azurewebsites.net https://optimuscloud2-test.azurewebsites.net https://optimuscloud2-dev.azurewebsites.net https://optimuscloud3.azurewebsites.net https://optimuscloud3-test.azurewebsites.net https://optimuscloud3-dev.azurewebsites.net https://optimuscloud.blob.core.windows.net https://fcmregistrations.googleapis.com https://firebaseinstallations.googleapis.com https://maps.googleapis.com https://api.stripe.com; manifest-src 'self'; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; report-uri https://cirrusresearch.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self'; default-src 'self'; script-src 'report-sample' 'self' 'sha256-RPumnIR7FSgARDKw3/EMqdUO6scixVqjLq5BJ+esrKo=' 'sha256-UUocpuYdHXKmRArOq2g+5vVfCUSoGLiRvU5+S+u9TyQ=' https://kit.fontawesome.com/688cf5a923.js; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://ka-f.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://ka-f.fontawesome.com; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; report-uri https://65650021ce75a73f0a40442b.endpoint.csper.io/?v=1; worker-src 'none'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://datawrapper.dwcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://datawrapper.dwcdn.net; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://www.youtu.be https://datawrapper.dwcdn.net; 1
img-src * data: blob:; media-src *; style-src 'self' 'sha256-luDyZXC70U8Ojvz2bCCaQV/f525zjmdrymYgwv63nEQ=' https://data.oma.sk https://static.xx.fbcdn.net https://platform.twitter.com https://ton.twimg.com *.etargetnet.com 'sha256-Z7BHX2aqxnAJtLshJLApGRdmW2hvmrlU5izTEo5jZv8='; script-src 'unsafe-inline' 'self' https://data.oma.sk https://www.facebook.com *.facebook.net *.twitter.com *.twimg.com *.etargetnet.com ; base-uri 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; connect-src 'self' https://data.oma.sk; frame-src https://www.facebook.com https://platform.twitter.com; manifest-src 'self'; default-src 'none'; 1
frame-ancestors  https://*.cellarpass.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.paynimo.com https://*.razorpay.com/ https://www.googletagmanager.com/  https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://cdn.botframework.com/ https://www.google.com/ https://www.gstatic.com/ *.doubleclick.net *.ads-twitter.com *.pingdom.net *.facebook.net;font-src *  data: blob: 'unsafe-inline';img-src 'self' https: data:;style-src 'self' 'unsafe-inline' https: data:;connect-src 'self' wss://broking.fundzbazar.com:26004/ https://*.paynimo.com/ https://www.google-analytics.com/ https://*.razorpay.com/ *.pingdom.net/ *.doubleclick.net/ https://directline.botframework.com/ wss://directline.botframework.com ;frame-ancestors 'self';frame-src 'self' data: blob: https://www.youtube.com/ https://api.razorpay.com/ https://www.googletagmanager.com/ https://www.prudentcorporate.com/ https://fundzbazar.com/ https://www.fundzbazar.com/ https://pcasuat.com/ https://www.pcasuat.com/ https://www.google.com/ 1
font-src 'self' https://fonts.googleapis.com https://*.agencewebcom.com https://fonts.gstatic.com http://*.cloudfront.net https://*.cloudfront.net https://use.typekit.net ; base-uri 'self'; 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://krannich-solar.com https://ip-172-26-12-168 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de https://*.facebook.com https://*.linkedin.com https://*.googletagmanager.com https://*.doubleclick.net https://*.cookiebot.com;  script-src      'self' 'unsafe-inline' 'unsafe-eval'  https://*.bootstrapcdn.com https://*.pxia.de https://ip-172-26-12-168 https://*.cookiebot.com https://*.google.com https://*.googleapis.com https://*.gstatic.com *.google-analytics.com https://*.googletagmanager.com;  script-src-elem 'self' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://*.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.facebook.net https://*.licdn.com https://*.mouseflow.com https://*.googleadservices.com https://*.googletagmanager.com https://*.youtube.com https://*.google.de;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.googletagmanager.com;  font-src        'self' data: https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com;  frame-src       'self' https://*.cookiebot.com https://*.google.com https://www.youtube-nocookie.com https://indd.adobe.com https://*.youtube.com;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com https://*.doubleclick.net https://*.google.com https://*.linkedin.oribi.io https://*.linkedin.com;  1
frame-ancestors 'self' https://sgl-live01.mcon-group.com https://logon.sglcarbon.com; 1
frame-ancestors *.fraport.com *.fraport.de https://fraportag.sharepoint.com http://www.fra-spotterforum.de; 1
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net 1
default-src 'unsafe-inline' 'self' data: effectory.com www.effectory.com ac.effectory.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.usemessages.com  *.googlesyndication.com yoast.com *.hubspot.com *.hsadspixel.net *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.clarity.ms bat.bing.com www.powr.io client.hip.live.com maps.googleapis.com mktdplp102cdn.azureedge.net www.youtube.com static.zdassets.com consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com google-analytics.com www.google-analytics.com snap.licdn.com www.googleadservices.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net script.hotjar.com;frame-ancestors 'self' *.hsforms.com consentcdn.cookiebot.com; img-src *.googleadservices.com *.doubleclick.net 'self' data: *.cookiebot.com *.youtube.com *.hsforms.com *.hubspot.com *.googletagmanager.com c.bing.com c.clarity.ms bat.bing.com i.ytimg.com script.hotjar.com onlinedialogue.s3.eu-west-1.amazonaws.com onlinedialogue.s3-eu-west-1.amazonaws.com *.linkedin.com *.dynamics.com  wus.client.hip.live.com eus.client.hip.live.com maps.gstatic.com www.google.de maps.googleapis.com secure.gravatar.com www.google-analytics.com px.ads.linkedin.com www.google.com www.google.nl www.facebook.com; style-src 'unsafe-inline' fonts.googleapis.com ac.effectory.com www.effectory.com effectory.com; font-src data: fonts.gstatic.com script.hotjar.com ac.effectory.com www.effectory.com effectory.com; frame-src 'self' *.hubspot.com td.doubleclick.net ad.doubleclick.net *.twentythree.com *.hsforms.com www.powr.io www.youtube.com forms.office.com www.facebook.com vars.hotjar.com consentcdn.cookiebot.com *.dynamics.com; connect-src google.com *.googleadservices.com *.linkedin.com *.yoast.com *.googlesyndication.com *.doubleclick.net *.hubspot.com *.google.com *.amazonaws.com *.hsforms.com *.hubapi.com *.linkedin.oribi.io *.hscollectedforms.net *.google-analytics.com *.clarity.ms *.hotjar.com wss://*.hotjar.com surveystats.hotjar.io *.effectory.com maps.googleapis.com *.dynamics.com consentcdn.cookiebot.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net effectorychathelp.zendesk.com ekr.zdassets.com 1
default-src https:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: blob:; worker-src blob:; font-src data: https:; report-uri /internal/csp_report; connect-src https: wss://prod-ws.beaconama.net; frame-ancestors https://tradeshowkiosk.badgermeter.com/ 1
child-src 'self'  https://cdn.plaid.com https://cdnjs.cloudflare.com https://iaccess.wpengine.com https://www.google.com https://ilogin.okta.com https://*.hotjar.com:* https://player.vimeo.com https://help.iaccessportal.com; font-src 'self' https://fonts.gstatic.com https://player.vimeo.com; 1
default-src 'self' *.youtube.com *.onfastspring.com airtable.com *.2checkout.com *.avangate.com cdn.jsdelivr.net *.freshworks.com; style-src 'self' 'unsafe-inline' widget.freshworks.com; img-src 'self' data:; script-src unpkg.com 'self' 'unsafe-inline' 'unsafe-eval' *.onfastspring.com static.airtable.com *.2checkout.com cdn.jsdelivr.net widget.freshworks.com; 1
default-src 'self' *.getdoc.com.br getdoc.com.br fonts.gstatic.com fonts.googleapis.com; script-src 'unsafe-inline' *.getdoc.com.br getdoc.com.br *.googleapis.com fonts.googleapis.com connect.facebook.net fonts.gstatic.com; style-src 'unsafe-inline' *.getdoc.com.br getdoc.com.br fonts.googleapis.com maps.googleapis.com connect.facebook.net fonts.gstatic.com; img-src 'self' http://getdoc.com.br https://getdoc.com.br http://www.getdoc.com.br https://www.getdoc.com.br https://fonts.googleapis.com http://maps.googleapis.com https://connect.facebook.net https://fonts.gstatic.com; 1
default-src *; script-src *  'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: https:; font-src * data: https:; 1
default-src *.cigniti.com 'unsafe-inline' 'unsafe-eval' https: data: 1
frame-ancestors zismo.biz zismo.ru zismone.ru promoggaqjkd.ru 1
frame-ancestors 'self' https://app.contentstack.com; 1
frame-ancestors https://puls.com https://*.puls.com https://ownerly.com https://*.ownerly.com https://essentialhomeandgarden.com https://*.essentialhomeandgarden.com https://homeappliancehero.com https://todayrepairs.com/ https://machinelounge.com https://devpuls.com https://*.devpuls.com http://localhost:3000; default-src * 'unsafe-inline' 'unsafe-eval'; font-src data: *; img-src data: blob: * 1
base-uri 'self';connect-src 'self' ws: www.google-analytics.com wurfl.io hosted.paysafe.com hosted.test.paysafe.com socialplugin.facebook.net www.facebook.com https://*.googletagmanager.com https://*.google-analytics.com https://www.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca consentcdn.cookiebot.com px.ads.linkedin.com;default-src 'self';form-action 'self';img-src 'self' data: blob: via.placeholder.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://googleads.g.doubleclick.net https://www.google.com imgsct.cookiebot.com px.ads.linkedin.com www.linkedin.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' https://googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net www.google-analytics.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com stats.pusher.com js.stripe.com cdnjs.cloudflare.com hosted.paysafe.com hosted.test.paysafe.com consent.cookiebot.com consentcdn.cookiebot.com rw1.marchex.io 'nonce-CX5tFvvZ2cZvhMItvEyjpHqW6aVLUEdW';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;font-src 'self' data: fonts.googleapis.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com;frame-src 'self' www.googletagmanager.com www.google.com connect.facebook.net fonts.gstatic.com www.facebook.com www.youtube.com player.vimeo.com js.stripe.com hosted.paysafe.com hosted.test.paysafe.com https://bid.g.doubleclick.net consent.cookiebot.com consentcdn.cookiebot.com td.doubleclick.net;frame-ancestors 'self' 1
default-src 'self' *.novica.com *.novica.net;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';img-src * data:;frame-src *;connect-src *;media-src *;font-src *;worker-src * blob:; 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br dc.services.visualstudio.com; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googleadservices.com dc.services.visualstudio.com; style-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.google.com *.googleapis.com dc.services.visualstudio.com; img-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.googletagmanager.com *.gstatic.com *.google-analytics.com *.google.com dc.services.visualstudio.com; font-src 'self' https: data: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.gstatic.com dc.services.visualstudio.com; connect-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br *.google-analytics.com performance-api-service-dot-caixa-vida-previdencia.rj.r.appspot.com dc.services.visualstudio.com; frame-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.caixavidaeprevidencia.com.br *.caixaseguridade.com.br *.caixaseguradora.com.br dc.services.visualstudio.com 1
default-src 'self'; object-src 'self' https://pts.handyvertrag.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.handyvertrag.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.handyvertrag.de https://chat.handyvertrag.de https://umfrage.handyvertrag.de https://pts.handyvertrag.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.handyvertrag.de https://chat.handyvertrag.de https://stats.handyvertrag.de https://imagepool.handyvertrag.de https://pts.handyvertrag.de https://analytics.tiktok.com https://umfrage.handyvertrag.de; script-src 'strict-dynamic' 'nonce-7ee0fd9e6c9e9a995d692c1be460c5df' 'nonce-59ebe9d789d2b3c9e553b4d1dc8f3ead' 'nonce-7858020dfaa2c173d77c675978749644' 'nonce-a7de38825da43dd3e452ac0f14e025ee' 'nonce-b27952b7c5c598123cedcbf718f5bc02' 'nonce-ddea3ba29e88bf6199b1f6215cf1efc6' 'nonce-5ffb4376d629abe582907aaeedd5e3d2' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.handyvertrag.de https://umfrage.handyvertrag.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-7ee0fd9e6c9e9a995d692c1be460c5df' 'nonce-59ebe9d789d2b3c9e553b4d1dc8f3ead' 'nonce-7858020dfaa2c173d77c675978749644' 'nonce-a7de38825da43dd3e452ac0f14e025ee' 'nonce-b27952b7c5c598123cedcbf718f5bc02' 'nonce-ddea3ba29e88bf6199b1f6215cf1efc6' 'nonce-5ffb4376d629abe582907aaeedd5e3d2' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' *.propertycapsule.com;script-src 'self' * blob: 'unsafe-inline' 'unsafe-eval';style-src 'self' * 'unsafe-inline';font-src 'self' * data:;img-src 'self' * data: blob:;connect-src 'self' * data: blob:;frame-src 'self' *.propertycapsule.com www.google.com *.shopcore.com *.cbre.us *.cbre.com *.kimcorealty.com my.matterport.com embed.widencdn.net marketplace.vts.com properties.brixmor.com *.widen.net *.rlets.com;frame-ancestors 'self' https://tolsonenterprises.com http://tolsonenterprises.com https://www.barnescreativestudios.com http://www.barnescreativestudios.com https://barnescreativestudios.com *.barnescreativestudios.com *.cloudfront.net *.brixmor.com *.propertycapsule.com *.vts.com;media-src 'self' * ; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' https://cdnjs.cloudflare.com/ajax/ https://www.youtube.com/ https://www.google-analytics.com/analytics.js https://www.gstatic.com/recaptcha/releases/ https://freegeoip.live/json/ https://www.google.com/recaptcha/api.js https://js.driftt.com/ https://sc.lfeeder.com/lftracker_v1_3P1w24dW9Ag7mY5n.js https://www.googletagmanager.com/gtag/js; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com sha256-; object-src 'none'; base-uri 'self'; connect-src https://www.google-analytics.com/ https://reallyfreegeoip.org/json/ 'self'; font-src 'self' data: https://s0.wp.com/i/fonts/ https://fonts.gstatic.com; frame-src 'self' https://js.driftt.com https://www.google.com https://www.youtube.com/ ; img-src 'self' https://i.ytimg.com/vi/ https://secure.gravatar.com https://www.google-analytics.com/ https://tr-rc.lfeeder.com/ https://wpengine.com/ data: https://static-mk.prod.bcomo.com; manifest-src 'self'; media-src 'self' https://js.driftt.com; worker-src 'self' blob:; 1
default-src 'self'; connect-src 'self' *.nr-data.net *.clarity.ms *.google.com stats.g.doubleclick.net *.googleapis.com *.google-analytics.com *.hotjar.com *.bing.com *.google.ca *.facebook.net https://api64.ipify.org/ *.translate-pa.googleapis.com https://api-cdn.cac1.pure.cloud wss://webmessaging.cac1.pure.cloud https://api.cac1.pure.cloud *.mypurecloud.com wss://webmessaging.mypurecloud.com; font-src 'self' *.fontawesome.com *.googleusercontent.com; frame-src 'self' *.addtoany.com *.gstatic.com *.google.com *.youtube.com *.googletagmanager.com *.recaptcha.net *.facebook.com td.doubleclick.net https://apps.cac1.pure.cloud/ https://apps.mypurecloud.com/; img-src 'self' *.alectra.com *.gstatic.com *.facebook.com data: www.w3.org/svg/2000 *.google.ca *.google-analytics.com *.bing.com *.outbrain.com *.google.com *.googleapis.com *.facebook.net *.clarity.ms bing.com *.googletagmanager.com https://alectrautilities.com *.clarity.ms *.bing.com https://t.co/i/ *.twitter.com https//i.ytimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.newrelic.com *.nr-data.net *.addtoany.com *.facebook.net *.googletagmanager.com *.google.com *.clarity.ms *.googleapis.com *.google-analytics.com *.outbrain.com *.bing.com *.clarity.ms *.cloudflare.com unpkg.com *.recaptcha.net *.gstatic.com *.cloudflare.com *.addtoany.com *.ads-twitter.com https://apps.cac1.pure.cloud https://apps.mypurecloud.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com *.cloudflare.com; frame-ancestors 'self' *.youtube.com you.tube https://apps.mypurecloud.com/ ; upgrade-insecure-requests 1
default-src 'self' 'nonce-WmtMRlc4cEg5eVVpcmdqUEJEcHduZ0FBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms 'nonce-WmtMRlc4cEg5eVVpcmdqUEJEcHduZ0FBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com; style-src 'self' fonts.googleapis.com 'nonce-WmtMRlc4cEg5eVVpcmdqUEJEcHduZ0FBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com; base-uri 'self'; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report; 1
frame-ancestors self http://localhost https://op.homepartners.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://tabor.ru http://tabor.ru *.tabor.ru tabor.ru m.tabor.ru http://m.tabor.ru https://m.tabor.ru http: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru https: vk.com *.vk.com vk.me *.vk.me vk.me *.vk.me fbcdn.net *.fbcdn.net akamaihd.net *.akamaihd.net mycdn.me *.mycdn.me yandex.ru *.yandex.ru yadro.ru *.yadro.ru ; img-src * 'self' blob: data:;connect-src * 'self' file: data: blob: filesystem:; frame-ancestors *.tabor.ru *.tabor.by *.tab33.com *.tabor.kz *.mintapp.org; 1
frame-ancestors 'self' https://minbedrift.mittanbud.no https://mittanbud.sanity.studio https://remppatori.sanity.studio https://byggetilbud.sanity.studio https://servicefinder.sanity.studio; 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'unsafe-inline' https://*.simplex.com https://*.moonpay.com https://*.visualwebsiteoptimizer.com https://*.hotjar.com https://*.freshchat.com https://fw-cdn.com https://yastatic.net https://widget.mercuryo.io https://www.google.com https://www.gstatic.com *.googletagmanager.com *.google-analytics.com https://static.zdassets.com https://s3.tradingview.com https://mc.yandex.ru https://connect.trezor.io https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.freshchat.com https://storage.swapspace.co https://api.mapbox.com; img-src 'self' data: https://unpkg.com https://*.visualwebsiteoptimizer.com https://*.walletconnect.com https://registry.walletconnect.com https://www.googletagmanager.com https://storage.swapspace.co https://www.google-analytics.com https://mc.yandex.ru https://i.ytimg.com https://google.com https://www.google.com; font-src 'self' data: https://storage.swapspace.co; connect-src 'self' https://*.google.com https://*.visualwebsiteoptimizer.com wss://*.hotjar.com https://*.hotjar.io https://*.walletconnect.com wss://*.walletconnect.com wss://*.walletconnect.org https://*.google-analytics.com https://*.alchemy.com/v2/ https://*.infura.io https://*.getblock.io https://*.ingest.sentry.io wss://*.bridge.walletconnect.org/ https://registry.walletconnect.com wss://mainnet.infura.io https://api.swapspace.co https://storage.swapspace.co https://stats.g.doubleclick.net *.zdassets.com *.zendesk.com https://www.google-analytics.com wss://widget-mediator.zopim.com *.mapbox.com https://mc.yandex.ru https://connect.trezor.io; media-src 'self' *.zdassets.com; frame-src 'self' data: https://*.simplexcc.com https://*.guardarian.com https://*.simplex.com https://*.bitrefill.com https://*.mercuryo.io https://*.finchpay.io https://*.blockchain.com https://*.moonpay.com https://*.tradingview-widget.com https://*.walletconnect.org https://*.walletconnect.com https://*.freshchat.com https://widget.mercuryo.io https://exchange.mercuryo.io https://s.tradingview.com https://www.google.com https://www.youtube.com https://connect.trezor.io https://www.youtube-nocookie.com https://miro.medium.com; object-src 'self' data:; worker-src 'self' blob:; frame-ancestors 'self' 1
frame-ancestors 'self'; form-action 'self' *.domainregistration.com.sg *.paypal.com; upgrade-insecure-requests 1
default-src 'self' https://sites.brevardcounty.us/ https://sites.brevardfl.gov/; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://*analytics.google.com/ https://bclsfl.patronpoint.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://sites.brevardcounty.us/ https://sites.brevardfl.gov/ 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://sites.brevardcounty.us/ https://sites.brevardfl.gov/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://www.nhc.noaa.gov/ 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://www.youtube.com/ https://www.google.com/ https://floridadisaster.maps.arcgis.com/ https://bclsfl.patronpoint.com/ https://www.googletagmanager.com/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://sites.brevardcounty.us/ https://sites.brevardfl.gov/ 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com; frame-ancestors https://www.youtube.com/ https://www.google.com/ https://floridadisaster.maps.arcgis.com/ https://bclsfl.patronpoint.com/ https://www.googletagmanager.com/ 'self' 1
frame-ancestors 'self' vittude.com corporate.vittude.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data: 1
default-src 'none'; object-src 'none'; frame-ancestors 'self' *.databusca.com.br *.datacob.com.br; font-src 'self' https://fonts.gstatic.com https://fonts.cdnfonts.com; base-uri 'self'; img-src 'self' data: https:; connect-src 'self' https: 'unsafe-inline' *; script-src 'self' https: 'unsafe-inline' *; style-src 'self' https: 'unsafe-inline'; 1
frame-ancestors 'self' grn-www.loweboats.com; 1
frame-ancestors 'self';base-uri 'none';object-src 'none' 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.youtube.com http://contre-le-diabete.rouge-le-fil.com/ https://*.federationdesdiabetiques.org/ http://www.contrelediabete.fr/ https://www.dailymotion.com/ https://player.vimeo.com/ https://*.google.com/ https://www.gstatic.com/ https://www.googletagmanager.com/ https://cdn.cookielaw.org/ 1
frame-src 'self' https: blob: data:; connect-src 'self' https:; font-src https: data:; script-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: data:; object-src https: data:; form-action 'self' https:; default-src https: 1
default-src 'self' data: http://* blob: https://* blob:; script-src 'self' 'unsafe-inline' data: http://* blob: https://* blob: 'unsafe-eval'; connect-src * 'self' data: http://* blob: https://* blob:; img-src data: 'self' http://* blob: https://* blob:; style-src 'self' 'unsafe-inline' data: http://* blob: https://* blob:; 1
default-src 'self' https://polarisxchange.com;base-uri 'self' https://md-scp.kampyle.com;connect-src 'self' https://polarisxchange.com wss://polarisxchange.com wss://*.polarisxchange.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://vc.hotjar.io https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://www.google.com https://adservice.google.com https://logx.optimizely.com auth.polaris.com auth.polaris.com/.well-known/jwks.json https://joydrive-otel-collector.herokuapp.com/v1/traces https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://*.bing.com https://*.clarity.ms https://us.js.logs.insight.rapid7.com https://www.facebook.com;frame-src 'self' https://polarisxchange.com https://*.octane.co https://octane.co https://vars.hotjar.com https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://*.cdn.optimizely.com auth.polaris.com https://d8pvvu29xif4d.cloudfront.net https://*.auth0.com https://www.youtube.com https://www.youtube-nocookie.com https://js.stripe.com https://www.googletagmanager.com https://www.facebook.com https://datastudio.google.com https://lookerstudio.google.com;font-src 'self' https://polarisxchange.com https://script.hotjar.com https://*.kampyle.com https://*.medallia.eu https://*.trustarc.com https://fonts.gstatic.com;img-src 'self' https://polarisxchange.com https://prdpolvehicleinspecstg.blob.core.windows.net https://cdn-qa.polarisxchangecms.com https://cdn-qa.goreveocms.com https://polarisxchange.polarisapi.com https://cdn.polarisxchange.com https://cdn1.polaris.com https://static.hotjar.com https://script.hotjar.com https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://di.rlcdn.com https://secure.gravatar.com https://s3.amazonaws.com/reveo-prod-secure-uploads/ https://s3.amazonaws.com/reveo-prod/ https://cdn1.polarisxchange.com https://*.auth0.com data: blob: https://i.ytimg.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.gstatic.com https://*.bing.com https://*.clarity.ms https://www.facebook.com https://connect.facebook.net https://api.twilio.com https://media.twiliocdn.com https://s3-external-1.amazonaws.com/media.twiliocdn.com;media-src 'self' https://polarisxchange.com ;object-src 'none';report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub7c083ead0672479e64a82fef3f5b31dd&dd-evp-origin=content-security-policy&ddsource=csp-report&env=production&heroku.app=reveo-prod&heroku.dyno=web.4&host=reveo-prod&platform=reveo&service=joydrive&version=92360d0;report-to csp-endpoint;script-src 'report-sample' 'self' https://polarisxchange.com 'nonce-LbIl9vhsWGyRk5oMBOwV40S0T97vLZLYfxXDBt3fOhg=' 'unsafe-eval' https://ride-octane-api-sandbox.s3.us-west-2.amazonaws.com https://*.hotjar.com https://*.octane.co https://octane.co https://*.trustarc.com https://*.kampyle.com https://*.medallia.eu https://js.adsrvr.org https://secure.gravatar.com https://cdn.optimizely.com auth.polaris.com https://*.auth0.com https://js.stripe.com https://www.youtube.com https://www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.googleadservices.com https://bat.bing.com https://*.clarity.ms https://connect.facebook.net;style-src 'report-sample' 'self' https://polarisxchange.com 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com https://*.kampyle.com https://*.medallia.eu https://fonts.googleapis.com https://www.googletagmanager.com; 1
frame-ancestors wiki.nenaprasno.ru vse.nenaprasno.ru screen.nenaprasno.ru ask.nenaprasno.ru http://localhost:3000 nenaprasno.ru wiki.klbrtest.ru media.nenaprasno.ru hso.nenaprasno.ru 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://todon.nl; img-src 'self' https: data: blob: https://todon.nl; style-src 'self' https://todon.nl 'nonce-kV8wM5J0hU+SIYGVrk9ZNg=='; media-src 'self' https: data: https://todon.nl; frame-src 'self' https:; manifest-src 'self' https://todon.nl; form-action 'self'; child-src 'self' blob: https://todon.nl; worker-src 'self' blob: https://todon.nl; connect-src 'self' data: blob: https://todon.nl https://todon.nl wss://todon.nl; script-src 'self' https://todon.nl 'wasm-unsafe-eval' 1
frame-ancestors *.smapone.com *.emlen.io 1
script-src 'self' bvcdigital.bvc.com.co plataformacert.bvc.com.co  https://www.google-analytics.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net media.graphassets.com; script-src-elem media.graphassets.com https://www.google.com/recaptcha/api.js https://unpkg.com/pdfjs-dist@3.4.120/build/pdf.worker.min.js https://cert.bvcdigital.bvc.com.co https://bvcdigital.bvc.com.co https://bvc.com.cohttps://www.gstatic.com 'unsafe-inline'; media.graphassets.com frame-ancestors https://www.kumo360.com; 1
upgrade-insecure-requests; default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self' https:; font-src 'self' https: data: assets.volquartsen.com; img-src 'self' https: data: assets.volquartsen.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' assets.volquartsen.com; style-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' https://*.webflow.com http://*.webflow.com http://*.webflow.io http://webflow.com https://webflow.com *.kumospace.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: 1
script-src 'self' 'self' 'unsafe-inline' https://*.google-analytics.com https://*.plabable.com https://plabable.com https://phase-one.plabable.com https://plabable-api-staging.plabable.com https://*.googletagmanager.com https:; connect-src 'self' https: http:; img-src 'self' data: https: blob:; media-src 'self' data: https:; frame-ancestors 'none' 1
default-src 'self';             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.google.com https://maps.googleapis.com https://dev.virtualearth.net;             style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;             img-src 'self' data: https:;             font-src 'self' https://fonts.gstatic.com;             connect-src 'self' https://maps.googleapis.com 1
frame-ancestors 'self' http://localhost:9000/ https://roomtodo.local/ 1
frame-ancestors https://www.generali.rs https://generali.rs https://kupipolisu.rs 1
frame-ancestors 'self' http://*.sec6.net ; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com ssl.google-analytics.com ee.hit.gemius.pl *.googletagmanager.com *.google-analytics.com *.youtube.com lt.morningstar.com nasdaqbaltic.com fonts.googleapis.com fonts.gstatic.com *.soundcloud.com *.news.eu.nasdaq.com *.vimeo.com *.analytics.google.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *;img-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *; 1
frame-ancestors 'self'; report-uri https://www.studi.com/fr/report-uri/enforce 1
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn-ukwest.onetrust.com footer.diageohorizon.com va.vercel-scripts.com https://vercel.live https://rules.quantcount.com https://pixel.quantcount.com https://insight.adsrvr.org/ https://www.facebook.com https://connect.facebook.net https://secure.quantserve.com https://d.turn.com https://js.adsrvr.org js.monitor.azure.com api.mapbox.com www.google.com www.gstatic.com diageoagegate.diageoplatform.com www.googletagmanager.com cdnjs.cloudflare.com cdn.treasuredata.com web.diageoagegate.com www.youtube.com cdn.evgnet.com www.google-analytics.com *.in.treasuredata.com *.bulleit.com www.diageoagegate.com code.jquery.com app.anyroad.com where-to-buy.co integrations.anyroad.com *.shortlyst.com;    style-src 'self' 'unsafe-inline' api.mapbox.com https://vercel.live footer.diageohorizon.com;    img-src 'self' blob: data: images.ctfassets.net i.vimeocdn.com cdn-ukwest.onetrust.com vercel.com www.facebook.com pixel.quantserve.com insight.adsrvr.org/ *.cloudfunctions.net www.google-analytics.com ad.doubleclick.net www.drinkiq.com www.diageoagegate.com media.diageocms.com media.diageodam.com media-diageocms.diageoplatform.com;    media-src 'self' assets.ctfassets.net videos.ctfassets.net player.vimeo.com vod-progressive.akamaized.net download-video.akamaized.net;    connect-src 'self' images.ctfassets.net api.mapbox.com cdn-ukwest.onetrust.com geolocation.onetrust.com privacyportal-uk.onet vercel.live dc.services.visualstudio.com *.google-analytics.com privacyportal-uk.onetrust.com events.mapbox.com *.evergage.com www.google.com *.doubleclick.net footer.diageohorizon.com *.shortlyst.com;    font-src 'self' data: fonts.gstatic.com;    worker-src blob:;    object-src 'self' blob: api.mapbox.com;    base-uri 'self';    form-action 'self' *.r2sndr.com;    frame-src vercel.live insight.adsrvr.org/ app.anyroad.com where-to-buy.co integrations.anyroad.com google.com www.google.com *.doubleclick.net *.shortlyst.com;    frame-ancestors 'none';    block-all-mixed-content;    upgrade-insecure-requests; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: https://www.googletagmanager.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.livechatinc.com https://api.livechatinc.com https://cdn.ckeditor.com https://cdn.datatables.net https://www.google.com https://www.gstatic.com https://www.paypal.com https://embed.tawk.to 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'unsafe-eval' 'self' https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://extend.vimeocdn.com https://firebaseinstallations.googleapis.com https://mymeq-be.mymeq.com https://player.vimeo.com 'sha256-BllS3V2Wr049ioMvJTmHHB1nME2cKHW2olt++dQNFeU=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw='; style-src 'unsafe-inline' 'self' fonts.googleapis.com https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css; frame-ancestors 'self' teams.microsoft.com; form-action 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' data: https://img.mymeq.com https://i.vimeocdn.com https://s3.amazonaws.com https://www.google-analytics.com; media-src 'self' https://img.mymeq.com; frame-src 'self' https://www.google.com https://player.vimeo.com; connect-src 'self' https://www.google-analytics.com https://vimeo.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com/ https://*.meqdev.com https://mymeq-be.meqdev.com https://mymeq-be.local https://mymeq-be.mymeq.com https://mymeq-be-sso-stage.mymeq.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googleapis.com *.mapbox.com *.fontawesome.com *.googletagmanager.com *.gstatic.com *.w3.org *.amazonaws.com *.google-analytics.com *.google.com *.braintreegateway.com *.paypalobjects.com *.paypal.com *.youtube.com *.youtube-nocookie.com *.imgix.net *.ytimg.com *.doubleclick.net *.braintree-api.com *.facebook.com  *.facebook.net polyfill.io *.jsdelivr.net unpkg.com *.cloudflare.com *.empirewine.com; 1
frame-ancestors 'self' https://*.photoreading.com; 1
default-src 'self' c.disquscdn.com disqus.com *.twitter.com; script-src 'self' 'unsafe-inline' www.paypal.com www.googletagmanager.com *.cloudflare.com static.cloudflareinsights.com cdn.coil.com ajax.googleapis.com bithomp.disqus.com code.jivosite.com translate.google.com translate.googleapis.com translate-pa.googleapis.com a.disquscdn.com public.bnbstatic.com www.xrptipbot.com; connect-src https: wss: blob:; img-src https: data: blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com c.disquscdn.com translate.googleapis.com use.typekit.net p.typekit.net xumm.app; base-uri 'self'; form-action 'self' www.paypal.com perfectmoney.is; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com fonts.googleapis.com use.fontawesome.com use.typekit.net; media-src https: data:; frame-src 'self' www.paypal.com www.youtube.com disqus.com platform.twitter.com connect.trezor.io challenges.cloudflare.com www.xrptipbot.com tempest.services.disqus.com; 1
connect-src 'self' *.siteimprove.com *.fontawesome.com *.readspeaker.com fonts.googleapis.com cdn1.readspeaker.com *.elk01.yard.nl *.test01.yard.nl *.googleapis.com; default-src 'self' *.fontawesome.com *.readspeaker.com alkmaar-openpub.accept02.yard.nl alkmaar-openpdc.accept02.yard.nl; font-src 'self' data: https: fonts.gstatic.com *.fontawesome.com *.readspeaker.com; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com *.vimeo.com *.arcgis.com; img-src data: https: *.fontawesome.com *.google-analytics.com *.readspeaker.com alkmaar-openpub.accept02.yard.nl alkmaar-openpdc.accept02.yard.nl *.siteimproveanalytics.io; media-src 'self' *.fontawesome.com *.readspeaker.com; object-src data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.googleapis.com www.gstatic.com *.google.com *.google-analytics.com *.googletagmanager.com *.fontawesome.com *.readspeaker.com *.siteimproveanalytics.com *.siteimprove.net *.siteimprove.com siteimproveanalytics.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' polyfill.io *.polyfill.io *.fontawesome.com *.googletagmanager.com *.readspeaker.com www.google.com *.siteimprove.net polyfill.io www.gstatic.com siteimproveanalytics.com connect.facebook.net *.googleapis.com www.google-analytics.com *.newrelic.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.fontawesome.com *.readspeaker.com; block-all-mixed-content; upgrade-insecure-requests; report-uri 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.com *.episerver.net/ *.webtraxs.com https://www.google-analytics.com/ *.mouseflow.com *.liveperson.net *.gstatic.com *.lpsnmedia.net *.googleapis.com *.visualstudio.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dl.episerver.net/ https://bat.bing.com/ https://www.googleadservices.com/pagead/ https://tcp.googlesyndication/ https://ajax.cloudflare.com/ *.idio.co/ https://az416426.vo.msecnd.net https://static.cloudflareinsights.com/ https://www.youtube.com/ http://d1igp3oop3iho5.cloudfront.net/ https://*.clarity.ms/ https://snap.licdn.com/ https://googleads.g.doubleclick.net/; style-src 'self' 'unsafe-inline' *.ellsworth.com/ https://*.episerver.net/ https://dl.episerver.net/ https://lptag.liveperson.net/ https://lptag.liveperson.net/ *.googleapis.com https://www.googletagmanager.com/; img-src 'self' data: https://www.google.com/ads/ https://www.google-analytics.com/ *.lpsnmedia.net *.webtraxs.com/ https://maps.gstatic.com/ https://csi.gstatic.com/ https://i.ytimg.com/ https://n2.mouseflow.com/ https://stats.g.doubleclick.net/ https://strack.where-to-buy.co/ https://where-to-buy.co/ https://dl.episerver.net/ https://bat.bing.com/action/ https://googleads.g.doubleclick.net/pagead/ https://tcp.googlesyndication/ https://img.youtube.com/ *.idio.co/ *.ellsworth.com https://www.googletagmanager.com/ https://lpcdn.lpsnmedia.net/ https://www.commerce-connector.com/ *.googleapis.com https://fonts.gstatic.com/ https://jumbe.zaius.com/ https://*.clarity.ms/ https://*.bing.com/ https://px.ads.linkedin.com/ https://www.google.com/pagead/; media-src 'self' https://lpcdn.lpsnmedia.net/; font-src 'self' https://fonts.gstatic.com/ https://themes.googleusercontent.com/static/fonts/muli/ https://fonts.gstatic.com/s/muli/v6/ *.googleapis.com; child-src 'self' *.ellsworth.com/ https://*.episerver.net/ *.liveperson.net https://www.youtube.com/embed/ https://lpcdn.lpsnmedia.net/ https://player.vimeo.com/ https://vimeo.com/ https://4262392.va.cobrowse.liveperson.net/ https://www.google.com/recaptcha/ https://ellsworth.us18.list-manage.com/ https://editor.ne16.com/; frame-src 'self' *.ellsworth.com/ https://*.episerver.net/ *.liveperson.net https://pay.sandbox.realexpayments.com/ https://www.youtube.com/embed/ https://lpcdn.lpsnmedia.net/ https://player.vimeo.com/ https://vimeo.com/ https://4262392.va.cobrowse.liveperson.net/ https://www.google.com/recaptcha/ https://ellsworth.us18.list-manage.com/ https://ellsworth-dev.adagetech.net/ https://editor.ne16.com/ https://certtransaction.hostedpayments.com/ https://transaction.hostedpayments.com/ https://app.ne16.com/; connect-src 'self' ws://*.ellsworth.com/ *.ellsworth.com *.visualstudio.com https://*.episerver.net/ wss://*.ellsworth.com/ http://*.episerver.com/ https://n2.mouseflow.com/ https://www.google-analytics.com/ *.liveperson.net https://bat.bing.com/actionp/ https://stats.g.doubleclick.net/ *.googleapis.com https://analytics.google.com/ https://*.clarity.ms/ https://adservice.google.com/ https://cdn.linkedin.oribi.io/; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.ro *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.ro; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.ro https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.ro *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-x/5E7X0NC9Adm5N3rqt2kwnUU5PWB2wpQrCcS2bBIr4=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.mrbit.ro *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://mrbit.ro/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
default-src 'self';script-src 'self' vimeo.com snap.licdn.com www.google.com www.gstatic.com tools.euroland.com region1.analytics.google.com script.hotjar.com www.vimeo.com st-eu.dynamicyield.com cdn-eu.dynamicyield.com www.googletagmanager.com cookiehub.net www.google-analytics.com static.hotjar.com cdn.pardot.com pi.pardot.com info.marel.com www.youtube.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com js.monitor.azure.com widget.datablocks.se rcom-eu.dynamicyield.com dash.cookiehub.com 'unsafe-eval' 'unsafe-inline';style-src 'self' cdn-eu.dynamicyield.com use.typekit.net p.typekit.net cookiehub.net www.youtube.com 'unsafe-inline';connect-src 'self' cdn-eu.dynamicyield.com px-eu.dynamicyield.com cdn.linkedin.oribi.io adm.dynamicyield.eu region1.google-analytics.com region1.analytics.google.com consent.cookiehub.net st-eu.dynamicyield.com async-px-eu.dynamicyield.com/ www.google-analytics.com analytics.google.com stats.g.doubleclick.net www.youtube.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com westeurope-5.in.applicationinsights.azure.com widget.datablocks.se vc.hotjar.io rcom-eu.dynamicyield.com hub.mfn.se;font-src 'self' use.typekit.net www.youtube.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com;img-src 'self' data: www.google.nl px.ads.linkedin.com www.google.dk i.vimeocdn.com dashboard.umbraco.com www.google.com www.google.com.ph www.google-analytics.com www.youtube.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com;frame-ancestors 'self';frame-src 'self' www.slideshare.net www.google.com/ tools.eurolandir.com/ info.marel.com player.vimeo.com/ www.youtube.com/ snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-attr 'unsafe-inline';script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https:;frame-src 'self' https:;frame-ancestors 'self' *.unimedcuritiba.com.br localhost:9090 *.unimedcuritiba.com.br:9090;style-src 'self' 'unsafe-inline' https:;font-src 'self' https: http: data: blob:;connect-src 'self' https: http: data: wss: ws:;img-src 'self' https: http: data: blob:;default-src 'self';base-uri 'self';block-all-mixed-content;object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://*.toyota.cz https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src *; font-src *.typekit.net; style-src https: http: 'unsafe-inline'; script-src https: http: 'unsafe-inline'; img-src 'self' https: data:; frame-ancestors *.hubspot.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.uat-asicentral.com *.asicentral.com *.youtube.com *.google.com *.googleadservices.com *.googlesyndication.com *.googletagservices.com *.facebook.com *.facebook.net *.vimeo.com *.vimeocdn.com *.bootstrapcdn.com *.googletagmanager.com https://assets-us1-cloud.deskpro.com https://kit.fontawesome.com https://ajax.googleapis.com https://api.filepicker.io https://google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com https://servedbyadbutler.com;object-src 'self' *.googlesyndication.com;style-src 'self' 'unsafe-inline' *.uat-asicentral.com *.asicentral.com *.bootstrapcdn.com *.googleapis.com *.googletagmanager.com https://assets-us1-cloud.deskpro.com https://kit-pro.fontawesome.com;img-src 'self' data: *.asicentral.com *.uat-asicentral.com *.facebook.com *.vimeocdn.com/ *.youtube.com/ *.google.com/ *.gravatar.com/ https://assets-us1-cloud.deskpro.com https://servedbyadbutler.com https://www.google-analytics.com;media-src 'self' *.asicentral.com *.uat-asicentral.com *.facebook.com *.vimeocdn.com/ *.vimeo.com/ *.youtube.com/;frame-src 'self' *.hotjar.com/ *.youtube.com/ *.uat-asicentral.com/ *.asicentral.com/ *.filepicker.io/ *.vimeo.com/ *.google.com/;font-src 'self' data: *.bootstrapcdn.com/ *.google.com/ https://fonts.gstatic.com *.fontawesome.com/;base-uri 'self';child-src 'self' blob: data: *.vimeo.com *.googlesyndication.com *.google.com *.facebook.com *.youtube.com;form-action 'self' *.google.com *.facebook.com *.facebook.net *.asicentral.com *.uat-asicentral.com;frame-ancestors 'self' *.asicentral.com *.uat-asicentral.com;worker-src blob: https://store.uat-asicentral.com;upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self' 'unsafe-inline' *.motilaloswalmf.com *.moamc.com *.motilaloswalamc.com wss://ws.hotjar.com *.moengage.com *.httpbin.org *.youtube.com https://youtu.be *.schema.org https://s3-eu-west-1.amazonaws.com *.cloudfront.net *.clevertap.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.hotjar.com https://fonts.gstatic.com https://fonts.googleapis.com *.clevertap-prod.com *.googleadservices.com *.clarity.ms *.quora.com https://px.ads.linkedin.com *.google.com *.doubleclick.net *.google.co.in *.licdn.com blob: data: 'self'; img-src 'self' 'unsafe-inline' https: *.motilaloswalmf.com *.moamc.com *.motilaloswalamc.com wss://ws.hotjar.com *.moengage.com *.httpbin.org *.youtube.com https://youtu.be *.schema.org https://s3-eu-west-1.amazonaws.com *.cloudfront.net *.clevertap.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.hotjar.com https://fonts.gstatic.com https://fonts.googleapis.com *.clevertap-prod.com *.googleadservices.com *.clarity.ms *.quora.com https://px.ads.linkedin.com *.google.com *.doubleclick.net *.google.co.in *.licdn.com blob: data: 'self'; connect-src 'self' *.motilaloswalmf.com *.moamc.com *.motilaloswalamc.com wss://ws.hotjar.com https://px.ads.linkedin.com *.clarity.ms *.google-analytics.com *.doubleclick.net *.moengage.com *.google.com *.httpbin.org https://httpbin.org/ *.cloudflare.com *.googleapis.com *.gstatic.com; script-src 'self' 'unsafe-inline' *.motilaloswalmf.com *.moamc.com *.motilaloswalamc.com wss://ws.hotjar.com *.moengage.com *.httpbin.org *.youtube.com https://youtu.be *.schema.org https://s3-eu-west-1.amazonaws.com *.cloudfront.net *.clevertap.com *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.hotjar.com https://fonts.gstatic.com https://fonts.googleapis.com *.clevertap-prod.com *.googleadservices.com *.clarity.ms *.quora.com https://px.ads.linkedin.com *.google.com *.doubleclick.net *.google.co.in *.licdn.com data: 'self'; frame-ancestors 'self'; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.razorpay.com *.paynimo.com *.doubleclick.net *.google.co.in https://youtube.com/ https://www.youtube.com/ https://www.google.com/; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-312399a605d95bbefa87fc889bb72c8b'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
Content-Security-Policy: default-src 'self' ideal-postcodes.co.uk *.ideal-postcodes.co.uk 1
default-src 'self';                      script-src 'self' https://wemabank-team.freshchat.com https://www.youtube.com https://www.googleapis.com http://www.w3.org https://cdnt.netcoresmartech.com https://www.googletagmanager.com https://connect.facebook.net https://cdn-cookieyes.com 'sha256-mp4egTbEqShCNavlde3fSRjf0EkE1YJxsybpKKmykeU=';                      connect-src 'self' https://wemawebsitebackend.azurewebsites.net https://wemabackendprod.azurewebsites.net https://apibox.alat.ng https://wembanksitestorage.blob.core.windows.net https://wemaprodstorage.blob.core.windows.net https://marketdataapiv3.ngxgroup.com https://wemabank-team.freshchat.com https://www.googletagmanager.com https://www.googleapis.com https://www.youtube.com http://www.w3.org https://www.google-analytics.com https://log.cookieyes.com https://cdn-cookieyes.com;                      frame-ancestors 'none';                      style-src 'self' https://wemabank-team.freshchat.com http://www.w3.org 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=';                      img-src 'self' https://cdn-cookieyes.com https://wembanksitestorage.blob.core.windows.net https://wemaprodstorage.blob.core.windows.net https://wemawebsite.azurewebsites.net http://www.w3.org https://www.facebook.com data:;                     frame-src 'self' https://www.youtube.com https://wemabank-team.freshchat.com http://www.w3.org https://www.googletagmanager.com https://436140438131527.webpush.freshchat.com https://www.google.com;                     form-action 'self';                     font-src 'self' data:;                  1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' * blob: 194.30.79.53; 1
frame-ancestors 'self' https://kronos-ma.com https://*.nihon-ma.co.jp https://ma-association.com https://dev.ma-association.com 1
default-src 'self' blob:;img-src https: *.google-analytics.com 'self' * data: blob:;style-src 'self' https: 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.botion.com *.alphax.com *.alphaxpro.app *.hydeex.com *.webpushs.com *.legendtrading.com *.sendpulse.com *.bing.com *.googletagmanager.com static.zdassets.com *.google-analytics.com ajax.cloudflare.com *.geetest.com *.qbox.me *.zopim.com *.tradingview.com *.twitter.com *.ads-twitter.com *.recaptcha.net *.google.com *.facebook.net *.facebook.com *.gstatic.com *.doubleclick.net *.googleadservices.com *.volccdn.com *.ibytedtos.com fpnpmcdn.net fpcdn.io *.prdredir.com *.geevisit.com *.mql5.com *.taboola.com *.ads-twitter.com *.yandex.ru;script-src-elem 'self' 'unsafe-inline' *;connect-src 'self' 'unsafe-inline' * data: blob: *.fptls.com api.fpjs.io *.api.fpjs.io fp.alphax.com fp.hydeex.com;form-action 'self' *.facebook.com *.facebook.net *.advcash.com *.mrcr.io *.mercuryo.io;frame-src 'self' * blob:;object-src 'none';font-src 'self' * data:;media-src 'self' *;manifest-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src * blob:;child-src * blob: 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/@googlemaps/markerclusterer/dist/index.min.js embed.typeform.com *.cookielaw.org *.onetrust.com *.clarity.ms *.bing.com *.prommt.com *.jsdelivr.net *.force24.co.uk *.cloudflare.com *.datatables.net googleads.g.doubleclick.net *.googleadservices.com *.googletagmanager.com connect.facebook.net static.ads-twitter.com analytics.twitter.com *.globalsign.com snap.licdn.com corgidirect.activehosted.com d3rxaij56vjege.cloudfront.net trackcmp.net static.addtoany.com *.hotjar.com *.parliament-hill.co.uk *.parliament-hill.net https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com *.google-analytics.com blob:; img-src 'self'  embed.typeform.com https://*.googleapis.com https://*.gstatic.com *.googletagmanager.com *.cookielaw.org *.onetrust.com *.ytimg.com *.clarity.ms *.bing.com *.huwsgray.co.uk t.co *.t.co *.data-crypt.com analytics.twitter.com *.google.com *.google.co.uk *.googleusercontent.com *.facebook.com *.linkedin.com data:; frame-src 'self' *; connect-src 'self' *.onetrust.com *.clarity.ms c.bing.com *.google-analytics.com *.oribi.io *.doubleclick.net *.hotjar.com *.hotjar.io *.facebook.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' embed.typeform.com *.clarity.ms c.bing.com *.prommt.com *.googletagmanager.com *.jsdelivr.net *.datatables.net *.jquery.com *.parliament-hill.co.uk https://fonts.googleapis.com; worker-src blob:; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://entrepreneurshandbook.co https://*.entrepreneurshandbook.co https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
upgrade-insecure-requests; default-src 'self' *; connect-src *; font-src * data:; frame-src 'self' *; img-src * data:; media-src *; object-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src * 'unsafe-inline'; frame-ancestors *; 1
default-src 'self'; frame-src *; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src *; style-src-elem * 'unsafe-inline'; 1
object-src none; frame-ancestors 'self' http://webvisor.com https://webvisor.com https://metrika.yandex.ru http://metrika.yandex.ru; report-uri /report-csp-violation 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://mimorelia.com;block-all-mixed-content; 1
default-src 'self'  data: blob:;          img-src 'self' 'unsafe-inline' data: blob:              https://ssl.google-analytics.com/            http://www.google-analytics.com/            http://www.googleadservices.com/pagead/            https://googleads.g.doubleclick.net/            https://www.google.com/pagead/            https://www.bing.com/api/maps/            https://www.youtube.com/            https://youtube.com/            https://www.vimeo.com/            https://vimeo.com/            https://*.vimeo.com/external/              https://player.vimeo.com/video/              https://i.vimeocdn.com/video/              https://app-eval.signnow.com/              https://*.signnow.com/            https://vod-progressive.akamaized.net/            https://*.dynamic.tiles.virtualearth.net/              https://*.bing.com               https://*.virtualearth.com             https://syndication.twitter.com/            https://platform.twitter.com/css/            https://abs.twimg.com/emoji/            https://pbs.twimg.com/profile_images/            https://pbs.twimg.com/media/            https://*.audioeye.com/            https://*.fitnessintl.com/            https://*.facebook.net/            https://www.facebook.com/tr/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            www.googletagmanager.com              https://analytics.xscreenattribution.com/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/              https://cm.g.doubleclick.net/              https://ups.analytics.yahoo.com/ups/              https://pixel.rubiconproject.com/              https://match.adsrvr.org/track/cmf/                 https://d1oym7eq8y3o6a.cloudfront.net             https://analytics.tiktok.com/i18n/pixel/             https://td.doubleclick.net/             https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/           ;             script-src 'self' 'unsafe-inline' 'unsafe-eval'             https://www.google.com/recaptcha/            https://www.gstatic.com/recaptcha/            https://ssl.google-analytics.com/            http://www.google-analytics.com/            http://www.googleadservices.com/pagead/            https://googleads.g.doubleclick.net/            https://www.google.com/pagead/            https://www.bing.com/api/maps/            https://www.bing.com/api/maps/mapcontrol/            https://www.youtube.com/            https://youtube.com/            https://www.vimeo.com/            https://vimeo.com/            https://*.vimeo.com/external/              https://player.vimeo.com/api/              https://player.vimeo.com/video/                   https://signnow.com              https://api.signnow.com              https://app-eval.signnow.com/              https://*.signnow.com/            https://vod-progressive.akamaized.net/            https://www.bing.com/rs/            https://www.bing.com/rb/            https://www.bing.com/rp/              https://r.bing.com/rp/              https://*.bing.com               https://*.virtualearth.com              https://*.dynamic.tiles.virtualearth.net/            https://dev.virtualearth.net/webservices/            https://platform.twitter.com/widgets.js            https://platform.twitter.com/js/            https://cdn.syndication.twimg.com/timeline/            https://*.audioeye.com/            https://*.facebook.net/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            https://www.googletagmanager.com/              https://www.google-analytics.com/              https://www.google-analytics.com/g/              https://analytics.xscreenattribution.com/              https://js.adsrvr.org/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/              https://protect-us.mimecast.com/s/              https://security-us.mimecast.com/              https://d1oym7eq8y3o6a.cloudfront.net             https://analytics.tiktok.com/i18n/pixel/             https://td.doubleclick.net/             https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           child-src 'self' 'unsafe-inline'             https://www.google.com/recaptcha/             https://google.com/recaptcha/            https://www.gstatic.com/recaptcha/            https://gstatic.com/recaptcha/            https://ssl.google-analytics.com/            http://www.google-analytics.com/            http://google-analytics.com/            http://www.googleadservices.com/pagead/            https://googleads.g.doubleclick.net/            https://www.google.com/pagead/            https://www.bing.com/api/maps/            https://www.bing.com/api/maps/mapcontrol/            https://www.youtube.com/            https://youtube.com/            https://www.vimeo.com/            https://vimeo.com/            https://*.vimeo.com/external/              https://player.vimeo.com/video/                https://signnow.com              https://api.signnow.com              https://app-eval.signnow.com/              https://*.signnow.com/            https://vod-progressive.akamaized.net/            https://www.bing.com/rs/            https://www.bing.com/rb/            https://www.bing.com/rp/              https://r.bing.com/rp/              https://*.bing.com               https://*.virtualearth.com              https://*.dynamic.tiles.virtualearth.net/            https://dev.virtualearth.net/webservices/            https://www.facebook.com/            https://platform.twitter.com/            https://syndication.twitter.com/            https://*.facebook.net/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/              https://www.google-analytics.com/              https://www.google-analytics.com/g/              https://analytics.xscreenattribution.com/              https://www.googletagmanager.com/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/                  https://protect-us.mimecast.com/s/              https://security-us.mimecast.com/              http://www.googletagmanager.com/gtag/              https://d1oym7eq8y3o6a.cloudfront.net              https://analytics.tiktok.com/i18n/pixel/              https://td.doubleclick.net/              https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           frame-src 'self' 'unsafe-inline'               https://staging.lafitness.com/              https://lafitness.com/              https://clubstudiofitness.com/              https://citysportsfitness.com/              https://esportafitness.com/            https://www.google.com/recaptcha/             https://google.com/recaptcha/            https://www.gstatic.com/recaptcha/            https://gstatic.com/recaptcha/             https://ssl.google-analytics.com/              http://www.google-analytics.com/             http://www.googleadservices.com/pagead/            https://googleads.g.doubleclick.net/            https://www.google.com/pagead/            http://google-analytics.com/            https://www.bing.com/api/maps/            https://www.bing.com/api/maps/mapcontrol/            https://www.youtube.com/            https://youtube.com/            https://www.vimeo.com/            https://vimeo.com/            https://*.vimeo.com/external/              https://player.vimeo.com/video/                 https://signnow.com              https://api.signnow.com               https://app-eval.signnow.com/              https://*.signnow.com/            https://vod-progressive.akamaized.net/            https://www.bing.com/rs/            https://www.bing.com/rb/            https://www.bing.com/rp/              https://r.bing.com/rp/              https://*.bing.com               https://*.virtualearth.com              https://*.dynamic.tiles.virtualearth.net/            https://dev.virtualearth.net/webservices/            https://www.facebook.com/            https://platform.twitter.com/            https://syndication.twitter.com/            https://*.audioeye.com/            https://*.facebook.net/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            https://www.googletagmanager.com/              https://my.matterport.com/              https://my.matterport.com/show/              https://www.google-analytics.com/              https://www.google-analytics.com/g/              https://analytics.xscreenattribution.com/              https://js.adsrvr.org/              https://insight.adsrvr.org/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/              https://bid.g.doubleclick.net/                https://protect-us.mimecast.com/s/              https://security-us.mimecast.com/              https://d1oym7eq8y3o6a.cloudfront.net              https://analytics.tiktok.com/i18n/pixel/              https://td.doubleclick.net/              https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           style-src 'self' 'unsafe-inline'             https://www.bing.com/rs/            https://www.bing.com/rb/            https://www.bing.com/rp/              https://r.bing.com/rp/              https://*.bing.com               https://*.virtualearth.com              https://platform.twitter.com/css/            https://*.audioeye.com/            https://*.facebook.net/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/             https://signnow.com              https://api.signnow.com            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            https://fonts.googleapis.com/               https://*.googleadservices.com/pagead/               https://d1oym7eq8y3o6a.cloudfront.net             https://analytics.tiktok.com/i18n/pixel/             https://td.doubleclick.net/             https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           connect-src 'self'              https://www.bing.com/maps/            https://www.bing.com/fd/ls/              https://*.audioeye.com/             https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://www.google-analytics.com/j/              https://www.googletagmanager.com/              https://www.google-analytics.com/g/              https://analytics.xscreenattribution.com/              https://www.google-analytics.com/              https://insight.adsrvr.org/track/pxl/              https://*.googleadservices.com/pagead/                  https://signnow.com              https://api.signnow.com               https://protect-us.mimecast.com/s/              https://security-us.mimecast.com/              https://d1oym7eq8y3o6a.cloudfront.net             https://analytics.tiktok.com/i18n/pixel/             https://td.doubleclick.net/             https://analytics.tiktok.com/api/v2/pixel             https://analytics.tiktok.com/api/             https://pagead2.googlesyndication.com/pagead/            ;           font-src 'self' data: blob:            https://*.audioeye.com/            https://cdn.cookielaw.org/            https://cdn.cookielaw.org/consent/            https://*.onetrust.com/            https://*.audioeye.com/scripts/            https://connect.facebook.net/signals/config/            https://fonts.gstatic.com/s/opensans/v18/            https://fonts.gstatic.com/s/roboto/               https://*.googleadservices.com/pagead/                  https://fonts.gstatic.com/s/lato/v22/S6u9w4BMUTPHh50XSwaPGQ3q5d0N7w.woff2               https://fonts.gstatic.com/s/lato/v22/            ;           media-src 'self'             https://*.audioeye.com/            https://*.audioeye.com/scripts/              ;            frame-ancestors 'self'               https://staging.lafitness.com/               https://lafitness.com/               https://clubstudiofitness.com/               https://citysportsfitness.com/               https://esportafitness.com/               https://www.lafitness.com/               https://www.clubstudiofitness.com/               https://www.citysportsfitness.com/               https://www.esportafitness.com/               https://startlafitness.com/               https://startesportafitness.com/               https://startcitysportsclub.com/ 1
base-uri 'self';default-src 'self';object-src 'self';frame-ancestors 'self';style-src 'self' 'unsafe-inline' https://*.google.com http://*.googleapis.com https://*.googleapis.com;font-src 'self' data:;img-src 'self' data: blob: https:;script-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cv.fr https://matomo.resumedia.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.pinimg.com https://*.facebook.net 'nonce-d-abf1fe8e-5b0f-4053-8de8-7ea08a42b575' 'nonce-g-07612840-2266-4e89-9a57-f78f8da051bc' 'nonce-h-b5e7a1b6-cd27-4187-a525-f836125ffee1' 'nonce-b-fb06bf64-09a4-408f-8dd1-78ea7db09971';child-src 'self' data: https:;frame-src 'self' data: https:;connect-src 'self' https://*.mollie.com https://*.adyen.com https://*.hotjar.com https://*.bing.com https://google.com https://*.google.com https://*.googletagmanager.com https://*.paypal.com https://icu.cv.fr https://matomo.resumedia.com https://*.tapfiliate.com https://*.cookiebot.com https://appleid.cdn-apple.com https://beacon-v2.helpscout.net https://beaconapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://*.google-analytics.com https://*.doubleclick.net https://*.hotjar.io wss://*.hotjar.com https://frstre.com https://*.linkedin.oribi.io; 1
frame-ancestors 'self' https://*.locasun.com; 1
default-src 'none'; frame-ancestors https://*.edadeal.ru https://edadeal.ru https://yandex.ru https://yandex.com https://yandex.by https://*.yandex.ru https://*.yandex.com https://*.yandex.by; connect-src 'self'; script-src 'nonce-bb5e4ae2cba9961fbd8d53d6ab31fa66' 'self'; img-src 'self' 1
default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; upgrade-insecure-requests; 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'nonce-lGJqoUpd9xHGqvKo/2KIfw==' 'strict-dynamic' https: 'unsafe-inline' 'self'; upgrade-insecure-requests; 1
frame-ancestors https://aktiespararna.sanity.studio/ 1
frame-ancestors 'self' https://www.gamer.no *.ggez.no https://forum.kvinneguiden.no; 1
frame-ancestors 'self' https://changemakers.thehumaneleague.org; object-src 'none'; 1
default-src 'self'; worker-src 'self' *.monetate.net blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.trustpilot.com  ct.pinterest.com s.pinimg.com *.rakuten.com *.linksynergy.com *.nxtck.com *.xg4ken.com *.leadsrx.com *.twitter.com *.monetate.net *.googletagmanager.com *.thinkmoney.co.uk *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.yimg.com *.tag4arm.com *.msecnd.net *.taboola.com *.doubleclick.net *.yahoo.com *.google.com *.onetrust.com https://www.datadoghq-browser-agent.com; prefetch-src *.amplifyapp.com *.tmtest.co.uk *.thinkmoney.co.uk *.onetrust.com *.monetate.net; style-src 'self' 'unsafe-inline' *.monetate.net *.google.com *.googleapis.com; img-src 'self' ct.pinterest.com *.linksynergy.com https://www.datocms-assets.com/ *.gstatic.com t.co *.google.com *.google.co.uk *.facebook.com *.monetate.net chart.googleapis.com wingify-assets.s3.amazonaws.com *.googletagmanager.com *.tmtest.co.uk *.thinkmoney.co.uk *.google-analytics.com *.bing.com  *.googleadservices.com *.facebook.net *.ads-twitter.com *.yimg.com *.tag4arm.com *.msecnd.net *.taboola.com *.doubleclick.net *.yahoo.com *.onetrust.com data:; font-src 'self' *.gstatic.com *.monetate.net data:; manifest-src 'self'; connect-src 'self' *.trustpilot.com ct.pinterest.com *.google.com *.google.co.uk *.visualstudio.com *.execute-api.eu-west-1.amazonaws.com *.monetate.net *.googletagmanager.com *.thinkmoney.co.uk *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.yimg.com *.tag4arm.com *.msecnd.net *.taboola.com *.doubleclick.net *.yahoo.com *.onetrust.com https://*.logs.datadoghq.eu https://www.datocms-assets.com; upgrade-insecure-requests; block-all-mixed-content; frame-src *.trustpilot.com https://www.youtube.com/ https://forms.office.com/ *.monetate.net *.googletagmanager.com *.thinkmoney.co.uk *.google-analytics.com *.bing.com *.googleadservices.com *.facebook.net *.ads-twitter.com *.yimg.com *.tag4arm.com *.msecnd.net *.taboola.com *.doubleclick.net *.yahoo.com *.onetrust.com 1
frame-ancestors 'self' https://www.google.com https://www.googletagmanager.com; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-src *; frame-ancestors 'self' https://*.googleapis.com https://*.rifleshootermag.com http://*.rifleshootermag.com https://*.androidplatform.net https://*.twixlmedia.com/ http://*.twixlmedia.com https://us.content.twixlmedia.com https://*.akamaized.net http://*.akamaized.net https://*.osgnetworks.tv file://* filesystem:; 1
font-src *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com *.google.com *.google.ca *.omappapi.com *.hotjar.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.net *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.affirm.com *.affirm.ca c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.hotjar.com *.paypal.com *.kaptcha.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.google.com *.google.ca *.bing.com *.facebook.com *.freshbots.ai *.pusher.com *.freshworksapi.com *.attn.tv 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.bing.com *.freshbots.ai *.paypal.com *.gstatic.com *.googletagmanager.com *.shopperapproved.com *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.youtube.com *.google.com *.google.ca *.doubleclick.net *.facebook.net *.facebook.com *.hotjar.com *.riskified.com *.clarity.ms *.cloudfront.net *.omappapi.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googletagmanager.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.forter.com *.cloudfront.net *.optnmstr.com *.newrelic.com *.hotjar.com *.nr-data.net *.shopperapproved.com *.bing.com *.freshbots.ai *.clarity.ms *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.addthisedge.com *.moatads.com *.nort.ca *.youtube.com *.google.com *.google.ca *.omappapi.com *.facebook.net *.facebook.com *.riskified.com *.doubleclick.net *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.noibu.com *.attn.tv *.omniconvert.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.klevu.com *.ksearchnet.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.omappapi.com *.freshbots.ai fonts.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.nort.ca *.google.com *.google.ca *.shopperapproved.com *.klaviyo.com *.crazyegg.com *.pusher.com *.freshworksapi.com *.attn.tv 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.affirm.com *.affirm.ca https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cloudfront.net *.forter.com *.omappapi.com *.hotjar.com *.doubleclick.net *.nr-data.net *.shopperapproved.com *.freshbots.ai *.googleapis.com *.tdotperformance.ca *.automotivestuff.com *.addthis.com *.nort.ca *.clarity.ms *.youtube.com *.google.com *.google.ca *.facebook.net *.facebook.com *.bing.com *.riskified.com *.klaviyo.com *.crazyegg.com *.hotjar.io *.pusher.com *.freshworksapi.com wss://rts-us.freshworksapi.com wss://ws.hotjar.com *.noibu.com wss://*.noibu.com *.attn.tv events.attentivemobile.com *.omniconvert.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://me.dm; img-src 'self' https: data: blob: https://me.dm; style-src 'self' https://me.dm 'nonce-6WXPdhlTEm50At2EEVL27w=='; media-src 'self' https: data: https://me.dm; frame-src 'self' https:; manifest-src 'self' https://me.dm; form-action 'self'; child-src 'self' blob: https://me.dm; worker-src 'self' blob: https://me.dm; connect-src 'self' data: blob: https://me.dm https://media.me.dm wss://me.dm; script-src 'self' https://me.dm 'wasm-unsafe-eval' 1
frame-ancestors 'self' http://manage.hawksearch.com https://manage.hawksearch.com http://dev.hawksearch.net https://dev.hawksearch.net 1
default-src 'self' *.youtube.com youtube.com *.ytimg.com ytimg.com *.vercel.app vercel.app *.gstatic.com gstatic.com *.doubleclick.net doubleclick.net *.google.com google.com *.vercel.live vercel.live *.support.2fas.com support.2fas.com; base-uri 'self'; form-action 'self'; script-src 'self' 'unsafe-inline' *.youtube.com youtube.com *.ytimg.com ytimg.com *.vercel.app vercel.app *.gstatic.com gstatic.com *.doubleclick.net doubleclick.net *.google.com google.com *.vercel.live vercel.live *.support.2fas.com support.2fas.com; child-src 2fas.com *.youtube.com youtube.com *.ytimg.com ytimg.com *.vercel.app vercel.app *.gstatic.com gstatic.com *.doubleclick.net doubleclick.net *.google.com google.com *.vercel.live vercel.live *.support.2fas.com support.2fas.com; style-src 'self' 'unsafe-inline' 2fas.com data:; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src *.youtube.com youtube.com *.ytimg.com ytimg.com *.vercel.app vercel.app *.gstatic.com gstatic.com *.doubleclick.net doubleclick.net *.google.com google.com *.vercel.live vercel.live *.support.2fas.com support.2fas.com 'self' data: blob:; font-src 'self'; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://cinematik.net:8443/socket.io/ wss://cinematik.net:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; script-src 'self' http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; connect-src * 'self' http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; img-src data: 'self' http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; style-src 'self' 'unsafe-inline' http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; frame-src 'self' http://www.googletagmanager.com https://www.googletagmanager.com http://tagmanager.google.com https://tagmanager.google.com https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; font-src 'self' http://tagmanager.google.com https://tagmanager.google.com data: https://ethn.io https://stats.g.doubleclick.net https://platform.instagram.com https://instagram.com https://www.instagram.com https://*.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.livechatinc.com https://*.cloudfront.net https://*.googleusercontent.com https://www.bugherd.com https://*.braintreegateway.com https://www.biblioimages.com https://fonts.gstatic.com https://*.googleapis.com https://tripadvisor.com https://*.gstatic.com https://www.tripadvisor.com https://rum-static.pingdom.net https://rum-collector.pingdom.net https://*.youtube.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.facebook.com https://cdn.inspectlet.com https://hn.inspectlet.com https://www.google.com https://www.google.pl https://www.google.co.uk https://google.com https://google.pl https://google.co.uk https://*.amazonaws.com blob: wss://*.insightguides.com ws://*.insightguides.com https://cdnjs.cloudflare.com https://*.optimizely.com https://*.surveymonkey.com https://surveymonkey.com https://*.ubembed.com https://assets.ubembed.com https://*.addthis.com https://*.addthisedge.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsleadflows.net https://cdn2.hubspot.net https://js.usemessages.com https://widget.privy.com https://track.hubspot.com https://assets.privy.com https://privymktg.com https://platform-api.sharethis.com https://c.sharethis.mgr.consensu.org https://*.hotjar.com https://*.cardinalcommerce.com https://*.hsadspixel.net https://app.hubspot.com https://forms.hubspot.com https://events.privy.com; 1
default-src 'self' 'unsafe-inline' data: https:; upgrade-insecure-requests 1
default-src *  data: blob: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://alicetraininginstitute.formstack.com; 1
frame-ancestors 'self'; base-uri 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fedica.com *.tweepsmap.com tweepsmap.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com https://*.giphy.com; img-src 'self' data: blob:  https://*; media-src 'self' data: blob: https://*;font-src 'self' data: *.fedica.com https://*.googleusercontent.com https://*.gstatic.com;frame-src 'self' https://www.youtube.com https://*.facebook.com https://*.google.com https://*.linkedin.com; report-uri https://fedica.com/health/csp; 1
default-src 'self' *.chengmail.cn *.mail.top *.cndns.com *.chengpan.vip at.alicdn.com *.51.la *.idccenter.net *.chengmail.me;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cndns.com *.cnzz.com cdn.jsdelivr.net unpkg.com *.51.la *.idccenter.net www.googletagmanager.com;style-src 'self' 'unsafe-inline' *.cndns.com cdn.jsdelivr.net unpkg.com at.alicdn.com *.idccenter.net;img-src * 'self' data: https: blob:;frame-src 'self' *.chengmail.cn *.chengpan.vip *.idccenter.net;font-src 'self' data: cdn.jsdelivr.net at.alicdn.com unpkg.com *.idccenter.net 1
img-src * 'self' blob: data:;default-src *; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' data: https://www.googletagmanager.com https://www.clarity.ms https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms  https://y.clarity.ms https://z.clarity.ms https://analytics.tiktok.com https://onesignal.com https://cdn.onesignal.com https://live.stc.com.kw https://business-soft.stc.com.kw  https://www.stc.com.kw  https://stc.com.kw https://www.solutions.com.kw https://solutions.com.kw https://maps.googleapis.com https://www.google-analytics.com https://analytics.tiktok.com https://p.teads.tv  https://connect.facebook.net https://static.ads-twitter.com https://sc-static.net  https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://static.hotjar.com https://ajax.googleapis.com https://www.semrush.com https://dtm-dre.platform.hicloud.com https://www.googletagmanager.com https://snap.licdn.co https://p.teads.tv https://static.ads-twitter.com https://sc-static.net https://www.googleadservices.com https://analytics.twitter.com https://live.viva.com.kw https://www.google-analytics.com https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://platform.twitter.com https://platform.snapchat.com https://platform.twitter.com https://live.viva.com.kw https://snap.licdn.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://fonts.gstatic.com data:; 1
frame-ancestors 'self' *.quicksight.aws.amazon.com outlook.office365.com outlook.office.com; frame-src 'self' a15928870500.cdn.optimizely.com d168ry9k9aor0i.cloudfront.net *.stripe.com *.sagepay.com *.bws.birst.com *.facebook.com *.pendo.io *.quicksight.aws.amazon.com; report-uri https://68cebcfc7e2f58b08b59066f1.report-uri.com/r/d/csp/enforce 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.homesdirect365.co.uk; base-uri 'self' 1
base-uri *; font-src *; form-action *; frame-ancestors *; img-src * data: blob:; object-src *; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-FsAUBAkFyQw5E5+6jGoYA/aFxVDq6S5Qr5icyIJ7LJVcrA1/' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval' plausible.io; font-src data: 'self' fonts.gstatic.com; img-src * data: 'self'; frame-ancestors 'self' *.convert.com *.paperflite.com; connect-src wss: https: 'self' plausible.io 1
frame-ancestors https://*.ntuc.org.sg/ https://mccebnveobhqeehilh1-cm.managedcloud.sitecore.com https://mccebnveobhqeehilh1-cd.managedcloud.sitecore.com; 1
img-src 'self' data: *; default-src 'self' 'unsafe-inline' 'unsafe-eval' maasstad.local www.google-analytics.com www.googletagmanager.com tagmanager.google.com plus.google.com ajax.aspnetcdn.com www.facebook.com twitter.com www.linkedin.com www.youtube.com www.pinterest.com www.instagram.com digid.nl fast.fonts.com *.maasstadziekenhuis.nl *.maasstadehealth.nl guidingtube.com *.guidingtube.com; script-src * data: application/javascript 'unsafe-inline' 'unsafe-eval'; frame-src data: 'self' santeon.nl *.youtube.com *.youtube-nocookie.com guidingtube.com *.guidingtube.com beterdichtbij.nl *.beterdichtbij.nl indiveo.services 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ruhr.social; img-src 'self' https: data: blob: https://ruhr.social; style-src 'self' https://ruhr.social 'nonce-vuUnNh0nsMZByWGYJt7HuA=='; media-src 'self' https: data: https://ruhr.social; frame-src 'self' https:; manifest-src 'self' https://ruhr.social; form-action 'self'; child-src 'self' blob: https://ruhr.social; worker-src 'self' blob: https://ruhr.social; connect-src 'self' data: blob: https://ruhr.social https://media.ruhr.social wss://ruhr.social; script-src 'self' https://ruhr.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' online.eccmid.org *.eccmid.org; 1
default-src 'self'; font-src 'self' data: *.cloudflare.com fonts.gstatic.com use.fontawesome.com ka-f.fontawesome.com; img-src 'self' data: www.compassionuk.org www.gstatic.com *.cloudflare.com media.ci.org *.facebook.net *.facebook.com bat.bing.com secure.gravatar.com services.ukpc.ci.org via.placeholder.com placehold.it play-lh.googleusercontent.com www.google.com www.google.co.in www.google.co.uk maps.googleapis.com maps.gstatic.com www.rnengage.com www.google-analytics.com vcc-eu5b.8x8.com img.youtube.com vcc-eu5.8x8.com sp.tinymce.com ct.pinterest.com www.googletagmanager.com res.cloudinary.com i.ytimg.com; connect-src 'self' *.google-analytics.com *.facebook.com yoast.com stats.g.doubleclick.net script.crazyegg.com rum-collector-2.pingdom.net tracking.crazyegg.com cdn.cookielaw.org privacyportal-eu.onetrust.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com maps.googleapis.com ct.pinterest.com ka-f.fontawesome.com n.clarity.ms cdn.ampproject.org analytics.tiktok.com analytics.google.com app.omniconvert.com compassionuk.pinpointhq.com; style-src 'self' 'unsafe-inline' www.compassionuk.org cdnjs.cloudflare.com fonts.googleapis.com compassionuk.widget.custhelp.com use.fontawesome.com cdn.tiny.cloud optimize.google.com dywrfp5ctng3l.cloudfront.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.compassionuk.org www.googletagmanager.com *.google-analytics.com optimize.google.com *.cloudflare.com connect.facebook.net bat.bing.com blueimp.github.io maps.googleapis.com ajax.aspnetcdn.com rum-static.pingdom.net script.crazyegg.com unpkg.com www.google.com vcc-eu5.8x8.com my.compassionuk.org www.gstatic.com www.rnengage.com compassionuk.widget.custhelp.com cdn.cookielaw.org vcc-eu5b.8x8.com cdn.tiny.cloud www.gstatic.com www.rnengage.com www.googleoptimize.com s.pinimg.com home-l32.niceincontact.com cdn.ampproject.org www.clarity.ms analytics.tiktok.com blob: cdn.omniconvert.com dywrfp5ctng3l.cloudfront.net; frame-src 'self' data: *.youtube.com www.rnengage.com www.google.com vcc-eu5.8x8.com vcc-eu5b.8x8.com www.youtube-nocookie.com indd.adobe.com www.facebook.com optimize.google.com home-l32.niceincontact.com ct.pinterest.com 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self' https://*.facebook.com https://www.facebook.com/tr/; frame-ancestors 'self' https://mkmbs.bloomreach.io; img-src 'self' data: https://*; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.valladolid.es https://www.valladolid.gob.es 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.formstack.com/; child-src 'none'; connect-src *; font-src *; frame-src *; img-src *; object-src *; script-src-elem * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; form-action *; report-uri https://www.chenmed.com/report-uri/enforce 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com ajax.aspnetcdn.com https://www.youtube.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google.com *.facebook.net *.twitter.com *.googletagmanager.com *.ads-twitter.com *.google-analytics.com *.ytimg.com web-chat.nativechat.com *.googleadservices.com *.g.doubleclick.net bot.ivy.ai widget.alongside.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tags.srv.stackadapt.com/events.js https://analytics.tiktok.com/i18n/pixel/events.js https://qvdt3feo.com/events.js https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2MA.js https://analytics.tiktok.com/i18n/pixel/static/identify_bb163.js *.theaccessplatform.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.google.com widget.alongside.com https://tags.srv.stackadapt.com/sa.css 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com *.twimg.com data: blob: *.facebook.com *.facebook.net *.linkedin.com *.ytimg.com *.twitter.com *.googletagmanager.com *.google-analytics.com web-chat.nativechat.com *.googleadservices.com *.google.com t.co *.google.ca *.ivy-cdn.com *.nbcc.ca app.careerbeacon.com//assets/images/widget_powered_by_careerbeacon.png https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: bot.ivy.ai; frame-src 'self' *.nbcc.ca *.youtube.com *.google.com *.facebook.com *.googleadservices.com *.g.doubleclick.net *.salesforce.com *.iatspayments.com *.vimeo.com *.campusebookstore.com open.spotify.com tours.smarterspaces.ca *.theaccessplatform.com forms.microsoft.com; connect-src 'self' data: accounts.google.com *.gstatic.com *.google.com *.g.doubleclick.net *.googletagmanager.com *.googlesyndication.com *.google-analytics.com https://px.ads.linkedin.com/wa/ https://tags.srv.stackadapt.com/sa.jpeg https://tags.srv.stackadapt.com/saq_pxl https://tags.srv.stackadapt.com/js_tracking https://analytics.tiktok.com/api/v2/pixel https://analytics.tiktok.com/api/v2/pixel/act; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com badge.stumbleupon.com *.facebook.net *.facebook.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-1267cb716a0286b4b30461dbb08ebca8'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
object-src 'none'; child-src https: data: blob:; script-src 'self' *.allcomponent.org cdnjs.cloudflare.com code.jquery.com *.google.com *.betgames.tv *.betgamestv.eu *.snippet.antillephone.com *.paygiga.com netent-static.casinomodule.com *.livechatinc.com cdn.livechatinc.com *.liveperson.net *.lpsnmedia.net *.googletagmanager.com *.google-analytics.com *.aitcloud.de *.betradar.com *.akamaized.net *.gstatic.com cdnstatic.thstatic.com  games.spigo.com google-analytics.com virtual.golden-race.net 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://d1e8vjamx1ssze.cloudfront.net; connect-src https://*.mixam.com 'self' blob: data: ws: wss://hub.prod.mixam.co.uk wss://hub.staging.mixam.co.uk https://uploads.prod.mixam.co.uk https://uploads.staging.mixam.co.uk https://reporter.prod.mixam.co.uk https://reporter.staging.mixam.co.uk https://d1e8vjamx1ssze.cloudfront.net https://d3hb14vkzrxvla.cloudfront.net https://*.clarity.ms https://bat.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.noibu.com https://maps.googleapis.com https://api.amplitude.com https://payments.amazon.com https://payments-uk.amazon.com https://payments.amazon.co.uk https://apay-us.amazon.com https://services.postcodeanywhere.co.uk https://apis.google.com https://pay.google.com https://stats.g.doubleclick.net https://*.paypal.com https://www.facebook.com https://portal.afterpay.com https://portal.sandbox.afterpay.com https://static.afterpay.com https://*.afterpay.com https://www.googleadservices.com https://cdn.jsdelivr.net https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://cdn.linkedin.oribi.io https://bam.eu01.nr-data.net https://js.volt.io https://api.addressy.com https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com https://chat-webhook.frontapp.com https://sessions.bugsnag.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://api.countrystatecity.in https://*.insertchatgpt.com https://cdn.plaid.com https://dcvxs6ggqztsa.cloudfront.net https://*.northbeam.io https://*.ads.linkedin.com https://*.trustpilot.com https://*.getprintbox.com https://*.printboxteam.com https://*.storage.googleapis.com https://storage.googleapis.com https://*.browser-intake-datadoghq.com http://liam.com; font-src 'self' data: https://fonts.gstatic.com https://editor.printess.com https://d1e8vjamx1ssze.cloudfront.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://*.getprintbox.com https://storage.googleapis.com; img-src https://c.paypal.com https://b.stats.paypal.com https://*.getprintbox.com https://liam.com https://mixam.co.uk https://chat-assets.frontusercontent.com 'self' data: * blob:; media-src 'self' *; object-src 'none'; script-src 'self' https://js.afterpay.com https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://*.noibu.com https://bat.bing.com https://snap.licdn.com https://connect.facebook.net https://*.clarity.ms https://maps.googleapis.com https://js.stripe.com https://*.paypal.com https://m.stripe.network https://www.dropbox.com https://*.payments-amazon.com https://www.gstatic.com https://portal.afterpay.com https://portal.sandbox.afterpay.com https://*.afterpay.com https://apis.google.com https://d1e8vjamx1ssze.cloudfront.net https://www.google.com https://www.workable.com https://apply.workable.com https://pay.google.com https://cdnjs.cloudflare.com https://beacon-v2.helpscout.net https://static.hotjar.com http://cdnjs.cloudflare.com https://www.googleadservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://bam.eu01.nr-data.net https://js.volt.io https://chat-assets.frontapp.com https://chat-assets.frontusercontent.com https://chat.frontapp.com https://eu-west-1-chat-server.frontapp.com https://chat-webhook.frontapp.com https://sessions.bugsnag.com 'unsafe-eval' 'unsafe-inline' https://unpkg.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://*.insertchatgpt.com https://cdn.plaid.com https://dcvxs6ggqztsa.cloudfront.net https://*.northbeam.io https://*.trustpilot.com https://accounts.google.com https://apis.google.com https://*.getprintbox.com https://*.browser-intake-datadoghq.com; style-src 'self' blob: data: https://d1e8vjamx1ssze.cloudfront.net https://fonts.googleapis.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdn.plaid.com https://*.getprintbox.com 'unsafe-inline'; frame-src 'self' blob: data: https://interactive.edocbuilder.com https://editor.printess.com https://www.youtube.com https://www.facebook.com https://js.stripe.com https://www.google.com https://accounts.google.com https://content-sheets.googleapis.com https://vars.hotjar.com https://payments.amazon.co.uk https://payments.amazon.com https://*.payments-amazon.com https://*.paypal.com https://checkout.sandbox.volt.io/ https://checkout.volt.io/ https://*.creditkey.com https://static.klaviyo.com https://static-tracking.klaviyo.com https://*.insertchatgpt.com https://cdn.plaid.com https://*.trustpilot.com https://www.youtube-nocookie.com https://*.trustpilot.com https://*.getprintbox.com https://*.browser-intake-datadoghq.com; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://csapi-nonprod.pg.com https://cdn.cookielaw.org https://www.youtube.com https://cdn.segment.com https://connect.facebook.net https://pghub.io/ *.bazaarvoice.com *.iesnare.com *.jebbit.com *.algolianet.com *.algolia.net *.pricespider.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://*.googletagmanager.com https://csapi-nonprod.pg.com https://cdn.cookielaw.org https://www.youtube.com https://cdn.segment.com *.bazaarvoice.com *.iesnare.com *.jebbit.com *.algolianet.com *.algolia.net *.pricespider.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.fonts.net https://cdn.cookielaw.org *.bazaarvoice.com *.iesnare.com *.pricespider.com feed.pghub.io pandg.tapad.com ; font-src 'self' https://fonts.gstatic.com https://assets.ctfassets.net https://cdn.cookielaw.org data: *.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' https://www.googletagmanager.com https://ssl.gstatic.com https://cdn.cookielaw.org https://images.ctfassets.net https://assets.ctfassets.net https://csapi-nonprod.pg.com https://m.media-amazon.com *.bazaarvoice.com https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ https://cdn11.bigcommerce.com/ https://www.google.co.in https://www.google.com https://www.facebook.com *.iesnare.com *.algolianet.com *.algolia.net data: *.pricespider.com feed.pghub.io pandg.tapad.com ; frame-src https://www.googletagmanager.com https://csapi-nonprod.pg.com https://cdn.cookielaw.org *.bazaarvoice.com https://www.youtube.com https://www.youtube-nocookie.com youtu.be https://consumersupport.pg.com https://pgconsumersupport.secure.force.com https://pg-lex.my.salesforce-sites.com https://www.facebook.com *.iesnare.com *.jebbit.com *.algolianet.com *.algolia.net *.pricespider.coms feed.pghub.io pandg.tapad.com ; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://cdn.cookielaw.org https://cdn.contentful.com https://csapi-nonprod.pg.com https://match.adsrvr.org https://stats.g.doubleclick.net https://cdn.segment.com https://csapi.pg.com https://api.segment.io https://in.au1.segmentapis.com *.bazaarvoice.com *.iesnare.com *.algolianet.com *.algolia.net *.pricespider.com https://privacytermsprod.azureedge.net/privacy/privacy_and_terms.json feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' cms.big-direkt.de; default-src data: 'self' 'unsafe-inline' http: https: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'self' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; connect-src * 'self' *.hotjar.com www.googletagmanager.com www.google.de www.google.com www.google-analytics.com *.g.doubleclick.net *.chatvisor.com www.googleadservices.com *.cookiebot.com sentry.operations.big-osp.de; worker-src * 'self' blob: 1
default-src 'self';    report-to csp-endpoint;      object-src http://*.neulion.net https://*.neulion.net;      connect-src 'self' *.doubleclick.net www.google-analytics.com https://*.twitter.com https://*.instagram.com http://*.twitter.com http://*.instagram.com https://*.visualstudio.com http://*.visualstudio.com;     script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.opendns.com http://*.opendns.com https://*.tiktok.com http://*.tiktok.com https://*.tiktokcdn.com http://*.tiktokcdn.com https://*.unpkg.com http://unpkg.com https://unpkg.com http://*.unpkg.com https://*.google.com http://*.google.com https://*.gstatic.com http://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.visualstudio.com https://*.jquery.com https://*.msecnd.net https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.instagram.com https://*.twitter.com https://*.twimg.com https://cdn.iframe.ly http://*.bootstrapcdn.com http://cdnjs.cloudflare.com http://*.instagram.com http://*.twitter.com http://*.twimg.com http://cdn.iframe.ly http://*.msecnd.net http://*.visualstudio.com http://*.jquery.com http://*.googletagmanager.com http://*.google-analytics.com;     frame-src 'self' https://open.spotify.com http://open.spotify.com https://*.tiktok.com http://*.tiktok.com https://*.msgnetworks.com https://*.msgnetworks.com https://cdn.iframe.ly https://twitter.com https://vimeo.com https://*.vimeo.com https://*.nhl.com https://*.sportsnet.ca https://*.tsn.ca https://*.espn.com https://*.google.com https://*.instagram.com https://*.youtube.com https://*.twitter.com http://cdn.iframe.ly http://*.google.com http://*.instagram.com http://*.youtube.com http://*.twitter.com http://*.nhl.com http://*.sportsnet.ca http://*.tsn.ca http://*.espn.com http://twitter.com http://vimeo.com http://*.vimeo.com;     style-src 'self' 'unsafe-inline' https://*.twimg.com http://*.twimg.com https://*.googleapis.com https://*.twitter.com https://*.instagram.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com http://*.googleapis.com http://*.twitter.com http://*.instagram.com http://*.bootstrapcdn.com https://cdnjs.cloudflare.com;     font-src 'self' https://cdnjs.cloudflare.com https://*.bootstrapcdn.com https://cdn.ckeditor.com https://fonts.gstatic.com http://cdnjs.cloudflare.com http://*.bootstrapcdn.com http://cdn.ckeditor.com http://fonts.gstatic.com;     img-src 'self' https://*.googletagmanager.com http://*.googletagmanager.com https://*.doubleclick.net http://*.doubleclick.net https://*.google-analytics.com https://i.ytimg.com https://media.nhlpa.com https://cdn.nhlpa.com https://cdnorigin.nhlpa.com https://twitter.com https://cdn.agilitycms.com https://*.twitter.com https://*.instagram.com  https://*.twimg.com http://i.ytimg.com http://media.nhlpa.com http://cdn.nhlpa.com http://cdnorigin.nhlpa.com http://twitter.com http://cdn.agilitycms.com http://*.twitter.com http://*.instagram.com http://*.twimg.com data: blob: http://*.google-analytics.com 1
default-src 'self' *.vercel.app ; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.atkore.com/ *.googleapis.com/ *.google.com/ www.googletagmanager.com/ *.hotjar.com/ cdn-cookieyes.com/ *.cookieyes.com/ *.gstatic.com/ *.vercel.app frecompositesinc.com/ cdn.jsdelivr.net/ cdnjs.cloudflare.com product-initjs.prod.rfksrv.com/ atkore.disc.atkore.com/; child-src 'none' ; img-src 'self' *.vercel.app edge.sitecorecloud.io/ data: *.gstatic.com/ *.unistrut.us/ img.youtube.com/ *.googleapis.com/ images.salsify.com/ cdn-cookieyes.com/ www.googletagmanager.com/ aigi-p-001.sitecorecontenthub.cloud/ dam.atkore.com/ prod-east-alweb-mt.rfksrv.com/ atkorerevitplugtoolbar.blob.core.windows.net/ ; style-src 'self' 'unsafe-inline' *.vercel.app fonts.cdnfonts.com/ fonts.googleapis.com/ cdn.jsdelivr.net/; frame-src 'self' *.vercel.app youtube.com *.youtube.com/ atkore.vt-development.com/ *.google.com/ astageofatkore.wpengine.com/ *.atkore-hanger-configurator.com/; font-src 'self' *.vercel.app fonts.gstatic.com/ fonts.cdnfonts.com/ ; connect-src *.googleapis.com/ atkorerevitplugtoolbar.blob.core.windows.net/ images.salsify.com/ *.vercel.app cdn-cookieyes.com/ 'self' *.cookieyes.com/ useast-sandbox.ordercloud.io/ useast-production.ordercloud.io/ www.googletagmanager.com/ *.hotjar.com/ *.hotjar.io/ *.hotjar.i/ www.google-analytics.com/ googleads.g.doubleclick.net/ *.doubleclick.net/ api.rfksrv.com/ atkore.disc.atkore.com/; 1
frame-ancestors 'self' https://prdhorizon.mirvac.com 1
default-src 'self' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com data:;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dvbern.ch *.google.com *.gstatic.com *.googletagmanager.com 1
frame-ancestors 'self' https://app.speechlive.com https://ui.speakachu.com 1
frame-ancestors http://webvisor.com/ http://testweb.ibar.az/ https://www.googleapis.com/ http://localhost/ https://ibar.az/ https://abb-bank.az/ https://iba-telegram.ibar.az/ https://facebook.com/ https://www.facebook.com/ https://www.developers.facebook.com/ https://ibahackathon.com/ http://10.129.24.26/   1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://freeradical.zone; img-src 'self' https: data: blob: https://freeradical.zone; style-src 'self' https://freeradical.zone 'nonce-PzOIEYsK9OOuB7HnkUzDog=='; media-src 'self' https: data: https://freeradical.zone; frame-src 'self' https:; manifest-src 'self' https://freeradical.zone; form-action 'self'; child-src 'self' blob: https://freeradical.zone; worker-src 'self' blob: https://freeradical.zone; connect-src 'self' data: blob: https://freeradical.zone https://nfts.freeradical.zone wss://freeradical.zone; script-src 'self' https://freeradical.zone 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-1jfsGUrlnVo99Kp7xFpYOva1gps5h0oCI8WwNiLF/JMj1wAY' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com https://dy-api.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net *.mczbf.com *.oppwa.com https://eu-test.oppwa.com/ https://assets.adobedtm.com/; frame-ancestors *.ariba.com *.qa.merchandisecollection.com *.coupahost.com *.oracleoutsourcing.com *.contentsquare.net *.contentsquare.com *.azureedge.net  ; child-src blob: https://*.staplespromo.com https://*.contentsquare.net https://*.contentsquare.com;  worker-src blob: https://*.staplespromo.com https://*.contentsquare.net https://*.contentsquare.com;  frame-src https://*.kaptcha.com https://*.staplespay.com https://*.trustarc.com https://*.staplespromo.com https://eu-prod.oppwa.com https://secure.viewer.zmags.com https://e.issuu.com https://secure.api.viewer.zmags.com/ https://designer.artifi.net/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *; 1
default-src 'self' *.jquery.com *.googleapis.com *.jquery.com *.vimeo.com; connect-src *; script-src * https://www.googletagmanager.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; img-src * 'self' blob: data: https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' *.sharethis.com *.jquery.com https://cs-cdn.realpage.com https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' app.hubspot.com *.sharethis.com *.google.com *.vimeo.com https://www.youtube.com/ https://player.vimeo.com/; object-src 'none' 1
default-src 'self' *.lfeeder.com *.leadfeeder.com cdn2.hubspot.net consentcdn.cookiebot.com connect-srccdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net  *.hscollectedforms.net  *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com js.usemessages.com *.vidyard.com 'unsafe-hashes' 'unsafe-inline' *.hubspotusercontent-na1.net; font-src *.fontawesome.com *.hubspotusercontent-na1.net; connect-src 'self' analytics.twitter.com ads-api.twitter.com ads-twitter.com https://www.redditstatic.com conversions-config.reddit.com js.hs-banner.com js.hscta.net *.hubapi.com *.linkedin.com cdn.linkedin.oribi.io stats.g.doubleclick.net *.hscollectedforms.net *.fontawesome.com *.google-analytics.com *.hubspot.com consentcdn.cookiebot.com googleads.g.doubleclick.net https://www.google.com/pagead/ *.hsforms.com *.analytics.google.com; img-src 'self' *.lfeeder.com *.leadfeeder.com analytics.twitter.com ads-api.twitter.com ads-twitter.com www.googletagmanager.com no-cache.hubspot.com js.hscta.net data: *.hubspot.com *.linkedin.com *.cookiebot.com *.hsforms.com *.hsappstatic.net *.hubspotusercontent-na1.net https://www.google-analytics.com https://www.facebook.com https://alb.reddit.com https://www.google.com https://t.co googleads.g.doubleclick.net; frame-src 'self' *.hs-sites.com forms.hsforms.com td.doubleclick.net www.youtube.com consentcdn.cookiebot.com *.hubspot.com platform.twitter.com www.google.com www.facebook.com; object-src 'none'; base-uri 'none'; script-src 'self' *.lfeeder.com *.leadfeeder.com feedback.hubapi.com *.usemessages.com js.hscta.net *.hs-analytics.net static.hsappstatic.net *.hsadspixel.net *.hubspot.com js.hsforms.net lookerstudio.google.com www.googletagmanager.com kit.fontawesome.com consent.cookiebot.com www.google-analytics.com 'unsafe-inline' app.hubspot.com js.hsleadflows.net js.hscollectedforms.net js.usemessages.com *.hs-analytics.net js.hs-banner.com consentcdn.cookiebot.com connect.facebook.net googleads.g.doubleclick.net www.redditstatic.com snap.licdn.com static.ads-twitter.com platform.twitter.com *.linkedin.com cdn2.hubspot.net 'strict-dynamic' 'nonce-f+zeqCLKVVP67ZTJcuUFfw=='; frame-ancestors 'self' www.ververica.academy; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.jsdelivr.net *.fontawesome.com  *.youtube.com maps.gstatic.com *.google.com  *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net consent.cookiebot.com consentcdn.cookiebot.com *.googletagmanager.com *.gstatic.com; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com consent.cookiebot.com consentcdn.cookiebot.com *.google.com *.gstatic.com; object-src 'self'; worker-src 'self' blob: 1
script-src 'strict-dynamic' 'self' 'nonce-Td0+E2a4f7o8OHhC2BajuQ==' 'report-sample'; report-uri /rushmoreprod.onmicrosoft.com/B2C_1A_SignUpOrSignIn/client/cspreport?p=B2C_1A_SignUpOrSignIn 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vercel.live vercel.live *.facebook.com facebook.com *.facebook.net facebook.net *.doubleclick.net *.google.com google.com *.google.co.nz google.co.nz *.google-analytics.com *.googletagmanager.com *.klaviyo.com cdn.cookielaw.org destinilocators.com code.jquery.com *.vercel-insights.com *.vercel.com *.onetrust.com cdn.onetrust.com *.googleadservices.com googleads.g.doubleclick.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' vercel.live *.facebook.com facebook.com *.facebook.net facebook.net *.doubleclick.net *.google.com google.com *.google.co.nz google.co.nz *.google-analytics.com *.googletagmanager.com *.klaviyo.com cdn.cookielaw.org *.vercel-insights.com *.vercel.com *.onetrust.com cdn.onetrust.com *.zevia.com *.zevia.ca; style-src 'self' 'unsafe-inline' *.klaviyo.com *.typekit.net *.google-analytics.com *.googletagmanager.com fonts.googleapis.com; frame-src 'self' destinilocators.com zevia.a.destini.co *.onetrust.com cdn.onetrust.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net; img-src 'self' images.ctfassets.net *.facebook.com facebook.com *.facebook.net facebook.net *.doubleclick.net *.google.com google.com *.google.co.nz google.co.nz *.cdninstagram.com cdn.cookielaw.org picsum.photos fastly.picsum.photos *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net; font-src 'self'; frame-ancestors 'self' https://app.contentful.com; 1
default-src 'self';     img-src 'self' blob: nhcps.com qr-code.ithemes.com www.shopperapproved.com nhcps.wpenginepowered.com  nhcps.wpenginepowered.comm data: pixel.wp.com gstatic.com *.gstatic.com p.typekit.net *.clarity.ms *.bing.com *.google.com google.com www.google.co.uk *.gravatar.com dev.visualwebsiteoptimizer.com cdn-cookieyes.com cdn-ikpmmej.nitrocdn.com cdn-ikphocn.nitrocdn.com img.youtube.com *.trustpilot.com www.facebook.com www.googletagmanager.com;   script-src 'self' 'unsafe-inline' 'unsafe-eval' nhcps.com nhcps.wpenginepowered.com blob: *.google.com google.com *.googleapis.com *.googletagmanager.com *.googleadservices.com googleadservices.com www.gstatic.com stats.wp.com youtube.com *.ytimg.com cdn-cookieyes.com static.zdassets.com *.stripe.com stripe.com *.bing.com use.typekit.net kit.fontawesome.com satorisupport.zendesk.com widget-mediator.zopim.com *.doubleclick.net *.clarity.ms chimpstatic.com static.addtoany.com dev.visualwebsiteoptimizer.com www.shopperapproved.com script.tapfiliate.com code.jquery.com nitroscripts.com cdn-ikpmmej.nitrocdn.com cdn-ikphocn.nitrocdn.com connect.facebook.net www.facebook.com *.trustpilot.com *.googlesyndication.com *.stackadapt.com;        style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net fonts.googleapis.com nhcps.com cdn-ikpmmej.nitrocdn.com cdn-ikphocn.nitrocdn.com cdnjs.cloudflare.com nhcps.wpenginepowered.com;   font-src use.typekit.net nhcps.com data: fonts.googleapis.com fonts.gstatic.com ka-f.fontawesome.com cdn-ikpmmej.nitrocdn.com cdn-ikphocn.nitrocdn.com cdnjs.cloudflare.com nhcps.wpenginepowered.com;    frame-src * data:;   connect-src 'self' static.zdasset.com ekr.zdassets.com ka-f.fontawesome.com satorisupport.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com *.clarity.ms *.google-analytics.com google.com *.google.com *.doubleclick.net *.googlesyndication.com cdn-cookieyes.com *.cookieyes.com directory.cookieyes.com to.getnitropack.com cdn-ikpmmej.nitrocdn.com cdn-ikphocn.nitrocdn.com www.googletagmanager.com *.tapfiliate.com *.trustpilot.com *.nhcps.com nitropack.io *.bing.com;   media-src 'self' widget-mediator.zopim.com static.zdassets.com log.cookieyes.com; 1
script-src blob: data: 'unsafe-inline' 'unsafe-eval' 'self' publish-p53544-e423795.adobeaemcloud.com publish-p53544-e423852.adobeaemcloud.com s7.addthis.com j.6sc.co www.googletagmanager.com secure.ship7oven.com z.moatads.com m.addthis.com player.vimeo.com v1.addthisedge.com go.prounlimited.com documentcloud.adobe.com www.google-analytics.com ajax.cloudflare.com www.google.com www.gstatic.com www.googleadservices.com platform.twitter.com munchkin.marketo.net static.ads-twitter.com static.ads-twitter.com snap.licdn.com cdn.jsdelivr.net documentservices.adobe.com static.hotjar.com script.hotjar.com assets.adoberesource.net assets.adoberesources.net privacyportalde-cdn.onetrust.com *.d41.co tracking.intentsify.io acrobatservices.adobe.com *.rlcdn.com 1
script-src 'nonce-RdIwTmRv443mT6uClDHTgvEO4Fx3qtfbDPhM96mMHxhEK52ovEc6OLywd2Oc9r0O' 'strict-dynamic' https: 'self'; object-src 'none'; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: track.yello.de *.cloudfront.net *.ekomi.com *.doubleclick.net *.googleadservices.com *.google.com *.google.de *.googleapis.com *.googletagmanager.com *.google-analytics.com *.tagmanager.google.com tpc.googlesyndication.com *.adform.net *.adjust.com *.dwin1.com *.awin1.com *.zenaps.com *.adfarm1.adition.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com t.nativendo.de *.youtube.com *.ytimg.com *.instagram.com *.twitter.com *.twimg.com *.ytimg.com *.twitch.tv *.mapbox.com *.mapbox localhost r.df-srv.de bat.bing.com analytics-udg.netdna-ssl.com connect.facebook.net amplify.outbrain.com *.taboola.com tr.outbrain.com *.redintelligence.net zenloop-website-overlay-production.s3.amazonaws.com hal9000.redintelligence.net api.zenloop.com www.redditstatic.com static.hotjar.com script.hotjar.com cdn.cookielaw.org the.sciencebehindecommerce.com *.pso-vertrieb.de yello-freunde-werben.de geolocation.onetrust.com *.ctfassets.net widget.cammio.me cdn.trkkn.com cdn.mouseflow.com analytics.tiktok.com static.heyflow.app walls.io *.trustpilot.com snap.licdn.com static.ads-twitter.com s.pinimg.com *.pinterest.com *.linkedin.com website-overlay.zenloop.com wave.outbrain.com *.outbrain.com *.linkedin.oribi.io t.co snap.licdn.com *.qualtrics.com *.taboola.com integrations.etrusted.com integrations.etrusted.site *.adservice.google.com *.twiago.com;style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.thunderhead.com *.twitter.com *.twimg.com *.mapbox.com *.mapbox *.googletagmanager.com *.mouseflow.com fonts.heyflow.cloud integrations.etrusted.com integrations.etrusted.site;img-src 'self' data: blob: track.yello.de *.contentful.com *.ctfassets.net *.google-analytics.com *.doubleclick.net *.google.com *.google.de *.gstatic.com *.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.googleusercontent.com tpc.googlesyndication.com *.ytimg.com *.youtube-nocookie.com *.awin1.com *.tradedoubler.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.communicationads.net *.cadsuta.net *.twitter.com *.twimg.com track.adform.net *.twimg.com *.adserver01.de *.adc-serv.net *.df-srv.de *.adition.com *.doubleclick.net *.adscale.de *.twiago.com *.casalemedia.com *.adfarm1.adition.com *.adform.net *.secure.adnxs.com *.taboola.com *.retrack-kupona.kuponacdn.de *.smartadserver.com *.pubmatic.com *.yieldlab.net *.adform.net d.adup-tech.com insight.adsrvr.org *.taboola.com www.facebook.com connect.facebook.net cx.atdmt.com bat.bing.com dsum-sec.casalemedia.com tr.outbrain.com amplifypixel.outbrain.com zenloop-assets.s3.amazonaws.com alb.reddit.com cdn.cookielaw.org assets.zenloop.com *.amazonaws.com images.ctfassets.net secure.adnxs.com *.privacysandbox.googleadservices.com *.mouseflow.com snap.licdn.com static.ads-twitter.com s.pinimg.com *.pinterest.com *.linkedin.com *.outbrain.com *.linkedin.oribi.io t.co snap.licdn.com siteintercept.qualtrics.com *.taboola.com integrations.etrusted.com integrations.etrusted.site;frame-src *.yello.de *.ekomi.com *.youtube.com *.youtube-nocookie.com *.doubleclick.net tpc.googlesyndication.com *.adform.net *.awin1.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com yello.mitgedacht.nrw sales.tetraeder.solar dev.tetraeder.solar *.twitch.tv *.instagram.com *.twitter.com *.taboola.com www.facebook.com *.redintelligence.net hal9000.redintelligence.net channels-api.zenloop.com vars.hotjar.com *.amazon-adsystem.com api.tetraeder.solar/ widget.cammio.me *.mouseflow.com my.walls.io widget.walls.io *.trustpilot.com snap.licdn.com static.ads-twitter.com s.pinimg.com *.pinterest.com *.linkedin.com *.outbrain.com *.linkedin.oribi.io t.co snap.licdn.com enbwwebsitetrail.qualtrics.com *.google.com;connect-src 'self' ws://localhost:8080 wss://localhost:8080 track.yello.de dc.services.visualstudio.com localhost:* *.ekomi.com *.zenaps.com *.thunderhead.com *.kameleoon.com *.kameleoon.eu *.intercom.io *.intercomcdn.com *.nexcheck.de wss://*.nexcheck.de *.mapbox.com *.google-analytics.com analytics.google.com *.taboola.com *.doubleclick.net bat.bing.com *.facebook.com channels-api.zenloop.com zenloop-website-overlay-production.s3.amazonaws.com api.zenloop.com *.hotjar.com cdn.cookielaw.org privacyportal-de.onetrust.com *.onetrust.com *.ctfassets.net *.analytics.google.com *.mouseflow.com analytics.tiktok.com storage.googleapis.com firestore.googleapis.com europe-west1-niro-tracking.cloudfunctions.net www.googletagmanager.com snap.licdn.com static.ads-twitter.com s.pinimg.com *.pinterest.com *.linkedin.com website-overlay.zenloop.com *.outbrain.com *.linkedin.oribi.io t.co snap.licdn.com siteintercept.qualtrics.com *.taboola.com integrations.etrusted.com integrations.etrusted.site *.adservice.google.com metrics.yello.de;frame-ancestors 'self' *.yello.de localhost:* hal9000.redintelligence.net channels-api.zenloop.com *.contentful.com https://app.contentful.com 1
default-src 'self' fonts.gstatic.com; script-src 'self' fonts.gstatic.com ajax.cloudflare.com 'unsafe-inline'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline' data:; 1
default-src 'self' 'unsafe-inline';       connect-src 'self' 'unsafe-inline'        https://*.googleapis.com/        https://maps.gstatic.com/          https://www.helpassistant.com/          https://demo.helpassistant.com/        wss://demo.spokechoice.com/api/signalr/reconnect                    wss://www.spokechoice.com/api/signalr/reconnect                    https://www.google.com/recaptcha/                    https://www.gstatic.com/recaptcha/        https://fonts.googleapis.com/        https://fonts.gstatic.com/;             script-src 'self' 'unsafe-inline' 'unsafe-eval'          https://*.googleapis.com/          https://www.helpassistant.com/          https://demo.helpassistant.com/          https://www.google.com/recaptcha/          https://www.gstatic.com/recaptcha/;       style-src 'self' 'unsafe-inline'                    https://fonts.googleapis.com;       img-src 'self'          data:        https://*.googleapis.com/        https://maps.gstatic.com/                    https://www.helpassistant.com/          https://demo.helpassistant.com/;       frame-src 'self'          *.helpassistant.com          https://demo.helpassistant.com/          https://www.helpassistant.com/        https://ddreports.screenstepslive.com/        https://www.google.com/;       font-src 'self'          *.helpassistant.com        https://*.googleapis.com/          https://demo.helpassistant.com/                    https://fonts.gstatic.com 1
default-src 'self' blob: *.hotjar.com *.youtube.com *.hotjar.com *.hotjar.io *.greenhouse.io *.wistia.net *.litix.io *.wistia.com *.oribi.io *.yoast.com *.spotnana.com *.chilipiper.com *.marketo.com bat.bing.com analytics.google.com boards-api.greenhouse.io *.doubleclick.net *.linkedin.com *.mktoresp.com *.6sc.co; frame-ancestors 'self'; form-action 'self'; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.spotnana.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.6sc.co *.greenhouse.io *.wistia.com yoast.com www.googletagmanager.com googletagmanager.com *.licdn.com bat.bing.com *.hotjar.com *.marketo.net *.doubleclick.net analytics.google.com www.google.com *.chilipiper.com *.spotnana.com *.fullstory.com *.wistia.net 'unsafe-eval'; img-src 'self' data: *.wistia.net *.6sc.co *.gravatar.com spotnana.com *.spotnana.com *.linkedin.com *.bing.com *.wistia.com *.googletagmanager.com; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' www.google-analytics.com; font-src 'self' fonts.gstatic.com; frame-src https://*.tempurpedic.com; 1
script-src 'self' 'nonce-83ea32707c4ce76cbaa122ced146024449f845f929abcc69235ca1f8d926548c' 'unsafe-eval' https://boards.greenhouse.io https://bugcrowd.com https://assets.bugcrowdusercontent.com https://cdn.cookielaw.org https://connect.facebook.net https://fe.sitedataprocessing.com https://go.tempus.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/810122250/ https://js.stripe.com/v3/ https://munchkin.marketo.net https://platform.twitter.com/widgets.js https://player.vimeo.com/api/player.js https://scout-cdn.salesloft.com/sl.js https://snap.licdn.com https://static.zdassets.com https://*.simpli.fi https://tempus.jotform.com https://tpc.googlesyndication.com https://translate.google.com/translate_a/element.js https://translate.googleapis.com/_/translate_http/ https://widgets.jotform.io/ https://www.google.com/recaptcha/api.js https://www.googleadservices.com/pagead/conversion/810122250/ https://www.googletagmanager.com/gtm.js https://www.gstatic.com/images/branding/ https://www.gstatic.com/recaptcha/releases/ https://www.pagespeed-mod.com/v1/taas https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'sha256-ofbjRZ+bO/76CXsSusb9b2Jf1v5ladYNWaAqoHnOZIs=' 'sha256-UWaPjlVMAdHmsoBvFXPCU6Xt1NuJhB54PNaW1hI+pEU=' 'sha256-KgM3AHUilziXHIFrHuuWOp6LWHoWJmL1qqnBCPfACMc=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-G57Os0cwWTgSUE2QM2NDBUKgTGVFbfa0hR1gK7Q8dAY=' 'sha256-nZMdZ0/5Gm9EqzlE4bJntTfAYXF/ECCY7QPEUqNGOQI=' 'sha256-UDoeksZxZIZRUdgqsFhuZEVIJdR6Ja5Feg/f5h5E1n8=' 'sha256-vOdyCnPitptW9Mq/MCojkk511b7ymU+/PMRpy6oBH7g=' 'sha256-Dyx2eBs7bqnY939LmseOFVIP11PDSK47JXjpyeaTUY0=' 'sha256-eF71gEI5/oXST5vgh7CaqdVBcZ/TDpi741iJFCdEPMw=' 'sha256-FnFUnbuIB3xDBh7re+89BXczaRz5oXCO2Sz7IaYg7WU=' 'sha256-goa7QEaSzq78mPaaC6/W/a+zMOab3cgTCekOdkYy8BM=' 'sha256-ymdLlvXTEpnBlMABUQBf3X3ledAQfL6Ha8cAXWaXCm8=' 'sha256-MLC5T0o9GYW/7jpNFcjczcgWwDLkmlNcVKR0zwwZDmM='; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://go.tempus.com https://tempus.jotform.com https://www.gstatic.com; connect-src 'self' https://ad.doubleclick.net https://833-qrc-346.mktoresp.com https://833-qrc-346.mktoutil.com https://adservice.google.com https://www.google.com/pagead/ https://analytics.google.com https://api.greenhouse.io https://api.ipify.org https://api64.ipify.org https://cdn.cookielaw.org https://cs.hae123.cn https://ekr.zdassets.com https://fonts.googleapis.com https://geolocation.onetrust.com https://get663.com https://go.tempus.com https://region1.analytics.google.com https://scout.salesloft.com https://stats.g.doubleclick.net https://tempus.jotform.com https://tempuslens.zendesk.com https://translate.googleapis.com https://www.cloudflare.com https://www.google-analytics.com https://yoast.com https://px.ads.linkedin.com https://*.googletagmanager.com; font-src 'self' data: https://at.alicdn.com https://cdn.jotfor.ms https://cdn.scite.ai https://fonts.gstatic.com https://github.com https://go.tempus.com https://na-abm.marketo.com https://sc-static.net https://www.slant.co; frame-src 'self' https://app-widgets.jotform.io https://boards.greenhouse.io https://bugcrowd.com https://cn-1793901926-23-7vnsr30362.ibosscloud.com https://div.show https://gateway.zscalertwo.net https://gateway.zscalerthree.net https://gateway.zscloud.net https://go.tempus.com https://js.stripe.com https://*.ep-mimecast.youtube.com https://mozbar.moz.com https://platform.twitter.com https://player.vimeo.com https://security-us.mimecast.com https://td.doubleclick.net https://tempus.jotform.com https://tempus.okta.com https://tpc.googlesyndication.com https://www.google.com https://*.googletagmanager.com https://www.securly.com https://www.youtube.com https://tempus.transtream.com; img-src 'self' data: https://ad.doubleclick.net https://adservice.google.com https://www.google.com https://analytics.google.com https://cdn.cookielaw.org https://cdn.jotfor.ms https://cm.g.doubleclick.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://i.ytimg.com https://pagead2.googlesyndication.com https://pos.baidu.com https://prismic-io.s3.amazonaws.com https://ps.w.org https://*.ads.linkedin.com https://s.w.org https://secure.gravatar.com https://stats.g.doubleclick.net https://syndication.twitter.com https://*.leandigital.rocks https://tempus.jotform.com https://translate.google.com https://translate.googleapis.com https://*.simpli.fi https://uploads-ssl.webflow.com https://www.google-analytics.com https://www.googleadservices.com https://*.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://yastatic.net https://www.reprintsdesk.com https://*.securetempus.com; object-src 'none'; base-uri 'self'; manifest-src 'self'; media-src 'self' data:; worker-src 'self' blob:; default-src 'self'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://player.vimeo.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; media-src 'self' https: https://d4j0oemdjsbb4.cloudfront.net; img-src 'self' https: https://d4j0oemdjsbb4.cloudfront.net data:; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https: https://www.youtube.com; connect-src 'self' https: https://forms-eu1.hscollectedforms.net wss://ws.hotjar.com; 1
default-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://antirobot.smit.ee https://antirobot-test.smit.ee https://matomo.ria.ee https://www.ria.ee https://static.cloudflareinsights.com ajax.cloudflare.com https://juturobot.id.ee; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://antirobot.smit.ee https://antirobot-test.smit.ee https://matomo.ria.ee https://www.ria.ee https://static.cloudflareinsights.com ajax.cloudflare.com https://juturobot.id.ee; worker-src blob: https://antirobot.smit.ee https://antirobot-test.smit.ee https://www.id.ee; img-src 'self' data: https://www.id.ee https://id.ee https://matomo.ria.ee https://juturobot.id.ee; font-src 'self' data:; connect-src https://antirobot.smit.ee https://antirobot-test.smit.ee 'self' https://matomo.ria.ee https://juturobot-ruuter.id.ee https://juturobot.id.ee; style-src 'self' 'unsafe-inline'; media-src 'self' https://player.vimeo.com https://juturobot.id.ee; frame-src 'self' https://www.youtube.com https://player.vimeo.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
frame-ancestors 'none'; default-src 'self'; img-src 'self' data: https://*.atani.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com.af *.google.com.ag *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vu *.google.ws; script-src 'self' 'unsafe-inline' https://*.atani.com https://*.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://*.atani.com; font-src 'self' https://*.atani.com https://fonts.gstatic.com; connect-src 'self' https://*.atani.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; object-src 'none'; frame-src https://www.youtube.com; 1
frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' 1003891.track.convertexperiments.com app.hubspot.com cdn-3.convertexperiments.com cdn.pdst.fm connect.facebook.net js.hs-analytics.net js.hs-banner.com js.hsforms.net js.hsleadflows.net js.hubspotfeedback.com js.usemessages.com organizer.bizzabo.com play.vidyard.com script.hotjar.com snap.licdn.com static.hotjar.com static.hsappstatic.net www.google-analytics.com www.googletagmanager.com www.recaptcha.net code.highcharts.com www.youtube.com js.hubspot.com www.dropbox.com widget.altrulabs.com www.google.com maps.googleapis.com wt-assets.hubteam.com cdn2.hubspot.net www.redditstatic.com cdn.veritonic.com gosniply.com d.impactradius-event.com js.hubspot.com analytics.tiktok.com 'strict-dynamic' 'nonce-W5HFyGkYPTvJxA2J7VIg6g=='; report-uri https://send.hsbrowserreports.com/csp/report; upgrade-insecure-requests; 1
default-src 'self'; base-uri 'self'; connect-src 'self' wss://self https://www.hostingcloud.racing wss://*.hostcontent.live https://connect.facebook.net https://www.google-analytics.com https://*.doubleclick.net https://*.g.doubleclick.net https://www.facebook.com https://*.mintme.com https://mintme.com https://*.tawk.to wss://*.tawk.to; font-src 'self' https://fonts.gstatic.com https://static-v.tawk.to; frame-src https://accounts.google.com https://content.googleapis.com https://va.tawk.to https://www.youtube.com https://www.google.com; img-src data: *; media-src *; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: http: 'nonce-LqL7O6cfcLY3UWogjUgL6g=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/emojione/2.2.7/assets/css/emojione.min.css https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/github.min.css https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.12.0/styles/atom-one-dark.min.css https://*.tawk.to; report-uri /csp-report; worker-src blob: 1
base-uri 'self' ; style-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; script-src 'self' https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://hcaptcha.com https://*.hcaptcha.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; frame-ancestors https://myprofile.trimble.com https://stage.myprofile.trimblecloud.com https://myprofile-pt.dev.id.trimblecloud.com https://myprofile-qa.dev.id.trimblecloud.com https://myprofile-qa1.dev.id.trimblecloud.com https://dxdev.my.trimblecloud.com https://dxqa.my.trimblecloud.com https://mytdev.my.trimblecloud.com https://mtqa.my.trimblecloud.com https://dev.my.trimblecloud.com https://sit.my.trimblecloud.com https://uat.my.trimblecloud.com https://my.trimble.com 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://search.service.vportal.ee/v1/search/kliimamin https://search.service.vportal.ee/v1/globalsearch/total https://search.service.vportal.ee/v1/events/kliimamin https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://old.envir.ee/ https://infogram.com/ https://e.infogram.com/ https://public.tableau.com https://www.figma.com https://www.figma.com/file/LBjkW3Uyo8tV1uq2MyyDfH/Kriips https://www.figma.com/proto/q832bcC2B9MLdJ3tPi1aDc/waste-of-management https://infogram.com/kriips-1h7k23058yo0g2x https://youtu.be/Q-KdVMS8Jq0 https://www.youtube.com/watch https://www.canva.com/design/DAF1dDPyam4/view https://youtu.be/igIVbukeLsM https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-PesvwnJvtxV7JZGZNbGXFht2HhPvky' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
base-uri 'self';connect-src 'self' *.googletagmanager.com *.google-analytics.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net;default-src 'self' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net;form-action 'self' http://testing.mydirtyhobby.de https://testing.mydirtyhobby.de https://www.mydirtyhobby.de;frame-src 'self' www.google.com *.googletagmanager.com;img-src 'self' data: *.allpasstrust.com *.mg.services *.googletagmanager.com *.google-analytics.com apt-cucaaxacf9ghehaw.z01.azurefd.net;media-src 'self';style-src 'self' 'unsafe-inline' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.allpasstrust.com *.mg.services apt-cucaaxacf9ghehaw.z01.azurefd.net www.google.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net www.gstatic.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com/ https://acdn.adnxs.com/ https://connect.facebook.net/ https://www.google-analytics.com/ https://www.googletagmanager.com/ *.slinger.to *.leisureking.eu *.typeform.com; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com/ https://fonts.googleapis.com *.slinger.to *.typeform.com; connect-src 'self' https://ib.adnxs.com/ https://*.google-analytics.com/ https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://platform.twitter.com/ https://www.google.com/ https://www.youtube.com/ *.slinger.to *.ylt.nl *.leisureking.eu *.typeform.com; img-src 'self' data: https://ib.adnxs.com/ https://dashboard.umbraco.com/ https://www.googletagmanager.com/ https://*.cdninstagram.com/ https://i.ytimg.com https://ib.adnxs.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; 1
default-src 'self'; script-src 'report-sample' 'self' https://www.googletagmanager.com https://mc.yandex.ru https://mc.yandex.com; style-src 'report-sample' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://mc.yandex.com; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://mpi.gov.tm; child-src 'self'; frame-src 'self'; frame-ancestors 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; report-uri /csp-report; worker-src 'none'; prefetch-src 'self'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' app.hubspot.com; 1
frame-ancestors https://app.kontent.ai 1
default-src 'unsafe-inline' 'self' https://*.tez3.com https://*.smsvalet.com https://*.googleapis.com https://*.google.com https://*.gstatic.com https://*.blob.core.windows.net https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://*.tez3.com https://*.smsvalet.com https://*.googleapis.com https://*.gstatic.com https://stats.g.doubleclick.net; script-src-elem 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net; img-src 'self' data: https://*.google.com https://*.tez3.com https://*.smsvalet.com https://*.blob.core.windows.net https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googleapis.com https://*.gstatic.com; 1
frame-ancestors=self 1
frame-src 'self' *.vocalcom.com *.google.com *.marketo.com *.youtube.com *.googletagmanager.com *.google-analytics.com *.snap.licdn.com *.mktoresp.com px.ads.linkedin.com *.google.fr *.linkedin.com *.youtube-nocookie.com *.ytimg.com googleads.g.doubleclick.net static.doubleclick.net *.noembed.com cdn.plyr.io *.facebook.com *.wpml.org 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tilde.zone; img-src 'self' data: blob: https://tilde.zone https://media.tilde.zone; style-src 'self' https://tilde.zone 'nonce-xT8V2wayJgcyjL5kIUn7gg=='; media-src 'self' data: https://tilde.zone https://media.tilde.zone; frame-src 'self' https:; manifest-src 'self' https://tilde.zone; form-action 'self'; child-src 'self' blob: https://tilde.zone; worker-src 'self' blob: https://tilde.zone; connect-src 'self' data: blob: https://tilde.zone https://media.tilde.zone wss://tilde.zone; script-src 'self' https://tilde.zone 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://www.suzukiauto.co.za; upgrade-insecure-requests 1
default-src 'self'; script-src 'report-sample' 'self' cdn.kleding.nl 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.kleding.nl; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.analytics.google.com https://analytics.google.com *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.kleding.nl; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.kleding.nl images.kleding.nl cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cookielaw.org *.onetrust.com *.brightcove.com *.brightcove.net *.vimeo.com *.zencdn.net *.boltdns.net *.brightcovecdn.com *.googletagmanager.com *.google-analytics.com *.msecnd.net  *.visualstudio.com *.bizographics.com *.licdn.com *.ads-twitter.com *.twitter.com *.twimg.com *.addthis.com *.pardot.com *.linkedin.com *.addthisedge.com *.issuu.com *.cincopa.com *.google.com *.gstatic.com *.ceros.com *.qualtrics.com *.moatads.com;img-src 'self' data: about: t.co *.cookielaw.org *.onetrust.com *.twitter.com *.vimeocdn.com *.google-analytics.com *.brightcove.com *.boltdns.net *.twimg.com *.googletagmanager.com *.cincopa.com *.linkedin.com *.google.com *.doubleclick.net *.qualtrics.com *.adsymptotic.com *.guggenheiminvestments.com;style-src 'self' 'unsafe-inline' *.twitter.com *.cincopa.com *.twimg.com;media-src 'self' blob: *.boltdns.net;font-src 'self' data: *.zencdn.net;object-src 'self';connect-src 'self' *.cookielaw.org *.onetrust.com *.addthis.com *.brightcove.com *.boltdns.net *.brightcovecdn.com *.cincopa.com *.visualstudio.com *.google-analytics.com *.qualtrics.com *.akamaihd.net;frame-src 'self' *.addthis.com *.twitter.com *.issuu.com *.google.com *.pardot.com *.ceros.com *.guggenheimpartners.com *.knightlab.com *.vimeo.com https://vimeo.com *.captivate.fm; frame-ancestors 'self';base-uri 'self';form-action 'self' *.twitter.com *.pardot.com *.guggenheimpartners.com; 1
frame-ancestors 'self' https://trace.mediago.io 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://queer.party; img-src 'self' https: data: blob: https://queer.party; style-src 'self' https://queer.party 'nonce-s9qdEcjr++ZLS/0vZWkLeA=='; media-src 'self' https: data: https://queer.party; frame-src 'self' https:; manifest-src 'self' https://queer.party; form-action 'self'; child-src 'self' blob: https://queer.party; worker-src 'self' blob: https://queer.party; connect-src 'self' data: blob: https://queer.party https://content.queer.party/media/ wss://queer.party; script-src 'self' https://queer.party 'wasm-unsafe-eval' 1
default-src 'none'; manifest-src 'self'; connect-src 'self' https://www.google-analytics.com/ https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://*.analytics.google.com/ https://www.googletagmanager.com/; script-src 'report-sample' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; script-src-attr 'none'; font-src 'self'; img-src 'self' https://static.jeurissen.co/ https://www.googletagmanager.com/ https://www.google-analytics.com/; style-src 'self'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; sandbox allow-same-origin allow-scripts allow-popups-to-escape-sandbox; block-all-mixed-content; upgrade-insecure-requests; worker-src 'report-sample' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; frame-src 'none'; object-src 'none'; style-src-attr 'self'; script-src-elem 'report-sample' 'self' https://www.googletagmanager.com/ https://www.google-analytics.com/; style-src-elem 'self'; report-uri https://api.jeurissen.co/reports/csp/carlos.jeurissen.co; report-to csp-endpoint 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-2VvG+m1jNmNfoNe6LJkWGk0N5OCIWeI7wzJkuDOzwVcQiFSU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodontech.de; img-src 'self' https: data: blob: https://mastodontech.de; style-src 'self' https://mastodontech.de 'nonce-3aa8jg8W84VHkYBGAxSutw=='; media-src 'self' https: data: https://mastodontech.de; frame-src 'self' https:; manifest-src 'self' https://mastodontech.de; form-action 'self'; child-src 'self' blob: https://mastodontech.de; worker-src 'self' blob: https://mastodontech.de; connect-src 'self' data: blob: https://mastodontech.de https://media.mastodontech.de wss://mastodontech.de; script-src 'self' https://mastodontech.de 'wasm-unsafe-eval' 1
frame-ancestors https://*.piratestorm.com/ https://www.funnygames.nl/ https://www.clickjogos.com.br/ https://spele.nl/ https://gryonline.onet.pl/ https://centralagier.wp.pl/ https://www.browsergames.de/ https://www.sat1spiele.de/ https://www.funnygames.nl/ https://www.prosiebengames.de/ https://www.oyunkolu.com/ https://www.speeleiland.nl/; 1
default-src 'self' https:; img-src 'self' https: data:; font-src 'self' https: data:; object-src https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https:; frame-ancestors facebook.com opinary.com compass.pressekompass.net 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.google.com; frame-ancestors 'self' *.masternautconnect.com:* *.connectedfleet.michelin.com:*; img-src 'self' data:; font-src 'self' https://fonts.gstatic.com; upgrade-insecure-requests; 1
default-src 'none'; script-src-elem 'unsafe-inline' 'self' *.googletagmanager.com widget.trustpilot.com cdn.cookielaw.org vercel.live www.dwin1.com; frame-src widget.trustpilot.com; style-src 'self' 'unsafe-inline'; img-src 'self' *.ctfassets.net blob: data: *.bingbong.de cdn.cookielaw.org; manifest-src 'self'; media-src videos.ctfassets.net; connect-src 'self' vercel.live *.google-analytics.com cdn.cookielaw.org geolocation.onetrust.com; font-src 'self' 1
frame-ancestors *.psc.ac.uk 'self'; 1
frame-src https://*.google.com https://*.googleadservices.com https://*.youtube.com https://*.vimeo.com https://*.paypal.com https://*.paypalobjects.com https://*.facebook.com https://*.facebook.net https://*.pinterest.com https://*.payway.com.au https://secure.ewaypayments.com https://*.trustpilot.com https://*.googlesyndication.com https://*.twitter.com https://e.issuu.com https://*.livechatinc.com; frame-ancestors 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; script-src https: https://*.pittohio.com https://*.balancetrak.com 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-hashes' 'self' 'unsafe-inline'; child-src blob: https:; worker-src blob: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-FM3WYF0kbdsYHMZn5QUzQqjAtMf8HT1Q4Js/apaWoCfrwbEr' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.anvelope-autobon.ro https://*.google.com https://attr-2p.com https://*.googleadservices.com https://*.google.ro https://*.youtube.com https://*.googleapis.com https://*.cloudflare.com https://googleads.g.doubleclick.net https://scaleflex.ultrafast.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.com https://*.googletagmanager.com https://*.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://attr-2p.com https://*.enzuzo.com https://*.hotjar.com https://rs.clic2buy.com https://t.clic2buy.com https://cart.clic2drive.com https://www.clickcease.com https://event.2performant.com https://*.anvelope-autobon.ro https://t.profitshare.ro https://*.google.com https://*.googleadservices.com https://*.google.ro https://*.youtube.com https://*.googleapis.com https://*.cloudflare.com https://googleads.g.doubleclick.net https://scaleflex.ultrafast.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.com https://*.googletagmanager.com https://*.facebook.net; style-src 'self' 'unsafe-inline' https://*.anvelope-autobon.ro https://*.google.com https://*.googleadservices.com https://*.google.ro https://*.youtube.com https://*.googleapis.com https://*.cloudflare.com https://googleads.g.doubleclick.net https://scaleflex.ultrafast.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.com https://*.googletagmanager.com https://*.facebook.net; img-src 'self' data: https://rs.clic2buy.com https://t.clic2buy.com https://cart.clic2drive.com https://maps.gstatic.com https://trusted.ro https://t.profitshare.ro https://*.anvelope-autobon.ro https://*.google.com https://*.googleadservices.com https://*.google.ro https://*.youtube.com https://*.googleapis.com https://*.cloudflare.com https://googleads.g.doubleclick.net https://scaleflex.ultrafast.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.com https://*.googletagmanager.com https://*.facebook.net; font-src 'self' https://fonts.gstatic.com https://*.anvelope-autobon.ro https://*.google.com https://*.googleadservices.com https://*.google.ro https://*.youtube.com https://*.googleapis.com https://*.cloudflare.com https://googleads.g.doubleclick.net https://scaleflex.ultrafast.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.com https://*.googletagmanager.com https://*.facebook.net; connect-src 'self' https://event.2performant.com https://*.enzuzo.com https://google.com https://metrics.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://*.hotjar.com https://rs.clic2buy.com https://t.clic2buy.com https://cart.clic2drive.com https://monitor.clickcease.com https://*.anvelope-autobon.ro https://*.google.com https://*.googleadservices.com https://*.google.ro https://*.youtube.com https://*.googleapis.com https://*.cloudflare.com https://googleads.g.doubleclick.net https://scaleflex.ultrafast.io https://*.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.com https://*.googletagmanager.com https://*.facebook.net; media-src 'self' https://*.anvelope-autobon.ro; object-src 'self'; prefetch-src 'self' https://*.anvelope-autobon.ro; child-src 'self'; frame-src 'self' https://*.doubleclick.net https://rs.clic2buy.com https://t.clic2buy.com https://cart.clic2drive.com https://event.2performant.com https://*.google.com https://c.profitshare.ro https://*.facebook.com https://*.youtube.com https://*.googleapis.com https://*.cloudflare.com; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://*.facebook.com; manifest-src 'self' https://static.anvelope-autobon.ro 1
default-src 'self' https: blob:; script-src 'unsafe-inline' 'unsafe-eval' https://www.mycerdant.com https://mycerdant.com https://managed.firewalls.com https://security.mytech.com; style-src 'unsafe-inline' https://www.mycerdant.com https://mycerdant.com https://managed.firewalls.com https://security.mytech.com; img-src data: https://www.mycerdant.com https://mycerdant.com https://managed.firewalls.com https://security.mytech.com; frame-ancestors 'self' 1
default-src ‘self’ *.fsbpt.org; 1
default-src https: wss: data: blob: 'unsafe-eval' 'unsafe-inline' 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 1
frame-ancestors *.travelallrussia.com *.firebirdtours.com *.force.com http://webvisor.com https://tourstoeurope.com 1
default-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sensehqchat.com *.sensehq.com *.careinspectorate.wales *.careinspectorate.com embedsocial.com *.livechatinc.com player.vimeo.com sp.analytics.yahoo.com *.tvsquared.com s.yimg.com tracker.gaconnector.com bat.bing.com cdn.mouseflow.com ict.infinity-tracking.net *.crazyegg.com api.carehome.co.uk www.cqc.org.uk cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org script.infinity-tracking.com *.vimeocdn.com *.gstatic.com www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.google.com maps.googleapis.com *.twimg.com connect.facebook.net *.googleapis.com ajax.aspnetcdn.com;style-src 'self' 'unsafe-inline' *.careinspectorate.wales embedsocial.com *.livechatinc.com api.carehome.co.uk www.cqc.org.uk fonts.googleapis.com;connect-src 'self' *.sensehqchat.com *.sensehq.com region1.analytics.google.com *.careinspectorate.wales *.mouseflow.com embedsocial.com *.livechatinc.com bat.bing.com cookie-cdn.cookiepro.com cdn.cookielaw.org *.onetrust.com s.yimg.com *.crazyegg.com ict.infinity-tracking.net nas.lon.infinity-tracking.com api.carehome.co.uk cdn.cookielaw.org web.lon.infinity-tracking.com vimeo.com maps.googleapis.com *.google-analytics.com *.doubleclick.net www.facebook.com;font-src 'self' cdn.livechatinc.com fonts.gstatic.com fonts.googleapis.com;frame-ancestors 'self' cms.careuk.com admin.cuk.local uat-cms.careuk.com uat2-cms.careuk.com;frame-src 'self' *.spotify.com maps.google.com maps.google.co.uk *.sensehqchat.com *.careinspectorate.wales *.careinspectorate.com embedsocial.com *.livechatinc.com player.vimeo.com www.google.com www.facebook.com;img-src 'self' *.googleapis.com *.careinspectorate.wales *.careinspectorate.com cdn.livechat-files.com cdn.livechatinc.com cdn.cookielaw.org dpm.demdex.net *.tvsquared.com sp.analytics.yahoo.com bat.bing.com api.carehome.co.uk www.cqc.org.uk *.googletagmanager.com maps.gstatic.com maps.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.google.com *.google.co.uk i.vimeocdn.com data:;worker-src 'self' blob: *.careuk.com;media-src 'self' *.careinspectorate.wales *.careinspectorate.com cdn.livechatinc.com;form-action 'self' payments *.worldpay.com; 1
default-src 'self' https://map.infomaniak.com https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events *.dev.infomaniak.ch; font-src 'self' data: https://fonts.gstatic.com http://etickets.infomaniak.com https://etickets-beta.infomaniak.com http://etickets.infomaniak.ch https://themes.googleusercontent.com https://fonts.googleapis.com https://events.infomaniak.com https://infomaniak.events etickets.storage5.infomaniak.com eticketsdev.storage5.infomaniak.com https://www.infomaniak.events; style-src 'self' 'unsafe-inline' www.googleapis.com https://tagmanager.google.com http://etickets.infomaniak.com https://etickets-beta.infomaniak.com http://etickets.infomaniak.ch https://fonts.googleapis.com https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events; style-src-elem 'self' 'unsafe-inline' www.googleapis.com https://fonts.googleapis.com https://tagmanager.google.com etickets.storage5.infomaniak.com eticketsdev.storage5.infomaniak.com https://etickets.infomaniak.com https://etickets-beta.infomaniak.com http://etickets.infomaniak.ch https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events https://*.jm-contactless.ch https://jmco.ch; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.checkout.com connect.facebook.net www.google-analytics.com www.googletagmanager.com https://www.googletagmanager.com https://www.google-analytics.com ajax.googleapis.com https://ssl.google-analytics.com https://tagmanager.google.com https://gtm-tagging.infomaniak.events http://etickets.infomaniak.com https://etickets-beta.infomaniak.com http://etickets.infomaniak.ch *.ips.infomaniak.com https://web-components.storage.infomaniak.com https://www.google.com https://www.gstatic.com https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events https://www.googleadservices.com https://googleads.g.doubleclick.net etickets.storage5.infomaniak.com eticketsdev.storage5.infomaniak.com https://*.jm-contactless.ch https://jmco.ch; style-src-attr 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' cdn.checkout.com connect.facebook.net www.google-analytics.com www.googletagmanager.com https://gtm-tagging.infomaniak.events https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com http://www.google-analytics.com *.ips.infomaniak.com https://etickets-beta.infomaniak.com https://etickets.infomaniak.com https://web-components.storage.infomaniak.com https://www.google.com https://www.gstatic.com https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events https://www.googleadservices.com https://googleads.g.doubleclick.net etickets.storage5.infomaniak.com eticketsdev.storage5.infomaniak.com https://analytics.infomaniak.com/matomo.js; media-src 'self' etickets.infomaniak.ch http://str11.infomaniak.ch http://vod.infomaniak.com http://play.vod2.infomaniak.com http://str12.infomaniak.ch http://str13.infomaniak.ch http://str14.infomaniak.ch http://str15.infomaniak.ch http://str16.infomaniak.ch http://str17.infomaniak.ch http://str18.infomaniak.ch http://str19.infomaniak.ch http://static.infomaniak.ch https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events; frame-src 'self' www.google.ch www.google.com www.google.fr www.youtube.com maps.google.com api2.checkout.com etickets.infomaniak.ch etickets.infomaniak.com https://www.facebook.com http://etickets.infomaniak.com https://etickets-beta.infomaniak.com http://etickets.infomaniak.ch https://checkout.postfinance.ch/ https://e-payment.postfinance.ch/ https://efpayment.postfinance.ch/ https://player.infomaniak.com/ https://epayment.postfinance.ch/ https://p.monetico-services.com/ https://vod.infomaniak.com/ https://player.vod2.infomaniak.com/ https://api.vod2.infomaniak.com/ https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events https://*.jm-contactless.ch https://jmco.ch https://td.doubleclick.net/; connect-src 'self' blob: cdn.checkout.com api2.checkout.com sandbox.checkout.com www.facebook.com www.google-analytics.com https://analytics.infomaniak.com/matomo.js stats.g.doubleclick.net http://etickets.infomaniak.com https://etickets-beta.infomaniak.com http://etickets.infomaniak.ch http://str14.infomaniak.ch http://str16.infomaniak.ch *.bugsnag.com https://fonts.googleapis.com *.ips.infomaniak.com ws://*.ips.infomaniak.com http://*.ips.infomaniak.com/* ws://*.ips.infomaniak.com/* https://streaming.etickets.infomaniak.com https://map.infomaniak.com https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events https://*.infomaniak.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://www.google.com https://www.google.ch https://www.google.fr https://www.google.de https://www.google.be https://adservice.google.com https://*.analytics.google.com https://gtm-tagging.infomaniak.events https://www.googletagmanager.com https://*.jm-contactless.ch https://jmco.ch; child-src 'self' blob: https://www.infomaniak.events https://*.infomaniak.com; img-src 'self' blob: cdn.checkout.com api.checkout.com stats.g.doubleclick.net storage-master.infomaniak.com http://str11.infomaniak.ch http://str12.infomaniak.ch http://str13.infomaniak.ch http://str14.infomaniak.ch http://str15.infomaniak.ch http://str16.infomaniak.ch http://str17.infomaniak.ch http://str18.infomaniak.ch http://str19.infomaniak.ch http://vod.infomaniak.com https://eticketsdev.storage5.infomaniak.com https://etickets.storage2.infomaniak.com https://etickets.storage5.infomaniak.com storage-data1.infomaniak.ch www.facebook.com www.google.ch www.google.com www.google.fr www.googleapis.com etickets.infomaniak.ch storage5.infomaniak.com storage2.infomaniak.com etickets.infomaniak.com vod.infomaniak.com data: http://etickets.infomaniak.com https://etickets-beta.infomaniak.com https://etickets.preprod.dev.infomaniak.ch http://etickets.infomaniak.ch maps.gstatic.com https://ssl.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://web-components.storage.infomaniak.com https://events.infomaniak.com https://infomaniak.events https://www.infomaniak.events https://googleads.g.doubleclick.net eticketsdev.storage5.infomaniak.com etickets.storage5.infomaniak.com https://gtm-tagging.infomaniak.events *.dev.infomaniak.ch; worker-src data: blob:; report-uri /csp-reports 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-MydOMR2bMNzhrqBcLP+BLFLHlNYnqEZ6kfWbvtHUsQaYLU3q' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://snap.licdn.com https://rw1.marchex.io https://scripts.mymarketingreports.com https://nexus.ensighten.com https://googleads.g.doubleclick.net https://cse.google.com https://www.google.com https://25livepub.collegenet.com https://bbox.blackbaudhosting.com https://sky.blackbaudcdn.net https://www.gstatic.com https://www.youtube.com https://www.clarity.ms https://trkn.us/pixel/conv; style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.google.com https://bbox.blackbaudhosting.com; frame-ancestors 'self'; report-uri https://spscc.edu/report-uri/enforce 1
frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://js.na.chilipiper.com https://cdn.tutorialjinni.com https://d.adroll.com https://*.hubspotusercontent-na1.net https://*.hubspot.net https://platform.twitter.com https://platform.linkedin.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://www.googleoptimize.com  https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com  https://js.usemessages.com  https://js.hsleadflows.net  https://js.hsadspixel.net  https://js.hs-analytics.net  https://js.hscollectedforms.net  https://js.hs-banner.com  https://app.hubspot.com  https://www.googletagmanager.com  https://connect.facebook.net  https://snap.licdn.com  https://s.adroll.com  https://ipv4.d.adroll.com  https://cdn.freshbots.ai  https://s.adroll.com  https://code.jquery.com  https://www.googletagmanager.com  https://googleads.g.doubleclick.net https://cdn-cookieyes.com https://*.hsappstatic.net https://*.ads-twitter.com https://cdn.jsdelivr.net https://*.unifonic.com https://maps.googleapis.com https://d10zminp1cyta8.cloudfront.net https://static.hotjar.com/ https://script.hotjar.com/ https://tag.clearbitscripts.com/ https://x.clearbitjs.com/;; upgrade-insecure-requests 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com unpkg.com woobox.com www.google-analytics.com *.typekit.net cdn.jsdelivr.net; font-src * 'self' 'unsafe-eval' 'unsafe-inline' data:; connect-src * 'self'; object-src 'self' 'unsafe-eval' 'unsafe-inline'; child-src 'self' youtube.com  woobox.com www.google-analytics.com *.youtube.com www.google.com; frame-src * 'self' 'unsafe-eval' 'unsafe-inline' youtube.com  woobox.com www.google-analytics.com *.youtube.com; script-src * 'self' 'unsafe-eval' 'unsafe-inline' maps.googleapis.com www.google.com www.google-analytics.com unpkg.com  woobox.com; media-src * 'self' 'unsafe-eval' 'unsafe-inline'; img-src * 'self' filesystem: data: blob:; 1
frame-src 'self' bomjesus.br *.bomjesus.br usf.edu.br *.usf.edu.br fae.edu *.fae.edu google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com viddler.com *.viddler.com eadfranciscanos.com.br *.eadfranciscanos.com.br virtualspirits.com *.virtualspirits.com indd.adobe.com *.indd.adobe.com *.s7.addthis.com *.youtu.be pixel.mathtag.com ct.pinterest.com *.canva.com 1
default-src 'self' data: blob: *.conac.cn  *.gov.cn *.gaokao.cn *.eol.cn *.jiathis.com *.baidu.com *.bshare.cn *.eol.cn *.qq.com *.kaipuyun.cn *.bdimg.com *.wx.qq.com *.people.com.cn *.weibo.com *.m1905.cn 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; object-src 'self'; frame-src 'self'; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' https://block.opendns.com https://coopbank.tt.omtrdc.net https://thecooperativebank.d1.sc.omtrdc.net https://www.googleapis.com https://dpm.demdex.net https://www.youtube-nocookie.com *.googleapis.com *.googlevideo.com https://play.google.com https://d2hpwsdp0ihr0w.cloudfront.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static-assets-cdn.i.cloud.panopto.eu data:; frame-src 'self' https://www.youtube-nocookie.com https://cooperativebank.demdex.net https://cdn.embedly.com https://bpp.cloud.panopto.eu https://widget.trustpilot.com; img-src 'self' data: https://thecooperativebank.d1.sc.omtrdc.net https://www.fscs.org.uk https://cm.everesttech.net https://static-assets-cdn.i.cloud.panopto.eu https://d2hpwsdp0ihr0w.cloudfront.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://bat.bing.com https://tags.tiqcdn.com https://my.tealiumiq.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://static-assets-cdn.i.cloud.panopto.eu https://cdn.eu.pendo.io https://cdn.embed.ly https://bpp.cloud.panopto.eu https://widget.trustpilot.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://static-assets-cdn.i.cloud.panopto.eu; media-src 'self' blob: 1
script-src 'self' https://*.grantstreet-cdn.com https://*.govhub.com https://*.grantstreet.com:* https://vault.county-taxes.com https://www.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://secure.gravatar.com https://admin.typeform.com https://*.paypal.com https://*.paypalobjects.com 'nonce-6d225bb3959c4eb6f2933d0143df5566'; connect-src 'self' https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://*.county-taxes.com:* https://county-taxes.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://pay.google.com https://google.com/pay https://www.google.com/pay https://*.algolia.io https://*.algolia.net https://*.algolianet.com stats.g.doubleclick.net https://translation.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://s3.amazonaws.com https://cdn-grantstreet-com.s3.amazonaws.com https://www.google.com; object-src 'none'; frame-ancestors 'self' https://*.govhub.com https://govhub.com https://*.pay-hub.net https://pay-hub.net https://atcwebsite-gsg.azurewebsites.net https://sbcountyatc.gov; report-uri https://o168195.ingest.sentry.io/api/1432778/security/?sentry_key=10c054b10b974c81b73423a0d835e640; 1
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src 'self' https://td.doubleclick.net/ *.liveperson.net https://kuula.co/ https://sy.msghist.liveperson.net/ https://tokenizer.liveperson.net/ https://player.flipsnack.com/ https://checkout.roller.app/ https://mcc.jotform.com/ https://safekey-3.americanexpress.com/ https://tsys.arcot.com https://checkoutshopper-live-au.adyen.com/ https://api.roller.app/ https://www.securesuite.co.uk/ https://checkoutshopper-live.adyen.com https://www.sevenrooms.com/ https://s7.addthis.com/ https://analytics-au.clickdimensions.com/ https://www.australiansportsmuseum.org.au https://mcc-asm-sitecore.azurewebsites.net https://www.rollerdigital.com/ https://submit.jotform.com/ https://form.jotform.com/ https://www.youtube.com/ https://lpcdn.lpsnmedia.net/ https://sy.msg.liveperson.net/ https://sy.idp.liveperson.net/ https://www.facebook.com/ https://m.facebook.com/ https://omny.fm/ https://cdn.flipsnack.com/ https://player.vimeo.com/ https://roller.app/ https://www.google.com/; connect-src 'self' https://www.facebook.com/ wss://65b0f9981a016.streamlock.net/webrtc-session.json *.liveperson.net https://stats.g.doubleclick.net https://maps.googleapis.com https://weather-ydn-yql.media.yahoo.com https://www.google-analytics.com/ wss://sy.msg.liveperson.net/ws_api/account/1987918/messaging/consumer; media-src 'self' https://lpcdn.lpsnmedia.net/; 1
default-src 'self' 'unsafe-inline' *.mouseflow.com newsletter.abacus.ch fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://www.abacus.ch/; img-src 'self' www.linkedin.com *.googleapis.com www.googletagmanager.com/a px4.ads.linkedin.com www.google-analytics.com www.google.com www.google.ch maps.gstatic.com maps.google.com googleads.g.doubleclick.net px.ads.linkedin.com data:; connect-src 'self' px.ads.linkedin.com o2.mouseflow.com region1.analytics.google.com region1.google-analytics.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com cdn.linkedin.oribi.io; font-src 'self' fonts.gstatic.com; script-src 'self' www.abacus.ch snap.licdn.com cdn.mouseflow.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com newsletter.abacus.ch maps.googleapis.com maps.google.com googleads.g.doubleclick.net stats.g.doubleclick.net ajax.googleapis.com 'unsafe-eval' 'unsafe-inline'; frame-src 'self' td.doubleclick.net app.livestorm.co; 1
default-src 'self'; base-uri 'self'; img-src * data: 'unsafe-inline'; style-src * 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; font-src thyssenkrupp.com *.thyssenkrupp.com *.recruitmentplatform.com *.bootstrapcdn.com; connect-src *; frame-ancestors 'self'; frame-src *; media-src * blob:; object-src * data: 'unsafe-eval'; worker-src blob: 1
https: https://mcprod.guardian.com.sg/ 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://123456.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://v2assets.zopim.io https://jsd-widget.atlassian.com wss://123456.zendesk.com wss://*.zopim.com *.emarsys.net *.scarabresearch.com https://www.instagram.com https://www.tiktok.com; style-src 'self' blob: https: 'unsafe-inline' https://mcprod.guardian.com.sg/; img-src data: http: https:; object-src 'none'; base-uri 'self' jsd-widget.atlassian.com; child-src 'self'; font-src data: 'self' fonts.gstatic.com dsf-cdn.loreal.io; frame-src *.atlassian.com *.emarsys.net *.scarabresearch.com *.facebook.com *.google.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.guardianmy.me play.guardian.com.my dsf-cdn-staging.loreal.io 6493187.fls.doubleclick.net *.gphb01pdazurefileshare.blob.core.windows.net *.mcprod.guardian.com.sg https://guardian.com.sg https://gphb01pdazurefileshare.blob.core.windows.net https://mcprod.guardian.com.sg 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.es/report-uri/enforce 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.facebook.net *.licdn.com *.twitter.com *.twimg.com *.youtube.com s.ytimg.com *.etracker.com *.etracker.de *.matomo.cloud *.upsales.com match.adsby.bidtheatre.com; object-src 'self'; form-action 'self' *.twitter.com; media-src 'self' *.materna.de *.youtube.com; child-src *.google.com *.gstatic.com *.facebook.com *.twitter.com *.youtube.com *.eu-de.mybluemix.net *.materna.de; img-src 'self' blob: data: *.google.com *.google.de *.gstatic.com *.google-analytics.com *.doubleclick.net *.linkedin.com *.twitter.com *.twimg.com *.youtube.com *.etracker.com *.googletagmanager.com *.matomo.cloud *.upsales.com; frame-ancestors 'self' *.googletagmanager.com *.facebook.com *.twitter.com; worker-src 'self'; connect-src 'self' *.google-analytics.com *.etracker.com *.etracker.de *.g.doubleclick.net *.matomo.cloud; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NDVmMWM0MGE1ZDM2NGMyZmIzOTE3MjAzZWUxMjEwZmQ=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rekenkamer.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.rekenkamer.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rekenkamer.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' 81.12.67.1 1
default-src �eself�f; 1
default-src 'none'; media-src blob: 'self' *.streamlock.net:44; img-src 'self' https: www.googleadservices.com https://ssl.gstatic.com https://cm.g.doubleclick.net https://um.simpli.fi https://www.grayson.edu https://grayson.edu *.siteimproveanalytics.io https://www.facebook.com google.com https://www.google.com https://www.googleapis.com *.google.com googletagmanager.com; font-src 'self' https://grayson.edu https://www.grayson.edu data: *.fontawesome.com fontawesome.com https://fonts.gstatic.com https://use.typekit.net;   script-src 'self' *.grayson.edu 'unsafe-eval' https://www.gstatic.com 'sha256-Q0SgfFrYvrGK5sYZgVIUth9k+1imwxp9mAO07vkkV6A=' 'sha256-5G4MDpvIlL2NdEmc2gYtjSwAjmYC27Qt9NNe01IiCCQ=' 'sha256-QyHZdNFKfbz9dbpRjiVnpHUnv2dU5cjEamPjzv8+hEY=' 'sha256-rdmoUvW5MVZD7lRfUGe+vl1rwuOalZAVz3nUZGR/OIU=' 'sha256-zBEJ/6eM8Paq5I6YfqbXFfeoV8INndBDOQpnQ1RsXqs=' *.brownrice.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net *.googleadservices.com 'sha256-O/zTpuSWUZpm1ZhWJI6B4W7oPlxJoXutOZHa7kHH2Sk=' https://www.google-analytics.com https://www.googletagmanager.com code.jquery.com *.fontawesome.com fontawesome.com google.com https://www.google.com termly.io *.termly.io https://fonts.googleapis.com https://i.simpli.fi https://cdnjs.cloudflare.com 'sha256-ZEJtZqIWhnX9HCm0KdRanhRU+bHvkufzXiZ44/BKeyQ=' 'sha256-zspvqygd5VLWe3gdeb4w3dHUuJbyK5+iTeeuoA9rxXM=' 'sha256-LXFgKPK11Crz266O19Njl0UzQNIKHzfJ13bj8LucUQ0=' 'sha256-nP0EI9B9ad8IoFUti2q7EQBabcE5MS5v0nkvRfUbYnM=' 'sha256-R2ShFopcwY8MLrIvZArev8n18Gk2thhMCQuJyb0y2L8=' 'sha256-8/EYqXC5wZfo67qWNfi58RJ0zLYFQRIXWOJdbcagteA=' 'sha256-sJ2fqzJ2OTVE0jwCO/r6sju+8E4qzZzyBUwoibr8sKI=' 'sha256-MQO+yOdo97VgeOugkrGJtydmGzhPPyOaMDrOFmJhvYY=' 'sha256-AHjIJAH3a3uqxaIPQaG6037autc6hnmaKvfqD9BAxak=' 'sha256-XJf6hvhxCavkb0EOlyAgPEtx4Rfh9IpKKzo9fwPWmxU=' 'sha256-6iCPrVwfLrY9UtcwFNi17m+f210JhSrFr+phwHJ/0FU=' https://siteimproveanalytics.com https://cse.google.com *.facebook.net https://ssl.spectate.com https://*.spectate.com; connect-src 'self' https://5ddd47d64e730.streamlock.net:444 https://www.google-analytics.com *.fontawesome.com fontawesome.com https://app.termly.io *.withgoogle.com *.doubleclick.net; style-src 'self' googletagmanager.com *.brownrice.com https://www.grayson.edu 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com https://fonts.googleapis.com https://use.typekit.net *.typekit.net https://www.google.com https://www.facebook.com https://stats.g.doubleclick.net;   worker-src 'self' blob:; frame-ancestors 'none';  frame-src *.concept3d.com https://app.termly.io/ https://e.issuu.com https://my.spectate.com https://cse.google.com https://www.facebook.com https://www.youtube.com *.office.com *.microsoftstream.com gc.com https://sway.cloud.microsoft *.brownrice.com *.smartsheet.com *.google.com; base-uri 'none'; form-action 'self' https://www.facebook.com 1
frame-ancestors *.nfapp.southcn.com *.nfnews.com; 1
frame-ancestors 'self' https://optimumlightpathvoice.com https://*.optimumlightpathvoice.com https://*.provserv.optimumlightpathvoice.com https://lightpathhostedvoice.com https://*.lightpathhostedvoice.com https://*.calllist.lightpathhostedvoice.com https://*.dialer.lightpathhostedvoice.com https://*.quickdial.lightpathhostedvoice.com https://*.voicemail.lightpathhostedvoice.com https://lightpathhostedvoice.com https://optimumlightpathvoice.com https://golightpath.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.connectamericas.com *.google.com *.googletagmanager.com *.gstatic.com *.typeform.com *.hotjar.com *.facebook.net googleads.g.doubleclick.net *.google-analytics.com *.messagebird.com; connect-src 'self' *; img-src 'self' * blob: data:; style-src 'self' 'unsafe-inline' *.connectamericas.com *.googleapis.com *.typeform.com *.cloudflare.com; font-src 'self' *.gstatic.com *.cloudflare.com data:; frame-src 'self' * 1
frame-ancestors 'self' https://my.axelos.com https://www.peoplecert.org https://login.peoplecert.org https://selt.languagecert.org 1
default-src 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' cfengine-package-repos.s3.amazonaws.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' https: 'unsafe-inline'; object-src 'self'; img-src 'self' data: https:; font-src 'self' https:; frame-src 'self' www.google.com www.youtube.com; manifest-src 'self'; base-uri 'self'; form-action 'self' webto.salesforce.com; frame-ancestors 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
base-uri 'self'; style-src 'self' 'unsafe-inline' *.cognitoforms.com *.dignityhealth.org *.foresee.com *.hellohumankindness.org *.marketo.com fonts.googleapis.com use.typekit.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dignityhealth.org *.evaliahealth.com *.everesttech.net *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.gstatic.com/recaptcha/ *.hellohumankindness.org *.invoca.net *.jotform.io *.marchex.io *.marketo.com *.marketo.net *.recaptcha.net/recaptcha/ *.tealiumiq.com *.tealiumiq.com *.youtube.com ajax.googleapis.com ajax.microsoft.com bam.nr-data.net cdnjs.cloudflare.com commonspirit.experiencecloud.adobe.com experience.adobe.com gateway.foresee.com googleads.g.doubleclick.net googletagmanager.com js-agent.newrelic.com login.commonspirit.org maps.googleapis.com pc-dignityhealth-visitor-service.tealiumiq.com tags.tiqcdn.com tags.tiqcdn.com unpkg.com use.typekit.net; frame-src 'self' *.jotform.io *.marketo.com *.vimeo.com *.youtube.com commonspirit.demdex.net docasap.com mychart.chisaintjosephhealth.org www.cognitoforms.com www.google.com www.recaptcha.net; img-src 'self' *.agkn.com *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.googleadservices.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.hellohumankindness.org *.marketo.com *.youtube.com bam.nr-data.net cdn.jotfor.ms data: dpm.demdex.net googleads.g.doubleclick.net googletagmanager.com i.ytimg.com login.commonspirit.org s3.amazonaws.com use.typekit.net www.google.com; connect-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org *.everesttech.net *.foresee.com *.google.com/pagead/ *.google.com/recaptcha/ *.googleadservices.com *.hellohumankindness.org *.mktoresp.com *.mktoutil.com *.omtrdc.net ajax.microsoft.com analytics.google.com api.ipify.org bam.nr-data.net device.4seeresults.com dpm.demdex.net fid.agkn.com fonts.googleapis.com identity-api.commonspirit.org identity-func.commonspirit.org login.commonspirit.org maps.googleapis.com pc-dignityhealth-collect.tealiumiq.com pc-dignityhealth-visitor-service.tealiumiq.com readaloud.googleapis.com translate.googleapis.com; default-src 'self' *.ase-usw1-shared-prd.p.azurewebsites.net *.dignityhealth.org commonspirit.demdex.net identity-func.commonspirit.org identity-spa.commonspirit.org login.commonspirit.org pc-dignityhealth-collect.tealiumiq.com; font-src 'self' *.dignityhealth.org *.gstatic.com cdn.jorfor.ms data: use.typekit.net; 1
default-src 'self' packages.umbraco.org our.umbraco.org api.cludo.com;script-src 'self' cdnjs.cloudflare.com content.govdelivery.com f1-eu.readspeaker.com code.jquery.com ajax.googleapis.com maps.google.com customer.cludo.com api.cludo.com siteimproveanalytics.com www.googletagmanager.com *.gstatic.com www.google-analytics.com maps.googleapis.com www.google.com www.youtube.com d3saea0ftg7bjt.cloudfront.net *.civiccomputing.com app.10to8.com connect.facebook.net app-script.monsido.com code.myadvent.net calendar.myadvent.net analytics.silktide.com cdn.ons.gov.uk www.ons.gov.uk *.communitybox.co 'unsafe-eval' 'unsafe-inline';style-src 'self' customer.cludo.com f1-eu.readspeaker.com fonts.googleapis.com 'unsafe-inline';connect-src 'self' directories.spindogs.com maps.googleapis.com api.cludo.com *.civiccomputing.com *.google-analytics.com *.google.com *.communitybox.co;font-src 'self' cdn.jsdelivr.net fonts.gstatic.com;img-src 'self' chelmsfordcc.blob.core.windows.net 365501.global.siteimproveanalytics.io f1-eu.readspeaker.com customer.cludo.com www.google-analytics.com maps.gstatic.com maps.google.com img.youtube.com *.googleapis.com content.govdelivery.com data: *.google.co.uk *.google.com *.facebook.com;media-src 'self' www.youtube.com player.vimeo.com app-eu.readspeaker.com rstts-eu.readspeaker.com;frame-src 'self' www.youtube.com www.google.com player.vimeo.com app-eu.readspeaker.com rstts-eu.readspeaker.com www.google.com www.google-analytics.com chelmsford-gov.maps.arcgis.com activeintime.com *.activeintime.com *.chelmsford.gov.uk www.jigsawexplorer.com app.10to8.com code.myadvent.net calendar.myadvent.net *.facebook.com *.soundcloud.com cdn.ons.gov.uk www.ons.gov.uk *.communitybox.co 1
base-uri self; object-src none; font-src * data:; img-src *; script-src 'self' embed.tawk.to cdn.jsdelivr.net www.hostworx.co.za cdn.fraudlabspro.com www.google.com www.gstatic.com www.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.tawk.to; frame-ancestors 'self'; report-uri ; report-to default 1
frame-ancestors tarketthome.com www.tarketthome.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-xuZGkfxAP/T92YDrdsA3TZV1REAIiY5DupM8ub6FD2lGSy3v' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://*.fnol.cz/ 1
frame-ancestors 'self' *.yandex.ru *.yastatic.net https://webvisor.com http://webvisor.com; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-xnQJlBJVT1SA/YIrK4eU2Q==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
script-src 'report-sample' 'nonce-Ii-gK21n_OxTVuWUyXlItw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /cspreport 1
frame-ancestors 'self' https://echobotsales.de/ https://*.echobotsales.de/ https://*.lightning.force.com/ https://*.my.salesforce.com https://*.echobot.de https://d35wjiveis58b7.cloudfront.net/ https://www.dealfront.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-eA6jSHzG7DuavkfO+puLzz5h7dcFG/0D8oDZr2bV0PUZ2enL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' *.anthembluecross.com; 1
frame-ancestors support.unionepro.ru 1
style-src 'self' http://* 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://use.typekit.net https://api-fra.livechatinc.com; frame-src 'self' https://secure-fra.livechatinc.com https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com https://player.vimeo.com/ https://vimeo.com/ https://w.soundcloud.com/ https://www.facebook.com/ https://js.stripe.com/ https://www.hubspot.com/ https://www.youtube-nocookie.com/ https://meetings.hubspot.com/ https://www.googletagmanager.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' at.alicdn.com *.alicdn.com *.googleapis.com *.gstatic.com *.baidu.com *.bdimg.com *.xinhongru.com *.highcharts.com *.youku.com *.liantu.com *.highcharts.com *.qq.com data: 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-409f2caa701e85b1898730c277a3e7b2'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' web-sdk.aptrinsic.com responder.wt-safetag.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com web-sdk.aptrinsic.com; object-src 'none'; connect-src esp.aptrinsic.com; img-src 'self' data: 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com https://givebutter.com https://www.google.com https://www.googletagmanager.com  https://maps.googleapis.com https://maps.google.com https://connect.facebook.net https://www.youtube.com https://*.cloudfront.net https://www.bugherd.com https://www.google-analytics.com/analytics.js https://cdn.jsdelivr.net https://releases.transloadit.com https://script.hotjar.com/ https://static.hotjar.com 1
child-src blob:; worker-src blob:; img-src * 'self' data: https://*.local https://*.botest.nl https://*.basicorange.nl https://nietzonderjullie.nl https://*.nietzonderjullie.nl https://werkenbijavl.nl https://*.werkenbijavl.nl https://avlacademie.nl https://*.avlacademie.nl https://www.avl.nl https://*.avl.nl; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.digitalcx.com https://*.elitechnology.com https://*.hotjar.io https://*.foleon.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://*.youtube.com https://*.youtube-nocookie.com https://*.ytimg.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.google.nl https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://*.adform.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://cx.atdmt.com https://www.googletagmanager.com https://www.googleoptimize.com https://api.ipify.org https://*.clarity.ms https://i.vimeocdn.com https://www.gravatar.com https://virtuele.tours https://code.jquery.com https://www.mkyong.com https://instant.page/1.2.2 https://use.typekit.net https://widget.freshworks.com https://basicorange.freshdesk.com; frame-src 'self' https://*.google.com/ https://*.elitechnology.com https://*.local https://*.botest.nl https://*.basicorange.nl https://nietzonderjullie.nl https://*.nietzonderjullie.nl https://werkenbijavl.nl https://*.werkenbijavl.nl https://avlacademie.nl https://*.avlacademie.nl https://avl.nl https://*.avl.nl https://virtuele.tours/ https://vars.hotjar.com/ https://*.youtube.com https://www.youtube-nocookie.com https://*.adform.net https://*.spotify.com https://bid.g.doubleclick.net https://*.foleon.com https://*.flippingbook.com http://instant.page; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-29595a6173bb534d7ea60c334f42fd7e'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; object-src 'none'; base-uri 'self'; script-src 'self' 'strict-dynamic' js.taplytics.com cdn.segment.com 'unsafe-inline' https://js-agent.newrelic.com https://bam.nr-data.net https://use.typekit.net https://js.stripe.com https://embed.cloudflarestream.com widget.intercom.io js.intercomcdn.com https://fullstory.com https://www.fullstory.com https://edge.fullstory.com www.googletagmanager.com www.google-analytics.com analytics.google.com www.googleadservices.com googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://px.ads.linkedin.com https://9ssm9lghx525.statuspage.io https://js.hs-analytics.net https://tags.srv.stackadapt.com https://bat.bing.com https://ct.pinterest.com https://js.hsforms.net 'nonce-56adb36a4d055a6f05f25a089b5994a85365af0c5c2822e34e7308291943ed58'; style-src 'self' 'unsafe-inline' https://tags.srv.stackadapt.com https://ct.pinterest.com https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; img-src 'self' founded.media ownr.media www.gravatar.com https://videodelivery.net https://stats.videodelivery.net *.intercomcdn.com static.intercomassets.com intercom.help www.google-analytics.com https://www.google.ca https://www.google.com https://bat.bing.com https://googleads.g.doubleclick.net stats.g.doubleclick.net https://www.facebook.com https://messenger-apps.intercom.io https://px.ads.linkedin.com track.hubspot.com https://tags.srv.stackadapt.com https://ct.pinterest.com https://forms.hsforms.com https://forms-na1.hsforms.com data: blob:; font-src 'self' https://fonts.gstatic.com https://use.typekit.net js.intercomcdn.com data:; frame-src https://js.stripe.com https://bid.g.doubleclick.net https://intercom-sheets.com https://iframe.cloudflarestream.com https://9ssm9lghx525.statuspage.io https://www.loom.com https://www.youtube.com https://ct.pinterest.com/ https://ownr.links.growsumo.com https://forms.hsforms.com; media-src 'self' data: blob: https://js.intercomcdn.com https://videodelivery.net https://ownr.media; connect-src 'self' wss://www.ownr.co https://use.typekit.net api.segment.io https://cdn.segment.com https://www.google-analytics.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net analytics.google.com https://api.stripe.com fonts.gstatic.com fonts.googleapis.com https://rs.fullstory.com sentry.io https://videodelivery.net https://stats.videodelivery.net https://licensing.bitmovin.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://js.intercomcdn.com https://tags.srv.stackadapt.com https://ct.pinterest.com https://api.taplytics.com https://ping.taplytics.com https://bam-cell.nr-data.net https://bam.nr-data.net https://s3nonprodworker.ownr.party/ https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com; worker-src blob: 1
script-src 'self' https: 'unsafe-eval' 'unsafe-inline' 1
default-src 'none'; base-uri 'self'; connect-src 'self'; form-action 'self'; img-src 'self' data:; script-src 'self'; style-src 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.admixer.net https://www.gstatic.com *.admixer.net *.stacksandbox.com https://partner.googleadservices.com https://cse.google.com *.google.com https://connect.facebook.net https://script.hotjar.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://snap.licdn.com https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://static.hotjar.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://snap.licdn.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google-analytics.com; object-src 'none'; base-uri *.admixer.net;style-src 'self' 'unsafe-inline' https://script.hotjar.com https://cse.google.com https://cdn.admixer.net https://cse.google.com https://fonts.googleapis.com *.google.com https://cdn.jsdelivr.net https://use.fontawesome.com https://partner.googleadservices.com https://admixer.net https://www.gstatic.com *.stacksandbox.com report-uri https://proximaresearch.com 1
default-src * 'unsafe-inline' 'unsafe-eval' data: gap: content:; media-src * blob: data:; worker-src 'self' blob:; img-src * blob: data: 1
script-src 'self' https://js.stripe.com https://maps.googleapis.com https://app.posthog.com; worker-src 'strict-dynamic' 1
default-src 'none'; font-src 'self' a.stacker.news; img-src 'self' a.stacker.news m.stacker.news https: data: blob:; media-src 'self' a.stacker.news m.stacker.news; script-src 'self' 'unsafe-inline' 'nonce-OGNiZGQ2NDItYTdmMy00YjYwLWJlYTctOGIzNDlhMjhiODhm' 'strict-dynamic' https:; style-src 'self' a.stacker.news 'unsafe-inline'; manifest-src 'self'; frame-src www.youtube.com platform.twitter.com; connect-src 'self' https: wss:; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; frame-ancestors 'none' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-DWw3aaNQ5FyWfVgLvC/uoChP5SsDdg0nwYLwQ389GAvdklgo' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: data: wss://*.hotjar.com wss://*.intercom.io; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
frame-ancestors 'self' https://pages.et4.de; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.arz.at; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.arz.at maps.google.com www.googleadservices.com maps.googleapis.com www.econ-application.de; img-src 'self' *.accenture.com *.arz.at image.onoffice.de maps.google.com maps.googleapis.com maps.gstatic.com jobs.volksbankwien.at jobs.volksbank.tirol jobs.volksbanksalzburg.at jobs.volksbank-kaernten.at jobs.vbnoe.at jobs.vb-ooe.at jobs.volksbank-stmk.at lcdn.letscast.fm i.vimeocdn.com data:; connect-src 'self'  *.accenture.com *.arz.at maps.googleapis.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.arz.at kurse.banking.co.at www.youtube.com bank-news.at news.volksbank.tirol news.volksbank.at news.volksbankwien.at *.volksbanksalzburg.at *.apobank.at *.aerztebank.at *.volksbanksalzburg.com news.volksbank-kaernten.at news.vbnoe.at news.sparda.at news.vb-ooe.at news.volksbank-stmk.at angebot.derfairecredit.at iframe.justimmo.at vbkaernten.immo-export.at vbsalzburg.immo-export.at letscast.fm my.matterport.com player.vimeo.com; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' *.planmanager.na.solera.world; 1
default-src 'self' via.placeholder.com 172.16.9.107:8080 *.cookiefirst.com www.etracker.de www.dtvp.de 'unsafe-inline' nbank.myaudience.de search.nbank.de data:; 		media-src 'self'; 		font-src 'self' fonts.gstatic.com data:; 		style-src 'self' fonts.googleapis.com *.cookiefirst.com https://unpkg.com/leaflet@1.7.1/dist/leaflet.css 'unsafe-inline'; 		script-src 'self' 172.16.9.107:8080 *.cookiefirst.com www.etracker.de *.etracker.com 81.173.216.176/umrp/ www.dtvp.de nbank.myaudience.de 'unsafe-inline'; 		img-src 'self' https://unpkg.com/leaflet@1.7.1/dist/images/ *.tile.openstreetmap.org/ https://mafo1.myaudience.de/ www.kununu.com/de/partner/ data:; 		frame-src www.youtube.com www.youtube-nocookie.com www.podcaster.de innomatch.nds.de; 	 1
script-src 'unsafe-eval' 'self' blob: *.mpeasylink.com *.omtrdc.net *.convertlanguage.com *.bcbsnm.com *.walkme.com *.jquery.com  *.brightcove.com *.tvsquared.com *.marinsm.com *.clarity.ms *.steelhousemedia.com *.stackadapt.com  'sha256-Rqz5HBTdDZqvx9tFQtMxkOrL6I7oKHMPUmejT+2LMw8=' 'sha256-0rnAJ6vApAwYvkwKRItvYvJBuC2Tc6FUGnpWWGKm0s0=' 'sha256-E3D70tU+C9GFn1aNG7ja3BGmXO6SUTBfXNPkiks6YKM=' 'sha256-WiBrp8n6qzXaR53OMuij2Wqky+WBAZHWS4m9u+Y6Vgs=' 'sha256-Bwbsdql2wuxPBfreVcjv4IcQRIm2tK54E/ZtuKmHmLI=' 'sha256-+QoWUsMtJAiKNrS9ddu7252XOoLq26XVwk4TdboDGM0=' 'sha256-EFemVE1/2VPlNZdptBdgN2GjWc7noj81GGGv0MwOyJY=' 'sha256-K83smGC12/mOrMV+5hXYSc0TQHjFQM6XX+Zdj9pBbas=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-L+CdrbB/3MWzakKjyzoy8w1eIqDVGrsftnkvJdo4gIc=' 'sha256-ud+TXSHWwW6/Ltq5qioGqWeGcQMxHWR5TiMnvYBaUEk=' 'sha256-BaFk7RP58iF1BkZHdqeujuDXXLld9PS1LiKm9MnnQ2A=' 'sha256-3BUC2uqkLtf11hujvyMEl1NTcrpXaw9M/nxK0qpugE4=' 'sha256-ThHZXYAEciBA4PPtRsuwrM4rS6A27cEeDZfKFgMjOHs=' 'sha256-Fx0LrAqaK0HfpKOTd5jtbUe4X89Fz86oesjqSQUn8Y8=' 'sha256-1jH1jUGW8+/nnNLV4s1f8jHlAtMsBv985QVausqXm5s=' 'sha256-oRdVJzqGJc9xIgrN9giweGhI+uJQxUjkla++Xx19V+M=' 'sha256-P+6dUXh0AE0IknMkVtquEOaJZkrTTlUwjdLsSHSwG90=' 'sha256-ppW1Vv+qSVcs+/pIj1ZXvMiCLoyHyCdRqtDMeK9fQ9w=' 'sha256-XpDQ/sKD1Q35z6yrfuUgNaqcpCpmaF6wIFXhd6+xJLo=' 'sha256-39xatTpd5FpCS4XEP4t1a9EhvY/OmWxChEfjA6mbhtU=' 'sha256-N63VR5czWRUyi4yTEGyoam6orM200eR4SB/ndd2vCSE=' 'sha256-fa6IhOXuT1sFDBEux0qFqpXFUwCzHXKUpMweVwvDBK0=' 'sha256-518pk5SuTHe1wO+qPfs05CALGxGj8b7R9joTeyF3MMg=' 'sha256-h1BXcWieM0hfS3GVpaXzPev+V7bbo0VQKstgeMXvP04=' 'sha256-nyYhGb/ogFCXA+jjhnQPaWmEGq7zMi7is/Og/WHHu1U=' 'sha256-MW7xYbbWUIy+vpnrRUsAKgafurRDpmEtw8ibUiTK9kg=' 'sha256-5fsNGF2R9ioLIErxzZqlt7Q+qLwWOmVWJp0buVkNkRY=' 'sha256-JlKI/jgeMVC9UAc3axGPML/PCKwu8dAnBRUHncXK+cQ=' 'sha256-PYtocK3DFaOHMHXcTLPhO1P5IEXMf8cf6Yyf1u0USFQ=' 'sha256-nwxOa/AwuXKhEnQfF8z3U9AQyig3d1tfIX6QLS1c7/U=' 'sha256-GtVr9Zuz9aTjQAj54p9HhTNTu36Dn7NyQh3d7xMZg4k=' 'sha256-prCWgxIMGDrHbwdw5mT2MeFWJJGImVIKxAV7gJOpQ0w=' 'sha256-tU2s1s4syE7gpagiZ/DMk2OM7ZcxzIYUDAn0ZWZZvcw=' 'sha256-IohmHrNbNfYp1N8eOkosBSzsog22PSpNMgxp+rP0ba0=' 'sha256-gdUVY3rNP3d8mugxATRy94Oef9TvyvQv4LByypmpoQM=' 'sha256-Oc0DJ+pN/Q9MEzC3WsStCthU0JXK5IxeTD/NO180ggI=' 'sha256-3R5kPMMUS7lCbC94I1yEP6/LrPcCxCpJkMghRm5vc+M=' 'sha256-TfsnO13RGWJOuqMSQ71jj+6N2s997hJAghDCvf9s9dM=' 'sha256-xri8zZKOW+5jts4GRTZuQGosPS+dSTQJr5bebWtNr90=' 'sha256-zOJVpbdSYuV1KeKh04uYsnYyneK7qLzkfYDw9h6+0KM=' 'sha256-0Cmn/CPjE7iLtaGEpZ3gIbyK7+T2PCg6t/q0GQ8aurU=' 'sha256-+F7WJt5j0JAyOvITKopxkUbW3zrhfgO/64YUDWNfWV4=' 'sha256-V5fb1zKsLvfOQE+Tz3abD2NIZPMKdQKrZG6116lj62Y=' 'sha256-/R+9/01InyDhaLq1zYqbjyPav2dunvCCN1mHJxx026U=' 'sha256-023g/MYKiNi2UHZqb0fjW4jU0C9zmvXY7ylFFTbQLAs=' 'sha256-9w+aFd0ogU/pVs/M0q0ixKcQLrt524ABSMma2ixZRmA=' 'sha256-uvQd362cMOZMihRdpHDQkkQG005hI1hAULGe/1hrq7A=' 'sha256-RLZndXh1nmE1wrQG6kjO6AGpiyGJTN5t/otHymIj8UA=' 'sha256-ttmSnfQfAQQQiV28ls0mnFkkr+dl0cSWZO+7qlgQV7w=' 'sha256-JV3lxBYaKBxEcW9cv7bpM9YrLNCSO2x+5hI319J5VH4=' 'sha256-s1BV33CoxJjYzvmpCjN3WTwdPhNhnco3NW1k5J/YA3o=' 'sha256-7JcAvVdE2sCnsRNg9sUUpEVPc2NLH+qJYzoCeD2nHss=' 'sha256-ehPVrgdV2GwJCE7DAMSg8aCgaSH3TZmA66nZZv8XrTg=' 'sha256-ooG2PlUfrfqVyDZV30w0BK5FwqPKhiPhrYEc3z3R3ow=' 'sha256-5nRGMOmqCmDqDhW/cRGfA1gF0jaDt730ej6AJpe2m9g=' 'sha256-7bwnNunfhUOLCxywkp0xlObo3iqPpAfiCr6IN5IeXCA=' 'sha256-0Pvth24NB2HpvezgdvpJMgDYWi91zp9XQc0lnwVD76I=' 'sha256-VL0W/0a7GGeMu92Qz6/kju/TfhubARqd6hobZ5vR8HM=' 'sha256-G38Y5gB6x7PXV8puXKlJ1t7rV5fLuVPEDLHAb64SY20=' cdn.walkme.com  *.bcbsil.com *.bcbstx.com *.marketo.net *.hcsc.net contentz.mkt922.com healthcareservicecorporation.sc.omtrdc.net resources.digital-cloud-west.medallia.com dx.steelhousemedia.com cdn.decibelinsight.net *.facebook.net *.googleadservices.com bat.bing.com *.googletagmanager.com nexus.ensighten.com *.google-analytics.com js-cdn.dynatrace.com assets.adobedtm.com googleads.g.doubleclick.net gateway.foresee.com dx.steelhousemedia.com *.kampyle.com *.medallia.com, frame-src 'self' *.mpeasylink.com *.bcbsnm.com hcsc.demdex.net players.brightcove.net *.youtube.com resources.digital-cloud-west.medallia.com healthcareservicecorporation.sc.omtrdc.net *.kampyle.com *.medallia.com *.doubleclick.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://static.fsf.org; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'; plugin-types application/pdf application/x-shockwave-flash; cookie-scope none; frame-ancestors 'none' 1
default-src 'self'; script-src 'unsafe-inline' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.cookiebot.com https://*.provenexpert.com https://content.app-us1.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com https://*.123hundeschule.de https://*.cookiebot.com https://*.kutego.martinruetter.com https://open.spotify.com https://www.eversports.de https://*.edoobox.com https://*.klicktipp.com https://*.calenso.com https://*.etermin.net; connect-src 'self' https://openmaptiles.github.io https://maps.int.martinruetter.com https://*.cookiebot.com https://*.provenexpert.net https://*.google-analytics.com; script-src-elem 'self' 'unsafe-inline' https://*.cookiebot.com https://*.kutego.martinruetter.com https://*.googletagmanager.com https://*.edoobox.com https://*.provenexpert.com https://*.provenexpert.net https://*.klicktipp.com https://*.activehosted.com 'report-sample'; style-src 'self' https://*.provenexpert.com https://fonts.bunny.net 'unsafe-inline' 'report-sample'; font-src 'self' 'unsafe-inline' data: https://*.provenexpert.com https://fonts.bunny.net; worker-src 'unsafe-inline' blob:; report-uri https://www.martinruetter.com/@http-reporting?csp=report&requestTime=1715649950600792 1
frame-ancestors 'self' http://my-account.healthlabs.local 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.tiktok.com https://maps.googleapis.com https://maps.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cookie-cdn.cookiepro.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://www.googleadservices.com https://www.google.com *.cardinalcommerce.com *.braintree-api.com *.braintreegateway.com www.paypalobjects.com c.paypal.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com *.littlepay.com https://verify.qa.littlepay.com https://verify.qa.au.littlepay.com https://*.cardinalcommerce.com https://static.hotjar.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' *.braintree-api.com assets.braintreegateway.com https://maps.google.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://fonts.googleapis.com https://unpkg.com https://ajax.googleapis.com *.littlepay.com https://verify.qa.littlepay.com https://verify.qa.au.littlepay.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.tiktok.com maps.googleapis.com kg668dbov0.execute-api.us-east-1.amazonaws.com https://cookie-cdn.cookiepro.com *.cardinalcommerce.com *.braintreegateway.com *.braintree-api.com *.littlepay.com https://sentry.io *.littlepay.com wss://checkout-wss.littlepay.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.ingest.sentry.io; font-src 'self' https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self' * tracker-embed.aircoach.ie ssl.kaptcha.com tst.kaptcha.com *.braintree-api.com assets.braintreegateway.com c.paypal.com *.cardinalcommerce.com https://www.youtube-nocookie.com https://verify.qa.littlepay.com https://verify.qa.au.littlepay.com https://www.sandbox.paypal.com *.littlepay.com https://*.cardinalcommerce.com; img-src 'self' https://analytics.tiktok.com assets.braintreegateway.com *.paypal.com data: https://www.google.com https://maps.googleapis.com https://maps.gstatic.com https://maps.google.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://r.turn.com *.littlepay.com https://www.google-analytics.com https://cookie-cdn.cookiepro.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; child-src 'self' *.braintree-api.com assets.braintreegateway.com c.paypal.com; form-action 'self' * https://*.cardinalcommerce.com 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MTQ5LDI0MSwyMjMsNDEsMjE3LDk5LDcxLDE0MA==' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://music.amazon.com/embed/oembed https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/embed/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
frame-ancestors 'self' https://accept.authorize.net; 1
default-src 'self'; base-uri 'self'; script-src 'nonce-f70cb0d002baebb1affe6c8e0a4a5680' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.parship.nl tms.parship.nl *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: http: https: *.instana.io ; font-src 'self' data: *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.net *.doubleclick.net iframe.ly cookie.dxlabs.fr cdnjs.cloudflare.com 'unsafe-inline' *; object-src 'none'; style-src 'self' 'unsafe-inline' www.googletagmanager.com fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' *.vixns.net *.smol.org www.pinaultcollection.com *.youtube.com *.ytimg.com *.facebook.com *.google-analytics.com *.google.com *.google.fr *.dxlabs.fr data:; media-src *; frame-src *; font-src  'self' themes.googleusercontent.com fonts.googleapis.com; connect-src 'self' *.google-analytics.com analytics.tiktok.com https://errors.vixns.net/api/76/store/ https://errors.vixns.net/api/76/envelope/; upgrade-insecure-requests; script-src-attr 'unsafe-inline' 1
default-src 'self' *.akamaized.net *.googlevideo.com *.ivi.ru *.mc.yandex.ru *.mds.yandex.net *.mycdn.me *.rutube.ru *.sharethis.com *.sndcdn.com *.strm.yandex.net *.tiktokcdn.com *.tiktokv.com *.vkuser.net avatars.dzeninfra.ru blob: csi.gstatic.com data: fonts.gstatic.com googleads.g.doubleclick.net i.ytimg.com marketingplatform.google.com mc.yandex.md mc.yandex.ru media-k.ntv.ru pagead2.googlesyndication.com skyfire.vimeocdn.com strm.yandex.ru survey.g.doubleclick.net video-preview.s3.yandex.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com www.youtube.com ymetrica1.com unidownloader.com;frame-ancestors *.webvisor.com metrica.yandex.com.tr metrica.yandex.com metrika.yandex.by metrika.yandex.ru webvisor.com unidownloader.com;frame-src 'self' *.sharethis.com c.sharethis.mgr.consensu.org googleads.g.doubleclick.net mc.yandex.md mc.yandex.ru pagead2.googlesyndication.com survey.unidownloader.com tpc.googlesyndication.com www.google.com www.youtube.com udlsetup.ru;img-src 'self' *.rutube.ru *.sharethis.com *.tiktokcdn.com avatars.dzeninfra.ru avatars.mds.yandex.net data: i.mycdn.me i.vimeocdn.com i.ytimg.com i1.sndcdn.com mc.yandex.ru pagead2.googlesyndication.com pic.rutube.ru prismic.stackdeploy.ru unidownloader.cdn.prismic.io www.google-analytics.com www.googletagmanager.com unidownloader.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sharethis.com adservice.google.com adservice.google.ru blob: cdn.jsdelivr.net cdnjs.cloudflare.com mc.yandex.ru pagead2.googlesyndication.com partner.googleadservices.com static.cloudflareinsights.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.recaptcha.net www.youtube.com yastatic.net;script-src-elem 'self' 'unsafe-inline' *.sharethis.com adservice.google.com adservice.google.ru application/javascript cdn.jsdelivr.net cdnjs.cloudflare.com data:  mc.yandex.ru pagead2.googlesyndication.com partner.googleadservices.com static.cloudflareinsights.com tpc.googlesyndication.com www.google-analytics.com www.google.com www.googletagmanager.com www.googletagservices.com www.gstatic.com www.recaptcha.net www.youtube.com yastatic.net;style-src 'self' 'unsafe-inline' fonts.googleapis.com;upgrade-insecure-requests;base-uri 'self';font-src 'self' https: data:;form-action 'self';object-src 'none';script-src-attr 'none' 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'self' 'nonce-sh354q4Df954' *; style-src 'self' 'unsafe-inline' *;  frame-ancestors 'self'; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob:;frame-ancestors 'self' https://*.avon.ca 1
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-e39966369f6eb6b571ab49edbefcfc64' 'sha256-lP+eze/AK/U+wcFpKIsxa7UjndDoxGJzdu44XOkoqRo=' 'sha256-nzv8I5Mf0AZBUKeL70LtQfYBjK/DghfP72B8j+UI49I=' 'sha256-XUn0u9o0PrOqkPRlvSKJduPghRMELoQAwAZCSE3sASs=' 'sha256-oBDCmbdwlYyR8ewwQdEO9ynbtTtruNSsPCCjG3ZvYNg=' 'sha256-0zZPgsifJ8h8aM+gmSxkrfNtAGUZb7ItVug6/j1UR5g=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-kLOQNAVOaBgADiUv3KS/St2g6k1exicli/nlGA4Ku2Y=';default-src 'self' ws: wss: *.googletagmanager.com *.google-analytics.com *.cloud-iam.com *.brittanyferries.io *.hotjar.com *.hotjar.io *.reciteme.com *.google.com *.google.fr *.google.co.uk *.google.es *.clarity.ms *.contentful.com *.quantummetric.com *.googleadservices.com *.qualtrics.com *.bing.com *.infinity-tracking.net *.infinity-tracking.com *.googleapis.com *.googlesyndication.com *.matomo.cloud *.onetrust.com *.onetrust.io *.sentry.io *.facebook.net *.facebook.com *.teads.tv *.sncf-connect.com *.piwik.pro *.mypurecloud.de *.doubleclick.net;img-src 'self' * data: 'self' *.matomo.cloud 'self' *.piwik.pro;frame-ancestors 'self' *.youtube.com *.sips-atos.com *.sips-services.com *.googletagmanager.com *.reciteme.com *.hotjar.com *.hotjar.io *.cloud-iam.com *.brittanyferries.io *.brittanyferries.com *.clarity.ms *.quantummetric.com *.googleadservices.com *.qualtrics.com *.onetrust.com *.facebook.net *.facebook.com *.matomo.cloud;frame-src 'self' * blob:;base-uri 'self' 'self' *.matomo.cloud;script-src-attr 'self' 'unsafe-inline';script-src-elem 'strict-dynamic' 'nonce-e39966369f6eb6b571ab49edbefcfc64' 'sha256-lP+eze/AK/U+wcFpKIsxa7UjndDoxGJzdu44XOkoqRo=' 'sha256-nzv8I5Mf0AZBUKeL70LtQfYBjK/DghfP72B8j+UI49I=' 'sha256-XUn0u9o0PrOqkPRlvSKJduPghRMELoQAwAZCSE3sASs=' 'sha256-oBDCmbdwlYyR8ewwQdEO9ynbtTtruNSsPCCjG3ZvYNg=' 'sha256-0zZPgsifJ8h8aM+gmSxkrfNtAGUZb7ItVug6/j1UR5g=' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc=' 'sha256-kLOQNAVOaBgADiUv3KS/St2g6k1exicli/nlGA4Ku2Y=';form-action 'self' *.sips-services.com *.qualtrics.com *.facebook.net *.facebook.com;font-src 'self' https: data:;object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
upgrade-insecure-requests; report-uri https://jobs.teleperformance.com/privacy-policy/; form-action 'self'; object-src 'none'; script-src http: https: data: 'unsafe-inline'; 1
default-src 'none'; script-src 'self' cdn.robinhood.com cdn.pdst.fm/ping.min.js 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ tagmanager.google.com ssl.google-analytics.com connect.facebook.net sc-static.net d.impactradius-event.com www.redditstatic.com analytics.tiktok.com boards.greenhouse.io bat.bing.com www.googleadservices.com static.ads-twitter.com s.yimg.com *.usercentrics.eu ; worker-src 'self' blob: ; frame-src www.google.com/recaptcha/ www.youtube.com/iframe_api/ www.youtube.com/embed/ www.googletagmanager.com boards.greenhouse.io tr6.snapchat.com tr.snapchat.com fcm.quick1fr.com *.usercentrics.eu ; style-src 'self' 'unsafe-inline' cdn.robinhood.com tagmanager.google.com fonts.googleapis.com ; font-src 'self' cdn.robinhood.com data: ; media-src 'self' cdn.robinhood.com *.usercentrics.eu ; img-src 'self' images.robinhood.com cdn.robinhood.com www.google-analytics.com stats.g.doubleclick.net i.ytimg.com/vi/ images.ctfassets.net/5ft2qdzfrz9o/ images.ctfassets.net/mwphzyq69oso/ images.ctfassets.net/fomw95h5b4ty/ images.ctfassets.net/lnmc2aao6j57/ www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com www.google.com tr.snapchat.com tr6.snapchat.com bat.bing.com googleads.g.doubleclick.net data: alb.reddit.com analytics.twitter.com t.co sp.analytics.yahoo.com *.usercentrics.eu ; frame-ancestors 'self' ; manifest-src 'self' cdn.robinhood.com ; connect-src 'self' robinhood.com *.robinhood.com *.apollo.rhinternal.net www.google-analytics.com stats.g.doubleclick.net bat.bing.com/actionp/ us-central1-adaptive-growth.cloudfunctions.net/pdst-events-prod-sink ssl.google-analytics.com analytics.google.com sentry.io o62437.ingest.sentry.io www.googletagmanager.com tagmanager.google.com analytics.tiktok.com boards-api.greenhouse.io preview.contentful.com cdn.contentful.com s.yimg.com *.usercentrics.eu api.instagram.com/ ; upgrade-insecure-requests; block-all-mixed-content; report-uri https://o62437.ingest.sentry.io/api/1336410/security/?sentry_key=dadc326d25814a55b5486cb04f439a29; base-uri 'self' 1
object-src 'none'; child-src 'self' blob:; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self' https://*.labonline.nl; upgrade-insecure-requests; block-all-mixed-content 1
base-uri 'none'; frame-src 'self' 'unsafe-inline' *.youtube.com https://docs.bareos.org; connect-src 'self' https://matomo.bareos.com/matomo.php https://ga2.getresponse.com https://popups1-show.getresponse.com https://popups1-s.getresponse.com https://ts.getresponse.pl; font-src 'self' data: https://fonts.googleapis.com https://fonts.bunny.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.bareos.com/matomo.js https://an.gr-wcon.com https://us-an.gr-cdn.com https://us-wbe.gr-cdn.com; style-src 'self' 'unsafe-inline' https://fonts.bunny.net https://fonts.googleapis.com; img-src 'self' data: https://stamen-tiles-a.a.ssl.fastly.net https://stamen-tiles-b.a.ssl.fastly.net https://stamen-tiles-c.a.ssl.fastly.net https://tiles.stadiamaps.com  https://us-ms.gr-cdn.com; object-src 'none'; form-action 'self' data:; frame-ancestors 'self'; default-src 'none' 1
frame-src *.bambuser.com *.pzebra.com *.krato.io *.vimeo.com *.facebook.com *.google.com *.youtube.com *.yudu.com *.cloudfront.net *.pinkzebrahome.com  'self' blob:; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://aethy.com 'wasm-unsafe-eval'; font-src 'self' https://aethy.com; img-src 'self' data: blob: https://aethy.com https://cdn.aethy.com media.tenor.com; style-src 'self' https://aethy.com 'nonce-KIrf2fAVIdBXPeI/oNZWmw=='; media-src 'self' data: https://aethy.com https://cdn.aethy.com; frame-src 'self' https:; child-src 'self' blob: https://aethy.com; worker-src 'self' blob: https://aethy.com; connect-src 'self' blob: data: wss://aethy.com https://aethy.com https://cdn.aethy.com *.tenor.com; manifest-src 'self' https://aethy.com; form-action 'self' 1
default-src 'self' blob: www.google-analytics.com www.googletagmanager.com; img-src 'self' www.google-analytics.com www.googletagmanager.com data:; style-src 'self' 'unsafe-inline' www.google.com fonts.googleapis.com www.googletagmanager.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com/ www.googletagmanager.com/; 1
font-src 'self' *.bootstrapcdn.com *.comparemymove.com *.gstatic.com *.tawk.to *.hotjar.com *.myfonts.net *.fontawesome.com use.typekit.net rsms.me cdnjs.cloudflare.com *.squareup.com *.squarecdn.com d1g145x70srn7h.cloudfront.net data: 1
frame-ancestors 'self' https://oas.esf.edu.hk/  https://oasweb-stg.esf.edu.hk/  https://oasweb-uat.esf.edu.hk/  https://oasweb-dev.esf.edu.hk/  https://oasweb-dev2.esf.edu.hk/ https://srs-uat.esf.edu.hk  https://www.1823.gov.hk https://api.data.gov.hk; 1
style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com; img-src 'self' data: *.google-analytics.com https://evocms.s3.amazonaws.com *.doubleclick.net *.adfenix.com *.sfnix.com *.sfnix.net *.googleapis.com *.google.com *.google.co.uk *.google.ie *.gstatic.com *.ggpht.com *.googletagmanager.com *.facebook.com *.ytimg.com  *.vimeocdn.com *.icims.com  *.postcodeanywhere.co.uk *.your-move.co.uk *.reedsrains.co.uk https://script.hotjar.com/ *.convertize.io https://www.reedsrains.co.uk/uploads; frame-src 'self' *.doubleclick.net *.adfenix.com *.hotjar.com *.facebook.com *.google.com *.audioagent.com https://watchvid.io premium.giraffe360.com tour.giraffe360.com *.youtube.com  https://youtu.be  *.vimeo.com  *.icims.com  *.matterport.com  *.vieweet.com *.livechatinc.com *.investis.com *.yumpu.com; script-src 'self' *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.facebook.net *.adfenix.com *.hotjar.com *.googletagmanager.com https://core-aws.evocdn.co.uk *.youtube.com  https://akya.io *.convertize.io https://cs.commversion.com *.livechatinc.com https://cht-srvc.net 'nonce-70942d'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://evocms.s3.amazonaws.com/ https://script.hotjar.com/ https://cdn.livechatinc.com/widget/; connect-src 'self' *.facebook.com *.adfenix.com *.hotjar.com wss://*.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.doubleclick.net *.convertize.io https://api.rlfrc.net https://api.livechatinc.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.streamsex.com/csp-reports; report-to csp-endpoint 1
report-uri https://rcdow.org.uk 1
frame-ancestors https://www.moebel-kraft.de 'self' http://images.google.de http://images.google.com https://images.google.de https://images.google.com https://ogone.test.v-psp.com https://secure.ogone.com 1
frame-ancestors 'self' script-src 'self' 'unsafe-inline' 'unsafe-eval' w3.org www.googletagmanager.com d33t3vvu2t2yu5.cloudfront.net google-analytics.com  v1.addthis.com apis.google.com s7.addthis.com v1.addthisedge.com  www.google-analytics.com ajax.googleapis.com apps.googleusercontent.com play.google.com videojs.com; 1
img-src 'self' *.smithdrug.com openbadges.blob.core.windows.net ping.eeharbor.com www.google-analytics.com www.google.com data: blob:;            style-src 'self' *.smithdrug.com netdna.bootstrapcdn.com use.fontawesome.com fonts.googleapis.com 'unsafe-inline';            script-src 'self' *.smithdrug.com www.google.com ajax.googleapis.com www.gstatic.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';            font-src 'self' *.smithdrug.com ajax.googleapis.com use.fontawesome.com fonts.googleapis.com netdna.bootstrapcdn.com fonts.gstatic.com;            frame-src 'self' *.smithdrug.com www.google.com;            connect-src 'self' *.smithdrug.com updates.expressionengine.com stats.g.doubleclick.net www.google-analytics.com;            media-src 'self' *.smithdrug.com;            object-src 'self' *.smithdrug.com;            worker-src 'self' *.smithdrug.com blob: data:;            manifest-src 'self' *.smithdrug.com;            base-uri 'self' *.smithdrug.com;            default-src 'self' *.smithdrug.com;            form-action 'self' *.smithdrug.com webto.salesforce.com;         1
connect-src https: 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://snap.licdn.com/ https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://cdn.plyr.io https://www.youtube.com https://player.vimeo.com https://connect.facebook.net https://googleads.g.doubleclick.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://scholar.social; img-src 'self' https: data: blob: https://scholar.social; style-src 'self' https://scholar.social 'nonce-FjTk8DIuOO6VZiUK5w9mCg=='; media-src 'self' https: data: https://scholar.social; frame-src 'self' https:; manifest-src 'self' https://scholar.social; form-action 'self'; child-src 'self' blob: https://scholar.social; worker-src 'self' blob: https://scholar.social; connect-src 'self' data: blob: https://scholar.social https://cdn.masto.host wss://scholar.social; script-src 'self' https://scholar.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.leadsbridge.com *.facebook.com *.fb.com *.facebook.net *.tiktok.com 1
report-uri https://polkpa.report-uri.com/r/d/csp/enforce; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' browser-update.org serverapi.polkpa.org www.gstatic.com www.google.com ajax.googleapis.com seal.digicert.com exresources.polkpa.org; style-src 'self' 'unsafe-inline' www.polkpa.org serverapi.polkpa.org www.gstatic.com ajax.googleapis.com exresources.polkpa.org; img-src 'self' polkpa.org data: serverapi.polkpa.org seal.digicert.com exresources.polkpa.org; font-src 'self' data: serverapi.polkpa.org fonts.gstatic.com; connect-src 'self' exresources.polkpa.org serverapi.polkpa.org gissrvr https://api.pwnedpasswords.com/range/; media-src 'none'; object-src 'self'; child-src 'none'; frame-src www.youtube.com www.google.com; worker-src blob:; frame-ancestors 'none'; form-action 'self' exresources.polkpa.org translate.google.com; report-to csp-endpoint 1
frame-ancestors 'self' http://localhost:6090 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-3e5402d50e44cba1fdda1b1bec621ddb'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://urbanists.social; img-src 'self' https: data: blob: https://urbanists.social; style-src 'self' https://urbanists.social 'nonce-RklojS9eEOH25Axti3VIpg=='; media-src 'self' https: data: https://urbanists.social; frame-src 'self' https:; manifest-src 'self' https://urbanists.social; form-action 'self'; child-src 'self' blob: https://urbanists.social; worker-src 'self' blob: https://urbanists.social; connect-src 'self' data: blob: https://urbanists.social https://cdn.masto.host wss://urbanists.social; script-src 'self' https://urbanists.social 'wasm-unsafe-eval' 1
child-src  www.paypalobjects.com blob: 'self' 'unsafe-eval' 'unsafe-inline'; connect-src  bitsus.cv3admin.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com cdn.acsbapp.com *.attn.tv events.attentivemobile.com s.yimg.com *.clarity.ms inbound-analytics.pixlee.com *.powerreviews.com *.searchspring.io *.sharethis.com maps.googleapis.com www.bitsandpieces.com www.facebook.com bam.nr-data.net *.pingdom.net *.google.com bcp.crwdcntrl.net *.crazyegg.com *.hotjar.io *.hotjar.com gardensalive.force.com *.googleapis.com bam.nr-data.net bam.nr-data.net www.googletagmanager.com api.cloudinary.com *.gardensalive.com photos.pixlee.co gaorder.gardensalive.com wss://*.hotjar.com gardensalive.my.site.com *.omnichannelengagementhub.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.outbrain.com *.flippingbook.com; default-src  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com www.youtube.com www.bing.com; font-src  bitsus.cv3admin.com h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com www.bitsandpieces.com; form-action  www.facebook.com www.paypal.com checkout.sezzle.com *.bitsandpieces.com *.salesforce.com bitsus.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com gum.criteo.com *.sharethis.com photos.pixlee.com photos.pixlee.co *.hotjar.com service.force.com *.criteo.com *.criteo.net *.attn.tv tpc.googlesyndication.com secure.trust-provider.com www.youtube.com *.bitsandpieces.com *.facebook.com gardensalive.my.salesforce.com www.googletagmanager.com *.azureedge.net *.flippingbook.com; frame-ancestors  ; img-src  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com *.google-analytics.com *.google.com *.pinterest.com *.doubleclick.net *.bing.com  t.paypal.com www.facebook.com  www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/  f.monetate.net bitsus.cv3admin.com *.yahoo.com ads.avocet.io *.outbrain.com ib.adnxs.com *.criteo.com visitor.omnitagjs.com tg.socdm.com ad.yieldlab.net eb2.3lift.com criteo-sync.teads.tv sync-t1.taboola.com rtb-csync.smartadserver.com match.sharethrough.com pixel.rubiconproject.com simage2.pubmatic.com exchange.mediavine.com contextual.media.net ad.360yield.com r.casalemedia.com partner.mediawallahscript.com x.bidswitch.net idsync.rlcdn.com ad.tpmn.co.kr sync-criteo.ads.yieldmo.com ade.clmbtech.com tapestry.tapad.com s.ad.smaato.net trends.revcontent.com jadserve.postrelease.com www.pages08.net *.sharethis.com *.powerreviews.com d3cgm8py10hi0z.cloudfront.net *.searchspring.io i.liadm.com matching.ivitrack.com *.tremorhub.com h2.commercev3.net *.clarity.ms ib.adnxs.com partner.mediawallahscript.com ads.avocet.io assets.pixlee.com maps.gstatic.com www.bitsandpieces.com secure.trust-provider.com connect.facebook.net ads.avocet.io ads.avct.cloud id.rlcdn.com ads.betweendigital.com ws.rqtrk.eu tags.bluekai.com dpm.demdex.net aa.agkn.com sofia.trustx.org *.acsbapp.com *.criteo.net *.searchspring.net *.addthis.com bam.nr-data.net  *.acsbapp.com www.gstatic.com  *.casalemedia.com pippio.com i6.liadm.com ads.stickyadstv.com *.attn.tv events.attentivemobile.com www.google.co.in tracking.searchmarketing.com sync.bfmio.com *.cloudinary.com *.cloudfront.net adgen.socdm.com cs.adingo.jp adx.dable.io sync.aralego.com cdn.aralego.net match.adsrvr.org odr.mookie1.com pixel.tapad.com sync.teads.tv *.cloudfront.net *.flippingbook.com; script-src  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com *.livechatinc.com ajax.googleapis.com *.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ www.clarity.ms sslwidget.criteo.com f.monetate.net www.google.com *.attn.tv static.criteo.net assets.pixlee.com s.yimg.com amplify.outbrain.com tag.measured.com static.hotjar.com cdn.searchspring.net acsbapp.com api.universalcookie.com bitsus.cv3admin.com www.sc.pages08.net ajax.aspnetcdn.com garecommend.gardensalive.com *.monetate.net *.sharethis.com assets.pxlecdn.com maps.googleapis.com *.salesforceliveagent.com *.hotjar.com service.force.com www.bitsandpieces.com secure.comodo.com *.pingdom.net *.crazyegg.com adadvisor.net bam.nr-data.net *.outbrain.com js-agent.newrelic.com static.lightning.force.com gardensalive.force.com gardensalive.my.salesforce.com tpc.googlesyndication.com view.publitas.com aa.agkn.com *.salesforceliveagent.com widget.us.criteo.com mpsnare.iesnare.com gardensalive.my.site.com cdnjs.cloudflare.com *.azureedge.net blob: 'self' 'unsafe-eval' 'unsafe-inline' *.mountain.com *.flippingbook.com *.cloudfront.net; script-src-elem  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com *.livechatinc.com ajax.googleapis.com *.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ www.clarity.ms sslwidget.criteo.com f.monetate.net www.google.com *.attn.tv static.criteo.net assets.pixlee.com s.yimg.com amplify.outbrain.com tag.measured.com static.hotjar.com cdn.searchspring.net acsbapp.com api.universalcookie.com bitsus.cv3admin.com www.sc.pages08.net ajax.aspnetcdn.com garecommend.gardensalive.com *.monetate.net *.sharethis.com assets.pxlecdn.com maps.googleapis.com *.salesforceliveagent.com *.hotjar.com service.force.com www.bitsandpieces.com secure.comodo.com *.pingdom.net *.crazyegg.com adadvisor.net bam.nr-data.net *.outbrain.com js-agent.newrelic.com static.lightning.force.com gardensalive.force.com gardensalive.my.salesforce.com tpc.googlesyndication.com view.publitas.com aa.agkn.com *.salesforceliveagent.com widget.us.criteo.com mpsnare.iesnare.com gardensalive.my.site.com cdnjs.cloudflare.com *.azureedge.net blob: 'self' 'unsafe-eval' 'unsafe-inline' *.mountain.com *.flippingbook.com *.cloudfront.net; style-src  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net bitsus.cv3admin.com ajax.googleapis.com *.sharethis.com www.bitsandpieces.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.searchspring.net bitsus.cv3admin.com ajax.googleapis.com *.sharethis.com www.bitsandpieces.com service.force.com gardensalive.force.com gardensalive.my.salesforce.com gardensalive.my.site.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  bitsus.cv3admin.com h2.commercev3.net/cdn.bitsandpieces.com/ cdn.bitsandpieces.com www.bing.com www.bitsandpieces.com *.acsbapp.com www.youtube.com res.cloudinary.com; 1
default-src * 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com analytics.google.com; font-src * data:; frame-src 'self' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com recaptcha.google.com/recaptcha/; img-src * data: blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' api.globaldatacompany.com api.segment.io cdn.segment.com cliocloudconference.com landing.clio.com www.clio.com bat.bing.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.googletagmanager.com; report-uri https://5fd7afb447ef7c02ddc12039.endpoint.csper.io 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://resources.fuel50careerdrive.com https://*.fuel50careerdrive.com https://www.google.com https://www.google-analytics.com  https://fuel50-us-east.s3.amazonaws.com https://fuel50-us-west.s3.amazonaws.com https://fuel50-pacific.s3.amazonaws.com https://fuel50-asia.s3.amazonaws.com https://fuel50-sa.s3.amazonaws.com https://fuel50-eu.s3.amazonaws.com https://www.gstatic.com https://apis.google.com https://ssl.gstatic.com https://maps.google.com https://maps.googleapis.com https://stats.g.doubleclick.net app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io data.eu.pendo.io pendo-eu-static-397102f2-b62e-433a-6c13-ab10a4b4f1c4.storage.googleapis.com pendo-eu-static-6455579714125824.storage.googleapis.com 1
script-src 'self'  'unsafe-inline'  blob:  https://unpkg.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://*.dlt.com  https://platform.twitter.com  https://*.google-analytics.com  https://bat.bing.com  https://tag.demandbase.com  https://www.googletagmanager.com  https://fast.wistia.com  https://*.fontawesome.com  https://tribl.io  https://*.boldchat.com  https://*.driftt.com  https://*.addtoany.com  https://*.marketo.net  https://script.crazyegg.com  https://ws.zoominfo.com  https://www.clarity.ms  https://*.clickagy.com  https://*.addtoany.com  https://hcaptcha.com  https://*.marketo.com  https://*.newrelic.com  https://*.nr-data.net  https://view.ceros.com  https://*.company-target.com; object-src https://govitpodcast.buzzsprout.com; connect-src 'self' https://*.google.com https://s.company-target.com https://*.zoominfo.com https://*.demandbase.com https://*.litix.io https://*.wistia.com https://api.company-target.com https://*.google-analytics.com https://script.crazyegg.com https://*.mktoresp.com https://*.clarity.ms https://*.doubleclick.net https://*.clickagy.com https://segments.company-target.com https://*.nr-data.net https://*.bing.com https://*.dlt.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://*.mktoutil.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://strangeobject.space; img-src 'self' data: blob: https://strangeobject.space https://files.strangeobject.space; style-src 'self' https://strangeobject.space 'nonce-w2k4wP5OyDM/+mC4a7QGGQ=='; media-src 'self' data: https://strangeobject.space https://files.strangeobject.space; frame-src 'self' https:; manifest-src 'self' https://strangeobject.space; form-action 'self'; child-src 'self' blob: https://strangeobject.space; worker-src 'self' blob: https://strangeobject.space; connect-src 'self' data: blob: https://strangeobject.space https://files.strangeobject.space wss://strangeobject.space; script-src 'self' https://strangeobject.space 'wasm-unsafe-eval' 1
default-src data: https: 'unsafe-eval' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' graphhopper.com *.graphhopper.com vimeo.com; frame-src 'self' graphhopper.com *.graphhopper.com player.vimeo.com; font-src 'self' data:; object-src 'none' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-l8Bm8A7lr1e1o-fKXvUPUw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors http://*.viewlift.com 1
frame-ancestors *.fsf.org *.gnu.org *.libreplanet.org 1
object-src 'none'; frame-ancestors 'self' https://*.igamingserver.com 1
default-src 'self' player.vimeo.com *.casinofreak.com *.youtube.com *.firebaseio.com *.doubleclick.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com;font-src 'self' *.googleapis.com 'unsafe-inline' 'unsafe-eval' https://* data:;connect-src 'self' stats.g.doubleclick.net *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com *.firebaseio.com;img-src 'self' i.vimeocdn.com *.google-analytics.com *.getsitecontrol.com *.getsitectrl.com data:;style-src 'unsafe-inline' 'self' *.googleapis.com;base-uri 'self';form-action 'self' 1
frame-src htp.tokenex.com ssl.kaptcha.com www.google.com www.googletagmanager.com; 1
frame-ancestors 'self' 50all.com 1
default-src 'self' www.googletagmanager.com https://d1af033869koo7.cloudfront.net;; script-src 'self' app.cdn.lookbookhq.com tracker.engageclick.com stage-new.www.247.ai turbo.engageclick.com platform.linkedin.com www.googletagmanager.com ajax.cloudflare.com ajax.googleapis.com js-agent.newrelic.com consent.trustarc.com extend.vimeocdn.com www.linkedin.com 074-hbw-141.mktoutil.com *.cloudfront.net unpkg.com info.247.ai www.google-analytics.com analytics.google.com *.marketo.com munchkin.marketo.net https://platform.linkedin.com/xdoor/scripts/in.js cdpn-js.figureone.com 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-eval' 'unsafe-inline' https://d1af033869koo7.cloudfront.net https://*.247-inc.net consent.trustarc.com ws-assets.zoominfo.com schedule.zoominfo.com js.zi-scripts.com www.recaptcha.net www.gstatic.com tag.demandbase.com;; object-src 'none' ; style-src 'self' maxcdn.bootstrapcdn.com app.cdn.lookbookhq.com rtp-static.marketo.com fast.fonts.net fonts.googleapis.com info.247.ai 'unsafe-inline' data: 'unsafe-inline' https://d1af033869koo7.cloudfront.net; ; img-src www.googletagmanager.com dev-new.www.247.ai google-analytics.com data: https: www.247.ai/*  tfscorp.intelliresponse.com;; frame-src 'self' consent-pref.trustarc.com www.linkedin.com vars.hotjar.com turbo.engageclick.com *.cloudfront.net player.vimeo.com www.youtube.com boards.greenhouse.io info.247.ai https://d1af033869koo7.cloudfront.net https://*.247-inc.net career4.successfactors.com www.recaptcha.net customercentricityworldseries.com www.brella.io sponsor.brella.io next.brella.io;; frame-ancestors 'self' consent-pref.trustarc.com https://www.linkedin.com customercentricityworldseries.com www.brella.io sponsor.brella.io next.brella.io;; child-src www.linkedin.com consent-pref.trustarc.com turbo.engageclick.com *.cloudfront.net blob: https://d1af033869koo7.cloudfront.net https://*.247-inc.net;; font-src maxcdn.bootstrapcdn.com fonts.gstatic.com info.247.ai;; connect-src 'self' info.247.ai www.google.co.in wss: secure.adnxs.com stats.g.doubleclick.net analytics.google.com www.google-analytics.com api.company-target.com dev-new.www.247.ai *.mktoresp.com 074-hbw-141.mktoutil.com *.marketo.com *.cloudfront.net tie-stage.247-inc.net tie-stage.247-inc.net staging.api.247-inc.net stage-new.www.247.ai tie.247-inc.net bam.nr-data.net api.247-inc.net fonts.googleapis.com 6jh2sbaxvh.execute-api.us-east-1.amazonaws.com segments.company-target.com staging.api.cloud.247-inc.net https://d1af033869koo7.cloudfront.net api.cloud.247-inc.net https://*.247-inc.net target-web-staging.247-inc.net target-web.247-inc.net ws.zoominfo.com api.schedule.zoominfo.com js.zi-scripts.com; 1
default-src 'self' *.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.santanderconsumer.at *.autonline.at *.scb.at *.teilzahlung.at *.opendns.com *.yahoo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.facebook.net *.criteo.net *.criteo.com *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com *.googlesyndication.com *.go-mpulse.net *.windows.net *.jquery.com *.cookielaw.org *.mouseflow.com *.gstatic.com *.xs2a.com cdn.cookielaw.org data:; object-src *; style-src 'self' 'unsafe-inline' *.opendns.com *.yahoo.com *.criteo.net *.criteo.com *.msn.com *.adform.net *.hyj.mobi *.netrk.net *.yimg.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.facebook.net *.googleadservices.com *.mbww.com *.bing.com *.fndsda.net *.doubleclick.net *.cloudflare.com *.google.com *.windows.net *.jquery.com *.mouseflow.com *.xs2a.com *.scb.at *.gstatic.com; img-src * data:; media-src *; frame-src *; child-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1
script-src 'strict-dynamic' 'nonce-FUFyGekYU/+UEaLulRW9lg==' 'self' 'unsafe-inline' https://temp.pozary.cz https://storage.pozary.cz https://www.google-analytics.com https://ssl.google-analytics.com https://platform.twitter.com https://widget.packeta.com https://sta.lachym.cz; object-src 'none'; base-uri https://*.pozary.cz; frame-src 'self' https://storage.pozary.cz https://www.youtube.com https://www.youtube-nocookie.com https://www.facebook.com https://m.facebook.com https://rentalpro.livebox.cz https://platform.twitter.com https://twitter.com https://widget.packeta.com https://test.pozary.cz; 1
frame-ancestors 'self' https://builderai.mindtickle.com admin.mindtickle.com; object-src 'none' 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'wasm-unsafe-eval' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' *.reformcph.com *.cookieyes.com https://cdn-cookieyes.com https://code.jquery.com 'unsafe-inline'; script-src-elem 'self' www.reformcph.com *.reformcph.com https://cdn.stape.io https://bat.bing.com *.clarity.ms https://cdn.usefathom.com https://assets.calendly.com https://forms.hscollectedforms.net https://js.hscollectedforms.net http://www.google-analytics.com https://www.google-analytics.com https://www.google.com https://js.hs-banner.com https://forms.hsforms.com https://s.pinimg.com https://js.hsforms.net https://googleads.g.doubleclick.net *.googlesyndication.com https://www.googletagservices.com https://www.googleadservices.com https://ad.doubleclick.net *.hs-scripts.com https://connect.facebook.net https://js.hs-banner.com https://js.hsadspixel.net *.cookieyes.com cdn-cookieyes.com https://code.jquery.com https://maps.googleapis.com 'unsafe-inline' https://sdks.shopifycdn.com https://www.googletagmanager.com https://www.google-analytics.com https://js.hs-analytics.net https://player.vimeo.com *.hotjar.com *.hotjar.io; script-src 'self' https://cdn.usefathom.com https://forms.hscollectedforms.net https://js.hscollectedforms.net https://assets.calendly.com https://api.pinpiaa.com https://player.vimeo.com https://www.googletagmanager.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://maps.googleapis.com https://vimeo.com https://forms.hsforms.com https://www.google-analytics.com https://ad.doubleclick.net https://js.hsadspixel.net https://js.hs-banner.com https://pagead2.googlesyndication.com https://www.googletagservices.com https://sdks.shopifycdn.com https://js.hsforms.net https://s.pinimg.com *.hs-scripts.com https://js.hs-analytics.net *.reformcph.com *.cookieyes.com https://cdn-cookieyes.com https://code.jquery.com https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' *.reformcph.com 'unsafe-inline' https://fonts.googleapis.com; frame-src 'self' https://www.pinterest.ca https://www.pinterest.de https://www.pinterest.fr https://www.pinterest.co.uk https://www.pinterest.dk https://calendly.com *.pinterest.com https://forms.hsforms.com *.fls.doubleclick.net https://vimeo.com https://email.reformcph.com https://bid.g.doubleclick.net *.reformcph.com player.vimeo.com https://my.matterport.com https://meetings.hubspot.com https://www.facebook.com *.hotjar.io *.hotjar.com; img-src 'self' * https://www.google.bg https://www.google.com https://cx.atdmt.com *.fls.doubleclick.net https://www.facebook.com track.hubspot.com *.reformcph.com *.cookieyes.com https://cdn-cookieyes.com data: https://maps.gstatic.com https://maps.googleapis.com https://cdn.shopify.com; connect-src *.hubspot.com *.clarity.ms *.analytics.google.com https://forms.hscollectedforms.net https://ipgeolocation.abstractapi.com https://pagead2.googlesyndication.com *.cookieyes.com https://cdn-cookieyes.com 'self' www.reformcph.com https://www.google.co.uk https://www.google.fi https://maps.googleapis.com https://www.google.ch https://www.google.com.ar https://www.google.pl https://www.google.ca https://www.google.ee https://www.google.is https://www.google.lu https://www.google.de https://www.google.be https://www.google.com.au https://www.google.it https://www.google.pt https://www.google.fr https://www.google.nl https://www.google.at https://www.google.no https://www.google.se https://www.google.dk https://www.google.cz https://www.google.gr https://www.google.hu https://www.google.ie https://www.google.es https://gtm-m6dfgs5-odm1z.uc.r.appspot.com *.cookieyes.com https://adservice.google.com https://www.google.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com *.pinterest.com https://www.facebook.com https://www.google-analytics.com *.doubleclick.net https://analytics.google.com *.reformcph.com https://api.hubapi.com *.cookieyes.com https://active.cookieyes.com *.shopifysvc.com *.myshopify.com *.hotjar.com *.hotjar.io wss://*.hotjar.io wss://*.hotjar.com; style-src-elem 'self' *.reformcph.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' *.reformcph.com https://fonts.gstatic.com data: ; report-uri https://csp.lab08.com; report-to default; 1
object-src 'none' ; frame-ancestors 'self' ; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data: gap:; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://polyfill.io/ https://tools.euroland.com/ https://widget.surveymonkey.com/ https://www.youtube.com https://cdn1.readspeaker.com/ https://cdnjs.cloudflare.com/ platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://www.googletagmanager.com/ https://www.research.net/ http://10.33.9.131:15871/ https://cdn.jsdelivr.net https://connectsecappp.com/SIBChatbot/js/HerbieBotSIB.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://cdn1.readspeaker.com/ https://cdn.jsdelivr.net https://fonts.cdnfonts.com https://cdnjs.cloudflare.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.jsdelivr.net https://fonts.cdnfonts.com; img-src 'self' https://sib.ae/ *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://connectsecappp.com/; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; frame-ancestors 'self' https://connectsecappp.com/ app-as.readspeaker.com vttts-as.readspeaker.com https://app-as.readspeaker.com; child-src 'self' https://maps.googleapis.com/ https://tools.euroland.com/ https://tools.eurolandir.com/ https://www.surveymonkey.com/ https://cdn1.readspeaker.com/ https://www.google.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com https://www.research.net/ https://connectsecappp.com/ app-as.readspeaker.com vttts-as.readspeaker.com https://app-as.readspeaker.com; connect-src 'self' data: accounts.google.com https://cdn1.readspeaker.com https://maps.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com app-as.readspeaker.com vttts-as.readspeaker.com https://app-as.readspeaker.com https://rstts-as.readspeaker.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://queue.nemtilmeld.dk; frame-src 'none'; manifest-src 'none'; media-src 'self'; object-src 'none'; worker-src 'none'; font-src 'self'; img-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; 1
connect-src www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://search.opendental.com;frame-src https://twitter.com platform.twitter.com syndication.twitter.com https://www.youtube.com;img-src data: 'self' www.google-analytics.com https://www.google.com/ads/ga-audiences abs.twimg.com https://pbs.twimg.com ton.twimg.com platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net/r/collect;script-src 'self' 'unsafe-inline' google-analytics.com https://ssl.google-analytics.com www.google-analytics.com code.jquery.com https://cdn.syndication.twimg.com api.twitter.com platform.twitter.com;style-src 'self' 'unsafe-inline' code.jquery.com https://ton.twimg.com platform.twitter.com https://fonts.googleapis.com/; 1
media-src media.example.com 1
default-src 'self' syscoin.dev *.syscoin.org www.google.com *.google.com *.twitter.com www.youtube.com *.youtube.com *.yahoo.com *.linkedin.com *.google-analytics.com *.yimg.com stats.g.doubleclick.net *.googletagmanager.com *.iubenda.com *.hotjar.io *.lfeeder.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.twitter.com *.yimg.com *.cloudflareinsights.com chimpstatic.com https://www.googletagmanager.com *.googletagmanager.com googletagmanager.com *.google-analytics.com *.google.com www.google.com www.gstatic.com *.gstatic.com *.licdn.com *.lfeeder.com *.iubenda.com *.cloudfront.net *.cloudflare.com *.hotjar.com;style-src 'self' 'unsafe-inline' *.googleapis.com;font-src 'self' 'unsafe-inline' *.gstatic.com data: 1
default-src 'self' *.crazyegg.com; connect-src *; font-src * data:; frame-src *; img-src * data: blob: https:; worker-src blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://tagmanager.google.com https://www.gstatic.com *.googleapis.com https://maps.google.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://cookie-cdn.cookiepro.com https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://cdn.bokeh.org *.facebook.net *.tiktok.com *.sc-static.net *.licdn.com *.facebook.net *.tiktok.com sc-static.net *.licdn.com *.snapchat.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://tagmanager.google.com *.googleapis.com https://maps.google.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.bokeh.org; object-src 'none'; base-uri 'self'; connect-src 'self' https://maps.googleapis.com https://privacyportal.cookiepro.com *.google-analytics.com https://cookie-cdn.cookiepro.com https://cdn.bokeh.org *.doubleclick.net *.doubleclick.net *.linkedin.com *.tiktok.com *.snapchat.com *.linkedin.oribi.io; font-src 'self' data: https://fonts.gstatic.com https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src 'self' https://www.google.com https://www.youtube.com https://youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.bokeh.org https://experience.arcgis.com *.snapchat.com; img-src 'self' data: https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://secure.gravatar.com https://maps.google.com *.googleapis.com https://maps.gstatic.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://cdn.bokeh.org *.linkedin.com facebook.com https://www.facebook.com; manifest-src 'self'; media-src 'self'; worker-src 'self'; child-src 'self'; 1
default-src 'self' data: blob: *.gstatic.com *.google.com *.google-analytics.com *.nr-data.net *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.vwr.com *.doubleclick.net *.avantorsciences.com *.nusil.com *.googletagmanager.com *.linkedin.com *.twitter.com *.vwrsurveys.com *.adsymptotic.com *.paymetric.com *.mktoresp.com *.wardsci.com *.sargentwelch.com *.boreal.com *.sargentwelch.ca *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io ahpp.adflex.co.uk ahpp2.adflex.co.uk authentication.cardinalcommerce.com *.pinterest.com *.kickfire.com *.rumiview.com *.vimeo.com *.salesforce.com *.prnewswire.com nebnextvwr.neb.com projects.spielcreative.com projects.ivorystudio.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.pantheonsite.io *.cloudflare.com *.sinch.com *.chatlayer.ai *.ably.io *.ably-realtime.com wss://realtime.ably.io wss://ws.hotjar.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.vwr.com *.googleapis.com *.mktoresp.com *.twitter.com *.twimg.com *.zencdn.net *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.sinch.com *.chatlayer.ai *.ably.io *.ably-realtime.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.auth0.com *.google-analytics.com *.facebook.com *.facebook.net *.bing.com *.modirum.com *.arcot.com *.creditmutuel.fr *.wlp-acs.com *.bioz.com *.salesforceliveagent.com *.googletagmanager.com *.newrelic.com *.nr-data.net *.vwr.com *.licdn.com *.cloudflareinsights.com *.vwrsurveys.com *.marinsm.com *.paymetric.com *.google.com *.cloudflare.com *.pardot.com *.doubleclick.net *.googleadservices.com *.facebook.net *.wardsci.com *.verisign.com *.linkedin.com *.twitter.com *.googleapis.com *.sargentwelch.com *.sargentwelch.ca *.marketo.net *.twimg.com *.vwr-cmd.com *.mt.com *.moji-moji.com *.youtube.com youtube.com *.gotowebinar.com *.vwr-cmd2.com *.surveymonkey.com *.instantservice.com *.zencdn.net *.cdntwrk.com www.google.co.in *.hotjar.com *.hotjar.io *.pinimg.com *.avantorsciences.com *.kickfire.com *.rumiview.com *.jquery.com *.prnewswire.com *.marketo.com *.zoovu.com *.azureedge.net *.amazonaws.com *.smartassistant.com serviceapi.nmv.naver.com *.uberflip.com *.zscalerthree.net *.cdntwrk.com *.brightcove.net *.oribi.io *.ariba.com *.clarity.ms *.adobedtm.com *.demdex.net *.tt.omtrdc.net edge.adobedc.net *.sinch.com *.chatlayer.ai *.ably.io *.ably-realtime.com; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline'  https://connect.facebook.net https://seal.websecurity.norton.com https://www.google-analytics.com https://s-usc1c-nss-221.firebaseio.com https://reactify-61b82.firebaseio.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://blueimp.github.io https://www.googletagmanager.com; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ajax.aspnetcdn.com https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src *; object-src *; 1
connect-src 'self' https:; img-src *; media-src *; form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-e/GDKtwzN5CXQGrqj1wzrkgj1VVvdgiQ/iTtv03iogq42ISV' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' *.wifi.teledata.de https://*.wifi.teledata.de *.gisserver.de https://*.gisserver.de 1
default-src 'none';base-uri 'self';connect-src 'self' wss://protokolli.de;font-src 'self';manifest-src 'self';frame-src 'self' https://player.vimeo.com https://www.slideshare.net/slideshow/embed_code/key/ https://www.youtube.com *;img-src *;script-src https://protokolli.de/build/ https://protokolli.de/js/ https://protokolli.de/config https://gist.github.com/ https://vimeo.com/api/oembed.json https://www.slideshare.net/api/oembed/2 'unsafe-inline' 'nonce-a6de4e1f-0456-4585-906e-04c6ac76f420' 'sha256-81acLZNZISnyGYZrSuoYhpzwDTTxi7vC1YM4uNxqWaM=';style-src https://protokolli.de/build/ https://protokolli.de/css/ 'unsafe-inline' https://github.githubassets.com;object-src * *;form-action 'self';media-src *;upgrade-insecure-requests 1
frame-ancestors https://*.caremc.com https://*.corvel.com https://caremc.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' blob: 5gtvu7km85.execute-api.us-east-1.amazonaws.com api.fbanalytics.org *.navisperformance.com *.google.es *.google.com.mx *.google.ch *.google.ca vimeo.com *.launchdarkly.com api.datacloudstat.com *.pixel.ad *.sitescout.com sitescout.com *.basis.net api.w3-edge.com scatec.io *.scatec.io spreedly.com sdk.selfbook.com pay.google.com *.googlesyndication.com linkcenter.derbysoftca.com *.ingest.sentry.io visitingmedia.com *.clarity.ms *.onetrust.com *.cookielaw.org *.sentry-cdn.com *.cendyn.com *.cendynhub.com capture.duettoresearch.com *.pcibooking.net secure.livechatinc.com *.thehotelsnetwork.com tag.yieldoptimizer.com *.livechatinc.com booking.azds.com linkcenterus.derbysoftsec.com cdnjs.cloudflare.com *.otstatic.com *.triptease.io *.opentable.com *.sojern.com api.ipstack.com newbooking.azds.com rw1.marchex.io widgets.nightpro.co *.youtube.com api.ipstack.com widgets.tablelist.com *.speedrfp.com *.gstatic.com *.googleadservices.com *.facebook.com *.yahoo.com *.doubleclick.net *.facebook.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.com *.bing.com; script-src-elem 'self' 'unsafe-inline' data: use.fontawesome.com sibautomation.com analytics.tiktok.com *.navisperformance.com *.rewardstyle.com *.googlesyndication.com unpkg.com *.pinterest.com cdnjs.cloudflare.com *.triptease.io *.pixel.ad *.otstatic.com *.sentry-cdn.com linkcenterus.derbysoftsec.com *.azds.com bat.bing.com *.thehotelsnetwork.com *.opentable.com *.basis.net *.sojern.com *.googleapis.com *.pagespeed-mod.com *.facebook.net *.optimonk.com *.doubleclick.net *.clarity.ms *.google-analytics.com *.google.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.googleadservices.com; media-src 'self' data:; font-src 'self' data: use.fontawesome.com account.affilitizer.com *.googleapis.com shopping.qantas.com www.slant.co account.affilitizer.com assets.tailwindapp.com connorbrez.gitlab.io cdn.scite.ai images.simplycodes.com fonts.cdnfonts.com http://themes.googleusercontent.com static.zip.co *.wp.com *.thehotelsnetwork.com *.otstatic.com newbooking.azds.com *.properhotel.com *.gstatic.com *.typekit.net; img-src 'self' data: blob: theeventscalendar.com na.spatime.com cdn.otstatic.com deliciousbrains.com log.pinterest.com *.google.fr *.google.de *.google.com.au *.google.co.uk *.google.co.jp *.google.co.in *.google.ca *.sitescout.com sitescout.com *.basis.net pixel.sitescout.com scatec.io c1.adform.net d1t1qzzb2zwrre.cloudfront.net dbmajt85xhr99.cloudfront.net *.thehotelsnetwork.com *.google.es linkcenter.derbysoftca.com *.clarity.ms *.youtube.com *.properhotel.com *.w.org *.synxis.com newbooking.azds.com linkcenterus.derbysoftca.com dk66958tcpc60.cloudfront.net pixel.sojern.com match.adsrvr.org ib.adnxs.com px.marchex.io *.speedrfp.com *.googletagmanager.com *.cdninstagram.com *.googleapis.com *.gstatic.com *.bing.com *.gravatar.com *.facebook.net *.doubleclick.net *.google-analytics.com *.google.com *.facebook.com; style-src 'self' *.sitescout.com sitescout.com *.basis.net *.thehotelsnetwork.com *.gstatic.com *.otstatic.com newbooking.azds.com *.typekit.net 'unsafe-inline' *.googleapis.com; report-uri https://sphrcl.report-uri.com/r/d/csp/enforce 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src * data: blob: 'unsafe-inline' 'unsafe-eval';connect-src * data: blob:;img-src * data: blob: 'unsafe-inline';frame-src * data: blob:;style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline' 1
script-src 'unsafe-eval' 'report-sample' 'nonce-37a85a2a92f71c153ed4d64b2ce3de11-argus' 'strict-dynamic' *.bytednsdoc.com *.ibytedapm.com *.snssdk.com *.yhgfb-cn-static.com *.bytetos.com *.byte-gslb.com *.bytegoofy.com *.bytecdn.cn *.byted-static.com; report-to slardar-endpoint; frame-ancestors 'self' *.bytedance.net; connect-src 'self' *.idouyinvod.com:* *.volcsiriusbd.com:* *.volcsirius.com:* *.tt.x.bsgslb.cn:* *.dy.zzcdnx.com:* *.qc.bsccdn.net:* *.smtcdns.com:* *.ugslb.com:* *.livehwc3.cn:* *.smtcdns.net:* *.bytefcdnrd.com:* *.ksyungslb.com:* *.ksyungslb2.com:* *.ourdvsss.com:* *.tbcache.com:* *.jomodns.com:* *.douyincdn.com:* *.ixigua.com:* *.bdxigualive.com:* *.pstatp.com:* *.douyinliving.com:* *.picovr.com:* *.huoshanlive.com:* *.ihuoshanlive.com:* *.volccdn.com:* *.bestv.com.cn:* *.bytefcdn.com:* *.bytescm.com *.bytetos.com *.ibytedapm.com *.zijieapi.com *.snssdk.com *.bytedance.com *.bytedance.net *.pstatp.com *.bytednsdoc.com *.bytegoofy.com *.byted-static.com *.yhgfb-cn-static.com api.feelgood.cn *.bytetcc.com *.edge-byted.com *.huoshanstatic.com *.feishu.cn *.bytedapm.com *.bytedanceapi.com *.bytemastatic.com *.bytemaimg.com *.byteimg.com *.open-douyin.com *.douyin.com firebaseinstallations.googleapis.com www.google-analytics.com *.ibytedtos.com *.oceanengine.com analytics.google.com hm.baidu.com blob: huatuo.cn.goofy.app *.byteoversea.com *.ctobsnssdk.com *.douyinpic.com *.jinritemai.com *.huoshanimg.com *.byteacctimg.com *.larkoffice.com *.douyinstatic.com *.toutiaoimg.com *.draftstatic.com; 1
default-src 'self' http: https: data: wss: 'unsafe-inline' 'unsafe-eval'; 1
script-src ‘self’ 1
frame-ancestors https://app.clonable.net 'self'; 1
default-src 'self' 'unsafe-inline' data: https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: *.google-analytics.com *.analytics.google.com; style-src 'self' 'unsafe-inline' https:; media-src https://playout.3qsdn.com blob: 'self'; frame-src * 1
default-src 'self' ;style-src 'self' https://fonts.googleapis.com/ https://*.bing.com/ ;connect-src 'self' https://*.bing.com/ ;frame-src 'self' https://www.google.com/ ;plugin-types application-pdf ;script-src 'self' *.uhaul.com/ https://unpkg.com/ https://fonts.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://*.bing.com/ https://*.virtualearth.net ;font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/ data: ;img-src 'self' *.uhaul.com/ data: ;object-src 'self' blob: ; 1
default-src http:; style-src 'self' 'unsafe-inline' *.providesupport.com *.bootstrapcdn.com *.personalwerk.de *.homepagerecruiter.de data:; font-src 'self' fonts.googleapis.com apis.google.com data:; script-src 'self' *.providesupport.com *.metrifire.com *.google.com *.fontawesome.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.stahl.de:* platform.twitter.com *.gstatic.com *.homepagerecruiter.de *.personalwerk.de *.data-insight365.com *.liadm.com 'unsafe-inline' 'unsafe-eval'; form-action 'self'; object-src 'self'; img-src http: data:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' btlrmedia.b-cdn.net adbutler.com servedbyadbutler.com static.ads-twitter.com *.adbutler.com *.sparklit.com *.activeboard.com *.bootstrapcdn.com *.cloudfront.net *.crisp.chat *.doubleclick.net *.fullstory.com *.g2crowd.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.jsdelivr.net *.servedbyadbutler.com *.webflow.com *.clarity.ms; style-src 'self' 'unsafe-inline' adbutler.com btlrmedia.b-cdn.net *.adbutler.com *.bootstrapcdn.com *.crisp.chat *.fullstory.com *.jsdelivr.net *.webflow.com; img-src 'self' data: adbutler.com btlrmedia.b-cdn.net butlerblogmedia.b-cdn.net butlerkbmedia.b-cdn.net servedbyadbutler.com t.co analytics.twitter.com *.adbutler.com *.amazonaws.com *.cloudfront.net *.crisp.chat *.google.com *.google.ca *.google-analytics.com *.googletagmanager.com target.scene7.com *.servedbyadbutler.com *.webflow.com *.ytimg.com *.hubspot.com; connect-src 'self' wss: adbutler.com adbutler-fermion.com adglobal.tech analytics.google.com pagead2.googlesyndication.com servedbyadbutler.com servedby.adfyre.co *.adbutler.com *.crisp.chat *.doubleclick.net *.fullstory.com *.google-analytics.com *.clarity.ms; font-src 'self' data: adbutler.com btlrmedia.b-cdn.net *.adbutler.com *.crisp.chat *.bootstrapcdn.com; media-src *.amazonaws.com *.b-cdn.net servedbyadbutler.com; frame-src 'self' servedbyadbutler.com *.doubleclick.net *.google.com *.servedbyadbutler.com *.spotify.com *.youtube.com; child-src 'self' blob:; frame-ancestors 'self' *.doubleclick.net; worker-src 'self' blob: 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://ln-rules.rewardstyle.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://analytics.tiktok.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.christopherobin.fr https://m.christopherobin.fr https://checkout.christopherobin.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://ln-rules.rewardstyle.com https://*.contentsquare.net https://app.contentsquare.com https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://analytics.tiktok.com https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src http: https:;                       connect-src https:;                       font-src https: data:;                       frame-src https:;                       frame-ancestors https:;                       img-src http: https: data:;                       media-src https:;                       object-src https:;                       script-src 'unsafe-inline' 'unsafe-eval' https:;                       style-src 'unsafe-inline' http: https:; 1
frame-ancestors 'self' base-uri 'self' font-src 'self' default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; child-src 'self'; img-src 'self'; frame-src 'self'; connect-src 'self'; object-src 'self'; media-src 'self'; form-action 'self'; report-to 'self'; 1
frame-ancestors 'self' https://www.getinvolvednanaimo.ca/; 1
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test 1
frame-ancestors 'self' https://learn.spot.io; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://bat.bing.com/ https://stats.g.doubleclick.net/ https://connect.facebook.net https://dev.visualwebsiteoptimizer.com/ https://connect.facebook.net/ http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://maxcdn.bootstrapcdn.com/ https://www.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.googleapis.com https://localhost:4300 wss://localhost:4300; frame-src 'self' https://www.youtube.com https://vars.hotjar.com/ https://player.vimeo.com/ https://consentcdn.cookiebot.com https://www.google.com; font-src 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.gstatic.com data:; worker-src 'self' blob:; img-src 'self' https://bat.bing.com/ https://www.google.com/ https://www.google.se https://www.facebook.com/ https://dev.visualwebsiteoptimizer.com/ https://www.google-analytics.com/ data:;  1
default-src 'self'; frame-ancestors *.celticandco.com *.dotomi.com; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.sa/en/report-uri/enforce 1
default-src 'self' *.continuum.ie *.gamma.ie https://ecn.t2.tiles.virtualearth.net/ *.autoaddress.com *.maze.co gateway.zscalertwo.net privacyportal-de.onetrust.com/request/v1/consentreceipts cdn.cookielaw.org staging.cdn-net.com staging-uk.cdn-net.com uk.cdn-net.com six.cdn-net.com ajax.aspnetcdn.com searchservices.tescomobile.ie static.ads-twitter.com lptag.liveperson.net lpcdn.lpsnmedia.net *.googletagmanager.com platform.twitter.com analytics.twitter.com accdn.lpsnmedia.net lo.v.liveperson.net privacyportal-de.onetrust.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com ajax.googleapis.com servedby.flashtalking.com accreditation.datacash.com *.googleadservices.com 2866153.fls.doubleclick.net googleads.g.doubleclick.net use.typekit.net static.addtoany.com ib.adnxs.com *.google.com *.google.ie *.google-analytics.com code.jquery.com service.gamma.ie *.t.co d1j07uq9klr1j0.cloudfront.net service.autoaddress.ie api.autoaddress.ie dev.virtualearth.net edge.quantserve.com connect.facebook.net rules.quantcount.com *.youtube.com s.ytimg.com r.turn.com secure.quantserve.com  *.hotjar.com *.googlesyndication.com *.doubleclick.net *.hotjar.io ds-aksb-a.akamaihd.net payments.worldpay.com wss://lo2.msg.liveperson.net wss://ws.hotjar.com/api/v2/client/ws analytics.tiktok.com cdn.jsdelivr.net three.gamma.ie service.gamma.ie analytics.pangle-ads.com cdn.co-buying.com data: https://bp.tescomobile.ie/ https://www.facebook.com/ 'unsafe-eval' 'unsafe-inline'; media-src *;img-src * data:; frame-src * d1j07uq9klr1j0.cloudfront.net *.youtube.com secure.quantserve.com; worker-src 'self' blob: 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.charlesclinkard.co.uk; base-uri 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-t1A7uMW1yEI4ROmqJ03UCYSNHZpwG+lSi5voufKkzkABsZs3' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src *; img-src * data:; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; base-uri 'self'; form-action *; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' assets.buzzsprout.com www.buzzsprout.com maps.googleapis.com maps.google.com www.google.com analytics.rubensteintech.com www.google-analytics.com use.typekit.net p.typekit.net www.googletagmanager.com maps.gstatic.com www.gstatic.com snap.licdn.com www.linkedin.com static.ads-twitter.com px.ads.linkedin.com analytics.twitter.com platform.twitter.com connect.facebook.net www.facebook.com www.youtube.com s.ytimg.com cdn.plyr.io cse.google.com player.vimeo.com; frame-src https://www.buzzsprout.com www.facebook.com platform.twitter.com www.youtube.com cdn.plyr.io t.co cdn.yoshki.com https://player.vimeo.com 'self' *.google.com; connect-src 'self' https://stats.g.doubleclick.net https://analytics.rubensteintech.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com analytics.twitter.com cdn.plyr.io cse.google.com https://vimeo.com www.facebook.com/tr/; style-src 'self' 'unsafe-inline' https://www.milbank.com maps.googleapis.com www.google.com cloud.typography.com use.typekit.net platform.twitter.com assets.buzzsprout.com; font-src 'self' fonts.googleapis.com maps.gstatic.com use.typekit.net p.typekit.net data:; img-src 'self' https://analytics.twitter.com https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com assets.buzzsprout.com www.buzzsprout.com www.google-analytics.com stats.g.doubleclick.net px.ads.linkedin.com p.adsymptotic.com www.facebook.com p.typekit.net t.co; form-action 'self' www.facebook.com; child-src www.facebook.com staticxx.facebook.com platform.twitter.com; object-src 'none'; 1
default-src 'self' https://engage.brctv.com https://ct.pinterest.com https://td.doubleclick.net https://fonts.gstatic.com https://www.facebook.com https://tvlistings.gracenote.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://pencor.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://*.zopim.com wss://pencor.zendesk.com https://www.youtube.com https://p2-alianzavoicemailbucket-mp3.s3.us-west-2.amazonaws.com; connect-src 'self' wss://ws.hotjar.com https://static.zdassets.com https://ekr.zdassets.com https://script.crazyegg.com https://content.hotjar.io https://ekr.zendesk.com https://pencor.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io https://www.google-analytics.com https://ct.pinterest.com https://maps.googleapis.com https://track.lexer.io https://metrics.hotjar.io https://bat.bing.com https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com wss://*.zopim.com wss://pencor.zendesk.com; img-src 'self' https://bat.bing.com https://www.facebook.com https://www.google.com https://engage.brctv.com data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://wirelessprovisioning.com https://v2assets.zopim.io https://static.zdassets.com https://www.googletagmanager.com https://i.ytimg.com; script-src 'self' 'unsafe-eval' https://static.hotjar.com https://script.crazyegg.com https://www.googletagmanager.com https://tag.lexer.io https://bat.bing.com https://maps.googleapis.com https://static.zdassets.com https://unpkg.com; script-src-elem 'self' 'unsafe-inline' https://static.hotjar.com/ https://script.hotjar.com/ https://script.crazyegg.com https://www.googletagmanager.com https://tag.lexer.io https://bat.bing.com https://www.google-analytics.com https://s.pinimg.com https://connect.facebook.net https://www.youtube.com https://googleads.g.doubleclick.net https://ct.pinterest.com https://engage.brctv.com https://us-autocomplete-pro.api.smartystreets.com https://widget-mediator.zopim.com https://maps.googleapis.com https://static.zdassets.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src 'self' 'nonce-b5e4fdd4-1692-482f-8ef6-5dd324e0564f' cdn.appdynamics.com col.eum-appdynamics.com;script-src 'unsafe-inline' 'nonce-b5e4fdd4-1692-482f-8ef6-5dd324e0564f' 'strict-dynamic' 'self' www.google.com/recaptcha/ maps.googleapis.com/maps/api/js pay.google.com/gp/p/js/pay.js pay.google.com/ js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net https://web.pypestream.com;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com www.google-analytics.com www.gstatic.com;base-uri 'self';object-src 'none';upgrade-insecure-requests;frame-src 'self' 'nonce-b5e4fdd4-1692-482f-8ef6-5dd324e0564f' www.google.com/recaptcha/ www.youtube.com/embed/ pay.google.com/ https://web.pypestream.com blob:;frame-ancestors;connect-src www.google-analytics.com maps.googleapis.com/maps/api/ maps.googleapis.com/maps-api-v3/api/ maps.googleapis.com/$rpc/ col.eum-appdynamics.com/eumcollector/ bam.nr-data.net bam-cell.nr-data.net 'self' *.launchdarkly.com *.pypestream.com *.pype.tech fontawesome.com google.com/pay pay.google.com/about pay.google.com/gp/p/;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css;font-src data: fonts.gstatic.com/ fontawesome.com;block-all-mixed-content;form-action 'self';script-src-attr 'none' 1
frame-ancestors 'self' https://www.youtube.com; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com www.youtube.com www.google-analytics.com bam.nr-data.net static.dvinci-easy.com maps.googleapis.com bat.bing.com www.gstatic.com connect.facebook.net widget.msgp.pl services.gastronovi.com https://tagmanager.google.com/ www.googleadservices.com blob: cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com static.dvinci-easy.com unpkg.com js-agent.newrelic.com www.google-analytics.com maps.googleapis.com bam.nr-data.net connect.facebook.net bat.bing.com www.gstatic.com www.youtube.com widget.msgp.pl services.gastronovi.com www.google.com googleads.g.doubleclick.net www.recaptcha.net www.googleadservices.com content.syndigo.com js.monitor.azure.com static.hotjar.com script.hotjar.com cdnjs.cloudflare.com https://cdn.kiprotect.com https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; base-uri 'self'; frame-ancestors 'self' lpda9f27a988.hana.ondemand.com; report-uri https://www.selgros.de/report-uri/enforce 1
default-src https: data: wss://*.hotjar.com wss://*.crazyegg.com *.crazyegg.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; style-src https: data: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline'; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
default-src 'self';base-uri 'self';block-all-mixed-content;child-src 'self';connect-src 'self';font-src 'self';frame-ancestors 'self';frame-src 'self';img-src 'self' data:;manifest-src 'self';media-src 'none';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline' 'unsafe-eval';worker-src 'self'; 1
script-src 'self' https://*.email-provider.nl https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; connect-src https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://media-eu.readspeaker.com https://vttts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com 'self'; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://*.global.siteimproveanalytics.io https://spin.ede.nl https://fsad.ede.nl https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com data:; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com 'unsafe-inline' data: 'report-sample'; object-src 'self' https://youtube.com https://www.youtube.com; report-to csp; child-src 'self' blob:; default-src 'self'; font-src 'self' data:; frame-ancestors 'self' https://www.ede.nl; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
base-uri 'none'; default-src 'self' https://accesso.com https://cdn.cookielaw.org https://p.adsymptotic.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://api.greenhouse.io/v1/boards/accesso/embed/departments; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://analytics.google.com https://app.marker.io https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://code.jquery.com https://edge.marker.io https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://marker.io https://pi.pardot.com https://secure.agileenterpriseintelligence.com https://snap.licdn.com https://stackpath.bootstrapcdn.com https://www.google-analytics.com https://www.googletagmanager.com https://api.greenhouse.io/v1/boards/accesso/embed/departments https://s3.amazonaws.com/downloads.mailchimp.com/js/mc-validate.js https://accesso.us11.list-manage.com/subscribe/post-json https://js.hs-scripts.com/45049552.js https://www.google.com/recaptcha/api.js; style-src 'self' 'unsafe-inline' https://accesso.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cloud.typography.com https://code.jquery.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://www.googletagmanager.com; img-src 'self' https://accesso.com https://www.accesso.com https://www.google-analytics.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.google.com https://www.googletagmanager.com https://fonts.gstatic.com https://privacy-policy.truste.com https://media.marker.io https://app.marker.io https://edge.marker.io https://scontent-sin6-4.cdninstagram.com blob: data:; connect-src 'self' https://analytics.google.com https://api.marker.io https://cdn.cookielaw.org https://geolocation.onetrust.com https://idx.liadm.com https://privacyportal.onetrust.com https://ssr.marker.io https://stats.g.doubleclick.net https://www.googletagmanager.com https://api.greenhouse.io/v1/boards/accesso/embed/departments; font-src 'self' https://app.marker.io https://cloud.typography.com https://edge.marker.io https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com data:; media-src https://media.marker.io https://app.marker.io https://edge.marker.io; frame-src 'self' https://bid.g.doubleclick.net https://hello.accesso.com/ https://app.marker.io https://player.vimeo.com/ https://polaris.brighterir.com https://www.youtube.com; child-src https://app.marker.io; form-action https://app.marker.io https://api.marker.io https://www.accesso.com/contact-us/ https://www.accesso.com/forms/ https://www.accesso.com/br/pt/contact-us/ https://www.accesso.com/br/pt/forms/ https://www.accesso.com/mx/es/contact-us/ https://www.accesso.com/mx/es/forms/; 1
upgrade-insecure-requests default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval' *.unitedtraders.com *.unitedtraders.ru *.uttoken.io *.unitedtraders.team *.utchallenge.com *.auroraplatform.com *.finderby.net *.utex.io *.whattobuy.today *.utex.work ; 1
frame-ancestors 'self' https://*.qbo.intuit.com https://qbo.intuit.com https://intuit-training-portal-simulator.azurewebsites.net/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:              https://*.hotjar.io              https://*.hotjar.com              wss://*.hotjar.com              https://*.youtube.com              https://*.youtube-nocookie.com              https://*.ytimg.com              https://*.facebook.net              https://*.facebook.com              https://*.google.com              https://*.google.nl              https://*.google-analytics.com              https://*.googleadservices.com              https://tagmanager.google.com              https://www.googletagmanager.com              https://i.vimeocdn.com              https://player.vimeo.com              https://*.vimeo.com              https://fonts.googleapis.com              https://maps.gstatic.com              https://fonts.gstatic.com              https://maps.googleapis.com              https://code.jquery.com              https://use.typekit.net https://unpkg.com https://cdnjs.cloudflare.com;              frame-src 'self'               https://*.local              https://*.botest.nl              https://*.basicorange.nl              https://*.netwerkdigitaalerfgoed.nl              https://vars.hotjar.com       https://*.soundcloud.com       https://*.youtube.com              https://*.youtube-nocookie.com              https://player.vimeo.com              https://*.vimeo.com; 1
connect-src 'self' www.bugherd.com bugherd-attachments.s3.amazonaws.com *.omappapi.com *.grupotriples.com *.hotjar.com *.google.com *.datadoghq-browser-agent.com *.linkedin.com *.datadoghq.com *.browser-intake-us5-datadoghq.com 1
frame-ancestors 'self' https://*.m2.aeroflow.dev https://aeroflowbreastpumps.com https://*.aeroflowbreastpumps.com https://cpapsupplies.com https://*.cpapsupplies.com https://cheapcpapsupplies.com https://*.cheapcpapsupplies.com https://aeroflowsleep.com https://*.aeroflowsleep.com https://aeroflowdirect.com https://*.aeroflowdirect.com https://shop.aeroflowinc.com https://aeroflowurology.com https://*.aeroflowurology.com https://motifmedical.com https://*.motifmedical.com https://lactationlink.com https://*.lactationlink.com https://aeroflowdiabetes.com https://*.aeroflowdiabetes.com https://proxy.omniconvert.com 1
default-src 'self';script-src 'self' https://cdn.jsdelivr.net https://js.stripe.com http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com 'unsafe-eval';style-src 'self' https://cdn.jsdelivr.net https://js.stripe.com http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com 'unsafe-inline';connect-src * https:;font-src 'self' https://cdn.jsdelivr.net https://js.stripe.com data: http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com;frame-ancestors 'self' http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com;frame-src 'self' https://js.stripe.com http://localhost:9000 https://*.trurotwpfiredepartment.com https://*.risevision.com https://*.screen.cloud https://*.iamresponding.com https://*.heathfiredepartment.com 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' *.googleadservices.com *.facebook.net *.adroll.com *.googleapis.com *.gstatic.com *.doubleclick.net *.prismic.io *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hsadspixel.net *.hscollectedforms.net *.hubspot.com *.fontawesome.com *.linkedin.com *.airpr.com qh-corp-sites *.licdn.com *.googletagmanager.com *.netlify.app *.algolia.net *.algolianet.com *.algolia.io *.hsforms.net *.jotform.com *.jotfor.ms *.cloudflare.com *.formstack.com; style-src 'self' data: 'unsafe-inline' *.googleapis.com *.hubspot.net *.jotfor.ms *.jotform.com; img-src 'self' data: *.prismic.io *.netlify.app *.doubleclick.net *.linkedin.com *.google.com *.facebook.com *.facebook.net *.hsforms.com *.adroll.com *.pubmatic.com *.airpr.com *.hubspot.com *.openx.net *.rlcdn.com *.outbrain.com *.hsappstatic.net *.glassdoor.com *.vimeocdn.com *.jotfor.ms *.jotform.com; font-src 'self' data: *.fontawesome.com *.googleapis.com *.gstatic.com *.doubleclick.net *.formstack.com *.jotfor.ms; connect-src 'self' *.fontawesome.com *.hubapi.com *.hscollectedforms.net *.hubspot.com *.google.com *.linkedin.com *.doubleclick.net *.algolia.net *.algolianet.com *.hsforms.com *.amazonaws.com *.jotform.co; media-src 'self' *.prismic.io *.hubspot.com; child-src 'self' *.vimeo.com *.vimeocdn.com *.googletagmanager.com; frame-src 'self' *.netlify.com *.doubleclick.net *.adsrvr.org *.vimeo.com *.facebook.com *.adroll.com *.hsappstatic.net *.hsforms.com *.hs-sites.com *.vimeocdn.com *.googlesyndication.com *.googleapis.com *.googletagmanager.com *.prismic.io; form-action 'self' *.facebook.com *.hsforms.com *.formstack.com; base-uri 'self' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss: data: 1
default-src 'none'; media-src *; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com https://eu.cookie-script.com https://*.fontawesome.com; img-src * data:; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://onesignal.com https://www.solodev.com/core/fileparse.php/131/urlt/infinite-slider.css ; script-src 'self' 'unsafe-eval' 'nonce-b9399c718a99ab0d03552f5959eddaf3b6c40cbb3ac3bf0529a6e8445151f4ba' 'unsafe-hashes' 'sha256-vEbFguXPuduhuEg0nH1ioMjRS2VfvnciquaA5LRVwk8=' 'sha256-FOxJ98ytn8FsH7Zj5qeCmmVZ7ZM8VNk05kUiNZYKjQU=' 'sha256-Z0iPuOEoAvH/Jlv4hbF1954Mf6KiQB7KkbqfduObf9E=' 'sha256-DxjnIH7qGpybYH/yFY1JEzoiQD2Yu+8xuKhEOaL56KY=' https://www.googletagmanager.com https://accounts.google.com https://cdn.onesignal.com https://onesignal.com https://eu.cookie-script.com https://connect.facebook.net https://ajax.googleapis.com https://*.cookie-script.com; frame-src *; connect-src 'self' https://*.pushfar.com https://consent.cookie-script.com https://*.fontawesome.com https://maps.googleapis.com https://www.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.analytics.google.com https://onesignal.com https://*.b2clogin.com; object-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://deliver.kontent.ai https://assets-eu-01.kc-usercontent.com https://cdn.jsdelivr.net https://www.sabes.it https://www.asdaa.it https://home.sabes.it https://home.asdaa.it https://www.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://cdn.jsdelivr.net https://unpkg.com https://*.googleapis.com https://*.google.com https://*.vimeo.com https://*.vimeocdn.com https://*.facebook.net https://*.siteimprove.com https://*.siteimprove.net https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.siteimproveanalytics.io https://siag.form.cloud https://fonts.gstatic.com https://redas.services.siag.it https://dati.retecivica.bz.it https://civis.bz.it https://sabes.onboard.org https://cdn1.onboard.org https://prod.b-optimist.com wss://prod.b-optimist.com https://*.sibforms.com https://sibforms.com https://*.brevo.com https://*.sendinblue.com https://*.gstatic.com https://siagsap4pab.prod.apimanagement.eu20.hana.ondemand.com https://sis.prod.apimanagement.eu20.hana.ondemand.com https://api-integrations.services.siag.it https://api-integrations.services.siag.it https://www.iubenda.com https://cdn.iubenda.com https://consent.iubenda.com https://hits-i.iubenda.com https://cs.iubenda.com/; base-uri 'self'; frame-ancestors 'self' https://*.kontent.ai/; font-src https://www.sabes.it https://www.asdaa.it https://home.sabes.it https://home.asdaa.it https://fonts.gstatic.com https://prod.b-optimist.com; object-src 'none'; 1
frame-ancestors 'self' https://microapps.google.com https://freshpik.hostx5.de https://fynd.hostx5.de https://*.werafoods.com https://*.bharatgo.com 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.bluecross.com.hk google.com www.google.com *.aia.biz *.zscalertwo.net s.yimg.com *.mixpanel.com *.bluecross.com.hk www.googletagmanager.com fonts.gstatic.com m.addthisedge.com m.addthis.com s7.addthis.com cdn.mxpnl.com www.google-analytics.com *.doubleclick.net *.aiaazure.biz  resources.xg4ken.com *.adsfactor.net *.ap-gateway.mastercard.com ap-gateway.mastercard.com *.ap-gateway.mastercard.com ap-gateway.mastercard.com syd-stripe2.ap.gateway.mastercard.com ap.gateway.mastercard.com rum-collector-2.pingdom.net www.googleadservices.com *.facebook.net *.facebook.com *.g.doubleclick.net www.google.com.vn www.google.com.hk ap.gateway.mastercard.com sp.analytics.yahoo.com *.codpayment.com appx js.go2sdk.com shopback.go2cloud.org *.mouseflow.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com ajax.googleapis.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.youtube.com *.ytimg.com bat.bing.com cdn.ywxi.net seal.websecurity.norton.com www.googletagmanager.com secure-ds.serving-sys.com bs.serving-sys.com use.fontawesome.com maxcdn.icons8.com cdnjs.cloudflare.com *.braintreegateway.com *.paypal.com *.paypalobjects.com connect.facebook.net *.g.doubleclick.net *.amazonaws.com *.mcafeesecure.com *.olark.com cc.cdn.civiccomputing.com *.trustedsite.com *.matomo.cloud *.app-us1.com trackcmp.net cdn-web.vtp-media.com web.vtp-media.com diffuser-cdn.app-us1.com prism.app-us1.com *.zohopublic.com *.zohostatic.com *.zohocdn.com salesiq.zoho.com;frame-ancestors 'self' https://leapfrogbabycare.com 1
frame-ancestors 'self' https://www.casamientos.com.ar https://comunidad.casamientos.com.ar https://landing.casamientos.com.ar 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-IhDFRhLvhjaY+p6Fp5fsObskRxe6H75xAFBIx/wz3E0o/nLN' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src *.fontawesome.com data: *.fonts.googleapis.com *.gstatic.com *.cloudflare.com *.etudehouse.com *.etude.com *.typekit.net acsbapp.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.etude.com *.besweeton.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * landofcoder.com https://pwgateway.com https://api.paymentwall.com/ *.google.com *.addthis.com *.mathtag.com *.api.useinsider.com gum.criteo.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://api.paymentwall.com/ *.cloudflare.com cdn.klarna.com s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.cdninstagram.com *.doubleclick.net *.mathtag.com *.amorepacific.com *.google.com *.google.co.kr *.etudehouse.com *.etude.com www.facebook.com *.paygate.net *.cookielaw.org *.besweeton.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com chimpstatic.com downloads.mailchimp.com *.list-manage.com landofcoder.com s7.addthis.com *.avada.io https://api.paymentwall.com/ https://songbirdstag.cardinalcommerce.com https://songbird.cardinalcommerce.com *.googleapis.com *.addthis.com *.addthisedge.com *.facebook.com connect.facebook.net cdn.cookielaw.org rum.beusable.net *.mathtag.com *.etudehouse.com *.etude.com *.criteo.net *.criteo.com *.api.useinsider.com cdnjs.cloudflare.com *.paygate.net *.google.com *.google.co.kr *.gstatic.com acsbapp.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com downloads.mailchimp.com *.fontawesome.com *.googleapis.com *.etudehouse.com *.etude.com *.typekit.net *.paygate.net www.googletagmanager.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com landofcoder.com ekr.zdassets.com/ https://pwgateway.com https://api.paymentwall.com/ *.cloudflare.com *.googleapis.com *.addthis.com graph.instagram.com cdn.cookielaw.org *.etudehouse.com *.etude.com *.facebook.com *.api.useinsider.com stats.g.doubleclick.net *.onetrust.com *.acsbapp.com acsbapp.com pagead2.googlesyndication.com *.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' localhost *.telekurier.at *.callisto.telekurier.at *.k-listo.at k-listo.at; 1
upgrade-insecure-requests; default-src https://*.zoom.us https://zoom.us blob: 'self'; img-src https: about: blob: data: 'self'; style-src https: safari-extension: chrome-extension: 'unsafe-inline' data: 'self'; font-src https: safari-extension: chrome-extension: blob: data: 'self'; connect-src * about: blob: data: 'self'; media-src * rtmp: blob: data: 'self'; frame-src https: ms-appx-web: zoommtg: zoomus: wvjbscheme: zoomprc: data: blob: 'self'; object-src 'none'; base-uri 'none';script-src 'self' 'strict-dynamic' 'nonce-BPVXq2tTRKuz7-X21MuFfg' blob: https:; 1
default-src 'self' https://static.gitbook.com; script-src 'self' 'nonce-ODQxZjBmMzAtOGVkOC00MTM3LTlhZTAtNjk4NmNlMjE2N2Nk' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://static.gitbook.com https://integrations.gitbook.com https://cdn.iframe.ly; style-src 'self' https://static.gitbook.com fonts.googleapis.com 'unsafe-inline'; img-src * 'self' blob: data: files.gitbook.com https://static.gitbook.com; connect-src * 'self' integrations.gitbook.com app.gitbook.com api.gitbook.com https://static.gitbook.com; font-src 'self' fonts.gstatic.com https://static.gitbook.com; frame-src *; object-src 'none'; base-uri 'self' https://static.gitbook.com; form-action 'self' https://static.gitbook.com; frame-ancestors https:; 1
default-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de *.talent-im-einsatz.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com; img-src 'self' *.zoll.de zoll.de *.itzbund.de *.geodatenzentrum.de *.openstreetmap.de data:; script-src 'self' 'unsafe-inline' *.zoll.de zoll.de *.itzbund.de itzbund.de *.zoll.de zoll.de *.geodatenzentrum.de *.openstreetmap.de *.youtube.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.cologne; img-src 'self' https: data: blob: https://social.cologne; style-src 'self' https://social.cologne 'nonce-IW24ErhtjyPkLc8hGzQp3g=='; media-src 'self' https: data: https://social.cologne; frame-src 'self' https:; manifest-src 'self' https://social.cologne; form-action 'self'; child-src 'self' blob: https://social.cologne; worker-src 'self' blob: https://social.cologne; connect-src 'self' data: blob: https://social.cologne https://media.social.cologne wss://social.cologne; script-src 'self' https://social.cologne 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://digitalpigeon.com  https://*.digitalpigeon.com https://*.digitalpigeon.com.au https://*.digitalpigeon.co.nz https://digitalpigeon-staging.com https://localhost.com:8889 https://digitalpigeon-dev.com:8889; 1
default-src 'self' http: https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.io *.com *.postcodeanywhere.co.uk *.paysafe.com *.pcapredict.com *.googletagmanager.com http *.google-analytics.com *.doubleclick.net *.cloudfront.net *.googleapis.com *.google.com *.googlesyndication.com *.facebook.net *.salesfire.co.uk *.giftup.app;connect-src *;script-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.js http: https: data: *.typekit.net;img-src 'self' *.cloudfront.net http: https: data:;style-src-elem 'self' 'unsafe-inline' *.co.uk *.com *.typekit.net;form-action 'self' *.com;frame-ancestors 'self';base-uri 'self';font-src 'self' https: data:;object-src 'none';upgrade-insecure-requests 1
default-src 'self' *.multiline.lu; script-src 'self' 'unsafe-inline' *.multiline.lu; style-src 'self' 'unsafe-inline' *.multiline.lu; object-src 'self' *.multiline.lu; img-src 'self' *.multiline.lu data: https: 1
style-src * blob: 'unsafe-inline'; img-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; connect-src * ws: wss:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; 1
default-src 'self' *.leadforensics.com https://webeo-web-content.s3-eu-west-1.amazonaws.com *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm;             style-src 'self' app.vwo.com https://cdn.jsdelivr.net/npm/ *.responseiq.com *.blob.core.windows.net *.googleapis.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://optimize.google.com 'unsafe-inline';             img-src * data: app.vwo.com;             font-src 'self' * data:;             frame-src app.vwo.com *.cookiebot.com *.doubleclick.net  *.dynamics.com *.vimeo.com *.googlesyndication.com *.facebook.com https://calendly.com/ *.hotjar.com https://optimize.google.com;             media-src 'self' *.cloudinary.com *.appspot.com;             script-src 'self' app.vwo.com *.veracitytrustnetwork.com *.thisisbeacon.com *.cookiebot.com https://unpkg.com/@dotlottie/player-component@1.0.0/dist/dotlottie-player.js https://static.cloudflareinsights.com/beacon.min.js *.jquery.com *.g.doubleclick.net *.hotjar.com *.google-analytics.com *.googleoptimize.com *.googlesyndication.com *.nyltx.com *.leadforensics.com *.canddi.com *.googleadservices.com *.googleapis.com *.responseiq.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://moneypennychat.appspot.com *.googletagmanager.com *.onetrust.com *.cloudflareinsights.com *.zoominfo.com *.blob.core.windows.net *.azureedge.net *.licdn.com *.bing.com *.ads-twitter.com *.facebook.net *.clarity.ms https://cdn.jsdelivr.net/npm https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com https://www.google.com 'unsafe-inline' 'unsafe-eval';             connect-src 'self' app.vwo.com analytics.google.com *.thisisbeacon.com *.veracitytrustnetwork.com *.cookiebot.com *.dynamics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com *.hotjar.io *.nyltx.com *.appspot.com *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.clarity.ms *.leadforensics.com *.responseiq.com https://vimeo.com *.zoominfo.com https://mpsitefunctions-test.azurewebsites.net https://mpsitefunctions.azurewebsites.net *.addressy.com *.facebook.com             worker-src 'self' blob:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-1x4ngeW5VnYjmuuuoXQtRRdD+9ih06izDLMio3jEGwOHHCNH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://manage.wwdmag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' https://www.letsbuild.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://josh.tel; img-src 'self' https: data: blob: https://josh.tel; style-src 'self' https://josh.tel 'nonce-MLBdxmIuwqHGFBgvg2VRnA=='; media-src 'self' https: data: https://josh.tel; frame-src 'self' https:; manifest-src 'self' https://josh.tel; form-action 'self'; child-src 'self' blob: https://josh.tel; worker-src 'self' blob: https://josh.tel; connect-src 'self' data: blob: https://josh.tel https://josh.tel wss://josh.tel; script-src 'self' https://josh.tel 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' Billerwebui.fiservapps.com 'unsafe-eval' billerdirectui.onefiserv.com av-billerdirectui-uat.onefiserv.com ci-mpsnare.iovation.com mpsnare.iesnare.com https://www.googletagmanager.com *.five9.com *.doubleclick.net https://www.google-analytics.com 'unsafe-inline' gstatic.com www.gstatic.com www.google.com maps.googleapis.com https://www.googletagmanager.com *.doubleclick.net https://www.google-analytics.com https://az416426.vo.msecnd.net; connect-src 'self' https://picserv.porsche.com https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com; img-src 'self' *.five9.com www.google.com picserv.porsche.com www.googletagmanager.com *.gstatic.com *.doubleclick.net https://www.google-analytics.com data: https://etimeqa15.bankofthewest.com; style-src 'self' *.five9.com 'unsafe-inline'; font-src 'self' data:; object-src 'self' ci-mpsnare.iovation.com mpsnare.iesnare.com; frame-src https://payframe.fiservapps.com Billerwebui.fiservapps.com billerdirectui.onefiserv.com av-billerdirectui-uat.onefiserv.com *.five9.com www.google.com https://www.youtube.com https://vimeo.com chat-lending.fiservapps.com https://www.googletagmanager.com *.doubleclick.net https://www.google-analytics.com; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://s1.thcdn.com/ https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com; form-action 'self' https://www.facebook.com https://m.bhcosmetics.com https://checkout.bhcosmetics.com https://www.bhcosmetics.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://cdn.branch.io https://cdn.jsdelivr.net https://polyfill.io https://*.trustpilot.com https://bat.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.exponea.com https://www.googletagmanager.com https://*.algolia.net https://www.google-analytics.com https://*.twitter.com https://connect.facebook.net https://static.ads-twitter.com https://*.addthis.com https://app.link https://z.moatads.com https://v1.addthisedge.com https://static.zdassets.com https://use.typekit.net https://activewin.co.uk https://code.jquery.com https://*.quotezone.co.uk https://*.github.io https://*.cloudflare.com https://uicdn.toast.com https://*.google.com https://*.gstatic.com https://assets.pinterest.com https://analytics.tiktok.com https://*.onetrust.com https://*.shareaholic.net https://snap.licdn.com https://*.stackpathcdn.com https://cdn.viglink.com https://partner.shareaholic.com https://www.redditstatic.com https://*.hotjar.com https://dsms0mj1bbhn4.cloudfront.net https://cdn.openshareweb.com https://ndmprodsrchmrchuksst100.blob.core.windows.net https://cdn-dev.joinnetwork.com https://cdn-qa.joinnetwork.com https://cdn.joinnetwork.com; style-src 'self' 'unsafe-inline' data: https://ajax.googleapis.com https://fonts.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://*.typekit.net https://*.cloudflare.com https://*.toast.com https://*.hotjar.com https://fonts.bunny.net/ https://cdn.openshareweb.com https://cdn-dev.joinnetwork.com https://cdn-qa.joinnetwork.com https://cdn.joinnetwork.com; default-src 'self'; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://use.typekit.net https://*.stackpathcdn.com https://*.hotjar.com https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/fonts/ https://dsms0mj1bbhn4.cloudfront.net/v2/ https://fonts.bunny.net/ https://cdn.openshareweb.com https://cdn-dev.joinnetwork.com https://cdn-qa.joinnetwork.com https://cdn.joinnetwork.com; connect-src 'self' https://api.exponea.com https://api.network.exponea.com https://*.exponea.com https://*.algolia.net https://*.algolia.io https://stats.g.doubleclick.net https://*.addthis.com https://bat.bing.com https://www.google-analytics.com https://analytics.tiktok.com https://*.onetrust.com https://cookiesuksouth.blob.core.windows.net https://*.google.com https://*.google-analytics.com https://*.shareaholic.com https://*.shareaholic.net https://api.viglink.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ads.linkedin.com https://*.redditstatic.com https://ndm-prod-uks-apim-100.azure-api.net https://cdn-dev.joinnetwork.com https://cdn-qa.joinnetwork.com https://cdn.joinnetwork.com https://api-dev.joinnetwork.com https://api-qa.joinnetwork.com https://api.joinnetwork.com; frame-src 'self' https://*.addthis.com https://www.googletagmanager.com https://*.quotezone.co.uk https://*.youtube.com https://*.youtube-nocookie.com https://www.pages04.net http://images.healthservicediscounts.com https://images.healthservicediscounts.com https://perk.ee.co.uk https://*.facebook.com https://*.trustpilot.com https://*.google.com https://assets.pinterest.com https://vars.hotjar.com https://*.doubleclick.net https://cdn-dev.joinnetwork.com https://cdn-qa.joinnetwork.com https://cdn.joinnetwork.com https://api-dev.joinnetwork.com https://api-qa.joinnetwork.com https://api.joinnetwork.com; img-src 'self' data: https://t.co https://*.execute-api.eu-west-1.amazonaws.com https://googleads.g.doubleclick.net https://bat.bing.com https://www.google.com https://www.google.co.uk https://www.facebook.com https://connect.facebook.net https://*.healthservicediscounts.com https://*.discountsforteachers.co.uk https://*.discountsforcarers.com https://*.charityworkerdiscounts.com https://*.typekit.net https://*.toast.com https://*.google-analytics.com https://*.googletagmanager.com https://i.pinimg.com https://log.pinterest.com https://www.addthis.com https://*.atdmt.com https://*.onetrust.com https://cookiesuksouth.blob.core.windows.net https://*.analytics.google.com https://px.ads.linkedin.com https://secure.gravatar.com https://alb.reddit.com https://*.hotjar.com https://*.twitter.com https://images-static.trustpilot.com https://ajax.googleapis.com https://cdn-dev.joinnetwork.com https://cdn-qa.joinnetwork.com https://cdn.joinnetwork.com 1
frame-ancestors 'self'  http://nocowanie.pl http://*.nocowanie.pl https://nocowanie.pl https://*.nocowanie.pl http://nocowanie.eu http://*.nocowanie.eu https://nocowanie.eu https://*.nocowanie.eu http://de.nocowanie.pl http://*.de.nocowanie.pl https://de.nocowanie.pl https://*.de.nocowanie.pl http://nocowanie.cz http://*.nocowanie.cz https://nocowanie.cz https://*.nocowanie.cz http://nocowanie.sk http://*.nocowanie.sk https://nocowanie.sk https://*.nocowanie.sk http://nocowanie.it http://*.nocowanie.it https://nocowanie.it https://*.nocowanie.it http://nocowanie.com.hr http://*.nocowanie.com.hr https://nocowanie.com.hr https://*.nocowanie.com.hr; 1
form-action 'self'; frame-ancestors 'self'; 1
frame-ancestors https://m-b0baa0a7fff0ce025514b85f7387bc22-sg360.skygolf.com/ https://m-qa2-8264ee52f589f4c0191aa94f87aa1aeb-sg360.skygolf.com/ https://m-mmelohn-sg360.skygolf.com/ https://m-hnguyen-sg360.skygolf.com/ https://m-aravi-sg360.skygolf.com/ https://pp-skygolf.eurekalabs.io/ https://smclubsg.skygolf.com https://pp.skygolf.com https://www.skygolf.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-9tNbI8dw4h2MV41uATwped2m4flMEQnlUcFQ5snpfyPp9tKi' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src 'self' *.gstatic.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.connectfirstcu.com data:; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.connectfirstcu.com  koi-3QNNM3JSYA.marketingautomation.services tag.perfectaudience.com pixel-geo.prfct.co; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdic.ca *.gstatic.com *.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.googletagmanager.com www.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com tagmanager.google.com *.bing.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.connectfirstcu.com koi-3qnnm3jsya.marketingautomation.services tag.perfectaudience.com pixel-geo.prfct.co d1mxil5lo6vg2v.cloudfront.net *.sentis.ca sc-static.net snap.licdn.com; img-src * data:; worker-src 'self' blob:; ; 1
default-src 'self' *.weglot.com *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; media-src 'self' data:; script-src 'nonce-3a3ace6b-243d-4ef7-b54a-604a80a7231c' 'strict-dynamic'  'unsafe-hashes' cdn.weglot.com googleads.g.doubleclick.net www.gstatic.com *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; script-src-elem 'unsafe-inline' https://www.ilevia.fr sdk.privacy-center.org cdn.weglot.com cdn.matomo.cloud googleads.g.doubleclick.net www.gstatic.com *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; style-src 'self' *.weglot.com sdk.privacy-center.org *.ilevia.fr 'unsafe-inline' *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; connect-src 'self' data: *.ilevia.fr *.weglot.com cdn-api-weglot.com *.insitaction.org sdk.privacy-center.org google.com api.privacy-center.org api.navitia.io api-cus.navitia.io ilevia.matomo.cloud *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net   ; font-src 'self' data: *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; img-src 'self' data: *.weglot.com www.gstatic.com media.ilevia.fr int-media.ilevia.fr pprod-media.ilevia.fr sdk.privacy-center.org upload.wikimedia.org ilost.co www.ilevia.fr purecatamphetamine.github.io *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; worker-src 'self' blob: *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; form-action 'self' ilost.co *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net; child-src https://nws-lille.hove.io pnp-ihm-lille-cus.canaltp.fr *.facebook.net *.facebook.com *.tiktok.com *.google.com *.googletagmanager.com www.instagram.com www.youtube.com td.doubleclick.net 1
frame-ancestors https://*.etracker.com 1
frame-ancestors https://register.enthuse.com; report-uri /report-csp-violation 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *;frame-ancestors *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com *.google.com *.google.cz *.google.pl www.gstatic.com static-eu.payments-amazon.com cdn.parcellab.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.fitanalytics.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net player.podigee-cdn.net *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.emarsys.net *.googlesyndication.com *.hcaptcha.com *.dwin1.com *.awin1.com *.fatmedia.io *.behamics.com *.taboola.com glamipixel.com *.b-cdn.net *.dognet.sk *.s24.com *.imedia.cz *.seznam.cz *.doubleclick.net *.app.baqend.com *.recova.ai hirmergrossegrssenonlinegmbh.pxf.io hirmergrossegrssenonlinegmbh.sjv.io www.ojrq.net logs-01.loggly.com utt.impactcdn.com *.hirmer-big-tall.com *.hirmer-grosse-groessen.de *.google.de google.de hirmercesky.sjv.io hirmerpolski.sjv.io tracking.s24.com; img-src 'self' data: * userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com *.app.baqend.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com cdn.parcellab.com *.googletagmanager.com *.fitanalytics.com player.podigee-cdn.net *.hcaptcha.com *.behamics.com *.app.baqend.com; font-src 'self' https://themes.googleusercontent.com data: *.gstatic.com d3dc1lgancj6l0.cloudfront.net *.fitanalytics.com *.b-cdn.net player.podigee-cdn.net *.app.baqend.com; frame-src 'self' www.google.com *.google.com *.google.cz *.google.pl book.timify.com/services cdn.lightwidget.com api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com player.vimeo.com player.podigee-cdn.net *.usercentrics.eu *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.emarsys.net *.googlesyndication.com *.dwin1.com *.awin1.com *.hcaptcha.com *.fatmedia.io *.behamics.com *.adform.net *.b-cdn.net *.taboola.com *.imedia.cz *.seznam.cz *.doubleclick.net *.recova.ai hirmergrossegrssenonlinegmbh.pxf.io hirmergrossegrssenonlinegmbh.sjv.io www.ojrq.net logs-01.loggly.com utt.impactcdn.com *.hirmer-big-tall.com *.hirmer-grosse-groessen.de *.google.de google.de hirmercesky.sjv.io hirmerpolski.sjv.io tracking.s24.com; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: *.hirmercdn.de hirmercdn.de *.hirmerservice.de *.algolianet.com *.algolia.net *.algolia.io algolia.net maps.googleapis.com www.google.com *.google.com *.google.cz *.google.pl www.gstatic.com static-eu.payments-amazon.com payments-eu.amazon.com api.parcellab.com *.usercentrics.eu *.googletagmanager.com *.google-analytics.com *.fitanalytics.com *.userlike.com d3upe020n1uosc.cloudfront.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com *.criteo.com *.criteo.net *.bing.com *.hotjar.com *.hotjar.io *.facebook.net *.facebook.com *.scarabresearch.com *.googleadservices.com *.emarsys.net *.googlesyndication.com *.hcaptcha.com *.dwin1.com *.awin1.com *.fatmedia.io *.behamics.com *.b-cdn.net *.taboola.com *.imedia.cz *.seznam.cz *.doubleclick.net *.app.baqend.com *.recova.ai hirmergrossegrssenonlinegmbh.pxf.io hirmergrossegrssenonlinegmbh.sjv.io www.ojrq.net logs-01.loggly.com utt.impactcdn.com *.hirmer-big-tall.com *.hirmer-grosse-groessen.de *.google.de google.de hirmercesky.sjv.io hirmerpolski.sjv.io tracking.s24.com; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net; media-src 'self' *.hirmercdn.de hirmercdn.de hirmer-muenchen.de www.hirmer-muenchen.de d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com 1
content-security-policy : default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com https://accounts.google.com/gsi/style https://*.clarity.ms https://*.cloudfront.net/js/ https://*.crunch.co.uk https://*.dwin1.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googleoptimize.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.infinity-tracking.com https://*.kommunicate.io https://*.omappapi.com https://*.pardot.com https://*.website-files.com https://assets.calendly.com https://bat.bing.com https://cdn.jsdelivr.net/gh/g4knr/crunch-new@1.0.5/ https://cdn.jsdelivr.net/gh/ramp-development/ https://cdn.jsdelivr.net/gh/CrunchWebteam/crunch-calculators@1.1.5/dist/index.js https://cdn.jsdelivr.net/npm/@finsweet/ https://cdnjs.cloudflare.com/ajax/ https://code.jquery.com https://connect.facebook.net https://js.stripe.com https://snap.licdn.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.userguiding.com https://the.sciencebehindecommerce.com https://unpkg.com/@popperjs/ https://unpkg.com/tippy.js@6 https://unpkg.com/tippy.js@6.3.7 https://use.typekit.net/nbb0tca.js https://use.typekit.net/pal0kiz.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://www.crunch.uk https://www.pagespeed-mod.com https://www.unpkg.com/iframe-resizer@4.3.5/ https://www.youtube.com https://www.zenaps.com https://ajax.googleapis.com https://use.typekit.net https://cdn.jsdelivr.net/npm/@finsweet/cookie-consent@1 https://d3e54v103j8qbb.cloudfront.net https://assets-global.website-files.com https://widget-assets.crunch.co.uk https://cdnjs.cloudflare.com/ajax/libs/typed.js/2.0.10 https://www.dynamicnumbers.mediahawk.co.uk https://platform-api.sharethis.com https://buttons-config.sharethis.com https://cdn.finsweet.com https://tools.refokus.com/masonry-layout/bundle.v1.0.0.js https://cdn.mida.so https://app.humblytics.com https://app.optibase.io https://cdn.plyr.io https://embed.interactivecalculator.com https://www.interactivecalculator.com; img-src 'self' about: data: 'unsafe-inline' 'unsafe-eval' blob: https://platform-cdn.sharethis.com https://*.ads.linkedin.com https://*.analytics.google.com https://*.clarity.ms https://*.crunch.co.uk https://*.kommunicate.io https://*.omappapi.com https://*.typekit.net https://assets-global.website-files.com https://assets.calendly.com https://c.bing.com/c https://px.ads.linkedin.com https://res.cloudinary.com https://stats.g.doubleclick.net https://*.google.at https://*.google.be https://*.google.ch https://*.google.cn https://*.google.co.kr https://*.google.co.nz https://*.google.co.uk https://*.google.com.at https://*.google.com.im https://*.google.com https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.se https://*.ytimg.com https://googleads.g.doubleclick.net https://images.unsplash.com https://www.awin1.com https://www.crunch.uk https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://www.zenaps.com https://d3e54v103j8qbb.cloudfront.net https://uploads-ssl.webflow.com https://secure.gravatar.com https://cdn.plyr.io https://*.cloudfront.net; frame-ancestors 'self' https://my.crunch.co.uk/; manifest-src 'self'; frame-src 'self' https://accounts.google.com https://*.crunch.co.uk https://*.doubleclick.net https://*.kommunicate.io https://airtable.com/embed/ https://assets-global.website-files.com https://calendly.com https://cdn.embedly.com https://fast.wistia.net https://js.stripe.com https://tpc.googlesyndication.com https://webflow.com https://widget.trustpilot.com https://www.crunch.uk https://www.facebook.com https://www.youtube.com https://www.zenaps.com https://streamyard.com; worker-src blob:; style-src 'self' 'unsafe-inline' https://accounts.google.com https://accounts.google.com/gsi/style https://*.crunch.co.uk https://*.googleapis.com https://*.kommunicate.io https://*.omappapi.com https://*.typekit.net https://*.website-files.com https://assets.calendly.com https://use.typekit.net/nbb0tca.css https://www.crunch.uk https://d3e54v103j8qbb.cloudfront.net https://cdn.plyr.io; connect-src 'self' https://api.mida.so/init/uuid https://api.mida.so/test/setting2 https://api.mida.so/widget/event/W7Gz1ZaVYKMjLBoPqwJQj8 https://api.mida.so/abtest/visitor https://*.analytics.google.com https://*.clarity.ms https://*.crunch.co.uk https://*.google.at https://*.google.be https://*.google.ch https://*.google.cn https://*.google.co.nz https://*.google.co.uk https://*.google.com.at https://*.google.com.im https://*.google.com https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ie https://*.google.it https://*.google.nl https://*.google.no https://*.google.pl https://*.google.se https://*.kommunicate.io https://*.lon.infinity-tracking.com https://*.omappapi.com https://*.userguiding.com https://analytics.google.com https://assets-global.website-files.com https://assets.website-files.com https://cdn.jsdelivr.net/gh/ramp-development/ https://cdn.linkedin.oribi.io https://editor-api.webflow.com https://ict.infinity-tracking.net https://stats.g.doubleclick.net https://the.sciencebehindecommerce.com https://www.facebook.com/tr/ https://www.google-analytics.com https://www.wepowerconnections.com wss://socket2.kommunicate.io https://events.statsigapi.net https://statsigapi.net https://dn.mediahawk.co.uk https://l.sharethis.com https://sessions.bugsnag.com https://notify.bugsnag.com https://px.ads.linkedin.com https://b-fallback.realtime.webflow.com https://webflow-prod-assets.s3.amazonaws.com https://app.humblytics.com https://app.optibase.io https://app.optibase.io/api/script/initialize https://noembed.com https://cdn.plyr.io https://realtime.webflow.com https://.ably-realtime.com wss://realtime.webflow.com; object-src 'unsafe-inline' data: 'unsafe-eval'; media-src 'self' https://.kommunicate.io; font-src 'self' data: https://assets-global.website-files.com https://assets.website-files.com https://fonts.gstatic.com https://res.cloudinary.com https://use.typekit.net https://d3e54v103j8qbb.cloudfront.net; base-uri 'self'; report-uri https://services.crunch.co.uk/csp-violations/report/; 1
connect-src goshenhealth.com *.goshenhealth.com *.acsbapp.com *.craftcms.com *.doubleclick.net *.google-analytics.com *.googleapis.com perfalytics.com *.perfalytics.com *.stackadapt.com;     font-src data: goshenhealth.com *.goshenhealth.com *.gstatic.com;     frame-src goshenhealth.com *.goshenhealth.com *.addtoany.com *.blackbaudhosting.com *.doubleclick.net *.freshpaint-hipaa-videos.com *.google.com *.youtube.com;     img-src data: goshenhealth.com *.goshenhealth.com *.blackbaudhosting.com *.doubleclick.net *.google.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.simpli.fi;     script-src-elem 'unsafe-inline' goshenhealth.com *.goshenhealth.com acsbapp.com *.acsbapp.com *.addtoany.com *.blackbaudhosting.com *.cloudflare.com *.doubleclick.net *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.mercuryhealthcare.com perfalytics.com *.perfalytics.com *.simpli.fi *.stackadapt.com *.youtube.com;     script-src 'unsafe-inline' 'unsafe-eval' goshenhealth.com *.goshenhealth.com;     style-src 'unsafe-inline' goshenhealth.com *.goshenhealth.com *.blackbaudhosting.com *.cloudflare.com *.googleapis.com *.stackadapt.com;     default-src 'self' goshenhealth.com *.goshenhealth.com; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' c.lytics.io quilt-cdn.janrain.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org connect.facebook.net cdn.segment.com pghub.io c.lytics.io pge.segmanta.com *.cloudfront.net rpxnow.com procter-gamble.eu.janraincapture.com procter-gamble.eu.janrainsso.com procter-gamble.eu-dev.janraincapture.com procter-gamble.eu-dev.janrainsso.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com s.mujsvet-pg.cz procter-gamble.eu.janrainsso.com procter-gamble.eu.janraincapture.com www.facebook.com procter-gamble.eu-dev.janraincapture.com procter-gamble.eu-dev.janrainsso.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net cdn.cookielaw.org pixel.tapad.com www.facebook.com c.lytics.io www.googletagmanager.com *.cloudfront.net *.amazon-adsystem.com feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org match.adsrvr.org *.google-analytics.com cdn.segment.com www.facebook.com api.segment.io graphql.contentful.com *.algolia.net *.algolianet.com api-pge.segmanta.com api.pgsvc.com api-test.pg.com geolocation-db.com api.pg.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors'self'; 1
sandbox allow-downloads allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-scripts allow-same-origin; default-src 'self' http://maxcdn.bootstrapcdn.com *.youtube-nocookie.com/embed/ https://www.youtube.com/embed/ https://fonts.gstatic.com/ widgets.trustedshops.com api.zanox.ws https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.de *.google.com *.google-analytics.com *.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://widgets.trustedshops.com https://bot.moin.ai/ https://dialog.botcast.ai/ https://code.jquery.com/jquery-1.10.2.min.js *.zanox.com https://www.dwin1.com *.awin1.com *.zenaps.com *.sciencebehindecommerce.com https://widget.moin.ai/ https://bat.bing.com/ https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://ss-gtm.admiraldirekt.de/ https://ssgtm.admiraldirekt.de/ https://g.microsoft.com https://translate.googleapis.com  https://www.clarity.ms/ https://api.ipify.org https://analytics.fatmedia.io/ https://ad4m.at/ https://lantern.roeyecdn.com/lantern_global_11671.min.js; connect-src 'self' https://googleads.g.doubleclick.net *.analytics.google.com https://www.google-analytics.com/ https://ss-gtm.admiraldirekt.de/ https://ssgtm.admiraldirekt.de/ https://www.google.com/ https://widgets.trustedshops.com https://www.facebook.com/tr/ https://azure.botcast.ai/ wss://bot.moin.ai/primus https://stats.g.doubleclick.net https://cdncache-a.akamaihd.net https://bat.bing.com/ https://api.moin.ai https://cfg.moin.ai https://cdn.cookielaw.org/ https://privacyportal-de.onetrust.com/ https://www.google.de/ https://widget.moin.ai *.clarity.ms https://admiraldirekt-api-dienste.ey.r.appspot.com https://admiraldirekt-api-dienste.appspot.com https://geolocation.onetrust.com/ https://maps.googleapis.com/; img-src 'self' data: *.admiraldirekt.de https://widgets.trustedshops.com *.google-analytics.com *.analytics.google.com https://www.google.com/ads/ https://www.google.de/ads/ https://www.google.com/pagead/ https://www.google.de/pagead/ https://stats.g.doubleclick.net https://*.amazonaws.com *.googletagmanager.com https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com/ https://media.botcast.ai/ https://media.moin.ai/ https://scontent.xx.fbcdn.net/ https://external.xx.fbcdn.net/ *.awin1.com *.zenaps.com *.bing.com https://knowhere.to/ https://cdn.cookielaw.org/ https://*.admiraldirekt.de/ https://www.google.at/ https://www.google.ch/ https://fonts.gstatic.com/ https://translate.google.com https://c.clarity.ms/ https://optanon.blob.core.windows.net/ https://googleads.g.doubleclick.net https://ad.doubleclick.net/ https://r.adserver01.de/ https://ad11.adfarm1.adition.com https://track.adform.net https://trc.taboola.com https://as.ad4m.at/ https://adservice.google.com/ https://secure.adnxs.com/ https://imagesrv.adition.com/ https://ad4m.at https://*.adserver01.de https://*.adc-serv.net https://*.df-srv.de https://*.adition.com https://*.ad4mat.de https://*.doubleclick.net https://*.adscale.de https://*.twiago.com https://*.casalemedia.com https://*.adfarm1.adition.com https://*.adform.net https://*.secure.adnxs.com https://*.taboola.com https://*.retrack-kupona.kuponacdn.de https://*.smartadserver.com https://*.pubmatic.com https://*.yieldlab.net https://lantern.roeye.com/; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com https://tagmanager.google.com https://fonts.googleapis.com https://widgets.trustedshops.com https://widget.moin.ai/ https://translate.googleapis.com https://www.googletagmanager.com/debug/; font-src 'self' https://fonts.gstatic.com  https://widgets.trustedshops.com https://static3.avast.com https://widget.moin.ai; child-src 'self' https://www.youtube-nocookie.com https://www.googletagmanager.com https://bid.g.doubleclick.net/ https://www.awin1.com/ https://bid.g.doubleclick.net https://ad4m.at/ https://hal9000.redintelligence.net/ https://mathtag.com/ https://*.ad4mat.net https://td.doubleclick.net/; worker-src 'self' *.awin1.com *.zenaps.com ; base-uri 'self'; media-src 'self'; object-src 'self'; form-action 'self'; frame-ancestors 'self' https://www.admiraldirekt.de/; block-all-mixed-content; report-uri https://prod.admiraldirekt.iv.local/intern/csp/CSPReporting 1
object-src 'none'; base-uri 'self'; script-src 'sha256-Z0q65UhN2shDtTUTgNdO3zS89Dxtt8wXobiM4AtuTmo=' 'nonce-Rq6dMHXHcgkC8raVY-eKDoi-93yTB8gUL2bp_AEAbOr_cQnRem04LnZ49eDrGQot' 'strict-dynamic' 'self' 1
frame-ancestors 'self' worx.internorm.com *.worx.internorm.com worx-test.internorm.com *.worx-test.internorm.com 1
frame-ancestors 'self' https://*.partijvoordedieren.nl; 1
default-src 'none'; img-src 'self' data: https://*.jivosite.com https://*.jivo.ru https://www.gstatic.com https://*.giphy.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com https://*.jivosite.com https://*.jivo.ru; script-src 'self' 'unsafe-inline' https://*.jivosite.com https://*.jivo.ru; font-src 'self'; connect-src 'self' https://*.jivosite.com wss://*.jivosite.com https://*.jivo.ru wss://*.jivo.ru; frame-src https://*.niks.by https://*.jivosite.com https://*.jivo.ru https://niks-by.speedtestcustom.com; frame-ancestors 'none'; media-src https://*.jivosite.com https://*.jivo.ru; base-uri 'self'; form-action 'self'; 1
default-src 'self' *.itw.com;            style-src 'self' 'unsafe-inline' *.bootstrapcdn.com npmcdn.com *.googleapis.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube *.fontawesome.com *.wpcc.io *.cloudflare.com *.thunderstone.cloud;            font-src 'self' acsbapp.com *.fontawesome.com *.cloudflare.com;            script-src 'self' 'unsafe-inline' npmcdn.com *.cloudflare.com *.bootstrapcdn.com *.googletagmanager.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube *.google-analytics.com acsbap.com acsbapp.com *.wpcc.io *.thunderstone.cloud;           connect-src 'self' *.google-analytics.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube *.doubleclick.net *.acsbapp.com;           img-src 'self' acsbapp.com *.ytimg.com *.youtube.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube *.googletagmanager.com *.google-analytics.com *.google.com *.cloudflare.com;           frame-src acsbapp.com *.youtube.com *.googlevideo.com *.youtu.be *.youtube.com *.youtube.com.br *.youtube.co.nz *.youtube.de *.youtube.es *.youtube.it *.youtube.nl *.youtube-nocookie.com *.youtube.ru *.ytimg.com *.video-stats.l.google.com *.youtube.googleapis.com *.youtubei.googleapis.com *.ytimg.l.google.com *.rewind.youtube *.blog.youtube     platform.mi.spglobal.com; 1
upgrade-insecure-requests; frame-src 'self' https://www.googletagmanager.org https://www.youtube.com https://www.googleapis.com https://www.google.com; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.sygnum.com https://*.iubenda.com https://www.google.com https://www.gstatic.com https://cdnjs.cloudflare.com https://snap.licdn.com https://*.ads.linkedin.com https://assets.coingecko.com https://*.linkedin.com https://secure.gravatar.com https://d2etr7o2bnujnh.cloudfront.net https://player.vimeo.com https://www.buzzsprout.com https://ajax.cloudflare.com https://dsxmu6j95x8t1.cloudfront.net https://polygon-mainnet.infura.io https://dsxmu6j95x8t1.cloudfront.net https://cdn.linkedin.oribi.io https://ipinfo.io https://onboarding.api.sygnum.com https://yoast.com https://*.googleapis.com https://www.solwininfotech.com https://*.jquery.com https://www.youtube.com https://*.yoast.com https://*.helpscout.net https://www.cloudflare.com https://*.ipify.org https://i.vimeocdn.com https://fonts.gstatic.com https://*.youtube.com https://i.ytimg.com https://*.googletagmanager.com https://*.cloudfront.net https://*.ads-twitter.com https://*.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.google.de https://t.co https://*.twitter.com https://*.doubleclick.net https://*.clarity.ms https://*.developers.google.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://wt.adctrl.com https://*.adctrl.com https://analytics.google.com https://d1z85o1lt4k8qg.cloudfront.net https://secure-t.sygnum.com https://api.redirect.li https://s.w.org https://*.teads.tv https://www.google.co.za https://tags.srv.stackadapt.com; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-9RLzpSZUV64eaFoNil2/fQ==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
object-src 'self'; frame-src 'self' www.google.com cloud.hostingraja.in www.googletagmanager.com chat.hostingraja.in www.youtube.com https://widget.trustpilot.com https://securegw-stage.paytm.in/ https://securegw.paytm.in/ https://accounts.paytm.com/ paytm https://staticpg.paytm.in/ https://api.razorpay.com/ https://checkout.stripe.com/ https://td.doubleclick.net/; 1
connect-src 'self' *; default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.gstatic.com fonts.googleapis.com *.typekit.net *.hotjar.com; frame-src 'self' vimeo.com *.vimeo.com *.vimeocdn.com *.sharethis.com *.sharethisedge.com *.doubleclick.net biffacdnendpoint.azureedge.net *.youtube.com *.facebook.com biffa.qualtrics.com; img-src 'self' data: *; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' *.googleapis.com 'unsafe-inline' data: *.typekit.net *.postcodeanywhere.co.uk *.sharethis.com *.sharethisedge.com *.stackadapt.com; worker-src 'self' blob:; 1
frame-ancestors thelibrarydistrict.org *.thelibrarydistrict.org lvccld.bibliocms.com *.lvccld.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src thelibrarydistrict.org *.thelibrarydistrict.org lvccld.bibliocms.com *.lvccld.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-mO5UDHsTJa' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com;style-src 'self' 'unsafe-inline' https://*.stripe.com https://*.paypal.com;img-src 'self' s.w.org data: https://*.paypal.com https://*.paypalobjects.com https://*.stripe.com;media-src 'self';frame-src 'self' https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com;font-src 'self' data: https://*.stripe.com;connect-src 'self' https://*.geonames.org https://*.geonames.net https://*.paypal.com https://*.stripe.com;frame-ancestors 'self' 1
base-uri 'self'; connect-src * blob: data: *.crazyegg.com ; default-src 'self' *.meetup.com *.dev.meetup.com:8001 www.sjwoe.com *.crazyegg.com blob: ; font-src * data:; frame-ancestors 'self'; frame-src *; img-src * data: blob: *.crazyegg.com ;media-src *.meetup.com *.dev.meetup.com:8001 https://secure.meetupstatic.com www.sjwoe.com *.sendbird.com https://sendbird-us-3.s3.amazonaws.com; script-src * 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; style-src * 'unsafe-inline' *.crazyegg.com ; object-src 'none' 1
default-src 'self' data: https://*.google-analytics.com https://matchcentre.mfa.com.mt;upgrade-insecure-requests;style-src 'self' 'unsafe-inline' https://embedsocial.com https://*.google.com https://*.facebook.com https://*.cookie-script.com https://*.jwplayer.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.googletagmanager.com https://*.speedcurve.com https://embedsocial.com https://*.google.com https://*.facebook.com https://*.cookie-script.com https://*.jwplayer.com;script-src-attr 'unsafe-inline';connect-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://embedsocial.com https://*.google.com https://*.facebook.com https://*.cookie-script.com https://*.jwplayer.com https://cms.mfa.com.mt https://matchcentre.mfa.com.mt;frame-src 'self' https://*.googletagmanager.com https://*.youtube.com https://embedsocial.com https://*.google.com https://*.facebook.com https://*.cookie-script.com https://*.jwplayer.com https://matchcentre.mfa.com.mt;img-src 'self' data: https://cms.mfa.com.mt https://matchcentre.mfa.com.mt 1
frame-ancestors 'none'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none' 1
frame-ancestors https://*.selfapy.com 1
default-src 'self' *.dab-bank.de https://*.dab-bank.de intent://consors.com https://*.optimizely.com;script-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.bootstrapcdn.com https://*.ensighten.com https://*.googleapis.com https://*.akamaihd.net https://*.tlscdn.com https://*.cloudfront.net https://*.google-analytics.com https://*.akamai.net https://*.dab-partnerprogramm.de https://*.zanox.com https://*.intelliad.de https://*.netrk.net https://*.optimizely.com https://*.amazonaws.com https://*.googleadservices.com https://*.webmasterplan.com  https://*.neqty.net https://*.gstatic.com https://*.doubleclick.net https://*.adform.net https://*.vid.ly https://*.googleusercontent.com *.mdgms.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de  https://*.facebook.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval';img-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.adac.de https://*.bootstrapcdn.com https://*.ensighten.com *.mdgms.com https://*.netrk.net https://*.adform.net https://*.intelliad.de https://*.zanox.com *.webmasterplan.com https://*.gstatic.com https://*.amazonaws.com https://*.google-analytics.com https://*.akamai.net https://*.neqty.net https://*.twitter.com https://*.google.com https://*.doubleclick.net https://*.google.de https://*.googleadservices.com *.bing.com https://*.akamaihd.net https://*.facebook.com https://*.facebook.net https://*.cloudfront.net https://*.ssl-images-amazon.com https://*.googleapis.com https://*.optimizely.com https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.rexx-server.com *.boerse-frankfurt.de *.volkswagenbank.de data:;style-src 'self' 'unsafe-inline' *.dab-bank.de https://*.dab-bank.de https://*.googleapis.com https://*.bootstrapcdn.com https://*.intelliad.de https://*.webmasterplan.com;frame-src 'self' *.dab-bank.de https://*.dab-bank.de push.dab-bank.de https://*.adac.de https://*.twitter.com https://*.google.com https://*.google.de https://*.cloudfront.net https://*.rexx-server.com https://*.amazonaws.com *.mdgms.com https://*.webmasterplan.com *.boerse-frankfurt.de *.volkswagenbank.de https://*.akamaihd.net https://*.intelliad.de http://*.zanox.com http://*.adform.net https://*.netrk.net https://*.neqty.net https://*.googleapis.com https://*.optimizely.com https://*.google-analytics.com https://*.googleadservices.com https://*.ensighten.com https://*.bootstrapcdn.com https://*.doubleclick.net https://*.dab-partnerprogramm.de https://*.vid.ly https://*.googleusercontent.com https://*.facebook.com https://*.facebook.net https://www.youtube-nocookie.com;font-src 'self' *.dab-bank.de https://*.dab-bank.de https://*.googleusercontent.com https://*.gstatic.com https://*.bootstrapcdn.com;object-src 'self' *.dab-bank.de https://*.dab-bank.de http://boerse.dab-bank.de https://*.akamaihd.net https://*.akamai.net;connect-src 'self' *.dab-bank.de https://*.dab-bank.de wss://*.dab-bank.de https://*.googleapis.com https://*.log.optimizely.com https://*.log.optimizely.com https://test1-onboarding.united-signals.com https://onboarding.united-signals.com https://*.united-signals.com;media-src 'self' *.dab-bank.de https://*.dab-bank.de;report-uri /json/open/csp_report; 1
default-src 'self' https://www.all-connect.net; img-src 'self' data: https://s.w.org https://ps.w.org; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; worker-src 'self' https://www.all-connect.net; frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.eu;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.eu;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
font-src *.gstatic.com 'self' data: *.fontawesome.com *.typekit.net goto.benchmarkeducation.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.wistia.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.benchmarkeducation.com/ *.newmarklearning.com/ *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.braintreegateway.com *.paypal.com *.kaptcha.com forms.hscollectedforms.net *.hsforms.com *.cardinalcommerce.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com *.braintreegateway.com *.demdex.net *.nr-data.net *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.paypal.com *.kaptcha.com *.hotjar.com *.addthis.com *.podbean.com forms.hscollectedforms.net *.hsforms.com app.hubspot.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * 'self' data: *.omtrdc.net *.everesttech.net *.gstatic.com *.google.com *.akamaihd.net *.wistia.com *.demdex.net *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.googleapis.com *.linkedin.com *.adsymptotic.com t.co *.nr-data.net goto.benchmarkeducation.com *.braintreegateway.com *.paypal.com *.kaptcha.com *.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ * *.google.com *.gstatic.com *.googleapis.com goto.benchmarkeducation.com goto.newmarklearning.com *.wistia.com *.cloudflare.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.kit.fontawesome.com *.googletagmanager.com *.licdn.com *.twitter.com/ *.ads-twitter.com/ *.newrelic.com *.nr-data.net *.braintreegateway.com *.paypal.com *.kaptcha.com *.hotjar.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com kit-free.fontawesome.com *.fontawesome.com goto.benchmarkeducation.com goto.newmarklearning.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.typekit.net *.nr-data.net *.braintreegateway.com *.paypal.com *.kaptcha.com *.site-marketing-sites.s3.amazonaws.com *.cloudflare.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.wistia.net 'self' blob: *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.braintreegateway.com *.paypal.com *.kaptcha.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com goto.benchmarkeducation.com goto.newmarklearning.com *.braintree-api.com *.braintreegateway.com *.demdex.net *.akamaihd.net *.litix.io *.wistia.io *.wistia.com *.jotfor.ms *.jotfor.com *.jotform.us *.jotform.com *.googleapis.com *.nr-data.net *.paypal.com *.kaptcha.com *.doubleclick.net *.hotjar.com wss://*.hotjar.com/api/v2/client/ws forms.hscollectedforms.net *.hsforms.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src 'self' blob: assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src https://adcdn.goo.ne.jp/ https://adobe.com/ https://b90.yahoo.co.jp/ https://b91.yahoo.co.jp/ https://b92.yahoo.co.jp/ https://doubleclick.net https://githubassets.com/ https://googleads.g.doubleclick.net/ https://googleapis.com/ https://i.yimg.jp/ https://jquery.com/ http://ogp.me/ https://s.yimg.jp/ https://typesquare.com/ https://www.cloudflare.com/ https://www.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.yahoo.co.jp/ https://www.youtube.com/ https://www.kmew.co.jp https://wwwtest.kmew.co.jp 1
Content-Security-Policy script-src 'self' ecn.dev.vrtualearth.net; img-src *; Content-Security-Policy script-src 'self' www.facebook.com;; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.manuelnumerique.com; 1
base-uri 'none'; default-src 'self' data: https: wss:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.scrivito.com https://app.intercom.io https://assets.scrivito.com https://js.intercomcdn.com https://widget.intercom.io https://www.google-analytics.com https://app.usercentrics.eu/; object-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com 1
frame-ancestors 'self' *.lumentouch.com:* *.lumentouchhosts.com:* filesystem: 1
default-src 'none';script-src 'self';connect-src 'self';img-src 'self' img.shields.io img.gs;style-src 'self' 'unsafe-inline';form-action 'self';frame-ancestors 'none';font-src 'self'; 1
base-uri 'none' ; 1
default-src 'self'; object-src 'self' https://pts.premiumsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.premiumsim.de; img-src https: data:; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.premiumsim.de https://chat.premiumsim.de https://umfrage.premiumsim.de https://pts.premiumsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.premiumsim.de https://chat.premiumsim.de https://stats.premiumsim.de https://imagepool.premiumsim.de https://pts.premiumsim.de https://analytics.tiktok.com https://umfrage.premiumsim.de; script-src 'strict-dynamic' 'nonce-8d94d1e2a157115024e3d7c8ea266c08' 'nonce-1a9f909d7cf7c2c898eabed3a040966e' 'nonce-9e9aa5050f7239f5b95422891f29ff45' 'nonce-a832e5bc52576e9b340381e35ec5e0bc' 'nonce-5166a77616c98d1c154cdabddd669eb5' 'nonce-893c5af771eadbf27fbc2e59b5fc83d9' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.premiumsim.de https://umfrage.premiumsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-8d94d1e2a157115024e3d7c8ea266c08' 'nonce-1a9f909d7cf7c2c898eabed3a040966e' 'nonce-9e9aa5050f7239f5b95422891f29ff45' 'nonce-a832e5bc52576e9b340381e35ec5e0bc' 'nonce-5166a77616c98d1c154cdabddd669eb5' 'nonce-893c5af771eadbf27fbc2e59b5fc83d9' 'self' 'unsafe-inline' https: 'report-sample' 1
worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com www.google-analytics.com www.google.com *.cookielaw.org *.facebook.net pghub.io www.gstatic.com *.bazaarvoice.com *.iesnare.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com *.cookielaw.org *.doubleclick.net www.facebook.com *.bazaarvoice.com pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.cookielaw.org res.cloudinary.com *.tapad.com www.google-analytics.com *.doubleclick.net www.facebook.com *.bazaarvoice.com *.pgsitecore.com www.googletagmanager.com www.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io ; default-src 'none' feed.pghub.io pandg.tapad.com ; connect-src 'self' *.cookielaw.org *.google-analytics.com *.algolia.net *.bazaarvoice.com *.doubleclick.net feed.pghub.io pandg.tapad.com region1.analytics.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ; base-uri 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-TzdNYUtqbTdNa1M4R1pLei9RbjJxWUg5Y0NCNjdVYmRpdmFHeDJmbjhNRT06ZHZKYlJsalZRV3ZNSWVlY3FsbVYvTTZ6SEZjb3hoUHN2cnkrdnkra25MRT0=' blob:;style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://*.tile.openstreetmap.org;font-src 'self' data:;connect-src 'self' blob: stun.nextcloud.com:443;media-src 'self' blob:;frame-src 'self';child-src blob: 'self';frame-ancestors 'self';worker-src blob: 'self';form-action 'self' 1
default-src 'self';style-src-elem * 'unsafe-inline';script-src-elem * 'unsafe-inline';script-src * 'unsafe-eval' 'unsafe-inline';style-src * 'unsafe-inline';img-src * 'self' blob: data: https:;font-src * 'self' data: application:;connect-src * 'unsafe-inline';media-src 'self' sc-8.wistia.com;frame-src *.sc.com *.standardchartered.com *.standardchartered.com.tw *.demdex.net *.fls.doubleclick.net 1
default-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src *; frame-src *; img-src data: *; media-src *; object-src *; 1
* 'unsafe-inline' 'unsafe-eval' data: blob:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://*.cookiebot.com https://polyfill.io https://cdn.jsdelivr.net https://*.piwik.pro https://*.cloudflare.com https://*.commerce-connector.com https://*.commerce-connector.de https://googleapis.com https://google.com https://gstatic.com https://unpkg.com https://youtube-nocookie.com https://*.youtube-nocookie.com https://*.googleapis.com https://vjs.zencdn.net https://css-tricks.com https://s.pinimg.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://*.commerce-connector.com https://*.commerce-connector.de https://css-tricks.com https://fonts.net https://gstatic.com https://*.googleapis.com https://*.youtube-nocookie.com https://vjs.zencdn.net https://unpkg.com https://cdnjs.cloudflare.com; font-src 'self' data: https://*.commerce-connector.com https://*.commerce-connector.de https://fonts.net https://fonts.gstatic.com https://gstatic.com; img-src 'self' data: blob: https://ct.pinterest.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://*.commerce-connector.de https://*.commerce-connector.com https://imgsct.cookiebot.com; frame-src 'self' https://ct.pinterest.com https://*.cookiebot.com http://googleapis.com https://youtube-nocookie.com http://*.googleapis.com https://*.youtube-nocookie.com; media-src 'self'; connect-src 'self' https://ct.pinterest.com https://consentcdn.cookiebot.com https://*.piwik.pro https://*.commerce-connector.com https://*.commerce-connector.de https://maps.googleapis.com; manifest-src 'self'; worker-src 'self' blob:; 1
default-src *;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; frame-src * mailto: tel:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.games; img-src 'self' https: data: blob: https://mstdn.games; style-src 'self' https://mstdn.games 'nonce-9bVWhPRYJskI99y6/ewoew=='; media-src 'self' https: data: https://mstdn.games; frame-src 'self' https:; manifest-src 'self' https://mstdn.games; form-action 'self'; child-src 'self' blob: https://mstdn.games; worker-src 'self' blob: https://mstdn.games; connect-src 'self' data: blob: https://mstdn.games https://cdn.masto.host wss://mstdn.games; script-src 'self' https://mstdn.games 'wasm-unsafe-eval' 1
default-src 'self' plugout2.halcom.rs data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src 'self' plugout2.halcom.rs data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' plugout2.halcom.rs data: blob: 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self' plugout2.halcom.rs com.nexusgroup.plugout: 'unsafe-eval' 'unsafe-inline' data: blob: ; style-src 'self' data: blob: 'unsafe-inline'; font-src 'self' data: blob: 'unsafe-inline'; 1
frame-ancestors https://service.ariba.com/ https://s1.sapariba.cn/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-sY0TpWXlT8Yeg4eyoENK4dpMOOqXIW2P2yDBHB45XnWdOrcC' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://manage.powermotiontech.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
child-src 'self' ; connect-src 'self'  'unsafe-inline'  'unsafe-eval' *.facebook.com *.linkedin.com *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.cookiebot.com *.cloudfront.net *.google.cz *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.linkedin.oribi.io ; default-src 'self' ; font-src 'self'  *.gstatic.com *.bootstrapcdn.com *.typekit.net *.cookiebot.com *.cloudfront.net *.gstatic.com *.bootstrapcdn.com data: ; form-action 'self' upcz.us19.list-manage.com ; frame-src 'self' *.youtube.com *.doubleclick.net *.facebook.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net *.cookiebot.com *.cloudfront.net *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline'  'unsafe-eval' 'unsafe-hashes' *.facebook.com *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.cookiebot.com *.cloudfront.net *.google.cz *.seznam.cz *.linkedin.com *.linkedin.oribi.io *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com *.list-manage.com data: ; manifest-src 'self' ; media-src 'self' ; navigate-to 'self' ; object-src 'self' ; prefetch-src 'self' ; script-src 'self'  'unsafe-inline'  'unsafe-eval' *.facebook.com *.googleadservices.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.cookiebot.com *.cloudfront.net *.licdn.com *.seznam.cz *.imedia.cz *.google.cz *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.googleadservices.com *.google-analytics.com *.licdn.com *.imedia.cz *.doubleclick.net *.google.com *.seznam.cz *.googletagmanager.com *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com; script-src-attr 'self'  'unsafe-inline'  'unsafe-eval'  *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com ; style-src 'self'  'unsafe-inline'  'unsafe-eval'  *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline'  'unsafe-eval' *.googleadservices.com *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com ; style-src-attr 'self' 'unsafe-hashes' 'unsafe-inline' *.googleapis.com *.gstatic.com *.typekit.net *.cookiebot.com *.cloudfront.net *.googleapis.com *.gstatic.com *.googleadservices.com; worker-src 'self' blob: ; 1
default-src https: wws: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://static.koin.works 1
frame-ancestors 'self' www.google-analytics.com ajax.googleapis.com vimeo.com js.nagich.co.il 1
default-src 'self'; font-src 'self' data:; media-src 'self' blob: https://guardian-mediaconvert-out.s3.us-gov-west-1.amazonaws.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' www.google.com www.state.gov www.microsoft.com https://guardian-mediaconvert-in.s3.us-gov-west-1.amazonaws.com; frame-src 'self'; img-src 'self' data: *.guardian.network; object-src 'self' blob data:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' ; 1
default-src 'self' https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://nmonpoendpoint.2cnt.net blob: https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.fontawesome.com https://*.gstatic.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.vimeo.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://www.riddle.com https://*.akamaized.net; font-src * data: https://fonts.gstatic.com https://*.fontawesome.com; img-src * data: 'report-sample'; script-src data: 'unsafe-inline' 'unsafe-eval' https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:* https://*.googleusercontent.com https://*.google-analytics.com https://www.googletagmanager.com https://adscience-nocookie.nl https://stats.g.doubleclick.net https://*.google.com https://*.npo.nl https://*.npo-data.nl https://tag.aticdn.net https://nmonpoendpoint.2cnt.net https://kmnl.tns-nipo.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.youtube.com https://*.instagram.com https://*.ster.nl https://*.optoutadvertising.com https://*.ampproject.net https://cdn.ampproject.org https://polyfill.io https://*.fontawesome.com https://*.gstatic.com https://www.riddle.com 'report-sample'; style-src * 'unsafe-inline' 'report-sample'; media-src * blob: https://cms.powned.tv https://www.powned.tv https://cookies.powned.tv https://sentry.fabrique.nl https://apis.dev.avrotros.io https://apis.avrotros.io https://apis.avrotros.nl https://*.run.app/ https://*.powned.tv ws://localhost:* ws://0.0.0.0:* http://localhost:* http://0.0.0.0:*; frame-src *; object-src https://*.spotify.com https://media-service.vara.nl https://media.vara.nl https://player.vimeo.com https://w.soundcloud.com https://*.powned.nl https://radiobox2.omroep.nl https://icij.org https://projects.icij.org https://medicaldevices.icij.org https://medicaldevices-staging.cloud.icij.org https://*.tweedekamer.nl https://players.brightcove.net https://localfocus2.appspot.com https://localfocuswidgets.net https://*.calconic.com https://public.flourish.studio https://flo.uri.sh; base-uri 'self'; form-action 'self' 'report-sample'; manifest-src 'self' https://accounts.google.com; worker-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' use.fonticons.com cdn.us.zip.co *.captcha-delivery.com *.nsureapi.com gtm.giftcards.ca *.gianteagle.com *.fortawesome.com *.trustarc.com *.forter.com *.cdn-apple.com *.signifyd.com *.blackhawknetwork.com *.paypal.com *.jsdelivr.net *.klaviyo.com *.cloudfront.net *.cdn-btsg.com *.datadome.co *.adsrvr.org *.clarity.ms *.fathomvoice.com *.sharpen.cx *.fontawesome.com *.fonticons.com *.nimbledeals.com *.googleoptimize.com *.consensu.org  emjcd.com *.emjcd.com *.zdassets.com *.list-manage.com *.personalcard.net *.mailchimp.com *.salecycle.com *.youtube.com *.vimeo.com *.hotjar.com *.adobedtm.com *.facebook.com kit.fontawesome.com *.outbrain.com tr.snapchat.com *.ubembed.com cti.w55c.net bat.bing.com sc-static.net js.appboycdn.com *.zdassets.com *.list-manage.com *.zendesk.com *.online-metrix.net *.googleadservices.com *.bootstrapcdn.com *.typekit.net *.bootstrapcdn.com *.radiatus.com.au  *.adroll.com *.gomoxie.solutions chimpstatic.com *.twitter.com *.doubleclick.net *.cloudfront.net *.jquery.com *.newrelic.com dx.steelhousemedia.com *.linksynergy.com *.pingdom.net *.sfw-cdn.com *.mathtag.com *.rakuten.com *.nr-data.net *.riskified.com *.trustarc.com *.arkoselabs.com *.trustev.com *.truste.com *.googleapis.com *.google.com  *.googletagmanager.com www.googletagservices.com *.googlesyndication.com *.google-analytics.com *.iesnare.com *.facebook.net *.siftscience.com *.cloudflare.com *.openstreetmap.org *.gstatic.com *.listrakbi.com *.linksynergy.com cdn.pdst.fm  *.nimblecommerce.com *.nimbledeals.com *.nmb.ly *.nimblebuy.com *.ehosts.net script.crazyegg.com; font-src  data: *;connect-src *; img-src data: *; worker-src blob: *; 1
frame-ancestors 'self' https://analytics.forum-media.com https://desk.forum-verlag.com https://www.desk.forum-verlag.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-P+8u5kBE3hgaZ4S5EGTmCCN25TZS2izD9r5/GVUTep09WZnu' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; style-src * 'self' 'unsafe-inline' data: https: 1
default-src 'self'; connect-src *.google-analytics.com *.akd.hr; font-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' www.akd.hr; style-src 'self' www.akd.hr 'unsafe-inline'; img-src * 'self' 'unsafe-inline' www.akd.hr data:; frame-src 'self' www.akd.hr *.google.com; object-src 'none' 1
frame-ancestors 'self' https://*.sv.loc; 1
default-src  'self' 'unsafe-inline'; font-src fonts.gstatic.com fonts.googleapis.com static.hotjar.com 'self'; child-src  'self'; connect-src https://zorgverzekeraarzz--acc.sandbox.my.salesforce-sites.com/ https://zorgverzekeraarzz--acc.sandbox.lightning.force.com/ wss://*.hotjar.com/ https://*.doubleclick.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://service.zorgenzekerheid.nl https://*.hotjar.com/ https://vc.hotjar.io/ 'self'; frame-src https://www.thuisarts.nl/ https://www.pingvp.com/ https://www.kraamzorg.nl/ https://zorg-en-zekerheid.nodum.io/ https://www.kraamzorgdewaarden.nl/ vars.hotjar.com https://optimize.google.com www.googletagmanager.com *.doubleclick.net 'self'; frame-ancestors  'self'; img-src https://www.independer.nl/ https://apps.zorgenzekerheid.nl/ stats.g.doubleclick.net https://*.googletagmanager.com maps.gstatic.com maps.googleapis.com tagmanager.google.com optimize.google.com www.google-analytics.com https://www.pingvp.com/ *.hotjar.com https://www.google.com/ https://www.google.nl/ https://bat.bing.com/ 'self' data:; media-src https://zorgenzekerheid.pingvp.com/ 'self'; object-src  'self'; script-src https://zorgverzekeraarzz--acc.sandbox.my.salesforce-sites.com/ https://*.googletagmanager.com optimize.google.com fonts.googleapis.com www.google-analytics.com maps.googleapis.com *.hotjar.com stats.g.doubleclick.net bat.bing.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://zorgverzekeraarzz--acc.sandbox.my.salesforce-sites.com/ https://www.pingvp.com/ https://www.googletagmanager.com/ https://tagmanager.google.com https://optimize.google.com https://fonts.googleapis.com 'self' 'unsafe-inline';  worker-src  'self' blob: 1
frame-ancestors 'self' http://www.philips.com.hk *.philips.com *.philips.com.hk https://philipsigtdpv.com 1
frame-ancestors 'self' https://*.pccmarkets.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://api.kitbuilder.co.uk https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://storyboard.storystream.ai https://content.storystream.ai; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://checkout.ellesse.com https://www.ellesse.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://*.googlesyndication.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://*.twitter.com https://apps.storystream.ai; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; report-to report-endpoint 1
frame-ancestors eu-market.ru www.eu-market.ru webvisor.com metrika.yandex.ru metrica.yandex.com metrica.yandex.com.tr 1
font-src * data: blob: 'unsafe-inline' js.stripe.com fonts.gstatic.com;script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 1
upgrade-insecure-requests; base-uri 'self'; default-src 'self'; connect-src 'self' https://*.hubspot.com https://*.appsflyer.com https://*.doubleclick.net https://*.clarity.ms https://*.google-analytics.com https://*.lambda-url.ap-northeast-1.on.aws https://*.analytics.google.com https://*.googletagmanager.com https://analytics.google.com https://assets.ctfassets.net; font-src 'self' https://*.appsflyer.com https://*.gstatic.com; frame-src 'self' https://*.doubleclick.net https://*.hubspot.com https://*.youtube.com; img-src 'self' data: https://*.twitter.com https://aw.dw.impact-ad.jp https://*.clarity.ms https://*.ctfassets.net https://*.onelink.me https://t.co https://tr.lfeeder.com https://*.hubspot.com https://*.google-analytics.com https://*.google.co.jp https://*.google.com https://*.doubleclick.net https://*.bing.com https://*.yahoo.co.jp https://*.a8.net https://*.gstatic.com https://googletagmanager.com; media-src 'self' https://*.paidy-staging.com; script-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googletagmanager.com https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.google.co.jp https://*.appsflyer.com https://*.ads-twitter.com https://*.yimg.jp https://*.yahoo.co.jp https://sc.lfeeder.com https://yubinbango.github.io https://*.a8.net https://*.clarity.ms https://*.ebis.ne.jp https://*.impact-ad.jp https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.usemessages.com https://ssl.google-analytics.com https://tagmanager.google.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com; frame-ancestors 'none'; 1
frame-ancestors 'self' https://*.sherweb.com https://*.cumulus.sherweb.com https://billing.rak4cloud.com https://cloud.itpartners.com https://cloudmanagerportal.com https://control.careservtech.com https://control.gocareserv.help https://control.intellam.com https://control.spekcloud.com https://cumulus.ats.avnet.com https://cumulus.checksum.biz https://cumulus.fusenetworks.com https://cumulus.ismgrid.com https://my.cloudportal365.com https://portal.cloudkama.com https://portal.gettechworkz.com https://portal.massiveit.com https://portal.xaas1.com https://productivity.cloudwyze.com https://store.wintellisys.com https://techdata.sherweb.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://101010.pl; img-src 'self' data: blob: https://101010.pl https://storage.waw.cloud.ovh.net; style-src 'self' https://101010.pl 'nonce-5SpJ1RROtxeISlp7dqCATg=='; media-src 'self' data: https://101010.pl https://storage.waw.cloud.ovh.net; frame-src 'self' https:; manifest-src 'self' https://101010.pl; form-action 'self'; child-src 'self' blob: https://101010.pl; worker-src 'self' blob: https://101010.pl; connect-src 'self' data: blob: https://101010.pl https://storage.waw.cloud.ovh.net wss://101010.pl; script-src 'self' https://101010.pl 'wasm-unsafe-eval' 1
frame-ancestors www.red-gate.com; 1
script-src 'self' 'unsafe-inline' http://js.hs-scripts.com http://js.hsforms.net https://cdn.cookielaw.org https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://snap.licdn.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com  https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.hearst.es/report-uri/enforce 1
frame-ancestors 'self' http://www.philips.at *.philips.com *.philips.at https://philipsigtdpv.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.calendly.com https://*.airbrake.io https://*.usabilla.com https://www.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.de https://www.google.com https://google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.licdn.com https://*.linkedin.com; object-src 'self' https://maps.googleapis.com;  img-src 'self' data: http://en.netplans.internal http://netplans.ch https://maps.googleapis.com https://maps.gstatic.com https://www.google.de https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.linkedin.com;  media-src 'self' http://en.netplans.internal http://netplans.ch;  style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com;  child-src 'self' https:;  font-src 'self' data: https://fonts.gstatic.com;  connect-src 'self' https://*.calendly.com https://*.airbrake.io https://*.usabilla.com https://www.googleapis.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://region1.analytics.google.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google.de https://www.google.com https://google.com https://googleads.g.doubleclick.net https://*.linkedin.com; 1
default-src 'self'; script-src 'self' blob: https://downloads-global.3cx.com https://127.0.0.1:32018 'sha256-RCMl7PJ3K2nMoGZppLZeArO5M70Pbu1k+t6RIHZO7gE=' 'sha256-v6MhWrgXnOZrJTw+mK9MqEYevK8vvSmRZFjINsy76Mw=' 'sha256-Tui7QoFlnLXkJCSl1/JvEZdIXTmBttnWNxzJpXomQjg='; worker-src 'self' blob:; connect-src 'self' https://wmr-cdn.3cx.net https://downloads-global.3cx.com https://www.gravatar.com https://127.0.0.1:32018 https://platform-lookaside.fbsbx.com ws: wss:; img-src * data: blob:; frame-src 'self' docs.3cx.cloud tcx+app:; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; media-src 'self' data:; object-src 'none'; form-action 'self'; base-uri 'self' 1
frame-ancestors 'self'; style-src 'self' ; form-action 'self' ; script-src 'self'; img-src 'self'; 1
default-src https:; script-src 'unsafe-eval' 'unsafe-inline' https://fmfw.io https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://*.doubleclick.net https://platform.twitter.com https://*.geetest.com  https://static.cloudflareinsights.com https://script.crazyegg.com https://static.sumsub.com https://posthog.fmfw.io; img-src 'self' https: data: blob: https://fmfw.io; font-src https: data:; frame-src https: blob: https://fmfw.io; media-src https:; object-src https:; child-src 'none'; style-src 'unsafe-inline' https: https://fmfw.io; connect-src data: https://*:* wss://*:*; frame-ancestors 'self'; worker-src 'self' blob: ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: snap.licdn.com *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspot.com js.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com *.peli.com *.pelican.com *.stackadapt.com *.emarsys.net *.adroll.com cdnjs.cloudflare.com ajax.googleapis.com *.klaviyo.com js.adsrvr.org tags.crwdcntrl.net *.dynamicyield.com *.hotjar.com www.googletagmanager.com connect.facebook.net snap.licdn.com www.googleadservices.com static.ads-twitter.com analytics.twitter.com bat.bing.com *.avmws.com use.fontawesome.com googleads.g.doubleclick.net *.yotpo.com *.en25.com www.google-analytics.com *.clarity.ms assets.pinterest.com www.google.com cdnapisec.kaltura.com www.gstatic.com cdn.rawgit.com *.datadome.co code.jquery.com *.svn0czn.com cdn.dynamicyield.com *.scarabresearch.com *.simpli.fi *.klarnaservices.com app.intercom.io widget.intercom.io js.intercomcdn.com; script-src-elem 'unsafe-inline' *; media-src data: media.peli.com media.pelican.com cdnapisec.kaltura.com js.intercomcdn.com; connect-src javascript: data: cdn-api-weglot.com cdn.weglot.com px.ads.linkedin.com analytics.tiktok.com *.hscollectedforms.net *.hsforms.com *.oribi.io *.google-analytics.com *.analytics.google.com analytics.google.com *.hubspot.com *.hubapi.com store.peli.com *.peli.com peli.com *.pelican.com *.stackadapt.com *.emarsys.net *.yotpo.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.dynamicyield.com www.google-analytics.com fast.a.klaviyo.com *.klaviyo.com bat.bing.com *.clarity.ms www.facebook.com vc.hotjar.io adservice.google.com www.google.com *.datadome.co analytics.kaltura.com manage.kmail-lists.com www.instagram.com *.scarabresearch.com *.klarnaservices.com api.intercom.io api.au.intercom.io api.eu.intercom.io api-iam.intercom.io api-iam.eu.intercom.io api-iam.au.intercom.io api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io uploads.intercomcdn.com uploads.intercomcdn.eu uploads.au.intercomcdn.com uploads.intercomusercontent.com; img-src * data: *.hsforms.net *.hsforms.com *.google-analytics.com *.analytics.google.com *.hubspot.com *.hsforms.com js.intercomcdn.com static.intercomassets.com downloads.intercomcdn.com downloads.intercomcdn.eu downloads.au.intercomcdn.com uploads.intercomusercontent.com gifs.intercomcdn.com video-messages.intercomcdn.com messenger-apps.intercom.io messenger-apps.eu.intercom.io messenger-apps.au.intercom.io *.intercom-attachments-1.com *.intercom-attachments.eu *.au.intercom-attachments.com *.intercom-attachments-2.com *.intercom-attachments-3.com *.intercom-attachments-4.com *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-7.com *.intercom-attachments-8.com *.intercom-attachments-9.com static.intercomassets.eu static.au.intercomassets.com; frame-src 'self' td.doubleclick.net *.hsforms.net *.hsforms.com *.hs-sites.com *.hubspot.com *.pelican.com www.facebook.com vars.hotjar.com bid.g.doubleclick.net www.youtube.com www.google.com www.googletagmanager.com insight.adsrvr.org; font-src data: peli.com *.peli.com *.pelican.com staticw2.yotpo.com use.fontawesome.com fonts.gstatic.com cdn.honey.io www.slant.co at.alicdn.com fonts.googleapis.com *.klarnacdn.net js.intercomcdn.com fonts.intercomcdn.com; style-src 'self' 'unsafe-inline' *.pelican.com staticw2.yotpo.com use.fontawesome.com cdnjs.cloudflare.com *.klaviyo.com fonts.googleapis.com cdn.honey.io translate.googleapis.com cdn.rawgit.com *.trendmicro.com *.klarnacdn.net; style-src-elem 'unsafe-inline' *; child-src *.hsforms.com www.google.com www.youtube.com bid.g.doubleclick.net insight.adsrvr.org vars.hotjar.com match.adsrvr.org intercom-sheets.com www.intercom-reporting.com player.vimeo.com fast.wistia.net; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.hsforms.com *.hubspot.com *.pelican.com www.facebook.com webto.salesforce.com *.eloqua.com; report-uri /csp-reports.php 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-KeCrrLQeCVDcx+0EawQdVURHjMytB8d9M7gGxhA75/elR3Qb' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://pbr.com/ 1
frame-ancestors 'self' *.betssongroupaffiliates.com 1
frame-ancestors 'self' https://badanie.serwersms.pl/; 1
frame-ancestors 'self' https://*.toyota.be https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
connect-src 'self' wss:             *.maxict.nl            *.maxshop.test            *.doubleclick.net            *.google-analytics.com            *.google.com            *.hotjar.com            *.hotjar.io            *.pro6pp.nl            *.tawk.to            *.dwin1.com            unpkg.com            *.clarity.ms            *.oribi.io            *.visualwebsiteoptimizer.com app.vwo.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.channext.com            *.zenaps.com;        default-src 'self' blob:;        font-src 'self' data:            *.maxict.nl            *.maxshop.test             *.gstatic.com            *.tawk.to            *.dwin1.com            unpkg.com            *.zenaps.com            *.clarity.ms            *.visualwebsiteoptimizer.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.hotjar.com;        frame-src 'self' 'unsafe-inline' about:             *.maxict.nl            *.maxshop.test            *.criteo.com            *.google.com            *.dpd.de            *.eetgroup.com            *.facebook.com            *.hotjar.com            *.hotjar.io            *.kingston.com            *.newstar.eu            *.newstar.nl            *.neomounts.com            *.neomounts.nl            *.startech.com            *.tawk.to            *.twindis.com            *.youtube.com            *.psaparts.co.uk            *.gls-info.nl            *.gls-netherlands.com            *.dwin1.com            unpkg.com            *.zenaps.com            *.icecat.biz            *.clarity.ms            app.vwo.com *.visualwebsiteoptimizer.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            inishop.com            *.channext.com            *.inishop.com;        img-src 'self' data: https:             *.maxict.nl            *.maxshop.test            *.clarity.ms            *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.google.com;        worker-src 'self' blob:;        manifest-src 'self' *.maxict.nl;        object-src 'self' *.maxict.nl;        script-src 'self' 'unsafe-inline' 'unsafe-eval' about:             *.maxict.nl            *.maxshop.test            *.bing.com            *.bizographics.com            *.cloudfront.net            *.criteo.com            *.criteo.net            *.doubleclick.net            *.facebook.net            *.flix360.com            *.flixcar.com            *.flixfacts.com            *.google-analytics.com            *.googleadservices.com            *.googletagmanager.com            *.google.com            *.hotjar.com            *.hotjar.io            *.iceleads.com            *.jsdelivr.net            *.licdn.com            *.linkedin.com            *.list-manage.com            *.mailchimp.com            *.tawk.to            *.vane3alga.com            *.dwin1.com            unpkg.com            *.clarity.ms            *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.channext.com            *.zenaps.com;        style-src 'self' 'unsafe-inline'             *.maxict.nl            *.maxshop.test            *.cloudfront.net            *.googleapis.com            *.google.com            *.jsdelivr.net            *.mailchimp.com            *.dwin1.com            unpkg.com            *.tawk.to            *.clarity.ms            *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com            *.googlesyndication.com            *.profitmetrics.io            *.doubleclick.net            *.channext.com            *.zenaps.com;        upgrade-insecure-requests; 1
font-src 'self' static.zohocdn.com webfonts.zohowebstatic.com css.zohocdn.com; img-src 'self' maps.gstatic.com maps.googleapis.com data:; script-src-elem 'self' 'unsafe-inline' connect.facebook.net desk.zoho.eu js.zohocdn.com js.zohostatic.eu salesiq.zoho.eu d17nz991552y2g.cloudfront.net maps.googleapis.com platform.twitter.com static.zohocdn.com www.google-analytics.com www.googletagmanager.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' css.zohocdn.com css.zohostatic.eu files.zohopublic.eu static.zohocdn.com d3el7j01zd7apf.cloudfront.net 1
default-src 'self' *.infogram.com *.google-analytics.com *.gstatic.com *.googleapis.com *.google.com api.openweathermap.org worldtimeapi.org migs.mastercard.com.au data:; img-src 'self' chart.googleapis.com data:; 1
default-src 'self' *.zdn.vn *.zing.vn *.adtima.vn; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adtima.vn *.zalo.me *.google.com *.gstatic.com *.zdn.vn *.zing.vn www.googletagmanager.com *.facebook.net www.google-analytics.com *.jsdelivr.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.adtima.vn *.googleapis.com *.gstatic.com *.zdn.vn *.zing.vn; connect-src 'self' *.adtima.vn *.adtimabox.vn *.zdn.vn *.zing.vn www.google-analytics.com *.google.com *.doubleclick.net www.google.com.vn *.zalo.me; img-src 'self' *.adtima.vn *.zdn.vn data: *.zingcdn.me *.zing.vn *.zadn.vn *.google.com *.placeholder.com www.facebook.com www.google-analytics.com www.google.com.vn www.googletagmanager.com *.adtima.vn opencollective.com; font-src 'self' *.adtima.vn *.zdn.vn 'unsafe-inline' *.googleapis.com *.gstatic.com data: *.zing.vn; frame-src 'self' *.adtima.vn *.zdn.vn *.google.com *.zing.vn www.facebook.com www.youtube.com *.zalo.me; frame-ancestors 'self' *.adtima.vn *.zdn.vn *.zing.vn; object-src 'self' *.adtima.vn *.zdn.vn *.zing.vn; media-src 'self' *.adtima.vn *.zdn.vn *.zing.vn www.youtube.com www.facebook.com www.google-analytics.com *.adtima.vn; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.beauty24.de https://*.gstatic.com https://*.googleapis.com https://*.googleadservices.com https://*.google.com https://*.google.de https://*.google-analytics.com https://*.doubleclick.net https://*.googlesyndication.com https://www.googletagmanager.com https://*.bing.com https://*.clarity.ms https://*.vr-pay-ecommerce.de https://vr-pay-ecommerce.de https://oppwa.com https://cdn.ampproject.org https://*.trustedshops.com https://*.payments-amazon.com https://*.amazon.com https://*.amazon.de https://*.wirecard.com https://*.criteo.net https://*.criteo.com https://connect.facebook.net https://*.webmasterplan.com https://*.rqtrk.eu https://connect.facebook.net https://www.dwin1.com https://www.awin1.com https://ad4m.at https://the.sciencebehindecommerce.com https://t.adcell.com; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; font-src 'self' https: data: https://*.beauty24.de  1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.clarity.ms https://www.google.com/recaptcha/ https://www.gstatic.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://www.google-analytics.com https://c.clarity.ms/ https://c.bing.com/ https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com data:;font-src 'self' https://appsforoffice.microsoft.com https://fonts.googleapis.com https://fonts.gstatic.com;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://r.clarity.ms/ https://maps.googleapis.com;frame-src 'self' https://www.google.com/recaptcha/;object-src 'none';media-src 'self';child-src 'self';form-action 'self'; 1
default-src 'self' www.gravatar.com checkerdist.com *.checkerdist.com *.zdassets.com  ;script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.zendesk.com *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.zopim.com static.zdassets.com connect.facebook.net assets.pinterest.com checkerdist.com *.checkerdist.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com checkerdist.com *.checkerdist.com; font-src 'self'   checkerdist.com *.checkerdist.com *.gstatic.com *.zopim.com; style-src 'self' 'unsafe-inline' checkerdist.com *.checkerdist.com; img-src 'self' data: checkerdist.com www.gravatar.com *.zendesk.com *.zdassets.com *.checkerdist.com www.google-analytics.com *.googletagmanager.com *.pinterest.com; script-src 'self' checkerdist.com *.checkerdist.com 'unsafe-eval' 'unsafe-inline'; connect-src checkerdist.com  *.checkerdist.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net ekr.zdassets.com wss://*.zopim.com wss://*.zendesk.com *.zendesk.com; frame-src 'self' checkerdist.com *.google.com *.checkerdist.com www.facebook.com *.vimeo.com 1
default-src https: 'self'; style-src https: 'nonce-st1'; img-src https: data:; 1
frame-ancestors 'self' https://printio.ru/ http://webvisor.com ; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://forum.weightgaming.com/logs/ https://forum.weightgaming.com/sidekiq/ https://forum.weightgaming.com/mini-profiler-resources/ https://d1au4vljv71t01.cloudfront.net/forum/assets/ https://forum.weightgaming.com/extra-locales/ https://forum.weightgaming.com/highlight-js/ https://forum.weightgaming.com/javascripts/ https://forum.weightgaming.com/plugins/ https://forum.weightgaming.com/theme-javascripts/ https://forum.weightgaming.com/svg-sprite/ 'report-sample' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' 'sha256-QFlnYO2Ll+rgFRKkUmtyRublBc7KFNsbzF7BzoCqjgA=' https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js https: 'unsafe-inline'; worker-src 'self' https://d1au4vljv71t01.cloudfront.net/forum/assets/ https://forum.weightgaming.com/javascripts/ https://forum.weightgaming.com/plugins/; report-uri https://forum.weightgaming.com/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://union.place; img-src 'self' https: data: blob: https://union.place; style-src 'self' https://union.place 'nonce-OtcsjaXf21tF1jr8UDWiFg=='; media-src 'self' https: data: https://union.place; frame-src 'self' https:; manifest-src 'self' https://union.place; form-action 'self'; child-src 'self' blob: https://union.place; worker-src 'self' blob: https://union.place; connect-src 'self' data: blob: https://union.place https://media.union.place wss://union.place; script-src 'self' https://union.place 'wasm-unsafe-eval' 1
frame-ancestors *.prod.acquia-sites.com *.japanhousesp.com.br *.japanhouse.dpdm.jp; report-uri /report-csp-violation 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ *.cloudflare.com *.jsdelivr.net *.osano.com;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
default-src 'self' localhost:* *.ndbh.com http://media.ndbh.net;                        script-src 'self' localhost:* *.ndbh.com 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com/urchin.js https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js  https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://cdn.pardot.com https://pi.pardot.com https://unpkg.com/aos@2.3.0/dist/aos.js https://code.jquery.com/ https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://stackpath.bootstrapcdn.com/bootstrap/ http://cdnjs.cloudflare.com/ajax/libs/jquery/ pi.pardot.com;                           style-src 'self' localhost:* *.ndbh.com 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css https://use.fontawesome.com https://fonts.googleapis.com https://unpkg.com/aos@2.3.0/ https://stackpath.bootstrapcdn.com/bootstrap/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cdnjs.cloudflare.com/ajax/libs/normalize/ https://cdnjs.cloudflare.com/ajax/libs/malihu-custom-scrollbar-plugin/ https://cdnjs.cloudflare.com/ajax/libs/meyer-reset/;                          img-src 'self' localhost:* *.ndbh.com data: http://www.google-analytics.com/collect  https://www.google-analytics.com/collect http://www.google-analytics.com/r/collect  https://www.google-analytics.com/r/collect http://stampoutstigma.com/external/ https://stampoutstigma.com/external/ http://www.adobe.com/images/ https://www.adobe.com/images/ https://cdn.psychologytoday.com/ https://cdn1.sussexdirectories.com/;              connect-src 'self' localhost:* *.ndbh.com https://www.google-analytics.com ws:*;              object-src 'self' localhost:* *.ndbh.com;              media-src 'self' localhost:* *.ndbh.com http://media.ndbh.net https://vimeo.com ;              font-src 'self' localhost:* *.ndbh.com data: https://use.fontawesome.com http://fonts.googleapis.com http://fonts.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/;              child-src 'self' localhost:* *.ndbh.com https://www.google.com/ https://maps.google.com  https://maps.gstatic.com  https://maps.googleapis.com https://player.vimeo.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' snap.licdn.com *.youtube.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://www.thompsoncoburn.com *.ads.linkedin.com https://p.adsymptotic.com; media-src 'self' data: blob:; frame-src 'self' https://www.npr.org https://www.youtube.com https://w.soundcloud.com https://player.vimeo.com https://www.google.com https://platform.twitter.com/ https://platform.twitter.com/widgets.js https://syndication.twitter.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.google.com https://platform.twitter.com/ https://syndication.twitter.com/; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.googletagmanager.com; 1
font-src *; require-sri-for script style; upgrade-insecure-requests 1
default-src https: 'unsafe-inline'; img-src https: data: https://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com; script-src https: 'unsafe-inline' https://*.hotjar.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; connect-src https: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src https: data: https://*.hotjar.com https://fonts.gstatic.com; style-src https: 'unsafe-inline' https://*.hotjar.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com; frame-src https: https://bid.g.doubleclick.net; object-src 'none'; frame-ancestors 'self';upgrade-insecure-requests; 1
default-src 'self'; frame-ancestors 'self' lpexchange.org ceclution.org *.lpexchange.org *.ceclution.org lpmarketplacedev.b2clogin.com uatb2ccatalystcorp.b2clogin.com b2ccatalystcorp.b2clogin.com *.salesforce-experience.com catalystcorp--dev.sandbox.my.site.com; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.cdnfonts.com fonts.googleapis.com cdn.bootstrapcdn.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' gap://ready file://* 'self'; frame-ancestors http://localhost:* https://localhost:* gap://ready file://* https://*.alarm.com 'self'; object-src 'none'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.appdynamics.com http://cdn.appdynamics.com https://col.eum-appdynamics.com http://col.eum-appdynamics.com *.domo.com *.walkme.com https://eulogon.oktapreview.com https://logon.okta.com https://ok1static.oktacdn.com https://op1static.oktacdn.com https://eulogon.okta-emea.com data:; img-src 'self' *.walkme.com data:; form-action 'self' https://export.highcharts.com/ https://surveys.eur.keysuite.com/ https://hub.bcg.com/PMITool/ https://cdn.appdynamics.com http://cdn.appdynamics.com https://col.eum-appdynamics.com http://col.eum-appdynamics.com *.domo.com *.walkme.com https://eulogon.oktapreview.com https://logon.okta.com https://ok1static.oktacdn.com https://op1static.oktacdn.com https://eulogon.okta-emea.com; frame-src 'self' *.domo.com *.walkme.com *.okta.com *.gamma-platform.com *.keysuite.com *.bcg.com *.bcgorgbuilder.com *.domo.com *.horizonportal.com *.keysuite.com *.vovici.net; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mailto: ms-word: ms-excel: ms-powerpoint: 1
default-src https://brandl-services.com/org.dreamox.cmsmox.divlayout/org/dreamox/cmsmox/divlayout/view/jsp/images/socialshare/svg/sprite.svg ;base-uri 'none';object-src 'none';form-action 'self' ;frame-ancestors 'none';connect-src 'self' 'self' data: api.brandl-services.com matomo.brandl-services.com;img-src 'self' brandl-services.com   'self' data: https:  matomo.brandl-services.com;media-src 'self' ;script-src 'self' 'strict-dynamic' 'nonce-aa041ml3fbvfektpl1p91es69or';style-src 'self' 'unsafe-inline' ;font-src 'self' ;manifest-src 'self';upgrade-insecure-requests;report-uri https://csp-report.auctores.de/resources/index;frame-src  matomo.brandl-services.com plugin.brandl-services.com; 1
frame-ancestors 'self' *.google.com *.amp.colgate.de amp.colgate.de *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
default-src data: 'self' fast.fonts.net www.google.com fonts.gstatic.com player.vimeo.com www.youtube-nocookie.com vod-progressive.akamaized.net www.google-analytics.com maps.googleapis.com fonts.googleapis.com www.youtube.com www.googletagmanager.com m9.mailplus.nl; img-src blob: 'self' data: maps.gstatic.com *.googleapis.com www.google-analytics.com *.ggpht; script-src blob: 'self' *.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline'; style-src 'self' fast.fonts.net *.googleapis.com 'unsafe-inline'; frame-src blob: 'self' data: m9.mailplus.nl www.niwo.nl www.google.com 1
Default-src 'self' wss: ws: data: https://localhost:*/ https://www.google.com/ https://www.gstatic.com/ https://www.michigan.gov/ https://digitalguidelines.michigan.gov/ https://*.googleapis.com/ https://*.gstatic.com/ 'unsafe-inline' 'unsafe-eval';Connect-src 'self' http://localhost:*/ https://localhost:*/ wss://localhost:*/ ws://localhost:*/ https://*.googleapis.com/ ;Frame-src 'self' https://www.google.com/ ; Object-src 'none';Frame-ancestors 'none';Base-uri 'self';Form-action 'self'; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js http://flippingbook.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://apps.usw2.pure.cloud https://collector.fraudmap.net https://polyfill.io https://web.baconpay.com/embed.js https://translate.google.com https://www.googletagmanager.com https://gateway.zscalertwo.net https://api.glia.com *.glia.com https://client-logger.salemove.com client-logger.salemove.com salemove.com pubsub.salemove.com *.salemove.com https://cobrowse.usw2.pure.cloud https://dhqbrvplips7x.cloudfront.net https://app.viralsweep.com/ *.freshdesk.com *.adobe.com https://js.poshdevelopment.com cdnjs.cloudflare.com 'self' cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com http://flippingbook.com https://use.typekit.net https://p.typekit.net https://gateway.zscalertwo.net https://api.glia.com *.glia.com *.freshdesk.com https://client-logger.salemove.com client-logger.salemove.com pubsub.salemove.com *.salemove.com *.adobe.com https://dhqbrvplips7x.cloudfront.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: http://flippingbook.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com https://ornlfcu.bssdev.com https://www.google.com https://translate.googleapis.com https://gateway.zscalertwo.net https://ornlfcu.com https://www.ornlfcu.com https://api.glia.com client-logger.salemove.com *.salemove.com pubsub.salemove.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.typekit.net client-logger.salemove.com *.salemove.com pubsub.salemove.com https://dhqbrvplips7x.cloudfront.net; frame-src https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ http://flippingbook.com https://www.google.com/ https://www.youtube.com/iframe_api https://ornlfcustaging.orb.alkamitech.com https://www.ornlfcu.com https://ornlfcu.com https://api.glia.com https://cobrowse.usw2.pure.cloud https://apps.usw2.pure.cloud https://dhqbrvplips7x.cloudfront.net https://app.viralsweep.com/ *.freshdesk.com pubsub.salemove.com *.salemove.com *.adobe.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com http://flippingbook.com *.mktoresp.com https://api.usw2.pure.cloud wss://carrier-pigeon.usw2.pure.cloud wss://streaming.usw2.pure.cloud https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/ https://maps.googleapis.com https://api.glia.com client-logger.salemove.com https://pubsub.salemove.com *.salemove.com https://cobrowse.usw2.pure.cloud https://apps.usw2.pure.cloud https://dhqbrvplips7x.cloudfront.net https://app.viralsweep.com/ *.freshdesk.com *.adobe.com https://js.poshdevelopment.com wss://pubsub.salemove.com wss://cobrowse.usw2.pure.cloud 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://app.viralsweep.com/ pubsub.salemove.com *.salemove.com; child-src http://flippingbook.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://web.baconpay.com/ https://www.google.com/ https://www.ornlfcu.com https://ornlfcu.com https://api.glia.com client-logger.salemove.com pubsub.salemove.com *.salemove.com https://cobrowse.usw2.pure.cloud https://apps.usw2.pure.cloud https://dhqbrvplips7x.cloudfront.net https://app.viralsweep.com/ *.freshdesk.com *.adobe.com 'self' web-chat.nativechat.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-IYFjJHfgwTYwKy2DTo8AsEoghjFdrmufCYHZWBumwCHlZyLS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' * ; img-src * 'self' data: https: blob: ; script-src https://cdn.pricespider.com/ http://embeddedcloud.pricespider.com http://embeddedcloud.pricespider.com/ http://omni.pricespider.com/ https://wtbng.pricespider.com/ https://wtbstream.pricespider.com/ * data: blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
frame-ancestors 'self' www.mi6confidential.com mi6hq.substack.com newsletter.mi6-hq.com www.mi6confidential.com assets.mi6-hq.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.iyzipay.com *.useinsider.com *.api.useinsider.com https://sarar.whatisreal.co  https://sarar.whatisreal.co/embed.min.js https://assets.cookieseal.com/cookie-seal.js ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.iyzipay.com *.useinsider.com *.api.useinsider.com https://sarar.whatisreal.co  https://sarar.whatisreal.co/embed.min.js https://assets.cookieseal.com/cookie-seal.js ; frame-ancestors *; 1
default-src https:; script-src-elem 'self' https://ramboll.containers.piwik.pro 'unsafe-inline' *.googletagmanager.com https://js.hubspot.com/web-interactives-embed.js *.hubspot.com https://consent.cookiebot.com/uc.js https://consentcdn.cookiebot.com/consentconfig/ https://consent.cookiebot.com/ https://app.kontent.ai/js-api/custom-element/v1/custom-element.min.js https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: http://js.hsforms.net/forms/v2.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js http://js.hsforms.net/forms/v2.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net https://script.hotjar.com/ https://js.hs-analytics.net/analytics/ https://js.hs-banner.com https://js.hsleadflows.net https://js.hs-banner.com/integrations.js https://js.hs-analytics.net/analytics/1678953600000/7520151.js https://js.hsleadflows.net/leadflows.js https://script.hotjar.com/modules.b58f4dbb50ff88fc1f15.js https://www.googleadservices.com/pagead/conversion/455101059/; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'nonce-136e9c2a-0ed7-455e-9bf0-0fcdf43eed3f' https://*.googletagmanager.com https://ramboll.piwik.pro/ppms.js *.hubspot.com https://js.hubspot.com https://consent.cookiebot.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net blob: 'unsafe-eval' https://www.googletagmanager.com/gtm.js ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://ramboll.containers.piwik.pro; connect-src 'self' https://northeurope-2.in.applicationinsights.azure.com/v2/track https://*.googletagmanager.com https://ramboll.containers.piwik.pro https://ramboll.piwik.pro https://cdn.linkedin.oribi.io https://consentcdn.cookiebot.com https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://brandcentral.ramboll.com/ https://api.hubapi.com/forms/v2/forms https://*.googleapis.com *.google.com https://*.gstatic.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net data: blob: https://forms.hsforms.com/embed/v3/form/ https://forms.hsforms.com/emailcheck/v1/ https://google.com https://www.microsoft.com/ *.hubspot.com https://js.hubspot.com https://newrelic.com https://*.ramboll.com/ https://www.hotjar.com/ https://soundcloud.com/ https://www.smartrecruiters.com/ https://video.ramboll.com/ https://internalvideo.ramboll.com/ https://www.facebook.com https://www.linkedin.com/ https://*.linkedin.com/ https://forms.hubspot.com/lead-flows-config/v1/config/json https://vc.hotjar.io/sessions/1206552 https://pagead2.googlesyndication.com/pagead/landing https://in.hotjar.com/api/v2/client/sites/1206552/visit-data https://customformsapi.rambolltest.com/documentartifact/Content; frame-src 'self' https://www.linkedin.com/ https://*.linkedin.com/ https://consentcdn.cookiebot.com https://brandcentral.ramboll.com/ *.google.com https://forms.hsforms.com/ https://*.ramboll.com/ https://w.soundcloud.com/ https://open.spotify.com/ https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net https://www.facebook.com/ https://*.hs-sites.com/; img-src 'self' https://*.googletagmanager.com https://ramboll.containers.piwik.pro https://ramboll.piwik.pro https: data: https://preview-assets-eu-01.kc-usercontent.com/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-assets-eu-01.kc-usercontent.com/7c3778f1-714a-0155-9be8-162f4c282b22/ https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.googletagmanager.com https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net data:; media-src 'self' https: data: https://preview-assets-eu-01.kc-usercontent.com/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/26f8b85f-a743-0128-e3f3-719c3639660e/ https://deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://deliver.kontent.ai/7c3778f1-714a-0155-9be8-162f4c282b22/ https://preview-deliver.kontent.ai/2c6d42b3-af56-014e-57e9-7c6258e60838/ https://preview-assets-eu-01.kc-usercontent.com/7c3778f1-714a-0155-9be8-162f4c282b22/ https://snap.licdn.com/ https://static.hotjar.com/ https://static.hotjar.com/* https://connect.facebook.net https://js.hs-scripts.com/ https://youraccount.videomarketingplatform.co/ *.doubleclick.net https://*.fls.doubleclick.net; font-src 'self' https://fonts.gstatic.com https://ramboll.containers.piwik.pro; object-src none; block-all-mixed-content; worker-src blob:; frame-ancestors 'self' https://app.kontent.ai; base-uri self; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://med-mastodon.com; img-src 'self' https: data: blob: https://med-mastodon.com; style-src 'self' https://med-mastodon.com 'nonce-YOtqcQwY375GN209C1V+bg=='; media-src 'self' https: data: https://med-mastodon.com; frame-src 'self' https:; manifest-src 'self' https://med-mastodon.com; form-action 'self'; child-src 'self' blob: https://med-mastodon.com; worker-src 'self' blob: https://med-mastodon.com; connect-src 'self' data: blob: https://med-mastodon.com https://cdn.masto.host wss://med-mastodon.com; script-src 'self' https://med-mastodon.com 'wasm-unsafe-eval' 1
worker-src blob:; default-src 'self' 'unsafe-inline' https://api.friendlycaptcha.com https://next.lewa.com; style-src 'unsafe-inline' 'self' https://next.lewa.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://analytics.lewa.com https://cdn.consentmanager.mgr.consensu.org https://fonts.googleapis.com/; img-src 'self' data: https://cdn.consentmanager.net/ https://b.delivery.consentmanager.net/ https://next.lewa.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com/ https://analytics.lewa.com https://www.lewa.com/favicon.ico https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org/delivery/recall_shield.svg https://consentmanager.mgr.consensu.org https://*.googleapis.com https://www.google.com https://www.google.de/ads/ga-audiences https://stats.g.doubleclick.net https://www.google-analytics.com https://*.leadlab.click https://wm.wiredminds.de https://t2.leadlab.click; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.delivery.consentmanager.net/ https://cdn.consentmanager.net/ https://next.lewa.com https://userlike-cdn-umm.b-cdn.net https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net/ https://api.userlike.com/ https://www.gstatic.com/recaptcha/releases/ https://analytics.lewa.com https://consentmanager.mgr.consensu.org https://www.consentmanager.net/ https://cdn.consentmanager.mgr.consensu.org https://cdn.consentmanager.net/delivery/customdata/ https://*.leadlab.click https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/analytics.js https://wm.wiredminds.de; font-src 'self' https://next.lewa.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://*.cloudfront.net/ https://fonts.gstatic.com/ https://www.lewa.com/; frame-src https://cdn.consentmanager.net/ https://next.lewa.com https://cdn.consentmanager.mgr.consensu.org https://analytics.lewa.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ 'self'; connect-src 'self' https://api.friendlycaptcha.com https://next.lewa.com https://www.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://api.userlike.com/ wss://umd.userlike.com/umd/ https://*.leadlab.click https://cdn.consentmanager.mgr.consensu.org/ https://consentmanager.mgr.consensu.org/delivery/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.lewa.com; 1
script-src 'self' https://masterbot-chat-onemrva-ori-prod.apps.cloud.sodigital.io https://masterbot-chat-onemrva-ori-dev.apps.cloud.sodigital.io https://web-chat.global.assistant.watson.appdomain.cloud https://matomo.bosa.be https://analytics.onem.be https://cdn.gcloud.belgium.be https://analytics.socialsecurity.be https://www.flexmail.eu https://openfed.github.io https://squizlabs.github.io; frame-ancestors 'self' https://masterbot-chat-onemrva-ori-prod.apps.cloud.sodigital.io https://masterbot-chat-onemrva-ori-dev.apps.cloud.sodigital.io 1
frame-ancestors 'self' https://solutioncenter.yaskawa.com https://solutioncenterqa.yaskawa.com *.yaskawa.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: http://www.google-analytics.com http://www.googletagmanager.com http://*.list-manage.com http://s3.amazonaws.com http://*.mailchimp.com http://fonts.gstatic.com http://fonts.googleapis.com http://*.youtube.com http://*.youtube-nocookie.com http://tickets.volksoper.at http://www.culturall.com https://*.list-manage.com https://s3.amazonaws.com https://*.mailchimp.com https://fonts.gstatic.com https://fonts.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://tickets.volksoper.at https://www.culturall.com https://www.googletagmanager.com https://www.google-analytics.com https://www.wiener-staatsoper.at https://use.typekit.net https://p.typekit.net/ https://p.interacty.me/ https://cloud.ccm19.de https://matomo.volksoper.at https://connect.facebook.net https://www.facebook.com https://googleads.g.doubleclick.net https://td.doubleclick.net/ https://www.google.at https://www.google.com 1
frame-ancestors 'self' www.google.com; 1
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com  https://pacl.pchome.com.tw https://d.line-scdn.net https://cdn.taboola.com https://trc.taboola.com https://cds.taboola.com https://trc-events.taboola.com; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com https://pips.taboola.com https://cdn.taboola.com https://trc.taboola.com https://cds.taboola.com https://trc-events.taboola.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com https://cdn.taboola.com https://trc.taboola.com https://trc-events.taboola.com; object-src 'none'; upgrade-insecure-requests; 1
img-src 'self' asmr.com www.asmr.com secure.gravatar.com www.google-analytics.com data:; object-src 'none'; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com www.google.com/recaptcha/api.js www.gstatic.com/recaptcha/releases/fGZmEzpfeSeqDJiApS_XZ4Y2/recaptcha__en.js js-agent.newrelic.com www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__en.js; style-src 'self' 'unsafe-inline' asmr.com www.asmr.com/wp-content/uploads/2018/08/ASM_logo_WHT-1.png fonts.googleapis.com; 1
default-src 'self' https:;script-src 'self' https: 'unsafe-inline';style-src 'self' https: 'unsafe-inline';media-src 'none';object-src 'none';worker-src 'self'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hscollectedforms.net *.hs-banner.com *.youtube.com *.static.addtoany.com *.email.healthyeating.org *.alchemer.com *.surveygizmo.com *.googleapis.com *.gstatic.com www.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org tagmanager.google.com use.typekit.net kit.fontawesome.com *.hotjar.com; style-src 'self' 'unsafe-inline' *.email.healthyeating.org *.alchemer.com *.surveygizmo.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com use.typekit.net p.typekit.net kit-free.fontawesome.com *.google.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net kit-free.fontawesome.com script.hotjar.com; img-src 'self' *.hsforms.com *.googletagmanager.com dairycouncilofca.org *.amazonaws.com *.ytimg.com *.email.healthyeating.org *.alchemer.com *.surveygizmo.com *.cloudfront.net *.gstatic.com *.googleapis.com *.google-analytics.com https://*.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com stats.g.doubleclick.net i1.ytimg.com; media-src 'self' data: blob: https://www.youtube.com/; frame-src 'self' sway.office.com *.adobe.com *.issuu.com *.myplate.gov *.email.healthyeating.org *.hotjar.com *.youtube.com *.google.com *.gstatic.com *.arcgis.com *.choosemyplate.gov; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ *.hotjar.com *.gstatic.com; connect-src 'self' *.hscollectedforms.net dairycouncilofca.org *.google-analytics.com accounts.google.com https://*.dec.sitefinity.com *.mktoresp.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://stats.g.doubleclick.net; 1
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; script-src-elem * 'unsafe-inline' 1
frame-ancestors 'self' https://*.atrapalo.cl; report-uri /csp/report; 1
connect-src 'self' so-dev.de *.deutsches-schulportal.de *.google.com *.google.de *.google.ch *.google.gr *.google.at *.google.fr *.google.co.uk *.google.it *.google.es *.google.pl *.google.com.py *.google.co.za *.google.dk *.google.se *.google.fi *.google.no *.google.is *.google.nl *.google.cz *.google.be *.google.lu *.google-analytics.com *.googlesyndication.com *.doubleclick.net *.googletagmanager.com *.facebook.com *.threads.net *.bugsnag.com; default-src 'self' *.deutsches-schulportal.de; font-src 'self' data:; frame-src 'self' so-dev.de *.deutsches-schulportal.de *.google.com *.youtube.com *.doubleclick.net *.compareyourcountry.org *.threads.net *.bugsnag.com *.bugherd.com; img-src 'self' data: *.ddsp.so-dev.de *.deutsches-schulportal.de deutsches-schulportal.de *.google.com *.google.de *.google.ch *.google.gr *.google.at *.google.fr *.google.co.uk *.google.it *.google.es *.google.pl *.google.com.py *.google.co.za *.google.dk *.google.se *.google.fi *.google.no *.google.is *.google.nl *.google.cz *.google.be *.google.lu secure.gravatar.com *.facebook.com *.google-analytics.com *.vgwort.de *.ytimg.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' deutsches-schulportal.de *.deutsches-schulportal.de so-dev.de deutsches-schulportal.de *.deutsches-schulportal.de *.google.com *.gstatic.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.facebook.net *.youtube.com *.twitter.com *.threads.net *.bugsnag.com; style-src 'self' 'unsafe-inline' so-dev.de deutsches-schulportal.de *.deutsches-schulportal.de 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https:; connect-src https: wss:; object-src 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 1
frame-ancestors https://www.constructionspecifier.com/ https://kenilworth.com/ https://www.csiresources.org 1
default-src https: data: wss://*.hotjar.com wss://*.zopim.com *.crazyegg.com; script-src https: blob: data: 'unsafe-inline' 'unsafe-eval' *.crazyegg.com; style-src https: 'unsafe-inline' *.crazyegg.com; img-src data: https: 'unsafe-inline' *.crazyegg.com; font-src data: https: 'unsafe-inline' *.crazyegg.com; frame-ancestors 'self'; object-src 'self' blob; upgrade-insecure-requests; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net blob: https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://analytics.tiktok.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://*.contentsquare.net https://smct.io https://*.smct.io; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com data: https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://www.revolutionbeauty.us https://checkout.revolutionbeauty.us https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: https://*.contentsquare.net; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://analytics.tiktok.com https://*.ibytedtos.com https://ln-rules.rewardstyle.com https://*.contentsquare.net https://app.contentsquare.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'none';object-src 'none';base-uri 'self';script-src 'nonce-1VRUrvyjaecHi8p0mjyb214fh5KU4WRCQw4GUFlvDxQ' 'strict-dynamic' https: http: 'unsafe-eval' 'unsafe-inline'; 1
img-src 'self' *.commercecloud.salesforce.com dev16-asiacommerce-shiseido.demandware.net dev23-asiacommerce-shiseido.demandware.net dev10-asiacommerce-shiseido.demandware.net img.ipsa.co.jp data: *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.jp t.co analytics.twitter.com bat.bing.com tr.line.me b99.yahoo.co.jp cm.g.doubleclick.net x.bidswitch.net ib.adnxs.com contextual.media.net pixel.rubiconproject.com rtb-csync.smartadserver.com sync-t1.taboola.com criteo-sync.teads.tv eb2.3lift.com ups.analytics.yahoo.com hb.yahoo.net adgen.socdm.com tg.socdm.com ad.as.amanad.adtdp.com gum.criteo.com r.casalemedia.com adx.dable.io cs.adingo.jp ads.stickyadstv.com idsync.rlcdn.com c.bing.com sync.outbrain.com simage2.pubmatic.com s.ad.smaato.net ade.clmbtech.com sync-criteo.ads.yieldmo.com dis.criteo.com match.prod.bidr.io tags.bluekai.com beacon.krxd.net sync.aralego.com bh.contextweb.com public-prod-dspcookiematching.dmxleo.com s-cs.send.microad.jp sync.ad-stir.com widget.as.criteo.com cdn.aralego.net www.facebook.com *.clarity.ms *.adgrx.com *.karte.io;script-src 'self' 'unsafe-eval' 'unsafe-inline' storage.googleapis.com *.googletagmanager.com ajax.googleapis.com am.yahoo.co.jp analytics.tiktok.com asia.creativecdn.com b99.yahoo.co.jp bat.bing.com cdn.cquotient.com cdn.treasuredata.com connect.facebook.net cs.nakanohito.jp d.line-scdn.net dynamic.criteo.com googleads.g.doubleclick.net p.cquotient.com s.yimg.jp sslwidget.criteo.com static.ads-twitter.com tags.creativecdn.com typesquare.com d.line-cdn.net cm.g.doubleclick.net ib.adnxs.com gum.criteo.com ads.stickyadstv.com sync.aralego.com www.clarity.ms www.google-analytics.com www.googletagmanager.com www.youtube.com *.karte.io;connect-src 'self' api.cquotient.com *.googletagmanager.com *.google-analytics.com analytics.google.com asia.creativecdn.com bs.nakanohito.jp analytics.tiktok.com ssc.ipsa.co.jp tokyo.in.treasuredata.com measurement-api.criteo.com *.clarity.ms stats.g.doubleclick.net sslwidget.criteo.com c06.nakanohito.jp *.karte.io;frame-src 'self' td.doubleclick.net gum.criteo.com asia.creativecdn.com fledge.as.criteo.com static.criteo.net;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org connect.facebook.net www.google-analytics.com *.doubleclick.net pghub.io feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.doubleclick.net feed.pghub.io pgamaphc.jebbit.com consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net www.facebook.com pixel.tapad.com cdn.cookielaw.org www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; connect-src 'self' *.google-analytics.com *.googlesyndication.com cdn.cookielaw.org *.algolia.net *.algolianet.com *.contentful.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' blob: 'unsafe-inline' *.snu.edu.in  *.google.co.in *.nopaperforms.com *.ytimg.com *.doubleclick.net *.sharethis.com  *.google.co.in *.googletagmanager.com *.google.com *.youtube.com *.youtube-nocookie.com *.spotify.com *.googleusercontent.com *.cloudflare.com *.google-analytics.com *.googleadservices.com *.youtube.com *.spotify.com *.jsdelivr.net *.googleapis.com *.google.com;frame-ancestors 'self' *.youtube.com *.nopaperforms.com *.spotify.com  *.google.co.in; font-src 'self' *.gstatic.com *.cloudflare.com *.jsdelivr.net data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nopaperforms.com *.google.co.in *.sharethis.com *.jquery.com *.googletagmanager.com *.google.com *.gstatic.com *.youtube.com *.tradingview.com *.google-analytics.com *.googleadservices.com *.cloudflare.com *.spotify.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://tagmanager.google.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://stats.slik.nl https://slik.containers.piwik.pro/ https://cdn.heapanalytics.com/ https://cdn.matomo.cloud/ https://*.hotjar.com https://*.cookiebot.com/ http://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://cdn.leadinfo.net/ https://collector.leadinfo.net/ https://script.adcalls.nl/ https://www.google.com/ https://www.gstatic.com/; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com/ data:; img-src 'self' data: https://heapanalytics.com/ https://*.hotjar.com https://ssl.gstatic.com/ https://maps.gstatic.com/ https://*.googleapis.com/ https://*.ggpht.com/ https://www.google-analytics.com/ https://www.google.nl/ https://www.google.com/ https://*.doubleclick.net/ https://collector.leadinfo.net/; connect-src https://*.googlesyndication.com/ https://stats.slik.nl/ https://slik.containers.piwik.pro/ https://slik.piwik.pro/ https://*.auryc.com/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net/ https://api.slik.eu/ https://consentcdn.cookiebot.com/ https://api.adcalls.nl/ https://collector.leadinfo.net/ https://api.leadinfo.com/ https://*.google-analytics.com/; frame-src 'self' https://*.hotjar.com https://www.youtube-nocookie.com https://*.cookiebot.com/ https://www.google.com/ 1
default-src https://drive.google.com *.lfeeder.com https://web.opendrive.com https://www.e-point.pl dbcms.s3.amazonaws.com https://od.lk *.leadfeeder.com snitcher.com 'self'; font-src https://drive.google.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://sitespeak.ai https://www.e-point.pl 'self'; style-src https://drive.google.com https://tagmanager.google.com https://www.e-point.pl https://*.clarity.ms vjs.zencdn.net https://sitespeak.ai https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src http://static.hotjar.com https://www.linkedin.com https://cdn.sitespeak.ai https://www.e-point.pl https://www.facebook.com https://maps.googleapis.com https://track.hubspot.com https://i.ytimg.com https://googleads.g.doubleclick.net https://www.gstatic.com https://hubspot-no-cache-eu1-prod.s3.amazonaws.com https://*.clarity.ms https://www.google.com https://track-eu1.hubspot.com *.lfeeder.com https://region1.google-analytics.com https://csi.gstatic.com https://www.google.pl https://drive.google.com https://forms.hsforms.com https://maps.gstatic.com https://px.ads.linkedin.com http://www.google-analytics.com https://forms-eu1.hsforms.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.gstatic.com *.leadfeeder.com https://p.adsymptotic.com https://doc-0k-4o-docs.googleusercontent.com 'self' data:; frame-src https://www.google.com https://consentcdn.cookiebot.com www.facebook.com https://player.vimeo.com https://meetings-eu1.hubspot.com https://vars.hotjar.com https://www.e-point.pl https://pagead2.googlesyndication.com https://widget.clutch.co https://www.facebook.com http://staticxx.facebook.com https://drive.google.com https://tpc.googlesyndication.com https://chatbot.sitespeak.ai https://forms-eu1.hsforms.com https://*.clarity.ms https://sitespeak.ai https://www.youtube.com 'self'; script-src https://consent.cookiebot.com https://script.hotjar.com https://js-eu1.hsforms.net https://sjs.bizographics.com https://keyword-hero.com https://js-eu1.hs-analytics.net https://tpc.googlesyndication.com https://www.gstatic.com https://js.hscollectedforms.net https://a-epoint.youlead.pl vjs.zencdn.net https://www.youtube.com https://www.google.com *.lfeeder.com http://connect.facebook.net https://snap.licdn.com https://www.clarity.ms snitcher.com js-eu1.hs-scripts.com https://cdnjs.cloudflare.com https://skk.erecruiter.pl http://tagmanager.google.com https://rs.fullstory.com http://static.hotjar.com https://js.hs-analytics.net https://www.e-point.pl https://www.googleadservices.com https://www.fullstory.com https://widget.clutch.co https://www.epoint.com https://js.hs-banner.com https://maps.googleapis.com https://static.hsappstatic.net https://googleads.g.doubleclick.net https://*.clarity.ms https://js-eu1.hscollectedforms.net https://sitespeak.ai https://cdn.jsdelivr.net sc.lfeeder.com https://consentcdn.cookiebot.com https://tagmanager.google.com https://js-eu1.hs-banner.com https://js.hs-scripts.com https://m-epoint.youlead.pl https://www.google.pl https://drive.google.com https://fullstory.com lftracker.leadfeeder.com http://www.google-analytics.com https://forms-eu1.hsforms.com https://www.googletagmanager.com https://edge.fullstory.com https://www.google-analytics.com *.leadfeeder.com https://js-eu1.hscta.net 'self' 'unsafe-eval' 'unsafe-inline'; object-src https://sitespeak.ai https://www.e-point.pl https://drive.google.com 'self'; connect-src https://forms-eu1.hscollectedforms.net https://www.e-point.pl https://stats.g.doubleclick.net https://pagead2.googlesyndication.com wss://ws4.hotjar.com https://www.fullstory.com http://graylog.hotjar.com:12080 https://keyword-hero.com https://forms-eu1.hubspot.com https://ws3.hotjar.com https://googleads.g.doubleclick.net https://forms.hubspot.com wss://ws3.hotjar.com https://*.clarity.ms https://cdn.linkedin.oribi.io https://sitespeak.ai www.google-analytics.com https://ws8.hotjar.com https://www.google.com https://tagmanager.google.com https://vc.hotjar.io wss://ws2.hotjar.com https://js-eu1.hs-banner.com https://region1.google-analytics.com http://insights.hotjar.com https://graylog.hotjar.com:12443 https://www.google.pl https://drive.google.com https://region1.analytics.google.com wss://ws8.hotjar.com https://in.hotjar.com https://fullstory.com wss://ws1.hotjar.com https://px.ads.linkedin.com https://cdnjs.cloudflare.com wss://ws5.hotjar.com https://forms-eu1.hsforms.com https://www.googletagmanager.com https://rs.fullstory.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com 'self' 1
frame-ancestors 'self' bbw.de; 1
frame-ancestors 'self' http://www.rslcontent.co.uk api.nowsignage.com media.nowsignage.com https://multizone.nowsignage.com; 1
default-src 'self' https://*.clearygottlieb.com https://*.truste.com https://*.nr-data.net https://*.siteimproveanalytics.io https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.doubleclick.net https://*.vimeo.com https://*.youtube-nocookie.com https://*.youtube.com; script-src 'nonce-h6ln6Vgn5GbREdaQezm5lHNxtZwbsSpsslSr+4C2JEk=' 'unsafe-eval' 'self' https://*.clearygottlieb.com https://*.jquery.com https://*.googletagmanager.com https://siteimproveanalytics.com https://*.siteimproveanalytics.com https://*.newrelic.com https://*.google-analytics.com https://*.trustarc.com https://*.nr-data.net; style-src 'unsafe-inline' 'self' https://*.clearygottlieb.com; font-src 'self' https://*.trustarc.com data:; img-src 'self' https://*.clearygottlieb.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.google.com.ec https://*.truste.com https://*.siteimproveanalytics.io https://*.google-analytics.com https://*.trustarc.com data:; media-src https://*.clearygottlieb.com https://*.vimeo.com https://*.akamaized.net data:; child-src https://*.clearygottlieb.com https://*.vimeo.com; frame-src https://*.clearygottlieb.com https://*.googletagmanager.com https://*.trustarc.com https://*.vimeo.com; base-uri 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://*.showheroes.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://media.bsd.network; font-src 'self' https://media.bsd.network; img-src 'self' data: blob: https://media.bsd.network; style-src 'self' https://media.bsd.network 'nonce-OA1sHMYNY1PNBS7Oev9c5g=='; media-src 'self' data: https://media.bsd.network; frame-src 'self' https:; child-src 'self' blob: https://media.bsd.network; worker-src 'self' blob: https://media.bsd.network; connect-src 'self' blob: data: wss://bsd.network https://media.bsd.network; manifest-src 'self' https://media.bsd.network; form-action 'self' 1
default-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de ws://127.0.0.1:35729 www.lebkuchen-schmidt.com localhost www.lebkuchen-schmidt.com;  script-src 'self' 'unsafe-eval' 'unsafe-inline' use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com *.clarity.ms www.lebkuchen-schmidt.com *.scarabresearch.com https://localhost ajax.googleapis.com api.userlike.com *.amazonaws.com *.juicer.io *.cloudfront.net *.convertexperiments.com *.usercentrics.eu *.simptrack.com *.trustedshops.com *.zdassets.com *.webgains.io *.webgains.link *.bounce-commerce.de *.etracker.com *.bing.com *.googleadservices.com *.trk42.net *.tiktok.com *.signalize.com *.etracker.de static.hotjar.com script.hotjar.com *.dwin1.com *.creative-serving.com https://pagead2.googlesyndication.com https://*.criteo.net https://*.criteo.com https://www.awin1.com *.surveymonkey.com;  style-src 'self' 'unsafe-inline' use.typekit.net fonts.googleapis.com tagmanager.google.com www.lebkuchen-schmidt.com *.googletagmanager.com 'unsafe-eval' fonts.googleapis.com *.signalize.com;  img-src 'self' data: p.typekit.net www.google-analytics.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com *.clarity.ms www.lebkuchen-schmidt.com *.googletagmanager.com cdn.lebkuchen-schmidt.com *.usercentrics.eu *.trustedshops.com *.facebook.com *.juicer.io *.google.de *.google.com *.bing.com *.doubleclick.net *.lebkuchen-schmidt.com *.tracker.de *.signalize.com *.signalize.com *.etracker.de *.trk42.net *.bidswitch.net *.creative-serving.com https://*.criteo.com https://www.awin1.com *.simptrack.com https://pagead2.googlesyndication.com;  font-src 'self' data: use.typekit.net fonts.gstatic.com www.lebkuchen-schmidt.com data: 'unsafe-eval' 'unsafe-inline' fonts.gstatic.com use.typekit.net *.cloudfront.net *.juicer.io script.hotjar.com *.signalize.com;  object-src 'self' www.lebkuchen-schmidt.com;  media-src 'self' www.lebkuchen-schmidt.com data: *.cloudfront.net https://cdn.lebkuchen-schmidt.com/;  child-src 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com www.lebkuchen-schmidt.com *.google.com;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com www.lebkuchen-schmidt.com *.facebook.com;  frame-ancestors 'self' www.lebkuchen-schmidt.com;  connect-src 'self' ws://127.0.0.1:35729 performance.typekit.net www.google-analytics.com *.clarity.ms www.lebkuchen-schmidt.com *.google-analytics.com *.amazon.com ws://127.0.0.1:35729 *.userlike.com *.typekit.net *.typekit.net *.scarabresearch.com maps.googleapis.com *.usercentrics.eu *.zdassets.com *.emarsys.net *.zendesk.com *.bounce-commerce.de *.doubleclick.net *.google.com *.juicer.io *.tiktok.com *.pange-ads.com analytics.pangle-ads.com *.etracker.de *.google.de bat.bing.com *.hotjar.io wss://ws.hotjar.com *.hotjar.com *.signalize.com *.convertexperiments.com *.trustedshops.com *.etrusted.com *.trustbadge.com id5-sync.com *.webgains.io https://*.criteo.com https://www.googleadservices.com;  frame-src 'self' www.lebkuchen-schmidt.com *.computop-paygate.com *.simptrack.com *.webgains.link *.doubleclick.net *.facebook.com *.google.com https://gum.criteo.com/ https://*.criteo.com https://www.awin1.com https://ai.trk42.net https://www.youtube.com/ *.surveymonkey.com; 1
frame-ancestors home.siberianhealth.com; 1
frame-ancestors 'self' dev.dieselserviceandsupply.com www.dieselserviceandsupply.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com analytics.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com use.fontawesome.com apps.elfsight.com *.elfsight.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.googletagmanager.com *.cdn.jsdelivr.net unpkg.com cdnjs.cloudflare.com *.pda.org *.flickr.com *.vimeo.com https://snap.licdn.com https://googleads.g.doubleclick.net *.hotjar.com *.hotjar.io https://pdaorg.adspeed.net *.adspeed.net donorbox.org https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com use.fontawesome.com apps.elfsight.com *.elfsight.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.googletagmanager.com *.cdn.jsdelivr.net unpkg.com *.pda.org cdnjs.cloudflare.com *.flickr.com *.fontawesome.com https://cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com use.fontawesome.com data: *.flickr.com; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com analytics.google.com *.googletagmanager.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com *.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com placeimg.com picsum.photos *.picsum.photos http://placeimg.com *.pda.org www.pda.org pda.org analytics.google.com *.adspeed.com *.staticflickr.com *.flickr.com *.google.com *.adspeed.net donorbox.org; media-src 'self' data: blob: https://www.youtube.com *.flickr.com; frame-src *.google.com td.doubleclick.net *.youtube.com *.pda.org *.soundcloud.com https://podcasters.spotify.com https://anchor.fm *.spotify.com *.fontawesome.com *.vimeo.com https://www.facebook.com https://www.linkedin.com; frame-ancestors *.google.com *.pda.org *.fontawesome.com https://www.facebook.com https://www.linkedin.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.surveymonkey.com *.libsyn.com *.map-dynamics.com api.map-dynamics.com *.flickr.com https://anchor.fm https://podcasters.spotify.com *.doubleclick.net *.fontawesome.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com apps.elfsight.com *.elfsight.com *.pda.org *.cdn.jsdelivr.net analytics.google.com *.flickr.com *.linkedin.oribi.io *.hotjar.com *.hotjar.io wss://ws.hotjar.com *.doubleclick.net https://anchor.fm https://podcasters.spotify.com *.googlesyndication.com *.linkedin.com *.fontawesome.com *.facebook.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.etracker.com https://*.etracker.de https://wb.whatsbroadcast.com https://*.gstatic.com https://*.googleapis.com https://www.lotto.de https://uberall.com https://*.uberall.com https://*.lotto-brandenburg.de https://*.amazonaws.com https://secure.pay1.de https://*.pay1.de https://yt3.ggpht.com https://scontent-ham3-1.xx.fbcdn.net https://pbs.twimg.com https://*.workplace.com https://*.facebook.com https://*.fbcdn.net https://*.fb.me https://*.fbsbx.com https://widget.msgp.pl https://www.youtube.com https://lotto-brandenburg.app-specials.com https://*.youtube-nocookie.com https://api.signalize.com https://66578.online-adventskalender.de https://youtu.be https://connect.facebook.net https://app.usercentrics.eu https://api.usercentrics.eu https://graphql.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://uct.service.usercentrics.eu https://aggregator.service.usercentrics.eu https://twemoji.maxcdn.com https://sleeknotecustomerscripts.sleeknote.com https://sleeknotestaticcontent.sleeknote.com https://images.sleeknote.com https://analytics.sleeknote.com;worker-src 'self' blob: 1
script-src 'nonce-mOmklKPSUFj2UXMpfxf2Vzhv3qexN6G6jkIwKHUgdv9AMUhAfag777CafgDlb8p5' 'strict-dynamic' https: 'self'; object-src 'none'; base-uri 'self' 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.tiles.mapbox.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com rpxnow.com cdn.segment.com *.janraincapture.com *.doubleclick.net *.googleadservices.com s.pinimg.com *.cloudfront.net pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com https://cdn.pricespider.com quilt-cdn.janrain.com *.bazaarvoice.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com pixel.tapad.com https://www.google.com *.doubleclick.net ct.pinterest.com *.cloudfront.net images.ctfassets.net *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://pandg.tapad.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com *.bazaarvoice.com *.janraincapture.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' googleadservices.com use.mazemap.com walls.io www.googletagmanager.com matomo.cs2.ch www.google-analytics.com www.youtube.com youtube.com player.vimeo.com snap.licdn.com static.zdassets.com connect.facebook.net assets.juicer.io googleads.g.doubleclick.net v2.zopim.com 1
frame-ancestors 'self' https://onlinexperiences.com https://next.brella.io https://pheedloop.com https://gather.town https://datadog.docebosaas.com/ 1
default-src 'self' 'unsafe-inline' data: blob: https:; style-src 'self' 'unsafe-inline' data: blob: https: cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdnjs.cloudflare.com e.issuu.com www.google.com www.gstatic.com www.googletagmanager.com maps.googleapis.com; frame-src e.issuu.com www.google.com *.kaptcha.com; object-src 'none' 1
default-src https: ; script-src blob: https: 'unsafe-inline' 'unsafe-eval' www.google-analytics.com optimize.google.com; style-src https: 'unsafe-inline' optimize.google.com shop.eismann.de; img-src https: www.google-analytics.com optimize.google.com data: ; font-src https: fonts.gstatic.com; frame-src https: optimize.google.com; frame-ancestors 'self' https://*.kameloon.eu https://*.eismann.de https://*.baqend.com; 1
frame-ancestors 'self' https://app.contentful.com https://app.eu.contentful.com https://movieworld.com.au https://seaworld.com.au https://seaworld.vrtpdev.village.com.au https://seaworld.vrtpuat.village.com.au 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: s.w.org cdn-apac.onetrust.com privacyportal-apac.onetrust.com maxcdn.bootstrapcdn.com *.zepp.co.jp secure.gravatar.com placehold.jp www.youtube.com www.google.com i.ytimg.com stackpath.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com ajax.googleapis.com www.googletagmanager.com www.google-analytics.com www.gstatic.com;img-src data: blob: * ; 1
default-src 'none'; connect-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-src 'self' survey.akhtaboot.com s3.amazonaws.com www.facebook.com googleads.g.doubleclick.net t.effectivemeasure.net docs.google.com view.officeapps.live.com www.google.com optimize.google.com www.youtube.com akhtaboot.s3.amazonaws.com akhtaboot-staging.s3.amazonaws.com www.recaptcha.net *.googlesyndication.com *.oraclecloud.com; img-src * data: blob: 'unsafe-inline'; media-src s3.amazonaws.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com rlforms.referlive.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com *.youtube.com *.twitter.com https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://apps.usw2.pure.cloud http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.googletagmanager.com cdn.datatables.net kit.fontawesome.com www.youtube.com *.vo.msecnd.net *.us.tvsquared.com *.monsido.com up.pixel.ad *.doubleclick.net *.hotjar.com *.digindemo.com; style-src 'self' 'unsafe-inline' *.googleapis.com rlforms.referlive.com/css/ReferLive_bankplus.css *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: ka-f.fontawesome.com; img-src bap.bankplus.net 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.tvsquared.com *.monsido.com *.sitescout.com; media-src 'self' data: blob:; frame-src player.vimeo.com 'self' *.doubleclick.net *.hotjar.com *.facebook.com *.sitescout.com *.bankplus.net https://apps.usw2.pure.cloud https://www.digindemo.com/; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src bpwebsvc.bankplus.net 'self' accounts.google.com https://*.insight.sitefinity.com *.hotjar.com *.hotjar.io https://*.dec.sitefinity.com *.mktoresp.com maps.googleapis.com https://api.usw2.pure.cloud wss://webmessaging.usw2.pure.cloud https://api-cdn.usw2.pure.cloud ka-f.fontawesome.com *.google-analytics.com dc.services.visualstudio.com *.visualstudio.com *.monsido.com wss://ws22.hotjar.com rlforms.referlive.com https://ecmacore.com; 1
default-src: 'self'; script-src: 'self' www.your-freedom.net 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.mygeekbox.us https://m.mygeekbox.us https://checkout.mygeekbox.us https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://ajax.aspnetcdn.com/ https://i.simpli.fi/ https://rules.quantcount.com/ https://secure.quantserve.com/ https://acdn.adnxs.com/ https://tag.simpli.fi/ https://unpkg.com/ https://connect.facebook.net/ https://use.typekit.net/ https://tracking-v3.websitealive.com/ https://alive5.com/ https://js.braintreegateway.com/ https://assets.braintreegateway.com/ https://c.paypal.com/ https://widget.surveymonkey.com/ https://collector-22197.us.tvsquared.com/ https://omnisnippet1.com/ https://forms.soundestlink.com/;  style-src 'self' https://use.typekit.net/ https://p.typekit.net/ https://tracking-v3.websitealive.com/ https://assets.braintreegateway.com/ https://alive5.com/ https://fonts.googleapis.com/ 'unsafe-inline';  connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://google.com https://www.facebook.com/ https://capig.stape.biz/ https://alive5.com/ https://api-v2.alive5.com/ https://performance.typekit.net/ https://api.sandbox.braintreegateway.com/ https://client-analytics.sandbox.braintreegateway.com/ *.braintree-api.com https://forms.soundestlink.com/ https://api.braintreegateway.com/ https://client-analytics.braintreegateway.com/;  font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com/;  img-src 'self' data: https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://google.com https://p.typekit.net/ https://assets.braintreegateway.com/;  frame-src 'self' https://bid.g.doubleclick.net https://td.doubleclick.net/ *.websitealive.com https://alive5.com/ https://assets.braintreegateway.com/ *.paypal.com *.kaptcha.com https://www.facebook.com/;  report-uri https://myplates.report-uri.com/r/d/csp/enforce 1
frame-ancestors *.bsfinternational.org 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' www.google.com www.google-analytics.com www.googletagmanager.com ajax.googleapis.com www.gstatic.com code.jquery.com cdnjs.cloudflare.com html5shiv.googlecode.com c64.assets-yammer.com code.highcharts.com *.webspellchecker.net www.paypalobjects.com www.paypal.com cdn.embedly.com *.grsportal.com cdn.walkme.com *.rfksrv.com *.cloudfront.net *.datadoghq-browser-agent.com; 1
upgrade-insecure-requests; frame-ancestors 'self' https://preview-edit.aminess-campsites.com https://preview-edit.aminess.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: voc.uk.glassboxrnd.com images.contentful.com *.usabilla.com www.google.it cdn.gbqofs.com analytics.google.com ariane.abtasty.com visitor-services.nanorep.com nr1.s3.amazonaws.com www.gstatic.com *.www.facebook.com optimize.google.com region1.google-analytics.com report.axa.gbqofs.io *.axa.gbqofs.io *.c.evidon.com motor.axa.ie translate.google.com www.google-analytics.com axaelevendx.nanorep.co pay.realexpayments.com www.google.ae bcp.crwdcntrl.net *.facebook.com gogreen.axa.ie c.evidon.com maps.google.com www.google.nl *.cloudfront.net *.analytics.google.com optoutapi.evidon.com www.google.co.uk *.axaelevendx.nanorep.co *.report.axa.gbqofs.io *.optimize.google.com www.googletagmanager.com data.stbuttons.click www.googleoptimize.com collection.axa.ie connect.facebook.net api.feefo.com stc08.u5e.com *.facebook.net *.d6tizftlrpuof.cloudfront.net www.google.de www.youtube.com cdn.knightlab.com usabilla.com maps.google.ie www.google.co.za dcinfos-cache.abtasty.com *.voc.uk.glassboxrnd.com s3.amazonaws.com l.evidon.com w.usabilla.com *.visitor-services.nanorep.com d6tizftlrpuof.cloudfront.net secureweb.axa.ie *.azureedge.net adservice.google.com l.sharethis.com *.googleapis.com axa.gbqofs.io www.google.es *.bat.bing.com t.sharethis.com www.google.com pay.google.com try.abtasty.com www.google.com.au www.google.ro www.facebook.com cdnjs.cloudflare.com ws.sharethis.com abtasty.com www.google.fr *.doubleclick.net webmail.axa.ie bat.bing.com images.ctfassets.net *.abtasty.com *.www.google.ie fonts.gstatic.com *.googleadservices.com *.s3.amazonaws.com fonts.googleapis.com cdn2.gbqofs.com *.googlesyndication.com www.google.ie; frame-ancestors 'self' www.axa.ie ;  1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' https://www.recaptcha.net/recaptcha/ https://www.google.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://*.google-analytics.com https://connect.facebook.net/en_US/fbevents.js https://static.cloudflareinsights.com https://browser.sentry-cdn.com/6.13.3/bundle.tracing.min.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: htts://accounts.google.com https://*.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com/recaptcha/ https://www.facebook.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://*.coinmarketcap.com/static/img/coins/ *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' wss://btc-alpha.com https://report.btc-alpha.com https://sentry.btc-alpha.io https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; frame-src 'self' blob: https://www.recaptcha.net/recaptcha/ https://www.google.com https://www.youtube.com https://www.facebook.com; frame-ancestors 'self'; report-uri https://report.btc-alpha.com/api/8/security/?sentry_key=2f92208cf42e4137940a2db21eeb63be 1
default-src https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://static.yezzclips.com; frame-src https://www.juicycash.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://www.inet-cash.com https://*.google-analytics.com https://*.googletagmanager.com  https://static.yezzclips.com https://www.juicycash.net https://yezzclips.r.worldssl.net; media-src 'self' https://static.yezzclips.com https://yezzclips.r.worldssl.net; script-src https://*.googletagmanager.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.inet-cash.com https://ajax.googleapis.com/ https://www.google-analytics.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://static.yezzclips.com https://yezzclips.r.worldssl.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://static.yezzclips.com https://yezzclips.r.worldssl.net https://use.fontawesome.com; frame-ancestors 'none'; 1
base-uri 'self'; default-src 'none'; frame-ancestors 'self'; frame-src 'self' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ https://info.kubota.ca *.g.doubleclick.net *.fls.doubleclick.net www.facebook.com www.youtube.com www.vimeo.com app.viralsweep.com vars.hotjar.com insight.adsrvr.org; style-src 'self' 'unsafe-inline' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ *.cloudfront.net cdnjs.cloudflare.com fonts.googleapis.com fast.fonts.net *.sirv.com static.hotjar.com assets.juicer.io app.viralsweep.com cdn.addsearch.com cdn.jsdelivr.net; font-src 'self' data: cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com fast.fonts.net *.juicer.io; img-src 'self' data: blob: 'unsafe-hashes' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ www.google.ca www.google.com maps.gstatic.com maps.googleapis.com *.cloudfront.net www.google-analytics.com *.sirv.com www.facebook.com cdn.intelligencebank.com pxl.jivox.com insight.adsrvr.org *.hotjar.com assets.juicer.io app.viralsweep.com *.juicer.io *.cdninstagram.com pixel.tapad.com cm.g.doubleclick.net googleads.g.doubleclick.net match.adsrvr.org *.adnxs.com cdn.addsearch.com *.acuityplatform.com *.bidswitch.net ca-gmtdmp.mookie1.com cdn.matomo.cloud; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ *.cloudfront.net cdnjs.cloudflare.com *.raygun.io fast.fonts.net code.createjs.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com connect.facebook.net *.acuityplatform.com *.sirv.com img.en25.com www.youtube.com *.hotjar.com assets.juicer.io app.viralsweep.com script.hotjar.com cdn.addsearch.com cdn.jsdelivr.net js.adsrvr.org insight.adsrvr.org cdn.matomo.cloud www.googleadservices.com; connect-src 'self' kubota.ca *.kubota.ca as-www-qa-cac-qa-backslot.azurewebsites.net as-www-qa-cac-qa-backslot2.azurewebsites.net as-www-prod-cac-localdeploy1.azurewebsites.net as-www-prod-cac-localdeploy2-stagingbranchprodsettings.azurewebsites.net/ www.google-analytics.com www.googletagmanager.com maps.googleapis.com analytics.google.com api.raygun.io *.g.doubleclick.net *.fls.doubleclick.net scripts.sirv.com secure.p01.eloqua.com e.acuityplatform.com *.sirv.com *.juicer.io *.hotjar.com wss://*.hotjar.com *.hotjar.io *.addsearch.com; media-src 'self' cdn.intelligencebank.com; object-src 'self'; manifest-src 'self'; form-action 'self' www.facebook.com 1
default-src 'self' https://merit.soliditet.se https://www.google-analytics.com; frame-src 'self' https://www.google.com; img-src 'self' https://fdab.se https://www.fdab.se https://www.google-analytics.com https://merit.soliditet.se 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-WQZxxSBEms0a01//HjM17g==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' https://*; script-src  http://* https://* 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; style-src 'self' https://* 'unsafe-inline'; img-src * data: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-uY8c5pwII6dhoxSintU7C42ryEosJyWXPb70mnkWgRIrgYfP' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
report-uri ; default-src 'none'; base-uri 'self'; style-src 'self' 'unsafe-inline' https://cdn.cookiehub.eu/c2/css/2858c2e7.css; img-src 'self' https://straumur.cdn.prismic.io images.prismic.io https://straumur.zendesk.com https://kvikahelp.zendesk.com https://images.unsplash.com https://www.facebook.com; font-src 'self'; manifest-src 'self'; script-src 'self' https://cdn.cookiehub.eu/c2/2858c2e7.js 'sha256-gWCqfvMz6gFY4H/Mp7RV+XjLH7rk7PPLATCuGeG+iXI=' 'sha256-eJk4k3o/xMXL7Ax97+iKnn7l3CMqV4m6AqeIbUrEMhI=' https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://static.zdassets.com/ekr/sentry-browser.min.js https://zendesk-eu.my.sentry.io/ https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://straumur.zendesk.com https://kvikahelp.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://straumur.zendesk.com https://pod13.zendesk.com wss://pod13.zendesk.com wss://*.zopim.com pod-13.zendesk.com https://static.cdn.prismic.io https://prismic.io https://www.google.com/recaptcha/api/siteverify https://cookiehub.net 'sha256-MK+LIK7EaQ7nrkAtLCGK+UKzfaYp4Frsy9PmkBHCBMI=' 'sha256-+9+hYkFI5sm4saaRq/OXheik07DG/xufqJwdJbea9xE=' 'sha256-NZOT7kPTjrflrALanptHp0x8BHCQ/2aar4PGKf6GRBo=' cdn.segment.com connect.facebook.com googletagmanager.com http://connect.facebook.net http://connect.facebook.com http://www.googletagmanager.com https://region1.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com; connect-src 'self' https://straumur.cdn.prismic.io o394619.ingest.sentry.io https://vitals.vercel-insights.com https://cdneu.net/app.js https://capture-api.eu.autopilotapp.com https://static.zdassets.com https://ekr.zdassets.com https://ekr.zendesk.com https://straumur.zendesk.com https://kvikahelp.zendesk.com https://*.zopim.com https://zendesk-eu.my.sentry.io wss://straumur.zendesk.com https://pod13.zendesk.com wss://pod13.zendesk.com wss://*.zopim.com https://region-eu.cookiehub.net https://consent.cookiehub.net/log https://consent-eu.cookiehub.net/ https://pod-13.zendesk.com wss://pod-13.zendesk.com cdn.segment.com api.segment.io *.segmentapis.com https://region1.google-analytics.com; frame-src www.google.com https://straumur-web.cdn.prismic.io https://www.facebook.com; object-src 'none'; frame-ancestors 'none'; media-src 'self' https://straumur.cdn.prismic.io https://static.zdassets.com; worker-src 'none'; child-src 'none'; form-action https://www.facebook.com/tr/; 1
worker-src 'self' blob:; default-src 'self'; connect-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'self'; font-src * data: 1
font-src fonts.gstatic.com use.typekit.net *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gold-collagen.com *.klaviyo.com wordpress-603805-2583042.cloudwaysapps.com https://cdnjs.cloudflare.com *.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.dotdigital-pages.com *.dotdigital.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.google.com *.cookiebot.com tracead.com *.smct.io *.pubxtags.com *.cloudfront.net *.facebook.com *.referralcorner.com *.referralcandy.com *.revenuehunt.com *.hubspot.com *.hs-sites.com *.hubspot.net *.hubspotvideo.com *.hsforms.net *.hsforms.com *.trustpilot.com www.xtento.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.trackedlink.net *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google.co.uk *.postcodeanywhere.co.uk *.ojrq.net *.bing.com *.facebook.com *.hubspot.com *.clarity.ms privymktg.com *.hsforms.com google-analytics.com *.smct.co *.cloudfront.net *.cookiebot.com *.cdninstagram.com *.klaviyo.com *.hscta.net *.hubspot.net *.hsforms.net *.revenuehunt.com *.cloudflare.com www.xtento.com cdn.xtento.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.impactcdn.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.google-analytics.com *.googletagmanager.com *.revenuehunt.com *.pcapredict.com *.postcodeanywhere.co.uk *.cloudfront.net foursixty.com *.facebook.com *.klaviyo.com *.hs-scripts.com *.hsadspixel.net *.hs-analytics.net *.hscta.net *.hubspot.com *.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspotfeedback.com *.cloudflareinsights.com *.cookiebot.com widget.privy.com bat.bing.com cdn.subscribers.com www.dwin1.com amplify.outbrain.com www.clarity.ms *.referralcandy.com https://cdnjs.cloudflare.com *.trustpilot.com www.xtento.com cdn.xtento.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com unsafe-inline assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com *.postcodeanywhere.co.uk foursixty.com *.typekit.net *.privy.com *.facebook.com facebook.com *.klaviyo.com *.hubspot.net https://fonts.googleapis.com https://cdnjs.cloudflare.com *.trustpilot.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.snplow.net commerce.adobedc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com webchat.staging.dotdigital.com *.sjv.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.google-analytics.com *.doubleclick.net *.postcodeanywhere.co.uk *.trustpilot.com foursixty.com *.facebook.com *.hubapi.com *.hscta.net *.hubspot.com *.hubspot.net *.hscollectedforms.net *.hsforms.com bat.bing.com api.privy.com cdn.subscribers.com consentcdn.cookiebot.com *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://metrika.yandex.ru https://webvisor.com; 1
frame-ancestors https://*.careercross.com; default-src https: data: 'unsafe-eval' 'unsafe-inline' *.crazyegg.com; object-src 'none'; worker-src blob:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-sOxkGqy+7gvIqrgKb3l9PnUKNkglrOOlH8xpwFZH3Nvde9W9' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; script-src 'self' *.b0e8.com *.bc0a.com marvel-b2-cdn.bc0a.com www.google-analytics.com www.googletagmanager.com play.vidyard.com assets.vidyard.com unpkg.com *.newrelic.com snap.licdn.com static.ads-twitter.com analytics.twitter.com www.googleadservices.com script.hotjar.com static.hotjar.com 972-oec-621.mktoweb.com munchkin.marketo.net j.6sc.co bam.nr-data.net geolocation.onetrust.com *.google.com tpc.googlesyndication.com maps.googleapis.com www.gstatic.com js.hsforms.net *.hsforms.com *.pressganey.com *.cdntwrk.com www.googleoptimize.com connect.facebook.net js.hs-scripts.com js.usemessages.com js.hs-analytics.net js.hs-banner.com cdn.cookielaw.org *.wistia.com *.wistia.net src.litix.io fast.wistia.com *.googletagmanager.com info.pressganey.com js.hsleadflows.net cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com *.zoominfo.com js.hsadspixel.net subscriptions.smartrecruiters.com static.smartrecruiters.com www.smartrecruiters.com jobpal-sm.s3.amazonaws.com pressganey.com cdn.jsdelivr.net *.castos.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 972-oec-621.mktoweb.com fonts.googleapis.com legal.pressganey.com static.smartrecruiters.com *.hsforms.com *.wistia.com *.cdntwrk.com *.googletagmanager.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com 'unsafe-inline'; frame-ancestors 'self' library.forsta.com resources.rioseo.com; frame-src 'self' play.vidyard.com vars.hotjar.com 972-oec-621.mktoweb.com tpc.googlesyndication.com *.google.com pressganey.com www.googletagmanager.com survey.us.confirmit.com js.hsforms.net *.hsforms.com www.facebook.com app.livestorm.co *.hubspot.com pressganey-20208516.hs-sites.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com; object-src 'none'; base-uri 'self'; form-action 'self' webto.salesforce.com *.hsforms.com www.facebook.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com; connect-src 'self' 'self' go.pressganey.com play.vidyard.com www.google-analytics.com cdn.cookielaw.org 972-oec-621.mktoresp.com 972-oec-621.mktoutil.com secure.adnxs.com stats.g.doubleclick.net bam.nr-data.net privacyportal.onetrust.com geolocation.onetrust.com www.google.com adservice.google.com *.googleapis.com *.googletagmanager.com *.googleapis.com maps.googleapis.com *.google.com *.6sc.co digitalfeedback.us.confirmit.com vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.hsforms.com *.cdntwrk.com js.hs-banner.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com www.facebook.com cdn.linkedin.oribi.io *.hubspot.com analytics.google.com *.zi-scripts.com ws.zoominfo.com api.hubapi.com 61d78a8eb35a9f00ecfd7ee9.config.smooch.io jobpal-sm.s3.amazonaws.com pressganey.com cdn.growthbook.io px.ads.linkedin.com *.castos.com; font-src 'self' data: fonts.gstatic.com *.cdntwrk.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com ; media-src 'self' blob: data: *.wistia.com *.wistia.net embedwistia-a.akamaihd.net embed-fastly.wistia.com *.google.com *.hubspot.com jobpal-sm.s3.amazonaws.com pressganey.com *.castos.com; img-src https: data:; report-uri https://pressganey.report-uri.com/r/t/csp/enforce 1
default-src 'self';style-src 'report-sample' 'self' https://fonts.googleapis.com 'unsafe-inline';script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' blob: https://www.brainvire.com https://revamp.brainvire.com https://revamp.brainvire.com/v2/ https://www.brainvire.com/v2/ https://*.cloudflareinsights.com https://static.cloudflareinsights.com;script-src-elem 'unsafe-inline' 'self' https://revamp.brainvire.com https://www.googleadservices.com https://revamp.brainvire.com/v2/ https://www.brainvire.com/v2/ https://www.brainvire.com https://static.cloudflareinsights.com https://maps.googleapis.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.gstatic.com http://www.gstatic.com https://www.google-analytics.com https://www.clarity.ms https://*.clarity.ms;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;img-src 'self' blob: data: https://*.clarity.ms https://c.bing.com https://c.clarity.ms https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://i.ytimg.com/ https://revamp.brainvire.com https://www.google.co.in https://www.brainvire.com https://www.google.com;media-src 'self' https://www.brainvire.com https://revamp.brainvire.com https://revamp.brainvire.com/v2/ https://www.brainvire.com/v2/;frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com https://widget.clutch.co/ https://www.youtube.com https://youtu.be/ https://www.google.com/;connect-src 'self' https://*.clarity.ms https://o.clarity.ms https://*.mailgun.net https://interviews-stagapi.brainvire.dev https://api-interviews.brainvire.dev https://www.brainvire.com https://revamp.brainvire.com https://revamp.brainvire.com/v2/ https://www.brainvire.com/v2/ https://maps.googleapis.com https://stats.g.doubleclick.net https://www.googleadservices.com https://analytics.google.com https://ipapi.co https://www.google-analytics.com https://www.google.co.in; 1
frame-ancestors 'self' https://relabel.us https://www.sos-kinderdorf.at 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://kit.fontawesome.com https://mpsnare.iesnare.com https://stage-libs.hipay.com https://libs.hipay.com https://widget.trustpilot.com https://kit-pro.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.dwin1.com https://www.googleadservices.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://sdk.privacy-center.org https://api.privacy-center.org https://www.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://b.sbox.stats.paypal.com https://sibautomation.com https://cdn.shipup.co *.abtasty.com *.googleapis.com https://pagead2.googlesyndication.com https://widget.botmind.io 1
default-src 'self' 'unsafe-inline' data: https://service.mtcaptcha.com https://service2.mtcaptcha.com https://*.investhk.gov.hk https://investhk.gov.hk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.hk https://*.googleapis.com https://*.gstatic.com https://ad.doubleclick.net https://*.fls.doubleclick.net https://ade.googlesyndication.com https://*.youtube.com https://*.baidu.com https://*.emtana.com https://e03.optimix.cn https://e03.optimix.asia https://j03.optimix.cn https://j03.optimix.asia https://libjs.s4mdsp.com https://evt.s4mdsp.com https://www.googleadservices.com/ https://*.qq.com https://qzonestyle.gtimg.cn https://usc.cpp32.com https://asc.cpp32.com https://*.youku.com https://*.teads.tv https://*.taboola.com; frame-src https://service.mtcaptcha.com https://service2.mtcaptcha.com youtube.com www.youtube.com https://player.vimeo.com https://e03.optimix.cn https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.teads.tv https://*.taboola.com 1
frame-ancestors 'self' demoapi.edplace.com *.wistia.com wistia.com *.teachingpersonnel.com *.protocol-education.com *.fleet-tutors.co.uk *.agilecollab.com; 1
frame-ancestors 'self' https://sportland.lv/ https://sportland.com/ https://en.sportland.fi/ https://sportland.ee/ https://ru.sportland.ee/ https://ru.sportland.lt/ https://ru.sportland.lv/ https://sportland.lt/ https://pl.sportland.com/ https://sportland.fi/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
default-src     'self' 'unsafe-inline'; connect-src     'self' 'unsafe-inline' *.optibelt.com *.googletagmanager.com *.google-analytics.com *.b-ite.com; script-src      'self' 'unsafe-inline' 'unsafe-eval' *.optibelt.com  *.googletagmanager.com *.google-analytics.com *.b-ite.com; style-src       'self' 'unsafe-inline' *.optibelt.com; font-src        'self' 'unsafe-inline' data: *.optibelt.com; img-src         'self' *.optibelt.com  data: *.google-analytics.com *.ytimg.com; media-src       'self' *.optibelt.com; frame-ancestors 'self' *.optibelt.com; frame-src       'self' *.optibelt.com  www.youtube.com www.youtube-nocookie.com *.youtu.be *.facebook.com *.partcommunity.com media.video.taxi *.issuu.com; object-src     'none' 1
report-uri /tullettprebon/report-csp-violation; upgrade-insecure-requests 1
default-src https: 'self' *.adur-worthing.gov.uk; img-src 'self' www.google-analytics.com customer.cludo.com www.gstatic.com maps.gstatic.com maps.googleapis.com translate.google.com data: *.adur-worthing.gov.uk; script-src 'self' *.adur-worthing.gov.uk *.cludo.com www.google-analytics.com www.googletagmanager.com www.google.com ajax.googleapis.com maps.googleapis.com maps.google.co.uk www.gstatic.com api-bridge.azurewebsites.net www.smartsurvey.co.uk static.hotjar.com script.hotjar.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.adur-worthing.gov.uk fonts.googleapis.com translate.googleapis.com 'unsafe-inline'; font-src 'self' *.adur-worthing.gov.uk fonts.gstatic.com assets.nhs.uk; connect-src 'self' *.adur-worthing.gov.uk www.google-analytics.com region1.google-analytics.com maps.googleapis.com api.cludo.com api.nhs.uk content.hotjar.io in.hotjar.com metrics.hotjar.io vc.hotjar.io ws: ws.hotjar.com; object-src 'self'; frame-src 'self' *.adur-worthing.gov.uk www.google.com calendar.google.com www.google.co.uk www.youtube.com www.smartsurvey.co.uk player.vimeo.com www.podbean.com embed.stepchange.org; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.lytics.io *.segment.com *.mathtag.com *.doubleclick.net *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lytics.io fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org *.doubleclick.net *.google.com www.google.hr images.ctfassets.net pixel.tapad.com *.lytics.io *.amazon-adsystem.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.adsrvr.org *.mathtag.com *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.honey.io https://cs.iubenda.com/ https://*.youtube.com https://*.typeform.com https://audientstaging.wpengine.com https://td.doubleclick.net https://*.analytics.google.com https://maps.googleapis.com https://*.googletagmanager.com https://*.googletagmanager.com https://gstatic.com https://docs.google.com https://analytics.google.com https://region1.analytics.google.com https://www.gstatic.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://hits-i.iubenda.com/ https://www.iubenda.com  https://stats.g.doubleclick.net https://consentcdn.cookiebot.com https://ajax.googleapis.com https://p.typekit.net https://r1.trackedweb.net/ https://facebook.com https://www.facebook.com https://cdnjs.cloudflare.com https://use.typekit.net https://consent.cookiebot.com https://www.google-analytics.com/ https://code.jquery.com https://static.trackedweb.net https://www.googletagmanager.com https://www.googletagmanager.com https://fonts.googleapis.com https://audient.com https://cdn.iubenda.com https://connect.facebook.net https://fonts.gstatic.com https://evo.audio/ https://evositestaging.wpengine.com https://www.youtube.com; img-src 'self' data:  'unsafe-inline' https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://ade.googlesyndication.com https://googlesyndication.com https://analytics.google.com https://www.google.com https://www.google.co.uk/ https://www.facebook.com https://www.googletagmanager.com https://fonts.googleapis.com https://audient.com https://cdn.iubenda.com https://connect.facebook.net https://fonts.gstatic.com https://www.google-analytics.com https://evo.audio https://evositestaging.wpengine.com; object-src 'self' 'unsafe-inline' https://www.youtube.com https://maps.googleapis.com https://www.googletagmanager.com https://analytics.google.com https://fonts.googleapis.com https://audient.com https://cdn.iubenda.com https://fonts.gstatic.com https://docs.google.com/ https://gstatic.com https://evo.audio https://td.doubleclick.net https://evositestaging.wpengine.com; 1
default-src 'self' https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://wc.eprinsa.es https://cdn.syndication.twimg.com https://platform.twitter.com https://ajax.googleapis.com moz-extension://* https://googleapis.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.tiempo.com https://www.eltiempo.es https://www.tutiempo.net https://www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://maps.googleapis.com https://googleapis.com https://www.googletagmanager.com  https://www.eltiempo.es https://www.google-analytics.com/ https://connect.facebook.net https://www.tiempo.com https://www.google.com https://www.tutiempo.net https://platform.twitter.com https://cdn.syndication.twimg.com https://assets.pinterest.com https://assets.pinterest.com https://widgets.pinterest.com https://www.instagram.com https://widgets.waqi.info https://www.gstatic.com https://static.dialogflow.com https://ajax.googleapis.com; connect-src 'self' https://ai.elegantthemes.com https://apis.dipucordoba.es https://apis2.dipucordoba.es https://*.google-analytics.com https://maps.googleapis.com https://cloud.elegantthemes.com https://googleapis.com https://yoast.com https://dialogflow.cloud.google.com https://stats.g.doubleclick.net; img-src 'self' data: https://toolset.com https://wp.eprinsa.es https://*.w.org https://www.dipucordoba.es https://via.placeholder.com http://dipucordoba.es https://dipucordoba.es https://googleapis.com https://www.elegantthemes.com https://wp.eprinsa.es https://maps.googleapis.com https://maps.gstatic.com https://www.hitwebcounter.com https://www.google-analytics.com https://secure.gravatar.com https://www.facebook.com https://i.ytimg.com https://w.bookcdn.com https://hitwebcounter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://log.pinterest.com https://i.pinimg.com https://www.googletagmanager.com https://apis.dipucordoba.es https://apis2.dipucordoba.es; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com https://stackpath.bootstrapcdn.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://centrovirtual.educacion.es https://dipucordoba.es https://i.vimeocdn.com https://player.vimeo.com https://mapserver.eprinsa.es https://www.tiempo.com https://www.eltiempo.es https://www.tutiempo.net https://www.google.com https://maps.google.com https://www.facebook.com https://www.youtube.com https://www.elegantthemes.com https://www.andalucialive.com https://platform.twitter.com https://syndication.twitter.com https://mapserver.eprinsa.es https://www.instagram.com; 1
frame-ancestors 'self' https://*.toyota.ch https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://*.garage-berset.ch https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88 https://garage-saugy.ch; 1
frame-ancestors https://maap-mmds.prismic.io https://maap.cc/ https://maap.cc https://my.maap.cc https://*.maap.cc 1
default-src 'self' 'nonce-7432325a5744384a4d6f4f326937617a426b5a47626956495639673159474a3330577337314375466f4f513d' blob: data: https: 'strict-dynamic';connect-src 'self' *.visualwebsiteoptimizer.com app.vwo.com 'nonce-7432325a5744384a4d6f4f326937617a426b5a47626956495639673159474a3330577337314375466f4f513d' blob: data: https: 'strict-dynamic';script-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://googletagmanager.com https://tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com 'nonce-7432325a5744384a4d6f4f326937617a426b5a47626956495639673159474a3330577337314375466f4f513d' data: https: 'strict-dynamic';script-src-elem 'self' *.visualwebsiteoptimizer.com app.vwo.com 'nonce-7432325a5744384a4d6f4f326937617a426b5a47626956495639673159474a3330577337314375466f4f513d' data: https: 'strict-dynamic';style-src 'self' https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com hello.myfonts.net 'unsafe-inline' data: https: 'strict-dynamic';img-src 'self' https://www.google.com https://google.com https://googleads.g.doubleclick.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com apps.jobadder.com 'unsafe-inline' data: https: 'strict-dynamic';frame-src 'self' https://bid.g.doubleclick.net https://*.fls.doubleclick.net app.vwo.com *.visualwebsiteoptimizer.com 'unsafe-inline' data: https: 'strict-dynamic';font-src 'self' https://fonts.gstatic.com 'unsafe-inline' data: https: 'strict-dynamic';worker-src 'self' 'nonce-7432325a5744384a4d6f4f326937617a426b5a47626956495639673159474a3330577337314375466f4f513d' blob: https:; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.redditstatic.com/ads/pixel.js https://googleads.g.doubleclick.net https://d6unz3nsyh8vw.cloudfront.net/3SFv8DuWrRsddehY9xMi45LjA.js https://*.googletagmanager.com https://www.google.com https://consent.cookiebot.com https://www.gstatic.com https://*.google-analytics.com https://tagmanager.google.com https://snap.licdn.com https://connect.facebook.net https://consentcdn.cookiebot.com https://www.youtube.com https://player.vimeo.com https://www.connexys.nl https://analytics.apg.nl https://www.googleadservices.com https://js.monitor.azure.com https://static.hotjar.com https://script.hotjar.com https://platform.instagram.com https://collection.passfort.com https://www.instagram.com;object-src 'self';style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://static.hotjar.com https://script.hotjar.com;img-src 'self' data: https://alb.reddit.com https://px.ads.linkedin.com https://www.facebook.com https://www.linkedin.com https://i.ytimg.com https://*.g.doubleclick.net https://*.google.com https://*.google.nl https://*.googletagmanager.com https://*.cookiebot.com https://*.googlesyndication.com https://*.google-analytics.com https://www.gstatic.com https://ssl.gstatic.com https://static.hotjar.com https://script.hotjar.com;media-src 'self';frame-src 'self' https://*.google.com/ https://www.googletagmanager.com https://acceptatie.connexys.nl https://www.connexys.nl https://consentcdn.cookiebot.com https://youtube.com https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://*.soundcloud.com https://localfocuswidgets.net https://*.hotjar.com https://*.hotjar.io https://collection.passfort.com https://www.instagram.com;font-src 'self' data: https://script.hotjar.com;connect-src 'self' https://cdn.linkedin.oribi.io https://com-vonq-main.collector.snplow.net https://*.google-analytics.com https://*.googletagmanager.com https://consentcdn.cookiebot.com https://*.passfort.com https://*.g.doubleclick.net https://noembed.com https://cdn.plyr.io https://analytics.apg.nl https://dc.services.visualstudio.com https://*.googlesyndication.com https://*.google.com https://*.google.nl https://*.linkedin.com https://www.redditstatic.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;base-uri 'self';frame-ancestors 'self';manifest-src 'self';upgrade-insecure-requests;block-all-mixed-content 1
default-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com code.jquery.com pagecdn.io www.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com www.youtube.com z.moatads.com v1.addthisedge.com m.addthis.com s7.addthis.com www.gstatic.com www.google.com www.googletagmanager.com cdn-ukwest.onetrust.com ssl.google-analytics.com extend.vimeocdn.com staticcontents.investisdigital.com www.google-analytics.com analytics.google.com polaris.brighterir.com sirius.brighterir.com www.asset.tv platform.asset.tv ssl.p.jwpcdn.com blob:; frame-src 'self' otp.tools.investis.com www.connectidfeed.com api-90ecfa1b.duosecurity.com player.vimeo.com irs.tools.investis.com s7.addthis.com www.google.com polaris.brighterir.com sirius.brighterir.com www.asset.tv icgam.qumucloud.com; connect-src 'self' region1.google-analytics.com yoast.com my.wpengine.com cdn-ukwest.onetrust.com www.google-analytics.com geolocation.onetrust.com analytics.google.com stats.g.doubleclick.net polaris.brighterir.com sirius.brighterir.com *.mediamanager.io *.litix.io; img-src 'self' 'unsafe-inline' data: code.jquery.com s.w.org dify.wpengine.com secure.gravatar.com ssl.google-analytics.com www.w3.org cdn-ukwest.onetrust.com stats.g.doubleclick.net i.vimeocdn.com analytics.google.com polaris.brighterir.com sirius.brighterir.com *.mediamanager.io; font-src 'self' 'unsafe-inline' data: 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval' *.dualstackdns.com 1
default-src 'self' https://staging.microban24.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.segment.com *.youtube.com *.bazaarvoice.com https://js.adsrvr.org https://pghub.io https://connect.facebook.net https://script.crazyegg.com https://www.googletagmanager.com https://www.google-analytics.com *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; img-src 'self' data: *.cookielaw.org *.doubleclick.net *.bazaarvoice.com *.google-analytics.com https://i.ytimg.com https://www.facebook.com https://match.adsrvr.org *.google.com https://images.ctfassets.net https://pixel.tapad.com feed.pghub.io pandg.tapad.com ; connect-src 'self' https://privacyandterms.azureedge.net *.segment.com *.segment.io *.adsrvr.org *.bazaarvoice.com https://az-apigateway-cs-prod-20180702.azure-api.net *.algolia.net https://stats.g.doubleclick.net https://script.crazyegg.com https://region1.google-analytics.com https://www.google-analytics.com https://cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; frame-src 'self' https://www.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://consumersupport.pg.com https://insight.adsrvr.org https://pandg.tapad.com *.doubleclick.net feed.pghub.io pandg.tapad.com ; 1
frame-ancestors https://consort.clydetravel.com https://test-consort.clydetravel.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data:; media-src * blob: 1
frame-ancestors 'self'; object-src https://*.ediblearrangements.ca/; media-src https://*.ediblearrangements.ca/ 1
default-src 'self' 'unsafe-inline' data: https://*.wp.com/ https://c.bing.com https://www.googletagmanager.com https://*.google-analytics.com https://*.googleusercontent.com https://maps.google.com https://www.google.com https://www.gstatic.com https://cdn.simplesat.io/ https://api.simplesat.io https://fonts.googleapis.com/ https://www.youtube.com/; img-src 'self' https: data:; font-src 'self' https: data: fonts.gstatic.com; report-uri 'self'; frame-src https://maps.google.com https://www.google.com https://player.vimeo.com https://www.youtube.com/; worker-src 'self' blob: 1
object-src 'self'; frame-src *; font-src 'self' http://djnlel5w494kt.cloudfront.net/fonts/ fonts.gstatic.com; 1
frame-src 'self' 'unsafe-inline' https://xd.adobe.com https://www.youtube.com https://widgets.golomtbank.   /messenger https://www.google.com/ blob: data: filesystem:; object-src 'self' blob: filesystem: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; default-src *; img-src 'self' data: *; script-src 'self' 'unsafe-inline' https://www.google.com https://www.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.youtube.com https://widgets.golomtbank.com https://xd.adobe.com; report-uri https://glmt.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' data: publiccl1.fidelizador.com fonts.googleapis.com fonts.gstatic.com *.google.com *.google-analytics.com www.gstatic.com *.facebook.com *.facebook.net https://www.youtube.com *.twimg.com *.twitter.com www.google-analytics.com www.googletagmanager.com us.bbcollab.com https://imasdk.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://www.google.com https://www.googletagmanager.com https://imasdk.googleapis.com; worker-src 'self' 'unsafe-inline' https://www.ugm.cl 1
default-src 'self' *.lr.edu lr.edu youtu.be *.youtu.be www.youtu.be.com www.youtube.com youtube.com *.youtube.com ytimg.com *.ytimg.com cse.google.com csp.withgoogle.com www.google-analytics.com *.g.doubleclick.net apply-lr-edu.cdn.technolutions.net *.adsrvr.org *.adroll.com *.facebook.com *.jotform.com js.stripe.com www.facebook.com app.smartsheet.com d.adroll.com *.cloudtables.io *.cloudtables.com *.infogram.com *.cloudtables.io *.mktoutil.com widgets.jotform.io *.jotform.io; script-src 'self' *.lr.edu lr.edu 'unsafe-inline' 'unsafe-eval' *.technolutions.net googletagmanager.com google.com *.google-analytics.com *.googletagmanager.com *.google.com googleads.g.doubleclick.com googleads.g.doubleclick.net partner.googleadservices.com code.jquery.com cdn.jsdelivr.net script.hotjar.com static.hotjar.com connect.facebook.net *.adroll.com *.smtrk.net *.monsido.com  youtu.be *.youtu.be *.adsrvr.org *.adsrvr.com *.adsrvr.net cbe.capturehighered.net https://mx.technolutions.net bma.nr-data.net *.newrelic.com *.smtrk.net form.jotform.com *.jotfor.ms *.stripe.com cdnjs.cloudflare.com *.33.across.com *.googleadservices.com doublethedonation.com lex.33across.com cognitoforms.com script.hotjar.com bam.nr-data.net *.cognitoforms.com www.youtube.com youtube.com *.youtube.com *.ytimg.com ytimg.com unpkg.com app.smartsheet.com app-script.monsido.com *.facebook.net *.newrelic.com google.co.id google.ee *.cloudtables.io *.cloudtables.com *.infogram.com *.cloudtables.io *.marketo.net widgets.jotform.io *.jotform.; object-src 'self' *.lr.edu lr.edu; style-src 'self' *.lr.edu lr.edu www.google.com 'unsafe-inline' use.typekit.net p.typekit.net fw.cdn.technolutions.net slate-technolutions-net.cdn.technolutions.net *.jotfor.ms doublethedonation.com *.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com *.cloudtables.io *.cloudtables.com *.infogram.com app.smartsheet.com widgets.jotform.io *.jotform.io cdn.honey.io data:; img-src https://* data:; media-src 'self' *.lr.edu lr.edu; frame-src 'self' *.lr.edu lr.edu youtu.be *.youtu.be ytimg.com *.ytimg.com *.adsrvr.org jotform.com *.jotform.com submit.jotform.com js.stripe.com apply.lr.edu facebook.com youtube.com www.youtube.com *.youtube.com cse.google.com *.doubleclick.net app.smartsheet.com *.google.com submit.jotform.com *.cloudtables.io *.cloudtables.com *.infogram.com www.adsensecustomsearchads.com widgets.jotform.io *.jotform.io; child-src 'self' *.lr.edu lr.edu; font-src 'self' *.lr.edu lr.edu 'unsafe-inline' use.typekit.net *.jotfor.ms doublethedonation.com data: fonts.gstatic.com *.cloudtables.io *.cloudtables.com *.infogram.com; connect-src 'self' *.lr.edu lr.edu mx.technolutions.net youtu.be *.youtu.be www.google-analytics.com googleapis.com *.googleapis.com www.google.com stats.g.doubleclick.net content.hotjar.io *.hotjar.io *.adroll.com doublethedonation.com wsp33.hotjar.com *.jotform.com in.hotjar.com *.hotjar.com *.stripe.com stripe.com apply-lr-edu.cdn.technolutions.net cbe.capturehighered.net bam.nr-data.net *.cognitoforms.com csp.withgoogle.com www.facebook.com studio.afw.mdl.io adservice.google.com *.googlesyndication.com *.google-analytics.com *.monsido.com wss://ws.hotjar.com fw.cdn.technolutions.net facebook.com *.facebook.com instagram.com *.cloudtables.io *.cloudtables.com *.infogram.com *.instagram.com data:* *.mktoresp.com *.mktoutil.com; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://famichiki.jp; img-src 'self' https: data: blob: https://famichiki.jp; style-src 'self' https://famichiki.jp 'nonce-rgK83FIqVaBKxGtI8L5JjQ=='; media-src 'self' https: data: https://famichiki.jp; frame-src 'self' https:; manifest-src 'self' https://famichiki.jp; form-action 'self'; child-src 'self' blob: https://famichiki.jp; worker-src 'self' blob: https://famichiki.jp; connect-src 'self' data: blob: https://famichiki.jp https://cdn.famichiki.jp wss://famichiki.jp; script-src 'self' https://famichiki.jp 'wasm-unsafe-eval' 1
default-src  'self' tkz.one *.tkz.one; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.tkz.one tkz.one;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.tkz.one tkz.one *.tkz.es; cdn.jsdelivr.net;  style-src    'self' 'unsafe-inline' *.tkz.one tkz.one cdn.jsdelivr.net;  font-src     'self' data: *.tkz.one tkz.one;  frame-src    'self' tkz.one *.tkz.one *.youtube.com *.tkz.es;  object-src   'self' ; 1
frame-ancestors 'self' colgate.experiencecloud.adobe.com experience.adobe.com adobe.com us1-proxy.adobemc.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tenforward.social; img-src 'self' https: data: blob: https://tenforward.social; style-src 'self' https://tenforward.social 'nonce-aXYtx1mUW5P9GvnTo4qqeA=='; media-src 'self' https: data: https://tenforward.social; frame-src 'self' https:; manifest-src 'self' https://tenforward.social; form-action 'self'; child-src 'self' blob: https://tenforward.social; worker-src 'self' blob: https://tenforward.social; connect-src 'self' data: blob: https://tenforward.social https://cdn.tenforward.social wss://tenforward.social; script-src 'self' https://tenforward.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.eastdevon.gov.uk *.google-analytics.com www.googletagmanager.com *.google.com *.gstatic.com *.siteimprove.com *.mxpnl.com *.govdelivery.com tickets.manorpavilion.com *.strata.solutions *.arcgis.com *.siteimproveanalytics.io *.licdn.com *.arcgisonline.com *.strata.solutions *.ons.gov.uk https://cdn.ons.gov.uk *.electoralcommission.org.uk; object-src 'self'; style-src 'self' 'unsafe-inline' *.fonts.googleapis.com *.googleapis.com *.arcgis.com *.govdelivery.com; img-src 'self' *.blob.core.windows.net *.siteimproveanalytics.io data: *.eastdevon.gov.uk *.govdelivery.com *.google-analytics.com *.googletagmanager.com *.siteimprove.com *.arcgis.com *.arcgisonline.com *.strata.solutions *.linkedin.com https://ukelectoralcommission.files.wordpress.com; media-src 'self' data:; child-src 'self' https://new.devon.gov.uk/ https://www.youtube.com/ https://www.google.com/ tickets.manorpavilion.com; font-src 'self'  *.gstatic.com *.arcgis.com data:; connect-src  *.eastdevon.gov.uk 'self' *.google-analytics.com *.siteimprove.com http://api.mixpanel.com *.arcgis.com *.arcgisonline.com *.strata.solutions https://cdn.linkedin.oribi.io; form-action 'self' *.govdelivery.com; frame-ancestors 'self'; frame-src 'self' tickets.manorpavilion.com youtube.com *.youtube.com maps.strata.solutions *.ons.gov.uk; 1
default-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self' https://www.paypal.com; script-src 'self' https://unpkg.com/ https://code.jquery.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://e.widgetbot.io https://www.datadoghq-browser-agent.com https://api.lovense.com 'unsafe-inline'; style-src 'self' https://unpkg.com/ https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com data:; img-src 'self' http: https: data:; connect-src 'self' wss://www.erofights.com/cable wss://stonks.widgetbot.io/ws/graphql https://stonks.widgetbot.io/api/graphql https://e.widgetbot.io/ https://api.lovense.com *.lovense.club:*; manifest-src 'self'; media-src 'self' http: https:;  frame-src https://*.widgetbot.io https://widgetbot.io https://discord.com/ https://www.eporner.com https://hypnotube.com https://www.redgifs.com https://www.xvideos.com https://*.pornhub.com https://www.dailymotion.com https://www.youtube.com https://heavyfetish.com https://spankbang.com https://www.spankbang.com 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'self' https://*.omappapi.com https://*.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://go.wilmingtonplc.com https://www.googletagmanager.com https://tagmanager.google.com https://snap.licdn.com https://munchkin.marketo.net https://a.omappapi.com/app/ https://api.livechatinc.com https://cdn.livechatinc.com https://app.termly.io https://cdn.shareaholic.net https://m9m6e2w5.stackpathcdn.com https://partner.shareaholic.com https://app.termly.io https://z.omappapi.com/ https://widget.manychat.com https://www.google.com https://script.crazyegg.com/ https://www.shareaholic.com https://www.gstatic.com/recaptcha/releases/3kTz7WGoZLQTivI-amNftGZO/recaptcha__en_gb.js https://www.gstatic.com https://www.coursecheck.com/ https://www.google-analytics.com/ https://cdn.openshareweb.com/ https://wilmingtonplc--uat.sandbox.my.site.com https://wilmingtonplc--uat.sandbox.my.salesforce-scrt.com https://wilmingtonplc--uat.sandbox.my.salesforce.com https://service.force.com https://d.la1-c1cs-lo2.salesforceliveagent.com https://static.lightning.force.com https://wilmingtonplc--uat.sandbox.my.salesforce-sites.com https://wilmingtonplc.my.salesforce.com https://d.la3-c2-fra.salesforceliveagent.com https://wilmingtonplc.my.salesforce-sites.com https://cdn.cookie-script.com/; worker-src 'self' blob:; object-src 'none'; font-src 'self' https://fonts.gstatic.com https://cdn.livechatinc.com https://m9m6e2w5.stackpathcdn.com data:; connect-src 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://936-frz-719.mktoresp.com https://cdn.linkedin.oribi.io/partner/1212497 https://api.omappapi.com https://app.termly.io https://cdn.linkedin.oribi.io/partner/1212497/domain/int-comp.org/token https://a.omappapi.com https://analytics.shareaholic.com https://www.shareaholic.net https://www.shareaholic.com https://www.google.co.uk https://wilmingtonplc--uat.sandbox.my.salesforce-scrt.com https://*.crazyegg.com https://wilmingtonplc--uat.sandbox.my.salesforce-sites.com https://wilmingtonplc.my.salesforce.com https://wilmingtonplc.my.salesforce-sites.com https://region1.google-analytics.com; img-src https: data: https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; style-src https://www.youtube.com https://go.wilmingtonplc.com https://tagmanager.google.com https://fonts.googleapis.com https://a.omappapi.com/app/ https://wilmingtonplc--uat.sandbox.my.site.com https://service.force.com https://wilmingtonplc--uat.sandbox.my.salesforce-sites.com https://wilmingtonplc.my.salesforce.com https://wilmingtonplc.my.salesforce-sites.com 'unsafe-inline' 'self'; media-src https:; frame-ancestors 'self'; base-uri 'self'; frame-src https://www.youtube.com https://widget.trustpilot.com https://www.google.com https://go.wilmingtonplc.com https://secure.livechatinc.com https://cdnapisec.kaltura.com https://app.termly.io https://service.force.com 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self' optimize.google.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vk.com vkontakte.ru api.facebook.com urls.api.twitter.com vk.com www.google-analytics.com mc.yandex.ru https://cackle.me https://*.cackle.me https://yastatic.net/share2/share.js https://yastatic.net/metrika/1.84.930/cdn/inpage-remote/inpage-remote.ru.js https://mc.yandex.ru/metrika/watch.js https://yastatic.net/s3/metrika/1.155.4/cdn/inpage-remote/_inpage-remote_ru.js https://clck.yandex.ru/jclck/ https://cdn.jivosite.com/ https://code.jivosite.com/ https://apis.google.com https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://informer.yandex.ru https://metrika-informer.com https://cdn.jsdelivr.net/npm/yandex-metrica-watch/watch.js rambler.ru counter.rambler.ru www.liveinternet.ru top-fwz1.mail.ru 1
default-src 'self' www.youtube.com www.googletagmanager.com www.sortlist.com fonts.googleapis.com fonts.gstatic.com region1.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.youtube.com www.googletagmanager.com www.sortlist.com fonts.googleapis.com fonts.gstatic.com region1.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
'nonce-{random}' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http: 1
frame-ancestors 'self' https://*.generali.com.tr 1
default-src 'self'; connect-src 'self' *.fortum.no *.fortum.com *.livechatinc.com *.pingdom.net https://*.clarity.ms sc-static.net *.snapchat.com cdn.cookielaw.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.no https://*.google.se https://*.google.fi privacyportal-eu.onetrust.com *.onetrust.com cdn.horizons.confirmit.eu api.puzzel.com euwa.puzzel.com *.abtasty.com; font-src 'self'; img-src 'self' data: *.fortum.no *.fortum.com *.livechatinc.com https://*.clarity.ms sc-static.net *.snapchat.com cdn.cookielaw.org *.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://*.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://*.google.com https://google.com https://*.google.no https://*.google.se https://*.google.fi https://*.fls.doubleclick.net www.facebook.com epost.fortum.no strom.fortum.no https://*.siteimproveanalytics.io *.abtasty.com bat.bing.com c.bing.com; script-src 'self' 'unsafe-inline' *.fortum.no *.fortum.com *.livechatinc.com *.pingdom.net https://*.clarity.ms https://c.bing.com sc-static.net *.snapchat.com cdn.cookielaw.org https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com connect.facebook.net in.taskanalytics.com cdn.horizons.confirmit.eu horizons.confirmit.eu https://siteimproveanalytics.com bat.bing.com euwa.puzzel.com api.puzzel.com try.abtasty.com blob: *.abtasty.com; child-src 'self' *.fortum.no *.fortum.com *.livechatinc.com data: ; frame-src 'self' *.fortum.no *.fortum.com *.livechatinc.com sc-static.net *.snapchat.com player.vimeo.com/video/ www.youtube.com/embed/ horizons.confirmit.eu *.doubleclick.net https://*.fls.doubleclick.net; style-src 'self' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.qualtrics.com *.siteintercept.qualtrics.com *.yul1.qualtrics.com; object-src 'self'; base-uri 'self' https://*.skandia.co https://*.skandia.com.co https://skandia.co https://skandia.com.co; worker-src 'self' blob:; frame-ancestors 'self' https://*.skandia.co https://*.skandia.com.co https://skandia.co https://skandia.com.co; upgrade-insecure-requests 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-MDU1N2IxNWUtNDg2NC00ZDQ2LTgzNGEtMmI2YzZhNDA0ZTMy'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
frame-ancestors 'self' https://*.orangedox.com; 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; script-src 'self' https: 'unsafe-inline'; style-src 'self' https: data: 'unsafe-inline'; frame-ancestors 'none'; report-uri https://sentry.42he.com/api/3/security/?sentry_key=c45a7c14fe8e4379af9e88c5aa179d47 1
child-src insurance.carcogroup.com; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com analytics.google.com; default-src 'self'; font-src 'self' fonts.gstatic.com themes.googleusercontent.com; form-action 'self' https://sitelocator.carcogroup.com; frame-ancestors 'self'; frame-src 'self' insurance.carcogroup.com agent.carcogroup.com player.vimeo.com engage.newmode.net; img-src 'self' https://www.facebook.com shield.sitelock.com stats.g.doubleclick.net www.google-analytics.com www.google.com www.googletagmanager.com cdn.ckeditor.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://connect.facebook.net  https://player.vimeo.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com analytics.google.com cdn.ckeditor.com engage.newmode.net blog.apps.npr.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.ckeditor.com hello.myfonts.net; report-uri https://cisive.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' *.brin.go.id *.lapan.go.id *.batan.go.id *.bppt.go.id *.lipi.go.id; 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.kr https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.kr https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.kr;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.kr  https://smetrics.vwfs.kr https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com https://*.google.kr;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.kr https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.kr https://smetrics.vwfs.kr https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.kr http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com ;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net ;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu *.datatables.net *.piwik.pro; script-src 'unsafe-inline' 'unsafe-eval' wss://*.zopim.com *.webinargeek.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu *.piwik.pro *.typeform.com; style-src 'unsafe-inline' wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; img-src data: wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; font-src data: wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; media-src wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; frame-src *.webinargeek.com wss://*.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.bureau-ice.nl *.proudtest.com *.wp.com *.wordpress.com *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.bootstrapcdn.com *.fontawesome.com *.doubleclick.net *.toets.nl *.youtube-nocookie.com *.youtube.com *.ytimg.com *.publitas.com *.postcodeapi.nu; object-src *.youtube.com *.youtube-nocookie.com *.postcodeapi.nu  1
default-src 'self' * data: 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.venueops.com; 1
default-src  https://etec.gov.sa  https://www.etec.gov.sa https://cdn.etec.gov.sa https://beta.etec.gov.sa:3443 https://cdn.etec.gov.sa https://spapi.etec.gov.sa:1443 https://spapi.etec.gov.sa:2443 https://beta.etec.gov.sa:4443 *.etec.gov.sa *.nca.local 'unsafe-inline';frame-src https://www.google.com   https://spapi.etec.gov.sa:2443 https://www.youtube.com ; connect-src  * 'self' ; img-src https://etec.gov.sa  https://www.etec.gov.sa https://cdn.etec.gov.sa https://etec.gov.sa https://spapi.etec.gov.sa:2443 https://img.youtube.com  data:;font-src https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com/ 'self' data:;script-src 'self' https://etec.gov.sa  https://www.etec.gov.sa https://maps.googleapis.com https://www.googletagmanager.com https://cdn.etec.gov.sa 'unsafe-inline';style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdn.etec.gov.sa  'unsafe-inline'  1
default-src 'self'; media-src 'self' https://*.zdassets.com/ https://app.posthog.com; frame-src 'self' https://hooks.stripe.com https://*.clickcease.com/ https://winegallery.netlify.com/ https://*.goodpairdays.com/ https://*.youtube.com/ https://*.facebook.net/ https://*.facebook.net/*/ https://*.facebook.com/ https://*.facebook.com/*/ https://goodpairdays.zendesk.com/ https://winegallery.zendesk.com/ https://*.google.com/ https://*.googlesyndication.com/ https://bid.g.doubleclick.net/ https://js.stripe.com/ https://app.netlify.com/ https://netlify-cdp-loader.netlify.app/ https://td.doubleclick.net/; frame-ancestors 'self' https://js.stripe.com/ https://*.googlesyndication.com/ https://*.yotpo.com/ https://*.goodpairdays.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/ https://*.clickcease.com/ https://goodpairdays.zendesk.com/ https://winegallery.zendesk.com/ https://app.posthog.com https://cdn.jsdelivr.net/ https://api.ideal-postcodes.co.uk/ https://api.addressfinder.io/ https://widget-mediator.zopim.com/ https://googleads.g.doubleclick.net/ https://static.zdassets.com/ https://d33wubrfki0l68.cloudfront.net/ https://googletagmanager.com/ https://googletagmanager.com/*/ https://*.googletagmanager.com/ https://*.googletagmanager.com/*/ https://*.googleadservices.com/ https://*.googleadservices.com/*/ https://*.facebook.com/ https://*.facebook.com/*/ https://*.facebook.net/ https://*.facebook.net/*/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://*.google-analytics.com/*/ https://*.yotpo.com/ https://*.google.com/ https://*.google.com/*/ https://*.google.com.au/ https://*.google.com.au/*/ https://*.google.co.uk/ https://*.google.co.uk/*/ https://*.googleapis.com/ https://cdn.segment.com/ https://cdn.segment.com/v1/projects/SgIQJEuiurOd0tD827mZ0CF0Jcj7HNtE/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* https://app.netlify.com/ https://netlify-cdp-loader.netlify.app/; connect-src 'self' https://*.s3.amazonaws.com/ https://*.goodpairdays.com https://www.instagram.com https://app.posthog.com https://*.googleapis.com https://extreme-ip-lookup.com https://gpd-guides.ghost.io/ https://the-last-glass.ghost.io https://*.youtube.com/ https://goodpairdays.zendesk.com/ https://*.clickcease.com/ https://winegallery.zendesk.com/ https://api.ideal-postcodes.co.uk/ https://api.addressfinder.io/ https://*.doubleclick.net/ https://stats.g.doubleclick.net/ https://*.google.com/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://*.google-analytics.com/*/ https://*.facebook.com/ https://*.facebook.com/*/ https://*.facebook.net/ https://*.facebook.net/*/ https://ekr.zdassets.com/ https://api.stripe.com https://*.sentry.io/ https://*.sentry.io/*/ https://sentry.io/api/ https://cdn.segment.com/v1/projects/SgIQJEuiurOd0tD827mZ0CF0Jcj7HNtE/settings https://cdn.segment.com/v1/projects/ALOhsRq1DN8KVkVJGHBy84aNJUidhI38/settings https://cdn.segment.com/analytics-next/bundles/* https://cdn.segment.com/next-integrations/integrations/* https://*.segment.io/ https://*.segment.io/*/ https://*.yotpo.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.com.ai/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gp/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.ms/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.nf/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tk/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.vg/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://api.iterable.com/ https://js.stripe.com/ https://googletagmanager.com/; img-src 'self' data: https://picsum.photos/ https://*.picsum.photos/ https://www.instagram.com https://*.ytimg.com/ https://gpd-guides.ghost.io/ https://the-last-glass.ghost.io https://*.clickcease.com/ https://cx.atdmt.com/ https://d7yj57tt7xfz4.cloudfront.net/ https://winegallery.zendesk.com/ https://*.googleadservices.com/ https://googletagmanager.com/ https://googletagmanager.com/*/ https://*.googletagmanager.com/ https://*.googletagmanager.com/*/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://*.facebook.com/ https://*.facebook.com/*/ https://*.facebook.net/ https://*.facebook.net/*/ https://*.googlesyndication.com/ https://*.google-analytics.com/ https://*.google-analytics.com/*/ https://*.goodpairdays.com/ https://*.yotpo.com/ https://ddcfq0gxiontw.cloudfront.net/ https://platform-lookaside.fbsbx.com/ https://*.gstatic.com/ https://*.googleapis.com/ https://*.google.com/ https://*.google.ad/ https://*.google.ae/ https://*.google.com.af/ https://*.google.com.ag/ https://*.google.com.ai/ https://*.google.al/ https://*.google.am/ https://*.google.co.ao/ https://*.google.com.ar/ https://*.google.as/ https://*.google.at/ https://*.google.com.au/ https://*.google.az/ https://*.google.ba/ https://*.google.com.bd/ https://*.google.be/ https://*.google.bf/ https://*.google.bg/ https://*.google.com.bh/ https://*.google.bi/ https://*.google.bj/ https://*.google.com.bn/ https://*.google.com.bo/ https://*.google.com.br/ https://*.google.bs/ https://*.google.bt/ https://*.google.co.bw/ https://*.google.by/ https://*.google.com.bz/ https://*.google.ca/ https://*.google.cd/ https://*.google.cf/ https://*.google.cg/ https://*.google.ch/ https://*.google.ci/ https://*.google.co.ck/ https://*.google.cl/ https://*.google.cm/ https://*.google.cn/ https://*.google.com.co/ https://*.google.co.cr/ https://*.google.com.cu/ https://*.google.cv/ https://*.google.com.cy/ https://*.google.cz/ https://*.google.de/ https://*.google.dj/ https://*.google.dk/ https://*.google.dm/ https://*.google.com.do/ https://*.google.dz/ https://*.google.com.ec/ https://*.google.ee/ https://*.google.com.eg/ https://*.google.es/ https://*.google.com.et/ https://*.google.fi/ https://*.google.com.fj/ https://*.google.fm/ https://*.google.fr/ https://*.google.ga/ https://*.google.ge/ https://*.google.gg/ https://*.google.com.gh/ https://*.google.com.gi/ https://*.google.gl/ https://*.google.gm/ https://*.google.gp/ https://*.google.gr/ https://*.google.com.gt/ https://*.google.gy/ https://*.google.com.hk/ https://*.google.hn/ https://*.google.hr/ https://*.google.ht/ https://*.google.hu/ https://*.google.co.id/ https://*.google.ie/ https://*.google.co.il/ https://*.google.im/ https://*.google.co.in/ https://*.google.iq/ https://*.google.is/ https://*.google.it/ https://*.google.je/ https://*.google.com.jm/ https://*.google.jo/ https://*.google.co.jp/ https://*.google.co.ke/ https://*.google.com.kh/ https://*.google.ki/ https://*.google.kg/ https://*.google.co.kr/ https://*.google.com.kw/ https://*.google.kz/ https://*.google.la/ https://*.google.com.lb/ https://*.google.li/ https://*.google.lk/ https://*.google.co.ls/ https://*.google.lt/ https://*.google.lu/ https://*.google.lv/ https://*.google.com.ly/ https://*.google.co.ma/ https://*.google.md/ https://*.google.me/ https://*.google.mg/ https://*.google.mk/ https://*.google.ml/ https://*.google.com.mm/ https://*.google.mn/ https://*.google.ms/ https://*.google.com.mt/ https://*.google.mu/ https://*.google.mv/ https://*.google.mw/ https://*.google.com.mx/ https://*.google.com.my/ https://*.google.co.mz/ https://*.google.com.na/ https://*.google.com.nf/ https://*.google.com.ng/ https://*.google.com.ni/ https://*.google.ne/ https://*.google.nl/ https://*.google.no/ https://*.google.com.np/ https://*.google.nr/ https://*.google.nu/ https://*.google.co.nz/ https://*.google.com.om/ https://*.google.com.pa/ https://*.google.com.pe/ https://*.google.com.pg/ https://*.google.com.ph/ https://*.google.com.pk/ https://*.google.pl/ https://*.google.pn/ https://*.google.com.pr/ https://*.google.ps/ https://*.google.pt/ https://*.google.com.py/ https://*.google.com.qa/ https://*.google.ro/ https://*.google.ru/ https://*.google.rw/ https://*.google.com.sa/ https://*.google.com.sb/ https://*.google.sc/ https://*.google.se/ https://*.google.com.sg/ https://*.google.sh/ https://*.google.si/ https://*.google.sk/ https://*.google.com.sl/ https://*.google.sn/ https://*.google.so/ https://*.google.sm/ https://*.google.sr/ https://*.google.st/ https://*.google.com.sv/ https://*.google.td/ https://*.google.tg/ https://*.google.co.th/ https://*.google.com.tj/ https://*.google.tk/ https://*.google.tl/ https://*.google.tm/ https://*.google.tn/ https://*.google.to/ https://*.google.com.tr/ https://*.google.tt/ https://*.google.com.tw/ https://*.google.co.tz/ https://*.google.com.ua/ https://*.google.co.ug/ https://*.google.co.uk/ https://*.google.com.uy/ https://*.google.co.uz/ https://*.google.com.vc/ https://*.google.co.ve/ https://*.google.vg/ https://*.google.co.vi/ https://*.google.com.vn/ https://*.google.vu/ https://*.google.ws/ https://*.google.rs/ https://*.google.co.za/ https://*.google.co.zm/ https://*.google.co.zw/ https://*.google.cat/ https://*.unsplash.com https://hatscripts.github.io/ https://d15k2d11r6t6rl.cloudfront.net/; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://*.yotpo.com/ https://d33wubrfki0l68.cloudfront.net/ https://*.posthog.com/ https://fonts.googleapis.com/ https://*.googleapis.com/; font-src 'self' data: https://*.yotpo.com/ https://d33wubrfki0l68.cloudfront.net/ https://fonts.gstatic.com/; object-src 'none'; report-uri https://o221921.ingest.sentry.io/api/1472073/security/?sentry_key=e20c90507248444cba0d534a66d096e7 https://o221921.ingest.sentry.io/api/5588764/security/?sentry_key=193a5affb6cd4864abe11d6c1f15ea80; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/ https://cdn.jsdelivr.net/ https://observe.spp.se/ https://googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://*.googletagmanager.com;connect-src 'self' https://cdn.cookielaw.org/ https://observe.spp.se/ https://*.onetrust.com/  wss://*.hotjar.com/  https://*.hotjar.com/ http://*.hotjar.io/ https://stats.g.doubleclick.net/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;default-src 'self' 'unsafe-eval';form-action 'self';media-src 'self';font-src 'self' https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io data:;frame-ancestors 'self' https://spp.uat.fundlist.com;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;frame-src https://spp.dev.fundlist.com https://spp.uat.fundlist.com https://www.youtube.com/ https://youtu.be/ https://www.youtube-nocookie.com/ https://*.hotjar.com/ https://*.hotjar.io/ https://open.spotify.com/ https://forms.spp.se/  'self';img-src  'self' data: https://cdn.cookielaw.org/ https://observe.spp.se/ https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.hotjar.com/ https://*.hotjar.io/ https://*.google-analytics.com https://*.googletagmanager.com 1
default-src 'self' https: blob:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://buttons-config.sharethis.com https://translate.googleapis.com https://js-agent.newrelic.com https://www.googletagmanager.com https://www.google-analytics.com https://bam.nr-data.ne https://beacon.sojern.com/ https://connect.facebook.net/ https://script.crazyegg.com/ https://count-server.sharethis.com/ choozle.com ensighten.com adsrvr.org cs.choozle.com nexus.ensighten.com match.adsrvr *.crazyegg.com https://www.googleadservices.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com maps.googleapis.com platform-api.sharethis.com translate.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.crazyegg.com cloud.typography.com https://cdn.jsdelivr.net; style-src-elem 'self' 'unsafe-inline' https://translate.googleapis.com/translate_static/css/translateelement.css cloud.typography.com https://cdn.jsdelivr.net; worker-src 'self' https: blob:; base-uri 'none'; form-action 'self' https:; upgrade-insecure-requests 1
default-src 'self' banktestov.ru securepubads.g.doubleclick.net googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' banktestov.ru fundingchoicesmessages.google.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com ajax.aspnetcdn.com an.yandex.ru cdn.ampproject.org partner.googleadservices.com adservice.google.am adservice.google.nl bplas.ru egipet.site adservice.google.com.eg adservice.google.de adservice.google.cz adservice.google.gr adservice.google.ca adservice.google.lv adservice.google.pt adservice.google.me www.googletagservices.com adservice.google.us adservice.google.ge adservice.google.fi adservice.google.sk adservice.google.at adservice.google.com.tr adservice.google.com.tj adservice.google.co.nz adservice.google.ee adservice.google.lt adservice.google.es adservice.google.se adservice.google.it adservice.google.tm adservice.google.co.th adservice.google.be adservice.google.bg adservice.google.no adservice.google.fr adservice.google.co.il adservice.google.kg adservice.google.pl adservice.google.co.uz adservice.google.az adservice.google.co.uk yastatic.net www.googletagmanager.com adservice.google.com.ua adservice.google.com adservice.google.mn adservice.google.md adservice.google.ru adservice.google.kz adservice.google.by googleads.g.doubleclick.net www.googleapis.com clients1.google.com cse.google.com login.vk.com img.yandex.net clck.yandex.ru www.google.com www.google.ru www.gstatic.com yandex.st pagead2.googlesyndication.com vk.com userapi.com cdn.jsdelivr.net mc.webvisor.org mc.yandex.com.tr mc.yandex.com mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.fr banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru www.google-analytics.com tpc.googlesyndication.com ajax.googleapis.com; object-src 'self' *.googlesyndication.com www.gstatic.com; style-src 'self' 'unsafe-inline' banktestov.ru www.google.com www.gstatic.com stackpath.bootstrapcdn.com cse.google.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; img-src 'self' data: banktestov.ru lh3.googleusercontent.com wcm-ru.frontend.weborama.fr avatars.mds.yandex.net ad.adriver.ru amc.yandex.ru cse.google.com ssl.gstatic.com favicon.yandex.net an.yandex.ru im2-tub-com.yandex.net *.verify.yandex.ru verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net *.mds.yandex.net ad.doubleclick.net *.gstatic.com www.google.co.nz www.google.by www.google.kz www.google.com.ua www.google.am www.google.fr www.google.ge www.google.sk www.google.fi www.google.com.tr www.google.es www.google.kg www.google.at www.google.az www.google.co.uz www.google.md www.google.lt www.google.de www.google.ca www.google.cz www.google.co.il www.google.nl www.google.us www.google.com.tj www.google.lv www.google.co.uk csi.gstatic.com www.google.ru stats.g.doubleclick.net www.googleapis.com clients1.google.com *.2mdn.net pagead2.googlesyndication.com www.google.pl www.google.ee www.google.com vk.com yastatic.net counter.yadro.ru mc.webvisor.org *.mc.yandex.ru mc.yandex.ru mc.yandex.com.tr mc.yandex.com mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.fr www.google-analytics.com; media-src 'self' banktestov.ru *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net data: blob:; frame-src 'self' www.adsensecustomsearchads.com id.vk.com mc.yandex.com mc.yandex.md awaps.yandex.net www.youtube.com yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net cse.google.com cse.google.ru awaps.yandex.ru *.doubleclick.net *.googleadservices.com *.googlesyndication.com login.vk.com m.vk.com vk.com www.google.com www.google.ru; font-src 'self' data: an.yandex.ru yastatic.net yastat.net stackpath.bootstrapcdn.com fonts.gstatic.com; connect-src 'self' blob: data: banktestov.ru https://banktestov.ru fundingchoicesmessages.google.com http://127.0.0.1:29009 http://127.0.0.1:30102 www.cloudflare.com http://amc.yandex.ru yandexmetrica.com:30103 yandexmetrica.com:29010 *.verify.yandex.ru verify.yandex.ru log.strm.yandex.ru an.yandex.ru strm.yandex.ru *.strm.yandex.net yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net mc.webvisor.org mc.yandex.com.tr mc.yandex.com ymetrica1.com *.mc.yandex.ru mc.yandex.ru mc.yandex.ua mc.yandex.by mc.yandex.kz mc.yandex.uz mc.yandex.md mc.yandex.fr *.gstatic.com; report-uri https://csp.banktestov.ru/ 1
default-src 'self';   script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https://analitica.dacoruna.gal https://www.youtube.com https://www.google.com https://www.gstatic.com;   img-src 'self' data: blob: https://*.dacoruna.gal ;   frame-src 'self' https://www.google.com https://www.youtube.com https://calendar.google.com https://accounts.google.com https://docs.google.com;   style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://code.jquery.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://*.dacoruna.gal;   connect-src 'self' https://analitica.dacoruna.gal;   object-src 'none'; 1
default-src 'self' blob: data: https://*.tinkoff.ru https://*.livetex.ru https://*.livetex.me https://googleads.g.doubleclick.net https://*.replain.cc https://use.fontawesome.com https://yandex.ru https://*.yandex.ru https://*.yandex.net https://cdnjs.cloudflare.com https://www.youtube.com http://via.placeholder.com https://www.google.com https://*.tu.market; style-src 'self' 'unsafe-inline' https://*.tinkoff.ru  https://*.replain.cc https://ajax.googleapis.com https://yandex.ru https://*.yandex.ru https://*.tu.market; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.tu.market https://*.tinkoff.ru https://*.livetex.ru https://*.livetex.me https://googleads.g.doubleclick.net https://www.youtube.com https://*.replain.cc https://yandex.ru https://*.yandex.ru https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://*.yandex.net https://yastatic.net https://www.google.com https://www.gstatic.com; connect-src 'self' https://*.maps.vk.com https://*.tinkoff.ru https://*.livetex.ru https://*.livetex.me https://googleads.g.doubleclick.net wss://*.replain.cc https://*.replain.cc https://*.yandex.md https://www.google-analytics.com https://yandex.ru https://*.yandex.ru https://*.tu.market; img-src 'self' data: https://tu.market https://*.tu.market https://*.tinkoff.ru https://img.youtube.com https://*.livetex.ru https://*.livetex.me https://www.google-analytics.com https://*.yandex.net https://www.googletagmanager.com https://yandex.ru https://*.yandex.ru https://counter.yadro.ru 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors self https://app.storyblok.com; img-src 'self' data: https:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https://*.storyblok.com/ https://netlify-cdp-loader.netlify.app/ 'strict-dynamic' 'nonce-7yKfXRYiS2L/DK6iK8QewQ=='; upgrade-insecure-requests; 1
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.recaptcha.net lo.v.liveperson.net lptag.liveperson.net accdn.lpsnmedia.net tags.tiqcdn.com lpcdn.lpsnmedia.net cdn.optimizely.com cdn.appdynamics.com www.google-analytics.com maps.googleapis.com ssl.google-analytics.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com manifest.prod.boltdns.net *.siteintercept.qualtrics.com *.brightcovecdn.com brightcove.hs.llnwd.net maps.googleapis.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.hsbc.bm rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk http://127.0.0.1:5000 http://127.0.0.1:5000/* cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net www.youtube.com; frame-ancestors 'self' www.hsbc.bm; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net brightcove.hs.llnwd.net manifest.prod.boltdns.net; manifest-src 'self' www.hsbc.bm; upgrade-insecure-requests ; report-uri /csp/report; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors *; 1
frame-ancestors 'self' https://marialunarillos.com; 1
img-src 'self' https://ssl.google-analytics.com https://www.google.com https://www.google.com.tr https://i.ytimg.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.plazahomemortgage.com *.mortgagecalculator.org  *.jquery.com  *.google-analytics.com  *.googletagmanager.com  *.googlecode.com  *.googleapis.com  *.polyfill.io https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsleadflows.net  https://js.hs-banner.com  https://js.hs-analytics.net https://snap.licdn.com   1
child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.onetrust.com https://dc.services.visualstudio.com https://region1.google-analytics.com; default-src 'self' 'unsafe-eval' cdn.jsdelivr.net dhm5hy2vn8l0l.cloudfront.net https://*.google.com https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://www.vetcollection.co.uk; font-src 'self' data: dhm5hy2vn8l0l.cloudfront.net https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://*.google.com; img-src 'self' data: https://*.ggpht.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.onetrust.com https://*.vetcollection.co.uk https://maps.googleapis.com https://maps.gstatic.com https://www.vetcollection.co.uk; manifest-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.monitor.azure.com https://*.msecnd.net https://cdn-ukwest.onetrust.com https://dc.services.visualstudio.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src-elem 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.monitor.azure.com https://*.onetrust.com https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://maps.googleapis.com https://www.googletagmanager.com https://www.vetcollection.co.uk; style-src-attr 'unsafe-inline'; style-src-elem 'unsafe-inline' cdn.jsdelivr.net https://*.vetcollection.co.uk https://cgrp02aapv9vc1prod.dxcloud.episerver.net https://fonts.googleapis.com https://www.vetcollection.co.uk; script-src-attr 'unsafe-eval'; 1
base-uri 'none'; font-src 'self' data: shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.fontawesome.com *.zopim.com fonts.gstatic.com; form-action 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.coupahost.com *.facebook.com *.paypal.com *.paypalobjects.com; frame-ancestors 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.orbitvu.cloud *.orbitvu.co *.paypal.com *.paypalobjects.com orbitvu.cloud orbitvu.co; img-src 'self' blob: data: shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.bing.com *.clarity.ms *.cloudfront.net *.consensu.org *.consentmanager.net *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.de *.googleadservices.com *.googletagmanager.com *.gstatic.com *.orbitvu.co *.orbitvu.cloud *.paypal.com *.paypalobjects.com *.spoteffects.net *.tinymce.com *.trustedshops.com *.ytimg.com *.zopim.com *.zopim.io a.twiago.com ad.360yield.com c1.adform.net ad.yieldlab.net beacon.krxd.net b.stats.paypal.com cm.adform.net cm.g.doubleclick.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv dis.criteo.com dpm.demdex.net e1.emxdgt.com eb2.3lift.com exchange.mediavine.com files.newsletter2go.com googleads.g.doubleclick.net gum.criteo.com hb.yahoo.net ib.adnxs.com ib.adnxs.com id5-sync.com jadserve.postrelease.com maps.googleapis.com match.sharethrough.com matching.ivitrack.com orbitvu.co pixel.rubiconproject.com public-prod-dspcookiematching.dmxleo.com r.casalemedia.com rtb-csync.smartadserver.com s.thebrighttag.com s3-eu-west-1.amazonaws.com sbp-plugin-images.s3.amazonaws.com sbp-plugin-images.s3.eu-west-1.amazonaws.com simage2.pubmatic.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.outbrain.com ups.analytics.yahoo.com ups.analytics.yahoo.com visitor.omnitagjs.com x.bidswitch.net; object-src 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu; script-src-attr 'none'; style-src 'self' 'unsafe-inline' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.cloudfront.net *.consensu.org *.fontawesome.com *.googleapis.com *.googletagmanager.com *.orbitvu.co *.orbitvu.cloud *.typekit.net fonts.googleapis.com hb.yahoo.net unpkg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.attributy.com *.bing.com *.clarity.ms *.cloudfront.net *.consensu.org *.consentmanager.net *.criteo.com *.doofinder.com *.google-analytics.com *.google.com *.google.de *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.intedia.de *.jsdelivr.net *.orbitvu.co *.orbitvu.cloud *.paypal.com *.paypalobjects.com *.sovendus.com *.spoteffects.net *.taboola.com *.tiny.cloud *.tinymce.com *.zopim.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net orbitvu.cloud orbitvu.co static.newsletter2go.com static.zdassets.com unpkg.com widgets.trustedshops.com; upgrade-insecure-requests; connect-src self ws: localhost:3000 arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.attributy.com *.bing.com *.clarity.ms *.consensu.org *.consentmanager.net *.criteo.com *.doofinder.com *.doubleclick.net *.etrusted.com *.facebook.com *.google-analytics.com *.google.com *.googlesyndication.com *.googletagmanager.com *.orbitvu.cloud *.paypal.com *.paypalobjects.com *.sovendus.com *.taboola.com *.trustbadge.com *.trustbadge.etrusted.com *.trustedshops.com *.zdassets.com *.zendesk.com *.zopim.com api.newsletter2go.com maps.googleapis.com scnem2.com shopware.api stats.g.doubleclick.net; default-src 'self' localhost:3000 shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu; frame-src 'self' data: shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.braintreegateway.com *.criteo.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.orbitvu.cloud *.orbitvu.co *.paypal.com *.paypalobjects.com *.sovendus-connect.com *.sovendus.com *.youtube-nocookie.com *.youtube.com orbitvu.cloud orbitvu.co; media-src 'self' shopware.api arbeitsschutz-express.de *.arbeitsschutz-express.de asx.eu *.asx.eu *.orbitvu.cloud *.zdassets.com *.zopim.com; 1
frame-ancestors 'self'; base-uri 'self'; form-action assets.koempf24.de gpc-sys.pay1.de pixi.koempf24.de ratenkauf.easycredit.de threedssvc.pay1.de www.mollie.com www.paypal.com www.sofort.com www.mein-gartenshop24.de backoffice.koempf24.de www.btr-tools.com www.compo-gartenpflege.de www.easykauf-koempf.de www.gartengeraete-onlineshop.de www.grills.de www.heissner-teichbau.de www.karibu-onlineshop.de www.koempf-shop.de www.koempf24.ch www.koempf24.de www.mein-biggreenegg.de www.mein-saunashop.de www.mein-wekashop.de www.mein-zaunshop.de www.meister-onlineshop.de www.oase-teichbau.de www.osmo-online.de www.petotal.de www.restberry.de www.skanholz-onlineshop.de www.teichdiscount24.de www.teichitekten24.de www.vitavia-onlineshop.de www.wolff-finnhaus-shop.de www.ximax-onlineshop.de www.zoologo.at www.zoologo.de 'self' https://threedssvc.pay1.de https://gpc-sys.pay1.de https://www.paypal.com https://www.sofort.com https://ratenkauf.easycredit.de https://seu2.cleverreach.com https://*.mollie.com https://*.mollie.nl https://pay.twint.ch https://r2.girogate.de https://www.paydirekt.de/ https://pay.klarna.com/eu/hpp/payments/* 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.org.uk; img-src 'self' https: data: blob: https://mastodon.org.uk; style-src 'self' https://mastodon.org.uk 'nonce-DC64X0vXnFCIArjCBPe+0Q=='; media-src 'self' https: data: https://mastodon.org.uk; frame-src 'self' https:; manifest-src 'self' https://mastodon.org.uk; form-action 'self'; connect-src 'self' data: blob: https://mastodon.org.uk https://cdn.mastodon.org.uk wss://mastodon.org.uk; script-src 'self' https://mastodon.org.uk 'wasm-unsafe-eval'; child-src 'self' blob: https://mastodon.org.uk; worker-src 'self' blob: https://mastodon.org.uk 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' data:  https://code.jquery.com  https://cdn.datatables.net https://www.google.com http://www.google-analytics.com/gtm/js https://*.gstatic.com https://ajax.googleapis.com  https://maps.googleapis.com https://www.googletagmanager.com  https://maxcdn.bootstrapcdn.com https://plausible.io https://*.emcorgroup.com https://emcorgroup.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://fonts.googleapis.com https://www.google.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com; object-src 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: via.tt.se translate.googleapis.com translate.google.com fonts.googleapis.com m1.analytics.sitevision-cloud.se i.ytimg.com gstatic.com www.gstatic.com fonts.gstatic.com kemi.matomo.cloud www.browsealoud.com plus.browsealoud.com plusqa.browsealoud.com v1.mediaflow.com v2.mediaflow.com mfstatic.com m.mediaflow.com assets.mediaflowpro.com stats.mediaflowpro.com m1.analytics.sitevision-cloud.se speech-eu.speechstream.net speech.speechstream.net siteimproveanalytics.com *.siteimproveanalytics.io https://svanalytics.piwik.pro https://svanalytics.containers.piwik.pro *.entryscape.com data.kemi.se data.naturvardsverket.se; frame-ancestors 'none'; frame-src 'self' qna.kemi.se webapps.kemi.se youtube.com www.youtube.com www.youtube-nocookie.com youtube-nocookie.com google.com www.google.com html5-player.libsyn.com; report-uri /rest-api/CSP-reports/report  1
frame-ancestors 'self' library-tools.org meritpages.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.radio; img-src 'self' https: data: blob: https://mastodon.radio; style-src 'self' https://mastodon.radio 'nonce-GKCoafF1638PkLqX792t7g=='; media-src 'self' https: data: https://mastodon.radio; frame-src 'self' https:; manifest-src 'self' https://mastodon.radio; form-action 'self'; child-src 'self' blob: https://mastodon.radio; worker-src 'self' blob: https://mastodon.radio; connect-src 'self' data: blob: https://mastodon.radio https://mastodon.radio wss://mastodon.radio; script-src 'self' https://mastodon.radio 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr https://webvisor.com https://*.webvisor.com; 1
frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://*.smartlook.com https://*.smartlook.cloud 1
base-uri 'none'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: 'sha256-rwtr0ht6qV/IrmC4v1eJEgxPCqwO2CK19cdEs33KgkQ=' 'strict-dynamic'; report-uri https://csp.ping-security.com/csp-reports 1
default-src 'self' data: *.google-analytics.com cdn.cookielaw.org promolife.matomo.cloud actionapi.highco.be *.fontawesome.com *.fpapi.io eu.api.fpjs.io *.cookiefirst.com *.highco.be maps.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' fpnpmcdn.net/v3/PZ2B2o9KoKgKPsIAoOjH/loader_v3.8.5.js pghub.io actionapi.highco.be cdn.cookielaw.org maps.googleapis.com cdn.matomo.cloud *.fontawesome.com cdnjs.cloudflare.com *.fpapi.io eu.api.fpjs.io ssl.google-analytics.com connect.facebook.net platform.twitter.com www.googletagmanager.com www.google-analytics.com *.addthis.com static.addtoany.com consent.cookiefirst.com *.gstatic.com *.google.com *.highco.be stats.g.doubleclick.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.fontawesome.com *.cookiefirst.com cdnjs.cloudflare.com fonts.googleapis.com cdn2.hubspot.net; img-src 'self' blob: data: pixel.tapad.com cdn.cookielaw.org promolife.matomo.cloud *.fontawesome.com maps.gstatic.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net; font-src 'self' data: *.fontawesome.com eu.api.fpjs.io fonts.gstatic.com fonts.googleapis.com; frame-src 'self' *.pghub.io 1
default-src 'self' *.dynamics.com *.centier.com *.luckyorange.com *.myfonts.net *.googleapis.com *.vimeocdn.com *.delivera.com play.vidyard.com *.google.com *.adnxs.com *.azure.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ https://www.bugherd.com munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.cludo.com cdn.cookielaw.org *.signalintent.com cdn.jsdelivr.net integration.delivra.com mktdplp102cdn.azureedge.net js.adsrvr.org wsmcdn.audioeye.com tag.simpli.fi cdn.segment.com *.typeform.com *.google.com *.googletagmanager.com *.jquery.com *.ellieservices.com *.doubleclick.net *.vimeocdn.com *.ensighten.com *.audioeye.com *.simpli.fi *.clarity.ms *.luckyorange.com s4desktop.com bat.bing.com insight.adsrvr.org *.googleadservices.com *.optimalblue.com https://refer.centier.com/core.js https://origin.xtlo.net googlesyndication.com *.hotjar.com *.mouseflow.com *.pagesense.io *.plerdy.com *.zohocdn.com *.hotjar.io test.plerdy.com a.plerdy.com *.ssl.cf5.rackcdn.com *.gonorth.io *.callrail.com *.fontawesome.com *.cloudfront.net play.vidyard.com cdn.mantl.com https://dev.visualwebsiteoptimizer.com *.adnxs.com *.azure.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net embed.signalintent.com *.cludo.com *.google.com *.typeform.com *.audioeye.com s4desktop.com platform.twitter.com *.luckyorange.com *.myfonts.net *.googletagmanager.com https://origin.xtlo.net use.fontawesome.com *.play.vidyard.com https://dev.visualwebsiteoptimizer.com *.adnxs.com *.azure.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.cludo.com *.centier.com insight-event.brandcdn.com *.simpli.fi *.google.com *.googleadservices.com *.doubleclick.net *.3lift.com *.tremorhub.com *.tapad.com fei.pro-market.net *.agkn.com *.intentig.com *.pubmatic.com *.stickyadstv.com *.exelator.com *.yahoo.com *.facebook.net *.intentiq.com *.bfmio.com *.bluekai.com *.crwdcntrl.net *.lijit.com *.rlcdn.com *.spotxchange.com *.adnxs.com *.rubiconproject.com *.openx.net pippio.com *.luckyorange.com *.dynamics.com bat.bing.com insight.adsrvr.org https://origin.xtlo.net *.google-analytics.com *.plerdy.com test.plerdy.com play.vidyard.com cdn.vidyard.com c.clarity.ms https://dev.visualwebsiteoptimizer.com *.cookielaw.org *.bing.com *.azure.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: embed.signalintent.com *.gstatic.com *.audioeye.com *.googleapis.com https://origin.xtlo.net use.fontawesome.com *.amazonaws.com *.adnxs.com *.azure.com *.google.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.matterport.com *.google.com *.vimeo.com *.youtube.com *.typeform.com *.office365.com s4desktop.com youtu.be *.coconutcalendar.com *.audioeye.com *.adsrvr.org *.dynamics.com *.centier.com td.doubleclick.net https://www.facebook.com forms.office.com centier-aut.sitefinity.cloud *.optimalblue.com *.plerdy.com play.vidyard.com *.googletagmanager.com *.adnxs.com *.azure.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com *.mktoresp.com *.visualstudio.com *.cludo.com cdn.cookielaw.org *.onetrust.com calc-backend-prod.herokuapp.com api.segment.io cdn.segment.com *.articulate.com *.clarity.ms *.audioeye.com *.delivra.com *.doubleclick.net *.visitors.live wss://in.visitors.live/socket.io ws: *.luckyorange.com *.googleapis.com *.centier.com https://www.facebook.com *.dynamics.com *.googlesyndication.com *.googletagmanager.com analytics.google.com *.hotjar.com *.mouseflow.com *.pagesense.io *.plerdy.com *.zoho.com *.hotjar.io *.zohocdn.com *.bing.com *.ssl.cf5.rackcdn.com *.gonorth.io *.callrail.com *.fontawesome.com *.cloudfront.net *.google.com *.visualwebsiteoptimizer.com *.adnxs.com *.azure.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net play.vidyard.com *.adnxs.com *.azure.com *.google.com; child-src 'self' centier-stg.sitefinity.cloud centier-aut.sitefinity.cloud centier.sitefinity.cloud *.centier.com *.googleapis.com https://www.google.com blob: *.adnxs.com *.azure.com *.google.com 1
default-src 'self' *.golfvantage.com *.letsgo.golf *.azurewebsites.net *.windows.net *.supremegolf.com *.amazonaws.com *.google.com bid.g.doubleclick.net www.facebook.com app.trustlock.co *.spreedly.com *.barstoolgolftime.com; script-src * 'unsafe-inline'; connect-src *; img-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' *.thebestof.co.uk 1
frame-ancestors http://*.upay.uz https://*.upay.uz 1
frame-ancestors 'self' localhost *.ct.com 1
default-src 'self' data: 'unsafe-inline' syndication.twitter.com www.google.com qualitysetu.qcin.org www.facebook.com; script-src 'self' 'unsafe-inline' qcin.org www.qcin.org www.google.com www.gstatic.com connect.facebook.net www.youtube.com; frame-src 'self' www.youtube.com syndication.twitter.com www.facebook.com www.google.com; style-src 'self' fonts.googleapis.com qcin.org www.qcin.org 'unsafe-inline'; font-src * data: 1
img-src 'self' https://tags.srv.stackadapt.com data: https://www.gstatic.com https://maps.gstatic.com https://maps.googleapis.com https://i.vimeocdn.com https://fonts.gstatic.com https://www.facebook.com https://www.groupexpro.com https://groupexpro.com https://img.youtube.com https://tvscientfic.com https://tvspix.com https://igodigital.com http://tvsquared.com https://tvsquared.com tv2track.js https://www.redditstatic.com/ads/pixel.js alb.reddit.com www.redditstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com www.googletagmanager.com *.google.com www.google-analytics.com cdnjs.cloudflare.com static.hotjar.com connect.facebook.net *.tvsquared.com *.hotjar.com www.gstatic.com *.groupexpro.com groupexpro.com blob: *.googleadservices.com pixel.mathtag.com *.addthis.com z.moatads.com v1.addthisedge.com *.jquery.com *.doublethedonation.com doublethedonation.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://*.cloudfront.net https://maps.gstatic.com https://static.hotjar.com *.cloudfront.net https://tvscientfic.com https://tvspix.com https://igodigital.com https://js.adsrvr.org http://tvsquared.com https://tvsquared.com tv2track.js https://www.redditstatic.com/ads/pixel.js alb.reddit.com www.redditstatic.com addtocalendar.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill-fastly.io https://polyfill.io https://unpkg.com https://www.google.com; frame-ancestors 'self'; report-uri https://ymaryland.org/report-uri/enforce 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' https: data:; connect-src 'self' https: https://was-nam-us-prd-bhapi.azurewebsites.net wss://ws.qualified.com wss://directline.botframework.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://bhgateway.azurewebsites.net; font-src 'self' https:; frame-ancestors 'self' https; 1
report-to csp-report-endpoint; report-uri /logger/info/csp-report; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: blob: 1
frame-ancestors www.ii8818.com dz.chint.com 1
default-src * blob:; img-src * data: blob:; connect-src * wss: blob:; frame-src 'self' *.ais.cn *.53kf.com *.captcha.qcloud.com *.captcha.qq.com *.gtimg.com; script-src 'self' blob: *.ais.cn *.cnzz.com *.baidu.com zz.bdstatic.com g.alicdn.com *.captcha.qcloud.com *.captcha.qq.com *.gtimg.com 'unsafe-eval' 'unsafe-inline' resource: ; style-src 'self' 'unsafe-inline' *.ais.cn g.alicdn.com; font-src * data: 1
default-src 'self' www.googletagmanager.com https://www.google-analytics.com/analytics.js https://js.stripe.com/v3; base-uri 'self'; frame-src https://js.stripe.com https://www.paypal.com/ https://www.paypalobjects.com https://player.vimeo.com/ https://app.netlify.com/; img-src 'self' data: blob: https://www.googletagmanager.com https://t.paypal.com https://www.paypalobjects.com https://images.ctfassets.net/ https://d33wubrfki0l68.cloudfront.net https://firebasestorage.googleapis.com/ https://www.google-analytics.com; connect-src 'self' https://api-js.mixpanel.com https://images.ctfassets.net/ https://*.cloudfront.net https://js.stripe.com/v3/ https://www.paypal.com/ https://www.paypalobjects.com https://netlify-cdp-loader.netlify.app/netlify.js www.googleapis.com https://firebasestorage.googleapis.com https://api.dropboxapi.com/ www.figma.com https://cdn.contentful.com/ https://vimeo.com/ https://firestore.googleapis.com/ https://us-central1-designcodeio.cloudfunctions.net/ https://www.google-analytics.com/ https://securetoken.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' www.google-analytics.com https://*.stripe.com/ https://www.paypal.com https://www.paypalobjects.com https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-9b6e874f149cc545c2c2335f8707fd1f.js https://js.stripe.com/ https://designcode.us18.list-manage.com/ https://widget.intercom.io https://www.googletagmanager.com https://www.google-analytics.com/ https://netlify-cdp-loader.netlify.app/ https://app.netlify.com/; style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' [https://*.oneshield.com]https://*.oneshield.com 1
base-uri 'self' https://*.exponea.com; font-src 'self' data: https://babywalz.omq.de https://*.paypalobjects.com; form-action 'self' https://*.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://*; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.aboutyou.cloud https://*.adyen.com https://*.omq.de https://*.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com https://*.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.at https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com https://*.abtasty.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://*.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://*.paypalobjects.com https://*.baby-walz.at https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://www.awin1.com https://td.doubleclick.net https://www.sovendus-benefits.com https://www.sovendus-connect.com https://ct.pinterest.com https://*.bambuser.com https://tbs.tradedoubler.com https://*.bazaarvoice.com https://*.trustpilot.com catalogue.arkid.app https://*.abtasty.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.at https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://www.paypal.com https://*.paypalobjects.com https://babywalz.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://connect.facebook.net https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com https://*.bambuser.com https://*.abtasty.com https://connect.getflowbox.com https://*.bazaarvoice.com https://mpsnare.iesnare.com https://*.trustpilot.com https://go.vchfy.com https://insitez.blob.core.windows.net https://ct.pinterest.com; connect-src 'self' https://*.baby-walz.at https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://*.aboutyou.cloud/ https://*.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://*.paypalobjects.com https://x.klarnacdn.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://*.exponea.com https://*.googletagmanager.com https://www.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.google.com https://googleads.g.doubleclick.net https://*.vhwmcs.net https://*.sovendus.com https://ct.pinterest.com https://*.bambuser.com https://*.abtasty.com https://*.getflowbox.com https://*.walz.de https://*.mixpanel.com https://*.vchfy.com https://*.informizely.com; media-src https://a.storyblok.com https://*.walz.de https://cdn.flbx.io; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def; 1
frame-ancestors 'self' https://www.quandoo-partner.com/ https://ws.ephapay.net/ https://pp.ephapay.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://adservice.google.com https://google.com https://www.google.com https://www.google.co.uk https://googleads.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pay.google.com https://www.googletagmanager.com https://www.gstatic.com https://region1.google-analytics.com https://analytics.google.com https://www.google-analytics.com https://region1.analytics.google.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://analytics.tiktok.com https://tr.snapchat.com https://spay.samsung.com https://4625502.fls.doubleclick.net https://5181002.fls.doubleclick.net https://s7.addthis.com https://6nw8ohlf.micpn.com https://api.woosmap.com https://bda.bookatable.com https://bf61376cao.bf.dynatrace.com https://bookings.designmynight.com https://castle.verseapps.co.uk https://cdn.jsdelivr.net https://code.jquery.com https://cognito-identity.eu-west-1.amazonaws.com https://ep.smct.co https://firehose.eu-west-1.amazonaws.com https://ipl.smct.io https://js.smct.co https://js.smct.io https://miller-and-carter.sjv.io https://partners.designmynight.com https://platform.twitter.com https://rules.quantcount.com https://safekey-3.americanexpress.com https://sc-static.net https://script.hotjar.com https://sdk.woosmap.com https://secure.quantserve.com https://servedby.flashtalking.com https://smct.co https://static.hotjar.com https://static.uk.eagleeye.com https://stats.g.doubleclick.net https://svht.tradedoubler.com https://utt.impactcdn.com https://vintage-inns.pxf.io https://widgets.designmynight.com https://cdn.fingerprint.host https://cdn.fingerprint-staging.host https://www.dwin1.com; object-src 'none'; base-uri 'none'; 1
frame-ancestors 'self' brita360.fairflexx.de http://93.90.201.51:8090 https://vendtra.expo-ip.com https://brita-dach.ff360.de 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-OGM4NjNjZTRjOWY3NDU1YTljODFlNzcxOTUwNTNkNzM=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.ctgb.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.ctgb.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.ctgb.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors dashboard.litige.fr litige.fr cdn.litige.fr www.litige.fr 1
frame-ancestors self memberedelivery.com www.memberedelivery.com 1
frame-ancestors 'self' *.fiavest.com fiavest.com *.fiavest.com:8443 *.mplusonline.com; 1
block-all-mixed-content;default-src 'self' https: *.addtoany.com *.adform.net *.ads-twitter.com *.bing.com maxcdn.bootstrapcdn.com browser-update.org cdnjs.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.salesforce.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.google.fi *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io app.interactiveads.ai *.klarna.com *.klarnacdn.net *.klarnaevt.com *.leadoo.com *.licdn.com *.onfido.com wss://*.onfido.com *.pardot.com *.ravenjs.com *.sentry-cdn.com *.thehotelsnetwork.com embed.trustmary.com embed.trustmary.io *.twitter.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.hotjar.com youtu.be wss://*.amazonaws.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.addtoany.com *.adform.net *.ads-twitter.com *.bing.com maxcdn.bootstrapcdn.com browser-update.org cdnjs.cloudflare.com *.cookiebot.com *.doubleclick.net *.facebook.com *.facebook.net *.force.com *.salesforce.com *.forenom.com *.g.doubleclick.net *.google-analytics.com *.google.com *.google.fi *.googleadservices.com *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.hotjar.io app.interactiveads.ai *.klarna.com *.klarnacdn.net *.klarnaevt.com *.leadoo.com *.licdn.com *.onfido.com wss://*.onfido.com *.pardot.com *.ravenjs.com *.sentry-cdn.com *.thehotelsnetwork.com embed.trustmary.com embed.trustmary.io *.twitter.com *.yandex.ru *.youtube.com *.ytimg.com sentry.io wss://*.hotjar.com youtu.be wss://*.amazonaws.com ;style-src self https: blob: data: 'unsafe-inline' 'unsafe-eval' *.addtoany.com maxcdn.bootstrapcdn.com *.cookiebot.com *.forenom.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.leadoo.com app.interactiveads.ai *.licdn.com *.onfido.com *.twitter.com *.youtube.com youtu.be *.ytimg.com ;font-src  self https: blob: data: 'unsafe-inline' 'unsafe-eval' *.addtoany.com maxcdn.bootstrapcdn.com *.cookiebot.com *.forenom.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.leadoo.com app.interactiveads.ai *.licdn.com *.onfido.com *.twitter.com *.youtube.com youtu.be *.ytimg.com ;img-src self https: blob: data: 'unsafe-inline' 'unsafe-eval' *.addtoany.com maxcdn.bootstrapcdn.com *.cookiebot.com *.forenom.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.leadoo.com app.interactiveads.ai *.licdn.com *.onfido.com *.twitter.com *.youtube.com youtu.be *.ytimg.com ;frame-ancestors 'self'; 1
default-src 'self' https: blob: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data: blob:; font-src 'self' data: https:; frame-src 'self' https:; frame-ancestors 'self' https: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.editorasaraiva.com.br cdn.jsdelivr.net *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com vlibras.gov.br *.jt.jus.br blob:; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.jt.jus.br; 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://lacordee.com/; style-src 'self' blob: https: 'unsafe-inline' https://lacordee.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com *; 1
frame-ancestors 'self' https://www.nuvol.com/ https://nuvol.com/ 1
default-src 'self' https://*.sofi.com; script-src https: data: 'unsafe-inline' 'unsafe-eval' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/ https://*.audioeye.com; connect-src 'self' https://pagead2.googlesyndication.com https://maps.googleapis.com https://www.google-analytics.com https://analytics.google.com https://ssl.google-analytics.com https://www.google.com/ads/ga-audiences/ https://www.google.com/pagead/ https://adservice.google.com/pagead/ https://www.googletagmanager.com https://ampcid.google.com https://ampcid.google.ca https://stats.g.doubleclick.net https://*.doubleclick.net https://bat.bing.com https://t.co/i/adsct https://analytics.twitter.com https://s.yimg.com/wi/ https://sp.analytics.yahoo.com https://static.ads-twitter.com https://www.facebook.com/tr/ https://www.redditstatic.com/ads/ https://c.conversionlogic.net/track/event/v2/sofi https://api.rollbar.com https://report.sofi.glassboxdigital.io https://sdk.iad-03.braze.com https://sdk.iad-03.appboy.com https://jssdks.mparticle.com https://identity.mparticle.com https://*.sofi.com https://*.datadoghq.com https://rum.browser-intake-datadoghq.com https://cdn.cookielaw.org https://geolocation.onetrust.com/cookieconsentpub/ https://logx.optimizely.com https://errors.client.optimizely.com https://rum.optimizely.com https://analytics.tiktok.com/api/ https://api2.branch.io wss://*.glance.net https://*.glance.net https://d32ijn7u0aqfv4.cloudfront.net https://d3331otr86r7j1.cloudfront.net https://tags.srv.stackadapt.com https://*.audioeye.com https://us-central1-adaptive-growth.cloudfunctions.net https://ct.pinterest.com https://cta-service-cms2.hubspot.com https://csmetrics.hotjar.com https://in.hotjar.com https://vc.hotjar.io https://tr.snapchat.com https://track.contently.com https://translate.googleapis.com https://*.analytics.google.com https://ampcid.google.lt https://*.crazyegg.com https://cdn.linkedin.oribi.io https://stats.addtoany.com https://api.socialsolutionapp.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://privacyportal.onetrust.com https://rts.persado.com https://tapi.optimizely.com https://amplify.review-alerts.com/ https://api.ipify.org https://api.typeform.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/; style-src 'self' https://*.sofi.com 'unsafe-inline' https://use.fontawesome.com https://www.glancecdn.net https://d32ijn7u0aqfv4.cloudfront.net https://s3.amazonaws.com/glancecdn/ https://tags.srv.stackadapt.com https://cdnjs.cloudflare.com https://embed.typeform.com https://optimize.google.com https://fonts.googleapis.com https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/ https://*.audioeye.com; img-src 'self' https: data: https://www.googletagmanager.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/; font-src 'self' data: https://s3-us-west-2.amazonaws.com/sofi-wordpress-prod/fonts/ https://d32ijn7u0aqfv4.cloudfront.net https://use.fontawesome.com https://fonts.gstatic.com https://*.audioeye.com https://zip.co/static-assets/fonts/ https://cdn.jsdelivr.net https://forms.hsforms.com/; frame-ancestors 'self' *.w3schools.com *.sofitest.com; object-src 'none'; child-src blob: https://*.sofi.com https://form.typeform.com https://forms.hsforms.com/; worker-src blob: https://*.sofi.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; media-src data: https://*.sofi.com https://d32ijn7u0aqfv4.cloudfront.net; frame-src 'self' https://app.calconic.com/ https://6375438.fls.doubleclick.net https://td.doubleclick.net https://*.sofi.com https://*.sofiatwork.com https://*.online-metrix.net https://di.rlcdn.com https://www.youtube.com https://ct.pinterest.com https://www.facebook.com https://*.audioeye.com https://a10819474327.cdn.optimizely.com https://assets.contently.com https://tpc.googlesyndication.com https://tr.snapchat.com https://vars.hotjar.com https://static.addtoany.com https://boards.greenhouse.io https://pixel.mathtag.com https://d32ijn7u0aqfv4.cloudfront.net https://www.slideshare.net https://filter.techloq.com https://go.pardot.com https://platform.twitter.com https://mozbar.moz.com https://v3.inviteeducation.com https://form.typeform.com https://optimize.google.com https://*.mykukun.com/ https://widget.trustpilot.com/ https://*.visualwebsiteoptimizer.com https://app.vwo.com https://forms.hsforms.com/ 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google.com https://www.googletagmanager.com; img-src 'self' data: www.gravatar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.gstatic.com https://maps.googleapis.com blob:; script-src 'self' https://*.googletagmanager.com https://www.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.co.uk https://maps.googleapis.com https://www.googleadservices.com 'wasm-unsafe-eval'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://maps.googleapis.com https://api.stopncii.org/v1/CaseSubmit; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; form-action 'self'; media-src 'self' blob: 1
frame-ancestors 'self' https://*.csaware.com 1
frame-ancestors 'self' *.handytick.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms/ https://cdn.attn.tv/ https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://*.googleapis.com https://*.bing.com https://*.liadm.com https://*.avmws.com https://*.jsdelivr.net https://*.cloudflare.com https://*.tawk.to https://*.soundestlink.com https://*.postaffiliatepro.com https://googleads.g.doubleclick.net https://omnisnippet1.com https://*.amazonaws.com https://*.google-analytics.com https://*.paypal.com https://*.paypalobjects.com https://*.facebook.net; style-src 'self' 'unsafe-inline' https://*.cloudflare.com https://*.tawk.to https://*.googleapis.com https://*.soundestlink.com/; img-src 'self' data: https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.pr https://*.google.ie https://*.google.co.il https://*.bing.com https://*.paypal.com https://tawk.link https://*.paypalobjects.com https://*.facebook.com https://*.cloudflare.com https://*.soundestlink.com/ https://*.alocdn.com https://*.youtube.com https://*.liadm.com; font-src 'self' https://*.cloudflare.com https://*.tawk.to https://*.gstatic.com https://*.soundestlink.com/; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.bing.com https://*.tawk.to https://*.soundestlink.com https://*.googlesyndication.com https://*.liadm.com https://*.paypal.com https://*.execute-api.us-west-2.amazonaws.com/ wss://*.tawk.to https://events.attentivemobile.com https://galcoholsters-us.attn.tv; media-src 'self' https://*.tawk.to; object-src 'none'; frame-src 'self' https://bid.g.doubleclick.net https://*.doubleclick.net https://*.paypal.com https://*.paypalobjects.com https://*.youtube.com https://creatives.attn.tv https://galcoholsters.attn.tv; upgrade-insecure-requests; base-uri 'self'; manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet https://chat.smartcall.cc https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.analytics.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.cloudflare.com *.jquery.com kendo.cdn.telerik.com *.hotjar.com ws://*.hotjar.com surfly.com *.googletagmanager.com https://*.talkjs.com https://unpkg.com; style-src 'self' 'unsafe-inline' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.smartcall.cc; font-src 'self' data: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com; img-src 'self' blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.swagger.io *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.analytics.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.google.com *.google.be *.google.co.uk *.google.de *.google.fr *.google.lu *.google.nl; media-src 'self' data: blob: https://*.talkjs.com; frame-src 'self' blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.acv-bie.be https://acv-flash.be *.issuu.com surfly.com *.hotjar.com *.google.com *.facebook.com *.2tt.be *.youtube.com *.youtube-nocookie.com *.soundcloud.com https://*.talkjs.com https://pc201.be https://pc311.be; frame-ancestors  'self' *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.acv-bie.be *.issuu.com surfly.com *.hotjar.com *.google.com *.facebook.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' data: blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet *.hotjar.com ws://*.hotjar.com *.googleapis.com *.google-analytics.com *.analytics.google.com accounts.google.com *.gstatic.com *.facebook.net *.doubleclick.net surfly.com *.hotjar.io ws://*.hotjar.io *.facebook.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.smartcall.cc *.trackjs.com https://*.talkjs.com wss://*.talkjs.com https://directline.botframework.com wss://directline.botframework.com *.google.com *.google.be *.google.co.uk *.google.de *.google.fr *.google.lu *.google.nl; object-src 'self' data: blob: *.acv-csc.be *.acvcsc.be *.hetacv.be *.lacsc.be *.diecsc.be *.dmz-web.acv-csc.intranet 1
default-src 'self' 'unsafe-inline' *; frame-ancestors 'self' https://trustseal.enamad.ir/; img-src 'self' data: *; script-src 'self' 'unsafe-inline' *; frame-src 'self' https://metabase.mixin.ir/ https://www.aparat.com/ 1
frame-ancestors 'self' https://*.lexusauto.es https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors kink.com kinkmen.com mrman-kink.com mrskin-kink.com twistedfactory.com 1
default-src https: ws: wss:; style-src 'self' https: 'unsafe-inline'; img-src * 'self' 'unsafe-inline' data: api.jokerguide.com; frame-ancestors 'self' live.harleyquinnwidget.live; object-src data: 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' mailto: tel: *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com *.cdnjs.cloudflare.com; worker-src 'self' 'unsafe-inline' blob: *.aia.com.ph; style-src 'self' 'unsafe-inline' *.aia.com.ph *.unpkg.com https://unpkg.com *.google.com https://s7ap1.scene7.com https://*.zscalertwo.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com *.lemnisk.co https://fonts.font.im 'self' 'unsafe-inline'; img-src 'self' data: blob: *.aia.com *.philamlife.com *.aia.com.ph *.adnxs.com *.google.com https://img.icons8.com *.aia-dfs.originally.us *.baidu.com *.moz.com *.gstatic.com *.twitter.com *.linkedin.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com *.lemnisk.co *.contentsquare.net https://maps.gstatic.com https://www.googleapis.com/ https://maps.googleapis.com *.google.com https://*.zscalertwo.net https://s7ap1.scene7.com https://dpm.demdex.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com *.yellowmessenger.com 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.aia.com *.philamlife.com *.aia.com.ph *.adnxs.com *.unpkg.com https://unpkg.com *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://analytics.tiktok.com *.cloudflare.com https://dpm.demdex.net *.lemnisk.co *.dynatrace.com *.contentsquare.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7ap1.scene7.com https://*.zscalertwo.net https://assets.adobedtm.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net *.yellowmessenger.com 'self' 'unsafe-eval' *.aia.com.ph *.google.com *.gstatic.com 'unsafe-inline'; connect-src 'self' *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.ucweb.com *.vzeesp.com *.dbankcloud.com *.googleapis.com *.dbankcloud.cn *.moz.com https://analytics.tiktok.com wss://uat.apigw.philamlife.com/ph/myaia/utility/v1-uat/ws wss://myaia.apigw.philamlife.com/ph/myaia/utility/v1/ws *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://c.go-mpulse.net/ *.akstat.io *.bf.dynatrace.com *.demdex.net *.contentsquare.net *.lemnisk.co https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://stats.g.doubleclick.net *.aia.com.ph https://adobedc.demdex.net https://edge.adobedc.net *.yellowmessenger.com wss://app.yellowmessenger.com/message/; frame-src 'self' mailto: tel: *.google.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://bid.g.doubleclick.net https://td.doubleclick.net/ https://www.bancnetonline.com/ *.moz.com https://testpti.payserv.net/ https://ptiapps.paynamics.net/ https://8034780.fls.doubleclick.net/ https://aiagroup.demdex.net *.aia.com.ph https://www.youtube.com https://app.yellowmessenger.com; font-src * data:; media-src 'self' data: blob: *.google.com *.aia.com *.scene7.com *.yellowmessenger.com; object-src 'none'; frame-ancestors https://*.aia.com.ph; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.in4mo.net www.google.com *.bing.com *.virtualearth.net seal.verisign.com *.amazonaws.com *.in4mo.io *.gstatic.com cdn.matomo.cloud in4mo.matomo.cloud 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-hOjMO6PMdQjcayEOjU5FFOh9f2WK1jPMMPOOwuoxhlC0Z+vj' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://s.go-mpulse.net https://www.youtube.com https://www.googletagmanager.com 1
default-src 'none'; script-src 'self' https://seco.policyapp.io https://cdn-cookieyes.com https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://www.clarity.ms https://snap.licdn.com https://connect.facebook.net https://googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://seco.policyapp.io https://cognito-identity.eu-central-1.amazonaws.com https://kinesis.eu-central-1.amazonaws.com https://log.cookieyes.com https://cdn-cookieyes.com https://directory.cookieyes.com https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.clarity.ms https://*.ads.linkedin.com https://stats.g.doubleclick.net; img-src 'self' https://i.ytimg.com https://seco.policyapp.io https://www.google-analytics.com https://cdn-cookieyes.com https://www.easygov.swiss https://api.iconify.design https://c.clarity.ms https://*.ads.linkedin.com https://www.linkedin.com https://www.facebook.com https://www.google.ch https://www.google.com https://ad.doubleclick.net https://c.bing.com data:; font-src 'self'; style-src 'self' 'unsafe-inline'; frame-src https://www.youtube.com https://www.youtube-nocookie.com https://e-trademark.ige.ch https://www.moa-a.estv.admin.ch https://www.moa.estv.admin.ch https://www.estv.admin.ch https://www.googletagmanager.com https://*.fls.doubleclick.net https://td.doubleclick.net; base-uri 'self'; form-action 'self' https://*.admin.ch; frame-ancestors 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://vector.im; style-src 'self' 'unsafe-inline' 1
default-src blob: wss: https: data: 'self' 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.zendesk.com *.zopim.com *.zdassets.com cdn.agentbot.net *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com connect.facebook.net *.hotjar.com *.sitejabber.com www.gstatic.com *.wistia.com fast.wistia.net analytics.tiktok.com sc-static.net maps.googleapis.com www.google.com *.nmna.app *.snapchat.com *.clarity.ms *.cookie-script.com; style-src 'self' 'unsafe-inline' *.sitejabber.com cdn.jsdelivr.net fonts.googleapis.com *.typekit.net *.googletagmanager.com *.cookie-script.com; img-src * data:; media-src * blob:; frame-ancestors 'self'; child-src 'self' blob: *.stripe.com fast.wistia.net www.google.com *.hotjar.com www.facebook.com www.youtube.com www.youtube-nocookie.com *.trustpilot.com zd.agentbot.net *.snapchat.com; font-src 'self' data: fonts.gstatic.com use.typekit.net *.sitejabber.com; connect-src 'self' *.stackry.com api.stackry.com content.stackry.com *.stripe.com maps.googleapis.com *.zendesk.com *.zopim.com *.zdassets.com wss://*.zopim.com adapter.aivo.co apibot.agentbot.net *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.sitejabber.com *.wistia.com embedwistia-a.akamaihd.net *.litix.io analytics.tiktok.com *.snapchat.com conversation-user.aivo.co analytics.google.com jqtmdiy716.execute-api.us-east-1.amazonaws.com *.clarity.ms analytics.pangle-ads.com *.googlesyndication.com www.google.com use.typekit.net; 1
img-src * 'unsafe-inline' 'unsafe-eval' 'self' data: 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.humley.com *.jquery.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com; default-src 'self' ; style-src 'self' 'unsafe-inline' *.googleapis.com; font-src 'self' data: *.gstatic.com; img-src 'self' data: *.azureedge.net *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com; child-src blob: player.vimeo.com; connect-src 'self' *.googleapis.com *.humley.com *.google-analytics.com; frame-src 'self' *.google.com *.arcgis.com *.youtube-nocookie.com; media-src 'self'  1
style-src 'self' 'unsafe-inline' 'unsafe-inline' www2.triodos.com; img-src 'self' p-pan.triodos.com api.triodos.com maps.triodos.com www2.triodos.com video.triodos.com ad.doubleclick.net adservice.google.com adservice.google.co.uk adservice.google.nl adservice.google.be adservice.google.es adservice.google.de www.facebook.com data: android-webview-video-poster:; font-src 'self' data:; script-src 'self' 'nonce-5bba03a4-ed58-493d-bff4-e3600a44a1b0' t-pan.triodos.com p-pan.triodos.com www2.triodos.com video.triodos.com chat.triodos.com; frame-src https://www.youtube.com https://www.youtube-nocookie.com; child-src https://www.youtube.com https://www.youtube-nocookie.com; connect-src 'self' p-pan.triodos.com t-pan.triodos.com chat.triodos.com video.triodos.com licensing.bitmovin.com; media-src 'self' blob: video.triodos.com; default-src 'self'; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.janraincapture.com https://rpxnow.com https://www.googleadservices.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com *.cloudfront.net https://www.lightboxcdn.com https://api.lightboxcdn.com https://pge.segmanta.com https://www.upsellit.com https://s.pinimg.com https://z.moatads.com https://c.lytics.io https://cdn.segment.com https://js-cdn.dynatrace.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://www.youtube.com https://pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://quilt-cdn.janrain.com https://api.tiles.mapbox.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org *.cloudfront.net https://googleads.g.doubleclick.net https://www.google.hr https://insight.adsrvr.org https://40n23zgkic3y-a.akamaihd.net https://ct.pinterest.com https://submit.lightboxcdn.com https://submitcus.lightboxcdn.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://px.moatads.com https://www.google.com i.ytimg.com videos.ctfassets.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://s3.lightboxcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.janraincapture.com https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube.com https://www.youtube-nocookie.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
frame-src 'self' test.authorize.net 1
default-src 'self' *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *arcot.com *.nutritionix.com lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com  *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com polyfill.io cdn.inspectlet.com cdn.polyfill.io lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self'  *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi  pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' kfc.com.mx *.kfc.com.mx *.ipg-online.com  pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com ; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.kelwatt.fr/report-uri/enforce 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://smart-ip.net; connect-src 'self' wss://*.liveperson.net http://* 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' dev.lowendspirit.com lowendspirit.com www.lowendspirit.com ana.lowendspirit.com 1
frame-ancestors 'self'; connect-src 'self' data: *.po.edu.pl wss://fulltextsearch.org/flare *.google-analytics.com wu.po.opole.pl socialplugin.facebook.net www.facebook.com/plugins/customer_chat/ maps.googleapis.com; default-src 'self' data: *.po.edu.pl ; font-src 'self' data: *.po.edu.pl fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net; frame-src 'self' data: *.po.edu.pl www.facebook.com maps.google.com www.google.com web.facebook.com www.youtube.com www.youtube-nocookie.com https://po.edu.pl/dni_otwarte; img-src 'self' data: graph.facebook.com *.xx.fbcdn.net wu.po.opole.pl s.w.org *.ytimg.com *.po.edu.pl *.fna.fbcdn.net www.googletagmanager.com; script-src 'self' *.po.edu.pl cdn.jsdelivr.net  www.googletagmanager.com 'unsafe-eval' maps.googleapis.com; script-src-elem 'self' *.po.edu.pl cdn.jsdelivr.net www.googletagmanager.com connect.facebook.net 'unsafe-inline' www.youtube.com/iframe_api *.www-widgetapi.js www.youtube.com; style-src 'self' *.po.edu.pl fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline'; style-src-elem 'self' *.po.edu.pl cdn.jsdelivr.net www.googletagmanager.com connect.facebook.net 'unsafe-inline' www.youtube.com fonts.googleapis.com; 1
default-src *;img-src https: data:;script-src 'unsafe-inline' 'unsafe-eval'  https:;style-src 'unsafe-inline' * 1
default-src 'self'; frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src 'self'; img-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cookiehub.net https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://www.google.com https://www.gstatic.com https://cdn.polyfill.io/ https://www.google-analytics.com/analytics.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://unpkg.com/@lottiefiles/lottie-player@latest/dist/lottie-player.js https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://ka-f.fontawesome.com https://cookiehub.net https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://fonts.googleapis.com; font-src 'self' https://ka-f.fontawesome.com https://servify-website-asset-prod.s3.ap-south-1.amazonaws.com https://fonts.gstatic.com data:; connect-src 'self' 'unsafe-inline' https://ka-f.fontawesome.com https://assets3.lottiefiles.com https://assets8.lottiefiles.com https://www.google-analytics.com https://stats.g.doubleclick.net; img-src * 'self' data: https:; object-src 'self' https://docs.google.com; frame-src 'self' https://www.google.com https://docs.google.com https://form.jotform.com   https://*.servify.in https://*.servify.tech; frame-ancestors 'self' https://*.servify.in https://*.servify.tech 1
default-src blob: data: http: https: 'unsafe-inline' 'unsafe-eval' 1
block-all-mixed-content; frame-ancestors *.lojaslivia.com.br 1
report-uri cdn.equalweb.com;child-src cdn.equalweb.com blob: 'self';connect-src *.powerreviews.com http://www.homeworksbyprecept.com *.bing.com cdn.equalweb.com ecommerce.merchantware.net access.equalweb.com ocr.equalweb.com cdn.cookielaw.org *.virtualearth.net https://www.google-analytics.com http://analytics.google.com/ r.lr-ingest.com r.intake-lr.com 'self' https://login.microsoftonline.com https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://dc.services.visualstudio.com https://images-us-prod.cms.commerce.dynamics.com https://images-us-prod.cms.commerce.dynamics.com https://www.bjupresshomeschool.com https://scug0yja9l413430703-rs.su.retail.dynamics.com/;font-src https://static2.sharepointonline.com cdn.equalweb.com 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://use.fontawesome.com data:;frame-ancestors cdn.equalweb.com;frame-src https://paymentacceptsample.cloud.dynamics.com https://www.homeworksbyprecept.com cdn.equalweb.com https://www.youtube.com https://www.buzzsprout.com https://livestream.com app.five9.com https://e.issuu.com https://vimeo.com;img-src *.powerreviews.com https://res.cloudinary.com cdn.equalweb.com https://www.bjupresshomeschooling.com access.equalweb.com app.five9.com https://i.ytimg.com cdn.cookielaw.org *.virtualearth.net *.bing.com 'self' data: https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-us-prod.cms.commerce.dynamics.com https://images-us-prod.cms.commerce.dynamics.com;media-src cdn.equalweb.com 'self' https://ppe-streaming-video-mr-microsoft-com.akamaized.net https://*.streaming.media.azure.net https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://images-us-prod.cms.commerce.dynamics.com https://images-us-prod.cms.commerce.dynamics.com;object-src cdn.equalweb.com 'self';script-src *.powerreviews.com https://mpsnare.iesnare.com *.bing.com cdn.equalweb.com access.equalweb.com ecommerce.merchantware.net https://www.homeworksbyprecept.com app.five9.com https://www.bjupresshomeschool.com cdn.cookielaw.org *.virtualearth.net https://www.googletagmanager.com cdn.intake-lr.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://*.vo.msecnd.net https://dc.services.visualstudio.com https://dev.virtualearth.net https://www.bjupresshomeschool.com https://js.monitor.azure.com/scripts/b/ai.2.min.js;style-src cdn.equalweb.com *.powerreviews.com *.bing.com access.equalweb.com app.five9.com 'self' 'unsafe-inline' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms https://www.bjupresshomeschool.com ;default-src 'self' https://*.commerce.dynamics.com https://*.dynamics365commerce.ms;base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ckeditor.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.onetrust.io nova.collect.igodigital.com 534005068.collect.igodigital.com *.recaptcha.net *.theachievery.com *.doubleclick.net *.amazoncognito.com *.amazonaws.com *.amplitude.com *.prismic.io prismic.io *.takeoffmedia.com *.bitmovin.com *.googletagmanager.com *.google-analytics.com *.bing.com *.facebook.net *.googleadservices.com *.facebook.com *.googleapis.com *.google.com *.gstatic.com *.google.ca blob:; img-src 'self' i.ytimg.com i.vimeocdn.com cdn.ckeditor.com www.googletagmanager.com fonts.gstatic.com cdn.cookielaw.org cookie-cdn.cookiepro.com *.onetrust.com *.onetrust.io nova.collect.igodigital.com *.theachievery.com *.takeoffmedia.com *.recaptcha.net *.doubleclick.net *.bing.com *.google.com *.google-analytics.com *.facebook.com *.amazonaws.com data:; frame-src 'self' *.google.com *.doubleclick.net *.youtube.com *.vimeo.com *.prismic.io 1
default-src 'self' *.youtube.com *.googletagmanager.com *.facebook.com *.cookieinformation.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;script-src 'self' 'unsafe-inline' *.report360.io *.agency360.io *.clarity.ms *.google-analytics.com snap.licdn.com bat.bing.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://connect.facebook.net https://code.jquery.com http://www.googleadservices.com http://www.mail-trigger-api.com https://policy.app.cookieinformation.com;font-src 'self' https://fonts.gstatic.com;connect-src 'self' client.vestjyskmarketing.dk *.facebook.com *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net bat.bing.com *.clarity.ms;img-src 'self' data: https://360service.report360.io *.bing.com www.google.com www.google.dk px.ads.linkedin.com www.google-analytics.com bat.bing.com www.linkedin.com *.clarity.ms *.googletagmanager.com *.facebook.com;script-src-elem 'self' 'unsafe-inline' https://360service.report360.io https://app.agency360.io https://360service.agency360.io https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://connect.facebook.net https://code.jquery.com http://www.googleadservices.com http://www.mail-trigger-api.com https://snap.licdn.com https://bat.bing.com www.clarity.ms https://policy.app.cookieinformation.com;object-src 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.myscience.at *.myscience.ca *.myscience.es *.myscience.fr *.myscience.de *.myscience.co.nl *.myscience.uk *.myscience.org *.aura-dsp.com *.creativecdn.com *.bing.com *.bingj.com *.careerjet.ch *.careerjet.net *.clarity.ms *.doubleclick.net *.dailymotion.com *.googlesyndication.com *.googletagmanager.com *.google.ch *.google.com *.google-analytics.com *.googleapis.com *.gstatic.com *.paypal.com *.paypalobjects.com *.switch.ch *.youtube.com *.ytimg.com  *.backlinks.com *.youtube-nocookie.com *.vimeo.com *.vimeocdn.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; frame-src 'self' *.dailymotion.com *.doubleclick.net *.google.com *.googlesyndication.com *.paypal.com *.switch.ch *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self'; form-action 'self' *.paypal.com *.paypalobjects.com; base-uri 'self'; object-src 'none' ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-ukwest.onetrust.com/ *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com www.googletagmanager.com mpscdnuks.azureedge.net widget.spreaker.com www.googleadservices.com *.doubleclick.net www.instagram.com www.vimeo.com vimeo.com code.jquery.com snap.licdn.com mail2.mps.org.uk https://secure.garm9yuma.com kendo.cdn.telerik.com https://ajax.microsoft.com http://aspnet-scripts.telerikstatic.com/ *.cloudfront.net https://mpswebsitecdn.blob.core.windows.net https://pagead2.googlesyndication.com *.cloudflare.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com mpscdnuks.azureedge.net https://mpswebsitecdn.blob.core.windows.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com mpscdnuks.azureedge.net data:; img-src 'self' https://cdn-ukwest.onetrust.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com *.doubleclick.net *.google.com *.google.it mpscdnuks.azureedge.net *.google.co.uk *.linkedin.com https://www.google.bg https://livemedical.sitefinity.cloud/ https://www.googleadservices.com/ https://www.dentalprotection.org https://www.medicalprotection.org https://intmps-aut.sitefinity.cloud https://intdentalmps-aut.sitefinity.cloud https://www.googletagmanager.com i.vimeocdn.com *.azureedge.net mps-aut.sitefinity.cloud intmps.sitefinity.cloud intdentalmps.sitefinity.cloud; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; frame-src 'self' td.doubleclick.net player.vimeo.com widget.spreaker.com https://mail2.mps.org.uk https://www.facebook.com www.google.com https://survey.zohopublic.eu https://vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com www.instagram.com widget.spreaker.com mail2.mps.org.uk https://secure.garm9yuma.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com *.analytics.google.com *.doubleclick.net www.facebook.com *.googleapis.com cdn.linkedin.oribi.io https://idx.liadm.com https://adservice.google.com *.onetrust.com *.luckyorange.net https://pagead2.googlesyndication.com https://vimeo.com; 1
frame-ancestors 'self' *.force.com wingate.edu *.mvix.com iframetester.com *.amazonaws.com; 1
frame-ancestors 'self' https://manage.contractormag.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kind.social; img-src 'self' https: data: blob: https://kind.social; style-src 'self' https://kind.social 'nonce-cG3QTZ7Nj9qdymmNbQx5VQ=='; media-src 'self' https: data: https://kind.social; frame-src 'self' https:; manifest-src 'self' https://kind.social; form-action 'self'; child-src 'self' blob: https://kind.social; worker-src 'self' blob: https://kind.social; connect-src 'self' data: blob: https://kind.social https://cdn.masto.host wss://kind.social; script-src 'self' https://kind.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' tt.omtrdc.net *.akstat.io akstat.io *.go-mpulse.net go-mpulse.net *.amazonaws.com amazonaws.com s3-eu-west-1.amazonaws.com *.bing.com bing.com *.btttag.com btttag.com c212.net cloudflare.com *.decibelinsight.net wss://collection.decibelinsight.net decibelinsight.net g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.facebook.com *.facebook.net facebook.com facebook.net *.fanplayr.com fanplayr.com *.gigya.com gigya.com *.google.com *.google.de *.google.it *.googlesyndication.com *.gstatic.com *.youtube-nocookie.com google.co.uk google.com google.de google.it googlesyndication.com gstatic.com youtube-nocookie.com googleadservices.com *.googleapis.com googleapis.com *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.jaguar.com jaguar.co.uk jaguar.com *.build.landrover *.jaguarlandrover.com *.landrover.com *.landrover.de *.landrover.it *.pds.jaguarlandrover.com build.landrover jaguarlandrover.com landrover.co.uk landrover.com landrover.de landrover.it pds.jaguarlandrover.com ads.linkedin.com linkedin.com linkedin.oribi.io licdn.com *.lpsnmedia.net lpsnmedia.net *.liadm.com liadm.com *.liveperson.net idp.liveperson.net liveperson.net msg.liveperson.net msghist.liveperson.net v.liveperson.net a.run.app *.netdirector.auto netdirector.auto *.a.run.app *.ads.linkedin.com *.akamaihd.net *.b-cdn.net *.c212.net *.cloudflare.com *.config.landrover.com *.decibel.com *.fls.doubleclick.net *.google.co.uk *.googleadservices.com *.jaguar.co.uk *.jaguarlandroverclassic.com *.jlr-dev.com *.landrover.co.uk *.landroverusa.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.omtrdc.net *.pinimg.com *.pinterest.com *.psyma.com *.sc-static.net *.scene7.com *.securedvisit.com *.sfmc-content.com *.snapchat.com *.sophus3.com *.stripe.com *.sv.rkdms.com *.userlike.com *.web.app *.woosmap.com *.yahoo.co.jp akamaihd.net b-cdn.net config.landrover.com decibel.com landroverusa.com leasinglandrover.de psyma.com scene7.com sophus3.com syndication.kbb.com userlike.com web.app www.leasinglandrover.de pinimg.com pinterest.com securedvisit.com *.serving-sys.com serving-sys.com sc-static.net snapchat.com stripe.com *.tiktok.com tiktok.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.ads-twitter.com ads-twitter.com *.t.co t.co sv.rkdms.com *.vee24.com vee24.com woosmap.com *.yimg.jp yahoo.co.jp yimg.jp *.youtube.com *.ytimg.com youtube.com ytimg.com *.configureconnect.com *.kampyle.com *.medallia.eu *.netdirector.co.uk wss://lo.msg.liveperson.net data: blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' bam.harridev.com harridev.com fr.harridev.com es.harridev.com ru.harridev.com de.harridev.com pl.harridev.com ar.harridev.com tr.harridev.com dev.harridev.com fr.dev.harridev.com es.dev.harridev.com ru.dev.harridev.com de.dev.harridev.com pl.dev.harridev.com ar.dev.harridev.com tr.dev.harridev.com newdev.harridev.com stage.harridev.com hmap.harridev.com fr.hmap.harridev.com es.hmap.harridev.com ru.hmap.harridev.com de.hmap.harridev.com pl.hmap.harridev.com ar.hmap.harridev.com tr.hmap.harridev.com dv1.harridev.com dv2.harridev.com sandbox.harridev.com local.harridev.com:9001 fr.local.harridev.com:9001 es.local.harridev.com:9001 ru.local.harridev.com:9001 de.local.harridev.com:9001 pl.local.harridev.com:9001 ar.local.harridev.com:9001 tr.local.harridev.com:9001 local.harridev.com:9002 fr.local.harridev.com:9002 es.local.harridev.com:9002 ru.local.harridev.com:9002 de.local.harridev.com:9002 pl.local.harridev.com:9002 ar.local.harridev.com:9002 tr.local.harridev.com:9002 localhost.harridev.com:9001; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lor.sh; img-src 'self' https: data: blob: https://lor.sh; style-src 'self' https://lor.sh 'nonce-rhFRzkFwQ81XTRBuTcdFhw=='; media-src 'self' https: data: https://lor.sh; frame-src 'self' https:; manifest-src 'self' https://lor.sh; form-action 'self'; child-src 'self' blob: https://lor.sh; worker-src 'self' blob: https://lor.sh; connect-src 'self' data: blob: https://lor.sh https://s3.eu-central-1.wasabisys.com/lor-sh/lor-sh/ wss://lor.sh; script-src 'self' https://lor.sh 'wasm-unsafe-eval' 1
block-all-mixed-content; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' *.larrainvial.com; img-src 'self' data: * https://cdn.larrainvial.com 1
default-src 'self' 'unsafe-inline' data: img.sct.eu1.usercentrics.eu *.cookiebot.eu *.vesseltracker.com *.adler-schiffe.de *.faehre.de *.faehre2.de faehre2.de *.h2lokal.de *.ytimg.com *.youtube-nocookie.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.eu *.vesseltracker.com *.adler-schiffe.de *.faehre.de *.faehre2.de faehre2.de; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-SL1gg__AOms_mPoeR20vXA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'none';img-src 'self';style-src 'sha256-jPWMiGX4+RQtBx1O1+gizuEo1YMHTUzWhNCmtUAXn2A=';frame-ancestors https://kagi.com/smallweb;base-uri 'none';form-action https://collector.seirdy.one/webmentions/receive;manifest-src 'self';upgrade-insecure-requests;sandbox allow-same-origin allow-forms allow-downloads 1
default-src 'self';script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://duno2s3rzus16.cloudfront.net https://cdn.cookielaw.org https://code.jquery.com https://use.typekit.net https://connect.facebook.net https://cdn.sajari.com https://cdn.logiforms.com https://cdn.jsdelivr.net/npm/@fancyapps/ https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js 'sha256-orgjVl5E88xKDnTlzeZIQp0nqrG/9Kf/l7x+FSrYx7o=' 'sha256-bVpYvdZhp/msedj2fLgl6wscOoE4/uWRe5IDykj8Yps=' 'sha256-8wGzx7HdhrSjexnDnqMd65jaoHcVKb7dRR5f6YBPie4=' 'sha256-LpcSG80g6h2xvje2HUz70yT89VrEqZWHWTY7Zqs1lm0=' 'sha256-MK595NdCiijJOMjhp9x2OTBCq9J0UoRVyUySnWv7FY8=' 'sha256-c+9aiFetoJC/w8iunqn4HO7zyHTidZopqGNyKvHx2d4=' 'sha256-JhT/5B/QVU9mBDN8jcmTKBP9w4oJ8PzRUnsIxL6mrk8=' 'sha256-5Icp+d5KVKlH8LxjZDr9ldrCDEJ3SyBc7+HD9iSHf30=' 'sha256-sK3Zm7rxnjmbqPBc//CzDeDxIVxbOAjF/lNodZZj4CI=' 'sha256-+P0peLS+Zo2maBMu3pHfJuKo6r1n/0TMdD9wLlRwPKc=' 'sha256-Oh6rsXg5xrXcPATLs9nd/eIHAWz58+3Xu7zlPMrDuNk=' 'sha256-QdA0Pu48HdBYxydA3gsDo2fbay+kZfu5c0YEwubeNCM=' 'sha256-6PfkhvaJg8PwmKg4WIA4o3eQfAfBWEKbAMzWc2f/ZyE=' 'sha256-E1QoWiVx9QlntQ3/+e05uDVWPar+0VVNWhif0uNk79Y=' 'sha256-1SKi+m+tRXcvZ6F5h7ePydbVMQvkVXAFABEwOvCsmOY=' 'sha256-eS1Rgh0N9pBKu7ZYyNIy6Nkn6GXWDpbaqe3l3+8brJc=' 'sha256-F3DTXiRxkJ5l6vXdIGLv541malXaDJONKadre64NrGg=' 'sha256-2DHVyTw+89oEmC57JhdIbdqUiZ52ro9hc4vZ7c+A1tk=' 'sha256-L3WRFqQ3S1LILwQvy9XLQGK+zo85j/jsF2Qy0LoQG8c=' 'sha256-qT5NusfFxWBoBqpBBPnyEAh0fxeDFmLoquTr0aZaWzY=' 'sha256-CQ2STEEnv6fn7kjxLynxeluMH80eWh7ozqYQ2osSb3c=' 'sha256-3uREjnofj2x6DofuuBs+YQlARXWvuUeMmz1rTutWUPM=' 'sha256-88cxDe9CUv80IKB2WZogvJ3/495GAXlsDZYAvwcNOac=' 'sha256-f9jymI/8Ja5Oo5z9QPU4xl3VyYEq+1qeu/rEhh5XTLg=';style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://fonts.googleapis.com https://cdn.cookielaw.org https://cdn.jsdelivr.net;img-src 'self' https://p.typekit.net https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://c.kz-rv.com https://duno2s3rzus16.cloudfront.net https://www.facebook.com https://i.ytimg.com https://re.sajari.com https://www.googletagmanager.com;form-action 'self' https://www.venture-rv.com https://kz-rv.net https://www.googletagmanager.com https://www.facebook.com;font-src 'self' https://use.typekit.net https://fonts.gstatic.com https://www.google-analytics.com https://duno2s3rzus16.cloudfront.net;connect-src 'self' https://c.kz-rv.com https://duno2s3rzus16.cloudfront.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://performance.typekit.net https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://jsonapi-us-valkyrie.sajari.net https://www.facebook.com/tr/ https://pagead2.googlesyndication.com/pagead/;frame-src 'self' https://kz-rv.net https://www.youtube-nocookie.com https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://forms.logiforms.com https://www.facebook.com https://td.doubleclick.net;object-src 'self';report-uri https://www.kz-rv.com/csp-violation-report/csp-violation-report.php 1
default-src https: 'unsafe-inline' 'self' data: 1
default-src 'self'; script-src 'self' https://platform.twitter.com/widgets.js https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://www.calendarwiz.com https://cdn.plot.ly https://players.brightcove.net https://analytics.brightcove.net https://kit.fontawesome.com  https://s0.2mdn.net https://adservice.google.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ js.hs-scripts.com js.hsforms.net/ js.hs-analytics.net *.en25.com cdn.ampproject.org cbbb.realmagnet.land http://bbbprograms.org/Sitefinity/Authenticate/OpenID/assets/app.FormPostResponse.js https://tagmanager.google.com https://cdn.rlets.com https://bbbnp-bbbp-stf-use1-01.s3.amazonaws.com https://assets.bbbprograms.org/ https://cdn.plot.ly/usa_110m.json https://cdn.plot.ly/plotly-latest.min.js:61 *.crazyegg.com https://stats.g.doubleclick.net/j/collect https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json https://js.hsforms.net/forms/v2.js https://js.hs-banner.com/8712603.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.paypalobjects.com/ https://googleads.g.doubleclick.net/ https://js.hsadspixel.net/fb.js https://snap.licdn.com/; style-src https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://www.calendarwiz.com https://cbbb.wufoo.com https://players.brightcove.net 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com http://bbbprograms.org https://assets.bbbprograms.org; font-src 'self' https://cloud.typography.com/ https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com http://www.calendarwiz.com https://players.brightcove.net fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/ https://bbbprograms.org/ https://assets.bbbprograms.org; img-src *.s3.amazonaws.com https://www.calendarwiz.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://secure-cf-c.ooyala.com http://cf.c.ooyala.com https://players.brightcove.net 'self' *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com clients1.google.com platform.tumblr.com *.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.coms https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://d3w4wo0n3briz3.cloudfront.net/ https://assets.bbbprograms.org/ https://track.hubspot.com/ https://px.ads.linkedin.com/ https://t.co/ https://analytics.twitter.com/ https://perf.hsforms.com/ https://p.adsymptotic.com/ https://px4.ads.linkedin.com/ https://analytics.google.com/; media-src http://cf.c.ooyala.com 'self' data: blob:; form-action 'self' https://cbbb.wufoo.com https://bbbprograms.org https://forms.hsforms.com/ https://js.hsforms.net/ https://desk.zoho.com/support/WebToCase; child-src https://www.google.com https://auto.bbbnp.org/ https://caru.bbbnp.org https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net http://imasdk.googleapis.com/ http://l.ooyala.com/ 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com https://privacyseals.bbbprograms.org/ web.facebook.com badge.stumbleupon.com https://js.hsforms.net/forms-next/shell-recaptcha https://applications.bbbprograms.org https://forms.hsforms.com/submissions/ https://bbbprograms.org blob: *.adobe.com/ https://assets.bbbprograms.org https://privacyinitiatives.bbbprograms.org https://privacyinitiatives.bbbnp.org; connect-src *.google-analytics.com https://cloud.typography.com/7948038/7854212/css/fonts.css https://betterbusiness.blubrry.com https://player.blubrry.com https://media.blubrry.com https://cbbb.wufoo.com https://players.brightcove.net https://licensing.bitmovin.com https://metrics-api.librato.com 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://stats.g.doubleclick.net/ https://js.hs-banner.com/cookie-banner-public/v1/domain-collection https://ka-f.fontawesome.com/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8712603/aafc1d80-12f1-408c-8344-a1ec382e57db.json.gz https://script.crazyegg.com/ https://tracking.crazyegg.com/ https://pagestates-tracking.crazyegg.com/healthcheck https://assets-tracking.crazyegg.com/healthcheck https://hubspot-forms-static-embed.s3.amazonaws.com/prod/8712603/86a3b92f-d714-41db-b093-1a560633c100.json.gz https://js.hs-banner.com/cookie-banner-public/v1/activity/view https://pagestates-tracking.crazyegg.com/ https://analytics.google.com/ https://assets.bbbprograms.org https://cdn.linkedin.oribi.io/ https://api.hubapi.com/hs-script-loader-public/; 1
default-src 'self' https://*.deutsche-wohnen.com;object-src 'self';frame-src *.deutsche-wohnen.com *.youtube.com *.youtube-nocookie.com https://consentcdn.cookiebot.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com developers.google.com maps.google.com maps.googleapis.com consentcdn.cookiebot.eu consent.cookiebot.eu https://privacyportalde-cdn.onetrust.com https://l.ecn-ldr.de;style-src 'self' https://privacyportalde-cdn.onetrust.com data: 'unsafe-inline' fonts.googleapis.com;img-src *.deutsche-wohnen.com 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com googleads.g.doubleclick.net www.google.com www.google.de;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://privacyportalde-cdn.onetrust.com data: 'unsafe-inline';connect-src 'self' https://*.deutsche-wohnen.com https://maps.googleapis.com https://consentcdn.cookiebot.eu https://privacyportalde-cdn.onetrust.com https://www.econda-monitor.de;manifest-src 'self' 1
default-src 'self'; connect-src 'self' https://www.profound.net/analytics/; frame-src 'self' https://www.google.com/ https://player.vimeo.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ https://cdn.datatables.net/ https://www.google.com/ https://www.gstatic.com/ https://www.profound.net/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://cdn.datatables.net/; font-src 'self' https://cdnjs.cloudflare.com; object-src 'self'; img-src 'self' data: https://cdn.datatables.net/ https://www.profound.net/analytics/; 1
frame-ancestors 'self' https://www.beanstream.com https://translate.google.com ; object-src 'self' https://www.beanstream.com https://*.electroluxmedia.com  https://media.frigidaire.com; report-uri /CSP-report; 1
frame-ancestors 'self' *.easyzic.com 1
default-src 'self' *.findox.com data:;script-src 'self' https://cdn.findox.com https://cdn-marketing.findox.com https://www.gstatic.com/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://cdn.pubnub.com https://ajax.googleapis.com/ https://az416426.vo.msecnd.net https://documentcloud.adobe.com https://cdn-cookieyes.com https://appsforoffice.microsoft.com/ 'unsafe-eval' 'unsafe-inline';style-src 'self' https://fonts.googleapis.com http://netdna.bootstrapcdn.com https://cdn.findox.com https://cdn-marketing.findox.com https://static2.sharepointonline.com 'unsafe-inline';worker-src 'self' blob: https://cdn.findox.com https://cdn-marketing.findox.com;frame-src 'self' https://www.google.com https://*.officeapps.live.com https://player.vimeo.com https://documentcloud.adobe.com https://cdn-marketing.findox.com *.aggredium.com 'unsafe-inline';object-src 'none';font-src 'self' data: https://cdn.findox.com https://cdn-marketing.findox.com https://fonts.googleapis.com https://fonts.gstatic.com http://netdna.bootstrapcdn.com https://static2.sharepointonline.com https://appsforoffice.microsoft.com;img-src 'self' blob: data: https://findox-videos.s3.us-west-1.amazonaws.com https://cdn.findox.com https://cdn-marketing.findox.com https://www.google-analytics.com https://*.cdn.office.net https://cdn-cookieyes.com https://*.amazonaws.com;media-src 'self' blob: data: https://findox-videos.s3.us-west-1.amazonaws.com https://cdn.findox.com https://cdn-marketing.findox.com;form-action 'self' https://local.findox.com/login https://cdn.findox.com https://cdn-marketing.findox.com https://*.officeapps.live.com;base-uri 'self';frame-ancestors 'self' https://*.officeapps.live.com https://*.sharepoint.com https://*.onmicrosoft.com;connect-src 'self' *.findox.com *.aggredium.com *.reorg.com https://cdn.findox.com https://cdn-marketing.findox.com https://js.logentries.com https://*.js.logs.insight.rapid7.com https://*.logentries.com https://*.pndsn.com http://localhost:* https://dc.services.visualstudio.com https://viewlicense.adobe.io https://*.azurewebsites.net https://*.signalr.net wss://*.signalr.net https://www.google-analytics.com https://log.cookieyes.com https://cdn-cookieyes.com https://*.reorg.com wss://*.reorg.com wss://*.aggredium.com unsafe-inline https://browser-intake-datadoghq.com https://*.launchdarkly.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; report-uri https://www.958888.ru/at/_csp_reports/; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.bazaarvoice.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' assets.ctfassets.net fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' pandg.tapad.com *.adsrvr.org *.doubleclick.net *.jebbit.com *.pghub.io *.bazaarvoice.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com ; manifest-src * ; 1
object-src 'none'; form-action 'self' https://*.activehosted.com https://*.eloqua.com https://nrgi.custhelp.com https://hooks.zapier.com https://elcon.dk https://totalkreditform.ebas.dk https://*.nrgi.dk; frame-ancestors 'none'; script-src https: 'unsafe-inline' 'unsafe-eval' 'self' *.widget.custhelp.com 1
default-src blob: https:; font-src https: data:; img-src blob: data: https:; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; style-src 'unsafe-inline' https:; 1
default-src 'self'  https://sdk.privacy-center.org https://api.privacy-center.org https://www.google.com/pagead/conversion_async.js https://popups.landingi.com https://scripts.assets-landingi.com  https://connect.facebook.net https://googleads.g.doubleclick.net https://tag.oniad.com/ https://tag.oniad.com/4039/ https://tag.oniad.com/6674fdf296 https://googleads.g.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com/ https://use.typekit.net/ https://www.google.com/recaptcha/api.js https://region1.google-analytics.com/ https://grupoanaya.es/; script-src 'self' 'sha256-wZ533+xTHuB5Roz9gD5XJEFuxh8cgVYkdvmgWt+SBXI=' https://www.googletagmanager.com https://www.googleadservices.com https://track.adform.net  https://sdk.privacy-center.org https://api.privacy-center.org https://www.google.com/pagead/conversion_async.js https://popups.landingi.com https://scripts.assets-landingi.com https://www.googletagmanager.com/ https://googleads.g.doubleclick.net  https://connect.facebook.net https://tag.oniad.com/ https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com/ https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://tag.oniad.com/6674fdf296 https://tag.oniad.com/4039/ https://region1.google-analytics.com/ https://grupoanaya.es/; style-src 'self' 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; img-src * data: https://region1.google-analytics.com/ https://grupoanaya.es/; connect-src * ; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 1
object-src 'none'; frame-ancestors 'self' https://ekatalog.viebrockhaus.de; report-uri https://www.viebrockhaus.de/report-uri/enforce 1
frame-ancestors 'self'; trusted-types 'none'; base-uri 'self'; form-action 'self' https://pc.pkoleasing.pl/ https://pc.pkoleasing.pl/* https://*.pc.pkoleasing.pl https://*.pc.pkoleasing.pl/ https://*.pc.pkoleasing.pl/*; object-src 'none'; font-src 'self' https://www.cortland.pl http://www.cortland.pl https://geowidget.easypack24.net https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.eot https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.woff https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.ttf https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.svg https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 https://fonts.gstatic.com/s/opensans/v36/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2 https://pc.pkoleasing.pl/leasing/assets/fonts/pko-bank-polski/PKOBankPolski-Bold.otf https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN03.woff https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN06.woff https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN06.otf https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN03.otf https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN03.ttf https://simplylease.s3.eu-central-1.amazonaws.com/assets/fonts/SISAN06.ttf https://pc.pkoleasing.pl/leasing/assets/fonts/pko-bank-polski/PKOBankPolski-Regular.otf data:; script-src 'self' https://pc.pkoleasing.pl/ https://pc.pkoleasing.pl/leasing/assets/widget/pkol-installment-widget-styles.css https://pc.pkoleasing.pl/leasing/assets/widget/pkol-installment-widget.js https://simplylease.s3.eu-central-1.amazonaws.com/widget_v2/widget-loader.js https://simplylease.s3.eu-central-1.amazonaws.com/widget_v2/ https://simplylease-beta.s3.eu-central-1.amazonaws.com/widget_v2/widget-loader.js https://simplylease-beta.s3.eu-central-1.amazonaws.com/widget_v2/ https://storage.googleapis.com/siecommerce-widget/ https://www.cortland.pl http://www.cortland.pl https://cortland.pl http://cortland.pl https://geowidget.easypack24.net https://cdn.shareaholic.net/assets/pub/shareaholic.js https://m9m6e2w5.stackpathcdn.com/v2/dc11be8f/main.js https://m9m6e2w5.stackpathcdn.com/v2/32cc8bfb/main.js https://m9m6e2w5.stackpathcdn.com/v2/dc11be8f/buttons.js https://partner.shareaholic.com/partners.js https://tenantpluginapiserver01.conpeek.ispot.pl https://connect.facebook.net/en_US/fbevents.js https://ssl.ceneo.pl/ct/v5/script.js https://cdn.cookiehub.eu/c2/8fc17a4d.js https://wchat.freshchat.com https://widget.freshworks.com https://sgqcvfjvr.onet.pl/YnVpbGQve21pbml0MjQxfWRsQXBpL21pbml0LnsybWluaXQyNDF9bWluLmpz https://lib.onet.pl/static/pixel/1.6.7/pixel-module.js?4a8df313041190d7d5e593a924ce352f https://cortland-team.freshchat.com/js/widget.js https://d3vhsxl1pwzf0p.cloudfront.net http://d3vhsxl1pwzf0p.cloudfront.net https://api-s.edrone.me/ http://api-s.edrone.me/ https://d3bo67muzbfgtl.cloudfront.net/ http://d3bo67muzbfgtl.cloudfront.net/ http://api.edrone.me/ https://api.edrone.me/ https://www.googletagmanager.com/ https://connect.facebook.net/ http://cookiehub.net/ https://cookiehub.net/ https://tags.creativecdn.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://lib.onet.pl/s.csr/build/dlApi/minit.boot.min.js https://snap.licdn.com/li.lms-analytics/insight.old.min.js http://www.google.com https://www.google.com http://googleads.g.doubleclick.net https://googleads.g.doubleclick.net http://pagead2.googlesyndication.com https://pagead2.googlesyndication.com http://snap.licdn.com/li.lms-analytics https://snap.licdn.com/li.lms-analytics http://bat.bing.com https://bat.bing.com http://www.clarity.ms https://www.clarity.ms http://wrap.tradedoubler.com https://wrap.tradedoubler.com http://*.onet.pl https://*.onet.pl http://*.optimalpeople.fr https://*.optimalpeople.fr http://sgqcvfjvr.onet.pl/YnVpbGQve21pbml0MjQwfWRsQXBpL21pbml0LnsybWluaXQyNDB9bWluLmpz https://sgqcvfjvr.onet.pl/YnVpbGQve21pbml0MjQwfWRsQXBpL21pbml0LnsybWluaXQyNDB9bWluLmpz http://sgqcvfjvr.onet.pl/build/dlApi/dl.aureus.min.js https://sgqcvfjvr.onet.pl/build/dlApi/dl.aureus.min.js http://sgqcvfjvr.onet.pl/simetra/clickmap/5.0.5/clickmap.min.js https://sgqcvfjvr.onet.pl/simetra/clickmap/5.0.5/clickmap.min.js http://sgqcvfjvr.onet.pl/simetra/artemis/0.6.1/artemis.min.js https://sgqcvfjvr.onet.pl/simetra/artemis/0.6.1/artemis.min.js http://lib.onet.pl/static/pixel/1.6.6/pixel-module.js https://lib.onet.pl/static/pixel/1.6.6/pixel-module.js 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' data: loading.expres *.loading.ru *.loading.express 'unsafe-inline' *.webpagetest.org http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.yandex.net *.yandex.ru *.cdn77.org *.yandex.md *.yandex.com *.yandex.fr *.yandex.ua *.yandex.kz *.yandex.by *.yandex.uz *.ampproject.org *.google.co.cr *.google.gr *.google.dz *.google.fi *.google.tm *.google.com.tw *.google.com.my *.google.mv *.google.com.mm *.google.mk *.google.com.bd *.google.com.gi *.google.dk *.google.com.sa *.google.ad *.google.com.pa *.google.co.tz *.google.li *.google.hr *.google.com *.google.com.co *.google.sk *.google.cn *.google.si *.google.cl *.google.hu *.google.no *.google.it *.google.bg *.google.co.jp *.google.be *.google.com.vn *.google.me *.google.kg *.google.rs *.google.com.ph *.google.com.cy *.google.com.br *.google.ie *.google.pt *.google.co.in *.google.lu *.google.lk *.google.com.pk *.google.cz *.google.am *.google.se *.google.ca *.google.ro *.google.com.mx *.google.ge *.google.ch *.google.lv *.google.co.uk *.google.az *.google.co.id *.google.com.eg *.google.nl *.google.co.il *.google.pl *.google.com.au *.google.com.hk *.google.com.tr *.google.co.nz *.google.at *.google.ae *.google.lt *.google.co.kr *.google.com.sg *.google.sc *.google.com.ua *.google.ee *.google.fr *.google.co.th *.google.co.uz *.google.md *.google.by *.google.kz *.google.de *.google.es *.google.com.tj *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.ggpht.com *.ytimg.com *.google.ru *.youtube.com *.jsdelivr.net *.googleapis.com *.gstatic.com *.pusher.com wss://*.pusher.com *.gravatar.com *.youtube-nocookie.com *.w.org *.spreaker.com *.rating-widget.com *.fontawesome.com *.googleusercontent.com 'unsafe-eval' top-fwz1.mail.ru content.mql5.com *.licdn.com vk.com *.vk.com *.quora.com *.linkedin.com *.utmstat.com *.segment.com *.segment.io myiw.ru *.myiw.ru perfscan.ru *.perfscan.ru *.sendpulse.com carrotquest.app carrotquest.io *.carrottrack.io *.carrotquest.io *.carrotquest.app wss://*.carrotquest.app; report-uri https://sentry.myiw.ru/api/6/security/?sentry_key=29777cbd17e945eea3f35027ada00ba9; 1
default-src 'self' carnegiegroup.com www.carnegiegroup.com;connect-src 'self' www.google-analytics.com analytics.google.com consent.cookie-script.com sentry.frojd.se stats.g.doubleclick.net www.google.se www.google.dk www.google.no www.google.co.uk www.google.fi *.dynamics.com *.azureedge.net *.microsoft.com widget.datablocks.se hub.mfn.se pagead2.googlesyndication.com www.google.com googleads.g.doubleclick.net;script-src 'self' blob: 'unsafe-inline' cdn.cookie-script.com code.jquery.com www.googletagmanager.com www.google-analytics.com www.youtube.com browser.sentry-cdn.com www.google.com www.gstatic.com connect.facebook.net *.dynamics.com *.azureedge.net *.microsoft.com report.cookie-script.com widget.datablocks.se www.googleadservices.com;style-src 'self' 'unsafe-inline' translate.googleapis.com;frame-src 'self' www.googletagmanager.com w.soundcloud.com vimeo.com player.vimeo.com www.youtube.com www.google.com *.dynamics.com td.doubleclick.net;img-src 'self' www.google.se www.google-analytics.com www.googletagmanager.com i.vimeocdn.com www.google.dk www.google.no www.google.co.uk www.google.fi i.ytimg.com www.facebook.com www.gstatic.com translate.google.com googleads.g.doubleclick.net www.google.com fonts.gstatic.com www.google.com.my carnegiegroup.com www.carnegiegroup.com;frame-ancestors 'self' *.dynamics.com *.azureedge.net *.microsoft.com;report-uri https://sentry.frojd.se/api/65/security/?sentry_key=bcf54e55a7e24345986d60b8a4448fb0; 1
default-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com/ https://www.google.com/recaptcha/; img-src 'unsafe-inline' 'self' *.google-analytics.com data:; object-src 'none'; script-src https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'self' https://www.googletagmanager.com/ https://www.google.com/recaptcha/ 'unsafe-eval'; style-src 'unsafe-inline' 'self'; form-action *; 1
frame-ancestors 'none'; upgrade-insecure-requests ; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.googleapis.com https://app.addsearch.com https://connect.facebook.net https://www.facebook.com/signals/iwl.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://apis.google.com https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.googleadservices.com https://pagead2.googlesyndication.com https://trafficscanner.pl https://bat.bing.com; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.googleapis.com *.ingest.sentry.io https://sentry.services.dkms.org https://graph.facebook.com https://www.facebook.com/tr www.google.com https://www.google.com https://google.com https://adservice.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com *.dkms.pl wss://trafficscanner.pl https://trafficscanner.pl https://bat.bing.com; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.gstatic.com *.googleapis.com *.ytimg.com https://www.facebook.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://adservice.google.com/pagead/ https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.google.co.in/pagead/ https://www.google.pl/pagead/ https://www.google.co.uk/pagead/ https://www.google.co.za/pagead/ https://www.google.cl/pagead/ https://trafficscanner.pl https://bat.bing.com; font-src 'self' data: *.gstatic.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.youtube-nocookie.com *.piwik.pro https://player.vimeo.com https://e.issuu.com https://open.spotify.com https://www.facebook.com https://td.doubleclick.net https://11785874.fls.doubleclick.net; object-src 'none'; form-action 'self' https://www.facebook.com/tr; 1
default-src 'none'; script-src 'unsafe-inline' https: 'nonce-eDY2NDJjMTBjYThlNGQ3LjQxMDY0MjU3' 'strict-dynamic'; form-action 'self'; frame-ancestors 'none'; style-src * 'unsafe-inline'; object-src 'none'; base-uri 'none'; img-src *; font-src *; connect-src 'self' 1
worker-src 'self' 'unsafe-inline' blob:; script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'self'; frame-ancestors 'self' 1
frame-ancestors 'self' www.ranzijn.nl ranzijn.nl magento.ranzijn.nl; 1
frame-ancestors 'self' https://manage.roadsbridges.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
frame-ancestors 'self' https://*.facebook.com; https://pavlok.reamaze.com; 1
frame-ancestors http://ne.snn-unit.de https://ne.snn-unit.de https://aub-cloud.htwsaar.de 'self' 1
default-src 'self';     frame-ancestors 'self';     img-src 'self' *.giphy.com oaidalleapiprodscus.blob.core.windows.net data: ;     script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com *.google.com *.gstatic.com *.stripe.com ipinfo.io ;     font-src 'self' fonts.gstatic.com data: ;     style-src 'self' 'unsafe-inline' fonts.googleapis.com *.getmdl.io;     media-src 'self' *.youtube.com *.youtube-nocookie.com;     object-src 'self' *.youtube.com *.youtube-nocookie.com *.googlevideo.com *.ytimg.com;     connect-src 'self' *.giphy.com;     frame-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com *.stripe.com;     worker-src 'self' blob:; 1
default-src 'self'; child-src 'self' ommelanderziekenhuis.consultassistent.nl www.youtube.com www.youtube-nocookie.com maps.google.com maps.google.nl www.google.com *.vimeocdn.com player.vimeo.com vimeo.com; connect-src 'self'; font-src 'self' data:; img-src 'self' i.ytimg.com www.zorgkaartnederland.nl *.readspeaker.com data: blob:; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-c74b63d5-be59-4eb0-ad3c-7ee9e9aa7ea2' www.zorgkaartnederland.nl *.readspeaker.com;  style-src 'self' 'nonce-c74b63d5-be59-4eb0-ad3c-7ee9e9aa7ea2' www.zorgkaartnederland.nl *.readspeaker.com data:;  base-uri 'self'; form-action 'self'; frame-ancestors 'self';  report-uri /csp-report; upgrade-insecure-requests; 1
frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://fast.wistia.net/ https://forms.hsforms.com/ https://s7.addthis.com/ https://platform.twitter.com/ https://www.facebook.com/ https://www.google.com/ https://mozbar.moz.com/ https://td.doubleclick.net/; worker-src blob:; form-action 'self' https: 1
default-src 'unsafe-inline' 'unsafe-eval' none www.hostingschmiede.de; script-src 'unsafe-inline' 'unsafe-eval' none www.hostingschmiede.de; frame-ancestors www.hostingschmiede.de; base-uri 'self'; form-action 'self'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-42Kisj/rFl1uB7KovztkHg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' *.insiderscore.com *.infilings.com 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.toutapprendre.com 1
default-src https: data: wss: 'self' 'unsafe-inline' 'unsafe-eval'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://www.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://analytics.tiktok.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.ae https://*.parcellab.com https://sgtm.lookfantastic.ae; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.ae https://m.lookfantastic.ae https://checkout.lookfantastic.ae https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.recaptcha.net https://*.microsofttranslator.com https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://analytics.tiktok.com https://*.ibytedtos.com https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://sgtm.lookfantastic.ae; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
font-src * data: cdncf.esignatures.io;       script-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdncf.esignatures.io embed.tawk.to www.google-analytics.com ajax.googleapis.com https://zapier.com https://www.gstatic.com checkout.stripe.com www.googleadservices.com www.googletagmanager.com cdn.jsdelivr.net bat.bing.com http://ajax.googleapis.com platform.twitter.com snap.licdn.com cdn.zapier.com d2wy8f7a9ursnm.cloudfront.net;       style-src 'self' 'unsafe-inline' https://fonts.googleapis.com fonts.googleapis.com embed.tawk.to netdna.bootstrapcdn.com d1l4caeyiolul.cloudfront.net cdncf.esignatures.io https://www.gstatic.com checkout.stripe.com cdn.jsdelivr.net cdn.zapier.com;       report-uri /csp/report 1
default-src 'self' *.zdassests.com *.cloudinary.com;connect-src *.amplitude.com *.crazyegg.com *.yotpo.com https://*.prod.devacurlaws.com https://*.bing.com https://*.bounceexchange.com https://*.cdnbasket.net https://*.cdnwidget.com https://*.cookielaw.org https://*.devacurl.com https://*.devatech.us https://*.devatechpro.us https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://*.likeshop.me https://*.myshopify.com https://*.onetrust.com/ https://*.pinterest.com https://*.tiktok.com https://*.trackedweb.net https://*.zdassets.com https://*.zendesk.com https://*.zopim.com https://analytics.google.com/g/collect https://analytics.tiktok.com https://api.astutebot.com https://app.glitchtip.com https://devacurl.2m8f.net https://dfp.bouncex.net https://events.bouncex.net https://perf-api.wknd.ai https://s3-us-west-2.amazonaws.com/afterpayus-integrations/javascript/modal/us_modal.html https://sentry.io https://server.clearforme.com likeshop.me localhost:* wss://widget-mediator.zopim.com www.google-analytics.com;font-src 'self' *.gstatic.com *.yotpo.com data: fonts.gstatic.com https://assets.bounceexchange.com likeshop.me;frame-src *.afterpay.com *.crazyegg.com *.dotdigital-pages.com *.dotmailer-surveys.com *.doubleclick.net *.facebook.com *.googletagmanager.com *.hotjar.com *.meevo.com *.phorest.me *.youtube.com https://admin.rechargeapps.com/ https://assets.bounceexchange.com https://bot.emplifi.io/ https://calendly.com https://ct.pinterest.com https://dash.bounceexchange.com optimize.google.com phorest.com phorest.me;frame-ancestors https://*.dev.devacurlaws.com https://*.staging.devacurlaws.com https://*.prod.devacurlaws.com https://*.devacurl.com http://*.gitlab.io https://*.sephora.de http://localhost:*;img-src * blob: data: https://assets.bounceexchange.com https://events.bouncex.net optimize.google.com www.google-analytics.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.cookielaw.org *.crazyegg.com *.dashhudson.com *.dotdigital-pages.com *.dotmailer-surveys.com *.doubleclick.net *.facebook.net *.google.com *.google.com *.hotjar.com *.yotpo.com *.zdassets.com blob: https://*.afterpay.com https://*.bounceexchange.com https://*.calendly.com https://*.impactradius-event.com https://*.onetrust.com https://*.pinimg.com https://*.pinterest.com https://*.tiktok.com https://*.trackedweb.net https://analytics.tiktok.com https://analytics.tiktok.com/i18n/pixel/events.js https://bot.emplifi.io/ https://dash-staging.bounceexchange.com https://s.pinimg.com https://static.zdassets.com https://tag.bounceexchange.com https://tag.wknd.ai https://widget-mediator.zopim.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com;worker-src blob:;style-src 'self' 'unsafe-inline' *.crazyegg.com https://*.google.com https://*.googleapis.com https://*.mapbox.com https://*.yotpo.com https://assets.bounceexchange.com https://bot.emplifi.io/;report-uri https://app.glitchtip.com/api/441/security/?glitchtip_key=3dde4127c3534fe993e9bc77c36be5e5&sentry_environment=prod;media-src 'self' *.cloudinary.com *.crazyegg.com *.zdassets.com dashhudson-static.s3.amazonaws.com https://*.dashhudson.com 1
frame-ancestors 'self'; upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-UE5iJfhoEr8KjRCtc6fRcA=='; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://mc.yandex.ru https://googleads.g.doubleclick.net https://connect.facebook.net; 1
default-src 'unsafe-eval' 'unsafe-inline' 'self' ; font-src 'unsafe-eval' 'unsafe-inline' 'self' fonts.gstatic.com use.typekit.net styles.assets-landingi.com domnowoczesny.com www.grupapsb.com.pl; style-src 'unsafe-eval' 'unsafe-inline' 'self' fonts.googleapis.com use.typekit.net p.typekit.net amazonaws.com domnowoczesny.com www.grupapsb.com.pl; script-src 'unsafe-eval' 'unsafe-inline' 'self' www.googletagmanager.com www.google-analytics.com connect.facebook.net stats.g.doubleclick.net maps.google.com maps.googleapis.com s.ytimg.com domnowoczesny.com ajax.googleapis.com www.grupapsb.com.pl; connect-src 'unsafe-eval' 'unsafe-inline' 'self' www.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net www.google.pl www.facebook.com maps.googleapis.com domnowoczesny.com ajax.googleapis.com www.grupapsb.com.pl; frame-src 'unsafe-eval' 'unsafe-inline' 'self' www.facebook.com www.youtube.com domnowczesny.com; img-src * 'self' data: https:; object-src 'unsafe-eval' 'unsafe-inline' 'self' data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hear-me.social; img-src 'self' https: data: blob: https://hear-me.social; style-src 'self' https://hear-me.social 'nonce-QFVeGXAE/E+QBhjYZ6zRIQ=='; media-src 'self' https: data: https://hear-me.social; frame-src 'self' https:; manifest-src 'self' https://hear-me.social; form-action 'self'; child-src 'self' blob: https://hear-me.social; worker-src 'self' blob: https://hear-me.social; connect-src 'self' data: blob: https://hear-me.social https://files.hear-me.social wss://hear-me.social; script-src 'self' https://hear-me.social 'wasm-unsafe-eval' 1
object-src 'none'; script-src 'report-sample' https://we.incognito.org/logs/ https://we.incognito.org/sidekiq/ https://we.incognito.org/mini-profiler-resources/ https://we.incognito.org/assets/ https://we.incognito.org/brotli_asset/ https://we.incognito.org/extra-locales/ https://we.incognito.org/highlight-js/ https://we.incognito.org/javascripts/ https://we.incognito.org/plugins/ https://we.incognito.org/theme-javascripts/ https://we.incognito.org/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://cdnjs.cloudflare.com https://plausible.incognito.org https://incognito.org; worker-src 'self'; base-uri 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src * 'self' data: blob: gap: font-src 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.googlesyndication.com ajax.cloudflare.com static.cloudflareinsights.com cloudflareinsights.com www.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net partner.googleadservices.com adservice.google.com tpc.googlesyndication.com google.com www.google.com www.googletagmanager.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://assets.toad.social; img-src 'self' https: data: blob: https://assets.toad.social; style-src 'self' https://assets.toad.social 'nonce-/iiv5gO0lf52eN8hRkDJeQ=='; media-src 'self' https: data: https://assets.toad.social; frame-src 'self' https:; manifest-src 'self' https://assets.toad.social; form-action 'self'; child-src 'self' blob: https://assets.toad.social; worker-src 'self' blob: https://assets.toad.social; connect-src 'self' data: blob: https://assets.toad.social https://files.toad.social wss://toad.social; script-src 'self' https://assets.toad.social 'wasm-unsafe-eval' 1
default-src * data: blob: filesystem: 'unsafe-inline' 'unsafe-eval' http: https: ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.polyfill.io/v2/ https://apps.mypurecloud.com/webchat/jsapi-v1.js https://dhqbrvplips7x.cloudfront.net/ 1
frame-src 'self' *.amazon.de *.google.com *.paypal.com *.prismic.io *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://chitter.xyz; img-src 'self' https: data: blob: https://chitter.xyz; style-src 'self' https://chitter.xyz 'nonce-4Cwio+Ifqh6uyH/aCYT+qg=='; media-src 'self' https: data: https://chitter.xyz; frame-src 'self' https:; manifest-src 'self' https://chitter.xyz; form-action 'self'; child-src 'self' blob: https://chitter.xyz; worker-src 'self' blob: https://chitter.xyz; connect-src 'self' data: blob: https://chitter.xyz https://media.chitter.xyz wss://chitter.xyz; script-src 'self' https://chitter.xyz 'wasm-unsafe-eval' 1
base-uri 'self' https://*.exponea.com; font-src 'self' data: https://babywalz.omq.de https://*.paypalobjects.com; form-action 'self' https://*.adyen.com https://*.bazaarvoice.com; frame-ancestors 'self' https://app.storyblok.com; img-src 'self' data: https://*; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' https://*.aboutyou.cloud https://*.adyen.com https://*.omq.de https://*.googletagmanager.com https://fonts.googleapis.com https://*.bazaarvoice.com https://*.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.ch https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://www.paypal.com https://babywalz.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com https://*.abtasty.com; upgrade-insecure-requests; default-src 'none'; frame-src 'self' https://*.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://*.paypalobjects.com https://*.baby-walz.ch https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://www.awin1.com https://td.doubleclick.net https://www.sovendus-benefits.com https://www.sovendus-connect.com https://ct.pinterest.com https://*.bambuser.com https://tbs.tradedoubler.com https://*.bazaarvoice.com https://*.trustpilot.com catalogue.arkid.app https://*.abtasty.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://*.baby-walz.ch https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://*.aboutyou.cloud https://*.adyen.com https://www.paypal.com https://*.paypalobjects.com https://babywalz.omq.de https://api.exponea.com https://*.googletagmanager.com https://www.dwin1.com https://api.bounce-commerce.de https://www.awin1.com https://the.sciencebehindecommerce.com https://*.googleadservices.com https://connect.facebook.net https://trck.linkster.co https://*.sovendus.com https://s.pinimg.com https://*.bambuser.com https://*.abtasty.com https://connect.getflowbox.com https://*.bazaarvoice.com https://mpsnare.iesnare.com https://*.trustpilot.com https://go.vchfy.com https://insitez.blob.core.windows.net https://ct.pinterest.com; connect-src 'self' https://*.baby-walz.ch https://checkout.www.baby-walz.de https://walz-prev.checkout.api.scayle.cloud https://*.aboutyou.cloud/ https://*.adyen.com https://www.sandbox.paypal.com https://www.paypal.com https://*.paypalobjects.com https://x.klarnacdn.net https://babywalz.omq.de https://sockjs-us3.pusher.com https://*.exponea.com https://*.googletagmanager.com https://www.econda-monitor.de https://region1.google-analytics.com https://api.bounce-commerce.de https://www.wepowerconnections.com https://the.sciencebehindecommerce.com https://*.google.com https://googleads.g.doubleclick.net https://*.vhwmcs.net https://*.sovendus.com https://ct.pinterest.com https://*.bambuser.com https://*.abtasty.com https://*.getflowbox.com https://*.walz.de https://*.mixpanel.com https://*.vchfy.com https://*.informizely.com; media-src https://a.storyblok.com https://*.walz.de https://cdn.flbx.io; report-uri https://sentry.vhwmcs.net/api/2/security/?sentry_key=1a6c3da18b7a464cbfcf596e111c1def; 1
frame-ancestors 'www.careinspectorate.com' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://googletagmanager.com https://www.googletagmanager.com https://google-analytics.com https://www.google-analytics.com https://mc.yandex.ru https://www.mc.yandex.ru https://connect.facebook.net https://www.connect.facebook.net https://www.facebook.com https://facebook.com https://stats.g.doubleclick.net https://www.stats.g.doubleclick.net https://youtube.com https://www.youtube.com https://google.com https://www.google.com https://google.de https://www.google.de https://app.usercentrics.eu https://www.app.usercentrics.eu https://api.usercentrics.eu https://www.api.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.aggregator.service.usercentrics.eu https://graphql.usercentrics.eu https://www.graphql.usercentrics.eu https://i.ytimg.com https://www.i.ytimg.com https://google.ad https://google.ae https://google.com.af https://google.com.ag https://google.com.ai https://google.al https://google.am https://google.co.ao https://google.com.ar https://google.as https://google.at https://google.com.au https://google.az https://google.ba https://google.com.bd https://google.be https://google.bf https://google.bg https://google.com.bh https://google.bi https://google.bj https://google.com.bn https://google.com.bo https://google.com.br https://google.bs https://google.bt https://google.co.bw https://google.by https://google.com.bz https://google.ca https://google.cd https://google.cf https://google.cg https://google.ch https://google.ci https://google.co.ck https://google.cl https://google.cm https://google.cn https://google.com.co https://google.co.cr https://google.com.cu https://google.cv https://google.com.cy https://google.cz https://google.dj https://google.dk https://google.dm https://google.com.do https://google.dz https://google.com.ec https://google.ee https://google.com.eg https://google.es https://google.com.et https://google.fi https://google.com.fj https://google.fm https://google.fr https://google.ga https://google.ge https://google.gg https://google.com.gh https://google.com.gi https://google.gl https://google.gm https://google.gr https://google.com.gt https://google.gy https://google.com.hk https://google.hn https://google.hr https://google.ht https://google.hu https://google.co.id https://google.ie https://google.co.il https://google.im https://google.co.in https://google.iq https://google.is https://google.it https://google.je https://google.com.jm https://google.jo https://google.co.jp https://google.co.ke https://google.com.kh https://google.ki https://google.kg https://google.co.kr https://google.com.kw https://google.kz https://google.la https://google.com.lb https://google.li https://google.lk https://google.co.ls https://google.lt https://google.lu https://google.lv https://google.com.ly https://google.co.ma https://google.md https://google.me https://google.mg https://google.mk https://google.ml https://google.com.mm https://google.mn https://google.ms https://google.com.mt https://google.mu https://google.mv https://google.mw https://google.com.mx https://google.com.my https://google.co.mz https://google.com.na https://google.com.ng https://google.com.ni https://google.ne https://google.nl https://google.no https://google.com.np https://google.nr https://google.nu https://google.co.nz https://google.com.om https://google.com.pa https://google.com.pe https://google.com.pg https://google.com.ph https://google.com.pk https://google.pl https://google.pn https://google.com.pr https://google.ps https://google.pt https://google.com.py https://google.com.qa https://google.ro https://google.ru https://google.rw https://google.com.sa https://google.com.sb https://google.sc https://google.se https://google.com.sg https://google.sh https://google.si https://google.sk https://google.com.sl https://google.sn https://google.so https://google.sm https://google.sr https://google.st https://google.com.sv https://google.td https://google.tg https://google.co.th https://google.com.tj https://google.tl https://google.tm https://google.tn https://google.to https://google.com.tr https://google.tt https://google.com.tw https://google.co.tz https://google.com.ua https://google.co.ug https://google.co.uk https://google.com.uy https://google.co.uz https://google.com.vc https://google.co.ve https://google.vg https://google.co.vi https://google.com.vn https://google.vu https://google.ws https://google.rs https://google.co.za https://google.co.zm https://google.co.zw https://google.cat https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat *.google-analytics.com *.analytics.google.com https://app.usercentrics.eu/browser-ui/latest/loader.js https://uct.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://region1.google-analytics.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://googletagmanager.com https://www.googletagmanager.com https://google-analytics.com https://www.google-analytics.com https://mc.yandex.ru https://www.mc.yandex.ru https://connect.facebook.net https://www.connect.facebook.net https://www.facebook.com https://facebook.com https://stats.g.doubleclick.net https://www.stats.g.doubleclick.net https://youtube.com https://www.youtube.com https://google.com https://www.google.com https://google.de https://www.google.de https://app.usercentrics.eu https://www.app.usercentrics.eu https://api.usercentrics.eu https://www.api.usercentrics.eu https://aggregator.service.usercentrics.eu https://www.aggregator.service.usercentrics.eu https://graphql.usercentrics.eu https://www.graphql.usercentrics.eu https://i.ytimg.com https://www.i.ytimg.com https://google.ad https://google.ae https://google.com.af https://google.com.ag https://google.com.ai https://google.al https://google.am https://google.co.ao https://google.com.ar https://google.as https://google.at https://google.com.au https://google.az https://google.ba https://google.com.bd https://google.be https://google.bf https://google.bg https://google.com.bh https://google.bi https://google.bj https://google.com.bn https://google.com.bo https://google.com.br https://google.bs https://google.bt https://google.co.bw https://google.by https://google.com.bz https://google.ca https://google.cd https://google.cf https://google.cg https://google.ch https://google.ci https://google.co.ck https://google.cl https://google.cm https://google.cn https://google.com.co https://google.co.cr https://google.com.cu https://google.cv https://google.com.cy https://google.cz https://google.dj https://google.dk https://google.dm https://google.com.do https://google.dz https://google.com.ec https://google.ee https://google.com.eg https://google.es https://google.com.et https://google.fi https://google.com.fj https://google.fm https://google.fr https://google.ga https://google.ge https://google.gg https://google.com.gh https://google.com.gi https://google.gl https://google.gm https://google.gr https://google.com.gt https://google.gy https://google.com.hk https://google.hn https://google.hr https://google.ht https://google.hu https://google.co.id https://google.ie https://google.co.il https://google.im https://google.co.in https://google.iq https://google.is https://google.it https://google.je https://google.com.jm https://google.jo https://google.co.jp https://google.co.ke https://google.com.kh https://google.ki https://google.kg https://google.co.kr https://google.com.kw https://google.kz https://google.la https://google.com.lb https://google.li https://google.lk https://google.co.ls https://google.lt https://google.lu https://google.lv https://google.com.ly https://google.co.ma https://google.md https://google.me https://google.mg https://google.mk https://google.ml https://google.com.mm https://google.mn https://google.ms https://google.com.mt https://google.mu https://google.mv https://google.mw https://google.com.mx https://google.com.my https://google.co.mz https://google.com.na https://google.com.ng https://google.com.ni https://google.ne https://google.nl https://google.no https://google.com.np https://google.nr https://google.nu https://google.co.nz https://google.com.om https://google.com.pa https://google.com.pe https://google.com.pg https://google.com.ph https://google.com.pk https://google.pl https://google.pn https://google.com.pr https://google.ps https://google.pt https://google.com.py https://google.com.qa https://google.ro https://google.ru https://google.rw https://google.com.sa https://google.com.sb https://google.sc https://google.se https://google.com.sg https://google.sh https://google.si https://google.sk https://google.com.sl https://google.sn https://google.so https://google.sm https://google.sr https://google.st https://google.com.sv https://google.td https://google.tg https://google.co.th https://google.com.tj https://google.tl https://google.tm https://google.tn https://google.to https://google.com.tr https://google.tt https://google.com.tw https://google.co.tz https://google.com.ua https://google.co.ug https://google.co.uk https://google.com.uy https://google.co.uz https://google.com.vc https://google.co.ve https://google.vg https://google.co.vi https://google.com.vn https://google.vu https://google.ws https://google.rs https://google.co.za https://google.co.zm https://google.co.zw https://google.cat https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat *.google-analytics.com *.analytics.google.com https://app.usercentrics.eu/browser-ui/latest/loader.js https://uct.service.usercentrics.eu https://consent-api.service.consent.usercentrics.eu https://region1.google-analytics.com https://cdn.jsdelivr.net pagecdn.io; frame-ancestors 'self'; report-uri https://bionorica.de/report-uri/enforce 1
media-src 'none'; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles jungseedco.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com *.acsbapp.com acsbapp.com us-autocomplete-pro.api.smarty.com; default-src 'self' s3.amazonaws.com/cdn.jungseed.com/ cdn.commercev3.net/cdn.jungseed.com/ cdn.jungseed.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' jungseedco.commercev3.com s3.amazonaws.com/cdn.jungseed.com/ cdn.commercev3.net/cdn.jungseed.com/ cdn.jungseed.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: *.acsbapp.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.jungseed.com/ cdn.commercev3.net/cdn.jungseed.com/ cdn.jungseed.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com/cdn.jungseedco.com/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com www.gstatic.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.jungseed.com/ cdn.commercev3.net/cdn.jungseed.com/ cdn.jungseed.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com s3.amazonaws.com/cdn.jungseedco.com/ cdn.jsdelivr.net cdnjs.cloudflare.com acsbapp.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.jungseed.com/ cdn.commercev3.net/cdn.jungseed.com/ cdn.jungseed.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com s3.amazonaws.com/cdn.jungseedco.com/ cdn.jsdelivr.net cdnjs.cloudflare.com acsbapp.com; style-src 'self' s3.amazonaws.com/cdn.jungseed.com/ cdn.commercev3.net/cdn.jungseed.com/ cdn.jungseed.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.jsdelivr.net cdnjs.cloudflare.com; style-src-elem 'self' s3.amazonaws.com/cdn.jungseed.com/ cdn.commercev3.net/cdn.jungseed.com/ cdn.jungseed.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.jsdelivr.net cdnjs.cloudflare.com; style-src-attr  'unsafe-inline'; media-src 'self' jungseedco.commercev3.com s3.amazonaws.com/cdn.jungseed.com/ cdn.commercev3.net/cdn.jungseed.com/ cdn.jungseed.com www.bing.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.sera.de www.google-analytics.com maps.googleapis.com *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com; img-src * 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com; connect-src 'self' stats.sera.de  www.google-analytics.com maps.googleapis.com; font-src 'self' fonts.gstatic.com data:; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com; 1
default-src 'self' 'unsafe-inline' https://td.doubleclick.net https://*.mymoneymantra.com https://www.googletagmanager.com  https://www.youtube.com https://maps.google.co.in https://www.google.com https://accounts.google.com https://optimize.google.com https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://analytics.google.com https://tagmanager.google.com https://search.google.com https://d1lt2ralzv8247.cloudfront.net https://www.google-analytics.com https://stats.g.doubleclick.net https://static.doubleclick.net; img-src 'self' https://googleads.g.doubleclick.net  https://www.facebook.com https://www.google-analytics.com https://*.mymoneymantra.com https://d1lt2ralzv8247.cloudfront.net https://www.google.com https://www.google.co.in data:; style-src 'self'  https://*.mymoneymantra.com https://fonts.googleapis.com  'unsafe-inline'; script-src 'unsafe-inline' https://www.googleadservices.com  https://connect.facebook.net  https://www.google-analytics.com  https://www.mymoneymantra.com https://cdn.mymoneymantra.com https://api2.mymoneymantra.com https://cmsapi.mymoneymantra.com https://www.googletagmanager.com https://optimize.google.com https://tagmanager.google.com https://static.doubleclick.net; font-src 'self' https://fonts.gstatic.com/ https://fonts.googleapis.com  https://*.mymoneymantra.com https://d1lt2ralzv8247.cloudfront.net; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com  *.youtube-nocookie.com *.youtube.com *.createsend1.com *.cloudflare.com api.userway.org autoexecs.ebeyonds.com *.edb.gov.lk cdn.userway.org *.srilankabusiness.com usrwy.com v1.addthisedge.com z.moatads.com i.pinimg.com *.googleusercontent.com *.cdninstagram.com *.fbcdn.net yt3.ggpht.com data: *.twimg.com stackpath.bootstrapcdn.com code.jquery.com cdn.jsdelivr.net www.clarity.ms createsend.com snap.licdn.com s.pinimg.com static.ads-twitter.com c.clarity.ms ct.pinterest.com px.ads.linkedin.com t.co analytics.twitter.com c.bing.com ; frame-ancestors 'self' https://devicetester.smart360web.com; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.lussostone.com; base-uri 'self' 1
object-src 'none'; child-src 'self'; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://exclusiveview.eu https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
upgrade-insecure-requests; default-src https: data: blob: 'unsafe-eval' 'unsafe-inline' *.abtasty.com *.flipaio.de *.seniorenportal.de; object-src 'none'; frame-ancestors 'self' *.abtasty.com *.flipaio.de *.seniorenportal.de 1
default-src 'self' 'unsafe-inline' *.amerihealth.com https://*.simpli.fi *.bttrack.com/ https://bttrack.com/ http://acdn.adnxs.com/ https://*.cctm.xyz/t.js https://google.com/ https://px.ads.linkedin.com/ https://sjs.bizographics.com http://www.googletagmanager.com/ http://js.bizographics.com/ https://tenvcservice.ibx.com/ https://player.vimeo.com/ https://*.ibx.com/ https://www.ihgforms.com/ https://*.google.com/ https://*.doubleclick.net/ https://*.cctm.xyz/ https://thevoyage.blob.core.windows.net https://*.cloudfront.net/ https://cdssotest.highmark.com/ *.amerihealthnj.com/ https://*.facebook.com/ https://ib.adnxs.com/ https://*.doubleclick.net/ https://ajax.googleapis.com https://njhps.mysubcalc.net/ https://acdn.adnxs.com/ https://cdnjs.cloudflare.com *.subcalc.net https://www.google-analytics.com https://www.googletagmanager.com https://code.jquery.com/ https://cdn.quantummetric.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://bat.bing.com https://www.google.com https://www.gstatic.com https://*.azureedge.net/ https://*.dynamics.com; frame-ancestors https://*.amerihealth.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self';font-src 'self' data: https:; img-src https: data:; style-src 'self' 'unsafe-inline' https: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;  1
frame-ancestors *.slb.ru *.schlumberger.ru slb.ru *.slb.com slb.com; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.thecakedecoratingcompany.co.uk; base-uri 'self' 1
default-src 'none'; img-src 'self'; style-src 'self'; font-src 'self' 1
default-src 'self' https://live.barcap.com/BC_S/ https://8347051.fls.doubleclick.net/ https://live.barcap.com/consent/; img-src 'self' https://live.barcap.com/BC_S/ https://adservice.google.com/ddm/ blob:; script-src 'self' https://live.barcap.com/BC_S/ https://www.googletagmanager.com/gtag/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://live.barcap.com/BC_S/ 'unsafe-inline' 1
frame-ancestors 'self' booksy.com semilac.strix.app; 1
default-src 'self' d1a19ys8w1wkc1.cloudfront.net; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' https://rcdfcdn.mars.com https://stage-rcdfcdn.mars.com;worker-src * blob:; style-src * 'unsafe-inline'; frame-ancestors 'self' https://royalcanin-rh.vh.localhost http://dev-eus-sc-rh.f4bf3cb6a5fb409d9866.eastus.aksapp.io http://dev-weu-sitecore-01-rh.6952f9b6f3ab41099033.westeurope.aksapp.io https://dev-weu-sitecore-02-rh.b8e8c0835ea74914b2ec.westeurope.aksapp.io https://rh-sc-stg-weu-01.staging.royalcanin.com https://rh-sc-rlt-weu-01.rlt.royalcanin.com https://stg-royalcanin-cm-01.royalcanin.com https://rh-sc-prd-weu-01.royalcanin.com https://cm-sc-rlt-weu-01.rlt.royalcanin.com https://cm-sc-prd-weu-01.royalcanin.com https://rh-sc-uat-weu-01.uat.royalcanin.com ; 1
default-src 'self';base-uri 'self';frame-ancestors 'self' https://*.mcfarlandclinic.com https://*.mgmc.org https://*.mychartiowa.com https://beta---online-checkin-ae65ecrdlq-uc.a.run.app/ https://covid-vaccine-scheduler-dev-ae65ecrdlq-uc.a.run.app https://demosched.mcfarlandclinic.com https://hvprdweb0046.hv.local https://hvprdweb0047.hv.local https://mcfarlandclinic.com https://mychartiowa.com https://prd-mychart03.hv.local https://prd-mychart04.hv.local;frame-src https://* 'self' epichttp:;script-src 'nonce-2acd7b71f8fe46ba9a1e155df6e62eec' https://www.mychartiowa.com 'self';img-src https://* 'self' blob: data:;style-src https://www.mychartiowa.com 'self' 'unsafe-inline';worker-src 'self' blob:;child-src 'self' blob:;form-action 'self';media-src https://* 'self' blob:; 1
script-src 'self' 'unsafe-hashes' 'unsafe-inline' *.google.com *.google.co.in *.zohocdn.com *.zohorecruit.com www.youtube.com maillist-manage.com *.clearbitscripts.com *.maillist-manage.com *.zoho.com cdn.pagesense.io *.clearbitjs.com *.google-analytics.com *.instasafe.io *.googletagmanager.com *.googleadservices.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com;img-src 'self' https: data: *.google-analytics.com *.instasafe.io *.googletagmanager.com;font-src 'self' fonts.googleapis.com fonts.gstatic.com; 1
default-src 'self' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://*.hotjar.com buttons-config.sharethis.com platform-cdn.sharethis.com maps.googleapis.com apps.mypurecloud.de *.cookiebot.com openfed.github.io connect.facebook.net https://*.arcgis.com; script-src-elem 'self' data: 'unsafe-inline' www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net www.google.com https://*.hotjar.com www.youtube.com platform-api.sharethis.com buttons-config.sharethis.com maps.googleapis.com apps.mypurecloud.de consent.cookiebot.com consentcdn.cookiebot.com connect.facebook.net https://*.arcgis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://*.mypurecloud.de https://*.euc1.pure.cloud https://*.arcgis.com; img-src 'self' data: media.ores.be media.umbraco.io platform-cdn.sharethis.com l.sharethis.com maps.gstatic.com maps.googleapis.com mapsresources-pa.googleapis.com www.googletagmanager.com https://*.doubleclick.net https://*.google.be imgsct.cookiebot.com openfed.github.io googleads.g.doubleclick.net www.google.com google.com https://*.hotjar.com www.facebook.com www.google-analytics.com www.google.be *.mypurecloud.de *.euc1.pure.cloud https://*.arcgis.com; font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com https://*.arcgis.com; connect-src 'self' media.ores.be l.sharethis.com ores-breakdownmapapi-prd.azurewebsites.net ores-addressesrepositoryapi-prd.azurewebsites.net maps.googleapis.com *.mypurecloud.de wss://webmessaging.mypurecloud.de ores-extranetapi-dev.azurewebsites.net ores-extranetapi-prd.azurewebsites.net consentcdn.cookiebot.com or-lz-web-np-01-euw-azfun-sd-cms-api-dev-01.azurewebsites.net or-lz-web-pd-01-euw-azfun-sd-cms-api-acc-01.azurewebsites.net or-lz-web-pd-01-euw-azfun-sd-cms-api-prd-01.azurewebsites.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com www.google.com *.google-analytics.com *.analytics.google.com *.doubleclick.net *.nr-data.net *.newrelic.com *.euc1.pure.cloud *.arcgis.com; object-src https://*.mypurecloud.de https://*.euc1.pure.cloud; child-src https://*.mypurecloud.de https://*.euc1.pure.cloud blob:; frame-src 'self' www.youtube.com *.mypurecloud.de *.hotjar.com *.cookiebot.com *.doubleclick.net; frame-ancestors 'self'; form-action 'self' 1
frame-ancestors 'self' *.sovremennik.ru 1
default-src 'self' *.elfsight.com *.google.com *.klaviyo.com *.paypal.com *.stripe.com *.trustpilot.com *.youtube.com;         script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.elfsight.com *.google.com *.google.ie *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.jsdelivr.net *.klaviyo.com *.paypal.com *.paypalobjects.com *.stripe.com *.trustpilot.com;         style-src 'self' 'unsafe-inline' *.elfsight.com *.googleapis.com *.klaviyo.com *.paypal.com *.stripe.com *.trustpilot.com *.jsdelivr.net;         img-src 'self' data: *.elfsight.com *.elfsightcdn.com *.google.ie *.google.com *.google-analytics.com *.googletagmanager.com *.klaviyo.com *.stripe.com *.trustpilot.com *.cloudfront.net *.youtube.com;         font-src 'self' data: *.googleapis.com *.gstatic.com *.klaviyo.com;         connect-src 'self' *.doubleclick.net *.elfsight.com *.google.com *.google-analytics.com *.klaviyo.com *.paypal.com *.stripe.com *.youtube.com;         frame-ancestors 'none';         form-action 'self' *.google.com *.doubleclick.net *.google-analytics.com *.paypal.com *.stripe.com;         base-uri 'self';         object-src 'none'; 1
default-src 'self' www.tranquil.it yoast.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.tranquil.it *.hcaptcha.com ; img-src 'self' data: matomo.tranquil.it www.tranquil.it secure.gravatar.com s3.amazonaws.com rgsharedweb.s3.amazonaws.com gravityforms.s3.amazonaws.com s38924.pcdn.co; style-src 'self' 'unsafe-inline' *.hcaptcha.com rgsharedweb.s3.amazonaws.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.tranquil.it; frame-src 'self' wapt.tranquil.it *.livestorm.co *.hcaptcha.com www.youtube.com; object-src 'self' ; connect-src 'self' matomo.tranquil.it *.hcaptcha.com 1
frame-ancestors 'self' https://cottagerentalagency.com https://www.cottagerentalagency.com 1
frame-ancestors *.laiye.com 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-1IZlQ/A7ZNUHRJIG8qVBM+OwpkQwNbYCxcodcnf1A0brRS2x' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/ https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.ipstack.com https://covid-19-data.p.rapidapi.com https://region1.google-analytics.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://cdn.yoshki.com/ https://www.podbean.com/; img-src 'self' https://www.google-analytics.com/ https://img.youtube.com https://i.ytimg.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com/ http://www.gstatic.com/ https://www.google.com http://www.google.com http://pingback.issuu.com https://pingback.issuu.com http://e.issuu.com/ https://e.issuu.com/ http://adsoil.autobrennero.it/ https://adsoil.autobrennero.it/ http://i.ytimg.com/ https://i.ytimg.com/ http://www.youtube.com/ https://www.youtube.com/ https://img.youtube.com/ https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://d.tile.openstreetmap.org/ http://www.autobrennero.it/ http://www.autobrennero.it/ http://hits-i.iubenda.com/ https://hits-i.iubenda.com/ http://www.iubenda.com/ https://www.iubenda.com/ https://facebook.progettiarchimede.it/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://unpkg.com/ http://cdn.iubenda.com/ https://cdn.iubenda.com/ https://mc.yandex.ru/ https://consent.iubenda.com/ https://ingestion.webanalytics.italia.it/ https://stats.autobrennero.it https://pagamenti.unicredit.it https://cdn.tailwindcss.com https://cdn.jsdelivr.net https://tiles.stadiamaps.com 1
default-src wss: https: blob: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; font-src https: data:;img-src https: data:; 1
default-src 'self'; script-src https://ap.gateway.mastercard.com https://wbcfj.gateway.mastercard.com 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com https://www.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://webchat.vodafone.com.pg https://googleads.g.doubleclick.net https://snap.licdn.com https://vodafonepng.elmotalent.com.au https://vodafonepng.elmotalent.com.au/bundles/jonlilckfinder/ckfinder.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://webchat.vodafone.com.pg https://vodafonepng.elmotalent.com.au vodafonepng.elmotalent.com.au; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://webchat.vodafone.com.pg https://vodafonepng.elmotalent.com.au; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://www.google.com.fj https://pos.baidu.com https://px.ads.linkedin.com https://www.google.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css *.twimg.com *.eloqua.com track.hubspot.com https://www.google.com.fj https://pos.baidu.com https://vodafonepng.elmotalent.com.au; media-src 'self' data: blob:; child-src https://ap.gateway.mastercard.com https://wbcfj.gateway.mastercard.com https://pay.mpaisa.vodafone.com.fj 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ https://td.doubleclick.net vodafonepng.elmotalent.com.au apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://uat.windcave.com https://sec.windcave.com https://webchat.vodafone.com.pg https://analytics.google.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com https://vodafonepng.elmotalent.com.au; object-src 'self'; 1
default-src 'none'; object-src 'none'; script-src-attr 'self'; script-src docs.omega365.com/nt/api/scripts/ docs.omega365.com/scripts/ docs.omega365.com/nt/scripts/ docs.omega365.com/service-worker/dependencies/ docs.omega365.com/nt/service-worker/dependencies/ docs.omega365.com/lib/ docs.omega365.com/nt/lib/ docs.omega365.com/cdn/ docs.omega365.com/nt/cdn/ 'unsafe-eval' 'wasm-unsafe-eval' blob: https://cdn.omega365.com/libs/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-VD66mXg8sEphYTpZpCfOVQ46s5CJhe'; img-src https://omega.omega365.com 'self' https://cdn.omega365.com/libs/ https://osmproxyapp.azurewebsites.net/api/tiles/ blob: data:; style-src 'unsafe-inline' 'self' https://cdn.omega365.com/libs/ https://fonts.googleapis.com; font-src 'self' data: https://cdn.omega365.com/libs/ https://fonts.googleapis.com https://fonts.gstatic.com; form-action https://omega.omega365.com 'self' https://login.microsoftonline.com https://*.officeapps.live.com; connect-src https://omega.omega365.com https://omega365nodeserviceapp.azurewebsites.net 'self' https://cdn.omega365.com/libs/ https://dc.services.visualstudio.com data: blob:; frame-src https://www.youtube.com https://www.youtube-nocookie.com  https://omega.omega365.com 'self' blob: https://omega.omega365.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-ancestors https://omega.omega365.com 'self' https://*.omega365.com; media-src 'self' blob:; base-uri 'self'; child-src 'self'; worker-src 'self' blob:; manifest-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com/ https://*.googleapis.com/ https://maps.google.com https://api-maps.yandex.ru https://an.yandex.ru https://mc.yandex.ru https://yastatic.net https://*.youtube.com https://www.youtube-nocookie.com https://vk.com https://ok.ru/videoembed https://yandex.ru/ads/system/context.js  https://www.acint.net; frame-src 'self' https://maps.google.com https://www.google.com/maps/ https://login.vk.com/ https://vk.com/video_ext.php https://an.yandex.ru https://mc.yandex.ru https://yastatic.net https://*.youtube.com https://www.youtube-nocookie.com https://ok.ru/videoembed; img-src * data:; media-src * data:; font-src 'self' data: https://fonts.gstatic.com/ 1
report-to default ;connect-src 'self' *.rosa.be *.rosa.be:9000 cognito-idp.eu-central-1.amazonaws.com builder.io cdn.builder.io maps.googleapis.com bam.eu01.nr-data.net qwik-insights.builder.io ;script-src 'self' 'unsafe-eval' 'unsafe-inline' js-agent.newrelic.com bam.eu01.nr-data.net maps.googleapis.com cdn.builder.io ;font-src 'unsafe-inline' 'self' fonts.gstatic.com ;style-src 'self' 'unsafe-inline' fonts.googleapis.com  ;frame-src 'self' ;img-src 'self' data: *.rosa.be mt0.google.com mt1.google.com mt2.google.com mt3.google.com maps.googleapis.com maps.gstatic.com cdn.builder.io ;default-src 'self' ;base-uri 'self' ;form-action 'self' ;frame-ancestors 'none' ;object-src 'none' ;script-src-attr 'unsafe-inline' ;upgrade-insecure-requests 1
object-src 'none'; frame-ancestors 'self'; manifest-src 'self';  1
img-src 'self' https://* http://localhost:3010;        child-src 'none';        worker-src 'self' https://connect.facebook.net https://snap.licdn.com;        object-src 'none';        frame-src 'self' https://*.bdunet.dk https://*.bdpdmz.dk https://www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com https://policy.app.cookieinformation.com        https://kort-spks.dk https://tools.eurolandir.com  https://beta.spks.dk https://static.bankdata.dk/wco/release https://*.globenewswire.com        https://leasingfyn.dk/ https://static.bankdata.dk/ https://www.totalkredit.dk https://app.viamap.net https://api.puzzel.com https://cdnjs.cloudflare.com        https://www.buzzsprout.com https://www.vpfonde.dk https://www.facebook.com https://connect.facebook.net https://youtube.com https://www.youtube.com dk.trustpilot.com https://widget.trustpilot.com https://analytics-eu.clickdimensions.com *.vimeo.com https://www.spreaker.com https://widget.spreaker.com https://view.officeapps.live.com https://dlr.dk https://widgets.klimaapi.io https://www.chatbase.co https://app.heyloyalty.com/ 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mktoweb.com https://customer.cludo.com https://cdn.cookielaw.org https://cdn-ukwest.onetrust.com https://geolocation.onetrust.com https://m.youtube.com https://www.youtube.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' *.mktoweb.com customer.cludo.com fonts.googleapis.com privacyportal-cdn.onetrust.com;object-src 'none';frame-src 'self' *.media-server.com *.mktoweb.com *.youtube.com solutions.vwdservices.com www.youtube-nocookie.com;child-src 'self' www.youtube.com;img-src 'self' data: *.cludo.com *.mktoweb.com *.ytimg.com *.youtube.com *.core.windows.net *.globenewswire.com cdn.cookielaw.org fonts.gstatic.com;font-src 'self' data: fonts.googleapis.com fonts.gstatic.com privacyportal-cdn.onetrust.com customer.cludo.com;connect-src 'self' *.mktoweb.com *.cludo.com *.onetrust.com cdn.cookielaw.org fonts.googleapis.com fonts.gstatic.com;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self'; 1
object-src 'none'; img-src 'self' data: ps.w.org support.brainstormforce.com perf-na1.hsforms.com forms.hsforms.com track.hubspot.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' bpb.opendns.com googletagmanager.com www.googletagmanager.com js.hs-scripts.com js.hs-analytics.net js.hscollectedforms.net js.hs-banner.com js.hubspot.com google.com www.google.com gstatic.com www.gstatic.com js-na1.hs-scripts.com player.vimeo.com youtube.com www.youtube.com platform.twitter.com 1
frame-ancestors 'self' http://www.philips.hu *.philips.com *.philips.hu https://philipsigtdpv.com 1
dpu.edu.in ajax.googleapis.com maxcdn.bootstrapcdn.com googletagmanager.com blogs.dpuerp.in dpu.edu.in gbsrc.dpu.edu.in google.com youtube.com *dpu.edu.in *.dpuerp.in *.googleapis.com *.bootstrapcdn.com; 1
default-src 'self';object-src 'self' *.youtube.com *.vimeo.com *.google.com *.googleapis.com; img-src 'self' *.s3.eu-west-1.amazonaws.com blob: data: *.googleapis.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com *.google.nl *.google.co.uk *.google.sr *.google.co.th *.google.fi *.google.de *.google.be *.google.sr *.google.at *.google.it *.google.co.jp *.google.ca *.google.ch *.livits.net *.g.doubleclick.net *.cookiebot.com *.appspot.com *.technieknederland.nl *.googlesyndication.com platform-res.livits.net *.sharethis.com *.ytimg.com *.vvplus.nl *.ew-installatietechniek.nl *.google.co.id *.google.pt *.google.es *.google.dk *.google.ru *.google.se *.google.fr *.google.lu *.google.ro; style-src 'self' 'unsafe-inline' cdn.livits.net *.fontawesome.com *.googleapis.com *.ogone.com *.appspot.com *.cloudflare.com *.gstatic.com https://stcdnlivits.blob.core.windows.net; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.google.com *.google.nl *.google.co.uk *.google.co.id *.google.se *.google.fr *.g.doubleclick.net *.cookiebot.com *.appspot.com *.hotjar.io wss://ws.hotjar.com *.googlesyndication.com l.sharethis.com data.stbuttons.click csi.gstatic.com *.google.be *.google.co.uk 1531320666.rsc.cdn77.org *.google.lk *.google.de *.google.at *.googleapis.com *.doubleclick.net *.opwegnaarzes.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.livits.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.ogone.com *.hotjar.com *.cookiebot.com *.googletagservices.com code.jquery.com *.youtube.com *.appspot.com *.facebook.net *.g.doubleclick.net *.googlesyndication.com *.sharethis.com kentekencheck.opwegnaarzes.nl platform.twitter.com *.google-analytics.com *.googletagservices.com *.ahjilop.com *.addthis.com; frame-src 'self' *.google.com *.cookiebot.com *.youtube.com *.youtube-nocookie.com *.appspot.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.vimeo.com *.googletagmanager.com *.verzekeringstools.nl *.sharethis.com *.twitter.com; frame-ancestors 'self' *.office.com *.livits.eu https://outlook-distributor.livits.net youtube-nocookie.com *.technieknederland.nl technieknederland.nl; font-src 'self' data: *.fontawesome.com *.gstatic.com *.cloudflare.com cdn.blerp.com cdn.scite.ai kentekencheck.opwegnaarzes.nl *.affilitizer.com https://stcdnlivits.blob.core.windows.net;report-uri /cms/log_csp_error.aspx; 1
manifest-src *.mobileonline.hk mobileonline.hk 1
base-uri https://gosearch.ai https://*.gosearch.ai ; connect-src 'self' https://*.factors.ai/ https://*.clearbit.com/ https://x.clearbitjs.com/ https://tag.clearbitscripts.com/ https://gosearch.ai https://*.gosearch.ai/ https://*.golinks.com/ https://*.golinks.dev/ https://accounts.google.com/ wss://*.intercom.io/ https://*.intercomcdn.com/ https://*.intercom.io/ https://www.facebook.com/ https://*.hubspot.com/ https://api.hubapi.com/ https://*.hsforms.com/ https://*.googletagmanager.com/ https://www.google-analytics.com/ https://*.doubleclick.net/ https://forms.hubspot.com/ https://forms.hsforms.com/ https://meetings.hubspot.com/ https://*.fullstory.com https://p.adsymptotic.com https://snap.licdn.com https://*.ads.linkedin.com https://*.linkedin.oribi.io https://sjs.bizographics.com https://ka-p.fontawesome.com/ https://kit.fontawesome.com ; default-src 'self' blob: ; font-src 'self' data: https://js.intercomcdn.com/ https://fonts.gstatic.com/ https://ka-p.fontawesome.com/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ ; frame-src 'self' https://boards.greenhouse.io/ https://drive.google.com/ https://www.figma.com/ https://www.facebook.com/ https://app.hubspot.com/ https://meetings.hubspot.com/ https://*.doubleclick.net/ https://forms.hsforms.com/ https://js.hsforms.net/ https://www.google.com/ https://*.googletagmanager.com/ https://cdn.merge.dev/ https://js.stripe.com/ https://www.youtube.com/ https://www.g2.com/products/ ; img-src 'self' data: https: blob: https://gosearch.ai https://*.gosearch.ai/ https://*.golinks.io/ https://*.golinks.com/ https://*.golinks.dev/ https://tracking.g2crowd.com/ https://ws.zoominfo.com/ ;; media-src 'self' https://gosearch.ai https://*.gosearch.ai/ https://*.golinks.io/ https://*.golinks.dev/ https://*.golinks.com/ ; object-src 'none' ; report-uri https://www.gosearch.ai/csp-violation-report ; script-src 'self' 'strict-dynamic' 'nonce-NWJkODMzZjcwY2ZmODE2NGQ1MjZlNzhkY2IxMTExNmI4Y2M2YjNhYTI4ZTZjY2M2ZjZjZGMwNmJkNDc5OGU3Nw==' http: https://boards.greenhouse.io/ https://connect.facebook.net/ https://api.hubapi.com/ https://code.jquery.com/ https://widget.intercom.io/ https://js.intercomcdn.com/ https://cdn.polyfill.io/ https://d3js.org/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://cdnjs.cloudflare.com/ajax/libs/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://bid.g.doubleclick.net/ https://tracking.g2crowd.com/ https://js.hs-scripts.com/ https://www.g2.com/products/ https://*.fullstory.com ; style-src 'self' 'unsafe-inline' https://gosearch.ai https://*.gosearch.ai/ https://fonts.googleapis.com/ https://*.googletagmanager.com/ https://*.bootstrapcdn.com/bootstrap/ https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/ https://ka-p.fontawesome.com/ https://cdnjs.cloudflare.com/ajax/libs/animate.css/ https://cdnjs.cloudflare.com/ajax/libs/c3/ https://cdnjs.cloudflare.com/ajax/libs/intl-tel-input/ https://unpkg.com/dropzone@5/dist/min/dropzone.min.css ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://plenti-cms.herokuapp.com/v3 ws://localhost:3000 https://api.plenti.com.au https://cdn-assets-prod.s3.amazonaws.com https://*.browser-intake-datadoghq.com https://io.clickguard.com https://*.doubleclick.net https://stats.g.doubleclick.net https://rs.fullstory.com https://analytics.google.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://cdn.heapanalytics.com https://www.linkedin.com https://cdn.linkedin.oribi.io https://hello.myfonts.net https://*.pinterest.com https://*.tgtag.io https://api.trafficguard.ai https://vitals.vercel-insights.com/v1/vitals https://vimeo.com https://*.youtu.be https://*.youtube.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com ws://vts.zohopublic.com wss://vts.zohopublic.com; font-src 'self' data: https://fonts.gstatic.com https://css.zohocdn.com; frame-src 'self' https://www.bankstatements.com.au https://io.clickguard.com https://*.doubleclick.net https://bid.g.doubleclick.net https://stats.g.doubleclick.net https://optimize.google.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://*.pinterest.com https://widget.trustpilot.com https://vercel.live https://player.vimeo.com https://*.youtu.be https://*.youtube.com https://forms.zohopublic.com https://hardship.plenti.com.au; img-src 'self' data: localhost https://p.adsymptotic.com https://bat.bing.com https://res.cloudinary.com https://cdn-assets-prod.s3.amazonaws.com https://io.clickguard.com https://*.doubleclick.net https://www.facebook.com https://rs.fullstory.com https://googleads.g.doubleclick.net https://optimize.google.com https://www.google.com https://www.google.com.au https://www.google.pl https://www.google-analytics.com https://www.googleanalytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://heapanalytics.com https://cdn.heapanalytics.com https://*.ads.linkedin.com https://*.pinterest.com https://trc.taboola.com https://*.tgtag.io https://assets.vercel.com https://i.ytimg.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; media-src 'self' https://res.cloudinary.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn-assets-prod.s3.amazonaws.com https://bat.bing.com https://io.clickguard.com https://www.datadoghq-browser-agent.com https://connect.facebook.net https://edge.fullstory.com https://rs.fullstory.com https://optimize.google.com https://tagmanager.google.com https://www.google.com https://www.google.com.au https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://cdn.heapanalytics.com https://snap.licdn.com https://s.pinimg.com https://tgtag.io https://*.tgtag.io https://widget.trustpilot.com https://vercel.live https://player.vimeo.com https://*.youtu.be https://*.youtube.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://*.zoho.com https://*.zohocdn.com https://*.zohopublic.com https://*.zohostatic.com; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: filesystem: mediastream: https://*.brumbrum.it https://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io ws://*.hotjar.io wss://*.hotjar.io https://*.logentries.com https://*.jsdelivr.net *.pinterest.com maps.googleapis.com https://*.gstatic.com *.google-analytics.com https://*.googletagmanager.com https://*.slack.com https://*.cloudfront.net *.freshchat.com https://*.pusher.com https://*.facebook.net https://*.facebook.com wss://*.pusherapp.com https://*.newrelic.com https://*.nr-data.net freegeoip.net https://*.amazonaws.com https://*.youtube.com https://*.pubnub.com https://*.googleapis.com https://cdnjs.cloudflare.com https://*.google.com https://*.google.it https://*.doubleclick.net https://dpdb.webvr.rocks ws://*.freshchat.com wss://*.freshchat.com https://www.googleadservices.com https://*.cookiebot.com https://*.fullstory.com https://fullstory.com https://*.youtube-nocookie.com https://*.criteo.net https://*.criteo.com https://*.bing.com https://*.brainlead.it https://*.report-uri.io https://*.stripe.com https://stripe.com https://*.sandbox.signaturit.com https://*.signaturit.com wss://ua52ntyznc.execute-api.eu-west-1.amazonaws.com/v1/ https://trackcmp.net https://diffuser-cdn.app-us1.com https://prism.app-us1.com https://snap.licdn.com/ https://*.outbrain.com/ https://*.ingest.sentry.io https://res.cloudinary.com https://*.trustpilot.com; frame-ancestors 'self'; img-src data: blob: *; report-uri https://brumbrum.report-uri.io/r/default/csp/enforce 1
base-uri  'none'; default-src  'none'; script-src  'self'  https://cdn.fanflix.co  https://connect.facebook.net  https://www.googletagmanager.com  https://static.klaviyo.com/onsite/  https://static-tracking.klaviyo.com/onsite/  'unsafe-inline'  'nonce-UzK0sHTMNCVIr11t'  'strict-dynamic'; style-src  'self'  'unsafe-inline'  https://cdn.fanflix.co  https://fonts.googleapis.com  https://accounts.google.com/gsi/style; frame-src  https://accounts.google.com; frame-ancestors  'self'; manifest-src  'self'  https://cdn.fanflix.co; img-src  'self'  https://cdn.fanflix.co  https://mdeo.imgix.net  https://fanflix.imgix.net  https://www.facebook.com/tr/  https://www.facebook.com/privacy_sandbox/pixel/  https://www.google-analytics.com  https://www.google.com/pagead/; font-src  data:  https://fonts.gstatic.com; connect-src  'self'  https://fonts.googleapis.com/css  https://www.facebook.com/platform/  https://*.google-analytics.com  https://*.klaviyo.com; 1
frame-ancestors 'self' *.lecteurs.com *.orange.com; base-uri 'self' 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' * ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' api.iconify.design *.google-analytics.com *.gerc.ua *.gerc *.google.com *.samsung.com *.visa.com *.googleapis.com *.googletagmanager.com *.kmda.gov.ua *.gstatic.com *.facebook.net; style-src 'self' data: 'unsafe-inline' *.gerc.ua *.googleapis.com *.gstatic.com; media-src 'self' blob: ; frame-ancestors 'self' *.gerc http://localhost:* file://* ionic://* *.gerc.ua gioc.kiev.ua *.gioc.kiev.ua *.kyivcity.gov.ua oschadbank.ua *.oschadbank.ua cks.com.ua *.kmda.gov.ua *.vodokanal.kiev.ua vodokanal.kiev.ua *.ssbs.com.ua ssbs.com.ua komunalka.ua www.komunalka.ua; font-src 'self' data: *.gerc.ua fonts.googleapis.com fonts.gstatic.com 1
object-src 'none'; default-src 'self' cdn.plyr.io data: *.vine.co blob: *.pvt.sexy *.skyprivate.com *.skyprivate.local:*  *.adultwork.com *.billing.creditcard *.sentry-cdn.com *.clarity.ms *.hubspot.com *.hsforms.com js.hs-scripts.com *.hostly.app *.skyprivate.local:1080 s3.amazonaws.com wss://*.intercom.io *.payperminute.live *.gstatic.com *.intercomassets.com connect.facebook.net *.doubleclick.net *.googletagmanager.com *.googleapis.com *.google-analytics.com *.hotjar.com *.intercomcdn.com *.intercom.io *.twitter.com *.twimg.com *.facebook.com videodelivery.net cloudflarestream.com *.cloudflarestream.com *.videodelivery.net 'unsafe-eval' 'unsafe-inline' s.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net brad.static.gdn js.hsleadflows.net js.usemessages.com js.hubspotfeedback.com cammodeldirectory.ladesk.com cdn.livesession.io rs.livesession.io *.adform.net 2-vbus-de.ladesk.com *.googleadservices.com *.cloudfront.net *.helpscout.net *.pusher.com wss://ws-helpscout.pusher.com omnisnippet1.com *.soundestlink.com *.chatbase.co *.adultworkeurope.com player-widget.mixcloud.com *.pendo.io *.azshopp.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat 1
style-src 'self' http://* 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' https://app.meetami.ai https://chat.meetami.ai wss://chat.meetami.ai https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://use.typekit.net https://api-fra.livechatinc.com; frame-src 'self' https://tr.snapchat.com/ https://td.doubleclick.net/ https://secure-fra.livechatinc.com https://8834597.fls.doubleclick.net/ https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com https://player.vimeo.com/ https://vimeo.com/ https://w.soundcloud.com/ https://e.infogram.com/; img-src 'self' https://www.googletagmanager.com/ https://app.meetami.ai https://s3-eu-west-1.amazonaws.com *.google-analytics.com *.analytics.google.com *.google.com *.permutive.com https://api.permutive.com/ https://ping.eeharbor.com/ https://www.facebook.com/ https://cdn.permutive.com/ https://cdn.cookielaw.org/ https://cm.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ https://www.google.ie/ *.googleapis.com https://e.infogram.com/ https://ad.doubleclick.net/ https://tr.snapchat.com/; 1
script-src 'self' 'unsafe-inline' http: https: https://www.polette.com/; style-src 'self' blob: https: 'unsafe-inline' https://www.polette.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com cdn.livechatinc.com; frame-src 'self' 'unsafe-inline' https:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://www.zenaps.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://isitetv.com https://*.akamaihd.net https://*.hotjar.com https://*.attn.tv https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob: https://app.qubit.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.fr https://analytics.tiktok.com https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.qubit.com https://*.qubitproducts.com https://horizon-api.www.lookfantastic.fr https://sgtm.lookfantastic.fr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.fr https://m.lookfantastic.fr https://checkout.lookfantastic.fr https://www.glossybox.fr https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://google.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://analytics.tiktok.com https://*.ibytedtos.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://sgtm.lookfantastic.fr; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.abtasty.com https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://*.reaal.nl https://*.reaal.local https://az416426.vo.msecnd.net https://bat.bing.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://dl.episerver.net https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://use.typekit.net https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://web.telemetric.dk https://widget.euw1.chat.pega.digital https://www.reaal.nl;object-src 'none';style-src 'self' 'unsafe-inline' https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://*.pega.com https://*.reaal.nl https://*.reaal.local https://p.typekit.net https://tagmanager.google.com https://www.googletagmanager.com https://use.typekit.net;img-src 'self' data: blob: https://*.abtasty.com https://*.amazonaws.com https://*.cloudfront.net https://*.googleapis.com https://*.hotjar.com https://*.hotjar.io https://*.onfido.com https://*.pega.com https://*.reaal.nl https://*.reaal.local https://5321909.fls.doubleclick.net https://bat.bing.com https://connect.facebook.net https://fonts.gstatic.com https://googleads.g.doubleclick.net https://imgsct.cookiebot.com https://maps.gstatic.com https://p.typekit.net https://region1.analytics.google.com https://region1.google-analytics.com https://ssl.gstatic.com https://www.facebook.com/tr/ https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com;media-src 'self' blob: https://storage.googleapis.com https://*.reaal.nl;frame-src 'self' blob: https://*.hotjar.com https://*.hotjar.io https://*.pega.com https://5321909.fls.doubleclick.net https://bid.g.doubleclick.net https://clone-chatbot.reaal.local https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://qa-assistant.abtasty.com https://www.youtube.com https://*.reaal.nl;font-src 'self' data: https://*.abtasty.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://use.typekit.net *.chat.pega.digital https://*.reaal.nl;connect-src 'self' https://*.abtasty.com https://*.hotjar.com:* https://*.hotjar.io https://*.pega.com https://*.reaal.nl https://*.reaal.local https://az416426.vo.msecnd.net https://bat.bing.com https://consentcdn.cookiebot.com https://dc.services.visualstudio.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://region1.google-analytics.com https://www.facebook.com/tr/ https://www.google.com https://www.google-analytics.com https://eu.cobrowse.pega.com wss://*.hotjar.com wss://eu.cobrowse.pega.com wss://euuat.chat.pega.com wss://eu.chat.pega.com wss://euuat.cobrowse.pega.com https://*.onfido.com https://widget.euw1.chat.pega.digital wss://engine.euw1.chat.pega.digital api.onfido.com wss://sync.onfido.com;frame-ancestors 'self';manifest-src 'self' https://*.reaal.nl https://*.reaal.local;worker-src 'self' blob: https://*.reaal.nl 1
default-src usim.beprod.whataboutmycml.com 'self'; style-src usim.beprod.whataboutmycml.com prod.cz.hcp.novartis.com *.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' kms-a.akamaihd.net; script-src js-agent.newrelic.com/nr-rum-1.248.0.min.js usim.beprod.whataboutmycml.com prod.cz.hcp.novartis.com unpkg.com kaltura.com *.kaltura.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net tags.tiqcdn.com ipredictive.com *.ipredictive.com 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.pmsrv.co t.contentsquare.net app.contentsquare.com static.cloudflareinsights.com *.meta.net mediahub.novartis.com match.deepintent.com trc.lhmos.com secure.adnxs.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com; child-src blob:; worker-src blob:; object-src 'none'; font-src prod.cz.hcp.novartis.com fonts.gstatic.com *.kaltura.com 'self' data: application:; img-src *.ipredictive.com *.contentsquare.net http: https: data: image: 'self'; frame-src contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net servedby.flashtalking.com di.rlcdn.com 'self' cdnapisec.kaltura.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com; connect-src usim.beprod.whataboutmycml.com bam.nr-data.net prod.cz.hcp.novartis.com *.google.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net *.googleadservices.net stats.g.doubleclick.net *.contentsquare.net *.kaltura.com ws: 'self' *.googleapis.com *.tiqcdn.com cloudflareinsights.com trc.lhmos.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com; media-src usim.beprod.whataboutmycml.com kaltura.com *.kaltura.com blob: 'self'; frame-ancestors usim.beprod.whataboutmycml.com 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-VVu81T2esqIGEXZmSsgQive2KCzeRUAYsmfyBS0xkiiqzJkL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://web.aresep.go.cr; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodontti.fi; img-src 'self' https: data: blob: https://mastodontti.fi; style-src 'self' https://mastodontti.fi 'nonce-w6GlM9N+yazIFZpoiN+iLw=='; media-src 'self' https: data: https://mastodontti.fi; frame-src 'self' https:; manifest-src 'self' https://mastodontti.fi; form-action 'self'; child-src 'self' blob: https://mastodontti.fi; worker-src 'self' blob: https://mastodontti.fi; connect-src 'self' data: blob: https://mastodontti.fi https://cdn.masto.host wss://mastodontti.fi; script-src 'self' https://mastodontti.fi 'wasm-unsafe-eval' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.onetrust.com *.cookiepro.com https://*.paymentsemails.com https://firstflorida.locatorsearch.net https://analytics.google.com https://*.alpixtrack.com https://alpixtrack.com https://*.referlive.com/ https://recruitingbypaycor.com https://firstflorida.lkcsproof.com/ https://*.cloudflare.com https://*.formstack.com https://*.newtonsoftware.com https://vimeo.com https://*.polyfill.io https://integration.delivra.com/ https://*.hsforms.net/ https://forms.hsforms.com/ https://linkprotect.cudasvc.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://*.us.tvsquared.com/ https://www.googleadservices.com https://*.doubleclick.net https://*.locatorsearch.com https://*.firstflorida.org https://connect.facebook.net https://*.facebook.com https://app.termly.io https://www.googletagmanager.com https://netdna.bootstrapcdn.com https://*.twitter.com https://*.ytimg.com https://*.twimg.com https://*.typekit.net https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://clients.lk-cs.com https://lkcsunix.com https://maps.googleapis.com https://secure.adnxs.com https://maps.gstatic.com https://stats.g.doubleclick.net https://*.vimeo.com https://*.youtube.com; frame-ancestors 'self' https://my.firstflorida.org https://www.youtube.com https://vimeo.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' widget.intercom.io js.intercomcdn.com d27j601g4x0gd5.cloudfront.net consentcdn.cookiebot.com consent.cookiebot.com www.googletagmanager.com elmah.us7.list-manage.com; report-uri https://elmahio.report-uri.com/r/d/csp/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://digipres.club; img-src 'self' https: data: blob: https://digipres.club; style-src 'self' https://digipres.club 'nonce-N/S28ienTnZzL1WzKZalug=='; media-src 'self' https: data: https://digipres.club; frame-src 'self' https:; manifest-src 'self' https://digipres.club; connect-src 'self' data: blob: https://digipres.club https://digipres.club wss://digipres.club; script-src 'self' https://digipres.club 'wasm-unsafe-eval'; child-src 'self' blob: https://digipres.club; worker-src 'self' blob: https://digipres.club 1
default-src 'none'; script-src 'report-sample' 'self' http: https: wss: blob: https://zefzhat.appspot.com https://api.kirjastot.fi 'nonce-gI9O3krvUDbA/Dak+ReFAuIxiwCRN2h9W2jba1ypVtg='; connect-src blob: data: 'self' https://analytics.finna.fi https://zefzhat.appspot.com https://stats.livezhat.com https://api.kirjastot.fi; style-src * 'unsafe-inline' https://commondatastorage.googleapis.com/livezhat/helmetkirjasto/; img-src * data: blob:; media-src * blob:; font-src * data:; base-uri 'self'; manifest-src 'self'; child-src blob:; frame-src https://*.kirjastot.fi; 1
default-src 'self'; script-src 'self' *.trustedshops.com *.trustbadge.com *.api.etrusted.com login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de sgtm.new-energie.de www.googletagmanager.com *.usercentrics.eu *.staging.realperson.cloud *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud p.gsitrix.com o.gsitrix.com *.google.de *.google.com *.google-analytics.com *.bing.com googleads.g.doubleclick.net *.facebook.net *.facebook.com *.trustedshops.com *.vlink.com *.jquery.com *.cookiebox.pro *.dwin1.com *.friendlycaptcha.com *.obs.eu-de.otc.t-systems.com s2.adform.net server.adform.net analytics.tiktok.com www.redditstatic.com *.ad-srv.net frame-ancestors https://app.contentful.com *.friendlycaptcha.com *.redintelligence.net *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.reonic.de 'unsafe-eval' 'unsafe-inline'; child-src 'self' login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de; worker-src blob:; style-src 'self' login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de 'unsafe-inline' *.staging.realperson.cloud *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud; img-src 'self' login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de *.google.de *.google.com *.google-analytics.com *.bing.com googleads.g.doubleclick.net *.facebook.net *.facebook.com *.trustedshops.com *.vlink.com *.jquery.com *.cookiebox.pro *.dwin1.com *.friendlycaptcha.com *.obs.eu-de.otc.t-systems.com s2.adform.net server.adform.net analytics.tiktok.com www.redditstatic.com *.ad-srv.net *.staging.realperson.cloud *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud *.kameleoon.eu *.kameleoon.io *.kameleoon.com images.ctfassets.net *.usercentrics.eu 'unsafe-inline' data:; font-src 'self' *.vlink.com 'unsafe-inline' data: *.staging.realperson.cloud *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud; frame-src 'self' login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de *.redintelligence.net *.reonic.de www.deutsche-glasfaser.de *.jetzt-mitmachen.de *.usercentrics.eu *.youtube-nocookie.com *.google.com *.dienetzwerkpartner.com *.ad-srv.net; connect-src 'self' bat.bing.com graphql.contentful.com *.vlink.com *.trustedshops.com *.trustbadge.com *.api.etrusted.com *.friendlycaptcha.com p.gsitrix.com o.gsitrix.com *.algolia.net 0b6beb7ixa-dsn.algolia.net login.new.de login-test.new.de *.new.de *.new-energie.de new-energie.de sgtm.new-energie.de www.googletagmanager.com *.usercentrics.eu *.staging.realperson.cloud *.realperson.cloud *.moin.ai *.cituro.com wss://*.realperson.cloud *.kameleoon.eu *.kameleoon.io *.kameleoon.com *.dienetzwerkpartner.com ; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net; font-src 'self' fonts.gstatic.com; form-action 'self'; script-src 'self' 'unsafe-inline' cdn.jsdelivr.net; connect-src 'self'; base-uri 'none'; frame-ancestors 'none'; 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:;  style-src * 'unsafe-inline'; img-src * data: *; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.wpsandwatch.com *.wpsandwatch.net *.collect.igodigital.com *.adyen.com apps.bazaarvoice.com whirlpool-cdn.thron.com *.algolianet.com *.algolia.net *.ctfassets.net *.vtexassets.com https://vimeo.com *.vimeo.com *.vimeocdn.com *.sentry.io *.newrelic.com *.nr-data.net *.bazaarvoice.com *.onetrust.com *.cookielaw.org *.doubleclick.net *.youtube.com *.ytimg.com https://flagcdn.com s3-eu-west-1.amazonaws.com *.execute-api.eu-west-1.amazonaws.com *.facebook.com *.facebook.net *.pinimg.com *.pinterest.com *.paypal.com *.kitchenaid.ie *.airpr.com *.hotjar.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.hotjar.io *.dwin1.com *.awin1.com *.zenaps.com https://*.visualwebsiteoptimizer.com https://*.vwo.com https://*.upsellit.com https://the.sciencebehindecommerce.com https://*.qualtrics.com https://cdnjs.cloudflare.com https://api.sandbox.getalma.eu/v2/payments/eligibility https://api.getalma.eu/v2/payments/eligibility https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.min.css https://cdn.jsdelivr.net/npm/@alma/widgets@3.x.x/dist/widgets.umd.js https://osm.klarnaservices.com/lib.js https://x.klarnacdn.net/ui/fonts/v1.3/fonts.css *.contentsquare.net *.contentsquare.com https://t.contentsquare.net app.contentsquare.com; img-src * data: ; media-src *; frame-src *; frame-ancestors 'self' 1
default-src 'self' blob:; object-src 'none'; base-uri 'self'; form-action 'self' sandbox.flo2cash.com secure.flo2cash.co.nz flo2cash.ng.grv.nz; frame-ancestors 'self' tally.so forms.spca.nz; font-src 'self' fonts.gstatic.com data:; img-src 'self' maps.googleapis.com googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com www.google.com www.google.co.nz developers.google.com data: *.crazyegg.com www.facebook.com tally.so forms.spca.nz *.visualwebsiteoptimizer.com app.vwo.com chart.googleapis.com; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' *.visualwebsiteoptimizer.com app.vwo.com 'nonce-jZ8+ZytkDgtPWpR5gV8USPFC0dl1/tQZnCUJomiNFlo='; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com; frame-src 'self' www.youtube.com www.youtube-nocookie.com www.googletagmanager.com www.google.com sandbox.flo2cash.com secure.flo2cash.co.nz connect.facebook.net www.facebook.com *.visualwebsiteoptimizer.com app.vwo.com tally.so forms.spca.nz; connect-src 'self' wt.engage.ubiquity.co.nz wt-production.servicebus.windows.net www.google-analytics.com ajax.googleapis.com sandbox.flo2cash.com secure.flo2cash.co.nz *.crazyegg.com stats.g.doubleclick.net connect.facebook.net www.facebook.com maps.googleapis.com graph.facebook.com api.raygun.io *.visualwebsiteoptimizer.com app.vwo.com; worker-src 'self' blob:; child-src 'self' blob:; upgrade-insecure-requests ; report-uri https://gravitatenz.report-uri.com/r/d/csp/enforce; 1
default-src https://www.btleasing.ro https://*.google-analytics.com https://*.googlesyndication.com https://www.google.by https://*.googletagmanager.com https://diviziapentrumedici.ro/ https://api.addsearch.com/ https://s1.adform.net https://s2.adform.net https://adform.net https://ib.adnxs.com https://connect.facebook.net https://s2.adform.net wss://druidbotapi.druidplatform.com wss://prod-druid-api.azurewebsites.net wss://directline.botframework.com wss://prod-druid-botapi.azurewebsites.net wss://prod-druid-botapi.azurewebsites.net wss://prod-druid-api.azurewebsites.net wss://directline.botframework.com https://cdn-api-weglot.com https://*.weglot.com https://urlgeni.us/ https://*.gstatic.com/ https://analytics.tiktok.com https://www.googletagmanager.com https://www.linkedin.com/ https://px.ads.linkedin.com/ https://vc.hotjar.io wss://*.hotjar.com/ https://cx.atdmt.com https://www.gravatar.com https://ve1panelsettingssa.blob.core.windows.net https://s.yimg.com/ https://*.windows.net https://ct.pinterest.com https://*.google.de https://*.adform.net https://prod-druid-api.azurewebsites.net https://life.aegon.ro/ https://cdn-assets-pi3.nxtservers.com https://a.volvelle.tech https://bsw.digitru.st wss://ws12.hotjar.com wss://ws7.hotjar.com https://api.sitesearch360.com https://www.youtube.com/ https://creativecdn.com/ https://panel-settings-cdn-e1.ve.com/ https://www.facebook.com/ https://dc.services.visualstudio.com  https://html5-player.libsyn.com/ https://hwcdn.libsyn.com/ https://traffic.libsyn.com/ https://directline.botframework.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.bancatransilvania.ro/ https://config1.veinteractive.com/ https://*.typekit.net/ https://*.veinteractive.com/ https://sessionapi.veinteractive.com/ https://*.creativecdn.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://*.google.ro https://*.bidswitch.net/ https://*.hotjar.com https://*.twitter.com/ https://*.oberthur.com https://bt4.druidplatform.com/ https://*.hcaptcha.com blob: data:;media-src 'self';font-src 'self' https://fonts.gstatic.com https://use.typekit.net;base-uri 'self';object-src 'none'; img-src 'self' https://www.btleasing.ro https://*.facebook.com https://www.bancatransilvania.ro https://www.googletagmanager.com;  script-src 'nonce-nzjyzvmlN8ejQFPGtoA8ayCNwCXoGXK3' 'strict-dynamic' 'self' 'unsafe-eval' *.adform.net *.hotjar.com *.googleadservices.com *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.google.by *.googlesyndication.com *.weglot.com maps.googleapis.com *.bancatransilvania.ro *.datadoghq-browser-agent.com *.googletagmanager.com *.googletagmanager.com *.hotjar.com *.facebook.net *.twitter.com *.tiktok.com *.google-analytics.com *.licdn.com *.hcaptcha.com *.google.com *.gstatic.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://*.typekit.net https://*.weglot.com https://*.bancatransilvania.ro https://diviziapentrumedici.ro/; 1
default-src 'self'; frame-src 'self' https://www.buymeacoffee.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' https://play.google.com https://cdn.buymeacoffee.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com *.yastatic.net *.paypalobjects.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.buymeacoffee.com *.googletagmanager.com *.google-analytics.com *.googleapis.com; font-src 'self' 'unsafe-inline' https://bmc-cdn.nyc3.digitaloceanspaces.com *.googletagmanager.com *.gstatic.com data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.gstatic.com data:; report-uri https://guitarsongs.club:8443/servlets2/security_policy_report; frame-ancestors 'none' 1
frame-ancestors 'self' https://formation.coprosvertes.fr/ https://jevaluemonlogement.org/ 1
script-src 'self' https://view.officeapps.live.com/ 'nonce-Y7lIhp4IAzUYHbmRbKOYWQ==' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' 'unsafe-hashes' 'unsafe-eval' 'strict-dynamic'; img-src 'self' data:; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; object-src 'self' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-thGVQ4Mn3FkmRNwGiS3m3w' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors self https://*.starz.com 1
frame-ancestors 'self' minezmap.com *.minezmap.com http://minezmap.com http://*.minezmap.com minez-nightswatch.com 1
report-uri /api/csp/report-violations;default-src 'self';connect-src 'self' www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com *.cookielaw.org *.doubleclick.net *.google-analytics.com *.onetrust.com *.mktoresp.com *.yandex.ru *.oribi.io *.hotjar.com *.googlesyndication.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com *.cookielaw.org *.aalberts-hfc.com *.marketo.com *.marketo.net *.yandex.ru *.licdn.com *.facebook.net www.googleadservices.com *.hotjar.com *.cloudflareinsights.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.aalberts-hfc.com *.marketo.com www.googletagmanager.com;img-src 'self' data: www.google-analytics.com maps.googleapis.com maps.gstatic.com *.cookielaw.org www.googletagmanager.com *.gstatic.com *.yandex.ru *.linkedin.com www.facebook.com *.doubleclick.net;media-src 'self';font-src 'self' fonts.gstatic.com;object-src 'none';frame-src 'self' www.youtube.com player.vimeo.com www.google.com *.aalberts-hfc.com www.facebook.com *.matterport.com;frame-ancestors 'none';block-all-mixed-content; 1
default-src 'self';connect-src 'self' https:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;script-src-attr 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' https:;img-src 'self' data: https:;font-src 'self' data: https:;frame-src 'self' https:;frame-ancestors 'self';worker-src 'self';manifest-src 'self';media-src 'self';object-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self' 1
frame-ancestors *.softnyx.com 1
frame-ancestors 'self' https://backend.novozymes.com; 1
default-src 'none';  base-uri 'self';  child-src 'self';  connect-src 'self' geolocation.onetrust.com cdn.cookielaw.org *.linkedin.com *.hotjar.io *.hsforms.com wss://visitors.live wss://in.visitors.live *.visitors.live *.googleapis.com *.visitors.live *.doubleclick.net *.google-analytics.com *.addthis.com *.hotjar.com *.visualwebsiteoptimizer.com *.luckyorange.net https://cdn.linkedin.oribi.io/ *.googlesyndication.com localhost:* ws://localhost:* *.analytics.google.com;  report-uri 'self'  https://www.google-analytics.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com gitcdn.github.io *.hsforms.com *.hsforms.net *.baidu.com *.gstatic.com *.addthisedge.com *.moatads.com https://googleads.g.doubleclick.net *.visualwebsiteoptimizer.com *.cloudfront.net *.whoisvisiting.com *.hotjar.com https://snap.licdn.com *.addthis.com *.cloudflare.com *.fontawesome.com *.google.com *.maps.google.com https://maps.googleapis.com *.googletagmanager.com *.googleapis.com  *.google-analytics.com  www.googleadservices.com *.jquery.com cdn.cookielaw.org static.ads-twitter.com connect.facebook.net;  style-src 'self' gitcdn.github.io rileyrichter.github.io gitcdn.github.ie 'unsafe-inline' *.cloudfront.net *.fontawesome.com https://*.gstatic.com *.googleapis.com *.jsdelivr.net *.cloudflare.com;  font-src 'self' 'unsafe-inline' *.fontawesome.com *.gstatic.com https://*.cloudflare.com use.typekit.net data:;  frame-src 'self' www.facebook.com mailchi.mp us3.campaign-archive.com e.issuu.com *.fls.doubleclick.net *.hsforms.com *.youtube.com *.google.com *.addthis.com *.hotjar.com *.doubleclick.net;  img-src 'self' *.addthis.com  *.google-analytics.com *.gstatic.com https://www.google.com https://www.google.ie ge https://csi.gstatic.com https://maps.gstatic.com https://maps.googleapis.com *.google.com https://seal.geotrust.com *.googleapis.com data: * ;  frame-ancestors 'self' admin.ida-v10.continuous.ie *.idaireland.com admin-ida-v10.continuous.ie *.continuous.ie https://ida-v10.continuous.ie localhost:* ;  media-src 'self' www.youtube.com *.cloudfront.net ; form-action 'self' *.hsforms.com *.list-manage.com www.facebook.com;  worker-src 'self' blob:; 1
default-src 'self' 'strict-dynamic';   script-src 'self' 'unsafe-eval' 'nonce-Ab+TmJm4x6geaIXqqVMAAu3wcIezqKKYwmKdG/Kq84o=' 'strict-dynamic' https: 'unsafe-inline';   base-uri 'self';   frame-src *.homelectrical.com *.userway.org *.cloudfront.net *.google.com *.clarity.ms *.pepperjam.com *.pepperjamnetwork.com *.braintree-api.com *.braintreegateway.com www.sandbox.paypal.com *.paypal.com c.paypal.com assets.braintreegateway.com www.facebook.com platform.twitter.com syndication.twitter.com www.youtube.com accounts.google.com td.doubleclick.net www.paypalobjects.com 'self';   connect-src *.homelectrical.com *.userway.org *.cloudfront.net *.google-analytics.com google.com *.google.com *.googleapis.com *.clarity.ms *.bing.com bat.bing.com *.braintree-api.com *.braintreegateway.com www.sandbox.paypal.com *.paypal.com *.ksearchnet.com *.pepperjam.com *.pepperjamnetwork.com analytics.google.com www.google-analytics.com www.googleadservices.com www.google.co.in stats.g.doubleclick.net  js.callrail.com  pagead2.googlesyndication.com 'self' 'strict-dynamic';   block-all-mixed-content;   font-src 'self' https: data:;   img-src * 'self' data: https;   object-src 'none';   script-src-attr 'none';   style-src 'self' https: 'unsafe-inline';   upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.slachtofferhulp.nl *.platformsh.site;base-uri 'self';object-src 'none'; 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://js.hsforms.net https://js.hs-analytics.net https://js.hs-scripts.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.taboola.com https://fe.sitedataprocessing.com https://app.termly.io https://www.googletagmanager.com https://js.hs-banner.com https://js.hsadspixel.net https://trc.taboola.com https://googleads.g.doubleclick.net https://bat.bing.com https://connect.facebook.net https://snap.licdn.com https://static.ads-twitter.com https://platform.twitter.com https://cdnjs.cloudflare.com https://ws.zoominfo.com https://www.google-analytics.com https://meetings.hubspot.com https://static.hsappstatic.net https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://cdn.datatables.net https://cdn-cookieyes.com 1
default-src 'self';frame-ancestors http://mackeeper.lcl/blog https://sz.mackeeper.com/blog https://mackeeper.com/blog;frame-src 'self' *.liadm.com *.doubleclick.net *.hotjar.com *.google.com *.facebook.com *.youtube.com *.salesforce.com *.criteo.com *.pinterest.com *.trustpilot.com;child-src 'self';form-action 'self' *.facebook.com *.salesforce.com;img-src 'self' data: *.kromtech.net *.mackeeper.com *.mackeeper.lcl *.visualwebsiteoptimizer.com *.bing.com *.google-analytics.com *.facebook.com *.liadm.com *.doubleclick.net *.hotjar.com *.owox.com *.zoomsupport.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.nf *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.outbrain.com *.taboola.com *.googletagmanager.com *.pinterest.com *.gstatic.com https://esputnik.com https://push.esputnik.com https://c.clarity.ms https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googletagservices.com *.bing.com *.facebook.net *.hotjar.com *.liadm.com *.visualwebsiteoptimizer.com *.kromtech.net *.mackeeper.com *.doubleclick.net *.outbrain.com *.taboola.com *.criteo.com *.criteo.net *.clarity.ms https://esputnik.com https://polyfill.io/v3/polyfill.min.js *.sentry-cdn.com *.pinimg.com https://zchat.account.clario.co/images/ https://files.clario.co/images/ https://zchat.account.sz.clario.co/images/ *.trustpilot.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.kromtech.net *.mackeeper.com *.googletagmanager.com https://optimize.google.com https://esputnik.com https://push.esputnik.com;font-src 'self' data: *.gstatic.com *.hotjar.com *.kromtech.net *.mackeeper.com https://zchat.account.sz.clario.co https://zchat.account.clario.co;object-src 'none';connect-src 'self' *.hotjar.io *.hotjar.com *.doubleclick.net support.mackeeper.com *.google-analytics.com *.google.com *.taboola.com wss://*.hotjar.com *.mackeeper.com *.clarity.ms *.pinterest.com *.outbrain.com https://push.esputnik.com/v1/subscribe/ https://sentry.cloudmccloud.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.guj.com.br/logs/ https://www.guj.com.br/sidekiq/ https://www.guj.com.br/mini-profiler-resources/ https://www.guj.com.br/assets/ https://www.guj.com.br/brotli_asset/ https://www.guj.com.br/extra-locales/ https://www.guj.com.br/highlight-js/ https://www.guj.com.br/javascripts/ https://www.guj.com.br/plugins/ https://www.guj.com.br/theme-javascripts/ https://www.guj.com.br/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-rwfDVOTzygQmkOwFNAeX564B66beHoel4+gRLgQUgHg='; worker-src 'self' https://www.guj.com.br/assets/ https://www.guj.com.br/brotli_asset/ https://www.guj.com.br/javascripts/ https://www.guj.com.br/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
img-src 'self' data: ssl.google-analytics.com www.google.com www.google.lt www.google-analytics.com https://www.googletagmanager.com https://fonts.gstatic.com https://imgsct.cookiebot.com; object-src 'none'; script-src 'self' https://consentcdn.cookiebot.com https://consent.cookiebot.com https://googleads.g.doubleclick.net http://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://s7.addthis.com https://v1.addthisedge.com/live/boost/kilobaitas/_ate.track.config_resp https://m.addthis.com/live/red_lojson/ https://z.moatads.com/addthismoatframe568911941483/moatframe.js 'unsafe-eval' 'unsafe-inline';connect-src 'self' https://region1.google-analytics.com https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.analytics.google.com; frame-ancestors 'self'; 1
frame-src 'self' 'wasm-unsafe-eval' https://calendly.com/ https://player.podigee-cdn.net/ https://app.usercentrics.eu/ https://app.usercentrics.eu/browser-ui/latest/loader.js https://privacy-proxy.usercentrics.eu/latest/uc-block.bundle.js https://player.podigee-cdn.net/podcast-player/javascripts/podigee-podcast-player.js https://www.youtube-nocookie.com/ https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.14/widget.module.min.js https://cdn.jsdelivr.net/npm/friendly-challenge@0.9.14/widget.min.js; worker-src blob:; child-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://www.google.com https://www.gstatic.com/ https://cdn.cookielaw.org https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com https://cdn.cookielaw.org; frame-src 'self' https://www.google.com https://html5-player.libsyn.com https://player.vimeo.com https://cdn.yoshki.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.cookielaw.org; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-eval' localhost:8080 cdn1.readspeaker.com use.typekit.net p.typekit.net www.googletagmanager.com *.google-analytics.com 'unsafe-inline'; connect-src 'self' stats.g.doubleclick.net app-eu.readspeaker.com rstts-eu.readspeaker.com vttts-eu.readspeaker.com media-eu.readspeaker.com cdn1.readspeaker.com ws://localhost:8080/ http://localhost:8080/ https://*.google-analytics.com/; font-src 'self' data: use.typekit.net; frame-src 'self' *.youtube.com *.youtube-nocookie.com youtu.be app-eu.readspeaker.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com unpkg.com *.cloudflare.com *.jsdelivr.net *.youtube.com *.gstatic.com https://translate.googleapis.com/ *.moatads.com *.pinterest.com *.vimeo.com *.facebook.net *.hotjar.com *.marker.io *.newrelic.com *.nr-data.net *.googleapis.com *.sharethis.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.cloudflare.com *.jsdelivr.net *.marker.io www.gstatic.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.cloudflare.com *.ogilvy.com.au *.google.com i.ytimg.com *.pinterest.com *.vimeocdn.com *.ggpht.com *.youtube.com *.marker.io *.doubleclick.net *.facebook.com *.sharethis.com *.googletagmanager.com *.nsw.gov.au *.facebook.net; media-src 'self'; frame-src 'self' *.youtube.com *.vimeo.com vimeo.com *.google.com *.pinterest.com *.marker.io *.doubleclick.net *.hotjar.com *.facebook.com; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' *.gstatic.com *.amazonaws.com data:; connect-src 'self' *.google-analytics.com *.googleapis.com vimeo.com *.marker.io *.nr-data.net *.hotjar.com *.doubleclick.net *.facebook.com *.facebook.net *.sharethis.com *.hotjar.io *.google.com data.stbuttons.click; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; script-src 'report-sample' 'self' https://use.fontawesome.com/releases/v5.12.0/js/all.js https://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js https://cdn.jsdelivr.net/gh/RobinHerbots/Inputmask@5.0.8/dist/jquery.inputmask.min.js https://tag.aticdn.net/621891/smarttag.js https://unpkg.com/tippy.js@6.3.7/dist/tippy-bundle.umd.min.js https://use.fontawesome.com/releases/v5.12.0/js/v4-shims.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://logs1412.xiti.com; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; frame-src 'self' https://careers.flatchr.io https://www.youtube.com https://widget.trustpilot.com https://santiane.flatchr.io; img-src 'self' data: https://img.youtube.com https://logs1412.xiti.com https://santiane-newsletters.s3.amazonaws.com; manifest-src 'self'; media-src 'self'; report-uri https://65082038a068cd9821c1e7aa.endpoint.csper.io/?v=0; worker-src 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-k1MioiDnv5hcLOIb32Y/w3g3pZa7/KfKK9a6t7YET2tL3U+U' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-lk7XHcUpc7qWKgS8eL80wr4QRr4hN/fdRRjNGe3NKR0loWxS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://webbfiler.kommunal.se/ 1
default-src 'self'; script-src 'self' 'nonce-HnpTJt3gmFOTIocIR9cNL+Lb9cGGrPJtiuOSwLAs+Vk=' 'unsafe-inline'  'strict-dynamic' https: http:; child-src 'self' https://www.google.com https://player.vimeo.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com;   img-src 'self' data: https://beacon-v2.helpscout.net/ https://api.adventistgiving.org; connect-src 'self' https://api.adventistgiving.org https://fonts.gstatic.com https://fonts.googleapis.com https://*.cloudfront.net https://www.gstatic.com https://vimeo.com https://beaconapi.helpscout.net https://beacon-v2.helpscout.net/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-ancestors 'none'; 1
frame-ancestors 'self' *.divaportal.com 1
default-src 'self' https: *.greenhousepeople.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' delivery.tgpapi.uk code.jquery.com cdn.jsdelivr.net apis.google.com ajax.googleapis.com www.googleadservices.com www.gstatic.com www.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net www.google.com www.googlecommerce.com www.clarity.ms o.clarity.ms c.bing.com polyfill.io unpkg.com services.postcodeanywhere.co.uk thegr11130.pcapredict.com ms-ecccc062f7b1-707.lon.meilisearch.io edge.meilisearch.com facebook.com connect.facebook.net static.cloudflareinsights.com cdnjs.cloudflare.com cdn.thinglink.me tgp.matomo.cloud cdn.matomo.cloud d2wy8f7a9ursnm.cloudfront.net; worker-src 'self'; style-src 'self' 'unsafe-inline' services.postcodeanywhere.co.uk fonts.googleapis.com unpkg.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com assets.greenhousepeople.co.uk; img-src 'self' data: *.greenhousepeople.co.uk delivery.tgpapi.uk services.postcodeanywhere.co.uk www.google.com www.google.co.uk googleads.g.doubleclick.net www.googletagmanager.com www.facebook.com www.paypalobjects.com c.clarity.ms c.bing.com s3-eu-west-1.amazonaws.com files.kamadojoe.com img.youtube.com; 1
script-src 'self' 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.onesignal.com https://maps.googleapis.com https://www.googletagmanager.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://www.gstatic.com https://static.dialogflow.com https://onesignal.com https://www.clarity.ms https://www.google-analytics.com https://connect.facebook.net 1
default-src 'self' *.friendlycaptcha.eu *.friendlycaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' *; frame-ancestors 'self' https://*.frontastic.io frontastic.io.local; object-src 'self'; connect-src 'self' ws: wss: *; child-src blob:; worker-src 'self' blob: 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://use.typekit.net https://script.crazyegg.com https://snap.licdn.com https://bat.bing.com https://static.hotjar.com https://cdn.feathr.co https://jobs.assp.org https://a.omappapi.com https://googleads.g.doubleclick.net https://script.hotjar.com https://polo.feathr.co https://tracking.magnetmail.net banman.assp.org https://cdn.datatables.net https://platform-api.sharethis.com/ https://buttons-config.sharethis.com/ https://www.medtargetsystem.com/javascript/beacon.js?1713 https://count-server.sharethis.com/ 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://maxcdn.bootstrapcdn.com https://a.omappapi.com https://cdn.datatables.net 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://www.google.com https://marco.feathr.co https://px.ads.linkedin.com https://bat.bing.com https://p.typekit.net https://polo.feathr.co banman.assp.org https://kendo.cdn.telerik.com/ https://platform-cdn.sharethis.com/ https://www.medtargetsystem.com *.omappapi.com/ *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.bootstrapcdn.com https://use.typekit.net; frame-src 'self' https://td.doubleclick.net https://platform.twitter.com www.google.com app.fulfillengine.com/ www.youtube.com https://player.vimeo.com/ https://open.spotify.com/ https://www.medtargetsystem.com/ https://vimeo.com/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://analytics.google.com https://script.crazyegg.com https://px.ads.linkedin.com https://polo.feathr.co https://api.omappapi.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io safetyfocus.assp.org https://search.asse.org:9443/ https://l.sharethis.com/ https://www.facebook.com/tr/ https://www.facebook.com/ *.google.com *.omappapi.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src * 'unsafe-inline' 'unsafe-eval';script-src 'self' *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.bing.com *.clarity.ms *.googleadservices.com *.taboola.com *.trustwave.com *.amplitude.com *.mxpnl.com *.mixpanel.com *.googleapis.com *.google.com *.gstatic.com *.yodlee.com *.decisionlogic.com *.decisions.com *.flinks.com *.fin.ag *.google.af *.google.ax *.google.al *.google.dz *.google.as *.google.ad *.google.ao *.google.ai *.google.aq *.google.ag *.google.ar *.google.am *.google.aw *.google.ac *.google.au *.google.at *.google.az *.google.bs *.google.bh *.google.bd *.google.bb *.google.eus *.google.by *.google.be *.google.bz *.google.bj *.google.bm *.google.bt *.google.bo *.google.bq *.google.an *.google.nl *.google.ba *.google.bw *.google.bv *.google.br *.google.io *.google.vg *.google.bn *.google.bg *.google.bf *.google.mm *.google.bi *.google.kh *.google.cm *.google.ca *.google.cv *.google.cat *.google.ky *.google.cf *.google.td *.google.cl *.google.cn *.google.cx *.google.cc *.google.co *.google.km *.google.cd *.google.cg *.google.ck *.google.cr *.google.ci *.google.hr *.google.cu *.google.cw *.google.cy *.google.cz *.google.dk *.google.dj *.google.dm *.google.do *.google.tl *.google.tp *.google.ec *.google.eg *.google.sv *.google.gq *.google.er *.google.ee *.google.et *.google.eu *.google.fk *.google.fo *.google.fm *.google.fj *.google.fi *.google.fr *.google.gf *.google.pf *.google.tf *.google.ga *.google.gal *.google.gm *.google.ps *.google.ge *.google.de *.google.gh *.google.gi *.google.gr *.google.gl *.google.gd *.google.gp *.google.gu *.google.gt *.google.gg *.google.gn *.google.gw *.google.gy *.google.ht *.google.hm *.google.hn *.google.hk *.google.hu *.google.is *.google.in *.google.id *.google.ir *.google.iq *.google.ie *.google.im *.google.il *.google.it *.google.jm *.google.jp *.google.je *.google.jo *.google.kz *.google.ke *.google.ki *.google.kw *.google.kg *.google.la *.google.lv *.google.lb *.google.ls *.google.lr *.google.ly *.google.li *.google.lt *.google.lu *.google.mo *.google.mk *.google.mg *.google.mw *.google.my *.google.mv *.google.ml *.google.mt *.google.mh *.google.mq *.google.mr *.google.mu *.google.yt *.google.mx *.google.md *.google.mc *.google.mn *.google.me *.google.ms *.google.ma *.google.mz *.google.mm *.google.na *.google.nr *.google.np *.google.nl *.google.nc *.google.nz *.google.ni *.google.ne *.google.ng *.google.nu *.google.nf *.google.nc *.google.tr *.google.kp *.google.mp *.google.no *.google.om *.google.pk *.google.pw *.google.ps *.google.pa *.google.pg *.google.py *.google.pe *.google.ph *.google.pn *.google.pl *.google.pt *.google.pr *.google.qa *.google.ro *.google.ru *.google.rw *.google.re *.google.bq *.google.an *.google.bl *.google.gp *.google.fr *.google.sh *.google.kn *.google.lc *.google.mf *.google.gp *.google.fr *.google.pm *.google.vc *.google.ws *.google.sm *.google.st *.google.sa *.google.sn *.google.rs *.google.sc *.google.sl *.google.sg *.google.bq *.google.an *.google.nl *.google.sx *.google.an *.google.sk *.google.si *.google.sb *.google.so *.google.so *.google.za *.google.gs *.google.kr *.google.ss *.google.es *.google.lk *.google.sd *.google.sr *.google.sj *.google.sz *.google.se *.google.ch *.google.sy *.google.tw *.google.tj *.google.tz *.google.th *.google.tg *.google.tk *.google.to *.google.tt *.google.tn *.google.tr *.google.tm *.google.tc *.google.tv *.google.ug *.google.ua *.google.ae *.google.uk *.google.us *.google.vi *.google.uy *.google.uz *.google.vu *.google.va *.google.ve *.google.vn *.google.wf *.google.eh *.google.ma *.google.ye *.google.zm *.google.zw *.google.net *.google.org *.google.biz *.google.info *.google.name 'unsafe-inline' 'unsafe-eval';connect-src * 'unsafe-inline';img-src * data: blob: 'unsafe-inline';frame-src *;style-src * 'unsafe-inline'; 1
frame-ancestors https://gooddo.jp/ 1
default-src 'self' https://*.nanelo.com https://nanelo.com; style-src 'unsafe-inline' 'self' https://*.nanelo.com https://nanelo.com; img-src 'self' data: https:; object-src 'none'; script-src 'sha256-r1eFpru1CrxDaAH5d03flbU3Dd2prcWxvprI2COfRII=' 'self' 1
default-src 'self' https://*.clarity.ms https://c.bing.com 'unsafe-inline'; connect-src 'self' maps.googleapis.com *.woosmap.com *.wpforms.com *.xiti.com *.linkedin.oribi.io *.ingest.sentry.io *.privacy-center.org *.googlesyndication.com botsrv2.com *.botsrv2.com https://*.clarity.ms https://c.bing.com *.nr-data.net *.google.com *.linkedin.com *.doubleclick.net; font-src 'self' data: *.wp.com fonts.googleapis.com fonts.gstatic.com *.typekit.net *.woosmap.com; img-src 'self' data: *.gravatar.com *.linkedin.com *.facebook.com *.kiloutou.com *.google.fr *.google.com *.woosmap.com *.privacy-center.org *.botsrv2.com *.vendap.pt *.google.pl *.e-goi.com *.googletagmanager.com *.erecruiter.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.kiloutou.com *.kiloutou.fr *.googletagmanager.com/gtm.js *.wp.com *.typekit.net *.gstatic.com *.ggpht.com maps.googleapis.com *.google.com *.parsely.com www.googletagmanager.com *.cloudflare.com polyfill.io *.polyfill.io *.woosmap.com connect.facebook.net sdk.privacy-center.org snap.licdn.com tag.aticdn.net googleads.g.doubleclick.net *.youtube.com *.googleadservices.com *.ingest.sentry.io botsrv2.com *.botsrv2.com *.vendap.pt *.goodays.co https://*.clarity.ms https://c.bing.com https://*.newrelic.com https://egoi.site *.e-goi.com *.erecruiter.pl; style-src 'self' 'unsafe-inline' *.googleapis.com *.jquery.com *.woosmap.com *.botsrv2.com *.goodays.co *.erecruiter.pl; frame-src 'self' www.googletagmanager.com *.google.com *.youtube.com *.facebook.com kiloutou.youcanbook.me *.doubleclick.net botsrv2.com *.goodays.co; manifest-src 'self'; worker-src 'self' blob:; form-action 'self' *.facebook.com; object-src 'none'; 1
default-src https: wss: blob: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; font-src https: data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://historians.social; img-src 'self' https: data: blob: https://historians.social; style-src 'self' https://historians.social 'nonce-qPFS2Iky0HX2+mz4CX2/vw=='; media-src 'self' https: data: https://historians.social; frame-src 'self' https:; manifest-src 'self' https://historians.social; form-action 'self'; child-src 'self' blob: https://historians.social; worker-src 'self' blob: https://historians.social; connect-src 'self' data: blob: https://historians.social https://media.historians.social wss://historians.social; script-src 'self' https://historians.social 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' * data: blob: 'unsafe-eval'; 1
report-uri https://fides.ch 1
frame-ancestors http://cms.ymcachicago.org http://www.ymcachicago.org http://ymcachicago.org http://ymca-cms.ae-admin.com http://ymca-live.ae-admin.com 1
frame-ancestors 'self' https://*.engageli.com; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://corteximplant.com; img-src 'self' data: blob: https://corteximplant.com; style-src 'self' https://corteximplant.com 'nonce-0gpz9hIEHgPEIv0b7kbWBg=='; media-src 'self' data: https://corteximplant.com; frame-src 'self' https:; manifest-src 'self' https://corteximplant.com; form-action 'self'; child-src 'self' blob: https://corteximplant.com; worker-src 'self' blob: https://corteximplant.com; connect-src 'self' data: blob: https://corteximplant.com wss://corteximplant.com; script-src 'self' https://corteximplant.com 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' *.wistia.com *.wistia.net https://apis.google.com/ https://accounts.google.com/ https://www.kialo-edu.com/ 'nonce-d8459d6c76c54d6b78b6a35e1078c7b5fff3ec6023cb746078448cfc8258390d'; style-src 'self' 'unsafe-inline' https://www.kialo-edu.com/; connect-src 'self' https://app.getsentry.com/ *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net/ wss://www.kialo-edu.com/; img-src 'self' data: blob: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://www.kialo-edu.com https://www.kialo-edu.com/; font-src data: 'self' https://fonts.gstatic.com *.wistia.com; child-src 'self' blob: *.wistia.com *.wistia.net https://accounts.google.com/ https://content-classroom.googleapis.com/; frame-src 'self' blob: *.wistia.com *.wistia.net https://accounts.google.com/ https://content-classroom.googleapis.com/; media-src 'self' data: blob: *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net; object-src https://embedwistia-a.akamaihd.net; report-uri https://www.kialo-edu.com/api/v1/cspreport; report-to default 1
child-src 'self' e-redes.opendatasoft.com e-redes-dadosenergia.wntech.com e-redes-rede.wntech.com e-redes-continuidade.wntech.com e-redes-qualidade.wntech.com *.e-redes.pt *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.com anywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es *.smark.io *.smrk.io; frame-src 'self' e-redes.opendatasoft.com e-redes-dadosenergia.wntech.com e-redes-rede.wntech.com e-redes-continuidade.wntech.com e-redes-qualidade.wntech.com *.e-redes.pt *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es *.smark.io *.smrk.io; script-src 'self' 'sha256-1Yd7kVEyMb6IK+f9wICjxTHUF/ICfVAr3ehweMijky4=' 'sha256-iTy8vj6aAAf/f8rzMarfrcrukbnurQpB1v9lUjhYrCQ=' cdn.cookielaw.org p.smrk.io *.googletagmanager.com *.google-analytics.com js-agent.newrelic.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com mdbootstrap.com; base-uri 'self'; frame-ancestors 'self' *.e-redes.pt *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.ivextend.cloud *.powerbi.com *.suratica.es *.smark.io; report-uri https://www.e-redes.pt/pt-pt/report-uri/enforce; upgrade-insecure-requests 1
frame-ancestors 'self' https://manage.mwrf.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
font-src *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.facebook.com *.bizibly.com *.livechatinc.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.livechatinc.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.facebook.com *.doubleclick.net *.paypal.com *.kaptcha.com *.juniorlibraryguild.com *.bizibly.com *.livechatinc.com landofcoder.com *.authorize.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://a.klaviyo.com *.cloudflare.com *.juniorlibraryguild.com *.facebook.com *.google.com *.google.com.mx *.gstatic.com *.googleusercontent.com *.paypal.com *.icons8.com *.bizible.com *.bing.com *.marketo.net *.amazonaws.com *.magecomp.com *.bizibly.com *.livechatinc.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://fast.a.klaviyo.com s7.addthis.com *.avada.io *.cloudflare.com *.twitter.com *.fontawesome.com *.newrelic.com *.nr-data.net *.facebook.net *.doubleclick.net *.gstatic.com *.bizible.com *.bing.com *.marketo.net *.juniorlibraryguild.com *.bizibly.com *.livechatinc.com *.googleapis.com landofcoder.com *.authorize.net sandbox-assets.secure.checkout.visa.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.juniorlibraryguild.com *.bizibly.com *.livechatinc.com unsafe-inline assets.braintreegateway.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.juniorlibraryguild.com landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://fast.a.klaviyo.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.doubleclick.net *.google-analytics.com *.nr-data.net *.facebook.com *.gstatic.com *.mktoresp.com *.bizibly.com *.livechatinc.com landofcoder.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: https: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *;style-src 'self' 'unsafe-inline' https://secure.bngpaymentgateway.com/token/ ;img-src 'self' https://walkme.psa.datto.com/Images/ https://walkme.psa.datto.com/prod/player/ https://walkme.psa.datto.com/prod/qaPrevious/player/ https://s3.walkmeusercontent.com https://*.walkme.com https://k1-west-us-storage-prod.azureedge.net/launcher/ https://k1-storage-csi.azureedge.net/ https://k1-storage-csi-qa.azureedge.net/ https://k1-storage-dev.azureedge.net/launcher/  data: https://www.datto.com/img/  1
script-src 'self' 'unsafe-eval' 'nonce-qMqPGPPWs20fUwp/ajd0Ig==' http: https: https://magento.loverte.com/ https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; style-src 'self' https: 'unsafe-inline' https://magento.loverte.com/; img-src data: http: https: www.googletagmanager.com; object-src 'none'; base-uri 'self'; child-src 'self'; font-src 'self' data: fonts.gstatic.com widget.dixa.io; frame-src *.facebook.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com app.certainly.io 1
object-src 'none'; form-action 'self'; frame-ancestors 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://shoesize.me https://advisor.shoesize.me https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://tpc.googlesyndication.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://*.shoesize.me; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://shoesize.me https://plugin.shoesize.me https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://privacyportal-eu.onetrust.com https://geolocation.onetrust.com https://analytics.tiktok.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://storyboard.storystream.ai https://content.storystream.ai https://analytics.shoesize.me; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://checkout.kickers.co.uk https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net https://download-video.akamaized.net https://d7c4jjeuqag9w.cloudfront.net https://media.storystream.ai; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://shoesize.me https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://tpc.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://www.googletagservices.com https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://apps.storystream.ai https://platform.twitter.com https://*.shoesize.me https://storyboard.storystream.ai https://content.storystream.ai; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://plugin.shoesize.me https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; script-src 'self' https://www.youtube.com 'sha256-bsriBHhd3ID9p66p9X58fI1QXOmr7Xa/VNqUGfGlE0o' 'sha256-CIIWJRx1FMu7SRVDnbgTr4xXu3pL3G6hBk4N6SI4/Uw=' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.hotjar.co http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com http://*.googleapis.com https://*.googleapis.com http://*.googleadservices.com https://*.googleadservices.com https://maps.googleapis.com https://www.youtube.com/iframe_api 'unsafe-eval'; connect-src * 'self' 'unsafe-inline' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.google-analytics.com https://*.google-analytics.com http://*.analytics.google.com https://*.analytics.google.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.google.com https://*.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://optimize.google.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net; img-src data: 'self' blob: https: http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.google-analytics.com https://*.google-analytics.com http://*.analytics.google.com https://*.analytics.google.com http://*.googletagmanager.com https://*.googletagmanager.com http://*.g.doubleclick.net https://*.g.doubleclick.net http://*.google.com https://*.google.com http://*.google.com:* https://*.google.com:* http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://www.google-analytics.com https://www.googletagmanager.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://widget.intercom.io/widget https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com http://www.googletagmanager.com http://www.google-analytics.com https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://cloud.typography.com http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com https://optimize.google.com https://fonts.gstatic.com https://fonts.googleapis.com http://cloud.typography.com/6162672/684584/css/fonts.css https://cloud.typography.com/6162672/684584/css/fonts.css https://www.vangoghmuseum.nl/statics/fonts/796821/50011f6b07dc2a0f8.css https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com/iframe_api; media-src 'self' https://api.lessonup.com https://lessonup-assets.appspot.com http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com https://js.intercomcdn.com; font-src 'self' http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://js.intercomcdn.com https://fonts.intercomcdn.com https://cloud.typography.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://player.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com https://q42.nl https://q42.com https://*.wikipedia.org https://*.schoolblocks.nl https://app.wereldvanoz.org https://flamingo.digibord-tool.c66.me https://natuurlab.q42labs.com https://kominactie.npo3fm.nl https://umu.nl https://jck.nl https://micr.io https://sketchfab.com https://wtfff.nl https://*.helpmaya.nl https://walk-in-my-shoes.be http://*.lessonup.com:* https://*.lessonup.com:* https://*.lessonup.com http://localhost:3100 http://localhost:3050 http://localhost:3000 http://localhost:3002 https://*.lessonup.dev https://staging.lessonup.app https://lessonup.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io https://optimize.google.com https://intercom-sheets.com; 1
default-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://cdn.ponybooru.org https://camocdn.ponybooru.org; media-src 'self' data: https://cdn.ponybooru.org https://camocdn.ponybooru.org; block-all-mixed-content 1
font-src fonts.gstatic.com use.typekit.net *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com *.timepath.co timepath.co *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.firedearth.com *.zopim.com *.smartmetrics.co.uk *.salesfire.co.uk *.clarity.ms *.trustpilot.com data: *.sawblade.org.uk *.flbx.io *.getflowbox.com *.flowbox.reviews d27r52ioedw2x5.cloudfront.net d12athc8e1obn6.cloudfront.net d12fb3y7p6g2pc.cloudfront.net d31vaofphuh2de.cloudfront.net d3d29mix1h01aj.cloudfront.net d1c28f355qynts.cloudfront.net dx9qyecnejt4f.cloudfront.net dp2zc48idnbd6.cloudfront.net d62djbmcksj4f.cloudfront.net dr766e58k0zx6.cloudfront.net d1e75xhtv2prmc.cloudfront.net d3wpdwyopmcsf.cloudfront.net doce2umits40p.cloudfront.net d2rq0e7rqpfy9w.cloudfront.net d2qm0ohb6vqmeg.cloudfront.net d2rfa446ja7yzb.cloudfront.net fonts.googleapis.com *.stripe.com *.google.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com *.klarnacdn.net 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.firedearth.com *.salesfire.co.uk *.timepath.co timepath.co *.clarity.ms *.trustpilot.com *.flbx.io *.getflowbox.com *.flowbox.reviews d27r52ioedw2x5.cloudfront.net d12athc8e1obn6.cloudfront.net d12fb3y7p6g2pc.cloudfront.net d31vaofphuh2de.cloudfront.net d3d29mix1h01aj.cloudfront.net d1c28f355qynts.cloudfront.net dx9qyecnejt4f.cloudfront.net dp2zc48idnbd6.cloudfront.net d62djbmcksj4f.cloudfront.net dr766e58k0zx6.cloudfront.net d1e75xhtv2prmc.cloudfront.net d3wpdwyopmcsf.cloudfront.net doce2umits40p.cloudfront.net d2rq0e7rqpfy9w.cloudfront.net d2qm0ohb6vqmeg.cloudfront.net d2rfa446ja7yzb.cloudfront.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.stripe.com *.google.com *.opayo.eu.elavon.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.firedearth.com *.hotjar.com *.salesfire.co.uk *.timepath.co timepath.co *.smartmetrics.co.uk *.twitter.com *.zopim.com *.trustpilot.com *.flbx.io *.getflowbox.com *.flowbox.reviews d27r52ioedw2x5.cloudfront.net d12athc8e1obn6.cloudfront.net d12fb3y7p6g2pc.cloudfront.net d31vaofphuh2de.cloudfront.net d3d29mix1h01aj.cloudfront.net d1c28f355qynts.cloudfront.net dx9qyecnejt4f.cloudfront.net dp2zc48idnbd6.cloudfront.net d62djbmcksj4f.cloudfront.net dr766e58k0zx6.cloudfront.net d1e75xhtv2prmc.cloudfront.net d3wpdwyopmcsf.cloudfront.net doce2umits40p.cloudfront.net d2rq0e7rqpfy9w.cloudfront.net d2qm0ohb6vqmeg.cloudfront.net d2rfa446ja7yzb.cloudfront.net www.xtento.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: p.typekit.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.cloudflare.com *.firedearth.com *.ggpht.com *.google-analytics.com *.google.co.uk *.google.com *.googleadservices.com *.klarna.com *.lightemporium.com *.paypal.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk *.smartmetrics.co.uk *.timepath.co timepath.co *.twimg.com *.twitter.com *.usercentrics.eu *.ytimg.com *.zopim.com *.clarity.ms *.trustpilot.com ssl.gstatic.com www.gstatic.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.sawblade.org.uk *.flbx.io *.getflowbox.com *.flowbox.reviews d27r52ioedw2x5.cloudfront.net d12athc8e1obn6.cloudfront.net d12fb3y7p6g2pc.cloudfront.net d31vaofphuh2de.cloudfront.net d3d29mix1h01aj.cloudfront.net d1c28f355qynts.cloudfront.net dx9qyecnejt4f.cloudfront.net dp2zc48idnbd6.cloudfront.net d62djbmcksj4f.cloudfront.net dr766e58k0zx6.cloudfront.net d1e75xhtv2prmc.cloudfront.net d3wpdwyopmcsf.cloudfront.net doce2umits40p.cloudfront.net d2rq0e7rqpfy9w.cloudfront.net d2qm0ohb6vqmeg.cloudfront.net d2rfa446ja7yzb.cloudfront.net www.xtento.com cdn.xtento.com *.gstatic.com *.googleapis.com maps.googleapis.com maps.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.stripe.com ebizmarts-website.s3.amazonaws.com *.opayo.eu.elavon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com https://redchamps.com data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com unpkg.com commerce.adobedtm.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.sandbox.paypal.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.googletagmanager.com *.adroll.com *.amazonaws.com *.cloudflare.com *.facebook.net *.firedearth.com *.fontawesome.com *.google-analytics.com *.gstatic.com *.hotjar.com *.newrelic.com *.nr-data.net *.pcapredict.com *.pinimg.com *.postcodeanywhere.co.uk *.salesfire.co.uk *.smartmetrics.co.uk *.timepath.co timepath.co *.trackedlink.net *.trustedshops.com *.twimg.com *.twitter.com *.usercentrics.eu *.zdassets.com *.zopim.com *.clarity.ms *.trustpilot.com tagmanager.google.com *.google.com *.googletagmanager.com *.sawblade.org.uk *.flbx.io *.getflowbox.com *.flowbox.reviews d27r52ioedw2x5.cloudfront.net d12athc8e1obn6.cloudfront.net d12fb3y7p6g2pc.cloudfront.net d31vaofphuh2de.cloudfront.net d3d29mix1h01aj.cloudfront.net d1c28f355qynts.cloudfront.net dx9qyecnejt4f.cloudfront.net dp2zc48idnbd6.cloudfront.net d62djbmcksj4f.cloudfront.net dr766e58k0zx6.cloudfront.net d1e75xhtv2prmc.cloudfront.net d3wpdwyopmcsf.cloudfront.net doce2umits40p.cloudfront.net d2rq0e7rqpfy9w.cloudfront.net d2qm0ohb6vqmeg.cloudfront.net d2rfa446ja7yzb.cloudfront.net www.xtento.com cdn.xtento.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.opayo.eu.elavon.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com analytics.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.fonts.net *.firedearth.com *.fontawesome.com *.googleapis.com *.gstatic.com *.postcodeanywhere.co.uk *.salesfire.co.uk *.smartmetrics.co.uk *.timepath.co timepath.co *.trustedshops.com *.twimg.com *.twitter.com *.typekit.net *.usercentrics.eu *.zopim.com *.clarity.ms *.trustpilot.com tagmanager.google.com *.sawblade.org.uk *.flbx.io *.getflowbox.com *.flowbox.reviews d27r52ioedw2x5.cloudfront.net d12athc8e1obn6.cloudfront.net d12fb3y7p6g2pc.cloudfront.net d31vaofphuh2de.cloudfront.net d3d29mix1h01aj.cloudfront.net d1c28f355qynts.cloudfront.net dx9qyecnejt4f.cloudfront.net dp2zc48idnbd6.cloudfront.net d62djbmcksj4f.cloudfront.net dr766e58k0zx6.cloudfront.net d1e75xhtv2prmc.cloudfront.net d3wpdwyopmcsf.cloudfront.net doce2umits40p.cloudfront.net d2rq0e7rqpfy9w.cloudfront.net d2qm0ohb6vqmeg.cloudfront.net d2rfa446ja7yzb.cloudfront.net cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.google.com *.opayo.eu.elavon.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.firedearth.com *.salesfire.co.uk *.smartmetrics.co.uk *.zdassets.com *.zopim.com *.timepath.co timepath.co *.clarity.ms *.trustpilot.com *.flbx.io *.getflowbox.com *.flowbox.reviews d27r52ioedw2x5.cloudfront.net d12athc8e1obn6.cloudfront.net d12fb3y7p6g2pc.cloudfront.net d31vaofphuh2de.cloudfront.net d3d29mix1h01aj.cloudfront.net d1c28f355qynts.cloudfront.net dx9qyecnejt4f.cloudfront.net dp2zc48idnbd6.cloudfront.net d62djbmcksj4f.cloudfront.net dr766e58k0zx6.cloudfront.net d1e75xhtv2prmc.cloudfront.net d3wpdwyopmcsf.cloudfront.net doce2umits40p.cloudfront.net d2rq0e7rqpfy9w.cloudfront.net d2qm0ohb6vqmeg.cloudfront.net d2rfa446ja7yzb.cloudfront.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.bootstrapcdn.com *.cloudflare.com *.doubleclick.net *.zendesk.com *.firedearth.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.newrelic.com *.nr-data.net *.paypal.com *.paypalobjects.com *.pcapredict.com *.pinterest.com *.postcodeanywhere.co.uk *.salesfire.co.uk *.sandbox.paypal.com *.smartmetrics.co.uk *.timepath.co timepath.co *.trackedlink.net *.trustpilot.com *.twimg.com *.twitter.com *.zdassets.com *.zopim.com *.clarity.ms *.analytics.google.com *.g.doubleclick.net *.google.com *.sawblade.org.uk *.flbx.io *.getflowbox.com *.flowbox.reviews d27r52ioedw2x5.cloudfront.net d12athc8e1obn6.cloudfront.net d12fb3y7p6g2pc.cloudfront.net d31vaofphuh2de.cloudfront.net d3d29mix1h01aj.cloudfront.net d1c28f355qynts.cloudfront.net dx9qyecnejt4f.cloudfront.net dp2zc48idnbd6.cloudfront.net d62djbmcksj4f.cloudfront.net dr766e58k0zx6.cloudfront.net d1e75xhtv2prmc.cloudfront.net d3wpdwyopmcsf.cloudfront.net doce2umits40p.cloudfront.net d2rq0e7rqpfy9w.cloudfront.net d2qm0ohb6vqmeg.cloudfront.net d2rfa446ja7yzb.cloudfront.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.stripe.com *.opayo.eu.elavon.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com t.elasticsuite.io analytics.google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://i.picsum.photos https://picsum.photos https://*.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.vimeocdn.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.eu https://consentcdn.cookiebot.eu https://www.googletagmanager.com https://*.google-analytics.com https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu *.google.com https://www.youtube-nocookie.com https://player.vimeo.com; connect-src 'self' https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu https://*.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: 1
base-uri 'none'; default-src 'self' data: https: wss: blob:; style-src 'self' data: https: wss: 'unsafe-inline'; script-src 'self' blob: https://api.scrivito.com https://assets.scrivito.com https://evergabe-proxy.bundesimmo.de https://static.bundesimmo.de https://static.bundesimmobilien.de https://analytics.bundesimmobilien.de *.arcgis.com; connect-src 'self' https://api.scrivito.com https://assets.scrivito.com https://api.vimeo.com https://analytics.bundesimmobilien.de https://apis.bundesimmobilien.de https://api.bundesimmobilien.de https://login.bundesimmobilien.de https://apis-staging.bundesimmo.de https://api-staging.bundesimmo.de https://login-staging.bundesimmo.de https://apis-integration.bundesimmo.de https://api-integration.bundesimmo.de https://login-integration.bundesimmo.de https://evergabe-proxy.bundesimmo.de *.arcgis.com; img-src data: 'self' *.scrvt.com *.bundesimmo.de *.bundesimmobilien.de gravatar.com maps.gstatic.com *.googleapis.com *.ggpht.com *.vimeocdn.com *.arcgis.com i0.wp.com i1.wp.com i2.wp.com; block-all-mixed-content; frame-ancestors 'self' https://*.scrivito.com; object-src 'self' *.arcgis.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://icosahedron.website; img-src 'self' https: data: blob: https://icosahedron.website; style-src 'self' https://icosahedron.website 'nonce-igNK+G6uvq5WjKOdJVe+QQ=='; media-src 'self' https: data: https://icosahedron.website; frame-src 'self' https:; manifest-src 'self' https://icosahedron.website; form-action 'self'; child-src 'self' blob: https://icosahedron.website; worker-src 'self' blob: https://icosahedron.website; connect-src 'self' data: blob: https://icosahedron.website https://icosahedron.website wss://icosahedron.website; script-src 'self' https://icosahedron.website 'wasm-unsafe-eval' 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; frame-src * ; 1
frame-ancestors 'self'  app.getbee.io supplier.eu.ziftone.com pimcore.eu.ziftone.com partner.pimcore.com; 1
frame-ancestors 'self';        block-all-mixed-content;        default-src 'self';        script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://use.fontawesome.com https://ajax.googleapis.com https://cdn.datatables.net https://cdn.iubenda.com https://d3e54v103j8qbb.cloudfront.net https://google-analytics.com https://m.youtube.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://synlab.milklab.it https://ssl.google-analytics.com https://stackpath.bootstrapcdn.com https://unpkg.com https://www.youtube.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.iubenda.com https://www.googletagmanager.com *.iubenda.com 'unsafe-eval';        style-src 'self' 'report-sample' 'unsafe-inline' use.fontawesome.com *.bootstrapcdn.com ajax.googleapis.com cdn.iubenda.com cdn.datatables.net fonts.googleapis.com unpkg.com *.iubenda.com;        object-src 'none';        frame-src 'self' *.youtube.com www.youtube-nocookie.com www.google.com *.iubenda.com;        child-src 'self' www.youtube.com;        img-src 'self' data: blob: *.google-analytics.com *.google.com *.ytimg.com *.youtube.com ajax.googleapis.com fonts.gstatic.com unpkg.com cdn.datatables.net *.iubenda.com;        font-src 'self' data: *.bootstrapcdn.com fonts.googleapis.com use.fontawesome.com fonts.gstatic.com unpkg.com;        connect-src 'self' use.fontawesome.com *.google.com *.iubenda.com ajax.googleapis.com fonts.gstatic.com fonts.googleapis.com stats.g.doubleclick.net www.google-analytics.com;        manifest-src 'self';        base-uri 'self';        form-action 'self';        media-src 'self';        prefetch-src 'self';        worker-src 'self'; 1
frame-src delamar-u12.guiltypeople.nl beta.delamar.nl delamar.nl tickets.delamar.nl www.youtube.com consentcdn.cookiebot.com td.doubleclick.net;frame-ancestors delamar-u12.guiltypeople.nl beta.delamar.nl delamar.nl tickets.delamar.nl www.youtube.com consentcdn.cookiebot.com td.doubleclick.net; 1
default-src 'self'; script-src 'self' https://ingress.crowdpurr.com https://www.google.com https://www.googletagmanager.com 'sha256-W+XeZiIHtLq7Y2KSmr6DqjMcCn8jAXz/4SYpVaV/qE0=' https://www.gstatic.com https://stats.g.doubleclick.net https://www.youtube.com https://s.ytimg.com https://player.twitch.tv https://d1dzpm7ky4geqi.cloudfront.net 'unsafe-eval'; connect-src * 'self'; img-src data: 'self' http://* https://*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://d1dzpm7ky4geqi.cloudfront.net; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net https://s3.amazonaws.com https://d1dzpm7ky4geqi.cloudfront.net; frame-src 'self' https://www.googletagmanager.com https://www.google.com https://www.youtube.com https://player.twitch.tv https://www.facebook.com https://viewer.millicast.com; media-src 'self' https://viewer.millicast.com https://d1dzpm7ky4geqi.cloudfront.net; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' optimize.google.com service.force.com snap.licdn.com assets.calendly.com static.lightning.force.com mydentist.secure.force.com mydentist.my.salesforce.com c.la1-c1-lo2.salesforceliveagent.com d.la1-c1-lo3.salesforceliveagent.com d.la1-c1-lo2.salesforceliveagent.com geolocation.onetrust.com www.googleoptimize.com www.clarity.ms analytics.tiktok.com ssl.google-analytics.com bam.nr-data.net translate.googleapis.com gateway.zscloud.net sslwidget.criteo.com stats.g.doubleclick.net ict.infinity-tracking.net cdn.cookielaw.org translate.google.com googleads.g.doubleclick.net js-agent.newrelic.com www.facebook.com www.googletagmanager.com www.googleadservices.com script.hotjar.com static.hotjar.com www.google-analytics.com www.patientcomms.co.uk www.gstatic.com static.criteo.net maps.googleapis.com cdn.fluidads.com mydentist.my.salesforce-sites.com d.la1-c2-lo2.salesforceliveagent.com mydentist-portal-test.azurewebsites.net mydentist-portal-production.azurewebsites.net script.infinity-tracking.com widget.trustpilot.com googleapis.com www.cqc.org.uk d.la1-core1.sfdc-5pakla.salesforceliveagent.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' optimize.google.com service.force.com mydentist.secure.force.com mydentist.my.salesforce.com fonts.googleapis.com translate.googleapis.com gateway.zscloud.net hello.myfonts.net www.googletagmanager.com mydentist.my.salesforce-sites.com unpkg.com www.cqc.org.uk web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com px.ads.linkedin.com p.adsymptotic.com px4.ads.linkedin.com gateway.zscloud.net i.ytimg.co onlinebooking.mydentist.co.uk www.gstatic.com translate.googleapis.com c.clarity.ms stats.g.doubleclick.net maps.googleapis.com www.google-analytics.com www.google.com www.google.co.uk www.googletagmanager.com c.bing.com *.tile.openstreetmap.org tiles.mapc.org ad.doubleclick.net www.mydentist.co.uk www.cqc.org.uk web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: service.force.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com optimize.google.com service.force.com mydentist.my.salesforce.com calendly.com gateway.zscloud.net vars.hotjar.com onlinebooking.mydentist.co.uk outlook.office365.com apply.v12finance.com www.youtube.com gum.criteo.com youtu.be vimeo.com www.youtube-nocookie.com 3dshowcases.co.uk my.matterport.com mydentist.my.salesforce-sites.com player.vimeo.com widget.trustpilot.com td.doubleclick.net mycare.patientcomms.co.uk www.invisalign.co.uk web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com cdn.linkedin.oribi.io region1.google-analytics.com nas.lon.infinity-tracking.net maps.googleapis.com www.google-analytics.com mydentist.secure.force.com api.opencagedata.com bam.nr-data.net analytics.tiktok.com www.clarity.ms cdn.cookielaw.org https://www.google-analytics.com ict.infinity-tracking.net stats.g.doubleclick.net in.hotjar.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location mydentist.my.salesforce-sites.com mydentist-portal-test.azurewebsites.net mydentist-portal-production.azurewebsites.net *.infinity-tracking.com *.clarity.ms region1.analytics.google.com pagead2.googlesyndication.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' web-chat.nativechat.com 1
default-src 'self' data: unsafe-inline'       https://maps.googleapis.com       https://polyfill.io       http://webhelp.grassfish.tv       https://*.bmwgroup-posdigital.com       https://bmwgroup-posdigital.com       https://*.grassfish.com       https://bmwgroup-posdigital-integration.com      https://*.grassfish.tv;         script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://maps.googleapis.com       https://polyfill.io       error.angularjs.org;         style-src 'self' 'unsafe-inline';    font-src 'self';         frame-ancestors 'self'       https://maps.googleapis.com       https://polyfill.io       https://*.bmwgroup-posdigital.com       https://bmwgroup-posdigital.com       https://bmwgroup-posdigital-integration.com      https://*.grassfish.com       https://*.grassfish.tv;         report-uri https://gfts.report-uri.com/r/d/csp/reportOnly; 1
frame-ancestors 'self' https://www.spikenow.com/ https://spikenow.com/ https://lp.spikenow.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-uJgJQvss5Pmot/lqOUW5TRlEp7vCs553/oCEQ2khFwalXwam' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://cdn1.adoberesources.net https://cdn.co-buying.com https://pagead2.googlesyndication.com  https://googleads.g.doubleclick.net https://www.googleadservices.com  *.cloudflare.com https://wpgmaps.us-3.evennode.com/ *.youtube.com *.google.com https://rules.quantcount.com https://secure.quantserve.com https://tagmanager.apigruporsa.com  https://www.gstatic.com https://www.googletagmanager.com/ https://contenidoseniplenitude.es/ *.google-analytics.com https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://cdn.jsdelivr.net/ https://t.contentsquare.net app.contentsquare.com *.facebook.com *.facebook.net/ https://eniplenitude.es *.eniplenitude.es *.google.es https://service.maxymiser.net/ https://ads-engagement.presage.io *.adform.net https://www.googleoptimize.com https://eniplenitude-es.pro.nurtigo.cloud/mtc.js https://maps.googleapis.com https://cdn.co-buying.com *.trustcommander.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com/ https://fonts.googleapis.com/ https://contenidoseniplenitude.es https://www.googletagmanager.com; img-src 'self' data: https://imgsct.cookiebot.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://maps.googleapis.com/ https://maps.google.com/ https://maps.gstatic.com *.eniplenitude.es *.ytimg.com https://pixel.quantserve.com https://ads-engagement.presage.io https://ps.w.org/ https://s.w.org/ https://secure.gravatar.com/ *.google-analytics.com https://google.com https://google.es https://www.google.com *.contentsquare.net https://aldroenergia.com/ *.facebook.com https://www.googletagmanager.com/ *.google.es https://fonts.gstatic.com/ *.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com/; connect-src 'self' data:  https://bp.eniplenitude.pt https://edge.adobedc.net https://wpgmaps.us-3.evennode.com/ https://maps.googleapis.com *.eniplenitude.es https://pixel.quantcount.com *.contentsquare.net *.cookiebot.com *.facebook.com/ *.facebook.net/ https://contenidoseniplenitude.es/ *.google-analytics.com *.google.com *.doubleclick.net https://www.googletagmanager.com/ *.google.es *.googlesyndication.com *.apigruporsa.com https://eniplenitude-es.pro.nurtigo.cloud/; child-src blob: https://consentcdn.cookiebot.com/; worker-src blob:;  frame-src 'self' https://bp.eniplenitude.pt https://bp.eniplenitude.es/ https://csxd.contentsquare.net/ https://www.epdata.es/ *.youtube.com https://tagmanager.apigruporsa.com *.doubleclick.net https://consentcdn.cookiebot.com/ *.facebook.com/ *.facebook.net/ https://contenidoseniplenitude.es https://service.maxymiser.net/ https://aax-eu.amazon-adsystem.com/ *.google.com; 1
default-src 'self'; script-src 'self' 'nonce-nCkiUoYBh4jAM8wWyFCtZw=='; style-src 'self'; img-src 'self' data:; object-src 'none'; frame-src 'none'; child-src 'none'; worker-src 'none'; media-src 'none'; manifest-src 'none'; base-uri 'none'; form-action 'none'; 1
default-src 'self' data: https://cdn.pixabay.com/ https://pixabay.com/ https://cdn.upsihologa.com.ua/ https://*.tenor.com/  https://*.google-analytics.com/ https://*.googlesyndication.com/ https://*.googleadservices.com/ https://*.google.ru/ https://*.doubleclick.net/ https://*.google.com/ https://*.googleapis.com;style-src 'self' 'unsafe-inline' https://*.googletagmanager.com/ https://*.google.com/ https://*.googleapis.com/ https://cdn.upsihologa.com.ua/;child-src 'self' https://*.ted.com https://*.googleadservices.com/ https://*.google.ru/ https://*.doubleclick.net/ https://*.googlesyndication.com/ https://*.youtube.com/ https://*.youtube-nocookie.com https://*.google.com/ https://*.twitter.com/ https://*.googlesyndication.com/; img-src 'self' https://*.gstatic.com/  https://*.googletagmanager.com/  https://cdn.pixabay.com/ https://*.google.com/ https://www.paypalobjects.com/ https://*.tenor.com/ https://*.googleapis.com https://*.googleusercontent.com/ https://*.ted.com/ https://*.youtube.com/ https://*.ytimg.com/ https://*.googleapis.com/ https://*.google-analytics.com/ https://*.twitter.com/ https://s0.2mdn.net/ https://cdn.upsihologa.com.ua/ https://*.googlesyndication.com/ data:;media-src 'self'; font-src 'self' https://cdn.upsihologa.com.ua/ https://fonts.gstatic.com/ data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com/ https://*.googleadservices.com/ https://*.google.ru/ https://*.doubleclick.net/ https://*.googlesyndication.com/  https://cdn.upsihologa.com.ua/ https://cdnjs.cloudflare.com/ https://*.pinterest.com/ https://*.google.com/ https://*.google-analytics.com  https://*.googleapis.com https://*.twitter.com/ https://cdn.upsihologa.com.ua/ https://*.googlesyndication.com/ https://*.googleapis.com/ https://assets.pinterest.com; 1
default-src 'self' data: https://www.google-analytics.com *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net;img-src 'self' data: https://www.google-analytics.com *.cloudfront.net https://www.google.com https://www.google.ro https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.nl https://cdn.cookielaw.org https://bat.bing.com *.doubleclick.net *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net *.facebook.com *.google.co.uk https://ade.googlesyndication.com;script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://w.usabilla.com https://static.hotjar.com https://www.youtube.com https://script.hotjar.com https://www.googleadservices.com https://static.doubleclick.net https://js.monitor.azure.com https://bat.bing.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://vvaa.piwikpro.com *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net *.licdn.com *.google.co.uk https://pagead2.googlesyndication.com ;script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://www.googleoptimize.com https://w.usabilla.com https://static.hotjar.com https://www.youtube.com https://script.hotjar.com https://www.googleadservices.com https://static.doubleclick.net https://js.monitor.azure.com https://bat.bing.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org https://cdn.jsdelivr.net https://vvaa.piwikpro.com  https://api.usabilla.com *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net *.licdn.com *.google.co.uk https://pagead2.googlesyndication.com ;style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com;font-src 'self' data: *.gstatic.com;object-src 'none';frame-ancestors 'self' https://mijn.onvz.nl;frame-src https://*.youtube.com https://9406030.fls.doubleclick.net *.mendixcloud.com https://cdn.cookielaw.org https://*.onvz.nl *.doubleclick.net *.usabilla.com *.cloudfront.net *.googleapis.com https://*.vvaazorgverzekering.nl https://*.vvaa.nl *.linkedin.com *.facebook.net *.google.co.uk *.mijnonvz.nl https://mijnonvz.nl *.mijnvvaazorgverzekering.nl https://mijnvvaazorgverzekering.nl https://mijn.onvz.nl;connect-src https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com https://dc.services.visualstudio.com https://www-tst.onvz.nl https://www-acc.onvz.nl https://www.onvz.nl https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.vvaazorgverzekering.nl https://www-tst.vvaazorgverzekering.nl https://www-acc.vvaazorgverzekering.nl https://vvaa.piwikpro.com https://*.onvz.nl https://*.vvaazorgverzekering.nl *.usabilla.com *.cloudfront.net *.googleapis.com *.linkedin.com *.facebook.net *.google.co.uk https://*.onetrust.com wss://ws.hotjar.com https://content.hotjar.io https://adservice.google.com *.google.com;base-uri 'self';form-action 'self'; 1
connect-src 'self' *.bkb.ch *.mybkb.ch s.yimg.com chatbot.bkb.ch geolocation.onetrust.com cdn.cookielaw.org; default-src 'self'; form-action 'self'; frame-ancestors 'self' *.bkb.ch; frame-src 'self' *.doubleclick.net www.youtube.com www.youtube-nocookie.com *.aiaibot.com; font-src 'self' data: *.bkb.ch erbrecht.events.bkb.ch; img-src 'self' data: *.bkb.ch ad.doubleclick.net www.google.com www.google.ch maps.googleapis.com www.google-analytics.com *.fls.doubleclick.net www.googletagmanager.com cdn.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bkb.ch www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net s.yimg.com sp.analytics.yahoo.com irpages2.eqs.com *.google-analytics.com *.google.com *.adobedtm.com cdn.cookielaw.org; style-src 'self' 'unsafe-inline' *.bkb.ch 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' analytics.highspeed-at.net puh.highspeed-at.net fonts.googleapis.com fonts.gstatic.com; frame-src mailto: 'self' puh.highspeed-at.net; img-src 'self' data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.sandbox.paypal.com https://www.paypal.com https://trades.sevenreflections.com https://atr.sevenreflections.com https://vip.sevenreflections.com https://m.sevenreflections.com http://m.sevenreflections.com https://amp.sevenreflections.com https://a.sevenreflections.com https://www.sevenreflections.com https://www.sevenreflections.com https://www.google.com https://cdn.ampproject.org https://khms.googleapis.com https://platform.twitter.com  https://connect.facebook.net https://use.typekit.net   https://maps.googleapis.com https://khms1.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://khms0.googleapis.com https://ajax.googleapis.com https://www.gstatic.com; base-uri 'self'; 1
default-src 'self' comic-meteor.jp comic-polaris.jp *.comic-meteor.jp *.comic-polaris.jp flex-comix.jp booklive.jp *.flex-comix.jp *.booklive.jp *.gstatic.com *.google.co.jp *.googleapis.com *.google-analytics.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.media-amazon.com *.googlesyndication.com *.amazon-adsystem.com *.amazon.co.jp *.ssl-images-amazon.com *.google.com *.doubleclick.net *.twitter.com *.fontawesome.com npmcdn.com *.npmcdn.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' comic-meteor.jp comic-polaris.jp *.comic-meteor.jp *.comic-polaris.jp flex-comix.jp booklive.jp *.flex-comix.jp *.booklive.jp *.gstatic.com *.google.co.jp *.googleapis.com *.google-analytics.com *.facebook.net *.googletagmanager.com *.googleadservices.com *.media-amazon.com *.googlesyndication.com *.amazon-adsystem.com *.amazon.co.jp *.ssl-images-amazon.com *.google.com *.doubleclick.net *.twitter.com *.fontawesome.com npmcdn.com *.npmcdn.com;style-src 'self' 'unsafe-inline' *;img-src * data: blob: ;font-src 'self' *;frame-src 'self' *;connect-src 'self' * 1
default-src  * 'unsafe-inline' 'unsafe-eval' ; img-src * blob: data: 'unsafe-inline' ; font-src * data: 'unsafe-inline' ; media-src * blob: 'unsafe-inline' ; frame-src * data: 'unsafe-inline' 'unsafe-eval' ; 1
default-src 'self'; frame-src 'self' https://td.doubleclick.net https://youtube.com www.youtube.com www.youtube-nocookie.com; font-src 'self' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com snap.licdn.com ajax.googleapis.com www.googletagmanager.com www.youtube.com connect.facebook.net www.google-analytics.com googleads.g.doubleclick.net cdn.jsdelivr.net maps.google.com maps.googleapis.com www.googleadservices.com pagead2.googlesyndication.com; connect-src *; img-src 'self' px.ads.linkedin.com googleads.g.doubleclick.net *.aluprof.com aluprof.com *.google.com *.google.pl www.google-analytics.com www.gravatar.com maps.gstatic.com maps.googleapis.com blob: data:; style-src 'self' 'unsafe-hashes' 'unsafe-inline' fonts.googleapis.com;base-uri 'self';form-action 'self' 1
default-src 'self' https://www.gstatic.com *.enova.no *.enova.no/* api.enova.no localhost:* localhost:*/* www.youtube.com ssl.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://stats.g.doubleclick.net gstatic.com www.gstatic.com https://search.atom.no https://siteimproveanalytics.com https://*.googletagmanager.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.enova.no *.enova.no/* https://www.google-analytics.com localhost:* csi.gstatic.com https://www.gstatic.com gstatic.com www.gstatic.com https://*.adform.net:* https://connect.facebook.net http://www.googletagmanager.com https://www.googletagmanager.com https://tagmanager.google.com https://code.highcharts.com http://siteimproveanalytics.com https://siteimproveanalytics.com https://track.adform.net http://track.adform.net http://www.google-analytics.com https://*.edialog24.com https://login.edialog24.com https://cdn.polyfill.io https://www.google.com www.youtube.com/ s.ytimg.com https://sjs.bizographics.com https://snap.licdn.com https://js.hs-scripts.com http://js.hs-scripts.com https://js.hs-banner.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hsforms.net http://js.hsforms.net http://forms.hsforms.com https://js.hsadspixel.net https://js.hscta.net https://cta-service-cms2.hubspot.com http://cta-service-cms2.hubspot.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://unpkg.com https://js.hsleadflows.net https://kommunikasjon.ntb.no http://kommunikasjon.ntb.no https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hsleadflows.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net https://share-eu1.hsforms.com https://js-eu1.hsforms.net/forms/ http://js-eu1.hsforms.net/forms/embed/v2.js https://googleads.g.doubleclick.net http://googleads.g.doubleclick.net https://*.siteimproveanalytics.io;object-src 'self' *;style-src 'self' 'unsafe-inline' https://www.gstatic.com fonts.googleapis.com https://*.adform.net:* https://tagmanager.google.com;img-src 'self' * data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://*.siteimproveanalytics.io *.siteimproveanalytics.io;media-src 'self' *;frame-src 'self' *.doubleclick.net https://app.powerbi.com https://www.youtube.com https://www.facebook.com https://www.googletagmanager.com https://issuu.com https://code.highcharts.com https://js.hscollectedforms.net https://forms.hsforms.com https://consentcdn.cookiebot.com https://res.cloudinary.com https://kommunikasjon.ntb.no https://share-eu1.hsforms.com https://forms-eu1.hsforms.com;font-src * data:;connect-src 'self' https://www.google-analytics.com *.enova.no localhost:* http://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.facebook.com https://api.ducky.eco https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://api.hubapi.com https://consentcdn.cookiebot.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net https://cdn.linkedin.oribi.io https://forms-eu1.hscollectedforms.net https://api-eu1.hubapi.com https://forms-eu1.hubspot.com/lead-flows-config/ https://api-eu1.hubapi.com/hs-script-loader-public/ https://share-eu1.hsforms.com https://forms-eu1.hsforms.com/embed/v3/form/ https://forms-eu1.hsforms.com/emailcheck/ https://region1.google-analytics.com https://pagead2.googlesyndication.com https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com;base-uri 'self';child-src 'self' *;form-action 'self' *.enova.no localhost:* www.facebook.com www.anpdm.com https://forms.hsforms.com https://forms-eu1.hsforms.com;frame-ancestors 'self' www.enova.no *.enova.no localhost:* *.doubleclick.net/;block-all-mixed-content;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' wss://localhost:44399 https://localhost:44399 www.google-analytics.com www.youtube.com https://stats.g.doubleclick.net cdn1.readspeaker.com app-eu.readspeaker.com vttts-eu.readspeaker.com maps.google.com; child-src 'self' www.youtube.com player.vimeo.com www.google.com platform.twitter.com https://*.twitter.com connect.facebook.net www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:44399 s.ytimg.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com www.perplex.nl player.vimeo.com www.googletagmanager.com cdn1.readspeaker.com platform.twitter.com connect.facebook.net cdn.syndication.twimg.com unpkg.com; style-src 'self' 'unsafe-inline' *.typekit.net cdn1.readspeaker.com cdn.syndication.twimg.com platform.twitter.com fonts.googleapis.com; img-src 'self' data: services.perplex.eu www.google-analytics.com www.perplex.nl https://www.gravatar.com https://dashboard.umbraco.org https://dashboard.umbraco.com syndication.twitter.com *.twimg.com platform.twitter.com http://maps.google.com http://www.zgt.nl *.zgt.nl https://*.perplex.eu; font-src 'self' data: *.typekit.net fonts.gstatic.com; form-action 'self' zgt.nl *.perplex.eu; report-uri https://perplex.report-uri.com/r/default/csp/enforce; 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' e.issuu.com  *.reciteme.com  *.hotjar.com cdn-cookieyes.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com maps.googleapis.com connect.facebook.net; style-src 'unsafe-inline' 'report-sample' 'self' *.reciteme.com fonts.googleapis.com https://p.typekit.net https://use.typekit.net; object-src 'none'; base-uri 'self'; connect-src 'self' *.sentry.io *.reciteme.com *.google-analytics.com cdn-cookieyes.com *.cookieyes.com yoast.com *.hotjar.io *.hotjar.com www.google-analytics.com maps.googleapis.com; font-src 'self' data: *.reciteme.com fonts.gstatic.com use.typekit.net; frame-src 'self' *.sentry.io e.issuu.com *.youtube-nocookie.com https://www.youtube.com  https://player.vimeo.com otp.tools.investis.com irs.tools.investis.com www.facebook.com business.facebook.com; img-src 'self' *.reciteme.com cdn-cookieyes.com  *.google-analytics.com *.gravatar.com data: maps.gstatic.com *.googleapis.com *.ggpht www.facebook.com; manifest-src 'self'; media-src 'self' *.reciteme.com; report-uri https://5f5f4be97d2e04922acab86c.endpoint.csper.io/; worker-src menziesaviation.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com/ https://consentcdn.cookiebot.com 1
default-src 'none'; connect-src 'self' https:; font-src 'self' https: https://cdn.basisonline.nl https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'self'; script-src 'self' https://cdn.basisonline.nl https: blob: 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://cdn.basisonline.nl https: 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; upgrade-insecure-requests; 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https:; 1
font-src cdn.jsdelivr.net fonts.gstatic.com cdn.almapay.com *.capdev.io 'self' data: *.gstatic.com *.cloudflare.com *.cloudflareinsights.com *.cap-adrenaline.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.amazonaws.com *.bootstrapcdn.com *.onetrust.com *.fontawesome.com https://cdnjs.cloudflare.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.capdev.io *.twitter.com *.paybox.com *.axepta.bnpparibas *.paypal.com *.cap-adrenaline.com *.voxpay.io *.voxpay.ai *.onetrust.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.getalma.eu *.capdev.io *.google.com *.twitter.com https://cl.avis-verifies.com *.voxpay.ai *.voxpay.io https://securepayments.sandbox.paypal.com/ *.googlesyndication.com *.doubleclick.net *.cap-adrenaline.com *.google.de *.google.co *.axepta.bnpparibas *.cookielaw.org *.onetrust.com *.botmind.ai *.botmind.io 'self' 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com *.capdev.io *.cap-adrenaline.com https://e3n2bq3m.twic.pics https://cl.avis-verifies.com *.cloudflare.com *.cloudflareinsights.com *.klarna.com google.com *.google.com *.google.si *.google.fr *.google.be *.google.es *.googlesyndication.com *.doubleclick.net *.googleadservices.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: blob: *.lightemporium.com *.usercentrics.eu *.amazonaws.com *.avis-verifies.com *.magentocommerce.com widget.magentocommerce.com *.bing.com *.botmind.io *.cookielaw.org *.onetrust.com *.lgw.io data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.googleapis.com *.googletagmanager.com tagmanager.google.com https://maps.googleapis.com *.capdev.io https://e3n2bq3m.twic.pics *.cloudflare.com *.cloudflareinsights.com *.twitter.com *.google-analytics.com *.analytics.google.com google.com *.google.com *.google.si *.google.fr *.google.be *.google.es *.googlesyndication.com *.doubleclick.net *.g.doubleclick.net *.twimg.com *.gstatic.com *.bing.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.amazonaws.com *.avis-verifies.com *.cap-adrenaline.com *.botmind.io *.googleadservices.com *.cookielaw.org *.onetrust.com *.marvellousmachine.net *.bestofluck.io analytics.bestofluck.io/ https://cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com tagmanager.google.com fonts.google.com *.capdev.io *.cloudflare.com *.cloudflareinsights.com *.googleapis.com *.googletagmanager.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.amazonaws.com *.cap-adrenaline.com *.bootstrapcdn.com *.cookielaw.org *.onetrust.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.capdev.io *.amazonaws.com *.cap-adrenaline.com *.onetrust.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://maps.googleapis.com *.capdev.io *.botmind.io *.cloudflare.com *.cloudflareinsights.com *.inescrm.com extend.inescrm.com *.twitter.com *.paypal.com *.twimg.com *.amazonaws.com *.cap-adrenaline.com *.googlesyndication.com *.googleadservices.com google.com *.google.com *.google.si *.google.fr *.google.be *.google.es *.g.doubleclick.net *.googleapis.com *.bing.com *.cookielaw.org *.onetrust.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://client-registry.mutinycdn.com https://js.hsforms.net https://www.google.com https://www.gstatic.com https://j.6sc.co https://www.redditstatic.com https://snap.licdn.com https://js.driftt.com https://widget.drift.com https://analytics.tiktok.com https://dx.mountain.com https://js.hs-scripts.com https://tag.clearbitscripts.com https://js.hubspot.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://x.clearbitjs.com https://connect.facebook.net https://googleads.g.doubleclick.net https://*.hsadspixel.net https://*.hs-analytics.net https://js.hscta.net https://*.hubspot.com https://static.hsappstatic.net https://*.usemessages.com https://*.hs-banner.com https://*.hubspot.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hubspotfeedback.com https://feedback.hubapi.com https://assets.calendly.com builder-assets.unbounce.com tracker.ub-analytics.com code.jquery.com google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://cdn2.hubspot.net https://assets.calendly.com builder-assets.unbounce.com fonts.ub-assets.com kobiton.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://cdn.cookielaw.org https://www.google.com https://forms.hsforms.com https://forms-na1.hsforms.com https://i.ytimg.com https://tracking.g2crowd.com https://alb.reddit.com https://px.ads.linkedin.com https://b.6sc.co https://px4.ads.linkedin.com https://images.mutinycdn.com https://perf-na1.hsforms.com https://track.hubspot.com https://www.facebook.com https://js.hscta.net https://no-cache.hubspot.com https://*.hubspot.com https://*.hubspot.net https://cdn2.hubspot.net https://*.hsforms.net https://*.hsforms.com https://www.linkedin.com https://blog.kobiton.com https://info.kobiton.com https://lh5.googleusercontent.com https://lh4.googleusercontent.com https://lh3.googleusercontent.com https://*.googleusercontent.com https://assets.calendly.com d9hhrg4mnvzow.cloudfront.net s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com www.googletagmanager.com; connect-src 'self' https://cdn.cookielaw.org https://client-registry.mutinycdn.com https://api-v2.mutinyhq.io https://geolocation.onetrust.com https://js.hsforms.net https://hubspot-forms-static-embed.s3.amazonaws.com https://forms.hsforms.com https://www.google.com https://cdn.linkedin.oribi.io https://secure.adnxs.com https://ipv6.6sc.co https://epsilon.6sense.com https://c.6sc.co https://epsilon-cloudfront.6sense.com https://px.ads.linkedin.com https://api.hubapi.com https://cta-service-cms2.hubspot.com https://app.clearbit.com https://googleads.g.doubleclick.net https://*.hubapi.com https://js.hscta.net https://*.hubspot.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsforms.com https://s.pointerpro.com https://calendly.com https://www.redditstatic.com https://api.unbounce.com events.ub-analytics.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: https://images.mutinycdn.com fonts.ub-assets.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' ; media-src 'self' ; frame-src 'self' https://www.google.com https://www.youtube-nocookie.com https://www.visualize-roi.com https://www.youtube.com https://forms.hsforms.com https://js.driftt.com https://widget.drift.com https://static.hsappstatic.net https://app.hubspot.com https://td.doubleclick.net https://*.hubspot.com https://*.hs-sites.com https://*.hubspot.net https://play.hubspotvideo.com https://*.hsforms.net https://*.hsforms.com https://s.pointerpro.com https://calendly.com www.googletagmanager.com; child-src 'self' www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://test.authorize.net https://accept.authorize.net 1
font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com; connect-src 'self' * https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net ; media-src 'self' https://www.youtube.com https://www.kerridgecs.co.ke; frame-src https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/620276/ https://bid.g.doubleclick.net/ https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://www.infomat.eu/ https://www.youtube-nocookie.com/ https://www.mamsoftware.com https://www.mamsoft.co.uk https://www.kerridgecs.co.za/ https://www.youtube.com/ https://www.google.com/ https://app.hubspot.com/ https://td.doubleclick.net/; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/ https://www.google.com/pagead/1p-conversion/482943437/ https://consent.cookiebot.com/uc.js https://cta-service-cms2.hubspot.com/ https://consentcdn.cookiebot.com/ https://connect.facebook.net/nl_NL/all.js https://www.google.com/recaptcha/enterprise.js https://player.vimeo.com/api/player.js https://secure.leadforensics.com/js/107723.js https://platform.twitter.com/widgets.js https://consent.cookiebot.com/ https://js.hsforms.net/forms/v2.js  https://connect.facebook.net/ https://connect.facebook.net/en_US/fbevents.js https://js.hsforms.net/forms/embed/v2.js https://script.hotjar.com/ https://googleads.g.doubleclick.net/pagead/ https://www.google-analytics.com/analytics.js https://js.hs-analytics.net/ https://static.hotjar.com  https://js.hs-scripts.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.googletagmanager.com/ https://www.googletagmanager.com/ https://js.hs-scripts.com/620276.js https://js.hscta.net/cta/current.js https://js.hscta.net/cta/current.js https://js.hscta.net/cta/current.js https://js.hs-analytics.net/analytics/1712832000000/620276.js https://js.hs-analytics.net/analytics/1712830500000/620276.js https://js.hsleadflows.net/leadflows.js https://js.hubspot.com/web-interactives-embed.js https://js.hsadspixel.net/fb.js https://js.hs-banner.com/620276.js https://js.usemessages.com/conversations-embed.js https://secure.leadforensics.com/js/107723.js https://www.gstatic.com/recaptcha/releases/rz4DvU-cY2JYCwHSTck0_qm-/recaptcha__en.js https://secure.leadforensics.com/Track/Capture.aspx https://www.googleadservices.com/pagead/conversion.js https://ssl.google-analytics.com/ga.js https://tracking001.piwikpro.com/piwik.js https://eu2.snoobi.eu/ https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/enterprise.js ; style-src-elem 'self' 'unsafe-inline' https://hello.myfonts.net/count/2e3d43 https://fonts.googleapis.com/css2 https://fonts.googleapis.com/css https://hello.myfonts.net/count/2e3d43 ;img-src 'self' https://www.kerridgecs.co.ke https://info.kerridgecs.com https://no-cache.hubspot.com/ https://perf-na1.hsforms.com/ https://www.google.co.za/ https://www.google.com/ https://px.ads.linkedin.com https://track.hubspot.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.kerridgecs.ie/ https://www.google.co.uk/ https://blog.kerridgecs.co.za/ https://blog.kerridgecs.com/ https://forms-na1.hsforms.com/ https://forms.hsforms.com/ https://imgsct.cookiebot.com/ https://www.infomat.eu/ https://perf.hsforms.com/ https://www.googletagmanager.com/ https://perf.hsforms.com/embed/ https://ssl.google-analytics.com/r/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/482943437/ https://stats.g.doubleclick.net/r/ data:; 1
“block-all-mixed-content;� 1
frame-ancestors 'self' https://fonzip.com; connect-src 'self' https://s.fonzip.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://cdn.fonzip.com https://api.stripe.com https://www.google.com https://www.google-analytics.com https://web.facebook.com https://analytics.google.com https://www.google.com.tr https://cdn.linkedin.oribi.io https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://px.ads.linkedin.com; manifest-src 'self' https://s.fonzip.com https://cdn.fonzip.com; media-src 'self' https://js.intercomcdn.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src 'self' https://s.fonzip.com data: https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; frame-src 'self' https://www.google.com data: https://fonzip.com https://s.fonzip.com https://yonetim.fonzip.com https://bid.g.doubleclick.net/ https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://h.online-metrix.net https://tpc.googlesyndication.com https://ode.iyzico.com; object-src none; default-src 'self' https://s.fonzip.com; img-src blob: 'self' https://www.google.com https://www.google.com.tr https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://s.fonzip.com https://www.iyzico.com data: https://www.google.co.uk https://3d.payten.com.tr https://www.google.fr https://www.google.de https://www.google.az https://www.google.es https://www.google.nl https://www.google.kg https://www.gstatic.com https://*.googleusercontent.com https://www.google.iq https://www.google.com.ec https://www.google.be https://www.google.ci https://www.google.mk https://www.google.com.my https://www.google.com.np https://www.google.ch https://www.google.co.in https://www.google.tm https://www.google.com.pk https://www.google.ru https://www.google.com.sa https://googleads.g.doubleclick.net https://www.google.com.au https://www.google.com.bd https://www.google.it https://www.google.fi https://www.google.la https://www.google.ae https://www.google.ca https://www.google.ro https://www.google.com.sg https://www.google.co.th https://www.google.com.qa https://www.google.com.cy https://www.google.com.ph https://www.google.com.ly https://www.google.com.br https://www.google.com.pa https://www.google.com.py https://www.google.jo https://www.google.com.jm https://www.google.at https://www.google.co.id https://www.google.se https://platform-lookaside.fbsbx.com https://www.google.com.eg https://www.google.com.mm https://www.google.dz https://www.google.co.il https://www.google.lu https://www.google.gr https://www.google.ie https://www.google.bg https://www.google.cz https://www.google.af https://scontent.xx.fbcdn.net https://www.google.co.ma https://www.google.pt https://www.google.com.bo https://www.google.com.ar https://www.google.com.kh https://www.google.kz https://www.google.hr https://www.google.ge https://www.google.dk https://www.google.bh https://www.google.sk https://www.google.com.ua https://static.xx.fbcdn.net https://www.google.me https://www.google.pl https://www.google.com.hk https://www.google.ps https://www.google.co.tz https://www.google.tn https://www.google.com.kw https://www.google.co.uz https://www.google.gm https://www.google.ne https://www.google.co.mz https://www.google.com.af https://www.google.com.do https://www.google.com.sv https://www.google.hn https://www.google.lk https://www.google.com.gt https://www.google.com.pe https://www.google.com.vn https://www.google.co.cr https://www.google.com.mx https://www.google.com/ads/ga-audiences https://www.google.co.ke https://media.licdn.com https://www.google.co.ug https://www.google.com.lb https://bucket.mlcdn.com https://www.google.ml https://www.google.no https://www.google.ga https://favicon.yandex.net https://www.google.ba https://www.google.dj https://www.googleadservices.com https://www.google.co.ls https://www.google.mn https://www.google.co.ao https://www.google.cg https://www.google.com.et https://www.google.mv https://www.google.com.om https://www.google.mw https://www.google.com.tw https://www.google.al https://www.google.sn https://www.google.rs https://www.google.com.gh https://www.google.co.kr https://ct.capterra.com https://assets.capterra.com https://b.sf-syn.com https://lookaside.facebook.com https://img.posta.fonzip.com https://cdn.fonzip.com https://px.ads.linkedin.com https://p.adsymptotic.com https://www.linkedin.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://s.fonzip.com 'unsafe-inline' https://www.gstatic.com; script-src 'self' https://www.google.com https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com/jsapi https://www.gstatic.com https://s.fonzip.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://js.stripe.com https://h.online-metrix.net https://cdn.onesignal.com https://onesignal.com https://b.sf-syn.com https://snap.licdn.com https://ajax.cloudflare.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com 'nonce-FRBKpiJaxQfYyAX6LBPUAQ==' 1
frame-ancestors 'self' terminal.dietfurt.de  terminal.naturpark-altmuehltal.de; 1
frame-ancestors *.utalk.com utalk.com; 1
default-src https: wss://*.hotjar.com; connect-src 'self' blob: data: *.google.com https://*.googleapis.com https://*.gstatic.com https://bam.nr-data.net https://www.google-analytics.com stats.g.doubleclick.net https://global.ketchcdn.com https://googleads.g.doubleclick.net; font-src 'unsafe-inline' data: https: https://fonts.gstatic.com; frame-ancestors 'self' gfs.phenompeople.com cdn-bot.phenompeople.com; frame-src 'self' *.google.com https://*.gordonnow.gfs.ca gfs.phenompeople.com cdn-bot.phenompeople.com youtube.com www.youtube.com https://*.cookiebot.com https://td.doubleclick.net; img-src 'self' 'unsafe-inline' data: https: *.google.com https://*.googleapis.com *.googleusercontent.com https://*.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https: https://*.ggpht.com *.google.com https://*.googleapis.com *.googleusercontent.com https://*.gstatic.com gfs.phenompeople.com cdn-bot.phenompeople.com https://*.gordonnow.gfs.ca; style-src 'self' 'unsafe-inline' https: https://fonts.googleapis.com; upgrade-insecure-requests; worker-src 'self' blob:; 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'sha256-CFWxk59hmWWhsVWNXy+t1albqTRppvlCMXFTDkd+1YA=' https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'nonce-721db070-d2cc-4139-bad2-3d1b5320627f' asciinema.org  static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; frame-src 'self' youtube-nocookie.com www.youtube-nocookie.com godbolt.org https://hcaptcha.com https://*.hcaptcha.com; connect-src 'self' cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-VWC4+tA9r3MO8U45dZLE5Xz0BDq5Hd8VRJ5odGD9tU5Ksjix' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-d04781182515b4ac8b8dff35f9ae8fee'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
connect-src 'self' https://*.clarity.ms/ https://google.com/ https://*.bing.com/ https://www.google-analytics.com https://s3-us-west-2.amazonaws.com https://merchant-ui.api.stripe.com https://api.stripe.com https://errors.stripe.com https://r.stripe.com https://ppm.stripe.com;script-src 'self' https://googleads.g.doubleclick.net/ https://*.clarity.ms/ https://bat.bing.com/ https://www.trustedsite.com/ https://ajax.cloudflare.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.ywxi.net https://platform.twitter.com https://optimize.google.com https://images.dmca.com https://connect.facebook.net https://cdn.iubenda.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdn.shopify.com https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline';img-src 'self' https://*.clarity.ms/ https://*.bing.com/ https://maps.googleapis.com https://www.google.bs https://www.google.com https://w.chatlio.com https://stats.g.doubleclick.net data: https://cdn.ywxi.net https://syndication.twitter.com https://www.google-analytics.com images.dmca.com https://optimize.google.com;font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://td.doubleclick.net/ https://www.trustedsite.com/ https://platform.twitter.com https://staticxx.facebook.com https://web.facebook.com https://www.facebook.com https://www.youtube.com https://optimize.google.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data: https:; object-src 'none'; style-src 'self' data: https://assets.braintreegateway.com https://widget.reviews.co.uk https://svc.webspellchecker.net https://*.klaviyo.com *.crazyegg.com https://api-js.datadome.co https://fonts.googleapis.com https://assets.reviews.io 'unsafe-inline' 1
script-src 'self' *.stripe.com *.google-analytics.com stats.g.doubleclick.net https://*.googletagmanager.com *.google.com maps.googleapis.com maps.gstatic.com *.googletagmanager.com 'sha256-8+8Dn59WDtELv2wmvOnT1BcJvjRr/R1kMhFhhBgKRWY=' 'sha256-J3yxS7r9mzXaUXRqEyB9ZeSLRQfTgbKgWbvmaxM03Ic=' 'sha256-aaJJGee8iPgCZcYn4Oye87yU9JUhAt5g/90aYjTZZr4=' locationexplorer.de 'sha256-Slffcsk49jj+OKOetEWBmQ9tDeZlI/TJxpi2RWDYHII='; default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'; img-src 'self' data: *.stripe.com *.google-analytics.com stats.g.doubleclick.net www.google.com www.google.de https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; connect-src 'self' *.stripe.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.de; frame-src recruitingapp-5377.de.umantis.com *.stripe.com *.gotowebinar.com *.vimeo.com *.vimeocdn.com *.youtube.com *.youtube-nocookie.com locationexplorer.de; 1
script-src-elem 'self' http: https: 'unsafe-inline' https://prod.admin.goodwine.com.ua/; style-src 'self' https: 'unsafe-inline' https://prod.admin.goodwine.com.ua/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' https://prod.admin.goodwine.com.ua/ https://gwn-m2-dev.perspective.net.ua/ https://fonts.gstatic.com https://geolocation-db.com https://connect.facebook.net https://app2.salesmanago.pl/ https://salesmanago.pl/; frame-src *.youtube.com https://app2.salesmanago.pl/ https://salesmanago.pl/ 1
frame-ancestors 'self' https://*.lexus.de https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'none'; img-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src 'self' 1
default-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; object-src 'none'; 1
frame-ancestors https://100jahre.caritas-stpoelten.at/ https://abrakadabra.caritas-tirol.at/ https://abz-wielandgasse.caritas-steiermark.at/ https://agyoungcaritas.caritas.at/ https://www.caritas-stadtteilarbeit.at/ https://freiwillige.caritas-wien.at/ https://fs-grabenstrasse.caritas-steiermark.at/ https://spenden.helfen.at/ https://hlw.caritas-kaernten.at/ https://intern.sob-linz.at/ https://jahresbericht.caritas-stpoelten.at/ https://la-rottenmann.caritas-steiermark.at/ https://seegasse.caritas-wien.at/ https://sob.caritas-kaernten.at/ https://sob.caritas-wien.at/ https://vorlagen.caritas.at/ https://wirkungsbericht.caritas-burgenland.at/ https://wirkungsbericht.caritas-salzburg.at/ https://wirkungsbericht.caritas-wien.at/ https://www.caritas.at/ https://www.caritas-austria.at/ https://www.caritas-bigs.at/ https://www.caritas-bildungszentrum.at/ https://www.caritas-burgenland.at/ https://www.caritas-commit.at/ https://www.caritas-foundation.at/ https://www.caritas-jobs.at/ https://www.caritas-kaernten.at/ https://www.caritas-leo.at/ https://www.caritas-linz.at/ https://www.caritas-ooe.at/ https://www.caritas-pflege.at/ https://www.caritas-rundumbetreut.at/ https://www.caritas-salzburg.at/ https://www-caritas-salzburg-at.caritas.host https://www.caritas-schulen.at/ https://www.caritas-steiermark.at/ https://www.caritas-stiftung.at/ https://www.caritas-stpoelten.at/ https://www.caritas-tirol.at/ https://www.caritas-vorarlberg.at/ https://www.caritas-wien.at/ https://www.caritas-wiewirwirken.at/ https://www.caritasabend.at/ https://www.caritasakademie.at/ https://www.carla.at/ https://www.carla-vorarlberg.at/ https://www.carla-wien.at/ https://www.diesozialschule.at/ https://www.fsbwr-neustadt.ac.at/ https://www.hilfswerk-sr-emmanuelle.at/ https://www.homelessworldcup.at/ https://www.internationalerfreiwilligeneinsatz.at/ https://www.josee.at/ https://www.junges-wohnen.at/ https://www.lebensraeume-caritas.at/ https://www.neuearbeit.or.at/ https://www.obenauf.cc/ https://www.paraplue-steyr.at/ https://www.patenschaften.at/ https://www.perspektive-handel.at/ https://www.project-bera.eu/ https://www.schule-am-himmel.at/ https://www.schwangerenberatung.at/ https://www.sob-caritas.at/ https://www.sob-linz.at/ https://www.speisewagen-caritas.at/ https://www.unser-wirken.caritas-kaernten.at/ https://www.winternothilfe.at/ https://www.zeitschenken.at/ https://www.gruft.at/ https://www.opentalk.at/ https://caritas-wegweiser.at/ https://www.krone.at/ https://vka.or.at/ https://open2chat.at/ https://www.ausbildungszentrum-linz.at/ https://triptalks.at/ https://www.lena.or.at/ https://www.streetfootball.at/ https://www.carotte-caritas.at/ https://sozialberufe-wolfsberg.caritas-kaernten.at/ https://annualreport.caritas.at/ https://typo3.caritas.at/ https://haus-antonius.caritas-kaernten.at/ https://wirkungsbericht.caritas-tirol.at/ https://wirkungsbericht.caritas.at/ https://test01.caritas.at/ https://test02.caritas.at/ https://test03.caritas.at/ https://test04.caritas.at/ https://test05.caritas.at/ https://test06.caritas.at/ https://test07.caritas.at/ https://test08.caritas.at/ https://test09.caritas.at/ https://test10.caritas.at/ https://test11.caritas.at/ https://test12.caritas.at/ https://test13.caritas.at/ https://test14.caritas.at/ https://test15.caritas.at/ https://test16.caritas.at/ https://test17.caritas.at/ https://test18.caritas.at/ https://test19.caritas.at/ https://test20.caritas.at/; 1
default-src * data: blob: 'self'; script-src 'self' googlesyndication.com *.googlesyndication.com google.com googleadservices.com *.googleadservices.com woobox.com www.gstatic.com app.anyroad.com maps.googleapis.com adservice.google.com gleam.io api.omappapi.com a.optnmstr.com bam.nr-data.net rum-collector-2.pingdom.net analytics.google.com d31qbv1cthcecs.cloudfront.net js.gleam.io js-agent.newrelic.com rum-static.pingdom.net static.ads-twitter.com www.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net cdn.privacy-mgmt.com *.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *; connect-src 'self' googlesyndication.com *.googlesyndication.com google.com googleadservices.com *.googleadservices.com woobox.com www.gstatic.com app.anyroad.com maps.googleapis.com adservice.google.com gleam.io api.omappapi.com a.optnmstr.com bam.nr-data.net rum-collector-2.pingdom.net analytics.google.com d31qbv1cthcecs.cloudfront.net js.gleam.io js-agent.newrelic.com rum-static.pingdom.net static.ads-twitter.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net cdn.privacy-mgmt.com *.google-analytics.com *.google.com *.googletagmanager.com ajax.googleapis.com *.facebook.com facebook.com; block-all-mixed-content; upgrade-insecure-requests; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 	            https://www.google.com 	            https://ajax.googleapis.com 	            https://www.google-analytics.com 	            https://www.googletagmanager.com 	            https://use.fontawesome.com/ 	            https://cdnjs.cloudflare.com/ 	            https://maxcdn.bootstrapcdn.com 		    https://www.googleadservices.com/ 		    https://unpkg.com 		    https://code.jquery.com 		    https://developers.kakao.com 		    *.kakaocdn.net 		    https://cdn.jsdelivr.net 		    https://www.facebook.com 		    https://connect.facebook.net 		    https://svc6cdn.hectoinnovation.co.kr                     https://t1.daumcdn.net 		    https://ssp.igaw.io 		    https://analytics.tiktok.com 		    https://static.ads-twitter.com 		    https://trc.taboola.com 		    https://cdn.taboola.com 		    https://*.cloudfront.net 		    https://karrot-pixel.business.daangn.com 	  	    https://wcs.naver.net 	  	    https://static.airbridge.io 		    https://*.sentry-cdn.com 	            https://googleads.g.doubleclick.net/ ; 	    frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data:; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; 1
frame-ancestors 'self' https://*.toyota.fi https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
frame-ancestors 'self' https://dev2022.njsba.com https://njsba.com 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-XZYDuvlTSf792w3UCMbQEg==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frankcasino.ro wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
default-src 'self' https://prousuario.gob.do https://prousuarioportalprod.azurewebsites.net https://api.prousuario.gob.do https://prousuarioapiprod.azurewebsites.net https://sb.ucontactcloud.com https://analytics.google.com https://www.google.com.do https://maps.googleapis.com https://cdn.userway.org https://api.userway.org https://www.google-analytics.com wss://prousuario.johnny.chat data:;                       style-src 'self' 'unsafe-inline' https://prousuario.gob.do https://fonts.googleapis.com https://assets.calendly.com https://cdn.userway.org;                       font-src 'self' https://cdn.userway.org https://fonts.gstatic.com data:;                       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google.com  https://www.googletagmanager.com https://www.gstatic.com https://sb.ucontactcloud.com https://static.tagshelf.io https://assets.calendly.com https://cdn.userway.org https://certify-js.alexametrics.com https://static.hotjar.com https://unpkg.com https://d3js.org;                       img-src 'self' https://prousuario.gob.do https://api.prousuario.gob.do https://prousuarioapiprod.azurewebsites.net https://cdn.userway.org https://maps.googleapis.com https://maps.gstatic.com https://assets.calendly.com https://dashboard.umbraco.com https://certify.alexametrics.com https://redirect.prod.experiment.routing.cloudfront.aws.a2z.com https://static.tagshelf.io https://www.google.com.do data: blob:;                       media-src 'self' data:;                       child-src 'self' https://cdn.userway.org https://www.youtube.com https://www.google.com https://sb.ucontactcloud.com https://static.tagshelf.io https://calendly.com blob:;        frame-ancestors 'self';        form-action 'self'; 1
default-src 'self' blob: centinelapi.cardinalcommerce.com *.consentmanager.net api.cyberity.ru *.doubleclick.net www.facebook.com ffin.global *.google-analytics.com *.analytics.google.com pay.google.com code.jivosite.com *.mail.ru api.sumsub.com widget.trustpilot.com ddc.worldpay.com yastatic.net youtube.com *.youtube.com *.zdassets.com *.tradernet.by; img-src 'self' 'unsafe-inline' data: *.appsflyer.com bat.bing.com *.carrotquest.app *.carrotquest.io inappstory.com/stories/loader.gif *.consentmanager.net *.clarity.ms *.doubleclick.net earn.broker earn.eu www.facebook.com ffin.global *.freedom24.com w8ben.freedomholdingcorp.com cs.getinappstory.com gocpa.cloud www.googletagmanager.com www.google-analytics.com www.google.am www.google.com www.google.kz www.google.ru www.google.com.cy google.com.cy google.am google.kz chart.googleapis.com www.gstatic.com trade.inveza.com cdn-kz.kursiv.media top-fwz1.mail.ru trade.mind-money.eu content.mql5.com *.onelink.me t.co *.tradernet.by *.tradernet.com *.tradernet.kz *.tradernet.ru turlov.co.za analytics.twitter.com vk.com login.vk.com ddc.worldpay.com mc.yandex.ru v2.zopim.com mc.yandex.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: ffin.global *.freedom24.com www.google-analytics.com pay.google.com cdn.jsdelivr.net *.tradernet.com *.tradernet.ru yastatic.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com fonts.googleapis.com www.gstatic.com code.jivosite.com cdn.jsdelivr.net yastatic.net; font-src 'self' data: *.appsflyer.com cdn.carrotquest.app cs.getinappstory.com fonts.gstatic.com v2.zopim.com; connect-src 'self' blob: *.amazonaws.com wss://*.amazonaws.com *.appsflyer.com api.carrotquest.app wss://realtime-services-eu-chat-2.carrotquest.io realtime-services-eu-chat-2.carrotquest.io wss://rts-v2.carrotquest.app/websocket_connect_time rts-v2.carrotquest.app/websocket_connect_time api.carrottrack.app/users/$self_user/events api.carrottrack.app/users/$self_user/props delivery.consentmanager.net/delivery/ *.clarity.ms suggestions.dadata.ru stats.g.doubleclick.net wss://wss.earn.broker wss://wss.ffdigital.ch wss://wss.tradernet.am ffin.global mo.ffinpay.ru eun1.fptls.com eun1.fptls.com *.freedom24.com wss://wss.freedom24.com api.getinappstory.com/v2/ *.google-analytics.com *.analytics.google.com analytics.google.com pay.google.com www.google.com google.com pagead2.googlesyndication.com *.gstatic.com iframe.ly wss://wss.inveza.com *.jivosite.com wss://*.jivosite.com top-fwz1.mail.ru www.mczbf.com wss://wss.mind-money.eu content.mql5.com www.sjwoe.com *.tradernet.com wss://wss.trader.az wss://wss.tradernet.by wss://wss.tradernet.com wss://wss.tradernet.global wss://wss.tradernet.kg wss://wss.tradernet.kz tradernet.ru admin.tradernet.ru sentry.dev.tradernet.ru wss://wss.tradernet.ru wss://wss2.tradernet.ru wss://wss.tradernet.ua wss://wss.tradernet.uz wss://wss.wisdompointcapital.com ddc.worldpay.com mc.yandex.ru ekr.zdassets.com *.zendesk.com widget-mediator.zopim.com v2.zopim.com wss://widget-mediator.zopim.com mc.yandex.com wss://wssdev.tradernet.dev wss://wss.tradernet.dev; frame-ancestors 'self' https://*.bankffin.kz https://*.freedom24.com https://bankffin.kz https://freedom24.ru https://*.tradernet.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-wJIH0HQPvNayijH7DjBQSF56Z' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MzYzMGM4MjhlNWY5NDgxMzk3NThlMDJmZDBiMTllYWU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.wrr.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.wrr.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.wrr.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'  https://www.google-analytics.com/j/collect https://www.facebook.com/tr/ https://stats.g.doubleclick.net/j/collect; script-src 'self'  https://*.rietumu.lv  https://*.rietumu.com https://*.rietumu.ru https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net  https://www.google.com/ads/ https://www.google.lv/ads/ data:; frame-src https://*.rietumu.lv https://*.rietumu.com https://*.rietumu.ru https://www.google.com  https://www.facebook.com https://www.youtube.com; object-src 'none'; 1
default-src ws28.hotjar.com *.g.doubleclick.net https://stats.g.doubleclick.net https://www.facebook.com region1.analytics.google.com https://graylog.hotjar.com https://insights.hotjar.com https://region1.analytics.google.com https://app2.salesmanago.pl https://syndication.twitter.com salesmanago.pl app2.salesmanago.pl *.hotjar.com 'self'; font-src 'self'; style-src https://bitly.com www.google.com https://cse.google.com https://tagmanager.google.com platform.twitter.com https://ton.twimg.com 'self' 'unsafe-inline'; img-src clients1.google.com *.analytics.google.com https://static.hotjar.com https://abs.twimg.com https://www.facebook.com www.googleapis.com https://rpm.mennica.com.pl https://facebook.com https://pbs.twimg.com *.google-analytics.com syndication.twitter.com http://user-mrp-ow.ext.e-point.pl stats.g.doubleclick.net https://www.google.pl https://app2.salesmanago.pl https://user-mrp-ow.ext.e-point.pl https://o.twimg.com facebook.com www.google.com platform.twitter.com http://rpm.mennica.com.pl www.google-analytics.com https://ton.twimg.com 'self' data:; frame-src https://bitly.com https://*.google.com https://vars.hotjar.com https://www.googletagmanager.com www.google.com https://www.facebook.com www.youtube.com platform.twitter.com https://facebook.com https://www.youtube.com syndication.twitter.com www.yumpu.com 'self'; script-src http://*.google.com https://script.hotjar.com https://static.hotjar.com https://www.facebook.com www.googleapis.com https://facebook.com connect.facebook.net *.twitter.com https://bitly.com app2.emlgrid.com https://*.google.com http://www.google.com https://app2.salesmanago.pl static.hotjar.com www.googletagmanager.com https://www.gstatic.com https://www.googletagmanager.com facebook.com https://www.google-analytics.com https://app2.emlgrid.com app2.salesmanago.pl https://cdn.syndication.twimg.com https://cdn.jsdelivr.net www.google-analytics.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self'; connect-src *.analytics.google.com https://app2.salesmanago.pl https://in.hotjar.com http://app2.salesmango.pl https://www.facebook.com *.hotjar.com *.google-analytics.com 'self' 1
default-src 'none'; connect-src 'self' https://fahrplan.salzburg-verkehr.at/webapp/ https://eu-api.friendlycaptcha.eu/api/v1/puzzle; font-src 'self' data: https://fahrplan.salzburg-verkehr.at/webapp/; form-action 'self'; frame-src 'self'; img-src 'self' data: https://fahrplan.salzburg-verkehr.at/webapp/; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://fahrplan.salzburg-verkehr.at/bin/ https://fahrplan.salzburg-verkehr.at/webapp/; style-src 'self' 'unsafe-inline' https://fahrplan.salzburg-verkehr.at/webapp/; base-uri 'none'; object-src 'none'; frame-ancestors 'self'; block-all-mixed-content; report-uri https://3ff6097d7f5d6e89a9eed049b3aed13c.report-uri.com/r/d/csp/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://plush.city; img-src 'self' https: data: blob: https://plush.city; style-src 'self' https://plush.city 'nonce-60ZyMb+U7mK8GdbFn4YsbA=='; media-src 'self' https: data: https://plush.city; frame-src 'self' https:; manifest-src 'self' https://plush.city; form-action 'self'; child-src 'self' blob: https://plush.city; worker-src 'self' blob: https://plush.city; connect-src 'self' data: blob: https://plush.city https://cdn.masto.host wss://plush.city; script-src 'self' https://plush.city 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: ws: blob: *.analytics.google.com *.azure.com *.facebook.com *.fontawesome.com *.freshworks.com *.google-analytics.com *.google.co.uk *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.hs-analytics.net *.hs-banner.com *.hs-scripts.com *.hs-scripts.com *.hscollectedforms.net *.hubspot.com *.ingest.sentry.io *.liftshare.com *.mobilityways.co.uk *.mobilityways.com *.sentry.io *.testing12.com *.usemessages.com *.visualstudio.com cdn.jsdelivr.net connect.facebook.net google.com ip2c.org liftshare.blob.core.windows.net liftsharesupport.freshdesk.com platform.twitter.com polyfill.io sentry.io static.hsappstatic.net www.google.com/favicon.ico; frame-src www.facebook.com platform.twitter.com myptp.co *.hotjar.com *.hubspot.com www.youtube.com *.mobilityways.co.uk *.mobilityways.com; img-src * data: blob:; report-uri https://sentry.io/api/1496386/security/?sentry_key=d80d261dd79d42e8a1a559924da6e928 1
frame-ancestors 'self' https:;default-src 'self' discordapp.com controllers.babylonjs.com www.youtube.com blob: fonts.googleapis.com plausible.io sdk.twilio.com *.crvox.com cryptovoxels.com *.cryptovoxels.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: cdn.babylonjs.com plausible.io sdk.twilio.com cryptovoxels.com *.cryptovoxels.com;style-src 'self' 'unsafe-inline' cryptovoxels.com *.cryptovoxels.com;media-src * blob:;img-src data: blob: *;object-src 'self' cryptovoxels.com *.cryptovoxels.com discordapp.com *.crvox.com;connect-src * 'self' data:;frame-src 'self' cryptovoxels.com *.cryptovoxels.com www.youtube.com opensea.io player.twitch.tv *.crvox.com;worker-src 'self' blob: cryptovoxels.com *.cryptovoxels.com;font-src 'self';upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;script-src-attr 'none' 1
frame-ancestors https://lunar-website-studio.vercel.app https://lunar-website-studio-staging.vercel.app https://lunar-website-studio-dev.vercel.app https://www.lunar.app 1
frame-ancestors agom.net 1
script-src 'nonce-MTRlZDQ0YzgxMDhmOGI3ODMwYTEzMmYwNWE4OGU3ZjI=' 'strict-dynamic'; object-src 'none'; base-uri 'none'; frame-ancestors 'none' 1
frame-ancestors 'self'; base-uri 'self'; form-action assets.koempf24.de gpc-sys.pay1.de pixi.koempf24.de ratenkauf.easycredit.de threedssvc.pay1.de www.mollie.com www.paypal.com www.sofort.com www.zoologo.de backoffice.koempf24.de 'self' https://threedssvc.pay1.de https://gpc-sys.pay1.de https://www.paypal.com https://www.sofort.com https://ratenkauf.easycredit.de https://seu2.cleverreach.com https://*.mollie.com https://*.mollie.nl https://pay.twint.ch https://r2.girogate.de https://www.paydirekt.de/ https://pay.klarna.com/eu/hpp/payments/* 1
default-src 'self'; connect-src 'self' www.google-analytics.com https://*.google-analytics.com https://hcaptcha.com https://*.hcaptcha.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com www.google-analytics.com ajax.googleapis.com https://ssl.google-analytics.com https://hcaptcha.com https://*.hcaptcha.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' fonts.gstatic.com; report-uri https://www.cst-group.com/csp-rep/; img-src 'self' https://*.google-analytics.com www.googletagmanager.com; frame-src https://hcaptcha.com https://*.hcaptcha.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob: https://www.queroviajarmais.com https://*.affilimatejs.com; upgrade-insecure-requests. 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleapis.com www.googletagmanager.com www.google-analytics.com www.google.com cdnjs.cloudflare.com files.meridianapps.com; style-src 'self' 'unsafe-inline' *.googleapis.com www.google.com cdnjs.cloudflare.com; connect-src 'self' api.keen.io sentry.io wss: www.google-analytics.com staging-tags.meridianapps.com tags-eu.meridianapps.com dev-tags.meridianapps.com tags.meridianapps.com *.appspot.com maps.googleapis.com storage.googleapis.com; font-src 'self' data: *.googleapis.com *.gstatic.com; object-src 'self' blob:; default-src 'self'; img-src 'self' data: blob: files.meridianapps.com edit.meridianapps.com www.google-analytics.com storage.googleapis.com edit-eu.meridianapps.com maps.gstatic.com *.googleusercontent.com http://*.googleusercontent.com http://*.ggpht.com *.ggpht.com http://*.googleapis.com *.googleapis.com 1
frame-ancestors https://*.espocloud.eu https://*.espocloud.com 1
default-src 'self' *.mapfredigitalhealth.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.hotjar.com d2oh4tlt9mrke9.cloudfront.net mapfresaluddigital.my.salesforce-sites.com mapfresaluddigital.my.salesforce.com www.youtube.com assets.ubembed.com snap.licdn.com 0247afab1fe544fbb43871d326b38e0f.js.ubembed.com googleads.g.doubleclick.net bat.bing.com connect.facebook.net *.bootstrapcdn.com *.cloudflare.com *.sandbox.my.salesforce.com *.mapfredigitalhealth.com *.force.com *.gstatic.com *.salesforceliveagent.com *.google.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.googletagmanager.com js.stripe.com code.jquery.com cdn.usefathom.com *.cookielaw.org *.googlesyndication.com *.force.com *.sandbox.my.salesforce-sites.com; img-src 'self' blob: data: googleads.g.doubleclick.net pagead2.googlesyndication.com  *.events.ubembed.com *.google.com.mx *.pro.mapfredigitalhealth.com mapfresaluddigital.my.salesforce-sites.com i.ytimg.com px.ads.linkedin.com *.google.es bat.bing.com *.mapfre.com *.google.com *.facebook.com *.googleapis.com *.google-analytics.com *.saludsavia.com img.youtube.com www.googletagmanager.com cdn.usefathom.com *.gstatic.com cdn.cookielaw.org *.force.com *.eu-central-1.amazonaws.com; style-src 'self' 'unsafe-inline' data: *.pro.mapfredigitalhealth.com *.jquery.com *.salesforce-sites.com *.force.com *.saludsavia.com *.googleapis.com *.sandbox.my.salesforce-sites.com; font-src 'self' data: *.pro.mapfredigitalhealth.com *.saludsavia.com *.gstatic.com *.s3.eu-west-1.amazonaws.com; connect-src 'self' data: px.ads.linkedin.com pagead2.googlesyndication.com *.events.ubembed.com bat.bing.com *.google.com.mx api.smartdyspnea.com stats.g.doubleclick.net googleads.g.doubleclick.net *.docline.com *.my.salesforce-sites.com *.saludsavia.com *.googleapis.com *.googlesyndication.com api-demo.docline.eu *.pro.mapfredigitalhealth.com *.analytics.google.com *.google.es *.google.com *.google-analytics.com *.salesforceliveagent.com *.advance-telehealth.com wss: *.meetingdoctors.com *.sentry.io *.cookielaw.org www.googletagmanager.com *.onetrust.com *.meetingdoctors.com *.force.com *.googleapis.com *.sandbox.my.salesforce-sites.com *.opinator.com; frame-src 'self' savia.enola.app mapfre.es 0247afab1fe544fbb43871d326b38e0f.pages.ubembed.com td.doubleclick.net savia-forms-pro-xkitxpfeaq-no.a.run.app *.saludsavia.com *.youtube.com *.youtube-nocookie.com *.google.com *.advance-telehealth.com *.meetingdoctors.com *.pro.mapfredigitalhealth.com *.stripe.com *.google.com *.facebook.com *.force.com *.opinator.com; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://connect.facebook.net https://claims.discover-airlines.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*; font-src 'self' data:; connect-src 'self' *.doubleclick.net *.googleadservices.com *.google.com youtube.com www.youtube.com *.google-analytics.com; frame-src 'self' *.doubleclick.net youtube.com www.youtube.com connect.facebook.net claims.discover-airlines.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*; font-src 'self'; connect-src 'self' https://*.tertulia.com https://*.cloudfront.net https://*.segment.com https://*.segment.io https://*.myshopify.com https://*.google-analytics.com https://api.aer.io/api/Viewer/ViewerLink https://*.clarity.ms/collect; media-src 'self'; object-src 'none'; frame-src 'self' https://lithub.com https://viewer.aer.io/vTrAeggjEwQJQrFZ/ https://www.facebook.com/; form-action 'self' https://www.facebook.com/tr/; 1
default-src 'self' scwstorageprd.blob.core.windows.net scw-cdn-sm-prd-sea.azureedge.net sdi.sats.com.sg; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.licdn.com *.googleapis.com *.gstatic.com api.worldtradingdata.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://developers.google.com/maps/documentation/javascript/examples/markerclusterer/markerclusterer.js s7.addthis.com z.moatads.com v1.addthisedge.com/live/boost m.addthis.com/live/red_lojson/300lo.json emea3.recruitmentplatform.com apidojo-yahoo-finance-v1.p.rapidapi.com www.googletagmanager.com ir.listedcompany.com sats.listedcompany.com sdi.sats.com.sg; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com apidojo-yahoo-finance-v1.p.rapidapi.com sdi.sats.com.sg; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: scw-cdn-sm-prd-sea.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com scw-cdn-sm-prd-sea.azureedge.net sats.listedcompany.com; media-src 'self' data: blob: https://scw-cdn-sm-prd-sea.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com s7.addthis.com www.google.com sats.listedcompany.com sdi.sats.com.sg; connect-src 'self' *.google-analytics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com www.alphavantage.co api.worldtradingdata.com emea3.recruitmentplatform.com global3.recruitmentplatform.com apidojo-yahoo-finance-v1.p.rapidapi.com www.googletagmanager.com yh-finance.p.rapidapi.com maps.googleapis.com sdi.sats.com.sg; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; font-src 'self' data: https:; img-src 'self' data: https:; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' www.caci.nl https://fonts.googleapis.com https://www.googletagmanager.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com; style-src 'self' data: 'unsafe-inline' 'unsafe-hashes' https://fonts.googleapis.com; img-src * 'self' data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com; media-src 'self'; frame-src 'self' https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com; form-action * 'self'; 1
frame-ancestors 'self' https://*.lightning.force.com https://*.my.salesforce.com https://*.quadientdirect.com https://*.secure.force.com https://*.visual.force.com 1
worker-src blob:; default-src 'unsafe-inline' data: *.gstatic.com *.googleapis.com *.google-analytics.com *.facebook.net *.googlecommerce.com *.google.com *.facebook.com t.co *.twitter.com *.analytics-twitter.com *.ads-twitter.com *.moatads.com *.pinterest.com *.cenpos.net *.cenpos.com *.constantcontact.com *.fbcdn.net *.fontawesome.com *.cloudflare.com *.cookiepro.com recruitingbypaycor.com *.office.com *.youtube.com *.googletagmanager.com cdn.tiny.cloud 'unsafe-eval' www.southernhobby.com 1
default-src 'self' www.gravatar.com *.flickr.com player.vimeo.com *.vimeocdn.com *.cloudfront.net login.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com ajax.aspnetcdn.com *.siteimproveanalytics.com siteimproveanalytics.com *.flickr.com *.geodataoverijssel.nl widget.scribit.pro www.youtube.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: i.ytimg.com *.vimeocdn.com 6011273.global.siteimproveanalytics.io live.staticflickr.com *.flickr.com dashboard.umbraco.com; font-src 'self' data:; connect-src 'self' api.scribit.pro scribit-pro-hosting.storage.googleapis.com; media-src 'self' scribit-pro-hosting.storage.googleapis.com; frame-src 'self' overijssel.maps.arcgis.com www.youtube-nocookie.com player.vimeo.com *.cloudfront.net *.geodataoverijssel.nl toegankelijkheidsverklaring.nl/files/verklaring experience.arcgis.com/experience/; report-uri https://e4044bdf33a4c10e6f7e8a355b831229.report-uri.com/r/d/csp/reportOnly 1
img-src 'self' https://hkemobility.gov.hk blob: data: https://*.hkemobility.gov.hk https://api.hkmapservice.gov.hk https://resource.data.one.gov.hk https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://*.ggpht.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/css; font-src 'self' data: https://fonts.gstatic.com; default-src 'self'; script-src 'self' 'sha256-YovJ3kTtWMqDNag5s4GloG0bOrUzSG2d62fMKN55J74=' 'sha256-Oc6dELoS6GoAdiVKwoOr0fZdgIjnvecIsBzZtCiBi9Q=' 'sha256-PEK7EhnUsVK79aa+ZQNCURBIsCfE7tMImnV4+cCNjEA=' https://www.google.com/recaptcha/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; media-src 'self' blob: https://www.gstatic.com/recaptcha/; frame-src 'self' https://*.google.com/; connect-src 'self' https://maps.googleapis.com/; worker-src 'self' blob:; 1
default-src 'self' https://api-js.datadome.co/js/ https://www.google.com/ https://app.runcardigan.com https://www.youtube.com/ https://player.vimeo.com/ *.myshopify.com *.contentful.com *.algolianet.com *.algolia.net *.applicationinsights.azure.com *.klaviyo.com https://www.google-analytics.com https://*.doubleclick.net https://cdn.cookielaw.org https://*.onetrust.com;   img-src * w3.org images.ctfassets.net c21stores.bynder.com c21-assets.legendscommerce.io data:;   script-src 'self' https://www.googletagmanager.com https://assets.adobedtm.com https://www.google-analytics.com  https://www.googleadservices.com https://*.doubleclick.net https://cdn.cookielaw.org *.azure.com *.klaviyo.com 'unsafe-eval' 'unsafe-inline';   style-src https://fonts.googleapis.com 'self' 'unsafe-inline' *.klaviyo.com;   font-src https://fonts.gstatic.com 'self' data:;   object-src 'none';   base-uri 'self';   form-action 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' https: wss: data: blob:; frame-ancestors 'self'; report-uri https://www.evocagroup.com/en/report-uri/enforce 1
default-src 'self'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: analytics.iitsp.com secure.gravatar.com updates.theme-fusion.com http://www.allworld.it; script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.iitsp.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self'; script-src 'self' 'sha256-Rtjp9WRsyLj3MhvlnjNB+Q7b80U2fyLA8UDX7SxVHww=' 'sha256-CFHFpEkWug//7fnvEMahFAdsk6LnbP/mC2GmCPJI8EE=' www.google.com www.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com tagmanager.google.com ajax.googleapis.com www.youtube.com www.instagram.com  platform.instagram.com connect.facebook.net platform.twitter.com maps.googleapis.com insight.adsrvr.org js.adsrvr.org td.doubleclick.net *.fls.doubleclick.net ad.doubleclick.net static.ads-twitter.com acdn.adnxs.com www.google.ca bat.bing.com; style-src 'self' 'unsafe-inline' fonts.cdnfonts.com fonts.googleapis.com tagmanager.google.com www.gstatic.com; font-src 'self' fonts.cdnfonts.com *.fonts.gstatic.com fonts.gstatic.com data:; connect-src 'self' res.cloudinary.com vitals.vercel-insights.com graph.facebook.com assets.metrolinx.com https://api.gotransit.com ae72qusyyn-dsn.algolia.net ae72qusyyn-3.algolianet.com ae72qusyyn-2.algolianet.com ae72qusyyn-1.algolianet.com maps.googleapis.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google-analytics.com *.google.com ets.upexpress.com; img-src 'self' res.cloudinary.com cloudinary.com assets.metrolinx.com i.ytimg.com maps.gstatic.com maps.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.googleads.g.doubleclick.net *.google.com ssl.gstatic.com www.gstatic.com *.facebook.com data:; media-src 'self' blob: res.cloudinary.com assets.metrolinx.com; frame-src www.youtube.com www.google.com www.instagram.com www.linkedin.com www.facebook.com platform.twitter.com outlook.office365.com *.g.doubleclick.net maps.metrolinx.com ets.upexpress.com fls.doubleclick.net td.doubleclick.net insight.adsrvr.org match.adsrvr.org; frame-ancestors 'self'; form-action 'self' 1
default-src 'self'; script-src *; style-src *; font-src *;img-src *; includeSubDomains 1
default-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube-nocookie.com https://identity.netlify.com/ https://www.netlifystatus.com *.eden.com;connect-src 'self' 'unsafe-inline' blob: *.cloudfront.net *.google.com *.google-analytics.com *.eden.com https://*.gstatic.com https://cdn.cookie-script.com https://consent.cookie-script.com https://fonts.googleapis.com https://fonts.gstatic.com https://geo.cookie-script.com https://identity.netlify.com https://l.sharethis.com https://raw.githubusercontent.com https://maps.googleapis.com https://maps.gstatic.com https://maxcdn.bootstrapcdn.com https://platform-cdn.sharethis.com https://script.google.com https://script.googleusercontent.com https://stats.g.doubleclick.net https://ug-edn.netlify.app https://www.google-analytics.com https://www.googletagmanager.com https://www.eden.com https://www.youtube-nocookie.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://www.youtube-nocookie.com *.cloudfront.net https://maxcdn.bootstrapcdn.com;frame-src 'self' https://c.sharethis.mgr.consensu.org  https://www.youtube-nocookie.com;img-src 'self' blob: data: https://platform-cdn.sharethis.com https://www.googletagmanager.com https://cdn.cookie-script.com https://www.google-analytics.com https://fonts.gstatic.com https://www.google.co.uk *.google.com https://maps.gstatic.com https://l.sharethis.com https://raw.githubusercontent.com images.ctfassets.net *.cloudfront.net *.googleapis.com *.ggpht *.eden.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;object-src 'self' 'unsafe-inline' data: https://www.netlify.com https://identity.netlify.com https://www.netlifystatus.com assets.ctfassets.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com https://maps.googleapis.com https://platform-api.sharethis.com https://identity.netlify.com https://unpkg.com https://www.netlifystatus.com https://script.google.com https://script.googleusercontent.com https://maxcdn.bootstrapcdn.com *.eden.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://cdn.cookie-script.com https://raw.githubusercontent.com https://www.eden.com https://ug-edn.netlify.app/ *.fontawesome.com *.cloudfront.net;manifest-src 'self' https://www.eden.com https://ug-edn.netlify.app/ 1
default-src 'self';                         script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' go.stepan.com code.jquery.com *.salesforceliveagent.com cdn.cookielaw.org assets.adobedtm.com service.force.com pi.pardot.com *.wistia.net *.wistia.com stepan.my.salesforce.com static.lightning.force.com stepancompany.secure.force.com stepan.my.salesforce-sites.com;                         style-src 'self' 'unsafe-inline' *.force.com *.salesforce-sites.com cdn.jsdelivr.net; img-src 'self' data: cdn.cookielaw.org *.omtrdc.net *.wistia.net *.wistia.com;                         connect-src 'self' cdn.cookielaw.org *.omtrdc.net *.force.com *.salesforceliveagent.com dpm.demdex.net *.litix.io *.wistia.com *.onetrust.com; font-src 'self' data: *.wistia.com;                         object-src 'self'; media-src 'self' blob: ; navigate-to *; frame-src 'self' service.force.com *.wistia.net *.wistia.com www.google.com; 1
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' https://api.flooz.trade https://flooz-follow-vg25lineqa-uc.a.run.app https://*.cloudfunctions.net https://*.googleapis.com https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ https://sockjs-us3.pusher.com wss://ws-mt1.pusher.com/ wss://ws-us3.pusher.com wss://*.bridge.walletconnect.org wss://relay.walletconnect.com wss://relay.walletconnect.org https://registry.walletconnect.com wss://www.walletlink.org/rpc https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://adservice.google.com https://googleads.g.doubleclick.net https://*.sentry.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://gen-f-minting-rbgg3hvdfq-uc.a.run.app https://*.getblock.io https://*.binance.org https://*.nariox.org https://*.infura.io https://polygon-rpc.com https://*.tronex.io https://*.trongrid.io https://infragrid.v.network https://*.wallet.coinbase.com https://*.walletconnect.com https://*.walletconnect.org https://cloudflare-eth.com https://*.moralis.io https://*.ankr.com https://*.twnodes.com https://*.dcentwallet.com https://*.ninicoin.io https://*.defibit.io https://arb1.arbitrum.io https://mainnet.optimism.io https://api.avax.network https://mainnet.base.org https://mainnet.era.zksync.io https://*.moonpay.com https://cdn.contentful.com preview.contentful.com https://app.dynamicauth.com https://dynamic-static-assets.com https://auth.magic.link https://api.turnkey.com https://backend-vikp.onrender.com https://fittest-ultra-aura.ethereum-sepolia.quiknode.pro https://min-api.cryptocompare.com https://www.google.com track.customer.io customerioforms.com *.api.gist.build *.cloud.gist.build; font-src 'self' https://cdn.jsdelivr.net/npm/@fontsource/dm-sans/ https://script.hotjar.com https://*.gstatic.com data:; form-action 'self' https://*.facebook.com; frame-src https://*.moonpay.com https://*.ramp.network https://ri-widget-staging.firebaseapp.com https://*.transak.com https://*.paychant.com https://*.mercuryo.io https://www.google.com https://www.facebook.com https://td.doubleclick.net https://vars.hotjar.com 'self' blob: https://flooz-profiles-prod.firebaseapp.com https://flooz-profiles-staging.firebaseapp.com https://verify.walletconnect.com https://verify.walletconnect.org https://auth.magic.link https://export.turnkey.com http://recovery.turnkey.io http://export.turnkey.io https://recovery.turnkey.com/ https://auth.turnkey.com https://auth.turnkey.io https://vercel.live/ https://vercel.co renderer.gist.build code.gist.build https://www.youtube.com https://www.vimeo.com https://platform.twitter.com; img-src * https://vercel.live/ https://vercel.com https://sockjs-mt1.pusher.com/ track.customer.io data: blob:; manifest-src 'self'; media-src *; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://*.google.com https://*.googletagmanager.com https://www.gstatic.com https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://vercel.live/ https://vercel.com assets.customer.io code.gist.build customerioforms.com; script-src-elem 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.google.com https://www.gstatic.com https://connect.facebook.net https://*.hotjar.com https://vercel.live/ https://vercel.com https://assets.customer.io https://code.gist.build https://platform.twitter.com; script-src-attr 'self'; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com fonts.googleapis.com code.gist.build; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; style-src-attr 'unsafe-inline'; worker-src 'self'; report-uri https://o1246260.ingest.sentry.io/api/6405829/security/?sentry_key=8d278bec6b2c424a9435aef35ed6ded9&sentry_environment=production; frame-ancestors 'none' 1
frame-ancestors 'none'; report-uri https://us.browser.tcell.insight.rapid7.com/csp/a8ba80b0551a8dba5d06bd45016f62bef3856fce80d9c5a5f5f9054a954038bc?rid=381678237 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://*.entryscape.com https://*.stratsys.com/ registry.dataportalvast.se http://piwik-ext.vgregion.se/ http://piwik-ext.vgregion.se/piwik.js https://*.vgregion.se https://*.vimeocdn.com https://player.vimeo.com/ https://www.youtube.com https://cdn.siteimprove.net/ https://vgrintern.boost.ai https://vgregion.esmaker.net/ https://ssl.webserviceaward.com/; style-src 'unsafe-inline' 'self' https://*.vgrblogg.se/ https://*.vimeocdn.com https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.stratsys.com/ registry.dataportalvast.se https://*.vgregion.se https://cdn.jsdelivr.net/npm/vuetify@2.x/dist/vuetify.min.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.vgrblogg.se/ https://*.boost.ai/ https://ssl.webserviceaward.com/wsc/client/wscSelVisit.css https://*.vimeocdn.com registry.dataportalvast.se http://piwik-ext.vgregion.se/ https://nominatim.openstreetmap.org https://*.vgregion.se https://id.siteimprove.com https://my2.siteimprove.com/ https://vgrintern.boost.ai https://td.azure-api.net/ *.t-d.se; font-src 'self' data: https://static.entryscape.com/ https://static2.sharepointonline.com/ https://players.cupix.com/*; frame-src  'self' https://*.siteimprove.com/ https://*.vgrblogg.se/ https://sketchfab.com/ https://play.gu.se/ https://forms.office.com/ https://*.microsoftstream.com/ https://nominatim.openstreetmap.org https://www.google.com https://maps.google.se https://e.infogram.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.naturbruk.nu *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com https://players.cupix.com/; img-src 'self' data: https://*.vgrblogg.se/ https://api.lantmateriet.se https://ssl.webserviceaward.com/wsc/  https://i.vimeocdn.com/ https://i.ytimg.com/ https://a.basemaps.cartocdn.com https://b.basemaps.cartocdn.com https://c.basemaps.cartocdn.com https://*.amazonaws.com/ https://sahlgrenskaliv.se/ https://*.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com blob:; manifest-src 'self'; media-src 'self'; worker-src 'none'; frame-ancestors 'self' *.vgrblogg.se *.vgregion.se *.vastarvet.se *.angeredsnarsjukhus.se *.fhsk.se *.lodosemuseum.se *.naturbruk.nu *.nusjukvarden.se *.vgrfolkhogskolor.se *.narhalsan.se *.forsviksbruk.se *.vanersborgsmuseum.se *.vitlyckemuseum.se *.sahlgrenska.se *.slojdochbyggnadsvard.se *.mun-h-center.se *.maritimaklustret.se *.botaniska.se *.gnm.se *.esmaker.net *.samverkandesjukvard.se *.vastfastigheter.se *.fyrbodalshalsoakademi.se *.valdinararelationer.se *.utvag.se *.vardsamverkan.se *.nationellpvkonferens19.se *.utvag.com *.biobankvast.se *.halsoakademinvast.se *.t-d.se *.stratsys.se *.stratsys.com; prefetch-src 'self' https://*.t-d.se https://*.stratsys.com/; 1
frame-ancestors https://*.smartrecruiters.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-2JCQD-KRlDkK09iqVyeVdg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' prognos.matomo.cloud; 1
default-src 'self' https://pfq-static.com https://checkout.stripe.com;img-src https: data:;style-src 'self' https://pfq-static.com 'unsafe-inline';connect-src 'self' https://api.stripe.com https://stats.moons.bio;frame-src 'self' https://www.youtube.com https://platform.twitter.com https://www.facebook.com https://js.stripe.com https://hooks.stripe.com data:;script-src 'self' https://pfq-static.com https://www.google.com https://platform.twitter.com https://js.stripe.com https://stats.moons.bio;font-src https: data: 1
frame-ancestors 'self' https://*.earmilk.com https://earmilk.com; 1
default-src 'none';                 img-src blob: 'self' 			https://*.hubspot.com 			https://*.hsforms.com                         https://*.hs-sites-eu1.com 			https://*.hubspotusercontent-eu1.net 			https://media.hicandidate.com 			https://*.linkedin.com 			https://*.karriere-suedwestfalen.de 			https://*.karriere-bergisches-land.de 			https://*.karriere-mittelhessen.de 			https://*.karriere-hamburg.de 			https://*.karriere-bremen.de 			https://*.karriere-metropole-ruhr.de 			https://*.karriere-in-nordhessen.de 			https://*.karriere-suedniedersachsen.de 			https://*.karriereportal-owl.de 			https://*.ontavio.de 			https://*.hashtag-ausbildung.de 			https://www.facebook.com 			https://*.google-analytics.com 			https://*.googleapis.com 			https://stats.g.doubleclick.net 			https://googleads.g.doubleclick.net 			https://*.google.com 			https://*.google.de 			https://maps.gstatic.com 			https://*.doku.works 			https://doku.works 			https://www.salesviewer.com 			https://salesviewer.org 			https://*.openstreetmap.org 			data:;                 media-src blob: 'self'                         https://*.hs-sites-eu1.com 			https://media.hicandidate.com 			https://*.karriere-suedwestfalen.de                         https://*.karriere-bergisches-land.de                         https://*.karriere-mittelhessen.de                         https://*.karriere-hamburg.de                         https://*.karriere-bremen.de                         https://*.karriere-metropole-ruhr.de                         https://*.karriere-in-nordhessen.de                         https://*.karriere-suedniedersachsen.de                         https://*.karriereportal-owl.de 			https://*.ontavio.de 			https://*.youtube.com;                 frame-src 'self' 			https://www.facebook.com 			https://*.youtube.com;                 script-src 'self' 			'unsafe-inline' 			'unsafe-eval'                         https://*.hs-sites-eu1.com 			https://*.hsappstatic.net 			https://*.hubspot.net 			https://*.hscollectedforms.net 			https://*.hs-banner.com 			https://*.hs-analytics.net 			https://*.hs-scripts.com 			https://*.licdn.com 			https://connect.facebook.net 			https://*.facebook.com 			https://*.ontavio.de 			https://www.googletagmanager.com 			https://googletagmanager.com 			https://*.google.com 			https://www.googleadservices.com 			https://*.googleapis.com 			https://*.google-analytics.com                         https://maps.google.de                         https://www.salesviewer.com                         https://salesviewer.org 			https://cdn.elbwalker.com;                 style-src 'self' 			'unsafe-inline'                         https://*.hs-sites-eu1.com 			https://*.hubspot.net 			https://*.hubspotusercontent-eu1.net 			https://*.ontavio.de 			https://*.googleapis.com;                 font-src 'self'                         https://*.hs-sites-eu1.com 			https://*.hubspotusercontent-eu1.net 			https://*.ontavio.de 			https://*.googleapis.com 			https://fonts.gstatic.com;                 connect-src 'self'                         https://*.hs-sites-eu1.com 			https://*.hubspot.com 			https://*.hscollectedforms.net                         https://*.linkedin.com 			https://*.linkedin.oribi.io 			https://*.karriere-suedwestfalen.de 			https://www.facebook.com 			https://stats.g.doubleclick.net 			https://*.google.com 			https://*.google-analytics.com 			https://*.googleapis.com                         https://www.googletagmanager.com                         https://googletagmanager.com                         https://connect.facebook.net 			https://salesviewer.org 			https://*.salesviewer.com 			blob:;                 base-uri 'self';                 object-src 'self'; 1
frame-ancestors 'self' postale.io 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-3MYoj/43OJ0VYPPDk44Wpn31J0Qg51p/bYP3lVF1gtxXEAj1' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';  upgrade-insecure-requests;  object-src 'none';  base-uri 'none';  connect-src 'self' https: ;  font-src 'self' data: https: ;  form-action 'self' https://hanayashiki.movabletype.io;  frame-ancestors 'self';  frame-src 'self' https: ;  img-src 'self' data: https: ;  media-src 'self'     www.youtube.com   ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ;  script-src-attr 'self' 'unsafe-inline';  script-src-elem 'self' 'unsafe-inline' https: ;  style-src 'self' 'unsafe-inline' https: ;  style-src-attr 'self' 'unsafe-inline';  style-src-elem 'self' 'unsafe-inline' https: ; 1
"default-src 'self'; font-src *;img-src * data:; script-src *; style-src *;" 1
base-uri 'self'; child-src blob:; connect-src 'self' * blob:; default-src 'none'; font-src 'self' * data:; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.addthis.com *.fls.doubleclick.net http://*.fls.doubleclick.net http://gleam.io https://gleam.io https://privacy-central.securiti.ai https://spellingbee.com https://td.doubleclick.net https://www.googletagmanager.com; img-src 'self' * about: blob: data:; manifest-src 'self'; media-src * blob: data:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub76ded8377f7502c3dcedbac113428770&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=env:iontv-staging; script-src 'self' 'unsafe-eval' 'unsafe-inline' * blob: data:; style-src 'self' 'unsafe-inline' * data:; worker-src 'self' blob: 1
upgrade-insecure-requests; frame-src 'self' forms.hsforms.com vars.hotjar.com w.recruiterbox.com app.recruiterbox.com vimeo.com youtu.be youtube.com www.youtube.com www.google.com player.vimeo.com bid.g.doubleclick.net www.facebook.com cdn.knightlab.com; frame-ancestors 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://polyfill.io https://www.googletagmanager.com https://static.hotjar.com https://www.google-analytics.com https://connect.facebook.net https://script.hotjar.com https://embedsocial.com https://tagmanager.google.com https://www.autouncle.se https://optimize.google.com https://wds.callguide.telia.com https://wds.ace.teliacompany.com https://holmgrens-bil.humany.net https://holmgrensbil.cust.se.phyron.com https://holmgrensweb.azureedge.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://cdn.tiny.cloud https://snap.licdn.com https://chimpstatic.com https://downloads.mailchimp.com https://*.list-manage.com https://www.googleoptimize.com https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se https://sfxway.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com;object-src 'self';style-src 'self' 'unsafe-inline' https://embedsocial.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://wds.callguide.telia.com https://wds.ace.teliacompany.com https://holmgrens-bil.humany.net https://assets.autouncle.com https://cdn.tiny.cloud https://cdn-images.mailchimp.com https://holmgrensweb.azureedge.net https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se;img-src 'self' https://static.holmgrensbil.se data: https://maps.googleapis.com https://www.google-analytics.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.com https://www.google.se https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com http://kabeadriacenter.se https://wds.callguide.telia.com https://wds.ace.teliacompany.com https://api.eontyre.com http://api.eontyre.com https://assets.autouncle.com https://holmgrensbil.cust.se.phyron.com https://holmgrensstatic.azureedge.net https://holmgrensweb.azureedge.net https://fonts.gstatic.com https://sp.tinymce.com https://px.ads.linkedin.com https://www.linkedin.com https://script.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://holmgrensbilstatic-bthzafckcacxejdm.z01.azurefd.net https://staticcdn.holmgrensbil.se https://cdn.holmgrensbil.se https://*.googleusercontent.com https://imgsct.cookiebot.com https://dev.visualwebsiteoptimizer.com https://cdn.visualwebsiteoptimizer.com;media-src 'self' https://wds.ace.teliacompany.com https://holmgrensbil.cust.se.phyron.com https://holmgrensweb.azureedge.net https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se;frame-src 'self' https://www.gaello.se https://vars.hotjar.com https://skadebesiktning.cab.se https://embedsocial.com https://www.autouncle.se https://optimize.google.com https://www.google.com https://omnitest.resurs.com https://www.powr.io https://www.youtube.com https://kabeadriacenter.kamafritid.se https://boka.se https://www.facebook.com https://wds.ace.teliacompany.com https://mozbar.moz.com https://consentcdn.cookiebot.com https://c1.adform.net https://holmgrensweb.azureedge.net https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se;font-src 'self' https://fonts.gstatic.com https://secure.ecster.se https://holmgrens-bil.humany.net https://holmgrensbil.cust.se.phyron.com https://script.hotjar.com https://holmgrensweb.azureedge.net https://holmgrensweb-hwchezh3hsakbyh4.z01.azurefd.net https://cdn.holmgrensbil.se;connect-src 'self' https://haapi.holmgrensbil.se https://fordon.holmgrensbil.se https://imageupload.holmgrensbil.se https://sessions.bugsnag.com https://notify.bugsnag.com https://in.hotjar.com https://vc.hotjar.io https://www.google-analytics.com https://cgchat.callguide.telia.com https://www.facebook.com https://chat.ace.teliacompany.com https://production.depict-api.com https://holmgrens-bil.humany.net https://www.autouncle.se https://holmgrensbil.cust.se.phyron.com http://phyron.com http://app.se.phyron.com https://consentcdn.cookiebot.com https://fordonsapi.azurewebsites.net https://*.hotjar.com wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://*.hotjar.io https://px.ads.linkedin.com https://dev.visualwebsiteoptimizer.com;base-uri 'self' https://optimize.google.com;child-src 'self' blob:;form-action 'self' https://www.facebook.com https://*.list-manage.com;frame-ancestors 'self' https://skadebesiktning.cab.se 1
default-src 'self';style-src 'self' 'unsafe-inline' use.fontawesome.com popin.survey-xact.dk maxcdn.bootstrapcdn.com cdn.jsdelivr.net *.hotjar.com pensjonskassa.containers.piwik.pro;script-src 'self' 'unsafe-eval' 'unsafe-inline' euwa.puzzel.com popin.survey-xact.dk maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.hotjar.com pensjonskassa.containers.piwik.pro analytics.silktide.com;font-src 'self' data: euwa.puzzel.com use.fontawesome.com dhm5hy2vn8l0l.cloudfront.net *.hotjar.com pensjonskassa.containers.piwik.pro;frame-src 'self' www.survey-xact.no *.hotjar.com pensjonskassa.piwik.pro;img-src 'self' data: ssl.gstatic.com www.gstatic.com www.survey-xact.no popin.survey-xact.dk *.hotjar.com pensjonskassa.containers.piwik.pro;connect-src 'self' *.puzzel.com *.hotjar.com *.hotjar.io wss://*.hotjar.com pensjonskassa.piwik.pro pensjonskassa.containers.piwik.pro a.eu.silktide.com; 1
default-src 'self'; media-src https://*.amazonaws.com/stage.iap.static/ https://iappublicfilestoragelive.blob.core.windows.net/; img-src * data: https://magix.containers.piwik.pro https://magix.piwik.pro; script-src 'self' https://*.dynamicyield.com/ https://www.google-analytics.com/ 'sha256-kfxO7WVMRNMq7PDT0hFqH4U0oMzftgNJuHQz/57HMN0=' https://www.googletagmanager.com/ http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://cdn.cookielaw.org https://*.onetrust.com 'sha256-MxBqpc2lhC7z+pafIKNCk/QGD4RH2NFwCuBMu4HsksY=' https://magix.containers.piwik.pro https://magix.piwik.pro 'nonce-ZGt5Qt7TOVyrgIn9A3JAMGlxmQc='; style-src 'self' 'unsafe-inline' https://magix.containers.piwik.pro https://magix.piwik.pro; frame-src https://www.googletagmanager.com/ https://checkout.producerplanet.com/ https://vars.hotjar.com https://api.magix-iap.com; connect-src 'self' https://www.google-analytics.com/ http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net/ https://cdn.cookielaw.org https://*.onetrust.com 'sha256-MxBqpc2lhC7z+pafIKNCk/QGD4RH2NFwCuBMu4HsksY=' https://magix.containers.piwik.pro https://magix.piwik.pro; font-src 'self' http://script.hotjar.com https://script.hotjar.com https://magix.containers.piwik.pro https://magix.piwik.pro 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:  24703.online-adventskalender.de *.arbeitsagentur.de *.assono.de *.b-ite.com *.betterplace.org *.bitkomplex.de *.bright-guide.de *.canto.global *.cdn.office.net *.cloudfront.net *.cookiebot.com *.cookiebot.eu *.dvinci-hr.com *.easy-feedback.com *.etracker.com *.etracker.de *.eu-west-1.playback.live-video.net *.exmap.de *.facebook.com *.flickr.com *.fontawesome.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.gstatic.com *.haffhus.de *.highcharts.com *.hk24.de *.ihk-baustellen-portal.de *.ihk.de *.ihk24.de *.jobcluster.de *.lineupr.com *.linkedin-ei.com *.linkedin.com *.mateforevents.com *.microsoft.com *.multipage.online *.newsletter2go.com *.office.com *.office365.com *.openstreetmap.org *.podigee-cdn.net *.podigee.io *.signalize.com *.spotify.com *.staticflickr.com *.stream24.net *.sweap.io  *.thinglink.com *.thinglink.me *.twimg.com *.twitch.tv *.twitter.com *.unikam.de *.usercentrics.eu *.userlike.com *.vimeo.com *.wahlplus.de *.walls.io *.webstream.eu *.xing-events.com *.youstreamit.de *.youtube.com api-baustellenportal.sylphen.com api.mapbox.com app.cituro.com app.powr.io app.sli.do auskunft.nvv.de baustellennavi.de bc.pressmatrix.com berufsausbildung-aachen-ihk.de bluecard-eu.de branchenpuls.odis-berlin.de cdn.contentful.com cdn.doo.net/assets/js/viovendi-embed-static-1.js cdn.podigee.com cdn.podlove.org cdnjs.cloudflare.com chat.gr-apps.de code.createjs.com code.jquery.com/jquery-3.1.1.min.js code.jquery.com/jquery-3.4.1.min.js connect.facebook.net consentcdn.cookiebot.com corona.conterra.de covid19.webtvcampus.de cta.ihk.i40.de datawrapper.dwcdn.net dbaw.specials-bahn.de detmold.ihk-beitragsrechner.de dihk.imageplant.de doo.net e.issuu.com e.video-cdn.net easy-feedback.com easy-feedback.de editor.signavio.com embed.nexx.cloud eoa2.bildung1.gfi.ihk.de events-to-impress.activehosted.com expertenpool.automatisierungsregion.de fahrinfo.vbb.de geometro-cockpit.com geometro-cockpit.de geoportal-hamburg.de geoportal.metropolregion.hamburg.de gwatch.events haffhus.s3.eu-central-1.amazonaws.com handelskammer-bremen.appointmind.net heimatshoppen.ihk-industrie-treffpunkt.de hk24.sharepoint.com html5-player.libsyn.com iframe.wvd-portfolio.de ihk-ar.ycms.rocks ihk-baustellen-portal.de:5555 ihk-berlin-meetings.webex.com ihk-darmstadt-portal.rexx-recruitment.com ihk-essen.jobs.personio.de ihk-hl.gr-live.de ihk-kassel.perbit-job.de ihk-wahl.info ihk-weiterbildung-oldenburg.de ihk-zu-dortmund-1.jobs.personio.de ihk.selbstdenker.com ihk24.omq.de ihk24.omq.io ihknw.pi-asp.de ihkob.wekando.eu imagemarker.com ims-files-cdn.net infographic.statista.com isi.hdb-hamburg.de jobs.ihk-niederrhein.de jsfiddle.net komsis.inecos.de kvg-kassel.widget-generator.de link.webropolsurveys.com live.c3networking.de livestream.kemweb.de livestream.watch/vp/nachhaltigkeitsdialog.html login.microsoftonline.com mailto: maps2.sylphen.com matomo.rexx-systems.commatomo.js maxcdn.bootstrapcdn.com media.graphassets.com media.graphcms.com media.video.taxi mediathek.ihk-gfi.de mukihk24.z6.web.core.windows.net my.immobilienfotograf-berlin.com my.tikee.io myjobboard.de n873043.websitebuilder.online pam.ihk-schleswig-holstein.de playout.3qsdn.com plugins.flockler.com rh1.chatmodul.de roundme.com routenplaner.bus-bahn-thueringen.de s2survey.net s3.fraunhofer.de service.tecintelli.de share.ihkzuschwerin.de  smart.ihk-berlin.de standortfinder.rlp.de start.video-stream-hosting.de static-exp1.licdn.com static.dvinci-easy.com stats.g.doubleclick.net streaming.sendewerk.berlin tecintelli-static-ttl.obs.eu-de.otc.t-systems.com/ tel: tuerchen.com umap.openstreetmap.fr userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com vstdbv3 w.soundcloud.com walls.io web.inxmail.com widget.taggbox.com wms02.exmap.de wss://chat.userlike.com/chat/ wss://umd.userlike.com/umd/ www.aufstiegs-bafoeg.de www.bahn.de www.berufe.tv www.branchenpuls.berlin www.bso-hessen.de www.econda-monitor.de www.etermin.net www.eventbrite.de www.finest-jobs.com www.forschungsfinder-hessen.de www.gatewatch.eu www.giu-kalender.org www.google.analytics.com www.googletagmanager.com www.handelskammer-bremen.de www.hvv.de www.ihk-arbeitsgemeinschaft-rlp.de www.ihk-berlin.de www.ihk-berlin.org www.ihk-bw.digital www.ihk-ecofinder.de www.ihk-gfi.de www.ihk-koblenz.de www.ihk-lehrstellenboerse.de www.ihk-lueneburg.de www.ihk-magdeburg.de www.ihk-ostbrandenburg.de www.ihk-praktikumsportal.de www.ihk-rlp.de www.ihk-wiesbaden.de www.ihkac-anwendungen.de www.inno-vet.de www.instagram.com www.iwd.de www.kandidatenmanagement.de www.leg-thueringen.de www.media42day.com www.menti.com www.mint-in-hessen.de www.onlinebewerbungsserver.de www.plattform-i40.de www.powr.io www.praktikum.info www.rmv.de www.terminland.de www.tfaforms.com www.total-lokal.de www.tvo.de www.vvs.de www.youtube-nocookie.com zukunftsdialog-fachkraefte.berlin zukunftsforum-wirksame-bildung.de  ;  report-uri /blueprint/servlet/csplogging/logViolation ; 1
default-src 'self' blob: https://www.youtube-nocookie.com https://www.googletagmanager.com https://identity.netlify.com/ https://*.wistia.net https://*.wistia.com https://*.litix.io https://*.unicomengineering.com;connect-src 'self' blob: 'unsafe-inline' https://www.youtube-nocookie.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://*.gstatic.com https://www.googletagmanager.com https://consent.cookie-script.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com *.google-analytics.com *.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io *.linkedin.com https://munchkin.marketo.net https://stats.sa-as.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://rtp-static.marketo.com https://221-vvo-216.mktoresp.com https://sjrtp3.marketo.com https://fonts.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://script.google.com  https://script.googleusercontent.com https://platform-cdn.sharethis.com https://l.sharethis.com https://identity.netlify.com https://stellar-tarsier-ae2b48.netlify.app *.cloudfront.net https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.litix.io https://*.unicomengineering.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;font-src 'self' data: https://www.youtube-nocookie.com https://fonts.gstatic.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com *.cloudfront.net https://*.wistia.net https://*.wistia.com https://*.unicomengineering.com;frame-src 'self' https://c.sharethis.mgr.consensu.org www.google.com/recaptcha/ https://www.youtube-nocookie.com https://www.facebook.com https://fast.wistia.net https://fast.wistia.com https://*.unicomengineering.com;img-src 'self' blob: data: https://platform-cdn.sharethis.com https://www.googletagmanager.com https://cdn.cookie-script.com https://www.google-analytics.com https://fonts.gstatic.com https://www.google.co.uk https://www.google.com *.google.com https://www.facebook.com https://connect.facebook.net https://stats.sa-as.com https://www.linkedin.com https://*.linkedin.com https://www.facebook.com https://i.ytimg.com https://maps.gstatic.com https://l.sharethis.com *.cloudfront.net images.ctfassets.net *.googleapis.com *.ggpht https://*.wistia.net https://*.wistia.com https://embedwistia-a.akamaihd.net *.unicomengineering.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;object-src 'self' 'unsafe-inline' data: https://www.netlify.com https://identity.netlify.com assets.ctfassets.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://cdn.cookie-script.com https://geo.cookie-script.com https://www.google-analytics.com *.google.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com https://script.google.com  https://script.googleusercontent.com https://sjrtp3-cdn.marketo.com https://munchkin.marketo.net *.marketo.com https://stats.sa-as.com https://connect.facebook.net https://www.facebook.com https://snap.licdn.com https://platform-api.sharethis.com https://*.wistia.net https://*.wistia.com https://src.litix.io https://maxcdn.bootstrapcdn.com https://identity.netlify.com https://*.unicomengineering.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://cdn.cookie-script.com https://rtp-static.marketo.com https://stellar-tarsier-ae2b48.netlify.app *.fontawesome.com *.cloudfront.net https://fast.wistia.net https://fast.wistia.com https://maxcdn.bootstrapcdn.com https://*.unicomengineering.com;manifest-src 'self'  https://stellar-tarsier-ae2b48.netlify.app  https://*.unicomengineering.com 1
frame-ancestors 'self' https://*.aainsurance.co.nz https://app.contentful.com; 1
default-src 'self' edge.curalate.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.berlei.com.au; 1
default-src 'none'; media-src 'self' https://site.danestreet.com; img-src 'self' data: https://*.usefathom.com; script-src 'nonce-3FJkUGX9znCjol' 'unsafe-inline' 'strict-dynamic' https://cdn.usefathom.com/script.js; font-src 'self' data: ; style-src 'self' 'nonce-3FJkUGX9znCjol'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; connect-src https://1s2hmt47uj.execute-api.us-west-2.amazonaws.com https://*.usefathom.com; 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com ;img-src 'self' data: blob: https://ps.w.org https://s.w.org https://*.hormel.com https://secure.gravatar.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://i.ytimg.com https://cdn.cpnscdn.com https://res.cloudinary.com https://www.googletagmanager.com https://*.cloudfront.net https://advantage.iriworldwide.com https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://www.google-analytics.com https://l.sharethis.com https://*.google.com https://*.bing.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://www.google-analytics.com https://www.youtube.com https://*.salesforceliveagent.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://mpsnare.iesnare.com https://static.hotjar.com https://*.cloudfront.net https://*.peanutbutter.com https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.cloudflare.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://ws.sharethis.com https://connect.facebook.net https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com ;style-src 'self' 'unsafe-inline' https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://*.bugherd.com https://*.hormel.com https://*.hormelfoods.com https://*.cloudfront.net https://*.powerreviews.com https://cdn.pricespider.com https://*.googleapis.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com ;connect-src 'self' wss://ws-mt1.pusher.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://hormelchat.secure.force.com https://*.doubleclick.net https://www.google-analytics.com https://productlocator.iriworldwide.com https://*.pusher.com wss://*.pusherapp.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://sessions.bugsnag.com https://cdnjs.cloudflare.com https://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://www.google-analytics.com https://*.pinterest.com https://www.googletagmanager.com https://l.sharethis.com ;frame-src 'self' https://widgets.wp.com https://service.force.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net 1
script-src 'self' https://www.googletagmanager.com https://*.monsido.com https://*.cludo.com https://*.hotjar.com https://action.dstillery.com https://apply.caspercollege.edu https://apply-caspercollege-edu.cdn.technolutions.net https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://connect.facebook.net https://mx.technolutions.net https://action.media6degrees.com https://25livepub.collegenet.com https://caspercollege.summon.serialssolutions.com https://caspercollege.libcal.com https://static-cdn.summon.serialssolutions.com https://cdnjs.cloudflare.com https://www.jobwise.com https://connect.jobwise.com https://api-us1.cludo.com https://cdn-cookieyes.com/ 'unsafe-inline' 'unsafe-eval' blob: 1
frame-ancestors 'self' *.salaun-holidays.com *.kameleoon.com 1
default-src     'self' ; img-src         'self' data: https://*.pxia.de https://www.ibsf.org https://ip-172-26-6-198 https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.google.de https://i.ytimg.com https://*.facebook.com https://*.flickr.com https://*.cookiebot.com;  script-src      'self' 'unsafe-inline' 'unsafe-eval' https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.bootstrapcdn.com https://*.pxia.de https://ip-172-26-6-198 https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.google.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.facebook.net https://*.addthis.com https://*.moatads.com https://stats.g.doubleclick.net https://*.cloudflare.com;  script-src-elem 'self' 'unsafe-inline'  https://www.google-analytics.com/analytics.js https://*.bootstrapcdn.com https://fonts.googleapis.com/css/ https://*.google.com https://consent.cookiebot.com https://www.googletagmanager.com https://consentcdn.cookiebot.com https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://polyfill.io https://maps.googleapis.com https://*.facebook.net https://*.addthis.com https://*.moatads.com https://stats.g.doubleclick.net https://v1.addthisedge.com https://*.cloudflare.com;  style-src       'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com;  font-src        'self' data: https://*.googleapis.com https://*.gstatic.com https://*.bootstrapcdn.com;  frame-src       'self' https://*.cookiebot.com https://*.google.com https://*.youtube-nocookie.com https://*.youtube.com https://youtube.com https://i.ytimg.com https://*.facebook.com https://*.addthis.com https://*.sportresult.com;  worker-src       data: blob: 'unsafe-eval' 'unsafe-inline';  object-src      'self' ;  connect-src     'self' https://*.google-analytics.com https://*.googleapis.com https://*.cookiebot.com *.addthis.com;  1
default-src 'self';connect-src 'self' https: https://*.stripe.com https://*.ilek.tech https://*.ilek.fr https://*.herokuapp.com/api https://cdn.lr-in-prod.com https://cdn.rudderlabs.com https://api.rudderlabs.com https://ilekdataycos.dataplane.rudderstack.com https://cdn.segment.com https://api.segment.io https://*.cloudfront.net/ https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io/ wss://nexus-websocket-a.intercom.io/ https://uploads.intercomcdn.com https://www.google.com/pagead/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://region1.google-analytics.com/ https://lm.serving-sys.com/ https://bs.serving-sys.com/ https://secure-ds.serving-sys.com/ wss://*.hotjar.com https://api.privacy-center.org/v1/events;form-action 'self' https://www.facebook.com https://*.helpdocs.io/;frame-src 'self' https://*.stripe.com https://gum.criteo.com/ https://vars.hotjar.com/ https://intercom-sheets.com https://www.intercom-reporting.com https://player.vimeo.com https://fast.wistia.net https://player.ausha.co https://*.dailymotion.com https://www.youtube.com https://www.facebook.com https://airtable.com/ https://*.gist.build https://*.cloudfront.net/;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: https://*.cloudfront.net/ https://*.stripe.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://cdn.rudderlabs.com https://api.rudderlabs.com https://ilekdataycos.dataplane.rudderstack.com https://cdn.segment.com https://api.segment.io https://cdn.lr-in-prod.com https://*.ilek.tech https://*.ilek.fr https://*.herokuapp.com/api https://lm.serving-sys.com/ https://bs.serving-sys.com/ https://secure-ds.serving-sys.com/ https://static.criteo.net/ https://sslwidget.criteo.net/ https://sslwidget.criteo.com/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com wss://ws18.hotjar.com https://sdk.privacy-center.org https://cdn.ravenjs.com https://widget.trustpilot.com https://u.logbor.com/ https://snap.licdn.com/ https://bat.bing.com/ https://www.clarity.ms/;media-src https://*.cloudfront.net/ https://ilek.s3.eu-central-1.amazonaws.com/ https://js.intercomcdn.com/;img-src 'self' data: https: https://*.cloudfront.net/ https://*.stripe.com https://purecatamphetamine.github.io https://ilek.s3.eu-central-1.amazonaws.com/ https://pubads.g.doubleclick.net/ https://px.ads.linkedin.com/ https://bat.bing.com/ https://www.facebook.com https://s.thebrighttag.com https://beacon.krxd.net https://dpm.demdex.net https://r.casalemedia.com https://dis.criteo.com/ https://ups.analytics.yahoo.com https://ad.360yield.com https://ib.adnxs.com https://x.bidswitch.net https://cm.g.doubleclick.net https://ad.yieldlab.net https://sync-t1.taboola.com https://match.sharethrough.com https://pixel.rubiconproject.com https://sync.outbrain.com https://exchange.mediavine.com https://sync-criteo.ads.yieldmo.com https://criteo-partners.tremorhub.com https://visitor.omnitagjs.com https://eb2.3lift.com https://criteo-sync.teads.tv https://rtb-csync.smartadserver.com https://simage2.pubmatic.com https://contextual.media.net https://matching.ivitrack.com https://cm.adform.net;font-src 'self' https://*.ilek.fr data: https://*.cloudfront.net/ https://fonts.googleapis.com https://fonts.gstatic.com https://*.intercomcdn.com/ https://*.helpdocs.io/;style-src 'self' https: https://*.cloudfront.net/ 'unsafe-inline';manifest-src 'self' https: https://*.cloudfront.net/ 'unsafe-inline';script-src-attr 'unsafe-inline';base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://manage.lightwaveonline.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'self' feed.pghub.io pandg.tapad.com ; font-src 'self' https: data: feed.pghub.io pandg.tapad.com ; frame-src 'self' https://feed.pghub.io https://www.youtube.com https://consumersupport.pg.com https://*.doubleclick.net https://ct.pinterest.com https://tr.snapchat.com https://*.janraincapture.com https://*.olayskinadvisor.com https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es https://*.google.com www.google-analytics.com https://*.pricespider.com feed.pghub.io pandg.tapad.com ; img-src 'self' data: https://cdn.cookielaw.org https://*.mapbox.com https://*.bazaarvoice.com https://www.google.com https://www.google.pl https://www.google.es https://www.google.ch https://www.google.de https://www.google.nl https://www.google.co.uk https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es https://ct.pinterest.com https://tr.snapchat.com https://googleads.g.doubleclick.net https://*.janraincapture.com https://*.olayskinadvisor.com images.ctfassets.net pixel.tapad.com www.googletagmanager.com www.google-analytics.com https://*.pricespider.com https://www.mapbox.com https://cdn.rpxnow.com https://c.lytics.io https://www.facebook.com https://*.amazon-adsystem.com https://*.facebook.net/ feed.pghub.io pandg.tapad.com ; object-src 'none' feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://*.pricespider.com https://*.mapbox.com https://script.crazyegg.com https://quilt-cdn.janrain.com https://c.lytics.io feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.facebook.net/ https://*.iesnare.com/ https://*.bazaarvoice.com https://*.segment.com https://*.mapbox.com https://*.pricespider.com https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://code.jquery.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.criteo.com https://static.criteo.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.pinimg.com https://ct.pinterest.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://js.adsrvr.org https://d.impactradius-event.com https://static.ads-twitter.com https://analytics.twitter.com https://pghub.io https://analytics.tiktok.com https://*.ibytedtos.com https://*.contentsquare.net https://app.contentsquare.com https://rpxnow.com https://*.janraincapture.com https://*.olayskinadvisor.com https://skinadvisor.olay.de https://skinadvisor.olay.nl https://skinadvisor.olay.es https://script.crazyegg.com https://widget-cdn.rpxnow.com https://*.cloudfront.net https://c.lytics.io feed.pghub.io pandg.tapad.com ; upgrade-insecure-requests  ; worker-src 'self' blob: feed.pghub.io pandg.tapad.com ; 1
default-src 'self' blob: data: https://sponsor.ajay.app https://*.googlevideo.com https://*.viewtube.io;script-src 'self' blob: https: 'unsafe-eval' https: 'unsafe-inline';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' http: https: 'strict-dynamic' 'sha256-XXdWM2WyPnxdbGkabhd+Z0MHKdvjaIHjYBIqwpQQv9E=' 'sha256-R/CAGqFl6mgfyijXO4RVSoiPYelEM4FX6oiLbfIAhQ8=' 'sha256-Z/J+GXilQFq6xrxWRqMxEnjc9k+nD3SWlIhWtr/920o=' 'sha256-eaRhvxD1NyP8b9GsCnJn4shBsc7mJmqH8vusmC6VJrs=' 'sha256-lntt6xwZpMVJD8VYW4eiAJ6xx2lnIJitf2UHpoGi0r4=' 'sha256-YfZRyQd1DeM1+7UcjGLpUlUpKJ/hAkBYcWCyyvRrzkw=' 'sha256-AGZmDMMp+jT1NCDwlGc2D7bxe2CJb700oPJ8jdMJ2AY=' 'sha256-1sZguCtSp6ti/aLLwVKzJcG2spTkmD+dhuR3xQlP4ps=' 'sha256-82xl7qHKH9lk6xHzcBzhMl0aAp5Fk/4ZXTIX04k9xGw=' 'sha256-bc0LhfkbSYaEe5mHLTEjesHmOTlHza/BbqxplnGV6Pw=' 'sha256-MkAmvDBlVwfQ+jrWZuqQd4TmRPa0m83PajZ/HzpWm6Y=' 'sha256-Z/t/BIMaLjizflJUbtyDXwjEAvBAy2E25xzCRtAmEFg=' 'sha256-IvePtD10kk8DeRtzeIDNWUDtgB+kA3gIJUccfguNWYk=' 'sha256-HfPhlS3ijO85KB6uXrhlnczNd/um/MwHWUp8dLX8dCw=' 'sha256-9h0lT7bfCrx99Puwwjo4q+CfsFS5Al2YZbMI9FUA5M8=' 'sha256-JI1IJAIai8OGsBKK1Y9vCzqw6pfkLU+02xC3znqtuXY=' 'sha256-8u0NaiVgjCtyAqp5jWQI2NHNuQarRJykrYTIJPZ6+jg=' 'sha256-xbQmtG6w61ivvPsp1j2ylmBFe7I7x0BpkKvhBHZcJII='; style-src 'self' https: http: 'unsafe-inline'; font-src 'self' https: http:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com *.waze.com wac-stg.sandbox.google.com *.wikipedia.org clouderrorreporting.googleapis.com; frame-src 'self' bid.g.doubleclick.net www.googletagmanager.com www.gcp.wazestg.com www.waze.com; object-src 'none'; base-uri 'self'; default-src 'self'; img-src 'self' data: https: http: data:; report-uri https://csp.withgoogle.com/csp/wazelivemap/20240514_experiment 1
frame-ancestors 'self' https://dev07-eu01-debeers.demandware.net/ https://demo-eu01-debeers.demandware.net/ *.debeers.co.uk *.debeers.com *.debeers.com.cn *.debeers.fr *.debeers.ca *.debeers.hk *.debeers.tw debeers.ca debeers.co.uk debeers.com debeers.fr debeers.hk debeers.tw debeers.com.cn; 1
frame-ancestors 'self' https://resources.johncrane.com; 1
default-src 'self' https://designsystem.sakon.com; script-src  'self' 'unsafe-inline' https://google-analytics.com  https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://google-analytics.com https://ajax.googleapis.com https://www.googletagmanager.com https://popups.landingi.com https://hubspot.clearbit.com https://code.jquery.com https://j.6sc.co https://js.hsforms.net https://app.hubspot.com https://connect.facebook.net https://js.hsleadflows.net https://scout-cdn.salesloft.com https://static.hsappstatic.net https://bat.bing.com https://snap.licdn.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://js.usemessages.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.gartner.com https://polyfill.io https://cdnjs.cloudflare.com https://www.youtube.com https://platform.twitter.com https://cdn.jsdelivr.net https://getbootstrap.com https://7528309.fs1.hubspotusercontent-na1.net https://7528304.fs1.hubspotusercontent-na1.net https://platform.linkedin.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gartner.com https://stackpath.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://static.hsappstatic.net; img-src 'self' https://px4.ads.linkedin.com https://forms.hsforms.com https://b.6sc.co https://info.sakon.com https://forms-na1.hsforms.com https://bat.bing.com https://px.ads.linkedin.com https://track.hubspot.com https://www.facebook.com https://www.google.co.in https://www.google.com https://www.googletagmanager.com https://5890945.fs1.hubspotusercontent-na1.net https://img.youtube.com https://i.ytimg.com https://designsystem.sakon.com https://reviews.static.gartner.com https://7528302.fs1.hubspotusercontent-na1.net https://7528304.fs1.hubspotusercontent-na1.net https://7528315.fs1.hubspotusercontent-na1.net https://7528315.fs1.hubspotusercontent-na1.net https://no-cache.hubspot.com https://static.hsappstatic.net https://www.linkedin.com; font-src 'self' data: https://fonts.gstatic.com https://5890945.fs1.hubspotusercontent-na1.net https://www.gartner.com https://stackpath.bootstrapcdn.com; frame-src https://www.youtube.com https://td.doubleclick.net https://www.gartner.com https://meetings.hubspot.com https://platform.twitter.com https://5890945.fs1.hubspotusercontent-na1.net; connect-src 'self' quantumsemicon.com https://www.facebook.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://ipv6.6sc.co https://c.6sc.co https://forms.hubspot.com https://js.hs-banner.com https://forms.hscollectedforms.net https://scout.salesloft.com https://bat.bing.com https://www.google.com https://analytics.google.com https://stats.g.doubleclick.net https://api.hubapi.com https://googleads.g.doubleclick.net https://www.google.co.in https://api.lever.co https://px.ads.linkedin.com https://cta-service-cms2.hubspot.com https://adservice.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://cp.hubspot.com http://localhost:1442 https://app.hubspot.com;object-src 'none';; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.typekit.net https://cdn.jsdelivr.net https://*.marketo.com https://*.tawk.to https://script.crazyegg.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://snap.licdn.com https://*.hotjar.com https://munchkin.marketo.net https://scout-cdn.salesloft.com https://trk.techtarget.com https://www.influ2.com https://*.clarity.ms https://sfc.leadspace.com https://analytics.google.com https://ibc-flow.techtarget.com https://stats.g.doubleclick.net ttps://638-qkl-150.mktoresp.com https://t.influ2.com https://*.6sc.co https://epsilon.6sense.com https://px.ads.linkedin.com https://secure.adnxs.com https://www.google.com https://638-qkl-150.mktoresp.com https://sfgw.leadspace.com https://js.zi-scripts.com https://fonts.gstatic.com https://fonts.googleapis.com https://td.doubleclick.net https://www.clarity.ms wss://*.tawk.to https://info.processunity.com blob: https://*.wistia.com https://*.stripe.com https://*.zoominfo.com https://*.lever.co https://epsilon-globalaccelerator.6sense.com https://epsilon-cloudfront.6sense.com https://*.driftt.com https://*.salesloft.com https://*.drift.com https://*.wistia.net https://dev.visualwebsiteoptimizer.com wss://*.hotjar.com https://*.hotjar.io https://www.youtube.com https://www.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://script.crazyegg.com https://www.googletagmanager.com https://app-ab07.marketo.com https://*.tawk.to https://cdn.jsdelivr.net https://www.google-analytics.com https://googleads.g.doubleclick.net https://snap.licdn.com https://*.marketo.net https://scout-cdn.salesloft.com https://*.techtarget.com https://www.influ2.com https://www.clarity.ms https://*.6sc.co https://*.hotjar.com https://*.leadspace.com https://*.zi-scripts.com https://*.wistia.com https://info.processunity.com blob: https://*.visualwebsiteoptimizer.com https://*.stripe.com https://andreasmb.github.io https://*.drift.com https://*.driftt.com https://*.wistia.net; img-src 'self' data: https://www.google.com https://px.ads.linkedin.com https://*.6sc.co https://www.google-analytics.com https://www.google.com.ar https://*.wistia.com blob: https://dev.visualwebsiteoptimizer.com https://*.wistia.net https://www.googletagmanager.com https://*.clarity.ms https://c.bing.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com; object-src 'none' ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://is-a.cat; img-src 'self' data: blob: https://is-a.cat https://is-a.cat/system/; style-src 'self' https://is-a.cat 'nonce-G2Zi1upshuvHTZAnBne8Bw=='; media-src 'self' data: https://is-a.cat https://is-a.cat/system/; frame-src 'self' https:; manifest-src 'self' https://is-a.cat; form-action 'self'; child-src 'self' blob: https://is-a.cat; worker-src 'self' blob: https://is-a.cat; connect-src 'self' data: blob: https://is-a.cat https://is-a.cat/system/ wss://is-a.cat; script-src 'self' https://is-a.cat 'wasm-unsafe-eval' 1
default-src 'none'; frame-ancestors https://*.dzen.ru https://dzen.ru; connect-src 'self'; script-src 'nonce-0c40230a5615d7c0a81f4d2a2d5eab4a' 'self'; img-src 'self' 1
default-src 'none'; img-src 'self' uploads-ssl.webflow.com; script-src 'self' ajax.googleapis.com d3e54v103j8qbb.cloudfront.net www.googletagmanager.com flowbase.s3-ap-southeast-2.amazonaws.com 'sha256-G8Th/FgKUVHSzcYcwCsqZDp4DxbB3uuou+VpYoVXcYE=' 'sha256-RkNWH1uhgh9cCdS5RfG4e2vgJ6QLJ+c/bRgtJB3+62M=' 'sha256-5Itx2ub/C4ZEeDwiNMMOJF+d1YzBgXYWkNMkSA866Wk=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-G3YTzLSQsz/qQ8iUj1T1dZ0cA7jwIhf0icKBh3hnB/8=' 'sha256-GMwu3tmxCNPN0EVKortGPts6rN9QyDm0WM0Ofdy/5xU=' 'sha256-3WpJZpuJTTPVdVqTf561c2H3tWs/SatVuugdsb/RD1s=' 'sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=' 'sha256-sNOE0XnP7muH3lSE3PASjatR5KCPcFIJ0FexHXUNp9o=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-l32kuTgbhZFV7YL2q1Sv/65m8dy+QzAV1CjPDUML0hE=' 'sha256-D19Ce/HGDqs8jiXuCBdo9AEPFMMYRUZdZhmsNnXz0aA=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-Uhqsg0FxrkcWII28klOFxfL1TW+GWXvDxreIKQecN5s=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-+8XG1SFvZQ9KnM87nVtyBE0rMzbhJDr7KyHnEOx8k98=' 'sha256-GAOOty/x8lJWSqFhKpRnwLWmhYG6MIfKq3d0smTBDPA=' 'sha256-OBa/az5rppbgzmKABv0yaqVIXv83SJSYQj8W4zKNs3Y=' 'sha256-alQkhzRik30p4D42M4x52HUwzK1/HLrcDh9ydLkkoOI='; style-src 'self' www.googletagmanager.com fonts.googleapis.com 'sha256-YouyPT/JXg7oOaocihuM0L2FxOjeIjIfMXNCzxtVVaI=' 'sha256-InzV3AaMTxZMjdArs/PQvg7QVKh9BJGW+SpDiR05dM8=' 'sha256-MFh8Vms2/UD1bP/KYHoVP4yuqXCBKYjfy6vGuzGOyEY=' 'sha256-rXPbZr56nIG/YLWiZqXjQz2wCUSDtDrW0kI46eCdGF0=' 'sha256-LRiihaTHKOtSN5Ua72Hrqca4QNTIcbPrY5lEOljZfyg=' 'sha256-bqgVFAGoMCIH3uPI1x7WULXrgg2i8CUGiR8IDU1plKc=' 'sha256-qsp6oLur8yj8HQHcNzYMiW9JYUWaAU9E8vvN4CHrLlE=' 'sha256-XzESg1MV9xr5LI2DWRrmtnuMCW36kgLO1TH+c7mg42E=' 'sha256-rMyTktBF+XY5xZq7SXRA3vsf0aAV3B4f0EJZ4Bh/xqM=' 'sha256-dgOrRcyTPAZycoXnq4bmXJX2FN76ED0xTRrqGh+2TGc=' 'sha256-FYXEZVMnK7sZ3BEoDTMVB3gRvBU8YuRzruGARw7xJtI=' 'sha256-RkNWH1uhgh9cCdS5RfG4e2vgJ6QLJ+c/bRgtJB3+62M=' 'sha256-o8fpIbA6HCvczFEPWD4Irhums8Qw7cib0sygBDHeYSM=' 'sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=' 'sha256-sNOE0XnP7muH3lSE3PASjatR5KCPcFIJ0FexHXUNp9o=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-D19Ce/HGDqs8jiXuCBdo9AEPFMMYRUZdZhmsNnXz0aA=' 'sha256-ZqhM5xQOj0Og/l+8qEbc5F5YYumTdWvc5mtn7dECFuE=' 'sha256-Uhqsg0FxrkcWII28klOFxfL1TW+GWXvDxreIKQecN5s=' 'sha256-UiXlt9djFx1o7crFtCH7sUqquV6B2BX9ozY9jqs43JE=' 'sha256-tTgjrFAQDNcRW/9ebtwfDewCTgZMFnKpGa9tcHFyvcs=' 'sha256-+8XG1SFvZQ9KnM87nVtyBE0rMzbhJDr7KyHnEOx8k98=' 'sha256-GAOOty/x8lJWSqFhKpRnwLWmhYG6MIfKq3d0smTBDPA=' 'sha256-OBa/az5rppbgzmKABv0yaqVIXv83SJSYQj8W4zKNs3Y=' 'sha256-alQkhzRik30p4D42M4x52HUwzK1/HLrcDh9ydLkkoOI=' 'sha256-l32kuTgbhZFV7YL2q1Sv/65m8dy+QzAV1CjPDUML0hE='; object-src 'none'; font-src 'self' data: fonts.gstatic.com 1
default-src 'self' *.dibufelon.ru https://code.jquery.com data: 'unsafe-inline' *.youtube.com https://yandex.ru https://mc.yandex.ru https://yastatic.net https://ymetrica1.com https://mc.yandex.md *.googleapis.com https://fonts.gstatic.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com https://gum.criteo.com https://fledge.eu.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.contentsquare.net https://analytics.tiktok.com https://ct.pinterest.com https://*.criteo.com https://*.criteo.net; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.myvegan.ie https://checkout.myvegan.ie https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://cdn.trackjs.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com https://s.pinimg.com https://static.criteo.net https://*.criteo.com https://lantern.roeyecdn.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'self';object-src 'none' 1
default-src https: 'self' data: blob:; script-src https: 'self' blob: 'unsafe-inline' 'unsafe-eval' https://googletagmanager.com/gtm.js https://www.googletagmanager.com/gtm.js https://pagead2.googlesyndication.com https://v.hvl.no; style-src https: 'self' data: 'unsafe-inline' https://v.hvl.no https://app.everviz.com https://fonts.googleapis.com; connect-src https: 'self' wss://ws.hotjar.com/api/v2/client/ws https://stats.g.doubleclick.net/g/collect https://pagead2.googlesyndication.com; frame-ancestors 'self' https://hvl.instructure.com; 1
frame-ancestors 'self' http://www.usa.philips.com *.philips.com *.usa.philips.com https://philipsigtdpv.com 1
object-src 'none'; base-uri 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.yextevents.com *.sitescdn.com *.sitescdn.net *.fonts.gstatic.com *.everesttech.net; 	script-src-elem 'self' 'unsafe-inline' *.sitescdn.net *.sitescdn.com *.yextevents.com *.gstatic.com *.taboola.com *.beterhoren.nl *.google.com *.aiaibot.com *.clarity.ms *.doubleclick.net *.logbor.com *.realytics.net *.metaffiliation.com *.realytics.io *.googleadservices.com *.pinterest.com *.pinimg.com *.iadvize.com *.zemanta.com *.adroll.com *.adform.net *.bing.com *.monsido.com *.tiktok.com *.outbrain.com *.hotjar.com *.adalyser.com *.responsetap.com *.exelator.com *.trustpilot.com *.adnxs.com *.crwdcntrl.net *.teads.tv *.googleapis.com *.facebook.net *.google-analytics.com maps.googleapis.com *.amplifon.com *.lpsnmedia.net *.tvsquared.com *.everestjs.net *.liveperson.net *.rfihub.net *.cookielaw.org *.adobedtm.com *.googletagmanager.com *.youtube.com; 	style-src 'self' 'unsafe-inline' 'unsafe-hashes' fonts.googleapis.com *.amplifon.com maps.googleapis.com; 	script-src 'self' 'unsafe-eval' 'unsafe-inline' 'unsafe-hashes' *.yextevents.com *.sitescdn.com *.sitescdn.net *.exelator.com maps.googleapis.com; 	frame-src 'self' *.yextevents.com *.sitescdn.com *.sitescdn.net *.tsdtocl.com *.taboola.com *.google.com *.youtube-nocookie.com *.hbfstech.net *.pinterest.com *.adroll.com *.trustpilot.com *.crwdcntrl.net *.teads.tv maps.googleapis.com *.rfihub.com *.lpsnmedia.net *.doubleclick.net *.demdex.net; 	font-src *.beterhoren.nl *.gstatic.com *.amplifon.com maps.googleapis.com; 	img-src 'self' data: * *.yextevents.com *.sitescdn.com *.sitescdn.net *.everesttech.net *.gstatic.com *.tvsquared.com *.googleusercontent.com *.facebook.com *.cookielaw.org *.ibb.co *.doubleclick.net ; 	connect-src 'self' *.yextevents.com *.sitescdn.com *.sitescdn.net *.trustpilot.com *.taboola.com *.beterhoren.nl *.bing.com *.aiaibot.com *.clarity.ms *.realytics.io *.metaffiliation.com *.pinterest.com *.iadvize.com *.nielsen.com *.responsetap.com *.tiktok.com *.outbrain.com *.tiktok.com *.exelator.com *.teads.tv *.googleapis.com *.analytics.google.com *.google.com *.doubleclick.net *.googleusercontent.com maps.googleapis.com *.amplifon.com *.amplifoninternal.com *.everesttech.net *.google-analytics.com *.onetrust.com *.cookielaw.org *.demdex.net *.omtrdc.net; 	worker-src maps.googleapis.com; 1
connect-src 'self' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100;default-src 'self';frame-ancestors 'self';frame-src 'self' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100;object-src 'self'; media-src 'self' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100;img-src * data: blob: 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 blob:;style-src 'self' 'unsafe-inline' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 blob:;font-src 'self' *.doubleclick.net google.com *.google.ca *.google.com *.google.mx *.google.fr *.google.ml *.google.tm *.google.ae *.google.gr *.google.ch *.google.dz *.google.nl *.google.ch *.google.be *.google.es *.google.it *.google.rs *.google.hn *.google.cn *.google.sk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googleapis.com *.bing.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.facebook.ca *.metrilo.com *.pinterest.com *.twitter.com *.hotjar.com *.hotjar.io *.paypalobjects.com *.paypal.com *.vimeo.com *.google.co.uk *.google.co.nz *.google.co.jp *.google.co.ve *.google.co.in *.google.co.za *.google.co.id *.google.com.ar *.google.com.za *.google.com.tw *.google.com.ph *.google.com.bd *.google.com.om *.google.com.mx *.google.com.bh *.google.com.ml *.google.com.qa *.google.com.pe *.google.com.ua *.google.com.au *.google.com.tr *.google.com.sg *.spotify.com *.myregistry.com *.poolsuppliescanada.ca *.jrtoycanada.ca *.braintreegateway.com *.braintree-api.com *.kaptcha.com *.postescanada-canadapost.ca *.paybright.com paybright.com *.nofraud.com *.mmapiws.com *.zendesk.com *.zopim.com *.zdassets.com static.zdassets.com *.clarity.ms *.newrelic.com *.nr-data.net wss://widget-mediator.zopim.com *.blackbaudhosting.com *.attn.tv *.attentivemobile.com *.afterpay.com *.amplitude.com *.clearbitjs.com *.polyfill.io *.pinimg.com cdn-cookieyes.com *.cookieyes.com *.sezzle.com sandbox.checkout.sezzle.com *.cdnfonts.com *.cybersource.com *.smooch.io *.online-metrix.net *.walmartimages.com http://127.0.0.1:9100 data:; 1
default-src *.gsa-online.de; img-src 'self' data:; script-src *.gsa-online.de polyfill.io 'unsafe-inline'; style-src *.gsa-online.de 'unsafe-inline'; frame-src *.gsa-online.de *.youtube.com *.youtube-nocookie.com *.2checkout.com *.avangate.com *.images.v-cdn.net *.ytimg.com; frame-ancestors *.gsa-online.de 'self' 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob: data: ; frame-ancestors 'self' https://*.edoctrina.org; report-to reportapi 1
frame-ancestors 'self' https://rallye-lecture.fr https://matheros.fr https://classe-numerique.fr https://motoufo.fr; 1
default-src 'self' https://sidra.org https://www.sidra.org https://www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://z.moatads.com https://snap.licdn.com https://static.hotjar.com https://m.addthis.com https://maps.googleapis.com https://www.sidra.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com  http://www.scorpioncms.com http://www.google-analytics.com/analytics.js http://www.scorpioncms.com/common/js/m/masked.js http://cdnjs.cloudflare.com https://use.fontawesome.com http://www.googletagmanager.com https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' data: https://s.w.org/ https://secure.gravatar.com/ https://maps.googleapis.com https://maps.gstatic.com https://www.google.com.qa http://www.google-analytics.com https://www.google.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com  https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' data: https://s0.wp.com https://secure.gravatar.com/ https://fonts.gstatic.com/ https://themes.googleusercontent.com; frame-src https://js.stripe.com https://s7.addthis.com https://www.google.com/ https://www.youtube.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
upgrade-insecure-requests; default-src 'self' https:; frame-ancestors 'none'; object-src 'none'; script-src 'self' https: 'unsafe-eval' www.google.com maps.googleapis.com connect.facebook.com connect.facebook.net platform.twitter.com www.googleadservices.com www.google-analytics.com 'nonce-0YocrJg5dihNeuheL/TZN+N8aGV13TTa'; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com; font-src 'self' https: data: fonts.googleapis.com; img-src 'self' https: data: s3.amazonaws.com www.googleadservices.com gravatar.com; media-src 'self' https: data: youtube.com; report-uri /csp_reports 1
connect-src 'self' aswpapius.com *.arcgis.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com maps.googleapis.com translation.googleapis.com *.google-analytics.com *.hsforms.net *.hsforms.com cdn.jsdelivr.net *.ketchcdn.com wss://stream.pushbullet.com api.weather.com *.nr-data.net d1y8lkztemn7an.cloudfront.net 'self' aswpapius.com *.arcgis.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com maps.googleapis.com translation.googleapis.com *.google-analytics.com *.hsforms.net *.hsforms.com cdn.jsdelivr.net *.ketchcdn.com wss://stream.pushbullet.com api.weather.com *.nr-data.net d1y8lkztemn7an.cloudfront.net *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com; img-src 'self' data: * d1y8lkztemn7an.cloudfront.net; manifest-src d1y8lkztemn7an.cloudfront.net; font-src 'self' fonts.gstatic.com d1y8lkztemn7an.cloudfront.net; media-src d1y8lkztemn7an.cloudfront.net factal-prod.herokuapp.com; default-src 'self'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com *.mailchimp.com d1y8lkztemn7an.cloudfront.net; frame-src factal.breezy.hr td.doubleclick.net www.google.com platform.twitter.com play.vidyard.com player.vimeo.com vimeo.com factal.breezy.hr td.doubleclick.net www.google.com platform.twitter.com play.vidyard.com player.vimeo.com vimeo.com *.hubspot.com *.hs-sites.com *.hubspot.net *.hsforms.net *.hsforms.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' aswpsdkus.com s3.amazonaws.com factal.breezy.hr cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hsforms.net *.ketchcdn.com cdn.ketchjs.com snap.licdn.com connect.facebook.net platform.twitter.com static.ads-twitter.com play.vidyard.com player.vimeo.com extend.vimeocdn.com ws.zoominfo.com d1y8lkztemn7an.cloudfront.net factal-prod.herokuapp.com js-agent.newrelic.com *.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval' aswpsdkus.com s3.amazonaws.com factal.breezy.hr cdnjs.cloudflare.com cdn.jsdelivr.net code.jquery.com *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hsforms.net *.ketchcdn.com cdn.ketchjs.com snap.licdn.com connect.facebook.net platform.twitter.com static.ads-twitter.com play.vidyard.com player.vimeo.com extend.vimeocdn.com ws.zoominfo.com d1y8lkztemn7an.cloudfront.net factal-prod.herokuapp.com js-agent.newrelic.com *.nr-data.net *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://front-end.social; img-src 'self' https: data: blob: https://front-end.social; style-src 'self' https://front-end.social 'nonce-6Cf2HIcN+zImTE2QLOmwbg=='; media-src 'self' https: data: https://front-end.social; frame-src 'self' https:; manifest-src 'self' https://front-end.social; form-action 'self'; child-src 'self' blob: https://front-end.social; worker-src 'self' blob: https://front-end.social; connect-src 'self' data: blob: https://front-end.social https://cdn.masto.host wss://front-end.social; script-src 'self' https://front-end.social 'wasm-unsafe-eval' 1
frame-ancestors https://engage.talkative.uk https://ignite.mitel.com https://srv-contactcent.theimi.org.uk https://eu.engage.app/ *.theimi.org.uk  https://www.youtube.com/ https://imiacp.ddev.site:8443/; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: about: ; report-uri /security-report.php 1
default-src 'self' c.clarity.ms fcmregistrations.googleapis.com cdn.shriramgi.com t.clarity.ms td.doubleclick.net pagead2.googlesyndication.com firebaseinstallations.googleapis.com www.facebook.com lumberjack-metrics.razorpay.com lumberjack.razorpay.com lumberjack-cx.razorpay.com cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com maps.googleapis.com www.gstatic.com www.google.com www.googletagmanager.com www.google-analytics.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net osjs.netcoresmartech.com analytics.google.com api.razorpay.com ; script-src 'self' 'unsafe-inline' cdpanalytics.novactech.in www.googleadservices.com www.clarity.ms t.clarity.ms cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com code.jquery.com checkout.razorpay.com googleads.g.doubleclick.net bat.bing.com cdn.datatables.net www.gstatic.com www.google.com cdn.shriramgi.com maps.googleapis.com use.fontawesome.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com  connect.facebook.net www.google-analytics.com osjs.netcoresmartech.com analytics.google.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com weloveiconfonts.com cdn.shriramgi.com cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net code.jquery.com cdn.datatables.net; font-src 'self' 'unsafe-inline' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com cdnjs.cloudflare.com cdn.shriramgi.com data: fonts.gstatic.com weloveiconfonts.com; worker-src 'self' cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com ckeditor.com; img-src 'self'  data: c.bing.com c.clarity.ms www.googletagmanager.com googleads.g.doubleclick.net cdpanalytics.novactech.in cdnt.netcoresmartech.com cdndc.netcoresmartech.com wdc.netcoresmartech.com twa.netcoresmartech.com psegment.netcoresmartech.com maps.gstatic.com maps.googleapis.com app.shriramgi.com googletagmanager.com bat.bing.com cdn.shriramgi.com maps.google.com www.google.co.in www.facebook.com www.google-analytics.com www.google.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';block-all-mixed-content;upgrade-insecure-requests 1
default-src 'self'; style-src 'self' 'unsafe-inline' comment.bitstorm.org; script-src 'self' 'unsafe-inline' comment.bitstorm.org data.bitstorm.org sentry.io; connect-src 'self' wss://comment.bitstorm.org comment.bitstorm.org data.bitstorm.org; img-src * data:; frame-src 'self'; object-src 'none'; report-uri https://sentry.io/api/1375377/security/?sentry_key=37a44af6812a48e58322a30492ab7025 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://d1stxfv94hrhia.cloudfront.net https://www.lightboxcdn.com https://api.lightboxcdn.com https://www.gillettevenus.com https://pge.segmanta.com https://www.upsellit.com https://s.pinimg.com https://z.moatads.com https://c.lytics.io https://cdn.segment.com https://js-cdn.dynatrace.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://www.youtube.com https://pghub.io *.cookielaw.org *.onetrust.com *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://api.tiles.mapbox.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' https://videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org https://40n23zgkic3y-a.akamaihd.net https://ct.pinterest.com https://submit.lightboxcdn.com https://submitcus.lightboxcdn.com https://s3.lightboxcdn.com https://api.lightboxcdn.com https://www.lightboxcdn.com https://c.lytics.io https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://px.moatads.com https://www.google.com i.ytimg.com videos.ctfassets.net images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' https://s3.lightboxcdn.com fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube.com https://www.youtube-nocookie.com *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.bunny.net app.snipcart.com data: payment.snipcart.com  cdn.snipcart.com;frame-src youtu.be youtube.com www.youtube.com ;img-src 'self' bouletcorp-admin.cepcam.fr; 1
default-src 'self'; frame-ancestors *.welovefrugi.com *.dotomi.com; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://blog.sote.pl  https://blog.soteshop.com  https://d3js.org  https://*.googlesyndication.com https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com *.twitter.com *.syndication.twimg.com *.twimg.com https://syndication.twitter.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self' http://blog.sote.pl  https://blog.soteshop.com  https://d3js.org  https://*.googlesyndication.com https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com *.twitter.com *.syndication.twimg.com *.twimg.com https://syndication.twitter.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
base-uri 'self'; script-src 'self' 'unsafe-eval' https://static-cdn.qburst.com https://cdn-affiliate.qburst.com https://certify-js.alexametrics.com/atrk.js https://snap.licdn.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://cdn.linkedin.oribi.io https://www.youtube.com https://www.google.com https://www.gstatic.com http://www.gstatic.com https://maps.googleapis.com https://static.addtoany.com http://www.google.com https://cse.google.com http://cse.google.com https://partner.googleadservices.com https://analytics.google.com https://adservice.google.com https://www.googleadservices.com https://www.google.co.in https://ct.capterra.com https://js.zi-scripts.com https://tags.clickagy.com https://js.adsrvr.org 'sha256-/ITGJvuxgnMQXHjVR83cHg2yoP5Jx5SKdiunye98OwE=' 'sha256-i5/9P2L0hDUu6r9wRztk7FiLkT2AAoPbTSlrL1sp6O8=' 'sha256-6wRdeNJzEHNIsDAMAdKbdVLWIqu8b6+Bs+xVNZqplQw=' 'sha256-8Lv10+9kieliYluA+S5z1+KwnqLTX4J0FiDyx8FWM2s=' 'sha256-zFiAYZngjHC8cpBF+I5B678kZX+kY5VBHUBe8MhmYJM=' 'nonce-ZLZJgHzD09LHfj03s/XRRA=='; form-action 'self'; prefetch-src https://static-cdn.qburst.com; default-src 'self' https://static-cdn.qburst.com; style-src 'self' 'unsafe-inline' https://static-cdn.qburst.com https://fonts.googleapis.com https://www.google.com; object-src 'self'; font-src 'self' 'unsafe-inline' https://static-cdn.qburst.com https://fonts.gstatic.com data:; worker-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://www.youtube.com https://maps.googleapis.com https://csp.withgoogle.com https://analytics.google.com https://www.afmadmin.qburst.com https://adservice.google.com https://pagead2.googlesyndication.com https://js.zi-scripts.com https://ws.zoominfo.com https://aorta.clickagy.com https://hemsync.clickagy.com https://px.ads.linkedin.com; img-src 'self' data: https://static-cdn.qburst.com www.google-analytics.com googleads.g.doubleclick.net https://certify.alexametrics.com https://p.adsymptotic.com https://www.google.com https://www.google.co.in https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://marketingplatform.google.com https://d32wqyuo10o653.cloudfront.net https://www.googletagmanager.com https://i.ytimg.com http://clients1.google.com https://ssl.gstatic.com https://encrypted *; manifest-src 'self'; frame-src 'self' https://www.youtube.com https://www.google.com https://static.addtoany.com https://cse.google.com https://td.doubleclick.net https://insight.adsrvr.org https://www.adsensecustomsearchads.com https://match.adsrvr.org; frame-ancestors 'self'; media-src 'self' blob: https://d1j2gmvz4lzti5.cloudfront.net 1
default-src 'self'; frame-ancestors 'self' https://app.storyblok.com; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://connect.facebook.net https://static.elfsight.com https://service-reviews-ultimate.elfsight.com https://www.googleadservices.com https://app.storyblok.com https://td.doubleclick.net https://www.googletagmanager.com https://bat.bing.com https://dev.visualwebsiteoptimizer.com https://js.intercomcdn.com https://quickkoala.io https://scatec.io https://static.ads-twitter.com https://widget.intercom.io https://www.googletagmanager.com; style-src 'report-sample' 'unsafe-inline' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://static.elfsight.com https://core.service.elfsight.com https://service-reviews-ultimate.elfsight.com https://api.storyblok.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://wp.caminofinancial.com https://stats.g.doubleclick.net http://wp.caminofinancialdev.com https://analytics.google.com https://api-iam.intercom.io https://bat.bing.com https://quickkoala.io https://scatec.io wss://nexus-websocket-a.intercom.io; font-src 'self' data:; frame-src 'self' https://td.doubleclick.net https://app.netlify.com https://www.google.com; img-src 'self' data: https://a.storyblok.com https://www.google.com https://wp.caminofinancial.com https://lh3.googleusercontent.com https://scontent.fqsf1-1.fna.fbcdn.net https://cdn.cookielaw.org https://www.facebook.com https://googleads.g.doubleclick.net https://static.intercomassets.com https://js.intercomcdn.com https://analytics.twitter.com https://bat.bing.com https://cbi39m6fmh.execute-api.us-west-2.amazonaws.com https://dev.visualwebsiteoptimizer.com https://scatec.io https://t.co; manifest-src 'self'; media-src 'self'; report-uri https://661533f077c15b585b4a67ac.endpoint.csper.io/; worker-src 'self'; 1
frame-ancestors 'self' *.sciquest.com *.ariba.com *.nova.edu *.coupahost.com *.covestro.com *.intellecat.com *.bmc.com *.vinimaya.com *.oraclecloud.com *.equallevel.com *.terracon.com *.eplus.com *.pacificorp.us *.punchout2go.com *.STATE.PA.US equallevel.com *.macewan.ca p2p.caci.com *.verian.com *.aquiire.net *.nvenergy.com *.sherwin.com *.fwisd.org *.cchmc.org *.esmsolutions.com *.ocps.* *.pacificorp.us *.oracleoutsourcing.com *.ocps.k12.fl.us *.ivalua.us *.vroozi.com *.varstreet.com *.ocps.net *.edmonton.ca *.cgieva.com *.punchoutcommerce.com punchoutcommerce.com *.shawinc.com *.tradecentric.com 1
frame-ancestors self mybroadbandaccount.com *.mybroadbandaccount.com dd9.com *.dd9.com lovelandpulse.com *.lovelandpulse.com lovelandpulse:8888 1
default-src 'self'; script-src 'self' 'sha256-ETWJMGu3Enj4jG4CFECxfP2c3Do3HPOoIGX3RuqSk4E=' 'sha256-UNSjrBN573Gq5WKBQX8pe6R5RxDXbRjK1TIF7JnDtRI=' 'sha256-jsM15EgcnljVkAqUSwvhK2zpKO95FVxVXa/KCLMxHP0=' https://www.gstatic.com https://www.google.com https://ph.cake.io https://use.typekit.net ; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'self' *; base-uri 'self'; connect-src 'self'; font-src 'self' https://use.typekit.net; frame-ancestors *; frame-src 'self' https://www.google.com; img-src * ; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
script-src 'self' https://analytics.tim427.net/ https://*.googleapis.com https://maps.gstatic.com https://www.google-analytics.com 1
default-src 'self' mailto: tel: *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com *.cdnjs.cloudflare.com; worker-src blob:; style-src 'self' 'unsafe-inline' *.aia.com.ph *.unpkg.com https://unpkg.com *.google.com https://s7ap1.scene7.com https://*.zscalertwo.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://fonts.font.im 'self' 'unsafe-inline'; img-src 'self' data: blob: *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://maps.gstatic.com https://www.googleapis.com/ https://maps.googleapis.com *.google.com https://*.zscalertwo.net https://s7ap1.scene7.com https://dpm.demdex.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net https://px.ads.linkedin.com *.yellowmessenger.com 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.aia.com *.philamlife.com *.aia.com.ph *.unpkg.com https://unpkg.com *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7ap1.scene7.com https://*.zscalertwo.net https://assets.adobedtm.com https://dpm.demdex.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com.my https://www.googletagmanager.com https://connect.facebook.net *.yellowmessenger.com 'self' 'unsafe-eval' *.aia.com.ph *.google.com *.gstatic.com 'unsafe-inline'; connect-src 'self' https://*.azurewebsites.net https://payin.payserv.net https://payin.paynamics.net https://*.appserviceenvironment.net https://*.bpi-aia.com.ph *.aia.com *.philamlife.com *.aia.com.ph *.google.com *.aia-dfs.originally.us *.gstatic.com *.twitter.com *.linkedin.com *.zscalertwo.net blob: *.recaptcha.net recaptcha.net https://www.googleapis.com/ https://maps.googleapis.com https://fonts.googleapis.com https://www.google.com/recaptcha/ https://recaptcha.google.com *.facebook.com *.youtube.com *.adobedtm.com *.google-analytics.com https://s.go-mpulse.net http://phdcwdlapp030:8280 https://mypageappuat.philamlife.com https://mypageapp.philamlife.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://stats.g.doubleclick.net *.aia.com.ph https://adobedc.demdex.net https://edge.adobedc.net *.yellowmessenger.com wss://app.yellowmessenger.com/message/; frame-src 'self' mailto: tel: *.google.com https://s7mbrstream-ap1.scene7.com https://s7ap1.scene7.com https://bid.g.doubleclick.net *.aia.com.ph https://www.youtube.com https://app.yellowmessenger.com; font-src * data:; media-src 'self' data: blob: *.google.com *.aia.com *.scene7.com *.yellowmessenger.com; object-src 'none'; frame-ancestors https://*.aia.com.ph; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.usercentrics.eu *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.dokom21.de c.leadlab.click *.googleadservices.com *.trustedshops.com *.hotjar.com snap.licdn.com *.onlyfy.jobs www.youtube.com; connect-src 'self' wss://*.hotjar.com *.onlyfy.jobs *.usercentrics.eu *.analytics.google.com content.hotjar.io wss://wsp33.hotjar.com cdn.linkedin.oribi.io *.googletagmanager.com *.google-analytics.com *.iadvize.com *.googleapis.com *.dokom21.de t.leadlab.click *.hotjar.com stats.g.doubleclick.net *.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com logging.trustbadge.com; img-src 'self' *.dokom21.de maps.gstatic.com maps.googleapis.com googletagmanager.com data: googletagmanager.com *.tradedoubler.com *.usercentrics.eu www.google-analytics.com *.iadvize.com *.trustedshops.com *.linkedin.com *.google.com *.google.de; style-src 'self' 'unsafe-inline' fast.fonts.net *.iadvize.com; base-uri 'self';form-action 'self' *.dokom21.de service.dokom.net www.dokom21-webagent.de; object-src 'none'; frame-src 'self' *.onlyfy.jobs playout.3qsdn.com frontend.vlink.com *.google.com *.iadvize.com *.usercentrics.eu *.hotjar.com dokom21.jobbase.io www.youtube-nocookie.com; worker-src 'self' 'unsafe-inline' *.dokom21.de blob: ; frame-ancestors 'self' *.ipcentrex21.de http://127.0.0.1 http://localhost 1
frame-ancestors 'none'; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.openstreetmap.org; img-src data: blob: * *.momentjs.net *.doubleclick.net *.facebook.com *.facebook.net *.google-analytics.com *.googlesyndication.com *.gstatic.com *.hotjar.com *.twitter.com *.youtube.com ajax.googleapis.com c.bazo.io; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.bazo.io; frame-src 'self' *.google.com *.facebook.com *.youtube.com *.instagram.com *.twitter.com *.cookiebot.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.momentjs.com momentjs.com *.google.com connect.facebook.net *.instagram.com *.twitter.com *.googletagmanager.com *.hotjar.com *.gstatic.com c.bazo.io *.google-analytics.com *.licdn.com *.cookiebot.com; connect-src 'self' ws: *.openstreetmap.org *.google-analytics.com *.google.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.bazo.io *.cookiebot.com *.linkedin.com *.googlesyndication.com 1
frame-ancestors https://*.avisworld.com https://*.rent-at-avis.com 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline' 1
script-src 'self' https://cdnjs.cloudflare.com 'nonce-szly95hXTflTZ36t28CdFhfOPR0='  'strict-dynamic' 'unsafe-inline'   https://*.googleapis.com/  static.elfsight.com 1
default-src 'self';         script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com search.wiser.nl *.casengo.com *.trackjs.com *.getgrasp.com *.cloudfront.net *.sift.com *.cookiebot.com connect.facebook.net *.hotjar.com sc-static.net googleads.g.doubleclick.net api.ipify.org *.snapchat.com *.googleadservices.com script.getgrasp.com *.convertexperiments.com;         style-src 'self' 'unsafe-inline' search.wiser.nl *.casengo.com *.getgrasp.com;         connect-src 'self' ws: *.google-analytics.com *.getgrasp.com *.getgrasp.com:9081 search.wiser.nl d1e9x0wcqr7os0.cloudfront.net *.trackjs.com *.gamecardsdirect.com *.snapchat.com *.hotjar.io *.google.com pagead2.googlesyndication.com *.cookiebot.com *.hotjar.com *.g.doubleclick.net *.convertexperiments.com;         img-src 'self' data: *.googletagmanager.com *.google-analytics.com *.analytics.google.com search.wiser.nl *.casengo.com hexagon-analytics.com *.trackjs.com *.getgrasp.com *.facebook.com *.google.com *.google.nl gamecardsdirect.com *.gamecardsdirect.com *.snapchat.com *.cookiebot.com *.g.doubleclick.net;         frame-src 'self' *.google.com *.facebook.com *.cookiebot.com *.snapchat.com *.kiyoh.com *.doubleclick.net *.snapchat.com *.youtube.com 1
frame-ancestors 'self' tau2904.com *.tau2904.com *.ttbbank.com *.ttbdirect.com *.9fftech.com https://*.9fftech.com https://*.tau2904.com  https://*.ttbdirect.com https://*.ttbbank.com dev-web-tmbwowoneapp.azurewebsites.net stg-web-tmbwowoneapp.azurewebsites.net https://dev-web-tmbwowoneapp.azurewebsites.net https://stg-web-tmbwowoneapp.azurewebsites.net cms.ttbbank.local cms-uat.ttbbank.local cms-uat2.ttbbank.local 1
manifest-src 'self' cdn.yello.link; 1
upgrade-insecure-requests;frame-ancestors 'self' 1
object-src 'self'; style-src 'unsafe-inline' 'self' *.tieto.com cdn.jsdelivr.net *.fonts.net *.talentadore.com *.omasp.fi fonts.googleapis.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com polyfill.io cdn.jsdelivr.net *.vismasignforms.com *.googleapis.com *.cloudflare.com *.investis.com *.addthis.com *.addthisedge.com *.moatads.com widget-telwin.getjenny.com *.cookiebot.com *.google-analytics.com *.omasp.fi apps.mypurecloud.ie *.talentadore.com connect.facebook.net ccaas.service.tieto.com; frame-src 'self' *.vimeo.com apps.mypurecloud.ie vimeo.com *.vismasignforms.com *.youtube.com *.cookiebot.com *.omasp.fi s7.addthis.com *.investis.com; img-src * data: 'self'; font-src 'self' *.omasp.fi *.tieto.com fonts.gstatic.com; connect-src 'self' *.cdn.omasp.fi  *.google-analytics.com fast.fonts.net rum.browser-intake-datadoghq.eu ats.talentadore.com wss://ccaas.service.tieto.com/ospcb/cobrowse/cometd *.tieto.com *.googleapis.com *.cookiebot.com widget-telwin.getjenny.com api.mypurecloud.ie wss://cobrowse-v2.mypurecloud.ie apps.mypurecloud.ie api-cdn.mypurecloud.ie wss://webmessaging.mypurecloud.ie www.google-analytics.com *.addthis.com stats.g.doubleclick.net; 1
default-src 'self' blob:;connect-src 'self' blob: https://*.firebaseio.com https://*.googleapis.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com *.githubusercontent.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://www.gstatic.com https://*.firebaseapp.com;script-src-elem 'self' 'unsafe-inline' data: https://*.google.com https://www.gstatic.com https://*.firebaseapp.com https://*.googletagmanager.com https://*.google-analytics.com;img-src 'self' blob: data: https://ik.imagekit.io/ *.googletagmanager.com;style-src 'self' 'unsafe-inline' https://*.googleapis.com;frame-ancestors 'self';font-src 'self' https://*.gstatic.com;frame-src 'self' blob: https://*.google.com https://faic-website.firebaseapp.com/;object-src 'self' blob: https://*.google.com https://faic-website.firebaseapp.com/;worker-src 'self' blob:; 1
frame-ancestors 'self' app.glia.com; 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' ; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
worker-src * 'self' 'unsafe-inline' blob:; script-src-elem * 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' https://*.com data:; img-src 'self' data: https: 1
default-src https: 'unsafe-inline' 'unsafe-eval' mczbf.com kdukvh.com emjcd.com cj.dotomi.com members.cj.com googletagmanager.com google.com google.cz seznam.cz wss: websocket-visitors.smartsupp.com rec.smartlook.com googletagmanager.com heureka.cz imedia.cz data: 1
frame-ancestors 'self' https://teams.microsoft.com; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
connect-src *; default-src 'self'; font-src 'self' data: fonts.gstatic.com pro.fontawesome.com *.typekit.net *.cloudflare.com; frame-src 'self' www.google.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google-analytics.com *.cloudflare.com *.gravatar.com *.googleapis.com *.gstatic.com *.doubleclick.net; media-src *; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com ajax.googleapis.com *.cloudflare.com *.jsdelivr.net *.cdn.civiccomputing.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com pro.fontawesome.com *.cloudflare.com *.jsdelivr.net *.typekit.net; 1
default-src 'none' ;  script-src  'self' ajax.googleapis.com maxcdn.bootstrapcdn.com code.jquery.com commerce.coinbase.com pagead2.googlesyndication.com adservice.google.com adservice.google.fr www.googletagservices.com www.googleadservices.com ;  style-src   'self' maxcdn.bootstrapcdn.com commerce.coinbase.com ;  frame-src   'self' commerce.coinbase.com www.youtube.com googleads.g.doubleclick.net www.google.com www.google.fr ;  object-src  'self' commerce.coinbase.com www.youtube.com ;  connect-src 'self' pagead2.googlesyndication.com ;  img-src     'self' s3.us-west-2.amazonaws.com static.scarf.sh sup.lamiral.info lstu.fr  www.paypalobjects.com imapsync.lamiral.info ;  font-src    'self' maxcdn.bootstrapcdn.com ;  form-action 'self' www.paypal.com ;  1
form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; script-src 'unsafe-inline' 'unsafe-eval' i0.wp.com k.clarity.ms *.clarity.ms *.google.nl *.google.fr *.google.es *.google.it *.google.de *.google.co.uk *.google.da *.google.pt *.google.com  *.googleadservices.com *.googlesyndication.com *.google.com https://www.googletagservices.com https://adservice.google.bg https://pagead2.googlesyndication.com sensorstechforum.com https://fonts.gstatic.com/ https://www.youtube.com https://ajax.cloudflare.com https://www.google-analytics.com https://ajax.googleapis.com https://maps.googleapis.com https://www.googletagmanager.com 1
default-src 'self'; child-src 'self' *.criteo.com *.criteo.net *.adform.net *.google-analytics.com *.meine-krankenkasse.de *.meine-gesundheitsplattform.de *.nexpics.com *.sibforms.com *.weisse-liste.de 360.nexpics.com bkk-vbu.form.cloud bkk-vbu.limequery.org bkk-vbu-test.form.cloud digitus-bkkvbu.apps.cloud.itsc.de pixel.mathtag.com player.podigee-cdn.net player.vimeo.com tagmanager.google.com vbu.gesundheitsformulare.de vbu.matomo.cloud www.youtube-nocookie.com www.googletagmanager.com www.facebook.com; connect-src 'self' *.meine-krankenkasse.de *.nexpics.com *.sibforms.com api.usercentrics.eu aggregator.service.usercentrics.eu bkk-vbu.form.cloud bkk-vbu-test.form.cloud digitus-bkkvbu.apps.cloud.itsc.de graphql.usercentrics.eu maps.googleapis.com vbu.matomo.cloud wss://digitus-bkkvbu.apps.cloud.itsc.de www.facebook.com; font-src 'self' data: *.nexpics.com *.sibforms.com bkk-vbu.form.cloud bkk-vbu-test.form.cloud fonts.gstatic.com pixel.mathtag.com player.podigee-cdn.net vbu.gesundheitsformulare.de; frame-ancestors 'self' *.meine-krankenkasse.de vbu.matomo.cloud; img-src 'self' data: *.googleapis.com *.gstatic.com *.meine-krankenkasse.de *.nexpics.com *.sibforms.com app.usercentrics.eu bkk-vbu.form.cloud bkk-vbu-test.form.cloud f.vimeocdn.com googleads.g.doubleclick.net images.podigee-cdn.net pixel.mathtag.com player.podigee-cdn.net s.ytimg.com vbu.gesundheitsformulare.de vbu.matomo.cloud www.facebook.com www.google.de www.google.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.adform.net *.criteo.com *.criteo.net *.google-analytics.com *.googleapis.com *.meine-krankenkasse.de *.nexpics.com *.sibforms.com app.usercentrics.eu bkk-vbu.form.cloud bkk-vbu-test.form.cloud connect.facebook.net f.vimeocdn.com googleads.g.doubleclick.net pixel.mathtag.com player.podigee-cdn.net s.ytimg.com secure.adnxs.com tagmanager.google.com vbu.gesundheitsformulare.de vbu.matomo.cloud www.googletagmanager.com www.googleadservices.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.meine-krankenkasse.de *.nexpics.com *.sibforms.com bkk-vbu.form.cloud bkk-vbu-test.form.cloud player.podigee-cdn.net vbu.gesundheitsformulare.de vbu.matomo.cloud s.ytimg.com f.vimeocdn.com; upgrade-insecure-requests 1
referrer 1
*.procor.com 1
frame-ancestors 'self' https://admin.yallastore.co.il https://admin.webzie.com; 1
default-src 'self' https://intercom-sheets.com https://*.intercomcdn.com http://postcode.map.daum.net https://service.iamport.kr; connect-src https://web-server.production.fruitsfamily.com/graphql https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.intercom.io wss://*.intercom.io https://service.iamport.kr https://firebase.googleapis.com https://firebaseinstallations.googleapis.com; img-src 'self' data: https://*.fruitsfamily.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.intercomcdn.com https://*.intercomassets.com; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://*.googletagmanager.com https://*.intercom.io https://*.intercomcdn.com https://t1.daumcdn.net https://cdn.iamport.kr; style-src 'self' 'unsafe-inline' 1
default-src 'unsafe-inlin' https:; font-src default-src 'unsafe-inlin' https: data:; img-src  https: data:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
default-src 'self' 'unsafe-eval';                                         connect-src 'self' *.doubleclick.net *.google-analytics.com *.google-analytics.com *.juicer.io *.googleapis.com *.facebook.com ds.cookiehub.net consent.cookiehub.net region-eu.cookiehub.net consent-eu.cookiehub.net;                                         frame-src 'self' *.youtube.com www.youtube-nocookie.com *.google.com;                                         img-src 'self' *.googletagmanager.com *.google-analytics.com *.clatity.ms *.picsum.photos picsum.photos marketing.acerbis.it *.juicer.io juicer.io *.gstatic.com *.google.com *.googleapis.com img-youtube.com *.youtube.com *.facebook.com data: blob:;                                         font-src 'self' *.juicer.io *.gstatic.com;                                         script-src-elem 'self' 'unsafe-inline' *.google-analytics.com *.clarity.ms *.youtube.com *.googletagmanager.com *.juicer.io *.google.com *.googleapis.com *.google.com *.facebook.net cookiehub.net cdn.cookiehub.eu; 										style-src-elem 'self' 'unsafe-inline' cookiehub.net *.juicer.io *.youtube.com *.googleapis.com *.google.com;                                         style-src 'self' 'unsafe-inline' *.juicer.io *.googleapis.com cookiehub.net cdn.cookiehub.eu; 1
default-src 'self' *.tii.ae www.google-analytics.com *.google-analytics.com analytics.google.com stats.g.doubleclick.net px.ads.linkedin.com *.clarity.ms cdn.jsdelivr.net data:; font-src 'self' *.tii.ae fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net data:; media-src 'self' *.amazonaws.com *.tii.ae *.licdn.com blob:; child-src 'self' *.tii.ae; script-src 'self' 'unsafe-inline' *.amazonaws.com *.tii.ae ajax.googleapis.com www.gstatic.com www.google.com www.youtube.com; script-src-elem 'unsafe-inline' *.amazonaws.com *.tii.ae snap.licdn.com ajax.googleapis.com www.youtube.com cdnjs.cloudflare.com www.googletagmanager.com www.google-analytics.com *.google-analytics.com www.google.com www.gstatic.com www.clarity.ms cdn.jsdelivr.net *.elfsight.com 'self'; frame-src *.tii.ae www.google.com www.youtube.com www.youtube-nocookie.com online.flippingbook.com 'self'; frame-ancestors 'self' www.google.com; style-src 'self' 'unsafe-inline' *.tii.ae *.amazonaws.com fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net; img-src 'self' *.amazonaws.com *.tii.ae cdn.jsdelivr.net px.ads.linkedin.com *.clarity.ms yt3.ggpht.com *.jawg.io img.youtube.com i.ytimg.com www.google-analytics.com *.google-analytics.com www.google.com www.google.ae www.googletagmanager.com *.google.com www.google.co.in data:; 1
default-src 'self'; child-src 'self'; connect-src 'self' sso.sozialversicherung.at analysis.sozialversicherung.at cobrowsing.svs.at *.cobrowsing.svs.at cobrowsing.sv-services.at *.cobrowsing.sv-services.at sva-chatbot-prod.azurewebsites.net svs-chatbot-prod.azurewebsites.net europe.directline.botframework.com lf.o-c.io api.o-c.io *.googleapis.com mrtctcrawler.refactory.at *.pagestrip.com pagestrip.com; font-src 'self' *.googleapis.com *.gstatic.com termine.sozialversicherung.at karriere.pv.at widget.virtualq.de data: *.pagestrip.com; frame-ancestors 'self' www.meinebvaeb.at www.meinesv.at www.meineoegk.at  *.sozialversicherung.at; frame-src 'self' cobrowsing.svs.at *.cobrowsing.svs.at cobrowsing.sv-services.at *.cobrowsing.sv-services.at www.youtube-nocookie.com base.streamdiver.com www.handy-signatur.at service.a-trust.at 127.0.0.1:3496 termine.sozialversicherung.at karriere.pv.at widget.virtualq.de sso.sozialversicherung.at *.svs.at *.onlyfy.jobs esv-newsletter.connexcc-hosting.net analysis.sozialversicherung.at; img-src 'self' data: analysis.sozialversicherung.at lf.o-c.io *.googleapis.com *.gstatic.com termine.sozialversicherung.at karriere.pv.at widget.virtualq.de *.pagestrip.com blob blob:; manifest-src 'self'; media-src 'self' data:; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' analysis.sozialversicherung.at cobrowsing.svs.at *.cobrowsing.svs.at cobrowsing.sv-services.at *.cobrowsing.sv-services.at lf.o-c.io *.googleapis.com termine.sozialversicherung.at karriere.pv.at widget.virtualq.de sso.sozialversicherung.at *.onlyfy.jobs *.pagestrip.com; style-src 'unsafe-inline' 'self' lf.o-c.io *.googleapis.com *.pagestrip.com; worker-src 'self';  form-action 'self' secure-zustellung.briefbutler.at www.handy-signatur.at service.a-trust.at 127.0.0.1:3496 *.usp.gv.at *.oesterreich.gv.at  *.adressen.auva.net *.arzneidialog.at *.auva.at *.auva-b.at *.auvab.at *.auva-betreibergmbh.at *.auvagraz.at *.auva.gv.at *.auvalinz.at *.auva.or.at *.auva.org *.auvasalzburg.at *.auvasicher.at *.auv-b.at *.auvb.at *.auv-b.co.at *.auvb.co.at *.bvaeb.at *.bvaeb.sv.at *.cciv.at *.chipkarte.at *.chipkarte.gv.at *.demenz-ooe.at *.demenz-versorgung.at *.e-card.co.at *.e-card.gv.at *.ecard.gv.at *.e-card.or.at *.ecard.or.at *.efz.auva.net *.elda.at *.formulare.auva.net *.forum-reha.at *.gebietskrankenkasse.at *.geld.auva.net *.gesundheitskasse.at *.gesundmeldung.at *.gibacht.auva.net *.gkk.at *.gubonline.at *.hanuschhof.at *.hanusch-krankenhaus.at *.hauptstelle.auva.net *.ifgp.at *.initiative-patientensicherheit.at *.initiativepatientensicherheit.at *.kfa.co.at *.kfa-salzburg.at *.kfawien.at *.kinder-zahnpaket.at *.kinderzahnpaket.at *.klinikum-peterhof.at *.klinikumpeterhof.at *.kongresse.auva.net *.linzerheim.at *.medieninfo.auva.net *.meinebvaeb.at *.meine-oegk.at *.meineoegk.at *.meinesozialversicherung.at *.meinesv.at *.meine-uv.at *.meineuv.at *.mein-uv-service.at *.oegk.at *.oegk.co.at *.oegk.or.at *.pensionsversicherung.at *.pensionsversicherungsanstalt.at *.pensionsversicherungsanstalt.gv.at *.praevention.auva.net *.publikationen.auva.net *.pva.gv.at *.pv.at *.reha-zentren.at *.rztobelbad.at *.selbstverwaltung.auva.net *.sicherheit.auva.net *.sicherheitsschulung.auva.net *.sicherlernen.auva.net *.sozialeunfallversicherung.at *.sozialversicherung.at *.sozialversicherung.co.at *.sozialversicherungen.at *.sozialversicherungen.or.at *.sozialversicherung.gv.at *.sozialversicherung.or.at *.sozvers.at *.statistik.auva.net *.sv-chipkarte.at *.sv-chipkarte.gv.at *.svdgmbh.at *.svs.at *.tisserand.at *.unfallkrankenhaus.at *.www.auva.net *.xn--gk-eka.at *.xn--gk-eka.or.at *.xn--meinegk-e1a.at *.xn--meine-gk-s4a.at  1
img-src 'self'; style-src 'self' 'unsafe-inline'; default-src 'none'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; 1
default-src 'self' addrevenue.io; media-src 'self' blob:; img-src * data:; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.googleapis.com cdn.jsdelivr.net fonts.cdnfonts.com code.jquery.com; script-src 'self' 'unsafe-inline' addrevenue.io *.cookiebot.com *.google.com www.gstatic.com cdn.jsdelivr.net www.googletagmanager.com *.googleadservices.com code.jquery.com s.retargeted.co js.stripe.com *.doubleclick.net; connect-src 'self' addrevenue.io google.com *.google.com *.google.se *.google.dk *.google.nl *.google.de *.google.co.uk *.google.fi *.google.fr *.google.no *.google-analytics.com *.googleadservices.com *.doubleclick.net *.googlesyndication.com *.cookiebot.com; frame-src 'self' *.cookiebot.com *.stripe.com *.google.com *.gstatic.com www.googletagmanager.com *.doubleclick.net; frame-ancestors 'self' addrevenue.io chrome-extension://cddeilkbaplhckldjjanlaimlgngemaf; report-uri https://addrevenue.io/en/csp; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-sg4LY645ewGsm8cIdjKKmO6aMDWuR262Fh5drzXSldwaVZ3a' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
child-src 'self' blob:; connect-src wss: *.amazonaws.com *.auto.nl *.azure.com *.bing.com *.clarity.ms *.datatrics.com *.doubleclick.net *.embed.ly *.facebook.com *.fls.doubleclick.net *.google-analytics.com *.google.be *.google.com *.google.de *.google.nl *.google.pl *.googlesyndication.com *.goprivatelease.nl *.hotjar.com *.mapbox.com *.ndt5.net *.newstat.net *.omappapi.com *.openreplay.com *.pinimg.com *.pinterest.com *.rkn3.net *.robinhq.com *.snapchat.com *.surfly.com *.taglayer.com *.typekit.net *.visualstudio.com *.vivition.com abovo-digital.com lgictautonlpwesa.blob.core.windows.net ndt5.net plvpxl.net squeezely.tech td.doubleclick.net; default-src 'self'; font-src 'self' data: *.bootstrapcdn.com *.cloudflare.com *.datatrics.com *.embedly.com *.myfonts.net *.robinhq.com *.surfly.com *.taglayer.com *.typekit.net *.vivition.com fonts.gstatic.com lgictautonlpwesa.blob.core.windows.net squeezely.tech; frame-ancestors 'none' googleads.g.doubleclick.net squeezely.tech td.doubleclick.net; frame-src 'self' *.cloudfront.net *.embedly.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.google.com *.hotjar.com *.klantenvertellen.nl *.pinterest.com *.recaptcha.net *.robinhq.com *.snapchat.com *.surfly.com *.taglayer.com *.youtube.com fls.doubleclick.net klantenvertellen.nl open.spotify.com sgtm.auto.nl squeezely.tech td.doubleclick.net youtu.be; img-src 'self' blob: data: *.adnxs.com *.amazonaws.com *.auto.nl *.autoweek.nl *.bing.com *.clarity.ms *.cloudfront.net *.contentful.com *.ctfassets.net *.datatrics.com *.doubleclick.net *.embed.ly *.facebook.com *.facebook.net *.google-analytics.com *.google.be *.google.bg *.google.co.uk *.google.com *.google.de *.google.ge *.google.ie *.google.it *.google.nl *.google.pl *.google.ro *.google.sr *.googleapis.com *.googletagmanager.com *.gstatic.com *.ndt5.net *.newstat.net *.owox.com *.pinimg.com *.pinterest.com *.rkn3.net *.robinhq.com *.snapchat.com *.squeezely.tech *.surfly.com *.taglayer.com *.typekit.net *.usabilla.com *.vivition.com *.ytimg.com graph.facebook.com lgictautonlpwesa.blob.core.windows.net ndt5.net plvpxl.net rkn3.net robincontentdesktop.blob.core.windows.net td.doubleclick.net; media-src 'self' *.robinhq.com *.s3.eu-west-1.amazonaws.com *.surfly.com lgictautonlpwesa.blob.core.windows.net squeezely.tech; object-src 'none'; plugin-types *.hotjar.com squeezely.tech; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: *.adform.net *.bing.com *.clarity.ms *.cloudfront.net *.datatrics.com *.embedly.com *.facebook.com *.facebook.net *.fls.doubleclick.net *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.goprivatelease.nl *.gstatic.com *.hotjar.com *.jquery.com *.mapbox.com *.msecnd.net *.ndt5.net *.newstat.net *.omappapi.com *.openreplay.com *.pinimg.com *.pinterest.com *.recaptcha.net *.rkn3.net *.robinhq.com *.snapchat.com *.surfly.com *.taglayer.com *.typekit.net *.usabilla.com *.visualstudio.com *.vivition.com *.youtube.com *.ytimg.com cdnjs.cloudflare.com googleads.g.doubleclick.net graph.facebook.com lgictautonlpwesa.blob.core.windows.net ndt5.net robincontentdesktop.blob.core.windows.net sc-static.net selfservice.robinhq.com sgtm.auto.nl squeezely.tech td.doubleclick.net youtu.be; style-src 'self' 'unsafe-inline' *.datatrics.com *.embedly.com *.google.com *.googleapis.com *.mapbox.com *.robinhq.com *.taglayer.com *.typekit.net lgictautonlpwesa.blob.core.windows.net squeezely.tech www.googletagmanager.com; worker-src 'self' blob:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.se https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.se; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.se https://m.myprotein.se https://checkout.myprotein.se https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.translate.naver.net https://*.trustpilot.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.se; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://*.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'self';frame-ancestors 'self';frame-src *;object-src 'none'; 1
frame-ancestors atida.fr *.atida.fr; 1
default-src 'self' https://www.cloudflare.com https://gvol.visaonline.com/ https://www.visasecureservices.com ;                 manifest-src 'self' https://gvol.visaonline.com/ https://www.visasecureservices.com;                 object-src 'none';                 script-src 'self' 'unsafe-inline' https://gvol.visaonline.com/ https://storage.googleapis.com;                 style-src 'self' 'unsafe-inline';                 img-src 'self' data:;                 frame-ancestors 'none';                  connect-src 'self' https://mcssignalrqa.visa.com wss://mcssignalrqa.visa.com https://www.cloudflare.com https://gvol.visaonline.com/ ; 1
frame-ancestors 'self' *.thefreshgrocer.com *.brands.wakefern.com 1
script-src 'self' 'unsafe-inline' *.cookiehub.net cookiehub.net cookiehub.com *.cookiehub.com gfx.kirjastot.fi www.google-analytics.com *.reactandshare.com www.kirjastot.fi; frame-src 'self' gfx.kirjastot.fi; 1
style-src 'self' 'unsafe-inline' *.shiva.fr use.typekit.net p.typekit.net *.cookiebot.com fonts.googleapis.com maps.google.com cdn.jsdelivr.net *.zapwp.com 1
default-src 'self';script-src 'self' 'unsafe-inline' https://cms-productie.thisiseindhoven.com dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com *.in.applicationinsights.azure.com live.applicationinsights.azure.com rt.applicationinsights.microsoft.com rt.services.visualstudio.com https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://www.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.googleoptimize.com https://optimize.google.com https://*.googletagmanager.com https://www.gstatic.com/recaptcha/ http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://a.omappapi.com/app/js/api.min.js https://w.soundcloud.com/player/api.js https://meting.thisiseindhoven.com https://a.omappapi.com https://a.omappapi.com/app/js/7.02d20d69.min.js https://js.makestories.io/player/StoryPlayer.js https://cdn.ampproject.org/amp-story-player-v0.js https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js https://stories.thisiseindhoven.com/ https://www.instagram.com/embed.js https://www.instagram.com https://connect.facebook.net https://www.facebook.com/ https://js.monitor.azure.com/ https://embed.typeform.com/next/embed.js;style-src 'self' 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com https://a.omappapi.com/app/js/api.min.css https://meting.thisiseindhoven.com https://a.omappapi.com https://a.omappapi.com/app/js/api.min.js https://a.omappapi.com/app/js/7.02d20d69.min.js https://cdn.ampproject.org/amp-story-player-v0.css https://stories.thisiseindhoven.com/ https://www.instagram.com/embed.js https://embed.typeform.com/next/css/widget.css;img-src 'self' data: https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.nl  https://www.google.com/ads/ https://www.google.nl/ads/ https://www.google.be/ads/ https://googleads.g.doubleclick.net https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://optimize.google.com https://script.hotjar.com http://script.hotjar.com https://www.google.be https://px.ads.linkedin.com/collect https://px4.ads.linkedin.com/collect https://players.storyasset.link https://www.facebook.com/ https://www.instagram.com/embed.js;connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com *.in.applicationinsights.azure.com live.applicationinsights.azure.com rt.applicationinsights.microsoft.com rt.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://connect.facebook.net https://www.facebook.com http://*.hotjar.com:* https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com *.linkedin.com *.licdn.com https://stats.g.doubleclick.net https://*.omappapi.com https://meting.thisiseindhoven.com https://optinmonster.com https://a.omappapi.com/app/js/7.02d20d69.min.js https://apis.v2.makestories.io https://apis.makestories.io/ https://graph.facebook.com/ https://www.instagram.com/embed.js *.eindhovendesigndistrict.com https://api.typeform.com/single-embed https://api.typeform.com/single-embed/01HWA4SAJV89ZD79NFD008VE2K https://api.typeform.com/single-embed/01HWA6B0ZDCNKZY38PC654FFKD;font-src 'self' data: https://fonts.gstatic.com http://script.hotjar.com https://script.hotjar.com;object-src 'none';media-src 'self';frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://optimize.google.com www.youtube.com w.soundcloud.com www.linkedin.com https://vars.hotjar.com https://bid.g.doubleclick.net https://www.google.com/ https://optinmonster.com https://a.omappapi.com/app/js/7.02d20d69.min.js https://stories.thisiseindhoven.com/ https://www.instagram.com/ https://www.facebook.com/ https://www.instagram.com/embed.js https://www.instagram.com https://form.typeform.com/;child-src 'self';form-action 'self' https://www.facebook.com/tr/ *.eindhovendesigndistrict.com;frame-ancestors https://*.thisiseindhoven.com *.eindhovendesigndistrict.com;base-uri 'self';worker-src 'self';manifest-src 'self';navigate-to 'self' *.eindhovendesigndistrict.com; 1
default-src 'self'; style-src * 'unsafe-inline'; script-src * 'unsafe-eval' 'unsafe-inline'; img-src https: data:; font-src *; connect-src *; frame-src * 1
default-src 'self' *.hallforcornwall.co.uk  *.youtube.com hallforcornwall.s3.eu-west-2.amazonaws.com *.google.com *.onetrust.com *.pinterest.com *.tiktok.com; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.hallforcornwall.co.uk *.fontawesome.com *.googleoptimize.com *.spektrix.com *.cloudflare.com polyfill.io *.googletagmanager.com *.youtube.com *.addevent.com addevent.com cdn.jsdelivr.net *.onetrust.com *.hotjar.com *.facebook.net *.pinimg.com *.tiktok.com *.googleadservices.com  *.pinterest.com; style-src 'self' 'unsafe-inline' unpkg.com *.fontawesome.com *.typekit.net code.jquery.com cdn.jsdelivr.net *.googleapis.com; img-src 'self' 'unsafe-inline' hallforcornwall.s3.eu-west-2.amazonaws.com data: *.gravatar.com *.hallforcornwall.co.uk *.facebook.com *.doubleclick.net *.google.com *.google.co.uk *.google.co.in; font-src 'self' 'unsafe-inline' use.typekit.net use.fontawesome.com fonts.gstatic.com data:; frame-src *.youtube.com tickets.hallforcornwall.co.uk  *.pinterest.com *.doubleclick.net; 1
object-src 'self'; worker-src 'self'; font-src 'self' fonts.googleapis.com cdnjs.cloudflare.com fonts.gstatic.com 'unsafe-inline' img.icons8.com maps.gstatic.com; form-action 'self'; connect-src 'self' www.google-analytics.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' data: maps.googleapis.com img.icons8.com maps.gstatic.com googletagmanager.com; style-src 'self' cdnjs.cloudflare.com stackpath.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' maps.googleapis.com img.icons8.com maps.gstatic.com; default-src 'self' unsafe-inline; img-src 'self' 'unsafe-inline' data: img.icons8.com maps.gstatic.com maps.googleapis.com; media-src 'self'; manifest-src 'self'; script-src 'self' 'unsafe-inline' maps.googleapis.com img.icons8.com maps.gstatic.com googletagmanager.com www.googletagmanager.com; frame-ancestors 'self'; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self'; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline' https://*.talentqgroup.com https://*.cloudfront.net https://www.google-analytics.com https://www.google.com/ https://www.gstatic.com  https://hello.myfonts.net/count/3122c9; frame-ancestors 'self' 1
default-src 'self' localhost:3000 cm-stg.formdev.io callminer.com px.ads.linkedin.com js.chilipiper.com epsilon-globalaccelerator.6sense.com chilipiper.com cdn.jsdelivr.net adservice.google.com consent-reporting.trustarc.com consent-pref.trustarc.com consent.trustarc.com px.ads.linkedin.com region1.google-analytics.com callminer.chilipiper.com api.chilipiper.com cdn-app.pathfactory.com https://analytics.google.com/ pagead2.googlesyndication.com tracking.crazyegg.com assets-tracking.crazyegg.com pagestates-tracking.crazyegg.com pages.callminer.com 347-xfv-966.mktoutil.com tracking.chilipiper.com fast.wistia.net fg8vvsvnieiv3ej16jby.litix.io embed-cloudfront.wistia.com pipedream.wistia.com fast.wistia.com distillery.wistia.com pipedream.wistia.com callminer-requests.my.onetrust.com ws.zoominfo.com people.api.boomtrain.com search-api.swiftype.com cdn.linkedin.oribi.io 347-xfv-966.mktoresp.com abrtp1.marketo.com events.api.boomtrain.com geolocation.onetrust.com stats.g.doubleclick.net s.swiftypecdn.com c.6sc.co script.crazyegg.com epsilon.6sense.com ipv6.6sc.co ib.adnxs.com www.google-analytics.com js.driftt.com secure.adnxs.com cdn.cookielaw.org;script-src 'self' 'unsafe-inline' localhost:3000 cm-stg.formdev.io callminer.com consent.trustarc.com chilipiper.com js.chilipiper.com js.chilipiper.com/marketing.js pages.callminer.com cdn.jsdelivr.net callminer.chilipiper.com cdn-app.pathfactory.com pagead2.googlesyndication.com apply.workable.com www.workable.com www.googleadservices.com 347-xfv-966.mktoutil.com fast.wistia.net fast.wistia.com js.chilipiper.com pages.callminer.com tracking.g2crowd.com snap.licdn.com munchkin.marketo.net abrtp1-cdn.marketo.com js.driftt.com c1.rfihub.net cdn.boomtrain.com secure.adnxs.com rtp-static.marketo.com abrtp1.marketo.com live.rezync.com ws.zoominfo.com swiftypecdn.com swiftypecdn.com s.swiftypecdn.com cdn.cookielaw.org fast.wistia.net bat.bing.com www.google-analytics.com j.6sc.co cdn.cookielaw.org/s googleads.g.doubleclick.net p.cdn.lookbookhq.com www.googletagmanager.com ajax.googleapis.com app.cdn.lookbookhq.com script.crazyegg.com cdn.jsdelivr.net cdn.jsdelivr.net s3-us-west-2.amazonaws.com cdnjs.cloudflare.com script.crazyegg.com;script-src-attr 'self' 'unsafe-inline';img-src 'self' localhost:3000 js.chilipiper.com googleads.g.doubleclick.net consent.trustarc.com consent.truste.com consent-pref.trustarc.com cdn.jsdelivr.net 347-xfv-966.mktoutil.com www.google.co.uk swiftype-ss.imgix.net i6.liadm.com live.rezync.com bat.bing.com js.chilipiper.com blob: data: embed-ssl.wistia.com fast.wistia.com fast.wistia.net downloads.ctfassets.net cdn.cookielaw.org b.6sc.co www.google.com live.rezync.com cc.swiftype.com b.6sc.co www.google-analytics.com i.liadm.com px.ads.linkedin.com www.googletagmanager.com www.linkedin.com cm-stg.formdev.io callminer.com images.ctfassets.net data:;style-src 'self' 'unsafe-inline' localhost:3000 cm-stg.formdev.io callminer.com pages.callminer.com cdn-app.pathfactory.com cdn-app.pathfactory.com/libraries/overlay/overlay.css fonts.googleapis.com fast.wistia.com rtp-static.marketo.com s.swiftypecdn.com stackpath.bootstrapcdn.com app.cdn.lookbookhq.com hello.myfonts.net data:;media-src 'self' blob: data: localhost:3000 cm-stg.formdev.io callminer.com fast.wistia.com embed-cloudfront.wistia.com js.driftt.com embed-ssl.wistia.com 347-xfv-966.mktoutil.com;child-src 'self' js.driftt.com 20843973p.rfihub.com td.doubleclick.net pages.callminer.com 20843974p.rfihub.com callminer.chilipiper.com callminer.com callminer.com/a1ab713b-076e-4a1b-9f24-ed6a2af0d33d cdn-app.pathfactory.com;worker-src 'self' localhost:3000 blob: data: cm-stg.formdev.io callminer.com callminer.com/a1ab713b-076e-4a1b-9f24-ed6a2af0d33d;object-src 'self' localhost:3000 blob: data: cm-stg.formdev.io callminer.com script.crazyegg.com;frame-src 'self' td.doubleclick.net js.driftt.com pages.callminer.com callminer.chilipiper.com consent-pref.trustarc.com learning.callminer.com callminer.pathfactory.com;frame-ancestors 'self' learning.callminer.com callminer.pathfactory.com;form-action 'none';base-uri 'self';font-src 'self' https: data:;upgrade-insecure-requests 1
default-src 'self'; frame-ancestors 'self'; frame-src 'self' https://outages.otpco.com https://www.google.com https://www.gstatic.com/ https://e.issuu.com www.youtube.com otpgis.maps.arcgis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com/ https://*.fontawesome.com https://*.weglot.com connect.facebook.net cdnjs.cloudflare.com https://*.cloudfront.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://*.weglot.com https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://*.fontawesome.com; connect-src 'self' https://web.delighted.com https://www.google-analytics.com https://www.googletagmanager.com *.fontawesome.com fontawesome.com *.weglot.com weglot.com cdn-api-weglot.com https://connect.facebook.net; img-src 'self' data: https://dashboard.umbraco.com https://e.issuu.com https://www.google-analytics.com https://www.facebook.com https://www.glassdoor.com https://*.googletagmanager.com https://i.ytimg.com; 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://sdk.companywebcast.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-MDdkNDMwOWEtZmUzOC00M2I3LWI4MWMtYjVhYTVlOTZmYWFi' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://meldingen.hollandsmiddenveilig.nl; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://meldingen.hollandsmiddenveilig.nl; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-MDdkNDMwOWEtZmUzOC00M2I3LWI4MWMtYjVhYTVlOTZmYWFi' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://fonts.googleapis.com;  1
default-src https: data: wss://*.doofinder.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.smartlook.com https://*.smartlook.cloud 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: 1
default-src 'self'; img-src 'self' data: matomo.cinetic21.de matomo-clone.cinetic21.de; style-src 'self' 'unsafe-inline'; script-src 'self' matomo.cinetic21.de matomo-clone.cinetic21.de cinetic21.de www.cinetic21.de 'unsafe-inline' 'unsafe-eval';connect-src cinetic21.de www.cinetic21.de matomo.cinetic21.de matomo-clone.cinetic21.de; 1
default-src 'self' https://*.stepnova.net;script-src 'unsafe-inline' 'unsafe-eval' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;style-src 'unsafe-inline' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;img-src 'self' data: https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;connect-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;font-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;object-src 'self' data: 'unsafe-eval' https://*.stepnova.net;media-src 'self' https://*.stepnova.net https://*.evsrv.net https://*.evsrv.de;form-action 'self'; 1
frame-ancestors 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-M4KDkh4Prxdfg0LKjcLw7g==' 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.demoup.com  https://www.dwin1.com  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.demoup.com; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  'unsafe-inline'  https://*.adyen.com  https://www.lidl.fr  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  https://*.demoup.com  https://www.dwin1.com  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
default-src 'self'; script-src 'unsafe-inline' https://cdn.cookielaw.org/ https://sp-tools-website.s3-eu-west-1.amazonaws.com/ https://www.google-analytics.com/; script-src-elem * 'unsafe-inline'; style-src 'unsafe-inline'; img-src https://sp-tools-website.s3-eu-west-1.amazonaws.com/ https://cdn.cookielaw.org/ https://cdn.cookielaw.org/ https://www.socialpoint.es/ https://www.google-analytics.com/; connect-src https://cdn.cookielaw.org/ https://www.socialpoint.es/ https://geolocation.onetrust.com/ https://sp-tools-website.s3-eu-west-1.amazonaws.com/ https://cdn.plyr.io/ https://www.google-analytics.com/ https://privacyportal.onetrust.com/; frame-src https://player.vimeo.com/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-VR4cJ031RiLo6BVVOJl7E/IGJ/OrVvv8xapWHBUfvJUatIu2' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src *; img-src * data: mediastream: blob:; media-src * data: mediastream: blob:; font-src * data:; worker-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; 1
upgrade-insecure-requests; frame-ancestors 'self' https://www.ncca.ie https://ncca-310521-dev-ums.azurewebsites.net https://ncca-310521-stg-ums.azurewebsites.net https://ncca-310521-prd-ums-pre-prod.azurewebsites.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com; img-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com http://www.w3.org https://www.w3.org data:; connect-src https://www.ore.edu.pl https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.gstatic.com data:; frame-src https://www.youtube.com; object-src 'none' 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'self'; font-src https: data: 'self' http: fonts.googleapis.com themes.googleusercontent.com; connect-src https: wss: 'self'; img-src https: data: 'self' https: *.gravatar.com; worker-src blob: https: 'self' 'unsafe-inline' 'unsafe-eval'; media-src https: blob: 'self'; style-src https: 'unsafe-eval' 'unsafe-inline' 'self' http: fonts.googleapis.com 1
font-src 'self' tls.freenet.de https://fonts.gstatic.com; img-src * data:; frame-ancestors 'self'; object-src 'self'; base-uri 'none'; 1
default-src 'self'; img-src 'self' blob: data:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://cdn.moneyconvert.net; 1
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data: https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bankmas.co.id https://orig-www.bankmas.co.id https://www.googleadservices.com https://googleads.g.doubleclick.net *.appsflyer.com https://www.google-analytics.com https://connect.facebook.net https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; img-src 'self' https://bankmas.co.id https://www.bankmas.co.id https://orig-www.bankmas.co.id https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.co.id https://google.co.id https://www.googleadservices.com https://*.facebook.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; frame-src 'self' https://td.doubleclick.net *.youtube.com *.google.com; connect-src 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.bankmas.co.id https://orig-www.bankmas.co.id https://bankmas.co.id https://*.facebook.net https://*.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; font-src 'self' https://fonts.gstatic.com data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src blob:; default-src 'self' https://www.bankmas.co.id https://orig-www.bankmas.co.id https://bankmas.co.id; 1
default-src 'self'; connect-src 'self' formulieren.elkerliek.nl *.hotjar.com region1.google-analytics.com *.readspeaker.com helpdeskdigitalezorg.nl; font-src 'self' fonts.gstatic.com script.hotjar.com *.readspeaker.com data:;; frame-src 'self' *.youtube.com *.youtu.be *.readspeaker.com vars.hotjar.com www.youtube-nocookie.com www.google.com; img-src 'self' data: ssl.google-analytics.com *.readspeaker.com *.zorgkaartnederland.nl *.pollennieuws.nl helpdeskdigitalezorg.nl; media-src 'self' *.readspeaker.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.readspeaker.com *.google-analytics.com www.googletagmanager.com *.hotjar.com formulieren.elkerliek.nl helpdeskdigitalezorg.nl; style-src 'self' 'unsafe-inline' *.readspeaker.com fonts.googleapis.com formulieren.elkerliek.nl helpdeskdigitalezorg.nl 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://convo.casa; img-src 'self' https: data: blob: https://convo.casa; style-src 'self' https://convo.casa 'nonce-lL2diRqt02U1ELYtJsa7Vw=='; media-src 'self' https: data: https://convo.casa; frame-src 'self' https:; manifest-src 'self' https://convo.casa; form-action 'self'; child-src 'self' blob: https://convo.casa; worker-src 'self' blob: https://convo.casa; connect-src 'self' data: blob: https://convo.casa https://b.convo.casa wss://s.convo.casa; script-src 'self' https://convo.casa 'wasm-unsafe-eval' 1
frame-ancestors 'self' ccc.org.co; 1
frame-ancestors 'self' lulop.com *.lulop.com https://www.bosch-press.it https://media.jaguar.com https://media.landrover.com https://media.jaguarlandrover.com https://stg-media-jaguar.jlrms.com https://stg-media-landrover.jlrms.com https://stg-media-jaguarlandrover.jlrms.com https://stg-media-jaguarracing.jlrms.com; 1
frame-ancestors 'self' *.ci360.sas.com 1
default-src 'self'; script-src-elem 'self' 'unsafe-inline' https://* https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com; script-src 'self' 'unsafe-eval' https://* https://tagmanager.google.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://* https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://* https://fonts.gstatic.com https://assets.ctfassets.net data:; img-src 'self' https://* https://www.googletagmanager.com https://ssl.gstatic.com https://images.ctfassets.net https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://pixel.tapad.com/ data:; frame-src https://* https://www.googletagmanager.com; connect-src 'self' https://* https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; 1
default-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: use.typekit.net use.fontawesome.com code.jquery.com google-analytics.com https://*.hotjar.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' http: https: e.issuu.com use.typekit.net code.jquery.com use.fontawesome.com www.google-analytics.com www.wufoo.com google-analytics.com; style-src 'self' 'unsafe-inline' http: https: 'report-sample' use.typekit.net use.fontawesome.com fonts.googleapis.com www.wufoo.com wufoo.com https://*.hotjar.com; style-src-elem 'self' 'unsafe-inline' http: https: 'report-sample' use.typekit.net use.fontawesome.com fonts.googleapis.com www.wufoo.com wufoo.com; img-src 'self' data: https: p.typekit.net https://*.hotjar.com; font-src 'self' use.typekit.net *.fontawesome.com fonts.gstatic.com acsbapp.com https://*.hotjar.com; connect-src 'self' ws24.hotjar.com in.hotjar.com www.google-analytics.com stats.g.doubleclick.net cdn.acsbapp.com web1.acsbapp.com *.fontawesome.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.monsido.com/ https://monsido-consent.com/ https://*.monsido-consent.com/ https://px.ads.linkedin.com/ http://*.sentry.io/ ; media-src 'self' web1.acsbapp.com; frame-src 'self' vars.hotjar.com anchor.fm e.issuu.com www.google.com player.vimeo.com connect.bipc.com s3.amazonaws.com acsbapp.com accounts.accessibe.com https://td.doubleclick.net/ https://*.hotjar.com https://view.officeapps.live.com/ https://player.flipsnack.com; frame-ancestors 'self' https://app.socio.events/; form-action 'self'; base-uri 'self'; report-uri https://notarobot.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://eservices.moccae.gov.ae; worker-src 'self' blob:; img-src * 'self' blob: data:;default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 1
object-src 'none'; script-src 'self' https://www.youtube.com/ https://youtube.com/iframe_api https://www.youtube.com/iframe_api https://www.youtube.com/s/player/5dd3f3b2/www-widgetapi.vflset https://www.googletagmanager.com/debug/bootstrap https://s.ytimg.com 'unsafe-inline' https://www.google-analytics.com/analytics.js http://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://static.hotjar.com/c/hotjar-2186599.js https://script.hotjar.com/modules.aa4c7aaa5da61b98a766.js https://script.hotjar.com/modules.9a7681f2864b86bb700a.js https://script.hotjar.com/modules.1eae5f578812029ee612.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/189162992320605 https://connect.facebook.net/signals/plugins/identity.js https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://track.adform.net/Serving/TrackPoint/ 'unsafe-eval'; img-src 'self' data: www.google-analytics.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://i.ytimg.com https://www.google.com/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://fonts.gstatic.com/s/i/googlematerialicons/more/v6/gm_blue-48dp/1x/gm_more_gm_blue_48dp.png https://www.facebook.com/tr/ https://www.gravatar.com/; font-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com/ https://c1.adform.net/ https://paleisamsterdam.globalticket.nl/; style-src 'self' 'unsafe-inline'; connect-src 'self' https://stats.g.doubleclick.net/j/collect https://in.hotjar.com/api/v2/client/sites/2186599/visit-data https://vc.hotjar.io/sessions/2186599 wss://ws6.hotjar.com/api/v2/client/ws https://ws6.hotjar.com/api/v2/sites/2186599/recordings/content www.google-analytics.com; base-uri 'none'; default-src 'self' 1
default-src 'self' data:       https://braze-images.com       https://*.go2bankonline.com       https://*.nextestate.com       https://*.twilio.com/       https://*.gobank.com       wss://tsock.us1.twilio.com/v3/wsconnect     wss://mpsnare.iesnare.com               https://*.salesforceliveagent.com     https://xg4ken.com/               https://*.demdex.net               https://assets.adobedtm.com                       https://*.walmartmoneycard.com                        https://*.walmart.com                         https://*.typekit.net                          https://ds.reson8.com                           https://*.typekit.com                        https://*.gdottrk.com                       https://*.msn.com                       https://*.bing.com                      https://*.iesnare.com                        https://*.yimg.com                           https://*.facebook.com                            https://*.omtrdc.net                                            https://*.gstatic.com                           https://*.greendot.com                           https://*.xg4ken.com                         https://*.doubleclick.net                         http://*.adobedtm.com                               https://*.vimeo.com                          https://*.google.com                          https://*.advertising.com                          https://*.google-analytics.com                        https://*.chango.com                          http://*.facebook.net                           https://*.fastclick.net                          https://*.googleadservices.com                          https://*.googleapis.com                           http://*.bbb.org                           https://*.iovation.com                           https://sdk.iad-05.braze.com     https://*.decibelinsight.net              https://*.decibel.com              wss://*.decibelinsight.net     https://*.api.decibel.com      http://*.trustarc.com      https://*.trustarc.com      http://*.truste.com      https://*.truste.com;           img-src 'self' data:              www.googletagmanager.com            https://braze-images.com            https://*.twilio.com/       https://*.go2bankonline.com            https://*.force.com             https://*.kampyle.com               https://*.google-analytics.com                         https://*.walmart.com                          https://*.typekit.net                          https://*.walmartmoneycard.com                          https://*.greendot.com                          https://stats.g.doubleclick.net                          https://seal.thawte.com                         https://*.upsellit.com                        https://*.adobe.com                         https://www.facebook.com                          https://www.google.com                        https://googleads.g.doubleclick.net                       https://*.bing.com     http://*.trustarc.com      https://*.trustarc.com      http://*.truste.com      https://*.truste.com;              child-src 'self' blob:                    https://ds.reson8.com                          https://*.google.com                         https://*.doubleclick.net                         https://*.cdn-gdc.com                         https://*.youtube.com      https://*.vimeo.com                       https://*.pegacloud.net            https://*.quantumdisputes.com               https://*.adsrvr.org                      http://*.greendot.com     http://*.trustarc.com      https://*.trustarc.com      http://*.truste.com      https://*.truste.com;                         style-src 'self' 'unsafe-inline' 'unsafe-eval'                 https://braze-images.com              https://secure.go2bank.com/web-chat/       https://*.go2bankonline.com/              https://*.fontawesome.com                            https://*.googleapis.com                       https://*.typekit.com                         https://*.typekit.net     http://*.trustarc.com      https://*.trustarc.com      http://*.truste.com      https://*.truste.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval'       https://*.decibelinsight.net              https://*.decibel.com     https://braze-images.com           https://*.go2bankonline.com           https://*.go2bank.com/web-chat/           https://*.appboycdn.com                    https://*.salesforceliveagent.com                      https://assets.adobedtm.com                       https://*.google-analytics.com                          https://*.doubleclick.net                         https://*.yahoo.com                https://*.kampyle.com              https://*.google.com                         https://*.adobedtm.com                              https://*.yimg.com                            https://*.googleapis.com                       https://*.facebook.com                         https://*.googleadservices.com                          https://*.iesnare.com                          https://*.bing.com                          https://*.typekit.com                         https://*.typekit.net                          https://*.facebook.net                       https://*.tt.omtrdc.net                       http://*.tt.omtrdc.net                       https://widgets.twimg.com                       https://seal.thawte.com                          https://*.youtube.com                         https://s.ytimg.com                        https://configusa.veinteractive.com                         https://ots.optimize.webtrends.com                        https://*.greendot.com                         https://*.iovation.com                        https://*.gstatic.com                       https://www.googletagmanager.com                      https://*.xg4ken.com                      https://*.adsrvr.org      http://*.trustarc.com      https://*.trustarc.com      http://*.truste.com      https://*.truste.com;          font-src 'self' data:                         https://braze-images.com                         https://*.fontawesome.com                         https://*.typekit.com                          https://*.typekit.net                           https://*.gstatic.com     http://*.trustarc.com      https://*.trustarc.com      http://*.truste.com      https://*.truste.com;             frame-src 'self' data: blob:      https://braze-images.com       https://*.go2bankonline.com       https://*.nextestate.com       https://*.twilio.com/       https://*.gobank.com       https://*.salesforceliveagent.com     https://xg4ken.com/               https://*.demdex.net               https://assets.adobedtm.com                       https://*.walmartmoneycard.com                        https://*.walmart.com                         https://*.typekit.net                          https://ds.reson8.com                           https://*.typekit.com                        https://*.gdottrk.com                       https://*.msn.com                       https://*.bing.com                      https://*.iesnare.com                        https://*.yimg.com                           https://*.facebook.com                            https://*.omtrdc.net                                            https://*.gstatic.com                           https://*.greendot.com                           https://*.xg4ken.com                         https://*.doubleclick.net                         http://*.adobedtm.com                               https://*.vimeo.com                          https://*.google.com                          https://*.advertising.com                          https://*.google-analytics.com                        https://*.chango.com                          http://*.facebook.net                           https://*.fastclick.net                          https://*.googleadservices.com                          https://*.googleapis.com                           http://*.bbb.org                           https://*.iovation.com                           https://sdk.iad-05.braze.com     https://*.decibelinsight.net     https://*.decibel.com     https://*.api.decibel.com      http://*.trustarc.com      https://*.trustarc.com      http://*.truste.com      https://*.truste.com;            1
default-src 'self' blob: https://nominatim.openstreetmap.org; img-src 'self' blob: data: https://s3.eu-central-1.amazonaws.com https://*.inexweb.fr https://*.inextenso.io  https://*.s3.eu-central-1.amazonaws.com https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://www.google-analytics.com https://api.tiles.mapbox.com https://lipis.github.io https://kp-sandbox.com/ https://*.benchbox.net https://s3.amazonaws.com/cdn.freshdesk.com/ https://s3-eu-central-1.amazonaws.com/euc-cdn.freshdesk.com/ https://*.fulll.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bam.eu01.nr-data.net https://www.googletagmanager.com https://js-agent.newrelic.com https://code.getmdl.io https://cdn.polyfill.io https://unpkg.com https://*.sentry.io https://sentry.io https://www.google-analytics.com https://85jv5zw9cx2p.statuspage.io https://storage.googleapis.com https://cdn.ravenjs.com https://widget.freshworks.com https://euc-widget.freshworks.com https://js.stripe.com https://*.fulll.io https://uptime.betterstack.com/widgets/announcement.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com blob: https://widget.freshworks.com https://euc-widget.freshworks.com https://*.fulll.io; font-src 'self' data: https://fonts.gstatic.com https://*.fulll.io https://*.inexweb.fr; object-src 'none'; worker-src 'self' blob:; frame-src https://view.officeapps.live.com https://www.google.com https://85jv5zw9cx2p.statuspage.io https://js.stripe.com https://player.vimeo.com https://*.fulll.io; connect-src blob: data: https://bam.eu01.nr-data.net wss://*.fulll.io wss://*.inexweb.fr https://*.amazonaws.com https://inextenso.knowledgeplaza.net https://*.inexweb.fr https://*.inexweb.io https://*.inextenso.io https://*.deloitteexperts.com https://*.propelbydeloitte.co.uk https://*.deloittedirect.dk https://*.deloitte.direct https://*.easydeloitte.at https://*.ibizapps.cloud https://nominatim.openstreetmap.org https://sentry.io https://*.sentry.io https://85jv5zw9cx2p.statuspage.io https://raw.githubusercontent.com https://inextenso.knowledgeplaza.net https://nexty.inextenso.fr https://www.google-analytics.com https://*.benchbox.net https://public.opendatasoft.com https://widget.freshworks.com https://euc-widget.freshworks.com https://xeonys.freshdesk.com https://fulll.freshdesk.com https://*.fulll.io https://cdn.jsdelivr.net/npm/@emoji-mart/; frame-ancestors 'self' https://view.officeapps.live.com https://*.fulll.io https://*.inexweb.fr https://*.inexweb.io 1
default-src 'self' *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com *.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com tracking.myunidays.com *.five9.net; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; frame-src 'self' https:; connect-src 'self' https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.sheridanoutlet.com.au; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://consentcdn.cookiebot.com https://maps.google.com https://www.google.com https://vimeo.com https://player.vimeo.com https://*.amazonaws.com https://*.stripe.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.com https://*.google.com https://stats.wp.com https://www.googletagmanager.com https://unpkg.com https://*.vimeo.com https://www.google.com https://www.gstatic.com https://*.stripe.com; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; img-src 'self' data: https://*.cookiebot.com https://pixel.wp.com https://*.eu-west-2.amazonaws.com https://*.google.co.uk; connect-src 'self' https://consentcdn.cookiebot.com *.doubleclick.net *.google.com *.google.co.uk *.analytics.google.com https://*.amazonaws.com https://*.stripe.com; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://pro.fontawesome.com 1
default-src * data: blob: https:; script-src *.terme-olimia.com *.gooya.io *.phobs.net *.sos-sw.si *.googletagmanager.com *.cloudflare.com *.googlesyndication.com *.bootstrapcdn.com *.gstatic.com *.google-analytics.com *.googleapis.com *.googleadservices.com *.google.com *.facebook.net *.intelliad.de *.doubleclick.net *.sentry-cdn.com *.hotjar.com *.iprom.net *.iprom.si *.google.si cdn-cookieyes.com 'unsafe-inline' 'unsafe-eval'; style-src *.gooya.io *.terme-olimia.com *.phobs.net *.googleapis.com *.google.com  *.sos-sw.si *.googletagmanager.com 'unsafe-inline' 1
frame-ancestors 'self' moovicite.com test.dbm-local.com; 1
base-uri 'self' https://*.friday.de https://*.fridev.de https://*.friday-staging.de; connect-src 'self' https://*.friday.de https://*.fridev.de https://*.freshworks.com https://*.freshdesk.com https://*.friday-staging.de https://*.forfriday.de https://*.friday-prod.de https://*.prismic.io https://*.zendesk.com https://*.segment.io https://*.fullstory.com https://*.usercentrics.eu https://*.google.com https://*.googleapis.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.google-analytics.com https://*.crazyegg.com https://*.spoteffects.net https://*.exponea.com https://*.meteonomiqs.com https://*.aservice.cloud https://api-mcj.wkda.de; default-src 'self' 'unsafe-inline'; font-src 'self' https://*.gstatic.com https://*.friday.de https://*.fridev.de https://*.friday-staging.de https://*.friday-prod.de data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://*.prismic.io https://*.usercentrics.eu https://*.hotjar.com https://*.stripe.com https://*.freshworks.com https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.optimizely.com https://*.kaskocloud.com https://*.youtube.com https://*.vimeo.com https://*.fridev.de https://*.friday-staging.de https://*.friday-prod.de https://*.friday.de https://*.google.com https://partner.wirkaufendeinauto.de https://autohero-widgets.prod.retail.auto1.cloud; img-src https: data: blob:; manifest-src 'self'; media-src 'self' https://*.gstatic.com data:; report-uri https://sentry.forfriday.de/api/61/security/?sentry_key=7d02d74a455b48749b29f3c7b7820fee&sentry_environment=production; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.friday.de https://*.prismic.io https://*.freshworks.com https://*.freshdesk.com https://*.segment.com https://*.usercentrics.eu https://*.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.googleadservices.com https://*.googleapis.com https://prismic.io/prismic-toolbar/4.0.9/toolbar.js https://*.google-analytics.com https://*.googlesyndication.com https://*.youtube.com https://*.doubleclick.net https://cdn.polyfill.io https://*.fullstory.com https://*.crazyegg.com https://*.hotjar.com https://*.dwin1.com https://*.spoteffects.net https://*.facebook.net https://*.bing.com https://*.stripe.com https://*.pso-vertrieb.de https://*.friday-empfehlen.de https://*.kaskojs.com/v2 https://*.exponea.com https://*.outbrain.com https://*.meteonomiqs.com https://*.aservice.cloud https://static.wirkaufendeinauto.de https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.google.com https://*.freshworks.com https://autohero-widgets.prod.retail.auto1.cloud; worker-src blob:; ; 1
default-src 'self' https:; base-uri 'self'; block-all-mixed-content; connect-src 'self' wss: https:; font-src 'self' https: data:; frame-src 'self' https: data: 'unsafe-inline'; img-src 'self' https: data:; media-src 'self' https: blob:; object-src 'self' https: data:; script-src 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
object-src 'none'; style-src * 'unsafe-inline'; script-src 'self' 'strict-dynamic' 'nonce-8SCsdxewa' https://cdn.oncehub.com/mergedjs/so.js https://dataart.my.site.com https://static.lightning.force.com https://d.la5-c1-ia4.salesforceliveagent.com https://dataart.my.salesforce.com https://js.zi-scripts.com/zi-tag.js scout-cdn.salesloft.com/sl.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery.matchHeight/0.7.2/jquery.matchHeight-min.js https://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://pi.pardot.com https://lp.dataart.com https://widget.clutch.co https://cdn.cookielaw.org https://www.youtube.com https://websitesapi.dataart.com https://widget.clutch.co/static/js/widget.js https://websitesapi.dataart.com https://d.clarity.ms/s/0.6.31/clarity.js https://bat.bing.com https://www.dataart.com/ https://*.clarity.ms https://www.google-analytics.com https://go.pardot.com/ https://snap.licdn.com/ https://www.google.com/pagead/conversion_async.js https://cdn.polyfill.io/v2/polyfill.js https://tagmanager.google.com/debug/debuguiApp-bundle.js https://tagmanager.google.com/debug https://optimize.google.com https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/api.js https://static.ads-twitter.com/uwt.js https://static.ads-twitter.com/uwt.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com https://bat.bing.com/bat.js https://code.jquery.com/jquery-3.3.1.min.js https://connect.facebook.net/en_US/fbevents.js https://a.quora.com/qevents.js https://www.gstatic.com https://salespanel.io https://analytics.twitter.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/* https://connect.facebook.net https://js.hs-scripts.com/5318857.js https://sc.lfeeder.com/lftracker_v1_bElvO73KyQb7ZMqj.js https://script.hotjar.com/ https://www.google-analytics.com/gtm/* https://js.hs-banner.com/5318857.js https://js.hs-analytics.net https://js.usemessages.com/conversations-embed.js https://js.hsadspixel.net/fb.js https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google-analytics.com/gtm/js https://maps.googleapis.com/; 1
frame-ancestors 'self' https://careerkarma.com/ 1
default-src 'self'; font-src * data:;img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline' blob:; style-src * 'unsafe-inline' ; connect-src *; media-src * blob: data:; object-src * blob:; frame-src *; worker-src * blob:; 1
child-src *; font-src *; img-src *; manifest-src *; media-src *; report-uri https://www.hiberus.com/report-uri/enforce 1
default-src data: https: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'self'; 1
default-src *; script-src 'self' 'unsafe-inline'; worker-src 'self' blob:; child-src 'self'; style-src 'self' 'unsafe-inline'; manifest-src 'self'; connect-src *; font-src 'self' data:; img-src * data:; frame-src 'self' https://connect.trezor.io https://beta.mycrypto.com https://github.proxy.mycryptoapi.com https://analytics.proxy.mycryptoapi.com; frame-ancestors 'self' https://mycrypto.com https://app.mycrypto.com https://github.proxy.mycryptoapi.com https://analytics.proxy.mycryptoapi.com 1
frame-ancestors 'self' *.goodman.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MDMzNTAyMGY3ODYxNGFhN2IxZTBkN2FlY2I1ZjEwNTE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.p-direkt.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.p-direkt.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.p-direkt.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src blob: 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://accounts.paytm.com/ https://sig.paytm.com/  insurance-blog-cms.s3.ap-south-1.amazonaws.com/ insurance-blog-cms.paytminsurance.co.in/ ; img-src * 'unsafe-inline' data:; frame-src data: mailto: tel: 'unsafe-inline' *;font-src * data: 'unsafe-inline' https://fonts.googleapis.com/; style-src-elem * 'unsafe-inline'; connect-src * data: 'unsafe-inline'; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.paytm.com/ https://sig.paytm.com/ https://fonts.googleapis.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.googleadservices.com/ fonts.gstatic.com/ insurance-blog-cms.s3.ap-south-1.amazonaws.com/ insurance-blog-cms.paytminsurance.co.in/  https://static.addtoany.com/ https://cdn.ampproject.org/ https://webappsstatic.paytm.com/ 1
child-src 'self'; connect-src 'self' stats.g.doubleclick.net www.google-analytics.com; default-src 'self'; font-src 'self' fonts.gstatic.com 'unsafe-inline'; frame-src 'self' *.google.com youtube.com *.youtube.com *.rapidpaycard.com *.trustarc.com; img-src 'self' i.ytimg.com *.google-analytics.com www.googletagmanager.com *.trustarc.com; manifest-src 'self' *.trustarc.com; media-src 'self'; object-src 'self' *.trustarc.com; script-src 'self' go.rapidpaycard.com *.google.com *.gstatic.com code.jquery.com *.google-analytics.com diffuser-cdn.app-us1.com *.googletagmanager.com *.facebook.com *.facebook.net t.sf14g.com formalyzer.com prism.app-us1.com *.google.com *.pardot.com *.trustarc.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com; worker-src 'self'; 1
frame-ancestors 'self' https://fintualist.com 1
frame-ancestors 'self' https://www.visitdenmark.dk https://*.www.visitdenmark.dk https://api.www.www.visitdenmark.dk 1
frame-ancestors *.mailslurp.com; default-src 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://app-static.eu.posthog.com *.posthog.com plausible.io *.plausible.io *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.redditstatic.com *.licdn.com https://www.youtube.com static.hsappstatic.net https://scripts.simpleanalyticscdn.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com wss://hubspot-realtime.ably.io *.usemessages.com https://typesense.mailslurp.biz https://www.youtube-nocookie.com; script-src-elem 'unsafe-inline' 'unsafe-eval' *.amazonaws.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://app-static.eu.posthog.com *.posthog.com plausible.io *.plausible.io *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.redditstatic.com *.licdn.com https://www.youtube.com static.hsappstatic.net https://scripts.simpleanalyticscdn.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com wss://hubspot-realtime.ably.io *.usemessages.com https://typesense.mailslurp.biz https://www.youtube-nocookie.com; object-src 'none'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; style-src blob: 'unsafe-inline' 'self' fonts.gstatic.com fonts.googleapis.com unpkg.com; connect-src *.amazonaws.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://app-static.eu.posthog.com *.posthog.com plausible.io *.plausible.io *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.redditstatic.com *.licdn.com https://www.youtube.com static.hsappstatic.net https://scripts.simpleanalyticscdn.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com wss://hubspot-realtime.ably.io *.usemessages.com https://typesense.mailslurp.biz https://www.youtube-nocookie.com; style-src-elem 'self' 'unsafe-inline' unpkg.com fonts.gstatic.com fonts.googleapis.com https://app-static.eu.posthost.com blob:; img-src https://* 'self' data: *.amazonaws.com *.mailslurp.biz *.mailslurp.com *.mailslurp.dev *.mailslurp.link *.ingest.sentry.io https://app-static.eu.posthog.com *.posthog.com plausible.io *.plausible.io *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.googletagmanager.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.redditstatic.com *.licdn.com https://www.youtube.com static.hsappstatic.net https://scripts.simpleanalyticscdn.com https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com wss://hubspot-realtime.ably.io *.usemessages.com https://typesense.mailslurp.biz https://www.youtube-nocookie.com; worker-src blob: *.mailslurp.com 1
default-src 'self' cht.timerbank.ru translate.yandex.net api.hh.ru *.googletagmanager.com *.google-analytics.com fonts.googleapis.com fonts.gstatic.com bitrix.info www.google-analytics.com mc.yandex.ru api-maps.yandex.ru *.maps.yandex.net yastatic.net ssl.google-analytics.com stats.g.doubleclick.net top-fwz1.mail.ru 'unsafe-eval' 'unsafe-inline'; img-src 'self' i-api.hh.ru mc.yandex.ru *.doubleclick.net *.google-analytics.com blob: data: api-maps.yandex.ru *.maps.yandex.net; 1
default-src 'self' http://127.0.0.1:* https://bam.nr-data.net/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://maps.google.com/ https://maps.googleapis.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/; img-src 'self' data: https://www.gstatic.com/ https://api.qrserver.com/v1/create-qr-code/ https://maps.gstatic.com/ https://maps.google.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' data: https://fonts.gstatic.com/; frame-ancestors 'self'; frame-src 'self' https://js.stripe.com/ https://sandbox-api.openpay.mx/ https://api.openpay.mx/ https://www.google.com/ https://eu.gcsip.nl/ blob: https://testsecureacceptance.cybersource.com/ https://ipe-pmt.cert.sabre.com/; object-src 'self' 1
default-src https://* http://vir-www-jc1-pro.csf.asso.fr http://vir-www-jc2-pro.csf.asso.fr gap-iab://* wss://* data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://gateway.eiendomsmegler1.no/graphql https://www.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com/tr/ https://*.googleapis.com/ https://www.test.sparebank1.no/api/tracking/webbehavior https://www.sparebank1.no/api/tracking/webbehavior https://services.cicero.no https://www.test.sparebank1.no/personal/banking/consent/cookies/identity https://www.sparebank1.no/personal/banking/consent/cookies/identity; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; script-src 'self' https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com www.googleadservices.com connect.facebook.net/ http://tb.de17a.com/ https://track.adform.net/ https://s2.adform.net/ https://googleads.g.doubleclick.net/ https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://services.cicero.no 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com https://services.cicero.no/sparebank1-calculators/1/content/font-awesome/css/font-awesome.min.css 'unsafe-inline' data:; img-src 'self' https://images.em1.no/ https://images-test.em1.no/ https://images.devaws.em1.no/ https://images.em1.dev https://images.eiendomsmegler1.no www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net googleads.g.doubleclick.net https://www.facebook.com/ https://connect.facebook.net/ https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com *.ggpht.com/ https://www.sparebank1.no/ data:; font-src 'self' https://fonts.gstatic.com https://services.cicero.no/sparebank1-calculators/1/content/font-awesome/fonts/ data:; frame-src *; frame-ancestors 'self' *.eiendomsmegler1.no; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://fonts.gstatic.com;report-uri /_/BardChatUi/cspreport/allowlist 1
default-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com gwm-set1.ml.wallst.com gwm-set2.ml.wallst.com 1359940.fls.doubleclick.net adservice.google.com advtools.morningstar.com akamai.tiqcdn.com api.amplitude.com api.markitdigital.com us-api.morningstar.com mwc-cdn.morningstar.com awrd.morningstar.com awsws.morningstar.com bam.nr-data.net beta.glancecdn.net cct.google cdn.mplxtms.com cdn.myglance.net cdn.tt.omtrdc.net brightcove04pmdo-a.akamaihd.net cf-images.us-east-1.prod.boltdns.net classroom.morningstar.com convertro.com d.agkn.com data.cmcore.com data.coremetrics.com dpm.demdex.net cdn.amplitude.com edge.api.brightcove.com fsa.merrilledge.com google-analytics.com hlsak-a.akamaihd.net cj.dotomi.com http://flagscape.bankofamerica.com fonts.gstatic.com bcsecure01-a.akamaihd.net awrduat.morningstar.com gwm-ml.wsodqa.com awsstgmain.morningstar.com awswsstg.morningstar.com http://research1.ml.com idsync.rlcdn.com insight.adsrvr.org cdn.polyfill.io iocdn.coremetrics.com libs.coremetrics.com hosttest.visualcalc.com login-prod.morningstar.com www.us-uat-api.morningstar.com login-uat.morningstar.com www.us-api.morningstar.com classroom-uat.morningstar.com manifest.prod.boltdns.net mc.coremetrics.com mcdata.coremetrics.com metrics.brightcove.com mktgcdn.coremetrics.com players.brightcove.net cdnapisec.kaltura.com public.cobrowse.oraclecloud.com recs.coremetrics.com resources.digital-cloud.medallia.com s3.amazonaws.com secure.brightcove.com secure-cdn.mplxtms.com stage.convertro.com tags.tiqcdn.com target.mboxedge35.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com udc-neb.kampyle.com webapi-bofatts-us.nods.nuance.com static-cert.getbills.com www.emjcd.com www.glancecdn.net qa-api.markitdigital.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.gstatic.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com www.international.ml.com www.merrilledge.com www.sepsemails.com cdn.cookielaw.org js-agent.newrelic.com geolocation.onetrust.com webapi-bofatts-us.nods.nuance.com six.cdn-net.com data: blob: wss: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com bam.nr-data.net cdn.amplitude.com cdn.cookielaw.org code.jquery.com gwm-ml.wsodqa.com d.agkn.com data.flurry.com js-agent.newrelic.com maxcdn.bootstrapcdn.com myfinancialpicturestagepfm.ml.com nebula-cdn.kampyle.com players.brightcove.net cdnapisec.kaltura.com resources.digital-cloud.medallia.com six.cdn-net.com testdata.coremetrics.com tags.tiqcdn.com udc-neb.kampyle.com use.fontawesome.com vjs.zencdn.net www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com js-agent.newrelic.com webapi-bofatts-us.nods.nuance.com webapi-us-preprod2.nods.nuance.com blob: wss: 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.ml.com *.bac-assets.com *.bankofamerica.com awrd.morningstar.com awrduat.morningstar.com cj.dotomi.com d.agkn.com dpm.demdex.net fonts.googleapis.com gwm-ml-a2.wsodqa.com gwm-ml.wsodqa.com hosttest.visualcalc.com maxcdn.bootstrapcdn.com nebula-cdn.kampyle.com resources.digital-cloud.medallia.com udc-neb.kampyle.com www.emjcd.com www.googletagmanager.com www.gwm.ml.wallst.com www.gwm1.ml.wallst.com www.gwm2.ml.wallst.com www.gwm-set1.ml.wallst.com www.gwm-set2.ml.wallst.com www.merrilledge.com www.streamer.ml.wallst.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.ml.com *.bac-assets.com *.bankofamerica.com *.managerewardsonline.com awrduat.morningstar.com awrd.morningstar.com classroom-uat.morningstar.com awsstgmain.morningstar.com awsws.morningstar.com awswsstg.morningstar.com www.merrilledge.com; worker-src 'self' blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tweesecake.social; img-src 'self' data: blob: https://tweesecake.social https://cdn.tweesecake.social; style-src 'self' https://tweesecake.social 'nonce-N7SWYFL00/s9CMj9MoBTLw=='; media-src 'self' data: https://tweesecake.social https://cdn.tweesecake.social; frame-src 'self' https:; manifest-src 'self' https://tweesecake.social; form-action 'self'; child-src 'self' blob: https://tweesecake.social; worker-src 'self' blob: https://tweesecake.social; connect-src 'self' data: blob: https://tweesecake.social https://cdn.tweesecake.social wss://tweesecake.social; script-src 'self' https://tweesecake.social 'wasm-unsafe-eval' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' media-src 'self' blob:; 1
script-src 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'self'; 1
default-src 'self'; font-src 'self' *.bootstrapcdn.com https://fonts.googleapis.com *.gstatic.com https://*.hotjar.com data:; img-src 'self' *.linkedin.com *.facebook.com *.adsymptotic.com *.google-analytics.com *.brf-global.com https://optanon.blob.core.windows.net *.googletagmanager.com *.gravatar.com *.cookielaw.org *.google.com *.google.com.br *.gstatic.com *.googleapis.com *.google.com https://*.hotjar.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.linkedin.com *.google-analytics.com *.cookielaw.org *.cloudflare.com https://connect.facebook.net https://snap.licdn.com *.bootstrapcdn.com https://www.googletagmanager.com *.google.com *.google.com.br *.gstatic.com *.youtube.com https://cdn.jsdelivr.net *.googleapis.com https://unpkg.com https://*.hotjar.com *.addtoany.com *.instagram.com https://viacep.com.br; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://*.hotjar.com; connect-src 'self' *.cookielaw.org *.onetrust.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.google.com *.linkedin.com https://cdn.linkedin.oribi.io *.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; frame-src 'self' *.service-now.com *.google.com *.youtube.com *.youtube-nocookie.com *.soundcloud.com *.hotjar.com *.addtoany.com *.instagram.com *.facebook.com 1
frame-ancestors 'self' https://silpion.de 1
default-src 'none';         base-uri 'self';         child-src 'self' https://forms.hsforms.com https://www.bradleycorp.com/ https://maps.gstatic.com https://maps.googleapis.com/;         connect-src 'self' https://cta-service-cms2.hubspot.com/ https://*.a.searchspring.io/api/ https://epsilon.6sense.com/ https://ipv6.6sc.co/ https://c.6sc.co/ https://bradleycorpb2c.b2clogin.com/ https://api.hubspot.com/ https://edge.fullstory.com https://*.bradleycorp.com https://api.hubapi.com https://forms.hubspot.com https://hubspot-forms-static-embed.s3.amazonaws.com https://stats.g.doubleclick.net https://www.google-analytics.com https://rs.fullstory.com https://www.clarity.ms https://bradleycorp-ext.okta.com/ https://forms.hsforms.com/ https://bradleycorp-ext.okta.com/api/v1 https://bradleycorp-ext.okta.com/oauth2/ https://podio.com/;         font-src data: https://*.bradleycorp.com/ https://bradleycorp.com/ https://fonts.gstatic.com https://global.oktacdn.com https://use.fontawesome.com;         form-action 'self' https://forms.hsforms.com https://*.bradleycorp.com https://forms.hubspot.com/;         frame-ancestors 'self' https://sketchfab.com/ https://maps.google.com https://www.bradleycorp.com/ https://bradleycorp.com/ https://platform.twitter.com https://syndication.twitter.com https://podio.com;         frame-src 'self' https://www.facebook.com https://bradleycorpb2c.b2clogin.com/ https://login.microsoftonline.com https://sketchfab.com/ https://view.ceros.com https://maps.google.com https://www.google.com/ https://*.bradleycorp.com https://bradleycorp.com/ https://www.tiki-toki.com https://www.youtube.com https://platform.twitter.com https://forms.hsforms.com https://forms.hubspot.com https://www.houzz.com/ https://bradleycorp-ext.okta.com https://podio.com;         img-src 'self' data: https://perf-na1.hsforms.com https://b.6sc.co/ https://lltrck.com/ https://*.bradleycorp.com https://bradleycorp.com https://cdn.nextopia.net/img/ https://nxtuploads.s3.amazonaws.com https://js.hs-scripts.com https://track.hubspot.com https://c.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://s3.amazonaws.com/thegoodjobs/badge-content/Bradley+Corp/ https://thegoodjobs.com/ https://www.thegoodjobs.com/ https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://pbs.twimg.com https://abs.twimg.com https://platform.twitter.com https://i.ytimg.com/ c.bing.com/ https://global.oktacdn.com https://secure.gravatar.com;         manifest-src 'self';         media-src 'self' https://www.bradleycorp.com/ ;         object-src 'none';         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bradleycorpb2c.b2clogin.com  https://view.ceros.com https://cdn.nextopia.net https://bradleycorp-com.ecomm-nav.com https://bradleycorp-dev-com.ecomm-nav.com https://ac.nextopiasoftware.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.hsleadflows.net https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/ https://maps.googleapis.com https://www.youtube.com/ https://www.thegoodjobs.com  https://thegoodjobs.com https://connect.facebook.net https://edge.fullstory.com https://platform.twitter.com/ https://cdn.syndication.twimg.com https://vector.nextopiasoftware.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.mxpnl.com https://s7.addthis.com https://platform.houzz.com/js/ https://global.oktacdn.com/okta-signin-widget/4.1.3/js/okta-sign-in.min.js https://use.fontawesome.com/a4c255239f.js https://podio.com;         script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://lltrck.com https://j.6sc.co https://js.hubspot.com https://bradleycorpb2c.b2clogin.com https://j.6sc.co/ https://js.usemessages.com/ https://lltrck.com https://rs.fullstory.com https://view.ceros.com https://cdn.nextopia.net https://bradleycorp-com.ecomm-nav.com https://bradleycorp-dev-com.ecomm-nav.com https://ac.nextopiasoftware.com https://forms.hsforms.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hsforms.net https://js.hsleadflows.net https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/ https://maps.googleapis.com https://www.youtube.com/ https://www.thegoodjobs.com  https://thegoodjobs.com https://connect.facebook.net https://edge.fullstory.com https://platform.twitter.com/ https://cdn.syndication.twimg.com https://vector.nextopiasoftware.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.mxpnl.com https://s7.addthis.com https://platform.houzz.com/js/ https://global.oktacdn.com/ https://use.fontawesome.com https://podio.com;         style-src 'self' 'unsafe-inline' https://cdn.nextopia.net https://*.bradleycorp.com https://www.thegoodjobs.com https://connect.facebook.net https://fonts.googleapis.com https://platform.twitter.com/css/ https://global.oktacdn.com/okta-signin-widget/4.1.3/css/ https://use.fontawesome.com/;         style-src-attr 'self' 'unsafe-inline' https://js.hsforms.net;         style-src-elem 'self' 'unsafe-inline' https://cdn.nextopia.net https://*.bradleycorp.com https://www.thegoodjobs.com https://connect.facebook.net https://fonts.googleapis.com https://platform.twitter.com/css/ https://global.oktacdn.com/ https://use.fontawesome.com;         upgrade-insecure-requests;         worker-src 'self' blob: https://cdn.mxpnl.com; 1
object-src 'self'; media-src 'self' *.vimeo.com *.akamaized.net; style-src 'self' 'unsafe-inline' p.typekit.net *.fonts.net *.livechatinc.com *.stackadapt.com *.mapbox.com *.googletagmanager.com *.googlepapis.com; script-src 'nonce-cf502828-d3b0-4383-8fbe-bce1487bc8eb' 'strict-dynamic' 'self' 'unsafe-inline' https:;  font-src 'self' *.typekit.net data: *.gstatic.com; frame-src *.doubleclick.net *.teads.tv *.google.com *.theatro360.com *.vimeo.com *.youtube.com *.cookiebot.com *.dotdigital-pages.com *.matterport.com *.livechatinc.com *.virtualsinc.com kuula.co www.digitalimages.gr mpembed.com www.luxproimaging.com player.adventr.io www.facebook.com *.ceros.com *.adobe.com; connect-src 'self' *.teads.tv *.googlesyndication.com *.stackadapt.com *.google-analytics.com *.azure.com *.mapbox.com *.facebook.com *.cookiebot.com commversion-public-functions.vercel.app *.doubleclick.net *.googletagmanager.com *.quantcount.com *.livechatinc.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.trackedweb.net; img-src 'self' *.mapbox.com *.teads.tv *.krxd.net *.doubleclick.net *.quantserve.com *.stackadapt.com data: *.facebook.com *.cookiebot.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; default-src 'self' *.google.com *.cookiebot.com; base-uri 'none'; report-to default 1
default-src 'self' https://gdpr-api.sharethis.com/v2/cmp-list.json blob; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.lcsnet.com https://www.lcsfoundationlcs.org https://www.carepurchasing.com https://www.lifecareservices.com https://player.vimeo.com/api/player.js https://snap.licdn.com js.stripe.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.idevdesign.net s3-us-west-2.amazonaws.com crm.bloomerang.co *.addthis.com z.moatads.com v1.addthisedge.com widgets.pinterest.com seniorliving.lcsnet.com https://www.googletagmanager.com/ https://purchasing.cpslcs.com/ https://mkt.carepurchasing.com/ *.hotjar.com wss://wsp7.hotjar.com/api/v2/client/ws https://wsp7.hotjar.com/api/v2/sites/2937019/recordings/content https://pi.pardot.com/analytics http://mkt.carepurchasing.com/pd.js http://mkt.carepurchasing.com/analytics http://pi.pardot.com/analytics *.sharethis.com/ https://googleads.g.doubleclick.net https://www.clarity.ms cdnjs.cloudflare.com 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com 'self' web-chat.nativechat.com cdn.ampproject.org 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://www.lcsnet.com https://www.lcsfoundationlcs.org https://www.carepurchasing.com https://www.lifecareservices.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.idevdesign.net 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com 'self' web-chat.nativechat.com; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.lcsnet.com https://www.lcsfoundationlcs.org https://www.carepurchasing.com https://www.lifecareservices.com https://p.adsymptotic.com https://px.ads.linkedin.com *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.idevdesign.net crm.bloomerang.co *.ae-admin.com https://www.google.com/ads/ga-audiences *.sharethis.com http://www.lcsnet.com/images *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com www.google.com c.clarity.ms c.bing.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.idevdesign.net https://www.lcsnet.com https://www.lcsfoundationlcs.org https://www.carepurchasing.com https://www.lifecareservices.com; frame-src 'self' js.stripe.com www.google.com s7.addthis.com player.vimeo.com https://vars.hotjar.com/ seniorliving.lcsnet.com *.sharethis.com *.carepurchasing.com *.lcsnet.com https://td.doubleclick.net https://www.youtube.com app.vwo.com *.visualwebsiteoptimizer.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.google-analytics.com *.gstatic.com bcp.crwdcntrl.net *.crwdcntrl.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com api.bloomerang.co maps.googleapis.com api-public.addthis.com *.addthis.com https://in.hotjar.com/ wss://ws23.hotjar.com/ https://ws23.hotjar.com/ wss://ws.hotjar.com https://content.hotjar.io https://stats.g.doubleclick.net/j/collect https://csmetrics.hotjar.com/ https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect wss://wsp35.hotjar.com/api/v2/client/ws https://wsp35.hotjar.com/api/v2/sites/2937019/recordings/content https://vc.hotjar.io/sessions/2937019 wss://wsp39.hotjar.com/api/v2/client/ws https://wsp39.hotjar.com/api/v2/sites/2937019/recordings/content https://l.sharethis.com/pview https://datasphere-sbsvc.sharethis.com/ https://gdpr-api.sharethis.com/v2/cmp-list.json https://gdpr-api.sharethis.com/v2/vendor-list.json https://gdpr-api.sharethis.com/is_eu https://px.ads.linkedin.com *.carepurchasing.com *.lcsnet.com *.visualwebsiteoptimizer.com app.vwo.com https://v.clarity.ms; media-src 'self' data: blob: https://www.lcsnet.com https://www.lcsfoundationlcs.org https://www.carepurchasing.com https://www.lifecareservices.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.carepurchasing.com *.lcsnet.com blob: 'self' web-chat.nativechat.com 1
upgrade-insecure-requests; frame-ancestors 'self' http://*.hulu.com https://*.hulu.com; 1
img-src 'self' *.thecheat.co.kr;media-src https://*;connect-src 'self' *.thecheat.co.kr *.naver.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.thecheat.co.kr  *.naver.net *.naver.com *.jquery.com *.google-analytics.com *.google.com *.youtube.com;style-src 'self' 'unsafe-inline' *.bootstrapcdn.com; 1
default-src 'self'; script-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.officedirekt-servicecenter.de https://cdn.officedirekt-servicecenter.de https://www.googletagmanager.com https://connect.facebook.net *.google-analytics.com *.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com; style-src 'self' 'unsafe-inline' https://matomo.officedirekt-servicecenter.de https://cdn.officedirekt-servicecenter.de *.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com; img-src data: blob: 'self' *.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://matomo.officedirekt-servicecenter.de https://checkout-hb-backup.officedirekt-servicecenter.de https://checkout-hb.officedirekt-servicecenter.de https://checkout-hb-2.officedirekt-servicecenter.de https://checkout-hb-3.officedirekt-servicecenter.de https://haribo.wavecdn.net *.google-analytics.com https://www.facebook.com https://www.office-direkt2.de; frame-ancestors 'self'; connect-src 'self' *.paypal.com https://www.paypalobjects.com https://www.sandbox.paypal.com https://matomo.officedirekt-servicecenter.de *.google-analytics.com https://www.facebook.com; font-src 'self' data: https://haribo.wavecdn.net https://netdna.bootstrapcdn.com; frame-src 'self' https://paypal.com *.paypal.com https://www.paypalobjects.com https://c.paypal.com/ https://assets.braintreegateway.com/ https://www.sandbox.paypal.com/ https://c.sandbox.paypal.com/ https://www.facebook.com 1
style-src 'self' 'unsafe-inline' https://www.denic.de https://fonts.googleapis.com; object-src 'self'; script-src 'self' https://app.guestoo.de https://www.denic.de https://my.visme.co https://denic.matomo.cloud https://cdn.matomo.cloud 'unsafe-inline'; img-src 'self' data: https://www.denic.de https://denic.matomo.cloud https://cdn.matomo.cloud; frame-src 'self' https://app.guestoo.de https://my.visme.co 1
upgrade-insecure-requests; default-src 'self'; sandbox allow-popups allow-scripts allow-same-origin allow-forms allow-downloads allow-popups-to-escape-sandbox allow-presentation ; frame-ancestors 'self' https://www.youtube.com/; form-action https://www.facebook.com/tr/; base-uri 'self';img-src 'self' https://www.google.co.in/ads/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ data: https://storage.googleapis.com/branddesignmanager/ https://storage.googleapis.com/answerconnect-website/ https://assets.answerconnect.com/  https://www.google.co.in/pagead/ https://www.google.com/ads/ga-audiences https://www.googletagmanager.com/ https://www.google.com/pagead/ https://bat.bing.com/action/ https://app.chatsupport.co/api/ https://sync.outbrain.com/ https://simage2.pubmatic.com/AdServer/ https://sync.taboola.com/ https://googleads.g.doubleclick.net/pagead/ https://px.ads.linkedin.com/ https://d.adroll.com/ https://p.adsymptotic.com/ https://dsum-sec.casalemedia.com/ https://pixel.advertising.com/ https://pixel.rubiconproject.com/ https://a.tribalfusion.com/ https://eb2.3lift.com/ https://ads.yahoo.com/cms/ https://x.bidswitch.net/ https://ib.adnxs.com/ https://idsync.rlcdn.com/ https://us-u.openx.net/ https://www.facebook.com/tr/ https://u.fg8dgt.com/ https://www.linkedin.com/px/ https://ups.analytics.yahoo.com/ups/ https://segments.company-target.com/ https://blip.bizrate.com/ https://analytics.twitter.com/i/ https://testgvbgjbhjb.com/ https://nxtck.com/ https://cm.g.doubleclick.net/ https://token.rubiconproject.com/ https://d.adroll.com/cm/ https://storage.googleapis.com/livesupport/chat/images/ https://google.com/ https://px.ads.linkedin.com/collect/ https://storage.googleapis.com/full-assets/ https://lh3.googleusercontent.com/ https://dp-sync.dotomi.com/ https://pix.impdesk.com/csync/ https://su.addthis.com/ https://aorta.clickagy.com/ https://sync.placelocal.com/ https://pixel.jumptap.com/e/v1/pixel/ https://www.storygize.net/ https://mmtro.com/cse/ https://rp.gwallet.com/r1/ https://cm.ctnsnet.com/int/ https://avatar.anywhere.app/files/ https://ds.reson8.com/ https://fonts.gstatic.com/s/i/googlematerialicons/ https://t.myvisualiq.net/ https://ps.eyeota.net/ https://tag.clrstm.com/ https://sync.mediawallahscript.com/ https://pxl.connexity.net/ https://dmpsync.3lift.com/ https://ssp.videostat.com/ssp/ https://px.gumgum.com/liveramp/ https: https://*.chatsupport.co;script-src 'self' 'nonce-f0aad969ace844538a5971e672082a34' 'unsafe-eval' https://utt.impactcdn.com/ https://*.tiktok.com/ https://www.google-analytics.com/ga.js https://ssl.google-analytics.com/ga.js https://www.google-analytics.com/ https://www.googletagmanager.com/ https://storage.googleapis.com/clientaccess/ https://storage.googleapis.com/branddesignmanager/AnswerconnectWebsite/ https://storage.googleapis.com/answerconnect-website/us/js/ https://www.googleoptimize.com/ https://static.hotjar.com/c/ https://*.chatsupport.co https://assets.answerconnect.com/common/js/ https://bat.bing.com/ https://cdn.callrail.com/companies/ https://www.clickcease.com/monitor/ https://connect.facebook.net/ https://*.smartlook.com https://*.smartlook.cloud https://js.callrail.com/group/ https://widget.trustpilot.com/bootstrap/ https://px.ads.linkedin.com/ https://dc.ads.linkedin.com/ https://cdn.linkedin.oribi.io/ https://s.adroll.com/ https://d.adroll.mgr.consensu.org/consent/ https://d.adroll.com/ https://script.hotjar.com/ https://app.chatsupport.co/api/ https://snap.licdn.com/li.lms-analytics/ https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js https://script.tapfiliate.com/ https://sc.lfeeder.com/ https://www.googleadservices.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://g.microsoft.com/clarity/ https://signup-dot-live-cwa.appspot.com/ https://assets.answerconnect.com/answerconnect/us/setmore_iframe.js https://storage.googleapis.com/answerconnect-website/ https://*.clarity.ms/ https://*.taboola.com/ blob: https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ ;style-src 'self' 'unsafe-inline' https: ;font-src 'self' data: https://use.typekit.net https://storage.googleapis.com/livesupport/chat/fonts/ ;connect-src 'self' https://answerconnect.pxf.io/ https://*.tiktok.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://livesupport-app.appspot.com/api/ https://in.hotjar.com/ https://script.googleusercontent.com/macros/ https://signup-dot-live-cwa.appspot.com/ https://signup-dot-stagingclientwebaccess-hrd.appspot.com/ wss://rtmserver.anywhereworks.com/ https://vc.hotjar.io/ wss://vc.hotjar.io/ https://*.hotjar.com/ https://*.chatsupport.co https://o151188.ingest.sentry.io https://analytics.google.com/ https://pagead2.googlesyndication.com/ wss://*.hotjar.com/ https://script.google.com/a/anywhere.co/macros/ https://optimize.google.com/ https://px.ads.linkedin.com/ https://dc.ads.linkedin.com/ https://cdn.linkedin.oribi.io/ https://signup.staging.answerconnect.com/services/ https://js.callrail.com/ https://bat.bing.com/actionp/ https://monitor.clickcease.com/conversions/api/ https://www.facebook.com/tr/ https://frstre.com/ https://signup.answerconnect.com/ https://manager.eu.smartlook.cloud/rec/ https://assets-proxy.smartlook.cloud/ https://events-writer.smartlook.com/rec/ https://web-writer.sg.smartlook.cloud/rec/ https://*.smartlook.com https://*.smartlook.cloud https://hooks.zapier.com/ https://www.youtube.com/ https://cdn.linkedin.oribi.io/partner/1935674/domain/ https://*.clarity.ms/ https://api-dot-stag-fullstorage.appspot.com https://api-dot-live-fullstorage.appspot.com https://storage.googleapis.com/stag-fullstorage https://storage.googleapis.com/fullstorage wss://rtmserver.anywhereworks.com/ wss://stagingrtm.anywhereworks.com https://*.taboola.com/ https://analytics.google.com/ https://region1.google-analytics.com/ ;media-src 'self' https://storage.googleapis.com/livesupport/ https://storage.googleapis.com/answerconnect-website/  https://assets.answerconnect.com/anywhereworks/videos/ https://*.chatsupport.co;frame-src 'self' https://www.googletagmanager.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://optimize.google.com/ https://bid.g.doubleclick.net/ https://widget.trustpilot.com/ https://my.setmore.com/ https://booking.setmore.com/ https://td.doubleclick.net/ https://www.youtube.com/ ;object-src 'self' https://storage.googleapis.com/ https://assets.answerconnect.com/ ; 1
default-src *;style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com  1
default-src 'self' https://*.upbatam.ac.id; style-src 'unsafe-inline' 'self' https://*.upbatam.ac.id https://www.google.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://api.jooble.org https://*.tiktokcdn.com https://*.ttwstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.upbatam.ac.id https://cdnjs.cloudflare.com https://*.google.com https://*.google.co.id https://ajax.googleapis.com https://*.googlesyndication.com https://*.googleadservices.com https://api.jooble.org https://*.amazonaws.com https://www.tiktok.com https://*.tiktokcdn.com https://*.ttwstatic.com https://*.ibytedtos.com https://*.elfsight.com https://*.youtube.com; img-src 'self' data: https://*.upbatam.ac.id https://*.google.com https://www.googleapis.com https://*.googlesyndication.com https://i.ytimg.com https://ssl.gstatic.com https://yt3.ggpht.com; font-src 'self' https://*.upbatam.ac.id https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com; frame-src 'self' https:; connect-src 'self' https://*.upbatam.ac.id https://id.jooble.org https://*.fastly.net https://*.ibytedtos.com https://*.googlesyndication.com https://core.service.elfsight.com; 1
default-src 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://*; script-src 'self' 'unsafe-inline' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://* 'unsafe-eval'; connect-src * 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://*; img-src data: 'self' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://*; style-src 'self' 'unsafe-inline' https://www.google.com/analytics https://cdn.mxpnl.com http://* https://*; font-src 'self' https://www.google.com/analytics https://cdn.mxpnl.com data: http://* https://*; 1
script-src * 'unsafe-inline'; style-src * 'unsafe-inline';img-src *;font-src *;frame-src *; 1
report-uri https://www.desteklio.com 1
default-src 'unsafe-inline' 'self' 'unsafe-eval' https://jquery.com https://ssl.google-analytics.com https://maps.googleapis.com https://fonts.gstatic.com https://maps.gstatic.com https://fonts.googleapis.com https://code.jquery.com https://ajax.microsoft.com https://player.vimeo.com https://appsforoffice.microsoft.com https://telemetryservice.firstpartyapps.oaspapps.com https://ajax.aspnetcdn.com https://supplysystem.supplypro.com data: ; 1
frame-ancestors *.zeekrlife-test.com *.zeekr.eu; 1
default-src 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleusercontent.com *.googleapis.com *.gstatic.com 'self' data: *.uat.shakeys.solutions *.shakeys.solutions *.pushnotifications.pusher.com *.s3.ap-southeast-1.amazonaws.com *.sentry.io *.youtube.com *.pingdom.net *.ap-southeast-1.elb.amazonaws.com *.api.telegram.org *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.cloudfront.net;style-src 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleusercontent.com *.googleapis.com *.gstatic.com 'self' data: *.uat.shakeys.solutions *.shakeys.solutions *.pushnotifications.pusher.com *.s3.ap-southeast-1.amazonaws.com *.sentry.io *.youtube.com *.pingdom.net *.ap-southeast-1.elb.amazonaws.com *.api.telegram.org *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.cloudfront.net;script-src 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleusercontent.com *.googleapis.com *.gstatic.com 'self' data: *.uat.shakeys.solutions *.shakeys.solutions *.pushnotifications.pusher.com *.s3.ap-southeast-1.amazonaws.com *.sentry.io *.youtube.com *.pingdom.net *.ap-southeast-1.elb.amazonaws.com *.api.telegram.org *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.cloudfront.net;img-src 'unsafe-eval' 'unsafe-inline' *.s3.amazonaws.com *.facebook.com *.facebook.net *.fbsbx.com *.google.com *.googleusercontent.com *.googleapis.com *.gstatic.com 'self' data: *.uat.shakeys.solutions *.shakeys.solutions *.pushnotifications.pusher.com *.s3.ap-southeast-1.amazonaws.com *.sentry.io *.youtube.com *.pingdom.net *.ap-southeast-1.elb.amazonaws.com *.api.telegram.org *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.cloudfront.net 1
default-src 'none'; base-uri 'self'; object-src 'self'; media-src 'self'; connect-src 'self'; script-src kuario.com *.kuario.com 'unsafe-eval' 'unsafe-inline' 'self'; img-src 'self' data: secure.gravatar.com *.kuario.com kuario.com; font-src 'self' *.kuario.com kuario.com data:; frame-src 'self' www.youtube.com status.kuario.com kuario.statuspage.io; style-src 'unsafe-inline' 'self' kuario.com *.kuario.com 1
frame-ancestors http://www.ironplanet.com.au https://www.ironplanet.com.au 1
default-src 'self' *.jala.tech *.intercomcdn.com app.posthog.com; connect-src 'self' analytics.google.com analytics.tiktok.com *.clarity.ms *.google-analytics.com stats.g.doubleclick.net *.jala.tech app.posthog.com js.hs-banner.com *.hubspot.com api.hubapi.com *.hsforms.com *.intercom.io *.s3.amazonaws.com wss: forms.hscollectedforms.net noembed.com www.facebook.com api.vercel.com *.adobe.com *.adobe.io *.airtable.com *.crisp.chat; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.clarity.ms *.tiktok.com *.intercom.io *.intercomcdn.com *.google-analytics.com *.google.com *.gstatic.com *.jala.tech js.hs-scripts.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net app.posthog.com js.hsforms.net connect.facebook.net js.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net js.hs-banner.com *.youtube.com *.adobe.com *.crisp.chat; child-src 'self' *.jala.tech; style-src 'self' 'unsafe-inline' *.jala.tech fonts.googleapis.com *.googleapis.com data: 'unsafe-hashes' *.crisp.chat; frame-src 'self' *.jala.tech *.doubleclick.net *.hsforms.net *.google.com *.googletagmanager.com *.hsforms.com www.youtube.com www.facebook.com *.adobe.com *.hubspot.com *.crisp.chat; img-src 'self' blob: data: https: *.jala.tech; font-src 'self' *.jala.tech fonts.gstatic.com fonts.googleapis.com data: *.intercomcdn.com data: *.crisp.chat; media-src 'self' *.jala.tech www.youtube.com js.intercomcdn.com m.youtube.com; object-src 'self' *.jala.tech data:; worker-src 'self' blob: *.jala.tech; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' content.mql5.com https://google.com https://post.foreximf.com https://www.google.com https://maps.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://google-analytics.com https://ssl.google-analytics.com https://googletagmanager.com https://www.googletagmanager.com https://youtube.com https://www.youtube.com https://connect.facebook.net https://www.google-analytics.com https://www.google.co.id https://www.facebook.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net/; worker-src 'self' blob:  'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://cdn.ampproject.org/; 1
default-src 'self'; connect-src 'self' https://google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleapis.com https://*.google.com https://*.google.nl https://*.doubleclick.net https://*.fontawesome.com https://cdn.plyr.io https://*.timeblockr.com https://noembed.com https://*.tawk.to wss://*.tawk.to https://*.facebook.com https://*.facebook.net https://*.leadinfo.net https://*.leadinfo.com https://in.logtail.com https://*.browsealoud.com https://*.speechstream.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://*.visualstudio.com https://*.clarity.ms https://*.tiktok.com https://*.amazonaws.com https://*.recras.nl https://*.hubspot.com https://*.hubapi.com https://*.hs-banner.com https://*.hsforms.com https://*.hsforms.net https://*.hscollectedforms.net https://*.bing.com https://*.cookiebot.com https://*.elfsight.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://*.linkedin.com https://*.googleadservices.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://cdn.trustindex.io https://*.recras.nl https://dashboard.webwinkelkeur.nl https://polyfill.io https://*.hubspot.com https://*.hs-analytics.net https://*.hsadspixel.net https://*.usemessages.com https://*.hs-banner.com https://*.hsleadflows.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hscollectedforms.net https://*.fontawesome.com https://connect.facebook.net https://*.amazonaws.com https://*.googleapis.com https://*.google.com https://*.google.ad https://*.google-analytics.com https://*.googletagmanager.com https://*.doubleclick.net https://*.gstatic.com https://*.googleadservices.com https://*.googletagservices.com https://*.googleoptimize.com https://*.googlesyndication.com https://www.youtube.com https://player.vimeo.com https://*.timeblockr.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://*.browsealoud.com https://*.mailplus.nl https://*.leadinfo.net https://chimpstatic.com https://*.cookiebot.com https://*.calendly.com https://*.activehosted.com https://*.typekit.net https://*.hotjar.com https://*.pinterest.com https://*.licdn.com https://*.tiktok.com https://*.bing.com https://*.clarity.ms https://*.redditstatic.com https://*.adsafeprotected.com https://*.elfsight.com https://*.lfeeder.com https://*.app-us1.com data: blob: https://*.eventix.io https://*.trustedshops.com https://sdk.privacy-center.org; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://*.gstatic.com https://*.mailplus.nl https://cdn.plyr.io https://*.recras.nl https://*.timeblockr.com https://*.hotjar.com https://*.cloudflare.com https://*.tawk.to https://*.leadinfo.net https://*.leadinfo.com https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdn.trustindex.io https://*.fontawesome.com https://dashboard.webwinkelkeur.nl https://*.typekit.net https://*.timeblockr.com https://*.tawk.to https://*.hotjar.com https://*.cloudflare.com data: https://*.trustedshops.com https://*.leadinfo.net; img-src 'self' https://secure.gravatar.com https://*.tawk.to https://*.timeblockr.com https://*.typekit.net https://*.cloudflare.com https://*.google.at https://*.google.be https://*.google.ca https://*.google.ch https://*.google.ci https://*.google.com https://*.google.de https://*.google.es https://*.google.fi https://*.google.fr https://*.google.gr https://*.google.hu https://*.google.ie https://*.google.is https://*.google.lu https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.sr https://*.google.tn https://*.google.com.bd https://*.google.com.bh https://*.google.com.eg https://*.google.com.et https://*.google.com.mt https://*.google.com.pa https://*.google.com.ph https://*.google.com.py https://*.google.com.tn https://*.google.com.tr https://*.google.com.ua https://*.google.com.vn https://*.google.co.by https://*.google.co.et https://*.google.co.id https://*.google.co.in https://*.google.co.jp https://*.google.co.uk https://*.google.co.za https://*.google-analytics.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.googleusercontent.com https://*.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.cdninstagram.com https://*.facebook.com https://cdn.trustindex.io https://*.hotjar.com https://*.linkedin.com https://*.bing.com https://*.trustedshops.com https://*.hubspot.com https://*.hubspotusercontent-na1.net https://*.hsforms.com https://*.clarity.ms https://*.reddit.com https://*.mailplus.nl https://i.ytimg.com https://*.lfeeder.com https://*.tiktok.com https://*.amazonaws.com https://cdn.jsdelivr.net data: https://*.leadinfo.net https://*.leadinfo.com https://*.cookiebot.com https://woo.com https://*.mollie.com https://www.roularta.be; media-src 'self' https://vimeo.com https://player.vimeo.com https://*.akamaized.net blob:; frame-src 'self' https://www.youtube.com https://youtu.be https://*.youtube-nocookie.com https://youtube-nocookie.com https://player.vimeo.com https://calendly.com https://*.google.com https://*.googlesyndication.com https://*.doubleclick.net https://dashboard.webwinkelkeur.nl https://*.facebook.com https://consentcdn.cookiebot.com https://*.hubspot.com https://*.hsforms.com https://*.hs-sites.com https://*.klantenvertellen.nl https://open.spotify.com https://*.recras.nl https://*.stager.nl https://*.stager.co blob: https://myprivacy.roularta.be; frame-ancestors 'self'; form-action 'self' https://*.facebook.com https://*.make.com https://*.hsforms.com https://*.hubspot.com https://*.mailplus.nl https://*.mollie.com 1
default-src 'self' https://www.lacrossecounty.org https://kendo.cdn.telerik.com https://kendo.cdn.telerik.com*; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com code.jquery.com https://vimeo.com/ https://www.googletagmanager.com https://kendo.cdn.telerik.com 'self' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://www.lacrossecounty.org 'self' https://lacrossecounty.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://www.lacrossecounty.org; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com/ https://app.powerbigov.us web-chat.nativechat.com; connect-src accounts.google.com www.google-analytics.com *.mktoresp.com https://vimeo.com/ https://www.googletagmanager.com https://www.googletagmanager.com* https://kendo.cdn.telerik.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
default-src 'self' https://track.uslugi.io; frame-ancestors 'self'; object-src 'none'; frame-src 'self' https://www.google.com/recaptcha/; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://track.uslugi.io https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' 'unsafe-inline' data: https://track.uslugi.io; connect-src 'self' https://track.uslugi.io; child-src 'self' https://www.youtube.com https://track.uslugi.io; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZTIyYzljMGNmZmU2NDhhYWFmZmYzMzdkMmI5MTEyOGU=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' oltest.ru *.oltest.ru oltest.kz *.oltest.kz olte.st *.olte.st yastatic.net *.yastatic.net *.yandex.net *.yandex.ru yandex.ru yandex.kz *.yandex.kz yandex.st yandexadexchange.net *.yandexadexchange.net www.google-analytics.com *.google.com vk.com *.vk.com *.adfox.ru yastat.net matchid.adfox.yandex.ru *.strm.yandex.ru promo-money.ru yoomoney.ru *.admetrica.ru; img-src 'self' data: oltest.ru *.oltest.ru oltest.kz *.oltest.kz olte.st *.olte.st *.yandex.ru yandex.ru yandex.kz *.yandex.kz *.yandex.net yastatic.net *.yastatic.net www.google-analytics.com *.google.com www.googleapis.com *.gstatic.com *.doubleclick.net vk.com *.vk.com *.adfox.ru yastat.net promo-money.ru yoomoney.ru *.admetrica.ru; font-src 'self' data: oltest.ru *.oltest.ru oltest.kz *.oltest.kz olte.st *.olte.st an.yandex.ru yastatic.net yastat.net; report-uri http://oltest.ru/csp_log.php?from=http://oltest.ru; 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' *.webvisor.com metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr 1
default-src 'self';connect-src *; child-src *; frame-src *; img-src * data:; media-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
default-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://www.google-analytics.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com https://static.cloudflareinsights.com https://googleads.g.doubleclick.net https://www.google.com https://snap.licdn.com https://www.googleadservices.com https://www.google-analytics.com https://use.fontawesome.com https://www.googletagmanager.com https://platform.linkedin.com https://platform.twitter.com https://graph.facebook.com https://connect.facebook.net https://cdn.leadinfo.net https://*.cookiebot.com https://*.app-us1.com https://tesorion.activehosted.com https://*.cloudfront.net https://trackcmp.net *.getclicky.com clicky.com blob: ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com https://cdn.leadinfo.net ; img-src 'self' https://i.ytimg.com https://www.facebook.com https://www.googletagmanager.com https://*.ads.linkedin.com https://www.google-analytics.com https://fonts.gstatic.com https://cdn.leadinfo.net https://c.bing.com https://c.clarity.ms https://*.getclicky.com https://*.cookiebot.com https://*.reddit.com www.google.com www.google.nl www.linkedin.com data: ; frame-src 'self' https://platform.twitter.com https://consentcdn.cookiebot.com https://www.facebook.com https://*.doubleclick.net www.google.com data: ; media-src 'self' ; script-src-elem 'self' 'unsafe-inline' https://s.ytimg.com https://static.cloudflareinsights.com https://www.google-analytics.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://platform.twitter.com https://platform.linkedin.com https://use.fontawesome.com https://www.googletagmanager.com https://snap.licdn.com https://www.googleadservices.com https://www.google.com https://connect.facebook.net https://*.cookiebot.com https://cdn.leadinfo.net https://*.app-us1.com https://tesorion.activehosted.com https://*.cloudfront.net https://*.clarity.ms https://*.getclicky.com/ https://www.redditstatic.com http://trackcmp.net ; connect-src 'self' https://www.google-analytics.com https://api.leadinfo.com https://collector.leadinfo.net https://www.facebook.com https://consentcdn.cookiebot.com https://*.clarity.ms https://*.google-analytics.com https://*.analytics.google.com https://region1.analytics.google.com https://*.doubleclick.net https://*.redditstatic.com https://*.linkedin.com https://*.reddit.com https://in.getclicky.com data: ; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com data: 1
base-uri 'none'; font-src 'self' https: data: https://heapanalytics.com https://assets.vercel.com *.auryc.com; form-action 'self'; frame-ancestors 'self' https://loox.io https://verify.walletconnect.com https://verify.walletconnect.org; img-src 'self' data: https://heapanalytics.com https://hubspot.com https://assets.vercel.com https://vercel.com https://www.googletagmanager.com https://api.heliumdeploy.com http://localhost:1337 http://127.0.0.1:1337 https://cdn.shopify.com/ https://res.cloudinary.com * blob:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline' https://heapanalytics.com https://assets.vercel.com https://res.cloudinary.com https://vercel.live; script-src 'self' https: 'unsafe-inline' *.hubspot.com *.heapanalytics.com; upgrade-insecure-requests; worker-src 'self' blob:; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss://*.noibu.com wss://*.dixa.io 1
frame-ancestors 'self' https://*.hhsva.ca https://*.teamhhsva.ca https://*.hhsvaagm.ca https://*.preferredcatering.ca ; script-src https://cdn.jsdelivr.net https://*.googleapis.com https://*.google.com https://*.connect.facebook.net https://*.youtube.com https://*.google-analytics.com https://*.hotjar.com https://*.googletagmanager.com https://*.facebook.net https://*.twitter.com 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com ; style-src https://use.fontawesome.com https://cdn.jsdelivr.net https://*.googleapis.com https://unpkg.com https://www.gstatic.com 'self' 'unsafe-inline'; 1
frame-ancestors 'self' cdn.matrixlms.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dfg-viewer.de matomo.slub-dresden.de; style-src 'self' 'unsafe-inline'; img-src * data:; connect-src *; frame-ancestors 'self' *.hab.de http://*.hab.de dietrich.uni-trier.de parlamente.hessen.de http://recherche.landesarchiv.sachsen-anhalt.de; 1
default-src 'self' data: https://files.radiomd.com https://radiomd.com https://support.doctorpodcasting.com https://*.facebook.com  https://fonts.googleapis.com https://*.gstatic.com https://173.193.205.96:2199 https://www.google-analytics.com https://pixel.quantserve.com/ https://stats.g.doubleclick.net https://fonts.gstatic.com https://ajax.googleapis.com https://*.addthis.com http://media.blubrry.com https://media.blubrry.com 'unsafe-inline';frame-ancestors 'self' *.facebook.com;script-src 'unsafe-inline' 'unsafe-eval' http: https:;object-src 'none'; font-src 'self' data: https://fonts.gstatic.com https://*.radiomd.com http://mootools.net https://ajax.googleapis.com  http: https: 1
frame-ancestors 'self' www.westin-dresden.de westin-dresden.de newsletter.hotel-bellevue-dresden.de nieuwsbrief.bilderberg.nl bilderberg.nl www.bilderberg-hotel-dresden.de bilderberg-hotel-dresden.de bilderberg-bellevue-dresden.de www.bilderberg-bellevue-dresden.de 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.zeltser.com https://*.twitter.com https://*.twimg.com https://*.typekit.net https://secure.gravatar.com https://www.google-analytics.com https://fonts.googleapis.com https://ssl.gstatic.com https://trends.google.com https://fonts.gstatic.com https://player.vimeo.com https://www.youtube.com data: ; media-src http://origin1.podcastwebsites.com https://*.zeltser.com https://zeltser.com 1
default-src 'self' data: 'inline-script' 'unsafe-inline' 'unsafe-eval' http://data.планетажелез�ка.рф http://data.xn--80aaaawdltkvth1aig1f.xn--p1ai http://data.* http://yandex.st http://*.yandex.ru https://*.yandex.ru http://yastatic.net http://*.maps.yandex.net http://*.mail.ru http://*.list.ru http://*.rambler.ru http://www.google-analytics.com http://www.skypeassets.com http://79.135.240.42:8008 https://www.youtube.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' crypto.com *.kryll.io *.google-analytics.com player.vimeo.com td.doubleclick.net *.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.4.1.slim.min.js https://dev.visualwebsiteoptimizer.com https://cdnjs.cloudflare.com/; connect-src 'self' stats.g.doubleclick.net analytics.google.com *.analytics.google.com *.kryll.io api.coingecko.com *.zdassets.com *.zendesk.com *.google-analytics.com ; img-src 'self' data: *.kryll.io *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.doubleclick.net *.gravatar.com *.wp.comi cdnjs.cloudflare.com https://animaproject.s3.amazonaws.com https://px.animaapp.com; style-src 'self' *.kryll.io cdn.jsdelivr.net https://animaproject.s3.amazonaws.com https://px.animaapp.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com cdnjs.cloudflare.com; font-src 'self' cdnjs.cloudflare.com cdn.jsdelivr.net *.kryll.io *.googleapis.com fonts.gstatic.com;  object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://www.googletagmanager.com/ www.googletagmanager.com *.kryll.io https://www.google-analytics.com *.googleapis.com https://cdn.jsdelivr.net https://code.jquery.com/jquery-3.4.1.slim.min.js https://dev.visualwebsiteoptimizer.com cdnjs.cloudflare.com crypto.com 1
upgrade-insecure-requests; object-src 'none';  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.iyp.com.tw https://cdnjs.cloudflare.com/ajax/libs/ https://www.google.com/recaptcha/api.js https://apis.google.com/js/platform.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://connect.facebook.net https://download.skype.com https://d.line-scdn.net https://www.gstatic.com https://unpkg.com https://kit.fontawesome.com; style-src 'self' 'unsafe-inline' https://static.iyp.tw https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com https://ka-f.fontawesome.com/releases; font-src 'self' https://static.iyp.tw https://fonts.gstatic.com https://cdnjs.cloudflare.com https://ka-f.fontawesome.com/releases/; img-src 'self' data: blob: http://iyp.tw https://iyp.tw https://static.iyp.tw https://resource.iyp.tw https://www.iyp.com.tw https://www.google-analytics.com https://www.google.com https://www.google.com.tw https://s3-ap-northeast-1.amazonaws.com https://www.line-website.com; media-src 'self' https://static.iyp.tw https://resource.iyp.tw https://www.iyp.com.tw https://youtube.com; frame-src 'self' https://www.iyp.com.tw https://youtube.com https://www.gstatic.com https://www.google.com https://social-plugins.line.me https://www.facebook.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://ka-f.fontawesome.com/releases/ https://s3-ap-northeast-1.amazonaws.com https://analytics.google.com; frame-ancestors 'self' https://www.iyp.tw https://www.iyp.com.tw https://static.iyp.tw https://resource.iyp.tw https://www.iyp.com.tw https://social-plugins.line.me https://www.facebook.com; form-action 'self'; object-src 'none' 1
style-src 'self' 'unsafe-inline' http://fast.fonts.net http://cdnjs.cloudflare.com https://tagmanager.google.com/debug/css.css  https://go.mimsoftware.com https://fonts.googleapis.com/icon https://fonts.googleapis.com/css https://static.hsappstatic.net/ https://kit-free.fontawesome.com/releases/latest/css/ https://s3.amazonaws.com/mimweb-portal/ https://andreasmb.github.io/lever-jobs-embed/embed-css/style.css  http://cdn2.hubspot.net https://mimsoftware.bamboohr.com/css/jobs-embed.css; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://www.google-analytics.com https://www.googletagmanager.com http://cdn.livechatinc.com https://secure.livechatinc.com https://accounts.livechatinc.com https://api.livechatinc.com/ d3rxaij56vjege.cloudfront.net https://tagmanager.google.com/debug https://bat.bing.com/bat.js https://static.ads-twitter.com/uwt.js https://js.hs-scripts.com/5300642.js https://extend.vimeocdn.com/ga/30453521.js https://tagmanager.google.com/debug/angular-bundle.js https://tagmanager.google.com/debug/debuguiApp.js https://js.hs-analytics.net/ https://js.hsadspixel.net/fb.js https://js.hscollectedforms.net/ https://tagmanager.google.com/debug/api/vtinfo https://www.google.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/943181837/ https://kit.fontawesome.com/ https://js.hsforms.net/forms/ https://forms.hsforms.com/embed/v3/form/ https://forms.hsforms.com/emailcheck/ https://tagmanager.google.com/debug/debuguiApp-bundle.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://s3.amazonaws.com/mimweb-portal/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://js.hs-banner.com/ https://js.hsleadflows.net/leadflows.js https://www.googleadservices.com/pagead/conversion_async.js https://analytics.twitter.com/i/adsct https://andreasmb.github.io/lever-jobs-embed/index.js https://js.hscta.net/cta/current.js https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/loader-v2.js https://bat.bing.com/p/action/26029591.js https://js.hsforms.net/forms/v2.js https://static.hsappstatic.net/ https://www.googleadservices.com/pagead/conversion_async.js http://cdn2.hubspot.net https://go.mimsoftware.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://app.hubspot.com/ https://js.hsadspixel.net http://js.hs-scripts.com https://*.clarity.ms https://www.vimeo.com http://www.googletagmanager.com https://mimsoftware.bamboohr.com/js/jobs2.php https://www.google.com/recaptcha/enterprise.js https://snap.licdn.com/li.lms-analytics/insight.beta.min.js https://js.hubspot.com/web-interactives-embed.js; media-src 'self' https://vod-progressive.akamaized.net/; 1
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com gcontent.robertsonmarketing.com https:; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net; img-src 'self' data: optimize.google.com recommendationengine.googleapis.com www.googletagmanager.com storage.googleapis.com www.google-analytics.com rmcontent.avetti.ca ssl.google-analytics.com *.doubleclick.net www.google.com www.google.ca gcontent.robertsonmarketing.com csi.gstatic.com www.gstatic.com; style-src  'unsafe-inline' 'unsafe-eval' gcontent.robertsonmarketing.com https:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://neurodifferent.me; img-src 'self' https: data: blob: https://neurodifferent.me; style-src 'self' https://neurodifferent.me 'nonce-j4Bh8uphWSTxqos3afn5aQ=='; media-src 'self' https: data: https://neurodifferent.me; frame-src 'self' https:; manifest-src 'self' https://neurodifferent.me; form-action 'self'; child-src 'self' blob: https://neurodifferent.me; worker-src 'self' blob: https://neurodifferent.me; connect-src 'self' data: blob: https://neurodifferent.me https://media.neurodifferent.me wss://neurodifferent.me; script-src 'self' https://neurodifferent.me 'wasm-unsafe-eval' 1
default-src 'self' data: https://accounts.google.com 'unsafe-inline'; child-src 'none'; frame-src https://accounts.google.com; frame-ancestors none 1
default-src https:; base-uri 'self'; child-src 'self' *.componentcontrol.com *.youtube.com *.recaptcha.net; font-src 'self' data: *.componentcontrol.com *.youtube.com *.pardot.com *.landbot.io i0.wp.com *.recaptcha.net snap.licdn.com *.ads.linkedin.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net; form-action 'self' *.salesforce.com *.gotoassist.com *.paypal.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net; frame-ancestors 'self'; img-src 'self' data: *.componentcontrol.com *.youtube.com *.pardot.com *.landbot.io i0.wp.com *.recaptcha.net snap.licdn.com *.ads.linkedin.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net; manifest-src 'self'; media-src youtube.com; object-src 'self'; script-src 'self' *.componentcontrol.com *.youtube.com *.pardot.com *.landbot.io i0.wp.com *.recaptcha.net snap.licdn.com *.ads.linkedin.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net 'nonce-FLajZk29FvJHsQKZc1uYgPy2b5/Q35AxovnFLSJO1QE='; script-src-elem 'self' 'unsafe-inline' *.componentcontrol.com *.youtube.com *.pardot.com *.landbot.io i0.wp.com *.recaptcha.net snap.licdn.com *.ads.linkedin.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.componentcontrol.com *.youtube.com *.pardot.com *.landbot.io i0.wp.com *.recaptcha.net snap.licdn.com *.ads.linkedin.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.componentcontrol.com *.youtube.com *.pardot.com *.landbot.io i0.wp.com *.recaptcha.net snap.licdn.com *.ads.linkedin.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.analytics.google.com *.g.doubleclick.net; upgrade-insecure-requests; worker-src 'self' 1
frame-ancestors 'self' http://www.lovebeautyandplanet.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://app.cartwire.co/CW_API 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://browser-update.org https://archive.org https://analytics.archive.org https://orders.value.net https://feed2js.widomaker.com https://html5shiv.googlecode.com; style-src 'self' 'unsafe-inline' https://www.w3schools.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' https://widomaker.com/HSTS.png https://pr.prchecker.info https://browser-update.org https://canarytokens.com; base-uri 'self'; frame-ancestors 'none'; media-src 'self' https://upload.wikimedia.org; upgrade-insecure-requests; report-uri https://widomaker.report-uri.com/r/d/csp/enforce https://widomaker.uriports.com/reports/report 1
default-src 'self' https: data:; script-src 'self' *.cloudflare.com *.newrelic.com *.nr-data.net *.contentsquare.net *.abtasty.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.epoq.de *.ensighten.com data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cloudflare.com *.google.com *.abtasty.com *.epoq.de *.google-analytics.com *.doubleclick.net *.contentsquare.net *.ensighten.com *.nr-data.net; worker-src 'self' blob:; style-src 'self' *.abtasty.com 'unsafe-inline'; font-src 'self' *.abtasty.com blob: data:; object-src 'none'; img-src 'self' https: *.abtasty.com *.amazonaws.com data: blob:; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.cae.plexusvirtual.com https://*.caeoneworld2020.com http://3.23.73.238; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* localtest:* ajax.googleapis.com *.fontawesome.com ajax.aspnetcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com s.ytimg.com www.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.google.com *.gstatic.com;object-src *.spindustry.com;style-src 'self' 'unsafe-inline' *.jquery.com *.fontawesome.com fonts.googleapis.com *.google.com;img-src 'self' localhost:* localtest:* *.google-analytics.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.ytimg.com *.doubleclick.com *.doubleclick.net *.google.com *.googletagmanager.com;media-src *.spindustry.com *.vimeo.com *.akamaized.net;frame-src *.spindustry.com *.youtube.com youtu.be *.google.com *.appone.com/;font-src 'self' *.fontawesome.com fonts.googleapis.com fonts.gstatic.com;connect-src 'self' *.spindustry.com *.appone.com *.google-analytics.com *.fontawesome.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com;form-action 'self' *.spindustry.com;frame-ancestors *.spindustry.com;report-uri /WebResource.axd?cspReport=true 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.premierchristianity.com; 1
default-src 'self' contract-t.fit; object-src 'none'; base-uri 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'nonce-b1b4e26c440cc29cb5765ef5d340a42d' 'strict-dynamic' http: https:; style-src 'self' contract-t.fit 'unsafe-inline'; connect-src 'self' contract-t.fit sentry.contract.fit https://nrpc.olark.com; style-src-elem 'self' contract-t.fit https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline' https://static.olark.com; font-src 'self' contract-t.fit https://fonts.gstatic.com; frame-src 'self' contract-t.fit static.olark.com js.stripe.com; media-src 'self' contract-t.fit https://static.olark.com; img-src 'self' contract-t.fit blob: data: https://log.olark.com 1
default-src 'self' cdn.wcc.witt-international.nl https://cdn.wcc.witt-international.nl/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.witt-international.nl https://fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.witt-international.nl/graphql cdn.wcc.witt-international.nl cdn.witt.info/ https://images.ctfassets.net te.witt-international.nl tp.witt-international.nl wasp.witt-international.nl wst.witt-international.nl https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.witt-international.nl https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.witt-international.nl https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.witt-international.nl checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.witt-international.nl https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io;    media-src 'self' cdn.wcc.witt-international.nl cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.witt-international.nl *.dixa.io;    worker-src 'self' cdn.wcc.witt-international.nl blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
child-src 'self' *.hoteleffectiveness.com app.pendo.io; connect-src 'self' *.hoteleffectiveness.com https://www.google-analytics.com *.pndsn.com https://ping.chartbeat.net *.s3.amazonaws.com https://static.chartbeat.com https://fonts.gstatic.com https://fonts.googleapis.com apis.google.com app.pendo.io data.pendo.io pendo-static-6599635893616640.storage.googleapis.com https://pendo-io-static.storage.googleapis.com; font-src 'self' *.hoteleffectiveness.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-ancestors 'self' app.pendo.io; frame-src 'self' *.hoteleffectiveness.com *.firebaseapp.com app.pendo.io; img-src 'self' *.hoteleffectiveness.com data: cdn.pendo.io app.pendo.io pendo-static-6599635893616640.storage.googleapis.com data.pendo.io; script-src 'self' *.hoteleffectiveness.com https://www.google-analytics.com https://apis.google.com https://www.google.com https://www.gstatic.com https://bam.nr-data.net https://fast.wistia.net https://static.chartbeat.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-6599635893616640.storage.googleapis.com data.pendo.io 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.hoteleffectiveness.com https://fonts.googleapis.com app.pendo.io cdn.pendo.io pendo-static-6599635893616640.storage.googleapis.com 'unsafe-inline'; 1
script-src: cdn.iubenda.com cdn.jsdelivr.net cdnjs.cloudflare.com cs.iubenda.com 'sha256-ATZfDmilBykL2VXrnLjouRFKFYlj2utaTup6si9heHM=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-87S8dmLi1YfT6tW7cfXQyixeKGstWn2N79Zo5APic8Q=' 'sha256-bfFxqVg/c9LA8HPqq+//frSGvXbYU2geKUn7x+8C2W4=' 'sha256-tgO1B6hG3Dfv2j0IEzJ1FhDIihleExz+Lj20p9zynv8=' 'sha256-cMn47Hap8hP/A00OHA7rDzZSwcQVBODbK2F1ohxOzdc=' 'sha256-mnsQs+PgbNocQR9xbhSIOLez4apyPDpdELPrQbHaHHo=' 'sha256-nsjTthT0UO8jYaoBqBkfu88NxO+xjMJ5mkuYl0z+F2E=' 'sha256-zwGmIUR+Z6gWKbwoJ2Z3yGxI/XLETLqDqCRIV0qt/WA=' 'sha256-1A3HIDVifVCdtS1VCgtsvML0vKjPiOwciN+zhOQXUzk=' sha256-ixJDNStnXvLXXzYjOtGLVgPM/ByVlTtcYDKrD44Pg8Y=' 'sha256-rXhCaBu9zZVy7fxCWzWPx7lQJId7BQqAzg095Hx4BIs=' 'sha256-BdUXoRWr767ARIMzjCXpNedtgds9KcjXM+x35M/ulc4=' 'sha256-g6rEtRC0g++Vn23L67NnedJ8YqcgyFCnbc43hVx9SEs=' 'sha256-YiwVYdg07ZB1GhA75nJPlmV+KrebyMhqx34aMN+m2dk=' 'sha256-lUEIMiuJJ62kWo84nx6noq7t8iB7nevMOUVDOLKMVR0=' 'sha256-xDAmEkLwtryjFp35OU9vnbEWIbmZBO6elnpckj+CDUk=' 'sha256-ZJutffdnOie+xpIJg4Yd7Mz/5AChUHPwBh/z4bvWR30=' 'sha256-yIYRfLP0A6sRo9nmz7St5MrMAefuobhOuBmGLry6lK8=' 'sha256-pGoUmwUGQ56T6Sd6xl+8WEnI4YMUEQULq7DoTL/KsXQ=' 'sha256-JKnfXJEksU6GW8RXQGgAP8It2YFYiWB9a6298Z1CVrM=' 'sha256-+1XnFHGvqrDLB8WFsDOf5CFAVw1JhkNcBOsLI+Pxd68=' 'sha256-L5rK3zEEBvNa/XCYXRl9eHB3SCQReObphd67zoKvrgQ=' 'sha256-bOHm3jJRjBtOybGrbc7HXXV57Qp8VFC65nGoNACf2EY=' 'sha256-fZIx1ukK+dEJq5T+5M6mayzaPFubN/b85dpdRL7Xwq4=' 'sha256-7+Cai1EhQOt360NzDf0sNdEZ0o2ysQRr6D47MqFd3Mg=' 'sha256-wmfaBqSxzll67wJkuGvjTCzE9/XeCUHbK3+YYfyaMbk=' 'sha256-H1cnTFxEK60Kc20EANw8SIq0E3/l7ARgYlwiF3RRfMg=' 'sha256-oyK1MSOjdr/KWAl+x/1jqOjnQqEBBBsK4QVE0BTiRrM=' 'sha256-oyK1MSOjdr/KWAl+x/1jqOjnQqEBBBsK4QVE0BTiRrM=' 'sha256-dvwNqY9+adgXCNjFduZ4L5fwoBshho0+phMc/SMtauE=' 'sha256-EIBZImpiES+kMwfasDtqDp4E7PhsHAyIX0PE8IweGzU=' 'sha256-TbnXeQGUFHLUSsJJilh13WZaQjKaJA2xaG5B1/Ob+WI=' 'sha256-RyQhhh7viWX7BYh8BxiczBf8UactZ6rlVcecOy589+U=' 'sha256-GS906xBU7fNbJ+XnOmetmU7oK9VyA3ieBv7hUeftRRs=' 'sha256-KJ9rJRyi9WwAtKJBS0P7Jp33iDFTavWdrI42p11R8hc=' 'sha256-o9J03zH1l1mDxJ+tMH+ifrtuy+pFRS8QlZ2SsMroTkg=' 'sha256-5CYpV2QyLAtNiBtdoowlken/ZR/AdjbaHil5piovNJw=' 'sha256-RSQX3nOIRmi90WnfXHoNj3e7ntwf9hgOXxqefCJFx1Q=' 'sha256-FrNSf0ZbzKQBeWMXYwA16LBO5Pe/qH5/L+qQvRLRH1Q=' 'sha256-QZDyxPJfmjTLv9uS+RolNZVw13PvfP+XySTiJK2Hd1k=' 'sha256-N8GNFWYLimSZWnO15ATdBIgXg6zvYMZXzm+7simletg=' 'sha256-sGcYqFH8/FuWCvGMmJ4nvt945uhZxkzVD1TPLe2KCX8=' 'sha256-9p+RPpkBs1d9zNqIR9iXgLqSHwsMCYNFxqmBQ/uXEkQ=' 'sha256-W9dIuzbVbwaJIiABY8k7bK5J44dHn4cttRE9H/KU6mk=' 'sha256-vlsrZ4jZoCix/b7nJKAYw/wfBw4HIin3hhJpQ3sQxnY=' 'sha256-myiJ/FIr9ZOBbVVoDaCywSd5BCOoCnIh2rPYUqyjFA8=' 'sha256-KD4xcCvTHtsGG5AtVhwLUIe17izVln1otAIPkxg6rmA=' 'sha256-qY+HnM+W7BByR/jM0TCvBfbpmK8KNj7CVjxtwYqcNjY=' 'sha256-ABrhY42pNp3SuJ409k660Qtar8nZFnJwBQcaSLLUjIU=' 'sha256-5pJJdqP+xtcHWaoCVGqnWGjTmalnuNOBa/ARxxdbXlY=' 'sha256-rZIkxoqfbkAUDXdR+XLLRc+6KHlmObDbIx1bBUBH5CA=' 'sha256-MHVxGPmAdQx0XbWz9eiltEe3lmFeI8sQqjoa5CY3rYI=' 'sha256-PjJ2jRJZu/X6S/4gAt8RQJiOYG7/EXoyF2k8xYxru6M=' 'sha256-SRL2dzudkFKperUFCEA8mkIVT0upQHx1XNdAgFMKKrQ=' 'sha256-VjbwA1fcq38GVAKDHfI4Px141aILED/YF1jutfiuxDQ=' 'sha256-4HI0gXMPzVZCOfq8y5ds7cCvnTLcjdaRMBGIz0hepyQ=' 'sha256-wiNjp1+2HX4VjKTGh4rOQNpvLKFChmgrlR4JMI5zmm0=' 'sha256-iunGMBr+dGp7aue0TbFN91OgvripGA0ID/rmYkiIWXA=' 'sha256-qoVTf4u46Qn650jIbGX84qGETYjLtLRIJLsNE0j2VrY=' 'sha256-n8hcS8ivfD7ZAyCNyHj/c3Ka/CQwmdwGXES+39Cqc8c=' 'sha256-jcBgmjg6jicvkyQtdPyW7L78Ca+aNgbBH6pJFlzpKsg=' 'sha256-p13JBHFCwcMwZRtwJJ+PGG0Xq6xlYkVDS3zZPAHx1iY=' 'sha256-60Y5SZryMP/67Q/k36LVBXH6SBee31fcbdC5y8D7RYw=' 'nonce-color_code' 'nonce-ontouch' 'nonce-iubenda' 'nonce-vid_block'; 1
frame-src cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://www.googleadservices.com/ https://www.youtube.com/ https://fareharbor.com/ https://securepubads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://*.safeframe.googlesyndication.com https://www.vinow.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://shop.pzu.com.ua https://optimize.google.com https://*.doubleclick.net https://www.facebook.com  https://www.ssl.gstatic.com https://*.googleapis.com *.googleadservices.com www.google.com https://*.youtube.com https://www.fbstatic-a.akamaihd.net https://www.google.com *.gstatic.com https://www.googleapis.com *.googleoptimize.com https://*.googletagservices.com https://www.googleadservices.com https://dc.cux.io https://www.oauth.googleusercontent.com *.consentmanager.net https://maps.googleapis.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://connect.facebook.net https://tagmanager.google.com https://*.googlesyndication.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.apis.google.com https://apis.google.com; object-src 'self' https://*.doubleclick.net https://maps.googleapis.com *.googleadservices.com; 1
default-src * data: blob:;script-src www.google-analytics.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' 'self' cdnjs.cloudflare.com www.youtube.com connect.facebook.net police.gov.mn *.sodonsolution.org platform.twitter.com s.ytimg.com cdn.syndication.twimg.com;style-src 'unsafe-inline' 'self' fonts.googleapis.com www.gstatic.com cdnjs.cloudflare.com www.youtube.com www.facebook.com police.gov.mn *.sodonsolution.org platform.twitter.com;connect-src 'self' www.google-analytics.com www.facebook.com/tr/ police.gov.mn *.sodonsolution.org;object-src 'self' police.gov.mn *.sodonsolution.org; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https: blob:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests; frame-ancestors 'self' https://*.revolve.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bgis.com *.youtube.com maps.gstatic.com *.googleapis.com  *.googletagmanager.com  *.google.com *.gstatic.com  *.google-analytics.com cdnjs.cloudflare.com  connect.facebook.net cdn.amcharts.com cdn.jsdelivr.net unpkg.com  js.stripe.com;  frame-src 'self' *.youtube.com fast.wistia.net *.facebook.com s-static.ak.facebook.com js.stripe.com *.bgis.com *.google.com; object-src 'self' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com *.google-analytics.com https://googleads.g.doubleclick.net phf.tbe.taleo.net *.hotjar.com https://static.hotjar.com *.adform.net https://dec.azureedge.net/ munchkin.marketo.net https://northwestfcs.formstack.com northwestfcs.formstack.com *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.vimeocdn.com web-chat.nativechat.com unpkg.com/@frontify/ pi.pardot.com https://go.farmcreditwest.com/ https://my.agwestfc.com/ *.cloudinary.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com web.facebook.com www.facebook.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://a1.seadform.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.formstack.com *.adform.net agwestfc.com https://agwestfc.com farmcreditwest.com https://www.farmcreditwest.com phf.tbe.taleo.net https://player.flipsnack.com northwestfcs.formstack.com https://northwestfcs.formstack.com https://*.sfmc-content.com https://player.vimeo.com https://vod-progressive.akamaized.net https://vars.hotjar.com https://bid.g.doubleclick.net digital.nexsitepublishing.com www.buzzsprout.com www.podbean.com www.google.com; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com *.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.mktoresp.com *.frontify.com *.cloudinary.com *.googleapis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com; frame-ancestors 'self' *.formstack.com NorthwestFCS.formstack.com https://NorthwestFCS.formstack.com highplainsfarmcredit.com www.farmcreditofvirginias.com www.agchoice.com www.agcountry.com www.farmcrediteast.com www.greenstonefcs.com 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.berenberg.de; 1
default-src 'none'; font-src https://fonts.gstatic.com; script-src 'self' https://plausible.io https://identity.netlify.com/v1/netlify-identity-widget.js https://unpkg.com/decap-cms@%5E3.0.0/dist/decap-cms.js 'unsafe-eval'; connect-src 'self' https://plausible.io https://medium.openaq.org https://api.github.com tps://www.githubstatus.com blob:; img-src 'self' https://widgets.guidestar.org/ data: blob: https://avatars.githubusercontent.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.youtube.com/; frame-ancestors 'none'; base-uri 'self'; form-action https://openaq.us10.list-manage.com/subscribe/; 1
connect-src https://geodata.nationaalgeoregister.nl https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com 'self'; frame-src 'self' blob: https://*.mappibyswis.nl https://*.geostart.nl https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://bijmijindebuurt.gemeentewestland.nl; img-src 'self' https://piwik.swis.nl https://service.pdok.nl https://geodata.nationaalgeoregister.nl https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com data:; script-src 'self' https://piwik.swis.nl https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; media-src 'self' https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; object-src 'self' https://youtube.com https://www.youtube.com; style-src 'self' https://youtube.com https://www.youtube.com 'unsafe-inline' data: 'report-sample'; form-action 'self' https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; report-to csp; child-src 'self' blob:; default-src 'self'; font-src 'self' data:; frame-ancestors 'self' https://www.gemeentewestland.nl; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
default-src * ; script-src 'self' 'unsafe-eval' 'unsafe-inline' browser-update.org maps.googleapis.com *.google-analytics.com *.cookiebot.com *.googletagmanager.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net *.bing.com *.clarity.ms; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; base-uri 'self'; object-src 'none'; frame-src 'self' https://consentcdn.cookiebot.com *.doubleclick.net; connect-src * 'self' https://consentcdn.cookiebot.com; img-src * 'self' data: https: 1
img-src: 'self'; style-src: 'self'; script-src: 'self' www.google-analytics.com translate.google.com ajax.googleapis.com; font-src: 'self' fonts.googleapis.com; 1
default-src 'none'; base-uri 'none'; form-action 'self'; connect-src https://*.freebsdbrasil.com.br https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-fbsdbr2018' 'unsafe-inline' http: https:; img-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; style-src 'self' https://fonts.googleapis.com https://use.fontawesome.com; frame-ancestors 'none'; report-uri https://freebsdbrasil.report-uri.com/r/d/csp/enforce; upgrade-insecure-requests; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data:; connect-src * data:; media-src * blob:; worker-src 'self' blob:; 1
frame-ancestors 'self' *.google.com *.amp.colgate.it amp.colgate.it *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /report-csp-violation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://planet.moe; img-src 'self' https: data: blob: https://planet.moe; style-src 'self' https://planet.moe 'nonce-B7HETsYTPpXL/AZRlSN5QQ=='; media-src 'self' https: data: https://planet.moe; frame-src 'self' https:; manifest-src 'self' https://planet.moe; form-action 'self'; child-src 'self' blob: https://planet.moe; worker-src 'self' blob: https://planet.moe; connect-src 'self' data: blob: https://planet.moe https://media.planet.moe wss://planet.moe; script-src 'self' https://planet.moe 'wasm-unsafe-eval' 1
default-src 'self';script-src 'self' www.google-analytics.com 'nonce-+7o05ZvZ2WHNWOK/WYaTfxaJrw6wJSirlmw/Zqz0rrI=';style-src * 'self' 'unsafe-inline';connect-src 'self' www.google-analytics.com stats.g.doubleclick.net;font-src * 'self' data:;img-src * 'self' data: data: blob:;media-src * 'self' blob:;frame-ancestors 'none';frame-src https://www.youtube.com/;base-uri 'self' 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org pghub.io feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org www.googletagmanager.com feed.pghub.io ; connect-src 'self' *.cookielaw.org www.googletagmanager.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
frame-ancestors 'self' *.cloversites.com 1
default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; manifest-src 'self'; script-src 'self' 'unsafe-inline' *.google.com *.googletagmanager.com *.google-analytics.com *.gstatic.com *.googleadservices.com maps.googleapis.com *.facebook.net recaptcha.net secure.avangate.com secure.2checkout.com b.sf-syn.com s7.addthis.com *.jivosite.com *.doubleclick.net *.clarity.ms bat.bing.com clarity.microsoft.com; connect-src 'self' *.google.com *.google-analytics.com maps.googleapis.com *.doubleclick.net wss://trackabi.com wss://trackabi.com:8880 *.facebook.com wss://chat3.jivosite.com *.jivosite.com wss://node355.jivosite.com *.clarity.ms bat.bing.com; frame-src 'self' *.google.com secure.2checkout.com *.youtube.com recaptcha.net *.doubleclick.net *.gartner.com; img-src 'self' 'unsafe-eval'  *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.google-analytics.com maps.googleapis.com maps.gstatic.com *.facebook.com *.google.com *.googletagmanager.com secure.avangate.com secure.2checkout.com b.sf-syn.com sourceforge.net goodfirms.s3.amazonaws.com *.getapp.com badges.softwareadvice.com *.capterra.com *.jivosite.com www.softwaresuggest.com *.doubleclick.net data: https://ct.capterra.com *.clarity.ms c.bing.com bat.bing.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.jivosite.com; font-src 'self' *.jivosite.com fonts.gstatic.com fonts.googleapis.com data: 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-ancestors 'self' https://matomojs.trackify.info https://matomo.pernod-ricard.io *.sleeknote.com; frame-src blob: 'self' https://www.google.com https://www.youtube.com https://larutadelgin.com/ https://integrationssite.sleeknote.com/ https://sleeknotestaticcontent.sleeknote.com/:1 *.sleeknote.com; worker-src blob: 'self' 1
default-src 'self' mim-cloud.appspot.com ajax.googleapis.com *.radnetpacs.com 10.10.0.93 10.10.0.48 10.10.0.75 10.10.0.163 10.10.0.156 10.10.0.54 10.10.0.121 10.10.1.214 10.10.0.48 10.10.0.49 10.10.0.50 10.10.0.57 10.10.0.90 10.10.0.91 10.10.0.92 10.10.0.75 10.10.0.76 10.10.0.77 10.10.0.130 10.10.0.131 10.10.0.132 10.10.0.133 10.10.0.134 10.10.0.135 10.10.0.138 10.10.0.139 10.10.0.143 10.10.0.144 10.10.0.145 10.10.0.146 10.10.0.163 10.10.0.159 10.10.0.160 10.10.0.161 10.10.0.162 10.10.0.192 10.10.0.221 10.10.0.9 10.10.0.17 10.10.0.18 10.10.1.16 10.10.0.156 10.10.0.151 10.10.0.152 10.10.0.153 10.10.0.154 10.10.0.155 10.10.0.54 10.10.0.51 10.10.0.52 10.10.0.53 10.10.0.55 10.10.0.121 10.10.0.116 10.10.0.117 10.10.0.118 10.10.0.119 10.10.0.126 10.10.0.127 10.10.0.10 10.10.1.214 10.10.1.60 10.10.1.218 10.10.0.79 'unsafe-inline'; img-src 'self' data: *.radnetpacs.com 10.10.0.93 10.10.0.48 10.10.0.75 10.10.0.163 10.10.0.156 10.10.0.54 10.10.0.121 10.10.1.214 10.10.0.48 10.10.0.49 10.10.0.50 10.10.0.57 10.10.0.90 10.10.0.91 10.10.0.92 10.10.0.75 10.10.0.76 10.10.0.77 10.10.0.130 10.10.0.131 10.10.0.132 10.10.0.133 10.10.0.134 10.10.0.135 10.10.0.138 10.10.0.139 10.10.0.143 10.10.0.144 10.10.0.145 10.10.0.146 10.10.0.163 10.10.0.159 10.10.0.160 10.10.0.161 10.10.0.162 10.10.0.192 10.10.0.221 10.10.0.9 10.10.0.17 10.10.0.18 10.10.1.16 10.10.0.156 10.10.0.151 10.10.0.152 10.10.0.153 10.10.0.154 10.10.0.155 10.10.0.54 10.10.0.51 10.10.0.52 10.10.0.53 10.10.0.55 10.10.0.121 10.10.0.116 10.10.0.117 10.10.0.118 10.10.0.119 10.10.0.126 10.10.0.127 10.10.0.10 10.10.1.214 10.10.1.60 10.10.1.218 10.10.0.79; 1
connect-src 'self' https://consentcdn.cookiebot.com  https://www.google-analytics.com; font-src 'self' fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com  youtube.com www.youtube.com https://www.facebook.com https://destinilocators.com https://player.vimeo.com/ https://d2c2pc4938x49p.cloudfront.net/ https://d3oe0yoemy00cg.cloudfront.net/; img-src *; script-src 'self' https://consent.cookiebot.com   https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://www.youtube.com/iframe_api https://www.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com  *.cookiebot.com  youtube.com www.youtube.com connect.facebook.net https://destinilocators.com/bolthousefarms/site/install/ https://destinilocators.com/control/pscript_s.js https://destinilocators.com/control/gtm.js https://player.vimeo.com/api/player.js  'unsafe-inline'; script-src-elem 'self' https://consent.cookiebot.com   https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://www.youtube.com/iframe_api https://www.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com  *.cookiebot.com  youtube.com www.youtube.com connect.facebook.net 'sha256-t/nwnYa7CkMOiVkh2Bp3iW7JLICRxPsGkN0O0OonnW0=' 'sha256-CF1J8IwfSw2kT/tIoH1iFqIe0uHe0G+WGrB3BL16Bco=' 'sha256-+hZyosobhUriFr+VybdepsNA5z3yB8a4szXMZOj+030=' 'sha256-3EAKSgo1aFAMv86iit3lZDIclGW8iQhpBj+6ZG+Zu3s=' 'sha256-c0+CseKyBLY+S5BTdE0UHs5mBWL8UTl1dd7NLDFlIq4=' https://destinilocators.com/bolthousefarms/site/install/ https://destinilocators.com/control/pscript_s.js https://destinilocators.com/control/gtm.js https://player.vimeo.com/api/player.js 'sha256-VyR/+TC4HI+6r6SEq5lfv7Xbzc+yhbJZtp00/egP0pM=' 'sha256-P9MnoWaMwcEMOEPeWnorxhSQ2Fb0lofchey4YsOYeu4=' 'sha256-Gp70VQyXtfY9dEFKEiJwOY1H1SuwVcnnopbUg2QcnXw=' https://destinilocators.com/bolthousefarms/pdpwidget/install/ 'sha256-p9ehbm2jeUJA9MPUO+l/xAReN+wscpsOmTxy4KXIZ8w=' ; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-cWd6QVhXN0RrQWdaZ3duWDQydjlWVTMrcCtBZ2c2K3NoQ1hRKyt2R2dIYz06NERUM0wxaUd3ajFZeTJxajFUaStCaHE4MG9NWDlPejl6bUxqakpQejAwVT0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';worker-src 'self' blob:;form-action 'self' 1
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' https://www.youtube.com; script-src 'self' 'unsafe-inline' https://ssl.google-analytics.com http://www.google-analytics.com http://www.google.com https://www.googletagmanager.com http://www.googletagmanager.com; img-src 'self' https://ssl.google-analytics.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' http://www.google.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com/ https://*.klaviyo.com https://*.livechatinc.com https://*.pinimg.com/ https://checkout-sdk.sezzle.com https://widget.sezzle.com/ https://checkout.clover.com/ https://player.vimeo.com/ https://vimeo.com/ https://*.stripe.com/ https://*.authorize.net/ https://*.bing.com/; style-src 'self' 'unsafe-inline' https://*.google.com/recaptcha/ https://*.gstatic.com/recaptcha/ https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com/ https://*.klaviyo.com https://*.livechatinc.com https://fonts.googleapis.com https://checkout-sdk.sezzle.com https://widget.sezzle.com/ https://checkout.clover.com/ https://player.vimeo.com/ https://vimeo.com/ https://*.stripe.com/ https://*.authorize.net/ https://*.bing.com/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lile.cl; img-src 'self' https: data: blob: https://lile.cl; style-src 'self' https://lile.cl 'nonce-M7qHm8qF+eqrFoYvpOrWRg=='; media-src 'self' https: data: https://lile.cl; frame-src 'self' https:; manifest-src 'self' https://lile.cl; form-action 'self'; child-src 'self' blob: https://lile.cl; worker-src 'self' blob: https://lile.cl; connect-src 'self' data: blob: https://lile.cl https://lile.cl wss://lile.cl; script-src 'self' https://lile.cl 'wasm-unsafe-eval' 1
base-uri 'self'; connect-src 'self' https://cdn.ampproject.org https://pagead2.googlesyndication.com; default-src 'self' https://www.igenea.com https://www.igenea.net; script-src 'self' 'unsafe-inline' blob: https://www.igenea.com https://challenges.cloudflare.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://www.google.com https://www.gstatic.com https://unpkg.com https://cdn.ampproject.org; worker-src 'self' blob:; img-src 'self' data: https://cdn.ampproject.org https://www.igenea.com https://www.igenea.net; style-src 'self' 'unsafe-inline' https://paygate.novalnet.de; font-src data:; frame-src 'self' https://challenges.cloudflare.com https://www.google.com https://paygate.novalnet.de *.videodelivery.net *.cloudflarestream.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ecoevo.social; img-src 'self' https: data: blob: https://ecoevo.social; style-src 'self' https://ecoevo.social 'nonce-JXrLY1aR067c/8qFtGE6QA=='; media-src 'self' https: data: https://ecoevo.social; frame-src 'self' https:; manifest-src 'self' https://ecoevo.social; form-action 'self'; child-src 'self' blob: https://ecoevo.social; worker-src 'self' blob: https://ecoevo.social; connect-src 'self' data: blob: https://ecoevo.social https://cdn.masto.host wss://ecoevo.social; script-src 'self' https://ecoevo.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' 'reborns.com' 'musicstack.com'; 1
frame-ancestors http://mail.elesa.com http://elesa.partcommunity.com https://www.elesa.com https://halder-roemheld.imweb.me https://www.halder-roemheld.co.kr 1
default-src:'self'; 1
default-src 'self'; media-src *.purechatcdn.com;font-src * data:;img-src * data:; script-src * data: 'unsafe-inline' 'unsafe-eval' *.purechat.com *.purechatcdn.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com  *.hcaptcha.com *.googleapis.com; connect-src 'self' *.purechat.com *.purechatcdn.com *.opmnstr.com *.omappapi.com *.gstatic.com *.google-analytics.com analytics.google.com *.youtube.com *.youtube-nocookie.com  *.hcaptcha.com *.googleapis.com stats.g.doubleclick.net bat.bing.com *.clarity.ms *.ispringsolutions.com; style-src * 'unsafe-inline'; frame-src 'self' www.google.com *.youtube.com *.youtube-nocookie.com *.hcaptcha.com *.jobscore.com *.umbraco.com; 1
default-src 'self' www.recaptcha.net maps.google.com www.google.com wav-digital-6.saas.amadeus.com book.aircalin.com static.addtoany.com *.destygo.com *.mindsay.com *.laiye.com wss://*.mindsay.com wss://*.laiye.com fonts.googleapis.com fonts.gstatic.com player.vimeo.com www.booking.com www.youtube-nocookie.com fo-syd.ttinteractive.com; connect-src 'self' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com bom.destygo.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com fonts.googleapis.com wss://widget-socket.mindsay.com *.lottiefiles.com stats.g.doubleclick.net *.hotjar.com *.hotjar.io wss://wsp17.hotjar.com stats.addtoany.com region1.google-analytics.com wss://ws.hotjar.com analytics.google.com region1.analytics.google.com pixel.quantcount.com ct.pinterest.com; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com data:; frame-src *; img-src 'self' www.google.com www.google.com.ua adservice.google.com adservice.google.com.ua pixel.sojern.com tracking.monsido.com cm.g.doubleclick.net cdn.jsdelivr.net ib.adnxs.com match.adsrvr.org ad.doubleclick.net images.mindsay.com data: ssl.gstatic.com www.gstatic.com static.hotjar.com script.hotjar.com fcmatch.google.com www.google.fr fcmatch.youtube.com www.facebook.com www.googletagmanager.com www.google-analytics.com pixel.quantserve.com ct.pinterest.com c1.adform.net; script-src 'self' 'unsafe-eval' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com static.hotjar.com script.hotjar.com  cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com unpkg.com 'unsafe-inline'; script-src-attr 'self'; script-src-elem 'self' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com static.hotjar.com script.hotjar.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com s.pinimg.com secure.quantserve.com rules.quantcount.com  cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.addtoany.com https://unpkg.com mdbootstrap.com stackpath.bootstrapcdn.com unpkg.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-eval' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com static.hotjar.com script.hotjar.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' app.termly.io www.googletagmanager.com connect.facebook.net book.aircalin.com digital-analytics.amadeus.com *.mindsay.com destygo.com widget.destygo.com widget.chatbot.laiye.com widget.chatbot.eu-central-1.laiye.com widget-socket.chatbot.eu-central-1.laiye.com widget-events.chatbot.eu-central-1.laiye.com fluentd.chatbot.eu-central-1.laiye.com widget.chatbot.eu-west-3.laiye.com widget-socket.chatbot.eu-west-3.laiye.com widget-events.chatbot.eu-west-3.laiye.com fluentd.chatbot.eu-west-3.laiye.com www.recaptcha.net www.gstatic.com www.google-analytics.com app-script.monsido.com beacon.sojern.com static.hotjar.com script.hotjar.com aff.bstatic.com cf.bstatic.com wav-digital-6.saas.amadeus.com fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com mdbootstrap.com stackpath.bootstrapcdn.com use.fontawesome.com; worker-src 'self' blob:; frame-ancestors 'self' 1
script-src https://doctoranywhere.com/ https://cdn.jsdelivr.net/gh/prashantchaudhary/ddslick@master/jquery.ddslick.min.js https://doctoranywhere.bamboohr.com/ https://malaysia.doctoranywhere.com/ https://d17nz991552y2g.cloudfront.net/ https://googleads.g.doubleclick.net https://connect.facebook.net https://assets.privy.com https://snap.licdn.com https://www.googleadservices.com https://www.google-analytics.com https://cdnjs.cloudflare.com/ https://www.gstatic.com https://static.addtoany.com/ https://www.googletagmanager.com/ https://www.google.com/ https://widget.privy.com/ https://cdn.rawgit.com/ https://fonts.googleapis.com https://fonts.gstatic.com https://singapore.engagelybots.ai https://botbuilder.engagely.ai/ https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js https://kit.fontawesome.com/ee66941655.js https://www.cognitoforms.com/f/seamless.js https://static.legitscript.com/seals/4588294.js https://static.cognitoforms.com https://www.cognitoforms.com 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'self' https:; font-src 'self' https: data: https://fonts.gstatic.com; img-src 'self' https: data: https://www.googletagmanager.com https://www.google-analytics.com https://optimize.google.com; object-src 'none'; frame-src 'self' https: https://optimize.google.com https://www.google.com/recaptcha/; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'nonce-L6pcMKtvjYh9xK1TREzRpw=='; style-src 'self' https: 'unsafe-inline' https://optimize.google.com https://tagmanager.google.com https://fonts.googleapis.com; base-uri 'self'; connect-src 'self' https: https://www.google-analytics.com; report-uri https://o993003.ingest.sentry.io/api/5950854/security/?sentry_key=d203ea14d5c2444aac86d98b17ac1413&sentry_environment=production&sentry_release=6182d97645ebfc9cbc1815171350d56f07091534 1
default-src 'self' https://maps.googleapis.com https://danbsitefinitydevassets.azureedge.net https://danbsfstagingassets.azureedge.net https://danbsfprodassets.azureedge.net *.popupsmart.com/; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://widget.surveymonkey.com/ https://www.surveymonkey.com/ *.hawksearch.net *.hawksearch.com tracking-dev.americaneagle.com https://cdnjs.cloudflare.com/ *.vo.msecnd.net/ https://www.googletagmanager.com/ *.googletagmanager.com/ *.crazyegg.com/ *.popupsmart.com/ *.tiktok.com/ *.tiktokcdn-us.com/ https://cdn.calconic.com/ 'self' cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.hawksearch.net *.crazyegg.com *.popupsmart.com/ *.tiktokcdn-us.com/ 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.popupsmart.com/ *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://prod.smassets.net/ https://danbsitefinitydevassets.azureedge.net https://danbsfstagingassets.azureedge.net https://danbsfprodassets.azureedge.net *.crazyegg.com *.google.com 'self' web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src https://youtu.be/ https://www.youtube.com/ https://www.surveymonkey.com/ https://www.tiktok.com/ https://web.powerva.microsoft.com/ 'self' web-chat.nativechat.com; connect-src 'self' accounts.google.com *.gstatic.com https://*.insight.sitefinity.com *.popupsmart.com/ *.crazyegg.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.hawksearch.net *.hawksearch.com tracking-dev.americaneagle.com searchapi-dev.americaneagle.com https://maps.googleapis.com https://dc.services.visualstudio.com https://stats.g.doubleclick.net/ connect.facebook.net https://analytics.google.com/g/collect https://*.analytics.google.com/g/collect https://app.calconic.com/; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com connect.facebook.net blob: 'self' web-chat.nativechat.com; frame-ancestors 'self' https://youtu.be/ https://www.youtube.com/ https://www.surveymonkey.com/ 1
default-src https: 'unsafe-inline' 'unsafe-eval' wss://umd.userlike.com wss://ws.botmaker.com; worker-src blob:; img-src 'self' blob: data: https:; font-src 'self' data: https:; frame-ancestors https://mc.yandex.ru https://yastatic.net https://metrika.yandex.ru  https://*.webvisor.com 1
Content-Security-Policy: frame-ancestors 'self' https://app.platform.sportsdigita.com 1
default-src 'self' *.googleapis.com *.hotjar.com *.youtube.com googleads.g.doubleclick.net *.monsido.com; script-src 'nonce-Ub6XvmEutvK0ebDb' 'self' 'unsafe-inline' 'unsafe-eval'  *.wufoo.com *.googleapis.com *.addthisedge.com *.moatads.com *.addthis.com *.monsido.com staticcdn.co.nz *.highcharts.com *.googleapis.com *.hotjar.com *.facebook.net *.youtube.com www.google.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com; script-src-elem 'self' 'unsafe-inline' *.wufoo.com *.googleapis.com *.addthisedge.com *.moatads.com *.addthis.com *.monsido.com staticcdn.co.nz *.highcharts.com *.googleapis.com *.hotjar.com *.facebook.net *.youtube.com www.google.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com fonts.googleapis.com; connect-src 'self' *.ecan.govt.nz *.highcharts.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.addthis.com *.googleapis.com *.youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; img-src 'self' blob: data: https://www.google.co.nz https://*.hotjar.com *.vimeocdn.com staticcdn.co.nz ecan.govt.nz *.ecan.govt.nz *.googleapis.com *.gstatic.com *.monsido.com shielded.co.nz *.youtube.com *.facebook.com *.ytimg.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; font-src 'self' data: https://*.hotjar.com fonts.gstatic.com staticcdn.co.nz; frame-src * data: blob: https://*.hotjar.com ;frame-ancestors 'self'; base-uri 'self';report-uri https://o4505163166515200.ingest.sentry.io/api/4505326961033216/security/?sentry_key=82e73ff171f9e2e7a10cf15a0f705a4e 1
default-src 'self' https://www.youtube.com https://region1.google-analytics.com  https://www.googletagmanager.com https://www.welcomekit.co https://share.transistor.fm https://play.hubspotvideo.com *.drivequant.com cdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com fonts.googleapis.com www.google-analytics.com fonts.gstatic.com platform.linkedin.com secure.page1monk.com connect.facebook.net platform.twitter.com data: 'unsafe-inline'; img-src 'self' data: *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net 4377671.fs1.hubspotusercontent-na1.net *.hsforms.com https://static.hsappstatic.net https://api-na1.hubapi.com https://play.hubspotvideo.com https://share.transistor.fm https://lh5.googleusercontent.com;; upgrade-insecure-requests 1
frame-ancestors 'self' *.teledyne.com 1
object-src 'none';default-src data: blob: https: 'unsafe-inline' 'unsafe-eval';upgrade-insecure-requests; report-uri https://gamingph.report-uri.com/r/d/csp/enforce 1
connect-src www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://*; frame-src www.google.com/recaptcha/ www.googletagmanager.com https://player.vimeo.com/video/ https://*; script-src 'self' 'unsafe-inline' https://player.vimeo.com/video/ https://*; img-src data: 'self' www.google-analytics.com https://www.google.com/ads/ga-audiences www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/ https://secure.gravatar.com/ https://*; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com https://*;object-src 'none' 1
frame-ancestors 'self' https://manage.moderntiredealer.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com consent.cookiebot.com *.googleapis.com code.jquery.com maxcdn.bootstrapcdn.com *.cookielaw.org *.onetrust.com str.melitta-group.com; img-src 'self' *.google-analytics.com *.cookielaw.org data: maps.gstatic.com *.googleapis.com *.ggpht.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.google-analytics.com *.onetrust.io *.onetrust.com *.googleapis.com *.cookielaw.org consentcdn.cookiebot.com; frame-src 'self' *.melitta.com str.melitta-group.com 1
object-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com https://bi-wtfcprod.d3hosted.com https://bi.wintrustdigitalbanking.com https://banner-wtfcprod.d3hosted.com https://banner.wintrustdigitalbanking.com; base-uri 'self'; default-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://bi-wtfcprod.d3hosted.com https://banner-wtfcprod.d3hosted.com https://bi.wintrustdigitalbanking.com https://banner.wintrustdigitalbanking.com https://piwik.d3vcloud.com https://d3dev-fileshare.d3vcloud.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://ipv4.icanhazip.com https://api.ipify.org https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; img-src 'self' 'unsafe-inline' data: blob: https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://bi-wtfcprod.d3hosted.com https://banner-wtfcprod.d3hosted.com https://bi.wintrustdigitalbanking.com https://banner.wintrustdigitalbanking.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://d3dev-fileshare.d3vcloud.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com https://cspf-transaction-ui-pub-cspprod.d3hosted.com; style-src 'self' 'unsafe-inline' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://fonts.googleapis.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; font-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://fonts.googleapis.com https://fonts.gstatic.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; connect-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://bi-wtfcprod.d3hosted.com https://banner-wtfcprod.d3hosted.com https://bi.wintrustdigitalbanking.com https://banner.wintrustdigitalbanking.com https://d3dev-fileshare.d3vcloud.com https://piwik.d3vcloud.com https://ipv4.icanhazip.com https://api.ipify.org https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; frame-src 'self' https://wtfcprod.d3hosted.com https://www.wintrustdigitalbanking.com https://www.wintrust.com https://wintrust.com https://content.mx.com https://ppl.ibanking-services.com https://maps.googleapis.com https://*.moneydesktop.com  https://*.money-movement.com https://maps.gstatic.com https://wintrust.wavecx.com https://shadow-wtfcprod.d3hosted.com https://shadow.wintrustdigitalbanking.com; 1
worker-src 'self' blob:; frame-src 'self' https://frende.no https://wwww.frende.no https://as.frende.no https://sts.frende.no https://login.frende.no https://cdn.frende.no/mypage/callback.html https://sikker.frende.no https://login.frende.no/identityserver/connect https://openwms.statkart.no/ https://www.sign.nets.eu https://www.facebook.com/tr/ https://www.youtube.com https://vimeo.com https://content.vergic.com; default-src 'self' beta.frende.no cdn.frende.no; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://*.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/ https://www.facebook.com/tr/ https://*.psplugin.com https://*.vergic.com; font-src 'self' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://fonts.gstatic.com http://*.psplugin.com http://*.vergic.com; style-src 'self' 'unsafe-inline' https://cdn.frende.no https://frende-cms-prod.eu-central-1.elasticbeanstalk.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://www.gstatic.com/ https://fonts.googleapis.com/ https://*.psplugin.com https://*.vergic.com; frame-ancestors 'self' https://login.frende.no https://*.psplugin.com; img-src 'self' data: https://streetviewpixels-pa.googleapis.com https://frende-cms-test.s3.eu-central-1.amazonaws.com https://cdn.frende.test.z63.no.tconet.net https://images.finncdn.no/ https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com/ads/ga-audiences https://www.google.no/ads/ga-audiences https://www.google.se/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.is/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.ee/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.cz/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.com.vn/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://frende-cms-prod.s3.eu-central-1.amazonaws.com/favicons/favicon.ico https://i.ytimg.com https://i.vimeocdn.com https://maps.gstatic.com https://maps.googleapis.com https://*.ggpht.com https://*.psplugin.com https://*.vergic.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://frende-cms-prod.s3.eu-central-1.amazonaws.com https://www.google.se/ads/ga-audiences https://www.google.dk/ads/ga-audiences https://www.google.co.uk/ads/ga-audiences https://www.google.com.co/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://www.google.co.th/ads/ga-audiences https://www.google.co.in/ads/ga-audiences https://www.google.pl/ads/ga-audiences https://www.google.es/ads/ga-audiences https://www.google.ie/ads/ga-audiences https://www.google.de/ads/ga-audiences https://www.google.fi/ads/ga-audiences https://www.google.nl/ads/ga-audiences https://www.google.is/ads/ga-audiences https://www.google.it/ads/ga-audiences https://www.google.ee/ads/ga-audiences https://www.google.fr/ads/ga-audiences https://www.google.cz/ads/ga-audiences https://www.google.lt/ads/ga-audiences https://www.google.co.id/ads/ga-audiences https://www.google.co.ma/ads/ga-audiences https://www.google.co.kr/ads/ga-audiences https://www.google.com.vn/ads/ga-audiences https://www.google.com.ph/ads/ga-audiences https://www.facebook.com/ https://beta.frende.no https://cdn.frende.no https://www.gstatic.com/images/branding/product/2x/translate_24dp.png; connect-src 'self' https://api.frende.no https://nettbutikk.frende.no https://cdn.frende.no https://www.facebook.com/tr/ https://reflex.frende.no https://stats.g.doubleclick.net https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://login.frende.no/identityserver/.well-known/openid-configuration https://login.frende.no/identityserver/.well-known/openid-configuration/jwks https://login.frende.no/identityserver/connect/userinfo https://login.frende.no/identityserver/connect/token https://login.frende.no/identityserver/connect/revocation https://*.psplugin.com https://*.vergic.com wss://*.psplugin.com wss://*.vergic.com; report-uri https://sentry.frende.no/api/4/security/?sentry_key=a8f0108442274bb4abc943116523a7f8&sentry_environment=prod 1
default-src 'self'; style-src  'unsafe-inline' 'self'     https://ajax.googleapis.com/      https://fonts.googleapis.com ; style-src-elem  'unsafe-inline' 'self'     https://fonts.googleapis.com/     https://ajax.googleapis.com/     https://cdn.jsdelivr.net/ ; img-src 'self' 'unsafe-inline' data:     https://waitlistcheck.com/     https://www.waitlistcheck.com/     https://i.vimeocdn.com/     https://paymentrouter-trunk.redmz.mrisoftware.com/     https://beta.waitlistcheck.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://www.googleapis.com/     https://www.google-analytics.com/; script-src  https://www.google-analytics.com/     https://cdn.polyfill.io/     https://www.google.com/     https://www.gstatic.com/     https://www.googletagmanager.com/     https://www.google-analytics.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://cdnjs.cloudflare.com/     'unsafe-inline' 'unsafe-eval' 'self' ; script-src-elem 'self' 'unsafe-inline'     https://stackpath.bootstrapcdn.com/     https://cdn.jsdelivr.net/     https://cdn.polyfill.io/     https://www.google.com/     https://www.gstatic.com/     https://www.googletagmanager.com/     https://www.google-analytics.com/     https://ssl.google-analytics.com/     https://ajax.googleapis.com/     https://cdnjs.cloudflare.com/ ;font-src 'self' data: https://fonts.gstatic.com/ https://cdn.jsdelivr.net/ 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com/  ; frame-src 'self'     https://www.youtube.com/     https://youtube.com/     https://player.vimeo.com/     https://www.google.com/ 1
frame-ancestors 'self' https://*.mycarcheck.com https://*.allcardata.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com player.vimeo.com www.youtube.com static.cloudflareinsights.com www.googletagmanager.com mktdplp102cdn.azureedge.net www.google-analytics.com snap.licdn.com amplify.outbrain.com js.hs-scripts.com js.hsleadflows.net js.hs-banner.com js.hscollectedforms.net wave.outbrain.com js.hs-analytics.net tr.outbrain.com maps.googleapis.com 'unsafe-eval' www.gstatic.com www.google.com platform.twitter.com googleads.g.doubleclick.net www.googleadservices.com; style-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com cdnjs.cloudflare.com fonts.googleapis.com; img-src 'self' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com i.ytimg.com data: 2.gravatar.com secure.gravatar.com i.vimeocdn.com tr.outbrain.com px.ads.linkedin.com forms.hsforms.com www.google.com www.google.pl track.hubspot.com maps.gstatic.com maps.googleapis.com 7e06571174e74d439ee52aa2e2fff41e.svc.dynamics.com www.google-analytics.com googleads.g.doubleclick.net www.linkedin.com www.googletagmanager.com px4.ads.linkedin.com; font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com; connect-src 'self' vimeo.com assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com www.google-analytics.com stats.g.doubleclick.net forms.hscollectedforms.net forms.hubspot.com maps.googleapis.com ipapi.co cdn.linkedin.oribi.io tr.outbrain.com region1.google-analytics.com region1.analytics.google.com pagead2.googlesyndication.com *.svc.dynamics.com px.ads.linkedin.com; child-src 'self' www.youtube.com player.vimeo.com platform.twitter.com www.google.com 7e06571174e74d439ee52aa2e2fff41e.svc.dynamics.com td.doubleclick.net blob: www.genoahealthcare.com; media-src 'self' 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles aprilcornell.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com cdn.acsbapp.com aprilcornellchat.secure.force.com www.google.com adservice.google.com manage.kmail-lists.com www.aprilcornell.ca *.doubleclick.net web1.acsbapp.com www.aprilcornell.com www.googletagmanager.com; default-src 'self' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' aprilcornell.commercev3.com s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com platform.twitter.com service.force.com view.publitas.com tpc.googlesyndication.com aprilcornellholdings.my.salesforce.com *.facebook.com www.youtube.com *.pinterest.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com syndication.twitter.com log.pinterest.com  www.bing.com web1.acsbapp.com res.cloudinary.com googleads.g.doubleclick.net syndication.twitter.com *.google.com  cdn.aprilcornell.com *.facebook.com www.gstatic.com www.google.ca; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com platform.twitter.com acsbapp.com *.force.com *.salesforceliveagent.com assets.pinterest.com *.salesforce.com view.publitas.com tpc.googlesyndication.com www.google-analytics.com connect.facebook.net weglot.com secure.comodo.com www.googleadservices.com connect.facebook.net d.*.salesforceliveagent.com *.salesforce-sites.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com platform.twitter.com acsbapp.com *.force.com *.salesforceliveagent.com assets.pinterest.com *.salesforce.com view.publitas.com tpc.googlesyndication.com www.google-analytics.com connect.facebook.net weglot.com secure.comodo.com www.googleadservices.com connect.facebook.net d.*.salesforceliveagent.com *.salesforce-sites.com; style-src 'self' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net *.force.com aprilcornellholdings.my.salesforce.com *.salesforce-sites.com; style-src-elem 'self' s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net *.force.com aprilcornellholdings.my.salesforce.com *.salesforce-sites.com; style-src-attr  'unsafe-inline'; media-src 'self' aprilcornell.commercev3.com s3.amazonaws.com/cdn.aprilcornell.com/ cdn.commercev3.net/cdn.aprilcornell.com/ cdn.aprilcornell.com www.bing.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://theblower.au; img-src 'self' https: data: blob: https://theblower.au; style-src 'self' https://theblower.au 'nonce-+5SuvBBDjZiaakDQ1LiAbg=='; media-src 'self' https: data: https://theblower.au; frame-src 'self' https:; manifest-src 'self' https://theblower.au; form-action 'self'; child-src 'self' blob: https://theblower.au; worker-src 'self' blob: https://theblower.au; connect-src 'self' data: blob: https://theblower.au https://static.theblower.au wss://theblower.au; script-src 'self' https://theblower.au 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://bolalob.com; 1
block-all-mixed-content; img-src 'self' data: https://www.google-analytics.com https://maps.googleapis.com https://www.googletagmanager.com https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sdk.privacy-center.org https://www.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://tag.aticdn.net 1
default-src 'self' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop cdnjs.cloudflare.com *.rupeek.co rupeek.com *.rupeek.com youtube.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com vs.rupeek.com:446 *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com api.factors.ai stats.g.doubleclick.net apis.sharechat.com *.taboola.com bcp.crwdcntrl.net maps.googleapis.com  api2.branch.io; img-src 'self' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop *.rupeek.com *.amazonaws.com *.facebook.com www.google-analytics.com www.google.co.in ssl.gstatic.com *.google.com d2r1yp2w7bby2u.cloudfront.net www.googletagmanager.com *.facebook.net *.gstatic.com data: googleads.g.doubleclick.net *.taboola.com maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop cdnjs.cloudflare.com rupeek.com *.rupeek.co *.rupeek.com  code.jquery.com www.googletagmanager.com unpkg.com *.facebook.net www.google-analytics.com static.clevertap.com clevertap-prod.com *.clevertap-prod.com stats.g.doubleclick.net wzrkt.com *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com d2r1yp2w7bby2u.cloudfront.net *.nr-data.net *.hotjar.com *.hotjar.io wss://*.hotjar.com googleoptimize.com app.factors.ai sc-events-sdk.sharechat.com www.googleadservices.com *.taboola.com tags.crwdcntrl.net maps.googleapis.com app.link; style-src 'self' 'unsafe-inline' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop cdnjs.cloudflare.com  rupeek.com *.rupeek.co *.rupeek.com  code.jquery.com www.googletagmanager.com unpkg.com *.googleapis.com *.google.com *.freshteam.com; frame-src www.youtube.com *.clarity.ms *.bing.com *.licdn.com *.fibr.shop *.google.com *.hotjar.com *.hotjar.io tsdtocl.com; object-src 'none'; font-src 'self' *.clarity.ms *.bing.com *.licdn.com *.fibr.shop cdnjs.cloudflare.com *.rupeek.co rupeek.com *.rupeek.com youtube.com www.googletagmanager.com fonts.gstatic.com www.google-analytics.com *.google.com *.gstatic.com s3.amazonaws.com *.freshteam.com *.hotjar.com *.hotjar.io wss://*.hotjar.com api.factors.ai apis.sharechat.com *.taboola.com bcp.crwdcntrl.net data: maps.googleapis.com 1
default-src 'self'; connect-src 'self' https://*.ada.support https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com https://*.curator.io/; script-src 'unsafe-eval' https://*.googletagmanager.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com 'nonce-f07a2380-f6d7-446c-ac0a1bc81ad21b6d'; script-src-elem 'self' https://*.ada.support https://*.ads-twitter.com https://*.clarity.ms https://*.google-analytics.com https://*.licdn.com https://*.tarteaucitron.io https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://tarteaucitron.io https://www.googleadservices.com 'strict-dynamic' 'nonce-f07a2380-f6d7-446c-ac0a1bc81ad21b6d'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.com https://*.tarteaucitron.io https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://cdn.curator.io; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.linkedin.com https://*.mypurecloud.com https://analytics.twitter.com https://t.co https://tarteaucitron.io https://curator-assets.b-cdn.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://ssl.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; font-src 'self' https://fonts.gstatic.com data:;; base-uri 'none'; media-src 'self'; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.doubleclick.net https://*.mypurecloud.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com; form-action https://www.facebook.com; frame-ancestors 'none' 1
frame-ancestors 'self' *.instructure.com canvas.kings.edu.au canvas.parra.catholic.edu.au canvas.barker.college canvas.au.oneschoolglobal.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; worker-src blob: 1
base-uri 'self';connect-src 'self' *.analytics.google.com *.google-analytics.com *.tinypass.com bat.bing.com beagleider.tamedia.link c2.piano.io stats.g.doubleclick.net zuba.prod.tda.link;default-src 'none';font-src 'self' data:;frame-ancestors 'self';frame-src www.googletagmanager.com *.tinypass.com cdn.cxense.com;img-src 'self' data: blob: *.amazonaws.com *.google-analytics.com comcluster.cxense.com ib.adnxs.com www.google.ch www.google.com www.google.de www.google.it www.google.rs www.googletagmanager.com;script-src 'self' 'strict-dynamic' beagle.prod.tda.link www.googletagmanager.com 'unsafe-eval' 'nonce-6072c14973d7b83ac1a54f484413ae3c';style-src 'self' 'unsafe-inline';worker-src 'self';report-uri /csp-report 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src https:; object-src 'none'; frame-src https:; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ https://www.google.com/recaptcha/ https://fonts.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://js-agent.newrelic.com https://bam-cell.nr-data.net https://kit.fontawesome.com https://cdn.jsdelivr.net https://static.cloudflareinsights.com https://use.fontawesome.com http://www.google-analytics.com https://code.jquery.com/jquery-2.2.0.min.js 1
script-src 'self' static.omegazero.org x-0008.p.u9sv.com x-001a.p.u9sv.com 'sha256-Deekn20h+++EarpL0nFQLX7JSJv7s/2W9f988ZFAh14=' 'report-sample'; object-src 'none'; form-action 'self'; upgrade-insecure-requests; frame-ancestors 'self'; report-to sec-endpoint; report-uri https://api.omegazero.org/v2/meta/report?t=sec 1
default-src 'self'; connect-src * blob:; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * blob: 'unsafe-inline' 'unsafe-eval';  worker-src * blob: 'unsafe-inline' 'unsafe-eval'; child-src * blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src *.kameleoon.com *.kameleoon.eu *.kameleoon.io dock.ui.bosch.tech *.hotjar.io *.hotjar.com wss://*.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net vc.hotjar.io in.hotjar.com script.hotjar.com *.bosch-thermotechnology.com *.boschtt-documents.com www.bimstore.co.uk *.kittelberger.net *.mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; media-src *.boschtt-documents.com services.kittelberger.net *.mycliplister.com mycliplister.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' ; font-src *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net script.hotjar.com fonts.gstatic.com *.bosch-thermotechnology.com www.bosch-thermotechnology.us www.heizung-steuern.com fonts.gstatic.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: ; object-src data: 'self'; img-src *.kameleoon.eu *.kameleoon.com *.hotjar.com bott-tc2.nautilus bott-fs.nautilus bott-fs.kittelberger.net optimize.google.com www.google-analytics.com www.googletagmanager.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: data: blob:; style-src *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net *.bosch-thermotechnology.com cdn.datatables.net optimize.google.com fonts.googleapis.com www.bosch-easycontrol.com www.heizung-steuern.com www.bosch-thermotechnology.us *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' 'unsafe-inline' https: ; script-src *.kameleoon.eu *.kameleoon.com *.hotjar.com bott-fs.nautilus bott-fs.kittelberger.net dock.ui.bosch.tech optimize.google.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: 'unsafe-inline' 'unsafe-eval'; frame-src mailto: bosch.mi4biz.net www.boschthermolife.com junkers-de-de-b.boschtt-documents.com optimize.google.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https:; frame-ancestors bosch.mi4biz.net bott-fs.kittelberger.net *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com 'self' https: ; connect-src *.kameleoon.eu *.kameleoon.com *.kameleoon.io 'self' *.hotjar.io *.hotjar.com fi-v2-configs.global.commerce-connector.com api-eu.global.commerce-connector.com wss://*.hotjar.com  wss://endpoint.chatbot-suite.bosch.tech endpoint.chatbot-suite.bosch.tech  www.bosch-thermotechnology.com region1.google-analytics.com www.google-analytics.com *.bosch-homecomfort.com *.bosch-homecomfortgroup.com *.bosch-industrial.com dock.ui.bosch.tech mycliplister.com *.mycliplister.com stats.g.doubleclick.net *.googleapis.com *.hotjar.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'             https://fonts.gstatic.com             https://www.gstatic.com             https://js.hs-scripts.com             https://www.google.com             https://www.googleadservices.com             https://www.googletagmanager.com             https://www.google-analytics.com             https://ajax.googleapis.com             https://maps.googleapis.com             https://fonts.googleapis.com             https://developers.google.com             https://maps.gstatic.com             https://www.youtube.com             https://connect.facebook.net             https://www.facebook.com             https://code.jquery.com             https://cdnjs.cloudflare.com             https://acsbapp.com             https://cdn.acsbapp.com             https://script.crazyegg.com             https://cdn.callrail.com             https://js.callrail.com             https://googleads.g.doubleclick.net             https://stats.g.doubleclick.net             https://js.hsadspixel.net             https://js.hs-analytics.net             https://js.hs-banner.com             https://js.hscollectedforms.net             https://js.hsleadflows.net             https://forms.hubspot.com             https://forms.hsforms.com             https://track.hubspot.com             https://api.hubapi.com             https://bid.g.doubleclick.net             https://fast.fonts.net             https://scout.salesloft.com             https://scout-cdn.salesloft.com             https://widget.intercom.io             https://pi.pardot.com             https://js.intercomcdn.com             https://api-iam.intercom.io             wss://nexus-websocket-a.intercom.io             https://static.intercomassets.com             https://connect.bakerhill.com             https://fast.wistia.com             https://use.fontawesome.com             https://app.goconsensus.com             https://service.force.com             https://static.lightning.force.com             https://d.la1-c1cs-ia2.salesforceliveagent.com             https://d.la1-c1-ia2.salesforceliveagent.com             https://d.la1-c1-ph2.salesforceliveagent.com             https://d.la1-c1-ia6.salesforceliveagent.com             https://c1.sfdcstatic.com             https://bakerhill.my.salesforce.com             https://community.bakerhill.com             https://cdn.userway.org             https://api.userway.org             https://ws.zoominfo.com             https://www.buzzsprout.com             https://assets.buzzsprout.com             https://play.goconsensus.com             https://player.vimeo.com             https://platform.twitter.com             https://syndication.twitter.com             https://analytics.google.com             https://td.doubleclick.net             https://d.la1-core2.sfdc-lywfpd.salesforceliveagent.com             https://cdn77.api.userway.org             data: 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.googletagmanager.com https://*.youtube.com https://cdn.cookielaw.org https://*.onetrust.com https://walls.io https://*.walls.io https://challenges.cloudflare.com  https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.ggpht.com *.googleusercontent.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.md https://yastatic.net static.cloudflareinsights.com https://unpkg.com https://*.bing.com https://api.swiftype.com; img-src 'self' data: https://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com https://*.googlesyndication.com https://*.google.com *.googleusercontent.com https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://i.ytimg.com https://cdn.cookielaw.org https://*.bing.com; frame-src 'self' https://www.youtube-nocookie.com https://walls.io https://*.walls.io https://challenges.cloudflare.com https://momento360.com https://*.google.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.md https://yastatic.net https://showpark.containex.com/; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com; connect-src 'self' data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.google.com https://cdn.cookielaw.org https://*.onetrust.com https://*.googleapis.com https://*.gstatic.com https://mc.yandex.ru https://mc.yandex.by https://mc.yandex.ua https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.md https://yastatic.net cloudflareinsights.com https://ipmeta.io https://*.containex.com https://*.lkw-walter.com https://*.instana.io https://*.bing.com https://*.swiftype.com; form-action 'self' 1
default-src 'self' 'nonce-WmtMSGFxTEpFQm9ETWYwUnptUFhRd0FBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms 'nonce-WmtMSGFxTEpFQm9ETWYwUnptUFhRd0FBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com; style-src 'self' fonts.googleapis.com 'nonce-WmtMSGFxTEpFQm9ETWYwUnptUFhRd0FBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com; base-uri 'self'; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report; 1
default-src 'self' ws: wss: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.pages05.net *.publitas.com *.publitastest.nl *.googletagmanager.com https://www.google-analytics.com https://kit.fontawesome.com https://use.fontawesome.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdn.datatables.net *.facebook.com  *.facebook.net *.episerver.net *.bing.com *.virtualearth.net www.usaepay.com sandbox.usaepay.com *.fluidpay.com https://cdn.jsdelivr.net http://api.getcandid.com https://content-getcandid.netdna-ssl.com https://maps.googleapis.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://acsbapp.com https://cdn.mouseflow.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.datatables.net *.publitas.com *.fontawesome.com *.typekit.net *.episerver.net *.bing.com http://api.getcandid.com https://optimize.google.com ; font-src 'self' https://fonts.gstatic.com *.fontawesome.com *.typekit.net https://acsbapp.com/ data:; connect-src 'self' *.publitas.com *.publitastest.nl *.fontawesome.com https://analytics.google.com https://www.google-analytics.com https://dc.services.visualstudio.com ws: wss: *.bing.com *.virtualearth.net https://cdn.acsbapp.com/ https://*.mouseflow.com/ https://stats.g.doubleclick.net/; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com  data: http: https:; child-src 'self' *.powerbi.com *.vimeo.com *.youtube.com *.facebook.com; frame-src 'self' *.publitas.com *.local *.creativecoop.com *.bloomingville.us *.illumecandles.com *.youtube.com sandbox.usaepay.com www.usaepay.com http://api.getcandid.com https://www.google.com/  https://www.pages05.net/ https://*.acsbapp.com/ https://stats.g.doubleclick.net *.fluidpay.com https://optimize.google.com *.spott.ai; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net https://ct.pinterest.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://connect.facebook.net https://checkout.espaskincare.co.in https://www.espaskincare.co.in https://m.espaskincare.co.in https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; report-to report-endpoint 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-nrq+EHhAVyfcJ+LgdBXRy+aJhtjEbJPeJ6+ugNTrZ+Xg0jgq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';         script-src 'self' 'nonce-20240514041621' 'unsafe-eval' https://www.undrr.org https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://cdnjs.cloudflare.com https://publish.preventionweb.net https://www.undrr.org;         style-src 'self' 'unsafe-inline' https://publish.preventionweb.net https://www.preventionweb.net https://www.undrr.org;         img-src 'self' data: blob: https://publish.preventionweb.net https://www.undrr.org;         font-src 'self' https://www.undrr.org https://code.ionicframework.com;         connect-src 'self' https://www.google-analytics.com blob: https://publish.preventionweb.net https://www.undrr.org;         manifest-src 'self';         frame-src 'self' https://datawrapper.dwcdn.net https://www.youtube.com  https://publish.preventionweb.net https://www.undrr.org;         worker-src 'self';         child-src 'self';         form-action 'self';         frame-ancestors 'self';         object-src 'none';         base-uri 'self'; 1
default-src 'self' *.adopted.com *.clarity.ms *.cookiebot.com fonts.googleapis.com fonts.gstatic.com static.cloudflareinsights.com *.cloudflare.com *.vimeo.com *.vimeocdn.com *.vumbnail.com *.paypal.com *.na.bambora.com  *.plandisc.com *.bambora.com *.googleapis.com api.shareasale.com *.shareasale.com *.shareasale-analytics.com shareasale-analytics.com v6.exchangerate-api.com cdn.linkedin.oribi.io *.ziggeo.com *.youtube.com *.google.com *.google.co.in *.googleadservices.com *.bing.com *.g.doubleclick.net *.facebook.com *.facebook.net *.outbrain.com *.licdn.com *.google-analytics.com ws.interfax.net *.paypalobjects.com 'unsafe-inline' *.googleapis.com *.googletagmanager.com *.jquery.com *.trustpilot.com *.trustpilot.net seal-mbc.bbb.org data: 'unsafe-inline' 'unsafe-eval';  img-src 'self' blob: data: *.adopted.com *.vimeocdn.com *.vumbnail.com *.clarity.ms *.na.bambora.com *.shareasale.com *.shareasale-analytics.com secure.trust-guard.com *.googleapis.com *.googleadservices.com *.bing.com *.facebook.com *.facebook.net *.g.doubleclick.net *.outbrain.com *.paypal.com *.licdn.com p.adsymptotic.com *.google.com *.linkedin.com *.googletagmanager.com *.google.co.in  px.ads.linkedin.com *.amazonaws.com *.ziggeo.com *.youtube.com *.google-analytics.com maps.gstatic.com seal-mbc.bbb.org; object-src data: 'unsafe-eval'; 1
frame-ancestors 'self' https://secure.quantumgateway.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-TDfTqtc36cNXIx8EXsw2RQa1w/VLzjmDBQAQaUqlSIt7g0fi' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src *; base-uri 'self'; img-src data: *; style-src 'self' fonts.googleapis.com www.gstatic.com www.youtube.com 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.google.com www.gstatic.com maps.googleapis.com cdn.matomo.cloud https://groupe-uneo.fr https://groupeuneo.matomo.cloud https://script.tolk.ai https://tarteaucitron.io https://cdn.tarteaucitron.io https://www.youtube.com; frame-ancestors 'self' https://groupe-uneo.fr https://script.tolk.ai https://www.youtube.com 1
default-src 'self'; report-uri https://cool110.report-uri.com/r/d/csp/enforce; report-to default 1
upgrade-insecure-requests;                  style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com *.lytics.io;                  script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.segment.com www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org connect.facebook.net *.doubleclick.net pghub.io feed.pghub.io pandg.tapad.com *.lytics.io;                  manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com;                  font-src 'self' assets.ctfassets.net feed.pghub.io pandg.tapad.com;                  frame-ancestors 'none' feed.pghub.io pandg.tapad.com;                  frame-src 'self' *.doubleclick.net feed.pghub.io consumersupport.pg.com pandg.tapad.com;                     img-src 'self' data: *.lytics.io assets.ctfassets.net images.ctfassets.net pixel.tapad.com cdn.cookielaw.org *.doubleclick.net www.facebook.com res.cloudinary.com www.google-analytics.com www.googletagmanager.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com;                   connect-src 'self' *.analytics.google.com *.google-analytics.com cdn.cookielaw.org *.googlesyndication.com *.algolia.net *.algolianet.com feed.pghub.io pandg.tapad.com api.segment.io match.adsrvr.org cdn.segment.com *.google.cz;                   base-uri 'none' feed.pghub.io pandg.tapad.com;                   default-src 'none' feed.pghub.io pandg.tapad.com; 1
img-src 'self' https: data:; frame-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://website.prod.ap1.cloud.nownz.co.nz/ https://nownz.my.salesforce.com/ https://webto.salesforce.com/ https://salesforce.com/ https://d1acq29e7jo33e.cloudfront.net; base-uri 'self'; style-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net 'unsafe-inline'; form-action 'self' https://*.facebook.com https://*.glimp.co.nz https://track.roeye.co.nz; frame-ancestors 'self'; default-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net; script-src 'self' https://*.sentry-cdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.mitel.io https://*.sentry.io https://sentry.io https://*.google.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.glimp.co.nz https://glimp.co.nz https://*.youtube.com https://youtube.com https://track.roeye.co.nz https://static.lightning.force.com/ https://service.force.com https://static.lightning.force.com 'unsafe-eval' https://nownz.my.site.com/ https://c.la2-c1-hnd.salesforceliveagent.com/ https://d.la2-c1-hnd.salesforceliveagent.com/ https://c.la2-c1-ukb.salesforceliveagent.com/ https://d.la2-c1-ukb.salesforceliveagent.com/ https://d1acq29e7jo33e.cloudfront.net 'unsafe-inline'; report-uri https://sentry.io/api/1296255/security/?sentry_key=c1a37a356e7b417a9b592b66a2ad29d2 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://libretooth.gr; img-src 'self' https: data: blob: https://libretooth.gr; style-src 'self' https://libretooth.gr 'nonce-sT+V/mfEsDwSGjIw9xTXVg=='; media-src 'self' https: data: https://libretooth.gr; frame-src 'self' https:; manifest-src 'self' https://libretooth.gr; form-action 'self'; child-src 'self' blob: https://libretooth.gr; worker-src 'self' blob: https://libretooth.gr; connect-src 'self' data: blob: https://libretooth.gr https://libretooth.gr wss://libretooth.gr; script-src 'self' https://libretooth.gr 'wasm-unsafe-eval' 1
default-src 'self'; frame-src 'self' *.donorfy.com/ *.monday.com/ https://hubofhope.co.uk/ 360testbed.co/ *.nhs.uk/ *.facebook.com/ *.youtube.com/ *.vimeo.com/ *.google.com/ *.googleapis.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com/ https://hubofhope.co.uk/js/embed.js https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://feeds.trac.jobs/ *.google.com/ *.googleapis.com *.gstatic.com *.cqc.org.uk; font-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com/ https://feeds.trac.jobs/ *.googleapis.com  *.gstatic.com *.cqc.org.uk; img-src * data:; object-src 'self' blob:; connect-src 'self' https://maps.googleapis.com/ https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com https://region1.google-analytics.com translate.googleapis.com/ https://feeds.trac.jobs/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ 1
default-src 'self' fonts.gstatic.com xpress.jobs static.cloudflareinsights.com use.fontawesome.com stats.g.doubleclick.net *.google-analytics.com; style-src 'self' 'unsafe-inline'  *.s3-ap-southeast-1.amazonaws.com code.jquery.com maxcdn.bootstrapcdn.com use.fontawesome.com fonts.googleapis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.cloudflareinsights.com  *.s3-ap-southeast-1.amazonaws.com code.jquery.com maps.googleapis.com maxcdn.bootstrapcdn.com www.googleadservices.com snap.licdn.com googleads.g.doubleclick.net cdnjs.cloudflare.com maps.googleapis.com platform.linkedin.com *.facebook.com connect.facebook.net platform.twitter.com *.google-analytics.com *.googletagmanager.com *.google.lk *.google.com *.gstatic.com; frame-src 'self' platform.twitter.com bid.g.doubleclick.net www.youtube.com sea-hnb-chatbot-webapp-bot-prod.azurewebsites.net *.facebook.com *.google.com; img-src 'self' www.hnb.net maps.gstatic.com *.twitter.com  *.google-analytics.com *.googleapis.com *.google.lk *.google.com *.facebook.com code.jquery.com *.ggpht  data: https:; frame-ancestors 'self'; 1
img-src * data: *; 1
default-src 'self' *.nthrive.com *.codecorrect.com *.nthriveeducation.com 'unsafe-eval' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; frame-src 'self' data:; default-src 'self';img-src 'self' data:; 1
default-src 'self'; script-src 'self'  'unsafe-eval' 'unsafe-inline' *.googletagmanager.com https://silverairwayscorp.freshdesk.com https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.js https://cdn.botframework.com/botframework-webchat/latest/webchat.js https://widget.freshworks.com https://visitor2.constantcontact.com/api/v1/signup_forms/39278f38-d530-4461-b7fa-f27d8eef9c05 https://web.powerva.microsoft.com/* https://*.googleadservices.com *.googleapis.com *.gstatic.com https://googleads.g.doubleclick.net/* www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com http://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.min.js https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net; style-src 'self' 'unsafe-inline' https://s3.amazonaws.com/assets.freshdesk.com/widget/freshwidget.css https://silverairwayscorp.freshdesk.com https://widget.freshworks.com http://static.ctctcdn.com/js/signup-form-widget/current/signup-form-widget.css *.googleapis.com https://web.powerva.microsoft.com *.googletagmanager.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' https://widget.freshworks.com https://silverairwayscorp.freshdesk.com *.googletagmanager.com *.azureedge.net *.gstatic.com www.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com; media-src 'self' *.azureedge.net data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; frame-src 'self' https://www.youtube.com https://silverairwayscorp.freshdesk.com https://silverairwayscorp.freshdesk.com/widgets/feedback_widget/new https://forms.office.com/Pages/ResponsePage.aspx?id=KJycH5sV70GXn0F7r1N4hB69l1YDxIxEooAkzy56W3JUQkZHM09XS1pVMlRGR1lRN0hBU0FCWVNXQy4u https://web.powerva.microsoft.com/environments/Default-1f9c9c28-159b-41ef-979f-417baf537884/bots/new_bot_422d86f741024235b3eae28e328b18bb/webchat https://www.google.com/recaptcha/ www.google.com%0d%0a  https://recaptcha.google.com; connect-src 'self' 'unsafe-inline' https://listgrowth.ctctcdn.com/v1/a18d6b97e126cb9e1d703077aa9824b0.json 'https://visitor2.constantcontact.com/api/* https://visitor2.constantcontact.com/api/v1/signup_forms/39278f38-d530-4461-b7fa-f27d8eef9c05  https://web.powerva.microsoft.com/* https://powerva.microsoft.com/api/botmanagement/v1/directline/directlinetoken* https://widget.freshworks.com https://silverairwayscorp.freshdesk.com *.googletagmanager.com *.googleadservices.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.google-analytics.com *.mktoresp.com *.visualstudio.com; 1
frame-ancestors 'self' https://www.youtube.com; upgrade-insecure-requests 1
upgrade-insecure-requests; default-src 'self'; font-src 'self' https://fonts.gstatic.com  https://maxcdn.bootstrapcdn.com/font-awesome/ https://ka-p.fontawesome.com https://c.disquscdn.com https://disqus.com https://*.tagbox.com https://*.taggbox.com data:; style-src 'self' 'unsafe-inline' https://www.doble.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://widget.taggbox.com; style-src-elem 'self' 'unsafe-inline' https://www.doble.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://widget.taggbox.com; frame-src 'self' https://www.facebook.com https://platform.twitter.com/ https://bid.g.doubleclick.net https://td.doubleclick.net https://player.vimeo.com https://www.google.com/ https://go.pardot.com/ https://view.publitas.com/ https://www2.doble.com/ https://disqus.com/ https://vimeo.com https://www.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.doble.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://pi.pardot.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://www.googletagmanager.com https://bam.nr-data.net https://www2.doble.com https://www.googleadservices.com https://snap.licdn.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://kit.fontawesome.com  https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.publitas.com https://maps.googleapis.com https://dobleblog.disqus.com https://cdn-cookieyes.com https://*.cookieyes.com https://player.vimeo.com https://*.tagbox.com https://*.taggbox.com blob: data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://www.doble.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com https://pi.pardot.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://www.googletagmanager.com https://bam.nr-data.net https://www2.doble.com https://www.googleadservices.com https://snap.licdn.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://kit.fontawesome.com  https://www.google.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://view.publitas.com https://maps.googleapis.com https://dobleblog.disqus.com https://cdn-cookieyes.com https://*.cookieyes.com https://player.vimeo.com https://*.tagbox.com https://*.taggbox.com blob: data:; connect-src 'self' https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://bam.nr-data.net https://googleads.g.doubleclick.net https://ka-p.fontawesome.com https://maps.googleapis.com https://*.wpe.clients.hosted-elasticpress.io https://cdn.linkedin.oribi.io https://cdn-cookieyes.com https://*.cookieyes.com https://pagead2.googlesyndication.com https://*.linkedin.com/ https://*.tagbox.com https://*.taggbox.com https://www.google.com ; img-src 'self' https://www.doble.com https://s.w.org https://www.google-analytics.com https://www.facebook.com http://www.w3.org https://secure.gravatar.com https://syndication.twitter.com https://px.ads.linkedin.com https://www.google.com https://p.adsymptotic.com https://www.linkedin.com https://www.googletagmanager.com https://maps.gstatic.com https://maps.googleapis.com https://referrer.disqus.com https://c.disquscdn.com https://px4.ads.linkedin.com/ https://cdn-cookieyes.com https://*.cookieyes.com https://*.tagbox.com https://*.taggbox.com https://*.twimg.com https://ui-avatars.com https://media.licdn.com data:; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.google.com *.googleapis.com *.jquery.com *.cloudflare.com *.bootstrapcdn.com *.jsdelivr.net *.facebook.net *.facebook.com *.taboola.com *.youtube.com *.googletagmanager.com *.amazonaws.com *.gstatic.com tenor.com *.paypal.com *.maxcdn.com *.googlesyndication.com *.viralhog.com *.outbrain.com *.google-analytics.com *.googleadservices.com *.2mdn.net *.google.ca *.google.nl *.google.co.uk *.google.be *.google.de *.google.fr *.google.pt *.google.es *.google.ch; 1
connect-src 'self' *.facebook.com *.facebook.net  *.google-analytics.com maps.googleapis.com 'unsafe-inline' 'unsafe-eval'; default-src 'self';  script-src 'self' connect.facebook.net graph.facebook.com *.google.com  maps.googleapis.com www.google-analytics.com/analytics.js *.twitter.com *.uservoice.com assets.uvcdn.com cdn.syndication.twimg.com www.gstatic.com cdn.jsdelivr.net  'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com platform.twitter.com 'unsafe-inline';img-src * data: blob:;font-src 'self' fonts.gstatic.com; frame-src 'self' https:; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://www.datocms-assets.com https://*.mux.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.infogram.com https://player.vimeo.com https://*.vimeocdn.com https://*.youtube.com https://youtube.com/ https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://fonts.gstatic.com https://cdn.cookielaw.org https://*.onetrust.com https://symbio-main.cloud.symbio.agency https://app.sli.do *.wowza.com 1
object-src * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' files.gpxpl.us pagead2.googlesyndication.com https://pagead2.googlesyndication.com www.google-analytics.com www.gstatic.com gpxplus.s3-website-us-west-2.amazonaws.com https://gpxplus.s3.amazonaws.com https://apis.google.com platform.twitter.com https://platform.twitter.com static.gpx.plus https://static.gpx.plus ap.lijit.com * 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src * 1
img-src 'self' ttrecms.com *.ttrecms.com siteintercept.qualtrics.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ttrecms.com *.ttrecms.com *.google.com *.gstatic.com *.siteintercept.qualtrics.com siteintercept.qualtrics.com; frame-src 'self' ttrecms.com *.ttrecms.com *.google.com *.qualtrics.com siteintercept.qualtrics.com; font-src 'self' 'unsafe-inline' ttrecms.com *.ttrecms.com *.google.com *.googleapis.com *.gstatic.com siteintercept.qualtrics.com; style-src 'self' 'unsafe-inline' ttrecms.com *.ttrecms.com *.ttrus.com *.google.com *.googleapis.com siteintercept.qualtrics.com; default-src 'self' ttrecms.com *.ttrecms.com siteintercept.qualtrics.com; 1
default-src 'self'; script-src 'self' qrc: 'nonce-NzZhNDk2MmYtYjcyYy00YTRmLThkY2UtYzUzMzcwMDAwNzJl' 'strict-dynamic' www.youtube.com *.googletagmanager.com googletagmanager.com tagmanager.google.com http://static.geevisit.com https://gcaptcha4.geetest.com https://gcaptcha4.geetest.com https://static.geetest.com https://cdn.cookielaw.org; style-src 'self' 'unsafe-inline' fonts.googlefonts.cn fonts.googleapis.com *.googletagmanager.com googletagmanager.com tagmanager.google.com https://static.geetest.com https://static.geevisit.com; img-src 'self' blob: data: https: ; font-src 'self' data: fonts.gstatic.com fonts.gstatic.googlefonts.cn; media-src 'self' *.bambulab.cn *.bambulab.com *.bblmw.cn *.bblmw.com; connect-src 'self' https:; frame-src www.youtube-nocookie.com www.facebook.com; object-src 'none'; base-uri 'self'; form-action 'self' https:; frame-ancestors 'none'; block-all-mixed-content; report-uri /api/_csp_report; 1
frame-ancestors 'self' app.firedrumemailmarketing.com fdsend.com fdhv1.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-8yyau474Z9BIcUvy+dRB0ydZyiFs7S2D6trulw2P8OI+kEvF' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src data: 'self' https://widgetbot.io https://e.widgetbot.io ws://localhost:35729/ https://www.paypal.com https://*.paddle.com https://sandbox-create-checkout.paddle.com https://create-checkout.paddle.com https://sandbox-buy.paddle.com https://buy.paddle.com https://*.profitwell.com; img-src 'self' https://*.lawlietbot.xyz/ https://cdn.discordapp.com/ https://*.donmai.us/ https://*.rule34.xxx/ https://*.paheal.net/ https://realbooru.com/ https://*.e621.net/ https://safebooru.org/ https://www.paypal.com https://cdn.paddle.com https://*.profitwell.com https://dna8twue3dlxq.cloudfront.net; media-src 'self' https://*.lawlietbot.xyz/ https://*.donmai.us/ https://*.rule34.xxx/ https://*.paheal.net/ https://realbooru.com/ https://*.e621.net/ https://safebooru.org/; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' ajax.cloudflare.com https://cdn.jsdelivr.net https://www.paypal.com https://*.paddle.com https://*.profitwell.com https://polyfill.io https://*.googleapis.com https://*.sentry-cdn.com; style-src https://*.paddle.com https://*.profitwell.com 'unsafe-inline' 'self'; frame-src https://*.paddle.com; frame-ancestors https://top.gg https://discords.com https://wumpus.store; base-uri 'self' 1
default-src * data: mediastream: blob: filesystem: about: ws: wss: 'unsafe-eval' 'wasm-unsafe-eval' 'unsafe-inline';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://analytics.google.com https://*/is https://*.mountain.com https://googleads.g.doubleclick.net https://*.oribi.io https://*.tyndall.org https://*.livechatinc.com https://*.onetrust.com https://*.cookiepro.com *.locatorsearch.com wss://*.hotjar.com https://*.youtube-nocookie.com https://webapi.gosite.com https://dufzo4epsnvlh.cloudfront.net https://www.local-marketing-reports.com https://*.addthisedge.com https://s3.amazonaws.com https://*.addthis.com https://*.formstack.com https://recruiting.paylocity.com https://*.googletagmanager.com https://netdna.bootstrapcdn.com https://platform.twitter.com https://*.ytimg.com https://*.typekit.net https://*.youtube.com https://www.google.com https://www.gstatic.com https://*.hotjar.io https://*.hotjar.com wss://*.hotjar.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.lk-cs.com https://lkcsunix.com https://*.licdn.com https://*.linkedin.com https://p.adsymptotic.com https://js.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net https://forms.hscollectedforms.net https://forms.hsforms.com https://track.hubspot.com; frame-ancestors 'self' https://www.youtube.com; 1
Content-Security-Policy: default-src  https://*.agero.com https://info.agero.com https://*.hubspot.com https://www.agero.com https://*.hubapi.com; frame-src https://info.agero.com https://driverspremier.com https://*.hubspot.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: http: https:; 1
report-to production; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.list-manage.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://code.jquery.com/jquery-1.11.3.min.js https://code.jquery.com/jquery-migrate-1.2.1.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com; default-src 'self' https://web-storage.ascentresources.com; style-src 'self' data: 'report-sample' 'unsafe-inline' https://cdn-images.mailchimp.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net; img-src 'self' data: blob: https://*.google-analytics.com https://web-storage.ascentresources.com https://www.googletagmanager.com https://www.gravatar.com; worker-src 'self'; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://web-storage.ascentresources.com https://releases.wagtail.org; frame-src 'self' https://www.google.com; report-uri https://9d223fa0c21171bca21b1685b84555fb.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://fingov-prod.softco.com:8443 https://fingov-prod.softco.com; 1
default-src https: 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;style-src * 'self' data: 'unsafe-inline';script-src 'self' https://cdnjs.cloudflare.com https://www.googletagmanager.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com; object-src 'none' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.photoserge.com https://www.jimmeskimencourse.com https://www.sergepresets.com https://www.mobilephototraining.com https://www.photoserge.fr https://www.creator-secrets.com https://www.craigalexanderacademy.com https://library.theweddingcourse.com https://archive.kelvindesigns.com https://www.charlysimontraining.com 1
default-src 'self' https://www.excelsoftcorp.com https://www.google.com; script-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://nitroscripts.com https://excelsoftcorp.zohorecruit.com https://static.zohocdn.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://www.googleadservices.com https://snap.licdn.com https://unpkg.com https://consentcdn.cookiebot.com https://*.nitrocdn.com https://consent.cookiebot.com https://code.jquery.com https://connect.facebook.net https://beacon-v2.helpscout.net https://tag.getdrip.com https://nitropack.io https://static.zdassets.com https://*.nitrocdn.com https://www.youtube.com https://www.google.com/recaptcha/ https://*.zoho.com https://crm.zohopublic.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://excelsoftcorp.zohorecruit.com https://static.zohocdn.com https://code.jquery.com https://unpkg.com https://*.nitrocdn.com https://beacon-v2.helpscout.net https://fonts.googleapis.com;img-src 'self' data: https://www.googletagmanager.com https://excelsoftcorp.zohorecruit.com https://static.zohocdn.com https://px4.ads.linkedin.com https://smartslider3.com https://px.ads.linkedin.com https://googleads.g.doubleclick.net https://i.ytimg.com https://img.youtube.com https://code.jquery.com https://s.w.org https://beacon-v2.helpscout.net https://api.monsterinsights.com https://nitropack.io https://*.nitrocdn.com https://secure.gravatar.com https://www.google-analytics.com https://crm.zohopublic.com https://www.youtube.com https://www.google.com https://www.linkedin.com https://www.facebook.com https://www.twitter.com https://www.google.co.in https://*.nitrocdn.com https://pagead2.googlesyndication.com https://*.cookiebot.com; font-src 'self' https://cdnjs.cloudflare.com https://*.nitrocdn.com https://fonts.gstatic.com https://www.google-analytics.com data: ;connect-src 'self' https://excelsoftcorp.zohorecruit.com https://googleads.g.doubleclick.net https://analytics.google.com https://www.google.com https://pagead2.googlesyndication.com https://crm.zohopublic.com https://px.ads.linkedin.com https://*.linkedin.oribi.io https://www.googletagmanager.com https://*.nitrocdn.com https://consentcdn.cookiebot.com https://*.cloudfront.net https://nitropack.zendesk.com https://zendesk-eu.my.sentry.io https://ekr.zdassets.com https://nitropack.io https://yoast.com https://to.getnitropack.com https://*.zoho.com https://www.google-analytics.com https://stats.g.doubleclick.net;object-src 'none';frame-ancestors 'self';base-uri 'self';form-action 'self' https://analytics.wponlinesupport.com/ https://crm.zoho.com https://zoho.com https://forms.zohopublic.com;frame-src 'self' data: https://www.videoask.com/ https://streamyard.com https://youtube.com https://td.doubleclick.net https://smartslider3.com https://www.excelsoftcorp.com https://crm.zoho.com https://consentcdn.cookiebot.com https://platform.twitter.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google.com; 1
frame-ancestors 'self'; report-uri https://columbiaasia.report-uri.com/r/d/csp/enforce 1
script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; img-src 'self' https:; 1
frame-ancestors 'self' *.toppoint.de; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Ik4NZwblMHEkVvFvpcpnTRu5J/ffIDj42FNuiqfoA4Bxl2Ls' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.assets.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://mycliplister.com  https://*.mycliplister.com  https://*.peakprotect.com  https://*.pingdom.net  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kelkoogroup.net  https://s.kk-resources.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.be  https://www.google.com  https://www.google.cz  https://www.google.nl  https://www.google.pl  https://www.google.sk  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  'unsafe-inline'  https://*.adyen.com  https://*.abettertomorrow-lidl-ni.co.uk  data:  https://csp.cre.lidl-shop.com; frame-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.cookiebot.com  https://*.creativecdn.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.pingdom.net  https://balancechecks.tx-gate.com  https://bidswitch.net  https://creativecdn.com  https://form.lidl.com  https://forms-prod.enc-test.de/  https://ldl.viewer.cit-fusion.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube-nocookie.com  https://*.youtube.com  https://www.googletagmanager.com  https://www.lidl-gewinnspiel.de  https://www.youtube.com  'unsafe-inline'  https://*.adyen.com  https://*.abettertomorrow-lidl-ni.co.uk; img-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.360yield.com  https://*.addthis.com  https://*.adnxs.com  https://*.assets.schwarz  https://*.bing.com  https://*.cat-ret.assets.lidl  https://*.cdn.flavedo.io  https://*.cookiebot.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-onlinenewsletter.de  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.mycliplister.com  https://*.retail.lidl.net  https://*.retail.vdc.lidl  https://*.searchhub.io  https://*.smartadserver.com  https://*.virtualearth.net  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://cm.adform.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://size.lidl.com  https://s.kelkoogroup.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.adobe.com  https://www.awin1.com  https://cdn.flavedo.io  https://www.google.at  https://www.google.ba  https://www.google.be  https://www.google.bg  https://www.google.ch  https://www.google.co.uk  https://www.google.com  https://www.google.com.bd  https://www.google.com.tr  https://www.google.com.ua  https://www.google.cz  https://www.google.de  https://www.google.dk  https://www.google.es  https://www.google.fr  https://www.google.gr  https://www.google.hr  https://www.google.hu  https://www.google.ie  https://www.google.is  https://www.google.it  https://www.google.lt  https://www.google.lu  https://www.google.lv  https://www.google.md  https://www.google.nl  https://www.google.no  https://www.google.pl  https://www.google.pt  https://www.google.ro  https://www.google.rs  https://www.google.ru  https://www.google.se  https://www.google.sk  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://www.w3.org  https://x.bidswitch.net  https://youtube.com  https://*.creativecdn.com  https://*.youtube.com  https://www.googletagmanager.com  https://lidlplusprod.blob.core.windows.net  https://upeimagesprd.blob.core.windows.net  https://lidlplusstorage.blob.core.windows.net  https://c1.adform.net  https://ce.lijit.com  https://criteo-partners.tremorhub.com  https://*.teads.tv  https://dpm.demdex.net  https://e1.emxdgt.com  https://eb2.3lift.com  https://exchange.mediavine.com  https://hb.yahoo.net  https://id5-sync.com  https://jadserve.postrelease.com  https://matching.ivitrack.com  https://pixel.rubiconproject.com  https://*.casalemedia.com  https://sync-criteo.ads.yieldmo.com  https://rt.udmserve.net  https://ssc-cms.33across.com  https://ads.yieldmo.com  https://s.seedtag.com  https://sync.go.sonobi.com  https://fast.nexx360.io  'unsafe-inline'  https://*.adyen.com  data:; object-src 'self'  https://*.facebook.com  https://*.facebook.net  https://*.batch.com  https://*.cookiebot.com  https://*.leaflets.schwarz  https://*.lidl-shop.com  https://*.lidl.de  https://*.livebuy.io  https://asset.schwarz  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  data:; script-src 'self'  blob:  https://*.facebook.com  https://*.facebook.net  https://*.api.schwarz  https://*.batch.com  https://*.bing.com  https://*.cookiebot.com  https://*.creativecdn.com  https://*.exactag.com  https://*.instana.io  https://*.kameleoon.com  https://*.kameleoon.eu  https://*.kameleoon.io  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.com  https://*.lidl.de  https://*.livebuy.io  https://*.medallia.eu  https://*.peakprotect.com  https://*.pingdom.net  https://*.searchhub.io  https://*.virtualearth.net  https://adservice.google.com  https://asset.schwarz  https://bidswitch.net  https://cdn.cookielaw.org  https://*.clarity.ms  https://creativecdn.com  https://form.lidl.com  https://*.onetrust.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://s.kk-resources.com  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://*.doubleclick.net  https://test.formcycle.vdc.lidl  https://www.awin1.com  https://www.google.com  https://www.gstatic.com  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-eval'  'unsafe-inline'  about:  https://localhost  https://*.adyen.com  data:; style-src 'self'  https://*.bing.com  https://*.cookiebot.com  https://*.kampyle.com  https://*.leaflets.schwarz  https://*.lidl-flyer.com  https://*.lidl-shop.com  https://*.lidl.de  https://*.medallia.eu  https://bidswitch.net  https://form.lidl.com  https://lidl.de  https://lidl.media01.eu  https://*.google-analytics.com  https://region1.analytics.google.com  https://sdk.virtualearth.net  https://searchhub.io  https://sentry.int.secrz.com  https://spatial.virtualearth.net  https://test.formcycle.vdc.lidl  https://www.google.com  https://www.gstatic.com  https://www.lidl-shop.be  https://www.lidl-shop.cz  https://www.lidl-shop.nl  https://www.lidl-shop.sk  https://www.lidl-sklep.pl  https://youtube.com  https://*.youtube.com  https://www.googletagmanager.com  'unsafe-inline'; frame-ancestors 'self'  https://*.lidl.com  https://*.livebuy.io; report-uri https://csp.cre.lidl-shop.com/csp/report; base-uri 'self'; form-action 'self'  https://*.facebook.com  https://*.facebook.net  https://accounts.lidl.com  https://survey.g.doubleclick.net; 1
script-src 'self' https://*.savana.cz 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src https:; object-src 'none' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-U+Eq+pmNc5nNpFB7w7oXvyX/5e7aTIy9fL/593XNyJre4UPg' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de ebikes.us3.list-manage.com *.canadapost.ca https://sso.epost.ca 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.ytimg.com *.youtube.com *.google.com *.googleapis.com *.gstatic.com blob: api.demo.convergepay.com api.convergepay.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.ytimg.com *.youtube.com *.google.com *.googleapis.com *.gstatic.com https://img.youtube.com mageside.com *.canadapost.ca *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com *.devdocs.magento.com *.magento.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com api.demo.convergepay.com api.convergepay.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com https://www.gstatic.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com *.devdocs.magento.com *.google-analytics.com https://www.gstatic.com api.demo.convergepay.com api.convergepay.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.youtube.com *.ytimg.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Nl18nwJW6YBp3O/0TPfnsiCf5KkpSsHdy/pxd6ecFWVfppta' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src *;   img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;   style-src  'self' 'unsafe-inline' * 1
upgrade-insecure-requests; frame-ancestors 'self'; report-to default; 1
default-src 'self' frontend-services.ionos.com; img-src 'self' data: *.ionos.de *.uicdn.net; font-src 'self' cors.uicdn.net ce1.uicdn.net; script-src 'nonce-xjMU6PXZWip/tCcFxxIsU6+cvHCDulUjuSZtBh9mRxY=' 'strict-dynamic' 'self' tif.ionos.de frontend-services.ionos.com ce1.uicdn.net var.uicdn.net; style-src 'self' frontend-services.ionos.com ce1.uicdn.net var.uicdn.net 'nonce-xjMU6PXZWip/tCcFxxIsU6+cvHCDulUjuSZtBh9mRxY='; frame-src data: 'self' *.ionos.de *.ionos.com; child-src data: 'self' *.ionos.de; connect-src 'self' ahab.ionos.com sherlock.de.ac1.server.lan sherlock.ionos.de sentry.ionos.com hed.ionos.de navigation.ionos.de frontend-services.ionos.com t.ionos.de 4tdc8ll7wtnf.statuspage.io; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; report-uri https://sentry.ionos.com/api/37/security/?sentry_key=b4a988ca9dc347169637be0cf1105ce4 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NjIzMGRiY2VlZmMyNDA5ZThjYWI3MzRjMDNlNDE2ZjA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.nix18.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.nix18.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.nix18.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; report-uri https://ssl.bescript.de/csp/; 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; connect-src * 'unsafe-inline'; media-src * 'self' blob: data:; frame-src * 1
1 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.fonts.net *.google.com *.gstatic.com *.googleapis.com *.jquery.com *.onenorth.com *.oniqa.com *.onistaged.com *.amazonaws.com *.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net *.gray.com *.blob.core.windows.net *.visitor-track.com *.onetrust.com *.cookielaw.org *.youtube.com *.youtube-nocookie.com *.cnbc.com *.vimeo.com vimeo.com *.licdn.com cdn.linkedin.oribi.io  *.linkedin.com *.bing.com *.googleadservices.com *.facebook.net geoip-js.com ml314.com *.clarity.ms *.adobe.com ; img-src * data:; frame-ancestors 'self' https://gray.cmicpaas.com; font-src 'self' data: *.gstatic.com ; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xlbygg.getadigital.cloud https://*.googletagmanager.com https://*.cookieinformation.com https://*.google-analytics.com https://*.googleadservices.com https://sc-static.net https://*.facebook.net https://*.doubleclick.net https://*.googleapis.com https://*.youtube.com https://*.vimeocdn.com https://*.vimeo.com https://*.snapchat.com https://*.visualwebsiteoptimizer.com https://*.mapbox.com https://helloretailcdn.com https://*.helloretail.com https://*.vev.page https://*.vev.design; style-src 'self' 'unsafe-inline' https://*.xlbygg.getadigital.cloud https://*.googleapis.com https://*.google.com https://*.mapbox.com https://helloretailcdn.com https://*.helloretail.com; img-src 'self' data: https://*.xlbygg.getadigital.cloud https://*.facebook.com https://*.google-analytics.com https://*.snapchat.com https://*.google.com https://*.google.no https://*.sanity.io https://gcc-mestergruppen.s3.eu-west-1.amazonaws.com https://*.visualwebsiteoptimizer.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.vev.design; font-src 'self' data: https://*.xlbygg.getadigital.cloud https://*.gstatic.com; connect-src 'self' blob: https://*.xlbygg.getadigital.cloud https://*.cookieinformation.com https://*.snapchat.com https://*.google-analytics.com https://*.doubleclick.net https://*.mapbox.com https://*.sanity.io https://*.google.com https://*.facebook.com https://*.sentry.io https://*.helloretail.com; base-uri 'self'; frame-ancestors 'self' https://xlbygg.sanity.studio https://studio.xlbygg.getadigital.cloud; frame-src 'self' https://*.cookieinformation.com https://*.snapchat.com https://*.facebook.com https://*.youtube.com; form-action 'self' https://*.snapchat.com https://*.facebook.com https://*.forms.app; manifest-src 'self'; media-src 'self' https://*.vev.design; object-src 'self'; child-src 'self' blob:; worker-src blob:; 1
default-src vacaf.org *.vacaf.org api-adresse.data.gouv.fr mailto: tel: ; font-src 'self' fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' api-adresse.data.gouv.fr; img-src 'self' https://*.openstreetmap.fr https://vacaf.org https://*.vacaf.org data:; frame-ancestors 'self' https://vacaf.org https://*.vacaf.org https://api-adresse.data.gouv.fr; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-5zYhy2Oc1hfwQKXzDnaWZwOnu' 'strict-dynamic'; frame-ancestors 'self' https://foodandwine.com https://www.chowhound.com https://www.nytimes.com https://luckypeach.com; manifest-src 'self' 1
manifest-src 'self' 1
frame-ancestors 'none'; frame-src 'self' https://www.facebook.com https://tpc.googlesyndication.com https://www.youtube.com https://qa.infotorg.no https://app.infotorg.no https://app-test.infotorg.no https://www.infotorg.no https://widget.trustpilot.com https://intercom-sheets.com/; object-src 'none'; base-uri 'none'; report-uri /report 1
default-src 'self' ;script-src data: blob: 'self' 'unsafe-eval' 'nonce-p4hjJozgnLtsvxyL' static.cloud.coveo.com www.zenaps.com www.dwin1.com *.r42tag.com *.usabilla.com *.google-analytics.com *.analytics.google.com www.googleadservices.com tags.nmrc.nl *.onmarc.nl *.doubleclick.net d6tizftlrpuof.cloudfront.net *.zilverenkruis.nl babm.texthelp.com surfly.com plus.browsealoud.com www.zorgkantoorfriesland.nl *.prolife.nl www.googletagmanager.com toolbar.speechstream.net apis.google.com bat.bing.com admin.relay42.com a.svtrd.com  ads.creative-serving.com www.browsealoud.com *.defriesland.nl static2.creative-serving.com survey.insocial.nl optimize.google.com *.interpolis.nl *.mopinion.com  *.fbto.nl connect.facebook.net cdn.harvest.graindata.com *.pingvp.com pingvp.com *.visualwebsiteoptimizer.com app.vwo.com www.awin1.com;style-src 'self' 'unsafe-inline' d6tizftlrpuof.cloudfront.net plus.browsealoud.com fonts.googleapis.com www.zilverenkruis.nl optimize.google.com *.pingvp.com;img-src data: blob: 'self' *.svtrd.com www.zenaps.com www.awin1.com www.google.com www.google.nl d6tizftlrpuof.cloudfront.net *.usabilla.com *.google-analytics.com *.analytics.google.com *.onmarc.nl *.zilverenkruis.nl plus.browsealoud.com usabilla-themes.s3-eu-west-1.amazonaws.com ads.creative-serving.com www.zorgkantoorfriesland.nl *.prolife.nl stats.g.doubleclick.net ad.doubleclick.net bat.bing.com www.browsealoud.com *.defriesland.nl *.r42tag.com admin.relay42.com speechstreamv3-webservices-8.texthelp.com www.gstatic.com *.fbto.nl www.insocial.nl www.facebook.com www.googletagmanager.com translate.google.com zilverenkruis-cdn.mcccm.eu *.pingvp.com i.vimeocdn.com dev.visualwebsiteoptimizer.com *.doubleclick.net *.googlesyndication.com;font-src data: 'self' fonts.gstatic.com fonts.googlapis.com d6tizftlrpuof.cloudfront.net  *.pingvp.com;connect-src blob: 'self' *.zilverenkruis.nl *.surfly.com surfly.com sentry.io *.prolife.nl *.zorgkantoorfriesland.nl plus.browsealoud.com pronunciation.speechstream.net api.usabilla.com babm.texthelp.com speech.speechstream.net *.google-analytics.com *.analytics.google.com pre-i-portaal.achmea.nl speechstreamv3-webservices-8.texthelp.com *.defriesland.nl *.mopinion.com www.browsealoud.com plusqa.browsealoud.com *.interpolis.nl *.fbto.nl bat.bing.com stats.g.doubleclick.net harvest-cm-achmea.ey.r.appspot.com controle.achmea.consentmonitor.nl *.tomtom.com *.visualwebsiteoptimizer.com app.vwo.com *.applicationinsights.azure.com wss://api.defriesland.nl:13443 wss://api.zilverenkruis.nl:13443 wss://api.interpolis.nl:13443 *.googlesyndication.com www.google.com googleads.g.doubleclick.net;media-src 'self' blob: *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.interpolis.nl *.fbto.nl *.pingvp.com;object-src 'self' ;child-src 'self' blob: t.svtrd.com player.vimeo.com surfly.com app.surfly.com d6tizftlrpuof.cloudfront.net www.zilverenkruis.nl www.zorgkantoorfriesland.nl www.prolife.nl content.googleapis.com vimeo.com secure.zilverenkruis.nl www.defriesland.nl optimize.google.com i-portaal.achmea.nl survey.insocial.nl secure.prolife.nl secure.defriesland.nl w.soundcloud.com *.doubleclick.net app.springcast.fm;frame-ancestors 'self' player.vimeo.com vimeo.com i-portaal.achmea.nl survey.insocial.nl *.doubleclick.net inloggen.achmea.nl p-portaal.achmea.nl app.vwo.com *.visualwebsiteoptimizer.com;;form-action 'self' t.svtrd.com *.achmea.nl *.zilverenkruis.nl *.zorgkantoorfriesland.nl *.prolife.nl *.defriesland.nl *.fbto.nl *.interpolis.nl broker.nxtid.nl;manifest-src 'self' ;upgrade-insecure-requests;block-all-mixed-content;report-uri https://zilverenkruis.ams.report-uri.com/r/t/csp/enforce; 1
child-src blob: www.google.com *.readyplayer.me https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ https://www.googletagmanager.com *.cookiebot.com www.recaptcha.net hiberworld.com *.hiberworld.com;connect-src http://hiberworld.com *.hiberworld.com ws://*.hiberworld.com *.hiberworld.com wss://*.hiberworld.com *.hiberworld.com blob: rum.browser-intake-datadoghq.eu readyplayerme.github.io *.cookiebot.com *.dive.games cdn.hibervr.com *.digitaloceanspaces.com *.googlesyndication.com *.readyplayer.me www.google-analytics.com googleads.g.doubleclick.net *.analytics.google.com www.google.com stats.g.doubleclick.net *.google.com readyplayerme-assets.s3.amazonaws.com unpkg.com *.alchemyapi.io *.alchemy.com cloudflare-eth.com wss://www.walletlink.org/rpc wss://*.walletconnect.org wss://*.walletconnect.com https://hiber-cdn.s3.eu-west-1.amazonaws.com;font-src hiberworld.com *.hiberworld.com;img-src data: blob: cdn.hibervr.com *.amazonaws.com *.readyplayer.me files.stripe.com *.googlesyndication.com https://rpm-model-viewer-proto.vercel.app consent.cookiebot.com hiberworld.com *.hiberworld.com www.google-analytics.com imgsct.cookiebot.com www.google.com www.google.ad www.google.ae www.google.com.af www.google.com.ag www.google.al www.google.am www.google.co.ao www.google.com.ar www.google.as www.google.at www.google.com.au www.google.az www.google.ba www.google.com.bd www.google.be www.google.bf www.google.bg www.google.com.bh www.google.bi www.google.bj www.google.com.bn www.google.com.bo www.google.com.br www.google.bs www.google.bt www.google.co.bw www.google.by www.google.com.bz www.google.ca www.google.cd www.google.cf www.google.cg www.google.ch www.google.ci www.google.co.ck www.google.cl www.google.cm www.google.cn www.google.com.co www.google.co.cr www.google.com.cu www.google.cv www.google.com.cy www.google.cz www.google.de www.google.dj www.google.dk www.google.dm www.google.com.do www.google.dz www.google.com.ec www.google.ee www.google.com.eg www.google.es www.google.com.et www.google.fi www.google.com.fj www.google.fm www.google.fr www.google.ga www.google.ge www.google.gg www.google.com.gh www.google.com.gi www.google.gl www.google.gm www.google.gr www.google.com.gt www.google.gy www.google.com.hk www.google.hn www.google.hr www.google.ht www.google.hu www.google.co.id www.google.ie www.google.co.il www.google.im www.google.co.in www.google.iq www.google.is www.google.it www.google.je www.google.com.jm www.google.jo www.google.co.jp www.google.co.ke www.google.com.kh www.google.ki www.google.kg www.google.co.kr www.google.com.kw www.google.kz www.google.la www.google.com.lb www.google.li www.google.lk www.google.co.ls www.google.lt www.google.lu www.google.lv www.google.com.ly www.google.co.ma www.google.md www.google.me www.google.mg www.google.mk www.google.ml www.google.com.mm www.google.mn www.google.com.mt www.google.mu www.google.mv www.google.mw www.google.com.mx www.google.com.my www.google.co.mz www.google.com.na www.google.com.ng www.google.com.ni www.google.ne www.google.nl www.google.no www.google.com.np www.google.nr www.google.nu www.google.co.nz www.google.com.om www.google.com.pa www.google.com.pe www.google.com.pg www.google.com.ph www.google.com.pk www.google.pl www.google.pn www.google.com.pr www.google.ps www.google.pt www.google.com.py www.google.com.qa www.google.ro www.google.ru www.google.rw www.google.com.sa www.google.com.sb www.google.sc www.google.se www.google.com.sg www.google.sh www.google.si www.google.sk www.google.com.sl www.google.sn www.google.so www.google.sm www.google.sr www.google.st www.google.com.sv www.google.td www.google.tg www.google.co.th www.google.com.tj www.google.tl www.google.tm www.google.tn www.google.to www.google.com.tr www.google.tt www.google.com.tw www.google.co.tz www.google.com.ua www.google.co.ug www.google.co.uk www.google.com.uy www.google.co.uz www.google.com.vc www.google.co.ve www.google.co.vi www.google.com.vn www.google.vu www.google.ws www.google.rs www.google.co.za www.google.co.zm www.google.co.zw www.google.cat img.youtube.com i.ytimg.com images.ctfassets.net cdn.jsdelivr.net;media-src data: cdn.hibervr.com;manifest-src hiberworld.com *.hiberworld.com;object-src ;worker-src blob: hiberworld.com *.hiberworld.com;script-src 'strict-dynamic' 'nonce-d552400d-4965-4c7d-94c4-a4f5b8f47ba2' https: http: 'wasm-unsafe-eval';style-src cdn.hibervr.com 'unsafe-inline' hiberworld.com *.hiberworld.com;frame-src js.stripe.com codesandbox.io vars.hotjar.com blob: www.google.com *.readyplayer.me *.googlesyndication.com https://rpm-model-viewer-proto.vercel.app youtube.com *.youtube.com www.youtube.com https://accounts.google.com/ *.cookiebot.com https://hiber.hiberworld.com http://dao.dev.hiberdev.net https://dao-pr.hiberworld.com https://dao-pr.dev.hiberdev.net https://dao.dev.hiberdev.net https://dao-pr.stage.hiberdev.net https://dao.stage.hiberdev.net www.recaptcha.net hiberworld.com *.hiberworld.com *.doubleclick.net https://*.walletconnect.com https://hzztj79qp1.execute-api.eu-west-1.amazonaws.com https://2f6393hice.execute-api.eu-west-1.amazonaws.com;base-uri 'self' 1
default-src 'self'; font-src * data:; frame-ancestors 'self'; connect-src *; frame-src 'self' https://*.doubleclick.net https://insight.adsrvr.org https://widget.stackla.com https://hosted.where2getit.com; img-src * data:; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://contentz.mkt932.com https://app.everviz.com https://code.highcharts.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinimg.com https://js.adsrvr.org https://analytics.tiktok.com https://*.cookielaw.org https://cdn.jsdelivr.net https://vjs.zencdn.net https://staging-assetscdn.stackla.com https://assetscdn.stackla.com https://*.pages03.net https://live.rezync.com https://*.boomtrain.com https://*.boomtrain.com https://*.rfihub.com;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.pinimg.com https://js.adsrvr.org https://analytics.tiktok.com https://*.cookielaw.org https://cdn.jsdelivr.net https://vjs.zencdn.net https://staging-assetscdn.stackla.com https://assetscdn.stackla.com https://*.pages03.net https://live.rezync.com https://*.boomtrain.com https://*.boomtrain.com https://*.rfihub.com;  style-src-elem 'self' 'unsafe-inline' *;  style-src 'self' 'unsafe-inline' *; 1
upgrade-insecure-requests ;default-src 'none';object-src 'none';base-uri 'none';script-src https: 'nonce-6f04e58343c040765b0742a41a0f2b58' 'strict-dynamic';connect-src https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com  *.sumologic.com https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://api.pwnedpasswords.com 'self';img-src https://*.gravatar.com https://beacon-v2.helpscout.net https://d33v4339jhl8k0.cloudfront.net https://chatapi-prod.s3.amazonaws.com/ https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://*.ytimg.com data: 'self';frame-src https://www.youtube.com https://youtube.com;media-src https://beacon-v2.helpscout.net 'self';form-action 'self';font-src 'self' https: data:;frame-ancestors 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' https://*.lexus.nl https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-125f86abdc25448e9db90cc8c758f51d' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src         'self';             script-src         'self'         'unsafe-inline'         'unsafe-eval' 		blob:         http://www.google-analytics.com/         http://connect.facebook.net         https://fonts.googleapis.com/         https://www.googletagmanager.com/gtag/         https://www.google.com/recaptcha/         https://www.gstatic.com/recaptcha/         https://www.googletagmanager.com         https://www.googleadservices.com/         https://googleads.g.doubleclick.net         https://www.gstatic.com 		https://pi.pardot.com         http://cdn.pardot.com         https://info.acin.pt         https://info.acingov.pt         https://www.google.com/jsapi;            img-src         'self'         data:         blob:         https://www.facebook.com/         http://www.google-analytics.com/         https://stats.g.doubleclick.net/         https://www.google.com/         https://www.google.pt/ 		https://www.googletagmanager.com         https://apps.acingov.pt;             style-src         'self'         'unsafe-inline' 		https://www.gstatic.com/         https://fonts.googleapis.com/;             font-src         'self'         https://fonts.googleapis.com/         https://fonts.gstatic.com/         https://themes.googleusercontent.com/;             frame-src         'self'         https://www.googletagmanager.com 		https://www.youtube.com/         https://www.google.com/;             frame-ancestors         'self'         https://www.google.com/;             object-src         'self'        data:         blob:;             media-src         'self';             connect-src         'self' 		https://stats.g.doubleclick.net/         https://www.google-analytics.com/ 		https://region1.google-analytics.com/ ;        	form-action         'self'         https://preprod.autenticacao.gov.pt/fa/Default.aspx         https://autenticacao.gov.pt/fa/Default.aspx ;      1
default-src data: blob: https: wss: 'unsafe-inline' 'unsafe-eval'; font-src https: data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kinky.business; img-src 'self' https: data: blob: https://kinky.business; style-src 'self' https://kinky.business 'nonce-68Oq9koLTfws07Uf8+WMIA=='; media-src 'self' https: data: https://kinky.business; frame-src 'self' https:; manifest-src 'self' https://kinky.business; form-action 'self'; child-src 'self' blob: https://kinky.business; worker-src 'self' blob: https://kinky.business; connect-src 'self' data: blob: https://kinky.business https://assets.kinky.business wss://kinky.business; script-src 'self' https://kinky.business 'wasm-unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline';script-src-attr 'self' 'unsafe-inline';style-src 'self' https: 'unsafe-inline' *.typography.com *.googleapis.com;font-src 'self' https: data:;form-action 'self' https:;base-uri 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';upgrade-insecure-requests 1
frame-ancestors 'self' https://www.foodlog.nl https://agrifoodnetworks.org 1
connect-src 'self' https://google.ro https://region1.analytics.google.com/ https://region1.google-analytics.com/ https://ams.creativecdn.com/ https://cm.teads.tv/ https://t.teads.tv/ https://teads.tv https://connect.facebook.net https://facebook.com https://www.googletagmanager.com https://analytics.tiktok.com https://*.facebook.net ;default-src   https://fledge.teads.tv/ https://*.google-analytics.com https://*.googlesyndication.com https://www.google.by  https://ams.creativecdn.com/ https://salt.bank https://*.salt.bank;media-src 'self';font-src 'self' https://fonts.gstatic.com https://use.typekit.net;base-uri 'self';object-src 'none'; img-src 'self' https://google.ro https://region1.analytics.google.com https://connect.facebook.net https://teads.tv https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://www.googletagmanager.com https://cm.teads.tv/ https://t.teads.tv/ https://analytics.tiktok.com https://*.facebook.net ;script-src 'nonce-lSTxioiEQJAG55XtgXC1nOnNfBrkal7C' 'self' *.salt.bank  *.adform.net  *.googleadservices.com *.google.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.doubleclick.net *.google.by *.googlesyndication.com *.googletagmanager.com *.facebook.net *.twitter.com *.tiktok.com *.google-analytics.com *.licdn.com *.hcaptcha.com *.google.com *.gstatic.com *.creativecdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.googletagmanager.com https://*.typekit.net; 1
object-src 'self'; worker-src 'self' blob: ;child-src http://*.kruizinga.nl https://*.kruizinga.nl https://*.kruizinga.at https://*.kruizinga.be https://*.kruizinga.ch https://*.kruizinga.com https://*.kruizinga.cz https://*.kruizinga.de https://*.kruizinga.dk https://*.kruizinga.es https://*.kruizinga.eu https://*.kruizinga.fi https://*.kruizinga.fr https://*.kruizinga.it https://*.kruizinga.lu https://*.kruizinga.pl https://*.kruizinga.pt https://*.kruizinga.se https://www.google.com https://*.ladesk.com https://*.pinterest.com http://*.youtube.com https://*.youtube.com https://*.yout-ube.com https://*.youtube-nocookie.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com http://*.testkruizinga.nl https://optimize.google.com  http://td.doubleclick.net https://*.abtasty.com; frame-ancestors http://*.kruizinga.nl https://*.kruizinga.nl https://*.kruizinga.de https://*.kruizinga.fr https://*.kruizinga.com; block-all-mixed-content 1
default-src 'self';block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-527b8137bca74f769b6266e54a9071be' 'self' https://*.onetrust.com https://cdn.optimizely.com/ https://www.grantthornton.global/ https://www.clarity.ms/ https://script.hotjar.com https://static.hotjar.com https://engage.grantthornton.global https://dl.episerver.net https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://widgets.getsitecontrol.com https://c.evidon.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://ajax.googleapis.com/ https://*.evidon.com/ https://region1.google-analytics.com/ https://*.googletagmanager.com https://flo.uri.sh/ https://view.ceros.com/; img-src 'self' data: https://*.analytics.google.com https://*.onetrust.com https://*.google-analytics.com/ https://www.grantthornton.mx https://www.grantthornton.is/ https://px.ads.linkedin.com/ https://c.evidon.com/ https://px.ads.linkedin.com https://px4.ads.linkedin.com https://translate.google.com/ https://c.bing.com https://app.getsitecontrol.com/ https://c.clarity.ms/ https://www.gstatic.com/ https://www.clarity.ms/ https://l.evidon.com/ https://c.evidon.com https://l3.evidon.com https://p.adsymptotic.com https://ws.sessioncam.com https://px.ads.linkedin.com https://www.facebook.com https://b.ws.sessioncam.com https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://cdn.jotfor.ms/ https://integration-emea.gtil-dxc.com/ https://analytics.marera.net https://script.hotjar.com/ https://www.grantthornton.co.za/ https://www.grantthornton.ca/ https://www.grantthornton.com.vn/ https://www.grantthornton.kr/ https://www.google.com.vn https://www.grantthornton.mk/ https://www.linkedin.com/ https://www.grantthornton.com.pa/ https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://app-lon07.marketo.com/ https://engage.grantthornton.global/; font-src 'self' data: https://static3.avast.com https://use.typekit.net/ https://st.getsitecontrol.com/ https://fonts.gstatic.com https://script.hotjar.com/; frame-src https://www.googletagmanager.com https://l3.evidon.com https://www.paperturn-view.com https://vars.hotjar.com https://a10084069166.cdn.optimizely.com/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://player.cnbc.com/ https://onlinerecruitment.exelsyslive.com/ https://view.ceros.com/ https://flo.uri.sh/ https://app-lon07.marketo.com/ https://engage.grantthornton.global/ https://www.facebook.com/; connect-src 'self' https://*.onetrust.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://analytics.google.com/ https://digitalwhiskey.matomo.cloud/ https://www.facebook.com/ https://www.facebook.com/tr/ https://surveystats.hotjar.io/ https://vc.hotjar.io/ https://l3.evidon.com https://optoutapi.evidon.com https://extreme-ip-lookup.com https://stats.g.doubleclick.net https://logx.optimizely.com https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://rum.optimizely.com/ https://www.clarity.ms/ https://b.ws.sessioncam.com https://vars.hotjar.com https://errors.client.optimizely.com https://642-sde-924.mktoresp.com https://in.hotjar.com https://ws.sessioncam.com https://surveystats.hotjar.io/ https://magicbeanlab.com https://l.evidon.com/ https://idx.liadm.com/ https://maps.googleapis.com/ https://*.analytics.google.com/ https://*.google-analytics.com/ https://*.googletagmanager.com wss://ws.hotjar.com/ https://content.hotjar.io/ https://metrics.hotjar.io/ https://px.ads.linkedin.com/; 1
default-src https://infisical.com http://localhost:3000/; script-src api.infisical.com https://app.cal.com/embed/embed.js https://unpkg.com https://www.googletagmanager.com https://widget.intercom.io https://js.intercomcdn.com https://app.posthog.com https://app-static-prod.posthog.com https://googleads.g.doubleclick.net https://infisical.com http://localhost:3000/ https://infisical-git-new-infisical.vercel.app/ https://assets.calendly.com/ https://js.stripe.com https://api.stripe.com https://infisical.us10.list-manage.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://rsms.me https://app-static-prod.posthog.com 'unsafe-inline'; child-src https://infisical.com https://api.stripe.com; frame-src https://js.stripe.com/ https://infisical.cal.com https://app.cal.com/ https://api.stripe.com https://www.loom.com/ https://calendly.com/ https://www.youtube.com/; connect-src wss://nexus-websocket-a.intercom.io https://prod.spline.design https://api-iam.intercom.io https://api.github.com/repos/Infisical/infisical-cli http://localhost:4000 https://api.heroku.com/ https://gateway.apihero.run https://id.heroku.com/oauth/authorize https://id.heroku.com/oauth/token https://checkout.stripe.com https://app.posthog.com https://infisical.com http://localhost:3000/ http://localhost:4000/ https://api.infisical.com https://api.stripe.com https://vitals.vercel-insights.com/v1/vitals ws://localhost:3000; img-src 'self' https://pbs.twimg.com https://www.google.com https://static.intercomassets.com https://js.intercomcdn.com https://downloads.intercomcdn.com https://api.producthunt.com https://*.stripe.com https://img.youtube.com https://i.ytimg.com/ data:; media-src https://js.intercomcdn.com; font-src 'self' https://fonts.intercomcdn.com/ https://maxcdn.bootstrapcdn.com https://rsms.me https://fonts.gstatic.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://yiff.life; img-src 'self' data: blob: https://yiff.life https://cdn.yiff.life; style-src 'self' https://yiff.life 'nonce-RNe6Gvwf1Va1dMehtA6kDg=='; media-src 'self' data: https://yiff.life https://cdn.yiff.life; frame-src 'self' https:; manifest-src 'self' https://yiff.life; form-action 'self'; child-src 'self' blob: https://yiff.life; worker-src 'self' blob: https://yiff.life; connect-src 'self' data: blob: https://yiff.life https://cdn.yiff.life wss://yiff.life; script-src 'self' https://yiff.life 'wasm-unsafe-eval' 1
connect-src 'self' tag.kinougarde.com public.internetude.fr www.facebook.com *.cedexis.com *.cedexis-radar.net *.doubleclick.net api.segment.io api-js.mixpanel.com www.google.com *.googlesyndication.com *.bing.com analytics.tiktok.com *.snapchat.com maps.googleapis.com *.clarity.ms kinougarde.containers.piwik.pro kinougarde.piwik.pro; frame-src 'self' *.doubleclick.net *.indeed.com tpc.googlesyndication.com *.facebook.com *.facebook.net www.youtube.com tr.snapchat.com *.tradedoubler.com www.google.com; object-src 'self'; script-src 'self' tag.kinougarde.com 'unsafe-inline' 'unsafe-eval' blob: *.google.fr *.google.com connect.facebook.net *.facebook.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.googleapis.com tpc.googlesyndication.com bat.bing.com conv.indeed.com radar.cedexis.com public.internetude.com neuvoo.ca *.doubleclick.net *.cloudfront.net s3.amazonaws.com *.appjobs.com sc-static.net cdn3.actito.com cdn.segment.com *.flagship.com cdn.heapanalytics.com cdn.mxpnl.com analytics.tiktok.com *.clarity.ms kinougarde.containers.piwik.pro kinougarde.piwik.pro tr.snapchat.com www.googletagmanager.com; style-src * 'self' 'unsafe-inline'; 1
upgrade-insecure-requests;script-src 'self' https://analytics.varis.social;connect-src 'self' blob: https://varishangout.net wss://varishangout.net https://analytics.varis.social;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self' https://www.molalla.com https://beta.molalla.com https://molalla.com https://www.youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.molalla.com https://beta.molalla.com https://molalla.com; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://speedtest.molalla.net; frame-src 'self' https://speedtest.molalla.net https://www.youtube.com; font-src 'self' data: 1
connect-src 'self' *.googlesyndication.com *.googleapis.com *.gstatic.com *.google-analytics.com securepubads.g.doubleclick.net stats.g.doubleclick.net wss://*.zopim.com *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.yimg.com; default-src 'self' *.googlesyndication.com; font-src 'self' data: *.gstatic.com *.zopim.com  https://*.hotjar.com; form-action 'self'; frame-src 'self' secure.rnstg.com secure.rewardsnetwork.com *.google.com *.googlesyndication.com *.googleapis.com https://www.googleadservices.com *.doubleclick.net https://*.hotjar.com youtube.com www.youtube.com; frame-ancestors 'self' *.rnqae.com *.rnstg.com *.idine.com; img-src 'self' data: media.rewardsnetwork.com *.ggpht.com *.google-analytics.com *.googlesyndication.com *.googleapis.com *.gstatic.com *.google.com cdn.buttercms.com res.cloudinary.com *.doubleclick.net stats.g.doubleclick.net seal-chicago.bbb.org *.zopim.io *.zopim.com *.zendesk.com *.zdassets.com https://*.hotjar.com *.facebook.com *.yahoo.com; media-src 'self' cdn.buttercms.com res.cloudinary.com *.zdassets.com ; object-src 'self' media.rewardsnetwork.com res.cloudinary.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.gstatic.com *.google.com *.googleapis.com *.googletagservices.com *.googletagmanager.com *.googlesyndication.com res.cloudinary.com *.doubleclick.net cdn.ampproject.org seal-chicago.bbb.org assets.adobedtm.com assets.zendesk.com *.zopim.com *.zdassets.com https://*.hotjar.com *.facebook.net *.yimg.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://*.hotjar.com cloud.typography.com; 1
frame-ancestors 'self' id-logistics.my.salesforce.com; 1
frame-ancestors 'self' *.pprbd.org; 1
default-src 'self' 'unsafe-eval' https://*.operator.network https://*.google-analytics.com https://*.google.com https://*.google.hu https://www.gstatic.com https://*.snippet.antillephone.com/apg-seal.js https://d2afn796dyftlg.cloudfront.net https://cdn.onesignal.com https://onesignal.com/api/ https://*.regily.com https://*.ingest.sentry.io https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://onesignal.com https://*.regily.com; font-src https://omnislots.com https://*.operator.network https://fonts.googleapis.com https://fonts.gstatic.com https://*.regily.com; img-src data: *; media-src https://omnislots.com https://*.operator.network https://*.regily.com; connect-src 'self' https://*.operator.network https://*.google-analytics.com https://*.google.com https://*.google.hu https://stats.g.doubleclick.net https://api.solitics.com wss://wss.solitics.com:8082 https://onesignal.com/api/ https://*.ingest.sentry.io https://*.regily.com https://api64.ipify.org; script-src-elem 'unsafe-inline' data: https://omnislots.com https://*.operator.network https://*.google-analytics.com https://*.google.com https://*.google.hu https://www.gstatic.com https://www.googletagmanager.com https://*.snippet.antillephone.com/apg-seal.js https://d2afn796dyftlg.cloudfront.net https://cdn.onesignal.com https://onesignal.com/api/ https://*.regily.com https://cdn.jsdelivr.net https://cdn.mouseflow.com; frame-src https://omnislots.com https://*.regily.com https://*.operator.network https://*.google.com https://*.google.hu https://*.paymentiq.io https://survey.alchemer.com https://www.youtube.com https://gist.github.com https://iframe-test-mg2q.onrender.com https://forms.office.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src https: data:; frame-ancestors 'self' 1
default-src 'self'; child-src 'self' cdn.lightwidget.com player.vimeo.com  www.youtube.com  www.youtube-nocookie.com play.guidingtube.com maps.google.com maps.google.nl www.google.com *.vimeocdn.com player.vimeo.com vimeo.com  indiveo.services; connect-src 'self' vimeo.com; font-src 'self' data: fonts.gstatic.com ;  img-src 'self' data: blob: pbs.twimg.com i.ytimg.com www.google-analytics.com img.youtube.com i.vimeocdn.com indiveo.services;  media-src 'self'; object-src 'none'; script-src 'self' 'nonce-0ec9602d-e988-4d99-af89-0c5321ec23da' maps.google.nl code.highcharts.com fonts.googleapis.com fonts.gstatic.com f.vimeocdn.com i.vimeocdn.com cdn.lightwidget.com; style-src 'self' 'nonce-0ec9602d-e988-4d99-af89-0c5321ec23da';  base-uri 'self'; form-action 'self' ezorg.zgv.nl; frame-ancestors 'self'; upgrade-insecure-requests; 1
style-src 'self'  'unsafe-inline' https://service.mtcaptcha.com https://service2.mtcaptcha.com; object-src 'none'; script-src 'self' 'nonce-2726c7f26a' 'nonce-2726c7f26b' 'nonce-2726c7f26c' 'nonce-2726c7f26d' 'nonce-2726c7f26e' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; frame-src https://service.mtcaptcha.com https://service2.mtcaptcha.com https://player.vimeo.com 1
script-src 'unsafe-inline' 'self' fonts.googleapis.com www.google.com www.gstatic.com recaptcha.msgapp.com cdn.ampproject.org www.google-analytics.com braintree-api.com sandbox.braintree-api.com client-analytics.braintreegateway.com api.braintreegateway.com client-analytics.sandbox.braintreegateway.com api.sandbox.braintreegateway.com sandbox.braintreegateway.com gstatic.sandbox.braintreegateway.com payments.sandbox.braintree-api.com www.braintreegateway.com gstatic.braintreegateway.com payments.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com js.braintreegateway.com marketing.suzohapp.com stats.g.doubleclick.net maps.googleapis.com maps.google.com ajax.googleapis.com mts1.googleapis.com www.kota3chat.com; frame-ancestors 'self' http://*.suzohapp.com https://*.suzohapp.com http://*.happcontrols.com https://*.happcontrols.com 1
frame-ancestors khh.travel 'self' 1
frame-ancestors 'self' https://*.toyota.ro https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self';  frame-src 'self' forms.zohopublic.eu youtube.com https://*.youtube.com https://*.google.com https://google.com https://pay.caetanotec.pt/ https://pay.carplus.pt/ https://pay.caetanostar.pt/ https://pay.caetanopower.pt/ https://pay.caetanoparts.pt/ https://pay.caetanogamobarmotors.pt/ https://pay.caetanoformula.pt/ https://pay.caetanodrive.pt/ https://pay.caetanoenergy.pt/ https://pay.caetanocity.pt/ https://pay.caetanobaviera.pt/ https://pay.caetanoauto.pt/; connect-src https://*.tiktok.com https://*.doubleclick.net https://*.aos.tv https://*.clarity.ms https://www.facebook.com https://*.cookieyes.com https://cdn-cookieyes.com/ https://caetanoretail.pt https://d3hb14vkzrxvla.cloudfront.net https://www.wpo365.com https://*.googleapis.com https://*.yoast.com https://s.go-mpulse.net https://api.gsci.pt https://europe-west2-cretail-prd.cloudfunctions.net https://region1.google-analytics.com https://*.analytics.google.com; style-src 'self' https://id.caetanogo.pt https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://unpkg.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline'; object-src 'self';  img-src blob: 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com https:; font-src 'self' data: https://fonts.gstatic.com/ https://caetanoretail.pt/ https://static2.sharepointonline.com/ https://spoprod-a.akamaihd.net; script-src 'self' https://*.tiktok.com https://*.aos.tv https://*.clarity.ms https://*.youtube.com https://connect.facebook.net https://cdn-cookieyes.com https://beacon-v2.helpscout.net/ https://*.gstatic.com https://*.googleapis.com https://yoast.com https://id.caetanogo.pt/ https://media-player.aos.tv https://www.googletagmanager.com 'unsafe-eval' 'unsafe-inline' data:; 1
frame-ancestors 'self' https://*.toyota.se https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src https: 'unsafe-eval' 'unsafe-inline';     object-src 'none';     base-uri 'self';     form-action 'self' https://*.a09.uk;     connect-src 'self' https://catalogue.nodered.org;     frame-ancestors 'self' https://*.a09.uk;     img-src 'self' blob: https://*.a09.uk https: 1
connect-src 'self' ws: wss: https://survey.feedbackly.com https://api.flockler.com https://*.giosg.com https://*.giosgusercontent.com https://www.google-analytics.com *.google-analytics.com *.analytics.google.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/ *.bing.com wss://*.bing.com https://*.clarity.ms; default-src 'none'; font-src 'self' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com https://fonts.gstatic.com; frame-src 'self' blob: data: mailto: tel: https://www.facebook.com/ https://survey.feedbackly.com https://*.giosg.com https://*.giosgusercontent.com https://*.doubleclick.net *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com sdx.microsoft.com https://*.clarity.ms https://w.soundcloud.com secredirect.wheelq.com surveys.wheelq.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data: https://www.facebook.com https://*.fbcdn.net flockler.com media-api.flockler.com giosg-chat-public-eu.s3.amazonaws.com cdn.giosgusercontent.com https://www.google-analytics.com https://www.googleanalytics.com https://www.googletagmanager.com www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.fi https://*.doubleclick.net *.google-analytics.com *.analytics.google.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://*.cdninstagram.com https://*.ads.linkedin.com *.bing.com *.microsoft.com https://*.clarity.ms https://*.twimg.com img.youtube.com https://i.ytimg.com; object-src 'self'; script-src 'self' 'unsafe-eval' https://connect.facebook.net https://survey.feedbackly.com https://*.giosg.com https://*.giosgusercontent.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com https://snap.licdn.com https://bat.bing.com https://r.bing.com https://c.bing.com https://*.clarity.ms https://www.youtube.com/ https://www.youtube.com/iframe_api 'unsafe-inline'; style-src 'self' use.fontawesome.com https://*.giosg.com https://*.giosgusercontent.com https://fonts.googleapis.com https://tagmanager.google.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.bing.com https://*.clarity.ms 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com www.google.com www.gstatic.com www.googletagmanager.com www.youtube.com www.tagassistant.google.com www.google-analytics.com cdnjs.cloudflare.com *.trumba.com unpkg.com/dept-cookie-management@latest/dist/index.js public.tableau.com platform.twitter.com js.createsend1.com; 1
default-src 'self' data: https://*.filmtheaterbetriebe.de; media-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.filmtheaterbetriebe.de https://*.traumpalast.de https://*.das-metropol.de https://*.das-passage.de https://*.loewenlichtspiele.de https://*.kinoheld.de https://secure.kps-payment.de https://www.youtube.com https://www.youtube-nocookie.com https://s.ytimg.com https://*.vimeocdn.com https://*.akamaized.net https://*.payments-amazon.com; worker-src 'self' blob: https://*.filmtheaterbetriebe.de; img-src 'self' https: data: android-webview-video-poster:; style-src 'self' 'unsafe-inline' https://*.filmtheaterbetriebe.de https://fonts.googleapis.com; font-src 'self' data: https://*.filmtheaterbetriebe.de https://fonts.googleapis.com https://fonts.gstatic.com; object-src 'self' https://*.filmtheaterbetriebe.de; frame-src *; frame-ancestors 'self' https://*.filmtheaterbetriebe.de; connect-src 'self' https://*.filmtheaterbetriebe.de https://*.traumpalast.de https://*.das-metropol.de https://*.das-passage.de https://*.loewenlichtspiele.de https://*.kinoheld.de https://secure.kps-payment.de https://payments-eu.amazon.com https://vimeo.com; base-uri 'self'; 1
script-src 'self' at.alicdn.com 'unsafe-eval' 'unsafe-inline' data: blob: *.dancf.com *.gaoding.com assetscli.udesk.cn ttxsapp.udesk.cn retcode.alicdn.com www.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net www.google.com accounts.google.com localhost apis.google.com cdn.branch.io app.link tpc.googlesyndication.com; frame-ancestors 'self' *.gaoding.com localhost apis.google.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-d4v0bAU9Z0+NSLnYF1VjbhPBBen9MS75FKGs9/2k9OTZi/Jt' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-vdA9CPffJroP48XH0EL01/tz1iHDTNfgPhhh6ZFZfIIoApes' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-f4qqWiC+IGRCbWuAEt/I1tETEU8YMhb8VAuHk/Tyr/YyFV1f' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-o1Ew1t9q47fOOuvikjuhnm5Mix4NH/N6aMABhfdmwr7sSVGB' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; object-src 'none'; script-src 'self' www.google-analytics.com www.googletagmanager.com 'sha256-0e4E0uIFrhZPqmdovquJPrrEiIgTvmyNt1VhEQb12so=' 'sha256-+mVeZWJisROJ+zbDVcsiKlTIrBV5gjR6G5amwEdXMG0=' 'sha256-gS3tAP+em0p45VK/AYk8XzvWf2qDy4W4bfBD6rV3+rg=' 'sha256-a4XKOKikGVsTOKjLwsaxxV5wpz/r2aiS5mjhlhYZ6A0='; connect-src self www.google-analytics.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-K8hAEUNFevVZZavnzgn4KvfG+PRDs4IzI/b6umbQ1pkMA46c' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; script-src 'nonce-Kwp9j27B/paqk7V5R5kwOWBFAit7XPZ/Us1TJEFXUQZSm5nP' 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn 'unsafe-inline'; img-src 'self' https://*.googleusercontent.com/ https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://ak1s.abmr.net https://ak1s.mathtag.com https://akamai.mathtag.com https://ak1.abmr.net data:; object-src 'none'; media-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; font-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn; connect-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://192.55.233.1 'unsafe-inline' https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypal.cn https://*.paypalobjects.com https://objects.paypal.cn https://smartlock.google.com https://*.qualtrics.com; base-uri 'self' https://*.paypal.com https://*.paypal.cn; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-069tqDNBLvNmFarK53tkun861wARuv287UeXglRAauGI6fkD' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://statics.rivals.space; img-src 'self' data: blob: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com; style-src 'self' https://statics.rivals.space 'nonce-NuAsIIpglK4RbSUvgDF6eQ=='; media-src 'self' data: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com; frame-src 'self' https:; manifest-src 'self' https://statics.rivals.space; form-action 'self'; child-src 'self' blob: https://statics.rivals.space; worker-src 'self' blob: https://statics.rivals.space; connect-src 'self' data: blob: https://statics.rivals.space https://cdn.rivals.space https://media.tenor.com wss://s.rivals.space https://api.tenor.com; script-src 'self' https://statics.rivals.space 'wasm-unsafe-eval' 1
default-src 'self' https://player.vimeo.com https://*.twitter.com https://zetetic.zendesk.com https://c.disquscdn.com https://disqus.com https://*.google-analytics.com https://*.zdassets.com https://createsend.com https://*.createsend.com https://zetetic.test.onfastspring.com https://zetetic.onfastspring.com; img-src 'self' 'unsafe-inline' data: https://*.google-analytics.com https://*.twitter.com https://*.twimg.com https://ajax.googleapis.com https://*.zendesk.com https://*.disqus.com https://*.disquscdn.com https://maven-badges.herokuapp.com https://d1f8f9xcsvx3ha.cloudfront.net; script-src 'self' 'unsafe-inline' https://*.disqus.com https://disqus.com https://*.disquscdn.com https://*.github.com https://*.zendesk.com https://www.wufoo.com https://*.google-analytics.com https://*.twimg.com https://*.createsend1.com https://player.vimeo.com https://*.twitter.com https://*.twimg.com https://*.wufoo.com https://ajax.googleapis.com  https://static.zdassets.com https://d1f8f9xcsvx3ha.cloudfront.net https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.twitter.com https://*.twimg.com https://ajax.googleapis.com https://*.zendesk.com https://*.github.com https://*.disquscdn.com; frame-src 'self' https://player.vimeo.com https://*.createsend1.com https://*.twitter.com https://*.wufoo.com https://disqus.com https://duckduckgo.com https://zetetic.test.onfastspring.com https://zetetic.onfastspring.com; object-src 'self' https://*.disquscdn.com https://*.disqus.com 1
base-uri 'self'; default-src 'self'; script-src 'self' https://matomo.stodlinjen.se; script-src-elem 'self' https://matomo.stodlinjen.se; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://*.stodlinjen.se; font-src 'self' data:; connect-src 'self' https://api.stodlinjen.se https://matomo.stodlinjen.se; frame-ancestors 'none'; form-action 'self' *.stodlinjen.se 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-2_EN1bboW8RxcnK_9Csc-g' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
base-uri 'self';connect-src 'self' *.googletagmanager.com *.google-analytics.com *.google.com *.googleapis.com *.api.video *.consentmanager.net *.doubleclick.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com;default-src 'self';form-action 'self';img-src 'self' data: *.googletagmanager.com *.google-analytics.com googleads.g.doubleclick.net *.google.com *.google.de *.googleapis.com maps.gstatic.com *.consentmanager.net *.facebook.com *.wetu.com wetu.com images.unsplash.com *.api.video;media-src 'self' blob: *.api.video;object-src 'none';script-src 'self' 'nonce-zsLb6lm3nhr3LDkGkwGCIiYDAeYZWXxaa9o7gKbu' *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googleapis.com *.consentmanager.net unpkg.com *.hotjar.com *.facebook.net vjs.zencdn.net;style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googleapis.com *.consentmanager.net unpkg.com;font-src 'self' data: fonts.gstatic.com;worker-src 'self' blob:;frame-src *.youtube.com *.youtube-nocookie.com *.vimeo.com vimeo.com *.google.com *.googletagmanager.com *.camper24.de *.issuu.com *.doubleclick.net *.sunnycars.de *.instagram.com *.thankyounature.org *.spotify.com *.msgp.pl *.api.video 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; child-src *; base-uri 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: cdnjs.cloudflare.com www.google.co.jp www.google.com *.doubleclick.net izkorapi.mod.gov.il translate.google.com js.hcaptcha.com *.facebook.com *.azureedge.net www.google.com.ar c.bing.com *.clarity.ms *.gstatic.com www.googletagmanager.com api.sendgrid.com *.facebook.net *.sendgrid.net google.com www.izkor.gov.il sendgrid.net www.youtube.com www.kan.org.il izkorcontactusprod.azurewebsites.net adservice.google.com www.google.co.il newassets.hcaptcha.com *.googleadservices.com *.windows.net www.google-analytics.com region1.google-analytics.com *.googleapis.com; frame-ancestors 'self' www.izkor.gov.il ;  1
default-src https: 'self';base-uri 'self';object-src 'self';form-action https: 'self';img-src https: 'self' data: blob:;connect-src https: 'self';child-src https: 'self' blob:;frame-src https: 'self' blob:;worker-src https: 'self' blob:;font-src https: 'self' data:;script-src https: 'self' 'unsafe-inline' 'unsafe-eval' blob:;style-src https: 'self' 'unsafe-inline' 1
report-uri https://odigeoconnect.com/wp-json/wpcsp/v1/route/LogPolicyViolation?_wpnonce=17a68e89db 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://ade.googlesyndication.com/ https://pagead2.googlesyndication.com/ https://cm.teads.tv/v3/conversion  https://*.taboola.com  https://fledge.teads.tv/ http://estrellagalicia.es/cervecerias-del-camino/dup-installer/ https://npmcdn.com https://egweb.servidor.gal https://*.w.org https://p.typekit.net https://stats.g.doubleclick.net https://fonts.googleapis.com https://*.gstatic.com https://use.fontawesome.com https://*.gigya.com https://*.sap.com https://frontal.estrellagalicia.es https://static.addtoany.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://www.google.com https://cdn.plyr.io https://cdn.onesignal.com *.onesignal.com https://*.youtube.com https://*.youtube.com/embed http://*.youtube.com https://www.youtube-nocookie.com https://i.ytimg.com https://*.cookiebot.com https://onesignal.com https://images.hdriv.es https://www.google.es *.typekit.net *.amazonaws.com *.ondemand.com *.gravatar.com *.doubleclick.net *.google-analytics.com *.analytics.google.com https://googletagmanager.com https://*.googleapis.com https://*.google.com https://*.sharethis.com https://stackpath.bootstrapcdn.com https://code.jquery.com https://cdnjs.cloudflare.com https://unpkg.com https://maxcdn.bootstrapcdn.com https://cdn.rawgit.com https://ajax.googleapis.com https://connect.facebook.net https://www.facebook.com https://*.twitter.com https://*.twimg.com/ https://rum.monitis.com https://*.ondemand.com https://targetemsecure.blob.core.windows.net https://cdn.polyfill.io https://*.slgnt.eu https://*.adform.net https://*.landbot.io https://*.giphy.com wss://*.firebaseio.com https://*.firebaseio.com https://*.ads-twitter.com https://t.co https://*.twitter.com https://view.genial.ly https://*.tile.openstreetmap.org https://*.openstreetmap.org https://p.teads.tv/ https://s.pinimg.com/ct/ https://ct.pinterest.com/user/ https://ct.pinterest.com/v3/ https://ct.pinterest.com/ https://l.teads.tv/* https://cm.teads.tv/v2/advertiser https://t.teads.tv/track https://fabrica.os.tc/; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.hscollectedforms.net https://static.hotjar.com https://script.hotjar.com https://cookie-cdn.cookiepro.com https://lhfs.com https://maxcdn.bootstrapcdn.com https://www.google.com https://www.google-analytics.com https://maps.googleapis.com https://js.hs-banner.com https://js.hs-analytics.net https://apps.usw2.pure.cloud https://js.hs-scripts.com https://ajax.googleapis.com https://maxcdn.bootstrapcnd.com https://tagmanager.google.com https://www.socialsurvey.me https://www.googletagmanager.com https://www.gstatic.com https://cdn.userway.org https://don7n2as2v6aa.cloudfront.net https://fonts.googleapis.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.typekit.net https://ssl.google-analytics.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://cdn.userway.org https://ka-p.fontawesome.com https://kit.fontawesome.com https://tagmanager.google.com https://don7n2as2v6aa.cloudfront.net https://use.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.google.com https://fonts.googleapis.com; img-src 'self' https://forms.hsforms.com https://www.google-analytics.com https://www.facebook.com https://maps.googleapis.com https://track.hubspot.com https://www.googletagmanager.com https://ssl.gstatic.com https://cdn.userway.org https://stats.g.doubleclick.net https://don7n2as2v6aa.cloudfront.net https://socialsurvey.me https://socialsurvey.com https://secure.gravatar.com https://stats.doubleclick.net https://www.paypalobjects.com https://bizcybercert.us https://0.gravatar.com https://1.gravatat.com https://cdn.lhfs.com https://micc.us https://maps.gstatic.com https://csi.gstatic.com https://ssl.google-analytics.com https://s-static.ak.facebook.com data:; font-src 'self' https://cdn.userway.org https://don7n2as2v6aa.cloudfront.net https://use.fontawesome.com https://use.typekit.net https://fonts.gstatic.com https://fonts.googleapis.com https://themes.googleusercontent.com data:; frame-src 'self' https://apps.usw2.pure.cloud https://static.hsappstatic.net https://app.hubspot.com https://cdn.userway.org https://www.google.com https://s-static.ak.facebook.com; object-src 'self'; base-uri 'none'; frame-ancestors 'self'; default-src 'self' https://forms.hscollectedforms.net wss://ws.hotjar.com https://content.hotjar.io https://in.hotjar.com https://cookie-cdn.cookiepro.com https://ajax.googleapis.com https://api.usw2.pure.cloud https://*.usw2.pure.cloud wss://webmessaging.usw2.pure.cloud https://*.userway.org https://stats.g.doubleclick.net https://analytics.google.com https://corpapi.lhfs.com https://corpapi.lhfs.com https://maps.googleapis.com https://api.userway.org https://www.google-analytics.com https://fonts.gstatic.com https://userway.org https://youtube.com https://p.typekit.net https://use.typekit.net https://socialsurvey.me https://socialsurvey.com 1
upgrade-insecure-requests; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; 1
frame-ancestors *.play123.com play123.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sauropods.win; img-src 'self' https: data: blob: https://sauropods.win; style-src 'self' https://sauropods.win 'nonce-orWeX1WIrUb+WJVtXPehbw=='; media-src 'self' https: data: https://sauropods.win; frame-src 'self' https:; manifest-src 'self' https://sauropods.win; form-action 'self'; child-src 'self' blob: https://sauropods.win; worker-src 'self' blob: https://sauropods.win; connect-src 'self' data: blob: https://sauropods.win https://cdn.masto.host wss://sauropods.win; script-src 'self' https://sauropods.win 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.mydccu.com *.adobedtm.com *.demdex.net *.omtrdc.net *.everesttech.net unpkg.com *.fontawesome.com *.googleapis.com *.facebook.com *.linkedin.com *.adobeaemcloud.com *.day.com *.gstatic.com *.formstack.com *.calcxml.com *.youtube.com *.google.com *.cloudflare.com *.adobeaemcloud.com.seg.js *.adobe.com *.adobe.io *.googletagmanager.com *.google-analytics.com; img-src 'self' data: *.mydccu.com *.adobedtm.com *.demdex.net *.omtrdc.net *.everesttech.net unpkg.com *.fontawesome.com *.googleapis.com *.facebook.com *.linkedin.com *.adobeaemcloud.com *.day.com *.gstatic.com *.formstack.com *.calcxml.com *.youtube.com *.google.com *.cloudflare.com *.adobeaemcloud.com.seg.js *.adobe.com *.adobe.io *.googletagmanager.com *.google-analytics.com 1
default-src * 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' cms.stauff.com; manifest-src 'none'; object-src 'none'; upgrade-insecure-requests; report-uri https://lukadgroup.report-uri.com/r/d/csp/enforce; report-to csp-endpoint; 1
connect-src 'self' wss://www.genisysonlinebanking.org wss://*.twilio.com https://maps.geo.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://api.botcopy.com https://*.velaro.com https://*.orpheusdev.net https://*.mfmnow.com https://*.financialhost.org https://*.livetest-financialhost.org https://*.test-financialhost.org https://*.dev-financialhost.org wss://*.orpheusdev.net wss://*.test-financialhost.org wss://*.financialhost.org wss://*.livetest-financialhost.org wss://*.dev-financialhost.org wss://demows.financialtown.com https://demomain.financialtown.com https://demowebrtclb.financialtown.com wss://ws.financialtown.com https://main.financialtown.com https://webrtclb.financialtown.com https://*.purechat.com wss://*.purechat.com 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.google.com https://www.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.sentry.io https://api.bullet-train.io https://apis.postcode-jp.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.google.com https://recaptcha.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self' https://www.google.com; img-src data: blob: 'self'; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' https://*.adobecqms.net https://*.ceros.com https://*.vonageforhome.com 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.4plaisir.cam:9080 www.4plaisir.cam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.4plaisir.cam wss://www.4plaisir.cam *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715649337 1
default-src 'self' https:; base-uri 'self'; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' https: blob:; connect-src 'self' https: wss://*.karte.io; report-uri /csp-violation-report-endpoint 1
default-src 'self' https://*.cms.vwfs.tools ;            img-src 'self' data: https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://dev.day.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://maps.gstatic.com https://*.google.com https://*.google.de https://*.google.pl https://*.googlesyndication.com https://*.googleadservices.com https://cm.g.doubleclick.net https://ad.doubleclick.net https://img.youtube.com https://i.ytimg.com https://*.userzoom.com https://*.adform.net https://www.facebook.com https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://t.co https://*.volkswagenbank.de  https://cms-assets.vwfs.io https://smetrics.vwfs.pl https://mediaservice.audi.com  https://GISTPAEndpoint-Int.azureedge.net https://GISTPAEndpoint-Kons.azureedge.net https://GISTPAEndpoint-Prod.azureedge.net    https://default.vms.vwfs.io https://*.bronson.vwfs.tools https://*.bronson.vwfs.io https://gateway.zscloud.net https://js.api.here.com https://assets.volkswagen.com https://integrations.etrusted.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ssl.gstatic.com https://ade.googlesyndication.com https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            script-src 'self' 'unsafe-inline' blob: https://*.volkswagenbank.de https://storagewebcalcweud.blob.core.windows.net https://*.fts.webcalc.vwfs.io https://*.youtube.com https://*.vimeo.com https://s.ytimg.com https://googleads.g.doubleclick.net https://static.doubleclick.net https://*.fls.doubleclick.net https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://www.google.com https://www.google.de https://cm.g.doubleclick.net https://www.volkswagenbank-cloud.de https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://t23.intelliad.de https://t13.intelliad.de https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://assets.adobedtm.com https://*.omniture.com https://*.adobe.com https://*.userzoom.com https://*.adform.net https://connect.facebook.net https://*.thunderhead.com https://*.twitter.com https://static.ads-twitter.com https://*.advsearch.vwfs.io https://cc.cdn.civiccomputing.com  https://target.vwfs.pl  https://smetrics.vwfs.pl https://cdn.mercury.ai https://integrations.etrusted.com https://sdk.privacy-center.org    https://*.acs-frontend.vwfs.io https://*.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleadservices.com https://*.google.com https://*.g.doubleclick.net https://bat.bing.com https://*.trustedshops.com http://*.trustedshops.com ;            style-src 'self' 'unsafe-inline' https://*.userzoom.com https://target.vwfs.pl https://cdn.mercury.ai https://co-browsing.mercury.ai https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io    https://*.acs-frontend.vwfs.io https://integrations.etrusted.com https://tagmanager.google.com https://fonts.googleapis.com ;            connect-src 'self' blob: data: https://vimeo.com https://*.youtube.com https://api.webcalc.vwfs.io https://cfpoi-search.p-sunhill.com https://apikeys.civiccomputing.com https://*.omtrdc.net https://*.demdex.net https://*.scene7.com https://cm.everesttech.net https://*.adobedc.net https://*.tt.omtrdc.net https://*.2o7.net https://*.cms.vwfs.io https://*.advsearch.vwfs.io https://cms-content.vwfs.io https://target.vwfs.pl https://smetrics.vwfs.pl https://www.google.com https://*.facebook.com https://*.mercury.ai wss://*.mercury.ai https://vector.hereapi.com https://1.base.maps.ls.hereapi.com https://1.aerial.maps.ls.hereapi.com https://js.api.here.com https://geocode.search.hereapi.com https://integrations.etrusted.com https://*.smart-digital-solutions.de https://smart-digital-cdn.com https://2gtge2kxoa.execute-api.eu-central-1.amazonaws.com https://api-cms-vwfs-io.cms.vwfs.tools https://sdk.privacy-center.org https://revgeocode.search.hereapi.com    https://*.acs-frontend.vwfs.io https://*.linkedin.com https://snap.licdn.com https://p.adsymptoptic.com https://cdn.linkedin.oribi.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pl http://*.trustedshops.com https://autocomplete.search.hereapi.com https://lookup.search.hereapi.com https://smetrics.vwfs.tools;            frame-ancestors 'self' https://vwfs.experiencecloud.adobe.com https://vwfs.marketing.adobe.com https://experience.adobe.com ;            object-src 'none' ;            font-src 'self' data: https://fonts.gstatic.com https://cdn.bronson.vwfs.tools https://cdn.bronson.vwfs.io https://cdn.mercury.ai https://js.api.here.com https://*.trustedshops.com http://*.trustedshops.com ;            frame-src https://player.vimeo.com https://www.youtube-nocookie.com https://s.userzoom.com https://*.adform.net https://*.adobe.com https://*.omniture.com https://*.demdex.net https://*.fls.doubleclick.net https://bid.g.doubleclick.net https://www.facebook.com https://*.googlesyndication.com https://cm.g.doubleclick.net https://gateway.zscloud.net https://td.doubleclick.net https://kalkulator.skoda-auto.pl https://*.g.doubleclick.net https://nbw.vwfs.pl;            media-src https://www.youtube-nocookie.com 'self' ; 1
default-src 'self' https:;script-src 'self' 'unsafe-inline'   https://www.googletagmanager.com  https://player.vimeo.com/api/player.js   https://policy.app.cookieinformation.com  https://www.youtube.com   https://mktdplp102cdn.azureedge.net  *.svc.dynamics.com/f  *.svc.dynamics.com/t  *.svc.dynamics.com/t/w    https://dhigroup.matomo.cloud  https://cdn.matomo.cloud/dhigroup.matomo.cloud/container_HH5X4G0y.js  https://cdn.matomo.cloud/dhigroup.matomo.cloud/matomo.js;style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com https:;font-src 'self' *.gstatic.com data: https:;img-src 'self' *.googletagmanager.com data: https:;object-src 'self' 'unsafe-inline' *;frame-ancestors 'none';base-uri 'self';form-action 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://press.coop; img-src 'self' https: data: blob: https://press.coop; style-src 'self' https://press.coop 'nonce-eOhoh3EwPPpZ1ayBBKyP5w=='; media-src 'self' https: data: https://press.coop; frame-src 'self' https:; manifest-src 'self' https://press.coop; connect-src 'self' data: blob: https://press.coop https://s3.us-west-2.amazonaws.com wss://press.coop; script-src 'self' https://press.coop 'wasm-unsafe-eval'; child-src 'self' blob: https://press.coop; worker-src 'self' blob: https://press.coop 1
report-uri https://o1063754.ingest.sentry.io/api/4504435241582592/security/?sentry_key=e7acfc0461444968ac7c58f1785b1711;connect-src 'self' earnably.com *.google-analytics.com *.analytics.google.com analytics.google.com accounts.google.com *.mmapiws.com beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net wss://*.pusher.com;script-src 'self' www.googletagmanager.com www.google-analytics.com apis.google.com device.maxmind.com performance.radar.cloudflare.com beacon-v2.helpscout.net 'nonce-nAcEex6sULgfVsNHliRU0L3drY6O3kMRIJSHgMBa';style-src 'self' 'unsafe-inline' fonts.googleapis.com beacon-v2.helpscout.net;font-src 'self' fonts.gstatic.com beacon-v2.helpscout.net use.typekit.net data: 1
report-uri https://git.cremadesignstudio.com/csp-reports.php; 	default-src 'report-sample' 'self' *.morganwhite.com morganwhite.com *.morganwhiteintl.com *.mwgbrokerservices.com *.mwgemployerservices.com *.mwgdirect.com *.mestmaker.com cdn.cremadesignstudio.com; 	script-src 'self' 'unsafe-inline' 'report-sample' *.morganwhite.com morganwhite.com *.morganwhiteintl.com *.mwgbrokerservices.com *.mwgemployerservices.com *.mwgdirect.com *.mestmaker.com cdn.cremadesignstudio.com https://www.google.com/pagead https://www.google.com/ads https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://acsbapp.com https://*.acsbapp.com https://analytics.clickdimensions.com https://cdnjs.cloudflare.com https://player.vimeo.com https://polyfill.io https://*.formcarry.com; 	style-src 'self' 'unsafe-inline' 'report-sample' https://*.typekit.net; 	font-src 'self' *.morganwhite.com morganwhite.com *.morganwhiteintl.com *.mwgbrokerservices.com *.mwgemployerservices.com *.mwgdirect.com *.mestmaker.com cdn.cremadesignstudio.com https://acsbapp.com https://*.acsbapp.com https://*.typekit.net; 	img-src 'self' *.morganwhite.com morganwhite.com *.morganwhiteintl.com *.mwgbrokerservices.com *.mwgemployerservices.com *.mwgdirect.com *.mestmaker.com cdn.cremadesignstudio.com https://www.google.com/pagead https://www.google.com/ads https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://acsbapp.com https://*.acsbapp.com https://i.vimeocdn.com stats.g.doubleclick.net data:; 	connect-src 'self' *.morganwhite.com morganwhite.com *.morganwhiteintl.com *.mwgbrokerservices.com *.mwgemployerservices.com *.mwgdirect.com *.mestmaker.com cdn.cremadesignstudio.com https://www.google.com/pagead https://www.google.com/ads https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://googleads.g.doubleclick.net https://acsbapp.com https://*.acsbapp.com stats.g.doubleclick.net https://formcarry.com; 	media-src 'self' https://acsbapp.com https://*.acsbapp.com data:; 	frame-src 'self' https://morganwhite.isolvedhire.com https://player.vimeo.com mailto:; 	object-src 'none'; 	base-uri 'none'; 	upgrade-insecure-requests; 1
upgrade-insecure-requests; base-uri 'self'; default-src 'none'; frame-ancestors 'none'; object-src 'none'; script-src 'none'; require-trusted-types-for 'script'; form-action 'none'; report-uri https://defesa.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-uh7eELZ6qbyvw+Vcwd4nofKdj78S81JkDsvvCHFwFWlF1okT' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' flexilivre.com *.flexilivre.com 1
frame-ancestors 'self' https://beta.coinigy.com https://app.coinigy.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://*.google.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://optimize.google.com https://maps.googleapis.com https://maps.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://static.hotjar.com https://script.hotjar.com https://*.optimizely.com https://player.vimeo.com https://*.vimeocdn.com https://cdnjs.cloudflare.com https://*.getclicky.com https://*.hs-scripts.com https://*.hs-analytics.net https://*.usemessages.com https://*.logrocket.io https://*.trustpilot.com https://*.varsitytutors.com; style-src 'self' 'unsafe-inline' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://optimize.google.com https://fonts.googleapis.com https://*.hs-scripts.com https://pro.fontawesome.com https://*.varsitytutors.com; img-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://s3-eu-west-1.amazonaws.com https://www.adobe.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.google.com https://maps.googleapis.com https://maps.gstatic.com https://csi.gstatic.com https://www.google.com https://www.google.co.uk https://optimize.google.com https://www.googletagmanager.com https://www.googleadservices.com https://insights.hotjar.com http://static.hotjar.com https://i.ytimg.com https://*.vimeocdn.com https://*.ssl-images-amazon.com data: blob: https://*.hs-scripts.com https://*.hubspot.com; font-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://fonts.gstatic.com https://static.hotjar.com https://*.hs-scripts.com https://pro.fontawesome.com; connect-src 'self' https://*.varsitytutors.com https://bam.nr-data.net https://*.hotjar.com:* wss://*.hotjar.com https://*.hs-scripts.com https://*.hubspot.com https://*.logrocket.io https://*.googleapis.com; media-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://*.youtube.com https://*.youtube-nocookie.com https://*.hs-scripts.com; object-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://*.googlevideo.com https://*.ytimg.com https://*.youtube.com https://*.youtube-nocookie.com; child-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://vars.hotjar.com https://optimize.google.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.hs-scripts.com; frame-src 'self' https://*.firsttutors.com https://*.firsttutors.ws https://*.varsitytutors.com https://*.google.com https://vars.hotjar.com https://optimize.google.com https://*.youtube.com https://*.youtube-nocookie.com https://player.vimeo.com https://*.hs-scripts.com https://*.hubspot.com https://*.trustpilot.com; frame-ancestors 'self'; worker-src blob: data: https://*.firsttutors.com; 1
default-src 'self'; base-uri 'self'; media-src player.vimeo.com vod-progressive.akamaized.net; connect-src 'self' region1.analytics.google.com stats.g.doubleclick.net consentcdn.cookiebot.com  www.google-analytics.com www.google.de www.google.com www.facebook.com;  font-src 'self' data:;  form-action 'self';  frame-src player.vimeo.com consentcdn.cookiebot.com www.google.com/recaptcha/ 'unsafe-inline';  img-src www.google-analytics.com 'self' imgsct.cookiebot.com googleads.g.doubleclick.net www.facebook.com www.google.de www.google.com  data:;   manifest-src www.gstatic.com/recaptcha/ www.google.com/recaptcha/ 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com/pagead/ stats.g.doubleclick.net www.facebook.com region1.analytics.google.com fast.wistia.net www.googleadservices.com connect.facebook.net piwik.next-motion.de consent.cookiebot.com consentcdn.cookiebot.com www.googletagmanager.com www.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/;  style-src 'self' 'unsafe-inline';  frame-ancestors 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors 'self'; report-uri https://fsap.report-uri.com/r/t/csp/reportOnly; 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none';frame-ancestors 'self' 1
default-src 'self' burlingtonstores.jobs player.vimeo.com d12wqovxet6953.cloudfront.net www.youtube.com analytics.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.dejobs.org *.jobsyn.org *.recruitrooster.com *.burlingtonstores.jobs dn9tckvz2rpxv.cloudfront.net d2e48ltfsb5exy.cloudfront.net src.nlx.org prod-static.dejobs.org data: *.google-analytics.com 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'   https://*.uptolike.com/ http://aj1616.online/ fapabelno.com  *.fapabelno.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' fapabelno.com  https://*.yandex.com/ https://*.bngprm.com/ https://grown-t-code.com/ https://*.uptolike.com/ http://*.realsrv.com/ https://goryachie-foto.net/ https://bongacams10.com/ https://*.bcprm.com/ https://bcprm.com/  https://aj1616.online/  *.fapabelno.com https://syndication.exosrv.com  https://dugwap.com http://funbuy.pp.ua      connect.facebook.net http://connect.facebook.net https://www.facebook.com http://facebook.net *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net *.vk.com https://*.vk.com vk.com https://vk.com top-fwz1.mail.ru counter.yadro.ru www.google.com advapi.ru   cse.google.com http://10.20.2.42:15871 *.akamaihd.net *.amazonaws.com *.ytimg.com http://*.whisla.com https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com www.google-analytics.com cse.google.com http://*.uptolike.com https://*.uptolike.com https://*.google.com http://*.google.com https://www.google-analytics.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.googleapis.com *.doubleclick.net ;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  https://srv224.com/ https://*.trustlink.ru/ https://*.magsrv.com https://*.pemsrv.com/ https://envious-low.com/ https://www.tallfriend.pro/ https://adcck.ru/ https://pddata.ru/ https://creepy-reception.com/ https://*.click.ru/ https://*.bngprm.com/ https://bcprm.com/ https://goryachie-foto.net/ https://aj1616.online/ https://*.uptolike.com/ https://*.yandex.ru/ https://*.realsrv.com/ https://*.yandex.com/ ;object-src 'self' *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net http://*.ytimg.com *.macromedia.com *.adobe.com https://*.adobe.com https://*.googleapis.com http://www.youtube.com https://www.youtube.com *.gstatic.com http://*.uptolike.com https://*.uptolike.com   *.googleapis.com *.vk.com https://*.vk.com vk.com https://vk.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com ;style-src 'self' 'unsafe-inline' *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net *.vk.com https://*.vk.com vk.com https://vk.com fapabelno.com *.fapabelno.com http://*.uptolike.com https://*.uptolike.com https://* cse.google.com www.google.com http://netdna.bootstrapcdn.com fonts.googleapis.com *.googleapis.com  http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com ;img-src * data: fapabelno.com *.fapabelno.com *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net top-fwz1.mail.ru counter.yadro.ru *.vk.com https://*.vk.com vk.com https://vk.com http://*.uptolike.com https://*.uptolike.com  http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com http://*.gravatar.com/; media-src 'self' * mediastream: *;frame-src 'self' 'unsafe-eval' https://*.xlivrdr.com https://*.mnaspm.com/ https://*.bongacams22.com/ https://*.bongacams10.com/ https://bongacams10.com/ https://*.bongacams.com/ https://bongacams.com/ http://staticxx.facebook.com/ https://promo-bc.com http://www.facebook.com *.yandex.ru yandex.ru       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net fapabelno.com *.fapabelno.com  blocking.stat *.yahoo.com *.uptolike.com vk.com *.hubrus.com www.google.com cse.google.com  http://www.youtube.com https://www.youtube.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com http://*.google.com top-fwz1.mail.ru counter.yadro.ru http://*.uptolike.com https://*.uptolike.com *.googleapis.com   *.vk.com https://*.vk.com vk.com https://vk.com;font-src 'self' data: fapabelno.com *.fapabelno.com *.googleapis.com *.gstatic.com http://*.uptolike.com https://*.uptolike.com http://fonts.gstatic.com:*;connect-src 'self' https://*.magsrv.com https://*.pemsrv.com/ https://www.tallfriend.pro/ https://*.realsrv.com/ https://mc.yandex.com/ *.yandex.ru yandex.ru http://aj1616.online/ https://aj1616.online/  http://w.uptolike.com/       http://www.24video.net/ http://player.vimeo.com/ http://www.24video.xxx/ http://24video.ws/ a.tiaplex.com http://a.tiaplex.com https://a.tiaplex.com http://x.tiaplex.com/ x.tiaplex.com *.yandex.net yandex.net yandex.st *.yandex.st yastatic.net *.yastatic.net https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yandex.net https://yandex.st https://*.yandex.st https://yastatic.net https://*.yastatic.net http://*.yandex.ru http://yandex.ru http://*.yandex.net http://yandex.net http://yandex.st http://*.yandex.st http://yastatic.net http://*.yastatic.net https://www.youtube.com *.googlevideo.com https://*.gstatic.com http://*.googlesyndication.com https://*.googlesyndication.com *.googlesyndication.com *.google-analytics.com;report-uri //fapabelno.com/csp.php 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' static.wufoo.com ajax.aspnetcdn.com ajax.googleapis.com cdn.calibermind.com cdn.jsdelivr.net extend.vimeocdn.com fast.fonts.net js-na1.hs-scripts.com use.typekit.net vjs.zencdn.net wasm-eval www.visiquate.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net visiquate.bamboohr.com apps.elfsight.com cdn.metarouter.io lftracker.leadfeeder.com player.live-video.net player.vimeo.com scout-cdn.salesloft.com services.cognitoforms.com static.cognitoforms.com www.cognitoforms.com www.google-analytics.com www.googletagmanager.com visiquate.com www.wufoo.com www.paypal.com www.paypalobjects.com connect.facebook.net js.driftt.com kit.fontawesome.com t4.trackalyzer.com googleads.g.doubleclick.net static.hotjar.com web-sdk.smartlook.com; script-src-elem 'self' 'unsafe-inline' visiquate.bamboohr.com performance.radar.cloudflare.com www.googletagmanager.com cdn.metarouter.io ajax.googleapis.com lftracker.leadfeeder.com use.typekit.net fast.fonts.net vjs.zencdn.net ajax.aspnetcdn.com cdn.jsdelivr.net www.google-analytics.com extend.vimeocdn.com scout-cdn.salesloft.com js-na1.hs-scripts.com cdn.calibermind.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net apis.google.com cdnjs.cloudflare.com form.jotform.com gc.kis.v2.scr.kaspersky-labs.com player.vimeo.com t4.trackalyzer.com www.paypal.com browser.sentry-cdn.com cdn01.jotfor.ms cdn02.jotfor.ms cdn03.jotfor.ms js.driftt.com services.cognitoforms.com www.jotform.com www.paypalobjects.com www.visiquate.com www.wufoo.com kit.fontawesome.com www.cognitoforms.com static.cognitoforms.com connect.facebook.net; style-src-elem 'self' 'unsafe-inline' cdn.jsdelivr.net fast.fonts.net visiquate.bamboohr.com vjs.zencdn.net www.cognitoforms.com visiquate.com www.visiquate.com pro.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.jotfor.ms; style-src-attr 'unsafe-inline'; img-src 'self' data: files.jotform.com forms.hsforms.com i.vimeocdn.com p.typekit.net resources.bamboohr.com tr.lfeeder.com track.hubspot.com www.google-analytics.com visiquate.com www.visiquate.com www.paypalobjects.com i.ytimg.com t.paypal.com about fast.fonts.net s3-us-west-2.amazonaws.com www.googletagmanager.com dbschema.com region1.google-analytics.com www.dbschema.com benchmark.1e100cdn.net cdnetworks.cedexis-test.com cedexis-test.akamaized.net essl-cdxs.edgekey.net exactly-huge-arachnid.edgecompute.app fastly.cedexis-test.com fastly.jsdelivr.net fonts.gstatic.com jsdelivr.b-cdn.net p17003.cedexis-test.com p29.cedexis-test.com ptcfc.com scout.us2.salesloft.com serverless-benchmarks-js.compute-pipe.com serverless-benchmarks-rust.compute-pipe.com stackpath-map3.cedexis-test.com testingcf.jsdelivr.net translate.google.com uniquely-peaceful-hagfish.edgecompute.app vdms-ssl.cedexis-test.com cdn.honey.io www.cognitoforms.com yastatic.net uploads-ssl.webflow.com cdn.jotfor.ms www.jotform.com events.jotform.com a.slack-edge.com www.paypal.com; font-src 'self' data: fast.fonts.net themes.googleusercontent.com use.typekit.net vjs.zencdn.net www.cognitoforms.com pro.fontawesome.com ka-p.fontawesome.com fonts.gstatic.com ms-browser-extension account.affilitizer.com static.hsappstatic.net cdn.jotfor.ms ray.st; connect-src 'self' forms.hscollectedforms.net visiquate.bamboohr.com www.cognitoforms.com www.google-analytics.com www.paypal.com scout.salesloft.com region1.google-analytics.com ka-p.fontawesome.com kit.fontawesome.com api.craftcms.com extend.vimeocdn.com js.hscollectedforms.net stats.g.doubleclick.net invalid.rpki.cloudflare.com valid.rpki.cloudflare.com static.hsappstatic.net w88p9x.com analytics.google.com api.jotform.com overbridgenet.com www.visiquate.com; object-src 'none'; frame-src 'self' player.vimeo.com visiquate.wufoo.com www.youtube.com www.paypal.com www.paypalobjects.com js.driftt.com www.googletagmanager.com help.visiquate.com 172.25.15.1:8090 auth.grata.com vimeo.com ironweb02.nrhnt.nrh-ok.com submit.jotform.com mozbar.moz.com form.jotform.com; base-uri 'self'; report-uri https://visiquate.report-uri.com/r/d/csp/wizard 1
default-src 'self'; connect-src 'self' *.siteimprove.com inaadress.maaamet.ee https://s3-web-1a.tehik.ee https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://tableauapp.tehik.ee https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com 6168367.global.siteimproveanalytics.io *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com siteimproveanalytics.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://tableau.test.tehik.ee https://tableauapp.tehik.ee https://talendipank.ee static.cloudflareinsights.com https://siteimproveanalytics.com ajax.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
frame-ancestors 'self' http://toolpool.circit.de https://toolpool.circit.de 1
upgrade-insecure-requests; frame-ancestors https://burgan.com https://*.burgan.com https://*.burganbank.com; 1
default-src 'self' https://api.userway.org/ https://*.api.userway.org/ https://cdn.userway.org/ https://region1.analytics.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://cdn.userway.org/; media-src 'self'; img-src 'self' https://cdn.userway.org/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.userway.org/ https://cdnjs.cloudflare.com/; font-src 'self' data: https://fonts.gstatic.com/ https://cdn.userway.org/ https://cdnjs.cloudflare.com/; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' https://primaria-dumbravita.ro/; frame-src 'self' https://cdn.userway.org/ https://maps.google.com/ https://www.google.com/; upgrade-insecure-requests; worker-src 'self' blob:; 1
default-src  'self' *.google-analytics.com *.googleapis.com yoast.com *.upt.pt; img-src      'self' *.elemailer.com elemailer.com *.wpmet.com *.uportu.pt *.w.org *.ytimg.com *.gravatar.com *.gstatic.com *.googleapis.com *.upt.pt data: http://*.upt.pt blob: *.upt.pt;  img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.elemailer.com elemailer.com *.printfriendly.com *.w.org *.gravatar.com *.vimeocdn.com *.gstatic.com *.google.com *.googleapis.com *.upt.pt *.uportu.pt;  script-src   'self' *.googletagmanager.com *.jquery.com 'unsafe-inline' 'unsafe-eval' *.twitter.com *.w.org *.gravatar.com *.googleapis.com *.jsdelivr.net *.printfriendly.com *.kxcdn.com *.vimeocdn.com *.hs-analytics.net *.securitymetrics.com *.google-analytics.com *.cloudflare.com developers.google.com recaptcha.google.com *.google.com *.gstatic.com *.youtube.com *.upt.pt;  style-src    'self' *.cloudflare.com 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.jquery.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com *.jsdelivr.net *.fontawesome.com *.upt.pt;  font-src     'self' 'unsafe-inline' 'unsafe-eval' data: *.sharepointonline.com *.cloudflare.com *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com *.jsdelivr.net *.fontawesome.com *.upt.pt;  frame-src    'self' wordpress.org *.hubspot.com *.hsappstatic.net *.doubleclick.com *.facebook.com *.vimeocdn.com *.vimeo.com *.youtube.com leap13.github.io *.google.com *.gstatic.com *.upt.pt; object-src   'self' ;  1
default-src https: 'self' data: 'unsafe-inline' 'unsafe-eval' blob: js-eu1.hs-scripts.com cloudinary.com res.cloudinary.com; base-uri 'self'; block-all-mixed-content; connect-src wss: 'self' sentry.io analytics.google.com b.ably-realtime.com anvil.opentok.com hlg.tokbox.com onesignal.com rest.ably.io internet-up.ably-realtime.com c.ably-realtime.com d.ably-realtime.com e.ably-realtime.com sumo.com dev.fitbit.com stats.g.doubleclick.net forms-eu1.hubspot.com api-eu1.hubapi.com sdk-01.moengage.com; font-src 'self' data: hello.myfonts.net d1sm0ss79mmotj.cloudfront.net d2667ouk2zvn9v.cloudfront.net d3vimd0j9wrtcm.cloudfront.net d1sm0ss79mmotj.cloudfront.net d3txbwtteb82v4.cloudfront.net fonts.googleapis.com use.fontawesome.com freshchat.com netdna.bootstrapcdn.com fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; worker-src ekincare.typeform.com; frame-src 'self' ekincare.typeform.com https: wchat.freshchat.com www.google.com  api.razorpay.com www.google.co.in www.youtube.com use.fontawesome.com freshchat.com 165698083510717.webpush.freshchat.com; media-src 'self' d2667ouk2zvn9v.cloudfront.net d1sm0ss79mmotj.cloudfront.net d3vimd0jgwrtcm.cloudfront.net d3txbwtteb82v4.cloudfront.net www.youtube.com s3.ap-south-1.amazonaws.com d3vimd0j9wrtcm.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: www.gstatic.com www.google-analytics.com www.facebook.com www.googleadservices.com www.googletagmanager.com wchat.freshchat.com www.recaptcha.net googleads.g.doubleclick.net www.google.com embed.typeform.com cdn.ravenjs.com sentry.io d2667ouk2zvn9v.cloudfront.net d1sm0ss79mmotj.cloudfront.net unpkg.com snap.licdn.com dc.ads.linkedin.com wzrkt.com d2r1yp2w7bby2u.cloudfront.net d3txbwtteb82v4.cloudfront.net js-agent.newrelic.com bam.nr-data.net dhqfzvce2gbm4.cloudfront.net googleads.g.doubleclick.net cdn.zarget.com razorpay.com api.razorpay.com googleadservices.com d3vimd0jgwrtcm.cloudfront.net cdn.onesignal.com browser-update.org cdnjs.cloudflare.com connect.facebook.net maps.googleapis.com ajax.googleapis.com cdn.ably.io ip.zarget.com www.googletagmanager.com d3vimd0j9wrtcm.cloudfront.net px.ads.linkedin.com load.sumome.coms3.amazonaws.com ssl.google-analytics.com freshchat.comd16clbqzzyudl9.cloudfront.net recaptcha.net js-eu1.hs-scripts.com gstatic.com googleadservices.com www.googletagmanager.com recaptcha.net facebook.com cdn.jsdelivr.net stats.g.doubleclick.net js-eu1.hsadspixel.net js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net googleads.g.doubleclick.net bid.g.doubleclick.net cdn.moengage.com; style-src 'self' 'unsafe-inline' typeform.com hello.myfonts.net d3vimd0j9wrtcm.cloudfront.net wchat.freshchat.com cdn.jsdelivr.net d2667ouk2zvn9v.cloudfront.net d1sm0ss79mmotj.cloudfront.net cdnjs.cloudflare.com hello.myfonts.net d3vimd0jgwrtcm.cloudfront.net d3txbwtteb82v4.cloudfront.net s3.ap-south-1.amazonaws.com d3vimd0j9wrtcm.cloudfront.net use.fontawesome.com freshchat.com netdna.bootstrapcdn.com d16clbqzzyudl9.cloudfront.net fonts.googleapis.com fonts.gstatic.com unpkg.com; report-uri https://ekincare2.report-uri.com/r/d/csp/enforce 1
script-src 'self' *.dlgal.com dlgal.com dilatenine.com tsaristcanapes.com addictedwonder.com renomeeguze.com *.bebi.com run-syndicate.com *.run-syndicate.com runative-syndicate.com *.runative-syndicate.com blastcahs.com *.o333o.com *.histats.com *.cloudfront.net edfsqfaeenij.com *.adsco.re *.cdn4ads.com cdn4ads.com *.dkypsidljq.com *.edfsqfaeenij.com ptewarin.net ulukaris.com clerrrep.com mailwithcash.com *.ggbases.com *.realsrv.com *.exosrv.com *.jads.co *.juicyads.com *.patreon.com data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-A5VtNUDIg/LcLJaF1ZZtJwxQc/eQAU2he68axNsvoQcnvBcP' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' http://www.philips.dk *.philips.com *.philips.dk https://philipsigtdpv.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.fwc.pl *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.webgains.io *.packeta.com *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.ingest.sentry.io *.google.com data: *.salesmanago.pl *.criteo.com *.hotjar.com; frame-src 'self' * *.packeta.com *.gstatic.com *.google.com *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.adyen.com *.dhl.pl *.criteo.com *.hotjar.com *.salesmanago.pl; object-src 'self'; default-src 'self' *.bathandbodyworks.pl *.bathandbodyworks.ro; img-src 'self' data: *.trustmate.io trustmate.io *.google-analytics.com *.adyen.com *.google.com *.gstatic.com *.googleapis.com *.doubleclick.net *.salesmanago.pl *.facebook.com *.criteo.com *.bathandbodyworks.pl *.bathandbodyworks.ro; style-src 'unsafe-inline' 'self' *.trustmate.io trustmate.io *.googletagmanager.com *.googleapis.com; connect-src 'self' *.victoriassecret.pl *.trustmate.io trustmate.io *.cookiebot.com *.webgains.io *.packeta.com *.googlesyndication.com *.googletagmanager.com *.google.com *.ingest.sentry.io *.google-analytics.com *.adyen.com *.googleapis.com *.doubleclick.net *.facebook.com *.criteo.com *.hotjar.com *.salesmanago.pl; font-src 'self' *.googleapis.com *.gstatic.com; media-src 'self' *.bathandbodyworks.pl *.bathandbodyworks.ro; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-dxKR/iRsJCu/fhDg0Glf/sEFaRmjEM9sLkubncL59mRA7CWG' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://curiocity.teemew.com 1
base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self' *.storyblok.com *.my-pv.com *.eveeno.com *.piwik.pro *.microsoft.com *.eveeno.com; img-src * data: blob: *.vimeocdn.com; object-src 'none'; script-src-attr 'none'; style-src 'self' 'unsafe-inline' *.storyblok.com *.datareporter.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.storyblok.com *.netlify.app *.google.com *.datareporter.eu *.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.googletagmanager.com *.vimeo.com *.vimeocdn.com *.piwik.pro; upgrade-insecure-requests; default-src 'self' *.storyblok.com; connect-src 'self' data: blob: *.storyblok.com *.datareporter.eu *.google-analytics.com *.doubleclick.net *.algolia.com *.algolianet.com *.piwik.pro; frame-src 'self' *.netlify.com *.my-pv.com *.google.com *.vimeo.com *.youtube.com *.facebook.com *.eveeno.com eveeno.com *.piwik.pro *.microsoft.com player.restream.io liveevent.page; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data: 1
default-src 'self' 'unsafe-inline' use.fontawesome.com netdna.bootstrapcdn.com www.chatbase.co cdn.jsdelivr.net *.mauve.work *.google-analytics.com www.googletagmanager.com unpkg.com; img-src https://* data: *.mauve.work; font-src 'self' netdna.bootstrapcdn.com use.fontawesome.com data:; script-src 'self' 'unsafe-inline' platform.twitter.com www.privacypolicies.com www.chatbase.co consent.comply-app.com privacy-policy-sync.comply-app.com ajax.googleapis.com data: www.google-analytics.com www.googletagmanager.com cdn.ckeditor.com unpkg.com www.google.com www.gstatic.com cdn.jsdelivr.net 'unsafe-eval'; child-src 'none'; frame-src 'self' *.twitter.com www.google.com outlook.office365.com www.youtube-nocookie.com www.youtube.com www.chatbase.co *.spotify.com forms.office.com; worker-src blob:; connect-src 'self' api.comply-app.com www.google-analytics.com www.chatbase.co; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.yumi.co.uk; base-uri 'self' 1
default-src 'self'; base-uri 'self'; img-src * data: https://meierijstad.containers.piwik.pro https://meierijstad.piwik.pro https://eu.cdn.kleksi.com; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://gemeente-meierijstad.email-provider.nl https://embed.email-provider.eu https://anchor.fm https://drive.google.com https://oplaadpalen.nl/ https://www.google.com/maps/ https://player.vimeo.com/ https://podcasters.spotify.com/; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-Y2NjM2Q4NDgtNDQ3Ni00NTM5LWJhNjktZDg0YjNiOTQ2OWQ4' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://virtuele-gemeente-assistent.nl https://gemeente-meierijstad.email-provider.nl https://embed.email-provider.eu https://meierijstad.containers.piwik.pro https://eu.cdn.kleksi.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl https://embed.email-provider.eu https://anchor.fm https://meierijstad.containers.piwik.pro https://meierijstad.piwik.pro https://eu.cdn.kleksi.com; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-Y2NjM2Q4NDgtNDQ3Ni00NTM5LWJhNjktZDg0YjNiOTQ2OWQ4' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://embed.email-provider.eu https://meierijstad.containers.piwik.pro https://meierijstad.piwik.pro https://eu.cdn.kleksi.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://meierijstad.containers.piwik.pro https://meierijstad.piwik.pro https://eu.cdn.kleksi.com;  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.net/ https://code.jquery.com/ maps.googleapis.com ajax.googleapis.com www.google.com https://cdn.datatables.net https://code.jquery.com *.google-analytics.com apis.google.com connect.facebook.net go.pardot.com go.momentive.com ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://d10lpsik1i8c69.cloudfront.net https://fg8vvsvnieiv3ej16jby.litix.io https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com https://www.googletagmanager.com/gtm.js https://fast.wistia.com/assets/external/E-v1.js fast.wistia.com embed-fastly.wistia.com https://siteintercept.qualtrics.com https://gateway.zscalerthree.net stackpath.bootstrapcdn.com/bootstrap/4.5.0/js/bootstrap.min.js https://www.gstatic.com https://cdnjs.cloudflare.com/ https://zndhrozt3joojg1rd-singusera0e7106b.siteintercept.qualtrics.com https://pi.pardot.com https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://service.force.com https://mpm.my.salesforce.com https://d.la1-c2-ia4.salesforceliveagent.com https://static.lightning.force.com https://mpmlicensenolongerneeded.secure.force.com app.wistia.com mpm.my.salesforce-sites.com d.la1-c2-ia5.salesforceliveagent.com d.la1-core2.sfdc-lywfpd.salesforceliveagent.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com netdna.bootstrapcdn.com https://code.jquery.com/ https://cdn.datatables.net kendo.cdn.telerik.com www.google.com https://d10lpsik1i8c69.cloudfront.net https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com https://fast.fonts.net/cssapi/4f9f837d-7aff-4ca2-baad-329b614db55e.css https://fast.fonts.net/t/1.css https://stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css https://cdnjs.cloudflare.com/ https://gateway.zscalerthree.net https://maxcdn.bootstrapcdn.com/ use.fontawesome.com https://service.force.com https://mpmlicensenolongerneeded.secure.force.com https://mpm.my.salesforce.com mpm.my.salesforce-sites.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: fast.fonts.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com/ use.fontawesome.com fast.wistia.com; img-src 'self' www.momentive.com https://siteintercept.qualtrics.com/ https://co1.qualtrics.com/ https://code.jquery.com/ maps.gstatic.com maps.googleapis.com www.google.com www.google.co.in https://cdn.datatables.net *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com co1.qualtrics.com siteintercept.qualtrics.com https://www.googletagmanager.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com embedwistia-a.akamaihd.net embed-fastly.wistia.com fast.wistia.com i.ytimg.com https://track.hubspot.com gateway.zscalerthree.net https://d10lpsik1i8c69.cloudfront.net https://zpnve0y.media.bublupcdn.com embed-ssl.wistia.com; media-src 'self' data: blob: https://embed-fastly.wistia.com https://d10lpsik1i8c69.cloudfront.net https://embedwistia-a.akamaihd.net/ fast.wistia.com; form-action 'self' www.momentive.com https://survey.co1.qualtrics.com/ distillery.wistia.com https://go.momentive.com/l/711113/2019-10-29/29d2d; frame-src 'self' www.google.com https://fast.wistia.net/ www.youtube.com https://gateway.zscalerthree.net https://service.force.com https://mpm.my.salesforce.com; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.dec.sitefinity.com https://settings.luckyorange.net stats.g.doubleclick.net wss://in.visitors.live wss://visitors.live https://pubsub.googleapis.com https://zndhrozt3joojg1rd-singusera0e7106b.siteintercept.qualtrics.com *.mktoresp.com https://fg8vvsvnieiv3ej16jby.litix.io siteintercept.qualtrics.com distillery.wistia.com pipedream.wistia.com embedwistia-a.akamaihd.net www.google-analytics.com embed-fastly.wistia.com https://mpmlicensenolongerneeded.secure.force.com fast.wistia.com embed-cloudfront.wistia.com; 1
script-src 'unsafe-inline' 'self' https://boniface-eng.com https://*.boniface-ent.com https://jige-international.com https://*.jige-international.com https://millerind.com https://*.millerind.com https://southhydcyl.com https://*.southhydcyl.com https://*.vimeo.com https://*.vimeocdn.com https://www.indeedjobs.com https://*.youtube.com https://*.youtube-nocookie.com https://*.gstatic.com https://*.ytimg.com https://*.ggpht.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagservices.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.openstreetmap.org https://*.surveymonkey.com https://forms.office.com https://*.zoho.com https://*.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://maillist-manage.com https://cdn.polyfill.io https://*.facebook.com https://*.facebook.net https://*.jige-international.com https://*.tradingview.com; worker-src 'self' https://boniface-eng.com https://*.boniface-ent.com https://jige-international.com https://*.jige-international.com https://millerind.com https://*.millerind.com https://southhydcyl.com https://*.southhydcyl.com https://*.vimeo.com https://*.vimeocdn.com https://www.indeedjobs.com https://*.youtube.com https://*.youtube-nocookie.com https://*.gstatic.com https://*.ytimg.com https://*.ggpht.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagservices.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.openstreetmap.org https://*.surveymonkey.com https://forms.office.com https://*.zoho.com https://*.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://maillist-manage.com https://cdn.polyfill.io https://*.facebook.com https://*.facebook.net https://*.jige-international.com https://*.tradingview.com; frame-src 'self' https://boniface-eng.com https://*.boniface-ent.com https://jige-international.com https://*.jige-international.com https://millerind.com https://*.millerind.com https://southhydcyl.com https://*.southhydcyl.com https://*.vimeo.com https://*.vimeocdn.com https://www.indeedjobs.com https://*.youtube.com https://*.youtube-nocookie.com https://*.gstatic.com https://*.ytimg.com https://*.ggpht.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagservices.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.openstreetmap.org https://*.surveymonkey.com https://forms.office.com https://*.zoho.com https://*.zohopublic.com https://*.zohocdn.com https://*.zohostatic.com https://maillist-manage.com https://cdn.polyfill.io https://*.facebook.com https://*.facebook.net https://*.jige-international.com https://*.tradingview.com; 1
default-src 'self' https://*.zalamea.ph https://*.googleapis.com https://*.fontawesome.com https://unpkg.com;  connect-src 'self' https://*.zalamea.ph https://*.zendesk.com https://*.zdassets.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://*.googleapis.com https://*.api.here.com https://*.hereapi.com https://*.ls.hereapi.com https://*.okta.com https://*.firebaseio.com wss://*.firebaseio.com https://yoast.com; font-src 'self' https://*.gstatic.com https://*.fontawesome.com data:;  child-src 'self' https://*.zalamea.ph https://www.google.com https://*.google.com https://*.firebaseio.com wss://*.firebaseio.com blob:;  img-src 'self' https: data: https://*.zalamea.ph https://*.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com;  object-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://*.zalamea.ph https://*.zendesk.com https://*.zdassets.com https://*.googleapis.com https://*.api.here.com https://*.hereapi.com https://*.ls.hereapi.com https://*.okta.com https://*.fontawesome.com https://www.googletagmanager.com https://www.google-analytics.com https://tagmanager.google.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://unpkg.com https://*.firebaseio.com wss://*.firebaseio.com https://www.google.com https://*.google.com https://yoast.com; style-src 'self' 'unsafe-inline' https: https://*.zalamea.ph https://*.zendesk.com https://*.googleapis.com https://*.api.here.com https://*.hereapi.com https://*.ls.hereapi.com https://*.fontawesome.com https://cdnjs.cloudflare.com https://tagmanager.google.com https://*.firebaseio.com wss://*.firebaseio.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.googletagmanager.com *.google.com google-analytics.com *.google-analytics.com *.gstatic.com platform-api.sharethis.com *.sharethis.com cdn.ampproject.org cdnjs.cloudflare.com cdn.jsdelivr.net *.cloudfront.net *.fontawesome.com unpkg.com; 1
object-src 'none'; frame-ancestors *; report-uri https://nutrilak.com/report-uri/enforce 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google.com *.gstatic.com code.jquery.com maps.googleapis.com google-analytics.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.fontawesome.com *.cloudflare.com *.google.com *.googleapis.com *.use.fontawesome.com *.jsdelivr.net; font-src 'self' 'unsafe-inline' *.fontawesome.com gstatic.com; 1
script-src https: localhost:8080 my.dev.com:8080 'unsafe-inline'; frame-ancestors 'self'; 1
frame-ancestors https://www.busbam.com/ http://ih-vm-movelia3.c.mad.interhost.com/ https://sandbox.navegam.fr/ https://www.navegam.fr/ https://barcelonanord.barcelona/ https://www.billebus.es/ https://www.reserbus.es/ https://www.turismoregiondemurcia.es/ https://www.visitbenidorm.es/ https://www.zaragoza.es/ https://www.turismodealmeria.org/ https://visita.malaga.eu/ https://www.aguilas.es/ https://www.vitoria-gasteiz.org/ https://frahemar.com/ https://*.centrotour.com https://www.autobuses-sevilla.com/ https://www.autobuses-malaga.com/ 1
frame-ancestors 'self' https://online.amp.co.nz https://ampwmnz.force.com https://ampwmnz--uat2.sandbox.my.site.com https://ampwmnz--lmartynova.sandbox.my.site.com/ https://ampwmnz--imozo2.sandbox.my.site.com/ https://ampwmnz.my.site.com https://ampwmnz--uat2.sandbox.my.site.com https://ampwmnz--imozo2.sandbox.my.site.com https://ampwmnz--imozo.sandbox.my.site.com https://ampwmnz--lmartynova.sandbox.my.site.com https://ampwmnz--gtan.sandbox.my.site.com https://ampwmnz--gtandev.sandbox.my.site.com https://ampwmnz--iansdev.sandbox.my.site.com https://ampwmnz--nbustillos.sandbox.my.site.com https://ampwmnz--rollup2.sandbox.my.site.com https://ampwmnz--rollup.sandbox.my.site.com https://ampwmnz--rollup.sandbox.preview.salesforce-experience.com https://ampwmnz--rollup.sandbox.live-preview.salesforce-experience.com https://ampwmnz--rollup2.sandbox.preview.salesforce-experience.com https://ampwmnz--rollup2.sandbox.live-preview.salesforce-experience.com https://ampwmnz--validtn2.sandbox.my.site.com https://ampwmnz--preprod.sandbox.my.site.com 1
frame-ancestors 'self' https://www.centralpattana.co.th https://cpn.listedcompany.com; 1
frame-ancestors 'self' *.kpcu.com *.zagclients.net 1
default-src 'self' data: https://www.google-analytics.com *.google-analytics.com *.analytics.google.com https://stats.g.doubleclick.net  https://nzhistory.govt.nz https://www.nzhistory.govt.nz https://ssl.gstatic.com https://www.nzonscreen.com https://www.youtube.com https://boost.ngataonga.org.nz https://maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://platform.twitter.com https://maps.googleapis.com https://connect.facebook.net https://linkhelp.clients.google.com https://www.youtube.com https://nzhistory.govt.nz https://www.nzhistory.govt.nz https://l.yimg.com https://www.google-analytics.com; object-src 'self' https://www.nzonscreen.com https://www.youtube.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://nzhistory.govt.nz https://www.nzhistory.govt.nz; img-src 'self' data: *.digitalnz.org *.natlib.govt.nz https://www.facebook.com https://www.nzhistory.net.nz https://cdn.knightlab.com https://teara.govt.nz https://www.googletagmanager.com https://maps.gstatic.com *.googleapis.com https://translate.google.com https://www.nzonscreen.com https://www.teara.govt.nz https://img.youtube.com https://nzhistory.govt.nz https://www.nzhistory.govt.nz https://i.ytimg.com https://gg.govt.nz https://maps.google.com *.google-analytics.com *.analytics.google.com https://www.gstatic.com https://players.brightcove.net https://christchurchcitylibraries.com https://www.nzhistory.net.nz; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://cdn.knightlab.com https://www.youtube.com https://www.nzonscreen.com https://www.podbean.com https://www.google.com https://maps.google.co.nz https://www.googletagmanager.com https://players.brightcove.net; frame-ancestors 'self' https://player.vimeo.com https://www.nzonscreen.com https://www.youtube.com https://maps.google.co.nz https://www.podbean.com https://www.google.com https://cdn.knightlab.com https://players.brightcove.net https://www.youtube-nocookie.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://nzhistory.govt.nz https://www.nzhistory.govt.nz https://static3.avast.com; report-uri /report-csp-violation; upgrade-insecure-requests; form-action 'self'; base-uri 'self' 1
default-src * data:; style-src 'unsafe-inline' https:; script-src 'unsafe-inline' 'unsafe-eval' https:; 1
default-src 'none'; img-src 'self' data: https://www.aquanet.pl https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://i.ytimg.com https://tile.openstreetmap.org https://cdn.cai.tools.sap https://imgsct.cookiebot.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://aquanetcai-mzl3k91n.sapcai.eu10.hana.ondemand.com https://consent.cookiebot.com/uc.js https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; media-src 'self'; connect-src 'self' https://www.google-analytics.com https://aquanetcai-mzl3k91n.sapcai.eu10.hana.ondemand.com https://region1.google-analytics.com https://consentcdn.cookiebot.com; form-action 'self'; base-uri 'self'; frame-src https://www.youtube.com https://skk.erecruiter.pl https://consentcdn.cookiebot.com; frame-ancestors 'self' 1
default-src 'self';connect-src 'self' https://*.aetna.com https://*.cvshealth.com https://api.redcard.com https://dpm.demdex.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.adobedtm.com https://aetna.d1.sc.omtrdc.net https://api.redcard.com; style-src 'self' https://api.redcard.com https://fonts.googleapis.com 'unsafe-inline';img-src 'self' https://aetna.d1.sc.omtrdc.net https://api.redcard.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com https://play.google.com/intl/en_us/badges/images/generic/en_badge_web_generic.png https://cm.everesttech.net data:; object-src 'self' https://*.aetna.com; frame-ancestors 'self';font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;media-src 'self';frame-src 'self' https://*.aetna.com http://*.aetna.com https://*.demdex.net 1
frame-ancestors 'self' https://edicola.giornalelavoce.it/ 1
default-src 'self' 'unsafe-inline' servedby.revive-adserver.net banner.isn.nl fonts.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com code.jquery.com maxcdn.bootstrapcdn.com kampeerencaravanjaarbeurs.nl stats.g.doubleclick.net; img-src * data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: blob:; frame-ancestors 'self'; upgrade-insecure-requests; base-uri 'self'; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://revain.org https://ru.revain.org https://revain.com; connect-src 'self' wss://revain.org/api/v3/notifications wss://ru.revain.org/api/v3/notifications *.google.ru *.google.de *.google.cn *.google.it *.google.es *.google.pt *.google.fr *.google.com *.googlesyndication.com *.googleapis.com *.google-analytics.com stats.g.doubleclick.net facebook.com *.facebook.net *.facebook.com *.fbcdn.net cointelegraph.com *.cointelegraph.com linkedin.com *.linkedin.com request-global.czilladx.com *.cointraffic.io top-fwz1.mail.ru adx.adform.net prebid.smilewanted.com a.teads.tv inv-nets.admixer.net hbopenbid.pubmatic.com prebid-eu.creativecdn.com bidder.criteo.com prg.smartadserver.com prebid-inv-eu.admixer.net static.criteo.net securepubads.g.doubleclick.net yandex.com yandex.ru *.yandex.net *.yandex.ru yastatic.net *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz; font-src 'self' data: https://revain.org https://ru.revain.org https://revain.com fonts.googleapis.com fonts.gstatic.com yastatic.net kucoin-assets.s3-ap-southeast-1.amazonaws.com; frame-src 'self' https://revain.org https://ru.revain.org https://revain.com https://widgets.revain.org yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru *.google.ru *.google.de *.google.cn *.google.it *.google.es *.google.pt *.google.fr *.google.com *.googlesyndication.com googleads.g.doubleclick.net facebook.com *.facebook.net *.facebook.com linkedin.com *.linkedin.com gleam.io coinzillatag.com request-global.czilladx.com *.cointraffic.io player.vimeo.com www.youtube.com gum.criteo.com; img-src 'self' data: blob: i.ytimg.com i.vimeocdn.com https://revain.org https://ru.revain.org https://revain.com images.revain.org *.google.ru *.google.de *.google.cn *.google.it *.google.es *.google.pt *.google.fr *.google.com *.googletagmanager.com *.googlesyndication.com stats.g.doubleclick.net *.google-analytics.com *.gstatic.com facebook.com *.facebook.net *.facebook.com cointelegraph.com *.cointelegraph.com certify.alexametrics.com images.ctfassets.net *.cointraffic.io coinzillatag.com unpkg.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com securepubads.g.doubleclick.net www.google.co.in www.google.nl www.google.be googleads.g.doubleclick.net yandex.com yandex.ru *.yandex.net *.yandex.ru yastatic.net *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz; manifest-src 'self' https://revain.org https://ru.revain.org https://revain.com; media-src 'self' data: blob: yandex.com yandex.ru *.yandex.net *.yandex.ru yastatic.net *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz https://revain.org https://ru.revain.org https://revain.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://revain.org https://ru.revain.org https://revain.com *.google.ru *.google.de *.google.cn *.google.it *.google.es *.google.pt *.google.fr *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com certify-js.alexametrics.com *.googletagmanager.com *.googlesyndication.com *.googleadservices.com *.googletagservices.com facebook.com *.facebook.net *.facebook.com linkedin.com *.linkedin.com cointelegraph.com *.cointelegraph.com *.cointraffic.io coinzillatag.com top-fwz1.mail.ru s.adroll.com s0.2mdn.net securepubads.g.doubleclick.net prebid-inv-eu.admixer.net cdn.admixer.net static.criteo.net cdn.ampproject.org adservice.google.co.in static.cloudflareinsights.com yastatic.net yandex.com yandex.ru *.yandex.net *.yandex.ru yastatic.net *.adfox.ru mc.yandex.az mc.yandex.by mc.yandex.co.il mc.yandex.com mc.yandex.com.am mc.yandex.com.ge mc.yandex.com.tr mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.kz mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.ua mc.yandex.uz; style-src 'self' 'unsafe-inline' https://revain.org https://ru.revain.org https://revain.com yastatic.net *.adfox.ru *.googleapis.com; child-src 'self' blob: 1
default-src 'self'; connect-src 'self' https://analytics.openalt.org https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src https://hcaptcha.com https://*.hcaptcha.com https://www.youtube.com https://www.google.com https://player.vimeo.com; img-src 'self' https: data: https://secure.gravatar.com; manifest-src 'none'; media-src https://videos.mozilla.org https://videos.cdn.mozilla.net; object-src https://www.youtube.com; prefetch-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://use.fontawesome.com https://analytics.openalt.org https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://apis.google.com; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com; upgrade-insecure-requests 1
object-src 'self' *.vrg24.sharpness.de vrg.vrg24.sharpness.de; 1
default-src 'self' https://www.googletagmanager.com; frame-ancestors 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ajax.googleapis.com/; img-src 'self' 'unsafe-inline' data: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://s.ytimg.com; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; 1
default-src 'self'; script-src 'self' www.google.com www.gstatic.com; style-src 'self' use.typekit.net fonts.googleapis.com p.typekit.net; img-src 'self' data:; font-src 'self' fonts.gstatic.com use.typekit.net; frame-src 'self' www.google.com; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint 1
script-src 'self' https: 'nonce-w2vEl+RTuRs4/PgnUzbo0g==' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://player.vimeo.com https://vimeo.com https://wb.messengerpeople.com https://isitetv.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tpc.googlesyndication.com https://tr.snapchat.com blob: https://www.pinterest.com https://www.pinterest.co.uk https://ct.pinterest.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://d3g5d7323c2i6m.cloudfront.net https://d29qb9vav0xwuc.cloudfront.net https://d7c4jjeuqag9w.cloudfront.net https://*.contentsquare.net https://*.criteo.com https://ct.pinterest.com; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://d7c4jjeuqag9w.cloudfront.net; form-action 'self' https://www.facebook.com https://www.iwantoneofthose.com https://m.iwantoneofthose.com https://checkout.iwantoneofthose.com https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://player.vimeo.com https://vod-progressive.akamaized.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://tpc.googlesyndication.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://apps.storystream.ai https://platform.twitter.com https://connect.facebook.net https://*.contentsquare.net https://app.contentsquare.com https://s.pinimg.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://d7c4jjeuqag9w.cloudfront.net; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com; frame-src 'self' *.trustpilot.com  *.eshapay.net *.ephapay.net *.dwin1.com *.awin1.com; connect-src 'self' *.google-analytics.com *.services.visualstudio.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com api.experianaperture.io stats.g.doubleclick.net; object-src 'none'; img-src 'self' *.google-analytics.com *.googletagmanager.com *.digicert.com *.theidol.com *.g.doubleclick.net www.google.com/pagead www.google.co.uk/pagead aequotechbeaconapi-uat.azurewebsites.net/api/ aequotechbeaconapi.azurewebsites.net/api/ www.moneysupermarket.com travelinsurance.quidco.com travelmedical-uk-cyti.cytiuat.tech travelmedical-uk-forbes.cytiuat.tech travelmedical-uk-msm.cytiuat.tech travelmedical-uk-kayak.cytiuat.tech travelmedical-uk-tsm.cytiuat.tech travelmedical-uk-mtc.cytiuat.tech www.awin1.com *.dwin1.com travelinsurance.uk.forbes.com travelinsurance.travelsupermarket.com compare-travelinsurance.topcashback.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.monitor.azure.com *.google-analytics.com *.trustpilot.com *.aspnetcdn.com *.googletagmanager.com *.hotjar.com *.vo.msecnd.net *.digicert.com *.googleapis.com *.googleoptimize.com *.googleadservices.com *.bootstrapcdn.com cdnjs.cloudflare.com/ajax/libs/jquery-validation-unobtrusive/ cdnjs.cloudflare.com/ajax/libs/jquery-validate/ cdnjs.cloudflare.com/ajax/libs/modernizr/2.6.2/ cdn.jsdelivr.net/npm/popper.js@1.16.1/ www.dwin1.com *.awin1.com *.googlesyndication.com; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' *.youtube.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net accounts.google.com *.nakanohito.jp *.typesquare.com;style-src 'self' 'unsafe-inline' platform.twitter.com typesquare.com *.twimg.com *.ttwstatic.com;script-src 'self' 'unsafe-inline' cdn.ampproject.org www.googletagmanager.com www.google-analytics.com platform.twitter.com syndication.twitter.com *.syndication.twimg.com connect.facebook.net apis.google.com accounts.google.com b.st-hatena.com cdn-ak.b.st-hatena.com social-plugins.line.me d.line-scdn.net uh.nakanohito.jp webfont.fontplus.jp *.amazonaws.com *.instagram.com typesquare.com www.tiktok.com *.ttwstatic.com jpostal-1006.appspot.com;img-src 'self' data: cdn.cdp-japan.jp www.google.com www.google.co.jp www.google-analytics.com b.st-hatena.com https://cdn-ak.b.st-hatena.com www.facebook.com i.ytimg.com *.twitter.com csi.gstatic.com *.twimg.com *.youtube.com;media-src 'self' cdn.cdp-japan.jp;font-src 'self' data: cdn.jsdelivr.net fonts.gstatic.com *.amazonaws.com webfont.fontplus.jp *.typesquare.com;child-src 'self' *.youtube.com *.google.com *.facebook.com *.twitter.com https://b.hatena.ne.jp cdn.api.b.hatena.ne.jp social-plugins.line.me *.st-hatena.com webfont.fontplus.jp *.instagram.com www.tiktok.com *.ttwstatic.com;object-src 'self';frame-ancestors 'none';form-action 'self' syndication.twitter.com platform.twitter.com accounts.google.com webfont.fontplus.jp;report-uri /csp/report 1
default-src 'none';media-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com;img-src 'self' * data: blob:;frame-src 'self' *;font-src 'self';connect-src 'self' *;form-action 'self' *;manifest-src 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://popupmaker.com https://*.googletagmanager.com https://*.bronto.com wss://*.hotjar.com https://snapwidget.com https://*.nr-data.net https://*.newrelic.com https://*.calendly.com https://*.flodesk.com https://*.getsitecontrol.com https://*.sharethis.com https://*.vistag.com https://*.privy.com https://*.zopim.com https://*.zdassets.com *.mailchimp.com *.hotjar.com http://localhost:* https://*.powr.io https://*.tawk.to https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com *.fonts.net/ http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com *.googleapis.com/ https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net *.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ *.segment.com/ https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com *.driftt.com *.tokenex.com https://browser.sentry-cdn.com https://js.sentry-cdn.com *.smartlook.cloud *.hsadspixel.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-banner.com https://*.doubleclick.net https://*.localizecdn.com https://*.usemessages.com;object-src 'self' https://repzio-azurefunctions-pdfgenerator.azurewebsites.net;style-src 'self' 'unsafe-inline' https://popupmaker.com https://*.privy.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.fonts.net https://fonts.googleapis.com http://cdn.datatables.net https://cdn-images.mailchimp.com https://use.fontawesome.com https://translate.googleapis.com;img-src 'self' https://snapwidget.com https://popupmaker.com https://google-analytics.com https://*.sharethis.com https://*.privy.com https://privymktg.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com https://salesrepimages.s3.amazonaws.com *.fonts.net/ https://p.typekit.net https://*.localizecdn.com https://*.junipercdn.com;media-src 'self' https://*.privy.com https://*.zdassets.com https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com https://repzioproductimages.s3.amazonaws.com;frame-src 'self' https://*.captur3d.io/ https://*.matterport.com/ https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://snapwidget.com https://*.aftermkt.com https://popupmaker.com https://momento360.com https://calendly.com https://kuula.co https://*.activemerchandiser.com https://*.hotjar.com https://c.sharethis.mgr.consensu.org https://*.sharethis.com https://*.privy.com *.list-manage.com/ *.driftt.com https://*.tawk.to https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com https://repzio-azurefunctions-pdfgenerator.azurewebsites.net *.tokenex.com/ https://*.doubleclick.net https://*.hubspot.com https://*.hsforms.com;font-src 'self' https://b2bbucket.s3.amazonaws.com https://*.vistag.com https://*.privy.com https://*.zdassets.com https://*.tawk.to https://cdn.lightwidget.com https://cdn.joinhoney.com data: *.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com;connect-src 'self' https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://popupmaker.com https://*.popupmaker.com https://*.flodesk.com https://*.getsitecontrol.com *.hotjar.com https://*.sharethis.com https://*.vistag.com https://*.privy.com ws://*.zopim.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com ws://*.tawk.to https://*.tawk.to https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net https://repzio.azure-api.net https://performance.typekit.net https://tearsheetsgeneration.blob.core.windows.net *.sentry.io *.smartlook.cloud *.hsadspixel.net https://*.amazonaws.com https://*.localizecdn.com *.segment.com/ https://api.hubspot.com https://*.hsforms.com;report-uri /WebResource.axd?cspReport=true 1
default-src * 'self' data:; style-src 'self' 'unsafe-inline' https://*.googleapis.com; script-src 'self' https://*.google.com https://*.gstatic.com https://*.googleapis.com; 1
default-src 'self' fast.fonts.net kit.fontawesome.com ka-p.fontawesome.com gstatic.com fast.fonts.net fast.fast-fonts.net; script-src  'self' 'unsafe-inline' 'unsafe-eval' cdn.evgnet.com www.google-analytics.com analytics.google.com connect.facebook.net api.mapbox.com kit.fontawesome.com fonts.net tagmanager.google.com www.googletagmanager.com doubleclick.net ajax.googleapis.com maps.googleapis.com code.jquery.com munchkin.marketo.net code.jquery.com fast.fonts.net; style-src   'self' 'unsafe-inline' kit.fontawesome.com www.googleapis.com api.mapbox.com fast.fonts.net fast.fast-fonts.net; connect-src 'self' maps.googleapis.com https://maps.googleapis.com cdn.evgnet.com kit.fontawesome.com www.google-analytics.com 540-icv-234.mktoresp.com analytics.google.com events.mapbox.com api.mapbox.com stats.g.doubleclick.net ka-p.fontawesome.com fast.fonts.net fast.fonts.net; frame-src   'self' www.google.com www.youtube.com youtube.com vimeo.com www.vimeo.com player.vimeo.com; img-src     'self' www.google-analytics.com https: data: blob:; worker-src  blob:; object-src  'none' 1
default-src 'self'; font-src data: https://assets.dm.de; script-src 'self' https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.it https://app.usercentrics.eu https://assets-internal-proxy.apps.nonprod.gcp.dmtech.cloud https://assets.dm.de https://d2pqvatijh75rn.cloudfront.net https://mpsnare.iesnare.com https://omt.dm-drogeriemarkt.it https://tags.tiqcdn.com https://www.dm-drogeriemarkt.it; worker-src 'self' blob:; connect-src  'self' https://*.bazaarvoice.com https://*.gcp.dmtech.cloud https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://aggregator.service.usercentrics.eu https://api.mapbox.com https://api.usercentrics.eu https://assets.dm.de https://browser-intake-datadoghq.eu https://cart-recos.services.dmtech.com https://cartnext.services.dmtech.com https://cdcs.usercentrics.eu https://collect.tealiumiq.com https://consent-api.service.consent.usercentrics.eu https://consent-rt-ret.service.consent.usercentrics.eu https://consents.usercentrics.eu https://coupon-aktionen.dm.de https://d2pqvatijh75rn.cloudfront.net https://direct-collect.dy-api.eu https://direct.dy-api.eu https://dmpay-gateway.services.dmtech.com https://dy-api.eu https://events.mapbox.com https://graphql.usercentrics.eu https://insights.algolia.io https://logs.browser-intake-datadoghq.eu https://mpsnare.iesnare.com https://my-products-api.services.dmtech.com https://omc.dm-drogeriemarkt.it https://product-based-recos.services.dmtech.com https://products.dm.de https://rcom-eu.dynamicyield.com https://recos-as-a-service.services.dmtech.com https://rum.browser-intake-datadoghq.eu https://services.dm.de https://signin.dm-drogeriemarkt.it https://sos-prod.availability.services.dmtech.com https://staedtetour.dm-fb2.de https://storage.googleapis.com/gift-card-builder-emergency-disabled-bucket/ https://products.dm.de https://shopping-list-prod.services.dmtech.com; style-src 'self' 'unsafe-inline' https://*.bazaarvoice.com https://api.tiles.mapbox.com https://assets.dm.de; form-action 'self' https://*.bazaarvoice.com https://checkout.dm-drogeriemarkt.it https://giftcard-checkout.dm-drogeriemarkt.it/api/checkout https://signin.dm-drogeriemarkt.it; img-src 'self' blob: data: https://*.bazaarvoice.com https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://app.usercentrics.eu https://assets.dm.de https://cdn-eu.dynamicyield.com https://content-preview.apps.prod.gcp.dmtech.cloud https://d2pqvatijh75rn.cloudfront.net https://d3s22jwy77sx9i.cloudfront.net https://i.ytimg.com https://images.podigee-cdn.net https://img.usercentrics.eu https://img.youtube.com/ https://media.dm-static.com https://services.dm.de https://uct.service.usercentrics.eu; frame-ancestors 'self' https://*.apps.nonprod.gcp.dmtech.cloud https://*.apps.prod.gcp.dmtech.cloud https://*.dm-drogeriemarkt.it https://*.dm-drogeriemarkt.org https://*.dm-drogeriemarkt.org:42007 https://*.dm-drogeriemarkt.org:42160 https://*.dm-drogeriemarkt.org:42161 https://*.dm-drogeriemarkt.org:42162 https://*.lxprod.ka.de.dm-drogeriemarkt.com https://app.datadoghq.eu https://studio.dm-drogeriemarkt.com; frame-src 'self' https://*.bazaarvoice.com https://*.dm-drogeriemarkt.it https://*.services.dmtech.com https://app.usercentrics.eu https://cdn.podigee.com https://configurator.nuk.de https://gastfamilie.podigee.io https://geburtskanal-dm.podigee.io https://hey-familie.podigee.io https://player.podigee-cdn.net https://sandbox.om.dm.de https://www.youtube-nocookie.com; base-uri 'self' https://*.mm.dm-drogeriemarkt.it https://*.services.dmtech.com https://events.mapbox.com; child-src 'self' blob:; manifest-src 'self'; report-uri /__csp-reports__; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.yandex.ru https://*.yandex.md https://*.gosuslugi.ru https://culturaltracking.ru https://*.2gis.com http://*.2gis.com https://*.2gis.ru https://*.jivosite.com http://*.jivosite.com https://*.jivo.ru http://*.jivo.ru wss://*.jivo.ru https://*.googleapis.com https://*.google.com https://*.youtube.com https://vk.com https://*.gstatic.com https://*.wp.com http://*.zencdn.net http://*.gravatar.com https://npmcdn.com https://*.w.org http://ssl.gstatic.com https://app.embed.im/snow.js; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; child-src * blob: ; 1
default-src 'self' *.1099pro.com cdn.cookielaw.org *.googletagmanager.com *.googleadservices.com *.force.com *.marketo.net *.mktoresp.com *.force.com *.salesforceliveagent.com sovos.getfeedback.com *.driftt.com *.crazyegg.com bat.bing.com *.clarity.ms *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.pendo.io *.googleapis.com *.outbrain.com *.doubleclick.net sovos-compliance.my.salesforce.com sovos-compliance--full.sandbox.my.salesforce.com sovos-compliance.my.site.com sovos-compliance--full.sandbox.my.site.com https: data: 'unsafe-inline' 'unsafe-eval';worker-src blob:; 1
frame-ancestors m.zap.co.il www.21.tv www.facebook.com sandbox.meshulam.co.il meshulam.co.il ppsuat.creditguard.co.il https://www.21.tv/ 1
media-src 'self' www.youtube.com; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: blob: www.minecraftiplist.com static.minecraftiplist.com cdn.usefathom.com; object-src 'none'; script-src-attr 'self' 'nonce-cV/rWAApdAi1Q/VghrwNUQ==' www.minecraftiplist.com static.minecraftiplist.com cdn.usefathom.com www.google.com www.gstatic.com ajax.cloudflare.com 'sha256-y9s25RsLPa2trJEpWyD3Cbug+SAgQzHVYgBcTbikMwI='; style-src 'self' https: 'unsafe-inline'; script-src 'self' 'nonce-cV/rWAApdAi1Q/VghrwNUQ==' blob: www.minecraftiplist.com static.minecraftiplist.com cdn.usefathom.com www.google.com www.gstatic.com ajax.cloudflare.com 'sha256-y9s25RsLPa2trJEpWyD3Cbug+SAgQzHVYgBcTbikMwI='; upgrade-insecure-requests; script-src-elem 'self' 'nonce-cV/rWAApdAi1Q/VghrwNUQ==' www.minecraftiplist.com static.minecraftiplist.com cdn.usefathom.com www.google.com www.gstatic.com ajax.cloudflare.com 'sha256-y9s25RsLPa2trJEpWyD3Cbug+SAgQzHVYgBcTbikMwI='; 1
base-uri 'self';default-src 'none';form-action 'self';frame-ancestors 'self' https://cms.messe-friedrichshafen.de;img-src 'self' cdn.messe-friedrichshafen.de/ *.google-analytics.com/ *.usercentrics.eu/ *.vimeocdn.com/ *.googlesyndication.com/ *.google.com/ads/ *.doubleclick.net/ *.cloudfront.net/ *.youtube.com/ *.ytimg.com/ *.mapsindoors.com/ data: blob:;script-src 'self' 'unsafe-eval' blob:;script-src-elem 'self' 'unsafe-inline' *.google-analytics.com/ *.usercentrics.eu/ *.googletagmanager.com/ *.doubleclick.net/ *.googlesyndication.com/ *.googletagservices.com  *.google.com/recaptcha/ *.gstatic.com/ *.calendly.com/ *.mapbox.com/ *.mapsindoors.com/ *.surveyhero.com/ blob:;script-src-attr 'self' 'unsafe-inline';style-src 'self' *.mapbox.com/ *.mapsindoors.com/;style-src-elem 'self' 'unsafe-inline' *.mapbox.com/ *.mapsindoors.com/;style-src-attr 'self' 'unsafe-inline';font-src 'self' data:;media-src 'self' cdn.messe-friedrichshafen.de/;frame-src 'self' *.vimeo.com/ *.youtube.com/ *.youtube-nocookie.com/ *.usercentrics.eu/ *.doubleclick.net/ *.googlesyndication.com/ *.google.com/ *.issuu.com/ *.presslive.de/ calendly.com/ *.umfrageonline.com/;connect-src 'self' *.google-analytics.com/ *.usercentrics.eu/ *.doubleclick.net/ *.googlesyndication.com/ *.mapbox.com/ *.mapsindoors.com/ 1
font-src *.fontawesome.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.wesupply.xyz *.typeform.com *.facebook.com *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com *.facebook.com *.klaviyo.com v2assets.zopim.io *.zopim.io weltpixel.com www.weltpixel.com *.magento.com *.googletagmanager.com *.doubleclick.net *.filestackapi.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw hn.inspectlet.com *.twitter.com t.co maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com ajax.googleapis.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com load.stracking.weltpixel.com stracking.weltpixel.com *.cloudflare.com *.cloudflareinsights.com *.doubleclick.net *.zdassets.com *.usefomo.com *.fomo.com *.google.com *.gstatic.com *.vimeo.com *.googleoptimize.com *.inspectlet.com https://tracking.weltpixel.com static-tracking.klaviyo.com *.ads-twitter.com maps.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com weltpixel.com www.weltpixel.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google-analytics.com *.facebook.net https://www.google-analytics.com capig.weltpixel.com load.stracking.weltpixel.com stracking.weltpixel.com *.klaviyo.com *.a.klaviyo.com *.facebook.com *.zopim.com wss://widget-mediator.zopim.com *.doubleclick.net *.zdassets.com *.zendesk.com *.usefomo.com *.fomo.com https://tracking.weltpixel.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.com.kh *.google.cd *.google.cf *.google.cat *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gf *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gp *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.iq *.google.ie *.google.co.il *.google.im *.google.co.in *.google.io *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.com.lc *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.ne *.google.com.nf *.google.com.ng *.google.com.ni *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pk *.google.com.pa *.google.com.pe *.google.com.ph *.google.pl *.google.com.pg *.google.pn *.google.co.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.rs *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.sm *.google.so *.google.st *.google.sr *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tk *.google.tl *.google.tm *.google.to *.google.tn *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.co.za *.google.co.zm *.google.co.zw *.inspectlet.com wss://ws.inspectlet.com/ *.ads-twitter.com *.twitter.com t.co 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://woof.group; img-src 'self' https: data: blob: https://woof.group; style-src 'self' https://woof.group 'nonce-ymJpLsvSqS+eOy8bVhy36Q=='; media-src 'self' https: data: https://woof.group; frame-src 'self' https:; manifest-src 'self' https://woof.group; form-action 'self'; child-src 'self' blob: https://woof.group; worker-src 'self' blob: https://woof.group; connect-src 'self' data: blob: https://woof.group https://files.woof.group wss://woof.group; script-src 'self' https://woof.group 'wasm-unsafe-eval' 1
script-src *.pinterest.com ssl.gstatic.com *.hotjar.com *.google-analytics.com *.googletagmanager.com www.instagram.com js.stripe.com code.jquery.com *.qrplanet.com *.qrd.by *.qr1.at maps.googleapis.com maps.google.com maps.gstatic.com *.facebook.net *.twitter.com *.tawk.to cdnjs.cloudflare.com cdn.datatables.net ajax.cloudflare.com data: blob: 'unsafe-inline' 'unsafe-eval' 'self';                              connect-src *.google-analytics.com *.qrplanet.com *.qr1.at *.qrd.by jungidee.at *.googleapis.com *.facebook.com *.tawk.to wss://*.tawk.to 'self';                                     img-src *.pinterest.com i.pinimg.com *.google.at *.google.com *.google-analytics.com app.statuscake.com *.qrplanet.com *.qrd.by *.qr1.at s3.amazonaws.com maps.gstatic.com maps.googleapis.com maps.google.com secure.gravatar.com s.w.org tawk.link *.tawk.to cdn.jsdelivr.net media.licdn.com *.fbcdn.net *.fbsbx.com *.twitter.com *.facebook.com *.google.com blob: data: 'self';                                         style-src *.qrplanet.com *.qrd.by *.qr1.at *.tawk.to cdn.jsdelivr.net fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net 'unsafe-inline' 'self';                                            font-src *.tawk.to fonts.gstatic.com fonts.googleapis.com data: * 'self';                                   default-src * data: blob:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Ki31Qc4802yEAx19+iMDIZ2zcIMxx3s2xwPB4ACsy9Z57tCj' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'unsafe-inline' http: https:;object-src 'none';base-uri 'none';report-uri 'https://prixa.net'; 1
frame-ancestors 'self' shop.staging.bitocloud.net 1
default-src 'self' 'unsafe-inline' https: blob: wss: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ; img-src 'self' data: https: ; font-src 'self' data: https: ; frame-ancestors 'self' https://cms.chanbrothers.com; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com *.google-analytics.com https://www.youtube.com/iframe_api https://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net https://floridahousing.org/Scripts/js/jquery.resizer.min.js https://translate.googleapis.com https://translate.google.com https://ajax.googleapis.com https://*.googleapis.com https://www.googletagmanager.com https://cdn.raygun.io/raygun4js/raygun.min.js https://www.floridahousing.org/ https://cdn.userway.org/widget.js elmahio.min.js https://www.floridahousing.org/Scripts/elmahio.min.js api.elmah.io *.userway.org https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/js/bootstrap.min.js 'self' web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://cdn.userway.org/widget.js *.userway.org https://maxcdn.bootstrapcdn.com/bootstrap/3.4.1/css/bootstrap.min.css 'self' web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://translate.google.com https://www.google.com https://cdn.userway.org/widget.js *.userway.org 'self' web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.userway.org; frame-src https://apps.floridahousing.org/ https://floridahousing.sharefile.com/ https://www.youtube.com/embed/QVXAam3CHi8 https://www.youtube.com/embed/lI6PG4UCm6I https://player.vimeo.com/video/389876939 https://www.youtube.com/embed/70sD1sJXHnM https://cdn.userway.org/widget.js api.elmah.io *.userway.org https://floridahousing.org/demo3.html https://www.youtube.com/embed/4vsmv-0AK8Y https://www.youtube.com/embed/Gb4b9gwNl8g https://www.youtube.com/embed/rolim_U_-J8 https://www.youtube.com/embed/Sj_3UTzBYbU https://www.youtube.com/embed/u0XFzHNcF6Y https://www.youtube.com/embed/59yHsKUQBf0 https://www.youtube.com/embed/111W_B9GiM8 https://www.youtube.com/embed/_4n68faqZS0 https://www.youtube.com/embed/_Ng1nHd_rBE https://www.youtube.com/embed/1s9RPndjEOg https://www.youtube.com//embed/2vhz6vbG8js 'self' web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://floridahousing.org/Scripts/js/jquery.resizer.min.js https://translate.google.com https://ajax.googleapis.com https://*.googleapis.com *.google-analytics.com apis.google.com https://translate.googleapis.com https://stats.g.doubleclick.net https://cdn.userway.org/widget.js api.elmah.io *.userway.org 'self' forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://cdn.userway.org/widget.js *.userway.org 'self' web-chat.nativechat.com 1
frame-ancestors 'self' *.deventre.com *.preprodentre.com *.entreblueprint.com *.entreinstitute.com *.entreinstitute.loc *.theentreinstitute.com app.entresoft.com classwithjeff.loc trackcmp.net successpathmasterclass.com www.successpathmasterclass.com theentreinstitute.com www.entredigest.com www.entrenewsletter.com www.entresuccesspath.com www.theentrepalooza.com www.entreunlimited.com www.entrepropulsion.com www.entregrowthclub.com app.gohighlevel.com www.entresdna.com www.entressuccessdna.com www.entrefreedombusiness.com 1
frame-ancestors 'self' *.bankofmissouri.com *.zagclients.net 1
default-src 'self'; frame-ancestors 'self'; font-src 'self' data: fonts.gstatic.com cloud.typography.com *.companies.gov.nu *.cwp.govt.nz *.companiesoffice.govt.nz; form-action 'self' *.facebook.com *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu; frame-src 'self' d3f5l8ze0o4j2m.cloudfront.net *.google.com *.youtube.com *.youtube-nocookie.com *.fls.doubleclick.net *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu vars.hotjar.com *.societies.govt.nz *.vimeo.com *.facebook.com; child-src 'self' d3f5l8ze0o4j2m.cloudfront.net *.google.com *.youtube.com *.youtube-nocookie.com *.fls.doubleclick.net *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu *.societies.govt.nz *.vimeo.com *.facebook.com; img-src 'self' data: *.ytimg.com *.google.com *.gstatic.com *.google.co.nz *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.fls.doubleclick.net *.cwp.govt.nz *.companiesoffice.govt.nz script.hotjar.com *.companies.gov.nu d3f5l8ze0o4j2m.cloudfront.net; media-src 'self' *.youtube.com *.youtube-nocookie.com *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: d3f5l8ze0o4j2m.cloudfront.net *.gstatic.com *.google.com *.google.co.nz *.script.hotjar.com script.hotjar.com static.hotjar.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.ytimg.com stats.g.doubleclick.net *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu; style-src 'self' 'unsafe-inline' *.googleapis.com *.typography.com *.google.com *.google.co.nz *.youtube.com *.youtube-nocookie.com *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu; base-uri 'self'; object-src 'none'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.in.hotjar.com *.hotjar.com wss://*.hotjar.com *.cwp.govt.nz *.companiesoffice.govt.nz *.companies.gov.nu *.ext.wd.govt.nz:8380; manifest-src 'self'; 1
default-src 'self' https://*.hotjar.com *.google-analytics.com www.googletagmanager.com www.youtube.com stats.g.doubleclick.net in.hotjar.com wss://*.hotjar.com *.hotjar.com vc.hotjar.com vc.hotjar.io; child-src 'self' www.youtube.com player.vimeo.com www.google.com vars.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hotjar.com s.ytimg.com www.googletagmanager.com *.google-analytics.com www.google.com www.gstatic.com www.youtube.com  www.perplex.nl ajax.aspnetcdn.com player.vimeo.com https://www.googleoptimize.com static.hotjar.com script.hotjar.com vars.hotjar.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com; img-src 'self' data: services.perplex.eu https://*.hotjar.com www.googletagmanager.com *.google-analytics.com www.perplex.nl www.google.com www.google.nl stats.g.doubleclick.net; font-src 'self' data:; form-action 'self' secure.ogone.com https://*.hotjar.com; report-uri https://perplex.report-uri.com/r/default/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: *.christianjobs.com www.churchstaffing.com *.churchstaffing.com www.childrens-ministry-deals.com childrens-ministry-deals.com support.salemchurchproducts.com conversations.app-us1.com *.ably.io realtime.ably.io *.ably-realtime.com trackcmp.net n.clarity.ms *.stripe.com *.survicate.com youthworker.com www.youthworker.com *.app-us1.com scpmedia.activehosted.com *.braintreegateway.com js.braintreegateway.com *.renewedvision.com *.livechatinc.com *.livechat.com livechat.com *.stackadapt.com *.srv.stackadapt.com *.unpkg.com unpkg.com *.clarity.ms api.sermonsearch.com *.crazyegg.com *.gstatic.com lightboxapi1.azurewebsites.net lightboxapi2.azurewebsites.net lightboxapi3.azurewebsites.net *.googleadservices.com *.swncdn.com salemchurchproducts.s3.amazonaws.com *.google.com *.bing.com *.facebook.com *.facebook.net connect.facebook.net *.google-analytics.com *.googletagmanager.com *.blueconic.net *.googleapis.com *.sitescout.com *.sermonspice.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.lightboxcdn.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.kissmetrics.com *.googlesyndication.com kit-free.fontawesome.com *.fontawesome.com *.yahoo.com srv3.wa.marketingsolutions.yahoo.com flex.atdmt.com *.atdmt.com widget.freshworks.com *.freshworks.com salemchurchproducts.freshdesk.com *.freshdesk.com cdn.linkedin.oribi.io api.omappapi.com *.omappapi.com snap.licdn.com *.linkedin.com googletagservices.com *.googletagservices.com whm.attn.tv *.attn.tv events.attentivemobile *.attentivemobile.com *.hellopastors.com fonts.bunny.net www.googletagmanager.com *.googletagmanager.com ;
	script-src 'self' 'unsafe-inline' blob: 'unsafe-eval' data: api.sermonsearch.com www.youthworker.com youthworker.com *.unpkg.com unpkg.com api.omappapi.com *.omappapi.com www.childrens-ministry-deals.com childrens-ministry-deals.com *.sitescout.com *.sermonspice.com *.gstatic.com *.lightboxcdn.com *.googleapis.com bid.g.doubleclick.net *.google.com pubads.g.doubleclick.net *.s3.amazonaws.com worshiphousemedia.s3.amazonaws.com *.google-analytics.com *.salemwebnetwork.com *.facebook.com *.facebook.net *.googlesyndication.com *;
	img-src 'unsafe-inline' 'unsafe-eval' data: *;
	frame-src 'unsafe-inline' 'unsafe-eval' data: youthworker.com www.youthworker.com www.churchstaffing.com *.churchstaffing.com www.childrens-ministry-deals.com childrens-ministry-deals.com api.sermonsearch.com *.sitescout.com ct.pinterest.com *.worshiphousemedia.com worshiphousemedia.com *.salemchurchproducts.com *.salemwebnetwork.com *.ubembed.com *.bootstrapcdn.com *.jwpcdn.com fonts.gstatic.com *.s3.amazonaws.com salemmediagroup.blueconic.net *.g.doubleclick.net *.lightboxcdn.com *.kissmetrics.com *.facebook.com *.googlesyndication.com www.googletagmanager.com *.googletagmanager.com *;
	style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com *; 1
media-src 'self' media.securedrop.org; form-action 'self'; object-src 'self' media.securedrop.org; style-src 'self' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='; default-src 'self'; style-src-attr 'self' 'unsafe-hashes' 'sha256-ZdHxw9eWtnxUb3mk6tBS+gIiVUPE3pGM470keHPDFlE='; img-src 'self' analytics.freedom.press media.securedrop.org; frame-ancestors 'self'; connect-src 'self' analytics.freedom.press media.securedrop.org; base-uri 'self'; frame-src 'self' media.securedrop.org; script-src 'self' 'unsafe-eval' analytics.freedom.press; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 1
frame-ancestors *.bluebirdday.io *.bruynzeel.local *.bruynzeelkeukens.nl 1
frame-ancestors 'self' ailabtools.com *.ailabtools.com 1
default-src 'none'; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.xilo.net; object-src 'none'; style-src 'self' data: 'unsafe-inline' https://*.xilo.net; img-src 'self' blob: data: https://*.xilo.net; media-src 'self' data: https://*.xilo.net; frame-src *; font-src *; form-action 'self' https://*.xilo.net; connect-src 'self' https://*.xilo.net; prefetch-src 'self' https://*.xilo.net; manifest-src 'self' https://*.xilo.net; frame-ancestors 'self'; report-uri https://stats.xilo.net/ruri/r/d/csp/enforce 1
default-src 'self';script-src-attr 'unsafe-inline';script-src 'self' 'unsafe-inline' blob: https://snap.licdn.com https://*.googletagmanager.com https://tagmanager.google.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://unpkg.com https://*.freshchat.com https://*.freshworksapi.com https://static.cdn.prismic.io https://prismic.io https://widgets.tree-nation.com https://tree-nation.com https://html2canvas.hertzen.com https://eu.posthog.com;object-src 'none';style-src 'self' 'unsafe-inline' https://*.freshchat.com https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' data: https: https://ssl.gstatic.com https://www.gstatic.com https://*.doubleclick.net https://*.google.com;media-src 'none';frame-src https://*.doubleclick.net https://*.freshchat.com https://*.prismic.io https://widgets.tree-nation.com https://www.youtube.com https://app.moreapp.com;connect-src 'self' https://*.doubleclick.net https://unpkg.com https://tree-nation.com https://eu.posthog.com https://eu.i.posthog.com;font-src 'self' data: https://fonts.gstatic.com;upgrade-insecure-requests;base-uri 'self';form-action 'self';frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' policy.cookiereports.com www.google.com www.gstatic.com *.google-analytics.com *.googletagmanager.com https://cct.google https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://*.hotjar.com https://js.monitor.azure.com https://snap.licdn.com https://policy.cookiereports.com https://view.ceros.com https://www.research-tree.com https://player.vimeo.com https://protect-eu.mimecast.com https://sites-dwf.vuturevx.com https://www.vimeo.com https://vimeo.com https://www.youtube.com; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.hotjar.com https://*.hotjar.io wss://ws.hotjar.com https://dc.services.visualstudio.com https://policy.cookiereports.com https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com; img-src 'self' data: *.linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.vimeocdn.com *.ytimg.com https://www.omnycontent.com https://optimize.google.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://protect-eu.mimecast.com https://sites-dwf.vuturevx.com https://optimize.google.com; base-uri 'self'; object-src 'self'; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://sites-dwf.vuturevx.com; frame-src 'self' player.vimeo.com www.google.com *.googletagmanager.com https://irs.tools.investis.com https://otp.tools.investis.com https://view.ceros.com https://embed.chartblocks.com https://www.research-tree.com https://sites-dwf.vuturevx.com https://cdn.yoshki.com https://www.youtube.com https://www.hapyak.com https://omny.fm https://optimize.google.com; 1
frame-ancestors 'self' http://www.iffas.org; 1
frame-src 'self' https://www.google.com https://www.google.com/ https://google.com https://open.spotify.com https://www.youtube.com https://d36lrn9dho6j02.cloudfront.net data:; img-src * blob: 'self' data: https:; 1
upgrade-insecure-requests; default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob: https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com; style-src data: 'unsafe-inline' https: https://optimize.google.com https://fonts.googleapis.com; img-src data: https: blob: android-webview-video-poster: https://www.google-analytics.com https://www.googletagmanager.com https://optimize.google.com; font-src data: https: https://fonts.gstatic.com; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:; form-action https:; frame-ancestors https://vnbusiness.vn https://*.vnbusiness.vn 1
default-src 'self' www.gravatar.com *.hotjar.com player.vimeo.com *.vimeocdn.com *.googleapis.com *.google.com youtube.com *.cloudfront.net *.youtube.com *.blackbaudhosting.com www.eventbrite.co.uk *.marker.io *.simplybook.cc payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.aspnetcdn.com feeds.trac.jobs static.trac.jobs *.hotjar.com ajax.googleapis.com cdnjs.cloudflare.com *.browsealoud.com *.bugherd.com *.googletagmanager.com *.google-analytics.com *.cloudfront.net *.luckyorange.net *.blackbaudhosting.com *.smartthing2.com *.smartthing.org *.blackbaud.com widget.simplybook.cc http://localhost:* www.cqc.org.uk feeds.testing.trac.jobs www.eventbrite.co.uk *.marker.io www.google.com www.gstatic.com consentcdn.cookiebot.com consent.cookiebot.com app.cloudpano.com www.googleoptimize.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com feeds.trac.jobs static.trac.jobs cdnjs.cloudflare.com fast.fonts.net *.smartthing2.com *.smartthing.org *.cloudfront.net *.blackbaudhosting.com www.cqc.org.uk *.marker.io; img-src 'self' data: blob: www.gravatar.com *.christie.nhs.uk img.youtube.com i.ytimg.com *.justgiving.com feeds.trac.jobs static.trac.jobs *.browsealoud.com *.googleapis.com *.staticflickr.com *.cloudfront.net *.google-analytics.com *.googletagmanager.com *.cdninstagram.com *.blackbaudhosting.com www.cqc.org.uk *.umbraco.com *.marker.io; font-src 'self' fonts.gstatic.com cdnjs.cloudflare.com fast.fonts.net data: fonts.googleapis.com; connect-src 'self' *.browsealoud.com feeds.trac.jobs static.trac.jobs *.smartthing2.com *.smartthing.org *.luckyorange.net *.hotjar.com *.google-analytics.com *.doubleclick.net wss: http://localhost:* *.umbraco.com *.marker.io *.amazonaws.com payments.blackbaud.com consentcdn.cookiebot.com app.cloudpano.com content.hotjar.io; worker-src 'self' blob:; 1
frame-ancestors self https://rocketjobs.pl https://*.rocketjobs.pl 1
img-src https: data: blob: 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; frame-src *; object-src * 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com typesquare.com flightbookings.airnewzealand.co.nz player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com static.hotjar.com script.hotjar.com s.swiftypecdn.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com static.hotjar.com script.hotjar.com s.swiftypecdn.com 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com wf.typesquare.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com data: 'self'; media-src 'self' p-airnz.com video.cdnvue.com ; frame-src 'self' *.google.com nz.fltmaps.com player.youku.com v.qq.com player.vimeo.com www.youtube.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com vars.hotjar.com nebula-cdn.kampyle.com sec.windcave.com uat.windcave.com www.airnewzealand.co.nz/payment/scripts/done.html oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com l.typesquare.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://widget.timatic.iata.org/api/ sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'none'; report-uri /csp-report 1
frame-ancestors 'self' https://manage.plantservices.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-RIvqt6S8wPxkE4FrE4OAsg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
upgrade-insecure-requests;font-src 'self' data: blob: mediastream: http://*.uni-kiel.de https://*.uni-kiel.de; 1
font-src fonts.gstatic.com *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com css.zohocdn.com css.zohostatic.com https://fonts.gstatic.com *.vapewholesaleusa.com https://vapewholesaleusa.com https://elftank.vapewholesaleusa.com https://tokenization.accept.blue data: 'self' 'unsafe-inline'; form-action *.authorize.net 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com *.authorize.net *.weltpixel.com *.google.com *.vapewholesaleusa.com https://vapewholesaleusa.com https://elftank.vapewholesaleusa.com https://tokenization.accept.blue 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com flagpedia.net https://omnisnippet1.com https://wt.soundestlink.com store.paradoxlabs.com www.google.nl www.google.us stats.g.doubleclick.net http://www.google-analytics.com www.qstatic.com salesiq.zohopublic.com css.zohocdn.com *.vapewholesaleusa.com forms.soundestlink.com formsv2.soundestlink.com track.hubspot.com forms.hsforms.com www.google.com.ua shareasale.com forms.hscollectedforms.net https://vapewholesaleusa.com https://elftank.vapewholesaleusa.com https://tokenization.accept.blue maps.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.ampproject.org raw.githubusercontent.com *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.avada.io maps.googleapis.com https://omnisnippet1.com https://forms.soundestlink.com *.authorize.net sandbox-assets.secure.checkout.visa.com salesiq.zoho.com js.zohocdn.com js.zohostatic.com http://www.google-analytics.com *.google.com www.google.us https://maps.googleapis.com static.zohocdn.com *.vapewholesaleusa.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com www.dwin1.com https://app.omnisend.com https://vapewholesaleusa.com https://elftank.vapewholesaleusa.com https://tokenization.accept.blue https://www.googletagmanager.com tagmanager.google.com ajax.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.gstatic.com css.zohocdn.com css.zohostatic.com *.googleapis.com https://www.gstatic.com *.vapewholesaleusa.com https://vapewholesaleusa.com https://elftank.vapewholesaleusa.com https://tokenization.accept.blue tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com cdn.ampproject.org *.googleapis.com https://get.geojs.io *.avada.io www.gstatic.com maps.googleapis.com *.authorize.net forms.soundestlink.com salesiq.zohopublic.com vts.zohopublic.com wss://vts.zohopublic.com stats.g.doubleclick.net *.analytics.google.com www.google.nl www.google.us *.google-analytics.com https://www.gstatic.com https://stats.g.doubleclick.net *.vapewholesaleusa.com forms.hscollectedforms.net https://vapewholesaleusa.com https://elftank.vapewholesaleusa.com https://tokenization.accept.blue https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' blob: plentycar.ru plentycom.ru m.plentycar.ru  *.plentycar.ru *.plentycom.ru plentycar.bitrix24.ru *.cdnvideo.ru *.youtube.com youtu.be *.bootstrapcdn.com api-maps.yandex.ru counter.yadro.ru *.googlesyndication.com adservice.google.ru yastatic.net adservice.google.com *.googletagservices.com ajax.googleapis.com api.pdftron.com pdfnet.s3.amazonaws.com fonts.googleapis.com img.yandex.ru informer.yandex.ru kraken.rambler.ru mc.yandex.ru scounter.rambler.ru *.maps.yandex.net *.bitrix24.ru *.bitrix24.com wss://*.bitrix24.ru wss://*.bitrix24.com  *.doubleclick.net *.google-analytics.com *.liveinternet.ru partscatalog.deere.com fonts.gstatic.com woocommerce.com wordpress.org *.cloudfront.net *.gravatar.com vk.com *.w.org *.themes.zone *.jquery.com *.jsdelivr.net docs.google.com cdnjs.cloudflare.com antisovetnic.ru *.googletagmanager.com goodmod.ru data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; frame-ancestors *; object-src 'none'; worker-src 'self' blob:; connect-src 'self' https://cdn.inlinemanual.com https://analytics.inlinemanual.com https://www.googleapis.com https://api.rollbar.com https://app.launchdarkly.com https://events.launchdarkly.com https://web.delighted.com wss://ws.pusherapp.com/app/7fa7ab308aa09e4f2ae1 https://browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://api.rudderstack.com https://neuroflow-dataplane.rudderstack.com https://dev-neuroflow.us.auth0.com https://sandbox-neuroflow.us.auth0.com https://prod-neuroflow.us.auth0.com https://api.x.flatfile.com https://platform.flatfile.com; script-src 'self' 'sha256-EkyF7d6utoX8SkizhXCB3jKkUnVRvEugyIhEyadGMKk=' https://cdn.inlinemanual.com https://analytics.inlinemanual.com https://d2yyd1h5u9mauk.cloudfront.net/integrations/web/v1/library/ https://www.datadoghq-browser-agent.com https://cdn.rudderlabs.com/v1.1/rudder-analytics.min.js https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.youtube.com; media-src 'self' https://s3.amazonaws.com/neuroflow-audio-repository/ https://neuroflow.mhl.psychhub.com/; frame-src 'self' https://www.youtube.com https://www.google.com https://portal-2.flatfile.io https://platform.flatfile.com https://spaces.flatfile.com;img-src 'self' data: https://*.ytimg.com https://dwwvg90koz96l.cloudfront.net/images/brands/ https://neuroflow-comic-repository.s3.amazonaws.com https://neuroflow-root-shared-resources-use1.s3.amazonaws.com https://prod-neuroflow-document-uploads-usw2.s3.amazonaws.com https://neuroflow-inline-manual-files.s3-us-west-2.amazonaws.com https://neuroflow-inline-manual-files.s3.us-west-2.amazonaws.com https://purecatamphetamine.github.io/country-flag-icons/ https://neuroflow.mhl.psychhub.com/; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; font-src 'self' https://use.typekit.net data:; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub96a3f08ad5b1174e57f253b25f57f467&dd-evp-origin=content-security-policy&ddsource=csp-report; 1
frame-ancestors 'self' https://*.wefox.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' pathward.com *.pathward.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com assets.adobedtm.com *.go-mpulse.net cdn.cookielaw.org *.vimeocdn.com *.marketo.net *.doubleclick.net *.vimeo.com; style-src 'self' 'unsafe-inline' pathward.com *.pathward.com https://cdn.fonts.net www.gstatic.com *.vimeocdn.com; img-src 'self' data: pathward.com *.pathward.com *.112.2o7.net *.doubleclick.net www.googletagmanager.com *.cookielaw.org www.gstatic.com *.vimeocdn.com; connect-src *.cookielaw.org *.pathward.com *.go-mpulse.net www.google.com www.google-analytics.com https://google.com *.mktoresp.com *.akstat.io *.vimeo.com *.vimeocdn.com *.akamaihd.net *.akamaized.net *.demdex.net; frame-src 'self' pathward.com *.pathward.com www.google.com www.googletagmanager.com *.doubleclick.net *.vimeo.com *.demdex.net; font-src 'self' *.gstatic.com; media-src 'self' blob: *.vimeo.com 1
default-src 'self' support.yare.hk; script-src 'self' 'unsafe-inline' support.yare.hk ajax.cloudflare.com ; img-src 'self'  support.yare.hk; style-src 'self' 'unsafe-inline'  support.yare.hk; font-src 'self'  support.yare.hk; frame-src 'self'  same-origin www.paypal.com payment.ecpay.com.tw  support.yare.hk ;  report-uri /plugins/csp-report.php ; 1
default-src 'self' data: https: 'unsafe-eval' 'unsafe-inline'; img-src * 'self' data: https:; 1
upgrade-insecure-requests 1
frame-ancestors 'self' https://*.toyota.at https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
report-to 'self' ; child-src 'self'  'unsafe-inline' self; connect-src 'self'  'unsafe-inline' self *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net *.github.io  *.google-analytics.com *.wpengine.com yoast.com *.google.com *.g.doubleclick.net ; default-src 'self' self; font-src 'self'  'unsafe-inline'  self *.gstatic.com *.bootstrapcdn.com data: fonts.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com *.gstatic.com *.bootstrapcdn.com ; form-action 'self' ; frame-src 'self'  'unsafe-inline'  self *.g.doubleclick.net *.google.com *.fls.doubleclick.net blob: www.google.com www.youtube.com esg.churchgatepartners.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ; frame-ancestors 'self' ; img-src 'self'  'unsafe-inline' self *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com data: ts.w.org s.w.org ps.w.org cdnjs.cloudflare.com www.abfrl.com  *.googletagmanager.com *.w.org *.gravatar.com *.google.com *.google-analytics.com *.gstatic.com ; manifest-src 'self' ; media-src 'self'  s.w.org; object-src 'self' ; script-src 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com kenwheeler.github.io cdn.datatables.net js.stripe.com www.abfrl.com  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-elem 'self'  'unsafe-inline' self *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.datatables.net js.stripe.com www.abfrl.com kenwheeler.github.io  *.g.doubleclick.net *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com ; script-src-attr 'self' ; style-src 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-elem 'self'  'unsafe-inline' self *.googleapis.com *.gstatic.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com datatables.net fonts.bunny.net maxcdn.bootstrapcdn.com www.abfrl.com  *.googleapis.com *.gstatic.com ; style-src-attr 'self'  'unsafe-inline' ; worker-src 'self'  'unsafe-inline'  blob:; 1
scriptt-src 'self'; 1
frame-ancestors 'self' *.byk.com *.etracker.com; object-src 'none'; 1
default-src 'self' segment.okta.com *.oktacdn.com; connect-src 'self' segment.okta.com segment-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com segment.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' segment.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' segment.okta.com *.oktacdn.com; frame-src 'self' segment.okta.com segment-admin.okta.com login.okta.com com-okta-authenticator: api-3bdc2f77.duosecurity.com; img-src 'self' segment.okta.com *.oktacdn.com https://ok4static.oktacdn.com/fs/bcg/4/gfs2pudo8tevoBTe31t7 *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' segment.okta.com data: *.oktacdn.com fonts.gstatic.com 1
font-src *.gstatic.com static.klaviyo.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.google.com api.livechatinc.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io bat.bing.com *.gstatic.com cdn.livechat-files.com cdn.livechat-static.com api.livechatinc.com https://images.unsplash.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com cdn.attn.tv bat.bing.com cdnjs.cloudflare.com cdn.avmws.com ssl.avmws.com js-agent.newrelic.com *.sandbox.google.com *.google.com/pay cdn.livechatinc.com api.livechatinc.com *.turnto.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ connect.facebook.net *.googletagmanager.com *.googleadservices.com *.google-analytics.com cdn.jsdelivr.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline static-tracking.klaviyo.com static.klaviyo.com cdn.livechatinc.com api.livechatinc.com *.googleapis.com *.cloudflare.com *.turnto.com https://static.klaviyo.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com cdn.attn.tv cdn.livechat-files.com cdn.livechat-static.com api.livechatinc.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com events.attentivemobile.com outdoorgearexchange.attn.tv ssl.avmws.com *.sandbox.braintree-api.com/graphql *.google.com *.google.com/about/redirect *.sandbox.google.com api.livechatinc.com *.arizonreports.cloud *.turnto.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com https://imgs.signifyd.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' https: api.addressnow.co.uk 1
block-all-mixed-content; frame-ancestors *.destromacro.com.br 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MmU3ODAzNzc4MDcyNDVjMjgwODFkZTVjN2FmZTcwODI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.algemenebestuursdienst.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.algemenebestuursdienst.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.algemenebestuursdienst.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self'; report-uri https://timeteam.report-uri.com/r/d/csp/enforce; report-to default 1
default-src 'self' https://app.kontent.ai; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://*.mailstation.de https://mailstation.de; report-uri https://mailstation.report-uri.com/r/d/csp/wizard 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.consozial.de *.powtech-technopharm.com *.kommunale.de *.googlesyndication.com ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.doubleclick.net connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com data: ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
default-src 'self' *.wikiforge.net *.wikitide.org;  script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.wikiforge.net *.wikitide.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com www.google.com platform.twitter.com hcaptcha.com *.hcaptcha.com code.jquery.com cdn.jsdelivr.net;  style-src 'self' data: 'unsafe-inline' *.wikiforge.net *.wikitide.org *.wikimedia.org *.wikipedia.org *.wikibooks.org *.wiktionary.org *.wikiquote.org *.wikisource.org *.wikiversity.org *.wikinews.org *.wikivoyage.org mediawiki.org www.mediawiki.org wikidata.org www.gstatic.com fonts.googleapis.com cdn.jsdelivr.net fastly.jsdelivr.net platform.twitter.com ton.twimg.com hcaptcha.com *.hcaptcha.com cdnjs.cloudflare.com;  img-src blob: 'self' data: *.wikiforge.net *.wikitide.org upload.wikimedia.org wikimedia.org maps.google.com www.gstatic.com maxcdn.bootstrapcdn.com *.twimg.com i.imgur.com image.tmdb.org *.googleusercontent.com *.fontawesome.com mirrors.creativecommons.org www.gnu.org cdn.geogebra.org scratchblocks.github.io tile.openstreetmap.org *.tile.openstreetmap.org cdn.discordapp.com discordapp.com;  font-src 'self' data: *.wikiforge.net *.wikitide.org fonts.gstatic.com cdn.jsdelivr.net fastly.jsdelivr.net db.onlinewebfonts.com upload.wikimedia.org cdnjs.cloudflare.com;  media-src 'self' blob: *.wikiforge.net *.wikitide.org upload.wikimedia.org *.youtube.com *.youtube-nocookie.com;  frame-src 'self' *.wikiforge.net *.wikitide.org www.google.com docs.google.com web.libera.chat *.youtube-nocookie.com www.youtube.com platform.twitter.com discord.com discordapp.com syndication.twitter.com www.gofundme.com archive.org query.wikidata.org www.bing.com hcaptcha.com *.hcaptcha.com player.vimeo.com;  connect-src 'self' *.wikiforge.net *.wikitide.org www.wikidata.org *.wikipedia.org www.mediawiki.org *.wikimedia.org *.wikinews.org *.wiktionary.org cdn.jsdelivr.net storage.googleapis.com *.youtube-nocookie.com hcaptcha.com *.hcaptcha.com; 1
frame-ancestors https://*.adobeaemcloud.com https://*.sfmc-content.com; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://*.sirv.com https://cdn.soft8soft.com https://*.se.com http://*.usersnap.com https://sisense.dev https://trackcmp.net https://prism.app-us1.com https://diffuser-cdn.app-us1.com https://www.googleadservices.com https://cdn.behamics.com https://cdn.mouseflow.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 1
frame-ancestors 'self' *.ergodirekt.de:* *.ergo.com:* *.ergo:* *.ergo.de *.ergocarbon.com *.ergo-reiseversicherung.de *.dkv.com; 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://*.sandcastlefs.com/ https://sandcastlefs.com/ https://www.googletagmanager.com/gtag/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/j/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://sandcastlefs.blob.core.windows.net/ https://sandcastlefsmedia.blob.core.windows.net https://maps.googleapis.com/maps/api/ https://*.gstatic.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://mapsresources-pa.googleapis.com/ https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net/ ; img-src 'self' data: https://sandcastlefs.blob.core.windows.net/ http://tile.openstreetmap.org/; 1
script-src 'self' 'unsafe-inline' https://kit.fontawesome.com/ https://*.ifvox.com/ https://d2rnkf2kqy5m6h.cloudfront.net/ https://cdn.mxpnl.com/ https://player.vimeo.com https://www.gstatic.com https://az416426.vo.msecnd.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.datatables.net https://www.google.com https://maxcdn.bootstrapcdn.com/;form-action 'self'; style-src 'self' 'unsafe-inline' https://maps.googleapis.com/  https://fonts.googleapis.com  https://cdn.datatables.net https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/;font-src 'self' https://ka-p.fontawesome.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com/; frame-ancestors 'self'; img-src 'self' https://*.googletagmanager.com/ https://cms.chathamcountyga.gov/ https://i.vimeocdn.com https://cccdn.blob.core.windows.net/ https://www.google-analytics.com/ https://i.ytimg.com https://ytimg.com 1
frame-ancestors 'self' decisely.com *.decisely.com 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.opennms.com *.opennms.ca wpengine.com forms.hsforms.com secure.gravatar.com track.hubspot.com forms-na1.hsforms.com px.ads.linkedin.com dify.wpengine.com updates.theme-fusion.com www.googletagmanager.com googleads.g.doubleclick.net analytics.google.com alb.reddit.com stats.g.doubleclick.net www.google.com www.google-analytics.com www.facebook.com no-cache.hubspot.com perf.hsforms.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com ray.st; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com ray.st; script-src-elem 'self' 'unsafe-inline' *.opennms.com *.opennms.ca www.google.com www.googletagmanager.com www.gstatic.com www.google-analytics.com www.googleadservices.com js.hs-scripts.com js.hsforms.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net snap.licdn.com js.hsadspixel.net ws.zoominfo.com www.redditstatic.com js.usemessages.com connect.facebook.net js.hscta.net cta-service-cms2.hubspot.com; frame-src 'self' www.google.com static.hsappstatic.net app.hubspot.com forms.hsforms.com www.facebook.com *.statuspage.io td.doubleclick.net cta-service-cms2.hubspot.com; connect-src 'self' forms.hubspot.com static.hsappstatic.net app.hubspot.com www.google-analytics.com js.hs-banner.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cdn.linkedin.oribi.io api.hubapi.com yoast.com my.wpengine.com forms.hscollectedforms.net ws.zoominfo.com analytics.google.com stats.g.doubleclick.net api.hubspot.com www.facebook.com www.redditstatic.com conversions-config.reddit.com px.ads.linkedin.com cta-service-cms2.hubspot.com; frame-ancestors 'self';  default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.opennms.com *.opennms.ca wpengine.com forms.hsforms.com secure.gravatar.com track.hubspot.com forms-na1.hsforms.com px.ads.linkedin.com dify.wpengine.com updates.theme-fusion.com www.googletagmanager.com googleads.g.doubleclick.net analytics.google.com alb.reddit.com stats.g.doubleclick.net www.google.com www.google-analytics.com www.facebook.com no-cache.hubspot.com perf.hsforms.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com ray.st; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com ray.st; script-src-elem 'self' 'unsafe-inline' *.opennms.com *.opennms.ca www.google.com www.googletagmanager.com www.gstatic.com www.google-analytics.com www.googleadservices.com js.hs-scripts.com js.hsforms.net js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net snap.licdn.com js.hsadspixel.net ws.zoominfo.com www.redditstatic.com js.usemessages.com connect.facebook.net js.hscta.net; frame-src 'self' www.google.com static.hsappstatic.net app.hubspot.com forms.hsforms.com www.facebook.com *.statuspage.io td.doubleclick.net cta-service-cms2.hubspot.com; connect-src 'self' forms.hubspot.com static.hsappstatic.net app.hubspot.com www.google-analytics.com js.hs-banner.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com cdn.linkedin.oribi.io api.hubapi.com yoast.com my.wpengine.com forms.hscollectedforms.net ws.zoominfo.com analytics.google.com stats.g.doubleclick.net api.hubspot.com www.facebook.com www.redditstatic.com conversions-config.reddit.com px.ads.linkedin.com cta-service-cms2.hubspot.com; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; img-src 'self' https: data: mediastream:; font-src 'self' 'none' 'unsafe-inline' 'unsafe-eval' https: data: blob:; upgrade-insecure-requests 1
base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.seloc.org; form-action 'self' https://*.seloc.org https://checkout.stripe.com https://androidpay.google.com https://pay.google.com https://www.paypal.com; connect-src 'self' https://*.seloc.org https://static.seloc.tv https://checkout.stripe.com https://embed.waze.com https://*.apple-mapkit.com https://maps.googleapis.com https://apis.google.com https://api.stripe.com https://translate.googleapis.com; report-uri https://forums.seloc.org/csp-hotline.php 1
default-src 'none'; default-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.simplybook.cc https://cdn.jsdelivr.net https://*.googletagmanager.com https://*.googletagmanager.com cdnjs.cloudflare.com https://translate-pa.googleapis.com/ https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://translate.googleapis.com https://translate.google.com https://maps.googleapis.com https://player.vimeo.com https://feeds.trac.jobs https://www.cqc.org.uk https://merseycare.enterpriseappointments.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com https://translate.googleapis.com https://www.gstatic.com https://feeds.trac.jobs https://www.cqc.org.uk; img-src * data:; connect-src 'self' https://translate-pa.googleapis.com/v1/translateHtml https://*.googletagmanager.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googletagmanager.com maps.googleapis.com https://saas.learninglocker.net https://metrics.articulate.com https://translate.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://vimeo.com https://feeds.trac.jobs; font-src 'self' data: https://fonts.gstatic.com; object-src 'self' blob:; frame-src 'self' *.simplybook.cc maps.google.com https://*.nhs.uk https://www.google.com https://content.googleapis.com https://content-analytics.googleapis.com https://www.youtube.com https://player.vimeo.com https://merseycare.enterpriseappointments.com https://e.issuu.com https://roundme.com 1
frame-ancestors www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca halifaxpubliclibraries.ca *.halifaxpubliclibraries.ca halifax.bibliocms.com *.halifax.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src www.halifaxpubliclibraries.ca *.www.halifaxpubliclibraries.ca halifaxpubliclibraries.ca *.halifaxpubliclibraries.ca halifax.bibliocms.com *.halifax.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'self' https://www.google-analytics.com https://www.facebook.com/ https://webto.salesforce.com https://www.youtube.com; font-src *; img-src 'self' blob: https://www.ford.com https://www.toyotacr.com https://i.ibb.co https://i.imgur.com https://corporate.ford.com https://pixel.sitescout.com https://pixel-a.basis.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://www.google.com https://www.google.co.cr https://googleads.g.doubleclick.net https://www.facebook.com/ https://cdn-api.toyotacr.com https://www.google-analytics.com https://pixel.sitescout.com https://pixel-a.basis.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://www.google.com https://www.google.co.cr https://googleads.g.doubleclick.net https://www.facebook.com/ https://cdn-api.toyotacr.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tpc.googlesyndication.com https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.js https://code.jquery.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://connect.facebook.net https://c1.rfihub.net/js/tc.min.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://static.site24x7rum.com/beacon/site24x7rum-min.js https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://platform.linkedin.com/in.js; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.materialdesignicons.com https://fonts.googleapis.com; frame-src 'self' data:  https://td.doubleclick.net https://tpc.googlesyndication.com https://pixel-a.basis.net https://pixel.sitescout.com https://www.google.com https://toyota-la.transparenttestdrive.com https://bid.g.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://*.rfihub.com; connect-src 'self' https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://www.facebook.com https://capig.toyotacr.com https://www.google-analytics.com https://stats.g.doubleclick.net https://col.site24x7rum.com https://maps.googleapis.com https://api-gateway.toyotacr.com https://analytics.google.com https://gtm-w59h9dt-zgnln.uc.r.appspot.com; 1
style-src * 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com www.mrdc.com http://www.google-analytics.com https://use.typekit.net https://script.hotjar.com/ https://assets.investisdigital.com ajax.googleapis.com js-agent.newrelic.com bam.nr-data.net https://static.hotjar.com/ https://px.ads.linkedin.com/ https://googleads.g.doubleclick.net/ https://www.venatorcorp.com https://venator.stage-use1.investis.com/ *.investis.com https://static.site24x7rum.eu https://stats.sa-as.com https://nexus.ensighten.com https://img04.en25.com https://assets.investisdigital.com https://connect.facebook.net https://www.google-analytics.com/ https://secure.leadforensics.com https://snap.licdn.com https://munchkin.marketo.net https://d.adroll.com/ https://s.adroll.com/; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' https://forms.hsforms.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://forms.hubspot.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://61283073.global.siteimproveanalytics.io https://forms.hubspot.com https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent00.net https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://track.hubspot.com https://www.google-analytics.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://forms.hsforms.com data:; object-src 'self'; frame-src 'self' https://forms.hsforms.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; 1
default-src 'self';object-src 'none';base-uri 'none';connect-src 'self' *.vercel-insights.com *.vercel.app *.qogita.com api.addressy.com api.segment.io api.smooch.io wss://api.smooch.io api.uptimerobot.com cdn.sanity.io cdn.segment.com fonts.googleapis.com media.smooch.io app.launchdarkly.com clientstream.launchdarkly.com events.launchdarkly.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu logs.browser-intake-datadoghq.eu https://browser-intake-datadoghq.eu hooks.zapier.com *.hubapi.com *.hs-banner.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com https://hubspot-forms-static-embed-eu1.s3.amazonaws.com px.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io *.facebook.com bat.bing.com *.clarity.ms *.doubleclick.net google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googlesyndication.com *.googletagmanager.com *.analytics.google.com *.google-analytics.com translate.google.com translate.googleapis.com www.gstatic.com *.openfpcdn.io vitals.vercel-insights.com prod-private-documents-qogita.s3.eu-central-1.amazonaws.com;form-action 'self' *.facebook.com *.hsforms.com;frame-src 'self' *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.hsforms.net *.hsforms.com *.doubleclick.net *.facebook.com widget.trustpilot.com *.googlesyndication.com sas.selleramp.com *.typeform.com;frame-ancestors 'self' *.storyblok.com;img-src 'self' data: blob: *.qogita.com *.vercel-insights.com *.vercel.app *.storyblok.com api.addressy.com api.segment.io api.smooch.io api.uptimerobot.com cdn.sanity.io cdn.segment.com media.smooch.io js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com px.ads.linkedin.com *.linkedin.com *.facebook.com *.clarity.ms *.bing.com *.google.com google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.g.doubleclick.net *.analytics.google.com *.googletagmanager.com *.google-analytics.com  fonts.googleapis.com translate.google.com translate.googleapis.com fonts.gstatic.com www.gstatic.com *.google-analytics.com;script-src 'self' *.qogita.com *.storyblok.com *.hsadspixel.net *.hs-analytics.net js.hscta.net static.hsappstatic.net *.hubspot.com *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com connect.facebook.net bat.bing.com *.clarity.ms snap.licdn.com *.googletagmanager.com *.googlesyndication.com *.googleadservices.com www.google.com *.google.com *.doubleclick.net widget.trustpilot.com *.cloudflareinsights.com 'sha256-49/hzu/6DmuFXBUa99HMiLqPObOg7ZWm7GL1v+RlGbw=' 'sha256-Ygk5UdlbMYGvQGchNc4TaM1W1gyvWs26/mpAc+kigVo=' 'sha256-yMMCBP0mrmNvJUPtOL1vmNgX+K0SePEVWjWNF3ViPbI=' 'report-sample';style-src 'self' 'unsafe-inline' *.vercel-insights.com *.vercel.app *.qogita.com api.addressy.com api.segment.io api.smooch.io api.uptimerobot.com cdn.sanity.io cdn.segment.com fonts.googleapis.com media.smooch.io translate.google.com translate.googleapis.com www.gstatic.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net 'report-sample';style-src-elem 'self' 'unsafe-inline' www.gstatic.com fonts.googleapis.com 'report-sample';style-src-attr 'self' 'unsafe-inline' 'report-sample';child-src *.hsforms.com;media-src 'self' data: qogita-prod.imgix.video stream.media.imgix.video;font-src data: fonts.gstatic.com github.com *.qogita.com admin.fbamultitool.com fonts.cdnfonts.com;worker-src 'self' blob: *.hsforms.net *.hsforms.com;report-uri https://csp-report.browser-intake-datadoghq.eu/api/v2/logs?dd-api-key=pub49c2e7225909645d16c0e630b821edff&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Awww.qogita.com%2Cenv%3Aprod 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-de0e8114e8a44b5d9fbd50175788610d' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src *; style-src 'self' https://www.jugendschutz.net 'unsafe-inline'; script-src 'self' https://www.jugendschutz.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://www.jugendschutz.net data:; 1
connect-src 'self' 'unsafe-inline' *.garvan.org.au *.algolia.net *.algolianet.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://maps.googleapis.com https://noembed.com https://payments.blackbaud.com/api/Checkout *.blackbaud.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com *.contentstack.io https://pagead2.googlesyndication.com *.googlesyndication.com https://fndrsp.net *.fundraiseup.com https://fndrsp-checkout.net *.google.com google.com/pay *.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.garvan.org.au https://stats.g.doubleclick.net https://www.googletagmanager.com https://analytics.google.com https://www.google-analytics.com https://maps.googleapis.com https://www.youtube.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://code.jquery.com s3.amazonaws.com https://payments.blackbaud.com *.blackbaud.com https://www.google.com https://maps.gstatic.com *.gstatic.com *.doubleclick.net *.facebook.net *.paypal.com https://chimpstatic.com/ https://js.adsrvr.org *.paypalobjects.com https://pagead2.googlesyndication.com *.googlesyndication.com https://netlify-cdp-loader.netlify.app *.fundraiseup.com *.stripe.com *.google.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://payments.blackbaud.com *.blackbaud.com https://stackpath.bootstrapcdn.com cdn-images.mailchimp.com; img-src 'self' https://images.contentstack.io *.contentstack.io https://bbox.blackbaudhosting.com *.blackbaudhosting.com https://maps.gstatic.com https://img.youtube.com https://i.vimeocdn.com https://maps.googleapis.com *.google-analytics.com *.paypal.com *.google.com *.google.com.au *.facebook.com https://ucarecdn.com/ *.fundraiseup.com *.paypalobjects.com *.gstatic.com *.googletagmanager.com data:; base-uri 'self';, font-src https://fonts.gstatic.com https://fonts.googleapis.com *.fundraiseup.com data:;, sandbox allow-scripts allow-same-origin allow-forms allow-popups allow-popups-to-escape-sandbox allow-downloads;, frame-ancestors 'self' *.garvan.org.au *.contentstack.com; 1
default-src https: data: self: 'unsafe-inline'; form-action https:; upgrade-insecure-requests 1
default-src 'self'; connect-src 'self' https://cdn.cookielaw.org https://*.google-analytics.com https://stats.g.doubleclick.net https://*.analytics.google.com https://maps.googleapis.com onetrust.com *.onetrust.com https://nominatim.openstreetmap.org/* https://nominatim.openstreetmap.org; font-src 'self' https://*.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com youtube.com *.youtube.com gateway.zscloud.net https://gateway.zscloud.net *.gateway.zscloud.net https://zscloud.net *.zscloud.net www.google.com; img-src 'self' https://cdn.cookielaw.org https://www.googletagmanager.com https://*.google.fr/ https://*.gstatic.com data: https://maps.googleapis.com https://match.adsrvr.org https://a.tile.openstreetmap.org/* *.openstreetmap.org https://b.tile.openstreetmap.org/* https://c.tile.openstreetmap.org/* http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org a.tile.osm.org/* *.osm.org/* https://gateway.zscloud.net/*; media-src 'self' https://*.fayat.com; object-src 'self' https://ckeditor.com/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://cdn.cookielaw.org https://maps.googleapis.com https://*.goldenbees.fr *.ytimg.com ytimg.com https://gateway.zscloud.net https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.youtube.com dk91kmsnfr6kg.cloudfront.net *.fugle.tw:* call.chatra.io apis.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net d.line-scdn.net www.google-analytics.com graph.facebook.com connect.facebook.net cdn.polyfill.io/v2/polyfill.min.js https://hcaptcha.com https://*.hcaptcha.com js.tappaysdk.com/tpdirect/v5.7.0 https://challenges.cloudflare.com; font-src 'self' data: dk91kmsnfr6kg.cloudfront.net fonts.gstatic.com; connect-src 'self' dk91kmsnfr6kg.cloudfront.net wss://*.fugle.tw:* *.fugle.tw:* https://analytics.google.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com; img-src 'self' data: blob: yt3.ggpht.com dk91kmsnfr6kg.cloudfront.net fugle-web.s3.ap-northeast-1.amazonaws.com *.fugle.tw:* www.facebook.com platform-lookaside.fbsbx.com lookaside.facebook.com profile.line-scdn.net *.fbcdn.net www.google.com/ads/ www.google.com/pagead/ www.google.com.tw/pagead/ www.google.com.tw/ads/ www.google-analytics.com googleads.g.doubleclick.net graph.facebook.com fbcdn-profile-a.akamaihd.net *.googleusercontent.com csi.gstatic.com s3-ap-northeast-1.amazonaws.com i.imgur.com www.wearn.com *.medium.com i.ytimg.com; style-src 'self' 'unsafe-inline' dk91kmsnfr6kg.cloudfront.net fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; child-src chat.chatra.io content.googleapis.com social-plugins.line.me s-static.ak.facebook.com staticxx.facebook.com www.youtube.com accounts.google.com static.ak.facebook.com www.facebook.com *.fugle.tw *.esunsec.com.tw https://hcaptcha.com https://*.hcaptcha.com https://js.tappaysdk.com/ https://fraud.tappaysdk.com/ https://td.doubleclick.net/ https://challenges.cloudflare.com; media-src 'self'; frame-ancestors 'self' *.fugle.tw *.esunsec.com.tw; base-uri 'none'; object-src 'none'; form-action 'self' www.facebook.com/tr/; manifest-src 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-61kw6HH458PiDoEgh9eL9uuvXX0aFlkyTMpb8HhUMcc8MWtW' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' localhost:3000; frame-ancestors 'self' https://builder.io 1
frame-ancestors 'self' *.virtualsaleslab.com z28.web.core.windows.net *.z28.web.core.windows.net *.brustor.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://ardor-gaming.com https://*.ardor-gaming.com https://dns-shop.ru/ https://*.dns-shop.ru/  https://www.google-analytics.com/ https://gstatic.com https://*.gstatic.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/  https://mc.yandex.ru/ https://*.doubleclick.net https://doubleclick.net; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https://*.dns-shop.ru https://*.retailrocket.net https://*.retailrocket.ru https://ohio8.vchecks.me https://hls-jp.jwpsrv.com/ https://content.jwplatform.com/  https://mc.yandex.ru/ https://www.google-analytics.com/ https://*.mtproxy.yandex.net/ https://bam.nr-data.net https://api.retailrocket.net https://api.retailrocket.ru  https://content.syndigo.com/ https://google-analytics.bi.owox.com/ https://api-maps.yandex.ru/ https://stats.g.doubleclick.net/  https://www.google.com/ads/ https://m.addthis.com/live/red_lojson/ https://s7.addthis.com/l10n/ https://top-fwz1.mail.ru/  https://bot.aimylogic.com/restapi/ wss://chat.dns-shop.ru https://chat.dns-shop.ru https://e-shop.homecredit.ru https://media.pointandplace.com/ https://vk.com https://media.flixcar.com/ https://autocomplete.diginetica.net/ https://www.facebook.com/tr/  https://analytics.tiktok.com/ https://content.24ttl.stream/ https://itweb-asmsys.dns-shop.ru:17589/  https://*.flix360.io/ http://shops.dns-shop.ru/ https://www.youtube-nocookie.com/ https://pplan.ru/ https://firebaseinstallations.googleapis.com/ https://www.googletagmanager.com/; frame-src 'self' intent: https://club.dns-shop.ru https://ftp.dexp.club/ https://ftp.dns-shop.ru/  https://www.facebook.com/ https://www.youtube.com https://www.google.com https://optimize.google.com; worker-src blob: https://dns-shop.ru https://*.dns-shop.ru 1
default-src http: https: data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self';frame-src 'self' *.bnpparibasfortis.be *.bnpparibasfortis.com *.facebook.com *.vimeo.com *.youtube.com *.brightcove.net; 1
frame-ancestors 'self'; frame-src 'self' web106.reachmee.com res.statisticsstudio.com play.mediaflowpro.com www.youtube.com *.readspeaker.com ssres.azureedge.net consentcdn.cookiebot.com www.google.com survey.extellio.com; form-action 'self' *.readspeaker.com www.anpdm.com; base-uri 'self'; default-src 'self'; font-src 'self' data:; script-src 'self' 'nonce-bFb8xQjIQYlATikNg534PgyeQgSzx5l9AXz93SCgL4o=' 'strict-dynamic' consent.cookiebot.com consentcdn.cookiebot.com cdn1.readspeaker.com script.extellio.com m.extellio.com; style-src 'self' 'unsafe-inline' *.readspeaker.com; img-src 'self' matomo.folkhalsomyndigheten.se i.creativecommons.org licensebuttons.net im16.inviewer.se assets.mediaflowpro.com *.readspeaker.com; connect-src 'self' consentcdn.cookiebot.com *.readspeaker.com matomo.folkhalsomyndigheten.se script.extellio.com m.extellio.com; 1
default-src 'none'; script-src 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://checkout.stripe.com; frame-src https://checkout.stripe.com; connect-src https://checkout.stripe.com; img-src 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://www.paypalobjects.com https://q.stripe.com; style-src 'unsafe-inline' 'self' https://soylentnews.org https://www.soylentnews.org http://7rmath4ro2of2a42.onion https://checkout.stripe.com 1
upgrade-insecure-requests; frame-ancestors 'self' *.sc-pa.com; object-src 'self'; 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com;report-uri /_/ConversionPanelUi/cspreport/allowlist 1
default-src https:  wss://*.hotjar.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; 1
default-src https: wss: blob: data: 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com account.psplugin.com commondatastorage.googleapis.com omni.teleperformance.se static.hotjar.com bat.bing.com track.adform.net *.doubleclick.net www.googleadservices.com www.googletagmanager.com connect.facebook.net test-allentetest.lekane.net allente.lekane.net tango-churn.viasat.dk *.vo.msecnd.net assets.adobedtm.com dl.episerver.net canaldigital.d3.sc.omtrdc.net fast.canaldigital.demdex.net dpm.demdex.net cm.everesttech.net cd-static.telenorcdn.net canaldigital.demdex.net; frame-ancestors 'self' www.elkjop.no elkjop.no www.power.no power.no logon.canaldigital.com ssotest.api-canaldigital.com ssostage.api-canaldigital.com localhost; 1
default-src 'self' https://www.youtube-nocookie.com https://svc.webspellchecker.net https://www.webspellchecker.net; base-uri 'none'; form-action 'self' https://search.google.com/test/rich-results https://validator.schema.org; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://svc.webspellchecker.net https://www.webspellchecker.net; style-src 'self' 'unsafe-inline' https://svc.webspellchecker.net; img-src 'self' https://www.webspellchecker.net https://svc.webspellchecker.net data:; worker-src 'self' blob:; font-src 'self' data:; upgrade-insecure-requests 1
frame-ancestors 'self' *.datcu.org *.zagclients.net 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https:; script-src 'unsafe-inline' 'unsafe-eval' https: *.tealiumiq.com connect.facebook.net www.dwin1.com snap.licdn.com api.eu.kaltura.com beursinfo.abnamro.nl tags.tiqcdn.com w.usabilla.com api.usabilla.com google-analytics.com googletagmanager.com; connect-src https: *.tealiumiq.com api.usabilla.com abnamro.sc.omtrdc.net dpm.demdex.net www.google-analytics.com stats.g.doubleclick.net region1.google-analytics.com; style-src 'unsafe-inline' https: blob: fonts.googleapis.com; img-src data: https: abnamro.sc.omtrdc.net cfvod.eu.kaltura.com d6tizftlrpuof.cloudfront.net images.ctfassets.net google-analytics.com *.tealiumiq.com w.usabilla.com abnamro.sc.omtrdc.net www.facebook.com www.awin1.com cm.g.doubleclick.net px.ads.linkedin.com region1.google-analytics.com; font-src https: fonts.gstatic.com; media-src 'self' https: blob:; frame-src abnamrobank.qualtrics.com beursinfo.abnamro.nl d6tizftlrpuof.cloudfront.net *.fls.doubleclick.net www.awin1.com player.simplecast.com localfocuswidgets.net assets.abnamro.com www.youtube.com www.google.com; worker-src 'self' https: blob:; frame-ancestors https: beursinfo.abnamro.nl 1
default-src 'self'; object-src 'none'; img-src 'self' data: blob: *; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com www.wiris.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ajax.googleapis.com www.googletagmanager.com cdn.cookietractor.com cdn-eu.cookietractor.com https://*.hotjar.com www.wiris.net; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com www.wiris.net hotjar.io hotjar.com script.hotjar.com about:; connect-src 'self' https://www.pluggakuten.se ws://www.pluggakuten.se wss://www.pluggakuten.se wss://ws.hotjar.com google-analytics.com https://*.google-analytics.com google.com https://*.google.com www.wiris.net wss://ws.hotjar.com hotjar.io https://*.hotjar.io hotjar.com https://*.hotjar.com app.cookietractor.com google.se https://*.google.se https://*.doubleclick.net; ; report-uri https://www.pluggakuten.se/api/errorLogging/csp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' wss://*.purechat.com *.amazonaws.com *.uberads.com *.bootstrapcdn.com *.list-manage.com *.jquery.com *.purechatcdn.com *.purechat.com *.chase.com *.chasepaymentechhostedpay-var.com *.chasepaymentechhostedpay.com *.googleadservices.com *.google-analytics.com *.schemaapp.com *.googletagmanager.com *.doubleclick.net *.webeyez.com *.hotjar.io *.hotjar.com *.youtube.com *.webeyez.com firehose.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com *.adobedtm.com *.gstatic.com *.googleapis.com *.google.com; frame-ancestors 'self' https://trans-global-service.myshopify.com https://tgsmobile.limetac.com https://tgsmobile.limetac.com; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; report-uri /error/csp-violation 1
frame-ancestors 'self' *.primecredit.com *.primecredit.biz online.munroads.com 1
frame-ancestors 'self'; upgrade-insecure-requests; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; frame-src https:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://activitymap.adobe.com https://assets.adobedtm.com https://cvag.d3.sc.omtrdc.net https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://www.googletagmanager.com https://www.googleadservices.com https://*.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https: data: blob:; connect-src 'self' https:; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; media-src 'self'; base-uri 'self'; frame-src 'self' https://activitymap.adobe.com https://*.concordia.ch https://www.youtube-nocookie.com https://www.whatchado.com https://*.doubleclick.net https://brame.io https://live.brame-gamification.com; worker-src 'self'; form-action 'self' https://*.concordia.ch https://*.postfinance.ch; frame-ancestors https://*.concordia.ch https://*.concordia.li https://*.concordia.local; 1
default-src https://* 'unsafe-inline' data:; script-src https: 'unsafe-inline' 'unsafe-eval'; img-src https://* data:; 1
default-src 'self' *.adamsfile.com * flacit.com *.yandex.ru *.yandex.net *.google-analytics.com *.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net https://mc.yandex.ru mc.yandex.com www.google-analytics.com *.googletagmanager.com  *.addthisedge.com  http://vk.com *.yandex.ru *.yandex.net  http://graph.facebook.com http://www.odnoklassniki.ru *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com  http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.yandex.net http://vk.com *.fontawesome.com; img-src 'self' * data: www.google-analytics.com *.jivosite.com http://counter.yadro.ru http://*.hotlog.ru http://vk.com http://*.vk.me http://*.skomplekt.com http://lk.alpindustria.ru *.yandex.net *.yandex.ru; font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com http://fonts.gstatic.com https://fonts.gstatic.com *.yandex.ru *.fontawesome.com; connect-src 'self' *.yandex.ru https://mc.yandex.ru mc.yandex.com *.instagram.com *.yandex.net www.google-analytics.com; child-src 'self' http://graph.facebook.com https://mc.yandex.ru *.yandex.net *.yandex.ru *.google-analytics.com www.googletagmanager.com *.youtube.com *.instagram.com *.google.com 1
default-src *; img-src data: *; style-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://p.typekit.net https://static.ctctcdn.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://static.ctctcdn.com https://maps.googleapis.com https://maps.gstatic.com https://resultsapi.herokuapp.com https://www.betweenends.com/recordsapi.js https://ajax.cloudflare.com https://player.vimeo.com/api/player.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://servedbyadbutler.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://static.ctctcdn.com https://cdn.mouseflow.com https://maps.googleapis.com https://maps.gstatic.com https://resultsapi.herokuapp.com https://www.betweenends.com/recordsapi.js https://ajax.cloudflare.com https://player.vimeo.com/api/player.js; 1
base-uri 'none'; object-src 'none'; script-src 'nonce-6554b94ed5a9501ab119c899a3f4692f' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:; frame-ancestors 'none'; 1
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com wwwadmin.alger.com; 1
default-src 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://*.vo.msecnd.net https://ajax.googleapis.com https://bat.bing.com https://cdn.cookielaw.org https://connect.facebook.net https://content.linkedin.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://platform.linkedin.com https://r.bing.com https://static.cloudflareinsights.com https://ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://s.pinimg.com https://tagmanager.google.com https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.civiccomputing.com https://www.youtube.com https://script.crazyegg.com https://cdn.jsdelivr.net https://code.jquery.com https://maps.googleapis.com *.sharethis.com dl.episerver.net; connect-src 'self' *; style-src 'self' 'unsafe-inline' *.licdn.com *.google.com *.bing.com ajax.googleapis.com www.googletagmanager.com https://maps.googleapis.com https://fonts.googleapis.com; object-src *.googlesyndication.com; child-src 'self' blob: *.googlesyndication.com *.google.com *.facebook.com *.doubleclick.net connect.facebook.net www.googletagmanager.com; img-src 'self' data: https://cdn.cookielaw.org https://ssl.google-analytics.com https://www.google-analytics.com https://*.linkedin.com https://bat.bing.com https://*.google.com https://www.google.pl https://ct.pinterest.com https://shoplogos.commerce-connector.de https://*.doubleclick.net https://*.googletagmanager.com https://i.ytimg.com https://*.gstatic.com https://*.googleapis.com https://platform-cdn.sharethis.com *.facebook.com https://aax-eu.amazon-adsystem.com *.spotify.com *.tiktok.com; frame-src 'self' https://td.doubleclick.net https://ct.pinterest.com https://www.google.com https://www.youtube.com; frame-ancestors 'self'; worker-src 'self' blob: www.google.com 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.ro 1
script-src 'self' framasoft.org stats.framasoft.org; connect-src 'self' framasoft.org api.gfycat.com wss://framateam.org; style-src 'self' framasoft.org 'unsafe-inline' 1
default-src * 'unsafe-inline' data: blob: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com indd.adobe.com; script-src 'self' 'sha256-g+QcuF9go7Kmel+9NOuc4MfXf/iSEYIV/+uL/uFY3oA=' 'sha256-S/p6wuWOGGkR4Wol0Us5oAGEQ1W0AsY7/i4y076Yok0=' 'sha256-ATReICQsd+smV/PvrA4eH+DuxsenS4SxbGcSjySJlBA=' 'sha256-ceD/AKWG8oLqLwUT0gzppUTEMc3rHi+t46Kor0a+FeI=' 'sha256-pCfgC7mdAb8zWn53QEoSua5KROyPT+RIaiyX+hzTezA=' 'sha256-2vr5KMButMK7a+bOf/ned/cPnF2yNooMulXA8E65wGw=' 'sha256-TPYQrmHnt7M8DKy1OOU5jTa025E09OKImlMkdDfKkn0=' 'sha256-oBHkav8l/42EH9KIBaGqbUJ1eBlKlXRBUHf8pINjiOQ=' 'sha256-dracLzHe60K7SKXS9cKemKhzL5h916shN2G+fnhh8aA=' 'sha256-0lL/MQ5OSw+e9+USo4AlnVE/kW8oayVyzHjz2+/LjZ8=' 'sha256-ViUahoy60pv8hJBcILSOqGM3VFNL437+EFcV4VlF8GU=' 'sha256-Z0/WlufrhGc3d8uptxo3hscoFybvRrlBO6s2maJicjk=' 'sha256-Q2VWdYABXuiFx36vXAiQuNzL/qFV7l8jQPFinMPbhis=' 'sha256-Ckx1dumQaCDzCnOm33fcxdP06HGNa5SNShgyceGVPN4=' 'sha256-LulRT5bBtRUGNEEDbPdaGz58YhP43UXVa+RClQ3XKZU=' 'sha256-xIYoa2ANCJrxNJBfDX5XHj3VEDuWHeYuvFVDKC/vsqA=' 'sha256-/AcSeWJJT0RtC7FS270AxIXeDJvOTr6cn80nWhQrbMs=' 'sha256-bZBjJevs/Qv1f+ZhJb1OCrYm1pTSNkjf41ezroL6RUU=' 'sha256-06nZ0S5LdWLY2O0clr0m10kt/YqaxACZR2rJjwMGWjM=' 'sha256-8NYaqmE4mzTnzNqwW0uuT1dylNkQITXB9zCZhUpCvrs=' 'sha256-Ept9VtaD0yRk9HRwCiTd8KzXUv0xcznGxoqtz2m4xFo=' 'sha256-SVnmyk6gJSyFRes2SZ+/oRBQmy8YxcMR9luOngFMkw4=' 'sha256-zSdzD69gRyUzcakTNyhuLrk0EGV54ZclqupBkwl9G3g=' 'sha256-Mb9e6w5kPXmkt0WuKkGPDPHtIWSzqQWT+raUTyFOghs=' 'sha256-qIRGu2PWSmSigfUVAoTqzGX0A+rzcdhrIDzgC0gNrPA=' 'sha256-RmGgqFFhpwAqdY4Ssrcz8HI4xm0zyPzntEHcqGFOWKM=' 'sha256-3AK1xZB3NFDjkvwc82DxZBGdaEL+JSGy1RFJcwQFo/c=' 'sha256-IVLaEXEzatFDlqqb7h6MOoWKuRDnadLCcxaLZy9Ebnw=' 'sha256-M+ntCvT6Iu4miDK9F02ZhDSR1mpmcj9joL8tYwCU1Tg=' 'sha256-4g0Ary7o6pTL9RiIsoxH86zeYwEqMzd3CuMYGHaZQNY=' 'sha256-N4wN1TwWo11gZOjyAPzFpxe9/8WLSTJ1/PHuOgRpM78=' 'sha256-e/s1m6mynEmDPMw6xBQTJpwa+4wc1DrssvAYLSotUaY=' 'sha256-ZdLPGT5uZbdUMJeRv+0MMEpa0xTdUx73STyzhTneGv0=' 'sha256-xBktOovPzxEC+VQ+dkc+9ld5Wec3haqblMiYuC5gMJM=' 'sha256-4nVgMCLHF5T7oPaxdH6BEFUAa2NTV9+bVK3ZSlB1ZQ4=' 'sha256-8/gCZVeHNZpnKtkFlW6fo8ivZ3APL5d5bSfu0/1/xjk=' 'sha256-D+dyPB/9UqXp+2gvBtKVwnn28h3dxDYzOxmE4EEF4NA=' 'sha256-jYVH3FjEup3AVAEMC/vDGOo5GSfwVb8Bp16VJbuJ030=' 'sha256-UeWqdFEwR5mmGfL25MFmUeLgExDDhZKjcBtnKMUno14=' 'sha256-TDHysZJR91ZUpr0Kl+8SCYkDii9qSJnOSr8t52sNifc=' 'sha256-IFuqoH1torcwk0KEXeDN+5BEl6zQ+UlvoeV4LXY7O+8=' 'sha256-ZRekjAfj1OrC+PFcqUx44vw8RctSKckyJBb1a2+olpw=' 'sha256-Z/2UaeSqUF0Atanb54i1hLXje7k5RM1637Nw4C7SjAs=' 'sha256-HCPkwsDE7HO3QXJcMlNqGbs1RtqzmyuDUhlPIkUPUlw=' 'sha256-drcbxARoEX93eRhXJJkLQK0RebAmiM6SlqNhYi+fKnY=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-Z/2UaeSqUF0Atanb54i1hLXje7k5RM1637Nw4C7SjAs=' 'sha256-ADUBpn+PPu86O/Pthgc3mZxOwi+tVppuhwPAVQpqNMM=' 'sha256-FN9YrXQ4UuAz4h3fSP76D9gMzXvb5yrFjKbs2hPugj0=' 'sha256-gjuoUZLAvuVjx3jQOM1LKnHaiKuA8mh9TcFjdJ5CaTQ=' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js cdnjs.cloudflare.com dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com *.googletagmanager.com *.adobe.com https://www.youtube.com/iframe_api https://dec.azureedge.net munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com az416426.vo.msecnd.net https://cdn.curator.io https://cdn.insight.sitefinity.com https://player.vimeo.com/api/player.js cdn.ampproject.org web-chat.nativechat.com; style-src 'self' 'unsafe-hashes' 'sha256-N6tSydZ64AHCaOWfwKbUhxXx2fRFDxHOaL3e3CO7GPI=' 'sha256-5TBRWOUMOK21n+V/U9+QiaS8Jvwff9RqEfgNUWmlR+0=' 'sha256-ZpgzpvJHSCf58T76zZlN3fm30Ube8nUErGkZO+l6B1k=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-0EZqoz+oBhx7gF4nvY2bSqoGyy4zLjNF+SDQXGp/ZrY=' 'sha256-H/s/dWGkGDaCkKqmo0VNeHrTgvJjinI5uvu7UmY6EB8=' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com use.typekit.net p.typekit.net https://cdn.curator.io *.autodesk.com *.autodesk360.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com https://cdn.curator.io https://curator-assets.b-cdn.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://*.fbcdn.net *.autodesk.com *.autodesk360.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com use.typekit.net https://cdn.curator.io *.autodesk.com *.autodesk360.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.google-analytics.com www.google.com stats.g.doubleclick.net www.google-analytics.com api.curator.io *.mktoresp.com *.visualstudio.com https://*.instagram.com https://api.curator.io *.adobe.com *.adobe.io https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com video.twimg.com https://curatorio.s3.amazonaws.com https://curator-assets.b-cdn.net *.adobe.com *.autodesk.com *.autodesk360.com; child-src 'self' dewberry-stg.sitefinity.cloud dewberry.sitefinity.cloud www.dewberry.com *.twimg.com *.autodesk.com *.autodesk360.com *.adobe.com web-chat.nativechat.com 1
default-src 'self' *.quantummetric.com hawaiianairlinesinc.marketing.adobe.com 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src blob:; child-src blob:; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data:; connect-src * data:; font-src * data:; frame-src *; frame-ancestors 'self' hawaiianairlinesinc.marketing.adobe.com https://www.kayak.com/; media-src 'self' *.s-hawaiianairlines.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.syndication.twimg.com https://www.facebook.com https://*.twitter.com https://www.google.com https://ton.twimg.com https://*.github.io https://www.googletagmanager.com https://www.google-analytics.com; img-src 'self' https://*.twimg.com https://*.twitter.com http://*.twimg.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.jp data:; 1
default-src usim.beprod.leqvio.com 'self'; style-src usim.beprod.leqvio.com prod.cz.hcp.novartis.com *.googleapis.com fonts.gstatic.com 'self' 'unsafe-inline' kms-a.akamaihd.net; script-src js-agent.newrelic.com/nr-rum-1.248.0.min.js usim.beprod.leqvio.com prod.cz.hcp.novartis.com unpkg.com kaltura.com *.kaltura.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net tags.tiqcdn.com ipredictive.com *.ipredictive.com 'self' 'unsafe-inline' 'unsafe-eval' blob: *.googleapis.com *.pmsrv.co t.contentsquare.net app.contentsquare.com static.cloudflareinsights.com *.meta.net mediahub.novartis.com match.deepintent.com trc.lhmos.com secure.adnxs.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com cdn.cookielaw.org *.facebook.net; child-src blob:; worker-src blob:; object-src 'none'; font-src prod.cz.hcp.novartis.com fonts.gstatic.com *.kaltura.com 'self' data: application:; img-src *.ipredictive.com *.contentsquare.net http: https: data: image: 'self'; frame-src contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net servedby.flashtalking.com di.rlcdn.com 'self' cdnapisec.kaltura.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com; connect-src usim.beprod.leqvio.com bam.nr-data.net prod.cz.hcp.novartis.com *.google.com contextweb.com *.contextweb.com bat.bing.com *.doubleclick.net *.googleadservices.net stats.g.doubleclick.net *.contentsquare.net *.kaltura.com ws: 'self' *.googleapis.com *.tiqcdn.com cloudflareinsights.com trc.lhmos.com analytics.google.com *.analytics.google.com google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com tagmanager.google.com *.tagmanager.google.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; media-src usim.beprod.leqvio.com kaltura.com *.kaltura.com blob: 'self'; frame-ancestors usim.beprod.leqvio.com 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-EQISMZPV4iLuoMTPQGA2QFZUn0Un82WNPOIT/O67p5g0eDy9' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://static.femscat.com; frame-src https://www.juicycash.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://www.inet-cash.com https://*.google-analytics.com https://*.googletagmanager.com https://static.femscat.com https://www.juicycash.net https://yezzclips.r.worldssl.net; media-src 'self' https://static.femscat.com https://yezzclips.r.worldssl.net; script-src https://*.googletagmanager.com data: blob: 'self' 'unsafe-inline' 'unsafe-eval' https://www.inet-cash.com https://ajax.googleapis.com/ https://www.google-analytics.com https://ssl.google-analytics.com/ga.js https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://static.femscat.com https://yezzclips.r.worldssl.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://static.femscat.com https://yezzclips.r.worldssl.net https://use.fontawesome.com; frame-ancestors 'none'; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io *.googleadservices.com cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.bazaarvoice.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org www.google.com images.ctfassets.net pixel.tapad.com *.doubleclick.net *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' assets.ctfassets.net fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.adsrvr.org *.doubleclick.net *.jebbit.com *.pghub.io *.bazaarvoice.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' https://tests.services.druide https://services-tests-tmp.druide.com https://services.druide.com https://www.gravatar.com https://*.googleusercontent.com  https://googleusercontent.com https://*.fbcdn.net https://fbcdn.net https://*.fbsbx.com https://fbsbx.com data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; frame-src 'none'; frame-ancestors 'none'; connect-src 'self' wss://antidote.app/correcteur/corrigerWS2; object-src 'none'; child-src 'none'; media-src 'self'; manifest-src 'self'; worker-src 'none'; form-action 'none'; upgrade-insecure-requests;report-to 'csp-reports';report-uri /__rapport_csp__ 1
; worker-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' cdn-cookieyes.com *.imp.stackadapt.com *.srv.stackadapt.com *.hotjar.com *.hotjar.io bat.bing.com cdn.sub2tech.com connect.facebook.net dataservices.sub2tech.com equifax-cdn.sub2tech.com wchat.freshchat.com www.google-analytics.com www.googletagmanager.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com kit.fontawesome.com stackpath.bootstrapcdn.com unpkg.com www.youtube.com cdn.jsdelivr.net maps.googleapis.com widget.trustpilot.com; script-src-elem 'self' 'unsafe-inline' livechat-choosemycar.connexone.co.uk optimize.google.com www.googleoptimize.com *.sub2tech.com cdn-cookieyes.com *.stackadapt.com *.hotjar.io *.hotjar.com bat.bing.com cdn.sub2tech.com connect.facebook.net dataservices.sub2tech.com equifax-cdn.sub2tech.com wchat.freshchat.com www.google-analytics.com www.googletagmanager.com cdn.datatables.net cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com gc.kis.v2.scr.kaspersky-labs.com kit.fontawesome.com maps.googleapis.com stackpath.bootstrapcdn.com unpkg.com www.youtube.com widget.trustpilot.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.srv.stackadapt.com fonts.googleapis.com wchat.freshchat.com cdnjs.cloudflare.com p.typekit.net stackpath.bootstrapcdn.com unpkg.com use.typekit.net cdn.datatables.net translate.googleapis.com; style-src-elem 'self' 'unsafe-inline' optimize.google.com *.stackadapt.com fonts.googleapis.com wchat.eu.freshchat.com cdn.datatables.net cdnjs.cloudflare.com gc.kis.v2.scr.kaspersky-labs.com p.typekit.net stackpath.bootstrapcdn.com unpkg.com use.typekit.net; style-src-attr 'unsafe-inline'; img-src 'self' data: cdn.imagin.studio cdn-cookieyes.com secure.gravatar.com *.stackadapt.com *.hotjar.com *.hotjar.io assets.choosemycar.com carcliq.ams3.cdn.digitaloceanspaces.com bat.bing.com www.facebook.com www.google-analytics.com www.google.co.uk www.google.com www.google.lt www.googletagmanager.com www.google.ie www.google.es connect.facebook.net digitaloftcdn.com www.google.ae www.google.be www.google.bg www.google.co.nz www.google.co.za www.google.co.zw www.google.com.au www.google.com.gh www.google.com.kw www.google.com.ph www.google.com.tr www.google.fr www.google.gr www.gstatic.com i.ytimg.com maps.googleapis.com maps.gstatic.com www.google.ca www.google.co.il www.google.co.in www.google.com.lb www.google.com.pk www.google.com.sg www.google.de www.google.fi www.google.it www.google.no www.google.pt translate.google.com www.google.jo www.google.pl www.google.rs www.google.al www.google.ba www.google.co.id www.google.co.kr www.google.co.ma www.google.com.bh www.google.com.br www.google.com.do www.google.com.eg www.google.com.jm www.google.com.ng www.google.com.om www.google.com.sa www.google.com.ua www.google.com.vn www.google.cz www.google.dk www.google.hr www.google.hu www.google.im www.google.iq www.google.je www.google.ps www.google.ro www.google.se www.google.si www.google.tn; font-src 'self' data: *.hotjar.com *.hotjar.io fonts.gstatic.com cdnjs.cloudflare.com ka-p.fontawesome.com static3.avast.com use.typekit.net; connect-src 'self' gateway.choosemycar.com doc-0k-a8-sheets.googleusercontent.com pagead2.googlesyndication.com googlesyndication.com googleads.g.doubleclick.net www.google.com cdn-cookieyes.com *.cookieyes.com *.google-analytics.com region1.analytics.google.com *.yoast.com *.stackadapt.com wss://*.hotjar.com *.hotjar.com *.hotjar.io bat.bing.com stats.g.doubleclick.net www.facebook.com www.google-analytics.com digitaloftcdn.com ka-p.fontawesome.com assets.choosemycar.com docs.google.com www.googletagmanager.com gjtrack.ucweb.com doc-0c-44-sheets.googleusercontent.com maps.googleapis.com; frame-src 'self' data: td.doubleclick.net livechat-choosemycar.connexone.co.uk optimize.google.com viewer.mapme.com https://docs.google.com https://vars.hotjar.com https://widget.trustpilot.com *.hotjar.io 394466662429530.eu.webpush.freshchat.com wchat.eu.freshchat.com www.facebook.com www.youtube.com mozbar.moz.com widget.trustpilot.com www.googletagmanager.com; child-src wchat.eu.freshchat.com www.youtube.com; form-action 'self' www.facebook.com; base-uri 'self' *.stackadapt.com; report-uri https://choosemycar.report-uri.com/r/d/csp/wizard 1
default-src 'self'; style-src * 'unsafe-inline'; img-src * data:; object-src 'self'; script-src * 'unsafe-eval' 'unsafe-inline'; font-src * data:; worker-src * blob:;frame-src 'self' *; 1
frame-ancestors 'self' https://staging.legisector.com https://launch.legisector.com https://legisector.com https://www.legisector.com 1
default-src 'self' 'unsafe-inline' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net fonts.googleapis.com youtube.com *.google-analytics.com https://judxu4avx2.execute-api.eu-west-1.amazonaws.com https://3lz1gykyyd.execute-api.eu-west-1.amazonaws.com https://stats.g.doubleclick.net olivia.paradox.ai dokumfe7mps0i.cloudfront.net tupf3ye5m3.execute-api.eu-west-1.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com cdn.rawgit.com otp.tools.investis.com https://sc.lfeeder.com https://staticcontents.investisdigital.com dokumfe7mps0i.cloudfront.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net netdna.bootstrapcdn.com; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com youtube.com brightcove.hs.llnwd.net; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com otp.tools.investis.com *.dtn.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com dokumfe7mps0i.cloudfront.net; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.curator.io https://use.fontawesome.com https://fuse.shooju.com https://cdn.shooju.com/ https://d1vl91sh9bpatf.cloudfront.net/fuseTracker.js https://fuse.fusesearch.app https://snap.licdn.com https://googleads.g.doubleclick.net https://s.adroll.com https://d.adroll.com https://cdn.feathr.co https://polo.feathr.co https://aium.informz.net *.hsforms.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://cdn.curator.io https://s.adroll.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://cdnjs.cloudflare.com https://curator-assets.b-cdn.net https://px.ads.linkedin.com https://www.google.com https://d.adroll.com https://x.bidswitch.net https://cm.g.doubleclick.net https://dsum-sec.casalemedia.com https://pixel.rubiconproject.com https://us-u.openx.net https://sync.outbrain.com https://sync.taboola.com https://image2.pubmatic.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://ib.adnxs.com https://www.google.com.ph https://marco.feathr.co https://polo.feathr.co https://match.adsrvr.org https://polo-v1.feathr.co *.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdnjs.cloudflare.com https://use.fontawesome.com https://cdn.shooju.com; frame-src 'self' https://aium.wufoo.com https://aium.informz.net https://js.hsforms.net https://www.google.com https://app.hubspot.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://fuse.shooju.com https://api.curator.io https://fuse.fusesearch.app https://stats.g.doubleclick.net https://www.facebook.com https://cdn.linkedin.oribi.io https://d.adroll.com https://polo.feathr.co *.hsforms.net https://hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://curator-assets.b-cdn.net https://video.twimg.com https://curatorio.s3.amazonaws.com https://aium.s3.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com *.googletagservices.com *.googletagmanager.com *.facebook.com https://*.facebook.com *.facebook.net https://connect.facebook.net *.tynt.com *.yandex.net https://site.yandex.net https://yastatic.net yastatic.net an.yandex.ru awaps.yandex.ru vk.com https://vk.com https://*.yandex.ru mc.yandex.ru clck.yandex.ru yandex.st https://*.googleapis.com https://*.google.com *.google.com *.gstatic.com https://*.gstatic.com https://*.google-analytics.com *.google-analytics.com *.googlesyndication.com https://*.googlesyndication.com *.googleapis.com *.doubleclick.net;object-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com *.googlesyndication.com https://*.googletagmanager.com *.googletagmanager.com https://*.googleapis.com www.youtube.com https://www.youtube.com *.gstatic.com; frame-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com *.googletagmanager.com *.facebook.com https://*.facebook.com  bcp.crwdcntrl.net yastatic.net awaps.yandex.ru vk.com https://vk.com https://login.vk.com yandex.st www.youtube.com https://www.youtube.com *.googlesyndication.com *.doubleclick.net https://*.doubleclick.net https://*.google.com *.google.com mc.yandex.ru www.youtube.com; connect-src 'self' https://*.google.ru https://*.doubleclick.net https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com *.googletagmanager.com https://mc.yandex.ru mc.yandex.ru www.google-analytics.com https://*.google-analytics.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' www.google.com; font-src 'unsafe-inline' 'self' snackercrackercontest.com fonts.googleapis.com fonts.gstatic.com data:; style-src 'unsafe-inline' 'self' www.gstatic.com fonts.googleapis.com snackercrackercontest.com; img-src https://d22qhov8mohr82.cloudfront.net 'self' data: w3.org/svg/2000 snackercrackercontest.com www.google.co.in; media-src https://d22qhov8mohr82.cloudfront.net 'self'; connect-src *; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com www.gstatic.com code.jquery.com cdnjs.cloudflare.com snackercrackercontest.com cdn.jsdelivr.net www.google.com; frame-src www.youtube.com www.google.com; 1
default-src * 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://remitano.com 1
frame-ancestors 'self' *.sparkboxqa.com sparkboxqa.com *.tirediscounters.com tirediscounters.com *.dev.tirediscountersdirect.com *.tirediscountersdirect.com tirediscountersdirect.com localhost:8080 localhost:8081 1
frame-ancestors 'self' https://*.lexus.ua https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88 https://toyota-test.crm4.dynamics.com https://toyota.crm4.dynamics.com; 1
default-src 'self' blob:; img-src 'self' data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://procursus.social; img-src 'self' data: blob: https://procursus.social https://assets.procursus.social; style-src 'self' https://procursus.social 'nonce-RjWEunBdGWYfgMA6+eGngQ=='; media-src 'self' data: https://procursus.social https://assets.procursus.social; frame-src 'self' https:; manifest-src 'self' https://procursus.social; form-action 'self'; child-src 'self' blob: https://procursus.social; worker-src 'self' blob: https://procursus.social; connect-src 'self' data: blob: https://procursus.social https://assets.procursus.social wss://procursus.social; script-src 'self' https://procursus.social 'wasm-unsafe-eval' 1
script-src http: https: https://www.joyalukkas.in/ 'nonce-xCAD9T1s5Bu9kXsJeCx9E9R7FPUXwTV9ZtSpmBjRjqbzj' *.zohopublic.in; style-src 'self' blob: https: 'unsafe-inline' https://www.joyalukkas.in/ *.zohopublic.in; img-src data: http: https: *.zohopublic.in *.google-analytics.com *.googletagmanager.com *.analytics.google.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.zohopublic.in *.zohocdn.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.razorpay.com *.zohopublic.in *.doubleclick.net; 1
default-src 'self' data: snippet.maze.co heapanalytics.com js.hs-analytics.net tag.demandbase.com prompts.maze.co/api/widgets js.hs-analytics.net secure.intelligent-business-7.com;child-src blob:;style-src 'self' blob: 'unsafe-inline' *.googleapis.com tagmanager.google.com optimize.google.com fonts.googleapis.com addtocalendar.com *.loqate.com cloudflare.com cdnjs.cloudflare.com *.typekit.net *.pcapredict.com *.addressy.com *.postcodeanywhere.co.uk *.gbgplc.com fast.wistia.com cdn.jsdelivr.net a.omappapi.com *.sg.va.sabio.cloud *.stackadapt.com ifaqs.flexanswer.com du89v9a480hlb.cloudfront.net *.jquery.com heapanalytics.com https://*.maze.co/ *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net;img-src 'self' 'unsafe-inline' *.gravatar.com data: gbg-global.azureedge.net *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com t.co/i/adsct *.google.com *.gstatic.com www.glassdoor.co.uk *.google.co.uk *.google-analytics.com *.googleusercontent.com *.facebook.com *.hubspot.com cdnjs.cloudflare.com stats.g.doubleclick.net glassdoor.co.uk maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com optimize.google.com *.sharethis.com dashboard.umbraco.org px.ads.linkedin.com www.linkedin.com tr.outbrain.com amplifypixel.outbrain.com *.vimeo.com p.typekit.net bat.bing.com a.opmnstr.com p.adsymptotic.com *.omappapi.com *.wistia.com *.wistia.net embedwistia-a.akamaihd.net match.prod.bidr.io segments.company-target.com syndication.twitter.com connect.facebook.net *.onetrust.com id.rlcdn.com ifaqs.flexanswer.com *.loqate.com gbgstorage01.blob.core.windows.net *.sg.va.sabio.cloud *.zopim.io *.placeholder.com i.vimeocdn.com gbgcmsprdsto.blob.core.windows.net gbgcmsprdblobcdn.azureedge.net analytics.twitter.com googleads.g.doubleclick.net *.stackadapt.com *.azr.footprintdns.com *.hsforms.com *.6sc.co *.6sense.com *.jquery.com heapanalytics.com https://*.maze.co/ js.hscta.net no-cache.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net;font-src 'self' *.gstatic.com *.typekit.net *.wistia.com cdnjs.cloudflare.com script.hotjar.com a.omappapi.com data: ifaqs.flexanswer.com s3-us-west-2.amazonaws.com *.sg.va.sabio.cloud heapanalytics.com https://*.maze.co/;media-src 'self' *.wistia.net *.wistia.com embedwistia-a.akamaihd.net data: blob: static.zdassets.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' code.jquery.com www.googletagmanager.com tagmanager.google.com www.googleadservices.com optimize.google.com *.googleapis.com *.hs-banner.com *.hs-scripts.com www.google-analytics.com static.hotjar.com bizographics.com static.ads-twitter.com *.postcodeanywhere.co.uk *.pcapredict.com *.loqate.com *.addressy.com *.gbgplc.com snap.licdn.com *.facebook.net googleads.g.doubleclick.net *.hs-analytics.net *.hsleadflows.net *.hsadspixel.net js.hscta.net *.hubspot.com static.hsappstatic.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.hubspotfeedback.com feedback.hubapi.com sjs.bizographics.com script.hotjar.com px.ads.linkedin.com analytics.twitter.com www.google.com *.gstatic.com platform.linkedin.com *.usemessages.com addtocalendar.com *.sharethis.com amplify.outbrain.com *.hsforms.net *.hsforms.com *.onetrust.com bat.bing.com use.typekit.net cdnjs.cloudflare.com *.opmnstr.com snid.snitcher.com a.trstplse.com *.wistia.com *.wistia.net player.vimeo.com *.demandbase.com src.litix.io cdn.jsdelivr.net static.codepen.io platform.twitter.com zucvhpjgqj.execute-api.ap-southeast-2.amazonaws.com hosted.mastersoftgroup.com a.omappapi.com unpkg.com secure.perk0mean.com ruler.nyltx.com *.clickcease.com tr.outbrain.com analytics.nyltx.com ifaqs.flexanswer.com static.zdassets.com *.buzzsprout.com *.litix.io www.clickcease.com monitor.clickcease.com tr.outbrain.com *.sg.va.sabio.cloud js.monitor.azure.com *.atmrum.net *.stackadapt.com www.googleoptimize.com resources.customersure.com du89v9a480hlb.cloudfront.net js.hubspot.com *.6sc.co *.6sense.com cdn.heapanalytics.com heapanalytics.com https://*.maze.co/ secure.intelligent-business-7.com;connect-src 'self' *.google-analytics.com *.hubapi.com *.hubspot.com *.hotjar.com vc.hotjar.io *.sharethis.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com decollector.tealeaf.ibmcloud.com gbg-global.azureedge.net www.facebook.com *.vimeo.com *.vimeocdn.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.onetrust.com *.omappapi.com api.opmnstr.com performance.typekit.net api.trstplse.com api.company-target.com stats.g.doubleclick.net segments.company-target.com hosted.mastersoftgroup.com *.loqate.com wss: ir.q4europe.com *.lottiefiles.com snid.snitcher.com analytics.nyltx.com ekr.zdassets.com ifaqs.flexanswer.com flexanswer1656.zendesk.com docs.idscan.com monitor.clickcease.com *.sg.va.sabio.cloud dc.services.visualstudio.com forms.hsforms.com gbg.workable.com www.workable.com *.atmrum.net *.stackadapt.com maps.googleapis.com api.investisdigital.com hubspot-forms-static-embed.s3.amazonaws.com gbg.customersure.com *.6sc.co *.6sense.com uksouth-1.in.applicationinsights.azure.com cdn.linkedin.oribi.io heapanalytics.com https://*.maze.co/ js.hscta.net *.hs-banner.com *.hscollectedforms.net *.hsforms.com client-api.auryc.com;frame-src 'self' www2.gbgplc.com *.vimeo.com vimeo.com *.youtube.com *.vimeocdn.com platform.twitter.com syndication.twitter.com *.fls.doubleclick.net vars.hotjar.com www.facebook.com stats.g.doubleclick.net fast.wistia.net fast.wistia.com www.glassdoor.co.uk www.google.com optimize.google.com www.linkedin.com ir.q4europe.com c.sharethis.mgr.consensu.org *.hsforms.net *.hsforms.com play.hubspotvideo.com *.hubspot.net *.hs-sites.com *.onetrust.com *.postcodeanywhere.co.uk *.pcapredict.com *.addressy.com *.gbgplc.com *.hubspot.com app.hubspot.com codepen.io *.loqate.com *.buzzsprout.com www.edisoninvestmentresearch.com otp.tools.investis.com www.connectidfeed.com gbg.customersure.com *.6sc.co *.6sense.com *.hs-sites.com td.doubleclick.net;frame-ancestors 'self' *.loqate.com gbgplc.interactgo.com;worker-src  blob:; 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; img-src 'self' data: https:; object-src 'none'; base-uri 'self'; frame-ancestors 'self' ; 1
style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' www.google.com fonts.googleapis.com; font-src data: 'self' 'unsafe-inline' fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net js.hs-scripts.com js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.hs-analytics.net js.hscollectedforms.net js.usemessages.com connect.facebook.net; frame-ancestors 'none'; 1
frame-ancestors 'self' intranet.swbno.org webadmin.swbno.org *.swbno.org; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.nola.gov *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net *.aspnetcdn.com *.facebook.net *.facebook.com *.office.com *.cloudflare.com webadmin.swbno.org *.swbno.org swbno.maps.arcgis.com *.maps.arcgis.com *.gstatic.com *.accessibe.com *.youtube.com *.userway.org *.powerbi.com *.arcgis.com *.esri.com cdn.jsdelivr.net fonts.googleapis.com *.visualstudio.com cdn.materialdesignicons.com app.purechat.com api.purechar.com platform.twitter.com www.google-analytics.com widgetapi.purechat.com cdn.syndication.twimg.com syndication.twitter.com api-cdn.purechat.com pbs.twimg.com prod.purechatcdn.com syndication.twitter.com *.twitter.com *.purechat.com *.purecharcdn.com *.google.com *.googleapis.com *.google-analytics.com *.twimg.com; font-src * data: blob:; img-src  * data: blob: ; worker-src * blob: ; media-src * blob: 1
frame-ancestors https://www.rockvalleycollege.edu http://dev.rockvalleycollege.edu http://author.rockvalleycollege.edu https://a.cms.omniupdate.com/11/ https://beta.rockvalleycollege.edu admin.emsicc-qa.com admin.emsicc.com admin.lightcastcc-qa.com admin.lightcastcc.com admin.lightcastcc-qa.io admin.lightcastcc.io https://widget.lightcastcc.com/ 1
frame-src 'self'; frame-ancestors 'self' https://hq.thesoul.io https://apicurio-registry-ui.tsp.li/ https://thesoul.atlassian.net https://cer.tsp.li/ https://cass.tsp.li/ https://project-portfolio-app.tsp.li/ https://diffusion.tsp.li/ https://creator-management.tsp.li/ https://thesoul.io/; object-src 'none'; report-uri https://csp.tsp.la/report; 1
frame-ancestors 'self' *.scrapfly.io; font-src 'self' *.scrapfly.io https://*.crisp.chat https://fonts.gstatic.com https://cdnjs.cloudflare.com; default-src 'self' *.scrapfly.io https://*.clarity.ms https://c.bing.com 'unsafe-inline'; img-src 'self' *.scrapfly.io data: https://c.bing.com https://*.clarity.ms https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://cdn.scrapfly.io https://assets.capterra.com https://logo.clearbit.com https://maps.googleapis.com https://maps.gstatic.com https://googlechromelabs.github.io https://ssl.gstatic.com https://run.pstmn.io https://*.crisp.chat https://*.placeholder.com; media-src 'self' *.scrapfly.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.scrapfly.io data: https://googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://*.googletagmanager.com https://www.clarity.ms https://polyfill.io https://maps.googleapis.com https://www.gstatic.com https://*.statuspage.io https://unpkg.com https://run.pstmn.io https://*.crisp.chat https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://hcaptcha.com https://*.hcaptcha.com https://www.googleadservices.com https://ipinfo.io https://*.stripe.com; style-src 'self' 'unsafe-inline' *.scrapfly.io https://googletagmanager.com https://tagmanager.google.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.jsdelivr.net https://client.crisp.chat https://unpkg.com https://fonts.googleapis.com https://use.fontawesome.com https://*.hcaptcha.com; frame-src 'self' *.scrapfly.io https://www.youtube.com/embed/ https://go.crisp.chat https://*.statuspage.io https://*.hcaptcha.com https://*.stripe.com; worker-src 'self' *.scrapfly.io blob: data:; connect-src 'self' *.scrapfly.io https://*.scrapfly.io https://polyfill.io https://*.clarity.ms https://www.gstatic.com https://maps.googleapis.com https://ipinfo.io https://*.statuspage.io https://*.crisp.chat wss://client.relay.crisp.chat https://hcaptcha.com https://*.hcaptcha.com https://*.stripe.com; 1
default-src https: 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.patrickabt.ch https://pagead2.googlesyndication.com https://www.google.com https://adservice.google.com https://partner.googleadservices.com https://tpc.googlesyndication.com https://adservice.google.ch https://googleads.g.doubleclick.net; frame-src https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src data: https: 1
style-src 'self' *.googleapis.com *.bootstrapcdn.com *.varsome.com 'unsafe-inline'; frame-src 'self' *.hubspot.com *.varsome.com *.doubleclick.net *.google.com; script-src 'strict-dynamic' 'self' *.google.com *.doubleclick.net *.googleapis.com *.gstatic.com *.saphetor.com *.googletagmanager.com *.google-analytics.com *.hs-analytics.net *.usemessages.com *.bizographics.com *.jsdelivr.net *.hsadspixel.net *.licdn.com *.cookiepro.com *.linkedin.com *.varsome.com *.fontawesome.com *.cloudflare.com *.bootstrapcdn.com *.hs-scripts.com *.hscta.net *.hubspot.com *.hubspotfeedback.com *.hsforms.net *.hsforms.com *.jquery.com *.hs-banner.com *.googleadservices.com *.recaptcha.net *.clarity.ms local.varsome.com 'nonce-C/yq4aty10/TMWg1YZaxzA=='; connect-src 'self' *.clarity.ms *.cookiepro.com *.varsome.com *.hubapi.com *.hubspot.com *.hubspotfeedback.com *.google-analytics.com *.rollbar.com *.beacon-network.org; object-src 'none'; default-src 'none'; font-src 'self' *.bootstrapcdn.com *.varsome.com *.gstatic.com; img-src 'self' *.hubspot.com *.google.com *.varsome.com *.google.gr *.hsforms.com *.gravatar.com *.googletagmanager.com *.clarity.ms *.bing.com data: *.cookiepro.com *.hubspotusercontent40.net; frame-ancestors 'self' *.googletagmanager.com *.varsome.com; base-uri 'none'; form-action 'self' *.varsome.com 1
frame-ancestors app.1.30sec.fr 30sec.fr https://www.avekapeti.com http://bctraiteur.com https://www.boboresto.fr/ https://basil.fr https://www.dejbox.fr https://www.dood.company https://api.dood.company https://www.dood.com https://api.dood.com https://dood-feeds.dood.company https://www.eatlf.fr https://www.foodcheri.com http://www.foodcheri.com https://www.junglecook.com https://www.lf.fr https://lafringalerie.fr https://www.lebonbocal.fr https://lebonbocal.fr http://www.lebonbocal.fr http://lebonbocal.fr https://www.plateaux-repas-orleans.com https://www.le-chemin-des-saveurs.com https://www.diyas-salads.com http://www.melchior.pro https://melchior.xcard.me http://localhost:3000 https://monpaniervert.fr https://nestorparis.com https://c.obypay.com https://*.c.obypay.com https://pidelice.com https://commande.popotes.fr https://manager.my-resto.net https://blacksheep-api.herokuapp.com https://blacksheep-api-testprod.herokuapp.com https://sauvetoncommerce.fr https://*.sioupla.it https://siouplait.com https://*.eatoffice.com https://*.edenred.io 1
default-src 'self' blob: www.gravatar.com player.vimeo.com *.vimeocdn.com packages.umbraco.org our.umbraco.org bat.bing.com *.data-crypt.com *.doubleclick.net *.nyltx.com *.google.com *.google.co.uk *.analytics.google.com *.google-analytics.com *.googleapis.com snap.licdn.com *.infinity-tracking.net *.hotjar.com *.hotjar.io wss://*.hotjar.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.typeform.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: code.jquery.com *.gstatic.com *.google.com *.google.co.uk *.googletagmanager.com *.analytics.google.com *.google-analytics.com *.googleapis.com snap.licdn.com *.trustpilot.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.nyltx.com www.facebook.com connect.facebook.net bat.bing.com *.data-crypt.com *.doubleclick.net *.infinity-tracking.net *.typeform.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typeform.com;img-src 'self' data: static.paystream.co.uk paystream-static-test.azureedge.net *.linkedin.com paystream.msgfocus.com www.googletagmanager.com www.gravatar.com umbraco.tv bat.bing.com *.facebook.com *.google.co.uk *.gstatic.com *.googleapis.com *.google.com *.google.co.uk *.typeform.com *.umbraco.com;font-src 'self' fonts.gstatic.com;frame-src 'self' *.google.com *.google.co.uk www.youtube.com www.facebook.com *.trustpilot.com *.typeform.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-ODRmZmM5ZGE0M2Q3NGQ5Mg=='; block-all-mixed-content; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.litix.io embedwistia-a.akamaihd.net/ https://*.marketo.net https://*.salesforceliveagent.com https://*.wistia.com https://1.tl813.com https://a.adroll.com/ https://a.sfdcstatic.com https://analytics.twitter.com https://apis.google.com https://app-sj15.marketo.com https://autocomplete.demandbase.com https://cdn.cookielaw.org/consent/4a3b4a16-9af0-4726-976d-39737fb16905.js https://checkout.stripe.com https://connect.facebook.net https://connectors.tableau.com https://d.adroll.com/ https://d.adroll.mgr.consensu.org https://demdex.com https://dpm.demdex.net https://fast.wistia.com https://fast.wistia.net/ https://geolocation.onetrust.com https://googleads.g.doubleclick.net/ https://js.adsrvr.org/ https://m.addthis.com https://m.addthisedge.com https://omtr2.partners.salesforce.com https://org62.my.salesforce.com https://platform.twitter.com https://play.vidyard.com https://px.ads.linkedin.com/ https://quip-cdn.com https://quip-marketing.com https://s.adroll.com/ https://s.ytimg.com https://s7.addthis.com https://scripts.demandbase.com https://sdk.snapkit.com https://secure2.sfdcstatic.com https://sjs.bizographics.com https://snap.licdn.com/ https://src.litix.io https://ssl.google-analytics.com https://static.ads-twitter.com https://static.lightning.force.com https://store.salesforce.com https://t.sf14g.com https://tag.demandbase.com/shared/forms.min.js https://tagmanager.google.com https://tracking.g2crowd.com https://vidassets.terminus.services https://wistia.com https://www-onepick-opensocial.googleusercontent.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.linkedin.com/csp/dtag https://www.youtube.com; frame-ancestors https://www.quip-resource-center.com http://www.quip-resource-center.com; report-uri /csp-report 1
frame-ancestors 'self' https://web2pay.3cint.com; 1
default-src 'self' blob: storage.net-fs.com *.google.com *.google-analytics.com *.youtube.com *.googleapis.com *.gstatic.com *.doubleclick.net region1.analytics.google.com jobs.comsoft.de tools.euroland.com tools.eurolandir.com asia.tools.euroland.com *.a1.net live.virtual-events.at *.eloqua.com cdn.linkedin.oribi.io *.linkedin.com; frame-src 'self' indd.adobe.com storage.net-fs.com www.google.com *.google-analytics.com *.youtu.be *.youtube.com *.googleapis.com *.gstatic.com jobs.comsoft.de tools.euroland.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at *.vimeo.com vimeo.com my.matterport.com; style-src 'self' 'unsafe-inline' storage.net-fs.com *.googleapis.com *.googletagmanager.com *.gstatic.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net live.virtual-events.at; img-src 'self' data: region1.analytics.google.com www.google.de www.google.at storage.net-fs.com *.google-analytics.com *.googleapis.com *.gstatic.com tools.euroland.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.a1.group live.virtual-events.at *.eloqua.com px.ads.linkedin.com *.frequentis.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.frequentis.com storage.net-fs.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/ www.google.com jobs.comsoft.de tools.euroland.com tools.eurolandir.com asia.tools.euroland.com webcast.a1.net *.zencdn.net test.frequentis.com.xserv21032.hybridserver.at *.en25.com snap.licdn.com blob: live.virtual-events.at; font-src 'self' data: storage.net-fs.com *.gstatic.com; 1
frame-ancestors 'self' https://fargo.focus511.com https://casscountynd.gov https://*.casscountynd.gov; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.fargond.gov *.cityoffargo.com translate.googleapis.com ajax.googleapis.com *.googleapis.com *.googletagmanager.com *.g.doubleclick.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com translate.google.com www.google-analytics.com www.google.com *.gstatic.com www.youtube.com i.ytimg.com *.ggpht.com js.arcgis.com static.arcgis.com server.arcgisonline.com services.arcgisonline.com connect.facebook.net *.facebook.com platform.twitter.com syndication.twitter.com *.fbcdn.net *.twimg.com api.cablecast.tv siteimproveanalytics.com 15203163.global.siteimproveanalytics.io player.vimeo.com calendly.com *.calendly.com data: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdnjs.cloudflare.com *.googleapis.com *.gstatic.com *.google-analytics.com *.addthis.com *.amigosmuseoprado.org *.google.com *.ytimg.com *.youtube.com *.addthisedge.com *.bookitit.com *.jsdelivr.net *.ovidds.com my.icareus.com icomem.probetax.es *.twitter.com *.twimg.com *.facebook.net *.facebook.com *.metricool.com https://*.hotjar.com wss://*.hotjar.com *.hotjar.io *.addtoany.com *.webempresa.eu unpkg.com *.arkibot.app *.googletagmanager.com *.saludalplato.es quickchart.io 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://usocial.pro https://strm.yandex.ru; script-src 'self' 'unsafe-inline' https://novvedomosti.ru https://yandex.ru https://mc.yandex.ru https://mc.yandex.com https://an.yandex.ru https://strm.yandex.ru https://yastatic.net https://cdn.ampproject.org https://www.googletagmanager.com https://cdn.ampproject.org https://usocial.pro https://cdn.jsdelivr.net https://informer.yandex.ru; img-src 'self' https://macropod.ru https://yandex.ru https://informer.yandex.ru https://ad.adriver.ru https://mc.yandex.ru https://mc.webvisor.org https://mc.yandex.com https://amc.yandex.ru https://storage.mds.yandex.net https://avatars.mds.yandex.net https://favicon.yandex.net https://analytics.google.com https://www.google.ru https://www.google.be https://www.google-analytics.com; connect-src 'self' https://yandex.ru https://an.yandex.ru https://verify.yandex.ru https://mc.yandex.ru https://mc.yandex.com https://log.strm.yandex.ru https://strm.yandex.ru https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://cdn.ampproject.org https://www.googletagmanager.com https://3p.ampproject.net https://*.ampproject.net; child-src blob: https://novvedomosti.ru/pwa.js https://mc.yandex.ru https://mc.yandex.com; frame-src blob: https://yastatic.net https://mc.yandex.ru https://mc.yandex.com https://www.google.com https://metrika.yandex.ru https://www.youtube.com https://vk.com https://*.ampproject.net; worker-src 'self' https://novvedomosti.ru/pwa.js; font-src 'self' https://yastatic.net https://usocial.pro; media-src 'self' https://strm.yandex.ru 1
frame-ancestors 'self' www.woodworkerexpress.com catalog.woodworkerexpress.com www.baersupply.com bt1.baersupply.com; 1
script-src 'nonce-uedRFUowyzYlgEEnf4xwcg==' 'strict-dynamic' https: 'unsafe-inline' 'report-sample'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=aYEENHdWQuVQ31AgwfUeQxUpfm7xUz-CwttwvBq7en4Q4H0OFfn57Gg3QnVqnjOP0vb0DVCiEEfNsU8=&policy_id=9&user_id=&request_id=8c62740c-e473-4329-9b56-578dad079408; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
form-action 'self';object-src 'none' 1
default-src 'self' https://app.powerbi.com/ http://127.0.0.1:5173/ https://www.youtube.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube-nocookie.com/ https://qa.mycommunitydirectory.com.au/ https://www.mycommunitydirectory.com.au/ https://www.google.com https://maxcdn.bootstrapcdn.com https://08ffcdcdbe5649d9a6569f62408d8e7a.ap-southeast-2.aws.found.io:9243/ https://netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com https://uat.mycommunitydiary.com.au  https://qa.mycommunitydiary.com.au https://www.mycommunitydiary.com.au https://www.mcdiary.com/ https://www.facebook.com/ https://www.google-analytics.com https://maps.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com;      script-src 'self' 'unsafe-eval' 'unsafe-inline' https://dev.visualwebsiteoptimizer.com/ https://cdn.jsdelivr.net/npm/ https://platform.twitter.com/ http://ajax.googleapis.com/ https://ajax.cloudflare.com https://mc.yandex.ru/ https://qa.mycommunitydirectory.com.au https://www.mycommunitydirectory.com.au https://cdn.datatables.net  https://platform-api.sharethis.com/ https://platform.twitter.com/ https://buttons-config.sharethis.com/ https://z.moatads.com https://en.wikipedia.org https://translate-pa.googleapis.com https://translate-pa.googleapis.com https://www.google.com https://translate-pa.googleapis.com https://www.gstatic.com https://ajax.aspnetcdn.com https://ajax.googleapis.com https://netdna.bootstrapcdn.com https://uat.mycommunitydiary.com.au  https://qa.mycommunitydiary.com.au https://www.mycommunitydiary.com.au https://www.mcdiary.com/ https://wchat.freshchat.com https://translate.googleapis.com/ https://go.communityinfo.org.au/ https://pi.pardot.com https://translate.google.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.googleoptimize.com https://connect.facebook.net https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com;      style-src 'self' 'unsafe-inline' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://ajax.googleapis.com/ https://translate.googleapis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.gstatic.com;      img-src 'self' data: https://translate.google.com/ https://dev.visualwebsiteoptimizer.com/ https://mc.yandex.com/ https://classbento.com.au/images/ https://cdn.weatherapi.com/weather/ https://l.sharethis.com/ https://platform-cdn.sharethis.com/ https://www.linkedin.com https://ciestdynamicpagesprd.blob.core.windows.net https://ciestdynamicpagesuat.blob.core.windows.net https://ciestdynamicpagesqa.blob.core.windows.net https://mc.yandex.ru/metrika/advert.gif https://www.mycommunitydirectory.com.au https://px4.ads.linkedin.com https://px4.ads.linkedin.com https://qadirectorycdn.blob.core.windows.net https://www.google-analytics.com https://cdn.jsdelivr.net https://cdn.rawgit.com https://ajax.googleapis.com https://dummyimage.com https://cdn.eventfinda.com.au https://assets.atdw-online.com.au https://cdnjs.cloudflare.com https://translate.googleapis.com https://www.google.com https://www.gstatic.com https://p.adsymptotic.com https://www.googletagmanager.com https://px.ads.linkedin.com https://www.facebook.com https://mcdcdn.blob.core.windows.net https://maps.gstatic.com https://maps.googleapis.com https://fonts.gstatic.com;      connect-src 'self' https://translate-pa.googleapis.com/ https://mc.yandex.com/ https://px.ads.linkedin.com/ http://api.weatherapi.com/v1/ https://ciestdynamicpagesprd.blob.core.windows.net https://ciestdynamicpagesuat.blob.core.windows.net https://ciestdynamicpagesqa.blob.core.windows.net https://cdn.linkedin.oribi.io https://api.communityinformationexchange.com.au https://mcdcdn.blob.core.windows.net https://api.mycommunitycentral.com https://mc.yandex.ru https://www.mycommunitydiary.com.au https://api-cie.azurewebsites.net https://qaapi.mycommunitycentral.com https://uatapi.mycommunitycentral.com https://www.mcdapi.com https://maps.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://p.adsymptotic.com https://translate.googleapis.com https://l.sharethis.com/; 1
default-src https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src *.youtube-nocookie.com; img-src 'self' *.paypalobjects.com data:; frame-ancestors 'self' *.example.net; 1
frame-ancestors www.hautehorlogerie.org; 1
base-uri 'self'; default-src 'none'; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://production-edulla-bot-interface.s3.amazonaws.com/ https://bot.app.edulla.ai/ https://www.youtube.com/ https://assets.calendly.com/ https://app.livemarketshoppers.com/ https://translate-pa.googleapis.com/ https://cdn.jsdelivr.net/ https://api2.authorize.net/ https://api.authorize.net/ https://api1.authorize.net/ https://apitest.authorize.net/ https://jstest.authorize.net/ https://js.authorize.net/ https://sc-static.net/ https://ct.pinterest.com/ https://s.pinimg.com/ https://cse.google.com/ https://use.typekit.net/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://connect.facebook.net/en_US/ https://translate.google.com/ https://cdn.twimg.com/ https://cdn.syndication.twimg.com/ https://platform.twitter.com/ https://cdn.edulla.ai/prod/TCSG/ https://apis.google.com/ https://translate.googleapis.com/ https://www.google-analytics.com/ https://u.heatmap.it/ https://cdn.resonate.com/ https://connect.facebook.net/ https://maps.googleapis.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.google.com/; connect-src 'self' https://production-edulla-bot-interface.s3.amazonaws.com/ https://bot.app.edulla.ai/ https://tr.snapchat.com/ https://use.fontawesome.com/releases/ https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://translate.googleapis.com/ https://api2.authorize.net/ https://api.authorize.net/ https://api1.authorize.net/ https://apitest.authorize.net/ https://jstest.authorize.net/ https://js.authorize.net/ https://sc-static.net/ https://ct.pinterest.com/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://ds.reson8.com/ https://www.facebook.com https://maps.googleapis.com/; img-src 'self' https://gravityforms.s3.amazonaws.com/ https://s389245.pcdn.co/ https://s3.amazonaws.com/ https://www.gravitykit.com/ https://ton.twimg.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://pbs.twimg.com/ https://abs.twimg.com/ https://ct.pinterest.com/ https://tr.snapchat.com/ https://hits.livemarketshoppers.com/ https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://translate.google.com/ https://www.googleapis.com/ https://www.clients1.google.com/generate_204 https://tcsg.edu/ https://theeventscalendar.com/ https://gravityview.co/ https://s.w.org/ https://translate.googleapis.com/ https://cdn.edulla.ai/ https://pixel.programmatictrader.com/ https://click.programmatictrader.com/ https://secure.gravatar.com/avatar/ https://p.typekit.net/ https://pixel.sitescout.com/ https://us4.heatmap.it/ https://www.facebook.com/ https://translate.googlapis.com/ https://clickserv.sitescout.com/ https://www.google-analytics.com/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://maps.google.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://ps.w.org/ data:; style-src 'self' 'unsafe-inline' https://production-edulla-bot-interface.s3.amazonaws.com/ https://rgsharedweb.s3.amazonaws.com/ https://platform.twitter.com/ https://ton.twimg.com/ https://www.google.com/ https://use.fontawesome.com/ https://translate.googleapis.com/ https://fonts.googleapis.com/ https://www.gstatic.com/ https://ajax.googleapis.com/; font-src 'self' https://use.fontawesome.com/ https://fonts.gstatic.com/ https://use.typekit.net/ data:; form-action 'self' https://oauth.gravitywiz.com/ https://tcsg.edu https://www.facebook.com/ https://dtae.sharepoint.com/; frame-src 'self' https://tcsg.edu https://georgia.findhelp.com/ https://atlantatechnicalcollege.my.salesforce-sites.com/ https://bot.app.edulla.ai/ https://gpl.gsu.edu/ https://content.googleapis.com/ https://content-youtube.googleapis.com/ https://calendly.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://web.facebook.com/ https://tr.snapchat.com/ https://mapsengine.google.com/ https://maps.google.com/ https://api2.authorize.net/ https://api.authorize.net/ https://api1.authorize.net/ https://apitest.authorize.net/ https://jstest.authorize.net/ https://js.authorize.net/ https://cse.google.com/ https://tcsg.tfaforms.net/ https://calendar.google.com/ https://accounts.google.com/ https://www.mappity.org/ https://kms.tcsg.edu/ https://www.google.com/ https://www.twitter.com/ https://www.facebook.com/ https://www.youtube.com/ https://cdn.edulla.ai/ https://www.botframework.com/ https://pixel.programmatictrader.com/ https://pixel.sitescout.com/ https://www.campaign-archive.com/ https://www.heatmap.it/ https://docs.google.com/ https://tcsgecondev.coxnextcreative.com/ https://us11.campaign-archive.com/; frame-ancestors 'self' https://pages.coxnext.com/ https://www.succeedsooner.com https://kms.tcsg.edu/ https://tcsgecondev.coxnextcreative.com/; object-src 'none'; plugin-types application/pdf application/javascript application/x-javascript; block-all-mixed-content; worker-src 'self' blob:; 1
default-src *; img-src * 'self' data: https:; style-src * 'self' 'unsafe-inline'; script-src  * 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 1
default-src 'self' *.livechatinc.com *.facebook.com *.doubleclick.net *.kontomatik.com *.salesmanago.pl *.salesmanago.com *.transactionlink.io; connect-src 'self' *.transactionlink.io wss://*.transactionlink.io *.sentry.io *; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' *.cloudflare.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.facebook.net *.doubleclick.net *.livechatinc.com *.mouseflow.com *.cloudfront.net *.nethone.io *.rollbar.com *.kontomatik.com *.salesmanago.pl *.salesmanago.com *.cux.io *.cookiebot.com *.google.com *.transactionlink.io static.hotjar.com *.aasapolska.pl; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com cdn-uicons.flaticon.com https://unpkg.com/ *.transactionlink.io; img-src 'self' data: blob: https: *.salesmanago.pl *.salesmanago.com *.transactionlink.io; font-src 'self' *.transactionlink.io fonts.gstatic.com data:; worker-src 'self' blob: *.logrocket.io; frame-src *.cookiebot.com *.facebook.com *.doubleclick.net *.kontomatik.com 'self' https://secure.livechatinc.com *.googletagmanager.com *.salesmanago.pl *.salesmanago.com *.transactionlink.io; frame-ancestors 'self' 1
frame-ancestors http://*.nip.io/ 'self' www.miclaroapp.com.co miclaroapp.com.co www.claroaparatiprimero.co claroparatiprimero.co www.apiselfservice.co apiselfservice.co https://servidorclaro-cristianfuentes.c9users.io/ https://www.claro.com.co/ https://miclaroweb-fabricadigital.codeanyapp.com/ sscoqa.tmx-internacional.net www.miclaro.com.co http://aplicaciones.claro.com.co/ http://52.73.130.145/ http://54.82.32.88/; 1
font-src 'self' data:; media-src 'self' https://cdn.pfh.de; object-src 'none'; frame-ancestors 'self'; report-uri https://www.pfh.de/report-uri/enforce 1
frame-ancestors same; report-uri /report-csp-violation 1
default-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.swiftypecdn.com *.swiftype.com geoip-js.com *.geoip-js.com *.crazyegg.com *.zoominfo.com *.pingdom.net *.doubleclick.net *.maxmind.com *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.onetrust.com *.zscalertwo.net; script-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.maxmind.com *.crazyegg.com *.gstatic.com *.zoominfo.com *.pingdom.net *.googleadservices.com *.licdn.com *.hsforms.com *.hsforms.net hubspot-forms-static-embed.s3.amazonaws.com *.cookielaw.org *.salesforceliveagent.com c.la4-c2-dfw.salesforceliveagent.com c.la1-c1-ord.salesforceliveagent.com *.facebook.net *.doubleclick.net *.rmtag.com *.linksynergy.com 'unsafe-inline'; style-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.googleapis.com 'unsafe-inline'; img-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com data: seal-delaware.bbb.org *.linkedin.com *.hsforms.com s.w.org i.ytimg.com *.doubleclick.net *.cookielaw.org *.facebook.com; font-src 'self' incorporateapp-test.azurewebsites.net cscmarketing-incorporate-prod-container.azurewebsites.net *.incorporate.com cscwebcontentstorage.blob.core.windows.net *.cscglobal.com ocp.cscglobal.com csc.global *.google.com *.google-analytics.com *.googletagmanager.com *.swiftypecdn.com *.swiftype.com *.gstatic.com data:; frame-src 'self' *.google.com *.youtube.com *.swiftypecdn.com *.swiftype.com *.hsforms.com *.doubleclick.net; object-src 'none' 1
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
default-src 'self' www.paramountplants.co.uk *.google.com *.google.co.uk *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.algolia.net *.algolianet.com *.doubleclick.net  api.reviews.io widget.reviews.io api.reviews.co.uk widget.reviews.co.uk *.gstatic.com www.youtube.com *.paypal.com *.olark.com www.facebook.com *.paypalobjects.com;script-src  'self' www.paramountplants.co.uk 'unsafe-inline' 'unsafe-eval'  *.google.com *.google.co.uk *.google-analytics.com *.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.gstatic.com ajax.googleapis.com *.doubleclick.net bat.bing.com s.ytimg.com cdn.jsdelivr.net polyfill.io widget.reviews.io widget.reviews.co.uk www.youtube.com s3.amazonaws.com               *.olark.com *.cloudfront.net *.paypal.com *.us13.list-manage.com *.algolianet.com *.algolia.net connect.facebook.net *.paypalobjects.com cc-cdn.com x.klarnacdn.net js.klarna.com cloud.flmngr.com;style-src       'self' 'unsafe-inline' www.paramountplants.co.uk *.gstatic.com *.cloudfront.net widget.reviews.io widget.reviews.co.uk www.youtube.com static.olark.com *.olark.com *.paypal.com translate.googleapis.com fonts.googleapis.com cc-cdn.com *.mailchimp.com cdn.honey.io x.klarnacdn.net  ; img-src * data:;font-src    'self' www.paramountplants.co.uk data: *.cloudfront.net *.gstatic.com static.olark.com cdn.honey.io  x.klarnacdn.net;connect-src 'self' data: www.paramountplants.co.uk *.google.com *.google.co.uk *.google-analytics.com www.google-analytics.com *.googleadservices.com www.googleadservices.com *.googletagmanager.com www.googletagmanager.com *.googlesyndication.com *.analytics.google.com bat.bing.com *.cloudfront.net cc-cdn.com api.craftyclicks.co.uk js.klarna.com *.klarnacdn.net *.klarnaevt.com                  eu-assets.klarnaservices.com *.reviews.co.uk *.algolianet.com *.algolia.net  *.olark.com *.doubleclick.net *.us13.list-manage.com *.paypalobjects.com cdn.jsdelivr.net s3.amazonaws.com polyfill.io *.paypal.com *.gstatic.com  *.mailchimp.com cdn-images.mailchimp.com;base-uri    'self';frame-src   'self' www.paramountplants.co.uk *.youtube.com *.paypal.com *.paypalobjects.com *.doubleclick.net *.reviews.co.uk www.google.com *.olark.com js.klarna.com eu-assets.klarnaservices.com osm.klarnaservices.com www.googletagmanager.com ;report-uri /CSPReport 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-Ybnd0d9t3HdOzXKJgioP4JArl' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com https://*.hotjar.com  https://*.clarity.ms maps.googleapis.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://www.googleadservices.com https://static.hotjar.com https://*.hotjar.com  https://*.clarity.ms maps.googleapis.com www.google-analytics.com www.googletagmanager.com connect.facebook.net bat.bing.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com https://*.hotjar.com data:; img-src 'self' https://*.hotjar.com https://c.bing.com https://c.clarity.ms https://connect.facebook.net www.googletagmanager.com *.doubleclick.net https://www.google.mk https://www.google.com.au www.facebook.com bat.bing.com www.google-analytics.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; frame-src https://www.google.com *.googlesyndication.com *.booki-med.com.au *.googletagmanager.com i-med.com.au *.facebook.com https://*.doubleclick.net; connect-src 'self' https://www.google.com.au https://*.clarity.ms bat.bing.com *.doubleclick.net https://adservice.google.com https://*.analytics.google.com analytics.google.com maps.googleapis.com www.google-analytics.com https://www.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri /csp-report 1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval'; img-src 'self' https://img.shields.io https://www.abuseipdb.com; style-src 'self' 'unsafe-inline'; object-src 'none' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com https://www.google.com/ https://maps.googleapis.com https://fonts.googleapis.com https://browser-update.org https://www.gstatic.com https://www.google-analytics.com https://*.tupras.com.tr https://*.foreks.com https://*.forinvestcdn.com; worker-src blob: 1
default-src 'self' blob:; font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.cloudfront.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com ;img-src 'self' data: blob: https://ps.w.org https://s.w.org https://res.cloudinary.com https://*.hormel.com https://secure.gravatar.com https://*.salsify.com https://bugherd-attachments.s3.amazonaws.com https://*.bugherd.com https://www.googletagmanager.com https://*.cloudfront.net https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://*.bing.com https://*.cloudfront.net https://*.hormel.com https://*.sharethis.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://hormelchat.secure.force.com https://*.salesforceliveagent.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://hormel--staging.sandbox.my.salesforce-sites.com https://mpsnare.iesnare.com https://ui.powerreviews.com https://*.jsdelivr.net https://www.google-analytics.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://*.cloudfront.net https://ws.sharethis.com https://*.salesforce.com https://*.salesforceliveagent.com ;style-src 'self' 'unsafe-inline' https://s0.wp.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://hormelchat.secure.force.com https://*.bugherd.com https://*.hormel.com https://*.hormelfoods.com https://*.jsdelivr.net https://*.mapbox.com https://*.pricespider.com https://maxcdn.bootstrapcdn.com https://*.cloudfront.net https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://use.fontawesome.com https://fonts.googleapis.com https://*.force.com https://smartlabel.hormelfoods.com https://cdnjs.cloudflare.com https://*.pricespider.com ;connect-src 'self' https://*.hormelfoods.com https://*.google.com wss://ws-mt1.pusher.com https://sockjs.pusher.com https://yoast.com https://hormel.my.salesforce-sites.com https://*.bugherd.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://hormel--staging.sandbox.my.salesforce-sites.com https://hormelchat.secure.force.com https://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.iriworldwide.com wss://ws.pusherapp.com https://*.doubleclick.net https://www.google-analytics.com https://*.pusher.com https://*.sharethis.com https://*.powerreviews.com https://*.force.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://widgets.wp.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.force.com https://highpressuretechnology.eatwholly.com https://www.facebook.com/ https://*.doubleclick.net 1
frame-ancestors 'self' https://www.growingio.com 1
base-uri 'self'; block-all-mixed-content; form-action 'self'; frame-ancestors 'self'; worker-src 'none' 1
default-src 'self' *.effia.com https://themes.googleusercontent.com https://maxcdn.bootstrapcdn.com *.google.fr *.google.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net hcaptcha.com *.hcaptcha.com *.abtasty.com data: https://alize-map.azurewebsites.net https://sdk.privacy-center.org https://api.privacy-center.org https://tag.aticdn.net/piano-analytics.js https://nssvsmp.pa-cd.com *.googleadservices.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.effia.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://sdk.privacy-center.org https://api.privacy-center.org https://tag.aticdn.net/piano-analytics.js https://nssvsmp.pa-cd.com *.googleadservices.com https://homologation-payment.payline.com https://maps.googleapis.com https://payment.payline.com https://webpayment.dev.payline.com https://www.appelsiini.net; script-src-elem 'self' 'unsafe-inline' *.effia.com *.googletagmanager.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.doubleclick.net *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://sdk.privacy-center.org https://api.privacy-center.org https://tag.aticdn.net/piano-analytics.js https://nssvsmp.pa-cd.com *.google.com *.googleadservices.com https://homologation-payment.payline.com https://maps.googleapis.com https://payment.payline.com https://webpayment.dev.payline.com https://www.appelsiini.net; style-src 'self' 'unsafe-inline' *.effia.com https://fonts.googleapis.com https://homologation-payment.cdn.payline.com *.payline.com *.slimpay.com *.slimpay.net *.abtasty.com hcaptcha.com *.hcaptcha.com https://sdk.privacy-center.org https://api.privacy-center.org https://tag.aticdn.net/piano-analytics.js https://nssvsmp.pa-cd.com *.googleadservices.com https://homologation-payment.payline.com https://payment.payline.com https://webpayment.dev.payline.com; frame-ancestors 'self'; report-uri https://www.effia.com/report-uri/enforce 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.youtube.com *.google.com *.doubleclick.net *.ytimg.com *.facebook.com *.facebook.net *.cloudflare.com *.azure.com *.telerik.com *.youtube-nocookie.com *.twitter.com *.ads-twitter.com *.t.co *.googlevideo.com; 1
child-src blob:; default-src 'self' data: https://*.redsift.com https://red-sift.prismic.io/ https://hook.integromat.com/ https://sentry.io/ https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://*.wistia.com https://*.wistia.net https://*.plausible.io; font-src 'self' https://*.redsift.com https://fonts.gstatic.com/ data: chrome-extension: moz-extension: safari-web-extension: https://*.hotjar.com https://*.wistia.com; img-src 'self' data: https: https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.hotjar.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.redsift.com *.google.com https://*.google.co.uk https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.googlesyndication.com https://www.googleadservices.com https://www.gstatic.com/recaptcha/ https://static.cdn.prismic.io/ https://prismic.io https://consent.cookiebot.com https://consentcdn.cookiebot.com/ https://munchkin.marketo.net/ https://www.redditstatic.com/ads/pixel.js https://snap.licdn.com https://tag.clearbitscripts.com/v1/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tags.js https://reveal.clearbit.com/v1/companies/reveal https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/destinations.min.js https://x.clearbitjs.com/v2/pk_0c2cfaf8152eb3a2b07abfd53b7e6d22/tracking.min.js https://secure.oita4bali.com/js/151998.js https://secure.oita4bali.com/Track/Capture.aspx https://*.hotjar.com https://static.hotjar.com/c/hotjar-3150796.js https://j.6sc.co/j/80f37845-a767-46c9-9ad5-abb58133cf39.js https://j.6sc.co/6si.min.js https://*.wistia.com https://*.wistia.net https://src.litix.io https://plausible.io/js/script.js; style-src 'self' blob: 'unsafe-inline' https://*.redsift.com https://tagmanager.google.com https://www.googletagmanager.com/ https://tagmanager.google.com https://fonts.googleapis.com https://*.hotjar.com https://fast.wistia.com; frame-src 'self' https://td.doubleclick.net https://www.googletagmanager.com/ https://*.g.doubleclick.net https://*.googlesyndication.com https://consentcdn.cookiebot.com https://red-sift.prismic.io/ https://www.youtube.com www.google.com https://*.hotjar.com https://fast.wistia.com https://fast.wistia.net; connect-src 'self' https://*.redsift.com https://red-sift.cdn.prismic.io/api/v2 https://red-sift.cdn.prismic.io/api/v2/documents/search https://analytics.google.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com/wa/ https://px.ads.linkedin.com https://www.google-analytics.com https://region1.google-analytics.com https://adservice.google.com https://*.g.doubleclick.net https://*.ingest.sentry.io/ https://consentcdn.cookiebot.com/ https://stats.g.doubleclick.net https://stats.g.doubleclick.net/j/collect https://hook.integromat.com/ https://api.github.com/repos/redsift/red-sift-website/dispatches https://webto.salesforce.com https://*.mktoresp.com https://*.mktoutil.com https://*.ondmarc.com https://ondmarc.com https://pagead2.googlesyndication.com https://pagead2.googlesyndication.com/pagead https://adservice.google.com https://googleads.g.doubleclick.net https://ipforensics-svc.redsift.io/graphql https://www.googletagmanager.com https://app.clearbit.com/v1/p https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://google.com/pagead/form-data/869175686 https://google.com/ccm/form-data/869175686 https://www.google.com https://www.google.de https://www.google.no https://www.google.ca https://www.google.ch https://www.google.es https://www.google.it https://www.google.co.uk https://www.google.co.nz https://www.google.co.au https://www.google.nl https://www.google.fr https://www.google.be https://www.google.se https://www.google.pt https://c.6sc.co/ https://ipv6.6sc.co/ https://epsilon.6sense.com https://epsilon-cloudfront.6sense.com https://epsilon-globalaccelerator.6sense.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://*.algolia.net https://plausible.io/api/event https://api.ipify.org; worker-src 'self' blob:; frame-ancestors 'self' https://*.redsift.com; report-uri https://o177043.ingest.sentry.io/api/1306227/security/?sentry_key=860eaee6b9674db6ac8d51d87a14fd84 1
default-src 'self'; connect-src https://region1.google-analytics.com https://www.google-analytics.com https://maps.googleapis.com 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tagmanager.google.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://www.gstatic.com https://maps.gstatic.com https://ssl.gstatic.com https://maps.googleapis.com/ https://www.upload.ee https://secure.gravatar.com https://www.google-analytics.com https://lh3.googleusercontent.com https://scontent-ams2-1.xx.fbcdn.net https://fonts.gstatic.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com; frame-src https://www.youtube.com https://player.vimeo.com 'self'; frame-ancestors 'none'; form-action https://connect.smashballoon.com/auth/ig/ 'self'; 1
default-src http:; script-src http: 'unsafe-inline' 'unsafe-eval' data:; style-src http: 'unsafe-inline'; img-src http: data:; font-src http: data: 1
frame-ancestors https://preludeservices.com https://www.preludeservices.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' 796-pbw-559.mktoresp.com *.algolianet.com *.twitter.com *.company-target.com *.qualified.com boards.greenhouse.io cdn.cookielaw.org content.hotjar.io ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net *.wistia.com embedwistia-a.akamaihd.net *.wistia.net *.onetrust.com *.orca.security googleads.g.doubleclick.net *.googleusercontent.com *.marketo.net orca.security *.wp.com *.linkedin.com static.ads-twitter.com *.hotjar.com stats.g.doubleclick.net t.co *.demandbase.com tracking.g2crowd.com *.hotjar.io wss wss://ws.hotjar.com wss://ws.qualified.com www.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.googleoptimize.com www.googletagmanager.com www.youtube.com *.gravatar.com ad.doubleclick.net analytics.twitter.com boards.cdn.greenhouse.io fonts.gstatic.com mc.yandex.ru pagead2.googlesyndication.com pos.baidu.com translate.googleapis.com *.bing.com region1.analytics.google.com api.mkmediaworks.com blob: https://orca.security/5fc9ffbb-97f6-4f2c-b9d4-572461ee66bf cdn.linkedin.oribi.io obseu.segreencolumn.com www.google.cn www.google.com.eg www.google.kg www.google.tm www.gstatic.com www.google.com.bo *.adsrvr.org sentry.io euob.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com *.clarity.ms www.googleadservices.com 5f6b2d0bd0ea9d00689c778b.services.infinigrow.com lh7-us.googleusercontent.com cm.g.doubleclick.net ssl.google-analytics.com www.facebook.com id.rlcdn.com dsum-sec.casalemedia.com partners.tremorhub.com pixel.rubiconproject.com s.w.org token.rubiconproject.com rapidsec.com munchkin.marketo.net o95209.ingest.sentry.io s3.eu-west-1.amazonaws.com translate-pa.googleapis.com *.linkedin.com *.algolia.net orca-2024.go-vip.net *.6sc.co *.6sense.com js.zi-scripts.com ws.zoominfo.com secure.adnxs.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' boards.greenhouse.io cdn.cookielaw.org ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net euob.segreencolumn.com fast.wistia.com fast.wistia.net go.orca.security googleads.g.doubleclick.net js.qualified.com munchkin.marketo.net orca.security pi.pardot.com script.hotjar.com static.ads-twitter.com static.hotjar.com stats.wp.com tag.demandbase.com tracking.g2crowd.com try.orca.security www.google-analytics.com www.googleoptimize.com www.googletagmanager.com connect.facebook.net www.google.com www.gstatic.com js.adsrvr.org edge.marker.io obseu.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com www.clarity.ms www.googleadservices.com tpc.googlesyndication.com snap.licdn.com *.6sc.co *.6sense.com; script-src-elem 'self' data: 'unsafe-inline' app.vwo.com boards.greenhouse.io cdn.cookielaw.org cdnjs.cloudflare.com connect.facebook.net ddzuuyx7zj81k.cloudfront.net dev.visualwebsiteoptimizer.com dss6ntp5q2r0o.cloudfront.net *.wistia.com *.wistia.net *.orca.security googleads.g.doubleclick.net *.qualified.com munchkin.marketo.net orca.security *.hotjar.com ssl.google-analytics.com static.ads-twitter.com *.wp.com *.demandbase.com tpc.googlesyndication.com tracking.g2crowd.com *.googleapis.com *.google.com www.google-analytics.com www.googleadservices.com www.googleoptimize.com www.googletagmanager.com yoast.com rapidsec.com s3.eu-central-1.amazonaws.com www.gstatic.com www.youtube.com js.adsrvr.org edge.marker.io api.company-target.com euob.segreencolumn.com euob.itstarsbuilding.com obseu.itstarsbuilding.com *.clarity.ms obseu.segreencolumn.com snap.licdn.com shortstack.services.atlassian.com *.google.ca *.6sc.co *.6sense.com js.zi-scripts.com; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' orca.security *.orca.security fonts.googleapis.com; style-src-elem 'self' data: 'unsafe-inline' *.qualified.com fonts.googleapis.com *.orca.security orca.security www.googletagmanager.com www.gstatic.com p.typekit.net *.wp.com; style-src-attr 'unsafe-inline'; font-src 'self' data: assets.qualified.com fast.wistia.com fast.wistia.net fonts.gstatic.com github.com *.fontawesome.com orca.security themes.googleusercontent.com use.typekit.net fonts.cdnfonts.com static.zip.co fonts.googleapis.com at.alicdn.com *.orca.security *.wp.com; media-src 'self' app.qualified.com *.wistia.com embedwistia-a.akamaihd.net *.wistia.net ssl.gstatic.com blob: data: www.youtube.com; object-src 'self' *.wistia.com embedwistia-a.akamaihd.net orca.security; child-src 'self' app.qualified.com boards.greenhouse.io fast.wistia.com fast.wistia.net go.orca.security s.company-target.com try.orca.security www.youtube.com blob: *.google.com *.adsrvr.org insight.adsrvr.cn; frame-src 'self' 5gtvu7km85.execute-api.us-east-1.amazonaws.com *.google.com app.qualified.com *.opendns.com boards.greenhouse.io fast.wistia.com fast.wistia.net *.orca.security orca.security s.company-target.com td.doubleclick.net tpc.googlesyndication.com www.googletagmanager.com www.youtube.com *.adsrvr.cn *.adsrvr.org app.marker.io lsrelay-config-production.s3.amazonaws.com obseu.segreencolumn.com obseu.itstarsbuilding.com schools-blocked.s3-website-us-east-1.amazonaws.com login.microsoftonline.us widgets.wp.com; worker-src blob:; frame-ancestors 'self'; form-action 'self' *.orca.security orca.security; manifest-src 'self' orca.security *.orca.security; report-uri https://osweb25b8034a79abb3.report-uri.com/r/t/csp/reportOnly 1
frame-ancestors 'self' ns1.studio-mt.net autoconfig..studio-mt.net mail..studio-mt.net studio-mt.net www.studio-mt.net; 1
base-uri 'self'; default-src 'self' 'nonce-NjY0MmJkYWY2Mzk1YQ=='; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-NjY0MmJkYWY2Mzk1YQ=='; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://*.cloudfront.net 'nonce-NjY0MmJkYWY2Mzk1YQ=='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' https://*.bing.com https://*.clarity.ms https://cdn.wisepops.com https://maps.gstatic.com https://*.googleapis.com https://www.facebook.com https://www.google.com https://www.google.co.uk https://www.googletagmanager.com https://www.google-analytics.com https://*.cloudfront.net https://tracking.wisepops.com https://cdn.wisepops.com https://tracking.wisepops.com https://dx4nr741tfc02.cloudfront.net https://wisp-production-storage.s3.amazonaws.com https://cdn.wisepops.net https://*.cookiepro.com data: https://cdn.jsdelivr.net 'nonce-NjY0MmJkYWY2Mzk1YQ=='; child-src 'none'; object-src 'none'; frame-src https://service.pcibooking.net https://*.notifications.wisepops.com https://*.wisepops.net *; frame-ancestors 'self' https://*.i-escape.com; connect-src 'self' https://*.bing.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.facebook.net https://*.facebook.com https://*.freshrelevance.com wss://*.freshrelevance.com https://*.cloudfront.net https://*.dycdn.net https://activity.wisepops.com https://popup.wisepops.com https://tracking.wisepops.com https://app.getwisp.co https://*.wisepops.net https://wisepops.net https://*.wisepops.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://maps.googleapis.com https://stats.g.doubleclick.net https://*.cookiepro.com https://*.onetrust.com; 1
frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=frontpage&region=SG&lang=en-SG&device=desktop&yrid=7mh69btj45fo6&partner=; 1
frame-ancestors 'self' https://maniet-wap-web-prod-backend.azurewebsites.net/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-eIXRb1D42T9n91fSI9vSkJvM/4gEcTZx+KikaQAZMgMyXEjg' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://horizon.nora.com 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.more.com.au *.cloudflare.com *.jquery.com  unpkg.com *.googleapis.com *.admatch.io *.productreview.com.au *.googleadservices.com *.sharethis.com *.smct.co *.googletagmanager.com *.amazonaws.com *.hotjar.com *.google.com *.kaspersky-labs.com *.comm100vue.com *.gstatic.com *.comm100.com *.productreview.com.au *.facebook.com *.tillpayments.com datatables.net *.facebook.net *.cfjump.com widget.powerboard.commbank.com.au *.commbank.com.au *.newrelic.com *.doubleclick.net *.luckyorange.com  *.smct.io smct.co *.tangerinetelecom.com.au *.tiktok.com *.google-analytics.com;  object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com use.typekit.net p.typekit.net  unpkg.com cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net ajax.googleapis.com; worker-src 'self' blob:; 1
connect-src  wss://client.relay.crisp.chat  projects.gemonline.tv stream-live.gemonline.tv  gemonline.tv assets.gemonline.tv client.crisp.chat api.cloudflare.com ; font-src projects.gemonline.tv client.crisp.chat maxcdn.bootstrapcdn.com data: rc1.gemonline.tv assets.gemonline.tv gemonline.tv fonts.gstatic.com cdn.jsdelivr.net; img-src 'self' assets.gemonline.tv  via.placeholder.com s3-us-west-2.amazonaws.com client.crisp.chat image.crisp.chat ; media-src data: * blob: stream-live.gemonline.tv gemonline.tv; script-src-elem 'self' 'unsafe-inline' bam.eu01.nr-data.net assets.gemonline.tv vjs.zencdn.net api.qrserver.com  chart.apis.google.com  client.crisp.chat assets.gemonline.tv  gemonline.tv www.gstatic.com gstatic.com cdn.jsdelivr.net unpkg.com js-agent.newrelic.com cdnjs.cloudflare.com stream-live.gemonline.tv ajax.cloudflare.com www.google.com google.com ; style-src-attr 'unsafe-inline' ; style-src-elem 'self' assets.gemonline.tv fonts.googleapis.com vjs.zencdn.net 'unsafe-inline' maxcdn.bootstrapcdn.com ; worker-src blob: assets.gemonline.tv gemonline.tv www.google.com 1
default-src 'self' https://www.imoje.pl https://imoje.pl; font-src 'self' *.ing.pl https://www.imoje.pl https://imoje.pl *.ingbank.pl; style-src 'self' 'unsafe-inline' *.ing.pl www.google.com https://www.imoje.pl https://imoje.pl *.ingbank.pl; img-src 'self' data: https://www.facebook.com *.ing.pl *.doubleclick.net www.google.com https://www.imoje.pl https://imoje.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.ingbank.pl; frame-src 'self' *.ing.pl *.doubleclick.net www.google.com https://www.imoje.pl https://imoje.pl *.ingbank.pl; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://connect.facebook.net https://www.facebook.com *.ing.pl *.doubleclick.net www.google.com https://www.imoje.pl https://imoje.pl *.google-analytics.com *.googletagmanager.com *.ingbank.pl; object-src 'self' *.ing.pl https://www.imoje.pl https://imoje.pl *.ingbank.pl; connect-src 'self' *.ing.pl *.doubleclick.net https://www.imoje.pl https://imoje.pl *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.ingbank.pl; frame-ancestors 'self' *.ing.pl https://www.imoje.pl https://imoje.pl *.ingbank.pl; 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://utp.to:8443/socket.io/ wss://utp.to:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' *.atlabank.com atlabank.com www.atlabank.com ssl.ggogle-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; script-src 'self' *.atlabank.com atlabank.com www.atlabank.com ssl.ggogle-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.atlabank.com atlabank.com www.atlabank.com ssl.ggogle-analytics.com ajax.googleapis.com maxcdn.bootstrapcdn.com; frame-src 'self' *.atlabank.com atlabank.com www.atlabank.com www.youtube.com https://www.youtube.com 1
script-src * 'unsafe-inline' 1
img-src 'self' data: *.algolia.net images.ctfassets.net *.google-analytics.com *.tapad.com *.googletagmanager.com *.fls.doubleclick.net *.facebook.com *.lytics.io *.akamaihd.net *.amazon-adsystem.com *.moatads.com *.cookielaw.org *.bazaarvoice.com *.amazonaws.com *.youtube.com *.haircode.com *.google.com *.google.ca click2cart.co click2cart.com *.click2cart.com 2cart.net haircodeassetsprod.azureedge.net *.adsrvr.org images-haircode-com-prod.azureedge.net cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.force.com *.salesforceliveagent.com feed.pghub.io ; font-src 'self' data: *.haircode.com fonts.gstatic.com maxcdn.bootstrapcdn.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.algolia.net *.cloudinary.com *.ctfassets.net *.force.com *.salesforceliveagent.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.algolia.net *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com *.googleapis.com maxcdn.bootstrapcdn.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.force.com *.salesforceliveagent.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.algolia.net *.google.com *.google-analytics.com *.googletagmanager.com *.moatads.com *.cookielaw.org *.crazyegg.com pghub.io *.facebook.net *.segment.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com click2cart.co click2cart.com *.click2cart.com 2cart.net *.iesnare.com *.adsrvr.org api.ipify.org cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.force.com *.salesforceliveagent.com privacytermsprod.azureedge.net feed.pghub.io pandg.tapad.com ; connect-src 'self' *.algolia.net kardia-nonprod.azure-api.net kardia.azure-api.net *.crazyegg.com *.google-analytics.com *.doubleclick.net *.cookielaw.org api.segment.io *.adsrvr.org *.pg.com *.bazaarvoice.com *.smartcommerce.co click2cart.co click2cart.com *.click2cart.com 2cart.net *.haircode.com *.onetrust.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.force.com *.salesforceliveagent.com privacytermsprod.azureedge.net feed.pghub.io pandg.tapad.com ; default-src 'self' *.algolia.net *.googletagmanager.com *.fls.doubleclick.net *.tapad.com *.facebook.com *.bazaarvoice.com click2cart.co click2cart.com *.click2cart.com 2cart.net pgconsumersupport.secure.force.com *.force.com *.youtube.com *.adsrvr.org pg-lex.my.salesforce-sites.com consumersupport.pg.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com *.salesforceliveagent.com privacytermsprod.azureedge.net feed.pghub.io ; 1
default-src 'self'; connect-src 'self' https://www.google-analytics.com https://api.mapbox.com; img-src 'self' data: https://www.google-analytics.com *.googleusercontent.com https://www.googletagmanager.com; object-src 'none'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline'; report-uri /api/csp-report 1
frame-ancestors 'self' https://arabicpost.net/ 1
default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors 'self' https://*.ampproject.org https://*.astonhotelsinternational.com https://*.archipelagointernational.com; block-all-mixed-content; default-src 'self'; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' data: https://www.youtube.com https://static.sojern.com/utils/sjrn_autocx.js https://*.backhotelite.com https://app.termly.io https://*.denomatic.com https://*.glopss.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://code.jquery.com https://cdn.jsdelivr.net https://embed.tawk.to https://cdn.jsdelivr.net/emojione/ *.triptease.io https://*.onesignal.com https://cdn.ampproject.org https://translate.googleapis.com https://translate.google.com https://*.astonhotelsinternational.com https://use.fontawesome.com https://kit.fontawesome.com https://*.archipelagointernational.com https://translate-pa.googleapis.com https://customs.affilired.com https://www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://cognito-identity.ap-southeast-1.amazonaws.com https://client.rum.us-east-1.amazonaws.com; style-src 'self' 'report-sample' 'unsafe-inline' https://*.backhotelite.com https://*.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.google.com https://code.jquery.com https://cdn.jsdelivr.net https://embed.tawk.to https://*.astonhotelsinternational.com https://cdn.ampproject.org https://translate.googleapis.com https://*.fontawesome.com https://*.archipelagointernational.com https://www.googletagmanager.com https://tagmanager.google.com; object-src 'none'; frame-src 'self' https://www.youtube.com https://static.sojern.com https://app.termly.io https://ovs-gadget.tour-list.com https://connect.facebook.net https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://va.tawk.to https://*.triptease.io https://*.ampproject.net https://*.astonhotelsinternational.com https://vrtour360.net https://www.facebook.com https://*.windows.net www.googletagmanager.com; child-src 'self' blob: https://*.facebook.com https://connect.facebook.net https://*.google.com https://*.doubleclick.net *.googlesyndication.com www.googletagmanager.com; img-src 'self' data: blob: https://*.backhotelite.com/ https://membershipprofileimage.s3.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://fonts.gstatic.com *.google.com.br *.google.co.in www.google-analytics.com ssl.google-analytics.com www.google.com analytics.google.com cdnjs.cloudflare.com *.google.com *.google.com.mx *.google.co.uk *.google.de *.google.com.tr *.google.co.il *.google.ca *.google.ro *.google.nl *.google.fr *.google.es *.google.ie *.google.com.pr *.google.it *.google.com.au *.google.com.ec *.google.com.ph *.google.com.sg *.google.com.pk *.google.at *.google.no *.google.cl *.google.co.kr *.google.se *.google.co.jp *.google.com.pe *.google.com.my *.google.co.th *.google.co.za *.google.com.ua *.google.sk *.google.com.ng *.google.pl *.google.be *.google.fi *.google.ae *.google.com.co *.google.co.id *.google.co.ve *.google.com.hk *.google.com.eg *.google.com.uy *.google.com.ar *.google.ch *.google.ru *.google.co.ke *.google.pt *.google.mu *.google.com.sa *.google.com.vn *.google.com.tw *.google.gr *.google.com.bd *.google.dk *.google.com.py *.google.ee *.google.co.nz *.google.co.ma *.google.cz *.google.lk *.google.bg *.google.rs *.google.com.do *.google.hu *.google.iq *.google.co.cr *.google.al *.google.jo *.google.hr *.google.com.pa *.google.com.cy *.google.com.gh *.google.lt *.google.kz *.google.com.np *.google.by *.google.dz *.google.com.sv *.google.hn *.google.com.kw *.google.com.et *.google.mk *.google.ge *.google.cn *.google.com.jm *.google.si *.google.co.ug *.google.lv *.google.md *.google.co.mz *.google.lu *.google.am *.doubleclick.net *.googlesyndication.com www.googleadservices.com code.jquery.com cdn.jsdelivr.net embed.tawk.to tawk.link cdn.jsdelivr.net/emojione imageresizer.arch.software *.gstatic.com *.ampproject.org translate.google.com translate.googleapis.com www.gstatic.com *.openstreetmap.org https://*.google.com.qa https://www.google.com.cu/ads/ https://www.google.bs/ads/ *.favehotels.com *.astonhotelsinternational.com *.google.tn https://*.archipelagointernational.com www.google.com.kh https://*.googleusercontent.com https://www.google.com.mm https://chart.googleapis.com www.google.com.gt www.google.ht www.google.la www.google.bt www.google.com.cu www.googletagmanager.com; font-src 'self' data: *.bootstrapcdn.com cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com cdn.jsdelivr.net embed.tawk.to https://*.tawk.to *.fontawesome.com; connect-src 'self' data: https://cdn.denomatic.com https://app.termly.io https://sentec.report-uri.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com code.jquery.com cdn.jsdelivr.net *.tawk.to wss://*.tawk.to *.triptease.io www.google.se imageresizer.arch.software *.archipelagointernational.com *.google.pl *.googleadservices.com cdn.ampproject.org *.ampproject.net translate.googleapis.com translate.google.com www.google.com.co www.google.com.pk *.openstreetmap.org *.favehotels.com https://*.google.co.id https://*.google.ca https://*.google.fr www.google.com.sg www.google.ie www.google.co.za www.google.com.cu www.google.com.ph www.google.ro www.google.ru *.astonhotelsinternational.com https://www.gstatic.com/images/ https://www.facebook.com connect.facebook.net www.google.co.kr www.google.es www.google.co.in www.google.cz www.google.pt www.google.no https://maxcdn.bootstrapcdn.com www.google.com.au https://www.google.lk https://www.google.it https://*.googleusercontent.com https://www.google.de https://www.google.ae https://www.google.co.uk https://www.google.nl https://bmbuichatprod.z13.web.core.windows.net https://www.google.com.hk https://www.google.com.qa https://gate.rapidsec.net https://www.google.co.jp *.google.com.my www.google.lt www.google.co.mz www.google.co.ma www.google.fi www.google.tn https://*.google.bg *.fontawesome.com www.google.sk www.google.la www.google.com.tj www.google.am ssl.google-analytics.com www.google.com.ly www.google.kz www.google.cn https://*.affilired.com https://onesignal.com https://chart.googleapis.com https://www.googletagmanager.com https://cognito-identity.ap-southeast-1.amazonaws.com https://sts.ap-southeast-1.amazonaws.com https://*.rum.ap-southeast-1.amazonaws.com https://client.rum.us-east-1.amazonaws.com; manifest-src 'self' https://*.astonhotelsinternational.com; base-uri 'self'; form-action 'self' https://*.backhotelite.com https://*.facebook.com https://connect.facebook.net https://*.google.com https://*.astonhotelsinternational.com https://www.simplebooking.it; media-src 'self' data: https://dai.google.com https://embed.tawk.to https://tawk.link; worker-src 'self' blob: https://www.google.com; report-to default; 1
default-src 'self'; font-src * data: 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * 'self' https://player.vimeo.com https://www.youtube.com; style-src * 'unsafe-inline';frame-ancestors 'none'; worker-src * blob:; media-src * blob:; manifest-src 'self'; object-src 'none'; base-uri 'self'; 1
upgrade-insecure-requests; block-all-mixed-content; default-src 'none'; base-uri 'self'; manifest-src 'self'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self' data:; connect-src 'self'; script-src 'nonce-j8ItrwA2m4Wd6XhZ7ENaOK6qBT6kWtWe' 'self' 'strict-dynamic'; style-src 'self' https://cdnjs.cloudflare.com https://fonts.googleapis.com; media-src 'self'; frame-src 'self'; child-src 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';   prefetch-src 'self'; 1
object-src 'self' blob: ; frame-ancestors 'self' *.internacional.cl *.interconecta2.cl *.indexa.cl; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:;frame-ancestors 'self' https://*.ar13.cl https://*.13.cl https://*.t13.cl 1
default-src 'self' www.aamserver.com *.googleadservices.com *.typeform.com  *.doubleclick.net *.hotjar.com *.yandex.ru *.yandex.com *.analytics.google.com *.sabiotrade.com api.affstore.com *.jivosite.com code.jivosite.com www.facebook.com www.youtube.com region1.google-analytics.com mc.yandex.ru www.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com wss://*.jivosite.com *.checkout.com; script-src 'self' 'unsafe-inline' *.sabiotrade.com  *.googleadservices.com *.adfyier.com *.typeform.com *.doubleclick.net  *.bing.com *.clarity.ms *.clickcease.com *.jivosite.com code.jivosite.com www.youtube.com connect.facebook.net *.hotjar.io *.hotjar.com cdnjs.cloudflare.com mc.yandex.ru *.googletagmanager.com www.google.com www.gstatic.com *.yandex.com *.checkout.com 'unsafe-eval'; style-src 'self' code.jivosite.com fonts.googleapis.com *.googleadservices.com  *.typeform.com  'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' *.bing.com *.yandex.com *.typeform.com *.google-analytics.com *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat www.facebook.com www.googletagmanager.com i.ytimg.com mc.yandex.ru code.jivosite.com data:; connect-src 'self' ws: *.sabiotrade.com *.adfyier.com *.googleadservices.com  *.clarity.ms *.typeform.com *.doubleclick.net *.hotjar.com ws.hotjar.com  *.bing.com *.hotjar.com *.hotjar.io *.checkout.com *.affstore.com *.trade.sabiotrade.com *.yandex.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; 1
default-src 'none'; img-src 'self' data: https://cdn.lnmarkets.com; font-src 'self'; object-src 'none'; manifest-src 'self'; frame-ancestors 'self'; base-uri 'self'; worker-src 'none'; media-src 'self'; child-src 'self'; connect-src 'self' wss://api.lnmarkets.com https://api.lnmarkets.com https://cdn.lnmarkets.com *.tradingview-widget.com *.tradingview.com https://lightning.engineering wss://mailbox.terminal.lightning.today; frame-src *.tradingview.com *.tradingview-widget.com; script-src 'self' 'unsafe-eval' *.tradingview.com *.tradingview-widget.com; style-src 'self' 'unsafe-inline' *.tradingview.com *.tradingview-widget.com; form-action 'self' *.lnmarkets.com; 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com ; img-src https: 'self' data:; base-uri https://www.codix.eu 'self'; frame-ancestors https: 'self'; form-action https: 'self'; object-src 'none' 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://static.critizr.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://snap.licdn.com https://www.youtube.com https://www.google-analytics.com  https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://connect.facebook.net https://www.gstatic.com; style-src 'report-sample'  'unsafe-inline'  'self' https://cdn.goodays.co https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.analytics.google.com https://www.google.fr https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://www.facebook.com https://cdn.linkedin.oribi.io https://maps.googleapis.com https://rexel.be https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://player.captivate.fm https://app.goodays.co https://www.facebook.com https://maps.google.com  https://www.youtube.com https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com https://www.google.com; img-src 'self' blob: https: data: https://cdn.jsdelivr.net https://*.dynamics.com https://rexel.be https://secure.gravatar.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://www.google.fr https://ps.w.org; manifest-src 'self'; media-src 'self'; report-uri https://63987c5031143db76bd6fd95.endpoint.csper.io/?v=0; worker-src *.rexel.be; frame-ancestors 'self' https://*.dynamics.com https://*.azureedge.net https://*.microsoft.com 1
default-src 'none';script-src 'self' 'unsafe-inline' *.stall-frei.de *.maptiler.com *.fontawesome.com unpkg.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/;img-src 'self' data: *.stall-frei.de *.maptiler.com *.fontawesome.com img.youtube.com *.ytimg.com *.gstatic.com translate.google.com https://appleid.cdn-apple.com/;style-src 'self' 'unsafe-inline' unpkg.com *.maptiler.com https://accounts.google.com/gsi/style https://appleid.cdn-apple.com/;child-src 'self' blob: mat.stall-frei.de s-static.ak.facebook.com www.facebook.com *.gstatic.com player.vimeo.com *.youtube.com;connect-src 'self' *.stall-frei.de api.maptiler.com *.fontawesome.com https://accounts.google.com/gsi/ https://appleid.cdn-apple.com/;form-action 'self';frame-ancestors 'self';frame-src https://accounts.google.com/gsi/ https://appleid.cdn-apple.com/ https://www.facebook.com/plugins/ https://player.vimeo.com/video/ https://www.youtube.com/embed/;base-uri 'self';manifest-src 'self';object-src 'self';font-src 'self' data: https://appleid.cdn-apple.com/;report-uri /n/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline'  'unsafe-eval'  https://bam.nr-data.net/ https://alive5.com/ https://www.google-analytics.com/ https://static.addtoany.com/  https://www.googletagmanager.com/ https://js-agent.newrelic.com/ https://cdn.jsdelivr.net/ https://embed.vev.page/ https://cdn.vev.design/ https://js.vev.design/ https://ivr.mobilus.me/ https://use.typekit.net https://s.yimg.jp/ https://guest-agent.mobilus.me/ https://cdn.agent.mobilus.me/ https://agent.mobilus.me/ https://munchkin.marketo.net https://ob.herbgreencolumn.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://bat.bing.com/ https://sp-trk.com/ https://am.yahoo.co.jp/ https://b99.yahoo.co.jp/ https://obs.herbgreencolumn.com/ https://obs.herbgreencolumn.com/ https://vivr.i-pro.com/ https://lp.i-pro.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://popfind.probo.biz https://poplink-f.probo.biz https://m.geniee-search.net/; style-src 'self' 'unsafe-inline' https://use.typekit.net/ https://p.typekit.net/ https://alive5.com/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://ivr.mobilus.me/ https://cdn.jsdelivr.net/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com/ https://cdn.agent.mobilus.me/ https://guest-agent.mobilus.me/ https://vivr.i-pro.com/ https://lp.i-pro.com/ https://popfind.probo.biz https://poplink-f.probo.biz; img-src 'self' blob: https://staging.i-pro.com https://placehold.jp  https://www.google-analytics.com/ https://bam.nr-data.net/ https://www.googletagmanager.com/ data: w3.org/svg/2000 https://alive5cdn.s3.amazonaws.com/images/ https://cdn.redoc.ly/redoc/ https://cdn.vev.design/ https://film.vev.design/ https://fonts.gstatic.com/ https://vivr.i-pro.com/ https://cdn.agent.mobilus.me/ https://www.google.co.jp/ https://ipropass.prod.acquia-sites.com/ https://ipropassstg.prod.acquia-sites.com/ https://www.google.com/ https://bat.bing.com/ https://b99.yahoo.co.jp/ https://www.facebook.com/ https://obs.herbgreencolumn.com/ https://popfind.probo.biz https://thumbnail.poplink.jp https://poplink-f.probo.biz https://image.poplink.jp; media-src 'self' https://film.vev.design/; frame-src 'self' https://www.youtube.com/embed/ https://player.vimeo.com/ https://static.addtoany.com https://alive5.com/ https://td.doubleclick.net/ https://lp.i-pro.com/ https://www.google.com/; child-src 'self' blob:; font-src 'self' https://use.typekit.net/ data: application/font-woff https://fonts.gstatic.com https://use.fontawesome.com/ https://cdn.agent.mobilus.me/; connect-src 'self' https://api-v2.alive5.com/ https://alive5.com/ https://stats.g.doubleclick.net https://static.addtoany.com/ https://bam.nr-data.net/ https://www.google-analytics.com/ https://cdn.vev.design/ https://p.typekit.net/ https://use.typekit.net https://guest-agent.mobilus.me/ https://analytics.google.com/ wss://guest-agent.mobilus.me/ https://348-tbp-560.mktoresp.com/ https://pagead2.googlesyndication.com/ https://sp-trk.com/ https://obs.herbgreencolumn.com/ wss://ws.hotjar.com/ https://content.hotjar.io/ https://vc.hotjar.io/ https://popfind-api.probo.biz https://event.geniee-search.net https://poplink.probo.biz https://log.geniee-search.net/  https://log.geniee-search.net/ ; report-uri /products_and_solutions/report-csp-violation 1
frame-ancestors 'self' https://*.mindtickle.com https://*.mindtickle.app https://digdeeper.sysdig.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-62014a3a0a280e2d957361ce77b1bb30'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' 'unsafe-inline' data: *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.gstatic.com *.googleapis.com *.googlesyndication.com *.wir.ch wir.ch *.youtube-nocookie.com *.youtube.com *.vimeo.com *.logismata.ch *.g.doubleclick.net *.facebook.net *.facebook.com snap.licdn.com bat.bing.com *.linkedin.com *.cookiebot.com *.swisscaution.ch *.datatrans.biz *.tiqcdn.com *.tdbtrk.com *.tealiumiq.com *.spotify.com *.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com *.google.ch *.gstatic.com *.googleapis.com *.googlesyndication.com *.wir.ch wir.ch *.youtube-nocookie.com *.youtube.com *.vimeo.com *.logismata.ch *.g.doubleclick.net *.facebook.net *.facebook.com snap.licdn.com bat.bing.com *.linkedin.com *.cookiebot.com *.swisscaution.ch *.datatrans.biz *.tiqcdn.com *.tdbtrk.com *.tealiumiq.com *.spotify.com *.podigee-cdn.net; frame-ancestors 'self' https://www.jobs.ch 1
default-src 'self' https://mw-ar-recom-prod.pgapi.io/ feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
style-src 'self' http://* 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' https://www.googletagmanager.com/ https://pixel.rubiconproject.com/ https://ups.analytics.yahoo.com/ https://sync.search.spotxchange.com/ *.google-analytics.com *.analytics.google.com *.google.com *.permutive.com https://api.permutive.com/ https://e1.emxdgt.com/ https://ping.eeharbor.com/ https://www.facebook.com/ https://cdn.permutive.com/ https://cdn.cookielaw.org/ https://pixel.quantserve.com https://cm.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ https://www.google.ie/ https://curator-assets.b-cdn.net/  data: maps.gstatic.com *.googleapis.com *.ggpht.com; connect-src 'self' *.google-analytics.com wss://ws40.hotjar.com/ *.analytics.google.com *.google.com  wss://ws.hotjar.com/ https://content.hotjar.io/  wss://ws24.hotjar.com *.hotjar.com https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://updates.expressionengine.com/ https://ib.adnxs.com *.prmutv.co *.permutive.com https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://vc.hotjar.io/ https://privacyportal.onetrust.com/ https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://www.google.com/ https://googleads.g.doubleclick.net/ *.sentry.io; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/ https://pagead2.googlesyndication.com/ https://cdn.cookielaw.org/ https://cookie-cdn.cookiepro.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://use.typekit.net https://api-fra.livechatinc.com https://api.permutive.com/ https://cdn.permutive.com/; frame-src 'self' https://4448103.fls.doubleclick.net/ https://platform.twitter.com/ https://secure-fra.livechatinc.com https://www.youtube.com/ https://www.google.com/ https://vars.hotjar.com https://player.vimeo.com/ https://vimeo.com/ https://w.soundcloud.com/ https://www.facebook.com/ http://cookies.onetrust.mgr.consensu.org/; worker-src 'self' blob: 1
frame-ancestors 'self' https://extranet.bbdental.com.br http://extranet.bbdental.com.br 1
frame-ancestors 'self' mashibing.com bafangwy.com *.mashibing.com *.bafangwy.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-M75MV4cTja8VlTpZfpH5lQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors *; frame-src *; 1
default-src 'self' https://videos.ctfassets.net/ feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self' data:; frame-src * blob:; connect-src * data: blob:; font-src * data:; img-src * data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'self'; base-uri 'self'; frame-ancestors 'self'; 1
font-src 'self' data: *.hinrichfoundation.com; img-src 'self' data: *; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.linkedin.com *.googleadservices.com *.licdn.com *.ads-twitter.com *.twitter.com *.hubapi.com *.hubspot.com *.hotjar.io *.hs-banner.com *.hsadspixel.net *.hsleadflows.net *.hs-analytics.net *.addthisedge.com *.moatads.com *.addthis.com *.hs-scripts.com *.hotjar.com *.hinrichfoundation.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com *.cloudflare.com *.doubleclick.net *.windows.net *.piktochart.com https://static.addtoany.com; 1
default-src 'none'; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' vdlp.containers.piwik.pro www.googletagmanager.com www.google-analytics.com analytics.google.com *.analytics.google.com cdnjs.cloudflare.com www.googleadservices.com www.google.com www.google.nl snap.licdn.com connect.facebook.net *.gstatic.com gstatic.com consent.cookiefirst.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com *.gstatic.com gstatic.com www.googletagmanager.com consent.cookiefirst.com; object-src 'self'; img-src 'self' vdlp.piwik.pro maps.googleapis.com data: www.gravatar.com googleads.g.doubleclick.net www.google.com www.google.nl www.google-analytics.com px.ads.linkedin.com www.facebook.com *.gstatic.com gstatic.com www.googletagmanager.com consent.cookiefirst.com; font-src 'self' data: fonts.gstatic.com www.googletagmanager.com; connect-src 'self' vdlp.containers.piwik.pro www.google-analytics.com stats.g.doubleclick.net analytics.google.com *.analytics.google.com www.google.nl google.nl connect.facebook.net px.ads.linkedin.com www.googletagmanager.com consent.cookiefirst.com edge.cookiefirst.com; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' www.google.com www.google.nl player.vimeo.com; upgrade-insecure-requests; 1
connect-src 'self' novonordiskfonden.matomo.cloud sentry.baernholdt.dev cdn.linkedin.oribi.io www.facebook.com www.gstatic.com translate.googleapis.com infragrid.v.network region1.google-analytics.com analytics.google.com stats.g.doubleclick.net cdn.cookielaw.org px.ads.linkedin.com; default-src 'self' https://sentry.baernholdt.dev; font-src 'self' data: fonts.gstatic.com cdn.scite.ai api.rabatta.app; frame-src 'self' www.facebook.com player.vimeo.com app.powerbi.com acestream.me www.buzzsprout.com buzzsprout.com; img-src 'self' www.facebook.com px.ads.linkedin.com i.vimeocdn.com data: legacy.novonordiskfonden.dk www.googletagmanager.com cdn.cookielaw.org impact.novonordiskfonden.dk cph-bioscience.com translate.google.com fonts.gstatic.com www.google.rs mstat.acestream.net sciencecluster.dk; media-src 'self'; script-src 'self' cdn.matomo.cloud snap.licdn.com connect.facebook.net cdn.jsdelivr.net cdn.cookielaw.org player.vimeo.com polyfill.io 'unsafe-inline' www.googletagmanager.com www.google-analytics.com 'unsafe-eval' wasm-eval: cdn.linkedin.oribi.io www.vipmeg.com www.foxcoo.com search.evoow.com i.vimeocdn.com conoret.com www.pagespeed-mod.com novonordiskfonden.matomo.cloud; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri https://sentry.baernholdt.dev/api/7/security/?sentry_key=441d68b27b634e15912cfef2f9bded7a&sentry_environment=production; 1
default-src 'self' 'unsafe-inline' *.landbank.com *.globalsign.com *.google.com; img-src 'self' *.landbank.com *.globalsign.com *.google.com data: 1
default-src 'self' 'unsafe-inline' https:; frame-src 'self' https://*.pactflow.io https://boards.greenhouse.io https://*.youtube.com https://*.twitter.com https://*.hsforms.com https://*.google.com https://*.hotjar.com https://*.hubspot.com https://*.chargebee.com https://*.facebook.com  http://*.smartbear.com https://*.smartbear.com https://*.doubleclick.net https://*.cookiehub.net https://*.cookiehub.eu https://*.crazyegg.com https://*.convertexperiments.com https://*.wistia.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' about: data: https: www.googleadservices.com https://*.hsforms.cohm https://*.crazyegg.com https://*.convertexperiments.com https://*.wistia.com; style-src 'self' 'unsafe-inline' https://*.chargebee.com https://*.mailchimp.com https://*.smartbear.com https://*.cookiehub.net https://*.cookiehub.eu https://*.crazyegg.com https://*.convertexperiments.com https://*.wistia.com; img-src 'self' data: https:; base-uri 'self'; form-action 'self' https://*.hsforms.com https://*.facebook.com https://*.smartbear.com https://*.crazyegg.com https://*.convertexperiments.com;  object-src 'none'; frame-ancestors 'self' https://*.hubspot.com/ https://*.smartbear.com/ 1
base-uri localhost; default-src 'self' wss://*.hotjar.com https://*.hotjar.io analytics.google.com checkip.amazonaws.com brasilapi.com.br privacyportal-uat-cdn.onetrust.com privacyportaluat.onetrust.com pageview-notify.rdstat pageview-notify.rdstation.com.br *.clarity.ms s.clarity.ms td.doubleclick.net popups.rdstation.com.br event-api.rdstation.com.br fonts.gstatic.com *.googlesyndication.com googleads.g.doubleclick.net analytics.tiktok.com www.facebook.com www.youtube.com youtube.com youtu.be googleads.g.doubleclick.net plugin.handtalk.me translation-v3.handtalk.me stackpath.bootstrapcdn.com via.placeholder.com gravatar.com localhost:8000 privacyportal-br-cdn.onetrust.com https://*.hotjar.com images.piracanjuba.com.br res.cloudinary.com wss://bot.leanbot.com.br www.google.com.br api.leanbot.com.br www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net privacyportal-br.onetrust.com www.google.com geolocation.onetrust.com/cookieconsentpub/v1/geo/location cdn.cookielaw.org ajax.googleapis.com optanon.blob.core.windows.net www.gstatic.com gstatic.com gstatic.com piracanjuba-institucional-prd.s3.amazonaws.com piracanjuba-institucional-hml.s3.amazonaws.com piracanjuba-institucional-prd.s3.sa-east-1.amazonaws.com dvfreowpsau6f.cloudfront.net localhost localhost data:; font-src 'self' use.typekit.net data: privacyportal-br-cdn.onetrust.com fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-ancestors 'self' localhost localhost; object-src 'self' localhost localhost; script-src 'self' privacyportal-uat-cdn.onetrust.com clarity.ms www.clarity.ms d335luupugsy2.cloudfront.net analytics.tiktok.com googleads.g.doubleclick.net stackpath.bootstrapcdn.com *.googlesyndication.com www.googleadservices.com code.jquery.com plugin.handtalk.me cdn.datatables.net cdn.jsdelivr.net privacyportal-br-cdn.onetrust.com webchat.leanbot.com.br cdnjs.cloudflare.com cdn.cookielaw.org googletagmanager.com script.hotjar.com static.hotjar.com tagmanager.google.com www.googletagmanager.com fonts.googleapis.com www.google-analytics.com/analytics.js www.google.com/recaptcha/api.js ajax.googleapis.com connect.facebook.net www.gstatic.com gstatic.com gstatic.com cdn.polyfill.io localhost localhost 'unsafe-inline' 'unsafe-eval'; img-src 'self' * data: blob:; style-src 'self' privacyportal-uat-cdn.onetrust.com www.googletagmanager.com cdn.datatables.net privacyportal-br-cdn.onetrust.com webchat.leanbot.com.br stackpath.bootstrapcdn.com maxcdn.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com www.google.com/recaptcha cdn.jsdelivr.net 'unsafe-inline'; report-uri /csp_violation_reporting_endpoint; report-to PolicyName;  upgrade-insecure-requests; 1
default-src * 'unsafe-inline' 'unsafe-eval'; connect-src https://* wss://api.scaledrone.com/v3/websocket wss://ff.kis.v2.scr.kaspersky-labs.com; worker-src https://tetatet-club.ru/ https://www.gstatic.com/ https://mc.yandex.ru/ https://mc.yandex.com/ https://an.yandex.ru/ https://yastatic.net blob: *; frame-src https://* wss://ff.kis.v2.scr.kaspersky-labs.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* wss://ff.kis.v2.scr.kaspersky-labs.com https://www.gstatic.com/ https://mc.yandex.ru https://mc.yandex.com https://yandex.ru https://yastatic.net https://an.yandex.ru https://yandex.net https://www.google-analytics.com https://www.googletagmanager.com;img-src * blob: * data: https://* wss://ff.kis.v2.scr.kaspersky-labs.com; media-src * data: https://* wss://ff.kis.v2.scr.kaspersky-labs.com 1
child-src 'self' blob:;connect-src 'self' https://www.google-analytics.com https://cdn.polyfill.io https://maps.googleapis.com facebook.com google-analytics.com cdn.islandsbanki.is 12pjqcn2sm-dsn.algolia.net https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://consentcdn.cookiebot.com/ https://edge.adobedc.net https://adobedc.demdex.net https://widget.datablocks.se https://hub.mfn.se/ https://auth-test.isbank.is https://auth.islandsbanki.is https://*.google-analytics.com;default-src 'self';img-src 'self' data: https://imgsct.cookiebot.com/ https://www.facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.is *.siteimproveanalytics.io *.gstatic.com *.googleapis.com *.ytimg.com cdn.islandsbanki.is boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com prismic-io.s3.amazonaws.com isb-website.cdn.prismic.io images.prismic.io;font-src 'self' data: https://cdn.islandsbanki.is/;object-src 'none';media-src 'self';manifest-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline' *.prismic.io https://maps.googleapis.com https://prismic.io https://www.google.com https://www.youtube.com https://s.ytimg.com https://640islandsbanki.boost.ai https://islandsbanki-test.boost.ai https://www.googletagmanager.com https://www.gstatic.com https://siteimproveanalytics.com *.adobedc.net https://cdn.polyfill.io https://www.google-analytics.com https://connect.facebook.net https://www.google.com https://www.gstatic.com https://www.recaptcha.net/ https://consent.cookiebot.com https://consentcdn.cookiebot.com https://assets.adobedtm.com https://*.infogram.com 'nonce-1abd2946-21a3-44d6-b615-bf8a846c677c' 'sha256-QsLvY8Rx6B9JCjWGBE5gM3IN+2uclV2FJAUWMC4o58k=' 'sha256-1gIG1EI7ABKBfq8rVwk7j2MeEOIlut5+TbLxyAnCYTA=' 'sha256-yjbQYTDTGeh83tID7X4P8shfeXu07tD4iLjoMIr+e4w=' 'sha256-qEXb+QLuCAPNTPbZxHzxcXrnG22qOg/k7niD2csPshA=' 'sha256-gtKFj0yNetpIDkA36Pz+kl6/tx8y2XsLtD/uFt4lUYk=' 'sha256-n0UoCqE+tc6d0M/TW1hby5V7TqhUT2/yOVXzYgrjQr8=' 'sha256-4cFcsF0wg+c2o8ebtN0UyYJ+eUB2WN4lNfLtNhFrMOY=' 'sha256-RgYYoXl/1zyaVcUYLbP8Tl2uUKYE/5LSR4MZcXx3uSw=' 'sha256-bThgwhxJzyVwHL27q9n7UkF9smMI1M+u/xI4Ln1n6NY=' 'sha256-mGbGbnWys+WQjkr/v68zcXw5O6y8X97qI+UtewXd0yk=';style-src 'self' 'unsafe-inline' blob: *.adobedc.net;frame-src https://*.islandsbanki.is https://*.isbank.is https://gamli.islandsbanki.is https://*.islandssjodir.is https://www.youtube.com https://consentcdn.cookiebot.com https://www.vib.is https://*.isb.is https://*.infogram.com https://www.google.com https://www.gstatic.com https://isb-website.prismic.io/ https://www.recaptcha.net/ https://auth-test.isbank.is/ https://auth.islandsbanki.is/ https://islandsbanki-frodi-authentication.dev.kube.isbank.is https://*.featureupvote.com;worker-src 'self' blob: 1
frame-ancestors 'self' webvisor.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.polyfill.io *.jquery.com *.slgnt.eu *.morabanc.ad *.inbenta.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.googleadservices.com *.taboola.com *.adform.net *.facebook.net *.licdn.com *.doubleclick.net *.gstatic.com *.cookielaw.org *.windows.net morabanc.test *.inbenta.io *.hotjar.com unpkg.com;connect-src  *;frame-src *;img-src data: * 1
upgrade-insecure-requests; base-uri *; frame-ancestors *; form-action *; object-src *; 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.workable.com localhost:* localtest:* *.google.com ajax.googleapis.com ajax.aspnetcdn.com fonts.googleapis.com fonts.gstatic.com www.youtube.com s.ytimg.com *.googletagmanager.com vortex.data.microsoft.com *.hubspot.com *.hscta.net *.google-analytics.com iowa.gov *.jquery.com *.addthis.com *.googleapis.com *.addthisedge.com *.gstatic.com *.doubleclick.net *.fontawesome.com *.facebook.net *.facebook.com www.facebook.com html5.dcatalog.com *.cloudflare.com;object-src 'self' *.spindustry.com;style-src 'self' 'unsafe-inline' iowa.gov *.jquery.com maxcdn.bootstrapcdn.com fonts.googleapis.com tagmanager.google.com *.fontawesome.com *.cloudflare.com;img-src 'self' *.workable.com localhost:* localtest:* *.spintest.com *.hubspot.com iowa.gov *.goodblogscdn.com *.gstatic.com *.doubleclick.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.facebook.com;media-src 'self' *.spindustry.com;frame-src 'self' *.spindustry.com *.youtube.com *.google.com *.doubleclick.net *.googletagmanager.com *.ariba.com *.facebook.com *.dcatalog.com;font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.fontawesome.com;connect-src 'self' *.spindustry.com *.crazyegg.com *.g.doubleclick.net *.google-analytics.com *.fontawesome.com *.google.com;child-src *.youtube.com *.hubspot.com *.addthis.com *.google.com *.doubleclick.net;form-action 'self' *.spindustry.com *.ariba.com *.facebook.com;frame-ancestors *.spindustry.com *.ariba.com;manifest-src 'self';report-uri /WebResource.axd?cspReport=true 1
default-src 'self'  blob: data: *.mayoclinic.org *.gstatic.com *.googleapis.com maps.google.com translate.google.com kaltura.com *.kaltura.com *.vimeocdn.com vimeocdn.com vimeo.com *.vimeo.com svc.webspellchecker.net 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors *.adit.com;base-uri 'none';default-src 'none';script-src 'self' https: 'strict-dynamic' 'unsafe-inline' 'unsafe-hashes' 'nonce-XKtwSyNSOhuty0D5e5KDlJJBGMRNC9lM';script-src-elem https: 'unsafe-inline' 'unsafe-hashes';script-src-attr https: 'unsafe-inline' 'unsafe-hashes';object-src 'none';img-src 'self' https: data: blob:;style-src 'self' 'unsafe-hashes' 'unsafe-inline' 'nonce-XKtwSyNSOhuty0D5e5KDlJJBGMRNC9lM';style-src-elem https: 'unsafe-inline' 'unsafe-hashes';style-src-attr https: 'unsafe-inline' 'unsafe-hashes';media-src 'self';worker-src 'self' blob:;form-action 'self' https://www.facebook.com/tr/;connect-src 'self' https: ws:;font-src 'self' data: https: http:;frame-src 'self' https: http:;block-all-mixed-content;upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-AJfLTFPftH7Ub4G7bYSDTHZT/afhm9DyLYip9Pi4oQ4NsOHo' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://nowserving.ph 1
default-src 'self' www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com www.google.com www.gstatic.com *.googlesyndication.com www.googletagmanager.com connect.facebook.net js-agent.newrelic.com accounts.google.com *.googleadservices.com adservice.google.com adservice.google.com.pk googleads.g.doubleclick.net bam.nr-data.net onesignal.com *.onesignal.com; connect-src 'self' *.peekaboo.guru www.google-analytics.com maps.gstatic.com maps.googleapis.com pagead2.googlesyndication.com stats.g.doubleclick.net accounts.google.com bam.nr-data.net; img-src 'self' data: d2liqplnt17rh6.cloudfront.net www.google-analytics.com *.googleapis.com stats.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.facebook.com www.google.com www.google.com.pk googleads.g.doubleclick.net www.googleadservices.com pagead2.googlesyndication.com peekaboo-guru.s3-ap-southeast-1.amazonaws.com sp-ao.shortpixel.ai secure.gravatar.com https://peekaboo.guru https://*.peekaboo.guru; media-src 'self' d2liqplnt17rh6.cloudfront.net; style-src 'self' 'unsafe-inline' *.googleapis.com accounts.google.com onesignal.com *.onesignal.com; font-src 'self' d2liqplnt17rh6.cloudfront.net *.gstatic.com cdn.rawgit.com cdn.jsdelivr.net; frame-src 'self' https://peekaboo.guru https://*.peekaboo.guru www.facebook.com *.doubleclick.net tpc.googlesyndication.com www.google.com accounts.google.com; frame-ancestors https://peekaboo.guru https://*.peekaboo.guru https://zsajjad-93.firebaseapp.com; 1
frame-ancestors 'self' https://hojin.spokyo.jp/; 1
script-src 'self' https: 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; img-src https: 'self' data: 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com esskay.kiya.ai; report-uri /csp-violation 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com *.eurolandir.com; style-src 'unsafe-inline' 'self' 'report-sample'; font-src *; report-uri https://www.veon.com/@http-reporting?csp=report&requestTime=1715649893956912 1
script-src 'self' 'unsafe-inline' https://code.jquery.com/ https://cdn.jsdelivr.net/npm/ https://d1f8f9xcsvx3ha.cloudfront.net/ https://plausible.io/; sandbox allow-top-navigation allow-scripts allow-same-origin allow-forms allow-downloads; 1
default-src *.asus.com *.asus.com.cn *.freshworksapi.com https: 'unsafe-inline' 'unsafe-eval' blob: data: ws:;style-src * 'unsafe-inline';object-src *; script-src *.asus.com *.asus.com.cn https: 'unsafe-inline' 'unsafe-eval' blob: data:; frame-ancestors 'self' *.asus.com; 1
default-src 'self' https://fonts.googleapis.com; connect-src *; font-src * data: https://fonts.gstatic.com; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
img-src https: data:; default-src https: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; form-action 'none'; worker-src blob: ; media-src https://d10lpsik1i8c69.cloudfront.net/sounds/pop.mp3; connect-src 'self' wss://realtime.luckyorange.com/mqtt https://api.parkassist.com/ https://pubsub.googleapis.com/ wss://visitors.live/ https://api-preview.luckyorange.com/ wss://in.visitors.live/ https://settings.luckyorange.com/ https://settings.luckyorange.net/ https://flykc.cdn.prismic.io/ https://stats.g.doubleclick.net https://visitor2.constantcontact.com/ https://listgrowth.ctctcdn.com/ https://flykc-functions.azurewebsites.net/api/ https://www.google-analytics.com/ https://analytics.google.com/ https://www.cognitoforms.com/ https://api.openweathermap.org/ https://kc-airports.cdn.prismic.io/; font-src 'self' https://use.typekit.net https://cdnjs.cloudflare.com https://fonts.gstatic.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/npm/ https://connect.facebook.net https://d10lpsik1i8c69.cloudfront.net/ https://tools.luckyorange.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdnjs.cloudflare.com/ https://static.ctctcdn.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://static.cognitoforms.com/ https://www.cognitoforms.com/ https://static.cdn.prismic.io; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://d10lpsik1i8c69.cloudfront.net https://static.ctctcdn.com/ https://fonts.googleapis.com/ https://p.typekit.net https://use.typekit.net https://cdnjs.cloudflare.com; frame-src https://maps.google.com/ https://www.youtube.com/ https://www.google.com/ https://4475515.fls.doubleclick.net/ https://book.appointedd.com/ https://pcmap-kci-new.netlify.app/ https://flymkc.prismic.io/ https://kc-airports.cdn.prismic.io/; img-src 'self' https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://d10lpsik1i8c69.cloudfront.net/ https://www.facebook.com/tr/ https://images.prismic.io https://flymkc.cdn.prismic.io/flymkc/ data: w3.org/svg/2000; frame-ancestors 'none'; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: blob:; connect-src 'self' https: data:; font-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; media-src 'self' https: data: blob:; child-src 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'self' data:; frame-src 'self' https: data: blob:; worker-src 'self' blob:; manifest-src 'self'; navigate-to 'self'; base-uri 'self'; block-all-mixed-content; upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://graz.social; img-src 'self' https: data: blob: https://graz.social; style-src 'self' https://graz.social 'nonce-LpABtiPnH+zdcvj3Kapt8g=='; media-src 'self' https: data: https://graz.social; frame-src 'self' https:; manifest-src 'self' https://graz.social; form-action 'self'; child-src 'self' blob: https://graz.social; worker-src 'self' blob: https://graz.social; connect-src 'self' data: blob: https://graz.social https://graz.social wss://graz.social; script-src 'self' https://graz.social 'wasm-unsafe-eval' 1
script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://vmeste.eu https://wmeste.net https://*.vmeste.org https://www.paypal.com/ https://yookassa.ru/checkout-widget/v1/checkout-widget.js https://static.yoomoney.ru/checkout-client/checkout-widget.js https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js https://mc.yandex.com/ https://js.stripe.com/ 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-src *; frame-ancestors 'self' https://*.googleapis.com https://*.petersenshunting.com http://*.petersenshunting.com https://*.androidplatform.net https://*.twixlmedia.com/ http://*.twixlmedia.com https://us.content.twixlmedia.com https://*.akamaized.net http://*.akamaized.net https://*.osgnetworks.tv file://* filesystem:; 1
default-src 'self' 'unsafe-inline' 'wasm-eval' 'unsafe-eval' https: data: blob: cdn2.hubspot.net *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net  js.hscollectedforms.net js.hsleadflows.net js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hs-banner.net *.hsforms.net *.hsforms.com static.hsappstatic.net js.hubspotfeedback.com feedback.hubapi.com js.usemessages.com *.vidyard.com *.metrodemedellin.gov.co fonts.googleapis.com *.google-analitycs.com *.googletagmanager.com gov.co *.hubspotusercontent-na1.net metrodemedellin.creatio.com;; upgrade-insecure-requests 1
: upgrade-insecure-requests 1
upgrade-insecure-requests; default-src 'self'; script-src 'self'; style-src 'self'; form-action 'self' https://search.nerdvpn.de/searxng/search; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self'; frame-src 'self' https://updown.io 1
default-src 'self' ifdb.org www.google.com 'nonce-OxsOv7py'; script-src 'self' ifdb.org www.google.com 'nonce-OxsOv7py'; style-src 'self' ifdb.org 'nonce-OxsOv7py'; frame-ancestors 'self'; 1
frame-ancestors www.samsung.com www.samsung.net www.webcollage.net www.webcollage.net www.abt.com agent.samsungsupport.com admin.samsungsupport.com nacyberadmin site-36720.preview.bcvp0rtal.com nacyberagent samsung.brightcovegallery.com retail.samsungusa.com:9003 aem.samsung.com qaweb.samsung.com aem-eu.samsung.com www.mobilevirtualtour.com samsung-tmo-stage.herokuapp.com 5g.samsungtmobile.com www.uscellular.com wesit11.we-nonprod.uscc.com wesitaem.we-nonprod.uscc.com www.walmart.com tempo.cxtools-stg.walmart.com www-stage.walmart.com virtualstore.att.com att.beta.obsessvr.com i5.walmartimages.com wesit7.we-nonprod.uscc.com/ wesit7.we-nonprod.uscc.com/samsung *.samsungsupport.com 1
default-src 'self' *.binomoidr.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.clarity.ms *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomoidr.com *.binomo.com wss://as.binomoidr.com:* wss://as.binomo.com:* wss://ws.binomoidr.com:* wss://ws.binomo.com:* s.yimg.com https://mc.yandex.ru; font-src data: 'self' *.zopim.com *.gstatic.com themes.googleusercontent.com *.binomoidr.com *.binomo.com; img-src * *.ttwstatic.com data:; media-src 'self' *.binomoidr.com *.binomo.com; script-src 'self' *.ada.support www.tiktok.com *.ttwstatic.com static.ads-twitter.com sc-static.net tr.snapchat.com *.clarity.ms *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com *.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomoidr.com *.binomo.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://mc.yandex.ru https://yastatic.net; style-src 'self' *.ttwstatic.com *.google.com fonts.googleapis.com 'unsafe-inline' *.binomoidr.com *.binomo.com 1
frame-ancestors 'self'; img-src 'self' data: https: http: *.w3.org *.trustedshops.com cdnjs.cloudflare.com s3-eu-west-1.amazonaws.com track.adform.net *.google.com *.gstatic.com *.googleapis.com *.gstatic.com;font-src 'self' data: https: http: *.w3.org fonts.evn.at netdna.bootstrapcdn.com *.trustedshops.com *.google.com *.gstatic.com *.googleapis.com *.gstatic.com 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.yamamotonutrition.com maxcdn.bootstrapcdn.com www.paypalobjects.com *.abtasty.com *.fontawesome.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://0merchantacsstag.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://assets.braintreegateway.com https://c.paypal.com https://tst.kaptcha.com https://geostag.cardinalcommerce.com https://0merchantacsstag.cardinalcommerce.com https://centinelapistag.cardinalcommerce.com https://checkout.paypal.com https://www.google.com https://player.vimeo.com *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net *.abtasty.com https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.google.it https://b.stats.paypal.com https://c.paypal.com https://dub.stats.paypal.com blob: *.bird.eu *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net *.cdninstagram.com *.instagram.com meetanshi.com black.bird.eu criteo-partners.tremorhub.com sync-criteo.ads.yieldmo.com beacon.krxd.net e1.emxdgt.com exchange.mediavine.com id5-sync.com jadserve.postrelease.com matching.ivitrack.com s.thebrighttag.com visitor.omnitagjs.com bat.bing.com c.clarity.ms events.smct.co imgsct.cookiebot.com https://c.bing.com *.abtasty.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://img.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' data: www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com https://www.google.com https://www.gstatic.com https://c.paypal.com https://songbirdstag.cardinalcommerce.com *.attn.tv events.attentivemobile.com s7.addthis.com *.yamamotonutrition.com *.trustpilot.com *.criteo.com *.criteo.net cdn.ometria.com js-agent.newrelic.com widget.trustpilot.com trk.ometria.com bam.nr-data.net ih.adscale.de ads.yahoo.com ups.analytics.yahoo.com ib.adnxs.com sync-t1.taboola.com simage2.pubmatic.com criteo-sync.teads.tv pixel.rubiconproject.com contextual.media.net gum.criteo.com cm.g.doubleclick.net rtb-csync.smartadserver.com s.ad.smaato.net eb2.3lift.com ad.360yield.com r.casalemedia.com sync.outbrain.com x.bidswitch.net match.sharethrough.com ad.mail.ru cm.adform.net ad.yieldlab.net static.zdassets.com *.newrelic.com *.nr-data.net *.cookiebot.com https://connect.facebook.net www.dwin1.com bat.bing.com static.hotjar.com analytics.tiktok.com smct.co script.hotjar.com js.smct.co www.clarity.ms www.google.it *.abtasty.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.google.com www.xtento.com cdn.xtento.com *.ometria.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com https://www.gstatic.com *.yamamotonutrition.com maxcdn.bootstrapcdn.com *.abtasty.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io https://payments.sandbox.braintree-api.com https://api.sandbox.braintreegateway.com https://origin-analytics-sand.sandbox.braintree-api.com https://centinelapistag.cardinalcommerce.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://writer.cardinalcommerce.com https://www.sandbox.paypal.com https://vimeo.com *.attn.tv events.attentivemobile.com ekr.zdassets.com/ *.yamamotonutrition.com yamamotonutrition.zendesk.com zendesk-eu.my.sentry.io invitejs.trustpilot.com *.newrelic.com *.nr-data.net measurement-api.criteo.com *.analytics.google.com www.google.it consentcdn.cookiebot.com js.smct.io js.smct.co analytics.tiktok.com z.clarity.ms ws.hotjar.com content.hotjar.io analytics.pangle-ads.com rest.iafnetwork.com metrics.hotjar.io w.clarity.ms wss://ws.hotjar.com *.abtasty.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com t.elasticsuite.io *.google-analytics.com *.ometria.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://*.fsho.st https://fshost.me https://js.stripe.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-xTmxWHgRldGtWGzAFXjYucAmYhEKECCi8UNuuckoDJ6NDRx9' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; connect-src *; frame-src *; font-src * data:; media-src *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
script-src 'self' https://*.grantstreet-cdn.com https://*.govhub.com https://*.grantstreet.com:* https://vault.county-taxes.com https://www.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://secure.gravatar.com https://admin.typeform.com https://*.paypal.com https://*.paypalobjects.com 'nonce-2942694fe8d0217fac2ffe11f30850d6'; connect-src 'self' https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://*.county-taxes.com:* https://county-taxes.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://pay.google.com https://google.com/pay https://www.google.com/pay https://*.algolia.io https://*.algolia.net https://*.algolianet.com stats.g.doubleclick.net https://translation.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.grantstreet-cdn.com https://govhub.com https://pay-hub.net https://*.govhub.com https://*.pay-hub.net https://*.grantstreet.com:* https://*.payment-express.net https://sentry.io https://*.sentry.io https://*.launchdarkly.com https://admin.typeform.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://api.lob.com https://*.paypal.com https://*.paypalobjects.com https://s3.amazonaws.com https://cdn-grantstreet-com.s3.amazonaws.com https://www.google.com; object-src 'none'; frame-ancestors 'self' https://*.govhub.com https://govhub.com https://*.pay-hub.net https://pay-hub.net https://atcwebsite-gsg.azurewebsites.net https://sbcountyatc.gov; report-uri https://o168195.ingest.sentry.io/api/1432778/security/?sentry_key=10c054b10b974c81b73423a0d835e640; 1
default-src 'self' statsng.knobelbecher.net 'unsafe-inline'; img-src 'self' https:; script-src 'self' statsng.knobelbecher.net 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.spyic.com https://spyic.com https://*.google.com 1
default-src 'self' https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://cdn.curator.io https://static.etracker.com https://www.etracker.de https://code.etracker.com https://*.delivery.consentmanager.net https://cdn.consentmanager.net;style-src 'self' 'unsafe-inline' https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://fonts.googleapis.com https://cdn.curator.io https://www.youtube.com;img-src 'self' data:  https://cdn.consentmanager.net https://consentmanager.mgr.consensu.org https://cdn.consentmanager.mgr.consensu.org https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://curator-assets.b-cdn.net https://pbs.twimg.com https://media-exp1.licdn.com https://*.fbcdn.net https://yt3.ggpht.com https://i.ytimg.com *.google.ae/ads/ *.google.al/ads/ *.google.am/ads/ *.google.at/ads/ *.google.ba/ads/ *.google.be/ads/ *.google.bg/ads/ *.google.bj/ads/ *.google.by/ads/ *.google.ca/ads/ *.google.cd/ads/ *.google.ch/ads/ *.google.cl/ads/ *.google.cn/ads/ *.google.co.id/ads/ *.google.co.il/ads/ *.google.co.in/ads/ *.google.co.jp/ads/ *.google.co.kr/ads/ *.google.co.ma/ads/ *.google.co.nz/ads/ *.google.co.th/ads/ *.google.co.uk/ads/ *.google.co.uz/ads/ *.google.co.za/ads/ *.google.com.au/ads/ *.google.com.bd/ads/ *.google.com.br/ads/ *.google.com.co/ads/ *.google.com.cy/ads/ *.google.com.ec/ads/ *.google.com.eg/ads/ *.google.com.hk/ads/ *.google.com.jm/ads/ *.google.com.lb/ads/ *.google.com.mx/ads/ *.google.com.my/ads/ *.google.com.ng/ads/ *.google.com.np/ads/ *.google.com.ph/ads/ *.google.com.pk/ads/ *.google.com.qa/ads/ *.google.com.sa/ads/ *.google.com.sg/ads/ *.google.com.tr/ads/ *.google.com.tw/ads/ *.google.com.ua/ads/ *.google.com.uy/ads/ *.google.com.vn/ads/ *.google.com/ads/ *.google.cz/ads/ *.google.de/ads/ *.google.dk/ads/ *.google.dz/ads/ *.google.es/ads/ *.google.fi/ads/ *.google.fr/ads/ *.google.gr/ads/ *.google.gy/ads/ *.google.hr/ads/ *.google.hu/ads/ *.google.ie/ads/ *.google.it/ads/ *.google.jo/ads/ *.google.li/ads/ *.google.lt/ads/ *.google.lu/ads/ *.google.lv/ads/ *.google.md/ads/ *.google.mk/ads/ *.google.mu/ads/ *.google.nl/ads/ *.google.no/ads/ *.google.pl/ads/ *.google.pt/ads/ *.google.ro/ads/ *.google.rs/ads/ *.google.ru/ads/ *.google.se/ads/ *.google.si/ads/ *.google.sk/ads/ *.google.tn/ads/ https://*.delivery.consentmanager.net;font-src 'self' https://fonts.gstatic.com https://cdn.curator.io  data:;connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com *.cloudfront.net  https://api.curator.io https://www.etracker.de https://consentmanager.mgr.consensu.org https://*.delivery.consentmanager.net;frame-src https://register.gotowebinar.com  https://www.movingimage24.com https://videomanager.movingimage24.com https://irs.tools.investis.com https://e.video-cdn.net https://vimeo.com https://webcast2.promeas.com/ https://player.vimeo.com/ https://www.brn-ag.de/ https://soziale-anwendung.de/ https://www.youtube.com/embed/ https://www.youtube-nocookie.com/;media-src 'self' blob: https://curator-assets.b-cdn.net *.cloudfront.net/jenoptik/ https://video.twimg.com;worker-src blob:;report-uri https://jeno.report-uri.com/r/d/csp/enforce 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src * 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com  https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.nblyprod.com https://*.web-2-tel.com https://*.groundsguys.com https://*.licdn.com https://*.convertexperiments.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.graph.facebook.com https://*.facebook.com https://*.linkedin.com https://*.localiq.com https://*.phluant.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://*.groundsguys.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; object-src 'none'; connect-src https://*.calltrk.com https://*.callrail.com https://*.cloudflare.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net  https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.groundsguys.com https://*.convertexperiments.com https://*.googlesyndication.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai wss://*.yellow.ai wss://*.cloud.yellow.ai wss://*.app.yellow.ai https://*.facebook.com https://*.linkedin.com https://*.localiq.com; font-src https://*.cloudflare.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob: https://*.groundsguys.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; frame-src https://*.cloudflare.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.mrrooter.com https://*.broadly.com https://*.cloudfront.net blob: https://*.groundsguys.com https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; media-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai; worker-src https://*.yellow.ai https://*.yellowmessenger.com https://*.cloud.yellow.ai https://*.app.yellow.ai blob: 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com data:;img-src 'self' data: dezerv-assets.s3.ap-south-1.amazonaws.com dezerv-profile-images.s3.ap-south-1.amazonaws.com dezerv-strapi-integration.s3.ap-south-1.amazonaws.com dezerv-strapi-test.s3.ap-south-1.amazonaws.com t.co analytics.twitter.com googleads.g.doubleclick.net www.facebook.com www.google.com www.google.co.in px.ads.linkedin.com facebook.net storage.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' widgets.in.webengage.com www.googletagmanager.com https: fc.dezerv.in www.google.co.in facebook.net www.facebook.com data:;frame-src 'self' inz8261735b.in.webengage.co inzz71680a69.in.webengage.co dezerv-assets.s3.ap-south-1.amazonaws.com www.youtube.com calendly.com td.doubleclick.net facebook.net www.facebook.com www.google.com; 1
frame-ancestors 'self' *.myshopify.com *.pasilobus.com *.shopify.com 1
default-src 'none' 'self' mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com.tr yastatic.net https://yastatic.net ajax.googleapis.com www.google-analytics.com https://www.google-analytics.com googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com vk.com https://vk.com https://login.vk.com platform.twitter.com https://platform.twitter.com; font-src 'self' data: yastatic.net fonts.gstatic.com https://fonts.gstatic.com; object-src pagead2.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://prozavr.ru top-fwz1.mail.ru *.yandex.ru https://yandex.ru yandex.ru yandex.com https://yandex.by *.yandex.net https://site.yandex.net https://yandex.st yandex.st yandex.ua https://yastatic.net yastatic.net mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.fr https://mc.yandex.kz https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.uz https://mc.yandex.ee https://mc.yandex.tj https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.kg https://cdn.jsdelivr.net/npm/yandex-metrica-watch/ https://conoret.com https://cdn.ampproject.org https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ ajax.googleapis.com  api.google.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com https://www.google-analytics.com www.google-analytics.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://translate.google.com https://translate.google.cn https://translate.googleapis.com https://translate-pa.googleapis.com https://googleads.g.doubleclick.net www.googletagmanager.com googletagmanager.com www.googletagservices.com https://www.googletagservices.com https://partner.googleadservices.com vk.com platform.twitter.com https://platform.twitter.com https://s.tradingview.com https://s3.tradingview.com https://fundingchoicesmessages.google.com https://adservice.google.ru https://adservice.google.com https://adservice.google.co.th https://adservice.google.kz https://adservice.google.co.uz https://adservice.google.co.jp https://adservice.google.kg https://adservice.google.co.kr https://adservice.google.com.vn https://adservice.google.by https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.com.ua https://adservice.google.lv https://adservice.google.pl https://adservice.google.se https://adservice.google.com.tr https://adservice.google.be https://adservice.google.hu https://adservice.google.am https://adservice.google.ge https://adservice.google.bg https://adservice.google.com.tj https://adservice.google.nl https://adservice.google.de https://adservice.google.co.in https://adservice.google.cz https://adservice.google.az https://adservice.google.ee https://adservice.google.com.sg https://adservice.google.lk https://adservice.google.ae https://adservice.google.md https://adservice.google.ca https://adservice.google.com.cy https://adservice.google.sk https://adservice.google.it https://adservice.google.com.eg https://adservice.google.lt https://adservice.google.no https://adservice.google.com.om https://adservice.google.fr https://adservice.google.es https://adservice.google.co.uk https://adservice.google.dk https://adservice.google.fi https://adservice.google.com.mx https://adservice.google.com.lb https://adservice.google.com.hk https://adservice.google.com.pk https://adservice.google.dz https://adservice.google.mn https://adservice.google.iq https://adservice.google.co.za https://adservice.google.me https://adservice.google.is https://adservice.google.com.br https://adservice.google.tm https://adservice.google.rs https://adservice.google.com.qa https://adservice.google.com.ph https://adservice.google.com.my https://adservice.google.com.mt https://adservice.google.pt https://adservice.google.co.nz https://adservice.google.ba https://adservice.google.gr https://adservice.google.mu https://adservice.google.com.cu https://adservice.google.com.au https://adservice.google.jo https://adservice.google.al https://adservice.google.com.kh https://adservice.google.cv https://adservice.google.mk https://adservice.google.sn https://adservice.google.com.pa https://adservice.google.ro https://adservice.google.com.sa https://adservice.google.at https://adservice.google.ch https://adservice.google.tn https://adservice.google.co.ao https://adservice.google.ie https://adservice.google.mv https://adservice.google.com.bd https://adservice.google.co.tz https://adservice.google.com.gt https://adservice.google.com.np https://adservice.google.com.pe https://adservice.google.com.kw https://adservice.google.com.tw https://adservice.google.si https://adservice.google.co.ke https://adservice.google.hr https://adservice.google.com.ar https://adservice.google.ci https://adservice.google.lu https://adservice.google.com.co https://adservice.google.com.bh https://adservice.google.co.ma https://adservice.google.co.zm https://adservice.google.bs https://adservice.google.sc https://adservice.google.com.mm https://adservice.google.cm https://adservice.google.com.na https://adservice.google.la https://adservice.google.com.ec https://adservice.google.co.cr https://adservice.google.ml https://adservice.google.com.af https://adservice.google.com.uy https://adservice.google.rw https://adservice.google.cl https://adservice.google.co.ve https://adservice.google.bf https://adservice.google.mg https://adservice.google.ga https://adservice.google.com.et https://adservice.google.ne https://adservice.google.bj https://adservice.google.com.ng https://adservice.google.sm https://adservice.google.sr https://adservice.google.com.jm https://adservice.google.com.ly https://adservice.google.co.ug https://adservice.google.com.py https://adservice.google.com.sv https://adservice.google.com.pr https://adservice.google.co.mz https://adservice.google.hn https://adservice.google.com.bo https://adservice.google.ps https://adservice.google.tg https://adservice.google.co.zw https://adservice.google.com.bn https://adservice.google.li https://adservice.google.com.gh https://adservice.google.com.bz https://adservice.google.ad https://adservice.google.tt https://adservice.google.vg https://adservice.google.com.ni https://adservice.google.com.gi; img-src 'self' data: https://prozavr.ru top-fwz1.mail.ru *.yandex.net *.adfox.ru *.yandex.ru yandex.ru yandex.com mc.yandex.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.kg https://mc.yandex.uz https://mc.yandex.tj https://mc.yandex.md https://mc.yandex.az https://mc.yandex.tm *.yandex.net yandex.st yastatic.net https://yastatic.net clck.yandex.ru https://yandex.ru https://yandex.ua https://www.yandex.ua https://yandex.by https://www.yandex.by https://webmaster.yandex.ru https://www.google.com https://www.google.ru https://www.google.kg https://www.google.co.th https://www.google.fr https://www.google.kz  https://www.google.com.ua https://www.google.lv https://www.google.md https://www.google.pl https://www.google.lt https://www.google.by https://www.google.cz https://www.google.co.uk https://www.google.am https://ssl.google-analytics.com https://*.googleusercontent.com https://tpc.googlesyndication.com pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net gstatic.com https://www.gstatic.com https://translate.googleapis.com https://*.ggpht.com counter.rambler.ru counter.yadro.ru www.google-analytics.com google-analytics.com https://www.google-analytics.com https://vk.com vk.com https://syndication.twitter.com https://twitter.com https://*.userapi.com https://csi.gstatic.com translate.google.com *.ytimg.com img.youtube.com https://*.ytimg.com https://img.youtube.com https://ad.adriver.ru https://ad.doubleclick.net https://wcm-ru.frontend.weborama.fr https://tps.doubleverify.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net yastatic.net *.adfox.ru https://translate.googleapis.com fonts.googleapis.com https://fonts.googleapis.com; connect-src 'self' blob: http://127.0.0.1:* yastatic.net *.adfox.ru *.yandex.ru yandex.ru yandex.com top-fwz1.mail.ru https://mc.yandex.ru https://mc.yandex.ua https://mc.yandex.by https://mc.yandex.kz https://mc.yandex.fr https://mc.yandex.com https://mc.yandex.com.tr https://mc.yandex.uz https://mc.yandex.ee https://mc.yandex.tj https://mc.yandex.lv https://mc.yandex.md https://mc.yandex.com.ge https://mc.yandex.kg https://mc.yandex.az https://mc.yandex.tm https://www.google.com.ua https://ymetrica1.com https://yandexmetrica.com:* yandex.st https://translate.yandex.net  https://browser.translate.yandex.net https://csp.yandex.net https://favicon.yandex.net https://www.google.ru https://www.google.by https://www.google.kg https://www.google.co.th https://www.google.fr https://www.google.kz https://www.google.lv https://www.google.md https://www.google.pl https://www.google.lt https://stats.g.doubleclick.net https://region1.analytics.google.com https://analytics.google.com www.google-analytics.com https://www.google-analytics.com https://pagead2.googlesyndication.com pagead2.googlesyndication.com www.googletagservices.com https://partner.googleadservices.com https://csi.gstatic.com https://translate.googleapis.com https://adservice.google.com https://fundingchoicesmessages.google.com; child-src 'self' mc.yandex.ru https://mc.yandex.ru https://mc.yandex.md googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com awaps.yandex.ru yastatic.net vk.com platform.twitter.com https://login.vk.com https://static.doubleclick.net; frame-src yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru *.adfox.ru https://mc.yandex.md https://mc.yandex.com https://www.google.com https://recaptcha.google.com https://googleads.g.doubleclick.net https://securepubads.g.doubleclick.net https://tpc.googlesyndication.com https://yoomoney.ru; media-src blob: data: yastatic.net *.yandex.net *.yandex.ru yandex.ru *.adfox.ru yandex.com; report-uri https://prozavr.ru/temp/csp/errors_csp_writer.php; 1
object-src: 'unsafe-eval' https://*.googlesyndication.com https://code.jquery.com/ https://forpcid13.aocdn.net/ https://www.flickr.com/ http://barnesjewishtest.bjc.org/ https://www.googletagmanager.com/; connect-src: 'self' http://barnesjewishhospital.sc.omtrdc.net/ https://*.google.com https://*.googlesyndication.com https://api.yourdiseaserisk.org/ https://iqapp.inquicker.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.googletagservices.com; frame-src: 'self' http://e.issuu.com/ http://email.barnesjewish.org/ http://maps.google.com/ http://www.barnesjewish.org/ http://www.google.com/ https://*.google.com https://*.googlesyndication.com https://app.sli.do/ https://barnesjewish.thehcn.net/ https://bjc.hrm.healthgrades.com/ https://clyp.it/ https://momento360.com/ https://slate.barnesjewishcollege.edu/ https://www.bjcmedicalgroup.org/ https://www.google.com/ https://www.youtube.com/; font-src: 'self' data: https://fonts.gstatic.com https://locator.hiv.gov/ https://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/; img-src: 'self' data: resource: http://cbk0.googleapis.com http://clients1.google.com/ http://cm.everesttech.net/ http://khm0.googleapis.com http://khm1.googleapis.com http://www.barnesjewish.org/ http://www.bjc.org/ http://www.w3.org/ https://*.google.com https://*.googlesyndication.com https://aa.agkn.com/ https://assets.yourdiseaserisk.org/ https://barnesjewishhospital.sc.omtrdc.net/ https://bjsphtest.bjc.org/ https://cbks0.googleapis.com https://ce.lijit.com/ https://dmp.truoptik.com/ https://dnnapi.com/ https://doctors.bjc.org/ https://dsum-sec.casalemedia.com/ https://forpcid13.aocdn.net/ https://global.ib-ibi.com/ https://i.ytimg.com/ https://ib.mookie1.com/ https://idsync.reson8.com/ https://idsync.rlcdn.com/ https://khms0.googleapis.com https://khms1.googleapis.com/ https://locator.hiv.gov/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://match.prod.bidr.io/ https://sync.1rx.io/ https://sync.crwdcntrl.net/ https://sync.go.sonobi.com/ https://sync.navdmp.com/ https://sync.search.spotxchange.com/ https://tag.apxlv.com/ https://uipglob.semasio.net/ https://uipus.semasio.net/ https://www.barnesjewishwestcounty.org/ https://www.bjc.org/ https://www.foundationbarnesjewish.org/ https://www.google.com/ https://www.googleapis.com/ https://www.googletagmanager.com/ ; script-src: 'self' 'unsafe-eval' 'unsafe-inline' http://barnesjewishtest.bjc.org/ http://bjcqa.bjc.org/ http://cdn.livechatinc.com/ http://cse.google.com/ http://d31y97ze264gaa.cloudfront.net/ http://maps.google.com/ http://www.google.com/ http://www.googletagmanager.com/ https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://api.livechatinc.com/ https://apis.google.com/ https://assets.yourdiseaserisk.org/ https://barnesjewish.thehcn.net/ https://bjc.hrm.healthgrades.com/ https://bs.serving-sys.com/ https://catalog.dotnetnuke.com/ https://cdn-forpcid13.actonsoftware.com/ https://cse.google.com/ https://d31y97ze264gaa.cloudfront.net/ https://dmp.truoptik.com/ https://forpcid13.aocdn.net/ https://iqapp.inquicker.com/ https://locator.aids.gov/ https://maps.googleapis.com/ https://pnapi.invoca.net https://slate.barnesjewishcollege.edu/ https://solutions.invocacdn.com/ https://use.fontawesome.com/ https://vuejs.org/ https://www.barnesjewish.org/ https://www.bjcmedicalgroup.org/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://www.youtube.com/ ; style-src: 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://www.google.com/ https://*.google.com https://assets.yourdiseaserisk.org/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com/ https://use.fontawesome.com/ https://www.barnesjewish.org/ https://www.barnesjewishwestcounty.org/; child-src: blob: https://*.google.com/ https://*.googlesyndication.com; media-src: 'self' https://s3.amazonaws.com/ https://dai.google.com; prefetch-src: 'self' https://*.googlesyndication.com; worker-src: blob: https://www.google.com; 1
default-src 'self' https://l.sharethis.com *.corenetglobal.org *.crazyegg.com; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com https://*.googletagmanager.com https://platform-api.sharethis.com https://buttons-config.sharethis.com https://l.sharethis.com https://www.instagram.com https://assets.adobedtm.com https://www.googletagservices.com https://s.zkcdn.net https://www.snapengage.com http://platform.stumbleupon.com https://*.adroll.com https://securepubads.g.doubleclick.net https://www.rumiview.com https://tags.crwdcntrl.net/ https://engine.multiview.com/ *.wistia.net *.wistia.com *.vimeo.com https://acsbapp.com *.adzerk.net *.crazyegg.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://maxcdn.icons8.com https://maxcdn.bootstrapcdn.com *.typekit.net *.crazyegg.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.corenetglobal.org http://cloudfront.higherlogic.com https://fast.wistia.com https://www.snapengage.com https://bcp.crwdcntrl.net https://*.adroll.com https://www.rumiview.com https://*.g.doubleclick.net https://x.bidswitch.net https://dsum-sec.casalemedia.com *.wistia.net *.wistia.com *.google.com *.amazonaws.com *.vimeo.com *.acsbapp.com *.cbre.com * web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://maxcdn.icons8.com https://maxcdn.bootstrapcdn.com *.typekit.net *.wistia.net *.wistia.com *.vimeo.com; frame-src 'self' https://widget.tagembed.com https://www.linkedin.com https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://www.youtube.com https://fast.wistia.com https://*.fls.doubleclick.net https://bcp.crwdcntrl.net https://www.facebook.com *.wistia.net *.wistia.com *.vimeo.com https://w.soundcloud.com https://soundcloud.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://l.sharethis.com https://*.g.doubleclick.net https://*.adroll.com *.wistia.net *.wistia.com *.litix.io *.vimeo.com *.acsbapp.com acsbapp.com *.snapengage.com *.crazyegg.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.net *.wistia.com *.amazonaws.com *.vimeo.com *.snapengage.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-gOfPsPbufyUus+TfD6xRnw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' 'https://www.corianquartz.com' 'http://corian-uk.telkeadev.lu' 'http://corian-us.telkeadev.lu' 'https://www.corian.com' 'https://www.corian.uk' 'https://www.corian.it' 'https://www.corian.fr' 'https://www.corian.de' 'https://www.corian.es' 'https://dps-coriantools.azurewebsites.net' 'https://www.colors.corian.com' 'https://market.bimsmith.com' 'https://www.youtube.com' 'https://youtu.be' 'https://fr.zone-secure.net' 'https://content.zone-secure.net' 'http://en-gb-corian.azureedge.net' 'https//code.metalocator.com' 'http://dpscrm.force.com' 'http://player.youku.com' 'https://yuntu.amap.com' 'http://yingkebao.top'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; form-action https:; img-src 'self' data:; connect-src https: wss:; object-src 'none' 1
default-src 'self'; base-uri 'none'; form-action 'self' https://*.stadtmobil.de https://ewi3-stadtmobil.cantamen.de; style-src 'self' 'unsafe-inline' *.cookiebot.com; script-src 'self' 'unsafe-inline' *.stadtmobil.de statistik.stadtmobil.de *.cookiebot.com maps.googleapis.com www.google.com www.gstatic.com www.meinungsmeister.de; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com *.stadtmobil.de *.cantamen.de www.google.com app.cituro.com www.vvs.de www.meinungsmeister.de www.stadtradeln.de *.youtube.com *.vimeo.com *.vimeocdn.com; font-src 'self'; object-src 'self'; img-src 'self' data: maps.googleapis.com maps.gstatic.com www.meinungsmeister.de imgsct.cookiebot.com; connect-src 'self' https://www.stadtmobil.de https://statistik.stadtmobil.de https://mein.stadtmobil.de https://consentcdn.cookiebot.com https://maps.googleapis.com www.meinungsmeister.de; frame-ancestors 'self' https://*.stadtmobil.de https://*.cantamen.de https://*.eifel-carsharing.de https://ewi3-stadtmobil.cantamen.de; 1
frame-ancestors 'self' https://manage.controlglobal.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://www.bern-altstadt.ch https://www.mediservice-news.ch https://rechner.soziale-sicherheit-chss.ch https://bsv.admin.ch https://www.bsv.admin.ch https://jobcloud.ch https://*.jobcloud.ch https://jobs.ch https://*.jobs.ch https://jobup.ch https://*.jobup.ch https://ingjobs.ch https://ictcareer.ch https://jobs4sales.ch https://financejobs.ch https://medtalents.ch https://jobwinner.ch https://alpha.ch https://topjobs.ch https://*.jobscout24.ch https://impieghi.ch https://*.impieghi.ch https://*.stellenmarkt.ch https://www.mediapulse.ch https://app.diespeisekarte.ch https://www.diespeisekarte.ch https://transport.opendata.ch https://www.agfs.ch; 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.doubleclick.net *.fls.doubleclick.net googleads.g.doubleclick.net *.whirlpool.com.hk *.gstatic.com *.google.com connect.facebook.net fonts.googleapis.com www.google-analytics.com www.googleadmanager.com www.googleadservices.com www.googletagmanager.com www.google.com.hk www.facebook.com www.youtube.com kgkhfc1zv8.execute-api.ap-southeast-1.amazonaws.com lcw2xs8c5a.execute-api.ap-southeast-1.amazonaws.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self'; child-src 'self'; 1
img-src 'self' camo.paste.gg; base-uri 'none'; font-src 'self'; frame-ancestors 'none'; block-all-mixed-content; require-sri-for script style; object-src 'none'; script-src 'self' 'sha384-A2Cd83LK7Q1Ls2PxqX8v/Lw6ZsWCyoCxjfSsylZSS0R0EA+OfmdVhQ55grXz6EoD'; style-src 'self' 'sha384-qQGz9YhYoRo4u5ckRQ/Fu94ApMJ6UuVWt4iUTsJDKwK80/ynm1+rFxDl5JTuPCem'; default-src 'self' 1
script-src http: https: https://m2.adendorff.co.za/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' https://m2.adendorff.co.za/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com staticw2.yotpo.com; frame-src *.cognitoforms.com assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com 1
block-all-mixed-content; frame-ancestors *.agroline.com.br 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.amildental.com.br https://amildentalvenda.custhelp.com https://pagead2.googlesyndication.com https://td.doubleclick.net https://docs.google.com https://wb.zoss.com.br https://polyfill.io https://go.botmaker.com https://storage.googleapis.com https://twemoji.maxcdn.com https://static.carroporassinatura.net https://cdn.jsdelivr.net wss://ws.botmaker.com https://m-infra.appspot.com https://amildentalvenda--tst1.custhelp.com https://amilsoaprdpub-oci.opc.oracleoutsourcing.com https://amilsoatstpub-oci.opc.oracleoutsourcing.com https://content.hotjar.io https://in.hotjar.com https://p1440786c1prd-store.occa.ocs.oraclecloud.com https://p1440786c1tst-store.occa.ocs.oraclecloud.com https://www.amildental.com.br https://experiments-prod-us.occa.ocs.oraclecloud.com https://visit-prod-us.occa.ocs.oraclecloud.com https://metrics.hotjar.io wss://ws.hotjar.com https://experiments-test-us.occa.ocs.oraclecloud.com https://visit-test-us.occa.ocs.oraclecloud.com https://recs-test.occa.us-phoenix-1.ocs.oraclecloud.com https://amildentalvenda.custhelp.com https://amilsoaprdpub-oci.opc.oracleoutsourcing.com https://analytics.tiktok.com https://analytics.twitter.com https://assets.pinterest.com https://c.oracleinfinity.io https://cdn.cookielaw.org https://cdnjs.cloudflare.com https://connect.facebook.net https://dc.oracleinfinity.io https://event.getblue.io https://experiments-prod-us.occa.ocs.oraclecloud.com https://googleads.g.doubleclick.net https://log.pinterest.com https://recs.occa.us-phoenix-1.ocs.oraclecloud.com https://script.hotjar.com https://service.maxymiser.net https://static.ads-twitter.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://visit-prod-us.occa.ocs.oraclecloud.com https://widget.getblue.io https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.paypal.com https://www.rnengage.com https://www.facebook.com https://geolocation.onetrust.com https://www.youtube.com https://privacyportal-br.onetrust.com https://ds-aksb-a.akamaihd.net https://vc.hotjar.io https://amildentalvenda--tst1.widget.custhelp.com https://amildentalvenda.widget.custhelp.com https://social-prod-us.occa.ocs.oraclecloud.com https://www.paypalobjects.com https://fonts.googleapis.com https://px.ads.linkedin.com https://info.amildentalvenda.com.br https://analytics.google.com https://www.googleadservices.com https://api.ipify.org https://www.google.com.br https://www.linkedin.com https://www.pagador.com.br https://fonts.gstatic.com data: blob: 1
default-src 'self' ariamarz.com *.ariamarz.com 'unsafe-inline' 'unsafe-eval' data: https://region1.google-analytics.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://region1.analytics.google.com https://www.googleoptimize.com/ https://optimize.google.com/ https://unpkg.com https://cdn.ampproject.org https://cdn.jsdelivr.net https://www.googletagmanager.com https://cdn.yektanet.com https://fonts.gstatic.com https://file.myfontastic.com https://www.google-analytics.com https://audience.yektanet.com https://ua.yektanet.com https://jung.yektanet.com https://freud.yektanet.com https://stats.g.doubleclick.net https://map.ir https://www.aparat.com https://nfetch.yektanet.com/api/v2/load https://native-removal.triboon.net https://fonts.googleapis.com https://analytics.google.com https://rum.corewebvitals.io https://coredash.app https://td.doubleclick.net https://maxcdn.bootstrapcdn.com/;img-src * data: blob:; 1
upgrade-insecure-requests; default-src 'self' data: https://cdn.assinebem.com.br https://www.google-analytics.com; font-src 'self' data: https://cdn.assinebem.com.br https://fonts.gstatic.com; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' https://gadasource.storage.googleapis.com; frame-src 'self' https://player.vimeo.com https://www.google.com; media-src 'self' data: https://player.vimeo.com; img-src 'self' blob: data: https://cdn.assinebem.com.br https://www.google-analytics.com https://ivccf.ivcbrasil.org.br https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.com.br https://*.google-analytics.com https://analytics.google.com; connect-src 'self' https://*.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.atrapalo.pe; report-uri /csp/report; 1
frame-ancestors 'self' https://*.compilator.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.babathe.com https://*.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.facebook.com https://*.cloudflare.com https://*.daumcdn.net https://*.kakao.com https://*.channel.io https://*.sentry-cdn.com https://*.groobee.io https://*.omnicommerce.ai https://opm.kr.omnicommerce.ai https://*.cre.ma https://*.naver.net https://*.naver.com https://*.criteo.com https://*.facebook.net https://*.rainbownine.net https://*.beusable.net https://*.pinterest.com https://*.acrosspf.com https://aem-kakao-collector.onkakao.net https://stats.g.doubleclick.net https://*.mediacategory.com https://*.doubleclick.net https://*.googlesyndication.com https://*.socdm.com https://*.dable.io https://*.adingo.jp https://*.stickyadstv.com https://*.rlcdn.com https://*.mediavine.com https://s.ad.smaato.net https://*.clmbtech.com https://*.tpmn.co.kr https://*.yahoo.net https://googleads.g.doubleclick.net https://*.megadata.co.kr https://*.kakaocdn.net https://*.google-analytics.com https://*.hotjar.com https://*.kcp.co.kr https://channel.babathe.com:8090 https://bc.ad.daum.net https://unpkg.com https://*.vimeo.com https://*.googleadservices.com https://*.cnspay.co.kr https://nsp.pay.naver.com https://*.payco.com https://*.toss.im https://*.google.co.kr https://*.jsdelivr.net https://*.eigene.io blob:; style-src 'self' 'unsafe-inline' https://*.babathe.com https://*.jquery.com https://*.googleapis.com https://*.jquery.com https://*.groobee.io https://*.cre.ma https://channel.babathe.com:8090 https://unpkg.com https://*.kcp.co.kr https://fonts.cdnfonts.com  https://*.google.co.kr; img-src * data:; media-src * blob: https://*.babathe.com https://*.castislive-cache1.com:18080; connect-src 'self' https://*.babathe.com https://*.naver.com https://*.google.com https://*.groobee.io https://opm.kr.omnicommerce.ai https://*.criteo.com https://*.channel.io wss://1.front-ws.channel.io wss://*.channel.io https://*.acrosspf.com https://aem-kakao-collector.onkakao.net https://*.megadata.co.kr https://*.mediacategory.com https://*.google-analytics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://channel.babathe.com:8090 https://*.cre.ma https://*.kcp.co.kr https://union.uni1id.com https://bc.ad.daum.net https://*.payco.com https://*.naver.com https://*.kakao.com https://*.cnspay.co.kr https://*.toss.im https://*.google.co.kr https://*.facebook.com https://*.hotjar.io wss://*.hotjar.com https://*.castislive-cache1.com:18080; frame-ancestors 'self' https://*.babathe.com https://*.shoppinglive.naver.com; object-src 'self'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://static.ads-twitter.com https://googleads.g.doubleclick.net https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://www.clarity.ms https://www.google.com/recaptcha/ https://www.gstatic.com https://maps.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://adservice.google.com https://www.linkedin.com/px/ https://www.facebook.com/tr/ https://www.google.com.na/ads/ https://analytics.twitter.com https://t.co https://www.google.com/ads/ https://www.google.com.na/pagead/ https://www.google.com/pagead/ https://px.ads.linkedin.com https://c.clarity.ms/ https://c.bing.com/ https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com data:;font-src 'self' data: https://appsforoffice.microsoft.com https://fonts.googleapis.com https://fonts.gstatic.com;connect-src 'self' https://s.clarity.ms http://api.ipstack.com/ https://stats.g.doubleclick.net https://analytics.google.com/g/ https://www.google-analytics.com https://r.clarity.ms/ https://maps.googleapis.com https://adservice.google.com;frame-src 'self' https://www.google.com/recaptcha/;object-src 'self' https://www.bankwindhoek.com.na;media-src 'self';child-src 'self' blob: https://www.bankwindhoek.com.na;form-action 'self'; 1
default-src 'self' https: *.cloudfront.net; font-src 'self' https: data: fonts.gstatic.com; frame-src 'self' https: data: conversations.app-us1.com *.nr-data.net; object-src 'none'; script-src 'self' https: blob: ga.jspm.io diffuser-cdn.app-us1.com assets.calendly.com banqer38896.activehosted.com js-agent.newrelic.com *.nr-data.net prism.app-us1.com 'nonce-VKMzQE/DMznDx56gLgvR3g=='; style-src 'self' https: 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com; img-src 'self' https: data: 1
default-src *; connect-src *; font-src *; img-src * data:; media-src *; object-src *; script-src 'self' 'unsafe-inline' cdn.ampproject.org use.fontawesome.com *.gstatic.com *.doubleclick.net *.google.com *.googletagmanager.com *.clickfend.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdn.ampproject.org use.fontawesome.com *.gstatic.com *.doubleclick.net *.google.com *.googletagmanager.com; frame-ancestors 'self' *.enamad.ir; 1
default-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://*.googleapis.com 'unsafe-inline'; img-src 'self' https://*.gstatic.com https://*.google.com https://*.googleapis.com https://trustseal.enamad.ir https://logo.samandehi.ir https://*.google-analytics.com data:; script-src-elem 'self' https://*.getclicky.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline'; frame-src 'self' https://www.aparat.com https://www.adsensecustomsearchads.com https://*.google.com; frame-ancestors 'self' https://www.aparat.com; 1
frame-ancestors 'self' *.brico-phone.com 1
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.online-metrix.net *.uplift.com  *.quantummetric.com api.securedvisit.com  track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com  *.nagich.com cloudfront.net  bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au  *.salecycle.com abgnz.wufoo.com; 1
default-src 'self'; script-src 'report-sample' 'self' https://connect.facebook.net/signals/config https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://browser-update.org/update.min.js https://connect.facebook.net/en_US/fbevents.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.caixaconsorcio.com.br/performance/performance.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/linkid.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js; style-src 'report-sample' 'self' 'unsafe-inline' https://static.caixaconsorcio.com.br/performance/disclaimer.css; object-src 'none'; base-uri 'self'; connect-src 'self' https://cdn.linkedin.oribi.io https://api.caixaseguradora.com.br https://performance.caixaconsorcio.com.br https://static.caixaconsorcio.com.br https://stats.g.doubleclick.net https://www.google-analytics.com https://youse.demdex.net; font-src 'self'; frame-src 'self' https://www.googletagmanager.com/ https://youse.demdex.net/; img-src 'self' data: https://px.ads.linkedin.com https://px4.ads.linkedin.com/collect https://www.facebook.com https://www.google-analytics.com https://www.google.com.br https://www.google.com; manifest-src 'self'; media-src 'self'; form-action 'none'; report-to endpoint; worker-src 'none'; 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' embed.typeform.com widget.trustpilot.com https://*.giftup.app https://tagmanager.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleoptimize.com https://*.popupsmart.com https://sibautomation.com https://*.segment.com https://*.axept.io https://*.facebook.net https://cdneu.net https://*.intercom.io https://*.intercomcdn.com https://*.autopilotapp.com https://*.brevo.com https://*.google.com https://*.google.fr https://mailtrack.campus.coach; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://form.typeform.com https://widget.trustpilot.com https://*.giftup.app https://sibautomation.com https://*.autopilotapp.com https://*.brevo.com https://*.google.com https://*.google.fr https://podcasts.audiomeans.fr; img-src 'self' https://www.datocms-assets.com https://i.ytimg.com https://i.vimeocdn.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.facebook.com https://axeptio.imgix.net https://*.autopilotapp.com https://*.brevo.com https://*.google.com https://*.google.fr data:; style-src 'self' 'unsafe-inline' https://embed.typeform.com https://font.googleapis.com; font-src 'self'; connect-src 'self' https://graphql-listen.datocms.com https://*.giftup.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.segment.com https://*.segment.io https://*.sendinblue.com https://*.axept.io https://*.intercom.io https://*.autopilotapp.com https://*.brevo.com https://*.google.com https://*.google.fr https://mailtrack.campus.coach https://stats.g.doubleclick.net ws: wss: 1
default-src 'none'; img-src 'self' carauktion.marketing.campaignpro.io cdn.carauktion.ch www.google.by www.google.com www.google.com.ua www.google.ch https://plausible.io/js/script.js cau-vid.carit.ch stats.g.doubleclick.net cdn.cookielaw.org blob: data:; object-src 'self'; connect-src 'self' o408348.ingest.sentry.io ca3-af1-mvp.carit.ch auth.carauktion.ch https://plausible.io/js/script.js https://plausible.io/api/event fonts.googleapis.com stats.g.doubleclick.net cdn.cookielaw.org geolocation.onetrust.com ws: wss:; font-src 'self' fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-ancestors 'self' www.google.com docs.carit.ch; frame-src 'self' www.google.com docs.carit.ch; media-src 'self' cau-vid.carit.ch; script-src 'self' carauktion.marketing.campaignpro.io/focus/1.js carauktion.marketing.campaignpro.io/focus/2.js carauktion.marketing.campaignpro.io/focus/3.js carauktion.marketing.campaignpro.io/focus/4.js browser.sentry-cdn.com o408348.ingest.sentry.io https://plausible.io/js/script.js www.google.com www.googletagmanager.com www.gstatic.com browser.sentry-cdn.com stats.g.doubleclick.net/ cdn.cookielaw.org https://europe-west6-ca3-logging.cloudfunctions.net/logPerformance 'nonce-YzYwMDg2YTItM2EyNS00NGQ1LWI1NjEtZTYwNGEwNjRjYTMz' 1
font-src fonts.gstatic.com use.typekit.net data: *.fontawesome.com *.survicate.com/ *.accessibly.app/ *.oct8ne.com/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.despegar.com/ 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com cdn.dnky.co amc.demdex.net www.google.com www.facebook.com youtube.com *.despegar.com/ *.mercadolibre.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net cm.everesttech.net maps.gstatic.com maps.googleapis.com accounts.google.com www.facebook.com *.despegar.com/ *.mlstatic.com *.mercadopago.com *.mercadolibre.com *.mercadolivre.com.br *.mercadolibre.com.mx *.mercadolibre.com.ar *.mercadolivre.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.mookie1.com/ *.adnxs.com/ *.google.com/ *.bing.com/ *.doubleclick.net/ *.google.com.ar/ *.carocuore.com.ar/ *.carocuore.com/ *.groovinads.com/ *.accessibly.app/ *.qrserver.com/ *.oct8ne.com/ *.e-planning.net/ data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com connect.facebook.net player.vimeo.com *.despegar.com/ *.mlstatic.com *.mercadopago.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://maps.googleapis.com *.hotjar.com/ *.adnxs.com/ *.tiktok.com/ *.getblue.io/ *.inspectlet.com/ *.bing.com/ *.clarity.ms/ *.naiz.fit/ *.survicate.com/ *.crazyegg.com/ *.embluemail.com/ *.icommarketing.com/ *.accessibly.app/ *.pinimg.com/ *.pinterest.com/ *.cloudfront.net/ *.oct8ne.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com cdn.dnky.co *.fontawesome.com unsafe-inline assets.braintreegateway.com *.survicate.com/ 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com maps.googleapis.com api.comapi.com bam.nr-data.net *.despegar.com/ *.mercadopago.com *.mercadolibre.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.tiktok.com/ *.clarity.ms/ *.naiz.fit/ *.run.app/ *.bing.com/ *.doubleclick.net *.accessiblyapp.com/ *.pinterest.com/ https://track-icommkt.com/ https://notifications-icommkt.com/ *.accessibly.app *.inspectlet.com/ *.oct8ne.com/ wss://ws.hotjar.com/ *.hotjar.io/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src; base-uri 'none'; connect-src 'self' https://chilebt.com:8443/socket.io/ wss://chilebt.com:8443/socket.io/; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https:; img-src 'self' https:; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/api2/ https://www.gstatic.com/recaptcha/api2/v1550471573786/recaptcha__en.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.11.1/moment-with-locales.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.3.0/Chart.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/js/bootstrap-datetimepicker.min.js 'nonce-ef64a1eaaa10d37dca7368fc562999b1'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.15.35/css/bootstrap-datetimepicker.min.css; block-all-mixed-content; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors: self 1
default-src https: wss: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: www.chorki.com https://appcmsprod.viewlift.com/;font-src https: data: 'self' code.ionicframework.com;img-src https: data: blob: ;media-src https: blob: ;worker-src https: blob:; 1
frame-src 'self' https://www.google.com https://*.tecsinapse.com.br; frame-ancestors 'self' https://*.cimbb.com.br 1
frame-ancestors 'self' https://www.cned360.fr  https://www.cned360.fr/uPortal/ https://cned360.fr  https://cned360.fr/uPortal/ https://*.iadvize.com  https://cned.matomo.cloud  wss://*.iadvize.com; 1
connect-src 'self' https://www.googleapis.com/customsearch/v1 https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.nz https://maps.googleapis.com ;  frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://www.recaptcha.net/recaptcha/ https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://scv.bankstatements.com.au/ ;  default-src 'self' ;  img-src 'self' data: https://*.tmcdn.co.nz https://*.google.co.nz https://*.google.com https://www.facebook.com https://www.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://*.googletagmanager.com https://maps.googleapis.com https://*.fls.doubleclick.net https://ade.googlesyndication.com ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tagmanager.google.com https://*.googletagmanager.com https://www.googleanalytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://adservice.google.com https://googleadservices.com https://az416426.vo.msecnd.net https://maps.googleapis.com https://googleads.g.doubleclick.net https://www.google.com ;  style-src 'self' 'unsafe-inline' https://www.co-operativebank.co.nz https://my.co-operativebank.co.nz https://apply.co-operativebank.co.nz https://tagmanager.google.com https://fonts.googleapis.com ;  media-src blob: ;  font-src 'self' data: https://fonts.gstatic.com 1
font-src *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com https://github.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.twitter.com *.facebook.com *.fintecture.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com https://consentcdn.cookiebot.com/ *.trustpilot.com *.criteo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' blob: data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.gstatic.com *.google.com *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com http://comptoirdespros.groupe-mb.net https://cdn1.comptoirdespros.com *.google.fr https://criteo-sync.teads.tv/ https://match.sharethrough.com/ https://ads.stickyadstv.com/ https://s.ad.smaato.net/ *.omnitagjs.com https://criteo-partners.tremorhub.com/ https://i.liadm.com/ https://sync-criteo.ads.yieldmo.com/ https://secure.adnxs.com/ https://jadserve.postrelease.com/ *.criteo.com *.trustpilot.com https://amcglobal.sc.omtrdc.net/ * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com 'self' data: data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com *.googletagmanager.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com *.trustpilot.com *.cookiebot.com https://static.criteo.net/ https://s.kk-resources.com/ https://googleads.g.doubleclick.net *.criteo.com *.criteo.net *.productsup.io https://notifpush.com/ https://tag.imagino.com/ *.nr-ext.net *.nr-assets.net https://analytics.tiktok.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com *.bootstrapcdn.com *.trustpilot.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.facebook.com https://googleads.g.doubleclick.net *.google-analytics.com *.trustpilot.com https://s.kelkoogroup.net https://consentcdn.cookiebot.com/ https://notifpush.com/ https://tag.imagino.com/ https://analytics.tiktok.com t.elasticsuite.io *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.conexaoclarobrasil.com.br https://www.netcombo.com.br https://www.net.com.br; 1
frame-ancestors self *.contorion.net *.storyblok.com 1
default-src 'self'; connect-src 'self' https://www.youtube.com/ https://*.googleapis.com/ https://www.facebook.com/ https://www.googletagmanager.com/ https://analytics.google.com/ https://googleads.g.doubleclick.net/ https://*.g.doubleclick.net/ https://viacep.com.br/ http://tracker.tolvnow.com https://noembed.com/embed https://cdn.privacytools.com.br https://static.hotjar.com/c/ https://www.google-analytics.com/ https://*.hotjar.com/ https://*.hotjar.io/ wss://*.hotjar.com/ https://us-central1-perto-digital.cloudfunctions.net/ https://pertolibras.pertodigital.com.br:3005/translate; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com/ https://noembed.com/embed https://www.youtube.com/ https://*.facebook.net/ https://googleads.g.doubleclick.net/ https://www.googletagmanager.com/ https://static.hotjar.com/c/ https://analytics.google.com/ http://tracker.tolvnow.com https://cdn.privacytools.com.br https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ http://event.getblue.io/ https://event.getblue.io/ https://widget.getblue.io/ https://static.hotjar.com https://script.hotjar.com https://www.googleadservices.com/pagead/ https://perto-digital.nyc3.digitaloceanspaces.com/ https://perto-digital.nyc3.cdn.digitaloceanspaces.com/ https://d3rf60mhi96lym.cloudfront.net/; style-src 'self' 'unsafe-inline' https://*.googleapis.com/ http://tracker.tolvnow.com https://www.tolvnow.com/chatwidget/css/ https://cdn.privacytools.com.br https://static.hotjar.com/ https://script.hotjar.com/; media-src 'self' https://cdn.vistahost.com.br https://azuqbrcreditorealstorage.blob.core.windows.net https://storage.googleapis.com https://www.youtube.com/ https://creditoreal.file.force.com/servlet/servlet.ImageServer* https://creditoreal.my.salesforce.com/*; frame-src 'self' https://www.youtube.com/ https://pricing-app.nivu.com.br/ https://www.banibconecta.com/ https://www.tolvnow.com/ https://i.ytimg.com/vi/ https://admin.refera.com.br/ https://www.google.com/ http://event.getblue.io/ https://td.doubleclick.net/; img-src 'self' https://azuqbrcreditorealstorage.blob.core.windows.net https://azupbrcreditorealstorage.blob.core.windows.net https://storage.googleapis.com https://cdn.vistahost.com.br https://*.googleapis.com/ https://googleads.g.doubleclick.net/ https://*.gstatic.com/ data: https://tracker.tolvnow.com/img https://www.tolvnow.com/ https://creditoreal.file.force.com/servlet/servlet.ImageServer* https://creditoreal.my.salesforce.com/* https://www.creditoreal.com.br/ https://i.ytimg.com/vi/ https://cdn.privacytools.com.br https://www.facebook.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://survey-images.hotjar.com/ https://www.google.com/pagead/ https://www.google.com.br/pagead/ https://www.google.com/ads/ https://www.google.com.br/ads/ https://creditoreal.com.br/ http://historico.creditoreal.com.br/ https://creditoreal.my.salesforce.com/ https://creditoreal.file.force.com/; font-src 'self' https://*.gstatic.com/ https://fonts.googleapis.com/ https://www.tolvnow.com/ https://script.hotjar.com/; worker-src 'self' blob:; 1
block-all-mixed-content; frame-ancestors *.crisecia.com.br 1
default-src 'self' facebook.com *.facebook.com youtube.com www.youtube.com; script-src 'self' 'unsafe-inline' consent.cookiefirst.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com *.newrelic.com *.doubleclick.net connect.facebook.net consent.cookiefirst.com *.cookiefirst.com; style-src 'self' 'unsafe-inline' cookiefirst.com *.cookiefirst.com fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' *; connect-src 'self' consent.cookiefirst.com cookiefirst.com *.cookiefirst.com cloudfront.net www.google-analytics.com www.googletagmanager.com rdstation.com.br *.rdstation.com.br doubleclick.net *.doubleclick.net google.com *.google.com *.nr-data.net; 1
img-src 'self' data: https://img.overtake.co.za https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.za https://digitalstorage.s3.af-south-1.amazonaws.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https:; script-src data: 'unsafe-inline' 'unsafe-eval' https: blob:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src data: https: blob:; object-src https:; child-src https: data: blob:;frame-ancestors 'self' https://*.deportes13.cl https://*.13.cl https://*.t13.cl 1
frame-ancestors 'self' diaka.ua w.diaka.ua l.diaka.ua 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';  font-src 'self' fonts.gstatic.com data:; 1
frame-ancestors 'self' *.dmi.es:* 1
default-src 'self'; script-src 'self' 'report-sample' 'unsafe-eval' 'strict-dynamic' 'sha256-km7Z7Q/deuGnP1CMlC9+RCOTa0uat5E0irIAoiuErFk=' https://www.aparat.com/embed/W4lIv https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://optimize.google.com/ https://www.googleadservices.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/api.js 'nonce-b874b8b4b63cf27ca3c4244934e6e17b9687e0e6'; style-src 'self' 'report-sample' 'unsafe-inline' https://fonts.googleapis.com/css https://optimize.google.com/; object-src 'none'; base-uri 'self' about:; connect-src 'self' https://www.google-analytics.com/ https://region1.analytics.google.com/ https://mc.webvisor.org/ https://mc.yandex.ru/ https://heapanalytics.com/ https://analytics.google.com/ https://adservice.google.com/ https://stats.g.doubleclick.net/ https://audience.yektanet.com/api/v1/scripts/preview/validate/ https://ua.yektanet.com/__fake.gif https://ma-cdn.pegah.tech/v1/retargeting/46320/advertiser.json https://sentry.pegah.tech/api/229/store/ https://api.mediaad.org/ https://mc.yandex.md/; font-src 'self' data: https://fonts.gstatic.com/ https://www.google-analytics.com/ https://s3.ir-thr-at1.arvanstorage.com/fontsfsf/; frame-src 'self' https://www.aparat.com/video/video/embed/videohash/ https://chat.dongi.ir/ https://www.google.com/recaptcha/ https://optimize.google.com/ https://www.googletagmanager.com/ https://tpc.googlesyndication.com/ https://app.didar.me/customer/form/48bd7934-f7be-4ecc-a171-0e8218ed0726 https://ua.yektanet.com/cookie/iframe/ https://mc.yandex.ru/ https://td.doubleclick.net/ https://mediacdn.mediaad.org/; img-src 'self' data: blob: https://cdn.dongi.ir/ https://mc.webvisor.org/ https://mc.yandex.ru/ https://heapanalytics.com/ https://ssl.google-analytics.com/ https://www.google-analytics.com/ https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://trustseal.enamad.ir/ https://cf.ifb.ir/report/ https://analytics.google.com/ https://optimize.google.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com https://stats.g.doubleclick.net/ https://www.google.com/; manifest-src 'self'; media-src 'self' blob: https://cdn.dongi.ir/; worker-src 'self'; frame-ancestors 'self' https://trustseal.enamad.ir/; report-uri /base/security/csp 1
frame-ancestors 'self' www.eands.com.au 1
default-src 'self'; img-src 'self' https://edenred.cl data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.g.doubleclick.net https://analytics.google.com http://ajax.googleapis.com https://connect.facebook.net https://www.googletagmanager.com https://assets.loginwithamazon.com https://api-cdn.amazon.com https://storage.googleapis.com https://storage.googleapis.com https://assets.loginwithamazon.com https://api-cdn.amazon.com https://edenred.omnitok.com https://na.account.amazon.com https://api.amazon.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://edenred.omnitok.com https://na.account.amazon.com https://api.amazon.com; connect-src 'self' https://stats.g.doubleclick.net https://analytics.google.com https://edenred.omnitok.com https://na.account.amazon.com https://api.amazon.com https://test.salesforce.com https://webto.salesforce.com; 1
default-src 'self' blob:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com; font-src 'self'; img-src 'self' data: blob: https://trustseal.enamad.ir https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com; media-src 'self'; object-src 'self' blob:; report-uri /api/cspreport/log 1
default-src * data: blob: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: wss: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; report-uri https://912c98659423667ae9a3372f78cdda6d.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.gstatic.com https://*.googletagmanager.com https://*.cookiebot.com; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.criteo.com https://*.gstatic.com https://t-log.sgmarkets.com https://*.googletagmanager.com https://*.cookiebot.com https://*.googleapis.com https://*.tiny.cloud; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.tiny.cloud; img-src 'self' https: data:; font-src 'self' https://*.gstatic.com; connect-src 'self' https://*.cookiebot.com https://*.googleapis.com; frame-src 'self' https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.cookiebot.com https://gum.criteo.com 1
frame-ancestors 'self' https://*.fitnesstime.com.sa; 1
form-action https:; 1
default-src 'self' *.game7athletics.com *.zipmoney.com.au *.gstatic.com *.bazaarvoice.com *.vimeo.com vod-progressive.akamaized.net *.hotjar.com *.hotjar.io *.trurating.com *.crazyegg.com *.facebook.com *.paypalobjects.com *.paypal.com *.adyen.com; img-src 'self' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https:; style-src 'self' 'unsafe-inline' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https:; frame-src 'self' https:; connect-src 'self' *.nosto.com *.nos.to *.paypalobjects.com *.paypal.com *.adyen.com https: wss:; font-src 'self' data: https:; frame-ancestors 'self' https://*.game7athletics.com.au; 1
default-src https: wss:; script-src https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; style-src https: 'unsafe-inline'; img-src * data: 1
default-src  'self' ; img-src      'self' 'unsafe-inline' 'unsafe-eval' data: *.tawk.to *.wisepops.com *.amazonaws.com *.google.com *.google.co.in *.google-analytics.com *.taboola.com *.clmbtech.com *.facebook.com *.cloudfront.net;  worker-src 'self' blob:;  script-src   'self' 'unsafe-inline' 'unsafe-eval' *.cloudfront.net *.cloudflare.com *.razorpay.com *.google.com *.gstatic.com *.googletagmanager.com *.tawk.to *.googleapis.com*.hotjar.com *.clmbtech.com *.facebook.net *.taboola.com *.jsdelivr.net *.google-analytics.com;  script-src-elem    'self' 'unsafe-inline' *.razorpay.com *.digio.in *.egov-nsdl.com *.verasys.in *.cdslindia.com *.cloudfront.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.crwdcntrl.net *.clmbtech.com *.licdn.com  *.facebook.net *.taboola.com *.jsdelivr.net *.hotjar.com *.tawk.to *.google.com *.gstatic.com *.wisepops.com wisepops.net *.cloudflare.com;  style-src    'self' 'unsafe-inline' *.razorpay.com *.tawk.to *.googleapis.com *.google.com *.gstatic.com *.cloudfront.net;  font-src     'self' data: *.gstatic.com *.tawk.to *.hotjar.com *.googleapis.com;  frame-src    'self' data: *.cloudfront.net *.tawk.to *.youtube.com *.hotjar.com *.google.com *.digio.in *.egov-nsdl.com *.verasys.in *.cdslindia.com *.razorpay.com;  frame-ancestors 'self' https://goldenpiplus.com https://www.goldenpiplus.com;  connect-src    'self' blob: wss: *.goldenpi.com *.cloudfront.net *.google.com *.googleapis.com *.wisepops.com wisepops.net *.google-analytics.com *.tawk.to *.taboola.com *.clmbtech.com *.crwdcntrl.net *.doubleclick.net *.facebook.com *.hotjar.io *.hotjar.com *.amazonaws.com;  media-src     'self' *.tawk.to *.amazonaws.com;  object-src   'self' ; 1
default-src 'self'; img-src * data:; media-src media1.com media2.com; script-src 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://static.pay.expedia.com https://www.grnconnect.com https://ajax.googleapis.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://cdn.jsdelivr.net;style-src 'unsafe-inline'  https://www.grnconnect.com https://fonts.googleapis.com https://www.gstatic.com;font-src https://www.grnconnect.com https://fonts.gstatic.com; frame-src https://www.tripadvisor.com https://www.grnconnect.com https://static.pay.expedia.com;connect-src https://www.google-analytics.com https://www.grnconnect.com  https://maps.googleapis.com; 1
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au https://punchoutcommerce.com 1
default-src 'self';  style-src 'self' *.cirkwi.com/ *.openstreetmap.org/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.adobeaemcloud.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.tagcommander.com/ *.adobeaemcloud.com/ *.salesforce-sites.com/ *.salesforceliveagent.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.gstatic.mopinion.com/ *.danone-dtc.net/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.lpsnmedia.net/ *.gstatic.com/ *.commander1.com/ *.bootstrapcdn.com/ *.tagcommander.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.pinimg.com/ *.google.com/ https://googletagmanager.com/ https://tagmanager.google.com/ https://fonts.googleapis.com/ 'unsafe-inline';  script-src 'self' *.cirkwi.com/ *.openstreetmap.org/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ https://js-agent.newrelic.com/ *.adobeaemcloud.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.adobeaemcloud.com/ *.salesforce-sites.com/ *.youtube.com/ https://www.youtube.com/iframe_api https://unpkg.com/@google/markerclustererplus@4.0.1/dist/markerclustererplus.min.js *.gbqofs.com/ *.googleapis.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.squarelovin.com/ *.paypal.com *.nxtck.com/ *.adyen.com/ *.gstatic.mopinion.com/ *.chargebee.com/ https://static.criteo.net/js/ld/ld.js *.criteo.com/ *.ytimg.com/ https://live2support.com/ https://*.google.com/ *.mopinion.com/ *.googletagmanager.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://s.pinimg.com/ *.trustcommander.net/ *.tagcommander.com/ *.twitter.com/ *.pinterest.com/ *.instagram.com/ https://services.postcodeanywhere.co.uk/ *.commandersact.com/ *.facebook.net/ *.google.ie/ *.lpsnmedia.net/ *.pinimg.com/ *.danone-dtc.net/ *.outbrain.com/ *.google.com/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.theadex.com *.commander1.com/ *.liveperson.net/ *.doubleclick.net/ *.gstatic.com/ *.aptaclub.de/ *.milupa.de/ *.digital4danone.com/ *.addthisedge.com/ *.ads-twitter.com/ *.adnxs.com/ *.adventori.com/ https://adventori.com/ https://dsp.adfarm1.adition.com/ https://squarelovin.com/ https://googletagmanager.com/ https://tagmanager.google.com/ *.googletagmanager.com/ https://www.googleadservices.com/ blob: 'unsafe-inline' 'unsafe-eval';  img-src 'self' data: *.cirkwi.com/ *.openstreetmap.org/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.adobeaemcloud.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.salesforce-sites.com/ *.digital4danone.com/ *.serving-sys.com/ *.leboncoin.fr/ *.salesforceliveagent.com/ *.hotjar.com/ *.assetsadobe.com/ *.squarelovin.com/ https://squarelovin.com/ https://tools.applemediaservices.com/ https://apple-resources.s3.amazonaws.com/ *.adyen.com/ *.gstatic.mopinion.com/ *.gstatic.com/  *.ytimg.com/ *.live2support.com/ https://ca-live.adyen.com/ https://www.google.fr/ https://dpm.demdex.net/ https://assets.adobedtm.com/ https://services.postcodeanywhere.co.uk/ http://danonegroup-stage.neolane.net/ *.trustcommander.net/ https://ca-live.adyen.com/ *.cx.atdmt.com/ *.danone-dtc.net/ https://ct.pinterest.com/ *.outbrain.com/ *.danone.com/ *.atdmt.com/ *.pinterest.com/ *.commander1.com/ *.tagcommander.com/ *.lpsnmedia.net/ *.adnxs.com/ *.adition.com/ *.doubleclick.net/ *.google.ie/ *.google.co.in/ *.theadex.com/ *.google-analytics.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.mookie1.com/ *.pinimg.com/ *.pinterest.com/ *.facebook.com/ *.googletagmanager.com/ *.linkedin.com/ https://t.co/ *.adsrvr.org/ *.crm4d.com/ https://play.google.com/ *.adotmob.com/ https://googletagmanager.com/ https://ssl.gstatic.com/ https://www.gstatic.com/ *.google-analytics.com/ *.googletagmanager.com/ *.analytics.google.com/ *.g.doubleclick.net/ *.google.com/ https://ade.googlesyndication.com/ *.goldenbees.fr;  frame-src 'self' *.cirkwi.com/ *.openstreetmap.org/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.adobeaemcloud.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.squarelovin.com/ https://squarelovin.com/ https://player.simplecast.com/ *.simplecast.com/ *.paypal.com *.adyen.com/ *.gstatic.com/  *.gstatic.mopinion.com/ *.danone-dtc.net/ *.chargebee.com/ *.static.criteo.net/ *.criteo.com/ *.tohklom.com/  *.tagcommander.com/ https://aax-eu.amazon-adsystem.com/ *.amazon-adsystem.com/ *.liveperson.net/ *.vimeo.com/ *.live2support.com/ *.google.com/ *.lpsnmedia.net/ *.commander1.com/ *.proprofs.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.facebook.com/ *.doubleclick.net/ *.theadex.com/ *.sharethis.com/  *.addthis.com *.youtube.com *.adsrvr.org/ *.spotify.com/ *.cloudfront.net/ *.instagram.com/ *.soundcloud.com/ *.twitter.com/ *.pinterest.com/ *.trustcommander.net/ *.flockler.com/ *.tagcommander.net/;  connect-src 'self' blob: *.cirkwi.com/ *.openstreetmap.org/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ https://bam.eu01.nr-data.net/ *.adobeaemcloud.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.salesforce-sites.com/ *.google.com/ *.digital4danone.com/ *.gbqofs.io/ *.googleapis.com/ *.salesforce.com/ *.force.com/ *.salesforceliveagent.com/ *.gigya.com/ *.hotjar.com/ *.hotjar.io/ wss://*.hotjar.com *.squarelovin.com/ https://squarelovin.com/ *.paypal.com *.sentry.io/ *.adyen.com/ *.gstatic.com/    *.gstatic.mopinion.com/ *.live2support.com/ https://sentry.labdigital.nl *.addthis.com/ *.mopinion.com/ https://www.google.nl/ https://dpm.demdex.net/ https://assets.adobedtm.com/ *.danone-dtc.net/ *.ct.pinterest.com/ *.privacy.trustcommander.net/ https://services.postcodeanywhere.co.uk/  *.commercetools.com/ *.google-analytics.com *.facebook.com/ *.omtrdc.net/ *.pinterest.com/ *.trustcommander.net/ *.commander1.com/ *.sharethis.com/ *.doubleclick.net/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.g.doubleclick.net/ *.google.com/;  font-src 'self' data: *.cirkwi.com/ *.openstreetmap.org/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.force.com/ *.adobeaemcloud.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.adobeaemcloud.com/ *.salesforceliveagent.com/ *.hotjar.com/ *.squarelovin.com/ https://squarelovin.com/ *.adyen.com/ *.gstatic.mopinion.com/ https://gstatic.mopinion.com/ *.gstatic.com/ *.live2support.com/ *.danone-dtc.net/ https://vjs.zencdn.net/ https://fonts.gstatic.com/;  media-src 'self' *.cirkwi.com/ *.openstreetmap.org/ *.ausha.co/ https://unpkg.com/ *.modulesbox.com/ *.salesforce.com/ *.adobeaemcloud.com/ *.force.com/ *.salesforceliveagent.com/ *.trustcommander.net/ *.salesforceliveagent.com/ *.squarelovin.com/ https://squarelovin.com/ *.lpsnmedia.net/ 1
font-src *.fontawesome.com *.gstatic.com 'self' data: chrome-extension: https://*.hotjar.com https://*.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com api.bazaarvoice.com stg.api.bazaarvoice.com https://*.manutan-collectivites.fr 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com https://www.google.com/recaptcha/api2/anchor https://www.google.com/recaptcha/api2/bframe https://*.hotjar.com https://*.hotjar.io 'self' blob: payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com 'self' data: * https://*.facebook.com https://*.windows.net https://*.quanta.io https://*.bing.com https://*.linkedin.com https://*.twitter.com https://*.clarity.ms https://t.co data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.google.com *.gstatic.com https://www.googleoptimize.com/optimize.js https://*.cookielaw.org https://*.perfdrive.com https://*.go-mpulse.net https://*.newrelic.com https://*.hotjar.com https://*.hotjar.io https://*.bing.com https://*.licdn.com https://*.netdna-ssl.com https://*.facebook.net https://*.twitter.com https://*.ads-twitter.com https://*.quanta.io https://*.clarity.ms https://*.voicepublisher.net https://*.nr-data.net https://*.demoup.com https://*.facebook.com https://*.google-analytics.com https://*.akamaihd.net https://*.windows.net https://*.dexem.net https://*.polyfill.io https://*.slgnt.eu https://*.google.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com display.ugc.bazaarvoice.com *.fontawesome.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com t.elasticsuite.io *.google-analytics.com https://*.google-analytics.com https://cdn.cookielaw.org/ https://privacyportal-eu.onetrust.com/request/v1/consentreceipts https://*.perfdrive.com https://*.go-mpulse.net https://*.doubleclick.net https://*.nr-data.net https://*.clarity.ms https://*.facebook.com https://*.hotjar.com https://*.akstat.io https://*.voicepublisher.net https://*.akamaihd.net https://*.oribi.io https://*.polyfill.io https://*.hotjar.io https://*.slgnt.eu https://*.analytics.google.com wss://*.hotjar.com https://*.linkedin.com https://www.google.com https://*.googlesyndication.com https://*.google.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none' ; connect-src https://*.mesanalyses.fr ; manifest-src https://*.mesanalyses.fr ; media-src https://*.mesanalyses.fr ; script-src blob: https://*.mesanalyses.fr 'unsafe-inline' 'unsafe-eval'; font-src data: https://*.mesanalyses.fr ; img-src data: https://*.mesanalyses.fr ; style-src https://*.mesanalyses.fr 'unsafe-inline'; object-src 'none' ; worker-src blob: ; child-src blob: https://*.mesanalyses.fr ; frame-src blob: https://*.mesanalyses.fr ; form-action https://*.mesanalyses.fr ; frame-ancestors 'self' ; base-uri 'self' ; block-all-mixed-content ; 1
default-src 'self' *.mfcentral.com; script-src 'self'; style-src 'unsafe-inline' 'self' https://fonts.gogleapis.com https://www.gstatic.com ; font-src 'self' https://fonts.gogleapis.com; frame-src https://www.google.com; img-src data: 'self';object-src 'none' 1
base-uri 'self'; frame-ancestors *; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://pro.fontawesome.com *.eagenda.com.br *.minhaagendavirtual.com.br https://ka-f.fontawesome.com https://suporte.mupisystems.com.br; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.googleapis.com *.rdstation.com.br https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://ka-f.fontawesome.com https://api.mercadopago.com https://pagead2.googlesyndication.com/ *.mupisystems.com.br ws://suporte.mupisystems.com.br; script-src 'self' 'unsafe-inline' *.eagenda.com.br *.minhaagendavirtual.com.br https://dwnwuns92srjq.cloudfront.net https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://code.jquery.com https://cdnjs.cloudflare.com *.googletagmanager.com https://www.google-analytics.com https://use.fontawesome.com https://nyc3.digitaloceanspaces.com https://connect.facebook.net https://cdn.ckeditor.com https://platform.linkedin.com https://platform.twitter.com https://cdn.kiprotect.com https://maps.googleapis.com https://ajax.googleapis.com https://cdn.syndication.twimg.com https://google-analytics.com https://unpkg.com *.gstatic.com *.google.com  *.googleadservices.com https://googleads.g.doubleclick.net https://d335luupugsy2.cloudfront.net https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://kit.fontawesome.com https://sdk.mercadopago.com https://suporte.mupisystems.com.br; img-src 'self' data: *.minhaagendavirtual.com.br *.eagenda.com.br https://dwnwuns92srjq.cloudfront.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com https://nyc3.digitaloceanspaces.com https://cdn.awsli.com.br https://pbs.twimg.com https://abs.twimg.com https://www.google.com https://platform.twitter.com https://ton.twimg.com *.google.com *.google.com.br *.paypal.com https://googleads.g.doubleclick.net https://syndication.twitter.com https://suporte.mupisystems.com.br; style-src 'self' 'unsafe-inline' *.minhaagendavirtual.com.br *.eagenda.com.br https://maxcdn.bootstrapcdn.com https://dwnwuns92srjq.cloudfront.net https://stackpath.bootstrapcdn.com https://nyc3.digitaloceanspaces.com https://fonts.googleapis.com https://pro.fontawesome.com https://cdnjs.cloudflare.com https://platform.twitter.com https://cdn.jsdelivr.net/npm https://ton.twimg.com https://hcaptcha.com https://*.hcaptcha.com cdn.jsdelivr.net https://suporte.mupisystems.com.br; default-src 'none' 'nonce-nS2gsI2FXbFeCsqXCWeaaQ=='; form-action 'self' *.twitter.com https://accounts.google.com *.facebook.com/; frame-src *.google.com https://www.youtube.com/ https://platform.twitter.com *.twitter.com https://hcaptcha.com https://*.hcaptcha.com *.paypal.com https://td.doubleclick.net/; manifest-src *.eagenda.com.br *.minhaagendavirtual.com.br 1
frame-ancestors 'self' https://*.mobiauto.com.br https://*.mobigestor.com.br https://*.passecarros.com.br https://*.suaoficinaonline.com.br https://*.evergage.com 1
img-src https: data:; default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:; style-src https: 'unsafe-inline'; font-src https: data: 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; worker-src * blob:; font-src * data:; 1
font-src 'self' data:; img-src 'self' data:; default-src 'unsafe-inline' script-src 'unsafe-eval' https://employwise2.s3.ap-south-1.amazonaws.com https://*.myemploywise.com  https://new.myemploywise.com https://myemploywise.com https://www.smiles.in https://www.chipsoft.in http://www.myemploywise.com https://ssl.google-analytics.com https://beacon.errorception.com https://d36mpcpuzc4ztk.cloudfront.net https://www.google.com https://ps3.pubnub.com https://chat.freshdesk.com https://ps1.pubnub.com https://ps16.pubnub.com https://pubnub.com https://ps19.pubnub.com https://ps5.pubnub.com https://ps12.pubnub.com https://ps18.pubnub.com https://ps17.pubnub.com https://ps2.pubnub.com https://ajax.googleapis.com https://ps13.pubnub.com https://ps8.pubnub.com https://col.site24x7rum.com https://static.site24x7rum.com https://js.braintreegateway.com/v1/braintree.js http://www.adobe.com https://www.myemploywise.com:3000 https://maxcdn.bootstrapcdn.com/font-awesome/2.0/font/ http://code.angularjs.org/1.2.1/angular-animate.js https://cdn.tiny.cloud https://sp.tinymce.com https://www.gstatic.com https://balkangraph.com/export https://ind-balkangraph.azurewebsites.net/api/OrgChartJS https://au-e-balkangraph.azurewebsites.net/api/OrgChartJS https://au-se-balkangraph.azurewebsites.net/api/OrgChartJS https://brs-balkangraph.azurewebsites.net/api/OrgChartJS https://ca-balkangraph.azurewebsites.net/api/OrgChartJS https://ca-e-balkangraph.azurewebsites.net/api/OrgChartJS https://easia-balkangraph.azurewebsites.net/api/OrgChartJS https://eus-2-balkangraph.azurewebsites.net/api/OrgChartJS https://eus-balkangraph.azurewebsites.net/api/OrgChartJS https://wus-balkangraph.azurewebsites.net/api/OrgChartJS https://w-us-2-balkangraph.azurewebsites.net/api/OrgChartJS https://w-ind-balkangraph.azurewebsites.net/api/OrgChartJS https://w-eu-balkangraph.azurewebsites.net/api/OrgChartJS https://w-c-us-balkangraph.azurewebsites.net/api/OrgChartJS https://us-s-c-balkangraph.azurewebsites.net/api/OrgChartJS https://us-n-c-balkangraph.azurewebsites.net/api/OrgChartJS https://us-balkangraph.azurewebsites.net/api/OrgChartJS https://uk-w-balkangraph.azurewebsites.net/api/OrgChartJS https://uk-s-balkangraph.azurewebsites.net/api/OrgChartJS https://s-ind-balkangraph.azurewebsites.net/api/OrgChartJS https://se-asia-balkangraph.azurewebsites.net/api/OrgChartJS https://n-eu-balkangraph.azurewebsites.net/api/OrgChartJS https://kr-balkangraph.azurewebsites.net/api/OrgChartJS https://jp-w-balkangraph.azurewebsites.net/api/OrgChartJS https://jp-e-balkangraph.azurewebsites.net/api/OrgChartJS https://fr-balkangraph.azurewebsites.net/api/OrgChartJS https://balkangraph.com/export/v3 https://unpkg.com/ https://internal.employwise.app/ https://ifsc.razorpay.com/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.tr https://www.myheritage.com.tr  'nonce-46d3be1695e0090faa3598e51cc9a472' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.tr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.ua https://www.myheritage.com.ua  'nonce-0e07308deb4b479ffebcb8bf27bd3787' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.ua;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.leadsclinic.com *.salus.group *.financeservice.io cdnjs.cloudflare.com *.us-east-1.amazonaws.com *.eu-central-1.amazonaws.com *.facebook.net *.hotjar.com *.googletagmanager.com *.google.com *.tiktok.com *.outbrain.com *.taboola.com sc-static.net *.snapchat.com; child-src 'self' *.snapchat.com forms.financeservice.io; style-src 'self' 'unsafe-inline'; img-src *; connect-src *; frame-ancestors 'self' https://myloan.co.za 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://*.criteo.com https://static.criteo.net https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.ae https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.ae; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.ae https://m.myprotein.ae https://checkout.myprotein.ae https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.ae; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
script-src http: https: https://mysleepyhead.com/ 'unsafe-inline' 'unsafe-eval' *.google.com *.salesforce.com *.force.com *.razorpay.com *.facebook.com *.instagram.com duroflexpvtltd.my.salesforce-sites.com *.snapmint.com *.popin.to *.evgnet.com; style-src 'self' blob: https: 'unsafe-inline' https://mysleepyhead.com/ *.snapmint.com *.popin.to *.evgnet.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.salesforce.com *.force.com *.snapmint.com *.popin.to *.evgnet.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.salesforce.com *.force.com *.juspay.in *.razorpay.com *.clickpost.ai *.googletagmanager.com public.release.juspay.in tez: phonepe: paytmmp: upi: *.snapmint.com *.popin.to *.evgnet.com *.facebook.com; 1
'self' cdn.naftonline.ir; 1
worker-src 'self' blob:; font-src fonts.googleapis.com *.fontawesome.com fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com * www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.crazyegg.com *.googletagmanager.com *.google-analytics.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com * js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.crazyegg.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com tagmanager.google.com fonts.google.com https://cdn.jsdelivr.net/npm/sweetalert2@11.10.5/dist/sweetalert2.min.css * fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.adyen.com * *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.crazyegg.com https://viacep.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com 'self' blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.crazyegg.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.motionpoint.com https://www.ncl.com 1
frame-ancestors nedapflux.com www.nedapflux.com login.nedapflux.com *.login.nedapflux.com 1
default-src data: google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com googleapis.com *.googleapis.com zencdn.net *.zencdn.net github.io *.github.io get.ga *.get.ga clnk.au *.clnk.au nelsonnet.com.au *.nelsonnet.com.au https://stats.g.doubleclick.net  https://fonts.gstatic.com  https://cdnjs.cloudflare.com https://fast.wistia.com https://maxcdn.bootstrapcdn.com https://fast.wistia.net https://embedwistia-a.akamaihd.net *.wistia.com *.wistia.net *.litix.io blob: inspectlet.com *.inspectlet.com survicate.com *.survicate.com https://cdn.datatables.net https://code.jquery.com https://cdn.jsdelivr.net google.com *.google.com gstatic.com *.gstatic.com cengageanz.h5p.com *.h5p.com 'self' 'unsafe-inline' 'unsafe-eval' 1
block-all-mixed-content; frame-ancestors *.newlentes.com.br 1
frame-ancestors 'self' ninjacrm.com *.ninjacrm.com; script-src 'self' maps.googleapis.com *.cloudfront.net wzrkt.com *.razorpay.com *.google-analytics.com ninjacrm.com *.ninjacrm.com 'unsafe-inline' 'unsafe-eval'  ;object-src 'none'; base-uri 'self' ninjacrm.com *.ninjacrm.com 1
block-all-mixed-content; frame-ancestors *.normatel.com.br 1
frame-ancestors https://*.emarsys.net https://*.emarsys.com https://nutriversum.com https://*.nutriversum.com/ 1
default-src 'self' 'nonce-kZed4UVPyKPpvw9T9llwFhst43IrCFXGTjSgDnkLnc3Kghc325' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com www.gstatic.com use.typekit.net; script-src 'self' 'nonce-kZed4UVPyKPpvw9T9llwFhst43IrCFXGTjSgDnkLnc3Kghc325' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com www.gstatic.com use.typekit.net; 1
default-src * 'unsafe-inline' 'unsafe-eval';        img-src * data:; 1
img-src 'self' *.queplan.cl queplan.cl  https: data: blob:; connect-src 'self' wss://widget-mediator.zopim.com wss://*.hotjar.com https://*.hotjar.io *.queplan.cl queplan.cl   www.google-analytics.com www.googletagmanager.com  https://*.hotjar.com www.googleadservices.com *.api.kushkipagos.com *.api-uat.kushkipagos.com api.kushkipagos.com api-uat.kushkipagos.com *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.googleadservices.com *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.adnxs.com *.yahoo.com *.twitter.com *.t.co *.jsdelivr.net  https: data: blob:; style-src 'self' 'unsafe-inline' *.queplan.cl queplan.cl  https: data: blob:, script-src 'self' 'unsafe-inline' 'unsafe-eval' *.queplan.cl queplan.cl  browser-update.org *.hotjar.com api.kushkipagos.com *.api.kushkipagos.com api-uat.kushkipagos.com *.api-uat.kushkipagos.com *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.t.co *.adroll.com https: data: blob: www.google-analytics.com www.googletagmanager.com, script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' www.google.cl www.google.co www.google.pe www.google.com browser-update.org *.queplan.cl queplan.cl  www.google-analytics.com www.googletagmanager.com https://*.hotjar.com www.googleadservices.com *.api.kushkipagos.com *.api-uat.kushkipagos.com api.kushkipagos.com api-uat.kushkipagos.com  *.twilio.com wss://tsock.us1.twilio.com *.linkify.cl *.googleadservices.com *.ads-twitter.com *.licdn.com *.facebook.net *.consensu.org *.openx.net *.rlcdn.com *.adnxs.com *.yahoo.com *.twitter.com *.t.co *.jsdelivr.net https: data: blob:, font-src 'self' fonts.googleapis.com fonts.gstatic.com *.queplan.cl queplan.cl  https: data: blob:; frame-src 'self' *.youtube.com https: data: blob: www.google-analytics.com www.googletagmanager.com; worker-src 'self' *.queplan.cl queplan.cl  https: data: blob:; object-src 'none'; frame-ancestors * 1
frame-ancestors 'self' https://*.melissa.com.br https://*.zaxy.com.br https://*.sandaliasipanema.com.br https://*.lojacartago.com.br https://*.grendenekids.com.br https://*.grendha.com.br https://*.shopmelissaeu.com https://*.shopmelissa.com https://*.conexaomelissa.com.br https://*.grendene.com.br 1
frame-ancestors 'self'  https://fonts.googleapis.com/ 1
connect-src  'self'  dc.services.visualstudio.com  http://localhost:*  maps.googleapis.com  src.fwusercontent.com  ws://localhost:*  www.google-analytics.com;frame-src  757141013452423.webpush.freshchat.com  scolago.upvoty.com  scolago-team-839953b63b50b5516876813.freshchat.com  www.google.com  www.youtube.com;font-src  'self'  cdn.jsdelivr.net  fonts.gstatic.com  maps.gstatic.com  data:;img-src  'self'  apple-resources.s3.amazonaws.com  cdn.jsdelivr.net  khms0.googleapis.com  khms1.googleapis.com  lh3.ggpht.com  opencollective.com  play.google.com  tools.applemediaservices.com  maps.googleapis.com  maps.gstatic.com  www.google-analytics.com  www.googletagmanager.com  streetviewpixels-pa.googleapis.com  data:;script-src  'unsafe-eval'  'unsafe-inline'  blob:  'self'  az416426.vo.msecnd.net  cdn.jsdelivr.net  fw-cdn.com  maps.googleapis.com  scolago.upvoty.com  scolago-team-839953b63b50b5516876813.freshchat.com  www.google.com  www.google-analytics.com  www.googletagmanager.com  www.gstatic.com  'unsafe-inline';style-src  'self'  cdn.jsdelivr.net  'unsafe-hashes'  'unsafe-inline'  'self'  cdn.jsdelivr.net  fonts.googleapis.com  scolago-team-839953b63b50b5516876813.freshchat.com  'unsafe-inline'; 1
frame-ancestors 'self' https://backoffice.shoppster.com 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* js-agent.newrelic.com static.zdassets.com api.smooch.io cdn.tiny.cloud maps.google.com maps.googleapis.com; font-src 'self' http://localhost:* data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' http://localhost:* cdn.tiny.cloud fonts.googleapis.com; img-src http: https: data: blob: 'self'; connect-src http: https: ws: blob:; 1
frame-ancestors 'self';frame-src 'self' *.google.com *.doubleclick.net *.googlesyndication.com *.cleverwebserver.com *.clevernt.com; 1
default-src 'none'; frame-src 'self' bankid: https://app.bankid.com skolid:; script-src 'self' https://browser.sentry-cdn.com https://az416426.vo.msecnd.net 'nonce-uYAxnrkHj+XA1Zxy2a92Fa/pqmjTxf1ZsgHzaahMWIo='; connect-src 'self' https://sentry.ist.com https://dc.services.visualstudio.com https://skolid-mtls.azurewebsites.net; img-src 'self'  'unsafe-inline' www.google-analytics.com data: https://skolidblob.blob.core.windows.net https://skolidlocaldev.blob.core.windows.net https://isthome.blob.core.windows.net https://*.ist.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data: 1
frame-ancestors 'self' https://*.kinderloop.com https://*.v.smartcentral.net; 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' https://unpkg.com/ https://www.googletagmanager.com/ https://it.smartsd.com/matomo/  https://cdn.tiny.cloud/ https://blueimp.github.io/ https://uicdn.toast.com/ https://code.jquery.com/ https://maps.googleapis.com https://maps.googleapis.com/maps/api/js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.gstatic.com/recaptcha/releases/1h-hbVSJRMOQsmO_2qL9cO0z/recaptcha__nl.js https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com; style-src 'report-sample' 'self' 'unsafe-inline' https://cdn.jsdelivr.net/gh/orestbida/ https://www.googletagmanager.com/ https://cdn.tiny.cloud https://blueimp.github.io/ https://uicdn.toast.com/ https://code.jquery.com/ https://fonts.googleapis.com https://cdnjs.cloudflare.com; object-src 'self'; base-uri 'self'; connect-src 'self' https://it.smartsd.com/matomo/ https://uicdn.toast.com/ https://maps.googleapis.com https://region1.google-analytics.com https://www.google-analytics.com https://www.mollie.com/ https://cdnjs.cloudflare.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://uicdn.toast.com/ https://www.mollie.com/ https://www.google.com https://www.youtube.com https://www.google.com/recaptcha/ https://www.linkedin.com/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: https://fonts.gstatic.com/ https://www.googletagmanager.com/ https://www.googletagmanager.com/ https://it.smartsd.com/matomo/ https://sp.tinymce.com https://maps.gstatic.com/  https://uicdn.toast.com/ https://maps.googleapis.com https://cdn-staging.smartsd.com https://cdn.smartsd.com https://www.mollie.com; manifest-src 'self'; media-src 'self' https://uicdn.toast.com/  https://cdn-staging.smartsd.com; report-uri https://6458b9a20c2db5717a7f925e.endpoint.csper.io/?v=4; child-src 'report-sample' https://www.mollie.com/ https://www.google.com/ https://www.youtube.com/ https://www.linkedin.com/; frame-ancestors https://www.linkedin.com/ 'self'; form-action 'report-sample' https://pay.mollie.nl/ https://www.mollie.com/ https://bancontact.girogate.be 'self'; worker-src 'none'; 1
frame-ancestors 'self' http://www.spillespill.no 1
frame-ancestors 'self' https://sportland.ee/ https://sportland.com/ https://en.sportland.fi/ https://ru.sportland.ee/ https://ru.sportland.lt/ https://ru.sportland.lv/ https://sportland.lv/ https://sportland.lt/ https://pl.sportland.com/ https://sportland.fi/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
frame-ancestors 'self' https://sportland.lt/ https://sportland.com/ https://en.sportland.fi/ https://sportland.ee/ https://ru.sportland.ee/ https://ru.sportland.lt/ https://ru.sportland.lv/ https://sportland.lv/ https://pl.sportland.com/ https://sportland.fi/ https://sportskim.sportland.lv/ https://outlet.sportland.lv/ https://outlet.sportland.lt/ https://outlet.sportland.ee/ https://outlet.sportland.com/ https://ru-outlet.sportland.com/ https://outlet.sportland.fi/; 1
frame-ancestors https://*.starterre.fr; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net ajax.aspnetcdn.com momentjs.com www.googletagmanager.com www.google-analytics.com rawcdn.githack.com cdnjs.cloudflare.com ssl.google-analytics.com pagead2.googlesyndication.com maps.googleapis.com ajax.googleapis.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://googleads.g.doubleclick.net/ https://www.facebook.com/; style-src 'self' 'unsafe-inline' www.jqueryscript.net cdnjs.cloudflare.com jquery.app fonts.googleapis.com; img-src 'self' data: ssl.google-analytics.com www.google-analytics.com www.stb.com.mk maps.gstatic.com maps.googleapis.com stats.g.doubleclick.net https://www.gstatic.com/ https://www.facebook.com/ https://www.google.com/pagead/ https://www.google.mk/pagead/ https://www.youtube.com/; connect-src 'self' pagead2.googlesyndication.com maps.googleapis.com; frame-src 'self' https://td.doubleclick.net/ https://www.google.com/recaptcha/ https://www.facebook.com/ https://www.youtube.com/; 1
default-src 'self' https://studio24.bg/ https://*.studio24.bg/ blob:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://ssl.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://tpc.googlesyndication.com https://assets.zendesk.com https://cdn.usefathom.com https://connect.facebook.net https://ajax.googleapis.com https://www.googleadservices.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/pagead/ https://www.google.bg/pagead/ https://googleads.g.doubleclick.net/pagead/ https://www.youtube.com/iframe_api https://www.youtube.com/player_api https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/s/player/ https://cdn.onesignal.com https://onesignal.com https://www.gstatic.com/firebasejs/ https://push-static.dbankcdn.com/hms-messaging.js https://accounts.google.com https://appleid.cdn-apple.com; img-src 'self' data: blob: android-webview-video-poster: https://studio24.bg https://staging.studio24.bg https://ssl.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://cdn.usefathom.com https://googleads.g.doubleclick.net/pagead/ https://www.google.com/pagead/ https://www.google.bg/pagead/ https://s-static.ak.facebook.com https://assets.zendesk.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com/rastertiles/voyager/ https://*.ytimg.com https://www.facebook.com/tr/ blob: https://www.facebook.com/platform/ ; style-src 'self' 'unsafe-inline' file: blob: https://cdn.syncfusion.com https://*.peterpro.bg https://*.studio24.bg https://fonts.googleapis.com https://fonts.gstatic.com https://assets.zendesk.com https://onesignal.com https://accounts.google.com ; font-src 'self' data: https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self' https://*.peterpro.bg https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/embed/ https://*.studio24.bg https://studio24.bg https://onesignal.com/ https://tpc.googlesyndication.com/ https://accounts.google.com https://web.facebook.com/v18.0/plugins/ ; object-src 'none'; connect-src 'self' mailto: blob:  https://*.peterpro.bg https://*.studio24.bg https://studio24.bg wss://app.peterpro.bg:8443 wss://app.peterpro.bg:8444 https://noembed.com/embed https://onesignal.com https://*.google-analytics.com/ https://firebaseinstallations.googleapis.com/v1/projects/ https://fcmregistrations.googleapis.com/v1/projects/ https://www.facebook.com/tr/ https://revgeocode.search.hereapi.com/v1/revgeocode https://accounts.google.com https://www.google.com/maps/conversion/ https://www.facebook.com/platform/ https://graph.facebook.com/v18.0/ ; manifest-src 'self' blob: ; media-src 'self' https://www.youtube.com https://m.youtube.com ; 1
base-uri 'none'; object-src 'none'; script-src 'nonce-tdvzx5_msDnERsilyxV5asJ6Bs-sbghZYcXFLiNtwr82LHgRxHank2Kmt3m_px9i' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
frame-src www.taxi4me.net taxi4me.net; frame-ancestors www.taxi4me.net taxi4me.net; 1
img-src 'self' www.google-analytics.com raw.githubusercontent.com googleads.g.doubleclick.net internal.localhost:8001 cdn.datatables.net maps.gstatic.com teamnest.com data: s3.ap-south-1.amazonaws.com s3.eu-south-1.amazonaws.com px.ads.linkedin.com www.google.com www.google.co.in tr-rc.lfeeder.com www.googletagmanager.com maps.googleapis.com maps.google.com; worker-src 'self'; connect-src 'self' www.google-analytics.com ekr.zdassets.com maps.googleapis.com teamnest.zendesk.com widget-mediator.zopim.com wss://widget-mediator.zopim.com sentry.io zendesk-eu.my.sentry.io analytics.google.com cdn.linkedin.oribi.io pagead2.googlesyndication.com stats.g.doubleclick.net wss://ws.hotjar.com content.hotjar.io metrics.hotjar.io; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com cdn.rawgit.com cdn.jsdelivr.net www.gstatic.com; frame-ancestors 'self'; media-src 'self' static.zdassets.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com cdn.ravenjs.com data:; frame-src 'self' td.doubleclick.net www.google.com; manifest-src 'self' teamnest.com; default-src 'self'; object-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' static.zdassets.com cdn.ravenjs.com cdnjs.cloudflare.com www.gstatic.com maps.googleapis.com 'unsafe-eval' assets.zendesk.com www.googletagmanager.com snap.licdn.com www.google-analytics.com www.googleadservices.com static.hotjar.com sc.lfeeder.com googleads.g.doubleclick.net script.hotjar.com maps.google.com www.google.com 1
default-src data: blob: 'self' https://*.tenantapp.com.au https://*.movemein.co.uk https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://inspectreuk.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.co.uk https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://inspectre-beta.azurewebsites.net https://inspectre-uk-beta.azurewebsites.net https://*.inspectrealestate.com.au https://*.inspectrealestate.co.uk https://inspectre-app-test.azurewebsites.net  https://*.fontawesome.com;script-src 'self' https://*.tenantapp.com.au https://*.movemein.co.uk https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://inspectreuk.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.co.uk https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://inspectre-beta.azurewebsites.net https://inspectre-uk-beta.azurewebsites.net https://*.inspectrealestate.com.au https://*.inspectrealestate.co.uk https://inspectre-app-test.azurewebsites.net  https://code.jquery.com https://cdn.jsdelivr.net https://*.fontawesome.com https://unpkg.com https://*.in.applicationinsights.azure.com https://js.monitor.azure.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://connect.facebook.net https://www.google-analytics.com https://js.stripe.com https://widgetcontainer.s3.us-west-2.amazonaws.com/savingsCalculator.js https://*.clarity.ms https://*.googlesyndication.com https://*.googleadservices.com 'unsafe-inline' 'unsafe-eval';style-src 'self' https://*.tenantapp.com.au https://*.movemein.co.uk https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://inspectreuk.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.co.uk https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://inspectre-beta.azurewebsites.net https://inspectre-uk-beta.azurewebsites.net https://*.inspectrealestate.com.au https://*.inspectrealestate.co.uk https://inspectre-app-test.azurewebsites.net  https://use.typekit.net https://*.fontawesome.com  https://p.typekit.net https://code.jquery.com https://cdn.jsdelivr.net 'unsafe-inline';img-src data: blob: *;font-src 'self' https://*.tenantapp.com.au https://*.movemein.co.uk https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://inspectreuk.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.co.uk https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://inspectre-beta.azurewebsites.net https://inspectre-uk-beta.azurewebsites.net https://*.inspectrealestate.com.au https://*.inspectrealestate.co.uk https://inspectre-app-test.azurewebsites.net  https://use.typekit.net https://*.fontawesome.com https://p.typekit.net;frame-src 'self' https://*.tenantapp.com.au https://*.movemein.co.uk https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://inspectreuk.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.co.uk https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://inspectre-beta.azurewebsites.net https://inspectre-uk-beta.azurewebsites.net https://*.inspectrealestate.com.au https://*.inspectrealestate.co.uk https://inspectre-app-test.azurewebsites.net  https://*.youtube.com http://youtu.be https://googleads.g.doubleclick.net https://js.stripe.com https://www.google.com https://*.googlesyndication.com https://www.facebook.com https://*.inspectrealestate.com.au https://*.inspectrealestate.co.uk https://inspectre-app-test.azurewebsites.net;connect-src 'self' https://*.tenantapp.com.au https://*.movemein.co.uk https://inspectretest.blob.core.windows.net https://inspectre.blob.core.windows.net https://inspectreuk.blob.core.windows.net https://maps.googleapis.com https://ajax.googleapis.com https://*.google.com.au https://*.google.co.uk https://*.google.com https://apis.google.com https://fonts.googleapis.com https://www.gstatic.com https://fonts.gstatic.com https://inspectre-beta.azurewebsites.net https://inspectre-uk-beta.azurewebsites.net https://*.inspectrealestate.com.au https://*.inspectrealestate.co.uk https://inspectre-app-test.azurewebsites.net  https://*.fontawesome.com https://www.google-analytics.com https://*.in.applicationinsights.azure.com https://js.stripe.com https://*.googleapis.com https://*.clarity.ms https://stats.g.doubleclick.net https://www.google.com.au https://*.google.co.uk https://pagead2.googlesyndication.com https://www.facebook.com https://analytics.google.com ; upgrade-insecure-requests; 1
frame-ancestors 'self' https://*.tennislegend.fr;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.bing.com *.clarity.ms *.cloudflare.com *.cookielaw.org *.doubleclick.net *.early-birds.fr *.facebook.com *.facebook.net *.geoplugin.net *.google-analytics.com *.google.com *.google.fr *.googleadservices.com *.googleapis.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com *.sendinblue.com *.trustedshops.com *.luckycart.com *.pcapredict.com sibautomation.com 1
frame-ancestors 'self' thirtymall.com *.thirtymall.com 1
default-src 'self' https://api1.trendyaab.com ; manifest-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.gstatic.com https://*.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' cdn1.trendyaab.com  vt.parsimap.com https://logo.samandehi.ir https://*.google-analytics.com review-rating.mncdn.com blob: https://api1.trendyaab.com data: https://api1.trendyaab.com https://cdn.dsmcdn.com https://video-content-img.dsmcdn.com  http://www.w3.org; media-src https://d12rjhfbnrelgt.cloudfront.net https://video-content.dsmcdn.com; connect-src 'self' https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://hpadmin.post.ir https://api1.trendyaab.com https://api.trendyaab.com https://translate.googleapis.com https://*.google-analytics.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src https://troublefree.nl/ https://www.troublefree.nl/; script-src https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://troublefree.nl/ https://www.troublefree.nl/ https://ssl.google-analytics.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://lcms2.nl/ https://connect.facebook.net/ https://snap.licdn.com/li.lms-analytics/ 'unsafe-eval' 'unsafe-inline'; style-src https://troublefree.nl/ https://www.troublefree.nl/ https://fonts.googleapis.com/ https://lcms2.nl/ 'unsafe-inline'; font-src https://troublefree.nl/ https://www.troublefree.nl/ https://fonts.gstatic.com/; img-src https://i.ytimg.com/ https://www.google-analytics.com/collect https://troublefree.nl/ https://www.troublefree.nl/ https://stats.g.doubleclick.net/ https://ssl.google-analytics.com/ https://lcms2.nl/ https://www.facebook.com/tr/ https://px.ads.linkedin.com/ https://www.linkedin.com/; upgrade-insecure-requests; frame-ancestors https://troublefree.nl/ https://www.troublefree.nl/; form-action https://www.facebook.com/tr/ https://troublefree.nl/ https://www.troublefree.nl/ https://kennisbank.troublefree.nl/; frame-src https://www.youtube.com/ https://www.facebook.com/ https://troublefree.nl/ https://www.troublefree.nl/ https://www.google.com/ https://recaptcha.google.com/recaptcha/; connect-src https://cdn.linkedin.oribi.io/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://troublefree.nl/ https://www.troublefree.nl/ https://*.google-analytics.com/ self; base-uri https://www.troublefree.nl/; 1
script-src 'unsafe-inline' 'unsafe-eval' https: http: blob: 'self' *.securionpay.com securionpay.com *.dev.shift4.com api.shift4.com content.jwplatform.com *.p.jwpcdn.com polyfill.io cdn.rawgit.com cdn.jsdelivr.net *.googleapis.com *.googletagmanager.com *.gstatic.com *.appdynamics.com *.google-analytics.com; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubbee8abfcdc61c11351e77198b719f98b&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=vtc; 1
block-all-mixed-content; frame-ancestors *.vetoreditora.com.br 1
default-src 'self' cdn.yopu.co scdn.yopu.co yopu.co yoopu.me localhost; script-src 'self' cdn.yopu.co scdn.yopu.co yopu.co yoopu.me localhost www.google.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net hm.baidu.com *.sentry.io ynuf.aliapp.org *.tdum.alibaba.com cf.aliyun.com g.alicdn.com www.recaptcha.net www.google.com www.gstatic.com www.gstatic.cn 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.yopu.co scdn.yopu.co yopu.co yoopu.me localhost 'unsafe-inline'; font-src * data: blob:; img-src * data: blob:; media-src * data: blob:; frame-src 'self' cdn.yopu.co scdn.yopu.co yopu.co yoopu.me localhost ynuf.aliapp.org *.tdum.alibaba.com cf.aliyun.com g.alicdn.com www.recaptcha.net www.google.com www.gstatic.com www.gstatic.cn *.bilibili.com; connect-src 'self' cdn.yopu.co scdn.yopu.co yopu.co yoopu.me localhost www.google.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net hm.baidu.com *.sentry.io upload.qiniup.com uplog.qbox.me hooks.slack.com blob: data:; child-src 'self' cdn.yopu.co scdn.yopu.co yopu.co yoopu.me localhost blob:; worker-src 'self' cdn.yopu.co scdn.yopu.co yopu.co yoopu.me localhost blob:; block-all-mixed-content; report-uri /csp-report; 1
frame-ancestors oaklandlibrary.org *.oaklandlibrary.org oaklandlibrary.bibliocms.com *.oaklandlibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src oaklandlibrary.org *.oaklandlibrary.org oaklandlibrary.bibliocms.com *.oaklandlibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
script-src 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.gstatic.com *.analytics.google.com *.googletagmanager.com snap.licdn.com *.newrelic.com *.doubleclick.net px.ads.linkedin.com cdnjs.cloudflare.com cdn.jsdelivr.net *.air-france-klm.miza-alithya.com *.prod.acquia-sites.com *.airfranceklm.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.catme.org catme.org www.google-analytics.com www.googletagmanager.com translate.googleapis.com translate.google.com www.youtube.com www.gstatic.com stats.g.doubleclick.net ; 1
default-src https: 'self'; script-src 'self' 'unsafe-inline' remark42.radio-t.com *.google-analytics.com analytics.umputun.com; style-src 'self' 'unsafe-inline'; img-src data: 'self' remark42.radio-t.com *.google-analytics.com analytics.umputun.com; font-src 'self' data:; frame-src https://remark42.radio-t.com; media-src *.radio-t.com *.rucast.net; 1
frame-ancestors 'self' celimax.co.kr *.celimax.co.kr 1
default-src 'self';script-src 'unsafe-eval' 'self' 'unsafe-inline' js.stripe.com/v3/ www.gstatic.com/recaptcha/releases/ *.tshirtstudio.com *.pinterest.com s.ytimg.com www.youtube.com *.google-analytics.com *.googleapis.com *.facebook.net *.facebook.com *.bing.com *.googleadservices.com *.googletagmanager.com *.smartlook.com *.smartlook.cloud googleads.g.doubleclick.net code.jquery.com *.google.com songbird.cardinalcommerce.com songbird.cardinalcommerce.com/edge/v1/songbird.js songbirdstag.cardinalcommerce.com widget.trustpilot.com;style-src  'self' 'unsafe-inline' *.googleapis.com;connect-src 'self' api.stripe.com *.googleadservices.com *.googlesyndication.com td.doubleclick.net googleads.g.doubleclick.net *.google.com *.facebook.com *.smartlook.com code.jquery.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.cardinalcommerce.com;img-src 'self' *.googletagmanager.com *.google.ge *.msn.com *.bing.com *.google-analytics.com *.analytics.google.com *.facebook.com *.blob.core.windows.net *.xx.fbcdn.net scontent.cdninstagram.com *.g.doubleclick.net *.google.co.uk *.google.com *.tshirtstudio.com *.googleadservices.com;font-src 'self' fonts.gstatic.com;worker-src *.tshirtstudio.com;frame-src 'self' hooks.stripe.com js.stripe.com td.doubleclick.net googleads.g.doubleclick.net bid.g.doubleclick.net *.facebook.com *.googleadservices.com googleads.g.doubleclick.net *.google.com *.google.co.uk *.cardinalcommerce.com widget.trustpilot.com;frame-ancestors 'self'; 1
frame-ancestors 'self' https://webadmin.societegenerale.com https://web-admin.societegenerale.com; upgrade-insecure-requests 1
base-uri 'self';block-all-mixed-content;connect-src 'self' trackofthewolf.com *.trackofthewolf.com hcaptcha.com *.hcaptcha.com;default-src 'self' trackofthewolf.com *.trackofthewolf.com;frame-src hcaptcha.com *.hcaptcha.com;img-src data: 'self' trackofthewolf.com *.trackofthewolf.com www.adobe.com/images/shared/download_buttons/get_adobe_reader.png;script-src 'self' 'unsafe-inline' 'unsafe-eval' trackofthewolf.com *.trackofthewolf.com hcaptcha.com *.hcaptcha.com;style-src 'self' 'unsafe-inline' trackofthewolf.com *.trackofthewolf.com hcaptcha.com *.hcaptcha.com;upgrade-insecure-requests; 1
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://*.teads.tv wss://webchat.smartly.ai https://webchat.smartly.ai https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://cdn.smartly.ai https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://offerswidget.visa.com; frame-src 'self' https://*.teads.tv https://bid.g.doubleclick.net https://platform.twitter.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com; img-src 'self' *.bicis.sn *.bmci.ma *.ubci.tn *.bnpparibas.dz *.bicici.com *.biciab.bf *.bicigui.org *.bicibourse.com *.stagingirb.bnpparibas *.teads.tv media.smartly.ai data: apis.smartly.ai cdn.smartly.ai bots.smartly.ai maps.gstatic.com *.googleapis.com *.ggpht https://www.google-analytics.com https://www.facebook.com https://px.ads.linkedin.com https://www.google.fr https://www.google.com https://central.stagingirb.bnpparibas https://irb-central.bnpparibas.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://offerswidget.visa.com https://www.visa.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net/ *.stagingirb.bnpparibas https://www.googletagmanager.com/ https://p.teads.tv/ https://pagead2.googlesyndication.com/pagead/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://apis.smartly.ai https://cdn.smartly.ai https://www.google-analytics.com https://www.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://tagmanager.google.com https://apis.google.com https://code.jquery.com/ui/1.10.1/jquery-ui.js https://connect.facebook.net https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/en_US/sdk.js https://maps.googleapis.com https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/common.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/controls.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/infowindow.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/map.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/marker.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/onion.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/stats.js https://maps.googleapis.com/maps-api-v3/api/js/44/14/intl/en_gb/util.js https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/js/QuotaService.RecordEvent https://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo https://maps.googleapis.com/maps/vt https://offerswidget.visa.com/api/v1.1/jsonp/destinations https://offerswidget.visa.com/api/v1.1/jsonp/offersListing https://offerswidget.visa.com/api/v1.1/jsonp/refData https://offerswidget.visa.com/vos/i18n/vosw.messages_en.js https://offerswidget.visa.com/vos/scripts/VisaSyndicationWidget.js https://platform.linkedin.com/in.js https://platform.twitter.com/widgets.js https://snap.licdn.com/li.lms-analytics/insight.min.js https://www.google-analytics.com/analytics.js https://www.googleadservices.com/pagead/conversion.js https://www.googletagmanager.com/gtm.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ https://cdn.smartly.ai https://tagmanager.google.com https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ https://offerswidget.visa.com/vos/styles/ https://offerswidget.visa.com/vos/styles/syndication/; object-src 'self'; manifest-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; base-uri 'none'; upgrade-insecure-requests; 1
frame-ancestors 'self' hhla.de *.hhla.de ; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://*.c.mad.interhost.com https://*.metrobilbao.eus wss://client.relay.crisp.chat https://*.crisp.chat https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net; img-src 'self' data: https://*.c.mad.interhost.com https://*.metrobilbao.eus https://*.crisp.chat https://*.google-analytics.com https://maps.gstatic.com https://*.googleapis.com https://*.ggpht https://*.googletagmanager.com 1
default-src 'self' https: 'unsafe-eval' 'unsafe-inline' blob:; object-src 'self' blob:; img-src 'self' data: https: https://script.hotjar.com http://script.hotjar.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com blob:; script-src 'self' https: http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com 'unsafe-eval' 'unsafe-inline'; script-src-elem 'unsafe-eval' 'unsafe-inline' 'self' *.googletagmanager.com *.google-analytics.com https://use.fontawesome.com https://bat.bing.com https://snap.licdn.com https://static.hotjar.com https://script.hotjar.com https://a.omappapi.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://recaptcha.net *.recaptcha.net *.gstatic.com https://maps.googleapis.com https://enquete.agconsult.com https://connect.facebook.net https://js-cdn.dynatrace.com https://app.segmanta.com https://worldmap.puratos.com https://cdn.botframework.com; connect-src 'self' https: http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com *.visualwebsiteoptimizer.com app.vwo.com wss://directline.botframework.com wss://*.directline.botframework.com; font-src 'self' data: https: http://script.hotjar.com https://script.hotjar.com; frame-src 'self' https: https://vars.hotjar.com app.vwo.com *.visualwebsiteoptimizer.com; frame-ancestors 'self'; style-src 'self' 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com *.googleapis.com cdn.pushcrew.com s3.amazonaws.com https://a.omappapi.com https://use.fontawesome.com https://worldmap.puratos.com; worker-src 'self' blob:; 1
object-src 'none';         script-src * 'unsafe-inline' 'unsafe-eval';         base-uri 'none'; 1
worker-src 'self' blob:; script-src 'strict-dynamic' 'unsafe-eval' 'nonce-9LODJwazqnPBDxPfbLDrnA=='; style-src 'self' 'unsafe-inline'; frame-ancestors 'self' https://*.michelin.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' http: https:; img-src * data:; style-src * 'unsafe-inline'; object-src 'none'; worker-src * blob: data: 1
frame-ancestors default-src 'self' *.jivosite.com ws://*.jivosite.com/ https://pay.deko.finance 1
default-src 'self' *.intigral.net *.googleapis.com data: https: wss: 'unsafe-inline'; font-src data: https:; media-src blob: data: https: 'unsafe-inline';script-src 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' data: 'unsafe-eval' 'unsafe-inline';img-src 'self' 'unsafe-inline' data: 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com data: script.hotjar.com 'self' data: https://fonts.gstatic.com/ *.porterbuddy.com *.porterbuddy-test.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.snapchat.com *.facebook.com 'self'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.adyen.com *.klarna.com big.g.doubleclick.net vars.hotjar.com optimize.google.com *.trustpilot.com *.snapchat.com *.goodreads.com *.facebook.com *.porterbuddy.com *.porterbuddy-test.com presentkort.retain24.com calendar.google.com www.google.com viewer.ipaper.io *.doubleclick.net docs.google.com www.tiktok.com *.cookiebot.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.adyen.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com *.klarna.com *.klarnaevt.com *.hotjar.com *.hotjar.io *.googletagmanager.com 'self' data: https://cdn.myafterpay.com/ *.wpcloud.trollweb.no *.dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.google.lt *.fastly.net t.co *.dibs.se *.bing.com *.facebook.com *.clarity.ms *.trackmytarget.com *.zmags.com cas.zma.gs tr.snapchat.com *.doubleclick.net static.zdassets.com outlandas.zendesk.com images.getfastr.com *.cookiebot.com data: 'self' 'unsafe-inline'; script-src *.assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com *.newrelic.com *.nr-data.net assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com *.vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.adyen.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://storage.googleapis.com/ https://api.mapbox.com/ *.google.com *.gstatic.com *.google-analytics.com *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net *.klarna.com static.hotjar.com script.hotjar.io *.trustpilot.com *.dev.visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com *.geostag.cardinalcommerce.com *.1eafstag.cardinalcommerce.com *.geoapi.cardinalcommerce.com *.1eafapi.cardinalcommerce.com *.songbird.cardinalcommerce.com *.includestest.ccdc02.com *.js.authorize.net *.test.authorize.net *.t.paypal.com *.s.ytimg.com *.jstest.authorize.net *.js.braintreegateway.com *.cdn-scripts.signifyd.com *.googletagmanager.com *.nosto.com *.randomhouse.com *.zdassets.com *.ads-twitter.com *.googletagservices.com *.googlesyndication.com *.twitter.com sc-static.net connect.facebook.net *.replay.uxtweak.com *.porterbuddy.com *.porterbuddy-test.com *.bing.com *.clarity.ms *.trackmytarget.com *.google.lt *.mouseflow.com cas.zma.gs tr.snapchat.com assets.voyado.com www.tiktok.com lf16-tiktok-web.ttwstatic.com lf16-tiktok-common.tiktokcdn-us.com vmweb.us.tiktok.com api.smooch.io *.cookiebot.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com downloads.mailchimp.com *.gstatic.com *.googleapis.com *.google.com *.trustpilot.com https://fonts.googleapis.com/ *.wpcloud.trollweb.no *.porterbuddy.com *.porterbuddy-test.com *.typekit.net cas.zma.gs lf16-tiktok-web.ttwstatic.com lf16-tiktok-common.tiktokcdn-us.com vmweb.us.tiktok.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.adyen.com https://storage.googleapis.com/ https://api.mapbox.com/ https://events.mapbox.com/ *.google-analytics.com *.doubleclick.net *.klarna.com *.klarnaevt.com *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.google.com *.googleapis.com t.elasticsuite.io *.nosto.com *.zdassets.com *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com *.snapchat.com *.uxtweak.com wss://replay.uxtweak.com *.stats.trollweb.no *.porterbuddy.com *.clarity.ms *.bing.com *.porterbuddy-test.com *.trustpilot.com *.mouseflow.com cas.zma.gs c.zmags.com wss://api.smooch.io *.cookiebot.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com *.newrelic.com *.aptrinsic.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint; 1
frame-ancestors 'self' panoramen.frauenkirche-dresden.de 1
frame-ancestors 'self' https://edicola.gazzettaregionale.it https://testbaba.virtualcms.it 1
default-src 'self'; script-src 'self' 'nonce-uCdDW5mUVSvZgSpafBIySfA61JsOoesf' 'sha256-pOMy5zVRJ9uLQCb14Kktf4KESbGZRs4C4I2gfZ1ZKM4=' 'sha256-F63pH4hhuRDQhqLO6iV92Sfozhk1aS2FjvOkgObROBU=' 'sha256-3475GzzKJtJyijG2bG38Ow6TMT5krezIUCcDdjQ7u5Y=' 'sha256-7TNigyWAB9Hjxp6JLKwV7VjpUFb3ut9cXLV2ZtUv/8Q=' 'sha256-5N4Pp5UCHKbIUxXXFe+KDYsfhzhQXoIzN80eQ+jF9P4=' 'sha256-zp2J6ufGMxGFKz4PMh8P24xWnRSxyNbAKrsz4pNgZ7Y=' https://www.google.com https://www.google.ch https://www.google.ro https://www.google.de https://tagmanager.google.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://d3pkntwtp2ukl5.cloudfront.net https://www.gstatic.com https://ssl.google-analytics.com https://www.google-analytics.com https://*.iubenda.com https://*.paysafe.com https://cdnjs.cloudflare.com https://admin.typeform.com https://embed.typeform.com https://*.zopim.com https://browser-update.org https://px.ads.linkedin.com https://*.quora.com https://coinzillatag.com https://go.smartvalor.com https://sjs.bizographics.com https://www.linkedin.com https://cdn.mouseflow.com https://pi.pardot.com https://connect.facebook.net https://wchat.eu.freshchat.com https://assetscdn-wchat.eu.freshchat.com/ https://includestest.ccdc02.com https://*.cardinalcommerce.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.adroll.com https://us-u.openx.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://ads.yahoo.com https://eb2.3lift.com https://trc.taboola.com https://simage2.pubmatic.com https://sync.outbrain.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://pixel.advertising.com https://snap.licdn.com https://d.adroll.mgr.consensu.org https://js.userpilot.io https://smartvalor.com; style-src 'self' 'unsafe-inline' data: https://tagmanager.google.com https://fonts.googleapis.com https://assetscdn-wchat.eu.freshchat.com https://wchat.eu.freshchat.com; font-src 'self' data: https://fonts.gstatic.com https://*.zopim.com https://assetscdn-wchat.eu.freshchat.com https://wchat.eu.freshchat.com; connect-src 'self' wss: ws: https://analytics.google.com https://*.analytics.google.com https://pagead2.googlesyndication.com https://version.smartvalor.com https://news.smartvalor.com https://v2.zopim.com https://*.google-analytics.com https://consent.iubenda.com https://hits-i.iubenda.com https://*.paysafe.com https://*.mouseflow.com https://api.rollbar.com https://stats.g.doubleclick.net https://assetscdn-wchat.eu.freshchat.com https://wchat.eu.freshchat.com https://kg668dbov0.execute-api.us-east-1.amazonaws.com https://*.cardinalcommerce.com https://request-global.czilladx.com https://min-api.cryptocompare.com wss://analytex.userpilot.io https://*.cloudflarestream.com ; img-src 'self' 'strict-dynamic' data: https://news.smartvalor.com https://assets.jazz.co/ https://s3-eu-west-1.amazonaws.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.com https://www.google.ch https://www.google.ro https://www.google.de https://*.gstatic.com https://*.zopim.com https://cdn.iubenda.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.facebook.com https://avatars.slack-edge.com https://cdn.jsdelivr.net https://assetscdn-wchat.eu.freshchat.com https://wchat.eu.freshchat.com https://*.quora.com https://www.linkedin.com https://www.cryptocompare.com https://dev-sv-strapi.s3.eu-west-1.amazonaws.com https://sv-dev-strapi.s3.eu-west-1.amazonaws.com https://sv-stg-strapi.s3.eu-west-1.amazonaws.com https://stg-sv-strapi.s3.eu-west-1.amazonaws.com https://prod-sv-strapi.s3.eu-west-1.amazonaws.com https://sv-prd-strapi.s3.eu-west-1.amazonaws.com https://*.adroll.com https://us-u.openx.net https://idsync.rlcdn.com https://ib.adnxs.com https://x.bidswitch.net https://ads.yahoo.com https://eb2.3lift.com https://trc.taboola.com https://simage2.pubmatic.com https://sync.outbrain.com https://pixel.rubiconproject.com https://dsum-sec.casalemedia.com https://pixel.advertising.com https://browser-update.org https://*.cloudflarestream.com; frame-src 'self' * data: blob: https://shuftipro.com https://cdn.iubenda.com https://*.smartvalor.com https://td.doubleclick.net https://hosted.test.paysafe.com https://wchat.eu.freshchat.com https://*.smartvalor.com https://hosted.test.paysafe.com; object-src 'none'; frame-ancestors 'self' https://smartvalor.com; media-src 'self' https://*.cloudflarestream.com https://assetscdn-wchat.eu.freshchat.com; base-uri 'self'; 1
frame-ancestors https://*.icopify.com  http://*.icopify.com https://icopify.co  http://icopify.co 1
default-src 'none'; frame-ancestors 'none'; script-src 'self' https://*.appcues.com https://*.appcues.net cdn.segment.com; worker-src 'self' https://*.appcues.com https://*.appcues.net cdn.segment.com blob:; connect-src 'self' api.segment.io cdn.segment.com https://*.appcues.com https://*.appcues.net wss://*.appcues.net wss://*.appcues.com editor.ne16.com data: blob:; frame-src 'self' https://*.appcues.com; style-src 'self' https://*.appcues.com https://*.appcues.net https://fonts.googleapis.com https://fonts.google.com 'unsafe-inline'; img-src 'self' https://*.appcues.com https://*.appcues.net res.cloudinary.com cdn.jsdelivr.net blob: data: *; font-src 'self' fonts.gstatic.com data:; report-uri /Analytics/api/Error/Csp; 1
frame-ancestors 'self' 'exportal.k11.com' 'saportal-uat.k11.com' 'saportal-uat2.k11.com' 'saportal-uat3.k11.com'; 1
default-src 'self'; base-uri 'self'; child-src 'self'; connect-src 'self' https://*.sharethis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.onetrust.com; report-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com  https://*.googletagmanager.com https://*.googleapis.com https://*.sharethis.com https://*.onetrust.com; style-src 'self' 'unsafe-inline' https://*.sharethis.com ;font-src 'self' 'unsafe-inline'; frame-src 'self' https://*.sharethis.mgr.consensu.org https://*.sharethis.com https://www.google.com *.youtube.com; img-src 'self' data: https://*.google.ie https://*.google.com https://*.doubleclick.net https://*.google-analytics.com  https://*.sharethis.com https://*.onetrust.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.adyen.com sc-static.net *.snapchat.com g.alicdn.com s.ytimg.com www.googletagmanager.com www.google-analytics.com www.gstatic.com www.youtube.com www.google.com tagmanager.google.com www.googleadservices.com leaderdigital.org srvvtrk.com gsp0.baidu.com gss0.bdstatic.com www.recaptcha.net captcha.gtimg.com *.bdimg.com *.baidu.com *.facebook.net *.serving-sys.com *.licdn.com *.google.com *.doubleclick.net *.go-mpulse.net *.weezevent.com *.eventbrite.fr *.captcha.qq.com *.hotjar.com *.azu.levia.ai *.trustcommander.net *.contentsquare.net *.teads.tv blob: api.map.baidu.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://g.alicdn.com https://ssl.captcha.qq.com maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' *.adyen.com sc-static.net *.snapchat.com g.alicdn.com s.ytimg.com www.googletagmanager.com www.google-analytics.com www.gstatic.com www.youtube.com www.google.com tagmanager.google.com www.googleadservices.com leaderdigital.org srvvtrk.com gsp0.baidu.com gss0.bdstatic.com www.recaptcha.net captcha.gtimg.com *.bdimg.com *.baidu.com *.facebook.net *.serving-sys.com *.licdn.com *.google.com *.doubleclick.net *.go-mpulse.net *.weezevent.com *.eventbrite.fr *.captcha.qq.com *.hotjar.com *.azu.levia.ai *.trustcommander.net *.contentsquare.net *.teads.tv api.map.baidu.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://g.alicdn.com https://ssl.captcha.qq.com maps.googleapis.com; style-src 'self' 'unsafe-inline' *.adyen.com g.alicdn.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.youtube.com fast.fonts.net fonts.googleapis.com captcha.gtimg.com tagmanager.google.com www.googletagmanager.com api.map.baidu.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://g.alicdn.com https://widget.azu.levia.ai; style-src-elem 'self' 'unsafe-inline' *.adyen.com sc-static.net g.alicdn.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com www.youtube.com fast.fonts.net fonts.googleapis.com tagmanager.google.com www.googletagmanager.com api.map.baidu.com cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://g.alicdn.com https://widget.azu.levia.ai 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://apis.example.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.youtube.com *.ytimg.com; img-src 'self' *.solve360.com *.youtube.com *.ytimg.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ *.solve360.com; frame-src 'self' https://www.google.com/recaptcha/ *.youtube.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self' https://*.solve360.com; media-src media.solve360.com; 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.jivosite.com https://*.tt.omtrdc.net https://a.omappapi.com https://a.omappapi.com https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://api.omappapi.com https://api.omappapi.com https://api.omappapi.com https://app2.fromdoppler.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cognito-identity.eu-west-1.amazonaws.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://firehose.eu-west-1.amazonaws.com https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://in-automate.brevo.com https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com https://z.omappapi.com wss://*.hotjar.com wss://*.jivosite.com wss://*.jivosite.com wss://*.jivosite.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://d2d7do8qaecbru.cloudfront.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://hub.tienda.eset-la.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://secure.eset-la.com https://sibautomation.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.eset-la.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://a.omappapi.com https://a.omappapi.com https://a.omappapi.com https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://assets.capterra.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://code.jivosite.com https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://files.jivosite.com https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://media-ya.jivosite.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'self'; media-src 'self' https://*.jivosite.com; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.jivosite.com https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://a.omappapi.com https://a.omappapi.com https://a.omappapi.com https://a.omappapi.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.fromdoppler.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://renovacion.tienda.eset-la.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://sibautomation.com https://sibautomation.com https://sibautomation.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.com.mx https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.jivosite.com https://a.omappapi.com https://a.omappapi.com https://cdn.fromdoppler.com https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
frame-ancestors 'self' *.dja.com; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' gtm-mqcvbc2-ywu1n.uc.r.appspot.com tm.jsuol.com.br *.getsitecontrol.com *.getsitectrl.com phonetrack-static.s3.sa-east-1.amazonaws.com s3-sa-east-1.amazonaws.com *.criteo.net *.criteo.com *.clarity.ms  chat.octadesk.services *.google.com *.googlesyndication.com cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js *.gstatic.com *.facebook.net *.cookiebot.com *.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com *.googleadservices.com *.googletagmanager.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.getsitecontrol.com *.getsitectrl.com nominatim.openstreetmap.org *.appspot.com *.criteo.net *.criteo.com *.cookiebot.com *.clarity.ms *.facebook.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.google.com *.doubleclick.net *.google-analytics.com; font-src 'self' *.gstatic.com *.hotjar.com; frame-src 'self' *.criteo.net *.criteo.com chat.octadesk.services *.facebook.com *.youtube.com *.google.com *.doubleclick.net *.cookiebot.com *.hotjar.com *.hotjar.io; img-src 'self' *.cookiebot.com imgsct.cookiebot.com *.getsitecontrol.com *.getsitectrl.com *.criteo.net *.criteo.com c.clarity.ms dsae.s3.amazonaws.com *.googleadservices.com *.googletagmanager.com *.doubleclick.net *.carrera.com.br *.facebook.com *.google-analytics.com *.google.com *.google.com.br data:; manifest-src 'self'; media-src 'self'; report-uri https://606ef4cf6ece01d9672c2ea8.endpoint.csper.io/; worker-src 'none'; 1
frame-ancestors https:; 1
script-src https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://widget.jedidesk.com wss://app.jedidesk.com https://tagmanager.google.com https://*.livechatinc.com https://*.facebook.net 'self' 'unsafe-inline'; style-src https://www.gstatic.com https://widget.jedidesk.com wss://app.jedidesk.com https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://bid.g.doubleclick.net https://td.doubleclick.net https://widget.jedidesk.com wss://app.jedidesk.com https://*.livechatinc.com https://www.facebook.com/; img-src https://www.google.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.ua https://*.google.nl https://widget.jedidesk.com wss://app.jedidesk.com https://ssl.gstatic.com https://www.gstatic.com https://*.livechatinc.com https://www.facebook.com 'self' https://warehouse.ladyboom.ua data:; connect-src https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com.ua https://*.google.nl https://widget.jedidesk.com wss://app.jedidesk.com https://*.livechatinc.com https://www.facebook.com 'self' https://warehouse.ladyboom.ua; media-src https://widget.jedidesk.com wss://app.jedidesk.com https://*.livechatinc.com 'self' https://warehouse.ladyboom.ua data:; font-src https://widget.jedidesk.com wss://app.jedidesk.com https://fonts.gstatic.com data: https://*.livechatinc.com 'self'; default-src 'self'; object-src 'none'; 1
block-all-mixed-content; frame-ancestors *.oculosmeninaflor.com.br 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https:; 1
frame-src 'self' *.doubleclick.net cl.avis-verifies.com vars.hotjar.com *.avis-verifies.com *.netreviews.com *.google.com *.crazyegg.com *.vimeo.com *.facebook.com *.easydmp.net *.air360tracker.net *.teads.tv ad4m.at *.adsteroid.fr *.adsteroid.com; img-src 'self' *.easydmp.net *.app.smart-tribune.com *.amazonaws.com *.google.fr *.google.com *.facebook.com *.google-analytics.com *.abtasty.com *.bing.com *.advcredirect.com *.w3.org *.doubleclick.net *.metaffiliation.com *.go2cloud.org *.tradedoubler.com *.optimalpeople.fr *.air360tracker.net *.teads.tv data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleadservices.com googletagmanager.com cdn.cookielaw.org google-analytics.com smart-tribune.com abtasty.com hotjar.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com bat.bing.com connect.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.smart-tribune.com *.abtasty.com *.hotjar.com *.unpkg.com *.doubleclick.net *.googleapis.com cdn.segment.com cl.avis-verifies.com *.gstatic.com *.crazyegg.com *.vimeo.com polyfill.io *.vimeocdn.com *.metaffiliation.com *.easydmp.net *.advcredirect.com ybl.primes-energie.leclerc *.lovvisisintheair.com *.tradedoubler.com *.optimalpeople.fr *.air360tracker.net *.teads.tv ad4m.at bbd-tag.de *.social-media-system.com apptracker.stream *.adsteroid.fr *.adsteroid.com https://assets.app.smart-tribune.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://static.smart-tribune.com https://unpkg.com https://www.google.com try.abtasty.com; style-src 'self' googleadservices.com googletagmanager.com cdn.cookielaw.org google-analytics.com smart-tribune.com abtasty.com hotjar.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com bat.bing.com connect.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.smart-tribune.com *.abtasty.com *.hotjar.com *.unpkg.com *.doubleclick.net *.googleapis.com cl.avis-verifies.com *.gstatic.com *.crazyegg.com *.vimeo.com *.easydmp.net *.air360tracker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' googleadservices.com googletagmanager.com cdn.cookielaw.org google-analytics.com smart-tribune.com abtasty.com hotjar.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com bat.bing.com connect.facebook.net *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.smart-tribune.com *.abtasty.com *.hotjar.com *.unpkg.com *.doubleclick.net *.googleapis.com cl.avis-verifies.com *.gstatic.com *.crazyegg.com *.vimeo.com *.air360tracker.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.primes-energie.leclerc/report-uri/enforce; block-all-mixed-content 1
default-src 'self'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: blob: https:; media-src 'self' data: blob: mediastream: https:; frame-ancestors 'self' *.conad.it *.nscdev.it *.nsctst.it *.nscpre.it *.nscbeta.it *.nscstg.it; frame-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' data: https: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com *.s3licensing.com *.ontario.ca *.google-analytics.com *.qualtrics.com *.doubleclick.net fast.fonts.net  fonts.gstatic.com *.googleapis.com  *.cloudflare.com *.postescanada-canadapost.ca *.bambora.com *.googletagmanager.com *.bootstrapcdn.com code.jquery.com *.vimeo.com *.datatables.net *.gov.on.ca *.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'report-sample'; img-src 'self' https://translate.google.com https://cdnjs.cloudflare.com *.gstatic *.postescanada-canadapost.ca *.datatables.net *.cloudflare.com *.gov.on.ca data:; report-uri https://5f89e2687de178664f37578b.endpoint.csper.io; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; connect-src 'self' *.senat.cz https://*.google-analytics.com https://cdn.cookielaw.org *.cdn77.org; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.gstatic.com; img-src 'self' data: https://www.googletagmanager.com https://www.facebook.com https://*.senat.cz *.bradmax.com; script-src 'self' 'unsafe-inline' ajax.googleapis.com https://connect.facebook.net https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://cdn.cookielaw.org https://*.senat.cz https://*.cloudfront.net; font-src 'self' data: https://*.gstatic.com; media-src 'self' blob: https://senat.cz https://*.senat.cz *.cdn77.org; child-src 'self' blob: https://walkinto.in https://*.facebook.com https://*.google.com https://senat.cz https://*.senat.cz http://*.senat.cz; frame-ancestors 'self' https://senat.cz https://www.senat.cz http://pes https://pes https://intranet 1
frame-ancestors 'self' https://*.imperva.com 1
base-uri 'self'; connect-src 'self' https://yoast.com/ https://*.clarity.ms https://c.bing.com *.lottiefiles.com/ https://lottie.host/ https://pagead2.googlesyndication.com/ *.hsforms.com *.hs-scripts.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net https://*.hotjar.com https://*.hotjar.io https://*.hotjar.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/; default-src 'self' https://*.brq.com https://www.brq.com https://*.clarity.ms https://c.bing.com; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com; frame-src 'self' https://td.doubleclick.net/ https://www.facebook.com https://bid.g.doubleclick.net https://*.hubspot.com https://*.hs-sites.com https://*.hubspot.net https://play.hubspotvideo.com https://*.hsforms.com https://optimize.google.com https://www.vimeo.com https://youtube.com https://www.youtube.com/ https://www.youtube-nocookie.com/; frame-ancestors 'self' https://*.brq.com https://www.brq.com https://brq.sharepoint.com/ https://www.youtube-nocookie.com/; img-src 'self' data: https://*.brq.com https://www.brq.com https://www.google.com.br https://*.clarity.ms https://c.bing.com https://px.ads.linkedin.com https://fonts.gstatic.com/ https://stats.g.doubleclick.net https://www.facebook.com https://googleads.g.doubleclick.net https://secure.gravatar.com https://ssl.gstatic.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com www.googletagmanager.com https://optimize.google.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com https://themenectar.com https://*.hotjar.com https://*.w.org/ https://*.linkedin.com https://cdn.cookielaw.org/; manifest-src 'self'; media-src 'self' https://*.imgur.com https://*.brq.com https://brq.com/ https://www.brq.com; object-src 'none'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.brq.com https://www.brq.com data: https://*.clarity.ms https://c.bing.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://analytics.google.com https://www.googletagmanager.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://optimize.google.com https://ajax.googleapis.com/ https://connect.facebook.net *.hsadspixel.net *.hs.analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com https://js.hs-analytics.net/ *.hubspot.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hubspotfeedback.com feedback.hubapi.com *.hs-scripts.com https://snap.licdn.com https://*.hotjar.com https://www.youtube.com https://www.vimeo.com https://cdn.cookielaw.org/; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com cdn2.hubspot.net https://www.googletagmanager.com/ https://optimize.google.com https://*.hotjar.com; child-src 'self' *.hsforms.com https://*.brq.com https://www.brq.com blob:; 1
default-src https: 'self' d3sjx7m1rsw5t2.cloudfront.net ringtwice.be ss42phpnet.phpnet.org *.hotjar.com *.hotjar.io *.mouseflow.com blob:; child-src 'self' player.vimeo.com www.youtube.com www.google.com www.google.be secure.ogone.com www.kbc.be www.cbc.be payment-web.sips-atos.com platform.twitter.com syndication.twitter.com *.facebook.com *.talkgadget.google.com *.stripe.com *.ing.be *.g.doubleclick.net dis.eu.criteo.com eu-west-1a.online.tableau.com s7.addthis.com cidoum-test.s3.amazonaws.com cidoum.s3.amazonaws.com app.marker.io *.hotjar.com *.hotjar.io *.mouseflow.com blob:; connect-src wss: 'self' ringtwice.be api.rollbar.com *.hotjar.com *.hotjar.io *.mouseflow.io wss://*.hotjar.com *.facebook.com *.stripe.com i0.wp.com agilecrm.s3.amazonaws.com www.google.com faqbot.co www.faqbot.co *.pusherapp.com api.mixpanel.com ekr.zdassets.com listminut.zendesk.com s7.addthis.com m.addthis.com d2sfjpbqzw9law.cloudfront.net bam.nr-data.net stats.g.doubleclick.net d3iq5y81xu272n.cloudfront.net popup.wisepops.com tracking.wisepops.com merchant.itsme.be *.googleanalytics.com *.google-analytics.com *.analytics.google.com *.usetiful.com geolocation-db.com *.marker.io api.iterable.com *.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com *.frizbiz.com; font-src 'self' ringtwice.be d3sjx7m1rsw5t2.cloudfront.net data: *.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com d3iq5y81xu272n.cloudfront.net d2sfjpbqzw9law.cloudfront.net *.marker.io *.hotjar.com *.mouseflow.com *.frizbiz.com wp.ring-twice.com; frame-ancestors 'self'; frame-src 'self' player.vimeo.com *.youtube.com *.stripe.com *.hotjar.com *.mouseflow.com *.survio.com *.typeform.com app.vwo.com *.visualwebsiteoptimizer.com; img-src 'self' data: ringtwice.be listminutv3-prod-assets.s3.amazonaws.com ringtwice-production-assets.s3.amazonaws.com d3sjx7m1rsw5t2.cloudfront.net d3iq5y81xu272n.cloudfront.net cidoum.s3.amazonaws.com cidoum-test.s3.amazonaws.com *.gstatic.com *.googleapis.com www.google.com pci.usd.de code.jquery.com *.facebook.com scontent.xx.fbcdn.net my.clickdesk.com s3.amazonaws.com d1gwclp1pmzk26.cloudfront.net d25wh3ilibgxb0.cloudfront.net contactuswidget.appspot.com stats.g.doubleclick.net www.google.be *.stripe.com pbs.twimg.com *.chiens-chats.be *.toutoublog.com *.gralon.net *.seniorsavotreservice.com *.ldh.be ss42phpnet.phpnet.org s3-eu-west-1.amazonaws.com faqbot.co www.faqbot.co listminut.zendesk.com p3.zdusercontent.com *.fbsbx.com www.fsu.ca d3ky769kx2oo8y.cloudfront.net i0.wp.com d2sfjpbqzw9law.cloudfront.net cdnjs.cloudflare.com picsum.photos *.picsum.photos cdn.wisepops.com tracking.wisepops.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.marker.io *.hotjar.com *.hotjar.io *.mouseflow.com d15k2d11r6t6rl.cloudfront.net *.visualwebsiteoptimizer.com wingify-assets.s3.amazonaws.com app.vwo.com imagedelivery.net; media-src https: 'self' d3sjx7m1rsw5t2.cloudfront.net *.marker.io ringtwice.be; script-src 'self' 'unsafe-inline' 'unsafe-eval' ringtwice.be d3sjx7m1rsw5t2.cloudfront.net cdnjs.cloudflare.com cdn.jsdelivr.net ajax.cloudflare.com code.jquery.com code.highcharts.com js-agent.newrelic.com bam.nr-data.net connect.facebook.net my.clickdesk.com d1gwclp1pmzk26.cloudfront.net d3dy5gmtp8yhk7.cloudfront.net clickdeskvisitors.appspot.com www.googleadservices.com googleads.g.doubleclick.net www.google.com *.googleapis.com *.hotjar.com *.mouseflow.com *.stripe.com platform.twitter.com graph.facebook.com talkgadget.google.com d37gvrvc0wt4s1.cloudfront.net www.google.be faqbot.co www.faqbot.co static.criteo.net widget.criteo.com dis.eu.criteo.com sslwidget.criteo.com www.googletagmanager.com eu-west-1a.online.tableau.com cdn4.mxpnl.com tagmanager.google.com static.zdassets.com s7.addthis.com z.moatads.com v1.addthisedge.com m.addthis.com d3iq5y81xu272n.cloudfront.net d2sfjpbqzw9law.cloudfront.net www.youtube.com cdn.wisepops.com loader.wisepops.com merchant.itsme.be *.googleanalytics.com *.google-analytics.com *.analytics.google.com *.usetiful.com *.marker.io *.rollbar.com *.typeform.com *.visualwebsiteoptimizer.com app.vwo.com *.frizbiz.com c0.wp.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' code.jquery.com cdnjs.cloudflare.com ringtwice.be d3iq5y81xu272n.cloudfront.net d3sjx7m1rsw5t2.cloudfront.net d1gwclp1pmzk26.cloudfront.net d2sfjpbqzw9law.cloudfront.net *.stripe.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com *.googletagmanager.com tagmanager.google.com *.usetiful.com *.hotjar.com *.rollbar.com *.typeform.com *.mouseflow.com *.visualwebsiteoptimizer.com app.vwo.com *.frizbiz.com s3.amazonaws.com 1
default-src 'self'; object-src * ; font-src * data:;img-src * data: blob:; script-src * 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; connect-src *; media-src * blob: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-hA3d44ujdnf3rq+E/sZxHC7nGPBvrhTrfn/Qi4jFQNxVQWeU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https: 'unsafe-inline'; img-src data: https: 'self'; frame-ancestors none 1
default-src https://*.infinbank.com:* https://*.recaptcha.net https://*.googleapis.com https://core-renderer-tiles.maps.yandex.net https://yastatic.net https://*.yandex.ru https://*.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://googleadservices.com https://*.google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.ggpht.com https://stats.g.doubleclick.net https://*.jivosite.com wss://*.jivosite.com; style-src 'unsafe-inline' 'self' * data: blob: https://*.infinbank.com:* https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.infinbank.com:* https://cdn.jsdelivr.net https://*.recaptcha.net https://core-renderer-tiles.maps.yandex.net https://yastatic.net https://*.yandex.ru https://cdnjs.cloudflare.com https://unpkg.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com/ https://*.google-analytics.com https://googleadservices.com https://*.google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://*.ggpht.com https://*.jivosite.com; img-src 'unsafe-inline' 'self' * data: blob: https://*.infinbank.com:* https://*.googleapis.com https://*.googletagmanager.com https://*.recaptcha.net https://*.gstatic.com https://*.ggpht.com; media-src https://*.infinbank.com:* https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.jivosite.com; font-src 'unsafe-inline' 'self' * data: blob: https://*.infinbank.com:* https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com; frame-src https://*.infinbank.com:* https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.jivosite.com https://*.recaptcha.net; manifest-src 'self' https://*.infinbank.com:*; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' easy.sentinelgroup.com *.surveymonkey.com *.googletagmanager.com *.knowledgeowl.com *.wistia.com *.bugherd.com *.jquery.com *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://marketing.sentinelgroup.com/cdnr/forpci28/acton/bn/tracker/3471 https://js.zi-scripts.com/zi-tag.js; style-src 'self' 'unsafe-inline' *.knowledgeowl.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src * data:; img-src * data:; media-src 'self' data: blob: *.wistia.com; frame-ancestors admin.sentinelgroup.com sentinelgroup.com; child-src 'self' *.knowledgeowl.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ *.surveymonkey.com *.bugherd.com *.google.com *.wistia.com *.wistia.net staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.cloudfront.net https://fsastore-app.dev.cloud.sentinelgroup.com/; connect-src 'self' accounts.google.com *.google-analytics.com *.litix.io *.wistia.com *.bugsnag.com *.pusher.com ws-mt1.pusher.com *.bugherd.com https://js.zi-scripts.com/unified/v1/master/getSubscriptions https://ws.zoominfo.com; 1
script-src 'nonce-pOS8rXmeJfCCsFk2q0oMh1bvqOIKOTRqP22iACqsbtoUwgohRgLukZnAuV7XEGXz' 'strict-dynamic' https: 'self' 'unsafe-eval'; object-src 'none'; base-uri 'self'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: wss: blob: 1
base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; connect-src 'self' https://api.wpa.org.uk https://apikeys.civiccomputing.com https://clapi.civiccomputing.com www.google-analytics.com https://dc.services.visualstudio.com/v2/track https://region1.google-analytics.com webchat.botframework.com/api/tokens directline.botframework.com wss://directline.botframework.com maps.googleapis.com https://mcs.us1.twilio.com https://talkdeskchatsdk.talkdeskapp.com https://api.talkdeskapp.eu wss://tsock.us1.twilio.com/v3/wsconnect; img-src 'self' data: blob: https://www.google-analytics.com https://talkdeskchatsdk.talkdeskapp.com https://api.talkdeskapp.eu https://qa-cdn-talkdesk.talkdeskdev.com www.google.com stats.g.doubleclick.net seal.websecurity.norton.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com https://i.vimeocdn.com/ https://khms1.googleapis.com/ https://khms0.googleapis.com/ https://lh3.ggpht.com/ https://streetviewpixels-pa.googleapis.com/ https://cdn.jsdelivr.net https://media.us1.twilio.com; media-src 'self'; object-src 'self'; child-src 'self' secure.encoded.co.uk www.youtube.com player.vimeo.com https://talkdeskchatsdk.talkdeskapp.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com https://talkdeskchatsdk.talkdeskapp.com; frame-ancestors 'none'; upgrade-insecure-requests ; script-src 'sha256-qnSgRMQPvUsQPqtZ2Ki7GRfbH3O5mN/RM197rQ1NQ+c=' 'self' 'self' 'nonce-live-chat-starter-commercial' 'nonce-live-chat-starter-retail' 'nonce-live-chat-starter-hp' 'sha256-9vpql/NLyCCe3HPEb2b/lcLKPbkRi48w2Lfn0AbTxsQ=' cc.cdn.civiccomputing.com www.googletagmanager.com www.google-analytics.com js.monitor.azure.com/scripts/b/ai.3.gbl.min.js talkdeskchatsdk.talkdeskapp.com use.typekit.net cdn.botframework.com/botframework-webchat/latest/webchat.js maps.googleapis.com 1
frame-ancestors 'self' https://tickets.fmf.md;  1
frame-ancestors 'self' *.v12finance.com 1
worker-src 'self' blob; 1
default-src 'self'; img-src 'self' https://www.gstatic.com https://www.google.com https://translate.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.facebook.com https://www.google.com.tw https://i.ytimg.com; script-src 'self' 'unsafe-inline' https://ajax.cloudflare.com https://static.cloudflareinsights.com http://source.as-creative.com.tw https://www.facebook.com https://www.googletagmanager.com https://connect.facebook.net http://translate.google.com https://*.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://www.gstatic.com http://source.as-creative.com.tw https://fonts.googleapis.com https://translate.googleapis.com; frame-src https://goo.gl https://www.youtube.com https://www.google.com https://www.facebook.com https://bid.g.doubleclick.net https://www.google.com.tw; font-src https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://analytics.google.com https://socialplugin.facebook.net https://stats.g.doubleclick.net https://translate.googleapis.com https://www.facebook.com; frame-ancestors 'self' https://www.facebook.com https://www.google.com; 1
default-src 'self' ; style-src 'self' 'unsafe-inline' translate.googleapis.com hello.myfonts.net www.google.com api.tiles.mapbox.com; img-src 'self' um.simpli.fi translate.googleapis.com translate.google.com t.co peoples-gas.com www.peoples-gas.com *.adsymptotic.com t.co www.google-analytics.com px.ads.linkedin.com px4.ads.linkedin.com www.linkedin.com bat.bing.com www.facebook.com www.googletagmanager.com connect.facebook.net i.ytimg.com insight.adsrvr.org analytics.twitter.com googleads.g.doubleclick.net www.google.com www.googleapis.com clients1.google.com *.gstatic.com speedpay.walletron.com cse.google.com data: blob:; form-action 'self' www.facebook.com; frame-ancestors 'none'; frame-src 'self' tpc.googlesyndication.com www.youtube.com *.adsrvr.org www.google.com www.facebook.com cse.google.com peoplesgas.maps.arcgis.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' i.simpli.fi ranslate.googleapis.com translate.google.com js.adsrvr.org analytics.twitter.com tpc.googlesyndication.com www.youtube.com www.googletagmanager.com www.google-analytics.com snap.licdn.com js.adsrvr.org connect.facebook.net static.ads-twitter.com bat.bing.com script.crazyegg.com analytics.twitter.com www.google.com www.gstatic.com cdn.jsdelivr.net www.googleadservices.com platform.twitter.com cse.google.com adservice.google.com api.tiles.mapbox.com tag.simpli.fi code.jquery.com; connect-src 'self' translate.googleapis.com www.google-analytics.com stats.g.doubleclick.net www.facebook.com script.crazyegg.com bat.bing.com www.googletagmanager.com www.google.com *.mapbox.com adservice.google.com cdn.linkedin.oribi.io px.ads.linkedin.com; worker-src blob:; report-uri https://reporting-dev.breilabs.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://rsvo.ru; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://informer.yandex.ru; script-src-elem 'self' 'unsafe-inline' https://mc.yandex.ru https://top-fwz1.mail.ru/; connect-src 'self' https://mc.yandex.ru https://top-fwz1.mail.ru/; frame-src 'self' https://yandex.ru;  1
default-src * 'self' ; script-src tagmanager.google.com googletagmanager.com fonts.googleapis.com https://www.googletagmanager.com connect.facebook.net www.googleadservices.com www.google.com www.gstatic.com www.google-analytics.com maps.googleapis.com googleads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' *; img-src * 'self' data:; frame-ancestors 'self'; 1
font-src data: https://*.gstatic.com https://*.zopim.com https://use.fontawesome.com/releases/v5.8.2/webfonts/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com http://saml.staging2.esser-emmerik.nl *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net https://*.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com www.xtento.com https://www.googletagmanager.com/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://dev.visualwebsiteoptimizer.com https://app.vwo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data:  www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://www.magezon.com https://static.buckaroo.nl https://*.gstatic.com https://www.magezon.com/productfile/ https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com/assets/svg/ www.magecomp.com/media/ www.xtento.com static.mailplus.nl www.schoolspot.nl v2.zopim.com webstats.surf.nl www.google.nl *.doubleclick.net https://optimize.google.com https://static.zdassets.com https://amcglobal.sc.omtrdc.net https://surfspot.zendesk.com/embeddable/avatars/ cdn.xtento.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://surfspot.zendesk.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://*.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://static.buckaroo.nl https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://buckaroo.nl https://checkout.buckaroo.nl/api/buckaroosdk/script https://*.mailplus.nl https://static.zdassets.com https://surfnl.containers.piwik.pro https://api.smooch.io/faye www.xtento.com cdn.xtento.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ s7.addthis.com *.google.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://js-agent.newrelic.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://*.googleapis.com https://*.google.com https://*.gstatic.com https://use.fontawesome.com/releases/v5.8.2/css/ https://*.mailplus.nl https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com/ https://surfnl.containers.piwik.pro/container-debugger/icons.css https://surfnl.containers.piwik.pro/container-debugger/animate.min.css https://surfnl.containers.piwik.pro/container-debugger/styles.css unsafe-inline assets.braintreegateway.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://static.buckaroo.nl wss://websockets.buckaroo.io/ https://checkout.buckaroo.nl https://testcheckout.buckaroo.nl https://dpm.demdex.net/ ekr.zdassets.com/ https://surfnl.piwik.pro https://surfnl.containers.piwik.pro https://surfspot.zendesk.com wss://api.smooch.io/faye http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://dev.visualwebsiteoptimizer.com https://app.vwo.com https://bam.eu01.nr-data.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.service.vic.gov.au service.vic.gov.au 1
upgrade-insecure-requests;                     style-src 'self' 'unsafe-inline' *.lytics.io feed.pghub.io pandg.tapad.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *.facebook.net *.segment.com pghub.io *.lytics.io *.doubleclick.net feed.pghub.io pandg.tapad.com;                     manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com;                     media-src 'self' *.ctfassets.net feed.pghub.io pandg.tapad.com;                     font-src 'self' feed.pghub.io pandg.tapad.com;                     frame-ancestors 'none' feed.pghub.io pandg.tapad.com;                     frame-src 'self' *.pghub.io *.doubleclick.net consumersupport.pg.com pandg.tapad.com;                     img-src 'self' data: *.ctfassets.net *.tapad.com *.lytics.io www.googletagmanager.com www.google.com www.google.cz feed.pghub.io www.facebook.com;                     connect-src 'self' *.adsrvr.org *.segment.com *.segment.io *.doubleclick.net *.bazaarvoice.com *.googlesyndication.com *.analytics.google.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com;                     default-src 'none' feed.pghub.io pandg.tapad.com; 1
default-src 'self' https://*.korkortonline.se https://*.readspeaker.com; script-src 'self' 'unsafe-eval' https://*.google.com https://*.gstatic.com https://*.korkortonline.se https://*.readspeaker.com https://*.vimeo.com https://*.googleadservices.com https://*.googlesyndication.com; style-src 'self' https://*.korkortonline.se 'unsafe-inline' https://*.readspeaker.com; img-src 'self' data: https://*.korkortonline.se https://*.readspeaker.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://*.google.se; media-src 'self' https://*.korkortonline.se https://*.vimeo.com https://*.vimeocdn.com/ https://*.akamaized.net/; frame-ancestors 'self'; frame-src 'self' https://*.vimeo.com https://*.google.com https://*.korkortonline.se; font-src 'self' data: https://*.readspeaker.com; object-src https://*.korkortonline.se; form-action 'self' https://*.payex.com https://*.readspeaker.com; block-all-mixed-content 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval' 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';worker-src 'self' blob: 1
frame-ancestors thich.phim69sex.com web.sexmoihdfull.com phim.sextructuyen.pro sex3xtop1.com phimsexfull.pro phim69sex.pro xemsex69.com sex69ngon.net sex69hihi.net sex69hdep.pro sex8xhay.com sextop13x.pro phimsexpro.pro phimhaynung.pro sexditpro.pro sexmoimup.com phim3xhd.net sexhdngon.com sexvuxinh.pro sexhangngon.pro sexnungpro.pro phimhayxxx.pro phimhdxxx.pro sex3xhdhay.pro xnxxvietnam.vip sex2000.pro xemvumup.pro phimtop1sex.pro sexxxinh.pro sexheomup.pro sexsot1.pro sexmatxa.pro sexsung.net sexdaythi.com sexchonloc.vip phim18sex.com thichsex.me olaphim.vip sex6sao.pro sex9xmup.pro 3xphimsexx.pro top.phim69sex.com dit.sexmoihdfull.com xem.xnxxphimsex.net xem.sextructuyen.pro phimtop1sex.pro dit.phimsexgaidam.com web.phimsexgaidam.com ditnhau69.com phimditnhau.dev sexjavfast.pro sexfreejavhd.pro sexjavpornhd.pro hpjavtv.com sexhay3x.cc sexprovip.pro phimsex69hay.pro vlxxmoi.com sex3xtv.com sexdithay.com phimsextop10.com vlxxcom.org sexnhat69.cc sexnhanh69.cc vlxxsbs.pro phimsextop1.net phimsex3x.org phimditnhauhay.pro phimsexnhanhvl.net phimsexvietnamhd.pro sexvietnhanh.pro sexvietvn.pro phimsexlauxanh.cc phimsexvungtrom.net phimsexthiendia.org xem.phim69sex.com top.sexmoihdfull.com phim.xemsexhdhay.com sex.xemlonmup.com xem.phimtop1sex.com xem.sexnung.vip sexnunghd.pro xem.sexmoihdfull.com sexgai18.com phimxvip.com phimsexhayhd.vip sex7x.pro sex3xhay.net sexvudep.pro top.phimsexgaidam.com phim.xemlonmup.com sexnungbim.com phimhayghe.pro sexnunghd.com phim.sexmoihdfull.com sexgai18.pro phim18sex.pro thichsex.vip sexxyz.pro sexprovip.com phimsex69hay.com xemsexhdhay.com sextructuyen.pro sexheoxinh.com phimheosex.pro xnxxvietnam.pro olaphim.pro sex5sao.org javgaidep.pro phimsex5sao.com sexhdxnxx.pro sexeva.pro phimsexso1.pro sexmassage.pro sexsuong.com sexdaythi.pro phimsextinhcam.pro sexchonloc.pro sextube3x.com xem.3xphimsex.pro sexhayhd.pro phimsexcap3.pro sexngan.pro sexhdjav.pro phimsetnhat.pro sexhdnhat.pro phimhdsex.pro phimhaysex.pro sexbaophe.pro vlxxnhanh.pro xnxxnhat.pro phimvlxz.pro haysexngon.pro haysexhihi.pro sexhdnhanh.pro sexhdnhat.com javhdxinh.pro phimxvideos.pro sex2023.pro sexchichnhau.pro vlxxyz.pro phimxvip.pro phimsexhayhd.org khophimhay.biz phim69x.pro sex69hihi.pro sextop10.vip phimjavhd.cc sex69ngon.pro sexnung.cc sex7.vip sex3xditnhau.pro phimsextop.biz sextop3x.pro sex3xhay.com sexvuto.cc freejavhd.pro javstreaming.pro sexhdtv.pro so1sex.net javhd-porn.net xemsextv.pro javhd-stream.com xnxxphimsex.net xemsexhay.xyz javhdtoday.pro sex3xtv.pro sex69tv.pro nghiensexhay.pro phim69sex.com bestjavporn.club phimsexthiendia.pro xemhdsex.pro hayxemsex.pro sexnhanhvl.pro sexnhanh69.com 1
default-src 'self'; connect-src 'self' *.siteimprove.com https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ https://www.google-analytics.com https://search.service.vportal.ee/v1/search/rmit https://search.service.vportal.ee/v1/globalsearch/total https://form.service.vportal.ee/v1/ https://search.service.vportal.ee/v1/events/rmit https://inaadress.maaamet.ee; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://*.rocket.chat https://www.google.com https://www.youtube.com https://*.vimeo.com https://*.siteimprove.com https://xgis.maaamet.ee; img-src 'self' data: https://www.google-analytics.com *.openstreetmap.org https://i.ytimg.com https://pbs.twimg.com *.fbcdn.net *.cdninstagram.com https://inaadress.maaamet.ee https://unpkg.com *.maaamet.ee *.cloudflare.com; script-src 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js blob: https://browser-update.org https://ajax.cloudflare.com https://static.cloudflareinsights.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.rocket.chat https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://cdn.siteimprove.net/cms/overlay.js https://browser-update.org https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com https://static.addtoany.com/menu/page.js cdn.jsdelivr.net cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://inaadress.maaamet.ee https://unpkg.com unpkg.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://*.cloudflareinsights.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com cdnjs.cloudflare.com https://api.mapbox.com https://cdn.jsdelivr.net https://unpkg.com unpkg.com https://inaadress.maaamet.ee; frame-ancestors none; upgrade-insecure-requests 1
frame-ancestors  https://*.yandex.ru https://*.yandex.com https://*.yandex.com.tr https://*.yandex.uz https://*.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=iframe-yang.yandex&project=tasks; 1
frame-ancestors 'self' https://*.epsens.com https://essentiel.local; report-uri /report-csp-violation 1
frame-ancestors 'self' *.authorize.net 1
frame-ancestors 'self' https://prd-04176-iknl-admin.azurewebsites.net 1
frame-ancestors 'self' https://sto.e-spirit.hosting; report-uri /_/commcsp?disposition=enforce 1
default-src https://*.consolewars.de *.youtube.com *.twitter.com *.twitch.tv; style-src 'unsafe-inline' https://*.consolewars.de; script-src 'unsafe-inline' https://*.consolewars.de *.twitter.com *.twitch.tv 1
object-src 'none'; media-src https: data: mediastream: blob: filesystem:; img-src https: data: mediastream: blob: filesystem: 1
frame-ancestors *.prohosting24.de 1
frame-ancestors 'self' https://reportgateway.saas.mrisoftware.com; 1
default-src 'self' https://sso.trinetcloud.com https://assets.trinetexpense.com/ *.googleapis.com *.jquery.com *.google-analytics.com *.aspnetcdn.com *.intuit.com *.en25.com *.gstatic.com *.pingdom.net *.google.com *.finicity.com *.dwolla.com *.zdassets.com *.trinetcloud-ops.com *.cloudflare.com *.recurly.com *.zendesk.com *.hrpassport.com *.intacct.com *.eloqua.com https://s383.t.eloqua.com *.amazonaws.com *.trinetexpense-ops.com *.trinetexpense.com *.appspot.com *.trinet.com *.googletagmanager.com *.appdynamics.com *.eum-appdynamics.com *.lr-in.com googletagmanager.com *.appdynamics.com *.lr-in.com *.pendo.io *.dwolla.com; style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;   script-src 'self'    'unsafe-eval'  'unsafe-inline' https://sso.trinetcloud.com https://assets.trinetexpense.com/ *.googleapis.com *.jquery.com *.google-analytics.com *.aspnetcdn.com *.intuit.com *.en25.com *.gstatic.com *.pingdom.net *.google.com *.finicity.com *.dwolla.com *.zdassets.com *.trinetcloud-ops.com *.cloudflare.com *.recurly.com *.zendesk.com *.hrpassport.com *.intacct.com *.eloqua.com https://s383.t.eloqua.com *.amazonaws.com *.trinetexpense-ops.com *.trinetexpense.com *.appspot.com *.trinet.com *.googletagmanager.com *.appdynamics.com *.eum-appdynamics.com *.lr-in.com googletagmanager.com *.appdynamics.com *.lr-in.com *.pendo.io *.dwolla.com; worker-src https://* data: blob:; connect-src https://* data:;; object-src none; 1
default-src 'self' *.participantportal.com *.viabenefitsaccounts.com https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com; form-action 'self' https://willistowerswatson.co1.qualtrics.com *.b2clogin.com/ *.participantportal.com *.viabenefitsaccounts.com *.payerexpress.com https://www.payerexpress.com *.payerexpress.net https://www.payerexpress.net; frame-ancestors *.participantportal.com/ *.viabenefitsaccounts.com/ https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com; frame-src 'self' data: *.participantportal.com/ *.viabenefitsaccounts.com/ https://viabenefitsaccounts.com https://www.viabenefitsaccounts.com willistowerswatson.co1.qualtrics.com/ *.fullstory.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/* https://use.fontawesome.com; script-src 'self' 'unsafe-eval'  https://willistowerswatson.co1.qualtrics.com *.siteintercept.qualtrics.com https://siteintercept.qualtrics.com http://siteintercept.qualtrics.com *.fullstory.com 'unsafe-inline'; script-src-elem 'self' https://willistowerswatson.co1.qualtrics.com https://cdn.walkme.com/* https://*.siteintercept.qualtrics.com http://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com http://siteintercept.qualtrics.com *.fullstory.com 'unsafe-inline'; img-src 'self' data: https: ; font-src 'self' fonts.gstatic.com; connect-src 'self' *.qualtrics.com *.fullstory.com *.acclariscorp.com *.participantportal.com *.viabenefitsaccounts.com https://www.viabenefitsaccounts.com https://viabenefitsaccounts.com https://my.viabenefits.com; object-src 'self' data: ; child-src 'self'; worker-src 'self'; base-uri 'self'; report-uri /benefits/servlets/CSPLogServlet; report-to /benefits/servlets/CSPLogServlet; 1
frame-ancestors https://www.symplicity.com/ 1
base-uri 'self'; default-src https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; img-src http: https: data:; object-src 'none'; worker-src blob:; font-src https: data:; media-src https: blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google-analytics.com https://*.mktoutil.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://*.criteo.com https://public.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com https://sc54374195us1.cobrowse.oraclecloud.com/launcher.js https://bat.bing.com https://www.youtube.com https://www.clarity.ms https://cdnjs.cloudflare.com https://webto.salesforce.com https://tracker.adreadyclick.com https://code.jquery.com https://kit.fontawesome.com https://survey.alchemer.com https://www.surveygizmo.com https://tr.snapchat.com https://tr-shadow.snapchat.com https://*.go-mpulse.net https://*.rfihub.net https://cdn.boomtrain.com https://secure.adnxs.com https://acdn.adnxs.com https://*.kaltura.com https://live.rezync.com https://www.googleadservices.com https://*.hotjar.com https://analytics.tiktok.com https://bs.serving-sys.com https://secure-ds.serving-sys.com  https://sc-static.net https://snap.licdn.com https://*.optimix.cn https://munchkin.marketo.net https://cdn.resonate.com https://libjs.s4mdsp.com https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://www.google-analytics.com https://ssl.google-analytics.com https://connect.facebook.net https://google.com https://googleads.g.doubleclick.net https://js.hs-scripts.com https://www.googletagmanager.com https://*.ets.org https://assets.adobedtm.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://888-oul-143.mktoweb.com; style-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://www.surveygizmo.com https://fonts.googleapis.com https://*.ets.org https://maxcdn.bootstrapcdn.com https://assets.adobedtm.com https://ka-f.fontawesome.com https://888-oul-143.mktoweb.com; font-src 'self' data: https://*.google-analytics.com https://*.mktoutil.com https://ka-p.fontawesome.com https://google.com https://googleads.g.doubleclick.net https://www.surveygizmo.com https://*.kaltura.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://ka-f.fontawesome.com https://*.kaltura.com; connect-src 'self' https://*.google-analytics.com https://*.mktoutil.com https://ib.adnxs.com https://google.com https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://vc.hotjar.io https://tr.snapchat.com https://kit.fontawesome.com https://webto.salesforce.com https://www.livelook.com/cobrowse/auth https://www.livelook.com https://*.clarity.ms/ https://ka-p.fontawesome.com https://pixelconnector.adready.com https://*.kaltura.com https://*.akamaihd.net https://*.rfihub.net https://*.akstat.io https://*.go-mpulse.net https://*.hotjar.com https://people.api.boomtrain.com https://events.api.boomtrain.com https://www.facebook.com https://analytics.tiktok.com https://lm.serving-sys.com https://secure-ds.serving-sys.com https://tr-shadow.snapchat.com https://cdn.linkedin.oribi.io https://analytics.google.com https://stats.g.doubleclick.net https://709-zco-379.mktoresp.com https://www.google-analytics.com https://ssl.google-analytics.com https://ds.reson8.com https://forms.hscollectedforms.net https://*.ets.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://ka-f.fontawesome.com https://cdn.cookielaw.org wss://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com wss://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; frame-src 'self' https://*.google-analytics.com https://*.mktoutil.com https://google.com https://googleads.g.doubleclick.net https://bid.g.doubleclick.net https://www.livelook.com/ https://td.doubleclick.net/ https://static.criteo.net https://*.criteo.com https://www.googletagmanager.com https://public.cobrowse.oraclecloud.com https://s.amazon-adsystem.com https://*.kaltura.com https://*.fls.doubleclick.net https://*.rfihub.com https://www.facebook.com https://*.snapchat.com https://e03.optimix.cn https://www.google-analytics.com https://ssl.google-analytics.com https://888-oul-143.mktoweb.com https://www.youtube.com https://*.ets.org https://oda-e40b50f987234cd9917401d2041ee2c6-da2.data.digitalassistant.oci.oraclecloud.com https://oda-7d45bc8b07464a85817b482742d79302-da2.data.digitalassistant.oci.oraclecloud.com https://oda-b5675d826e074d05b3305135c81c2162-da2.data.digitalassistant.oci.oraclecloud.com; media-src 'self' blob: data: https://*.ets.org https://*.kaltura.com https://public.cobrowse.oraclecloud.com https://google.com https://googleads.g.doubleclick.net ; img-src 'self' data: https: https://www.surveygizmo.com https://i.ytimg.com https://www.google-analytics.com https://ssl.google-analytics.com https://aax-eu.amazon-adsystem.com https://bx01.optimix.cn https://cm.g.doubleclick.net https://e03.optimix.cn https://forms.hsforms.com https://track.hubspot.com https://google.com https://googleads.g.doubleclick.net https://www.facebook.com https://px.ads.linkedin.com https://cfvod.kaltura.com https://maps.gstatic.com https://cdn.cookielaw.org https://objectstorage.us-ashburn-1.oraclecloud.com https://*.akstat.io; worker-src blob: https:; 1
frame-ancestors 'self' http://toolstestdrive.esource.com; 1
frame-ancestors 'self' https://*.stayglam.com https://stayglam.com; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.scottishbooktrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com www.youtube.com *.stripe.com *.facebook.net *.soundcloud.com *.google-analytics.com *.cloudfront.net cdn-cookieyes.com *.pingdom.net *.googletagmanager.com *.addsearch.com *.typekit.net *.recaptcha.net www.google.com *.gstatic.com; style-src fonts.googleapis.com *.cloudfront.net 'self' data: 'unsafe-inline'; style-src-elem cdn-images.mailchimp.com *.googleapis.com *.cloudfront.net 'self' data: 'unsafe-inline'; style-src-attr 'self' data: 'unsafe-inline'; img-src * 'self' blob: data: www.scottishbooktrust.com; font-src 'self' *.gstatic.com *.typekit.net; connect-src 'self' *.facebook.com *.googleapis.com *.addsearch.com *.doubleclick.net cdn.plyr.io wss://in.visitors.live wss://visitors.live *.cloudfront.net *.google-analytics.com *.google.com *.pingdom.net *.cookieyes.com cdn-cookieyes.com *.luckyorange.com *.luckyorange.net; media-src *; object-src 'self' blob; frame-src *.facebook.com sbt-website-video.s3.eu-west-1.amazonaws.com *.flockler.com s3.amazonaws.com s3.amazon.com www.google.com *.youtube.com *.twitter.com *.vimeo.com *.soundcloud.com *.recaptcha.net *.stripe.com www.bbc.co.uk bandcamp.com viewer.drawpoint.io; form-action *.facebook.com scottishbooktrust.us7.list-manage.com 'self'; worker-src 'self' blob: *.scottishbooktrust.com wss://in.visitors.live wss://visitors.live visitors.live *.visitors.live; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' data: blob: *.ftitechnology.com *.wistia.com *.wistia.net *.litix.io embedwistia-a.akamaihd.net *.g.doubleclick.net *.adsymptotic.com *.en25.com *.linkedin.com *.licdn.com *.eloqua.com *.gstatic.com *.google.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.wistia.com *.wistia.net *.en25.com *.linkedin.oribi.io; script-src 'unsafe-inline' 'self'  'sha256-lFClqbG/gSLQRMoof51MvnJ+iHerFSNoUtdBjEyxi4s='  'sha256-BWp4/yZ9/T5EqDjms6uLLHImfzp8FMRpG4T27/8bRYs='  'sha256-Vk11Ik+H6R3D/yW2fRdzWs1PlgOY3nIjUhKssVcuEkY='  'sha256-CfjqJi/kKkZGWcWNU1lP28K0gcJKk8InHnL2/jk+jU8='  'sha256-9Y24fS21uKXVFT3pW9U86pxeaI5gf3xT2QnFDNraogI='  'sha256-wnciApvSyWV9topJIEq/HEIOCxRhLlpCHXTeSEBEBfs='  *.googletagmanager.com *.google-analytics.com *.wistia.com *.wistia.net *.en25.com *.googleadservices.com *.ftitechnology.com *.linkedin.oribi.io googleads.g.doubleclick.net *.licdn.com *.ipinfo.io ipinfo.io; style-src 'self' *.gstatic.com *.google.com *.googletagmanager.com *.googleapis.com *.wistia.net 'unsafe-inline';   report-uri /report-csp-violation; upgrade-insecure-requests; object-src 'none'; 1
frame-ancestors https://*.fw1.biz https://*.freewebstore.org https://*.freewebstore.com https://*.ridge.pro http://127.0.0.1:55779 http://localhost:55779; 1
default-src https: ws: wss: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://nuevopudahuel.cl/ https://s3-sa-east-1.amazonaws.com/ https://api.nuevopudahuel.cl/;                font-src 'self' https://nuevopudahuel.cl/ https://api.nuevopudahuel.cl/ https://v2.zopim.com/ data: https://maxcdn.bootstrapcdn.com/;                img-src 'self' data: https://nuevopudahuel.cl/ https://api.nuevopudahuel.cl/ https://v2assets.zopim.io/ https://v2.zopim.com/ https://www.google-analytics.com/ https://i.ytimg.com/ https://cdn.ckeditor.com/ https://abs.twimg.com/ https://pbs.twimg.com/ https://platform.twitter.com https://ton.twimg.com/ https://syndication.twitter.com/ https://www.facebook.com/ https://www.google.cl/ https://webchat-pudahuel.vercel.app/ https://www.googletagmanager.com/;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://nuevopudahuel.cl/ https://api.nuevopudahuel.cl/ https://www.google-analytics.com/ https://v2.zopim.com/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.ckeditor.com/ https://platform.instagram.com/ https://connect.facebook.net/ https://platform.twitter.com/ https://www.instagram.com/ https://cdn.syndication.twimg.com/ https://embedsocial.com/ https://www.googletagmanager.com/ https://*.hotjar.com/ https://*.youtube.com/ https://webchat-pudahuel.vercel.app/;                style-src-elem 'self' 'unsafe-inline' https://nuevopudahuel.cl/ https://api.nuevopudahuel.cl/ https://gc.kis.v2.scr.kaspersky-labs.com/ https://cdn.ckeditor.com/ https://platform.twitter.com/ https://ton.twimg.com/ https://embedsocial.com/ https://www.googletagmanager.com/ https://fonst.googleapis.com/ https://webchat-pudahuel.vercel.app/;                connect-src 'self' https://nuevopudahuel.cl/ https://api.nuevopudahuel.cl/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/i https://ekr.zdassets.com/ wss://widget-mediator.zopim.com/ https://stats.g.doubleclick.net/ https://*.hotjar.com/ https://*.hotjar.io/ https://analytics.google.com/ https://api.elipsechat.com/ https://nuevopudahuel.elipse-citas.com https://api.elipsechat.com/ wss://api.elipsechat.com/ wss://*.hotjar.com/;		frame-src 'self' https://www.google.com/ https://www.youtube.com/ https://platform.twitter.com/ https://www.instagram.com/ https://www.facebook.com/ https://open.spotify.com/ https://embedsocial.com/;		media-src 'self' https://webchat-pudahuel.vercel.app/;                style-src 'self' 'unsafe-inline' https://nuevopudahuel.cl/ https://api.nuevopudahuel.cl/ https://webchat-pudahuel.vercel.app/; 1
upgrade-insecure-requests; frame-ancestors 'self' *.europassitalian.com *.teacheracademy.eu; frame-src *.europassitalian.com *.teacheracademy.eu *.livechatinc.com *.google.com https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com 1
default-src 'self' 'unsafe-inline' gestionandote.com www.gestionandote.com software.gestionandote.com francecentral-1.in.applicationinsights.azure.com www.google.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google.com www.gstatic.com *.google-analytics.com ajax.googleapis.com font.googleapis.com gestionandote.com www.gestionandote.com software.gestionandote.com js.monitor.azure.com francecentral-1.in.applicationinsights.azure.com//v2/track; style-src 'self' 'unsafe-inline' gestionandote.com www.gestionandote.com software.gestionandote.com fonts.googleapis.com ajax.googleapis.com; font-src 'self' fonts.gstatic.com gestionandote.com www.gestionandote.com software.gestionandote.com; frame-ancestors 'self'; form-action 'self'; frame-src 'self' youtube.com www.youtube.com *.google.com *.vimeo.com; img-src 'self' www.gestionandote.com gestionandote.com software.gestionandote.com *.google-analytics.com data: w3.org/svg/2000 ajax.googleapis.com; 1
frame-ancestors https://admin.beatmakers.tv https://admin.beatmaker.tv https://superadmin-btv.herokuapp.com 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' snowheads.com *.snowheads.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.paypal.com *.cloudflare.com; style-src 'unsafe-inline' 'self' 1
'self'; 1
*" 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Qg6+hlt7lJuaA87gXLh10CjLQnmMEzJ3kAgP6jREXimpRcZ8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: *;object-src 'none';script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;script-src-attr 'self' 'unsafe-inline' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' ws: https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;frame-src 'self' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com;manifest-src 'self' https://www.google-analytics.com https://js.stripe.com https://4dayweek.io https://www.googletagmanager.com https://stats.g.doubleclick.net https://media.fourdayweek.io https://platform.twitter.com/ https://pbs.twimg.com/ https://static.hotjar.com https://script.hotjar.com https://hotjar.com https://vars.hotjar.com https://*.hotjar.com https://plausible.io/ https://*.plausible.io/ https://usefathom.com https://*.usefathom.com https://cdn.usefathom.com https://illuminatr.io https://*.illuminatr.io https://youtube.com https://*.youtube.com/ https://www.google.com/ https://www.gstatic.com https://js.sparkloop.app https://*.sparkloop.app https://eu.posthog.com https://*.posthog.com https://posthog.com https://static.cloudflareinsights.com https://cloudflareinsights.com https://*.cloudflareinsights.com https://static.ads-twitter.com https://ads-twitter.com https://*.ads-twitter.com 1
default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://deploy.mopinion.com https://static.hotjar.com https://script.hotjar.com https://tdn.r42tag.com https://www.google-analytics.com https://collect.mopinion.com https://www.googletagmanager.com https://www.googleoptimize.com https://static.cloud.coveo.com https://data1.ralasis.com https://optimize.google.com https://translate.googleapis.com https://translate.google.com https://dev.visualwebsiteoptimizer.com  https://admin.relay42.com https://static.hotjar.com https://www.google-analytics.com https://app.vwo.com https://cdn.harvest.graindata.com;style-src 'self' 'unsafe-inline' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://collect.mopinion.com https://fonts.mopinion.com https://static.cloud.coveo.com https://fonts.googleapis.com https://translate.googleapis.com https://optimize.google.com https://admin.relay42.com https://app.vwo.com;img-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://www.google-analytics.com https://www.gstatic.com https://i.ytimg.com https://translate.google.com https://translate.googleapis.com https://admin.relay42.com https://tdn.r42tag.com https://t.svtrd.com https://fonts.gstatic.com https://region1.google-analytics.com https://dev.visualwebsiteoptimizer.com https://www.googletagmanager.com;font-src data: 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://fonts.mopinion.com https://gstatic.mopinion.com https://fonts.gstatic.com;connect-src * https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl wws://*.hotjar.com https://*.hotjar.com;media-src * 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;object-src 'none' ;child-src https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/ https://vars.hotjar.com https://www.youtube-nocookie.com https://www.google.com https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://app.vwo.com; worker-src blob:;frame-ancestors https://www.youtube-nocookie.com https://www.google.com https://optimize.google.com https://m.youtube.com https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://app.vwo.com;form-action 'self' https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl https://t.svtrd.com/structure-collection https://broker.nxtid.nl;block-all-mixed-content;base-uri https://*.achmearechtsbijstand.nl https://www.achmearechtsbijstand.nl https://achmearechtsbijstand.nl;report-uri https://bcd8a826da9dc721f317d24ae6b9e320.ams.report-uri.com/r/t/csp/reportOnly; 1
default-src https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com data:; img-src 'self' 'unsafe-inline' mediastream: data: https: 1
frame-ancestors 'self' https://manage.newequipment.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
base-uri 'self';connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net;default-src 'self';font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com;form-action 'self';img-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net data: https://i.ytimg.com https://*.google-analytics.com https://*.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com;media-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net https://*.guidingtube.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.23g.io https://www.google.com https://www.gstatic.com https://www.googletagmanager.com 'nonce-emKu2YtH2bgATFA1wq4xAqj6zCZdLVBP';frame-src 'self' https://w.soundcloud.com/ https://www.youtube.com/ https://player.vimeo.com/ https://*.guidingtube.com/;style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com 1
default-src 'none'; script-src 'self' https://platform.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.datatables.net https://www.google.com https://www.gstatic.com https://az416426.vo.msecnd.net 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src 'self' https://correo.emvs.es https://www3.emvs.es https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://www.google.com https://view.genial.ly https://shares.enetres.net https://iframe.dacast.com  'unsafe-inline'; style-src 'self' https://cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com; media-src 'self'; manifest-src 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https:;img-src 'self' data: https:;style-src 'self' 'unsafe-inline' https:;frame-src https:;object-src 'none';font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' https://bs.nakanohito.jp https://analytics.google.com https://www.google-analytics.com https://assets.withdesk.com https://stats.g.doubleclick.net https://ch.zucks.net https://www.google.co.jp https://lake.karakuri.ai https://analytics.karakuri.ai https://*.karte.io https://*.outbrain.com https://analytics.tiktok.com;media-src 'self'; 1
frame-src https://www.evasunderklader.se https://www.evasintimates.com https://www.evasunderklader.se:991 https://www.evasintimates.com:991 https://www.facebook.com https://js.stripe.com https://q.stripe.com https://www.gstatic.com https://pay.google.com https://klarna-payments-eu.playground.klarna.com https://klarna-payments-eu.klarna.com https://payments.klarna.com/ https://js.klarna.com https://*.playground.klarna.com https://*.klarna.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com; frame-ancestors https://www.evasunderklader.se https://www.evasintimates.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src 'self' data: 1
upgrade-insecure-requests;      default-src 'self' *.lewissilkin.com 'unsafe-inline' fast.fonts.net fonts.googleapis.com platform.twitter.com;      connect-src 'self' maps.googleapis.com clientapi.passle.net www.passle.net cdn.cookielaw.org stats.g.doubleclick.net *.google-analytics.com geolocation.onetrust.com *.clarity.ms *.analytics.google.com api.amcreativemedia.com *.hotjar.io *.fontawesome.com *.linkedin.com *.hotjar.com www.google.co.in www.google.co.uk www.google.com.ph www.google.de www.google.es www.google.fr www.google.ie wss://ws.hotjar.com;      font-src 'self' fonts.gstatic.com dukb55syzud3u.cloudfront.net data: *.fontawesome.com use.typekit.net;      form-action 'self' syndication.twitter.com platform.twitter.com;      frame-src 'self' platform.twitter.com syndication.twitter.com *.passle.net www.youtube.com www.youtube-nocookie.com adlaw.lewissilkin.com api.getsecuritysuite.com cdn.yoshki.com flo.uri.sh sites-lewissilkin.vuturevx.com vkanalytics.net www.buzzsprout.com clientapi.passle.net td.doubleclick.net www.googletagmanager.com view.ceros.com;     img-src 'self' lewissilkin.vuturevx.com data: maps.googleapis.com maps.gstatic.com pbs.twimg.com platform.twitter.com ton.twimg.com images.passle.net syndication.twitter.com abs.twimg.com www.google-analytics.com www.google.co.uk www.google.com www.googletagmanager.com cdn.cookielaw.org i.ytimg.com public.flourish.studio www.google.be www.google.com.au www.google.com.eg www.google.es www.google.ie www.google.nl c.bing.com c.clarity.ms fonts.gstatic.com *.linkedin.com *.analytics.google.com www.google.ca www.google.ch www.google.co www.google.de www.google.fr www.google.it www.google.no www.google.pl www.google.pt www.google.com.hk;      script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.cookielaw.org geolocation.onetrust.com maps.googleapis.com sdk.passle.net www.google-analytics.com www.googletagmanager.com cdn.syndication.twimg.com data: platform.twitter.com public.flourish.studio www.buzzsprout.com kit.fontawesome.com okt.to script.hotjar.com secure.agile-enterprise-ingenuity.com snap.licdn.com static.hotjar.com static.oktopost.com www.clarity.ms www.passle.net;      script-src-attr 'unsafe-inline';      script-src-elem 'self' 'unsafe-inline' ajax.googleapis.com maps.googleapis.com sdk.passle.net cdn.syndication.twimg.com platform.twitter.com cdnjs.cloudflare.com www.passle.net cdn.cookielaw.org cdn.jsdelivr.net geolocation.onetrust.com www.google-analytics.com www.googletagmanager.com me.kis.v2.scr.kaspersky-labs.com public.flourish.studio fast.fonts.net fonts.googleapis.com platform.twitter.com ton.twimg.com cdnjs.cloudflare.com clientapi.passle.net dukb55syzud3u.cloudfront.net sdk.passle.net cdn.jsdelivr.net me.kis.v2.scr.kaspersky-labs.com apis.google.com kit.fontawesome.com okt.to script.hotjar.com secure.agile-enterprise-ingenuity.com snap.licdn.com ssl.google-analytics.com static.hotjar.com static.oktopost.com www.clarity.ms view.ceros.com www.buzzsprout.com;      style-src 'self' 'unsafe-eval' 'unsafe-inline' fast.fonts.net fonts.googleapis.com platform.twitter.com ton.twimg.com clientapi.passle.net;       style-src-elem 'self' 'unsafe-eval' 'unsafe-inline' fast.fonts.net fonts.googleapis.com platform.twitter.com ton.twimg.com clientapi.passle.net cdnjs.cloudflare.com sdk.passle.net;      report-uri https://3chillies.report-uri.com/r/d/csp/reportOnly; 1
frame-ancestors 'self' https://unpkg.com http://www.weathertechwholesale.com http://www.cabelas.com https://www.cabelas.com http://www.calcarcover.com https://www.calcarcover.com http://cabuat01.cabelas.com https://cabuat01.cabelas.com http://cabuat02.cabelas.com https://cabuat02.cabelas.com http://cabuat03.cabelas.com https://cabuat03.cabelas.com https://sandbox-assets.secure.checkout.visa.com https://sandbox.secure.checkout.visa.com https://assets.secure.checkout.visa.com https://secure.checkout.visa.com *.intranet.dow.com *.paypal.com *.paypalobjects.com pinterest.adsymptotic.com ct.pinterest.com *.ppipe.net https://svra.com 1
img-src 'self' data: *.net.pekao.com.pl; default-src 'self' *.net.pekao.com.pl; connect-src 'self' https://localhost:* *.net.pekao.com.pl https://chatvideo.pekao.com.pl; frame-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.net.pekao.com.pl; style-src 'self' 'unsafe-inline'; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://bailpdf.com/report-uri/enforce 1
img-src * data:; style-src 'self' 'unsafe-inline' static.dvinci-easy.com fonts.googleapis.com fonts.gstatic.com; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.google.com *.googletagmanager.com *.google-analytics.com analyzer.amedick-sommer.de maps.googleapis.com static.dvinci-easy.com;frame-ancestors 'self'; 1
frame-ancestors 'self' http://zpe20virtual.expo-ip.com/ https://app.swapcard.com https://zpeventapp.app.swapcard.com https://spring-live.fairverify.com https://studio.swapcard.com 1
default-src 'unsafe-inline' 'unsafe-eval' https://www.vv.lt *.analytics.google.com https://nominatim.openstreetmap.org/ https://unpkg.com https://pagead2.googlesyndication.com https://maps.googleapis.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://region1.google-analytics.com https://nulispasiteisinimu.lt https://www.facebook.com https://connect.facebook.net https://vilnius.lt https://www.vilnius.lt https://web.vilnius.lt https://yoast.com https://www.youtube.com/ https://vvandenys.maps.arcgis.com https://fcrchat.fcrmedia.lt https://gis.vv.lt https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://ajax.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com https://www.google.lt https://maps.google.com/ https://www.gstatic.com https://use.fontawesome.com 'self'; font-src 'self' data: https://www.vv.lt https://fonts.gstatic.com:443 https://netdna.bootstrapcdn.com; img-src 'self' data: https://www.vv.lt https://tile.openstreetmap.org/ https://a.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/ https://www.facebook.com https://connect.facebook.net https://www.google.com https://www.google.lt https://www.googletagmanager.com https://ps.w.org https://s.w.org https://secure.gravatar.com:443 https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://www.vv.lt https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com:443 https://netdna.bootstrapcdn.com 1
font-src 'self' https: data: fonts.googleapis.com fonts.gstatic.com; frame-ancestors 'none'; frame-src calendly.com *.facebook.com *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.instagram.com *.linkedin.com *.loom.com *.stripe.com *.tiktok.com *.typeform.com *.urssaf.fr *.youtube.com zapier.com *.zapier.com; img-src 'self' https: data: *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com sumo.com *.sumo.com; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' *.axept.io ckeditor.com *.facebook.com *.googleadservices.com *.g.doubleclick.net *.googlesyndication.com www.google.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.hs-scripts.com *.instagram.com *.jquery.com *.pinterest.com reddit.com *.stripe.com sumo.com *.sumo.com *.tiktok.com *.typeform.com zapier.com *.zapier.com; style-src 'self' https: 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com tagmanager.google.com zapier.com *.zapier.com; connect-src 'self' https: *.google-analytics.com *.stripe.com sumo.com *.sumo.com wss://*.tawk.to 1
default-src 'self';    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com      connect.facebook.net www.locrating.com clients.yomdel.com *.livechatinc.com cdn.jsdelivr.net cdnjs.cloudflare.com      *.matomo.cloud www.youtube.com *.vimeocdn.com;    style-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.gstatic.com *.typekit.net rettie.matomo.cloud;    img-src 'self' data: https: blob: rettiecdn.co.uk;    connect-src 'self' https:;    font-src 'self' data: https:;    object-src 'self';    media-src 'self' data: www.youtube.com vimeo.com *.cloudflarestream.com;    manifest-src 'self';    frame-src 'self' www.youtube-nocookie.com *.youtube.com player.vimeo.com *.google.com infogram.com *.infogram.com      www.facebook.com *.soundcloud.com *.cloudflarestream.com my.matterport.com schools.locrating.com *.livechatinc.com      td.doubleclick.net www.googletagmanager.com;    form-action 'self' www.facebook.com;    base-uri 'self' rettie.matomo.cloud;    worker-src blob:;    child-src blob:;    frame-ancestors 'self';    report-to default;    report-uri https://nbcom.report-uri.com/r/d/csp/enforce 1
default-src 'self' https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://s1329636.t.eloqua.com https://www.google.com.br https://www.google.com.hk https://www.google.com.sg https://www.google.co.in https://www.google.co.nz https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.com.pa https://www.google.nl https://www.google.co.jp https://*.fls.doubleclick.net  https://prodau-cdn.azureedge.net https://prodeu-cdn.azureedge.net https://www.google.com https://resources.digital-cloud.medallia.eu https://*.licdn.com https://s7.addthis.com https://vars.hotjar.com/ https://connect.facebook.net/ https://www.facebook.com/ *.crazyegg.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com/vi_webp/PfZzvGGRaOM/mqdefault.webp; img-src 'self' blob: data: https://portal.webolytics.com/ https://admin.bound360.com/images/logos/bound-logo-full.png https://cdn.bizible.com https://cdn.bizibly.com https://px4.ads.linkedin.com https://ad.doubleclick.net https://www.google.be https://pbs.twimg.com https://*.analytics.google.com https://*.google.com https://*.brightfunnel.com https://q.quora.com https://alb.reddit.com https://www.marketing-town.com https://assets.getsmartcontent.com https://www.google.co.in https://www.google.com.hk https://www.google.com.sg https://www.google.co.nz https://www.google.co.jp https://www.google.com.br https://www.google.com.bh https://www.google.co.kr https://www.google.com.my https://www.google.ca https://www.google.ie https://www.google.lt https://www.google.com.au https://www.google.nl https://di3c8wks3odob.cloudfront.net https://maps.gstatic.com https://maps.googleapis.com https://www.google.de https://www.google.it https://pixel.tapad.com https://decibel-49-adswizz.attribution.adswizz.com https://www.google.co.uk https://attribution.decibelads.com https://reverseads.matomo.cloud https://tracking.connect.services.global.ntt https://fonts.gstatic.com https://cdn.cookielaw.org https://analytics.twitter.com https://analytics.google.com https://*.terminus.services https://match.adsrvr.org https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://resources.digital-cloud.medallia.eu https://j.mrpdata.net https://857338121.privacysandbox.googleadservices.com https://720787047.privacysandbox.googleadservices.com https://apt.techtarget.com https://620993155.privacysandbox.googleadservices.com https://p.adsymptotic.com/ *.crazyegg.com https://tracking.hello.global.ntt/ https://www.google.co.za https://*.kampyle.com https://vars.hotjar.com https://pubads.g.doubleclick.net https://script.hotjar.com http://script.hotjar.com www.googletagmanager.com https://www.google.com https://www.google.com.pa https://googleads.g.doubleclick.net https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://prodeu-cdn.azureedge.net https://prodau-cdn.azureedge.net https://t.co/ https://px.ads.linkedin.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.linkedin.com/ https://s2190102.t.eloqua.com/ https://storage.googleapis.com/ https://*.akstat.io; style-src 'unsafe-inline' 'unsafe-eval' 'self' *.crazyegg.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.css https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/tiny-slider.css https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; font-src 'self' https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://fonts.gstatic.com data: http://script.hotjar.com https://script.hotjar.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors https://cm.euprod.services.global.ntt https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://vars.hotjar.com https://bid.g.doubleclick.net https://*.crazyegg.com; script-src 'nonce-NzIwNDMwMjZub25jZS1yYW5kb20='  'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://cdn.bizible.com https://secure.intelligentdata52.com https://a.quora.com https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://www.redditstatic.com https://cdn.jsdelivr.net/npm/swiper@8/swiper-bundle.min.js https://maps.googleapis.com https://www.google.co.in https://www.google.co.nz https://www.google.com.pa https://www.google.de https://www.google.it https://cdn.matomo.cloud https://s.getsmartcontent.com https://cdn.getsmartcontent.com https://attribution.decibelads.com https://tracking.connect.services.global.ntt https://snippet.ramblechat.com https://munchkin.brightfunnel.com https://*.terminus.services https://analytics.google.com https://prodeu-strgacc-cdn.azureedge.net https://prodau-strgacc-cdn.azureedge.net https://*.leady.com/ https://www.gstatic.com https://trk.techtarget.com https://visitor.reactful.com https://*.crazyegg.com https://script.crazyegg.com https://connect.facebook.net/ https://cdn.cookielaw.org/ https://secure.east2pony.com/ https://protect-eu.mimecast.com/ https://www.google.co.za/ https://*.addthisedge.com https://z.moatads.com https://*.addthis.com https://script.hotjar.com http://script.hotjar.com http://static.hotjar.com https://static.hotjar.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://analytics.twitter.com https://static.ads-twitter.com https://resources.digital-cloud.medallia.eu https://nebula-cdn.kampyle.com https://img03.en25.com https://script.crazyegg.com https://www.youtube.com www.googleadservices.com https://pubads.g.doubleclick.net https://snap.licdn.com https://cdnjs.cloudflare.com/ajax/libs/tiny-slider/2.9.1/min/tiny-slider.js https://geolocation.onetrust.com https://vidassets.terminus.services  https://acrobatservices.adobe.com; connect-src 'self' https://*.t.eloqua.com https://*.adobe.io https://*.go-mpulse.net https://portal.webolytics.com https://px.ads.linkedin.com https://*.brightfunnel.com https://*.analytics.google.com https://*.google.com https://ibc-flow.techtarget.com https://cdn.linkedin.oribi.io https://udc-neb.kampyle.com https://www.google.com.pa https://s.getsmartcontent.com https://chat-messaging.terminus.services https://www.gstatic.com https://maps.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/mapConfigs https://reverseads.matomo.cloud wss://a1kkx7muourfsi-ats.iot.us-east-1.amazonaws.com https://chat-visitor-info.terminus.services https://iotas.terminus.services https://chat-team-management.terminus.services https://di3c8wks3odob.cloudfront.net https://realtime.ramblechat.com https://idx.liadm.com/ https://geolocation.onetrust.com/ https://api.brightfunnel.com https://analytics.google.com https://*.leady.com/ https://tracking.reactful.com https://resources.digital-cloud.medallia.eu https://visitor.reactful.com *.crazyegg.com https://www.facebook.com/ https://connect.facebook.net/ https://cdn.cookielaw.org/ https://stats.g.doubleclick.net/ https://www.google-analytics.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://script.crazyegg.com/* https://api-public.addthis.com https://*.addthis.com https://privacyportal-de.onetrust.com/ https://*.akstat.io https://*.akamaihd.net https://acrobatservices.adobe.com; object-src blob: ; frame-src https://block.opendns.com https://td.doubleclick.net https://ssp2.gin.ntt.net https://www.google.com.pa https://10155546.fls.doubleclick.net https://resources.digital-cloud.medallia.eu https://extraordinary-platypus-f5e0bb.netlify.app https://nttbdttour.netlify.app/ https://cm.euprod.services.global.ntt https://www.youtube.com https://www.google.com https://youtu.be https://acrobatservices.adobe.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://isitetv.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com https://tpc.googlesyndication.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.pt https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://analytics.tiktok.com https://sgtm.lookfantastic.pt; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.pt https://m.lookfantastic.pt https://checkout.lookfantastic.pt https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.microsofttranslator.com https://*.hotjar.com https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://tpc.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://analytics.tiktok.com https://*.ibytedtos.com https://sgtm.lookfantastic.pt; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' https://www.spedition-overnight.de 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.goodrx.com https://leads-api.grxweb.com https://event.formsort.com https://assets.formsort.com https://variant.formsort.com https://flow.formsort.com https://usercontent.formsort.com https://api.flow.formsort.com https://formsort-answers-prod.s3-accelerate.amazonaws.com https://consent.api.osano.com https://tattle.api.osano.com https://disclosure.api.osano.com https://cmp.osano.com https://*.px-cloud.net https://*.perimeterx.net https://*.pxchk.net https://*.px-cdn.net https://*.px-client.net https://www.recaptcha.net https://*.segment.com https://*.segment.io https://*.speedcurve.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://fonts.gstatic.com https://www.gstatic.com https://stats.g.doubleclick.net https://sentry.io https://o210177.ingest.sentry.io https://www.grxstatic.com https://www.facebook.com https://connect.facebook.net https://di.rlcdn.com https://www.a3beghatrk.com https://*.r3engage.com; report-uri https://o17108.ingest.sentry.io/api/5215720/security/?sentry_key=bfcc0d884fca4a1880e78f18cefd9c21 1
default-src 'self'; connect-src * 'self' data: https: blob:; font-src 'self' data: https:; frame-src 'self' data: https:;  img-src * 'self' data: https: blob:; script-src 'self' 'nonce-UoQ1LPae1pUMaAz3PMBgxZh74CTja/5dA7LS6J2jSfQ=' 'strict-dynamic' ; style-src 'self' 'unsafe-inline' *; form-action 'self' data: https:; media-src 'self' data: https: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: api.geoapify.com cloud.email.denzel.at *.amazonaws.com *.autouncle.com wss://widget.vivelacar.com *.adform.net *.vivelacar.com https://assets.autouncle.com *.autouncle.at *.servicelister.de *.itt-dev.de https://www.paypal.com https://paypal.com https://api.hpm.itt-dev.de https://hpm.itt-dev.de https://www.youtube-nocookie.com https://static-v.tawk.to https://va.tawk.to https://tawk.link https://cdn.jsdelivr.net https://plugins.tawk.to https://karriere.denzel.at http://karriere.denzel.at https://karriere.denzel.at https://test-otb.motiondata-vector.com https://otb.motiondata-vector.com https://test-osb.motiondata-vector.com https://osb.motiondata-vector.com https://www.google-analytics.com https://news.denzel.at http://news.denzel.at https://www.google.com https://tae298009.emailsys2a.net https://translate.google.com http://translate.google.com http://*.typekit.net https://*.typekit.net https://*.siteimprove.net https://*.siteimprove.com https://denzel.containers.piwik.pro http://denzel.containers.piwik.pro https://fonts.gstatic.com http://denzel.piwik.pro https://denzel.piwik.pro https://www.gstatic.com https://*.googleapis.com http://*.googleapis.com https://maps.gstatic.com https://secure.gravatar.com https://www.youtube.com https://themes.googleusercontent.com http://themes.googleusercontent.com http://module.servicelister.de http://servicelister.de https://cdnjs.cloudflare.com/ https://embed.tawk.to/; frame-ancestors * 1
default-src 'self' https://www.google-analytics.com; base-uri 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' *.google.com fonts.googleapis.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.nl *.google.be *.google-analytics.com *.googleadservices.com *.googlesyndication.com www.googletagmanager.com *.googleapis.com *.gstatic.com *.linkedin.com *.googletagmanager.com *.adsensecustomsearchads.com/; script-src-elem 'self' 'unsafe-inline' *.google.com *.google.nl *.google.be *.googleadservices.com *.googlesyndication.com *.googleapis.com *.google-analytics.com www.googletagmanager.com *.linkedin.com www.gstatic.com *.googletagmanager.com *.adsensecustomsearchads.com/; object-src 'self'; connect-src 'self' *.google.com *.google-analytics.com *.googlesyndication.com *.googleapis.com csi.gstatic.com *.googletagmanager.com *.adsensecustomsearchads.com/; img-src 'self' *.google.com *.google-analytics.com *.googlesyndication.com *.gstatic.com *.googleapis.com img.youtube.com https://c625951.ssl.cf3.rackcdn.com *.adsensecustomsearchads.com/; media-src *.youtube.com *.youtube.be; font-src 'self' fonts.gstatic.com; frame-src 'self' *.google.com *.googlesyndication.com *.linkedin.com googleads.g.doubleclick.net *.googletagmanager.com *.adsensecustomsearchads.com/; 1
frame-ancestors 'self' http://local.wastebits.io:* https://*.wastebits.io https://*.wastebits.com 1
default-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none'; child-src 'self'; object-src blob: 'report-sample'; connect-src https://www.googleapis.com https://*.google-analytics.com https://*.googlesyndication.com https://csi.gstatic.com https://*.googletagmanager.com https://analytics.google.com https://*.analytics.google.com https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google.com.br https://www.google.cl https://www.google.com.py https://www.google.fr https://www.google.com.mx https://www.google.com.bd https://www.google.com.co https://www.google.com.pe https://www.google.nl https://www.google.es https://www.google.com.gt https://www.google.com.uy https://www.google.com.pr https://www.google.com.sg https://www.google.es https://www.google.com.co https://www.google.at https://www.google.ca https://www.google.pl https://www.google.cl https://www.google.es https://www.google.com.ec https://www.google.co.ve https://www.google.jo https://www.google.hu https://www.google.com.ar https://www.google.com.qa https://www.google.com.co https://www.google.it https://www.google.hr https://www.google.co.il https://www.google.co.uk https://www.google.com.mm https://www.google.com.jm https://www.google.pt/ https://www.google.com.pk https://www.google.ca https://www.google.tt https://www.google.ie/ https://www.google.com.mx https://www.google.no https://www.google.com.au https://www.google.fi https://www.google.rs https://www.google.co.th https://www.google.de https://www.google.cz https://www.google.co.in https://www.google.co.nz https://www.google.co.za https://www.google.com.ua/ https://www.google.com.pk https://www.google.co.id https://www.google.com.ar https://www.google.az https://www.google.cl https://www.google.fr https://www.google.ru https://www.google.com.do https://www.google.com.ng https://www.google.co.jp https://www.google.co.zw https://www.google.ch https://www.google.es https://www.google.co.za https://www.google.com.tr https://www.google.co.ke https://www.google.com.sa https://www.google.pt/ https://www.google.dz https://www.google.be https://www.google.com.ph https://www.google.com.my https://www.google.co.id https://www.google.co.ma https://www.google.de https://www.google.com.kw https://www.google.gy https://www.google.hn https://www.google.com.hk https://www.google.co.ao https://www.google.com.eg https://www.google.co.ke https://www.google.co.cr https://www.google.co.tw; media-src blob: 'report-sample'; img-src 'self' blob: data: https://region1.analytics.google.com https://*.analytics.google.com https://www.google-analytics.com https://*.googleusercontent.com https://*.googlesyndication.com https://*.googletagmanager.com https://region1.analytics.google.com https://www.google.cz https://www.google.com.my https://www.google.co.in https://www.google.com.uy https://www.google.com.ar https://www.google.co.uk https://www.google.pt https://www.google.com.co https://www.google.co.ma https://www.google.bs https://www.google.de https://www.google.cl https://www.google.com.pe https://www.google.it https://www.google.fr https://www.google.com.mx https://www.google.ca https://www.google.bs https://www.google.es https://www.google.com.kw https://www.google.com.ec https://www.google.nl https://www.google.co.ke https://www.google.gr https://www.google.com.vn https://www.google.co.il https://www.google.com.mt https://www.google.com.pk https://www.google.com.jm https://www.google.dk https://www.google.com.bd https://www.google.com.ng https://www.google.hu https://www.google.ie https://www.google.cz https://www.google.pl https://www.google.ae https://www.google.com.hk https://www.google.co.id https://www.google.at https://www.google.com.br https://www.google.com.sa https://www.google.ru https://www.google.co.ve https://www.google.com.ec https://www.google.com.py https://www.google.co.za https://www.google.com.sv https://www.google.ro https://www.google.ch https://www.google.no https://www.google.sn https://www.google.hr https://www.google.com.pr https://www.google.com.ph https://www.google.com.eg https://www.google.se https://www.google.ge https://www.google.com.lb https://www.google.com.ua https://www.google.com.pa https://www.google.be https://www.google.co.nz https://www.google.co.zm https://www.google.com.sg https://www.google.com.gt https://www.google.com.br https://www.google.com.fj https://www.google.com.bo https://www.google.sk https://www.google.com.ni https://www.google.dz https://www.google.com.do https://www.google.rw https://www.google.as https://www.google.com.om https://www.google.co.jp https://www.google.rw https://www.google.md https://www.google.co.th https://www.google.jo/ https://www.google.com.gt/ https://www.google.fi https://www.google.co.tz https://www.google.bg https://www.google.co.kr https://www.google.rs https://www.google.com.au https://www.google.de https://www.google.iq https://www.google.az https://www.google.co.cr https://www.google.com.mm https://www.google.com.ly https://www.google.mw https://www.google.com.qa https://www.google.be https://www.google.hn https://www.google.com.pg/ https://www.google.bf https://www.google.com.tw https://www.google.ws https://www.google.tn https://www.google.com.tr https://www.google.com.np https://www.google.ci/ https://www.google.com.gh https://www.google.ht; script-src 'self' 'report-sample' https://*.googletagmanager.com https://*.google-analytics.com/analytics.js https://ssl.google-analytics.com/ https://apis.google.com https://*.googlesyndication.com https://*.googleadservices.com https://*.googletagservices.com https://adservice.google.com https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.co https://adservice.google.com.ar https://adservice.google.com.pe https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.tr https://adservice.google.com.pk https://adservice.google.com.sa https://adservice.google.com.ec https://adservice.google.com.ph https://adservice.google.com.bo https://adservice.google.com.gt https://adservice.google.com.tr https://adservice.google.com.ng https://adservice.google.com.ua https://adservice.google.com.my https://adservice.google.com.gt https://adservice.google.com.eg https://adservice.google.com.bh  https://adservice.google.co.uk https://adservice.google.co.in https://adservice.google.co.nz https://adservice.google.co.kr https://adservice.google.co.id https://adservice.google.co.ve https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.ke https://adservice.google.co.za https://adservice.google.co.ve  https://adservice.google.pl https://adservice.google.it https://adservice.google.es https://adservice.google.pt https://adservice.google.ca https://adservice.google.ru https://adservice.google.fr https://adservice.google.cl https://adservice.google.sk https://adservice.google.cz https://adservice.google.se https://adservice.google.gr https://adservice.google.ie https://adservice.google.hn https://adservice.google.ae https://adservice.google.cl https://adservice.google.hu https://adservice.google.de https://adservice.google.iq https://adservice.google.si https://adservice.google.rs https://adservice.google.nl https://adservice.google.py https://adservice.google.tn https://adservice.google.hu https://adservice.google.at https://adservice.google.fi https://adservice.google.rw https://adservice.google.co.th https://adservice.google.co.tz https://adservice.google.com.sg https://adservice.google.com.np https://adservice.google.com.vn https://adservice.google.com.kh https://adservice.google.com.bd https://adservice.google.com.fj https://adservice.google.be https://adservice.google.ro https://adservice.google.dk https://adservice.google.kz https://adservice.google.ch https://adservice.google.lt https://adservice.google.no https://adservice.google.bg https://adservice.google.lv https://adservice.google.com.tw https://adservice.google.lb https://adservice.google.com.bz https://adservice.google.com.py https://adservice.google.com.kw https://adservice.google.com.uy https://adservice.google.com.jm https://adservice.google.com.qa https://adservice.google.com.lb https://adservice.google.com.pr https://adservice.google.com.sv  https://adservice.google.com.cy https://adservice.google.com.hk https://adservice.google.com.et https://adservice.google.com.pa https://adservice.google.co.zm https://adservice.google.co.cr https://adservice.google.co.zw https://adservice.google.co.uz https://adservice.google.co.ug https://adservice.google.tt https://adservice.google.dz https://adservice.google.mu https://adservice.google.cm https://adservice.google.ht https://adservice.google.ee https://adservice.google.bt https://adservice.google.az https://adservice.google.hr https://adservice.google.is https://adservice.google.ad https://adservice.google.lk https://adservice.google.al https://adservice.google.lu https://adservice.google.mw https://adservice.google.ci https://adservice.google.co.mz https://adservice.google.com.mm https://adservice.google.com.na https://adservice.google.com.af https://adservice.google.bj https://adservice.google.bs https://adservice.google.co.ao https://adservice.google.co.bw https://adservice.google.co.vi https://adservice.google.com.ag https://adservice.google.com.bn https://adservice.google.com.cu https://adservice.google.com.gh https://adservice.google.com.ni https://adservice.google.com.pg https://adservice.google.fm https://adservice.google.la https://adservice.google.mn https://adservice.google.sn https://adservice.google.sr https://adservice.google.tl https://adservice.google.ws https://adservice.google.jo; style-src 'self' https://*.googletagservices.com https://fonts.googleapis.com 'unsafe-inline' 'report-sample'; font-src 'self' data: 'report-sample' https://fonts.gstatic.com https://use.typekit.net; frame-src blob: https://accounts.google.com https://*.doubleclick.net https://*.googlesyndication.com https://docs.google.com https://drive.google.com https://www.google.com; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';; upgrade-insecure-requests 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://news.rosler.com https://code.etracker.com https://www.etracker.de;style-src 'self' 'report-sample' 'unsafe-inline';object-src 'none';frame-src 'self' https://news.rosler.com www.videolyser.de;child-src 'self';img-src 'self' data:;font-src 'self' data:;connect-src 'self' www.etracker.de;manifest-src 'self';base-uri 'self';form-action 'self';media-src 'self';prefetch-src 'self';worker-src 'self'; 1
frame-ancestors 'self' http://testbaba.virtualcms.it 1
frame-ancestors 'self' http://www.philips.com.mx *.philips.com *.philips.com.mx https://philipsigtdpv.com 1
frame-ancestors 'self' https://planeetta.ladesk.com 1
default-src 'self' http://persis.gemu-group.com:8080 *.google.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.google-analytics.com connect.facebook.net *.albacross.com *.webtraxs.com *.ggpht.com amazonaws.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com *.cloudfront.net *.userlike.com userlike-cdn-umm.b-cdn.net *.leadenhancer.com wss://*.userlike.com *.alexametrics.com cdn.delight-vr.com *.cookiebot.eu *.cookiebot.com *.simpli.fi slsntllgnc.com usercentrics.eu data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors *.gemu-group.com 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' cdn.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com ; media-src 'self' data: mpsnare.iesnare.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org *.pricespider.com www.youtube.com pghub.io *.bazaarvoice.com cdnjs.cloudflare.com *.mapbox.com *.iesnare.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io www.youtube.com consumersupport.pg.com pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com cdn.cookielaw.org *.bazaarvoice.com *.pricespider.com *.ytimg.com feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org *.google-analytics.com *.bazaarvoice.com *.pricespider.com *.mapbox.com wss: *.pricespider.com geolocation-db.com *.algolia.net feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
base-uri 'none'; default-src 'none'; script-src 'self' *.sdelkino.com 'unsafe-inline' 'unsafe-eval' *.yandex.ru yastatic.net www.google-analytics.com *.googleapis.com adservice.google.ru adservice.google.com www.googletagservices.com d2wy8f7a9ursnm.cloudfront.net pagead2.googlesyndication.com code.jquery.com cdnjs.cloudflare.com api.mapbox.com partner.googleadservices.com tpc.googlesyndication.com; img-src 'self' *.sdelkino.com www.google.com *.gstatic.com *.googleapis.com www.google-analytics.com pagead2.googlesyndication.com stats.g.doubleclick.net notify.bugsnag.com vk.com *.yandex.net *.yandex.ru data: api.mapbox.com; style-src 'self' *.sdelkino.com 'unsafe-inline' *.googleapis.com; connect-src 'self' *.yandex.ru yandex.ru www.google-analytics.com maps.googleapis.com pagead2.googlesyndication.com stats.g.doubleclick.net tpc.googlesyndication.com; frame-src www.sdelkino.com googleads.g.doubleclick.net yastatic.net st.yandexadexchange.net tpc.googlesyndication.com www.google.com; frame-ancestors *.sdelkino.com vk.com; form-action 'self' money.yandex.ru merchant.roboxchange.com yoomoney.ru; font-src *.gstatic.com 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.sms2.gpc.gov.sg *.gov.sg appsms.sgmail.sgnet.gov.sg api.data.gov.sg *.googleapis.com *.google.com assets.wogaa.sg assets.dcube.cloud *.doubleclick.net ws.sharethis.com *.readspeaker.com; script-src 'self' 'unsafe-eval' assets.adobedtm.com *.sms2.gpc.gov.sg s.ytimg.com *.youtube.com *.gov.sg appsms.sgmail.sgnet.gov.sg *.www-stg.sgpc.gov.sg api.data.gov.sg *.readspeaker.com 'unsafe-inline' assets.wogaa.sg assets.dcube.cloud js.ptengine.com js.ptengine.jp connect.facebook.net ws.sharethis.com *.cloudfront.net *.googletagmanager.com t.sharethis.com *.google-analytics.com *.googleadservices.com static.ads-twitter.com analytics.twitter.com *.doubleclick.net; connect-src 'self' *.onemap.sg dpm.demdex.net snowplow-sentiments.wogaa.sg snowplow-web.wogaa.sg *.sms2.gpc.gov.sg *.gov.sg appsms.sgmail.sgnet.gov.sg api.data.gov.sg *.googleapis.com *.google-analytics.com *.googletagmanager.com *.google-analytics.com *.assets.wogaa.sg *.assets.dcube.cloud *.doubleclick.net l.sharethis.com *.readspeaker.com data:; font-src 'self' assets.wogaa.sg assets.dcube.cloud *.sms2.gpc.gov.sg *.gov.sg appsms.sgmail.sgnet.gov.sg api.data.gov.sg *.assets.wogaa.sg *.assets.dcube.cloud *.fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' * data:; frame-src 'self' wogaa.demdex.net *.sms2.gpc.gov.sg *.gov.sg appsms.sgmail.sgnet.gov.sg *.facebook.com *.google.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com ws.sharethis.com c.sharethis.mgr.consensu.org t.sharethis.com *.readspeaker.com; media-src 'self' *;object-src 'none'; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors; img-src 'self' data: https: *.tln.nl tln.nl acceptatie.tln.nl web-api.tln.nl web-api.acceptatie.tln.nl cms.tln.nl cms.acceptatie.tln.nl *.google-analytics.com www.googletagmanager.com www.google.com www.google.nl; object-src 'none'; script-src-attr 'none'; style-src 'self' https://tagmanager.google.com 'unsafe-inline'; script-src 'self' data: https://*.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://platform.linkedin.com https://www.linkedin.com; upgrade-insecure-requests; default-src 'self' data: https://www.tln.nl https://*.tln.nl https://*.cookiebot.com https://googletagmanager.com; connect-src 'self' https://*.tln.nl https://tln.nl https://acceptatie.tln.nl https://api.tln.test https://cms.tln.test https://web-api.tln.nl https://wep-api.acceptatie.tln.nl https://cms.tln.nl https://cms.acceptatie.tln.nl https://sessions.bugsnag.com https://notify.bugsnag.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://login.microsoftonline.com https://graph.microsoft.com https://consentcdn.cookiebot.com; sandbox allow-top-navigation-by-user-activation allow-downloads allow-forms allow-scripts allow-modals allow-same-origin allow-popups allow-presentation; frame-src https://www.linkedin.com https://www.youtube-nocookie.com https://youtube-nocookie.com https://player.vimeo.com https://open.spotify.com https://consentcdn.cookiebot.com https://consent.cookiebot.com; 1
default-src 'self';connect-src 'self' *;font-src 'self' *;frame-src 'self' aw-rtc-video-2.0.5: *;img-src 'self' data: blob: *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;media-src *;worker-src * data: blob: 'self';child-src blob:;manifest-src * blob: 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';    base-uri 'self';    frame-ancestors 'self' https: ;    object-src 'none'; 1
https: data: wss: 'unsafe-inline' 'unsafe-eval' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://ubuntu-mate.community/logs/ https://ubuntu-mate.community/sidekiq/ https://ubuntu-mate.community/mini-profiler-resources/ https://ubuntu-mate.community/assets/ https://ubuntu-mate.community/brotli_asset/ https://ubuntu-mate.community/extra-locales/ https://ubuntu-mate.community/highlight-js/ https://ubuntu-mate.community/javascripts/ https://ubuntu-mate.community/plugins/ https://ubuntu-mate.community/theme-javascripts/ https://ubuntu-mate.community/svg-sprite/; worker-src 'self' https://ubuntu-mate.community/assets/ https://ubuntu-mate.community/brotli_asset/ https://ubuntu-mate.community/javascripts/ https://ubuntu-mate.community/plugins/; frame-ancestors 'self' https://ubuntu-mate.org; manifest-src 'self' 1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org *.securitasmedia.com securitasmedia.com  www.googletagmanager.com  i.ytimg.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com https://*.googletagmanager.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src  www.youtube.com;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;frame-ancestors 'self'; 1
default-src 'self' data: *.sumsub.com *.geetest.com *.bitkan.net *.szsing.com *.google.com https://datasink-sensors.bitcan.io https://static.zdassets.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.sumsub.com *.jumio.com *.jumio.ai *.geetest.com *.bitkan.net *.google.com https://gcaptcha4.geevisit.com https://static.geevisit.com https://dn-staticdown.qbox.me https://api.geevisit.com https://api.smooch.io https://static.zdassets.com https://img.szsing.com https://www.google-analytics.com https://www.googletagmanager.com;img-src 'self' data: blob: *.sumsub.com *.geetest.com *.bitkan.net *.szsing.com https://static.zdassets.com https://accounts.zendesk.com https://static.bitkan.com https://www.google-analytics.com https://stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' *.sumsub.com *.bitkan.net *.szsing.com *.geetest.com *.google.com https://static.zdassets.com https://bitkan.core-sgp.jumio.com;font-src 'self' data: https://static.zdassets.com *.jumio.com *.jumio.ai *.bitkan.net *.szsing.com;frame-src 'self' *.sumsub.com *.jumio.com *.jumio.ai *.bitkan.net *.szsing.com *.google.com *.geetest.com;connect-src data: blob: 'self' *.sumsub.com *.bitkan.net *.jumio.com *.jumio.ai *.szsing.com *.google.com *.geetest.com https://datasink-sensors.bitcan.io wss://api.smooch.io https://api.smooch.io https://bitkan.zendesk.com https://ekr.zdassets.com wss://s1.btcwatch.com:8080 https://upload.qiniup.com https://api.qiniu.com wss://s.btckan.com:8080 https://www.google-analytics.com https://stats.g.doubleclick.net;object-src 'none' 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self';base-uri 'self';form-action 'self': nosniff 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' ssl.google-analytics.com 1
default-src 'self' https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; connect-src 'self' https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://apikeys.civiccomputing.com https://stats.g.doubleclick.net https://www.facebook.com https://tr.snapchat.com https://*.algolia.net https://*.algolianet.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.tiktok.com https://cdn.linkedin.oribi.io https://dev.visualwebsiteoptimizer.com https://*.google.com https://cc.cdn.civiccomputing.com; font-src 'self' fonts.gstatic.com themes.googleusercontent.com data: https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; frame-src 'self' https://platform.twitter.com https://syndication.twitter.com https://www.instagram.com https://maps.google.com/ https://www.google.com/ https://www.youtube.com/ https://r1.dotmailer-surveys.com/ https://www.google.co.uk/ https://9530286.fls.doubleclick.net https://player.vimeo.com https://facebook.com https://www.facebook.com https://web.facebook.com https://r1.dotdigital-pages.com https://open.spotify.com https://iframely.shorthand.com https://*.pinterest.com https://m.facebook.com https://tr.snapchat.com https://*.doubleclick.net https://cc.cdn.civiccomputing.com; img-src 'self' data: https:; media-src 'self' https://www.google-analytics.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://maps.googleapis.com https://cdn.syndication.twimg.com https://www.instagram.com https://r1.dotmailer-surveys.com/ https://www.google-analytics.com https://*.googletagmanager.com https://js-agent.newrelic.com/ https://bam.nr-data.net https://www.googleadservices.com https://s.yimg.com https://connect.facebook.net https://bat.bing.com https://s.pinimg.com https://sc-static.net https://amplify.outbrain.com https://tag.yieldoptimizer.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://googleads.g.doubleclick.net/ https://static.ads-twitter.com/ https://analytics.twitter.com https://www.google.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://embed.shorthand.com https://news.files.bbci.co.uk https://r1.dotdigital-pages.com https://iframely.shorthand.com https://www.youtube.com https://addevent.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' https://tagmanager.google.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com https://www.google-analytics.com https://static.ads-twitter.com/uwt.js https://connect.facebook.net https://js-agent.newrelic.com https://r1.dotmailer-surveys.com https://r1.dotdigital-pages.com https://analytics.twitter.com https://bam.nr-data.net https://embed.shorthand.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://news.files.bbci.co.uk https://maps.googleapis.com https://iframely.shorthand.com https://platform.instagram.com https://www.youtube.com https://*.googletagmanager.com http://static.ads-twitter.com/ https://snap.licdn.com https://sc-static.net https://analytics.tiktok.com https://tr.snapchat.com https://dev.visualwebsiteoptimizer.com https://addevent.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com maps.google.com platform.facebook.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://platform.twitter.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' blob: https://platform.twitter.com https://ton.twimg.com https://demos.shorthandstories.com https://cymru-wales.shorthandstories.com https://fonts.googleapis.com http://translate.googleapis.com/ https://www.youtube.com https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob:; frame-ancestors 'self' https://www.rslcontent.co.uk www.rslcontent.co.uk; report-uri https://www.wales.com/report-uri/enforce 1
frame-ancestors https://www.americanheritagegirls.org https://americanheritagegirls.org https://batchgeo.com https://www.batchgeo.com 1
default-src 'none'; connect-src 'self' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de bat.bing.com consentcdn.cookiebot.com googleads.g.doubleclick.net www.google.com jobspreader.com; font-src 'self' data: www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de fonts.gstatic.com; frame-src consentcdn.cookiebot.com mobil-krankenkasse-wpn.eportrait.de mobiloil-wpn.eportrait.de hilfsmittel.gwq-serviceplus.de www.kununu.com pushing-limits.de www.terminland.de www.youtube-nocookie.com; img-src 'self' blob: data: www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de bat.bing.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com www.gstatic.com img.youtube.com i.ytimg.com; object-src 'self' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.bkk-mobil-oil.de www.mobil-krankenkasse.de mobil-krankenkasse.de analytics.bkk-mobil-oil.de analytics.mobil-krankenkasse.de www.arztauskunftservice3.de bat.bing.com consent.cookiebot.com consentcdn.cookiebot.com www.dtvp.de www.google.com www.googleadservices.com www.googletagmanager.com bkk-mobil-oil.novomind.com mkk.novomind.com ecdn.novomind.com; style-src 'self' 'unsafe-inline' www.bkk-mobil-oil.de; report-uri https://www2.bkk-mobil-oil.de/report/; report-to csp-endpoint 1
default-src 'self' * data: blob:; img-src 'self' * 'unsafe-inline' data: blob:; style-src 'self' * 'unsafe-inline' data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval' blob:; object-src 'none'; child-src https:; frame-ancestors 'self' *.resumecat.com; 1
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; object-src 'none'; base-uri 'none'; prefetch-src 'self' 1
frame-ancestors 'self'; report-uri https://www.garoto.com.br/report-uri/enforce 1
frame-ancestors 'self' *.owensborohealth.org mychart.omhs.org; report-uri /report-csp-violation 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com https://js-cdn.dynatrace.com https://www.youtube.com https://wtbng.pricespider.com https://wtbstream.pricespider.com https://embeddedcloud.pricespider.com https://omni.pricespider.com https://locate.pricespider.com https://api.tiles.mapbox.com https://wtbevents.pricespider.com https://cdn.pricespider.com https://z.moatads.com rpxnow.com cdn.segment.com *.janraincapture.com *.doubleclick.net *.googleadservices.com s.pinimg.com *.cloudfront.net pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' https://cdn.pricespider.com https://api.tiles.mapbox.com quilt-cdn.janrain.com *.bazaarvoice.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' https://adservice.google.com https://cdn.pricespider.com https://wwwassets.pricespider.com https://embeddedcloud.pricespider.com https://40n23zgkic3y-a.akamaihd.net https://px.moatads.com https://www.google.com i.ytimg.com pixel.tapad.com *.doubleclick.net ct.pinterest.com *.cloudfront.net videos.ctfassets.net images.ctfassets.net *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com data: feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' https://videos.ctfassets.net https://pandg.tapad.com https://www.youtube.com feed.pghub.io *.adsrvr.org *.doubleclick.net *.jebbit.com *.bazaarvoice.com *.janraincapture.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com pandg.tapad.com ; manifest-src * ; 1
default-src *.martinbros.com; connect-src *.martinbros.com *.google-analytics.com forms.hsforms.com *.fontawesome.com; img-src *.martinbros.com www.facebook.com *.google-analytics.com track.hubspot.com assets.pinterest.com log.pinterest.com *.googleadservices.com googleads.g.doubleclick.net www.google.com www.googletagmanager.com *.fontawesome.com *.hsforms.com 'self' data:; script-src 'unsafe-inline' *.martinbros.com code.jquery.com *.google-analytics.com www.googletagmanager.com www.googleadservices.com connect.facebook.net *.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsforms.net forms.hsforms.com cdn.jsdelivr.net stackpath.bootstrapcdn.com assets.pinterest.com seekbeak.com www.youtube.com unpkg.com *.fontawesome.com; style-src 'unsafe-inline' *.martinbros.com maxcdn.bootstrapcdn.com stackpath.bootstrapcdn.com cdn.jsdelivr.net fonts.googleapis.com; font-src *.martinbros.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.fontawesome.com data:; frame-src www.google.com www.youtube.com www.facebook.com seekbeak.com forms.hsforms.com 1
frame-ancestors 'self' https://quotes.choicemutual.com/; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://courses.seancannell.com https://www.seancannell.com https://www.thinkmedia.video 1
default-src 'self' sidecarhealth.b-cdn.net sidecarhealth.com td.doubleclick.net test-sidecar-health.pantheonsite.io sidecarhealth.localhost boards.greenhouse.io greenhouse.io cdn.linkedin.oribi.io web1.acsbapp.com cdn.jsdelivr.net api.lever.co andreasmb.github.io player.vimeo.com vimeo.com bam.nr-data.net js-agent.newrelic.com px.ads.linkedin.com *.linkedin.com/* linkedin.com snapengage.com widget.trustpilot.com dev.visualwebsiteoptimizer.com utt.impactcdn.com cdn.heapanalytics.com acsbapp.com storage.googleapis.com bat.bing.com connect.facebook.net *.facebook.net/* *.facebook.com snap.licdn.com cdn.callrail.com pix.pub script.hotjar.com in.hotjar.com heapanalytics.com cdn.acsbapp.com logs-01.loggly.com snapengage.com vars.hotjar.com use.fontawesome.com static.hotjar.com 1.gravatar.com id.rlcdn.com js.hsleadflows.net stats.g.doubleclick.net track.hubspot.com perf.hsforms.com forms-na1.hsforms.com *.gstatic.com/* api.hubapi.com forms.hubspot.com hubspot.com js.hs-banner.com js.hscollectedforms.net js.hsadspixel.net js.hs-analytics.net api.livechatinc.com secure.livechatinc.com google.com google.ro google-analytics.com *.google.com www.googletagmanager.com *.ipify.org googletagmanager.com googleads.g.doubleclick.net js.hs-scripts.com cdn.livechatinc.com boards.greenhouse.io boards-api.greenhouse.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com js.hsforms.net cdnjs.cloudflare.com unpkg.com secure.gravatar.com fonts.googleapis.com fonts.gstatic.com analytics.js recaptcha__en.js browser.sentry-cdn.com app.hubspot.com static.hsappstatic.net client-api.auryc.com apps.usw2.pure.cloud api.usw2.pure.cloud api-cdn.usw2.pure.cloud googleadservices.com genesys.min.js wss://webmessaging.usw2.pure.cloud  sharer.min.js *.pure.cloud wss://cobrowse-v2.usw2.pure.cloud www.gstatic.com 'unsafe-inline' 'unsafe-eval' data: blob: ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' js.braintreegateway.com assets.braintreegateway.com *.commerce-payment-services.com ajax.cloudflare.com static.cloudflareinsights.com converter.dynamicconverter.com detect.dynamicconverter.com beacon-v2.helpscout.net d12wqas9hcki3z.cloudfront.net d33v4339jhl8k0.cloudfront.net device.maxmind.com polyfill.io assets.shipperhq.com *.paypal.com *.stats.paypal.com www.paypalobjects.com pay.google.com google.com www.gstatic.com www.google.com apis.google.com www.googleapis.com www.youtube.com s.ytimg.com player.vimeo.com vimeo.com; style-src * 'self' 'unsafe-inline' 'report-sample'; img-src * 'self' data: blob:; font-src * 'self' data: blob:; connect-src 'self' api.braintreegateway.com client-analytics.braintreegateway.com *.braintree-api.com api.sandbox.braintreegateway.com client-analytics.sandbox.braintreegateway.com beaconapi.helpscout.net chatapi.helpscout.net d3hb14vkzrxvla.cloudfront.net *.pusher.com wss://*.pusher.com *.mmapiws.com *.paypal.com *.stats.paypal.com google.com api.venmo.com; media-src * 'self' data: blob:; object-src 'self'; child-src 'self' orders.divegearexpress.com assets.braintreegateway.com ssl.kaptcha.com tst.kaptcha.com www.weltpixel.com beacon-v2.helpscout.net *.paypal.com *.stats.paypal.com www.dhl.com wesupplylabs.com www.youtube.com player.vimeo.com vimeo.com; frame-src 'self' orders.divegearexpress.com assets.braintreegateway.com ssl.kaptcha.com tst.kaptcha.com www.weltpixel.com beacon-v2.helpscout.net pay.google.com www.google.com recaptcha.google.com google.com *.paypal.com *.stats.paypal.com www.paypalobjects.com www.dhl.com wesupplylabs.com www.youtube.com player.vimeo.com vimeo.com; worker-src 'none'; frame-ancestors 'self'; form-action 'self' youtube.com; upgrade-insecure-requests; base-uri 'self'; report-uri https://divegearexpress.report-uri.com/r/d/csp/enforce; report-to csprpt 1
frame-ancestors 'self' newcockpit.eqs.com 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' https://cdn.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.thewhiskyworld.com; base-uri 'self' 1
default-src 'self' localhost:80 *.snh48.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src 'self' ; 	style-src 'unsafe-inline' 'self' faq.diy-shop.jp fonts.googleapis.com maxcdn.bootstrapcdn.com support-widget.userlocal.jp ; 	script-src 'unsafe-inline' 'unsafe-eval' 'self' faq.diy-shop.jp connect.facebook.net ssl.google-analytics.com googleads.g.doubleclick.net www.googletagmanager.com www.googleadservices.com www.google.com support-widget.userlocal.jp seal.digicert.com yubinbango.github.io assets.pinterest.com platform.twitter.com static-fe.payments-amazon.com static-na.payments-amazon.com www.clarity.ms ; 	img-src filesystem: data: blob: 'self' *.diy-shop.jp stats.g.doubleclick.net ssl.google-analytics.com www.google-analytics.com www.google.co.jp www.google.com storage.userlocal.jp www.facebook.com www.googletagmanager.com d1ctdua1fpv2wv.cloudfront.net seal.digicert.com i.ytimg.com syndication.twitter.com log.pinterest.com googleads.g.doubleclick.net api.veritrans.co.jp adservice.google.com *.clarity.ms apay-up-banner.com ; 	font-src data: 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com ; 	frame-src 'self' www.youtube.com www.facebook.com bid.g.doubleclick.net td.doubleclick.net platform.twitter.com www.googletagmanager.com assets.pinterest.com ; 	frame-ancestors 'self' www.google.com ; 	connect-src 'self' faq.diy-shop.jp payments-fe.amazon.com apay-us.amazon.com support-beacon.userlocal.jp www.facebook.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.google.com adservice.google.com www.googletagmanager.com pagead2.googlesyndication.com *.clarity.ms ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' stats.wp.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com extend.vimeocdn.com kit.fontawesome.com www.realtimestatistics.net s0.wp.com *.hs-analytics.net *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com blob: *.hubspot.com device.maxmind.com; font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com s0.wp.com; connect-src 'self' www.google-analytics.com stats.g.doubleclick.net *.hscollectedforms.net *.hubspot.com *.mmapiws.com; img-src 'self' data: https:; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com kit.fontawesome.com s0.wp.com; base-uri 'self';form-action 'self' wpengine.blogvault.net;frame-ancestors 'self'; frame-src 'self' www.google.com player.vimeo.com correlation.edgate.com widgets.wp.com 1
script-src 'nonce-random123' 'strict-dynamic' 'unsafe-inline' https:; object-src 'none'; base-uri 'none'; 1
frame-ancestors 'self' *.commercevision.biz *.commercevision.com.au *.ariba.com *.hydrotasmania.com.au 1
base-uri 'self'; default-src 'none'; script-src 'self'; connect-src 'self' http://127.0.0.1:24727; media-src https://multimedia.gsb.bund.de/; style-src 'self'; img-src 'self'; font-src 'self'; frame-src 'none'; frame-ancestors 'none'; 1
default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ocdn.eu m.konto.onet.pl onet.pl *.onet.pl *.dreamlab.pl *.gstatic.com *.grupaonet.pl *.google.com *.google.pl *.hotjar.com; frame-ancestors 'self' https://www.onet.pl https://beta.onet.pl; report-uri https://events.ocdn.eu/v2/csp-report?_ac=events&_fv=konto.onet.pl::ENCRYPT_SSO_COOKIE 1
default-src 'self' data: *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl 1
default-src 'self' 'unsafe-inline' *.fls.doubleclick.net https://lptag.liveperson.net https://dpm.demdex.net https://www.googletagmanager.com https://www.google-analytics.com https://hello.myfonts.net https://tags.tiqcdn.com https://lloydsbanking.kuluvalley.com *.webtrends.com *.webtrendslive.com *.google.com *.youtube.com *.gstatic.com https://www.baseratecalculator.co.uk; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com https://www.googletagmanager.com *.liveperson.net https://www.google-analytics.com https://tags.tiqcdn.com https://lptag.liveperson.net; img-src 'self' data: https://app.reapit.net/ https://lloydsbankinggroup.d3.sc.omtrdc.net/ https://alto-live.s3.amazonaws.com https://www.uklandandfarms.co.uk/ https://www.google-analytics.com/ https://content.knightfrank.com/ https://app.jetsoftware.co.uk/ https://assets.reapit.net/ https://images.portalimages.com/ https://alto2-live.s3.amazonaws.com/ https://med05.expertagent.co.uk/ https://dataexport.co.uk/ https://www.woodlands.co.uk/images/uklandandfarms-1.png https://alto3-alto-media.s3.amazonaws.com/ https://alto4-alto-media.s3.amazonaws.com/ https://app.reapit.net; font-src 'self' data: ;  report-uri /Pulse/CSP/csp-report.ashx 1
frame-ancestors 'self' https://*.sentilink.com/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' ajax.googleapis.com api-maps.yandex.ru; connect-src 'self'; child-src 'self'; img-src * data:; style-src * 'unsafe-inline'; font-src *; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZDUwMjYzMTMxYjZkNDM1OWI3Zjc1NjE1ZGZjMGIzNTc=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.kinderbescherming.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.kinderbescherming.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.kinderbescherming.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' dataLens.yandex docs.google.com gov35.ru *.gov35.ru pos.gosuslugi.ru *.vk.com vk.com *.rutube.ru rutube.ru *.youtube.com yandex.ru *.yandex.ru mc.yandex.md *.maps.yandex.net yandex.info bitrix.info yastatic.net s7.addthis.com counter.yadro.ru bitrix.ru *.bitrix.ru *.sputnik.ru *.gov.ru vashkontrol.ru blob: data: ; 1
frame-ancestors 'self' *.persol-career.co.jp *.adobetm.com 1
default-src 'self' 'unsafe-inline' player.vimeo.com www.youtube.com *.tile.openstreetmap.org; script-src 'self' 'unsafe-inline' cdn.usefathom.com unpkg.com api.mapbox.com *.tile.openstreetmap.org; img-src data: 'self' 'unsafe-eval' cdn.usefathom.com unpkg.com api.mapbox.com *.tile.openstreetmap.org; style-src 'self' 'unsafe-inline' fonts.googleapis.com unpkg.com api.mapbox.com; font-src 'self' fonts.gstatic.com; connect-src 'self' *.tile.openstreetmap.org 1
frame-ancestors 'self' https://*.heavychips.com https://*.decta.com; 1
script-src 'self' blob: https://googleads.g.doubleclick.net https://ct.pinterest.com/  https://s.pinimg.com/ https://static.ads-twitter.com https://bat.bing.com https://www.redditstatic.com https://www.google-analytics.com https://www.gstatic.com/ 'unsafe-inline' 'unsafe-eval' https://www.bugherd.com https://www.google.com https://ajax.googleapis.com https://apply.app.jobvite.com https://bidagent.xad.com https://cdn.jsdelivr.net https://code.jquery.com https://hb.secure.force.com https://hopebridge.my.salesforce-sites.com https://jobs.hopebridge.com https://maps.googleapis.com https://maps.google.com https://my.hellobar.com https://sitestats.ttcportals.com https://tenor.com https://www.googletagmanager.com https://www.instagram.com https://www.tiktok.com; style-src 'self' 'unsafe-inline' https://dhbhdrzi4tiry.cloudfront.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://use.typekit.net https://hopebridge.my.salesforce-sites.com https://hopebridge.com https://p.typekit.net; img-src data: *; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-0vMlWqYNaW51IhXwQCjmyW2PEvMQmBJlLe5NnLKY6/j1G0af' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.apexrentals.com *.apexrentals.co.nz *.apexrentals.com.au static.cloudflareinsights.com *.googleadservices.com *.doubleclick.net bat.bing.com *.stackadapt.com *.srv.stackadapt.com js.adsrvr.org *.googletagmanager.com *.livechatinc.com *.youtube.com *.cloudflare.com *.googleapis.com *.gstatic.com qvdt3feo.com *.adsrvr.org *.vimeo.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googlesyndication.com *.google-analytics.com data:; 1
'default-src' 'self' 1
frame-ancestors 'self' http://www.royco.co.id unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' *.stackadapt.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com *.impactradius-event.com *.teads.tv *.passage.ai wss://tars-prod.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.transunion.com *.vols7feed.com *.addthis.co *.amazon-adsystem.com *.youtube.com *.doubleclick.net *.company-target.com *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.adsrvr.org dmtry.com *.dmtry.com *.quantserve.com *.bluekai.com *.facebook.com *.demandbase.com doubleclick.net *.trustev.com *.yahoo.com *.atedra.com *.twitter.com *.bing.com crwdcntrl.net c.rstg.io cdn.nextinsure.com *.jquery.com cloudfront.net *.googleapis.com *.adnxs.com *.rlcdn.com investis.com adsrvr.org sharethrough.com adroll.com yimg.com amazonaws.com *.fastclick.net secure.leadback.advertising.com google-analytics.com *.ads-twitter.com *.openx.net *.zencdn.net googleadservices.com gstatic.com bidswitch.net *.media6degrees.com googletagmanager.com *.siteintercept.qualtrics.com *.qualtrics.com; script-src 'self' assets.adobedtm.com *.handtalk.me *.googleanalytics.com optimize.google.com *.liveperson.net *.leadsrx.com https://sc-static.net *.lpsnmedia.net https://siteimproveanalytics.com *.kore.ai *.b0e8.com *.bc0a.com *.stackadapt.com *.thebrighttag.com *.btstatic.com *.hifiona.com *.impactradius-event.com *.teads.tv *.passage.ai *.evenfinancial.com *.taboola.com *.quantcount.com *.dotomi.com *.transunion.com *.mxpnl.com *.vols7feed.com *.addthis.com *.googletagmanager.com *.optimizely.com *.pingdom.com *.cloudflare.com *.googleadservices.com *.youtube.com *.doubleclick.net *.google-analytics.com *.quantserve.com *.g.3gl.net *.eloqua.com *.crwdcntrl.net *.googleapis.com *.investis.com *.amazonaws.com *.cloudfront.net *.nextinsure.com *.lendingtree.com *.mediaplex.com *.demandbase.com *.jquery.com *.gstatic.com *.bing.com *.3gl.net *.yourscoreonline.com *.gofreecredit.com *.creditcheckingtoday.com *.naturaltracking.com *.credit.com *.facebook.com *.yimg.com *.ytimg.com *.quora.com *.ensighten.com *.d39se0h2uvfakd.cloudfront.net *.linkedin.com *.adsprotection.com *.brightcove.com *.hotjar.com *.adroll.com *.brightcove.net *.en25.com *.adsrvr.org *.abmr.net *.mathtag.com t2.rstg.io px.ads.linkedin.com vjs.zencdn.net *.twitter.com iad-login.dotomi.com snap.licdn.com sp.analytics.yahoo.com unpkg.com *.myfonts.net *.en25.com *.addthisedge.com *.zencdn.com *.s3.amazonaws.com cdn.ampproject.org *.company-target.com *.media6degrees.com *.ads-twitter.com cdn.mxpnl.com *.bizographics.com *.pingdom.net *.mbww.com *.entrust.net *.trustev.com *.mathtag.com *.googlesyndication.com *.google.com *.outbrain.com o1.qnsr.com *.facebook.net cas.cluep.com *.quizgnome.com *.siteintercept.qualtrics.com *.qualtrics.com *.pulseinsights.com blob: 'unsafe-eval' 'unsafe-inline'; child-src *.handtalk.me *.liveperson.net *.snapchat.com *.lpsnmedia.net *.evenfinancial.com *.transunion.com blob: *.crwdcntrl.net *.hifiona.com *.cdn.optimizely.com *.addthis.com *.doubleclick.net *.lendingtree.com *.youtube.com *.hotjar.com *.mediaplex.com *.optimizely.com *.brightcove.net s.amazon-adsystem.com *.trustev.com *.mathtag.com *.qnsr.com *.facebook.com *.siteintercept.qualtrics.com *.qualtrics.com; connect-src 'self' *.tt.omtrdc.net dpm.demdex.net *.handtalk.me wss://va.msg.liveperson.net wss://lo.msg.liveperson.net *.google-analytics.com *.leadsrx.com *.bc0a.com *.nextinsure.com *.googleapis.com *.g.doubleclick.net *.kore.ai wss://rtm.kore.ai *.stackadapt.com *.ifgza3.net *.passage.ai wss://tars-prod.passage.ai *.taboola.com *.transunion.com *.mixpanel.com *.optimizely.com *.youtube.com *.brightcovecdn.com *.pingdom.net *.brightcove.com manifest.prod.boltdns.net airbrake.io *.company-target.com r.3gl.net s7.addthis.com *.herokuapp.com unity.cadreon.com app.trustev.com *.hotjar.com wss://*.hotjar.com *.siteintercept.qualtrics.com *.qualtrics.com 'unsafe-eval'; media-src 'self' *.lpsnmedia.net *.brightcove.com *.brightcovecdn.com *.prod.boltdns.net *.transunion.com blob: f1.media.brightcove.com; img-src * *.googletagmanager.com blob: *.google-analytics.com optimize.google.com *.ifgza3.net *.ojrq.net *.tapad.com *.loggly.com *.rlcdn.com data:; font-src data: fonts.gstatic.com *.transunioncentralamerica.com *.nextinsure.com *.gstatic.com *.company-target.com edge.api.brightcove.com r.3gl.net *.addthis.com *.herokuapp.com *.quora.com; frame-src * optimize.google.com; style-src * optimize.google.com fonts.googleapis.com 'unsafe-eval' 'unsafe-inline'; frame-ancestors *.transunion.com; 1
frame-ancestors 'self' https://zab.pasanja.xyz/ 1
frame-ancestors 'self' *.cellarbrations.com.au *.almonline.com.au 1
default-src 'self'; block-all-mixed-content ; base-uri 'self'; object-src 'self'; script-src  'nonce-accd9d1d00124d44a506f839f584b0e0' 'self' https://www.clarity.ms https://48596ae85cd14945aabb79a13c1ba707.svc.dynamics.com https://widget.surveymonkey.com/ https://secure.quantserve.com/ https://rules.quantcount.com/ https://ajax.googleapis.com/ https://www.googleadservices.com https://js.adsrvr.org https://cdnjs.cloudflare.com https://sdk.passle.net https://s.ytimg.com https://tagmanager.google.com https://www.google.com https://www.youtube.com https://st.getsitecontrol.com https://script.hotjar.com https://widgets.getsitecontrol.com https://static.hotjar.com https://connect.facebook.net https://www.googletagmanager.com https://dl.episerver.net https://maps.googleapis.com/ https://analytics.clickdimensions.com https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://az124611.vo.msecnd.net/ https://docs.grantthornton.ca/ https://www.gstatic.com https://cdn-us.clickdimensions.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://www.clarity.ms/ https://mktdplp102cdn.azureedge.net/ https://secure.thaw6lily.com/ http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://ws1.postescanada-canadapost.ca/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://region1.google-analytics.com/ https://s.yimg.com/ https://sp.analytics.yahoo.com https://b783c358f7e6407981077074279908ed.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/ https://gateway.zscalerthree.net/ https://*.googletagmanager.com https://view.ceros.com/ https://flo.uri.sh/ https://*.onetrust.com; img-src 'self' data: https://48596ae85cd14945aabb79a13c1ba707.svc.dynamics.com https://*.analytics.google.com/ https://*.google-analytics.com/ https://pixel.quantserve.com/ https://match.adsrvr.org/ https://ups.analytics.yahoo.com/ https://analytics.clickdimensions.com https://r.turn.com/ https://www.linkedin.com https://www.gstatic.com https://connect.facebook.net https://px4.ads.linkedin.com https://px.ads.linkedin.com https://p.adsymptotic.com/ https://googleads.g.doubleclick.net https://pixel.mediaiqdigital.com https://secure.adnxs.com https://insight.adsrvr.org https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat https://ssl.gstatic.com https://syndication.twitter.com https://optimize.google.com https://www.facebook.com https://platform.twitter.com https://pbs.twimg.com https://images.passle.net https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://stats.g.doubleclick.net https://docs.grantthornton.ca/ https://cm.g.doubleclick.net/ https://t.co/ https://pixel.rubiconproject.com/ https://pixel.advertising.com/ https://c.clarity.ms/ https://c.bing.com/ http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://sp.analytics.yahoo.com/ https://analytics.twitter.com/ https://*.googletagmanager.com https://*.onetrust.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://view.ceros.com/ https://optimize.google.com https://code.jquery.com https://docs.grantthornton.ca https://maxcdn.bootstrapcdn.com https://platform.twitter.com https://cdnjs.cloudflare.com https://sdk.passle.net https://fonts.googleapis.com https://clientapi.passle.net https://az124611.vo.msecnd.net/ https://cdn-us.clickdimensions.com/ https://ws1.postescanada-canadapost.ca/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/ https://b783c358f7e6407981077074279908ed.svc.dynamics.com/; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://cdnjs.cloudflare.com https://docs.grantthornton.ca https://maxcdn.bootstrapcdn.com http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://b783c358f7e6407981077074279908ed.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/; frame-src https://td.doubleclick.net https://view.ceros.com https://48596ae85cd14945aabb79a13c1ba707.svc.dynamics.com https://www.surveymonkey.com/ https://az416426.vo.msecnd.net https://www.googletagmanager.com https://www.facebook.com/ https://insight.adsrvr.org https://platform.twitter.com https://vars.hotjar.com https://www.passle.net https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://www.google.com https://match.adsrvr.org/ https://flo.uri.sh/ https://fb415af4912b4c02bbda1fc53b1dd897.svc.dynamics.com/ http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://ws1.postescanada-canadapost.ca/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/ https://b783c358f7e6407981077074279908ed.svc.dynamics.com/; connect-src 'self' https://48596ae85cd14945aabb79a13c1ba707.svc.dynamics.com https://px.ads.linkedin.com https://www.googletagmanager.com https://dc.services.visualstudio.com https://www.passle.net https://clientapi.passle.net https://az416426.vo.msecnd.net https://docs.grantthornton.ca https://*.google-analytics.com/ https://*.analytics.google.com/ https://extreme-ip-lookup.com https://www.facebook.com https://stats.g.doubleclick.net https://pixel.quantcount.com/ https://in.hotjar.com https://vc.hotjar.io wss://ws4.hotjar.com/ wss://ws2.hotjar.com wss://ws5.hotjar.com wss://ws1.hotjar.com wss://ws14.hotjar.com/ https://www.clarity.ms/ https://fb415af4912b4c02bbda1fc53b1dd897.svc.dynamics.com/ http://a68f75e1c2414f57a51c297d1bffd1da.svc.dynamics.com/ https://ws1.postescanada-canadapost.ca/ https://4863a70f0daa49d387782880df69bf97.svc.dynamics.com/ https://s.yimg.com/ https://idx.liadm.com/ https://b783c358f7e6407981077074279908ed.svc.dynamics.com/ https://713fd8515eb046149fb744a7b658e20f.svc.dynamics.com/ https://cdn.linkedin.oribi.io/ https://analytics.google.com/ https://*.googletagmanager.com https://maps.googleapis.com/ https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://content.hotjar.io/ wss://ws.hotjar.com/ https://metrics.hotjar.io/ https://*.onetrust.com https://pagead2.googlesyndication.com/ https://www.google.com https://googleads.g.doubleclick.net; 1
default-src * data: 'unsafe-inline' 'unsafe-eval' blob: filesystem: about: ws: wss: 1
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://tuclothing.sainsburys.co.uk/csp-report 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-PmRAlXAEQnae00cfC9m704jlw6aVhXI+qI3mIHzmtZpjVHOR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self' *.crazyegg.com;connect-src 'self' https://ip2c.org https://maps.googleapis.com https://www.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net *.crazyegg.com *.sentry.io https://*.com https://com https://*.elfsight.com https://core.service.elfsight.com *.elfsight.com;default-src 'self' *.crazyegg.com blob:;form-action 'self' *.crazyegg.com;media-src 'self' *.crazyegg.com;object-src 'none';font-src 'self' data: https://fonts.gstatic.com;img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.google.com https://www.google.co.uk https://www.gravatar.com https://*.s3.amazonaws.com https://*.com https://com https://cdn.worldweatheronline.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com *.crazyegg.com *.prfct.co *.adnxs.com https://www.glassdoor.com https://seal-dc-easternpa.bbb.org https://s3.amazonaws.com;frame-src 'self' https://widget.trustpilot.com https://www.google.com https://www.youtube.com https://cse.google.com *.crazyegg.com *.youtube-nocookie.com *.marketingautomation.services;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.com https://com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://*.analytics.google.com https://maps.googleapis.com https://widget.trustpilot.com https://www.youtube.com https://cse.google.com https://partner.googleadservices.com *.crazyegg.com blob: *.marketingautomation.services *.perfectaudience.com *.prfct.co https://static.elfsight.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com https://www.google.com *.crazyegg.com 1
frame-ancestors 'self' https://*.igus.eu https://*.igus.de https://*.igus.com https://*.igus.com.ar https://*.igus.at https://*.igus.com.au https://*.igus.be https://*.igus.bg https://*.igus.com.br https://*.igus.by https://*.igus.ca https://*.igus.ch https://*.igus.cl https://*.igus.com.cn https://*.igus.cz https://*.igus.dk https://*.igus.es https://*.igus.com.eg https://*.igus.fi https://*.igus.fr https://*.igus.co.uk https://*.igus.gr https://*.igus.hr https://*.igus.hu https://*.igus.ie https://*.igus.co.il https://*.igus.in https://*.igus.it https://*.igus.co.jp https://*.igus.kr https://*.igus.lt https://*.igus.com.mx https://*.igus.my https://*.igus.nl https://*.igus.no https://*.igus.co.nz https://*.igus.pl https://*.igus.pt https://*.igus.ro https://*.igus.rs https://*.igus.ru https://*.igus.se https://*.igusab.se https://*.igus.sg https://*.igus.si https://*.igus.sk https://*.igus.com.tr https://*.igus.com.tw https://*.igus.com.ua https://*.igus.vn https://*.igus.co.za https://*.igus.co.id https://*.igus.ee https://*.igus.co.th https://igus.lightning.force.com https://*.igus.tools; 1
frame-ancestors 'self' https://*.bulgarianproperties.bg https://*.bulgarianproperties.com https://*.bulgarianproperties.ru; object-src 'none'; base-uri 'none'; script-src 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.cloudflare.com *.tiktokcdn.com *.ttwstatic.com *.tiktok.com play.google.com youtube.com *.instagram.com *.gstatic.com ytimg.com maps.googleapis.com apis.google.com cdninstagram.com instagram.com google.com platform.twitter.com *.istaging.com *.bulgarianproperties.com *.bulgarianproperties.com.ua *.bulgarianproperties.bg *.bulgarianproperties.ru fonts.gstatic.com static.bulgarianproperties.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com connect.facebook.net googleads.g.doubleclick.net www.facebook.com img.youtube.com googlevideo.com www.youtube-nocookie.com www.youtube.com googleads.g.doubleclick.net 1
default-src 'self' https://*.roshd.ir https://*.yektanet.com https://www.aparat.com https://*.google.com https://maps.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.roshd.ir https://*.google.com https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://*.roshd.ir https://*.gstatic.com https://*.google.com https://maps.gstatic.com https://maps.googleapis.com https://trustseal.enamad.ir https://logo.samandehi.ir https://ua.yektanet.com https://www.google-analytics.com data:; script-src-elem 'self' https://*.roshd.ir https://*.getclicky.com https://*.google.com https://maps.googleapis.com https://cdn.yektanet.com https://native-scripts.yektanet.com https://partner.googleadservices.com https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com 'unsafe-inline'; frame-src 'self' https://*.roshd.ir https://www.aparat.com https://www.adsensecustomsearchads.com https://*.google.com; frame-ancestors 'self' https://*.roshd.ir https://www.aparat.com; 1
style-src 'unsafe-inline' 'self' https://*.fontawesome.com https://cdnjs.cloudflare.com https://platform.twitter.com https://ton.twimg.com https://*.plyr.io https://*.quantserve.com https://*.demdex.net https://*.facebook.com https://*.facebook.net https://*.ads-twitter.com https://bat.bing.com https://*.schwab.com; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.evidon.com https://*.twimg.com https://*.everesttech.net https://*.twitter.com https://*.cloudflare.com https://*.tiqcdn.com https://*.uplynk.com https://*.google.com https://*.addthisedge.com https://*.addthis.com https://www.googleadservices.com https://*.doubleclick.net https://*.wsod.com https://*.facebook.net https://*.facebook.com https://t.co https://*.tdameritrade.com https://*.adsrvr.org https://gateway.foresee.com https://www.googletagmanager.com https://*.moatads.com https://sc-static.net https://*.google.ru https://tr.snapchat.com https://pixel.tapad.com https://*.demdex.net https://*.quantserve.com https://rules.quantcount.com https://*.plyr.io https://www.redditstatic.com https://*.ads-twitter.com https://bat.bing.com https://*.schwab.com blob:; default-src 'self' https://*.twimg.com https://*.everesttech.net https://*.twitter.com https://*.cloudflare.com https://*.tiqcdn.com https://*.uplynk.com https://*.google.com https://*.addthisedge.com https://*.addthis.com https://www.googleadservices.com https://*.doubleclick.net https://*.wsod.com https://*.facebook.net https://*.facebook.com https://t.co https://*.tdameritrade.com https://*.adsrvr.org https://gateway.foresee.com https://www.googletagmanager.com https://*.moatads.com https://sc-static.net https://*.google.ru https://tr.snapchat.com https://pixel.tapad.com https://*.demdex.net https://*.plyr.io https://*.quantserve.com https://*.fontawesome.com https://*.evidon.com https://*.rlcdn.com https://*.reddit.com https://*.ads-twitter.com tdameritradenetwork.com https://bat.bing.com https://*.schwab.com blob: data:; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' translate-pa.googleapis.com translate.google.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.heerlen.nl siteimproveanalytics.com cloudstatic.obi4wan.com geo.gegevenshuis.nl geocomponent.kaartviewer.nl heerlen.nl m5.mailplus.nl static.mailplus.nl stats.pusher.com www.digitaalpubliceren.com digitaalpubliceren.com;frame-src 'self' www.youtube-nocookie.com https://vimeo.com/ www.youtube.com 0917.ro-viewer.nl *.readspeaker.com www.prettigparkeren.nl player.vimeo.com www.digitaalpubliceren.com digitaalpubliceren.com;style-src 'self' 'unsafe-inline' www.gstatic.com translate.google.com translate.googleapis.com cloud.typography.com www.heerlen.nl  geo.gegevenshuis.nl geocomponent.kaartviewer.nl;img-src 'self' data: localhost:8080 www.gstatic.com s3-eu-west-1.amazonaws.com www.google-analytics.com i.vimeocdn.com *.global.siteimproveanalytics.io geo.gegevenshuis.nl geocomponent.kaartviewer.nl helpdesk.kaartviewer.nl geodata.nationaalgeoregister.nl www.openbasiskaart.nl service.pdok.nl www.digitaalpubliceren.com digitaalpubliceren.com;font-src 'self' data: ;object-src 'self';media-src 'self' *.readspeaker.com 1
upgrade-insecure-requests; default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://cdnjs.cloudflare.com https://*.ctctcdn.com https://ecdev.org https://api.ecdev.org https://*.echosign.com https://*.na1.echosign.com https://connect.facebook.net https://*.googleapis.com https://*.google.com https://*.google-analytics.com https://*.googlecode.com https://*.gstatic.com https://googletagmanager.com https://*.googletagmanager.com https://assets.ca.recollect.net https://*.recollect.net https://recollect.net https://*.typekit.net https://widget.twnmm.com https://*.zoomprospector.com; style-src 'self' 'unsafe-inline' https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://*.ctctcdn.com https://api.ecdev.org https://stalbert.ecdev.org https://*.google.com https://*.googleapis.com https://cdn-images.mailchimp.com https://assets.ca.recollect.net https://recollect.a.ssl.fastly.net https://recollect.net https://widget.twnmm.com https://*.typekit.net; img-src 'self' data: https://*.stalbert.ca https://stalbert.ca https://s3.ca-central-1.amazonaws.com https://arcgis.com https://*.arcgis.com https://*.arcgisonline.com https://static.ctctcdn.com https://www.facebook.com https://*.google.ca https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://www.paypal.com https://www.paypalobjects.com https://assets.ca.recollect.net https://api.recollect.net https://recollect.net https://recollect.a.ssl.fastly.net https://recollect-images.global.ssl.fastly.net https://www.sumac.com https://widget.twnmm.com https://*.typekit.net https://*.ytimg.com; font-src 'self' data: https://*.stalbert.ca https://stalbert.ca https://arcgis.com https://*.arcgis.com https://*.gstatic.com https://recollect.a.ssl.fastly.net https://assets.ca.recollect.net https://recollect.net https://*.typekit.net; frame-src 'self' https://*.stalbert.ca https://stalbert.ca https://anchor.fm https://arcg.is https://arcgis.com https://*.arcgis.com https://environment.alberta.ca https://embed.clearpointstrategy.com https://*.doubleclick.net https://maps.ecdev.org https://stalbert.ecdev.org https://*.echosign.com https://*.na1.echosign.com https://*.google.ca https://*.google.com https://googletagmanager.com https://*.granicus.com https://*.legistar.com https://stalbert.ca.legistar.com/ https://pbtech.org https://assets.ca.recollect.net https://api.recollect.net https://recollect.net https://seeclickfix.com https://e605.spacelist.ca https://monitoringpublic.solaredge.com https://live.tourdash.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://properties.zoomprospector.com; object-src 'none'; report-uri https://stalbert.report-uri.io/r/default/csp/enforce 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-2cwN/H86dUjiH3nS7FxCONm74qA9x7' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self';  child-src 'none'; object-src 'none'; worker-src 'none'; frame-src 'self' https://www.facebook.com https://platform.twitter.com https://syndication.twitter.com https://www.arcgis.com https://www.google.com; default-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net/j/collect https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://platform.twitter.com https://maps.googleapis.com https://tagmanager.google.com https://ton.twimg.com; font-src 'self' https://vanilla.co.za https://fonts.gstatic.com https://maps.googleapis.com/maps/api/js; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/gtag/js https://tagmanager.google.com https://ssl.google-analytics.com https://www.google-analytics.com/analytics.js https://platform.twitter.com https://cdn.syndication.twimg.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/ https://maps.googleapis.com; img-src 'self' www.googletagmanager.com www.google-analytics.com pbs.twimg.com ton.twimg.com platform.twitter.com syndication.twitter.com maps.gstatic.com maps.googleapis.com data:; form-action 'self' mail.vanilla.co.za https://www.google.com/search https://syndication.twitter.com/i/jot data:; 1
img-src https: 1
default-src 'self' https: data:; script-src 'self' 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' 'unsafe-inline' https: data:; font-src http: data:; upgrade-insecure-requests 1
frame-ancestors 'self' https: 1
default-src 'self'; child-src 'self' *.qumucloud.com td.doubleclick.com td.doubleclick.net fast.wistia.net *.g.doubleclick.net www.youtube.com static.doubleclick.net googleads.g.doubleclick.net *.google.com; connect-src 'self' googleads.g.doubleclick.net *.qumucloud.com analytics.google.com pipedream.wistia.com *.google-analytics.com api.curator.io stats.g.doubleclick.net static.doubleclick.net; font-src 'self' *.qumucloud.com fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' *.qumucloud.com ad.doubleclick.net www.googletagmanager.com *.google-analytics.com api.curator.io curator-assets.b-cdn.net i.ytimg.com yt3.ggpht.com www.worldfinancialgroup.com data:; media-src 'self' www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com *.qumucloud.com www.googleadservices.com fast.wistia.net analytics.google.com *.g.doubleclick.net cdn.curator.io connect.facebook.net https://cdnjs.cloudflare.com https://resources.qumucloud.com; style-src 'self' 'unsafe-inline' *.qumucloud.com fonts.googleapis.com cdn.curator.io https://cdnjs.cloudflare.com; frame-ancestors 'self' worldfinancialgroup.com *.worldfinancialgroup.com; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.googletagmanager.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net *.financialcontent.com *.licdn.com googleads.g.doubleclick.net https://cdn.lr-in-prod.com ui.upcp.wirewheel.io s.upcp.wirewheel.io https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/ https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.financialcontent.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.linkedin.com *.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://retirementtool.massmutualascend.com/ https://www.youtube.com/ https://ui.uat.upcp.wirewheel.io/ https://ui.upcp.wirewheel.io/ https://www.calcxml.com/calculators/; connect-src 'self' accounts.google.com *.mktoresp.com *.visualstudio.com *.financialcontent.com *.linkedin.oribi.io *.lr-in-prod.com api.upcp.wirewheel.io api.uat.upcp.wirewheel.io https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.azureedge.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.lr-in-prod.com blob: 1
frame-ancestors 'self'; report-uri https://o452034.ingest.sentry.io/api/5465117/security/?sentry_key=cbc697c4754b4addb8fb861a244a3d70 1
default-src 'self' *.macgamestore.com *.wingamestore.com; form-action 'self' https://*.paypal.com https://*.apple.com https://*.zendesk.com; frame-src 'self' cdn1.macgamestore.com *.trustpilot.com *.facebook.net *.twitter.com *.youtube.com *.google.com *.paypal.com *.braintreegateway.com *.apple.com *.ubisoft.com; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.trustpilot.com *.facebook.com *.braintreegateway.com *.braintree-api.com http://127.0.0.1:11155; script-src 'self' 'nonce-ec33212913a7d9361dedaa0e5efe1facff4f' appleid.cdn-apple.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.trustpilot.com *.facebook.net *.twitter.com *.youtube.com *.ytimg.com *.paypal.com *.paypalobjects.com *.braintreegateway.com ubistatic2-a.akamaihd.net; style-src 'self' 'unsafe-inline' accounts.google.com; img-src 'self' data: blob: *.macgamestore.com *.wingamestore.com *.google-analytics.com *.gstatic.com *.googleusercontent.com *.googletagmanager.com *.trustpilot.com *.facebook.com *.fbsbx.com *.fbcdn.net *.facebook.net *.twitter.com *.youtube.com *.ytimg.com *.akamaized.net *.paypal.com *.braintreegateway.com www.gravatar.com; font-src 'self' data: *.gstatic.com *.googleusercontent.com fontlibrary.org github.com use.typekit.net cdn.honey.io; 1
default-src 'self' https://*.pileje.fr matomo.pileje.fr cdn.matomo.cloud pileje.matomo.cloud; script-src 'self' 'unsafe-inline' *.pileje.fr *.facebook.com *.facebook.net *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.googletagmanager.com *.google-analytics.com www.google-analytics.com *.gstatic.com *.google.com maps.googleapis.com *.ytimg.com *.youtube.com connect.facebook.net maps.googleapis.com maps.google.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com *.eloquant.cloud *.linkedin.com *.oribi.io googleadservices.com googleads.g.doubleclick.net snap.licdn.com px.ads.linkedin.com px.ads.linkedin.com px4.ads.linkedin.com p.adsymptotic.com cdn.linkedin.oribi.io gw.linkedin.oribi.io dc.ads.linkedin.com sjs.bizographics.com *.webspellchecker.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com paas.elsatis.fr pro.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net unpkg.com; img-src 'self' *.pileje.fr *.google.fr *.google.com data: *.google.fr *.google.com *.google-analytics.com *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.facebook.com *.doubleclick.net *.gstatic.com maps.googleapis.com *.ytimg.com *.googletagmanager.com paas.elsatis.fr translate.google.com blob: *.google.fr *.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com *.eloquant.cloud *.linkedin.com *.oribi.io oogleads.g.doubleclick.net px.ads.linkedin.com; frame-src 'self' *.facebook.com *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.google.com *.elsatis.fr *.youtube.com www.googletagmanager.com maps.google.com maps.googleapis.com www.youtube-nocookie.com s.elq.fr *.eloquant.cloud *.linkedin.com *.oribi.io bid.g.doubleclick.net; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com paas.elsatis.fr pro.fontawesome.com github.com; connect-src 'self' *.google-analytics.com *.doubleclick.net *.privacy-center.org *.aticdn.net aticdn.net tag.aticdn.net *.aticdn.net *.xiti.com xiti.com *.facebook.com matomo.pileje.fr cdn.matomo.cloud pileje.matomo.cloud maps.googleapis.com maps.google.com *.linkedin.com *.oribi.io cdn.linkedin.oribi.io *.webspellchecker.net; report-uri /report-csp-violation 1
base-uri 'self'; style-src 'self'; connect-src 'self' *.itzbund.de; script-src 'self' piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src 'self' multimedia.gsb.bund.de; img-src 'self' piwik.itzbund.de *.tile.openstreetmap.org; font-src 'self'; frame-ancestors 'self' *.prod.gsb.bsi.in.bund.de ; upgrade-insecure-requests; 1
script-src 'self' https://*.clarity.ms https://c.bing.com https://msadsscale.azureedge.net https://*.google-analytics.com https://*.googletagmanager.com https://js.stripe.com https://*.google.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-Y0sWYIvedIIgD2ARn+GFONvyEtPAXt/FhrMm8bfhBeA=' 'sha256-N4Vmo8tb6pSc+ImxfQvM1NhFwKWUGlZd+RPuS6cXym8='; connect-src 'self' https://*.clarity.ms https://c.bing.com https://browser.pipe.aria.microsoft.com https://www.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://msadsscale.azureedge.net https://unpkg.com/vue-multiselect/dist/vue-multiselect.min.css https://cdn.jsdelivr.net/npm/famfamfam-flags/dist/sprite/famfamfam-flags.min.css https://*.google.com; frame-src https://js.stripe.com; img-src 'self' data: https://.wikimedia.org https://*.clarity.ms https://*.bing.com https://*.bing.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://*.gstatic.com https://*.media-amazon.com https://*.kelkoo.com https://icon.horse; font-src 'self' https://msadsscale.azureedge.net https://fonts.gstatic.com; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; default-src 'self'; upgrade-insecure-requests 1
upgrade-insecure-requests; frame-ancestors 'self'; report-uri https://cspabuse.itpays.no 1
font-src *.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.buddhateas.com *.goldenskytea.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com fonts.googleapis.com *.googleapis.com *.google.com *.youtube.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.storemapper.co *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com *.facebook.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com use.fontawesome.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com *.buddhateas.com *.goldenskytea.com *.twitter.com *.google.com *.youtube.com *.googleapis.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.gstatic.com *.storemapper.co *.fontawesome.com *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.facebook.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://www.google.com *.addthis.com *.facebook.com *.twitter.com *.meetanshi.com https://plumrocket.com https://accounts.google.com *.buddhateas.com *.goldenskytea.com *.google.com *.googleapis.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.gstatic.com *.storemapper.co *.fontawesome.com *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.addthisedge.com *.twitter.com *.meetanshi.com *.buddhateas.com *.goldenskytea.com *.gstatic.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com *.googleapis.com *.unsplash.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.storemapper.co *.fontawesome.com *.jquery.com *.livechatinc.com *.instagram.com *.facebook.com *.cdninstagram.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.arcgis.com *.destini.co maxmind.destinilocators.com cdn.destinilocators.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://www.google.com *.gstatic.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.net *.twitter.com *.meetanshi.com https://accounts.google.com https://www.gstatic.com *.buddhateas.com *.goldenskytea.com *.cloudflare.com *.google-analytics.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com *.googleapis.com *.myfontastic.com *.bootstrapcdn.com *.unsplash.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.storemapper.co *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.facebook.com unpkg.com *.elfsight.com *.typeform.com *.jsdelivr.net *.klaviyo.com lets.shop *.destini.co *.arcgis.com maxmind.destinilocators.com cdn.destinilocators.com *.ggpht.com *.googleusercontent.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://static.klaviyo.com *.fontawesome.com https://accounts.google.com https://www.gstatic.com *.buddhateas.com *.goldenskytea.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com fonts.googleapis.com *.myfontastic.com *.bootstrapcdn.com *.unsplash.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.storemapper.co *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.facebook.com *.klaviyo.com *.elfsight.com *.typeform.com *.jsdelivr.net lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com hlc7l6v5w6.execute-api.us-west-2.amazonaws.com use.fontawesome.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.meetanshi.com https://accounts.google.com *.buddhateas.com *.goldenskytea.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com *.googleapis.com *.unsplash.com *.trustpilot.com storemapper-herokuapp-com.global.ssl.fastly.net *.gstatic.com *.storemapper.co *.fontawesome.com *.jquery.com *.livechatinc.com *.doubleclick.net *.googletagmanager.com *.datadome.co *.tapfiliate.com frstre.com *.frstre.com *.facebook.com *.elfsight.com *.typeform.com *.jsdelivr.net *.bootstrapcdn.com *.klaviyo.com lets.shop *.destini.co maxmind.destinilocators.com cdn.destinilocators.com *.arcgis.com hlc7l6v5w6.execute-api.us-west-2.amazonaws.com di.rlcdn.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; img-src https: data: ; worker-src blob: https: ; connect-src https: wss: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.jsdelivr.net/ https://www.paypalobjects.com/ https://s3.amazonaws.com/ https://*.stripe.com/ https://*.paypal.com/ https://stats.wp.com/ https://stackpath.bootstrapcdn.com/ https://*.filco.es/ https://*.wp.com/ https://ajax.googleapis.com/ https://cdn.herdereditorial.com/; img-src 'self' data: https://www.paypalobjects.com/ https://*.paypal.com/ https://pixel.wp.com/ https://secure.gravatar.com/ https://*.ytimg.com/ https://cdn.herdereditorial.com/ https://img.icons8.com; object-src 'self' data: https://*.paypal.com/ https://*.paypalobjects.com/ https://*.stripe.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.filco.es/ https://es.bookshop.org/ https://cdn.herdereditorial.com/ https://*.spotify.com/; frame-src 'self' data: https://*.paypal.com/ https://*.paypalobjects.com/ https://*.stripe.com/ https://*.youtube.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.filco.es/ https://es.bookshop.org/ https://cdn.herdereditorial.com/ https://*.spotify.com/; form-action 'self' data: https://*.filco.es/ https://cdn.herdereditorial.com/; 1
connect-src 'self' *.pingdom.net forms.hsforms.com forms.hscollectedforms.net *.google-analytics.com stats.g.doubleclick.net cdn.linkedin.oribi.io *.paypal.com *.sandbox.paypal.com; default-src 'self' 'unsafe-inline'; font-src 'self' data: use.typekit.net fonts.gstatic.com; frame-src *.google.com *.youtube-nocookie.com forms.hsforms.com *.paypal.com *.sandbox.paypal.com; img-src 'self' data: *.pingdom.net p.typekit.net *.gravatar.com img.youtube.com *.ytimg.com *.doubleclick.net *.google.co.uk *.google.com *.google-analytics.com px.ads.linkedin.com linkedin.com www.linkedin.com *.paypalobjects.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com cdn.jsdelivr.net addevent.com *.addevent.com *.pingdom.net use.typekit.net cdnjs.cloudflare.com *.youtube.com *.ytimg.com js.hsforms.net forms.hsforms.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google-analytics.com snap.licdn.com *.paypal.com *.sandbox.paypal.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
frame-ancestors 'self' https://* inline 1
: default-src 'self' 1
frame-ancestors 'self'; report-uri https://www.cptc.edu/report-uri/enforce 1
'self' *.model-t.cc.commerce.ondemand.com *.flyer-bikes.com 1
script-src 'nonce-D2MY6SeiRec3aaOaZcsJSmeVQBE=' 'unsafe-inline' 'strict-dynamic' https: http:; object-src 'none'; 1
default-src 'self' https: wss://ws23.hotjar.com/ https://*.azureedge.net https://*.azure-api.net https://*.blob.core.windows.net https://*.azurewebsites.net https://portal.sjofartsdir.no blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.google-analytics.com https://static.hotjar.com https://*.azureedge.net https://*.cloudflare.com https://widget.usersnap.com https://*.vimeo.com blob:; style-src 'self' 'unsafe-inline' https: https://*.azureedge.net https://*.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: blob:; frame-src 'self' https: https://*.vimeo.com https://*.azure-api.net; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.pype.tech https://bam.nr-data.net https://*.linkedin.com https://measurement-api.criteo.com https://www.google-analytics.com https://analytics.google.com https://widget-format-sbx.pype.tech https://*.launchdarkly.com https://pagead2.googlesyndication.com https://*.onetrust.com https://cdn.cookielaw.org https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com data: image/* https://bat.bing.com https://*.quantcount.com https://*.quantserve.com https://*.typekit.net https://*.googleapis.com https://player.vimeo.com https://*.doubleclick.net https://connect.facebook.net https://*.analytics.google.com https://extend.vimeocdn.com https://*.gstatic.com https://www.google.com https://google.com https://www.facebook.com https://my.matterport.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js-agent.newrelic.com https://snap.licdn.com https://static.cloudflareinsights.com https://web.pypestream.com https://*.doubleclick.net https://maps.googleapis.com https://cdn.cookielaw.org https://rules.quantcount.com https://secure.quantserve.com https://widget.us.criteo.com https://sslwidget.criteo.com https://static.criteo.net https://player.vimeo.com https://web-sandbox.pypestream.com https://use.fontawesome.com https://www.googletagmanager.com https://bat.bing.com https://www.google-analytics.com https://extend.vimeocdn.com https://connect.facebook.net https://www.googleadservices.com; img-src * data: about: https://cdn.cookielaw.org; frame-src 'self' https://my.matterport.com https://web.pypestream.com https://static.criteo.net https://web-sandbox.pypestream.com https://*.doubleclick.net https://*.criteo.com https://www.facebook.com https://player.vimeo.com; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdn.cookielaw.org https://*.googlesyndication.com https://js-agent.newrelic.com https://storage.googleapis.com https://*.googletagmanager.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.printfriendly.com https://static.addtoany.com https://ds-4047.kxcdn.com https://s.ytimg.com/yts/jsbin/ https://static.addtoany.com/menu/ https://snap.licdn.com https://www.youtube-nocookie.com https://rawgit.com/NerOcrO/ntools/master/ntools.user.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://s.ytimg.com https://cdn.rawgit.com/w8tcha/ https://cdn.rawgit.com/ckeditor/ https://www.youtube.com/ https://snap.licdn.com/ https://*.google-analytics.com https://stats.g.doubleclick.net/ https://www.google.com/ads/ https://px.ads.linkedin.com/collect *.instagram.com; img-src 'self' data: https://*.cdninstagram.com https://cdn.cookielaw.org https://*.licdn.com https://assets.bwbx.io https://sprcdn-assets.sprinklr.com https://cdnjs.cloudflare.com/ajax/libs/codemirror/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.printfriendly.com https://i.ytimg.com https://www.nestle-nespresso.com https://img.youtube.com/; frame-src 'self' https://www.google.com/recaptcha/ https://www.youtube.com/; frame-ancestors 'self'; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.gstatic.com; frame-ancestors 'self' 1
default-src 'self' *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br *.googleapis.com *.openstreetmap.org *.gstatic.com; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com  *.googleapis.com  *.openstreetmap.org; font-src 'self' fonts.gstatic.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Gw23ON0vbwE9mybgqmeUuw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src wss://new.sigen.pro https://stats.g.doubleclick.net https://www.tradingview.com https://www.google.com https://mc.yandex.md https://cdn.auth0.com https://cdnjs.cloudflare.com https://hn.inspectlet.com https://ekr.zdassets.com https://sigen.pro https://hidded.sigen.pro https://*.sigen.pro wss://sigen.pro wss://hidded.sigen.pro wss://*.zopim.com https://syndication.twitter.com https://platform.twitter.com https://use.fontawesome.com https://v2.zopim.com https://sigen.zendesk.com https://fonts.googleapis.com https://fonts.gstatic.com https://vk.com https://www.google-analytics.com https://mc.yandex.ru https://*.jivosite.com https://www.youtube-nocookie.com/ data:; script-src https://www.google.com https://www.gstatic.com https://cdn.ravenjs.com https://cdn.inspectlet.com https://assets.zendesk.com https://sigen.pro https://hidded.sigen.pro  https://*.sigen.pro https://cdn.syndication.twimg.com 'unsafe-eval' https://code.highcharts.com https://platform.twitter.com https://chimpstatic.com https://*.zopim.com https://static.zdassets.com https://browser-update.org https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://vk.com https://www.google-analytics.com https://mc.yandex.ru https://*.jivosite.com 'unsafe-inline'; style-src https://cloud.typography.com https://cdnjs.cloudflare.com https://use.fontawesome.com https://sigen.pro https://*.sigen.pro https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com 'unsafe-inline';img-src https://sigen.zendesk.com https://mc.yandex.ru/ https://chart.apis.google.com http://chart.apis.google.com https://chart.googleapis.com https://vk.com https://www.google-analytics.com https://sigen.pro https://*.sigen.pro https://stats.g.doubleclick.net https://www.google.ru https://www.google.com https://*.zopim.com https://syndication.twitter.com https://platform.twitter.com https://browser-update.org https://pbs.twimg.com https://*.ytimg.com data: 1
frame-ancestors 'self' X-Frame-Options: DENY 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.fmd.ag *.google-analytics.com *.googletagmanager.com *.vercel.app *.facebook.net *.jsdelivr.net *.doubleclick.net *.force.com *.salesforceliveagent.com *.salesforce.com *.salesforce-sites.com *.site.com *.salesforce-scrt.com *.goadopt.io *.equalweb.com *.handtalk.me *.gstatic.com *.google.com.br *.google.com.br *.googleapis.com *.cloudflare.com *.youtube.com *.facebook.com *.amazonaws.com; img-src 'self' data: blob: *.fmd.ag *.google-analytics.com *.googletagmanager.com *.vercel.app *.facebook.net *.jsdelivr.net *.doubleclick.net *.force.com *.salesforceliveagent.com *.salesforce.com *.salesforce-sites.com *.site.com *.salesforce-scrt.com *.goadopt.io *.equalweb.com *.handtalk.me *.gstatic.com *.google.com.br *.google.com.br *.googleapis.com *.cloudflare.com *.youtube.com *.facebook.com *.amazonaws.com; frame-ancestors 'self'; 1
block-all-mixed-content; frame-ancestors *.paulinhomotos.com.br 1
script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/ https://google.com https://connect.facebook.net https://unpkg.com https://www.googletagmanager.com/gtag/ https://developers.google.com https://wsdk-files.in.webengage.com https://s3.ap-south-1.amazonaws.com https://www.clarity.ms https://maps.googleapis.com/ https://www.googletagmanager.com/ https://widgets.in.webengage.com/ https://tars-file-upload.s3.amazonaws.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://code.jquery.com/jquery-3.7.1.min.js; style-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ https://cdn.jsdelivr.net/ https://fonts.googleapis.com/css; font-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/ https://fonts.gstatic.com/ https://cdnjs.cloudflare.com/ajax/libs/ https://assets.hellotars.com/assets/; img-src 'self' data: blob: *; frame-src 'self' data: blob: https://www.youtube.com https://chatbot.hellotars.com/ https://tmfmw.tmf.co.in/cmsdata/ https://inzd3a49c58.in.webengage.co/ https://td.doubleclick.net; media-src 'self' data: blob: https://www.youtube.com https://uatunvmw.tmf.co.in https://tars-file-upload.s3.amazonaws.com/ByNADi/ https://tmfmw.tmf.co.in/cmsdata/ mediastream:; child-src 'self' data: blob: ; block-all-mixed-content; upgrade-insecure-requests; 1
default-src 'self' *.abanca.io llamamegratis.es/ suite.conver.fit/ abancaportugal.abanca.io abancaptwt.infobolsa.es abancaptwt.bmeinntech.es privacyportal-de.onetrust.com;script-src 'self' 'strict-dynamic' 'unsafe-inline' 'nonce-4c6b724ba34cd11cdfb14e4278a48a46' *.abanca.io llamamegratis.es/ suite.conver.fit/ www.google-analytics.com maps.googleapis.com cdnjs.cloudflare.com abanca.inbenta.com www.googletagmanager.com cdn.cookielaw.org code.jquery.com cstatic.weborama.fr www.google-analytics.com www.googleadservices.com static.ads-twitter.com bat.bing.com connect.facebook.net analytics.twitter.com googleads.g.doubleclick.net optimize.google.com platform.twitter.com cdn.syndication.twimg.com tagmanager.google.com ssl.google-analytics.com www.google.com www.gstatic.com geolocation.onetrust.com www.recaptcha.net;style-src 'self' 'nonce-4c6b724ba34cd11cdfb14e4278a48a46' *.abanca.io llamamegratis.es/ suite.conver.fit/ fonts.googleapis.com cdnjs.cloudflare.com abanca.inbenta.com cdn.cookielaw.org optimize.google.com cdn.abanca.io platform.twitter.com *.twimg.com tagmanager.google.com;img-src 'self'  *.abanca.io llamamegratis.es/ suite.conver.fit/ www.google-analytics.com maps.googleapis.com maps.gstatic.com stats.g.doubleclick.net insight.adsrvr.org cdn.abanca.io data: t.co bat.bing.com www.google.com www.google.es www.google-analytics.com www.facebook.com stats.g.doubleclick.net www.googletagmanager.com i.ytimg.com optimize.google.com *.staticflickr.com *.staticflickr.com syndication.twitter.com *.twimg.com platform.twitter.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net tbl.tradedoubler.com cdn.cookielaw.org *.doubleclick.net;font-src 'self' *.abanca.io llamamegratis.es/ suite.conver.fit/ fonts.gstatic.com abanca.inbenta.com cdn.abanca.io;frame-src 'self' www.youtube-nocookie.com llamamegratis.es mediadiamondes.solution.weborama.fr optimize.google.com www.facebook.com maps.google.com www.google.com www.youtube.com platform.twitter.com syndication.twitter.com w.soundcloud.com bid.g.doubleclick.net *.fls.doubleclick.net www.recaptcha.net;connect-src 'self' *.abanca.io www.google-analytics.com *.infobolsa.es *.bmeinntech.es suite.conver.fit privacyportal-de.onetrust.com cdn.cookielaw.org stats.g.doubleclick.net region1.google-analytics.com region1.analytics.google.com cdp.abanca.com cdpdev.abanca.com cdp.abanca.pt maps.googleapis.com;base-uri 'self';object-src 'none';report-to /api/v1/csp-violation-report-endpoint/;form-action 'self' pgw.ceca.es; 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' 'self' blob: *; img-src * data: blob:; connect-src *; font-src 'self' data: *; object-src 'self'; media-src 'self' blob: *; child-src *; base-uri 'self' 1
default-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop https://chat.domeneshop.no/ 'unsafe-inline'; img-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-src https://domene.shop https://www.domeneshop.no https://domeneshop.no https://domainnameshop.com https://domainname.shop https://xn--domn-noa.shop https://xn--domne-ura.shop; frame-ancestors 'self' 1
frame-ancestors 'self' https://infortisa.com https://nueva.infortisa.com; 1
frame-ancestors *.intrcity.com 1
default-src 'self';script-src 'self' https://*.nr-data.net https://js-agent.newrelic.com https://www.google.ee https://www.google.lt https://www.google.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com  https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://www.facebook.com https://graph.facebook.com https://connect.facebook.net https://secure.livechatinc.com https://cdn.livechatinc.com https://api.livechatinc.com https://*.hotjar.com https://*.hotjar.io https://mitsweb.iitech.dk https://*.cookielaw.org https://cookielaw.org https://onetrust.com https://*.onetrust.com 'unsafe-inline';connect-src 'self' https://*.nr-data.net https://www.google.ee https://www.google.lt https://www.google.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com  https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://secure.livechatinc.com https://cdn.livechatinc.com https://api.livechatinc.com https://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.cookielaw.org https://cookielaw.org https://onetrust.com https://*.onetrust.com;img-src 'self' data: https://www.google.ee https://www.google.lt https://www.google.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com  https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://*.cookielaw.org https://cookielaw.org https://onetrust.com https://*.onetrust.com https://cdn.nordigen.com https://*.cloudfront.net;style-src 'self' https://www.google.ee https://www.google.lt https://www.google.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com  https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://*.hotjar.com https://*.hotjar.io https://*.cookielaw.org https://cookielaw.org https://onetrust.com https://*.onetrust.com 'unsafe-inline';font-src 'self' data: https://www.google.ee https://www.google.lt https://www.google.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://*.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com  https://region1.google-analytics.com/ https://region1.analytics.google.com/ https://*.hotjar.com https://*.hotjar.io https://*.cookielaw.org https://cookielaw.org https://onetrust.com https://*.onetrust.com;frame-src 'self' https://www.youtube.com https://vimeo.com https://player.vimeo.com https://luminor-funds.metasite.lt https://new.luminor.lt https://vars.hotjar.com https://*.saundland.ee https://secure.livechatinc.com https://*.hotjar.com https://*.hotjar.io 1
default-src *; connect-src *;font-src  https://fonts.gstatic.com * data: blob:; frame-src *; img-src https://optimize.google.com  * data:; media-src *; object-src 'none' ; script-src https://optimize.google.com 'unsafe-inline' 'unsafe-eval' * data: blob:; style-src https://optimize.google.com https://fonts.googleapis.com 'unsafe-inline' *; upgrade-insecure-requests 1
block-all-mixed-content; frame-ancestors *.polipet.com.br 1
default-src 'self' *.crazyegg.com *.mathtag.com *.hs-scripts.com https: blob: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-2C9oyLmx4V5fWnUmZrupf9MMyumc66Riq+MfhBeZq0ZfR9ua' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://sell.totaram.com https://www.totaram.com 1
default-src 'self' https://www.ravenpack.com https://ravenpack.com ; font-src 'self' https://fonts.gstatic.com  data: https://js.intercomcdn.com https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.2/fonts/ ; frame-src https://www.googletagmanager.com https://www.youtube.com/ https://player.vimeo.com/ https://www.google.com https://coronavirus.ravenpack.com https://optimize.google.com https://plotly.com/ https://chart-studio.plotly.com http://html5-player.libsyn.com/ https://td.doubleclick.net/ ; object-src  ; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://ajax.googleapis.com https://code.jquery.com webpack: https://widget.intercom.io http://www.googleadservices.com 'unsafe-inline' https://js.intercomcdn.com https://cdn.jsdelivr.net https://gist.github.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net/pagead/ https://snap.licdn.com https://www.gstatic.com/charts/ https://player.vimeo.com/ https://www.youtube.com/ https://sc.lfeeder.com/ https://extend.vimeocdn.com/ga/ https://bat.bing.com/ https://www.clarity.ms/ https://cdn.plot.ly/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ ; worker-src https://ravenpack.com https://www.ravenpack.com ; img-src 'self' data: https://ravenpack.com https://www.ravenpack.com https://s3.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://static.intercomassets.com https://www.google.es/ads/ https://www.google.es/pagead/ https://px.ads.linkedin.com https://googleads.g.doubleclick.net/pagead/ https://i.vimeocdn.com/ https://tr.lfeeder.com/ https://optimize.google.com https://bat.bing.com/ https://c.clarity.ms/ https://c.bing.com/ ; style-src 'self' https://ravenpack.com https://www.ravenpack.com 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://github.githubassets.com https://cdn.jsdelivr.net https://code.jquery.com https://www.gstatic.com/charts/ https://optimize.google.com ; media-src 'self' https://js.intercomcdn.com/audio/ ; connect-src 'self' https://ravenpack.com https://www.ravenpack.com https://stats.g.doubleclick.net https://www.google-analytics.com https://api-iam.intercom.io wss://nexus-websocket-a.intercom.io https://region1.google-analytics.com/ https://cs.lf-discover.com/companies/ https://cdn.linkedin.oribi.io/ https://www.gstatic.com/charts/ https://bat.bing.com/ https://analytics.google.com/ https://region1.analytics.google.com/g/ https://pagead2.googlesyndication.com/pagead/buyside_topics/set/ https://px.ads.linkedin.com/ https://pagead2.googlesyndication.com/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://a.clarity.ms/collect https://b.clarity.ms/collect https://c.clarity.ms/collect https://d.clarity.ms/collect https://e.clarity.ms/collect https://f.clarity.ms/collect https://g.clarity.ms/collect https://h.clarity.ms/collect https://i.clarity.ms/collect https://j.clarity.ms/collect https://k.clarity.ms/collect https://l.clarity.ms/collect https://m.clarity.ms/collect https://n.clarity.ms/collect https://o.clarity.ms/collect https://p.clarity.ms/collect https://q.clarity.ms/collect https://r.clarity.ms/collect https://s.clarity.ms/collect https://t.clarity.ms/collect https://u.clarity.ms/collect https://v.clarity.ms/collect https://w.clarity.ms/collect https://x.clarity.ms/collect https://y.clarity.ms/collect https://z.clarity.ms/collect ; report-uri  ; 1
frame-ancestors 'self' https://*.4dstudio.com.au 1
default-src 'self' 'unsafe-inline' https://translate.google.com https://www.googletagmanager.com; script-src 'report-sample' 'self' 'unsafe-inline' https://ajax.googleapis.com https://maps.googleapis.com https://maps.google.com https://www.googletagmanager.com https://translate.google.com https://googleads.g.doubleclick.net https://translate-pa.googleapis.com https://cdn.leadinfo.net/ping.js https://connect.facebook.net https://translate.googleapis.com https://www.googleadservices.com; style-src 'report-sample' 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://translate-pa.googleapis.com https://maps.googleapis.com https://*.google-analytics.com https://api.leadinfo.com https://collector.leadinfo.net https://translate.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self'; img-src 'self' https://www.facebook.com https://maps.google.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google.be https://translate.google.com https://translate.googleapis.com https://fonts.gstatic.com https://*.google-analytics.com https://www.gstatic.com https://www.facebook.com data:; manifest-src 'self'; media-src 'self' data:; report-uri https://core.jaan.be/csp/; worker-src 'none'; 1
default-src https: 'self' data: http://devwebservices.loyals.nl; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; connect-src https: 'self' data: wss: ;report-uri /csp-reports 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' http://www.youtube.com; style-src 'self' https: 'unsafe-inline' http://fonts.googleapis.com; frame-src 'self' *.youtube.com https://www.recaptcha.net/ https://netbank.megabank.com.tw/; frame-ancestors 'self' 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-src https:; img-src * data:; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' cdn.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com servedby.flashtalking.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
frame-ancestors 'none'; script-src 'self' 'nonce-b092fa62-ecf0-462e-9312-647e94615155'; connect-src 'self' js-agent.newrelic.com bam.nr-data.net; img-src 'self' data:; style-src 'self' 'nonce-b092fa62-ecf0-462e-9312-647e94615155'; default-src 'self'; 1
img-src 'self' https://* data:;        child-src 'none';        worker-src 'self' https://connect.facebook.net https://snap.licdn.com;        object-src 'none';        frame-src 'self' https://beta.djurslandsbank.dk https://djurslandsbank.dk https://www.djurslandsbank.dk https://*.bdunet.dk https://*.bdpdmz.dk https://www.youtube.com https://www.youtube-nocookie.com/ https://player.vimeo.com https://policy.app.cookieinformation.com        https://static.bankdata.dk/wco/release https://static.bankdata.dk https://static.bankdata.dk/ https://www.totalkredit.dk https://www.facebook.com        https://connect.facebook.net https://youtube.com https://www.youtube.com https://widget.trustpilot.com *.vimeo.com https://bankinvest.dk/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://a.vodafone.com.gh tags.tiqcdn.com cdn.cookielaw.org https://nebula-cdn.kampyle.com https://cdnjs.cloudflare.com https://smetrics.vodafone.com.gh https://d2wrz230yyz3cg.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh *.newrelic.com *.nr-data.net blob:; style-src 'self' 'unsafe-inline' https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://cdn.cookielaw.org https://myvodafone.vodafone.com.gh https://vodafone.com.gh google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh ; font-src 'self' https://cdn.ampproject.org https://vodafone-ghana-cdn.s3.amazonaws.com https://d2wrz230yyz3cg.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh; img-src 'self' https://support.vodafone.com.gh https://vodafone-ghana-cdn.s3.amazonaws.com https://udc-neb.kampyle.com https://nebula-cdn.kampyle.com https://chat.vodafone.com.gh https://d2wrz230yyz3cg.cloudfront.net https://myvodafone.vodafone.com.gh https://vodafone.com.gh https://cm.everesttech.net google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh data:; connect-src 'self' https://cdn.ampproject.org https://vodafone.com.gh https://a.vodafone.com.gh https://support.vodafone.com.gh https://myvodafone.vodafone.com.gh https://gcpsmapi-pre.vodafone.com https://smetrics.vodafone.com.gh metrics.vodafone.com.gh https://dpm.demdex.net https://tags.tiqcdn.com https://c.go-mpulse.net gcpsmapi.vodafone.com https://nebula-cdn.kampyle.com https://us-central1-amp-error-reporting.cloudfunctions.net https://vodafoneghana.tt.omtrdc.net udc-neb.kampyle.com https://d2wrz230yyz3cg.cloudfront.net https://cdn.cookielaw.org google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh *.newrelic.com *.nr-data.net; manifest-src 'self' https://vodafone.com.gh https://myvodafone.vodafone.com.gh google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh; frame-src https://a.vodafone.com.gh https://vodafone.com.gh https://nebula-cdn.kampyle.com https://www.youtube-nocookie.com https://www.youtube.com https://myvodafone.vodafone.com.gh https://vodafonegh.demdex.net google.com *.google.com *.telecel.com.gh *.vodafone.com.gh vodafone.com.gh telecel.com.gh blob:; object-src 'none' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-ykIAHmAX9v5A8A66N7lGNuAGAfgDS51JfJ0XXhav553BOyD5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' *.vu.lt 1
frame-ancestors 'self' https://www.visitdenmark.de https://*.www.visitdenmark.de https://api.www.www.visitdenmark.de 1
default-src 'self'; script-src 'self' dnstest2.ficora.fi dnstest.traficom.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi occhat.elisa.fi stat.traficom.fi https://static.aim.front.ai https://traficom-prod.boost.ai stat.viestintavirasto.fi 10.250.193.20 'nonce-3d609088-c800-408b-9409-c2d13ae805aa'; img-src 'self' data: https://boost-files-general-eu-west-1-prod.s3-eu-west-1.amazonaws.com https://static.aim.front.ai *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; style-src 'self' dnstest2.ficora.fi dnstest.traficom.fi occhat.elisa.fi https://static.aim.front.ai https://traficom-prod.boost.ai 'unsafe-inline'; font-src 'self' occhat.elisa.fi https://static.aim.front.ai; object-src 'self' data:; base-uri 'self'; frame-src 'self' *.viestintavirasto.fi *.traficom.fi *.ficora.fi trafi.maps.arcgis.com trafi2.stat.fi keha-matomo-sdg-qa-qa.azurewebsites.net analytiikka.ahtp.fi qa.bittimittari.fi prod.bittimittari.fi www.youtube.com img.youtube.com youtube-nocookie.com *.youtube-nocookie.com registry.qadomain.fi registry.domain.fi www.arcgis.com autokalkulaattori.fi fiho.fi www.epressi.com dreambroker.com www.dreambroker.com app.powerbi.com occhat.elisa.fi; connect-src 'self' wss://occhat.elisa.fi https://occhat.elisa.fi https://static.aim.front.ai https://traficom-prod.boost.ai https://stat.viestintavirasto.fi https://stat.traficom.fi; form-action 'self' 1
img-src 'self' https: data: https://www.google.com https://www.google-analytics.com https://www.gstatic.com; connect-src 'self' https: *.onetouchreveal.com; script-src 'self'  https: 'sha256-7d1ykDFwyYFJNYMuEgZdTMKw5ZYlscqNAfwWAjmfPY8=' 'sha256-5jLMoJFJF47wm7JtfcOQg9Lel6/OIW6WM9FJaIkHTx4='; style-src 'self' https: 'unsafe-inline' *.googleapis.com *.bootstrapcdn.com; media-src 'self'; font-src 'self' *.gstatic.com *.bootstrapcdn.com; object-src 'none'; frame-src https://www.google.com; default-src 'none'; 1
img-src 'self'; 1
upgrade-insecure-requests; block-all-mixed-content; default-src https://disqus.com/next/config.js https://c.disquscdn.com; connect-src 'self' https://www.swearnet.com/rum https://graph.facebook.com https://www.paypal.com https://m.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://ga2.getresponse.com https://licensing.bitmovin.com https://cdn.vidyard.com https://analytics-ingress-global.bitmovin.com; font-src 'self' data: https://bubbles.swearnet.com https://facets.swearnet.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://js.stripe.com https://play.vidyard.com https://disqus.com https://checkout.stripe.com https://www.paypal.com https://www.recaptcha.net https://www.paypalobjects.com https://www.youtube.com; img-src 'self' data: https://bubbles.swearnet.com https://facets.swearnet.com https://video.swearnet.com https://dz9aqlfbnvif7.cloudfront.net https://d1sihevztxsnme.cloudfront.net https://d1s7ms3jh28zet.cloudfront.net https://uploads.disquscdn.com https://referrer.disqus.com https://c.disquscdn.com https://secure.gravatar.com https://q.stripe.com https://*.google-analytics.com https://www.googletagmanager.com https://www.youtube.com https://*.paypal.com; manifest-src 'self' https://bubbles.swearnet.com https://facets.swearnet.com; media-src 'self' blob: https://cdn.vidyard.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bubbles.swearnet.com https://facets.swearnet.com https://js.stripe.com/v3/* https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://play.vidyard.com https://swearnet.disqus.com https://c.disquscdn.com https://disqus.com https://checkout.stripe.com https://js.stripe.com https://static.cloudflareinsights.com https://www.recaptcha.net https://www.gstatic.com https://www.paypal.com https://ga.getresponse.com https://us-an.gr-cdn.com https://cdn.bitmovin.com; frame-ancestors 'none'; style-src 'self' 'unsafe-inline' https://bubbles.swearnet.com https://facets.swearnet.com https://c.disquscdn.com https://fonts.googleapis.com https://cdn.bitmovin.com; worker-src 'self' blob:; base-uri 'none'; form-action 'self' https://checkout.stripe.com https://billing.stripe.com https://www.facebook.com https://www.paypal.com; report-uri https://api.honeybadger.io/v1/browser/csp?api_key=hbp_x9O8GXziFmnEgRgaibE74qh6AAIzgb2ixczG&report_only=true&env=sworn&context[user_id]= 1
frame-ancestors 'self' *.napco.com; 1
frame-ancestors wss: https://doctorunite.com https://generationnp.com https://paunite.com https://pathologistconnect.com https://oncologynation.com https://medicaldirectorsforum.com https://oncologynationsandbox.skipta.com https://www.opdivoclinicaldata.com https://www.opdivoyervoymnsclc.com origin-opdivo-customerconnect-bms-aem-prod.adobecqms.net www.opdivo.com; default-src https: blob: wss: 'unsafe-inline' 'unsafe-eval'; media-src https: blob:; font-src https: data:;frame-src * data:; 1
default-src https: 'unsafe-inline' 'unsafe-eval' 'self' data:; base-uri 'self'; frame-ancestors 'self' https://www.amcny.org; object-src 'none'; worker-src 'self' blob:; 1
default-src 'self' https://crxcavator.io https://accounts.google.com; connect-src https://*.crxcavator.io https://crxcavator.io https://cognito-identity.us-east-2.amazonaws.com https://cognito-idp.us-east-2.amazonaws.com https://graph.facebook.com; style-src 'unsafe-inline' https://*.crxcavator.io https://crxcavator.io https://fonts.googleapis.com https://cdn.jsdelivr.net; script-src https://www.google-analytics.com https://crxcavator.io https://*.crxcavator.io https://accounts.google.com https://accounts.youtube.com https://cdn.jsdelivr.net 'unsafe-inline'; font-src https://fonts.gstatic.com https://crxcavator.io https://*.crxcavator.io https://cdn.jsdelivr.net data:; worker-src blob: 'self'; img-src data: 'self' https://lh3.googleusercontent.com https://ssl.gstatic.com https://www.google-analytics.com https://accounts.google.com https://accounts.youtube.com https://addons.cdn.mozilla.net https://store-images.s-microsoft.com https://addons.mozilla.org; frame-src 'self' https://*.crxcavator.io https://*.duosecurity.com; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.lytics.io feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com pghub.io *.segment.com *.facebook.net *.lytics.io cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' *.ctfassets.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io consumersupport.pg.com *.doubleclick.net pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.lytics.io *.tapad.com www.googletagmanager.com www.google-analytics.com www.facebook.com *.doubleclick.net cdn.cookielaw.org feed.pghub.io ; connect-src 'self' *.adsrvr.org *.segment.com *.bazaarvoice.com *.segment.io az-apigateway-cs-prod-20180702.azure-api.net www.google-analytics.com cdn.cookielaw.org *.analytics.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.metrovaartha.com https://jionewsdev1.jio.ril.com/ https://jionews.com/;block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *; 1
frame-ancestors 'self'; report-uri https://3f88b768f9ca759710ab36a8b6c50c86.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors https://kiosk.oblgaz; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *; object-src 'self' data: *; style-src 'self' data: 'unsafe-inline' *; img-src 'self' data: *; media-src 'self' data: *; frame-src 'self' data: *; font-src 'self' data: *; connect-src 'self' data: * 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src 'self' * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' *.ichbindeinauto.de 1
frame-ancestors 'self' *.mapfre.com *.mapfre.es *.mapfre.com.do *.mapfre.com.br *.mapfre.com.mx *.mapfre.com.co *.mapfre.com.sv *.mapfre.com.gt *.mapfre.com.ec *.mapfre.com.hn *.mapfre.com.ni *.mapfre.com.py *.mapfre.com.pe *.mapfre.com.uy *.mapfre.com.ar *.mapfre.com.cl *.mapfre.com.pa *.mapfreinsurance.com *.mapfre.com.tr; 1
default-src * data: 'self';     style-src * 'unsafe-inline';     script-src * blob: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' http://www.kibon.com.br  unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
script-src 'unsafe-inline' https: 'nonce-gOkYoRcDWqXccVcN9BtOeAse3rw=' 'strict-dynamic' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'nonce-gOkYoRcDWqXccVcN9BtOeAse3rw=' api.extranet.pl; font-src data: 'self'; manifest-src 'self'; frame-src 'self' *.googletagmanager.com *.google-analytics.com *.google.com; object-src 'none';  form-action 'self'; base-uri https://www.extranet.pl/ 1
frame-ancestors 'self' 3disystems.com 1
frame-ancestors 'self' https://s003tst004.dsw.21.group:38443 https://s003aps047.dsw.21.group:18443 1
default-src 'self' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com/ https://22admedia.com/22rtb/355.js; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://*.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://googleads.g.doubleclick.net https://apis.google.com https://www.youtube.com https://www.facebook.com https://connect.facebook.net https://connect.facebook.net/fr_FR/sdk.js https://t.mydialoginsight.com https://api.beeroot.io https://bam.eu01.nr-data.net/1/NRJS-7e7de70efc7604444cc https://bat.bing.com https://cdn.doofinder.com/media/js/doofinder-classic.7.latest.min.js https://cdn.doofinder.com https://cl.avis-verifies.com https://dcniko1cv0rz.cloudfront.net/realytics-1.2.min.js https://eu1-search.doofinder.com https://events.sk.ht/lacompagniedulit/lib.js https://i.realytics.io/tc.js https://tp.realytics.io https://tc-sync.realytics.io https://js-agent.newrelic.com/nr-1216.min.js https://media.lacompagniedulit.com/themes/antadis/js/modernizr.js https://cdn.scaleflex.it https://libs.hipay.com/js/sdkjs.js https://libs.hipay.com/hostedfields/loader.js https://libs.hipay.com https://data.hipay.com https://stage-data.hipay.com https://mpsnare.iesnare.com/general5/wdp.js https://mpsnare.iesnare.com/5.5.0/logo.js https://mpsnare.iesnare.com/snare.js https://mpsnare.iesnare.com/script/logo.js https://s.yimg.com/wi/ytc.js https://script.hotjar.com https://static.hotjar.com/c/hotjar-907938.js https://static.zdassets.com https://t.contentsquare.net https://js-agent.newrelic.com https://www.clarity.ms https://cdn.cartsguru.io https://cdn.cookielaw.org https://*.lacompagniedulit.com/ https://www.googletagmanager.com https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.hotjar.com https://*.facebook.com https://*.cookielaw.org https://data.perfmaker.net https://tag.perfmaker.net https://*.useinsider.com https://*.retargeted.co https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; style-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://fonts.googleapis.com/ https://tagmanager.google.com https://libs.hipay.com/themes/material.min.css https://cdn.doofinder.com https://*.perfmaker.net https://www.googletagmanager.com/debug/badge.css https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; object-src https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; base-uri 'self'; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com https://googleads.g.doubleclick.net https://www.google.fr https://www.googleadservices.com https://*.googlesyndication.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.facebook.com https://libs.hipay.com https://data.hipay.com https://secure-gateway.hipay-tpp.com https://openfpcdn.io https://ekr.zdassets.com/compose/2f1b04c5-1c22-440d-9212-c9c5da549d3a https://e.clarity.ms/collect https://stage-data.hipay.com/checkout-data https://api.beeroot.io https://api.realytics.io https://bam.eu01.nr-data.net https://bat.bing.com https://*.contentsquare.net https://hotjar.com https://in.hotjar.com https://ekr.zendesk.com https://eu1-search.doofinder.com https://integration.carts.guru https://j.clarity.ms https://lacompagniedulit.zendesk.com https://maps.googleapis.com wss://mpsnare.iesnare.com/star https://region1.google-analytics.com https://s.yimg.com https://sk.ht https://stats.g.doubleclick.net wss://widget-mediator.zopim.com https://cdn.cookielaw.org https://privacyportal-fr.onetrust.com/request/v1/consentreceipts https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://eu1-layer.doofinder.com wss://eu1-layer.doofinder.com https://mtm.lacompagniedulit.com/ https://*.perfmaker.net https://*.useinsider.com wss://*.useinsider.com https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://fonts.gstatic.com https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; frame-src 'self' 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://www.google.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://accounts.google.com https://bid.g.doubleclick.net https://www.youtube.com/ https://www.facebook.com https://libs.hipay.com https://stage-data.hipay.com https://11435458.fls.doubleclick.net https://vars.hotjar.com https://www.youtube-nocookie.com https://*.perfmaker.net https://*.avis-verifies.com/ https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js https://td.doubleclick.net; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://*.google-analytics.com https://*.google.com https://*.google.fr https://ib.adnxs.com/getuid https://maps.gstatic.com/mapfiles/ https://www.googletagmanager.com https://*.googletagmanager.com https://*.analytics.google.com https://maps.googleapis.com/ https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://www.facebook.com https://sp.analytics.yahoo.com https://www.lacompagniedulit.com https://media.lacompagniedulit.com https://static1.lacompagniedulit.net https://contentsquare.net https://l.contentsquare.net https://bat.bing.com https://c.contentsquare.net https://cl.avis-verifies.com https://t.mydialoginsight.com https://www.netreviews.eu https://cdn.cookielaw.org https://i.ytimg.com https://*.useinsider.com https://api.beeroot.io https://cdn.jsdelivr.net https://images.prismic.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js https://cdn.doofinder.com https://eu1-doofinderuser.s3.amazonaws.com; manifest-src 'self' https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; media-src 'self' https://mpsnare.iesnare.com/time.mp3 data: https://static.zdassets.com https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; report-uri https://62d537b090d65793425d8b0b.endpoint.csper.io/?v=0 https://api.beeroot.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; child-src 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://api.beeroot.io https://cdn.jsdelivr.net https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; frame-ancestors 'self' blob: https://*.cart-guru.io https://*.carts.guru https://*.cartsguru.io https://*.useinsider.com https://api.beeroot.io https://lp.lacompagniedulit.com https://22admedia.com/22rtb/355.js; 1
default-src 'self' https://miloan.ua https://tengo.ua https://tengo.com.ua https://amigo.com.ua *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://*.clarity.ms https://c.bing.com https://www.google.com.ua https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://score.juicyscore.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com *.google.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://mc.yandex.ru https://yastatic.net https://tengo.com.ua *.ampproject.org *.adpartner.pro connect.facebook.net ajax.cloudflare.com static.cloudflareinsights.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.appdynamics.com; img-src 'self' https://*.clarity.ms https://c.bing.com https://www.google.de *.googleadservices.com https://googleads.g.doubleclick.net https://optimize.google.com https://id.bank.gov.ua https://www.google-analytics.com https://www.google.com https://google.com https://www.google.com.ua https://www.googletagmanager.com https://mc.yandex.ru https://www.gstatic.com https://www.facebook.com https://www.google.ru https://www.google.pl https://www.google.com.cy stats.g.doubleclick.net https://stats.g.doubleclick.net https://static.liqpay.ua *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua blob: data:; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optimize.google.com fonts.googleapis.com *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua; font-src 'self' https://optimize.google.com fonts.gstatic.com data: blob:; frame-src 'self' https://bid.g.doubleclick.net https://*.doubleclick.net https://optimize.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adpartner.pro atlassian-companion: data: blob:; object-src 'self' data: blob:; connect-src wss://ws.amigo.com.ua https://*.clarity.ms https://c.bing.com https://score.juicyscore.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.googletagmanager.com https://correctme.com.ua stats.g.doubleclick.net https://stats.g.doubleclick.net https://mc.yandex.ru https://miloan.ua https://tengo.ua https://tengo.com.ua https://amigo.com.ua https://analytics.goo *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.hotjar.com *.hotjar.io wss://*.hotjar.com *.carrotquest.app pdx-col.eum-appdynamics.com *.appdynamics.com *.bank.gov.ua https://www.liqpay.ua *.liqpay.ua https://www.portmone.com.ua *.portmone.com.ua https://p2y.com.ua *.p2y.com.ua https://fondy.io *.fondy.eu https://easypay.ua *.easypay.ua 1
default-src 'self';  script-src 'self' https://checkout.razorpay.com/ https://api.razorpay.com/ https://maps.googleapis.com/ https://connect.facebook.net/ https://www.googletagmanager.com/ http://www.googletagmanager.com/ http://www.google-analytics.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://salesiq.zoho.com/ https://js.zohocdn.com/ https://js.zohostatic.com/ https://static.zohocdn.com/;  connect-src 'self' https://api-js.mixpanel.com/ https://maps.googleapis.com/ https://cdn.growthbook.io/ https://o69967.ingest.sentry.io/ https://app.thrivenow.in/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://api.razorpay.com/ https://in.hotjar.com/ https://lumberjack-cx.razorpay.com https://content.hotjar.io/ wss://ws.hotjar.com/ https://salesiq.zoho.com/ wss://vts.zohopublic.com/ https://salesiq.zohopublic.com/ https://analytics.google.com/;  img-src 'self' https://cdn.thrivenow.in/ https://cdn.hashtagloyalty.com/ https://s3.ap-southeast-1.amazonaws.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.co.in/ https://maps.googleapis.com/ https://hashtagloyaltydev.s3.ap-southeast-1.amazonaws.com/ https://maps.gstatic.com/ https://salesiq.zohopublic.com/ https://css.zohocdn.com/ data:;  script-src-attr 'self' 'unsafe-inline';  media-src 'self' https://static.zohocdn.com; frame-src 'self' https://api.razorpay.com/ https://salesiq.zohopublic.com/;  font-src 'self' https://cdn.hashtagloyalty.com/ https://fonts.gstatic.com/ https://css.zohocdn.com/ data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://css.zohocdn.com/ https://css.zohostatic.com/ https://files.zohopublic.com/;  object-src 'none'; 1
frame-ancestors 'self' http://www.sedal.com.ar unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
worker-src *; font-src images.latitudepayapps.com imageapi.magebinary.co.nz * *.klarnacdn.net *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de api.bazaarvoice.com stg.api.bazaarvoice.com *.images.latitudepayapps.com *.imageapi.magebinary.co.nz *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com * *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com https://plumrocket.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com display.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com network-a.bazaarvoice.com network-stg-a.bazaarvoice.com photos-uat-us.bazaarvoice.com img.youtube.com * *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com t.zip.co static.zipmoney.com.au data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com https://js.sandbox.afterpay.com https://js.afterpay.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de apps.bazaarvoice.com apps.nexus.bazaarvoice.com apps-stg.nexus.bazaarvoice.com analytics-static.ugc.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com display.ugc.bazaarvoice.com api.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com * *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.stripe.com klarna.com *.klarnaevt.com static.zipmoney.com.au zip.co 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com static.afterpay.com/ js.sandbox.afterpay.com js.afterpay.com *.sharethis.com display.ugc.bazaarvoice.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com images.latitudepayapps.com/ imageapi.magebinary.co.nz/ * *.klarnacdn.net unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com static.afterpay.com static.sandbox.afterpay.com js.sandbox.afterpay.com js.afterpay.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de api.bazaarvoice.com stg.api.bazaarvoice.com apps.bazaarvoice.com network.bazaarvoice.com network-stg.bazaarvoice.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com * *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.images.latitudepayapps.com *.imageapi.magebinary.co.nz 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.pdichile.cl https://pdichile.cl/*; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://code.jquery.com/jquery-3.6.0.min.js https://code.jquery.com/ui/1.12.1/jquery-ui.min.js https://www.google-analytics.com *.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css 'unsafe-inline' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.pdichile.cl https://pdichile.cl web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdnjs.cloudflare.com/; frame-src 'self' https://www.youtube.com/ https://cdn.knightlab.com/ https://roundme.com/ https://h5.veer.tv/ https://open.spotify.com/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com 1
script-src data: https: wss: about: blob: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;style-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;img-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;font-src data: https: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;connect-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com;frame-src data: https: wss: about: 'unsafe-eval' 'unsafe-inline' 'self' api.useinsider.com itelvn.api.useinsider.com 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.at 1
default-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https: blob: data:; 1
frame-ancestors 'self' https://orchid.imp.iat.oceanwidebridge.com https://orchid.imp.uat.oceanwidebridge.com https://connect.orchidinsurance.com https://orchid.imp.conf.oceanwidebridge.com 1
default-src 'self' 'unsafe-inline' bennettjones.com *.googleapis.com *.google.com *.google-analytics.com *.vimeocdn.com *.vimeo.com *.linkedin.com *.typekit.net maxcdn.bootstrapcdn.com *.addthis.com *.vuturevx.com *.bennettjones.com *.akamaihd.net *.gstatic.com *.sitecore.net *.highcharts.com code.highcharts.com *.cbc.ca *.9c9media.com *.googletagmanager.com *.siteimprove.net *.siteimprove.com unpkg.com *.ampproject.org siteimproveanalytics.com siteimproveanalytics.io *.siteimproveanalytics.io *.api.cnn.io *.youtube.com *.brightcove.net *.tvo.org *.oktopost.com okt.to api.brightedge.com *.b0e8.com *.bc0a.com www.convergepay.com px.ads.linkedin.com cdn.linkedin.oribi.io snap.licdn.com use.typekit.net *.adsymptotic.com cdn.jsdelivr.net cdnjs.cloudflare.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bennettjones.com *.googleapis.com *.google.com *.google-analytics.com *.vimeocdn.com *.vimeo.com *.linkedin.com *.typekit.net maxcdn.bootstrapcdn.com *.addthis.com *.vuturevx.com *.bennettjones.com *.akamaihd.net *.gstatic.com *.sitecore.net *.highcharts.com code.highcharts.com *.cbc.ca *.9c9media.com *.googletagmanager.com *.siteimprove.net *.siteimprove.com unpkg.com *.ampproject.org siteimproveanalytics.com siteimproveanalytics.io *.siteimproveanalytics.io *.api.cnn.io *.youtube.com *.brightcove.net *.tvo.org *.oktopost.com okt.to api.brightedge.com *.b0e8.com *.bc0a.com www.convergepay.com px.ads.linkedin.com cdn.linkedin.oribi.io snap.licdn.com use.typekit.net *.adsymptotic.com cdn.jsdelivr.net cdnjs.cloudflare.com code.jquery.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; font-src 'self' data: bennettjones.com *.typekit.net cdnjs.cloudflare.com *.gstatic.com; frame-src 'self' 'unsafe-eval' *.sitecore.com *.sitecore.net *.vimeo.com *.vuturevx.com; img-src 'self' data: bennettjones.com *.linkedin.com *.siteimproveanalytics.io 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-U2Lt2JrNH2XjPsjCFhwbsYq7VH8rYLbRzbfh1IDgtJvYhRRY' 'self' 'unsafe-inline' https://*.paypal.com https://*.paypalobjects.com; img-src 'self' https: data:; font-src 'self' data: https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypalobjects.com https://*.paypal.com https://*.qualtrics.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.google-analytics.com https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'none'; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://comparadorluz.com/report-uri/enforce 1
default-src https: data: blob: resource: 'unsafe-inline' 'unsafe-eval'; base-uri 'self'; 1
default-src 'self' blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google-analytics.com *.googletagmanager.com *.facebook.net *.creative-serving.com *.tt.se *.cookiebot.com *.browsealoud.com *.youtube.com sibautomation.com apps.moderaterna.se;style-src 'self' 'unsafe-inline' apps.moderaterna.se;font-src 'self' data:;frame-src 'self' *.youtube.com *.vimeo.com *.twitter.com *.facebook.com *.tt.se *.cookiebot.com sibautomation.com *.spotify.com;img-src 'self' *.gravatar.com data: *.google-analytics.com *.googletagmanager.com *.cookiebot.com *.facebook.com *.doubleclick.net *.creative-serving.com *.bidswitch.net *.yieldlab.net *.kargo.com;connect-src 'self' *.membercare.se *.cookiebot.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.browsealoud.com *.speechstream.net in-automate.sendinblue.com https://id5-sync.com apps.moderaterna.se *.moderaterna.se *.ordningpasverige.se *.brevo.com; 1
default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' minhabiblioteca.univille.edu.br univille.edu.br *.univille.edu.br gian.ess.devel2 localhost gian.devel2 *.facebook.com facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.licdn.com cdn.jsdevlivr.net s7.addthis.com *.rdstation.com.br *.rdstation.com *.cloudfront.net *.hotjar.io *.linkedin.com *.google.com.br *.google.com use.typekit.net *.gstatic.com *.grupoa.education *.grupoa.com *.grupoa.com.br *.gruposinternet.com.br *.enturma.com.br *.googleapis.com *.bootstrapcdn.com *.bing.com *.youtube.com; 1
frame-ancestors 'self';    block-all-mixed-content;    default-src 'self';    script-src 'self' 'nonce-WmtLQFUtZkQ2cVdOZUZPZDRaTmFSd0FBQVk4' 'strict-dynamic' 'report-sample' 'unsafe-inline'  *.inmobi.com   https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net https://f.vimeocdn.com https://googletagmanager.com https://m.youtube.com https://player.vimeo.com https://secure.gravatar.com https://tagmanager.google.com https://www.youtube.com https://www.vimeo.com https://www.clarity.ms https://*.googletagmanager.com https://www.google-analytics.com *.bootstrapcdn.com https://s7.addthis.com;     style-src 'self' 'report-sample' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net secure.gravatar.com tagmanager.google.com www.googletagmanager.com *.bootstrapcdn.com;     object-src 'none';     frame-src 'self' *.vimeo.com *.youtube.com vimeo.com www.youtube-nocookie.com https://youtu.be www.googletagmanager.com www.google.com;     child-src 'self' *.vimeo.com vimeo.com www.youtube.com www.googletagmanager.com;img-src 'self' *.vivesceramica.com data: *.clarity.ms *.vimeocdn.com *.vimeo.com *.gravatar.com *.ytimg.com *.youtube.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net *.bing.com  https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;     font-src 'self' data: cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com;     connect-src 'self'  https://cmp.inmobi.com/ https://api.cmp.inmobi.com/ *.clarity.ms *.gravatar.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net vimeo.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;manifest-src 'self';     base-uri 'self';     form-action 'self';     media-src 'self' *.vimeo.com vimeo.com;     worker-src 'self';     report-to default 1
frame-ancestors 'self' tr.plds.fun dropshipping.endorphone.com.ua 1
font-src *.bglobale.com *.global-e.com *.klarnacdn.net data: fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.bglobale.com *.global-e.com *.klarna.com *.facebook.com www.paypalobjects.com tpc.googlesyndication.com storage.googleapis.com *.trustpilot.com *.klarnacdn.net *.klarnaevt.com www.google.co.uk googleads.g.doubleclick.net *.kaptcha.com *.paypal.com *.klarnaservices.com www.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com * *.google.com *.addthis.com *.pinterest.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.bglobale.com *.global-e.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.pinterest.com connect.facebook.net *.addthis.com *.cloudiq.com s.pinimg.com *.facebook.com www.google.co.in pubads.g.doubleclick.net *.paypal.com *.cloudfront.net www.google.co.uk *.sharethis.com *.bing.com *.clarity.ms angus.finance-calculator.co.uk *.trustpilot.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com *.klarna.com *.klarnacdn.net *.klarnaservices.com s7.addthis.com 'self' data: http://tpc.googlesyndication.com chimpstatic.com connect.facebook.net *.paypal.com *.cloudiq.com s.pinimg.com *.google-analytics.com www.google.com www.google.co.uk www.gstatic.com secure.adnxs.com js-agent.newrelic.com ajax.cloudflare.com static.cloudflareinsights.com angus.finance-calculator.co.uk *.mailchimp.com mc.us2.list-manage.com *.trustpilot.com *.bing.com *.clarity.ms *.klarnaevt.com cdn.inspectlet.com player.vimeo.com twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com widget.freshworks.com m2epro.freshdesk.com *.bglobale.com *.global-e.com *.klarnacdn.net storage.googleapis.com *.sharethis.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.googleapis.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de widget.freshworks.com m2epro.freshdesk.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com ekr.zdassets.com/ 'self' data: *.pinterest.com connect.facebook.net *.cloudiq.com s.pinimg.com  stats.g.doubleclick.net *.google-analytics.com *.paypal.com angus.finance-calculator.co.uk *.clarity.ms api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com *.cloudflare.com *.googleapis.com *.addthis.com *.graph.instagram.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://smithandcaugheys-cms.solutionists.co.nz/ ; upgrade-insecure-requests 1
object-src 'none' ; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ct.pinterest.com/ https://swrap.tradedoubler.com/ https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://maps.googleapis.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com https://storage.googleapis.com https://bat.bing.com https://connect.facebook.net https://*.facebook.com https://sibforms.com https://atout.email-match.com https://app.katchup.fr https://s.adroll.com https://i.realytics.io https://dcniko1cv0rz.cloudfront.net https://asset.easydmp.net https://idsync.rlcdn.com https://spl.zeotap.com https://d.adroll.mgr.consensu.org https://d.adroll.com https://sibautomation.com https://*.hotjar.com https://s.pinimg.com https://svht.tradedoubler.com https://cdn.powerspace.com https://*.pwspace.com https://*.clarity.ms https://k.d56net.com https://static.r66net.com https://u.videostep.com https://static.axept.io https://*.matomo.cloud https://conversations-widget.sendinblue.com https://tag.beyable.com https://front.activation.beyable.com https://*.sentry-cdn.com https://*.cuisines-aviva.com https://*.zemanta.com https://cdn.novius.net; object-src 'self'; worker-src 'self' blob:; frame-ancestors 'self' https://idealspaces-cuisines-aviva-prod.2020-platform.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-jqzHuaFPE0NwbEbYp4opBA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' *.bcicentral.com; 1
frame-ancestors 'self'                     https://tijdelijk.rvr.org          https://www.ouders-uit-elkaar.nl          https://ouders-uit-elkaar.nl          https://www.rvr.org          https://rvr.org          https://redactie.rvr.org          https://www.raadvoorrechtsbijstand.org          https://www.bureauwsnp.nl        https://www.bureauwbtv.nl       https://rechtwijzer.nl        https://www.rechtwijzer.nl        https://www.rechtsbijstand.nl        https://rechtsbijstand.nl         https://rvr.iprox.nl         https://redactie-rvr.iprox.nl 1
font-src *.googleapis.com *.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.authorize.net 'self' 'unsafe-inline'; frame-ancestors *.authorize.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.authorize.net *.google.com *.addthis.com *.pinterest.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com *.gstatic.com store.paradoxlabs.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.addthis.com *.pinterest.com *.cdninstagram.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.avada.io *.authorize.net *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com maxcdn.bootstrapcdn.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com https://get.geojs.io *.avada.io *.authorize.net *.cloudflare.com *.paypal.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.ocuco.com cdn.builder.io *.doubleclick.net *.google-analytics.comy;script-src 'self' 'unsafe-eval' 'unsafe-inline' payments.worldpay.com *.googletagmanager.com maps.googleapis.com *.googleadservices.com *.facebook.com *.facebook.net *.bing.com *.jdt8.net *.doubleclick.net *.clarity.ms *.hotjar.com c.amazon-adsystem.com *.quantserve.com rules.quantcount.com *.ccm19.de *.teads.tv cdn.mouseflow.com *.google.com *.fittingbox.com;font-src 'self' fonts.gstatic.com fonts.googleapis.com *.ocuco.com ohdevstorage.blob.core.windows.net;img-src 'self' cdn.builder.io *.ocuco.com *.gstatic.com maps.googleapis.com *.googleadservices.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net *.google.co.uk *.google.ie *.google.be *.google.nl *.google.com *.facebook.com *.facebook.net *.bing.com *.jdt8.net jdt8.net *.doubleclick.net *.googletagmanager.com *.clarity.ms c.amazon-adsystem.com *.quantserve.com rules.quantcount.com *.ccm19.de *.teads.tv *.adyen.com data: ;connect-src 'self' *.ocuco.com cdn.builder.io *.bing.com *.google-analytics.com *.googletagmanager.com maps.googleapis.com *.googlesyndication.com *.analytics.google.com *.google.com *.google.co.uk *.google.ie *.google.be *.google.nl *.g.doubleclick.net *.hotjar.io hotjar.io *.hotjar.com cloud.ccm19.de *.teads.tv *.adyen.com o2.mouseflow.com s.amazon-adsystem.com ara.paa-reporting-advertising.amazon browser-intake-datadoghq.eu;style-src 'self' 'unsafe-inline' fonts.googleapis.com *.googletagmanager.com cloud.ccm19.de *.google.com;object-src data: 'unsafe-eval' cdn.builder.io;frame-src payments.worldpay.com *.doubleclick.net *.ocuco.com *.youtube.com s.amazon-adsystem.com *.teads.tv *.adyen.com;frame-ancestors 'self' *.ocuco.com builder.io *.builder.io;worker-src blob:; 1
default-src 'none'; script-src 'self' 'unsafe-inline' localhost:* dermanostic.com *.dermanostic.com dermanostic-staging.com *.dermanostic-staging.com *.herokuapp.com *.t-systems.com *.storyblok.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.facebook.net *.facebook.com *.tiktok.com *.doubleclick.net *.appsignal-endpoint.net *.amazonaws.com *.userlike.com wss://umd.userlike.com userlike-cdn-umm.b-cdn.net *.youtube.com *.youtube-nocookie.com *.ytimg.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: localhost:* dermanostic.com *.dermanostic.com dermanostic-staging.com *.dermanostic-staging.com *.herokuapp.com *.t-systems.com *.storyblok.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.facebook.net *.facebook.com *.tiktok.com *.doubleclick.net *.appsignal-endpoint.net *.amazonaws.com *.userlike.com wss://umd.userlike.com userlike-cdn-umm.b-cdn.net *.youtube.com *.youtube-nocookie.com *.ytimg.com; font-src 'self' data:; connect-src 'self' data: localhost:* dermanostic.com *.dermanostic.com dermanostic-staging.com *.dermanostic-staging.com *.herokuapp.com *.t-systems.com *.storyblok.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.facebook.net *.facebook.com *.tiktok.com *.doubleclick.net *.appsignal-endpoint.net *.amazonaws.com *.userlike.com wss://umd.userlike.com userlike-cdn-umm.b-cdn.net *.youtube.com *.youtube-nocookie.com *.ytimg.com; base-uri 'self' localhost:* dermanostic.com *.dermanostic.com dermanostic-staging.com *.dermanostic-staging.com *.herokuapp.com *.t-systems.com *.storyblok.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.facebook.net *.facebook.com *.tiktok.com *.doubleclick.net *.appsignal-endpoint.net *.amazonaws.com *.userlike.com wss://umd.userlike.com userlike-cdn-umm.b-cdn.net *.youtube.com *.youtube-nocookie.com *.ytimg.com; form-action 'self' localhost:* dermanostic.com *.dermanostic.com dermanostic-staging.com *.dermanostic-staging.com *.herokuapp.com *.t-systems.com *.storyblok.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.facebook.net *.facebook.com *.tiktok.com *.doubleclick.net *.appsignal-endpoint.net *.amazonaws.com *.userlike.com wss://umd.userlike.com userlike-cdn-umm.b-cdn.net *.youtube.com *.youtube-nocookie.com *.ytimg.com; manifest-src 'self'; frame-src 'self' localhost:* dermanostic.com *.dermanostic.com dermanostic-staging.com *.dermanostic-staging.com *.herokuapp.com *.t-systems.com *.storyblok.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.facebook.net *.facebook.com *.tiktok.com *.doubleclick.net *.appsignal-endpoint.net *.amazonaws.com *.userlike.com wss://umd.userlike.com userlike-cdn-umm.b-cdn.net *.youtube.com *.youtube-nocookie.com *.ytimg.com; worker-src 'self' blob: localhost:* dermanostic.com *.dermanostic.com dermanostic-staging.com *.dermanostic-staging.com *.herokuapp.com *.t-systems.com *.storyblok.com *.cloudfront.net *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.facebook.net *.facebook.com *.tiktok.com *.doubleclick.net *.appsignal-endpoint.net *.amazonaws.com *.userlike.com wss://umd.userlike.com userlike-cdn-umm.b-cdn.net *.youtube.com *.youtube-nocookie.com *.ytimg.com 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com  maps.googleapis.com maps.gstatic.com; font-src 'self' data: fonts.gstatic.com; form-action 'self' *.sofort.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de oppwa.com; frame-ancestors 'self'; img-src 'self' data: consent.cookiefirst.com static.cookiefirst.com *.ads.linkedin.com googleads.g.doubleclick.net www.linkedin.com www.facebook.com ct.pinterest.com oppwa.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de widgets.trustedshops.com *.cdninstagram.com www.google.de www.google.com stats.g.doubleclick.net *.google-analytics.com maps.gstatic.com maps.googleapis.com c-live3a.pcon.eu; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' consent.cookiefirst.com www.google.com www.google.de googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net snap.licdn.com s.pinimg.com oppwa.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de test.oppwa.com oppwa.com *.google-analytics.com www.googletagmanager.com consentcdn.cookiebot.com  googletagmanager.com consent.cookiebot.com maps.googleapis.com widgets.trustedshops.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' consent.cookiefirst.com oppwa.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de hello.myfonts.net fonts.googleapis.com; connect-src 'self' *.analytics.google.com  googleads.g.doubleclick.net www.google.com consent.cookiefirst.com static.cookiefirst.com api.cookiefirst.com edge.cookiefirst.com consentcdn.cookiebot.com ct.pinterest.com www.facebook.com oppwa.com maps.googleapis.com *.google-analytics.com test.vr-pay-ecommerce.de vr-pay-ecommerce.de stats.g.doubleclick.net graph.instagram.com; frame-src 'self' https: oppwa.com test.ppipe.net ppipe.net test.vr-pay-ecommerce.de vr-pay-ecommerce.de *.pcon.eu c-live1b.pcon.eu consentcdn.cookiebot.com ui.pcon-solutions.com c-live3a.pcon.eu; manifest-src 'self'; media-src 'self'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-7H7gQdGfGoA2VBpa3I64TQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
child-src 'self' 1
default-src https:; connect-src https:; font-src https: data:; frame-src https:; frame-ancestors https:; img-src https: data:; media-src https:; object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
default-src 'self' https://ificbank.com.bd https://www.ificbank.com.bd https://www.google-analytics.com https://www.youtube.com/ https://www.google.com https://maps.googleapis.com; script-src * 'self' https://www.ificbank.com.bd https://cdn.datatables.net https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://polyfill.io https://maps.googleapis.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/css/bootstrap-datetimepicker.min.css https://use.fontawesome.com/ea731dcb6f.css https://use.fontawesome.com/releases/v4.7.0/css/font-awesome-css.min.css https://cdn.datatables.net https://cdn.jsdelivr.net https://fonts.googleapis.com https://unpkg.com/swiper/css/swiper.min.css https://cdnjs.cloudflare.com/ajax/libs/ionicons/2.0.1/css/ionicons.min.css 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com; object-src 'self'; img-src 'self' data: https://ificbank.com.bd https://www.ificbank.com.bd https://www.google-analytics.com https://lh3.googleusercontent.com/7KVxxD0HSHA_a1nb3O5xjXyhDojE1lDwdA-f3a5dCZt5351i5cOKnZT_JzIbaBpU6Ds=s180-rw https://maps.googleapis.com https://maps.gstatic.com https://developers.google.com https://cdn.datatables.net; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' c.a.kaldewei.com assets.cdn.kaldewei.com staging.cdn.kaldewei.de kald1.secure2.footprint.net kald-a1.secure2.footprint.net kald-b1.secure2.footprint.net kaldewei-fa1.secure.footprint.net kald.secure2.footprint.net kald-a.secure2.footprint.net kald-b.secure2.footprint.net kaldewei-fa.secure.footprint.net https://www.kaldewei.de *.kaldewei.de https://www.kaldewei.com http://test-lieferzeitenauskunft.kaldewei.de test-lieferzeitenauskunft.kaldewei.de lieferzeitenauskunft.kaldewei.de *.hotjar.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com jwpsrv.com www.polantis.com maps.googleapis.com maps.gstatic.com bat.bing.com https://interaktiv.contilla.de/15012d2d2e303369c8628723/0/webapp.js https://www.recaptcha.net/recaptcha/api.js https://connect.facebook.net/en_US/fbevents.js https://connect.facebook.net/signals/config/206776544034462 privacy-proxy-server.usercentrics.eu privacy-proxy.usercentrics.eu app.usercentrics.eu mediaintelligence.de *.mediaintelligence.de *.min-cdn.net ad4m.at *.ad4mat.net *.adform.net ad.trcksrv.de *.taboola.com; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.ecitizen.gov.sg *.wogaa.sg *.googletagmanager.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.insight.sitefinity.com cdn.jsdelivr.net *.dcube.cloud assets.dcube.cloud *.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net *.googleadservices.com https://snowplow-web.wogaa.sg https://console-flex-api.ap.sabio.cloud https://script.wiz.gov.sg https://rum.browser-intake-datadoghq.com https://ask.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://va.ecitizen.gov.sg *.dcube.cloud https://assets.dcube.cloud/fonts/ *.wogaa.sg *.sg.va.sabio.cloud *.ecitizen.gov.sg *.googleadservices.com https://console-flex-api.ap.sabio.cloud https://script.wiz.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.google.com https://www.googletagmanager.com *.wogaa.sg *.ecitizen.gov.sg *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www-wsg-upgrade-gov-sg-admin.cwp.sg https://www-wsg-upgrade-gov-sg.cwp.sg *.doubleclick.net *.hotjar.com *.eloqua.com track.hubspot.com https://www.google.com.sg www.google.com https://console-flex-api.ap.sabio.cloud *.googleadservices.com https://ask.gov.sg https://logos.ask.gov.sg 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com https://console-flex-api.ap.sabio.cloud *.wogaa.sg *.ecitizen.gov.sg; frame-src https://www.onemap.gov.sg https://www.youtube.com https://www.youtube-nocookie.com/ https://td.doubleclick.net/ 'self' web-chat.nativechat.com; connect-src data: accounts.google.com *.gstatic.com *.ecitizen.gov.sg *.wogaa.sg *.mktoresp.com *.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com https://stats.g.doubleclick.net/ *.hotjar.io *.hotjar.com wss://ws.hotjar.com/api/v2/client/ws https://pagead2.googlesyndication.com *.googleadservices.com https://snowplow-web.wogaa.sg https://console-flex-api.ap.sabio.cloud *.doubleclick.net https://script.wiz.gov.sg https://rum.browser-intake-datadoghq.com https://ask.gov.sg 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.onemap.gov.sg *.ecitizen.gov.sg *.wogaa.sg *.googleadservices.com http://snowplow-web.wogaa.sg https://console-flex-api.ap.sabio.cloud https://web-chat.nativechat.com https://script.wiz.gov.sg 'self' web-chat.nativechat.com; frame-ancestors 'self' https://www.youtube.com 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.gigantits.com/csp-reports; report-to csp-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' d1f0wicopk9vc5.cloudfront.net d20j9xtxuc1as2.cloudfront.net fast.fonts.net www.google.com www.gstatic.com; style-src 'unsafe-inline' *; img-src 'self' admin.aisreporting.com; font-src fast.fonts.net use.typekit.net; frame-src 'self' www.google.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://js.stripe.com https://static.cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com; img-src https://i.creativecommons.org https://licensebuttons.net 'self' data: https://legacy.suttacentral.net https://suttacentral.net; connect-src 'self' https://api.stripe.com https://js.stripe.com https://cloudflareinsights.com https://hcaptcha.com https://*.hcaptcha.com https://raw.githubusercontent.com/suttacentral/editions/main/last_run_date https://*.algolia.net https://*.algolianet.com https://*.algolia.io; style-src 'self' https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; font-src 'self'; frame-src about: https://www.google.com https://js.stripe.com https://hcaptcha.com https://*.hcaptcha.com; object-src 'none'; media-src 'self' https://ia601508.us.archive.org; 1
frame-ancestors 'self' https://kparkfr.sharepoint.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.marker.io su478.infusionsoft.app *.gstatic.com *.amazonaws.com *.doubleclick.net *.freshworks.com livestream.com *.googleadservices.com *.sumo.com www.google.com cdn.jsdelivr.net cdn.plyr.io widget.happyfoxchat.com cdn.datatables.net static.leadpages.net *.issuu.com issuu.com *.vimeo.com code.jquery.com www.googletagmanager.com *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com connect.facebook.net *.stripe.com js.stripe.com fast.wistia.com; frame-src 'self' su478.infusionsoft.app *.google.com *.doubleclick.net *.freshdesk.com http://www.buddhismuskunde.uni-hamburg.de/ livestream.com wisdomexperience.org fast.wistia.com *.issuu.com issuu.com wisdompubs.lpages.co widget.happyfoxchat.com js.stripe.com *.vimeo.com vimeo.com hooks.stripe.com *.youtube.com *.facebook.com s-static.ak.facebook.com; object-src 'self'; 1
default-src	'self'; script-src	'self' 'unsafe-inline'	https://*.clarity.ms	https://*.demdex.net	https://*.onetrust.com	https://tag-logger.demandbase.com	https://tag.demandbase.com	https://web.demandbase.com	https://api.company-target.com/api/v2/ip.json	https://cdn.cookielaw.org/	https://assets.adobedtm.com	https://assets.braintreegateway.com	https://bat.bing.com/	https://c.bing.com	https://cdn.linkedin.oribi.io	https://cm.everesttech.net	https://connect.facebook.net	https://dc.ads.linkedin.com	https://googleads.g.doubleclick.net/	https://gw.linkedin.oribi.io	https://js.adsrvr.org/up_loader.1.1.0.js	https://js.braintreegateway.com	https://maps.googleapis.com	https://sjs.bizographics.com	https://www.google.com/recaptcha/	https://www.google.com	https://www.google.de	https://www.googleadservices.com/	https://www.googletagmanager.com/gtag/	https://www.gstatic.com/recaptcha/	https://www.youtube.com	; style-src	'self' 'unsafe-inline'	assets.braintreegateway.com	https://fonts.googleapis.com	; connect-src	'self'    blob: 	*.braintree-api.com	*.braintreegateway.com	https://*.112.2o7.net	https://*.clarity.ms	https://*.data.adobedc.net	https://*.demdex.net https://cm.everesttech.net	https://*.omtrdc.net	https://*.onetrust.com	https://airfiltration.mann-hummel.com/	https://assets.adobedtm.com	https://c.bing.com	https://cdn.cookielaw.org/	https://cdn.linkedin.oribi.io/	https://dc.ads.linkedin.com/	https://filtron.eu/	https://fleetdirect.mann-hummel.com/	https://gw.linkedin.oribi.io/	https://maps.googleapis.com	https://oem.mann-hummel.com/	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://sjs.bizographics.com/	https://tag-logger.demandbase.com	https://api.company-target.com/api/v2/ip.json	https://tridim.mann-hummel.com/	https://www.facebook.com	https://www.mann-filter.com/	https://www.mann-hummel.com/	; font-src	data:	https://fonts.gstatic.com	; img-src	'self' data:	blob:	assets.braintreegateway.com	https://*.112.2o7.net	https://*.clarity.ms	https://*.data.adobedc.net	https://*.demdex.net	https://*.doubleclick.net	https://*.ggpht.com	https://*.google.com/	https://*.google.de/	https://*.googleapis.com	https://*.omtrdc.net	https://ad.doubleclick.net	https://ad.doubleclick.net	https://ade.googlesyndication.com	https://assets.adobedtm.com	https://bat.bing.com/	https://c.bing.com	https://cm.everesttech.net	https://google.com	https://google.de	https://googleads.g.doubleclick.net	https://i.ytimg.com	https://id.rlcdn.com	https://maps.gstatic.com	https://p.adsymptotic.com	https://px.ads.linkedin.com	https://px4.ads.linkedin.com	https://s7g10.scene7.com	https://s7ips3.scene7.com	https://smetrics.purolatornow.com	https://www.facebook.com	; form-action	'self'; frame-src	'self'	https://www.google.com/recaptcha/	*.braintreegateway.com	https://*.assetsadobe.com	https://*.demdex.net	https://*.doubleclick.net	https://*.scene7.com	https://bid.g.doubleclick.net	https://cdn.linkedin.oribi.io	https://cloud.mann-hummel-filtration.com	https://dc.ads.linkedin.com	https://gw.linkedin.oribi.io	https://recaptcha.google.com/recaptcha/	https://s.company-target.com	https://sjs.bizographics.com	https://www.facebook.com	https://www.nothinggetsbyus.com	https://www.youtube-nocookie.com	; child-src	*.braintreegateway.com	; base-uri 'none'; frame-ancestors 'none'; object-src 'none'; worker-src 'self' blob: ; upgrade-insecure-requests 1
default-src 'self' feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
base-uri 'self'; connect-src 'self' cdn.jsdelivr.net; default-src 'none'; font-src 'self' cdn.jsdelivr.net; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' data:; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self'; upgrade-insecure-requests; 1
default-src https: 'unsafe-eval' 'unsafe-inline' http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; frame-ancestors 'none'; img-src 'self' data: https: 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.in 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.in; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.analytics.google.com https://analytics.google.com *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.in; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.in images.fashiola.in cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors 'self' http://*.letsdeal.com https://*.letsdeal.com 1
default-src 'unsafe-inline' 'unsafe-eval' kamensk-uralskiy.ru *.kamensk-uralskiy.ru http://old.kamensk-uralskiy.ru counter.yadro.ru yandex.ru *.yandex.ru yandex.net *.yandex.net yastatic.net *.yastatic.net google.com *.google.com youtube.com *.youtube.com googleapis.com *.googleapis.com http://googleapis.com http://*.googleapis.com http://html5shim.googlecode.com http://fonts.googleapis.com gstatic.com *.gstatic.com *.stat.sputnik.ru http://stat.sputnik.ru pos.gosuslugi.ru https://glazok.online https://streamer-01.kamensktel.ru:8443 https://unpkg.com data: blob:; report-uri /csp-report 1
default-src 'self' https: data:; connect-src 'self' ws: https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://audi-admin.porsche-holding.com; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.01porno.club:9080 www.01porno.club:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.01porno.club wss://www.01porno.club *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715650309 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-YjMzNWY3Mzg4NWIwNDFlN2EyYmM4ZjIyZDQ3ZDAxOWQ=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.autoriteitnvs.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.autoriteitnvs.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.autoriteitnvs.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://*.elektro-material.ch https://*.hotjar.com https://*.contentsquare.net https://www.googletagmanager.com https://*.pingdom.net https://www.google-analytics.com https://cdn.soft8soft.com https://fast.fonts.net https://*.doubleclick.net https://www.google.com https://start.unblu.com https://www.google.ch https://*.gstatic.com https://*.googleapis.com https://*.youtube.com https://e-m.info/ https://www.youtube-nocookie.com https://visuals.se.com https://www.rexel.de https://js-agent.newrelic.com https://bam.nr-data.net https://shore01.nine.ch https://analytics.google.com https://snap.licdn.com https://*.ads.linkedin.com https://*.linkedin.com https://datawrapper.dwcdn.net https://www.googleadservices.com https://region1.analytics.google.com https://mktdplp102cdn.azureedge.net https://0983555290d14aadaf74e5f590a5bd4d.svc.dynamics.com https://assets-eur.mkt.dynamics.com https://service.ariba.com https://client.prod.repmap.microsoft.com https://critizr.com https://static.critizr.com https://emagpim-1d1da.kxcdn.com https://cdn.goodays.co https://app.goodays.co https://map.geo.admin.ch https://elektro-material.solarprotool.com https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://public-eur.mkt.dynamics.com; base-uri 'self'; 1
frame-ancestors 'self' https://holzmarkt-huber.de 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream:; 1
default-src 'self' *.googleapis.com *.lndgcp.com *.tealiumiq.com https://www.google-analytics.com https://analytics.google.com; script-src 'self' 'nonce-Y2Y1Yjk3MzItNzVlOS00MjczLWI1M2EtZjNkMzJlYjkzNmMy' 'unsafe-inline' 'unsafe-eval' www.achieve.com embed.hifiona.com *.youtube.com *.disquscdn.com *.disqus.com *.bills.com  *.tealiumiq.com  https://tags.bills.com  https://www.googletagmanager.com *.tiqcdn.com frefi.sv.rkdms.com connect.facebook.net embed.evenfinancial.com embed.hifiona.com; connect-src 'self' *.ffngcp.com api.hsh.com https://noembed.com *.disqus.com www.google-analytics.com *.tealiumiq.com analytics.google.com www.nextinsure.com *.doubleclick.net; frame-src 'self' disqus.com *.youtube.com *.google.com embed.hifiona.com www.hsh.com embed.evenfinancial.com embed.calculoid.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://c.disquscdn.com; font-src 'self' https://fonts.gstatic.com; media-src 'self' *.youtube.com; object-src 'self' blob: data:; worker-src 'self' blob:; frame-ancestors 'self'; img-src * data:; 1
frame-ancestors www-dev.redcapcloud.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' nam02.safelinks.protection.outlook.com *.facebook.com news.vin.com fast.fonts.net cdnjs.cloudflare.com cdn.jsdelivr.net ajax.googleapis.com belfius.be fonts.googleapis.com *.typekit.net *.blob.core.windows.net linkedin.com *.google.com *.google.be febiac.be fonts.gstatic.com *.azurewebsites.net *.googletagmanager.com cdn.cookielaw.org data: service.force.com *.salesforceliveagent.com *.force.com *.my.site.com *.corona.be *.hotjar.com *.doubleclick.net *.google-analytics.com bat.bing.com privacyportal-eu.onetrust.com *.hotjar.io *.youtube.com *.rockestate.be *.my.salesforce.com *.gstatic.com static.ads-twitter.com snap.licdn.com analytics.twitter.com t.co *.googleadservices.com *.facebook.net cdn.linkedin.oribi.io px.ads.linkedin.com wss://ws.hotjar.com api.corona.be *.analytics.google.com *.belfiusdirect.be code.jquery.com *.taboola.com *.outbrain.com *.teads.tv secure.adnxs.com bdt9.net 1
default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; form-action 'self'; frame-src 'self' https:; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mast.lat; img-src 'self' https: data: blob: https://mast.lat; style-src 'self' https://mast.lat 'nonce-hiZOOKxknC6GSOW5n/qtYg=='; media-src 'self' https: data: https://mast.lat; frame-src 'self' https:; manifest-src 'self' https://mast.lat; form-action 'self'; child-src 'self' blob: https://mast.lat; worker-src 'self' blob: https://mast.lat; connect-src 'self' data: blob: https://mast.lat https://media.mast.lat wss://mast.lat; script-src 'self' https://mast.lat 'wasm-unsafe-eval' 1
default-src 'none'; base-uri 'self'; form-action 'self'; frame-src 'self' https://*.stripe.com https://js.stripe.com https://hooks.stripe.com; connect-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'nonce-QhHBpjoH9eFSHHLw7fyLKQQb' 'sha256-ZqyIDH2pz2dabHLATvIMI+M5z7jjrcquw5wyjnaWtzy=' https://js.stripe.com; img-src 'self' data:; 1
frame-ancestors 'self' https://www.medniekiem.lv 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://berserker.town; img-src 'self' data: blob: https://berserker.town https://media.berserker.town; style-src 'self' https://berserker.town 'nonce-/YG3EruADdi7KEFD/Gxlug=='; media-src 'self' data: https://berserker.town https://media.berserker.town; frame-src 'self' https:; manifest-src 'self' https://berserker.town; form-action 'self'; child-src 'self' blob: https://berserker.town; worker-src 'self' blob: https://berserker.town; connect-src 'self' data: blob: https://berserker.town https://media.berserker.town wss://berserker.town; script-src 'self' https://berserker.town 'wasm-unsafe-eval' 1
object-src 'self';script-src * 'unsafe-eval' 'unsafe-inline' data: blob:; 1
upgrade-insecure-requests; default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report; 1
script-src 'unsafe-inline' https://www.porticolegal.com https://extranet.porticolegal.com *.googlesyndication.com *.google.com *.google.es *.doubleclick.net *.gstatic.com www.googletagmanager.com www.google-analytics.com *.ampproject.org; 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; img-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
default-src https: 'unsafe-inline'; worker-src https:; media-src https:; script-src https: 'unsafe-inline'; img-src https:; 1
default-src 'self'; img-src https: data:; child-src https:; script-src https: *.js 'unsafe-inline' 'unsafe-eval' ; connect-src https:; worker-src https: blob: data:; style-src 'self' 'unsafe-inline'; 1
default-src * data: blob: ; script-src * 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'unsafe-inline' data: ; frame-ancestors 'none'; object-src 'none' ; base-uri 'self' 1
default-src 'self'  https://www.google.com  https://www.googletagmanager.com https://www.gstatic.com https://i.ytimg.com https://www.youtube.com https://www.google-analytics.com https://www.el-mouradia.dz https://*.el-mouradia.dz https://el-mouradia.dz https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google.com  https://www.gstatic.com  https://*.el-mouradia.dz https://el-mouradia.dz https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'  https://fonts.googleapis.com https://*.el-mouradia.dz https://el-mouradia.dz https://fonts.gstatic.com 1
frame-ancestors 'self' emaillistverify.com *.emaillistverify.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*.paperflite.com https://*.acrolinx.com 1
default-src 'none';img-src 'self';report-uri https://appn.center/csp 1
frame-ancestors 'self' https://www.reifenmall.de https://www.brocat-reifen.de https://www.hu-reifen-auto-service.de https://www.reifenbilliger.at https://www.filstalraeder.de https://tyre24.alzura.com https://autohaus-cbm.de https://www.abc-reifen.de https://atz-autoteile-remseck.de https://www.tuningcard.de https://www.barec.de https://www.tuniq.de https://www.reifengrosshandel.de https://www.tyre24.com https://svperformance.de https://www.zack-reifen.de https://reifen-tritsch.de https://tritsch.schelb.eu https://www.dns-reifen.de https://deutschefelgen.de https://dns-group24.de https://autoko-marburg.de https://www.reifenklaus.at https://www.reifenmonster.de https://www.pneu-ebneter.ch; 1
default-src 'self' cdn.wcc.heine-shop.nl https://cdn.wcc.heine-shop.nl/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.heine-shop.nl https://fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.heine-shop.nl/graphql cdn.wcc.heine-shop.nl cdn.witt.info/ https://images.ctfassets.net te.heine-shop.nl tp.heine-shop.nl wasp.heine-shop.nl wst.heine-shop.nl https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.heine-shop.nl https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.heine-shop.nl https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.heine-shop.nl checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.heine-shop.nl https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io;    media-src 'self' cdn.wcc.heine-shop.nl cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.heine-shop.nl *.dixa.io;    worker-src 'self' cdn.wcc.heine-shop.nl blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tgbwidget.com https://payments.worldpay.com https://platform.twitter.com https://cdn.worldpay.com https://www.paypal.com https://www.paypalobjects.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://optimize.google.com https://tagmanager.google.com  https://www.googletagmanager.com https://ssl.google-analytics.com/ https://connect.facebook.net/ https://www.googleoptimize.com/ https://www.googleadservices.com/ https://connect.facebook.net https://www.mytennights.com https://zakatcalculator.co.uk https://*.hotjar.com https://bat.bing.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.usemessages.com https://js.hs-analytics.net https://js.hs-banner.com https://googleads.g.doubleclick.net https://mytendays.com/ https://*.quantserve.com https://*.quantcount.com https://*.tvsquared.com; object-src 'self' 1
frame-ancestors 'self'; frame-src 'self' https://*.draw.io https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://embed.diagrams.net; script-src http: https: 'nonce-Va4E734JDf4ucDoZue4qUycw' 'strict-dynamic'; object-src 'self'; base-uri 'self' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://chatbotslife.com https://*.chatbotslife.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' blob: 'unsafe-inline'; frame-src https: data:; style-src https: 'unsafe-inline'; img-src https: data: blob:; media-src https: data: blob:; font-src https: data:; connect-src https: wss:; child-src https: blob:; object-src 'none'; frame-ancestors 'self' https://account.automotivelogistics.media https://eme.abacusemedia.com; 1
report-uri /csp-report; default-src 'self' https://shop.stpancras.com https://google.co.uk https://www.google.co.uk https://www.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net/en_US/fbevents.js https://d10lpsik1i8c69.cloudfront.net/w.js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.googletagmanager.com/gtag/js https://js.createsend1.com/javascript/copypastesubscribeformlogic.js https://*.hotjar.com maps.googleapis.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' http://admin.highspeed1.co.uk https://createsend.com https://maps.googleapis.com https://settings.luckyorange.net https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://*.hotjar.io https://*.google-analytics.com https://*.analytics.google.com wss://ws.hotjar.com https://*.google.co.uk https://*.doubleclick.net; font-src 'self' https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://widget-3bcbfadb1b0e462e809ce25304fd6efd.elfsig.ht https://map.stpancras.com https://*.doubleclick.net; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com www.googletagmanager.com img.fat.dev; manifest-src 'self'; media-src 'self'; worker-src 'self'; upgrade-insecure-requests 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.cookielaw.org https://js.intercomcdn.com https://maps.googleapis.com https://widget.intercom.io https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://bat.bing.com https://static.hotjar.com https://cdn.taboola.com https://www.google-analytics.com https://*.analytics.google.com https://script.hotjar.com https://trc.taboola.com; style-src 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://api-iam.intercom.io https://cdn.cookielaw.org https://maps.googleapis.com https://privacyportal-eu.onetrust.com wss://nexus-websocket-a.intercom.io https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net https://cdn.linkedin.oribi.io https://trc-events.taboola.com https://www.facebook.com https://geolocation.onetrust.com; font-src 'self' https://fonts.intercomcdn.com; frame-src 'self' https://www.facebook.com; img-src 'self' data: https://*.kinstacdn.com https://cdn.cookielaw.org https://downloads.intercomcdn.com https://static.intercomassets.com https://*.google-analytics.com https://bat.bing.com https://px.ads.linkedin.com https://www.facebook.com https://www.googletagmanager.com https://www.google.com https://www.google.de https://maps.googleapis.com https://*.analytics.google.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' i3.wp.com i0.wp.com *.redcross.or.th *.google.com *.powr.io *.googleapis.com fonts.googleapis.com *.google-analytics.com *.googleapis.com *.truehits.in.th *.bootstrapcdn.com *.google.com *.gstatic.com *.googletagmanager.com cdnjs.cloudflare.com connect.facebook.net; frame-src 'self' *.powr.io *.googleapis.com *.google-analytics.com *.googleapis.com *.bootstrapcdn.com *.redcross.or.th *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com *.facebook.com *.twitter.com *.vimeo.com s-static.ak.facebook.com; object-src 'self' 1
default-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://*.paypal.com https://*.doofinder.com ; font-src 'self' data: blob: https://fonts.gstatic.com https://static3.avast.com ;img-src 'self' 'unsafe-inline' data: https://www.boesner.fr https://fonts.gstatic.com https://axeptio.imgix.net https://t0.gstatic.com https://t1.gstatic.com https://t2.gstatic.com https://t3.gstatic.com https://t4.gstatic.com https://*.clarity.ms https://cl.avis-verifies.com http://cl.avis-verifies.com https://www.netreviews.eu http://www.netreviews.eu https://www.avis-verifies.com http://www.avis-verifies.com https://www.google-analytics.com http://www.google-analytics.com https://www.google.com http://www.google.com https://www.google.fr http://www.google.fr http://www.google.tn https://www.google.tn https://stats.g.doubleclick.net http://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://www.facebook.com https://www.facebook.net http://www.paypal.com http://t.paypal.com http://bat.bing.com https://www.paypalobjects.com https://cdn.doofinder.com https://eu1-layer.doofinder.com https://eu1-doofinderuser.s3.amazonaws.com https://*.bing.com https://*.my-probance.one https://*.pinterest.com ;frame-src 'self' https://www.avis-verifies.com http://www.avis-verifies.com https://www.send-up.net https://*.doubleclick.net https://www.youtube.com https://www.youtu.be https://www.google.com https://www.facebook.com https://www.facebook.net https://vars.hotjar.com http://www.paypal.com http://t.paypal.com https://*.pinterest.com ;connect-src 'self' https://client.axept.io https://static.axept.io https://api.axept.io https://*.clarity.ms https://*.google-analytics.com https://*.analytics-google.com https://*.analytics.google.com https://*.googlesyndication.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.paypal.com https://www.facebook.com https://in.hotjar.com https://*.pinterest.com https://cdn.doofinder.com https://eu1-layer.doofinder.com ws://eu1-layer.doofinder.com wss://eu1-layer.doofinder.com https://eu1-widget.doofinder.com/ ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cl.avis-verifies.com http://cl.avis-verifies.com https://www.avis-verifies.com http://www.avis-verifies.com https://www.netreviews.eu http://www.netreviews.eu https://www.avis-verifies.com http://www.avis-verifies.com https://www.googletagmanager.com https://www.paypalobjects.com http://www.paypalobjects.com https://www.paypal.com/sdk/jshttps://www.paypal.com http://www.paypal.com https://www.google-analytics.com http://www.google-analytics.com https://ssl.google-analytics.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.gstatic.com https://www.youtube.com https://www.google.com https://www.google.fr https://www.youtu.be https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://maps.googleapis.com https://developers.google.com https://bat.bing.com https://www.facebook.net https://connect.facebook.net https://cdn.doofinder.com https://eu1-layer.doofinder.com https://cdn.doofinder.com/livelayer/1/js/loader.min.js https://bat.bing.com/bat.js https://static.hotjar.com/c/hotjar-1500323.js https://script.hotjar.com/modules.6d6d0fb9462e12691e7f.js https://*.hotjar.com http://www.paypal.com http://t.paypal.com http://static.axept.io/sdk.js https://*.clarity.ms https://*.pinimg.com ; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.changingcourses11.com https://www.roadmap11.com https://www.changingthescript11.com 1
frame-ancestors https://hospitality-on.com https://store.hospitality-on.com 1
frame-ancestors http://bindy.com/ http://*.bindy.com/ 1
default-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com           https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local   https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com        https://*.carewebqi.com      wss://*.myidentifi.com data:  blob: ; style-src 'self' 'unsafe-inline'  https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data: blob:  ; img-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local   https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; font-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; connect-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.service.signalr.net wss://*.service.signalr.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com          https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; media-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local   https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data:  blob: ; child-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local   https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com         https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; frame-src 'self' https://myidentifi.com https://*.myidentifi.com https://*.evolenthealth.com https://*.azurewebsites.net https://*.microsoft.com https://*.microsoftonline.com https://*.googleapis.com https://*.gstatic.com https://*.visualstudio.com https://*.services.visualstudio.com https://*.cloudflare.com https://*.chicago.local  https://integ.cue4.com  https://integ.iqc.awsprod.healthcareit.net    https://*.healthcareit.net   https://*.jquery.com     https://*.cue4.com           https://*.carewebqi.com      wss://*.myidentifi.com data:  blob:  ; 1
frame-ancestors 'self' https://www.linerset.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://legalbetby.push4site.com https://push4site.com https://static.cloudflareinsights.com https://*.gr-cdn.com https://*.ytimg.com http://awards.ratingruneta.ru https://cbzxy.com cdn3.caltat.com https://*.legalcdn.org https://*.legalcdn.com https://static.legalcdn.org https://snap.licdn.com https://px.ads.linkedin.com https://web.legalcdn.org https://*.twimg.com https://platform.twitter.com https://yastatic.net https://mc.yandex.com https://*.yandex.ru https://*.me-talk.ru *.cloudflare.com https://me-talk.ru https://*.intelcdn.com https://*.playbuzz.com https://*.youtube.com http://pollservice.ru https://*.vk.com https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://*.instagram.com https://web.legalcdn.org http://ulogin.ru https://ulogin.ru https://*.gstatic.com https://*.google.com https://*.yandex.net https://e.infogram.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; frame-src 'self' https://www.youtube-nocookie.com/  https://*.soundcloud.com https://*.yandex.ru http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.me-talk.ru https://*.instagram.com https://ulogin.ru https://*.youtube.com https://*.facebook.com https://*.twitter.com https://vimeo.com https://rutube.ru https://playbuzz.com https://connect.facebook.net https://web.legalcdn.org https://www.playbuzz.com/ https://*.gstatic.com https://*.google.com https://*.yandex.net https://e.infogram.com https://*.gr-cdn.com https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; object-src 'self' https://*.legalcdn.com https://*.legalcdn.org http://awards.ratingruneta.ru https://*.youtube.com https://web.legalcdn.org https://static.legalcdn.org https://web.legalcdn.org https://*.gstatic.com https://*.google.com https://*.yandex.net https://*.getresponse.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; child-src 'self' blob: http://awards.ratingruneta.ru https://mc.yandex.ru https://mc.yandex.com https://mc.webvisor.com https://mc.webvisor.org https://*.getresponse.com https://*.gr-cdn.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; worker-src 'self' blob: https://legalbetby.push4site.com https://push4site.com https://*.getresponse.com https://*.gr-cdn.com https://*.legalbet-subscription.com https://*.gr-cdn-e.eu https://*.getresponse360.pl; report-uri /csp-report/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://slate-nichols-edu.cdn.technolutions.net  https://mx.technolutions.net https://www.google-analytics.com https://connect.facebook.net https://www.googletagmanager.com https://slate.nichols.edu https://25livepub.collegenet.com https://www.shoppingsheet.com https://www.google.com https://www.gstatic.com https://*.fontawesome.com https://googleads.g.doubleclick.net https://www.clickcease.com; style-src 'self' 'unsafe-inline' https://fw.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://slate-technolutions-net.cdn.technolutions.net https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://www.shoppingsheet.com https://*.fontawesome.com; img-src 'self' data: https://nichols.instructuremedia.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://www.facebook.com https://25livepub.collegenet.com https://i.ytimg.com https://*.cdninstagram.com https://*.fbcdn.net https://*.wpmudev.org https://wpmudev.com https://*.vimeocdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://*.fontawesome.com; connect-src 'self' https://analytics.google.com https://www/facebook.com https://slate.nichols.edu https://slate-nichols-edu.cdn.technolutions.net https://mx.technolutions.net https://stats.g.doubleclick.net https://www.google-analytics.com https://25livepub.collegenet.com https://graph.facebook.com https://wpmudev.com https://*.yoast.com https://*.fontawesome.com; frame-src 'self' https://slate.nichols.edu https://www.facebook.com https://www.youtube-nocookie.com https://www.youtube.com https://www.paycomonline.net https://player.vimeo.com https://vimeo.com/ https://www.google.com https://www.shoppingsheet.com https://*.fls.doubleclick.net https://*.doubleclick.net; frame-ancestors 'self'; media-src 'self'; 1
default-src 'self'; script-src 'self' 'nonce-NhcC5w1WmyagtUhMwFFV8s9H5pNYFgRu' 'strict-dynamic' https://www.googletagmanager.com https: http: 'unsafe-inline' ; connect-src 'self' https://6c82ya5gbl.execute-api.ap-east-1.amazonaws.com https://dfcorpdev.prod.acquia-sites.com https://dfcorp.prod.acquia-sites.com https://dfcorpstg.prod.acquia-sites.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; script-src-elem 'self' https://*.googletagmanager.com https://*.google-analytics.com 'sha256-FLy/XwC4dpmBAvNgIK/7H0utf6GANtX/vR8Osqmi5tY='; style-src 'self' https: http: 'unsafe-inline'; img-src 'self' blob: data: https://dfcorpdev.prod.acquia-sites.com https://dfcorp.prod.acquia-sites.com https://dfcorpstg.prod.acquia-sites.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; object-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https:; style-src 'self' 'unsafe-inline' https:; 1
default-src 'self' data: 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com anonyome.us2.list-manage.com; style-src 'self' 'unsafe-inline' 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com; connect-src 'self' cognito-identity.us-east-1.amazonaws.com pinpoint.us-east-1.amazonaws.com 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com; font-src 'self' data: fonts.gstatic.com 3xv7fu3z8yim1bz9jt1v7ro7-wpengine.netdna-ssl.com; object-src cognito-identity.us-east-1.amazonaws.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://manage.fleetmaintenance.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https: data: maps.google.com *.doubleclick.net *.googletagmanager.com *.googleapis.com yottlyscript.com hd.koloo.net *.youtube.com *.google-analytics.com cookies.praguebest.cz mczbf.com kdukvh.com emjcd.com cj.dotomi.com members.cj.com fonts.gstatic.com 'self' wss://* 'unsafe-eval' 'unsafe-inline'; object-src 'none'; report-uri https://bambule.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.senategop.local https://*.pasenategop.com https://*.addtoany.com https://*.bootstrapcdn.com *.cloudflare.com *.facebook.com *.facebook.net https://*.fbcdn.net https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.gstatic.com https://*.infogram.com https://*.livestream.com https://livestream.com https://*.newrelic.com https://*.bam.nr-data.net https://*.soundcloud.com https://*.teleforumonline.com https://*.typekit.net *.twitter.com https://*.videolinq.net https://*.vimeo.com *.wistia.com; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; font-src * 'self' data:;; media-src https://*.pasenategop.com https://*.infogram.com https://*.videolinq.net https://*.vimeo.com *.wistia.com; frame-src 'self' *.senategop.local https://*.pasenategop.com https://*.addtoany.com *.facebook.com *.facebook.net https://*.fbcdn.net https://*.google.com https://*.infogram.com https://*.livestream.com https://livestream.com https://*.ohiochannel.org https://*.soundcloud.com https://*.teleforumonline.com https://*.typekit.net *.twitter.com https://vekeo.com https://*.vekeo.com https://*.videolinq.net https://*.vimeo.com https://*.youtube.com https://youtu.be *.wistia.com; frame-ancestors * 'self'; child-src * blob:; connect-src * 1
frame-ancestors 'self' wa.gov.au www.wa.gov.au 1
frame-ancestors 'self' https://*.ledisharm.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' data:  cdn.jsdelivr.net code.jquery.com  cdnjs.cloudflare.com  cdn.datatables.net www.google.com www.google-analytics.com/analytics.js api.bigzeta.com cdn.bigzeta.com www.gstatic.com www.googletagmanager.com cdn.paddle.com store.tms-plugins.com  www.googletagmanager.com www.gstatic.com/recaptcha emails.micross.com maps.googleapis.com www.google.com/* www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js *.gstatic.com/feedback/ www.gstatic.com/recaptcha/releases/iSHzt4kCrNgSxGUYDFqaZAL9/recaptcha__en.js www.gstatic.com/recaptcha/releases/6TWYOsKNtRFaLeFqv5xN42-l/recaptcha__en.js ajax.googleapis.com; style-src 'self' 'unsafe-inline'  cdn.datatables.net  https://code.jquery.com https://fonts.googleapis.com https://www.google.com https://hello.myfonts.net/count/35217e store.tms-plugins.com; font-src 'self' data: *; default-src 'self' * 127.0.0.1; img-src 'self' https: data:; child-src data:; media-src data: *; frame-src 'self' www.google.com/ analytics.clickdimensions.com/microsscom-afkiz/ www.youtube.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *;     img-src * data:;     object-src 'none';      1
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.altice.pt https://*.meo.pt https://*.byside.com wss://s1.byside.com https://cdn-api-weglot.com https://*.google-analytics.com https://*.analytics.google.com https://*.inmobi.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://*.weglot.com https://*.doubleclick.net https://gateway.zscaler.net; default-src 'self'; font-src 'self' data: https://*.altice.pt https://fonts.gstatic.com https://gateway.zscaler.net; form-action 'self' https://s1.byside.com https://gateway.zscaler.net; frame-ancestors 'self' https://www.altice.pt https://gateway.zscaler.net; frame-src 'self' https://s1.byside.com https://cdn.embedly.com https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://gateway.zscaler.net; img-src 'self' data: https:; media-src 'self' data:; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/Oy7m2UgneY/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.altice.pt https://*.meo.pt https://*.byside.com https://*.google-analytics.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://*.inmobi.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.weglot.com https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org; style-src 'self' 'unsafe-inline' https://*.altice.pt https://fonts.googleapis.com https://www.gstatic.com https://cdn.weglot.com https://gateway.zscaler.net; worker-src 'self'; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self' data:; frame-src *; frame-ancestors 'self' 1
default-src 'self' *.unum.com about: ; style-src 'self' 'unsafe-inline' translate.googleapis.com www.riddle.com fonts.googleapis.com tagmanager.google.com unumux.github.io optimize.google.com; media-src 'self' 'unsafe-inline' data: vod-progressive.akamaized.net player.vimeo.com; font-src 'self' data: fonts.gstatic.com www.unum.com unum.com zip.co at.alicdn.com themes.googleusercontent.com; frame-src 'self' https://app.teamwalnut.com/ https://outlook.office365.com edge.addthis.com mozbar.moz.com gateway.zscaler.net gateway.zscloud.net gateway.zscalertwo.net maps.google.com www.youtube.com www.google.com googleads.g.doubleclick.net www.facebook.com tpc.googlesyndication.com www.googletagmanager.com bid.g.doubleclick.net s7.addthis.com vimeo.com player.vimeo.com *.buzzsprout.com gateway.zscalerthree.net *.invisionapp.com *.unum.com *.ceros.com *.axshare.com strawpoll.com *.strawpoll.com *.riddle.com https://21775334.fs1.hubspotusercontent-na1.net/; child-src 'self' 'unsafe-inline' www.riddle.com www.youtube.com *.google.com www.google.com *.addthis.com *.vimeo.com bid.g.doubleclick.net www.buzzsprout.com *.doubleclick.net outlook.office365.com www.enrollunum.com *.invisionapp.com *.axshare.com *.unum.com *.ceros.com *.facebook.com; img-src 'self' 'unsafe-inline' ssl.google-analytics.com www.google.lu www.google.lk www.google.com.lb www.google.cl www.google.mv www.google.hu www.google.co.ao about:  www.google.ge www.google.fi www.google.com.ar www.google.cn www.google.com.bd www.google.iq www.google.az www.google.co.zw www.google.dk www.google.com.et www.google.no translate.google.com www.google.rs www.google.ro www.google.gg www.google.com.na www.google.com.tw www.google.com.br www.google.com.co www.google.com.pr www.google.ae www.google.com.mx px4.ads.linkedin.com www.google.com.pa i.ytimg.com www.google.com.eg www.google.co.jp www.google.co.id www.google.pt www.google.com.np www.google.ru www.google.la www.google.mg www.google.co.ke www.google.se www.google.com.af www.google.co.nz apply.indeed.com www.google.com.kh www.google.gr www.google.com.ua www.google.com.my www.google.com.au www.google.at www.google.ie www.google.com.ph www.google.com.pk www.google.co.th www.google.it www.google.es www.google.pl www.google.com.gh www.google.be www.google.com.tr www.google.nl www.google.co.za www.google.ch www.google.fr www.google.co.uk www.google.com.sg www.google.co.in www.google.ca www.google.de region1.google-analytics.com px.ads.linkedin.com thumbs.dreamstime.com unumux.github.io www.facebook.com *.unum.com data: *.adnxs.com secure.adnxs.com p.adsymptotic.com q.quora.com bat.bing.com apt.techtarget.com c.clarity.ms www.google-analytics.com https://www.google.com/ads/ga-audiences www.google.com www.pages01.net c.bing.com www.facebook.com www.linkedin.com *.agkn.com ads.stickyadstv.com bcp.crwdcntrl.net *.krxd.net ce.lijit.com *.doubleclick.net eb2.3lift.com *.pro-market.net idsync.rlcdn.com *.pubmatic.com loadm.exelator.com pippio.com pixel.rubiconproject.com pixel.tapad.com simplifi.partners.tremorhub.com stags.bluekai.com sync.bfmio.com *.intentiq.com sync.mathtag.com sync.search.spotxchange.com *.openx.net ups.analytics.yahoo.com www.googleadservices.com *.simpli.fi www.googletagmanager.com stats.g.doubleclick.net/r/ ssl.gstatic.com www.gstatic.com *.vimeocdn.com track.hubspot.com forms.hsforms.com https://stats.g.doubleclick.net/r/collect blob: *.cookielaw.org; base-uri 'self'; form-action 'self' 'unsafe-inline' *.enrollunum.com *.facebook.com; connect-src 'self' paapi6885.d41.co forms.hscollectedforms.net translate.googleapis.com get663.com www.google.com https://stats.g.doubleclick.net/j/collect https://ampcid.google.com adservice.google.com region1.google-analytics.com www.facebook.com m.addthis.com *.clarity.ms stats.g.doubleclick.net bat.bing.com forms.hubspot.com js.hs-banner.com api.hubapi.com www.googletagmanager.com www.google-analytics.com api-public.addthis.com *.techtarget.com *.oribi.io *.cookielaw.org *.onetrust.com *.unum.com; object-src 'none'; frame-ancestors 'self' https://www.unum.com www.unum.com https://www.unum.com/ unum.com; script-src 'self' code.jquery.com ecf.d41.co id.rlcdn.com v2.d41.co paapi6885.d41.co player.vimeo.com www.google.com/recaptcha/api.js 'sha256-YD1Hat8Jl5d2adEEnk3atErmhqmd+ZSwfv7Mey6W0t0=' 'sha256-GmB3Q3eaRbAvu89uKL6mhLgGv5dDSM18NJfw3I69gVA=' 'sha256-k7lZuo1pbfZ3xvCsJTzcMCZ3OB8G/4AX0mxemohQZWM=' 'sha256-1QEhYYX0CJvwxyfyqJ/CWBuBwhurqZ1B/jG1mug54dg=' 'sha256-Jo4gzdbfX/RP4su7nmC1wmhndJsLdy7fxlKtJEbjD1o=' 'sha256-tKmfqCwfZRx7BMMA04jDrxzOfHbyETGOPe4fASTbF4w=' 'sha256-/DOuCWKJXKDCHZMTdbC4RO44a5+mmJ6C0TlyWO4kTNY=' 'nonce-k1a4B/KmGOxiMta34bLSATkFVz0=' 'unsafe-eval'  get663.com translate.googleapis.com secure.adnxs.com https://ssl.google-analytics.com www.riddle.com *.cloudflare.com *.addthisedge.com *.moatads.com *.addthis.com cdn.amcharts.com snap.licdn.com google-analytics.com www.google-analytics.com tagmanager.google.com ajax.googleapis.com www.googleadservices.com googletagmanager.com www.googletagmanager.com www.sc.pages01.net www.sc.pages02.net unumux.github.io  connect.facebook.net bat.bing.com extend.vimeocdn.com trk.techtarget.com bat.bing.com stats.g.doubleclick.net *.clarity.ms googleads.g.doubleclick.net www.googleoptimize.com *.vimeo.com *.simpli.fi optimize.google.com js-na1.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.hs-banner.com z.moatads.com apis.google.com about: *.cookielaw.org; script-src-attr 'unsafe-inline' 'unsafe-hashes'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://zug.network; img-src 'self' https: data: blob: https://zug.network; style-src 'self' https://zug.network 'nonce-sp1QPWgYNfy2TQiL87jqmw=='; media-src 'self' https: data: https://zug.network; frame-src 'self' https:; manifest-src 'self' https://zug.network; form-action 'self'; child-src 'self' blob: https://zug.network; worker-src 'self' blob: https://zug.network; connect-src 'self' data: blob: https://zug.network https://zug.network wss://zug.network; script-src 'self' https://zug.network 'wasm-unsafe-eval' 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src *; connect-src *; object-src *; frame-ancestors *; worker-src blob: 1
report-uri https://energynet.report-uri.com/r/t/csp/enforce; connect-src 'self' https://cloudflareinsights.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net; frame-src 'self'; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com; object-src 'none'; script-src 'self' 'sha256-nhcKIbtnzPfcqxIscm5yY3EFpF2JM1Cvqbejg2mgwf0=' 'sha256-IWdTZJ/cxs4GW8VQULTZgBujunCcWbVUSVrANHNHl34=' 'report-sample' https://static.cloudflareinsights.com 'nonce-f33ad8eb49e2345f' https://*.googletagmanager.com https://cdn.jsdelivr.net 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com 'report-sample' https://use.typekit.net https://p.typekit.net 'unsafe-eval' https://cdn3.devexpress.com https://cdn.jsdelivr.net; worker-src 'self'; 1
frame-ancestors 'self' https://tacho.rosenberger.digital; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' screenshots.bugherd.com ws.pusherapp.com bugherd-attachments.s3.amazonaws.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net d2wy8f7a9ursnm.cloudfront.net http: https: https://www.hulpmiddelwereld.nl/ https://*.hotjar.com *.google.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' d2iiunr5ws5ch1.cloudfront.net blob: https: 'unsafe-inline' https://www.hulpmiddelwereld.nl/ https://*.hotjar.com *.google.com *.googleapis.com; img-src data: http: https: https://*.hotjar.com *.google.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com fonts.googleapis.com www.bugherd.com d2iiunr5ws5ch1.cloudfront.net https://*.hotjar.com; frame-src app.aiden.cx assets.braintreegateway.com *.youtube.com *.youtu.be https://youtu.be *.vimeo.com https://*.hotjar.com https://www.facebook.com *.google.com consentcdn.cookiebot.com; connect-src 'self' 'unsafe-inline' *.convertexperiments.com www.bugherd.com bugherd-attachments.s3.amazonaws.com ws.pusherapp.com wss://ws.pusherapp.com https://sockjs.pusher.com screenshots.bugherd.com sessions.bugsnag.com ws://api.qooqie.com *.google-analytics.com *.amazonaws.com *.googlesyndication.com squeezely.tech https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.nr-data.net *.google.com *.hulpmiddelwereld.nl *.hulpmiddelwereld.be *.doubleclick.net https://www.facebook.com *.zendesk.com *.zdassets.com wss://widget-mediator.zopim.com consentcdn.cookiebot.com *.googleusercontent.com; 1
frame-ancestors 'self' https://*.dogorama.app 1
script-src 'self' https: 'unsafe-inline'; frame-src 'self' https: 1
frame-ancestors 'self' *.everwisecu.com *.zagclients.net 1
default-src 'self' 'unsafe-inline' *.vimeo.com *.hotjar.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com https://unieksporten.blob.core.windows.net *.youtube.com ; media-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://scribit-pro-hosting.storage.googleapis.com *.hpsindustrial.nl *.scribit.pro *.unieksporten.nl *.kommunicate.io *.readspeaker.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://if-cdn.com *.tiktok.com *.scribit.pro *.cookiebot.com *.botcopy.com *.vimeo.com *.unieksporten.nl *.leadfamly.com https://z.moatads.com/addthismoatframe568911941483/moatframe.js  https://cdn.applozic.com https://cdnjs.cloudflare.com *.kommunicate.io http://*.hotjar.com https://*.hotjar.com *.bbvms.com *.ip-studio.nl https://connect.facebook.net *.typekit.net *.twimg.com *.instagram.com *.twitter.com *.addthis.com *.linkedin.com *.facebook.com *.addthisedge.com *.googleadservices.com https://www.google-analytics.com *.youtube.com  https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl *.google.com https://www.googletagmanager.com https://maps.googleapis.com *.gstatic.com https://media.readspeaker.com *.blueconic.net *.readspeaker.com ; frame-src 'self' 'unsafe-inline' data: https://if-cdn.com https://unieksporten.blob.core.windows.net *.scribit.pro *.twitch.tv *.vimeo.com https://vimeo.com *.bnnvara.nl *.linkedin.com *.leadfamly.com *.spotify.com *.hotjar.com *.bbvms.com *.readspeaker.com *.google.com *.facebook.com *.instagram.com https://twitter.com *.twitter.com *.addthis.com *.youtube.com; img-src 'self' 'unsafe-inline' data: blob: *.ytimg.com *.scribit.pro *.botcopy.com *.facebook.com *.vimeo.com https://kommunicate.s3.ap-south-1.amazonaws.com *.amazonaws.com https://s3.amazonaws.com http://*.hotjar.com https://*.hotjar.com *.typekit.net *.i-pulse.nl https://www.sportstad-utrecht.nl https://www.rotterdamsport.nl http://rotterdamsport.nl *.ip-studio.nl https://unieksportenwebapi.azurewebsites.net https://unieksportenwebapi-test.azurewebsites.net *.readspeaker.com *.blueconic.net *.twitter.com *.twimg.com *.google.nl *.googleapis.com *.google.com https://stats.g.doubleclick.net https://www.google-analytics.com *.facebook.com *.youtube.com https://i.ytimg.com https://cdn.i-pulse.nl *.unieksporten.nl https://www.readspeaker.com https://maps.googleapis.com https://maps.gstatic.com; font-src 'self' 'unsafe-inline' data: *.vimeo.com *.typekit.net https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.botcopy.com *.unieksporten.nl *.scribit.pro *.kommunicate.io *.ip-studio.nl *.blueconic.net https://platform.twitter.com https://cdn-test.unieksporten.nl https://cdn.unieksporten.nl *.ip-studio.nl *.googleapis.com *.readspeaker.com ; connect-src 'self' ws: cognito-identity.us-east-1.amazonaws.com *.scribit.pro *.googlesyndication.com *.cookiebot.com *.tiktok.com *.botcopy.com *.vimeo.com *.unieksporten.nl https://stats.g.doubleclick.net https://sentry.io wss://socket4.applozic.com *.applozic.com wss://socket.applozic.com/ws *.twitter.com *.readspeaker.com *.applozic.com *.kommunicate.io *.googleapis.com *.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* wss://*.hotjar.com *.ip-studio.nl https://fondsgehandicaptensport.blueconic.net *.facebook.com *.addthis.com https://www.google.com https://www.google-analytics.com *.google-analytics.com *.google.com 1
base-uri 'none';block-all-mixed-content;child-src 'none';connect-src 'self';default-src 'self';font-src 'self' fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src blob:;img-src 'self' data:;manifest-src 'none';media-src 'none';object-src 'none';script-src 'self' static.cloudflareinsights.com/beacon.min.js;style-src 'self' 'unsafe-inline' fonts.googleapis.com/css2;worker-src 'none';report-uri https://intersoft.report-uri.com/r/t/csp/enforce 1
default-src 'self'; connect-src 'self' https://forms-eu1.hsforms.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://region1.google-analytics.com https://consentcdn.cookiebot.com https://www.google.com/pagead/ https://www.google-analytics.com https://maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://omo.akamai.opta.net https://secure.widget.cloud.opta.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://js-eu1.hsforms.net https://static.hotjar.com https://script.hotjar.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.fussball.de https://www.google-analytics.com https://webinaris.co https://www.googletagmanager.com https://www.instagram.com  https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://secure.widget.cloud.opta.net; img-src 'self' https://secure.widget.cloud.opta.net https://forms.hsforms.com https://forms-eu1.hsforms.com https://www.googletagmanager.com https://www.google.com/ads/ https://www.google.de/ads/ https://play.google.com https://tools.applemediaservices.com data: https://secure.gravatar.com image/svg+xml https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com; font-src 'self' data: application/x-font-woff; media-src 'self'; frame-src https://forms-eu1.hsforms.com https://www.google.com https://www.youtube-nocookie.com https://www.fussball.de https://consentcdn.cookiebot.com https://www.instagram.com https://virtual.bundesliga.com 1
script-src http: https: https://www.petit-fernand.it/ 'unsafe-eval' *.adyen.com *.hipay.com 'unsafe-inline' mpsnare.iesnare.com *.adyen.com *.hipay.com; style-src 'self' blob: https: 'unsafe-inline' https://www.petit-fernand.it/; img-src data: http: https: blob:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src data: 'self' fonts.gstatic.com; frame-src *; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; font-src * 'self' data: https:; 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com 'self' data: *.cloudfront.net *.typekit.net *.wistia.com *.hotjar.com *.hotjar.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.soprema.ca 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * s7.addthis.com *.hotjar.com *.hotjar.io *.soprema.ca fast.wistia.com fast.wistia.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.gstatic.com *.googleapis.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.bynder.com *.cloudfront.net *.google.com *.google.fr *.google.ca *.googletagmanager.com *.g.doubleclick.net *.hotjar.com *.hotjar.io *.pardot.com *.linkedin.com *.facebook.com bat.bing.com *.soprema.ca *.wistia.com *.wistia.net embedwistia-a.akamaihd.net *.soprema.fr *.soprema.nl *.soprema.com *.soprema.be *.soprema.ch *.soprema.co.uk *.soprema.de *.soprema.at my.assets-library.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.google.com ucv.bynder.com bam.nr-data.net js-agent.newrelic.com z.moatads.com v1.addthisedge.com m.addthis.com *.hotjar.com *.hotjar.io *.googletagmanager.com *.pardot.com info.soprema.fr *.soprema.ca connect.facebook.net snap.licdn.com bat.bing.com *.wistia.com *.wistia.net src.litix.io 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com *.cloudfront.net cdn-images.mailchimp.com *.hotjar.com *.hotjar.io *.typekit.net fast.wistia.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.soprema.ca *.wistia.com *.wistia.net embedwistia-a.akamaihd.net blob: my.assets-library.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com *.cloudfront.net *.bynder.com bam-cell.nr-data.net m.addthis.com bam.nr-data.net *.googletagmanager.com *.g.doubleclick.net *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.pardot.com *.soprema.ca *.linkedin.com *.facebook.com bat.bing.com *.wistia.com *.litix.io embedwistia-a.akamaihd.net lotus.soprema.fr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; object-src 'none'; script-src 'report-sample' https://daynhauhoc.com/logs/ https://daynhauhoc.com/sidekiq/ https://daynhauhoc.com/mini-profiler-resources/ https://daynhauhoc.com/assets/ https://daynhauhoc.com/brotli_asset/ https://daynhauhoc.com/extra-locales/ https://daynhauhoc.com/highlight-js/ https://daynhauhoc.com/javascripts/ https://daynhauhoc.com/plugins/ https://daynhauhoc.com/theme-javascripts/ https://daynhauhoc.com/svg-sprite/ https://www.google-analytics.com/analytics.js https: 'unsafe-inline'; worker-src 'self' blob:; report-uri https://daynhauhoc.com/csp_reports 1
default-src 'self' https://*.clarity.ms c.bing.com; script-src 'self' https://u1.videostep.com https://static.r66net.com https://k.r66net.com https://www.googleadservices.com https://securepubads.g.doubleclick.net 'unsafe-inline' 'unsafe-eval' https://api.emea01.idio.episerver.net https://googleads.g.doubleclick.net s.emea01.idio.episerver.net https://www.vimeo.com https://vimeo.com snap.licdn.com https://connect.facebook.net https://*.facebook.com api.reciteme.com tagmanager.google.com www.googletagmanager.com www.google-analytics.com static.hotjar.com script.hotjar.com ajax.googleapis.com www.gstatic.com www.google.com dc.services.visualstudio.com cdn.cookielaw.org cdn-ukwest.onetrust.com dl.episerver.net az416426.vo.msecnd.net geolocation.onetrust.com clarity.microsoft.com microsoft.com https://*.clarity.ms c.bing.com ; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ api.reciteme.com fonts.googleapis.com tagmanager.google.com fonts.gstatic.com p.typekit.net use.typekit.net dl.episerver.net geolocation.onetrust.com; font-src 'self' dl.episerver.net api.reciteme.com fonts.googleapis.com fonts.gstatic.com use.typekit.net p.typekit.net script.hotjar.com; media-src 'self' api.reciteme.com reciteme.com; img-src 'self' https://s1.videostep.com https://ks1.b26net.com https://ks1.invibes.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://tpc.googlesyndication.com https://a.emea01.idio.episerver.net https://i.vimeocdn.com https://px.ads.linkedin.com *.google-analytics.com *.analytics.google.com c.bing.com www.google.co.uk www.google.com c.clarity.ms cdn-ukwest.onetrust.com dl.episerver.net www.facebook.com api.reciteme.com www.google-analytics.com r1-scaler.ddglib.com i.emlfiles.com data: script.hotjar.com cdn.cookielaw.org; frame-src 'self' https://td.doubleclick.net https://tpc.googlesyndication.com https://invibes.com api-gb.one.network manager.emea01.idio.episerver.net www.arcgis.com https://www.facebook.com https://web.facebook.com in.hotjar.com vc.hotjar.io vars.hotjar.com www.youtube.com www.google.com player.vimeo.com www.ssen.co.uk www.distribution.ssen.co.uk distribution.ssen.co.uk ssepd-sit portal-gb.one.network app.productplan.com ssen.maps.arcgis.com arcg.is eewa-ssen.est.org.uk; frame-ancestors 'self'; connect-src 'self' https://static1.r66net.com https://px.ads.linkedin.com https://www.google-analytics.com https://adservice.google.com https://pagead2.googlesyndication.com https://socialplugin.facebook.net https://cdn.linkedin.oribi.io *.google-analytics.com *.analytics.google.com https://connect.facebook.net https://*.facebook.com stats.g.doubleclick.net api.reciteme.com dc.services.visualstudio.com geolocation.onetrust.com www.google-analytics.com wss://*.hotjar.com https://*.hotjar.com cdn.cookielaw.org cdn-ukwest.onetrust.com sse-privacy.my.onetrust.com dl.episerver.net https://*.clarity.ms c.bing.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.google.com https://www.recaptcha.net https://hcaptcha.com https://*.hcaptcha.com https://platform.linkedin.com https://static.ads-twitter.com https://*.twitter.com https://*.olark.com https://connect.facebook.net https://fast.wistia.com https://fast.wistia.net https://*.pardot.com https://www.facebook.com https://www.google-analytics.com https://adinstruments.bamboohr.com https://www.gstatic.com https://app.wistia.com https://ajax.googleapis.com https://*.adinstruments.com https://cdn.ckeditor.com https://src.litix.io https://assets.adobedtm.com https://i.simpli.fi https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://geolocation.onetrust.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net http://localhost:1234 http://localhost:8083 https://www.adinstruments.com.br https://d2dc7c9u1llgu2.cloudfront.net https://d16ufn0chb6eey.cloudfront.net https://snap.licdn.com https://www.paypal.com https://cdn.jsdelivr.net/gh/davidjbradshaw/; style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com https://fast.fonts.net https://static.olark.com https://fast.wistia.com https://fast.wistia.net https://adinstruments.bamboohr.com https://cdn.adinstruments.com https://cdn.ckeditor.com https://optanon.blob.core.windows.net https://optimize.google.com https://d2dc7c9u1llgu2.cloudfront.net https://d16ufn0chb6eey.cloudfront.net; font-src 'self' data: https://static.olark.com https://themes.googleusercontent.com https://fonts.gstatic.com https://fast.fonts.net https://fast.wistia.com; img-src 'self' data: *; connect-src 'self' https://adservice.google.com https://analytics.google.com https://*.analytics.google.com https://*.doubleclick.net https://*.olark.com https://*.kuracloud.com https://*.wistia.com https://fast.wistia.net https://adinstruments.bamboohr.com https://embedwistia-a.akamaihd.net https://connect.facebook.net https://graph.facebook.com https://google-analytics.com https://*.litix.io https://*.google-analytics.com https://*.googletagmanager.com https://www.linkedin.com https://cdn.linkedin.oribi.io https://*.adinstruments.com https://webto.salesforce.com https://px.ads.linkedin.com http://localhost:8083 https://www.sandbox.paypal.com https://www.paypal.com https://cdn.cookielaw.org https://geolocation.onetrust.com; frame-src 'self' https://*.spotify.com https://e.issuu.com https://static.olark.com https://hcaptcha.com https://*.hcaptcha.com https://*.adinstruments.com https://static.olark.com https://*.salesforce.com https://fast.wistia.net https://fast.wistia.com https://platform.twitter.com https://*.facebook.com https://connect.facebook.net https://platform.linkedin.com https://*.google.com https://www.recaptcha.net https://www.gstatic.com https://go.pardot.com https://www.slideshare.net https://www.youtube.com https://www.youtube-nocookie.com https://syndication.twitter.com/ https://bid.g.doubleclick.net/ https://d2dc7c9u1llgu2.cloudfront.net https://d16ufn0chb6eey.cloudfront.net https://*.kuracloud.com/ https://www.sandbox.paypal.com https://www.paypal.com https://www.adinstruments.com.br/ https://www.adinstruments.co.jp/ https://sketchfab.com/; media-src 'self' data: blob: https://*.adinstruments.com https://static.olark.com https://embedwistia-a.akamaihd.net https://*.wistia.net https://*.wistia.com https://d2dc7c9u1llgu2.cloudfront.net https://d16ufn0chb6eey.cloudfront.net; object-src 'self' https://*.adinstruments.com https://embedwistia-a.akamaihd.net https://embed-ssl.wistia.com; frame-ancestors 'self' http://localhost:1234 https://*.adinstruments.com https://www.adinstruments.com.br https://www.adinstruments.co.jp; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com apis.google.com cdn.onesignal.com use.typekit.net cdn.cookiehub.eu eu2.snoobi.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net cdn.cookiehub.eu dash.cookiehub.com; font-src 'self' fonts.gstatic.com use.typekit.net; img-src 'self' data: analytics.fcgtalent.fi p.typekit.net i.ytimg.com dreambroker.com 1
your-content-security-policy-here 1
report-uri https://www.bram.us 1
default-src 'self' blob: data:; media-src 'self' blob: data:; script-src 'self' 'unsafe-inline' *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com airbnb.com *.airbnb.com; style-src 'self' 'unsafe-inline' data: *.loszona.com; img-src 'self' blob: data: *.glr.com:4040 *.glr.com:4041 *.fisioestetic.com *.loszona.com www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com airbnb.com *.airbnb.com; connect-src 'self' data: *.glr.com:4040 *.glr.com:4041 wss://*.glr.com:* wss://*.glrsales.com:*; manifest-src 'self'; worker-src 'self'; frame-src blob: data: www.google.com youtube.com *.youtube.com *.loszona.com *.facebook.com *.facebook.net *.twitter.com airbnb.com *.airbnb.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; media-src * blob:; 1
frame-src 'self' 'unsafe-inline' 'unsafe-eval' * blob: data: * ; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: app.netaffinity.io app.office.netaffinity.net app.demo.netaffinity.net app.uat.netaffinity.net *.ecodev.netaffinity.net *.staging.ecodev.netaffinity.net *.host.staging.ecodev.netaffinity.net *.adyen.com bat.bing.com maxcdn.bootstrapcdn.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com cdnjs.cloudflare.com cdn-a.cumul.io app.cumul.io pay.sandbox.datatrans.com pay.datatrans.com www.facebook.com connect.facebook.net forms.hsforms.com heapanalytics.com cdn.heapanalytics.com js.hsforms.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsleadflows.net api.hubspot.com app.hubspot.com track.hubspot.com forms.hubspot.com js.hubspotfeedback.com pay.google.com accounts.google.com tagmanager.google.com www.google.com www.googletagmanager.com *.google-analytics.com ajax.googleapis.com maps.googleapis.com www.googleapis.com fonts.googleapis.com fonts.gstatic.com maps.gstatic.com jsconsole.com sslgstatic.com www.gstatic.com code.jquery.com cdn.jsdelivr.net cdn.materialdesignicons.com www.netaffinity.com js.paymentsos.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com *.pusher.com secure.payu.com pi-test.sagepay.com core.spreedly.com js.stripe.com https://pay.realexpayments.com https://pay.sandbox.realexpayments.com api.userlane.com cdn.userlane.com imgcdn.userlane.com staticassets.userlane.com ekr.zdassets.com static.zdassets.com netaffinity.zendesk.com v2assets.zopim.io widget-mediator.zopim.com youtube.com www.youtube.com js.usemessages.com wss://ws.pusher.com wss://ws-eu.pusher.com wss://ws.pusherapp.com wss://ws-eu.pusherapp.com wss://widget-mediator.zopim.com ubpysjit.kclub.ie kit.fontawesome.com ka-p.fontawesome.com www.clarity.ms c.clarity.ms r.clarity.ms https://applepay.cdn-apple.com https://consent.cookiebot.com/ https://capig.stape.org/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://googleads.g.doubleclick.net https://region1.analytics.google.com https://www.google.ie https://pagead2.googlesyndication.com *.eu.stape.io https://app.userguest.com/ https://server-side-tagging-coprpnpvaq-uc.a.run.app 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.intellumlevel.com *.amazonaws.com *.googleapis.com *.google-analytics.com *.jquery.com *.googleusercontent.com *.githubusercontent.com *.snplow.net *.intellumanalytics.com *.userpilot.io ws://analytex.userpilot.io *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com bam.nr-data.net *.evolveauthoring.com *.feathery.io *.cloudfront.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.google.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com wss://websockets.intellum.com cdn.exceedlms.com img.en25.com assets.adobedtm.com; img-src * data: blob:; media-src * blob: mediastream:; frame-ancestors 'self' *.exceedlms.com *.intellumsocial.com *.tribesocial.com *.intellum.com *.youtube.com *.vhall.com *.youtube-nocookie.com *.embedly.com *.embed.ly vimeo.com *.vimeo.com livestream.com *.livestream.com *.brightcove.net *.facebook.com zoom.us *.zoom.us wss://*.zoom.us cdnjs.cloudflare.com *.newrelic.com *.userpilot.io ws://analytex.userpilot.io bam.nr-data.net *.evolveauthoring.com *.feathery.io *.cloudfront.net *.nest.com *.demandbase.com *.company-target.com *.zscaler.net *.widencdn.net *.ytimg.com *.tealiumiq.com *.atdmt.com *.tiqcdn.com *.facebook.net *.gstatic.com *.doubleclick.net *.googleadservices.com *.stripe.com *.googletagmanager.com *.googleplex.com *.aptrinsic.com img.en25.com assets.adobedtm.com; 1
frame-ancestors 'self' kiosk.managedway.com; 1
default-src 'unsafe-inline' 'unsafe-eval' data: *; font-src 'self' data: *; img-src 'self' data: *; 1
script-src 'self' 'strict-dynamic' 'nonce-Wn0ml3oU4OlhdhbLMrDa2w==' https://www.googletagmanager.com https://pagead2.googlesyndication.com 'unsafe-inline'; object-src 'none'; base-uri 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://spore.social; img-src 'self' https: data: blob: https://spore.social; style-src 'self' https://spore.social 'nonce-c8S5Q+j31Ruuut7eZ+J5ZA=='; media-src 'self' https: data: https://spore.social; frame-src 'self' https:; manifest-src 'self' https://spore.social; form-action 'self'; child-src 'self' blob: https://spore.social; worker-src 'self' blob: https://spore.social; connect-src 'self' data: blob: https://spore.social https://spore.social wss://spore.social; script-src 'self' https://spore.social 'wasm-unsafe-eval' 1
frame-ancestors 'self'; report-uri https://csp.spreadshirts.net/csp/enforce 1
default-src 'self'; connect-src 'self' https://www.mycertiphi.com https://*.verticalscreen.com; font-src 'self' https://fonts.gstatic.com; frame-src https://www.google.com https://sig.edpo.brussels; frame-ancestors 'self' https://*.mybig.net https://*.mybig.com https://*.mycertiphi.com https://*.mytruescreen.com; img-src 'self' data: https://www.gstatic.com https://www.mycertiphi.com; object-src 'self' https://sig.edpo.brussels; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.mycertiphi.com https://*.verticalscreen.com https://www.gstatic.com https://www.google.com https://sig.edpo.brussels; style-src 'self' https://www.mycertiphi.com 'unsafe-inline' 1
default-src * blob: data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-mzf3UtXbwYfnnKP3VEgtye3nTk0xcGXJLGjLmC4y7v4=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-L2Slc+hjgfPR0Q7PEHLXalHE5sLRtxFNIWREBDLnqVU=' 'sha256-HfnQNmJVmBeLeNyjla2aZlXUlQYKZqWl81TdBj5YxcM=' 'sha256-DC/xa4clqDG2m8xUL+0jWRNUk1Py6w2/90aDcF5n220=' 'sha256-2AfYz0WARuNiypO7Ti/gOzUUynrazrHlZWDm75zKnwA=' 'sha256-eDM06SboA/7JhtwlPW0fahLttVxSbkkCvx3cWVDwWOw=' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://cdn.cookielaw.org blob: *; style-src 'unsafe-inline' *;frame-src blob: *; img-src 'self' data: *; connect-src *; font-src data: *; media-src *; frame-ancestors https://author.bcw-global.com https://www.bcw-global.com; 1
frame-ancestors 'self' https://www3.eigendev.com/ https://staging.eigendev.com/ https://www.google.com/; 1
base-uri 'self'; connect-src 'self' https://iridiumbrowser.de; default-src 'none'; font-src 'self'; img-src 'self' data: https://iridiumbrowser.de; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self'; 1
default-src https: wss: 'unsafe-eval' 'unsafe-inline'; font-src https: data:; img-src https: data: 1
default-sec self 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://mfpembedcdnweu.azureedge.net/mfpembedcontweu/ http://maps.google.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; frame-src https://www.youtube.com/ https://customervoice.microsoft.com/ https://www.google.com/ 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com login.microsoftonline.com *.adform.net *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.google.cz www.googleadservices.com *.googlesyndication.com *.google.cz c.seznam.cz *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com maps.googleapis.com fonts.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com https://netdna.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com; frame-src * 'self'; worker-src * 'self'; frame-ancestors 'self'; upgrade-insecure-requests; sandbox allow-forms allow-same-origin allow-scripts allow-top-navigation allow-popups; report-uri https://moocat.report-uri.io/r/default/csp/enforce 1
style-src 'self' 'unsafe-inline' https://lptag.liveperson.net https://www.googletagmanager.com https://lpcdn.lpsnmedia.net https://fonts.googleapis.com 'report-sample'; default-src 'self'; script-src 'nonce-d/QVhfztPw3t+qq9jEaYN8EfktmI5+oNTrdBS0rGOAvvEbgXoyQvgIFMOs8wd3dV' 'self' 'report-sample'; script-src-elem 'self' 'nonce-d/QVhfztPw3t+qq9jEaYN8EfktmI5+oNTrdBS0rGOAvvEbgXoyQvgIFMOs8wd3dV' 'sha256-HRm8H7cOa9LHEbmBTT0FrAqkKp6XUSC2QqSxiUn/bgA=' 'sha256-wPcaQyDp92fJ69WEkzY6H4YGZ2AHAVwXDC40awgDCyI=' 'sha256-ifsaGaoEdPmi6N9GsRmx8PSolqSrGyvDtrWbimsg9Rc=' https://www.googletagmanager.com https://www.googleadservices.com googleadservices.com https://login.zscalerthree.net/ https://fonts.googleapis.com assets.adobedtm.com  https://assets.adobedtm.com https://sales.liveperson.net https://cdn.appdynamics.com https://pdx-col.eum-appdynamics.com https://www.linksentr.com https://connect.facebook.net flex.msn.com https://gateway.zscalerthree.net https://cse.google.com bat.bing.com https://lptag.liveperson.net d2oh4tlt9mrke9.cloudfront.net b-code.liadm.com https://www.google-analytics.com https://lpcdn.lpsnmedia.net https://va.v.liveperson.net https://accdn.lpsnmedia.net https://gateway.zscalertwo.net ; connect-src 'self' https://adservice.google.com googleadservices.com https://analytics.google.com https://col.eum-appdynamics.com https://www.google-analytics.com https://cdn.appdynamics.com https://pdx-col.eum-appdynamics.com https://rp.liadm.com https://upspringsmarket.com https://www.dwtrk.com https://convert.aqpyx.com https://www.lnkxfer8.com https://mediaforceltd.go2jump.org/ https://www.kritrk.com https://www.sjetrk.com flex.msn.com https://activping.com https://evestamarketing.go2cloud.org https://ctrackr.com/ https://www.pirolane.com clickserv.sitescout.com https://tracking.lifestylejournal.com https://www.insurescuretrk.com quotelab.com https://www.shmktpl.com https://www.facebook.com cxqfb.com https://secure.marketinghub.hp.com network.adsmarket.com https://www.mitwodotoh.com https://www.dianomi.com https://insuranceclicks.com tracking.admarketplace.net https://www.linksentr.com https://affiliate.gwmtracker.com https://ws.sessioncam.com p.liadm.com https://3952369.fls.doubleclick.net https://aigcom.tt.omtrdc.net https://trc.taboola.com d.adroll.com https://prformc.com https://10585389.fls.doubleclick.net https://login.dotomi.com https://stats.g.doubleclick.net ; img-src 'self' https://match.adsrvr.org https://px.ads.linkedin.com https://gateway.zscalertwo.net https://sync.outbrain.com https://www.googletagmanager.com https://adservice.google.com https://ad.doubleclick.net https://sp.analytics.yahoo.com https://www.google-analytics.com https://io.narrative.io https://image2.pubmatic.com https://beacon.krxd.net https://dpm.demdex.net https://sync.taboola.com https://api.datasteam.io clickserv.sitescout.com https://www.dwtrk.com https://evestamarketing.go2cloud.org https://seal-sandiego.bbb.org https://pippio.com https://stags.bluekai.com https://dsum-sec.casalemedia.com https://pixel.advertising.com https://pixel.rubiconproject.com https://ups.analytics.yahoo.com https://va.v.liveperson.net https://api.dtstmio.com https://pixel.adsafeprotected.com https://us-u.openx.net https://x.bidswitch.net https://x.bidswitch.net https://i.pretected.com https://cm.g.doubleclick.net https://idsync.rlcdn.com https://www.nextinsure.com https://ib.adnxs.com tracking.admarketplace.net https://login.dotomi.com network.adsmarket.com https://secure.marketinghub.hp.com https://insuranceclicks.com https://www.dianomi.com cxqfb.com https://www.linksentr.com https://trc.taboola.com  https://www.shmktpl.com p.liadm.com https://data.dianomi.com d.adroll.com https://d.adroll.com cebwa.d2.sc.omtrdc.net https://cebwa.d2.sc.omtrdc.net/ https://login.dotomi.com https://googleads.g.doubleclick.net https://aa.agkn.com https://gateway.zscalerthree.net trc.taboola.com apis.murdoog.com https://bat.bing.com privacy-policy.truste.com https://rp.liadm.com https://www.google.com https://www.facebook.com https://lpcdn.lpsnmedia.net/ 'report-sample'; object-src 'none'; report-to 'none'; form-action 'self' https://giwlb2c.uat.aigdirect.com https://giwlb2c.sit.aigdirect.net https://diy.sit.aigdirect.net https://diy.uat.aigdirect.com https://aigd.uat.aigdirect.com https://www-158.aig.com https://www-402.aigdirect.com; frame-src 'self' https://td.doubleclick.net/ https://gateway.zscalerthree.net/ https://login.zscalerthree.net/ https://va-e.c.liveperson.net/ https://lpcdn.lpsnmedia.net https://www.quotelab.com https://www.quotelab.com https://d1eoo1tco6rr5e.cloudfront.net https://www.2565trk.com https://www.lnkxfer8.com https://convert.aqpyx.com https://mediaforceltd.go2jump.org/ https://www.kritrk.com https://ctrackr.com  flex.msn.com https://activping.com https://www.sjetrk.com https://www.pirolane.com https://upspringsmarket.com https://insight.adsrvr.org https://cxqfb.com https://www.insurescuretrk.com https://affiliate.gwmtracker.com https://bid.g.doubleclick.net quotelab.com https://www.mitwodotoh.com https://tracking.lifestylejournal.com https://10585389.fls.doubleclick.net https://3952369.fls.doubleclick.net https://prformc.com https://4279533.fls.doubleclick.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://yastatic.net https://api-maps.yandex.ru https://*.yandex.ru https://*.google.ru https://*.google.com https://*.disquscdn.com https://*.disqus.com https://*.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self' https://yandex.ru https://*.yandex.ru; child-src https://*.yandex.ru https://yastatic.net https://cse.google.com https://api-maps.yandex.ru https://yoomoney.ru https://disqus.com https://funding.webmoney.ru https://www.youtube.com https://st.yandexadexchange.net; form-action 'self' subscribe.ru;  1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' data: staticcdn.co.nz www.youtube.com www.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com;connect-src 'self' www.google-analytics.com;img-src 'self' data: shielded.co.nz i.ytimg.com www.google-analytics.com;style-src 'self' 'unsafe-inline' fast.fonts.net;font-src 'self' data:;frame-src 'self' www.youtube.com www.google.com data.gns.cri.nz geonet.org.nz gns-science.github.io dev-app.gns.cri.nz gis.gns.cri.nz;manifest-src 'self';media-src 'self';frame-ancestors 'self';form-action 'self'; 1
frame-src 'self' https://www.ubivent.com https://ubivent.com https://meetyoo.live https://forms.hsforms.com/; object-src 'none'; frame-ancestors 'self' https://www.ubivent.com https://ubivent.com https://meetyoo.live https://forms.hsforms.com/; report-uri https://www.meetyoo.com/en/report-uri/enforce 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-v8lISBj5jqYdzNakV8k66q9Yo' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; object-src *; style-src * 'self' 'unsafe-inline'; img-src * 'self' data: https:;; media-src *; frame-src *; frame-ancestors 'self'; child-src * blob:; font-src * 'self' data: https:;; connect-src *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://npmcdn.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.cloudfront.net https://assets-global.website-files.com https://accounts.google.com https://appleid.cdn-apple.com https://www.gstatic.com https://www.redditstatic.com https://www.google.com https://static.ads-twitter.com https://*.srv.stackadapt.com https://qvdt3feo.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.bing.com https://*.googletagmanager.com https://*.yahoo.com https://*.yahoodns.net https://*.yimg.com sp.analytics.yahoo.com s.yimg.com https://fonts.gstatic.com https://www.google.com.hk https://www.google.com.au https://s.yimg.com https://www.buzzsprout.com https://www.googleoptimize.com https://*.outbrain.com https://websdk.appsflyer.com https://calendly.com https://www.googleadservices.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://www.youtube.com https://s.ytimg.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://static.zdassets.com https://assets.calendly.com https://ekr.zdassets.com https://syfe.zendesk.com wss://syfe.zendesk.com wss://*.zopim.com https://stats.g.doubleclick.net https://connect.facebook.net https://fast.wistia.com https://optimize.google.com https://sjs.bizographics.com https://px.ads.linkedin.com https://tagmanager.google.com https://snap.licdn.com https://amplify.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://www.datadoghq-browser-agent.com https://rum-http-intake.logs.datadoghq.eu https://api.smooch.io; img-src 'self' data: https://cdnjs.cloudflare.com https://assets.website-files.com https://*.cloudfront.net https://assets-global.website-files.com https://stable-production-v1-user-documents-bucket.s3.ap-southeast-1.amazonaws.com https://stable-production-v1-user-documents-bucket.s3.us-west-2.amazonaws.com https://*.twitter.com https://*.reddit.com https://*.bing.com https://*.googleusercontent.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.yahoo.com https://*.yahoodns.net https://*.yimg.com sp.analytics.yahoo.com s.yimg.com https://www.google.com.hk https://www.google.com.au https://badge.seedly.sg https://www.google.com https://optimize.google.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://stable-production-v1-public-assets.s3.ap-southeast-1.amazonaws.com/ https://insights.hotjar.com http://static.hotjar.com https://static.hotjar.com https://ekr.zdassets.com https://syfe.zendesk.com https://v2assets.zopim.io https://static.zdassets.com https://www.facebook.com https://embedwistia-a.akamaihd.net https://fast.wistia.com https://www.google.com https://www.google.com.sg https://www.google.co.in https://ssl.gstatic.com https://www.gstatic.com https://px.ads.linkedin.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://p.adsymptotic.com https://www.dianomi.com https://cds.taboola.com https://api.smooch.io https://accounts.zendesk.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://assets-global.website-files.com https://accounts.google.com https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://calendly.com https://*.srv.stackadapt.com; font-src 'self' data: https://cdnjs.cloudflare.com https://assets.website-files.com https://assets-global.website-files.com https://fonts.googleapis.com https://fonts.gstatic.com https://js.intercomcdn.com http://static.hotjar.com https://static.hotjar.com; child-src 'self' blob: https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://vars.hotjar.com https://fast.wistia.net; media-src 'self' data: blob: https://stable-production-v1-www-persistent-assets-bucket.s3.ap-southeast-1.amazonaws.com https://js.intercomcdn.com https://static.zdassets.com https://embedwistia-a.akamaihd.net https://stable-production-v1-public-assets.s3.ap-southeast-1.amazonaws.com/; object-src 'self' blob:; connect-src 'self' data: *; frame-src 'self' https://accounts.google.com https://www.google.com/ https://open.spotify.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.yahoo.com https://*.yahoodns.net https://*.yimg.com sp.analytics.yahoo.com s.yimg.com https://www.buzzsprout.com https://optimize.google.com https://fast.wistia.com/ https://www.youtube.com/ https://vars.hotjar.com https://www.facebook.com/ https://calendly.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.consensu.org *.google.com *.google-analytics.com *.pagespeed-mod.com *.etracker.com *.etracker.de *.googletagmanager.com *.eloomi.com *.signalize.com 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' www.gstatic.com www.googletagmanager.com www.google.com unpkg.com www.google-analytics.com; script-src-elem 'self' 'unsafe-inline' www.gstatic.com www.googletagmanager.com www.google.com unpkg.com www.google-analytics.com; style-src 'self' 'unsafe-inline'; connect-src 'self' www.google-analytics.com region1.google-analytics.com; img-src 'self' www.google-analytics.com i.ytimg.com data:; base-uri 'self'; form-action 'self'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; frame-src 'self' www.youtube.com www.google.com www.youtube-nocookie.com; frame-ancestors 'self' 1
object-src 'self'; connect-src *; default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: mailto: tel: https://*.specialprograms.powerschool.com https://*.auroraedtech.com https://support.powerschool.com https://cdn.rawgit.com http://fonts.googleapis.com https://auroraedtech.com http://yui.yahooapis.com https://maxcdn.bootstrapcdn.com https://assets.powerschool.com https://*.googleapis.com https://code.jquery.com https://cdnjs.cloudflare.com https://*.gstatic.com/ https://*.accelaschool.com https://web-sdk-us2.aptrinsic.com https://gp.powerschool.com/ https://*.specialeducation.powerschool.com 1
default-src 'none'; connect-src * 'self'; font-src * 'self'; frame-src * 'self'; img-src * 'self' data:; manifest-src * 'self'; object-src * 'self'; prefetch-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; media-src * 'self'; form-action * 'self'; worker-src 'self' 1
default-src 'self'; script-src 'self' 'sha256-dK06Ziaa0EW7eznMaLyuarFhVcusz+7eBUuwXo3gWD8=' https://js.stripe.com/v3 https://js.stripe.com/v3/ https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com/gtag/js *.cloudflareinsights.com; style-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.pushshift.io https://elastic.pushshift.io https://oauth.reddit.com https://ored.reveddit.com https://cred2.reveddit.com https://api.reveddit.com https://www.reddit.com https://removeddit.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com cloudflareinsights.com; font-src 'self'; frame-src 'self' https://js.stripe.com https://www.youtube-nocookie.com/; img-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://pbs.twimg.com data: https:; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors 'self' cms.golfadvisor.com cms.golfpass.com  *.golfpass.com *.golfgenius.com golfgenius.com  ggstest.com ggstest2.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://dl.episerver.net/ https://js-agent.newrelic.com https://bam.nr-data.net https://ssl.google-analytics.com https://seal-alaskaoregonwesternwashington.bbb.org https://az416426.vo.msecnd.net/scripts/a/ai.0.js  https://cdn.cookielaw.org 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';  script-src * data: blob: 'unsafe-inline' 'unsafe-eval';  connect-src * data: blob: 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src * data: blob: ;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob: ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://snap.licdn.com https://px.ads.linkedin.com https://*.twitter.com https://code.jquery.com https://*.google.com http://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://connect.facebook.net https://static.ads-twitter.com https://*.meetami.ai http://*.meetami.ai https://*.liveperson.net https://*.liveperson.com https://*.lpsnmedia.net https://*.liveengage.net https://*.liveengage.com https://*.liveper.sn http://ajax.googleapis.com wss://chat.meetami.ai; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://code.jquery.com https://*.googleapis.com https://*.google.com https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai; frame-src 'self' https://www.youtube.com http://player.vimeo.com https://player.vimeo.com https://www.facebook.com https://*.lpsnmedia.net https://*.liveperson.net https://*.meetami.ai http://*.meetami.ai; font-src 'self' https://fonts.gstatic.com https://*.meetami.ai http://*.meetami.ai; img-src 'self' data: https://www.teacherspensions.co.uk https://i.vimeocdn.com https://img.youtube.com https://www.linkedin.com https://snap.licdn.com https://px.ads.linkedin.com https://*.google.com http://*.google-analytics.com https://stats.g.doubleclick.net https://secure.adnxs.com https://connect.facebook.net https://t.co https://*.facebook.com https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai https://s3-eu-west-1.amazonaws.com; connect-src 'self' https://px.ads.linkedin.com/ https://*.google-analytics.com https://*.meetami.ai http://*.meetami.ai wss://chat.meetami.ai wss://*.liveperson.net https://cdn.linkedin.oribi.io; media-src 'self' https://*.lpsnmedia.net https://*.meetami.ai http://*.meetami.ai; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.internetservicesgroup.com https://www.dynamickeynotespeakers.com https://www.jasonrevers.com https://www.lifeandbusinesssuccess.us https://www.caldwellscreations.com 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' nonce cdn.mdmgames.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdn.mdmgames.com https://use.fontawesome.com/; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' *.tawk.to *.stripe.com *.google-analytics.com wss://*.tawk.to 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.accenture.com *.arthis.it *.accenturehrservices.it;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.accenturehrservices.it *.accenture.com *.arthis.it www.googletagmanager.com *.google-analytics.com https://code.jquery.com *.ferrero.com remote.captcha.com *.tiny.cloud https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com ajax.googleapis.com cdn.datatables.net *.datadoghq-browser-agent.com;img-src 'self' *.accenture.com *.arthis.it *.accenturehrservices.it *.tiny.cloud sp.tinymce.com *.fondogommaplastica.it https://fondofonte.it https://fondopegaso.it https://fondoposte.it https://fonchim.it https://www.fondimatica.it *.ferrero.com data:;connect-src 'self' *.accenture.com *.arthis.it *.accenturehrservices.it *.google-analytics.com *.ferrero.com https://rum.browser-intake-datadoghq.com *.datadoghq.com data:;block-all-mixed-content;upgrade-insecure-requests;font-src 'self' *.accenture.com *.arthis.it *.ferrero.com use.fontawesome.com cdnjs.cloudflare.com *.gstatic.com *.tiny.cloud https://fonts.googleapis.com data:;style-src 'self' 'unsafe-inline' *.accenture.com *.arthis.it *.ferrero.com use.fontawesome.com *.gstatic.com *.tinymce.com *.tiny.cloud webstation3.h3g.it https://fonts.googleapis.com cdnjs.cloudflare.com www.fondimatica.it cdn.datatables.net stackpath.bootstrapcdn.com;frame-src 'self' https://*.microsoftonline.com https://*.accenture.com  lucystarter: 1
frame-ancestors 'self'; default-src 'self' www.bossedm.com 'unsafe-inline' 'unsafe-eval' blob: data: ; 1
default-src 'self' *.tc.edu *.tc.columbia.edu; font-src *; frame-ancestors 'self' *.tc.edu *.tc.columbia.edu; frame-src *; img-src * data: blob:; connect-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; media-src *; object-src 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-k8Ga/gZFzNN0n5tIBY2wXBWcSprHxJx1m1VblOZGFi17dtPK' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
<options and value> 1
default-src 'self' 'unsafe-inline' analytics.google.com www.google.com use.typekit.net stats.g.doubleclick.net www.google.com.pr www.google-analytics.com maps.googleapis.com www.facebook.com fonts.googleapis.com www.gstatic.com fonts.gstatic.com pixel.sitescout.com bid.g.doubleclick.net 10266195.fls.doubleclick.net images.supermaxonline.com www.supermaxonline.com data: ; script-src 'self' cdnjs.cloudflare.com www.gstatic.com fonts.gstatic.com www.facebook.com www.googletagmanager.com fonts.googleapis.com oss.maxcdn.com googleads.g.doubleclick.net connect.facebook.net www.googleadservices.com *.supermaxonline.com *.google-analytics.com stats.g.doubleclick.net www.google.com www.google-analytics.com 127.0.0.1 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' blob: data: *.pinterest.com *.yimg.com *.google.co.uk *.azurewebsites.net *.visualstudio.com *.mixpanel.com *.mapbox.com *.gstatic.com *.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.workspace.co.uk *.googletagmanager.com *.google-analytics.com *.windows.net *.facebook.com *.doubleclick.net *.googleapis.com *.wisepops.com *.responsetap.com *.clarity.ms; script-src 'nonce-mhGH3AeQiEr/SNmNh/r04Wbo3A5wya6EGSxJw4whC3E=' 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' 'sha256-ULns2wWXHsSEMweNX0DJ2uNnaVOkniF56eVSEFbYHVs=' *.cookiebot.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net *.pinterest.com *.googleoptimize.com *.instagram.com *.twitter.com *.jquery.com *.responsetap.com *.msecnd.net *.report-uri.com *.mapbox.com *.google.com *.hotjar.com *.workspace.co.uk *.google-analytics.com *.googletagmanager.com *.googleapis.com *.typeform.com blob:; style-src 'self' 'unsafe-inline' *.google.com *.mapbox.com cloud.typography.com *.workspace.co.uk *.googleapis.com *.wisepops.com *.typeform.com; media-src 'self' *.vimeo.com *.akamaized.net;  img-src 'self' *.pinterest.com content.workspace.co.uk *.yahoo.com *.thisisdax.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net *.facebook.com *.linkedin.com *.bing.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.google.fr *.gstatic.com *.blob.core.windows.net *.wisepops.com *.quantserve.com *.doubleclick.net blob: data: *.clarity.ms *.clearbitjs.com dev.visualwebsiteoptimizer.com *.teads.tv *.cookiebot.com; frame-src 'self' *.pinterest.com consentcdn.cookiebot.com *.cloudonlinerecruitment.co.uk tourmkr.com *.azurewebsites.net *.youtube.com *.instagram.com *.twitter.com roundme.com *.workspace.co.uk *.hotjar.com *.google.com *.facebook.com *.doubleclick.net *.vimeo.com *.investis.com *.pinterest.co.uk form.typeform.com *.teads.tv; connect-src 'self' *.analytics.google.com *.hotjar.com *.hotjar.io wss://wsp21.hotjar.com capi.workspace.co.uk account.workspace.co.uk bat.bing.com stats.g.doubleclick.net *.hotjar.com wss://ws21.hotjar.com wss://ws.hotjar.com *.googlesyndication.com events.mapbox.com www.google-analytics.com google-analytics.com maps.googleapis.com api.mapbox.com ct.pinterest.com metrics.responsetap.com in.hotjar.com s.yimg.com dc.services.visualstudio.com region1.google-analytics.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net cdn.linkedin.oribi.io capigateway.journeyfurther.com *.google.com *.g.doubleclick.net consentcdn.cookiebot.com *.infinity-tracking.com *.teads.tv ict.infinity-tracking.net *.linkedin.com *.typeform.com; report-uri https://workspace.report-uri.com/r/d/csp/wizard 1
default-src 'self' *.googletagmanager.com cdn.bma.bm *.vimeo.com; script-src 'self' www.google.com/recaptcha/api.js *.googletagmanager.com ckeditor.iframe.ly maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.bma.bm theweather.com *.gstatic.com static.addtoany.com *.vimeo.com *.vimeocdn.com *.nr-data.net code.jquery.com 'nonce-5J7u987qjYp25XVh29388B2P8q8Jc445RyFR' 'sha256-qEftYzJkik6f2adAHjEOE/NwtbFFj8BA7z+5iOM/ivk='; style-src 'self' 'unsafe-inline' cdn.bma.bm maxcdn.bootstrapcdn.com fonts.gstatic.com cdnjs.cloudflare.com fonts.googleapis.com *.vimeocdn.com *.gstatic.com; img-src * data: cdn.bma.bm www.googletagmanager.com *.gstatic.com static.addtoany.com; font-src data: 'self' fonts.gstatic.com fonts.google.com cdn.bma.bm; connect-src 'self' *.vimeo.com cdn.bma.bm static.addtoany.com google-analytics.com; media-src 'self' cdn.bma.bm; object-src 'self'; child-src 'self' www.youtube.com *.vimeo.com *.vimeocdn.com; frame-src 'self' cdn.bma.bm *.youtube.com *.vimeo.com cw.na1.hgncloud.com jobs.jobvite.com *.jobvite.com www.google.com free.timeanddate.com static.addtoany.com *.theweather.com; frame-ancestors 'self' cdn.bma.bm *.youtube.com *.vimeo.com cw.na1.hgncloud.com *.jobvite.com; base-uri 'self' 1
default-src 'self' 'unsafe-inline'; script-src 'self' https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Na1eWuJ0caE/mw9E3Isonx65FHmmCN3V/czHXdjJnCpaclnH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://my.yoast.com/ http://2.gravatar.com/ https://secure.gravatar.com/ https://www.gstatic.com/recaptcha/  https://www.google.com/recaptcha/ http://player.podigee-cdn.net/ https://images.podigee-cdn.net/ https://www.youtube.com http://htgfzukunftsready.podigee.io/ https://doo.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://cdn-images.mailchimp.com/ https://s3.amazonaws.com/ https://ps.w.org/ https://ninjaforms.com/ https://polylang.pro https://www.joomunited.com/ https://s.w.org/  https://www.google-analytics.com/ https://region1.google-analytics.com/ https://stats.g.doubleclick.net https://high-tech-gruenderfonds.us15.list-manage.com https://mktdplp102cdn.azureedge.net/ https://www.htgf.de/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://assets-eur.mkt.dynamics.com/ https://public-eur.mkt.dynamics.com/ https://staging.gen2.ai/; frame-src data: https://023d7d2e18c445ce9f2da52644fb67b0.svc.dynamics.com/ https://www.gstatic.com/recaptcha/  https://www.google.com/recaptcha/ http://player.podigee-cdn.net/ https://images.podigee-cdn.net/ https://www.youtube.com http://htgfzukunftsready.podigee.io/ https://doo.net/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://cdn-images.mailchimp.com/ https://www.htgf.de/ https://cxppusa1formui01cdnsa01-endpoint.azureedge.net https://assets-eur.mkt.dynamics.com/ https://public-eur.mkt.dynamics.com/ https://staging.gen2.ai/; 1
frame-ancestors 'self' http://www.kwalitywalls.in unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' sonix.ai js.hscollectedforms.net js.hs-banner.com js.hs-analytics.net *.cloudfront.net js.hs-scripts.com o26255.ingest.sentry.io online.flippingbook.com fast.fonts.net siteimproveanalytics.com www.googletagmanager.com googleads.g.doubleclick.net www.googleadservices.com cdnjs.cloudflare.com www.google-analytics.com consent.trustarc.com kit.fontawesome.com acsbapp.com blob:; style-src 'self'  'unsafe-inline' *.cloudfront.net sonix.ai cdn-images.mailchimp.com cdn-images.mailchimp.com cdnjs.cloudflare.com fonts.googleapis.com consent.trustarc.com fast.fonts.net ka-p.fontawesome.com; img-src 'self' *.flippingbook.com *.siteimproveanalytics.io consent.trustarc.com www.google.com www.tenrec.com www.google-analytics.com forms.hsforms.com *.hubspot.com consent.truste.com data:; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com consent.trustarc.com ka-p.fontawesome.com fast.fonts.net; 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; report-uri https://www.leatherworkinggroup.com/?eID=error 1
default-src 'self'; img-src * data:; font-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api.github.com 1
frame-ancestors 'none'; default-src *; script-src 'self' 'unsafe-eval' *.sentry.io *.googletagmanager.com *.google-analytics.com *.stripe.com *.calendly.com *.trengo.eu *.stripe.network *.userguiding.com *.fullstory.com *.hotjar.com; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; 1
default-src 'self' rual-ws.heyl.nl www.heyl.nl htttps://*.analytics.google.com https://connect.facebook.net; script-src 'self' 'nonce-f7B4PoB+ZMoNmiZBw6vUERunF9M=' 'unsafe-inline' rual-ws.heyl.nl www.heyl.nl https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://googleapis.com https://www.googletagmanager.com https://*.hotjar.com https://erp.heyl.nl https://*.analytics.google.com https://connect.facebook.net https://*.pinimg.com https://unpkg.com https://*.doubleclick.net https://*.googlesyndication.com https://cdn.jsdelivr.net https://*.pinterest.com https://www.gstatic.com; connect-src 'self' www.heyl.nl wss://rual-ws.heyl.nl https://google.com https://www.google.com https://www.google-analytics.com https://region1.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net  https://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com https://*.analytics.google.com https://connect.facebook.net https://*.pinimg.com https://*.pinterest.com/ https://*.facebook.com https://*.doubleclick.net https://*.googlesyndication.com https://www.gstatic.com; img-src http: data: https: blob: https://erp.heyl.nl; style-src 'self' https: 'unsafe-inline'; child-src 'self' rual-ws.heyl.nl www.heyl.nl https://www.youtube.com https://*.hotjar.com  https://*.hotjar.com ws://*.hotjar.com wss://*.hotjar.com https://*.pinimg.com https://*.pinterest.com/ https://*.doubleclick.net https://*.googlesyndication.com blob:; font-src 'self' https: data: 'nonce-f7B4PoB+ZMoNmiZBw6vUERunF9M='  https://db.onlinewebfonts.com https://fonts.gstatic.com; 1
default-src 'none'; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'nonce-fe60f1e896bcaee9759dbb751c2a493a' 'unsafe-eval' 'strict-dynamic' https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.google.com  https://td.doubleclick.net *.google.com; font-src 'self' https://use.fontawesome.com https://fonts.gstatic.com https://fonts.googleapis.com; connect-src 'self' https://consentcdn.cookiebot.com *.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:;  img-src 'self' https: data: blob:; frame-ancestors 'self'; object-src 'none'; base-uri 'self';form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.taskrabbit.com acdn.adnxs.com ib.adnxs.com secure.adnxs.com *.bing.com *.doubleclick.net googleads.g.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.pt *.pinterest.com s.pinimg.com api.pinpiaa.com *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/ maps.googleapis.com fonts.googleapis.com www.googleapis.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com d.lemonpi.io *.oney.io sondagemikea.wntech.com; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.newkadia.com *.googleapis.com *.fontawesome.com *.imagesnk.com *.googletagmanager.com *.google.com *.amazonaws.com *.googleadservices.com *.youtube.com *.facebook.net *.pingdom.net *.attn.tv *.ywxi.net *.cloudfront.net *.go.do *.doubleclick.net *.providesupport.com *.attentivemobile.com *.googleanalytics.com *.facebook.com *.google-analytics.com *.jsdelivr.net *.qrserver.com *.cloudflare.com *.paypal.com *.paypalobjects.com *.braintreegateway.com *.covernk.com ipapi.co; 1
default-src https:; worker-src blob:; font-src https: data:; img-src https: blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; 1
default-src *; font-src * data:;img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src * blob: data:; object-src * data:; 1
default-src 'self';connect-src 'self' www.google-analytics.com *.linkedin.com *.licdn.com www.googleadservices.com www.google.com *.facebook.com connect.facebook.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;font-src 'self' fonts.gstatic.com data:;frame-src 'self' www.linkedin.com *.doubleclick.net *.facebook.com connect.facebook.net;img-src 'self' blob: data: www.google.ch www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google-analytics.com *.linkedin.com *.licdn.com p.adsymptotic.com googleads.g.doubleclick.net www.google.com *.facebook.com *.facebook.net *.fbcdn.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com;manifest-src 'self';script-src 'self' 'nonce-3VObFMLneUxE3jpu' 'strict-dynamic' tagmanager.google.com www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com www.googleadservices.com www.google.com googleads.g.doubleclick.net https://connect.facebook.net https://graph.facebook.com https://js.facebook.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com fonts.googleapis.com *.licdn.com;worker-src 'self';media-src 'self' media.licdn.com;child-src 'self' *.facebook.com connect.facebook.net;object-src 'none';base-uri 'none';form-action 'self' *.facebook.com connect.facebook.net;frame-ancestors 'self' https://*.tkb.ch;sandbox allow-same-origin allow-scripts allow-forms allow-downloads allow-popups allow-modals allow-popups-to-escape-sandbox; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://*.pardot.com https://*.liadm.com https://*.bing.com https://*.anura.io https://*.doubleclick.net https://*.surveymonkey.com https://service.force.com https://www.atmrum.net https://www.clarity.ms https://www.google.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com https://gateway.on24.com https://*.optionseducation.org https://*.theocc.com static.cloudflareinsights.com ajax.cloudflare.com *.salesforce.com https://*.my.salesforce.com https://theocc-oic.my.salesforce.com https://*.my.salesforce-sites.com https://oic.secure.force.com https://static.lightning.force.com;object-src 'none';style-src 'self' 'unsafe-inline' hello.myfonts.net service.force.com *.salesforce.com https://*.my.salesforce.com https://*.my.salesforce-sites.com https://oic.secure.force.com https://static.lightning.force.com;img-src 'self' data: *.doubleclick.net *.bing.com *.clarity.ms *.windows.net *.ytimg.com *.google.com www.dianomi.com www.facebook.com www.google-analytics.com www.google.com www.googletagmanager.com *.optionseducation.org *.theocc.com *.pardot.com *.salesforce.com https://*.my.salesforce.com https://*.my.salesforce-sites.com https://oic.secure.force.com https://static.lightning.force.com;media-src 'self' data: *.optionseducation.org *.theocc.com *.salesforce.com https://*.my.salesforce.com https://oic.secure.force.com https://static.lightning.force.com;frame-src 'self' *.doubleclick.net *.ivolatility.com https://www.youtube.com https://service.force.com https://gateway.on24.com https://www.googletagmanager.com https://go.pardot.com *.optionseducation.org *.theocc.com *.pardot.com *.salesforce.com https://*.my.salesforce.com https://*.my.salesforce-sites.com https://oic.secure.force.com https://static.lightning.force.com;font-src 'self' data: fonts.gstatic.com *.optionseducation.org *.theocc.com *.salesforce.com https://*.my.salesforce.com https://*.my.salesforce-sites.com https://oic.secure.force.com https://static.lightning.force.com;connect-src 'self' *.footprintdns.com *.google.com *.clarity.ms *.bing.com *.liadm.com *.doubleclick.net *.ivolatility.com google.com www.atmrum.net www.google-analytics.com *.optionseducation.org *.theocc.com cloudflareinsights.com *.pardot.com https://theocc-oic.my.salesforce.com *.salesforce.com https://*.my.salesforce.com https://*.my.salesforce-sites.com https://oic.secure.force.com https://static.lightning.force.com;base-uri 'self';form-action 'self' https://learn.theocc.com https://*.absorb.com https://*.pardot.com *.salesforce.com https://*.my.salesforce.com https://*.my.salesforce-sites.com https://oic.secure.force.com https://static.lightning.force.com;manifest-src 'self';worker-src 'none';upgrade-insecure-requests;block-all-mixed-content 1
frame-ancestors 'self' *.myshopify.com admin.shopify.com 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.clickagy.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com sentry.io stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org data: themes.googleusercontent.com wrss.b-cdn.net; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org sumo.com sumome.com; img-src 'self' *.amazonaws.com *.bbb.org *.clickagy.com *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io data: extended-validation-ssl.thawte.com media.sumome.com seal.thawte.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com wrss.b-cdn.net; manifest-src wrss.b-cdn.net www.wideners.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.bbb.org *.clickagy.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: browser.sentry-cdn.com cdn.ravenjs.com code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 seal.thawte.com stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com wrss.b-cdn.net; style-src 'self' 'unsafe-inline' *.bbb.org *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org sload.sumo.com sumo.b-cdn.net wrss.b-cdn.net 1
frame-ancestors 'self' https://www.colgatedentaleducatorsnetwork.com https://www.colgateoralhealthnetwork.com; 1
frame-ancestors 'self' https://*.smarterqueue.com 1
default-src 'self';  script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net unpkg.com *.googletagmanager.com *.fontawesome.com *.googleapis.com *.cloudflare.com *.bugherd.com analytics.imirwin.com *.static.hotjar.com static.hotjar.com www.google-analytics.com www.google.com www.gstatic.com consent.cookiebot.com consentcdn.cookiebot.com  https://googleads.g.doubleclick.net  snap.licdn.com static.ads-twitter.com www.google.com https://googletagmanager.com https://tagmanager.google.com;  style-src 'report-sample' 'self' 'unsafe-inline' *.typekit.net unpkg.com *.fontawesome.com *.googleapis.com cdnjs.cloudflare.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com;  object-src 'none';  base-uri 'self';  connect-src 'self' *.fontawesome.com https://analytics.google.com/* https://analytics.google.com/g/collect https://sidebar.bugherd.com/binoculars https://region1.analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.imirwin.com https://sessions.bugsnag.com wss://ws-mt1.pusher.com analytics.google.com google.com/pagead/*  px.ads.linkedin.com;  font-src 'self' *.fontawesome.com *.typekit.net *.gstatic.com data:;  frame-src 'self' blob: www.slideshare.net https://api.stockdio.com/ https://sidebar.bugherd.com consentcdn.cookiebot.com td.doubleclick.net https://www.google.com https://www.youtube.com/ https://www.creativereturn.ca/ https://player.vimeo.com/ https://www.kitco.com/consentcdn.cookiebot.com;  img-src 'self' https://s.w.org https://www.google.nl google.com www.google.com www.google.ca px4.ads.linkedin.com https://www.google.ca/ads/ga-audiences https://imgsct.cookiebot.com t.co analytics.twitter.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://d2iiunr5ws5ch1.cloudfront.net  px.ads.linkedin.com data:;  manifest-src 'self';  media-src 'self';  report-uri https://63fcef7d3e361dd413cfe988.endpoint.csper.io;  worker-src 'none'; 1
default-src 'self'; frame-src 'self' https://x.adroll.com https://td.doubleclick.net https://match.adsrvr.org https://insight.adsrvr.org https://ads.kwanzoo.com https://www.facebook.com https://html5-player.libsyn.com https://d.adroll.com https://s.adroll.com https://255-ekd-002.mktoresp.com https://va.tawk.to https://bid.g.doubleclick.net https://static-v.tawk.to https://www.youtube.com https://player.vimeo.com; connect-src 'self' *  https://d.adroll.com  https://segments.company-target.com/ https://www.facebook.com/tr/ https://www.facebook.com https://go.xoriant.com https://255-ekd-002.mktoutil.com https://script.crazyegg.com https://static-v.tawk.to https://va.tawk.to https://www.google-analytics.com https://tracking.crazyegg.com https://api.company-target.com https://stats.g.doubleclick.net https://255-ekd-002.mktoresp.com; script-src 'self' data: * 'unsafe-inline' 'unsafe-eval' https://static-v.tawk.to https://ajax.googleapis.com https://code.jquery.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://use.fontawesome.com  https://cdn.jsdelivr.net; img-src 'self' data: * https://static-v.tawk.to https://ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://use.fontawesome.com https://static-v.tawk.to https://stackpath.bootstrapcdn.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://static-v.tawk.to https://use.fontawesome.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com; object-src 'self' data: *; media-src 'self' https://static-v.tawk.to https://d2z6n7frhx0hun.cloudfront.net https://cdn.xoriant.com https://www.xoriant.com; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' *.adsrvr.org *.doubleclick.net *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
frame-ancestors 'self' https://*.realtylink.org https://*.centris.ca; default-src 'self' https://*.centris.ca https://*.realtylink.org/ https://analytics.google.com https://*.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com https://stats.g.doubleclick.net https://www.google.ca https://www.google.com https://www.googletagmanager.com https://sb.scorecardresearch.com https://cdn.jsdelivr.net https://*.locallogic.co https://cdnjs.cloudflare.com https://browser.sentry-cdn.com https://maps.google.com https://maps.google.ca https://maps.googleapis.com https://*.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://unpkg.com https://*.arcgis.com https://events.mapbox.com https://maxcdn.bootstrapcdn.com https://*.lrcontent.com https://connect.facebook.net https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://*.loginradius.com https://www.prospectsweb.com https://www.youtube.com https://*.tryinteract.com https://spark.adobe.com https://*.surveymonkey.com https://ajax.googleapis.com https://*.ofsys.com https://ofsys.com https://*.dialoginsight.com https://*.pinterest.com https://*.pinterest.ca https://s.pinimg.com https://api.maptiler.com https://*.research.net https://cdn.linkedin.oribi.io wss://ws.hotjar.com https://sdk.privacy-center.org https://api.privacy-center.org blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.youtube.com *.gstatic.com *.opstechnology.com *.elevate.cafe *.googleapis.com *.google.com *.alive5.com alive5.com *.doubleclick.net; style-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' https://market.realpage.com https://*.elevate.cafe https://*.realpage.com https://*.opstechnology.com https://www.yardimarketplace.com; report-uri /error/csp-violation 1
frame-ancestors 'self' http://www.philips.sa *.philips.com *.philips.sa https://philipsigtdpv.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; font-src * data:; object-src 'none'; frame-ancestors 'self'; base-uri *; 1
frame-ancestors 'self' app.hubspot.com 1
default-src 'self' download.audioease.com download2.audioease.com download3.audioease.com download4.audioease.com download5.audioease.com www.youtube-nocookie.com; object-src 'none'; font-src *;img-src * data:; script-src 'unsafe-inline' 'self' https://www.audioease.com https://audioease.com download.audioease.com download2.audioease.com download3.audioease.com download4.audioease.com download5.audioease.com; style-src 'unsafe-inline' 'self'; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data: blob:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src * blob: 'unsafe-eval' 'unsafe-inline'; 1
default-src *.ctfassets.net 'self' blob:; connect-src * https: 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src feed.pghub.io *.qualtrics.com *.tapad.com *.facebook.com *.google.com https://www.youtube.com https://dentalcare.corbusmediasolutions.com *.adsrvr.org 'self'; img-src www.googletagmanager.com *.google-analytics.com images.ctfassets.net *.ctfassets.net pixel.tapad.com *.qualtrics.com *.cookielaw.org *.facebook.com 'self' data: ; media-src videos.ctfassets.net *.ctfassets.net 'self'; script-src *.qualtrics.com *.moatads.com pghub.io *.siteintercept.qualtrics.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.simpli.fi *.adsrvr.org *.cookielaw.org *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com 'self' 'unsafe-inline'; worker-src 'self' blob:; 1
frame-ancestors https://weta365.com https://*.weta365.com https://*.laihua.com https://laihua.com http://aigc.tanyiwise.cn https://videopost.hjananking.com https://videopost-if.hjananking.com http://*.zkyfszr.cn http://zkyfszr.cn http://xingwy.com http://*.xingwy.com https://*.xhsnews.com http://*.xhsnews.com http://ai.hushida.com http://xn.jcyint.cn https://shenggongshuzhi.com https://*.shenggongshuzhi.com http://live.4utech.cn http://ydboem.4utech.com http://*.xxlive.cn http://xxlive.cn https://*.xxlive.cn https://xxlive.cn https://avatar.yuan365.com https://*.yuan365.com http://sibac.net http://www.sibac.net https://yainoo.com https://www.yainoo.com http://digiman.yunbiao.tv http://dh.huizhihuyu.com https://nszr.n.cn http://www.hokooai.com https://human.n.cn https://juliangai.com http://juliangai.com https://www.juliangai.com http://www.juliangai.com http://www.chumenyw.com https://weta.magook.com https://weta.bookan.com.cn https://oa.bookan.com.cn https://public.bookan.com.cn https://weta.bookan.com http://heyvatar.com https://heyvatar.com https://www.heyvatar.com http://www.hcxaiszr.com https://twlwu.com https://www.twlwu.com 1
default-src 'self' localhost:* saintdk-qa.mdm.stibosystems.com saintdk-prod.mdm.stibosystems.com *.sgdd.dk *.sgddcloud.dk sgdd.scene7.com *.adobedtm.com *.adobedc.net *.mouseflow.com unpkg.com *.unpkg.com benefitclub.com *.benefitclub.com *.cookieinformation.com *.www.bd.dk www.bd.dk *.bd-prd-apim.sgddcloud.dk bd-prd-apim.sgddcloud.dk; connect-src 'self' localhost:* saintdk-qa.mdm.stibosystems.com saintdk-prod.mdm.stibosystems.com *.sgdd.dk *.sgddcloud.dk sgdd.scene7.com *.adobedtm.com *.adobedc.net *.mouseflow.com unpkg.com *.unpkg.com benefitclub.com *.benefitclub.com *.cookieinformation.com *.demdex.net *.googleapis.com *.bd.dk ws://127.0.0.1:50083 *.google.com google.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.www.bd.dk www.bd.dk *.bd-prd-apim.sgddcloud.dk bd-prd-apim.sgddcloud.dk; script-src 'self' 'unsafe-eval' 'unsafe-inline' localhost:* saintdk-qa.mdm.stibosystems.com saintdk-prod.mdm.stibosystems.com *.cookieinformation.com *.adobedtm.com *.adobedc.net benefitclub.com *.benefitclub.com *.mouseflow.com *.leadfamly.com *.googletagmanager.com *.bd.dk unpkg.com *.unpkg.com *.googleapis.com *.doubleclick.net googleads.g.doubleclick.net *.www.bd.dk www.bd.dk *.bd-prd-apim.sgddcloud.dk bd-prd-apim.sgddcloud.dk; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' localhost:* saintdk-qa.mdm.stibosystems.com saintdk-prod.mdm.stibosystems.com *.cookieinformation.com *.googleapis.com *.adobedtm.com benefitclub.com *.benefitclub.com *.adobedc.net *.mouseflow.com *.leadfamly.com *.googletagmanager.com *.bd.dk unpkg.com *.unpkg.com *.doubleclick.net googleads.g.doubleclick.net *.googleadservices.com *.googlesyndication.com *.www.bd.dk www.bd.dk *.bd-prd-apim.sgddcloud.dk bd-prd-apim.sgddcloud.dk; frame-src *.cookieinformation.com *.grundfos.com saintdk-qa.mdm.stibosystems.com saintdk-prod.mdm.stibosystems.com *.adobedtm.com *.adobedc.net *.mouseflow.com unpkg.com *.unpkg.com *.youtube.com *.demdex.net *.leadfamly.com benefitclub.com *.benefitclub.com *.oeland.dk *.bd.dk *.pbs-erhverv.dk pbs-erhverv.dk *.leverandoerservice.dk *.google.com google.com *.doubleclick.net *.www.bd.dk www.bd.dk *.bd-prd-apim.sgddcloud.dk bd-prd-apim.sgddcloud.dk; frame-ancestors *; style-src 'self' 'unsafe-inline' saintdk-qa.mdm.stibosystems.com saintdk-prod.mdm.stibosystems.com *.googleapis.com *.gstatic.com *.www.bd.dk www.bd.dk *.bd-prd-apim.sgddcloud.dk bd-prd-apim.sgddcloud.dk; font-src 'self' 'unsafe-inline' data: saintdk-qa.mdm.stibosystems.com saintdk-prod.mdm.stibosystems.com *.googleapis.com *.google.com google.com *.gstatic.com *.www.bd.dk www.bd.dk *.bd-prd-apim.sgddcloud.dk bd-prd-apim.sgddcloud.dk; img-src 'self' 'unsafe-inline' blob: data: *.sgdd.dk saintdk-qa.mdm.stibosystems.com saintdk-prod.mdm.stibosystems.com *.sgddcloud.dk sgdd.scene7.com *.gstatic.com *.everesttech.net *.demdex.net *.gstatic.com *.youtube.com *.googleapis.com benefitclub.com *.benefitclub.com *.ggpht.com *.google.com google.com *.google.dk *.googleadservices.com *.doubleclick.net *.www.bd.dk www.bd.dk *.bd-prd-apim.sgddcloud.dk bd-prd-apim.sgddcloud.dk; 1
default-src 'self'; img-src * 'unsafe-inline' data:; style-src * 'unsafe-inline' ; script-src-elem * 'unsafe-inline' data:; frame-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob:; font-src * 'unsafe-inline' data:; connect-src * 'unsafe-inline' 'unsafe-eval' data:  1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NGUyZTllMDQ4NTk5NGI0ZWIwNzI0ZTMwMjJmMWRmNzY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.kimnet.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.kimnet.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.kimnet.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-2lvQxz7w8onBgaH6rrkV5ZEWxn6lZAb7AEJCLtaOxvj8Oyke' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-JWB37pU9Aq5e3TGv21U+Ib9zMDU2ZpfW6NCTB+zzzy/+D+eD' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; img-src 'self' data:; form-action 'self' https://www.mozilla.org/en-US/newsletter/;  media-src 'self' blob:; script-src 'self' https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ 'sha256-vqFvYKh0rwFP9fSa0PuzUff2ElHQ+rkjGfycqUNqufQ=' https://www.googletagmanager.com/gtag/js ; font-src 'self'; frame-ancestors 'none';  frame-src  https://www.youtube.com/embed/ https://calendar.google.com/calendar/appointments/; base-uri 'none'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://blog.mozilla.org/addons/feed/ https://www.mozilla.org/en-US/newsletter/ https://*.google-analytics.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-mEvbI3ZJygGX/rDYta8BzxcIMvP6Z9bkVTCUj/Oiw62ajw2Z' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.google.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googleapis.com *.google.com *.google-analytics.com *.googletagmanager.com *.gstatic.com code.highcharts.com; connect-src 'self' *.sitesage.net *.googleapis.com *.google-analytics.com *.amazonaws.com; img-src data: blob: 'self' *.gstatic.com *.google-analytics.com *.google.com s3.amazonaws.com sitesage.net *.sitesage.net emonitor.us *.emonitor.us *.googleapis.com icons.wxug.com; style-src 'unsafe-inline' 'self' *.googleapis.com *.google.com; font-src 'self' data: *.gstatic.com; worker-src 'self' blob:; frame-ancestors 'self'; form-action 'self'; 1
connect-src 'self' public.internetude.fr www.facebook.com *.google-analytics.com www.googleadservices.com bat.bing.com *.cedexis.com *.cedexis-radar.net *.doubleclick.net api.segment.io api-js.mixpanel.com *.googlesyndication.com *.google.com *.googleapis.com *.snapchat.com *.clarity.ms kinougarde.containers.piwik.pro kinougarde.piwik.pro tag.completude.com; frame-src 'self' www.google.com *.doubleclick.net *.indeed.com tpc.googlesyndication.com *.facebook.com *.facebook.net www.youtube.com tr.snapchat.com player.vimeo.com *.clarity.ms *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' tr.snapchat.com blob: data: *.google.fr *.google.com www.googletagmanager.com connect.facebook.net *.facebook.com www.google-analytics.com www.googleadservices.com *.gstatic.com *.googleapis.com tpc.googlesyndication.com bat.bing.com conv.indeed.com radar.cedexis.com public.internetude.com neuvoo.ca *.doubleclick.net *.cloudfront.net s3.amazonaws.com *.appjobs.com cdnjs.cloudflare.com/ajax/libs/bluebird/3.3.4/bluebird.min.js cdn.polyfill.io/v2/polyfill.min.js cdn3.actito.com cdn.segment.com g.microsoft.com *.flagship.com cdn.heapanalytics.com cdn.mxpnl.com sc-static.net *.clarity.ms kinougarde.containers.piwik.pro kinougarde.piwik.pro tag.completude.com; 1
connect-src https://eurofinsbiomnis.matomo.cloud/ https://connect.eurofins-biomnis.com/ 1
frame-ancestors 'self' https://www.draexlmaier.group 1
script-src https://includes.ccdc02.com/ assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://maps.googleapis.com/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.cloudflare.com *.cookiebot.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'  https://maps.google.com/ https://maps.googleapis.com/ https://static.ads-twitter.com/ https://connect.facebook.net/  https://www.googletagmanager.com/ https://static.criteo.net/  https://stackpath.bootstrapcdn.com/  https://analytics.twitter.com/  https://sslwidget.criteo.com/  https://stats.g.doubleclick.net/ https://www.googleadservices.com/ https://www.google-analytics.com/  https://www.paypalobjects.com/  https://js.braintreegateway.com/ *.paypal.com/ https://www.google.com/  https://www.gstatic.com/ https://www.paypal.com/ https://ulnxlv.garrafeiranacional.com/  https://embed.tawk.to/  https://cdn.jsdelivr.net/ https://egoimmerce.e-goi.com/ 1
default-src 'self' *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com https: blob: ; script-src * data: blob: *.pricespider.com 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self' https://maps.gstatic.com https://*.epayments.com; worker-src 'self' https://maps.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://googleads.g.doubleclick.net https://cdn.taboola.com https://maps.gstatic.com https://maps.googleapis.com https://js.hscollectedforms.net https://js.hs-analytics.net https://js.hs-banner.com https://js.usemessages.com https://js.hs-scripts.com https://*.google.com https://www.googletagmanager.com https://connect.facebook.net https://*.facebook.com https://*.mail.ru https://widget.intercom.io https://mc.yandex.ru https://www.gstatic.com https://www.google-analytics.com https://js.intercomcdn.com https://api.survicate.com https://*.cognitoforms.com https://services.cognitoforms.com https://www.googleadservices.com https://trc.taboola.com https://www.cognitoforms.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://tagmanager.google.com https://*.cognitoforms.com https://services.cognitoforms.com https://www.cognitoforms.com; img-src 'self' data: https://www.google.co.uk https://*.gstatic.com https://maps.googleapis.com https://www.google.com https://www.google.ru https://track.hubspot.com https://stats.g.doubleclick.net http://*.mzstatic.com https://www.google-analytics.com https://mc.yandex.ru https://*.intercomcdn.com https://*.facebook.com https://static.intercomassets.com https://*.mail.ru https://services.cognitoforms.com https://www.google.de https://www.google.fi; font-src 'self' https://*.intercomcdn.com https://fonts.gstatic.com https://services.cognitoforms.com https://www.cognitoforms.com; connect-src 'self' https://cdn.taboola.com https://trc.taboola.com https://mc.yandex.ru https://stats.g.doubleclick.net https://www.google-analytics.com https://*.gstatic.com https://api.exchangeratesapi.io https://api.hubspot.com https://forms.hubspot.com https://freegeoip.net https://*.epayments.com https://*.intercom.io wss://*.intercom.io https://mc.yandex.ru https://api.survicate.com https://api.ratesapi.io https://*.cognitoforms.com https://services.cognitoforms.com https://www.facebook.com https://www.cognitoforms.com; child-src 'self' https://optimize.google.com https://mc.yandex.ru https://connect.facebook.net https://www.facebook.com https://*.epayments.com https://www.google.com https://*.gstatic.com https://app.hubspot.com https://bid.g.doubleclick.net 1
base-uri 'self'; default-src 'self' https://cdn.shopify.com *.shopify.com localhost:* https://cdn.sanity.io *.klaviyo.com loox.io 'unsafe-inline' fonts.googleapis.com https://fonts.gstatic.com *.cloudfront.net *.youtube.com 'unsafe-eval' connect.facebook.net www.facebook.com www.clarity.ms *.googletagmanager.com *.google.com *.postscript.io *.clarity.ms api.socialsnowball.io app.viralsweep.com data: *.gorgias.chat https://onesignal.com *.onesignal.com https://sc-static.net *.snapchat.com 'self' 'nonce-0d4274f68a9ec0c08b1fb854801a242f' https://cdn.shopify.com https://shopify.com; frame-ancestors 'self' admin.shopify.com localhost:3333 obsc.sanity.studio *.postscript.io none; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.klaviyo.com *.shopify.com localhost:* *.postscript.io data: onesignal.com 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' https://monorail-edge.shopifysvc.com localhost:* ws://localhost:* ws://127.0.0.1:* *.klaviyo.com *.api.sanity.io *.apicdn.sanity.io *.config-security.com whale.camera www.facebook.com *.postscript.io *.clarity.ms *.googletagmanager.com analytics.google.com stats.g.doubleclick.net cdn.growthbook.io *.gorgias.chat wss://*.gorgias.chat onesignal.com *.snapchat.com 'self' https://monorail-edge.shopifysvc.com 1
default-src 'self'; img-src * data: ; connect-src 'self' analytics.google.com www.google.com www.google.com.my ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com cdnjs.cloudflare.com fonts.gstatic.com challenges.cloudflare.com ; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com ; frame-src 'self' www.google.com challenges.cloudflare.com ; font-src 'self' fonts.gstatic.com ; style-src 'self' 'unsafe-inline' 1
default-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://ssl.google-analytics.com; img-src 'self' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.googletagmanager.com data:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'none' 1
media-src 'self' https://storage.googleapis.com; connect-src 'self' www.google-analytics.com *.gstatic.com; default-src 'self' *.gstatic.com; script-src 'self' 'unsafe-inline' *.googleanalytics.com *.google-analytics.com *.google.com *.gstatic.com; frame-src 'self' www.youtube.com; img-src 'self' data: https://storage.googleapis.com https://creators.google *.ytimg.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' *.google.com *.gstatic.com 1
upgrade-insecure-requests; frame-ancestors https://willowpointrehab.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; img-src 'self' data: https://imgs.xkcd.com; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-300eb44f4714445ea5d563112a4dff08' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src https:; connect-src https:; font-src https: data:; frame-src https: com.amazon.mobile.shopping.web:; img-src http: https: data: blob:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https: 1
default-src * 'unsafe-inline' 'unsafe-eval' t.contentsquare.net app.contentsquare.com app.contentsquare.com https://www.google.com; img-src 'self' data: itu.kacst.gov.sa c.az.contentsquare.net log.opentracker.net https://www.google-analytics.com https://www.google.com https://www.google.com.sa; script-src 'unsafe-eval' * ; script-src-elem * 'unsafe-inline'; worker-src * blob:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-85e72926932d10406eaad7a452211557'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://specialist.cvit.dev.ph https://www.ap.cvit.jp https://front-stg.medical-tribune.co.jp https://medical-tribune.co.jp; 1
default-src 'self'; frame-ancestors 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' https://gnosis-safe.io https://app.safe.global https://wallet.ambire.com; 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; media-src * https://lla-cms-prod.directus.app; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://cwc.kcenter.usu.com; frame-src * https://nebula-cdn.kampyle.com https://libertyglobal.kampyle.com https://optimize.google.com https://cobertura.cwpanama.com https://cwpanama.speedtestcustom.com https://www.youtube.com https://www.google.com https://www.facebook.com https://www.google-analytics.com; form-action *; worker-src * blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.ensighten.com *.hotjar.com *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com player.vimeo.com *.googleadservices.com snap.licdn.com trkn.us *.nice-incontact.com  *.g.doubleclick.net code.jquery.com; script-src-elem 'self' 'unsafe-inline' maps.googleapis.com *.facebook.net *.ensighten.com *.nice-incontact.com *.hotjar.com *.google.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com snap.licdn.com trkn.us *.g.doubleclick.net code.jquery.com; script-src-attr 'unsafe-inline' *.hotjar.com code.jquery.com *.ensighten.com *.nice-incontact.com *.facebook.net *.google.com player.vimeo.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.googleadservices.com snap.licdn.com trkn.us *.g.doubleclick.net; connect-src 'self' maps.googleapis.com *.google.com *.google-analytics.com *.g.doubleclick.net player.vimeo.com *.hotjar.com cdn.linkedin.oribi.io; style-src 'self' 'unsafe-inline' fast.fonts.net *.fontawesome.com; img-src 'self' data: secure.gravatar.com images.ctfassets.net *.bluekai.com *.facebook.com *.choozle.com *.adsrvr.org *.rlcdn.com *.company-target.com *.entitytag.co.uk *.b1img.com *.mookie1.com *.taboola.com *.truefitcorp.com  trkn.us px.ads.linkedin.com *.google-analytics.com *.adsymptotic.com *.google.com; font-src 'self' data: use.fontawesome.com; media-src 'self' player.vimeo.com images.ctfassets.net vod-progressive.akamaized.net; child-src 'self' *.cloudfront.net bluefoundrybank.referralrock.com *.nice-incontact.com *.hotjar.com *.adsrvr.org *.secureline.com *.g.doubleclick.net locations.bluefoundrybank.com player.vimeo.com *.fls.doubleclick.net *.google.com forms.microsoft.com forms.office.com *.windows.net *.microsoftonline.com images.printable.com; form-action 'self'; upgrade-insecure-requests; worker-src 'self'; 1
default-src 'self' https: https://d3smn0u2zr7yfv.cloudfront.net; font-src 'self' https: https://d3smn0u2zr7yfv.cloudfront.net data:; img-src 'self' https: https://d3smn0u2zr7yfv.cloudfront.net https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com http://www.googleadservices.com data:; object-src 'none'; script-src 'self' https: 'self' https: https://d3smn0u2zr7yfv.cloudfront.net https://www.googletagmanager.com/ https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://www.googleadservices.com http://www.googleadservices.com https://connect.facebook.net https://www.facebook.com https://platform.twitter.com https://twitter.com https://www.linkedin.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: https://d3smn0u2zr7yfv.cloudfront.net 'unsafe-inline'; base-uri 'self'; connect-src 'self' https: wss://nexus-websocket-a.intercom.io wss://*.hotjar.com 1
default-src 'none'; child-src 'self' *.kaltura.com *.surveygizmo.com cdn.calconic.com insuranceservicesofficeinc.demdex.net; connect-src 'self' *.albacross.com *.app.continual.ly *.brightcove.com *.commoninja.com *.crazyegg.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googlesyndication.com *.hotjar.com *.kaltura.com *.kampyle.com *.linkedin.com *.optimizely.com *.srv.stackadapt.com *.xactware.com app.calconic.com bcbolt446c5271-a.akamaihd.net cdn-app.continual.ly cdn.calconic.com cdn.cookielaw.org dc.services.visualstudio.com dl.episerver.net dpm.demdex.net geolocation.onetrust.com google.co.in https://cdn.linkedin.oribi.io/partner/1669474/domain/verisk.com/token https://cdn.linkedin.oribi.io/partner/384036/domain/maplecroft.com/token https://statistics-dot-calconic-app.appspot.com/api/stats/push https://wss-pr.continual.ly:6001 hubspot-forms-static-embed.s3.amazonaws.com manifest.prod.boltdns.net opreq.observepoint.com privacyportal.onetrust.com secure.adnxs.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net; font-src 'self' data: *.cloudfront.net *.googleapis.com *.gstatic.com *.hotjar.com *.kaltura.com cdnjs.cloudflare.com dl.episerver.net vjs.zencdn.net; frame-src 'self' *.acast.com *.app.continual.ly *.brightcove.net *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google.com *.gstatic.com *.hotjar.com *.kaltura.com *.kampyle.com *.maplecroft.com *.optimizely.com *.pardot.com *.readymag.com *.surveygizmo.com *.twitter.com *.youtube.com activitymap.adobe.com app.powerbi.com bloomberg.com capture.navattic.com cdn-app.continual.ly cdn.calconic.com datawrapper.dwcdn.net dl.episerver.net flo.uri.sh insuranceservicesofficeinc.demdex.net lifedemo.shinyapps.io optimize.google.com player.vimeo.com public.tableau.com survey.alchemer.com td.doubleclick.net verisk.postclickmarketing.com www.buzzsprout.com www.google.com www.insurancejournal.tv www.youtube-nocookie.com; img-src 'self' data: *.air-worldwide.com *.albacross.com *.brightcove.com *.commoninja.com *.eloqua.com *.facebook.com *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.linkedin.com *.maplecroft.com *.optimizely.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com *.youtube.com 6016449.global.siteimproveanalytics.io api.mapbox.com assets.adobedtm.com cdn.cookielaw.org cf-images.us-east-1.prod.boltdns.net cm.everesttech.net dl.episerver.net dpm.demdex.net i.ytimg.com jumbe.zaius.com maps.gstatic.com optimize.google.com p.adsymptotic.com public.tableau.com verisk.d1.sc.omtrdc.net veriskisonetprod.112.2o7.net w3.poweradvocate.com www.google.co.uk www.google.com www.greatplacetowork.com www.gstatic.com; media-src 'self' blob: *.air-worldwide.com *.gstatic.com *.kaltura.com *.srv.stackadapt.com bcbolt446c5271-a.akamaihd.net dl.episerver.net manifest.prod.boltdns.net; script-src-elem 'self' 'unsafe-inline' *.albacross.com *.cave9tape.com *.cloudfront.net *.cookielaw.org *.facebook.com *.facebook.net *.g.doubleclick.net *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.kaltura.com *.kampyle.com *.licdn.com *.oktopost.com *.salesforceliveagent.com *.srv.stackadapt.com *.twitter.com *.xactware.com assets.adobedtm.com cdn-app.continual.ly cdn.calconic.com cdn.datatables.net cdnjs.cloudflare.com code.jquery.com dl.episerver.net https://okt.to img.en25.com js.monitor.azure.com maxcdn.bootstrapcdn.com siteimproveanalytics.com static.oktopost.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ads-twitter.com *.albacross.com *.app.continual.ly *.cave9tape.com *.cloudflare.com *.cloudfront.net *.commoninja.com *.cookielaw.org *.facebook.net *.fraudblocker.com *.g.doubleclick.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.herbgreencolumn.com *.hotjar.com *.hsforms.com *.kaltura.com *.licdn.com *.linkedin.com *.maplecroft.com *.oktopost.com *.optimizely.com *.pardot.com *.readymag.com *.salesforceliveagent.com *.twimg.com *.twitter.com *.xactware.com *.youtube.com activitymap.adobe.com api-ssl.bitly.com az416426.vo.msecnd.net cdn-app.continual.ly cdn-assets-prod.s3.amazonaws.com cdn.calconic.com cdn.mouseflow.com cdnjs.cloudflare.com code.jquery.com dl.episerver.net geolocation.onetrust.com https://js.monitor.azure.com img.en25.com ionfiles.scribblecdn.ne js.hsforms.net js.monitor.azure.com maxcdn.bootstrapcdn.com optimize.google.com player.vimeo.com players.brightcove.net public.flourish.studio public.tableau.com s1065293013.t.eloqua.com script.crazyegg.com secure.leadforensics.com siteimproveanalytics.com unpkg.com vjs.zencdn.net www.buzzsprout.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com www.gstatic.com; style-src-elem 'self' 'unsafe-inline' *.app.continual.ly *.googleapis.com *.gstatic.com *.srv.stackadapt.com cdn-app.continual.ly cdn.jsdelivr.net dl.episerver.net; style-src 'self' 'unsafe-inline' *.app.continual.ly *.googleapis.com *.gstatic.com *.srv.stackadapt.com *.twimg.com *.twitter.com *.verisk.com cdn-app.continual.ly cdn.jsdelivr.net cdnjs.cloudflare.com dl.episerver.net optimize.google.com unpkg.com; script-src-attr 'unsafe-inline' *.srv.stackadapt.com *.xactware.com; report-to stott-security-endpoint;report-uri https://www.verisk.com/stott.security.optimizely/api/cspreporting/reporturiviolation/; 1
default-src https: blob: wss: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
frame-src 'self'; frame-ancestors 'self' https://vision.24-7intouch.com https://portal.intouchcx.com http://localhost:* app://*; object-src 'none'; 1
frame-src 'self' *.optimizely.com *.doubleclick.net *.adsrvr.org *.bounceexchange.com *.amazon-adsystem.com *.owneriq.net *.google.com *.facebook.com *.facebook.net *.rokt.com *.amazon.com *.paypal.com *.payments-amazon.com *.sojern.com *.qantasloyalty.com *.qantas.com tag.yieldoptimizer.com img3.avis.com img3.budget.com img3.paylesscar.com *.youtube.com  quantserv.com  adnxs.com  impactradius-event.com  dgm-au.com  everestjs.net  everesttech.net  yahoo.com  xg4ken.com *.online-metrix.net *.uplift.com  *.quantummetric.com api.securedvisit.com  track.securedvisit.com content.securedvisit.com images.securedvisit.com track.sv.rkdms.com *.mypurecloud.com  *.nagich.com cloudfront.net  bing.com go.pardot.com sme.avis.co.nz sme.avis.com.au sme.budget.co.nz sme.budget.com.au *.salecycle.com  abgnz.wufoo.com; 1
object-src 'none'; form-action https://www.traceparts.com https://ws-edition.tracepartsonline.net https://cdn.tracepartsonline.net https://forms.hsforms.com; frame-ancestors 'none' 1
default-src 'self'; base-uri 'self'; script-src 'self' 'unsafe-inline' https: *.talos.com sentry.io widget.intercom.io js.intercomcdn.com; style-src 'self' 'unsafe-inline' https: fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' https: fonts.googleapis.com; img-src 'self' data: storage.googleapis.com blob: ; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src 'self' https: *.talostrading.com blob: *.talostrading.com *.talos.com ; connect-src wss: sentry.io *.sentry.io *.datadoghq.com browser-intake-datadoghq.com *.browser-intake-datadoghq.com *.intercom.io *.mixpanel.com talostrading.com *.talostrading.com 1
default-src 'none'; script-src 'self' 'sha256-+bciAoXo8tqxurJAfFdRHhPFvC+ti9sSCf6nP1Mq0zk='; style-src 'self' data: 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self'; media-src 'self' data: blob:; object-src 'self'; child-src 'none'; frame-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self' https://docs.immerda.ch/de/search; base-uri 'self'; manifest-src 'none'; report-uri https://csp-report.immerda.ch/report.php; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' *.azurewebsites.net *.herokuapp.com *.gob.mx *.googleapis.com *.google-analytics.com sandbox.mifiel.com *.mifiel.co ajax.google-analytics.com *.prodarshield.com 'unsafe-inline' ; font-src *;img-src * *.prodarshield.com data:; script-src code.jquery.com * 'unsafe-inline'; style-src * 'unsafe-inline'; connect-src *.azurewebsites.net wss://ws-portal-federado.herokuapp.com *.herokuapp.com *.google-analytics.com; frame-src * blob: 1
frame-ancestors 'self' *.esfcu.org *.zagclients.net 1
default-src 'self'; connect-src 'self' cdn.cookielaw.org privacyportal-de.onetrust.com onetrust.com prowebce.com metrics.prowebce.com *.google-analytics.com cdn.linkedin.oribi.io www.google-analytics.com stats.g.doubleclick.net *.analytics.google.com google.fr www.googletagmanager.com googletagmanager.com *.g.doubleclick.net *.google.com *.onetrust.com; frame-src 'self' https://www.facebook.com bid.g.doubleclick.net; img-src 'self' data: cdn.cookielaw.org www.facebook.com www.google-analytics.com *.google-analytics.com px.ads.linkedin.com metrics.prowebce.com www.google.com www.google.fr www.googletagmanager.com googletagmanager.com px4.ads.linkedin.com *.g.doubleclick.net *.google.com googleads.g.doubleclick.net ade.googlesyndication.com click.edenred.fr *.onetrust.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com www.googleadservices.com *.google.com googleads.g.doubleclick.net mdbootstrap.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; script-src-elem 'self' 'unsafe-inline' googleoptimize.com www.googleoptimize.com cdn.cookielaw.org googletagmanager.com www.googletagmanager.com get.smart-data-systems.com connect.facebook.net eqy.link stats.webleads-tracker.com www.google-analytics.com snap.licdn.com www.googleadservices.com googleads.g.doubleclick.net *.googleadservices.com *.onetrust.com mdbootstrap.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self'; report-uri https://solutionscse.edenred.fr/report-uri/enforce 1
frame-ancestors 'self' *.myguardiangroup.com *.myggonline.app;default-src 'self' * 'unsafe-inline' 'unsafe-eval' data: blob: ws: filesystem: about: *.myggonline.app *.myguardiangroup.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-DP8V0AJBtz4cl/kqEuNu5VeaVSFn14J9mLfY+76X6XIM3z6D' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors http://dev.partner2022.banner.abm.at https://*.bannerbatterien.com ; 1
default-src 'self' challenges.cloudflare.com  *.neighbourly.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud; frame-src 'self' challenges.cloudflare.com  *.microsoftonline.com *.powerbi.com  *.youtube-nocookie.com *.youtube.com *.vimeo.com *.stripe.com *.twitter.com; connect-src 'self'  px.ads.linkedin.com challenges.cloudflare.com  *.neighbourly.com forms.hubspot.comdisabled forms.hsforms.comdisabled maps.googleapis.com googleapis.com js.hsforms.net nbrlyprod.streaming.mediaservices.windows.net *.mapbox.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud;media-src blob: nbrlyprodmedia.blob.core.windows.net nbrlyprod.streaming.mediaservices.windows.net *.neighbourly.com *.youtube.com *.vimeo.com; img-src 'self'  px.ads.linkedin.com challenges.cloudflare.com  data: *.mapbox.com track.hubspot.com forms.hsforms.comdisabled nbrlyprodmedia.blob.core.windows.net maps.gstatic.com *.neighbourly.com *.stripe.com; script-src 'self' snap.licdn.com challenges.cloudflare.com  *.neighbourly.com 'unsafe-eval' *.googleapis.com googleapis.com js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.netdisabled js.hsadspixel.netdisabled js-na1.hs-scripts.com *.twitter.com *.vimeo.com *.youtube.com *.google-analytics.com cdn.matomo.cloud  neighbourly.matomo.cloud *.mapbox.com *.stripe.com; style-src 'self' challenges.cloudflare.com  *.neighbourly.com 'unsafe-inline'; report-uri https://nbrly-prod-fn-schedules-v2.azurewebsites.net/api/log?code=CSrelvJVFKZtDoUcrgbyKhMKm4DBBPpJcdaR8h1wZP/5zjHodNdgeQ== 1
child-src 'self' *.youtube.com; connect-src *; default-src 'self' *.google-analytics.com 'unsafe-inline' *.8x8.com; font-src 'self' data:; frame-src 'self' *.youtube.com *.google.com *.8x8.com *.ibm.com; img-src 'self' 'unsafe-inline' data: *.gravatar.com cldup.com s.w.org tickets.demontforthall.co.uk i.ytimg.com *.google-analytics.com *.8x8.com *.ibm.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.civiccomputing.com ajax.googleapis.com mms.sp-prod.net *.googletagmanager.com *.google-analytics.com code.jquery.com *.google.com *.gstatic.com *.gstatic.com *.8x8.com; style-src 'self' 'unsafe-inline' *.8x8.com; 1
frame-ancestors 'self' pi.pardot.com twitter.com t.co;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.srv.stackadapt.com https://j.6sc.co/ https://cdn.calconic.com/ https://yoast.com/ https://securityscorecard.com https://*.buzzsprout.com https://*.issuu.com/ https://www.123formbuilder.com/ https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.ep-mimecast.ads-twitter.com https://*.google.com https://*.googleapis.com https://analytics.twitter.com https://app.intercom.io https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.syndication.twimg.com https://connect.facebook.net https://content.linkedin.com https://d.adroll.com https://en.twitter.com https://go.epsilontel.io https://googleads.g.doubleclick.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://js.intercomcdn.com https://m.youtube.com https://platform.twitter.com https://platform.linkedin.com https://pi.pardot.com https://s.adroll.com https://sc.lfeeder.com https://static.ads-twitter.com https://script.hotjar.com https://static.hotjar.com https://static-exp1.licdn.com https://snap.licdn.com https://ssl.google-analytics.com https://trk.techtarget.com https://t.co https://tagmanager.google.com https://www.youtube.com https://www.youtube-nocookie.com https://www.google-analytics.com https://widget.intercom.io https://www.google.com https://www.googletagmanager.com https://static.addtoany.com;style-src 'self' 'report-sample' 'unsafe-inline' blob:  *.srv.stackadapt.com securityscorecard.com *.buzzsprout.com *.google.com *.licdn.com cdn.jsdelivr.net cdnjs.cloudflare.com *.googleapis.com platform.twitter.com ton.twimg.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.calconic.com www.paypalobjects.com securityscorecard.com *.buzzsprout.com *.issuu.com *.123formbuilder.com *.facebook.com *.google.com *.doubleclick.net *.googlesyndication.com connect.facebook.net fast.wistia.net go.epsilontel.io intercom-sheets.com platform.twitter.com player.vimeo.com vars.hotjar.com www.youtube.com www.youtube-nocookie.com www.intercom-reporting.com www.googletagmanager.com static.addtoany.com;base-uri 'self';form-action 'self' *.123formbuilder.com *.twitter.com *.facebook.com *.google.com api-iam.intercom.io connect.facebook.net intercom.help;worker-src 'self' blob: www.google.com; 1
script-src 'self' *.google-analytics.com *.googletagmanager.com *.googleapis.com *.cloudflare.com *.youtube.com *.facebook.com *.facebook.net *.ytimg.com *.wp.com *.typekit.net *.geniusmonkey.com *.twilik.com stripe.com *.stripe.com paypal.com *.paypal.com https://cdn.plaid.com https://www.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self';   connect-src 'self' eastus-8.in.applicationinsights.azure.com/ *.tawk.to/ hubspot-forms-static-embed.s3.amazonaws.com/ *.hsforms.net/ *.hscollectedforms.net/ *.hsforms.com/ *.hubapi.com/ *.hubspot.com/ *.google-analytics.com/ stats.g.doubleclick.net/j/ *.addthis.com/ *.disquscdn.com/ disqus.com/ *.disqus.com/ *.hotjar.com/ maps.googleapis.com/ analytics.google.com/g/ wss: wss://ws3.hotjar.com/api/ *.callrail.com/ *.uverce.com/;   font-src 'self' data: *.tawk.to/ fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com/ *.disquscdn.com/;   frame-src 'self' bid.g.doubleclick.net/ *.hubspot.com/ *.hsforms.com/ *.hsforms.net/ www.googletagmanager.com/ www.google.com/recaptcha/ www.facebook.com/tr/ *.addthis.com/ disqus.com/ *.disqus.com/ *.hotjar.com/ *.uverce.com/ youtube.com/ *.youtube.com/;   child-src www.youtube.com/;   img-src 'self' data: blob: *.googletagmanager.com/ *.tawk.to/ *.google.com/ *.hsforms.com/ *.hubspot.com/ www.facebook.com/ www.google-analytics.com/ stats.g.doubleclick.net/r/ www.google.com/ads/ maps.gstatic.com/mapfiles/ maps.googleapis.com/ dashboard.umbraco.org/ umbraco.tv/ cdn.viglink.com/ *.disqus.com/ *.addthis.com/ sync.crwdcntrl.net/map/ tags.rd.linksynergy.com/ ps.eyeota.net/ *.uverce.com/;   media-src 'self';   object-src 'none';   script-src 'self' 'unsafe-inline' 'unsafe-eval' az416426.vo.msecnd.net/ *.hsforms.net/ *.tawk.to/ googleads.g.doubleclick.net/ *.googleadservices.com/ *.hscollectedforms.net/ *.hsadspixel.net/ *.hs-analytics.net/ *.hs-banner.com/ *.usemessages.com/ *.hs-scripts.com/ www.gstatic.com/recaptcha/ www.google.com/recaptcha/ cdn.jsdelivr.net cdnjs.cloudflare.com maps.googleapis.com/ marathonconsulting.atlassian.net/ www.googletagmanager.com/ www.google-analytics.com/ *.addthis.com/ *.addthisedge.com/ snap.licdn.com/ connect.facebook.net/ px.ads.linkedin.com/collect/ disqus.com/ *.disqus.com/ *.disquscdn.com/ www.linkedin.com/ *.hotjar.com/ *.tawk.to/ *.uverce.com/ *.callrail.com/;   style-src 'self' 'unsafe-inline' *.tawk.to/ fonts.googleapis.com/ maxcdn.bootstrapcdn.com/ cdn.jsdelivr.net cdnjs.cloudflare.com *.disquscdn.com/ *.tawk.to/ *.uverce.com/; 1
default-src 'self' data:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; media-src 'self' data: 1
default-src 'self' club-rf.ru *.club-rf.ru;
                                            script-src 'self' 'unsafe-inline' 'unsafe-eval' club-rf.ru *.club-rf.ru *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com connect.facebook.net https://mc.yandex.ru https://yastatic.net https://top-fwz1.mail.ru st.top100.ru vk.com *.vk.com connect.ok.ru connect.mail.ru;
                                            frame-src 'self' blob: club-rf.ru *.club-rf.ru *.youtube.com *.facebook.com s-static.ak.facebook.com https://mc.yandex.ru https://top-fwz1.mail.ru vk.com *.vk.com connect.ok.ru connect.mail.ru;
                                            object-src 'self' club-rf.ru *.club-rf.ru;
                                            style-src 'self' 'unsafe-inline' club-rf.ru *.club-rf.ru;
                                            img-src 'self' 'unsafe-inline' club-rf.ru *.club-rf.ru *.yandex.ru https://top-fwz1.mail.ru https://kraken.rambler.ru https://counter.rambler.ru vk.com *.vk.com;
                                            connect-src 'self' club-rf.ru *.club-rf.ru https://mc.yandex.ru https://top-fwz1.mail.ru https://kraken.rambler.ru;
                                            font-src 'self' club-rf.ru *.club-rf.ru https://fonts.googleapis.com;
                                            child-src 'self' blob: club-rf.ru *.club-rf.ru https://mc.yandex.ru; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'none' 1
frame-ancestors 'self' http://selfservice.onpremise.therme.local https://feedback.mytherme.app 1
default-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr *.disquscdn.com disqus.com; connect-src * data: blob: filesystem: localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.googletagservices.com localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr vercel.live vitals.vercel-insights.com script.hotjar.com static.hotjar.com static.cdn.prismic.io stats.qiota.com scripts.qiota.com data.qiota.com static.qiota.com www.qiota.com adservice.google.com www.google.com cse.google.com adservice.google.fr securepubads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com www.google.com/recaptcha www.gstatic.com/recaptcha platform.twitter.com lessor.disqus.com tpc.googlesyndication.com prismic.io; child-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr ; frame-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr https://rue-bleue.kessel.media ruebleue.lessor.org lessor.prismic.io *.qiota.com www.qiota.com qiota.com *.safeframe.googlesyndication.com vars.hotjar.com https://platform.twitter.co disqus.com www.google.com tpc.googlesyndication.com https://www.youtube.com/ https://platform.twitter.com/ http://www.googletagmanager.com/'; form-action 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; img-src 'self' data: https: localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr *.google.com; style-src 'unsafe-inline' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr www.qiota.com www.google.com disqus.com *.disquscdn.com; media-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr ; font-src 'self' localhost:3000 lessor.org *.lessor.org lessor.pretotype.fr; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.rawgit.com *.newrelic.com *.nr-data.net *.mrlender.com *.typekit.net *.facebook.net  *.reviews.co.uk *.mouseflow.com *.google.co.uk *.google.com *.googletagservices.com *.googlesyndication.com *.livechatinc.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.console.glassboxsaas.com *.glassboxdigital.io *.gbqofs.com *.report.gbss.io *.gbqofs.io 1
content="default-src https: 'unsafe-eval' 'unsafe-inline'" 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.altium.com altium.com *.bizible.com *.circuitmaker.com *.googletagmanager.com *.marketo.net *.mktoresp.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.adroll.com *.facebook.net *.doubleclick.net *.consensu.org *.cloudfront.net *.google.com *.marketo.com *.gstatic.com snap.licdn.com *.bing.com *.redditstatic.com *.ads-twitter.com *.twitter.com *.youtube.com *.vidyard.com *.onetrust.com *.cookielaw.org; img-src * blob: data:; media-src *;connect-src * 1
script-src https://app.usercentrics.eu/ https://www.vms.de/ 'self' 'nonce-WmtLN0Jjdy1ySE5ubnpvYXZVSE5MZ0FBQUFB' 'unsafe-eval'; object-src 'none'; base-uri 'none'; 1
default-src 'self';base-uri 'self';script-src 'nonce-rj6P0icwtoGd/WifS5Z1ig==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
default-src https: *; script-src https: 'self' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https: *; font-src data: https: * 1
default-src https: 'unsafe-inline' 'unsafe-inline' 'unsafe-eval'; font-src 'self' https: data:; img-src 'self' https: data:; 1
frame-src https://mseuf.edu.ph https://www.youtube.com https://online.fliphtml5.com https://www.google.com https://docs.google.com https://forms.office.com https://embed.windy.com http://mseufeduph-my.sharepoint.com https://www.facebook.com https://drive.google.com 1
default-src 'none'; frame-src 'self' *.doubleclick.net *.bluekai.com fortcdn.com *.google.com *.facebook.com *.sahbak.co.il *.azrieli.com *.creditguard.co.il *.prpl.co.il *.mini-sites.net cplay.net ssl-vp.com *.smoove.io lbi.co.il *.leumi-card.co.il https://www.max.co.il/ https://mini-sites.net/ azrieli.com kontent.ai https://online.max.co.il/ buyme.co.il https://slash.co.il/ *.cloudfront.net *.azrieli.xyz https://adsil1.com/ *.azrielimalls.co.il *.inmanage.com; font-src 'self' data: https://fortcdn.com/Campaigns/fonts/ https://fonts.gstatic.com/ https://comp.stg.azrieli.xyz/ https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ *.azrielimalls.co.il *.inmanage.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ *.azrielimalls.co.il *.inmanage.com; script-src-elem 'self' 'unsafe-inline' https://www.google-analytics.com/ https://www.googletagmanager.com/ https://tags.bkrtx.com/ https://www.google.com/recaptcha/ https://js.nagich.co.il/ https://fortcdn.com/staticfiles/fb-web/js/ https://www.gstatic.com/ https://googleads.g.doubleclick.net/ https://www.googleadservices.com/ https://connect.facebook.net/ https://amplify.outbrain.com/ https://tr.outbrain.com/ https://wave.outbrain.com/ https://access.nagich.co.il/ https://comp.stg.azrieli.xyz/ https://comp.ecom.azrieli.com/ https://edge.fullstory.com/ https://maps.googleapis.com/maps/api/ *.azrieli.xyz https://bringthemhomenow.net https://comp.staging.ecom.azrieli.com *.azrielimalls.co.il *.inmanage.com; connect-src 'self' https://www.google-analytics.com/ https://js.nagich.co.il/ https://googleads.g.doubleclick.net/ https://fb.fortvision.com/fb/ https://3khkl7i2z4.execute-api.eu-west-1.amazonaws.com/ https://stats.g.doubleclick.net/ https://kinesis.eu-west-1.amazonaws.com/ https://www.facebook.com/x/ https://www.facebook.com/platform/ https://graph.facebook.com/ https://ieaccess.nagich.co.il/ https://analytics.google.com/ https://comp.stg.azrieli.xyz/ https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ https://api.stg.azrieli.xyz/ https://kd.stg.azrieli.xyz/ https://kd.ecom.azrieli.com/ https://api.ecom.azrieli.com/ https://tr.outbrain.com/ https://maps.googleapis.com/maps/api/ https://edge.fullstory.com/ https://rs.fullstory.com/ https://n2.nixale.com/se https://pagead2.googlesyndication.com/ https://pht.ecom.azrieli.com https://adservice.google.com/ https://www.google.co.il/ https://access.nagich.co.il/ *.azrielimalls.co.il *.inmanage.com; img-src 'self' https://www.google.com/ https://googleads.g.doubleclick.net/ *.googleadservices.com data: https://www.facebook.com/ https://tr.outbrain.com/ https://www.google.co.il/ https://www.google-analytics.com/ https://graph.facebook.com/ https://platform-lookaside.fbsbx.com/platform/ https://www.googletagmanager.com https://access.nagich.co.il/ https://comp.stg.azrieli.xyz/ https://assets-us-01.kc-usercontent.com/ https://images.stg.azrieli.xyz/ https://ka.stg.azrieli.xyz/ https://images.ecom.azrieli.com/ https://ka.ecom.azrieli.com/ https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ *.azrieli.xyz *.azrielimalls.co.il *.inmanage.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://fortcdn.com/ https://s3.eu-central-1.amazonaws.com/ https://access.nagich.co.il/ https://comp.stg.azrieli.xyz/ https://comp.ecom.azrieli.com/ https://comp.staging.ecom.azrieli.com/ *.azrieli.xyz *.azrielimalls.co.il *.inmanage.com; base-uri 'self'; form-action 'self' https://www.facebook.com/tr/; 1
frame-ancestors self www.vix.com.br 1
frame-ancestors 'self' https://*.zappy.dev https://*.zappy.pro https://*.zappysoftware.com; 1
referrer always; 1
default-src 'self' *.widgetworks.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com; style-src 'self' 'unsafe-inline' *.widgetworks.com.au https://tagmanager.google.com https://fonts.googleapis.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev; img-src 'self' data: * www.googletagmanager.com  https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com; connect-src 'self' localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev *.ingest.sentry.io jsonapi.sajari.net/sajari.api.pipeline.v1.Query/Search vitals.vercel-insights.com analytics.tiktok.com www.google.com.au/pagead/attribution https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com  https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://ct.pinterest.com api.hubapi.com forms.hubspot.com stats.g.doubleclick.net www.googleadservices.com secure-ds.serving-sys.com tr.snapchat.com lm.serving-sys.com/lm/tmd; frame-ancestors 'self' localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev; font-src 'self' https://fonts.gstatic.com data: 'self' *.widgetworks.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com; script-src 'unsafe-inline' 'self' *.widgetworks.com.au *.youtube.com webchat.cusa.com.au *.vimeo.com localhost:8000 cms.creditunion.atomix.dev cms.creditunionsa.com.au cms.creditunionsa.uat.com.au cms.creditunion.uat.atomix.dev https://gpm.westernunion.com/au/AU/RT/02156-FI *.fls.doubleclick.net tr.snapchat.com www.pinterest.com.au www.pinterest.com secure-ds.serving-sys.com js.hs-scripts.com s.pinimg.com js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com connect.facebook.net https://*.googletagmanager.com www.google-analytics.com www.gstatic.com siteimproveanalytics.com sc-static.net static.ads-twitter.com www.redditstatic.com cdn.sajari.com snap.licdn.com analytics.tiktok.com bs.serving-sys.com analytics.twitter.com https://tagmanager.google.com 1
default-src 'self' *.mobi.com.br *.sigasuaencomenda.com.br; media-src 'self' *; connect-src 'self' * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mobi.com.br *.sigasuaencomenda.com.br blob: https://connect.facebook.net/ https://cdn.jsdelivr.net https://connect.facebook.net/en_US/fbevents.js https://googleads.g.doubleclick.net https://www.googleadservices.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://www.google.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.googletagmanager.com https://ajax.googleapis.com https://www.google-analytics.com https://microsoft.github.io https://maps.googleapis.com code.jquery.com https://ssl.google-analytics.com; img-src 'self' blob: *.mobi.com.br *.sigasuaencomenda.com.br https://www.facebook.com/tr/ https://www.facebook.com/privacy_sandbox/pixel/register/trigger/ https://secure.gravatar.com/avatar/ *.wp.com/ https://avatar-management--avatars.us-west-2.prod.public.atl-paas.net https://streetviewpixels-pa.googleapis.com data: https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://mobi.com.br https://sigasuaencomenda.com.br https://127.0.0.1:18619 https://www.google.com.br https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.mobi.com.br *.sigasuaencomenda.com.br https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://maps.gstatic.com data: *.mobi.com.br *.sigasuaencomenda.com.br https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com/; frame-src 'self' https://www.googletagmanager.com/ https://td.doubleclick.net/ https://sigasuaencomenda.com.br/ https://sftp.mobilogistica.com.br:5000 https://sftp.mobilogistica.com.br https://app.powerbi.com blob: *.mobi.com.br *.sigasuaencomenda.com.br https://www.google.com https://maps.google.com https://bid.g.doubleclick.net/; object-src 'self' *.mobi.com.br *.sigasuaencomenda.com.br 1
frame-src 'self' *.amazon.de *.cookiebot.com *.google.com *.paypal.com *.prismic.io *.vimeo.com; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src 'unsafe-inline' *; img-src 'unsafe-inline' *; media-src 'self'; script-src 'self' www.forums.gardengatemagazine.com www.forums.woodnet.net forums.woodnet.net www.googletagservices.com www.googletagmanager.com securepubads.g.doubleclick.net cdn.ampproject.org tpc.googlesyndication.com secure.augusthome.com images.ahpc.us adservice.google.com connect.facebook.net; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://use.typekit.net *; font-src 'self' data: *; form-action 'self' *; frame-ancestors 'self'; reflected-xss block; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://button.kcmsurvey.com https://chart.googleapis.com https://www.google.com https://www.google.nl https://www.gstatic.com https://browser-update.org ; img-src 'self' data: blob: https://www.kcmsurvey.com https://chart.googleapis.com https://translate.google.com https://www.google.com https://www.google.nl https://www.gstatic.com https://browser-update.org ; style-src 'self' 'unsafe-inline' https://www.kcmsurvey.com https://button.kcmsurvey.com https://fonts.googleapis.com https://translate.googleapis.com https://www.google.com *.gstatic.com ; font-src 'self' data: ; object-src 'none' ; report-uri https://www.kcmsurvey.com/callbacks/csp_violation/report.php 1
default-src 'self' 'unsafe-inline' wss://socket.linkhub.co.kr https://pay.linkhub.co.kr https://partner.linkhub.co.kr https://partner.popbill.com https://www.linkhub.co.kr https://blog.linkhub.co.kr https://stats.g.doubleclick.net https://www.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://d17ecin4ilxxme.cloudfront.net https://127.0.0.1:17107;frame-ancestors 'none'; 1
default-src 'self' www.youtube.com; script-src 'self' 'nonce-1hEedyGoeYyOGqzMS4lVEw=='; script-src-elem 'self' 'nonce-1hEedyGoeYyOGqzMS4lVEw=='; frame-src 'self' www.youtube.com player.vimeo.com; connect-src 'self' res.cloudinary.com https://sentry.io blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com translate.googleapis.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: res.cloudinary.com obos-res.cloudinary.com https://res.cloudinary.com https://obos-res.cloudinary.com https://cdn.sanity.io i.ytimg.com https://cdn.jsdelivr.net blob:; base-uri 'self'; object-src 'self'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'none'; media-src 'self' res.cloudinary.com obos-res.cloudinary.com https://res.cloudinary.com https://obos-res.cloudinary.com; form-action 'self' innlogging.obos.no; 1
frame-ancestors manualsnet.com dev.manualsnet.com 1
frame-ancestors 'self' http://www.bestfoods.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-b+FCkrQFSxWylSETIdYO4uYTRspL+/u6+ww7iKWO5VetNS06' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.chien-perdu.org *.lost-dog.org *.perro-perdido.com *.chat-perdu.org *.lost-cat.org *.gato-perdido.com https; script-src 'self' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.facebook.net *.google-analytics.com *.stripe.com *.fullstory.com; style-src 'self' 'unsafe-inline' *.googleapis.com; child-src 'self' *.facebook.com *.stripe.com; connect-src 'self' *.les-chiens.org *.les-chats.org *.google-analytics.com *.fullstory.com maps.googleapis.com; font-src 'self' *.gstatic.com; img-src 'self' data: *.gstatic.com *.googleapis.com *.chien-perdu.org *.lost-dog.org *.perro-perdido.com *.chat-perdu.org *.lost-cat.org *.gato-perdido.com *.google-analytics.com *.facebook.com *.paypal.com *.paypalobjects.com *.googletagmanager.com *.fullstory.com; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.sinertegiaacademy.com https://www.thesynergyunlimited.com 1
frame-ancestors 'self' http://www.spilxl.dk 1
style-src 'self'  'unsafe-inline' 'unsafe-eval' *.social9.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.co *.ckeditor.com  *.twitter.com *.gstatic.com *.cloudfront.net  *.cloudflare.com *.guarumo.com *.amazonaws.com eye.rd.services *.smartdataautomation.com *.bancoldex.com *.googleapis.com; style-src-elem 'self'  'unsafe-inline' 'unsafe-eval' *.social9.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.co *.ckeditor.com  *.twitter.com *.gstatic.com *.cloudfront.net  *.cloudflare.com *.guarumo.com *.amazonaws.com eye.rd.services *.smartdataautomation.com *.bancoldex.com *.googleapis.com; script-src 'self'  'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com *.social9.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.co *.ckeditor.com  *.twitter.com *.gstatic.com *.cloudfront.net  *.cloudflare.com *.guarumo.com *.amazonaws.com eye.rd.services *.smartdataautomation.com *.bancoldex.com *.googleapis.com; script-src-elem 'self'  'unsafe-inline' 'unsafe-eval' *.social9.com *.google-analytics.com *.googletagmanager.com *.google.com *.google.com.co *.ckeditor.com  *.twitter.com *.gstatic.com *.cloudfront.net  *.cloudflare.com *.guarumo.com *.amazonaws.com eye.rd.services *.smartdataautomation.com *.bancoldex.com *.googleapis.com *.googleoptimize.com *.tweetnacl.js.org *.bundle.run cdn.jsdelivr.net *.facebook.net https://tweetnacl.js.org https://bundle.run https://botai.smartdataautomation.com; 1
frame-ancestors 'self' http://www.sunsilk.co.id unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
object-src 'none'; frame-ancestors 'self'; report-uri http://umassfive.coop/report-uri/enforce 1
font-src * data: blob: 'unsafe-inline'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-zK/iBwS7kMRFp+d9CDjL4MtPQ4+lCg+bggmZ3d51KdGnmLod' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io; img-src 'self' data: https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io *.google-analytics.com images.ctfassets.net cdn.contentful.com *.cloudfront.net maps.gstatic.com; frame-src *.hotjar.com *.youtube.com 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com graphql.contentful.com *.54proxy.com *.sentry.io *.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.kundo.se *.cookielaw.org *.onetrust.com * https://configurator-prod.dahl.se; worker-src 'self' blob: https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com; style-src 'self' 'unsafe-inline' https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io; font-src 'self' https: fonts.googleapis.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com graphql.contentful.com *.54proxy.com *.sentry.io *.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.kundo.se *.cookielaw.org *.onetrust.com *; script-src-elem 'self' 'unsafe-inline' https: 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com graphql.contentful.com *.54proxy.com *.sentry.io *.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.kundo.se *.cookielaw.org *.onetrust.com *; connect-src ws: *.pusher.com *.hotjar.com *.hotjar.io 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io cdn.contentful.com graphql.contentful.com *.54proxy.com *.sentry.io *.sentry-cdn.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.gstatic.com stats.g.doubleclick.net *.kundo.se *.cookielaw.org *.onetrust.com *; form-action 'self' *; frame-ancestors 'none'; object-src 'none'; base-uri 'self' *.dahl.se *.konradssons.com *.optimera.se *.sgds.io 1
base-uri 'self'; form-action 'self'; object-src 'self'; frame-ancestors 'self' www.google-analytics.com www.youtube.com; connect-src 'self' *.canarie.ca px.ads.linkedin.com www.google-analytics.com maps.googleapis.com analytics.google.com *.hotjar.com stats.g.doubleclick.net www.google.ca 1
default-src blob: data: wss: https: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*; object-src 'self' 1
default-src 'self' https://maps.googleapis.com https://client.crisp.chat wss://client.relay.crisp.chat https://googleads.g.doubleclick.net wss://*.tawk.to https://*.clarity.ms https://c.bing.com  https://va.tawk.to https://stats.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com https://vc.hotjar.io https://in.hotjar.com https://inetchat.zoner.com https://www.facebook.com https://www.sandbox.paypal.com  https://www.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://c.seznam.cz/ https://*.crisp.chat https://*.googletagmanager.com https://*.clarity.ms https://pay.google.com https://unpkg.com https://wchat.eu.freshchat.com https://cdn.jsdelivr.net https://embed.tawk.to https://e.infogr.am/ https://c.imedia.cz https://seal.digicert.com https://script.hotjar.com  https://static.hotjar.com https://inetchat.zoner.com https://tagmanager.google.com https://www.paypal.com https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://livehelp.zonercloud.cz https://ssl.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' data: https://maps.gstatic.com  https://*.google-analytics.com https://*.crisp.chat https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.cz https://*.clarity.ms https://c.bing.com https://www.sslmarket.it/ https://www.sslmarket.cz/ https://www.sslmarket.sk/ https://www.sslmarket.hu/ https://www.sslmarket.de/ https://www.sslmarket.at/ https://www.sslmarket.ch/ https://www.sslmarket.co.uk/ https://www.sslmarket.com/ https://www.sslmarket.fr/ https://www.sslmarket.es/ https://embed.tawk.to https://c.seznam.cz https://c.imedia.cz https://seal.digicert.com  https://inetchat.zoner.com/ https://ssl.gstatic.com https://www.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.cz https://www.google.com https://stats.g.doubleclick.net https://livehelp.zonercloud.cz https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://*.crisp.chat https://wchat.eu.freshchat.com https://embed.tawk.to https://tagmanager.google.com https://www.gstatic.com https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://*.crisp.chat https://embed.tawk.to https://fonts.gstatic.com https://themes.googleusercontent.com; frame-src https://td.doubleclick.net/ https://*.crisp.chat https://www.google.com https://ndm.monetplus.cz https://iplatebnibrana.csob.cz https://platebnibrana.csob.cz https://pay.google.com/ https://*.freshchat.com https://pastebin.com/ https://player.vimeo.com/ https://seal.digicert.com https://e.infogram.com/ https://e.infogr.am/ https://controlcenter.sslmarket.sk https://controlcenter.sslmarket.hu https://controlcenter.sslmarket.de https://controlcenter.sslmarket.at  https://controlcenter.sslmarket.co.uk https://controlcenter.sslmarket.ru https://controlcenter.sslmarket.jp https://controlcenter.sslmarket.ch https://controlcenter.sslmarket.com https://controlcenter.sslmarket.fr https://controlcenter.sslmarket.es https://controlcenter.sslmarket.ae  https://vars.hotjar.com https://inetchat.zoner.com/ https://www.sandbox.paypal.com https://www.paypal.com https://livehelp.zonercloud.cz https://www.youtube.com https://controlcenter.sslmarket.cz https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.Dcom; object-src https://seal.digicert.com/; frame-ancestors 'self'; 1
frame-ancestors 'self' *.isubscribe.com.au *.isubscribe.co.nz; 1
default-src 'self'; frame-ancestors 'self'; frame-src * ; media-src *; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' flickr.com accounts.google.com optimize.google.com platform.twitter.com *.cookielaw.org cdn.cookielaw.org www.dev-com.repsol.com  www.repsol.com www.dev-net.repsol.com *.google-analytics.com *.analytics.google.com maps.googleapis.com www.google-analytics.com cdns.eu1.gigya.com consent.cookiebot.com www.googleadservices.com googleads.g.doubleclick.net cdn.krxd.net connect.facebook.net consentcdn.cookiebot.com assets.adobedtm.com www.googletagmanager.com www.youtube.com apis.google.com www.google.com www.recaptcha.net www.gstatic.com static.hotjar.com www.static.hotjar.com script.hotjar.com www.script.hotjar.com  ; style-src * 'unsafe-inline'; font-src * blob: data:; connect-src *; worker-src * data: 'unsafe-eval' 'unsafe-inline' blob:; child-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 1
report-uri https://pulse.tinkoff.ru/api/front/log/csp-error; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; font-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data: 'self' data:  https://static.tinkoff.ru https://www.cdn-tinkoff.ru; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru; img-src 'self' data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru https://opis-cdn.tinkoffjournal.ru/ *.bcs.ru https://bcs-express.ru *.tradingview.com 1prime.ru *.1prime.ru https://invest-idei.ru *.fullstory.com fullstory.com https://img-cdn.tinkoffjournal.ru https://www.cdn-tinkoff.ru https://cdn-tinkoff.ru https://leonardo.osnova.io/ https://*.leonardo.osnova.io/ https://static-cdn.tinkoffjournal.ru https://cdn.rns.online https://invest-wmadm-feed-bucket.cdn-tinkoff.ru https://www.googletagmanager.com https://cdn.vdmsti.ru https://eninvs.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru blob: https://fullstory.com; frame-src 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru https://broker.ru https://www.youtube.com https://datawrapper.dwcdn.net https://flo.uri.sh https://music.yandex.ru; connect-src 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru wss://*.tinkoff.ru wss://*.tcsbank.ru https://rs.fullstory.com wss://api-invest.tinkoff.ru https://api.amplitude.com/ https://geocode-maps.yandex.ru/ https://music.yandex.ru cfg.tinkoff.ru acdn.tinkoff.ru pulse.tinkoff.ru adm.tinkoff.ru imgproxy.cdn-tinkoff.ru www.cdn-tinkoff.ru fallback.cdn-tinkoff.ru 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: *.gstatic.com *.alicdn.com code.jquery.com *.facebook.com www.google.com.mx mcap.com *.googleapis.com www.google-analytics.com *.www.googletagmanager.com cdn.honey.io www.youtube.com *.facebook.net www.google.com *.doubleclick.net region1.analytics.google.com youtube.com www.google.ca img.youtube.com myhome.mcap.com cdn.jsdelivr.net *.www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.region1.analytics.google.com translate.google.com www.google.com.au analytics.google.com browser-update.org www.google.co.uk; frame-ancestors 'self' www.mamaison.mcap.com www.mcap.com www.myhome.mcap.com ;  1
default-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'; frame-ancestors 'none'; frame-src 'none'; form-action 'self'; manifest-src 'self'; img-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; media-src 'self' blob: data: https://furrycdn.org https://ext.furrycdn.org; block-all-mixed-content 1
default-src 'none'; connect-src 'self'; form-action 'self'; img-src 'self' https://www.greenshift.co https://www.greenshift.eu data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-4I8EUKedc9MOdOYXtvHdLvkRWnWkgX/NJRMnd+7n3ccjM4yz' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.clarity.ms https://connect.facebook.net https://ajax.googleapis.com https://analytics.kaltura.com https://api.peer5.com https://bat.bing.com https://cdnapisec.kaltura.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://players.brightcove.net https://s7.addthis.com https://secure.perk0mean.com https://static.cloud.coveo.com  https://platform.cloud.coveo.com https://tag.demandbase.com https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com players.brightcove.net vjs.zencdn.net https://*.sharethis.com https://snap.licdn.com http://contentz.mkt941.com https://sc.pages04.net; img-src 'self' https: blob: data: https://adservice.google.com https://*.analytics.google.com; object-src https://fonts.gstatic.com https://players.brightcove.net; connect-src https://*.clarity.ms https://*.cookiepro.com https://*.onetrust.com https://px.ads.linkedin.com https://platform.cloud.coveo.com https://*.sharethis.com https://*.googlesyndication.com https://*.google.com https://google.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com adservice.google.com 'self' *.boltdns.net https://*.brightcove.net https://*.brightcove.com https://edge.api.brightcove.com *.akamaihd.net https://bcp.crwdcntrl.net https://www.facebook.com https://*.facebook.net https://segments.company-target.com; style-src 'self' 'unsafe-inline' players.brightcove.net https://fonts.googleapis.com https://fonts.gstatic.com https://static.cloud.coveo.com; font-src https://staticdev.cloud.coveo.com https://static.cloud.coveo.com https://fonts.gstatic.com 'self' data: players.brightcove.net; base-uri 'self'; worker-src blob:; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.akamaihd.net *.cf.brightcove.com; child-src 'self' https://cookie-cdn.cookiepro.com https://players.brightcove.net https://platform.cloud.coveo.com https://www.google.com; frame-src https://cms.slb.com https://*.sharethis.com https://*.google.com https://*.analytics.google.com https://td.doubleclick.net https://www.arcgis.com https://www.facebook.com https://adservice.google.com https://players.brightcove.net https://cdnapisec.kaltura.com; 1
default-src 'self' *.applicationinsights.azure.com *.paypal.com *.sharethis.com https://play.google.com/billing https://www.facebook.com/pay;script-src 'self' 'unsafe-inline' https://code.jquery.com https://cdn.jsdelivr.net https://js.monitor.azure.com *.applicationinsights.azure.com *.paypal.com https://*.paypalobjects.com https://paypalobjects.com *.sharethis.com https://unpkg.com;script-src-attr 'unsafe-inline';img-src 'self' * data:;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline' 1
upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self' https://*.brandmuscle.com https://brandmuscle.pathfactory.com; object-src 'self'; base-uri 'self'; 1
default-src 'self' bookwyrm-social.sfo3.digitaloceanspaces.com; script-src 'self' bookwyrm-social.sfo3.digitaloceanspaces.com 'nonce-ZClaUKHaDFoR2/ygW7LvzQ==' 1
frame-ancestors 'self' snowpeakstore.co.kr *.snowpeakstore.co.kr 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-yC9tPm3HYG8/NLPfQDp6dWk1qBhPClt9Ky8WKB31il3rwnC/' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-src 'self' *.google.de google.de *.google.com google.com bi-demo.mip.co.za *.youtube.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-QQEkngIkbrclMiYiZLHfLoAI1' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://flex.twilio.com; 1
frame-ancestors 'self' *.k9ti.net https://k9ti.net; 1
default-src 'self'; connect-src https://*.logitech.io 'self'; img-src 'self'; font-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
base-uri 'self'; default-src 'self' 'nonce-73347a1e3e2f1b2aa4d418542fb6cffb' https://cdn.shopify.com https://shopify.com; frame-ancestors https://app.contentful.com none; style-src 'self' http://localhost:8180 https://unpkg.com/@shopify/polaris@12.0.0/build/esm/styles.css 'unsafe-inline' https://cdn.shopify.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net 'self' 'unsafe-inline' https://cdn.shopify.com; connect-src 'self' ws://localhost:8002/socket wss://ws.hotjar.com https://www.google-analytics.com https://analytics.google.com https://monorail-edge.shopifysvc.com https://pagead2.googlesyndication.com https://hubspot-forms-static-embed.s3.amazonaws.com js.hscta.net facebook.com google.com google.ca *.facebook.com *.google.com *.google.ca *.g.doubleclick.net *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.net *.hsforms.com *.mapbox.com *.hotjar.com *.hotjar.io *.sentry.io 'self' https://monorail-edge.shopifysvc.com; img-src 'self' https://images.ctfassets.net https://imagedelivery.net https://cdn.shopify.com https://www.googletagmanager.com facebook.com google.ca google.com *.facebook.com *.google.com *.google.ca cdn2.hubspot.net no-cache.hubspot.com js.hscta.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.com *.hubspot.net *.hsforms.net *.hsforms.com *.hsappstatic.net data: localhost:*; media-src 'self' https://videos.ctfassets.net https://cdn.shopify.com facebook.com google.ca google.com *.facebook.com *.google.ca *.google.com; script-src 'self' 'strict-dynamic' https://cdn.shopify.com *.mapbox.com 'nonce-73347a1e3e2f1b2aa4d418542fb6cffb'; frame-src 'self' https://fast.wistia.net https://td.doubleclick.net https://player.vimeo.com play.hubspotvideo.com youtube.com facebook.com google.com google.ca *.youtube.com *.facebook.com *.google.com *.google.ca *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.net *.hsforms.com *.mapbox.com; child-src *.hsforms.com; worker-src blob: 1
block-all-mixed-content; default-src 'self'; base-uri 'self'; form-action 'self' flightbookings.airnewzealand.co.kr flightbookings.airnewzealand.kr flightbookings.airnewzealand.ca flightbookings.airnewzealand.cn flightbookings.airnewzealand.co.nz flightbookings.airnewzealand.co.uk flightbookings.airnewzealand.com.au flightbookings.airnewzealand.com.hk flightbookings.airnewzealand.com.sg flightbookings.airnewzealand.com.tw flightbookings.airnewzealand.com flightbookings.airnewzealand.de flightbookings.airnewzealand.eu flightbookings.airnewzealand.fr flightbookings.airnewzealand.hk flightbookings.airnewzealand.jp flightbookings.airnewzealand.pf flightbookings.airnewzealand.tw  flightbookings.airnewzealand.com.cn flightbookings.grabaseat.co.nz  flightbookings.airnewzealand.co.jp identity.airnewzealand.com au-connect.authsignal.com auth.identity.airnewzealand.com auth.identity.qual.airnewzealand.com auth.airnewzealand.co.nz auth.airnewzealand.com.sg; script-src 'self' p-airnz.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com player.vimeo.com www.youtube.com s.ytimg.com s.wayin.com xd.wayin.com s.engagesciences.com display.engagesciences.com *.demdex.net www.google-analytics.com analytics.google.com tagmanager.google.com www.googletagmanager.com *.doubleclick.net www.googleadservices.com www.google.com cdn-assets-prod.s3.amazonaws.com *.optimizely.com optimizely-hrd.appspot.com optimizely.s3.amazonaws.com s.swiftypecdn.com upgrade.plusgrade.com nebula-cdn.kampyle.com screencapture.kampyle.com screencaptue-cdn.kampyle.com static.hotjar.com script.hotjar.com yourir.info ssl.google-analytics.com auth.airnewzealand.co.nz auth.airnewzealand.com.sg cdnjs.cloudflare.com https://widget.timatic.iata.org/scripts/iata-timatic-widget-live.js *.linkedin.com *.licdn.com oc-cdn-public-oce.azureedge.net; style-src 'unsafe-inline' p-airnz.com fonts.googleapis.com tagmanager.google.com s.swiftypecdn.com upgrade-cdn-prd.plusgrade.com static.hotjar.com script.hotjar.com yourir.info 'self' oc-cdn-public-oce.azureedge.net; img-src https: data: static.hotjar.com script.hotjar.com *.linkedin.com *.licdn.com; font-src p-airnz.com fonts.googleapis.com fonts.gstatic.com dhm5hy2vn8l0l.cloudfront.net script.hotjar.com 'self' data:; media-src 'self' p-airnz.com video.cdnvue.com ; frame-src 'self' *.google.com www.airnewzealand-hk.com/ auth.identity.airnewzealand.com player.youku.com v.qq.com player.vimeo.com www.youtube.com nz.fltmaps.com airnz.wufoo.com xd.wayin.com display.engagesciences.com *.demdex.net *.doubleclick.net www.googletagmanager.com *.cdn-pci.optimizely.com nebula-cdn.kampyle.com vars.hotjar.com forms.cd.airnewzealand.co.nz www.airnewzealand.co.nz/airpoints-account/payments/scripts/done.html www.airnewzealand.co.nz/payment/scripts/done.html sec.windcave.com uat.windcave.com oc-cdn-public-oce.azureedge.net; connect-src 'self' api.airnz.io api.airnz.ai *.googleapis.com *.google.com *.gstatic.com auth.airnewzealand.co.nz auth.airnewzealand.com.sg identity.airnewzealand.com *.demdex.net *.tt.omtrdc.net www.google-analytics.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net adservice.google.com *.optimizely.com s.swiftypecdn.com search-api.swiftype.com *.kampyle.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.sentry.io yourir.info https://widget.timatic.iata.org/api/ *.linkedin.com *.licdn.com cdn.linkedin.oribi.io sec.windcave.com uat.windcave.com; object-src 'none'; frame-ancestors 'none'; report-uri /csp-report 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-V9oPscVJPr0duercRLsbozDAIlkvvwwYn9oA0j+UaaX7v19l' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.googlesyndication.com;child-src 'self';connect-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.akamaihd.net https://*.doubleclick.net https://*.effectivemeasure.net https://*.google.com https://*.googlesyndication.com https://*.gstatic.com https://*.imrworldwide.com https://*.optimizely.com https://*.wearehearken.eu https://cdn.privacy-mgmt.com https://cognito-identity.eu-west-1.amazonaws.com https://dataplane.rum.eu-west-1.amazonaws.com https://sts.eu-west-1.amazonaws.com https://ws.bbc-reporting-api.app;font-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com data: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://fonts.gstatic.com;frame-src 'self' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.chartbeat.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.googlesyndication.com https://*.twitter.com https://bbc-maps.carto.com https://bbc.com https://cdn.privacy-mgmt.com https://chartbeat.com https://edigitalsurvey.com https://flo.uri.sh https://public.flourish.studio https://www.instagram.com https://www.riddle.com https://www.tiktok.com https://www.youtube-nocookie.com https://www.youtube.com;img-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com data: 'self' https://*.adsafeprotected.com https://*.cdninstagram.com https://*.doubleclick.net https://*.effectivemeasure.net https://*.google.com https://*.googlesyndication.com https://*.googleusercontent.com https://*.gstatic.com https://*.imrworldwide.com https://*.tiktokcdn.com https://*.twimg.com https://*.twitter.com https://*.xx.fbcdn.net https://i.ytimg.com https://ping.chartbeat.net https://sb.scorecardresearch.com;script-src 'self' 'unsafe-inline' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.adsafeprotected.com https://*.chartbeat.com https://*.effectivemeasure.net https://*.facebook.com https://*.g.doubleclick.net https://*.google.ae https://*.google.at https://*.google.az https://*.google.be https://*.google.ca https://*.google.ch https://*.google.cl https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.kr https://*.google.co.nz https://*.google.co.tz https://*.google.co.ve https://*.google.com https://*.google.com.af https://*.google.com.ar https://*.google.com.au https://*.google.com.bo https://*.google.com.br https://*.google.com.co https://*.google.com.cy https://*.google.com.ec https://*.google.com.eg https://*.google.com.gt https://*.google.com.hk https://*.google.com.kh https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.pe https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.ro https://*.google.com.sa https://*.google.com.sg https://*.google.com.sv https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.ge https://*.google.hn https://*.google.ie https://*.google.iq https://*.google.it https://*.google.jo https://*.google.kz https://*.google.lk https://*.google.lv https://*.google.nl https://*.google.no https://*.google.pl https://*.google.ru https://*.google.se https://*.google.so https://*.googlesyndication.com https://*.imrworldwide.com https://*.permutive.com https://*.twimg.com https://*.twitter.com https://*.wearehearken.eu https://*.webcontentassessor.com https://*.xx.fbcdn.net https://adservice.google.co.uk https://bbc.gscontxt.net https://cdn.ampproject.org https://cdn.privacy-mgmt.com https://connect.facebook.net https://lf16-tiktok-web.ttwstatic.com https://public.flourish.studio https://sb.scorecardresearch.com https://www.googletagservices.com https://www.instagram.com https://www.riddle.com https://www.tiktok.com;style-src 'unsafe-inline' *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com https://*.twimg.com https://*.twitter.com https://*.xx.fbcdn.net https://fonts.googleapis.com https://lf16-tiktok-web.ttwstatic.com;media-src *.bbc.co.uk *.bbc.com *.bbci.co.uk *.bbci.com;worker-src blob: 'self' *.bbc.co.uk *.bbc.com;report-to worldsvc;upgrade-insecure-requests 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-NU27SavCicFF9SDu/DFSww==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self'; 		connect-src 'self' https://*.cookiebot.com/ https://*.doubleclick.net https://*.google-analytics.com/ https://*.hcaptcha.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://api.userlike.com/ wss://umd.userlike.com/umd/; 		font-src 'self' https://fonts.gstatic.com/ https://userlike-cdn-umm.b-cdn.net/; 		frame-src 'self' https://*.cookiebot.com/ https://*.hcaptcha.com/ https://saparena.de/ https://*.youtube.com/; 		img-src 'self' data: https://*.google.com/ https://*.google.de/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://saparena.de/ https://i.ytimg.com/ https://userlike-cdn-operators.userlike.com/; 		script-src 'self' 'unsafe-eval' 'unsafe-inline' https://s3.amazonaws.com/downloads.mailchimp.com/ https://*.cookiebot.com/ https://*.google-analytics.com/ https://*.googletagmanager.com/ https://*.hcaptcha.com/ https://*.list-manage.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-umm.b-cdn.net/; 		style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-aP9Ia8pKnI3FMZs1COeAP9WE4RLmlyXGdJBk6CaV5jgvuNRH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-08vZ8PBuQDe+/WYcL5r9aHSp6fV/EhLWTGH4J6QYHyafjdiR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://*.webintegrity.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-gO1MGy9K2cXboqxBjoyb5LOSymGPeIEqgydOmgDwhJMC5hFY' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://app.storyblok.com/; 1
font-src https://floofy.tech https://cdn.floofy.tech 1
frame-ancestors 'self' https://gameloader.marsbahis.com 1
default-src 'self' blob: data: *.wistia.com fonts.googleapis.com fonts.gstatic.com fonts.bunny.net; 	connect-src 'self' wss: westlandinsurance.my.site.com westlandinsurance.force.com *.googlesyndication.com *.helpscout.net *.cloudfront.net *.wistia.com wpmudev.com *.googleapis.com yoast.com *.visualwebsiteoptimizer.com app.vwo.com www.google-analytics.com api.hubapi.com *.hotjar.com *.hotjar.io analytics.google.com stats.g.doubleclick.net; 	style-src 'self' 'unsafe-inline' service.force.com westlandinsurance.my.site.com westlandinsurance.force.com fonts.bunny.net *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com fonts.googleapis.com; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: blob: westlandinsurance.my.salesforce.com westlandinsurance.lightning.force.com westlandinsurance--c.vf.force.com westlandinsurance--c.visualforce.com cdn.jsdelivr.net *.visualwebsiteoptimizer.com app.vwo.com *.googletagmanager.com code.jquery.com js.hs-analytics.net www.googleoptimize.com googleads.g.doubleclick.net www.google-analytics.com static.hotjar.com js.hs-scripts.com js.hs-banner.com js.hsadspixel.net script.hotjar.com; 	img-src 'self' data: i.ytimg.com/vi/Ky4i2kC8bQM/mqdefault.jpg westlandinsurance.my.salesforce.com westlandinsurance.lightning.force.com westlandinsurance--c.vf.force.com westlandinsurance--c.visualforce.com *.doubleclick.net *.wistia.com wp-rocket.me *.paypalobjects.com *.paypal.com *.twitter.com *.wpmudev.org servmask.com gravityflow.io *.w.org *.google-analytics.com *.gstatic.com wpmudev.com s.w.org *.visualwebsiteoptimizer.com *.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.google.com www.google.ca track.hubspot.com *.googletagmanager.com secure.gravatar.com; 	worker-src 'self' blob:; 	frame-src 'self'  www.youtube-nocookie.com service.force.com *.doubleclick.net *.moneris.com wp-rocket.me *.facebook.com *.twitter.com *.youtube.com *.google.com app.vwo.com *.visualwebsiteoptimizer.com *.fls.doubleclick.net; 1
frame-ancestors 'self' chrome-extension://hfdhpmpfpcnbboppkkkblilhbloejijj https://backit.me 1
script-src 'self'; 1
base-uri 'none'; font-src 'self' blob: data: https://assets.vercel.com https://vercel.live/ *.abtasty.com *.gstatic.com *.googleapis.com; form-action 'self'; frame-ancestors 'self' localhost:* https://mkt-website-studio.tgtg.ninja/; img-src 'self' data: blob: https://vercel.com https://vercel.live/ https://sockjs-mt1.pusher.com/ https://cdn.sanity.io https://images.tgtg.ninja https://i.vimeocdn.com https://apptoogoodtogo.com https://dashboard.feedbucket.app https://www.googletagmanager.com https://*.ytimg.com https://*.googletagmanager.com https://*.abtasty.com https://*.hotjar.com https://*.bing.com https://bat.bing.com https://*.doubleclick.net https://*.linkedin.com https://*.facebook.com https://*.google.com https://*.amazonaws.com https://*.google.es; object-src 'none'; script-src-attr 'self' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; script-src 'strict-dynamic' 'nonce-UjXT4Y02GUFNdw3dV9XmUg==' 'self' https: 'unsafe-inline'; upgrade-insecure-requests; frame-src 'self' https://vercel.com https://vercel.live/ https://player.vimeo.com www.youtube.com policy.app.cookieinformation.com *.hotjar.com https://*.doubleclick.net; 1
default-src 'self' https://sse.remotedesk.me https://*.verificient.com 'nonce-2la5HSAK23QygcrD'; style-src 'self' fonts.googleapis.com 'unsafe-inline' https://*.bootstrapcdn.com https://*.freshchat.com/ https://cdnjs.cloudflare.com/ https://unpkg.com https://cdn.freshbots.ai/assets/ https://remotedeskstatic.storage.googleapis.com/ https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/; object-src 'none'; font-src 'self' fonts.gstatic.com https://remotedeskstatic.storage.googleapis.com/ https://cdnjs.cloudflare.com/ https://*.bootstrapcdn.com https://cdnjs.cloudflare.com/ https://remotedeskstatic.storage.googleapis.com/ https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/; media-src 'self' https://storage.googleapis.com/ https://*.amazonaws.com/ https://*.storage.googleapis.com/ https://remotedesk-protected.verificient.com/; frame-src 'self' https://www.google.com https://*.firebaseio.com/; img-src https://www.google-analytics.com/ https://img.icons8.com https://cdn.freshbots.ai/assets/ 'self' https://*.bootstrapcdn.com https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/ https://storage.googleapis.com/ https://*.storage.googleapis.com/ https://*.amazonaws.com/ https://tracking.leadlander.com/ https://remotedeskstatic.storage.googleapis.com/ https://remotedesk-protected.verificient.com/; script-src 'self' 'unsafe-eval' https://cdn.ywxi.net/ https://formalyzer.com/ https://t.sf14g.com/ https://www.google-analytics.com/ https://*.bootstrapcdn.com https://img.icons8.com https://www.google.com https://www.gstatic.com https://cdn.freshbots.ai/assets/share/js/freshbots.min.js https://www.freshbots.ai/customer/v3/combined-init/ http://stats.pusher.com/timeline/v2/jsonp/1 https://js.stripe.com/v3/ https://cdnjs.cloudflare.com/ajax/ https://*.firebaseio.com/ https://remotedeskstatic.storage.googleapis.com/ https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/; connect-src 'self' https://*.googleapis.com https://sse.remotedesk.me https://app.verificient.com https://app.verificient.com:54545 https://*.verificient.com https://www.google-analytics.com https://www.freshbots.ai/ticket/ https://www.freshbots.ai/customer/ https://www.google-analytics.com/ https://rts-us.freshworksapi.com/ wss://rts-us.freshworksapi.com/ wss://ws-mt1.pusher.com/ https://cdn.freshbots.ai/ https://www.googleapis.com/identitytoolkit/ https://*.firebaseio.com/ wss://*.firebaseio.com/ https://securetoken.googleapis.com/v1/ https://remotedeskstatic.storage.googleapis.com/ https://remotedeskstatic.oss-cn-beijing.aliyuncs.com/ wss://sse.remotedesk.me/ws/ 1
frame-ancestors *.coupa.com *.ariba.com *.sciquest.com *.punchout2go.com *.tradecentric.com https://portal.tradecentric.com https://portal.punchout2go.com https://stage-portal.punchout2go.com https://dev-portal.punchout2go.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-TnYCgk8zSS9P36W1zx+Hvcl223+yBnQKoSml4ocbqzBXDJIB' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://api-test.pg.com https://api.pg.com https://cdn.incentives.gcp.pgcloud.com *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; media-src https://videos.ctfassets.net feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: https: blob: *.pricespider.com ; script-src * data: *.pricespider.com blob: 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
frame-ancestors 'self' *.gulliversfun.co.uk 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles ncs.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com *.yotpo.com beacon.searchspring.io 6dssd5.a.searchspring.io *.acsbapp.com; default-src 'self' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' ncs.commercev3.com s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com staticw2.yotpo.com mediacdn.espssl.com acsbapp.com data:; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com p.yotpo.com seal-westernmichigan.bbb.org d3cgm8py10hi0z.cloudfront.net 6dssd5.a.searchspring.io mediacdn.espssl.com cdn-yotpo-images-production.yotpo.com www.gstatic.com/images/ cdn.searchspring.net *.acsbapp.com s3.amazonaws.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com services.listrak.com staticw2.yotpo.com cdn.searchspring.net seal-westernmichigan.bbb.org www.intellisuggest.com acsbapp.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com services.listrak.com staticw2.yotpo.com cdn.searchspring.net seal-westernmichigan.bbb.org www.intellisuggest.com acsbapp.com; style-src 'self' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net seal-blue.bbb.org staticw2.yotpo.com mediacdn.espssl.com; style-src-elem 'self' s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net seal-blue.bbb.org staticw2.yotpo.com mediacdn.espssl.com; style-src-attr  'unsafe-inline'; media-src 'self' ncs.commercev3.com s3.amazonaws.com/cdn.naturalcandystore.com/ cdn.commercev3.net/cdn.naturalcandystore.com/ cdn.naturalcandystore.com www.bing.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-qWgbqMehPa5laZAiflMoZceOpoAXz17GPP8g0TraazWa9YgX' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://mastertag.kpcustomer.de *.netcologne.de:* https://bat.bing.com https://connect.facebook.net www.googletagmanager.com:* www.google-analytics.com:* https://partners.webmasterplan.com www.google.de:* https://optimize.google.com https://fonts.googleapis.com https://fonts.gstatic.com https://seal.thawte.com https://www.googleadservices.com https://*.exactag.com *.google.com:* https://*.gstatic.com *.googleapis.com:* https://www.kabelkiosk.de https://*.deepthought.online https://cdn.jsdelivr.net https://wt1.rqtrk.eu https://api.aklamio.com https://googleads.g.doubleclick.net https://config1.veinteractive.com https://netcologne.lamapoll.de https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.surveymonkey.com https://walls.io https://r.df-srv.de https://static.hotjar.com:* https://script.hotjar.com:* https://*.ad4m.at https://ad4m.at https://*.usemaxserver.de https://*.awin1.com https://*.dwin1.com https://zenaps.com https://sciencebehindecommerce.com https://*.criteo.net https://*.criteo.com https://tracking.m6r.eu https://www.youtube.com https://*.ytimg.com https://www.etermin.net https://the.sciencebehindecommerce.com https://www.lacmp.net https://analytics.aklamio.com https://*.adsrvr.org https://adsrvr.org https://t.contentsquare.net https://www.clarity.ms; 1
default-src 'self' https://www.google.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk wss://*.tawk.to https://asset.gomoxie.solutions https://location.uk.gomoxie.solutions https://hn.inspectlet.com wss://ws.inspectlet.com https://*.typekit.net https://app.powerbi.com https://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://events-love2shopdigital.uk.gomoxie.solutions https://parkretail.ehosts.net https://connector-love2shoprewards.uk.gomoxie.solutions https://*.uk.gomoxie.solutions https://ka-f.fontawesome.com https://cdn.jsdelivr.net https://www.be2b.co.uk https://simplythankyou-co-uk-1.domo.com; frame-src 'self' https://*.google.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://services.postcodeanywhere.co.uk https://*.hotjar.com https://*.hotjar.io https://*.tawk.to https://*.simplythankyou.co.uk http://*.simplythankyou.co.uk wss://*.tawk.to https://asset.gomoxie.solutions https://hn.inspectlet.com wss://ws.inspectlet.com https://*.typekit.net https://app.powerbi.com https://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://events-love2shopdigital.uk.gomoxie.solutions https://parkretail.ehosts.net https://parkretailsurvey.ehosts.net https://simplythankyou-co-uk-1.domo.com https://embed.domo.com https://public.domo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://client.simplythankyou.co.uk http://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://www.google.com https://www.gstatic.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.google-analytics.com https://storage.googleapis.com https://*.pcapredict.com https://services.postcodeanywhere.co.uk https://www.snapengage.com https://asset.gomoxie.solutions https://*.hotjar.com https://cdn.plot.ly https://embed.tawk.to https://cdn.inspectlet.com https://code.jquery.com https://cdnjs.cloudflare.com https://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://d3js.org/d3.v3.min.js https://www.googletagmanager.com https://www.clarity.ms https://m.clarity.ms https://unpkg.com/ https://kit.fontawesome.com https://ajax.cloudflare.com https://platform-api.sharethis.com https://l.sharethis.com https://buttons-config.sharethis.com https://connect.facebook.net https://simplythankyou-co-uk-1.domo.com https://embed.domo.com https://cdndomo.com; style-src 'self' 'unsafe-inline' https://client.simplythankyou.co.uk http://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.tawk.to https://asset.gomoxie.solutions https://cdn.rawgit.com https://*.typekit.net https://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://www.onecode.co.uk http://www.onecode.co.uk http://www.love2shoprewards.co.uk https://cdn.jsdelivr.net; img-src 'self' data: https://simplythankyou-co-uk-1.domo.com https://ssl.google-analytics.com https://www.google-analytics.com https://fonts.gstatic.com https://www.snapengage.com https://client.simplythankyou.co.uk http://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://www.love2shoprewards.co.uk https://hn.inspectlet.com https://services.postcodeanywhere.co.uk http://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://media.4rgos.it https://api.iconify.design https://www.simplythankyou-corporate.com https://insiem.co.uk https://www.cramptonandmoore.co.uk https://moxie-concierge.s3.amazonaws.com https://asset.gomoxie.solutions https://embed.tawk.to https://www.appliancesdirect.co.uk https://furniture123.co.uk https://www.laptopsdirect.co.uk https://www.aircondirect.co.uk https://www.serversdirect.co.uk https://www.betterbathrooms.com https://c.clarity.ms https://c.bing.com https://stats.g.doubleclick.net https://*.google.com https://*.google.co.uk https://sty-corporate.fra1.cdn.digitaloceanspaces.com https://sty-corporate.fra1.digitaloceanspaces.com https://perscent.imgix.net https://platform-cdn.sharethis.com https://brain-images-ssl.cdn.dixons.com https://www.be2b.co.uk https://be2b.co.uk https://www.googletagmanager.com; media-src 'self' https://www.simplythankyou-corporate.com https://client.simplythankyou.co.uk http://client.simplythankyou.co.uk https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://*.tawk.to https://evolveuk-media.s3.eu-west-2.amazonaws.com https://www.love2shoprewards.co.uk http://www.love2shoprewards.co.uk https://www.l2sdigital.co.uk https://www.love2shopdigital.co.uk https://asset.gomoxie.solutions https://sty-corporate.fra1.cdn.digitaloceanspaces.com; connect-src 'self' https://asset.gomoxie.solutions https://*.uk.gomoxie.solutions https://connector-love2shoprewards.uk.gomoxie.solutions https://client.simplythankyou.co.uk http://client.simplythankyou.co.uk https://admin.simplythankyou-corporate.com https://uat.simplythankyou.co.uk https://www.simplythankyou.co.uk https://media.simplythankyou.co.uk https://www.love2shoprewards.co.uk https://www.love2shopdigital.co.uk https://love2shoprewards.co.uk https://love2shopdigital.co.uk https://in.hotjar.com/ https://vc.hotjar.com/ https://services.postcodeanywhere.co.uk https://*.static-v.tawk.to wss://*.tawk.to https://c.clarity.ms https://www.clarity.ms https://*.google-analytics.com https://www.google-analytics.com https://stats.g.doubleclick.net https://m.clarity.ms https://zerobounce1.p.rapidapi.com https://api.zerobounce.net https://ka-f.fontawesome.com https://l.sharethis.com https://region1.anaLytics.google.com https://data.stbuttons.click https://api.domo.com https://webhooks.integrately.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com player.vimeo.com platform.twitter.com qvdt3feo.com cdn.mxpnl.com storage.googleapis.com kit.fontawesome.com ka-f.fontawesome.com static.addtoany.com maps.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com fast.wistia.com www.youtube.com beacon-v2.helpscout.net use.fontawesome.com www.google-analytics.com google.com www.google.com www.gstatic.com snap.licdn.com tags.srv.stackadapt.com c1.rfihub.net login-ds.dotomi.com login.dotomi.com live.rezync.com googleads.g.doubleclick.net cdn.jsdelivr.net use.typekit.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hscollectedforms.net cdn.iubenda.com www.iubenda.com; font-src 'self' 'unsafe-inline' ka-f.fontawesome.com use.fontawesome.com fast.wistia.com fonts.gstatic.com use.typekit.net ka-p.fontawesome.com data:  www.exelixis.com s0.wp.com cdn.jsdelivr.net; style-src 'self' 'unsafe-inline' tags.srv.stackadapt.com code.jquery.com rgsharedweb.s3.amazonaws.com fonts.googleapis.com ka-p.fontawesome.com use.fontawesome.com p.typekit.net use.typekit.net www.iubenda.com cdn.jsdelivr.net; frame-src td.doubleclick.net static.addtoany.com wp-rocket.me tools.akismet.com careers.peopleclick.com exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com player.vimeo.com youtube.com www.youtube.com 20839650p.rfihub.com 20824683p.rfihub.com a.rfihub.com rfihub.com live.rezync.com google.com www.google.com; img-src * data:; connect-src 'self' 'unsafe-inline' px.ads.linkedin.com static.addtoany.com region1.analytics.google.com analytics.google.com exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com pagead2.googlesyndication.com storage.googleapis.com www.googletagmanager.com  googletagmanager.com d3hb14vkzrxvla.cloudfront.net beaconapi.helpscout.net ka-f.fontawesome.com pipedream.wistia.com fast.wistia.com distillery.wistia.com stats.g.doubleclick.net maps.googleapis.com ka-p.fontawesome.com cdn.linkedin.oribi.io tags.srv.stackadapt.com www.google-analytics.com yoast.com my.wpengine.com forms.hscollectedforms.net; frame-ancestors 'self'; object-src exelixis2022de.wpengine.com exelixis2022st.wpengine.com exelixis2019.wpengine.com exelixisstage.wpengine.com www.exelixis.com exelixis.com; media-src 'self' data: blob: *; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-HGX4e29s8EQSqVcQMooPYHldUASW3WQCtgt8xoAZDPOjTIEU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src *.easypack24.net *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.payu.com *.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://geowidget.easypack24.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com facebook.net *.dotpay.pl *.facebook.com *.przelewy24.pl sandbox.przelewy24.pl secure.przelewy24.pl 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ self *.criteo.com *.criteo.net *.facebook.com *.facebook.net *.doubleclick.net opineo.pl *.opineo.pl *.dotpay.pl 'unsafe-inline' data: *.addtoany.com *.buybox.click *.dpd.com.pl www.google.com *.cookiebot.com *.interankiety.pl converti.se *.tradedoubler.com *.clickonometrics.pl *.salesmanago.pl pay.google.com https://geowidget-app.inpost.pl/ https://sandbox-easy-geowidget.easypack24.net/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.cdninstagram.com *.easypack24.net *.openstreetmap.org *.inpost.pl *.google.com *.google.pl google.com google.pl googletagmanager.com *.doubleclick.net *.google-analytics.com *.criteo.com *.criteo.net https: data: *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl self blob: static.przelewy24.pl www.gstatic.com gstatic.com https://geowidget.easypack24.net *.hsforms.net *.hsforms.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.easypack24.net unpkg.com *.mapbox.com *.jsdelivr.net furgonetka.pl *.openstreetmap.org *.inpost.pl *.doubleclick.net *.criteo.com *.criteo.net *.cloudflareinsights.com *.wp.pl *.clickonometrics.pl *.cloudflare.com *.googletagmanager.com *.googleadservices.com *.googleoptimize.com *.google-analytics.com *.facebook.net *.facebook.com *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.addtoany.com *.buybox.click *.hotjar.com *.payu.com *.clarity.ms *.retargeted.co *.trackmytarget.com *.publitas.com trustmate.io *.tmtarget.com *.mimeeqapp.com *.mimeeqapi.com *.mimeeq.com maps.googleapis.com static.paynow.pl cdngazeta.pl tp.convertiser.com svht.tradedoubler.com mc.yandex.ru *.cookiebot.com *.cloudfront.net *.tradedoubler.com *.googlesyndication.com *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl pay.google.com https://geowidget.easypack24.net *.hsforms.net *.hsforms.com *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.easypack24.net *.openstreetmap.org *.cloudflare.com *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.payu.com *.googletagmanager.com trustmate.io cdn.jsdelivr.net secure.przelewy24.pl *.fontawesome.com maxcdn.bootstrapcdn.com fonts.googleapis.com https://geowidget.easypack24.net https://geowidget.inpost.pl *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.easypack24.net *.openstreetmap.org *.google-analytics.com *.inpost.pl *.doubleclick.net *.facebook.com *.facebook.net *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.google.pl *.sysadvisors.pl *.bing.com *.virtualearth.net opineo.pl *.opineo.pl *.dotpay.pl *.addtoany.com *.buybox.click *.clarity.ms *.hotjar.com *.hotjar.io *.retargeted.co *.amazonaws.com *.cloudfront.net *.mimeeq.com maps.googleapis.com pixel.wp.pl vc-service.saleago.com *.cookiebot.com *.edrone.me *.clickonometrics.pl converti.se *.imgstatics.com https://get.geojs.io *.avada.io sandbox.przelewy24.pl secure.przelewy24.pl wss://sandbox-ws.przelewy24.pl wss://secure-ws.przelewy24.pl apple-pay-gateway.apple.com t.elasticsuite.io *.hsforms.net *.hsforms.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-AG2SHVxPT7ssHQ87VAmR7/kwbp8LG1YNvX/3kTe8c1kyzSB5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com cdn-cookieyes.com; frame-src 'self' *.youtube.com; object-src 'self'; style-src 'self' 'unsafe-inline' 1
report-uri /es/contacto 1
base-uri 'self' *.theschoollocker.com.au; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.theschoollocker.com.au chat-api.spartez-software.com spartezchatfiles.b-cdn.net *.ewaypayments.com *.zip.co *.zipmoney.com.au www.google.com www.gstatic.com *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net connect.facebook.net; style-src 'self' 'unsafe-inline' *.theschoollocker.com.au fonts.googleapis.com spartezchatfiles.b-cdn.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.inovance.com *.baidu.com *.bdimg.com qiyukf.com *.rum.aliyuncs.com;font-src 'self' data:;img-src 'self' *.inovance.com *.comein.cn *.bdimg.com *.sinajs.cn *.baidu.com data: 1
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-yNLafSNP8Vh1aPEYiF/GJ8sVwW0BeCBjJalLgf0m+bwLht+b' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; child-src blob: https://mc.yandex.ru; connect-src 'self' https://*.auvix.ru https://*.google-analytics.com https://mc.yandex.ru; font-src 'self' data: https://*.auvix.ru https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://maps.google.com https://www.youtube.com https://yandex.ru blob: https://mc.yandex.ru; media-src 'self' https://www.youtube.com; img-src 'self' blob: data: https://*.auvix.ru https://*.google-analytics.com https://img.youtube.com https://mc.yandex.ru https://secure.gravatar.com https://ps.w.org; object-src ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.auvix.ru https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://mc.yandex.ru https://api-maps.yandex.ru https://yastatic.net https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://*.auvix.ru https://fonts.googleapis.com; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors https://influencity.com *.influencity.com; upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-vGQVYEfsKFMA2uG3t9F/oYhyMd2U+tkdcDJaAxZwExjfEcQv' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-NmmEe2NzDgnIKeJqQebJPylSkHx39iOevyr2eUjIS+nFEnVQ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.om.run; img-src 'self' onemoremarket.com blob: data:; frame-src 'self' onemoremarket.com; script-src 'self' *.om.run; font-src 'self' data: fonts.gstatic.com; style-src 'self' fonts.googleapis.com *.om.run 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://woodland.cafe; img-src 'self' data: blob: https://woodland.cafe; style-src 'self' https://woodland.cafe 'nonce-jnVcclTeBphymTOlh0UhFA=='; media-src 'self' data: https://woodland.cafe; frame-src 'self' https:; manifest-src 'self' https://woodland.cafe; form-action 'self'; child-src 'self' blob: https://woodland.cafe; worker-src 'self' blob: https://woodland.cafe; connect-src 'self' data: blob: https://woodland.cafe wss://woodland.cafe; script-src 'self' https://woodland.cafe 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-jAf77/pqX0EJYFjSm6mzhe/AyHkNvcbpfi9JcuWXX/lItS0E' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://www.googletagmanager.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.conferencemanager.dk https://*.piwik.pro https://connect.facebook.net https://*.cookiebot.com https://sc.lfeeder.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.youtube.com https://cdnjs.cloudflare.com https://snap.licdn.com; style-src 'unsafe-inline' 'self'; img-src 'self' https://*.conferencemanager.dk https://www.facebook.com https://*.cookiebot.com https://tr.lfeeder.com https://*.gstatic.com https://www.google.be https://www.google.co.uk https://www.google.nl https://www.google.es https://www.google.no https://www.google.pl https://www.google.li https://www.google.hr https://www.google.ch https://www.google.at https://www.google.de https://www.google.dk https://region1.analytics.google.com https://*.doubleclick.net https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.googletagmanager.com https://www.google.dk https://*.linkedin.com data:; font-src 'self' data:; connect-src 'self' https://*.piwik.pro  https://gtm.conferencemanager.dk https://*.cookiebot.com https://*.google.dk https://*.doubleclick.net https://*.analytics.google.com https://*.google-analytics.com https://api.conferencemanager.dk https://cdn.linkedin.oribi.io https://px.ads.linkedin.com; frame-src https://consentcdn.cookiebot.com https://*.doubleclick.net https://www.google.com https://www.youtube.com; media-src 'self';worker-src 'self' blob:;report-uri https://api.conferencemanager.dk/cspReport.cfm?var=1 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-SV3Dayop9VcAm0Yt9jk4MEBDS9cLf9AFdnj5FaKPbY6HrHra' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
object-src 'none'; style-src 'self' 'unsafe-inline' *.salesforce.com *.salesforce-sites.com *.sandbox.my.site.com; worker-src 'self' blob:; font-src 'self' data: *.sfdcstatic.com *.google.com *.gstatic.com *.salesforce-sites.com; img-src 'self' data: *.google.com *.google.com.au *.gstatic.com *.google-analytics.com *.googletagmanager.com asset.brandfetch.io assets.brandfetch.io assets.cmcmarkets.com *.cmcmarketsinvest.com cmcmarketsinvest.com *.cmclabs.io https://www.facebook.com t.co analytics.twitter.com https://alb.reddit.com *.linkedin.com *.bing.com *.clarity.ms https://cdn-ukwest.onetrust.com https://cdn.braze.eu; report-uri https://report-uri.cmcmarkets.com.au/csp; frame-src 'self' *.cmcmarketsinvest.com uat-ew8.cmcmarketsstockbroking.com.au ew8.cmcmarketsstockbroking.com.au *.salesforce.com cmc-markets.my.salesforce-sites.com service.force.com *.sandbox.my.site.com *.google.com *.gstatic.com *.sharesight.com *.appdynamics.com openid.cmcmarkets.com *.tradingview.com www.tradingview-widget.com; manifest-src 'self'; frame-ancestors 'self' *.cmcmarketsinvest.com; script-src 'self' *.fullstory.com *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com https://cdn.amplitude.com https://connect.facebook.net *.doubleclick.net 'sha256-jNJrNTUZLyDGFJDsnztdIvsJWZf22avMecatyVW6t6s=' 'sha256-cYxFUl7mBOeoUIyimxmFgR9yDu65oUBzP0tPpGLF48c=' 'sha256-qZt+Y07zcYzvM5bNgnOdqKd/MsZ3+pcXpGD9Sg4IWsE=' https://www.googletagmanager.com https://lptag.liveperson.net https://www.facebook.com 'sha256-oyVIco1pYP7FAQyqygurxXi/B+TNLLexFBjb3WTaaY8=' 'sha256-kveqLfh9sFI+wVP5jwKaesEA2b7YvDYo1uOU76ncHkI=' *.salesforceliveagent.com *.salesforce.com *.salesforce-sites.com *.sandbox.my.site.com https://static.lightning.force.com 'sha256-3dxvxb8cCZ7bKm0ejmvEs2+720A09ek+Ze7cTG/M63M=' https://www.redditstatic.com https://static.ads-twitter.com https://platform.twitter.com https://snap.licdn.com https://analytics.tiktok.com https://bat.bing.com https://www.googleadservices.com https://www.clarity.ms https://cdn.appdynamics.com 'unsafe-eval' https://cdn-ukwest.onetrust.com 'sha256-9vRW3mftVm+gDfBB94dA64JLeoSrMDEzWZaN6MniQMo=' 'nonce-hVwQrR81zYgVYWPaKcB273RdGfONtljskBEYaXJbRs' https://s3.tradingview.com; connect-src 'self' *.g.doubleclick.net *.google-analytics.com *.fullstory.com *.cmclabs.io *.invest.cmcmarkets.com.au *.nonprod-invest.cmcmarkets.com.au *.cmcmarketsinvest.com *.mparticle.com *.googletagmanager.com *.braze.eu *.amplitude.com *.cmcmarketsstockbroking.com.au ws://*.cmcmarketsinvest.com ws://*.cmclabs.io localhost *.salesforce-sites.com *.salesforce-scrt.com *.google.com *.gstatic.com cdn.linkedin.oribi.io *.linkedin.com www.facebook.com connect.facebook.net analytics.tiktok.com static.ads-twitter.com *.clarity.ms *.bing.com *.eum-appdynamics.com *.onetrust.com; base-uri 'self'; default-src 'self'; form-action 'self' cmc-markets.my.salesforce-sites.com;  1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-SUqc1YlhZgCpUJrncEamn4+AJ7qF5ViwOAaDvCie3Jd73k6U' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://metrika.yandex.ru http://webvisor.com https://mv.legal https://www.mv.legal http://awards.ratingruneta.ru https://awards.ratingruneta.ru 1
frame-ancestors 'self' https://webapp24.eurosatory.com/ https://rcpt-webapp24.eurosatory.com/ https://duneweb.app.tsi.com.tn:8000/ 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://js.hubspot.com https://ajax.googleapis.com https://buttons-config.sharethis.com https://connect.facebook.net https://cdn1.affirm.com https://cdn.amplitude.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://gcore.jsdelivr.net https://d351aliiejw3zc.cloudfront.net https://forms.hsforms.com https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://js.facebook.com https://js.hscta.net https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://kit.fontawesome.com https://maps.googleapis.com https://maps.google.com https://platform-api.sharethis.com https://ssl.google-analytics.com https://seal.networksolutions.com https://s7.addthis.com https://tagmanager.google.com https://unpkg.com https://use.fontawesome.com https://www.google-analytics.com https://www.gstatic.com https://widget.trustpilot.com https://www.google.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.fontawesome.com ajax.googleapis.com cdn3.devexpress.com cdnjs.cloudflare.com cdn.jsdelivr.net gcore.jsdelivr.net d351aliiejw3zc.cloudfront.net fonts.googleapis.com tagmanager.google.com unpkg.com www.googletagmanager.com;object-src 'none';child-src 'self' *.facebook.com app.hubspot.com www.interhome.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net www.googletagmanager.com *.google.com *.trustpilot.com;base-uri 'self';form-action 'self' *.facebook.com connect.facebook.net forms.hubspot.com forms.hsforms.com;worker-src 'self'; 1
frame-ancestors 'self' cfn.mykronos.com *.cfn.mykronos.com 1
default-src 'self' c.biztoc.com; font-src 'self' c.biztoc.com; style-src 'self' 'unsafe-inline' c.biztoc.com https://*.typeform.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' c.biztoc.com https://*.typeform.com/ https://appleid.cdn-apple.com/ https://hcaptcha.com/ https://cdn.jsdelivr.net/; img-src 'self' data: c.biztoc.com cw.biztoc.com; frame-src https://www.youtube.com/ https://player.vimeo.com/ https://www.tiktok.com/ https://rumble.com/ https://embed.ted.com/ https://*.typeform.com/ https://*.hcaptcha.com 1
default-src 'self'; script-src 'report-sample' 'unsafe-inline' 'self' 'unsafe-eval' platform.hireserve.nl http://cdn1.readspeaker.com https://snap.licdn.com https://googleads.g.doubleclick.net https://connect.facebook.net https://browser.sentry-cdn.com https://cdn.plyr.io/ https://*.readspeaker.com https://maps.google.com https://maps.googleapis.com https://s.ytimg.com https://www.googletagmanager.com https://www.youtube.com https://*.google-analytics.com https://*.cookiebot.com https://www.googleadservices.com; style-src 'report-sample' 'unsafe-inline' 'self' platform.hireserve.nl https://cdn1.readspeaker.com https://*.googleapis.com; object-src 'none'; base-uri 'self';connect-src 'self' api.ats-platform.com/v1/ipinfo platform.hireserve.nl https://*.googlesyndication.com https://stats.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.nl https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://*.facebook.com https://maps.googleapis.com https://*.readspeaker.com https://cdn.plyr.io https://noembed.com https://sentry.io https://consentcdn.cookiebot.com; font-src 'self' data: platform.hireserve.nl https://cdn1.readspeaker.com https://fonts.gstatic.com; frame-src 'self' https://app-eu.readspeaker.com https://platform.hireserve.nl https://www.facebook.com https://www.youtube.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com; img-src 'self' data: platform.hireserve.nl https://*.googlesyndication.com https://*.g.doubleclick.net https://px.ads.linkedin.com https://www.linkedin.com https://www.google.com https://www.google.nl https://www.google.be https://www.google.fr https://www.google.it https://*.analytics.google.com https://img.youtube.com https://*.googleapis.com https://www.facebook.com https://i.ytimg.com https://maps.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.cookiebot.com; media-src 'self'; report-uri /umbraco/api/cspreporting/error; 1
frame-ancestors localhost:3333 *.wedodata.dev *.globalcarbonatlas.org *.github.io  *.cookiebot.com; frame-src *.wedodata.dev *.globalcarbonatlas.org *.github.io  *.cookiebot.com https://carbon-atlas-emissions.wedodata.dev blob:; child-src *.wedodata.dev *.globalcarbonatlas.org *.github.io localhost:3333 *.cookiebot.com connect.facebook.net staticxx.facebook.com facebook.com youtube.com player.vimeo.com www.google-analytics.com google.com apis.google.com tagmanager.google.com www.googletagmanager.com https://carbon-atlas-emissions.wedodata.dev blob:; 1
frame-ancestors 'self' https://*.verintcloudservices.com; report-uri csp-reports; report-to csp-endpoint; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com; child-src 'self' *.youtube.com https://login.microsoftonline.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com api.scribit.pro *.siteimprove.com analytics.rijswijk.nl *.google-analytics.com https://analytics.rijswijk.nl/; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; frame-src 'self' *.youtube.com https://login.microsoftonline.com https://rijswijk.maps.arcgis.com https://www.arcgis.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.siteimprove.com *.siteimproveanalytics.com *.siteimprove.net *.siteimproveanalytics.io page.report *.readspeaker.com; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl i.ytimg.com *.siteimprove.com *.servmetric.com *.govmetric.com *.siteimproveanalytics.io *.readspeaker.com analytics.rijswijk.nl; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js analytics.rijswijk.nl www.googletagmanager.com 'nonce-TlRRd01qVmtZMlUwTTJKaE5XWTA=' 'nonce-TkRaaU16Um1aV001TmpSa1pqWXk=' 'sha256-Grzp6EGtTaqV+EQpxOUu/wP2eFmgh3D+zgUsTxgJEmA=' 'unsafe-inline' https://analytics.rijswijk.nl/; script-src-attr 'self'; script-src-elem 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.scribit.pro www.youtube.com https://cdn.siteimprove.net/cms/overlay.js siteimproveanalytics.com siteimprove.com https://cdn.siteimprove.net/cms/overlay-latest.js analytics.rijswijk.nl www.googletagmanager.com 'nonce-TlRRd01qVmtZMlUwTTJKaE5XWTA=' 'nonce-TkRaaU16Um1aV001TmpSa1pqWXk=' 'sha256-Grzp6EGtTaqV+EQpxOUu/wP2eFmgh3D+zgUsTxgJEmA='; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-YVMBcdDepgiyEk2oGueR4pUjeCeMaIXPIFKTsfjjShQ=' cdn-eu.readspeaker.com; style-src-attr 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-YVMBcdDepgiyEk2oGueR4pUjeCeMaIXPIFKTsfjjShQ='; style-src-elem 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-YVMBcdDepgiyEk2oGueR4pUjeCeMaIXPIFKTsfjjShQ=' cdn-eu.readspeaker.com; base-uri 'self'; frame-ancestors 'self' analytics.rijswijk.nl 1
default-src 'self'; child-src https://flickrembed.com https://maps.google.com https://www.google.com https://connect.facebook.net https://www.youtube.com ; script-src 'self' https://oss.maxcdn.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://connect.facebook.net https://ajax.googleapis.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://stackpath.bootstrapcdn.com https://fonts.googleapis.com 'unsafe-inline'; font-src 'self' https://stackpath.bootstrapcdn.com https://fonts.gstatic.com; frame-ancestors ; form-action 'self'; base-uri 'self';  object-src;  1
frame-ancestors *.ooma.com *.ooma.ca https://*.ooma.com https://*.ooma.ca *.talkatone.com https://www.talkatone.com 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.newrelic.com; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com; img-src 'self' data: https://cdn.jsdelivr.net https://l.evidon.com https://c.evidon.com https://nestle-mvp.myshopify.com https://cdn.shopify.com *.google-analytics.com  https://d6tizftlrpuof.cloudfront.net https://*.usabilla.com https://nestle-mvp.myshopify.com https://cdn.shopify.com https://www.google.com https://www.google.es https://googleads.g.doubleclick.net *.google-analytics.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; media-src 'self'; frame-src 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy http://mychildwithcphcpen.nhscbrand.acsitefactory.com https://www.youtube.com https://static.addtoany.com *.newrelic.com *.onetrust.com; frame-ancestors 'self' https://www.nestlehealthscience.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com/solution-finder https://www.nestlehealthscience.com/cerebral-palsy *.newrelic.com *.onetrust.com; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; connect-src 'self' https://cdn.jsdelivr.net https://bam.nr-data.net https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://stats.g.doubleclick.net https://d6tizftlrpuof.cloudfront.net *.usabilla.com https://nestle-mvp.myshopify.com https://monorail-edge.shopifysvc.com https://www.google.com *.google-analytics.com *.gbqofs.io *.gbqofs.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com *.onetrust.com http://mychildwithcphcpen.nhscbrand.acsitefactory.com; report-uri /report-csp-violation 1
connect-src 'self' ct.pinterest.com stats.g.doubleclick.net www.google-analytics.com shops-si.trustedshops.com api.trustedshops.com trustbadge.api.etrusted.com payments.amazon.de www.google.com adservice.google.com www.komar.de www.fototapete.de *.instagram.com platform.instagram.com *.fbcdn.net api.trustbadge.etrusted.com logging.trustbadge.com region1.google-analytics.com https://region1.analytics.google.com; frame-src 'self' gum.criteo.com static.criteo.net *.pinterest.com www.pinterest.de www.pinterest.pt www.pinterest.fr www.pinterest.ie www.pinterest.it www.pinterest.nz www.pinterest.cl www.pinterest.ca www.pinterest.ru www.pinterest.co.uk www.pinterest.ph hu.pinterest.com www.pinterest.com.mx www.pinterest.co.kr www.google.by www.pinterest.ch www.pinterest.es nl.pinterest.com www.pinterest.at www.youtube-nocookie.com www.youtube.com www.google.com tpc.googlesyndication.com www.googletagmanager.com secure.pay1.de payments.amazon.de youtubeanalytics.net www.instagram.com; img-src 'self' a.twiago.com ad.360yield.com ad.as.amanad.adtdp.com ad.sxp.smartclip.net ad.tpmn.co.kr ad.yieldlab.net adgen.socdm.com ads.stickyadstv.com ads.yahoo.com adx.dable.io an.yandex.ru c.bing.com cm.adform.net cm.g.doubleclick.net contextual.media.net criteo-partners.tremorhub.com criteo-sync.teads.tv cs.adingo.jp ct.pinterest.com cw.addthis.com data: eb2.3lift.com exchange.mediavine.com gum.criteo.com i.liadm.com i.ytimg.com ib.adnxs.com idsync.rlcdn.com ih.adscale.de jadserve.postrelease.com dpm.demdex.net match.sharethrough.com matching.ivitrack.com partner.mediawallahscript.com pixel.advertising.com pixel.rubiconproject.com pixel.tapad.com r.casalemedia.com rtb-csync.smartadserver.com s.ad.smaato.net secure.adnxs.com simage2.pubmatic.com sp.analytics.yahoo.com sync-criteo.ads.yieldmo.com sync-t1.taboola.com sync.ad-stir.com sync.e-planning.net sync.outbrain.com tg.socdm.com trends.revcontent.com ups.analytics.yahoo.com us-u.openx.net visitor.omnitagjs.com widgets.trustedshops.com www.google-analytics.com x.bidswitch.net www.googletagmanager.com www.google.com www.google.nl dis.criteo.com sync.taboola.com d.turn.com cotads.adscale.de i6.liadm.com s.amazon-adsystem.com cdn.stickyadstv profile.ssp.rambler.ru cm.meba.kr id5-sync.com idsync.admixer.co.kr sbm.nate.com cdn.stickyadstv.co sync.aralego.com ad.mail.ru trc.taboola.com www.google.de cdn.stickyadstv.com googleads.g.doubleclick.net scontent.cdninstagram.com www.google.pt csm.fr.eu.criteo.net www.gstatic.com *.komar.de *.fototapete.de www.google.fr www.google.hu www.paypal.com payments.amazon.de cdn.pay1.de www.facebook.com www.google.be www.google.ie translate.google.com www.google.co.uk www.paypalobjects.com www.google.si www.google.it www.google.at www.google.lu www.google.ch www.google.cz static.cdninstagram.com csm.nl.eu.criteo.net www.google.gr www.google.co.ma www.google.se www.google.tn www.google.ci www.google.ae www.google.com.mx www.google.cl www.google.ba www.google.es www.google.co.kr www.google.com.ar www.google.co.in www.google.bg www.google.com.et www.google.no www.google.hr www.google.ee www.google.pl www.google.com.pk www.google.com.mt www.google.com.hk www.google.com.tr www.google.co.jp www.google.ru www.google.com.br www.google.rs www.google.dz www.google.co.za www.google.fi www.google.co.id www.google.ro www.google.lv www.google.com.sa www.google.co.th www.google.co.nz www.google.co.uz www.google.co.il www.google.lt www.google.sk www.google.com.vn www.google.ca www.google.com.my www.google.dk www.google.com.cy www.google.com.au www.google.md www.pinterest.com.au log.pinterest.com beacon.krxd.net *.dmxleo.com e1.emxdgt.com www.instagram.com *.fbcdn.net s.thebrighttag.com http://www.komar.de hb.yahoo.net c1.adform.net; object-src 'self'; script-src 'unsafe-eval' 'self' 'unsafe-inline' s.pinimg.com sslwidget.criteo.com static.criteo.net widgets.trustedshops.com www.google-analytics.com www.googletagmanager.com secure.pay1.de www.googleadservices.com static-eu.payments-amazon.com www.komar.de www.fototapete.de connect.facebook.net www.gstatic.com www.google.com widget.eu.criteo.com platform.instagram.com www.pagespeed-mod.com www.instagram.com *.fbcdn.net https://ct.pinterest.com; style-src 'unsafe-inline' 'self' www.komar.de www.fototapete.de fonts.googleapis.com;report-uri https://komar.report-uri.com/r/d/csp/reportOnly 1
style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';worker-src blob: https://*.ampproject.org/* https://*.gstatic.com/* https://*.addthis.com/* *.zohopublic.com/* https://*.zohocdn.com/* https://*.zoho.com/* 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; 1
frame-ancestors *.needmytranscript.com; 1
upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob:; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://embed.signalintent.com https://play.vidyard.com https://snap.licdn.com https://js.adsrvr.org https://insight.adsrvr.org https://cdn.cookielaw.org https://tags.clickagy.com https://*.unbounce.com https://d3pkntwtp2ukl5.cloudfront.net/uba.js https://optimize.google.com https://www.googleoptimize.com https://www.youtube.com https://ws.zoominfo.com https://*.hotjar.com https://www.gstatic.com https://www.google.com https://ajax.googleapis.com https://use.fontawesome.com https://www.google-analytics.com https://www.googletagmanager.com https://app-ab23.marketo.com https://siteimproveanalytics.com https://munchkin.marketo.net https://fonts.googleapis.com https://cdn.jsdelivr.net https://gateway.zscloud.net https://maps.googleapis.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://embed.signalintent.com https://optimize.google.com https://p.typekit.net https://use.typekit.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://app-ab23.marketo.com https://use.fontawesome.com; connect-src 'self' https://api.segment.io https://adservice.google.com https://calc-backend-prod.herokuapp.com https://cdn.segment.com https://play.vidyard.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com https://cdn.cookielaw.org https://aorta.clickagy.com https://hemsync.clickagy.com https://*.hotjar.io wss://*.hotjar.com https://*.hotjar.com https://ws.zoominfo.com https://d2mefa3mujb0bx.cloudfront.net https://d2idea1kzvufhy.cloudfront.net https://stats.g.doubleclick.net https://use.fontawesome.com https://go.firstbusiness.bank https://880-qno-957.mktoutil.com https://www.google-analytics.com https://www.googletagmanager.com https://880-qno-957.mktoresp.com https://o250803.ingest.sentry.io; img-src 'self' https://cdn.vidyard.com https://play.vidyard.com https://fbb-cms.firstbusiness.bank https://px.ads.linkedin.com https://www.linkedin.com https://ad.doubleclick.net https://adservice.google.com https://cdn.cookielaw.org https://id.rlcdn.com https://aorta.clickagy.com https://optimize.google.com https://ws.zoominfo.com https://media.firstbusiness.bank https://media.firstbusiness.com https://firstbusiness.bank https://stats.g.doubleclick.net data: https://lh3.ggpht.com https://i.ytimg.com https://*.googleapis.com https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://3517.global.siteimproveanalytics.io https://*.gravatar.com https://www.facebook.com; font-src 'self' data: https://embed.signalintent.com https://use.fontawesome.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://use.typekit.net https://fonts.gstatic.com; frame-src 'self' https://play.vidyard.com https://insight.adsrvr.org https://match.adsrvr.org https://13333447.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com https://*.hotjar.com https://html5-player.libsyn.com https://www.youtube.com https://app-ab23.marketo.com https://www.google.com https://snazzymaps.com https://cdn.jsdelivr.net; media-src 'self' https://ssl.gstatic.com;report-uri https://o250803.ingest.sentry.io/api/6241426/security/?sentry_key=f1a7000fd2f94aedb8e361857307829b 1
frame-ancestors accessibe.com 'self' 1
default-src 'self' *.feedr.co *.teamfeedr.com blob:; media-src data: assets-global.website-files.com; font-src 'self' *.feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com fonts.gstatic.com *.intercomcdn.com uploads-ssl.webflow.com cdnjs.cloudflare.com data: script.hotjar.com; style-src 'self' 'unsafe-inline' *.feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com fonts.googleapis.com www.googletagmanager.com global-uploads.webflow.com cdnjs.cloudflare.com accounts.google.com uploads-ssl.webflow.com static.zdassets.com assets-global.website-files.com app.vwo.com cdn2.ikaros.io cdn.jsdelivr.net assets.caterdesk-static.com fengyuanchen.github.io; script-src 'self' 'unsafe-inline' *.feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com blob: *.segment.com *.stripe.com snap.licdn.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com *.intercom.io *.intercomcdn.com cdn.amplitude.com connect.facebook.net js.hs-analytics.net *.hs-scripts.com js.hscollectedforms.net js.hs-banner.com js.hsleadflows.net js.hsleadflows.com static.ads-twitter.com *.doubleclick.net analytics.twitter.com *.posthog.com static.cloudflareinsights.com ajax.cloudflare.com ws.zoominfo.com cdn-ukwest.onetrust.com *.hsforms.net *.hsforms.com *.google.com www.gstatic.com cdnjs.cloudflare.com *.webflow.com *.googleapis.com s3-ap-southeast-2.amazonaws.com/oi.assets/ www.datadoghq-browser-agent.com cdn.iubenda.com d3e54v103j8qbb.cloudfront.net/js/jquery-3.5.1.min.dc5e7f18c8.js cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js bat.bing.com tag.clearbitscripts.com d1navat532wvnn.cloudfront.net *.hotjar.com static.zdassets.com x.clearbitjs.com hubspotonwebflow.com assets-global.website-files.com *.visualwebsiteoptimizer.com app.vwo.com cdn2.ikaros.io cdn.jsdelivr.net assets.caterdesk-static.com fengyuanchen.github.io js.hsadspixel.net *.smooch.io; img-src 'self' *.feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com data: blob: src: *.linkedin.com connect.facebook.net www.google-analytics.com *.facebook.com *.hubspot.com www.google.com www.google.co.uk *.doubleclick.net js.hscollectedforms.net *.hsforms.com t.co *.stripe.com *.intercomcdn.com *.execute-api.eu-west-2.amazonaws.com fonts.gstatic.com cdn-ukwest.onetrust.com *.webflow.com cdnjs.cloudflare.com d3e54v103j8qbb.cloudfront.net d1otoma47x30pg.cloudfront.net analytics.twitter.com bat.bing.com www.googletagmanager.com maps.gstatic.com img.caterdesk-static.com assets-global.website-files.com dev.visualwebsiteoptimizer.com wingify-assets.s3.amazonaws.com *.zendesk.com; connect-src 'self' *.feedr.co wss://*.feedr.co wss://feedr.co *.teamfeedr.com *.eatfirst.com *.eatfirstdev.com wss://*.eatfirst.com wss://*.eatfirstdev.com *.split.io *.stripe.com *.segment.com api.segment.io *.doubleclick.net *.intercom.io *.hubspot.com wss://*.intercom.io api.amplitude.com *.instagram.com s3.eu-west-2.amazonaws.com *.mapbox.com *.browser-intake-datadoghq.eu hubspot-forms-static-embed.s3.amazonaws.com *.hsforms.com *.onetrust.com *.google-analytics.com *.auth.eu-west-1.amazoncognito.com cognito-idp.eu-west-1.amazonaws.com vitals.vercel-insights.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com ws.zoominfo.com webflow.com ekr.zdassets.com app.clearbit.com caterdesk-static-images.s3.eu-west-1.amazonaws.com *.google.com *.googlesyndication.com wss://ws.hotjar.com *.hotjar.io in.hotjar.com px.ads.linkedin.com app.vwo.com www.googletagmanager.com *.visualwebsiteoptimizer.com browser-intake-datadoghq.eu api.hubapi.com wss://*.smooch.io *.zendesk.com *.smooch.io hubspotonwebflow.com; frame-src *.stripe.com m.stripe.network *.youtube.com *.hsforms.com intercom-sheets.com app.powerbi.com cdn.embedly.com www.google.com d3a7wk1tkorhuk.cloudfront.net *.doubleclick.net app.vwo.com; frame-ancestors ; 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' https: data: blob:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'nonce-ORTnoUFyFBeDuehsQ4Ei1g=='; upgrade-insecure-requests; 1
base-uri 'self'; object-src 'none'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: secure.gravatar.com google-analytics.com; media-src 'self'; 1
script-src 'self' https://www.google.com https://cdn.datatables.net https://px.ads.linkedin.com/collect/ https://cdn-apac.onetrust.com https://www.gstatic.com https://fonts.googleapis.com https://unpkg.com https://www.youtube.com https://cloud.vvdntech.com https://googleads.g.doubleclick.net https://cdnjs.cloudflare.com https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.ckeditor.com https://documentcloud.adobe.com 'unsafe-eval' 'unsafe-inline';object-src 'none';img-src https://cdn.ckeditor.com 'self'; frame-ancestors 'self'; 1
default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src * data:;worker-src * blob:;font-src 'self' data:; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://maduss.site; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-tZkw2xl5w+MF+0i6HqQbBqjpW99jM6ETSSlXqu1e/rVo0u8I' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; media-src https://player.vimeo.com https://download-video.akamaized.net; connect-src 'self' https://cdn.cookielaw.org https://ibsagroup.matomo.cloud *.google-analytics.com https://geolocation.onetrust.com *.googleapis.com https://stats.g.doubleclick.net *.analytics.google.com https://privacyportal-de.onetrust.com *.taleez.com https://taleez.com; font-src 'self' *.gstatic.com data:; img-src 'self' https://cdn.cookielaw.org *.gstatic.com *.googleapis.com https://www.w3.org https://i.ytimg.com https://www.googletagmanager.com *.google.ch *.google.it *.google.com *.google-analytics.com *.taleez.com data:;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com *.googleapis.com https://unpkg.com *.gstatic.com https://polyfill.io https://cdn.cookielaw.org https://www.googletagmanager.com https://cdn.matomo.cloud https://ibsagroup.matomo.cloud https://maps.google.com https://s7.addthis.com *.google-analytics.com https://www.youtube.com https://taleez.com; style-src 'self' 'unsafe-inline' *.googleapis.com;  worker-src 'self';  frame-src 'self' https://www.youtube.com https://www.google.com https://online.fliphtml5.com *.cloudfront.net/ https://player.vimeo.com; frame-ancestors 'self'; 1
frame-src 'self' https://www.gartner.com https://platform.twitter.com https://syndication.twitter.com https://www.youtube.com https://googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://connect.facebook.net https://snap.licdn.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://www.google-analytics.com https://www.clarity.ms https://www.gartner.com https://static.ads-twitter.com https://analytics.twitter.com https://www.gstatic.com/charts/loader.js https://www.gstatic.com/charts/50/loader.js https://www.gstatic.com/charts/50/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/50/js/jsapi_compiled_graphics_module.js https://www.gstatic.com/charts/50/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/50/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/49/loader.js https://www.gstatic.com/charts/50/js/jsapi_compiled_geo_module.js https://www.gstatic.com/charts/50/js/jsapi_compiled_geochart_module.js https://cdn.syndication.twimg.com https://www.gstatic.com/charts/51/loader.js https://www.gstatic.com/charts/51/js/jsapi_compiled_default_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_graphics_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_ui_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_corechart_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_geo_module.js https://www.gstatic.com/charts/51/js/jsapi_compiled_geochart_module.js https://www.googleoptimize.com/optimize.js https://www.facebook.com/signals/iwl.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/134597088.js https://m.facebook.com/signals/iwl.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://www.googleadservices.com/ cdn.rawgit.com https://cdnjs.cloudflare.com https://platform.twitter.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gartner.com/ https://www.gstatic.com/ https://platform.twitter.com https://ton.twimg.com https://www.facebook.com/signals/iwl.js https://m.facebook.com/signals/iwl.js https://bat.bing.com/bat.js https://bat.bing.com/p/action/134597088.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://redpiranha.net/report-uri/enforce 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.portoseguro.com.br https://cinetica.ag https://googleads.g.doubleclick.net *.hotjar.com https://www.googletagmanager.com https://www.google.com.br https://www.youtube.com https://analytics.google.com https://use.typekit.net https://www.googletagmanager.com https://content.hotjar.io https://www.google.com.br http://www.youtube.com https://www.youtube.com https://*.typekit.net https://*.corretoronlinenoticias.com.br https://*.ytimg.com https://*.soundcloud.com https://*.cinetica.digital https://cinetica.digital:40002 wss://ws.hotjar.com https://*.cinetica.ag https://*.gstatic.com https://*.youtube.com https://*.hotjar.com https://*.googletagmanager.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.spotify.com https://*.jmvstream.com https://*.google.com https://instagram.fcgh8-1.fna.fbcdn.net https://code.jquery.com; script-src 'self' 'nonce-1bcd33383d6ca529dff312987aea7870c0e7568b' 'unsafe-eval' 'strict-dynamic' https://www.googletagmanager.com *.dynatrace.com  *.hotjar.com https://www.gstatic.com https://analytics.google.com https://www.google.com https://www.google-analytics.com https://w.soundcloud.com; connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://www.google.com.br https://stats.g.doubleclick.net https://www.google.com.br; font-src 'self' data: *.typekit.net  *.gstatic.com 1
frame-ancestors 'self' https://static-ebcom.mci.ir/ 1
frame-ancestors 'self' https://members.onvif.org 1
img-src data: https://cdn.cookielaw.org/ https://webanalytics.inera.se/ https://*.inviewer.se/ 'self'; connect-src https://cdn.cookielaw.org/ https://webanalytics.inera.se/ 'self'; script-src https://cdn.cookielaw.org/ https://dl.episerver.net/ https://webanalytics.inera.se/ 'report-sample' 'sha256-3/mNUpqF9X/gMYE+bOG6g8d6I32wdYdWwWuAk90mPCM=' 'sha256-KdrksQVVfPWUX99NitlEt4ABdXZmgoZpezLqt68xrRU=' 'sha256-NBS7EduG2pL/l2J3FKVM//a6/tkbjRXCbg6q7vBX/JQ=' 'sha256-9nbqryG6r8ah9AReuQJKTzRXvO4bc5sLyPTD9Ybevj8=' 'sha256-laWjrqJThFpSbf4H+IwSnwccrjKHaVCE1bYgwmmXevg=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-klfxXgdnwV+m/OWo4vGi7Lr/biPNmVj6vK8dtUFr+40=' 'self'; frame-src https://play.mediaflowpro.com/ https://dreambroker.com/; style-src 'report-sample' 'unsafe-inline' 'self'; style-src-attr 'report-sample' 'unsafe-inline'; style-src-elem 'report-sample' 'unsafe-inline' 'self'; object-src 'none'; base-uri 'self'; worker-src 'self'; manifest-src 'self'; media-src 'self'; form-action 'self'; child-src 'self'; frame-ancestors 'self'; report-uri https://www.vardhandboken.se/api/v1/csp/report; font-src data: 'self'; upgrade-insecure-requests ; default-src 'self'; report-to csp-endpoint 1
frame-ancestors 'self' *.remscheid.de translate.google.com 1
default-src *; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline' script.crazyegg.com; script-src * 'unsafe-eval' script.crazyegg.com 'sha256-jQGhDqcCq1R32caSsDyMKNfyaIj78MT5ooPm7WXpU9s=' 'sha256-pzcENdZs15H5KmPP8uOhGqtoAD/1bKbY6pcCj6fwX8o=' 'sha256-JaHbEGvgT0xFK297CXVCB09K/OcMGSXS+jgxsw6yO/g=' 'sha256-PJL8V3HvHBO02fb/I8iSbaOKrlGsb7l9O4a+vpEMeIA=' 'sha256-C6V4NlvvjJ/Bh2gXRJo0FDw7KFSYhXTM1LiPk1OjUOU=' 'sha256-ewwoBrmj8m4+F9O57vBWoAUOMCNdwCXLkbC577WI+f0='; script-src-elem * script.crazyegg.com 'sha256-jQGhDqcCq1R32caSsDyMKNfyaIj78MT5ooPm7WXpU9s=' 'sha256-pzcENdZs15H5KmPP8uOhGqtoAD/1bKbY6pcCj6fwX8o=' 'sha256-JaHbEGvgT0xFK297CXVCB09K/OcMGSXS+jgxsw6yO/g=' 'sha256-PJL8V3HvHBO02fb/I8iSbaOKrlGsb7l9O4a+vpEMeIA=' 'sha256-C6V4NlvvjJ/Bh2gXRJo0FDw7KFSYhXTM1LiPk1OjUOU=' 'sha256-ewwoBrmj8m4+F9O57vBWoAUOMCNdwCXLkbC577WI+f0='; worker-src * blob:; font-src * data:; img-src * data:; connect-src * data:; base-uri 'self'; 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval' data:;font-src https: data:; style-src https: 'unsafe-inline' api.mapbox.com;img-src * data:; worker-src blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://barebells.com/; img-src 'self' data: blob: https://barebells.com/; object-src 'self' data: blob: https://barebells.com/; frame-src 'self' data: blob: https://barebells.com/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-GOSlckl5froAFM4xaTP6YlH4n0x3Be5PWFouaWT4OmyT5lPG' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.vimeo.com *.oct8ne.com *.issuu.com *.cookiebot.com *.googletagmanager.com *.bing.com *.criteo.com *.doubleclick.net *.connectif.cloud *.facebook.net *.facebook.com *.facebook.es *.analytics.google.com *.google.es *.google.com *.clarity.ms *.supermercadosmases.twgdns.com *.bidswitch.net *.dnxs.com *.contextual.media.net *.rubiconproject.com *.martadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.id5-sync.com *.ad.360yield.com *.matching.ivitrack.com *.exchange.mediavine.com *.adnxs.com *.demdex.net *.jadserve.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.criteo-partners.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.googlesyndication.com  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.ggpht *.amazonaws.com *.supermercadosmas.com *.facebook.com *.connectif.cloud *.cookiebot.com *.bing.com *.criteo.com *.doubleclick.net *.facebook.net *.facebook.es *.analytics.google.com *.clarity.ms *.supermercadosmases.twgdns.com *.bidswitch.net *.dnxs.com *.contextual.media.net *.rubiconproject.com *.martadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.id5-sync.com *.ad.360yield.com *.matching.ivitrack.com *.exchange.mediavine.com *.adnxs.com *.demdex.net *.jadserve.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.criteo-partners.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.googlesyndication.com  data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com *.webeyez.com *.connectif.cloud *.bing.com *.criteo.com *.doubleclick.net *.facebook.net *.facebook.com *.facebook.es *.analytics.google.com *.clarity.ms *.supermercadosmases.twgdns.com *.bidswitch.net *.dnxs.com *.contextual.media.net *.rubiconproject.com *.martadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.id5-sync.com *.ad.360yield.com *.matching.ivitrack.com *.exchange.mediavine.com *.adnxs.com *.demdex.net *.jadserve.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.criteo-partners.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.googlesyndication.com  *.doofinder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doofinder.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com *.webeyez.com cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com *.connectif.cloud *.cookiebot.com *.bing.com *.criteo.com *.doubleclick.net *.facebook.net *.facebook.com *.facebook.es *.analytics.google.com *.clarity.ms *.supermercadosmases.twgdns.com *.bidswitch.net *.dnxs.com *.contextual.media.net *.rubiconproject.com *.martadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.id5-sync.com *.ad.360yield.com *.matching.ivitrack.com *.exchange.mediavine.com *.adnxs.com *.demdex.net *.jadserve.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.criteo-partners.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com *.googlesyndication.com  *.doofinder.com wss://*.doofinder.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self'; worker-src 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://shakedown.social; img-src 'self' https: data: blob: https://shakedown.social; style-src 'self' https://shakedown.social 'nonce-iBCq3TkOe/MzCfhx2mqiug=='; media-src 'self' https: data: https://shakedown.social; frame-src 'self' https:; manifest-src 'self' https://shakedown.social; form-action 'self'; child-src 'self' blob: https://shakedown.social; worker-src 'self' blob: https://shakedown.social; connect-src 'self' data: blob: https://shakedown.social https://files.shakedown.social wss://shakedown.social; script-src 'self' https://shakedown.social 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'self'; form-action 'self' 1
Access-Control-Allow-Origin: * 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org www.google-analytics.com *.pricespider.com pghub.io *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io consumersupport.pg.com pandg.tapad.com ; media-src 'self' data: videos.ctfassets.net feed.pghub.io pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com www.google-analytics.com cdn.cookielaw.org *.bazaarvoice.com feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org *.google-analytics.com geolocation.onetrust.com feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
form-action https: www.przelewy24.pl; 1
frame-ancestors https://www.notion.so 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://yoitsu.moe; img-src 'self' https: data: blob: https://yoitsu.moe; style-src 'self' https://yoitsu.moe 'nonce-ywOIEKMDZ7drrIXzaM5gqw=='; media-src 'self' https: data: https://yoitsu.moe; frame-src 'self' https:; manifest-src 'self' https://yoitsu.moe; form-action 'self'; child-src 'self' blob: https://yoitsu.moe; worker-src 'self' blob: https://yoitsu.moe; connect-src 'self' data: blob: https://yoitsu.moe https://yoitsu.moe wss://yoitsu.moe; script-src 'self' https://yoitsu.moe 'wasm-unsafe-eval' 1
default-src 'unsafe-inline' https: 'self' 'unsafe-eval' data:; upgrade-insecure-requests; frame-ancestors 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-usDmNKQ1XBUk7D/dYHJqj4sbhEMwB/Ws9nIFEytpnEKzs6aG' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-oNDUE31itsVctWnbK+Dc6BK8LrA0EW6AHMQwJ6/hM8dkhG51' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; script-src 'strict-dynamic' 'nonce-oU+YVLj71UAGhOGaA6MU/Y4ywlJmiVq/FcVky0bpqwxPBgqr4K' 'self' 'report-sample' 'unsafe-inline' assets.wearehearken.eu cdn.syndication.twimg.com connect.facebook.net c.files.bbci.co.uk emp.bbci.co.uk ems.wearehearken.eu modules.wearehearken.eu mybbc-analytics.files.bbci.co.uk nav.files.bbci.co.uk news.files.bbci.co.uk platform.twitter.com public.flourish.studio static.bbc.co.uk static.bbci.co.uk static.chartbeat.com static2.chartbeat.com www.bbc.co.uk www.instagram.com www.ons.gov.uk gn-web-assets.api.bbc.com www.google-analytics.com bitesize.files.bbci.co.uk www.tiktok.com lf16-tiktok-web.ttwstatic.com static.files.bbci.co.uk; img-src 'self' https: data:; font-src c.files.bbci.co.uk gel.files.bbci.co.uk static.files.bbci.co.uk static.bbci.co.uk news.files.bbci.co.uk ws-downloads.files.bbci.co.uk bitesize.files.bbci.co.uk; style-src branding.files.bbci.co.uk cdn.riddle.com flo.uri.sh news.files.bbci.co.uk platform.twitter.com static.bbc.co.uk static.bbci.co.uk static.files.bbci.co.uk ton.twimg.com www.riddle.com 'unsafe-inline' lf16-tiktok-web.ttwstatic.com; frame-src 'self' bbc001.carto.com bbc003.carto.com bbc-maps.carto.com cdn.riddle.com chartbeat.com emp.bbc.co.uk emp.bbc.com flo.uri.sh graphics.reuters.com www.reuters.com m.facebook.com news.files.bbci.co.uk personaltaxcalculator2.deloittecloud.co.uk platform.twitter.com public.flourish.studio static2.chartbeat.com syndication.twitter.com web.facebook.com www.bbc.co.uk www.facebook.com www.instagram.com www.tiktok.com www.ons.gov.uk www.riddle.com www.youtube.com www.youtube-nocookie.com toybox.tools.bbc.co.uk uk-script.dotmetrics.net ssp-app-uk.votenow.tv ssp-app-uktest.votenow.tv session.test.bbc.co.uk session.bbc.co.uk; object-src 'none'; manifest-src static.files.bbci.co.uk bitesize.files.bbci.co.uk; media-src 'self' blob: https:; connect-src 'self' https:; child-src blob:; base-uri 'none'; form-action 'self' platform.twitter.com syndication.twitter.com uk-script.dotmetrics.net/DeviceInfo.dotmetrics; frame-ancestors 'none'; upgrade-insecure-requests; report-to default; report-uri https://webcore.bbc-reporting-api.app/report-endpoint; 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com geoid.investisdigital.com maps.googleapis.com bam.eu01.nr-data.net *.google-analytics.com cookiemanager.investisdigital.com www.googletagmanager.com *.highcharts.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com dev-api.investisdigital.com api.investisdigital.com dev-assets.investisdigital.com assets.investisdigital.com qaotp.tools.investisdigital.com *.investisdigital.com player.vimeo.com www.recaptcha.net otp.tools.investis.com maps.googleapis.com bam.eu01.nr-data.net *.highcharts.com unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com *.typekit.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com  irs.tools.investis.com www.googletagmanager.com; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com *.typekit.net cdnjs.cloudflare.com 1
frame-ancestors 'self' datwyler.unily.com; 1
frame-ancestors 'self' https://www.zi-mannheim.de ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.2.0/owl.carousel.min.js https://*.jsdelivr.net https://*.fontawesome.com/ https://www.paypalobjects.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery.isotope/2.2.0/isotope.pkgd.js https://*.jquery.com/ https://rms.ups.com/ https://cdnjs.cloudflare.com/ajax/libs/jquery-confirm/3.3.2/jquery-confirm.min.js https://www.paypal.com/ https://*.cloudflare.com/ https://cdn.solar-guitars.com/ https://applepay.cdn-apple.com/; img-src 'self' data: https://www.paypalobjects.com/ http://maps.google.com/ https://www.paypal.com/ https://cdn.solar-guitars.com/; object-src 'self' data: https://*.paypal.com/ https://cdn.solar-guitars.com/; frame-src 'self' data: https://*.paypal.com/ https://cdn.solar-guitars.com/; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-68rSSzXKZPrN27z1rN5qPNm4uZYECgsOouaNBlnqnx0rjI5s' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' ; script-src 'self' 'strict-dynamic' 'nonce-0a9556c1-f08f-4b49-a63d-ddf1e3153db3' https://cdn.jsdelivr.net/; style-src 'self' 'unsafe-inline' 	https://cdn.jsdelivr.net/; img-src 'self' data: ; connect-src 'self' https://finanstilsynet.matomo.cloud/; frame-src 'self' https://player.vimeo.com/ https://app.powerbi.com/; 1
default-src 'self' www.w3.org; script-src 'self' ajax.googleapis.com; style-src 'self' 'unsafe-inline'; connect-src 'none'; object-src 'none'; font-src 'self'; frame-src 'none'; form-action 'none'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; report-to csp-endpoint; 1
default-src 'self'; script-src 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.cookiebot.com https://*.hotjar.com https://player.vimeo.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.com/recaptcha/enterprise.js https://www.google-analytics.com https://ssl.google-analytics.com https://wchat.freshchat.com https://www.googletagmanager.com https://www.googletagmanager.com 'unsafe-inline' https:; img-src 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.cookiebot.com https://*.googlesyndication.com https://*.facebook.net https://googleads.g.doubleclick.net https://*.hotjar.com https://*.clarity.ms https://www.google.hr https://images-20210209174033434400000001.s3.eu-north-1.amazonaws.com https://www.facebook.com https://*.bing.com https://cdn.nettbil.no https://*.doubleclick.net https://st4gcdn.skybil.no https://www.google.no https://www.google.com https://www.googletagmanager.com https://da0zw1zvl4zsg.cloudfront.net https://www.googletagmanager.com https://www.google-analytics.com https://i.fuelapi.com https://www.google.com https://www.google.no https://www.google.se https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data:; connect-src 'self' https://nettbilas--integrate.sandbox.my.salesforce-scrt.com https://nettbilas--integrate.sandbox.my.site.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.snapchat.com https://googleads.g.doubleclick.net https://*.cookiebot.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://policy.app.cookieinformation.com https://*.bing.com https://*.clarity.ms https://*.snapchat.com https://*.googlesyndication.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://cdn.growthbook.io https://www.google-analytics.com https://*.skybil.no https://*.nettbil.no https://wchat.freshchat.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; font-src 'self' https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.sfdcstatic.com https://*.hotjar.com https://fonts.gstatic.com https://wchat.freshchat.com data:; frame-src https://nettbilas--integrate.sandbox.my.site.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.cookiebot.com https://*.google.com https://www.facebook.com https://wchat.freshchat.com https://nettbil.webpush.freshchat.com https://player.vimeo.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.snapchat.com https://*.skybil.no; style-src 'self' https://nettbilas--integrate.sandbox.my.salesforce-scrt.com https://nettbilas--integrate.sandbox.my.site.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.hotjar.com https://fonts.googleapis.com https://*.freshchat.com 'unsafe-inline'; style-src-elem 'self' https://nettbilas--integrate.sandbox.my.salesforce-scrt.com https://nettbilas--integrate.sandbox.my.site.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://service.force.com https://*.hotjar.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.freshchat.com blob: 'unsafe-inline'; worker-src blob:; 1
frame-ancestors 'self' https://patient.ehs.gov.ae https://ppdev.ehs.gov.ae; worker-src 'self' blob:; img-src * 'self' blob: data:;default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-modals; default-src 'self'; base-uri 'none'; script-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://cmmedev.crm4.dynamics.com https://cmmetest.crm4.dynamics.com https://cmme.crm4.dynamics.com http://213.139.212.17 https://213.139.212.17 http://37.26.63.76 https://37.26.63.76; 1
base-uri 'self'; default-src * data: blob:; form-action 'self'; frame-ancestors 'self'; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
default-src 'self' ws: *.addthis.com *.adsrvr.org *.api.osano.com *.elfsight.com *.embedly.com *.events.ubembed.com *.ex.co *.g.doubleclick.net *.hotjar.com *.hotjar.io *.livehelpnow.net *.nr-data.net *.pages.ubembed.com *.playbuzz.com accounts.google.com analytics.google.com api.develop-sr3snxi-tsy4np5h7paxs.us-2.platformsh.site api.staging-5em2ouy-tsy4np5h7paxs.us-2.platformsh.site api.teach.org api.teach.test calendly.com cdnjs.cloudflare.com elink.io fonts.gstatic.com formstack.io i.ytimg.com js-agent.newrelic.com maps.googleapis.com northcarolina.schoolspring.com pixel.tapad.com platform.twitter.com player.vimeo.com px.ads.linkedin.com sandbox.formstack.io secure.causevox.com themap.carto.com to.go.saleswingsapp.com tr.snapchat.com www.facebook.com www.google-analytics.com www.google.com www.google.com docs.google.com www.instagram.com www.schoolspring.com www.youtube-nocookie.com www.youtube.com youtube.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.addthis.com *.addthisedge.com *.elfsight.com *.ex.co *.hotjar.com *.js.ubembed.com *.pinterest.com *.playbuzz.com *.polyfill.io api.ipify.org apis.google.com assets.calendly.com assets.ubembed.com cdnjs.cloudflare.com cmp.osano.com connect.facebook.net d1sf3a4rercrry.cloudfront.net developer.livehelpnow.net elink.io googleads.g.doubleclick.net js-agent.newrelic.com js.adsrvr.org js.causevox.com maps.googleapis.com platform.twitter.com polyfill.io s.saleswingsapp.com sc-static.net snap.licdn.com tr.snapchat.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.instagram.com www.youtube.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com developer.livehelpnow.net fonts.googleapis.com www.googletagmanager.com; object-src 'none'; img-src * blob: data:; frame-ancestors 'self' *.teach.org; 1
frame-src 'self' https://cflscoreboard.cfl.ca/ http://cflscoreboard.cfl.ca/ https://*.googlesyndication.com https://www.facebook.com/ https://www.google.com/ https://players.brightcove.net/ https://*.doubleclick.net https://player.simplecast.com/ https://*.oseg.ca https://www.youtube.com/ https://*.fevo.com/ https://forums.cfl.ca/ https://*.argonauts.ca/ https://player.vimeo.com/ https://w.soundcloud.com/ https://*.f2p.media.geniussports.com/ https://cdn.flipsnack.com/ https://mlse.formstack.com/ https://issuu.com/ https://gsm-widgets.betstream.betgenius.com/ https://chat.satis.fi/ https://tradablebits.com/ https://embed.waze.com/ https://gamezone.cfl.ca/ https://platform.twitter.com/ https://www.instagram.com/ https://www.tiktok.com/ https://interland3.donorperfect.net/ https://chartbeat.com/ https://static2.chartbeat.com/ https://*.acuityscheduling.com/ https://*.tagboard.com/ https://caimgs.s3-ca-central-1.amazonaws.com/ https://cdn.userway.org/ https://www.surveymonkey.com/ https://player.streamguys.com/ https://www.buzzsprout.com https://www.googleadservices.com/ https://console.googletagservices.com/ https://play.ottawaredblacks.com/ https://www.googletagservices.com/ https://www.tdplace.ca/; 1
frame-ancestors 'self' *.facebook.com *.fbcdn.net 1
frame-ancestors 'self' *.kassel.de *.stadtreiniger.de *.stadt-kassel.de *.kasselkultur2022.de www-kassel-de.translate.goog 1
object-src 'none'; frame-ancestors 'self'; report-uri http://sinupret.com/report-uri/enforce 1
default-src * 'unsafe-inline' 'unsafe-eval' data:;media-src     'self'     blob:     https://*.speechstream.net;object-src 'none'; 1
frame-ancestors 'self' https://*.epoxytec.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-2vuHkErz0YOgn83GkNowPlf6FfADAectweO6t2fS09XpTWVV' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-f795dae17af64f0493f4c19ce08a90a5' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self' *.iphouse.com data: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; img-src 'self'  cdn.partsmartconnect.com data:; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-modals; base-uri 'self'; upgrade-insecure-requests; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com ; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com; script-src 'self' 'unsafe-inline' https://ari-cms.com/bundles/webcomponents/loginpromotion.js; connect-src 'self' https://ari-cms.com/; 1
default-src 'self'; child-src 'self' www.youtube.com chart.googleapis.com *.issuu.com https://drive.google.com https://static.genkgo.com https://wereldfietser.genkgo.app; connect-src 'self' *.google-analytics.com wereldfietser.containers.piwik.pro wereldfietser.piwik.pro stats.g.doubleclick.net *.analytics.google.com https://static.genkgo.com https://wereldfietser.genkgo.app; font-src 'self' fonts.gstatic.com https://static.genkgo.com https://wereldfietser.genkgo.app 'unsafe-inline'; img-src 'self' https://* https://static.genkgo.com https://wereldfietser.genkgo.app data:; media-src 'self' https://static.genkgo.com https://wereldfietser.genkgo.app; script-src 'self' *.googletagmanager.com *.google-analytics.com wereldfietser.containers.piwik.pro *.hotjar.com https://static.genkgo.com https://wereldfietser.genkgo.app 'unsafe-inline'; style-src 'self' fonts.googleapis.com hello.myfonts.net https://static.genkgo.com https://wereldfietser.genkgo.app 'unsafe-inline'; report-uri https://wereldfietser.nl/f/error-report/report/csp; upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-MI4U2LZHcdnK7iLTw+KA+LNvRnbO0p3WKInqN9nKiFnlgUn2' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.azureedge.net *.googleapis.com *.cloudfront.net *.google-analytics.com *.doubleclick.net; object-src 'self' 1
default-src 'self'; script-src 'self' *.youtube.com https://unpkg.com vjs.zencdn.net 'unsafe-inline' *.matomo.cloud cdnjs.cloudflare.com; style-src 'self' fonts.googleapis.com *.youtube.com https://unpkg.com 'unsafe-inline' vjs.zencdn.net cdnjs.cloudflare.com; img-src 'self' data: *.youtube.com *.youtube-nocookie.com; media-src 'self' *.youtube.com *.vimeo.com; frame-src 'self' *.youtube.com *.vimeo.com vzvz.dicciswarehouse.nl *.youtube-nocookie.com; font-src 'self' fonts.gstatic.com data:; connect-src 'self' *.matomo.cloud; report-uri /report-csp-violation 1
default-src 'none'; script-src 'self' https://analytics.benkel.org; style-src 'self'; object-src 'none'; base-uri 'self'; connect-src 'self' https://analytics.benkel.org; font-src 'self'; frame-src 'self'; img-src 'self' https://analytics.benkel.org; manifest-src 'self'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-NzovKIfLP3fQhwYVjyYcCS6WaqChkE4pCeAe04DqGQgld7TZ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://catcatnya.com; img-src 'self' data: blob: https://catcatnya.com https://cdn.catcatnya.com; style-src 'self' https://catcatnya.com 'nonce-P9L2HGQ3XIZcWnICR9zUFg=='; media-src 'self' data: https://catcatnya.com https://cdn.catcatnya.com; frame-src 'self' https:; manifest-src 'self' https://catcatnya.com; form-action 'self'; child-src 'self' blob: https://catcatnya.com; worker-src 'self' blob: https://catcatnya.com; connect-src 'self' data: blob: https://catcatnya.com https://cdn.catcatnya.com wss://catcatnya.com; script-src 'self' https://catcatnya.com 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-6aLG/tw+cUQeQcF4e4usrim2pZBcKbQU86krSSITsOpeQB79' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; base-uri 'none'; connect-src 'self'; font-src 'self' https:; form-action 'self'; frame-ancestors 'none'; frame-src https://www.youtube.com https://youtube.com; img-src 'self' https: data:; manifest-src 'none'; media-src 'none'; object-src 'self'; script-src 'self' 'nonce-7971211b1b6dd9a804d6b77c70e7d098'; style-src 'self' 'unsafe-inline' https:; worker-src 'none'; block-all-mixed-content 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Zheg5VcyaW+lH2JEQmJv6chfrAcXZuSHhyJwNN+Tm+DjeeO7' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-GDHkUiqsvRDRec138hYvJnE0V8V8HCbKU6JXehfldAi/KHgS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' prezero.de *.prezero.de prezero-international.com *.prezero-international.com; 1
frame-ancestors 'self' https://cybeready.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-poWhvd8mj3SPPAehrTCxPvfoaGfIH0soqwUSPdPT0YLjPBUR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.ddyun.com http://*.ddyun.com https://*.meiqia.com 'unsafe-inline';connect-src 'self' https://*.meiqia.com wss://*.meiqia.com https://*.baidu.com;script-src 'unsafe-eval' 'unsafe-inline' https://*.meiqia.com https://*.bdstatic.com https://*.ddyun.com http://*.ddyun.com https://*.baidu.com http://*.baidu.com;img-src 'self' https://aqyzmedia.yunaq.com https://*.baidu.com https://*.ddyun.com http://*.ddyun.com https://*.meiqiausercontent.com https://*.meiqia.com data: base64;font-src https://at.alicdn.com;form-action 'self';base-uri 'self';object-src 'none';frame-ancestors https://*.ddyun.com; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-eval' 'nonce-YjlkMTlhNzE2NGFlYmY3Mw=='; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://unpkg.com *.auth.adobe.com *.espncdn.com *.jsdelivr.net *.gstatic.com *.bootstrapcdn.com *.googleapis.com *.idvu.io *.apple.com *.google.com  *.disney.com *.digitalscreeners.com *.telerik.com *.labgency.us *.getbootstrap.com *.jquery.com *.w3.org *.akamaized.net *.blob.core.windows.net *.cloudflare.com *.google-analytics.com *.newrelic.com *.nr-data.net *.idviu.io *.idviu.com *.apivu.io *.apivu.com *.apivu.us *.apivu.io.co *.apivu.nyc *.foxmediacloud.com *.cloudfront.net *.cookielaw.org; img-src * 'unsafe-inline' data:; media-src * blob:;style-src * 'unsafe-inline' data:;font-src * 'unsafe-inline' data:;connect-src * 'unsafe-inline' *.idviu.io *.idviu.com *.apivu.io *.apivu.com *.apivu.us *.apivu.io.co *.apivu.nyc;frame-src * *.google.com   'unsafe-inline'; worker-src * blob: 1
default-src 'self' https: wss:; media-src 'self' https://a.storyblok.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.userback.io https://a.storyblok.com https://api.storyblok.com https://app.storyblok.com https://www.googletagmanager.com https://cdn.iubenda.com https://cs.iubenda.com nonce-MTlmMDljY2EtMDQwNS00MjcwLTllMTgtMTU1NTk3NTUzMzQ2 strict-dynamic; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://static.userback.io nonce-MTlmMDljY2EtMDQwNS00MjcwLTllMTgtMTU1NTk3NTUzMzQ2; img-src 'self' 'unsafe-inline' https://a.storyblok.com https://www.googletagmanager.com blob: data:; font-src 'self' https://use.typekit.net; base-uri 'self'; form-action 'self'; frame-ancestors https://app.storyblok.com 1
report-uri https://www.enerds.com.au 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'         static.ads-twitter.com         *.twitter.com         www.youtube.com         www.gstatic.com         www.google.com         cdn.jsdelivr.net         maps.googleapis.com         code.jquery.com         cdnjs.cloudflare.com         stackpath.bootstrapcdn.com         www.googletagmanager.com         connect.facebook.net         snap.licdn.com         *.hotjar.com         www.google-analytics.com         https://optimize.google.com         https://fonts.googleapis.com         www.googleadservices.com         client.crisp.chat         *.doubleclick.net 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.jbtec.eu; img-src *; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self'; object-src 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://glauca.space 'wasm-unsafe-eval' https://s.as207960.net; font-src 'self' https://glauca.space; img-src 'self' data: blob: https://glauca.space https://mastodon-data.content.as207960.net; style-src 'self' https://glauca.space 'nonce-QprUY/VkyzdX7EbmNO6ALg=='; media-src 'self' data: https://glauca.space https://mastodon-data.content.as207960.net; frame-src 'self' https:; child-src 'self' blob: https://glauca.space; worker-src 'self' blob: https://glauca.space; connect-src 'self' blob: data: wss://glauca.space https://glauca.space https://mastodon-data.content.as207960.net https://s.as207960.net; manifest-src 'self' https://glauca.space; form-action 'self' 1
default-src 'unsafe-inline' 'self' ajax.cloudflare.com cdnjs.cloudflare.com use.fontawesome.com;upgrade-insecure-requests 1
frame-ancestors https://*.easyvista-training.com https://*.easyvista.com https://*.hachette-livre.fr https://stokomani1.sharepoint.com ; 1
default-src 'self'; img-src 'self' data: blob: https://pbs.twimg.com https://jbuk-media.s3-eu-west-1.amazonaws.com https://jbuk-media-dev.s3-eu-west-1.amazonaws.com https://secure.gravatar.com https://graph.facebook.com *.fbcdn.net https://*.cdninstagram.com https://*.4sqi.net https://upload.wikimedia.org https://mastodon.thebeeches.house https://cdn.bsky.app; frame-src 'self' blob: https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-to csp-endpoint; report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce; 1
default-src 'self'; connect-src 'self' *.cookielaw.org *.onetrust.com bam.nr-data.net *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net *.facebook.com *.googleadservices.com *.creativecdn.com *.doubleclick.net *.googleapis.com; font-src 'self' *.onetrust.com *.fontawesome.com *.typekit.net *.gstatic.com; frame-src 'self' *.google.com *.doubleclick.net; img-src 'self' data: *.cookielaw.org s3.eu-west-3.amazonaws.com *.google-analytics.com *.jsdelivr.net *.typekit.net *.google.com *.facebook.net *.facebook.com *.googletagmanager.com *.doubleclick.net *.google.co.in *.googleapis.com *.gstatic.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cookielaw.org *.onetrust.com www.googletagmanager.com *.newrelic.com *.google-analytics.com *.google.com *.facebook.com *.facebook.net *.googleadservices.com *.creativecdn.com *.doubleclick.net cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.jsdelivr.net *.typekit.net *.onetrust.com *.fontawesome.com *.googleapis.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com https://use.typekit.net; worker-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.jungle-formula.it/report-uri/enforce 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-0Ix/1WrtuLcvDBNiUa5cfdCYnPfXPMOqU6yZNrokCOHkd78k' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-WA+fCCIXwin6p8n8Rs8iVaas8qigujEBIL0Dg/3TDhczdH1N' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-FYs8BwVh5YRycOVGXyUdB9TwQJ76wrzTURc0gw2fl8CLophr' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-msWrU1HtSw3+8UXJDUGjbuPoecSWpe6d8XL3Ka3mvyzuAVhH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src * data: blob:;script-src 'self' https://cdn.melhorenvio.com.br https://public.melhorenvio.com.br https://static.melhorenvio.com.br https://s3-sa-east-1.amazonaws.com/melhorenvio/ https://s3-us-east-1.amazonaws.com/melhorenvio-prod/ https://consent.cookiefirst.com https://maps.googleapis.com https://www.googletagmanager.com *.google-analytics.com https://www.pagespeed-mod.com https://googleads.g.doubleclick.net https://www.google.com https://www.gstatic.com https://www.googleoptimize.com https://www.youtube.com https://connect.facebook.net https://widget.intercom.io https://js.intercomcdn.com https://melhorenvio49545.activehosted.com *.criteo.com https://www.paypal.com https://www.paypalobjects.com *.clarity.ms https://js.userpilot.io https://www.datadoghq-browser-agent.com https://unpkg.com/ionicons@5.5.2/dist/ionicons/ https://cdn.pn.vg https://prism.app-us1.com *.taboola.com https://bat.bing.com *.pinimg.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://trackcmp.net *.googlesyndication.com https://www.googleadservices.com https://cdn.ckeditor.com/4.8.0/ data: 'unsafe-inline' 'unsafe-eval';style-src 'self' https://cdn.melhorenvio.com.br https://public.melhorenvio.com.br https://s3-sa-east-1.amazonaws.com/melhorenvio/ https://s3-us-east-1.amazonaws.com/melhorenvio-prod/ https://consent.cookiefirst.com https://www.gstatic.com https://fonts.googleapis.com https://cdn.ckeditor.com/4.8.0/ data: 'unsafe-inline';font-src 'self' https://cdn.melhorenvio.com.br https://public.melhorenvio.com.br https://s3-sa-east-1.amazonaws.com/melhorenvio/ https://s3-us-east-1.amazonaws.com/melhorenvio-prod/ https://fonts.gstatic.com https://fonts.intercomcdn.com https://use.typekit.net data:;worker-src * blob:;img-src * data: blob: 'unsafe-inline';frame-ancestors 'self' https://app.melhorenvio.com.br;report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pubd1dde361270103c22ae4e4183eba1a75&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service%3Amelhor-envio; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mirwarso.de; img-src 'self' https: data: blob: https://mirwarso.de; style-src 'self' https://mirwarso.de 'nonce-8ghiVbAMRqPwQDp07tcAwg=='; media-src 'self' https: data: https://mirwarso.de; frame-src 'self' https:; manifest-src 'self' https://mirwarso.de; form-action 'self'; child-src 'self' blob: https://mirwarso.de; worker-src 'self' blob: https://mirwarso.de; connect-src 'self' data: blob: https://mirwarso.de https://media.social.mirwarso.de wss://mirwarso.de; script-src 'self' https://mirwarso.de 'wasm-unsafe-eval' 1
default-src 'none'; base-uri 'none'; form-action 'none'; frame-ancestors 'none'; style-src 'self'; style-src-elem 'self'; img-src 'self'; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; font-src * data: blob:; media-src * blob:; connect-src * data: blob:; worker-src * blob:; report-uri https://csp-reporting.mag-news.it 1
default-src 'none'; img-src 'self'; media-src 'self'; style-src 'self'; frame-ancestors 'none' 1
default-src 'none';img-src 'self' https://*.msrd0.de;style-src 'self';form-action 'none';base-uri 'none';frame-ancestors 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.vodka; img-src 'self' https: data: blob: https://mstdn.vodka; style-src 'self' https://mstdn.vodka 'nonce-PvPgNDxRKLhUZaVAMIxSmg=='; media-src 'self' https: data: https://mstdn.vodka; frame-src 'self' https:; manifest-src 'self' https://mstdn.vodka; form-action 'self'; child-src 'self' blob: https://mstdn.vodka; worker-src 'self' blob: https://mstdn.vodka; connect-src 'self' data: blob: https://mstdn.vodka https://static.mstdn.vodka wss://mstdn.vodka; script-src 'self' https://mstdn.vodka 'wasm-unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-GC7ny1rUkrassOSGYg+2T61XZV1FpIBINVfSQHwhgDhVLi8G' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-IzFxn3h8/twu4cHksVsxH65iaxnnB4xD2Lk/WSY9HOBQ9FrR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-+2lIRdSXSTDy/0ChurRHt1jxsmgKxcqH1ZBV3bIszpyi24cd' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-bK9o9ykp3Cr753iH1/IXlZebVk+p3YQKDlrj9SRG/Dazx8f1' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'strict-dynamic' 'self' 'nonce-BDQhDsmt9VmRYMpjRz5PIw==' 'report-sample'; report-uri /mybusinessactivities.onmicrosoft.com/B2C_1_IQR_CustomerPortal/client/cspreport?p=B2C_1_IQR_CustomerPortal 1
default-src 'self' https://liveapi.mygameinfo.com/ https://myweb-data.s3.amazonaws.com/; img-src 'self' data: https://d3uy2ll4dnxh6.cloudfront.net/ https://myweb-data.s3.amazonaws.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'none' 1
default-src 'self' https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.googlesyndication.com/ https://www.tntv.pf; media-src 'self' blob: https://ooyalaeuwest.streaming.mediaservices.windows.net https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://manifest.prod.boltdns.net https://*.2mdn.net/ https://*.gvt1.com/ https://www.tntv.pf https://*.youtube.com https://*.dailymotion.com; font-src 'self' data: https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.lfp.fr https://use.fontawesome.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.lfp.fr https://*.myligue.fr https://*.opta.net https://*.privacy-center.org https://*.newrelic.com https://story.tl https://widget.ausha.co https://az416426.vo.msecnd.net https://vjs.zencdn.net https://acdn.adnxs.com https://s0.2mdn.net https://cdn.ampproject.org https://cdn.syndication.twimg.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.googletagservices.com https://*.google.fr https://*.googlesyndication.com https://*.googleapis.com https://*.doubleclick.net https://players.brightcove.net https://*.facebook.net https://*.twitter.com https://*.instagram.com https://*.youtube.com https://*.dailymotion.com ; style-src 'self' 'unsafe-inline' https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.lfp.fr https://*.myligue.fr https://*.opta.net https://*.ausha.co https://story.tl https://use.fontawesome.com https://players.brightcove.net https://*.googleapis.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://*.twitter.com https://*.youtube.com https://*.dailymotion.com https://*.instagram.com; child-src 'self' blob: https://*.myligue.fr https://cartemercatoligue1.com https://www.cartemercatoligue1.com https://story.tl https://*.sporcle.com https://*.ausha.co https://*.global-mmk.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googleapis.com https://*.doubleclick.net https://players.brightcove.net https://*.twitter.com https://*.facebook.com https://*.youtube.com https://*.dailymotion.com https://*.instagram.com https://*.linkedin.com https://*.spotify.com; img-src 'self' data: https://*.myligue.fr https://*.lfp.fr https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://lspcridevglcdn.azureedge.net https://lspemeintglcdn.azureedge.net https://lspsapuatglcdn.azureedge.net https://lsprubpreglcdn.azureedge.net https://lspisphereglcdn.azureedge.net https://lspprdglcdn.azureedge.net https://lfpimageproxy.azureedge.net https://cf-images.us-east-1.prod.boltdns.net https://cf-images.eu-west-1.prod.boltdns.net https://*.google.com https://*.google.fr https://*.googlesyndication.com https://*.googletagmanager.com https://*.gstatic.com https://play-lh.googleusercontent.com https://*.doubleclick.net https://secure-cf-c.ooyala.com https://publish.lfpstg.ooflex.net  https://metrics.brightcove.com https://*.opta.net https://*.privacy-center.org https://story.tl https://widget.ausha.co https://*.twitter.com/ https://*.instagram.com https://*.facebook.com https://*.youtube.com https://*.dailymotion.com https://*.twimg.com https://ib.adnxs.com; connect-src 'self' https://*.ligue1.fr https://*.ligue2.fr https://*.ligue1.com https://*.lfp.fr https://*.doubleclick.net https://dc.services.visualstudio.com https://licensing.bitmovin.com https://*.mediaservices.windows.net https://csi.gstatic.com https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://house-fastly-signed-us-east-1-prod.brightcovecdn.com https://house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://bcbolt446c5271-a.akamaihd.net https://*.googlesyndication.com https://*.privacy-center.org; frame-ancestors 'self' https://*.myligue.fr; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; 1
frame-ancestors 'self' *.ci360.sas.com; upgrade-insecure-requests; 1
frame-ancestors 'self'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action 'self' https://www.southerncarlson.com/stores/store/redirect/ https://www.clavos.com/stores/store/redirect/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ *.adobe.com *.bluecore.com *.googleapis.com *.fontawesome.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com unsafe-inline *.yotpo.com 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://acsbapp.com/ https://api.bluecore.com/ https://bam.nr-data.net/ https://blueacorn.atlassian.net/ https://h.online-metrix.net/ https://imgs.signifyd.com/ https://js-agent.newrelic.com/ https://polyfill.io/ https://request.eprotect.vantivprelive.com/ https://storage.googleapis.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://assets.adobedtm.com/ https://web-sdk.aptrinsic.com/ https://request.eprotect.vantivcnp.com/ assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.bluecore.com *.googleapis.com www.xtento.com cdn.xtento.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.cloudflare.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://imgs.signifyd.com/ https://*.e.aa.online-metrix.net/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.com.ua/ https://www.googletagmanager.com/ https://amcglobal.sc.omtrdc.net/ https://web1.acsbapp.com/apps/app/dist/media/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.bluecore.com *.googleapis.com www.xtento.com cdn.xtento.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; frame-src https://h.online-metrix.net/ https://imgs.signifyd.com/ https://request.eprotect.vantivprelive.com/ https://www.google.com/ https://request.eprotect.vantivcnp.com/ fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.googletagmanager.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.xtento.com *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com/ *.fontawesome.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; connect-src 'self' https://api.bluecore.app/ https://bam.nr-data.net/ https://bt.signifyd.com:1103/ https://cdn.acsbapp.com/ https://imgs.signifyd.com/ https://stats.g.doubleclick.net/ https://td73zulx99-dsn.algolia.net/ https://www.google-analytics.com/ https://esp-m.aptrinsic.com/ dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.bluecore.com *.googleapis.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; default-src 'none' 'self' 'unsafe-inline' 'unsafe-eval'; worker-src https://www.google.com/; 1
default-src 'self' 'unsafe-inline' *; font-src *; img-src * data:, script-src cdnjs.cloudflare.com 'self' 'unsafe-inline'; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline'; 1
default-src 'self'; font-src fonts.gstatic.com; style-src 'self' fonts.googleapis.com; object-src 'none' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://ajax.googleapis.com https://www.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com https://player.vimeo.com https://snap.licdn.com https://cdn.cookielaw.org https://bat.bing.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com  https://static.axept.io https://www.clarity.ms https://t.novius.net https://cdn.novius.net; object-src 'self'; worker-src blob: 1
default-src 'self' pinned-nerdsonsite:; frame-ancestors 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-VGtsX0usHEEuk79VqJp3JHsRYCUSXN77e4medXn0QKEjaPdH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-AMML6D4B83haxgbir/wHtroU/7ZMnYWqeEqcIlVrcHgM8IrM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
connect-src 'self' https://o1055295.ingest.sentry.io https://analytics.google.com https://browser.sentry-cdn.com;script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://www.googletagmanager.com https://d3e54v103j8qbb.cloudfront.net https://ajax.googleapis.com https://www.google.com/recaptcha/api.js https://www.gstatic.com;script-src-attr 'self' 'unsafe-inline';media-src 'self' https://static.nilus.rocks;script-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://browser.sentry-cdn.com https://www.googletagmanager.com https://ajax.googleapis.com https://d3e54v103j8qbb.cloudfront.net https://www.google.com/recaptcha/api.js https://www.gstatic.com https://ajax.cloudflare.com;img-src 'self' https://www.google.com.uy;frame-src 'self' https://www.google.com/;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-a/u8ZUqlE4+3A9Oz8iDq7n0xmHBZ8klUedtC9dkPnWgAPe3c' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-3gGi+AyZ0Bg+wqgXZr1cwcDqXdwQrh3ZfnkGwv+1tsZzP8hf' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-ckMgof7FaXh57AEvX5U5IveXVK3nXddgjnae00RdrThMVsPf' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-6+IxLruQrAETWvQoDs1Ff79nOXgmhEzTnv67WTUUHe5BMiGU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-ZiZ9iMwRCQPjVFhSwjp3XAsylkU41JKS/cqEEviOwDQzo/B2' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-aid0w9ha1yKYBpSeIXMraGZVq+z1kpccSS6nDg2Wg+lDwI0m' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-zgIvU7hCzgzY/uYsAnGbv/f6+JTHwc31DKwcH5T7sOXh1GXV' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-VGqr2XXqyUO2fPIpb1wajCvchWVGhucCBpSYV1Ftvej1VMO5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
img-src data: https: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-PPJBiGWiwjAkL3rVgmOI5/eyec3XaFUM7O1XP53UjRuWqhfJ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-oJgWLTvY0Pw87sOqb4Xp2zo7v65N5EFyPhXOZOY5tDn9hDZD' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-1fGnTUnQH2ayxcFfBv/zZvBrLARPnvnzoSjgEBafWRO8Q5HG' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-svJixDETVQ/kQ9oM+tRxd4rwsAHzaQMWWjc3KCO2Dt1FnbOW' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-G+33bbmx16sgpnhB8Vkl88ZUnk5iBm75YpIu+JujoeIfpD33' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-mHRn6gWzZIFlkjcJe/yeQgzjP7DllQaGNbH4T7j3VALUXWax' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Dxz0yPFjooS7XYAGceiTDvdQJzVPbZu/t1/BU87ux6pcDL/Y' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-DJE/u6hsgcA/8mxMNhmlXXAFKCXKyFGSR68PUjNOcO/J6ga/' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-k87m9IaOUamaGPNhWTHG+QBqEhoKZz6yst0hkMYUjWn0kZSE' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-RJ4TpYdDSDubJs1Te79wPFt5BVVMNQIayb8hoaku1kXg9IbF' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-9QvJuKJhNqWR612bawuq8X8XpqMTAKwQgpqW5Ub464OEXQxf' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-mmJya/xQWDascE/0wCXVqsKtsrIgXEywj+WnFXbAl5EIy2cE' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-/2oF21SSRXmtNVoYvSHn/Rp84DIuZSzCOnTtG4q61P1r9Eja' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-aFhplLo4R592k3cOdhH6dLHIdVmgkF/D/X3+ZH8i7NMPIaCR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-FwimydgSlkblooSBKTafAfMK+9TzqCAD3Wb5oFw9jr8FV1I3' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-lJ19YCzSxDMbfafO9UQWS3dnp1wnfB3LiP7VZhNI+rRodqJL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-4KUroBLRvWI+mOR4dAcEC+2Z8toL9u7UEOjsHdo3+ymu9xI4' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-rl2mb9AvCicpqP+Qt8HS/qGWvw0852Afc4JDkVTmOfSBNwiJ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-8iXU03z45P+R/Kw9aH807ikvDsdJskfjeO42S7A3qScGjUfC' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-HTHCqluRON7rV/LZzRW9Ghsk4if8jKe/TmNPQHykRbm+gx91' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-A1RayjXwH3d05APdLAjM2TiiXlV+6dKdEoNTHz30pbRV+6gS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-ipEwUXCd8N1awqmWclYP45i5EwHLP4r8LOy+cfJ7w4nxVhH8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-QCYnFDoyIPnVIoWzNS0zEKDOq9n24P4jdJA3SUdCU/+wOTzo' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-fj/QA0MTgFoI0ijXJgWExS9LmfSKfc6VR4fOU+MleqEBk8cW' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-A+yh7aYVy2DXVil/5tgdvWrKtGQQx9Jvq++bT88I2FEAjsIw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-CVTt4ozAgnlm1BS9Ckoceu/fbsHIVrmQi4Q3THBELJIbYBQd' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-lG+6t5XVbUPusYvtjPLk6/eZ8FUEJtW7MAReKoRKr/oT3TKO' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-PIEqAaZT9P+wa5ULUR3O/sqBcj/hmwIUdNyL1kZhWPY5rdZr' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-seKZpHMD/RDIrq4NhM2G6uHK7H8SdzP20sNTpN9And5LSWK+' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-v7OnbUZ79Vs0b2ToskmRqL1BVP3GCsd2aB0Jw7esTXt76UWo' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-LdFpJ46uR2SdFY8tXQXVYb76H0As8VhGT4OOh472KXS4azfT' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-A/DU7jWEF4TVLf0YAVMDGaRcicuiyhtU2MiLLNnspUkrzKtp' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-7simZXTdX7Ml0ThIvDDdiOa7kUgF1x8DYQa3CtiKKILAuloI' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-+eNTOKfQABBajeJ4QsY0HTBXVqqYcv0bM6qxswEDgMb5DkRC' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-g7h8BNX+K7PyBg91TrOciOz8NsLRvMeEHQVLFsKSZ27jnUW8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-qxINvDS6OQZ6YtHN8py55sL/yAkVxsEuKQvr+pLkKCDqLi2u' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-bQYGdOr15O4hnGHSXRg5p/a/PYblxv5+GxPqs7hPbEbM2vR3' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-sf5lMCUljNAZ4xVXzLbesBXpWbx7NQO0KwW4XP+AjM9iHkTa' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-L8r85Vbqz2B+G3kNbgOGx/+Mj56+LNRAQZERqpMLekU+3Bm6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-loV001/aEAFGkBQ7311VNdea3hSBVgcIqh29RkdYyEGVGvEf' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-G8Fs1ruC5oLOMBeqD+qyI2oOSiEbBWTdPnwb5oGQdRYkrFb3' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-wWC6pa/mi/DL2ZCq8x5Y2+odoEHuYMvR6wepTwnLaIO1nMAT' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-oZoJ8UEP+HnnZm4nmKk28KNevpIbrKCi+cTSz2mc2tKnKxmp' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-w7/qJWnWOnNYF7XVbAYq6ZL4gKmhvlWqlovYRCUz3YdtsMpM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-+Sgonvn25V6YrrJLjJ5JtEM9Ln8NuxpsGhA3QjxZFUaujXuw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-J2QJyPHSxjRA48UMjbPgau3oR3AuxjAqFJd0+/LreXgUHeXm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-uBY5uxP16dADd/RLI449wXu63hd13KbZoWXeFJNlAq0mOOik' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-+g/PkiBq2hGhUfLkrLf1rWrvrCf6c7I0TPU/OvkVm9w7hmIb' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-nWbMZmTlvDYTyA3wi78Er3BXkyBWCRRFnSsY8AtyihS8LSnl' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-lc39wjEb0Dj/mxS3sjL1t/E51PGmVkkEb01anFuAMYqTy9Et' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-PrmxRx2q4UtigR2osG4tdyTGXTVpFNxUPfd2lctZKfx/W783' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-H5jjYvS/qVHoDHdcgd7P9lVcbulw1lw/RaxrNSnilYb6QaB0' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-nGTP86AZAVpo2QGIeGyX9uYuHtcsTwqu7+mXjFiaiUs5aFeK' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-JQszows2pjpDfS0x57w6DnuCtCFSBD7YuXRabClDPE6Xbaql' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-gO8oL8iu8KAQAv8WAyQpOYzHJJpzUQO9oTYCVLbHFjfaWHRR' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-6aqT9AbQy4+snEI8ULjDAXXmMUh7kgR3AjD4ZXRXDutoBBpU' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-VBAdQSwCiAmKHA00WJ3SH1ukPKUXuYwpFG3jtRCT6W42xyVw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-um2BKkRJaRvEkHihhRIuf4B2gqCmnIpQTyeKGI++59+phfAq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-+wBU4Nu3Rb+bd8o/vW/BCQvLW1Pnnep219T6v8lSWS9Oy+tO' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-m4zMVF51hifKiGIW+PM43epvKy2WZozj2zEAhD3/LhdB/6tJ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pegelinux.top; img-src 'self' data: blob: https://pegelinux.top https://media.fedi.my.id/pglx/; style-src 'self' https://pegelinux.top 'nonce-jvXyb3zI/SaVRgjmYnEdoA=='; media-src 'self' data: https://pegelinux.top https://media.fedi.my.id/pglx/; frame-src 'self' https:; manifest-src 'self' https://pegelinux.top; form-action 'self'; child-src 'self' blob: https://pegelinux.top; worker-src 'self' blob: https://pegelinux.top; connect-src 'self' data: blob: https://pegelinux.top https://media.fedi.my.id/pglx/ wss://pegelinux.top; script-src 'self' https://pegelinux.top 'wasm-unsafe-eval' 1
default-src 'self' *.amazonaws.com *.zendesk.com;style-src 'self' 'unsafe-inline' localhost;font-src 'self' localhost blob: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' static.zdassets.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com localhost;object-src 'self'; img-src 'self' *.amazonaws.com *.google-analytics.com *.analytics.google.com www.novalnet.de localhost data: blob:;media-src 'self';connect-src localhost *.zdassets.com *.zendesk.com *.google-analytics.com *.analytics.google.com t.plcnextstore.com 'self';frame-src localhost 'self' proficloud-dev.github.io/plcnextstore-mvp/3pc.html consent.cookiebot.com consentcdn.cookiebot.com blob:;report-uri /service/api/csp-report 1
default-src 'self'; connect-src 'self' *.cookielaw.org *.googleapis.com *.onetrust.com www.google-analytics.com bam.nr-data.net; font-src 'self' *.gstatic.com *.onetrust.com *.fontawesome.com; frame-src 'self' *.doubleclick.net; img-src 'self' data: *.cookielaw.org *.doubleclick.net *.googleapis.com *.gstatic.com s3.eu-west-3.amazonaws.com www.googletagmanager.com www.facebook.com; media-src 'self' s3.eu-west-3.amazonaws.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.cookielaw.org *.facebook.net *.googleapis.com *.onetrust.com www.googleadservices.com www.googletagmanager.com *.newrelic.com cdn.jsdelivr.net cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.googleapis.com *.onetrust.com *.fontawesome.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://use.fontawesome.com; worker-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.probify.it/report-uri/enforce 1
frame-ancestors 'self' *.atlassian.net *.vsassets.io *.azure.com *.visualstudio.com chrome-extension://nnddcnfpihodaooabkngahnjimbpoehp 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  blob:; img-src 'self' data:;worker-src blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://pubeurope.com; img-src 'self' https: data: blob: https://pubeurope.com; style-src 'self' https://pubeurope.com 'nonce-LXyKImU7f3FcvsNJxbRX4A=='; media-src 'self' https: data: https://pubeurope.com; frame-src 'self' https:; manifest-src 'self' https://pubeurope.com; form-action 'self'; connect-src 'self' data: blob: https://pubeurope.com https://media.pubeurope.com wss://pubeurope.com; script-src 'self' https://pubeurope.com 'wasm-unsafe-eval'; child-src 'self' blob: https://pubeurope.com; worker-src 'self' blob: https://pubeurope.com 1
default-src 'none';base-uri 'none';frame-src 'none';frame-ancestors 'none';form-action 'none';upgrade-insecure-requests;sandbox 1
base-uri 'none'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' https://img.quanti.cz https://www.google.cz https://region1.google-analytics.com https://ct.leady.com https://www.facebook.com https://maps.gstatic.com https://maps.googleapis.com https://www.linkedin.com https://www.google-analytics.com https://px.ads.linkedin.com https://maps.gstatic.com data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https://hello.myfonts.net https://fonts.googleapis.com https://maps.googleapis.com 'unsafe-inline'; script-src 'self' 'nonce-leFwxSinFadfnsFSAUoCuw==' 'strict-dynamic' https://web-sdk.smartlook.com https://ct.leady.com https://www.quanti-web-prod.quanti.cz https://www.googletagmanager.com https://snap.licdn.com https://connect.facebook.net https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://rec.smartlook.com blob; upgrade-insecure-requests; default-src 'self'; connect-src 'self' data: https://www.quanti.cz https://www.quanti-web.quanti.cz https://www.quanti-web-be-testing.quanti.cz https://www.quanti-web-be-prod.quanti.cz https://maps.googleapis.com https://www.google.cz/ https://region1.google-analytics.com https://region1.analytics.google.com/ https://www.facebook.com/tr/ https://manager.eu.smartlook.cloud https://ct.leady.com https://px.ads.linkedin.com https://stats.g.doubleclick.net;; media-src 'self' https://img.quanti.cz; frame-src 'self' https://td.doubleclick.net; 1
default-src 'self'; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' https://maps.googleapis.com https://maps.gstatic.com https://www.google-analytics.com; img-src 'self' https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://www.google-analytics.com data:; connect-src * ws: wss: 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-chD1dKIh01TmwEQACswDiA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com bat.bing.com static.ads-twitter.com www.googletagmanager.com d335luupugsy2.cloudfront.net stats.wp.com webchatapi.robbu.global integrations.robbu.global snap.licdn.com www.google-analytics.com static.hotjar.com connect.facebook.net amplify.outbrain.com cdn.taboola.com www.clarity.ms script.hotjar.com wave.outbrain.com tr.outbrain.com trc.taboola.com www.google.com.br *.wp.com cdnjs.cloudflare.com lh4.googleusercontent.com lh3.googleusercontent.com; style-src 'self' 'unsafe-inline' c0.wp.com fonts.googleapis.com *.wp.com; img-src 'self' data: t.co analytics.twitter.com i0.wp.com pixel.wp.com bat.bing.com px.ads.linkedin.com storage.robbu.global www.facebook.com www.google.com px4.ads.linkedin.com lh4.googleusercontent.com lh3.googleusercontent.com www.google.com.br *.wp.com secure.gravatar.com robbublob2.blob.core.windows.net www.lh3.googleusercontent.com; connect-src: 'self' px.ads.linkedin.com robbu.global; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rubber.social; img-src 'self' https: data: blob: https://rubber.social; style-src 'self' https://rubber.social 'nonce-bvIDtJezoc4lUB2UqQ+17w=='; media-src 'self' https: data: https://rubber.social; frame-src 'self' https:; manifest-src 'self' https://rubber.social; form-action 'self'; child-src 'self' blob: https://rubber.social; worker-src 'self' blob: https://rubber.social; connect-src 'self' data: blob: https://rubber.social https://media.rubber.social wss://rubber.social; script-src 'self' https://rubber.social 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ruinous.social; img-src 'self' https: data: blob: https://ruinous.social; style-src 'self' https://ruinous.social 'nonce-00WH5+mOrOl5UnozTEN0yg=='; media-src 'self' https: data: https://ruinous.social; frame-src 'self' https:; manifest-src 'self' https://ruinous.social; form-action 'self'; child-src 'self' blob: https://ruinous.social; worker-src 'self' blob: https://ruinous.social; connect-src 'self' data: blob: https://ruinous.social https://files.ruinous.social wss://ruinous.social; script-src 'self' https://ruinous.social 'wasm-unsafe-eval' 1
default-src 'self' speedtest.avantiplc.com;img-src 'self';script-src 'self' code.highcharts.com 'unsafe-inline';style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com;report-uri /csp-report; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://social.savemy.name; img-src 'self' https: data: blob: https://social.savemy.name; style-src 'self' https://social.savemy.name 'nonce-krRBqdTDkq0eBj7UFVF8VQ=='; media-src 'self' https: data: https://social.savemy.name; frame-src 'self' https:; manifest-src 'self' https://social.savemy.name; form-action 'self'; child-src 'self' blob: https://social.savemy.name; worker-src 'self' blob: https://social.savemy.name; connect-src 'self' data: blob: https://social.savemy.name https://storage.social.savemy.name https://social.savemy.name; script-src 'self' https://social.savemy.name 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://schreibt.jetzt; img-src 'self' https: data: blob: https://schreibt.jetzt; style-src 'self' https://schreibt.jetzt 'nonce-cZWVQ+D56boDldteZOZo4w=='; media-src 'self' https: data: https://schreibt.jetzt; frame-src 'self' https:; manifest-src 'self' https://schreibt.jetzt; form-action 'self'; child-src 'self' blob: https://schreibt.jetzt; worker-src 'self' blob: https://schreibt.jetzt; connect-src 'self' data: blob: https://schreibt.jetzt https://schreibt.jetzt wss://schreibt.jetzt; script-src 'self' https://schreibt.jetzt 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.iconnode.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.segment.com *.segment.io *.fontawesome.com *.wistia.net *.windows.net www.stanleysecuritysolutions.com *.adroll.mgr.consensu.org *.subscribers.com *.6sc.co *.adroll.com *.omappapi.com *.callrail.com *.police.uk *.stanleysecurity.com *.stanleycss.com *.pardot.com *.wistia.com *.google.com *.google.fr *.google.be *.google.nl *.google-analytics.com *.googleapis.com *.formstack.com *.jsdelivr.net *.addtoany.com *.googletagmanager.com *.gstatic.com *.googleadservices.com *.bing.com *.go-mpulse.net *.akamaihd.com *.akamaihd.net *.janraincapture.com *.rpxnow.com *.nr-data.net *.newrelic.com *.marketo.net *.marketo.com *.youtube.com *.ytimg.com *.onetrust.com *.cookielaw.org *.drift.com *.driftt.com *.reevoo.com *.pricespider.com *.cloudfront.net *.mapbox.com *.hotjar.com *.doubleclick.net *.linkedin.com *.licdn.com *.ads.linkedin.com *.facebook.net *.facebook.com rpxnow.com *.googleoptimize.com resource://pdf.js app-ab06.marketo.com cdn.jsdelivr.net cdnjs.cloudflare.com d8ejoa1fys2rk.cloudfront.net maps.googleapis.com polyfill.io unpkg.com www.google.com *.googleapis.com *.adnxs.com *.mktoweb.com *.visualwebsiteoptimizer.com *.iconnode.com  *.demandbase.com; object-src 'none'; style-src 'self' 'unsafe-inline' 'unsafe-eval' lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.nl *.google.fr *.police.uk *.google.be *.cloudflare.com *.formstack.com *.jsdelivr.net *.marketo.net *.marketo.com *.google-analytics.com *.googleapis.com *.reevoo.com *.pricespider.com *.cloudfront.net in.hotjar.com *.mapbox.com *.typekit.net p.typekit.net *.googletagmanager.com *.mktoweb.com; img-src 'self' data: blob: *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.ae *.police.uk *.adroll.com *.subscribers.com *.6sc.co *.wistia.com *.cookielaw.org *.google.nl *.google.be *.google.fr *.jsdelivr.net s3.amazonaws.com *.formstack.com *.googleusercontent.com *.google.com.ua *.facebook.com *.facebook.net *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.linkedin.com *.googleapis.com *.google.co.in *.googletagmanager.com *.gstatic.com *.ggpht.com *.akamaihd.net *.google.by *.ytimg.com *.reevoo.com *.pricespider.com *.cloudfront.net *.doubleclick.net *.bing.com *.hotjar.com *.marketo.com *.google.am *.google.co.uk *.google.ca *.securitastechnology.com *.mktoweb.com *.nr-data.net *.visualwebsiteoptimizer.com *.stanleysecurity.com id.rlcdn.com *.company-target.com *.demandbase.com; media-src 'self' data: blob: *.fontawesome.com *.wistia.net *.windows.net *.driftqa.com *.driftt.com *.googletagmanager.com *.wistia.com *.stanleysecurity.com; frame-src 'self' *.google.com *.stanleysecurity.co.uk stanleyblackanddecker.ent.box.com *.police.uk *.twitter.com *.stanleysecurity.com *.stanleycss.com www.google.nl www.google.fr www.google.be *.marketo.net *.stanleyhealthcare.com *.stanleyaccess.com *.wistia.com *.wistia.net *.marketo.com *.doubleclick.net *.facebook.com *.facebook.net *.googletagmanager.com *.hotjar.com *.janraincapture.com *.youtube.com *.drift.com *.driftt.com *.drift.click *.reevoo.com *.pricespider.com *.reachmee.com *.stanleysecurity.fr *.mktoweb.com *.securitastechnology.com *.company-target.com *.visualwebsiteoptimizer.com; frame-ancestors 'self' *.clarity.ms lxp-pr-cac-cdnve.azureedge.net *.lexop.com *.fontawesome.com *.wistia.net *.windows.net *.google.com *.google.ae *.police.uk *.adroll.com *.subscribers.com *.6sc.co *.wistia.com *.cookielaw.org *.google.nl *.google.be *.google.fr *.jsdelivr.net s3.amazonaws.com *.formstack.com *.googleusercontent.com *.google.com.ua *.facebook.com *.facebook.net *.ads.linkedin.com *.adsymptotic.com *.google-analytics.com *.linkedin.com *.googleapis.com *.google.co.in *.googletagmanager.com *.gstatic.com *.ggpht.com *.akamaihd.net *.google.by *.ytimg.com *.reevoo.com *.pricespider.com *.cloudfront.net *.bing.com *.hotjar.com *.stanleysecurity.com *.stanleycss.com *.securitastechnology.com securitastechnology.com; child-src 'self' *.fontawesome.com *.wistia.net *.windows.net *.pardot.com *.stanleycss.com *.googletagmanager.com; worker-src 'self' data: blob: *.securitastechnology.com; font-src 'self' data: *.fontawesome.com *.wistia.net *.windows.net *.cloudflare.com *.formstack.com *.jsdelivr.net *.googleapis.com *.googleusercontent.com *.gstatic.com *.typekit.net *.hotjar.com d8ejoa1fys2rk.cloudfront.net/5.0.5/includes/fonts/ *.googletagmanager.com *.wistia.com; connect-src 'self' *.akamaihd.net *.segmentapis.com *.clarity.ms *.segment.io *.segment.com *.fontawesome.com *.wistia.net *.windows.net *.doubleclick.net *.6sense.com *.litix.io *.police.uk *.ip-api.com *.6sc.co *.adnxs.com *.subscribers.com *.wistia.com *.callrail.com *.google.com www.google.nl www.google.fr www.google.be *.facebook.com *.facebook.net wss://*.hotjar.com *.driftcdn.com *.googleapis.com *.google-analytics.com *.mktoresp.com *.bing.com *.googlevideo.com *.hotjar.com *.hotjar.io *.nr-data.net *.onetrust.com *.cookielaw.org wss://*.driftt.com *.reevoo.com *.mapbox.com d8ejoa1fys2rk.cloudfront.net/5.0.5/modules/compactview/i18n/en.json *.bynder.cloud p11.techlab-cdn.com cdn.linkedin.oribi.io *.googletagmanager.com *.oribi.io *.securitas.com *.mktoutil.com *.securitastechnology.com *.googleadservices.com googleadservices.com *.googlesyndication.com *.visualwebsiteoptimizer.com *.iconnode.com *.company-target.com *.demandbase.com *.linkedin.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' data: www.google-analytics.com;  script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline' data: https://fonts.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com; frame-src 'unsafe-inline' 'self' https://www.google.com; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self' 'unsafe-inline' data: https://sistema.messagecenter.com.br; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-e0odq4p5VQtG+Mg6WsPXHgocM9VyldhALclelrO4af2ipGaC' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-9YmHH+1pqeB9FtOUlCZCw+NAdzapT06Qmr94pN6TtQgoBCSS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-L5+pj5L+SAESdpor62E18MQyxvnW/uGi2v04+9gn0QsPSO6t' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Fp4X/MoTyumWIUAYuhTc9UZ30vECuJl7IjUzKnSYRxgVRLh2' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://socia.dev; img-src 'self' https: data: blob: https://socia.dev; style-src 'self' https://socia.dev 'nonce-I81/tWY8yb1hzestlI3kcw=='; media-src 'self' https: data: https://socia.dev; frame-src 'self' https:; manifest-src 'self' https://socia.dev; form-action 'self'; child-src 'self' blob: https://socia.dev; worker-src 'self' blob: https://socia.dev; connect-src 'self' data: blob: https://socia.dev https://s3.wasabisys.com wss://socia.dev; script-src 'self' https://socia.dev 'wasm-unsafe-eval' 1
default-src 'self' *.solariangstrom.it solariangstrom.it; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.solariangstrom.it *; img-src * data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.solariangstrom.it *; font-src 'self' *.solariangstrom.it data: *; child-src blob: *; connect-src *; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-VeZhUtpTP6HlX2+6iHgHeMtDqR5FhEWWg8eeUXN7buiU6NFT' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-ojLWQd8HKwqAEOiJQSHFA01EoYzT5vaHiw1qi7C+OVdzp4GP' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-pHAbxJLnjIoq5lfQpuf+XcqfSvJqHRkLXE54D/LOH5K8NJjH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' widgets.wp.com matomo.stop.pe www.google.com www.gstatic.com cdn.plyr.io stop.pe blob:; font-src 'self' 'unsafe-inline' c0.wp.com s0.wp.com data:; img-src 'self' i0.wp.com s0.wp.com pixel.wp.com secure.gravatar.com data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' c0.wp.com s0.wp.com stats.wp.com vjs.zencdn.net matomo.stop.pe www.google.com www.gstatic.com stop.pe blob:; style-src 'self' 'unsafe-inline' vjs.zencdn.net c0.wp.com s0.wp.com; frame-ancestors 'none'; upgrade-insecure-requests; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-WkI3I44dVHTLYde87E0ozIUT/claceRzltJcObFdMah6qMUh' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-nLFdsk8RMbETvv1AThKBOb3bb7Rf+yB8F/CT85WACtFgiTnW' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' cp.tejaratinsurance.com my.tejaratinsurance.com customer.tejaratnoins.ir my.tejaratnoins.ir mobile.tejaratnoins.ir api.neshan.org 1
default-src data: 'self' https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'  https://consentcdn.cookiebot.com https://consent.cookiebot.com https://maps.google.com https://*.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; connect-src 'self' https://consentcdn.cookiebot.com https://maps.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net; img-src data: blob: https://imgsct.cookiebot.com https://img.youtube.com https://www.google.com https://www.google.pl https://maps.gstatic.com https://maps.google.com 'self' https://*.g.doubleclick.net; style-src 'unsafe-inline' https://fonts.googleapis.com 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; frame-src https://consentcdn.cookiebot.com/ https://www.youtube.com https://www.google.com 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data:; img-src * data:; media-src 'self';object-src 'none'; base-uri 'self';frame-ancestors 'self' https://www.jobs-im-allgaeu.de;form-action 'self' https://*.tq-group.com https://*.facebook.com; 1
default-src * data: mediastream: blob: filesystem: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self'; object-src 'none'; base-uri 'none' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://unnerv.jp; img-src 'self' https: data: blob: https://unnerv.jp; style-src 'self' https://unnerv.jp 'nonce-XTryckv1YKo04beF86ONRg=='; media-src 'self' https: data: https://unnerv.jp; frame-src 'self' https:; manifest-src 'self' https://unnerv.jp; connect-src 'self' data: blob: https://unnerv.jp https://media.unnerv.jp wss://streaming.unnerv.jp; script-src 'self' https://unnerv.jp; child-src 'self' blob: https://unnerv.jp; worker-src 'self' blob: https://unnerv.jp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-fdUHkh7nhAPAkFpjJZumOB9hpjFjGHoZ8Cf3PyNz+PE/GtWl' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-XHwF52AQlaahMS3ZPGtVXlUe49yRpiCvs5cp8lZYRRfMEzec' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-lhwAIkat/7Q8yUUpsk/CaANScxEZfQSpeL7DtGg2ZvaZYfCD' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; frame-ancestors 'none'; script-src 'unsafe-eval' 'nonce-3zA90h2cVg67l'; object-src 'none'; img-src 'self' data: https: 'unsafe-inline'; style-src-elem 'self' https: 'unsafe-inline'; font-src 'self' https: 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https: 'unsafe-inline'; connect-src https: wss: 'unsafe-inline'; script-src-elem 'self' https: 'unsafe-hashes' 'unsafe-inline'; base-uri 'self' ; script-src-attr 'self' https: 'unsafe-inline'; form-action 'self' http: https: 'unsafe-inline'; media-src 'self' https: 'unsafe-inline'; 1
style-src https://www.paypal.com/ https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; base-uri 'self'; script-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ 'nonce-88dfc14a63294cfeccd6fb55a465ab17' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/ https://*.yodlee.com/ https://cdn.amplitude.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/; form-action * paypal://remittance/link-paypal-account https://*.xoom.com/ https://*.paypal.com/; frame-src *; img-src 'self' data: https:; connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://*.segment.io/ https://*.segment.com/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://www.paypalobjects.com/ https://*.preview.dev.paypalinc.com/;  worker-src 'self'; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; media-src https://ssl.gstatic.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; font-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; 1
default-src 'self' data: 'unsafe-inline' cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com www.google-analytics.com fonts.gstatic.com js.hcaptcha.com newassets.hcaptcha.com; frame-ancestors 'none'; form-action 'self' 1
frame-ancestors 'self' https://preview.themeforest.net/; 1
default-src 'self' 'unsafe-inline' data: go.woffu.com www.googletagmanager.com www.google-analytics.com *.hotjar.com *.wp.com www.facebook.com stats.g.doubleclick.net *.cookiebot.com *.landbot.io *.googleapis.com *.firebaseio.com *.woffu.com *.gstatic.com wss://s-usc1c-nss-291.firebaseio.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.youtube.com *.doubleclick.net https://cdn.linkedin.oribi.io https://pagead2.googlesyndication.com https://analytics.google.com https://*.clarity.ms https://c.bing.com https://*.analytics.google.com https://player.vimeo.com https://px.ads.linkedin.com; img-src 'self' data: woffu.com pixel.wp.com secure.gravatar.com px.ads.linkedin.com connect.facebook.net www.facebook.com *.google.com *.lfeeder.com *.landbot.io *.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://www.linkedin.com/px https://www.google.es https://*.clarity.ms https://*.bing.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: *.wp.com *.hotjar.com www.googletagmanager.com snap.licdn.com connect.facebook.net *.cookiebot.com *.lfeeder.com *.landbot.io *.firebaseio.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googleadservices.com *.g.doubleclick.net https://cdn.cookielaw.org https://www.google.com https://cdn.jsdelivr.net https://www.clarity.ms https://bat.bing.com; style-src 'self' fonts.googleapis.com *.wp.com *.landbot.io 'unsafe-inline'; base-uri ; form-action 'self' go.woffu.com www.facebook.com; frame-ancestors 'self' www.googletagmanager.com go.woffu.com; block-all-mixed-content; 1
object-src 'none';base-uri 'self';script-src 'nonce-lTlGvge03-3-tEhCPxGsxA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-omtuIINqm8ZcCPvtfVr0q6oxCmdcfSL3uEfx3y9nWVYofvuJ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-U2F6g+hOuLt5y1x8vhKexQtIZGUjnDVaR1PKBLJL5y6LillL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://maps.gstatic.com; connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com https://region1.google-analytics.com https://www.zambon.com/addresses/office/US https://www.zambon.com/addresses/office/FR https://www.zambon.com/addresses/office/BE https://www.zambon.com/addresses/office/IT https://www.zambon.com/addresses/office/NL https://www.zambon.com/addresses/office/PT https://www.zambon.com/addresses/office/RU https://www.zambon.com/addresses/office/ES https://www.zambon.com/addresses/office/GB https://www.zambon.com/addresses/office/NORDICS https://www.zambon.com/addresses/office/ID https://www.zambon.com/addresses/office/BR https://www.zambon.com/addresses/office/CO https://www.zambon.com/addresses/headquarter/all https://www.zambon.com/addresses/group/all https://www.zambon.com/addresses/plant/all; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://www.youtube.com; img-src 'self' https://maps.googleapis.com https://maps.gstatic.com data: https://www.google-analytics.com; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js cdn.auth0.com https://cdnjs.cloudflare.com https://developers.google.com https://maps.googleapis.com https://www.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com cdn.auth0.com https://developers.google.com https://maps.googleapis.com; style-src 'self' 'unsafe-inline' 'report-sample' https://fonts.googleapis.com https://cdnjs.cloudflare.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline' 'report-sample'; worker-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.zambonpharma.com/it/it/report-uri/enforce 1
style-src https://www.paypal.com/ https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://*.ctfassets.net/ 'unsafe-inline' 'self' https://*.s-xoom.com/ https://google.com/; base-uri 'self'; script-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ 'nonce-e2f2de14ba4849b3c95962acebeefaa1' 'self' https://*.googleadservices.com/ https://*.gstatic.com/ https://*.s-xoom.com/ https://*.segment.com/ https://www.googletagmanager.com/ https://*.online-metrix.net/ https://connect.facebook.net/ https://*.google-analytics.com/ https://*.cardinalcommerce.com/ https://*.mxpnl.com/ https://*.google.com/ https://bat.bing.com/ https://*.ctfassets.net/ https://iesnare.com/ https://*.braintreegateway.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.paypal.com/ 'unsafe-eval' https://www.recaptcha.net/ https://*.yodlee.com/ https://cdn.amplitude.com/ https://js-agent.newrelic.com/ https://bam-cell.nr-data.net/; form-action * paypal://remittance/link-paypal-account https://*.xoom.com/ https://*.paypal.com/; frame-src *; img-src 'self' data: https:; connect-src https://*.xoom.com/ 'self' https://*.google-analytics.com/ https://*.mixpanel.com/ https://*.cardinalcommerce.com/ https://*.google.com/ https://*.cloudfront.net/ https://*.braintreegateway.com/ https://*.googleapis.com/ wss://*.xoom.com/ https://*.doubleclick.net/ https://www.facebook.com/ https://*.segment.io/ https://*.segment.com/ https://*.paypal.com/ https://*.s-xoom.com/ https://*.online-metrix.net/ https://*.braintree-api.com/ https://www.paypalobjects.com/ https://*.preview.dev.paypalinc.com/;  worker-src 'self'; object-src https://*.cardinalcommerce.com/ https://*.online-metrix.net/; media-src https://ssl.gstatic.com/; frame-ancestors https://*.salesforce.com/ https://*.paypal.com/ 'self'; font-src https://www.paypalobjects.com/ https://*.dev.paypalinc.com/ https://fonts.gstatic.com/ https://*.s3.amazonaws.com/ 'self' https://*.s-xoom.com/ https://fonts.googleapis.com/ data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://xtux.org; img-src 'self' https: data: blob: https://xtux.org; style-src 'self' https://xtux.org 'nonce-39Y4GdLC/+cF3FUuYGjh6w=='; media-src 'self' https: data: https://xtux.org; frame-src 'self' https:; manifest-src 'self' https://xtux.org; form-action 'self'; child-src 'self' blob: https://xtux.org; worker-src 'self' blob: https://xtux.org; connect-src 'self' data: blob: https://xtux.org https://xtux.org wss://xtux.org; script-src 'self' https://xtux.org 'wasm-unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.youtube.com *.openstreetmap.org *.vimeo.com *.frikanalen.no *.nuug.no yewtu.be *.kjemi.uio.no *.oreilly.com *.skolelinux.de *.googleapis.com remarkjs.com *.gstatic.com api.flattr.com;img-src 'self' twitter-badges.s3.amazonaws.com nuug.no; script-src-elem 'self' 'unsafe-inline' yewtu.be remarkjs.com *.flattr.com digg.com; script-src 'self' 'unsafe-inline' yewtu.be report-to default 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-9c56c68527e048cd9c9409bbb33333a7' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.nl;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.nl;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
frame-ancestors 'self' https://*.vivactishealthpoint.com 1
frame-ancestors 'self' *.zagclients.net *.middlesexbank.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-MjMzLDE0MSw0MiwxMTUsMjUwLDg2LDEwNywxNDc=' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://script.crazyegg.com https://*.website-files.com https://global.localizecdn.com https://d3e54v103j8qbb.cloudfront.net https://gist.github.com https://unpkg.com/@splinetool/runtime/build/runtime.js https://*.twitter.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://boards-api.greenhouse.io https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdn.finsweet.com/files/fscalendar/calendar-invite-v1.0.min.js 'sha256-mjdgHR9aXy-6OwAGlNS_XgNcYG1Uhd2U4pl8vi7-XCY=' 'sha256-gqG2LEZaHDwOL3S_CXJTuk_f3LimTEyruhOc_U0_QUY=' 'sha256-y0oGiuXZdmX7xRABTnY5cbHkfghDqbfX6JoerXLgVJc=' 'sha256-gBzDBwsujjXjXk6GLgdSlLIrvt5h0s3F_qF7Qt8TYwY=' 'sha256-TrY3AqlyKfZdsI3LYsy6u8GAhckLEXeyLcFK2gOe18U=' 'sha256-lVOL-gH47X0Li5QriWNZ69Hcr-71DsXFvGmQxN9TpBw=' 'sha256-j11ZNhk91nmUjPCBAIRcvJeEgnkbdJ9qNqoEMekilec=' 'sha256-1sQ9sTbc6Lumd2Frwf7IBwGG02gPTreTI8QBBW5kibM=' 'sha256-uh1p-Vy3_Cn66Ugk4Hak-gGr2Udg7yiI_5u5E_BdCRM=' 'sha256-7JHgDILwD7i_kvnHwJFF5WsHHmIc98tkBqDqbv47iFE=' 'sha256-KvstP_RIj6GGaE25Mqo-kIO0_WVEls1n5tnNhm8zmPA=' 'sha256-6xIDOlx5P0LKHv8fkot5ULOnB8ySdhjJi5r_ZP5EDPY=' 'sha256-jY_7jWrddtNUb-Y4CFKWaH-R2lrqgm_LAX72E8SLqKw=' 'sha256-MdICB9cW7ILT3ZeSxhN2YlpFxEsn5WHr03Ix-WVpHsw=' 'sha256-fUfByJGhChEFu7PE5HJfFwiYKySnP1H0iXvAxkauLNU=' 'sha256-xjkCDxBOM2TlIn5DpGQM4aJldb4AiHMKlRjfW46l-x0=' 'sha256-VOPfGBY-XgTDMwhG41S5eZyMKlu3gN60suwCPDWZ8MY=' 'sha256-tVeTMYknRG_IAdCHRGlDd9S2bX2_rX0e4HpaP9lgKWY=' 'sha256-kprfDg8ElCpUCFQAX5shnAPf3i59vVTSy02AjZXV3k0=' 'sha256-llLws8TR-U3nNRCIvJNVc-SGscqwyeO1IPgpbnWuZdc=' 'sha256-h9lm4cvrD7egZu1GTAE1h2IDy1K4fXgD-q_O7aEosuw=' 'sha256-_cdQbTQzcfSt2_aCceUvkUmLh1WMdvlKbi1BBG7u8Jg=' 'sha256-U0jHWhsvIpjnwYKeJS_-2pe9ROsYnck5ZB2aXNyKWq8=' 'sha256-rB4G_-e_bAPU7rKI_9HC1lBZ0XEa_nHDH6hXFz4GIh4=' 'sha256-N02bP-slnHB-OYEN6imRqCHcHLN5DvBouRmyO2qcQYU=' 'sha256-QHiY6i8ql9SJTaFXzUhm08ZWuNz0QarKruf0Omd9-OQ=' 'sha256-s4OBHcHJnkGxjEyNJhU5BQt4qlt6MH07rG/j/hFOUnE=' 'sha256-s4OBHcHJnkGxjEyNJhU5BQt4qlt6MH07rG_j_hFOUnE=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-jY/7jWrddtNUb+Y4CFKWaH+R2lrqgm/LAX72E8SLqKw=' 'sha256-lVOL+gH47X0Li5QriWNZ69Hcr+71DsXFvGmQxN9TpBw=' 'sha256-/cdQbTQzcfSt2/aCceUvkUmLh1WMdvlKbi1BBG7u8Jg=' 'sha256-N02bP+slnHB+OYEN6imRqCHcHLN5DvBouRmyO2qcQYU=' 'sha256-gqG2LEZaHDwOL3S/CXJTuk/f3LimTEyruhOc/U0/QUY=' 'sha256-llLws8TR+U3nNRCIvJNVc+SGscqwyeO1IPgpbnWuZdc=' 'sha256-gBzDBwsujjXjXk6GLgdSlLIrvt5h0s3F/qF7Qt8TYwY=' 'sha256-6xIDOlx5P0LKHv8fkot5ULOnB8ySdhjJi5r/ZP5EDPY=' 'sha256-7JHgDILwD7i/kvnHwJFF5WsHHmIc98tkBqDqbv47iFE=' 'sha256-VOPfGBY+XgTDMwhG41S5eZyMKlu3gN60suwCPDWZ8MY='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com https://*.website-files.com https://*.githubassets.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data: https://*.website-files.com https://global.localizecdn.com https://*.ytimg.com https://uploads-ssl.webflow.com; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com https://*.website-files.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:* https://global.localizecdn.com https://*.website-files.com https://webflow.com/api/ https://script.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/ https://*.twitter.com https://*.vimeo.com; 1
default-src 'self'; script-src 'self' 'unsafe-eval' www.youtube.com www.googletagmanager.com www.google-analytics.com connect.facebook.net *.js; connect-src 'self' *.ingest.sentry.io *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.be-salt.com *.ngrok.io; child-src 'self'; frame-src 'self' www.youtube.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https:; 1
frame-ancestors 'self' 9ine.uk.com; 1
base-uri 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://manage.pharmamanufacturing.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https: data:; script-src https: data: 'unsafe-eval' 'unsafe-inline'; style-src https: data: 'unsafe-inline' 1
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru wss://*.tinkoff.ru wss://*.tcsbank.ru business.tinkoff.ru business-webinars.bot.tinkoff-business.com sendsay.ru flijh.tb.ru gmzzu.tb.ru api.amplitude.com *.tb.ru sentry.tinkoff.ru www.cdn-tinkoff.ru cobrowsing.tinkoff.ru acdn.tinkoff.ru cfg.tinkoff.ru www.tinkoff.ru crmp.tinkoff.ru origination.tinkoff.ru oplata.tinkoff.ru social.secrets.tinkoff.ru securepay.tinkoff.ru id.tinkoff.ru api.mindbox.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru blob: *.youtube.com sendsay.ru; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.ads.linkedin.com *.linkedin.com *.googleusercontent.com *.cloud.google.com *.googleapis.com *.adhigh.net px.adhigh.net *.adsymptotic.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru www.youtube.com rutube.ru youtu.be; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/pfpsme/log/csp-error?appName=pfpsme&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru 1
default-src 'self' *; media-src 'self' * blob:; style-src 'self' * 'unsafe-inline' data:; connect-src 'self' * wss:; img-src * data: android-webview-video-poster:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; worker-src 'self' * blob:; frame-src 'self' * gsa://onpageload command://event webpagecontroller://complete callback://https webviewprogress:; 1
frame-ancestors 'self' *.gisher.me https://gisher.news https://gisher.org 1
frame-ancestors 'self' *.shetland.gov.uk shetland.interactgo.com; 1
default-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; media-src 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://www.spreadshirt.de https://www.spreadshirt.net https://ludwig-fresenius-schulen.myspreadshop.de https://www.clarity.ms/ https://privacy-proxy.usercentrics.eu https://app.usercentrics.eu https://www.google-analytics.com https://s.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://www.campusleads.de https://maps.googleapis.com https://*.google.com https://chat.ludwig-fresenius.de https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://bat.bing.com www.campusleads.de; object-src 'none'; style-src 'self' https://www.spreadshirt.de https://ludwig-fresenius-schulen.myspreadshop.de https://chat.ludwig-fresenius.de https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' https://uct.service.usercentrics.eu https://image.spreadshirtmedia.net https://prd-sql.ludwig-fresenius.de/ https://app.usercentrics.eu https://maps.google.com http://img.youtube.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://www.google.de https://www.google.com https://www.google.pl https://cx.atdmt.com https://chat.ludwig-fresenius.de data: https://stats.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.facebook.com https://bat.bing.com; media-src 'self'; connect-src 'self' https://*.clarity.ms https://aggregator.service.usercentrics.eu https://maps.googleapis.com https://api.spreadshirt.net https://www.spreadshirt.de https://ludwig-fresenius-schulen.myspreadshop.de https://stats.g.doubleclick.net https://consent-api.service.consent.usercentrics.eu https://graphql.usercentrics.eu https://prd-sql.ludwig-fresenius.de https://*.clarity.ms https://privacy-proxy.usercentrics.eu https://api.usercentrics.eu wss://www.campusleads.de; font-src 'self' fonts.gstatic.com; 1
frame-ancestors *.manchester.ac.uk 'self' 1
default-src data: 'self' gfigroup.com *.gfigroup.com; font-src data: *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' blob:; frame-src data: 'self' *.cantor.com *.google.com; connect-src 'self' www.google-analytics.com; 1
frame-ancestors *.bolt.com self *.zdassets.com https://growgen.zendesk.com/ 'self'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; upgrade-insecure-requests; form-action https://www.facebook.com/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.yotpo.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * self 'self' 'unsafe-inline'; base-uri https://www.youtube.com/; style-src https://*.sharethis.com/ https://www.youtube.com/ https://web-sdk.aptrinsic.com/ *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.yotpo.com unsafe-inline assets.braintreegateway.com self 'self' 'unsafe-inline'; script-src https://bam.nr-data.net/ https://ws.sharethis.com/ https://newton.newtonsoftware.com/ https://recruitingbypaycor.com/ https://*.sharethis.com/ https://widget-mediator.zopim.com/ https://www.youtube.com/ https://connect.facebook.net/ https://chimpstatic.com/ https://googleads.g.doubleclick.net/ https://js-eu1.hs-scripts.com/ https://js-eu1.hs-analytics.net/ https://js-eu1.hs-banner.com/ https://js-eu1.hscollectedforms.net/ https://js-eu1.hsadspixel.net/ https://web-sdk.aptrinsic.com/ https://cdn.attn.tv/ https://growgeneration.attn.tv/ https://*.mouseflow.com https://growgeneration-us.attn.tv/ https://snap.licdn.com/ https://static.zdassets.com/ *.route.com *.cloudfront.net https://unpkg.com/ *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ assets.adobedtm.com *.magento-datasolutions.com *.magento-ds.com *.googleapis.com *.gstatic.com *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com cdn.routeapp.io fonts.googleapis.com self *.tctm.xyz/ *.zdassets.com https://www.google.com/ https://www.gstatic.com/ https://includes.ccdc02.com/cardinalcruise/v1/songbird.js *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net https://growgen.zendesk.com/ api.smooch.io *.simpli.fi *.rumiview.com *.kickfire.com *.callrail.com *.hotjar.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src https://www.youtube.com/ 'self' 'unsafe-inline'; media-src https://static.zdassets.com/ https://www.youtube.com/ *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src https://www.youtube.com/ *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; img-src https://*.sharethis.com/ https://www.googletagmanager.com/ https://www.youtube.com/ https://www.google.com/ https://www.facebook.com/ https://www.google.com.ua/ https://forms-eu1.hsforms.com/ https://track-eu1.hubspot.com/ https://*.mouseflow.com https://meetanshi.com/media/logo.png https://*.linkedin.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com self *.omtrdc.net *.hsforms.com *.hubspot.com https://growgen.zendesk.com/ *.zdassets.com/ *.flexipim.com *.simpli.fi *.rumiview.com *.kickfire.com https://cm.g.doubleclick.net https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; frame-src https://newton.newtonsoftware.com/ https://*.sharethis.com/ *.consensu.org https://recruitingbypaycor.com/ https://www.youtube.com/ https://www.facebook.com/ creatives.attn.tv https://*.mouseflow.com fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * self https://www.google.com/ *.demdex.net/ *.zdassets.com https://growgen.zendesk.com/ https://11989942.fls.doubleclick.net/ https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; font-src https://*.mouseflow.com *.cloudfront.net fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.yotpo.com self data: 'self' 'unsafe-inline'; connect-src *.sharethis.com wss://widget-mediator.zopim.com/ https://www.youtube.com/ https://amcglobal.sc.omtrdc.net/ https://www.facebook.com/ https://forms-eu1.hubspot.com/ https://api-eu1.hubapi.com/ https://esp-m.aptrinsic.com/ https://events.attentivemobile.com/ https://growgeneration.attn.tv/ https://*.mouseflow.com https://*.linkedin.com https://growgeneration-us.attn.tv/ *.route.com dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com api.magento.com performance.typekit.net *.magento-datasolutions.com *.magento-ds.com *.adobe.io *.googleapis.com *.google-analytics.com www.facebook.com *.facebook.net *.google.com connect.facebook.net graph.facebook.com business.facebook.com *.yotpo.com *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com google.com api.route.com self https://widget-mediator.zopim.com/ wss://api.smooch.io https://growgen.zendesk.com/ *.zdassets.com https://formbuilder.online/ *.doubleclick.net/ *.authorize.net/ *.demdex.net/ https://bam.nr-data.net/ https://maps.googleapis.com/ https://insights.algolia.io/ *.hubspot.com/ *.hubapi.com/ *.flexipim.com *.adobedtm.com *.hscollectedforms.net *.hotjar.com *.hotjar.io wss://ws.hotjar.com/ https://analytics.google.com/ https://imgs.signifyd.com 'self' 'unsafe-inline'; default-src https://*.mouseflow.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com self 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self';img-src 'self' *.commercecloud.salesforce.com *.demandware.net *.aob.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com www.google-analytics.com maps.googleapis.com maps.gstatic.com *.affirm.com affirm.com data: sfapi.formstack.io formsprod.azureedge.net www.paypalobjects.com cms.grillagrills.com network-stg-a.bazaarvoice.com *.collect.igodigital.com bat.bing.com logs-01.loggly.com www.google.com www.facebook.com c.clarity.ms t.paypal.com;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com formsprod.azureedge.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com www.youtube.com www.googletagmanager.com tagmanager.google.com *.googletagmanager.com www.google.com www.gstatic.com www.google-analytics.com maps.googleapis.com ssl.google-analytics.com *.googleadservices.com capgemini-hxkse.formstack.com sandbox.payfabric.com www.payfabric.com *.affirm.com affirm.com sfapi.formstack.io www.paypal.com www.sandbox.paypal.com apps.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com *.collect.igodigital.com bat.bing.com googleads.g.doubleclick.net connect.facebook.net www.clarity.ms u.clarity.ms utt.impactcdn.com grillagrills.pxf.io ojrq.net;connect-src 'self' *.commercecloud.salesforce.com *.demandware.net *.aob.com api.cquotient.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com maps.googleapis.com api.iconify.design api.simplesvg.com api.unisvg.com www.google-analytics.com sandbox.payfabric.com www.payfabric.com *.affirm.com affirm.com sfapi.formstack.io www.paypal.com www.sandbox.paypal.com apps.bazaarvoice.com stg.api.bazaarvoice.com mpsnare.iesnare.com analytics.google.com stats.g.doubleclick.net bat.bing.com googleads.g.doubleclick.net connect.facebook.net www.clarity.ms utt.impactcdn.com p.clarity.ms grillagrills.pxf.io ojrq.net;frame-src 'self' www.youtube.com capgemini-hxkse.formstack.com sandbox.payfabric.com www.payfabric.com *.affirm.com affirm.com www.google.com www.paypal.com www.sandbox.paypal.com cloud.mc.grillagrills.com td.doubleclick.net www.facebook.com kingsumo.com;child-src 'self' www.youtube.com *.affirm.com affirm.com;font-src 'self' fonts.gstatic.com data:;upgrade-insecure-requests;frame-ancestors 'self' https://bcnx-002.dx.commercecloud.salesforce.com/ https://bcnx-001.dx.commercecloud.salesforce.com/ https://grillagrills-qa.mobify-storefront.com/ https://development-na01-americanoutdoorbrands.demandware.net/ https://staging-na01-americanoutdoorbrands.demandware.net/ https://grilla-qa.aob.com/;base-uri 'self';block-all-mixed-content;object-src 'none';script-src-attr 'none' 1
frame-ancestors 'self';script-src 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.wistia.com https://*.wistia.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fast.wistia.com https://boards.greenhouse.io https://www.hubspot.com https://wistia.com fast.wistia.com https://fast.wistia.net https://www.unqork.com https://unqorkprod.wpengine.com https://snap.licdn.com https://s.adroll.com https://js.hs-scripts.com https://munchkin.marketo.net https://scout-cdn.salesloft.com https://connect.facebook.net https://cdn.jsdelivr.net https://ws.zoominfo.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hscollectedforms.net https://js.hubspot.com https://js.hs-banner.com https://d.adroll.com https://cookie-cdn.cookiepro.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://button.glitch.me google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.google.com translate.googleapis.com translate.google.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://www.unqork.com https://unqorkprod.wpengine.com blob: https://fast.wistia.com https://button.glitch.me fonts.googleapis.com 'unsafe-inline' maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://fast.wistia.com https://embed-ssl.wistia.com https://boards.greenhouse.io https://fast.wistia.net https://www.unqork.com https://unqorkprod.wpengine.com unqorkprod.wpengine.com https://px.ads.linkedin.com https://www.facebook.com https://perf-na1.hsforms.com https://forms.hsforms.com https://ipv4.d.adroll.com https://x.adroll.com https://track.hubspot.com https://px4.ads.linkedin.com https://googleads.g.doubleclick.net data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net https://glitch.com https://cdn.glitch.com https://avatars0.githubusercontent.com https://geolocation.onetrust.com https://cookie-cdn.cookiepro.com s.w.org ps.w.org ts.w.org secure.gravatar.com www.gravatar.com blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com translate.googleapis.com translate.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://fast.wistia.com https://pipedream.wistia.com https://distillery.wistia.com https://fg8vvsvnieiv3ej16jby.litix.io https://embed-cloudfront.wistia.com https://www.hubspot.com https://wistia.com https://fast.wistia.net https://boards.greenhouse.io https://www.unqork.com https://unqorkprod.wpengine.com https://px.ads.linkedin.com https://767-djd-392.mktoresp.com https://cta-service-cms2.hubspot.com https://forms.hscollectedforms.net https://forms.hubspot.com https://scout.salesloft.com https://cookie-cdn.cookiepro.com https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://api.glitch.com https://*.algolia.net https://geolocation.onetrust.com https://ws.zoominfo.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com about: maps.googleapis.com maps.google.com translate.googleapis.com www.googletagmanager.com; font-src 'self' data: https://*.wistia.com https://fast.wistia.net https://www.unqork.com https://unqorkprod.wpengine.com data: fonts.gstatic.com fonts.googleapis.com; object-src 'self' https://www.unqork.com https://unqorkprod.wpengine.com; media-src 'self' blob: https://www.unqork.com https://unqorkprod.wpengine.com https://cookie-cdn.cookiepro.com data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-src 'self' https://www.hubspot.com https://boards.greenhouse.io https://fast.wistia.net https://fast.wistia.com https://wistia.com data: https://info.unqork.com https://www.unqork.com https://unqorkprod.wpengine.com https://td.doubleclick.net https://x.adroll.com https://www.youtube-nocookie.com maps.googleapis.com maps.google.com www.youtube.com www.googletagmanager.com; child-src 'self' www.youtube.com www.googletagmanager.com; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.jsdelivr.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.be/ads/ga-audiences uykeraqt.eu.stape.io; style-src 'self' 'unsafe-inline' *.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.alfam.nl *.defam.nl *.credivance.nl *.alphacredit.nl *.acato.nl *.google-analytics.com yoast.com *.yoast.com *.doubleclick.net *.analytics.google.com uykeraqt.eu.stape.io; font-src 'self' data: *.cloudfront.net *.gstatic.com; frame-src 'self' *.youtube-nocookie.com *.vimeo.com uykeraqt.eu.stape.io; img-src 'self' *.google.nl *.cloudfront.net *.alfam.nl *.defam.nl *.credivance.nl *.alphacredit.nl *.acato.nl *.google-analytics.com *.googletagmanager.com *.gravatar.com *.analytics.google.com uykeraqt.eu.stape.io data:; manifest-src 'self'; media-src 'self'; worker-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' *.newrelic.com bam.nr-data.net *.fontawesome.com *.twitter.com *.google.com i.ytimg.com https://www.google-analytics.com *.googletagmanager.com *.facebook.net *.elfsight.com *.googleapis.com facebook.com https://weatherwidget.io *.martin.fl.us svc.webspellchecker.net *.gstatic.com *.youtube.com https://polyfill.io https://cdnjs.cloudflare.com *.infogram.com *.google.com analytics.google.com https://mclsfl.patronpoint.com *.elfsightcdn.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.fontawesome.com svc.webspellchecker.net https://mclsfl.patronpoint.com; img-src 'self' *.gstatic.com *.elfsightcdn.com *.google-analytics.com *.ytimg.com *.googleapis.com *.w3.org data data: *.ggpht.com *.facebook.com *.googletagmanager.com *.nhc.noaa.gov *.google.com analytics.google.com *.cdninstagram.com https://stats.g.doubleclick.net *.fbcdn.net *.twimg.com *.elfsight.com *.googleusercontent.com phosphor.ivanenko.workers.dev; media-src 'self' *.fontawesome.com data data:; frame-src 'self' *.facebook.com *.twitter.com *.youtube.com https://weatherwidget.io *.google.com *.martin.fl.us *.elfsight.com *.infogram.com https://momento360.com https://mcls.myturn.com *.toptracer.com *.myturn.com *.maps.arcgis.com https://mclsfl.patronpoint.com https://td.doubleclick.net; frame-ancestors 'self' *.myturn.com; font-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.gstatic.com *.fontawesome.com data data: svc.webspellchecker.net; connect-src 'self' bam.nr-data.net *.googleapis.com *.google-analytics.com *.elfsight.com *.fontawesome.com https://stats.g.doubleclick.net svc.webspellchecker.net *.google.com analytics.google.com https://analytics.google.com *.googletagmanager.com *.facebook.com; report-uri /report-csp-violation 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-Pa1lGtPFjyfCE3x9pAdWS/E7jcak0J' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
default-src 'none'; base-uri 'self'; form-action https:; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'self'; frame-ancestors 'none' 1
object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' https: http:; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NDc5ZjZmMTBkNDNjNDEzYzljYTM2MGUxZDRiMmQ5M2U=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.caorijk.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.caorijk.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.caorijk.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.autorabit.com autorabit.com *.g2.com *.adsrvr.org adsrvr.org *.reddit.com reddit.com *.terminus.services *.services *.terminusplatform.com *.zoominfo.com *.hsappstatic.net *.yoast.com yoast.com *.omniconvert.com *.wpengine.com *.pardot.com t.co *.t.co *.g2crowd.com *.ads-twitter.com *.twitter.com *.redditstatic.com *.crazyegg.com *.marketingcloudfx.com *.leadmanagerfx.com leadmanagerfx.com *.clarity.ms qualified.com *.qualified.com wss://ws.qualified.com *.gmpg.org *.google-analytics.com *.googleapis.com *.facebook.com *.wp-rocket.me wp-rocket.me codescan.io *.codescan.io *.bit.ly bit.ly *.yoa.st yoa.st *.wpengine.com wpengine.com wpenginestatus.com *.wpenginestatus.com wordpress.org *.wordpress.org *.googletagmanager.com *.googleadservices.com *.gstatic.com *.gravatar.com *.hotjar.com *.bing.com *.bc0a.com *.b0e8.com *.doubleclick.net *.amazonaws.com *.licdn.com *.linkedin.com data: *.google.com *.googletagmanager.com *.zoominfo.com *.doubleclick.net *.cloudfront.net *.cloudflare.com *.qualified.com *.w.org *.youtube.com *.jazz.co *.wistia.com *.google.co.in *.terminusplatform.com blob:; 1
default-src https: http: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src data: blob: https://*.fbcdn.net https://*.facebook.com *.fbsbx.com *.messengerkids.com;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net *.messenger.com https://*.google-analytics.com;style-src data: blob: 'unsafe-inline' *.facebook.com *.fbcdn.net *.messenger.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* attachment.fbsbx.com ws://localhost:* blob: 'self' *.messengerkids.com www.messengerkids.com *.messenger.com wss://*.messenger.com:* https://*.google-analytics.com;font-src *.messenger.com *.facebook.com https://*.fbcdn.net data: https://fonts.gstatic.com;img-src *.fbcdn.net https://*.facebook.com data: *.fbsbx.com *.messengerkids.com messengerkids.com blob: *.xx.fbcdn.net https://messengerkids.com https://www.messengerkids.com https://*.google-analytics.com;media-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.messengerkids.com blob:;frame-src *.messenger.com *.facebook.com https://*.fbcdn.net data: *.fbsbx.com *.fbcdn.net *.messengerkids.com blob:; 1
default-src 'self'; script-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://plausible.io https://*.plausible.io 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://plausible.io https://*.plausible.io; font-src 'self' https://fonts.gstatic.com; img-src * data:; 1
default-src 'self'; font-src data: https:; img-src data: https:; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://sslwidget.criteo.com https://static.criteo.net https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://s-eu-1.pushpushgo.com https://api.mapbox.com https://geowidget.easypack24.net https://cdn.jsdelivr.net https://unpkg.com https://www.google.com https://thebodyshop.cz https://static.hotjar.com https://script.hotjar.com https://widget.packeta.com https://*.salesmanago.pl https://www.gstatic.com https://*.adform.net https://*.clickonometrics.pl https://rt.inistrack.net https://cdn.inis360.com https://vu.adschoom.com https://x.cnt.my https://citydsp.com https://retagro.com https://anilima.com https://*.cookiebot.com https://c.seznam.cz; style-src 'unsafe-inline' 'self' https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://api.mapbox.com https://cdn.jsdelivr.net https://secure.przelewy24.pl https://geowidget.easypack24.net; frame-src 'self' https://dis.eu.criteo.com https://connect.facebook.net https://www.facebook.com https://parcelshop.dhl.pl https://go.they.pl https://gum.criteo.com/ https://static.criteo.net/ https://www.facebook.com https://vars.hotjar.com https://widget.packeta.com https://www.google.com https://*.salesmanago.pl cm.g.doubleclick.net https://profiling.clickonometrics.pl https://consentcdn.cookiebot.com; connect-src 'self' https://www.google.com https://www.google-analytics.com https://www.google.pl https://api.pushpushgo.com https://api-shipx-pl.easypack24.net https://osm.inpost.pl https://stats.g.doubleclick.net https://www.facebook.com https://*.hotjar.com wss://*.hotjar.com https://widget.packeta.com https://*.salesmanago.pl https://delivery.clickonometrics.pl https://www.googletagmanager.com https://consentcdn.cookiebot.com https://maps.googleapis.com; media-src https://i1.adis.ws http://cdn.static.amplience.net http://media.thebodyshop.com; worker-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; img-src 'self' https://www.google-analytics.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; media-src 'self'; frame-src 'self' https://www.youtube.com data:; worker-src blob:; frame-ancestors 'self'; object-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-drqT1ZpvrL2GthtUL2KKMcHsBh1bGRBSaiFvTiazPtYe0jCE' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; connect-src 'self' https://www.cnt.com.ec https://cnt.com.ec http://localhost:3000 http://localhost:8000 http://localhost:8081 https://sheetdb.io https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.facebook.net https://*.clarity.ms; media-src 'self'; object-src 'none'; font-src 'self' https://*.hotjar.com https://*.hotjar.io; frame-src 'self' https://www.youtube.com https://*.hotjar.com/ https://*.hotjar.io/ https://www.googletagmanager.com https://www.google.com/recaptcha/ https://*.youtube-nocookie.com https://hey.isbel.com.uy:8312/; img-src 'self' data: https://www.cnt.com.ec https://cnt.com.ec https://cnt-media.boxqos.com https://www.google-analytics.com https://script.hotjar.com https://*.ytimg.com https://*.facebook.com https://*.facebook.net https://px.ads.linkedin.com/ https://*.adsymptotic.com/ https://cnt-cdn-test.nyc3.cdn.digitaloceanspaces.com https://c.clarity.ms/; script-src 'sha256-PYT3pbU5ifWdw1Chw0LxGTCJp3VwmzoQCJJ7arYnoW0=' 'self' 'sha256-1rbDzM8rknJRvmqAwOz0VTE+V9sYBI3N6l2LPiNh2Tw=' https://*.hotjar.com https://*.hotjar.io https://*.facebook.com https://*.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cnt-media.boxqos.com https://snap.licdn.com/ https://hey.isbel.com.uy:8312/ https://www.clarity.ms; style-src 'self' 'unsafe-inline' https://hey.isbel.com.uy:8312/ 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors * data: blob:; 1
default-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; img-src 'self' data: *; frame-ancestors 'self' 1
upgrade-insecure-requests;style-src 'self' 'nonce-3tvvp--jtWk8il1';font-src 'self';script-src 'self' 'nonce-3tvvp--jtWk8il1' ;connect-src 'self' https://crimew.gay wss://crimew.gay ;media-src 'self';img-src 'self' data: blob:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
frame-ancestors 'self' embed-v1.handelsblatt.com hbapp.handelsblatt.com amp2.handelsblatt.com grafik.handelsblatt.com preview-www.handelsblatt.com; 1
default-src 'self' https://cognito-idp.us-east-1.amazonaws.com/ https://cognito-identity.us-east-1.amazonaws.com/ https://1upiz6m2ue.execute-api.us-east-1.amazonaws.com/ https://hl7w7sqv1f.execute-api.us-east-1.amazonaws.com/ https://ykrwynxlsa.execute-api.us-east-1.amazonaws.com/ https://svnwjuay7a.execute-api.us-east-1.amazonaws.com/;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: https:;object-src 'none';script-src 'self' 'sha256-5As4+3YpY62+l38PsxCEkjB1R4YtyktBtRScTJ3fyLU=' 'sha256-GgRxrVOKNdB4LrRsVPDSbzvfdV4UqglmviH9GoBJ5jk=';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src https://assets.easypost.com cdn.plaid.com; script-src assets.easypost.com track.easypost.com tagmanager.google.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com ssl.google-analytics.com www.gstatic.com www.google.com js.stripe.com cdn.plaid.com maps.googleapis.com eu-cdn.walkme.com cdn.walkme.com eu-playerserver.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net d2qhvajt3imc89.cloudfront.net https://*.wistia.com https://*.wistia.net https://*.hsforms.com https://*.hsforms.net https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net 'sha256-t1v231h4Fgv1bBX/cpoBZuwY6r6R6nGx5tOXvVJdBh8=' 'sha256-GNTGX7BhgMv3AL+bv0bfF+5DVGhSrLhYL7AM7TSnAcY=' 'sha256-5yJc48yW6FRCVE9ulLzLOd1lLp7X2Xr2Dd4Y+lZ3XjA=' 'sha256-eV1MSFSoXiIPiHPWbzaJgBby+bxVonlOAE5Cwbaa4lc=' 'sha256-sVKX08+SqOmnWhiySYk3xC7RDUgKyAkmbXV2GWts4fo=' 'sha256-hW1V3UvI+swwT3wQpebXLpXi/7Q9VUws5NlJTNxM/Tg=' 'sha256-zrkY8YxXr6/SilHSYKlWjWW9kOSQsVsrlGluj7eTzoc=' 'sha256-C1JoeFOby67/dRbyCdcT9jfKk3K2hJnqpQZ3LrmmGzs=' 'sha256-k6J1oE8SmewVpG2+marpuZHcoWF8GNDw9oPpqE2vKeI='; style-src track.easypost.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com assets.easypost.com www.gstatic.com eu-cdn.walkme.com cdn.walkme.com; img-src easypost-files.s3.us-west-2.amazonaws.com assets.easypost.com assets.track.easypost.com brand.easypostpartnercontent.com cdn.walkme.com d27zb0m07iyic6.cloudfront.net d2qhvajt3imc89.cloudfront.net d3sbxpiag177w8.cloudfront.net dzjsfasj4n94t.cloudfront.net data: ec.walkme.com eu-cdn.walkme.com eu-ec.walkme.com googleads.g.doubleclick.net q.stripe.com region1.analytics.google.com region1.google-analytics.com ssl.google-analytics.com ssl.gstatic.com support.easypost.com track.easypost.com www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com assets.ctfassets.net images.ctfassets.net videos.ctfassets.net https://*.wistia.com https://*.wistia.net https://*.hsforms.com https://*.hsforms.net https://track.hubspot.com https://embedwistia-a.akamaihd.net https://*.youtube.com; font-src data: assets.easypost.com track.easypost.com fonts.gstatic.com https://*.wistia.com; connect-src easypost-files.s3.us-west-2.amazonaws.com adservice.google.com api-canary.easypost.com api.easypost.com api.lever.co assets.easypost.com cdn.walkme.com ec.walkme.com eu-ec.walkme.com eu-papi.walkme.com eu-rapi.walkme.com https://www.google.com js.stripe.com maps.googleapis.com papi.walkme.com production.plaid.com rapi.walkme.com region1.analytics.google.com region1.google-analytics.com sentry.io track.easypost.com usps.easypost.com www-canary.easypost.com www.easypost.com www.google-analytics.com https://hubspot-forms-static-embed.s3.amazonaws.com https://*.hsforms.com https://*.hsforms.net https://*.hubapi.com https://*.hs-banner.com https://*.hscollectedforms.net https://*.wistia.com https://embedwistia-a.akamaihd.net; worker-src assets.easypost.com www.gstatic.com www.google.com; frame-src assets.track.easypost hire.withgoogle.com cdn.plaid.com eu-cdn.walkme.com cdn.walkme.com js.stripe.com player.captivate.fm track.easypost.com tagmanager.google.com www.googletagmanager.com www.google.com www.youtube.com https://*.hsforms.com https://*.hsforms.net; media-src blob: assets.easypost.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net; frame-ancestors 'self' 1
default-src 'self' https:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
img-src 'self' data: https://newretailwebsite.s3.ap-southeast-1.amazonaws.com/ https://*.facebook.net/ https://*.facebook.com/; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com www.google-analytics.com 'unsafe-eval' https://*.googleapis.com/ https://www.google.com/ https://*.gstatic.com/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://*.facebook.net/ https://*.facebook.com/; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://goodassur.com/report-uri/enforce 1
frame-ancestors https://demoshop.hepster-services.com 1
script-src 'self' 'unsafe-eval' https://www.gstatic.com/ https://www.google.com https://www.paypalobjects.com https://www.paypal.com 'sha256-MJY/+WzQ7zCoCdR6SYTeQOKjvzfm85RLaRatc4j4a2c=';object-src 'none';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;frame-src 'self' https://www.gstatic.com/ https://www.google.com https://www.paypalobjects.com https://www.paypal.com;font-src 'self' data: https://fonts.gstatic.com;connect-src 'self' https://www.paypalobjects.com https://www.paypal.com;base-uri 'self';form-action 'self';frame-ancestors 'self';report-uri https://m3u4u.report-uri.com/r/d/csp/enforce 1
default-src 'self';frame-src 'self' www.youtube-nocookie.com youtube.com www.youtube.com player.vimeo.com vimeo.com;img-src 'self' 'unsafe-inline' www.google-analytics.com www.google.com www.google.de www.googletagmanager.com maps.gstatic.com maps.googleapis.com maps.gstatic.com maps.googleapis.com data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com;script-src 'self' 'unsafe-inline' www.youtube.com *.google-analytics.com www.googletagmanager.com maps.googleapis.com www.googleadservices.com;connect-src 'self' www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com *.google-analytics.com;font-src 'self' 'unsafe-inline' fonts.gstatic.com data:; object-src 'none'; 1
frame-src https://*.karls-shop.de https://*.mollie.com https://*.paypal.com https://my.matterport.com https://*.klarna.com https://*.youtube-nocookie.com/ 1
frame-ancestors 'self' https://*.sprutcam.com 1
default-src 'self' *.i20webservices.saem.org *.googlesyndication.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.fontawesome.com *.cloudflare.com *.googletagmanager.com *.issuu.com code.jquery.com *.doubleclick.net *.googlesyndication.com https://securepubads.g.doubleclick.net/tag/js/gpt.js; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com *.fontawesome.com data:; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com www.google.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.googlesyndication.com *.libsyn.com; media-src 'self' data: blob: https://www.youtube.com *.libsyn.com; frame-src 'self' https://i20webservices.saem.org/ *.youtube.com *.twitter.com *.issuu.com *.soundcloud.com *.vimeo.com *.google.com *.issuu.com https://jsfiddle.net *.googlesyndication.com *.libsyn.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.fontawesome.com; 1
default-src https:; connect-src https: wss:; img-src https: data:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
default-src 'self' https://*.plaid.com;img-src 'self' data: http: https:;style-src 'self' 'unsafe-inline' https://calendly.com https://*.googleapis.com https://fast.fonts.net;script-src 'self' 'unsafe-inline' https://*.braintreegateway.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.paypalobjects.com https://*.plaid.com https://*.stripe.com https://calendly.com;connect-src 'self' https://*.amazonaws.com https://*.doubleclick.net https://*.google-analytics.com https://*.googleapis.com https://*.plaid.com https://*.stripe.com;font-src 'self' data: http: https:;frame-src https://*.braintreegateway.com https://*.google.com https://*.plaid.com https://*.stripe.com https://*.youtube.com https://calendly.com;object-src 'none';base-uri 'self';frame-ancestors 'self';report-uri /errors/csp 1
base-uri 'self'; script-src 'strict-dynamic' 'nonce-3a3039774721532f6449672a35' 'unsafe-inline' http: https: ; object-src 'self' http://fpdownload2.macromedia.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com https://ajax.googleapis.com; img-src 'self' data: https://analytics.twitter.com/ https://t.co/ https://connect.facebook.net/ https://via.placeholder.com/ https://ct.pinterest.com/ https://px.ads.linkedin.com/ https://ajax.googleapis.com https://www.floornature.com https://www.google-analytics.com https://www.facebook.com https://www.google.com https://www.google.it https://stats.g.doubleclick.net ; media-src 'self'; child-src 'self' https://ct.pinterest.com/ https://www.youtube-nocookie.com/ https://www.pinterest.com/ https://open.spotify.com/ https://widget.spreaker.com/ https://www.facebook.com/ https://e.issuu.com https://www.youtube.com https://player.vimeo.com https://connect.facebook.com https://connect.facebook.net; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com 1
frame-src 'self' https://teamup.com/ https://massinteract.com/ *.google.com *.twitter.com *.facebook.com *.it-plus.org *.youtube.com *.botframework.com *.programmatictrader.com *.sitescout.com *.campaign-archive.com; frame-ancestors 'self' *.it-plus.org *.coxnext.com *.coxnextcreative.com; 1
frame-src 'self' blob: *; 1
object-src 'none';script-src 'self' 'nonce-6a221594911e474a8b11bb20035d6c32' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://tagmanager.google.com https://www.googletagmanager.com https://www.googlemap.com.om https://google.com https://www.google-analytics.com https://apps.elfsight.com https://static.elfsight.com https://maps.googleapis.com https://static.ads-twitter.com https://snap.licdn.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net ;style-src 'self' 'unsafe-inline' https://unpkg.com https://fonts.googleapis.com https://offerswidget.visa.com;img-src 'self' data:  https://pbs.twimg.com https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://maps.googleapis.com https://maps.gstatic.com https://www.facebook.com https://csi.gstatic.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://offerswidget.visa.com https://www.visa.com;frame-src 'self' https://track.valueleadme.com https://www.youtube.com https://www.ustream.tv https://www.facebook.com https://player.vimeo.com https://www.google.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://track.valueleadme.com  https://www.googletagmanager.com 1
default-src 'self'; frame-src 'self' www.google.com www.youtube.com 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: cdn.ckeditor.com www.google-analytics.com ws1.postescanada-canadapost.ca 'unsafe-eval' 'unsafe-inline';connect-src 'self' www.google-analytics.com google-analytics.com *.fontawesome.com ws1.postescanada-canadapost.ca 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.googleapis.com fonts.gstatic.com ws1.postescanada-canadapost.ca *.fontawesome.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' fonts.googleapis.com ws1.postescanada-canadapost.ca stackpath.bootstrapcdn.com gitcdn.github.io stackpath.bootstrapcdn.com cdnjs.cloudflare.com cdn.ckeditor.com 'unsafe-eval' 'unsafe-inline'; script-src 'self' gitcdn.github.io kit.fontawesome.com stackpath.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com www.google.com code.jquery.com www.googletagmanager.com cdn.ckeditor.com ws1.postescanada-canadapost.ca www.gstatic.com www.google-analytics.com 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors 'self' https://www.wettstar-pferdewetten.de https://wettstar-pferdewetten.de https://wettstar.de; 1
frame-ancestors https://*.licklibrary.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://go.radisys.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://snap.licdn.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://cdn.sitesearch360.com/ http://ajax.googleapis.com/ https://ajax.googleapis.com/ https://app-abm.marketo.com/ https://www.buzzsprout.com/; style-src 'self' 'unsafe-inline' https://go.radisys.com/ https://use.typekit.net/ https://p.typekit.net/ https://app-abm.marketo.com/; img-src 'self' data: https://www.radisys.com http://www.radisys.com https://radisys.com http://radisys.com https://dev-radisys-cpaas.smarttstage.com/ https://content.cdntwrk.com/ https://www.google-analytics.com/ https://i.ytimg.com https://i.vimeocdn.com/ https://px.ads.linkedin.com/ https://www.google.com/ https://www.googletagmanager.com/; frame-src 'self' https://go.radisys.com/ https://www.youtube.com/ https://consentcdn.cookiebot.com/ https://player.vimeo.com/ https://app-abm.marketo.com/ https://www.buzzsprout.com/; font-src 'self' https://use.typekit.net/; child-src 'self'; connect-src 'self' https://consentcdn.cookiebot.com/ https://www.google-analytics.com/ https://cdn.linkedin.oribi.io/ https://global.sitesearch360.com/ https://insights.sitesearch360.com/ https://stats.g.doubleclick.net; manifest-src 'self'; media-src 'self'; object-src 'self'; worker-src 'self'; 1
default-src 'self' data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'; object-src 'self'; style-src 'self' data: 'unsafe-inline'; img-src 'self' data:; media-src 'self'; frame-src 'self' https://*.healthlogic.com blob: data:; font-src 'self' ; connect-src 'self' https://*.healthlogic.com; worker-src blob:; 1
default-src 'self' 'unsafe-inline' servedby.revive-adserver.net banner.isn.nl fonts.googleapis.com ssl.google-analytics.com www.googletagmanager.com www.google-analytics.com code.jquery.com maxcdn.bootstrapcdn.com youtube.com www.youtube.com stats.g.doubleclick.net; img-src * data:; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.youtube.com https://www.sjchs.org https://m.addthis.com http://graph.facebook.com http://api-public.addthis.com www.docscores.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://cdnjs.cloudflare.com/ajax/libs/jquery/1.12.4/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/js/bootstrap.min.js s7.addthis.com v1.addthisedge.com v1.addthis.com http://sjcdevadmin.aviddesign.com cmsadmin.sjchs.org bbox.blackbaudhosting.com www.googletagmanager.com cdn.rlets.com urldefense.com *.simpli.fi https://www.practicematch.com/CareerCenter/Opportunities/Find.cfm/RemainEmbedded/1/OwnerIDTypeIDs/29161_3/ExcludeSpecialtyAliases/1/SortOrder/2 bat.bing.com pubads.g.doubleclick.net beacon.krxd.net ssl.google-analytics.com tag.simpli.fi i.simpli.fi www.googleadservices.com pixel.mathtag.com reachlocal.thinkingchat.com eu.thinkingchat.com www.reachlocallivechat.com *.practicematch.com js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://www.sjchs.org https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap-theme.min.css https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css sjcdevadmin.aviddesign.com cmsadmin.sjchs.org www.docscores.com https://use.fontawesome.com https://stackpath.bootstrapcdn.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com bbox.blackbaudhosting.com *.practicematch.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: www.docscores.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com http://sjcdevadmin.aviddesign.com cmsadmin.sjchs.org https://www.googletagmanager.com/ bbox.blackbaudhosting.com *.simpli.fi *.google.com www.googleadservices.com *.doubleclick.net fault.rlets.com *.practicematch.com js.hsleadflows.net forms.hsforms.com *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://s7.addthis.com/ www.docscores.com www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com *.practicematch.com; frame-src 'self' *.youtube.com http://www.google.com s7.addthis.com v1.addthisedge.com v1.addthis.com bbox.blackbaudhosting.com https://www.practicematch.com/CareerCenter/Opportunities/Find.cfm/RemainEmbedded/1/OwnerIDTypeIDs/29161_3/ExcludeSpecialtyAliases/1/SortOrder/2 *.rlets.com https://www.facebook.com/ forms.hsforms.com web-chat.nativechat.com; connect-src 'self' *.youtube.com http://sjcdevadmin.aviddesign.com https://www.sjchs.org *.mktoresp.com cmsadmin.sjchs.org www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com www.docscores.com *.google.com *.doubleclick.net www.sjcphysiciannetwork.com *.googleapis.com *.gannettdigital.com apgb2b-reachcodeandproxy.gannettdigital.com *.rlets.com capture-api.reachlocalservices.com um.simpli.fi capturelogger-prod-usa.localiq.com *.practicematch.com forms.hubspot.com *.hsforms.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.docscores.com https://www.google.com/ www.sjc.jellyfishhealth.com bloom-service.jellyfishhealth.com web-chat.nativechat.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; frame-ancestors 'self' 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' *.trulicity.com *.lilly.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.css https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.css https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.css; script-src 'nonce-qBZZwYjII3qVW1de9R/uxw=='  'sha256-Smp+19ZlrroD+rHxLS8gxZPfnnLx2tqTCTiUTZuh6Ks='  'sha256-rTbQ2Czg9Cya8aVTkRGvMrlsVcq31akVnjFPVcccUvs='  'sha256-9eHVJZtADiM10PKnrRpFGmqrA49or9xsF76uEXNstUs='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net https://d.turn.com *.id.amgdgt.com https://lilly.demdex.net https://www.facebook.com/ *.trulicity.com *.lilly.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.js https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.js https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.js; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.rlcdn.com https://lilly.demdex.net https://omny.fm https://www.facebook.com/ https://connect.facebook.net *.trulicity.com *.lilly.com 1
frame-ancestors 'self' https://engage-ab.marketo.com/ 1
frame-ancestors www.awc-inc.com ww2.awc-inc.com a3im.com www.a3im.com web.awc-inc.com devweb.awc-inc.com webtest.awc-inc.com wwwtest.awc-inc.com suppliers.awc-inc.com localweb.awc-inc.com awc-inc.com; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-2285c191fda64c956fa74006d2136060'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://fun.meghantelpner.com 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org pghub.io www.youtube.com www.google-analytics.com feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io www.youtube-nocookie.com videos.ctfassets.net pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com *.cookielaw.org *.ytimg.com www.googletagmanager.com feed.pghub.io ; connect-src 'self' *.cookielaw.org *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self'; 1
frame-ancestors *.i-bankonline.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://www.googletagmanager.com; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' https://www.googletagmanager.com data: https:; media-src 'self' https:; frame-src 'self' data: https:; font-src 'self' data: https: 1
default-src 'none';script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-3e63a4edb46e4f6bd0aa83ff30e42e16';script-src-elem 'self' 'unsafe-inline' 'nonce-3e63a4edb46e4f6bd0aa83ff30e42e16' https://www.buzzsprout.com https://static.ads-twitter.com https://snap.licdn.com https://bat.bing.com https://player.vimeo.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://ad.wsod.com https://polyfill.apps.factset.com https://cdn.factset.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com;img-src 'self' data: https://i.vimeocdn.com https://px.ads.linkedin.com https://t.co https://analytics.twitter.com https://bat.bing.com https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net;connect-src 'self' https://cdn.linkedin.oribi.io https://*.googletagmanager.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://stats.g.doubleclick.net;font-src 'self' https://cdn.factset.com https://fonts.gstatic.com;form-action 'self';frame-ancestors 'none';frame-src https://player.vimeo.com https://www.buzzsprout.com/ https://www.google.com https://www.googletagmanager.com https://ad.wsod.com;object-src 'none';base-uri 'self' 1
connect-src 'self' *.100gadgets.kz *.100gadgets.by *.100gadgets.ru 100gadgets.ru mc.yandex.ru *.google-analytics.com yandex.ru *.jivosite.com wss://*.jivosite.com *.jivo.ru wss://*.jivo.ru analytics.tiktok.com; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.14daycourselaunch.com https://www.contentcreator.com https://www.mirandaryan.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: *.selpers.com; 1
default-src * data: blob: 'self';script-src *.konzerthaus-dortmund.de *.googletagmanager.com *.sharethis.com portal.safe-port.cloud *.bing.com *.typekit.net *.facebook.net *.gstatic.com *.issuu.com *.enuerto.net *.google-analytics.com *.google.com *.jquery.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;form-action 'self' https://konzerthaus-dortmund.com https://*.konzerthaus-dortmund.com https://*.inxmail.com https://www.facebook.com/tr/ https://*.ipg-online.com https://www.paypal.com/; connect-src *.konzerthaus-dortmund.com *.konzerthaus-dortmund.de portal.safe-port.cloud *.facebook.net *.google-analytics.com *.google.com *.doubleclick.net *.sharethis.com *.bing.com updates.expressionengine.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://brighteon.social; img-src 'self' https: data: blob: https://brighteon.social; style-src 'self' https://brighteon.social 'nonce-k/zmLEsa/Rn+zrXcvMzw9Q=='; media-src 'self' https: data: https://brighteon.social; frame-src 'self' https:; manifest-src 'self' https://brighteon.social; connect-src 'self' data: blob: https://brighteon.social https://s3.us-west-002.backblazeb2.com wss://brighteon.social https://www.brighteon.com https://censored.news https://analytics.distributednews.com; script-src 'self' https://brighteon.social https://support.brighteon.com https://www.brighteon.tv https://hcaptcha.com https://static.cloudflareinsights.com https://analytics.distributednews.com; child-src 'self' blob: https://brighteon.social; worker-src 'self' blob: https://brighteon.social 1
report-uri dans.knaw.nl 1
default-src 'self' cdn.go-transcribe.com transcribe.blob.core.windows.net www.google-analytics.com *.in.applicationinsights.azure.com googleads.g.doubleclick.net *.services.visualstudio.com; style-src 'self' 'unsafe-inline' cdn.go-transcribe.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com cdn.jsdelivr.net www.google-analytics.com www.googletagmanager.com *.vo.msecnd.net www.googleadservices.com googleads.g.doubleclick.net *.services.visualstudio.com; img-src 'self' data: cdn.go-transcribe.com www.google-analytics.com; font-src 'self' cdn.go-transcribe.com fonts.gstatic.com; form-action 'self'; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com *pghub.io pghub.io *.facebook.net feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io consumersupport.pg.com pandg.tapad.com ; media-src 'self' *.ctfassets.net feed.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net www.google-analytics.com *.tapad.com www.googletagmanager.com www.facebook.com feed.pghub.io ; connect-src 'self' *.algolia.net *.algolianet.com www.google-analytics.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
base-uri 'self' *.sitesearch360.com; connect-src 'self' *.google-analytics.com *.webspellchecker.net *.crazyegg.com *.sitesearch360.com *.siteimprove.com; default-src 'self'; frame-src 'self' *.google.com *.googleapis.com *.sitescout.com *.sitesearch360.com *.youtube-nocookie.com *.youtube.com *.granicus.com *.vimeo.com; font-src 'self' *.bootstrapcdn.com *.cloudflare.com *.typekit.net *.webspellchecker.net fonts.gstatic.com fonts.googleapis.com; script-src *.hallestill.com 'unsafe-inline' 'unsafe-eval' *.cloudflare.com unpkg.com *.basis.net *.webspellchecker.net *.edgepilot.com *.crazyegg.com *.bootstrapcdn.com fonts.googleapis.com *.google-analytics.com *.googletagmanager.com apis.google.com *.google.com *.gstatic.com *.googleapis.com *.siteimprove.com *.jquery.com *.jsdelivr.net *.licdn.com *.addthisedge.com *.sitesearch360.com;style-src *.hallestill.com 'unsafe-inline' *.cloudflare.com *.webspellchecker.net *.sitesearch360.com unpkg.com *.typekit.net *.bootstrapcdn.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.jquery.com *.jsdelivr.net; form-action *.hallestill.com; img-src * 'unsafe-inline' *.linkedin.com data:; object-src 'none' *.granicus.com 1
frame-ancestors https://*.randstad.es; 1
child-src https://docs.google.com/ https://www.youtube.com/ https://www.google.com/ https://files.42dot.ai/; 1
default-src * data: filesystem: about: blob: ws: wss:; script-src * data: filesystem: about: blob: ws: wss: 'unsafe-eval' 'unsafe-inline'; style-src * data: filesystem: about: blob: ws: wss: 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; connect-src 'self' https://esprechstunde.net wss://esprechstunde.net https://sentry.digineo.de 1
default-src 'self' https:;script-src *.termly.io *.matomo.cloud *.googleapis.com *.signalintent.com *.jquery.com *.destinilocators.com *.facebook.net *.facebook.com *.doubleclick.net 'self' data: 'unsafe-inline' 'unsafe-eval' *.yoast.com *.googletagmanager.com *.google.com *.gstatic.com *.google-analytics.com *.cloudfront.net *.cloudflare.com wpsitesync.com;style-src *.google.com *.signalintent.com *.facebook.net *.facebook.com *.destinilocators.com *.doubleclick.net 'self' 'unsafe-inline' yoast.com *.googleapis.com *.cloudfront.net *.cloudflare.com wpsitesync.com;font-src 'self' data: 'unsafe-inline' *.signalintent.com yoast.com *.gstatic.com *.cloudfront.net *.cloudflare.com wpsitesync.com;img-src destinilocators.com *.googleapis.com *.gstatic.com *.facebook.net *.facebook.com 'self' s.w.org yoast.com data: *.google-analytics.com *.doubleclick.net *.googletagmanager.com *.gravatar.com *.cloudfront.net *.cloudflare.com wpsitesync.com *.google.com i0.wp.com https:;frame-src *.intrepidfiber.com *.trinethire.com *.termly.io *.google.com *.facebook.net *.facebook.com *.doubleclick.net destinilocators.com 'self' *.vimeo.com *.youtube.com;form-action *.facebook.com *.icontact.com 'self';base-uri 'self';connect-src 'self' *.termly.io *.matomo.cloud *.herokuapp.com *.signalintent.com yoast.com *.googletagmanager.com yoast.com *.google-analytics.com;frame-ancestors 'self';object-src 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-+IpsRDfP7YmK8TtflqvWnUoSTSHmaBVa09i4c5jgtxw/kYIs' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-OLSxevyiSENVpxhNheLGw0V8SjhpY7T2/4/zyHaX/dZyBlpp' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-vOzHsdP29UyNxPBcDPw1Npsfh1AuxMTjLQqK4hwjAFylC3K6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-HDC+jv1/dOxYSxviYeIFy+XmR+23Rc/Zfl566UkduGwbvQqT' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-BqGPsKJwdA5yc+qprxAZ2HrYVRPdbLEkpZZqSwpxyLq02Mjb' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-R98CnS8jIKB8XTWqcBzPjaLWfdGF+wUbHjd7Kr8OpMZawpUS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-SFWtusc2tVcGr26A3IjGmDQugvQDsk9sWgg1XyIEM8T52XcP' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-K/iQaYVjoCayAkwHdPPW7gbAtMBUNDgTndUXSSpEFCnZFgcN' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-h4HVjF4l7mLlwE3Zfd+d5x8GFqV2xkrxMj/64sxx+D5Opezg' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src wss://phantombuster.zendesk.com wss://*.zopim.com wss://*.hotjar.com wss://*.appcues.net wss://*.appcues.com wss://*.userpilot.io https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; frame-ancestors 'none' 1
frame-ancestors https://www.hellebrekers.nl 1
default-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;font-src 'self' https://fonts.gstatic.com/;img-src 'self' data: https://www.google-analytics.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://file.for.sg/;script-src 'self' https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.googletagmanager.com/ https://*.browser-intake-datadoghq.com/ https://www.datadoghq-browser-agent.com/;worker-src blob:;connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.browser-intake-datadoghq.com/ o372043.ingest.sentry.io o372043.ingest.sentry.io;frame-ancestors 'self';report-uri https://o372043.ingest.sentry.io/api/5193500/security/?sentry_key=a76d61749b824d8fa8ad84eee7ecc882;upgrade-insecure-requests 1
script-src 'nonce-v52JGVeC7Om5_KBaZAjP2w' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/adsense_google_com; base-uri 'none' 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-HWVMWqbVYnv5qZbRMFBTkg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
img-src 'self' data: static.abhibus.com www.google-analytics.com d3vdia0kyiexbh.cloudfront.net developers.google.com maps.gstatic.com maps.googleapis.com ; 1
default-src 'self' https://feed.pghub.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://snippet.maze.co https://feed.pghub.io https://z.moatads.com/ https://s.swiftypecdn.com/ https://connect.facebook.net/ https://js.adsrvr.org/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.googleadservices.com/ https://maps.googleapis.com https://unpkg.com https://googleads.g.doubleclick.net https://static.ads-twitter.com https://script.crazyegg.com https://api.ipify.org https://code.jquery.com/ https://c.lytics.io/ https://cdn.segment.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://pghub.io/ https://cdn.cookielaw.org/; style-src 'self' 'unsafe-inline' https://feed.pghub.io https://cdn.cookielaw.org/ https://c.lytics.io/ https://cdnjs.cloudflare.com https://unpkg.com; object-src https://images.ctfassets.net/; base-uri 'self'; connect-src 'self' https://privacytermsprod.azureedge.net https://assets.ctfassets.net/ https://cdn.contentful.com https://mw-ar-recom-prod.pgapi.io/ https://staging-api.fr.pg.com/ https://gpdb-staging.name-coach.com/api/public/v1/pronunciations/phonetics https://gpdb.name-coach.com/api/public/v1/pronunciations/phonetics https://prompts.maze.co https://pagestates-tracking.crazyegg.com https://assets-tracking.crazyegg.com https://tracking.crazyegg.com https://api.fr.pg.com https://pg-poc-regulatory-app-test.azurewebsites.net https://s.swiftypecdn.com https://maps.googleapis.com https://script.crazyegg.com https://consent-api.onetrust.com https://api.segment.io/ https://match.adsrvr.org/ https://lj18wdvpyu-3.algolianet.com/ https://lj18wdvpyu-2.algolianet.com/ https://lj18wdvpyu-1.algolianet.com/ https://lj18wdvpyu-dsn.algolia.net/ https://www.google-analytics.com/ https://region1.google-analytics.com https://cdn.cookielaw.org *.doubleclick.net https://stats.g.doubleclick.net; font-src 'self' https://feed.pghub.io; frame-src 'self' https://images.ctfassets.net/ https://www.youtube-nocookie.com/ https://feed.pghub.io https://www.facebook.com/ https://d.agkn.com/ https://www.youtube.com https://pandg.tapad.com https://www.google.com/ https://www.googletagmanager.com/; img-src 'self' blob: data: https://feed.pghub.io https://www.facebook.com/ https://downloads.ctfassets.net/ https://px.moatads.com/ https://googleads.g.doubleclick.net/ https://www.confianzaonline.es *.akamaihd.net https://maps.gstatic.com https://maps.googleapis.com https://t.co https://www.google.com/ https://www.google.hr/ https://analytics.twitter.com https://s.amazon-adsystem.com/ https://c.lytics.io/ https://cdn.cookielaw.org/ https://www.googletagmanager.com/ https://match.adsrvr.org/ https://images.ctfassets.net https://pixel.tapad.com https://www.google-analytics.com https://i.ytimg.com; manifest-src 'self'; frame-ancestors 'self' https://app.contentful.com; media-src 'self' https://feed.pghub.io https://videos.ctfassets.net/; worker-src blob:; 1
default-src 'self'; connect-src 'self' https: wss: http://*.mktoresp.com/; script-src 'self' 'nonce-OTI5ZmQxOWQtODQ2NC00NmQyLTkwYTgtODU3YTM2YzE4MjJm' blob: https://s3.amazonaws.com/ https://www.google.com/ https://insights.amcor.com www.googletagmanager.com https://apis.google.com https://snap.licdn.com 'sha256-4nxBwvGtrokGNkqD2OxOt8Y07P7caJHk00sGwjNYF5I=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-wJnaEuXlpn5L1KZNPUoGker+9rMHauazCwaRW2W1Cgk=' 'sha256-AbbBgCnZmDtAJF45O21UMnyhPTGCFq7BwU9LGANWPhA=' 'sha256-ET35hd5T26bYi7UrLoRy4dMQYZlPVn2l6lM9i3c+dZY=' https://js-na1.hs-scripts.com https://script.hotjar.com/ https://www.gstatic.com/ https://netlify-rum.netlify.app/ https://share-eu1.hsforms.com/ https://cdnjs.cloudflare.com/ https://ajax.googleapis.com/ https://maps.googleapis.com/ https://tools.euroland.com/ https://widget.surveymonkey.com/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://www.youtube.com/ https://www.google.com/recaptcha/api.js http://js.hs-scripts.com/ https://js.hs-analytics.net/ https://js.hsleadflows.net/ https://js.hsadspixel.net/ https://js.hs-banner.com/ https://js.usemessages.com/ http://munchkin.marketo.net/ http://unpkg.com/ http://js.hsforms.net/forms/v2.js; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; media-src 'self' https: data: blob: https://videos.ctfassets.net; base-uri 'self'; frame-src 'self' https: http://*.libsyn.com/; img-src 'self' https: data: www.googletagmanager.com http://images.ctfassets.net/ blob:; frame-ancestors 'self' https://app.contentful.com; 1
default-src 'self' *.google-analytics.com *.gstatic.com *.googleapis.com *.ggpht.com *.gravatar.com *.yoast.com *.wpengine.com *.hsforms.com *.hs-banner.com *.hscollectedforms.net *.s3.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.linkedin.com *.facebook.com *.googletagmanager.com *.hsforms.net *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net blob:; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; connect-src 'self' *.googleapis.com opensharecount.com *.google-analytics.com *.hsforms.com *.hubspot-forms-static-embed.s3.amazonaws.com *.hscollectedforms.net; object-src 'self'; frame-src 'self' *.youtube.com *.vimeo.com *.hsforms.com 1
default-src https: 'self'; connect-src https: 'self' http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://axon-ems-fe-api.arx.com.ua wss://axon-ems-fe-api.arx.com.ua; font-src https: 'self' data: http://script.hotjar.com https://script.hotjar.com; frame-src https: 'self' https://vars.hotjar.com; frame-ancestors https: 'self'; img-src https: data: 'self' https://script.hotjar.com http://script.hotjar.com; media-src https: 'self'; object-src https: 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: 'self' http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com; style-src 'unsafe-inline' https: 'self'; 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: 'self' blob: *.dynamicyield.com *.cloudmaestro.com *.searchspring.net *.googletagmanager.com *.cookiebot.com *.helpscout.net *.google-analytics.com *.facebook.net *.fbcdn.net *.yimg.com *.bing.com *.criteo.net *.criteo.com *.bronto.com *.silver.com *.yahoo.com *.googleapis.com *.shopperapproved.com *.nr-data.net *.newrelic.com *.inspectlet.com *.intellisuggest.com *.paypalobjects.com *.paypal.com *.online-metrix.net *.twimg.com *.twitter.com *.instagram.com *.youtube.com *.doubleclick.net *.cloudfront.net bitpay.com *.bitpay.com *.nfusionsolutions.biz *.cdn77.org *.plaid.com *.routingnumbers.info *.tradingview.com *.smartystreets.com wsonline.seisint.com *.googleadservices.com *.nfusionsolutions.com *.google.com *.nameapi.org *.taxjar.com raw.githubusercontent.com cdn.ampproject.org *.wompmobile.com cdnjs.cloudflare.com az690879.vo.msecnd.net api-cache.searchspring.io tpc.googlesyndication.com www.gstatic.com ey66qs.a.searchspring.io p11.techlab-cdn.com cdncy.silver.com *.womp.me wompme.blob.core.windows.net songbird.cardinalcommerce.com static.klaviyo.com static-tracking.klaviyo.com *.fpapi.io cdn.jsdelivr.net *.fpcdn.io fpcdn.io womp.me *.fptls.com fptls.com a.klaviyo.com app.contentsquare.com *.contentsquare.net js.braintreegateway.com *.braintree-api.com; report-uri /.webscale/csp-report 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://ausi.github.io/ blob: ; style-src 'unsafe-inline' 'self' ; img-src * data: file: https: blob: ; media-src *; worker-src 'self' blob: ; frame-src * ; child-src * blob: ; connect-src 'self' data: ; report-to default ; report-uri //ajax.php?action=uf_securitypolicyreport_save 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://s3.amazonaws.com/ https://*.list-manage.com/ https://code.jquery.com/ https://stats.wp.com/ https://js.zi-scripts.com/ https://s0.wp.com/ https://www.googletagmanager.com/; img-src 'self' data: blob: https://pixel.wp.com/ https://secure.gravatar.com/ https://widgets.wp.com/ https://i0.wp.com/ https://i2.wp.com/; object-src 'self' data: blob: https://widgets.wp.com/; frame-src 'self' data: blob: https://widgets.wp.com/; 1
default-src 'self';img-src 'self' https://* data: ;style-src 'self' https://* 'unsafe-inline' data: ;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.googleapis.com www.amcharts.com www.googletagmanager.com; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com pro.fontawesome.com data:; connect-src 'self' *.englishforward.com fonts.gstatic.com pro.fontawesome.com *.googleapis.com www.googletagmanager.com  1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://wchat.freshchat.com https://www.google-analytics.com https://analytics.google.com https://www.googleoptimize.com https://connect.facebook.net https://apis.google.com https://static.hotjar.com https://script.hotjar.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/vjbW55W42X033PfTdVf6Ft4q/recaptcha__en.js;connect-src * 'unsafe-inline';font-src 'self' fonts.googleapis.com;img-src * data: blob:; frame-src 'self' https://wchat.freshchat.com https://www.googletagmanager.com https://www.youtube.com https://545299966298273.webpush.freshchat.com/ https://www.google.com/recaptcha/api.js https://www.google.com/; 1
default-src 'self' *.google-analytics.com analytics.google.com js.zi-scripts.com *.zoominfo.com alarmcomincorporated.api.insent.ai; font-src 'self' fonts.gstatic.com fonts.googleapis.com; media-src *; img-src * data:; style-src 'self' fonts.googleapis.com 'unsafe-inline' *.cloudfront.net; script-src 'self' *.google-analytics.com analytics.google.com *.googletagmanager.com *.google.com *.gstatic.com *.greenhouse.io *.googleadservices.com *.hotjar.com *.facebook.net *.mathtag.com *.licdn.com *.tvsquared.com *.nextdoor.com 'unsafe-inline' 'unsafe-eval' js.zi-scripts.com alarmcomincorporated.widget.insent.ai alarmcomincorporated.api.insent.ai *.zoominfo.com; frame-ancestors 'self' *.alarm.com *.adt.com adt.com.es www.adt.cl www.adt.co.cr www.adt.co.uk www.adt.com.ar www.adt.com.br www.adt.com.mx www.adt.com.uy www.adt.my www.adtsecurity.com.au www.adtsecurity.co.nz www.secomsmart.com.sg www.sakralarm.se lightfootmechanical.com www.secomsmart.com.my smartsecurity.secom.plc.uk www.secom.co.th smartservices.adt.co.uk smartservices.adt.ie infinitysecurity.ca www.protek.com.py www.nos.pt www.chubbhomesecurity.com.au www.alert360.com www.securityinc.net i-wonder.co.jp iqconnect.qolsys.com www.alltid24.no  www.tutumhome.com vprotectindia.com kizukumo.com www.securitascostarica.com www.connect.securitas.de www.securitas.be ms-lifeconnect.com www.securitasperu.com securitasconnect.se;frame-src 'self' *.alarm.com *.youtube.com academy-alarm.com *.google.com *.greenhouse.io *.mathtag.com *.hotjar.com alarmcomincorporated.widget.insent.ai alarmcomincorporated.api.insent.ai; 1
default-src 'self'; script-src 'self' wa.acxx.de; img-src 'self' img.buymeacoffee.com; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' wa.acxx.de 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' igorewards.com.hk *.igorewards.com.hk *.hutchgo.com *.google-analytics.com hutchgo.advertserve.com *.googletagmanager.com secure-ds.serving-sys.com connect.facebook.net bs.serving-sys.com s.wego.com *.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com maxcdn.bootstrapcdn.com *.googleadservices.com googleads.g.doubleclick.net recommender.scarabresearch.com cdn.mouseflow.com bat.bing.com maps.google.com maps.googleapis.com developers.google.com www-igorewards-test.hutchgo.com *.hutchgo.com.hk *.hutchgo.com.sg *.hutchgo.com.cn *.hutchgo.com.tw *.google.com analytics.skyscanner.net *.clarity.ms remote.captcha.com 1
frame-ancestors 'self' http://app.schoeck.com https://app.schoeck.com http://staffbase.com capacitor://app.schoeck.com capacitor://staffbase.com 1
default-src 'self' https://www.citybankplc.com/ https://ibank.citybankplc.com/ https://www.google-analytics.com/ https://www.citytouch.com.bd/ https://www.google.com https://www.youtube.com/ https://stats.g.doubleclick.net/ https://lankabd.com/; script-src 'self' https://www.citybankplc.com/  https://www.googletagmanager.com/  https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://connect.facebook.net/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com/ 'unsafe-inline'; font-src 'self' data: https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://fonts.gstatic.com/; img-src 'self' data: https://www.google-analytics.com/ https://img.youtube.com/ https://www.google.com.bd/ https://www.facebook.com/; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' pghub.io cdn.cookielaw.org connect.facebook.net *.iesnare.com *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.cookielaw.org images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' consumersupport.pg.com ct.pinterest.com www.facebook.com feed.pghub.io pandg.tapad.com ; manifest-src * ; 1
img-src * data: blob:; script-src 'self' 'unsafe-eval' https://api.mapbox.com https://api.tiles.mapbox.com https://cdn.firebase.com https://embed.typeform.com https://npmcdn.com https://www.gstatic.com widget.trustpilot.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem * 'unsafe-inline'; style-src *; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' 1
default-src https: 'unsafe-inline' img-src https: data: 'unsafe-inline' 1
default-src http: https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: wss://widget.apibcknd.com wss://widget.me-talk.ru wss://realtime-services-chat-2.carrotquest.app wss://rts-v2.carrotquest.app  wss://realtime-services-chat-1.carrotquest.app; frame-ancestors 'self' https://*.webvisor.com https://*.flocktory.com https://*.yandex.ru https://*.yandex.com https://*.carrotquest.app wss://*.carrotquest.app https://*.carrotquest.io wss://*.carrotquest.io https://*.carrottrack.io wss://*.carrottrack.io https://cdn.carrotquest.app 1
default-src 'self' *.gov.hk *.google-analytics.com *.googleapis.com *.googletagmanager.com; style-src 'self' *.googleapis.com *.gov.hk www.chrt.org.hk www.comptribunal.hk www.coms-auth.hk www.e-c.edu.hk www.harbourfront.org.hk www.hfc.org.hk www.hkcfa.hk www.hongkongpost.hk www.judiciary.hk www.lasc.hk www.mpfa.org.hk www.ticf.org.hk *.tradesinglewindow.hk www.hkmw.hk; script-src 'self' *.one.gov.hk *.gov.hk www.gstatic.com www.recaptcha.net *.google-analytics.com *.googleapis.com *.googletagmanager.com www.chrt.org.hk www.comptribunal.hk www.coms-auth.hk www.e-c.edu.hk www.harbourfront.org.hk www.hfc.org.hk www.hkcfa.hk www.hongkongpost.hk www.judiciary.hk www.lasc.hk www.mpfa.org.hk www.ticf.org.hk *.tradesinglewindow.hk www.hkmw.hk; img-src 'self' data: *.google-analytics.com *.gov.hk www.chrt.org.hk www.comptribunal.hk www.coms-auth.hk www.e-c.edu.hk www.harbourfront.org.hk www.hfc.org.hk www.hkcfa.hk www.hongkongpost.hk www.judiciary.hk www.lasc.hk www.mpfa.org.hk www.ticf.org.hk *.tradesinglewindow.hk www.hkmw.hk; frame-ancestors 'self'; frame-src 'self' www.recaptcha.net; font-src 'self' fonts.gstatic.com *.gov.hk www.chrt.org.hk www.comptribunal.hk www.coms-auth.hk www.e-c.edu.hk www.harbourfront.org.hk www.hfc.org.hk www.hkcfa.hk www.hongkongpost.hk www.judiciary.hk www.lasc.hk www.mpfa.org.hk www.ticf.org.hk *.tradesinglewindow.hk www.hkmw.hk; form-action 'self' *.gov.hk *.suntek.com.hk; base-uri 'self' 1
default-src 'self' *.google-analytics.com *.doubleclick.net *.adsrvr.org *.cloudfront.net *.google.com *.youtube.com *.braintree-api.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.amazonaws.com *.onemap.sg *.facebook.com *.mastercard.com  https:; script-src 'self' www.googletagmanager.com www.google-analytics.com google-analytics.com *.adsrvr.org acdn.adnxs.com login.dotomi.com *.dotomi.com unpkg.com cdnjs.cloudflare.com cdn.jsdelivr.net www.googleadservices.com connect.facebook.net *.braintree-api.com *.braintreegateway.com *.fls.doubleclick.net googleads.g.doubleclick.net www.paypalobjects.com *.paypal.com pay.google.comsongbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com www.google.com code.jquery.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com *.mastercard.com  'unsafe-inline' https:;style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com *.braintreegateway.com cdn.jsdelivr.net *.mastercard.com  'unsafe-inline' https:; img-src 'self' assets.braintreegateway.com checkout.paypal.com *.mastercard.com  data: https:; media-src 'self' *.ascentismedia.com  data: https:; child-src 'self' assets.braintreegateway.com *.paypal.com  'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' assets.braintreegateway.com *.braintreegateway.com *.paypal.com *.cardinalcommerce.com *.google.com *.youtube.com *.adsrvr.org *.doubleclick.net *.mastercard.com  https:; connect-src 'self' *.braintreegateway.com *.doubleclick.net *.cardinalcommerce.com *.paypal.com *.onemap.sg *.google-analytics.com *.facebook.com *.braintree-api.com *.smooch.io wss:  https:; frame-ancestors 'self' dmp.truoptik.com *.mastercard.com  https:; font-src 'self' fonts.gstatic.com kit-free.fontawesome.com cdnjs.cloudflare.com  https:; object-src 'self'  https:; 1
frame-ancestors https://stratolaunch.frb.io https://www.stratolaunch.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://www.googletagmanager.com https://www.youtube.com https://analytics.tiktok.com https://edge.fullstory.com https://twitter.com http://platform.twitter.com *.google-analytics.com https://script.tapfiliate.com;style-src 'self' 'unsafe-inline';font-src 'self' data: https://fonts.gstatic.com;img-src 'self' * data:;connect-src 'self' https://academy-cms.learncrypto.com https://admin.learncrypto.com http://0.0.0.0:3139 https://analytics.tiktok.com https://www.googletagmanager.com https://edge.fullstory.com https://twitter.com https://platform.twitter.com https://o1431714.ingest.us.sentry.io https://o1431714.ingest.sentry.io https://vimeo.com *.google-analytics.com https://apis.google.com wss://* https://explorer-api.walletconnect.com https://c.thirdweb.com/event https://tapi.tapfiliate.com/;object-src 'none';frame-src 'self' https://www.youtube.com https://player.vimeo.com https://platform.twitter.com https://verify.walletconnect.com;worker-src 'self' blob: 1
frame-ancestors kdl.org *.kdl.org kdl.bibliocms.com *.kdl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src kdl.org *.kdl.org kdl.bibliocms.com *.kdl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' https://e-activist.com; 1
frame-ancestors decard.me 1
img-src 'self' *.commercecloud.salesforce.com nadir.com.br *.nadir.com.br data: *.demandware.net cdn.popt.in https://www.facebook.com https://www.google.com.br https://www.google.com/ads/ga-audiences https://storage.googleapis.com https://api.pagar.me https://www.google-analytics.com https://googleads.g.doubleclick.net/ https://www.google.com/ https://googleads.g.doubleclick.net/ https://code.jquery.com/ *.bing.com/ *.enviou.com.br/ *.tiktok.com/ *.hotjar.com/ *.getblue.io/ *.smarthint.co/ www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://*.afilio.com.br/ https://*.azurewebsites.net/ targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com/ *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com/;script-src 'self' 'unsafe-eval' 'unsafe-inline' storage.googleapis.com/ https://accounts.google.com/ *.commercecloud.salesforce.com/ nadir.com.br *.nadir.com.br https://cdn.popt.in/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js https://www.google.com.br/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://www.facebook.com/ https://connect.facebook.net/ https://unpkg.com/ https://googleads.g.doubleclick.net/ https://code.jquery.com/ *.botmaker.com/ *.bing.com/ *.enviou.com.br/ *.tiktok.com/ *.hotjar.com/ *.getblue.io/ *.smarthint.co/ https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.afilio.com.br/ https://*.azurewebsites.net/ targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com/ *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com/ https://*.gstatic.com/;connect-src 'self' api.cquotient.com https://viacep.com.br https://accounts.google.com *.commercecloud.salesforce.com *.demandware.net nadir.com.br *.nadir.com.br https://cdn.popt.in https://display.popt.in https://d3lopmpcew67el.cloudfront.net https://www.google.com.br https://googletagmanager.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.facebook.com https://connect.facebook.net https://www.facebook.com/tr https://api.pagar.me https://lottie.host https://googleads.g.doubleclick.net/ https://code.jquery.com/ *.bing.com/ *.enviou.com.br/ *.tiktok.com/ *.hotjar.com/ *.hotjar.io/ *.getblue.io/ *.smarthint.co/ google.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.google.com/ wss://*.hotjar.com/ https://www.googleadservices.com/ https://*.googleadservices.com/ https://*.afilio.com.br/ https://*.azurewebsites.net/ targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com/ *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com/ https://*.gstatic.com/;frame-src 'self' www.youtube.com https://www.google.com.br https://accounts.google.com https://www.googletagmanager.com *.commercecloud.salesforce.com nadir.com.br *.nadir.com.br https://cdn.popt.in https://www.facebook.com https://td.doubleclick.net/ https://googleads.g.doubleclick.net/ https://code.jquery.com/ *.bing.com/ *.enviou.com.br/ *.tiktok.com/ *.hotjar.com/ *.getblue.io/ *.smarthint.co/ https://bid.g.doubleclick.net targeting.voxus.com.br targeting.voxus.tv api.ipify.org api.voxus.tv loggly.com secure.adnxs.com/ *.targeting.voxus.com.br *.targeting.voxus.tv *.api.ipify.org *.api.voxus.tv *.loggly.com *.secure.adnxs.com https://*.gstatic.com/ https://*.google.com/;upgrade-insecure-requests;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
base-uri 'self'; default-src 'self'; manifest-src 'self'; object-src 'self' data:; frame-ancestors 'none'; script-src-attr 'none'; connect-src 'self' https://*; frame-src https://*; font-src 'self' https://fonts.gstatic.com; block-all-mixed-content; upgrade-insecure-requests; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://cdn.privacytools.com.br; form-action 'self' https://*.starlightcms.io https://*.advancecomunicacao.com.br https://*.advance.com.br; img-src 'self' https://*.advance.com.br https://media-selene-development.s3.amazonaws.com https://*.starlightcms.io https://*.google.com https://*.google.com.br https://*.google-analytics.com https://*.facebook.com https://vercel.live https://cdn.privacytools.com.br data:; script-src 'self'  'nonce-xuyZ+ICakcDiCUtrRZ3FDq0wiFIMu1aVqHeW2HN5tgE=' https://*.facebook.net https://cdn.privacytools.com.br https://*.cloudfront.net https://*.googletagmanager.com; 1
frame-ancestors 'self' www.groz-beckert.com www.groz-beckert.cn one.sitrion.com; 1
default-src 'self' data: wss: *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org sp-dir.uwn.com web.delighted.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' *.tile.openstreetmap.org maps.gstatic.com *.googleapis.com blog.ui.com *.svc.ui.com data:; script-src 'self' data: wss: www.youtube.com *.tile.openstreetmap.org *.gstatic.com *.googleapis.com geocode.arcgis.com nominatim.openstreetmap.org d2yyd1h5u9mauk.cloudfront.net sp-dir.uwn.com 'sha256-VWlS8Ik7XRVhz/AxeiqW/Fz0x8ZwAlOO7KdRrOwgP0Q='; frame-src www.youtube.com 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' https: my-hr.co my-hr.co.il meku-app.co.il;object-src 'self' 'unsafe-inline' data: blob: https: my-hr.co my-hr.co.il meku-app.co.il;style-src 'unsafe-inline' https:;style-src-elem 'unsafe-inline' https: https://fonts.googleapis.com;img-src 'self' blob: data: https://maps.gstatic.com https://maps.googleapis.com https://mekusharim-storage-staging.s3.eu-central-1.amazonaws.com https://mekusharim-storage-pre-production.s3.eu-central-1.amazonaws.com https://mekusharim-storage.s3.eu-central-1.amazonaws.com https://mekusharim-storage-pre-prod.s3.eu-central-1.amazonaws.com;worker-src blob: https:;frame-src blob: data: https:; 1
frame-ancestors 'self' https://familywatchdog.us https://*.familywatchdog.us ; 1
default-src https://cdn.plaid.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data: https://static.flourish.com/ https://assets.flourish.com https://static.flourish.com https://www.google-analytics.com https://www.google.com https://track.hubspot.com https://d.adroll.com *.hubspot.com;object-src 'none';script-src 'sha256-8ZgGo/nOlaDknQkDUYiedLuFRSGJwIz6LAzsOrNxhmU=' *.hubspot.com;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://static.flourish.com/ https://assets.flourish.com https://resources.flourish.com https://api.segment.io https://api-js.mixpanel.com https://www.google-analytics.com https://stats.g.doubleclick.net https://flourish-document-upload.s3.amazonaws.com https://flourish-user-service-csv-upload.s3.amazonaws.com https://flourish-eng-apps-prod-ue1-platform-upload.s3.amazonaws.com https://forms.hubspot.com https://cdn.segment.com https://development.plaid.com https://production.plaid.com *.hubspot.com wss://localhost:*/;frame-src https://cdn.plaid.com https://bid.g.doubleclick.net/ *.hubspot.com *.hs-sites.com;manifest-src 'self' https://static.flourish.com/;script-src-elem 'nonce-b4681de82aebef08c8f78b901572f7c5' https://static.flourish.com/ https://cdn.plaid.com https://development.plaid.com https://production.plaid.com https://cdn.segment.com https://cdn.mxpnl.com https://www.googletagmanager.com https://www.google-analytics.com https://assets.adobedtm.com https://js.hs-scripts.com https://js.hsleadflows.net https://js.hs-analytics.net https://js.hs-banner.com *.hubspot.com *.adroll.com *.hs-scripts.com 'sha256-8ZgGo/nOlaDknQkDUYiedLuFRSGJwIz6LAzsOrNxhmU=' https://localhost:* 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; frame-src * ; font-src * 'self' data: ; 1
default-src *; img-src 'self'  https://yandex.com.tr/ https://www.google-analytics.com/  https://core-renderer-tiles.maps.yandex.net/  https://api-maps.yandex.ru/  https://www.google.com/  https://ad.doubleclick.net/ https://mb-files-public.s3-eu-central-1.amazonaws.com/ https://www.google.com.tr/ https://i.ytimg.com/  data: w3.org/svg/2000; script-src 'self'  https://www.googletagmanager.com/ https://connect.facebook.net/ https://static.hotjar.com https://www.google.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://www.google-analytics.com/ https://www.youtube.com/ https://googleads.g.doubleclick.net/ https://cdn.mindbehind.com/ https://www.gstatic.com/ https://api-maps.yandex.ru/ https://connect.facebook.net/ https://yastatic.net/ https://core-renderer-tiles.maps.yandex.net/ 'unsafe-inline' 'unsafe-eval' ; style-src  'self' 'unsafe-inline' https://fonts.googleapis.com/ https://cdn.jsdelivr.net/ 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.nilda.com.mx 1
script-src 'unsafe-inline' https://abdm.gov.in http://localhost:3000 https://sandbox.abdm.gov.in/ https://sandbox.abdm.gov.in/api/sandbox/v1/dashboard https://connect.facebook.net/en_US/sdk.js http://www.youtube.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ 1
default-src 'self' https://*.abtasty.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://app-lon10.marketo.com https://www.comeet.com https://*.cookiefirst.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com *.abtasty.com *.gstatic.com *.googleapis.com *.typeform.com https://inject.js https://*.google.com *.googletagmanager.com; font-src 'self' https://*.hotjar.com https://*.hotjar.io blob: data: *.abtasty.com *.gstatic.com *.googleapis.com https://acsbapp.com; img-src 'self' data: https://www.datocms-assets.com https://*.cookiefirst.com https://www.facebook.com https://www.linkedin.com https://linkedin.com https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com https://*.hotjar.com https://*.hotjar.io https://widget.freshworks.com https://healthyio.freshdesk.com https://*.google-analytics.com https://*.googletagmanager.com https://*.outbrain.com *.pusher.com *.freshworksapi.com blob: *.abtasty.com *.amazonaws.com https://*.adnxs.com https://*.ml-attr.com https://*.ml-api.io https://*.acsbapp.com https://*.gstatic.com https://*.vimeocdn.com https://*.visualwebsiteoptimizer.com; media-src 'self' data: https://www.datocms-assets.com https://stream.mux.com; frame-src 'self' https://player.vimeo.com https://app-lon10.marketo.com https://www.comeet.com https://www.comeet.co https://www.facebook.com https://*.hotjar.com https://*.hotjar.io https://*.google.com https://*.typeform.com *.abtasty.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://acsbapp.com/apps/app/dist/js/ https://*.cookiefirst.com https://cdn.segment.com https://*.segment.io https://connect.facebook.net https://player.vimeo.com https://*.vimeo.com https://vimeo.com https://app-lon10.marketo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.hotjar.com https://*.hotjar.io https://*.outbrain.com https://*.marketo.net *.typeform.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com https://*.google.com https://*.gstatic.com https://www.comeet.com https://www.comeet.co https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://platform.linkedin.com https://snap.licdn.com blob: *.abtasty.com *.googleapis.com https://acsbapp.com https://*.ip2c.net https://*.zoominfo.com https://*.visualwebsiteoptimizer.com; frame-ancestors 'self' https://www.kidney.org; connect-src 'self' https://acsbapp.com/apps/app/dist/js/ https://*.cookiefirst.com https://*.vercel.app https://graphql-listen.datocms.com https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.googletagmanager.com https://widget.freshworks.com *.pusher.com *.freshworksapi.com https://healthyio.freshdesk.com https://436-TYX-483.mktorest.com https://*.mktoresp.com https://*.linkedin.oribi.io https://*.mktoutil.com https://vimeo.com https://*.acsbapp.com https://*.sentry.io https://*.ip2c.net https://pages.healthy.io https://*.zoominfo.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self'; media-src 'none'; frame-src 'none'; font-src 'self'; connect-src 'self' https://api.amplitude.com https://eth-ropsten.alchemyapi.io https://eth-rinkeby.alchemyapi.io https://eth-mainnet.alchemyapi.io https://api.thegraph.com wss://bridge.walletconnect.org wss://fei.bridge.walletconnect.org https://assets.fei.money; frame-ancestors 'none' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagmanager.google.com connect.facebook.net platform.twitter.com  *.facebook.com www.google-analytics.com *.st-hatena.com *.instagram.com *.cloudflare.com *.youtube.com *.googleapis.com *.mieru-ca.com loka-cdn.akamaized.net *.lokaplatform.com *.ampproject.org *.trendemon.com blob: 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.netvixx.cam:9080 www.netvixx.cam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.netvixx.cam wss://www.netvixx.cam *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715652705 1
default-src 'self' *.hrider.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ads-twitter.com *.twitter.com *.facebook.com *.techsmith.com *.windows.net *.stripe.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.google.com *.gstatic.com *.googleadservices.com *.linkedin.com *.doubleclick.net *.calendly.com *.cookiehub.eu *.cookiehub.com cookiehub.net https://cookiehub.net/c2/526d259b.js https://accounts.google.com/gsi/client https://cdn.jsdelivr.net/npm/@popperjs/core@2.9.1/dist/umd/popper.min.js snap.licdn.com *.tawk.to *.sharethis.com *.twitter.com *.twimg.com https://cdn.jsdelivr.net/emojione/; img-src * data:; frame-src 'self' *.twitter.com *.google.com *.sharethis.com *.consensu.org *.youtube.com *.spotify.com *.stripe.com *.calendly.com https://calendly.com https://accounts.google.com/gsi/ *.techsmith.com *.ivoox.com *.linkedin.com *.facebook.com *.whatsapp.com https://va.tawk.to *.hrider.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://accounts.google.com/gsi/style *.calendly.com *.fontawesome.com *.googleapis.com cdnjs.cloudflare.com *.tawk.to *.twitter.com *.twimg.com *.windows.net *.cookiehub.eu *.cookiehub.com https://cookiehub.net/ *.linkedin.com *.facebook.com *.whatsapp.com https://cdn.jsdelivr.net/emojione/; font-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.tawk.to https://static-v.tawk.to; connect-src 'self' *.google-analytics.com *.google.com *.googlesyndication.com *.bing.com *.facebook.com https://accounts.google.com/gsi/ https://*.tawk.to wss://*.tawk.to *.g.doubleclick.net *.sharethis.com *.linkedin.com *.whatsapp.com *.cookiehub.net; 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' locate.pricespider.com api.tiles.mapbox.com pghub.io *.pricespider.com cdn.pricespider.com wtbevents.pricespider.com cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com *.bazaarvoice.com cdn.pricespider.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.bazaarvoice.com *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.pricespider.com cdn.pricespider.com wwwassets.pricespider.com embeddedcloud.pricespider.com i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' www.youtube.com feed.pghub.io *.adsrvr.org *.bazaarvoice.com *.doubleclick.net pandg.tapad.com *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com ; manifest-src * ; 1
base-uri 'self'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
upgrade-insecure-requests;default-src https://ticker.co.uk https://*.ticker.co.uk; script-src https://ticker.co.uk https://*.ticker.co.uk https://cdnjs.cloudflare.com https://polyfill.io https://js.stripe.com https://maps.googleapis.com https://www.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://www.google.com https://*.intercom.io https://js.intercomcdn.com https://api.feefo.com https://register.feefo.com https://widget.trustpilot.com https://chronicle.comparethemarket.com 'sha256-1BgCGzlNUPPuNJgdNrBUfDwBKkzJ3tp9vg/GrMmEdNQ='; style-src https://ticker.co.uk https://*.ticker.co.uk https://cdnjs.cloudflare.com https://fonts.googleapis.com https://tagmanager.google.com 'unsafe-inline'; media-src https://ticker.co.uk https://*.ticker.co.uk https://player.vimeo.com https://*.vimeocdn.com https://*.akamaized.net https://js.intercomcdn.com https://video.vzaar.com https://view.vzaar.com; img-src https://ticker.co.uk https://*.ticker.co.uk https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://*.googletagmanager.com https://*.gstatic.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://gifs.intercomcdn.com https://uploads.intercomusercontent.com https://follow.confused.com https://api.feefo.com https://www.feefo.com https://view.vzaar.com https://resources.vzaar.com data:; font-src https://ticker.co.uk https://*.ticker.co.uk https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com data:; form-action https://ticker.co.uk https://*.ticker.co.uk https://intercom.help; frame-src https://ticker.co.uk https://*.ticker.co.uk https://js.stripe.com https://hooks.stripe.com https://*.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.net https://widget.trustpilot.com https://anchor.fm; connect-src https://ticker.co.uk https://*.ticker.co.uk https://sentry.io https://api.stripe.com https://maps.googleapis.com https://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com wss://*.intercom.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://api.feefo.com; child-src https://ticker.co.uk https://*.ticker.co.uk https://*.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com https://player.vimeo.com https://www.youtube.com https://fast.wistia.net; worker-src https://ticker.co.uk https://*.ticker.co.uk https://*.intercom.io https://intercom-sheets.com https://www.intercom-reporting.com; report-uri https://ticker.report-uri.com/r/d/csp/enforce; 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' *.fastcdn.co *.instapage.com *.instapagemetrics.com cdnjs.cloudflare.com *.6sense.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://optimize.google.com *.clarity.ms *.oribi.io *.marketo.com *.statcounter.com code.jquery.com cdn.amcharts.com player.vimeo.com www.google-analytics.com googleads.g.doubleclick.net snap.licdn.com j.6sc.co trk.techtarget.com *.secureprivacy.ai app.secureprivacy.ai a.omappapi.com cdn.jsdelivr.net www.googletagmanager.com match.prod.bidr.io *.google.com *.hotjar.com *.hotjar.io *.marketo.net *.linkedin.com *.googleapis.com d26x5ounzdjojj.cloudfront.net *.3pillarglobal.com p.adsymptotic.com secure.gravatar.com com-thebigwillow-prod1.collector.snplow.net secure.adnxs.com c.6sc.co *.googleadservices.com; connect-src 'self' *.fastcdn.co *.instapage.com *.instapagemetrics.com *.6sense.com *.ads.linkedin.com *.statcounter.com *.clarity.ms *.techtarget.com *.oribi.io *.google.com *.marketo.com *.6sc.co maps.googleapis.com secure.adnxs.com com-thebigwillow-prod1.collector.snplow.net secure.adnxs.com *.googleadservices.com yoast.com *.hotjar.com *.g.doubleclick.net *.mktoresp.com *.secureprivacy.ai api-prod.secureprivacy.ai *.google-analytics.com googleads.g.doubleclick.net soundcloud.com ws:; font-src 'self' https://fonts.gstatic.com fonts.googleapis.com fonts.gstatic.com data:; img-src 'self' *.fastcdn.co *.instapage.com *.6sense.com *.instapagemetrics.com https://www.google.ro https://www.google-analytics.com https://www.googletagmanager.com blob: *.clarity.ms *.oribi.io https://optimize.google.com c.statcounter.com s.w.org code.jquery.com maps.gstatic.com cdn.amcharts.com *.secureprivacy.ai app.secureprivacy.ai *.google.co.in *.google.com cdn.jsdelivr.net *.3pillarglobal.com b.6sc.co *.linkedin.com soundcloud.com apt.techtarget.com *.google-analytics.com secure.gravatar.com p.adsymptotic.com data:; style-src 'unsafe-inline' http: https:; frame-src 'self' *.apple.com *.soundcloud.com *.clarity.ms *.oribi.io td.doubleclick.net https://optimize.google.com www.youtube.com www.slideshare.net vars.hotjar.com *.hotjar.io *.g.doubleclick.net *.3pillarglobal.com player.vimeo.com *.6sense.com *.libsyn.com *.secureprivacy.ai; object-src 'none'; base-uri 'self'; frame-ancestors 'self' 3pillarglobal.showpad.com 3pillarglobal.showpad.biz; 1
frame-ancestors 'self'; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' bosys.eu *.bosys.eu *.touristikerfotos.net touristikerfotos.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'self' https://*.gab.com https://*.openplatform.us; font-src 'self' https://tooter.in; img-src 'self' https: data: blob: https://tooter.in; style-src 'self' 'unsafe-inline' https://tooter.in; media-src 'self' https: data: https://tooter.in; frame-src 'self' https:; manifest-src 'self' https://tooter.in; connect-src 'self' blob: https://tooter.in wss://tooter.in https://*.gab.com https://api.tenor.com; script-src 'self' https://tooter.in https://*.gab.com 1
img-src * data: https:; 1
frame-ancestors 'self'; default-src * data: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://94f62820d7c43df17e384a74a389587c.report-uri.com/r/t/csp/enforce 1
font-src fonts.gstatic.com *.gstatic.com cdn.jsdelivr.net *.sensefuel.live *.clarity.ms *.cookiebot.com *.facebook.com *.facebook.net https://static.payzen.eu/static/ *.fontawesome.com https://cdnjs.cloudflare.com 'self' data: data: 'self' 'unsafe-inline'; form-action https://www.baby-lux.com/ https://www.babylux.be/fr/ https://www.babylux.nl/ https://www.babylux.be/nl/ pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com secure.payzen.eu https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src https://www.baby-lux.com/ https://www.babylux.be/fr/ https://www.babylux.nl/ https://www.babylux.be/nl/ bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ widget.trustpilot.com maps.google.com *.clarity.ms *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com *.doubleclick.net *.sendcloud.sc *.jsdelivr.net https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ js.mollie.com www.google.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.doubleclick.net *.lorempixel.com *.google.com *.google.be *.gstatic.com *.googleapis.com *.babylux.nl *.babylux.be *.baby-lux.com *.clarity.ms *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.cookiebot.com *.pinterest.com *.amazonaws.com https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ https://www.mollie.com 'self' data: ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.jsdelivr.net *.sensefuel.live *.cloudflare.com *.g.doubleclick.net *.googletagmanager.com *.newrelic.com *.nr-data.net widget.trustpilot.com *.googleapis.com *.tpc.googlesyndication.com *.clarity.ms *.google-analytics.com *.googleadservices.com *.google.com *.facebook.com *.facebook.net *.cookiebot.com *.pinimg.com *.sendcloud.sc *.jsdelivr.net https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.avada.io js.mollie.com https://cdnjs.cloudflare.com www.gstatic.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src cdn.jsdelivr.net fonts.googleapis.com *.sensefuel.live *.clarity.ms *.cookiebot.com *.googletagmanager.com *.facebook.com *.facebook.net *.sendcloud.sc *.jsdelivr.net https://static.payzen.eu/static/ *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.getalma.eu *.google-analytics.com *.analytics.google.com *.doubleclick.net *.nr-data.net *.sensefuel.live *.googleapis.com *.clarity.ms *.googletagmanager.com *.cookiebot.com *.google.com *.pinterest.com *.sendcloud.sc *.cdn.jsdelivr.net *.mapbox.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://get.geojs.io *.avada.io t.elasticsuite.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; connect-src 'self' office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com *.bitrix24.ua *.bitrix24.com *.bitrix24.com ws: wss *.ittour.com.ua *.tripadvisor.com *.hotellook.com *.travelpayouts.com api.tourspo.com tickets.kiyavia.com *.google.com *.google.com.ua *.google.ua *.gstatic.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.facebook.com *.doubleclick.net *.plerdy.com; script-src 'self' office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.ua bo.rezonuniversal.com aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com *.bitrix24.ua openlayers.org *.tripadvisor.com *.ittour.com.ua api.tourspo.com *.plerdy.com www.google.com tickets.kiyavia.com cdn.nemo.travel code.jquery.com *.googletagmanager.com *.google.com *.google.com.ua *.google.ua *.gstatic.com *.googleapis.com *.google-analytics.com *.googleadservices.com connect.facebook.net *.facebook.com *.doubleclick.net stats.g.doubleclick.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: cdnjs.cloudflare.com office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com *.bitrix24.ua openlayers.org unpkg.com *.tripadvisor.com *.ittour.com.ua api.tourspo.com cdn.jsdelivr.net cdn.nemo.travel fonts.googleapis.com 'unsafe-inline'; font-src 'self' data: cdnjs.cloudflare.com office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.uaaviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.tripadvisor.com *.ittour.com.ua fonts.googleapis.com fonts.gstatic.com; img-src 'self' data: * office.iterios.com www.portmone.com.ua agent.kiyavia.com kiyavia.ua *.liqpay.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com *.bitrix24.ua *.ittour.com.ua *.openstreetmap.org openlayers.org *.tile.openstreetmap.org www.googletagmanager.com *.itour.com.ua cdn.tourismcloudservice.com i.travelapi.com *.tripadvisor.com *.goglobal.travel *.contentinn.com *.plerdy.com img.tourspo.com *.google.com *.google.com.ua *.google.ua *.gstatic.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.facebook.com *.doubleclick.net; media-src 'self' office.iterios.com www.portmone.com.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net *.jivosite.com ; base-uri 'self'; form-action 'self' office.iterios.com www.portmone.com.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com *.tripadvisor.com *.hotellook.com *.facebook.com tickets.kiyavia.com secure.wayforpay.com kiyavia.ua *.liqpay.ua; frame-ancestors 'self'; frame-src 'self' office.iterios.com www.portmone.com.ua kiyavia.ua *.liqpay.ua aviatickets.kiyavia.com test.rezonuniversal.com kiyavia.rezonuniversal.com cdn.jsdelivr.net www.youtube.com youtu.be ad.adriver.ru *.tripadvisor.com *.plerdy.com airadvisor.com b2c.amadeusinsurance.com www.portmone.com.ua www.google.com *.facebook.com; manifest-src 'self'; object-src 'self'; 1
default-src 'self' https://www.mgweb.co.il; frame-ancestors 'self'; connect-src https:; frame-src https:; font-src https: 'unsafe-inline'; img-src https: 'unsafe-inline'; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
frame-ancestors 'self' mwae.brandenburg.de www.kreatives-brandenburg.de; 1
default-src 'none'; object-src 'none'; child-src 'self'; upgrade-insecure-requests; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pt https://maps.googleapis.com https://cdn.cookielaw.org https://*.onetrust.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://*.google.com; img-src 'self' data: https://img.youtube.com https://i.ytimg.com https://*.googleapis.com https://*.ggpht.com https://maps.gstatic.com https://fonts.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.pt https://*.ascendi.pt; script-src 'self' 'unsafe-inline' https://www.googleadservices.com https://www.gstatic.com https://maps.googleapis.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://cdn.cookielaw.org https://privacyportalde-cdn.onetrust.com; style-src 'self' 'unsafe-inline' https://*.googletagmanager.com https://fonts.googleapis.com; frame-ancestors https://*.ascendi.pt;form-action 'self'; base-uri 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *; frame-ancestors 'self' https://secure.petafrance.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; manifest-src 'self'; object-src 'none'; 1
default-src 'none'; connect-src 'self' *.googleapis.com *.cloudfunctions.net *.costcopharmacy.ca *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cookielaw.org *.onetrust.com https://cloudflareinsights.com/cdn-cgi/rum; font-src https://fonts.gstatic.com; frame-src 'self' mailto: *.google.com *.firebaseapp.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com https://player.vimeo.com/; img-src 'self' data: *.googleapis.com https://i.vimeocdn.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.cookielaw.org; script-src 'self' *.google.com *.gstatic.com https://www.chasepaymentechhostedpay-var.com https://www.chasepaymentechhostedpay.com *.googletagmanager.com https://ajax.cloudflare.com https://static.cloudflareinsights.com https://apis.google.com *.cookielaw.org *.onetrust.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' *.googleapis.com 1
default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src https://subscriptions.heylogin.com; font-src 'self' data:; img-src 'self' data:; connect-src 'self' https://*.heylogin.app https://stackreports.heylogin.app; report-uri https://heyloginapp.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://*.toyota.bg https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: wss: 1
frame-ancestors 'self' https://*.graceframe.com 1
base-uri 'self' https://*.mailstrom.co; block-all-mixed-content; report-uri /api/csp_reports; default-src 'self' https:; object-src 'none'; child-src 'self' https://*.mailstrom.co https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https://*.mailstrom.co https://www.facebook.com https://bid.g.doubleclick.net https://js.stripe.com https://hooks.stripe.com https://checkout.stripe.com https://platform.twitter.com; frame-ancestors 'self'; img-src 'self' https: data: blob: https://*.stripe.com; connect-src 'self' https: https://www.google-analytics.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://bam.nr-data.net https://api.stripe.com https://checkout.stripe.com https://syndication.twitter.com; style-src 'self' https://fonts.googleapis.com 'report-sample' https: 'unsafe-inline'; script-src 'report-sample' 'strict-dynamic' 'nonce-A9CPcYiktPNczEkhrBCLZg==' 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-fyD5yjJapgqpO63dmngVkQ=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
frame-ancestors 'self' *.thethirdwave.co ajax.cloudflare.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' cdn.polyfill.io static.ads-twitter.com www.gstatic.com mailingflow.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.com.ua s3.eu-central-1.amazonaws.com  www.google.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com *.hotjar.com *.hotjar.io www.googleadservices.com trackdateflow.com https://tagmanager.google.com blob:; img-src * https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com  data: * blob: https://amourlee.com ; style-src 'self' 'unsafe-inline' https://imgsourcechain.com  maxcdn.bootstrapcdn.com unpkg.com https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; font-src 'self' https://imgsourcechain.com  https://script.hotjar.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data:;connect-src * blob:;media-src * blob: data:;script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/index.min.js https://dev.visualwebsiteoptimizer.com https://imgsourcechain.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://a.mgid.com https://tr.snapchat.com https://pay.google.com https://cdn.seondf.com https://accounts.google.com https://*.clarity.ms https://analytics.tiktok.com https://sc-static.net cdn.polyfill.io static.ads-twitter.com www.gstatic.com mailingflow.com www.googletagmanager.com https://www.google-analytics.com stats.g.doubleclick.net www.google.com.ua s3.eu-central-1.amazonaws.com  www.google.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com *.hotjar.com *.hotjar.io www.googleadservices.com trackdateflow.com https://tagmanager.google.com https://optimize.google.com 'unsafe-inline' https://www.googletagmanager.com https://bat.bing.com https://www.googleoptimize.com https://s.yimg.com;frame-src https://pay.google.com https://content-people.googleapis.com https://content.googleapis.com https://accounts.google.com https://tr.snapchat.com https://www.google.com/ https://optimize.google.com https://vars.hotjar.com; 1
default-src 'self' criticalsoftware.com; script-src-elem 'self' 'nonce-gtm-20240117-1255' 'nonce-gtm-20240409' 'nonce-csw-20240409' https://www.googletagmanager.com https://js.hsforms.net; script-src 'self' 'nonce-gtm-20240117-1255' 'nonce-gtm-20240409' 'nonce-csw-20240409' https://*.googletagmanager.com script.crazyegg.com snap.licdn.com js.hs-scripts.com forms.hsforms.com google-analytics.com js.hsforms.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com; img-src 'self' data: criticalsoftware.com www.criticalsoftware.com https://*.google-analytics.com https://*.googletagmanager.com forms-na1.hsforms.com forms.hsforms.com; connect-src 'self' backend.criticalsoftware.com forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src 'self' data: criticalsoftware.com; font-src 'self'; object-src 'none'; form-action 'self' forms.hsforms.com; frame-ancestors 'self'; frame-src 'self' forms.hsforms.com; upgrade-insecure-requests; 1
form-action 'self'; img-src https://* data: 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net *.clerk.accounts.dev *.vercel.live *.paypal.com *.paypalobjects.com *.tiny.cloud *.theninja-rpg.com *.opendns.com *.highlight.io *.cookiebot.com *.termly.io connect.facebook.net;  child-src 'self' *.doubleclick.net *.paypal.com ghbtns.com *.youtube.com *.widgetbot.io *.cookiebot.com *.termly.io https://fastsvr.com;  style-src 'self' 'unsafe-inline' *.googleapis.com *.tiny.cloud;  img-src * blob: data:;  media-src 'none';  connect-src *;  font-src 'self';  worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com; frame-src *; img-src *  blob: data:; font-src 'self' https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://cdnjs.cloudflare.com data:; media-src * blob:; worker-src blob:; connect-src * 1
default-src 'self'; connect-src 'self'; script-src 'self' ; style-src * 'self' 'unsafe-inline'; img-src * 'self' data:; font-src * 'self'; frame-src 'self'; form-action 'self'; worker-src 'self'; object-src 'none'; child-src 'none'; frame-ancestors 'none'; 1
default-src 'self' data: script-src: 'unsafe-inline' *.servicemycar.com servicemycar.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com code.jquery.com googletagmanager.com fonts.googleapis.com analytics.tiktok.com fonts.gstatic.com kit.fontawesome.com *.google.com *.googletagmanager.com diffuser-cdn.app-us1.com *.gstatic.com www.google-analytics.com *.googleadservices.com prism.app-us1.com googleads.g.doubleclick.net *.google.ae stats.g.doubleclick.net servicemycar.com *.freshchat.com ka-p.fontawesome.com maps.googleapis.com maps.gstatic.com *.ideal-postcodes.co.uk *.firebaseio.com *.youtube.com *.facebook.net *.facebook.com secure.telr.com *.stripe.com polyfill.io api.ipbase.com; 1
default-src 'self';img-src 'self' data: https://*.dxdelivery.com https://www.google-analytics.com https://i.ytimg.com https://*.livechatinc.com https://*.livechat-files.com/;media-src 'self' https://*.dxdelivery.com;script-src 'self' 'unsafe-inline' https://*.dxdelivery.com https://*.trustpilot.com http://charts3.equitystory.com/ https://*.equitystory.com  https://www.googletagmanager.com https://www.google-analytics.com https://cgtforms.com https://*.livechatinc.com;style-src 'self' 'unsafe-inline' https://*.typekit.net;font-src 'self' data: https://*.typekit.net;connect-src 'self' https://*.dxdelivery.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cgml2.com https://*.analytics.google.com;frame-src https://*.trustpilot.com https://www.youtube.com https://*.livechatinc.com http://*.equitystory.com/ https://charts3.equitystory.com/widget/loader.js;object-src 'none';worker-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://google.com/cse/static/ http://www.google.com/recaptcha/api.js https://www.gstatic.com/ http://image.providesupport.com https://www.google.com/cse/static/element/ http://cse.google.com/adsense/search/async-ads.js https://cse.google.com/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/gtm/ https://connect.facebook.net/en_US/fbds.js http://clients1.google.com/ https://sealserver.trustwave.com/seal.js *.resellerspanel.com https://secure.resellerspanel.com; frame-ancestors 'self'; 1
frame-ancestors 'self' http://localhost:3333 https://smart-builder.sanity.studio 1
default-src 'self' *.athletereg.com; upgrade-insecure-requests; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.addthisedge.com *.googletagservices.com js-agent.newrelic.com service.force.com *.addthis.com *.braintreegateway.com *.fontawesome.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.google.com *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hubspot.com *.jquery.com *.moatads.com *.nr-data.net *.salesforceliveagent.com *.twitter.com cdn.amplitude.com cdn.metarouter.io connect.facebook.net googleads.g.doubleclick.net js-na1.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsforms.net js.hsleadflows.net outside-header.vercel.app s3.amazonaws.com *.scorecardresearch.com unpkg.com ajax.googleapis.com *.protecht-sandbox.io *.protecht.io cdnjs.cloudflare.com sealserver.trustkeeper.net *.cloudfront.net ajax.aspnetcdn.com cdn.speedcurve.com *.stripe.com *.salesforce.com connect.facebook.com salesforceliveagent.com *.googleadservices.com www.google-analytics.com athletereg.us12.list-manage.com cdn.jsdelivr.net *.addthis.com js.hscollectedforms.net adservice.google.com metarouter-ajs-next-destinations-stage.s3.amazonaws.com es.pinkbike.org *.vercel.com cdn-prod.securiti.ai *.datadoghq-browser-agent.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.typekit.net *.googleapis.com service.force.com *.gstatic.com *.cloudfront.net athletereg.my.salesforce.com cdn.jsdelivr.net *.fontawesome.com *.braintreegateway.com *.vercel.com cdn-prod.securiti.ai *.bikereg.com; img-src 'self' data: https: http://www.millenniumrunning.com; connect-src 'self' *.athletereg.com *.hubspot.com *.addthis.com *.braintree-api.com *.facebook.com *.g.doubleclick.net *.analytics.google.com *.google-analytics.com *.googleanalytics.com *.trailforks.com *.googlesyndication.com *.hubapi.com *.outsideapi.com outsideapi.com *.rivt.com api.amplitude.com *.googleapis.com *.cloudfront.net	*.nr-data.net *.braintreegateway.com *.gstatic.com *.hsforms.com *.googletagmanager.com use.fontawesome.com js.hs-banner.com *.google.com forms.hscollectedforms.net app.securiti.ai cdn-prod.securiti.ai *.datadoghq-browser-agent.com https://browser-intake-datadoghq.com *.bikereg.com *.browser-intake-datadoghq.com *.RunReg.com; font-src 'self' data: fonts.gstatic.com *.typekit.net *.sfdcstatic.com use.fontawesome.com static2.sharepointonline.com rwgps-embeds.com *.millenniumrunning.com netdna.bootstrapcdn.com *.braintreegateway.com app.securiti.ai cdn-prod.securiti.ai; frame-ancestors 'self' *.athletereg.com *.bikereg.com *.runreg.com *.trireg.com *.skireg.com *.plegereg.com *.trailforks.com; frame-src 'self' *.doubleclick.net *.facebook.com *.google.com *.outsideonline.com outsideonline.com service.force.com platform.twitter.com *.addthis.com *.salesforce.com *.braintreegateway.com *.trailforks.com/; form-action 'self' *.paypal.com *.pledgereg.com *.facebook.com *.strava.com *.salesforce.com *.outsideonline.com; base-uri 'self'; object-src 'self'; report-uri https://api.athletereg.com/ErrorReport/cspViolation; 1
frame-ancestors 'self' legal-support.ru legal-support.test partners.legal-support.ru legal-support-dev.9958258.ru rg.ru; 1
default-src 'self' *.hsforms.com inform.dataloft.co.uk *.vimeo.com youtu.be *.clarity.ms *.hsforms.net *.hs-scripts.com *.hs-banner.com *.hs-analytics.net *.hsadspixel.net *.hubapi.com *.googleapis.com *.google.com *.onetrust.com *.google-analytics.com *.googletagmanager.com *.amazonaws.com api.mapbox.com *.jsdelivr.net *.gstatic.com *.gravatar.com *.postcodeanywhere.co.uk *.cloudflare.com *.youtube.com unpkg.com moneypennychat.appspot.com connect.facebook.net 'unsafe-eval' 'unsafe-inline'; img-src 'self' * data: 'unsafe-inline'; font-src 'self' data: *.gstatic.com; frame-ancestors 'self' 1
default-src 'self' https://*; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data: https://*; worker-src 'self' blob:; 1
default-src blob: https: wss: data: 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes'; img-src https: data:; worker-src blob: data:; 1
default-src 'self'; 
		    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.anacom-consumidor.pt www.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com f1.eu.readspeaker.com *.readspeaker.com *.doubleclick.net;
		    img-src  'self' 'unsafe-inline' *.anacom-consumidor.pt lh3.googleusercontent.com *.googletagmanager.com *.google.pt *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.readspeaker.com *.doubleclick.net i.ytimg.com;
		    style-src 	'self' 'unsafe-inline' *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.readspeaker.com;
		    font-src 	'self' 'unsafe-inline' data: *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.readspeaker.com;
		    connect-src 'self' *.anacom-consumidor.pt *.google-analytics.com stats.g.doubleclick.net *.analytics.google.com; 
		    frame-src 	'self' *.inbenta.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.readspeaker.com goo.gl *.youtube.com app.powerbi.com *.spotify.com *.twitter.com; 
		    media-src 	'self' http://* https://* i.ytimg.com *.youtube.com *.twitter.com; 
		    object-src 	'self' *.anacom-consumidor.pt;
		    frame-ancestors 'self' *.inbenta.com; 1
frame-ancestors 'self' https://web.dbuniversity.ac.in https://cdn.jsdelivr.net http://web.dbuniversity.ac.in; 1
default-src 'self'; connect-src 'self' https://client.crisp.chat wss://client.relay.crisp.chat https://analytics.google.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://client.crisp.chat https://www.googletagmanager.com/ https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://client.crisp.chat; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://client.crisp.chat data:; img-src 'self' data: https://cdn.contentful.com https://images.ctfassets.net https://image.crisp.chat https://client.crisp.chat; frame-src 'self' https://bcgroup.bamboohr.com/ https://boards.eu.greenhouse.io/ https://www.youtube.com/ https://game.crisp.chat/ https://help.osl.com/; 1
default-src 'self'; font-src 'self' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; img-src 'self' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; connect-src 'self' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; frame-src 'self' *.googletagmanager.com *.youtube.com *.googleapis.com *.cookiebot.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.google.com *.ytimg.com *.ggpht.com; 1
frame-ancestors 'self' https://adm.prologapp.com/ 1
Deny 1
base-uri 'self'  ; object-src 'none'; script-src https: 'nonce-3e6f2d67aa' 'nonce-87ff56f3a7' 'nonce-c7938fbb41' 'nonce-c41dc9e0ff' 'nonce-933f80a91d' 'nonce-1907396acb' 'nonce-945b6f2087' 'nonce-16eaaac92b' 'nonce-9cfa2d4a89' 'nonce-c41dc9e0ff' 'nonce-f1f490ca80' 'nonce-c7938fbb41' 'nonce-deb868c2de' 'nonce-b1a8fc57df' 'nonce-c53c783420' 'nonce-f8a0a49b49' 'nonce-c9c0f27979' 'nonce-dc84485b37' 'nonce-72b705b97e' 'nonce-9c8cfa84cb' 'nonce-deb868c2de' 'nonce-6cda241d07' 'nonce-deb868c2de' 'nonce-ad8a288bf9' 'nonce-f1e8b064dc' 'nonce-c7938fbb41' 'nonce-a12abe81fd' 'nonce-c799840f21' 'nonce-85db0ee928' 'nonce-f8af31c3dd' 'nonce-268e9c393d' 'nonce-7511562faa' 'nonce-df36d225b9' 'nonce-96545deb65' 'nonce-409142760f' 'nonce-d6a86d841b' 'nonce-d3fc85b311' 'nonce-81740e32b1' 'nonce-3a2e98d072' 'nonce-2ba4b26187' 'nonce-139f21ec50' 'nonce-73b5c81818' 'nonce-54e4c0f90a' 'unsafe-hashes' 'sha256-+2urewn7o9hJc1BaeW63fF5+WLOFFHoRp3l7hAP4ojg=' 'sha256-+2urewn7o9hJc1BaeW63fF5+WLOFFHoRp3l7hAP4ojg=' 'strict-dynamic' 'unsafe-inline' 1
default-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src https: blob:; connect-src https: wss://websocket-visitors.smartsupp.com 1
default-src 'self' https: data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https: ;style-src 'self' 'unsafe-inline'; 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://chat.kindlycdn.com 'self' wss://sage.kindly.ai wss://ws-eu.pusher.com wss://streaming.mypurecloud.ie 1
default-src 'self' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' locate.pricespider.com api.tiles.mapbox.com pghub.io *.pricespider.com cdn.pricespider.com wtbevents.pricespider.com cdn.cookielaw.org *.iesnare.com connect.facebook.net *.crazyegg.com *.adsrvr.org *.bazaarvoice.com *.google-analytics.com *.googletagmanager.com blob: feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com cdn.pricespider.com api.tiles.mapbox.com fonts.googleapis.com feed.pghub.io pandg.tapad.com ; media-src 'self' videos.ctfassets.net *.iesnare.com data: feed.pghub.io pandg.tapad.com ; img-src 'self' *.pricespider.com cdn.pricespider.com wwwassets.pricespider.com embeddedcloud.pricespider.com i.ytimg.com images.ctfassets.net pixel.tapad.com *.bazaarvoice.com *.google-analytics.com www.facebook.com *.googletagmanager.com data: feed.pghub.io pandg.tapad.com ; font-src 'self' fonts.gstatic.com feed.pghub.io pandg.tapad.com ; connect-src * ; frame-src 'self' www.youtube.com feed.pghub.io *.adsrvr.org *.doubleclick.net pandg.tapad.com *.jebbit.com consumersupport.pg.com pg-lex.my.salesforce-sites.com ct.pinterest.com www.facebook.com ; manifest-src * ; 1
default-src 'self' gap: 'unsafe-inline';     script-src 'self'         data: https://cdn.amcharts.com         data: https://c.mql5.com/         data: https://cdn.ampproject.org/         data: https://content.mql5.com/         data: https://connect.facebook.net/         data: https://ifccd.net         data: *.ifcmiran.asia         data: *.tradeifcm.asia         data: https://apis.google.com         data: www.google-analytics.com         data: www.googleadservices.com         data: www.googletagmanager.com         data: https://www.google.com/         data: www.googleapis.com/         data: cse.google.com/         data: clients1.google.com/         data: https://www.gstatic.com/         data: https://www.googleadservices.com        data: trade.mql5.com         data: https://ipinfo.io         data: https://ajax.cloudflare.com         data: https://yastatic.net/share2/share.js         data: https://mc.yandex.ru/metrika/tag.js         data: https://dsp-media.eskimi.com         data: wcs.naver.net/wcslog.js         data: *.bing.com         data: *.twitter.com         data: *.adroll.com         data: widget.trustpilot.com         data: connect.facebook.net         data: https://www.aparat.com         'unsafe-eval' 'unsafe-inline';     frame-src 'self'         data: https://www.google.com/         data: https://component.autochartist.com         data: *.ifcm-invest.com         data: https://www.tradays.com         data: https://www.mql5.com         data: https://www.facebook.com         data: https://www.youtube.com         data: https://chat.ifctr.asia         data: https://chat.ifcmarkets.com         data: https://chat.ifcmfx.com         data: https://chat.ifcmfx.cn         data: https://chat.ifcm.co.uk         data: https://chat.ifcmarkets.tw         data: https://chat.ifcmarkets.my         data: https://chat.ifcmarkets.net         data: https://chat.ifcmarkets.hk         data: https://chat.ifcmarkets.mx         data: https://chat.ifcmarkets.com.br         data: https://chat.ifcmarkets.co.id         data: https://chat.ifcmarkets.co.in         data: https://chat.ifcmarkets.co         data: https://chat.ifcmarkets.ae         data: https://trade.mql5.com         data: https://td.doubleclick.net         data: *.googletagmanager.com         data: *.ifcmarkets.com         data: *.ifcmiran.asia         data: *.tradeifcm.asia         data: https://www.facebook.com         data: https://docs.google.com         data: widget.trustpilot.com         data: https://www.aparat.com         data: https://web.facebook.com;     media-src *         data: https://www.ifcmarkets.com/downloads/video/;    object-src *;     style-src 'self'         data: *.ifcmiran.asia         data: https://ifccd.net         data: https://pr.ifccd.net         data: https://www.google.com         data: https://fonts.googleapis.com         'unsafe-inline';     img-src *         data: http://www.w3.org/;     font-src 'self'         data: *.ifcmiran.asia         data: https://ifccd.net         data: https://fonts.gstatic.com         data: https://fonts.googleapis.com         data: https://pr.ifccd.net;     connect-src *;     manifest-src 'self'         data: https://ifccd.net         data: https://be1.ifcmfar.com         data: *.ifcmiran.asia 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at www.pflegeinfo-ooe.at *.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at *.pflegeinfo-ooe.at; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' blob: *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at *.pflegeinfo-ooe.at *.jquery.com; style-src 'self' 'unsafe-inline' blob: *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at *.pflegeinfo-ooe.at *.cloudflare.com; frame-ancestors *.doris.at *.doris.eu *.gv.at *.arcgis.com *.landesarchiv-ooe.at *.ooemuseen.at *.pflegeinfo-ooe.at 1
frame-ancestors http://*.kitzski.at https://customer-kitzbuehel.loop21.net https://bbkitzbuehl.traumgutscheine.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://connect.facebook.net https://platform.twitter.com https://player.vimeo.com/api/player.js https://*.google.com https://*.googletagmanager.com https://*.hotjar.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com; img-src 'self' data: https://i0.wp.com https://blog.recipero.com https://d2pr8nqihcsukr.cloudfront.net https://i.vimeocdn.com https://syndication.twitter.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk; font-src 'self' https://cdnjs.cloudflare.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk; media-src 'self'; object-src 'none'; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://syndication.twitter.com https://www.facebook.com https://web.facebook.com https://www.google.com; worker-src 'none'; base-uri 'self'; manifest-src 'self' 1
font-src *.googleapis.com *.gstatic.com fonts.gstatic.com *.klarnacdn.net *.fontawesome.com data: fonts.googleapis.com *.hotjar.com *.zopim.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.alphaecommerce.gr *.cardlink.gr *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com *.weltpixel.com *.cookiebot.com *.facebook.com *.facebook.net *.addtoany.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com *.googleapis.com *.gstatic.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.facebook.com *.cookiefirst.com *.cookielaw.org *.windows.net *.google.com *.google.gr *.contactpigeon.com *.klarnaservices.com *.bidswitch.net *.adnxs.com *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.yahoo.net *.adform.net *.omnitagjs.com *.casalemedia.com *.criteo.com *.id5-sync.com id5-sync.com *.360yield.com *.ivitrack.com *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.sharethrough.com *.tremorhub.com *.yieldlab.net *.yieldmo.com *.emxdgt.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.facebook.net *.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io *.alphaecommerce.gr *.cardlink.gr *.cookiebot.com cdn.simpler.so sdk.local.simpler.so https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.facebook.com *.addtoany.com *.cookielaw.org *.google.com *.cookiefirst.com *.doubleclick.net *.paypal.com *.googletagmanager.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.google-analytics.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com cdn.mouseflow.com *.contactpigeon.com *.linkwi.se js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com songbirdstag.cardinalcommerce.com *.onecode.gr blob: *.google.gr *.cloudflareinsights.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com https://fonts.googleapis.com *.klarnacdn.net *.fontawesome.com tagmanager.google.com *.googleapis.com cdn.dnky.co checkout.buckaroo.nl *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net *.cookiefirst.com *.contactpigeon.com assets.braintreegateway.com *.googletagmanager.com 'self' 'unsafe-inline'; object-src *.youtube.com *.youtube-nocookie.com *.google.com *.google.gr *.doubleclick.net *.facebook.net 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io *.cookiebot.com button.simpler.so button.staging.simpler.so analytics.simpler.so analytics.staging.simpler.so button.local.simpler.so *.facebook.net *.facebook.com *.cookielaw.org *.doubleclick.net *.google.com *.criteo.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms *.datatrics.com *.cookiefirst.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.contactpigeon.com *.youtube.com *.google.gr *.youtube-nocookie.com *.analytics.google.com *.googletagmanager.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors https://app.americanbuildings.com https://app.cbcsteelbuildings.com https://app.kirbybuildingsystems.com https://app.nucorbuildingsystems.com https://www.americanbuildings.com https://www.cbcsteelbuildings.com https://www.kirbybuildingsystems.com https://www.nucorbuildingsystems.com https://www.nucorbuildingsgroup.com https://kbstoolbox.revhub.io https://toolbox.kirbybuildingsystems.com https://toolbox.cbcsteelbuildings.com https://toolbox.americanbuildings.com https://toolbox.nucorbuildingsystems.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-M2JmNzEwYzQwZTUwNDRhZGE0MThiZmViNDc4OGYxNTQ=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.uitvoeringvanbeleidszw.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.uitvoeringvanbeleidszw.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.uitvoeringvanbeleidszw.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' 'sha256-kDRQ3dagwwb3nrm8xnMC0VgLt6lNN98+2oajznduaKI='; font-src 'self'; img-src data: *; frame-src *; connect-src 'self' https://ucs-sso.schule-sh.de/ http://ucs-sso.schule-sh.de/; frame-ancestors 'self' https://ucs-sso.schule-sh.de/ http://ucs-sso.schule-sh.de/; 1
default-src 'self' *.google.com *.youtube-nocookie.com *.youtube.com *.youtu.be; form-action * 'self'; script-src * 'self' 'unsafe-inline' mc.yandex.ru static.criteo.net ad.yieldlab.net sync.outbrain.com criteo-partners.tremorhub.com match.sharethrough.com simage2.pubmatic.com jadserve.postrelease.com exchange.mediavine.com matching.ivitrack.com ad.360yield.com id5-sync.com sync-criteo.ads.yieldmo.com gum.criteo.com sslwidget.criteo.com widget.eu.criteo.com *.sinpas.com.tr googleads.g.doubleclick.net cdn.onesignal.com connect.facebook.net cdnjs.cloudflare.com *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.googleapis.com *.googleapis.com *.gstatic.com; connect-src * 'self' mc.yandex.com *.googletagmanager.com *.google.com *.google.com.tr *.google-analytics.com *.analytics.google.com *.g.doubleclick.net;img-src * 'self' www.facebook.com e1.emxdgt.com cm.g.doubleclick.net ups.analytics.yahoo.com eb2.3lift.com criteo-sync.teads.tv mc.yandex.ru r.casalemedia.com visitor.omnitagjs.com cm.adform.net hb.yahoo.net sync-t1.taboola.com rtb-csync.smartadserver.com pixel.rubiconproject.com contextual.media.net ib.adnxs.com x.bidswitch.net *.sinpas.com.tr mc.yandex.com *.bootstrapcdn.com code.jquery.com cdnjs.cloudflare.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.google.com *.google.com.tr *.ytimg.com; font-src * 'self' cdnjs.cloudflare.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.google.com *.google.com.tr; style-src * 'self' 'unsafe-inline' *.sinpas.com.tr *.google.com *.googleapis.com *.gstatic.com; media-src * 'self';frame-src * 'self' *.google.com gum.criteo.com 1
default-src 'self' ymetrica1.com mc.yandex.ru mc.yandex.kz mc.yandex.by mc.yandex.ua mc.yandex.com mc.yandex.md api-maps.yandex.ru; font-src 'self' *.gstatic.com data:; script-src 'self' cdn.domdivanov.com mc.yandex.ru ymetrica1.com mc.yandex.kz mc.yandex.by mc.yandex.ua mc.yandex.com mc.yandex.md yandex.st api-maps.yandex.ru *.maps.yandex.net *.jivosite.com *.jivo.ru *.googletagmanager.com *.mail.ru *.google-analytics.com *.doubleclick.net data: 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.domdivanov.com data: 'unsafe-inline' *.jivosite.com *.jivo.ru; img-src * data:;media-src *.youtu.be *.youtube.com *.jivosite.com *.jivo.ru;connect-src ymetrica1.com mc.yandex.ru mc.yandex.kz mc.yandex.by mc.yandex.ua mc.yandex.com mc.yandex.md *.jivosite.com *.jivo.ru *.googletagmanager.com *.doubleclick.net *.mail.ru *.google-analytics.com 'self' wss:;frame-src 'self' *.rsb.ru *.youtu.be *.youtube.com *.yandex.net *.yandex.ru *.yandex.kz *.yandex.by *.yandex.ua *.yandex.com *.yandex.md; 1
frame-src https: 'self' data:; 1
default-src 'self' blob: data: 'unsafe-hashes' 'unsafe-eval' 'unsafe-inline' *.googleapis.com *.zadarma.com *.bootstrapcdn.com *.webvisor.com *.googlesyndication.com *.gstatic.com *.google.ru *.google.com bitrix.info *.bitrix.info *.doubleclick.net *.googletagservices.com *.bitrix24.ru it.era.ee *.goodprogrammist.ru bitrixfunmyvutrn.onion *.yandex.net wss://*.bitrix24.com *.disquscdn.com disqus.com wss://disqus.com *.disqus.com *.cdnvideo.ru *.yandex.ru *.googletagmanager.com *.1c-bitrix-cdn.ru *.google-analytics.com yastatic.net *.yastatic.net *.googleadservices.com *.gravatar.com goodprogrammist.ru *.cloudflare.com *.sendpulse.com *.yandex.md argonizer.ru http://argonizer.ru *.argonizer.ru argo.pro *.argo.pro http://old.argo.vc old.argo.vc *.datatables.net *.argo.vc *.new.rpo.ru new.rpo.ru argo.company *.argo.company *.zyxil.ru *.facebook.net *.vk.com *.mail.ru an.zyxil.ru ap.zyxil.ru *.joxi.net *.youtube.com youtube.com *.vimeo.com *.1c-bitrix.ru *.tinkoff.ru *.kladr-api.ru *.kladr-api.com kladr-api.ru kladr-api.com *.pochta.ru pochta.ru *.telerik.com telerik.com *.pickpoint.ru pickpoint.ru *.bitrix24.site bitrix24.site edinoepole.ru *.edinoepole.ru mql5.com *.mql5.com; 1
font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com data:; frame-src 'self' https://www.google.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://sandbox.pay.yandex.ru/; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://pay.google.com/gp/ https://pay.yandex.ru https://mc.yandex.ru/metrika/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; report-uri /csp/report; worker-src blob: 1
default-src ; script-src 'self' 'unsafe-inline' localhost https://assets.zendesk.com *.zdassets.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com; object-src ; style-src 'self' 'unsafe-inline' localhost *.entrecode.de https://fonts.googleapis.com; img-src *; media-src *; child-src https://www.google.com; font-src *.entrecode.de https://fonts.gstatic.com; connect-src 'self' *.entrecode.de https://entrecode.zendesk.com *.zdassets.com https://www.google-analytics.com; manifest-src 1
default-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; object-src *; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://use.typekit.net/ https://bbaa01mstrc210dinte.blob.core.windows.net/cdn/ https://optimize.google.com https://fonts.googleapis.com/ https://bnbank.boost.ai/ https://tagmanager.google.com/ https://dl.episerver.net/; font-src 'self' https://use.typekit.net/ https://fonts.gstatic.com https://bnbank.boost.ai/ https://script.hotjar.com; img-src * data:; connect-src * 'self' https://bnbank.boost.ai https://vimeo.com/api/ https://in.hotjar.com/ https://data.brreg.no https://www.google-analytics.com https://s3-eu-west-1.amazonaws.com/poc.servicemail.com/rc/ https://d2df291ti5v5sq.cloudfront.net/rc/ https://apil1.spinnaker-js.com/;              frame-src   'self' https://optimize.google.com https://*.evry.com https://www.lekalkulator.no https://www.sb1finans.no/ https://nettbank.bnbank.no/ https://tr.snapchat.com/ https://www.youtube.com/ https://player.vimeo.com/ https://vars.hotjar.com/ https://track.adform.net/ https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://littextra.no/ https://*.fls.doubleclick.net https://meetings-eu1.hubspot.com https://info.bnbank.no; frame-ancestors 'self' https://*.bnbolig.no; 1
upgrade-insecure-requests; default-src 'self' 'unsafe-inline'; script-src 'self' translate.google.com *.messagebird.com js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js-na1.hs-scripts.com *.datatables.net *.clarity.ms maps.google.com player.vimeo.com *.googleapis.com www.google.com.co monmark.bancow.com.co secure.adnxs.com *.doubleclick.net connect.facebook.net *.atento.com.co www.googleadservices.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://translate-pa.googleapis.com https://yoast.com https://forms.hscollectedforms.net  translate.googleapis.com pagead2.googlesyndication.com www.google.com.co *.messagebird.com bancow.com.co *.clarity.ms maps.googleapis.com *.google.com www.facebook.com www.google-analytics.com api.ipify.org *.doubleclick.net monmark.bancow.com.co 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://forms.hsforms.com https://track.hubspot.com s.w.org c.bing.com *.bancow.com.co *.doubleclick.net *.googleapis.com *.gstatic.com 'unsafe-inline' *.facebook.com *.google.com.co *.google.com *.clarity.ms *.google-analytics.com data: image/*; frame-src 'self' *.messagebird.com *.doubleclick.net bancow.smartdataautomation.com *.youtube.com *.doubleclick.net *.vimeo.com botw.formiik.com *.google.com *.atento.com.co ruth-bot-web-production.azurewebsites.net *.facebook.com; style-src 'self' *.gstatic.com *.googleapis.com *.cloudflare.com cdn.jsdelivr.net 'unsafe-inline'; object-src 'self'; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com; worker-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https:;frame-src https://giphy.com https://platform.twitter.com https://*.youtube.com https://*.youtube-nocookie.com https://*.clickagy.com https://embed.testimonial.to;connect-src 'self' https:;img-src 'self' data: https:;form-action 'self' https://dvc.us10.list-manage.com https://dvc.org;media-src https://static.iterative.ai;default-src 'self';base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
report-uri /sentry/api/61/csp-report/?sentry_key=8505cd7669a24ba78131bbe9f6e8db09; worker-src blob: 'self'; child-src blob:; object-src 'none'; default-src https: data: 'self' *.1gamepay.com; img-src 'self' https: data: blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk *.visualwebsiteoptimizer.com app.vwo.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src * bankid: https://bid.g.doubleclick.net wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; connect-src 'self' ws: wss: livechat24.tech *.livechat24.tech https://stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net *.unetsafe.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.bing.com app.vwo.com facebook.com www.facebook.com *.google.com *.google.ru *.google.ro *.google.se *.google.de *.google.fr *.google.nl *.google.by *.google.pt *.google.kz *.google.bg *.google.kg *.google.md *.google.gr *.google.fi https://*.googlesyndication.com *.snapchat.com snapchat.com sc-static.net https://static.ads-twitter.com https://analytics.twitter.com https://*.atlantgaming.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com *.regily.com https://*.fasttrack-solutions.com https://*.ft-crm.com https://verification.okwork.io https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; style-src 'self' blob: 'unsafe-inline' *.googleapis.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.unetsafe.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com https://cs.betradar.com https://*.sportradar.com https://videosport.me https://cdn-sp.kertn.net https://cdn-sp.gbshgbsh.com https://*.fasttrack-solutions.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com https://tagmanager.google.com https://fonts.googleapis.com https://s3.amazonaws.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; font-src 'self' https://fonts.gstatic.com data: *.cloudflare.com *.cloudflareinsights.com livechat24.tech *.livechat24.tech *.visualwebsiteoptimizer.com app.vwo.com *.frankcasino.com https://cdn-sp.kertn.net https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com; script-src 'self' 'unsafe-eval' 'nonce-lWGDzxyZpWUsmvRIbQwmOA==' blob: *.google.com *.google.ro *.google.se *.google.nl *.google.de *.google.fi *.google.ch *.google.ee *.google.sk *.google.dk recaptcha.net www.gstatic.com *.googleadservices.com https://www.googleadservices.com https://*.googlesyndication.com *.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://*.googletagmanager.com *.google-analytics.com *.analytics.google.com platform.twitter.com connect.facebook.net *.curacao-egaming.com stats.g.doubleclick.net https://stats.g.doubleclick.net livechat24.tech *.livechat24.tech *.livestatisc.com *.jsdelivr.net *.ptstaging.eu track.adform.net *.unetsafe.com *.cloudflare.com *.cloudflareinsights.com *.quantserve.com *.quantcount.com *.creative-serving.com *.visualwebsiteoptimizer.com *.taboola.com *.tradedoubler.com *.snapchat.com *.bing.com snapchat.com sc-static.net app.vwo.com facebook.com www.facebook.com https://static.ads-twitter.com https://analytics.twitter.com *.regily.com https://*.fasttrack-solutions.com https://cdn-sp.kertn.net https://*.pusher.com https://cdn-sp.gbshgbsh.com https://*.gstatic.com https://prj-verification-production.s3.amazonaws.com https://prj-verification-stage1.s3.amazonaws.com https://prj-verification-stage2.s3.amazonaws.com https://public-verification1.stage.aventogroup.com https://public-verification2.stage.aventogroup.com *.frankcasino.com *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com paymentpage.ecommpay.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com https://*.frank.casino wss://*.biahosted.com https://*.biahosted.com https://storage.googleapis.com https://vtibetinaction2.aitcloud.de https://vbibetinaction2.aitcloud.de https://vsfelive-vs001.akamaized.net https://vsw.betradar.com https://vfbetinaction2.aitcloud.de https://vblbetinaction2.aitcloud.de https://s5.sir.sportradar.com https://gsm-widgets.betstream.betgenius.com https://altenar.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com https://widgets.sir.sportradar.com https://widgets.fn.sportradar.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; font-src *; img-src * data:; connect-src * data: 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob:; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; base-uri 'self'; 1
default-src 'self' data: blob: *.google.com *.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com; script-src 'self' 'unsafe-inline' *.googleapis.com *.google.com; 1
script-src 	'self' 'unsafe-inline' 'unsafe-eval' 	bat.bing.com *.clarity.ms 	cdnjs.cloudflare.com 	*.cloudfront.net 	connect.facebook.net 	cdn.doofinder.com cdn.ebi.cloud 	*.googleapis.com *.googlesyndication.com *.googletagmanager.com maps.google.co.uk *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net 	*.jotform.com secure.jotformpro.com widgets.jotform.io 	code.jquery.com 	*.livechatinc.com 	js.squareup.com 	rec.smartlook.com         web-sdk.smartlook.com 	s7.addthis.com         embed.typeform.com         widget.trustpilot.com     *.pcapredict.com services.postcodeanywhere.co.uk 	; 	worker-src blob: 1
default-src * data: blob:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
base-uri 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com data:; 1
default-src 'self'; img-src 'self' https://googleads.g.doubleclick.net https://www.googletagmanager.com https://www.google.com images.rouxel.com data: ssl.google-analytics.com *.googleapis.com maps.gstatic.com https://stats.g.doubleclick.net; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://matomo.rouxel.com https://www.google.com https://www.gstatic.com maps.googleapis.com stackpath.bootstrapcdn.com code.jquery.com google-analytics.com; style-src 'unsafe-inline' 'self' *.googleapis.com stackpath.bootstrapcdn.com; font-src 'self' fonts.gstatic.com; connect-src 'self' https://stats.g.doubleclick.net https://maps.googleapis.com https://matomo.rouxel.com https://nominatim.openstreetmap.org; frame-src https://bid.g.doubleclick.net maps.google.fr https://www.google.com/ 1
frame-ancestors 'self' https://logitracgps.com https://app.mykaarma.com https://srishti65.mykaarma.dev 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-C3O9vdnxbBga5l7Yh+7iNII5orh/4fN7UyeLH7P8ybqWwgKS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https: data:; style-src 'self' https: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' consentcdn.cookiebot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: munchkin.marketo.net  *.mktoweb.com challenges.cloudflare.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com  bluebeam2--shareddev.sandbox.my.site.com *.vidyard.com *.bluebeam.com *.wpengine.com *.pardot.com www.google-analytics.com fonts.gstatic.com *.cookiebot.com www.googletagmanager.com *.visualwebsiteoptimizer.com connect.facebook.net googleads.g.doubleclick.net *.hotjar.net *.hotjar.com snap.licdn.com bat.bing.com s.yimg.com snap.licdn.com *.google.com bat.bing.com sp.analytics.yahoo.com px.ads.linkedin.com stats.g.doubleclick.net www.facebook.com p.adsymptotic.com cdn.linkedin.oribi.io www.youtube.com; connect-src 'self' *.mktoresp.com *.execute-api.us-east-1.amazonaws.com *.execute-api.eu-west-2.amazonaws.com *.execute-api.ap-southeast-2.amazonaws.com *.execute-api.eu-central-1.amazonaws.com *.execute-api.eu-north-1.amazonaws.com region1.analytics.google.com *.analytics.google.com bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com content.hotjar.io wss://ws.hotjar.com px.ads.linkedin.com pagead2.googlesyndication.com www.google-analytics.com stats.g.doubleclick.net vc.hotjar.io s.yimg.com *.hotjar.com *.cookiebot.com analytics.google.com *.visualwebsiteoptimizer.com yoast.com www.google.com cdn.linkedin.oribi.io googleads.g.doubleclick.net gw.linkedin.oribi.io ad.doubleclick.net www.facebook.com bat.bing.com www.googleapis.com; img-src 'self' data: imgsct.cookiebot.com www.google.co.uk www.google.nl www.google.no www.google.fr www.google.es www.google.dk www.google.se www.google.co.jp www.google.co.kr www.google.it www.google.fi www.google.be www.google.com.au *.vidyard.com *.visualwebsiteoptimizer.com sp.analytics.yahoo.com *.bing.com www.facebook.com px.ads.linkedin.com www.google.com p.adsymptotic.com secure.gravatar.com www.linkedin.com www.google-analytics.com gw.linkedin.oribi.io www.googletagmanager.com ad.doubleclick.net ps.w.org; style-src 'self' 'unsafe-inline' bluebeam2--shareddev.sandbox.my.salesforce-sites.com bluebeam2--staging.sandbox.my.salesforce-sites.com bluebeam2--shareddev.sandbox.my.site.com *.bluebeam.com *.wpengine.com fonts.googleapis.com; base-uri 'self'; form-action 'self' *.bluebeam.com www.facebook.com *.my.salesforce.com *.salesforce.com; object-src data: 'unsafe-eval'; font-src 'self' *.bluebeam.com *.wpengine.com fonts.googleapis.com fonts.gstatic.com data: 'unsafe-eval'; media-src 'self' *.bluebeam.com *.wpengine.com *.cookiebot.com; frame-src 'self' challenges.cloudflare.com *.vidyard.com *.bluebeam.com *.cookiebot.com *.hotjar.com www.facebook.com www.youtube.com td.doubleclick.net 9747788.fls.doubleclick.net roicalbucket.s3-website-us-east-1.amazonaws.com roical.bluebeam-dev.com roical.bluebeam.com go.pardot.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self'; child-src 'none'; script-src 'self'; object-src 'self'; frame-ancestors 'none'; 1
default-src 'self'; block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-83ff603cb37845c893a0408cb4d666f1' 'self' 'unsafe-eval' 'unsafe-inline' https://www.clarity.ms https://flo.uri.sh/ https://view.ceros.com/ https://cdn.optimizely.com/ https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://region1.google-analytics.com/ https://widgets.getsitecontrol.com https://c.evidon.com https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://*.googletagmanager.com https://*.onetrust.com; img-src 'self' data: https://www.facebook.com/ https://c.bing.com/ https://www.gstatic.com/ https://c.clarity.ms/ https://media.licdn.com/ https://thespinoff.co.nz/ https://apps.jobadder.com/widgets/V1/loading.gif https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://*.googletagmanager.com https://*.analytics.google.com https://*.onetrust.com https://px.ads.linkedin.com; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://engage.grantthornton.global https://fonts.googleapis.com/ https://optimize.google.com https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://cdn.megabonus.com/ https://fonts.gstatic.com; frame-src 'self' https://app.powerbi.com/ https://flo.uri.sh/ https://view.ceros.com/ https://apply.jobadder.com/ https://engage.grantthornton.global https://a10084069166.cdn.optimizely.com/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://td.doubleclick.net/; connect-src 'self' https://maps.googleapis.com/ https://*.analytics.google.com/ https://www.clarity.ms https://642-sde-924.mktoresp.com https://logx.optimizely.com/v1/events https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://extreme-ip-lookup.com/ https://www.clarity.ms/ https://analytics.google.com/ https://*.googletagmanager.com https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://*.onetrust.com https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://px.ads.linkedin.com;  report-uri /ContentSecurityPolicy/Report/; report-to csp-endpoint; 1
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none'; 1
frame-ancestors 'self' https://cms.luckyvoice.com 1
default-src 'self'; img-src * 'self' data:; style-src * 'self' 'unsafe-inline'; font-src * 'self'; script-src * 'self' 'unsafe-eval' 'unsafe-inline'; form-action 'self'; media-src 'self'; 1
script-src 'self' 'unsafe-inline' https://assets.zendesk.com https://static.zdassets.com; base-uri 'self'; 1
frame-ancestors 'self'  http://www.lux.com unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.cookiefirst.com https://www.google-analytics.com https://player.vimeo.com https://www.youtube.com https://www.googletagmanager.com https://derby.managed-otrs.com https://static.hotjar.com https://script.hotjar.com https://zenloop-website-overlay-production.s3.amazonaws.com https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.usemessages.com; img-src 'self' data: https://assets.zenloop.com https://muleapiservice.focus-kalkhoff-dealer.com https://focus-kalkhoff-dealer.com https://www.googletagmanager.com https://www.google.com https://www.google.de https://i.ytimg.com https://www.google-analytics.com https://consent.cookiefirst.com https://track-eu1.hubspot.com https://forms-eu1.hsforms.com https://script.hotjar.com; font-src 'self' https://script.hotjar.com https://consent.cookiefirst.com https://zenloop-assets.s3.eu-west-1.amazonaws.com; style-src 'self' 'unsafe-inline' https://consent.cookiefirst.com https://derby.managed-otrs.com https://zenloop-website-overlay-production.s3.amazonaws.com; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com https://derby.managed-otrs.com https://zenloop-website-overlay-production.s3.amazonaws.com/ https://26323667.hs-sites-eu1.com https://26545664.hs-sites-eu1.com https://app-eu1.hubspot.com/ ; object-src 'none' 1
default-src 'self'; connect-src 'self' https://*.siteimprove.com https://*.readspeaker.com https://*.google-analytics.com https://*.analytics.google.com https://*.gemeentemaastricht.eu https://matomo.spzl.nl; font-src 'self' https://fonts.gstatic.com https://*.readspeaker.com data:; frame-src https://my2.siteimprove.com https://*.readspeaker.com https://www.google.com; img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://*.global.siteimproveanalytics.io https://*.tile.openstreetmap.org; manifest-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://maps.googleapis.com https://matomo.spzl.nl https://www.google.com https://www.gstatic.com https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://github.com https://polyfill.io https://sf1-eu.readspeaker.com https://unpkg.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://siteimproveanalytics.com https://maps.googleapis.com https://matomo.spzl.nl https://www.google.com https://www.gstatic.com https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://github.com https://polyfill.io https://sf1-eu.readspeaker.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.readspeaker.com https://fonts.googleapis.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'none'; base-uri 'self'; report-uri https://www.gemeentemaastricht.nl/report-uri/enforce; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.clientpay.com/scripts/embed.js http://us2.siteimprove.com/js/siteanalyze_17084.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/ https://www.gstatic.com/recaptcha/releases/; style-src 'self' 'unsafe-inline' https://cloud.typography.com/ https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://www.youtube.com/ https://player.vimeo.com/ https://app.clientpay.com/ https://www.youtube-nocookie.com;  img-src 'self' data: https://17084.global.siteimproveanalytics.io https://www.google-analytics.com https://i.vimeocdn.com/ https://i.ytimg.com/; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.tarotbyjanine.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.boxever.com https://public.tableau.com https://*.cloudfront.net https://*.bound360.com https://*.doubleclick.net https://*.fls.doubleclick.net https://*.getsmartcontent.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.linkedin.com https://cdn.linkedin.oribi.io https://*.litix.io https://*.pardot.com https://*.questionpro.com https://*.rfihub.com https://*.rfihub.net https://*.sitecorecontenthub.cloud https://*.vizientinc.com https://*.wistia.com https://*.wistia.net https://ad.ipredictive.com https://ajax.googleapis.com https://analytics.twitter.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cnv.event.prod.bidr.io https://code.jquery.com https://connect.facebook.net https://*.sitecorecloud.io https://match.adsrvr.org https://maxcdn.bootstrapcdn.com https://snap.licdn.com https://static.ads-twitter.com https://t.co https://tracking.intentsify.io https://vhatv.vha.com https://vitals.vercel-insights.com https://www.cvent.com https://www.ethosce.com https://www.facebook.com https://www.google.ca https://www.google.com https://*.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://www.thinglink.com https://*.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://tag.demandbase.com https://api.company-target.com https://company.target.com https://rlcdn.com https://id.rlcdn.com https://scripts.demandbase.com https://segments.company-target.com https://tag-logger.demandbase.com https://s.company-target.com; media-src 'self' data: blob: https://*.sitecorecloud.io https://*.sitecorecontenthub.cloud embedwistia-a.akamaihd.net *.wistia.net *.wistia.com; 1
default-src https:; connect-src https: wss:; font-src https: data:; img-src https: data: blob:; frame-src https:; frame-ancestors 'self'; worker-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action https: javascript:; script-src https: data: 'unsafe-inline' 'unsafe-eval';style-src https: data: 'unsafe-inline'; base-uri 'self'; 1
frame-ancestors 'self' *.surfboard.com; 1
default-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; script-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; style-src 'self' 'unsafe-inline' https: http://www.etrasparenza.it/; font-src 'self' https: http://www.etrasparenza.it/ 1
default-src 'self' 'unsafe-inline' www.googletagmanager.com connect.facebook.net www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.com www.google.com.pk www.amcharts.com fonts.googleapis.com fonts.gstatic.com player.vimeo.com scontent.fkhi17-1.fna.fbcdn.net i.vimeocdn.com 1
default-src 'unsafe-inline' 'unsafe-eval' doronjo.murc.jp milenjo.murc.jp marjo.murc.jp academy.murc.jp murc-kawasesouba.jp www.murc-kawasesouba.jp www.google-analytics.com bizsearch.murc.jp wf.typesquare.com 1
frame-ancestors 'self' https://*.frontapp.com https://*.frontapplication.com https://thepackengersapp-demo.fly.dev https://www.thepackengers.com https://app.thepackengers.com https://www.interencheres.com https://mjollnir.pp-indb.io https://mjollnir.int-indb.io https://www.dev-indb.io https://www.pp-indb.io https://www.int-indb.io 1
default-src https://*.google-analytics.com https://*.analytics.google.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com 'self' 'unsafe-eval' 'unsafe-inline' data: https: blob:; object-src 'none'; base-uri 'self'; frame-ancestors 'self' *.umbraco.io *.local 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.iranantiq.com iranantiq.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com instant.page storagespace.ir; style-src 'self' 'unsafe-inline' iranantiq.com *.iranantiq.com storagespace.ir; img-src 'self' storagespace.ir *.iranantiq.com iranantiq.com *.enamad.ir *.googletagmanager.com *.cloudinary.com blob: 'self' storagespace.ir data: 'unsafe-eval'; font-src 'self' *.iranantiq.com storagespace.ir data: *.iranantiq.com; 1
frame-ancestors 'self' *.tennisonly.com.au *.runningwarehouse.com.au *.totalpickleball.com.au www.runningwarehouse.eu www.runningwarehouse.com www.tennis-warehouse.com www.tenniswarehouse-europe.com; 1
default-src 'self'; connect-src  'self' bcp.crwdcntrl.net  cdn.cookielaw.org *.onetrust.com  *.sharethis.com  *.linkedin.com  *.facebook.com *.linkedin.oribi.io  stats.g.doubleclick.net  *.bc0a.com maps.googleapis.com *.analytics.google.com analytics.google.com google-analytics.com *.google-analytics.com; font-src 'self' * data:; script-src 'self' readymag.com cdn.b0e8.com cdn.cookielaw.org  'unsafe-inline' *.vimeo.com *.youtube.com  *.apcoworldwide.com www.gstatic.com *.doubleclick.net  *.google.com *.google-analytics.com snap.licdn.com *.ads-twitter.com facebook.net *.facebook.net googletagmanager.com *.googletagmanager.com cdnjs.cloudflare.com *.bc0a.com maps.googleapis.com code.jquery.com cdn.jsdelivr.net s7.addthis.com cdn.polyfill.io *.disqus.com *.privacymanager.io  twitter.com *.twitter.com *.sharethis.com; style-src * 'unsafe-inline'; img-src * 'self' data:; frame-src *.vimeo.com *.youtube.com www.google.com *.doubleclick.net  *.facebook.com disqus.com *.apcoworldwide.com *.google.com *.readymag.com *.slideshare.net *.sharethis.com *.youtube-nocookie.com 1
frame-ancestors *; img-src *; media-src * 1
default-src 'self' 'nonce-YUlKZGYwcmdpS0hRR0ZlVnhVTWF5anJvOFZYVmxrME5JdmRFQkpneU9OUEo4TmswZHI5a2ZCcUFnS01EUmxLQw==' data: *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl;script-src 'unsafe-eval' 'self' 'nonce-YUlKZGYwcmdpS0hRR0ZlVnhVTWF5anJvOFZYVmxrME5JdmRFQkpneU9OUEo4TmswZHI5a2ZCcUFnS01EUmxLQw==' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com wsrv.nl *.cookiebot.com *.twitter.com static.ads-twitter.com www.google.com t.co *.googletagmanager.com *.google-analytics.com *.vimeo.com vimeo.com *.vimeocdn.com *.cloudflare.com *.topicusplatform.nl *.amazonaws.com *.jquery.com *.bootstrapcdn.com *.doubleclick.net *.hotjar.io connect.facebook.net *.adform.net www.facebook.com snap.licdn.com *.linkedin.com *.oribi.io *.adsymptotic.com *.cloudfront.net *.typekit.net *.youtube.com *.soundcloud.com google-analytics.com analytics.spreekuur.nl *.googleadservices.com www.google.nl art19.com matomo.dev.cubetest.nl tr2.onlinesucces.nl cdn.onlinesucces.nl https://unpkg.com/alpinejs@3.10.3/dist/cdn.min.js *.hs-analytics.net *.hubapi.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hs-sites.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net play.hubspotvideo.com cdn2.hubspot.net *.hscollectedforms.net *.hsleadflows.net/leadflows.js *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com topicus.containers.piwik.pro topicus.piwik.pro *.piwik.pro *.mjt.lu linkedin.oribi.io script.hotjar.com redditstatic.com app.mailjet.com matomo.kdplus.nl 1
font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://*.doubleclick.net https://cdn.jsdelivr.net *.recaptcha.net recaptcha.net https://www.google.com/recaptcha/ https://recaptcha.google.com https://vars.hotjar.com/ https://www.facebook.com/ https://*.criteo.com https://*.criteo.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.criteo.net data: https://www.google.co.id https://www.facebook.com https://www.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://img.youtube.com https://blogspr.mocil.id https://cdn.jsdelivr.net https://s3.amazonaws.com https://code.jquery.com www.gstatic.com/recaptcha https://mocil.id https://storage.googleapis.com https://cm.g.doubleclick.net https://ib.adnxs.com https://contextual.media.net https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://eb2.3lift.com https://ups.analytics.yahoo.com https://adgen.socdm.com https://tg.socdm.com https://cs.adingo.jp https://ad.360yield.com https://s.ad.smaato.net https://ade.clmbtech.com https://ib.adnxs.com https://ups.analytics.yahoo.com https://hb.yahoo.net https://beacon.krxd.net https://*.facebook.com https://*.criteo.com https://criteo-sync.teads.tv; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://www.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://www.google.com https://googleads.g.doubleclick.net https://*.facebook.net https://*.pusher.com/ https://www.googleadservices.com https://www.google-analytics.com https://www.youtube.com https://s.ytimg.com https://*.doubleclick.net https://code.jquery.com https://*.cloudflare.com https://*.googleapis.com https://www.googleadservices.com http://www.googleadservices.com https://cdn.jsdelivr.net https://www.recaptcha.net https://recaptcha.net https://www.gstatic.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.google.com/recaptcha/ https://static.hotjar.com https://script.hotjar.com https://*.tiktok.com/ https://analytics.tiktok.com https://unpkg.com http://*.criteo.com https://*.criteo.com https://*.criteo.net; style-src 'self' 'unsafe-inline' 'report-sample' https://tagmanager.google.com https://fonts.googleapis.com https://code.jquery.com https://*.cloudflare.com https://*.googleapis.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://unpkg.com; worker-src https://www.google-analytics.com blob: 1
default-src 'self' https://miloan.ua https://tengo.ua https://tengo.com.ua https://amigo.com.ua *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.pango.com.ua; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleoptimize.com https://*.clarity.ms https://c.bing.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://score.juicyscore.com https://optimize.google.com https://www.google-analytics.com https://www.googletagmanager.com *.google.com stats.g.doubleclick.net https://stats.g.doubleclick.net https://mc.yandex.ru https://yastatic.net https://tengo.com.ua https://pango.com.ua *.ampproject.org *.adpartner.pro connect.facebook.net ajax.cloudflare.com static.cloudflareinsights.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.appdynamics.com; img-src 'self' https://*.clarity.ms https://c.bing.com *.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://google.com https://optimize.google.com https://id.bank.gov.ua https://www.google-analytics.com https://www.google.com https://www.google.com.ua https://www.googletagmanager.com https://mc.yandex.ru https://www.gstatic.com https://www.facebook.com https://www.google.ru https://www.google.pl https://www.google.com.cy stats.g.doubleclick.net https://stats.g.doubleclick.net https://static.liqpay.ua *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.pango.com.ua blob: data:; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://optimize.google.com fonts.googleapis.com *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.pango.com.ua; font-src 'self' https://optimize.google.com fonts.gstatic.com data: blob:; frame-src 'self' https://bid.g.doubleclick.net https://*.doubleclick.net https://optimize.google.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.adpartner.pro atlassian-companion: data: blob:; object-src 'self' data: blob:; connect-src wss://ws.pango.com.ua https://adservice.google.com https://*.clarity.ms https://c.bing.com https://score.juicyscore.com https://*.google-analytics.com https://analytics.google.com https://www.googletagmanager.com https://correctme.com.ua stats.g.doubleclick.net https://stats.g.doubleclick.net https://mc.yandex.ru https://miloan.ua https://tengo.ua https://tengo.com.ua https://amigo.com.ua https://pango.com.ua https://analytics.goo *.miloan.ua *.miloan.com.ua *.tengo.ua *.tengo.com.ua *.amigo.com.ua *.pango.com.ua *.hotjar.com *.hotjar.io wss://*.hotjar.com *.carrotquest.app pdx-col.eum-appdynamics.com *.appdynamics.com *.bank.gov.ua https://www.liqpay.ua *.liqpay.ua https://www.portmone.com.ua *.portmone.com.ua https://p2y.com.ua *.p2y.com.ua https://fondy.io *.fondy.eu https://easypay.ua *.easypay.ua 1
frame-ancestors 'self' *.pelatologio.gr; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.americasmed.com.br/report-uri/enforce 1
default-src 'self' https://*.birdie.com.hk https://api.smooch.io https://*.clare.ai wss://api.smooch.io wss://*.clare.ai https://*.facebook.com https://*.alipay.com https://pay.google.com https://api6.ipify.org https://app.os.ma https://www.iplocate.io https://ask.onbirdie.com https://*.appier.net https://*.klook.com https://www.google-analytics.com https://widget-v4.tidiochat.com wss://socket.tidio.co https://www.googletagmanager.com https://migs.mastercard.com.au/ https://*.cardinalcommerce.com https://analytics.google.com https://stats.g.doubleclick.net; font-src 'self' data: https:; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' blob: https: 'unsafe-inline'; 1
frame-ancestors 'self' catalogues.ecomiam.com www.ecomiam.com; 1
frame-ancestors https://estaldo.matomo.cloud/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; 1
default-src 'self'; connect-src 'self' ws://127.0.0.1:35729;object-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.newrelic.com *.nr-data.net; style-src 'self' 'unsafe-inline'; img-src * data:; frame-src 'self' *.google.com *.itella.com *.youtube.com blob:;frame-ancestors *; 1
default-src https:;connect-src https: wss://*.hotjar.com/api/v2/client/ws wss://directline.botframework.com;font-src https: data:;frame-src https: twitter:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-23RHYzlTIw9qr6n7Gb53IAfp4pYnJa1/stWsexsKbh5Lmdcf' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com; style-src 'self' 'unsafe-inline' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://fonts.googleapis.com https://*.hotjar.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; script-src 'unsafe-eval' 'unsafe-inline' https://*.klarnaservices.com https://*.klarnacdn.net https://static.garmincdn.com/support-chat-widget/chatWidget-v1.3.1.js https://product-gallery.cloudinary.com https://res.cloudinary.com https://*.pinimg.com https://*.linksynergy.com https://*.googlesyndication.com 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://ajax.googleapis.com https://static.garmincdn.com https://www.google.com https://cdn.appdynamics.com https://www.gstatic.com https://prefmgr-cookie.truste-svc.net https://tags.tiqcdn.com https://*.tealiumiq.com https://deploytealium.com https://analytics.google.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.cloudflare.com https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://static.cloudflareinsights.com *.hotjar.com *.hotjar.io https://www.googletagmanager.com https://optimize.google.com https://*.googleapis.com https://cse.google.com https://www.youtube.com  https://v2.zopim.com https://static.zdassets.com https://widget-mediator.zopim.com; connect-src 'self' *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn https://static.garmincdn.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://stats.g.doubleclick.net https://analytics.google.com https://www.google-analytics.com https://*.googleapis.com https://csp.withgoogle.com https://analytics-api-s.cloudinary.com https://pagead2.googlesyndication.com https://*.algolia.net https://*.algolianet.com https://ekr.zdassets.com/ https://garminapac.zendesk.com wss://widget-mediator.zopim.com; font-src 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com; img-src https://connect.facebook.net https://www.googleadservices.com https://*.doubleclick.net https://static.criteo.net https://*.criteo.com https://bat.bing.com https://*.adform.net https://intljs.rmtag.com https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://i.ytimg.com 'self' data: *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://www.google.co.uk https://prefmgr-cookie.truste-svc.net https://res.cloudinary.com https://*.hotjar.com https://www.google.com.tw https://tr.line.me https://www.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://www.google.co.in; frame-src https://www.youtube.com https://*.doubleclick.net *.garmin.com *.garmin.com.tw *.garmin.com.sg *.garmin.co.in *.garmin.co.jp *.garmin.co.th *.garmin.co.kr *.garmin.co.id *.garmin.com.hk *.garmin.com.my *.garmin.com.vn *.garmin.com.cn *.garmin.cn *.trustarc.com *.truste.com https://static.garmincdn.com https://www.google.com https://vars.hotjar.com https://prefmgr-cookie.truste-svc.net https://my.tealiumiq.com https://www.youtube-nocookie.com https://gum.criteo.com https://static.criteo.net https://www.facebook.com https://cse.google.com https://web.facebook.com; media-src 'self' https://static.zdassets.com; object-src 'none'; upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' https://piwik.bzga.de; style-src 'self' 'unsafe-inline'; font-src 'self' data:; script-src 'self' 'unsafe-inline' https://piwik.bzga.de; img-src 'self' https://piwik.bzga.de https://www.bzga.de https://a.tile.osm.org https://b.tile.osm.org https://c.tile.osm.org data:; frame-src 'self' mailto: https://piwik.bzga.de https://www.youtube-nocookie.com; 1
frame-ancestors 'self' https://vistalid-automatisation.fr; 1
default-src 'self' https: wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: https:; worker-src blob: 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-lkUNgXT7pqXxrfGSXtsE1eXh9f7/Re' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-dPVpVJzfxPV3QnUp0BnSzg==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' https://gisportalprod01.svo.local/ https://gisportal.skogsstyrelsen.se/ 1
default-src 'self' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com www.youtube.com go.sudoplatform.com https://go.sudoplatform.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com anonyome.us2.list-manage.com js.zi-scripts.com ws.zoominfo.com go.sudoplatform.com https://go.sudoplatform.com; style-src 'self' 'unsafe-inline' 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com fonts.googleapis.com; img-src 'self' data: 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com i.ytimg.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' data: cognito-identity.us-east-1.amazonaws.com pinpoint.us-east-1.amazonaws.com 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com js.zi-scripts.com ws.zoominfo.com; font-src 'self' data: fonts.gstatic.com 3mrfkn2zieuc3mxi6d26ag4d-wpengine.netdna-ssl.com; object-src cognito-identity.us-east-1.amazonaws.com; frame-src go.sudoplatform.com https://go.sudoplatform.com 1
frame-ancestors *.y2k.it; object-src 'none'; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://wchat.freshchat.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://rum-static.pingdom.net 1
default-src 'self'; style-src 'self' app.workfrontfusion.com/static 'unsafe-inline' unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.aptrinsic.com fonts.googleapis.com; font-src 'self' app.workfrontfusion.com/static data: use.typekit.net https://*.adobe.com https://*.adobe.io fonts.gstatic.com; img-src 'self' app.workfrontfusion.com/static data: https://ipm-fusion-prod.workfrontfusion.com secure.gravatar.com https://*.adobe.com https://*.adobe.io *.aptrinsic.com storage.googleapis.com *.typekit.net; connect-src 'self' app.workfrontfusion.com/static wss://app.workfrontfusion.com rum-http-intake.logs.datadoghq.com *.split.io https://*.adobe.com https://*.adobe.io *.browser-intake-datadoghq.com https://csp-report.browser-intake-datadoghq.com *.demdex.net *.adobedc.net *.aptrinsic.com; frame-src 'self' app.workfrontfusion.com/static https://*.adobe.com; script-src 'self' use.typekit.net unpkg.com/@adobe/* https://*.adobe.com https://*.adobe.io *.split.io assets.adobedtm.com *.aptrinsic.com; object-src 'self' app.workfrontfusion.com/static; report-uri https://csp-report.browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub2c8ded5adceb66f0a3efabff228d9189&dd-evp-origin=content-security-policy&ddsource=csp-report&ddtags=service:imt-web-zone; frame-ancestors 'self' https://*.adobe.com; 1
default-src 'self' https://api-adresse.data.gouv.fr; block-all-mixed-content; font-src 'self' data:; frame-src 'self' blob:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
default-src 'self' *.go.com * data:; script-src 'self' *.go.com *.wdpromedia.com 'unsafe-inline' 'unsafe-eval' *.demdex.net *.adobedtm.com *.facebook.net *.googletagmanager.com *.scorecardresearch.com *.licdn.com *.google-analytics.com *.yimg.com *.bing.com *.linkedin.com *.yahoo.com *.disney.com *.akamaihd.net *.omtrdc.net *.twitter.com *.ads-twitter.com *.googleadservices.com *.instagram.com *.tiktok.com *.ttwstatic.com cdn.resonate.com *.doubleclick.net *.cookielaw.org *.onetrust.com *.adsrvr.org js.adsrvr.org; style-src 'self' 'unsafe-inline' *.wdpromedia.com *.go.com *.disney.com *.tiktok.com *.ttwstatic.com; img-src 'self' *.go.com *.wdpromedia.com * data: *.disney.com; connect-src 'self' *.go.com * data: *.google-analytics.com *.disney.com; font-src 'self' *.go.com * data:; frame-src 'self' *.go.com *.adsrvr.org *.disney.com * data:; 1
connect-src 'self' region1.analytics.google.com *.google-analytics.com *.cookiecode.nl *.googleapis.com stats.g.doubleclick.net *.clarity.ms *.sentry.io *.facebook.com *.googletagmanager.com *.hotjar.io *.hotjar.com *.salesfeed.com *.facebook.com *.googletagmanager.com connect.facebook.net f4c378bb19cc42e0bf0001bfa4d41f41.events.ubembed.com ;default-src 'self'  ;frame-ancestors 'self'  ;frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com *.hotjar.com f4c378bb19cc42e0bf0001bfa4d41f41.pages.ubembed.com wdgt.slinger.to ;media-src 'self'  ;object-src 'none' ; report-uri https://www.nac.nl/.csp-violation; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.doubleclick.net *.googleadservices.com *.googletagmanager.com *.vimeo.com *.youtube.com *.youtube-nocookie.com *.hotjar.com *.clarity.ms *.google-analytics.com https://cdn.praivacy.eu *.google.com *.gstatic.com *.googleapis.com *.cookiecode.nl *.sentry-cdn.com *.conoret.com *.facebook.net *.js.ubembed.com *.ubembed.com widget.slinger.to ;style-src 'report-sample' 'self' 'unsafe-inline' *.cookiecode.nl *.googleapis.com *.typekit.net widget.slinger.to ;img-src 'self' *.facebook.com cdn.leadinfo.net cdn.praivacy.eu *.vimeocdn.com *.google-analytics.com data: *.gstatic.com *.googleapis.com *.googletagmanager.com *.clarity.ms *.linkedin.com https://px.ads.linkedin.com i.ytimg.com img.youtube.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat c.bing.com i.ytimg.com *.linkedin.com *.facebook.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat ;font-src 'self' *.gstatic.com *.typekit.net  ; 1
frame-ancestors 'self' https://www.spenderfeedback.com 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.popinabox.fr https://m.popinabox.fr https://checkout.popinabox.fr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
frame-ancestors 'self' grn-www.crestliner.com; 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.mkjfgfi.nrw *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com *.taggbox.com *.flockler.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.mkjfgfi.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.taggbox.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.mkjfgfi.nrw *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be *.taggbox.com ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net wss://mkffi-chatbot.it.nrw.de *.flockler.app;    media-src *; upgrade-insecure-requests; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' carrot.servicefinder.se; 1
frame-ancestors 'self' dampsoft.de *.dampsoft.de 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-798ab6769b076a9d01b1a9ef0871828a'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
block-all-mixed-content; frame-ancestors *.laplatajoias.com.br 1
default-src 'self' data: https://*.azurewebsites.net https://s3.amazonaws.com https://*.cloudinary.com https://*.blob.core.windows.net https://grantsconnectui.azureedge.net https://unpkg.com https://maxcdn.bootstrapcdn.com https://*.yourcause.com https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://*.yourcausegrantsqa.com https://host.nxt.blackbaud.com;script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.azurewebsites.net https://unpkg.com https://grantsconnectui.azureedge.net https://cdnjs.cloudflare.com https://static.zdassets.com https://maps.googleapis.com https://host.nxt.blackbaud.com https://sky.blackbaudcdn.net https://static.lightning.force.com https://everfi.my.site.com https://service.force.com *.salesforce.com *.salesforceliveagent.com https://help.everfi.com https://cdn.heapanalytics.com https://heapanalytics.com https://js.monitor.azure.com;img-src 'self' data: blob: *;style-src 'self' 'unsafe-inline' https://*.azurewebsites.net https://unpkg.com https://grantsconnectui.azureedge.net https://fonts.googleapis.com https://host.nxt.blackbaud.com https://service.force.com/ https://everfi.my.site.com https://help.everfi.com https://heapanalytics.com https://cdn.jsdelivr.net;font-src 'self' data: https://fonts.gstatic.com https://grantsconnectui.azureedge.net https://unpkg.com https://host.nxt.blackbaud.com https://service.force.com *.salesforce.com https://heapanalytics.com;frame-src 'self' data: https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://*.yourcausegrantsqa.com https://host.nxt.blackbaud.com https://service.force.com;connect-src 'self' https://*.azurewebsites.net https://localhost:44392 https://*.blob.core.windows.net https://yc-prod.azurefd.net https://yc-dev-qa.azurefd.net https://dc.services.visualstudio.com https://*.yourcausegrantsqa.com https://grantsconnectui.azureedge.net https://*.yourcausegrantsuat.com https://*.yourcausegrants.com https://ekr.zdassets.com https://maps.googleapis.com https://host.nxt.blackbaud.com https://*.blackbaud.net https://*.signalr.net wss://*.signalr.net https://everfi.my.site.com *.salesforce.com *.salesforceliveagent.com *.sfdc.net https://help.everfi.com https://heapanalytics.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' data:;  font-src https: data:; object-src 'none'; 1
default-src 'self' *.gujmedia.hauptsache.net; frame-src 'self' *.gujmedia.hauptsache.net audionow.de *.rtl.de cdn.privacy-mgmt.com *.ad-alliance.de *.brightcove.net *.svc.dynamics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com code.jquery.com spex.ad-alliance.de  px2.vtrtl.de  www.googletagmanager.com gdpr-tcfv2.sp-prod.net www.google-analytics.com ssl.google-analytics.com cdn.static-fra.de *.azureedge.net *.aspnetcdn.com *.gujmedia.hauptsache.net audionow.de *.rtl.de cdn.privacy-mgmt.com *.ad-alliance.de *.brightcove.net *.svc.dynamics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com netdna.bootstrapcdn.com *.ad-alliance.de *.gujmedia.hauptsache.net stackpath.bootstrapcdn.com; img-src 'self' data: ais.rtl.de ais-ori.rtl.de ais-akamai.rtl.de rin-contens.rtlnm.de spex.ad-alliance.de ip-de-bilder.s3.eu-central-1.amazonaws.com px2.vtrtl.de ip-deutschland-cms.netrtl.com www.google-analytics.com stats.g.doubleclick.net ip.de gujims.com *.gujmedia.hauptsache.net gujims.hauptsache.net *.ad-alliance.de; font-src 'self' *.gujmedia.hauptsache.net *.bootstrapcdn.com *.ad-alliance.de; media-src 'self' *.rtl.de *.ad-alliance.de *.amazonaws.com data: vodvmsuso-a.akamaihd.net blob: vodvmsuso-a.akamaihd.net; worker-src 'self' data: vodvmsuso-a.akamaihd.net blob: vodvmsuso-a.akamaihd.net; connect-src * 1
img-src * 'self' data: https:; default-src https: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-7968dfbbf8226bc62520ac4be837e055'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'nonce-A1to+PU/2BpMRHQl/AyUU1cyAKyKLkEAw1ndaVPAWS0=' 'strict-dynamic' 'self' 'unsafe-inline' 'unsafe-eval' https: http:; object-src 'self'; 1
script-src 'self' https://*.votewa.gov/ https://*.votewa.gov/portal2023/ https://*.cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.omniballot.us https://*.virtualearth.net localhost:* https://www.google.com https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://www.google-analytics.com https://*.bing.com 'unsafe-inline' 'unsafe-eval'; default-src 'self' https://*.cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.omniballot.us https://*.virtualearth.net localhost:* https://www.google.com https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://www.google-analytics.com https://*.bing.com 'unsafe-inline'; style-src 'self' https://*.cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://*.virtualearth.net localhost:* https://www.google.com https://www.googletagmanager.com/gtag/js https://www.gstatic.com https://www.google-analytics.com https://*.bing.com 'unsafe-inline'; frame-src http://*.votewa.gov/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.youtube.com/ https://youtu.be/; base-uri 'self'; form-action 'self'; frame-ancestors https://*.votewa.gov/; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.virtualearth.net *.google-analytics.com; font-src 'self' data:; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' https://maps.googleapis.com https://www.youtube.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://secure.quantserve.com https://www.facebook.com https://rules.quantcount.com https://cloudapi.rwgenting.com https://pixel.quantserve.com; frame-src 'self' https://www.youtube.com https://www.google.com; connect-src 'self'  http://cloudapi.rwgenting.com https://book.rwgenting.com https://maps.googleapis.com;font-src 'self' data:;img-src 'self' data: https://maps.gstatic.com https://maps.googleapis.com; 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.mikescomputerrescue.com 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-ea586d5df64073bad07dbd1eda5cccaa'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' https://www.werkhaus.cc; 1
default-src 'self'; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-8ce1f66a-832f-493d-953b-c1d4e040ec5f'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com heapanalytics.com; object-src 'none'; frame-src 'self' *.svc.dynamics.com app.hellosign.com player.vimeo.com www.google.com; frame-ancestors 'self'; child-src 'self' blob:; img-src 'self' data: *.svc.dynamics.com api.swiftype.com cdnjs.cloudflare.com cdn.jsdelivr.net gallery.mailchimp.com i.vimeocdn.com heapanalytics.com; font-src 'self' data:  cdnjs.cloudflare.com cdn.jsdelivr.net fonts.gstatic.com heapanalytics.com; connect-src 'self' *.bf.dynatrace.com *.centralstatesfunds.org *.pdfjs.express *.svc.dynamics.com cdnjs.cloudflare.com cdn.jsdelivr.net heapanalytics.com; manifest-src 'self'; base-uri 'self'; form-action 'self'; media-src 'self'; worker-src 'self' blob:; 1
frame-ancestors *.adikteev.com 'self' *.facebook.com *.nikonelearning.com; 1
default-src 'self';base-uri 'self';script-src 'nonce-FgJigWwITAh2c3RWtvvwmA==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
default-src https: 'self'; style-src https: 'unsafe-inline'; script-src https: 'unsafe-inline' 1
frame-ancestors bell.ca *.bell.ca *.bellmts.ca *.virginmobile.ca *.virginplus.ca *.vm.ca *.vmobile.ca *.vmcanada.com *.thesource.ca *.luckymobile.ca; script-src https://*.go-mpulse.net https://*.luckymobile.ca https://www.googletagmanager.com https://sc-static.net https://assets.adobedtm.com https://*.google-analytics.com https://*.postescanada-canadapost.ca https://*.nuance.com https://*.inq.com https://connect.facebook.net https://static.ads-twitter.com https://*.twitter.com https://ssl.geoplugin.net https://s.pinimg.com https://*.google.com https://*.gstatic.com https://*.vmobile.ca https://*.googleadservices.com https://*.stackadapt.com https://*.doubleclick.net https://*.bell.ca https://*.tiktok.com https://*.know-where.com https://*.korem.com https://*.googleapis.com https://*.coveo.com https://siteimproveanalytics.com https://*.licdn.com https://vldbellsup.hs.llnwd.net https://vfobellsup.hs.llnwd.net https://prdbellsup.hs.llnwd.net https://pfobellsup.hs.llnwd.net https://cdnjs.cloudflare.com https://vldbellweb.hs.llnwd.net https://vfobellweb.hs.llnwd.net https://prdbellweb.hs.llnwd.net https://pfobellweb.hs.llnwd.net https://*.medallia.ca https://*.kampyle.com https://*.decibelinsight.net https://*.decibelinsight.com https://*.youtube.com https://bat.bing.com https://tr.snapchat.com https://s.ytimg.com https://*.micpn.com https://*.clarity.ms https://*.telebec.com https://*.northerntel.ca https://*.analytics-egain.com https://*.branch.io https://app.link 'unsafe-inline' 'unsafe-eval'; worker-src 'self' blob: ; object-src https://refer.bell.ca 1
block-all-mixed-content;frame-ancestors 'self';upgrade-insecure-requests; 1
default-src https: data: wss: *.plcontent.com 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'none'; frame-src 'self' *.google.com *.facebook.com *.googletagmanager.com *.demdex.net *.youtube.com *.youtube-nocookie.com irxcm.com accounts.google.com where-to-buy.co; 1
frame-ancestors 'self' *.chemistwarehouse.com.au *.epharmacy.com.au *.mychemist.com.au htmlbuilder.com.au *.htmlbuilder.com.au *.chemistwarehouse.hk 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://analytics.rubyapps.io https://gateway.on24.com https://maps.googleapis.com https://forms.hsforms.com https://js.hsforms.net https://www.youtube.com https://player.vimeo.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://app-script.monsido.com/v2/ https://cdn.monsido.com/ https://pagecorrect.monsido.com/; style-src 'self' 'unsafe-inline' https://analytics.rubyapps.io https://fonts.googleapis.com https://hello.myfonts.net; connect-src 'self' https://analytics.rubyapps.io https://forms.hsforms.com https://vimeo.com https://noembed.com https://stats.g.doubleclick.net https://hubspot-forms-static-embed.s3.amazonaws.com https://maps.gstatic.com https://maps.googleapis.com https://cdn.plyr.io https://www.google-analytics.com/ https://forms.hubspot.com https://forms.hscollectedforms.net/ https://pagecorrect.monsido.com/; font-src 'self' https://fonts.gstatic.com; img-src 'self' https://analytics.rubyapps.io https://i.vimeocdn.com https://i.ytimg.com https://f.hubspotusercontent30.net https://maps.gstatic.com https://maps.googleapis.com https://track.hubspot.com https://www.google-analytics.com https://forms.hsforms.com https://perf.hsforms.com https://tracking.monsido.com/ https://cdn.monsido.com/; object-src 'self'; frame-src 'self' https://analytics.rubyapps.io https://anchor.fm https://gateway.on24.com https://forms.hsforms.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://js.hsforms.net https://podcasters.spotify.com/; 1
frame-ancestors 'self' https://geelongweb.com.au; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.syndication.twimg.com twitter.com platform.twitter.com  maps.google.com twittercommunity.com www.google-analytics.com google-analytics.com www.googleadservices.com use.typekit.net www.googletagmanager.com ssl.google-analytics.com ajax.googleapis.com googleads.g.doubleclick.net use.edgefonts.net www.tripadvisor.com www.tripadvisor.com.au static.tacdn.com maps.googleapis.com; style-src 'unsafe-inline' 'self' use.typekit.net p.typekit.net platform.twitter.com ton.twimg.com use.edgefonts.net static.tacdn.com fonts.googleapis.com 1
frame-ancestors 'self' http://greyhound.charterhouse.org.uk https://charterhouse.fireflycloud.net charterhouse2.sharepoint.com; 1
default-src * 'self' data: blob:; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' blob: *.pianistmagazine.com *.wgp-cdn.co.uk *.cloudflare.com https://api.raygun.io wss://am.freshrelevance.com https://apikeys.civiccomputing.com https://clapi.civiccomputing.com https://www.googleapis.com *.advertising.com *.adnxs.com *.doubleverify.com *.serving-sys.com https://securepubads.g.doubleclick.net https://stats.g.doubleclick.net *.googlesyndication.com *.google-analytics.com *.pbstck.com quantcast.mgr.consensu.org test.quantcast.mgr.consensu.org audit-tcfv2.quantcast.mgr.consensu.org *.skimresources.com https://*.fontawesome.com *.trackedlink.net  *.connatix.com *.openx.net hb-api.omnitagjs.com automatad.technoratimedia.com *.33across.com ap.lijit.com be.durationmedia.net htlb.casalemedia.com hbopenbid.pubmatic.com *.adxpremium.services fastlane.rubiconproject.com adx.adform.net prebid-eu.creativecdn.com mp.4dex.io script.4dex.io *.googletagmanager.com *.clickiocdn.com *.criteo.com *.sharedid.org *.adsrvr.org *.id5-sync.com *.rlcdn.com *.crwdcntrl.net *.trackedweb.net *.analytics.google.com *.google.com *.g.doubleclick.net *.gstatic.com *.cmp.quantcast.com *.quantcast.com *.tagdeliver.com *.inmobi.com; base-uri 'self'; 1
default-src 'self' https:;object-src 'self';base-uri 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com;img-src data: https:;connect-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' everestbankltd.com *.everestbanltd.com *.googleapis.com *.googletagmanager.com *.youtube.com *.facebook.net *.ytimg.com *.google-analytics.com *.gstatic.com *.google.com ;form-action 'self';frame-ancestors 'self'; 1
default-src 'self' ; connect-src 'self' https://matomo.digifinland.fi wss://www.omaolo.fi;script-src 'self' https://matomo.digifinland.fi https://kaytontuki.omaolo.fi;style-src 'self' 'unsafe-inline' ; img-src 'self' data: https://terveysportti.fi https://www.terveysportti.fi https://neuvokasperhe.fi https://matomo.digifinland.fi https://kaytontuki.omaolo.fi; font-src 'self' ; object-src 'self' blob: ; frame-src 'self' data: blob: https://kaytontuki.omaolo.fi;frame-ancestors 'self' https://tunnistautuminen.suomi.fi https://*.tunnistus.fi;form-action 'self' https://sso.omaolo.fi; upgrade-insecure-requests; report-uri /api/csp-report; 1
default-src 'self' api.commerce7.com apigateway.commerce7.com use.typekit.net cdn.cookielaw.org *.stripe.com *.acuityplatform.com *.googleapis.com *.dotomi.com *.jst.ai *.visualwebsiteoptimizer.com *.googlesyndication.com *.typeform.com *.adsrvr.org *.recaptcha.net *.gstatic.com *.onetrust.com api.userback.io *.doubleclick.net *.google-analytics.com analytics.google.com bam.nr-data.net *.pinterest.com *.mailchimp.com *.bing.com *.cloudfront.net *.helpscout.net downloads.mailchimp.com *.hotjar.com *.hotjar.io *.hotjar.com:* wss://*.hotjar.com *.facebook.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.commerce7.com apigateway.commerce7.com cdn.cookielaw.org *.stripe.com *.dotomi.com *.newrelic.com *.pinterest.com *.vwo.com *.visualwebsiteoptimizer.com *.jst.ai *.googlesyndication.com *.doubleclick.net *.acuityplatform.com secure.adnxs.com *.typeform.com *.googleapis.com *.pinimg.com cdnjs.cloudflare.com *.fontawesome.com use.typekit.net *.recaptcha.net chimpstatic.com *.g.doubleclick.net *.mailchimp.com downloads.mailchimp.com *.gstatic.com *.youtube.com *.adsrvr.org *.bing.com *.helpscout.net static.userback.io *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.google.com *.list-manage.com *.hotjar.com *.grappos.com *.exactdn.com connect.facebook.net apis.google.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com hello.myfonts.net cdn.commerce7.com *.google.com cdnjs.cloudflare.com downloads.mailchimp.com *.jst.ai *.googlesyndication.com *.typeform.com *.helpscout.net static.userback.io *.recaptcha.net *.gstatic.com *.exactdn.com *.typekit.net;img-src 'self' *.commerce7.com *.joshcellars.com p.typekit.net *.pinimg.com *.gravatar.com data: *.googletagmanager.com *.vimeocdn.com *.helpscout.net *.jst.ai *.googlesyndication.com *.doubleclick.net *.visualwebsiteoptimizer.com *.acuityplatform.com secure.adnxs.com *.typeform.com *.googleapis.com *.google-analytics.com *.googleads.g.doubleclick.net *.doubleclick.net *.recaptcha.net *.pinterest.com *.gstatic.com *.bing.com *.mailchimp.com downloads.mailchimp.com *.google.com apigateway.commerce7.com *.adsrvr.org *.fls.doubleclick.net *.ad.doubleclick.net *.ytimg.com cdn.cookielaw.org *.cdninstagram.com *.exactdn.com *.facebook.com;frame-src 'self' vars.hotjar.com *.fls.doubleclick.net *.youtube-nocookie.com *.youtube.com *.stripe.com *.pinterest.com *.facebook.com *.jst.ai *.googlesyndication.com *.doubleclick.net secure.adnxs.com *.typeform.com downloads.mailchimp.com *.recaptcha.net *.vimeo.com *.grappos.com accounts.google.com *.g.doubleclick.net;font-src 'self' fonts.gstatic.com *.joshcellars.com downloads.mailchimp.com static.userback.io use.typekit.net *.jst.ai *.googlesyndication.com *.typeform.com data: *.exactdn.com; 1
default-src 'none'; base-uri 'self' data:; manifest-src 'self'; form-action 'self'; frame-src 'self' https://app.kontent.ai https://brandcentral.ramboll.com https://video.ramboll.com https://consentcdn.cookiebot.com https://bid.g.doubleclick.net https://td.doubleclick.net; frame-ancestors 'self' https://app.kontent.ai; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-81a23496-6143-4f78-b20b-bb2643b8bcec' 'sha256-CGlCesp/hYaVKjd9TL4+keIu6tODr56RvXBI1uddGhA=' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://app.kontent.ai https://*.piwik.pro https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net; object-src 'none'; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fonts.googleapis.com https://*.piwik.pro; img-src 'self' data: https://cdn-assets-eu.frontify.com https://imgsct.cookiebot.com https://*.piwik.pro https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; font-src 'self' data: https://fonts.gstatic.com https://*.piwik.pro; media-src 'self' data: https://cdn-assets-eu.frontify.com; connect-src 'self' https://brandcentral.ramboll.com https://consentcdn.cookiebot.com https://*.piwik.pro https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; 1
default-src 'none'; base-uri 'none'; form-action 'self' https://news.addy.io; connect-src 'self' https://app.addy.io/default-currency; manifest-src 'self'; frame-ancestors 'none'; script-src 'self' 'sha256-6qQWTVhBNcsGRyT26G26ZSIfLs+60+VhhX0ppPSgd50='; img-src 'self' data:; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-/8CvIhEkJqzXuPzY8k7p4wTZ1zjLlE7mi3UcNExd8ao='; font-src 'self'; frame-src 'none'; object-src 'none'; upgrade-insecure-requests; 1
script-src 'nonce-X99loGc2ghN6zRByUOB1vA==' 'strict-dynamic' 'unsafe-eval' 'report-sample' https: 'unsafe-inline'; base-uri 'none'; report-uri https://events.mercadolibre.com/csp/reports?identifier=pT7dQ8JTmQip5qetXo31SrW9gQhO46oLEhYHK2kaPwWmcHUrJqYu8CUNrIdIqe0YDA==&policy_id=10&user_id=&request_id=10642e00-d568-4788-88d6-c7edd588264b; report-to csp-endpoint; object-src https://http2.mlstatic.com/ https://mlstaticquic-a.akamaihd.net/ 1
frame-ancestors kinmen.travel www.kinmen.travel pwa.kinmen.travel 'self' 1
default-src 'self' data: blob: *.conac.cn *.jiathis.com *.baidu.com *.bshare.cn *.qq.com *.kaipuyun.cn 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' northampton.gov.uk www.northampton.gov.uk intranet.northampton.gov.uk www.intranet.northampton.gov.uk northamptonpartnershiphomes.org.uk www.northamptonpartnershiphomes.org.uk uat.nph.org.uk www.uat.nph.org.uk nphintranet.co.uk www.nphintranet.co.uk uat.nphintranet.co.uk www.uat.nphintranet.co.uk lovenothampton.co.uk www.lovenothampton.co.uk nph.org.uk www.nph.org.uk northamptonmuseums.com www.northamptonmuseums.com; 1
default-src * 'self' data: https: https://region1.google-analytics.com; script-src * 'self' data: https: 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://secure.gravatar.com https://www.googletagmanager.com https://ssl.google-analytics.com https://region1.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src * 'self' data: https: https://region1.google-analytics.com https://secure.gravatar.com https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src * 'self' data: https: 'unsafe-inline' https://assets.zendesk.com; font-src * 'self' data: https: https://fonts.gstatic.com  https://themes.googleusercontent.com; frame-src * 'self' data: https: https://player.vimeo.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com:*; style-src-elem 'self' 'unsafe-inline' http://fonts.googleapis.com:*; img-src 'self' data: www.facebook.com https://i.ytimg.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' https://www.youtube.com; upgrade-insecure-requests 1
default-src 'self' *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.trustcommander.net *.commander1.com *.doubleclick.net; connect-src 'self' *.mktoresp.com *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com *.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net cdn.linkedin.oribi.io *.trustcommander.net *.commander1.com *.googlesyndication.com px.ads.linkedin.com bat.bing.com; font-src 'self' *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; img-src 'self' *.linkedin.com storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net p.adsymptotic.com www.facebook.com www.socotec.com *.voxolib.com manager.tagcommander.com bat.bing.com; media-src 'self' *.webnet.fr *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.go-mpulse.net *.akstat.io *.akamaihd.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' googleads.g.doubleclick.net www.googleadservices.com *.licdn.com *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net connect.facebook.net cdn.tagcommander.com cdn.trustcommander.net *.voxolib.com bat.bing.com; style-src 'self' 'unsafe-inline' *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.tagcommander.com cdn.trustcommander.net; base-uri 'self'; form-action 'self' *.socotec.fr socotec.fr storage.gra.cloud.ovh.net *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.mktoweb.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.payrct.fr *.paynum.fr; frame-ancestors 'self' 1
frame-ancestors 'self' https://help.bikester.es https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
frame-ancestors 'none' ; report-uri https://netresec.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' https://gather.town https://virtual.adesso.de https://app.neyroo-hub.de 1
base-uri 'none'; form-action 'self' *.interstates.com; frame-ancestors 'self' *.interstates.com; upgrade-insecure-requests; default-src 'self' https://com-interstates-cdn-2023.s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.interstates.com https://ad.ipredictive.com https://play.libsyn.com https://analytics.twitter.com https://player.vimeo.com https://maps.googleapis.com https://www.facebook.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://insight.adsrvr.org; style-src 'self' *.interstates.com 'unsafe-inline' https://www.socialintents.com https://netdna.bootstrapcdn.com https://ad.ipredictive.com https://fonts.googleapis.com data: blob:; font-src 'self' *.interstates.com https://netdna.bootstrapcdn.com https://fonts.gstatic.com data:; img-src 'self' *.interstates.com https://*.s3.amazonaws.com https://via.placeholder.com https://*.craft-cdn.com https://github.com https://*.githubusercontent.com https://um.simpli.fi https://tag.simpli.fi https://ad.ipredictive.com https://analytics.twitter.com https://d3vfyagh5j3wrg.cloudfront.net https://d17lvj5xn8sco6.cloudfront.net https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://dsum-sec.casalemedia.com https://cdn.cookielaw.org https://khms0.googleapis.com https://khms1.googleapis.com https://i.vimeocdn.com https://optanon.blob.core.windows.net https://i.ytimg.com https://p.adsymptotic.com https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://pixel.rubiconproject.com https://www.google.com https://www.facebook.com https://www.google-analytics.com https://px.ads.linkedin.com https://t.co *.gravatar.com https://insight.adsrvr.org https://ib.adnxs.com https://cm.g.doubleclick.net https://match.adsrvr.org https://ups.analytics.yahoo.com data: blob:; script-src-elem 'self' *.interstates.com 'unsafe-inline' https://chat.socialintents.com https://ajax.googleapis.com https://www.socialintents.com https://www.recaptcha.net https://d33i2vgywgme2s.cloudfront.net https://cdn.polyfill.io https://js.stripe.com https://cdnjs.cloudflare.com https://*.usersnap.com https://polyfill.io https://i.simpli.fi https://tag.simpli.fi https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://player.vimeo.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://googleads.g.doubleclick.net https://analytics.twitter.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://www.googletagmanager.com https://fonts.googleapis.com data: blob:; style-src-elem 'self' *.interstates.com 'unsafe-inline' https://netdna.bootstrapcdn.com https://www.googletagmanager.com https://www.socialintents.com https://fonts.googleapis.com https://www.google-analytics.com https://www.googleadservices.com https://snap.licdn.com https://connect.facebook.net https://static.ads-twitter.com https://analytics.clickdimensions.com https://cdn.cookielaw.org https://insight.adsrvr.org data: blob:; frame-src 'self' *.interstates.com https://chat.socialintents.com https://www.socialintents.com https://td.doubleclick.net https://www.recaptcha.net https://js.stripe.com https://play.libsyn.com https://resources.interstates.com https://online.flippingbook.com https://analytics.clickdimensions.com https://interstates-privacy.my.onetrust.com https://player.vimeo.com https://www.youtube.com https://bid.g.doubleclick.net https://www.google.com https://www.facebook.com; connect-src 'self' https://pagead2.googlesyndication.com https://widget.usersnap.com https://api.craftcms.com https://play.libsyn.com https://analytics.google.com https://cdn.linkedin.oribi.io https://fbo-b.flippingbook.com https://resources.interstates.com https://online.flippingbook.com https://d23zwngtnzokv7.cloudfront.net https://www.google-analytics.com https://cookies-data.onetrust.io https://interstates-privacy.my.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.facebook.com file: data: blob: filesystem: url: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com; img-src 'self' data: https://erpapidev.mke.gov.tr/ https://erpapitest.mke.gov.tr/ https://erpapi.mke.gov.tr/; font-src 'self' https://fonts.gstatic.com ; object-src 'self' blob: www.youtube.com; media-src 'self'; frame-src 'self' blob: http://maps.google.com https://www.google.com/maps/ https://maps.googleapis.com https://www.youtube.com https://vimeo.com/ https://yandex.com/ 1
default-src 'self' data: 'unsafe-inline' js-agent.newrelic.com cdn.twibooru.org https://cdn.twibooru.org; object-src 'none'; frame-ancestors 'none'; frame-src 'self'; form-action 'self'; manifest-src 'self'; img-src 'self' data: https://cdn.twibooru.org camo.twibooru.org; block-all-mixed-content 1
script-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https:; manifest-src 'self' https:; font-src 'self' https: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https:; img-src 'self' https: data: *.placehold.it *.jsdelivr.net *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https:; object-src 'self' https:; frame-ancestors 'self' https:; frame-src 'self' https:; worker-src 'self' https:; base-uri 'self' https:; 1
default-src 'self'; frame-src 'self' 'unsafe-inline' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com; connect-src 'self' *:888 google-analytics.com trustzonevpn.info googletagmanager.com; font-src 'self' data: fonts.gstatic.com googletagmanager.com; form-action 'self'; img-src 'self' data: *.google.com trustzoneurl.com trustzonepost.xyz trustzonevpn.info get-trust-vpn.info trust.zone stats.g.doubleclick.net google-analytics.com syndication.twitter.com *.basemaps.cartocdn.com googletagmanager.com; manifest-src 'self'; style-src 'self' 'unsafe-inline' get-trust-vpn.info; script-src 'self' 'unsafe-eval' 'nonce-e91992b0708ff0603d87f9246034ca45' google.com gstatic.com googletagmanager.com trustzonevpn.info get-trust-vpn.info trustzoneurl.com platform.twitter.com connect.facebook.net; report-uri http://vpnonly.site/_csp_log 1
default-src 'self'; connect-src 'self' banno.com *.banno.com crownpeak.net *.crownpeak.net *.googleapis.com *.google-analytics.com *.google.com *.doubleclick.net; font-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; frame-ancestors 'self'; frame-src 'self' *.youtube.com *.google.com *.vimeo.com *.personalcard.net *.sitescout.com *.zoho.com; img-src 'self' *.google-analytics.com *.googletagmanager.com banno.com *.banno.com *.googleapis.com *.gstatic.com *.google.com *.sitescout.com data: *.banno.com; media-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com banno.com *.banno.com crownpeak.com *.crownpeak.com *.pixel.ad *.facebook.net *.banno.com; style-src 'self' 'unsafe-inline'  *.googleapis.com 1
default-src * 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; img-src 'self' https://cdn.onderwijsportalen.nl https://api.onderwijsportalen.nl https://messenger.onderwijsportalen.nl https://content.jwplatform.com https://assets-jpcust.jwpsrv.com https://prd.jwpltx.com https://i.ytimg.com https: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.onderwijsportalen.nl https://forms.onderwijsportalen.nl  https://api.onderwijsportalen.nl https://bulkpdf.onderwijsportalen.nl https://messenger.onderwijsportalen.nl https://cdn.jwplayer.com https://content.jwplatform.com https://ssl.p.jwpcdn.com; media-src 'self' https://videos-cloudfront.jwpsrv.com https://content.jwplatform.com blob:; worker-src  'self'  blob:; 1
connect-src 'self' www.bugherd.com bugherd-attachments.s3.amazonaws.com *.omappapi.com *.grupotriples.com *.hotjar.com *.google.com *.google-analytics.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-ulAp/SlN67mT5NlW33Kl150DI8rWADWX/YJdYMQ8PU5TFHr4' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com; img-src 'self' data:; font-src 'self' *.gstatic.com *.bootstrapcdn.com data:;connect-src *.googleapis.com *.gstatic.com *.bootstrapcdn.com; report-uri https://crhworld.com/Sitefinity/Authenticate/OpenID/csp/report 1
frame-ancestors 'self'; font-src 'self' blob: data: https://fonts.googleapis.com https://fonts.gstatic.com https://kit.fontawesome.com https://ka-p.fontawesome.com https: ; form-action 'self' connect.facebook.net www.facebook.com ; base-uri 'self' 1
default-src 'self'  https://*.dutchcomiccon.com                      https://*.chatbase.co; connect-src 'self'  https://*.dutchcomiccon.com https://*.elementor.com https://*.easyfairs.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.wpo365.com https://*.sentry.io  https://cdn.linkedin.oribi.io https://www.facebook.com/tr/   https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com   https://ct.pinterest.com  https://stats.g.doubleclick.net/ https://hits-i.iubenda.com https://consent.iubenda.com https://cdn.iubenda.com https://api.leadinfo.com https://collector.leadinfo.net  https://*.google.com https://*.analytics.google.com https://analytics.tiktok.com  https://twitter.premiumaddons.com/  https://tr.snapchat.com  https://*.chatbase.co/api/get-chatbot-styles https://*.chatbase.co; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://*.dutchcomiccon.com https://www.googleoptimize.com https://beacon-v2.helpscout.net https://easyfairsassets.com https://*.easyfairs.cloud https://*.youtu.be https://s.ytimg.com https://*.youtube.com https://*.vimeo.com https://vimeo.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googleapis.com https://*.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.sentry.io https://analytics.twitter.com https://static.ads-twitter.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://connect.facebook.net https://www.facebook.com https://frontoffice.paylogic.nl https://cdn.leadexpress.nl https://api.leadexpress.nl https://static.hotjar.com/ https://script.hotjar.com  https://app.webreg.me/ https://d2gu4aerpfiddr.cloudfront.net https://s.pinimg.com  https://www.googleoptimize.com https://cdn.iubenda.com https://www.iubenda.com https://cdn.iubenda.com/cs/gpp/stub.js https://cdn.iubenda.com/cs/iubenda_cs.js https://cs.iubenda.com https://cdn.leadinfo.net   https://analytics.tiktok.com  https://graph.facebook.com/ https://www.redditstatic.com https://sc-static.net https://tr.snapchat.com https://bat.bing.com https://*.chatbase.co/embed.min.js; img-src 'self' data:  https://*.dutchcomiccon.com  https://*.google.com https://*.google.at https://*.google.be https://*.google.bg https://*.google.ca https://*.google.cat https://*.google.ch https://*.google.de https://*.google.dk https://*.google.es https://*.google.fi https://*.google.fr https://*.google.com.hk https://*.google.it https://*.google.lt https://*.google.lu https://*.google.nl https://*.google.pl https://*.google.pt https://*.google.ro https://*.google.ru https://*.google.se https://*.google.com.tr https://*.google.co.uk https://*.google.com http://1.gravatar.com https://easyfairsassets.com https://*.ggpht.com https://library.elementor.com https://*.gravatar.com https://i.ytimg.com https://*.vimeocdn.com https://*.googleusercontent.com https://*.googleapis.com https://*.google-analytics.com https://*.g.doubleclick.net https://www.googletagmanager.com https://*.gstatic.com https://t.co https://*.twimg.com https://*.licdn.com https://*.linkedin.com https://www.facebook.com https://*.fbcdn.net https://frontoffice.paylogic.nl   https://*.cdninstagram.com  https://ct.pinterest.com   https://cdn.iubenda.com https://collector.leadinfo.net https://adsanityplugin.com     self https://www.redditstatic.com https://alb.reddit.com https://tr.snapchat.com  https://*.chatbase.co; style-src 'self' 'unsafe-inline' data:  https://*.dutchcomiccon.com https://easyfairsassets.com https://*.googleapis.com https://*.typekit.net https://ps.w.org https://cdn.jsdelivr.net https://www.googletagmanager.com https://*.google.com    https://frontoffice.paylogic.nl        https://cdn.iubenda.com          ; font-src 'self' data:  https://*.dutchcomiccon.com https://spoprod-a.akamaihd.net https://easyfairsassets.com https://*.typekit.net https://fonts.gstatic.com https://*.sharepointonline.com      https://script.hotjar.com                ; child-src 'self'  https://*.dutchcomiccon.com https://easyfairsassets.com https://docs.wpo365.com https://library.elementor.com https://*.youtube.com https://*.vimeo.com https://*.youtu.be https://www.youtube-nocookie.com https://www.googletagmanager.com https://*.google.com https://*.twitter.com  https://www.facebook.com https://staticxx.facebook.com/ https://frontoffice.paylogic.nl  https://vars.hotjar.com  https://app.webreg.me/  https://registration.gesevent.com/ https://registration.n200.com/  https://www.iubenda.com https://cdn.iubenda.com     https://open.spotify.com/   https://tr.snapchat.com  https://*.chatbase.co; media-src 'self'  https://*.dutchcomiccon.com https://*.vimeo.com https://vimeo.com https://*.youtu.be https://*.youtube.com https://api.dmcdn.net https://*.twitch.tv       https://*.cdninstagram.com            https://www.redditstatic.com   ; object-src 'self'  https://*.dutchcomiccon.com                      ; frame-ancestors 'self'  https://*.dutchcomiccon.com    https://frontoffice.paylogic.nl                  ; base-uri 'none'                      ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com unpkg.com cdnjs.cloudflare.com use.fontawesome.com fonts.googleapis.com maps.googleapis.com connect.facebook.net fonts.gstatic.com www.google-analytics.com static.hotjar.com script.hotjar.com cdn.jsdelivr.net cdn.ckeditor.com www.googletagmanager.com; 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com marketing.velux.de; img-src * data:; font-src 'self' fonts.gstatic.com marketing.velux.de; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.youtube.com *.matomo.cloud *.usercentrics.eu *.youtube.com app.storyblok.com maps.googleapis.com marketing.velux.de; connect-src *; frame-src www.google.com ipaper.ipapercms.dk *.outlook.com *.visuscreen.de www.tankpool24.eu bsl-online.de www.youtube-nocookie.com solarrechner.eturnity.io; frame-ancestors 'self' https://app.storyblok.com; 1
default-src 'self'; script-src *.google-analytics.com cdnjs.cloudflare.com https://siteimproveanalytics.com https://maps.googleapis.com https://*.youtube.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src https://*.googleapis.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src data: https://*.ytimg.com https://*.youtube.com https://maps.gstatic.com https://*.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.siteimproveanalytics.io 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ apis.google.com https://www.google.com/ https://www.yourmoney.ch/ym/ext/szkb/ blob: https://datawrapper.dwcdn.net/; connect-src *.google-analytics.com *.gstatic.com *.googleapis.com https://www.google.com/maps/ https://api.friendlycaptcha.com/api/v1/puzzle 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self'; child-src 'self' https://www.google.com/ https://www.yourmoney.ch/ym/ext/szkb/ blob: https://datawrapper.dwcdn.net/; form-action 'self'; frame-ancestors 'self'; object-src 'self' 1
font-src *.fontawesome.com https://static.payzen.eu/static/ *.gstatic.com 'self' data: fonts.googleapis.com fonts.gstatic.com data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://app.goodays.co https://flunch-configurator.nextuser.com https://metrics.flunch-traiteur.fr https://ct.pinterest.com https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://q.clarity.ms/collect https://s.clarity.ms/collect https://secure.payzen.eu/vads-payment/ https://static.payzen.eu/static/ *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * maps.google.com maps.googleapis.com critizr.com data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://bat.bing.com https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://p.clarity.ms/ https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://q.clarity.ms/collect https://px.ads.linkedin.com https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://s.clarity.ms/collect https://secure.payzen.eu/static/latest/images/type-carte/ https://static.payzen.eu/static/ https://secure.payzen.eu/vads-payment/ 'self' data: *.google.com *.mageside.com mageside.com https://img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com maps.google.com maps.gstatic.com www.gstatic.com *.ggpht.com *.tile.openstreetmap.org *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com appsdev.agapes.fr *.agapes.fr blob: data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://track.nextuser.com https://ai-dev.nextuser.com https://ai.nextuser.com https://partner.flunch-traiteur.fr https://events.sk.ht/flunchtraiteur https://events.sk.ht/flunchtraiteur/lib.js https://bat.bing.com https://flunch-configurator.nextuser.com https://metrics.flunch-traiteur.fr https://www.clarity.ms/ https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://p.clarity.ms/ https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://q.clarity.ms/collect https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://cdn.jsdelivr.net https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://s.clarity.ms/collect https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.google.com *.gstatic.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com maps.google.com static.axept.io static.critizr.com secure.authorize.net test.authorize.net data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com *.matomo.cloud 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://track.nextuser.com https://ai-dev.nextuser.com https://ai.nextuser.com https://cdn.goodays.co https://flunch-configurator.nextuser.com https://metrics.flunch-traiteur.fr https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://p.clarity.ms/ https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://q.clarity.ms/collect https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://s.clarity.ms/collect https://static.payzen.eu/static/ *.googleapis.com *.gstatic.com unsafe-inline assets.braintreegateway.com static.critizr.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://track.nextuser.com https://ai-dev.nextuser.com https://ai.nextuser.com https://flunch-configurator.nextuser.com https://metrics.flunch-traiteur.fr https://sk.ht https://dynamic.criteo.com https://tracking.lqm.io https://s.yimg.com https://snap.licdn.com https://s.pinimg.com https://p.clarity.ms/ https://insight.adsrvr.org https://cdn.linkedin.oribi.io https://pixel.bsmartdata.com https://track.adform.net https://ct.pinterest.com https://q.clarity.ms/collect https://try.abtasty.com https://teddytor.abtasty.com https://c.clarity.ms/c.gif https://pixel.rubiconproject.com/tap.php https://ad.avtm.fr https://ariane.abtasty.com https://dcinfos-cache.abtasty.com https://connect.facebook.net https://www.facebook.com https://api2.abtasty.com https://o132438.ingest.sentry.io https://common-fonts.abtasty.com https://widgets-images.abtasty.com https://editor-assets.abtasty.com https://sslwidget.criteo.com https://www.criteo.net https://www.criteo.com https://measurement-api.criteo.com https://s.clarity.ms/collect https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ google-analytics.com ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com maps.googleapis.com maps.google.com client.axept.io ekr.zdassets.com t.elasticsuite.io data: *.axept.io *.addthis.com axeptio.imgix.net *.newrelic.com *.nr-data.net *.moatads.com *.addthisedge.com *.matomo.cloud 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src https://secure.payzen.eu/vads-payment/ https://api.payzen.eu/api-payment/ https://static.payzen.eu/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net *.googletagmanager.com *.googletagservices.com *.googlesyndication.com cdn-prod.securiti.ai *.google.com *.hotjar.com *.googleadservices.com *.gstatic.com snap.licdn.com *.doubleclick.net *.imagify.io plugin.handtalk.me *.tradingview.com *.tradingview-widget.com www.clarity.ms www.vlidev.service-now.com; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com *.hotjar.com *.google.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net *.imagify.io *.tradingview.com *.tradingview-widget.com *.azurewebsites.net *.vli-logistica.com.br; object-src 'self' 1
script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ https://js.gleam.io/ https://newgamenetwork.disqus.com/ https://widget.gleamjs.io/ https://www.googletagmanager.com/gtag/js; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://c.disquscdn.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://disqus.com https://gleam.io https://youtube.com https://www.youtube.com; 1
X-Frame-Options: sameorigin 1
default-src 'self' data:; report-uri /csp.cfm; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.typekit.net; font-src 'self' data: https:; frame-ancestors 'self' https://dynavax.sharepoint.com; frame-src 'self' player.vimeo.com *.youtube.com www.google.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com; img-src 'self' data: *.google-analytics.com maps.googleapis.com maps.gstatic.com www.googletagmanager.com; connect-src 'self' *.google-analytics.com api.lever.co 1
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data: https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
frame-ancestors 'self' *.kakao.com *.kakaocdn.net www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com developers.kakao.com jsgetip.appspot.com cr.acecounter.com;object-src 'self' *.kakao.com *.kakaocdn.net www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com developers.kakao.com jsgetip.appspot.com cr.acecounter.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.kakao.com *.kakaocdn.net www.google-analytics.com fonts.googleapis.com ajax.googleapis.com www.google.com www.googletagmanager.com view.copyright.or.kr voc.copyright.or.kr piwik.copyright.or.kr www.juso.go.kr www.eprivacy.or.kr:40018 connect.facebook.net static.nid.naver.com t1.daumcdn.net t1.kakaocdn.net developers.kakao.com jsgetip.appspot.com cr.acecounter.com;style-src 'self' 'unsafe-inline' 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://nyulocal.com https://*.nyulocal.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
frame-ancestors 'self' *.stedi.com 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;img-src 'self' data: https://jira.sehlat.io;frame-ancestors 'self';object-src 'none';script-src 'self' 'unsafe-eval' unsafe-inline;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https://login.microsoftonline.com https://dc.services.visualstudio.com https://id.sehlat.io https://minio.sehlat.io;form-action 'self' 1
default-src 'self' unix-solutions.be *.unix-solutions.be google.com www.google.com maps.googleapis.com fonts.gstatic.com www.gstatic.com fonts.googleapis.com; style-src 'self' fonts.googleapis.com 'unsafe-inline' 1
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self' https: file:;img-src 'self' https: data:;object-src 'none';script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.contentWindow.min.js https://stats.beta.gouv.fr/matomo.js https://stats.beta.gouv.fr/plugins/HeatmaSessionRecording/configs.php;script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests ;connect-src 'self' https://stats.beta.gouv.fr https://photon.komoot.io https://sentry.incubateur.net https://cdn.jsdelivr.net 1
frame-ancestors 'self' https://barclays.touchcast.com https://interactive.barclayslifeskills.com/ https://experience.springpod.co.uk *.crazyegg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' analytics.twitter.com connect.facebook.net m.addthis.com s7.addthis.com *.crazyegg.com static.ads-twitter.com www.gstatic.com www.google.com plausible.io https://sdk.touchcast.com  assets.calendly.com 1
default-src 'self' https:; img-src 'self' www.msc.com.pl/cezar/* data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' https: 'unsafe-inline' 1
base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'report-sample' 'nonce-kuo-cj5W5dLbIte4K9PNwg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval' 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' cab.de *.cab.de 'unsafe-inline' cab.de 'self'; 		child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net blob:; 		connect-src 'self' analytics.cab.de wss://umd.userlike.com umd.userlike.com api.userlike.com d3upe020n1uosc.cloudfront.net www.userlike.com blob: userlike-cdn-widgets.s3-eu-west-1.amazonaws.com; 		font-src 'self' data: d3dc1lgancj6l0.cloudfront.net; 		frame-src 'self' analytics.cab.de api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com www.youtube-nocookie.com player.vimeo.com; 		img-src 'self' data: cab.tom.webcontact.de cdn.sitesearch360.com userlike-cdn-operators.s3-eu-west-1.amazonaws.com d3upe020n1uosc.cloudfront.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com; 		media-src 'self' *.cab.de d3dc1lgancj6l0.cloudfront.net userlike-store-media-files.s3.amazonaws.com www.userlike.com blob:; 		object-src 'none'; 		script-src 'self' *.cab.de 'unsafe-inline' 'unsafe-eval' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net www.youtube.com userlike-cdn-umm.b-cdn.net; 1
default-src data: blob: https: 'unsafe-inline'; script-src 'unsafe-eval' https: 'unsafe-inline' 1
frame-ancestors vdv.onpublix.net crm3.vdv.de www.vdv.de 1
default-src blob: https: data: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://drift.skb.net https://park.skb.net https://pen.skb.net https://tri.skb.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data:; frame-src 'self' https://park.skb.net https://pen.skb.net https://aweucn1.advanced-web-analytics.com https://www.skb.si; font-src fonts.gstatic.com data:; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; report-uri /report/send; 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com www.google.com stats.g.doubleclick.net www.google.ie www.google.co.uk; script-src 'self' https://js.hubspot.com https://js.hsleadflows.net https://connect.facebook.net https://js.hs-analytics.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hsadspixel.net https://js.hs-scripts.com https://www.googletagmanager.com https://trk.hostingireland.ie https://googleads.g.doubleclick.net https://cdn.iubenda.com 'unsafe-inline' https://c.microsoft.com *.google-analytics.com *.analytics.google.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://cdn.iubenda.com fonts.googleapis.com; img-src 'self' data: https://www.googletagmanager.com https://cdn.iubenda.com https://perf-na1.hsforms.com https://www.facebook.com https://forms.hsforms.com https://track.hubspot.com www.google.com www.google.ie *.google-analytics.com *.analytics.google.com www.gstatic.com stats.g.doubleclick.net www.google.co.uk https://trk.hostingireland.ie; font-src 'self' data: fonts.gstatic.com themes.googleusercontent.com; connect-src 'self' https://cta-service-cms2.hubspot.com https://cta-service-cms2.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://www.google.com https://googleads.g.doubleclick.net *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net; child-src https://www.microsoft.com; form-action clients.hostingireland.ie; upgrade-insecure-requests; report-uri https://fwqjdq5k.uriports.com/reports/report; report-to default; frame-src https://www.iubenda.com https://td.doubleclick.net 1
connect-src https://*.calltouch.ru https://calltouch.ru https://*.mail.ru  https://www.google-analytics.com https://itclinic.ru 'self' https://*.yandex.ru https://*.itclinic.ru https://*.yandex.net https://*.google.com; child-src 'self' ; font-src https://static.lc-group.ru 'self' https://*.itclinic.ru ; form-action https://*.google.com https://*.calltouch.ru https://calltouch.ru https://itclinic.ru 'self' https://*.itclinic.ru ; frame-ancestors https://webvisor.com https://*.webvisor.com https://itclinic.ru 'self' ;  frame-src https://*.google.com https://*.calltouch.ru https://calltouch.ru https://api-maps.yandex.ru 'self' https://*.youtube.com ; img-src https://*.google.com  https://*.calltouch.ru https://calltouch.ru https://*.mail.ru https://vk.com https://static.lc-group.ru https://www.google-analytics.com https://itclinic.ru https://merlion.com  'self' https://*.yandex.ru https://*.merlion.com https://*.merlion.ru https://*.yandex.net https://*.itclinic.ru https://www.ippon.ru    https://www.jetbalance.ru https://www.google-analytics.com data: ;  media-src https://*.itclinic.ru 'self' ;     object-src https://static.lc-group.ru https://*.itclinic.ru 'self' https://*.macromedia.com ; script-src https://*.google.com     https://*.mail.ru https://static.lc-group.ru https://itclinic.ru https://*.yandex.ru  https://yastatic.net 'self' https://*.yandex.ru https://*.google-analytics.com      https://*.itclinic.ru https://*.yandex.net 'unsafe-eval'  https://*.calltouch.ru https://calltouch.ru; style-src https://*.google.com https://*.calltouch.ru https://calltouch.ru https://*.mail.ru https://static.lc-group.ru https://itclinic.ru 'self' https://*.yandex.ru 'unsafe-inline' https://*.itclinic.ru https://*.yandex.net ; default-src 'none' ; 1
default-src https: 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self' *; style-src 'unsafe-inline' 'self' *; frame-src 'self' *; object-src 'self' *; img-src 'self' data: *; media-src blob: 'self' *; font-src 'self' data: *; connect-src 'self' *; child-src blob: 'self' *; block-all-mixed-content; 1
default-src 'self' 'unsafe-eval' https://insight.adsrvr.org; font-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; frame-src 'self' https://insight.adsrvr.org https://*.youtube.com https://*.doubleclick.net https://*.coca-cola.com https://*.coke.com; img-src 'self' data: https://*.cokeplus.tw https://*.amazonaws.com https://www.google.com.hk https://www.google.com https://*.google-analytics.com https://maps.gstatic.com https://*.googleapis.com https://*.facebook.com https://sp.analytics.yahoo.com https://cdn.ckeditor.com https://*.googletagmanager.com https://*.kfs.io https://*.googleusercontent.com https://*.line.me https://*.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.ckeditor.com; connect-src 'self' data: https://*.googleapis.com https://*.coca-cola.com https://*.b2clogin.com https://*.coke.com https://*.amazonaws.com https://*.cokeplus.tw https://*.pusher.com https://*.google.com.hk https://analytics.google.com https://*.google-analytics.com wss://*.pusher.com https://stats.g.doubleclick.net https://s.yimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://insight.adsrvr.org; script-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://cdn.jsdelivr.net https://js.adsrvr.org https://connect.facebook.net https://*.googletagmanager.com https://*.google-analytics.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://*.yimg.com https://jscdn.appier.net https://*.line-scdn.net https://*.onead.com.tw https://*.ad2iction.com https://googleads.g.doubleclick.net https://code.jquery.com https://cdn.ckeditor.com https://*.googleadservices.com 1
frame-ancestors 'self' http://www.aideauxprofs.fr https://www.aideauxprofs.fr http://cosmics-h2020.eu https://cosmics-h2020.eu https://my.whaller.com https://launchpad.whaller.com https://demo.whaller.com https://rhewall.whaller.com https://hive.plasticomnium.com https://sphere-emploi-va.pe-qvr.org https://sphere-emploi.fr sphere-emploi.whaller.com https://agora-eitmanufacturing.eu https://agora.univ-tech.eu https://whaller.bnpparibas-pf.com https://pf.whaller.com https://karukera-vision.whaller.com https://restos.whaller.com https://ssorhewall.whaller.com https://notracat.whaller.com https://accel-adrar-formation.whaller.com https://whallup.whaller.com https://topekip.com https://artemis.whaller.com https://ctennis.fr https://pasiphae.whaller.com https://whaller.sciencespo.fr https://whaller.civica.eu https://civica.whaller.com https://social.edward-suite.com https://social.eggers-conseil.com https://communautes.apec.fr https://famillesdesarmees.whaller.com https://whaller-news.ariane.group https://ifrc.whaller.com https://agora.refia.org https://fda-qual.whaller.com https://frida.ofaj.org https://oz.doubs.fr https://mykiwi.org https://www.mouvementdesapel.fr https://fda-qual.fr https://mon-reseau.fr 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: blob:; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self'; script-src 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; img-src 'self' *.abuseipdb.com *.gnupg.org; 1
frame-src 'self' *.pinterest.com; base-uri 'self'; 1
frame-ancestors 'self' https://*.lexus.eu https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' https://*.webinargeek.com wss://*.liveperson.net http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.conversationalsdevelopment.nl wss://api.seamly-app.com https://api.seamly-app.com https://*.sharethis.com https: data: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googlesyndication.com *.twitter.com *.easydmp.net *.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js *.cloudflare.com *.instagram.com/embed.js tr.snapchat.com *.aticdn.net *.adnxs.com *.teads.tv *.licdn.com *.ads-twitter.com *.yahoo.com s.yimg.com sc-static.net *.criteo.com *.criteo.net *.tiktok.com *.tag4arm.com *.hsforms.com img.metaffiliation.com acdn.adnxs.com bat.bing.com geolocation.onetrust.com cdn.cookielaw.org *.gstatic.com *.videopress.com *.google.com *.google.fr *.wp.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net connect.facebook.net *.hsforms.net *.tag.aticdn.net *.trk.adbutter.net https://region1.analytics.google.com blob: *.abtasty.com *.googleapis.com ads-twitter.com t.contentsquare.net contentsquare.com *.leocare.eu https://sp.analytics.yahoo.com https://trk.adbutter.net;style-src 'report-sample' 'self' 'unsafe-inline' secure.adnxs.com analytics.tiktok.com *.google.com *.jquery.com https://cdnjs.cloudflare.com https://fonts.googleapis.com tag.aticdn.net *.abtasty.com *.gstatic.com *.googleapis.com ;object-src 'self' ;form-action 'self' *.leocare.eu *.hsforms.com secure.adnxs.com analytics.tiktok.com tr.snapchat.com *.facebook.com; base-uri 'self' ;connect-src 'self' *.googlesyndication.com *.linkedin.com *.criteo.com *.pangle-ads.com *.linkedin.oribi.io *.easydmp.net https://api-public.leocare.eu/api/v1/lead-consent https://googleads.g.doubleclick.net/ ads-twitter.com s.yimg.comtr.snapchat.com *.onetrust.com *.tiktok.com *.facebook.com *.hsforms.com *.tag4arm.com hubspot-forms-static-embed.s3.amazonaws.com cdn.cookielaw.org *.google-analytics.com stats.g.doubleclick.net https://www.tag4arm.com https://stats.g.doubleclick.net https://yoast.com https://www.google-analytics.com *.hsforms.com *.abtasty.com www.google.com adservice.google.com *.contentsquare.net https://s.yimg.com *.trk.adbutter.net https://region1.analytics.google.com; font-src 'self' secure.adnxs.com analytics.tiktok.com *.gstatic.com https://cdnjs.cloudflare.com blob: *.abtasty.com *.gstatic.com *.googleapis.com ;frame-src 'self' *.twitter.com https://qa-assistant.abtasty.com/ https://asset.easydmp.net https://td.doubleclick.net/ secure.adnxs.com analytics.tiktok.com tr.snapchat.com *.facebook.com *.hsforms.com *.criteo.com *.dailymotion.com *.vimeo.com *.google.com https://www.youtube.com https://www.instagram.com *.trustpilot.com ;img-src 'self' *.twitter.com https://t.co *.criteo.com *.bidswitch.net *.media.net *.rubiconproject.com *.smartadserver.com *.taboola.com *.teads.tv *.adform.net *.thebrighttag.com *.krxd.net *.demdex.net *.yieldlab.net *.tremorhub.com *.revcontent.com *.sharethrough.com *.pubmatic.com *.yieldmo.com *.emxdgt.com *.3lift.com *.omnitagjs.com *.casalemedia.com https://id5-sync.com *.outbrain.com *.postrelease.com *.mediavine.com *.ivitrack.com *.360yield.com  *.linkedin.com *.hsforms.com *.instagram.com ads-twitter.com data: *.xiti.com *.yahoo.com *.tiktok.com *.cookielaw.org *.tag4arm.com bat.bing.com ib.adnxs.com *.gravatar.com *.wp.com *.w.org *.google.com *.google.fr *.google.es *.google.co.uk *.google.de *.google.nl *.google.be *.google.ch *.google-analytics.com *.facebook.com *.googletagmanager.com twemoji.maxcdn.com *.doubleclick.net data: https://ib.adnxs.com https://www.tag4arm.com https://secure.gravatar.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fr tag.aticdn.net *.adnxs.com blob: *.abtasty.com *.amazonaws.com *.contentsquare.net;media-src 'self' secure.adnxs.com analytics.tiktok.com *.w.org ;worker-src 'self' secure.adnxs.com analytics.tiktok.com *.videopress.com *.google.com blob:;default-src 'self' https://api-public.leocare.eu/api/v1/lead-consent t.co *.youtube.com *.ads.linkedin.com *.g.doubleclick.net *.easydmp.net *.googlesyndication.com *.oribi.io *.twitter.com *.crisp.chat; 1
img-src 'self' https: blob: data:; default-src https: data: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss:; frame-ancestors www.route1print.co.uk 1
upgrade-insecure-requests; default-src 'self' https://*.unigranrio.edu.br/ https://*.website-files.com/ https://hubspotonwebflow.com/ https://vlibras.gov.br https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://apppravaler.apprbs.com.br/ https://tracking.apprubeus.com.br/ https://www.googletagmanager.com/ https://*.pages.ubembed.com/ https://*.events.ubembed.com/ https://analytics.tiktok.com/ https://landing-vest-unigranrio-api.azurewebsites.net https://use.typekit.net https://capture-api.reachlocalservices.com/ https://*.gannettdigital.com/ https://static.criteo.net/ https://content.hotjar.io/ wss://ws.hotjar.com/ https://forms.hscollectedforms.net https://fonts.cdnfonts.com https://www.youtube-nocookie.com https://*.rlets.com/ https://*.criteo.com/ https://www.facebook.com/tr/ https://kit.fontawesome.com https://*.googleapis.com https://*.elfsight.com/ https://gov.br/ https://js.hsforms.net/ https://*.pdcsaude.com.br https://cdn.cookielaw.org https://*.hubapi.com https://*.fontawesome.com https://*.luckyorange.net https://forms.hsforms.com/ https://*.s3.amazonaws.com/ https://*.whatsapp.com https://*.hubspot.com https://portal.iteleport.com.br/ https://www.googleservices.com https://ib.adnxs.com https://cdn.linkedin.oribi.io https://static.hsappstatic.net https://cdn.tradelab.fr https://js.hscollectedforms.net https://js.hubspotfeedback.com https://js.hscta.net https://snap.licdn.com https://*.gstatic.com https://*.youtube.com https://js.hs-banner.com https://*.hubspot.com https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://*.vlibras.gov.br https://*.onetrust.com https://*.rdstation.com.br https://*.doubleclick.net https://*.hotjar.com https://*.google.com data:; script-src 'self' https://s3.amazonaws.com/ https://*.website-files.com/ https://hubspotonwebflow.com/ https://cdn.jsdelivr.net https://unpkg.com https://apprbs.com.br https://assets.ubembed.com/ https://unpkg.com/ https://apppravaler.apprbs.com.br/ https://code.jquery.com/ https://tracking.apprubeus.com.br/ https://*.js.ubembed.com/ https://static.criteo.net https://app.shoptarget.com.br/ https://*.simpli.fi/ https://analytics.tiktok.com/ https://cdn.rlets.com/ https://www.googleadservices.com https://3960387.fs1.hubspotusercontent-na1.net https://*.unigranrio.edu.br https://unigranrio.edu.br/  https://*.pdcsaude.com.br https://*.youtube.com https://*.fontawesome.com https://*.luckyorange.net https://*.whatsapp.com https://*.hubspot.com https://cdn.jsdelivr.net/ https://igorescobar.github.io/ https://js.hsforms.net/  https://releases.jquery.com/ https://*.static.elfsight.com/ https://*.tradelab.fr https://js.hscollectedforms.net https://js.hubspotfeedback.com https://js.hscta.net https://ib.adnxs.com https://cdn.linkedin.oribi.io https://static.hsappstatic.net https://snap.licdn.com https://www.gstatic.com https://*.googleapis.com https://cdn.cookielaw.org https://*.hubapi.com https://*.hubspot.com https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.rdstation.com.br https://3603d.com.br https://google.com.br https://google.com https://rdstation.com.br https://popups.rdstation.com.br https://track.hubspot.com https://api.hubspot.com https://stats.g.doubleclick.net https://ajax.cloudflare.com https://js.hsleadflows.net https://js.usemessages.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://stats.g.doubleclick.net https://static.elfsight.com/ https://js.hs-scripts.com https://*.cloudfront.net https://*.onetrust.com https://*.cloudflareinsights.com https://connect.facebook.net https://www.google-analytics.com https://*.vlibras.gov.br/ https://vlibras.gov.br https://apps.elfsight.com/ https://unigranrio.com.br/ https://www.unigranrio.com.br https://*.criteo.com  https://www.googletagmanager.com https://js.hs-scripts.com https://www.youtube-nocookie.com https://*.webformscr.com https://login.sendpulse.com https://static.whatshelp.io blob: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data:; style-src https: 'unsafe-inline'; 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' blob:; frame-src 'self' https: blob:; 1
script-src 'self' https://www.google-analytics.com 'unsafe-hashes' 'sha256-Mejfqw/rcuPAXLq+LvRkhI5YwxTF3F/V3Hx9uU7Cem0=' 'sha256-qN1ztfNu7xgEFHo8+X4eI8Ing1P9bO1CzFk3xCQfgkQ=' 'sha256-Q+qomrZ1pEZHeC01QESfHKnCjnzuW+wS64SJ94cd7eU=' 'sha256-lvvj5Y94uJd2owx4udhFH/Ovi2qOZxmnruIlF+TAd9w=' 'sha256-xrczspkw95tQ1dAcwlL1jSgCnxmmVSUklZ9Q6ohZfYI=' 'sha256-BihYdWDxuuHcPK9cVceix+MuRiw3AROVh7pc+mApIH0=' 'sha256-d90TvGS55n09UiJAhzG6xGjF3Gm9YH4umQycQSq76Oc=' 'sha256-KXuYyfHKAftAQdoBsibeqApF9skaF/wmnM4QcNpzhrY=' 'sha256-B+z+r+8poOlpRTA/5UTc9+ba09cP1IGA/gg0KhnWi48=' 'sha256-vI7fz2T0edVoCOfHGv9KsWni/5c1l39ZabC41RzA7HE=' 'sha256-QjzI5L7Hnq+9D3fw7EdfQiOVj26uHNgDHNbNjTgJpw8=' 'sha256-BBobMUbBLQ1n63cvVz77C1RTv9OLoISg6uv85pDAIGQ=' 'sha256-4DBs4D/nRR0L4zmUqqrJ1/CO0yjEN3CeJhHMdv+FwgE=' 'sha256-n5uSXQWDGoSegGiEaJlavk0NhyLhhQXyfzIFUctJ930=' 'sha256-v4JClfcQS+AyJ6vwkfElMQAUFRqmgGaShAa/YLtBWvE=' 'sha256-Isf+HG1uLXUReCxuFhwK8YpcVpsXPmxAdSEbGUS+uwI=' 'sha256-fiKQYjQdxUd5hM3Omo0keeJR7HEdD+80JAdcOlsG7kU=' 'sha256-0BFTkkkWmqSSvc7nVG2j7VWcVkaSYTuWZVmbXxkmVOk=' 'sha256-RMhMFB+3EPCPPVQ2Pd7V8dsIwd9SCZ2RtJOflXRmoHQ=' 'sha256-S0fDvxKbhWIJG8Ta+kvtWkbqo1qaQIodTLJC0MKLIH8=' 'sha256-2hkODgXTlzcUCaVd6lBy3Sxb5ysCWaDYN9tZhcYNl9Y=' 'sha256-Ku5oPE8suuaDIBiyqClsXkKN6DZ0lyHImHfl/CErcnc=' 'sha256-+pxbZDKTfdNYlcMVRvOH1W1xE4tiqA3xrpSrSx41LsY=' 'sha256-saPVtJs7+Ve+mWdNUTwXnW+S0C3r2L15zQfOYACUMP4=' 'sha256-vFHOWH2nO1jVX6iJ2c5FpGzy4SUkGIyrpx4CvLzGazg=' 'sha256-1ZRNzuO5ZYO8PR42LMndMLVzozyikZYeLBbM3iFEhug=' 'sha256-UAs+H7b7eZgHnGJkS8UzViOrSduLDUWGzg6pfTaJ8/c=' 'sha256-3QOk8PTwZ7MQWn72jhQzmtEExlt8SJZyD13C3UTFcJg=' 'sha256-DlTE3UlrzIo31e1ARG5oz0IGEyBd4cKoGKhOWBKkH2s=' 'sha256-+ktaddlqxqVv4dRf6Zqgsj0FfVSey+HUdwDiva5oYBY=' 'sha256-apCJsLsG8IsPfOBa1aAJwm6oH6n4SD7ZxPyCm0q06rE=' 'sha256-RKpI8bAbQ9ryUM3IwmwEb4JJmgbS85uPI/UH8nc+e5c=' 'sha256-2HvjQHTxz+uFixJ8kpZNcvu+8mCL5kQngvJWp2DkWJA=' 'sha256-6w39ez4wXU9fuF0sl+o4jNTxtcFKRtveqNjV73t9cfs=' 'sha256-KfZyL9u/D/ox2a9+j78HltrcjK8d8PFAfxhSdf5jzvw=' 'sha256-DUfsOVVPdNt0kVpSeLyZCtQn8JgL39crs13vCLcUbPk=' 'sha256-/XX59997Nfjdk9+xO7Jf4EuERYbE9J+9jN0JQRE8/b0=' 'sha256-ZzNlB61BJ8wLDUDHkCJr9RVFIm6oriEpGZETzWnj9Yo=' 'sha256-BPt+WyA/nwtgTSLs7IrkJFpTMcnR2JTaSLFLhhEdyck=' 'sha256-5gnI4c4/nPdk9JcHesaOl/2eVQj1CVUWTU89LpVNP+8=' 'sha256-XUO+NnTQqQ+lBOQrcWBEeQdSdKglRdKje8zszeZavMk=' 'sha256-CbqS8Nt1bvvcbpTT/Yh33JI+HD4fHtLFBnm9KQeZmdI=' 'sha256-sP58mzm3Ru1PEHxcGjvhSH/TqCCbUOllTLKUkcKqJ/M=' 'sha256-RESWuM+9KM9cuG52aXPSpU/LcC0IB3xxTj6Qibzua/c=' 'sha256-E5rDJIzHCwgNxLq7bXFPvObXo9SwRbU6HukHV2tsMSc=' 'sha256-rxGWyJpTnMSy9t/nafbk4E3yK6osdjXb9f8ADosx920=' 'sha256-eSepVxJGP8VRooPCKxeud8f9RaC68TTe6DMRzVb6CeE='; script-src-attr 'unsafe-hashes' 'sha256-d90TvGS55n09UiJAhzG6xGjF3Gm9YH4umQycQSq76Oc=' 'sha256-B+z+r+8poOlpRTA/5UTc9+ba09cP1IGA/gg0KhnWi48=' 'sha256-vI7fz2T0edVoCOfHGv9KsWni/5c1l39ZabC41RzA7HE=' 'sha256-QjzI5L7Hnq+9D3fw7EdfQiOVj26uHNgDHNbNjTgJpw8=' 'sha256-BBobMUbBLQ1n63cvVz77C1RTv9OLoISg6uv85pDAIGQ=' 'sha256-4DBs4D/nRR0L4zmUqqrJ1/CO0yjEN3CeJhHMdv+FwgE=' 'sha256-n5uSXQWDGoSegGiEaJlavk0NhyLhhQXyfzIFUctJ930=' 'sha256-v4JClfcQS+AyJ6vwkfElMQAUFRqmgGaShAa/YLtBWvE=' 'sha256-Isf+HG1uLXUReCxuFhwK8YpcVpsXPmxAdSEbGUS+uwI=' 'sha256-fiKQYjQdxUd5hM3Omo0keeJR7HEdD+80JAdcOlsG7kU=' 'sha256-0BFTkkkWmqSSvc7nVG2j7VWcVkaSYTuWZVmbXxkmVOk=' 'sha256-RMhMFB+3EPCPPVQ2Pd7V8dsIwd9SCZ2RtJOflXRmoHQ=' 'sha256-S0fDvxKbhWIJG8Ta+kvtWkbqo1qaQIodTLJC0MKLIH8=' 'sha256-2hkODgXTlzcUCaVd6lBy3Sxb5ysCWaDYN9tZhcYNl9Y=' 'sha256-Ku5oPE8suuaDIBiyqClsXkKN6DZ0lyHImHfl/CErcnc=' 'sha256-+pxbZDKTfdNYlcMVRvOH1W1xE4tiqA3xrpSrSx41LsY=' 'sha256-saPVtJs7+Ve+mWdNUTwXnW+S0C3r2L15zQfOYACUMP4=' 'sha256-vFHOWH2nO1jVX6iJ2c5FpGzy4SUkGIyrpx4CvLzGazg=' 'sha256-1ZRNzuO5ZYO8PR42LMndMLVzozyikZYeLBbM3iFEhug=' 'sha256-UAs+H7b7eZgHnGJkS8UzViOrSduLDUWGzg6pfTaJ8/c=' 'sha256-3QOk8PTwZ7MQWn72jhQzmtEExlt8SJZyD13C3UTFcJg=' 'sha256-DlTE3UlrzIo31e1ARG5oz0IGEyBd4cKoGKhOWBKkH2s=' 'sha256-+ktaddlqxqVv4dRf6Zqgsj0FfVSey+HUdwDiva5oYBY=' 'sha256-apCJsLsG8IsPfOBa1aAJwm6oH6n4SD7ZxPyCm0q06rE=' 'sha256-RKpI8bAbQ9ryUM3IwmwEb4JJmgbS85uPI/UH8nc+e5c=' 'sha256-2HvjQHTxz+uFixJ8kpZNcvu+8mCL5kQngvJWp2DkWJA=' 'sha256-6w39ez4wXU9fuF0sl+o4jNTxtcFKRtveqNjV73t9cfs=' 'sha256-KfZyL9u/D/ox2a9+j78HltrcjK8d8PFAfxhSdf5jzvw=' 'sha256-DUfsOVVPdNt0kVpSeLyZCtQn8JgL39crs13vCLcUbPk=' 'sha256-/XX59997Nfjdk9+xO7Jf4EuERYbE9J+9jN0JQRE8/b0=' 'sha256-ZzNlB61BJ8wLDUDHkCJr9RVFIm6oriEpGZETzWnj9Yo=' 'sha256-BPt+WyA/nwtgTSLs7IrkJFpTMcnR2JTaSLFLhhEdyck=' 'sha256-5gnI4c4/nPdk9JcHesaOl/2eVQj1CVUWTU89LpVNP+8=' 'sha256-XUO+NnTQqQ+lBOQrcWBEeQdSdKglRdKje8zszeZavMk=' 'sha256-CbqS8Nt1bvvcbpTT/Yh33JI+HD4fHtLFBnm9KQeZmdI=' 'sha256-sP58mzm3Ru1PEHxcGjvhSH/TqCCbUOllTLKUkcKqJ/M=' 'sha256-RESWuM+9KM9cuG52aXPSpU/LcC0IB3xxTj6Qibzua/c=' 'sha256-E5rDJIzHCwgNxLq7bXFPvObXo9SwRbU6HukHV2tsMSc=' 'sha256-rxGWyJpTnMSy9t/nafbk4E3yK6osdjXb9f8ADosx920=' 'sha256-eSepVxJGP8VRooPCKxeud8f9RaC68TTe6DMRzVb6CeE=' 'sha256-KXuYyfHKAftAQdoBsibeqApF9skaF/wmnM4QcNpzhrY=' 'sha256-BihYdWDxuuHcPK9cVceix+MuRiw3AROVh7pc+mApIH0=' 'sha256-xrczspkw95tQ1dAcwlL1jSgCnxmmVSUklZ9Q6ohZfYI=' 'sha256-lvvj5Y94uJd2owx4udhFH/Ovi2qOZxmnruIlF+TAd9w=' 'sha256-Q+qomrZ1pEZHeC01QESfHKnCjnzuW+wS64SJ94cd7eU=' 'sha256-Mejfqw/rcuPAXLq+LvRkhI5YwxTF3F/V3Hx9uU7Cem0=' 'sha256-qN1ztfNu7xgEFHo8+X4eI8Ing1P9bO1CzFk3xCQfgkQ='; object-src 'self' 1
default-src * data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-4Qe/3U/z6nzjy+0Gk/iRklM5mcobXkmElluqURb6stJ618pX' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://ottawa.place; img-src 'self' https: data: blob: https://ottawa.place; style-src 'self' https://ottawa.place 'nonce-S934Vm0Yg7P1O+CFX7NeTw=='; media-src 'self' https: data: https://ottawa.place; frame-src 'self' https:; manifest-src 'self' https://ottawa.place; connect-src 'self' data: blob: https://ottawa.place https://assets.ottawa.place wss://ottawa.place; script-src 'self' https://ottawa.place 'wasm-unsafe-eval'; child-src 'self' blob: https://ottawa.place; worker-src 'self' blob: https://ottawa.place 1
default-src 'self' staticxx.facebook.com www.facebook.com v1.addthis.com connect.facebook.net api-public.addthis.com cse.google.com www.google.com www.google-analytics.com www.youtube.com s7.addthis.com m.addthis.com; img-src 'self' s7.addthis.com clients1.google.com www.google.com stats.g.doubleclick.net www.google-analytics.com www.youtube.com data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' v1.addthis.com connect.facebook.net cdnjs.cloudflare.com m.addthisedge.com m.addthis.com s7.addthis.com v1.addthis.com v1.addthisedge.com api-public.addthis.com www.gstatic.com www.google.com ajax.googleapis.com cse.google.com www.google-analytics.com www.googletagmanager.com; font-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.gstatic.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com www.google.com fonts.googleapis.com code.jquery.com; style-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com www.google.com fonts.googleapis.com code.jquery.com; 1
default-src https: data: blob: 'self' 'unsafe-inline' 'unsafe-eval' * 1
frame-ancestors 'self' https://ecpmarketer.com 1
frame-ancestors 'self' https://cppe.instructure.com 1
base-uri 'self'; child-src 'self' https://*.nuxeo.io https://*.nuxeocloud.com blob: gap:; frame-src 'self' https://*.nuxeo.io https://*.nuxeocloud.com blob: gap:; connect-src 'self' https://*.civiccomputing.com https://*.visualstudio.com https://*.nuxeocloud.com https://*.tiny.cloud; default-src 'self' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://*.tinymce.com/ blob:; media-src 'self'; object-src 'self' https://*.tiny.cloud; plugin-types https://*.tiny.cloud; script-src 'self' https://*.civiccomputing.com https://*.tiny.cloud https://*.tinymce.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.tinymce.com https://*.tiny.cloud 'unsafe-inline'; frame-ancestors 'self' gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=cd5RedoHiUxon9qWC1rFkntwh2aGSqHhOxuyv1VVgS7uivVJD83ml4FQ17emEId%2BW2DSfT4R%2FX%2FhQmvRvQqlRw%3D%3D; 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.realperson.cloud *.cookiebot.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.realperson.cloud code.jquery.com static.cloudflareinsights.com ajax.cloudflare.com *.cookiebot.com www.googletagmanager.com ssl.google-analytics.com analytics.regiohelden.de www.google-analytics.com stats.g.doubleclick.net https://stats.g.doubleclick.net; frame-src 'self' https://consentcdn.cookiebot.com *.youtube-nocookie.com www.linkedin.com www.chatnode.ai *.youtube.com *.vimeo.com *.vimeocdn.com; font-src 'self' *.realperson.cloud; object-src 'self'; img-src 'self' data: source.unsplash.com images.unsplash.com usercontent.realperson.cloud www.googletagmanager.com www.google.de www.google.com ssl.google-analytics.com analytics.regiohelden.de imgsct.cookiebot.com www.google-analytics.com stats.g.doubleclick.net https://stats.g.doubleclick.net; connect-src 'self' https://chat2180.realperson.cloud wss://chat2180.realperson.cloud https://charts3.equitystory.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net https://analytics.regiohelden.de; worker-src 'self' blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: data: *; frame-ancestors 'self' samandehi.ir logo.samandehi.ir enamad.ir trustseal.enamad.ir ecunion.ir mediaad.org 1
frame-ancestors 'self' https://www.arcinfo.ch https://www.lenouvelliste.ch https://www.lacote.ch https://www.ascona-locarno.com https://www.rhne.ch https://jazzascona.ch; 1
default-src 'self'; script-src 'self' https://*.hotjar.com https://secure.leadforensics.com https://snap.licdn.com https://mc.yandex.ru https://*.google.com https://www.googletagmanager.com https://*.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://vk.com https://*.facebook.net https://www.youtube.com/iframe_api https://code-ya.jivosite.com https://code.jivo.ru https://js.zi-scripts.com https://ws.zoominfo.com https://tags.clickagy.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.google.com https://fonts.googleapis.com https://*.mailchimp.com https://*.typekit.net 'unsafe-inline' https://code-ya.jivosite.com https://code.jivo.ru; img-src 'self' data: https://*.linkedin.com https://*.google.com https://*.gstatic.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://vk.com https://*.vk.com https://www.facebook.com https://code-ya.jivosite.com; child-src 'self' https://www.youtube-nocookie.com/ https://*.google.com https://www.youtube.com https://www.facebook.com https://*.clickagy.com; connect-src 'self' https://*.google-analytics.com https://*.amazonaws.com https://*.doubleclick.net https://mc.yandex.ru https://ymetrica1.com wss://*.jivosite.com https://*.jivosite.com https://suggestions.dadata.ru https://idx.liadm.com https://*.clickagy.com https://js.zi-scripts.com https://ws.zoominfo.com wss://ws.hotjar.com https://*.hotjar.io; media-src 'self' https://www.youtube-nocookie.com/ https://www.youtube.com/ https://*.amazonaws.com https://code-ya.jivosite.com https://code.jivo.ru; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://translate-pa.googleapis.com https://translate.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://translate.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.gstatic.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://translate.googleapis.com https://stats.g.doubleclick.net; font-src 'self'; frame-src 'self' https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self'; form-action 'self'; img-src 'self' data: https://www.google-analytics.com https://fonts.gstatic.com https://www.gstatic.com https://translate.googleapis.com https://www.cqc.org.uk https://www.google.com; manifest-src 'self'; media-src 'self'; worker-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/ https://code.jquery.com/ui/1.12.1/jquery-ui.js https://d3js.org/d3.v7.min.js https://www.defro.pl/ https://developer.defro.pl https://*.typeform.com/ https://chat.fcc-online.pl https://polyfill.io/ https://jawj.github.io/ https://developers.google.com/; img-src 'self' data: https://www.youtube.com/ https://www.defro.pl/ https://www.google.pl https://developer.defro.pl https://chat.fcc-online.pl https://4i.fcc-online.pl/ https://storage.mlcdn.com https://maps.googleapis.com/ https://maps.gstatic.com/; object-src 'self' data: https://www.youtube.com/ https://www.google.com/ https://www.defro.pl/ https://www.google.pl https://developer.defro.pl https://*.typeform.com/ https://chat.fcc-online.pl; frame-src 'self' data: https://www.youtube.com/ https://www.google.com/ https://www.defro.pl/ https://www.google.pl https://developer.defro.pl https://*.typeform.com/ https://chat.fcc-online.pl; form-action 'self' data: https://typeform.com/ https://chat.fcc-online.pl; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ws: https: http: data: 1
frame-ancestors 'none'; script-src 'self' https://*.formapprovals.com https://*.stripe.com https://*.google.com https://*.gstatic.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdn.datatables.net 'nonce-QwSe46jsIVTRGgzIMAgAVgtXOrPdCrLz'; object-src 'self' https://*.formapprovals.com 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.marine.ie/report-uri/enforce 1
style-src 'self' 'unsafe-inline' hello.myfonts.net https://*.clickdimensions.com https://fonts.googleapis.com https://*.google.com; script-src 'self' 'nonce-/odirkKk8OQ/2epvMeeFajxb73nqBMJDot3/7B/9J9g=' 'unsafe-inline' 'unsafe-eval' https://*.clickdimensions.com https://devsso.everence.com https://sso.everence.com https://*.simpli.fi http://fast.wistia.com src.litix.io https://code.jquery.com https://cdn.jsdelivr.net https://*.wistia.com https://*.formsite.com hello.myfonts.net https://*.googletagmanager.com *.google-analytics.com https://*.google.com fast.wistia.net https://*.hotjar.com https://connect.facebook.net/en_US/sdk.js *.zdassets.com; connect-src 'self' data: *.wistia.com embedwistia-a.akamaihd.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.everence.com https://*.liti https://*.litix.io blob: *.zdassets.com *.zendesk.com; img-src 'self' https: fast.wistia.com https://*.formsite.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com placehold.it data: blob:; child-src 'self' https://fireside.fm/ https://www.youtube.com https://www.facebook.com https://*.formsite.com fast.wistia.com vds.issgovernance.com everence.locatorsearch.com *.everence.com https://*.calvertimpactcapital.org https://calvertimpactcapital.org https://*.calvertimpact.org https://calvertimpact.org https://*.mortgagewebcenter.com https://forms.joinmycu.com https://bid.g.doubleclick.net https://td.doubleclick.net https://*.google.com https://*.clickdimensions.com https://*.hotjar.com blob:; font-src 'self' data: fast.wistia.com https://*.simpli.fi https://fonts.googleapis.com https://fonts.gstatic.com https://www.everence.com; media-src 'self' *.akamaihd.net fast.wistia.net *.wistia.com blob: data:; form-action 'self' https://*.clickdimensions.com https://devsso.everence.com https://sso.everence.com; 1
default-src 'self';  connect-src 'self' https://*.snapchat.com https://www.google-analytics.com https://stats.g.doubleclick.net https://translate.googleapis.com https://pagead2.googlesyndication.com/ https://yoast.com/ https://mx.technolutions.net/;  script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://sc-static.net https://admissions.cumberland.edu https://mx.technolutions.net https://tag.brandcdn.com https://adservices.brandcdn.com https://translate.google.com https://translate.googleapis.com https://*.snapchat.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://translate-pa.googleapis.com https://connect.facebook.net https://cdnjs.cloudflare.com/ https://www.shoppingsheet.com https://business.facebook.com;  frame-src 'self' https://*.snapchat.com https://d1eoo1tco6rr5e.cloudfront.net https://www.youtube.com https://adservices.brandcdn.com https://www.facebook.com https://insight.adsrvr.org https://td.doubleclick.net/ https://business.facebook.com https://www.shoppingsheet.com;  style-src 'self' 'unsafe-inline' https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://use.fontawesome.com https://fonts.googleapis.com https://www.gstatic.com https://cdnjs.cloudflare.com https://www.shoppingsheet.com;  font-src 'self' data: https://fonts.gstatic.com/ https://use.fontawesome.com/;  img-src 'self' data: https://insight.adsrvr.org https://www.gstatic.com https://fonts.gstatic.com https://www.google.com https://dpm.demdex.net https://match.adsrvr.org https://cm.g.doubleclick.net https://ib.adnxs.com https://pixel.tapad.com https://secure-gl.imrworldwide.com https://secure.adnxs.com https://idpix.media6degrees.com https://www.facebook.com https://su.addthis.com https://cw.addthis.com https://s.thebrighttag.com https://i.liadm.com https://x.bidswitch.net https://i6.liadm.com https://ml314.com https://match.sync.ad.cpe.dotomi.com https://tags.rd.linksynergy.com https://eb2.3lift.com https://match.sharethrough.com https://dmp.truoptik.com https://odr.mookie1.com https://io.narrative.io https://mid.rkdms.com https://simage2.pubmatic.com https://secure.gravatar.com/ https://track2.securedvisit.com/ https://uipglob.semasio.net/ https://www.googletagmanager.com/ https://usermatch.krxd.net/ https://secure.insightexpressai.com/ https://s.w.org/;  worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.youtube.com https://code.jquery.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' *.youtube.com; font-src 'self' data: fonts.gstatic.com; img-src 'self' data: *.google-analytics.com *.ytimg.com *.youtube.com https://secure.gravatar.com; connect-src 'self' *.google-analytics.com 1
frame-ancestors 'self' amnestymoves.at go.webmozarts.com localhost ionic: 1
default-src 'self'; script-src *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com cdnjs.cloudflare.com maps.googleapis.com ajax.googleapis.com www.googletagmanager.com www.linkedin.com https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com *.googletagmanager.com tagmanager.google.com www.googleadservices.com js.bizographics.com sjs.bizographics.com static.ads-twitter.com stats.g.doubleclick.net googleads.g.doubleclick.net analytics.twitter.com px.ads.linkedin.com r1.dotmailer-surveys.com snap.licdn.com servedby.flashtalking.com i.ctnsnet.com ads.avocet.io secure-ds.serving-sys.com bs.serving-sys.com widget.trustpilot.com glassdoor.co.uk *.cookiepro.com geolocation.onetrust.com kmc-3439.twil.io sapphire-turtle-6122.twil.io *.twilio.com cinnabar-catfish-8820.twil.io kmc-3439-serverless.twil.io kmc-1903-serverless.twil.io static.hotjar.com script.hotjar.com www.youtube.com https://*.hotjar.com 'unsafe-inline' https://www.google-analytics.com 'self' 'unsafe-eval' web-chat.nativechat.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net; style-src netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com fonts.googleapis.com tagmanager.google.com *.cookiepro.com geolocation.onetrust.com kmc-3439.twil.io sapphire-turtle-6122.twil.io cinnabar-catfish-8820.twil.io kmc-1903-serverless.twil.io kmc-3439-serverless.twil.io https://*.hotjar.com 'unsafe-inline' 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; img-src *.gstatic.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.analytics.google.com maps.gstatic.com maps.googleapis.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com www.glassdoor.co.uk/api/widget *.eloqua.com t.co stats.g.doubleclick.net www.google.co.uk www.google-analytics.com www.google.com servedby.flashtalking.com *.ads.linkedin.com https://googleads.g.doubleclick.net http://demos.telerik.com secure.adnxs.com *.cookiepro.com geolocation.onetrust.com *.twil.io *.gravatar.com analytics.twitter.com https://*.hotjar.com 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.twil.io https://*.hotjar.com; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com widget.trustpilot.com glassdoor.co.uk static.hotjar.com script.hotjar.com www.google.com www.youtube.com web-chat.nativechat.com forms.hsforms.com; connect-src accounts.google.com *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net *.mktoresp.com kenchatbot.azurewebsites.net secure-ds.serving-sys.com *.cookiepro.com geolocation.onetrust.com *.twilio.com kmc-1111.twil.io wss://tsock.us1.twilio.com kmc-3439.twil.io kmc-3439-serverless.twil.io kmc-1903-serverless.twil.io lm.serving-sys.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://cdn.linkedin.oribi.io https://www.google-analytics.com https://region1.google-analytics.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src r1.dotmailer-surveys.com servedby.flashtalking.com widget.trustpilot.com glassdoor.co.uk *.cookiepro.com *.google.com vars.hotjar.com *.analytics.google.com 'self' web-chat.nativechat.com 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.aplay.casino *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.aplay.casino; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.aplay.casino https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.aplay.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-NkSwomyI+dX8dEuv4SclkLRPAwR1K8u3yYVt0Ud6hyA=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.aplay.casino *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://aplay.casino/sentry/api/29/csp-report/?sentry_key=9db29a98a6d9444b8cfc0495de9b857a 1
frame-ancestors 'self' https://*.myshopify.com https://admin.shopify.com https://builder.io; 1
object-src 'self'; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' https://pdftron.sanity.studio; 1
default-src 'self';base-uri 'self';script-src 'nonce-7+NBIERj026usEw0vSyBOA==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ;script-src * blob: data: 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: filesystem: ;  media-src * ; font-src * data: ; connect-src * ;frame-src 'self' https://player.vimeo.com https://*.productreview.com.au *.stackla.com *.wwtqin.com https://bloxm.wufoo.eu https://*.typeform.com https://*.google.com https://*.pre.wendywutours.com https://*.wendywutours.com https://*.wendywutours.co.uk https://*.wendywutours.com.au *.doubleclick.net *.rfihub.com https://*.rfihub.com  https://*.youtube.com https://*.hotjar.com https://*.doubleclick.net https://*.olark.com https://*.facebook.com https://*.facebook.net https://*.twitter.com https://*.wordpress.com https://*.wendywutours.co.uk https://wendywu.radar.ms *.convertexperiments.com *.veinteractive.com *.feefo.com https://app.sli.do https://wendywutoursuk.simplybook.it/;frame-ancestors 'self'; 1
default-src * 'self'; style-src https://fonts.googleapis.com 'self' 'unsafe-inline'; script-src https://www.google.com https://nexus.ensighten.com https://nexus-test.ensighten.com  https://www.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://www.youtube.com 'self' 'unsafe-eval' 'unsafe-inline';  object-src * 'self'; img-src * 'self' data:;connect-src * 'self';  frame-src * 'self'; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.bet *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.bet; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.bet https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.bet *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-McNIf/cWHRw2sFgJGJN0vyz+u61dDm5rE0OjkkDzVjk=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.mrbit.bet *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://mrbit.bet/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
default-src 'self' *.binomo2.com *.binomo.com; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.clarity.ms *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com binomo.zendesk.com binomo2.zendesk.com app.getsentry.com *.binomo2.com *.binomo.com wss://as.binomo2.com:* wss://as.binomo.com:* wss://ws.binomo2.com:* wss://ws.binomo.com:* s.yimg.com https://mc.yandex.ru; font-src data: 'self' *.zopim.com *.gstatic.com themes.googleusercontent.com *.binomo2.com *.binomo.com; img-src * *.ttwstatic.com data:; media-src 'self' *.binomo2.com *.binomo.com; script-src 'self' *.ada.support www.tiktok.com *.ttwstatic.com static.ads-twitter.com sc-static.net tr.snapchat.com *.clarity.ms *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io binomo.co my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com *.gstatic.com www.googleadservices.com binomo.go2affise.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.binomo2.com *.binomo.com https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://mc.yandex.ru https://yastatic.net; style-src 'self' *.ttwstatic.com *.google.com fonts.googleapis.com 'unsafe-inline' *.binomo2.com *.binomo.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: *.gelita.com *.g.doubleclick.net *.doubleclick.net *.google.com *.gstatic.com *.ggpht.com *.google.de *.googleapis.com *.googletagmanager.com *.google-analytics.com *.googlevideo.com *.lfeeder.com *.myfonts.net *.usercentrics.eu *.umantis.com *.service.usercentrics.eu *.youtube.com *.ytimg.com; 1
default-src 'self' https: data: 'unsafe-inline'; script-src 'unsafe-eval' 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://mijnaansluiting1.expoints.nl https://kendo.cdn.telerik.com; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com 1
default-src 'self' *.dynamicyield.com payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.de ws://127.0.0.1:35729 www.orbisana.de www.orbisana.at www.orbisana.ch;  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dynamicyield.com use.typekit.net www.googletagmanager.com www.google.com www.google-analytics.com www.gstatic.com maps.google.com maps.googleapis.com connect.facebook.net *.payments-amazon.com payments-de-sandbox.amazon.com tagmanager.google.com *.clarity.ms www.orbisana.de www.orbisana.at www.orbisana.ch https://cdn.messengerpeople.com/ https://mycliplister.com/ https://cdn.consentmanager.net https://d.delivery.consentmanager.net *.scarabresearch.com https://cdn.julephosting.de/ https://cdnjs.cloudflare.com/ https://coop.aroundhome.de/ https://cms.assets.aroundhome-production.de/ https://unpkg.com cdn-eu.dynamicyield.com salenti.de https://www.dwin1.com/ https://api.recova.ai https://www.dwin1.com https://lantern.roeyecdn.com https://bat.bing.com https://*.doubleclick.net https://*.criteo.com myshoefitter.com js.myshoefitter.com api.sovendus.com;  style-src 'self' 'unsafe-inline' *.dynamicyield.com use.typekit.net fonts.googleapis.com tagmanager.google.com www.orbisana.de www.orbisana.at www.orbisana.ch https://www.googletagmanager.com https://cdn.julephosting.de/;  img-src 'self' data: p.typekit.net www.google-analytics.com  *.shopify.com *.dynamicyield.com *.googleapis.com maps.google.com *.cloudfront.net *.ssl-images-amazon.com *.ggpht.com *.gstatic.com img.youtube.com *.clarity.ms www.orbisana.de www.orbisana.at www.orbisana.ch https://www.googletagmanager.com https://mycliplister.com/ https://*.amazonaws.com/ blob: https://d.delivery.consentmanager.net https://cdn.consentmanager.net *.mycliplister.com *.weltbild.de cdn.dynamicyield.com https://cdn.shopify.com/ cdn-eu.dynamicyield.com https://cdn.julephosting.de/ pn.aroundhome.de https://*.bing.com https://www.google.de https://www.google.com https://*.facebook.com https://*.doubleclick.net https://*.criteo.com https://*.adnxs.com https://*.bidswitch.net https://contextual.media.net https://pixel.rubiconproject.com https://rtb-csync.smartadserver.com https://sync-t1.taboola.com https://criteo-sync.teads.tv https://eb2.3lift.com https://hb.yahoo.net https://cm.adform.net https://visitor.omnitagjs.com https://r.casalemedia.com https://id5-sync.com/ https://ad.360yield.com https://matching.ivitrack.com https://exchange.mediavine.com https://jadserve.postrelease.com https://sync.outbrain.com https://a.twiago.com https://simage2.pubmatic.com https://match.sharethrough.com https://criteo-partners.tremorhub.com https://ad.yieldlab.net https://sync-criteo.ads.yieldmo.com https://e1.emxdgt.com https://dpm.demdex.net https://beacon.krxd.net https://c1.adform.net;  font-src 'self' data: use.typekit.net fonts.gstatic.com www.orbisana.de www.orbisana.at www.orbisana.ch *.dynamicyield.com https://stagecdn.julephosting.de/;  object-src 'self' www.orbisana.de www.orbisana.at www.orbisana.ch;  media-src 'self' www.orbisana.de www.orbisana.at www.orbisana.ch https://cdn.messengerpeople.com/ https://mycliplister.com https://*.mycliplister.com;  child-src 'self' *.dynamicyield.com payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com staticxx.facebook.com www.facebook.com www.youtube.com *.payments-amazon.com api-cdn.amazon.com www.orbisana.de www.orbisana.at www.orbisana.ch *.google.com https://coop.aroundhome.de/ https://services.herzalter-bestimmen.de/ salenti.de https://open.spotify.com/ https://*.doubleclick.net https://*.criteo.com https://cdn.consentmanager.net/ dialog.myshoefitter.com  sovendus-connect.com www.sovendus-connect.com cdn.julephosting.de;  form-action 'self' payments-de-sandbox.amazon.com payments-de.amazon.com payments.amazon.com www.computop-paygate.com www.orbisana.de www.orbisana.at www.orbisana.ch;  frame-ancestors 'self' www.orbisana.de www.orbisana.at www.orbisana.ch;  connect-src 'self' ws://127.0.0.1:35729 *.dynamicyield.com performance.typekit.net www.google-analytics.com *.clarity.ms www.orbisana.de www.orbisana.at www.orbisana.ch https://*.google-analytics.com https://payments.amazon.com/ https://payments.amazon.de/ https://widget.msgp.pl/ https://api.appengage.sinch.com/ https://rest.messengerpeople.com/ https://grpc-web.sinch-chat.prod.sinch.com/ https://mycliplister.com/ https://*.mycliplister.com *.scarabresearch.com https://*.consentmanager.net *.dynamicyield.com maps.googleapis.com https://cdn.julephosting.de/ https://adm.dynamicyield.eu/ *.algolianet.com *.algolia.net cdnjs.cloudflare.com https://api.recova.ai https://www.google.com https://www.google.de https://*.doubleclick.net https://*.criteo.com https://*.googlesyndication.com https://*.weltbild.de https://*.analytics.google.com https://bat.bing.com/ usage.myshoefitter.com usage.myshoefitter.com integration-api.sovendus.com identification-api.sovendus.com; 1
default-src 'self' https: wss: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' fusedeck.net *.fusedeck.net fusedeck.io *.fusedeck.io *.google-analytics.com *.hs-analytics.net analytics.statify.ch *.facebook.net js.hubspot.com *.hs-banner.com *.hs-scripts.com *.hsforms.net *.cookielaw.org *.hsleadflows.net beacon.sojern.com *.sentry-cdn.com *.switzerlandtravelcentre.com https://api.switzerlandtravelcentre.com/ forms.hubspot.com googleads.g.doubleclick.net googleadservices.com *.googletagmanager.com polyfill.io script.hotjar.com sentry.io v2.zopim; style-src 'self' 'strict-dynamic' 'unsafe-inline' *.fusedeck.net fusedeck.net fusedeck.io *.fusedeck.io cdnjs.cloudflare.com assets.tripbuilder.app fonts.googleapis.com fonts.gstatic.com; font-src 'self' *.cloudfront.net data: fonts.googleapis.com fonts.gstatic.com cdn.app.sbb.ch; img-src * data:; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' https: data: blob: wss:; frame-ancestors 'self'; 1
default-src 'self' data: blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; frame-src https:; img-src data: https:; media-src https:; object-src 'none'; sandbox allow-forms allow-pointer-lock allow-presentation allow-same-origin allow-scripts allow-popups; 1
frame-ancestors chpl.org *.chpl.org cincinnatilibrary.bibliocms.com *.cincinnatilibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src chpl.org *.chpl.org cincinnatilibrary.bibliocms.com *.cincinnatilibrary.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' nieren.containers.piwik.pro www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com storage.googleapis.com nieren.piwik.pro connect.facebook.net content.jwplatform.com consent.cookiebot.com pagead2.googlesyndication.com *.squeezely.tech squeezely.tech consentcdn.cookiebot.com *.googleadservices.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net tpc.googlesyndication.com *.pinimg.com *.adnxs.com *.hotjar.com *.hotjar.com *.linkedin.com *.google-analytics.com *.google.com *.google.nl *.youtube.com; style-src 'self' 'unsafe-inline' cloud.webtype.com cloud.typenetwork.com *.typenetwork.com fastly-cloud.typenetwork.com www.googletagmanager.com fonts.googleapis.com; style-src-elem 'self' 'unsafe-inline' cloud.webtype.com cloud.typenetwork.com *.typenetwork.com fastly-cloud.typenetwork.com www.googletagmanager.com fonts.googleapis.com; frame-src 'self' data: blob: www.youtube.com youtube.com *.youtube.com player.vimeo.com www.testamenttest.nl *.nierstichting.nl *.nierstichting-tools.nl web.abbi-insights.com consentcdn.cookiebot.com staging-nierstichting.plaatjesmaker.nu nierstichting.plaatjesmaker.nu *.doubleclick.net *.pinterest.com; frame-ancestors nierstichting.collecteweb.nl test02-nierstichting.stb.nl cboards.caresharing.eu; img-src 'self' data: pls.webtype.com www.google-analytics.com nieren.piwik.pro www.facebook.com pagead2.googlesyndication.com *.gstatic.com *.squeezely.tech googleads.g.doubleclick.net *.linkedin.com *.adnxs.com *.google.com www.google.com *.google.nl *.pinterest.com; font-src 'self' data: cloud.webtype.com *.typenetwork.com fastly-cloud.typenetwork.com *.gstatic.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' nieren.containers.piwik.pro www.googletagmanager.com www.google-analytics.com ssl.google-analytics.com storage.googleapis.com nieren.piwik.pro connect.facebook.net content.jwplatform.com consent.cookiebot.com pagead2.googlesyndication.com *.squeezely.tech squeezely.tech consentcdn.cookiebot.com *.googleadservices.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net tpc.googlesyndication.com *.pinimg.com *.adnxs.com *.hotjar.com *.hotjar.com *.linkedin.com *.google-analytics.com *.google.com *.google.nl *.youtube.com; media-src 'self' player.vimeo.com vod-progressive.akamaized.net; default-src 'self' api.storyteq.com www.googletagmanager.com www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.google.com consentcdn.cookiebot.com squeezely.tech *.googleadservices.com static.hotjar.com snap.licdn.com *.youtube.com *.google-analytics.com *.doubleclick.net *.pinterest.com *.hotjar.com *.hotjar.io wss://ws.hotjar.com 1
default-src https: 'unsafe-inline'; img-src https: 'unsafe-inline' data: 1
form-action 'self' https://go.pardot.com https://submit-irm.trustarc.com; 1
https: 'unsafe-inline'; frame-ancestors *.boqueria.barcelona; base-uri https://www.boqueria.barcelona; form-action https://www.boqueria.barcelona 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://ssl.google-analytics.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://cdn.jsdelivr.net 1
default-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.gravatar.com *.smushcdn.com *.wpmucdn.com wpmudev.com *.typekit.net cdn.linkedin.oribi.io getaddress.io *.getaddress.io *.ipify.org coleg-gwent-blaenaugwent.s3.eu-west-2.amazonaws.com coleg-gwent-usk.s3.eu-west-2.amazonaws.com coleg-gwent-newport.s3.eu-west-2.amazonaws.com coleg-gwent-crosskeys.s3.eu-west-2.amazonaws.com coleg-gwent-pontypool.s3.eu-west-2.amazonaws.com *.cookielaw.org *.w.org *.windows.net *.coleggwent.org *.unistats.ac.uk *.discoveruni.gov.uk prod-discoveruni.azure-api.net *.career-pathways.co.uk *.myridinglife.com *.click4assistance.co.uk discoveruni.gov.uk icould.com *.bing.com *.bidswitch.net  *.adnxs.com *.coleggwent.ac.uk qvdt3feo.com *.stackadapt.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.snapchat.com *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com snap.licdn.com *.linkedin.com *.fejobs.com *.twitter.com *.twimg.com *.ytimg.com *.google-analytics.com *.googletagmanager.com *.bootstrapcdn.com *.youtube.com youtu.be *.microsoftstream.com *.facebook.com *.facebook.net secure.adnxs.com *.doubleclick.net data: getaddress.io *.getaddress.io *.ipify.org coleg-gwent-blaenaugwent.s3.eu-west-2.amazonaws.com coleg-gwent-usk.s3.eu-west-2.amazonaws.com coleg-gwent-newport.s3.eu-west-2.amazonaws.com coleg-gwent-crosskeys.s3.eu-west-2.amazonaws.com coleg-gwent-pontypool.s3.eu-west-2.amazonaws.com *.google.co.uk *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com *.google.com t.co; script-src 'self' 'unsafe-inline' *.api.getaddress.io *.coleggwent.org getaddress.io *.getaddress.io *.ipify.org *.googleapis.com *.wpmucdn.com wpmudev.com *.google.com qvdt3feo.com *.stackadapt.com *.amazon-adsystem.com *.paa-reporting-advertising.amazon *.static.doubleclick.net static.doubleclick.net *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.jquery.com *.google.com *.gstatic.com *.youtube.com youtu.be *.microsoftstream.com secure.adnxs.com *.googleads.g.doubleclick.net googleads.g.doubleclick.net *.twimg.com *.ytimg.com  googleapis.com *.twitter.com *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com snap.licdn.com *.snapchat.com *.linkedin.com sc-static.net connect.facebook.net static.ads-twitter.com s7.addthis.com *.unistats.ac.uk *.discoveruni.gov.uk prod-discoveruni.azure-api.net *.career-pathways.co.uk *.myridinglife.com *.click4assistance.co.uk discoveruni.gov.uk icould.com *.bing.com *.gravatar.com *.cookielaw.org *.w.org *.windows.net 1
frame-ancestors https://www.m-kankou.jp/ https://san3kan.net/; 1
default-src 'self' data: *.atolcd.com maps.google.com *.gstatic.com *.googleapis.com *.youtube.com pbs.twimg.com *.google-analytics.com *.twitter.com tarteaucitron.io in-automate.brevo.com; script-src 'self' 'unsafe-eval' *.atolcd.com *.googleapis.com html5shim.googlecode.com *.google-analytics.com *.googletagmanager.com *.google.com *.gstatic.com *.twitter.com maps.google.com cdnjs.cloudflare.com tarteaucitron.io *.tarteaucitron.io sibautomation.com 'unsafe-inline'; frame-src 'self' *.atolcd.com *.twitter.com *.youtube.com app.livestorm.co *.slideshare.net *.google.com playerbeta.octopus.saooti.com; style-src 'self' *.atolcd.com *.googleapis.com *.tarteaucitron.io 'unsafe-inline' 1
frame-ancestors https://www.ittour.com.ua/ 1
base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: wss://*.upscope.io http://*.splashfinancial.com http://*.impactradius-event.com; img-src data: blob: http: https:; worker-src blob: 1
default-src 'self'; img-src * 'self' data: https:; frame-src https://www.youtube.com https://www.google.com; connect-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' ; script-src-elem 'self' 'unsafe-inline' https://secure.want7feed.com/js/213813.js https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; 1
default-src 'self' *.kashflowpayroll.com cdnjs.cloudflare.com verify.uk.pt-x.com web-sdk-eu.aptrinsic.com esp-eu.aptrinsic.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' *.kashflowpayroll.com data:; img-src *; frame-src www.youtube.com/embed/4GzLYxZw2gw 1
frame-ancestors 'self' https://manage.ratchetandwrench.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz www.google.com www.gstatic.com 'unsafe-inline' 'unsafe-eval' data:; base-uri https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz; frame-ancestors https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz; style-src 'unsafe-inline' https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz https://*.typography.com https://maxcdn.bootstrapcdn.com https://*.fontawesome.com https://fonts.googleapis.com https://*.gstatic.com https://tagmanager.google.com https://optimize.google.com; script-src 'unsafe-inline' https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz https://app-script.monsido.com https://player.vimeo.com https://code.jquery.com https://staticcdn.co.nz https://snap.licdn.com https://www.google.com https://*.doubleclick.net https://www.googleadservices.com https://*.fontawesome.com https://connect.facebook.net https://*.gstatic.com https://www.googletagmanager.com https://fonts.googleapis.com https://*.google-analytics.com http://*.google-analytics.com http://tagmanager.google.com https://optimize.google.com https://code.jquery.com 'unsafe-eval'; img-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz http://www.education.govt.nz 'self' data: https://staticcdn.co.nz https://i.vimeocdn.com https://img.youtube.com https://i.ytimg.com http://tracking.monsido.com https://tracking.monsido.com https://shielded.co.nz https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://www.google.co.nz https://p.adsymptotic.com https://www.google.com https://px.ads.linkedin.com https://*.facebook.com https://*.google-analytics.com http://*.google-analytics.com https://*.swagger.io https://optimize.google.com; font-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz data: https://*.fontawesome.com https://*.typography.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com; object-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz 'self'; frame-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz http://www.education.govt.nz 'self' https://www.facebook.com https://staticcdn.co.nz https://bid.g.doubleclick.net https://www.google.com data: https://*.youtube-nocookie.com https://player.vimeo.com https://*.youtube.com https://optimize.google.com https://www.googletagmanager.com/ns.html https://*.hotjar.com; child-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz https://*.youtube-nocookie.com https://player.vimeo.com http://player.vimeo.com https://*.youtube.com  https://optimize.google.com https://www.googletagmanager.com/ns.html https://*.hotjar.com; connect-src https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz https://stats.g.doubleclick.net https://*.algolia.net https://*.algolianet.com https://www.google-analytics.com; form-action https://*.education.govt.nz https://www.education.govt.nz https://www.education.govt.nz/ https://education-live-storagestack-assetstorages3bucket-16vm9scoufd4c.s3.ap-southeast-2.amazonaws.com https://assets.education.govt.nz http://www.education.govt.nz https://www.facebook.com 'self'; 1
frame-ancestors https://online-moebel-kaufen.de https://moebel-letz.shop https://letz.my3cx.de 'self'; 1
default-src https: http: data: wss: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.passageware.com *.passporthealthusa.com *.passporthealthglobal.com *.outlier.com *.clover.com; 1
frame-ancestors 'self' https://*.salesforce.com https://*.force.com https://*.everyonesocial.app https://*.highspot.com https://*.sharepoint.com https://*.salesloft.com https://*.outreach.io https://*.hellozest.io https://*.everyonesocial.com https://*.eu.ngrok.io https://*.workvivo.com https://*.workvivo.io https://*.sc.com https://*.chameleon.io; script-src 'self' blob: 'unsafe-inline' https://cdn.segment.com https://embed.redditmedia.com https://embed.reddit.com https://platform.twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://*.instagram.com https://*.tiktok.com https://*.tiktokcdn-us.com https://connect.facebook.net https://cdn.userway.org https://*.chameleon.io https://calendly.com https://*.calendly.com; object-src 'none'; 1
connect-src 'self' *.google-analytics.com ;default-src 'self';frame-ancestors 'self' *.google.com ogs.google.com ;frame-src 'self' *.google.com *.youtube.com youtu.be ogs.google.com;img-src 'self' *.sonimcloud.com *.s3.amazonaws.com *.google-analytics.com data: w3.org/svg/2000 *.ytimg.com ;media-src 'self' *.sonimcloud.com *.sharepoint.com *.google.com youtu.be *.youtube.com *.amazonaws.com;object-src 'self' *.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.gstatic.com *.sonimcloud.com *.googletagmanager.com *.google-analytics.com *.youtube.com blob: self ;style-src 'self' 'unsafe-inline' *.sonimcloud.com ; 1
default-src https://api.searchbooster.net https://static.advcake.com https://analytics.google.com https://stats.g.doubleclick.net https://an.yandex.ru https://mc.yandex.com https://mc.yandex.md https://www.google-analytics.com https://mc.yandex.ru https://cdn2.searchbooster.net https://api4.searchbooster.io https://cdn.jsdelivr.net https://mebel.ru https://new.mebel.ru 'self' data:; script-src https://static.advcake.com https://an.yandex.ru https://www.google-analytics.com https://mebel.ru https://mc.yandex.ru https://www.googletagmanager.com https://cdn2.searchbooster.net https://core-renderer-tiles.maps.yandex.net https://yastatic.net https://api-maps.yandex.ru 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://mebel.ru https://new.mebel.ru https://cdn2.searchbooster.net 'self' 'unsafe-inline'; img-src https://static.advcake.com https://imp.acstat.com https://www.google.ru https://www.google-analytics.com https://cdn.mebel.ru https://cdn1.mebel.ru https://cdn2.mebel.ru https://core-renderer-tiles.maps.yandex.net https://api-maps.yandex.ru https://cdn.jsdelivr.net https://mebel.ru https://new.mebel.ru https://mc.yandex.com https://mc.yandex.md https://mc.yandex.ru 'self' data:; object-src 'self' https://cdn.jsdelivr.net https://mebel.ru https://new.mebel.ru data: 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com *.google.com *.googletagmanager.com *.cookiebot.com *.ads-twitter.com *.facebook.net *.gstatic.com; frame-src 'self' *.cookiebot.com *.google.com; object-src 'self' 1
default-src 'self' ;script-src 'self' 'sha384-NWe/pGREKPoeL552ed3H5nlEFu+juvb5OmaVnSZpUUFfhGukVqcNcwl8rXd57pZh' https://www.googletagmanager.com https://www.youtube.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://netdna-ssl.com https://addthis.com https://moatads.com https://static.addtoany.com https://widget.ebanqo.io https://webchat.ebanqo.io 'strict-dynamic'  'nonce-ff9c453069' 'nonce-ff9c453069' 'nonce-db8cd3f76f' 'nonce-8b6b07b532' 'nonce-61a3f71e1a' 'nonce-cba11e5575' 'nonce-d7b1f39d7e' 'nonce-36d116005b' 'nonce-ff9c453069' 'nonce-ff9c453069' 'nonce-52208d4371' 'nonce-ff9c453069' 'nonce-78636d9e31' 'nonce-cbc6e07d4f' 'nonce-f25e62059c' 'nonce-a6685222ab' 'nonce-5d4dc322b7' 'nonce-b41e377cb7' 'nonce-eb421888f8' 'nonce-69af941d8e' 'nonce-0bb53c4a6f' 'nonce-c1ea8de905' 'nonce-0fc8a7497b' 'nonce-e8fab4a62e' 'nonce-c2664f92c3' 'nonce-ff9c453069' 'nonce-3eda3fa570' 'nonce-ff9c453069' 'nonce-ff9c453069' 'nonce-ff9c453069';style-src 'self' 'sha256-HX6I7Qucz6fTKDxG8JjpfesJr/de0Gnj0O6lujyWyuQ=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-x3pYNE9SHLaBdiaoYqqleLXxGYuWCtZBWCa+GjXaZis=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-AUjyPqC61vcwTQfLINvUZXy/y2gjQYA7yg7awjXow5Y=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-aak40JsuHbqqe+mzKHhfreZUd+J3C4EsAdSpc4v9A5Y=' https://fonts.googleapis.com https://netdna-ssl.com 'strict-dynamic'  'nonce-5d01b7a569' 'nonce-5a60544b21' 'nonce-f3905ae989' 'nonce-d37b939af5' 'nonce-f32765111e' 'nonce-7100e9fe40' 'nonce-5d01b7a569' 'nonce-5d01b7a569';font-src 'self' data: https://fonts.gstatic.com https://netdna-ssl.com;connect-src 'self' https://vimeo.com https://www.google-analytics.com https://stats.g.doubleclick.net https://addthis.com https://region1.google-analytics.com https://cdn.linkedin.oribi.io https://px.ads.linkedin.com https://region1.analytics.google.com;frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://addthis.com https://static.addtoany.com https://www.facebook.com https://webchat.ebanqo.io;img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://netdna-ssl.com https://i.ytimg.com https://www.facebook.com https://px.ads.linkedin.com; 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.sentry.io *.sumo.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com media.sumome.com pro.ip-api.com sentry.io stats.g.doubleclick.net sumo.com sumome.com vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com cdn.userway.org d3s1gm5djwyp3q.cloudfront.net data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org sumo.com sumome.com; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.sumo.com *.userway.org *.zopim.io d3s1gm5djwyp3q.cloudfront.net data: media.sumome.com stats.g.doubleclick.net sumo.b-cdn.net sumo.com sumome.com; manifest-src d3s1gm5djwyp3q.cloudfront.net www.ammoforsale.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.sumo.com *.sumome.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.voyagetext.com blob: browser.sentry-cdn.com cdn.ravenjs.com code.jquery.com d3s1gm5djwyp3q.cloudfront.net https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net sumo.b-cdn.net sumome-140a.kxcdn.com sumome.com; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com cdn.userway.org d3s1gm5djwyp3q.cloudfront.net sload.sumo.com sumo.b-cdn.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://vt.social; img-src 'self' data: blob: https://vt.social https://vt.social/media/; style-src 'self' 'unsafe-inline' https://vt.social 'nonce-FiIzj03xBT3ZBFRAj/QPYg=='; media-src 'self' data: https://vt.social https://vt.social/media/; frame-src 'self' https:; manifest-src 'self' https://vt.social; form-action 'self'; child-src 'self' blob: https://vt.social; worker-src 'self' blob: https://vt.social; connect-src 'self' data: blob: https://vt.social https://vt.social/media/ wss://vt.social; script-src 'self' https://vt.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.adobecqms.net https://*.ceros.com https://*.vonage.co.uk 1
default-src 'self';script-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline';img-src *;object-src 'self';frame-ancestors 'self' 1
default-src 'self' https://diamant-zucker.de https://www.diamant-zucker.de https://www.diamant.pl/; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://www.googletagmanager.com https://code.jquery.com http://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cookiepro.blob.core.windows.net https://www.diamant-zucker.de https://cookie-cdn.cookiepro.com https://html2canvas.hertzen.com https://cdnjs.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://cdn.insight.sitefinity.com cdn.ampproject.org http://code.jquery.com http://cdnjs.cloudflare.com https://unpkg.com https://analytics.tiktok.com https://analytics.google.com/ *.loyjoy.com https://tracking-cdn.figpii.com https://sessions.bugsnag.com https://statics-cdn.figpii.com https://visitor.figpii.com https://variations-cdn.figpii.com https://s.pinimg.com https://ct.pinterest.com https://dec.azureedge.net web-chat.nativechat.com; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com http://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cookiepro.blob.core.windows.net https://www.diamant-zucker.de 'unsafe-inline' https://cdn.insight.sitefinity.com https://dec.azureedge.net http://cdnjs.cloudflare.com https://variations-cdn.figpii.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com staging.diamant-zucker.de https://diamant-zucker.de https://www.diamant-zucker.de *.google-analytics.com https://dec.azureedge.net https://cookie-cdn.cookiepro.com *.loyjoy.com *.googletagmanager.com/ https://analytics.figpii.com https://cdn.insight.sitefinity.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://diamant-zucker.de https://www.diamant-zucker.de https://plmsa-sql-web-diamant-staging.azurewebsites.net *.loyjoy.com; frame-src 'self' https://www.google.com https://open.spotify.com https://ct.pinterest.com web-chat.nativechat.com; connect-src 'self' accounts.google.com *.mktoresp.com http://staging.diamant-zucker.de https://diamant-zucker.de https://www.google-analytics.com https://www.diamant-zucker.de https://cookie-cdn.cookiepro.com https://privacyportal.cookiepro.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://api.friendlycaptcha.com https://analytics.tiktok.com https://analytics.google.com/ *.googleapis.com *.loyjoy.com https://stats.g.doubleclick.net https://sessions.bugsnag.com https://tracking-settings.figpii.com https://visitor.figpii.com https://rr.figpii.com https://analytics.figpii.com https://ct.pinterest.com *.google-analytics.com; media-src 'self' data: blob: https://diamant-zucker.de https://www.diamant-zucker.de https://diamant-zucker-de.s3.amazonaws.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://unpkg.com blob: web-chat.nativechat.com; object-src https://tracking-settings.figpii.com 1
base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io https://api.hubapi.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.typekit.net; form-action 'self' https://forms.hsforms.com; frame-ancestors 'self' https://*.smithsdetection.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://www.youtube.com/ https://forms.hsforms.com https://view.ceros.com/; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://*.hubspot.com https://img.youtube.com https://forms-na1.hsforms.com https://forms.hsforms.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://cdn.polyfill.io https://www.youtube.com https://cdnjs.cloudflare.com https://js.hsforms.net https://js.hs-scripts.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hsadspixel.net https://player.vimeo.com; style-src 'self' 'unsafe-inline' data: https://*.googleapis.com https://*.google.com https://*.typekit.net; 1
default-src 'nonce-portal-css' 'self'; script-src-elem 'self' 'nonce-portal-css' 'nonce-RelevantID4' 'nonce-globalThis' 'nonce-splashScreen' 'nonce-serviceWorker' export.highcharts.com maps.googleapis.com cdn3.devexpress.com cs.imperium.com rvid.imperium.com code.highcharts.com; style-src-elem 'self' 'nonce-portal-css' 'nonce-dynamicStyle' cdn3.devexpress.com fonts.googleapis.com; style-src 'self' 'nonce-portal-css' 'nonce-dynamicStyle' cdn3.devexpress.com fonts.googleapis.com; connect-src 'self' api-gateway.reviewtrackers.com maps.googleapis.com cs.imperium.com rvid.imperium.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com cdn3.devexpress.com; media-src 'self' acuraclientexperience.com toyotaexperience.ca; img-src 'self' rtx-source-icons.s3.amazonaws.com maps.googleapis.com maps.gstatic.com data: hondacustomerserviceexperience.com *.hondacustomerserviceexperience.com; frame-ancestors *.reflecx.io reflecx.io; trusted-types google-maps-api#html highcharts angular#bundler angular angular#unsafe-bypass angular#unsafe-jit; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru yandex.ru yastatic.net; frame-src 'self' *.yandex.ru yandex.ru yastatic.net; object-src 'self' 1
font-src https://fonts.gstatic.com/ https://fonts.googleapis.com/ *.fontawesome.com https://fonts.gstatic.com *.compassmerchantsolutions.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com self *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com *.facebook.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.compassmerchantsolutions.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.compassmerchantsolutions.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ https://*.doubleclick.net/ *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com *.facebook.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.compassmerchantsolutions.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://kalicr.com https://www.google.co.cr/ *.capris.cr *.magentosite.cloud *.googleapis.com *.google.co.cr *.facebook.com *.botmaker.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net blob: https://capris.cr/media/wysiwyg/categoria_sin_imagen.png https://static.grainger.com/ *.compassmerchantsolutions.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: *.capris.cr *.magentosite.cloud *.googleapis.com *.google-analytics.com *.googleadservices.com *.addtoany.com *.marketo.net *.botmaker.com *.facebook.net polyfill.io *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net *.googlesyndication.com *.compassmerchantsolutions.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://googletagmanager.com/ https://www.googletagmanager.com/ data: *.addtoany.com *.googleapis.com *.botmaker.com *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net https://credomatic.compassmerchantsolutions.com/ https://secure.networkmerchants.com/ *.fontawesome.com *.compassmerchantsolutions.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src *.compassmerchantsolutions.com 'self' 'unsafe-inline'; media-src *.adobe.com *.capris.cr *.magentosite.cloud *.googleapis.com *.google.co.cr *.botmaker.com wss://ws.botmaker.com/stable11/ws/wendpoint/ https://bam.nr-data.net https://capris.cr/media/wysiwyg/categoria_sin_imagen.png *.compassmerchantsolutions.com 'self' 'unsafe-inline'; manifest-src *.compassmerchantsolutions.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com https://googletagmanager.com/ https://www.googletagmanager.com/ https://*.doubleclick.net/ data: *.doubleclick.net *.googleapis.com *.google-analytics.com *.mktoresp.com *.botmaker.com *.appspot.com wss://ws.botmaker.com/stable11/ws/wendpoint/ fonts.gstatic.com https://bam.nr-data.net https://credomatic.compassmerchantsolutions.com/ http://dpm.demdex.net *.compassmerchantsolutions.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src *.compassmerchantsolutions.com assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' fonts.gstatic.com use.typekit.net data:; script-src 'self' *.scene7.com cse.google.com *.google-analytics.com *.googletagmanager.com www.google.com assets.adobedtm.com cdn.cookielaw.org connect.facebook.net fonts.googleapis.com fonts.gstatic.com player.vimeo.com f.vimeocdn.com i.vimeocdn.com snap.licdn.com use.typekit.net vjs.zencdn.net *.cloudfront.net *.amazonaws.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.zimvie.com *.scene7.com zimvie.sc.omtrdc.net *.google-analytics.com *.googletagmanager.com clients1.google.com www.google.com www.googleapis.com *.gstatic.com cse.google.com cdn.cookielaw.org i.vimeocdn.com www.facebook.com *.linkedin.com dev.day.com; style-src 'self' www.google.com fonts.googleapis.com p.typekit.net use.typekit.net f.vimeocdn.com 'unsafe-inline'; connect-src 'self' *.googleapis.com *.google-analytics.com analytics.google.com *.googletagmanager.com csp.withgoogle.com cdn.cookielaw.org *.onetrust.com zimmerinc.tt.omtrdc.net *.doubleclick.net player.vimeo.com app.e2ma.net dpm.demdex.net cdn.linkedin.oribi.io; frame-src *.e2ma.net cse.google.com player.vimeo.com www.facebook.com zimmerinc.demdex.net; frame-ancestors 'self' zimvie.tdicompliancecloud.com; worker-src 'self' blob:; child-src 'self' blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com/ https://www.riyadcapital.com/ https://www.youtube.com/ https://www.google.com/ https://cdnjs.cloudflare.com/ https://unpkg.com/ https://maps.googleapis.com/ https://fonts.googleapis.com/ https://*.gstatic.com/; 1
img-src 'self' data: images.ctfassets.net *.lightboxcdn.com *.google-analytics.com *.tapad.com *.googletagmanager.com *.fls.doubleclick.net *.facebook.com *.lytics.io *.akamaihd.net *.amazon-adsystem.com *.moatads.com *.cookielaw.org *.bazaarvoice.com *.amazonaws.com *.youtube.com *.haircode.com *.google.com *.google.ca click2cart.co *.agkn.com *.snapchat.com *.agkn.com *.pricespider.com consumersupport.pg.com *.mapbox.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io ; font-src 'self' data: *.haircode.com fonts.gstatic.com maxcdn.bootstrapcdn.com *.agkn.com *.pricespider.com feed.pghub.io pandg.tapad.com ; media-src 'self' *.cloudinary.com *.ctfassets.net *.onetrust.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.lightboxcdn.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com *.googleapis.com maxcdn.bootstrapcdn.com *.pricespider.com *.mapbox.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: waves.retentionscience.com lightboxapi.azurewebsites.net *.googleapis.com *.lightboxcdn.com *.cloudfront.net *.cloudflare.com *.google.com *.google-analytics.com *.googletagmanager.com *.moatads.com *.cookielaw.org *.crazyegg.com pghub.io *.facebook.net *.segment.com *.lytics.io *.bazaarvoice.com *.amazonaws.com *.haircode.com click2cart.co *.iesnare.com *.pricespider.com consumersupport.pg.com sc-static.net *.mapbox.com *.onetrust.io cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; connect-src 'self' https://privacytermsprod.azureedge.net kardia-nonprod.azure-api.net kardia.azure-api.net *.crazyegg.com *.google-analytics.com *.doubleclick.net *.cookielaw.org api.segment.io *.adsrvr.org *.pg.com *.bazaarvoice.com *.smartcommerce.co click2cart.co *.haircode.com *.snapchat.com *.pricespider.com wss://wtbstream.pricespider.com consumersupport.pg.com *.mapbox.com *.onetrust.io cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io pandg.tapad.com ; default-src 'self' *.googletagmanager.com *.fls.doubleclick.net *.tapad.com *.facebook.com *.bazaarvoice.com click2cart.co pgconsumersupport.secure.force.com *.youtube.com *.snapchat.com pg-lex.my.salesforce-sites.com consumersupport.pg.com cdn.pricespider.com embeddedcloud.pricespider.com omni.pricespider.com wtbng.pricespider.com wtbstream.pricespider.com tr.snapchat.com *.onetrust.com feed.pghub.io ; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.translate.naver.net https://ct.pinterest.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob: https://app.qubit.com https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.co.kr https://ampcid.google.co.jp https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://horizon-api.www.myprotein.co.kr https://*.qubit.com https://*.qubitproducts.com https://analytics.tiktok.com https://*.abtasty.com https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.co.kr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://appdown.pstatic.net https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.myprotein.co.kr https://m.myprotein.co.kr https://checkout.myprotein.co.kr https://connect.facebook.net https://ct.pinterest.com https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.translate.naver.net https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://static.goqubit.com https://*.qubit.com https://analytics.tiktok.com https://sf16-muse-va.ibytedtos.com blob: https://*.abtasty.com https://sgtm.myprotein.co.kr; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.translate.naver.net https://*.googleapis.com https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
base-uri 'none'; frame-ancestors 'self' https:; script-src 'nonce-184044f8-1dec-4971-9af7-d1a29bf88d76' 'strict-dynamic' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://o191354.ingest.sentry.io/api/1804128/security/?sentry_key=c70af02fd39547c19e9c93a469bd1584 1
script-src 'self' 'self' data: fairexpo.s3.amazonaws.com 'unsafe-inline' www.google-analytics.com static.ads-twitter.com analytics.twitter.com connect.facebook.net maps.googleapis.com www.google.com www.gstatic.com https://maps.googleapis.com/ cdn-prod.hive.co ajax.googleapis.com www.googletagmanager.com analytics.google.com kit.fontawesome.com ka-f.fontawesome.com;img-src * 'self' 'self' data: https: 'self' data: 'self' data: https://fairexpo.s3.amazonaws.com data: https: 'unsafe-inline' fairexpo.s3.amazonaws.com www.facebook.com t.co data: s3.amazonaws.com www.google-analytics.com thefairme.s3.amazonaws.com;style-src 'self' fairexpo.s3.amazonaws.com 'unsafe-inline' fonts.googleapis.com use.font-awesome.com use.fontawesome.com cdn-prod.hive.co;default-src www.google-analytics.com stats.g.doubleclick.net www.facebook.com www.google.com test.fairlocal.com:3000 www.fairexpo.com www.thefair.me https://www.youtube.com/ https://forms.office.com/ app.hive.co maps.googleapis.com analytics.google.com ka-f.fontawesome.com;script-src-attr 'unsafe-inline';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rollenspiel.social; img-src 'self' https: data: blob: https://rollenspiel.social; style-src 'self' https://rollenspiel.social 'nonce-Ti5NqBI+NKxbn0D3a9cx4A=='; media-src 'self' https: data: https://rollenspiel.social; frame-src 'self' https:; manifest-src 'self' https://rollenspiel.social; form-action 'self'; child-src 'self' blob: https://rollenspiel.social; worker-src 'self' blob: https://rollenspiel.social; connect-src 'self' data: blob: https://rollenspiel.social https://files.example.com wss://rollenspiel.social; script-src 'self' https://rollenspiel.social 'wasm-unsafe-eval' 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net 'nonce-8AX7PDvtNNkhUfSEaCufhkh3IDKS6AqSijsh61oX7yA=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 1
default-src https: http: blob: data: 'unsafe-inline' 'unsafe-eval'; object-src ceros.com www3.ceros.com view.ceros.com wwwprod.eastdilsecured.com wwwprodbe.eastdilsecured.com wwwuat.eastdilsecured.com wwwbcp.eastdilsecured.com www.eastdilsecured.com esi.eastdilsecured.com esiadmin.eastdilsecured.com www.eastdilsecured.tech eastdilsecured.tech; base-uri http: https:; frame-ancestors 'self' eastdil-secured.preview.ceros.com api.ceros.com view.ceros.com www3.ceros.com wwwuat.eastdilsecured.com wwwbcp.eastdilsecured.com www.eastdilsecured.com esi.eastdilsecured.com ceros.com esiadmin.eastdilsecured.com www.eastdilsecured.tech eastdilsecured.tech; 1
base-uri 'self'; connect-src 'self' https://advocacyassembly.org https://www.google-analytics.com https://use.typekit.net https://performance.typekit.net; default-src 'self' https://advocacyassembly.org; img-src 'self' data: https://advocacyassembly.org https://advocacyassembly.org https://*.typekit.net https://www.google-analytics.com https://s3.amazonaws.com https://syndication.twitter.com; frame-ancestors https://advocacyassembly.org; font-src 'self' data: https://use.typekit.net http://assets.slid.es https://fonts.googleapis.com https://fonts.gstatic.com/ https://s3.amazonaws.com; frame-src https://abs-0.twimg.com https://docs.google.com https://i1.sndcdn.com https://platform.twitter.com https://syndication.twitter.com https://t.me https://w.soundcloud.com https://widget.sndcdn.com https://www.youtube.com https://www.youtube-nocookie.com; manifest-src data:; object-src 'none'; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://platform.twitter.com https://telegram.org https://*.ttwstatic.com https://use.typekit.net 'unsafe-inline' 'sha256-TtjPMIDYIntpZPkD0l7DZNV6Mui4uScZXd2PYDXLD14=' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-a7MzChFGLSlEU+0NHL2AVLXN8XNhH+PdsYSUOhO2Tzg='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://fonts.googleapis.com/ https://s3.amazonaws.com https://*.ttwstatic.com; upgrade-insecure-requests; 1
img-src 'self' data: *; default-src 'self' 'unsafe-inline' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-ancestors 'self' https://trustseal.enamad.ir/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: wss:; img-src https: data:; font-src https: data:; 1
default-src https://*.googlesyndication.com *.postinext.fi *.posti.fi *.posticloud.fi;       style-src 'unsafe-inline' 'self' *.force.com *.salesforce.com https://*.salesforce-sites.com *.google.com fonts.googleapis.com *.posti.fi *.postinext.fi *.posticloud.fi;       font-src 'self' data: *.force.com *.salesforce.com https://*.salesforce-sites.com fonts.gstatic.com *.posti.fi *.postinext.fi *.posticloud.fi http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;       base-uri 'self' resource://pdf.js;       object-src 'none';       plugin-types application/pdf;       form-action 'self';       manifest-src 'self';       media-src 'self';       child-src 'self';       script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' resource://pdf.js *.adform.net *.onetrust.com *.force.com *.salesforce.com https://*.salesforce-sites.com *.google.com *.google.fi *.google.ie www.googletagmanager.com www.google-analytics.com js-agent.newrelic.com *.nr-data.net *.firebaseio.com *.scorecardresearch.com *.krxd.net *.facebook.net *.g.doubleclick.net *.googlesyndication.com www.googletagservices.com *.postinext.fi *.posti.fi https://*.salesforceliveagent.com *.googleadservices.com https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://posti-0700-declaration-dev-app-data-user-receipts.s3.amazonaws.com https://*.admob.com *.posticloud.fi js.hs-scripts.com js.usemessages.com js.hs-banner.com js.hsleadflows.net js.hs-analytics.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;       frame-src 'self' *.force.com *.salesforce.com https://*.posti.fi https://*.google.com https://*.google.fi www.googletagmanager.com *.firebaseio.com widgetrender.testi.posti.fi widgetrender.posti.fi *.declaration.postinext.fi *.krxd.net *.googlesyndication.com www.googletagservices.com epayment.nets.eu test.epayment.nets.eu *.postinext.fi https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://posti-0700-declaration-dev-app-data-user-receipts.s3.amazonaws.com https://*.g.doubleclick.net *.posticloud.fi https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;       worker-src 'self';       img-src 'self' data: blob: *.force.com *.salesforce.com https://*.documentforce.com *.google.com *.google.fi *.google.ie www.google-analytics.com www.googletagmanager.com *.netposti.fi *.g.doubleclick.net *.google.fi ssl.gstatic.com www.gstatic.com *.scorecardresearch.com *.krxd.net *.facebook.com *.googlesyndication.com *.postinext.fi *.posti.fi https://assets.aftership.com *.posticloud.fi *.onetrust.com *.hubspot.com https://dmp.adform.net http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io *.ctfassets.net;       connect-src 'self' data: *.force.com *.salesforce.com *.salesforceliveagent.com https://*.salesforce-sites.com *.nr-data.net www.google-analytics.com https://*.google-analytics.com *.googlesyndication.com wss://*.firebaseio.com *.facebook.com *.g.doubleclick.net *.postinext.fi wss://*.postinext.fi https://firebaseinstallations.googleapis.com https://firebaseremoteconfig.googleapis.com https://posti-0700-declaration-dev-app-data-user-receipts.s3.amazonaws.com *.posticloud.fi *.posti.fi *.netposti.fi *.onetrust.com *.hubspot.com *.hsforms.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://*.contentful.com;       prefetch-src 'self' data: *.googlesyndication.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src 'self' data: https://www.google.com https://www.google.com.ec https://googleads.g.doubleclick.net https://v2.zopim.com https://www.cedia.edu.ec; font-src 'self' data: https://fonts.gstatic.com https://v2.zopim.com; connect-src wss://widget-mediator.zopim.com https://ekr.zdassets.com https://www.google-analytics.com https://stats.g.doubleclick.ne https://stats.g.doubleclick.net https://cedia.edu.ec https://maps.googleapis.com 1
base-uri 'self'; frame-ancestors 'none'; default-src 'self' *.ahli.com cdn.jsdelivr.net *.facebook.net *.typeform.com ahlifintech.typeform.com *.googleapis.com *.analytics.google.com *.google.com google.com fonts.gstatic.com scripts.embedtables.com https://stats.g.doubleclick.net/* *.google-analytics.com *.googletagmanager.com *.youtube.com cdnjs.cloudflare.com *.chatbase.co stats.g.doubleclick.net *.doubleclick.net *.slideshare.net *.google.se; font-src 'self' *.ahli.com data: fonts.gstatic.com *.googleapis.com cdnjs.cloudflare.com; img-src *; object-src 'none'; script-src 'self' *.ahli.com cdn.jsdelivr.net *.facebook.net *.typeform.com *.googleapis.com fonts.gstatic.com scripts.embedtables.com https://stats.g.doubleclick.net/* *.google-analytics.com *.googletagmanager.com *.youtube.com https://cdn.jsdelivr.net/gh/yasserelsaid/chatbot@latest/index.min.js 'sha256-j+7JuYpxvPqkyjTUUm8wvApNL0ny3SMxdusgFOBTG4M=' blob:  'nonce-d61e45aa16' 'nonce-b5e8bd1872' 'nonce-5b5c5c8d4e' 'nonce-f692ce50da' 'nonce-51fee8b8e9' 'nonce-e6af2b8818' 'nonce-5f7e3a736b' 'nonce-efcdef418c' 'nonce-5ece121ced' 'nonce-e0e909c1e5' 'nonce-a6810f44ec' 'nonce-46a39e9cb7' 'nonce-a22b69f103' 'nonce-570707ea87' 'nonce-1f17c9abce' 'nonce-1f17c9abce' 'nonce-1f17c9abce' 'nonce-1f17c9abce' 'nonce-b5e8bd1872' 'nonce-b5e8bd1872' 'nonce-b5e8bd1872' 'nonce-1f17c9abce' 'nonce-b5e8bd1872' 'nonce-82a5465ec4' 'nonce-bbbcf74a5b' 'nonce-74019afeab' 'nonce-d6d1498626' 'nonce-394895411a' 'nonce-c33f79f113' 'nonce-864e3cb364' 'nonce-1d4db691a0' 'nonce-fcb5ba6f5f' 'nonce-9ee5d845a8' 'nonce-261e4278f3' 'nonce-28e21b2e24' 'nonce-0f95db70b8' 'nonce-7b1b20855a' 'nonce-9fa1886522' 'nonce-4a2b374b85' 'nonce-a8bfc978da' 'nonce-a7115b5882' 'nonce-1927aa09e6' 'nonce-8b2f86c646' 'nonce-4f561a1628' 'nonce-cc421581d3' 'nonce-06ffad0748' 'nonce-922d976788' 'nonce-20b1823b17' 'nonce-2565ab29ae' 'nonce-c448f6760b' 'nonce-d296df9218' 'nonce-83c925ac67' 'nonce-cf2c044b14' 'nonce-8b53a300e1' 'nonce-aa1b2839fb' 'nonce-a75e89885c' 'nonce-7293ab04c1' 'nonce-77c5bb08d7' 'nonce-60257b68a3' 'nonce-0cfbba10cc' 'nonce-83ca85b18b' 'nonce-b3f27f585e' 'nonce-183330c13a' 'nonce-0d99094a96' 'nonce-27f284fcfc' 'nonce-02e88c4980' 'nonce-202a6b41a8' 'nonce-c1beb80b36' 'nonce-d2ced88310' 'nonce-e24122d570' 'nonce-784717ef87' 'nonce-304456b083' 'nonce-79ec0bd2ab' 'nonce-8016bcb1aa' 'nonce-855f5d50e0' 'nonce-44c1660777' 'nonce-f28ccbeb19' 'nonce-da78a16583' 'nonce-321d5d18dc' 'nonce-7c9ac12667' 'nonce-a81ebad5cb' 'nonce-e9d5c6a642' 'nonce-3276d05cc2' 'nonce-3eb259b6db' 'nonce-50c20d901e' 'nonce-4d80a75bf6' 'nonce-f6737f05e3' 'nonce-c02867a029' 'nonce-3afb0a648d' 'nonce-1c6b720743' 'nonce-6d5cbdb995' 'nonce-778a4caeec' 'nonce-dc989d76ed' 'nonce-b9144848df' 'nonce-785eeee753' 'nonce-f055bc197c' 'nonce-b8f3226a3d' 'nonce-da3461d2cc' 'nonce-0e0e3cb924' 'nonce-ad30898b2b' 'nonce-87ece27dce' 'nonce-6b58dd033a' 'nonce-2cf73a94f6' 'nonce-0acdce583d' 'nonce-f109f3e58e' 'nonce-20c53e206a' 'nonce-ab81870a8e' 'nonce-eb55af8636' 'nonce-a1b880ebca' 'nonce-8d60395550' 'nonce-45824aec9a' 'nonce-dcd38fd758' 'nonce-8ce5aeb3e9' 'nonce-e11f0165b7' 'nonce-02638a1a76' 'nonce-99fdc22788' 'nonce-4b87670a72' 'nonce-2afeeed072' 'nonce-8ef01fc1f1' 'unsafe-hashes' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; style-src 'self' *.ahli.com fonts.gstatic.com *.googleapis.com *.googletagmanager.com cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-hashes' 'unsafe-inline'; worker-src 'self' blob: *.ahli.com; 1
frame-ancestors 'self' webdev.flaglerschools.com; 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://billing-ads-qa-devel.corp.google.com https://payments.google.com/ https://www.youtube.com https://support.google.com/inapp/ https://www.google.com/tools/feedback/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://ajax.googleapis.com https://mannequin.storage.googleapis.com https://static.corp.google.com https://storage.googleapis.com https://tpc.googlesyndication.com https://googleads.g.doubleclick.net https://payments.sandbox.google.com https://www.googleadservices.com https://maps.googleapis.com https://www.google.com/js/bg/;report-uri /_/Gstore/cspreport/allowlist 1
worker-src 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' nefkens.uwdatamotive.nl www.nefkens.nl; 1
default-src 'self'; script-src 'self' 'nonce-e5deb0cddb7ac4b6c9ddb17f' https://optimize.google.com https://www.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com https://cdn.jsdelivr.net; object-src 'self'; style-src 'self' 'nonce-e5deb0cddb7ac4b6c9ddb17f' https://fonts.googleapis.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.analytics.google.com https://*.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://i.ytimg.com https://cdn.jsdelivr.net https://i.vimeocdn.com; frame-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tools.wijzeringeldzaken.nl https://book.timify.com https://sdk.companywebcast.com https://player.vimeo.com https://www.youtube-nocookie.com; frame-ancestors 'self'; child-src 'self' https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://tools.wijzeringeldzaken.nl https://book.timify.com https://sdk.companywebcast.com https://player.vimeo.com https://www.youtube-nocookie.com; font-src 'self' data: https://*.hotjar.com https://*.hotjar.io https://fonts.gstatic.com; connect-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://chat.tkppensioen.nl https://code.jquery.com https://*.tkppensioen.nl https://tkppensioen.piwik.pro/ppms.php; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.chatroom24.com:9080 www.chatroom24.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.chatroom24.com wss://www.chatroom24.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715650800 1
default-src https:; font-src https: data:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https: 1
frame-ancestors 'self'; base-uri 'self'; form-action 'self'; img-src https:  data:; font-src 'self' data: https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self'; object-src https:; frame-src https:; script-src-attr https: 'unsafe-eval' 'unsafe-inline'; 1
object-src 'none'; base-uri 'self'; script-src 'self' 'nonce-386797d8284cd95e4e1f97c43459e641'; 1
default-src 'self' *.crazyegg.com *.survale.com; worker-src 'self' blob:; object-src 'self'; frame-ancestors 'self' https://www.youtube.com https://www.youtube.com/iframe_api https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.recaptcha.net/ *.crazyegg.com https://static.survale.com/ext/survey.js https://www.google.com/recaptcha/ https://polyfill.io/v3/ https://www.clarity.ms/  https://www.googleadservices.com/ https://api.ipify.org/ https://www.recaptcha.net/ https://play.vidyard.com/ http://www.gstatic.cn https://www.gstatic.com/recaptcha/ https://cdn.jsdelivr.net/ https://cdn.syndication.twimg.com/ https://www.marvell.com/ https://script.crazyegg.com/ https://connect.facebook.net/ https://static.addtoany.com/ https://blogs.marvell.com/ https://s.go-mpulse.net/ https://cdn.cookielaw.org/ https://platform.twitter.com/ https://www.google-analytics.com/ https://scripts.demandbase.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://cdn.cookielaw.org/scripttemplates/6.1.0/otBannerSdk.js https://cdn.cookielaw.org/scripttemplates/otSDKStub.js https://www.youtube.com https://px.ads.linkedin.com https://maxcdn.bootstrapcdn.com assets.adobedtm.com https://googleads.g.doubleclick.net https://www.googletagmanager.com/ *.googleapis.com https://ajax.googleapis.com https://code.jquery.com https://ajax.googleapis.com/ajax/libs/jquery/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js  https://ajax.googleapis.com/ajax/libs/ https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery/ https://cdnjs.cloudflare.com/ajax/libs/  *.modern.min.js; connect-src 'self' data: https://geolocation.onetrust.com/ https://app.survale.com/v0/site-settings/1713989634000 https://play.vidyard.com/ https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location *.clarity.ms/collect *.crazyegg.com *.marvell.com *.akamaihd.net/ *.akstat.io/ https://tracking.crazyegg.com/ https://c.go-mpulse.net/ https://px.ads.linkedin.com https://analytics.google.com/ https://script.crazyegg.com/ https://ajax.googleapis.com/ajax/libs/ https://marvell.wd1.myworkdayjobs.com  https://segments.company-target.com *.js.erb https://privacyportal.onetrust.com https://stats.g.doubleclick.net https://cdn.cookielaw.org https://www.google-analytics.com *.omtrdc.net *.demdex.net; img-src 'self' data: *.clarity.ms/ *.crazyegg.com https://thumbs.bfldr.com/ https://www.facebook.com/ https://static.survale.com/survale-logo-black.png https://static.survale.com/ext/assets/graphics/outlines/drop-shadow.png https://static.survale.com/ext/assets/graphics/zoomout.cur https://static.survale.com/ext/assets/graphics/loader.white.gif https://static.survale.com/ext/assets/feedback-buttons/feedback-button-red.png https://static.survale.com/image-uploads/ *.survale.com https://play.vidyard.com/ https://cdn.vidyard.com/ https://i.ytimg.com/ https://marvellsemiconductorprod.112.2o7.net/ *.marvellsemiconductoroneportal.112.2o7.net/ https://blogs.marvell.com/ https://static.addtoany.com/ https://marvell-uat-65.adobecqms.net/ https://syndication.twitter.com/  https://cdn.cookielaw.org/ https://ton.twimg.com/tfw/css/ https://i.vimeocdn.com/  https://pbs.twimg.com/ https://marvellsemiconductorstage.112.2o7.net/ https://platform.twitter.com/css/ https://pbs.twimg.com/card_img/ https://cdn.brandfolder.io https://p.adsymptotic.com https://www.linkedin.com https://img.youtube.com https://match.prod.bidr.io/cookie-sync/demandbase https://id.rlcdn.com/464526.gif https://segments.company-target.com/ https://px.ads.linkedin.com/ https://match.prod.bidr.io https://www.google.com https://www.google.co.in https://www.google-analytics.com *.everesttech.net *.demdex.net *.omtrdc.net; style-src 'self' 'unsafe-inline' https://blogs.marvell.com/ https://ton.twimg.com/tfw/css/ https://platform.twitter.com/css/ https://platform.twitter.com/css/ https://static.survale.com/ext/assets/survale.min.css https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.6.3/css/font-awesome.min.css; font-src 'self' https://blogs.marvell.com/ https://www.marvell.com/ https://player.vimeo.com/ https://cdnjs.cloudflare.com/ajax/ https://cdnjs.cloudflare.com/* data:; frame-src 'self' https://player.vimeo.com/ https://www.facebook.com/ https://platform.twitter.com/ *.demdex.net *; 1
default-src 'self'; script-src 'self' 'unsafe-eval' https://www.googletagmanager.com/ https://sdk.privacy-center.org/ http://js.hs-scripts.com/7025055.js https://js.usemessages.com/ https://tagmanager.google.com/ 'sha256-FhudaH+D1DhcOfC3dGgEcvkNWiujsnNBXvpOnYT+asw=' 'sha256-/ib1Jy0M7emR/IxUwuaaQSZ8ewTmigh5QNUNb6KH2AE=' 'sha256-mNdvWXrYGgGvDl3bQDR2x+lTSSjodOm1Hs1GxZPzXgk=' 'sha256-NGjKMRFc68GZ1BWJTQVH6+je04moP8wvv7WRgUSJJYI=' 'sha256-sEZQYKudFTMxg0otI/olH3WH5qO6KEwdOU0BSkif3xg=' 'sha256-96ht1sWdUVkrglzfMRivUYUnFdhDGFr6nQzKlYMoJcA=' 'sha256-dV8YVPH+OaFT+n5Ym1DkU3C92WJ3XNk2p2DoryuM2A4=' 'sha256-/4uos7zTJ2Od7fXXr6uFgyEP/RUdfavzbWtlLOOuKc8=' 'sha256-fEkeJ6kv9uUdoQa/hgWBPFKQFbx6kYOqtkgfBqfn9ek=' 'sha256-jdiznyiQC6hl0PHKlPZaeXILv8NlDxKQ/QDw1GKtrPQ=' 'sha256-+hmOJMDVS5jon79DrPDKqo53j5g+x4rPVMLk1uP07vk=' 'sha256-jLvg97UO1NP+0Sci0zkpasz3EdLDpPoP8Bk7UlYTAAI=' 'sha256-A8uaECP46AUCF2fSrFTBMsV1Jzs7LlgmXpJZifrIpyA=' 'sha256-Bh+asGS3qpwQ9Xegeh/Xz7ChV0Lthk/4V2jaj9tu74w=' 'sha256-Iva4zA7qC+aqFd4IMMZmFB7gElFETQIC16/5GYA2hoc=' 'sha256-ictfkX29pW519xzb9/I1wshRiXDiQ3YUTZYVy1TBzuU=' 'sha256-uZ3VMvfk/pIDMtZ0az75Yb0Y0wn0bTDRdVz4L8sn8pI=' 'sha256-L79QSvY0lQ+WRwf4+ccv01pwDOcPgbBf6bxBl2czIf0=' 'sha256-1vcRs7/UDO/0w4nP2lJpEa5iOM+tdo27o1ElyP3Qvb8=' 'sha256-LjG7EOjisUMjsh27LS0s5Z93HK6u0S+Qf6bT4O6Xd/E=' 'sha256-JweYcylwpq5aqcMHsWOoLBbtLmq9CCN2Qh8A/qp0h8Q=' 'sha256-uZ/k27TU1GwwIzMBuef8ZKbmBhcr/LlCZ98MqB15tfI=' 'sha256-0UsPMfr9EWx6Ty0JASMOHZsAGxBVQ6VXUzduIgFrNIs=' 'sha256-+9gca7QCFHGMKjN2HQ7cciJigXqsPz0rH30hTvMQqz4=' 'sha256-FH5nbLyavF2AVeo1NWDQrLo34La2ymj36zpyi2LU1OQ=' 'sha256-Suqq5deHYseEo9Ry1Qc4R6Y5SxwWh0tVEGcm7Kfz2K8=' 'sha256-svMoMQV7IiVhVp8Blx34SaiifSWrIj+fb3+EkCVa1HI=' 'sha256-5yBeQmFNDRcEJOCuSWl8hJAtG+QckX57ZR6Wfif5gK0=' https://js.hscollectedforms.net/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://maps.google.fr/maps/api/js https://*.payline.com/ https://www.amcharts.com/lib/3/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://connect.facebook.net/ https://pixel.cdnwidget.com/cdn/c.min.js https://*.chapoutier.com/ https://www.chapoutier.com/ 'nonce-13e881f895cfe3c97bbba724c3ee09a9' 'nonce-e7a47bedb90e02204a3123b20fb9018f' 'nonce-3cc4deff1ee9c65014d567c2c5dc5345' 'nonce-a9f642be9c8f5ccd5ab42f157ae18c5f' 'nonce-83d5bd861827264ba661b97d64491517' 'nonce-496d158ee648e1cceb946aa74be712de' 'nonce-9903d3a03d88a4af65cc1172428af273' 'nonce-9e438d8a7b036ea9b8d4375377d47e1a' 'nonce-84fa0b8c9d7da99d162659e11c5e4028'; style-src 'self' https://www.chapoutier.com/ 'unsafe-inline' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ https://*.payline.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/; font-src 'self' https://www.chapoutier.com/ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://*.payline.com/; frame-src 'self' http://*.youtube.com/ https://*.youtube.com/ https://chapoutier.mappavini.com/ https://talents.elsatis.fr/ https://*.google.com/ https://*.hubspot.com/ https://*.facebook.com/ https://*.payline.com/ https://td.doubleclick.net/; connect-src 'self' https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://forms.hscollectedforms.net/ https://region1.analytics.google.com/ https://maps.googleapis.com/ https://*.payline.com/ https://*.hubspot.com/ https://api.privacy-center.org/ https://www.google.com/pagead/ https://googleads.g.doubleclick.net/ https://*.chapoutier.com/; img-src 'self' data: https://www.google.fr/ads/ga-audiences https://forms.hsforms.com/ https://track.hubspot.com/ https://www.googletagmanager.com/ https://*.google-analytics.com/ https://track.hubspot.com/ https://forms.hsforms.com/ https://maps.googleapis.com/ https://googleads.g.doubleclick.net/ https://www.google.com/pagead/ https://*.gstatic.com/ https://maps.google.fr/ https://www.facebook.com/tr/ https://i.ytimg.com/ https://www.google.fr/pagead/ https://www.google.com/ads/ https://homologation-payment.cdn.payline.com/ https://www.amcharts.com/lib/3/images/ https://www.facebook.com/privacy_sandbox/pixel/ https://*.chapoutier.com/ https://www.chapoutier.com/; 1
frame-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://lpcdn.lpsnmedia.net https://lo.msg.liveperson.net https://lo.v.liveperson.net https://lo.idp.liveperson.net https://widget.trustpilot.com; object-src 'none'; frame-ancestors *; report-uri https://prepaypower.ie/report-uri/enforce 1
frame-ancestors  https://*.klim.co.nz; 1
script-src 'self' 'unsafe-inline' tracking.g2crowd.com tag.clearbitscripts.com x.clearbitjs.com https://app.factors.ai/assets/ b-code.liadm.com https://s3-us-west-2.amazonaws.com/b2bjsstore/ *.intercom.io *.fullstory.com js.intercomcdn.com js.hscta.net cdn.segment.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com snap.licdn.com js.hs-analytics.net *.hubspot.com *.hs-banner.com *.hs-scripts.com; object-src 'none'; report-uri https://upflow.uriports.com/reports/report; report-to csp-report 1
default-src 'self' data: https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https: https://c.iad.oracleinfinity.io blob:; style-src 'self' data: 'unsafe-inline' https:; img-src 'self' data: https:; frame-ancestors 'self' https://*.beocms.com https://communities.evonik.com; frame-src 'self' data: https: blob:; connect-src 'self' data: https: wss:; media-src 'self' data: https: blob: 1
frame-ancestors 'self' https://eppendorf.e-spirit.hosting https://*.ariba.com https://*.sciquest.com https://*.oracle.com https://*.workday.com https://procure.prendio.com https://*.coupahost.com https://*.gep.com https://eprocurement.esmsolutions.com https://vp.labcloudinc.com https://demo.procuredesk.com https://myprocuredesk.com https://*.umn.edu https://*.mdanderson.edu https://*.princeton.edu https://*.duke.edu https://austin.utexas.edu https://*.utmb.edu https://*.virginia.edu https://*.miami.edu https://*.moffit.org https://*.app.netsuite.com https://rcbb.psfs.lsuhsc.edu https://prd.psfs.lsuhsc.edu https://lawpe.c0xl.velocity.cloud https://lawde.c0xl.velocity.cloud https://lawdf.c0xl.velocity.cloud https://hilsapp50.qiagen.ads:8403 https://hilsapp50.qiagen.ads https://*.uni-bonn.de 1
default-src 'self' 'unsafe-eval' filesystem:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem: *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem: *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net; connect-src * *.google-analytics.com *.tiktok.com *.google.com *.google.ca *.facebook.com *.sumo.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: filesystem: *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net; media-src 'self' 'unsafe-inline' filesystem:; report-uri 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' *.cloudfront.net *.gstatic.com *.crazyegg.com *.facebook.net *.facebook.com *.sumo.com *.youtube.com *.tiktok.com *.hotjar.com *.csper.io *.cloudflare.com *.addtoany.com *.hsappstatic.net *.google-analytics.com *.googletagmanager.com *.hs-scripts.com *.google.com *.googleapis.com *.hsadspixel.net *.hs-analytics.net *.hscollectedforms.net *.bunny.net *.cloudflare.com *.googleapis.com *.gravatar.com *.google.ca *.bunny.net *.hubspot.com *.addtoany.com *.libsyn.com *.hs-banner.com *.usemessages.com *.hsforms.com *.doubleclick.net *.careerarc.com; worker-src 'self' 'unsafe-inline'; manifest-src 'self'; upgrade-insecure-requests 1
script-src 'self' https://n1ed.com https://cloud.n1ed.com code.jquery.com https://cdn.public.n1ed.com stackpath.bootstrapcdn.com cloud.n1ed.com n1ed.com https://fonts.gstatic.com cloud.flmngr.com cdn.jsdelivr.net https://unpkg.com mdbootstrap.com; script-src-elem 'self' cdn.public.n1ed.com cloud.n1ed.com cdn.jsdelivr.net https://unpkg.com mdbootstrap.com; frame-ancestors 'self' http://koens-nb.oma.be https://cloud.n1ed.com https://cdn.public.n1ed.com; report-uri https://www.sidc.be/report-uri/enforce 1
default-src 'self' www.trappistwestvleteren.be checkout.trappistwestvleteren.be consentcdn.cookiebot.com; connect-src 'self' www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.google-analytics.com stats.g.doubleclick.net https://cognito-identity.eu-central-1.amazonaws.com wss://a3a87qpyvgayr4-ats.iot.eu-central-1.amazonaws.com; img-src 'self' data: www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.trappistwestvleteren.be checkout.trappistwestvleteren.be www.googletagmanager.com www.google-analytics.com consent.cookiebot.com consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' www.trappistwestvleteren.be checkout.trappistwestvleteren.be 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' cdnjs.hotjar.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com www.youtube.com www.google.com www.gstatic.com cdn.ckeditor.com cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js stackpath.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js static.addtoany.com; style-src 'self' 'unsafe-inline' cdn.ckeditor.com; img-src https: data: http:; frame-src 'self' www.google.com www.youtube.com *.hotjar.com public.tableau.com *.sea.gob.cl sea.gob.cl static.addtoany.com; frame-ancestors 'self'; font-src 'self' *.hotjar.com ; connect-src 'self' *.hotjar.com *.hotjar.io *.google-analytics.com stats.g.doubleclick.net analytics.google.com; report-uri /report-csp-violation 1
frame-ancestors *.copjo5ivt5-covetrusi4-p1-public.model-t.cc.commerce.ondemand.com:443 *.covetrus.io:443 *.mycovetrus.com:443 https://*.optimizely.com *.mycovetrus.com 1
default-src *;style-src * 'unsafe-inline';script-src * 'unsafe-inline' 'unsafe-eval';font-src *;img-src * data:;frame-src *;connect-src *; 1
default-src https: data: 'unsafe-inline' 'self' ;script-src 'unsafe-inline' 'unsafe-eval' 'self' 1
frame-ancestors 'self' https://*.msn.com https://*.msn.cn https://*.bing.com https://staging-bing-int.com; 1
base-uri 'self'; form-action 'self'; 1
frame-ancestors https://cardaccount.net https://www.cardaccount.net https://bankerspreferred.com https://www.bankerspreferred.com https://dev.bankerspreferred.com 1
default-src 'self' *.sciflow.net sciflow.net app.sciflow.net *.intercom.io;script-src 'self' *.sciflow.net sciflow.net app.sciflow.net 'unsafe-inline' *.intercom.io *.intercomcdn.com;style-src 'self' 'unsafe-inline';frame-src youtube.com www.youtube.com;connect-src 'self' *.sciflow.net sciflow.net app.sciflow.net connect.sciflow.net ws: wss: *.intercom.io;img-src 'self' *.sciflow.net https://cms.sciflow.net sciflow.net data:;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' td.doubleclick.net *.googlesyndication.com *.gstatic.com *.google.com stackpath.bootstrapcdn.com *.googleapis.com www.googletagmanager.com *.google-analytics.com stats.g.doubleclick.net challenges.cloudflare.com *.redditstatic.com px.ads.linkedin.com snap.licdn.com *.youtube.com code.jquery.com; img-src * data:; font-src * data:; media-src 'self' blob: data: 1
frame-ancestors https://3dhamster.ru/ 1
default-src 'self' *.cookielaw.org *.onetrust.com feed.pghub.io pandg.tapad.com ; style-src 'self' 'unsafe-inline' *.pricespider.com * ; img-src * 'self' data: *.pricespider.com https: blob: ; script-src * data: blob: *.pricespider.com 'unsafe-inline' 'unsafe-eval' ; connect-src * data: blob: 'unsafe-inline' ; font-src * data: blob: 'unsafe-inline' ; frame-src * ; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss: data: https:; connect-src https: wss:; img-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; upgrade-insecure-requests 1
default-src 'self' helmsbriscoecom.mpeasylink.com packages.umbraco.org our.umbraco.org content.screencast.com www.screencast.com app.screencast.com cdn.cloud.techsmith.com *.techsmith.com www.youtube.com www.youtu.be youtu.be ssrweb.zoom.us us02web.zoom.us www.google-analytics.com www.googletagmanager.com www.google.com region1.google-analytics.com noembed.com;script-src 'self' helmsbriscoecom.mpeasylink.com *.helmsbriscoe.com www.termsfeed.com cdnjs.cloudflare.com cdn.jsdelivr.net www.google.com www.google-analytics.com www.googletagmanager.com www.gstatic.com 'unsafe-inline';style-src 'self' helmsbriscoecom.mpeasylink.com fonts.bunny.net www.termsfeed.com fonts.googleapis.com 'unsafe-inline';font-src 'self' data: fonts.bunny.net fonts.googleapis.com;img-src 'self' data: analytics.convertlanguage.com www.gravatar.com unavatar.io www.helmsbriscoe.com www.termsfeed.com insitestorageaccount.blob.core.windows.net associatefiles.blob.core.windows.net i.ytimg.com cdn.screencast.com;frame-ancestors 'self' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com region1.google-analytics.com www.santandercib.com www.google.com www.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com www.googletagmanager.com cdnjs.cloudflare.com polyfill.io use.fontawesome.com www.youtube.com www.vimeo.com www.santandercib.com www.google.com www.gstatic.com; form-action 'self'; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com use.fontawesome.com www.santandercib.com; img-src 'self' 'unsafe-eval' data: maps.googleapis.com maps.gstatic.com www.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com i.ytimg.com www.santandercib.com; font-src 'self' data: use.fontawesome.com fonts.googleapis.com fonts.gstatic.com www.santandercib.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
frame-ancestors 'self' *.cnbankpa.com *.zagclients.net 1
frame-ancestors 'self' https://printedmint.app https://printedmint.com https://www.printedmint.com; 1
default-src 'self' 'unsafe-inline' https://localhost:44379 https://stage-valgdir-api.cloudlab.no https://lpapi.valg.no https://stats.g.doubleclick.net https://dl.episerver.net https://fonts.googleapis.com https://www.youtube.com https://player.vimeo.com https://www.google-analytics.com; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://www.google-analytics.com https://*.google-analytics.com https://analytics.valg.no; img-src * 'self' data: https: https://analytics.valg.no; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://dl.episerver.net http://www.google-analytics.com https://www.google-analytics.com https://maps.googleapis.com https://browser-update.org https://www.googletagmanager.com https://analytics.valg.no https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob: 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.camgirlamerica.com:9080 www.camgirlamerica.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.camgirlamerica.com wss://www.camgirlamerica.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715652177 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.boudoirlive.com:9080 www.boudoirlive.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.boudoirlive.com wss://www.boudoirlive.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715652369 1
script-src blob: 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://mc.yandex.ru/metrika/tag.js  https://www.gstatic.com https://*.google-analytics.com https://code.jivo.ru https://*.cloudflareinsights.com https://browser.sentry-cdn.com https://*.sharethis.com https://mc.yandex.ru/watch/35663 https://mc.yandex.com/watch/35663 https://www.google.com https://yastatic.net https://*.jivosite.com https://*.cyberity.ru https://cdn.tiny.cloud https://challenges.cloudflare.com 1
frame-ancestors 'self' https://www.mycamu.co.in https://mycamu.co.in; 1
font-src maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.googleapis.com *.typekit.net *.twimg.com *.trustedshops.com 'self' data: *.tawk.to v2.zopim.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.ads-twitter.com *.pinterest.com *.facebook.com *.vendavalida.com.br shopline.itau.com.br *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.twitter.com *.ads-twitter.com *.facebook.com *.pinterest.com *.hotjar.com *.hotjar.io *.sunset.systems *.doubleclick.net *.google.com *.vendavalida.com.br api.sunset.system *.jivosite.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.vimeocdn.com i.ytimg.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com https://www.magezon.com https://cdn.mundipagg.com https://api.pagar.me *.cloudflare.com *.ads-twitter.com t.co *.klarna.com *.googleadservices.com *.google-analytics.com *.doubleclick.net *.google.com *.google.com.br *.googletagmanager.com *.ebit.com.br *.yourviews.com.br *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.yviews.com.br *.s3.amazonaws.com *.akamaihd.net *.facebook.com s3-sa-east-1.amazonaws.com conectiva.io *.getresponse360.pl s3.amazonaws.com *.pinterest.com *.mercadolibre.com *.clearsale.com.br *.tawk.to api.amedigital.com api.hml.amedigital.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com *.openpix.com.br *.jivosite.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.pinterest.com s.pinimg.com s7.addthis.com *.openpix.com.br *.openpix.dev *.sentry.io *.ingest.sentry.io https://plugin.openpix.dev/v1/openpix-dev.js https://api.openpix.dev https://graphql.openpix.dev/openpix/graphql https://graphql.openpix.dev/shopper/graphql https://plugin.openpix.com.br/v1/openpix.js https://api.openpix.com.br/openpix/graphql https://api.openpix.com.br/shopper/graphql *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.yourviews.com.br *.yviews.com.br *.ebit.com.br *.google-analytics.com *.gstatic.com *.google.com *.youtube.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.facebook.com *.cartstack.com.br *.hotjar.com *.hotjar.io *.newrelic.com conectiva.io *.nr-data.net *.gr-cdn-e.eu *.getresponse360.pl *.cloudflareinsights.com s3.amazonaws.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.tawk.to *.jsdelivr.net *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com *.mailclick.me *.jivosite.com *.clearsale.com.br *.tiktok.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com maxcdn.bootstrapcdn.com *.cloudflare.com *.ads-twitter.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.yourviews.com.br *.yviews.com.br s3.amazonaws.com *.tawk.to *.jivosite.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com *.jivosite.com *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com ct.pinterest.com ekr.zdassets.com/ https://api.mundipagg.com https://api.pagar.me *.cloudflare.com *.twitter.com *.ads-twitter.com *.twimg.com *.paypal.com *.google-analytics.com analytics.google.com *.facebook.com *.yourviews.com.br *.hotjar.com wss://*.hotjar.com/ *.hotjar.io *.yviews.com.br conectiva.io *.doubleclick.net *.performa.ai *.nr-data.net *.getresponse360.pl *.cloudflareinsights.com *.reclameaqui.com.br *.pinterest.com *.cartstack.com.br *.cartstack.com *.mercadolibre.com *.mercadolivre.com *.vendavalida.com.br *.avada.io api.mundipagg.com *.datafrete.com.br *.tawk.to wss://*.tawk.to *.jivosite.com wss://*.jivosite.com *.mailclick.me *.tiktok.com *.stape.io *.awin1.com *.dwin1.com *.zenaps.com the.sciencebehindecommerce.com *.wepowerconnections.com d3bo67muzbfgtl.cloudfront.net dxyxft75r9rwr.cloudfront.net *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' *.facil24h.com.br *.facilassist.com.br  *.fasys.com.br; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com; font-src 'self' fonts.gstatic.com 1
style-src-elem https://fonts.googleapis.com https://services.postcodeanywhere.co.uk *.columnrads.co.uk https://*.appwholesale.co.uk https://*.dnky.co https://translate.googleapis.com https://*.gstatic.com 'unsafe-inline' 'self' https://*.feefo.com; script-src-elem https://tpc.googlesyndication.com https://www.googletagmanager.com https://appwh11112.pcapredict.com https://bat.bing.com https://*.algolianet.com https://*.algolia.net https://*.mrcentralheating.co.uk https://*.columnrads.co.uk https://*.flushking.co.uk https://*.plumbingstocks.co.uk https://*.appheatingdistribution.co.uk https://*.rfihub.net https://live.rezync.com https://*.pinimg.com https://*.googleadservices.com https://*.doubleclick.net https://*.google-analytics.com https://*.boomtrain.com https://services.postcodeanywhere.co.uk https://*.paypal.com https://*.feefo.com https://*.google.com https://*.google.co.uk https://*.addthis.com https://*.moatads.com https://connect.facebook.net https://*.facebook.com https://*.addthisedge.com https://*.elfsight.com https://cld.bz https://*.cloudfront.net https://*.pinterest.com https://*.resultspage.com https://*.dnky.co https://*.gstatic.com https://maps.googleapis.com https://*.rfihub.com https://*.trackedlink.net https://*.monzo.com https://polyfill.io https://*.clic2buy.com https://*.click2buy.com https://*.clic2drive.com 'unsafe-inline' 'self'; font-src *.gstatic.com data: https://fonts.gstatic.com https://cdn.honey.io https://*.columnrads.co.uk 'self' https://*.amazonaws.com https://*.paypalobjects.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com https://www.facebook.com https://www.rsa3dsauth.co.uk https://www.securesuite.co.uk https://*.arcot.com https://*.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.pinterest.com https://*.modirum.com https://mycardsecure.com https://acs.touch.tech 'self' https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://acs.touch.tech https://mycardsecure.com https://*.rfihub.com https://*.doubleclick.net https://www.facebook.com https://tst.kaptcha.com https://www.google.com https://www.gstatic.com/ https://*.cld.bz https://*.pinterest.com https://*.dnky.co https://*.youtube.com https://acs.revolut.com https://tpc.googlesyndication.com https://www.rsa3dsauth.co.uk https://*.arcot.com https://*.lloydsbankinggroup.com https://*.addthis.com/ https://*.securesuite.co.uk https://*.monzo.com https://clients.smartsecure.tsys.co.uk https://authentication-acs.marqeta.com https://acs.apata.io https://*.modirum.com https://register.feefo.com/ https://*.clic2buy.com https://*.click2buy.com https://*.clic2drive.com *.dotdigital-pages.com *.dotdigital.com *.weltpixel.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com * 'self' data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://connect.facebook.net https://*.facebook.com https://*.rfihub.net https://*.rfihub.com https://bat.bing.com https://www.googletagmanager.com https://appwh11112.pcapredict.com https://maps.googleapis.com https://*.doubleclick.net https://*.feefo.com https://r1-t.trackedlink.net https://*.google.com https://www.gstatic.com https://services.postcodeanywhere.co.uk https://*.columnrads.co.uk https://*.addthis.com https://*.addthisedge.com https://z.moatads.com https://*.elfsight.com https://cld.bz https://*.cloudfront.net https://*.pinterest.com https://*.resultspage.com https://*.dnky.co https://*.pinimg.com https://*.rezync.com/ https://*.boomtrain.com https://*.algolia.net https://*.algolianet.com https://tpc.googlesyndication.com https://*.google-analytics.com https://*.monzo.com https://polyfill.io https://*.clic2buy.com https://*.click2buy.com https://*.clic2drive.com 'unsafe-inline' 'self' *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://fonts.googleapis.com https://services.postcodeanywhere.co.uk *.columnrads.co.uk https://*.appwholesale.co.uk https://*.dnky.co https://translate.googleapis.com https://register.feefo.com https://*.gstatic.com 'unsafe-inline' 'self' *.fontawesome.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io https://*.feefo.com https://services.postcodeanywhere.co.uk https://bat.bing.com https://www.paypal.com https://*.addthis.com https://www.facebook.com https://*.elfsight.com https://*.cld.bz https://google.com https://*.google-analytics.com  https://*.doubleclick.net https://*.pinterest.com https://*.comapi.com https://*.boomtrain.com https://*.googleapis.com https://*.google.com https://www.googletagmanager.com https://*.columnrads.co.uk https://*.clic2buy.com https://*.click2buy.com https://*.clic2drive.com 'self' *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri /ateam_csp/CSP/Index; report-to report-endpoint; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.google.dk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.dk; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.dk https://m.myprotein.dk https://checkout.myprotein.dk https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.dk; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
object-src 'none'; frame-ancestors 'self' https://play.smmetaverse.world https://superpets.boomtech.co 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.starbucks.pl/pl/report-uri/enforce 1
frame-ancestors 'self' https://www.sumu-lab.com; 1
frame-ancestors 'self' https://*.toyota.sk https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src https: data: blob: http://*.crazyegg.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.amazonaws.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://*.googleapis.com https://maps.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net https://*.keynua.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://cdn.pushcrew.com https://dashboard.chatfuel.com https://bots.kore.ai https://apis.google.com http://*.crazyegg.com https://js.hs-scripts.com https://js-na1.hs-scripts.com https://js.usemessages.com https://js.hs-banner.com https://js.hs-analytics.net https://js.hscollectedforms.net/ https://afiliacion.net https://analytics.tiktok.com https://optimize.google.com https://www.youtube.com https://edge.fullstory.com https://rs.fullstory.com https://www.fullstory.com https://fullstory.com https://d10lpsik1i8c69.cloudfront.net https://api.retargetly.com https://s.yimg.com https://resources-rt-n.idx.lat/T2.min.js *.useinsider.com *.treasuredata.com; base-uri 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com https://optimize.google.com https://d10lpsik1i8c69.cloudfront.net *.useinsider.com *.treasuredata.com; img-src 'self' data: blob: https: https://www.google-analytics.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://optimize.google.com https://rs.fullstory.com *.useinsider.com *.treasuredata.com; media-src 'self' data: blob: https: *.useinsider.com *.treasuredata.com; worker-src 'self' blob: https: *.useinsider.com *.treasuredata.com; connect-src 'self' data: https://*.amazonaws.com https://www.google-analytics.com https://maps.googleapis.com https://analytics.google.com https://*.belcorp.biz https://bam-cell.nr-data.net https://bam.nr-data.net https://*.keynua.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://dashboard.chatfuel.com https://web.facebook.com https://www.facebook.com https://bots.kore.ai wss://rtm.kore.ai https://api.uat.latam.equifax.com https://api.latam.equifax.com http://*.crazyegg.com https://stats.g.doubleclick.net https://js.hs-scripts.com https://js-na1.hs-scripts.com https://api.hubspot.com https://forms.hubspot.com https://api.ipify.org https://analytics.tiktok.com https://edge.fullstory.com https://rs.fullstory.com https://settings.luckyorange.net https://pubsub.googleapis.com https://api.luckyorange.com wss://visitors.live wss://*.visitors.live https://s.yimg.com https://rt.idx.lat *.useinsider.com *.treasuredata.com https://*.pangle-ads.com; frame-ancestors 'self' https://*.somosbelcorp.com https://rs.fullstory.com; frame-src 'self' https://www.facebook.com https://www.googletagmanager.com https://bid.g.doubleclick.net https://www.google.com https://bots.kore.ai https://app.vwo.com https://*.visualwebsiteoptimizer.com https://dashboard.chatfuel.com https://*.doubleclick.net https://app.hubspot.com https://optimize.google.com https://www.youtube.com https://api.retargetly.com *.useinsider.com *.treasuredata.com; font-src 'self' data: https://fonts.gstatic.com *.useinsider.com *.treasuredata.com; form-action https://www.facebook.com https://*.somosbelcorp.com 1
connect-src 'self' *.algolia.io *.algolia.net *.algolianet.com *.facebook.com *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.userway.org *.voyagetext.com *.zdassets.com *.zendesk.com *.zopim.com code.jquery.com pro.ip-api.com stats.g.doubleclick.net vyg.mobi wss://widget-mediator.zopim.com; default-src 'self'; font-src 'self' *.facebook.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn.userway.org data: themes.googleusercontent.com; frame-src 'self' *.facebook.com *.google.com *.googleapis.com *.userway.org; img-src 'self' *.facebook.com *.google-analytics.com *.googleapis.com *.gstatic.com *.userway.org *.zopim.io assets.targetbarn.com data: stats.g.doubleclick.net; manifest-src assets.targetbarn.com www.targetbarn.com; media-src 'self' *.facebook.com *.zdassets.com *.zopim.com; object-src 'self' *.facebook.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.algolia.io *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.userway.org *.voyagetext.com *.zdassets.com *.zopim.com assets.targetbarn.com assets.voyagetext.com blob: code.jquery.com https://cdn.jsdelivr.net/npm/algoliasearch@4/dist/algoliasearch-lite.umd.js https://cdn.jsdelivr.net/npm/instantsearch.js@4 stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.facebook.com *.google.com *.googleapis.com *.gstatic.com assets.targetbarn.com cdn.userway.org 1
default-src 'self' *.ca2013.com;  script-src 'self' https://cdn.pagesense.io https://a.mailmunch.co https://ajax.googleapis.com https://pagesense-collect.zoho.com https://static.zohocdn.com https://analytics.mailmunch.co https://forms.mailmunch.co https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com 'unsafe-inline' 'unsafe-eval' 'self' *.ca2013.com https://a.mailmunch.co data:;  img-src 'self' *.ca2013.com  https://secure.gravatar.com https://a.mailmunch.co https://pagesense-collect.zoho.com https://a.mailmunch.co https://analytics.mailmunch.co https://zohopagesense.nimbuspop.com/ https://static.zohocdn.com/ data: blob:; font-src 'self'  *.ca2013.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.zohocdn.com/ data: blob: ;  style-src 'self' https://static.zohocdn.com https://fonts.googleapis.com https://a.mailmunch.co https://pagesense-collect.zoho.com/ https://webfonts.zoho.com/ 'unsafe-inline' 'self' *.ca2013.com;  connect-src 'self' *.ca2013.com https://cdn.pagesense.io https://a.mailmunch.co https://ajax.googleapis.com https://pagesense-collect.zoho.com https://static.zohocdn.com https://analytics.mailmunch.co https://forms.mailmunch.co https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://fonts.googleapis.com https://fonts.gstatic.com  https://stats.g.doubleclick.net;  object-src 'self' blob:;  frame-src 'self' *.ca2013.com https://cdn.pagesense.io ;  1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';worker-src 'self' 'unsafe-inline' * blob:; 1
default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' https://use.fontawesome.com/; img-src *; font-src https://use.fontawesome.com/; report-uri https://login.libraryconnect.com/csp/report 1
default-src 'self';script-src 'self' 'nonce-q1gFNnVaLBWVo+sGK5D2n19x' 'unsafe-eval' unpkg.com *.googleapis.com *.googletagmanager.com *.google.com *.youtube.com *.ytimg.com *.jquery.com *.bootstrapcdn.com;object-src 'self';style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com;img-src 'self' data: *.google.com *.google.com.tr *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.immib.org.tr;media-src 'self' *.googleapis.com;frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com;font-src 'self' data: *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com;connect-src 'self' localhost:5001 localhost:* *.performans.com *.google-analytics.com *.doubleclick.net;frame-ancestors 'self' *;report-uri /WebResource.axd?cspReport=true 1
font-src 'self' *.googleapis.com *.gstatic.com data; 1
upgrade-insecure-requests; frame-ancestors 'self' *.usacrime.com; object-src 'none' 1
default-src * 'unsafe-inline' data: https:;img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src  'self' 'unsafe-inline' *; 1
default-src * data: 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; worker-src * blob:; child-src blob: gap:; img-src * blob: data: 'unsafe-inline'; font-src * data: 'unsafe-inline'; media-src * data: 'unsafe-inline'; object-src * data: 'unsafe-inline'; prefetch-src * data: 'unsafe-inline'; frame-src * data: 'unsafe-inline'; connect-src * 'self'  blob: data: 'unsafe-inline'; 1
child-src  www.paypalobjects.com blob: data:; connect-src  brecksca.cv3admin.com *.listrakbi.com *.listrak.com www.google-analytics.com *.google-analytics.com *.powerreviews.com *.doubleclick.net *.google.com bat.bing.com www.paypal.com *.smartystreets.com analytics.google.com *.google-analytics.com *.analytics.google.com ct.pinterest.com/user/  *.googleapis.com brecks-ca.attn.tv events.attentivemobile.com s.yimg.com *.clarity.ms *.sharethis.com *.brecksbulbs.ca *.crazyegg.com www.facebook.com *.crwdcntrl.net gardensalive.force.com api.cloudinary.com www.googletagmanager.com gardensalive.my.site.com *.searchspring.io *.searchspring.net optimize.google.com *.omnichannelengagementhub.com; default-src  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com blob: data:; font-src  brecksca.cv3admin.com h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca fonts.gstatic.com *.bootstrapcdn.com  www.brecksbulbs.ca use.fontawesome.com data:; form-action  www.facebook.com www.paypal.com checkout.sezzle.com www.brecksbulbs.ca *.salesforce.com brecksca.cv3admin.com; frame-src  *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com *.sharethis.com t.sharethis.com service.force.com creatives.attn.tv *.googlesyndication.com *.googletagmanager.com web.facebook.com view.publitas.com gardensalive.my.salesforce.com *.crazyegg.com optimize.google.com *.azureedge.net; frame-ancestors  www.brecksbulbs.ca; img-src  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca *.google-analytics.com *.google.com ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ sp.analytics.yahoo.com brecksca.cv3admin.com c.clarity.ms *.powerreviews.com *.sharethis.com *.brecksbulbs.ca www.google.ca www.brecksbulbs.ca *.gstatic.com brecks-ca.attn.tv res.cloudinary.com www.googleadservices.com connect.facebook.net www.google.co.in www.pages08.net *.crazyegg.com events.attentivemobile.com *.cloudfront.net *.searchspring.io; script-src  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ cdn.attn.tv www.clarity.ms s.yimg.com garecommend.gardensalive.com brecksca.cv3admin.com ajax.aspnetcdn.com api.universalcookie.com www.googleoptimize.com www.google.com *.sharethis.com  service.force.com *.salesforceliveagent.com www.brecksbulbs.ca *.googlesyndication.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com mpsnare.iesnare.com *.publitas.com js.maxmind.com www.sc.pages08.net *.crazyegg.com google-analytics.com gardensalive.my.site.com cdnjs.cloudflare.com *.searchspring.io *.searchspring.net optimize.google.com *.azureedge.net; script-src-elem  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com/recaptcha/ cdn.attn.tv www.clarity.ms s.yimg.com garecommend.gardensalive.com brecksca.cv3admin.com ajax.aspnetcdn.com api.universalcookie.com www.googleoptimize.com www.google.com *.sharethis.com  service.force.com *.salesforceliveagent.com www.brecksbulbs.ca *.googlesyndication.com gardensalive.force.com static.lightning.force.com gardensalive.my.salesforce.com mpsnare.iesnare.com *.publitas.com js.maxmind.com www.sc.pages08.net *.crazyegg.com google-analytics.com gardensalive.my.site.com cdnjs.cloudflare.com *.searchspring.io *.searchspring.net optimize.google.com *.azureedge.net; style-src  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net brecksca.cv3admin.com ajax.googleapis.com ws.sharethis.com  service.force.com gardensalive.force.com *.googleapis.com gardensalive.my.salesforce.com *.crazyegg.com gardensalive.my.site.com optimize.google.com *.azureedge.net; style-src-elem  h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net brecksca.cv3admin.com ajax.googleapis.com ws.sharethis.com  service.force.com gardensalive.force.com *.googleapis.com gardensalive.my.salesforce.com *.crazyegg.com gardensalive.my.site.com optimize.google.com *.azureedge.net; style-src-attr  'unsafe-inline'; media-src  brecksca.cv3admin.com h2.commercev3.net/cdn.brecksbulbs.ca/ cdn.brecksbulbs.ca www.bing.com www.brecksbulbs.ca; 1
default-src * data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; object-src *; 1
default-src https:; connect-src https: wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io; font-src https: data:; frame-src https:; img-src https: data:; media-src https:;  object-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; frame-ancestors https:; 1
script-src * 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com ;style-src * 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com code.etracker.com www.etracker.de https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://web5.deskline.net/dwutility.js https://resc.deskline.net/DW5/start/KLEVE/eb623e90-4266-4ef2-bc0c-f5838fddeca1/index.js https://resc.deskline.net/DW5/dw-utility.js https://resc.deskline.net/DW5/tag-loader.js https://static.b-ite.com/jobs-api/loader-v1/api-loader-v1.min.js https://cs-assets.b-ite.com/stadt-kleve/jobs-api/main-listing.min.js https://static.b-ite.com/jobs-api/v5/api-v5.min.js https://maps.niederrhein-tourismus.de/de/embed/58830914/js https://maps.niederrhein-tourismus.de/de/embed/53067774/js https://maps.niederrhein-tourismus.de/de/embed/53303156/js https://maps.niederrhein-tourismus.de/de/embed/53275986/js https://maps.niederrhein-tourismus.de/de/embed/67295624/js https://maps.niederrhein-tourismus.de/de/embed/53302785/js https://maps.niederrhein-tourismus.de/de/embed/53279420/js https://resc.deskline.net https://cdnjs.cloudflare.com https://pay.datatrans.com https://js.stripe.com/v3/ https://web5.deskline.net/ https://static.b-ite.com/job-alert/v1/job-alert-v1.min.js https://www.gstatic.com/ https://beteiligung.nrw.de/ https://translate.google.com/translate_a/element.js http://translate.google.com/translate_a/element.js http://translate.google.com/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com code.etracker.com www.etracker.de https://translate.google.com/ https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://web5.deskline.net/dwutility.js https://resc.deskline.net/DW5/start/KLEVE/eb623e90-4266-4ef2-bc0c-f5838fddeca1/index.js https://resc.deskline.net/DW5/dw-utility.js https://resc.deskline.net/DW5/tag-loader.js https://static.b-ite.com/jobs-api/loader-v1/api-loader-v1.min.js https://cs-assets.b-ite.com/stadt-kleve/jobs-api/main-listing.min.js https://static.b-ite.com/jobs-api/v5/api-v5.min.js https://maps.niederrhein-tourismus.de/de/embed/58830914/js https://maps.niederrhein-tourismus.de/de/embed/53067774/js https://maps.niederrhein-tourismus.de/de/embed/53303156/js https://maps.niederrhein-tourismus.de/de/embed/53275986/js https://maps.niederrhein-tourismus.de/de/embed/67295624/js https://maps.niederrhein-tourismus.de/de/embed/53302785/js https://maps.niederrhein-tourismus.de/de/embed/53279420/js https://resc.deskline.net https://cdnjs.cloudflare.com https://pay.datatrans.com https://js.stripe.com/v3/ https://web5.deskline.net/ https://static.b-ite.com/job-alert/v1/job-alert-v1.min.js https://www.gstatic.com/ https://beteiligung.nrw.de/ https://translate.google.com/translate_a/element.js http://translate.google.com/translate_a/element.js http://translate.google.com/ cdn.jsdelivr.net https://cdn.jsdelivr.net https://rebilly.github.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' https://translate.googleapis.com/ https://resc.deskline.net/DW5/vendor.js https://resc.deskline.net/DW5/tags/kleve/eb623e90-4266-4ef2-bc0c-f5838fddeca1/tagcontext.js https://resc.deskline.net/DW5/i18n/locale.de-de.js https://resc.deskline.net/DW5/tag-loader.js https://resc.deskline.net/DW5/fonts https://resc.deskline.net/DW5/design/aaf63de1-df30-4b99-8f77-4ee3eb8c9e81/desklineweb/styles.css https://resc.deskline.net/DW5/design/aaf63de1-df30-4b99-8f77-4ee3eb8c9e81/desklineweb/styles.css.map https://www.gstatic.com/ http://translate.google.com/ https://cdn.jsdelivr.net 1
default-src 'self'; connect-src 'self' wss: maps.googleapis.com anvil.opentok.com api-enterprise.opentok.com api-standard.opentok.com config.opentok.com hlg.tokbox.com mantis005-pdx.tokbox.com mantis014-pdx.tokbox.com; font-src 'self' fonts.gstatic.com orbisv4head.blob.core.windows.net; frame-src 'self' s7.addthis.com static.addtoany.com www.google.com gateway.moneris.com gatewayt.moneris.com www.youtube.com www.youtube-nocookie.com; img-src 'self' blob: data: s3-us-west-2.amazonaws.com maps.googleapis.com maps.gstatic.com orbisv4head.blob.core.windows.net stoccprod001.blob.core.windows.net test4cc.blob.core.windows.net; object-src www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' m.addthis.com s7.addthis.com v1.addthisedge.com static.addtoany.com cdnjs.cloudflare.com maps.googleapis.com www.google.com www.gstatic.com code.highcharts.com gateway.moneris.com gatewayt.moneris.com orbisv4head.blob.core.windows.net www.youtube.com s.ytimg.com; style-src 'self' 'unsafe-inline' static.addtoany.com fonts.googleapis.com orbisv4head.blob.core.windows.net; worker-src 'self' blob:; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * 'self' data: http:; child-src * 'self' blob: http:; media-src * blob: http:; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
upgrade-insecure-requests;style-src 'self' 'nonce-i0L5G4E602Ltz7A';font-src 'self';script-src 'self' 'nonce-i0L5G4E602Ltz7A' ;connect-src 'self' https://seafoam.space wss://seafoam.space  https://media.seafoam.space https://media.seafoam.space;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'none';frame-ancestors 'none';manifest-src 'self'; 1
base-uri 'none'; default-src 'self'; style-src 'self' 'nonce-4c487deffc8825c98d0b890c38f92050' fonts.googleapis.com static.sooqr.com; font-src 'self' fonts.gstatic.com; img-src 'self' data: www.google-analytics.com region1.google-analytics.com pixel.sooqr.com maps.googleapis.com www.google.com maps.gstatic.com www.toegankelijkheidsverklaring.nl; script-src 'self' 'nonce-4c487deffc8825c98d0b890c38f92050' www.google-analytics.com region1.google-analytics.com static.sooqr.com dynamic.sooqr.com maps.googleapis.com; connect-src 'self' maps.googleapis.com www.google-analytics.com region1.google-analytics.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com; form-action 'self' digid.nl secure.ogone.com; frame-src 'self' www.youtube.com www.google.com kaarten.veldhoven.nl; frame-ancestors 'self'; 1
base-uri 'self' *.sitesearch360.com *.bc0a.com; connect-src 'self' *.google-analytics.com *.d41.co *.google.com *.doubleclick.net *.webspellchecker.net *.buzzsprout.com *.sitesearch360.com *.siteimprove.com *.bc0a.com; default-src 'self' *.buzzsprout.com; frame-src 'self' *.google.com *.googleapis.com *.bc0a.com *.sitesearch360.com *.buzzsprout.com bond-email.com email-bond.com *.doubleclick.net *.brandcdn.com *.cloudfront.net *.youtube-nocookie.com *.adsrvr.org *.youtube.com *.vimeo.com; font-src 'self' *.bootstrapcdn.com *.cloudflare.com *.typekit.net *.webspellchecker.net fonts.gstatic.com fonts.googleapis.com; script-src *.bsk.com 'unsafe-inline' 'unsafe-eval' *.cloudflare.com unpkg.com *.amazonaws.com *.rlcdn.com *.webspellchecker.net *.brandcdn.com *.d41.co *.buzzsprout.com *.bc0a.com *.bootstrapcdn.com fonts.googleapis.com *.doubleclick.net *.google-analytics.com *.b0e8.com *.googletagmanager.com apis.google.com *.google.com *.gstatic.com *.googleapis.com *.siteimprove.com *.jquery.com *.jsdelivr.net *.licdn.com *.addthisedge.com *.sitesearch360.com;style-src *.bsk.com 'unsafe-inline' *.cloudflare.com *.webspellchecker.net *.sitesearch360.com unpkg.com *.typekit.net *.bootstrapcdn.com fonts.googleapis.com *.googleapis.com *.gstatic.com *.jquery.com *.jsdelivr.net; form-action *.bsk.com bond-email.com *.list-manage.com email-bond.com; img-src * 'unsafe-inline' *.linkedin.com *.bc0a.com *.crwdcntrl.net *.d41.co *.doubleclick.net data:; object-src 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com gstatic.com *.cloudfront.net *.us-west-2.on.aws.com *.google-analytics.com google-analytics.com *.google.com adservice.google.com adservice.google.ad adservice.google.ae adservice.google.com.af adservice.google.com.ag adservice.google.com.ai adservice.google.al adservice.google.am adservice.google.co.ao adservice.google.com.ar adservice.google.as adservice.google.at adservice.google.com.au adservice.google.az adservice.google.ba adservice.google.com.bd adservice.google.be adservice.google.bf adservice.google.bg adservice.google.com.bh adservice.google.bi adservice.google.bj adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.bs adservice.google.bt adservice.google.co.bw adservice.google.by adservice.google.com.bz adservice.google.ca adservice.google.cd adservice.google.cf adservice.google.cg adservice.google.ch adservice.google.ci adservice.google.co.ck adservice.google.cl adservice.google.cm adservice.google.cn adservice.google.com.co adservice.google.co.cr adservice.google.com.cu adservice.google.cv adservice.google.com.cy adservice.google.cz adservice.google.de adservice.google.dj adservice.google.dk adservice.google.dm adservice.google.com.do adservice.google.dz adservice.google.com.ec adservice.google.ee adservice.google.com.eg adservice.google.es adservice.google.com.et adservice.google.fi adservice.google.com.fj adservice.google.fm adservice.google.fr adservice.google.ga adservice.google.ge adservice.google.gg adservice.google.com.gh adservice.google.com.gi adservice.google.gl adservice.google.gm adservice.google.gr adservice.google.com.gt adservice.google.gy adservice.google.com.hk adservice.google.hn adservice.google.hr adservice.google.ht adservice.google.hu adservice.google.co.id adservice.google.ie adservice.google.co.il adservice.google.im adservice.google.co.in adservice.google.iq adservice.google.is adservice.google.it adservice.google.je adservice.google.com.jm adservice.google.jo adservice.google.co.jp adservice.google.co.ke adservice.google.com.kh adservice.google.ki adservice.google.kg adservice.google.co.kr adservice.google.com.kw adservice.google.kz adservice.google.la adservice.google.com.lb adservice.google.li adservice.google.lk adservice.google.co.ls adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.com.ly adservice.google.co.ma adservice.google.md adservice.google.me adservice.google.mg adservice.google.mk adservice.google.ml adservice.google.com.mm adservice.google.mn adservice.google.ms adservice.google.com.mt adservice.google.mu adservice.google.mv adservice.google.mw adservice.google.com.mx adservice.google.com.my adservice.google.co.mz adservice.google.com.na adservice.google.com.ng adservice.google.com.ni adservice.google.ne adservice.google.nl adservice.google.no adservice.google.com.np adservice.google.nr adservice.google.nu adservice.google.co.nz adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.pg adservice.google.com.ph adservice.google.com.pk adservice.google.pl adservice.google.pn adservice.google.com.pr adservice.google.ps adservice.google.pt adservice.google.com.py adservice.google.com.qa adservice.google.ro adservice.google.ru adservice.google.rw adservice.google.com.sa adservice.google.com.sb adservice.google.sc adservice.google.se adservice.google.com.sg adservice.google.sh adservice.google.si adservice.google.sk adservice.google.com.sl adservice.google.sn adservice.google.so adservice.google.sm adservice.google.sr adservice.google.st adservice.google.com.sv adservice.google.td adservice.google.tg adservice.google.co.th adservice.google.com.tj adservice.google.tl adservice.google.tm adservice.google.tn adservice.google.to adservice.google.com.tr adservice.google.tt adservice.google.com.tw adservice.google.co.tz adservice.google.com.ua adservice.google.co.ug adservice.google.co.uk adservice.google.com.uy adservice.google.co.uz adservice.google.com.vc adservice.google.co.ve adservice.google.vg adservice.google.co.vi adservice.google.com.vn adservice.google.vu adservice.google.ws adservice.google.rs adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.cat google.com *.googletagmanager.com googletagmanager.com *.crazyegg.com *.app-us1.com *.googlesyndication.com *.doubleclick.net cdnjs.cloudflare.com newrelic.com *.newrelic.com bam.eu01.nr-data.net onetrust.com *.onetrust.com popt.in *.popt.in googletagservices.com *.googletagservices.com trackcmp.net cdn.builder.io *.activehosted.com *.contentful.com fonts.gstatic.com *.us-west-2.on.aws *.googleapis.com *.ctfassets.net *.twitter.com *.serving-sys.com *.flippingbook.com *.ceros.com; frame-src 'self' *.vimeo.com vimeo.com youtube.com *.youtube.com *.googlesyndication.com *.activehosted.com *.google.com *.googletagservices.com google.com *.twitter.com *.flippingbook.com *.ceros.com; media-src 'self' cdn.builder.io *.ctfassets.net *.activehosted.com *.contentful.com *.twitter.com *.ceros.com; report-to csp-endpoint; report-uri /api/csp-report; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cegos.fr *.cegos.com https://www.gstatic.com/ https://www.google.com/recaptcha/ https://www.googletagmanager.com/ https://tagmanager.google.com/ https://www.googleadservices.com/pagead/conversion/ https://www.google.fr/pagead/attribution/ https://www.gstatic.com/wcm/ https://www.gstatic.com/recaptcha/api2/ https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.linkedin.com/px/ https://px.ads.linkedin.com/collect/ https://platform.linkedin.com/ https://static.ads-twitter.com/uwt.js https://analytics.twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/timeline/ https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://connect.facebook.net/ https://www.youtube.com/iframe_api https://s.ytimg.com/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://bat.bing.com/bat.js https://cdn.matomo.cloud/ https://cegos.matomo.cloud/; object-src 'self'; base-uri 'none'; 1
frame-ancestors 'self' magicsearch.org 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.google-analytics.com *.gstatic.com *.googleapis.com www.googletagmanager.com accounts.google.com; style-src 'self' *.typekit.net cdnjs.cloudflare.com *.googleapis.com accounts.google.com 'unsafe-inline'; img-src 'self' data: x-raw-image mtd.org translate.google.com *.ggpht.com *.googleusercontent.com googleusercontent.com www.gravatar.com www.google.com.pr stats.g.doubleclick.net *.medium.com *.gstatic.com *.ggpht.com www.google-analytics.com www.googletagmanager.com *.googleapis.com *.googleusercontent.com www.google.com www.gravatar.com *.umbraco.org; font-src 'self' data: *.typekit.net *.gstatic.com *.fontawesome.com; connect-src 'self' mtd.org our.umbraco.com *.google.com *.ggpht.com *.googleusercontent.com googleusercontent.com www.gravatar.com *.typekit.net *.mtd.org cdnjs.cloudflare.com accounts.google.com *.gstatic.com www.google-analytics.com *.googleapis.com www.googletagmanager.com maps.googleapis.com stats.g.doubleclick.net; media-src 'self'; frame-src 'self' www.google.com www.youtube.com accounts.google.com; worker-src 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; sandbox allow-forms allow-popups allow-scripts allow-same-origin allow-scripts allow-top-navigation allow-presentation; base-uri https://mtd.org; manifest-src 'self'; object-src 'self'; report-uri https://ridemtd.report-uri.com/r/d/csp/enforce; 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss: img-src: 1
frame-ancestors 'self' youtube.googleapis.com www.youtube.com;default-src 'self' data: https:;manifest-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms youtube.googleapis.com www.bayadera.ua www.googletagmanager.com www.google.com.ua analytics.google.com www.facebook.com portmone.com.ua www.google-analytics.com www.googleadservices.com www.googletagmanager.com www.gstatic.com apis.google.com code.jquery.com cdn.jsdelivr.net connect.facebook.net esputnik.com googleads.g.doubleclick.net www.google.com maps.googleapis.com  *.esputnik.com *.hotjar.com *.novatalks.ai static.cloudflareinsights.com accounts.google.com;connect-src 'self' *.clarity.ms *.hotjar.io wss://*.hotjar.com/api/v2/client/ws  youtube.googleapis.com www.bayadera.ua www.google.com.ua analytics.google.com apis.google.com *.facebook.com portmone.com.ua www.google-analytics.com stats.g.doubleclick.net  *.novatalks.ai  *.esputnik.com esputnik.com storage.googleapis.com cloudflareinsights.com accounts.google.com maps.googleapis.com www.googletagmanager.com *.hotjar.com;img-src * 'self' data: https:; style-src 'self' 'unsafe-inline' blob: storage.googleapis.com www.bayadera.ua fonts.googleapis.com accounts.google.com *.novatalks.ai;font-src 'self' data: www.bayadera.ua fonts.gstatic.com storage.googleapis.com  *.novatalks.ai; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval';  script-src * 'unsafe-inline' 'unsafe-eval';  connect-src * 'unsafe-inline';  img-src * data: blob: 'unsafe-inline';  frame-src *;  style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'none'; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src 'self' 'unsafe-inline' * blob:; 1
frame-ancestors 'self' https://www.wilmarcatalogs.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-j7vTmVhbb8pHDhVz9ZoxY7ZJzhuSFiDaK/i5j2yVAuvce+Hi' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self'; form-action 'self' https://www.facebook.com; frame-ancestors 'self' https://staging.qualityhealth.com https://qualityhealth.com https://www.qualityhealth.com https://pagemanager.sharecare.com https://www.sharecare.com; upgrade-insecure-requests ; connect-src 'self' https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.facebook.com https://smetrics.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://securepubads.g.doubleclick.net https://pagead2.googlesyndication.com https://privacyportal-na01.onetrust.com https://www.google.com https://googleads.g.doubleclick.net https://vjs.zencdn.net https://edge.api.brightcove.com https://manifest.prod.boltdns.net https://about.sharecare.com https://cdnjs.cloudflare.com; default-src 'self'; font-src 'self' https://fonts.sharecare.com https://cdn.jsdelivr.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://use.typekit.net https://fonts.gstatic.com https://pagemanager.sharecare.com; frame-src *; img-src 'self' data: https://smetrics.sharecare.com https://sb.scorecardresearch.com https://www.google.com https://www.facebook.com https://cdn.jsdelivr.net https://connect.facebook.net https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://s.sharecare.com https://s3.amazonaws.com https://p.typekit.net https://cdn.tapnative.com https://tcp.googlesyndication.com https://www.medtargetsystem.com https://adservice.google.com https://cdn.ampproject.org https://*.doubleclick.net https://ad.doubleclick.net https://match.deepintent.com https://trc.lhmos.com https://*.googlesyndication.com https://secure.adnxs.com https://preferences.trustarc.com https://choices.trustarc.com https://track.customer.io  https://cdn.cookielaw.org https://www.googletagmanager.com https://metrics.brightcove.com https://cf-images.us-east-1.prod.boltdns.net https://about.sharecare.com; media-src *; object-src 'none'; prefetch-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://assets.adobedtm.com https://use.typekit.net https://cdn.cookielaw.org https://s.sharecare.com https://preferences.truste.com https://sb.scorecardresearch.com https://www.googleadservices.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.google.com https://pi.pardot.com https://www2.sharecare.com https://pagemanager.sharecare.com https://stpgmgr.wpenginepowered.com https://www.sharecare.com https://geolocation.onetrust.com https://ajax.googleapis.com https://www.googletagservices.com https://content.tapnative.com https://securepubads.g.doubleclick.net https://www.medtargetsystem.com https://adservice.google.com https://tcp.googlesyndication.com https://match.deepintent.com https://trc.lhmos.com https://tpc.googlesyndication.com https://cdn.ampproject.org https://assets.customer.io https://ssl.google-analytics.com https://code.jquery.com https://privacyportal-na01.onetrust.com https://players.brightcove.net https://ajax.googleapis.com https://cdn.krxd.net https://vjs.zencdn.net https://edge.api.brightcove.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *; worker-src 'self' blob:; 1
frame-ancestors 'self' *.doubleclick.net *.googlesyndication.com; object-src 'none'; 1
object-src 'none'; frame-ancestors 'self'; report-uri http://www.tssa.org/report-uri/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://theatl.social; img-src 'self' https: data: blob: https://theatl.social; style-src 'self' https://theatl.social 'nonce-nQTy1LTNxHeOan6zGfaINw=='; media-src 'self' https: data: https://theatl.social; frame-src 'self' https:; manifest-src 'self' https://theatl.social; form-action 'self'; child-src 'self' blob: https://theatl.social; worker-src 'self' blob: https://theatl.social; connect-src 'self' data: blob: https://theatl.social https://o1.theatl.social wss://theatl.social; script-src 'self' https://theatl.social 'wasm-unsafe-eval' 1
script-src  'nonce-lxhZYWp07kB3Z7Gj8uRjuw' 'report-sample' 'strict-dynamic' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' http: https:; object-src 'none'; report-uri https://csp.withgoogle.com/csp/uxe-owners-acl/about; base-uri 'self' 1
default-src 'self' oaktrading.com *.oaktrading.com *.admis.com *.admisi.com ws://*.oaktrading.com; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-ayPBYIlflDR7AyjFmBq1RA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' booking-widget.quandoo.com ajax.googleapis.com maps.googleapis.com kit.fontawesome.com code.jquery.com joblink.allibo.com connect.facebook.net www.google-analytics.com cdn.jsdelivr.net consentcdn.cookiebot.com www.googletagmanager.com cdnjs.cloudflare.com consent.cookiebot.com; style-src 'unsafe-inline' 'self' joblink.allibo.com cdnjs.cloudflare.com fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' 9110-api.quandoo.com www.google-analytics.com region1.google-analytics.com maps.googleapis.com ka-p.fontawesome.com joblink.allibo.com consentcdn.cookiebot.com; font-src 'self' ka-p.fontawesome.com fonts.gstatic.com; frame-src 'self' www.quandoo.it www.google.com consentcdn.cookiebot.com; img-src 'self' www.google-analytics.com imgsct.cookiebot.com maps.googleapis.com data: www.sebeto.com; manifest-src 'self'; media-src 'self' www.rossopomodoro.cloud; worker-src 'none'; 1
upgrade-insecure-requests; default-src * 'self' blob: data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; frame-src * 'self'; frame-ancestors * 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://docsapi.tendsign.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://cdn.tinymce.com https://www.google.com https://www.gstatic.com https://cdn.wootric.com/wootric-sdk.js https://www.googletagmanager.com https://cdn.amplitude.com https://api.eu.amplitude.com https://t.myvisitors.se;style-src 'self' 'unsafe-inline' https://docsapi.tendsign.com https://fonts.googleapis.com https://cdnjs.cloudflare.com;img-src 'self' https://docsapi.tendsign.com https://docsapireports.tendsign.com data: https://*.triggerbee.com;media-src https://f.hubspotusercontent00.net https://info.mercell.com;frame-src 'self' https://adforms.opic.com https://www.google.com https://online.csign.se https://api.gii.cloud https://ui.csign.se https://www.quicksearch.se https://dm.quicksearch.se https://www.ibinder.com https://docsapi.tendsign.com https://files.opic.com https://w2.brreg.no https://suppliers.opic.com bankid:;font-src 'self' https://docsapi.tendsign.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;connect-src 'self' https://docsapi.tendsign.com https://production.wootric.com https://wootric-eligibility.herokuapp.com https://eligibility.wootric.com https://api.eu.amplitude.com https://*.triggerbee.com;report-uri /WebResource.axd?cspReport=true 1
script-src 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' 1
frame-ancestors  https://gap.tw https://oldnavy.gap.tw https://www.gap.tw https://shopkeeper-aws.baozun.com 1
frame-ancestors 'self' https://*.chartres.fr/ https://*.chartres-metropole.fr/; 1
default-src 'self' 'unsafe-eval' *.hs-scripts.com *.iubenda.com http://cdn.hoog.design 'unsafe-inline' exch.hoog.design *.vimeo.com vumbnail.com *.googleapis.com blob: data: *.gstatic.com *.googletagmanager.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com js.hsforms.net unpkg.com cdnjs.cloudflare.com *.google.com *.pinterest.com *.tiktok.com *.youtube.com *.pinimg.com forms.hsforms.com *.hubspot.com *.doubleclick.net hubspot-forms-static-embed.s3.amazonaws.com pagead2.googlesyndication.com www.google.nl forms-na1.hsforms.com s3.eu-west-2.amazonaws.com *.google-analytics.com static.hotjar.com cdn.leadinfo.net connect.facebook.com script.hotjar.com collector.leadinfo.net connect.facebook.net api.leadinfo.com www.facebook.com http://yoast.com http://my.yoast.com *.s.w.org *.wp.com *.googleadservices.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com tagassistant.google.com/ ajax.googleapis.com player.vimeo.com cdn.ywxi.net/ taxcloud.net/tic/ *.google-analytics.com ssl.google-analytics.com/ code.jquery.com cdn.ywxi.net *.gstatic.com www.google.com/recaptcha/api.js cdnjs.cloudflare.com/ seal.thawte.com/ connect.facebook.net/ www.bellevilleboot.com bellevilleboot.com use.typekit.net/  acsbapp.com/apps/app/dist/js/; connect-src  *; style-src 'self' 'unsafe-inline' www.googletagmanager.com tagassistant.google.com/ ajax.googleapis.com p.typekit.net/ cdn.ywxi.net/ fonts.googleapis.com code.jquery.com/ cdnjs.cloudflare.com/ taxcloud.net/tic/ use.typekit.net/ https://ssl.google-analytics.com/ acsbapp.com/apps/app/dist/js/; img-src data: *; font-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.ywxi.net/ fonts.googleapis.com fonts.gstatic.com www.bellevilleboot.com bellevilleboot.com use.typekit.net/; frame-src ajax.googleapis.com www.trustedsite.com/ cdn.ywxi.net/ taxcloud.net/tic/  www.facebook.com/ staticxx.facebook.com/ www.mcafeesecure.com/ www.google.com/ player.vimeo.com/  vimeo.com/ www.vimeo.com/ cdnjs.cloudflare.com/ www.bellevilleboot.com  bellevilleboot.com use.typekit.net/ ssl.google-analytics.com/ tagassistant.google.com/ www.googletagmanager.com acsbapp.com/apps/app/dist/js/; object-src 'self' 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline';img-src 'self' 1
default-src 'none';script-src 'self' 'nonce-ad9e8f25ae36e4fc3d19cd49f4b7c25a' 'unsafe-eval' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://ebsco.us1app.churnzero.net https://*.osano.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;img-src 'self' data: https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://*.ebsco.com https://*.ebsco.zone https://*.ebscohost.com https://p.typekit.net https://*.cloudflare.com https://mobile.micromedexsolutions.com https://cmp.osano.com https://play.google.com/intl/en_us/badges/static/images/badges/en_badge_web_generic.png https://linkmaker.itunes.apple.com/en-us/badge-lrg.svg https://ebsco-dev.us1app.churnzero.net https://ebsco.us1app.churnzero.net https://us2img.churnzero.net;connect-src 'self' https://*.osano.com https://*.amplitude.com https://*.ebsco.com https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com https://dd.devqa.eismedi.com https://www.cloudflare.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://browser-intake-us3-datadoghq.com https://browser-intake-us5-datadoghq.com https://browser-intake-datadoghq.eu https://browser-intake-ddog-gov.com https://browser-intake-ap1-datadoghq.com https://use.typekit.net https://apis.ebsco.com https://login.ebsco.zone https://logon.ebsco.zone https://findmystacks.ebscomedical.com https://myaccount.ebsco.healthcare https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://resources.integration.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net https://analytics.churnzero.net;font-src 'self' data: https://fonts.gstatic.com https://*.typekit.net https://resources.ebsco.zone https://resources.devqa.ebsco.zone https://engagement.devqa.ebsco.zone https://ebsco-dev.us1app.churnzero.net https://engagement.ebsco.zone https://ebsco.us1app.churnzero.net;object-src 'self';media-src 'self' https://*.eis-deliveryintegration.cloud https://*.eis-deliverydevqa.cloud https://*.devqa.ebscohealth.cloud https://*.live.ebscohealth.cloud https://*.dynahealth.com https://*.dynamed.com https://*.dynamedex.com;manifest-src 'self';frame-src *;base-uri 'self';frame-ancestors *;form-action 'self';worker-src blob: 1
object-src 'none'; manifest-src 'self'; frame-ancestors 'self'; default-src 'none'; script-src 'self' 'unsafe-eval' 'sha256-xZT4QgHECLfE0jlh63xgqi9PCTdAN/80U4g0/Sy0uPY=' 'sha256-fynwwNeatXCacHQ6swcxEezVAL4vYjU1A7aWVSTlQ+Q=' 'sha256-3Ey30PJkNcf9LrK7CIqrujoq79a+uJqKgYsaBDj15Eo=' polyfill.io kit.fontawesome.com *.zdassets.com xumm.zendesk.com support.xumm.app remotejs.com plausible.io; style-src 'self' 'unsafe-inline' stackpath.bootstrapcdn.com use.fontawesome.com kit-pro.fontawesome.com kit-free.fontawesome.com fonts.googleapis.com use.typekit.net p.typekit.net xumm.app; connect-src 'self' wss://xumm.app wss://custom-node.xrpl-labs.com xumm.app ka-f.fontawesome.com api.rss2json.com ka-p.fontawesome.com *.zdassets.com xumm.zendesk.com support.xumm.app remotejs.com plausible.io kit.fontawesome.com; img-src 'self' image-proxy.xrpl-labs.com xumm.app media.giphy.com cdn.xumm.pro cdn.xumm.app xumm-cdn.imgix.net xumm.nyc3.cdn.digitaloceanspaces.com badge.fury.io github.com *.cloudfront.net cdn-images-1.medium.com cdn-images-2.medium.com; font-src 'self' use.fontawesome.com kit.fontawesome.com kit-free.fontawesome.com kit-pro.fontawesome.com fonts.gstatic.com use.typekit.net ka-p.fontawesome.com ka-f.fontawesome.com; upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.blackmonsterterror.com/csp-reports; report-to csp-endpoint 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://lepoulsdumonde.com; img-src 'self' data: blob: https://lepoulsdumonde.com https://i.lepoulsdumonde.com; style-src 'self' https://lepoulsdumonde.com 'nonce-YdDThRCEtFE4re2iprITIg=='; media-src 'self' data: https://lepoulsdumonde.com https://i.lepoulsdumonde.com; frame-src 'self' https:; manifest-src 'self' https://lepoulsdumonde.com; form-action 'self'; child-src 'self' blob: https://lepoulsdumonde.com; worker-src 'self' blob: https://lepoulsdumonde.com; connect-src 'self' data: blob: https://lepoulsdumonde.com https://i.lepoulsdumonde.com wss://lepoulsdumonde.com; script-src 'self' https://lepoulsdumonde.com 'wasm-unsafe-eval' 1
object-src 'none'; default-src 'self'; base-uri 'self'; script-src 'strict-dynamic' https: 'nonce-4070cf3219c7a74fc0255d59dc2b610a'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' https: data:; frame-src https://widget.trustpilot.com/ https://www.youtube.com/; connect-src 'self' https://bat.bing.com http://tr.outbrain.com https://trc.taboola.com https://trc-events.taboola.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com; report-uri /content_security_policy_report; upgrade-insecure-requests 1
form-action 'self' *.systempay.fr 1
default-src 'self'; font-src *;img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; frame-src 'self' *; frame-ancestors 'none'; 1
default-src 'self' ws: wss: https://*.kaartviewer.nl https://*.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://*.openbasiskaart.nl https://*.service.pdok.nl https://*.opengis.net https://*.openstreetmap.fr https://*.openstreetmap.org https://*.jquery.com https://*.google.com  https://*.google.nl https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com  https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; manifest-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://siteimproveanalytics.com https://6152012.global.siteimproveanalytics.io/ https://api-gateway.siteimprove.us/ https://*.kaartviewer.nl https://*.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://*.openbasiskaart.nl https://*.service.pdok.nl https://*.opengis.net https://*.openstreetmap.fr https://*.openstreetmap.org https://*.jquery.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.vimeocdn.com https://*.ytimg.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.openbasiskaart.nl https://*.plattegronden.gooisemeren.nl/ https://unpkg.com https://*.google.com  https://*.google.nl https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.kaartviewer.nl https://*.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://*.openbasiskaart.nl https://*.service.pdok.nl https://*.opengis.net https://*.openstreetmap.fr https://*.openstreetmap.org https://*.jquery.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.vimeocdn.com https://*.ytimg.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google.com  https://*.google.nl https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://siteimproveanalytics.com https://6152012.global.siteimproveanalytics.io/ https://api-gateway.siteimprove.us/ https://*.kaartviewer.nl https://*.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://*.openbasiskaart.nl https://*.service.pdok.nl https://*.opengis.net https://*.openstreetmap.fr https://*.openstreetmap.org https://*.jquery.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.openbasiskaart.nl https://*.plattegronden.gooisemeren.nl/ https://unpkg.com https://*.kaartviewer.nl https://*.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://*.openbasiskaart.nl https://*.service.pdok.nl https://*.opengis.net https://*.openstreetmap.fr https://*.openstreetmap.org https://*.jquery.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; object-src 'none'; media-src 'self'; frame-src 'self' https://gooisemeren.email-provider.nl https://*.gooisemeren.nl https://*.google.com  https://*.google.nl https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.vimeocdn.com https://*.ytimg.com https://*.kaartviewer.nl https://*.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://*.openbasiskaart.nl https://*.service.pdok.nl https://*.opengis.net https://*.openstreetmap.fr https://*.openstreetmap.org https://*.jquery.com; base-uri 'self'; connect-src 'self' ws: wss: https://gooisemeren.proudreports.nl https://*.google.com  https://*.google.nl https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.kaartviewer.nl https://*.nationaalgeoregister.nl/ https://cdn.jsdelivr.net/ https://plattegronden.gooisemeren.nl/ https://waarismijnstemlokaal.nl https://enquete.agconsult.com/ https://survey.alchemer.eu/ https://*.openbasiskaart.nl https://*.service.pdok.nl https://*.opengis.net https://*.openstreetmap.fr https://*.openstreetmap.org https://*.jquery.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl; report-uri https://gooisemeren.proudreports.nl/report.php; 1
worker-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors staging.firebrand.training firebrand.training cms.firebrandtraining.com 1
default-src 'self' 'unsafe-inline' *.topofart.com *.google.com *.googletagmanager.com *.google-analytics.com *.brevo.com *.zen.com *.chatra.io player.vimeo.com fonts.googleapis.com ajax.googleapis.com *.paypal.com *.paypalobjects.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ https://js.stripe.com/v3/ *.mollie.com *.list-manage.com *.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com; img-src 'self' data: *.topofart.com *.paypal.com i.vimeocdn.com i.ytimg.com *.mollie.com *.googletagmanager.com; frame-src 'self' https://player.vimeo.com https://chat.chatra.io/ *.brevo.com *.mollie.com *.paypal.com https://www.paypalobjects.com/ https://www.google.com/ https://js.stripe.com/ assets.braintreegateway.com api.sandbox.braintreegateway.com *.youtube.com *.cardinalcommerce.com tst.kaptcha.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.googleadservices.com *.doubleclick.net www.google-analytics.com ajax.googleapis.com *.googleapis.com *.googletagmanager.com *.google.com www.google.com google.com *.google.co.nz gstatic.com www.gstatic.com *.facebook.com facebook.com connect.facebook.net youtube.com *.youtube.com vimeo.com *.vimeo.com s.ytimg.com 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://translate.googleapis.com/translate_static/css/translateelement.css https://www.gstatic.com/charts/51/css/core/tooltip.css 1
frame-ancestors 'self' http://www.1001spiele.at 1
font-src fonts.gstatic.com use.typekit.net https://fonts.gstatic.com *.gstatic.com *.fontawesome.com *.googleapis.com *.transbank.cl *.embluemail.com *.apptian.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.a3d.cl *.blab.cl a3d.cl blab.cl *.google.cl *.google.com.ar *.zohopublic.com *.zohocdn.com https://www.google.com https://www.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.transbank.cl *.embluemail.com *.apptian.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.a3d.cl *.blab.cl a3d.cl blab.cl *.google.cl *.google.com.ar *.zohopublic.com *.hotjar.com  'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.transbank.cl *.google.cl maps.googleapis.com *.embluemail.com *.apptian.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.a3d.cl *.blab.cl a3d.cl blab.cl *.google.com.ar *.zohopublic.com *.issuu.com *.hotjar.com  *.weltpixel.com accounts.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.com *.a3d.cl *.blab.cl a3d.cl blab.cl *.cloudfront.com *.cloudfront.net *.transbank.cl maps.googleapis.com maps.gstatic.com s3.amazonaws.com *.embluemail.com *.apptian.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google.cl *.google.com.ar *.zohopublic.com *.zohocdn.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com commerce.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google-analytics.com *.googleapis.com *.gstatic.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.transbank.cl maps.googleapis.com *.embluemail.com *.a3d.cl *.blab.cl a3d.cl blab.cl *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.google.cl *.google.com.ar *.zohopublic.com *.zohocdn.com *.zohostatic.com *.tiktok.com *.elfsight.com *.hotjar.com  *.google.com *.avada.io accounts.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.transbank.cl *.embluemail.com *.apptian.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.doubleclick.net *.a3d.cl *.blab.cl a3d.cl blab.cl *.google.cl *.google.com.ar *.zohopublic.com *.zohostatic.com *.zohocdn.com *.fontawesome.com *.google.com *.gstatic.com accounts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com commerce.adobedtm.com commerce.adobedc.net *.snplow.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.googleapis.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.facebook.net *.facebook.com *.newrelic.com *.nr-data.net *.transbank.cl *.embluemail.com *.apptian.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.a3d.cl *.blab.cl a3d.cl blab.cl *.google.cl *.google.com.ar *.zohopublic.com wss://vts.zohopublic.com *.tiktok.com *.elfsight.com *.hotjar.com  wss://ws.hotjar.com https://*.hotjar.com http://*.hotjar.com https://*.hotjar.io http://*.hotjar.io www.google-analytics.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com https://get.geojs.io *.avada.io accounts.google.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; form-action 'self' 3dsecure.gpwebpay.com test.3dsecure.gpwebpay.com www.facebook.com; font-src 'self' data: fonts.gstatic.com *.optimonk.com; frame-ancestors 'self'; frame-src 'self' ehub.cz accounts.google.com *.doubleclick.net c.imedia.cz connect.facebook.net fbrpc://call staticxx.facebook.com tpc.googlesyndication.com www.facebook.com www.googletagmanager.com www.instagram.com www.youtube.com www.zbozi.cz www.paypal.com www.sandbox.paypal.com *.optimonk.com *.ceneo.pl studentenrabatt.com chat-widget.static-amio.com strava-embeds.com www.tiktok.com; manifest-src 'self'; img-src data: https: ssl.gstatic.com www.gstatic.com www.paypal.com www.sandbox.paypal.com *.google-analytics.com; media-src 'self' https:; script-src 'nonce-utInWWT9y+sHxdusmLv0yA==' 'unsafe-inline' 'unsafe-eval' 'self' ehub.cz browser.sentry-cdn.com js.sentry-cdn.com connect.facebook.net d70shl7vidtft.cloudfront.net googleads.g.doubleclick.net im9.cz platform.instagram.com client.smartform.cz tpc.googlesyndication.com *.google-analytics.com *.analytics.google.com www.googleadservices.com www.googletagmanager.com www.instagram.com www.zbozi.cz tagmanager.google.com www.paypal.com www.sandbox.paypal.com *.clarity.ms *.optimonk.com *.bing.com chat-widget.static-amio.com https://accounts.google.com/gsi/client; script-src-attr 'unsafe-hashes'; style-src 'unsafe-inline' 'self' client.smartform.cz tagmanager.google.com fonts.googleapis.com www.paypal.com www.sandbox.paypal.com *.optimonk.com https://accounts.google.com/gsi/style; connect-src 'self' wss: ehub.cz api.instagram.com stats.g.doubleclick.net www.facebook.com www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.google-analytics.com www.instagram.com *.sentry.io www.paypal.com www.sandbox.paypal.com analytics.tiktok.com *.clarity.ms *.optimonk.com *.clarity.ms *.bing.com metrics.aktin.sk https://accounts.google.com/gsi/ api.mapy.cz; object-src 'none'; base-uri 'none'; worker-src 'self' blob:; 1
block-all-mixed-content; frame-ancestors *.apotiguar.com.br 1
frame-ancestors 'self' https://s.brightspace.com https://*.ally.ac https://leaplti.desire2learn.com/ https://leaplti-fr.brightspace.com/ https://tryleap.brightspace.com/ https://leaplti-es.desire2learn.com/ https://leaplti-ptbr.desire2learn.com/ https://leaplti-us.brightspace.com/ https://leaplti-apac.brightspace.com/ https://leaplti-emea.brightspace.com/ https://leapqa.net https://leaplti-ap.brightspace.com https://login.microsoftonline.com/ https://login.live.com/ https://cdn.lcs.brightspace.com/ https://leaplti-in.brightspace.com; report-uri /d2l/csp/report 1
base-uri 'self'; connect-src 'self' dccdn.de *.amazonaws.com *.userlike.com wss://umd.userlike.com/umd/ *.google-analytics.com cdn.plyr.io noembed.com *.doubleclick.net maps.googleapis.com salesviewer.org www.salesviewer.com *.analytics.google.com *.linkedin.oribi.io userlike-cdn-umm.b-cdn.net; font-src 'self' *.cloudfront.net *.aral-supercard.de *.ddev.site *.antwerpes.com *.antwerpes.de dccdn.de data: *.gstatic.com userlike-cdn-umm.b-cdn.net; form-action 'self' *.ogone.com *.aral-supercard.de *.aral-supercard.de *.ddev.site aral-supercard-b2b-reload-stage.antwerpes.com; frame-src business-aral-supercard-rebuild.ddev.site customer-aral-supercard-rebuild.ddev.site madmin-aral-supercard-rebuild.ddev.site aral-supercard-b2b-stage.antwerpes.com aral-supercard-b2c-stage.antwerpes.com aral-supercard-madmin-stage.antwerpes.com business.aral-supercard.de www.aral-supercard.de madmin.aral-supercard.de www.youtube-nocookie.com stg.gcs.tp-de.net gcs.tp-de.net www.google.com www.googletagmanager.com business-aral-supercard-reloadable.ddev.site aral-supercard-b2b-reload-stage.antwerpes.com reload.business.aral-supercard.de player.vimeo.com www.youtube.com m.youtube.com anmeldung-businessacceptance.aral-supercard.de anmeldung-business.aral-supercard.de; img-src 'self' *.amazonaws.com stg.gcs.tp-de.net *.ddev.site gcs.tp-de.net *.aral-supercard.de data: blob: www.google-analytics.com *.gstatic.com www.google.com www.google.de dccdn.de *.antwerpes.de www.facebook.com *.antwerpes.com i.vimeocdn.com i.ytimg.com *.ads.linkedin.com www.wgkd.de salesviewer.org userlike-cdn-operators.userlike.com; media-src 'self' *.aral-supercard.de *.ddev.site *.antwerpes.com *.antwerpes.de dccdn.de userlike-cdn-umm.b-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.userlike.com *.cloudfront.net *.amazonaws.com *.aral-supercard.de *.ddev.site *.antwerpes.com *.antwerpes.de www.googletagmanager.com www.google-analytics.com www.gstatic.com tagmanager.google.com www.googleadservices.com www.google.com *.doubleclick.net *.googleapis.com dccdn.de connect.facebook.net *.gcs.tp-de.net gcs.tp-de.net code.jquery.com player.vimeo.com www.youtube.com *.adform.net snap.licdn.com polyfill.io userlike-cdn-umm.b-cdn.net; style-src 'self' 'unsafe-inline' 'report-sample' *.amazonaws.com *.aral-supercard.de *.ddev.site *.antwerpes.com *.antwerpes.de *.google.com *.googleapis.com dccdn.de 1
worker-src 'none'; 1
frame-ancestors 'self' *.atp-autoteile.at https://app.storyblok.com 1
default-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net www.facebook.com www.google-analytics.com www.youtube.com *.paytrail.com ajax.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.goodleadservices.com *.handshake.fi *.tiktok.com *.stripe.com *.getresponse360.pl *.getresponse.com *.gr-cdn.com *.gr-cdn-e.eu *.gr-wcon.com *.bing.com handshakemarketing.fi *.handshakemarketing.fi *.paypal.com *.googleadservices.com *.doubleclick.net autodude.se autodude.se www.autodude.fi autodude.fi valostore.fi www.valostore.fi valostore.se www.valostore.se valostore.no www.valostore.no autodude.se www.autodude.se autodude.no www.autodude.no metrics.autodude.se  *.freshchat.com *.freshworks.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.klarna.net *.adii.se *.adii.io static.criteo.net *.criteo.com *.getblue.io sc.lfeeder.com;connect-src 'self' *.google.fi *.google.se *.google-analytics.com *.analytics.google.com www.facebook.com *.g.doubleclick.net *.tiktok.com *.ingest.sentry.io *.getresponse360.pl *.getresponse.com *.getresponse.pl *.pangle-ads.com *.googlesyndication.com properties *.paypal.com https://proxy.handshake.fi metrics.autodude.se *.adii.io *.freshworks.com *.freshdesk.com *.klarnaevt.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.klarna.net *.adii.io *.criteo.com *.getblue.io;img-src https: data: http: blob:;style-src 'self' https: 'unsafe-inline' fonts.gstatic.com 'unsafe-inline' *.dinox.fi;font-src 'self' https: data: fonts.gstatic.com;frame-src *.facebook.com *.youtube.com *.google.com *.stripe.com *.getresponse360.pl *.getresponse.com *.doubleclick.net *.paypal.com *.vimeo.com metrics.autodude.se  wchat.eu.freshchat.com *.freshchat.com *.klarna.com *.klarna.net *.klarnaservices.com *.criteo.com *.criteo.net *.getblue.io;script-src-attr 'unsafe-inline';form-action *.facebook.com;report-uri https://o643929.ingest.sentry.io/api/6318034/security/?sentry_key=161b845227284238b6e4b4969c9d79fe;base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
default-src 'none';               script-src 'self' *.bakediary.com www.google-analytics.com ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://use.fontawesome.com https://kit.fontawesome.com https://www.googletagmanager.com/gtag/js 'sha256-/k5aABwUSShPXL0eGPIxnD3U+jyBtgsEqHXWQ0B5bSw=' 'sha256-75s+ck1u0/PY3lrW1f9LW5LXdb2w1Z9JGpb9iNWYgZk=' https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.js 'sha256-LT7I8sXczqURDgZJ7dXXCEG/pBD/yaxyCJkY77bL9zQ=' 'sha256-1WYaX8IjX9USrgmZoPNvwpm5mRcrAMmnG7gei3znqGM=' 'sha256-/wqRpshry99Jfd0qkRxl81USrlvYxAx6oRvoWDm6Dw4=' 'sha256-QlqAsQgrfm0E2P4ff1HvxcW7iroGjwxCXL1tUdwyyUY=' 'sha256-m0JxYhWSEp5/+oNnhkQT+D0LGYX3tM97tiJEg4eMbyQ=' 'sha256-2c8RPz7TsAx/2ys3wqfA+jQBNPOcHo2u7rR8DVqYAWA=' 'sha256-NmqiY/96GtB3fL4ICMfmM9KffnBjyRQy06DusbBp5V8=' 'sha256-NmqiY/96GtB3fL4ICMfmM9KffnBjyRQy06DusbBp5V8=' 'sha256-NeUYEwkx8b/RKEMIPXhZmylwDmhsQXAR0NJuAeFAKKw=';               object-src 'self' *.bakediary.com ;               style-src 'self' *.bakediary.com fonts.googleapis.com fonts.googleapis.com *.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/fancybox/3.5.7/jquery.fancybox.min.css 'sha256-N6tSydZ64AHCaOWfwKbUhxXx2fRFDxHOaL3e3CO7GPI=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-YTEza4CA2qPCNGLfB6mKa5FjY8kjkO/K7nQxeJxVd9E=' 'sha256-ZL58hL5KbUHBRnMK797rN7IR+Tg9Aw61ddJ/rmxn1KM=' 'sha256-oXkUQ3arpnaFECab68r7J+DpQbTpz9L7Dg5airZYDJc=';               img-src 'self' *.bakediary.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net  https://i.ytimg.com/vi_webp/ data:;               media-src 'self' *.bakediary.com;               frame-src 'self' *.bakediary.com https://www.youtube-nocookie.com/;               font-src 'self' *.bakediary.com fonts.gstatic.com kit.fontawesome.com  *.fontawesome.com data:;               connect-src 'self' *.bakediary.com *.fontawesome.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net 1
default-src 'self' 'unsafe-inline' data: wss: *.casapraticaqualita.com.br *.conquistesuavida.com.br *.jquery.com *.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.gstatic.com *.hotjar.io *.facebook.net *.facebook.com *.googletagmanager.com *.ampproject.org *.googleoptimize.com *.hotjar.com *.cloudfront.net *.youtube.com *.youtube-nocookie.com *.cdnfonts.com; base-uri 'self'; form-action 'self' *.facebook.com; object-src 'self'; media-src 'self' data: blob: *.cloudfront.net *.youtube.com *.youtube-nocookie.com; img-src 'self' data: blob: http: https:; frame-src 'self' *.casapraticaqualita.com.br *.conquistesuavida.com.br *.youtube.com *.facebook.com *.googletagmanager.com *.ampproject.org *.youtube-nocookie.com *.google.com *.paodeacucar.com; style-src 'self' 'unsafe-inline' *.casapraticaqualita.com.br *.conquistesuavida.com.br fonts.googleapis.com *.ampproject.org *.google.com *.typekit.net *.jsdelivr.net *.cloudfront.net *.cdnfonts.com; script-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.casapraticaqualita.com.br *.conquistesuavida.com.br *.googletagmanager.com *.ampproject.org www.google-analytics.com code.jquery.com *.google.com *.googleadservices.com connect.facebook.net script.hotjar.com *.googleoptimize.com *.jsdelivr.net vlibras.gov.br 1
object-src 'none'; form-action 'self'; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://pro.fontawesome.com https://kit-free.fontawesome.com https://kit-pro.fontawesome.com https://static.elfsight.com https://cdn.clicassure.com; frame-ancestors http://www.autoaubaine.com/ https://www.autoaubaine.com/ https://*.facebook.com https://www.movingwaldo.ca/ http://assurancelepelco.com https://assurancelepelco.com https://*.lowestratesqc.ca http://*.lowestratesqc.ca https://api-95b4b19f.duosecurity.com https://qc.wawanesa.com https://hardbacon.ca 1
frame-ancestors 'self';upgrade-insecure-requests; report-uri https://l.iplsc.com/logger/ 1
block-all-mixed-content; frame-ancestors *.drivepneus.com.br 1
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' https://dkstatics-public.digikala.com https://dkstatics-public-2.digikala.com https://dkstatics-public-3.digikala.com  https://img.filmkala.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://firebase.googleapis.com https://fonts.googleapis.com https://fonts.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://ajax.googleapis.com https://gstatic.com https://www.gstatic.com *.google-analytics.com https://maxst.icons8.com https://use.fontawesome.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://fcmregistrations.googleapis.com https://code.jquery.com https://polyfill.io https://www.googleapis.com https://apis.google.com https://hominextcom.firebaseapp.com https://securetoken.googleapis.com https://www.google.com https://www.digikala.com https://accounts.google.com https://trustseal.enamad.ir; 1
frame-ancestors 'self' https://oze-cycow.pl https://solary-zwierzyniec.eu; 1
default-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com trck.spoteffects.net www.lotto.de m.lotto.de www.youtube.com; script-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com connect.facebook.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.google.com data1.bresera.com data1.open-dog.com connect.facebook.net tags.tiqcdn.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de responder.wt-safetag.com tags.tiqcdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com translate.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de 'unsafe-inline'; style-src-elem 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.gstatic.com 'unsafe-inline'; connect-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de miframe.lotto.de iframe.lotto.de www.youtube.com trck.spoteffects.net cdn.1tag.dentsu.de delivery.1tag.dentsu.de www.facebook.com translate.googleapis.com data:; font-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com fonts.gstatic.com api.rabatta.app data:; img-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com s.w.org ps.w.org www.gstatic.com secure.gravatar.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de eurojackpot.webtrekk.net fbc.wcfbc.net ad3.adfarm1.adition.com imagesrv.adition.com i.ytimg.com www.facebook.com fonts.gstatic.com www.googleadservices.com adservice.google.com *.googleapis.com www.google-analytics.com translate.google.com pagead2.googlesyndication.com www.google.ae www.google.al www.google.at www.google.ba www.google.be www.google.bg www.google.ca www.google.ch www.google.co.cr www.google.co.in www.google.co.kr www.google.com www.google.co.ma www.google.com.br www.google.com.cy www.google.com.do www.google.com.eg www.google.com.gh www.google.com.gt www.google.com.mx www.google.com.ph www.google.com.sg www.google.com.tr www.google.com.ua www.google.co.th www.google.co.uk www.google.co.ve www.google.co.za www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gm www.google.gr www.google.hr www.google.hu www.google.ie www.google.iq www.google.is www.google.it www.google.lk www.google.lu www.google.lv www.google.me www.google.mk www.google.nl www.google.no www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.se www.google.si www.google.sk data:; child-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com www.googleapis.com cdn.1tag.dentsu.de delivery.1tag.dentsu.de; frame-src 'self' prodmrm.eurojackpot.de prodmrm.eurojackpot.com eurojackpot.de www.eurojackpot.de eurojackpot.com www.eurojackpot.com m.lotto.de www.lotto.de lotto.de www.youtube-nocookie.com www.facebook.com; base-uri 'self'; report-uri https://1934a11189c9ec9d302de0ee10e4c650.report-uri.com/r/t/csp/enforce 1
frame-ancestors https://www.transportonline.com https://www.trasporti.it http://www.uominietrasporti.it 1
frame-ancestors https://transportesostenible.com 1
frame-ancestors 'self'  https://flashpegasus.com.br/ https://rotas.flashpegasus.com.br/ https://www.flashpegasus.com.br/  https://flashpegasus.jall.com.br https://pegasus.flashpegasus.com.br/ https://www.googletagmanager.com https://www.google-analytics.com/analytics.js  https://xhr.spec.whatwg.org  https://storage.googleapis.com/ ;default-src 'self' https://flashlog.jall.com.br https://127.0.0.1:* wss://127.0.0.1:* https://locker.flashpegasus.com.br https://177.154.146.97/ https://flashpegasus.com.br/ https://pegasus.flashpegasus.com.br/  https://storage.googleapis.com/ ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://rotas.flashpegasus.com.br/ https://www.google-analytics.com https://www.googletagmanager.com/ pegasus.flashpegasus.com.br/  https://storage.googleapis.com/ ; style-src 'self' 'unsafe-inline'; report-uri csper.io/; object-src 'none'; upgrade-insecure-requests; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ https://www.gstatic.com/ https://www.google.com/ https://flashpegasus.com.br/ https://www.googletagmanager.com/ https://www.google-analytics.com/ ; connect-src  'self' https://flashlog.jall.com.br/ https://servicosdig.flashpegasus.com.br/ https://127.0.0.1:* wss://127.0.0.1:* https://www.google-analytics.com https://pegasus.flashpegasus.com.br/ https://flashpegasus.com.br/ https://storage.googleapis.com/ ; img-src 'self'  blob: cadastroCourier.xhtml:0 cadastroCourier.xhtml:1 https://pegasus.flashpegasus.com.br https://flashpegasus.com.br https://www.googletagmanager.com/ https://www.google-analytics.com/ https://127.0.0.1:* data: https://storage.googleapis.com/; base-uri 'self' ; frame-src 'self' https://www.google.com/ servicosdig.flashpegasus.com.br https://flashpegasus.com.br/ https://www.flashpegasus.com.br/ https://jall.com.br https://177.154.146.97:8081 https://rotas.flashpegasus.com.br 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-qKGnSBehV52b3U/KaZgWsw==' 'sha256-2lWLrBMqNEeZZva7ECueFJwRLzfyWRLI38lTzWLH7yo=' 'sha256-U+9uytu1wNMDRkbPT1c4SIzmnZr8B8uJ7tscj8Ot6mg=' 'sha256-HvvN5yPriLCRgi9bVg0Hozz+q2IBkC2kcKL/3qvA0J8=' 'sha256-xGW3t2xpyqjAcyhMhYMWQzn6m/fL1Wj/aig8sUa54o0=' https://*.swogo.net https://sdk.privacy-center.org https://*.svea.com https://*.tiktok.com https://*.facebook.net https://panelista.com https://*.googletagmanager.com https://*.vimeo.com https://*.hotjar.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bing.com https://www.googleanalytics.com https://*.voyado.com https://*.testfreaks.com 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.redeal.se https://*.redeal.io https://*.testfreaks.com 'unsafe-inline'; connect-src 'self' *.fyndiq.se *.cdon-qlty.se analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://rum.browser-intake-datadoghq.com https://*.apptus.cloud https://*.swogo.net https://*.privacy-center.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.sentry.io https://cloudflareinsights.com https://*.googleapis.com https://*.snapchat.com https://*.microsofttranslator.com https://*.microsoft.com https://*.googlesyndication.com https://*.azurewebsites.net https://cdn.growthbook.io https://*.redeal.se https://*.redeal.io https://*.testfreaks.com; frame-src https://*.svea.com https://*.hotjar.com https://*.isecrets.se https://panelista.com https://reclaimit-support.fyndiq.se https://*.reclaimit.com https://bid.g.doubleclick.net https://*.googletagmanager.com https://*.facebook.com https://*.googlesyndication.com https://*.vimeo.com https://*.tradedoubler.com https://*.youtube.com https://*.redeal.se https://*.redeal.io tel: https://*.testfreaks.com; font-src 'self' https://fonts.gstatic.com data: https://*.hotjar.com; frame-ancestors 'self' https://fyndiq-dev.sanity.studio https://app.datadoghq.com https://*.testfreaks.com https://fyndiq.dk https://*.fyndiq.dk https://fyndiq.fi https://*.fyndiq.fi https://fyndiq.no https://*.fyndiq.no https://fyndiq.se https://*.fyndiq.se 1
base-uri 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'nonce-qyy5vPs3/eCYQizxdS7TBA==' 'sha256-2lWLrBMqNEeZZva7ECueFJwRLzfyWRLI38lTzWLH7yo=' 'sha256-U+9uytu1wNMDRkbPT1c4SIzmnZr8B8uJ7tscj8Ot6mg=' 'sha256-HvvN5yPriLCRgi9bVg0Hozz+q2IBkC2kcKL/3qvA0J8=' 'sha256-xGW3t2xpyqjAcyhMhYMWQzn6m/fL1Wj/aig8sUa54o0=' https://*.swogo.net https://sdk.privacy-center.org https://*.svea.com https://*.tiktok.com https://*.facebook.net https://panelista.com https://*.googletagmanager.com https://*.vimeo.com https://*.hotjar.com https://*.google.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.bing.com https://www.googleanalytics.com https://*.voyado.com https://*.testfreaks.com 'unsafe-eval' 'report-sample' 'strict-dynamic'; style-src 'self' https://tagmanager.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.hotjar.com https://*.redeal.se https://*.redeal.io https://*.testfreaks.com 'unsafe-inline'; connect-src 'self' *.fyndiq.se *.cdon-qlty.se analytics.tiktok.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.doubleclick.net https://rum.browser-intake-datadoghq.com https://*.apptus.cloud https://*.swogo.net https://*.privacy-center.org https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.bing.com https://*.facebook.com https://*.sentry.io https://cloudflareinsights.com https://*.googleapis.com https://*.snapchat.com https://*.microsofttranslator.com https://*.microsoft.com https://*.googlesyndication.com https://*.azurewebsites.net https://cdn.growthbook.io https://*.redeal.se https://*.redeal.io https://*.testfreaks.com; frame-src https://*.svea.com https://*.hotjar.com https://*.isecrets.se https://panelista.com https://reclaimit-support.fyndiq.se https://*.reclaimit.com https://bid.g.doubleclick.net https://*.googletagmanager.com https://*.facebook.com https://*.googlesyndication.com https://*.vimeo.com https://*.tradedoubler.com https://*.youtube.com https://*.redeal.se https://*.redeal.io tel: https://*.testfreaks.com; font-src 'self' https://fonts.gstatic.com data: https://*.hotjar.com; frame-ancestors 'self' https://fyndiq-dev.sanity.studio https://app.datadoghq.com https://*.testfreaks.com https://fyndiq.dk https://*.fyndiq.dk https://fyndiq.fi https://*.fyndiq.fi https://fyndiq.no https://*.fyndiq.no https://fyndiq.se https://*.fyndiq.se 1
block-all-mixed-content; frame-ancestors *.gelniche.com.br 1
object-src 'none'; base-uri 'none'; script-src 'unsafe-eval' 'unsafe-inline' 'self' 'nonce-NTJlZTY3ZDgtMWRkMy00NWMxLTk1OTgtYTU0YTFiMjliNjY0' *.visualwebsiteoptimizer.com app.vwo.com 'strict-dynamic' 1
font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com maxcdn.bootstrapcdn.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://integration-cart.shophumm.com.au/ *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.google.com *.weltpixel.com https://secure.ewaypayments.com/ https://secure-au.sandbox.ewaypayments.com/ *.salefinder.com.au https://nexuspublications.com.au/ https://sidebar.bugherd.com/ https://www.youtube.com/ *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.gstatic.com *.googleapis.com https://www.googletagmanager.com/ https://www.facebook.com/ https://scontent.cdninstagram.com/ https://google.com.ph/ https://secure.ewaypayments.com/ https://connect.facebook.net/ *.cloudfront.net *.salefinder.com.au *.meetanshi.com https://meetanshi.com/media/logo.png www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.facebook.com/ https://connect.facebook.net/ https://nexuspublications.com.au/ *.salefinder.com.au https://secure.ewaypayments.com/scripts/ https://maps.googleapis.com/maps/api/ https://foursixty.com/media/scripts/ https://www.bugherd.com/ https://sidebar.bugherd.com/ https://www.youtube.com/ *.meetanshi.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com https://foursixty.com/media/styles/embed/ *.salefinder.com.au maxcdn.bootstrapcdn.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.algolia.com *.algolianet.com *.googleapis.com https://stats.g.doubleclick.net/ https://analytics.google.com/ https://foursixty.com/api/v2/good-price-pharmacy-warehouse/ https://image-complainer.foursixty.com/ https://maps.googleapis.com/ *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
form-action 'self';frame-ancestors 'self';block-all-mixed-content 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com; base-uri 'self', frame-ancestors 'self' https://*.facebook.com https://*.ups.com, frame-ancestors 'self' https://*.facebook.com https://*.ups.com 1
default-src 'self' https:; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://media.growappy.com https://growappy.s3.amazonaws.com https://www.google.com https://www.google-analytics.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://maps.googleapis.com https://pagead2.googlesyndication.com https://developers.google.com https://partner.googleadservices.com https://adservice.google.pt https://adservice.google.com https://tpc.googlesyndication.com https://appleid.cdn-apple.com; style-src 'self' 'unsafe-inline' https://growappy.s3.amazonaws.com https://media.growappy.com https://fonts.googleapis.com; img-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com https://www.facebook.com https://www.google.com https://www.google.pt https://www.googletagmanager.com https://www.google-analytics.com https://maps.gstatic.com https://maps.googleapis.com https://pagead2.googlesyndication.com data: blob:; connect-src 'self' https://region1.google-analytics.com https://region1.analytics.google.com https://www.growappy.com wss://www.growappy.com https://s3.eu-west-1.amazonaws.com https://growappy.s3-accelerate.amazonaws.com  https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://l.sharethis.com; font-src 'self' https://growappy-test.s3.amazonaws.com https://media.growappy.com https://fonts.gstatic.com data:; object-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com; media-src 'self' https://growappy.s3.amazonaws.com https://media.growappy.com; worker-src 'self' blob:; child-src 'self' blob:; form-action 'self' https://www.facebook.com; base-uri 'self'; manifest-src 'self'; frame-src 'self' https://media.growappy.com https://growappy.s3.amazonaws.com https://www.youtube.com https://www.facebook.com  https://www.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://appleid.cdn-apple.com; frame-ancestors 'self' https://www.growappy.com; 1
frame-ancestors 'self' https://www.honestdocs.id/ 1
frame-src 'self';frame-ancestors 'self'; object-src 'none'; 1
script-src 'nonce-8aAbrijRxqYp8GzGjFYbUBAbBSULOHyM' 'self' 'unsafe-eval' 'unsafe-inline' cdn-eu.realytics.net cdn.taboola.com certify-js.alexametrics.com connect.facebook.net googleads.g.doubleclick.net i.realytics.io maps.googleapis.com s2.adform.net sdk.privacy-center.org t4.my-probance.one tc-sync.realytics.io track.adform.net trc.taboola.com w.usabilla.com www.google-analytics.com www.google.com www.googleadservices.com www.googletagmanager.com www.gstatic.com www.iadfrance.fr tag.analytics-helper.com static.trackuity.com api.trackuity.com optimize.google.com www.googleanalytics.com www.googleoptimize.com *.hotjar.com adservice.google.com;base-uri 'self' d6tizftlrpuof.cloudfront.net;connect-src 'self' api.sys.alfredo.pt api.privacy-center.org api.realytics.io hooks.slack.com/services/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 intranet.iadholding.com maps.googleapis.com stats.g.doubleclick.net trc-events.taboola.com v2.dev.sys.alfredo.pt v2.sys.alfredo.pt www.google-analytics.com event.analytics-helper.com region1.google-analytics.com www.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com ad.doubleclick.net;default-src 'self';font-src 'self' data: fonts.gstatic.com *.hotjar.com;form-action 'self' www.facebook.com;frame-src www.youtube.com www.google.com www.facebook.com optimize.google.com www.googleoptimize.com pretto.iadfrance.fr player.vimeo.com *.hotjar.com 13090507.fls.doubleclick.net;img-src 'self' data: certify.alexametrics.com fonts.gstatic.com maps.gstatic.com maps.googleapis.com redirect.prod.experiment.routing.cloudfront.aws.a2z.com www.dailymotion.com www.facebook.com www.google-analytics.com www.google.com www.google.fr www.googletagmanager.com blog.iadfrance.fr blog.iadespana.es news.iad-italia.it ratgeber.iaddeutschland.de blog.iadportugal.pt pubads.g.doubleclick.net googleads.g.doubleclick.net optimize.google.com opqy.iadfrance.fr *.hotjar.com 13090507.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com adservice.google.com adservice.google.fr;object-src 'none';style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com optimize.google.com *.hotjar.com 1
script-src 'nonce-T7VghsYJitHNqRCNHCKbZ3rhN7GlKeH6' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval';frame-ancestors https://business.jobs.at https://*.jobs-business.staging.karriere.at https://region-eferding.topicsportal.com;base-uri 'none';object-src 'none' 1
frame-ancestors 'self' koreagoldx.co.kr *.koreagoldx.co.kr 1
default-src 'none'; block-all-mixed-content; child-src 'self' ps.kuralink.se sts.kuralink.se atlas.microsoft.com kuralink.se; worker-src blob: kuralink.se; connect-src 'self' ps.kuralink.se sts.kuralink.se app.kuralink.se translate.googleapis.com wss://bokadoktorn-test.net wss://kuralink.se atlas.microsoft.com maps.googleapis.com; font-src 'self' data: fonts.gstatic.com atlas.microsoft.com; frame-ancestors 'self' webdoc.atlan.se vgs2.lfnet.se vgs2.lansforsakringar.se sts.kuralink.se; frame-src 'self' ps.kuralink.se sts.kuralink.se; img-src 'self' www.gstatic.com blob: data: csi.gstatic.com khms0.googleapis.com khms1.googleapis.com maps.gstatic.com maps.google.com maps.googleapis.com atlas.microsoft.com sts.kuralink.se; script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.google.com maps.googleapis.com atlas.microsoft.com sts.kuralink.se; style-src 'self' 'unsafe-inline' fonts.googleapis.com atlas.microsoft.com; style-src-elem 'self' 'unsafe-inline' translate.googleapis.com fonts.googleapis.com atlas.microsoft.com; form-action 'self' sts.kuralink.se; base-uri 'self'; navigate-to 'self'; report-uri /api/v1/monitor/cspreport; object-src 'self'; 1
connect-src   'self' api.loaney.es tracker.loaney.es www.facebook.com stats.g.doubleclick.net *.google-analytics.com *.analytics.google.com mc.yandex.ru mc.yandex.md mc.yandex.com *.taboola.com *.criteo.com patata.loaney.es logger.loaney.es; default-src   'self'; font-src   'self' fonts.googleapis.com fonts.gstatic.com; frame-src   api.loaney.es www.googletagmanager.com mc.yandex.ru mc.yandex.md mc.yandex.com www.facebook.com *.criteo.com *.unnax.com; img-src   'self' blob: data: api.loaney.es www.facebook.com misolvencia.es *.google-analytics.com *.google.com *.google.ru *.google.es mc.yandex.ru mc.yandex.com patata.loaney.es ferrymill.zendesk.com ferrymillsupport.zendesk.com www.gstatic.com www.googletagmanager.com *.zdusercontent.com *.quora.com *.taboola.com *.adxns.com *.microad.jp *.tapad.com *.smaato.net *.criteo.com *.adsrvr.org *.eu-central-1.amazonaws.com; report-uri   https://report-uri.loaney.es/csp-report; script-src   'self' 'unsafe-inline' *.google-analytics.com connect.facebook.net www.googletagmanager.com mc.yandex.ru mc.yandex.com *.taboola.com *.quora.com *.criteo.com *.criteo.net; style-src   'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self' https://*.youtube.com https://*.youtube-nocookie.com https://*.youtube-.com https://*.mistercredit.it https://*.trustpilot.com https://www.google.it https://*.doubleclick.net https://www.googleadservices.com https://*.imrworldwide.com https://*.bing.com https://*.facebook.com https://*.facebook.net https://wa.me https://*.matomo.cloud https://*.convy.ai https://*.usercentrics.eu https://*.google-analytics.com https://*.googletagmanager.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.umbraco.org/ https://*.facebook.com 'unsafe-inline' 'unsafe-eval' data: blob: 1
default-src 'self' localhost:4200 mojagazetka.com.pl mojagazetka.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https:; child-src 'self' mojagazetka.com; style-src 'self' 'unsafe-inline' www.gstatic.com unpkg.com *.googleapis.com https:; font-src 'self' fonts.gstatic.com data:; img-src 'self' *.moja-e-gazetka.pl mojagazetka.com *.google-analytics.com data: https:; frame-src *; connect-src 'self' https: wss:; 1
block-all-mixed-content; frame-ancestors *.moveisgruber.com.br 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.lu 1
frame-ancestors 'self'; report-uri https://www.ninhosdobrasil.com.br/report-uri/enforce 1
default-src 'none'; img-src 'self' data: *.notaiofacile.it *.google.com *.google.it *.google-analytics.com *.doubleclick.netg *.doubleclick.net *.cookiebot.com *.googletagmanager.com; frame-src *.youtube.com player.vimeo.com *.facebook.com *.googletagmanager.com *.google.com *.googletagmanager.comg *.cookiebot.com *.doubleclick.net; style-src 'unsafe-inline' *.notaiofacile.it *.googleapis.com *.gstatic.com; font-src *.notaiofacile.it *.googleapis.com *.gstatic.com *.googletagmanager.com; script-src 'unsafe-inline' 'unsafe-eval' *.notaiofacile.it *.google.com *.gstatic.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.google-analytics.com *.doubleclick.net *.facebook.net cdn.ampproject.org *.cookiebot.com; form-action 'self' *.notaiofacile.it *.egregionotaio.it; connect-src *; manifest-src *; 1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.nl *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://js.hcaptcha.com/ https://maps.googleapis.com https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: unpkg.com; connect-src 'self' *.openbank.nl *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.nl px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com www.facebook.com; media-src 'self' *.openbank.com *.youtube.com; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com blob: https://newassets.hcaptcha.com *.doubleclick.net ;frame-ancestors 'self' https://openbank.campaign.adobe.com; 1
default-src 'self'; base-uri 'self'; script-src 'nonce-2c3bcbcc24ee4d4991cc387130753165' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' https: 'report-sample'; connect-src 'self' www.googletagmanager.com *.facebook.com translate.googleapis.com *.instana.io wss://mpsnare.iesnare.com *.usercentrics.eu bat.bing.com/actionp/ *.liadm.com *.parship.dev www.googleadservices.com *.doubleclick.net *.google.com google.com; frame-ancestors 'self' secure1.parship.com secure1.eharmony.com secure1.elitepartner.de *.parship.dev; frame-src 'self' support.parship.be tms.parship.be *.greatviews.de app.usercentrics.eu www.youtube-nocookie.com accounts.google.com translate.googleapis.com *.doubleclick.net *.liadm.com; object-src 'none'; img-src 'self' data: http: https: *.instana.io ; font-src 'self' data: *.typekit.net; style-src 'self' 'unsafe-inline' 'report-sample' *.typekit.net accounts.google.com/gsi/style translate.googleapis.com; upgrade-insecure-requests; report-uri /ls/ 1
default-src 'self';             script-src 'self' cdn.ampproject.org 'nonce-vyTOauvzQEvrYkAqWdkWXORB'                 'sha256-l9zA43vGCsyV0dZBCL5tw0GJ5ClMZeaW7PX/lXjwX8U='                 'sha256-hwohG/c84cZePIUpNktSO06rdJUCD2Ov/a3yKrDWJxI='                 'sha256-6VZm7EDy2oj9SmrEmuQj8MnpoPRC28h6YQf84C9TvGo='                 'sha256-tA5VQbe08fbvAbI7KZKx/U6QLLLkMTlCiQHA2OMj/Qs='                 'sha256-bAkVFNgZxKBxhYSB47AHyBeA1IChxnR4x4it/ucHw04='                 'sha256-TN6VyTf7KQPpzPPgQv+rOgxOCNCtXk17GXT2rOrBWL0='                 'sha256-rKIl7E5JAu9e43xL5kSoPSeJ5LSDzPj7RmgnZBDNe/8='                 'sha256-pMi7OpWnmqvQ1Ht/khfqy6h+L5zjD9Waogxwmky2uII='                 *.googletagmanager.com *.google.com *.google-analytics.com                 cdnjs.cloudflare.com googleads.g.doubleclick.net                 *.gstatic.com *.googleapis.com snap.licdn.com *.googleadservices.com cdn.cookielaw.org 		*.onetrust.com facebook.com *.linkedin.com *.facebook.net *.hotjar.com *.hotjar.io 		*.kampyle.com *.medallia.eu *.eskimi.com ssgtm.bnpparibas-pf.bg *.dotomi.com ssgtm.pbpf.bg;            style-src 'self' 'unsafe-inline' fonts.googleapis.com *.google.com *.googletagmanager.com *.kampyle.com *.medallia.eu *.eskimi.com ;            object-src 'none';            base-uri 'self';            connect-src 'self' cdn.ampproject.org *.google-analytics.com *.analytics.google.com stats.g.doubleclick.net                  *.appspot.com cdn.cookielaw.org *.onetrust.com *.hotjar.com *.hotjar.io wss://*.hotjar.com 		 *.kampyle.com *.medallia.eu cookies-data.onetrust.io ssgtm.pbpf.bg ssgtm.bnpparibas-pf.bg *.dotomi.com ;            font-src 'self' data: fonts.gstatic.com *.hotjar.com *.hotjar.io *.kampyle.com *.medallia.eu;            frame-src 'self' chatbot.bnpparibas-pf.bg www.google.com *.doubleclick.net *.hotjar.com *.hotjar.io *.kampyle.com *.medallia.eu chatbot.pbpf.bg;            img-src 'self' *.gstatic.com *.googleapis.com *.doubleclick.net *.google.com *.google-analytics.com *.linkedin.com data:                   www.googletagmanager.com www.google.bg cdn.cookielaw.org *.facebook.com *.hotjar.com *.hotjar.io *.kampyle.com *.medallia.eu *.eskimi.com;            manifest-src 'self';            media-src 'self';             worker-src 'self' blob: cdn.ampproject.org;            form-action 'self' ecg.test.upc.ua secure.kbcbank.bg 3dsgate-dev.borica.bg 3dsgate.borica.bg; 1
img-src     'self' data:     *.webqamapps.com     *.pizzacosy.fr     *.pizzacosy.re     *.gravatar.com     *.doubleclick.net     *.gstatic.com     *.google.fr     *.google.com     *.google.nl     *.googleapis.com     *.google-analytics.com     *.googleadservices.com     *.googletagmanager.com     *.googlesyndication.com     *.ytimg.com     *.juicer.io     *.axept.io     *.snapchat.com     *.facebook.com     *.avis-verifies.com     *.linkedin.com     *.myli.io     axeptio.imgix.net     n-app.myli.io     *.join-stories.com   ;   media-src     'self' data:     *.webqamapps.com     *.pizzacosy.fr     *.pizzacosy.re     *.join-stories.com   ;   frame-src     'self'     *.sibforms.com     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re     *.youtube.com     *.google.com     *.google.nl     *.dailymotion.com     *.googletagmanager.com     *.snapchat.com     *.facebook.com     *.googlesyndication.com     *.googleadservices.com   ;   frame-ancestors     'self'     *.sibforms.com     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re     *.youtube.com     *.google.com     *.google.nl     *.dailymotion.com     *.googletagmanager.com     *.snapchat.com     *.facebook.com     *.googlesyndication.com     *.googleadservices.com   ;   script-src-elem     'self' 'unsafe-eval' 'unsafe-inline' data:     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re     *.youtube.com     *.gstatic.com     *.google.fr     *.google.com     *.google.nl     *.googleapis.com     *.google-analytics.com     *.googletagmanager.com     *.googlesyndication.com     *.googleadservices.com     *.doubleclick.net     *.axept.io     *.libcdn.com     *.licdn.com     *.snapchat.com     connect.facebook.net     analytics.tiktok.com     sc-static.net/scevent.min.js     widgets.rr.skeepers.io     cdn-app.myli.io     CL.avis-verifies.com     pizza-cosy.my.join-stories.com   ;   script-src     'self' 'unsafe-eval' 'unsafe-inline' data:     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re   ;   object-src     'self'     *.webqamapps.com     *.doubleclick.net     *.pizzacosy.fr     *.pizzacosy.re   ; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://gum.criteo.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://cdn-ukwest.onetrust.com https://plasmon-it.piwik.pro https://*.teads.tv; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.plasmon.it https://connect.facebook.net https://tr.snapchat.com https://*.plasmon.it; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googlesyndication.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net 'self' https://cdn-ukwest.onetrust.com 'unsafe-inline' 'unsafe-eval' https://plasmon-it.containers.piwik.pro https://plasmon-it.piwik.pro https://p.teads.tv https://static.criteo.net https://*.criteo.com https://*.lytics.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com/ 'self' https://cdn-ukwest.onetrust.com https://*.lytics.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; img-src 'self' data: https://cookie-cdn.cookiepro.com https://www.google-analytics.com https://pluginicons.craft-cdn.com/ https://pluginscreenshots.craft-cdn.com https://embed.tawk.to https://tawk.link https://cdn.jsdelivr.net/emojione; style-src 'self' 'unsafe-inline' fonts.googleapis.com embed.tawk.to; font-src 'self' embed.tawk.to fonts.gstatic.com data:; frame-src 'self' https://js.stripe.com/ https://www.youtube.com/ https://www.youtube.com/embed/ va.tawk.to; media-src 'self' embed.tawk.to tawk.link; connect-src 'self' https://www.google-analytics.com https://region1.google-analytics.com https://boards-api.greenhouse.io https://cookie-cdn.cookiepro.com https://feed-proxy.craftcms.com https://api.craftcms.com *.tawk.to wss://*.tawk.to; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://js.stripe.com/v2/ https://cookie-cdn.cookiepro.com https://engie-energyaccess.us2.list-manage.com https://s3.amazonaws.com https://geolocation.onetrust.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://boards-api.greenhouse.io https://boards.greenhouse.io https://embed.tawk.to https://cdn.jsdelivr.net/emojione/; report-uri https://sentry.payg.ee/api/12/security/?sentry_key=ee6e2e7c537a43c695b2954fed906fc6 1
frame-ancestors 'self';block-all-mixed-content;default-src 'self';script-src 'unsafe-eval' 'self' 'report-sample' 'unsafe-inline' unpkg.com cdn.jsdelivr.net code.jquery.com cdnjs.cloudflare.com cdn.datatables.net kit.fontawesome.com momentjs.com www.gstatic.com;style-src 'self' code.ionicframework.com 'report-sample' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com cdn.anychart.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net cdnjs.cloudflare.com;object-src 'self';frame-src 'self' pacs.parulsevashramhospital.com;child-src 'self';img-src 'self' data: aimieclouse.com cdn-icons-png.flaticon.com seeklogo.com fonts.gstatic.com tmhradio.s3.ap-south-1.amazonaws.com;font-src 'self' code.ionicframework.com data: ka-f.fontawesome.com fonts.googleapis.com fonts.gstatic.com cdn.jsdelivr.net;connect-src 'self' fcmregistrations.googleapis.com firebaseinstallations.googleapis.com ka-f.fontawesome.com fonts.googleapis.com fonts.gstatic.com;manifest-src 'self';base-uri 'self';form-action 'self' pacs.parulsevashramhospital.com;media-src 'self' tmhradio.s3.ap-south-1.amazonaws.com;worker-src 'self'; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; worker-src https: data: blob: 'self'; script-src https: data: 'self' 'unsafe-inline' 'unsafe-eval'; object-src https: 'self'; font-src https: data: 'self'; connect-src https: wss: 'self'; img-src blob: https: data: 'self'; media-src https: blob: 'self'; style-src https: 'unsafe-inline' 'self'; frame-src https: blob:; frame-ancestors 'self'; 1
base-uri 'self';form-action 'self' *.opayo.eu.elavon.com *.scrapcarformoney.co.uk;media-src 'self';object-src 'none';connect-src 'self' www.raw2k.co.uk wss://www.raw2k.co.uk www.google-analytics.com *.google-analytics.com *.analytics.google.com maps.gstatic.com maps.googleapis.com stats.g.doubleclick.net api.craftyclicks.co.uk *.hotjar.com *.addthis.com;img-src 'self' images.unsplash.com data: maps.gstatic.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net www.google.com cc-cdn.com *.carweb.com d9xkyfpjfebx7.cloudfront.net https://cdn.raw2k.co.uk;script-src-elem 'self' www.googletagmanager.com ssl.google-analytics.com www.google-analytics.com www.googleadservices.com maps.googleapis.com www.google.com cdn.mouseflow.com *.hotjar.com *.addthis.com *.addthisedge.com cc-cdn.com 'nonce-H5QgpbPgugvXuhT4RTlJjhNtSzoCRy1l';style-src 'self' 'unsafe-inline' fonts.googleapis.com cc-cdn.com;font-src 'self' fonts.gstatic.com data: 1
frame-ancestors 'self' http://s318850998.onlinehome.fr http://*.speedyrent.fr http://*.rentiles.fr https://*.rentiles.fr http://images.google.fr https://images.google.fr http://hotels.ile-delareunion.com http://www.ile-delareunion.com http://ile-delareunion.com https://www.ile-delareunion.com https://ile-delareunion.com http://www.hotels.ile-delareunion.com http://www.iledelareunion.net http://www.reunion-hebergements.com http://reunion-hebergements.com https://www.reunion-hebergements.com https://reunion-hebergements.com https://m.facebook.com  https://web.facebook.com https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://*.fbcdn.net http://www.kayak.fr http://kayak.fr https://www.kayak.fr https://kayak.fr https://www.antilleslocation.com 1
font-src *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com secure.ogone.com ogone.test.v-psp.com *.hipay.com *.hipay-tpp.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://vars.hotjar.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.hipay.com 'self' 'unsafe-inline'; img-src *.adobedtm.com *.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com  *.swagger.io *.bird.eu *.outbrain.com *.bing.com *.google-analytics.com *.paypal.com *.googleadservices.com/ *.paypalobjects.com www.facebook.com axeptio.imgix.net *.demdex.net *.magentocommerce.com *.rivagesdumonde.fr *.rivagesdumonde.be *.doubleclick.net *.google.com *.googletagmanager.com *.ytimg.com *.imgix.net *.facebook.net *.braintreegateway.com  *.cloudimg.io connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.outbrain.com *.bing.com *.google-analytics.com *.doubleclick.net connect.facebook.net *.cloudflare.com *.axept.io *.googletagmanager.com https://static.hotjar.com https://script.hotjar.com *.avada.io www.facebook.com graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com unpkg.com *.hipay.com *.cloudimg.io *.scaleflex.it 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.scaleflex.it *.fontawesome.com unsafe-inline assets.braintreegateway.com *.hipay.com *.cloudimg.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bing.com *.analytics.google.com *.hotjar.com wss://ws.hotjar.com *.hotjar.io connect.facebook.net *.outbrain.com adservice.google.com google.com *.google-analytics.com *.axept.io https://in.hotjar.com wss://ws17.hotjar.com/api/v2/client/ws https://ws17.hotjar.com https://get.geojs.io *.avada.io www.facebook.com graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.hipay.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://www.locize.app/ https://lead360.local.sonarhome.dev https://lead360.staging.sonarhome.dev https://lead360.sonarhome.pl https://lead360.sonarhome.hu https://lead360.sonarhome.ro 'self'; frame-src *; 1
script-src http: https: https://tiendanewsan.com.ar/ 'unsafe-inline' *.googletagmanager.com *.google-analytics.com; style-src 'self' blob: https: 'unsafe-inline' https://tiendanewsan.com.ar/; img-src data: http: https: *.googletagmanager.com *.google-analytics.com *.modo.com.ar; object-src 'none'; base-uri 'none'; child-src 'self'; worker-src 'self' blob: *.botmaker.com *.googleapis.com *.modo.com.ar; font-src 'self' fonts.gstatic.com *.modo.com.ar; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.botmaker.com *.google.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-4W8R7tv5rLQNxUqX6TwMTQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://*.biahosted.com https://*.safecharge.com https://*.paymentiq.io 1
upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'unsafe-inline' 'unsafe-eval' vitals.vercel-insights.com https: data: wss://*.qualified.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src https: wss://*.hotjar.com;       object-src 'none';       img-src 'self' data: https:;       font-src 'self' data: https://fonts.gstatic.com https://static.leadpages.net https://script.hotjar.com https://use.typekit.net;       script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.datadoghq-browser-agent.com https://players.brightcove.net https://cmp.osano.com https://hoddereducation.lpages.co/ https://hoddereducation.leadpages.co/ https://embed.lpcontent.net/ https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://static.hotjar.com https://static.doubleclick.net https://js.center.io https://script.hotjar.com https://*.hotjar.com;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.leadpages.net https://www.youtube.com https://static.hotjar.com https://script.hotjar.com https://use.typekit.net https://p.typekit.net;      worker-src 'self' data: blob: https:;      media-src data: blob: https:;      frame-ancestors 'self' https://ebooks.boost-learning.co.uk/; 1
default-src 'self'; child-src 'self' data: www.google.com *.soundcloud.com www.youtube.com; object-src 'self' *.soundcloud.com; font-src 'self' data: fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.googletagmanager.com connect.facebook.net www.gstatic.com www.google-analytics.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com; connect-src 'self' www.google-analytics.com; img-src 'self' www.google.sk www.facebook.com sk.wikipedia.org upload.wikimedia.org http://www1.teraz.sk http://images.swaton.sk http://vedanadosah.cvtisr.sk http://www.zivaspomienka.sk data: blob: csi.gstatic.com maps.gstatic.com maps.googleapis.com maps.google.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-eFQRSkRAeOlGITT1ahxBn3Utm' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
child-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net www.gstatic.com www.google.com ;connect-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net *.google-analytics.com noembed.com www.noembed.com cdn.plyr.io cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.doubleclick.net storage.googleapis.com event.talque.com lh3.googleusercontent.com *.googleadservices.com *.google.com *.itsa365.de *.mybeviale.com *.chillventa.de *.hubana.events *.embedded-world.de *.medteclive.com *.euroguss.de *.enforcetac.com *.fachpack.de *.frontale.de *.holz-handwerk.de *.nuernberg-convention.de *.perimeter-protection.de *.biofach.de *.vivaness.de *.interzoo.com *.biofach-japan.com *.galabau-messe.com *.consozial.de *.powtech-technopharm.com *.kommunale.de *.googlesyndication.com ;default-src 'self' *.azureedge.net ;font-src 'self' fonts.gstatic.com *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com map.interzoo.com map.fachpack.de map.itsa365.de map.chillventa.de map.galabau-messe.com map.consozial.de map.perimeter-protection.de map.iwa.info map.enforcetac.com map.powtech-technopharm.com map.kommunale.de map.berufsbildung-messe.de map.frontale.de map.euroguss.de map.holz-handwerk.de *.inforomap.de data: na11.de ;img-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net *.google.com *.google.de *.ads.linkedin.com *.linkedin.com *.linkedin.oribi.io snap.licdn.com static.ads-twitter.com analytics.twitter.com t.co www.googletagmanager.com analytics-udg.netdna-ssl.com code.s4d.io *.giphy.com *.clouddrive.com *.webexcontent.com data: blob: *.rackcdn.com data: blob: *.doubleclick.net connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com map.interzoo.com map.fachpack.de map.itsa365.de map.chillventa.de map.galabau-messe.com map.consozial.de map.perimeter-protection.de map.iwa.info map.enforcetac.com map.powtech-technopharm.com map.kommunale.de map.berufsbildung-messe.de map.frontale.de map.euroguss.de map.holz-handwerk.de *.inforomap.de data: na11.de ;media-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net *.azureedge.net storage.googleapis.com event.talque.com lh3.googleusercontent.com data: ;script-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.doubleclick.net cdn.plyr.io noembed.com www.noembed.com *.google.com *.google.de *.vimeocdn.com *.vimeo.com *.akamaized.net www.googletagmanager.com analytics-udg.netdna-ssl.com *.google-analytics.com cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-eval' *.googleadservices.com *.google.com static.ads-twitter.com analytics.twitter.com t.co snap.licdn.com 'unsafe-inline' www.gstatic.com www.google.com connect.facebook.net www.facebook.com storage.googleapis.com event.talque.com lh3.googleusercontent.com map.interzoo.com map.fachpack.de map.itsa365.de map.chillventa.de map.galabau-messe.com map.consozial.de map.perimeter-protection.de map.iwa.info map.enforcetac.com map.powtech-technopharm.com map.kommunale.de map.berufsbildung-messe.de map.frontale.de map.euroguss.de map.holz-handwerk.de *.inforomap.de data: na11.de ;style-src 'self' *.youtube.com *.ytimg.com *.youtube-nocookie.com *.googlevideo.com yt3.ggpht.com *.vimeocdn.com *.vimeo.com *.akamaized.net cdn.consentmanager.mgr.consensu.org consentmanager.mgr.consensu.org *.consentmanager.net *.azureedge.net 'unsafe-inline' storage.googleapis.com event.talque.com lh3.googleusercontent.com ; 1
frame-ancestors 'self', media-src 'self' https://code.jivosite.com https://www.mte-media.com https://nordfx.com https://nuode.me https://nuode.info/, object-src 'self' 1
img-src * data:; default-src * 'unsafe-inline' 'unsafe-eval'; object-src 'none'; frame-ancestors 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;media-src *;style-src 'unsafe-inline' 'unsafe-eval' *;img-src data: *;font-src data: *;connect-src *;frame-src * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://*.cloudflare.com https://*.facebook.net https://*.cookiebot.com https://stackpath.bootstrapcdn.com https://static.addtoany.com https://unes.intervieweb.it https://unpkg.com https://*.gigya.com https://*.us1.gigya.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.turboadv.com https://*.adnxs.com https://*.datafront.co https://*.easyrecrue.com https://*.tncid.app/ https://*.ilviaggiatorgoloso.it https://*.green-oasis.it https://*.adform.net https://*.salesforce.com https://*.salesforceliveagent.com https://*.force.com https://*.site.com https://acsbapp.com; frame-ancestors https://*.unes.it https://*.ilviaggiatorgoloso.it https://*.salesforce.com https://webplayer.appicalnow.com; 1
frame-ancestors 'self'  *.gator.com; 1
default-src  'self' data: *.pinimg.com *.postaffiliatepro.com partneri.affilmax.cz *.doubleclick.net *.facebook.net *.google-analytics.com *.biano.cz *.dognet.sk *.googlesyndication.com *.imedia.cz *.googletagmanager.com *.googleadservices.com ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.biano.cz *.biano.sk *.biano.hu ;connect-src  'self' *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.googleapis.com *.google-analytics.com *.googletagmanager.com *.zbozi.cz *.exchangeratesapi.io *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.seznam.cz *.facebook.com *.pinterest.com *.doubleclick.net https://*.clarity.ms partner-events.favi.cz partner-events.favi.sk partner-events.favi.hu t.targito.signal-nabytek.cz t.targito.sg-nabytek.cz t.targito.signal-nabytok.sk t.targito.sg-nabytok.sk t.targito.butor-signal.hu t.targito.sg-butor.hu *.clickcease.com *.targito.com *.googlesyndication.com https://saas.bianoapi.com bat.bing.com live.luigisbox.com api.luigisbox.com  https://*.api.rvndev.com https://*.api.raventic.ai https://*.api.raventic.dev https://api.raventic.dev ;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.imedia.cz *.facebook.net *.doubleclick.net *.rival.cz *.fg.cz *.3dliving.cz *.imedia.cz *.zbozi.cz *.exchangeratesapi.io *.facebook.com *.pingdom.net *.biano.cz *.biano.sk *.biano.hu *.bianopixel.com *.dognet.sk *.foxentry.cz *.googlesyndication.com *.pinimg.com *.pinterest.com partneri.affilmax.cz *.postaffiliatepro.com www.heureka.cz im9.cz cz.img9.cz *.glami.cz *.licdn.com *.linkedin.com tracking.srovname.cz https://*.clarity.ms partner-events.favicdn.net cdn.targito.signal-nabytek.cz cdn.targito.sg-nabytek.cz cdn.targito.signal-nabytok.sk cdn.targito.sg-nabytok.sk cdn.targito.butor-signal.hu cdn.targito.sg-butor.hu *.clickcease.com cdn.targito.com https://saas.bianoapi.com bat.bing.com scripts.luigisbox.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com ;frame-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;worker-src  'self' *.youtube.com *.iplatba.cz *.facebook.com *.imedia.cz *.zbozi.cz *.essox.cz *.foxentry.cz *.doubleclick.net *.googletagmanager.com *.google.com *.heureka.cz *.pinterest.com *.googlesyndication.com login.szn.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com *.googletagmanager.com *.google-analytics.com *.seznam.cz *.doubleclick.net *.google.com *.google.hu *.google.ae *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie *.google.com.ua *.imedia.cz *.facebook.com *.facebook.net *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.rival.cz *.vykupto.cz *.signal.pl *.zbozi.cz *.exchangeratesapi.io *.dognet.sk *.foxentry.cz *.pinimg.com *.pinterest.com *.biano.cz *.biano.sk *.biano.hu *.heureka.cz *.heureka.sk im9.cz *.glami.cz *.googleadservices.com https://*.clarity.ms bat.bing.com *.favionline.com *.bing.com cdn.targito.com https://i.cdn.rvndev.com https://i.rvndn.com ;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.seznam.cz *.google.com *.gstatic.com *.fg.cz *.3dliving.cz *.signal-nabytek.cz *.sg-nabytek.cz *.signal-nabytok.sk *.sg-nabytok.sk *.sg-butor.hu *.zbozi.cz *.exchangeratesapi.io *.foxentry.cz cdn.targito.com https://saas.bianoapi.com cdn.luigisbox.com https://sdk.cdn.rvndev.com https://sdk.rvndn.com ;object-src  'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; img-src 'self' data: https://api.stand.fail https://stand.fail https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://www.facebook.com https://s-static.ak.facebook.com https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.giphy.com https://t.me https://*.telegram-cdn.org https://*.cdn-telegram.org https://*.userapi.com https://*.googleusercontent.com https://*.fbcdn.net https://*.fbsbx.com https://avatars.mds.yandex.net https://flagcdn.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.intercomassets.eu https://*.intercomassets.com https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://tra.cker.club; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com; frame-src https://widget.onramper.com https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://maps.googleapis.com https://www.facebook.com https://s-static.ak.facebook.com https://www.youtube.com https://intercom-sheets.com https://intercom.help; frame-ancestors 'self' https://app.utorg.pro; connect-src 'self' data: wss://stand.fail/api/ws https://stand.fail https://*.giphy.com https://*.ingest.sentry.io https://mc.yandex.ru https://mc.yandex.com https://www.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.ru https://www.google.de https://www.google.com.ua https://www.google.am https://www.google.bg https://www.google.com.br https://www.google.kg https://www.google.kz https://www.google.md https://www.google.pl https://www.google.pt https://www.google.co.uz https://fonts.googleapis.com https://fonts.gstatic.com https://connect.facebook.net https://avatars.steamstatic.com https://steamcdn-a.akamaihd.net https://steamcommunity-a.akamaihd.net https://cdn.cloudflare.steamstatic.com https://cdn.akamai.steamstatic.com https://*.ingest.sentry.io https://*.hotjar.com https://*.hotjar.io https://*.intercom.io wss://*.intercom.io wss://*.hotjar.com https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://tra.cker.club; object-src 'none'; 1
default-src 'self'; img-src 'self' https://chainode.tech https://www.stakingrewards.com/ https://storage.googleapis.com/; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/; object-src 'none'; 1
frame-ancestors *.detik.com *.cnnindonesia.com *.cnbcindonesia.com *.haibunda.com *.insertlive.com *.beautynesia.id *.cxomedia.id *.detiknetwork.com *.transentertainment.com *.redsys.es 1
frame-ancestors 'self' teams.microsoft.com; script-src 'self' cdn.rudderlabs.com js.stripe.com/v3 1
frame-ancestros ‘self’ 1
base-uri 'self'; object-src 'none'; script-src 'strict-dynamic' 'unsafe-inline' https: http: 'nonce-sJXSq2Isi903wqJMwEIDxw97w3KEUu' 'unsafe-eval'; report-uri https://csp.withgoogle.com/csp/devsite/v2 1
upgrade-insecure-requests; object-src 'none'; frame-src 'self' https://www.sparkcognition.com https://boards.greenhouse.io https://vars.hotjar.com https://www.youtube.com https://app.hubspot.com https://stats.g.doubleclick.net https://td.doubleclick.net https://play.vidyard.com https://www.google.com https://forms.hsforms.com https://storage.googleapis.com; img-src data: https://www.sparkcognition.com https://w3.org/svg/2000 'self' https://us-u.openx.net https://a.omappapi.com https://stags.bluekai.com https://stags.bluekai.com https://c.clarity.ms https://play.vidyard.com https://www.googletagmanager.com https://cdn.vidyard.com https://dpm.demdex.net https://content.cdntwrk.com https://media.giphy.com/ https://aorta.clickagy.com https://forms.hsforms.com https://px.ads.linkedin.com https://www.linkedin.com https://secure.gravatar.com https://googleads.g.doubleclick.net https://google.com https://www.google.nl https://bat.bing.com https://px4.ads.linkedin.com https://stags.bluekai.com https://match.prod.bidr.io https://id.rlcdn.com https://track.hubspot.com https://www.google.com https://p.adsymptotic.com/ https://segments.company-target.com https://www.google-analytics.com; connect-src 'self' https://px.ads.linkedin.com/ https://cdn.linkedin.oribi.io https://a.clarity.ms https://b.clarity.ms https://i.clarity.ms https://region1.analytics.google.com https://vc.hotjar.io https://e.clarity.ms https://j.clarity.ms https://m.clarity.ms https://l.clarity.ms https://adservice.google.com https://forms.hscollectedforms.net https://hubspot-forms-static-embed.s3.amazonaws.com https://js.zi-scripts.com wss://ws7.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws16.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws27.hotjar.com wss://wsp27.hotjar.com https://ws7.hotjar.com https://ws12.hotjar.com https://ws13.hotjar.com https://ws16.hotjar.com https://ws18.hotjar.com https://ws19.hotjar.com https://ws22.hotjar.com https://ws23.hotjar.com wss://ws.hotjar.com/api/v2/client/ws https://ws27.hotjar.com https://forms.hsforms.com https://api.hubspot.com https://api.hubapi.com https://forms.hubspot.com https://a.omappapi.com https://z.omappapi.com https://www.googleanalytics.com https://analytics.google.com https://aorta.clickagy.com https://hemsync.clickagy.com https://www.google-analytics.com https://api.omappapi.com https://api.company-target.com https://f.clarity.ms https://h.clarity.ms https://stats.g.doubleclick.net https://in.hotjar.com https://bam.nr-data.net https://ws16.hotjar.com https://content.hotjar.io https://ws.zoominfo.com; media-src 'self' https://storage.googleapis.com; 1
default-src 'self'; frame-src 'self' www.google.com www.gstatic.com; form-action 'self'; object-src 'none'; base-uri 'self'; style-src 'self'; connect-src 'self'; script-src 'nonce-SweXhI2iosDR' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://www.youtube.com/iframe_api https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com code.jquery.com https://www.googletagmanager.com https://www.tagmanager.google.com https://player.vimeo.com/video/334043103 https://offers.cbhs.com.au/ https://*.abtasty.com/ https://ad.doubleclick.net/ https://secure.adnxs.com https://acdn.adnxs.com/dmp/up/pixie.js https://www.googletagservices.com/ https://websites.cdn.getfeedback.com/embed/sYWuqaB7LH/gf.js https://www.getfeedback.com/e/R3BSQ3B0 https://cdn.botframework.com/botframework-webchat/4.13.0/webchat.js https://chatbot.cbhs.com.au/api/directlinetoken https://snap.licdn.com/li.lms-analytics/insight.min.js https://pagead2.googlesyndication.com/pagead/js/r20220425/r20110914/elements/html/omrhp.js https://px.ads.linkedin.com/collect https://sslwidget.criteo.com https://gum.criteo.com *.callrail.com https://pg.feroot.com/v1/bundle/27b8acf8-cfb8-4bae-ae68-daefc4dc31ba 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://www.googletagmanager.com https://offers.cbhs.com.au/ https://*.abtasty.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://*.abtasty.com/ https://www.google.com/ads/ga-audiences https://www.google.com.au/ads/ga-audiences https://*.doubleclick.net https://px.ads.linkedin.com/collect https://ib.adnxs.com/ https://visitor.omnitagjs.com/ https://exchange.mediavine.com/ https://sync-t1.taboola.com/ https://sync-criteo.ads.yieldmo.com/ https://criteo-sync.teads.tv/ https://sync.outbrain.com/ ad.360yield.com ad.yieldlab.net ade.clmbtech.com adgen.socdm.com ads.stickyadstv.com adx.dable.io c.bing.com contextual.media.net cs.adingo.jp *.criteo.com eb2.3lift.com idsync.rlcdn.com ih.adscale.de match.sharethrough.com pixel.rubiconproject.com r.casalemedia.com rtb-csync.smartadserver s.ad.smaato simage2.pubmatic.com sync.aralego.com tg.socdm.com ups.analytics.yahoo x.bidswitch.net p.adsymptotic.com s.ad.smaato.net rtb-csync.smartadserver.com ups.analytics.yahoo.com tags.bluekai.com beacon.krxd.net cdn.aralego.net cotads.adscale.de usersync.octillion.tv 'self' *.google-analytics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.abtasty.com/; frame-src https://www.nab.com.au https://www.healthshare.com.au https://test.salesforce.com https://www.youtube.com https://cbhs--sit.my.salesforce.com https://www.whitecoat.com.au https://www.ahsa.com.au https://cbhs--uat.my.salesforce.com https://cbhs--uat.cs137.my.salesforce.com https://webto.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8 https://webto.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8 https://www.googletagmanager.com https://www.tagmanager.google.com https://player.vimeo.com https://offers.cbhs.com.au/ https://members.cbhs.com.au/ https://uat.cbhs.com.au/ https://*.doubleclick.net/ https://www.getfeedback.com/* https://www.getfeedback.com/e/* https://www.getfeedback.com/e/bHmYasx3?gf_embed_origin=https%3A%2F%2Fdfs4.cbhs.com.au&gf_multichannel_embed=true&webpage_url=https%3A%2F%2Fdfs4.cbhs.com.au%2Fproduct-results https://www.getfeedback.com/e/R3BSQ3B0 https://*.abtasty.com/ https://chatbot.cbhs.com.au/api/directlinetoken https://gum.criteo.com 'self' web-chat.nativechat.com; connect-src accounts.google.com https://analytics.google.com *.mktoresp.com https://health.cbhs.website:80/I3Root/Server1/websvcs/serverConfiguration https://health.cbhs.website:80/I3Root/Server2/websvcs/serverConfiguration https://ictest.cbhs.com.au/CBHS-ICTEST/ https://www.googletagmanager.com https://offers.cbhs.com.au/77e33a2c4e0120e82889698a199cd1bc.js https://*.abtasty.com/ https://googleads4.g.doubleclick.net/ https://*.doubleclick.net https://www.google-analytics.com https://cgrp-carey-appservice.azurewebsites.net https://cdn.botframework.com/botframework-webchat/4.13.0/webchat.js *.botframework.com/v3/directline/conversations* wss://directline.botframework.com https://directline.botframework.com https://chatbot.cbhs.com.au/api/directlinetoken https://dis.criteo.com/ https://visitor-fra02.omnitagjs.com/ https://gum.criteo.com/ https://pagead2.googlesyndication.com/pagead/js/r20220728/r20110914/elements/html/omrhp.js https://*.callrail.com https://pageguard.feroot.com/v1/27b8acf8-cfb8-4bae-ae68-daefc4dc31ba/collect 'self' *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.cbhs.com.au/ https://*.abtasty.com/ https://chatbot.cbhs.com.au/api/directlinetoken 'self' web-chat.nativechat.com 1
default-src *; style-src * 'unsafe-inline'; script-src 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com  1
frame-ancestors 'self' https://*.zirmed.com 1
default-src;img-src 'self' *.commercecloud.salesforce.com data: images.ctfassets.net dummyimage.com placehold.co media.giphy.com *.mnpcdn.ae *.atgcdn.ae https: *.googleapis.com cdn.jsdelivr.net;script-src 'self' 'unsafe-eval' 'unsafe-inline' storage.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.googletagmanager.com https://maps.google.com/* https://maps.googleapis.com/* https: *.googleapis.com https://checkout.tabby.ai/* https://cdn.tamara.co cdnjs.cloudflare.com;connect-src 'self' api.cquotient.com beta-kreacher.gap.ae *.commercecloud.salesforce.com *.googletagmanager.com/ https: *.googleapis.com;frame-src 'self' *.vimeo.com www.google.com/recaptcha/ https://checkout.tabby.ai/ https://cdn.tamara.co/;manifest-src 'self';upgrade-insecure-requests;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
font-src www.rockford.edu fonts.gstatic.com use.typekit.net; object-src 'none'; base-uri 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.rockford.edu https://bbox.blackbaudhosting.com/webforms/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://uchat.co/ ajax.googleapis.com/ajax/libs/jquery/1.10.2/ https://www.googletagmanager.com/ https://js-agent.newrelic.com/ 1
child-src 'self' *.dig.corp.edp.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; frame-src 'self' dokumfe7mps0i.cloudfront.net *.dig.corp.edp.com *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es 11667845.fls.doubleclick.net td.doubleclick.net; object-src 'self'; script-src * 'strict-dynamic'; script-src-elem * 'sha256-AIXZdd0tlnj1E33v7n2k92nPZshQHZTexb8zrH2BY4c=' 'sha256-iqOPaRlwwgtNy7J3vh/+LSW9/QVdN+Fl+YfMS8+GcPo=' 'sha256-c1h5EJhKfNAALO0EEby00dsPztD8r4X1eQcIoZ+6K3M=' 'sha256-LkV8EXXUuqyqcrjKd/zdQjdO0HC4RUmFOR13wcYyMs4=' 'sha256-FlT1/1kcvu2IUmN3tWgnYnDGi0/CRxi2xHhdayXlFBU=' 'sha256-YlTS9pgQRMg5veOeUh93B8siqn75Xyrunh0Y98Gfgss='; base-uri 'self'; frame-ancestors 'self' *.microsoft.com *.microsoftonline.com *.windows.net *.office.com *.bol.pt *.vimeo.com *.cookielaw.org *.recaptcha.net *.bandcamp.com *.soundcloud.com *.google.com *.sites.edp.com *.siteimprove.net *.siteimprove.com *.workplace.com *.intras.edp.com *.microsoftstream.com *.edp.pt *.edp.com *.edpr.com *.dig.corp.edp.com *.youtube.com *.youtube-nocookie.com *.eurolandir.com *.mailjet.com *.media-server.com *.wufoo.com edp.teto.pt *.spotify.com ir2.flife.de ir.tools.investis.com sdk.companywebcast.com *.edpon.livextend.cloud *.powerbi.com *.suratica.es; report-uri https://www.edpr.com/en/report-uri/enforce; upgrade-insecure-requests 1
default-src 'self' 'unsafe-eval'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.itzbund.de *.googleapis.com *.google.com *.gstatic.com www.youtube.com *.vimeo.com *.ytimg.com piwik.itzbund.de; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.vimeo.com *.youtube.com; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com vimeo.com *.3qsdn.com *.director.events; img-src 'self' blob: data: *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.openstreetmap.org piwik.itzbund.de; connect-src 'self' *.itzbund.de; frame-ancestors 'self'; worker-src 'self'; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-tresemme.com https://shop-id-tresemme.com/; 1
frame-ancestors 'self' https://bsd.instructure.com; 1
frame-src *.google.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net; 1
default-src 'self';  connect-src *; font-src * 'unsafe-inline' 'unsafe-eval'; frame-src *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 'unsafe-eval'; object-src 'self'; 1
default-src 'self'; font-src 'self' use.typekit.net https://fonts.gstatic.com/ https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src * data: blob:; connect-src 'self' https://sportsbook.mintdice.com wss://sportsbook.mintdice.com wss://server.mintdice.com https://auth.mintdice.com https://background.mintdice.com https://bitrocket.mintdice.com https://server.mintdice.com https://www.mintdice.com https://mintdice.directus.app https://*.google-analytics.com https://www.google.tagmanager.com https://*.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io wss://nexus-europe-websocket.intercom.io  wss://nexus-australia-websocket.intercom.io  https://uploads.intercomcdn.com https://uploads.intercomcdn.eu  https://uploads.au.intercomcdn.com  https://uploads.intercomusercontent.com vitals.vercel-insights.com https://blockchain.info https://cdn.softswiss.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com/ stackpath.bootstrapcdn.com/ https://www.gstatic.com/recaptcha/ *.cloudfront.net https://www.google.com/recaptcha/ https://*.googletagmanager.com https://*.google-analytics.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://casino.cur.a8r.games/public/sg.js; style-src 'self' use.typekit.net/ p.typekit.net 'unsafe-inline' https://fonts.googleapis.com; media-src 'self' data: https://js.intercomcdn.com; worker-src 'self'; frame-src 'self' data: blob: https://sportsbook.mintdice.com https://www.google.com/recaptcha/ https://int.bgaming-system.com/ https://provider.int.a8r.games/ https://bgaming-network.com/ https://licensing.gaming-curacao.com/ https://player.vimeo.com https://www.youtube.com https://youtube.com; frame-ancestors 'self' 1
frame-ancestors 'self' https://*.xibo.org.uk https://*.xibosignage.com 1
default-src 'none' ; base-uri 'none' ; script-src 'self' https://www-powermapper-com.azureedge.net https://code.jquery.com https://cdn.matomo.cloud/powermapper.matomo.cloud/matomo.js 'sha256-wnAo7QxNEX0vkezmzajqqwoNj+0LfIUzBPKaeR6sG7M=' https://www.googletagmanager.com 'sha256-MHL9GoXatLo0I81zn6Q4vYMRQxuaeGp+cn/5JDA5CdE=' ; img-src 'self' data: https://www-powermapper-com.azureedge.net https://try.powermapper.com https://maps.google.com *.analytics.google.com *.google-analytics.com www.googletagmanager.com ; style-src 'self' https://www-powermapper-com.azureedge.net https://fonts.googleapis.com 'sha256-x78P3cfcD1ce7ZwDmidRkJECJaHuC+aeYPT7QDSM5BY=' ; frame-src https://download.powermapper.com https://www.google.com https://secure-stats.pingdom.com ; frame-ancestors 'self' ; connect-src https://order.powermapper.com *.analytics.google.com *.google-analytics.com https://powermapper.matomo.cloud ; object-src 'self' ; form-action 'self' https://try.powermapper.com ; font-src https://fonts.gstatic.com ; report-uri https://ttu5kx1j.uriports.com/reports ; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://www.comparabanques.fr/report-uri/enforce 1
worker-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://gtmadapter-node-cbjg5cz5hq-ew.a.run.app https://analytics.tiktok.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://optimize.google.com https://connect.facebook.net www.google-analytics.com https://www.googletagmanager.com https://chimpstatic.com https://dt.hybridmarketeer.com https://connect.facebook.net https://consent.cookiebot.com https://static.hotjar.com https://ssl.google-analytics.com https://js-agent.newrelic.com https://consentcdn.cookiebot.com tr.datatrics.com https://bam.nr-data.net https://script.hotjar.com https://assets.datatrics.com https://ssl.google-analytics.com *.ubembed.com *.googleapis.com https://www.googleadservices.com https://platform.twitter.com *.visualwebsiteoptimizer.com *.youtube.com *.ytimg.com *.getsitecontrol.com https://snap.licdn.com https://code.jquery.com https://cdn.jsdelivr.net/npm/jquery-validation@1.17.0/dist/jquery.validate.min.js https://cdn.jsdelivr.net/jquery.validation/1.15.1/jquery.validate.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js *.tradetracker.net; report-uri https://www.pelckmans.be/csp-reporting.php 1
form-action 'self'; *.idfraudsolutions.com *.ww2.idfraudsolutions.com 1
frame-ancestors 'self' 		https://*.asmark.org 		https://*.signnow.com ; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.voyages.com.au/report-uri/enforce 1
frame-ancestors 'self';  default-src 'self' mail.edu.tw  ;  script-src 'self' 'unsafe-eval' 'unsafe-inline' mail.edu.tw  ;  connect-src 'self' mail.edu.tw  ;  frame-src mail.edu.tw  ;  font-src * data:;  img-src * data:;  style-src * 'unsafe-inline'; 1
default-src 'self' blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typekit.net *.episerver.net zefzhat.appspot.com www.googletagmanager.com *.googletagmanager.com tagmanager.google.com *.hotjar.com *.hotjar.io *.google-analytics.com analytics.google.com code.jquery.com az416426.vo.msecnd.net dc.services.visualstudio.com netdna.bootstrapcdn.com pi.pardot.com syndication.twitter.com sjs.bizographics.com connect.facebook.net stats.livezhat.com *.ads.linkedin.com www.linkedin.com s.ytimg.com *.googleapis.com googleapis.com api.siteattention.com www.googleadservices.com cdn.syndication.twimg.com flockler.com embed-cdn.flockler.com static.flockler.com fl-cdn.scdn1.secure.raxcdn.com cdn.datatables.net *.licdn.com www.youtube.com gateway.zscloud.net viewer.blipstar.com static.handpickedcherries.com maxcdn.bootstrapcdn.com rules.quantcount.com secure.quantserve.com apps.myzef.com tools.eurolandir.com webcc.sonera.fi stackpath.bootstrapcdn.com cdn.datatables.net cdnjs.cloudflare.com api.ipify.org munchkin.marketo.net googleads.g.doubleclick.net eu1.snoobi.com ethn.io siteimproveanalytics.com www.google.com www.gstatic.com *.giosgusercontent.com optimize.google.com *.lfeeder.com *.leadfeeder.com code.createjs.com www.gstatic.com *.vimeo.com go.upmspecialtypapers.com upm.leadfamly.com hm.baidu.com *.giosg.com t.lianacem.com static.ws.apsis.one static.ws-apac.apsis.one s3.amazonaws.com/beacon.pmmimediagroup.com/ static.ads-twitter.com js.monitor.azure.com ccchat-fi.telia.ee googleads.g.doubleclick.net static.baufragen.de service.giosg.com analytics.google.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; font-src 'self' data: *.typekit.net storage.googleapis.com netdna.bootstrapcdn.com i.s-microsoft.com upmapi.portal.azure-api.net *.hotjar.com *.hotjar.io css.zohostatic.com cdnjs.cloudflare.com use.fontawesome.com *.giosg.com *.giosgusercontent.com googleapis.com ccchat-fi.telia.ee *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; img-src 'self' data: blob: about: *.typekit.net livezhat.zef.fi *.hotjar.com *.hotjar.io *.google-analytics.com *.analytics.google.com www.upmbiofore.fi pbs.twimg.com secure.adnxs.com www.upmbiofore.com *.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se www.google.com www.google.co.uk www.google.fi www.google.dk www.google.de www.google.at www.google.pl www.google.ru www.google.se *.googleapis.com googleapis.com maps.gstatic.com www.gstatic.com www.facebook.com static.flockler.com flockler.com hm.baidu.com img.youtube.com cdn.datatables.net s3.amazonaws.com www.googletagmanager.com *.googletagmanager.com ssl.gstatic.com hugin.info graph.facebook.com scontent.xx.fbcdn.net pixel.quantserve.com i.ytimg.com *.episerver.net cdn2.siteattention.com  amplifypixel.outbrain.com *.ads.linkedin.com ad.doubleclick.net adservice.google.com.hk www.linkedin.com 6049499.global.siteimproveanalytics.io assets.upm.com eu1.snoobi.com ml-eu.globenewswire.com gateway.zscloud.net *.lfeeder.com *.leadfeeder.com go.upmspecialtypapers.com p.adsymptotic.com upm.leadfamly.com *.fbcdn.net *.flockler.com scontent.cdninstagram.com *.giosgusercontent.com *.giosg.com analytics.twitter.com t.co ccchat-fi.telia.ee giosg-chat-public-eu.s3.amazonaws.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; connect-src 'self' *.hotjar.com *.hotjar.io www.upmbiofore.com dc.services.visualstudio.com api.siteattention.com *.google.com *.google.co.uk *.google.fi *.google.dk *.google.de *.google.at *.google.pl *.google.ru *.google.se *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net stats.g.doubleclick.net upm-prod.taiste.fi translate.googleapis.com hm.baidu.com api.mapbox.com a.tiles.mapbox.com b.tiles.mapbox.com wss://*.hotjar.com restdev.siteattention.com *.mktoresp.com events.mapbox.com *.facebook.com *.typekit.net *.giosgusercontent.com *.giosg.com prospector.pmmimediagroup.com audience.ws.apsis.one t.lianacem.com googleapis.com maps.googleapis.com cdn.linkedin.oribi.io analytics.twitter.com wss://ccchat-fi.telia.ee ccchat-fi.telia.ee wss://www.upmprofi.com service.giosg.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; style-src 'self' 'unsafe-inline' livezhat.zef.fi netdna.bootstrapcdn.com static.flockler.com googleapis.com maxcdn.bootstrapcdn.com translate.googleapis.com cdnjs.cloudflare.com *.episerver.net tagmanager.google.com use.fontawesome.com stackpath.bootstrapcdn.com cdn.datatables.net optimize.google.com *.giosg.com *.giosgusercontent.com ccchat-fi.telia.ee static.baufragen.de service.giosg.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-src 'self' data: *.doubleclick.net www.facebook.com connect.facebook.net www.google.com go.pardot.com www.youtube.com *.hotjar.com *.hotjar.io www.ciuvo.com www.googletagmanager.com tagmanager.google.com viewer.blipstar.com apps.myzef.com gamma.euroland.com tools.euroland.com tagmanager.google.com pr.globenewswire.com *.youku.com *.vimeo.com *.metsasoppi.com *.arbonaut.com optimize.google.com ethn.io web.microsoftstream.com *.giosgusercontent.com *.giosg.com go.upmspecialtypapers.com open.spotify.com upm.leadfamly.com form.apsis.one player.simplecast.com v.qq.com selectscience.net googleapis.com www.baufragen.de *.clients.giosgusercontent.com service.giosg.com *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; frame-ancestors 'self' *.upm.com *.upm.uy *.upmbiochemicals.com *.upmbiofuels.com *.upmbiomedicals.com *.upmbonvesta.fi *.upmcargohandling.com *.upmchina.com *.upmenergy.com *.upmformi.com *.upmgrada.com *.upmkiinteistot.fi *.upmmetsa.fi *.upmnachhaltigerzellstoff.de *.upmpaper.com *.upmprofi.com *.upmpulp.com *.upmraflatac.com *.upmraumacell.com *.upmsilvesta.fi *.upmspecialtypapers.com *.upmtimber.com *.upmyhteismetsa.fi *.wisaplywood.com *.solitaonline.fi *.upm.live *.beyondspot.com *.globalnotes.com *.printinform.com; upgrade-insecure-requests; report-uri https://upmcms.report-uri.com/r/d/csp/enforce 1
report-uri https://dcri.org 1
default-src 'self'; base-uri 'self'; child-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self'; img-src 'self' data:; manifest-src 'self' data:; object-src 'self'; script-src-elem 'self'; style-src 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: secure.statcounter.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com; img-src 'self' data: http: https: *.gravatar.com; connect-src 'self'; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; media-src 'self' 1
base-uri 'self';child-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com;connect-src 'self' https://geo.yahoo.com https://pr.comet.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://ws.progrss.yahoo.com https://udc.yahoo.com https://jsapi.login.yahoo.com https://www.yahoo.com https://guce.yahoo.com/ https://ups.analytics.yahoo.com https://api.taboola.com/1.2/json/taboola-usersync/user.sync;default-src 'self' https://s.yimg.com https://s1.yimg.com https://login.yahoo.net;font-src https://s.yimg.com https://s1.yimg.com;frame-src 'self' https://login.yahoo.net https://s.yimg.com https://s1.yimg.com https://gpt.mail.yahoo.net/sandbox https://guce.oath.com/ https://opus.analytics.yahoo.com https://tsdtocl.com/ https://pfs.yahoo.com;img-src 'self' data: https://yahoo.com https://ct.yimg.com https://s.yimg.com https://s1.yimg.com https://tw.yimg.com https://geo.yahoo.com https://socialprofiles.zenfs.com https://*.wc.yahoodns.net https://beap-bc.yahoo.com https://ws.progrss.yahoo.com https://log.fc.yahoo.com https://backyard.yahoo.com https://*.ah.yahoo.com https://pr-bh.ybp.yahoo.com https://fbcdn.net https://scontent.xx.fbcdn.net https://z-m-scontent.xx.fbcdn.net https://graph.facebook.com https://data.mail.yahoo.com https://platform-lookaside.fbsbx.com https://www.yahoo.com;media-src https://*.ah.yahoo.com https://s.yimg.com;object-src 'none';report-uri https://csp.yahoo.com/beacon/csp?src=mbr_account;script-src 'unsafe-inline' 'self' https://s.yimg.com https://s1.yimg.com https://query.yahoo.com https://*.query.yahoo.com https://y.analytics.yahoo.com https://jsapi.login.yahoo.com https://fc.yahoo.com https://e2e.fc.yahoo.com https://pr.comet.yahoo.com https://server-dev.comet.yahoo.com https://server.comet.yahoo.com https://opus.analytics.yahoo.com/tag/opus.js https://consent.cmp.oath.com/cmp.js https://search.yahoo.com https://*.search.yahoo.com 'nonce-HgGhwoemmaqw/DxBjlYM4JXX46vlZHsodXhtpu1F3Ho0pC4v' ;style-src * 'unsafe-inline' 1
default-src 'self' cdn.polyfill.io static.ads-twitter.com www.gstatic.com mailingflow.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net www.google.com.ua s3.eu-central-1.amazonaws.com  www.google.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com *.hotjar.com *.hotjar.io www.googleadservices.com trackdateflow.com https://tagmanager.google.com blob:; img-src * https://optimize.google.com https://ssl.gstatic.com https://www.gstatic.com  data: * blob: https://amourlee.com ; style-src 'self' 'unsafe-inline' https://imgsourcechain.com  maxcdn.bootstrapcdn.com unpkg.com https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com; font-src 'self' https://imgsourcechain.com  https://script.hotjar.com https://fonts.gstatic.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com data:;connect-src * blob:;media-src * blob: data:;script-src 'self' 'unsafe-eval' https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/index.min.js https://imgsourcechain.com https://amplify.outbrain.com https://tr.outbrain.com https://wave.outbrain.com https://cdn.taboola.com https://trc.taboola.com https://a.mgid.com https://tr.snapchat.com https://pay.google.com https://cdn.seondf.com https://accounts.google.com https://*.clarity.ms https://analytics.tiktok.com https://sc-static.net cdn.polyfill.io static.ads-twitter.com www.gstatic.com mailingflow.com www.googletagmanager.com https://www.google-analytics.com stats.g.doubleclick.net www.google.com.ua s3.eu-central-1.amazonaws.com  www.google.com maxcdn.bootstrapcdn.com unpkg.com cdnjs.cloudflare.com *.hotjar.com *.hotjar.io www.googleadservices.com trackdateflow.com https://tagmanager.google.com https://optimize.google.com 'unsafe-inline' https://www.googletagmanager.com https://bat.bing.com https://www.googleoptimize.com https://s.yimg.com;frame-src https://pay.google.com https://content-people.googleapis.com https://content.googleapis.com https://accounts.google.com https://tr.snapchat.com https://www.google.com/ https://optimize.google.com https://vars.hotjar.com; 1
upgrade-insecure-requests; img-src 'self' data:; default-src blob: 'self' 'unsafe-eval' 'unsafe-inline' https://d3hb14vkzrxvla.cloudfront.net/ https://my.yoast.com https://beacon-v2.helpscout.net https://insiderdata360online.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.fontawesome.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://ws.sharethis.com https://ga.getresponse.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://crm.zoho.com https://c.sharethis.mgr.consensu.org https://l.sharethis.com https://ga.getresponse.com https://www.google.com https://analytics.google.com https://cdn.jsdelivr.net https://use.typekit.net https://fonts.googleapis.com/ https://stats.g.doubleclick.net https://p.typekit.net https://code.jquery.com https://www.gstatic.com https://player.vimeo.com http://www.w3.org https://www.youtube.com/ https://acsbapp.com/ https://licdn.com https://snap.licdn.com https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://extend.vimeocdn.com; 1
base-uri 'none';child-src 'none';connect-src 'self' vitals.vercel-insights.com status-page-omxr733bc-incident-io-team.vercel.app https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.co.uk https://*.g.doubleclick.net https://global.localizecdn.com https://app.localizejs.com;default-src 'self';font-src 'self';form-action 'self';frame-ancestors self;frame-src 'none';img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://global.localizecdn.com https://assets.localizecdn.com;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' 'unsafe-inline' https:;style-src 'self' 'unsafe-inline';worker-src 'self';report-uri https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8;report-to https://o494704.ingest.sentry.io/api/4504554480795648/security?security_key=5d578c0eb4bd4811adf4f2176db9a1c8; 1
frame-ancestors 'self' https://*.tdainstitutional.com 1
frame-ancestors 'self' https://*.etracker.com https://*.it-nr.de https://*.itk-rheinland.de https://*.duesseldorf.de 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nyi.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'  www.youtube.com www.youtube-nocookie.com; font-src 'self' data:; img-src 'self' pbs.twimg.com data:; media-src 'self' pb.twimg.com data:; frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://brands.town; img-src 'self' https: data: blob: https://brands.town; style-src 'self' https://brands.town 'nonce-aGFRbhoY85F1F2p62vlgQw=='; media-src 'self' https: data: https://brands.town; frame-src 'self' https:; manifest-src 'self' https://brands.town; form-action 'self'; child-src 'self' blob: https://brands.town; worker-src 'self' blob: https://brands.town; connect-src 'self' data: blob: https://brands.town https://brandstown.files.fedi.monster wss://brands.town; script-src 'self' https://brands.town 'wasm-unsafe-eval' 1
frame-src 'self' https://filmdb-showbiz.theboxofficecompany.net/ https://www.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://utils.mvtx.us/ insight.adsrvr.org; frame-ancestors 'self'  1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://acsbapp.com/apps/app/dist/js/app.js https://cdn.jsdelivr.net https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/gsap.min.js https://www.google.com/recaptcha/api.js https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://static.ads-twitter.com/uwt.js https://t.co https://analytics.twitter.com https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883150700/ https://player.vimeo.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com https://www.gstatic.com https://cookie-cdn.cookiepro.com https://acsbapp.com/apps/app/dist/js/app.js https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/gsap/3.11.3/ScrollToPlugin.min.js https://www.google.com/pagead/1p-user-list/10883150700 https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__en.js https://www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/gsap/3.9.1/gsap.min.js https://cookie-cdn.cookiepro.com/scripttemplates/otSDKStub.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10883150700/ https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://cookie-cdn.cookiepro.com/scripttemplates/202301.1.0/otBannerSdk.js https://*.mouseflow.com  https://www.googletagmanager https://*.facebook.net https://*.cookiepro.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.cookiepro.com https://www.google-analytics.com https://www.googletagmanager https://n2.mouseflow.com https://acsbapp.com/apps/app/dist/js/locale/en-loader.json https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://cdn.acsbapp.com https://cdn.acsbapp.com/config/desmoidtumors.com/config.json https://cdn.acsbapp.com/cache/app/wildcards.json; font-src 'self'  data: https://s0.wp.com https://fonts.gstatic.com ; frame-src 'self' blob: https://td.doubleclick.net https://11920246.fls.doubleclick.net https://www.google.com https://player.vimeo.com https://www.googletagmanager.com; img-src 'self' https://secure.gravatar.com https://t.co http://desmoidstage.wpengine.com/files https://analytics.twitter.com data: https://www.google.com/pagead/1p-user-list/10883150700/ https://*.cookiepro.com https://ad.doubleclick.net https://www.googletagmanager.com https://*.vimeocdn.com https://www.facebook.com https://*.facebook.com; manifest-src 'self'; media-src 'self'; report-uri https://65a04a88086f86bedad79dd3.endpoint.csper.io/?v=1; worker-src blob:; 1
frame-ancestors 'self' https://www.allsmart.gr/ https://asfaleiaautokinitou.gr/; 1
default-src https: blob:; connect-src https: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: rec.smartlook.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net cookies.praguebest.cz; style-src 'self' 'unsafe-inline' widget-v3.smartsuppcdn.com *.google.com fonts.googleapis.com ajax.googleapis.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net maxcdn.bootstrapcdn.com cdn.foxentry.cz *.mapy.cz cookies.praguebest.cz www.googletagmanager.com cdn.upsearch.cz cdn2.upsearch.cz; object-src 'self'; img-src 'self' https: data: https://www.google-analytics.com *.gstatic.com; font-src https: data: widget-v3.smartsuppcdn.com *.gstatic.com; frame-ancestors 'self' *.creativecdn.com *.hotjar.com *.googletagmanager.com; report-uri https://balshop.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self'; report-uri /csp-reports 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-eval' 'unsafe-inline' script.hotjar.com *.tealiumiq.com c.seznam.cz s2.adform.net track.adform.net www.googleadservices.com connect.facebook.net web-sdk.smartlook.com static.hotjar.com *.teads.tv googleads.g.doubleclick.net tag.aticdn.net www.googletagmanager.com maps.googleapis.com; script-src-elem 'self' data: blob: 'unsafe-inline' 'unsafe-eval' www.zbozi.cz script.hotjar.com swa.vodafone.cz visitor-service-eu-central-1.tealiumiq.com c.seznam.cz s2.adform.net track.adform.net www.googleadservices.com connect.facebook.net web-sdk.smartlook.com static.hotjar.com *.teads.tv www.vodafone.cz tags.tiqcdn.com googleads.g.doubleclick.net tag.aticdn.net www.googletagmanager.com maps.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' fonts.googleapis.com static.hotjar.com script.hotjar.com; object-src 'none'; base-uri 'self'; connect-src 'self' 'unsafe-eval' 'unsafe-inline' web-writer.eu.smartlook.cloud vodafonecz.demdex.net swa.vodafone.cz vodafonecz.tt.omtrdc.net mboxedge37.tt.omtrdc.net collect-eu-central-1.tealiumiq.com assets-proxy.smartlook.cloud manager.eu.smartlook.cloud *.teads.tv googleads.g.doubleclick.net stats.g.doubleclick.net region1.analytics.google.com ati.sazka.cz  www.google.com capi.sazkamobil.cz pagead2.googlesyndication.com region1.google-analytics.com sentry.cleverlance.com in.hotjar.com *.hotjar.io *.hotjar.com www.google.cz maps.googleapis.com www.googleapis.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' script.hotjar.com www.vodafone.cz td.doubleclick.net p.teads.tv fledge.teads.tv coverage-sazkamobil.position.cz vodafonecz.demdex.net www.youtube.com www.google.com; img-src 'self' data: res.cloudinary.com *.teads.tv static.hotjar.com script.hotjar.com www.facebook.com c.seznam.cz stats.g.doubleclick.net www.google.cz region1.analytics.google.com www.google.com cdn.sazkamobil.cz static.payu.com res.cloudinary.com maps.gstatic.com maps.googleapis.com *.openstreetmap.org; manifest-src 'self'; media-src 'self' res.cloudinary.com; worker-src 'none'; 1
frame-ancestors 'self' https://*.simspro.co.za 1
font-src https://use.fontawesome.com https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com *.cloudflare.com https://*.cloudfront.net https://www.gstatic.com https://api.systempay.fr/static/ *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://ogone.test.v-psp.com https://secure.ogone.com https://*.systempay.fr https://www.facebook.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net https://youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ https://*.google.com https://amc.demdex.net https://*.youtube.com https://www.youtube-nocookie.com https://*.ytimg.com https://youtu.be https://*.youtu.be https://*.youtube-nocookie.com https://youtube-nocookie.com https://player.vimeo.com https://*.a3web.fr https://*.flippingbook.com https://*.sendinblue.com https://in-automate.brevo.com/ https://*.facebook.com https://*.worldline-solutions.com https://*.brevo.com https://sibautomation.com https://*.fls.doubleclick.net https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/static/ payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://p.typekit.net https://*.a3web.fr https://amcglobal.sc.omtrdc.net https://cm.everesttech.net https://stats.g.doubleclick.net https://www.google.com https://www.google.fr https://*.ytimg.com https://ytimg.com https://*.youtube.com https://*.youtube-nocookie.com https://youtube-nocookie.com https://*.gstatic.com https://*.googleusercontent.com https://www.megadental.fr https://www.doctorstrong.fr https://www.arcade-dentaire.com https://www.arseus-lab.fr https://*.henryschein.fr https://*.flippingbook.com https://*.cloudfront.net *.cloudflare.com https://paiement.systempay.fr https://www.facebook.com https://retailer.commerce-connector.com https://googleads.g.doubleclick.net https://img.mailinblue.com *.bird.eu *.hsforms.net *.hsforms.com https://images.unsplash.com https://*.google.com https://*.googleapis.com https://paiement.systempay.fr/static/latest/images/type-carte/ https://api.systempay.fr/static/ https://paiement.systempay.fr/vads-payment/ 'self' data: data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://devdocs.magento.com https://www.megadental.fr https://www.doctorstrong.fr https://www.arcade-dentaire.com https://www.arseus-lab.fr https://*.henryschein.fr https://use.typekit.net https://p.typekit.net https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com https://*.googleapis.com https://www.youtube-nocookie.com https://*.facebook.net https://online.flippingbook.com https://*.cloudfront.net https://static.cloudflareinsights.com https://*.cloudflare.com https://in-automate.brevo.com/ https://*.newrelic.com https://*.nr-data.net https://conversations-widget.sendinblue.com https://*.brevo.com https://tag.beyable.com/ https://front.activation.beyable.com/ https://sibautomation.com/ https://payment.direct.worldline-solutions.com *.hsforms.net *.hsforms.com *.google.com https://*.gstatic.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.avada.io https://cdnjs.cloudflare.com *.gstatic.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://use.fontawesome.com https://*.gstatic.com https://tagmanager.google.com *.cloudflare.com https://*.cloudfront.net https://www.googletagmanager.com https://hcaptcha.com https://*.hcaptcha.com https://api.systempay.fr/static/ *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://performance.typekit.net https://devdocs.magento.com https://dpm.demdex.net https://www.googleapis.com https://www.google-analytics.com https://amcglobal.sc.omtrdc.net https://stats.g.doubleclick.net https://*.flippingbook.com *.cloudflare.com https://*.nr-data.net https://in-automate.brevo.com/ https://*.cloudfront.net https://img.mailinblue.com https://*.analytics.google.com https://*.worldline-solutions.com https://www.google.fr t.elasticsuite.io *.hsforms.net *.hsforms.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://get.geojs.io *.avada.io *.google-analytics.com payment.preprod.direct.worldline-solutions.com 'self' 'unsafe-inline'; child-src https://www.google.com http: https: blob: 'self' 'unsafe-inline'; default-src https://paiement.systempay.fr/vads-payment/ https://api.systempay.fr/api-payment/ https://api.systempay.fr/static/ *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://motekas.sharepoint.com ; 1
default-src 'self' blob: data: *.nympho.dk nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com mapsresources-pa.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com api.typeform.com embed.typeform.com form.typeform.com;script-src 'self' 'unsafe-eval' blob: 'nonce-muI50oO6s/6ndTdCSYZtag==' 'nonce-0RUHveJOVlbi1K21WyalIw==' 'nonce-gsBaYae9x0dIjIMAtuOQyg==' 'nonce-zA8BuVJVHqPQeH0w+dNZyg==' 'nonce-PZy81ng9lvvraQguf+3QXg==' 'nonce-srA03gDmKQ+f+dkYoXxu3Q==' 'nonce-SIOPozs1JPZezGwVKAsjfQ==' 'nonce-g/+gqLh3yeZgqinl3t5IoA==' 'nonce-sSxuHtQh9macoWGa4+H76A==' 'nonce-bFCFfhjg6/VGSC8dqdZipA==' 'nonce-QNTfLATu4DS8grhwqq4A/Q==' 'nonce-VBn8BUlf8cl44xF/a4N1mg==' *.nympho.dk nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com mapsresources-pa.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com api.typeform.com embed.typeform.com form.typeform.com;style-src 'self' 'unsafe-inline' *.nympho.dk nymphodk.ngrok.app fonts.googleapis.com maps.googleapis.com mapsresources-pa.googleapis.com fonts.gstatic.com googletagmanager.com www.googletagmanager.com region1.google-analytics.com region1.analytics.google.com analytics.google.com stats.g.doubleclick.net code.tidio.co widget-v4.tidiochat.com socket.tidio.co wss://socket.tidio.co metrics-collector.tidio.co cdn.tiny.cloud cdn.jsdelivr.net code.jquery.com polyfill.io widget.trustpilot.com api.typeform.com embed.typeform.com form.typeform.com;img-src 'self' data: *;frame-ancestors 'none'; 1
default-src http: https: data: 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://maps.gstatic.com https://*.mypurecloud.ie https://*.cloudfront.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.psylio.com psylio-staging-documents.s3.ca-central-1.amazonaws.com epsylio-production-documents.s3.ca-central-1.amazonaws.com dfjogbk1v3oj5.cloudfront.net d3oc56gtmg6tf0.cloudfront.net www.googletagmanager.com www.facebook.com *.facebook.net *.google.com *.gstatic.com *.googleapis.com *.google-analytics.com *.youtube.com *.stripe.com snap.licdn.com px.ads.linkedin.com cdn.linkedin.oribi.io cdn-cookieyes.com directory.cookieyes.com log.cookieyes.com consentlog.cookieyes.com crm.zohopublic.com data: blob:; base-uri 'none'; form-action 'self' crm.zoho.com *.psylio.com www.facebook.com; frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests 1
base-uri 'none'; object-src 'none'; script-src 'nonce-XAtUbI-Kfe7tjzKZEYrtS4NlI_HHvypUFt4Dq9wUkenK310FiFswwb2eaZOIkr_V' 'strict-dynamic' https: 'unsafe-inline' 'self' 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; 1
upgrade-insecure-requests; frame-src 'self' https://*.googleapis.com https://*.google.com https://www.youtube.com https://elektrika.tv https://*.elektrika.tv https://forms.office.com https://www.nelisa.com https://*.se.com https://selectandconfig-widget.schneider-electric.com https://*.publitas.com https://*.vypinac.cz https://nizke-napeti.cz.abb.com; frame-ancestors 'self' https://www.sonepar.cz https://punchoutcommerce.com https://*.zscloud.net https://*.sme.zscloud.net https://*.vpn.zscloud.net http://*.bt.bombardier.net https://*.ariba.com https://*.proactis.com https://*.hubwoo.com https://*.vypinac.cz; 1
frame-ancestors 'self' https://bodybuilding.gr http://bodybuilding.gr https://www.bodybuilding.gr http://www.bodybuilding.gr; 1
script-src 'self' *.topsource.in *.topsource.co.uk *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com vimeo.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com t0-flt.ssl.ak.dynamic.tiles.virtualearth.net fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com dev.virtualearth.net; frame-ancestors 'self'; connect-src 'self' vimeo.com *.vimeo.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com *.bing.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com google.com *.google.com *.bing.com bing.com 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.erinnvdesign.com https://www.darecinema.com https://www.creatorfoundry.com https://www.michaelshainblum.com https://www.pixelbubble.com https://www.williampatinophotography.com https://www.scottrobertlimphotography.com https://www.psdtool.com https://www.kelvindesigns.com https://www.chrisorwigtraining.com https://legacy.musiclyceum.com https://www.pixel-monkey.com https://psbrushes.kelvindesigns.com https://legacy.nucly.com https://www.productphotographytraining.com https://es.kelvindesigns.com https://www.learn-retouching.com https://login.photoshoptutorial.com https://www.mattgrangerphotography.com https://www.joelgrimes.com https://www.sharkpixel.com https://www.jerryghionis.com 1
default-src 'self' https://cdn.polyfill.io/ cdn.acsbapp.com stats.g.doubleclick.net www.google-analytics.com c.navu.app embed.navu.co analytics.google.com packages.umbraco.org our.umbraco.org wss://localhost:*/Contech/ app.navu.app c01.embed.navu.co forms.hsforms.com cdn.viglink.com dcn.acsbapp.com *.navu.co *.navu.app;script-src 'self' blob: *.navu.co *.navu.app *.clarity.ms *.webtraxs.com  www.google-analytics.com google-analytics.com www.googletagmanager.com ajax.googleapis.com unpkg.com ajax.aspnetcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net s7.addthis.com www-conteches-com.disqus.com js.hsforms.net acsbapp.com c.disquscdn.com use.fontawesome.com bat.bing.com *.privacymanager.io 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.linearicons.com *.navu.co *.navu.app 'unsafe-inline';connect-src *;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com cdn.linearicons.com *.googleapis.com;img-src * 'self' data:;frame-ancestors 'self' *.conteches.com www.youtube.com youtube.com youtu.be *.hsforms.com informedinfrastructure.com;frame-src 'self' *.conteches.com disqus.com players.brightcove.net www.youtube.com youtube.com *.navu.co player.flipsnack.com youtu.be informedinfrastructure.com parmonic.ai js.static.parmonic.ai app.navu.app *.hsforms.com 1
frame-ancestors https://www.sbmania.net https://sbmania.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' localhost local.host local.host:3000 192.168.40.155:3333 0.0.0.0:4001 localhost:4001 localhost:8888 127.0.0.1:8888 bankai-revolution.test *.immofinanz.test *.vivo-shopping.com *.vivo-shopping.test *.vivo-shopping.test *.immofinanz.test *.immofinanz.com *.oc-letnany.cz *.etargetnet.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.google.at *.bing.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.googleadservices.com *.facebook.com *.facebook.net *.fonts.net *.hotjar.com *.hotjar.io walls.io *.walls.io *.pushwoosh.com *.pracawcentrumhandlowym.pl cookiepro.com *.cookiepro.com *.pracavnakupnomcentre.sk cdn.polyfill.io cdnjs.cloudflare.com data: *.activehosted.com; frame-ancestors 'self' *.immofinanz.com local.host localhost *.immofinanz.test *.immofinanz.test *.vivo-shopping.test *.vivo-shopping.com *.vivo-shopping.test localhost:4050 *.pracawcentrumhandlowym.pl; 1
frame-ancestors 'self' http://admin-dev.aoncare-nextgen.aon.net/ https://admin-dev.aoncare-nextgen.aon.net/ http://admin-qa.aoncare-nextgen.aon.net/ https://admin-qa.aoncare-nextgen.aon.net/ http://admin-stg.paymentportal-nextgen-nz.aon.net/ http://admin-stg.aoncare-nextgen.aon.net/ https://admin-stg.aoncare-nextgen.aon.net/ http://admin.aoncare.aon.net/ https://admin.aoncare.aon.net/;default-src * data: blob: 'self';script-src *.google-analytics.com * 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://forms.studentatwork.be cloudbepfpub.vocalcom.services https://cdn.gcloud.belgium.be https://matomo.bosa.be squizlabs.github.io openfed.github.io https://*.googleapis.com https://www.youtube-nocookie.com https://youtube-nocookie.com; style-src 'self' 'unsafe-inline' https://cdn.gcloud.belgium.be openfed.github.io fonts.googleapis.com https://cloudbepfpub.vocalcom.services; form-action 'self' https://www.google.be; frame-src 'self' https://forms.studentatwork.be https://www.youtube-nocookie.com; 1
default-src 'self' data: blob:    https://dbildungscloud.de wss://dbildungscloud.de https://api.dbildungscloud.de https://scchat.dbildungscloud.de https://embed.dbildungscloud.de https://libreoffice.dbildungscloud.de https://oauth.dbildungscloud.de https://storage.dbildungscloud.de https://etherpad.dbildungscloud.de https://blog.niedersachsen.cloud https://blog.dbildungscloud.de https://docs.dbildungscloud.de https://sc-content-resources.schul-cloud.org https://sc-content-resources.hpi-schul-cloud.de https://open.hpi.de https://s3.hidrive.strato.com https://scalelite.bbb.messenger.schule  https://www10-fms.hpi.uni-potsdam.de https://blog.dbildungscloud.de https://s3.hidrive.strato.com https://cloud-instances.s3.hidrive.strato.com; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; frame-src 'self' https://libreoffice.dbildungscloud.de https://docs.dbildungscloud.de https://scchat.dbildungscloud.de; frame-ancestors 'self' https://apps.bettermarks.com; 1
default-src https:;connect-src https: wss:;font-src https: data:;frame-src https: twitter:;frame-ancestors https:;img-src https: data:;media-src https:;object-src https:;script-src 'unsafe-inline' 'unsafe-eval' https:;style-src 'unsafe-inline' https:; 1
connect-src *; frame-ancestors 'self'; form-action 'self' *.facebook.com; object-src *.googlesyndication.com; base-uri 'self' *.moatads.com; style-src 'self' 'report-sample' 'unsafe-inline' *.typekit.net *.google.com *.bing.com a.omappapi.com translate.googleapis.com www.gstatic.com www.googletagmanager.com; upgrade-insecure-requests; block-all-mixed-content; worker-src 'self' blob: www.google.com; 1
font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' tracking.paysera.com www.instagram.com https://optimize.google.com https://www.google.com/recaptcha/ https://www.youtube.com/embed/ http://e.issuu.com/; img-src 'self' data: *.paysera.com maps.googleapis.com *.gstatic.com https://www.google-analytics.com https://optimize.google.com; script-src 'self' maps.googleapis.com www.instagram.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://optimize.google.com 'unsafe-inline'; style-src 'self' fonts.googleapis.com https://optimize.google.com 'unsafe-inline'; report-uri /v2/csp-violations/report 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles diecastdirect.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com cdn.acsbapp.com  acsbapp.com; default-src 'self' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' diecastdirect.commercev3.com s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com data: acsbapp.com/apps/app/dist/fonts/ cdn.acsbapp.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com secure.trust-provider.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com images-diecastdirect-com.s3.amazonaws.com img.icons8.com cdn.datatables.net secure.trust-provider.com www.gstatic.com translate.google.com web1.acsbapp.com/apps/app/dist/media/ cdn.acsbapp.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  secure.trust-provider.com cdn.datatables.net  ssl.google-analytics.com acsbapp.com/apps/app/dist/js/app.js  acsbapp.com/apps/app/dist/js/locale/en-loader.json  acsbapp.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com  secure.trust-provider.com cdn.datatables.net  ssl.google-analytics.com acsbapp.com/apps/app/dist/js/app.js  acsbapp.com/apps/app/dist/js/locale/en-loader.json  acsbapp.com; style-src 'self' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.datatables.net translate.googleapis.com; style-src-elem 'self' s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net cdn.datatables.net translate.googleapis.com; style-src-attr  'unsafe-inline'; media-src 'self' diecastdirect.commercev3.com s3.amazonaws.com/cdn.diecastdirect.com/ cdn.commercev3.net/cdn.diecastdirect.com/ cdn.diecastdirect.com www.bing.com data:; 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.vimeo.com *.hotjar.com *.webhare.com *.guestplan.com etender-connect.com *.facebook.net *.facebook.com *.googleadservices.com sc-static.net static.stadsschouwburg-utrecht.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com  *.gstatic.com *.googletagmanager.com *.google.nl *.google.com *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com sc-static.net static.stadsschouwburg-utrecht.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com *.google.nl *.googletagmanager.com *.facebook.com *.facebook.net *.google.com *.doubleclick.net stipproducties.nl static.stadsschouwburg-utrecht.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com vimeo.com *.doubleclick.net *.webhare.com etender-connect.com *.analytics.google.com *.google-analytics.com *.googletagmanager.com *.google.nl *.google.com *.facebook.net *.facebook.com static.stadsschouwburg-utrecht.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com  static.stadsschouwburg-utrecht.nl; form-action 'self' *.facebook.net *.facebook.com; worker-src 'self' static.stadsschouwburg-utrecht.nl; manifest-src 'self' static.stadsschouwburg-utrecht.nl; frame-ancestors *.doubleclick.net;  1
frame-ancestors 'none'; default-src 'self' data: 'unsafe-inline' 'unsafe-eval' data:image/svg+xml https://ws.zoominfo.com https://t1.gstatic.com https://t2.gstatic.com https://t3.gstatic.com https://js.zi-scripts.com https://px.ads.linkedin.com https://chatsimple-avatars.s3.us-east-2.amazonaws.com https://chatsimple-widget.s3.us-east-2.amazonaws.com https://content.hotjar.io wss://ws.hotjar.com https://api.expertise.ai https://www.youtube.com https://www.google.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google.co.in https://www.google-analytics.com https://i.ytimg.com https://secure.gravatar.com https://go.oncehub.com https://wwv.capturepoint.net https://wwv.cp-1.io; style-src 'self' 'unsafe-inline' https://cdn.chatsimple.ai https://fonts.googleapis.com https://cdn.livechat-static.com; font-src 'self' data: https://fonts.gstatic.com data:application/font-woff; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://chatsimple-widget.s3.us-east-2.amazonaws.com https://js.zi-scripts.com https://www.processfusion.com https://cdn.chatsimple.ai https://cdn.polyfill.io https://www.google.com https://script.hotjar.com https://secure.enterprisingoperation-7.com https://www.googletagmanager.com https://go.oncehub.com https://cdn.oncehub.com https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google-analytics.com https://snap.licdn.com https://static.hotjar.com https://ws.zoominfo.com https://pi.pardot.com https://analytics.google.com; object-src 'none'; 1
default-src 'self' www.youtube.com ga.vyond.com *.hotjar.com *.hotjar.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com *.googletagmanager.com www.gstatic.com cdn.datatables.net *.salesforceliveagent.com connect.facebook.net vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com *.hotjar.com cdn.cookielaw.org/scripttemplates/ *.onetrust.com/;object-src 'none';style-src 'self' 'unsafe-inline' cdn.datatables.net fonts.googleapis.com www.gstatic.com vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com;img-src 'self' data: www.facebook.com vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.it cdn.cookielaw.org/logos/;media-src 'none';frame-src 'self' www.youtube.com www.google.com ga.vyond.com *.hotjar.com;font-src 'self' fonts.gstatic.com vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com;connect-src 'self' *.amazonaws.com vue.comm100.com standby.comm100vue.com dash17.comm100.io api17.comm100.io chatserver17.comm100.io max17.comm100.io file17.comm100download.com filestandby17.comm100download.com commonservice.comm100.io route.comm100.com route1.comm100.com pciform.comm100.com secure.comm100.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.it *.hotjar.com *.hotjar.io cdn.cookielaw.org *.onetrust.com/ wss://*.hotjar.com wss://*.hotjar.io;frame-ancestors 'self';worker-src 'self' 1
default-src 'self' 'unsafe-inline' https://*.bing.com https://*.clarity.ms https://www.freshbots.ai https://yoast.com https://stats.g.doubleclick.net https://www.google-analytics.com; img-src 'self' 'unsafe-inline' https://sgtm.academyadmissions.com https://*.googletagmanager.com https://server-side-tagging-epreqyivwq-uc.a.run.app https://cdn.cookielaw.org https://www.google.com https://*.snapchat.com https://www.academyadmissions.com https://www.google-analytics.com https://*.google-analytics.com https://*.doubleclick.net https://ps.w.org https://ssl.gstatic.com https://*.gstatic.com https://*.googleapis.com https://bat.bing.com https://www.facebook.com https://secure.gravatar.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.snapchat.com https://cdn.cookielaw.org https://*.clarity.ms https://www.google.com https://connect.facebook.net https://sc-static.net https://bat.bing.com https://ssl.google-analytics.com https://www.google-analytics.com https://www.googleadservices.com https://cdn.freshbots.ai https://cdn.announcekit.app https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://www.youtube.com https://tagmanager.google.com https://sgtm.academyadmissions.com https://server-side-tagging-epreqyivwq-uc.a.run.app; style-src 'self' 'unsafe-inline' https://hello.myfonts.net https://cdnjs.cloudflare.com https://cloud.typography.com https://*.googleapis.com https://pro.fontawesome.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://sgtm.academyadmissions.com https://server-side-tagging-epreqyivwq-uc.a.run.app; font-src 'self' 'unsafe-inline' https://pro.fontawesome.com https://fonts.gstatic.com https://*.gstatic.com data:; frame-src 'self' https://*.snapchat.com https://www.youtube.com https://*.doubleclick.net https://www.facebook.com; object-src 'self'; connect-src 'self' 'unsafe-inline' https://geolocation.onetrust.com https://cdn.cookielaw.org https://*.clarity.ms https://*.snapchat.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://www.google-analytics.com https://*.google-analytics.com https://www.facebook.com https://bat.bing.com https://sc-static.net https://d3hb14vkzrxvla.cloudfront.net https://tagmanager.google.com https://www.googletagmanager.com https://sgtm.academyadmissions.com https://server-side-tagging-epreqyivwq-uc.a.run.app; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-1551109c592442dc43e516f3d6dd2800'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' 'unsafe-eval' *.wlresources.com *.acwebconnecting.com 'sha256-e4pYjXQH6ajx5POUxz2FrYEpL/WroFiVF5clf0FNS5g=' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.wlresources.com; connect-src 'self' *.wlresources.com *.acwebconnecting.com wss://*.wlresources.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; report-uri /err0r/js?ts=1715651138; worker-src 'self' blob:; frame-ancestors 'none'; object-src 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com polyfill.io/v3/polyfill.min.js www.google.com/recaptcha/api.js www.gstatic.com cookie-cdn.cookiepro.com www.google-analytics.com unpkg.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com; img-src 'self' maps.gstatic.com maps.googleapis.com data: googletagmanager.com cookie-cdn.cookiepro.com www.google-analytics.com; media-src 'self'; frame-src 'self' www.google.com www.youtube.com player.vimeo.com olv-kinderwebsite.now.sh olv-kinderwebsite.vercel.app; font-src 'self' themes.googleusercontent.com fonts.gstatic.com data:; connect-src 'self' cookie-cdn.cookiepro.com www.google-analytics.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' https://*.bing.com https://*.optimalworkshop.com https://tally.so https://*.tally.so https://*.clarity.ms https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://www.gstatic.com https://*.google.com https://www.googletagmanager.com https://www.google-analytics.com https://*.recaptcha.net https://*.hotjar.com https://www.youtube.com https://connect.facebook.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.queue-it.net https://*.tbdine.com https://region1.analytics.google.com; frame-src 'self' https://tally.so https://*.tally.so https://*.recaptcha.net https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.afterdigital.io https://w.soundcloud.com https://www.google.com https://vars.hotjar.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://transaction.hostedpayments.com https://certtransaction.hostedpayments.com https://*.afterdigital.io https://*.afterdigital.uk https://skyway.honolulumuseum.org https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://*.tbdine.com; connect-src 'self' https://tally.so https://*.tally.so https://*.clarity.ms https://region1.analytics.google.com https://api.ipify.org https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.sentry.io https://stats.g.doubleclick.net https://*.google-analytics.com https://services.postcodeanywhere.co.uk https://api.addressy.com https://skyway.honolulumuseum.org https://*.afterdigital.uk https://*.afterdigital.io https://vc.hotjar.io wss://*.hotjar.com https://*.hotjar.com; img-src 'self' https://tally.so https://*.tally.so https://*.clarity.ms https://honolulu.emuseum.com https://honolulumuseum.org https://*.honolulumuseum.org https://*.cdninstagram.com https://*.afterdigital.uk https://*.afterdigital.io https://t-bridge.s3.eu-west-1.amazonaws.com https://skyway-us-cms-assets.s3.us-east-2.amazonaws.com https://us-skyway-cms-assets.s3.us-east-2.amazonaws.com https://www.google-analytics.com https://www.instagram.com https://*.doubleclick.net https://www.google.com https://www.google.co.uk; font-src 'self' 'unsafe-inline' data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rutarget.ru *.adriver.ru cdn.ampproject.org *.googletagservices.com googleads.g.doubleclick.net *.doubleclick.net *.google.ru cdn.jsdelivr.net *.top100.ru *.cloudfront.net *.google.com *.rambler.ru yandex.ru *.yandex.ru yastatic.net *.yandex.net yandex.st *.googleapis.com apis.google.com *.gstatic.com gstatic.com *.googlesyndication.com *.googleadservices.com counter.yadro.ru www.liveinternet.ru vk.com *.vk.com *.mail.ru *.twitter.com cdn.syndication.twimg.com *.facebook.net *.jquery.com; style-src 'self' 'unsafe-inline' google.com www.google.com *.yandex.ru fonts.googleapis.com; font-src 'self' data: *.gstatic.com *.yandex.ru yastatic.net fonts.googleapis.com maxcdn.bootstrapcdn.com; 1
default-src 'self' cdn.wcc.heine.ch https://cdn.wcc.heine.ch/graphql;    base-uri 'self' widget.solvemate.com;    font-src 'self' cdn.wcc.heine.ch https://fonts.gstatic.com data: widget.solvemate.com *.dixa.io;    img-src * data:;    connect-src 'self' https://cdn.wcc.heine.ch/graphql cdn.wcc.heine.ch cdn.witt.info/ https://images.ctfassets.net te.heine.ch tp.heine.ch wasp.heine.ch wst.heine.ch https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.heine.ch https://*.ingest.sentry.io api.solvemate.com widget.solvemate.com relay.solvemate.com *.dixa.io wss://sockets.dixa.io https://maps.googleapis.com;    object-src 'none';    child-src blob: ;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com blob: *.dixa.io;    style-src 'self' cdn.wcc.heine.ch https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.heine.ch checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com blob: widget.solvemate.com *.dixa.io;    frame-src 'self' checkout-v3.wcc.heine.ch https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com blob: *.dixa.io;    media-src 'self' cdn.wcc.heine.ch cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com *.dixa.io;    manifest-src 'self' cdn.wcc.heine.ch *.dixa.io;    worker-src 'self' cdn.wcc.heine.ch blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
report-uri //csp.cactus-russia.ru:8080/report/608498467535230608/; connect-src https://*.yandex.ru https://*.yandex.net https://yandex.ru 'self' *.google-analytics.com *.yandex.ru ; child-src 'self' ; font-src static.lc-group.ru 'self' ; form-action 'self' https://*.officeassistant.ru *.cactus-russia.ru ; frame-ancestors webvisor.com *.webvisor.com 'self' ; frame-src https://*.google.com https://*.youtube.com https://youtube.com *.youtube.com 'self' https://yandex.ru *.yandex.ru youtube.com ; img-src static.lc-group.ru https://*.yandex.net https://mc.yandex.ru 'self' data: *.google-analytics.com *.yandex.ru *.yandex.net *.cactus-russia.ru cactus-russia.ru https://*.yandex.ru ; media-src *.cactus-russia.ru static.lc-group.ru 'self' ; object-src *.cactus-russia.ru static.lc-group.ru 'self' ; script-src static.lc-group.ru https://*.yandex.ru https://*.yandex.net 'self' 'unsafe-eval' https://www.googletagmanager.com *.google-analytics.com *.yandex.ru *.yandex.net https://yastatic.net ; style-src static.lc-group.ru 'self' 'unsafe-inline' *.yandex.ru *.yandex.net ; default-src 'none' ; strict-mixed-content-checking; reflected-xss filter; referrer origin-when-cross-origin; 1
script-src 'self' https://*.email-provider.nl https://cdn-eu.readspeaker.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; connect-src https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://media-eu.readspeaker.com https://vttts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://app.watermelon.co https://wm-backend-prod-dot-watermelonmessenger.appspot.com https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com 'self'; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://*.maps.arcgis.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://cdn-eu.readspeaker.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data:; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://wm-livechat-2-prod-dot-watermelonmessenger.appspot.com https://youtube.com https://www.youtube.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' data: 'report-sample'; frame-ancestors 'self' https://*.dash.simplyadmire.com https://dash.docker https://localhost:8080 https://www.zeist.nl; object-src 'self' https://youtube.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com data:; report-to csp; child-src 'self' blob:; default-src 'self'; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
frame-ancestors 'self' *.haltian.com https://office.empathicbuilding.com; upgrade-insecure-requests 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com www.googletagmanager.com snap.licdn.com cookie-cdn.cookiepro.com cdn.cookielaw.org googletagmanager.com *.googleapis.com cdnjs.cloudflare.com www.google.com www.gstatic.com www.buzzsprout.com/ cdn.jsdelivr.net/gh/ckeditor/ static.pathmotion.io pathmotion.com equans.career-inspiration.com/ *.doubleclick.net *.googleadservices.com connect.facebook.net fbcdn.net cdn.jsdelivr.net consent.cookiebot.com siteimproveanalytics.com cdn.matomo.cloud cdn.siteimprove.net www.youtube.com unpkg.com odyssiant.azureedge.net *.bootstrapcdn.com js-agent.newrelic.com *.linkedin.com snippet.capybara.lmc.cz s.go-mpulse.net tags.data-driven.fr; object-src 'none' ; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net snippet.capybara.lmc.cz; img-src 'self' data: https:;; media-src 'self'; frame-src 'self' *.youtube.com/ *.vimeo.com/ apply.refline.ch https://engie.taleo.net/ www.google.com/ www.buzzsprout.com/ equans.career-inspiration.com/ facebook.com *.doubleclick.net/ cdn.linkedin.oribi.io www.facebook.com www.equans.co.uk json3d.tftlabs.com www.yousty.ch; frame-ancestors 'self' https://n3g.4projects.com  n3g.4projects.com; child-src 'self' https://*.youtube.com/ https://*.vimeo.com/ https://engie.taleo.net/; font-src 'self' fonts.gstatic.com snippet.capybara.lmc.cz data:; connect-src 'self' *.google-analytics.com *.googleapis.com *.google.com *.doubleclick.net snap.licdn.com *.cookiepro.com cdn.cookielaw.org geolocation.onetrust.com/ static.pathmotion.io pathmotion.com equans.career-inspiration.com api.mixpanel.com *.algolia.net equans.matomo.cloud privacyportal-fr.onetrust.com cdn.linkedin.oribi.io my2.siteimprove.com id.siteimprove.com contentassistant.eu.siteimprove.com id.eu.siteimprove.com *.algolianet.com *.odyssiant.com *.googlesyndication.com bam.nr-data.net *.linkedin.com *.algolianet.com api.capybara.lmc.cz *.ingest.sentry.io c.go-mpulse.net; upgrade-insecure-requests 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.marker.io *.analytics.google.com *.google.de *.hotjar.com data: 'self' 'unsafe-inline'; form-action www.facebook.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.liqpay.ua 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com vars.hotjar.com *.stripe.com www.youtube.com assets.pinterest.com static.addtoany.com *.marker.io www.facebook.com td.doubleclick.net https://www.googletagmanager.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com *.ftcdn.net *.behance.net validator.swagger.io *.cloudflare.com https://cdn.klarna.com www.google.com.ua *.googleusercontent.com www.facebook.com *.paypal.com https://s.ytimg.com log.pinterest.com ebizmarts-website.s3.amazonaws.com *.marker.io oiler.ua *.clarity.ms *.bing.com *.liqpay.ua *.laximo.net *.analytics.google.com *.google.de digital-assets.tecalliance.services *.hotjar.com https://www.googletagmanager.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.avada.io *.cloudflare.com www.google.com www.gstatic.com connect.facebook.net static.addtoany.com static.hotjar.com script.hotjar.com graph.facebook.com widgets.pinterest.com *.stripe.com assets.pinterest.com chimpstatic.com *.marker.io *.esputnik.com *.binotel.com *.clarity.ms *.laximo.net *.analytics.google.com *.google.de *.hotjar.com https://www.googletagmanager.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com fonts.googleapis.com 'unsafe-inline' *.laximo.net *.analytics.google.com *.google.de *.hotjar.com 'self' 'unsafe-inline'; object-src https://www.googletagmanager.com/ http://www.googleadservices.com/ 'self' 'unsafe-inline'; media-src *.adobe.com *.marker.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://get.geojs.io *.avada.io *.cloudflare.com stats.g.doubleclick.net in.hotjar.com *.paypal.com stats.addtoany.com *.marker.io esputnik.com *.esputnik.com *.binotel.com *.clarity.ms *.analytics.google.com *.google.de *.hotjar.com *.hotjar.io wss://ws.hotjar.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; connect-src 'self'; font-src 'self' data:; form-action 'self'; frame-src 'self'; img-src 'self'  data: *.akamaihd.net *.adobeaemcloud.com *.doubleclick.net www.google-analytics.com *.pathward.com; object-src 'self'; script-src 'self' *.akamaihd.net cyseal.cyveillance.com *.doubleclick.net www.google-analytics.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; report-uri /api/ContentSecurity/ 1
default-src 'self'; frame-src 'self' accounts.google.com www.youtube-nocookie.com www.loom.com player.vimeo.com; connect-src 'self' api.aysr.io api.revenuehero.io api.askoperator.io cloud.axiom.co vercel.live stream.mux.com inferred.litix.io *.fastly.mux.com *.cfcdn.mux.com *.clarity.ms; font-src 'self'; img-src 'self' image.mux.com logo.clearbit.com app-data-development.s3.us-east-1.amazonaws.com app-data-development.s3.amazonaws.com app-data-staging.s3.us-east-1.amazonaws.com app-data-staging.s3.amazonaws.com rh-app-data-prod.s3.us-east-1.amazonaws.com rh-app-data-prod.s3.amazonaws.com blob: data: *.aysr.io *.revenuehero.io *.clarity.ms; media-src 'self' blob: image.mux.com stream.mux.com *.fastly.mux.com *.cfcdn.mux.com; object-src 'self'; script-src 'self' 'strict-dynamic' https: 'unsafe-inline' 'unsafe-eval' vercel.live cdn.jsdelivr.net *.clarity.ms 'nonce-lZSDSEm4zSCBdJGohbXhmQ=='; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hmv.com https://*.usefathom.com https://*.googleapis.com https://*.addressy.com https://*.brcdn.com https://*.brsrvr.com https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.msecnd.net https://*.scarabresearch.com https://*.visualstudio.com https://*.worldpay.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.sessioncam.com https://*.facebook.com https://*.google.com https://*.google.co.uk https://*.twitter.com https://hmvliveblobstorage.blob.core.windows.net https://*.emarsys.net https://*.hotjar.com wss://*.hotjar.com https://*.queue-fair.net https://widget.trustpilot.com https://*.klarnaservices.com https://*.klarnacdn.net https://*.simplecast.com https://hmv.com https://*.trustpilot.com https://*.mention-me.com https://mention-me.com https://*.uk.exponea.com https://*.klarna.com https://*.klarnaevt.com https://*.clarity.ms https://*.googlesyndication.com; img-src 'self' data: https://*.hmv.com https://*.usefathom.com https://*.googleapis.com https://*.addressy.com https://*.brcdn.com https://*.brsrvr.com https://*.cloudfront.net https://*.googletagmanager.com https://*.gstatic.com https://*.msecnd.net https://*.scarabresearch.com https://*.visualstudio.com https://*.worldpay.com https://*.youtube.com https://*.youtube-nocookie.com https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.sessioncam.com https://*.facebook.com https://*.google.com https://*.google.co.uk https://*.twitter.com https://hmvliveblobstorage.blob.core.windows.net https://*.emarsys.net https://*.hotjar.com wss://*.hotjar.com https://*.queue-fair.net https://widget.trustpilot.com https://*.klarnaservices.com https://*.klarnacdn.net https://*.simplecast.com https://hmv.com https://*.trustpilot.com https://*.mention-me.com https://mention-me.com https://*.uk.exponea.com https://*.klarna.com https://*.klarnaevt.com https://*.clarity.ms https://*.googlesyndication.com; frame-ancestors 1
script-src 'unsafe-inline' 'unsafe-eval' http: https: https://partner.stannah.com/; style-src 'self' blob: https: 'unsafe-inline' https://partner.stannah.com/; img-src data: http: https:; object-src 'none'; base-uri 'self'; child-src 'self'; font-src *.goinstore.com 'self' fonts.gstatic.com; frame-src https: *.hsforms.com app.hubspot.com widget.trustpilot.com *.kaptcha.com *.cardinalcommerce.com *.bluesnap.com *.hotjar.com *.fls.doubleclick.net *.optimizely.com app.optimizely.com cdn.optimizely.com assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com ; worker-src 'self' blob: https://*.visualwebsiteoptimizer.com 1
default-src 'self' https://www.google.com  https://www.widgets.investing.com https://sslcharts.forexprostools.com https://www.googletagmanager.com *.google-analytics.com *.cxense.com *.serving-sys.com *.gemius.pl *.googletagservices.com *.doubleclick.net *.adunity.com *.adform.net *.2mdn.net *.conso.ro 'unsafe-inline';script-src 'self' https://www.google.com https://www.gstatic.com  *.googletagmanager.com *.google-analytics.com *.adunity.com *.serving-sys.com *.mookie1.com *.googletagservices.com *.adocean.pl *.gemius.pl *.adform.net https://code3.adtlgc.com z.moatads.com *.cxense.com synocdn.com *.2mdn.net 'unsafe-inline' 'unsafe-eval';style-src 'self' *.adunity.com 'unsafe-inline';img-src 'self' https://www.api.conso.ro *.cxense.com *.serving-sys.com *.adunity.com ad.doubleclick.net *.conso.ro *.mookie1.com *.synoint.com *.moatads.com *.adocean.pl *.adform.net about: data:;base-uri 'self' *.adunity.com *.adform.net 1
default-src 'self';style-src 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' sccs-analytics.herokuapp.com;img-src 'self' *.content.force.com *.file.force.com res.cloudinary.com;form-action 'self' login.salesforce.com;connect-src 'self' sccs-analytics.herokuapp.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src https:; font-src https: data:; img-src https: data:; script-src 'unsafe-inline' https:; style-src 'unsafe-inline' https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.typekit.net/ https://tagmanager.google.com/ https://fonts.googleapis.com/ https://*.googletagmanager.com/ https://*.myfonts.net/ https://*.cookiebot.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.facebook.com/ https://*.klarnaevt.com/ https://*.googletagmanager.com/ https://ssl.gstatic.com/ https://*.gstatic.com/ https://www.google-analytics.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://*.cookiebot.com/ https://px.ads.linkedin.com/ https://pixel.rubiconproject.com/ https://ad.360yield.com/ https://sync.search.spotxchange.com/ https://ib.adnxs.com/ https://ads.stickyadstv.com/ https://ad.sxp.smartclip.net/ https://cm.adform.net/ https://cm.g.doubleclick.net/ https://simage2.pubmatic.com/ https://um.simpli.fi/ https://match.adsby.bidtheatre.com/ https://match.prod.bidr.io/ https://www.google.se/ https://syndication.twitter.com/ https://img.youtube.com https://match.adsrvr.org https://wt.rqtrk.eu https://rtb-csync.smartadserver.com  https://*.ytimg.com https://www.linkedin.com; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.typekit.net/ https://fonts.gstatic.com/ data: https://*.myfonts.net/ https://*.hotjar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://buttons.github.io/ https://js-agent.newrelic.com/ https://bam.eu01.nr-data.net/ https://bam-cell.nr-data.net/ https://*.facebook.net/ https://*.klarna.com/ https://*.algolianet.com/ https://*.googletagmanager.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://ssl.google-analytics.com/ https://tagmanager.google.com/ https://*.googleapis.com/ https://www.google.com/ https://*.cookiebot.com/ https://*.licdn.com/ https://*.bidtheatre.com/ https://platform.twitter.com/ https://plausible.io/ https://widgets.getsitecontrol.com https://*.azureedge.net https://zammadberling.xzakt.com https://hello.myfonts.net https://www.youtube.com  https://www.google.se https://issuu.com/ https://*.issuu.com/ https://*.hotjar.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://liveupdate.pimcore.org/ https://bam.eu01.nr-data.net/ https://bam-cell.nr-data.net/ https://api.bring.com/ https://*.klarnaevt.com/ https://*.algolianet.com/ https://*.algolia.net/ https://www.google-analytics.com/ https://*.googletagmanager.com/ https://*.googleapis.com/ https://*.cookiebot.com/ https://*.doubleclick.net/ https://plausible.io/ https://region1.google-analytics.com  https://skitkgpy.eun.stape.io https://cdn.linkedin.oribi.io https://*.svc.dynamics.com/ wss://zammadberling.xzakt.com https://www.verbum.se/api/cart https://*.google.com https://*.googlesyndication.com https://px.ads.linkedin.com  https://www.facebook.com https://*.hotjar.com wss://ws.hotjar.com https://*.hotjar.io wss://www.googleadservices.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.klarna.com/ https://bid.g.doubleclick.net/ https://*.youtube.com/ https://*.cookiebot.com/ https://www.youtube-nocookie.com/ https://www.facebook.com/ https://www.google.com/ https://docs.google.com/ https://platform.twitter.com/ https://e.issuu.com/ https://player.vimeo.com/ https://*.soundcloud.com/ https://forms.apsisforms.com https://plausible.io/ https://www.spotify.com/ https://*.spotify.com/ https://*.dynamics.com/ https://accounts.google.com/ https://docs.google.com/ https://td.doubleclick.net/ https://*.issuu.com/ https://issuu.com/; 1
script-src 'self' 'unsafe-eval' https://cryptonews.com.au https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src-elem safe data: 'unsafe-inline' https://cryptonews.com.au https://*.cryptonews.com.au https://yoast.com https://*.wpengine.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com https://platform.twitter.com; frame-src 'self' blob: data: https://www.google.com/ https://*.youtube.com https://platform.twitter.com; font-src 'self' data: https://fonts.gstatic.com https://www.googletagmanager.com; 1
connect-src 'self';default-src 'self' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com telegram.org;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com fonts.gstatic.com;media-src 'self';frame-src *;frame-ancestors 'self' www.google.com; 1
frame-ancestors *;  report-uri /log/csp-violation 1
frame-ancestors 'self' *.mybusiness.it mybusiness.it *.gstatic.com *.tim.it *.google-analytics.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' upload.simian.nl *.google-analytics.com *.googlesyndication.com www.googletagmanager.com api.test.beterdrukken.nl cdn.simian.nl cdn.simianprint.nl design.simian.nl http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com *.cloudflare.com *.gstatic.com *.youtube.com *.google.nl *.bootstrapcdn.com *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.facebook.net *.facebook.com *.bing.com *.googleapis.com *.trengo.eu *.pusher.com wss://*.pusher.com *.purechat.com wss://*.purechat.com *.purechatcdn.com *.amazonaws.com *.reclameland.nl *.tradetracker.net *.twitter.com *.optimizely.com *.google.com www.googleadservices.com office.simian.nl:3030 https://static.widget.trengo.eu https://stats.pusher.com/timeline/v2/jsonp/1 https://static.widget.trengo.eu https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://fonts.bunny.net https://cdn.jsdelivr.net https://api.widget.trengo.eu https://gkkmgz0bw7.execute-api.eu-central-1.amazonaws.com wss://ws-eu.pusher.com https://ipinfo.io; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: cdn.simian.nl cdn.simianprint.nl upload.simian.nl api.test.beterdrukken.nl design.simian.nl www.google-analytics.com www.googletagmanager.com *.trustpilot.com *.hotjar.io *.hotjar.com *.cloudflare.com *.gstatic.com *.youtube.com *.google.nl *.bootstrapcdn.com *.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com *.facebook.net *.facebook.com *.bing.com *.googleapis.com *.trengo.eu *.pusher.com wss://*.pusher.com *.purechat.com wss://*.purechat.com *.purechatcdn.com *.amazonaws.com *.reclameland.nl *.tradetracker.net *.twitter.com *.optimizely.com *.google.com www.googleadservices.com office.simian.nl:3030 https://*.giphy.com https://s3.eu-central-1.amazonaws.com https://trengo.s3.eu-central-1.amazonaws.com; 1
default-src 'self'; img-src * data: https://*.google-analytics.com https://*.googletagmanager.com; style-src 'self' 'unsafe-inline'; media-src *.gtflixtv.com *.pornworld.com; script-src 'self' 'nonce-k9Nld0bUfa9PKhJ2UYh0Xw==' tracking.sexcash.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com 1
font-src *.klarnacdn.net *.fontawesome.com *.gstatic.com data: script.hotjar.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * big.g.doubleclick.net vars.hotjar.com optimize.google.com *.facebook.com *.doubleclick.net 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.no *.google.se *.google.fi *.google.ro *.google.pl *.google.dk *.gstatic.com *.google-analytics.com *.googleadservices.com *.hotjar.com *.hotjar.io *.googletagmanager.com 'self' data: blob: *.facebook.com *.fastly.net *.google.lt *.google.de *.google.co.uk data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.klarna.com *.klarnacdn.net *.klarnaservices.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://storage.googleapis.com/ https://api.mapbox.com/ *.google.com *.gstatic.com *.google-analytics.com *.googleanalytics.com *.googleadservices.com *.googleoptimize.com *.doubleclick.net static.hotjar.com script.hotjar.io cdn.jsdelivr.net js-agent.newrelic.com *.nr-data.net *.zdassets.com *.hotjar.com *.facebook.net *.googletagmanager.com rawcdn.githack.com *.zopim.com https://chimpstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.googleapis.com *.google.com *.sandnes-garn.be *.sandnesgarn.no cloud.typography.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com data: *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://storage.googleapis.com/ https://api.mapbox.com/ https://events.mapbox.com/ *.google-analytics.com *.doubleclick.net *.hotjar.com vc.hotjar.io surveystats.hotjar.io wss://*.hotjar.com *.googleapis.com t.elasticsuite.io *.nr-data.net *.zdassets.com *.zendesk.com wss://widget-mediator.zopim.com *.googlesyndication.com *.hotjar.io 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://eng.vdc.dev/csp-report; report-to report-endpoint; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' https://a.cms.omniupdate.com; font-src * data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *jsdelivr.net franklin-electric.com  *.franklin-electric.com  *.mouseflow.com corp.local corp.dev *.youtube.com youtube.com *.gstatic.com *.googleapis.com html5shiv.googlecode.com cloud.typography.com otp.tools.investis.com hsprod.investis.com google-analytics.com www.google-analytics.com stats.g.doubleclick.net *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com *.pingdom.net *.googletagmanager.com *.cloudfront.net *.rdstation.com.br 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.sjrstate.edu ; script-src https://platform.twitter.com https://widget.emsicc.com 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.sjrstate.edu https://ajax.googleapis.com/ https://cdnjs.cloudflare.com https://code.jquery.com/ https://connect.facebook.net/ https://cse.google.com https://googleads.g.doubleclick.net https://netdna.bootstrapcdn.com https://siteimproveanalytics.com https://www.calendarwiz.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://embedr.flickr.com https://widgets.flickr.com https://widget.lightcastcc.com ; style-src 'self' 'unsafe-inline' 'report-sample' https://*.sjrstate.edu https://fonts.googleapis.com https://netdna.bootstrapcdn.com https://www.calendarwiz.com https://www.google.com ; img-src * ; font-src  https://fonts.gstatic.com https://netdna.bootstrapcdn.com https://www.calendarwiz.com ; media-src 'self' ; base-uri 'self' ; manifest-src 'self' ; connect-src 'self' https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com https://embedr.flickr.com https://analytics.google.com ; frame-src 'self' https://*.google.com https://*.twitter.com https://platform.twitter.com https://www.facebook.com https://www.youtube.com https://widget.emsicc.com https://www.calendarwiz.com https://app.smartsheet.com https://*.doubleclick.net https://widget.lightcastcc.com https://*.elluciancrmrecruit.com ; prefetch-src https://netdna.bootstrapcdn.com ; 1
default-src 'self' http: https: wss: data: blob: 'unsafe-eval' 'unsafe-inline' 1
frame-ancestors bo.vakko.com backoffice.cujryb5pfc-vakkohold1-p1-public.model-t.cc.commerce.ondemand.com 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.pt/report-uri/enforce 1
default-src * data: blob: 'self';script-src *.itewb.gov.in 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.itewb.gov.in itewb.gov.in ws://localhost:* blob:  'self';block-all-mixed-content;upgrade-insecure-requests; 1
frame-ancestors beta.lcbcchurch.com rock.lcbcchurch.com www.lcbcchurch.com 1
base-uri 'self'; object-src 'none'; frame-ancestors 'self' 1
frame-ancestors 'self' https://careerkarma.com 1
default-src 'self' blob:; 
                                                        style-src  'unsafe-inline' 'unsafe-eval' https:; 
                                                        img-src * data: blob: filesystem:; 
                                                        media-src https:; 
                                                        connect-src https: wss:; 
                                                        font-src https: data:; 
                                                        object-src https: blob:; 
                                                        script-src 'unsafe-inline' 'unsafe-eval' https:; 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; img-src * data: blob:; media-src * data: blob:; worker-src * blob: 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.livegirl.fr:9080 www.livegirl.fr:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.livegirl.fr wss://www.livegirl.fr *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715650842 1
frame-ancestors https://statevitalrecords.org/ https://californiabirthcertificate.org/ https://californiabirthcertificate.wpcomstaging.com/ https://texasbirthcertificateswpcomstaging.wpcomstaging.com/ https://texasbirthcertificates.org/ 1
frame-src 'self' *.google.com *.doubleclick.net *.amnet.tw cdn.aralego.net *.gather.town *.youtube.com;            frame-ancestors 'self' *.google.com *.google.com.tw cdn.aralego.net *.gather.town *.youtube.com;                  1
frame-ancestors 'none'; default-src 'self'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' https://snap.licdn.com/li.lms-analytics/insight.min.js https://g10300385420.co https://www.googletagmanager.com 'sha256-KSIApGzm6DYQRCzNzkFaP32nXnkMy07agsKycPqyDnc=' 'sha256-EqfYkgIzDGSX9GTQAUAfA801CTIyUFujcPs+rLJ5k5U=' 'sha256-bYpJmIZg5uU9HMyKx9oEXCP/ZLzFZM/ki5imOytrBIo=' 'sha256-Dqot8fwFISgIoC01rNDqDgF3KiIvyO5tpQairVw9mkI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-Bbc5oRiwCU748cdlYFyZPQdZNJIvs3FyBM9l9sGlyRw=' 'sha256-0I/baUeh0Qv83KWPBRh4U0bdC97rkgKiCfX8VpGcZg0='; img-src 'self' d1qfwzw6aggd4h.cloudfront.net *.ads.linkedin.com *.doubleclick.net *.vod-progressive.akamaized.net; media-src 'self' *.vimeo.com *.youtube.com  *.vod-progressive.akamaized.net; connect-src 'self' *.google-analytics.com px.ads.linkedin.com *.nomuraconnects.com; frame-src 'self' *.vimeo.com *.youtube.com *.doubleclick.net; style-src 'self' 'unsafe-inline'; 1
default-src 'self' https://*.salesforcestore.com; img-src 'self' https: data:; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' https://*.gstatic.com https://*.google.com https://*.google-analytics.com https://*.youtube.com https://*.googletagmanager.com https://*.cookie-script.com https://*.adobedtm.com https://*.cookielaw.org https://*.authorize.net https://*.paypal.com https://*.paypalobjects.com; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' https://*.salesforcestore.com https://salesforcestore.com https://*.cookie-script.com https://*.adobedtm.com https://*.cookielaw.org https://*.onetrust.com https://*.authorize.net https://*.paypal.com https://*.paypalobjects.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.google-analytics.com; frame-src 'self' https://*.authorize.net https://*.google.com https://*.gstatic.com; frame-ancestors 'self' https://*.authorize.net 1
font-src script.hotjar.com use.fontawesome.com fonts.gstatic.com *.gstatic.com 'self' data: *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com *.facebook.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com www.youtube.com vars.hotjar.com www.google.com wppsandbox.mit.com.mx bc.mitec.com.mx *.mit.com.mx *.mitec.com.mx *.e-pago.com.mx *.paynet.com.mx *.americanexpress.com *.opencontrol.mx *.kaptcha.com *.openpay.pe *.openpay.mx *.openpay.co c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com accounts.google.com *.postimg.cc *.openpay.mx www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.gstatic.com *.facebook.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com script.hotjar.com static.hotjar.com maxcdn.bootstrapcdn.com maps.google.com maps.googleapis.com static.zdassets.com widget-mediator.zopim.com js-agent.newrelic.com www.google.com www.gstatic.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com use.fontawesome.com unsafe-inline *.googleapis.com *.gstatic.com tagmanager.google.com *.yotpo.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com landofcoder.com *.hotjar.com *.paynet.com.mx *.openpay.mx *.openpay.co *.openpay.pe api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com t.elasticsuite.io *.google-analytics.com *.facebook.net *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src wow.link *.wow.link; frame-src * data: blob: http: https: 'self'; connect-src wow.link *.wow.link *.stripe.com *.yandex.ru *.yandex.com *.pinterest.com *.paypal.com *.doubleclick.net *.google-analytics.com *.google.com *.googlesyndication.com; style-src 'unsafe-inline' wow.link *.wow.link *.yandex.com *.stripe.com *.cloudflare.com *.googleapis.com *.gstatic.com *.google.com *.googlesyndication.com; img-src data: blob: wow.link *.wow.link *.stripe.com *.youtube.com *.ytimg.com *.yandex.ru *.facebook.com *.google.com *.googleusercontent.com *.googlesyndication.com *.doubleclick.net *.yadro.ru *.google-analytics.com *.gstatic.com; script-src * 'unsafe-inline' data: blob: http: https: 'self'; font-src data: wow.link *.wow.link *.gstatic.com *.googlesyndication.com; 1
default-src 'self' *.fg.cz;font-src 'self' fonts.gstatic.com *.fg.cz;connect-src 'self' *.fg.cz *.google.com *.googleapis.com www.google-analytics.com *.doubleclick.net https://www.smsticket.cz;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.fg.cz maps.google.com *.googleapis.com www.googletagmanager.com www.google-analytics.com www.google.com *.gstatic.com https://www.smsticket.cz;form-action 'self' *.fg.cz;frame-src 'self' *.fg.cz www.youtube.com https://www.google.com/ www.google.com https://www.smsticket.cz/;child-src 'self' *.fg.cz www.youtube.com https://www.google.com/ www.google.com https://www.smsticket.cz/;frame-ancestors 'self' *.fg.cz;img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net blob: *.gst *.fg.cz;style-src 'self' 'unsafe-inline' *.fg.cz fonts.googleapis.com;object-src 'self' 1
default-src *.clarity.ms c.bing.com; connect-src *.picturepark.com *.moin.ai *.herofil.es *.oribi.io *.docu.info *.google.com *.usercentrics.eu *.hotjar.com *.hotjar.io *.clarity.ms wss://*.hotjar.com wss://*.moin.ai *.analytics.google.com *.google-analytics.com *.salesmanago.pl backoffice.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com backoffice.commerce.dev.xella.com backoffice.commerce.uat.xella.com backoffice.commerce.xella.com wss://directline.botframework.com directline.botframework.com maps.googleapis.com pixel.mathtag.com scnem3.com smartedit.commerce.dev.xella.com smartedit.commerce.uat.xella.com smartedit.commerce.xella.com static.mailerlite.com stats.g.doubleclick.net storefrontapi.commerce.dev.xella.com storefrontapi.commerce.uat.xella.com storefrontapi.commerce.xella.com t.leady.com xellabot.azurewebsites.net xolutionfaqbot.azurewebsites.net *.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com https://tracker.admixpreview.nl pagead2.googlesyndication.com; font-src 'self' *.moin.ai *.hotjar.com *.hotjar.io fonts.gstatic.com data:; frame-src * *.usercentrics.eu; img-src 'self' *.picturepark.com *.herofil.es data: *.fls.doubleclick.net *.hotjar.com *.hotjar.io *.privacysandbox.googleadservices.com *.usercentrics.eu *.ytimg.com *.salesmanago.pl *.clarity.ms *.moin.ai *.oribi.io *.bing.com 10714483.fls.doubleclick.net backoffice.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com backoffice.commerce.dev.xella.com backoffice.commerce.uat.xella.com backoffice.commerce.xella.com c.seznam.cz cbks0.googleapis.com dmp.adform.net facebook.com *.analytics.google.com *.google-analytics.com googleads.g.doubleclick.net lh3.ggpht.com maps.google.com maps.googleapis.com *.gstatic.com maps.gstatic.com pixel.mathtag.com px.ads.linkedin.com smartedit.commerce.dev.xella.com smartedit.commerce.uat.xella.com smartedit.commerce.xella.com static.mailplus.nl stats.g.doubleclick.net storefrontapi.commerce.dev.xella.com storefrontapi.commerce.uat.xella.com storefrontapi.commerce.xella.com tagmanager.google.com track.mailerlite.com upload.wikimedia.org www.facebook.com www.google.com www.google.de www.google.nl www.googletagmanager.com *.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com https://tr3.onlinesucces.nl; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.docu.info *.hotjar.com *.hotjar.io *.usercentrics.eu *.ytimg.com *.clarity.ms *.getsitecontrol.com *.adform.net backoffice.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com backoffice.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com backoffice.commerce.dev.xella.com backoffice.commerce.uat.xella.com backoffice.commerce.xella.com c.imedia.cz c.bing.com connect.facebook.net *.analytics.google.com *.google-analytics.com googleads.g.doubleclick.net googletagmanager.com maps.googleapis.com pixel.mathtag.com restapi.mailplus.nl s2.adform.net static.mailerlite.com smartedit.commerce.dev.xella.com smartedit.commerce.uat.xella.com smartedit.commerce.xella.com snap.licdn.com storefrontapi.commerce.dev.xella.com storefrontapi.commerce.uat.xella.com storefrontapi.commerce.xella.com t.leady.com tagmanager.google.com track.adform.net www.seznam.cz www.googleadservices.com www.googletagmanager.com www.salesmanago.pl www.youtube.com xellabot.azurewebsites.net xolutionfaqbot.azurewebsites.net *.c2frwo0fak-xibmholdi1-d1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-s1-public.model-t.cc.commerce.ondemand.com *.c2frwo0fak-xibmholdi1-p1-public.model-t.cc.commerce.ondemand.com *.seznam.cz *.mailocator.com *.moin.ai bat.bing.com *.oribi.io *.herofil.es https://tracker.admixpreview.nl/tracker.js; style-src *.moin.ai 'self' 'unsafe-inline' *.mailerlite.com  fonts.googleapis.com static.mailerlite.com www.googletagmanager.com xellabot.azurewebsites.net xolutionfaqbot.azurewebsites.net *.commerce.xella.com *.commerce.uat.xella.com *.commerce.dev.xella.com; 1
default-src 'self'          https:          http:          connect-src: 'self'          data: 'unsafe-inline' 'unsafe-eval'          blob:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-d9b2473adb068856e4dcb4ad82de48df'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; upgrade-insecure-requests; connect-src 'self' dc.services.visualstudio.com *.pensionpro.com *.applicationinsights.azure.com *.monitor.azure.com; style-src 'self' 'unsafe-inline' appcenter.intuit.com *.pensionpro.com fonts.googleapis.com data:; style-src-elem 'self' 'unsafe-inline' appcenter.intuit.com *.pensionpro.com fonts.googleapis.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' appcenter.intuit.com www.googletagmanager.com ajax.googleapis.com cdn.polyfill.io ssl.google-analytics.com cdnjs.cloudflare.com az416426.vo.msecnd.net js.braintreegateway.com *.monitor.azure.com; img-src 'self' *.pensionpro.com kendo.cdn.telerik.com data: ssl.google-analytics.com; font-src 'self' fonts.gstatic.com netdna.bootstrapcdn.com data:; frame-ancestors 'self'; frame-src 'self' player.vimeo.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' capacitor://localhost; img-src * data: capacitor://localhost; script-src-attr 'unsafe-inline' 'unsafe-hashes'; script-src-elem * 'unsafe-inline' capacitor://localhost; style-src-attr 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'unsafe-inline' capacitor://localhost; frame-ancestors * capacitor://localhost; report-uri https://www.fmsb.be/fr/report-uri/enforce 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-iH6RzQPHLGEbOvoTlTaU4wziRa7ZIWVi2B0s3TTnxWuJLvoz' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; object-src 'none'; script-src 'nonce-BvndqLuONI+pj/aF2gP7rQ==' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' 'self' *.google.com *.google.cz *.adform.net *.gstatic.com *.cookiebot.com *.seznam.cz *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.youtube.com *.googleapis.com *.jsdelivr.net; style-src 'self' 'strict-dynamic' 'unsafe-inline' 'self' *.googleapis.com *.net *.jsdelivr.net; img-src 'self' data: *.seznam.cz *.google.com *.google.cz *.google-analytics.com *.google.nl *.facebook.com *.cookiebot.com *.googletagmanager.com *.ytimg.com *.googlesyndication.com *.doubleclick.net *.gstatic.com *.googleapis.com; font-src 'self' *.gstatic.com *.typekit.net; connect-src 'self' *.googlesyndication.com *.google-analytics.com *.cookiebot.com *.google.com *.doubleclick.net *.hotjar.com *.hotjar.io wss://*.hotjar.com *.mora.care *.googleapis.com *.tiktok.com; frame-src 'self' 'strict-dynamic' *.cookiebot.com *.youtube.com *.hotjar.com *.hotjar.io *.doubleclick.net *.facebook.com *.google.com; form-action 'self' *.facebook.com *.mora.care; manifest-src 'self'; media-src 'self'; base-uri 'self'; 1
default-src 'self' https://api.pcivault.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vk.com https://widget.bank131.ru https://api.pcivault.io; img-src 'self' https://vk.com https://pp.vk.me *.userapi.com; style-src 'self' 'unsafe-inline' https://widget.bank131.ru; font-src 'self'; frame-src 'self' https://vk.com https://widget.bank131.ru; connect-src 'self' https://proxy.bank131.ru https://api.pcivault.io; object-src 'self' 1
default-src 'self' 'unsafe-inline'  http: https: data: ;           style-src 'self' http://maxcdn.bootstrapcdn.com http://fonts.googleapis.com http://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval';           script-src 'self' https://mapgenie.osi.ie 'unsafe-inline' 'unsafe-eval';           object-src 'self';          img-src 'self' https://mapgenie.osi.ie 'unsafe-inline' 'unsafe-eval' data:  1
style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://wa.me/ https://cdn.tiny.cloud/ https://www.ajans.softyrapps.com https://ajans.softyrapps.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://www.google.com/recaptcha/ https://fonts.gstatic.com/ https://cdn.onesignal.com/sdks/ https://onesignal.com/sdks/; 1
default-src 'none'; base-uri 'self'; form-action 'none'; img-src 'self';  style-src 'self'; frame-ancestors 'none'; report-uri https://sidn-nl.uriports.com/reports/report; report-to default 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' data: blob:; frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com webvisor.com 1
default-src ‘self’; frame-ancestors ‘self’; form-action ‘self’; 1
frame-ancestors cfeinternet.mx 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-uARzOYqhkzmOzdT8UE/bkwUWMfRDeTZ/h9z7X4m7G7ao7Flq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors 'self' https://*.probikeshop.fr https://*.probikeshop.it https://*.bikeshop.es https://*.probikeshop.de https://*.probikeshop.pt https://*.probikeshop.com https://*.probikeshop.ch; 1
default-src 'self' http: https: data: blob: wss: 'unsafe-inline' 1
default-src * https: data: 'unsafe-eval' 'unsafe-inline' blob:; 1
default-src 'self' blob:; script-src 'self' 'nonce-v5T++tSB9F463iiywJ5Nn+UJrnRig/rpM82HXWFiy4c=' blob: 'unsafe-eval' *.quantserve.com *.quantserve.com/ secure.quantserve.com/quant.js *.teamtailor-cdn.com *.googleapis.com *.postescanada-canadapost.ca *.googletagmanager.com *.googletagmanager.com/ *.sitesearch360.com *.sitesearch360.com/ *.google.com https://cdnjs.cloudflare.com/ajax/libs/popper.js/ https://cdn.jsdelivr.net/npm/bootstrap@4.6.2/dist/js/ *.paysafe.com https://www.google-analytics.com *.gstatic.com/recaptcha/releases/ *.hotjar.com *.hotjar.com/ https://www.smartsurvey.co.uk *.facebook.net/ *.newrelic.com *.newrelic.com/ *.quantcount.com *.quantcount.com/ *.cloudflareinsights.com *.cloudflareinsights.com/ *.googleadservices.com *.nr-data.net *.googlesyndication.com *.opendns.com *.opendns.com/ gateway.id.swg.umbrella.com/ cdn.jsdelivr.net/gh/jfeltkamp/cookiesjsr@1/ *.visualwebsiteoptimizer.com/ app.vwo.com 'sha256-Dj1KvV407y0kXtkO8zlK+Ro6I5G3tqKSDtqGGl7LTDo=' 'sha256-5v1AAxcO7RhxW12aExIEXjnCU/W0WEzouDQbxi/Z7W0='; object-src 'none'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.fontawesome.com/ *.postescanada-canadapost.ca *.postescanada-canadapost.ca/css/ *.googleapis.com gateway.id.swg.umbrella.com/ *.visualwebsiteoptimizer.com app.vwo.com; img-src 'self' data: * *.visualwebsiteoptimizer.com chart.googleapis.com app.vwo.com; frame-src 'self' https://www.google.com *.paysafe.com *.doubleclick.net https://www.smartsurvey.co.uk https://embed.acast.com *.umbrella.com *.googlesyndication.com *.googletagmanager.com *.opendns.com *.opendns.com/ forms.office.com/ www.youtube.com/ app.vwo.com *.visualwebsiteoptimizer.com; font-src 'self' data: https://use.fontawesome.com *.gstatic.com/; connect-src 'self' https://maps.googleapis.com *.paysafe.com *.sitesearch360.com  https://www.google-analytics.com *.doubleclick.net *.g.doubleclick.net/ *.hotjar.io *.adservice.google.com *.teamtailor.com/ *.quantcount.com *.quantcount.com/ *.google-analytics.com *.vc.hotjar.io *.google.com *.nr-data.net *.hotjar.com *.hotjar.com/ *.postescanada-canadapost.ca wss://ws.hotjar.com/api/v2/client/ws gateway.id.swg.umbrella.com/ *.visualwebsiteoptimizer.com app.vwo.com; report-uri /report-csp-violation; base-uri 'self'; 1
default-src 'self'; object-src 'self'; base-uri 'self'; media-src 'self' https://imagepool.drillisch-online.de; img-src https: data: https://imagepool.drillisch-online.de; font-src https:; form-action 'self'; connect-src 'self' https://imagepool.drillisch-online.de https://stats.drillisch-online.de https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://tracking.drillisch.de https://*.demdex.net https://www.google-analytics.com; script-src 'strict-dynamic' 'nonce-a53b3f76143c6fd3a88ea87de8a48116' 'nonce-c8fb5b241c586828d4bc987e368cad3b' 'nonce-7cda0ccef28d50d212ff7674dae80032' 'nonce-0105af604326dfeecb56da33c7dd11ad' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self'; frame-src https://1and1internetag.demdex.net https://tags.tiqcdn.com https://hilfe-center.1und1.de; child-src https://tags.tiqcdn.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-a53b3f76143c6fd3a88ea87de8a48116' 'nonce-c8fb5b241c586828d4bc987e368cad3b' 'nonce-7cda0ccef28d50d212ff7674dae80032' 'nonce-0105af604326dfeecb56da33c7dd11ad' 'self' 'unsafe-inline' https: 'report-sample' 1
default-src 'self' data: gap: https://*.jsdelivr.net https://*.fontawesome.com https://*.googleapis.com http://www.w3.org/2000/svg https://*.jquery.com https://www.google.com https://unpkg.com https://www.gstatic.com; connect-src * ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://*.fontawesome.com/; script-src 'self' 'unsafe-eval' ; font-src 'self' https://*.googleapis.com https://*.gstatic.com; media-src *; img-src * 'self' data: https:; upgrade-insecure-requests 1
default-src blob: https: wss: 'unsafe-eval' 'unsafe-inline' 'self'; style-src https: 'unsafe-inline'; frame-ancestors https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.doubleclick.net 'self'; frame-src https://*.facebook.com https://*.youtube.com https://*.twitter.com https://*.x.com https://*.hotjar.com https://*.marketica.com https://*.sharethis.com https://*.widergy.com https://*.amplifyapp.com https://*.botframework.com https://*.google.com  https://*.doubleclick.net 'self'; object-src 'none'; font-src https: data:; img-src https: data:; 1
style-src 'self' 'unsafe-inline' https://*.buybox.click https://tagmanager.google.com https://fonts.googleapis.com https://optimize.google.com https://accounts.google.com https://*.klaviyo.com;                             script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.buybox.click https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://widget-mediator.zopim.com https://*.zdassets.com https://*.google-analytics.com https://*.facebook.net https://*.facebook.com https://apis.google.com https://*.youtube.com https://s.ytimg.com https://*.usersnap.com https://www.googletagmanager.com https://cdn.gravitec.net https://*.hotjar.com https://www.google.com/pagead https://s.pinimg.com https://www.google.com https://optimize.google.com https://www.googleoptimize.com https://*.klaviyo.com https://accounts.google.com https://*.cookiebot.com https://*.clarity.ms https://s8o72l.dashboard.wedare.pl https://trkwwtarget.com;               img-src 'self' data: blob: https://ct.pinterest.com https://*.buybox.click https://*.zopim.io www.googletagmanager.com https://*.hotjar.com https://cdnjs.cloudflare.com https://media.domni.pl https://img.youtube.com https://i.ytimg.com/ http://static-synage.i-g.pl https://cdn.gravitec.net https://www.facebook.com https://*.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://www.google.pl https://www.googletagmanager.com https://*.gstatic.com https://lh3.googleusercontent.com https://ct.pinterest.com/v3 https://optimize.google.com https://test-media.domni.pl https://*.cloudfront.net https://imgsct.cookiebot.com/ https://*.clarity.ms https://googleads.g.doubleclick.net https://google.com https://s8o72l.dashboard.wedare.pl;                             default-src 'self' https://*.zdassets.com https://*.hotjar.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.facebook.com https://www.googletagmanager.com https://accounts.google.com https://*.youtube.com https://www.pinterest.com https://ad.doubleclick.net;                              frame-ancestors 'none';                             font-src https://fonts.gstatic.com https://*.klaviyo.com;                             frame-src https://www.google.com https://*.pinterest.com https://accounts.google.com https://vars.hotjar.com https://www.youtube.com https://*.facebook.com https://optimize.google.com https://*.cookiebot.com https://td.doubleclick.net/ https://s8o72l.dashboard.wedare.pl;                             connect-src 'self' https://ct.pinterest.com https://*.buybox.click wss://widget-mediator.zopim.com https://synage.zendesk.com https://*.zdassets.com https://stats.g.doubleclick.net/ https://*.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google.pl/ads/ga-audiences https://*.klaviyo.com https://www.googleapis.com  https://*.googlesyndication.com https://*.googletagmanager.com https://*.google.com https://*.cookiebot.com https://googleads.g.doubleclick.net https://*.clarity.ms https://trkwwtarget.com 1
default-src 'self'; img-src 'self' https: data:; font-src 'self' data: https://fonts.gstatic.com; style-src 'self' https://plus.browsealoud.com https://fonts.googleapis.com 'unsafe-hashes' 'sha256-8Aqs4eG/zPJGyVScQ89Lqaw+nyV9N5FSBa1+ivuXVvU=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-38PFnK2NiSrThcYj9Ag/envqyUZZO/vTyRGDWp/+ZNo=' 'sha256-t57nRXJ7Ko7lwXFldvbvG/Mv5JlBclXdfiHHLVWIh5w=' 'sha256-EL8jqBTPvuD+GN6Gs/WzqxIT1Y+Jk3MbdP0k8AmU3so=' 'sha256-1xi3cK3xQw84y16fEdn4u/ljUuifkQ454AQm5WW5x/g=' 'sha256-ODu/iubRNBLdKwJBQQg8hE+JcJwgH2VZub4r52zedjM=' 'sha256-ONcdN0WXGK71ipqZTLGAJ19HzRvbA+C0xh8wqRL0MiY=' 'sha256-3yFntnQ2cZL8i5pYW9bYwPBvv9cWhTsoIpKSc2Yb6Ro=' 'sha256-Cf4eIFJfoQJG3PA34ttW6Cu6DPDlKLW2a9Gv00Zu3Y8=' 'sha256-v/EWGFHsmauH+umtl8k88yaAMLWCHUyPN4wJjwKHwBA=' 'sha256-nvjLKK85p/rMNqdOkT/GsneYY6eVNbhgv5hPnZCwSgg=' 'sha256-p61vUpC7Try39OaGWFj7g8nhQaLdOMRGVrsArIgA534=' 'sha256-XtbbA99LGWE/Vmf8dCYFs/u+7rujfOk/ArvXMFvXldg=' 'sha256-duBPxAIW5jzACmWT/FWeSa/1goki23ukn2hU/lXnq8w=' 'sha256-/gj5+iyziHCCPd6e3Ayp8GvRElecVqzF8i0l+QgphFU=' 'sha256-mxmIQSSHoG7tG7v5mxBWd0WI/P77RfE1LVUcG83/lwc=' 'sha256-2NCrDBlTU2UrIY+wsGBMXFahhur8bpgRRpg919EW/b8=' 'sha256-l7EMfXov7mjZvJaPAPP5NEMlBnt8bhmKKbr/0JJW6cQ=' 'sha256-nG2cLEBpwzBLEViw6mgSnTXpIVaa2eGb4bPQTgpeGi0=' 'sha256-J2K77Zis8AoCugUuLBY+TlW5aqvZwf0Wvl/tqpUlqSY=' 'sha256-qnVkQSG7pWu17hBhIw0kCpfEB3XGvt0mNRa6+uM6OUU=' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-jPZyQpI7D4ke0fa/phXRncbbLQIiMkuCkTySdu4EzXc=' 'sha256-Zk9cLNdQQ/Umyhiaizt5J0n787CWFNi9zCPWXdJCu2o=' 'sha256-F1xzX61RJYcx4ih8XHYJOKD4RNYgkWgOUsJJJrtQWKk=' 'sha256-+77U+jkH29YheUKUOQCDIJ0jx1lf8CybHy/QOITAQAE=' 'sha256-Rpd1rdyqJdGL2oVB+RohlrMWvcgKajzX/5OSZz22Lzg=' 'sha256-rAMj0m0yhupa7qbPLlBcj/AytSidnYLDXclkSjoW6HY=' 'sha256-VwDW6+mpOXsnDegwVxWj7VZxTqextv4s7ffDYUyajOQ=' 'sha256-Vf2pfcTrza77M8gcs79TjHlIfbe8t9bJxZLtNpGPBh8='; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com https://apis.google.com https://plus.browsealoud.com https://www.browsealoud.com 'sha256-XwQT/PsFMy+rKSB4vlW93i5lrzIRaGmPC3M2D0C3ZKU=' 'sha256-/uW64rV195ppj3/2NYZciKcEKmgRXPXcJy7vHP6bzbY=' 'sha256-s3ClYNFbdcNO0P/IkWH7qnQ2VT4p4DkAl54qLW6zjA8='; object-src 'self'; base-uri 'none'; connect-src 'self' https://en.wikipedia.org/ https://wikisum.texthelp.com https://speechstreamv3-webservices-8.texthelp.com https://www.browsealoud.com https://www.google-analytics.com https://plus.browsealoud.com https://babm.texthelp.com https://*.speechstream.net https://stats.g.doubleclick.net https://browsealoud-webservices-8.texthelp.com https://wiki-summarizer-eu.texthelp.com https://simplify-us.texthelp.com https://browsealoud-webservices-8.texthelp.com https://browsealoud-webservices-eu.texthelp.com; media-src blob: 'self' https://*.speechstream.net; frame-src 'self' https://content.googleapis.com; 1
font-src fonts.googleapis.com fonts.gstatic.com *.useinsider.com *.ads-twitter.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.payfort.com *.facebook.com *.useinsider.com *.omguk.com *.google-analytics.com *.google.it *.tamara.co *.ads-twitter.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://youtu.be *.criteo.com *.snapchat.com *.useinsider.com *.omguk.com *.doubleclick.net *.google-analytics.com *.google.it *.tamara.co *.ads-twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io maps.googleapis.com maps.gstatic.com *.visa.com *.zendesk.com *.google.co.in *.com.sa/west/ *.facebook.com *.facebook.net *.yandex.ru *.doubleclick.net *.criteo.com *.yeldmo.com *.aralego.net *.smaato.net *.bing.com *.pubmatic.com *.mediavine.com *.rlcdn.com *.stickyadstv.com *.bidswitch.net *.adnxs.com *.casalemedia.com *.360yield.com *.media.net *.snapchat.com *.useinsider.com *.omguk.com *.clarity.ms *.yahoo.com *.tamara.co *.ads-twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.youtube.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.visa.com *.mastercard.com *.zendesk.com *.zdassets.com *.zopim.com *.payfort.com *.artfut.com *.facebook.net *.tiktok.com *.criteo.com *.yandex.ru sc-static.net *.go-mpulse.net *.snapchat.com *.useinsider.com *.omguk.com *.yimg.com *.clarity.ms https://webtrafficsource.com *.google-analytics.com *.google.it *.tamara.co *.ads-twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.useinsider.com *.ads-twitter.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.zdassets.com *.payfort.com *.zendesk.com *.snapchat.com *.useinsider.com *.ads-twitter.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.zendesk.com *.zdassets.com *.zopim.com wss://widget-mediator.zopim.com *.payfort.com *.googleapis.com *.doubleclick.net *.tiktok.com *.yandex.ru *.criteo.com *.facebook.com *.go-mpulse.net *.snapchat.com *.akstat.io *.akamaihd.net *.useinsider.com *.omguk.com *.clarity.ms https://webtrafficsource.com *.yimg.com *.google-analytics.com *.google.it *.tamara.co *.ads-twitter.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' welcome.espace.link ; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.calameo.com *.criteo.net *.criteo.com *.fls.doubleclick.net *.pwspace.com *.powerspace.com *.tradelab.fr *.classcroute.com www.youtube.com secureaud.solocpm.com www.linkedin.com cdn.linkedin.oribi.io www.mainadv.com *.tradedoubler.com *.avtm.fr *.ad-srv.net tag.azame.net *.adnxs.com uzerly.net *.adsrvr.org *.mathtag.com *.veoxa.com sk.ht *.sk.ht kx1.co px.ads.linkedin.com sjs.bizographics.com snap.licdn.com *.bing.com connect.facebook.net www.facebook.com fonts.googleapis.com *.g.doubleclick.net tag.statshop.fr *.tracktag.sytsem.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com *.gstatic.com *.google.com *.axept.io; img-src 'self' blob: data: http: https: *.classcroute.com; font-src 'self' data: http: https: fonts.googleapis.com  1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com pghub.io feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; font-src 'self' *.gstatic.com feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com www.google-analytics.com feed.pghub.io ; connect-src 'self' *.algolia.net *.algolianet.com *.google-analytics.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.veiasa.es npmcdn.com *.openstreetmap.org; object-src 'self'; style-src 'self' 'unsafe-inline' *.fontawesome.com *.veiasa.es npmcdn.com; img-src 'self' data: *.veiasa.es *.openstreetmap.org npmcdn.com img.icons8.com; form-action 'self'; media-src 'self'; font-src 'self' *.fontawesome.com; connect-src 'self'; frame-src 'self' intent: www.youtube.com; frame-ancestors 'self' 1
img-src * data:; style-src 'self' 'unsafe-inline' *.readspeaker.com; default-src * blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.youtube.com s.ytimg.com *.usercentrics.eu *.readspeaker.com connect.facebook.net https://*.etracker.com https://*.etracker.de; 1
frame-ancestors 'self' https://marchedufilm.online 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.google.com *.gstatic.com *.doku.com cdnjs.cloudflare.com/ajax/ *.facebook.net/en_US/sdk.js *.googletagmanager.com assets.pinterest.com/js/ *.youtube.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com/ajax/ fonts.googleapis.com dtrust.co.id static.dcloud.co.id *.doku.com; object-src 'none'; base-uri 'self'; connect-src 'self' analytics.google.com *.google.co.id stats.g.doubleclick.net *.dcloud.co.id; font-src 'self' data: fonts.gstatic.com static.dcloud.co.id dtrust.co.id cdnjs.cloudflare.com/ajax/; frame-src 'self' *.youtube.com *.doku.com *.google.com; img-src 'self' *.google.co.id *.google.com dtrust.co.id *.dcloud.co.id secure.gravatar.com *.googleusercontent.com/; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'self' http: https: *.zdassets.com *.zopim.com *.zendesk.com wss://*.zendesk.com wss://*.zopim.com wss://*.hotjar.com *.hotjar.com; script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.drmartens.com.au/ *.adobetm.com *.afterpay.com *.cloudfront.net *.demdex.net *.forter.com *.google-analytics.com *.paypal.com afterpay.com foursixty.com *.contentsquare.net *.useinsider.com *.roymorgan.com; style-src 'self' https: 'unsafe-inline' https://www.drmartens.com.au/ *.adobetm.com foursixty.com; img-src data: http: https: *.google-analytics.com *.ist-track.com *.pinterest.com *.twilio.com *.tiktok.com *.useinsider.com developers.google.com *.zopim.io *.zdassets.com; object-src 'none'; base-uri 'none'; child-src 'self'; media-src http: https: *.twilio.com *.usehero.com; connect-src 'self' http: https: *.adobedc.net *.afterpay.com *.bazaarvoice.com *.braintree-api.com *.braintreegateway.com *.cloudfront.net *.criteo.com *.demdex.net *.forter.com *.foursixty.com *.google-analytics.com *.googleapis.com *.nr-data.net *.paypal.com *.taboola.com *.truefitcorp.com *.twilio.com *.zdassets.com *.zendesk.com *.zopim.com accentgroupxpdev.112.2o7.net afterpay.com analytics.tiktok.com bcp.crwdcntrl.net facebook.com *.contentsquare.net *.roymorgan.com foursixty.com kleber.datatoolscloud.net.au sentry.io smetrics.hypedc.com vimeo.com wss://*.twilio.com wss://widget-mediator.zopim.com wss://cdn0.forter.com api.useinsider.com api.myunidays.com wss://*.hotjar.com *.hotjar.com; font-src data: 'self' fonts.gstatic.com *.truefitcorp.com *.useinsider.com; frame-src 'self' *.formstack.com *.afterpay.com *.bazaarvoice.com *.criteo.com *.criteo.net *.demdex.net *.everesttech.net *.everestjs.net *.doubleclick.net *.facebook.com *.google.com *.hotjar.com *.myunidays.com *.omniparcelreturns.com *.paypal.com *.paypalobjects.com *.truefitcorp.com *.useinsider.com *.vimeo.com *.youtu.be *.youtube.com afterpay.com assets.braintreegateway.com everestjs.net facebook.com foursixty.com google.com player.whooshkaa.com tsdtocl.com vimeo.com wss://*.hotjar.com *.hotjar.com; worker-src 'self' blob: *.accentgra.com *.drmartens.co.nz *.drmartens.com.au; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com *.applicationinsights.io *.googletagmanager.com *.youtube.com *.givit.org.au https://analytics.twitter.com https://static.ads-twitter.com https://www.gstatic.com https://static.ads-twitter.com https://connect.facebook.net https://*.hotjar.com https://*.hotjar.io https://www.google-analytics.com https://*.ewaypayments.com; img-src 'unsafe-inline' https: 'self' data: *.googletagmanager.com *.gstatic.com *.givit.org.au https://www.facebook.com https://analytics.twitter.com https://t.co https://www.google.com https://*.ewaypayments.com https://www.google.com.au https://www.google-analytics.com; style-src 'self' 'unsafe-inline' *.givit.org.au https://fonts.googleapis.com; font-src https: 'unsafe-inline' 'self' data: *.givit.org.au https://fonts.gstatic.com; frame-src 'self' *.recaptcha.net *.youtube.com *.givit.org.au https://www.google.com https://*.ewaypayments.com; connect-src 'self' *.googletagmanager.com *.youtube.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self' https:; upgrade-insecure-requests; 1
object-src 'none'; script-src 'self' 'unsafe-eval' https://consent.cookiebot.com https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com; script-src-attr 'self'; script-src-elem 'self' 'unsafe-inline' https://consent.cookiebot.com https://www.google.com https://www.gstatic.com https://consentcdn.cookiebot.com https://ssl.google-analytics.com https://player.vimeo.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://polyfill.io https://unpkg.com; style-src 'self' 'unsafe-inline' https://fast.fonts.net https://fonts.googleapis.com https://www.gstatic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src-attr 'self' 'unsafe-inline'; frame-ancestors 'self'; report-uri https://www.premier-stores.co.uk/report-uri/enforce 1
default-src 'none'; connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com blob:; font-src 'self'; img-src 'self' http: https: blob: 'unsafe-inline'; media-src 'self' https://cdn.ych.art blob:; script-src 'self' https://www.google-analytics.com https://www.googletagmanager.com 'sha256-xe/OzeYzMoPAN63Uvl2fqORTe+wuNWy8rqc3YiM3JYU=' 'sha256-voqoKUMrcWk2X/6LHQBhCBIQs4jisisGNsDEfGJUI/8='; style-src 'self' 'sha256-Do/Bu2HU9dgvvDDrPWY8Dx/uhsfevl88VmLJzj3Y9kA=' 'sha256-aABiI/f7CrymsdIHtEfU3tqw8H/Dhsbpn5qcRVQmMHE=' 1
default-src 'self' blob: https://*.proceedo.net https://fra-col.eum-appdynamics.com/ https://col.eum-appdynamics.com/ https://*.visma.net https://*.wootric.com https://snowplow.visma.com https://geolocation.onetrust.com/ https://privacyportal-eu.onetrust.com/ https://*.wootric.eu; style-src 'self' https://*.visma.net https://fonts.googleapis.com/ 'unsafe-inline'; script-src 'self' https://tableau.proceedo.net https://cdn.appdynamics.com/ https://*.visma.net https://*.wootric.com 'unsafe-eval' 'unsafe-inline';font-src 'self' https://*.visma.net https://fonts.gstatic.com/ https://font.visma.com data:;img-src * data:; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https:; frame-ancestors 'self'; 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * javascript: data: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline' 1
frame-ancestors 'self' grn-www.boateka.com; 1
default-src 'self' http://public.tableau.com/ https://www.youtube.com/ https://www.onemap.sg/ https://ncss.aichat.site/ https://*.wogaa.sg https://*.demdex.net/ https://cm.everesttech.net/ https://wogadobeanalytics.sc.omtrdc.net https://padlet.com/ https://padlet.com/SocialServiceTribe/TribeAppreciation https://*.vica.gov.sg/; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js 'self' blob: https://assets.adobedtm.com https://www.googletagmanager.com 'unsafe-inline' 'unsafe-eval' *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org cse.google.com code.jquery.com static.addtoany.com *.wogaa.sg va.ecitizen.gov.sg https://public.tableau.com/javascripts/api/viz_v1.js https://ncss.aichat.site https://www.menti.com https://padlet.com/ https://padlet.com/SocialServiceTribe/TribeAppreciation https://*.vica.gov.sg/ https://cdn.jsdelivr.net web-chat.nativechat.com https://dec.azureedge.net; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'self' 'unsafe-inline' https://assets.wogaa.sg https://cdn.insight.sitefinity.com https://dec.azureedge.net va.ecitizen.gov.sg https://ncss.aichat.site/ https://*.vica.gov.sg/ web-chat.nativechat.com; img-src web.facebook.com www.facebook.com data: 'self' fonts.gstatic.com https://assets.wogaa.sg https://s3-us-west-2.amazonaws.com https://va.ecitizen.gov.sg kendo.cdn.telerik.com netdna.bootstrapcdn.com https://ncss.aichat.site/ https://www.ncss.gov.sg/ blob: https://www.google.com.sg/ web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://www.menti.com https://ncss.padlet.org https://www.youtube.com https://www.youtube-nocookie.com https://form.gov.sg https://ncss.aichat.site https://www.onemap.sg https://www.onemap.gov.sg https://public.tableau.com https://padlet.com https://www.gstatic.com/recaptcha https://google.com/recaptcha https://www.google.com/ web-chat.nativechat.com; connect-src accounts.google.com 'self' https://va.ecitizen.gov.sg https://snowplow-web.wogaa.sg https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://dpm.demdex.net https://stats.g.doubleclick.net https://padlet.com/ https://padlet.com/SocialServiceTribe/TribeAppreciation wss://*.vica.gov.sg/ https://*.vica.gov.sg/ https://analytics.google.com *.google-analytics.com; media-src 'self' data: blob: *.gstatic.com https://wogadobeanalytics.sc.omtrdc.net *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com *.eloqua.com track.hubspot.com va.ecitizen.gov.sg https://public.tableau.com/ https://www.google.com https://padlet.net/ https://cm.everesttech.net https://dpm.demdex.net/ https://www.menti.com https://www.ncss.gov.sg/ https://*.vica.gov.sg/; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' https://ncss.aichat.site/ https://form.gov.sg/ https://www.onemap.sg/ https://www.onemap.gov.sg/ https://ncss.padlet.org https://public.tableau.com https://wogaa.demdex.net https://www.menti.com https://padlet.com/ https://padlet.com/SocialServiceTribe/TribeAppreciation web-chat.nativechat.com 1
frame-ancestors 'self' usms.org *.usms.org transtahoerelay.com *.transtahoerelay.com; 1
default-src 'self' * script-src 'self' 'unsafe-eval'  style-src * 'unsafe-inline' data: 1
frame-ancestors 'self' *.iyc.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: gray-robinson.com *.gray-robinson.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com googleapis.com *.googleapis.com gstatic.com *.gstatic.com youtube.com *.youtube.com twitter.com *.twitter.com facebook.com *.facebook.com linkedin.com *.linkedin.com google.com *.google.com microsoft.com *.microsoft.com foundation.zurb.com *.foundation.zurb.com jquery.com *.jquery.com sizzlejs.com *.sizzlejs.com jsperf.com *.jsperf.com cloudguys.com *.cloudguys.com gmail.com *.gmail.com avvo.com *.avvo.com chambersandpartners.com *.chambersandpartners.com superlawyers.com *.superlawyers.com bestlawyers.com *.bestlawyers.com buzzsprout.com *.buzzsprout.com vimeo.com *.vimeo.com vimeocdn.com *.vimeocdn.com sendthisfile.com *.sendthisfile.com citrix.com *.citrix.com webex.com *.webex.com cisco.com *.cisco.com; img-src * 'unsafe-inline' 'unsafe-eval' data: blob:; media-src * data: blob:; 1
script-src 'self' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net 'nonce-xigtmTUfZY' 1
default-src  'self' data: ; img-src      'self' data: 'unsafe-inline' 'unsafe-eval' data: i.ibb.co *.youtube.com beyond.3dnest.biz maps.gstatic.com maps.googleapis.com *.datables.net *.to *.doubleclick.net *.googlesyndication.com *.facebook.com *.doubleclick.net *.googleadservices.com *.facebook.net *.tiktok.com *.google-analytics.com *.google.co.id *.google.com *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.jsdelivr.net *.printfriendly.com *.w.org *.gravatar.com *.vimeocdn.com apis.google.com *.firebaseapp.com *.googleusercontent.com *.gstatic.com cdn.datables.net connect.facebook.net *.pagead2.googlesyndic;  script-src   'self' data: 'unsafe-inline' i.ibb.co beyond.3dnest.biz *.youtube.com *.3dnest.biz *.datables.net  'unsafe-eval' *.to *.doubleclick.net *.googlesyndication.com *.googlesyndication.com *.facebook.com *.doubleclick.net *.googleadservices.com *.facebook.net *.tiktok.com *.google-analytics.com *.google.co.id *.google.com *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.jsdelivr.net *.w.org *.gravatar.com *.googleapis.com *.jsdelivr.net *.printfriendly.com *.kxcdn.com *.vimeocdn.com *.hs-analytics.net *.securitymetrics.com *.google-analytics.com apis.google.com *.firebaseapp.com *.googleusercontent.com *.gstatic.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  style-src    'self' data: 'unsafe-inline'  i.ibb.co beyond.3dnest.biz *.youtube.com *.3dnest.biz *.datables.net  *.to *.doubleclick.net *.googlesyndication.com *.facebook.com *.googlesyndication.com *.doubleclick.net *.googleadservices.com *.facebook.net *.tiktok.com *.google-analytics.com *.google.co.id *.google.com  *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.jsdelivr.net *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.vimeocdn.com apis.google.com *.firebaseapp.com *.googleusercontent.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  font-src     'self' data:  i.ibb.co  beyond.3dnest.biz *.3dnest.biz *.youtube.com *.datables.net  *.to *.doubleclick.net *.googlesyndication.com *.facebook.com *.doubleclick.net *.googlesyndication.com *.googleadservices.com *.facebook.net *.tiktok.com *.google-analytics.com *.google.co.id *.google.com *.cloudflare.com *.googletagmanager.com *.geolocation-db.com *.jsdelivr.net *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com apis.google.com *.firebaseapp.com *.googleusercontent.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  frame-src    'self' data:  i.ibb.co  beyond.3dnest.biz *.3dnest.biz *.youtube.com *.datables.net  *.google.com geolocation-db.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.to *.vimeocdn.com *.vimeo.com apis.google.com *.firebaseapp.com *.googleusercontent.com *.gstatic.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  object-src   'self' data:  i.ibb.co beyond.3dnest.biz *.3dnest.biz *.youtube.com *.googleapis.com *.datables.net  geolocation-db.com *.googlesyndication.com *.doubleclick.net *.facebook.com *.googlesyndication.com *.to apis.google.com *.firebaseapp.com *.googleusercontent.com *.gstatic.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  connect-src   'self' data: i.ibb.co beyond.3dnest.biz *.3dnest.biz *.youtube.com *.pangle-ads.com *.googleapis.com *.gstatic.com  *.datables.net  *.doubleclick.net *.tiktok.com *.google.com *.googlesyndication.com *.google-analytics.com *.googlesyndication.com geolocation-db.com apis.google.com *.firebaseapp.com *.googleusercontent.com cdn.datatables.net connect.facebook.net *.pagead2.googlesyndic;  1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; object-src 'self' blob:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://vran.as; img-src 'self' https: data: blob: https://vran.as; style-src 'self' https://vran.as 'nonce-kcjH5flRulAsENOBDCnymw=='; media-src 'self' https: data: https://vran.as; frame-src 'self' https:; manifest-src 'self' https://vran.as; connect-src 'self' data: blob: https://vran.as https://s3-us-west-1.amazonaws.com wss://vran.as; script-src 'self' https://vran.as; child-src 'self' blob: https://vran.as; worker-src 'self' blob: https://vran.as 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://krilzov.it; img-src 'self' https: data: blob: https://krilzov.it; style-src 'self' https://krilzov.it 'nonce-4m+0XREZxJJwmICDsZ3h4A=='; media-src 'self' https: data: https://krilzov.it; frame-src 'self' https:; manifest-src 'self' https://krilzov.it; form-action 'self'; child-src 'self' blob: https://krilzov.it; worker-src 'self' blob: https://krilzov.it; connect-src 'self' data: blob: https://krilzov.it https://krilzov.it wss://krilzov.it; script-src 'self' https://krilzov.it 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-eb00a582-e669-4417-b39e-87b302b6b17a' https://www.google.com/recaptcha/api.js; 1
default-src 'self' data: https: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://district.bectonhs.org; 1
frame-src https://*.globethics.net https://globethics.net https://www.youtube.com https://vimeo.com; frame-ancestors https://globethics.net https://*.host2.systemseed.com 1
script-src-elem 'unsafe-inline' 'unsafe-eval' http: https:; 1
script-src 'unsafe-eval' 'nonce-MWY0MzI3ZDAtNzJkYi00MDJiLWExMDUtYzBhMmI1NjNmN2Ew' 'strict-dynamic' https: 'unsafe-inline' 'report-sample';style-src https://dffwhj5kcp83b.cloudfront.net https: 'self' 'unsafe-inline' data:; worker-src * blob:; connect-src 'self' https: wss: data: blob:; img-src * data: blob: file:; font-src * data:; object-src 'self'; frame-src * blob:; child-src * blob:; media-src * blob: data:; base-uri 'self'; default-src *; frame-ancestors 'self' *.atlassian.net *.atl-paas.net *.atlassian.com trello.com bitbucket.org; report-uri https://web-security-reports.services.atlassian.com/csp-report/jira-frontend-static-prod 1
frame-ancestors https://*.scg-smartsaleskit.com https://*.scg-wedo.tech https://*.scg.com https://*.ncc-scg.com 1
default-src 'self' https://*.google.com https://auroraener7535.jitterbit.cc ; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google.com https://www.googletagmanager.com/ https://tagmanager.google.com  https://maps.googleapis.com https://www.google-analytics.com https://www.gstatic.com https://*.hsforms.net https://*.hsforms.com https://connect.facebook.net https://www.facebook.com  https://cdn.jsdelivr.net https://unpkg.com https://cdnjs.cloudflare.com https://www.googleadservices.com/pagead/conversion_async.js https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/j/collect https://assets.livehire.com/scripts/ https://www.googleadservices.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com https://www.googletagmanager.com; img-src 'self' data: https://*.gstatic.com/ https://www.google-analytics.com/  https://stats.g.doubleclick.net/ https://*.google.com.au https://*.google.com https://*.hsforms.net https://*.hsforms.com https://www.facebook.com https://scontent.xx.fbcdn.net https://www.facebook.com/tr/ https://cds.taboola.com/ https://maps.googleapis.com; frame-src 'self'  https://www.youtube.com/ https://www.google.com https://www.googletagmanager.com https://preview.livehire.com/ https://www.livehire.com https://td.doubleclick.net; frame-ancestors 'self' https://my.auroraenergy.com.au https://my-prerelease.auroraenergy.com.au https://my-uat.auroraenergy.com.au https://my-sit.auroraenergy.com.au https://my-orange.auroraenergy.com.au https://my-teal.auroraenergy.com.au https://my-blue.auroraenergy.com.au https://wfe-uat1.cloud.auroraenergy.com.au https://wfe-sit1.cloud.auroraenergy.com.au https://wfe-orange.cloud.auroraenergy.com.au https://wfe-teal.cloud.auroraenergy.com.au https://wfe-blue.cloud.auroraenergy.com.au https://wfe-ops.cloud.auroraenergy.com.au https://wfe-pre-staging.cloud.auroraenergy.com.au https://wfe-pre.cloud.auroraenergy.com.au https://wfe-prd-staging.cloud.auroraenergy.com.au; child-src 'self'  https://www.youtube.com/ https://www.google.com; font-src 'self' https://themes.googleusercontent.com data: https://fonts.gstatic.com; connect-src 'self' https://auroraener7535.jitterbit.cc https://rs.fullstory.com/rec/page https://graph.facebook.com https://rs.fullstory.com/rec/bundle https://www.facebook.com https://*.taboola.com/ https://www.google-analytics.com/g/collect https://analytics.google.com/g/ https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://www.google-analytics.com/j/collect https://drupalweb1pst4.z8.web.core.windows.net https://maps.googleapis.com https://stats.g.doubleclick.net 1
default-src: 'self'; style-src: 'self' https://fonts.googleapis.com; font-src: 'self' https://fonts.gstatic.com; 1
default-src 'self'; img-src 'self' data: https://api.alumniportal-deutschland.org *.daad.de *.google-analytics.com *.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.ytimg.com *.daad.com *.alumniportal-deutschland.org; style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; script-src 'self' 'self' *.daad.com *.alumniportal-deutschland.org 'unsafe-inline' http://tagmanager.google.com https://tagmanager.google.com *.google-analytics.com https://ssl.google-analytics.com *.googletagmanager.com player.vimeo.com *.youtube.com 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com data data:;; connect-src 'self' https://api.alumniportal-deutschland.org *.daad.com *.alumniportal-deutschland.org *.google-analytics.com *.googletagmanager.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; media-src *.youtube-nocookie.com *.daad.com *.alumniportal-deutschland.org; frame-src player.vimeo.com *.youtube.com *.youtube-nocookie.com open.spotify.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.uy; img-src 'self' https: data: blob: https://mastodon.uy; style-src 'self' https://mastodon.uy 'nonce-+BPLbwb2Fknb6XZBLkX7/g=='; media-src 'self' https: data: https://mastodon.uy; frame-src 'self' https:; manifest-src 'self' https://mastodon.uy; form-action 'self'; child-src 'self' blob: https://mastodon.uy; worker-src 'self' blob: https://mastodon.uy; connect-src 'self' data: blob: https://mastodon.uy https://mastodon.uy wss://mastodon.uy; script-src 'self' https://mastodon.uy 'wasm-unsafe-eval' 1
connect-src 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com ws://suporte.ciberloja.com:* wss://suporte.ciberloja.com:*; frame-ancestors 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com ; frame-src 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com *.fleeq.io *.mediaservices.windows.net *.metacafe.com *.streaming.azure.net *.vimeo.com *.youtube.com *.youtube-nocookie.com; script-src 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com 'unsafe-inline' 'unsafe-eval' blob: ; style-src 'self' *.ciberloja.pt *.suporte.ciberloja.com suporte.ciberloja.com 'unsafe-inline' fonts.googleapis.com; report-uri /CspReports.ashx 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-UdXR0kIcLfJDpsfigSmobg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
frame-ancestors 'self' http://www.philips.co.za *.philips.com *.philips.co.za https://philipsigtdpv.com 1
upgrade-insecure-requests;               style-src 'self' 'unsafe-inline' *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com;         script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com cdn.cookielaw.org cdn.pricespider.com pghub.io *.pricespider.com cdnjs.cloudflare.com *.mapbox.com feed.pghub.io pandg.tapad.com;         worker-src 'self' blob: feed.pghub.io pandg.tapad.com;         media-src 'self' videos.ctfassets.net feed.pghub.io pandg.tapad.com;         manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com;         font-src 'self' assets.ctfassets.net fonts.gstatic.com data: feed.pghub.io pandg.tapad.com;         frame-ancestors 'none' feed.pghub.io pandg.tapad.com;         frame-src 'self' feed.pghub.io pandg.tapad.com;         img-src 'self' images.ctfassets.net pixel.tapad.com cdn.cookielaw.org *.pricespider.com *.mapbox.com data: feed.pghub.io pandg.tapad.com www.googletagmanager.com;         connect-src 'self' cdn.cookielaw.org *.google-analytics.com *.bazaarvoice.com *.pricespider.com *.mapbox.com feed.pghub.io pandg.tapad.com privacytermsprod.azureedge.net;         base-uri 'none' feed.pghub.io pandg.tapad.com;         default-src 'none' feed.pghub.io pandg.tapad.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.bkk-dachverband.de https://stats.bkk-dachverband.de https://www.ims-cms.net; font-src 'self'; style-src 'self' 'unsafe-inline' https://www.bkk-dachverband.de ; img-src 'self' data: https://www.bkk-dachverband.de https://stats.bkk-dachverband.de; frame-src 'self' https://app.powerbi.com https://www.youtube-nocookie.com https://player.vimeo.com https://www.ims-cms.net; connect-src 'self' https://www.bkk-dachverband.de https://stats.bkk-dachverband.de https://www.ims-cms.net; media-src 'self'; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' *.lytics.io feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; media-src 'self' data: videos.ctfassets.net feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org cdn.segment.com script.crazyegg.com pghub.io *.lytics.io feed.pghub.io pandg.tapad.com ; font-src 'self' data: feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' feed.pghub.io pandg.tapad.com ; img-src 'self' data: images.ctfassets.net pixel.tapad.com *.lytics.io cdn.cookielaw.org feed.pghub.io pandg.tapad.com ; connect-src 'self' cdn.cookielaw.org match.adsrvr.org *.crazyegg.com cdn.segment.com api.segment.io *.google-analytics.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://twitter.com http://twitter.com http://*.twitter.com https://*.twitter.com https://oss.maxcdn.com https://cdn.syndication.twimg.com http://cdn.syndication.twimg.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com http://*.googleapis.com http://localhost:5000 http://localhost:5001 https://*.beykoz.bel.tr/test https://beykoz.bel.tr/test https://beykoz.bel.tr https://*.googleapis.com https://code.jquery.com https://cdn.jsdelivr.net https://maps.googleapis.com; style-src 'self' 'unsafe-inline' https://twitter.com http://twitter.com https://*.twitter.com http://*.twitter.com https://*.googleapis.com http://*.googleapis.com http://maps.googleapis.com https://maps.googleapis.com http://*.beykoz.bel.tr:8081 http://localhost:5000 http://localhost:5001 https://*.beykoz.bel.tr/test https://beykoz.bel.tr/test https://beykoz.bel.tr https://*.beykoz.bel.tr:8081 https://cdn.jsdelivr.net; img-src 'self' 'unsafe-inline' http://*.beykoz.bel.tr https://*.beykoz.bel.tr https://*.googleapis.com https://*.twimg.com http://*.twimg.com https://www.google-analytics.com http://www.google-analytics.com data: https://stats.g.doubleclick.net http://stats.g.doubleclick.net http://*.twitter.com https://*.twitter.com http://twitter.com https://twitter.com https://google.com http://google.com https://google.com.tr http://google.com.tr https://www.google.com.tr http://wwww.google.com.tr https://www.googletagmanager.com http://www.googletagmanager.com https://openweathermap.org http://openweathermap.org http://*.google.com http://*.beykoz.bel.tr:8081 http://localhost:5000 http://localhost:5001 https://beykoz.bel.tr/test https://*.beykoz.bel.tr/test https://beykoz.bel.tr https://*.beykoz.bel.tr:8081; font-src 'self' 'unsafe-inline' http://*.googleapis.com http://*.gstatic.com https://*.googleapis.com http://localhost:5000 http://localhost:5001 https://*.beykoz.bel.tr/test https://beykoz.bel.tr/test https://*.gstatic.com; media-src 'self' 'unsafe-inline' http://*.beykoz.bel.tr:8081 https://*.beykoz.bel.tr:8081 https://*.beykoz.bel.tr/test http://*.beykoz.bel.tr http://localhost:5000 http://localhost:5001 https://beykoz.bel.tr/test https://*.beykoz.bel.tr/test https://beykoz.bel.tr https://*.beykoz.bel.tr; frame-src 'self' 'unsafe-inline' http://*.beykoz.bel.tr:8081 https://*.beykoz.bel.tr:8081 https://*.beykoz.bel.tr/test http://*.beykoz.bel.tr https://beykoz.bel.tr/test https://*.beykoz.bel.tr/test https://beykoz.bel.tr https://www.beykoz.bel.tr https://*.beykoz.bel.tr https://*.twitter.com https://*.google.com https://*.youtube.com; object-src 'self' data: 'unsafe-eval'; base-uri 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  cookie-cdn.cookiepro.com cdn.matomo.cloud www.googletagmanager.com www.google-analytics.com cdnjs.cloudflare.com *.youtube.com cdn.jsdelivr.net unpkg.com d8ejoa1fys2rk.cloudfront.net *.hsforms.net *.hs-scripts.com  *.hs-banner.com *.hubspot.com *.hsadspixel.net *.hs-analytics.net connect.facebook.net static.hotjar.com *.matomo.cloud *.hotjar.com googleads.g.doubleclick.net *.licdn.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com cdn.jsdelivr.net d8ejoa1fys2rk.cloudfront.net; img-src 'self' data: *.google-analytics.com *.googletagmanager.com d2csxpduxe849s.cloudfront.net *.hsforms.com *.hubspot.com cookie-cdn.cookiepro.com www.facebook.com vandemoortele.getbynder.com www.google.com www.google.es www.google.at www.google.it www.google.de www.google.fr www.google.se vandemoortele.matomo.cloud www.google.be px.ads.linkedin.com adservice.google.com www.google.pl www.google.cl *g.doubleclick.net pubads.g.doubleclick.net *amazonaws.com; media-src 'self'; frame-src 'self' *.youtube.com td.doubleclick.net; font-src 'self' d8ejoa1fys2rk.cloudfront.net; connect-src 'self' data: cookie-cdn.cookiepro.com vandemoortele.matomo.cloud *.google-analytics.com *.googlesyndication.com *.onetrust.com d8ejoa1fys2rk.cloudfront.net *.bynder.cloud dams.vandemoortele.com *.hsforms.com *.hubapi.com *.hubspot.com privacyportal.cookiepro.com stats.g.doubleclick.net vc.hotjar.io www.google.com google.com www.google.be google.be px.ads.linkedin.com adservice.google.com www.facebook.com cdnjs.cloudflare.com region1.analytics.google.com analytics.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
upgrade-insecure-requests; style-src 'self' 'unsafe-inline' *.lytics.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com www.google-analytics.com cdn.cookielaw.org script.crazyegg.com maps.googleapis.com connect.facebook.net *.doubleclick.net cdn.segment.com pghub.io *.lytics.io www.youtube.com; font-src 'self' data:; frame-src 'self' *.doubleclick.net consumersupport.pg.com feed.pghub.io www.youtube-nocookie.com; img-src 'self' data: images.ctfassets.net pixel.tapad.com *.doubleclick.net cdn.cookielaw.org www.facebook.com www.googletagmanager.com *.lytics.io *.ytimg.com *.cloudinary.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; connect-src 'self' *.google-analytics.com *.contentful.com cdn.cookielaw.org script.crazyegg.com maps.googleapis.com *.googlesyndication.com *.analytics.google.com *.adsrvr.org cdn.segment.com api.segment.io *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat; default-src 'none'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; object-src 'none'; 1
default-src 'self' cdn.flooringstores.com; connect-src 'self' o1144996.ingest.sentry.io *.broadlu.me *.tatami.broadlu.me *.floorforcecomplete.com www.facebook.com www.google-analytics.com stats.g.doubleclick.net gtm-pwp75m5-ztyym.uc.r.appspot.com *.mouseflow.com maps.googleapis.com storage.googleapis.com/www-upload-cache/ api.cloudinary.com/v1_1/flooringstores/image/upload respondent.survicate.com/workspaces/; font-src 'self' data: use.typekit.net fonts.typekit.net fonts.gstatic.com surveys-static.survicate.com/; form-action 'self' www.facebook.com/tr; frame-src 'self' www.googletagmanager.com/ns.html www.facebook.com bid.g.doubleclick.net/ beta.viz.broadlu.me viz.broadlu.me; img-src 'self' data: https: blob: www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.facebook.com; media-src 'self' storage.googleapis.com/www-store/ res.cloudinary.com/flooringstores/ cdn.flooringstores.com/cloudinary/ cdn.flooringstores.com/demo/; object-src 'none'; script-src 'self' o1144996.ingest.sentry.io www.gstatic.com 'unsafe-inline' googleads.g.doubleclick.net www.google.com/ads/user-list www.google.XYX/ads/user-list bid.g.doubleclick.net www.googleadservices.com www.googletagmanager.com unpkg.com/web-vitals/dist tagmanager.google.com www.floorlytics.broadlu.me connect.facebook.net www.google-analytics.com www.google.com *.mouseflow.com maps.googleapis.com cdn.jsdelivr.net survey.survicate.com/workspaces/ surveys-static.survicate.com/ cdn.dhq.technology beta.viz.broadlu.me viz.broadlu.me dev.visualwebsiteoptimizer.com; style-src 'self' p.typekit.net use.typekit.net fonts.googleapis.com www.googletagmanager.com tagmanager.google.com cdn.jsdelivr.net 'unsafe-inline' surveys-static.survicate.com/; report-uri https://o1144996.ingest.sentry.io/api/6308980/security/?sentry_key=7a9963eee2c742dda5cf1e686304bf3f&sentry_environment=production&sentry_release=d70730751c57546ea7d8f3d4eab93e1e1101b050 1
frame-ancestors 'self' *.madwin.at *.madwin.be *.madwin.ca *.madwin.ch *.madwin.cn *.madwin.co.uk *.madwin.com *.madwin.com.au *.madwin.de.com *.madwin.es *.madwin.fi *.madwin.gr *.madwin.it *.madwin.jp *.madwin.lu *.madwin.nl *.madwin.pt *.madwin.ru *.madwin.se support.madwin.com 1
default-src 'self' ; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' *.entel.cl *.ampproject.org *.cliengo.com *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.en.tel *.adnxs.com *.doubleclick.net *.rfihub.com *.digitalbeat.cl *.vimeo.com *.facebook.net *.google.com *.googleapis.com *.googletagmanager.com *.googleoptimize.com *.qualtrics.com *.cloudfront.net *.google-analytics.com *.youtube.com https://tagmanager.google.com https://googleads.g.doubleclick.net https://cdn.cookielaw.org/ https://api.onesignal.com https://ws01.a365.com.pe:5443 https://ad.soicos.com https://api.instanda.us https://widget.ocularsolution.com https://cdn.jsdelivr.net/npm/axios/dist/axios.min.js https://entel.sistemaimpulsa.com https://cdn.mouseflow.com https://cdnjs.cloudflare.com https://ajax.cloudflare.com/cdn-cgi/scripts/04b3eb47/cloudflare-static/mirage2.min.js https://ds-aksb-a.akamaihd.net/aksb.min.js https://front.optimonk.com/public/122144/js/preload.js https://gs-cdn.optimonk.com/jfclientsdk/latest/jfclientsdk.min.js https://hit.uptrendsdata.com/rum.min.js https://sslwidget.criteo.com/event https://static.criteo.net/js/ld/ld.js https://unpkg.com https://diffuser-cdn.app-us1.com/diffuser/diffuser.js https://entel.sistemaimpulsa.com/catchform-oportunidades.js https://js.hs-analytics.net/ https://js.hs-banner.com/6758175.js https://js.hs-scripts.com/6758175.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://prism.app-us1.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://tpc.googlesyndication.com/sodar/1s9mPOHO.js https://track.neianalytics.com/piwik.js https://trackcmp.net/t_prism_sitemessages.php https://www.googleadservices.com https://apiexternaluat.entel.cl/auth/oauth/v2/token https://apiexternaluat.entel.cl/common/event/v2/clicktoCall/publish https://personalizacion-apis-dot-api-project-307770427626.uc.r.appspot.com wss://claudia-bff-web-production.lisstaylor.net/ https://snap.licdn.com/ https://www.gstatic.com https://smtpjs.com/v3/smtp.js https://polyfill.io/v3/polyfill.min.js https://code.jquery.com/jquery-3.5.1.min.js https://use.fontawesome.com/releases/v5.0.6/js/all.js https://www.google-analytics.com/analytics.js https://embedded-files.tryadviser.com https://cloudfront.barilliance.com/entel.cl https://cloudfront.barilliance.com/entel.cl/cbar.js.php https://www.barilliance.net https://static.barilliance.com/web-push/service-worker.js https://assets.videsk.io https://api.telegram.org https://www.google.cl http://js.hsforms.net/forms/v2.js https://js.hsadspixel.net/fb.js https://js.hsleadflows.net/leadflows.js https://hcaptcha.com *.ocularsolution.com *.run.app https://header-menu-widget-bundle-zz66vo2nua-tl.a.run.app/bundle.js https://www.googleoptimize.com/optimize.js https://cdn.alive.haus/ https://api-events.alive.haus/ https://www.liveentel.cl/ https://site.golive.haus/ https://*.maze.co/ https://tags.tiqcdn.com/libs/tealiumjs/latest/tealium_collect.min.js https://tags.tiqcdn.com/shared/tms/ *.bing.com https://analytics.tiktok.com/ https://gr-app1-test.app-stage.digitalretail.vodafone.com/guidedSelling.js https://gr-app1-test.app-stage.digitalretail.vodafone.com/env.js https://entel.cdn.modyo.com ; style-src 'unsafe-inline' 'report-sample' 'self' *.digitalbeat.cl *.google.com *.googletagmanager.com *.entel.cl *.en.tel *.entelcc.cl:9001 *.entelcc.cl *.onesignal.com *.doubleclick.net https://tagmanager.google.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://embedded-files.tryadviser.com https://assets.videsk.io *.ocularsolution.com https://www.barilliance.net https://*.maze.co/ *.bing.com https://gr-app1-test.app-stage.digitalretail.vodafone.com/guidedSelling.css https://entel.cdn.modyo.com ; font-src 'self' 'unsafe-inline' data: *.entel.cl *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.doubleclick.net *.en.tel https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css https://*.maze.co/ https://gr-app1-test.app-stage.digitalretail.vodafone.com/static/media/ https://gr-app1-test.app-stage.digitalretail.vodafone.com/assets/ws10/fonts/ https://db.onlinewebfonts.com/t/ https://entel.cdn.modyo.com ; object-src 'self' ; base-uri 'self' ; connect-src 'self' *.entel.cl *.digitalbeat.cl *.entelcc.cl:9001 *.entelcc.cl *.onesignal.com *.doubleclick.net *.rfihub.com *.zendesk.com *.en.tel *.onetrust.com https://notifications-icommkt.com https://track-icommkt.com https://connect.facebook.net https://graph.instagram.com/ wss://olivia-bff-web-production.coffeew.net https://entel.sistemaimpulsa.com https://api.hsforms.com https://ws01.a365.com.pe:5443 *.google.com *.google.cl *.googleapis.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net https://api.instanda.us https://content-sheets.googleapis.com https://corsanywhereentel.herokuapp.com https://corsanywhereentel-dot-entel-vm-md-run.rj.r.appspot.com https://entel-vm-md-ct.rj.r.appspot.com https://front.optimonk.com https://hit.uptrendsdata.com https://jfapiprod.optimonk.com https://n2.mouseflow.com https://54.94.191.152 *.qualtrics.com https://api.hubapi.com https://entel-flujo-unificado-logs-prd.herokuapp.com https://entel-texting2.herokuapp.com https://forms.hubspot.com https://hooks.zapier.com http://200.27.23.102/Test_WF_ENTEL6/WebServices/WorkflowEngineSOA.asmx https://apiexternaluat.entel.cl/auth/oauth/v2/token https://apiexternaluat.entel.cl/common/event/v2/clicktoCall/publish https://personalizacion-apis-dot-api-project-307770427626.uc.r.appspot.com wss://claudia-bff-web-production.lisstaylor.net https://cdn.ampproject.org https://gcs-storage.airavirtual.com https://track-icommkt.com https://portal.cci-entel.cl https://eccnetserver.entelcallcenter.cl https://vssnippets-deployer-dot-entel-vm-md.uc.r.appspot.com/ https://vssnippets-deployer-dot-entel-vm-md-run.uc.r.appspot.com/ https://cdn.cookielaw.org/ https://api.videsk.io wss://api.videsk.io https://api.telegram.org https://www.google.cl https://api.hubapi.com https://forms.hsforms.com https://us-central1-entel-vm-md-run.cloudfunctions.net/ *.ocularsolution.com https://js.hs-banner.com https://cdn.alive.haus/ https://api-events.alive.haus https://www.liveentel.cl/ https://site.golive.haus/ https://api.ipify.org https://api-ip-entel.herokuapp.com https://www.barilliance.net https://*.maze.co/ https://prompts.maze.co/ https://graph.microsoft.com/ https://mindicador.cl/api/uf https://fonts.gstatic.com/ https://www.gstatic.com/ https://www.googleoptimize.com https://cdn.mouseflow.com/ https://www.youtube.com/iframe_api https://collect.tealiumiq.com/entel/ https://lh3.googleusercontent.com/ https://analytics.tiktok.com/ https://app-builder.app-stage.digitalretail.vodafone.com/api/ https://r10-test.digitalretail.vodafone.com/opw-middleware/ https://gr-app1-test.app-stage.digitalretail.vodafone.com/assets/ws10/ https://entel.cdn.modyo.com https://gateway.zscalertwo.net ; frame-src 'self' *.entel.cl *.ocularsolution.com *.doubleclick.net *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.rfihub.com *.vimeo.com https://entel-vm-md.firebaseapp.com https://entel-vm-md-run.firebaseapp.com/ https://individeo.com/ *.google.com *.digitalbeat.cl *.en.tel *.ventastecnicas.cl *.qualtrics.com https://bid.g.doubleclick.net https://gum.criteo.com https://www.youtube.com https://digitalcorp.cl/ https://eccnetserver.entelcallcenter.cl https://entelfidelizacion.cl https://lw.cliengo.com https://www.youtube-nocookie.com https://www.facebook.com https://entelchile.speedtestcustom.com https://qaentel.autoasegurado.cl https://amp-publisher-samples-staging.herokuapp.com https://www.entel.cl/tiendas/totalpack https://entelagenda.totalpack.cl https://entelecommerce.speedtestcustom.com https://entel.tryadviser.com https://forms.hsforms.com https://bop-tde.brightstar.com/ https://alb-alive-1021733634.us-west-2.elb.amazonaws.com/ https://cdn.alive.haus/ https://api-events.alive.haus https://www.liveentel.cl/ https://site.golive.haus/ https://www.barilliance.net https://bop-tde.brightcell-logistics.com https://gateway.zscalertwo.net bytedance: sslocal: ; frame-ancestors 'self' https://miperfil.entel.cl https://miportal.entel.cl https://bop-tde.brightcell-logistics.com/ ; img-src 'self' data: *.entel.cl *.digitalbeat.cl *.rfihub.com *.doubleclick.net *.onesignal.com *.cliengo.com *.adnxs.com *.entelcc.cl:9001 *.entelcc.cl *.en.tel *.googleusercontent.com *.ocularsolution.com *.qualtrics.com https://clients1.google.com https://ds-aksb-a.akamaihd.net https://maps.googleapis.com *.google-analytics.com *.google.cl *.google.com *.google.com.br *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://ade.googlesyndication.com https://ssl.gstatic.com https://www.gstatic.com https://maps.gstatic.com https://www.facebook.com https://connect.facebook.net https://scontent.cdninstagram.com https://graph.instagram.com https://pixel-rmk.blueknow.com http://testentel.i2b.cl https://f.hubspotusercontent20.net https://i.ytimg.com https://px.ads.linkedin.com https://track.hubspot.com https://track.neianalytics.com https://p.adsymptotic.com https://pixel.rubiconproject.com https://ad.soicos.com/conv.php https://www.linkedin.com/px/li_sync https://maps.google.com https://embedded-files.tryadviser.com https://cdn.cookielaw.org https://assets.videsk.io https://videsk.io *.barilliance.com https://bimgs.s3.amazonaws.com *.hubspotusercontent-na1.net https://firebasestorage.googleapis.com *.googleapis.com https://www.barilliance.net https://*.maze.co/ https://storage.cloud.google.com *.bing.com https://analytics.tiktok.com/ https://gr-app1-test.app-stage.digitalretail.vodafone.com https://admin-portal-media-bucket-prod.s3.eu-central-1.amazonaws.com https://entel.cdn.modyo.com ; manifest-src 'self' ; media-src 'self' *.entel.cl *.vimeo.com *.onesignal.com *.entelcc.cl:9001 *.entelcc.cl *.doubleclick.net *.en.tel https://www.entel.cl https://entel.cl https://vod-progressive.akamaized.net *.ocularsolution.com https://www.barilliance.net https://entel.cdn.modyo.com ; worker-src 'self' https://www.entel.cl/public/js/importer.js https://d196nughcth94f.cloudfront.net/service-worker_icomm.js https://notifications-icommkt.com https://track-icommkt.com https://www.barilliance.net https://www.entel.cl/* blob: ; upgrade-insecure-requests; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-prmykDb50YiFS34u/mUwOuAIuaq80IAoOtOWxjku7p7+9ai1' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://polyfill.io; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.6b6t.org wss://trackbackend.6b6t.org/socket https://trackbackend.6b6t.org https://discord.com https://mcapi.us https://getform.io https://verifybackend.6b6t.org https://challenges.cloudflare.com https://polyfill.io; font-src 'self'; frame-src 'self' https://challenges.cloudflare.com; img-src 'self' data:; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' www.tcgms.net *.googletagmanager.com *.google.com *.google-analytics.com cdn.jsdelivr.net *.cookiebot.com *.teamtailor-cdn.com *.facebook.net *.bokabord.se; object-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com fonts.googleapis.com cdn.jsdelivr.net www.bokabord.se; img-src 'self' data: *.google.com *.youtube.com *.facebook.com *.vimeo.com  *.vimeocdn.com *.grandhotel.se *.google.se *.google-analytics.com; media-src 'self' blob:; frame-src 'self' mail.grandhotel.se www.tcgms.net  *.google.com *.youtube.com *.facebook.com *.vimeo.com *.vimeocdn.com *.cookiebot.com *.waiteraid.com; frame-ancestors 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; child-src 'self' *.google.com *.youtube.com *.facebook.com *.vimeo.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' https://*.grandhotel.se https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com *.cookiebot.com *.teamtailor.com *.doubleclick.net; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-nrCJR3vzyrzI36z44wBwlk105IBtVzGpRLbPcitzO9NPccko' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-10A50552CE94967F6B467FD167AF2DE5' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-10A50552CE94967F6B467FD167AF2DE5'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.seniorengeluk.nl/API/Site/CspReport 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NWJlNDg0ZjA0ZGZmNDQ5NWI0MWJmNWE2YzA1YjdiNjI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.euthanasiecommissie.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.euthanasiecommissie.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.euthanasiecommissie.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' *.dynatrace.com; media-src 'self' *.sweco.com *.sweco.fr *.sweco.de *.sweco.es; img-src 'self' data: *.google-analytics.com *.googletagmanager.com *.bing.com *.ensighten.com *.choozle.com * *.adsrvr.org *.sweco.com *.sweco.fr *.sweco.de *.sweco.es; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com *.google.com *.bing.com *.ensighten.com *.choozle.com *.adsrvr.com *.cookielaw.org; script-src-elem 'self' 'unsafe-inline' *.google.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.bing.com *.ensighten.com *.choozle.com *.adsrvr.org *.cookielaw.org; style-src 'self' 'unsafe-inline' *.sweco.com *.sweco.fr *.sweco.de *.sweco.es; frame-src 'self' *.google.com *.youtube.com *.adsrvr.org *.cloudfront.net; object-src 'self' *.sweco.com *.sweco.fr *.sweco.de *.sweco.es; connect-src 'self' *.dynatrace.com *.google-analytics.com *.googletagmanager.com *.google.com *.cookielaw.org *.onetrust.com; 1
default-src 'self';    img-src * data:;    media-src 'self' youtube.com *.youtube.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cop-cv.org *.cookiefirst.com translate.google.com translate.googleapis.com translate-pa.googleapis.com ajax.googleapis.com platform.twitter.com cdn.syndication.twimg.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com *.addthis.com https://unpkg.com/leaflet@1.9.4/dist/leaflet.js player.vimeo.com;    style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com www.gstatic.com consent.cookiefirst.com https://unpkg.com/leaflet@1.9.4/dist/leaflet.css;    font-src 'self' use.fontawesome.com fonts.gstatic.com;    connect-src 'self' wss://127.0.0.1:* dnie.cop-cv.org translate.googleapis.com www.youtube.com api.cookiefirst.com consent.cookiefirst.com edge.cookiefirst.com *.google-analytics.com stats.g.doubleclick.net vimeo.com;    frame-src 'self' *.cop-cv.org www.youtube.com platform.twitter.com syndication.twitter.com www.google.com vimeo.com player.vimeo.com; 1
font-src 'self' https://fonts.gstatic.com; frame-ancestors 'self' https://www.siteone.cz/ https://www.siteone.at/ https://www.siteone.io/ 1
default-src 'self' 'unsafe-inline'; img-src https://* 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' via.placeholder.com *.linkedin.com *.licdn.com *.google.com *.gstatic.com *.googleapis.com *.cloudfront.net *.google-analytics.com *.msecnd.net *.youtube.com *.vimeo.com *.vimeocdn.com *.cdn.net *.facebook.net *.facebook.com *.umbraco.org *.umbraco.com *.googletagmanager.com *.pardot.com *.reachmee.com *.e-space.se *.clarity.ms *.google.se *.b-cdn.net *.akamaihd.net *.wistia.com *.pingdom.net *.doubleclick.net *.bootstrapcdn.com *.jquery.com *.cloudflare.com *.jsdelivr.net *.ytimg.com *.hotjar.com *.mynewsdesk.com *.raysearchlabs.com *.leadoo.com *.bing.com *.aptrinsic.com *.highcharts.com *.issuu.com *.workbuster.com *.azure.com *.kenedict.com about: blob:; connect-src 'self' ws://*.com ws://*.se *.akamaihd.net *.wistia.com *.litix.io *.google-analytics.com *.visualstudio.com *.pingdom.net *.umbraco.org *.umbraco.com *.doubleclick.net *.leadoo.com *.oribi.io *.google.com *.hotjar.com *.hotjar.io *.googleapis.com *.clarity.ms *.aptrinsic.com *.cision.com; media-src 'self' blob: *.ibinder.com *.akamaihd.net *.hotjar.com *.hotjar.io *.wistia.com *.b-cdn.net *.leadoo.com; worker-src https: blob:; 1
report-uri https://petrostar.com 1
default-src 'none'; media-src 'self' blob: https://cdn.getwhelp.com https://widget.whelp.co https://widget-api.whelp.co wss://socket.whelp.co https://app.getbeamer.com https://widget.whelp.co; script-src 'self' https://snap.licdn.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com www.google-analytics.com resource://* http://static.hotjar.com http://static.hotjar.io https://static.hotjar.com https://static.hotjar.io https://script.hotjar.com https://script.hotjar.io 'unsafe-eval' 'unsafe-inline' https://*.getbeamer.com https://*.instana.io https://*.getwhelp.com https://widget.whelp.co https://widget-api.whelp.co https://*.pashabank.az wss://socket.whelp.co; connect-src 'self' http://*.hotjar.com:* http://*.hotjar.io:* https://*.hotjar.com:* https://*.hotjar.io:* https://vc.hotjar.io:* wss://pashabank.digital wss://*.hotjar.com wss://*.hotjar.io https://*.twilio.com wss://*.twilio.com www.google-analytics.com https://*.getbeamer.com https://*.instana.io https://*.getwhelp.com/ wss://*.getwhelp.com wss://widget-server.whelp.co https://widget-api.whelp.co https://*.pashabank.az wss://socket.whelp.co https://analytics.google.com wss://ib.pashabank.az https://google.com; img-src 'self' blob: data: https://p.adsymptotic.com https://px.ads.linkedin.com https://www.google.com https://www.google.az https://www.facebook.com https://stats.g.doubleclick.net www.google-analytics.com data: 'self' https://script.hotjar.com https://script.hotjar.io http://script.hotjar.com http://script.hotjar.io https://twemoji.maxcdn.com https://*.getbeamer.com https://*.getwhelp.com https://widget.whelp.co https://analytics.google.com https://www.googletagmanager.com https://cdn.whelp.co; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.getbeamer.com https://*.getwhelp.com; font-src 'self' https://widget.whelp.co http://script.hotjar.com http://script.hotjar.io https://script.hotjar.com https://script.hotjar.io https://app.getbeamer.com https://fonts.gstatic.com data:; frame-src 'self' https://www.facebook.com https://vars.hotjar.com https://vars.hotjar.io https://*.pashabank.az https://*.getbeamer.com https://*.getwhelp.com https://www.youtube-nocookie.com https://ecomm.pashabank.az:8463 https://3dsecure.pashabank.az https://3ds2.kapitalbank.az https://acs.3dsecure.az https://internal-albprod.pashabank.digital https://*.pashabank.az; child-src https://vars.hotjar.com https://vars.hotjar.io; manifest-src 'self'; object-src 'self' blob: 'self'; report-uri https://sentry.pashabank.az/api/3/security/?sentry_key=b622d105a8df4df1aa75e40cb5686a5c; frame-ancestors 'none'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NzIwYWU0ZjUwODQ0NGVhYmJmZjk0ODZhYmRjNjY5ZDc=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.farmatec.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.farmatec.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.farmatec.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-src https://app.hubspot.com https://orionvm-com.hs-sites.com https://www.google.com 'self'; 1
default-src 'self'; frame-ancestors https://*.greenwheels.com ; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; worker-src 'self' blob: 1
default-src 'none' ; frame-ancestors 'self'; frame-src 'self' https: 'unsafe-inline' *.worldpay.com; connect-src https: data: 'self' *.worldpay.com; font-src 'self' d3e85ikkjrhqme.cloudfront.net *.typekit.net fonts.gstatic.com *.juicer.io; object-src 'self'; img-src 'self' data: *.facebook.com *.google.com *.google.ie *.google.je *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.cookiescan.com *.juicer.io juicer.io; media-src 'self' data: *.juicer.io juicer.io; style-src 'unsafe-inline' https: *.typekit.net d3e85ikkjrhqme.cloudfront.net 'self' ;form-action 'self' https: ; base-uri 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.worldpay.com *.juicer.io googleads.g.doubleclick.net *.google.com *.gstatic.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com googletagmanager.com *.vimeo.com *.youtube.com *.googleapis.com connect.facebook.net *.cookiescan.com cookiescan.azureedge.net 1
frame-ancestors https://*.ionos.com https://*.ionos.at https://*.ionos.co.uk https://*.ionos.de https://*.ionos.es https://*.ionos.fr https://*.ionos.it https://*.ionos.ca https://*.ionos.mx https://*.ionos.us https://*.website-editor.net https://*.mywebsite-editor.com www.hempine.co.uk 1
default-src 'self' 'unsafe-inline' https://fonts.gstatic.com 1
frame-ancestors *.poshvine.com 1
"frame-ancestors 'self' https://www.buonalavita.it;" 1
frame-ancestors 'self' https://*.unige.it 1
frame-ancestors 'self' http://academy.editshare.com https://academy.editshare.com 1
script-src 'self' https://login.master-builders-solutions.com 'unsafe-eval' 'unsafe-inline' https:; object-src 'self'; base-uri 'self'; 1
default-src 'self' *.google.com *.google-analytics.com *.doubleclick.net *.commerce-connector.com cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; script-src 'self' 'unsafe-inline' 'unsafe-eval' cookiehub.net *.cookiehub.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net polyfill.io *.commerce-connector.com *.store-connector.com *.onlyfy.jobs *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; style-src 'self' 'unsafe-inline' cookiehub.net *.cookiehub.net *.commerce-connector.com *.facebook.com *.facebook.net usercentrics.eu *.usercentrics.eu; img-src * 'self' data: https:; frame-src *.youtube.com *.youtu.be *.youtube-nocookie.com *.sigel-office.com *.doubleclick.net *.commerce-connector.com *.store-connector.com *.onlyfy.jobs *.facebook.com *.facebook.net usercentrics.eu app.usercentrics.eu *.usercentrics.eu; font-src 'self' *.gstatic.com *.commerce-connector.com; connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net *.commerce-connector.com cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net usercentrics.eu *.usercentrics.eu; report-uri /report-csp-violation 1
frame-ancestors 'self'; img-src 'self' https://cdn.snapschedule.com https://*.snapschedule365.com https://app.snapschedule365.com https://app-us1.snapschedule365.com https://app-uk1.snapschedule365.com https://app-au1.snapschedule365.com https://app.snapschedule365.us; object-src 'self' https://app.snapschedule365.com https://app-us1.snapschedule365.com https://app-uk1.snapschedule365.com https://app-au1.snapschedule365.com https://app.snapschedule365.us; 1
default-src 'self' *.google-analytics.com data: gap: idele.matomo.cloud 'unsafe-inline' 'unsafe-eval'; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; frame-src 'self' www.google.com player.vimeo.com *.soundcloud.com *.tubedu.org tubedu.org *.slideshare.net *.youtube.com view.genial.ly *.dailymotion.com *.youtube-nocookie.com *.myadvent.net adventmyfriend.com *.jwplayer.com video.terre-net.fr; style-src 'self' use.typekit.net cdn.tarteaucitron.io fonts.googleapis.com p.typekit.net s3.amazonaws.com cdn.icomoon.io 'unsafe-inline'; font-src 'self' use.typekit.net s3.amazonaws.com fonts.gstatic.com cdn.icomoon.io; img-src 'self' data: *.ytimg.com tarteaucitron.io; upgrade-insecure-requests 1
default-src https: ws: data: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' *.youtube.com *.googleapis.com *.googletagmanager.com 'nonce-h3p0nedheil4pkPGUJtra4Wi2F3W_sXK'; media-src 'self' *.googleapis.com; connect-src 'self' *.google-analytics.com *.google.com *.gstatic.com *.googletagmanager.com; frame-src *.google.com *.youtube.com *.culturalspot.org *.appspot.com; style-src 'self' *.googleapis.com *.gstatic.com 'unsafe-inline'; script-src-elem 'self' *.google.com *.gstatic.com *.youtube.com *.google-analytics.com *.googleapis.com *.googletagmanager.com 'nonce-h3p0nedheil4pkPGUJtra4Wi2F3W_sXK'; font-src 'self' *.gstatic.com; img-src 'self' data: blob: *.googleapis.com *.ytimg.com *.ggpht.com *.googleusercontent.com *.googletagmanager.com 1
default-src https: *.nationalgypsum.com *.goldbondbuilding.com *.proformfinishing.com *.permabase.com *.askforpurple.com *.bugsnag.com data: 'unsafe-inline' 'unsafe-eval'; frame-src *.nationalgypsum.com *.goldbondbuilding.com *.proformfinishing.com *.permabase.com *.askforpurple.com *.youtube.com forms.hsforms.com *.facebook.com *.doubleclick.net *.adsrvr.org 1
default-src 'self' https; font-src 'self' *.gstatic.com *.typekit.net *.bootstrapcdn.com *.fontawesome.com; style-src 'self' 'unsafe-inline' *.googleapis.com staticcdn.co.nz *.typekit.net *.twitter.com *.bootstrapcdn.com *.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.googleapis.com *.twitter.com cdn.syndication.twimg.com *.google-analytics.com *.google.com *.gstatic.com staticcdn.co.nz code.jquery.com cdnjs.cloudflare.com *.bootstrapcdn.com  *.govt.nz/_resources/app/javascript/dist/bundle.min.js *.youtube.com youtube.com *.vimeo.com vimeo.com *.player.vimeo.com livestream.com; style-src-attr 'self' 'unsafe-inline' *.govt.nz/_resources/app/javascript/dist/bundle.min.js pbs.twimg.com; worker-src 'none'; img-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com www.google.com www.google.co.nz stats.g.doubleclick.net *.twitter.com pbs.twimg.com i.ytimg.com i.vimeocdn.com shielded.co.nz staticcdn.co.nz; connect-src 'self' *.googleapis.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net *.govt.nz/graphql; frame-src 'self' *.google.com *.youtube.com player.vimeo.com livestream.com *.twitter.com staticcdn.co.nz *.paymentexpress.com *.windcave.com *.govt.nz; frame-ancestors 'self'; object-src 'none'; form-action 'self' *.twitter.com http://www.nzlii.org; media-src *.govt.nz *.amazonaws.com *.livestream.com; 1
default-src * data: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: 'unsafe-inline' 'unsafe-eval'; connect-src * data: 'unsafe-inline'; img-src * data: 'unsafe-inline'; frame-src * data: ; style-src * data: 'unsafe-inline'; font-src * data: 'unsafe-inline' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-yU3lteF+YaZhdmrEPP7kPZCML5QO7oUygg3hIduj+N1Q/4Kg' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'unsafe-inline' 'unsafe-eval' http: https:;        object-src 'none';        base-uri 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hci.social; img-src 'self' https: data: blob: https://hci.social; style-src 'self' https://hci.social 'nonce-5zpATQKN6wKufJRJ3sRKVA=='; media-src 'self' https: data: https://hci.social; frame-src 'self' https:; manifest-src 'self' https://hci.social; form-action 'self'; child-src 'self' blob: https://hci.social; worker-src 'self' blob: https://hci.social; connect-src 'self' data: blob: https://hci.social https://storage.googleapis.com wss://hci.social; script-src 'self' https://hci.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' cms.cellpointdigital.com 1
script-src 'self' *.googleapis.com *.google-analytics.com *.googlesyndication.com *.cloudflare.com *.jsdelivr.net *.bootstrapcdn.com *.googletagmanager.com *.google.com *.gstatic.com *.igodigital.com *.cloudflare.com *.livehelpnow.net static.hotjar.com *.hotjar.com *.licdn.com *.cookiebot.com *.bazaarvoice.com api.bazaarvoice.com *.gstatic.com *.polyfill.io *.tundrafmp.com *.restaurantessentials.com *.etundra.com *.cenpos.com images.dfsupply.com/tundra/magic360/magic360.js images.dfsupply.com/tundra/MagicZoomPlus/magiczoomplus.js mpsnare.iesnare.com/snare.js secure.wufoo.com/scripts/embed/form.js *.wufoo.com static.wufoo.com/scripts/embed/form.js tag.rmp.rakuten.com/118496.ct.js *.cloudfront.net *.freshrelevance.com connect.facebook.net/en_US/sdk.js  *.googleadservices.com  *.paypal.com *.paypalobjects.com bat.bing.com *.clarity.ms/tag/uet/5000225 *.clarity.ms/s/0.7.8/clarity.js *.clarity.ms/s/0.7.10/clarity.js www.clarity.ms mpsnare.iesnare.com/script/logo.js s.saleswingsapp.com/sw.prod.min.js 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: *.amazonaws.com *.igodigital.com *.linkedin.com *.bazaarvoice.com *.gstatic.com *.livehelpnow.net *.dfsupply.com *.tundrafmp.com *.restaurantessentials.com *.etundra.com; frame-ancestors *.etundra.com *.tundrafmp.com *.restaurantessentials.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://dev.azure.com https://login.microsoftonline.com/ https://spsprodcus2.vssps.visualstudio.com https://www.datadoghq-browser-agent.com http://www.datadoghq-browser-agent.com https://rum.browser-intake-datadoghq.com http://rum.browser-intake-datadoghq.com https://prefund-reporting.PROD.encompass-suite.com https://prefund-reporting-api.PROD.encompass-suite.com https://owi-internal.internal-PROD.wexcp.com app.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io pendo-static-4558985839575040.storage.googleapis.com data.pendo.io; worker-src 'self' blob http://www.google-analytics.com https://www.google-analytics.com http://cdn.appdynamics.com https://cdn.appdynamics.com http://col.eum-appdynamics.com https://col.eum-appdynamics.com https://tfs.encompass.ninja https://www.youtube.com; frame-ancestors 'self' app.pendo.io; child-src app.pendo.io; frame-src 'self' app.pendo.io; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src https: data:; object-src 'none'; report-uri /api/csp/report; connect-src 'self' https: wss://*.hotjar.com wss://*.hotjar.io 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.thenmusa.org https://www.googletagmanager.com https://ssl.google-analytics.com https://connect.facebook.net https://www.google-analytics.com https://rtd-tm.everesttech.net https://*.everestjs.net https://*.googleadservices.com https://code.jquery.com; img-src 'self' data: https://ssl.google-analytics.com https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com https://*.everesttech.net https://www.facebook.com https://secure.gravatar.com *.doubleclick.net https://*.pubmatic.com https://arttrk.com https://ps.w.org https://s.w.org; style-src 'self' 'unsafe-inline' https://*.thenmusa.org https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://*.fls.doubleclick.net https://pixel.everesttech.net https://www.everestjs.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://artsandculture.google.com https://*.knightlab.com https://matterport.com https://prezi.com https://omeka.org https://vimeo.com https://player.vimeo.com/ https://prezi.com/https://my.matterport.com/ https://video.thenmusa.org https://videocenter.nmusa-blue.net; object-src 'none'; connect-src 'self' https://*.thenmusa.org https://www.google-analytics.com https://stats.g.doubleclick.net https://www.facebook.com; media-src 'self' https://*.thenmusa.org blob:; worker-src blob: 1
default-src https: 'unsafe-inline' 'unsafe-eval'; font-src https: data:; img-src https: data: 1
frame-ancestors 'self' *.gdata.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata-advancedanalytics.com *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com; frame-src 'self' gdata.jobbase.io player.captivate.fm gdata.onlyfy.jobs *.gdata.de *.consentmanager.net www.paypal.com *.criteo.com *.criteo.net *.onfastspring.com *.saferpay.com www.youtube-nocookie.com www.google.com www.google.de *.gdata.ch *.gdata.fr *.gdata.at *.gdata.nl *.gdata.it *.gdata.be *.gdata.es *.gdata.pt *.gdatasoftware.co.uk *.gdatasoftware.com *.gdata-software.com *.gdata-advancedanalytics.de *.gdata.co.jp *.gdata-china.com *.gdata-hongkong.com *.inventorofantivirus.com www.awin1.com *.doubleclick.net bid.g.doubleclick.net tpc.googlesyndication.com fbanalytics.org m.youtube.com player.vimeo.com gdata.jobbase.io gdata-a.akamaihd.net; report-uri https://www.gdatasoftware.com/__cspreporting__ 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data:; media-src https: blob:; worker-src https: blob:; 1
frame-ancestors 'self' *.google.com *.amp.colgate.es amp.colgate.es *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
default-src 'self' blob: 'unsafe-inline' https://*.fr.shopping.rakuten.com https://fr.shopping.rakuten.com https://pmcdn.staticpmrk.com https://*.priceminister.com https://*.googlesyndication.com https://rtax.criteo.com https://*.aaxads.com https://*.relai.rakuten.fr https://relai.rakuten.fr https://*.dotomi.com;img-src blob: * data: https://*.aaxads.com https://aaxdetect.com https://*.relai.rakuten.fr https://relai.rakuten.fr;font-src * data:;script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net https://www.googletagservices.com https://d1m6l9dfulcyw7.cloudfront.net https://ajax.googleapis.com https://tag.aticdn.net https://logs11.xiti.com https://securepubads.g.doubleclick.net https://*.criteo.net https://*.criteo.com https://rtax.criteo.com https://t1.stormiq.com https://js.stormiq.com https://*.googlesyndication.com https://maps.googleapis.com https://ads.rubiconproject.com https://optimized-by.rubiconproject.com https://cdn.tinyclues.com https://*.google.fr https://*.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.contentsquare.net https://logs11.xiti.com https://*.logs11.xiti.com https://*.contentsquare.net https://*.fr.shopping.rakuten.com https://fr.shopping.rakuten.com https://ws.fr.shopping.rakuten.com https://cdn.ampproject.org https://*.amazonaws.com https://*.rmtag.com https://www.google-analytics.com https://*.bing.com https://*.nxtck.com https://*.r.r10s.jp https://*.sddan.com https://*.googleadservices.com https://*.mastertag.effiliation.com https://*.rtmlb.com https://*.mmtro.com https://*.avads.net https://*.google-analytics.com https://*.loadeu.exelator.com https://*.sslwidget.criteo.com https://*.consensu.org https://amazonaws.com https://rmtag.com https://www.google-analytics.com https://bing.com https://nxtck.com https://r.r10s.jp https://sddan.com https://www.googleadservices.com https://mastertag.effiliation.com https://www.rtmlb.com https://mmtro.com https://avads.net https://google-analytics.com https://loadeu.exelator.com https://sslwidget.criteo.com https://sddan.mgr.consensu.org https://*.cpx.to https://*.simpli.fi https://rat.rakuten.fr https://*.g.doubleclick.net https://*.effiliation.com https://*.exelator.com https://*.rlcdn.com https://*.bluekai.com https://*.mathtag.com https://*.mookie1.com https://*.krxd.net https://*.demdex.net https://*.omnitagjs.com https://*.surveygizmo.com https://*.yahoo.com https://s.yimg.com https://*.kameleoon.eu https://*.kameleoon.io https://*.kameleoon.com https://*.adfarm1.adition.com https://*.aaxads.com https://intozedisplay.tech https://*.relai.rakuten.fr https://relai.rakuten.fr https://www.google.com https://*.mediarithmics.com https://*.moatads.com https://sdk.privacy-center.org https://sdk-gcp.privacy-center.org https://restapi.surveygizmo.com https://s-cdn.rmp.rakuten.com/js/rakuten.prebid.js https://*.outbrain.com https://*.batch.com https://www.clarity.ms https://*.linksynergy.com https://*.leadplace.fr https://*.iadvize.com https://notifpush.com https://*.imrworldwide.com https://*.licdn.com https://*.googleadservices.com https://*.contentsquare.com https://*.sendbird.com wss://*.sendbird.com https://*.wlscripts.net https://d32106rlhdcogo.cloudfront.net https://d3dh5c7rwzliwm.cloudfront.net https://dgf0rw7orw6vf.cloudfront.net http://www.personalicanvas.com https://www.personalicanvas.com https://*.jsdelivr.net https://js.cookieless-data.com https://*.queue-it.net https://*.heyday.ai https://*.zeotap.com https://js.datadome.co https://*.evorra.net https://*.rakuten-static.com https://ascpqnj-oam.global.ssl.fastly.net https://sc-static.net https://tr.snapchat.com https://s.pinimg.com https://ct.pinterest.com https://*.processout.com https://*.marqeta.com https://*.themoneytizer.com https://*.tmyzer.com https://*.clarium.io https://*.confiant-integrations.net https://*.sascdn.com https://*.smartadserver.com https://*.onetag-sys.com https://*.id5-sync.com https://*.teads.tv https://*.quantserve.com https://*.pbstck.com https://*.missena.io https://*.datadoghq.com https://*.adnxs.com https://*.sciencebehindecommerce.com https://*.zenaps.com https://*.awin1.com https://*.dwin1.com https://*.wepowerconnections.com https://*.dotomi.com https://analytics.tiktok.com  https://*.googlesyndication.com;connect-src 'self'  https://*.rakqa.fr https://ws.priceminister.com https://pmcdn.staticpmrk.com https://*.criteo.com https://*.contentsquare.net https://clues.tinyclues.com https://*.doubleclick.net https://*.googlesyndication.com https://*.adsafeprotected.com https://fr.shopping.rakuten.com https://ws.fr.shopping.rakuten.com https://*.fr.shopping.rakuten.com https://*.priceminister.com https://rat.rakuten.fr https://*.google-analytics.com https://*.surveygizmo.com https://*.kameleoon.com https://*.kameleoon.eu https://*.kameleoon.io https://*.aaxads.com https://intozedisplay.tech https://*.relai.rakuten.fr https://relai.rakuten.fr https://api.privacy-center.org https://*.rmp.rakuten.com https://*.outbrain.com https://*.outbrainimg.com https://*.exelator.com https://*.batch.com https://logs11.xiti.com https://*.logs11.xiti.com https://*.yeesshh.com https://*.rlcdn.com https://*.iadvize.com https://*.contentsquare.com https://*.sendbird.com wss://*.sendbird.com https://*.personali.com https://*.privacymanager.io https://*.xiti.com https://*.mediarithmics.com https://*.heyday.ai https://*.zeotap.com https://api-js.datadome.co https://www.cloudelivr.com https://*.evorra.net https://bidder.criteo.com https://tr.snapchat.com https://s.pinimg.com https://ct.pinterest.com https://*.processout.com https://*.marqeta.com https://*.themoneytizer.com https://*.tmyzer.com https://*.clarium.io https://*.confiant-integrations.net https://*.sascdn.com https://*.smartadserver.com https://*.onetag-sys.com https://*.id5-sync.com https://*.teads.tv https://*.quantserve.com https://*.pbstck.com https://*.missena.io https://*.datadoghq.com https://*.adnxs.com https://*.sciencebehindecommerce.com https://*.zenaps.com https://*.awin1.com https://*.dwin1.com https://*.wepowerconnections.com https://*.cpx.to https://analytics.tiktok.com  https://*.google.fr https://*.google.com https://*.googlesyndication.com https://fr.shopping.rakuten.com;style-src 'self' blob: 'unsafe-inline' https://bo.fr.shopping.rakuten.com https://outils.fr.shopping.rakuten.com https://preview.fr.shopping.rakuten.com https://fr.shopping.rakuten.com https://fonts.googleapis.com https://*.iadvize.com;child-src https://cas.criteo.com https://gum.criteo.com https://*.googlesyndication.com https://*.aaxads.com https://*.relai.rakuten.fr https://relai.rakuten.fr;frame-src https://*;worker-src blob: https://fr.shopping.rakuten.com https://*.fr.shopping.rakuten.com https://preview.priceminister.com;media-src https://*.priceminister.com https://*.fr.shopping.rakuten.com https://fr.shopping.rakuten.com 1
default-src 'self' *.heytelecom.be *.google.es *.google.be *.fontawesome.com *.typekit.net *.digitalchannels.technology cdn.jsdelivr.net *.cookielaw.org *.googletagmanager.com *.optimizegoogle.com *.optimize-google.com *.googleanalytics.com *.google-analytics.com *.newrelic.com *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.amazon-adsystem.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' * https://optimize.google.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com *.doubleclick.net  https://script.hotjar.com https://connect.facebook.net https://www.googleadservices.com http://www.googleadservices.com https://static.hotjar.com https://trk.adbutter.net https://accounts.google.com https://www.googleanalytics.com https://www.googleoptimize.com *.customersaas.com t.contentsquare.net contentsquare.com *.emsecure.net *.customersaas.com  *.heytelecom.be *.netdna-ssl.com blob: *.abtasty.com *.googleapis.com https://assets.pinterest.com  https://widgets.pinterest.com; object-src 'self' *.mobistar.be  *.heytelecom.be *.netdna-ssl.com; style-src 'unsafe-inline' https://mvp.orange.be/obe_coverage_map/1.0.0/wcbundler.css https://qelp-static.s3.eu-west-1.amazonaws.com/qc5/hey-be/assets/variables.css 'self' https://optimize.google.com https://fonts.googleapis.com *.mobistar.be *.cloudfront.net *.customersaas.com  *.heytelecom.be *.netdna-ssl.com cdnjs.cloudflare.com *.gstatic.com *.abtasty.com *.googleapis.com messaging-khoros.app.khoros.com cdn.jsdelivr.net *.typekit.net *.googletagmanager.com; img-src * blob: https://optimize.google.com *.heytelecom.be https://www.facebook.com https://www.google.com https://www.google.es https://static.hotjar.com     *.doubleclick.net https://brand-messenger.app.khoros.com *.adnxs.com https://p1.zemanta.com https://aax-eu.amazon-adsystem.com https://www.google-analytics.com *.googletagmanager.com data: *.abtasty.com *.amazonaws.com *.cloudfront.net *.contentsquare.net https://i.pinimg.com  https://log.pinterest.com; media-src 'self' data: *.mobistar.be  *.heytelecom.be *.netdna-ssl.com https://v.pinimg.com; frame-src 'self'  https://optimize.google.com * emsecure.net  *.heytelecom.be https://assets.pinterest.com; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com *.mobistar.be *.customersaas.com  *.heytelecom.be cdn.livechatinc.com themes.googleusercontent.com *.netdna-ssl.com blob: data: *.googleapis.com *.gstatic.com *.abtasty.com brand-messenger.app.khoros.com messaging-khoros.app.khoros.com  *.typekit.net *.fontawesome.com; connect-src 'self' *.teads.tv *.googlesyndication.com https://analytics.pangle-ads.com/api/v2/pangle_pixel https://bat.bing.com *.bat.bing.com https://alb.reddit.com *.alb.reddit.com *.js.adsrvr.org https://js.adsrvr.org https://tr.snapchat.com *.tr.snapchat.com https://sc-static.net *.sc-static.net https://redditstatic.com *.redditstatic.com *.analytics.tiktok.com https://analytics.tiktok.com *.tealiumiq.com *.usabilla.com *.emsecure.net *.customersaas.com wss://*.khoros.com  *.heytelecom.be *.digitalchannels.technology *.mousestats.com secure.comparecycle.com c.contentsquare.net *.abtasty.com *.contentsquare.net *.khoros.com *.smooch.io *.slgnt.eu *.google-analytics.com *.prod.aws.lcloud.com *.typekit.net cdn.jsdelivr.net *.nr-data.net cdnjs.cloudflare.com *.google.com *.google.es *.google.be *.fontawesome.com  *.cookielaw.org *.onetrust.com *.hotjar.com *.adbutter.net *.adnxs.com *.doubleclick.net *.newrelic.com wss://*.hotjar.com *.googletagmanager.com *.ipify.org *.zemanta.com *.googleadservices.com *.facebook.net *.facebook.com *.hotjar.io *.amazon-adsystem.com *.openstreetmap.org https://browser-update.org maps.googleapis.com fonts.google.com maps.gstatic.com *.qelpcare.com; 1
script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; report-to csp-endpoint; upgrade-insecure-requests ; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.ca *.google.ci *.google.co.bw *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.ve *.google.com *.google.com.br *.google.com.co *.google.com.eg *.google.com.kh *.google.com.mt *.google.com.ng *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sa *.google.com.tr *.google.com.vn *.google.de *.google.dz *.google.fr *.google.ge *.google.ht *.google.it *.google.me *.google.nl *.google.pl *.google.pt *.google.ru *.google.se *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; report-uri https://mon.us.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&revision=7cd91960-f12e-43d1-a796-2bf5555f66fe 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://www.googletagmanager.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.google-analytics.com https://www.googletagmanager.com https://griffwerksftp.blob.core.windows.net https://maps.gstatic.com https://*.googleapis.com 'report-sample'; font-src 'self' https://fonts.gstatic.com 'report-sample'; base-uri 'self'; frame-src 'self' https://*.pinterest.com *.youtube-nocookie.com *.youtube.com *.vimeo.com 'report-sample'; style-src-elem 'self' 'unsafe-inline' https://fonts.googleapis.com 'report-sample'; script-src-elem 'self' 'unsafe-inline' https://*.pinterest.com https://*.fonts.googleapis.com https://*.google-analytics.com https://www.googletagmanager.com https://maps.googleapis.com https://s.pinimg.com 'report-sample'; connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net https://maps.googleapis.com https://*.pinterest.com 'report-sample'; report-uri /@http-reporting?csp=report 1
frame-ancestors 'self' http://www.maizena.es unilever3.marketing.adobe.com unileverbrazil.marketing.adobe.com unilever2.marketing.adobe.com unilever.marketing.adobe.com unilever3.experiencecloud.adobe.com unileverbrazil.experiencecloud.adobe.com unilever2.experiencecloud.adobe.com unilever.experiencecloud.adobe.com emea1-proxy.adobemc.com us1-proxy.adobemc.com us1-proxy.adobemc.com apac-proxy.adobemc.com adobedemoemea131.marketing.adobe.com adobedemoemea131.experiencecloud.adobe.com https://s3.cartwire.co https://s7.addthis.com https://kritique-widgets-stage.unileversolutions.com https://d1a1ax4tcp3m3j.cloudfront.net 1
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com maps.googleapis.com maps.gstatic.com https://*.hotjar.com;script-src 'self' 'unsafe-inline' 'unsafe-eval'  az416426.vo.msecnd.net *.addthis.com z.moatads.com v1.addthisedge.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com web-chat.global.assistant.watson.appdomain.cloud https://*.hotjar.com *.google.com *.gstatic.com *.shareaholic.net *.shareaholic.com *.openshareweb.com px.owneriq.net ml314.com *.tynt.com;frame-src 'self' w.soundcloud.com s7.addthis.com player.vimeo.com www.youtube.com share.transistor.fm z.moatads.com https://*.hotjar.com https://*.doubleclick.net *.google.com px.owneriq.net;font-src 'self' data: fonts.gstatic.com https://*.hotjar.com *.google.com *.openshareweb.com;connect-src 'self' dc.services.visualstudio.com m.addthis.com vimeo.com www.google-analytics.com api-public.addthis.com stats.g.doubleclick.net integrations.eu-gb.assistant.watson.appdomain.cloud api.amplitude.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.doubleclick.net *.shareaholic.net *.shareaholic.com;img-src 'self' data: i.vimeocdn.com maps.gstatic.com maps.googleapis.com www.google-analytics.com becaai.auto.facilitytwin.com https://*.hotjar.com sb.scorecardresearch.com px.owneriq.net *.tynt.com *.eyeota.net *.crwdcntrl.net;object-src 'none';frame-ancestors https://*.azurewebsites.net https://*.beca.com https://beca.com; 1
frame-ancestors hnitbjoerg.able-group.de hnitbjoerg-live.able-plattform.de                                         hnitbjoerg-test.able-plattform.de; 1
default-src * 'self'; font-src *;img-src * data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'self' *.seznam.cz www.sauto.cz admin.sauto.cz *.sauto.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.sauto.cz login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.sdn.cz *.szn.cz gacz.hit.gemius.pl scz.hit.gemius.pl *.adform.net *.adnxs.com *.adnxs-simple.com *.adsafeprotected.com *.consensu.org *.doubleclick.net *.doubleverify.com *.googlesyndication.com *.googletagservices.com *.im.cz *.imedia.cz *.imedia.dev.dszn.cz *.pliing.com *.pubmatic.com *.sbeta.cz *.sdn.szn.cz *.serving-sys.com *.seznam.cz *.sklik.cz ads.celtra.com *.2mdn.net ams.creativecdn.com cdn.id5-sync.com tags.crwdcntrl.net *.sauto.cz blob: login.szn.cz http://login.szn.cz https://login.szn.cz notifikace.seznam.cz http://notifikace.seznam.cz https://notifikace.seznam.cz connect.facebook.net seznam.daktela.com *.hit.gemius.pl www.googletagmanager.com *.hotjar.com unpkg.com/@seznam 1
frame-src 'self' insight.adsrvr.org *.hotjar.com *.youtube.com *.google.com *.googlevideo.com *.googleapis.com *.youtube-nocookie.com *.doubleclick.net 1
default-src:https: 1
default-src 'self' *.zywave;script-src 'self' *.zywave.com *.zywave.co.uk www.google.com 'nonce-uffpMhV8YCWhFRGJyx2FfKo7SH+uR6ktHE8EyWv3r3Y=';style-src 'self' 'nonce-uffpMhV8YCWhFRGJyx2FfKo7SH+uR6ktHE8EyWv3r3Y=';frame-src 'self' www.google.com;connect-src 'self';img-src 'self' data: *.zywave.com *.zywave.co.uk;manifest-src *.zywave.com *.zywave.co.uk 1
default-src 'self' www.sherwin.com.ar www.sherwin.com.br www.google.com www.youtube.com; script-src 'self' connect.facebook.net www.google.com www.gstatic.com cdnjs.cloudflare.com maps.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.googleapis.com prism.sherwin-williams.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob:; font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com data:; connect-src 'self' blob: maps.googleapis.com prism.sherwin-williams.com sherwin.scene7.com api.sherwin-williams.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net; img-src 'self' blob: maps.googleapis.com connect.facebook.net www.facebook.com i.ytimg.com maps.gstatic.com www.google.com.co prism.sherwin-williams.com cdnjs.cloudflare.com sherwin.scene7.com www.sherwin.com.br www.googletagmanager.com www.google-analytics.com secure.gravatar.com www.sherwin.com.ar a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org data:; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com prism.sherwin-williams.com fonts.googleapis.com use.fontawesome.com 'unsafe-inline'; base-uri 'self';form-action 'self'; 1
frame-src 'self'  https://player.vimeo.com https://www.google.com https://www.youtube.com; frame-ancestors 'self'  https://*.ivolunteer.com; 1
default-src * 'unsafe-eval' 'unsafe-inline'; img-src * data: unsafe-inline 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com tagmanager.google.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com static.hotjar.com script.hotjar.com ajax.googleapis.com services.postcodeanywhere.co.uk dl.episerver.net maps.google.com maps.googleapis.com www.google.com www.gstatic.com api.reciteme.com vo.msecnd.net *.vo.msecnd.net cdn.botframework.com cdn-ukwest.onetrust.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fast.fonts.net services.postcodeanywhere.co.uk fonts.googleapis.com fonts.gstatic.com api.reciteme.com; frame-src 'self' vars.hotjar.com www.youtube.com www.google.com api.reciteme.com heyzine.com sway.office.com; connect-src 'self' *.google-analytics.com *.analytics.google.com maps.googleapis.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io stats.g.doubleclick.net in.hotjar.com vc.hotjar.io services.postcodeanywhere.co.uk api.reciteme.com https://enw-geo.mandogroup.com:8443 https://geoserver.enwl.co.uk:8443 directline.botframework.com wss://directline.botframework.com https://www.google-analytics.com/ https://dc.services.visualstudio.com/ wss://ws1.hotjar.com/api/v1/client/ws cdn-ukwest.onetrust.com geolocation.onetrust.com cookiesuksouth.blob.core.windows.net; img-src 'self' data: *.google-analytics.com *.analytics.google.com maps.gstatic.com maps.google.com maps.googleapis.com api.reciteme.com pbs.twimg.com script.hotjar.com https://enw-geo.mandogroup.com:8443 https://geoserver.enwl.co.uk:8443 bot-azd-chatdev01-uks.azurewebsites.net bot-azd-chatci01-uks.azurewebsites.net bot-azd-chatqa01-uks.azurewebsites.net bot-azr-chatuat01-uks.azurewebsites.net bot-azp-chatprod01-uks.azurewebsites.net http://t0.ads.astuntechnology.com cdn-ukwest.onetrust.com; font-src 'self' fonts.gstatic.com api.reciteme.com script.hotjar.com; media-src 'self' api.reciteme.com 1
default-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline';            script-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://cdn.ywxi.net http://cdn.saberfeedback.com https://feedback.saberfeedback.com https://www.trustedsite.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline' 'unsafe-eval';            style-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://s3.amazonaws.com https://p.typekit.net https://fonts.googleapis.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn 'unsafe-inline';            font-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://fonts.gstatic.com https://s3.amazonaws.com  https://use.typekit.net https://*.innovamarketinsights360.cn https://*.innovadatabase.cn;            img-src 'self' https://*.innovamarketinsights360.com https://asset-innova.s3.amazonaws.com https://*.innovadatabase.com https://s3.amazonaws.com https://cdn.ywxi.net https://*.innovamarketinsights360.cn https://*.innovadatabase.cn data:;                         connect-src 'self' http://s3-us-west-2.amazonaws.com;            frame-src 'self' https://*.innovamarketinsights360.com https://*.innovadatabase.com https://*.innovamarketinsights360.cn https://*.innovadatabase.cn; 1
object-src 'none';script-src 'nonce-fe93ab79-3d95-4ddb-9bb4-7f344b6c945b' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;base-uri 'none';require-trusted-types-for 'script'; report-uri https://csp.microsoft.com/report/Forms-PROD;report-to endpoint-1; 1
object-src 'self'; script-src 'self' https://www.giftcalcs.com https://bbox.blackbaudhosting.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://www.youtube.com https://connect.facebook.net https://www.timevaluecalculators.com https://s.ytimg.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://radiomd.com https://d2ybmd3wevur4k.cloudfront.net https://www.findhelp.org 'unsafe-inline' 'unsafe-eval' https://woobox.com cdn.calltrk.com *.moatads.com code.jquery.com *.eruptr.io tags.srv.stackadapt.com *.googleadservices.com *.google-analytics.com *.addthis.com *.addthisedge.com googleads.g.doubleclick.net *.google.com *.clockwisemd.com *.callrail.com *.facebook.com *.bootstrapcdn.com *.tagmanager.google.com 1
frame-ancestors 'self' https://business.ovou.me/; 1
default-src 'self'; script-src 'unsafe-inline' 'self' https://www.clarity.ms/ https://h.clarity.ms/ https://c.clarity.ms/ https://cdnjs.cloudflare.com/ https://www.google.com/  https://www.google-analytics.com/ https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net/; style-src 'unsafe-inline' 'self' https://pro.fontawesome.com/; font-src 'self' https://pro.fontawesome.com/; frame-src https://www.facebook.com/ https://www.google.com/ https://www.youtube.com/; img-src 'self' data: https://c.bing.com https://c.clarity.ms/ https://www.google-analytics.com/ https://www.google.com/ https://www.google.co.za https://www.facebook.com; connect-src 'self' https://www.clarity.ms/ https://h.clarity.ms/ https://j.clarity.ms/ https://c.clarity.ms/ https://analytics.google.com https://www.google-analytics.com/ https://stats.g.doubleclick.net; 1
frame-ancestors 'self' https://*.polfed.org https://polfedportal.microsoftcrmportals.com https://ebillingportal.powerappsportals.com 1
default-src 'self'; script-src 'self' 'nonce-ZFJ3QVI3MjJOQktyNGFqbXp6MzA0bm1Sbm1QVlBSVGpwSk5ldmVWdDV2QT06RTBWQkVPdkJmWHVZMDh5SHRtUzlrejZnclNpUVhDeUwxOE1wNkpjWmpjQT0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; 1
default-src 'self' bngprm.com *.bngprm.com ymetrica1.com mc.yandex.ru cam.vg *.cam.vg cdn.fluidplayer.com movcpm.com *.movcpm.com greedseed.world xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com http://149.202.96.211 http://62.210.201.98 http://195.154.187.103 http://195.154.187.179 http://195.154.173.242 http://195.154.173.197 *.2k0.ru; style-src cdn.fluidplayer.com fonts.googleapis.com 'self' 'unsafe-inline'; script-src bngprm.com *.bngprm.com cdn.jsdelivr.net cdn.fluidplayer.com 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' fonts.gstatic.com data:; img-src 'self' bngprm.com *.bngprm.com counter.yadro.ru mc.yandex.ru ymetrica1.com mc.webvisor.org cdn.fluidplayer.com movcpm.com *.movcpm.com xmjvf.com *.xmjvf.com 9v5.ru *.9v5.ru *.adtng.com adtng.com data:; 1
report-uri https://api.web1on1.chat/report-violation;default-src 'self';connect-src 'self' wss://*.web1on1.chat wss://*.chatshipper.com wss://*.smooch.io *.web1on1.chat *.chatshipper.com *.run.app *.cloudfunctions.net *.facebook.com *.google.com *.smooch.io *.postmarkapp.com fonts.googleapis.com fonts.gstatic.com meet.cht.onl 8X8.vc js.stripe.com stripe.com *.googleapis.com *.userguiding.com eventgw.twilio.com wss://*.twilio.com media.twiliocdn.com sdk.twilio.com api.twilio.com blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.smooch.io *.googleapis.com meet.cht.onl 8X8.vc js.stripe.com stripe.com *.statuspage.io *.postmarkapp.com blob: connect.facebook.net apis.google.com *.cloudflare.com *.userguiding.com *.chatshipper.com *.web1on1.chat *.google.com *.gstatic.com media.twiliocdn.com sdk.twilio.com;style-src 'self' 'unsafe-inline' *.chatshipper.com *.web1on1.chat *.smooch.io fonts.googleapis.com fonts.gstatic.com meet.cht.onl 8X8.vc js.stripe.com stripe.com viabovag.nl *.userguiding.com *.viabovag.nl blob:;img-src * data: blob:;font-src 'self' data: *.googleusercontent.com *.bootstrapcdn.com *.cloudfront.net fonts.googleapis.com fonts.gstatic.com viabovag.nl *.userguiding.com *.viabovag.nl *.smooch.io;media-src 'self' data: *.smooch.io cht.onl meet.cht.onl 8X8.vc js.stripe.com *.userguiding.com stripe.com mediastream media.twiliocdn.com sdk.twilio.com *.twilio.com *.web1on1.chat blob:;object-src 'none';child-src * blob:; frame-src *; frame-ancestors *.citnow.com *.rtcauto.co.uk; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.nrg.gr/el/report-uri/enforce 1
script-src *;img-src data: *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' chat.openai.com/ces https://*.chat.openai.com/ https://*.chatgpt.com https://*.oaistatic.com https://api.openai.com https://chat.openai.com https://chat.openai.com/ https://chat.openai.com/backend-anon https://chat.openai.com/backend-api https://chat.openai.com/graphql https://chat.openai.com/public-api https://chat.openai.com/voice https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chat.openai.com/ https://widget.intercom.io js.intercomcdn.com js.stripe.com wss://*.chat.openai.com/ wss://*.chatgpt.com; script-src-elem 'self' 'unsafe-inline' auth0.openai.com challenges.cloudflare.com chat.openai.com/ces https://*.chat.openai.com/ https://*.chatgpt.com https://*.oaistatic.com https://api.openai.com https://apis.google.com https://chat.openai.com https://chat.openai.com/ https://chat.openai.com/backend-anon https://chat.openai.com/backend-api https://chat.openai.com/graphql https://chat.openai.com/public-api https://chat.openai.com/voice https://docs.google.com https://jidori.g1.internal.services.openai.org https://js.live.net/v7.2/OneDrive.js https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chat.openai.com/ https://widget.intercom.io https://www-onepick-opensocial.googleusercontent.com js.intercomcdn.com js.stripe.com wss://*.chat.openai.com/ wss://*.chatgpt.com; img-src * 'self' data: https: https://docs.google.com https://drive-thirdparty.googleusercontent.com https://ssl.gstatic.com; style-src 'self' 'unsafe-inline' chat.openai.com/ces https://*.chat.openai.com/ https://*.chatgpt.com https://*.oaistatic.com https://api.openai.com https://chat.openai.com https://chat.openai.com/ https://chat.openai.com/backend-anon https://chat.openai.com/backend-api https://chat.openai.com/graphql https://chat.openai.com/public-api https://chat.openai.com/voice https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chat.openai.com/ wss://*.chat.openai.com/ wss://*.chatgpt.com; font-src 'self' data: https://*.oaistatic.com https://fonts.gstatic.com; connect-src 'self' *.oaiusercontent.com api-iam.intercom.io api-js.mixpanel.com browser-intake-datadoghq.com chat.openai.com/ces fileserviceuploadsperm.blob.core.windows.net http://0.0.0.0:* http://localhost:* https://*.chat.openai.com/ https://*.chatgpt.com https://*.oaistatic.com https://api.onedrive.com https://api.openai.com https://chat.openai.com https://chat.openai.com/ https://chat.openai.com/backend-anon https://chat.openai.com/backend-api https://chat.openai.com/graphql https://chat.openai.com/public-api https://chat.openai.com/voice https://content.googleapis.com https://docs.google.com https://events.statsigapi.net https://featuregates.org https://graph.microsoft.com https://jidori.g1.internal.services.openai.org https://oaistatic.com https://snc.apps.openai.com https://snc.chatgpt.com/backend/se https://tcr9i.chat.openai.com https://tcr9i.chat.openai.com/ o33249.ingest.sentry.io statsigapi.net wss://*.chat.openai.com/ wss://*.chatgpt.com wss://*.intercom.io wss://*.webpubsub.azure.com; frame-src challenges.cloudflare.com https://*.sharepoint.com https://content.googleapis.com https://docs.google.com https://onedrive.live.com https://tcr9i.chat.openai.com https://tcr9i.chat.openai.com/ js.stripe.com; worker-src 'self' blob:; media-src blob: 'self' https://cdn.openai.com; frame-ancestors chrome-extension://iaiigpefkbhgjcmcmffmfkpmhemdhdnj; report-to applied-gen-csp; report-uri https://browser-intake-datadoghq.com/api/v2/logs?dd-api-key=pub1f79f8ac903a5872ae5f53026d20a77c&dd-evp-origin=content-security-policy&ddtags=group%3Aapplied-gen-csp 1
default-src 'self' https:;connect-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; script-src-elem 'unsafe-inline' https:; style-src 'self' 'unsafe-inline' data: https:; style-src-elem 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob: https:; 1
frame-ancestors 'self' https://y1fhhgrpsw.ovice.in; 1
default-src 'self' https://* wss://*.hotjar.com https://script.hotjar.com *.pusher.com *.pusherapp.com wss://*.pusher.com; script-src 'unsafe-inline' 'self' 'strict-dynamic' 'nonce-3f34499ecf32890e26daab8d6bfcbf8acaee25686a837f5a727a8ec30447d5c8RIHWpg1VOyQ=' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://cardflip.twistoo.co *.twistoo.co https://fonts.googleapis.com https://cdn.luigisbox.com https://onesignal.com; img-src 'self' data: https://*; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com https://cdn.livechatinc.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://matomo.taywa.ch https://www.youtube.com https://www.youtube-nocookie.com https://www.googletagmanager.com https://*.googleapis.com https://www.googleadservices.com https://www.google.com; style-src 'self' 'unsafe-inline' https://cdn.cookielaw.org https://www.youtube.com https://www.youtube-nocookie.com https://*.googleapis.com; img-src 'self' https: data:; connect-src 'self' https://matomo.taywa.ch https://www.googletagmanager.com https://cdn.cookielaw.org https://www.youtube.com https://www.youtube-nocookie.com https://*.google-analytics.com https://*.googleapis.com; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com; font-src 'self' data: https://fonts.gstatic.com; object-src 'none'; default-src 'self' 1
default-src 'self' https://payment.kide.app https://v1.api.paymenthighway.io https://*.facebook.net https://*.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.facebook.com https://sc.lfeeder.com https://plausible.io https://js.monitor.azure.com https://challenges.cloudflare.com; connect-src 'self' blob: data: https://api.kide.app https://auth.kide.app https://cvs.kide.app https://payment.kide.app https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.googleapis.com https://*.doubleclick.net https://plausible.io https://*.in.applicationinsights.azure.com; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net; img-src 'self' data: https://portalvhdsp62n0yt356llm.blob.core.windows.net https://payment.checkout.fi https://www.google-analytics.com https://*.facebook.net https://*.facebook.com https://*.gstatic.com https://*.googleapis.com https://*.doubleclick.net https://*.adform.net blob: https://kide.app; media-src https://portalvhdsp62n0yt356llm.blob.core.windows.net; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://use.typekit.net https://p.typekit.net; child-src https://kide.app https://payment.kide.app https://v1.api.paymenthighway.io https://public.mobilepay.dk https://publicmobilepay.danskebank.com https://qa-maksu.pivo.fi/ https://*.facebook.com https://*.facebook.net https://*.youtube.com https://challenges.cloudflare.com; frame-ancestors 'self'; 1
script-src 'unsafe-inline' 'self' 'unsafe-eval'; style-src * 'unsafe-inline' data: ; img-src * data: blob:; frame-src 'self' buildamerica.com creditsummaries.assuredguaranty.com *.lumesis.com munipoints.com www.munipoints.com; connect-src www.google-analytics.com 'self' ; default-src 'self' data:; report-uri /tmc/servlet/error/csp 1
frame-ancestors 'self' *.mylsb.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://www.google-analytics.com/ https://static.addtoany.com/ https://cdnjs.cloudflare.com/ https://www.google.com/ https://www.gstatic.com/ https://cdn.jsdelivr.net/ https://unpkg.com/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://static.addtoany.com/ https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ ; img-src 'self' https://www.googletagmanager.com https://www.google-analytics.com/ https://www.google.com.my/ads/ga-audiences https://i.ytimg.com/ data:;; frame-src https://players.brightcove.net/ https://www.jobstreet.com.my/ https://www.youtube.com/ https://static.addtoany.com/ https://www.google.com/; font-src 'self' https://fonts.gstatic.com/ https://themes.googleusercontent.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/; report-uri /report-csp-violation 1
default-src 'unsafe-eval' 'unsafe-inline' * blob:; script-src 'unsafe-inline' 'unsafe-eval' * blob:; img-src * data: blob:; connect-src *; font-src * data:; base-uri 'self'; manifest-src 'self' data:; frame-ancestors 'self' 1
default-src 'self';connect-src 'self' dpdbzcoatrn01.cloudfront.net *.stripe.com *.backblazeb2.com *.s3.amazonaws.com *.google.com *.google.com/* www.facebook.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google-analytics.com;frame-src 'self' *.stripe.com *.s3.amazonaws.com *.google.com *.google.com/* www.facebook.com *.hotjar.com *.soundcloud.com/ *.twitter.com www.youtube.com;script-src 'self' dpdbzcoatrn01.cloudfront.net blob: 'unsafe-inline' *.stripe.com *.s3.amazonaws.com *.google.com *.google.com/* *.facebook.net www.facebook.com *.cdn-apple.com Cross-Origin-Resource-Policy: cross-origin unpkg.com *.cloudflare.com *.hotjar.com cdn.buymeacoffee.com/* cdnjs.buymeacoffee.com googletagmanager.com *.googletagmanager.com googletagmanager.com/* *.googletagmanager.com/* *.google-analytics.com *.doubleclick.net *.soundcloud.com/* *.twitter.com;script-src-attr 'self' 'unsafe-inline';img-src 'self' dpdbzcoatrn01.cloudfront.net *.stripe.com *.s3.amazonaws.com www.facebook.com cdn.buymeacoffee.com *.twitter.com cdn.ko-fi.com;font-src 'self' Cross-Origin-Resource-Policy: cross-origin dpdbzcoatrn01.cloudfront.net dpdbzcoatrn01.cloudfront.net/sk_cdn/sk_frontend/libs/formantic-ui/themes/default/assets/fonts/* fonts.googleapis.com fonts.gstatic.com *.s3.amazonaws.com data: digitaloceanspaces.com *.digitaloceanspaces.com *.nyc3.digitaloceanspaces.com *.digitaloceanspaces.com/* *.nyc3.digitaloceanspaces.com/* *.cloudflare.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.s3.amazonaws.com *.google.com *.google.com/* dpdbzcoatrn01.cloudfront.net *.cloudflare.com;media-src 'self' dpdbzcoatrn01.cloudfront.net blob: *.s3.amazonaws.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
script-src 'unsafe-inline' 'unsafe-eval' https: data:; script-src-elem 'unsafe-inline' https:; report-uri https://variant-a.ru/ajax/csp.php 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.xlovecam-girls.com:9080 www.xlovecam-girls.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.xlovecam-girls.com wss://www.xlovecam-girls.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715650475 1
frame-ancestors 'self' *.myaerotel.com 1
default-src 'none'; script-src 'self' 'unsafe-inline' cdn.minebeamitsumi-aerospace.com cdn.nhbb.com nhbb.cdn.neptuneweb.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com www.google.com www.gstatic.com *.greenhouse.io polyfill.io cdnjs.cloudflare.com maps.googleapis.com cdn.dxpr.com connect.facebook.net *.doubleclick.net; style-src 'self' 'unsafe-inline' cdn.minebeamitsumi-aerospace.com cdn.nhbb.com nhbb.cdn.neptuneweb.com fonts.googleapis.com cdn.dxpr.com; img-src 'self' data: cdn.minebeamitsumi-aerospace.com cdn.nhbb.com nhbb.cdn.neptuneweb.com *.google-analytics.com maps.gstatic.com maps.googleapis.com cdn.dxpr.com dxpr.com *.google.com *.facebook.com www.googletagmanager.com; form-action 'self'; media-src 'self'; connect-src 'self' www.google-analytics.com cdn.dxpr.com *.segment.io *.googlesyndication.com *.analytics.google.com analytics.google.com *.doubleclick.net maps.googleapis.com; font-src 'self' cdn.minebeamitsumi-aerospace.com cdn.nhbb.com nhbb.cdn.neptuneweb.com fonts.gstatic.com *.analytics.google.com; frame-src 'self' www.google.com maps.google.com *.greenhouse.io *.doubleclick.net https://player.vimeo.com www.youtube.com; frame-ancestors 'self'; 1
frame-src 'self' https://*.rightviewweb.com 1
default-src: https: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://androiddev.social; img-src 'self' https: data: blob: https://androiddev.social; style-src 'self' https://androiddev.social 'nonce-cjXhuPoZxRRFTkA4QmTrEQ=='; media-src 'self' https: data: https://androiddev.social; frame-src 'self' https:; manifest-src 'self' https://androiddev.social; form-action 'self'; child-src 'self' blob: https://androiddev.social; worker-src 'self' blob: https://androiddev.social; connect-src 'self' data: blob: https://androiddev.social https://cdn.masto.host wss://androiddev.social; script-src 'self' https://androiddev.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.youtube.com www.googletagmanager.com https://snap.licdn.com *.google.com *.google-analytics.com https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com *.itracmediav4.com *.qualtrics.com http://ib.adnxs.com/ https://ib.adnxs.com/ http://api.permutive.com/ https://api.permutive.com/ https://tags.srv.stackadapt.com/* https://tags.srv.stackadapt.com/events.js https://public.flourish.studio/resources/embed.js https://player.vimeo.com cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://tags.srv.stackadapt.com/sa.css web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://p.adsymptotic.com https://px.ads.linkedin.com https://stats.g.doubleclick.net https://beacon.krxd.net *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com *.qualtrics.com http://ib.adnxs.com/ https://ib.adnxs.com/ http://api.permutive.com/ https://api.permutive.com/ https://tags.srv.stackadapt.com/sa.jpeg web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' https://www.google.com https://www.youtube.com *.itracmediav4.com *.qualtrics.com https://flo.uri.sh/ https://player.vimeo.com web-chat.nativechat.com; connect-src 'self' accounts.google.com https://*.google-analytics.com/ https://stats.g.doubleclick.net/ https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.qualtrics.com http://ib.adnxs.com/ https://ib.adnxs.com/ http://api.permutive.com/ https://api.permutive.com/ https://tags.srv.stackadapt.com/ https://cdn.linkedin.oribi.io/partner/1390682/domain/symcor.ca/token https://vimeo.com; media-src 'self' data: blob: *.vimeo.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ http://ib.adnxs.com/ https://ib.adnxs.com/ http://api.permutive.com/ https://api.permutive.com/ web-chat.nativechat.com 1
script-src 'self' https://www.cai.io/ cai.io *.cai.io *.6sc.co *.6sense.com *.iubenda.com fonts.gstatic.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cai-meshprod.azureedge.net/ https://cdn.iubenda.com/ https://unpkg.com/ https://www.googletagmanager.com https://plausible.io/js/script.js https://cdn.matomo.cloud/cai.matomo.cloud/ https://scripts.simpleanalyticscdn.com/latest.js https://script.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.clarity.ms/ https://pi.pardot.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://static.hotjar.com/c/ 'sha256-Xfki8FSlbFiwrpmBUKmzKl96e0xPN0EnugM0QkIs+u0=' https://player.vimeo.com https://cdn.usefathom.com 'sha256-R5uv7loCFPwOrdK3VC1aYAKHtdLy9rJodmuKTj0Nwg8=' 'sha256-l9+PZ6tGTwPpIDGW/GcdRaidAJ1dk0PRZ0VdBsVr02I=' 'sha256-gAH3n1lxGubCh/M3oPcpC2dL03mDutrRnPEWq6+M31c=' 'sha256-yi6dW3eHN2kTGwprlVilmvn4O1lgIfO8FKZa491P7y0=' 'sha256-RfcknUV/kiE3VNYffV8rWFKPrgsjTCDo9CB2iTiaWiQ=' 'sha256-CnP18RyppLbgIWFb8kd+BGymXxHf+eW8oH+NE2eH178=' 'sha256-vGU/TDFm8NAPqwc8nZThBPE02+QBWh2DrPaZ+eHgcWw=' 'sha256-MIrawTPddX8Pict6u9AIun2yTAhxIg/qMplnNxXPFC0=' 'sha256-plpMDUdRhZlfFGMr0rKRwqlbzk6REJ3wtA9t5UxOpxk=' 'sha256-zjbBEO9DZ1p6z5/VWoyxtVmNsQQkpxcE0UJBiOjGhSA=' 'sha256-Q6Z3tznzoqNkgmYIsfE4sGEE7nnVu9JZmDkgMMzabQw=' 'sha256-8dn8FNc5fZiR1DzqjD/GsF2W1zDCYL13dVim9gf0Roc=' 'sha256-NlxnMLY4cy1tErpp+vzBldnEZH9G1Oie3SIUTBYEERI=' 'sha256-RJpIQr6bxkALWnmvs6twlFhPKhqQ79YD6LA03TSDTwY=' 'sha256-iIkJ9j7uQggjwvU6t/FUiiYdAK5kntZNwz0KIL7anyQ=' 'sha256-pN8nK72sCSA/vWL28ZrRX34qhHkAfSzCvH0Fyl4TBPk=' 'sha256-DOXFBGWMAArA9GGLuFk5RVQyWeX3az7AOjvXSCDNfAk=' 'sha256-NbAAMrOpfq9f4WXyJPT2saZSFr6zPpiqzYHbLb9M8rQ=' 'sha256-cslxTNXaHRM2Soeg8Ic3KLLFx1jYKVlRQWt4bYgirXM=' 'sha256-jqCB9Yv4ytqzrFqCDYn89MJYQj4mhLIOzsKNH2Zm3pM=' 'sha256-6OkhPSgKV6DD4GPrvYThIjnPixgniLwxebby/WEIJtA=' 'sha256-f2DBadaDeP63u6z8yOqj6fEFeUCnC6jHVa5a1L/O1Ig=' 'sha256-wkireAXRiMhkrCGbn7jCevqXMy518vc476pdzQB5Ldk=' 'sha256-/T+Gam27Fp741vmU74k2CXTAOcEq4Iu+QPAF2M8jVe8=' 'sha256-fqT0sKNb4Tk/WBn1QnJaUcs1u9ENET1wx1FKGt3v1pA=' 'sha256-otSA2GWiLYn+M5onAF6E41+I0lv4cqE7HcyMHq0Gwsk=' 'sha256-o9GUo16amu/Hdd964VIZ21xkHXfu3GeyjIOCj3+Xxtk=' 'sha256-/fuCPho/tkyp4/5JRes63FUigXDJlAbUCDN2MItAo1w=' 'sha256-X4ihTGpaxoYyCuWQtWtFPc7n/0ekcUZoeNgIyTSsAWE=' 'sha256-sUnJvixowOtxTle2OTZBW2xkFsJMySjZzLLofTexjE4=' 'sha256-9rb0xcWKN6yjYe6h2zqGnQJAsweAvqOLmFYB6zljnjM=' 'sha256-QjbkQ8/7oYvRtIh5IxIMcJbUVWb1HqoVLLLGe7JkH+4=' 'sha256-gUeNejFstRU/LX0LrTiXHAf1EWZ9rNIYb9muFY1MM7o=' 'sha256-pf4krfVp0WBNgCyou17+r4aJ/3ujXZo9P1MzjL/OiwE=' 'sha256-b5W44mtY/tSlcJFB/ZFwM/yzE8T0dMm28K1HAPapfhQ=' 'sha256-tNochN/bCMQn5Ft9q4Eb0vgSaFllggot8EP5fQj09hw=' 'sha256-87bP86lcMtM/TC8xa1uE5gXBRpLtGEboj24O88bbm7g='; base-uri 'self'; object-src 'none' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-fhjZ4jdJ922xeNTsZr2e1+EqDEmlGL+ZjDsr2CP6n+GCdXK5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-IYdVK7ZOZ7yx4ZSwk1AC0ABCiGGwiIhwvsq6QjlJG6TO/NA8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-h3Uev3OQ0zKWnrQFVA5iVQi26BXdmPDb37uvuf2a0pN8uGNQ' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://toot.lgbt; img-src 'self' https: data: blob: https://toot.lgbt; style-src 'self' https://toot.lgbt 'nonce-WvQ5eiIDspKa47r2/hHJ2g=='; media-src 'self' https: data: https://toot.lgbt; frame-src 'self' https:; manifest-src 'self' https://toot.lgbt; form-action 'self'; child-src 'self' blob: https://toot.lgbt; worker-src 'self' blob: https://toot.lgbt; connect-src 'self' data: blob: https://toot.lgbt https://media.toot.lgbt wss://toot.lgbt; script-src 'self' https://toot.lgbt 'wasm-unsafe-eval' 1
default-src 'self' *.rf-news.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net www.youtube-nocookie.com stats.mlpd.de rotefahne.mlpd.de *.rf-news.de; connect-src 'self' 'unsafe-inline' stats.mlpd.de; style-src 'self' 'unsafe-inline' *.rf-news.de; font-src 'self' data: use.typekit.net *.rf-news.de; img-src 'self' i.ytimg.com p.typekit.net rotefahne.mlpd.de www.mlpd.de *.rf-news.de; frame-src 'self' www.youtube-nocookie.com www.youtube.com rotefahne.mlpd.de *.rf-news.de; 1
default-src * 'self' 'unsafe-eval' 'unsafe-inline' https://*.omappapi.com https://widget.manychat.com/  https://www.google.com https://www.google.com/recaptcha/api.jshttps://my.yoast.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://yoastcdn.com https://yoast.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com/gtag/js?id=G-VGJ56BFYBZ&l=dataLayer&cx=c https://omappapi.com https://www.google-analytics.com https://www.googleanalytics.com https://connect.facebook.net https://snap.licdn.com https://lfeeder.com https://sc.lfeeder.com https://www.clarity.ms https://s.adroll.com https://analytics.google.com https://my.yoast.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com blob:; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://assets.flostack.io/js/flo.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/js/all.min.js https://omappapi.com https://www.googletagmanager.com https://my.yoast.com https://go.exotel.com https://adroll.com https://www.clarity.ms https://lfeeder.com https://sc.lfeeder.com https://snap.licdn.com https://connect.facebook.net https://www.googleanalytics.com https://www.google-analytics.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; https://stg-exotel-staging.kinsta.cloud; connect-src 'self' https://api.flostack.io https://www.googleanalytics.com/analytics.js https://www.googletagmanager.com/gtag/js?id=G-VGJ56BFYBZ&l=dataLayer&cx=c https://pi.pardot.com https://omappapi.com https://pardot.com https://www.google-analytics.com https://www.googleanalytics.com https://connect.facebook.net https://snap.licdn.com https://sc.lfeeder.com https://www.clarity.ms https://adroll.com https://analytics.google.com https://www.googletagmanager.com https://go.exotel.com https://my.yoast.com https://ps.w.org https://pro.ip-api.com https://a.omappapi.com https://clients.allincall.in https://www.youtube.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.omappapi.com https://api.ipgeolocation.io https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; img-src 'self' 'unsafe-inline' https://img.youtube.com/vi/eHWQpISlJoM/maxresdefault.jpg https://stg-exotel-staging.kinsta.cloud https://img.youtube.com/vi/xxlrgNmGAs4/maxresdefault.jpg https://img.youtube.com/vi/sGfVfKl3ZbA/maxresdefault.jpg  https://my.yoast.com https://s.w.org https://ps.w.org https://www.google.co.in https://clients.allincall.in https://secure.gravatar.com https://www.youtube.com https://cdn.ckeditor.com https://yoastcdn.com https://yoast.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com data:; style-src 'self' 'unsafe-inline' https://my.yoast.com https://clients.allincall.in https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://api.omappapi.com https://a.omappapi.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; style-src-elem 'self' 'unsafe-inline' https://my.yoast.com https://clients.allincall.in https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://api.omappapi.com https://a.omappapi.com https://cdn.ckeditor.com https://ckeditor.com https://yoast.com https://use.typekit.net https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net d3hb14vkzrxvla.cloudfront.net https://w.recruiterbox.com; base-uri 'self'; style-src-attr 'self' 'unsafe-inline' https://w.recruiterbox.com; font-src 'self' data: https://my.yoast.com https://apis.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://yoast.com https://yoastcdn.com https://optinmonster.com https://beacon-v2.helpscout.net https://use.typekit.net; worker-src 'self' blob: https://my.yoast.com https://yoast.com; form-action 'self' https://app.recruiterbox.com; frame-src 'self' https://web.flostack.io https://go.exotel.com https://go.exotel.com https://my.yoast.com https://www.youtube.com https://app.recruiterbox.com clients.allincall.in; object-src 'self'; child-src none; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'; object-src 'none' 1
base-uri 'self'; block-all-mixed-content; connect-src 'self' https://*.adobedtm.com https://*.demdex.net https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.malaysiaairlines.com https://*.myjournify.com https://*.omtrdc.net https://*.rmtag.com https://*.quantcount.com https://*.quantserve.com https://*.yieldoptimizer.com https://*.youtube.com; default-src 'self'; font-src 'self' https://fonts.gstatic.com; form-action 'self'; frame-src 'self' https://*.adobedtm.com https://*.demdex.net https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.malaysiaairlines.com https://*.myjournify.com https://*.omtrdc.net https://*.rmtag.com https://*.quantcount.com https://*.quantserve.com https://*.yieldoptimizer.com https://*.youtube.com; img-src 'self' data: https:; media-src 'self' https:; script-src 'self' https://*.adobedtm.com https://*.demdex.net https://*.doubleclick.net https://*.everestjs.net https://*.everesttech.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.googletagservices.com https://*.gstatic.com https://*.malaysiaairlines.com https://*.myjournify.com https://*.omtrdc.net https://*.rmtag.com https://*.quantcount.com https://*.quantserve.com https://*.yieldoptimizer.com https://*.youtube.com 'unsafe-inline'; object-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; 1
default-src 'none' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflareinsights.com *.google.gr  *.skroutz.gr https://skroutza.skroutz.gr *.contactpigeon.com https://www.clarity.ms *.cloudflare.com *.ubembed.com *.skroutz.gr *.boxnow.gr *.citrusad.com https://skroutza.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://static.addtoany.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' *.contactpigeon.com https://ping.contactpigeon.com *.typekit.net/ https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: *.skroutz.gr *.doubleclick.net https://c.bing.com/c.gif *.c.bing.com https://skroutza.skroutz.gr *.contactpigeon.com https://dimages.contactpigeon.com https://ping.contactpigeon.com *.clarity.ms  https://c.clarity.ms https://static.pharmnet.gr https://www.pharmnet.gr https://pharmnetnew.staginglh.com https://local.pharmnetnew.gr https://pharmnetnew.test.devlh.com https://pharmnet.gr *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: *.typekit.net/ https://fonts.gstatic.com; connect-src 'self' https://gtm.pharmnet.gr/ *.facebook.com https://pagead2.googlesyndication.com *.googlesyndication.com *.analytics.google.com https://region1.analytics.google.com *.clarity.ms *.contactpigeon.com  https://ping.contactpigeon.com https://conversionapi.pharmnet.gr *.citrusad.com https://staging-integration.citrusad.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com; frame-src *; media-src 'self'; manifest-src *.pharmnet.gr; 1
default-src 'self' https://cdn.freshbots.ai/;                    script-src 'unsafe-inline' 'unsafe-eval' 'self' https://kit.fontawesome.com/ https://as-dev-ktt-webresources.azureedge.net/  https://ktt-webresources.azureedge.net/ http://stats.pusher.com/ https://www.freshbots.ai/ https://cdn.freshbots.ai https://www.googleadservices.com  https://www.googletagmanager.com https://www.1account.net https://www.google.com https://www.gstatic.com https://js.stripe.com https://checkout.stripe.com http://cdn.mailerlite.com https://radiate.azureedge.net http://static.mailerlite.com https://platform.twitter.com https://cdn.syndication.twimg.com/ https://www.google.com http://www.google-analytics.com https://analytics.twitter.com https://cdn.freshbots.ai/ https://s3.amazonaws.com https://d36mpcpuzc4ztk.cloudfront.net https://lateralpayments.com/;                    frame-src 'self' https://www.youtube.com/ https://cdn.freshbots.ai https://www.googleadservices.com  https://www.googletagmanager.com https://www.1account.net https://www.google.com https://klubfunder.freshdesk.com https://www.facebook.com/ https://platform.twitter.com https://syndication.twitter.com/ https://js.stripe.com/ https://m.facebook.com/ https://www.youtube.com/ https://lateralpayments.com/;                    style-src 'self' 'unsafe-inline' https://psni-webresources.azureedge.net/ https://as-dev-ktt-webresources.azureedge.net/ https://ktt-webresources.azureedge.net/  https://maxcdn.bootstrapcdn.com.min.css https://cdn.freshbots.ai https://www.googleadservices.com  https://www.googletagmanager.com https://www.1account.net https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://platform.twitter.com https://radiate.azureedge.net https://s3.amazonaws.com https://assets1.chat.freshdesk.com https://ton.twimg.com https://fonts.googleapis.com https://d36mpcpuzc4ztk.cloudfront.net https://lateralpayments.com/;                                                                        img-src 'self' data: https://s3.amazonaws.com/ https://cdn.freshbots.ai https://klubfunderstoragesys.blob.core.windows.net https://killerz.blob.core.windows.net https://klubfundertest.blob.core.windows.net https://kttdevqueuestorage.blob.core.windows.net https://kttppdqueuestorage.blob.core.windows.net https://kttpublicprodstorage.blob.core.windows.net https://kttprodstorage.blob.core.windows.net https://static.mailerlite.com http://t.co https://track.mailerlite.com http://www.google-analytics.com https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com https://stats.g.doubleclick.net https://ton.twimg.com https://klubfunderdev.blob.core.windows.net https://placehold.it https://www.klubfunder.com/images/passporttemplate.jpg https://www.klubfunder.com/images/phototemplate.jpg https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif https://www.paypalobjects.com/en_US/i/scr/pixel.gif https://lateralpayments.com/;                    media-src 'self' data: https://s3.amazonaws.com/ https://cdn.freshbots.ai https://klubfunderstoragesys.blob.core.windows.net https://killerz.blob.core.windows.net https://klubfundertest.blob.core.windows.net https://static.mailerlite.com http://t.co https://track.mailerlite.com http://www.google-analytics.com https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://abs.twimg.com https://stats.g.doubleclick.net https://ton.twimg.com https://klubfunderdev.blob.core.windows.net https://placehold.it https://www.klubfunder.com/images/passporttemplate.jpg https://www.klubfunder.com/images/phototemplate.jpg https://www.paypalobjects.com/en_US/i/btn/btn_donate_LG.gif https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif https://www.paypalobjects.com/en_US/i/scr/pixel.gif https://lateralpayments.com/;                    font-src 'self' https://ka-f.fontawesome.com/ https://as-dev-ktt-webresources.azureedge.net/ https://cdn.freshbots.ai https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://lateralpayments.com/;                    connect-src 'self' https://ka-f.fontawesome.com/ wss://rts-us.freshworksapi.com ws://ws-mt1.pusher.com https://rts-us.freshworksapi.com/ https://www.freshbots.ai/ https://cdn.freshbots.ai https://region1.google-analytics.com https://ipgeolocation.abstractapi.com https://www.google-analytics.com https://klubfunderdev.blob.core.windows.net https://klubfunderstoragesys.blob.core.windows.net https://killerz.blob.core.windows.net https://klubfundertest.blob.core.windows.net https://lateralpayments.com/; 1
connect-src 'self' https://planner5d.com https://*.planner5d.com https://planner5d.pro https://*.planner5d.pro wss://planner5d.pro/api/ws wss://*.planner5d.pro/api/ws https://*.google.com https://*.google.lt https://*.analytics.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://www.google.co.il https://www.google.es https://*.googletagmanager.com https://*.devtodev.com https://*.taboola.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://www.facebook.com https://widget.freshworks.com https://planner5d.freshdesk.com https://*.intercom.io wss://*.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://*.wisepops.com https://*.stripe.com https://*.paypal.com https://*.paymentwall.com https://*.surveymonkey.com https://vimeo.com https://*.vimeo.com https://bat.bing.com https://sentry.planner5d.com wss://planner5d.com:21344/ws wss://planner5d.com:31673/ws https://respondent.survicate.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.onetrust.com https://*.adjust.com https://*.adjust.world https://app.adjust.net.in https://*.pinterest.com https://*.webgains.io; frame-src 'self' https://www.google.com https://optimize.google.com https://vars.hotjar.com https://planner5d.com https://*.planner5d.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://player.vimeo.com https://*.surveymonkey.com https://*.facebook.com https://*.pinterest.com https://*.youtube.com https://intercom-sheets.com/ https://tool.planner5d.com https://td.doubleclick.net https://*.xsolla.com/ https://calendly.com/ http://localhost https://*.s-onetag.com https://*.lijit.com; style-src 'self' 'unsafe-inline' https://planner5d.com https://widget.freshworks.com https://*.googleapis.com https://optimize.google.com https://*.survicate.com https://*.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' 'unsafe-hashes' https://planner5d.com https://*.planner5d.com https://widget.freshworks.com https://*.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://connect.facebook.net https://*.hotjar.com https://www.google.com https://www.google.lt https://optimize.google.com https://www.googleadservices.com https://adservice.google.com https://*.taboola.com https://*.devtodev.com https://*.stripe.com https://*.paypal.com https://*.paypalobjects.com https://cdnjs.cloudflare.com https://*.vimeo.com https://*.surveymonkey.com https://bat.bing.com https://*.youtube.com https://*.intercom.io https://js.intercomcdn.com https://cdn.cookielaw.org https://cookie-cdn.cookiepro.com https://*.survicate.com https://*.wisepops.com https://*.wisepops.net https://wisepops.net https://*.adjust.com https://s.pinimg.com https://xsolla.com https://*.xsolla.com https://webgains.io https://*.webgains.io https://*.googleoptimize.com https://assets.calendly.com/; frame-ancestors 'self' https://planner5d.com https://tool.planner5d.com https://*.staging.d5rennalp.xyz http://localhost:3003 http://localhost:80 http://localhost; 1
default-src *.groupepdi.com *.net-fs.com *.onetrust.com *.cookielaw.org alumacraft.com *.alumacraft.com *.manitoupontoonboats.com *.wufoo.com unpkg.com *.yandex.ru my.matterport.com airtable.com ds-aksb-a.akamaihd.net monkeys-fist-for-brp.com *.myfeelback.com mfb.li mailchi.mp *.cdninstagram.com *.stackla.com fareharbor.com *.peek.com *.salecycle.com story.brplynx.com *.cloudfront.net mpembed.com *.googleadservices.com *.slideshare.net *.hotjar.com *.typekit.net *.bootstrapcdn.com *.salesforce.com *.omtrdc.net service.force.com *.adobedtm.com *.google.ca *.gstatic.com *.azurewebsites.net *.lightboxcdn.com *.salesforceliveagent.com *.force.com *.moatads.com *.youtube.com *.addthisedge.com *.addthis.com *.cloudflare.com *.doubleclick.net *.brp.com *.facebook.net *.azureedge.net *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self' *.demdex.net *.day.com *.everesttech.net *.scene7.com *.amazon-adsystem.com *.facebook.com *.googleusercontent.com *.lightboxapi.com *.womenofonroadgroups.com *.canamonroadcommunity.com canamonroadcommunity.com *.learntoride3wheel.com *.limelightplatformevents.com *.valuemytradein.com *.zencdn.net *.zlthunder.net cdn.knightlab.com *.mdex.net *.sea-doo.com *.ski-doo.com *.brpdigital.net tags.tiqcdn.com brp--c.documentforce.com collect.tealiumiq.com *.teads.tv brp.my.salesforce-sites.com cdn.jsdelivr.net stconsumercaseapip01.blob.core.windows.net arttrk.com *.yimg.com www.filepicker.io *.unchartedsociety.com *.qualtrics.com sp.analytics.yahoo.com *.googlesyndication.com *.attribution.adswizz.com *.contentsquare.net; 1
frame-ancestors 'self' https://beacon.aisdevio.com/ https://digital.ais.th/ https://gourmetmarketthailand.com/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.cz https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.cz; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.cz https://m.myprotein.cz https://checkout.myprotein.cz https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://c.imedia.cz https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.cz; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src https:                    'unsafe-inline'                    'unsafe-eval'; 1
default-src 'self' *.gstatic.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com api.webthumbnail.org *.googletagmanager.com *.stats.g.doubleclick.net *.doubleclick.net *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; script-src 'self' 'nonce-d09e908de3a81aa00c7168ba0c38f7c4' *.facebook.com *.facebook.net *.connect.facebook.net *.twitter.com *.bannerflow.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com/analytics.js code.highcharts.com/highcharts.js *.googletagmanager.com *.stats.g.doubleclick.net *.doubleclick.net *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl *.amcharts.com; style-src 'self' 'unsafe-inline' *.facebook.com *.facebook.net *.connect.facebook.net *.bannerflow.net *.googleapis.com *.google.com *.gstatic.com *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; img-src 'self' data: *.facebook.com *.facebook.net *.connect.facebook.net *.bannerflow.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; frame-src 'self' *.google.com *.facebook.com *.facebook.net *.twitter.com *.connect.facebook.net *.bannerflow.net *.yumpu.com youtube.com https://widgets.volleystation.com https://www.openstreetmap.org https://www.vis.ignatowicz.com.pl www.youtube.com; ; report-uri /csp-report.php 1
default-src 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.cloudfront.net; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; object-src data: 'unsafe-eval' blob: ; frame-src 'self' *.brightcove.net *.facebook.com *.youtube-nocookie.com *.twitter.com ; img-src 'self' data: *.google-analytics.com t.co *.cloudfront.net *.linkedin.com *.protective.com *.yahoo.com *.vimeocdn.com *.boltdns.net *.akamaihd.net *.twitter.com *.yahoo.com *.facebook.com *.google.com  media-src 'self' *.protective.com *.akamaihd.net *.cloudfront.net; connect-src 'self' *.doubleclick.net *.google-analytics.com *.yimg.com *.protective.com *.nr-data.net *.brightcove.com *.btttag.com visitors.live; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.polyfill.io *.cloudflare.com *.googleapis.com *.en25.com *.google-analytics.com *.doubleclick.net *.googleadservices.com *.yimg.com *.facebook.net *.googletagmanager.com *.ads-twitter.com *.licdn.com *.cloudfront.net *.twitter.com *.btttag.com *.zencdn.net *.youtube.com *.brightcove.net *.brightcove.com blob: ; block-all-mixed-content;  1
default-src 'self' https://googleads.g.doubleclick.net/ https://cdn.taboola.com/ https://cdn.heapanalytics.com/ https://cdn.mouseflow.com/ https://9732392.fls.doubleclick.net/ https://www.facebook.com/; script-src 'self' * 'unsafe-inline' 'unsafe-eval' ;        style-src 'self' 'unsafe-inline' https://ajax.aspnetcdn.com/ https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/;        img-src 'self' https://ad.doubleclick.net/ https://googleads.g.doubleclick.net/pagead/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://cds.taboola.com/ https://www.google.com/ https://www.google.co.in/ https://www.facebook.com/ https://bat.bing.com/ https://www.googletagmanager.com/ data:;        font-src 'self' https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://maxcdn.bootstrapcdn.com/ ;       connect-src 'self' https://psb.taboola.com/topics_api https://pagead2.googlesyndication.com/ https://analytics.google.com/ https://maps.googleapis.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net https://pips.taboola.com/ https://cds.taboola.com/ https://trc-events.taboola.com/;        media-src 'self' data: blob:;       child-src 'self';       frame-src 'self' https://td.doubleclick.net/ https://cdn.taboola.com/ https://online.pgimindiamf.com/ https://tsdtocl.com/ https://9732392.fls.doubleclick.net/ https://www.facebook.com/ https://www.youtube.com/ https://www.googletagmanager.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com player.vimeo.com www.youtube.com static.cloudflareinsights.com munchkin.marketo.net cdn-ukwest.onetrust.com pages.lasalle.com widget.tagembed.com maps.googleapis.com 'unsafe-eval' www.cloudflare.com *.googletagmanager.com www.google-analytics.com ssl.google-analytics.com snap.licdn.com static.ads-twitter.com static.hotjar.com connect.facebook.net lltrck.com www.clarity.ms yoast.com kit.fontawesome.com cdn.tagembed.com googleads.g.doubleclick.net www.googleadservices.com https://platform.twitter.com/widgets.js; style-src 'self' 'unsafe-inline' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com fonts.googleapis.com pages.lasalle.com www.gstatic.com widget.tagembed.com s3.us-west-1.wasabisys.com cdn.tagembed.com; img-src 'self' assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com i.ytimg.com data: 2.gravatar.com secure.gravatar.com i.vimeocdn.com pages.lasalle.com cdn-ukwest.onetrust.com maps.gstatic.com maps.googleapis.com www.lasalle.com *.google-analytics.com *.googletagmanager.com t.co analytics.twitter.com www.facebook.com connect.facebook.net px.ads.linkedin.com lltrck.com c.clarity.ms c.bing.com s.w.org www.linkedin.com media.tagembed.com media.licdn.com pbs.twimg.com cdn.tagembed.com www.google.com www.google.pl googleads.g.doubleclick.net https://aumejtoqen.cloudimg.io; font-src 'self' data: fonts.gstatic.com ka-f.fontawesome.com widget.tagembed.com cdn.tagembed.com s3.us-west-1.wasabisys.com; connect-src 'self' vimeo.com assets-storage-statik-press.s3-eu-west-1.amazonaws.com gg-assets-storage.s3.eu-west-2.amazonaws.com lasalle.tt.omtrdc.net cdn-ukwest.onetrust.com 160-bqd-171.mktoresp.com maps.googleapis.com mboxedge37.tt.omtrdc.net www.cloudflare.com www.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net cdn.linkedin.oribi.io s.clarity.ms ka-f.fontawesome.com yoast.com my.yoast.com t.clarity.ms web.tagembed.com s3.us-west-1.wasabisys.com *.clarity.ms px.ads.linkedin.com https://widget.tagembed.com/embed.json; child-src 'self' data: www.youtube.com player.vimeo.com pages.lasalle.com widget.tagembed.com www.google.com www.facebook.com td.doubleclick.net https://schwabnetwork.com https://platform.twitter.com/; media-src 'self' 1
default-src   'self'; script-src   'self'  'unsafe-eval' 'sha256-gAoLN6KJ0A9OafcVJMjzxNdkYgp5k6N6TAeX0LWP/FI=' 'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k=' 'sha256-h0q/wc9bqEqBhdFWnKDHIxeXP11Ajil7n/hsjm6/dqM='   'sha256-C5rDgRHg+vqKO7WuW9xWaUgdVJbqlhnjKIbfvsKF0xE='   'sha256-JExGmEvC7ZiVWk+GdIt3rVoPWN4W8NCmOfUKXbey7ig='   'sha256-xVILJh0lK70lVi3RoL4ILRgU+KTxxEWHvZDNRTV6JrA='   'sha256-Xi0aUTero+2HCGXxqbCOJfZM32R2yQ2vJ1qfEx5uB2M='   'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU='   'sha256-/JfUu6Zem/6hYsbOAALYRBMS6NOtpUCjDi0RlTS/qb8='   'sha256-2+sA5gLjooF7uql+LE1YEJtYO9VyaPgYBt1rWu41zm0='   'sha256-0D4HtGLdTewYCOXEfwwNl9/8Dl+VhGM1tNJGkLTdgE4='   'sha256-S9ZGnLkZ7P/9E037KPJ434vL+yLVOncfSKLiJjet2bE='   'sha256-6fQwbrnXjDFfyddlQVIIWnIbDc2fp+SIiOI+WBxcjr4='   'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE='   'sha256-GqZ++yMbzxXqNmv/CiOKb06JzJ5wp0AybPtkkBYEV9k='   'sha256-A0/707MQdpfr/tR18VnYSk7JMJoUQSBURZEJa8wF6po='   'sha256-kvqasyXMdm/oaFYV13Vo7H+iWofPfqO92EjT+TP30wQ=' 'sha256-3ajBc/dcb/EhkUUCWwgas0KdZImxjGdF3bpG8w8YRPY='   'sha256-8Ju/7uAUfQXHDZj3VyS+2PTb3q0Y74T6mXoZJvyXGvE='   maps.googleapis.com   px.ads.linkedin.com   p.adsymptotic.com   snap.licdn.com   www.google-analytics.com   player.vimeo.com   extend.vimeocdn.com   *.archgroup.com   www.googletagmanager.com   www.clarity.ms; script-src-elem  'self'  'unsafe-inline'  maps.googleapis.com  px.ads.linkedin.com  p.adsymptotic.com  snap.licdn.com  www.google-analytics.com  player.vimeo.com  extend.vimeocdn.com  www.archgroup.com  www.googletagmanager.com  platform.twitter.com   www.clarity.ms   c.clarity.ms   e.clarity.ms; style-src   'self'   'unsafe-inline'   use.fontawesome.com   fonts.googleapis.com   *.googletagmanager.com   fonts.gstatic.com; frame-src   *.archgroup.com   www.podbean.com   www.youtube.com   www.google.com   *.icims.com   player.vimeo.com  *.twitter.com; img-src   'self'   data:   www.archgroup.com   archgroup.com   ps.w.org   p.adsymptotic.com   wpengine.com   dify.wpengine.com   maps.gstatic.com   *.googleapis.com   *.ggpht.com   secure.gravatar.com   *.linkedin.com   *.google-analytics.com   *.analytics.google.com   *.twitter.com   c.clarity.ms   c.bing.com; font-src   'self'   data:   *.fontawesome.com   fonts.googleapis.com   fonts.gstatic.com; connect-src   'self'   www.archgroup.com   insurance.archgroup.com   mortgage.archgroup.com   reinsurance.archgroup.com   *.google-analytics.com   analytics.google.com   *.analytics.google.com   archcapital2020tf.q4web.com   *.licdn.com   stats.g.doubleclick.net   my.wpengine.com   yoast.com   api.redirect.li   px.ads.linkedin.com   cdn.linkedin.oribi.io   e.clarity.ms; media-src   *.archgroup.com   extend.vimeocdn.com; form-action   'self'; base-uri   'self'; frame-ancestors   'self' www.slipcase.com  marketplace.marsh.com; upgrade-insecure-requests ; object-src   'self'; child-src   'self';  worker-src   'self'   blob; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-ndzwNisCU4fihSxcP8dzrvdiR' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://app.kontent.ai https://www.sonarsource.com; base-uri 'self'; default-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; img-src data: https: blob:; font-src data: https:; connect-src https: wss: blob:; media-src https: blob:; object-src; child-src https: data: blob:; form-action 'self' https:; block-all-mixed-content; script-src 'nonce-USVU2449XtmkbKfx6hjhAz33+aAAA8N3' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
"block-all-mixed-content" 1
default-src 'self' http: https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'; upgrade-insecure-requests; 1
frame-src self *.aftership.com/iframe *.returnscenter.com app.bubblehouse.com formbuilder.hulkapps.com *.youtube.com *.youtube-nocookie.com *.vimeo.com *.shopify.com *.shopifycdn.com *.shopifyapps.com *.yotpo.com *.attn.tv assets.bounceexchange.com *.facebook.com *.gorgias.help 1
frame-ancestors 'self' *.isportfoy.com.tr 1
default-src 'self';style-src 'self' 'unsafe-inline' fonts.googleapis.com https://maxcdn.bootstrapcdn.com/bootstrap/ *.everviz.com/resources/css/ *.everviz.com/static/fonts/;script-src 'self' 'unsafe-inline' 'unsafe-eval' player.vimeo.com/api/player.js static.ws.apsis.one dev.virtualearth.net siteimproveanalytics.com *.highcharts.com *.everviz.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ polyfill.io/v3/polyfill.min.js cdn.jsdelivr.net/npm/mathjax@3/es5/ online4.superoffice.com;img-src 'self' data: http://mt1.google.com wms.geonorge.no opencache.statkart.no/gatekeeper/gk/gk.open_wmts *.google.com *.openstreetmap.org *.virtualearth.net *.siteimproveanalytics.io https://www.navlab.net/images/ https://avas.aventia.no/;font-src 'self' fonts.gstatic.com https://maxcdn.bootstrapcdn.com/bootstrap/ cdn.jsdelivr.net/npm/mathjax@3/es5/output/chtml/fonts/ *.everviz.com/static/fonts/;frame-src 'self' *.vimeo.com https://vimeo.com *.youtube.com *.facebook.com *.soundcloud.com *.everviz.com ffi.easycruit.com https://www.google.com/recaptcha/ https://avas.aventia.no/ form.apsis.one online4.superoffice.com;base-uri 'self';form-action 'self' forsvaretsforskningsinstitutt.mailmojo.no;object-src 'none';connect-src 'self' opencache.statkart.no ogc.ffi.no *.highcharts.com *.everviz.com https://audience.ws.apsis.one/; 1
default-src https:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data:; object-src 'none'; form-action 'self'; frame-ancestors 'self'; base-uri 'self'; block-all-mixed-content 1
frame-ancestors 'self' https://*.facc.com 1
base-uri 'none';child-src 'self' data: blob:;connect-src 'self' ws: wss: http://localhost:1337 http://127.0.0.1:3000 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src https://www.youtube.com;img-src 'self' data: https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;manifest-src 'self';media-src 'self' https://api.bptk.de https://staging.bptk.de https://staging-api.bptk.de;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' http://localhost:1337 https://staging.bptk.de https://staging-api.bptk.de https://api.bptk.de;style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://*.app.allthings.me 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru st.top100.ru counter.rambler.ru openstat.net yandex.st yastatic.net top-fwz1.mail.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.recaptcha.net; 1
frame-ancestors 'self' *.swoogo.com 1
base-uri 'self'; default-src 'self' 'unsafe-inline' https://app.obi4wan.ai https://cloudstatic.obi4wan.com https://fonts.googleapis.com https://fonts.gstatic.com https://img.youtube.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://maps.googleapis.com https://maps.gstatic.com https://platform.twitter.com https://region1.analytics.google.com https://region1.google-analytics.com https://secure.gravatar.com https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com https://www.arcgis.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube-nocookie.com https://es.elk01.yard.nl https://openpdc.hollandskroon.nl https://openpub.hollandskroon.nl; font-src 'self' data: https://fonts.gstatic.com https://maps.gstatic.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://www.gstatic.com https://www.youtube-nocookie.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' https://app.powerbi.com https://channel.royalcast.com https://contact.email-provider.nl https://hollandskroon.maps.arcgis.com https://indiveo.services https://waarismijnstemlokaal.nl https://www.arcgis.com https://www.google.com https://sdk.companywebcast.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://cloudstatic.obi4wan.com https://fonts.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://secure.gravatar.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube-nocookie.com https://openpdc.hollandskroon.nl https://openpub.hollandskroon.nl; upgrade-insecure-requests; report-to https://o214495.ingest.sentry.io/api/1353587/security/?sentry_key=1db59119d16e4832968300b7eabb73a0; report-uri https://o214495.ingest.sentry.io/api/1353587/security/?sentry_key=1db59119d16e4832968300b7eabb73a0 1
font-src *.fontawesome.com https://cdnjs.cloudflare.com *.gstatic.com 'self' data: data: 'self'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.monetico-services.com 'self'; frame-ancestors 'self'; frame-src player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.youtube-nocookie.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.google.fr *.google.com *.avis-verifies.com *.sibforms.com *.sibautomation.com sibautomation.com *.monetico-services.com 'self'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.terranimo.fr *.google.fr *.google.com *.gstatic.com *.googleapis.com *.clarity.ms *.bing.com *.facebook.com maps.googleapis.com maps.gstatic.com *.hsforms.net *.hsforms.com 'self' data: data: 'self'; script-src *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com polyfill.io *.google.fr *.google.com *.matomo.cloud *.googleapis.com *.googletagmanager.com *.gstatic.com *.facebook.net *.sibautomation.com sibautomation.com *.skeepers.io *.clarity.ms *.bing.com *.googlesyndication.com sdk.privacy-center.org sdk.privacy-center maps.googleapis.com www.gstatic.com www.google.com s7.addthis.com https://cdnjs.cloudflare.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self'; media-src 'self'; manifest-src 'self'; connect-src *.newrelic.com *.nr-data.net vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.algolia.net *.insights.algolia *.algolianet.com *.insights.algolia.io *.google.fr *.google.com *.matomo.cloud *.googleapis.com *.terranimo.fr stats.g.doubleclick.net in-automate.brevo.com *.clarity.ms *.facebook.net *.googlesyndication.com *.monetico-services.com maps.googleapis.com ekr.zdassets.com/ t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self'; child-src http: https: blob: 'self'; default-src *.googleapis.com 'self' 'unsafe-eval'; base-uri 'self'; 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://cdn.subscribers.com https://a.opmnstr.com https://buttons-config.sharethis.com https://www.youtube.com https://www.muchloved.com https://oembed.com https://a.omappapi.com https://collector-25517.tvsquared.com https://embed.tawk.to https://bat.bing.com https://*.adroll.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com platform-api.sharethis.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://www.google.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://connect.facebook.net https://cdn.subscribers.com https://a.opmnstr.com https://buttons-config.sharethis.com https://www.youtube.com https://www.muchloved.com https://oembed.com https://a.omappapi.com https://collector-25517.tvsquared.com https://embed.tawk.to https://bat.bing.com https://*.adroll.com https://www.clarity.ms https://dev.visualwebsiteoptimizer.com https://cc.cdn.civiccomputing.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io https://unpkg.com platform-api.sharethis.com; style-src * 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://oembed.com https://a.omappapi.com https://collector-25517.tvsquared.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; frame-ancestors 'self'; report-uri https://www.freedomfromtorture.org/report-uri/enforce 1
require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport,script-src 'report-sample' 'nonce-lJeBSnSpI9w99kPxUGvRiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist 1
default-src https: blob: wws: data: 'unsafe-inline' 'unsafe-eval' 'self' *.stackadapt.com; frame-ancestors 'self' *.canadalife.co.uk ci170-customer.codeinthecloud.com is170-customer.codeinthecloud.com; connect-src *; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.line-scdn.net *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com connect.facebook.net cdn.jsdelivr.net cdnjs.cloudflare.com *.fontawesome.com jpostal-1006.appspot.com;frame-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com *.twitter.com *.line.me *.facebook.com;media-src 'self' *.youtube.com *.youtube-nocookie.com;object-src 'self' *.youtube.com *.youtube-nocookie.com;style-src 'self' 'unsafe-inline' *.googleapis.com *.google.com *.gstatic.com *.fontawesome.com cdn.jsdelivr.net cdnjs.cloudflare.com;img-src 'self' data: blob: *.twitter.com *.google-analytics.com *.google.com *.google.co.jp placehold.jp;font-src 'self' data: fonts.gstatic.com *.fontawesome.com;connect-src 'self' api.iconify.design *.google-analytics.com *.googleanalytics.com *.google.com stats.g.doubleclick.net 1
default-src 'none'; child-src 'self' js.stripe.com hooks.stripe.com www.googletagmanager.com/ns.html www.facebook.com staticxx.facebook.com bid.g.doubleclick.net www.youtube.com player.vimeo.com www.recaptcha.net recaptcha.google.com www.google.com/recaptcha calendly.com *.cloudflarestream.com webforms.pipedrive.com; connect-src 'self' wss: fonts.googleapis.com fonts.gstatic.com api.stripe.com connect.stripe.com api.honeybadger.io maps.googleapis.com *.google-analytics.com/ *.analytics.google.com www.facebook.com www.googleadservices.com stats.g.doubleclick.net cloudflareinsights.com adservice.google.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' js.stripe.com hooks.stripe.com www.googletagmanager.com/ns.html www.facebook.com staticxx.facebook.com bid.g.doubleclick.net www.youtube.com player.vimeo.com www.recaptcha.net recaptcha.google.com www.google.com/recaptcha calendly.com *.cloudflarestream.com webforms.pipedrive.com; img-src 'self' https: data:; form-action 'self' connect.stripe.com pay.gocardless.com pay-sandbox.gocardless.com connect.gocardless.com connect-sandbox.gocardless.com oauth.gocardless.com oauth-sandbox.gocardless.com www.facebook.com accounts.google.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' https:; worker-src 'self' www.recaptcha.net; base-uri 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' js.stripe.com js.honeybadger.io www.googletagmanager.com www.google-analytics.com *.analytics.google.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net www.google.com/ads/user-list www.google.com/pagead/conversion_async.js bid.g.doubleclick.net tagmanager.google.com www.gstatic.com maps.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com static.cloudflareinsights.com www.recaptcha.net www.google.com/recaptcha assets.calendly.com webforms.pipedrive.com *.pipedriveassets.com connect.facebook.net 'nonce-i9ADRq6eoIHmGFACzYOAKA=='; style-src 'self' 'unsafe-inline' fonts.googleapis.com js.stripe.com; block-all-mixed-content; upgrade-insecure-requests; report-uri https://wodboard.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://*.trendmicro.com https://*.trendmicro.net; 1
default-src 'self'; script-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' $sts_origin; object-src 'none'; form-action 'self'; frame-ancestors 'self'; block-all-mixed-content; connect-src 'self' https://www.baramundi.com; media-src 'self'; manifest-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; frame-ancestors 'self' 1
object-src 'none' *.aeon.co.id; 1
connect-src 'self' api.rollbar.com www.tag4arm.com *.smartlook.cloud *.google-analytics.com *.analytics.google.com *.googletagmanager.com adservice.google.com stats.g.doubleclick.net www.google.com/pagead/ pagead2.googlesyndication.com googleads.g.doubleclick.net translate.googleapis.com *.twilio.com wss://tsock.us1.twilio.com/v3/wsconnect consentcdn.cookiebot.com api.pay360.com mpsnare.iesnare.com wss://mpsnare.iesnare.com wss://ws.pusherapp.com *.pusher.com firstbanco-production-attachments.s3.eu-west-1.amazonaws.com d3gj43804r9iyz.cloudfront.net;default-src 'self';font-src 'self' data: fonts.googleapis.com fonts.gstatic.com d3gj43804r9iyz.cloudfront.net;form-action 'self';frame-src 'self' tpc.googlesyndication.com fls.doubleclick.net bid.g.doubleclick.net 8103783.fls.doubleclick.net td.doubleclick.net www.youtube.com consentcdn.cookiebot.com bamboo.web.emea-1.jumio.ai web.emea-1.jumio.ai upload.web.emea-1.jumio.ai widget.trustpilot.com secure.mite.pay360.com dev.mite.pay360.com secure.pay360.com plata.prismic.io bambooloans.prismic.io cti-client-web.meza.talkdeskapp.eu;img-src 'self' data: www.tag4arm.com 8103783.fls.doubleclick.net stats.g.doubleclick.net lh3.googleusercontent.com *.google-analytics.com *.analytics.google.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com www.google.com www.google.co.uk googleads.g.doubleclick.net ade.googlesyndication.com www.google.com/ads/ www.google.com/pagead/ ad.doubleclick.net translate.google.com imgsct.cookiebot.com images.prismic.io bambooloans.cdn.prismic.io plata.cdn.prismic.io s3-eu-west-1.amazonaws.com/firstbanco-email-assets/ s3-eu-west-1.amazonaws.com/firstbanco-production-broker-logos/ d3gj43804r9iyz.cloudfront.net;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js d3gj43804r9iyz.cloudfront.net;style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com d3gj43804r9iyz.cloudfront.net;upgrade-insecure-requests ;block-all-mixed-content ;report-uri /csp-violations;media-src https://mpsnare.iesnare.com data:;style-src-elem 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com tagmanager.google.com d3gj43804r9iyz.cloudfront.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' cdn.rollbar.com/rollbarjs/ www.tag4arm.com *.smartlook.com ajax.googleapis.com googleads.g.doubleclick.net ssl.google-analytics.com tagmanager.google.com tpc.googlesyndication.com tpc.googlesyndication.com www.google-analytics.com www.google.com/pagead/ www.googleadservices.com www.googletagmanager.com media.twiliocdn.com assets.flex.twilio.com consent.cookiebot.com consentcdn.cookiebot.com api.mite.pay360.com api.pay360.com widget.trustpilot.com mpsnare.iesnare.com js.pusher.com static.cdn.prismic.io prismic.io html2canvas.hertzen.com/dist/html2canvas.min.js d3gj43804r9iyz.cloudfront.net; 1
default-src 'self'; script-src 'self'; style-src 'self'; object-src 'self' 1
upgrade-insecure-requests; default-src https: 'unsafe-eval' 'unsafe-inline'; frame-src 'self' mailto: *; font-src 'self' data: * ; img-src 'self' data: blob: * ; object-src 'none'; form-action 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://fonts.gstatic.com https://secure.gravatar.com https://fonts.googleapis.com  https://www.googletagmanager.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://www.google.com https://www.gstatic.com https://www.youtube.com/iframe_api https://www.youtube.com/ 1
frame-ancestors 'self' https://mumuchu.com; 1
frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; font-src 'self' data: https://fonts.gstatic.com; img-src https: data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; script-src https: 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval' wss: app://* ; frame-ancestors 'self'; 1
frame-ancestors 'self' balumba.es www.balumba.es blog.qualitasauto.com qualitasauto.com www.qualitasauto.com www.qautoc.com qautoc.com areacliente.seguroautonaranja.es www.areacliente.seguroautonaranja.es seguroautonaranja.es check24.es seguros-coche.check24.es m.seguros-coche.check24.es; 1
default-src 'self'; style-src 'self' 'nonce-3hEiux2cIGyi0XjoD4IePp4UAfgXmowldjIVcgFENn4'; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com; script-src 'self'; object-src 'none'; require-trusted-types-for 'script'; base-uri 'self'; frame-src 'self' https://google.com https://www.google.com; frame-ancestors 'self'; form-action 'self'; img-src 'self'; 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline';font-src * data: blob: 'unsafe-inline';frame-ancestors 'self' https://*.vizmo.in https://pagesense.zoho.com; 1
frame-ancestors 'self' https://asansabt.co 1
worker-src * data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob:; script-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://test.fenixdirecto.com https://www.fenixdirecto.com; 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://dynatraceprd.cpfl.com.br:9999 https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://www.clarity.ms https://v.clarity.ms https://google-analytics.com https://googletagmanager.com https://ssl.google-analytics.com https://static.cloudflareinsights.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.google.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com 1
img-src      'self' blob: https: data: 'unsafe-inline'  http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;     script-src 'self' blob: https: http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io 'unsafe-inline' 'unsafe-eval';     connect-src  'self' https: http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com wss://*.tawk.to;     frame-src    'self' https: https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io;     font-src     'self' https: data: 'unsafe-inline' http://*.hotjar.com https://*.hotjar.com http://*.hotjar.io https://*.hotjar.io; 1
default-src * data: blob:; script-src *.facebook.com *.fbcdn.net *.facebook.net *.googletagmanager.com *.googleapis.com *.gstatic.com *.youtube.com *.ytimg.com *.google.com 'unsafe-inline' 'unsafe-eval' blob: data: 'self'; style-src data: blob: 'unsafe-inline' *; 1
frame-ancestors 'self' https://www.miliciadaimaculada.org.br 1
frame-ancestors https://*.lg.com.br/ 'self' 1
default-src * https: data: blob: media-src: worker-src: 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests; 1
connect-src 'self' *.googleusercontent.com *.tus.vimeo.com api.ringgold.com dl.dropboxusercontent.com docs.google.com https://raw.githubusercontent.com/astrothesaurus/UAT/master/UAT.rdf www.googleapis.com www.pnascentral.org; default-src 'self' www.pnascentral.org; font-src 'self' fast.fonts.com fonts.gstatic.com www.pnascentral.org; form-action 'nonce-x8qFh3y2RWDu7OCz4qDJdw' 'self' *.orcid.org api2.copyright.com orcid.org www.pnascentral.org; frame-ancestors 'self' www.pnascentral.org; frame-src 'self' *.google.com content.googleapis.com data: www.pnascentral.org; img-src 'self' files.msubmit.net www.pnascentral.org; script-src 'nonce' 'nonce-x8qFh3y2RWDu7OCz4qDJdw' 'self' 'unsafe-eval' *.dropbox.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com *.orcid.org www.pnascentral.org; style-src 'self' 'unsafe-inline' fast.fonts.com fonts.googleapis.com www.pnascentral.org 1
base-uri sagiakos.gr *.sagiakos.gr; default-src sagiakos.gr *.sagiakos.gr sagiakos.gr *.sagiakos.gr data: blob: 'unsafe-inline' 'unsafe-eval' unhooked.gr *.unhooked.gr unhooked.co *.unhooked.co gambit.ltd *.gambit.ltd googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com apis.google.com *.apis.google.com *.googleapis.com www.google.com gstatic.com *.gstatic.com fonts.googleapis.com translate.google.com; connect-src sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr unhooked.gr *.unhooked.gr unhooked.co *.unhooked.co gambit.ltd *.gambit.ltd doubleclick.net *.doubleclick.net googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com apis.google.com *.apis.google.com *.googleapis.com www.google.com gstatic.com *.gstatic.com fonts.googleapis.com translate.google.com https://www.facebook.com/tr/ *.facebook.com *.skroutz.gr *.analytics.google.com *.bestprice.gr socital.com *.socital.com clicktogo.gr *.clicktogo.gr notispace.gr *.notispace.gr iplocate.io *.iplocate.io https://onesignal.com/api/v1/apps/ https://onesignal.com/api/v1/players; script-src sagiakos.gr *.sagiakos.gr sagiakos.gr *.sagiakos.gr data: blob: facebook.net *.facebook.net facebook.com *.facebook.com doubleclick.net *.doubleclick.net googleadservices.com *.googleadservices.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com apis.google.com *.apis.google.com *.googleapis.com www.google.com gstatic.com *.gstatic.com fonts.googleapis.com translate.google.com analytics.skroutz.gr cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval' socital.com *.socital.com clicktogo.gr *.clicktogo.gr *.analytics.google.com *.skroutz.gr *.bestprice.gr notispace.gr *.notispace.gr https://plugin.socital.com/static/v1/ *.onesignal.com iplocate.io *.iplocate.io https://onesignal.com/api/ https://onesignal.com/api/v1/players cdn.onesignal.com; style-src sagiakos.gr *.sagiakos.gr sagiakos.gr *.sagiakos.gr 'unsafe-inline' facebook.net *.facebook.net facebook.com *.facebook.com doubleclick.net *.doubleclick.net googleadservices.com *.googleadservices.com apis.google.com *.apis.google.com *.googleapis.com www.google.com cdnjs.cloudflare.com *.onesignal.com https://onesignal.com/api/ *.skroutz.gr *.google-analytics.com *.analytics.google.com socital.com *.socital.com *.bestprice.gr clicktogo.gr *.clicktogo.gr notispace.gr *.notispace.gr iplocate.io *.iplocate.io https://onesignal.com/sdks/; form-action sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr facebook.net *.facebook.net doubleclick.net *.doubleclick.net facebook.com *.facebook.com; frame-ancestors sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr; font-src sagiakos.gr *.sagiakos.gr sagiakos.gr *.sagiakos.gr gstatic.com *.gstatic.com fonts.googleapis.com apis.google.com *.apis.google.com *.googleapis.com www.google.com self *.socital.com *.clicktogo.gr *.notispace.gr *.bestprice.gr *.iplocate.io data:; img-src * data: *.piraeusbank.gr sagiakos.gr *.sagiakos.gr blob: facebook.net *.facebook.net facebook.com *.facebook.com apis.google.com *.apis.google.com *.googleapis.com www.google.com; media-src * data: blob: *.piraeusbank.gr sagiakos.gr *.sagiakos.gr apis.google.com *.apis.google.com *.googleapis.com www.google.com; object-src sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr facebook.net *.facebook.net facebook.com *.facebook.com googleadservices.com *.googleadservices.com doubleclick.net *.doubleclick.net google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com apis.google.com *.apis.google.com *.googleapis.com www.google.com audiomack.com *.audiomack.com mixcloud.com *.mixcloud.com; frame-src sagiakos.gr *.sagiakos.gr *.piraeusbank.gr sagiakos.gr *.sagiakos.gr facebook.net *.facebook.net facebook.com *.facebook.com doubleclick.net *.doubleclick.net google.com *.google.com youtube.com *.youtube.com vimeo.com *.vimeo.com analytics.skroutz.gr apis.google.com *.apis.google.com *.googleapis.com www.google.com audiomack.com *.audiomack.com mixcloud.com *.mixcloud.com *.onesignal.com https://onesignal.com/api/ *.skroutz.gr *.google-analytics.com *.analytics.google.com socital.com *.socital.com *.bestprice.gr clicktogo.gr *.clicktogo.gr notispace.gr *.notispace.gr iplocate.io *.iplocate.io https://onesignal.com/webPushAnalytics; report-uri https://sagiakos.gr/csp 1
default-src *; style-src 'self' 'unsafe-inline' https://rsms.me/inter/inter.css https://css.zohocdn.com https://css.zohostatic.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stablemoney.in *.amazonaws.com https://wurfl.io https://www.clarity.ms *.googleapis.com *.gstatic.com https://unpkg.com https://www.googletagmanager.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://salesiq.zohopublic.in/widget https://js.zohocdn.com https://js.zohostatic.in https://cdnjs.cloudflare.com; img-src 'self' assets.stablemoney.in res.cloudinary.com https://www.facebook.com https://www.google.com https://www.google.co.in https://googleads.g.doubleclick.net https://media.licdn.com https://pbs.twimg.com https://i.ytimg.com; 1
default-src 'self';img-src 'self' theticketingco.imgix.net https://chat.frontapp.com https://chat-assets.frontusercontent.com https://user-assets.out.sh https://js.gleam.io https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca assets.theticketing.co theticketingco.imgix.net https://app.termly.io https://cdn.userway.org data: *;media-src assets.theticketing.co;script-src 'self' https://*.smartlook.com https://*.smartlook.cloud https://js.stripe.com https://api.userway.org https://cdn.userway.org https://chat-assets.frontapp.com https://assets.calendly.com https://connect.facebook.net/ https://widget.gleamjs.io https://*.googletagmanager.com https://accounts.google.com/gsi/client https://sc-static.net/scevent.min.js https://*.snapchat.com https://app.termly.io https://analytics.tiktok.com/i18n/pixel/ https://sc-static.net/sc-pixel-helper.min.js 'unsafe-eval';style-src 'self' assets.theticketing.co https://cdn.userway.org blob: 'unsafe-inline';font-src 'self' assets.theticketing.co fonts.gstatic.com theticketingco.imgix.net https://cdn.userway.org;frame-src *.youtube.com *.vimeo.com *.vevo.com https://js.stripe.com https://calendly.com https://gleam.io https://e.issuu.com https://forms.monday.com https://*.snapchat.com https://app.termly.io https://cdn.userway.org;frame-ancestors https://promoter.theticketing.co https://covellitepresents.org https://stonecircletheatre.org https://www.ambientalchemists.com https://www.moonpeakproductions.com https://www.montanabooking.com https://touchmotherearth.org https://touchmotherearth.com https://www.abcbrew.com https://www.infinitewav.com https://soundzorganic.com https://www.wublifent.com https://laculturapresents.com https://paradisefestny.com;object-src 'none';connect-src 'self' api.theticketing.co o353949.ingest.sentry.io https://www.facebook.com https://graph.facebook.com/ https://chat-assets.frontapp.com https://chat.frontapp.com https://us-west-1-chat-server.frontapp.com https://us-west-2-chat-server.frontapp.com wss://front-us-realtime.ably.io https://chat-webhook.frontapp.com https://*.bugsnag.com https://*.browser-intake-datadoghq.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.ca https://*.smartlook.com https://*.smartlook.cloud https://api.stripe.com https://api.userway.org https://cdn.userway.org https://*.api.userway.org theticketingco.imgix.net https://*.snapchat.com https://app.termly.io https://analytics.tiktok.com/api/v2/;report-uri https://theticketingco.report-uri.com/r/d/csp/enforce; 1
frame-ancestors 'self' http://my.conning http://portaluat.net.conning.com https://my.conning.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://go.conning.com www.googletagmanager.com tagmanager.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.googleapis.com/ *.google-analytics.com *.analytics.google.com app-ab20.marketo.com munchkin.marketo.net snap.licdn.com pixel.mathtag.com https://cdn.jsdelivr.net https://www.bugherd.com https://fast.wistia.com https://cdn.cookielaw.org https://*.adform.net; frame-src 'self' https://www.google.com/recaptcha/ https://app-ab20.marketo.com/ https://pixel.mathtag.com/ https://players.brightcove.net/ https://app.powerbi.com https://go.conning.com https://gateway.on24.com https://*.adform.net https://fast.wistia.net; 1
default-src 'self'; script-src 'self' 'self' 'unsafe-eval' 'unsafe-inline' *.yimg.jp *.yahoo.co.jp *.googletagmanager.com *.adnxs.com *.google-analytics.com *.treasuredata.com *.yjtag.jp *.googleadservices.com *.doubleclick.net; connect-src 'self' *.yahooapis.jp *.yahoo.co.jp *.adnxs.com *.google-analytics.com *.storematch.jp s.yimg.jp; form-action 'self' *.yahoo.co.jp; style-src * 'unsafe-inline' data: blob:; font-src * 'unsafe-inline' data: blob:; img-src * 'unsafe-inline' data: blob:; media-src * 'unsafe-inline' data: blob:; frame-src *.googletagmanager.com *.yahoo.co.jp *.yjtag.jp *.doubleclick.net *.yimg.jp *.adnxs.com 1
default-src 'self'; connect-src *; font-src * data:;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; worker-src 'self' blob: 1
default-src 'self' https://imperialroadsafety.bastionstudio.co.za https://p.typekit.net https://use.typekit.net https://ton.twimg.com https://pbs.twimg.com https://www.overend.co.za https://vod.overendstudio.co.za https://fonts.googleapis.com https://fonts.gstatic.com http://vod.overendstudio.co.za https://twitter.com/ https://www.google-analytics.com https://platform.twitter.com https://www.facebook.com https://stats.g.doubleclick.net https://www.google.com https://www.google.co.za https://overendstudio.co.za https://abs.twimg.com https://cdn.syndication.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://consent.cookiebot.com/; img-src * data: about:;frame-src 'self' https://imperialroadsafety.bastionstudio.co.za https://irhosted.profiledata.co.za https://consentcdn.cookiebot.com/ https://fonts.gstatic.com https://fonts.googleapis.com https://twitter.com https://platform.twitter.com/ https://www.twitter.com https://www.facebook.com https://9954673.fls.doubleclick.net https://maps.google.com https://www.google.com https://overendstudio.co.za https://abs.twimg.com https://cdn.syndication.twimg.com https://platform.twitter.com https://syndication.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://imperialroadsafety.bastionstudio.co.za https://use.typekit.net https://code.createjs.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ https://cdn.syndication.twimg.com/ https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://9954673.fls.doubleclick.net http://code.jquery.com https://code.highcharts.com https://abs.twimg.com https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' https://imperialroadsafety.bastionstudio.co.za https://fonts.googleapis.com/ https://twitter.com/ https://www.google-analytics.com https://platform.twitter.com https://abs.twimg.com https://pbs.twimg.com https://cdn.syndication.twimg.com https://ton.twimg.com https://consent.cookiebot.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.mdif.org; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://secure.gravatar.com; font-src 'self' data:; connect-src 'self'; media-src 'self'; object-src 'self'; frame-src https://www.mdif.org https://www.youtube.com; form-action 'self' https://www.mdif.org 1
frame-ancestors 'none';    block-all-mixed-content;    upgrade-insecure-requests; 1
frame-ancestors https://iaugmenthrj.azurewebsites.net https://iaugmenthrjuat.azurewebsites.net https://iaugmentfsil.azurewebsites.net https://houseofjohnson.in https://www.houseofjohnson.in https://b3live.com https://www.nobiliaindia.com https://vyr.hrjohnsonindia.com 1
default-src 'self' *.google.com *.doubleclick.net *.chargebee.com *.fbot.me *.youtube.com *.snapchat.com *.stripe.com *.learneo.com *.cookielaw.org *.amplitude.com *.quillbot.com *.quillbot.dev;script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.quillbot.com *.quillbot.dev *.amplitude.com *.google.co.in *.google.com *.bing.com *.linkedin.com *.snapchat.com *.licdn.com sc-static.net *.googletagmanager.com *.cloudflareinsights.com *.gstatic.com *.cookielaw.org *.quora.com *.redditstatic.com *.partnerstack.com *.datadoghq-browser-agent.com *.google-analytics.com *.clarity.ms *.hotjar.com *.googleadservices.com *.chargebee.com *.fontawesome.com *.stripe.com *.zdassets.com *.sentry-cdn.com *.taboola.com *.facebook.net ;style-src www.gstatic.com accounts.google.com *.quillbot.dev *.quillbot.com 'unsafe-inline' *.chargebee.com *.googleapis.com *.fontawesome.com *.paypalobjects.com ;img-src 'self' * quillbot.com *.quillbot.com *.cookielaw.org *.gstatic.com *.quora.com *.google-analytics.com *.reddit.com *.quillbot.dev *.linkedin.com *.bing.com *.google.co.in *.googletagmanager.com *.googleapis.com *.doubleclick.net *.googleusercontent.com *.clarity.ms *.grammarly.com data: blob:  *.google.ae *.google.ca *.google.co.id *.google.co.in *.google.co.jo *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.ng *.google.co.nz *.google.co.th *.google.co.tz *.google.co.uk *.google.co.uz *.google.co.za *.google.com.ae *.google.com.au *.google.com.bd *.google.com.br *.google.com.co *.google.com.eg *.google.com.et *.google.com.gh *.google.com.hk *.google.com.id *.google.com.kh *.google.com.mm *.google.com.mx *.google.com.my *.google.com.ng *.google.com.np *.google.com.om *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.uz *.google.com.vn *.google.com *.google.com *.google.de *.google.dz *.google.es *.google.es *.google.fr *.google.ie *.google.iq *.google.lk *.google.mu *.google.nl *.google.pt *.google.rw *.google.tn *.gravatar.com;font-src * *.gstatic.com 'self' *.quillbot.com *.paypalobjects.com *.fontawesome.com data:;connect-src * 'self' *.googleapis.com *.doubleclick.net *.chargebee.com *.fbot.me *.youtube.com *.snapchat.com *.stripe.com *.learneo.com *.cookielaw.org *.amplitude.com *.quillbot.com *.quillbot.dev *.onetrust.com *.redditstatic.com *.linkedin.com partnerlinks.io grsm.io *.bing.com *.browser-intake-datadoghq.com *.clarity.ms *.google-analytics.com *.hotjar.io *.google.ae *.google.ca *.google.co.id *.google.co.in *.google.co.jo *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ma *.google.co.ng *.google.co.nz *.google.co.th *.google.co.tz *.google.co.uk *.google.co.uz *.google.co.za *.google.com.ae *.google.com.au *.google.com.bd *.google.com.br *.google.com.co *.google.com.eg *.google.com.et *.google.com.gh *.google.com.hk *.google.com.id *.google.com.kh *.google.com.mm *.google.com.mx *.google.com.my *.google.com.ng *.google.com.np *.google.com.om *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.qa *.google.com.sa *.google.com.sg *.google.com.tr *.google.com.tw *.google.com.uz *.google.com.vn *.google.com *.google.com *.google.de *.google.dz *.google.es *.google.es *.google.fr *.google.ie *.google.iq *.google.lk *.google.mu *.google.nl *.google.pt *.google.rw *.google.tn *.googleadservices.com *.zdassets.com *.taboola.com *.gstatic-cache.com *.coursehero.com;child-src * blob:;media-src *.wikimedia.org data:;worker-src blob:;frame-ancestors 'self';frame-src 'self' *.opendns.com *.zscaler.com *.zscaler.net *.zscloud.net *.quillbot.com *.google.com *.chargebee.com *.snapchat.com *.stripe.com *.youtube.com *.securly.com *.learneo.com;form-action 'self' *.quillbot.com;manifest-src 'self' *.quillbot.com;report-uri https://sentry-webapp.quillbot.com/api/2/security/?sentry_key=5743ef12f4887fc460c7968ebb2de54d 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://consentcdn.cookiebot.com/ https://formbuilder.online https://cdn.polyfill.io https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com  https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://api.smartvel.com https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com  https://10906692.fls.doubleclick.net/ https://www.facebook.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com  https://func-cache-prices-integration-pro-westeurope.azurewebsites.net https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/  https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/  https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net  https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net; img-src 'self' data: https:; font-src 'self' https://maxcdn.bootstrapcdn.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://formbuilder.online https://cdn.polyfill.io https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com  https://ajax.googleapis.com https://api.smartvel.com https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com https://10906692.fls.doubleclick.net/ https://www.facebook.com  https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com  https://func-cache-prices-integration-pro-westeurope.azurewebsites.net https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/  https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/  https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net  https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval'   https://consentcdn.cookiebot.com/consentconfig/59bc5db8-a9c6-4f60-ba9e-5742f8fc9e13/ https://consent.cookiebot.com/59bc5db8-a9c6-4f60-ba9e-5742f8fc9e13/ https://formbuilder.online https://cdn.polyfill.io  https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://api.smartvel.com  https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com https://10906692.fls.doubleclick.net/ https://www.facebook.com https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com https://func-cache-prices-integration-pro-westeurope.azurewebsites.net  https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/ https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js  https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/ https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io  triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net https://consent.cookiebot.com/; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://region1.google-analytics.com/g/ https://consentcdn.cookiebot.com/consentconfig/59bc5db8-a9c6-4f60-ba9e-5742f8fc9e13/  https://www.google.es/ads/ga-audiences https://metrics.pushtech.com/api/device_metrics https://formbuilder.online https://cdn.polyfill.io  https://cdn-manager.pushtech.com https://assets-cdn.pushtech.com https://ga-dev-tools.appspot.com https://apis.google.com https://www.google.com https://content.googleapis.com https://ajax.googleapis.com https://api.smartvel.com  https://cdn.smartvel.com https://oauth-gihsa-portalaccionista.azurewebsites.net https://www.google-analytics.com https://10906692.fls.doubleclick.net/ https://www.facebook.com https://www.googletagmanager.com  https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net/ https://cti.ccbpo-ilunion.com https://func-cache-prices-integration-pro-westeurope.azurewebsites.net  https://11139322.fls.doubleclick.net https://stats.g.doubleclick.net https://www.gstatic.com https://bat.bing.com https://www.civitatis.com/ https://cdn2.civitatis.com/js/vendor/iframeResizer.min.js  https://region1.analytics.google.com/g/collect https://customs.affilired.com/track/ https://func-cache-prices-integration-pro-westeurope.azurewebsites.net/api/HotelRoomsBestPrices https://onboard.triptease.io/ *.triptease.io  triptease.io https://td.doubleclick.net/ https://rum-static.pingdom.net https://maxcdn.bootstrapcdn.com https://capi.hesperia.com https://rum-collector-2.pingdom.net https://www.pushtech.com; 1
default-src 'self'  *.arista.com;  frame-ancestors 'self'  *.arista.com;  form-action 'self'  *.arista.com  *.onelogin.com  *.salesforce.com  forms.hsforms.com  syndication.twitter.com;  script-src 'self'  'unsafe-inline'  'unsafe-eval'  customer.cludo.com  cdn.cookielaw.org  geolocation.onetrust.com  js.hsforms.net  forms.hsforms.com  js-na1.hs-scripts.com  js.hs-analytics.net  js.hs-banner.com  js.hsleadflows.net  *.smartrecruiters.com  www.google.com  *.gstatic.com  www.google-analytics.com  *.googletagmanager.com  maps.google.com  maps.googleapis.com  *.googleapis.com  platform.twitter.com  cdn.syndication.twimg.com  connect.facebook.net  platform.linkedin.com  www.youtube.com;  connect-src 'self'  api-eu1.cludo.com  api.cludo.com  cdn.cookielaw.org  geolocation.onetrust.com  privacyportal.onetrust.com  forms.hsforms.com  forms.hubspot.com  stats.g.doubleclick.net  www.google-analytics.com *.analytics.google.com *.googletagmanager.com;  child-src 'self'  forms.hsforms.com  js.hs-analytics.net  www.youtube.com  www.facebook.com  web.facebook.com  platform.twitter.com  syndication.twitter.com  web.facebook.com  www.google.com  www.google-analytics.com  *.livestream.com  vimeo.com  player.vimeo.com;  style-src 'self'  'unsafe-inline'  fonts.googleapis.com  platform.twitter.com  *.twimg.com;  font-src  'self'  fonts.gstatic.com;  img-src 'self' data:  customer.cludo.com  cdn.cookielaw.org  perf.hsforms.com  track.hubspot.com  forms-na1.hsforms.com  forms.hsforms.com  i.ytimg.com  *.gstatic.com  maps.google.com  maps.googleapis.com  *.googleapis.com  *.ggpht.com  www.google-analytics.com  *.googletagmanager.com  stats.g.doubleclick.net  platform.twitter.com  *.twimg.com  syndication.twitter.com  www.facebook.com  i.vimeocdn.com;  upgrade-insecure-requests;  report-uri /csp-report/ 1
frame-ancestors 'self' communico.co *.communico.co communico.tv libnet.info *.libnet.info events.slcpl.org; 1
default-src 'none'; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.gstatic.com *.zopim.com cdnjs.cloudflare.com *.adroll.com www.googletagmanager.com *.google.com www.google-analytics.com ajax.googleapis.com *.influ2.com *.zdassets.com *.news3.pw *.tomono.com *.metahash.org *.user-clicks.com *.facebook.net; connect-src 'self' *.googleapis.com *.zopim.com *.adroll.com *.doubleclick.net *.news3.pw wss://*.zopim.com wss://jp06.zopim.com metahash.zendesk.com *.influ2.com news.c8.net.ua *.zdassets.com *.tomono.com *.google-analytics.com *.metahash.org; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net use.fontawesome.com *.news3.pw *.metahash.org; font-src 'self' data: use.fontawesome.com *.news3.pw *.zopim.com *.metahash.org; frame-src 'self' *.facebook.com *.youtube.com *.news3.pw; worker-src 'self' *.news3.pw *.zendesk.com; object-src 'self' *.news3.pw 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' * 1
frame-ancestors 'self' *.hillspetnutrition.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
frame-ancestors 'self' http://intra.ifint.biz http://www.point-auto.dk http://point-auto.dk https://ekstrabladet.dk 1
frame-ancestors 'self' https://*.globalchristianrelief.org https://globalchristianrelief.org; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://az416426.vo.msecnd.net; img-src 'self' data: https://www.google.com/recaptcha https://ssl.google-analytics.com; connect-src 'self' https://www.google-analytics.com https://vortex.data.microsoft.com; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.hieu.tv 1
default-src https: ws: wss:; style-src 'self' https: 'unsafe-inline'; img-src * 'self' 'unsafe-inline' data: api.tennis.stream; frame-ancestors 'self' live.harleyquinnwidget.live; object-src data: 'unsafe-eval'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.de https://*.google.com https://*.googletagmanager.com https://*.googlesyndication.com https://*.google-analytics.com https://*.googleadservices.com https://*.googletagservices.com https://*.googleapis.com https://cdn.ampproject.org https://connect.facebook.net https://tags.refinery89.com https://script.4dex.io https://static.criteo.net https://cadmus.script.ac https://*.g.doubleclick.net/ https://t.seedtag.com https://*.consentmanager.net https://*.daswetter.com; frame-ancestors 'self' https://www.ed-live.de https://www.fs-live.de https://www.fm-live.de; object-src 'none'; 1
default-src 'self';style-src 'self' 'unsafe-inline' *;font-src 'self' 'unsafe-inline' *;object-src * data:;img-src * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;connect-src 'self' *;worker-src blob:;frame-ancestors 'self' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com apis.google.com ajax.googleapis.com www.googletagmanager.com platform.twitter.com https://get.mycounter.ua; object-src 'self'; style-src 'self' 'unsafe-inline' hello.myfonts.net; img-src 'self' data: www.pdaa.edu.ua gallery.pdaa.edu.ua i.ytimg.com https://stats.g.doubleclick.net https://www.google-analytics.com https://syndication.twitter.com https://csi.gstatic.com https://wwwimages.adobe.com; media-src 'self'; frame-src 'self' www.facebook.com apis.google.com platform.twitter.com https://accounts.google.com https://docs.google.com https://www.youtube.com https://www.google.com syndication.twitter.com; font-src 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://syndication.twitter.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://www.companionlink.com; 1
default-src 'self' *.stage-vynetrellis.com stage-vynetrellis.com *.stage-rpractice.com stage-rpractice.com; child-src 'self' blob: *.pendo.io stage-vynetrellis.com *.stage-vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.stage-vynetrellis.com wss://stage-vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.stage-vynetrellis.com stage-vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.stage-vynetrellis.com stage-vynetrellis.com *.stage-rpractice.com stage-rpractice.com *.pendo.io; frame-src 'self' *.stage-vynetrellis.com stage-vynetrellis.com *.pendo.io *.youtube.com; img-src 'self' *.vynetrellis.com blob: data: *.stage-vynetrellis.com stage-vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.youtube.com *.ytimg.com; object-src 'none'; script-src 'self' 'unsafe-inline' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.stage-vynetrellis.com stage-vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
report-uri www.rcslt.org 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addtoany.com *.cookiebot.com *.googletagmanager.com *.googleapis.com *.stripe.com *.google-analytics.com *.typekit.net *.wp.com *.facebook.com *.facebook.net *.instagram.com *.twitter.com *.pinterest.com *.linkedin.com; media-src 'self' blob:; base-uri 'self'; 1
frame-ancestors 'self' https://*.toyotakz.com https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
connect-src 'self' https://storage.googleapis.com/alantra-web-pro-wp-uploads/ https://www.google-analytics.com https://stats.g.doubleclick.net https://investmentdesktop.fundslibrary.net https://dc.services.visualstudio.com https://323-hqu-719.mktoresp.com/ https://region1.analytics.google.com 1
frame-ancestors *.gopennymac.com *.pennymac.com 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-Y2QzZGEyYzRmMzM2NGFkZWIzZTE1MzI3ODEzNzJlMWE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.onderwijsraad.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.onderwijsraad.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.onderwijsraad.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
frame-ancestors 'self' mycampus.pt universidadeeuropeia.instructure.com universidadeeuropeia.staging.instructure.com universidadeeuropeia.beta.instructure.com universidadeeuropeia.test.instructure.com; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src http: https: ws: wss: blob: 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
object-src 'self' script-src 'self' 'unsafe-inline' https://connect.facebook.net https://www.facebook.com https://cdn.jsdelivr.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.googletagmanager.com https://www.google-analytics.com https://vjs.zencdn.net https://youtube.com; frame-ancestors 'none'; form-action 'none'; report-uri https://compassbox.report-uri.com/r/d/csp/enforce 1
default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com/v1/engines/copilot-codex/completions *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com browser.events.data.microsoft.com edge.fullstory.com rs.fullstory.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/ 1
frame-src data: https://careerminds.com https://td.doubleclick.net https://www.youtube-nocookie.com https://www.google.com/  https://app.hubspot.com https://static.hsappstatic.net https://www.youtube.com; frame-ancestors 'none'; default-src 'self'; object-src 'none'; font-src 'self' data: https://static.zdassets.com https://careerminds.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com/ https://www.google.com/recaptcha/api.js https://static.zdassets.com https://ekr.zdassets.com https://widget-mediator.zopim.com https://www.googletagmanager.com https://js.hs-banner.com  https://js.hubspot.com https://snap.licdn.com https://www.google-analytics.com https://js.hs-analytics.net https://js.hsleadflows.net https://js.hsadspixel.net https://cta-service-cms2.hubspot.com  https://js.hs-scripts.com https://js.hscta.net/cta/current.js https://googleads.g.doubleclick.net https://connect.facebook.net; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://lh3.googleusercontent.com https://www.google-analytics.com https://perf-na1.hsforms.com https://www.google.com https://www.facebook.com https://px4.ads.linkedin.com https://www.googletagmanager.com  https://www.google.co.in https://cdn2.hubspot.net https://3044396.fs1.hubspotusercontent-na1.net https://f.hubspotusercontent40.net https://no-cache.hubspot.com/ https://px.ads.linkedin.com https://secure.gravatar.com https://ps.w.org https://www.linkedin.com https://track.hubspot.com https://perf.hsforms.com https://no-cache.hubspot.com https://i.ytimg.com; connect-src 'self' data: wss://widget-mediator.zopim.com https://ekr.zdassets.com https://getfive.zendesk.com https://www.google.co.in https://forms.hubspot.com https://stats.g.doubleclick.net https://www.google-analytics.com https://px.ads.linkedin.com https://analytics.google.com https://js.hs-banner.com https://cta-service-cms2.hubspot.com https://api.hubapi.com; media-src https://careerminds.com https://static.zdassets.com; 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self'; object-src 'none' 1
default-src 'none'; style-src 'self'; script-src 'self'; img-src 'self'; font-src 'self'; 1
upgrade-insecure-requests; default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
frame-ancestors 'self'  catalog.coolcat.org sprin-mt.iii.com; 1
default-src 'none'; base-uri 'none'; frame-ancestors 'none'; connect-src 'self' *.stripe.com *.getrewardful.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com wss://*.intercom.io *.googleapis.com *.google.com *.gstatic.com data: blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net; child-src *.intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net; form-action 'self' intercom.help *.intercom.io; font-src d1dfgjtvrwaror.cloudfront.net fonts.gstatic.com *.intercomcdn.com; img-src https: blob: data: ; manifest-src d1dfgjtvrwaror.cloudfront.net; media-src *.intercomcdn.com; frame-src *.stripe.com app.getbee.io *.doubleclick.net *.google.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com d1dfgjtvrwaror.cloudfront.net; script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-4ea6c246ed4207027c402b94e3fdaa69' 'strict-dynamic'; upgrade-insecure-requests; report-uri /console/report/csp 1
frame-ancestors 'self' localhost:* *.agentcubed.com *.quotit.net *.nationalgeneral.com 1
frame-ancestors 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googleapis.com *.recaptcha.net *.gstatic.com *.adesa.com app.five9.com openauction.prod.nw.adesa.com www.googletagmanager.com app.five9.com openauction.prod.nw.adesa.com *.cookielaw.org *.acsbapp.com acsbapp.com kit.fontawesome.com kendo.web.js; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.google.com data: gap: *.googleapis.com *.google-analytics.com *.recaptcha.net *.gstatic.com https://cdn.cookielaw.org https://acsbapp.com https://kit.fontawesome.com https://appds8093.blob.core.windows.net https://privacyportal-cdn.onetrust.com/ www.googletagmanager.com app.five9.com openauction.prod.nw.adesa.com 1
default-src 'self' *.rackcdn.com cdn.ttm.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com *.doubleclick.net recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com blob:; style-src 'self' 'unsafe-inline' *.rackcdn.com cdn.ttm.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.bootstrapcdn.com *.mapbox.com *.fontawesome.com *.doubleclick.net recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com; script-src 'self' 'unsafe-inline' *.rackcdn.com cdn.ttm.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.doubleclick.net *.bootstrapcdn.com *.mapbox.com *.fontawesome.com recruitingbypaycor.com cdnjs.cloudflare.com unpkg.com cdn.jsdelivr.net *.google-analytics.com; img-src 'self' 'unsafe-inline'  *.google-analytics.com  cdn.jsdelivr.net blob: data:; worker-src blob:; 1
default-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.sharethis.com https://*.heatmap.it https://*.google-analytics.com https://*.facebook.com https://*.twitter.com;frame-src 'self' https://*.sharethis.com https://*.twitter.com https://*.facebook.com;frame-ancestors 'self'; 1
img-src data: https://*; style-src https://* 'unsafe-inline'; script-src https://* 'unsafe-inline'; frame-ancestors teams.microsoft.com *.teams.microsoft.com *.skype.com *.microsoft365.com *.office.com outlook.live.com outlook.office.com outlook.office365.com outlook-sdf.office.com outlook-sdf.office365.com; 1
default-src 'self' https://waves.exchange https://testnet.waves.exchange https://nodes-testnet.wavesnodes.com https://nodes.wavesnodes.com;img-src 'self' data: https:;font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com;script-src-attr 'self' 'unsafe-inline';base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.stripe.com/ https://stats.wp.com/ https://*.typekit.net/ https://*.testfreaks.com/ https://sibautomation.com/ https://*.googletagmanager.com/ https://*.facebook.net/ https://*.google.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://maps.googleapis.com/ https://maps.google.com/ https://translate.google.com/ https://translate.googleapis.com/ https://youtube.com/ https://*.youtube.com/ https://www.recaptcha.net/ https://www.gstatic.com/ https://www.google.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://tagmanager.google.com/ https://*.googlesyndication.com/ https://partner.googleadservices.com/ https://adservice.google.ca/ https://adservice.google.co.in/ https://adservice.google.co.kr/ https://adservice.google.co.uk/ https://adservice.google.co.za/ https://adservice.google.com/ https://adservice.google.com.ar/ https://adservice.google.com.au/ https://adservice.google.com.br/ https://adservice.google.com.co/ https://adservice.google.com.gt/ https://adservice.google.com.mx/ https://adservice.google.com.pe/ https://adservice.google.com.ph/ https://adservice.google.com.pk/ https://adservice.google.com.tr/ https://adservice.google.com.tw/ https://adservice.google.com.vn/ https://adservice.google.de/ https://adservice.google.dk/ https://adservice.google.es/ https://adservice.google.fr/ https://adservice.google.nl/ https://adservice.google.no/ https://adservice.google.ru/ https://adservice.google.vg/ https://www.google.com/ https://google.com/ https://*.google.com/ https://googleadservices.com/ https://*.googleadservices.com/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/; img-src 'self' data: https://pixel.wp.com/ https://*.typekit.net/ https://*.google.se/ https://*.google.com/ https://google-analytics.com/ https://*.google-analytics.com/ https://maps.gstatic.com/ https://maps.google.com/ https://maps.googleapis.com/ https://translate.googleapis.com/ https://*.ytimg.com/ https://secure.gravatar.com/ https://*.cdninstagram.com/ https://googletagmanager.com/ https://*.googletagmanager.com/ https://gstatic.com/ https://*.gstatic.com/ https://*.googlesyndication.com/ https://googleads.g.doubleclick.net/ https://google.com/ https://*.google.com/ https://www.facebook.com/; object-src 'self' data: https://*.stripe.com/ https://*.billmate.se/ https://*.facebook.com/ https://*.google.com/ https://www.google.com/ https://maps.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://*.doubleclick.net/; frame-src 'self' data: https://*.stripe.com/ https://*.billmate.se/ https://*.facebook.com/ https://*.google.com/ https://www.google.com/ https://maps.google.com/ https://youtube.com/ https://*.youtube.com/ https://youtube-nocookie.com/ https://*.youtube-nocookie.com/ https://youtu.be/ https://*.vimeo.com/ https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://*.doubleclick.net/; 1
frame-ancestors *.coinstore.com *.coinstore.vip;default-src 'self' *.coinstore.com *.coinstore.vip https: data: gap: 'unsafe-inline' blob: data: wss: data: 'unsafe-eval' ;img-src 'self' *.aliyuncs.com *.cloudflare.com *.google.co.jp *.geevisit.com *.googletagmanager.com *.geetest.com *.coinstore.com *.coinstore.vip *.amazonaws.com *.google-analytics.com data: blob:;media-src 'self' *.coinstore.com *.coinstore.vip *.amazonaws.com *.zdassets.com; connect-src 'self' *.googleapis.com *.zdassets.com *.coinstore.com *.coinstore.vip *.zendesk.com *.google-analytics.com *.doubleclick.net *.google.com *.agora.io *.sd-rtn.com *.easemob.com wss: blob:; 1
font-src https://cdn.checkout.com *.zohocdn.com *.gstatic.com *.hotjar.com *.fontawesome.com maxcdn.bootstrapcdn.com data: checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com desk.zoho.com *.adform.net *.facebook.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://js.checkout.com *.klarna.com imgs.cdn-btsg.com *.demdex.net app.viralsweep.com services.listrak.com *.credova.com imasdk.googleapis.com rumble.com maps.google.com issuu.com *.zendesk.com *.hotjar.com *.webengage.com *.addtoany.com *.google.com google.com *.googletagmanager.com *.checkout.com *.plumrocket.com *.webengage.co *.snapchat.com *.doubleclick.net *.creativecdn.com zhsyboxy.eug.stape.io *.google.com.sa *.facebook.com tsdtocl.com *.meetanshi.com https://plumrocket.com https://accounts.google.com checkout.tabby.ai 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io seal.digicert.com *.listrakbi.com mediacdn.espssl.com imgs.cdn-btsg.com s3.amazonaws.com seal-easternnc.bbb.org *.magebees.com *.cloudfront.net *.zoho.com *.google.com *.google-analytics.com *.googletagmanager.com tracking.avantlink.com *.google.co.in *.googleapis.com *.adobedtm.com *.omtrdc.net *.demdex.net *.everesttech.net *.magentocommerce.com *.mediacdn.espssl.com *.tamara.co *.gstatic.com *.zendesk.com *.hotjar.com *.webengage.com *.facebook.com *.googleadservices.com *.meetanshi.com *.linkedin.com *.snapchat.com *.twitter.com *.clarity.ms *.bing.com t.co zhsyboxy.eug.stape.io dsum-sec.casalemedia.com *.adform.net *.google.com.sa cm.g.doubleclick.net pixel.rubiconproject.com https://meetanshi.com/media/logo.png checkout.tabby.ai widgets.tabby.ai cdn.tabby.ai fonts.googleapis.com storage.googleapis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://cdn.checkout.com *.klarnacdn.net seal.digicert.com *.listrakbi.com app.viralsweep.com services.listrak.com imgs.cdn-btsg.com *.clarity.ms *.cloudfront.net cdnjs.cloudflare.com rumble.com s0.2mdn.net *.google.com tracking.avantlink.com *.credova.com cdn-apps.drimify.com *.zohopublic.com *.zohocdn.com *.zohostatic.com *.googleapis.com google.com *.googleadservices.com *.analytics.google.com *.googletagmanager.com *.google.co.in *.zendesk.com *.hotjar.com *.webengage.com *.addtoany.com *.vimeo.com *.gstatic.com *.checkout.com *.creativecdn.com *.ads-twitter.com *.licdn.com *.taboola.com *.tiktok.com sc-static.net *.snapchat.com *.zdassets.com *.tamara.co zhsyboxy.eug.stape.io *.googleads.g.doubleclick.net *.google.com.sa dsum-sec.casalemedia.com static.criteo.net *.meetanshi.com connect.facebook.net *.google-analytics.com https://accounts.google.com https://www.gstatic.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com www.google.com cdn.sift.com score.jcsc.online seondf.com deviceinf.com getdeviceinf.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://cdn.checkout.com *.listrakbi.com *.zohocdn.com *.zohostatic.com *.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com tracking.avantlink.com *.google.co.in *.fontawesome.com maxcdn.bootstrapcdn.com https://accounts.google.com https://www.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com https://js.checkout.com *.klarnaevt.com *.listrakbi.com onsite-api.listrak.com *.doubleclick.net imgs.cdn-btsg.com maps.googleapis.com desk.zoho.com *.credova.com rumble.com *.clarity.ms *.zohopublic.com *.googleapis.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com tracking.avantlink.com *.google.co.in *.zendesk.com *.hotjar.com wss://ws.hotjar.com *.webengage.com *.hotjar.io *.checkout.com *.creativecdn.com *.linkedin.com *.taboola.com *.tiktok.com *.snapchat.com google.com *.pangle-ads.com *.zdassets.com *.facebook.com *.tamara.co zhsyboxy.eug.stape.io *.google.com.sa *.meetanshi.com *.analytics.google.com stats.g.doubleclick.net https://accounts.google.com checkout.tabby.ai widgets.tabby.ai cdn.segment.com api.segment.com api.segment.io api.amplitude.com *.seondfresolver.com *.deviceinfresolver.com *.getdeviceinfresolver.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.seondnsresolve.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' data: 'unsafe-inline' blob:; 		child-src 'self' 'unsafe-inline' 'unsafe-eval'; 		connect-src 'self' data: blob: https://convertiumindia.lexusindia.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://*.curator.io *.visualwebsiteoptimizer.com app.vwo.com https://api-js.mixpanel.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com wss://api.livechatinc.com https://convertiumitp.lexusindia.co.in https://visitor-service-convertium.lexusindia.co.in https://*.metadome.ai https://preview.babylonjs.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; 		font-src 'self' data: https://static.lexusasia.com https://font.googleapis.com https://*.metadome.ai https://preview.babylonjs.com/; 		frame-src 'self' https://*.fls.doubleclick.net https://www.lexusfinance.co.in/ https://tags.tiqcdn.com https://www.google.com https://vk.com https://www.dailymotion.com https://player.vimeo.com https://www.youtube.com https://www.facebook.com https://my.matterport.com https://bs.serving-sys.com https://*.livechatinc.com app.vwo.com *.visualwebsiteoptimizer.com; 		img-src 'self' data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://curator-assets.b-cdn.net *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://tracking.lexusindia.co.in https://dam.lexusasia.com https://static.lexusasia.com https://www.facebook.com https://connect.facebook.net https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://convertiumitp.lexus.com.vn https://www.googleadservices.com https://cdn.livechat-files.com https://cdn.chatbot.com https://*.livechatinc.com https://*.metadome.ai https://preview.babylonjs.com/ https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; 		media-src 'self' https://dam.lexusasia.com https://*.metadome.ai https://preview.babylonjs.com https://curator-assets.b-cdn.net; 		script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.curator.io *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com https://img.en25.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com wss://api.livechatinc.com https://convertiumitp.lexusindia.co.in https://visitor-service-convertium.lexusindia.co.in https://*.metadome.ai https://preview.babylonjs.com/; 		style-src 'self' data: 'unsafe-inline' https://*.curator.io https://static.lexusasia.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; 		worker-src 'self' blob:; 1
frame-ancestors 'self' *.mapfretecuidamos.com *.mapfre.com *.mapfre.es; 1
default-src 'self'; base-uri 'self'; child-src https://policy.app.cookieinformation.com blob:; connect-src 'self' *.cookieinformation.com https://app-cctadop-cms-3cd-prod-b.azurewebsites.net/ https://app-cctadop-api-prod-b.azurewebsites.net/ dpm.demdex.net *.sc.omtrdc.net https://udviklingsogforenk.tt.omtrdc.net *.kaltura.com *.readspeaker.com https://api.cludo.com https://supchat.skat.supwizapp.com wss://supchat.skat.supwizapp.com https://info.skat.dk/; font-src 'self' data:; frame-ancestors 'self' https://sktst.dk https://info.skat.dk; frame-src 'self' https://policy.app.cookieinformation.com *.kaltura.com https://skat.dk https://app-eu.readspeaker.com https://info.skat.dk/; img-src 'self' https://app-cctadop-cms-3cd-prod-b.azurewebsites.net/ data: *.kaltura.com *.cludo.com https://skat.dk *.sc.omtrdc.net https://supchat.skat.supwizapp.com https://info.skat.dk https://meeting.skat.dk; media-src 'self' *.kaltura.com data: blob: https://supchat.skat.supwizapp.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://policy.app.cookieinformation.com https://policy.cookieinformation.com *.kaltura.com *.readspeaker.com https://supchat.skat.supwizapp.com; style-src 'self' 'unsafe-inline' *.readspeaker.com *.supwizapp.com; 1
frame-ancestors 'self' *.nafin.com; 1
default-src 'self' https://www.petas.gr;
		font-src 'self' https://www.petas.gr
		  https://fonts.gstatic.com
		  https://beacon-v2.helpscout.net
		  https://maxcdn.bootstrapcdn.com
		  blob: data:;
		connect-src 'self' https://www.petas.gr
		  wss://*.pusher.com
		  https://*.openpay.mx
		  https://bam.eu01.nr-data.net
		  https://*.luckyorange.com
		  wss://*.luckyorange.com
		  https://bam.nr-data.net
		  https://www.google-analytics.com
		  https://stats.g.doubleclick.net
		  https://googleads.g.doubleclick.net
		  https://www.facebook.com/tr/
		  https://capture.trackjs.com
		  https://d3hb14vkzrxvla.cloudfront.net
		  https://analytics.skyscanner.net
		  https://*.google.com
		  https://www.google.gr
		  https://*.helpscout.net
		  https://*.pusher.com
		  wss://visitors.live
		  wss://*.visitors.live
		  https://pubsub.googleapis.com
		  https://*.sumologic.com
		  blob: data:;
		frame-src 'self' https://www.petas.gr
		  https://*.openpay.mx
		  https://api.opencontrol.mx
		  https://ssl.kaptcha.com
		  https://www.alphaecommerce.gr
		  https://vpos.eurocommerce.gr
		  https://*.test.modirum.com
		  https://mpi.piraeusbank.modirum.com
		  https://acs2.3ds.modirum.com
		  https://beacon-v2.helpscout.net
		  https://www.facebook.com
		  https://go.linkwi.se
		  https://www.google.com
		  blob: data:;
		img-src 'self' https://www.petas.gr
		  https://www.petas.gr
		  https://www.google.com
		  https://www.google.gr
		  https://cdn.klarna.com
		  https://www.sectigo.com
		  https://sectigo.com
		  https://usage.trackjs.com
		  https://www.facebook.com
		  https://affiliate.linkwise.gr
		  https://*.google-analytics.com
		  https://googleads.g.doubleclick.net
		  https://hexagon-analytics.com
		  https://www.googletagmanager.com
		  https://beacon-v2.helpscout.net
		  https://www.googleadservices.com
		  https://*.gravatar.com
		  https://d33v4339jhl8k0.cloudfront.net
		  https://chatapi-prod.s3.amazonaws.com/
		  https://d10lpsik1i8c69.cloudfront.net
		  https://connect.facebook.net
		  blob: data:;
		media-src 'self' https://www.petas.gr
		  https://d10lpsik1i8c69.cloudfront.net
		  https://beacon-v2.helpscout.net
		  blob: data:;
		object-src 'self' https://www.petas.gr
		  https://beacon-v2.helpscout.net
		  blob: data:;
		script-src 'self' https://www.petas.gr 'unsafe-inline' 'unsafe-eval'
		  https://www.trabber.com
		  https://analytics.skyscanner.net
		  https://www.gstatic.com
		  https://beacon-v2.helpscout.net
		  https://bam.eu01.nr-data.net
		  https://js.pusher.com
		  https://www.petas.gr
		  https://www.tripair.com
		  https://www.euroferries.com
		  https://secure.rentalcars.com
		  https://www.googletagmanager.com
		  https://t.skyscnr.com
		  https://mule.airtickets.com
		  https://*.linkwi.se
		  https://affiliate.linkwise.gr
		  https://www.kayak.com
		  https://mule.tripsta.net
		  https://secure.wego.com
		  https://travel.mediaalpha.com
		  https://www.reytrip.com
		  https://*.google.com
		  https://connect.facebook.net
		  https://cdn.siftscience.com
		  https://cdnjs.cloudflare.com
		  https://partner.googleadservices.com
		  https://*.google-analytics.com
		  https://www.googleadservices.com
		  https://js-agent.newrelic.com
		  https://googleads.g.doubleclick.net
		  https://bam.nr-data.net
		  https://capture.trackjs.com
		  https://live.adyen.com
		  https://apis.google.com
		  https://maxcdn.bootstrapcdn.com
		  https://ajax.googleapis.com
		  https://code.jquery.com
		  https://cdn.datatables.net
		  https://*.luckyorange.com
		  https://*.pusher.com
		  wss://*.pusher.com
		  https://d12wqas9hcki3z.cloudfront.net
		  https://d33v4339jhl8k0.cloudfront.net
		  https://d10lpsik1i8c69.cloudfront.net
		  https://*.openpay.mx;
		style-src 'self' https://www.petas.gr
		  https://fonts.googleapis.com
		  https://beacon-v2.helpscout.net
		  https://code.jquery.com
		  https://cdn.datatables.net
		  https://maxcdn.bootstrapcdn.com
		  https://d10lpsik1i8c69.cloudfront.net
		  'unsafe-inline'; 
		worker-src blob:;
		base-uri 'self' https://www.petas.gr
		  https://docs.helpscout.net;
		 1
frame-ancestors 'self';                      script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.nr-data.net https://*.zendesk.com https://*.cookieseal.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://assets.zendesk.com https://cdn.amplitude.com https://connect.facebook.net https://dbfukofby5ycr.cloudfront.net https://graph.facebook.com https://google-analytics.com https://googletagmanager.com https://img2-digitouch.mncdn.com https://js.bkmexpress.com.tr https://js.facebook.com https://static.zdassets.com https://script.hotjar.com https://static.hotjar.com https://ssl.google-analytics.com https://stn-brandroom.mncdn.com https://theme.zdassets.com https://tagmanager.google.com https://v2.zopim.com https://widget-mediator.zopim.com https://www.google-analytics.com https://www.google.com https://www.googletagmanager.com https://*.perzonalization.com https://*.newrelic.com;                      style-src 'self' 'unsafe-inline' *.google.com *.zdassets.com fonts.googleapis.com https://*.cookieseal.com stn-brandroom.mncdn.com www.googletagmanager.com dbfukofby5ycr.cloudfront.net 1865548805.rsc.cdn77.org *.webinstats.com;                      child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net vars.hotjar.com www.googletagmanager.com https://*.rdrtr.com;                      base-uri 'self';                      worker-src 'self' blob: www.google.com;      report-uri /WebResource.axd?cspReport=true; 1
connect-src 'self' ws://egonscan.com wss://egonscan.com wss://*.bridge.walletconnect.org/ https://request-global.czilladx.com/ https://raw.githubusercontent.com/trustwallet/assets/ https://registry.walletconnect.org/data/wallets.json https://*.poa.network;        default-src 'self';        script-src 'self' 'unsafe-inline' 'unsafe-eval' https://coinzillatag.com https://www.google.com https://www.gstatic.com;        style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com;        img-src 'self' * data:;        media-src 'self' * data:;        font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com data:;        frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://request-global.czilladx.com/ https://www.google.com; 1
connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://web-storage.deltadentalok.org https://web-storage.delta-dental-ok.mwf.show https://releases.wagtail.org; frame-src 'self' https://www.deltadentalok.org https://www.google.com https://www.googletagmanager.com https://player.vimeo.com/ https://vimeo.com/ https://pixel.sitescout.com/ https://pixel-sync.sitescout.com/; worker-src 'self'; style-src 'self' data: 'report-sample' 'unsafe-inline' https://cdn-images.mailchimp.com https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css; script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.list-manage.com https://s3.amazonaws.com/downloads.mailchimp.com/js/ https://code.jquery.com/jquery-1.12.4.min.js https://code.jquery.com/jquery-migrate-1.12.1.min.js https://code.jquery.com/jquery-migrate-1.4.1.min.js https://code.jquery.com/ui/1.12.1/jquery-ui.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://player.vimeo.com/api/player.js https://player.vimeo.com/api/player-2.19.0.js https://cdn01.basis.net/assets/up.js; frame-ancestors 'self' https://*.deltadentalok.org https://delta-dental-ok.mwf.show https://*.delta-dental-ok.mwf.show; img-src 'self' data: blob: https://*.google-analytics.com https://web-storage.deltadentalok.org https://web-storage.delta-dental-ok.mwf.show https://www.googletagmanager.com https://www.gravatar.com https://pixel.sitescout.com/up/92a10fe33c44cdc9 https://i.vimeocdn.com/video/; default-src 'self' https://web-storage.deltadentalok.org; font-src 'self' data: https://fonts.gstatic.com https://use.typekit.net; report-uri https://9d223fa0c21171bca21b1685b84555fb.report-uri.com/r/d/csp/enforce 1
default-src 'self'; script-src 'self'  https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://www.google-analytics.com https://c.seznam.cz/js/rc.js https://connect.facebook.net https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://bat.bing.com https://*.clarity.ms https://bisko.gjirafa.net https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com https://e1ec56c97db04b858c134ee6093a77f9.js.ubembed.com https://assets.ubembed.com https://*.ladesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https: data: http://c.seznam.cz; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; 1
default-src 'self'; child-src 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval';  img-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://*.porscheinformatik.com; img-src 'self' https://*.amazonaws.com/ data:; media-src 'self' https://*.amazonaws.com/ blob:;font-src 'self' data:;connect-src 'self' data: https://*.amazonaws.com wss:;worker-src 'self' blob:; script-src-elem 'self' 'unsafe-inline' 1
upgrade-insecure-requests;; upgrade-insecure-requests 1
default-src 'self' data: 'unsafe-inline'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' soliant.com; 1
report-uri /csp/report-to;base-uri 'none';connect-src 'self' wss://www.bakertilly.nl:5173 https://www.bakertilly.nl:5173 https://*.fonts.bunny.net https://fonts.bunny.net https://*.consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://*.fontawesome.com https://fontawesome.com https://*.google.com https://google.com https://*.google.nl https://google.nl https://*.googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.stats.g.doubleclick.net https://stats.g.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.hotjar.com https://hotjar.com wss://*.hotjar.com wss://hotjar.com https://*.hotjar.io https://hotjar.io https://*.oribi.io https://oribi.io https://*.px.ads.linkedin.com https://px.ads.linkedin.com https://*.piwik.pro https://piwik.pro https://*.vimeo.com https://vimeo.com https://*.ipify.org https://ipify.org;default-src 'none';form-action 'self' https://*.facebook.com https://facebook.com;img-src 'self' data: geo0.ggpht.com geo1.ggpht.com geo2.ggpht.com geo3.ggpht.com lh3.ggpht.com lh4.ggpht.com lh5.ggpht.com lh6.ggpht.com https://*.facebook.com https://facebook.com https://*.google.com https://google.com https://*.google.nl https://google.nl https://*.google-analytics.com https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://*.linkedin.com https://linkedin.com https://*.googleapis.com https://googleapis.com https://*.maps.gstatic.com https://maps.gstatic.com https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com;media-src 'self' https://*.vimeo.com https://vimeo.com;object-src 'none';script-src 'self' 'nonce-AGcDoXlEZLd9TWJ6lqOktf2Ryf865fvAEPN22NQC' https://www.bakertilly.nl:5173 wss://www.bakertilly.nl:5173 'unsafe-eval' 'strict-dynamic' https://*.consent.cookiebot.com https://consent.cookiebot.com https://*.consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://*.googletagmanager.com https://googletagmanager.com https://*.googleapis.com https://googleapis.com;style-src 'self' 'nonce-AGcDoXlEZLd9TWJ6lqOktf2Ryf865fvAEPN22NQC' https://www.bakertilly.nl:5173 'unsafe-inline' https://*.fonts.googleapis.com https://fonts.googleapis.com https://*.rsms.me https://rsms.me https://*.googleapis.com https://googleapis.com https://*.typekit.net https://typekit.net;script-src-attr https://www.bakertilly.nl:5173 'self';script-src-elem https://www.bakertilly.nl:5173 'self' 'unsafe-inline' https://*.consent.cookiebot.com https://consent.cookiebot.com https://*.consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://*.facebook.com https://facebook.com https://*.facebook.net https://facebook.net https://*.fontawesome.com https://fontawesome.com https://*.googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google-analytics.com https://google-analytics.com https://*.googletagmanager.com https://googletagmanager.com https://*.hotjar.com https://hotjar.com https://*.licdn.com https://licdn.com https://*.maglr.com https://maglr.com https://*.piwik.pro https://piwik.pro https://*.spotlerscript.com https://spotlerscript.com https://*.spotlerleads.nl https://spotlerleads.nl https://*.vimeo.com https://vimeo.com https://*.vimeocdn.com https://vimeocdn.com https://*.youtube.com https://youtube.com https://*.cloudflare.com https://cloudflare.com;style-src-attr https://www.bakertilly.nl:5173 'self' 'unsafe-inline';style-src-elem https://www.bakertilly.nl:5173 'self' 'unsafe-inline' https://*.fonts.bunny.net https://fonts.bunny.net;font-src https://www.bakertilly.nl:5173 'self' data: https://*.fonts.bunny.net https://fonts.bunny.net https://*.fontawesome.com https://fontawesome.com https://*.fonts.gstatic.com https://fonts.gstatic.com https://*.rsms.me https://rsms.me https://*.typekit.net https://typekit.net;frame-ancestors 'self';manifest-src 'self';frame-src 'self' https://*.consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://*.facebook.com https://facebook.com https://*.hotjar.com https://hotjar.com https://*.maglr.com https://maglr.com https://*.vimeo.com https://vimeo.com https://*.youtube.com https://youtube.com https://*.cloudflare.com https://cloudflare.com;child-src https://*.vimeo.com https://vimeo.com 1
default-src 'self' fonts.gstatic.com *.akamaihd.net fonts.googleapis.com *.go-mpulse.net *.akstat.io *.akamaihd.net; img-src 'self' *.akstat.io; script-src 'self' 'unsafe-inline' *.go-mpulse.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
upgrade-insecure-requests; object-src 'none'; form-action 'self' *.nexi.it *.poste.it *.hubcasino.cloud; frame-ancestors 'self' 1
default-src 'self' https://*.getprintbox.com; connect-src o2.mouseflow.com sumo.com media.sumo.com https://analytics.tiktok.com https://gtm.lalapix.com/ https://api-js.mixpanel.com 'self' blob: lalapix.com lalapix.getprintbox.com lalapix-pbx2.getprintbox.com pbx2-brian.s3.amazonaws.com pbx2-brian.s3.eu-central-1.amazonaws.com pbx2-sg-lalapix.s3.ap-southeast-1.amazonaws.com pbx2-sg-lalapix.s3.ap-southeast-1.amazonaws.com printbox-js.s3.amazonaws.com https://*.getprintbox.com https://dbg.getprintbox.com:8888 https://*.printboxteam.com https://*.google-analytics.com https://*.google.com https://*.facebook.com https://*.bing.com https://*.olark.com wss://*.zopim.com https://*.zopim.com https://stats.g.doubleclick.net https://www.paypal.com https://*.stripe.com https://*.hotjar.com wss://*.hotjar.com wss://*.getprintbox.com https://*.googleapis.com https://*.smartsupp.com wss://*.smartsupp.com https://api.instagram.com https://graph.instagram.com https://*.facebook.net https://*.gstatic.com https://www.googletagmanager.com https://tagmanager.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://bam.nr-data.net https://*.nets.com.sg https://*.enets.sg; script-src *.sumome.com *.sumo.com sumo.b-cdn.net https://cdn.omise.co https://static.ads-twitter.com https://analytics.tiktok.com https://dev-kpaymentgateway.kasikornbank.com 'self' lalapix.com lalapix.getprintbox.com lalapix-pbx2.getprintbox.com printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8000 https://dbg.getprintbox.com:8888 'unsafe-inline' 'unsafe-eval' https://*.getprintbox.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.google.com https://*.google.pl https://*.google.dk https://*.googleapis.com https://*.googletagmanager.com https://*.bing.com https://*.gstatic.com https://*.google-analytics.com https://cdn.mouseflow.com https://*.facebook.net https://api.instagram.com https://api.flickr.com https://*.twitter.com https://*.pinterest.com https://cdn.klarna.com https://*.stripe.com https://*.olark.com https://chimpstatic.com https://*.zopim.com https://*.bootstrapcdn.com https://cdn.tinymce.com https://www.paypal.com https://www.paypalobjects.com https://*.hotjar.com https://*.prestashop.com https://auth-server.herokuapp.com https://cdnjs.cloudflare.com https://www.youtube.com https://*.ytimg.com/ https://smartsupp-widget-161959.c.cdn77.org https://bootstrap.smartsuppchat.com https://www.smartsuppchat.com https://tagmanager.google.com https://*.enets.sg; img-src https://analytics.tiktok.com 'self' data: blob: https: www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com; style-src sumo.b-cdn.net *.sumo.com 'self' 'unsafe-inline' printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8888 https://*.getprintbox.com https://*.googleapis.com https://*.olark.com https://*.bootstrapcdn.com https://*.prestashop.com https://cdnjs.cloudflare.com https://smartsupp-widget-161959.c.cdn77.org https://tagmanager.google.com https://*.enets.sg; font-src 'self' data: blob: lalapix.com lalapix.getprintbox.com pbx2-sg-lalapix.s3.ap-southeast-1.amazonaws.com printbox-js.s3.amazonaws.com https://dbg.getprintbox.com:8888 https://*.getprintbox.com https://*.googleapis.com https://fonts.gstatic.com https://*.bootstrapcdn.com https://*.hotjar.com https://*.prestashop.com https://cdnjs.cloudflare.com https://*.zopim.com https://smartsupp-widget-161959.c.cdn77.org https://*.enets.sg; frame-src https://vault.omise.co/ bytedance: sslocal: 'self' lalapix.com lalapix.getprintbox.com lalapix-pbx2.getprintbox.com https://*.getprintbox.com https://*.google.com https://*.googletagmanager.com https://*.facebook.com https://*.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://cdn.klarna.com https://*.prestashop.com https://*.stripe.com https://*.cardinalcommerce.com https://*.olark.com https://*.twitter.com https://*.hotjar.com https://*.googleapis.com https://bid.g.doubleclick.net; media-src 'self' https://dbg.getprintbox.com:8888 https://*.olark.com https://smartsupp-widget-161959.c.cdn77.org; object-src 'none'; report-uri https://sentry.getprintbox.com/api/48/security/?sentry_key=67bc25495b504a2488cb2aa64ff50c4f; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js https://ajax.aspnetcdn.com/ajax/jquery.validate/1.9/jquery.validate.js s.go-mpulse.net https://tags.crwdcntrl.net/c/12323/cc_af.js www.google-analytics.com static.hotjar.com dev.visualwebsiteoptimizer.com https://sc-static.net/scevent.min.js https://connect.facebook.net/en_US/fbevents.js https://collector-1854.tvsquared.com/tv2track.js https://tags.bkrtx.com/js/bk-coretag.js https://s.yimg.com/wi/ytc.js a.tribalfusion.com *.mastercard.com; img-src data: 'self' uip.semasio.net *.visualwebsiteoptimizer.com sp.analytics.yahoo.com www.google-analytics.com www.google.com; connect-src https://s.yimg.com https://tr.snapchat.com https://c.go-mpulse.net https://stats.g.doubleclick.net *.akstat.io 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css https://cdn.rtlcss.com/bootstrap/v4.0.0/css/bootstrap.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css; font-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com; frame-src wvjbscheme: 'self' maps-aws.mcdelivery.co.id mcdelivery.co.id  *.doubleclick.net web.nicepay.co.kr data: blob:; 1
default-src  'self' *.esa.edu.au *.nccd.edu.au;  img-src      'self' *.esa.edu.au *.nccd.edu.au www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com data: https://s.viostream.com https://image.viostream.com https://image.viostream.com ;  script-src   'self' 'unsafe-inline' *.esa.edu.au *.nccd.edu.au https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net ajax.cloudflare.com static.cloudflareinsights.com https://static.hotjar.com https://publish.viostream.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://parsleyjs.org https://script.hotjar.com https://s.viostream.com blob: https://code.jquery.com https://www.gstatic.com ;  style-src    'self' 'unsafe-inline' *.esa.edu.au *.nccd.edu.au https://fonts.googleapis.com https://tagmanager.google.com https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com;  font-src     'self' *.esa.edu.au *.nccd.edu.au data: https://themes.googleusercontent.com https://fonts.gstatic.com https://use.fontawesome.com https://cdnjs.cloudflare.com;  frame-src   'self' *.esa.edu.au *.nccd.edu.au https://bid.g.doubleclick.net https://vars.hotjar.com https://uat-api-se.ttn.edu.au/ https://www.google.com/   ;  connect-src 'self' *.esa.edu.au *.nccd.edu.au https://www.google-analytics.com https://www.google-analytics.com https://cdn2.app.viostream.com https://s.viostream.com https://*.hotjar.com https://*.hotjar.io;  media-src 'self' *.esa.edu.au *.nccd.edu.au data: blob: https://cdn2.app.viostream.com https://*.viostream.com; frame-ancestors 'self' *.esa.edu.au *.nccd.edu.au; 1
frame-ancestors 'none'; report-uri https://prod-plk-csp-service.rbictg.com/csp; report-to csp-endpoint 1
object-src 'self' 'unsafe-inline' 'unsafe-eval' login.prenotazionepasti.it ogs.google.com www.gstatic.com ssl.gstatic.com www.googletagmanager.com www.google-analytics.com 1
frame-ancestors databet.ec sb1client-altenar.biahosted.com 1
default-src https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com; img-src https: data:; connect-src wss://*.tawk.to *.tawk.to *.lobbes.nl *.lobbesspeelgoed.be *.lobbesspielzeug.de *.lobbesjouet.fr *.icecat.biz bat.bing.com www.google-analytics.com stats.g.doubleclick.net squeezely.tech *.trustedshops.com *.trustbadge.com *.clic2buy.com trustbadge.api.etrusted.com *.etrusted.com *.hotjar.com *.hotjar.io wss://*.hotjar.com *.google.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.click2buy.com *.clic2drive.com *.convertexperiments.com *.plausible.io https://googleads.g.doubleclick.net *.cookiebot.com https://cookiebot.com https://plausible.io *.beslist.nl; report-uri https://www.lobbes.nl/CspReport; report-to https://www.lobbes.nl/CspReport; 1
frame-ancestors 'self' app.kontent.ai 1
report-uri https://mclassbrasil.com.br/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.rva.nl *.googletagmanager.com  *.google-analytics.com *.google.com *.gstatic.com *.cookiebot.com; style-src 'self' 'unsafe-inline' data: *.rva.nl; img-src 'self' data: *.rva.nl *.google.com *.google-analytics.com *.gstatic.com *.gravatar.com *.cookiebot.com; connect-src 'self' data: *.google.com *.cookiebot.com; font-src 'self' data: *.rva.nl; media-src 'self' data: *.rva.nl; frame-ancestors 'self'; frame-src 'self' data: *.rva.nl *.youtube.com *.google.com *.issuu.com *.cookiebot.com; base-uri 'self' 1
upgrade-insecure-requests;frame-ancestors 'self' https://editor.sareapps.pl/ https://editor.digiapps.pl/ https://dev-editor.sare25.com/;block-all-mixed-content;default-src 'self' data:;object-src 'none';base-uri 'self' http://n.enewsletter.pl https://n.enewsletter.pl http://n.enewsletter.pl https://n.enewsletter.pl;manifest-src 'self';font-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://cdn.sare25.com;script-src 'self' https://cdn.jsdelivr.net https://cdn.enewsletter.com.pl https://cdn.sareapps.pl https://cdn.digiapps.pl https://cdn.speakhub.live https://public.speakhub.live https://cdnjs.cloudflare.com https://cdn.heapanalytics.com https://polyfill.io https://code.jquery.com https://uicdn.toast.com https://blueimp.github.io https://cdn.sare25.com https://cdn.livechatinc.com https://api.livechatinc.com https://ajax.googleapis.com https://www.google.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com https://uicdn.toast.com https://cdn.sare25.com n.enewsletter.pl;frame-src 'self' dev-editor.sare25.com editor.sareapps.pl editor.digiapps.pl integrations.app-link.me https://secure.livechatinc.com https://www.google.com data:;img-src * data: blob:;worker-src 'self' blob:;media-src * data: blob:;connect-src 'self' *.enewsletter.pl *.sare25.com *.sareapps.pl *.digiapps.pl wss://ws-sare-wire.sareapps.pl wss://ws-sare-wire.digiapps.pl wss://ws.speakhub.live public.speakhub.live cdn.jsdelivr.net cdnjs.cloudflare.com fonts.gstatic.com fonts.googleapis.com;child-src 'self' https://cdn.sare25.com; 1
default-src 'self' https://www.advantageengagement.com *.advantageengagement.com *.helpwhereyouare.com *.googleapis.com https://s3.amazonaws.com https://www.goodrx.com https://nces.ed.gov https://translate.google.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://ton.twimg.com https://www.cdc.gov https://www.lifestyleeap.com https://aetnaplayer.akamaized.net https://data.hrsa.gov https://wcdapps.hhs.gov https://espanol.cdc.gov https://benefits.springhealth.com *.springhealth.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://geolocation.onetrust.com https://hcaptcha.com https://newassets.hcaptcha.com https://cdnjs.cloudflare.com https://js.hcaptcha.com https://cdn.jsdelivr.net https://ucmsapi.workplaceoptions.com https://api.workplaceoptions.com https://www.gstatic.com https://cdn.weglot.com https://cdn-api-weglot.com https://analytics.google.com https://cdn-api.weglot.com https://api.weglot.com; font-src 'self' https://www.advantageengagement.com *.advantageengagement.com *.helpwhereyouare.com *.googleapis.com *.gstatic.com https://s3.amazonaws.com https://www.goodrx.com https://nces.ed.gov https://translate.google.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://ton.twimg.com https://www.cdc.gov https://www.lifestyleeap.com https://aetnaplayer.akamaized.net https://data.hrsa.gov https://wcdapps.hhs.gov https://espanol.cdc.gov https://benefits.springhealth.com *.springhealth.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://geolocation.onetrust.com https://hcaptcha.com https://newassets.hcaptcha.com https://cdnjs.cloudflare.com https://js.hcaptcha.com https://cdn.jsdelivr.net https://ucmsapi.workplaceoptions.com https://api.workplaceoptions.com https://www.gstatic.com https://cdn.weglot.com https://cdn-api-weglot.com https://analytics.google.com https://cdn-api.weglot.com https://api.weglot.com;img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.advantageengagement.com *.advantageengagement.com *.helpwhereyouare.com *.googleapis.com https://s3.amazonaws.com https://www.goodrx.com https://nces.ed.gov https://platform.twitter.com https://translate.google.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://ton.twimg.com https://www.cdc.gov https://www.lifestyleeap.com https://aetnaplayer.akamaized.net https://data.hrsa.gov https://wcdapps.hhs.gov https://espanol.cdc.gov https://benefits.springhealth.com *.springhealth.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://geolocation.onetrust.com https://hcaptcha.com https://newassets.hcaptcha.com https://cdnjs.cloudflare.com https://js.hcaptcha.com https://cdn.jsdelivr.net https://ucmsapi.workplaceoptions.com https://api.workplaceoptions.com https://www.gstatic.com https://cdn.weglot.com https://cdn-api-weglot.com https://analytics.google.com https://cdn-api.weglot.com https://api.weglot.com;style-src 'self' 'unsafe-inline' https://www.advantageengagement.com *.advantageengagement.com *.helpwhereyouare.com *.googleapis.com https://s3.amazonaws.com https://www.goodrx.com https://nces.ed.gov https://translate.google.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://ton.twimg.com https://www.cdc.gov https://www.lifestyleeap.com https://aetnaplayer.akamaized.net https://data.hrsa.gov https://wcdapps.hhs.gov https://espanol.cdc.gov https://benefits.springhealth.com *.springhealth.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.google-analytics.com https://geolocation.onetrust.com https://hcaptcha.com https://newassets.hcaptcha.com https://cdnjs.cloudflare.com https://js.hcaptcha.com https://cdn.jsdelivr.net https://ucmsapi.workplaceoptions.com https://api.workplaceoptions.com https://www.gstatic.com https://cdn.weglot.com https://cdn-api-weglot.com https://analytics.google.com https://cdn-api.weglot.com https://api.weglot.com; 1
default-src 'self'; script-src 'self'; frame-ancestors 'self'; object-src 'self'; base-uri 'self'; require-trusted-types-for 'script'; connect-src 'self'; img-src 'self'; style-src 'self'; font-src 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https http strict-dynamic https://* data: blob: 1
default-src https: 'unsafe-eval' 'unsafe-inline' 'self' data: blob:; 1
frame-ancestors 'self' *.plentymarkets-cloud-13.com 1
default-src 'self' https://fonts.googleapis.com https://wrw0rtj7y4.execute-api.us-east-1.amazonaws.com https://0t8iecjvpf.execute-api.us-east-1.amazonaws.com https://9d7bi292s0.execute-api.us-east-1.amazonaws.com; img-src https://*; child-src 'self' https://a40.usablenet.com/pt/c/cfglife/switch https://www.google.com/recaptcha https://www.gstatic.com/recaptcha; script-src 'self' 'unsafe-inline' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://a40.usablenet.com/ https://cfglife.usablenet.com/; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://www.google.com https://www.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://a40.usablenet.com/pt/c/cfglife/switch https://www.brainshark.com; frame-ancestors 'self' https://www.brainshark.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com https://cfglife.usablenet.com; object-src 'none'; 1
script-src 'self' 'unsafe-inline' storage.googleapis.com ajax.googleapis.com kit.fontawesome.com cdn.jsdelivr.net www.recaptcha.net www.gstatic.com;frame-src 'self' www.recaptcha.net;script-src-attr 'self' 'unsafe-inline';connect-src 'self' ka-f.fontawesome.com;img-src 'self' storage.googleapis.com data: w3.org/svg/2000;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'none'; img-src 'self' *.vimeocdn.com *.youtube.com; font-src 'self' data:; style-src 'self' *.myfonts.net; style-src-elem 'self' 'nonce-qs0FsjkGos5CmZnhdNWZwA=='; connect-src 'self' vimeo.com *.nautadutilh.com; frame-src 'self' *.vimeo.com *.youtube.com *.e-nautadutilh.com; form-action 'self'; script-src 'self' *.vimeo.com; media-src 'self' *.vimeo.com *.vimeocdn.com; script-src-elem 'self' *.vimeo.com *.youtube.com *.nautadutilh.com 'nonce-qs0FsjkGos5CmZnhdNWZwA==' 1
connect-src 'self' http://localhost:3035 http://localhost:5000 http://localhost:8080 http://localhost:9000 ws://localhost:3000 ws://localhost:3035 s3.amazonaws.com wss://citystrides.com wss://ac.citystrides.com citystrides.com ac.citystrides.com analytics.citystrides.com geojson.citystrides.com tiles-a.citystrides.com tiles-b.citystrides.com tiles-c.citystrides.com connect.garmin.com pagead2.googlesyndication.com api.honeybadger.io a.tiles.mapbox.com b.tiles.mapbox.com api.mapbox.com events.mapbox.com www.mapmyfitness.com bam.nr-data.net api.stadiamaps.com www.strava.com api.stripe.com js.stripe.com; default-src 'self' https: blob:; font-src 'self' https: data:; frame-src 'self' https: headway-widget.net js.stripe.com; img-src 'self' https: data: blob: localhost:3000 analytics.citystrides.com pagead2.googlesyndication.com static.mapmyfitness.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: analytics.citystrides.com adservice.google.com partner.googleadservices.com pagead2.googlesyndication.com www.googletagservices.com www.googletagmanager.com api.tiles.mapbox.com js-agent.newrelic.com npmcdn.com bam.nr-data.net js.stripe.com; style-src 'self' blob: https: 'unsafe-inline' api.tiles.mapbox.com 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; 1
frame-ancestors 'self' *.visualforce.com 1
style-src https://*.fmz.com https://*.gstatic.com 'self' 'unsafe-inline'; script-src 'self' https://translate.google.com https://*.googleapis.com https://*.aliyuncs.com https://www.googletagmanager.com https://www.google-analytics.com https://*.fmz.com https://*.datadata.com https://*.tradingview.com blob: 'unsafe-inline' 'unsafe-eval' 127.0.0.1:35720; connect-src 'self' ws: wss: https://*.fmz.com https://*.datadata.com https://*.googleapis.com https://www.google-analytics.com https://*.doubleclick.net; font-src https://*.fmz.com 'self' data:;img-src https://*.doubanio.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.fmz.com 'self' https://*.datadata.com data: http://*.google.com.sg https://*.fmz.com https://www.googletagmanager.com https://www.google-analytics.com https://*.doubleclick.net https://raw.githubusercontent.com http://*.glb.clouddn.com; media-src *; object-src 'self' https://*.fmz.com; 1
default-src 'self';script-src 'self' sdk.privacy-center.org sdk-gcp.privacy-center.org az416426.vo.msecnd.net www.google.com www.gstatic.com kit.fontawesome.com 'sha256-orD0/VhH8hLqrLxKHD/HUEMdwqX6/0ve7c5hspX5VJ8=' 'sha256-RCMl7PJ3K2nMoGZppLZeArO5M70Pbu1k+t6RIHZO7gE=' 'nonce-tEWMylem3A80w9QxijF0wZFBW/uBw3Jwpve+NqfTVhc=' 'unsafe-eval';style-src 'self' https://sdk.privacy-center.org https://kit-free.fontawesome.com 'unsafe-inline';connect-src 'self' https://dc.services.visualstudio.com/v2/track https://api.privacy-center.org/v1/events https://ka-f.fontawesome.com https://*.applicationinsights.azure.com//v2/track;font-src 'self' data: kit-free.fontawesome.com fonts.gstatic.com ka-f.fontawesome.com;img-src 'self' https://caprodevelop.blob.core.windows.net/;media-src 'self' https://caprodevelop.blob.core.windows.net/;object-src 'none';frame-ancestors 'self';frame-src 'self' www.google.com www.prisa.com;base-uri 'self';sandbox allow-forms allow-same-origin allow-scripts allow-modals 1
frame-ancestors 'self' https://*.vancouverconventioncentre.com https://vancouverconventioncentre.com https://visitingmedia.com https://*.visitingmedia.com http://lot185.com http://*.lot185.com; base-uri 'self'; form-action 'self'; object-src 'self'; 1
default-src data: http: https: 'unsafe-inline' 'unsafe-eval' ws: wss: 1
default-src 'none'; frame-ancestors *; img-src assets.gehirn.jp; style-src 'unsafe-inline' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://*.criteo.com https://static.criteo.net https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://*.contentsquare.net; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://www.popinabox.it https://m.popinabox.it https://checkout.popinabox.it https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://ssl.trustpilot.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://remote.captcha.com https://*.criteo.com https://static.criteo.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://*.google-analytics.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.contentsquare.net https://app.contentsquare.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src https:; font-src https: data:; img-src https: data: 'self' about:; script-src 'unsafe-inline' 'unsafe-eval' https: data:; style-src 'unsafe-inline' https:; connect-src https: data: 'self' 1
report-to RMG; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-QQ27ShJdFGEmoFsgl3vv3DXoiZ9boTQpELHL/2olA+fBgsiq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://tongji.baidu.com https://canvachina1647240434.zendesk.com https://*.renderer-cn.cse.canva-dev.com https://storybook.cse.canva-dev.com https://phoenix.canva-staging.cn; 1
frame-src https://*.yellohvillage.es https://*.yellohvillage.co.uk https://*.yellohvillage.de https://*.yellohvillage.it https://*.yellohvillage.fr https://*.yellohvillage.nl https://www.youtube.com https://*.fls.doubleclick.net https://td.doubleclick.net https://www.google.com https://yellohvillage.demdex.net https://*.admin.yellohvillage.fr https://admin.yellohvillage.fr https://*.iadvize.com https://*.criteo.com https://static.criteo.net https://*.facebook.com https://*.omtrdc.net; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://*.addthis.com https://*.fr.datacamping.com https://*.es.datacamping.com https://*.de.datacamping.com  https://*.it.datacamping.com https://*.en.datacamping.com https://*.nl.datacamping.com https://cdn.mouseflow.com https://maps.googleapis.com https://www.gstatic.com https://api.ipify.org https://connect.facebook.net https://*.script.admo.tv https://js-agent.newrelic.com https://*.googletagmanager.com https://sdk.privacy-center.org https://*.clarity.ms https://*.demdex.net https://yellohvillage.d3.sc.omtrdc.net https://www.google.com  https://*.google-analytics.com https://www.facebook.com https://*.criteo.com https://static.criteo.net https://www.youtube.com https://bam.nr-data.net https://stats.g.doubleclick.net https://www.googleadservices.com https://*.iadvize.com https://bat.bing.com https://assets.adobedtm.com https://yellohvillage.admo.tv  https://*.yellohvillage.fr https://*.omtrdc.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: blob: https://*.fr.datacamping.com https://*.es.datacamping.com https://*.de.datacamping.com https://*.it.datacamping.com https://*.en.datacamping.com https://*.nl.datacamping.com https://cdn.mouseflow.com https://maps.googleapis.com https://www.googleadservices.com https://www.gstatic.com https://api.ipify.org https://connect.facebook.net https://static.criteo.net https://*.script.admo.tv  https://js-agent.newrelic.com https://*.googletagmanager.com  https://sdk.privacy-center.org https://*.clarity.ms https://*.demdex.net https://yellohvillage.d3.sc.omtrdc.net https://www.google.com  https://*.google-analytics.com  https://www.facebook.com https://*.criteo.com https://www.youtube.com https://bam.nr-data.net https://stats.g.doubleclick.net https://*.iadvize.com https://bat.bing.com  https://assets.adobedtm.com https://yellohvillage.admo.tv https://*.yellohvillage.fr https://*.omtrdc.net; img-src https: data: 'self' 'unsafe-inline' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; default-src 'self' 'unsafe-inline' data: wss://*.iadvize.com https://googleads.g.doubleclick.net https://www.google.com https://*.googleapis.com https://adservice.google.com/ https://*.datacamping.com/ https://www.photoscamping.com https://*.yellohvillage.fr https://bam.nr-data.net https://yellohvillage.d3.sc.omtrdc.net https://bat.bing.com https://*.admo.tv https://ad.doubleclick.net https://stats.g.doubleclick.net https://*.clarity.ms https://*.iadvize.com https://dpm.demdex.net https://api.privacy-center.org https://www.facebook.com https://*.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://o2.mouseflow.com https://*.criteo.com https://*.omtrdc.net wss://ws.hotjar.com https://content.hotjar.io; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://unpkg.com  https://cdnjs.cloudflare.com  https://cdn.jsdelivr.net https://code.jquery.com http://code.jquery.com   http://maps.googleapis.com  https://www.google-analytics.com https://bam.nr-data.net  https://www.googletagmanager.com https://js-agent.newrelic.com;   object-src 'none'; base-uri 'none'; font-src 'self' https://themes.googleusercontent.com https://fonts.gstatic.com data:; report-uri 'none'; 1
default-src 'self' https: http:; media-src 'self' https: http: 'unsafe-eval' 'unsafe-inline' data: mediastream: blob:; img-src 'self' https: http: data:; font-src 'self' https: data:; script-src 'self' https: http: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; style-src 'self' https: 'unsafe-inline' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-X4w3eNsqmPrXun7qY+f1ckU04OR0TvxLFwX01KEc0rGiKSzv' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-lkn4pUm7Mc/TDCFM6c8jmHVIRHwhgFmfTZMMJB4VvtCzE6b6' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-SpjT/7r6h9IZV077zHGqSxHlGT4FUKnQos121FGIUWd7a/H7' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-X7rI7zjH2VORk2TdDEyz1H6djZ6fMV+iBmBbK/8d918CV9yM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-IkwFhvV66P1x9R4pa2nHfP/N13IbSY+HHJTh+sU3vfDQGlQw' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-0AyeH67ZQpqrZqWkEoM0xhCNKamy/np0gSY2ueJlzuYqc8K5' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://api.rgn.one https://sentry.rgn.one https://stats.rgn.one; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://stats.rgn.one https://sentry.rgn.one; child-src 'self'; worker-src 'self' blob:; style-src 'self' https://api.rgn.one https://fonts.googleapis.com/ 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' https://rgn-public.s3.rennweg.net https://api.rgn.one https://static.rgn.one https://i.ytimg.com data:; report-uri https://sentry.rgn.one/api/3/security/?sentry_key=5229e8807bc34cfc9477d76fa2361aca; frame-ancestors 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-6I3HNviFrOd3J4u7YfWza3sHWPBB9y7OT2KH1hlKzrBSa2oB' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://vive.im; img-src 'self' https: data: blob: https://vive.im; style-src 'self' https://vive.im 'nonce-SAngOJfApNSIkz6ZjQaDpw=='; media-src 'self' https: data: https://vive.im; frame-src 'self' https:; manifest-src 'self' https://vive.im; form-action 'self'; connect-src 'self' data: blob: https://vive.im https://media.vive.im wss://vive.im; script-src 'self' https://vive.im 'wasm-unsafe-eval'; child-src 'self' blob: https://vive.im; worker-src 'self' blob: https://vive.im 1
child-src 'self' blob:; connect-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.perimeterx.net *.purpleportal.net *.px-cdn.net *.px-cloud.net *.pxchk.net *.quantummetric.com *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com a02f69a90dstg.blob.core.windows.net ads01.groovinads.com api.bazaarvoice.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c.sspinc.io c0b535ed7astg.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com cdn.quantummetric.com content.etilize.com content.jwplatform.com directline.botframework.com dw.wmt.co fitpredictor-api.sspinc.io gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ingest.quantummetric.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com secure.adnxs.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tps.doubleverify.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart-app.quantummetric.com walmart-sync.quantummetric.com walmart.sspinc.io wss://api.talkshop.live wss://directline.botframework.com wss://us.server.buywith.com wss://wm-converse-wss.dev.walmart.com wss://www-perf.walmart.com wss://www-stage.walmart.com wss://www-teflon.walmart.com wss://www.walmart.com www.facebook.com www.google.com www.gstatic.com zeekit.walmart.com; default-src 'self' 'unsafe-eval' 'unsafe-inline' *.quantummetric.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; font-src 'self' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.etilize.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com fonts.gstatic.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com www.ezdia.com; frame-ancestors 'self' *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; frame-src 'self' *.1worldsync.com *.accenture.com *.affirm.com *.alldata.cashedge.com *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.countr.one *.digital-cloud.medallia.com *.eko.com *.fiservapps.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.one.app *.onefinance.com *.online-metrix.net *.quantummetric.com *.richcontext.com *.salsify.com *.shopstylecollective.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.vantivcnp.com *.vimeo.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com adclick.g.doubleclick.net app.collectivevoice.com app.collectivevoiceqa.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com content.etilize.com content.jwplatform.com https://www-qa.walmart.com.mx ln-rules.rewardstyle.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwmpdscanoprod.z19.web.core.windows.net one.app.link photorankstatics-a.akamaihd.net pinpad.paysecure.acculynk.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com tpc.googlesyndication.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.google.com www.recaptcha.net; img-src 'self' *.1worldsync.com *.accenture.com *.akamaihd.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.doubleclick.net *.doubleverify.com *.flix360.com *.flix360.io *.geekseller.com *.imrworldwide.com *.kampyle.co *.kampyle.com *.ksckreate.net *.online-metrix.net *.paypal.com *.px-cdn.net *.px-cloud.net *.rackcdn.com *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com 3d-qc.walmartimages.com 3d.walmartimages.com a.sellpoint.net a02f69a90dstg.blob.core.windows.net ad.doubleclick.net ads01.groovinads.com akamai.ksckreate.net aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai azmatch.adsrvr.org beacon.walmart.com blob: c.bing.com c0b535ed7astg.blob.core.windows.net ccsprodus1.blob.core.windows.net cdn-assets.affirm.com cdn.jwplayer.com content.etilize.com content.jwplatform.com content.syndigo.com crtormassetmguseprod.blob.core.windows.net cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net data: dw.wmt.co gum.criteo.com https://www-qa.walmart.com.mx i.liadm.com i6.liadm.com ib.adnxs.com idsync.rlcdn.com ir.surveywall-api.survata.com ls.chatid.com maps.googleapis.com maps.gstatic.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net pixel.adsafeprotected.com player.cloudinary.com rackcdn.com res.cloudinary.com s0.2mdn.net salsify-ecdn.com secure.adnxs.com securepubads.g.doubleclick.net smedia.webcollage.net ssl.p.jwpcdn.com static.adsafeprotected.com stats.g.doubleclick.net sync.mathtag.com t.myvisualiq.net tap.walmart.com tpc.googlesyndication.com us.creativecdn.com videos-cloudfront.jwpsrv.com walmart.ugc.bazaarvoice.com wss://api.talkshop.live www.ezdia.com www.facebook.com www.gstatic.com; media-src *.1worldsync.com *.accenture.com *.akamaized.net *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.ksckreate.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.thestable.com *.vimeo.com *.vimeocdn.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com 1d81e75c4337a6e2e3c2-4a69748413de5fcbd7a7a944817c2356.ssl.cf1.rackcdn.com a.sellpoint.net advertising.staging.walmart.com akamai.ksckreate.net assets-jpcust.jwpsrv.com assets.optiwise.ai blob: ca-media.contentanalyticsinc.com cc.cnetcontent.com cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn-azure.kwikee.com cdn.cnetcontent.com cdn.cs.1worldsync.com cdn.jwplayer.com content.etilize.com content.jwplatform.com content.syndigo.com cyborg-wm-auth-service-v2.jet.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx images.salsify.com ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com vimeo.com ws.cnetcontent.com www.ezdia.com; object-src *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com https://www-qa.walmart.com.mx; script-src 'self' 'strict-dynamic' 'wasm-unsafe-eval' *.1worldsync.com *.accenture.com *.babylist.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.digital-cloud.medallia.com *.flix360.com *.flix360.io *.kampyle.co *.kampyle.com *.ksckreate.net *.px-cloud.net *.richcontext.com *.salsify.com *.syndigo.cloud *.syndigo.com *.talkshop.live *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com *.zeekit.walmart.com aroptical-scan.wal-mart.com assets-jpcust.jwpsrv.com assets.optiwise.ai ccsprodus1.blob.core.windows.net cdn.jwplayer.com cdn.quantummetric.com connect.facebook.net content.etilize.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net https://www-qa.walmart.com.mx ls.chatid.com maps.googleapis.com media.flixcar.com media.flixfacts.com media.sku.ninja mmwm-scan-dev.centralus.cloudapp.azure.com mmwm-scan-prod.centralus.cloudapp.azure.com photorankstatics-a.akamaihd.net rackcdn.com salsify-ecdn.com ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com ws.cnetcontent.com wss://api.talkshop.live www.ezdia.com www.recaptcha.net 'nonce-C_WdbvZG0ThtXBzK'; style-src 'self' 'unsafe-inline' *.1worldsync.com *.accenture.com *.buywith.com *.cloudinary.com *.cnetcontent.com *.flix360.com *.flix360.io *.kampyle.com *.ksckreate.net *.richcontext.com *.salsify.com *.stylitics.com *.syndigo.cloud *.syndigo.com *.thestable.com *.wal.co *.walmart.com:* *.walmart.net *.walmartimages.com *.walmartlabs.com assets-jpcust.jwpsrv.com assets.optiwise.ai cc.cs.1worldsync.com ccsprodus1.blob.core.windows.net cdn.cs.1worldsync.com cdn.jwplayer.com content.etilize.com content.jwplatform.com d3nkfb7815bs43.cloudfront.net d3np41mctoibfu.cloudfront.net fonts.googleapis.com https://www-qa.walmart.com.mx ls.chatid.com media.flixcar.com media.flixfacts.com media.sku.ninja photorankstatics-a.akamaihd.net rackcdn.com rl.quantummetric.com salsify-ecdn.com sizeguide-api.sspinc.io ssl.p.jwpcdn.com videos-cloudfront.jwpsrv.com walmart.sspinc.io ws.cnetcontent.com www.ezdia.com; worker-src 'self' blob:; report-uri https://csp.walmart.com/c/r/gl 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-zYUld8uJ8wn9XJ5Pz8UR4gp+RUhfgVlc+KfRZ/1LwaLOTSrj' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; frame-src 'none'; object-src 'none'; style-src 'self' 'nonce-Dqck2aWNmJZIeaJF685hZWogj3nshxSF'; frame-ancestors 'none'; base-uri 'self' 1
frame-ancestors 'self' *.creativemail.com; 1
font-src 'self' data: fonts.gstatic.com; default-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; block-all-mixed-content; frame-ancestors 'none'; media-src 'none'; font-src 'none'; object-src 'none'; frame-src 'none' 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; connect-src 'self' https:; img-src 'self' 'unsafe-inline' https: data:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; form-action 'self' https:; font-src 'self' https: data:; frame-src 'self' https: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' about: https://*.gstatic.com https://*.googleapis.com; connect-src 'self' https://*.gstatic.com https://*.googleapis.com https://osm.peplink.com https://api.ic.peplink.com ; img-src 'self' blob: data: https://*.gstatic.com https://*.googleapis.com https://*.facebook.com https://*.fbcdn.net https://*.twitter.com https://*.linkedin.com https://*.google.com https://*.googleapis.com https://osm.peplink.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://*.googleapis.com https://fonts.googleapis.com ; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://*.gstatic.com https://*.google.com/ https://*.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://*.sharethis.com https://*.facebook.net https://*.facebook.com https://*.fbcdn.net https://*.googleusercontent.com https://googleusercontent.com https://*.youtube.com/ https://*.gravatar.com https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://*.twitter.com/ https://api.instagram.com https://*.cdninstagram.com https://s.w.org https://ps.w.org/ https://api.myparcel.nl/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://www.google.nl/ https://cdn.datatables.net/ https://wordpress.com https://*.wp.com https://use.fontawesome.com/ https://edgewebpages.com/ https://webchat.missiveapp.com/ http://demo.startup-company.cmsmasters.net/ https://image-proxy.taivas.cloud/ https://www.ipdigital.nl/ 1
default-src 'self' *.local-trust.com; script-src 'self' *.local-trust.com *.matomo.cloud 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com ; script-src-elem 'self' *.local-trust.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com; script-src-attr 'self' *.local-trust.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.google-analytics.com *.matomo.cloud; style-src 'self' *.local-trust.com *.matomo.cloud fonts.googleapis.com 'unsafe-inline'; style-src-elem 'self' *.local-trust.com fonts.googleapis.com 'unsafe-inline'; style-src-attr 'self' *.local-trust.com fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: *.local-trust.com ssl.gstatic.com *.google-analytics.com *.xiti.com; font-src 'self' *.local-trust.com fonts.gstatic.com data:; connect-src 'self' *.local-trust.com http://localhost:11992 *.google-analytics.com; media-src 'self' *.local-trust.com; object-src 'self' *.local-trust.com; child-src 'self' *.local-trust.com; frame-src * blob:; worker-src 'self' *.local-trust.com; form-action 'self' *.local-trust.com; block-all-mixed-content;frame-ancestors 'self' *.local-trust.com www.roncq.fr www.lillemetropole.fr www.loos.fr 1
default-src 'self' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://api.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cmill.de https://www.cmill.de https://prime-psf.2b-advice.com; script-src 'self' 'unsafe-eval' https://limbachgruppe.ftapi.com https://*.laborpublisher.de https://*.app.laborpublisher.staging.lfda.de https://static.newsletter2go.com https://piwik.limbachgruppe.com https://maps.googleapis.com https://cdn1.jameda-elements.de https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net https://prime-psf.2b-advice.com 'unsafe-inline'; img-src * data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://lv.limbachgruppe-test.com https://2badvice-cdn.azureedge.net; frame-ancestors 'self'; frame-src 'self' https://piwik.limbachgruppe.com https://www.youtube-nocookie.com https://youtube.com https://player.vimeo.com https://vimeo.com https://cmill.de https://www.cmill.de https://mtu.adsystemhaus.com https://termin.samedi.de/; font-src 'self' data: https://limbachgruppe.ftapi.com https://fonts.gstatic.com https://lv.limbachgruppe-test.com; 1
default-src 'self'; script-src 'self' blob: deploy.mopinion.com v2.zopim.com static.zdassets.com collect.mopinion.com cdn.cookielaw.org www.googletagmanager.com www.google-analytics.com webchat.eazy.im api.eu-1.smooch.io *.kia.com unpkg.com region1.google-analytics.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.mopinion.com 'unsafe-eval' 'unsafe-inline';img-src 'self' data: temp-kia.s3.eu-central-1.amazonaws.com dashboard.umbraco.com media.kia.nl v2assets.zopim.io cdn.cookielaw.org fonts.gstatic.com v2.zopim.com www.google-analytics.com media.eu-1.smooch.io api.eazy.im *.kia.com europe-west1-kia-nl-data.cloudfunctions.net www.google.nl region1.google-analytics.com 'unsafe-eval' 'unsafe-inline';connect-src 'self' api.tomtom.com https://*.api.tomtom.com blob: deploy.mopinion.com ekr.zdassets.com wss://widget-mediator.zopim.com cacheorcheck.mopinion.com cdn.cookielaw.org www.google-analytics.com survey.mopinion.com webchat.eazy.im ai.eazy.im 631f510108081600f31b6c34.config.eu-1.smooch.io api.eu-1.smooch.io wss://api.eu-1.smooch.io *.kia.com stats.g.doubleclick.net kdp.nl region1.google-analytics.com www.googletagmanager.com 'unsafe-eval' 'unsafe-inline';frame-src 'self' aanvraag.pechhulpnu.nl 'unsafe-eval' 'unsafe-inline';style-src-elem 'self' blob: fonts.mopinion.com www.googletagmanager.com fonts.googleapis.com webchat.eazy.im unpkg.com 'unsafe-eval' 'unsafe-inline';font-src 'self' v2.zopim.com data: gstatic.mopinion.com fonts.gstatic.com webchat.eazy.im *.kia.com 'unsafe-eval' 'unsafe-inline';child-src 'self' blob: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self' ;media-src 'self' ;block-all-mixed-content; 1
default-src 'none'; base-uri 'self'; frame-ancestors 'self'; child-src 'self'; manifest-src 'self'; form-action 'self'; object-src 'none'; connect-src kmu-datacenter.ch *.google-analytics.com googletagmanager.com https: ; font-src 'self'; frame-src 'self' https://www.google.com; script-src 'self' https: 'unsafe-inline' 'nonce-32601728353356612065394303828748131' ; img-src 'self'; style-src 'self' 'unsafe-inline' ; media-src 'self' https: data: ; 1
default-src 'self' https://*.valutrades.biz https://*.valutrades.com https://*.valutrades.cc https://*.valutrades.co.uk https://*.valutrades.hk https://*.valutrades.io https://*.valutrades.sc https://*.valu-trades.com https://*.valu-cn.com https://*.valu-cn.co.uk https://*.content-uk.com https://fonts.gstatic.com https://*.googleusercontent.com https://*.google.com https://*.google.co.id https://*.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.youtube.com https://youtu.be https://bid.g.doubleclick.net stats.g.doubleclick.net *.googlesyndication.com *.google.com https://connect.facebook.net https://www.facebook.com https://*.hubspotusercontent20.net https://track.hubspot.com https://api.hubapi.com https://js.hs-scripts.com https://js.hs-analytics.net https://js.hsadspixel.net https://cdn2.hubspot.net js.hs-analytics.net js.hs-banner.com *.zdassets.com *.zendesk.com static.zdassets.com *.tradingview.com *.tradingcentral.com https://metatraderweb.app https://trade.mql5.com/ *.autochartist.com *.tradays.com https://*.vidyard.com https://cdnjs.cloudflare.com https://flareapp.io https://mapi.rrusdt.com https://*.sentry.io https://*.cloudfront.net https://*.cloudflare.com; base-uri 'none'; child-src 'none'; connect-src *; font-src *; form-action *; frame-ancestors 'self' *; frame-src *; img-src * data: blob:; manifest-src *; media-src 'none'; object-src 'none'; report-to 'default'; script-src * 'unsafe-eval' 'unsafe-inline'; script-src-attr *; style-src 'self' 'unsafe-inline'; style-src-attr 'unsafe-inline'; style-src-elem * 'unsafe-inline'; worker-src *; 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.facebook.com https://facebook.net https://*.facebook.net https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.bg *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com https://*.mrbit.bg; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.biahosted.com https://*.aitcloud.de https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.bg https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.snapchat.com https://snapchat.com https://sc-static.net https://*.facebook.com https://facebook.net https://*.facebook.net https://*.sportdigi.com https://*.sportradar.com https://*.mrbit.com https://*.mrbit.bg *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-8vCoXyMPtRpmMsVHUU5CkFKVFFw/2Ie1bnEzATNf0Lc=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.mrbit.bg *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://mrbit.bg/sentry/api/41/csp-report/?sentry_key=38bd9ad353b94f1a8143ea227d160767 1
frame-src https://*; child-src https://*; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https: wss: blob: data: bluescape:; style-src https: 'unsafe-inline'; script-src https: blob: 'unsafe-eval' 'sha256-0Y1adEUNePbuEuLtxzU6MYxVtEN1xglSjZnKmNEJ4iI=' 'sha256-WPVLNih/jlQasF0INLInY3U2DXglkILtu79xSkEgFVc=' 'sha256-lHgryqiyITfa3GlKd5zc0Wy+Yz/7MTXFKAHsC/7mOy0=' 'sha256-8VWEfV1MHXcCbi/lcOneF2oDbPdYwskZilS/Xih/+zc='; object-src 'self'; img-src https: http: data: blob:;frame-ancestors 'self' *.apps.us.bluescape.com teams.microsoft.com *.teams.microsoft.com *.skype.com *.webex.com *.popsync.io popsync.io; report-uri https://bluescape.report-uri.com/r/d/csp/reportOnly; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://hispagatos.space; img-src 'self' https: data: blob: https://hispagatos.space; style-src 'self' https://hispagatos.space 'nonce-QiT4qUFnbbgk3DwpS5LHaw=='; media-src 'self' https: data: https://hispagatos.space; frame-src 'self' https:; manifest-src 'self' https://hispagatos.space; form-action 'self'; connect-src 'self' data: blob: https://hispagatos.space https://hispagatos.space wss://hispagatos.space; script-src 'self' https://hispagatos.space 'wasm-unsafe-eval'; child-src 'self' blob: https://hispagatos.space; worker-src 'self' blob: https://hispagatos.space 1
frame-src youtube.com www.youtube.com www.youtube.com/ www.youtube-nocookie.com; frame-ancestors none; child-src none; report-uri /report-csp-violation 1
default-src 'self'; frame-ancestors *; connect-src 'self' https://cdn.jsdelivr.net/pyodide/ https://cdn.jsdelivr.net/npm/mathjax@3/ https://dolos.ugent.be/api/reports; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net/npm/@mdi/font@5.x/ https://cdn.jsdelivr.net/npm/mathjax@3/; img-src 'self' data: https:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net/pyodide/ https://cdn.jsdelivr.net/npm/mathjax@3/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/@mdi/font@5.x/ 1
frame-ancestors 'self'; base-uri 'self'; form-action not-configured-host mercatoronline.si threedssvc.pay1.de www.sofort.com gateway.bankart.si bankart.paymentsandbox.cloud profil.mercator.si profil-test.mercator.si 'self' 1
default-src https://player.vimeo.com docs.google.com splash-screen.net https://optimize.google.com https://www.splash-screen.net support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com optimize.google.com stats.g.doubleclick.net cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com ads-twitter.com https://www.clarity.ms www.ratatu.pl https://bat.bing.com calendar.google.com analytics.twitter.com widget.user.com https://api.ehoundplatform.com https://privacyportal-fr.onetrust.com https://vimeo.com googleads.g.doubleclick.net play.google.com developers.google.com qtank.salesmore.pl apis.google.com 'self'; font-src https://leads.sandboxbnpparibas.pl docs.google.com https://themes.googleusercontent.com/ fonts.googleapis.com prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl support.google.com policies.google.com www.ratatu.pl calendar.google.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net https://fonts.gstatic.com play.google.com developers.google.com themes.googleusercontent.com cse.google.com maps.google.com www.google.com apis.google.com https://9274211.fls.doubleclick.net 'self'; style-src docs.google.com support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com https://www.s.ytimg.com privacyportal.onetrust.com https://www.gstatic.com cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://fonts.googleapis.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://tagmanager.google.com https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com www.googleapis.com www.ratatu.pl calendar.google.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net play.google.com developers.google.com https://skk.erecruiter.pl apis.google.com https://www.ytimg.com 'self' 'nonce-wPV2g98WNkYdF3NnfpMtOA=='; img-src docs.google.com https://optimize.google.com https://img.youtube.com https://www.facebook.com https://cdn.cookielaw.org https://pixel.wp.pl policies.google.com https://cm.g.doubleclick.net https://www.ssl.gstatic.com stats.g.doubleclick.net maps.google.com www.google.com www.gstatic.com bcp.crwdcntrl.net https://9274211.fls.doubleclick.net www.google-analytics.com www.0.s-nk.pl https://leads.sandboxbnpparibas.pl fonts.googleapis.com leads.sandboxbnpparibas.pl ajax.googleapis.com https://www.i1.ytimg.com bnp-paribas.user.com ads-twitter.com https://www.clarity.ms www.ratatu.pl https://www.googleapis.com widget.user.com https://ade.googlesyndication.com googleads.g.doubleclick.net developers.google.com https://skk.erecruiter.pl www.s3.cdn03.imgwykop.pl https://www.twitter.com www.s.c.lnkd.licdn.com https://emplocity.com https://googleads4.g.doubleclick.net https://www.googleadservices.com i.ctnsnet.com www.s-passets.pinimg.com support.google.com https://ib.adnxs.com https://dot.wp.pl region1.google-analytics.com https://i.ytimg.com googleapis.com https://googleads.g.doubleclick.net maps.googleapis.com https://www.google-analytics.com/ https://maps.google.com gcm.ctnsnet.com www.googletagmanager.com cse.google.com https://www.emplocity.com https://tbl.tradedoubler.com clients1.google.com https://ad.doubleclick.net prospectleads.bnpparibas.pl https://geolocation.onetrust.com www.linkedin.com region1.analytics.google.com https://s1.2mdn.net https://bat.bing.com calendar.google.com https://www.google.pl analytics.twitter.com https://sp.analytics.yahoo.com https://api.ehoundplatform.com https://maps.gstatic.com www.passets.pinterest.com https://i.vimeocdn.com https://developers.google.com play.google.com apis.google.com www.passets.pinimg.com 'self'; frame-src https://emplocity.com www.wykop.pl https://player.vimeo.com docs.google.com https://www.linkedin.com https://s-static.ak.facebook.com https://www.s-static.ak.facebook.com https://www.facebook.com support.google.com policies.google.com stats.g.doubleclick.net https://platform.linkedin.com cse.google.com maps.google.com www.google.com static.ak.facebook.com https://www.wykop.pl https://www.youtube.com https://9274211.fls.doubleclick.net https://leads.sandboxbnpparibas.pl www.facebook.com prospectleads.bnpparibas.pl leads.sandboxbnpparibas.pl https://bid.g.doubleclick.net bnp-paribas.user.com https://4397256.fls.doubleclick.net www.ratatu.pl https://accounts.google.com calendar.google.com widget.user.com https://api.ehoundplatform.com https://vimeo.com googleads.g.doubleclick.net play.google.com https://web.facebook.com developers.google.com apis.google.com 'self'; script-src https://player.vimeo.com www.widgets.pinterest.com https://optimize.google.com https://app.ehoundplatform.com https://cdn.cookielaw.org https://pixel.wp.pl https://www.ssl.gstatic.com https://platform.linkedin.com https://www.gstatic.com www.google.com https://www.fbstatic-a.akamaihd.net www.assets.pinterest.com https://www.youtube.com https://9274211.fls.doubleclick.net www.google-analytics.com www.0.s-nk.pl https://leads.sandboxbnpparibas.pl https://www.google.com https://cse.google.com fonts.googleapis.com leads.sandboxbnpparibas.pl ajax.googleapis.com bnp-paribas.user.com ads-twitter.com https://partner.googleadservices.com https://www.clarity.ms www.cdn.api.twitter.com www.ratatu.pl https://www.googleapis.com www.platform.linkedin.com www.static.ak.facebook.com widget.user.com https://apis.google.com https://skk.erecruiter.pl https://emplocity.com https://px.wp.pl splash-screen.net https://www.googleadservices.com https://www.s-static.ak.facebook.com https://www.splash-screen.net https://www.oauth.googleusercontent.com https://maps.googleapis.com https://www.s.ytimg.com googleapis.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net maps.googleapis.com privacyportal.onetrust.com https://maps.google.com www.googletagmanager.com https://cdn.jsdelivr.net clients1.google.com https://ad.doubleclick.net https://connect.facebook.net prospectleads.bnpparibas.pl https://tagmanager.google.com https://geolocation.onetrust.com https://leads.sanboxbnpparibas.pl http://platform.linkedin.com https://s.ytimg.com www.linkedin.com https://bat.bing.com https://www.bnpparibas.pl https://www.google.pl analytics.twitter.com https://api.ehoundplatform.com https://maps.gstatic.com https://vimeo.com https://developers.google.com https://prospectleads.bnpparibas.pl player.vimeo.com https://www.google-analytics.com analytics.google.com www.platform.twitter.com https://www.apis.google.com 'self' 'unsafe-eval' 'nonce-wPV2g98WNkYdF3NnfpMtOA==' 'strict-dynamic'; object-src docs.google.com https://stats.g.doubleclick.net support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com stats.g.doubleclick.net cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://www.youtube.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com www.ratatu.pl https://bat.bing.com calendar.google.com widget.user.com https://api.ehoundplatform.com googleads.g.doubleclick.net play.google.com developers.google.com apis.google.com; connect-src https://emplocity.com docs.google.com https://pagead2.googlesyndication.com https://v.clarity.ms https://www.splash-screen.net https://www.facebook.com support.google.com https://cdn.cookielaw.org policies.google.com https://maps.googleapis.com region1.google-analytics.com stats.g.doubleclick.net cf.bnpparibas.pl https://app.userengage.com wss://bnp-paribas.user.com www.googletagmanager.com cse.google.com maps.google.com www.google.com https://9274211.fls.doubleclick.net https://www.youtube.com https://leads.sandboxbnpparibas.pl prospectleads.bnpparibas.pl https://geolocation.onetrust.com leads.sandboxbnpparibas.pl bnp-paribas.user.com ads-twitter.com region1.analytics.google.com www.splash-screen.net https://www.clarity.ms www.ratatu.pl https://bat.bing.com calendar.google.com analytics.twitter.com https://www.google.pl widget.user.com https://y.clarity.ms https://api.ehoundplatform.com https://privacyportal-fr.onetrust.com https://vimeo.com googleads.g.doubleclick.net play.google.com developers.google.com https://www.google-analytics.com analytics.google.com qtank.salesmore.pl apis.google.com https://csp.withgoogle.com 'self'; form-action 'self'; report-to csp-endpoint 1
frame-src 'self' *.google.com *.paypal.com *.braintreegateway.com; child-src unsafe-inline 'self' *.dnc.io *.livechatinc.com *.paypal.com *.google.com *.braintreegateway.com 1
default-src 'self' *.iposo.de iposo.de dc.services.visualstudio.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.vo.msecnd.net dc.services.visualstudio.com; frame-src *.iposo.de iposo.de dc.services.visualstudio.com majorel.softgarden.io *.plm.majorel.de; img-src *.iposo.de iposo.de 'self' data: blob: dc.services.visualstudio.com; font-src *.iposo.de iposo.de 'self' data:; 1
frame-ancestors 'self' https://letschatmci.com.au/ 1
frame-ancestors 'self' https://tm.bestbuy.com https://tracker-cloud.prod.greatcall.com https://inventory-tracking-scan-app-prod.apps.kmtah5fd.centralus.aroapp.io https://coreblue-blue.na.bestbuy.com https://coreblue-green.na.bestbuy.com https://coreblue.na.bestbuy.com https://bby.crm.dynamics.com https://order-pickup.bdc.dc.containers.bestbuy.com https://mfa1.bestbuy.com https://pdw01sucwb01c.na.bestbuy.com:6443 https://pdw01sucwb02c.na.bestbuy.com:6443 https://pdw01sucwb03c.na.bestbuy.com:6443 https://pdw01sucwb04c.na.bestbuy.com:6443 https://pdw01sucwb05c.na.bestbuy.com:6443 https://pdw01sucwb06c.na.bestbuy.com:6443 https://pdw02sucwb01d.na.bestbuy.com:6443 https://pdw02sucwb02d.na.bestbuy.com:6443 https://pdw02sucwb03d.na.bestbuy.com:6443 https://pdw02sucwb04d.na.bestbuy.com:6443 https://pdw02sucwb05d.na.bestbuy.com:6443 https://pdw02sucwb06d.na.bestbuy.com:6443 https://pdw01sucwb01c.na.bestbuy.com:9443 https://pdw01sucwb02c.na.bestbuy.com:9443 https://pdw01sucwb03c.na.bestbuy.com:9443 https://pdw01sucwb04c.na.bestbuy.com:9443 https://pdw01sucwb05c.na.bestbuy.com:9443 https://pdw01sucwb06c.na.bestbuy.com:9443 https://pdw02sucwb01d.na.bestbuy.com:9443 https://pdw02sucwb02d.na.bestbuy.com:9443 https://pdw02sucwb03d.na.bestbuy.com:9443 https://pdw02sucwb04d.na.bestbuy.com:9443 https://pdw02sucwb05d.na.bestbuy.com:9443 https://pdw02sucwb06d.na.bestbuy.com:9443 https://pdw01khuwb01a.na.bestbuy.com:6443 https://pdw01khuwb01b.na.bestbuy.com:6443 https://pdw01khuwb02a.na.bestbuy.com:6443 https://pdw01khuwb02b.na.bestbuy.com:6443 https://pdw02khuwb01d.na.bestbuy.com:6443 https://pdw02khuwb02d.na.bestbuy.com:6443 https://pdw02khuwb03d.na.bestbuy.com:6443 https://pdw02khuwb04d.na.bestbuy.com:6443 https://eappwebv1-bdc.na.bestbuy.com https://eappwebv1-hdc.na.bestbuy.com https://eappwebv1.na.bestbuy.com https://eappwebv2-bdc.na.bestbuy.com https://eappwebv2-hdc.na.bestbuy.com https://eappwebv2.na.bestbuy.com https://eappwebv1-ws-bdc.na.bestbuy.com https://eappwebv1-ws-hdc.na.bestbuy.com https://eappwebv1-ws.na.bestbuy.com https://pos.na.bestbuy.com https://pos-pd.na.bestbuy.com https://poslocal.naretail.na.bestbuy.com https://backroom-mobile.bdc.dc.containers.bestbuy.com https://backroom-desktop.bdc.dc.containers.bestbuy.com https://backroom-cfc-mobile-webapp-int-backroom.bdc.dc.containers.bestbuy.com https://backroom-cfc-desktop-webapp-int-backroom.bdc.dc.containers.bestbuy.com https://pdw01khuwb01a.na.bestbuy.com:9443 https://pdw01khuwb01b.na.bestbuy.com:9443 https://pdw01khuwb02a.na.bestbuy.com:9443 https://pdw01khuwb02b.na.bestbuy.com:9443 https://pdw02khuwb01d.na.bestbuy.com:9443 https://pdw02khuwb02d.na.bestbuy.com:9443 https://pdw02khuwb03d.na.bestbuy.com:9443 https://pdw02khuwb04d.na.bestbuy.com:9443 https://eapplicationvs-hdc.na.bestbuy.com https://eapplicationvs-bdc.na.bestbuy.com https://eapplicationvs.na.bestbuy.com; 1
frame-ancestors 'none'; connect-src 'self' https://google.com/pay  https://api.hkmapservice.gov.hk/ https://www.arcgis.com/ https://api.apitruecaptcha.org/ https://*.iris.gov.hk:8443/rumcollector/rdr; default-src 'self' 'unsafe-inline' https://js.arcgis.com/  https://www.arcgis.com/ https://api.hkmapservice.gov.hk/; script-src 'self' 'unsafe-inline'  'unsafe-eval' 'wasm-unsafe-eval' https://*.google.com/ https://*.gstatic.com/ https://payments.developers.google.com/ https://js.arcgis.com/ https://api.hkmapservice.gov.hk/; style-src 'self' 'unsafe-inline' https://*.google.com/ https://*.gstatic.com/ https://payments.developers.google.com/ https://js.arcgis.com/ https://api.hkmapservice.gov.hk/; frame-src 'self' blob: https://*.google.com/ https://*.gstatic.com/ https://payments.developers.google.com/; img-src 'self' 'unsafe-inline' https://js.arcgis.com/ https://api.hkmapservice.gov.hk/ https://mapapis01.blob.core.windows.net/ data:; object-src 'self' blob: 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';frame-ancestors 'self' 1
frame-ancestors https://treasury.pncbank.com/* https://www.treasury.pncbank.com/* https://my.fnbmt.com/* https://digital-banking.mstreetbank.com/* https://devbank.banno-production.com/* 1
frame-ancestors https://rajaview.id; 1
default-src 'self' https://3xpl.com wss://stream.3xpl.net https://s0.3xpl.net https://*.3xpl.com; script-src 'self' 'nonce-998a779e74eaa396d81a1463b48e15abfe3ba3f9eb7d035bed0cba0202ea6ee8' 'unsafe-eval' https://3xpl.com wss://stream.3xpl.net https://s0.3xpl.net https://*.3xpl.com; style-src 'self' 'unsafe-inline' https://3xpl.com wss://stream.3xpl.net https://s0.3xpl.net https://*.3xpl.com; frame-src 'self'; img-src 'self' data: https://3xpl.com wss://stream.3xpl.net https://s0.3xpl.net https://*.3xpl.com; connect-src 'self' https://3xpl.com wss://stream.3xpl.net https://s0.3xpl.net https://*.3xpl.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-FK8_fKGnpLssk5WQQtJkjQ' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.london; img-src 'self' https: data: blob: https://mastodon.london; style-src 'self' https://mastodon.london 'nonce-dapni1LbYSnqMyBbW/NRjQ=='; media-src 'self' https: data: https://mastodon.london; frame-src 'self' https:; manifest-src 'self' https://mastodon.london; form-action 'self'; child-src 'self' blob: https://mastodon.london; worker-src 'self' blob: https://mastodon.london; connect-src 'self' data: blob: https://mastodon.london https://london.s3proxy.de wss://mastodon.london; script-src 'self' https://mastodon.london 'wasm-unsafe-eval' 1
worker-src * data: https://tiflux.com/ blob:; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' https://crm.tiflux.com/ https://tiflux.com/ https://d335luupugsy2.cloudfront.net/ https://cdn.ampproject.org/ https://www.googleadservices.com https://www.google.com https://snap.licdn.com https://d335luupugsy2.cloudfront.net/ https://*.clarity.ms https://cdnjs.cloudflare.com https://cdn.bitrix24.com.br https://connect.facebook.net https://i.clarity.ms https://px.ads.linkedin.com https://secure.gravatar.com https://snap.lidcdn.com https://tiflux.bitrix24.com.br https://www.clarity.ms https://www.clickcease.com https://www.facebook.com https://www.google-analytics.com https://google.com https://www.googletagmanager.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://crm.tiflux.com/ https://cdnjs.cloudflare.com/ https://fonts.bitrix24.com.br https://fonts.googleapis.com https://tiflux.bitrix24.com.br; font-src 'self' data: https://fonts.bitrix24.com.br https://fonts.gstatic.com ; img-src 'self' data: https://cdn.bitrix24.com.br/ https://tiflux.bitrix24.com.br/ https://www.googletagmanager.com/ https://c.bing.com/ https://c.clarity.ms/ https://d335luupugsy2.cloudfront.net/ https://stats.g.doubleclick.net/ https://wp.stories.google https://storage.googleapis.com https://*.ads.linkedin.com https://secure.gravatar.com https://ct.capterra.com https://p.adsymptotic.com https://www.google.com https://www.google.com.br https://dcnt5qvi2hv76.cloudfront.net https://www.facebook.com https://px.ads.linkedin.com https://www.google-analytics.com; 1
default-src 'self' 'unsafe-inline';script-src *.google-analytics.com 'self' 'unsafe-inline' 'unsafe-eval';connect-src 'self' *.google-analytics.com; 1
base-uri 'self'; default-src 'self'; child-src https://youtube.com https://www.youtube.com https://player.vimeo.com player.vimeo.com https://embed.spotify.com embed.spotify.com; connect-src 'self' https://plausible.spaces.is; font-src 'self' https://encore.scdn.co encore.scdn.co; form-action 'self'; frame-ancestors 'none'; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com player.vimeo.com https://embed.spotify.com embed.spotify.com; img-src 'self' https://ytimg.com https://ggpht.com https://youtube.com https://i.vimeocdn.com i.vimeocdn.com https://i.scdn.co i.scdn.co data:; media-src https://staging.spaces.is staging.spaces.is https://spaces.is spaces.is; object-src 'none'; script-src 'self' https://plausible.spaces.is https://youtube.com https://google.com https://f.vimeocdn.com f.vimeocdn.com https://embed-cdn.spotifycdn.com embed-cdn.spotifycdn.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://f.vimeocdn.com f.vimeocdn.com https://embed-cdn.spotifycdn.com embed-cdn.spotifycdn.com 'unsafe-inline'; worker-src; upgrade-insecure-requests 1
frame-ancestors 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.acbcoop.com https://acbrebaterequest.com *.acbrebaterequest.com www.google-analytics.com www.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://bat.bing.com https://c.bing.com https://ws.zoominfo.com https://*.clarity.ms https://snap.licdn.com https://static-exp1.licdn.com https://content.linkedin.com https://platform.linkedin.com; style-src 'self' 'unsafe-inline' *.acbcoop.com https://acbrebaterequest.com *.acbrebaterequest.com fonts.googleapis.com tagmanager.google.com fonts.googleapis.com *.licdn.com; img-src 'self' data: blob: https://acbrebaterequest.com *.acbrebaterequest.com *.acbcoop.com www.google-analytics.com https://www.googletagmanager.com analytics.google.com ssl.gstatic.com www.gstatic.com https://avatars.githubusercontent.com https://bat.bing.com https://*.clarity.ms https://c.bing.com *.linkedin.com *.licdn.com https://p.adsymptotic.com; font-src 'self' data: fonts.gstatic.com; connect-src 'self' blob: https://acbrebaterequest.com *.acbrebaterequest.com *.acbcoop.com *.google-analytics.com https://api.github.com https://www.githubstatus.com/api/v2/components.json https://*.clarity.ms *.linkedin.com *.licdn.com analytics.google.com cdn.linkedin.oribi.io; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.linkedin.com; media-src 'self' media.licdn.com; 1
upgrade-insecure-requests  ; style-src 'self' 'unsafe-inline' feed.pghub.io pandg.tapad.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com *.cookielaw.org www.google-analytics.com pghub.io feed.pghub.io pandg.tapad.com ; manifest-src 'self' login.windows.net feed.pghub.io pandg.tapad.com ; frame-ancestors 'none' feed.pghub.io pandg.tapad.com ; frame-src 'self' *.pghub.io consumersupport.pg.com pandg.tapad.com ; font-src 'self' feed.pghub.io pandg.tapad.com ; img-src 'self' data: *.ctfassets.net *.tapad.com www.googletagmanager.com www.google-analytics.com *.cookielaw.org feed.pghub.io ; connect-src 'self' *.algolia.net *.algolianet.com *.cookielaw.org *.google-analytics.com feed.pghub.io pandg.tapad.com ; base-uri 'none' feed.pghub.io pandg.tapad.com ; default-src 'none' feed.pghub.io pandg.tapad.com ; 1
default-src https: data: wss: about: blob: dc-photo: dc-illu: dc-v2: fb-messenger: tg: whatsapp: sms: mailto: 'unsafe-eval' 'unsafe-inline'; report-uri https://www.dancenter.de/pubweb/csp-violation 1
base-uri 'self'; default-src 'self'; connect-src https: wss: 'self'; font-src https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.intercomcdn.com; frame-src *; img-src blob: data: https: 'self'; media-src blob: data: https: 'self'; object-src 'none'; script-src https: 'nonce-97624cc4f39e3f8d97bcbde045792d36' 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval'; style-src https: 'self' 'unsafe-inline'; frame-ancestors 'self' beebet.com frontstage.rwbinter.com playpen.digital *.amelcobetting.com *.mahjonglogic.com *.mekong-300.com *.verajohn.com *.wptglobal.com *.yukon-100.com; 1
child-src *.hsforms.com; connect-src 'self' *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.fontawesome.com *.google-analytics.com *.ads.linkedin.com analytics.google.com stats.g.doubleclick.net *.trimedx.com; default-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.hubspotusercontent-na1.net *.fontawesome.com fonts.gstatic.com *.hs-banner.com; frame-ancestors 'self'; frame-src *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com *.trimedx.com *.hsforms.net *.hsforms.com *.doubleclick.net *.rfihub.com *.twitter.com *.google.com *.youtube.com *.vimeo.com; img-src js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent-na1.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net *.hsforms.net *.hsforms.com *.hsappstatic.net *.ads.linkedin.com *.google.com *.trimedx.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hsadspixel.net *.hs-analytics.net js.hscta.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent-na1.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.hscollectedforms.net *.trimedx.com *.hsleadflows.net *.hsforms.nets *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com ajax.googleapis.com cdnjs.cloudflare.com *.fontawesome.com *.googletagmanager.com *.rfihub.net snap.licdn.com googleads.g.doubleclick.net *.google-analytics.com *.google.com *.gstatic.com platform.linkedin.com platform.twitter.com connect.facebook.net; style-src 'self' 'unsafe-inline' *.hubspotusercontent-na1.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hsappstatic.net cdn2.hubspot.net cdnjs.cloudflare.com *.trimedx.com *.googleapis.com;; upgrade-insecure-requests 1
script-src 'strict-dynamic' 'nonce-AUrAbTLN12341' 'unsafe-inline' http: https:;object-src 'self';require-trusted-types-for 'script';base-uri 'https://www.sdi.fi';frame-ancestors 'self';form-action 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://swiss.social; img-src 'self' https: data: blob: https://swiss.social; style-src 'self' https://swiss.social 'nonce-PZvOxEExzN4kRcLwPLJv5w=='; media-src 'self' https: data: https://swiss.social; frame-src 'self' https:; manifest-src 'self' https://swiss.social; form-action 'self'; child-src 'self' blob: https://swiss.social; worker-src 'self' blob: https://swiss.social; connect-src 'self' data: blob: https://swiss.social https://cdn.masto.host wss://swiss.social; script-src 'self' https://swiss.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.arcgis.com *.esri.com 1
frame-ancestors 'self' landmarkglobal.be; 1
default-src 'self' https://assets.onfido.com https://sdk.onfido.com; manifest-src 'self' https://assets.goldavenue.com; connect-src 'self' data: blob: *.onfido.com wss://*.onfido.com https://api.trustpilot.com *.criteo.com *.criteo.net *.api.sanity.io *.apicdn.sanity.io https://www.goldavenue.com https://static.axept.io/ https://client.axept.io/ https://api.axept.io/ https://www.saferpay.com vitals.vercel-insights.com wss://api.goldavenue.com https://maps.googleapis.com https://api.goldavenue.com https://o126614.ingest.sentry.io/api/6599585/envelope/ https://o126614.ingest.sentry.io/api/6599585/security/ https://sentry.io https://*.google-analytics.com https://vc.hotjar.io https://sockjs-us3.pusher.com wss://ws-us3.pusher.com https://*.googlesyndication.com https://bat.bing.com https://*.facebook.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.co.uk https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.g.doubleclick.net https://*.ads.linkedin.com https://metrics.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://*.taboola.com wss://client.relay.crisp.chat wss://stream.relay.crisp.chat https://storage.crisp.chat https://client.crisp.chat https://api-js.mixpanel.com; frame-src *; img-src 'self' data: blob: cdn.sanity.io https://assets.goldavenue.com https://t.co https://analytics.twitter.com https://axeptio.imgix.net maps.gstatic.com https://assets.goldavenue.com https://*.google-analytics.com https://*.facebook.com https://*.googletagmanager.com https://*.taboola.com https://*.analytics.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.co.uk https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.g.doubleclick.net https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.ads.linkedin.com https://bat.bing.com https://image.crisp.chat wss://stream.relay.crisp.chat https://storage.crisp.chat https://client.crisp.chat https://widget.trustpilot.com https://assets.onfido.com/ https://sdk.onfido.com 'nonce-tvpAkvlVUcKKbjYrdeTvkhShYc0ALImQhtzRYNwYBwg='; style-src 'self' https://assets.goldavenue.com 'unsafe-inline' https://assets.onfido.com https://sdk.onfido.com https://www.goldavenue.com https://client.crisp.chat https://googletagmanager.com https://*.facebook.com https://tagmanager.google.com https://fonts.googleapis.com; font-src 'self' https://sdk.onfido.com https://assets.goldavenue.com https://client.crisp.chat https://fonts.googleapis.com https://*.taboola.com data:; worker-src 'self' blob:; media-src blob: https://assets.onfido.com https://sdk.onfido.com; frame-ancestors 'self' https://www.goldavenue.com; object-src 'self' blob: ; script-src 'self' 'unsafe-inline' https://assets.onfido.com https://*.sardine.ai/ https://sentry.io *.criteo.com *.criteo.net https://maps.googleapis.com https://www.gstatic.com https://static.axept.io/ vitals.vercel-insights.com https://platform.twitter.com https://static.ads-twitter.com 'unsafe-eval' https://*.googletagmanager.com https://static.hotjar.com https://*.facebook.net https://*.g.doubleclick.net https://*.facebook.com https://googletagmanager.com https://tagmanager.google.com https://*.taboola.com https://script.hotjar.com https://bat.bing.com https://snap.licdn.com https://www.googleadservices.com https://*.google.com https://assets.goldavenue.com https://widget.trustpilot.com https://client.crisp.chat 1
block-all-mixed-content; default-src 'self' https://*.aiaibot.com; script-src 'unsafe-inline' 'unsafe-eval' https://*.aiaibot.com https://*.ersparniskasse.ch https://*.leihkasse-stammheim.ch https://*.clientis.ch https://*.clientis-newsletter.ch https://assets.adobedtm.com https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com https://www.facebook.com; frame-src 'self'  https://*.aiaibot.com https://*.clientis.ch https://*.ersparniskasse.ch https://*.leihkasse-stammheim.ch https://ersparniskasse.ch https://leihkasse-stammheim.ch https://www.google.com/ https://player.vimeo.com/ https://www.youtube.com/ https://logismata.sp22.ch/ blob:; style-src 'unsafe-inline' https://*.ersparniskasse.ch https://*.leihkasse-stammheim.ch https://*.clientis.ch https://*.clientis-newsletter.ch https://fonts.googleapis.com/css; frame-ancestors 'self' https://*.clientis.ch https://*.ersparniskasse.ch https://*.leihkasse-stammheim.ch; img-src 'self' data: https://*.ersparniskasse.ch https://*.leihkasse-stammheim.ch https://*.clientis.ch https://maps.gstatic.com/mapfiles/ https://*.googleapis.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://*.aiaibot.com https://*.clientis.ch https://*.ersparniskasse.ch https://*.leihkasse-stammheim.ch https://maps.googleapis.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https:; object-src 'self'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; img-src 'self' data: https:; media-src 'self' https://nc.compnetgmbh.de ; child-src 'self' https:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://cdn.linkedin.oribi.io/partner/1401769/domain/cloudiax.com/token https://www.google-analytics.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://maps.googleapis.com data: 1
frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com 1
script-src http: https: 'unsafe-eval' 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.googletagmanager.com *.zendesk.com wss://*.zendesk.com *.zopim.com wss://*.zopim.com *.cfjump.com; style-src 'self' blob: https: 'unsafe-inline' https://prodnew.marcs.com.au/ foursixty.com *.zendesk.com; img-src data: http: https: *.zopim.io *.googletagmanager.com; object-src 'none'; base-uri 'none'; child-src 'self'; connect-src 'self' http: https: *.zendesk.com *.zopim.com wss://widget-mediator.zopim.com; font-src 'self' data: fonts.gstatic.com foursixty.com *.zendesk.com; frame-src assets.braintreegateway.com *.google.com *.googletagmanager.com *.youtube.com *.youtu.be *.vimeo.com foursixty.com *.zendesk.com *.paypal.com; 1
default-src 'self' *.dehst.de 'unsafe-eval'; base-uri 'self' *.dehst.de; style-src 'self' *.dehst.de 'unsafe-inline'; connect-src 'self' *.dehst.de *.itzbund.de; script-src 'self' *.dehst.de 'unsafe-inline' 'unsafe-eval' *.itzbund.de  www.youtube.com *.ytimg.com piwik.itzbund.de; object-src 'self' *.dehst.de multimedia.gsb.bund.de; media-src 'self' *.dehst.de multimedia.gsb.bund.de *.youtube.com; frame-src  *.dehst.de *.youtube.com; img-src 'self' *.dehst.de blob: data: piwik.itzbund.de; frame-ancestors 'self' *.dehst.de; worker-src 'self' *.dehst.de; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline' code.jquery.com https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; media-src * blob:; frame-src *; font-src * data:; connect-src *; report-uri /admin/config/system/seckit/csp-report 1
default-src 'self'; base-uri 'self'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; media-src * blob:; form-action 'self' https://secureacceptance.cybersource.com https://secure.reconpayment.com https://recon.cityline.com makealive.com *.makealive.com; img-src 'self' *.google-analytics.com *.analytics.google.com www.googletagmanager.com static.makealive.com production-ap01-mirror.demandware.net www.facebook.com data: https://prd.jwpltx.com https://stats.g.doubleclick.net; script-src 'self' 'unsafe-inline' https://www.google.com https://www.googletagmanager.com *.google-analytics.com *.makealive.com https://www.gstatic.com https://accounts.google.com https://connect.facebook.net https://appleid.cdn-apple.com https://ssl.p.jwpcdn.com https://prd.jwpltx.com https://www.pagespeed-mod.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://api.fontshare.com *.makealive.com; object-src 'none'; frame-ancestors 'none'; font-src 'self' fonts.gstatic.com cdn.fontshare.com data:; connect-src license-global.pallycon.com *.google-analytics.com *.analytics.google.com makealive.com *.makealive.com https://www.facebook.com https://graph.facebook.com *.cloudfront.net *.salesforce.com *.akamaized.net; upgrade-insecure-requests; 1
default-src 'unsafe-eval' 'unsafe-inline' https://www.bancofie.com.bo https: blob:; style-src 'unsafe-inline' https:; frame-src https://www.bancofie.com.bo https://www.facebook.com https://docs.google.com https://www.google.com https://logo.prismasystems.com.ar https://www.youtube.com; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://www.bancofie.com.bo https://snap.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://docs.google.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://logo.prismasystems.com.ar https://unruffled-shannon-1a7413.netlify.app https://www.youtube.com blob:; img-src 'unsafe-inline' data: https: blob:; worker-src * 'self' blob:; font-src 'self' data: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' calendly.com stripe.com *.google-analytics.com connect.facebook.net recaptcha.net *.googletagmanager.com; script-src-elem 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.clarity.ms *.googleadservices.com connect.facebook.net googleads.g.doubleclick.net snap.licdn.com web-in21.mxradon.com stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' *.cloudfront.net https://images.bimakavach.com https://bimakavach-v2.s3.amazonaws.com *.bimakavach.com/blog px4.ads.linkedin.com *.google.co.in googleads.g.doubleclick.net www.facebook.com *.clarity.ms https://www.bimakavach.com; font-src 'self' https://fonts.gstatic.com data:; media-src 'self'; frame-src 'self' calendly.com bimakavach-policies.s3.ap-south-1.amazonaws.com; connect-src 'self' api.bimakavach.com *.clarity.ms analytics.google.com *.google-analytics.com; 1
script-src 'unsafe-inline' https: 'self' 'nonce-6642b781b719d' 'strict-dynamic'; object-src 'self'; base-uri 'self'; frame-ancestors 'none'; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mouser.com *.google-analytics.com *.google.com *.hubapi.com *.youtube.com *.hubspot.com *.googletagmanager.com *.googleapis.com *.crazyegg.com *.jquery.com https://js.hs-scripts.com https://api.ipify.org https://js.hs-analytics.net https://js.hs-banner.com https://js.hsleadflows.net https://js.hsadspixel.net https://googleads.g.doubleclick.net https://snap.licdn.com https://ajax.googleapis.com https://js.hsforms.net/ https://www.gstatic.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static.addtoany.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://px.ads.linkedin.com https://track.hubspot.com data:; img-src 'self' https://www.google.com https://microstrain.com https://www.google.com.mx https://www.googletagmanager.com https://track.hubspot.com data: https://microstrainstg.prod.acquia-sites.com https://www.microstrain.com *.ads.linkedin.com https://js.hsforms.net https://forms-na1.hsforms.com https://forms.hsforms.com/ https://*.ads.linkedin.com https://www.google-analytics.com https://px.ads.linkedin.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.ca; frame-src https://www.youtube.com https://www.googletagmanager.com https://forms.hsforms.com/ https://www.google.com https://td.doubleclick.net https://www.youtube-nocookie.com https://static.addtoany.com; frame-ancestors self https://www.google.com; font-src *.gstatic.com 'self' https://themes.googleusercontent.com; connect-src 'self' https://www.youtube.com https://ipapi.co https://microstrainstg.prod.acquia-sites.com https://api.mouser.com https://api.hubapi.com https://px.ads.linkedin.com https://forms.hubspot.com https://analytics.google.com https://code.jquery.com  *.google-analytics.com https://stats.g.doubleclick.net https://px.ads.linkedin.com https://maps.googleapis.com https://www.google.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com/ https://google.com https://adservice.google.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'self' matomo-test.open-e.com 'unsafe-eval' 'unsafe-inline' test-matomo-cl.open-e.com www.google.com www.google-analytics.com www.googletagmanager.com *.livechatinc.com www.gstatic.com *.addthis.com m.addthisedge.com www.linkedin.com *.facebook.com connect.facebook.net cdnjs.cloudflare.com maps.google.com maps.googleapis.com v1.addthisedge.com use.edgefonts.net ssl.google-analytics.com *.hotjar.com *.hotjar.io snap.licdn.com www.gartner.com www.recaptcha.net; frame-ancestors 'self' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ctctcdn.com *.cloudflare.com *.gstatic.com maps.googleapis.com ajax.googleapis.com www.google.com *.google-analytics.com *.googletagmanager.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com *.en25.com; style-src 'self' 'unsafe-inline' *.ctctcdn.com *.fontawesome.com fonts.googleapis.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; img-src 'self' *.ctctcdn.com maps.gstatic.com maps.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com; font-src 'self' *.fontawesome.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; connect-src 'self' *.constantcontact.com *.ctctcdn.com accounts.google.com *.google-analytics.com https://*.dec.sitefinity.com *.mktoresp.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ www.google.com apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://astrodon.social; img-src 'self' https: data: blob: https://astrodon.social; style-src 'self' https://astrodon.social 'nonce-dGJxYlcDJmDkFJABZgqX9w=='; media-src 'self' https: data: https://astrodon.social; frame-src 'self' https:; manifest-src 'self' https://astrodon.social; form-action 'self'; child-src 'self' blob: https://astrodon.social; worker-src 'self' blob: https://astrodon.social; connect-src 'self' data: blob: https://astrodon.social https://cdn.masto.host wss://astrodon.social; script-src 'self' https://astrodon.social 'wasm-unsafe-eval' 1
default-src 'none'; img-src 'self'; font-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; form-action 'none'; frame-ancestors 'none'; connect-src https://vrmapi.victronenergy.com/; 1
frame-ancestors 'self' https://manage.hpnonline.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; connect-src * data:; 1
default-src 'self' https: http:; script-src 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https: 'nonce-OTVjSNZnb3ZJnInxkSqbYQ=='; frame-src 'self' https:; frame-ancestors 'self' https:; font-src 'self' https: data: https://fonts.gstatic.com https://fonts.googleapis.com/; img-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline' https://fonts.googleapis.com/; base-uri 'none' 1
frame-ancestors https://listado-ofertas.trabajando.cl https://*.trabajando.cl https://laboral.inacap.cl 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' libeskind.com *.libeskind.com googleads.g.doubleclick.net www.googletagmanager.com www.google-analytics.com ajax.googleapis.com snap.licdn.com www.google-analytics.com www.googleadservices.com connect.facebook.net; frame-src 'self' libeskind.com *.libeskind.com www.facebook.com www.youtube.com player.vimeo.com; object-src 'self' 1
frame-ancestors 'self' *.enagic.mobi *.enagic.com *.enagic.ca *.enagiceu.com *.enagicwebsystem.com 10.0.2.20:3003 localhost 1
frame-ancestors 'self' https://sportfive.com https://sportfive.com.au https://sportfive.sg https://sportfive.kr https://sportfive.jp https://sportfive.cn https://sportfive.hu https://sportfive.pl https://sportfive.nl https://sportfive.de https://sportfive.fr https://sportfive.co.uk https://sportfive.es https://sportfive.us https://sportfive.ch https://*.etracker.com 1
script-src 'self' 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://connect.facebook.net https://*.googletagmanager.com https://static.hotjar.com https://script.hotjar.com; style-src 'self' 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://i.ytimg.com https://imgsct.cookiebot.com https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; frame-src 'self' https://consentcdn.cookiebot.com https://www.youtube.com; font-src 'self' data: https://script.hotjar.com; connect-src 'self' https://consentcdn.cookiebot.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/LabsTailwindMarketing/cspreport/allowlist 1
font-src fonts.gstatic.com fonts.googleapis.com https://pro.fontawesome.com/ https://fonts.gstatic.com/ data:; form-action 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com eguide.s3.amazonaws.com/ stackpath.bootstrapcdn.com unpkg.com cdn.datatables.net cdn.jsdelivr.net www.google.com pro.fontawesome.com www.googletagmanager.com/ https://tagmanager.google.com/; default-src 'self' https://www.google-analytics.com; 'nonce-yEtYlPBpnzVwCgBnFaSqKA=='; connect-src 'self' www.google-analytics.com cke4.ckeditor.com; script-src 'self' eguide.s3.amazonaws.com/ stackpath.bootstrapcdn.com cdn.jsdelivr.net unpkg.com code.jquery.com cdn.amcharts.com 'unsafe-inline' www.google.com platform.twitter.com google-analytics.com abs.twimg.com cse.google.com www.google-analytics.com www.googletagmanager.com/ syndication.twitter.com https://cdn.datatables.net unsafe-evalunsafe-inline https://tagmanager.google.com/; img-src 'self' http://www.w3.org eguide.s3.amazonaws.com/ pbs.twimg.com syndicaton.twitter.com abs-0.twimg.com clients1.google.com www.google.com www.google-analytics.com https://www.google-analytics.com https://ssl.gstatic.com/data:; frame-src platform.twitter.com syndication.twitter.com forms.office.com/ 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.enneagramcoachquiz.com https://www.yecnetwork.com https://www.yourenneagramcoach.com https://www.enneagramwebinar.com https://www.becomingus.com 1
Connect-src 'Self', img-src 'self' data:, frame-ancestors 'self', font-src 'self', media-src 'self', object-src 'self' data:, manifest-src 'self', worker-src 'self', prefetch-src 'self', form-action 'self' 1
connect-src 'self' www.gstatic.com/recaptcha/ www.google.com/recaptcha/ maps.googleapis.com/ www.google-analytics.com/ analytics.google.com/ stats.g.doubleclick.net/ dc.services.visualstudio.com/;      form-action testsecureacceptance.cybersource.com secureacceptance.cybersource.com;      style-src 'self' 'unsafe-inline' fonts.googleapis.com/;     font-src 'self' fonts.gstatic.com/;     img-src 'self' data: www.google-analytics.com/ www.googletagmanager.com/ www.google.com/ www.facebook.com/ maps.gstatic.com/ maps.googleapis.com/ img.youtube.com/ blob: img.youtube.com/ i.ytimg.com/;                           frame-ancestors 'self';               frame-src 'self' www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ www.youtube.com/ td.doubleclick.net/ marathonconsulting.atlassian.net/; 1
frame-ancestors https://r1132100004725-eu1-ifwe.3dexperience.3ds.com https://r1132100257819-eu1-ifwe.3dexperience.3ds.com https://dsext001-eu1-215dsi0708-ifwe.3dexperience.3ds.com https://r1132100381839-eu1-academia-ifwe.3dexperience.3ds.com https://my.3dexperience.3ds.com; base-uri 'self' 1
frame-ancestors loganexpress.com 1
frame-ancestors 'self' http://rutronik.com https://netronik.rutronik.com http://staffbase.com capacitor://netronik.rutronik.com capacitor://staffbase.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-rBNlbj12K5p3WvVUqBbtwe87rLsSrKGCQyWc5/cbvsRpWuhm' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors https://*.posylka.de 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-32a3f6df7ee1478bb8ef2c07f808b75d' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'self' gvh.hu *.gvh.hu 1
upgrade-insecure-requests; frame-ancestors 'self' https://*.schaeffler.com; img-src 'self'  https://maps.googleapis.com https://maps.gstatic.com https://cdn.cookielaw.org https://www.schaeffler.com https://*.schaeffler-cdn.com https://*.linkedin.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.de https://www.googletagmanager.com  https://*.fbcdn.net  https://*.twimg.com/ https://*.ytimg.com https://*.ggpht.com/ https://*.licdn.com https://userlike-cdn-operators.userlike.com https://cdn.socialstudio.radian6.com data: blob:; 1
frame-ancestors 'self' https://www.clevertouchlive.com/ 1
default-src 'none'; script-src 'nonce-4131548174'; img-src 'self'; style-src 'nonce-4131548174'; frame-ancestors 'none'; object-src 'none'; form-action 'self'; base-uri 'self'; require-trusted-types-for 'script'; 1
frame-ancestors 'self'; default-src 'self' *.google-analytics.com *.googleapis.com *.gravatar.com *.gstatic.com *.list-manage.com *.myfonts.net *.nih.gov *.researchallofus.org researchallofus.org *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com cdnjs.cloudflare.com cloud.typography.com data: s3.amazonaws.com wpsitesync.com *.googletagmanager.com *.doubleclick.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.gravatar.com *.gstatic.com *.list-manage.com *.myfonts.net *.nih.gov *.researchallofus.org researchallofus.org *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com cdnjs.cloudflare.com cloud.typography.com data: s3.amazonaws.com wpsitesync.com *.googletagmanager.com *.doubleclick.net; style-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.gravatar.com *.gstatic.com *.list-manage.com *.myfonts.net *.nih.gov *.researchallofus.org researchallofus.org *.youtube.com *.ytimg.com *.zdassets.com *.zendesk.com cdnjs.cloudflare.com cloud.typography.com data: s3.amazonaws.com wpsitesync.com *.googletagmanager.com *.doubleclick.net; 1
default-src 'self' 'unsafe-inline' leadsbridge.com *.earpros.com *.googlesyndication.com www.facebook.com www.youtube-nocookie.com amplifon.demdex.net i.ytimg.com;     connect-src 'self' leadsbridge.com *.earpros.com *.outbrain.com *.googlesyndication.com maps.googleapis.com www.gstatic.com *.showmetheresource.com *.amplifoninternal.com *.trksis.com aem-americas.earpros.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net aem-apac.earpros.com amplifongroup.tt.omtrdc.net www.facebook.com smetrics.earpros.com www.google-analytics.com stats.g.doubleclick.net trc-events.taboola.com amplifon.d3.sc.omtrdc.net www.youtube-nocookie.com r2---sn-8vq54voxpu-hm26.googlevideo.com r2---sn-hpa7kn7s.googlevideo.com dpm.demdex.net aem-emea.earpros.com bat.bing.com trc.taboola.com;     script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' leadsbridge.com *.earpros.com *.outbrain.com *.googlesyndication.com maps.googleapis.com www.gstatic.com *.criteo.net *.criteo.com *.trksis.com *.doubleclick.net showmetheresource.com *.showmetheresource.com *.nextdoor.com *.hotjar.com *.pinterest.it *.postimg.cc *.ibb.co *.teads.tv *.googleadservices.com *.addevent.com *.adform.net *.everesttech.net *.smetrics.amplifon.com *.everestjs.net assets.adobedtm.com smetrics.earpros.com www.google-analytics.com bat.bing.com amplify.outbrain.com connect.facebook.net www.googletagmanager.com www.googleadservices.com cdn.taboola.com trc.taboola.com googleads.g.doubleclick.net www.youtube.com www.youtube-nocookie.com www.google.com tr.outbrain.com amplifon.d3.sc.omtrdc.net;     style-src 'self' 'unsafe-hashes' 'unsafe-inline' *.ub-assets.com fonts.googleapis.com www.youtube-nocookie.com;     img-src 'self' offlinemilano.it leadsbridge.com *.earpros.com *.keyxel.com *.g2afse.com *.googlesyndication.com maps.googleapis.com maps.gstatic.com *.adnxs.com *.bidswitch.net *.omnitagjs.com *.casalemedia.com *.dmxleo.com *.360yield.com *.criteo.com *.media.net *.mediavine.com *.postrelease.com *.outbrain.com *.pubmatic.com *.rubiconproject.com *.sharethrough.com *.smaato.net *.smartadserver.com *.taboola.com *.teads.tv *.3lift.com *.advertising.com *.yahoo.com *.yieldlab.net *.criteo.net *.postimg.cc *.trksis.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com *.googleadservices.com bat.bing.com tr.outbrain.com p1.zemanta.com www.facebook.com cds.taboola.com www.google.com www.google.it i.ibb.co googleads.g.doubleclick.net www.youtube-nocookie.com i.ytimg.com yt3.ggpht.com cm.everesttech.net dpm.demdex.net www.googletagmanager.com www.google-analytics.com trc.taboola.com data:;     frame-src 'self' leadsbridge.com *.earpros.com *.googlesyndication.com *.trksis.com *.doubleclick.net *.showmetheresource.com *.nextdoor.com *.hotjar.com www.youtube-nocookie.com www.google.com amplifon.demdex.net www.facebook.com antevenio-it.com;     font-src 'self' *.ub-assets.com fonts.gstatic.com; 1
default-src 'self' https://go.api.servicetarget.com https://directed.api.servicetarget.com https://cdn.servicetarget.com http://www.google-analytics.com https://analytics.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com https://stats.g.doubleclick.net/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com  http://www.googleadservices.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ http://stage.directed.com http://www.directed.com https://ajax.googleapis.com https://fonts.googleapis.com http://www.google-analytics.com https://analytics.google.com/ https://www.google-analytics.com https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com https://tagmanager.google.com/ https://fonts.googleapis.com/ http://stage.directed.com http://www.directed.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; img-src 'self' 'unsafe-inline' data: https://www.viper.com https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; font-src 'self' 'unsafe-inline' data: https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com http://stage.directed.com http://www.directed.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com; frame-src 'self' 'unsafe-inline' https://cdn.servicetarget.com https://acsbapp.com https://cdn.acsbapp.com https://web1.acsbapp.com https://sdks.shopifycdn.com  https://monorail-edge.shopifysvc.com https://shopvoxx.myshopify.com https://cdn.shopify.com *.doubleclick.net  http://stage.directed.com http://www.directed.com https://fonts.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://analytics.google.com/ https://accounts.google.com/ https://www.youtube.com https://www.google.com https://googleads.g.doubleclick.net https://fonts.gstatic.com https://static.doubleclick.net https://s.youtube.com https://r11---sn-a5m7lnee.googlevideo.com https://www.googleadservices.com https://r14---sn-4g57knez.googlevideo.com https://i.ytimg.com https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://cdn07.icims.com https://careers-deiholdings.icims.com https://player.vimeo.com https://connect.facebook.net http://connect.facebook.net https://apis.google.com http://www.w3.org http://platform.twitter.com https://www.facebook.com https://staticxx.facebook.com http://www.facebook.com http://staticxx.facebook.com https://stats.g.doubleclick.net https://img.youtube.com 1
default-src 'self' https:  'unsafe-inline' data: 'unsafe-eval' wss: blob:; 1
default-src https: 'self'; font-src https: data:; img-src https: data:; script-src https: 'self' data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; report-uri https://dxw.report-uri.com/r/d/csp/enforce; 1
script-src 'self' 'unsafe-inline' www.agrica.loc www.groupagrica.com https://www.google-analytics.com/analytics.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/fr/local.js https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://app.mailjet.com/statics/js/iframeResizer.min.js https://unpkg.com/imask@6.0.5/dist/imask.js https://unpkg.com/@popperjs/core@2.10.2/dist/umd/popper.min.js https://unpkg.com/tippy.js@6.3.2/dist/tippy-bundle.umd.min.js; style-src 'self' 'unsafe-inline' http://svc.webspellchecker.net/spellcheck31/ http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/css/wsc.css http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/themes/all.css stackpath.bootstrapcdn.com use.fontawesome.com cdn.jsdelivr.net https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/prettify.css https://cdn.rawgit.com/google/code-prettify/master/loader/prettify.css; font-src 'self' use.fontawesome.com https://svc.webspellchecker.net/spellcheck31/ https://svc.webspellchecker.net; img-src 'self' data: https://statics.groupagrica.com http://statics.agrica.loc www.agrica.loc www.groupagrica.com http://svc.webspellchecker.net/spellcheck31/ http://img.youtube.com/vi/HR6TarlgwoQ/0.jpg http://img.youtube.com/vi/85Z6PWfXyho/0.jpg http://img.youtube.com/vi/lmor2ctufwM/0.jpg; frame-src 'self' https://www.youtube.com https://agrica-recette.harvest.fr/ https://agrica.harvest.fr https://app.mailjet.com/ https://www.google.com/ https://tracking.wiztopic.com; script-src-elem 'self' 'unsafe-inline' http://svc.webspellchecker.net/spellcheck31/ https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js www.agrica.loc www.groupagrica.com https://www.google-analytics.com/analytics.js  http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/ckscayt.js http://svc.webspellchecker.net/spellcheck31/lf/scayt3/ckscayt/local/fr/local.js https://app.mailjet.com/statics/js/iframeResizer.min.js https://unpkg.com/imask@6.0.5/dist/imask.js https://unpkg.com/@popperjs/core@2.10.2/dist/umd/popper.min.js https://unpkg.com/tippy.js@6.3.2/dist/tippy-bundle.umd.min.js https://www.googletagmanager.com/debug/bootstrap; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-8d4820a0c81abf3925ca679fdd268063'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' yastatic.net ajax.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net https://vk.com www.google.com google.com www.gstatic.com gstatic.com yandex.ru *.yandex.ru *.yandex.net yandex.st; style-src 'self' 'unsafe-inline' yastatic.net www.google.com cdnjs.cloudflare.com www.tinymce.com maxcdn.bootstrapcdn.com *.cloudfront.net *.googleapis.com; font-src 'self' data: www.tinymce.com maxcdn.bootstrapcdn.com *.cloudfront.net *.gstatic.com *.googleapis.com; base-uri top-mmogames.ru; 1
img-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.funcao.com.br *.google.com *.gstatic.com *.googleapis.com *.ggpht.com *.googletagmanager.com *.google-analytics.com *.azurewebsites.net ; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' blob: https://www2.canton.network https://*.brighttalk.com https://*.hsappstatic.net https://unpkg.com https://s3.amazonaws.com/downloads.mailchimp.com https://*.osano.com https://*.lfeeder.com https://*.leadfeeder.com https://*.pardot.com https://*.digitalasset.com https://*.simpleanalyticscdn.com https://cdnjs.cloudflare.com https://redditstatic.s3.amazonaws.com https://recaptcha.net https://*.googlesyndication.com https://*.ampproject.org https://bat.bing.com https://gist.github.com/da-blog/ https://gist.github.com/nemanja-da/ https://gist.github.com/OliviaY2/ https://*.fontawesome.com https://*.ads-twitter.com https://d20519brkbo4nz.cloudfront.net https://*.driftt.com https://*.luckyorange.com https://*.facebook.net https://*.twitter.com https://*.hscta.net https://*.hubspot.com https://*.hubspot.net https://*.googletagmanager.com https://js.hs-scripts.com https://*.hsforms.net  https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hsleadflows.net https://*.jquery.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.linkedin.com https://*.hs-banner.com https://*.licdn.com https://*.googleadservices.com https://*.doubleclick.net https://*.hsadspixel.net https://*.greenhouse.io https://*.jsdelivr.net https://d10lpsik1i8c69.cloudfront.net https://*.gstatic.com https://*.redditstatic.com https://7528304.fs1.hubspotusercontent-na1.net;style-src 'self' 'unsafe-inline' 'report-sample' https://unpkg.com https://cdn-images.mailchimp.com/ https://*.digitalasset.com https://*.jsdelivr.net https://*.googletagmanager.com https://github.githubassets.com/ https://*.googleapis.com https://cdnjs.cloudflare.com https://cdn2.hubspot.net https://*.hsappstatic.net https://d10lpsik1i8c69.cloudfront.net https://*.twitter.com;img-src 'self' data: https:;connect-src 'self' https://*.linkedin.com https://*.hscollectedforms.net https://*.osano.com https://*.oribi.io https://hubspot-forms-static-embed.s3.amazonaws.com https://*.simpleanalyticscdn.com https://*.twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googlesyndication.com https://*.hs-banner.com https://*.bing.com https://pubsub.googleapis.com/v1/projects/lucky-orange/ https://*.fontawesome.com https://pubsub.googleapis.com https://public-auth-dot-lucky-orange.appspot-preview.com/ https://www.facebook.com https://*.google.com https://*.hubspot.com https://cdn.contentful.com https://*.daml.com https://*.google-analytics.com https://*.sitesearch360.com https://*.hubapi.com https://*.hubspot.net https://p.adsymptotic.com https://*.daml.com https://daml.com wss://*.luckyorange.com https://*.luckyorange.com https://*.luckyorange.net wss://*.visitors.live https://*.digitalasset.com https://*.doubleclick.net https://*.ucweb.com;font-src 'self' data: https://*.fontawesome.com https://*.digitalasset.com https://*.gstatic.com https://cdnjs.cloudflare.com https://*.hubspot.net;media-src https://d10lpsik1i8c69.cloudfront.net;frame-src 'self' https://play.hubspotvideo.com https://*.brighttalk.com https://*.canton.network https://streamyard.com/ https://*.digitalasset.com https://*.hubspot.com https://*.googletagmanager.com https://*.googlesyndication.com https://play.instruqt.com https://www.google.com https://*.facebook.com https://digitalasset.zoom.us https://*.driftt.com https://*.hsforms.com https://*.vimeo.com https://*.daml.com https://*.twitter.com https://*.doubleclick.net https://*.jsdelivr.net https://*.greenhouse.io https://fireside.fm https://player.fireside.fm https://*.youtube.com;manifest-src 'self';child-src 'self';worker-src 'self' blob:;object-src 'none';form-action 'self' 'unsafe-inline'  https://*.facebook.com;frame-ancestors 'self' https://*.digitalasset.com;base-uri 'self' https://*.digitalasset.com;report-uri https://report-uri.digitalasset.com/report-uri;upgrade-insecure-requests 1
default-src 'self' https:; font-src 'self' https: data:; img-src 'self' http: https: data:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' wasm-unsafe-eval https://assets.innoq.com https://*.assets.innoq.com https://stats.innoq.com https://cdn.ravenjs.com https://cdn.podigee.com https://cdn.podlove.org https://player.podigee-cdn.net https://code.jquery.com https://cdnjs.cloudflare.com https://plausible.io https://comments.innoq.com https://platform.twitter.com; style-src 'self' https: 'unsafe-inline'; frame-src 'self' https://cdn.podigee.com https://disqus.com https://www.youtube-nocookie.com https://youtube.com https://www.youtube.com https://player.podigee-cdn.net https://platform.twitter.com; frame-ancestors 'self'; connect-src 'self' https://innoq-search-production.herokuapp.com https://comments.innoq.com https://stats.innoq.com https://plausible.io https://api.friendlycaptcha.com; child-src blob: 1
frame-ancestors 'self' *.a-trust.at *.handy-signatur.at a-trust.at handy-signatur.at *.a-trust.de a-trust.de *.a-trust-tse.de a-trust-tse.de; 1
frame-ancestors 'self' https://*.axesor.es https://*.google.es https://*.google.com; 1
frame-ancestors 'self' *.equallevel.com *.amazonaws.com *.sciquest.com *.vinimaya.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net www.tradeserviceonline.com *.roccommerce.net *.onventis.com *.spendbridge.com *.newellrubbermaid.com 1
same-origin 1
script-src 'self' 'unsafe-inline' 'wasm-unsafe-eval' https://js.stripe.com https://cdn.jsdelivr.net; img-src 'self' data: https://www.gravatar.com https://secure.gravatar.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; connect-src 'self'; frame-src https://www.youtube-nocookie.com https://js.stripe.com; object-src 'none' 1
report-uri https://vcti.cloud/report/report-csp.php; upgrade-insecure-requests; default-src 'self' blob:; child-src blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com appsforoffice.microsoft.com script.hotjar.com static.hotjar.com www.googletagmanager.com api.purechat.com prod.purechatcdn.com app.purechat.com cdn.polyfill.io ajax.googleapis.com cdnjs.cloudflare.com www.googleadservices.com tag.structuredweb.com www.google-analytics.com; connect-src 'self' wss: unpkg.com api.purechat.com api-cdn.purechat.com widgetapi.purechat.com tag.structuredweb.com www.google-analytics.com; img-src 'self' 'unsafe-inline' www.dandb.com api.purechat.com data: ts.w.org www.google-analytics.com secure.gravatar.com ps.w.org s.w.org platform.twitter.com www.facebook.com; style-src 'self' static2.sharepointonline.com fonts.googleapis.com 'unsafe-inline'; media-src 'self' app.purechat.com; font-src 'self' data: unpkg.com static2.sharepointonline.com fonts.gstatic.com; frame-src 'self' telemetryservice.firstpartyapps.oaspapps.com vars.hotjar.com youtube.com www.youtube.com wp-themes.com; style-src-elem 'self' 'unsafe-inline' static2.sharepointonline.com fonts.googleapis.com; 1
font-src 'self' fonts.googleapis.com fonts.gstatic.com storage.googleapis.com; object-src 'none' ; script-src 'self' 'unsafe-inline' storage.googleapis.com  bat.bing.com/bat.js bat.bing.com/p/ connect.facebook.net/signals/ https://maps.googleapis.com/  https://connect.facebook.net/en_US/fbevents.js https://tpc.googlesyndication.com  widget.rogervoice.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com;  1
default-src * http: https: *.googlesyndication.com *.planyo.com data: blob:; script-src 'self' data: http: https: *.googlesyndication.com *.list-manage.com *.mailchimp.com *.honlapbirodalom.hu *.twitter.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.googleadservices.com *.getsmartlook.com *.mailchimp.com *.list-manage.com *.planyo.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: *.googlesyndication.com *.mailchimp.com *.list-manage.com *.honlapbirodalom.hu *.gstatic.com *.googleapis.com *.google.com *.cdn.mozilla.net www.facebook.com/plugins/like/connect *.planyo.com 'unsafe-inline' data: blob:; connect-src 'self' *; 1
font-src 'self' data: 1
default-src 'self' data: blob:;script-src externalfb.com *.externalfb.com 'unsafe-inline' 'unsafe-eval' data:;style-src data: blob: 'unsafe-inline' *;connect-src externalfb.com *.externalfb.com *.facebook.com *.fbcdn.net wss://*.facebook.com wss://*.externalfb.com wss://*.externalfb.com:*;font-src data: externalfb.com *.externalfb.com *.facebook.com *.fbcdn.net;img-src data: blob: externalfb.com *.externalfb.com *.facebook.com *.fbcdn.net *;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; 1
default-src *; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-hashes' 'unsafe-inline'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-IQ4+potfOjN5YLTaCxBe1Tb9y/uhEQb95HdrxrB5kPEXFlXh' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-zG8WY5sMBe4iSBEUqUshmqo8IN7RRSEF8w8L69EJ0ZSc/PTN' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' data: blob: https://files.wsender.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://mc.yandex.ru https://widget.cloudpayments.ru; connect-src 'self' data: blob: https://wsender.ru https://files.wsender.ru https://realtime.wsender.ru wss://realtime.wsender.ru https://analytics.google.com https://mc.yandex.ru https://stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self'; img-src https: data: blob:; object-src 'none'; frame-src 'self' https://www.youtube.com https://widget.cloudpayments.ru; upgrade-insecure-requests; 1
frame-ancestors 'self' *.lookbookhq.com *.pathfactory.com *.bizzdesign.com http://bizzDesign.lookbookhq.com https://bizzDesign.lookbookhq.com http://bizzDesign.pathfactory.com https://bizzDesign.pathfactory.com http://resources.bizzDesign.com https://resources.bizzDesign.com bizzdesign-academy.com *.bizzdesign-academy.com; 1
default-src 'self' https://*.conveythis.com https://*.youtube.com https://*.google.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://embed.radio.co https://*.sharethis.com https://*.crwdctrl.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: https://cdn.conveythis.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net; img-src 'self' data: https://*.cloudfront.net https://cdn.conveythis.com https://*.google.com https://*.google-analytics.com https://*.doubleclick.net https://*.sharethis.com; font-src 'self' https://use.typekit.net data:; frame-src 'self' https://*.google.com https://*.youtube.com https://*.sharethis.com https://embed.radio.co; frame-ancestors 'self' 1
default-src 'self' *.misskey-hub.net; style-src 'self' 'unsafe-inline' *.misskey-hub.net *.googleapis.com *.googleapis.cn; font-src 'self' *.misskey-hub.net fonts.gstatic.com fonts.gstatic.cn; script-src 'self' blob: *.misskey-hub.net challenges.cloudflare.com 'unsafe-inline' 'unsafe-eval'; img-src data: blob: https://*; connect-src 'self' https://*; frame-src 'self' *.misskey-hub.net misskey-dev.github.io challenges.cloudflare.com; 1
frame-ancestors 'self' https://www.acg-world.com https://www.recaptcha.net 1
font-src *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com fonts.gstatic.com *.fontawesome.com https://www.google.com https://www.gstatic.com maxcdn.bootstrapcdn.com *.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.twitter.com *.tawk.to *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.google.com *.youtube.com maps.googleapis.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.twitter.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd *.tiktok.com wss://vsa30.tawk.to *.tawk.to *.google.com *.google.com.ua *.google.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.facebook.com maps.googleapis.com lightwidget.com *.maps.gstatic.com checkout.sezzle.com sandbox.checkout.sezzle.com checkout.eu.sezzle.com sandbox.checkout.eu.sezzle.com tracking.sezzle.com tracking.eu.sezzle.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd *.googletagmanager.com cdn.jsdelivr.net *.google.com.ua *.google.co.uk www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com maps.googleapis.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.googleapis.com *.placeholder.com *.maps.gstatic.com media.sezzle.com maps.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com *.calendly.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd *.jsdelivr.net *.tiktok.com wss://vsa30.tawk.to cdn.jsdelivr.net *.google.com.ua *.google.co.uk *.googletagmanager.com *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.facebook.net cdn.lightwidget.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com *.maps.gstatic.com checkout-sdk.sezzle.com sandbox.checkout-sdk.sezzle.com checkout-sdk.eu.sezzle.com sandbox.checkout-sdk.eu.sezzle.com widget.sezzle.com widget.eu.sezzle.com widget.sezzle.in *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com *.calendly.com *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd cdn.jsdelivr.net maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.youtube.com maps.googleapis.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.placeholder.com *.maps.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.quilljs.com *.cdn.quilljs.com *.admin.expivi.net *.expivi.net *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.sandbox.paypal.com *.paypalobjects.com *.demdex.net *.dpm.demdex.net *.google.com *.cdn.hoodsly.com *.hoodsly.com *.va.tawk.to *.tawk.to *.mlcdn.com *.mailerlite.com expivi.net *.cloudfront.net *.vibe.co *.pinterest.com *.pinimg.com *.googleoptimize.com *.bing.com *.doubleclick.com *.doubleclick.net *.google.com.bd wss://vsa30.tawk.to wss://vsa74.tawk.to *.tiktok.com *.googlesyndication.com *.pangle-ads.com wss://*.tawk.to *.google-analytics.com http://dpm.demdex.net https://www.google.com https://www.gstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com google.com *.youtube.com maps.googleapis.com facebook.net *.maps.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://ajax.googleapis.com https://platform.twitter.com https://embed-cdn.gettyimages.com https://static.smartframe.net https://embed.smartframe.net https://cdn.plyr.io https://cdn.jsdelivr.net https://feministcurrent2015.disqus.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://c.disquscdn.com; img-src 'self' https: data:; media-src 'self' https://media.feministcurrent.com; frame-src 'self' https:; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://static.smartframe.net 1
default-src 'none'; worker-src 'self' blob:; img-src * data:; script-src 'unsafe-eval' 'unsafe-inline' 'self' *.hubspot.com cdn.shortpixel.ai *.cookiebot.com  *.youtube.com *.gstatic.com *.mouseflow.com *.redditstatic.com *.google.com *.bing.com  *.doubleclick.net *.hsleadflows.net  *.facebook.com *.facebook.net *.addtoany.com cdnjs.cloudflare.com *.vimeo.com *.hsforms.net *.hs-scripts.com *.hs-analytics.net *.hsadspixel.net *.hs-banner.com *.googletagmanager.com *.google-analytics.com snap.licdn.com *.googleapis.com; style-src 'self' 'unsafe-inline'  *.cookiebot.com *.shortpixel.ai *.addtoany.com *.googleapis.com *.fontawesome.com; font-src 'self' 'unsafe-inline' data: *.gstatic.com *.fontawesome.com; connect-src *.cookiebot.com *.redditstatic.com *.googlesyndication.com *.google.com *.google.ca *.hubspot.com *.bing.com *.facebook.com *.doubleclick.net *.mailchannels.com *.linkedin.oribi.io *.addtoany.com *.googleapis.com hubspot-forms-static-embed.s3.amazonaws.com *.hubapi.com *.linkedin.com *.mouseflow.com analytics.google.com *.google-analytics.com *.hsforms.com; frame-ancestors 'self'; frame-src *.cookiebot.com *.spotify.com *.doubleclick.net *.anchor.fm anchor.fm *.mailchannels.com *.hubspot.com *.google.com *.addtoany.com vimeo.com static.hsappstatic.net forms.hsforms.com *.hsforms.com *.vimeo.com youtube.com *.youtube.com; manifest-src 'self' mailchannels.com 1
frame-ancestors 'none'; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com/ https://prd-shop.bouwcenter.nl https://www.recaptcha.net https://www.gstatic.com https://prd-www.bouwcenter.nl https://prd-api.bouwcenter.nl https://www.bouwcenter.nl https://shop.bouwcenter.nl/ https://api.bouwcenter.nl/ https://api.pay.nl https://www.youtube.com https://youtube.com https://issuu.com/ https://sentry.issuu.com https://e.issuu.com https://jotform.com/ https://form.jotform.com/ https://jotfor.ms/ https://cdn01.jotfor.ms/ https://cdn02.jotfor.ms https://cdn03.jotfor.ms https://consentcdn.cookiebot.com https://consent.cookiebot.com https://www.googletagmanager.com https://westeurope-3.in.applicationinsights.azure.com 1
base-uri *.rivals.com;frame-ancestors  'self' *.rivals-acceptance.com *.rivals.com *.yahoo.com; sandbox allow-downloads allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation allow-modals allow-top-navigation-by-user-activation; report-uri https://csp.rivals-acceptance.com/api/v1/content_security_policy_reports 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ajax.googleapis.com https://www.google.com https://www.youtube.com https://www.wfb-bremen.de https://s.ytimg.com https://i.ytimg.com https://www.hanselife.de https://fpdownload3.macromedia.com https://fonts.googleapis.com https://regis.inecos.de https://wfb.inecos.de  https://client.inecos.de https://code.jquery.com https://creator.hosted-pageflow.com https://storify.com https://creator.hosted-pageflow.com https://www.terra-air.com https://maps.googleapis.com https://www.google-analytics.com https://bremen-innovativ.de https://bis-bremerhaven.de https://www.bis-bremerhaven.de https://bremen.de https://medien.bremen.de https://bab-bremen.de https://www.digitalisierung-bremen.de https://www.ueberseestadt-bremen.de https://wfb-bremen.de https://www.starthaus-bremen.de https://bremen-innovativ.de https://www.bremen-innovativ.de https://cdnjs.cloudflare.com https://maps.gstatic.com https://fonts.gstatic.com https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://www.gstatic.com https://www.youtube-nocookie.com https://track-bremen.de https://matomo.wfb-bremen.de https://vimeo.com https://player.vimeo.com https://api.deepl.com https://tiles.bremn.de https://player.podigee-cdn.net https://cdn.podigee.com https://start.video-stream-hosting.de https://tiles.stadtbremen.info https://bremen.le-an.de https://vr-easy.com https://www.startups-bremen.de ; 1
connect-src 'self' blob: yandexmetrica.com:* ads.adfox.ru ads6.adfox.ru api.youla.io mc.admetrica.ru thequestion.ru wss://comments.yandex.net wss://comments-alpha.yandex.net turbopages.org yandex.st  yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru milab.s3.yandex.net *.k50.ru *.k50dev.ru openkitchen.media auto.ru yango.com ya.ru *.ya.ru dev.introvert.bz *.calltouch.ru *.comagic.ru; default-src 'none'; font-src 'self' data: yastatic.net yandex.ru an.yandex.ru yastat.net *.s3.yandex.net *.yandex.ru *.ya.ru; frame-src 'self' data: yabrowser: yandexadexchange.net *.yandexadexchange.net turbopages.org *.turbopages.org *.yandex.ru   banners.adfox.ru yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru *.video.yandex.ru *.market.yandex.ru www.youtube.com *.vimeo.com embed.megogo.net coub.com awaps.yandex.net meyou.ru broadcast.comdi.com datalens.yandex partner.market.yandex.ru go.yandex yango.com yandexteam-my.sharepoint.com *.bookmate.ru bookmate.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.rs *.yandex.com *.yandex.com.tr *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.rs ya.ru *.ya.ru; form-action https://*; img-src * 'self' blob: data: android-webview-video-poster: *.yandex.net *.s3.yandex.net yastatic.net http://lpc.s3.mds.yandex.net http://yastatic.net mc.admetrica.ru avatars-fast.yandex.net favicon.yandex.net *.verify.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net *.yandex.ru *.ya.ru; media-src * 'self' data: blob: *.video.yandex.ru *.storage.yandex.net *.s3.yandex.net *.cdn.yandex.net yastatic.net *.yandex.net *.strm.yandex.ru yandex.st banners.adfox.ru content.adfox.ru yastat.net yandex.ru *.yandex.ru ya.ru *.ya.ru; script-src 'self' blob: 'nonce-ISBgbWp1GpPjkrRtlFu6nQ==' 'unsafe-inline' 'unsafe-eval' ads.adfox.ru ads6.adfox.ru banners.adfox.ru mc.yandex.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru aflt.market.yandex.ru www.youtube.com *.vimeo.com s.ytimg.com lpc.s3.mdst.yandex.net abt.s3.yandex.net chat.s3.yandex.net *.api-maps.yandex.ru yandex.com *.yandex.com ya.ru *.ya.ru; style-src 'self' 'unsafe-inline' 'unsafe-eval' banners.adfox.ru content.adfox.ru yandex.st yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.s3.yandex.net lpc.s3.mdst.yandex.net *.ya.ru; worker-src blob: yandex.ru *.yandex.ru yastatic.net *.yastatic.net yandex.net *.yandex.net an.yandex.ru yastat.net *.yastat.net  *.yandex-team.ru; report-uri https://csp.yandex.net/csp?from=turbo%3Aphone&reqid=1715651414876920-15237376250355085331-l6re7ufhyytlzopg-BAL&yandexuid=7479911081715651414&yandex_login=&project=turbo https://csp.yandex.net/csp?from=lp-constructor&project=lp-constructor&yandex_login=undefined&yandexuid=undefined; object-src yastatic.net; child-src 'self'; frame-ancestors 'self' webvisor.com http://webvisor.com *.mtproxy.yandex.net www.kinopoisk.ru *.yandex-team.ru n.maps.yandex.ru yandex.ru yandex.com yandex.com.tr yandex.com.am yandex.com.ge yandex.md yandex.by yandex.kz yandex.uz yandex.net yandex.rs *.yandex.ru *.yandex.ru:* *.yandex.com:* *.yandex.com.tr:* *.yandex.com.am *.yandex.com.ge *.yandex.md *.yandex.by *.yandex.kz *.yandex.uz *.yandex.net *.yandex.rs ya.ru *.ya.ru; 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com connect.facebook.net ajax.aspnetcdn.com https://s.ytimg.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://www.facebook.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.googletagmanager.com/gtag/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ *.google.com *.youtube.com *.twitter.com *.google-analytics.com cdn.ampproject.org web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://fonts.bunny.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://static.licdn.com/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/ *.facebook.com *.google-analytics.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://fonts.bunny.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/; object-src https://*.granicus.com https://*.granicusinternalvideo.net https://www.google.com/ https://www.facebook.com https://baldwin-co-al.vod.castus.tv/ https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.youtube-nocookie.com/ https://cloud.castus.tv/ *.baldwincountyal.gov 'self'; connect-src 'self' accounts.google.com *.gstatic.com *.mktoresp.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ https://www.youtube-nocookie.com/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: https://*.granicus.com *.granicusinternalvideo.net http://*.baldwincountyal.gov https://www.youtube.com https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://baldwin-co-al.vod.castus.tv/ https://cloud.castus.tv/ https://cdn.userway.org/widgetapp/images/ https://baldwincountyal.gov/; child-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ badge.stumbleupon.com https://*.granicus.com https://*.granicusinternalvideo.net https://*.baldwincountyal.gov https://baldwin-co-al.vod.castus.tv https://*.userway.org https://*.amazonaws.com/ https://*.brizy.site/ https://*.b-cdn.net/ https://*.weather.gov/ *.twitter.com *.google.com *.facebook.com web-chat.nativechat.com; frame-src https://www.facebook.com/ https://cdn.userway.org/ https://radar.weather.gov https://www.youtube.com/ https://baldwin-co-al.vod.castus.tv/ https://www.youtube-nocookie.com/ 'self' https://www.google.com/ https://cloud.castus.tv/ web-chat.nativechat.com 1
frame-ancestors rextheme.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bonn.social; img-src 'self' https: data: blob: https://bonn.social; style-src 'self' https://bonn.social 'nonce-bIRBnpxvu/Dg8bZtpKRlQw=='; media-src 'self' https: data: https://bonn.social; frame-src 'self' https:; manifest-src 'self' https://bonn.social; form-action 'self'; child-src 'self' blob: https://bonn.social; worker-src 'self' blob: https://bonn.social; connect-src 'self' data: blob: https://bonn.social https://bonn.social wss://bonn.social; script-src 'self' https://bonn.social 'wasm-unsafe-eval' 1
connect-src 'self' registry.tierra.net:8443 wss://registry.tierra.net:8443 *.tierra.net *.zdassets.com *.zendesk.com api.smooch.io wss://*.smooch.io *.sentry.io; default-src 'none'; font-src 'self' static.tierra.net maxcdn.bootstrapcdn.com use.fontawesome.com use.typekit.net; frame-src 'self' www.youtube.com player.vimeo.com static.tierra.net; img-src 'self' *.tierra.net secure.gravatar.com *.wp.com *.amazonaws.com *.zendesk.com *.zdassets.com data:; media-src; object-src *.tierra.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' static.tierra.net ajax.googleapis.com www.googletagmanager.com maxcdn.bootstrapcdn.com use.fontawesome.com *.zdassets.com *.zendesk.com api.smooch.io *.clearhello.com; style-src 'self' 'unsafe-inline' static.tierra.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com use.fontawesome.com *.typekit.net; upgrade-insecure-requests; form-action 'self'; frame-ancestors 'self'; report-uri /special/report/csp; report-to default 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ckeditor.com *.cookielaw.org *.freshchat.com *.freshmarketer.com *.freshworks.com *.google.com *.googleapis.com *.google-analytics.com *.googleadservices.com *.googleoptimize.com *.googletagmanager.com *.gstatic.com *.myfonts.net *.newrelic.com *.nr-data.net *.onetrust.com *.stripe.com *.zdassets.com optanon.blob.core.windows.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com *.layuicdn.com *.51.la *.thundersoft.com *.googletagmanager.com *.baidu.com googleads.g.doubleclick.net *.google.com *.thundercomm.com *.googleapis.com *.bcebos.com *.bdstatic.com thundercomm.s3.ap-northeast-1.amazonaws.com *.google-analytics.com *.jsdelivr.net wss:; img-src 'self' data: *;font-src 'self' 'unsafe-inline' 'unsafe-eval' data: * 1
default-src 'self' *.quantummetric.com 'unsafe-inline' 'unsafe-eval';frame-src * 'unsafe-inline';connect-src * 'unsafe-inline'; font-src * 'unsafe-inline'; object-src 'self'; style-src * 'unsafe-inline';  media-src * 'unsafe-inline'; script-src 'self' *.privy.com cnstrc.com *.cloudfront.net *.wufoo.com *.gstatic.com js.hsforms.net  *.orders.com *.googleapis.com *.navitor.com *.google.com *.yieldify.com *.hs-scripts.com *.visualwebsiteoptimizer.com tag.rmp.rakuten.com *.hscollectedforms.net *.hs-analytics.net *.hs-banner.com *.rd.linksynergy.com *.googleadservices.com *.xg4ken.com *.andersons.com *.paperdirect.com *.rhymeuniversity.com *.alphabetu.com *.itselementary.com *.littlegraduates.com *.paradefloatsuppliesnow.com *.promnite.com *.yimg.com *.pinterest.com *.quantummetric.com *.pinimg.com *.google-analytics.com *.privy.com cnstrc.com *.cloudfront.net  *.googletagmanager.com *.sc.pages03.net *.groupbycloud.com *.pinimg.com *.bing.com *.google-analytics.com *.g.doubleclick.net *.privy.com cnstrc.com *.cloudfront.net   *.powerreviews.com *.pubhtml5.com *.facebook.net *.unbxdapi.com 'unsafe-inline' 'unsafe-eval'; img-src * 'unsafe-inline' data:; worker-src blob:; child-src blob:;  1
frame-ancestors https://voxmedia.stories.usechorus.com 'self' 1
frame-src self * 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-KbDm5jVF2Bw94k9VIsT4+w==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; default-src 'self'; font-src 'self' data: https://*.gstatic.com/; child-src 'self' https://*.youtube.com/ https://*.googleapis.com/ https://*.googletagmanager.com/; frame-src 'self' https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.google.com/ https://*.vimeo.com/ https://*.talkjs.com/; img-src 'self' data: https://*.ytimg.com/ https://*.youtube.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://toegankelijkheidsverklaring.nl/ https://*.texthelp.com/ https://*.browsealoud.com/ https://*.wikimedia.org/ https://*.google-analytics.com/ https://*.ytimg.com/ https://*.pusher.com https://*.amazonaws.com https://*.talkjs.com https://*.obi4wan.com; manifest-src 'self'; media-src 'self' blob: https://*.speechstream.net/ https://*.talkjs.com/; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.youtube.com/ https://*.google-analytics.com/ https://*.browsealoud.com/ https://*.googletagmanager.com/ https://*.speechstream.net https://*.google.com https://*.texthelp.com/ https://*.vrmwb.nl/ https://*.amazonaws.com/ https://*.talkjs.com/ https://*.obi4wan.com/; style-src 'self' 'unsafe-inline' https://*.browsealoud.com/ https://*.talkjs.com/ https://*.obi4wan.com/ https://*.googleapis.com/; connect-src 'self' blob: https://*.obi4wan.ai/ https://*.google-analytics.com/ https://*.doubleclick.net/  https://*.browsealoud.com/ https://*.wikipedia.org/ https://*.texthelp.com/ https://*.speechstream.net https://*.pusher.com https://*.amazonaws.com https://*.obi4wan.com https://*.talkjs.com wss://ws-eu.pusher.com/  wss://app.talkjs.com/; worker-src 'none'; form-action 'self'; 1
default-src 'self' ; script-src 'self' 'unsafe-inline' https://maps.googleapis.com https://hello.myfonts.net https://maps.google.com https://maps.gstatic.com 'unsafe-eval' https://analytics.rubensteintech.com https://www.google-analytics.com https://www.googletagmanager.com https://maps.gstatic.com https://ssl.p.jwpcdn.com https://www.youtube.com https://s.ytimg.com https://player.vimeo.com https://siteimproveanalytics.com/ https://view.ceros.com/ ; style-src 'self' 'unsafe-inline' https://maps.googleapis.com https://hello.myfonts.net https://www.google.com https://cloud.typography.com https://cloud.webtype.com https://fonts.googleapis.com ; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://cdn.plyr.io https://vimeo.com ; font-src 'self' https://hello.myfonts.net https://maps.gstatic.com https://fonts.gstatic.com https://use.typekit.net https://cloud.webtype.com data: ; img-src 'self' https://*.analytics.google.com https://*.google-analytics.com https://analytics.google.com https://google-analytics.com https://www.facebook.com https://maps.googleapis.com https://maps.gstatic.com https://pls.webtype.com https://www.google-analytics.com https://img.youtube.com https://i.vimeocdn.com https://*.global.siteimproveanalytics.io data: ; object-src 'self' ; frame-src 'self' https://sites-benesch.vuturevx.com https://www.youtube.com https://player.vimeo.com https://view.ceros.com/ ; 1
default-src 'self' data: blob:    https://niedersachsen.cloud wss://niedersachsen.cloud https://api.niedersachsen.cloud https://chat.niedersachsen.cloud https://embed.niedersachsen.cloud https://libreoffice.niedersachsen.cloud https://oauth.niedersachsen.cloud https://storage.niedersachsen.cloud https://etherpad.niedersachsen.cloud https://blog.niedersachsen.cloud https://blog.dbildungscloud.de https://docs.dbildungscloud.de https://sc-content-resources.schul-cloud.org https://sc-content-resources.hpi-schul-cloud.de https://open.hpi.de https://s3.hidrive.strato.com https://scalelite.bbb.messenger.schule https://portfolio.niedersachsen.cloud https://www10-fms.hpi.uni-potsdam.de https://blog.dbildungscloud.de https://s3.hidrive.strato.com https://cloud-instances.s3.hidrive.strato.com; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data: ; frame-src 'self' https://libreoffice.niedersachsen.cloud https://docs.dbildungscloud.de https://chat.niedersachsen.cloud; frame-ancestors 'self' https://apps.bettermarks.niedersachsen.cloud; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.co.uk/report-uri/enforce 1
default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://*.dashly.app; script-src 'self' 'unsafe-inline' https://*.yandex.ru https://*.yandex.com https://*.dashly.app https://*.facebook.net https://*.googletagmanager.com https://vk.com https://*.googleadservices.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://*.google.com https://*.roistat.com https://*.gstatic.com https://vk.com https://*.cloudflareinsights.com; connect-src 'self' https://*.yandex.ru https://*.yandex.com https://*.dashly.app https://*.google.com https://*.google.co.uk https://*.google-analytics.com https://stats.g.doubleclick.net wss://*.dashly.app https://*.google.nl https://*.facebook.com https://*.googlesyndication.com https://*.google.ru; img-src 'self' data: https://vk.com https://*.vk.com https://*.google.ru https://*.google.com https://*.google.nl https://*.google.co.uk https://*.facebook.com https://*.dashly.app https://*.yandex.ru https://*.yandex.com https://*.googletagmanager.com; frame-src 'self' https://td.doubleclick.net https://*.facebook.com https://*.google.com https://*.yandex.ru https://vk.com 1
default-src 'self' https://www.google.com https://*.gstatic.com https://*.intervale.ru https://fonts.googleapis.com https://raexpert.ru https://*.yandex.ru https://yandex.ru https://*.yandex.net https://yastatic.net https://yastat.net data: 'unsafe-eval' 'unsafe-inline'; 1
“script-src 'self';� 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-e39b693d4b20c1a6d4292a39cfa8822f'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms ; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.clickcease.com *.cookiebot.eu *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.fontawesome.com *.google-analytics.com *.linkedin.com *.google.com *.google.pl *.googleadservices.com *.googlesyndication.com *.googletagmanager.com *.gstatic.com/recaptcha/ *.hotjar.com *.hotjar.io *.intercom.io *.licdn.com *.onetrust.com *.tawk.to cdn.jsdelivr.net cdnjs.cloudflare.com connect.facebook.net js.intercomcdn.com plausible.io sgtm.smsapi.pl bat.bing.com *.clarity.ms ; connect-src 'self' *.clickcease.com *.cookiebot.eu *.cookielaw.org *.doubleclick.net *.facebook.com *.google-analytics.com *.google.com *.hotjar.com *.hotjar.io *.intercom.io *.tawk.to cdnjs.cloudflare.com connect.facebook.net i.imgur.com js.intercomcdn.com plausible.io uploads.intercomcdn.com uploads.intercomusercontent.com smsapi.pl smsapi.com http://smsapi.pl/* http://*.smsapi.pl/* http://www.smsapi.pl/* wss://www.smsapi.bg wss://www.smsapi.com wss://www.smsapi.pl wss://www.smsapi.ro wss://www.smsapi.se wss://*.hotjar.com wss://*.intercom.io wss://*.tawk.to www.googleadservices.com www.googletagmanager.com www.gstatic.com/recaptcha/ bat.bing.com sgtm.smsapi.pl *.clarity.ms *.oribi.io *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws https://*.googlesyndication.com/ px.ads.linkedin.com/wa/ ; frame-src *.doubleclick.net *.hotjar.com *.hotjar.io *.youtube-nocookie.com *.youtube.com youtube.com consentcdn.cookiebot.eu www.facebook.com www.google.com/recaptcha/ www.googletagmanager.com ; img-src data: blob: 'self' *.cookielaw.org *.doubleclick.net *.erecruiter.pl *.facebook.com *.fbcdn.net *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.hotjar.com *.hotjar.io *.intercom-attachments-5.com *.intercom-attachments-6.com *.intercom-attachments-9.com *.intercomcdn.com *.smsapi.com *.smsapi.pl *.tawk.to *.twimg.com *.youtube.com *.ytimg.com *.zapier.com cdn.jsdelivr.net i.imgur.com messenger-apps.intercom.io *.linkedin.com static.intercomassets.com uploads.intercomusercontent.com www.googletagmanager.com zapier-images.imgix.net *.bing.com *.clarity.ms *.google.ad *.google.ae *.google.al *.google.am *.google.as *.google.at *.google.az *.google.ba *.google.be *.google.bf *.google.bg *.google.bi *.google.bj *.google.bs *.google.bt *.google.by *.google.ca *.google.cat *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.co.ao *.google.co.bw *.google.co.ck *.google.co.cr *.google.co.id *.google.co.il *.google.co.in *.google.co.jp *.google.co.ke *.google.co.kr *.google.co.ls *.google.co.ma *.google.co.mz *.google.co.nz *.google.co.th *.google.co.tz *.google.co.ug *.google.co.uk *.google.co.uz *.google.co.ve *.google.co.vi *.google.co.za *.google.co.zm *.google.co.zw *.google.com *.google.com.af *.google.com.ag *.google.com.ai *.google.com.ar *.google.com.au *.google.com.bd *.google.com.bh *.google.com.bn *.google.com.bo *.google.com.br *.google.com.bz *.google.com.co *.google.com.cu *.google.com.cy *.google.com.do *.google.com.ec *.google.com.eg *.google.com.et *.google.com.fj *.google.com.gh *.google.com.gi *.google.com.gt *.google.com.hk *.google.com.jm *.google.com.kh *.google.com.kw *.google.com.lb *.google.com.ly *.google.com.mm *.google.com.mt *.google.com.mx *.google.com.my *.google.com.na *.google.com.ng *.google.com.ni *.google.com.np *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.py *.google.com.qa *.google.com.sa *.google.com.sb *.google.com.sg *.google.com.sl *.google.com.sv *.google.com.tj *.google.com.tr *.google.com.tw *.google.com.ua *.google.com.uy *.google.com.vc *.google.com.vn *.google.cv *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.dz *.google.ee *.google.es *.google.fi *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.gl *.google.gm *.google.gr *.google.gy *.google.hn *.google.hr *.google.ht *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kg *.google.ki *.google.kz *.google.la *.google.li *.google.lk *.google.lt *.google.lu *.google.lv *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.mn *.google.ms *.google.mu *.google.mv *.google.mw *.google.ne *.google.nl *.google.no *.google.nr *.google.nu *.google.pl *.google.pn *.google.ps *.google.pt *.google.ro *.google.rs *.google.ru *.google.rw *.google.sc *.google.se *.google.sh *.google.si *.google.sk *.google.sm *.google.sn *.google.so *.google.sr *.google.st *.google.td *.google.tg *.google.tl *.google.tm *.google.tn *.google.to *.google.tt *.google.vg *.google.vu *.google.ws img.sct.eu1.usercentrics.eu; style-src 'unsafe-inline' 'self' *.erecruiter.pl *.fontawesome.com *.smsapi.com *.smsapi.pl *.tawk.to fonts.googleapis.com ; font-src 'self' *.fontawesome.com *.hotjar.com *.hotjar.io *.tawk.to cdnjs.cloudflare.com fonts.gstatic.com js.intercomcdn.com fonts.intercomcdn.com ; child-src fast.wistia.net intercom-sheets.com player.vimeo.com share.intercom.io www.intercom-reporting.com www.youtube.com ; form-action 'self' *.facebook.com api-iam.intercom.io app.marketingplatform.com intercom.help ; media-src 'self' *.tawk.to js.intercomcdn.com ; worker-src 'self'; report-to csp-report-endpoint; report-uri /api/next/report-csp; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: https: 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com/js/timeline.16b53cc33aaa562f8f41a495bf720289.js https://platform.twitter.com/widgets.js https://indianembassyusa.gov.in/Javascript/access.js; connect-src 'self' 'unsafe-inline';        img-src data: blob: 'self' 'unsafe-inline'; frame-src 'self'  free.timeanddate.com https://syndication.twitter.com/ https://platform.twitter.com/ https://twitter.com/IndianEmbassyUS www.facebook.com www.google.com/ ; style-src 'self' data: https: 'unsafe-inline';font-src  data: 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com/; 1
frame-ancestors 'self' cmwlab.com metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr *.webvisor.com; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-2rGQ0jPOu/8U5Mog5j+JnA==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' https://lynn-latam-production-br-ch-reg-common-2.azurewebsites.net/ https://lynn-latam-production-br-ch-reg-common.azurewebsites.net/ https://pichincha-pe-portal.s3.amazonaws.com analytics.google.com *.hotjar.com wss://ws40.hotjar.com https://googleads.g.doubleclick.net wss://ws37.hotjar.com https://ws37.hotjar.com consentcdn.cookiebot.com wss://ws31.hotjar.com/ https://ws31.hotjar.com maps.googleapis.com zonasegurapichincha.pe pichincha.pe www.youtube.com www.google.com www.pichincha.pe in.hotjar.com vars.hotjar.com bid.g.doubleclick.net hn.inspectlet.com stats.g.doubleclick.net www.google-analytics.com www.facebook.com connect.facebook.net www.google-analytics.com; script-src 'self' https://lynn-latam-production-br-ch-reg-common-2.azurewebsites.net/ https://lynn-latam-production-br-ch-reg-common.azurewebsites.net/ v.clarity.ms www.clarity.ms https://api.ipify.org https://www.recaptcha.net consent.cookiebot.com consentcdn.cookiebot.com 'unsafe-inline' 'unsafe-eval' www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com maps.googleapis.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com script.hotjar.com static.hotjar.com detectca.easysol.net www.gstatic.com pichincha.pe imagenes.pichincha.pe www.googletagmanager.com www.google.com www.googleadservices.com googleads.g.doubleclick.net cdn.inspectlet.com hn.inspectlet.com www.facebook.com connect.facebook.net www.gstatic.com www.google-analytics.com ads.us.e-planning.net; style-src 'self' 'unsafe-inline' https://lynn-latam-production-br-ch-reg-common-2.azurewebsites.net/ https://lynn-latam-production-br-ch-reg-common.azurewebsites.net/ optimize.google.com fonts.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com maxcdn.bootstrapcdn.com; img-src 'self' https://www.google.com.ec https://www.google.com https://maps.gstatic.com/ optimize.google.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com googleads.g.doubleclick.net detectca.easysol.net www.google-analytics.com www.financiero.pe www.facebook.com www.google.com.pe www.google.com ads.us.e-planning.net www.pichincha.pe cdn.jsdelivr.net www.googletagmanager.com ofertasfinanciero.pe data:; font-src 'self' https://lynn-latam-production-br-ch-reg-common-2.azurewebsites.net/ https://lynn-latam-production-br-ch-reg-common.azurewebsites.net/ fonts.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com; form-action 'self' www.facebook.com; base-uri 'self'; frame-src optimize.google.com www.google.com www.pichincha.pe https://www.youtube.com/ https://www.facebook.com/ https://consentcdn.cookiebot.com/ https://bid.g.doubleclick.net/ https://vars.hotjar.com/ https://www.recaptcha.net/; 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; worker-src 'self' blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' cloud.ccm19.de www.googletagmanager.com www.youtube.com *.google-analytics.com; style-src 'self' data: 'unsafe-inline' 'report-sample' cloud.ccm19.de cloud.typography.com www.coperion.com; img-src 'self' data: https://cloud.ccm19.de https://i.ytimg.com; font-src 'self' data:; connect-src 'self' cloud.ccm19.de *.google-analytics.com; media-src 'self'; object-src 'none'; frame-src 'self' https://www.youtube.com https://v.qq.com; worker-src 'none'; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; 1
unsafe-inline; frame-ancestors 'self'; object-src 'self' 1
frame-ancestors 'self' https://myconferencetime.com https://www.myconferencetime.com; 1
default-src 'self' https://* http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; worker-src 'self' https://* blob:; connect-src 'self' https://* http://* wss:; font-src 'self' data:;frame-ancestors https://sea-emt-dev-api.ap.manulife.com https://sea-emm-sit-api.ap.manulife.com https://emm-uat-api.ap.manulife.com https://emm-prd-api.ap.manulife.com https://online-uat.manulife.com.my https://online.manulife.com.my 1
default-src https: data: wss: 'unsafe-inline' 'unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.browsealoud.com https://www.googletagmanager.com https://privacyportal-eu-cdn.onetrust.com https://cdn.cookielaw.org https://player.vimeo.com https://*.googleapis.com https://*.google.com; object-src 'self' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://masto.donte.com.br; img-src 'self' https: data: blob: https://masto.donte.com.br; style-src 'self' https://masto.donte.com.br 'nonce-TDvs0qoChOqO0Kp0UM0RDA=='; media-src 'self' https: data: https://masto.donte.com.br; frame-src 'self' https:; manifest-src 'self' https://masto.donte.com.br; form-action 'self'; connect-src 'self' data: blob: https://masto.donte.com.br https://images.masto.donte.com.br wss://masto.donte.com.br; script-src 'self' https://masto.donte.com.br 'wasm-unsafe-eval'; child-src 'self' blob: https://masto.donte.com.br; worker-src 'self' blob: https://masto.donte.com.br 1
frame-ancestors 'self' https://www.mscbook.com https://virtual-tours.msccruises.com; 1
default-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org faro01.atlassian.net; frame-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org faro01.atlassian.net login.eu.farosphere.com mailto: tel:; script-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org app.box.com www.dropbox.com apis.google.com *.statcounter.com *.pingdom.net faro01.atlassian.net 'unsafe-inline'; style-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org 'unsafe-inline'; img-src * data:; connect-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org *.statcounter.com *.pingdom.net login.eu.farosphere.com dh-pr-entitydata.s3.amazonaws.com dh-pr-entitydata.s3-eu-west-1.amazonaws.com dh-pr-entitydata.s3.eu-west-1.amazonaws.com; font-src 'self' s.websharecloud.com *.cloudfront.net *.cdn.pr.websharecloud.org data:; frame-ancestors 'self' www.farosphere.com insight.b360.autodesk.com insight.b360.eu.autodesk.com acc.autodesk.com acc.autodesk.eu e-volvestudios.com www.newtonmicro.com www.danmeierwaldorf.com www.danmeierarchitects.com 3dscan.lasco.com m3dsurveys.com vmlive.net mods.solutions *.mods.solutions r1132101108901-us1-ifwe.3dexperience.3ds.com 3dexperience.3ds.com re360am-3d.cu.rzvivavis.com www.yamaichi-techno.jp petrofacva.vmlive.net virtualasset.vmlive.net aim.dynamicmaps.co.uk www.scanstudios.tech evogenesys.com innovhomes.com primaveracloud-sales-us.oraclecloud.com us02.procore.com dev.pim-ltd.com www.mbplan.ch www.digital-twins-data.co.uk www.meniervenues.com www.leesassociates.com www.uigmbh.de www.crt.state.la.us forteandtablada.com www.qualiomeco.fr www.elbo-engineering.com *.bim.cloud *.hdc.cloud *.hyperhouse.se tdla.notion.site jer.studio ib24.pl us.opencitiesplanner.bentley.com www.artmastersarchive.com www-artmastersarchive-com.filesusr.com jeremiah-thies.squarespace.com *.vertikaliti.com tdla.pro *.tdla.pro ib24.ie 3dlasersurveying.ie virtualplant.com.br www.strategic-cad.com landsec.resolutionlive.uk voyansidemo.resolutionlive.uk www.3dx3.nl *.loupe360.arup.com dhaelt4p91lnz.cloudfront.net; report-uri /core/csp/blocked; 1
default-src 'self' *.wirth-horn.de 'unsafe-inline' 'unsafe-eval' data: https://www.google-analytics.com https://tagmanager.google.com www.googletagmanager.com www.google.com www.gstatic.com https://salesviewer.org; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com https://fonts.googleapis.com; 1
default-src 'none'; media-src 'self'; object-src 'self'; connect-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com; img-src 'self' data: https://*.google-analytics.com; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-ancestors 'self'; frame-src 'self' https://*.youtube-nocookie.com https://*.youtube.com https://vimeo.com https://*.vimeo.com; upgrade-insecure-requests; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-buavita.com https://shop-id-buavita.com/; 1
default-src 'self' *.nrw.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net; style-src 'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net; font-src data: *; img-src  data: *; frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com; worker-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de; frame-src 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de; object-src 'self'; connect-src 'self' *.nrw.de svc.webspellchecker.net; media-src *; upgrade-insecure-requests 1
frame-ancestors https://*.cleverwebserver.com https://*.clevernt.com; worker-src 'self' blob: 1
default-src 'self' https://maps.google.com https://www.google-analytics.com *.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io *.intercomcdn.com *.s3.amazonaws.com/campayn; connect-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com https://www.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://js.intercomcdn.com/ https://www.google.com https://maps.googleapis.com  https://s3.ca-central-1.amazonaws.com https://widget.intercom.io/widget/uwbbdh5l https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://campayn.s3.amazonaws.com/ http://s3.amazonaws.com/s3_campayn.com/ http://s3.amazonaws.com/campayn/ https://s3.amazonaws.com/campayn/ s3.amazonaws.com/campaynnet/ *.staticflickr.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ http://s3.amazonaws.com/s3_campayn-dev.com/ https://s3.amazonaws.com/s3_campayn.com/ data: *.intercomcdn.com *.campayn.test campayn.test *.campayn.com campayn.com alek.campayn.com *.campayn.net campayn.net https://www.gravatar.com/ http://i1.wp.com https://i1.wp.com https://static.intercomassets.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gravatar.com https://fonts.gstatic.com https://assets.zendesk.com; font-src 'self' https://js.intercomcdn.com/fonts/ https://themes.googleusercontent.com https://fonts.gstatic.com; frame-src 'self' https://js.stripe.com https://www.google.com/recaptcha/ https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://secure.rightsignature.com/ https://widget.intercom.io; object-src 'self'; media-src 'self' https://s3.amazonaws.com 1
default-src 'self'; img-src 'self' data: matomo.sobaco-incore.com maps.google.com maps.gstatic.com app.usercentrics.eu www.google.de www.google.com www.google-analytics.com px.ads.linkedin.com www.linkedin.com uc.e-recht24.de; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: app.usercentrics.eu api.usercentrics.eu aggregator.service.usercentrics.eu maps.google.com maps.googleapis.com fonts.googleapis.com fonts.gstatic.com maps.gstatic.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net snap.licdn.com px.ads.linkedin.com matomo.sobaco-incore.com ; style-src 'self' 'unsafe-inline' matomo.sobaco-incore.com fonts.googleapis.com; connect-src 'self' data: matomo.sobaco-incore.com api.usercentrics.eu maps.googleapis.com aggregator.service.usercentrics.eu www.google-analytics.com; frame-src 'self' www.google.com www.youtube-nocookie.com www.sobaco-incore.com www.incorebank.ch www.sobaco-betax.com www.sobaco.ch matomo.sobaco-incore.com; 1
default-src 'self' data: *.sheridanwest.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.sheridanwest.com; style-src 'self' 'unsafe-inline' *.sheridanwest.com; img-src 'self' data: *.sheridanwest.com; default-src 'self' data: *.sheridanwest.com; script-src 'self' https://www.sheridanwest.com 'sha256-ohYc4GFINeOsxbsxK61IrMVnHi0TWkdyAsFLBuDXLfw=' data: 'unsafe-inline' 'unsafe-eval' *.sheridanwest.com; style-src 'self' 'unsafe-inline' *.sheridanwest.com; img-src 'self' data: '*.sheridanwest.com'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.segment.com *.intercom.io *.intercomcdn.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googlesyndication.com *.doubleclick.net *.vimeo.com *.stripe.com; font-src 'self' http://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; form-action https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io; connect-src 'self' *.wiremock.cloud login.wiremock.cloud *.browser-intake-datadoghq.com wss://*.intercom.io *.segment.com *.segment.io *.google-analytics.com *.googlesyndication.com *.google.com https://via.intercom.io https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com *.unleash-hosted.com https://api.wiremock.cloud; child-src https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; img-src 'self' data: blob: *; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.google-analytics.com; frame-src https://www.youtube.com *.vimeo.com *.doubleclick.net *.googlesyndication.com *.stripe.com; worker-src 'self' blob:; media-src https://js.intercomcdn.com; 1
frame-ancestors 'self' *.elementbiosciences.com 1
frame-ancestors 'self' https://www.farbdenker.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.cloudflare.com in.hotjar.com script.hotjar.com static.hotjar.com vars.hotjar.com www.google-analytics.com www.googletagmanager.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com bat.bing.com code.jquery.com app.responseiq.com maps.googleapis.com wstatic.responseiq.com www.gstatic.com www.google.co.uk www.googleadservices.com googleads.g.doubleclick.net www.google.com a19.responseiq.com fonts.googleapis.com fonts.gstatic.com jqueryjs.googlecode.com maps.gstatic.com ssl.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' bat.bing.com cdn.inspectlet.com connect.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com ajax.googleapis.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com t.trackedlink.net www.google.co.uk www.googleadservices.com jqueryjs.googlecode.com ssl.google-analytics.com www.google.com www.google.es www.google.co.in seal.verisign.com www.google.co.ma www.google.ro www.google.it www.google.be www.google.ie www.awin1.com maps.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com app.responseiq.com code.jquery.com maxcdn.bootstrapcdn.com wstatic.responseiq.com cdn.rlets.com www.dwin1.com maps.google.com cdn.oribi.io tagmanager.google.com fonts.googleapis.com tagcdn.gi-solutionsgroup.com services.postcodeanywhere.co.uk collector-11715.tvsquared.com https://invitejs.trustpilot.com/tp.min.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://ecommplugins-trustboxpreview.trustpilot.com/v1.0/trustboxpreview.min.js?ver=1.0 https://ecommplugins-scripts.trustpilot.com/v2.1/js/preview.min.js static.cloudflareinsights.com cdn.hu-manity.co tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com eu.srv.stackadapt.com qvdt3feo.com; script-src-elem 'self' 'unsafe-inline' tags.srv.stackadapt.com srv.stackadapt.com east.srv.stackadapt.com uw.srv.stackadapt.com qvdt3feo.com eu.srv.stackadapt.com fonts.googleapis.com bat.bing.com cdn.inspectlet.com connect.facebook.net www.google-analytics.com www.googletagmanager.com www.gstatic.com ajax.googleapis.com googleads.g.doubleclick.net script.hotjar.com static.hotjar.com t.trackedlink.net www.google.co.uk www.googleadservices.com jqueryjs.googlecode.com ssl.google-analytics.com www.google.com www.google.es www.google.co.in seal.verisign.com www.google.co.ma www.google.ro www.google.it www.google.be www.google.ie www.awin1.com maps.googleapis.com cdnjs.cloudflare.com ajax.cloudflare.com app.responseiq.com code.jquery.com maxcdn.bootstrapcdn.com wstatic.responseiq.com cdn.rlets.com www.dwin1.com maps.google.com cdn.oribi.io tagmanager.google.com tagcdn.gi-solutionsgroup.com collector-11715.tvsquared.com https://invitejs.trustpilot.com/tp.min.js https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js https://ecommplugins-trustboxpreview.trustpilot.com/v1.0/trustboxpreview.min.js?ver=1.0 https://ecommplugins-scripts.trustpilot.com/v2.1/js/preview.min.js cdn.hu-manity.co; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com wstatic.responseiq.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com tagmanager.google.com tags.srv.stackadapt.com ecommplugins-scripts.trustpilot.com 'unsafe-eval'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com wstatic.responseiq.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com tagmanager.google.com ecommplugins-scripts.trustpilot.com tags.srv.stackadapt.com 'unsafe-eval'; style-src-attr 'self' 'unsafe-inline'; img-src 'self' data: bat.bing.com r1-t.trackedlink.net stats.g.doubleclick.net www.google-analytics.com www.google.co.uk www.google.com ssl.google-analytics.com www.google.com.np googleads.g.doubleclick.net www.google.it www.googletagmanager.com www.google.es www.google.co.in www.google.co.ma www.google.ro www.gstatic.com www.google.im www.google.be www.google.ie www.awin1.com www.topcashback.co.uk tile.openstreetmap.org a19.responseiq.com app.responseiq.com maps.googleapis.com maps.gstatic.com wstatic.responseiq.com fault.rlets.com cbks0.googleapis.com khms0.googleapis.com khms1.googleapis.com smartslider3.com www.alfatravel.co.uk www.googleadservices.com ssl.gstatic.com tag.gi-solutionsgroup.com www.facebook.com collector-11715.tvsquared.com pubads.g.doubleclick.net dpm.demdex.net region1.analytics.google.com tags.srv.stackadapt.com; font-src 'self' data: app.responseiq.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com fonts.gstatic.com www.alfatravel.co.uk; connect-src 'self' in.hotjar.com app.responseiq.com region1.google-analytics.com www.google-analytics.com stats.g.doubleclick.net 49817b22-010e-431a-a361-fe015e221575.rlets.com apgb2b-reachcodeandproxy.gannettdigital.com capture-api.reachlocalservices.com sentry.hotjar.com ws1.hotjar.com localhost ws10.hotjar.com ws2.hotjar.com ws3.hotjar.com ws4.hotjar.com ws5.hotjar.com ws6.hotjar.com ws7.hotjar.com ws8.hotjar.com ws9.hotjar.com gw.oribi.io ssl.google-analytics.com api.wppopupmaker.com vc.hotjar.io www.googleadservices.com www.google.co.uk www.facebook.com bat.bing.com services.postcodeanywhere.co.uk tvsquared.com maps.googleapis.com tag.gi-solutionsgroup.com hotjar.com designer-api.hu-manity.co region1.analytics.google.com tags.srv.stackadapt.com; media-src 'self' ssl.gstatic.com www.alfatravel.co.uk; child-src 'self' vars.hotjar.com www.google.com; frame-src 'self' vars.hotjar.com staticxx.facebook.com www.googletagmanager.com www.facebook.com web.facebook.com bid.g.doubleclick.net mozbar.moz.com www.google.com 49817b22-010e-431a-a361-fe015e221575.rlets.com onpageload 'unsafe-eval' div.show smartslider3.com https://ecommscript-integrationapp.trustpilot.com/ ecommplugins-scripts.trustpilot.com widget.trustpilot.com; worker-src 'self'; frame-ancestors 'self' 'unsafe-eval'; form-action 'self' news-alfatravel.co.uk www.coachholidays.com www.ipg-online.com; report-uri https://alfatravel.report-uri.com/r/d/csp/enforce 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles hardware2018.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com *.wisepops.com listgrowth.ctctcdn.com beacon.searchspring.io m.addthis.com 4e6f94f0-c23e-4752-a599-adf4d69df3be.rlets.com staticw2.yotpo.com iokhmf.a.searchspring.io appliance-rebates.firebaseio.com capture-api.reachlocalservices.com liqadprdct-capture-prod-east.gannettdigital.com hrm-web-event-details.firebaseio.com res.cloudinary.com www.google.com adservice.google.com activity.wisepops.com popup.wisepops.com tracking.wisepops.com app.getwisp.co wisepops.net hartvillehardware-assets.nyc3.digitaloceanspaces.com *.sharethis.com api.parcellab.com configs.parcellab.com tst.kaptcha.com pagead2.googlesyndication.com kount.com ssl.kaptcha.com; default-src 'self' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com; font-src 'self' hardware2018.commercev3.com s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com fonts.gstatic.com *.bootstrapcdn.com use.fontawesome.com cdn.jsdelivr.net staticw2.yotpo.com data: hartvillehardware-assets.nyc3.digitaloceanspaces.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com 4e6f94f0-c23e-4752-a599-adf4d69df3be.rlets.com s7.addthis.com www.youtube.com tpc.googlesyndication.com forms.hartvillejobs.com cdn.flipsnack.com player.flipsnack.com player.vimeo.com insight.adsrvr.org match.adsrvr.org https://bam.nr-data.net t.sharethis.com tst.kaptcha.com ssl.kaptcha.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ stats.g.doubleclick.net *.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com secure.trust-provider.com cm.g.doubleclick.net www.googleadservices.com d3cgm8py10hi0z.cloudfront.net res.cloudinary.com pubads.g.doubleclick.net googleads.g.doubleclick.net p.yotpo.com cdn-yotpo-images-production.yotpo.com yotpo-editor-production.s3.amazonaws.com fault.rlets.com iokhmf.a.searchspring.io cdn.wisepops.com *.simpli.fi cdn.searchspring.net cdn.flipsnack.com media.mydoitbest.com cdn.wisepops.com tracking.wisepops.com dx4nr741tfc02.cloudfront.net wisp-production-storage.s3.amazonaws.com cdn.wisepops.net hartvillehardware-assets.nyc3.digitaloceanspaces.com *.sharethis.com cdn.parcellab.com icons.parcellab.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com *.simpli.fi loader.wisepops.com cdn.searchspring.net cdnjs.cloudflare.com static.ctctcdn.com cdn.jsdelivr.net cdn.rlets.com staticw2.yotpo.com v1.addthisedge.com z.moatads.com *.addthis.com cdn.wisepops.com use.fontawesome.com tpc.googlesyndication.com forms.hartvillejobs.com js-agent.newrelic.com secure.comodo.com s3.amazonaws.com/a.cdn.searchspring.net/ nyc3.digitaloceanspaces.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net js.adsrvr.org hartvillehardware-assets.nyc3.digitaloceanspaces.com *.sharethis.com cdn.parcellab.com; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com secure.trust-provider.com *.simpli.fi loader.wisepops.com cdn.searchspring.net cdnjs.cloudflare.com static.ctctcdn.com cdn.jsdelivr.net cdn.rlets.com staticw2.yotpo.com v1.addthisedge.com z.moatads.com *.addthis.com cdn.wisepops.com use.fontawesome.com tpc.googlesyndication.com forms.hartvillejobs.com js-agent.newrelic.com secure.comodo.com s3.amazonaws.com/a.cdn.searchspring.net/ nyc3.digitaloceanspaces.com cdn.wisepops.com loader.wisepops.com app.getwisp.co wisepops.net cdn.wisepops.net js.adsrvr.org hartvillehardware-assets.nyc3.digitaloceanspaces.com *.sharethis.com cdn.parcellab.com; style-src 'self' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net static.ctctcdn.com cdn.searchspring.net staticw2.yotpo.com cdnjs.cloudflare.com/ajax/libs/fancybox/ nyc3.digitaloceanspaces.com hartvillehardware-assets.nyc3.digitaloceanspaces.com cdn.parcellab.com; style-src-elem 'self' s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net static.ctctcdn.com cdn.searchspring.net staticw2.yotpo.com cdnjs.cloudflare.com/ajax/libs/fancybox/ nyc3.digitaloceanspaces.com hartvillehardware-assets.nyc3.digitaloceanspaces.com cdn.parcellab.com; style-src-attr  'unsafe-inline'; media-src 'self' hardware2018.commercev3.com s3.amazonaws.com/cdn0.hartvillehardware.com/ cdn.commercev3.net/cdn0.hartvillehardware.com/ cdn0.hartvillehardware.com www.bing.com res.cloudinary.com; 1
upgrade-insecure-requests;  default-src 'self' https: http:;script-src 'self'  'unsafe-inline' 'unsafe-eval' https: http:;style-src 'self' https: 'unsafe-inline';img-src 'self' https: data: http:;font-src 'self' https: data: http: 'unsafe-inline';connect-src 'self' https: http:;form-action 'self'; object-src 'self';report-uri /WebResource.axd?cspReport=true 1
frame-ancestors 'self' https://portaldocliente.tvcabo.mz; 1
default-src 'self' https://online.pubhtml5.com/ https://www.google.com/recaptcha/api.js https://vimeo.com/825628046?share=copy; script-src 'self' https://player.vimeo.com/api/player.js https://www.google.com/recaptcha/api.js?render=explicit www.googletagmanager.com platform.twitter.com ajax.googleapis.com www.google-analytics.com cdnjs.cloudflare.com www.gstatic.com 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' ; font-src 'self' fonts.gstatic.com data:; img-src 'self' secure.gravatar.com https: data:; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; connect-src 'self' https://vimeo.com/api/oembed.json?url=https%3A%2F%2Fvimeo.com%2F823530183&id=823530183&autoplay=false https://region1.google-analytics.com/g/collect?v=2&tid=G-CRBVQ0QFQB www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' platform.twitter.com app.powerbi.com eqaoweb.eqao.com maps.google.com www.google.com https://online.pubhtml5.com/ player.vimeo.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-+0XnIOJ5CZFg5nnPQegxaZ+VX42Qj87Y9NkNZwMLocCXyQSj' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src fonts.gstatic.com  'self' stats.g.doubleclick.net www.google-analytics.com maxcdn.bootstrapcdn.com  *.googleapis.com *.facebook.com client.pay.bka.sh *.jsdelivr.net *.gstatic.com *.cloudflare.com *.eboighar.com unpkg.com *.google.com; img-src 'self' www.google-analytics.com *.eboighar.com *.googleapis.com *.facebook.com *.googletagmanager.com data:;script-src 'self' www.google-analytics.com *.datatables.net *.facebook.net  scripts.pay.bka.sh *.googletagmanager.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.fbcdn.net *.facebook.com *.jsdelivr.net unpkg.com *.jquery.com *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com *.datatables.net *.cloudflare.com *.googleapis.com *.gstatic.com *.jsdelivr.net unpkg.com; 1
frame-src 'self' https://www.google.com/recaptcha/  https://recaptcha.google.com/recaptcha/ 1
default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; font-src 'self'; object-src 'none'; frame-ancestors 'none' 1
default-src 'none'; style-src 'self';img-src 'self' ;script-src 'self'; frame-ancestors 'none'; form-action 'self'; base-uri 'self'; 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.tarotpolis.de; img-src 'self' data: *.tarotpolis.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.tarotpolis.de; style-src 'self' 'unsafe-inline' *.tarotpolis.de *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.tarotpolis.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com; font-src 'self' data: *.tarotpolis.de; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' report-to https://ui.masterpassturkiye.com;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com;    img-src 'self' https: data:;    font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://code.jquery.com https://ui.masterpassturkiye.com;    frame-ancestors 'self' https://online.mersin.bel.tr https://www.estram.com.tr https://www.balikesirulasim.com.tr https://samulas.com.tr https://www.tekulas.com.tr http://zabbix.asiselektronik.com.tr https://ui.masterpassturkiye.com;   frame-src 'self' https://online.mersin.bel.tr https://www.estram.com.tr https://www.balikesirulasim.com.tr https://samulas.com.tr https://www.tekulas.com.tr http://zabbix.asiselektronik.com.tr https://ui.masterpassturkiye.com; 1
default-src 'self' data: *.alphalabs.ca *.gstatic.com *.googleapis.com chart.apis.google.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.g.doubleclick.net *.ggpht.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.alphalabs.ca *.googleapis.com *.googletagmanager.com *.googletagservices.com *.tagmanager.google.com *.google-analytics.com *.google.com/recaptcha/ *.g.doubleclick.net *.gstatic.com *.facebook.net unpkg.com *.stripe.com;style-src 'self' 'unsafe-inline' *.alphalabs.ca *.googleapis.com *.googletagmanager.com *.tagmanager.google.com *.google-analytics.com *.g.doubleclick.net; connect-src 'self' *.visualstudio.com *.googleapis.com *.google-analytics.com *.g.doubleclick.net *.craftcms.com; object-src 'none'; frame-src 'self' *.alphalabs.ca *.google.com *.youtube.com *.stripe.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; 1
script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.tawk.to *.jsdelivr.net *.tidio.co *.facebook.net www.gstatic.com;script-src-attr 'unsafe-inline';img-src 'self' data: i.imgur.com www.google-analytics.com ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com tawk.link *.tawk.to *.tawk.link *.amazonaws.com *.jsdelivr.net *.databrain.com www.googletagmanager.com;style-src 'self' 'unsafe-inline' ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com fonts.googleapis.com *.tawk.to *.jsdelivr.net;font-src 'self' ano3vz3t0ljyh1lfx5c1tglt6z.speed-cdn.com mbua2w451amrhahmjxkkrw7odh.speed-cdn.com fonts.googleapis.com fonts.gstatic.com *.tawk.to *.jsdelivr.net *.googletagmanager.com;frame-src static.goolec.com www.youtube.com youtube.com;connect-src 'self' tickers.playtech.com www.google-analytics.com *.googleapis.com *.tawk.to wss://*.tawk.to tracker.databrain.com;upgrade-insecure-requests;default-src 'self';base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none' 1
frame-ancestors *.prodiadigital.com https://* http://* 1
frame-ancestors 'self' *.easyshipping.gr 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://ajax.googleapis.com; 1
script-src  'self'  'unsafe-inline'   'unsafe-eval'  *.etstur.com  *.otelpuan.com  *.googletagmanager.com  *.hotjar.com  *.facebook.net  *.googleapis.com  *.google-analytics.com  *.googleadservices.com  *.doubleclick.net  *.gstatic.com  *.cloudfront.net  *.cloudflare.com  analytics.tiktok.com  static.cloudflareinsights.com  otelpuan.com  *.efilli.com  otelpuan.webinstats.com  appleid.cdn-apple.com  *.google.com  *.google.com.tr  ;  object-src data: 'unsafe-eval' otelpuan.com *.otelpuan.com ; 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.it 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.it; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.analytics.google.com https://analytics.google.com *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.it; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.it images.fashiola.it cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors 'self' https://www.startpagina.nl 1
block-all-mixed-content; frame-ancestors *.mimeria.com.br 1
default-src 'self'; connect-src *; manifest-src 'self'; script-src * 'unsafe-inline' 'unsafe-eval' data:; img-src * data:; style-src * 'unsafe-inline'; form-action *; font-src *; frame-src *; object-src info.paynet.md 1
frame-ancestors 'self' *.clm-comarch.com 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com *.gruposancorseguros.com *.google.com *.gstatic.com *.googleapis.com cdn.jsdelivr.net js.hsforms.net forms.hsforms.com code.jquery.com *.chat-tonic.com https://go.botmaker.com https://storage.googleapis.com https://polyfill.io/v3/ *.hotjar.com widgets-static.embluemail.com cdn.embluemail.com *.facebook.com googleads.g.doubleclick.net *.facebook.net *.teads.tv *.smileweb.net *.linkedin.com *.qualtrics.com;object-src 'self' *.gruposancorseguros.com;style-src 'self' 'unsafe-inline' *.google.com *.gruposancorseguros.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com *.bootstrapcdn.com *.chat-tonic.com *.smileweb.net;img-src 'self' s3.us-east-1.amazonaws.com *.google-analytics.com *.googletagmanager.com *.gstatic.com *.facebook.com *.gruposancorseguros.com *.googleapis.com cdn.jsdelivr.net cdnjs.cloudflare.com data: *.hsforms.com web.chat-tonic.com *.smileweb.net *.google.com *.google.com.ar unpkg.com *.hotjar.com *.teads.tv *.qualtrics.com;media-src 'self' *.gruposancorseguros.com *.googleapis.com;frame-src *.gruposancorseguros.com td.doubleclick.net *.google.com *.qualtrics.com *.teads.tv *.debmedia.com *.youtube.com;font-src 'self' fonts.gstatic.com *.gruposancorseguros.com cdn.jsdelivr.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com static.smileweb.net *.hotjar.com;connect-src 'self' *.gruposancorseguros.com *.googleapis.com wss://*.gruposancorseguros.com nf-mock.globallogic.com.ar forms.hubspot.com api.hubapi.com *.chat-tonic.com *.botmaker.com m-infra.appspot.com wss://*.botmaker.com/ *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.com.ar *.smileweb.net *.qualtrics.com *.teads.tv;child-src *.google.com *.youtube.com *.facebook.com forms.hsforms.com forms.hubspot.com *.chat-tonic.com data: blob: *.googleapis.com *.debmedia.com *.smileweb.net *.doubleclick.net;frame-ancestors 'none';report-uri /WebResource.axd?cspReport=true 1
default-src 'self' wss://ws.hotjar.com *.hotjar.io *.hotjar.com *.doubleclick.net *.vmarketcompras.com.br viacep.com.br *.execute-api.us-east-1.amazonaws.com wss://*.tawk.to tools.ietf.org *.tawk.to user.userguiding.com www.google-analytics.com stats.g.doubleclick.net bam.nr-data.net analytics.google.com vmarket-images.s3.amazonaws.com www.vmarkethomol.com.br 39lwlzahue.execute-api.us-east-1.amazonaws.com static.userguiding.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  cdn.jsdelivr.net www.googletagmanager.com www.google-analytics.com static.hotjar.com js-agent.newrelic.com script.hotjar.com embed.tawk.to static.userguiding.com; font-src *; style-src 'self' 'unsafe-inline' fonts.googleapis.com embed.tawk.to; img-src https://*; 1
script-src 'self' https: localhost:33209 *.hcaptcha.com giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: localhost:33209 *.hcaptcha.com giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: localhost:33209 *.hcaptcha.com; manifest-src 'self' https: localhost:33209; font-src 'self' https: localhost:33209 giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: localhost:33209 giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: localhost:33209 data: giftcard.golfnow.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: localhost:33209; object-src 'self' https: localhost:33209; frame-ancestors 'self' https: localhost:33209; frame-src 'self' https: localhost:33209 *.hcaptcha.com; worker-src 'self' https: localhost:33209; base-uri 'self' https:;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default 1
frame-ancestors 'self' https://*.cuirn1.com https://*.cuircenter.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://anarres.family; img-src 'self' data: blob: https://anarres.family; style-src 'self' https://anarres.family 'nonce-Yv0gzl4G9O6fBjHNnly+NQ=='; media-src 'self' data: https://anarres.family; frame-src 'self' https:; manifest-src 'self' https://anarres.family; form-action 'self'; child-src 'self' blob: https://anarres.family; worker-src 'self' blob: https://anarres.family; connect-src 'self' data: blob: https://anarres.family wss://anarres.family; script-src 'self' https://anarres.family 'wasm-unsafe-eval' 1
default-src 'none'; script-src 'self' 'sha256-CC38pRZKNQ/7uTF/orNX4hyiFg6ng/B8juXkUmRHGCA=' https://matomo.fancy.org.uk; style-src 'self' https://maxcdn.bootstrapcdn.com; img-src 'self' https://matomo.fancy.org.uk; font-src https://maxcdn.bootstrapcdn.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; base-uri 'self';  frame-src 'self' https://www.google.com  https://maps.google.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com ;  1
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.microsoft.com js.monitor.azure.com dc.services.visualstudio.com try-ppe.dot.net aznb-ame-prod.azureedge.net client-api.arkoselabs.com;style-src 'self' 'unsafe-inline' *.microsoft.com aznb-ame-prod.azureedge.net;img-src * data: blob:;frame-ancestors docs.microsoft.com *.docs.microsoft.com learn.microsoft.com *.learn.microsoft.com labclient.labondemand.com portal.azure.com *.portal.azure.com portal.azure.us portal.azure.cn *.onecloud.azure-test.net *.sharepoint.com localhost:3000;worker-src 'self' blob: *.microsoft.com;form-action 'self' *.microsoft.com *.azure.cn;media-src 'self' blob: *.microsoft.com *.azure.cn;base-uri 'self';font-src 'self' https: data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://www.gstatic.com https://*.oracleinfinity.io https://cdnjs.cloudflare.com https://connect.facebook.net https://googleads.g.doubleclick.net https://maxcdn.bootstrapcdn.com https://pixel.mathtag.com https://*.hotjar.com https://tags.bkrtx.com https://tags.tiqcdn.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com; style-src 'report-sample' 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.google.com https://*.hotjar.io https://*.googlesyndication.com https://www.google.co.ve https://www.google.com.co https://api.ipify.org https://stats.g.doubleclick.net https://www.google-analytics.com; font-src 'self' https://cdnjs.cloudflare.com https://*.hotjar.com; frame-src 'self' data: '' atlassian-companion: https://*.doubleclick.net https://www.google.com https://*.fls.doubleclick.net https://pixel.mathtag.com https://pixel.sitescout.com https://stags.bluekai.com https://www.youtube.com; img-src 'self' data: https://*.doubleclick.net https://*.google.com https://*.oracleinfinity.io https://googleads.g.doubleclick.net https://pixel.mathtag.com https://pixel.sitescout.com https://*.hotjar.com https://www.facebook.com https://www.google.com https://www.google.co.in https://www.google.co.ve https://www.google.com.co https://stats.g.doubleclick.net https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; report-uri https://64e7a95215b491ee72711e4f.endpoint.csper.io; worker-src 'none'; 1
connect-src 'self' wss://ws.hotjar.com https://measurement-api.criteo.com https://k.clarity.ms  https://www.google-analytics.com https://www.shareaholic.net https://cdn.openshareweb.com https://pearblog.wpengine.com https://ct.pinterest.com https://erk.zdassets.com https://*.hotjar.com https://content.hotjar.io https://analytics.tiktok.com https://n.clarity.ms https://t.clarity.ms https://*.shareaholic.com https://ekr.zdassets.com https://maps.googleapis.com wss://widget-mediator.zopim.com https://cdn.tiny.cloud https://ds-us-1.azureedge.net https://*.sharethis.com https://*.zendesk.com https://*.cardsdirect.com https://image.cardsdirect.com https://image.brookhollowcards.com https://image.123print.com https://image.usgacardshop.com https://image.peartree.com https://ekr.zdassets.com https://widget.usersnap.com;default-src 'self' https://*.cardsdirect.com https://static.zdassets.com https://www.google.com; frame-src 'self' https://gleam.io https://ct.pinterest.com https://td.doubleclick.net https://*.sharethis.com https://*.criteo.com https://*.secure.orders.com https://secure.orders.com https://static.criteo.net https://*.cardsdirect.com https://www.google.com https://widget.trustpilot.com https://www.facebook.com https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *;img-src 'self' data: *; font-src 'self' https://*.wpengine.com https://cdn.icomoon.io https://cdn.openshareweb.com https://fonts.gstatic.com https://d1azc1qln24ryf.cloudfront.net;object-src 'none';script-src-elem 'self' 'unsafe-inline' * 1
object-src 'none'; base-uri 'none'; frame-src js.stripe.com; child-src 'none'; worker-src api.warmind.io warmind.io; frame-ancestors 'none'; form-action 'self' export.highcharts.com; report-uri https://csp.warmind.io; report-to https://csp.warmind.io; 1
font-src 'self' *.getpostman.com documenter.postman.com fonts.gstatic.com fonts.googleapis.com *.pstmn.io; frame-ancestors 'none'; img-src * data:; script-src 'self' 'unsafe-inline' 'strict-dynamic' *.getpostman.com documenter.postman.com documenter-assets.pstmn.io content.pstmn.io run.pstmn.io https://cdn.ravenjs.com 'nonce-jqmGb8SRPn0cjcy10CXb4PC9/JfwIHQ6i5l9xzZdKsE5WoWS'; style-src 'self' 'unsafe-inline' *.getpostman.com documenter.postman.com *.pstmn.io fonts.gstatic.com fonts.googleapis.com; frame-src https://youtube.com https://www.youtube.com https://player.vimeo.com 1
frame-ancestors 'self' https://*.toyota.hr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com *.kaptcha.com https://www.youtube.com https://youtu.be;frame-src 'self' https://www.youtube-nocookie.com https://www.google.com *.kasikornbank.com *.kaptcha.com https://www.youtube.com https://youtu.be; connect-src *; font-src * data:; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';frame-ancestors 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-8eQW89sF/XbXhfKfPa+smPYNa52lnsvyLeLtKb5xABEIsF+U' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' data: https://ajax.googleapis.com https://www.google.com https://www.google.co.nz https://www.google-analytics.com https://stats.g.doubleclick.net https://api.addressfinder.io https://www.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://api.addressfinder.io; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://oss.maxcdn.com https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://api.addressfinder.io https://cdnjs.cloudflare.com https://www.google.com https://www.gstatic.com 1
font-src *.googleapis.com *.gstatic.com data: *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com https://static.klaviyo.com *.fontawesome.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.gstatic.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.google-analytics.com *.authorize.net *.yotpo.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.gstatic.com *.googleapis.com *.braintreegateway.com *.googletagmanager.com *.amazonaws.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.paypal.com *.google-analytics.com *.authorize.net *.cardinalcommerce.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.firmenbuchgrundbuch.at *.compass.at *.wirtschaftscompass.at 1
frame-ancestors 'self' *.facebook.com facebook.com info.feversocial.com info.feversocial.com feversocial.com *.feversocial.com 1
frame-ancestors https://dev.cumanagement.com https://staging.cumanagement.com https://www.cumanagement.com https://drup.cumanagement.com 1
default-src 'self' https: data:  'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://go.id-systems.com https://go.powerfleet.com https://pi.pardot.com  https://snap.licdn.com https://www.googletagmanager.com/ https://dc.ads.linkedin.com https://i0.wp.com https://i1.wp.com https://c0.wp.com https://stats.wp.com https://www.google.com; 1
frame-ancestors 'self' *.bahrainbourse.com bahrainbourse.com *.directfn.com/* https://ir.directfn.com/ 1
default-src 'self' vercel.live;    script-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.vercel-insights.com vercel.live va.vercel-scripts.com;    style-src 'self' 'unsafe-inline';    img-src * blob: data:;    media-src 'none';    connect-src *;    font-src 'self' data:;    frame-src 'self' *.codesandbox.io vercel.live; 1
base-uri 'self';form-action 'self';frame-ancestors *.max.co.il; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline'; script-src-attr 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; child-src 'none'; worker-src 'self'; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; disown-opener; base-uri 'self'; report-to default; report-uri https://aylett.report-uri.com/r/d/csp/enforce 1
default-src 'self';   connect-src 'self'     media.deso.org     node.deso.org     amp.deso.org     pulse.deso.org     bitclout.com:*     api.bitclout.com     pulse.bitclout.com     https://altumbase.com     https://openprosperapi.xyz     api.bitpop.dev     localhost:*     explorer.bitclout.com:*     megaswap.dev     megaswap.xyz     heroswap.com     https://api.blockchain.com/ticker     https://api.blockchain.com/mempool/fees     https://ka-f.fontawesome.com/     bitcoinfees.earn.com     api.blockcypher.com     amp.bitclout.com api.bitclout.green api.bitclout.blue     amp.diamondapp.com     api.bitclout.navy     https://videodelivery.net     https://lvpr.tv     https://upload.videodelivery.net     https://web3setu.co.in     https://api2.amplitude.com/2/httpapi     https://heapanalytics.com     https://*.hotjar.com     https://*.hotjar.io     wss://*.hotjar.com     https://diamondapp.com;   script-src 'self'     https://kit.fontawesome.com/070ca4195b.js     https://ka-f.fontawesome.com/     https://script.hotjar.com/modules.352fddba5b21bbfc3a08.js     https://cdn.heapanalytics.com     https://heapanalytics.com     https://static.hotjar.com     https://script.hotjar.com;   style-src 'self'     'unsafe-inline'     https://fonts.googleapis.com     https://heapanalytics.com     https://static.hotjar.com     https://script.hotjar.com     https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css;   media-src 'self'     videos.deso.org     *.mypinata.cloud;   img-src 'self'     data:     i.imgur.com     images.deso.org     media.deso.org     node.deso.org     images.bitclout.com     quickchart.io     arweave.net     *.arweave.net     entre-app-media-dev.s3.us-east-2.amazonaws.com     s3.amazonaws.com     *.pearl.app     *.twimg.com     cloudflare-ipfs.com     https://heapanalytics.com     https://static.hotjar.com     https://script.hotjar.com     https://icotar.com     *.mypinata.cloud;   font-src 'self'     https://fonts.googleapis.com     https://fonts.gstatic.com     https://heapanalytics.com     https://script.hotjar.com     https://ka-f.fontawesome.com;   frame-src 'self'     localhost:*     identity.deso.org     identity.deso.run     identity.deso.blue     identity.deso.green     identity.bitclout.com     identity.bitclout.blue     identity.bitclout.green     megaswap.dev     megaswap.xyz     heroswap.com     https://geo.captcha-delivery.com     https://www.youtube.com     https://iframe.videodelivery.net/     https://lvpr.tv     https://youtube.com     https://player.vimeo.com     https://www.tiktok.com     https://giphy.com     https://open.spotify.com     https://embed-standalone.spotify.com     https://w.soundcloud.com     https://player.twitch.tv     https://clips.twitch.tv     https://mousai.stream     https://vars.hotjar.com     https://iframe.videodelivery.net;   frame-ancestors 'self'; 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-tJCQUu05/IzhAgA2FmVcHg==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.satsback.com/js/ https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/ https://cdn.datatables.net/ https://platform.twitter.com/ https://pagead2.googlesyndication.com/pagead/js/ https://cdn.jsdelivr.net/gh/davidshimjs/qrcodejs@gh-pages/ ; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/ https://fonts.googleapis.com; img-src 'self' * data:; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://plausible.satsback.com/ https://pagead2.googlesyndication.com/pagead/js/ *.pusher.com/; media-src 'self'; frame-src 'self' https://platform.twitter.com/ https://*.youtube.com/; base-uri 'self'; 1
default-src 'self' https://www.youtube.com https://*.google-analytics.com;base-uri 'self';block-all-mixed-content;connect-src 'self' https://*.firesecurityproducts.com cdn.coolcalc.com devextcarrier.oktapreview.com staging.servicesgateway.carrier.com toddsit.com api.appzi.io images.carriercms.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://siteintercept.qualtrics.com https://bam.nr-data.net https://stats.g.doubleclick.net https://*.linkedin.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://region1.analytics.google.com https://maps.googleapis.com https://maps.gstatic.com https://*.g.doubleclick.net https://www.google https://*.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;font-src 'self' w.appzi.io fonts.gstatic.com www.googletagmanager.com;form-action 'self';img-src 'self' data: https://*.firesecurityproducts.com https://*.trustarc.com https://cdn.cookielaw.org https://siteintercept.qualtrics.com udc-neb.kampyle.com images.carriercms.com legacy.goheil.com heapanalytics.com www.shareddocs.com https://i.ytimg.com pim.images.carrier.com https://*.linkedin.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://region1.analytics.google.com https://maps.googleapis.com https://maps.gstatic.com https://*.g.doubleclick.net https://www.google https://*.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat;manifest-src 'self';object-src 'none';script-src-attr 'self' 'unsafe-inline';script-src 'self' 'unsafe-inline' https://*.firesecurityproducts.com https://js-agent.newrelic.com https://*.googletagmanager.com https://*.google-analytics.com https://maps.googleapis.com https://consent.truste.com https://fonts.googleapis.com https://consent.trustarc.com https://snap.licdn.com https://*.pardot.com https://cdn.cookielaw.org wss;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com 1
child-src 'self' blob:; connect-src 'self' https://*.intercom.io https://*.mapbox.com https://*.mixpanel.com https://*.sparelabs.com https://sentry.io wss://*.intercom.io wss://*.sparelabs.com https://*.hubspot.com https://*.hubapi.com https://o79040.ingest.sentry.io https://api.mapbox.com https://*.hsforms.com https://sentry.io https://6xsct86j.api.sanity.io https://hubspot-forms-static-embed.s3.amazonaws.com https://46lg3svv.api.sanity.io https://6xsct86j.apicdn.sanity.io https://46lg3svv.apicdn.sanity.io https://gksilpp4.api.sanity.io https://gksilpp4.apicdn.sanity.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.google-analytics.com stats.g.doubleclick.net https://widget.freshworks.com https://sparelabs.freshdesk.com; default-src 'self'; font-src 'self' data: https://*.intercomcdn.com https://*.loom.com https://fonts.gstatic.com; frame-src 'self' https://*.hubspot.com https://js.hsforms.net https://*.hsforms.com https://portal.productboard.com https://*.youtube.com https://intercom-sheets.com https://preview.pitch.com https://pitch.com https://flo.uri.sh https://calendly.com https://www.google.com; img-src 'self' blob: data: https://*.intercomassets.com https://*.intercomcdn.com https://*.nyc3.digitaloceanspaces.com https://*.sparelabs.com https://sparelabs.com wss://*.sparelabs.com https://cdn.sanity.io https://*.hsforms.com https://*.hubspot.com https://px.ads.linkedin.com https://px4.ads.linkedin.com https://p.adsymptotic.com https://*.hubspotusercontent-na1.net https://i.ytimg.com https://www.linkedin.com https://preview.pitch.com https://pitch.com https://public.flourish.studio https://messenger-apps.intercom.io https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com *.googletagmanager.com https://www.google-analytics.com stats.g.doubleclick.net https://widget.freshworks.com; manifest-src 'self'; media-src 'self' https://*.intercomcdn.com https://cdn.sanity.io https://www.youtube.com; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.intercom.io https://*.intercomcdn.com https://*.stripe.com wss://*.intercom.io https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsforms.net https://snap.licdn.com https://api.mapbox.com https://widget.intercom.io https://js.hs-scripts.com https://js.intercomcdn.com https://translate.googleapis.com https://connect.facebook.net https://public.flourish.studio https://assets.calendly.com https://js.hsleadflows.net https://www.googletagmanager.com https://tagmanager.google.com *.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com stats.g.doubleclick.net https://www.google.com https://www.gstatic.com https://widget.freshworks.com https://sparelabs.freshdesk.com; style-src 'self' 'unsafe-inline' https://*.tiles.mapbox.com https://tagmanager.google.com https://fonts.googleapis.com https://widget.freshworks.com; worker-src 'self' blob:; base-uri 'self'; form-action 'self' https://forms.hsforms.com; frame-ancestors https://spare-japan.sanity.studio https://sparelabs.sanity.studio; report-uri https://o79040.ingest.sentry.io/api/6300108/security/?sentry_key=ad81dfedecd14fef9dced2074eb9cdc3; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.paramediccoach.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.irasia.com *.ckh.com.hk fonts.googleapis.com fonts.gstatic.com *.addthis.com z.moatads.com v1.addthisedge.com *.vzaar.com *.dacast.com static.cloudflareinsights.com *.llnwi.net; 1
script-src 'self' http://cdnjs.cloudflare.com https://www.googletagmanager.com https://code.jquery.com https://cdn.jsdelivr.net https://uschat3.contivio.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://googleads.g.doubleclick.net https://maps.googleapis.com 'unsafe-inline' blob: 'unsafe-eval'; object-src 'none'; frame-ancestors 'self'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' https://web.serviciosmin.gob.es/ https://chatbot.serviciosmin.gob.es https://stats.g.doubleclick.net https://unpkg.com https://www.mintur.gob.es http://www.mintur.gob.es https://use.fontawesome.com https://comercio.gob.es/ https://comercio.gob.es.aplicaciones https://comercio.serviciosmin.gob.es https://apis.google.com https://collect.sdgacceptance.eu https://collect.youreurope.europa.eu https://noembed.com https://ton.twimg.com https://platform.twitter.com https://fonts.googleapis.com https://fonts.gstatic.com http://ajax.googleapis.com https://ajax.googleapis.com http://www.google-analytics.com https://www.google-analytics.com https://region1.google-analytics.com https://plus.google.com http://www.facebook.com http://twitter.com https://www.youtube.com https://ssl.google-analytics.com http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com http://code.jquery.com https://cdn.plyr.io https://cdn.selz.com https://s.ytimg.com https://player.vimeo.com https://vimeo.com http://i.ytimg.com https://s.ytimg.com https://www.google.com https://www.gstatic.com https://cdn.syndication.twimg.com/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/ https://cdn1.readspeaker.com http://cdn1.readspeaker.com https://app-eu.readspeaker.com https://rstts-eu.readspeaker.com https://*.readspeaker.com; img-src 'unsafe-inline' 'self' https://www.mintur.gob.es http://www.mintur.gob.es https://* http://* data:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://*; style-src-elem 'unsafe-inline' 'self' https://web.serviciosmin.gob.es/ https://www.mintur.gob.es http://www.mintur.gob.es https://fonts.googleapis.com http://fonts.googleapis.com https://www.gstatic.com/ https://platform.twitter.com https://ton.twimg.com https://*.readspeaker.com http://*.readspeaker.com https://cdnjs.cloudflare.com https://chatbot.serviciosmin.gob.es; style-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.mintur.gob.es http://www.mintur.gob.es https://platform.twitter.com https://*.readspeaker.com http://cdn1.readspeaker.com https://fonts.googleapis.com; media-src 'unsafe-inline' 'unsafe-eval' 'self' https://* http://*; font-src 'self' data: https://* http://* https://fonts.gstatic.com/ 1
default-src 'self' blob: s.pinimg.com; font-src 'self' s.pinimg.com data: fonts.googleapis.com fonts.gstatic.com use.typekit.net; style-src 'self' blob: 'unsafe-inline' data: *.pinimg.com *.pinterest.com accounts.google.com fonts.googleapis.com *.adyen.com *.adyenpayments.com; img-src blob: data: *; base-uri 'none'; connect-src 'self' blob: *.pinimg.com *.pinterest.com accounts.google.com *.adyen.com pinterest-salvador.s3.amazonaws.com *.adyenpayments.com *.facebook.com www.googleapis.com *.dropboxapi.com pinterest-aberdeen.s3.amazonaws.com pinterest-aberdeen.s3.us-east-1.amazonaws.com pinterest-anaheim.s3.amazonaws.com pinterest-anaheim.s3.us-east-1.amazonaws.com pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-media-upload.s3.amazonaws.com pinterest-media-upload.s3.us-east-1.amazonaws.com pinterest-media-upload.s3-accelerate.amazonaws.com pinterest-media-upload.s3-accelerate.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-poughkeepsie.s3.amazonaws.com pinterest-poughkeepsie.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-plymouth.s3.amazonaws.com pinterest-plymouth.s3.us-east-1.amazonaws.com pinterest-salvador.s3.us-east-1.amazonaws.com *.cedexis.com *.cedexis-radar.net *.tvpixel.com api.pinadmin.com *.live-video.net https://*.daily.co https://*.pluot.blue wss://*.wss.daily.co; form-action 'self' *.adyen.com *.sofort.com *.adyenpayments.com; frame-src 'self' *.pinimg.com *.pinterest.com *.adyen.com static-sandbox.dlocal.com static.dlocal.com *.google.com *.facebook.com www.recaptcha.net pinterest-hilo.s3.amazonaws.com pinterest-hilo.s3.us-east-1.amazonaws.com pinterest-sim-toontown.s3.amazonaws.com pinterest-sim-toontown.s3.us-east-1.amazonaws.com pinterest-milwaukee.s3.amazonaws.com pinterest-milwaukee.s3.us-east-1.amazonaws.com pinterest-waterloo.s3.amazonaws.com pinterest-waterloo.s3.us-east-1.amazonaws.com pinterest-tolu.s3.amazonaws.com *.pinterdev.com content.googleapis.com *.youtube.com *.youtube-nocookie.com *.ytimg.com player.vimeo.com calendly.com vine.co bid.g.doubleclick.net *.fls.doubleclick.net pinlogs.s3.amazonaws.com pinlogs.s3.us-east-1.amazonaws.com advertising-delivery-metric-reports.s3.amazonaws.com advertising-delivery-metric-reports.s3.us-east-1.amazonaws.com servedby.flashtalking.com pinterest-uk.admo.tv pinterest-uk-web.admo.tv fbrpc://call *.linkedin.com px.ads.linkedin.com; media-src 'self' blob: data: *.pinimg.com *.live-video.net; object-src 'self'; script-src 'nonce-3e49139673222332cb6de1387ac80ec4' 'strict-dynamic' 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; worker-src 'self' blob: 'unsafe-inline'; report-uri /_/_/csp_report/?rid=9391221733357348; frame-ancestors 'self' , script-src 'self' blob: 'unsafe-inline' *.pinimg.com *.pinterest.com *.adyen.com js.dlocal.com js-sandbox.dlocal.com static-sandbox.dlocal.com static.dlocal.com *.adyenpayments.com 'report-sample' *.google.com connect.facebook.net *.google-analytics.com *.facebook.com *.googleadservices.com *.doubleclick.net *.googletagmanager.com radar.cedexis.com *.cedexis-test.com www.gstatic.com/recaptcha/ www.gstatic.cn/recaptcha/ www.recaptcha.net 'wasm-unsafe-eval'; report-uri /_/_/csp_report/?rid=9391221733357348 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline' 1
default-src 'self' *.cookielaw.org *.googletagmanager.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cookielaw.org *.googletagmanager.com *.google-analytics.com; img-src 'self' data: *.google.nl *.cookielaw.org *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.cookielaw.org *.googletagmanager.com *.google-analytics.com; font-src 'self' data: *.cookielaw.org *.googletagmanager.com *.google-analytics.com; connect-src 'self' *.cookielaw.org *.googletagmanager.com *.google-analytics.com https://region1.analytics.google.com; 1
child-src 'self'; default-src 'self' *.usave.co.uk 'unsafe-eval' 'unsafe-inline' phplaravel-354301-1685373.cloudwaysapps.com ajax.cloudflare.com static.cloudflareinsights.com optimize.google.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net googleads.g.doubleclick.net connect.facebook.com connect.facebook.net www.googleadservices.com www.google.com www.gstatic.com www.redditstatic.com *.tawk.to * smartlook.cloud e.infogram.com *.smartlook.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com *.amazonaws.com *.tinymce.com *.tiny.cloud; img-src https: data:; frame-src www.googletagmanager.com www.measurementlab.net api.mapbox.com e.infogram.com www.facebook.com www.google.com va.tawk.to optimize.google.com www.googleoptimize.com; font-src 'self' data: fonts.gstatic.com; 1
base-uri 'self';connect-src 'self' https://*.google-analytics.com https://*.doubleclick.net;default-src 'self';font-src 'self' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com;form-action 'self';img-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net data: https://i.ytimg.com https://*.google-analytics.com https://*.cloudfront.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.googletagmanager.com;media-src 'self' https://media.reinierdegraaf.nl https://osk6eqzj7h.execute-api.eu-central-1.amazonaws.com https://d1m0vixjc1og0f.cloudfront.net https://*.guidingtube.com/;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://consent.23g.io https://www.google.com https://www.gstatic.com https://www.googletagmanager.com 'nonce-8jXXJdkZdiqg8Ua2tHJyPD6RH8jUHmlo';frame-src 'self' https://w.soundcloud.com/ https://www.youtube.com/ https://player.vimeo.com/ https://*.guidingtube.com/;style-src 'self' 'unsafe-inline' https://p.typekit.net https://use.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com 1
frame-ancestors *.goalsfootball.co.uk https://www.goalsfootball.co.uk *.studentbeans.com https://*.studentbeans.com localhost:3000 https://polite-youtiao-b0eba4.netlify.app https://goals-headless-git-testing-parachute-digital-ltd.vercel.app https://www.googletagmanager.com https://www.google-analytics.com https://google.com/pay https://www.google.com https://pay.google.com https://client-event-remote-ag.dojo.tech https://ratings.food.gov.uk https://api.ratings.food.gov.uk 1
base-uri 'self'; upgrade-insecure-requests 1
default-src 'self' https://*.google.com https://www.youtube.com; media-src 'self' https://grupofuertes.com https://bodegasluzon.com; font-src * data:; img-src https://* data: blob:; script-src * 'unsafe-inline' https://*.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://*.google.com blob:; style-src * 'unsafe-inline';frame-src 'self' https://*.elpozo.com https://*.google.com https://*.google.es https://*.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; connect-src 'self' https://*.google.com https://*.youtube.com https://*.google-analytics.com https://*.nitrocdn.com https://*.tiktok.com https://forms.hscollectedforms.net https://forms.hubspot.com https://*.getnitropack.com https://*.nixi1.com wss://wall.nixi1.com https://api.1millionbot.com https://*.doubleclick.net wss://socket.1millionbot.com; 1
upgrade-insecure-requests; form-action 'self' 1
default-src 'self' *.googleapis.com *.vdo.ai *.vlitag.com *.adnxs.com *.avantisvideo.com *.addthis.com http: https: data: blob: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://habitat.ca https://*.habitat.ca 1
default-src 'none'; connect-src 'self' https://*.google.com https://*.google-analytics.com https://www.googleadservices.com https://maps.googleapis.com https://performance.typekit.net https://signup-collector.e2ma.net https://script.crazyegg.com https://*.vimeocdn.com https://stats.g.doubleclick.net; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.typekit.net https://use.typekit.net; frame-src 'self' https://www.comparably.com https://*.google.com https://e.issuu.com https://vimeo.com https://*.vimeo.com https://*.youtube.com https://www.youtube-nocookie.com; img-src 'self' data: https://dk98ddgl0znzm.cloudfront.net https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://*.typekit.net https://*.vimeocdn.com https://*.ytimg.com; media-src 'self' data: https://www.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.comparably.com https://dk98ddgl0znzm.cloudfront.net https://emma-content-aggregates-prd.s3.amazonaws.com https://googleads.g.doubleclick.net https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gstatic.com https://script.crazyegg.com https://*.youtube.com https://*.ytimg.com https://use.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.gstatic.com https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; base-uri 'self'; frame-ancestors 'self'; report-uri https://tokybd.report-uri.com/r/d/csp/enforce 1
script-src http: https: https://converse.in 'unsafe-inline' *.wigzo.com *.wigzopush.com *.zdassets.com *.myunidays.com *.payu.in *.crossdevicetracking.com; style-src 'self' blob: https: 'unsafe-inline' https://converse.in; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.myunidays.com *.cdnfonts.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.wigzo.com *.wigzopush.com *.zdassets.com *.myunidays.com *.payu.in *.doubleclick.net *.snapchat.com *.makehook.ws *.crossdevicetracking.com *.facebook.com *.crbug.com; 1
default-src https: ionic: ; connect-src https: ionic: ; font-src https: ionic:  data:; frame-src https: ionic:  ; frame-ancestors https: ionic: ; img-src https: ionic:  data: blob:; media-src https: ionic: ; object-src https: ionic: ; script-src 'unsafe-inline' 'unsafe-eval' blob: https: ionic: ; style-src 'unsafe-inline' https: ionic: ; report-uri /generic-oauth-core/oauth/error/log 1
font-src fonts.gstatic.com *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  'self' 'unsafe-inline'; frame-ancestors none *.mundipagg.com *.movidesk.com *.amazonaws.com *.googletagmanager.com *.google.com *.google.com.br *.youtube.com *.newrelic.com *.nr-data.net *.facebook.net *.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.mundipagg.com *.zopim.com *.movidesk.com *.amazonaws.com *.sunset.systems *.googletagmanager.com *.google.com *.google.com.br *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br/ youtube.com *.doubleclick.net *.newrelic.com *.nr-data.net https://www.googletagmanager.com/ *.facebook.net *.facebook.com snapwidget.com static.zdassets.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.mundipagg.com *.googleusercontent.com *.movidesk.com *.amazonaws.com *.googletagmanager.com *.google.com *.google.com.br *.zopim.com *.siteblindado.com *.cloudfront.net *.cartstack.com *.cartstack.com.br *.conectiva.io conectiva.io *.conectiva.app *.sunset.systems *.tolvnow.com *.cupom.social *.akamaihd.net *.akstat.io *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br/ *.e-goi.com *.yourviews.com.br *.jivosite.com *.newrelic.com *.nr-data.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.facebook.net *.facebook.com storage.googleapis.com cdn.loja.biz *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.zdassets.com *.bizcommerce.com.br *.zendesk.com *.movidesk.com *.amazonaws.com *.getbutton.io *.whatshelp.io *.googletagmanager.com *.google.com *.google.com.br *.svcs.biz *.mundipagg.com *.zopim.com *.siteblindado.com *.cloudfront.net *.cartstack.com *.cartstack.com.br *.conectiva.io conectiva.io *.conectiva.app *.sunset.systems *.tolvnow.com *.tolvfaq.com *.cupom.social *.performa.ai *.ebit.com.br *.tawk.to *.go-mpulse.net *.e-goi.com *.yourviews.com.br *.jivosite.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.facebook.net *.facebook.com cdn.jsdelivr.net cdn.pika.dev cdn.skypack.dev unpkg.com cdnjs.cloudflare.com snapwidget.com apis.google.com static.zdassets.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.bizcommerce.com.br/ *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.tolvnow.com *.cupom.social *.movidesk.com *.amazonaws.com *.googletagmanager.com *.performa.ai *.ebit.com.br *.tawk.to *.bizcommerce.com.br/ *.youtube.com *.e-goi.com *.yourviews.com.br *.jivosite.com *.newrelic.com *.nr-data.net *.google.com *.facebook.net *.facebook.com fonts.googleapis.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.zdassets.com *.zendesk.com *.movidesk.com *.amazonaws.com *.googletagmanager.com *.google.com *.google.com.br *.svcs.biz *.mundipagg.com *.zopim.com *.siteblindado.com *.tolvnow.com *.cloudfront.net *.cartstack.com *.cartstack.com.br conectiva.io *.conectiva.io *.conectiva.app *.sunset.systems *.cupom.social *.doubleclick.net *.performa.ai *.ebit.com.br *.akstat.io *.go-mpulse.net *.tawk.to *.bizcommerce.com.br/ *.youtube.com *.e-goi.com *.yourviews.com.br *.jivosite.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.facebook.net *.facebook.com cdn.jsdelivr.net cdn.pika.dev cdn.skypack.dev unpkg.com cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com data: storage.googleapis.com cdn.loja.biz api.svcs.biz snapwidget.com static.zdassets.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tiktok.com *.yandex.ru https://core.yads.tech https://sync.sharethis.com https://gw-iad-bid.ymmobi.com https://cm.g.doubleclick.net https://t.adx.opera.com https://yandex.ru *.edrone.me https://d3bo67muzbfgtl.cloudfront.net/externals/custom/6581f49e79f45/style.20240228-144139.css  'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.fontawesome.com *.gstatic.com 'self' data: fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://h.online-metrix.net *.meetanshi.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://meetanshi.com/media/logo.png *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self' data: *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.meetanshi.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.google.com *.gstatic.com *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.googleapis.com *.gstatic.com tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.meetanshi.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com t.elasticsuite.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://farmaciamallol.com; 1
default-src 'self' blob: https: data: 'unsafe-inline' 'unsafe-eval'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' always script-src: 'unsafe-inline' https://code.tidio.co https://widget-v4.tidiochat.com https://*.googletagmanager.com https://sibautomation.com https://sync.outbrain.com  https://*.google-analytics.com img-src:  cdnjs.cloudflare.com data: https: https://sync.outbrain.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com connect-src: sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https: wss:  https://sync.outbrain.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com font-src: fonts.gstatic.com https: media-src: widget-v4.tidiochat.com style-src: 'unsafe-inline' fonts.googleapis.com https: 1
connect-src 'self' *.google.com *.google-analytics.com *.disqus.com disqus.com *.disquscdn.com *.addthis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.rlcdn.com 1
connect-src 'self' https://www.google-analytics.com https://api.pexels.com/v1/search https://api.bigdatacloud.net/data/ https://ip.seeip.org/json 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.dibspayment.eu *.google.co.uk *.google.com.tr *.klaviyo.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://widgets.trustedshops.com https://integrations.etrusted.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'unsafe-inline'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.dibspayment.eu *.klarna.com *.demdex.net *.hotjar.com *.stripe.com *.doubleclick.net *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.com *.facebook.net *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com.tr *.klaviyo.com https://arebos.sjv.io klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.dibspayment.eu *.dibs.se *.googletagmanager.com https://widgets.trustedshops.com *.klarnacdn.net *.omtrdc.net *.everesttech.net *.placeholder.com *.cookiepro.com *.cookielaw.org *.doubleclick.net *.google.com.tr *.google.ch *.hotjar.com *.amasty.com *.arebosnl.local *.arebosch.local *.stripe.com *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.com *.facebook.net *.clarity.ms *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.klaviyo.com *.windows.net https://arebos.sjv.io *.loggly.com *.ojrq.net https://integrations.etrusted.com *.gstatic.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de https://*.dibspayment.eu https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.avada.io *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.trackedlink.net *.googletagmanager.com *.cloudflareinsights.com *.klarnacdn.net *.klarna.com *.cookiepro.com *.cookielaw.org *.onetrust.com *.hotjar.com *.googleapis.com *.stripe.com https://cdn.polyfill.io https://browser.sentry-cdn.com *.online-metrix.net *.newrelic.com *.nr-data.net *.doubleclick.net *.google.com.tr *.bing.com *.cloudfront.net *.amazonaws.com *.facebook.com *.facebook.net *.clarity.ms *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.klaviyo.com *.impactcdn.com https://arebos.sjv.io *.etrusted.com *.dibspayment.eu klarna.com *.klarnaevt.com https://widgets.trustedshops.com https://integrations.etrusted.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.dibspayment.eu *.google.co.uk *.google.com.tr *.klaviyo.com https://arebos.sjv.io *.googletagmanager.com https://widgets.trustedshops.com https://integrations.etrusted.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.dibspayment.eu *.google-analytics.com *.trustedshops.com *.etrusted.com *.klarnaevt.com *.googleapis.com *.demdex.net *.cookiepro.com *.cookielaw.org *.doubleclick.net *.google.ch wss://*.hotjar.com *.hotjar.io *.hotjar.com *.stripe.com https://*.ingest.sentry.io *.nr-data.net *.bing.com *.cloudfront.net *.amazonaws.com wss://*.amazonaws.com wss://tufsuyburufn.transport.connect.eu-central-1.amazonaws.com *.facebook.com *.facebook.net *.clarity.ms *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com.tr *.onetrust.com *.klaviyo.com https://arebos.sjv.io *.loggly.com klarna.com *.klarna.com *.klarnacdn.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.arebos.de *.arebos.ch *.arebos.nl *.arebos.co.uk *.arebos.fr *.arebos.it *.arebos.es *.arebos.dk *.dibspayment.eu *.klarna.com *.stripe.com *.google.ch *.google.cz *.google.de *.google.dk *.google.es *.google.fr *.google.it *.google.nl *.google.se *.google.co.uk *.google.com *.google.com.tr *.klaviyo.com https://arebos.sjv.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors *.ekomiapps.de 1
iframe-src angelinipharma.com *.angelinipharma.com 1
object-src 'none'; script-src https://www.google.com/jsapi https://partner.googleadservices.com 'self' 'unsafe-inline' 'unsafe-eval' www.gstatic.com  *.googleadservices.com *.googlesyndication.com cdn.xn--8dbbvwj.net *.xn--8dbbvwj.net *.googletagservices.com www.google-analytics.com *.googleapis.com *.google.com *.google.co.il https://*.google.com xn--8dbbvwj.net www.xn--8dbbvwj.net https://*.google.co.il https://www.google-analytics.com https://www.google.co.il www.googleapis.com pagead2.googlesyndication.com https://www.gstatic.com adservice.google.ru adservice.google.ca adservice.google.co.uk adservice.google.cz adservice.google.co.ug www.googletagmanager.com adservice.google.com.cy googleads.g.doubleclick.net https://peulanet.api.oneall.com https://connect.facebook.net *.facebook.net; report-uri https://xn--8dbbvwj.net/cspreport.php; 1
default-src 'self' https://api.yoando.com.pe; media-src https://storage01.yoando.com.pe https://js.intercomcdn.com https://www.yoando.com.pe https://www.youtube.com; script-src 'self' https://api.yoando.com.pe https://connect.facebook.net 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://recaptcha.net https://assets.customer.io https://widget.intercom.io https://js.intercomcdn.com https://optimize.google.com https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com https://detectca.easysol.net https://maps.googleapis.com https://js-cdn.dynatrace.com https://static.hotjar.com https://script.hotjar.com https://www.youtube.com; img-src 'self' blob: data: https://track.customer.io https://www.facebook.com https://static.intercomassets.com https://widget.intercom.io https://js.intercomcdn.com https://static.hotjar.com https://script.hotjar.com https://geo0.ggpht.com/cbk https://cbks0.googleapis.com/cbk https://www.google-analytics.com https://www.google.com https://detectca.easysol.net https://www.gstatic.com https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.google.com.pe https://www.youtube.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com; frame-src https://consentcdn.cookiebot.com https://recaptcha.net https://intercom-sheets.com https://vars.hotjar.com https://www.google.com https://maps.googleapis.com https://www.youtube.com https://www.youtube-nocookie.com; font-src 'self' https://fonts.intercomcdn.com https://script.hotjar.com https://fonts.gstatic.com https://js.intercomcdn.com data:; child-src https://www.google.com https://maps.googleapis.com https://www.yoando.com.pe https://www.youtube.com; object-src 'none'; connect-src 'self' data: https://api.yoando.com.pe https://consentcdn.cookiebot.com https://ecertic.idcapture.es https://www.google-analytics.com https://api-iam.intercom.io https://in.hotjar.com https://vc.hotjar.io https://content.hotjar.io/ wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://nexus-websocket-a.intercom.io https://www.youtube.com 1
default-src https: data: 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.facebook.com; object-src 'self'; img-src 'unsafe-eval' 'self' data:  *.google.com *.facebook.com live.adampartridge.co.uk maps.gstatic.com maps.googleapis.com 1
worker-src 'self' 'unsafe-inline' 'unsafe-eval' blob:  *.photopea.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.forumfeminarum.nl/logs/ https://www.forumfeminarum.nl/sidekiq/ https://www.forumfeminarum.nl/mini-profiler-resources/ https://www.forumfeminarum.nl/assets/ https://www.forumfeminarum.nl/brotli_asset/ https://www.forumfeminarum.nl/extra-locales/ https://www.forumfeminarum.nl/highlight-js/ https://www.forumfeminarum.nl/javascripts/ https://www.forumfeminarum.nl/plugins/ https://www.forumfeminarum.nl/theme-javascripts/ https://www.forumfeminarum.nl/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js; worker-src 'self' https://www.forumfeminarum.nl/assets/ https://www.forumfeminarum.nl/brotli_asset/ https://www.forumfeminarum.nl/javascripts/ https://www.forumfeminarum.nl/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://*.clevernt.com https://*.cleverwebserver.com https://*.cleverlinux.com; object-src 'none'; 1
default-src 'self' https://*.lb.ge; script-src 'self' 'sha256-PZRCtU/wAaLNo4Jego6C7sipvUW3U/e/QpfxaJ9iZvU=' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.googletagmanager.com https://*.lb.ge; style-src 'self' https://*.lb.ge https://tagmanager.google.com https://fonts.googleapis.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.lb.ge; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://paygatewayapi.lb.ge https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; frame-src 'self' https://c2cproxy.lb.ge https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self'; 1
img-src *; object-src 'none'; frame-ancestors 'none' 1
object-src 'none';base-uri 'self';script-src 'nonce-8mXKFzLgvm3R-usCkJh7mA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
img-src https://ghost.farhugs.net https://www.google.com 'self' data: blob: https://farhugs-web-assets.farhugs.net https://prod-farhugs.farhugs.net https://builder-io.farhugs.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com.tw https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://pagead2.googlesyndication.com https://analytics.google.com https://stats.g.doubleclick.net https://ssl.google-analytics.com https://adservice.google.com https://region1.analytics.google.com https://translate.google.com https://translate.googleapis.com https://fonts.gstatic.com https://tr.line.me https://sst.farhugs.com;script-src https://www.google.com 'self' https://farhugs-web-assets.farhugs.net 'unsafe-inline' https://connect.facebook.net https://www.farhugs.com https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com.tw https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://translate.googleapis.com https://translate.google.com https://d.line-scdn.net https://d.line-cdn.net;connect-src https://www.google.com 'self' https://farhugs-web-assets.farhugs.net https://prod-farhugs.farhugs.net https://user.farhugs.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://firebase.googleapis.com https://firebaseinstallations.googleapis.com https://region1.analytics.google.com https://www.googletagmanager.com https://adservice.google.com https://www.googleadservices.com https://ad.doubleclick.net https://www.google.com.tw https://www.facebook.com https://connect.facebook.net https://translate.googleapis.com https://translate.google.com https://www.gstatic.com https://sst.farhugs.com;default-src 'self';font-src 'self' https://farhugs-web-assets.farhugs.net https://fonts.gstatic.com data:;form-action 'self' https://www.facebook.com;frame-ancestors 'self';frame-src 'self' https://user.farhugs.com https://td.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://tpc.googlesyndication.com;manifest-src 'self' https://farhugs-web-assets.farhugs.net;media-src 'self' data: blob: https://farhugs-web-assets.farhugs.net https://prod-farhugs.farhugs.net https://builder-io.farhugs.net;object-src 'none';style-src 'self' https://farhugs-web-assets.farhugs.net 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googletagmanager.com https://www.facebook.com;worker-src 'self' data: blob: https://farhugs-web-assets.farhugs.net;child-src 'self' https://user.farhugs.com https://td.doubleclick.net https://www.googletagmanager.com https://www.facebook.com https://bid.g.doubleclick.net https://*.fls.doubleclick.net https://tpc.googlesyndication.com data: blob: https://farhugs-web-assets.farhugs.net;script-src-attr https://www.google.com 'self' https://farhugs-web-assets.farhugs.net 'unsafe-inline' https://connect.facebook.net https://www.farhugs.com https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com.tw https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://translate.googleapis.com https://translate.google.com https://d.line-scdn.net https://d.line-cdn.net;script-src-elem https://www.google.com 'self' https://farhugs-web-assets.farhugs.net 'unsafe-inline' https://connect.facebook.net https://www.farhugs.com https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com.tw https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://translate.googleapis.com https://translate.google.com https://d.line-scdn.net https://d.line-cdn.net;style-src-attr 'self' https://farhugs-web-assets.farhugs.net 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googletagmanager.com https://www.facebook.com;style-src-elem 'self' https://farhugs-web-assets.farhugs.net 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com https://translate.googleapis.com https://www.googletagmanager.com https://www.facebook.com;upgrade-insecure-requests;block-all-mixed-content;report-to default;report-uri https://www.farhugs.com/api/v1/reports/csp-violation 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-FsmaWvxSImAmTBIxfF1XHw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' pornototale.webcam:9080 pornototale.webcam:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://pornototale.webcam wss://pornototale.webcam *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715650795 1
frame-ancestors veronepiece.xyz 1
default-src 'self' *.kinandcarta.com *.kinandcarta.local;script-src 'unsafe-inline' 'unsafe-eval' 'self' *.kinandcarta.com https://www.google-analytics.com https://www.google.com *.googleapis.com https://www.googletagmanager.com/ https://www.googleoptimize.com/ https://www.youtube.com/ https://kinandcarta.activehosted.com/ https://d3rxaij56vjege.cloudfront.net/ https://static.elfsight.com/ https://apps.elfsight.com/ https://files.elfsight.com/ https://trackcmp.net/ https://edge.fullstory.com/ https://script.hotjar.com/ https://prism.app-us1.com/ https://j.6sc.co https://snap.licdn.com https://diffuser-cdn.app-us1.com https://tracker.metricool.com *.usabilla.com https://cdn.metarouter.io https://connect.facebook.net https://www.googleadservices.com https://static.hotjar.com https://cookie-cdn.cookiepro.com/ https://cse.google.com/ https://geolocation.onetrust.com/  https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__en.js https://www.gstatic.com https://www.clarity.ms https://cdn.optimizely.com https://*.linkedin.com https://*.doubleclick.net https://boards.greenhouse.io https://player.vimeo.com https://*.vimeocdn.com https://vimeo.com https://*.clarity.ms https://*.fullstory.com https://wp-ui.app-us1.com https://personalization-wp-service.cluster.app-us1.com https://static.oktopost.com/ https://okt.to/ data:;style-src 'unsafe-inline' 'self' *.kinandcarta.com https://fonts.googleapis.com https://www.google.com/ *.cloudfront.net;font-src 'self' *.kinandcarta.com https://fonts.gstatic.com/ data:;frame-src https://www.facebook.com/ https://www.youtube.com/ https://docs.google.com/  https://player.vimeo.com/ https://omny.fm https://www.google.com/ https://vars.hotjar.com/ *.kinandcarta.com *.cdn.optimizely.com https://boards.greenhouse.io *.doubleclick.net;img-src 'self' *.kinandcarta.com https://px.ads.linkedin.com https://b.6sc.co/ https://tracker.metricool.com https://www.googleapis.com/ https://www.facebook.com/ https://www.googletagmanager.com https://www.google.com/ https://www.google.co.uk/ https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com *.cloudfront.net https://*.linkedin.com https://*.doubleclick.net http://clients1.google.com/ *.usabilla.com https://files.elfsightcdn.com/ https://files.elfsight.com https://c.clarity.ms https://*.googleadservices.com https://c.bing.com https://*.fullstory.com https://cookie-cdn.cookiepro.com data:;connect-src 'self' https://cookie-cdn.cookiepro.com/ https://secure.adnxs.com/ https://secure.adnxs.com https://apps.elfsight.com/ https://*.6sense.com wss://*.hotjar.com https://e.metarouter.io/ https://in.hotjar.com https://*.doubleclick.net/ https://*.google-analytics.com/ https://*.google.com/ https://privacyportal.cookiepro.com/request/v1/consentreceipts https://c.6sc.co/ https://boards-api.greenhouse.io/ https://vc.hotjar.io *.hotjar.com https://player.vimeo.com/ https://logx.optimizely.com https://api.usabilla.com https://*.linkedin.com https://*.doubleclick.net https://personalization-wp-service.cluster.app-us1.com https://*.clarity.ms https://*.onetrust.com https://*.optimizely.com https://*.fullstory.com https://ipv6.6sc.co/ https://cdn.linkedin.oribi.io/ *.googlesyndication.com;worker-src 'self';media-src https://player.vimeo.com/ https://vod-progressive.akamaized.net/ https://files.elfsightcdn.com/ https://files.elfsight.com;object-src 'self';frame-ancestors 'self' https://kinandcarta.activehosted.com; 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.cdomagazine.tech;block-all-mixed-content; 1
default-src 'self' slackcorp.okta.com *.oktacdn.com; connect-src 'self' slackcorp.okta.com slackcorp-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com slackcorp.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' slackcorp.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' slackcorp.okta.com *.oktacdn.com; frame-src 'self' slackcorp.okta.com slackcorp-admin.okta.com login.okta.com com-okta-authenticator: api-d03b7811.duosecurity.com; img-src 'self' slackcorp.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' slackcorp.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'; img-src * blob: data:; frame-ancestors 'self' skmmall.17life.com app-mall.skm.com.tw; 1
frame-ancestors https://*.classyng.com; default-src 'self' https://*.ytimg.com https://www.youtube-nocookie.com https://www.youtube.com https://cdn.plyr.io https://assets.akaunting.com https://*.akaunting.com https://akaunting.com https://*.digitaloceanspaces.com https://*.elegantthemes.com https://*.classyng.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com http://*.w3.org https://*.doubleclick.net https://*.stripe.com https://yoast.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://www.youtube.com https://cdn.plyr.io https://*.akaunting.com https://akaunting.com https://sb.classyng.com https://*.classyng.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com http://*.w3.org https://*.stripe.com; img-src 'self' data: https://*.ytimg.com https://www.youtube-nocookie.com https://*.akaunting.com https://akaunting.com https://*.r2.dev https://*.cloudfront.net https://*.elegantthemes.com https://*.classyng.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.gravatar.com http://*.w3.org https://*.googletagmanager.com https://*.w.org https://*.oxy.host https://*.placeholder.com; object-src 'self' https://*.akaunting.com https://akaunting.com  https://*.classyng.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.gravatar.com/* https://*.w.org/*; style-src 'self' 'unsafe-hashes' 'unsafe-inline' https://cdn.plyr.io https://*.akaunting.com https://akaunting.com https://*.classyng.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.bootstrapcdn.com; font-src 'self' data:  https://*.classyng.com https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.bootstrapcdn.com; 1
default-src 'none'; base-uri 'none'; frame-ancestors 'none'; connect-src 'self' *.stripe.com *.getrewardful.com *.intercom.io *.intercomcdn.com *.intercomcdn.eu *.intercomusercontent.com wss://*.intercom.io *.googleapis.com *.google.com *.gstatic.com data: blob: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.doubleclick.net; child-src *.intercom-sheets.com *.intercom-reporting.com *.youtube.com *.vimeo.com *.wistia.net; form-action 'self' intercom.help *.intercom.io; font-src d1dfgjtvrwaror.cloudfront.net fonts.gstatic.com *.intercomcdn.com; img-src https: blob: data: ; manifest-src d1dfgjtvrwaror.cloudfront.net; media-src *.intercomcdn.com; frame-src *.stripe.com app.getbee.io *.doubleclick.net *.google.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com d1dfgjtvrwaror.cloudfront.net; script-src 'unsafe-eval' 'unsafe-inline' https: 'nonce-93d67afe51241835a8c7826eadd2331a' 'strict-dynamic'; upgrade-insecure-requests; report-uri /console/report/csp 1
frame-ancestors 'self' https://aderantonline.force.com; 1
child-src=*; frame-ancestors 'self'; 1
default-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; object-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; frame-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; font-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; media-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; manifest-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; connect-src  'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com ; script-src  'unsafe-inline' 'unsafe-eval' 'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; style-src   'unsafe-inline' 'self' *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; img-src   'self' data: *.google-analytics.com *.google.com *.gstatic.com *.youtube.com *.webosaurus.co.uk *.webolytics.com *.webonet.co.uk *.facebook.net *.googletagmanager.com *.facebook.com *.doubleclick.net *.google.co.uk *.googleadservices.com *.googleapis.com *.typekit.net *.zapier.com *.clarity.ms *.bing.com  ; 1
default-src 'self'; frame-src 'self' archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com www.quintham.com;  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.amazonaws.com/ https://*.list-manage.com/; img-src 'self' data: ; object-src 'self' data: ; frame-src 'self' data: ; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mstdn.dk; img-src 'self' data: blob: https://mstdn.dk https://media.mstdn.dk; style-src 'self' https://mstdn.dk 'nonce-BaotSj/fsPQy6SnPBriWug=='; media-src 'self' data: https://mstdn.dk https://media.mstdn.dk; frame-src 'self' https:; manifest-src 'self' https://mstdn.dk; form-action 'self'; child-src 'self' blob: https://mstdn.dk; worker-src 'self' blob: https://mstdn.dk; connect-src 'self' data: blob: https://mstdn.dk https://media.mstdn.dk wss://mstdn.dk; script-src 'self' https://mstdn.dk 'wasm-unsafe-eval' 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.aplay.mt *.unetsafe.com oppwa.com *.oppwa.com *.unetcard.com google-analytics.com paymentpage.ecommpay.com *.adyen.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com https://*.aplay.mt; frame-src 'self' bankid://* https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://*.zignsec.com https://*.trustly.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://*.unetsafe.com https://*.atlantgaming.com https://*.aplay.mt https://* paymentpage.ecommpay.com asdaerq.dapmaptuns.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://*.aplay.mt *.paywallk.com *.unetsafe.com *.ecommpay.com *.zimpler.net *.adyen.com *.hotjar.com *.acaptureservices.com acaptureservices.com *.oppwa.com oppwa.com *.unetcard.com *.switchpayments.com *.mifinity.com *.google.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com *.astropay.com *.megapay.pro *.ecopayz.com *.billing.cx *.express-connect.com *.paycore.io *.jetoncheckout.com *.ipsp.lv ipsp.lv *.gpaynetworks.com *.sirumobile.com 'nonce-qJtkuXF+O4WHvbFKKYKA+rBv5Q9rmU2GfGZw2pVKpzQ=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://*.aplay.mt *.paywallk.com *.unetsafe.com *.ecommpay.com *.adyen.com *.hotjar.com *.ppipe.net *.oppwa.com oppwa.com *.unetcard.com fasd63.illongrlong.com asdaerq.dapmaptuns.com s4vds4.ujad65dsai.com; worker-src 'self' blob:; report-uri https://aplay.mt/sentry/api/29/csp-report/?sentry_key=9db29a98a6d9444b8cfc0495de9b857a 1
frame-ancestors 'self' https://*.facebook.com/; frame-src 'self' googlevideo.com *.doubleclick.net *.hcaptcha.com www.youtube-nocookie.com www.youtube.com; default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' *.doubleclick.net *.google.com *.articulate.com *.b-ite.com *.cookiehub.net *.cookiehub.eu *.kaessbohrerag.com *.pistenbully.com *.beach-tech.com *.powerbully.com *.snowsat.com *.proacademy.info *.kcomposites.com fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com *.google-analytics.com www.google.com connect.facebook.net www.facebook.com www.google.de www.googleadservices.com i.vimeocdn.com player.vimeo.com img.youtube.com i.ytimg.com www.youtube.com www.gstatic.com cx.atdmt.com www.google.ie cookiehub.net s.ytimg.com www.youtube-nocookie.com noembed.com googlevideo.com cdn.plyr.io jobs.b-ite.com salesviewer.org salesviewer.com https://api.friendlycaptcha.com *.hcaptcha.com blob: 1
default-src 'self' https://*.sfs.biz https://*.sfs.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sapui5.hana.ondemand.com/resources/ https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://ucalc.pro https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.cookiebot.com https://snap.licdn.com https://analytics.tiktok.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://api.ucalc.pro https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch; img-src 'self' data: https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com https://sfs.ch https://*.sfs.ch https://allchemet.ch https://*.allchemet.ch https://*.google-analytics.com https://www.google.com https://www.google.ch https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://*.doubleclick.net; frame-src 'self' https://api.ucalc.pro https://www.youtube.com https://irs.tools.investis.com https://www.google.com https://*.sfs.biz https://*.sfs.com https://*.cookiebot.com https://charts3.equitystory.com https://*.doubleclick.net; frame-ancestors 'self' https://*.sfsintec.biz https://sfsintec.biz https://*.sfsintec.fr https://sfsintec.fr https://*.sfsintec.co.uk https://sfsintec.co.uk https://*.sfs.biz https://*.sfs.com https://sfs.com http://sfs.com capacitor://sfs.com https://*.sfs.ch https://sfs.ch https://allchemet.ch https://*.allchemet.ch https://www.ostjob.ch http://staffbase.com capacitor://staffbase.com; font-src 'self' https://sfs.biz https://*.sfs.biz https://sfs.com https://*.sfs.com; connect-src 'self' https://*.google-analytics.com https://stats.g.doubleclick.net https://design-rx-nvelope-us.s3.us-east-1.amazonaws.com https://newsletter.sfs.biz https://newsletter.dev.sfs.biz https://piwik.sfs.biz https://consentcdn.cookiebot.com https://*.ads.linkedin.com https://analytics.tiktok.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sciences.social; img-src 'self' https: data: blob: https://sciences.social; style-src 'self' https://sciences.social 'nonce-PvC6GO6aA8AIRoSZd8d2Iw=='; media-src 'self' https: data: https://sciences.social; frame-src 'self' https:; manifest-src 'self' https://sciences.social; form-action 'self'; child-src 'self' blob: https://sciences.social; worker-src 'self' blob: https://sciences.social; connect-src 'self' data: blob: https://sciences.social https://cdn.masto.host wss://sciences.social; script-src 'self' https://sciences.social 'wasm-unsafe-eval' 1
frame-ancestors https://*.ipcamlive.com https://*.facebook.com/ 'self' https://community.go-thassos.gr/; 1
default-src *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.googletagmanager.com website-search.ent.us-east-1.aws.found.io *.g.doubleclick.net geolocation.onetrust.com edge.fullstory.com rs.fullstory.com cdn.cookielaw.org *.imirwin.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com *.googletagmanager.com website-search.ent.us-east-1.aws.found.io *.g.doubleclick.net geolocation.onetrust.com edge.fullstory.com rs.fullstory.com cdn.cookielaw.org *.imirwin.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com cdn.jsdelivr.net ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src mms.businesswire.com cdn.cookielaw.org *.googletagmanager.com *.google-analytics.com *.google.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com youtube-nocookie.com vimeo.com *.vimeo.com *.hcaptcha.com hcaptcha.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.travelandleisureco.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
default-src 'self' https://malyish.ru https://*.malyish.ru;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru;style-src 'self' 'unsafe-inline' 'unsafe-eval' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru;frame-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru;img-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru data: mediastream: blob: filesystem:;font-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru data: mediastream: blob: filesystem:;connect-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru;object-src 'none';media-src 'self' https://malyish.ru https://*.malyish.ru https://google.com https://*.google.com https://google.ru https://*.google.ru https://bitrix.info https://*.bitrix.info wss://bitrix.info wss://*.bitrix.info https://jivosite.com https://*.jivosite.com wss://jivosite.com wss://*.jivosite.com https://*.gstatic.com https://gstatic.com https://vk.com https://*.vk.com https://yandex.ru https://*.yandex.ru https://yandex.net https://*.yandex.net https://yastatic.net https://*.yastatic.net https://sypexgeo.net https://*.sypexgeo.net https://googletagmanager.com https://*.googletagmanager.com https://google-analytics.com https://*.google-analytics.com https://facebook.net https://*.facebook.net https://facebook.com https://*.facebook.com https://*.doubleclick.net https://tinkoff.ru https://*.tinkoff.ru https://1c-bitrix.ru https://*.1c-bitrix.ru wss://*.bitrix.info https://*.youtube.com https://*.youtube.ru https://*.youtu.be https://boxberry.de https://*.boxberry.de https://pickpoint.ru https://*.googleapis.com https://widget.profeat.team/ https://bitrixoman.ru https://*.bitrixoman.ru https://mail.ru https://*.mail.ru; 1
default-src 'none'; base-uri 'self'; child-src 'self'; connect-src 'self' 'unsafe-eval' ws://localhost:* http://localhost:* https://localhost:* *.iubenda.com *.olark.com *.linkedin.com *.liadm.com *.hscollectedforms.net *.azure.com wss://ws.hotjar.com *.hotjar.com *.bamboohr.com *.google-analytics.com *.doubleclick.net *.hotjar.io *.linkedin.oribi.io *.getclicky.com *.liadm.com *.googlesyndication.com *.google.com forms-eu1.hsforms.com *.hubspot.com *.clarity.ms; report-uri 'self'  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bing.com *.ocuco.com *.iubenda.com *.olark.com *.intuitive-intuition.com *.hs-scripts.com *.hscollectedforms.net *.hs-banner.com *.hs-analytics.net *.datatables.net *.jquery.com *.jsdelivr.net *.bamboohr.com *.googletagmanager.com *.google-analytics.com *.licdn.com *.doubleclick.net *.adroll.com *.hotjar.com *.getclicky.co *.facebook.net *.pardot.com *.getclicky.com *.vimeo.com  *.azure.com *.intuitive-intuition.com js-eu1.hsforms.net *.hubspot.com *.google.com *.clarity.ms *.gstatic.com; style-src 'self' 'unsafe-inline' *.olark.com *.datatables.net *.cloudflare.com *.bamboohr.com; font-src 'self' 'unsafe-inline' *.olark.com *.googleusercontent.com; frame-src 'self' *.ocuco.com *.olark.com *.pardot.com allow-same-origin *.vimeo.com *.youtube.com *.doubleclick.net/ forms-eu1.hsforms.com *.hs-sites-eu1.com *.google.com; img-src 'self' *.w3.org data: *.bing.com *.cloudflare.com *.olark.com *.hsforms.com *.hubspot.com *.google.com *.google.ie *.googletagmanager.com *.facebook.com *.linkedin.com *.vimeocdn.com *.ytimg.com *.amazonaws.com *.google.nl *.hsappstatic.net *.clarity.ms; frame-ancestors 'self' admin.ocuco.continuous.ie admin.ocuco.com http://localhost:* https://localhost:* ; media-src 'self' *.olark.com  ; form-action 'self' forms-eu1.hsforms.com; worker-src 'self' blob:; 1
default-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; frame-src 'self' https:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'unsafe-inline' ; style-src-attr 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com https://payments.worldpay.com; script-src-elem https://www.gstatic.com https://ajax.googleapis.com/ https://static.opentok.com https://vbrowse.vscreen.me https://payments.worldpay.com https://uk.vbrowse.org/ 'self' 'unsafe-inline' 'unsafe-eval'; connect-src *; img-src * data:; frame-src * 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' www.acuant.com cdnjs.cloudflare.com use.fontawesome.com use.typekit.net p.typekit.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googleadservices.com www.googletagmanager.com cdnjs.cloudflare.com www.acuant.com www.google.com fast.wistia.com fast.wistia.net cdn-ukwest.onetrust.com www.gstatic.com snap.licdn.com www.google-analytics.com scout-cdn.salesloft.com js.hsforms.net jsd-widget.atlassian.com ssl.google-analytics.com yoast.com js.hs-scripts.com js.hsadspixel.net js.hs-analytics.net js.hs-banner.com js.hsleadflows.net connect.facebook.net blob: js.hubspot.com go.idology.com; img-src 'self' 'unsafe-inline' * data: blob: ; font-src 'self' data: * ; connect-src 'self' px.ads.linkedin.com cdn-ukwest.onetrust.com geolocation.onetrust.com www.google-analytics.com scout.salesloft.com stats.g.doubleclick.net cdn.linkedin.oribi.io forms.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com api-private.atlassian.com jsd-widget.atlassian.com my.yoast.com api.hubapi.com forms.hubspot.com region1.google-analytics.com www.facebook.com cta-service-cms2.hubspot.com; frame-src 'self' *.idology.com www.youtube-nocookie.com idology.atlassian.net privacyportal-uk.onetrust.com www.google.com api-5a95881e.duosecurity.com forms.hsforms.com www.googletagmanager.com fast.wistia.com www.facebook.com; frame-ancestors 'self' *.idologylive.com 1
default-src 'self' * data: blob: https: *.dnaweekly.com dnaweekly.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.cheqzone.com *.ostrichesica.com *.peacebanana.com *.cloudfront.net *.datadoghq-browser-agent.com *.ampproject.org *.gstatic.com *.google.com *.alooma.com *.doubleclick.net  *.googleadservices.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.hhtpp.com *.facebook.net *.dropbox.com *.bing.com *.yandex.ru *.quora.com *.yimg.com sp.analytics.yahoo.com *.hotjar.com *.ipify.org blob: data:; style-src 'self' data: blob: 'unsafe-inline' *;connect-src 'self' data: blob: https: dnaweekly.com *.dnaweekly.com *.ampproject.org *.google-analytics.com *.doubleclick.net *.google.com *.hhtpp.com *.yandex.ru *.gravatar.com wss://*.hotjar.com *.wp.com;font-src 'self' data: blob: *.ampproject.org *.googletagmanager.com *.googleapis.com *.gstatic.com; 1
Content-Security-Policy default-src 'self' data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.juicer.io https://js.stripe.com https://js.callrail.com http://js.callrail.com https://connect.facebook.net http://connect.facebook.net https://cdn.callrail.com http://cdn.callrail.com https://www.youtube.com http://www.youtube.com https://my.wpengine.com http://my.wpengine.com http://www.google.com http://google.com https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://unpkg.com http://unpkg.com https://www.googletagmanager.com http://www.googletagmanager.com https://s.btstatic.com http://s.thebrighttag.com http://thebrighttag.com http://www.google-analytics.com http://google-analytics.com http://cdnjs.cloudflare.com https://www.gstatic.com http://www.gstatic.com http://s.btstatic.com http://s.btstatic.com http://static.srcspot.com https://static.srcspot.com;connect-src https://www.juicer.io https://www.suffolk.com https://cdn.jsdelivr.net https://js.callrail.com http://js.callrail.com https://my.wpengine.com http://my.wpengine.com https://stats.g.doubleclick.net http://stats.g.doubleclick.net http://www.google-analytics.com https://www.google-analytics.com data: 'unsafe-inline';img-src 'self' https://media.licdn.com https://www.juicer.io https://assets.juicer.io https://dify.wpengine.com http://dify.wpengine.com https://www.facebook.com http://www.facebook.com https://s.w.org http://s.w.org http://secure.gravatar.com https://secure.gravatar.com http://gravatar.com http://1.gravatar.com http://1.gravatar.com https://1.gravatar.com http://i.ytimg.com http://ytimg.com https://www.google-analytics.com http://www.google-analytics.com data: 'unsafe-inline';frame-src https://www.juicer.io https://js.stripe.com https://www.facebook.com http://www.facebook.com http://youtube.com http://www.youtube.com http://seekbeak.com http://s.thebrighttag.com http://thebrighttag.com https://www.google.com http://www.google.com data: ;style-src 'self' data: 'unsafe-inline' https://www.juicer.io http://unpkg.com http://code.ionicframework.com http://cdnjs.cloudflare.com https://fonts.googleapis.com http://fonts.gstatic.com https://code.ionicframework.com https://unpkg.com https://maxcdn.bootstrapcdn.com maxcdn.bootstrapcdn.com;font-src 'self' https://static.juicer.io http://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com http://fonts.gstatic.com http://code.ionicframework.com data: 'unsafe-inline';frame-ancestors 'self' data: blob:;form-action 'self'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://flimpie.net 'wasm-unsafe-eval'; font-src 'self' https://flimpie.net; img-src 'self' data: blob: https://flimpie.net; style-src 'self' https://flimpie.net 'nonce-9QaKZDHm65DvCHUb53NaoA=='; media-src 'self' data: https://flimpie.net; frame-src 'self' https:; child-src 'self' blob: https://flimpie.net; worker-src 'self' blob: https://flimpie.net; connect-src 'self' blob: data: wss://flimpie.net https://flimpie.net; manifest-src 'self' https://flimpie.net; form-action 'self' 1
img-src https://www.abuseipdb.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: d38vrblg2ltm93.cloudfront.net d2sfrdhy6z7f7y.cloudfront.net d1p4zz1tej8o4g.cloudfront.net thewonder.it bandai-a.akamaihd.net image.b-ch.com arc.akitashoten.co.jp *.amazonaws.com *.amazon-adsystem.com cdn.ampproject.org *.ampproject.net cdn.syndication.twimg.com code.createjs.com *.facebook.net *.facebook.com static.xx.fbcdn.net *.google.com *.google.co.jp *.gstatic.com d.line-scdn.net *.line.me *.doubleclick.net *.mieru-ca.com ws://ntjp.mieru-ca.com maxcdn.bootstrapcdn.com assets.phalcon.io *.twitter.com t.co *.yimg.com *.ytimg.com *.twimg.com *.yahoo.com static.ads-twitter.com scratch.mit.edu *.scratch.mit.edu *.typesquare.com typesquare.com wos-owa.arise.co.jp *.google-analytics.com *.googleadservices.com *.googletagmanager.com *.googleapis.com maxcdn.bootstrapcdn.com www.youtube.com www.youtube-nocookie.com *.clarity.ms *.onetrust.com ; 1
frame-ancestors 'self' multimaps360.de *.multimaps360.de savoyhotel-bad-mergentheim.de *.savoyhotel-bad-mergentheim.de 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-MFti2YUkanJuQQ9Pteu9aimS0TFWwTPdcnYQo7a04bJ4/NVd' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; style-src 'self'; media-src 'self' rtmp:; img-src 'self' https://queer.hacktivis.me/; script-src 'self'; object-src 'self'; base-uri 'none'; form-action 'none'; frame-ancestors 'none' 1
frame-ancestors 'self' https://app.storyblok.com/ 1
frame-ancestors 'self'; default-src https: wss: blob: 'unsafe-eval' 'unsafe-inline' data:; object-src 'self'; img-src http: https: data:; base-uri 'self'; 1
default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://cube.nl 1
default-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com cdn.checkout.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google-analytics.com https://www.googleadservices.com; style-src 'self' 'unsafe-inline' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; font-src 'self' data: *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://fonts.gstatic.com https://js.intercomcdn.com https://fonts.intercomcdn.com; img-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com data: blob: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://downloads.intercomcdn.eu https://downloads.au.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://messenger-apps.eu.intercom.io https://messenger-apps.au.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments.eu https://*.au.intercom-attachments.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://static.intercomassets.eu https://static.au.intercomassets.com https://www.facebook.com https://connect.facebook.net; media-src 'self' https://*.amazonaws.com/site-cms-strapi.wheely.com/ https://*.amazonaws.com/site-cms-strapi.stg.wheely-dev.com/ https://*.amazonaws.com/site-cms-strapi.dev.wheely-dev.com/ https://*.amazonaws.com/static.wheely.com/ https://*.amazonaws.com/photos.wheely.com/ https://*.amazonaws.com/user-uploads-test.wheely.com/ https://*.amazonaws.com/user-uploads.wheely.com/ https://*.amazonaws.com/photos-test.wheely.com/ *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://js.intercomcdn.com; frame-src 'self' *.googletagmanager.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com; connect-src 'self' *.wheely-dev.com *.wheely-dev.app *.wheely-dev.ltd *.wheely-dev.mobi *.wheely.com *.wheely.app *.wheely.ltd *.wheely.mobi *.wheely.st *.wheely.vip https://o18635.ingest.sentry.io *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com https://*.googleapis.com https://*.gstatic.com data: blob: https://hcaptcha.com https://*.hcaptcha.com https://js.checkout.com https://api.intercom.io https://api.au.intercom.io https://api.eu.intercom.io https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io wss://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-b.intercom.io https://nexus-europe-websocket.intercom.io wss://nexus-europe-websocket.intercom.io https://nexus-australia-websocket.intercom.io wss://nexus-australia-websocket.intercom.io https://uploads.intercomcdn.com https://uploads.intercomcdn.eu https://uploads.au.intercomcdn.com https://uploads.intercomusercontent.com https://stats.g.doubleclick.net https://www.facebook.com; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; form-action 'self' https://intercom.help https://api-iam.intercom.io https://api-iam.eu.intercom.io https://api-iam.au.intercom.io https://www.facebook.com https://payment-3ds.com; report-uri https://o18635.ingest.sentry.io/api/1453113/security/?sentry_key=17e7a309684a4cc5a82504db707f1e7a 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NGM3NjM1ODM0ZTJmNDdmM2IzNTdjMGMyOGIyMDM3NjE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.inspectie-jenv.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.inspectie-jenv.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.inspectie-jenv.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
object-src 'none'; base-uri 'self'; connect-src 'self' www.google-analytics.com maps.googleapis.com; frame-src 'self' www.youtube.com maps.googleapis.com *.malwarepatrol.net https://www.google.com/recaptcha/ calendly.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; script-src: 'self' https: 1
object-src 'none';default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval';report-uri;worker-src 'self' blob: 1
script-src www.googletagmanager.com *.googlesyndication.com https://googletagmanager.com https://tagmanager.google.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com *.googleapis.com https://*.gstatic.com https://*.ggpht.com *.googleusercontent.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval' static.lipscore.com cdn.jsdelivr.net js.monitor.azure.com *.spark-vision.com *.klarnacdn.net js.klarna.com *.klarnaservices.com cdn.cookielaw.org connect.facebook.net static.zdassets.com ekr.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io s.pinimg.com bat.bing.com static.hotjar.com script.hotjar.com sc-static.net tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com *.cloudfront.net sleeknotecustomerscripts.sleeknote.com; style-src www.googletagmanager.com https://googletagmanager.com https://tagmanager.google.com https://fonts.googleapis.com fonts.googleapis.com 'self' 'unsafe-inline' static.lipscore.com unpkg.com *.klarnacdn.net cdn.cookielaw.org; img-src www.googletagmanager.com www.google.com www.google.no https://europe-west1-flisekompaniet-no.cloudfunctions.net https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.googleapis.com *.gstatic.com *.googleusercontent.com https://13420313.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com https://googleads.g.doubleclick.net https://www.google.com 'self' data: static.lipscore.com media.test.bluestonepim.com media.bluestonepim.com cdn.cookielaw.org www.facebook.com v2assets.zopim.io static.zdassets.com ct.pinterest.com bat.bing.com; connect-src *.googlesyndication.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com *.googleapis.com *.google.com *.gstatic.com 'self' wapi.lipscore.com dc.services.visualstudio.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com cdn.cookielaw.org *.onetrust.com ekr.zdassets.com *.zendesk.com *.zopim.com zendesk-eu.my.sentry.io wss://*.zendesk.com wss://*.zopim.com ct.pinterest.com bat.bing.com in.hotjar.com *.hotjar.com wss://*.hotjar.com *.hotjar.io tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com; font-src https://fonts.gstatic.com data: fonts.gstatic.com 'self' data: static.lipscore.com *.klarnacdn.net cdn.cookielaw.org unpkg.com; frame-src *.google.com youtube.com *.youtube.com youtu.be *.youtu.be https://13420313.fls.doubleclick.net https://td.doubleclick.net https://bid.g.doubleclick.net vimeo.com *.vimeo.com ds.spark-vision.com *.leadsrespons.no *.klarna.com *.klarnaservices.com pci-norge.no *.pci-norge.no katalog.flisekompaniet.no www.facebook.com ct.pinterest.com vars.hotjar.com tr-shadow.snapchat.com tr.snapchat.com tr6.snapchat.com; default-src 'self'; frame-ancestors 'self'; media-src static.zdassets.com; 1
default-src 'self' *.googletagmanager.com *.doubleclick.net *.googleapis.com; script-src https: 'unsafe-inline' 'unsafe-eval' *.googleapis.com; img-src https: data: 'unsafe-inline'; style-src https: 'unsafe-inline'; object-src 'none'; child-src 'self'; frame-ancestors 'self'; frame-src *; connect-src 'self' *.google-analytics.com *.cevizserver.com *.googletagmanager.com; base-uri 'self'; form-action 'self' *.cevizserver.com; font-src https: data: 'self' *.fontawesome.com; upgrade-insecure-requests; block-all-mixed-content 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com api.userback.io; connect-src 'self' api.userback.io; font-src 'self' fonts.googleapis.com fonts.gstatic.com static.userback.io netdna.bootstrapcdn.com; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' static.userback.io; style-src 'self' 'unsafe-inline' static.userback.io; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com static.userback.io netdna.bootstrapcdn.com 1
base-uri 'self'; script-src https: 'unsafe-inline' 'unsafe-eval' *.sentry.io *.datadome.co *.googlesyndication.com *.googleadservices.com *.adriver.ru *.g.doubleclick.net *.google.com *.sociomantic.com *.google-analytics.com *.googletagmanager.com *.everestjs.net *.googletagservices.com s.ytimg.com *.userapi.com js-agent.newrelic.com  *.olark.com  trafmag.utarget.ru  *.exponea.com media.flixfacts.com *.gstatic.com maps.googleapis.com google-analytics.bi.owox.com tracking.channelsight.com *.criteo.net h.holder.com.ua *.clickfrog.ru creativecdn.com  clickfrog.ru criteo.net gstatic.com exponea.com olark.com googletagservices.com everestjs.net googletagmanager.com google-analytics.com sociomantic.com google.com g.doubleclick.net adriver.ru googleadservices.com googlesyndication.com www.google.com.ua *.criteo.com criteo.com bam.nr-data.net *.google.com.ua az783074.vo.msecnd.net cdn.ampproject.org *.googleapis.com;  object-src 'none'; img-src 'self' *.googletagmanager.com https://sp.tinymce.com *.doubleclick.net https://www.google-analytics.com https://www.google.com.ua https://www.google.com *.googlesyndication.com *.creativecdn.com data:; media-src 'self'; frame-src 'self' https://vars.hotjar.com https://googleads.g.doubleclick.net *.googlesyndication.com *.creativecdn.com; frame-ancestors 'none'; worker-src 'self'; form-action 'self' https://www.portmone.com.ua; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.tiny.cloud https://fonts.googleapis.com; connect-src 'self' *.sentry.io *.hotjar.io wss://ws8.hotjar.com *.hotjar.com *.google.com.ua *.google.com *.datadome.co *.gstatic.com https://stats.g.doubleclick.net https://securepubads.g.doubleclick.net https://www.google-analytics.com https://pagead2.googlesyndication.com; report-uri https://2746b976bff56fb9fb072ca875846856.report-uri.com/r/d/csp/reportOnly 1
frame-ancestors https://insportline-pl.livesale.me 1
object-src 'none'; frame-ancestors 'self'; form-action pbn.paybynet.com.pl/PayByNet/trans.do 'self'; upgrade-insecure-requests; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-downloads; base-uri 'self'; 1
default-src 'self'; connect-src 'self' https://www.facebook.com/tr/ https://events.framer.com/anonymous https://googleads.g.doubleclick.net/pagead/viewthroughconversion/ https://stats.g.doubleclick.net/j/collect https://www.google.com/pagead/1p-conversion/ https://adservice.google.com/pagead/regclk https://analytics.google.com/g/collect https://www.google-analytics.com/g/collect https://stats.g.doubleclick.net/g/collect https://www.google.co.id/ads/ga-audiences https://maps.googleapis.com/ https://cdn.growthbook.io/ https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.ingest.sentry.io/api/ https://analytics.tiktok.com/ https://ai.pashouses.id https://api-js.mixpanel.com/track/ https://api-js.mixpanel.com/engage/; font-src 'self' https://app.framerstatic.com/ https://fonts.gstatic.com/s/ https://fonts.gstatic.com/l/ https://script.hotjar.com; frame-src 'self' https://vars.hotjar.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://*.jotform.com/ https://ai.pashouses.id; img-src 'self' data: https://www.facebook.com/ https://framerusercontent.com/ https://maps.gstatic.com/mapfiles/ https://maps.googleapis.com/maps/ https://www.google-analytics.com/collect https://www.google.co.id/ads/ga-audiences https://ik.imagekit.io/pashouses/ https://i.ytimg.com/ https://img.youtube.com/; media-src 'self' https://framerusercontent.com/modules/assets/; script-src 'self' https://connect.facebook.net/ https://events.framer.com/script https://framer.com/m/ https://framerusercontent.com/sites/ 'unsafe-inline' https://script.hotjar.com/ https://static.hotjar.com/ https://maps.googleapis.com/maps/ https://maps.googleapis.com/maps-api-v3/api/js/ https://www.googletagmanager.com/gtag/ 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 'unsafe-inline' https://static.hotjar.com https://script.hotjar.com; worker-src 'self' blob:; 1
default-src 'self'; font-src 'self' fonts.gstatic.com; img-src 'self' 'unsafe-inline' data: portmvuploads.s3.ap-southeast-1.amazonaws.com; script-src 'self' 'unsafe-inline' https: 'nonce-lw5s6hdo' 'strict-dynamic'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; frame-src 'self' 'nonce-lw5s6hdo' https://www.google.com/; object-src 'none'; base-uri 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.servislet.com mapi.servislet.com api.servislet.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/  https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com https://static.ads-twitter.com https://www.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://analytics.twitter.com https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://www.gstatic.com https://maps.googleapis.com platform.twitter.com www.google-analytics.com connect.facebook.net ssl.google-analytics.com www.googleadservices.com static.ads-twitter.com mc.yandex.ru googleads.g.doubleclick.net www.googletagmanager.com s3.amazonaws.com translate.google.com code.jquery.com translate.googleapis.com translate.yandex.net https://google.com https://www.google.com www.googleoptimize.com https://wchat.freshchat.com *.driverreviews.com https://cdn.tiny.cloud 1
object-src 'none'; img-src 'self' data: www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com; base-uri 'none'; media-src 'none'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://*.googletagmanager.com https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com https://cdn.logwork.com https://connect.facebook.net https://www.gstatic.com https://fundingchoicesmessages.google.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com; 1
frame-ancestors https://*.aularandstad.es https://aularandstad.es https://*.randstad.es; 1
upgrade-insecure-requests; frame-ancestors 'none'; object-src 'none'; base-uri 'self'; script-src 'self' *.googleadservices.com *.cloudflare.com *.newrelic.com *.googletagmanager.com *.google.com *.translate.google.com *.googleapis.com *.tinymce.com *.twitter.com *.facebook.net *.gstatic.com *.intercom.io *.google-analytics.com *.nr-data.net *.intercomcdn.com *.tiny.cloud *.clarity.ms *.licdn.com *.googlesyndication.com *.g.doubleclick.net *.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; report-uri https://sentry.io/api/1455410/security/?sentry_key=d0d6eb54193b4525b8ff364e9d62b192&sentry_environment=production 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors https://syke.maps.arcgis.com; base-uri 'self'; object-src 'self'; connect-src wss: https: 1
default-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.hotjar.com https://*.leadinfo.net https://api.adcalls.nl https://api.leadinfo.com https://api.widget.futy.io https://consentcdn.cookiebot.com https://*.clarity.ms https://forms-eu1.hubspot.com https://*.g.doubleclick.net wss://*.hotjar.com https://*.dynamics.com https://js-eu1.hs-banner.com https://cdn.linkedin.oribi.io https://*.googlesyndication.com https://www.google.com https://bat.bing.com https://www.facebook.com https://px.ads.linkedin.com; font-src 'self' https://themes.googleusercontent.com; frame-src 'self' https://consentcdn.cookiebot.com https://static.addtoany.com https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://e.issuu.com https://forms.office.com https://player.vimeo.com https://vars.hotjar.com https://*.dynamics.com https://www.facebook.com https://analytics-eu.clickdimensions.com https://td.doubleclick.net; img-src 'self' data: https://www.google.com https://www.google.nl https://leadpack-cf.yourwoo.com https://*.svc.dynamics.com https://*.google-analytics.com https://www.googletagmanager.com https://*.linkedin.com https://www.facebook.com https://c.clarity.ms https://c.bing.com https://tr.lfeeder.com https://forms-eu1.hsforms.com https://track-eu1.hubspot.com https://*.lfeeder.com https://*.leadfeeder.com https://bat.bing.com https://imgsct.cookiebot.com https://*.g.doubleclick.net; script-src 'self' 'unsafe-inline' cdnjs.cloudflare.com https://leadpack-cf.yourwoo.com https://mktdplp102cdn.azureedge.net https://polyfill.io https://static.addtoany.com https://unpkg.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://*.cookiebot.com https://koi-3qneu2w9pc.marketingautomation.services https://tag.perfectaudience.com https://pixel-geo.prfct.co https://static.addtoany.com https://www.google-analytics.com https://eu2.snoobi.eu https://www.gstatic.com https://www.googletagmanager.com https://snap.licdn.com https://*.hotjar.com https://connect.facebook.net https://www.clarity.ms https://script.adcalls.nl https://cdn.leadinfo.net https://static.mailerlite.com https://sc.lfeeder.com https://v1.widget.futy.io https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.hsleadflows.net https://www.googleoptimize.com https://*.lfeeder.com https://*.leadfeeder.com https://www.youtube.com https://bat.bing.com https://www.googleadservices.com https://*.dynamics.com cdnjs.cloudflare.com https://leadpack-cf.yourwoo.com https://mktdplp102cdn.azureedge.net https://polyfill.io https://unpkg.com https://www.google.com; style-src 'self' 'unsafe-inline' https://static.mailerlite.com cdnjs.cloudflare.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data:; style-src * 'unsafe-inline'; frame-ancestors *; font-src * 'unsafe-inline'; 1
default-src 'self' blob:; connect-src * 'unsafe-inline'; font-src * data:; frame-src *; img-src * 'self' blob: data:; media-src *; object-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gtm.com *.googletagmanager.com *.jsdelivr.net *.google.com *.google.co.in *.tvsmotorcompanyltd.australia-3.evergage.com *.cloudflare.com *.bootstrapcdn.com *.gstatic.com *.tvsemerald.com *.facbook.com *.facebook.net *.google-analytics.com *.googleapis.com *.evgnet.com *.visualwebsiteoptimizer.com *.clarity.ms *.kenyt.ai *.facebook.net *.taboola.com *.doubleclick.net *.outbrain.com *.zemanta.com *.jqueryscript.net *.googleadservices.com *.googlesyndication.com *.datatables.net *.go-mpulse.net *.visualwebsiteoptimizer.com app.vwo.com; style-src * 'unsafe-inline';script-src-elem * 'unsafe-inline' *.visualwebsiteoptimizer.com app.vwo.com;worker-src 'self' blob:; 1
default-src 'none'; script-src 'self' yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz 'nonce-Y2NmMGJmZTktOGUwMS00NjhjLTk4YTMtMmU0NDA5ZTg1ZWNj' analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net connect.facebook.net www.facebook.com; style-src 'self' yastatic.net 'unsafe-inline'; img-src 'self' blob: data: yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net connect.facebook.net www.facebook.com; font-src 'self' data: yastatic.net; object-src 'none'; base-uri 'self' yastatic.net; media-src 'self' yastatic.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; frame-src 'self' blob: forms.yandex.ru analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; connect-src 'self' mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz uaas.yandex.ru analytics.google.com www.google.ru www.google.com www.google.kz www.google-analytics.com www.googletagmanager.com stats.g.doubleclick.net googleads.g.doubleclick.net s.pinimg.com ct.pinterest.com abt.s3.yandex.net; child-src blob: mc.yandex.ru mc.yandex.com mc.yandex.by mc.yandex.kg mc.yandex.kz mc.yandex.md mc.yandex.uz; manifest-src 'self' yastatic.net; form-action 'self'; report-uri https://csp.yandex.net/csp?from=yango.delivery&project=static-yango&yandex_login=undefined&yandexuid=undefined; frame-ancestors 'self' metrika.yandex.ru metrika.yandex.by metrika.yandex.com metrika.yandex.com.tr metrica.yandex.ru metrica.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://vk.com/js/api/openapi.js https://ajax.googleapis.com https://mc.yandex.ru https://cdn.jsdelivr.net/npm/@flasher/flasher@1.2.4/dist/flasher.min.js https://daruse.ru/assets/js/snowfall.js  https://cdn.jsdelivr.net/npm/jquery@3.6.3/dist/jquery.min.js https://cdn.jsdelivr.net/npm/@flasher/flasher-toastr@1.2.4/dist/flasher-toastr.min.js 1
report-uri /jss/csp_report.phtml;base-uri 'self';default-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com blob:;script-src 'self' 'nonce-4b92e0ec-e2c5-431c-97d9-f2313928f194' 'unsafe-eval' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com;style-src 'self' 'unsafe-inline' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;font-src 'self' data: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;frame-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;connect-src 'self' blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com www.facebook.com *.ingest.sentry.io;img-src 'self' data: blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com www.googletagmanager.com googletagmanager.com connect.facebook.net *.google-analytics.com www.facebook.com *.ingest.sentry.io ad.doubleclick.net adservice.google.com media0.giphy.com;media-src 'self' data: blob: pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net maps.googleapis.com;manifest-src 'self' pd1ql.quackcdn.net pcache-us1.quackcdn.net pcache-us1-cf.quackcdn.net pcache-eu1.quackcdn.net quackcdn.net;object-src 'none';worker-src 'self' blob:;block-all-mixed-content;upgrade-insecure-requests;frame-ancestors 'self';form-action 'self';script-src-attr 'none' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-rRKPiRL4N7f+4486//v1NeSUInJ4seBICWnPVfWpFubsz91I' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.adform.net https://*.appboycdn.com https://*.bing.com https://*.braintreegateway.com https://*.branch.io https://*.btncdn.com https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.heapanalytics.com https://*.hotjar.com https://*.iteratehq.com https://*.klarnacdn.net https://*.mention-me.com https://*.paypal.com https://*.paypalobjects.com https://*.pinimg.com https://*.pusher.com https://*.rmtag.com https://*.stripe.com https://*.tvsquared.com https://*.spoteffects.net https://*.twitter.com https://*.xg4ken.com https://*.zdassets.com https://*.zenaps.com https://*.zopim.com https://ad4m.at https://app.link https://www.googleoptimize.com https://*.cookiebot.com https://*.trustedshops.com https://*.microsoft.com https://*.klarna.com https://*.klarnaservices.com https://*.appsflyer.com https://*.inflcr.co https://*.clarity.ms https://*.keyivr.com https://*.analytics.tiktok.com https://analytics.tiktok.com https://pzapi-kg.com https://*.ad-srv.net https://cdn.optimizely.com/ https://api.smooch.io https://*.digitalgenius.com https://*.dgdeepai.com https://*.smooch.io; script-src-elem 'self' 'unsafe-inline' https://*.appboycdn.com https://*.bing.com https://*.branch.io https://*.doubleclick.net https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.heapanalytics.com https://*.hotjar.com https://*.pinimg.com https://*.rmtag.com https://*.tvsquared.com https://*.spoteffects.net https://*.zdassets.com https://*.zenaps.com https://app.link https://*.stripe.com https://*.zopim.com https://ad4m.at https://*.pusher.com https://*.braintreegateway.com https://*.mention-me.com https://*.klarnacdn.net https://www.googleoptimize.com https://*.cookiebot.com https://*.trustedshops.com https://*.microsoft.com https://*.klarna.com https://*.appsflyer.com https://*.inflcr.co https://cdn.jsdeliver.net https://*.keyivr.com https://*.clarity.ms https://*.analytics.tiktok.com https://analytics.tiktok.com https://pzapi-kg.com https://*.ad-srv.net https://*.google.com https://cdn.optimizely.com/ https://api.smooch.io https://*.digitalgenius.com https://*.dgdeepai.com https://*.smooch.io; style-src 'self' 'unsafe-inline' https://*.fontawesome.com https://cdn.honey.io https://*.klarna.com https://*.appsflyer.com https://*.google.com https://*.digitalgenius.com https://*.dgdeepai.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.bloomon.com https://*.bloomon.be https://*.bloomon.co.uk https://*.bloomon.de https://*.bloomon.dk https://*.bloomon.nl https://*.bing.com https://*.braintree-api.com https://*.braintreegateway.com https://*.branch.io https://*.braze.com https://*.bugsnag.com https://*.contentful.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.klarnaevt.com https://*.pinterest.com https://*.postcodeanywhere.co.uk https://*.pusher.com wss://*.pusher.com https://*.stripe.com https://*.zdassets.com https://*.zendesk.com https://bw-contact-uploads.s3-eu-west-1.amazonaws.com https://vimeo.com wss://*.pusherapp.com wss://*.zopim.com https://*.sciencebehindecommerce.com wss://*.hotjar.com https://*.heapanalytics.com https://heapanalytics.com https://*.mention-me.com https://bw-form-uploads.s3-eu-west-1.amazonaws.com https://*.cookiebot.com https://*.trustedshops.com https://*.etrusted.com https://*.trustbadge.com https://*.klarna.com https://*.klarnauserservices.com https://*.appsflyer.com https://*.onelink.me https://capi.bloomandwild.com https://www.instagram.com https://*.google.com https://google.com  https://*.clarity.ms https://*.keyivr.com https://analytics.tiktok.com https://*.auryc.com https://cdn.optimizely.com/ https://logx.optimizely.com/ wss://api.smooch.io https://api.smooch.io https://api.pwnedpasswords.com https://*.digitalgenius.com https://*.dgdeepai.com https://*.smooch.io; font-src 'self' data: https://*.fontawesome.com https://cdn.honey.io https://*.hotjar.com https://fonts.gstatic.com https://*.klarna.com https://*.appsflyer.com https://*.auryc.com https://*.digitalgenius.com; frame-src 'self' https://*.bloomon.com https://*.bloomon.be https://*.bloomon.co.uk https://*.bloomon.de https://*.bloomon.dk https://*.bloomon.nl https://bloomwild.typeform.com https://bloomandwild.typeform.com https://www.mainadv.com https://www.pinterest.de https://www.pinterest.dk https://www.pinterest.co.uk https://*.pinterest.com https://*.pinterest.fr https://*.pinterest.com.au https://*.pinterest.ie https://*.pinterest.at https://*.pinterest.ca https://*.pinterest.es https://*.pinterest.nz https://*.braintreegateway.com https://*.doubleclick.net https://*.facebook.com https://*.googlesyndication.com https://*.hotjar.com https://*.klarna.com https://*.paypal.com https://*.stripe.com https://*.vimeo.com https://*.youtube.com https://*.youtube-nocookie.com https://*.zenaps.com https://ad4m.at https://ad4mat.net https://mention-me.com https://*.mention-me.com https://*.cookiebot.com https://*.appsflyer.com https://*.inflcr.co https://*.keyivr.com https://*.google.com https://*.digitalgenius.com https://*.dgdeepai.com; child-src 'self' blob: https://*.braintreegateway.com https://*.paypal.com https://*.klarna.com https://*.appsflyer.com https://*.digitalgenius.com https://*.dgdeepai.com; manifest-src 'self'; media-src 'self' https://*.zdassets.com https://*.klarna.com https://*.appsflyer.com https://*.vimeo.com https://download-video.akamaized.net https://*.digitalgenius.com https://*.dgdeepai.com; img-src 'self' data: https://*.bloomon.com https://*.bloomon.be https://*.bloomon.co.uk https://*.bloomon.de https://*.bloomon.dk https://*.bloomon.nl https://*.google-analytics.com https://*.google.ae https://*.google.al https://*.google.co.in https://*.google.co.nz https://*.google.co.uk https://*.google.com https://*.google.com.au https://*.google.com.sg https://*.google.de https://*.google.dk https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google.lk https://*.google.nl https://*.google.ro https://*.google.ch https://*.google.pt https://*.google.fi https://*.google.co.za https://*.google.lt https://*.google.cz https://*.google.com.ph https://*.google.lv https://*.google.kz https://*.google.com.hk https://*.google.at https://*.google.be https://*.google.se https://*.google.no https://*.google.je https://*.google.com.qa https://*.google.pl https://*.google.gr https://*.google.com.sa https://*.google.ru https://*.google.hu https://*.google.com.pk https://*.google.com.np https://*.google.com.gh https://*.google.com.cy https://*.google.lu https://*.google.com.tr https://*.google.co.uk https://*.ad4mat.net https://*.adform.net https://*.adition.com https://*.adnxs.com https://*.adscale.de https://*.adserver01.de https://*.amazon-adsystem.com https://*.atdmt.com https://*.bidswitch.net https://*.bing.com https://*.braintreegateway.com https://*.branch.io https://*.contentful.com https://*.creative-serving.com https://*.ctfassets.net https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.googletagmanager.com https://*.gstatic.com https://cdn.honey.io https://*.linksynergy.com https://*.mention-me.com https://*.paypal.com https://*.pinterest.com https://*.rubiconproject.com https://*.stripe.com https://*.taboola.com https://*.tvsquared.com https://*.spoteffects.net https://*.twiago.com https://*.twitter.com https://*.yieldlab.net https://*.zenaps.com https://ad4m.at https://as.ad4m.at https://heapanalytics.com https://id5-sync.com https://carrier-logos.s3-eu-west-1.amazonaws.com https://*.trustedshops.com https://*.klarna.com https://*.klarnaevt.com https://*.klarnacdn.net https://*.appsflyer.com https://*.inflcr.co https://impressions.onelink.me https://www.instagram.com https://*.bloomandwild.zendesk.com https://bloomandwild.zendesk.com https://*.keyivr.com https://*.clarity.ms https://prf.hn https://*.hotjar.com https://static.zdassets.com https://i.vimeocdn.com https://*.digitalgenius.com https://*.dgdeepai.com https://*.cookiebot.com/; report-uri https://api.bloomandwild.com/csp-violations; report-to {"max_age":86400,"endpoints":[{"url":"https://api.bloomandwild.com/csp-violations"}]} 1
frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-qZxZwLi_YWBAAH0OEaPyIw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' twitter.com t.co;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.ep-mimecast.ads-twitter.com https://*.marketo.com https://analytics.twitter.com https://assets.pinterest.com https://apis.google.com https://ajax.googleapis.com https://cdn.syndication.twimg.com https://connect.facebook.net https://code.jquery.com https://en.twitter.com https://graph.facebook.com https://googletagmanager.com https://google-analytics.com https://js.facebook.com https://kit.fontawesome.com https://m.youtube.com https://munchkin.marketo.net https://platform.twitter.com https://static.ads-twitter.com https://ssl.google-analytics.com https://t.co https://tagmanager.google.com https://use.fontawesome.com https://vrmgr.worketc.com https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com;style-src 'self' 'report-sample' 'unsafe-inline' *.fontawesome.com *.marketo.com *.marketo.net ajax.googleapis.com code.jquery.com fonts.googleapis.com platform.twitter.com ton.twimg.com tagmanager.google.com www.googletagmanager.com;object-src 'none';child-src 'self' *.facebook.com connect.facebook.net platform.twitter.com www.youtube.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.facebook.com *.twitter.com connect.facebook.net;worker-src 'self'; 1
block-all-mixed-content; base-uri 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* *.google.com *.gstatic.com www.google-analytics.com *.addtoany.com use.fontawesome.com *.youtube.com *.ytimg.com *.googleapis.com googleapis.com *.googletagmanager.com *.cloudflare.com *.cloudfront.net *.activehosted.com *.facebook.net *.doubleclick.net analytics.tiktok.com cdn.blueconic.net sc-static.net tr.snapchat.com 4pm.blueconic.net *.googleadservices.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net unpkg.com region1.analytics.google.com static.kingslandfestival.nl; style-src 'self' 'unsafe-inline' *.googleapis.com googleapis.com *.google.com *.addtoany.com cloud.typography.com *.myfonts.net *.typekit.net *.cloudflare.com *.blueconic.net static.kingslandfestival.nl; font-src 'self' *.gstatic.com data: *.typekit.net *.cloudflare.com  static.kingslandfestival.nl; img-src 'self' data: *.google-analytics.com *.analytics-google.com *.gstatic.com *.googleapis.com googleapis.com *.google.com *.cloudflare.com www.facebook.com www.google.nl *.doubleclick.net *.googleadservices.com content.app-us1.com *.cloudfront.net *.blueconic.net static.kingslandfestival.nl; child-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com tr.snapchat.com *.facebook.com appic.events static.kingslandfestival.nl; frame-src 'self' *.google.com *.addtoany.com *.youtube.com *.vimeo.com vimeo.com *.activetickets.com *.issuu.com *.recruitee.com *.linkedin.com tr.snapchat.com *.facebook.com appic.events static.kingslandfestival.nl; media-src 'self' *.youtube.com *.vimeo.com vimeo.com *.vimeocdn.com *.akamaized.net fanalists.com static.kingslandfestival.nl; connect-src 'self' localhost:* wss://localhost:* *.projectguide.nl *.google-analytics.com *.analytics-google.com *.googleapis.com googleapis.com *.googleusercontent.com stats.g.doubleclick.net analytics.tiktok.com 4pm.blueconic.net tr.snapchat.com adservice.google.com *.analytics.google.com static.kingslandfestival.nl; object-src 'self' *.youtube.com *.vimeo.com vimeo.com  static.kingslandfestival.nl; form-action 'self' *.facebook.com *.activehosted.com 4pm.activehosted.com; worker-src 'self' static.kingslandfestival.nl; manifest-src 'self' static.kingslandfestival.nl; prefetch-src 'self' static.kingslandfestival.nl; frame-ancestors 'none';  1
default-src 
	'self' 
	*.siad.com 
	*.thesiadgroup.com 
	*.siadmi.com 
	fast.fonts.net;
      manifest-src 
	'self';
      style-src 
	'self' 
	'unsafe-inline'
	https://fonts.googleapis.com 
	fast.fonts.net;
      script-src
	blob 
	'self' 
        'unsafe-inline'
        'unsafe-eval'
	fast.fonts.net 
	*.googleapis.com 
	www.google-analytics.com 
	www.googletagmanager.com
	*.analytics.google.com
	*.moatads.com
	snap.licdn.com
        *.cookiebot.com;
      img-src 
	'self' data: 
	*.siad.com 
	*.thesiadgroup.com 
	*.siadmi.com 
	*.googleapis.com 
	www.google-analytics.com 
	log.pinterest.com 
	*.gstatic.com 
	*.linkedin.com
	imgsct.cookiebot.com;
      media-src 
	'self'
       	www.youtube.com
	youtu.be;
      font-src 
	'self'
	https://fonts.gstatic.com 
	fast.fonts.net;
      frame-src 
	'self'
	www.youtube.com 
	assets.pinterest.com
	storage.googleapis.com
	www.google.com
	*.cookiebot.com;
      form-action 
	'self';
      frame-ancestors 
	'self';
      object-src 
	www.thesiadgroup.com 
	www.siad.com 
	www.siadmi.com;
      connect-src 
	'self' 
	cdn.linkedin.oribi.io 
	consentcdn.cookiebot.com
	*.google-analytics.com
	*.analytics.google.com;
      block-all-mixed-content;
      upgrade-insecure-requests;
    1
default-src 'self' http: https: data: blob: ws: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' http://metrika.yandex.ru http://metrika.yandex.by http://metrica.yandex.com http://metrica.yandex.com.tr https://metrika.yandex.ru https://metrika.yandex.by https://metrica.yandex.com https://metrica.yandex.com.tr http://webvisor.com http://*.webvisor.com https://webvisor.com https://*.webvisor.com https://*.hh.ru; 1
default-src 'self'; img-src 'self' https://w3.flatex.de data: https://res.cloudinary.com; font-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://w3.flatex.de; script-src 'self' 'unsafe-inline' https://responder.wt-safetag.com https://www.googletagmanager.com/; frame-src 'self' https://konto.flatex.de https://www.googletagmanager.com/ https://stock.flatexdegiro.com 1
default-src *;style-src * 'unsafe-inline';script-src * 'unsafe-inline' 'unsafe-eval';img-src * data:;worker-src 'self';font-src 'self' data:;object-src 'self';frame-ancestors 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://sites-rpc.vuturevx.com https://px.ads.linkedin.com https://snap.licdn.com https://code.jquery.com https://ajax.googleapis.com https://ssl.google-analytics.com https://www.youtube.com https://www.google.com https://bat.bing.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://connect.facebook.net https://platform.twitter.com https://code.jquery.com/jquery-2.1.4.min.js *.crazyegg.com *.amazonaws.com https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/; style-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://fonts.googleapis.com; img-src * data:; font-src 'self' data: https://fonts.gstatic.com https://fonts.typekit.net https://themes.googleusercontent.com; connect-src 'self' https://cdn.plyr.io *.crazyegg.com https://*.google-analytics.com https://*.analytics.google.com; child-src 'self' https://open.spotify.com/ https://player.pippa.io https://player.acast.com https://embed.acast.com https://sdn.sitecore.net https://www.youtube.com https://www.google.com https://accounts.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com/ https://cdn.yoshki.com https://player.vimeo.com https://consentcdn.cookiebot.com/; frame-ancestors 'self' https://www.slipcase.com https://marketplace.marsh.com https://open.spotify.com; 1
frame-ancestors https://adoptaclassroom-shop.herokuapp.com https://dashboard.adoptaclassroom.org https://adoptaclassroom.cs36.force.com https://qa-adoptaclassroom.cs36.force.com https://prep.shopbecker.com https://inte.shopbecker.com https://www.shopbecker.com https://bess01mstr2p65a3prod-slot.dxcloud.episerver.net 1
default-src 'self' blob: https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://static3.avast.com https://themes.googleusercontent.com https://stackpath.bootstrapcdn.com https://github.com https://s3-eu-west-1.amazonaws.com https://s3-ap-southeast-1.amazonaws.com https://s3-ap-northeast-1.amazonaws.com https://s3.amazonaws.com https://cdn.faceworks.nl https://abfcdn.azureedge.net https://fast.fonts.net https://cdn.ckeditor.com ; connect-src * data:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://cdnjs.cloudflare.com https://ajax.googleapis.com https://cdn.polyfill.io https://www.google-analytics.com https://code.jquery.com https://cdn.jsdelivr.net  https://www.google.com https://ssl.google-analytics.com https://www.google.nl https://stackpath.bootstrapcdn.com https://d3js.org https://www.google.com/jsapi https://ajax.microsoft.com  https://maps.googleapis.com https://www.ergo-webreporting.com https://www.googletagmanager.com https://ajax.aspnetcdn.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com https://siteimproveanalytics.com https://www.google-analytics.com/analytics.js https://s3-us-west-2.amazonaws.com/s.cdpn.io/81395/CustomEase.min.js https://cdn.datatables.net https://www.googletagmanager.com/gtm.js https://abfcdn.azureedge.net https://*.matomo.cloud https://cdn.ckeditor.com ; script-src-elem 'self' 'unsafe-inline' data: https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://ajax.googleapis.com/ https://cdnjs.cloudflare.com/ https://cdn.polyfill.io https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://d3js.org/  https://code.jquery.com https://cdn.jsdelivr.net https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://www.google.nl https://www.google.com https://ssl.google-analytics.com https://ajax.microsoft.com https://diyini.junasonuku.com https://data1.khorel.com https://platform.twitter.com https://cdn.syndication.twimg.com https://data1.fedjuh.com https://www.gstatic.com https://nextextlink.com https://d3js.org https://www.google.com/jsapi https://*.quevi.nl https://maps.googleapis.com https://www.ergo-webreporting.com https://ajax.aspnetcdn.com https://siteimproveanalytics.com https://s3-us-west-2.amazonaws.com/s.cdpn.io/81395/CustomEase.min.js https://www.google-analytics.com/analytics.js https://cdn.datatables.net https://www.googletagmanager.com/gtm.js https://abfcdn.azureedge.net https://*.matomo.cloud https://cdn.ckeditor.com https://matomoabf.westeurope.cloudapp.azure.com ; style-src 'self' 'unsafe-inline' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://maxcdn.bootstrapcdn.com  https://cdn.jsdelivr.net https://fonts.googleapis.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://fonts.google.com https://www.google.com https://www.google.nl https://use.typekit.net https://p.typekit.net https://netdna.bootstrapcdn.com  https://hello.myfonts.net https://fonts.typotheque.com https://abfcdn.azureedge.net https://cdn-images.mailchimp.com https://cdn.ckeditor.com https://cdn.datatables.net https://code.jquery.com ;  style-src-elem 'self' 'unsafe-inline' https://*.datawonen.nl https://*.databank.nl https://*.incijfers.nl https://*.incijfers.be https://*.inzahlen.be https://*.inzahlen.de https://*.buurtmonitor.nl https://*.buurtmonitor.be https://*.abf.nl https://*.abfresearch.nl https://*.cijfersoverwonen.nl https://*.swing.eu https://*.infigures.com https://*.analysesysteem.nl https://*.woononderzoek.nl https://*.waterbenchmark.org https://*.wmo-monitor.nl https://*.linkincare.nl https://*.woningmarktmonitor.nl https://*.fontawesome.com https://*.quevi.nl https://ajax.googleapis.com https://fonts.googleapis.com https://fonts.google.com https://www.google.com/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com https://use.typekit.net https://p.typekit.net https://stackpath.bootstrapcdn.com https://cdn.jsdelivr.net https://platform.twitter.com https://ton.twimg.com https://hello.myfonts.net https://fonts.typotheque.com https://abfcdn.azureedge.net https://cdn-images.mailchimp.com https://cdn.ckeditor.com https://cdn.datatables.net https://code.jquery.com ; img-src * data: blob:; frame-src * data:; object-src * data:; report-uri https://api.abf.nl/api/cspreport 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MjcyODJkMjRmNTZjNDAwMjk4YjYyMzJhMjhlNDdmZTA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.hoewerktnederland.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.hoewerktnederland.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.hoewerktnederland.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self';font-src 'self' data:; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
frame-ancestors  'self'; default-src 'self'; script-src 'report-sample' 'strict-dynamic' 'nonce-snOPfPY21+eJN12O543ZTg=='; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com https://static.hsappstatic.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.hubapi.com https://cp.hubspot.com https://cta-service-cms2.hubspot.com https://forms.hubspot.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com; img-src 'self' https://7426526.fs1.hubspotusercontent-na1.net https://cubics.nl https://forms-na1.hsforms.com https://forms.hsforms.com https://no-cache.hubspot.com https://perf.hsforms.com https://px.ads.linkedin.com https://static.hsappstatic.net https://track.hubspot.com https://www.facebook.com; manifest-src 'self'; media-src 'self' https://7426526.fs1.hubspotusercontent-na1.net; report-uri https://63ecf8191110c9e871bfe66d.endpoint.csper.io/?v=4; worker-src 'none'; ; upgrade-insecure-requests; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com http://*.google-analytics.com https://*.google-analytics.com http://www.googletagmanager.com https://*.googletagmanager.com http://www.googleadservices.com https://www.googleadservices.com https://maps.googleapis.com https://googleads.g.doubleclick.net http://munchkin.marketo.net https://munchkin.marketo.net http://mktoresp.com https://cdnjs.cloudflare.com http://amplify.outbrain.com https://amplify.outbrain.com https://www.gstatic.com https://c.la1-c1cs-frf.salesforceliveagent.com *.salesforceliveagent.com https://phsgroup.whoson.com https://*.jquery.com *.pardot.com http://go.phs.co.uk https://tagmanager.google.com https://www.facebook.com https://connect.facebook.net bat.bing.com https://static.hotjar.com https://script.hotjar.com https://code.jquery.com http://phsgroup.whoson.com https://phsgroup.whoson.com https://tr.outbrain.com https://*.clarity.ms https://secure.leadforensics.com https://secure.vice4beek.com https://widget.trustpilot.com *.visualwebsiteoptimizer.com app.vwo.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://phsgroup.whoson.com https://maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css https://tagmanager.google.com https://phsgroup.whoson.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com;img-src 'self' https://www.google.com https://*.google-analytics.com http://*.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.uk https://maps.googleapis.com https://csi.gstatic.com https://maps.gstatic.com https://gtrk.s3.amazonaws.com https://s3.amazonaws.com https://www.gravatar.com https://dashboard.umbraco.org https://umbraco.tv https://our.umbraco.org http://amplifypixel.outbrain.com https://amplifypixel.outbrain.com http://tr.outbrain.com https://tr.outbrain.com https://phscorporateproduction.blob.core.windows.net *.salesforceliveagent.com *.force.com https://googleads.g.doubleclick.net https://phsgroup.whoson.com data: bat.bing.com https://www.facebook.com https://script.hotjar.com https://secure.vice4beek.com https://c.clarity.ms/c.gif https://*.googletagmanager.com https://c.bing.com/c.gif *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com;frame-src 'self' https://www.youtube-nocookie.com https://www.youtube.com https://bid.g.doubleclick.net https://phsgroup.whoson.com https://www.google.com https://www.facebook.com https://vars.hotjar.com https://phsgroup.whoson.com https://widget.trustpilot.com td.doubleclick.net *.visualwebsiteoptimizer.com app.vwo.com;font-src 'self' https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com/font-awesome/ https://script.hotjar.com;connect-src 'self' http://975-hia-408.mktoresp.com https://our.umbraco.org https://my.phs.co.uk https://connect.facebook.net https://www.facebook.com bat.bing.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://stats.g.doubleclick.net https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://*.clarity.ms https://maps.googleapis.com https://*.hotjar.io https://idx.liadm.com https://region1.analytics.google.com *.visualwebsiteoptimizer.com app.vwo.com https://metrics.hotjar.io;report-uri /WebResource.axd?cspReport=true 1
script-src 'unsafe-inline' 'self' 1
base-uri 'self'; child-src www.youtube-nocookie.com https://www.google.com/recaptcha/ 'self' https://kustwacht.nl; connect-src 'self' kustwacht.matomo.cloud maps.googleapis.com; font-src 'self' fonts.gstatic.com use.fontawesome.com data:; script-src 'report-sample' 'self' 'unsafe-inline' cdn.matomo.cloud fonts.gstatic.com maps.googleapis.com cdn-eu.readspeaker.com www.youtube.com/iframe_api www.youtube.com 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'report-sample' 'self' 'unsafe-inline' cdn-eu.readspeaker.com fonts.googleapis.com use.fontawesome.com; img-src 'self' data: maps.gstatic.com maps.googleapis.com secure.gravatar.com; media-src 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'self'; default-src 'self'; 1
style-src 'self' 'unsafe-inline' 'unsafe-eval' cloudflare.com *.cloudflare.com google-analytics.com *.google-analytics.com zencdn.net *.zencdn.net cdn.jsdelivr.net googleapis.com *.googleapis.com bootstrapcdn.com *.bootstrapcdn.com datatables.net *.datatables.net *.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cloudflare.com *.cloudflare.com google-analytics.com *.google-analytics.com zencdn.net *.zencdn.net cdn.jsdelivr.net https://harvesthq.github.io/chosen/chosen.jquery.js googleapis.com *.googleapis.com googleadservices.com *.googleadservices.com ipay88.com.kh *.ipay88.com.kh doubleclick.net *.doubleclick.net facebook.net *.facebook.net yellowmessenger.com *.yellowmessenger.com googletagmanager.com *.googletagmanager.com licdn.com *.licdn.com tiktok.com *.tiktok.com bootstrapcdn.com *.bootstrapcdn.com datatables.net *.datatables.net *.youtube.com ssl-avd.innity.net https://avd.innity.net https://www.google.com/recaptcha/api.js https://www.gstatic.com https://checkout.payway.com.kh/plugins/checkout2-0.js https://checkout.payway.com.kh/plugins/cupertino-pane.js *.payway.com.kh https://harvesthq.github.io/chosen/chosen.jquery.js https://checkout.payway.com.kh/plugins/checkout.prod.js https://code.jquery.com/jquery-3.5.1.js https://avd.innity.net https://www.youtube.com; 1
default-src *.ctfassets.net 'self' blob:; connect-src * https: 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-src feed.pghub.io *.qualtrics.com *.tapad.com *.facebook.com *.google.com *.youtube.com *.youtube-nocookie.com https://dentalcare.corbusmediasolutions.com *.adsrvr.org 'self'; img-src www.googletagmanager.com *.google-analytics.com images.ctfassets.net *.ctfassets.net pixel.tapad.com *.qualtrics.com *.cookielaw.org *.facebook.com 'self' data: ; media-src videos.ctfassets.net *.ctfassets.net 'self'; script-src *.youtube.com *.qualtrics.com *.moatads.com pghub.io *.siteintercept.qualtrics.com *.google.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.crazyegg.com *.simpli.fi *.adsrvr.org *.cookielaw.org *.facebook.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com 'self' 'unsafe-inline'; worker-src 'self' blob:; 1
frame-ancestors 'self' app.buildfire.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-ZGYxNDQ2MWVhNDk1NDA2ZTg1Y2E3OWI4NWViZjFmNzI=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.onderwijsinspectie.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.onderwijsinspectie.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.onderwijsinspectie.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
child-src 'self' https://app.powerbi.com https://www.youtube.com https://www.facebook.com https://www.google.com https://stacc.ee https://public.tableau.com https://tableauapp.tehik.ee; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.reactandshare.com https://maxcdn.bootstrapcdn.com https://embed.tawk.to; object-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' https://connect.facebook.net https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://embed.tawk.to https://siteimproveanalytics.com https://www.gstatic.com https://cdn.reactandshare.com https://data.reactandshare.com https://unpkg.com https://static-v.tawk.to https://public.tableau.com https://tableauapp.tehik.ee https://s3.eu-north-1.amazonaws.com https://ajax.googleapis.com https://www.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io npmcdn.com; style-src 'self' 'unsafe-inline' 'report-sample' https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.reactandshare.com https://unpkg.com https://embed.tawk.to https://s3.eu-north-1.amazonaws.com https://translate.googleapis.com https://fonts.googleapis.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com npmcdn.com; worker-src 'self'; base-uri 'self'; form-action 'self' https://www.digilugu.ee/login https://www.facebook.com; frame-ancestors 'self'; report-uri https://tervisekassa.ee/report-uri/enforce; block-all-mixed-content 1
upgrade-insecure-requests; report-uri https://rswebsols.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline';frame-src 'self' 'unsafe-inline' mailto: tel: https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com https://welcome-c.iveco.com https://welcome.iveco.com https://rdap.lacnic.net https://13750033.fls.doubleclick.net *.fls.doubleclick.net *.doubleclick.net https://iveco.com.br https://maps.google.com https://c.contentsquare.net https://t.contentsquare.net https://cnhidcx.fra1.qualtrics.com https://www.facebook.com https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com  https://cpqr.ivecogroup.com https://cpqr.iveco.com  https://open.spotify.com  https://iveco.ubiest.com  https://tools.eurolandir.com  https://vimeo.com  https://www.youtube-nocookie.com  https://www.youtube.com https://player.vimeo.com https://www.stockexpert.it https://stockexpert.it https://www.google.com https://servizi2.message-asp.com;img-src 'self' 'unsafe-inline' https://welcome-c.iveco.com https://welcome.iveco.com https://cpqr-cert.iveco.com https://cpqr.iveco.com blob: https://purecatamphetamine.github.io *.contentsquare.net https://cpqr-cert.ivecogroup.com *.clarity.ms https://www.clarity.ms https://www.google.pl https://ad.doubleclick.net *.contentsquare.net https://l.contentsquare.net https://c.contentsquare.net https://maps.gstatic.com https://siteintercept.qualtrics.com https://maps.googleapis.com https://www.google-analytics.com https://px.ads.linkedin.com https://www.google.it https://px4.ads.linkedin.com https://www.facebook.com https://www.google.com  https://www.googletagmanager.com https://fra1.qualtrics.com  https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://tmpprod-eucompwaf010.azureedge.net data:;style-src 'self' 'unsafe-inline'  https://privacyportal-eu-cdn.onetrust.com https://fonts.googleapis.com;font-src 'self' 'unsafe-inline' data: https://privacyportal-eu-cdn.onetrust.com https://fonts.gstatic.com; upgrade-insecure-requests; block-all-mixed-content;script-src-elem 'self' 'unsafe-inline' https://www.clarity.ms https://s.go-mpulse.net https://www.googleadservices.com https://client.rum.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://c.contentsquare.net https://app.contentsquare.com https://t.contentsquare.net https://maps.googleapis.com https://snap.licdn.com https://connect.facebook.net  https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com   https://cpqr.iveco.com https://cpqr.ivecogroup.com  https://player.vimeo.com https://zn4pjepjt86sqmlks-fptindustrial.siteintercept.qualtrics.com  https://siteintercept.qualtrics.com https://privacyportal-eu-cdn.onetrust.com  https://zn4pjepjt86sqmlks-fptindustrial.siteintercept.qualtrics.com https://vimeo.com https://www.google-analytics.com https://www.youtube.com https://cdn.cookielaw.org https://www.google.com https://www.gstatic.com https://geolocation.onetrust.com https://www.googletagmanager.com https://static.site24x7rum.eu;connect-src 'self' 'unsafe-inline' https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com https://rdap.lacnic.net https://welcome-c.iveco.com https://welcome.iveco.com https://cpqr-cert.iveco.com https://cpqr.iveco.com https://dealerchatbothd-qual.iveco.com https://dealerchatbothd.iveco.com data: https://az-eu-sitec-app-p-020.azurewebsites.net *.clarity.ms https://www.clarity.ms https://westeurope-sandbox.ordercloud.io https://westeurope-production.ordercloud.io https://az-eu-sitec-app-c-010.azurewebsites.net https://adservice.google.com *.googlesyndication.com https://www.google.com https://api.ipify.org https://rdap.arin.net https://maps.googleapis.com https://rdap.db.ripe.net *.akstat.io https://c.go-mpulse.net https://analytics.google.com https://dataplane.rum.eu-central-1.amazonaws.com https://sts.eu-central-1.amazonaws.com https://cognito-identity.eu-central-1.amazonaws.com https://px.ads.linkedin.com https://13750033.fls.doubleclick.net *.fls.doubleclick.net *.doubleclick.net https://www.facebook.com *.contentsquare.net https://iveco.com.br https://privacyportal-de.onetrust.com/request/v1/consentreceipts https://c.contentsquare.net https://maps.googleapis.com https://region1.analytics.google.com https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com  https://cpqr.iveco.com https://cpqr.ivecogroup.com https://player.vimeo.com https://siteintercept.qualtrics.com https://privacyportal-eu-cdn.onetrust.com https://vimeo.com https://region1.google-analytics.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.google-analytics.com https://geolocation.onetrust.com https://col.site24x7rum.eu https://www.youtube.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com https://client.rum.us-east-1.amazonaws.com https://googleads.g.doubleclick.net https://player.vimeo.com https://t.contentsquare.net https://app.contentsquare.com https://maps.googleapis.com   https://zn83cl4nnfiqpbp4o-cnhidcx.siteintercept.qualtrics.com   https://cpqr.iveco.com https://cpqr.ivecogroup.com https://charts3.equitystory.com https://cdn.cookielaw.org https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://geolocation.onetrust.com https://www.youtube.com; child-src blob:; worker-src blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://global.oktacdn.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://*.go-mpulse.net https://*.ltcfeds.com https://code.jquery.com; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.youtube.com https://www.google-analytics.com https://*.ltcfeds.com https://code.jquery.com https://s.go-mpulse.net; default-src 'self' https://www.youtube.com https://www.google-analytics.com ; img-src 'self' https://global.oktacdn.com/ https://www.google-analytics.com https://www.googletagmanager.com https://*.ltcfeds.com https://*.akstat.io https://*.cludo.com; frame-src youtube.com www.youtube.com; frame-ancestors youtube.com www.youtube.com; connect-src https://fedpoint-fltcip-nonprd.oktapreview.com https://fedpoint-fltcip.okta.com https://www.google-analytics.com https://*.akstat.io https://*.go-mpulse.net https://*.cludo.com https://*.ltcfeds.com; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; object-src 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
frame-ancestors 'self' https://open.spotify.com/ 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MWQ2Njc5NTM5YmZhNGE5MGJiYTQyOWE4YmM0ZGY2ZDY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.dwangindezorg.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.dwangindezorg.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.dwangindezorg.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' www.google.com www.googletagmanager.com storage.googleapis.com www.youtube.com secure.livechatinc.com *.stripe.com truevalue.fisherprinting.net ezadtv.app.ezai.io; connect-src 'self' *.facebook.com www.googletagmanager.com www.google-analytics.com api.ezai.io analytics.google.com vc.hotjar.io wss://ws.hotjar.com content.hotjar.io truevalue.fisherprinting.net api.livechatinc.com; font-src * data:; img-src * data:; script-src * connect.facebook.net 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' *.fontawesome.com www.google-analytics.com *.doubleclick.net *.google.com 'unsafe-inline' 'unsafe-eval'; style-src-elem 'self' cdn.jsdelivr.net 'unsafe-inline'; script-src-elem 'self' cdn.jsdelivr.net *.fontawesome.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline'; img-src 'self' www.google-analytics.com *.doubleclick.net data: ; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self' *.intuit.com intuit.com *.quickbooks.com quickbooks.com *.square.com square.com *.squareupstaging.com squareupstaging.com *.squareup.com squareup.com *.bambee.com bambee.com *.gusto.com gusto.com *.netsuite.com netsuite.com *.dripos.com dripos.com *.enkempass.com enkempass.com *.miter.com miter.com *.eddy.com eddy.com *.housecallpro.com housecallpro.com *.monograph.com monograph.com *.joinwarp.com joinwarp.com *.central.inc central.inc *.7shifts.com 7shifts.com *.belfrysoftware.com belfrysoftware.com *.plane.com plane.com *.tryplayground.com tryplayground.com *.getthera.com getthera.com *.keka.com *.kekad.com *.kekauat.com *.kekastage.com *.kekademo.com *platform.lumberfi.com *.admin.lumberfi.com admin.lumberfi.com *.checkhq.com checkhq.com; script-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://simplyinsured.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline';script-src 'self' cdnjs.cloudflare.com consent.cookiebot.com consentcdn.cookiebot.com i.icomoon.io rum-static.pingdom.net www.google.com www.gstatic.com webchat.digitalcx.com *.googletagmanager.com www.instagram.com 'unsafe-eval' 'unsafe-inline';style-src 'self' fonts.googleapis.com 'unsafe-inline';connect-src 'self' contentanalyzer.azurewebsites.net consentcdn.cookiebot.com rum-static.pingdom.net rum-collector-2.pingdom.net i.icomoon.io cxcomlive-webconvwa-weu.azurewebsites.net wss://cxcomlive-webconvwa-weu.azurewebsites.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com;font-src 'self' data: fonts.gstatic.com www.cm.com;form-action 'self' accounts.google.com;img-src 'self' data: imgsct.cookiebot.com *.google-analytics.com *.googletagmanager.com p-noc-teamnl-teamnl-weu-cdn-teamnl-website10.azureedge.net prod-teamnl10.infocaster-cloud.net www.teamnl.org teamnl.org;frame-ancestors 'self';frame-src * 1
default-src https: 'unsafe-inline' object-src data: 'unsafe-eval' 1
default-src 'none'; img-src * data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.cloudflare.com https://*.jquery.com https://*.bootstrapcdn.com https://*.pagescdn.com https://*.optimizely.com https://*.amazonaws.com https://*.adobedtm.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.facebook.net https://*.googleadservices.com https://*.sitescdn.net https://*.livechatinc.com https://*.demdex.net https://*.addthis.com https://*.addthisedge.com https://*.pinterest.com https://*.en25.com https://*.datadoghq-browser-agent.com https://optimize.google.com https://*.rlets.com https://*.reachlocallivechat.com https://reachlocallivechat.com about://*.reachlocallivechat.com https://*.cloudfront.net https://*.cloudflareinsights.com https://*.broadly.com https://web-2-tel.com https://*.hotjar.com https://*.btttag.com https://*.bing.com https://*.doubleclick.net https://*.thinkingchat.com https://*.here.com blob: https://*.stackadapt.com https://*.simpli.fi https://*.pinimg.com https://*.yimg.com https://*.adroll.com https://*.adsrvr.org https://*.scorpion.co https://*.stripe.com https://*.twilio.com wss://*.twilio.com https://*.gstatic.com https://*.liadm.com https://*.brandcdn.com https://*.cloudfunctions.net https://*.callrail.com https://*.web-2-tel.com https://*.licdn.com https://*.convertexperiments.com https://*.outlook.com https://*.hibu.com https://*.natpal.com https://*.servicetitan.com https://*.calltrk.com https://*.yahoo.com https://*.clickcease.com https://rainbowrestores.com https://*.kickfire.com https://*.jsdelivr.net; style-src 'self' 'unsafe-inline' auth.iws-hybrid.trendmicro.com 'self' 'unsafe-inline' https://*.googleapis.com https://*.bootstrapcdn.com https://*.cloudflare.com https://*.typekit.net https://*.jquery.com https://*.sitescdn.net https://optimize.google.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.scorpion.co https://*.twilio.com blob: https://rainbowrestores.com https://*.jsdelivr.net; object-src 'none'; connect-src auth.iws-hybrid.trendmicro.com https://*.google.com https://*.liadm.com https://*.googleadservices.com https://*.nblyprod.com https://*.googleapis.com https://*.pagescdn.com https://*.demdex.net https://*.livechatinc.com https://*.neighborly.com https://*.crownpeak.net https://*.addthis.com https://*.yext.com https://*.b2clogin.com https://*.dwyergroup.com https://*.broadly.com https://*.amazonaws.com https://*.google-analytics.com https://*.facebook.net https://*.gannettdigital.com https://*.browser-intake-datadoghq.com https://optimize.google.com https://*.reachlocalservices.com https://*.rlets.com https://reachlocallivechat.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.hotjar.io/ wss://reachlocallivechat.com https://*.web-2-tel.com wss://*.hotjar.com https://*.simpli.fi https://*.adroll.com https://*.oribi.io https://*.here.com https://*.hereapi.com https://*.stackadapt.com https://*.yimg.com https://*.pinterest.com https://*.scorpion.co https://*.btttag.com https://*.twilio.com wss://*.twilio.com https://*.doubleclick.net https://*.bing.com blob: https://*.cloudfunctions.net https://*.callrail.com https://*.convertexperiments.com https://*.googlesyndication.com https://*.natpal.com https://*.linkedin.com https://*.natpal.com https://*.servicetitan.com https://*.calltrk.com https://*.yahoo.com https://*.clickcease.com https://rainbowrestores.com https://*.localiq.com https://*.google.co.in https://browser-intake-datadoghq.com; font-src auth.iws-hybrid.trendmicro.com https://*.nblyprod.com https://*.typekit.net https://*.gstatic.com https://*.googleapis.com https://optimize.google.com https://reachlocallivechat.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.scorpion.co https://*.twilio.com blob: https://rainbowrestores.com; frame-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.mrrooter.com https://*.broadly.com https://*.cloudfront.net blob: https://rainbowrestores.com; manifest-src auth.iws-hybrid.trendmicro.com https://www.facebook.com https://*.rlets.com https://*.youtube.com https://*.livechatinc.com https://*.demdex.net/ https://*.addthis.com https://*.pagescdn.com https://*.amazonaws.com https://*.b2clogin.com https://optimize.google.com https://*.hotjar.com https://web-2-tel.com https://*.optimizely.com https://*.here.com https://*.hereapi.com https://*.doubleclick.net https://*.adsrvr.org https://*.pinterest.com https://*.stripe.com https://*.twilio.com https://*.nblyprod.com https://*.broadly.com https://*.cloudfront.net blob: https://rainbowrestores.com 1
default-src 'self'; connect-src 'self' piwik.micropayment.de wss://*.zopim.com *.zdassets.com; img-src 'self' 'unsafe-inline' data: pci.usd.de piwik.micropayment.de https://resources.micropayment.de/ *.zopim.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' piwik.micropayment.de 'unsafe-eval' *.zopim.com *.zdassets.com; font-src 'self' data: *.zopim.com; child-src 'self' piwik.micropayment.de *.youtube.com https://micropayment.jobs.personio.de/; frame-src 'self' piwik.micropayment.de *.youtube.com https://micropayment.jobs.personio.de/; frame-ancestors 'self' https://www.facebook.com/micropayment.GmbH 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-MzVjMDgyODItMDQyNS00MjljLWE4MDktM2E2OTczMjk5NjIw'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self';style-src 'self' 'nonce-QOlYr5k1Ls3VoNjVQLK5DWFc';script-src 'nonce-QOlYr5k1Ls3VoNjVQLK5DWFc';font-src 'none';object-src 'none';base-uri 'none';form-action 'self' https://www.google.com/search;require-trusted-types-for 'script';upgrade-insecure-requests;worker-src 'none';frame-ancestors 'self';report-to csp; report-uri https://b955d87f46a8787af6cdaec8f56047d8.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; frame-src *; font-src *; img-src * data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://s3.eu-central-1.amazonaws.com https://www.youtube-nocookie.com https://www.google.com;     script-src 'unsafe-inline' 'unsafe-eval' https://www.d-fine.com https://www.googletagmanager.com https://*.google-analytics.com https://static.dvinci-easy.com https://jobs.d-fine.com/;       font-src 'self'; style-src 'unsafe-inline' https://www.d-fine.com https://hello.myfonts.net https://assets.kununu.com https://static.dvinci-easy.com;      img-src 'self' https://www.d-fine.com https://assets.kununu.com https://*.google-analytics.com data:;         connect-src https://www.d-fine.com https://*.google-analytics.com https://jobs.d-fine.com https://*.doubleclick.net https://*.google-analytics.com 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' *.eworx.at *.google.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.googleadservices.com code.jquery.com *.facebook.com *.facebook.net *.zopim.com *.zendesk.com *.zdassets.com *.mailworx.info cdn.jsdelivr.net snap.licdn.com *.algolianet.com *.googleapis.com cdn.kiprotect.com *.hcaptcha.com hcaptcha.com *.lfeeder.com *.linkedin.oribi.io *.marketingsuite.info *.friendlycaptcha.eu; connect-src 'self' *.doubleclick.net *.google-analytics.com *.googleadservices.com *.zopim.com wss://*.zopim.com *.zendesk.com *.zdassets.com sys.mailworx.info *.facebook.com *.facebook.net *.gstatic.com *.eworx.at *.algolianet.com *.algolianet.net *.googleapis.com *.hcaptcha.com *.lfeeder.com *.linkedin.oribi.io *.friendlycaptcha.eu 1
frame-ancestors 'self' https://my.ultra-rouge.com/ 1
frame-ancestors 'self' twitter.com t.co *.cdn.optimizely.com;        block-all-mixed-content;        script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval'            https://cdn.jsdelivr.net https://*.siteintercept.qualtrics.com            https://*.ep-mimecast.ads-twitter.com https://*.everesttech.net            https://*.demdex.net https://analytics.twitter.com https://assets.juicer.io            https://assets.adobedtm.com https://cdn.curator.io https://content.linkedin.com            https://connect.facebook.net https://cdn.optimizely.com https://commerce.adobedtm.com            https://googletagmanager.com https://graph.facebook.com https://google-analytics.com            https://js.facebook.com https://kit.fontawesome.com https://maps.googleapis.com            https://maps.google.com https://nexus.ensighten.com https://play.vidyard.com            https://platform.linkedin.com https://siteintercept.qualtrics.com            https://static.ads-twitter.com https://static-exp1.licdn.com https://snap.licdn.com            https://script.hotjar.com https://unpkg.com https://static.hotjar.com            https://ssl.google-analytics.com https://t.co https://tagmanager.google.com            https://use.fontawesome.com https://use.typekit.net https://www.gstatic.com            https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com            https://notify.upsidedirect.com https://*.notify.upsidedirect.com            https://www.juicer.io        style-src 'self' 'report-sample' 'unsafe-inline' *.typekit.net *.fontawesome.com            *.licdn.com https://unpkg.com assets.juicer.io cdn.curator.io fonts.googleapis.com            platform.twitter.com tagmanager.google.com www.googletagmanager.com;        object-src 'none';        child-src 'self' https://play.vidyard.com *.youtube.com *.cloudfront.net            *.cdn.optimizely.com *.everesttech.net *.demdex.net www.google.com            vars.hotjar.com insight.adsrvr.org *.facebook.com connect.facebook.net            platform.twitter.com www.googletagmanager.com;        base-uri 'self';        form-action 'self' coxauto.iad1.qualtrics.com *.facebook.com *.twitter.com connect.facebook.net wpmudev.com;        worker-src 'self' data: blob;     1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: https://cdnjs.cloudflare.com https://cdn.skypack.dev https://cdn.jsdelivr.net https://rsms.me https://res.cloudinary.com https://api.cloudinary.com https://lh3.googleusercontent.com https://plausible.io *.amazonaws.com ws://localhost:4000; 1
default-src 'none'; img-src 'self' www.google-analytics.com ; script-src 'self' 'unsafe-inline' www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'none' 1
frame-src 'self' online.fliphtml5.com app.hubspot.com player.vimeo.com boards.greenhouse.io www.praetorian.com *.google.com *.youtube.com *.doubleclick.net *.twitter.com *.hsforms.com *.hsforms.net disqus.com *.vimeo.com vars.hotjar.com mlb.praetorian.com; frame-ancestors 'none';  1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' 1
base-uri 'none'; form-action 'self'; frame-ancestors 'self' https://www.tuev-hessen.de/ https://staging.tuev-hessen.de/ https://www.sustainability-blog.de/ https://staging.sustainability-blog.de/ https://www.tueh.de/ https://staging.tueh.de/ https://www.tuev-kids.de/ https://staging.tuev-kids.de/ https://www.tuev-club.de/ https://staging.tuev-club.de/ https://www.proficert.de/ https://staging.proficert.de/; frame-src 'self' https://accounts.google.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ https://player.vimeo.com/ https://newapp.etracker.com/ https://www.google.com/ https://www.tuev-hessen.de/ https://staging.tuev-hessen.de/ https://www.sustainability-blog.de/ https://staging.sustainability-blog.de/ https://www.tueh.de/ https://staging.tueh.de/ https://www.tuev-kids.de/ https://staging.tuev-kids.de/ https://www.tuev-club.de/ https://staging.tuev-club.de/ https://www.proficert.de/ https://staging.proficert.de/; object-src 'none'; 1
frame-ancestors 'self' http://canvas.avallain.net 1
default-src 'self' *.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/; base-uri 'none'; frame-src 'self' scone-pa.clients6.google.com www.google.com www.youtube.com *.yourprimer.com *.doubleclick.net apis.google.com optimize.google.com *.google.com *.yourprimer.com webapp-dot-gweb-learn10x.appspot.com services.google.com; img-src * data: blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ *.google.com gstatic.com/support/content/resources/prod/js/survey/survey_light_ltr.css *.googletagmanager.com tagmanager.google.com gstatic.com/uservoice/surveys/resources/prod/js/survey/survey_light_ltr.css https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.css; connect-src 'self' www.google-analytics.com apis.google.com cdn.ampproject.org *.google.com *.services.google.com *.gstatic.com gstatic.com *.doubleclick.net region1.google-analytics.com https://gweb-gwg-events.appspot.com/ https://maps.googleapis.com/ https://www.googleoptimize.com/ https://pagead2.googlesyndication.com/; frame-ancestors 'self'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com *.youtube.com youtube.com optimize.google.com *.googletagmanager.com apis.google.com *.googleadservices.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ *.googleapis.com *.google.com *.yourprimer.com *.ytimg.com *.gstatic.com https://www.googleoptimize.com/ https://www.gstatic.com/glue/cookienotificationbar/cookienotificationbar.min.js https://googleads.g.doubleclick.net/ https://pagead2.googlesyndication.com/; font-src 'self' themes.googleusercontent.com *.gstatic.com https://fonts.gstatic.com storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ fonts.googleapis.com; media-src 'self' storage.googleapis.com storage.googleapis.com/grow-with-goog-publish-prod-media/ 1
default-src 'self'; child-src 'self' https://*.youtube.com:* https://*.recaptcha.net:*; connect-src 'self' https://*.google-analytics.com:* https://cookie-cdn.cookiepro.com:* https://geolocation.onetrust.com:*; font-src 'self' https://*.gstatic.com:*; img-src 'self' https://*.google-analytics.com:* https://*.ytimg.com:* https://cookie-cdn.cookiepro.com:* data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-hashes' https://*.googletagmanager.com:* https://*.jquery.com:* https://*.google-analytics.com:* https://*.doubleclick.net:* https://*.google.com:* https://*.youtube.com:* https://*.recaptcha.net:* https://*.gstatic.com:* https://*.cookiepro.com:* https://cdn.jsdelivr.net:*; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-elem 'self' 'unsafe-inline' https://*.gstatic.com:* https://fonts.googleapis.com; frame-ancestors 'self'; report-uri https://www.financialpartners.com/report-uri/enforce 1
default-src 'self' *.google-analytics.com *.google.com *.google.com.tr *.facebook.com va.tawk.to embed.tawk.to *.googletagmanager.com;connect-src 'self' va.tawk.to analytics.google.com *.google-analytics.com stats.g.doubleclick.net;font-src fonts.gstatic.com data: www.fbu.edu.tr embed.tawk.to;style-src 'unsafe-inline' 'self' embed.tawk.to unpkg.com cdn.jsdelivr.net *.googleapis.com;script-src 'unsafe-inline' 'self' cdn.jsdelivr.net *.google-analytics.com googleads.g.doubleclick.net connect.facebook.net google-analytics.com embed.tawk.to cdnjs.cloudflare.com www.googletagmanager.com; 1
default-src 'self' 'unsafe-inline' https://*.hacienda.cl https://*.fontawesome.com https://unpkg.com https://*.instagram.com https://*.twitter.com https://*.gstatic.com https://*.googleapis.com https://*.google.com https://*.youtube.com https://*.linkedin.com https://*.jsdelivr.net https://*.google-analytics.com https://*.beta.hacienda.cl; script-src 'self' 'unsafe-inline' blob: data: https://*.hacienda.cl https://*.googletagmanager.com https://*.twitter.com https://*.instagram.com https://*.google.com https://*.gstatic.com https://*.jsdelivr.net; img-src 'self' data: https://*.hacienda.cl https://*.twitter.com 1
frame-ancestors 'self' https://www.myrasecurity.com https://myrasecurity.360learning.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.msecnd.net https://www.googletagmanager.com/; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://atlas.microsoft.com/ data:; img-src 'self' *.azureedge.net *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://github.com/ https://avatars.githubusercontent.com/ https://www.github.com/ https://github.keboo.dev.png/; media-src 'self' *.azureedge.net data: blob:; child-src 'self' blob: https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com; connect-src 'self' accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.visualstudio.com https://www.google-analytics.com/ https://atlas.microsoft.com/; 1
default-src 'self'; script-src 'report-sample' 'self' cdn.fashiola.com 'unsafe-eval' 'unsafe-inline' *.google-analytics.com/analytics.js https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://www.kleding.nl/cookies.js https://www.instagram.com/embed.js https://unpkg.com/web-vitals/dist/web-vitals.iife.js https://kit.fontawesome.com; style-src 'unsafe-inline' 'report-sample' 'self' cdn.fashiola.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://region1.analytics.google.com https://analytics.google.com *.google-analytics.com https://stats.g.doubleclick.net; font-src 'self' cdn.fashiola.com; frame-src 'self' https://www.google.com https://www.instagram.com/; img-src 'self' cdn.fashiola.com images.fashiola.com cdn.fashiola.com https://www.kleding.nl/cookies.gif *.google-analytics.com www.googletagmanager.com https://googleads.g.doubleclick.net https://region1.analytics.google.com https://www.google.com https://www.google.es; manifest-src 'self'; media-src 'self'; worker-src 'self'; 1
frame-ancestors 'self' http://*.olympus-ims.com http://*.olympus-lifescience.com *.olympus-ims.com *.olympus-lifescience.com www.olympusamerica.com *.aspiresoft.com *.ceros.com; 1
upgrade-insecure-requests; worker-src 'self' blob:; manifest-src 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://evershedssutherland.containers.piwik.pro/ https://siteimproveanalytics.com/ https://snap.licdn.com/ https://policy.cookiereports.com/ https://api.mapbox.com/ https://code.jquery.com/; style-src 'self' 'unsafe-inline'; img-src 'self' https://yoshki.com/ https://eversheds-sutherland.vuture.net/ https://es.vuturevx.com/ https://px.ads.linkedin.com/ https://px4.ads.linkedin.com/ https://10542.global.siteimproveanalytics.io/ https://api.mapbox.com/ data:; connect-src 'self' https://api.mapbox.com/ https://events.mapbox.com/ https://px.ads.linkedin.com/ https://evershedssutherland.piwik.pro/; font-src 'self'; media-src 'self' https://yoshki.com/ https://listen.eversheds-sutherland.com/; frame-src https://yoshki.com/ https://cdn.yoshki.com/ https://listen.eversheds-sutherland.com/ https://html5-player.libsyn.com/ https://scnem.com/ https://sites-eversheds-sutherland.vuture.net/ https://es-notifications.com/ https://email.es-notifications.com/ https://watch.eversheds-sutherland.com/ https://video.twentythree.com/; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://secure.data-creativecompany.com/ https://evershedssutherland.containers.piwik.pro/ https://siteimproveanalytics.com/ https://snap.licdn.com/ https://policy.cookiereports.com/ https://api.mapbox.com/; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data: ; frame-src *; frame-ancestors 'self' https://*.googleapis.com https://*.flyfisherman.com http://*.flyfisherman.com https://*.androidplatform.net https://*.twixlmedia.com/ http://*.twixlmedia.com https://us.content.twixlmedia.com https://*.akamaized.net http://*.akamaized.net https://*.osgnetworks.tv file://* filesystem:; 1
frame-ancestors 'self' *.sciquest.com *.cummins.com *.ariba.com http://search.roccommerce.com http://dev-search.roccommerce.net *.sonepar.com *.dominionelectric.com 1
default-src 'self' 'unsafe-inline' https: https://ikeafoundation.org; connect-src https:; font-src data: https:; img-src 'strict-dynamic' data: https: 'nonce-CMdhaUYUzRhHlRoFghXf7ef9cYXwZCmKQLoCk3SBciaSyIEgEex3ErH3DRIzR5eXHsDIMb6X09uLkbQToz75t0VRWZr6rdB7eoZ3qavkxvKRJTABSXKdr9ybOWeoD51k'; script-src 'self' 'unsafe-inline' https: https://ikeafoundation.org; style-src 'self' 'unsafe-inline' https: https://ikeafoundation.org 1
frame-ancestors www.greenvaluechains.com 1
frame-ancestors 'self' https://www.facebook.com 1
object-src 'none'; base-uri 'self'; default-src 'self'; script-src 'nonce-51EpO1jxPay9HNe6F3K0rJhh' *.sharethis.com www.google.com bcp.crwdcntrl.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.jsdelivr.net *.sharethis.com www.googletagmanager.com tagmanager.google.com cdnjs.cloudflare.com; connect-src 'self' about: *.sharethis.com bcp.crwdcntrl.net stats.g.doubleclick.net www.google-analytics.com cdn.cookielaw.org www.googletagmanager.com fonts.googleapis.com fonts.gstatic.com ampcid.google.com analytics.google.com *.onetrust.com api.raygun.io; frame-src 'self' *.sharethis.com *.pncpa.com www.google.com www.googletagmanager.com www.youtube.com www.youtube-nocookie.com; img-src 'self' data: blob: www.google-analytics.com ssl.google-analytics.com google-analytics.com www.google.com analytics.google.com fonts.gstatic.com cdn.cookielaw.org www.googletagmanager.com placehold.it placeholder.com www.placeholder.com optanon.blob.core.windows.net *.sharethis.com; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com; frame-ancestors 'self' pncpa.com *.pncpa.com; report-to raygun; report-uri https://report-to-api.raygun.com/reports?apikey=v3WNKju4jNDVDeJoUveQZQ 1
frame-ancestors 'self' https://app.storyblok.com/; object-src 'none' https://seal.digicert.com/; child-src https://www.youtube-nocookie.com https://securityall-8465d383d6c6cf616885062.freshchat.com/ https://td.doubleclick.net/ https://wwwnetworking4allcom.webpush.freshchat.com/ https://seal.digicert.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://*.ocbc.com https://*.citibank.com https://*.uobgroup.com https://*.arcot.com https://*.cardinalcommerce.com https://authentication.cardinalcommerce.com https://*.2c2p.com https://au-ecom-gr-hk.inchcapedigital.com https://static.inchcapedigital.com https://script.google.com https://api.apispreadsheets.com https://secure.quantserve.com https://rules.quantcount.com https://*.hotjar.com https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://snap.licdn.com https://vjs.zencdn.net https://embedsocial.com https://cdn.livechatinc.com https://api.livechatinc.com https://www.youtube.com https://au-ecom-gr-hk.inchcapedigital.com https://au-ecom-sit-hk.inchcapedigital.com https://au-ecom-uat-hk.inchcapedigital.com https://au-ecom-uat.inchcapedigital.com https://unpkg.com https://cdn.jsdelivr.net https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://www.google.co.in https://use.fontawesome.com https://*.optimizely.com https://optimizely.s3.amazonaws.com https://cdn-assets-prod.s3.amazonaws.com https://js.stripe.com https://maxcdn.bootstrapcdn.com https://*.pages.ubembed.com https://assets.ubembed.com https://*.js.ubembed.com  https://*.salesforceliveagent.com https://checkout.stripe.com https://c.la1-c1cs-par.salesforceliveagent.com https://cdn.syndication.twimg.com https://platform.twitter.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com 'unsafe-eval' https://googleads.g.doubleclick.net https://sp.analytics.yahoo.com https://www.googleadservices.com https://www.googletagmanager.com https://www.google-analytics.com https://*.addthis.com  https://connect.facebook.net https://ajax.googleapis.com https://z.moatads.com https://v1.addthisedge.com https://pixel.mathtag.com https://s.yimg.com https://tagmanager.google.com https://*.googletagmanager.com https://ssl.google-analytics.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://px.ads.linkedin.com https://*.ocbc.com https://*.citibank.com https://*.uobgroup.com https://*.arcot.com https://*.cardinalcommerce.com https://authentication.cardinalcommerce.com https://*.2c2p.com https://au-ecom-gr-hk.inchcapedigital.com https://content.hotjar.io/ https://ad.doubleclick.gtm.js/ https://tinyurl.com/ https://cdn.linkedin.oribi.io/ https://script.googleusercontent.com https://script.google.com https://api.apispreadsheets.com https://api-public.addthis.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com  https://au-ecom-gr-hk.inchcapedigital.com https://au-ecom-sit-hk.inchcapedigital.com https://au-ecom-uat-hk.inchcapedigital.com https://au-ecom-uat.inchcapedigital.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://developers.onemap.sg https://www.facebook.com https://logx.optimizely.com https://*.optimizely.com https://*.events.ubembed.com https://*.pages.ubembed.com https://checkout.stripe.com https://stats.g.doubleclick.net https://s.yimg.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; img-src 'self' blob: data: * https://script.hotjar.com http://script.hotjar.com https://optimize.google.com https://cdn.optimizely.com https://maps.googleapis.com https://maps.gstatic.com http://testground.me https://pixel.mediaiqdigital.com https://www.google.com https://www.google.co.in https://pixel.mathtag.com https://secure.adnxs.com https://www.google-analytics.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://googleads.g.doubleclick.net https://*.fls.doubleclick.net https://ad.doubleclick.net https://ade.googlesyndication.com; frame-src 'self' https://*.ocbc.com https://*.citibank.com https://*.uobgroup.com https://*.arcot.com https://*.cardinalcommerce.com https://authentication.cardinalcommerce.com https://*.2c2p.com https://au-ecom-gr-hk.inchcapedigital.com https://m.facebook.com https://*.hotjar.com  https://optimize.google.com https://embedsocial.com https://secure.livechatinc.com https://fb.watch https://js.stripe.com https://a15841360337.cdn.optimizely.com https://*.pages.ubembed.com https://my.matterport.com https://checkout.stripe.com https://web.facebook.com https://syndication.twitter.com https://platform.twitter.com https://www.youtube.com https://player.vimeo.com https://www.facebook.com https://*.addthis.com https://*.fls.doubleclick.net https://www.google.com https://pixel.mathtag.com https://bid.g.doubleclick.net https://td.doubleclick.net; style-src 'self' 'unsafe-inline' https://static.inchcapedigital.com https://optimize.google.com https://vjs.zencdn.net https://embedsocial.com https://unpkg.com https://au-ecom-gr-hk.inchcapedigital.com https://au-ecom-sit-hk.inchcapedigital.com https://au-ecom-uat-hk.inchcapedigital.com https://au-ecom-uat.inchcapedigital.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://checkout.stripe.com https://forms.borneomotors.com.sg https://ton.twimg.com https://platform.twitter.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://code.jquery.com https://fonts.googleapis.com https://tagmanager.google.com; font-src 'self' data: https://static.inchcapedigital.com http://script.hotjar.com https://script.hotjar.com https://vjs.zencdn.net https://fonts.googleapis.com  https://unpkg.com https://au-ecom-gr-hk.inchcapedigital.com https://au-ecom-sit-hk.inchcapedigital.com https://au-ecom-uat-hk.inchcapedigital.com https://au-ecom-uat.inchcapedigital.com https://au-ecom-sit.inchcapedigital.com https://au-ecom-gr.inchcapedigital.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://forms.borneomotors.com.sg https://maxcdn.bootstrapcdn.com; media-src *; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'none'; img-src 'self' blob: data: https://maps.gstatic.com https://maps.googleapis.com https://images.contentstack.io https://*.112.2o7.net https://*.eyemedvisioncare.com https://*.aetnavision.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://apps.mypurecloud.com https://maps.googleapis.com https://dhqbrvplips7x.cloudfront.net https://apps.mypurecloud.com https://assets.adobedtm.com https://*.eyemedvisioncare.com https://*.aetnavision.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.aetnavision.com; font-src 'self' https://fonts.gstatic.com https://*.aetnavision.com; connect-src 'self' https://maps.googleapis.com https://naccapi.luxnacc.com https://images.contentstack.io https://*.112.2o7.net https://widgets.hive.genesys.com https://iw-017-ind.us.caas.hosted-inin.com https://*.eyemedvisioncare.com; frame-src 'self' https://www.youtube.com https://*.eyemedvisioncare.com https://*.aetnavision.com; frame-ancestors 'self' https://*.eyemedvisioncare.com https://*.aetnavision.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' https://*.google.com/ https://*.google.ca/ https://cookie-cdn.cookiepro.com https://*.acuityplatform.com/ https://*.clarity.ms https://www.google-analytics.com/ https://*.doubleclick.net/ https://*.linkedin.com/ https://*.simplecast.com/ https://*.mapbox.com/ https://geolocation.onetrust.com/ https://*.googlesyndication.com https://*.jotform.com/ https://*.newrelic.com https://privacyportal.cookiepro.com/ https://cdnjs.cloudflare.com/ https://js.stripe.com/ https://www.facebook.com/ https://www.youtube.com/ https://maps.crisis24.com/ https://*.nr-data.net/ https://*.dayforcehcm.com/ https://*.bing.com/ https://*.facebook.net/ https://dev.visualwebsiteoptimizer.com/ https://*.garda.com/ https://*.pardot.com/ https://snap.licdn.com/ https://static.ads-twitter.com/ https://www.googletagmanager.com/ https://www.gstatic.com/ https://cookie-cdn.cookiepro.com/ https://ajax.cloudflare.com/ https://www.googleadservices.com/ data: https://t.co/ https://*.twitter.com/ https://pixel.tapad.com/ https://i.ytimg.com/ https://dsum-sec.casalemedia.com/ https://match.adsrvr.org/ blob:; manifest-src 'self'; media-src 'self'; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; report-uri https://crisis24.garda.com/report-uri/enforce 1
default-src 'self'; connect-src 'self' https://*.doubleclick.net https://*.g.doubleclick.net https://*.facebook.com https://*.hotjar.com:* https://*.onetrust.com https://*.pinterest.com https://*.teads.tv https://api.craftcms.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.linkedin.oribi.io https://dpm.demdex.net https://geolocation.onetrust.com https://ict.infinity-tracking.net https://privacyportal-eu.onetrust.com https://rbs.tt.omtrdc.net https://royalbankofscotland.112.2o7.net https://royalbankofscotland.d3.sc.omtrdc.net https://vc.hotjar.io:* https://widget.trustpilot.com https://www.google-analytics.com https://region1.analytics.google.com wss://*.hotjar.com; font-src 'self' data: https://*.typekit.net https://fonts.gstatic.com https://script.hotjar.com; frame-src 'self' https://*.doubleclick.net https://*.fls.doubleclick.net https://*.g.doubleclick.net https://www.payitbynatwest.com https://*.pinterest.com https://*.teads.tv https://*.tylbynatwest.com https://insight.adsrvr.org https://js.stripe.com https://match.adsrvr.org https://rbs.demdex.net https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' 'unsafe-inline' data: https://*.everesttech.net https://*.doubleclick.net https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.pinterest.com https://*.teads.tv https://*.tylbynatwest.com https://analytics.twitter.com https://bat.bing.com https://cdn.cookielaw.org https://dc.ads.linkedin.com https://dpm.demdex.net https://emailsignature.trustpilot.com https://i.ytimg.com https://pluginicons.craft-cdn.com https://px.ads.linkedin.com https://royalbankofscotland.112.2o7.net https://royalbankofscotland.d3.sc.omtrdc.net https://script.hotjar.com https://ssl.gstatic.com https://t.co https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com https://flask.nextdoor.com https://flask.uk.nextdoor.com; object-src 'none'; frame-ancestors 'self' https://www.tylbynatwest.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.g.doubleclick.net https://*.salesforceliveagent.com https://*.tylbynatwest.com https://analytics.twitter.com/ https://assets.adobedtm.com https://bat.bing.com https://cdn.cookielaw.org https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://d3js.org https://ict.infinity-tracking.net https://js.adsrvr.org https://js.stripe.com https://platform.twitter.com https://s.pinimg.com https://s.ytimg.com/ https://script.hotjar.com https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://tagmanager.google.com https://unpkg.com https://widget.trustpilot.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com/recaptcha/ https://www.youtube.com https://p.teads.tv https://ads.nextdoor.com; style-src 'self' 'unsafe-inline' https://*.tylbynatwest.com https://*.typekit.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://tagmanager.google.com; 1
base-uri 'self';child-src 'self' *.pipedream.com www.youtube.com player.vimeo.com fast.wistia.net blob:;connect-src 'self' *.pipedream.com *.m.pipedream.net wss://*.pipedream.com *.fullstory.com api.cloudinary.com o210198.ingest.sentry.io https://browser-intake-datadoghq.com www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect https://api.s.pipedream.net https://cdn.s.pipedream.net https://tally.so https://*.algolia.net *.google.com https://stats.g.doubleclick.net pagead2.googlesyndication.com *.intercom.io wss://*.intercom.io https://api.getrewardful.com https://pipedream-production-workflow-attachments.s3.amazonaws.com https://pipedream-files-production.s3.amazonaws.com https://pipedream-files-makedev.s3.amazonaws.com;default-src 'none';font-src 'self' *.pipedream.com data: fonts.gstatic.com https://fonts.intercomcdn.com;frame-src 'self' *.pipedream.com https://www.youtube.com/ www.googletagmanager.com https://js.stripe.com https://tally.so accounts.google.com *.doubleclick.net;img-src * data: blob:;media-src 'self' *.pipedream.com res.cloudinary.com https://js.intercomcdn.com;object-src 'self' data:;script-src 'self' *.pipedream.com 'nonce-059978165335766276' 'strict-dynamic' 'unsafe-eval' 'unsafe-inline' tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net google-analytics.com https://ssl.google-analytics.com www.google-analytics.com https://cdn.s.pipedream.net https://js.stripe.com https://tally.so accounts.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com;style-src 'self' *.pipedream.com 'unsafe-inline' tagmanager.google.com fonts.googleapis.com accounts.google.com;worker-src 'self' *.pipedream.com data: blob:;form-action 'none';frame-ancestors 'none';report-uri https://o210198.ingest.sentry.io/api/5660875/security/?sentry_key=97aa41261e6e462d93e454687a0d01f2&sentry_environment=production 1
frame-ancestors 'self' https://seekbeak.com https://th-ab.expo-ip.com https://www.profi4project.com https://kundenportal.pass-consulting.com https://mailings.pass-consulting.com https://media.pass-consulting.com; report-uri /report-csp/; 1
default-src 'self' https:; frame-src * 'self' data:;  script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src * data: 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://equestria.social; img-src 'self' https: data: blob: https://equestria.social; style-src 'self' https://equestria.social 'nonce-VrspeHy4+WwSPjozy4qZlQ=='; media-src 'self' https: data: https://equestria.social; frame-src 'self' https:; manifest-src 'self' https://equestria.social; form-action 'self'; child-src 'self' blob: https://equestria.social; worker-src 'self' blob: https://equestria.social; connect-src 'self' data: blob: https://equestria.social https://equestria.social wss://equestria.social; script-src 'self' https://equestria.social 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hscollectedforms.net static.addtoany.com *.google-analytics.com *.googletagmanager.com *.wistia.com js.hsforms.net www.youtube.com view.ceros.com static.sketchfab.com cdn.jsdelivr.net cdn.datatables.net neversettle.activehosted.com *.googleapis.com translate.google.com www.google.com www.gstatic.com www.gstatic.cn www.recaptcha.net connect.facebook.net cta-service-cms2.hubspot.com js.hscta.net use.typekit.net; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' data: *.googleapis.com code.jquery.com www.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com rgsharedweb.s3.amazonaws.com cdn.datatables.net unpkg.com fonts.googleapis.com use.typekit.net p.typekit.net; img-src 'self' data: blob: www.globusmedical.com *.analytics.google.com *.g.doubleclick.net code.jquery.com gravityforms.s3.amazonaws.com *.gstatic.com *.googleapis.com *.w.org *.wistia.com embedwistia-a.akamaihd.net *.hsforms.com track.hubspot.com *.google-analytics.com *.wpengine.com wpengine.com *.gravatar.com *.googletagmanager.com www.gstatic.com *.ytimg.com no-cache.hubspot.com perf.hsforms.com cdn2.hubspot.net forms.hscollectedforms.net cdn.datatables.net plugins.svn.wordpress.org *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat p.typekit.net; font-src 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com fast.wistia.com fonts.googleapis.com maxcdn.bootstrapcdn.com use.fontawesome.com cdn.jsdelivr.net use.typekit.net; connect-src 'self' translate.googleapis.com *.analytics.google.com *.googletagmanager.com *.wistia.com *.hscollectedforms.net js.hs-banner.com *.google-analytics.com *.g.doubleclick.net forms.hsforms.com maps.googleapis.com yoast.com my.wpengine.com *.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com fg8vvsvnieiv3ej16jby.litix.io stats.addtoany.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat performance.typekit.net; media-src 'self' blob: *.wistia.com embedwistia-a.akamaihd.net; object-src 'self' embed-fastly.wistia.com embedwistia-a.akamaihd.net; child-src static.addtoany.com view.ceros.com forms.hsforms.com www.youtube.com www.google.com; frame-src 'self' static.addtoany.com www.google.com view.ceros.com globusmedical.wistia.com fast.wistia.net fast.wistia.com forms.hsforms.com www.youtube.com www.youtube-nocookie.com www.brainshark.com www.recaptcha.net sketchfab.com static.hsappstatic.net app.hubspot.com api.wppopupmaker.com wp.freemius.com td.doubleclick.net; worker-src 'self' blob:; form-action 'self' forms.hsforms.com; report-uri https://98a67b2af6240837e6f706a6f03306ad.report-uri.com/r/d/csp/enforce 1
default-src 'self'  jsonip.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.eye-move.nl tiaramedia.eye-move.nl maxcdn.bootstrapcdn.com *.googleapis.com code.jquery.com gallery.mailchimp.com cdn-images.mailchimp.com mcusercontent.com cdnjs.cloudflare.com google.com www.google.com maps.google.com *.ggpht.com *.gstatic.com wurfl.io use.fontawesome.com opensource.keycdn.com via.placeholder.com www.interactievekavelkaart.nl cdn.rawgit.com vivantus.test data: 'unsafe-inline' 'unsafe-eval' jsonip.com cdn.jsdelivr.net 1
default-src 'self' https://code.jquery.com https://cdn.jsdelivr.net  https://*.google.com ; connect-src 'self' https://mc.yandex.ru ; img-src * data: ; font-src * data: ; media-src games.unite-gaming.com 'unsafe-inline' 'unsafe-eval' ; script-src * 'unsafe-inline' 'unsafe-eval' data: ; style-src 'self' https://fonts.googleapis.com  https://cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval' ; style-src-elem 'self' https://fonts.googleapis.com cdn.jsdelivr.net 'unsafe-inline' data:  1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.pinterest.com/ https://*.pinim.com https://*.pinimg.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.google.nl https://ajax.googleapis.com https://tagmanager.google.com https://tagmanager.google.com/debug/css.css https://www.googletagmanager.com https://www.google-analytics.com https://www.google-analytics.com/analytics.js https://www.google-analytics.com/plugins/ua/ec.js https://www.googleadservices.com https://googleads.g.doubleclick.net *.cookiebot.com *.youtube.com https://s.ytimg.com https://connect.facebook.net https://content.jwplatform.com https://ssl.p.jwpcdn.com *.hotjar.com *.hotjar.io https://stats.g.doubleclick.net https://snap.licdn.com/li.lms-analytics/ https://sc-static.net/scevent.min.js https://tr.snapchat.com https://www.youtube.com/iframe_api https://cdnjs.cloudflare.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://tagmanager.google.com https://ajax.googleapis.com https://cdnjs.cloudflare.com;img-src 'self' data: https://www.toegankelijkheidsverklaring.nl https://*.pinterest.com https://www.google.com https://www.google.nl *.google-analytics.com *.analytics.google.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://maps.gstatic.com https://stats.g.doubleclick.net https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://www.facebook.com https://storage.googleapis.com/storyteq/ https://jwpltx.com https://prd.jwpltx.com *.hotjar.com *.hotjar.io *.ads.linkedin.com https://www.linkedin.com https://p.adsymptotic.com https://tr.snapchat.com https://i.ytimg.com https://a.tile.openstreetmap.de https://b.tile.openstreetmap.de https://c.tile.openstreetmap.de https://assets.citynavigator.nl *.cookiebot.com https://assets.plaece.nl;media-src 'self' https://storage.googleapis.com/storyteq/;frame-src 'self' https://*.pinterest.com https://consentcdn.cookiebot.com https://www.google.com https://*.doubleclick.net https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com *.cookiebot.com https://staticxx.facebook.com https://www.facebook.com https://g.jwpsrv.com https://www.vvvzeeland.nl *.hotjar.com *.hotjar.io *.formdesk.com https://tr.snapchat.com https://live.netcamviewer.nl;font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com *.hotjar.com *.hotjar.io;connect-src 'self' https://*.pinterest.com/ https://api.storyteq.com https://ssl.p.jwpcdn.com https://graph.facebook.com https://www.facebook.com https://www.google.com *.google-analytics.com *.analytics.google.com https://*.googlesyndication.com https://*.doubleclick.net *.cookiebot.com/ https://maps.googleapis.com *.hotjar.com *.hotjar.io wss://*.hotjar.io wss://*.hotjar.com *.snapchat.com *.linkedin.com;base-uri 'self' 1
frame-ancestors *; upgrade-insecure-requests; default-src *; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' *; style-src 'report-sample' 'unsafe-inline' *; object-src *; frame-src *; child-src blob: *; img-src data: blob: *; font-src data: *; connect-src * about:; manifest-src *; base-uri *; form-action *; media-src *; prefetch-src *; worker-src blob: *; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-I7G1WMrplR_5V7ZeB-5KqA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com;               script-src 'self'  'nonce-oaVJirg8B54v2iBflWHJDpwGdPK5R4Z5Uq8lpCBZd78=' 'sha256-giaFkVB3ANno7jU2o5kGzefFHu7KTc6rTG3J/vD+HtA=' 'sha256-cVUcA8oZ5rtqaEhlP62hP1NOkpmAgdszEaBOWQRtqj8=' 'sha256-pY9SToIda/Cc/d4VfKs2VRSWGuA62KwnSD11+fr4Bmk=' google-analytics.com *.google-analytics.com googletagmanager.com *.googletagmanager.com;               style-src 'self'  'nonce-b5u5JJXhM9aA7pWD1i5b65rsg6S7XbE5LIiHRoBxRkM=' 'sha256-hEmIvhfy8NBwC1UFRQ6zHYZgQnUif4h6iwY6nz8uZ7A=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'sha256-ixVUGs3ai0rMA0pgIVBN0KVlYbQip7/5SGmnUwJPNqE=' 'sha256-MkaNpJWUARYGt9EnKKQaoQ4eTuCOUWOCWrviaQXFA+0=' 'sha256-ACHSEhmxKWLpd+d5Rd3UlTnV7wbG8unE0SwzWZS+ifE=' 'sha256-O/yx1yKCrdZVuiWd/nRRQ+uOvsdOvJ/gZyvfAuz/BJo=' *.typekit.net;              frame-src 'self' *.youtube.com;              font-src 'self' data: *.typekit.net;              img-src 'self' data: google-analytics.com *.google-analytics.com;              object-src 'self'; 1
frame-ancestors 'self'; default-src https://images.saasant.info https://cdn.saasant.info  www.facebook.com 'self' ; worker-src blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:https://www.saasant.com https://cdn.saasant.info *.convertexperiments.com  https://images.saasant.info https://cdn.saasant.info  https://images.saasant.info   *.clarity.ms *.omappapi.com *.omwpapi.com  *.woopra.com *.hotjar.com  consent.cookiefirst.com https://googleads.g.doubleclick.net https://analytics.google.com *.saasant.com https://js.stripe.com  https://cdnjs.cloudflare.com *.freshchat.com https://platform.twitter.com https://app.box.com  https://www.paypal.com  https://www.paypalobjects.com  https://www.googleadservices.com https://www.googletagmanager.com *.doubleclick.net  https://cdn.jsdelivr.net  www.facebook.com  https://embed.tawk.to  https://bam.nr-data.net  https://js-agent.newrelic.com  https://apis.google.com  https://www.gstatic.com https://appcenter.intuit.com https://www.google.com https://www.google-analytics.com https://ajax.googleapis.com  http://local.saasant.com; img-src https://cdn.saasant.info  https://images.saasant.info *.omappapi.com *.convertexperiments.com *.omwpapi.com *.clarity.ms consent.cookiefirst.com https://www.google.com/ads https://analytics.google.com https://www.google.com/pagead/* 'self' *.saasant.com *.doubleclick.net https://cdn.jsdelivr.net/  https://www.sandbox.paypal.com https://www.paypal.com  https://www.google.com https://www.google.co.in  https://*.tawk.to  ssl.comodo.com  https://appcenter.intuit.com https://www.google-analytics.com https://www.sandbox.paypal.com https://www.paypal.com http://local.saasant.com  https://ssl.gstatic.com  data:; style-src 'self' 'unsafe-inline' https://cdn.saasant.info  https://images.saasant.info  *.omappapi.com  *.omwpapi.com  consent.cookiefirst.com *.freshchat.com  https://cdn.jsdelivr.net  https://fonts.googleapis.com  https://appcenter.intuit.com http://local.saasant.com ; font-src 'self' https://cdn.saasant.info  https://images.saasant.info *.omappapi.com *.omwpapi.com https://static-v.tawk.to  https://fonts.gstatic.com  data:; frame-src 'self' https://www.chatbase.co *.hotjar.com  *.freshchat.com https://js.stripe.com/  https://app.box.com/  https://*.facebook.com https://www.sandbox.paypal.com/ https://www.paypal.com/  https://*.tawk.to  https://mp.liferay.com  https://www.google.com https://youtu.be https://www.youtube.com ; connect-src 'self'  https://transactions.saasant.com https://cdn.saasant.info *.convertexperiments.com https://images.saasant.info  *.saasant.com desktop.saasant.com  *.clarity.ms *.cookiefirst.com *.omappapi.com *.omwpapi.com https://consent.cookiefirst.com https://api.cookiefirst.com static.cookiefirst.com https://saasant.com https://stats.g.doubleclick.net https://analytics.google.com *.doubleclick.net https://www.paypal.com  wss://*.tawk.to https://*.tawk.to https://ssl.google-analytics.com https://appcenter.intuit.com https://local.saasant.com https://www.google.com https://www.google-analytics.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src 'self' https://www.google.com/ https://www.google.com/recaptcha/ 1
frame-ancestors https://identity.jeeveslms.nl 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.matomo.cloud  https://cdn.facil-iti.app https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.jsdelivr.net mdbootstrap.com https://www.googletagmanager.com https://ws.facil-iti.com https://www.google-analytics.com; script-src-elem 'self' https://cdn.matomo.cloud  https://cdn.facil-iti.app https://geolocation.onetrust.com https://cdn.cookielaw.org https://www.googletagmanager.com https://ws.facil-iti.com https://www.google-analytics.com https://cdn.jsdelivr.net mdbootstrap.com 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com mdbootstrap.com use.fontawesome.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com mdbootstrap.com use.fontawesome.com 'unsafe-inline'; frame-ancestors 'self'; report-uri https://groupe-rocher.com/report-uri/reportOnly 1
connect-src 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://media-eu.readspeaker.com https://vttts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com wss://*.hotjar.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com https://*.hotjar.io; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com; img-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com https://*.googletagmanager.com https://*.google-analytics.com https://ssl.gstatic.com https://www.gstatic.com data: https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; script-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com 'unsafe-eval' 'unsafe-inline' data: https://static.hotjar.com https://script.hotjar.com 'report-sample'; style-src 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' data: https://static.hotjar.com https://script.hotjar.com 'report-sample'; frame-ancestors 'self' https://*.dash.simplyadmire.com https://dash.docker https://localhost:8080 https://www.dijkenwaard.nl https://www.heerhugowaard.nl; object-src 'self' https://youtube.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com data: https://script.hotjar.com; report-to csp; child-src 'self' blob:; default-src 'self'; style-src-attr 'self' https://cdn-eu.readspeaker.com https://youtube.com https://www.youtube.com https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline' data: 'report-sample'; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-CEIpymW/rCv5ln55+O6X7rVVcIXKohGdgzSU9r10TKDBEqsg' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
frame-ancestors http://sass.clumio.com/ 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-mcuzXVWBRf7t4627Ko3LrxKzdw4PkJuN4TodkIG+wvCsq3Kr' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.visitors.live wss://realtime.luckyorange.com wss://in.visitors.live https://*.googleapis.com https://*.luckyorange.com https://*.google-analytics.com https://*.paypal.com https://*.ashtangayoga.info https://*.facebook.com https://*.google.de https://*.google.com https://*.ampproject.org https://*.doubleclick.net wss://localhost:3000 https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://*.ashtangayoga.info https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://tools.luckyorange.com https://*.privacypolicies.com https://*.paypal.com https://*.ashtangayoga.info https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://www.google-analytics.com https://*.googleapis.com https://connect.facebook.net https://*.twitter.com https://static.ads-twitter.com https://*.ampproject.org; font-src 'self' https://cdn.jsdelivr.net https://*.ashtangayoga.info https://*.bootstrapcdn.com https://fonts.gstatic.com data:; object-src 'self'; img-src 'self' 'unsafe-inline' data: blob: https://webapps.ashtangayoga.info https://*.paypal.com https://*.ashtangayoga.info/ https://*.doubleclick.net https://*.vimeocdn.com https://i.ytimg.com https://www.google-analytics.com https://www.google.com https://www.google.de https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://*.googleusercontent.com https://www.facebook.com https://t.co https://*.twimg.com https://www.gravatar.com https://shop.ashtangayoga.info; frame-src 'self' https://*.ashtangayoga.info https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://*.facebook.com https://*.vimeo.com https://*.vimeocdn.com https://*.paypal.com https://w.soundcloud.com/ https://yogaeasy.de https://www.yogaeasy.de/ https://ashtanga.yogaeasy.de/; worker-src 'self' blob:; 1
frame-ancestors 'self' https://*.force.com https://janssencarepath--cnx.vf.force.com https://janssencarepath.lightning.force.com https://janssencarepath.my.salesforce.com 1
default-src https: wss://*.hotjar.com wss://*.adobe.io wss://*.adoberesources.net *.adobe.io *.adoberesources.net *.typekit.net wss://*.zohopublic.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src data: https: 'unsafe-inline'; font-src data: https: 'unsafe-inline';frame-ancestors 'self'; object-src 'none'; upgrade-insecure-requests; 1
frame-ancestors https://bookingdemo.housemaster.com 1
default-src 'self' ka-f.fontawesome.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.gstatic.com connect.facebook.net *.doubleclick.net *.linkedin.com *.licdn.com *.criteo.com *.criteo.net kit.fontawesome.com consent.cookiebot.com consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com; img-src 'self' data: *.google.com *.gwallet.com *.googleapis.com *.gstatic.com *.google-analytics.com *.google.it *.googletagmanager.com *.doubleclick.net hicmobile.go2cloud.org track.hicmobile.com www.facebook.com imgsct.cookiebot.com; frame-src 'self' *.google.com *.youtube.com *.doubleclick.net *.amazon-adsystem.com *.elegantthemes.com *.yousign.com *.criteo.com www.facebook.com consentcdn.cookiebot.com; font-src 'self' data: fonts.gstatic.com ka-f.fontawesome.com; connect-src 'self' *.googleapis.com *.google-analytics.com ka-f.fontawesome.com www.facebook.com *.doubleclick.net consentcdn.cookiebot.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' terviseamet.ee *.terviseamet.ee *.google.com *.tableau.com *.highcharts.com talendipank.ee www.googletagmanager.com siteimproveanalytics.com *.google-analytics.com lugeja.e-tervis.ee lugeja.e-tervis.ee *.addthisedge.com *.moatads.com *.gstatic.com *.addthis.com *.cloudflare.com tableauapp.tehik.ee 316eebot.boost.ai connect.facebook.net s7.addthis.com static.cloudflareinsights.com; style-src 'self' 'unsafe-inline' terviseamet.ee *.terviseamet.ee *.bootstrapcdn.com *.googleapis.com; img-src 'self' data: terviseamet.ee *.terviseamet.ee lugeja.e-tervis.ee ta.web.tehik.ee *.google-analytics.com *.siteimproveanalytics.io *.google.ee *.doubleclick.net *.google.com public.tableau.com tableauapp.tehik.ee i.ytimg.com www.gstatic.com m.addthis.com 6168367.global.siteimproveanalytics.io; frame-src 'self' www.youtube.com public.tableau.com docs.google.com *.addthis.com www.google.com tableauapp.tehik.ee *.vimeo.com kodu.ut.ee reoveekoroona.ut.ee; font-src 'self' terviseamet.ee *.terviseamet.ee *.bootstrapcdn.com *.gstatic.com *.googleusercontent.com; connect-src 'self' 'unsafe-eval' 'unsafe-inline' terviseamet.ee *.terviseamet.ee www.google-analytics.com *.addthis.com *.doubleclick.net *.google-analytics.com; report-uri /et/report-csp-violation 1
default-src 'self' https:; connect-src 'self' https://api.mapbox.com/ https://a.tiles.mapbox.com/ http://a.tiles.mapbox.com/ https://b.tiles.mapbox.com/ https://events.mapbox.com/ https://api.mazemap.com/ https://tiles.mazemap.com/ https://search.mazemap.com/ https://api.gobistories.com/ https://res.cloudinary.com/gobi-technologies-as/image/upload/ https://res.cloudinary.com/gobi-technologies-as/video/upload/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://*.googletagmanager.com/ https://*.google.com/ https://*.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://*.hotjar.io/ https://*.hotjar.com/ wss://*.hotjar.com/ https://*.snapchat.com/ https://www.facebook.com/ https://contentassistant.eu.siteimprove.com/cms/ https://id.eu.siteimprove.com/connect/authorize/ https://*.ingest.sentry.io/api/ https://www.google-analytics.com https://www.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com/ https://api.mapbox.com/ https://api.mazemap.com/ https://script.hotjar.com/; frame-src 'self' https://iframe.hivolda.no/ https://hivolda.instructuremedia.com/embed/ https://www.youtube.com/ http://www.youtube.com/ https://www.youtube-nocookie.com/embed/ https://studietesten.no/ https://use.mazemap.com/ https://embed.acast.com/ https://player.vimeo.com/ https://docs.google.com/presentation/ https://vars.hotjar.com/ https://*.snapchat.com/ https://www.instagram.com/ https://hivolda.cloud.panopto.eu/ https://issuu.com/sivolda/docs/ https://create.plandisc.com/ https://www.tiktok.com/embed/ https://if-cdn.com/ https://outlook.office365.com/owa/calendar/ https://contentassistant.eu.siteimprove.com/Cms/ https://e.issuu.com/; img-src 'self' https: data: blob: http://api.mapbox.com/ http://a.tiles.mapbox.com/; media-src 'self' blob:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://hivolda.devz.no/ http://api.mapbox.com/mapbox.js/v3.1.1/mapbox.js https://cdn.plyr.io/3.6.2/plyr.js http://cdn.plyr.io/3.6.2/plyr.js https://unpkg.com/%40gobistories/gobi-web-integration%40%5E6.11.1 https://www.youtube.com/iframe_api/ https://www.youtube.com/s/player/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://tagmanager.google.com/ https://script.hotjar.com/ https://static.hotjar.com/ https://siteimproveanalytics.com/ https://track.adform.net/ https://s2.adform.net/ https://sc-static.net/ https://connect.facebook.net/ https://e.issuu.com/embed.js https://api.mapbox.com https://api.mazemap.com https://assets.pinterest.com https://cdn.jsdelivr.net https://cdn.plyr.io https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://github.com https://polyfill.io https://unpkg.com platform.instagram.com platform.twitter.com; script-src-elem 'self' 'unsafe-inline' http://api.mapbox.com/ https://cdn.plyr.io/3.6.2/plyr.js http://cdn.plyr.io/3.6.2/plyr.js https://unpkg.com/%40gobistories/gobi-web-integration%40%5E6.11.1 https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://*.googletagmanager.com/ https://*.google-analytics.com/ https://script.hotjar.com/ https://static.hotjar.com/ http://siteimproveanalytics.com/js/siteanalyze_6000491.js https://track.adform.net/serving/scripts/trackpoint/async/ https://track.adform.net/Serving/TrackPoint/ https://s2.adform.net/banners/scripts/st/trackpoint-async.js https://sc-static.net/ https://connect.facebook.net/ https://www.instagram.com/ https://*.snapchat.com/ https://www.tiktok.com/embed.js https://lf16-tiktok-web.ttwstatic.com/ https://if-cdn.com/ https://e.issuu.com/embed.js https://api.mapbox.com https://api.mazemap.com https://assets.pinterest.com https://cdn.jsdelivr.net https://cdn.plyr.io https://cdn.siteimprove.net https://cdnjs.cloudflare.com https://github.com https://polyfill.io https://unpkg.com platform.instagram.com platform.twitter.com; style-src 'self' 'unsafe-inline' http://api.mapbox.com/mapbox.js/v3.1.1/mapbox.css https://fonts.googleapis.com/ https://tagmanager.google.com/ https://api.mapbox.com https://api.mazemap.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' http://api.mapbox.com/ https://lf16-tiktok-web.ttwstatic.com/ https://api.mapbox.com https://api.mazemap.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; worker-src 'self' blob: 1
default-src 'self' ka-p.fontawesome.com kit.fontawesome.com region1.google-analytics.com pagead2.googlesyndication.com api.omappapi.com www.facebook.com a.omappapi.com z.omappapi.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hsappstatic.net https://js-eu1.hsforms.net https://maps.googleapis.com https://widget.onlineafspraken.nl https://247tailorsteel.activehosted.com https://www.youtube.com https://www.gstatic.com https://www.google.com kit.fontawesome.com dev.visualwebsiteoptimizer.com www.googletagmanager.com a.omappapi.com snap.licdn.com connect.facebook.com unpkg.com static.hotjar.com api.ipify.org script.hotjar.com connect.facebook.net www.google-analytics.com ajax.googleapis.com/ajax/libs/jquery/;              style-src 'self' 'unsafe-inline' https://widget.onlineafspraken.nl https://fonts.googleapis.com a.omappapi.com ajax.googleapis.com/ajax/libs/jqueryui/;              img-src 'self' localhost data: https://forms-eu1.hsforms.com https://forms.hsforms.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://www.google.nl https://www.google.com dev.visualwebsiteoptimizer.com px.ads.linkedin.com www.facebook.com a.omappapi.com;              font-src 'self' https://widget.onlineafspraken.nl https://fonts.gstatic.com ka-p.fontawesome.com;              frame-src 'self' https://meetings-eu1.hubspot.com https://forms-eu1.hsforms.com zien360.online https://zien360.online sophia.247tailorsteel.com https://sophia.247tailorsteel.com cr.247tailorsteel.com https://cr.247tailorsteel.com google.com https://www.google.com youtube.com https://www.youtube.com facebook.com https://www.facebook.com;              frame-ancestors 'self' zien360.online https://zien360.online sophia.247tailorsteel.com https://sophia.247tailorsteel.com cr.247tailorsteel.com https://cr.247tailorsteel.com;              object-src 'none';              base-uri 'self';              connect-src 'self' https://hubspot-forms-static-embed-eu1.s3.amazonaws.com https://forms-eu1.hsforms.com https://maps.googleapis.com https://widget.onlineafspraken.nl https://cdn.jsdelivr.net https://code.jquery.com https://vc.hotjar.io https://stats.g.doubleclick.net https://metrics.hotjar.com https://www.google-analytics.com https://z.omappapi.com wss://ws.hotjar.com https://content.hotjar.io https://a.omappapi.com https://api.omappapi.com https://pagead2.googlesyndication.com https://region1.google-analytics.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://localhost https://cdn.linkedin.oribi.io 1
frame-ancestors 'self' http://ergo.slv.vic.gov.au http://alumni.slv.vic.gov.au http://burkeandwills.slv.vic.gov.au insideadog.com.au doubleclick.net; 1
default-src 'self' 'unsafe-inline' https://*.kornferry.com https://*.kornferry.eu https://*.kornferry.cn https://*.talentqgroup.com https://www.kfassessment.com https://*.kfassessment.com https://www.kfassessment.eu https://*.kfassessment.cn https://*.kornferry.cn https://*.kfassessment.eu https://*.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ https://www.gstatic.com https://fonts.googleapis.com https://cardinaldata.net https://hello.myfonts.net/count/3122c9 https://*.amazonaws.com; frame-ancestors 'self';img-src 'self' blob: https://*.kornferry.com https://*.kornferry.eu https://*.kornferry.cn https://*.talentqgroup.com https://www.kfassessment.com https://*.kfassessment.com https://www.kfassessment.eu https://*.kfassessment.cn https://*.kornferry.cn https://*.kfassessment.eu https://*.cloudfront.net https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ https://www.gstatic.com https://fonts.googleapis.com https://cardinaldata.net  https://*.amazonaws.com; 1
default-src 'self' 'unsafe-inline' https://www.megt.com.au  https://megt.jobreadygateway.com.au https://www.googletagmanager.com/*; script-src 'self' 'unsafe-inline' 'unsafe-eval' data https://www.megt.com.au https://*.happyfoxchat.com/*  https://megt.jobreadygateway.com.au https://www.googletagmanager.com/* *; object-src 'self' 'unsafe-inline' 'unsafe-eval' data https://www.megt.com.au https://*.happyfoxchat.com/* https://megt.jobreadygateway.com.au *; style-src 'self' 'unsafe-inline' 'unsafe-eval' data https://www.megt.com.au *; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: https://www.megt.com.au ; media-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.google.com https://tpc.googlesyndication.com https://www.googleadservices.com https://www.gstatic.com https://iframe.ly https://unpkg.com https://cdnjs.cloudflare.com *.google.com *.youtube.com *.googleapis.com *.sociablekit.com *.googletagmanager.com https://analytics.twitter.com https://bat.bing.com https://script.hotjar.com https://static.hotjar.com https://static.ads-twitter.com https://connect.facebook.net *.happyfoxchat.com https://www.google-analytics.com https://ssl.google-analytics.com *.clarity.ms *.licdn.com  https://megt.jobreadygateway.com.au; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.happyfoxchat.com/* https://www.megt.com.au https://megt.jobreadygateway.com.au https://www.googletagmanager.com/* *; frame-ancestors https://*.happyfoxchat.com/* https://megt.jobreadygateway.com.au; child-src https://*.happyfoxchat.com/* https://megt.jobreadygateway.com.au blob:; font-src 'self' 'unsafe-inline' https://www.megt.com.au *.googleusercontent.com/static/fonts/* https://megt.jobreadygateway.com.au *; connect-src 'self' 'unsafe-eval' https://*.happyfoxchat.com/* https://megt.jobreadygateway.com.au *; report-uri /report-csp-violation 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.arztnoe.at https://maps.googleapis.com/ https://www.youtube.com/; frame-ancestors 'self' *.dr-preissl.at; frame-src 'self' https://www.google.com/ https://www.youtube.com/; img-src 'self' data: https://maps.gstatic.com/ https://maps.googleapis.com/ *.arztnoe.at/; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' 'self' https://maps.googleapis.com/ https://stats.arztnoe.at/; style-src 'unsafe-inline' 'self'; worker-src blob:; child-src blob:; 1
script-src 'self' https: http://www.google-analytics.com http://www.googleadservices.com http://platform.linkedin.com http://cdn.pardot.com http://pi.pardot.com http://go.i4cp.com http://ajax.googleapis.com http://widget.surveymonkey.com 'unsafe-eval' 'unsafe-inline' 1
default-src 'self';                     base-uri 'self';                     frame-src 'none';                     frame-ancestors 'none';                     form-action 'self';                     connect-src 'self' https://api.centeron.net https://auth.centeron.net  https://maps.googleapis.com;                     script-src 'self' https://maps.googleapis.com;                     font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com;                     style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/;                         img-src 'self' data: https://maps.googleapis.com https://maps.gstatic.com;                     object-src 'none' 1
default-src 'self' https://*.edifecsfedcloud.com;  font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com data: https://*.edifecsfedcloud.com;  img-src 'self' https://*.edifecsfedcloud.com http://*.public.auth.edifecsfedcloud.com.s3-website-us-west-2.amazonaws.com https://*.public.auth.edifecsfedcloud.com.s3-website-us-west-2.amazonaws.com;  connect-src 'self' https://*.edifecsfedcloud.com;  script-src 'self' 'unsafe-inline' https://*.edifecsfedcloud.com;  style-src 'self' 'unsafe-inline' https://*.edifecsfedcloud.com https://fonts.googleapis.com;  frame-ancestors 'self' *.edifecsfedcloud.com; frame-src 'self' *.edifecsfedcloud.com; object-src 'none' 1
frame-ancestors https://www.suitable.de https://www.suitableshop.nl 1
default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://netgamers.it/logs/ https://netgamers.it/sidekiq/ https://netgamers.it/mini-profiler-resources/ https://netgamers.it/assets/ https://netgamers.it/extra-locales/ https://netgamers.it/highlight-js/ https://netgamers.it/javascripts/ https://netgamers.it/plugins/ https://netgamers.it/theme-javascripts/ https://netgamers.it/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' 'sha256-QFlnYO2Ll+rgFRKkUmtyRublBc7KFNsbzF7BzoCqjgA=' https://analytics.netgamers.it:2053 https://platform.twitter.com/; worker-src 'self' https://netgamers.it/assets/ https://netgamers.it/javascripts/ https://netgamers.it/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
worker-src 'self' blob:; block-all-mixed-content; font-src fonts.gstatic.com *.amazonaws.com cdn.axminstertools.com cdn.honey.io *.bglobale.com *.global-e.com use.fontawesome.com maxcdn.bootstrapcdn.com cdn.userway.org *.yotpo.com *.googleapis.com *.gstatic.com blog.axminstertools.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypalobjects.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ polyfill.io *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn-ukwest.onetrust.com *.authorize.net *.paypal.com *.algolianet.com *.algolia.net *.apple-mapkit.com cdn.axminstertools.com bat.bing.com www.clarity.ms static.cloudflareinsights.com *.doubleclick.net suite22.emarsys.net connect.facebook.net wchat.freshchat.com apis.google.com ssl.google-analytics.com tpc.googlesyndication.com www.google.com/pagead/ tagmanager.google.com *.googletagmanager.com *.hotjar.com js-agent.newrelic.com *.scarabresearch.com *.sentry-cdn.com widget.trustpilot.com *.twitter.com *.ads-twitter.com www.youtube.com *.online-metrix.net *.afterpay.com *.clearpay.co.uk *.squarecdn.com https://hbiq.net https://angus.finance-calculator.co.uk *.bglobale.com *.global-e.com *.yotpo.com swellrewards.com *.swellrewards.com widget.freshworks.com m2epro.freshdesk.com cdn.userway.org testflex.cybersource.com flex.cybersource.com pay.google.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com prismic.io static.cdn.prismic.io html2canvas.hertzen.com blogcdn.axminstertools.com stats.wp.com talk.hyvor.com cdnapisec.kaltura.com blog.axminstertools.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; manifest-src cdn.axminstertools.com 'self'; base-uri 'self' 'unsafe-inline'; report-uri https://o321468.ingest.sentry.io/api/1815626/security/?sentry_key=4be58bfe3e5a4d6590b3f5022cda615a; report-to report-endpoint; 1
default-src 'self' https://cdn.yoshki.com; script-src 'unsafe-eval' 'unsafe-inline' https: https://www.googletagmanager.com https://*.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: www.googletagmanager.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com https://www.google.co.uk https://*.linkedin.com https://*.episerver.net https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://i.ytimg.com https://*.cloudfront.net https://*.onetrust.com; connect-src https: data: blob: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com; font-src 'self' https: data: https://fonts.gstatic.com; frame-src 'self' https: https://player.vimeo.com https://bid.g.doubleclick.net *.google.com youtube.com www.youtube.com spotify.com podbean.com www.spotify.com www.podbean.com; worker-src 'self' blob: ; 1
default-src 'self' https://www.youtube.com https://www.google.com https://www.gstatic.com https://bcp.crwdcntrl.net https://csm01.bancocaribe.com.do:590 https://c.go-mpulse.net blob:; connect-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.analytics.google.com https://analytics.google.com https://c.go-mpulse.net https://173bf104.akstat.io https://stats.g.doubleclick.net https://68794910.akstat.io https://173bf10d.akstat.io https://*.akstat.io https://trial-eum-clientnsv4-s.akamaihd.net https://trial-eum-clienttons-s.akamaihd.net https://csm01.bancocaribe.com.do:590/ccp/ui/ConnectivityCheck.html https://api.userway.org https://cdn.userway.org https://media.imi.chat https://chat-widget.imi.chat; font-src 'self' https://fonts.gstatic.com https://media.imi.chat; frame-src 'self' 'unsafe-inline' https://8257245.fls.doubleclick.net https://bcp.crwdcntrl.net https://csm01.bancocaribe.com.do:590 https://www.google.com https://www.youtube.com https://www.youtube-nocookie.com https://cdn.userway.org https://media.imi.chat; img-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://maps.gstatic.com https://www.googletagmanager.com https://img.youtube.com https://stats.g.doubleclick.net https://www.google.com https://bcp.crwdcntrl.net https://www.facebook.com https://www.google.com.do https://cdn.userway.org data: blob:; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://code.jquery.com https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.com https://tags.crwdcntrl.net https://s.go-mpulse.net https://connect.facebook.net https://wjs.fgptgp.com https://googleads.g.doubleclick.net https://cdn.userway.org https://media.imi.chat https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.gstatic.com https://www.google.com https://cdn.userway.org https://media.imi.chat https://cdn.jsdelivr.net 1
base-uri 'self'; connect-src 'self' https://tablet.sigwebtablet.com:47290 wss:; default-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; frame-ancestors 'self'; frame-src 'self' https://js.stripe.com; object-src 'none'; script-src 'self' blob: 'unsafe-inline' https://js.stripe.com https://www.gstatic.com https://cdn.jsdelivr.net https://tablet.sigwebtablet.com; img-src * blob: data:; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com; form-action 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' use.typekit.net www.google-analytics.com *.googletagmanager.com ajax.googleapis.com *.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net https://fonts.googleapis.com; img-src 'self' data: p.typekit.net https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com; connect-src 'self' performance.typekit.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com *.google.com https://*.gstatic.com data: blob:; font-src 'self' data: https://*.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; report-uri https://www.cst-group.com/csp-rep/?d=www.marstonspubs.co.uk 1
frame-ancestors 'none'; report-uri /system/csp_reports 1
frame-ancestors 'self'; default-src data: https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; 1
default-src  'none' ; base-uri  'none' ; form-action  'self' *.patracorp.com *.googletagmanager.com *.cloudflare.com *.hsforms.net *.hsforms.com *.facebook.com *.twitter.com ; script-src  'self' 'unsafe-inline' 'unsafe-eval' *.patracorp.com *.geoplugin.net *.jsdelivr.net geoip-js.com *.geoip-js.com *.googletagmanager.com *.googleadservices.com *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hscollectedforms.net *.hubspotfeedback.com *.hubapi.com *.hubspot.com *.hubspot.net *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hsadspixel.net *.hs-analytics.net *.hscta.net *.hsappstatic.net *.usemessages.com *.hs-banner.com *.jquery.com *.addtoany.com *.cookielaw.org *.zoominfo.com *.wistia.com *.licdn.com *.facebook.net *.doubleclick.net *.cleantalk.org *.mouseflow.com  blob: data: gap:; style-src  'self' 'unsafe-inline' *.patracorp.com *.jsdelivr.net *.hubspotusercontent00.net *.hubspotusercontent10.net  *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net *.fontawesome.com  blob: data: gap:; child-src  'self' *.patracorp.com *.hsforms.com *.mouseflow.com  blob: data: gap:; connect-src  'self' *.patracorp.com *.geoplugin.net *.hubspot.com *.hubapi.com js.hscta.net *.hsforms.com *.hs-banner.com *.hscollectedforms.net *.onetrust.com *.cookielaw.org *.google.com *.google-analytics.com *.googlesyndication.com *.linkedin.com *.wistia.com *.facebook.net *.cleantalk.org *.litix.io *.zoominfo.com *.doubleclick.net *.cloudflare.com *.mouseflow.com  ipapi.co *.ipapi.co *.amazonaws.com blob: data: gap:; media-src  'self' *.patracorp.com *.wistia.com *.youtube.com *.yumpu.com *.hubspotvideo.com *.facebook.com *.twitter.com *.gravatar.com *.akamaihd.net *.cloudflare.com  blob: data: gap:; img-src  'self' *.patracorp.com *.google.com *.google.co.uk *.google.ca *.googletagmanager.com *.doubleclick.net *.hubspot.com *.hubspot.net *.hscta.net *.hsforms.net *.hsforms.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.ytimg.com *.wpengine.com *.zoominfo.com *.gravatar.com *.wistia.com *.cookielaw.org *.linkedin.com *.cleantalk.org *.facebook.com *.mouseflow.com *.amazonaws.com blob: data: gap:; font-src  'self' *.patracorp.com *.googleapis.com *.gstatic.com *.fontawesome.com *.wistia.com *.mouseflow.com  blob: data: gap:; frame-src  'self' *.patracorp.com *.google.com *.g.doubleclick.net *.doubleclick.net *.facebook.com *.twitter.com *.youtube.com *.yumpu.com *.addtoany.com *.hsforms.net *.hsforms.com *.hubspot.com *.hubspot.net *.hs-sites.com *.hubspotvideo.com *.mouseflow.com ; frame-ancestors  'none' ; 1
default-src https: data:;frame-src 'self' https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.google.com/recaptcha/ https://*.g.doubleclick.net/ https://*.doubleclick.net/;style-src 'self' blob: 'unsafe-inline' https://fonts.googleapis.com/;script-src https: 'sha256-eJ4GivPk5zSuW260r7TgccEMiIz8co0n8BlKrAh7Yn0=' 'sha256-L9NtTqBLxf1z3sIza7z/JTtm01m91a8xVl07p4WTMYw=' 'strict-dynamic';base-uri 'self';worker-src 'none';form-action 'none';object-src 'none';frame-ancestors 'none';require-trusted-types-for 'script';report-uri https://appn.center/apiv1/csp5; 1
font-src * data: *.gdw.mx *.banorte.com *.criteo.com *.fontawesome.com *.tradedoubler.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com * *.gdw.mx *.banorte.com *.criteo.com https://seo.mageplaza.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com 'self' 'unsafe-inline'; frame-ancestors *.gdw.mx *.banorte.com *.criteo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.paynet.com.mx *.openpay.mx *.openpay.co *.openpay.pe *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com *.opencontrol.mx *.kaptcha.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io * *.gdw.mx *.banorte.com *.criteo.com *.postimg.cc *.openpay.mx *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ cdn.conekta.io conektaapi.s3.amazonaws.com https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com *.dwin1.com *.s3.amazonaws.com *.openpay.co *.openpay.pe *.google-analytics.com *.google.com/recaptcha/ *.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com * *.gdw.mx *.banorte.com *.criteo.com *.fontawesome.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * videos-inova-com.mx.s3.amazonaws.com *.gdw.mx *.banorte.com *.criteo.com *.tradedoubler.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.conekta.io https://static.zdassets.com * *.gdw.mx *.banorte.com *.criteo.com *.openpay.mx *.openpay.co *.openpay.pe *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.tradedoubler.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src * *.disqus.com *.disquscdn.com *.videos-inova-com.mx.s3.amazonaws.com *.gdw.mx *.banorte.com *.criteo.com *.tradedoubler.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src * data: blob:; frame-ancestors 'self'; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.googletagmanager.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.cookielaw.org https://browser-update.org https://polyfill.io https://consent.cookiebot.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://viewmedica.com *.sharethis.com *.fluidads.com *.simpli.fi 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.typekit.net 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com img.youtube.com *.doubleclick.net *.cookielaw.org *.google.com *.google.ie *.googletagmanager.com *.sharethis.com https://connect.facebook.net *.linkedin.com https://um.simpli.fi https://fei.pro-market.net https://www.googleadservices.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src *.google.com *.youtube.com *.soundcloud.com *.doubleclick.net https://viewmedica.com https://ondemand.viewmedica.com https://cdn.fluidads.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.cookielaw.org https://materprivate.arekibo.com *.doubleclick.net *.onetrust.com maps.googleapis.com *.onetrust.io https://*.analytics.google.com *.sharethis.com *.fluidads.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com www.google.com open.spotify.com https://viewmedica.com https://forms.office.com *.cookiebot.com *.doubleclick.net *.viewmedica.com 'self' web-chat.nativechat.com 1
upgrade-insecure-requests; default-src 'self' data: blob: gap: 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.linkedin.com *.bizographics.com *.loggly.com *.doubleclick.net *.wistia.com *.twimg.com *.twitter.com *.googleadservices.com *.facebook.com *.googletagmanager.com *.snapengage.com *.visualwebsiteoptimizer.com *.facebook.net *.iforex.com *.google-analytics.com *.bootstrapcdn.com *.youtube.com *.wistia.net *.opmnstr.com *.webapi-services.net *.googlesyndication.com *.optnmnstr.com *.mxpnl.net https://pixel-tracking.appspot.com https://pixelmachine-981.appspot.com *.mte-media.com mte-media.com *.typekit.net  *.optimizely.com d5phz18u4wuww.cloudfront.net *.hotjar.com *.ads-twitter.com *.finadsr.com wcs.naver.net *.criteo.net *.criteo.com https://s.yimg.com https://sp.analytics.yahoo.com *.fihtrader.com *.vestle.com appleid.cdn-apple.com *.livechatinc.com *.appier.net https://sc-static.net https://*.snapchat.com; img-src 'self' data: blob: *; font-src 'self' data: blob: *.gstatic.com *.bootstrapcdn.com *.typekit.net *.webapi-services.net *.hotjar.com *.wistia.com *.livechatinc.com; connect-src 'self' data: *.doubleclick.net *.facebook.com *.wistia.com https://embedwistia-a.akamaihd.net *.googletagmanager.com *.opmnstr.com *.mxpnl.net *.iforex.com *.webapi-services.net *.litix.io *.hotjar.io *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.finadsr.com *.snapengage.com *.criteo.com *.criteo.net *.iforex.co.uk *.vestle.com https://s.yimg.com *.fihtrader.com *.google.com *.iforex.eu *.iforexcrypto.com https://api.livechatinc.com *.twitter.com *.naver.com *.appier.net *.snapchat.com; child-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-src 'self' data: gap: *.webapi-services.net *.facebook.com *.twitter.com *.google.com *.linkedin.com *.snapengage.com *.youtube.com *.wistia.com *.googlesyndication.com *.googletagmanager.com *.iforex.com https://fast.wistia.net *.hotjar.com *.criteo.com *.iforex.co.uk *.fihtrader.com *.livechatinc.com *.snapchat.com; media-src 'self' blob: data: *.iforex.com *.webapi-services.net *.gstatic https://embedwistia-a.akamaihd.net *.mte-media.com *.snapengage.com *.wistia.com *.livechatinc.com; object-src 'self' https://embed-ssl.wistia.com *.mte-media.com; worker-src 'self' data: blob: *.googletagmanager.com *.iforex.com *.webapi-services.net; frame-ancestors 'self' *.iforex.com *.iforex.co.uk *.vestle.com *.iforex.eu *.iforexcrypto.com *.fihtrader.com; report-uri https://content.webapi-services.net/api/cspreport; 1
img-src 'self' https://f50ce8b91dd1f94c5ec2-3e285bfa4e7ff77b7136a6d2aeecab08.ssl.cf5.rackcdn.com https://www.google-analytics.com https://photos.edwardsgarment.com https://clickserv.sitescout.com https://vds.sage.net https://pixel.sitescout.com; 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com *.google.com https://dec.azureedge.net/ munchkin.marketo.net *.wistia.com *.wistia.net http://js.hsforms.net/ https://forms.hsforms.com/ https://js.hs-banner.com https://js.hsleadflows.net *.hubspot.com https://js.hscollectedforms.net cdn.kendostatic.com https://app.usercentrics.eu/ https://az416426.vo.msecnd.net/ https://js.hsadspixel.net/ https://js.usemessages.com/ https://www.googletagmanager.com https://www.googleadservices.com *.demandbase.com https://rec.smartlook.com https://snap.licdn.com https://www.redditstatic.com https://tracking-cdn.figpii.com *.inspectlet.com https://statics-cdn.figpii.com slideslive.com/embed_presentation.js *.zoominfo.com tags.clickagy.com https://cdnjs.cloudflare.com *.outbrain.com *.doubleclick.net *.hawksearch.net *.g2crowd.com 'self' cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com *.eloqua.com *.en25.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.wistia.com https://www.googletagmanager.com *.hawksearch.net 'self' web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com i.ytimg.com https://syndication.twitter.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://www.altair.com *.google-analytics.com *.linkedin.com https://static.licdn.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.wistia.com *.wistia.net https://embedwistia-a.akamaihd.net https://js.hsleadflows.net *.hsforms.com *.usercentrics.eu https://match.prod.bidr.io https://id.rlcdn.com https://segments.company-target.com *.google.com https://px.ads.linkedin.com https://www.googletagmanager.com https://p.adsymptotic.com *.hubspot.com *.hsappstatic.net https://alb.reddit.com https://tr.outbrain.com https://hn.inspectlet.com https://connect.facebook.net https://px.adentifi.com https://rtb.adentifi.com https://cm.g.doubleclick.net *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.m *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.g2crowd.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.wistia.com https://www.altair.com/include-header-footer/fonts/; frame-src *.hubspot.com *.hsforms.com *.hs-sites.com *.usercentrics.eu *.google.com *.youtube.com https://player.vimeo.com https://mkt.panopticon.altair.com *.facebook.com *.slideslive.com *.wistia.com *.wistia.net hemsync.clickagy.com *.company-target.com https://slideslive.com *.doubleclick.net 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com *.google.com *.wistia.com https://embedwistia-a.akamaihd.net https://fg8vvsvnieiv3ej16jby.litix.io https://hubspot-forms-static-embed.s3.amazonaws.com *.hubspot.com https://api.hubapi.com https://forms.hubspot.com *.usercentrics.eu https://dc.services.visualstudio.com *.company-target.com https://manager.eu.smartlook.cloud https://www.facebook.com/tr https://events-writer.smartlook.com https://assets-proxy.smartlook.cloud https://sessions.bugsnag.com *.figpii.com wss://tdw.figpii.com *.inspectlet.com wss://ws.inspectlet.com https://slideslive.com https://web-writer.us.smartlook.cloud https://*.googlesyndication.com cdn.linkedin.oribi.io *.zoominfo.com *.clickagy.com *.demandbase.com *.outbrain.com *.doubleclick.net *.linkedin.com *.hawksearch.net *.hawksearch.com *.redditstatic.com *.reddit.com *.g2crowd.com *.wistia.net *.g2.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.wistia.net *.wistia.com https://embedwistia-a.akamaihd.net; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com blob: 'self' web-chat.nativechat.com 1
frame-ancestors 'none'; report-uri https://appbot.report-uri.com/r/d/csp/reportOnly 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://youtube.com https://www.youtube.com https://walkinto.in https://connect.facebook.net https://static.hotjar.com; style-src * 'unsafe-inline' 'unsafe-eval' blob: data:; object-src * 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https://api-web.dilmahtea.com https://api-web-uat.dilmahtea.com https://stats.g.doubleclick.net https://www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://graph.instagram.com https://api.twitter.com; font-src 'self' data:; frame-src 'self' https://youtube.com https://www.youtube.com https://walkinto.in; img-src 'self' data: http://a.tile.osm.org http://b.tile.osm.org http://c.tile.osm.org https://i.ytimg.com https://web-uat.dilmahtea.com https://www.dilmahtea.com https://dmc.dilmahtea.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com https://www.google.lk blob:; media-src 'self' https://web-uat.dilmahtea.com https://www.dilmahtea.com; 1
default-src 'self' *.trustbadge.com *.trustedshops.com *.etrusted.com *.ad-srv.net *.bsmartdata.com *.redintelligence.net ad4m.at *.terminland.de *.virtooal.com *.auglio.com *.adcell.com *.facebook.com *.google-analytics.com *.google.com *.google.de *.googleapis.com *.doubleclick.net *.bounce-commerce.de *.googletagmanager.com *.paypal.com *.ad4m.at; script-src 'self' 'unsafe-eval' *.google.de *.googleadservices.com *.hyj.mobi *.bounce-commerce.de *.ad-srv.net *.paypalobjects.com *.adcell.de *.auglio.com ad4m.at *.paypal.com *.googletagmanager.com *.google.com *.googleapis.com www.terminland.de *.trustedshops.com *.google-analytics.com *.adcell.com *.facebook.net *.doubleclick.net 'unsafe-inline' data:; style-src 'self' *.robinlook.de *.auglio.com www.terminland.de *.googleapis.com *.google.com  'unsafe-inline'; img-src 'self' *.googletagmanager.com *.google.ch *.bidswitch.net  *.adcell.com *.weltderrabatte.de weltderrabatte.de *.klarna.com *.adnxs.com *.adition.com *.twiago.com *.smartadserver.com *.pubmatic.com *.adscale.de *.adserver01.de *.adfarm1.adition.com *.doubleclick.net *.ad4m.at *.casalemedia.com *.casalemedia.com *.bidswitch.net *.terminland.de *.virtooal.com *.auglio.com *.paypal.com *.paypalobjects.com *.google.com *.trustedshops.com *.googleapis.com *.gstatic.com *.google.com *.google.de *.google-analytics.com www.facebook.com data:; font-src 'self' *.auglio.com *.gstatic.com; plugin-types application/pdf; form-action 'self' *.paypal.com; report-uri /csp-violation.php 1
frame-ancestors 'self' https://*.t-online.de; 1
default-src https: data: blob:;script-src https: 'unsafe-eval' 'unsafe-inline';style-src https: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self'; script-src * 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; img-src data: blob: * 'self'; font-src data: * 'self'; frame-src * 'self'; connect-src * 'self'; media-src * 'self'; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com 1
form-action 'self' https://secure.payzen.eu 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-mUnqFSM7OYSBDoUwhauvuw==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob: *.izlesene.com *.ioam.de *.avg.com *.rewardsaccelerator.com smetrics.att.com; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net smetrics.att.com; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
frame-src 'self' https://eu-west-2-elume.s3.us-east-1.amazonaws.com/ https://forms.hsforms.com/ https://app.hubspot.com https://www.googletagmanager.com https://accounts.google.com https://sdk.companywebcast.com https://ir.asp.manamind.com https://www.youtube.com https://www.youtube-nocookie.com *.metric.gstatic.com *.dynamics.com https://webcast.seria.no https://spinzam.com/ https://player.vimeo.com https://cdn.embedly.com https://www.facebook.com https://www.google.com/ https://platform.twitter.com/ https://twitter.com/ https://ir.oms.no/ https://kongsberg.easycruit.com https://tools.eurolandir.com https://asia.tools.euroland.com https://tools.euroland.com https://gamma.euroland.com ; frame-ancestors 'self' 1
frame-ancestors 'self' https://service.ariba.com https://service-2.ariba.com https://certservice.ariba.com https://certservice-2.ariba.com https://s1.ariba.com https://s2.ariba.com https://usertest.sciquest.com https://uitweb.sciquest.com https://neo.sciquest.com https://solutions.sciquest.com https://cloud.punchoutexpress.com https://dev.cloud.punchoutexpress.com https://cloud.pexlocal.com https://cloud.mpexlocal.com https://punchoutcommerce.com https://eprocurement-sso.scholz-group.com https://scholz-group.com https://verwaltung.stadtkoeln.de https://stadtkoeln.de https://mcstaging.brewes.de https://www.brewes.de; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.cam4000.com:9080 www.cam4000.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.cam4000.com wss://www.cam4000.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715649114 1
default-src 'self' https://* data:; script-src 'self' 'unsafe-inline' https://* 'unsafe-eval' data:; connect-src * 'self' ws://localhost:* wss://backstage.sila-production.ru:* ws://backstage.sila-production.ru:* https://* data:; img-src data: 'self' https://*; style-src 'self' 'unsafe-inline' https://* data:; frame-ancestors 'self' https://* data: https://backstage.sila-production.ru https://backstage.sila-production.ru:*; 1
default-src https://www.googletagmanager.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://p.teads.tv/ https://www.googleadservices.com/ https://www.google-analytics.com/; img-src 'self' https: img.youtube.com i.ytimg.com  data:; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://p.teads.tv/ https://www.googleadservices.com/ https://www.google-analytics.com/;script-src-elem 'self' 'unsafe-inline'  https://www.googletagmanager.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://p.teads.tv/ https://www.googleadservices.com/ https://www.google-analytics.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com ; font-src 'self' fonts.gstatic.com fonts.googleapis.com ; connect-src 'self' https: lottie.host ;worker-src 'self' https: ;form-action 'self';frame-ancestors 'none';frame-src https: youtube.com www.youtube.com  1
object-src 'none'; script-src 'nonce-5015f186-1c29-460e-9161-bda80972cfaf' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:; base-uri 'none'; report-uri /csp-reports 1
frame-ancestors http://www.iofm.com https://divcomplatform.s3.amazonaws.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com https://static.ctctcdn.com/ https://www.googletagmanager.com/ https://translate.google.com/ https://cdnjs.cloudflare.com/ https://cdn.userway.org; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com https://static.ctctcdn.com/ https://cdn.userway.org; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://cdn.userway.org; img-src 'self' *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com https://www.google.com/images/ https://cdn.userway.org; media-src 'self' data: blob: *.frontify.com *.cloudinary.com; frame-src https://cdn.userway.org https://www.google.com/; child-src 'self' https://outlook.office365.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com; connect-src 'self' data: accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com https://listgrowth.ctctcdn.com/ https://api.userway.org https://cdn.userway.org https://translate.googleapis.com https://stats.g.doubleclick.net https://visitor2.constantcontact.com/api/v1/signup_forms/4c66a9c1-0238-4f25-a171-a058730907a5; 1
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://myconnect.rodeore.com; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval';script-src https: 'unsafe-inline' 'unsafe-eval';object-src 'none'; connect-src https: wss: data: 'unsafe-inline' blob: javascript:; media-src https: data: 'unsafe-inline' blob:; child-src https: blob:; form-action *; 1
default-src 'self' data: blob: https: 'unsafe-eval' 'unsafe-inline'; img-src * data: blob:; frame-src *; 1
form-action 'self'; frame-ancestors 'none'; object-src 'none'; script-src 'unsafe-eval' https://devirtra.pushandpulltm.com/ 'sha256-nPUb08eVGD0u2SIaHjgt2ZhS+Xr3IyqFc5vkhBO+t6E=' 'sha256-3besV2ic6ZgJHzkbTmficYcQoeJJX1HW8YYaHeGvTr0=' 'sha256-epx0rb7YNqxdavFLi19EcpKFYzi2XAUwNabVKCPv98g=' 'sha256-f4yO48mjAF/H/c27l5NtcQf1b0+XxL2NFLz8Bv/TM+A=' 'sha256-jaz1TDnYTs/WsGBrcxAZFkZutGu8I0yLFmOEGoNchZw=' 'sha256-eLsBlHIRcv9uXXCHWe+/1YvepFUVgActPEcLVhBKGlE=' 'sha256-HU+vB3fUJCe7jxNufYala1TMX4Jye7vjXGMwVoDpuJ8=' 'sha256-KX6yxSdlLRAL2Lg1rtEIYrCIYffhZbFFtiF7tN3hALE=' 'sha256-cwP2ihpnfGr1qFzYmQwE6uL3hqhEHPiNDIKKGC/IC7s=' 'sha256-clCRIP4MpfqBcndvwU6LljUC4NVq5APxNySH48Ahc44=' 'sha256-TfnO/YWhXHuKkH+3x9G+E2h98MIvIkRollxBsmAHwtc=' 'sha256-wrqlGI4AtSGlZ0UWkboIR6Uj7fjxI9kvccHVezSH/js=' 'sha256-Yn1aoMmFqEK0sEhjvxY7JWWdEYxI7PE1r1AEczACX3Y=' 'sha256-46+K8g+ryvmpJJ4R5VpSNmnBp3ho4k5310emkrMNacA=' 'sha256-KoZvlNi6WIlva5SMPsgkZKuz3pwSCUhpugmi7saPqak=' https://www.gstatic.com  https://www.google-analytics.com 'sha256-KoZvlNi6WIlva5SMPsgkZKuz3pwSCUhpugmi7saPqak=' 'self' https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://pagead2.googlesyndication.com https://gist.github.com https://web.archive.org https://www.w3counter.com https://ajax.googleapis.com https://google-code-prettify.googlecode.com https://cdn.jsdelivr.net https://www.google.com;  img-src https://www.google-analytics.com https://instagram.fgua5-1.fna.fbcdn.net/ https://instagram.fgua3-1.fna.fbcdn.net/ https://instagram.fgua3-2.fna.fbcdn.net/ 'self' blob: https://seal.beyondsecurity.com https://scontent-iad3-1.cdninstagram.com https://secure.gravatar.com; 1
script-src http: https: www.ilpasso.ro 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/ https://event.2performant.com; style-src 'self' blob: https: 'unsafe-inline' www.ilpasso.ro; img-src data: http: https: www.googletagmanager.com https://event.2performant.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.fontawesome.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.hotjar.com *.google.com *.2performant.com lockerplugin.sameday.ro consentcdn.cookiebot.com; 1
upgrade-insecure-requests;connect-src https://*.tupu360.com;frame-ancestors https://www.tupu360.com 1
default-src 'self' https://api.thestreetlink.org.uk https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net;    script-src 'self' 'unsafe-eval' 'unsafe-inline' https: blob: https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net;    style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net;    img-src 'self' blob: https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com data: https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net;    font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net data:;    frame-src *.google.com https://*.doubleclick.net/;    connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: https://api.thestreetlink.org.uk https://mapit.mysociety.org https://www.home-connection.co.uk https://www.facebook.com https://googletagmanager.com https://*.googletagmanager.com https://www.googletagmanager.com https://*.mysociety.com https://*.gov.uk.com https://nextjs.org https://homeless.org.uk https://*.abilitynet.org.uk https://*.equalityadvisoryservice.com https://thestreetlink.org.uk https://www.google.co.in https://www.google-analytics.com https://googleads.g.doubleclick.net https://*.doubleclick.net;    object-src 'none';    base-uri 'self';    form-action 'self';    frame-ancestors 'none';    block-all-mixed-content;    upgrade-insecure-requests; 1
default-src 'self'; connect-src 'self' *.obos.no *.snapchat.com *.apicdn.sanity.io *.api.sanity.io *.doubleclick.net *.hotjar.com *.hotjar.io *.google-analytics.com *.youtube.com *.google.com cdn.sanity.io cdn.cookielaw.org wss://*.hotjar.com https://*.googlesyndication.com https://*.clarity.ms https://*.sentry.io https://*.google.no https://*.bing.com https://youtube.com https://*.adnxs.com https://cdn.linkedin.oribi.io https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://privacyportal-eu.onetrust.com https://surveystats.hotjar.io https://cookies-data.onetrust.io/bannersdk https://www.facebook.com/tr dc.services.visualstudio.com obos.se *.obos.se *.linkedin.com https://ct.pinterest.com *.triggerbee.com; frame-src 'self' www.youtube.com https://vars.hotjar.com https://*.snapchat.com *.doubleclick.net https://ct.pinterest.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; font-src 'self' script.hotjar.com https://fonts.gstatic.com https://*.triggerbee.com; img-src 'self' 'unsafe-inline' data: blob: *.obos.no *.doubleclick.net *.google-analytics.com *.hotjar.com *.youtube.com *.google.com cdn.sanity.io cdn.cookielaw.org res.cloudinary.com www.googletagmanager.com https://*.clarity.ms https://*.siteimproveanalytics.io https://*.adnxs.com https://*.mookie1.com https://*.facebook.com https://*.linkedin.com https://*.snapchat.com https://*.episerver.net https://*.bing.com https://www.google.no https://optanon.blob.core.windows.net *.obos.se https://*.casalemedia.com https://*.t.eloqua.com https://*.bing.com https://ct.pinterest.com https://ads.stickyadstv.com https://rtb-csync.smartadserver.com https://synchroscript.deliveryengine.adswizz.com https://pr-bh.ybp.yahoo.com https://ad.sxp.smartclip.net https://cm.adform.net https://simage2.pubmatic.com https://pixel.rubiconproject.com https://ad.360yield.com https://sync.search.spotxchange.com https://match.adsby.bidtheatre.com https://match.adsrvr.org https://match.prod.bidr.io https://*.triggerbee.com https://*.facebook.net https://*.facebook.com; media-src 'self' blob: res.cloudinary.com *.gobistories.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.obos.no *.doubleclick.net *.youtube.com *.googletagmanager.com *.gstatic.com static.hotjar.com *.analytics.google.com https://*.google-analytics.com https://*.clarity.ms https://*.episerver.net https://*.adnxs.com https://*.snapchat.com https://cdn.cookielaw.org https://script.hotjar.com https://cdn.mookie1.com https://connect.facebook.net https://siteimproveanalytics.com https://snap.licdn.com https://sc-static.net https://bat.bing.com obos.se *.obos.se t.myvisitors.se adsby.bidtheatre.com https://s.pinimg.com https://img06.en25.com https://assets.strossle.com https://*.t.eloqua.com https://pixels.lemonpi.io https://*.facebook.net https://*.facebook.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; worker-src 'self' blob:; 1
script-src 'self' www.google-analytics.com *.googleapis.com www.googletagmanager.com api.nasdaqomx.wallst.com *.vimeo.com *.vimeocdn.com www.gstatic.com 'unsafe-inline' ssl.google-analytics.com *.doubleclick.net *.google.com *.google.com.au www.youtube.com *.dynonobel.com code.jquery.com assets.adobedtm.com 'unsafe-eval' *.cloudfront.net *.multiview.com *.kickfire.com *.rumiview.com *.dialogtech.com; 1
default-src *.gstatic.com ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org hcaptcha.com *.googletagmanager.com ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org hcaptcha.com *.googletagmanager.com ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com cloud.typography.com *.cloudfront.net ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com data: ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net; img-src *.globenewswire.com *.prnewswire.com pixel.mathtag.com c212.net ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net; frame-src *.google.com *.youtube.com youtube-nocookie.com vimeo.com newassets.hcaptcha.com *.equisolve.net ir.stockpr.com www.nclhltd.com d1io3yog0oux5.cloudfront.net; object-src 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://localhost:* https://localhost:* http://ljungby.se https://ljungby.se https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js http://translate.googleapis.com https://translate.googleapis.com http://translate.google.com https://translate.google.com https://*.vizzit.se http://*.vizzit.se http://tag.vizzit.se https://tag.vizzit.se http://apis.google.com https://apis.google.com http://localhost:56870 http://*.google-analytics.com https://*.google-analytics.com http://*.browsealoud.com https://*.browsealoud.com https://*.speechstream.net http://dl.episerver.net https://dl.episerver.net http://maps.googleapis.com https://maps.googleapis.com https://oppnadata.skl.se https://www.google.com/uds/ https://code.jquery.com https://unpkg.com https://js-agent.newrelic.com https://bam.nr-data.net https://policy.app.cookieinformation.com https://mfstatic.com blob: ljungby.se:443;style-src 'self' 'unsafe-inline' http://localhost:* http://ljungby.se https://ljungby.se http://translate.googleapis.com https://translate.googleapis.com https://*.vizzit.se https://www.vizzit.se http://www.vizzit.se http://*.browsealoud.com https://*.browsealoud.com http://fonts.googleapis.com https://fonts.googleapis.com http://dl.episerver.net https://dl.episerver.net https://oppnadata.skl.se https://www.google.com/uds/ https://ajax.googleapis.com https://unpkg.com https://mfstatic.com ljungby.se:443;img-src 'self' http://localhost:* https://localhost:* http://ljungby.se https://ljungby.se http://translate.google.com https://translate.google.com http://www.gstatic.com https://www.gstatic.com http://www.google.com https://www.google.com http://www.vizzit.se https://www.vizzit.se http://*.google-analytics.com https://*.google-analytics.com http://*.browsealoud.com http://*.ggpht.com https://*.ggpht.com http://maps.gstatic.com https://maps.gstatic.com http://*.googleapis.com https://*.googleapis.com https://*.vizzit.se http://csi.gstatic.com https://csi.gstatic.com http://dl.episerver.net https://dl.episerver.net https://oppnadata.skl.se http://tag.vizzit.se https://tag.vizzit.se https://*.mediaflowpro.com http://*.mediaflowpro.com https://*.mediaflow.com http://*.mediaflow.com data: ljungby.se:443;font-src 'self' http://fonts.gstatic.com https://fonts.gstatic.com https://mfstatic.com ljungby.se:443;connect-src 'self' http://localhost:* https://localhost:* http://ljungby.se https://ljungby.se http://translate.googleapis.com https://translate.googleapis.com http://*.speechstream.net https://*.speechstream.net https://*.texthelp.com http://*.texthelp.com http://localhost:56870 http://*.browsealoud.com https://*.browsealoud.com ws: wss: https://*.vizzit.se https://api.kolada.se https://policy.app.cookieinformation.com https://consent.app.cookieinformation.com https://*.mediaflow.com/ https://mfstatic.com ljungby.se:443;form-action 'self' ljungby.se:443;report-uri /CspReport/Log 1
default-src 'self' 'unsafe-inline' https://*.googleapis.com https://staticfiles.digitalchargingsolutions.com https://api.mixpanel.com https://api-js.mixpanel.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://staticfiles.digitalchargingsolutions.com https://*.googleapis.com https://cdn.mxpnl.com https://api-js.mixpanel.com; frame-src 'self' https://payment.datatrans.biz/; img-src 'self' https: data: https://*.googleapis.com https://*.gstatic.com https://*.ggpht.com https://cpologo.digitalchargingsolutions.com; style-src 'self' 'unsafe-inline'  https://staticfiles.digitalchargingsolutions.com https://fonts.googleapis.com; font-src 'self'  https://staticfiles.digitalchargingsolutions.com https://fonts.gstatic.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MWIwN2NlOGFmYmNmNGMxZjk1MTMwMjEwYTQyOGUzOWY=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.volkshuisvestingnederland.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.volkshuisvestingnederland.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.volkshuisvestingnederland.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' https: data: blob: wss://visitors.live wss://*.visitors.live 1
frame-ancestors 'self' https://login.amaseguros.com 1
script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' mapvision.co.uk region1.google-analytics.com *.hotjar.com snap.licdn.com r1-t.trackedlink.net *.trackedweb.net www.googletagmanager.com *.sitecore.com *.sitecore.net player.vimeo.com maps.googleapis.com www.google-analytics.com *.cookiebot.com privacyportalde-cdn.onetrust.com secure.leadforensics.com www.gstatic.com www.google.com;     script-src-elem 'self' 'unsafe-inline' mapvision.co.uk region1.google-analytics.com *.hotjar.com snap.licdn.com r1-t.trackedlink.net *.trackedweb.net www.googletagmanager.com *.sitecore.com *.sitecore.net player.vimeo.com maps.googleapis.com www.google-analytics.com *.cookiebot.com privacyportalde-cdn.onetrust.com secure.leadforensics.com www.gstatic.com www.google.com;     style-src 'self' 'report-sample' 'unsafe-inline' fonts.googleapis.com privacyportalde-cdn.onetrust.com;     img-src 'self' data: px.ads.linkedin.com maps.googleapis.com maps.gstatic.com *.cookiebot.com prism.agencypilot.com;     frame-src 'self' mapvision.co.uk *.sitecore.com *.sitecore.net player.vimeo.com *.cookiebot.com fastdox.co.uk www.google.com prism.agencypilot.com;     font-src 'self' data: privacyportalde-cdn.onetrust.com fonts.gstatic.com fonts.googleapis.com ;     connect-src 'self' *.doubleclick.net privacyportal-de.onetrust.com www.google.com mapvision.co.uk region1.google-analytics.com px.ads.linkedin.com *.trackedweb.net *.hotjar.com snap.licdn.com r1-t.trackedlink.net *.trackedweb.net www.googletagmanager.com player.vimeo.com maps.googleapis.com *.cookiebot.com www.google-analytics.com privacyportalde-cdn.onetrust.com;     default-src 'self'; frame-ancestors 'self' fonts.gstatic.com;      report-uri https://3chillies.report-uri.com/r/d/csp/wizard; 1
default-src 'none'; frame-src https://www.juicycash.net; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; img-src 'self' https://pbs.twimg.com https://www.inet-cash.com https://*.google-analytics.com https://*.googletagmanager.com https://static.yoogirls.com https://yoogirls.r.worldssl.net https://www.juicycash.net; media-src https://static.yoogirls.com https://yoogirls.r.worldssl.net; script-src 'unsafe-inline' https://www.inet-cash.com https://*.googletagmanager.com https://www.google-analytics.com https://static.yoogirls.com/js/cookienotice.min.js https://static.yoogirls.com/ https://yoogirls.r.worldssl.net; style-src 'unsafe-inline' https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/ https://yoogirls.r.worldssl.net https://static.yoogirls.com/; font-src https://static.yoogirls.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com; frame-ancestors 'none'; 1
script-src 'self' 'unsafe-eval' https://stats.wp.com/w.js https://ws.zoominfo.com/pixel/fOFB6QSXE9jDVozwCG17 https://www.googletagmanager.com/gtm.js https://stats.wpmucdn.com/analytics.js https://connect.livechatinc.com https://www.clarity.ms https://www.googleadservices.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://cdn.livechatinc.com/tracking.js https://www.googletagmanager.com https://www.google-analytics.com/analytics.js https://api.livechatinc.com 'unsafe-inline'; object-src 'self'; font-src 'self' https://fonts.gstatic.com 1
default-src 'self';frame-ancestors 'self' http://m-website.com https://m-website.com;style-src 'self' fonts.googleapis.com 'unsafe-inline';font-src 'self' fonts.gstatic.com data:;script-src 'self' translate.googleapis.com;connect-src 'self' translate.googleapis.com;img-src 'self' * data: android-webview-video-poster:;media-src 'self' * data:;frame-src 'self' * 1
default-src 'self'; connect-src 'self' *.itzbund.de; worker-src blob: 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' piwik.itzbund.de *.googleapis.com *.google.com *.gstatic.com *.youtube.com *.ytimg.com *.vimeo.com; object-src 'self' multimedia.gsb.bund.de; media-src blob: 'self' multimedia.gsb.bund.de *.youtube.com *.vimeo.com *.aktion-mensch.de; frame-src *.google.com *.gstatic.com *.youtube.com *.vimeo.com; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.itzbund.de; frame-ancestors 'self'; 1
default-src 'self'; media-src 'self' blob:; script-src 'self' 'sha256-D9kvgd5pJSJnKAxbyhP4vsdKkDmIiFSmrSkwrfQIQCc=' 'sha256-KUcKFgI0s2zjgZcjb1A6YarPJuOpkcIZboLP3NTHGZM=' 'sha256-fuL7YGf4Xjp6fymlXugnIw4SDXNvLL9AHFGgCe6JYA8=' 'sha256-jy+bez8rPWuhicVe1B6KSlUVsBgVkpZ6cYqYjcqLJqA=' 'sha256-pg34YAbNuRVqPICOzqyimWUMeJv3TZgfrgYG96La5N4=' *.segment.com www.googletagmanager.com *.google-analytics.com *.walkme.com heapanalytics.com *.heapanalytics.com *.planhat.com; style-src 'self' 'unsafe-inline' www.googletagmanager.com *.googleapis.com heapanalytics.com *.walkme.com *.typekit.net; font-src 'self' *.typekit.net *.gstatic.com *.walkme.com data:; img-src 'self' https: data: blob: *.walkme.com *.walkmeusercontent.com www.googletagmanager.com *.google-analytics.com *.heapanalytics.com; connect-src 'self' blob: *.hyperproof.app *.statuspage.io *.walkme.com *.segment.com *.segmentapis.com *.segment.io sentry.io *.google-analytics.com heapanalytics.com *.planhat.com; frame-src 'self' *.hyperproof.app *.wistia.net *.officeapps.live.com *.walkme.com docs.google.com blob:; worker-src 'self' *.walkme.com blob:; object-src *.walkme.com blob:; frame-ancestors 'self' https://docs.google.com; 1
default-src 'self' 'unsafe-inline' *.maytech.net fonts.gstatic.com fonts.googleapis.com; script-src 'self' 'unsafe-inline' *.maytech.net fonts.gstatic.com fonts.googleapis.com; img-src 'self' *.maytech.net; report-uri /reporting.php; form-action 'self'; object-src 'self'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' *.netsyms.net *.netsyms.com curbside.computer js.stripe.com 1
default-src 'self' https: http: 'unsafe-inline' 'unsafe-eval' data: blob: 1
default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data: https:;connect-src 'self' https: wss:;frame-src 'self' https:;object-src 'none';script-src 'self' https: 'unsafe-inline';style-src 'self' https: 'unsafe-inline' 1
default-src *.emmi-caffelatte.com *.emmi-kaltbach.com *.emmi.com ssgtm.derscharfemaxx.com ssgtm.kaeserei-studer.ch newsletter.chaesbueb.ch *.gstatic.com fonts.googleapis.com *.google.com *.googleadservices.com content.googleapis.com ajax.googleapis.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.youtube.com youtu.be www.facebook.com connect.facebook.net ct.pinterest.com tr6.snapchat.com export.highcharts.com intocities.com *.pipedrive.email analytics.tiktok.com issuu.com sc-static.net/scevent.min.js tr.snapchat.com forms.office.com emmilangnau.us3.list-manage.com eepurl.com dialog.scoutsss.com business.dialogify.io static.dialogify.io business.scoutsss.com s.pinimg.com *.freizeitplan.net *.eqs.com *.hana.ondemand.com *.equitystory.com siteimproveanalytics.com *.clarity.ms *.prospective.ch *.hotjar.com wss://*.hotjar.com *.typekit.net *.mookie1.com fonts.bunny.net cdn.polyfill.io emmi-chatbot.smack.build js.frubil.info ga-dev-tools.appspot.com player.vimeo.com pano.nautilusstudios.ch charts3.equitystory.com webservices.newsbox.ch live.solique.ch e3.marco.ch embed.eventfrog.ch *.spotify.com spotify.com *.issuu.com *.tiqcdn.com *.tiqcdn.cn *.tealiumiq.com emmi-luzerner-farm-auslastung.vercel.app cdnjs.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; script-src *.emmi-caffelatte.com *.emmi-kaltbach.com www.googletagmanager.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com connect.facebook.net tags.tiqcdn.com siteimproveanalytics.com sc-static.net tr.snapchat.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.bunny.net *.typekit.net 'self' 'unsafe-inline' 'unsafe-eval'; font-src fonts.gstatic.com *.typekit.net fonts.bunny.net data: 'self' 'unsafe-inline' 'unsafe-eval'; frame-src jobs.emmi.com newsletter.chaesbueb.ch www.google.com www.youtube.com 'self' pano.nautilusstudios.ch tr.snapchat.com charts3.equitystory.com export.highcharts.com e.issuu.com embed.eventfrog.ch 'unsafe-inline' 'unsafe-eval'; img-src ssgtm.kaeserei-studer.ch *.google-analytics.com ssl.gstatic.com www.gstatic.com *.google.com *.google.at *.googleadservices.com www.google.ch www.google.de stats.g.doubleclick.net *.doubleclick.net www.facebook.com ct.pinterest.com s3.eu-west-1.amazonaws.com business.scoutsss.com *.eqs.com *.siteimproveanalytics.io emmi-chatbot.smack.build *.mookie1.com *.adnxs.com embed.eventfrog.ch c.clarity.ms data: 'self' 'unsafe-inline' 'unsafe-eval' 1
default-src 'self'; script-src 'self' *.bostonsoftware.com *.singlepointrating.com https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-239db17d86d6320632b024ca9e43ba9c.js https://js.stripe.com/v3/fingerprinted/js/phone-numbers-lib-12ff6fba58e6c35240f70bcada1d1c6d.js https://js.stripe.com/v3 https://ajax.googleapis.com https://www.googletagmanager.com/gtag/js https://www.socialintents.com https://www.google-analytics.com http://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js; img-src 'self' data:; connect-src 'self' https://www.google-analytics.com;; frame-src 'self' *.bostonsoftware.com https://js.stripe.com https://www.socialintents.com; font-src 'self' https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://www.socialintents.com/assets/css/si-include-chat.min.css https://fonts.googleapis.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.intel.com ; style-src 'self' https://*.intel.com 'unsafe-inline'; img-src 'self' https://*.intel.com data: ; font-src 'self' https://*.intel.com data: ; media-src 'self' https://*.intel.com ; object-src 'none'; frame-ancestors 'self' https://*.intel.com ; base-uri 'self'; form-action 'self'; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors 'self' shop.eriks.com *.shop.eriks.com; upgrade-insecure-requests; script-src eriks.com *.eriks.com *.shop.eriks.com *.vimeo.com *.cookiebot.com unpkg.com blueconic.net *.blueconic.net *.marketo.net pages.eriks.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com apeagle.io *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com dqm.crownpeak.com *.twimg.com *.twitter.com twitter.com *.facebook.net *.cobrowser.com *.google.com *.gstatic.com *.hsforms.net *.hsforms.com *.elfsight.com snap.licdn.com static.hotjar.com script.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com ubembed.com *.ubembed.com js.ubembed.com *.js.ubembed.com c.leadlab.click 'self' 'unsafe-eval' 'unsafe-inline'; 1
script-src 'unsafe-inline' 'unsafe-eval' http: https: data: https://*.captrust.com https://www.captrust.com https://*.captrustcommunityfoundation.org https://www.captrustcommunityfoundation.org https://*.google.com https://*.googleapis.com https://*.googleanalytics.com https://*.clickdimensions.com https://*.gstatic.com https://*.stripe.com https://stripe.com http://stripe.com http://*.stripe.com; style-src 'unsafe-inline' http: https: data: https://*.captrust.com https://*.captrustcommunityfoundation.org https://*.googleapis.com https://*.gstatic.com https://*.stripe.com http://*.stripe.com http://stripe.com; img-src http: https: data: https://*.stripe.com www.googletagmanager.com; font-src http: https: data:; object-src 'none'; base-uri * 'self' https://*.stripe.com https://stripe.com http://*.stripe.com http://stripe.com; upgrade-insecure-requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.mail.ru vk.com *.vk.com *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com; object-src 'self' *.gstatic.com; style-src 'self' 'unsafe-inline' *.google.com; img-src * 'self' data:; child-src 'self' vk.com *.vk.com www.youtube.com *.google.com; frame-src 'self' ok.ru vk.com *.vk.com www.youtube.com *.google.com; font-src 'self' data: *.gstatic.com; connect-src 'self' *.mail.ru *.google.com *.gstatic.com *.google-analytics.com www.googletagmanager.com wss://toptracker.ru; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data: ; frame-ancestors 'self' 1
default-src 'none' ; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; script-src 'self' https://leverj.io https://www.leverj.io https://www.google-analytics.com; style-src 'self' ; img-src 'self' https://www.google-analytics.com data: ; font-src 'self' https://fonts.gstatic.com data: ; child-src 'self' https://www.youtube.com ; connect-src https://gluon.leverj.io https://live.leverj.io wss://leverj.io https://leverj.io https://www.google-analytics.com https://www.leverj.io; 1
frame-ancestors 'self' https://*.lexus.com.tr https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
default-src 'self'; base-uri 'self'; block-all-mixed-content; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.panelbear.com/analytics.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/api.js; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net; font-src 'self' data: https://api.ultra.cc https://ultra.cc; form-action 'self' https://api.ultra.cc https://ultra.cc; img-src 'self' data: https://api.ultra.cc https://ultra.cc https://ultraseedbox.com https://docs.usbx.me; media-src 'none'; object-src 'none'; connect-src 'self' data: https://ultra.cc https://*.ultra.cc wss://*.ultra.cc https://networktools.midas.usbx.me wss://networktools.midas.usbx.me https://ultra.theia.usbx.me wss://ultra.theia.usbx.me https://ultraseedbox.com https://api.panelbear.com; style-src 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://stats.fnordserver.eu; style-src 'self' 'unsafe-inline'; img-src 'self' https://strapi.fnordserver.net https://stats.fnordserver.eu; connect-src 'self' https://strapi.fnordserver.net https://stats.fnordserver.eu; frame-ancestors 'none'; 1
frame-ancestors https://www.deutscher-galopp.de/ https://galopponline.de/ https://3forone.com/ https://duesseldorf-galopp.de/ https://www.duesseldorf-galopp.de/ https://muelheim-galopp.de/ https://www.muelheim-galopp.de/ https://*.hoppegarten.com/ https://*.hamburg-galopp.de/ https://*.galopp-hamburg.de/ https://*.krefelder-rennclub.com/ https://*.krefelder-rennclub.de/ https://*.dortmunder-rennverein.de/ https://*.dortmunder-rennclub.com/; 1
frame-ancestors 'self' https://www.aftergolf.net https://aftergolf.net https://geo-online.co.jp; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.hablemosderelojes.com/logs/ https://www.hablemosderelojes.com/sidekiq/ https://www.hablemosderelojes.com/mini-profiler-resources/ https://www.hablemosderelojes.com/assets/ https://www.hablemosderelojes.com/extra-locales/ https://www.hablemosderelojes.com/highlight-js/ https://www.hablemosderelojes.com/javascripts/ https://www.hablemosderelojes.com/plugins/ https://www.hablemosderelojes.com/theme-javascripts/ https://www.hablemosderelojes.com/svg-sprite/ 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' 'sha256-QFlnYO2Ll+rgFRKkUmtyRublBc7KFNsbzF7BzoCqjgA='; worker-src 'self' https://www.hablemosderelojes.com/assets/ https://www.hablemosderelojes.com/javascripts/ https://www.hablemosderelojes.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
frame-ancestors 'self' https://www.freecam.ro 1
frame-ancestors 'self' lastminutes.wijzijnvalkenburg.nl thermae2000.nl; 1
frame-ancestors 'self'; default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src * data: blob: 'unsafe-inline'; font-src https: data: blob: 'unsafe-inline' 1
default-src 'self' * *.doubleclick.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.onetrust.com/ *.facebook.net/ *.facebook.com/  'unsafe-inline' ;  font-src 'self' fonts.gstatic.com/ fonts.googleapis.com/ *.google.com/  *.google.com/ *.facebook.net/ *.facebook.com/  'unsafe-inline' ;  style-src 'self' fonts.googleapis.com/ *.facebook.net/ *.facebook.com/ 'unsafe-inline'; script-src 'self' *.google-analytics.com/ *.googletagmanager.com/ *.google.com/  *.cookielaw.org/ *.cookielaw.org/ *.onetrust.com/ *.facebook.net/ *.facebook.com/ 'unsafe-inline'  'unsafe-eval' ; script-src-elem 'self' *.googleadservices.com/ *.yimg.com/ *.yahoo.com/ *.googletagmanager.com/ *.google-analytics.com/ *.google.com/  *.gstatic.com/  *.cookielaw.org/ *.onetrust.com/ *.facebook.net/ *.facebook.com/ *.addthis.com/ 'unsafe-inline'; img-src 'self'  data: *.yahoo.com/   *.youtube.com/ *.google.com *.google.com.br *.google-analytics.com *.hospitalbrasilia.com.br *.onetrust.com *.facebook.net  *.facebook.com *.hospitalbrasilia.com.br/ 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://rebel.ar; img-src 'self' https: data: blob: https://rebel.ar; style-src 'self' https://rebel.ar 'nonce-elUQeb4CP56ewlalyvZrGg=='; media-src 'self' https: data: https://rebel.ar; frame-src 'self' https:; manifest-src 'self' https://rebel.ar; form-action 'self'; child-src 'self' blob: https://rebel.ar; worker-src 'self' blob: https://rebel.ar; connect-src 'self' data: blob: https://rebel.ar https://rebel.ar wss://rebel.ar; script-src 'self' https://rebel.ar 'wasm-unsafe-eval' 1
script-src 'unsafe-eval' 'unsafe-hashes' *.content.allianzpartnerservices.com https://connect.facebook.net https://www.google.com/recaptcha/api.js https://facebook.com https://cdn.cookielaw.org https://onetrust.com https://maxcdn.bootstrapcdn.com; object-src 'none'; base-uri 'self' 'unsafe-inline'; worker-src 'self'; script-src-elem 'self' 'unsafe-inline' https://content.allianzpartnerservices.com https://maxcdn.bootstrapcdn.com https://s3.amazonaws.com https://cdn.cookielaw.org  https://onetrust.com https://privacyportal.onetrust.com https://connect.facebook.net https://www.gstatic.com https://www.google-analytics.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.googleadservices.com; 1
default-src 'self' data: http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io http://tel.sutech.ac.ir http://amintest.sutech.ac.ir/cv/cvFiles/article-386002-en.html http://sutech.ac.ir https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir http://tel.sutech.ac.ir http://amintest.sutech.ac.ir/cv/cvFiles/article-386002-en.html http://sutech.ac.ir; frame-ancestors 'self' https://trustseal.enamad.ir; 1
frame-ancestors 'self' https://www.kuechen-arena.de; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://kafeneio.social; img-src 'self' https: data: blob: https://kafeneio.social; style-src 'self' https://kafeneio.social 'nonce-MqmjMrCGXbEsTgfRTYkD+g=='; media-src 'self' https: data: https://kafeneio.social; frame-src 'self' https:; manifest-src 'self' https://kafeneio.social; form-action 'self'; child-src 'self' blob: https://kafeneio.social; worker-src 'self' blob: https://kafeneio.social; connect-src 'self' data: blob: https://kafeneio.social https://kafeneio.social wss://kafeneio.social; script-src 'self' https://kafeneio.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://*.spinpug.com https://*.decta.com https://*evoucher*.com *.cashtocode.com app.evoucher.cashtocode.com 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src 'self' data: https: 1
report-uri https://your-domain.report-uri.com/r/d/csp/reportOnly 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://g.recomcdn.com https://www.youtube.com https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://s.ytimg.com https://recom.componentsearchengine.com https://www.snapeda.com https://marketing.recom-power.com https://www.google-analytics.com https://chat.recom-power.com https://static.hotjar.com https://script.hotjar.com https://vars.hotjar.com https://stats.g.doubleclick.net https://tagmanager.google.com https://*.tawk.to https://cdn.jsdelivr.net/emojione/ https://cdn.chatvisor.com https://app.chatvisor.com https://bat.bing.com/bat.js https://koi-3qnugl5dmw.marketingautomation.services; connect-src 'self' https://www.snapeda.com https://snapeda.s3.amazonaws.com https://intense-caverns-31061.herokuapp.com https://shop.recom-power.com/cart/ https://marketing.recom-power.com https://*.tawk.to wss://*.tawk.to https://cdn.chatvisor.com https://app.chatvisor.com https://www.google-analytics.com https://stats.g.doubleclick.net https://ipinfo.io https://consentcdn.cookiebot.com/consentconfig/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; font-src 'self' data: https://g.recomcdn.com https://static-v.tawk.to https://embed.tawk.to/; frame-src 'self' https://www.youtube.com https://player.bilibili.com/player.html https://player.youku.com/embed/ https://recom.componentsearchengine.com https://intense-caverns-31061.herokuapp.com https://marketing.recom-power.com https://chat.recom-power.com https://www.google.com https://player.youku.com https://vars.hotjar.com https://w.soundcloud.com https://www.youtube-nocookie.com https://consentcdn.cookiebot.com/ https://player.bilibili.com/player.html https://3d.snapeda.com https://app-3qnugl5dmw.marketingautomation.services/; img-src 'self' https://g.recomcdn.com data: https://recom.componentsearchengine.com https://www.snapeda.com https://snapeda.s3.amazonaws.com https://intense-caverns-31061.herokuapp.com https://marketing.recom-power.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://static-v.tawk.to https://cdn.jsdelivr.net/emojione/ https://www.digikey.com/ https://embed.tawk.to/; style-src 'self' 'unsafe-inline' https://g.recomcdn.com https://marketing.recom-power.com https://tagmanager.google.com https://cdn.jsdelivr.net/emojione/ https://embed.tawk.to/; media-src 'self' https://g.recomcdn.com https://static-v.tawk.to https://embed.tawk.to/;form-action 'self' 'unsafe-inline' https://news.recom-power.com https://marketing.recom-power.com; object-src 'self' https://g.recomcdn.com ; manifest-src 'self' ; base-uri 'none'; frame-ancestors 'self' ; block-all-mixed-content; 1
default-src 'none'; script-src 'self' 'wasm-unsafe-eval' cdn.jsdelivr.net blob: 'unsafe-eval'; manifest-src 'self'; frame-ancestors 'none'; worker-src 'self' cdn.jsdelivr.net blob:; connect-src 'self'; base-uri 'self'; form-action 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; style-src * 'unsafe-inline'; 1
default-src 'self'; script-src 'report-sample' 'self' https://assets.app.smart-tribune.com https://audience-sites.din.developpement-durable.gouv.fr https://polyfill.io https://msvcdsiqzkcom.matomo.cloud 'unsafe-eval' 'unsafe-inline'; style-src 'report-sample' 'self' https://assets.app.smart-tribune.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://static.piste.gouv.fr 'unsafe-inline'; object-src 'none'; connect-src 'self' https://api-gateway.app.smart-tribune.com; font-src 'self' data: https://assets.app.smart-tribune.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src 'self' https://www.bison-fute.gouv.fr https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: https://audience-sites.din.developpement-durable.gouv.fr https://static.piste.gouv.fr https://stv2-uploads-prod.s3.eu-west-3.amazonaws.com https://uploads.app.smart-tribune.com; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-gOmNddjv16ComAcW20AwrcG0d' 'strict-dynamic'; frame-ancestors 'self'; manifest-src 'self' 1
child-src 'self' *.whatchado.com *.youtube.com *.youtube-nocookie.com *.w24.at *.google.com; default-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com; img-src 'self' *.ytimg.com blob: data: ; media-src 'self' *.lfrz.gv.at; script-src 'self' 'unsafe-inline' *.youtube.com *.youtube-nocookie.com; style-src 'self' 'unsafe-inline' *.youtube.com *.youtube-nocookie.com *.google.com; 1
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://myconnect.bhhsneproperties.com https://myconnect.bhhswestchester.com; 1
frame-ancestors 'self' *.iconsumer.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://bat.bing.com https://snap.licdn.com https://static.ads-twitter.com https://connect.facebook.net https://*.clarity.ms https://static.hotjar.com https://script.hotjar.com https://cdnjs.cloudflare.com/ajax/libs/prism/ https://cdn.ampproject.org https://*.youtube.com/ https://000-pixelplex.pixelplexlabs.com https://widget.clutch.co/static/js/widget.js https://www.gstatic.com/call-tracking/call-tracking_7.js https://www.gstatic.com/wcm/loader.js https://a.quora.com/qevents.js; style-src 'self' 'unsafe-inline'; object-src 'self'; font-src 'self' data:; frame-ancestors 'self' 1
frame-ancestors 'self' everlineshop.com *.everlineshop.com 1
default-src 'self' *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu www.googletagmanager.com *.azureedge.net *.dynamics.com maps.gstatic.com webmessaging.mypurecloud.de *.mypurecloud.de fonts.gstatic.com js-agent.newrelic.com  maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; connect-src 'self' *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu www.googletagmanager.com *.azureedge.net *.mypurecloud.de *.dynamics.com maps.gstatic.com fonts.gstatic.com maps.googleapis.com *.nr-data.net shyrka-prod-euc1.s3.eu-central-1.amazonaws.com *.newrelic.com *.euc1.pure.cloud *.google-analytics.com wss://*.mypurecloud.de wss://*.euc1.pure.cloud; child-src 'self' *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu www.googletagmanager.com *.azureedge.net *.dynamics.com maps.gstatic.com webmessaging.mypurecloud.de *.mypurecloud.de *.euc1.pure.cloud fonts.gstatic.com js-agent.newrelic.com  maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; style-src 'unsafe-inline' 'self' *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu www.googletagmanager.com *.azureedge.net maps.gstatic.com apps.mypurecloud.de fonts.googleapis.com fonts.gstatic.com js-agent.newrelic.com  maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; media-src 'self' *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu www.googletagmanager.com *.azureedge.net maps.gstatic.com *.pure.cloud *.mypurecloud.de fonts.gstatic.com js-agent.newrelic.com  maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; frame-src 'self' *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu www.googletagmanager.com tools.interconnector.de youtube.com www.youtube.com *.azureedge.net *.dynamics.com maps.gstatic.com apps.mypurecloud.de fonts.gstatic.com js-agent.newrelic.com  maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; font-src 'self' data: *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu www.googletagmanager.com *.azureedge.net maps.gstatic.com apps.mypurecloud.de fonts.gstatic.com js-agent.newrelic.com  maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' *.solar-log.com solar.g-group.eu connect.facebook.net snap.licdn.com *.office.com *.usercentrics.eu www.googletagmanager.com *.azureedge.net maps.gstatic.com *.mypurecloud.de *.nr-data.net fonts.gstatic.com js-agent.newrelic.com *.newrelic.com *.euc1.pure.cloud maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; script-src-elem 'unsafe-inline' 'self' 'unsafe-eval' 'unsafe-hashes' *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu connect.facebook.net snap.licdn.com www.googletagmanager.com *.azureedge.net maps.gstatic.com apps.mypurecloud.de fonts.gstatic.com js-agent.newrelic.com  maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; script-src-attr 'self' 'unsafe-inline' *.solar-log.com solar.g-group.eu *.office.com *.usercentrics.eu www.googletagmanager.com *.azureedge.net maps.gstatic.com apps.mypurecloud.de connect.facebook.net snap.licdn.com fonts.gstatic.com js-agent.newrelic.com  maps.googleapis.com js-agent.newrelic.com svrdntfctn.com *.google-analytics.com; object-src 'self' kontakt.solar-log.com solar.g-group.eu forms.office.com maps.googleapis.com www.googletagmanager.com *.mypurecloud.de *.euc1.pure.cloud *.azureedge.net; img-src 'self' data: https:; 1
default-src 'self'; connect-src https://*.adform.net https://*.adsafety.net https://*.analytics.google.com https://*.clarity.ms https://*.contentexchange.me https://*.demdex.net https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.google-analytics.com https://*.googletagmanager.com https://*.hotjar.com https://*.mathtag.com https://*.oniad.com https://*.seadform.net https://*.smartadserver.com https://*.t.eloqua.com https://*.tapad.com https://*.tawk.to https://api.feefo.com https://api-v2.tidio.co https://cdn.linkedin.oribi.io https://cdn-ukwest.onetrust.com https://collect.feefo.com https://content.hotjar.io https://cookies.ricoh-europe.com https://east.srv.stackadapt.com https://eu.srv.stackadapt.com https://events.hotjar.io https://geolocation.onetrust.com https://idx.liadm.com https://ldynamicspublicapi.leadforensics.com https://maps.googleapis.com https://privacyportal-uk.onetrust.com https://px.ads.linkedin.com https://qvdt3feo.com https://rodp.ricoh.at https://rodp.ricoh.be https://rodp.ricoh.ch https://rodp.ricoh.co.uk https://rodp.ricoh.co.za https://rodp.ricoh.com.tr https://rodp.ricoh.cz https://rodp.ricoh.de https://rodp.ricoh.dk https://rodp.ricoh.es https://rodp.ricoh.fi https://rodp.ricoh.fr https://rodp.ricoh.hu https://rodp.ricoh.ie https://rodp.ricoh.it https://rodp.ricoh.lu https://rodp.ricoh.nl https://rodp.ricoh.no https://rodp.ricoh.pl https://rodp.ricoh.pt https://rodp.ricoh.se https://rodp.ricoh.sk https://rodp.ricoh-europe.com https://rs.fullstory.com https://sentry-new.tidio.co https://srv.stackadapt.com https://surveystats.hotjar.io https://tags.srv.stackadapt.com https://uw.srv.stackadapt.com https://vc.hotjar.io https://www.googleadservices.com https://www.google-analytics.com 'self' wss://*.hotjar.com wss://*.tawk.to wss://socket.tidio.co; font-src data: https://*.tawk.to https://cookies.ricoh-europe.com https://fast.fonts.net https://fonts.gstatic.com https://resources.ricoh-europe.com https://script.hotjar.com https://use.fontawesome.com 'self'; frame-src https://*.adform.net https://*.dev.amelia.com https://*.fls.doubleclick.net https://*.ricoh-europe.com https://*.risenet.eu https://*.t.eloqua.com https://*.tawk.to https://app.livestorm.co https://bid.g.doubleclick.net https://cdn.jst.ai https://cdn.justuno.com https://discover.ricoh.co.uk https://download.ricoh-europe.com https://embed.ricohtours.com https://gestiondocumentaire.ricoh.fr https://open.spotify.com https://productquery.ricoh-europe.com https://recaptcha.google.com https://ricoh.turtl.co https://ricoh-docuware-calculator.tbtmarketing.com https://ricoh-warranty.convar.com https://s.pointerpro.com https://supportrequest.ricoh.ch https://vars.hotjar.com https://view.ceros.com https://webforms.ricoh.de https://www.google.com https://www.googletagmanager.com https://www.youtube.com https://www.youtube-nocookie.com; img-src data: https://*.ads.linkedin.com https://*.analytics.google.com https://*.clarity.ms https://*.en25.com https://*.fls.doubleclick.net https://*.g.doubleclick.net https://*.google.ad https://*.google.ae https://*.google.al https://*.google.am https://*.google.as https://*.google.at https://*.google.az https://*.google.ba https://*.google.be https://*.google.bf https://*.google.bg https://*.google.bi https://*.google.bj https://*.google.bs https://*.google.bt https://*.google.by https://*.google.ca https://*.google.cat https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.co.ao https://*.google.co.bw https://*.google.co.ck https://*.google.co.cr https://*.google.co.id https://*.google.co.il https://*.google.co.in https://*.google.co.jp https://*.google.co.ke https://*.google.co.kr https://*.google.co.ls https://*.google.co.ma https://*.google.co.mz https://*.google.co.nz https://*.google.co.th https://*.google.co.tz https://*.google.co.ug https://*.google.co.uk https://*.google.co.uz https://*.google.co.ve https://*.google.co.vi https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.com https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.com.ar https://*.google.com.au https://*.google.com.bd https://*.google.com.bh https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.com.bz https://*.google.com.co https://*.google.com.cu https://*.google.com.cy https://*.google.com.do https://*.google.com.ec https://*.google.com.eg https://*.google.com.et https://*.google.com.fj https://*.google.com.gh https://*.google.com.gi https://*.google.com.gt https://*.google.com.hk https://*.google.com.jm https://*.google.com.kh https://*.google.com.kw https://*.google.com.lb https://*.google.com.ly https://*.google.com.mm https://*.google.com.mt https://*.google.com.mx https://*.google.com.my https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.com.np https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.com.pr https://*.google.com.py https://*.google.com.qa https://*.google.com.sa https://*.google.com.sb https://*.google.com.sg https://*.google.com.sl https://*.google.com.sv https://*.google.com.tj https://*.google.com.tr https://*.google.com.tw https://*.google.com.ua https://*.google.com.uy https://*.google.com.vc https://*.google.com.vn https://*.google.cv https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.dz https://*.google.ee https://*.google.es https://*.google.fi https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.gy https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.ie https://*.google.im https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.jo https://*.google.kg https://*.google.ki https://*.google.kz https://*.google.la https://*.google.li https://*.google.lk https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.mn https://*.google.ms https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.ne https://*.google.nl https://*.google.no https://*.google.nr https://*.google.nu https://*.google.pl https://*.google.pn https://*.google.ps https://*.google.pt https://*.google.ro https://*.google.rs https://*.google.ru https://*.google.rw https://*.google.sc https://*.google.se https://*.google.sh https://*.google.si https://*.google.sk https://*.google.sm https://*.google.sn https://*.google.so https://*.google.sr https://*.google.st https://*.google.td https://*.google.tg https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.tt https://*.google.vg https://*.google.vu https://*.google.ws https://*.google-analytics.com https://*.googletagmanager.com https://*.t.eloqua.com https://*.tawk.to https://ad.doubleclick.net https://ade.googlesyndication.com https://api.swiftype.com https://assets.ricoh-europe.com https://assets.turtl.co https://cdn-ukwest.onetrust.com https://east.srv.stackadapt.com https://eu.srv.stackadapt.com https://googleads.g.doubleclick.net https://i.ytimg.com https://id.rlcdn.com https://images.response.ricoh-europe.com https://img.youtube.com https://maps.googleapis.com https://maps.gstatic.com https://match.prod.bidr.io https://qvdt3feo.com https://resources.ricoh-europe.com https://script.hotjar.com https://secure.leadforensics.com https://segments.company-target.com https://service.maxymiser.net https://srv.stackadapt.com https://ssl.gstatic.com https://static.hotjar.com https://tags.srv.stackadapt.com https://tawk.link https://twemoji.maxcdn.com https://uw.srv.stackadapt.com https://www.facebook.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.linkedin.com 'self'; media-src https://widget-v4.tidiochat.com 'self'; script-src https://*.adform.net https://*.adsafety.net https://*.clarity.ms https://*.contentexchange.me https://*.demdex.net https://*.en25.com https://*.googletagmanager.com https://*.mathtag.com https://*.oniad.com https://*.seadform.net https://*.smartadserver.com https://*.t.eloqua.com https://*.tapad.com https://*.tawk.to https://ajax.googleapis.com https://aly.jst.ai https://aly.justuno.com https://api.feefo.com https://api.swiftype.com https://app-static.turtl.co https://c.bing.com https://cdn.jsdelivr.net https://cdn.jst.ai https://cdn.justuno.com https://cdn.mouseflow.com https://code.jquery.com https://code.tidio.co https://connect.facebook.net https://east.srv.stackadapt.com https://edge.fullstory.com https://eu.srv.stackadapt.com https://fullstory.com https://googleads.g.doubleclick.net https://ldynamicspublicapi.leadforensics.com https://lq3-production01.s3.amazonaws.com https://maps.googleapis.com https://my.jst.ai https://my.justuno.com https://register.feefo.com https://resources.ricoh-europe.com https://rodp.ricoh.at https://rodp.ricoh.be https://rodp.ricoh.ch https://rodp.ricoh.co.uk https://rodp.ricoh.co.za https://rodp.ricoh.com.tr https://rodp.ricoh.cz https://rodp.ricoh.de https://rodp.ricoh.dk https://rodp.ricoh.es https://rodp.ricoh.fi https://rodp.ricoh.fr https://rodp.ricoh.hu https://rodp.ricoh.ie https://rodp.ricoh.it https://rodp.ricoh.lu https://rodp.ricoh.nl https://rodp.ricoh.no https://rodp.ricoh.pl https://rodp.ricoh.pt https://rodp.ricoh.se https://rodp.ricoh.sk https://rodp.ricoh-europe.com https://s.ytimg.com https://script.hotjar.com https://secure.data-creativecompany.com https://secure.leadforensics.com https://service.maxymiser.net https://snap.licdn.com https://srv.stackadapt.com https://ssl.google-analytics.com https://static.hotjar.com https://tag.demandbase.com https://tagmanager.google.com https://tags.srv.stackadapt.com https://unpkg.com https://use.fontawesome.com https://uw.srv.stackadapt.com https://view.ceros.com https://webeo-web-content.s3-eu-west-1.amazonaws.com https://widget-v4.tidiochat.com https://www.fullstory.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com 'nonce-hm5ytwJe+OvDXeayZq20efUvrIrRlkRXc5V8lQJdm9JbvTM0fvGpkqDkAlxS6V5XnjLHnUq7AGiyLkfXZWSmdQ=='; style-src https://*.en25.com https://*.tawk.to https://app-static.turtl.co https://cdn.jsdelivr.net https://cookies.ricoh-europe.com https://east.srv.stackadapt.com https://eu.srv.stackadapt.com https://fast.fonts.net https://fonts.googleapis.com https://images.response.ricoh-europe.com https://qvdt3feo.com https://resources.ricoh-europe.com https://script.hotjar.com https://srv.stackadapt.com https://static.hotjar.com https://tagmanager.google.com https://tags.srv.stackadapt.com https://unpkg.com https://use.fontawesome.com https://uw.srv.stackadapt.com 'nonce-hm5ytwJe+OvDXeayZq20efUvrIrRlkRXc5V8lQJdm9JbvTM0fvGpkqDkAlxS6V5XnjLHnUq7AGiyLkfXZWSmdQ==' 'self' 'sha256-biLFinpqYMtWHmXfkA1BPeCY0/fNt46SAZ+BBk5YUog=' 'sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw=' 'sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE=' 'sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0=' 'sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk=' 'unsafe-hashes'; report-uri https://ricoh.report-uri.com/r/t/csp/enforce; report-to default; 1
font-src *.gstatic.com data: 'self' data: *.doubleclick.net *.facebook.com https://geowidget.easypack24.net *.thulium.com/ *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.google.com *.google.com *.doubleclick.net *.facebook.com https://geowidget-app.inpost.pl/ secure.payu.com merch-prod.snd.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.thulium.com/ *.hotjar.com/ *.hotjar.io/ *.payu.com/ *.youtube.com/ *.go2cloud.org/ *.clarity.ms *.consentmanager.net https://c.seznam.cz/ https://app.cux.io https://pudofinder.dpd.com.pl *.klarna.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.gstatic.com *.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org static.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.google.pl *.google.de *.paynow.pl https://jannowak.com/ https://diablochairs.com/ https://sofandi.store/ https://domator24.com/ *.trackjs.com *.bing.com *.clarity.ms *.thulium.com/ https://integrations.etrusted.com/ *.consentmanager.net https://c.seznam.cz/ *.klarna.com *.klarnaevt.com *.klarnacdn.net https://widgets.trustedshops.com https://widgets-qa.trustedshops.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://geowidget.easypack24.net *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com secure.snd.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ *.hotjar.com/ *.hotjar.io/ *.thulium.com/ https://orbitvu.co/ *.orbitvu.co/ *.gopay.com/ *.payu.com/ https://geowidget.easypack24.net/ https://jannowak.com https://jannowak.pre.aur.ac https://diablochairs.com https://diablo.pre.aur.ac https://domator24.com https://domator-com.pre.aur.ac https://sofandi.store https://sofandi.pre.aur.ac https://pixel.biano.hu/ https://hu.bianopixel.com/ https://analytics.tiktok.com/ https://cdn.trackjs.com/ *.go2cloud.org/ *.trackjs.com https://bat.bing.com/ *.clarity.ms *.consentmanager.net https://c.seznam.cz/ https://dc.cux.io https://my.diablochairs.com https://an.gr-wcon.com/ *.klarna.com *.klarnacdn.net *.klarnaservices.com *.avada.io https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com https://geowidget.easypack24.net https://geowidget.inpost.pl https://integrations.etrusted.com/ *.klarnacdn.net *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://geowidget.easypack24.net *.thulium.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.google-analytics.com *.facebook.com *.facebook.net *.easypack24.net *.inpost.pl *.openstreetmap.org secure.payu.com merch-prod.snd.payu.com *.gr-cdn.com/ *.getresponse.com/ *.diablochairs.com/ wss://*.thulium.com/ *.thulium.com/ *.hotjar.com/ *.hotjar.io/ *.doubleclick.net/ *.orbitvu.cloud/ *.gopay.com/ wss://*.hotjar.com/ *.payu.com/ *.googlesyndication.com/ https://p.biano.hu/ https://hu.bianopixel.com/ https://analytics.tiktok.com/ https://cdn.trackjs.com/ *.go2cloud.org/ https://www.googletagmanager.com/ *.google.com/ https://google.com/ccm/ https://google.com/pagead/ *.google.pl *.google.de *.trackjs.com *.clarity.ms https://bat.bing.com/ https://integrations.etrusted.com/ *.consentmanager.net https://c.seznam.cz/ wss://n-40918785-0-40392500-1708081317-65cf40a5629dd.track.cux.io wss://o-40918785-0-40392500-1708081317-65cf40a5629dd.track.cux.io *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://get.geojs.io *.avada.io t.elasticsuite.io *.trustedshops.com *.etrusted.com https://integrations.etrusted.site 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src https://widget.writesonic.com/CDN/botsonic.min.js https://*.googletagmanager.com https://assets.cello.so https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.firebaseio.com https://js.stripe.com https://js.hsforms.net https://js.hsforms.com https://forms.hsforms.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.net http://js.hs-scripts.com https://www.google-analytics.com https://www.google.com http://www.googletagmanager.com https://www.gstatic.com https://www.googleadservices.com https://ajax.googleapis.com https://*.doubleclick.net https://*.getbeamer.com https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'unsafe-eval' 'self'; script-src-elem https://widget.writesonic.com/CDN/botsonic.min.js https://*.googletagmanager.com https://assets.cello.so https://snap.licdn.com/li.lms-analytics/insight.min.js https://*.firebaseio.com https://js.hsforms.net https://js.hsforms.com https://forms.hsforms.com https://js.hs-scripts.com https://www.google-analytics.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hs-analytics.net https://js.hs-scripts.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.googleadservices.com https://ajax.googleapis.com https://*.doubleclick.net https://*.getbeamer.com https://js.stripe.com https://*.clarity.ms https://c.bing.com 'unsafe-inline' 'unsafe-eval' 'self'; img-src https://*.google-analytics.com https://*.googletagmanager.com https://* blob: data: 'self'; child-src 'none'; frame-ancestors chrome-extension://eimcibccahnifekbdhahgehjockhmocg chrome-extension://dheionainndbbpoacpnopgmnihkcmnkl https://gmelius.com https://mail.google.com 'self'; frame-src https://d2nnr6irhfmb65.cloudfront.net/ https://storage.googleapis.com https://docs.google.com https://bid.g.doubleclick.net https://*.firebaseio.com https://forms.hsforms.com/ https://www.loom.com https://*.typeform.com/ https://www.youtube-nocookie.com/ https://app.getbeamer.com https://news.gmelius.com https://app.hubspot.com/ https://forms.hsforms.com/ https://www.youtube-nocookie.com/ https://help.gmelius.com/ https://push.getbeamer.com/ https://js.stripe.com/ https://track.hubspot.com https://www.google.com https://*.typeform.com/ https://www.loom.com; style-src https://fonts.googleapis.com https://app.getbeamer.com 'unsafe-inline' 'self'; font-src https://fonts.gstatic.com 'self'; connect-src https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://share.cello.so https://backend.getbeamer.com https://api.gmelius.com https://api-staging.gmelius.com https://www.googleapis.com https://*.google-analytics.com https://forms.hsforms.com/ https://securetoken.googleapis.com https://*.doubleclick.net https://api.hubapi.com wss://*.firebaseio.com https://gml.email https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://storage.googleapis.com/ https://*.clarity.ms https://c.bing.com https://identitytoolkit.googleapis.com; worker-src 'self'; 1
upgrade-insecure-requests; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com cdn.cookielaw.org pghub.io; media-src 'self'; font-src 'self' data:; frame-ancestors 'self'; object-src 'none'; frame-src 'self' consumersupport.pg.com feed.pghub.io; img-src 'self' data: images.ctfassets.net pixel.tapad.com cdn.cookielaw.org; connect-src 'self' *.contentful.com cdn.cookielaw.org *.google-analytics.com; default-src 'none'; base-uri 'none'; form-action 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis-moto.fr;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis-moto.fr;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
child-src  www.paypalobjects.com; connect-src 'self' 'report-sample' s3.amazonaws.com/cv3.customfiles serrv.commercev3.com *.listrakbi.com *.listrak.com www.google-analytics.com ssl.google-analytics.com ui.powerreviews.com stats.g.doubleclick.net analytics.google.com bat.bing.com www.paypal.com *.smartystreets.com ct.pinterest.com/user/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.facebook.com *.klaviyo.com cdn.acsbapp.com manage.kmail-lists.com api.livechatinc.com *.google.com www.googletagmanager.com *.acsbapp.com cdn.commercev3.net/cdn.serrv.org; default-src 'self' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-eval' ajax.googleapis.com analytics.google.com bat.bing.com c.bing.com code.jquery.com connect.facebook.net fonts.googleapis.com fonts.gstatic.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.bootstrapcdn.com fonts.gstatic.com   use.fontawesome.com; font-src 'self' serrv.commercev3.com s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com use.typekit.net cdn.rawgit.com cdn.jsdelivr.net acsbapp.com cdn.livechatinc.com; form-action 'self' www.facebook.com www.paypal.com checkout.sezzle.com; frame-src 'self' *.doubleclick.net www.paypalobjects.com www.paypal.com www.facebook.com www.pinterest.com www.google.com secure.livechatinc.com www.youtube.com platform.twitter.com www.googletagmanager.com ct.pinterest.com; frame-ancestors 'self' ; img-src 'self' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org ssl.google-analytics.com www.google.com/pagead/1p-user-list/ www.google.com/ads/ga-audiences ct.pinterest.com/v3/ s3.amazonaws.com *.doubleclick.net bat.bing.com c.bing.com t.paypal.com www.facebook.com www.google-analytics.com www.googletagmanager.com *.listrakbi.com www.trustlogo.com data: code.jquery.com/ui/ *.google-analytics.com *.analytics.google.com *.clarity.ms www.paypal.com www.paypalobjects.com servedby.ipromote.com/ad/ log.pinterest.com www.serrv.org  *.adnxs.com *.twitter.com *.gstatic.com *.acsbapp.com cdn.commercev3.net/cdn.serrv.org cdnjs.cloudflare.com; script-src 'self' 'report-sample' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.acsbapp.com assets.pinterest.com acsbapp.com secure.trust-provider.com api.livechatinc.com *.twimg.com *.twitter.com tpc.googlesyndication.com cdn.jsdelivr.net/npm/popper.js@1.16.1/ cdn.jsdelivr.net/npm/intersection-observer@0.7.0/ cdn.jsdelivr.net/npm/vanilla-lazyload@12.5.0/; script-src-elem 'self' 'report-sample' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-inline' 'unsafe-eval' ssl.google-analytics.com ui.powerreviews.com bat.bing.com code.jquery.com connect.facebook.net *.bootstrapcdn.com www.google-analytics.com www.googletagmanager.com www.paypal.com www.paypalobjects.com *.listrakbi.com *.smartystreets.com api.livechatinc.com cdn.livechatinc.com ajax.googleapis.com googleads.g.doubleclick.net www.gstatic.com www.trustlogo.com www.googleadservices.com d79i1fxsrar4t.cloudfront.net/jquery.liveaddress/ s.pinimg.com/ct/ www.google.com www.clarity.ms static.klaviyo.com static-tracking.klaviyo.com *.acsbapp.com assets.pinterest.com acsbapp.com secure.trust-provider.com api.livechatinc.com *.twimg.com *.twitter.com tpc.googlesyndication.com cdn.jsdelivr.net/npm/popper.js@1.16.1/ cdn.jsdelivr.net/npm/intersection-observer@0.7.0/ cdn.jsdelivr.net/npm/vanilla-lazyload@12.5.0/; style-src 'self' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net use.typekit.net p.typekit.net cdn.rawgit.com cdn.jsdelivr.net cdn.jsdelivr.net/npm/bootstrap@4.5.3/ *.klaviyo.com; style-src-elem 'self' s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org 'unsafe-inline' 'unsafe-eval' ui.powerreviews.com use.fontawesome.com code.jquery.com fonts.googleapis.com *.bootstrapcdn.com cdn.listrakbi.com/css/ hello.myfonts.net use.typekit.net p.typekit.net cdn.rawgit.com cdn.jsdelivr.net cdn.jsdelivr.net/npm/bootstrap@4.5.3/ *.klaviyo.com; style-src-attr  'unsafe-inline'; media-src 'self' serrv.commercev3.com s3.amazonaws.com/cdn.serrv.org/ cdn.commercev3.net/cdn.serrv.org/ cdn.serrv.org www.bing.com; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-zrJk3cV+GGhH6LQY3IB9w755Jfj/iU+iC0BWkB3/06gn/CjH' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src* 1
frame-ancestors https://admin.beatportal.com; 1
connect-src 'self' https://ingsed.ru/api/v1/orders/api/;style-src 'unsafe-inline' 'self';script-src 'unsafe-inline' 'unsafe-eval' 'self';img-src 'self' data: blob: https://dsp.ingsed.ru/;font-src 'self' data:;default-src 'self';media-src 'self' data: blob:; 1
default-src 'self'  'unsafe-inline'  cdn.iubenda.com fonts.gstatic.com secure.gravatar.com https://cdn.iubenda.com maps.googleapis.com www.google-analytics.com hits-i.iubenda.com  region1.analytics.google.com www.digicatapult.org.uk analytics.google.com stats.g.doubleclick.net *.google.com region1.google-analytics.com *.youtube.com *.hotjar.io  *.hotjar.com wss://ws.hotjar.com www.google.co.uk digitalcatapult.my.salesforce-sites.com *.doubleclick.net; font-src data: fonts.gstatic.com www.digicatapult.org.uk; img-src 'self' data: secure.gravatar.com  dev-digital-catapult.pantheonsite.io maps.gstatic.com maps.googleapis.com www.google.co.uk  i.ytimg.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' secure.gravatar.com cdn.iubenda.com www.googletagmanager.com maps.googleapis.com www.digicatapult.org.uk maps.googleapis.com static.hotjar.com *.hotjar.com *.google-analytics.com  *.googleapis.com cs.iubenda.com *.google.com *.gstatic.com s3.amazonaws.com digicatapult.us18.list-manage.com www.workable.com *.workable.com *.cloudfront.net *.cloudflare.com cdn.iubenda.com; script-src-elem 'unsafe-inline' secure.gravatar.com cdn.iubenda.com www.googletagmanager.com maps.googleapis.com www.digicatapult.org.uk maps.googleapis.com static.hotjar.com *.hotjar.com *.google-analytics.com  *.googleapis.com cs.iubenda.com *.google.com *.gstatic.com s3.amazonaws.com digicatapult.us18.list-manage.com www.workable.com *.workable.com *.cloudfront.net *.cloudflare.com cdn.iubenda.com; style-src 'self' 'unsafe-inline' *.googleapis.com; style-src-elem 'unsafe-inline' static.hotjar.com www.googletagmanager.com www.digicatapult.org.uk fonts.googleapis.com cdn-images.mailchimp.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: blob: https://*; font-src 'self' https://*.intercomcdn.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://*.nordan.tech https://*.pusher.com https://*.pusherapp.com wss://*.pusher.com wss://*.pusherapp.com https://sentry.io https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomcdn.eu https://*.intercomusercontent.com https://*.loom.com; media-src 'self' data: blob: https://js.intercomcdn.com; object-src 'none'; child-src 'self' https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; frame-src 'self' https://*.nordan.tech https://view.officeapps.live.com https://intercom-sheets.com https://*.loom.com; worker-src 'self' blob:; form-action 'self' https://intercom.help https://*.intercom.io https://www.userfeed.io; report-uri https://o142630.ingest.sentry.io/api/1237888/security/?sentry_key=483fe2c079a94ae99d457687c4af4d36&sentry_environment=production 1
frame-ancestors 'self' https://app.socialscreen.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastouille.fr; img-src 'self' https: data: blob: https://mastouille.fr; style-src 'self' https://mastouille.fr 'nonce-NhyEXk0w3O5d7aCGZN84AQ=='; media-src 'self' https: data: https://mastouille.fr; frame-src 'self' https:; manifest-src 'self' https://mastouille.fr; form-action 'self'; child-src 'self' blob: https://mastouille.fr; worker-src 'self' blob: https://mastouille.fr; connect-src 'self' data: blob: https://mastouille.fr https://mastouille.fr wss://mastouille.fr; script-src 'self' https://mastouille.fr 'wasm-unsafe-eval' 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-YzkpL9871MwVv6eFDoFuMw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'none'; script-src 'self' 'unsafe-inline' https://static.cloudflareinsights.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline'; img-src 'self'; frame-ancestors 'none'; connect-src 'self' https://cloudflareinsights.com; 1
font-src *.fontawesome.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.bootstrapcdn.com https://*.hotjar.com https://static.klaviyo.com https://surveys-static.survicate.com 'self' data: *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.twitter.com *.facebook.com https://cosmetis.pt https://cosmetis.com.br 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.google.com https://www.googletagmanager.com/ *.meetanshi.com *.twitter.com https://www.google.com https://www.google.co.in https://www.facebook.com js.stripe.com m.stripe.com x.klarnacdn.net klarna.com *.weltpixel.com vars.hotjar.com https://api.ebanxpay.com *.doubleclick.net *.stripe.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ www.googletagmanager.com *.meetanshi.com https://www.cosmetis.pt *.mcusercontent.com *.cloudflare.com *.gstatic.com *.google.com *.google.pt *.google.es *.google.co.in https://www.facebook.com *.klarna.com *.googleadservices.com *.google-analytics.com *.paypal.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.connect.facebook.net https://stats.g.doubleclick.net *.youtube.com https://d.adroll.com https://pixel.advertising.com https://pixel.rubiconproject.com https://simage2.pubmatic.com https://dsum-sec.casalemedia.com https://ads.yahoo.com https://eb2.3lift.com https://sync.outbrain.com https://trc.taboola.com https://x.bidswitch.net/sync https://ib.adnxs.com https://idsync.rlcdn.com https://us-u.openx.net https://ups.analytics.yahoo.com https://segments.company-target.com https://sync.tidaltv.com *.tradetracker.net *.pampanetwork.com *.mailchimp.com *.cloudfront.net ifthenpay.com https://*.clarity.ms https://c.bing.com https://*.hotjar.com https://content.mercadopago.com https://cosmetis.boost.propelbon.com https://static.zdassets.com http://action.metaffiliation.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com apis.google.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.meetanshi.com *.cloudflare.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com https://connect.facebook.net *.paypalobjects.com *.paypal.com https://chimpstatic.com https://www.googletagmanager.com *.youtube.com https://s.adroll.com https://d.adroll.com https://d.adroll.mgr.consensu.org *.bootstrapcdn.com tagmanager.google.com https://*.hotjar.com 'unsafe-inline' *.zdassets.com *.zendesk.com *.mailchimp.com mc.us6.list-manage.com *.newrelic.com *.nr-data.net *.doubleclick.net *.activehosted.com *.cloudfront.net wss://*.zopim.com wss://*.wizzy.ai *.app-us1.com trackcmp.net js.ebanx.com https://cdn.ebanx.com https://content.mercadopago.com x.cnt.my *.x.cnt.my citydsp.com https://*.clarity.ms https://www.googleoptimize.com https://survey.survicate.com https://surveys-static.survicate.com https://googleads.g.doubleclick.net https://*.cookie-script.com https://api6.ipify.org https://zuc.cosmetis.pt https://tdj.cosmetis.com.br *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com https://static.klaviyo.com *.fontawesome.com *.cloudflare.com *.googleapis.com *.twitter.com *.google.com *.google.co.in *.facebook.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com *.bootstrapcdn.com *.zendesk.com *.mailchimp.com https://www.googletagmanager.com https://*.hotjar.com 'unsafe-inline' https://surveys-static.survicate.com 'self' 'unsafe-inline'; object-src https://content.mercadopago.com 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.meetanshi.com *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.google.com *.google.co.in *.google-analytics.com stats.g.doubleclick.net *.facebook.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com *.zdassets.com *.zendesk.com *.zopim.com wss://*.zopim.com *.nr-data.net wss://*.wizzy.ai https://*.wizzy.ai https://*.clarity.ms https://surveystats.hotjar.io https://content.hotjar.io https://metrics.hotjar.io https://vc.hotjar.io wss://pod-18.zendesk.com *.ebanxpay.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://gtm.cosmetis.pt https://gtm.cosmetis.com.br https://zuc.cosmetis.pt https://tdj.cosmetis.com.br *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'nonce-a1ab547c-b57d-4ae4-948a-52b6fb090d3e' www.googletagmanager.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://tagmanager.google.com https://www.linkedin.com https://platform.twitter.com/ https://www.youtube.com https://prismic.io https://cookie-cdn.cookiepro.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://static.cdn.prismic.io https://geolocation.onetrust.com https://vitals.vercel-insights.com 'sha256-XcxZTIrdL2Z+QnjoqtWcIeAzm/cuioLtkIflc5aq00M=' 'sha256-mjAPvJKRBATPwtDkDe1t+tw2mbmVjgXVfYImJfeAdz8='; font-src 'self' https://fonts.gstatic.com data: https://fonts.googleapis.com; style-src 'self' https://fonts.googleapis.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com 'unsafe-inline'; connect-src 'self' www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://privacyportal.cookiepro.com https://cookie-cdn.cookiepro.com https://www.linkedin.com https://www.onelink-edge.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com https://api.operator.worldcoin.org https://vitals.vercel-insights.com https://geolocation.onetrust.com; img-src 'self' blob: data: www.googletagmanager.com https://tagmanager.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.google-analytics.com https://worldcoin-company-website.cdn.prismic.io https://www.linkedin.com https://media.licdn.com https://i.ytimg.com https://images.prismic.io https://world-id-assets.com https://prismic-io.s3.amazonaws.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com; media-src 'self' blob: data: https://platform.twitter.com/ https://www.linkedin.com https://media.licdn.com https://worldcoin-company-website.cdn.prismic.io https://images.prismic.io https://prismic-io.s3.amazonaws.com https://cookie-cdn.cookiepro.com https://maps.googleapis.com https://data.worldcoin.org https://api.pactsafe.com; frame-src 'self' https://platform.twitter.com/ https://www.youtube.com https://maps.googleapis.com https://worldcoin-company-website.prismic.io https://data.worldcoin.org 1
default-src 'self';         connect-src 'self' https://*.readspeaker.com https://*.klarnaservices.com https://evt-eu.klarnaservices.com https://*.klarna.com https://*.klarnaevt.com https://google.com https://*.google-analytics.com https://stats.g.doubleclick.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;         script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.termsfeed.com https://cdn.jsdelivr.net https://ajax.googleapis.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://www.googletagmanager.com https://*.googletagmanager.com https://www.gstatic.com https://unpkg.com https://vjs.zencdn.net https://*.livechatinc.com https://*.reco.se https://*.readspeaker.com https://*.klarnaservices.com https://*.klarna.com https://www.googleadservices.com https://www.google.com;         frame-src 'self' https://*.readspeaker.com https://*.livechatinc.com https://*.reco.se https://*.klarna.com https://*.klarnaservices.com https://evt-eu.klarnaservices.com https://*.klarna.com https://*.klarnaevt.com;         style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://www.termsfeed.com https://cdn.jsdelivr.net https://www.gstatic.com https://unpkg.com https://vjs.zencdn.net https://use.fontawesome.com https://*.readspeaker.com https://*.klarnacdn.net;         img-src 'self' data: https://*.readspeaker.com https://*.klarnacdn.net https://*.klarnaevt.com https://*.google.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com;         font-src 'self' data: https://*.readspeaker.com https://fonts.gstatic.com https://*.livechatinc.com https://use.fontawesome.com https://*.klarnaservices.com https://*.klarnacdn.net https://*.google.com www.googletagmanager.com; 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.fontawesome.com https://fonts.googleapis.com ; img-src 'self' * data: blob:; font-src 'self' data: https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.fontawesome.com https://cdn.jsdelivr.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.newrelic.com https://www.googletagmanager.com https://www.google-analytics.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://cdn.jsdelivr.net; frame-src 'self' https://www.google.com https://www.youtube.com https://www.instagram.com; connect-src 'self' https://*.nr-data.net https://www.google-analytics.com https://maps.googleapis.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.bkrtx.com *.bluekai.com *.clarity.ms *.doubleclick.net *.efilli.com *.facebook.com *.facebook.net *.google-analytics.com *.google.com *.google.com.tr *.googleapis.com *.googletagmanager.com *.gstatic.com *.hotjar.com *.hotjar.io *.maxcdn.com *.migros.com.tr *.money.com.tr *.moneypay.com.tr moneyclubkart.azureedge.net wss://ws.hotjar.com blob: *.migrosone.com 1
default-src 'self'  https://* wss://*  data:;  img-src * 'self' data: https:; style-src 'self' http://* https://* 'unsafe-inline'; script-src 'self' http://* https://* 'unsafe-inline' 'unsafe-eval';connect-src 'self' http://* https://* wss://live-be.si-applications.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.episerver.net *.googleapis.com *.gstatic.com *.afterpay.com *.facebook.net *.bing.com *.pdst.fm *.zipmoney.com.au *.zip.co https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/entrypoints/consumer/landing-page/zip-lp-script.js https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/resources/amplitude/amplitude-injector.js *.wisepops.com *.cfjump.com *.turn.com *.creativecdn.com *.adairs.com.au *.adairs.co.nz *.hotjar.com  *.jquery.com *.cloudfront.net *.pinimg.com  *.igodigital.com *.inside-graph.com foursixty.com *.paypal.com *.msecnd.net *.googletagmanager.com *.yieldify.com *.google.com *.google-analytics.com *.criteo.net *.criteo.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.igodigital.com *.googletagmanager.com *.inside-graph.com *.zipmoney.com.au foursixty.com; font-src 'self' data: *.typekit.net *.gstatic.com *.zipmoney.com.au  *.yieldify-production.com; img-src 'self' data: *; connect-src 'self' vimeo.com *.yieldify.com *.yieldify-production.com wss://*.yieldify-production.com yieldify.connectorengine.com *.pinterest.com *.google.com *.hotjar.com wss://*.hotjar.com *.hotjar.io wss://*.hotjar.io *.wisepops.com *.google-analytics.com *.googleapis.com maps.googleapis.com *.braintree-api.com  *.braintreegateway.com *.turn.com *.cloudfunctions.net *.amplitude.com *.visualstudio.com *.paypal.com *.zipmoney.com.au *.zip.co https://s3.ap-southeast-2.amazonaws.com/cdn.staging/assets/primary/entrypoints/consumer/landing-page/zip-lp-au.html *.afterpay.com wss://stellar-live.inside-graph.com *.inside-graph.com *.doubleclick.net *.inside-graph.com foursixty.com; frame-src 'self' *.google.com adairsmaintenance.s3.ap-southeast-2.amazonaws.com *.exacttarget.com *.flipsnack.com  *.creativecdn.com *.hotjar.com *.youtube.com *.sfmc-content.com *.criteo.com *.myunidays.com *.criteo.net *.yieldify.com *.braintreegateway.com *.paypal.com *.zipmoney.com.au *.optimizely.com *.vimeo.com *.pinterest.com *.zip.co zip.co; worker-src blob:; 1
default-src 'self' 'unsafe-eval' http: https:  wss: data: blob: 'unsafe-inline' 1
default-src https://*.isidata.net; script-src 'unsafe-eval' 'unsafe-inline' https://*.isidata.net https://consent.cookiebot.com https://code.jquery.com https://*.google-analytics.com https://*.fontawesome.com https://assets.cdn.io.pagopa.it https://stlucadev.z6.web.core.windows.net mailto:; base-uri https://*.isidata.net; object-src 'none'; style-src 'unsafe-inline' https://*.isidata.net https://fonts.googleapis.com https://*.fontawesome.com  https://stlucadev.z6.web.core.windows.net https://assets.cdn.io.pagopa.it; img-src data: https://*.isidata.net data: https://*.google-analytics.com https://stlucadev.z6.web.core.windows.net https://continua.io.pagopa.it https://play.google.com https://tools.applemediaservices.com https://apple-resources.s3.amazonaws.com; media-src https://*.isidata.net; frame-src https://*.s3.amazonaws.com https://*.isidata.net mailto:; frame-ancestors https://*.isidata.net; font-src https://*.isidata.net https://fonts.googleapis.com https://fonts.gstatic.com https://*.fontawesome.com https://stlucadev.z6.web.core.windows.net https://assets.cdn.io.pagopa.it; connect-src 'self' https://*.fontawesome.com; form-action https://*.s3.amazonaws.com https://*.isidata.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.quadia.net/quadia.player.min.js https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.cookielaw.org https://js-agent.newrelic.com/ https://cdn.pricespider.com blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net; frame-ancestors 'self'; img-src 'self' https://assets.msd-animal-health.com https://www.msd-animal-health.com https://cdn.cookielaw.org https://secure.gravatar.com https://www.google-analytics.com/ data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline'; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types default; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.zenaps.com https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.pt https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.pt; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.pt https://m.myprotein.pt https://checkout.myprotein.pt https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.google.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.akamaihd.net https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.pt; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; block-all-mixed-content; connect-src sentry.trexima.sk 'self' https://*.google-analytics.com https://*.google.com https://*.analytics.google.com https://*.cookieyes.com https://cdn-cookieyes.com https://*.googlesyndication.com https://*.doubleclick.net; font-src 'self' fonts.gstatic.com; frame-src 'self' www.google.com https://trexima.ladesk.com https://2-vbus-de.ladesk.com videoservis.tasr.sk www.youtube.com www.facebook.com https://*.doubleclick.net https://*.googlesyndication.com https://*.ladesk.com; img-src 'self' data: *.googleusercontent.com *.worki.sk http.cat http.dog https://*.facebook.com https://*.google.com https://*.google.sk https://*.googletagmanager.com https://*.googlesyndication.com https://*.gstatic.com https://cdn-cookieyes.com https://*.doubleclick.net https://trexima.ladesk.com; manifest-src 'self' https://dev.worki.sk/ https://dev.worki.sk/site.webmanifest https://stage.worki.sk/ https://stage.worki.sk/site.webmanifest https://www.worki.sk/ https://www.worki.sk/site.webmanifest https://*.worki.sk/*; script-src 'self' ajax.googleapis.com code.jquery.com www.google.com https://*.facebook.net https://*.facebook.com 'unsafe-eval' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://*.googleadservices.com https://*.doubleclick.net/ https://cdn-cookieyes.com/ https://*.googlesyndication.com https://trexima.ladesk.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.googletagmanager.com/; report-uri /nelmio/csp/report 1
default-src 'self' blob: 'unsafe-inline'; media-src * blob: data: ; style-src 'self' https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://app.interakt.ai  https://fonts.googleapis.com https://cdn.jsdelivr.net https://code.highcharts.com http://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com 'unsafe-inline'; font-src data: 'self' https://maxcdn.bootstrapcdn.com https://app.interakt.ai  https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net https://code.highcharts.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://translate-pa.googleapis.com https://translate.google.com https://translate.googleapis.com http://cdnjs.cloudflare.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.gstatic.com https://app.interakt.ai  https://www.googletagmanager.com https://www.googleanalytics.com https://code.highcharts.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com https://www.google-analytics.com; connect-src data: 'self' blob: 'unsafe-inline' https://translate-pa.googleapis.com https://translate.googleapis.com https://pagead2.googlesyndication.com https://graph.facebook.com https://www.facebook.com https://www.google.com https://stats.g.doubleclick.net https://app.interakt.ai https://api.interakt.ai https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://code.highcharts.com https://connect.facebook.net; img-src 'self' data: blob: 'unsafe-inline' https://interaktdevweb.z1.web.core.windows.net https://api1.digitalsms.biz:1949 https://translate.googleapis.com https://translate.google.com https://fonts.gstatic.com  https://www.gstatic.com https://api.qrserver.com https://xtratrust.com https://stats.g.doubleclick.net https://www.google.co.in https://www.google.com https://stkiwiwebdev.z23.web.core.windows.net https://app.interakt.ai  https://www.google-analytics.com https://www.googletagmanager.com https://cdn.jsdelivr.net http://cdnjs.cloudflare.com http://webapplayers.com https://connect.facebook.net https://www.facebook.com; frame-src 'self' blob: https://api1.digitalsms.biz:1949 https://td.doubleclick.net https://app.interakt.ai  https://www.google.com https://www.google-analytics.com https://cdn.jsdelivr.net https://code.highcharts.com https://www.googletagmanager.com https://code.highcharts.com http://cdnjs.cloudflare.com https://connect.facebook.net https://www.facebook.com; 1
default-src 'self' *.kvhh.net kvhh.net; connect-src 'self' *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; font-src 'self' *.kvhh.net kvhh.net; frame-src https://te4d20ff4.emailsys1a.net https://app1.edoobox.com https://www.youtube-nocookie.com/; img-src 'self' data: *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; media-src 'self';script-src 'self' 'sha256-akDN1WUCwEizwXBzlROn8PCav50zeSdx/xBQJkylVUc=' 'sha256-xMOBuoCpPB1Ax3XmTbUO1p+mDL7sKZ0FSjVKwIYlVC4=' https://cdn1.edoobox.com https://kvhh.matomo.cloud/ https://cdn.matomo.cloud/kvhh.matomo.cloud/ *.kvhh.net kvhh.net; style-src 'self' 'unsafe-inline' *.kvhh.net kvhh.net https://kvhh.matomo.cloud/ *.googleapis.com; 1
frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content; default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com; frame-src 'self' bid.g.doubleclick.net www.google.com; img-src * data: blob: 'unsafe-inline' 'self' www.google.com.uy/ www.google.com.pr/ deshow2.azureedge.net/ www.facebook.com www.google-analytics.com secure.gravatar.com/avatar/ www.google.com/recaptcha/; child-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'none'; base-uri 'self'; 1
img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.mea.gov.in https://mea.gov.in 1
default-src 'self' * *.doubleclick.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/ 'unsafe-inline' ;  font-src 'self' fonts.gstatic.com/  fonts.googleapis.com/ *.google.com/  *.google.com/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/  'unsafe-inline' ;style-src 'self' *.jsdelivr.net fonts.googleapis.com/ *.onetrust.com/ 'unsafe-inline';script-src 'self' https://analytics.tiktok.com *.doubleclick.net/ *.googleadservices.com/ *.facebook.net/ *.google-analytics.com/ *.googletagmanager.com/ *.google.com/ *.google.com.br/  *.cookielaw.org/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/ 'unsafe-inline' 'unsafe-eval';script-src-elem 'self' https://analytics.tiktok.com *.doubleclick.net/ *.facebook.net/ *.facebook.com/ *.googleadservices.com/ *.googletagmanager.com/ *.google-analytics.com/ *.google.com/ *.gstatic.com/ *.cookielaw.org/ *.onetrust.com/ *.jsdelivr.net/ *.googleapis.com/ 'unsafe-inline';img-src 'self' data: https://analytics.tiktok.com *.facebook.com *.cookielaw.org *.youtube.com *.google.com *.google.com.br *.google-analytics.com *.onetrust.com *.maternidadebrasilia.com.br *.jsdelivr.net *.googleapis.com/ 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zopim.com https://static.adman.gr/adman.js *.adman.gr *.ubembed.com *.skroutz.gr https://skroutza.skroutz.gr *.zdassets.com/ https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com  https://m.addthis.com https://analytics.skroutz.gr https://skroutza.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: https://www.newbalance.gr https://newbalance.staginglh.com https://local.newbalance.gr https://newbalance.test.devlh.com https://newbalance.gr *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://www.google.nl https://www.google.ie https://www.googletagmanager.com https://www.google.co.in https://fonts.gstatic.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://gtm.newbalance.gr https://pagead2.googlesyndication.com https://adservice.google.com *.facebook.com *.facebook.net *.analytics.google.com https://conversionapi.newbalance.gr https://analytics.google.com *.hotjar.io wss://*.hotjar.com *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com; frame-src *; media-src 'self' 1
block-all-mixed-content; frame-ancestors *.cabralmotor.com.br 1
frame-ancestors 'self' *.golfhouse.com; 1
default-src 'self' 'unsafe-inline' blob: https://*.zoom.us https://www.sandbox.paypal.com https://www.paypal.com; connect-src 'self' data: blob: wss://*.zoom.us https://zoom.us https://vimeo.com https://*.zoom.us; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://*.zoom.us https://player.vimeo.com https://zoom.us https://source.zoom.us https://ssl.google-analytics.com https://ajax.googleapis.com https://login.totara.community https://js.stripe.com https://polyfill.io https://www.paypal.com https://www.gstatic.com https://www.recaptcha.net https://cdn.jsdelivr.net https://f.vimeocdn.com https://www.youtube.com https://s.ytimg.com; worker-src 'self' blob:; font-src 'self' data: https://source.zoom.us https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.gstatic.com; img-src 'self' data: blob: https://*.zoom.us https://www.microsoft.com https://padlet.net https://t.paypal.com https://uni.com https://libapps-eu.s3.amazonaws.com https://accounts.google.com https://www.google.com https://i.ytimg.com https://i.vimeocdn.com https://img.youtube.com; style-src 'self' 'unsafe-inline' https://*.zoom.us https://source.zoom.us https://f.vimeocdn.com http://fonts.googleapis.com https://fonts.googleapis.com; child-src 'self' https://www.recaptcha.net https://smc-service-cloud.respondus2.com https://api.turnitin.com https://zoom.us https://applications.zoom.us https://script.google.com https://padlet.com https://drive.google.com https://docs.google.com https://api.turnitinuk.com https://www.paypal.com https://www.sandbox.paypal.com https://js.stripe.com https://campaign.moodle.org https://enovation.ie https://www.google.com https://vimeo.com https://player.vimeo.com https://www.youtube.com https://youtube.com; media-src 'self' data: blob: https://source.zoom.us https://www.youtube.com https://vod-progressive.akamaized.net https://player.vimeo.com 1
connect-src 'self' https: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com;default-src 'self';font-src 'self' fonts.gstatic.com https://*.hotjar.com fonts.googleapis.com;form-action 'self' https://www.facebook.com/tr/;frame-src 'self' tr.techcareer.net youtube.com www.youtube.com open.spotify.com https://embed-standalone.spotify.com/ https://kariyer.typeform.com https://www.typeform.com https://*.hotjar.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.google.com/ https://www.facebook.com/ https://td.doubleclick.net/ https://www.youtube-nocookie.com/ https://login.techcareer.net;img-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net https://*.google-analytics.com https://*.googletagmanager.com https://www.google.com/ads/ https://www.google.com.tr/ads/ https://*.hotjar.com www.facebook.com https://i.ytimg.com https://www.google.com https://analytics.twitter.com/ https://t.co/ https://cdn.efilli.com www.gravatar.com https://googleads.g.doubleclick.net https://c.clarity.ms https://c.bing.com cdn1.kariyer.net https://px.ads.linkedin.com https://static.geetest.com/ https://static.geevisit.com/;media-src 'self' data: storage.googleapis.com cdn.gcp.techcareer.net;object-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.hotjar.com https://static.ads-twitter.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net connect.facebook.net https://analytics.tiktok.com/i18n/pixel/ https://cdn.efilli.com https://www.clarity.ms https://js-agent.newrelic.com https://snap.licdn.com http://static.geetest.com/v4/ https://gcaptcha4.geetest.com/ https://gcaptcha4.gsensebot.com/ https://gcaptcha4.geevisit.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.hotjar.com https://static.geetest.com/v4/ https://static.geevisit.com/v4/;worker-src 'self'; 1
frame-ancestors 'self' *.googletagmanager.com *.youtube.com;, base-uri 'self'; connect-src *;, font-src data: *;, form-action 'self' *.truyol.com *.redsys.es *.redsys.es:25443 *.paypal.com;, default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *;, style-src 'self' 'unsafe-inline' *.truyol.com *.tawk.to *.getprintbox.com *.googleapis.com *.ckeditor.com *.cloudflare.com *.gstatic.com;, script-src 'self' 'unsafe-inline' 'unsafe-eval' *.truyol.com *.salesmanago.pl *.googletagmanager.com *.googleapis.com *.hotjar.com *.tawk.to *.getprintbox.com *.facebook.net *.google.com *.trustedshops.com *.paypalobject.com *.ckeditor.com *.metricool.com *.gstatic.com *.cloudflare.com *.clarity.ms *.doubleclick.net *.google-analytics.com *.jsdelivr.net *.youtube.com *.cookiepro.com *.cookielaw.org *.taboola.com;, img-src 'self' data: blob: *.truyol.com *.salesmanago.pl *.google-analytics.com *.getprintbox.com *.googleapis.com *.google.com *.google.es *.googletagmanager.com *.trustedshops.com *.linkedin.com *.facebook.com *.ckeditor.com *.metricool.com *.clarity.ms *.bing.com *.doubleclick.net *.tawk.to *.googlesyndication.com *.fbsbx.com *.cookiepro.com *.googleusercontent.com; 1
default-src 'self';connect-src 'self' res.cloudinary.com api.true-shopping.com api.true-shopping.com api.true-shopping.com api.true-shopping.com api.true-shopping.com api.true-shopping.com opqa-webapi.true-shopping.com opqa-webapi.true-shopping.com s.2c2p.com api.true-shopping.com www.googletagmanager.com www.google.com www.google.co.th www.gstatic.com *.zdassets.com *.zendesk.com *.getbutton.io *.zopim.com wss://widget-mediator.zopim.com ws://widget-mediator.zopim.com ws://zopim.com wss://zopim.com www.facebook.com *.facebook.com *.ingest.sentry.io stats.g.doubleclick.net googleads.g.doubleclick.net www.google-analytics.com/g/collect *.algolia.net *.algolianet.com *.stm.trueid.net https://api.marker.io/widget/ping https://onesignal.com https://api.line.me/oauth2/v2.1/token https://analytics.google.com/g/collect https://www.google.com.sg/ads/ga-audiences https://www.google-analytics.com/j/collect pagead2.googlesyndication.com https://opqa-webapi.true-shopping.com *.accesstrade.in.th *.airbridge.io https://cdn.plyr.io/3.6.1/ https://noembed.com/embed https://api.cookiewow.com/api/v1/ui_config https://api.cookiewow.com/api/v1/page_views https://api.cookiewow.com/api/v1/consents https://maps.googleapis.com/* https://maps.googleapis.com/maps/api/mapsjs/gen_204;img-src * data:;script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com www.googleadservices.com www.googletagmanager.com code.jquery.com www.google.com apis.google.com www.gstatic.com cdnjs.cloudflare.com cdn.onesignal.com onesignal.com *.zdassets.com *.zendesk.com *.getbutton.io *.zopim.com *.chromestatus.com google-analytics.com www.google-analytics.com *.google-analytics.com static.ads-twitter.com *.ads-twitter.com connect.facebook.net *.facebook.net d.line-scdn.net *.line-scdn.net analytics.twitter.com *.twitter.com d.line-cdn.net *.line-cdn.net stats.g.doubleclick.net googleads.g.doubleclick.net s.2c2p.com/SecurePayment/api/my2c2p.1.6.9.min.js edge.marker.io pagead2.googlesyndication.com partner.googleadservices.com adservice.google.co.th www.googletagservices.com tpc.googlesyndication.com adservice.google.com demo2.2c2p.com *.accesstrade.in.th *.android.com static.airbridge.io/sdk/latest/airbridge.min.js www.youtube.com https://cookiecdn.com/cwc.js https://cookiecdn.com/configs/M7uRzTDsxxXT2LvegMkLRXDy https://cookiecdn.com/configs/LmJ1oLmXaqmY9mvpETRSEHGU https://staging.cookiecdn.com/cwc.js https://staging.cookiecdn.com/configs/PrzdwtxKMDQNYGJk4DJ7gbcH;style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net/npm/@mdi/font@latest/css/materialdesignicons.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/all.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/brands.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/fontawesome.min.css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.2/css/solid.min.css https://onesignal.com/sdks/OneSignalSDKStyles.css https://assets.api.useinsider.com/css/info.min.css;frame-src 'self' res.cloudinary.com www.youtube.com https://accounts.google.com/ www.youtu.be www.google.co.th www.google.com www.facebook.com *.facebook.com *.marker.io marker.io googleads.g.doubleclick.net tpc.googlesyndication.com core.airbridge.io id.abr.ge bid.g.doubleclick.net *.doubleclick.net www.youtube-nocookie.com/ https://lin.ee/ *.line.me/ https://line.me/;media-src 'self' blob: res.cloudinary.com *.cloudinary.com *.zdassets.com static.zdassets.com *.stm.trueid.net https://v2.zopim.com;font-src 'self' data: res.cloudinary.com fonts.gstatic.com fonts.googleapis.com https://cdn.jsdelivr.net/npm/@mdi/font@latest/fonts/materialdesignicons-webfont.eot https://cdn.jsdelivr.net/npm/@mdi/font@latest/fonts/materialdesignicons-webfont.woff2 https://cdn.jsdelivr.net/npm/@mdi/font@latest/fonts/materialdesignicons-webfont.woff https://cdn.jsdelivr.net/npm/@mdi/font@latest/fonts/materialdesignicons-webfont.ttf https://cdnjs.cloudflare.com https://v2.zopim.com/widget/fonts/zopim.ttf https://v2.zopim.com/widget/fonts/zopim.svg https://font.static.useinsider.com/DigitalMono/digital-7-mono.ttf;upgrade-insecure-requests 1
frame-ancestors 'self'e 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MjMzLDI0NywxNTgsMTk5LDIwNSw5MCwyNTEsMTI5' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://music.amazon.com/embed/oembed https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/embed/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
default-src 'self'; connect-src *; frame-src *; font-src *;img-src about: * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: fonts.bunny.net *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se wp-rocket.me *.wistia.com *.helpscout.net *.litix.io 1
default-src 'unsafe-inline' 'unsafe-eval' abacus.cz *.abacus.cz evolveo.com *.evolveo.com evolveo.eu *.evolveo.eu salente.cz *.salente.cz gls-czech.cz *.gls-czech.cz teamviewer.com *.teamviewer.com secure.skypeassets.com smartlook.cloud *.smartlook.cloud im9.cz *.im9.cz *.doubleclick.net heureka.cz *.heureka.cz *.cdn77.org youtube.com *.youtube.com facebook.com *.facebook.com facebook.net *.facebook.net smartlook.com *.smartlook.com smartsuppchat.com *.smartsuppchat.com smartsup.com *.smartsup.com smartsupp.com *.smartsupp.com *.googleapis.com *.googletagmanager.com *.google-analytics.com google.com *.google.com google.cz *.google.cz *.jquery.com wss://*.smartsupp.com; font-src * 'self' data: 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://umap.openstreetmap.fr ; object-src 'none' 1
frame-ancestors 'self' *.adfox.ru *.yandex.ru yandex.ru yandex.com yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.net; 1
default-src 'self' www.sherwin.com.ar www.sherwin.com.mx www.google.com www.youtube.com 10153588.fls.doubleclick.net td.doubleclick.net; script-src 'self' www.youtube.com www.google.com www.gstatic.com cdnjs.cloudflare.com maps.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.googleapis.com prism.sherwin-williams.com www.googletagmanager.com www.google-analytics.com 'unsafe-inline' 'unsafe-eval' blob:; font-src 'self' fonts.googleapis.com fonts.gstatic.com use.fontawesome.com res.cdn.office.net data:; connect-src 'self' blob: eu2.device-api.indigitall.com maps.googleapis.com prism.sherwin-williams.com sherwin.scene7.com api.sherwin-williams.com analytics.google.com www.google-analytics.com stats.g.doubleclick.net; img-src 'self' blob: maps.googleapis.com ad.doubleclick.net i.ytimg.com maps.gstatic.com www.google.com.co prism.sherwin-williams.com cdnjs.cloudflare.com sherwin.scene7.com www.sherwin.com.mx www.googletagmanager.com www.google-analytics.com secure.gravatar.com www.sherwin.com.ar a.tile.openstreetmap.org b.tile.openstreetmap.org c.tile.openstreetmap.org data:; style-src 'self' cdn.jsdelivr.net cdnjs.cloudflare.com prism.sherwin-williams.com fonts.googleapis.com use.fontawesome.com 'unsafe-inline'; base-uri 'self';form-action 'self'; 1
default-src 				'self' 'unsafe-eval' 'unsafe-inline' data: https:			;img-src 				* data:				https://tcm-map.childrennow.org 				www.googletagmanager.com 			;media-src 				'self' blob: data: 		 	;script-src 				'self' 'unsafe-eval' 'unsafe-inline' 				https://tcm-map.childrennow.org 				https://www.googletagmanager.com 			 	https://www.google-analytics.com 			 	https://app.giveforms.com 				https://www.google.com/recaptcha/api.js 				https://www.gstatic.com 				https://fast.wistia.com 				https://*.googleapis.com 				https://player.vimeo.com 				https://www.youtube.com 				https://platform.twitter.com 				https://s.ytimg.com/yts/jsbin/www-widgetapi-vfle7xYY2/www-widgetapi.js 				https://cdn.syndication.twimg.com/timeline/profile 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/all.min.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/v4-shims.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/addon/mode/loadmode.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/htmlmixed/htmlmixed.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/xml/xml.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/javascript/javascript.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/css/css.min.js 			;script-src-elem 				'self' 'unsafe-eval' 'unsafe-inline' 				https://tcm-map.childrennow.org 				https://www.googletagmanager.com 			 	https://www.google-analytics.com 			 	https://app.giveforms.com 				https://www.google.com/recaptcha/api.js 				https://www.gstatic.com 				https://fast.wistia.com 				https://*.googleapis.com 				https://player.vimeo.com 				https://www.youtube.com 				https://platform.twitter.com 				https://s.ytimg.com/yts/jsbin/www-widgetapi-vfle7xYY2/www-widgetapi.js 				https://cdn.syndication.twimg.com/timeline/profile 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/all.min.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/v4-shims.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/addon/mode/loadmode.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/htmlmixed/htmlmixed.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/xml/xml.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/javascript/javascript.min.js 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/mode/css/css.min.js 			;style-src 				'self' 'unsafe-eval' 'unsafe-inline' 				https://tcm-map.childrennow.org 				https://*.googleapis.com 				https://platform.twitter.com 				https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/all.min.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/v4-shims.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.css 			;style-src-elem 				'self' 'unsafe-inline' 				https://tcm-map.childrennow.org 				https://*.googleapis.com 				https://platform.twitter.com 				https://ton.twimg.com/tfw/css/syndication_bundle_v1_73385286cca9d2256f6bf3993470820d4827b058.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/all.min.css 				https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@5.13.0/css/v4-shims.min.css 				https://cdn.jsdelivr.net/npm/codemirror@5.41.0/lib/codemirror.min.css 			;style-src-attr 				'self' 'unsafe-inline'			; 1
frame-ancestors 'none'; frame-src https://www.youtube.com; 1
frame-ancestors 'self' https://*.tw.mawebcenters.com 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://mapsresources-pa.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://*.gstatic.com https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://smct.co https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'self'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://obchod.eset.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-5Z5GbAM4pKd8I/W34kh2kjtoRH7rUGnlZqKV8sov+yBTExXn' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://region1.analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/; script-src 'self' https://www.googletagmanager.com https://www.vimeo.com https://vimeo.com https://www.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src *; 1
default-src 'self'; connect-src 'self' https://*.ada.support https://*.analytics.google.com https://*.clarity.ms https://*.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.hotjar.io https://*.linkedin.co https://*.linkedin.com https://*.mypurecloud.com wss://*.mypurecloud.com https://ads-api.twitter.com https://cdn.linkedin.oribi.io https://connect.facebook.net https://gtm-mr26nnc-ztexm.uc.r.appspot.com https://maps.googleapis.com https://static.ads-twitter.com https://webto.salesforce.com https://www.facebook.com https://*.curator.io/; script-src 'unsafe-eval' https://*.googletagmanager.com https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://tagmanager.google.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com 'nonce-baa08d2a-f095-4596-9073e8bc812e0ea8'; script-src-elem 'self' https://*.ada.support https://*.ads-twitter.com https://*.clarity.ms https://*.google-analytics.com https://*.licdn.com https://*.tarteaucitron.io https://connect.facebook.net https://maps.googleapis.com https://static.ads-twitter.com https://tarteaucitron.io https://www.googleadservices.com 'strict-dynamic' 'nonce-baa08d2a-f095-4596-9073e8bc812e0ea8'; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.mypurecloud.com https://*.tarteaucitron.io https://fonts.googleapis.com https://googletagmanager.com https://tagmanager.google.com https://cdn.curator.io; object-src 'none'; img-src 'self' data: https://*.bing.com https://*.clarity.ms https://*.facebook.com https://*.linkedin.com https://*.mypurecloud.com https://analytics.twitter.com https://t.co https://tarteaucitron.io https://curator-assets.b-cdn.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://googletagmanager.com https://*.g.doubleclick.net https://*.googleapis.com https://maps.gstatic.com https://www.gstatic.com https://ssl.gstatic.com https://www.google.com https://www.google.ad https://www.google.ae https://www.google.com.af https://www.google.com.ag https://www.google.com.ai https://www.google.al https://www.google.am https://www.google.co.ao https://www.google.com.ar https://www.google.as https://www.google.at https://www.google.com.au https://www.google.az https://www.google.ba https://www.google.com.bd https://www.google.be https://www.google.bf https://www.google.bg https://www.google.com.bh https://www.google.bi https://www.google.bj https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.bs https://www.google.bt https://www.google.co.bw https://www.google.by https://www.google.com.bz https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.co.ck https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.com.co https://www.google.co.cr https://www.google.com.cu https://www.google.cv https://www.google.com.cy https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.com.do https://www.google.dz https://www.google.com.ec https://www.google.ee https://www.google.com.eg https://www.google.es https://www.google.com.et https://www.google.fi https://www.google.com.fj https://www.google.fm https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.com.gh https://www.google.com.gi https://www.google.gl https://www.google.gm https://www.google.gp https://www.google.gr https://www.google.com.gt https://www.google.gy https://www.google.com.hk https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.co.id https://www.google.ie https://www.google.co.il https://www.google.im https://www.google.co.in https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.com.jm https://www.google.jo https://www.google.co.jp https://www.google.co.ke https://www.google.com.kh https://www.google.ki https://www.google.kg https://www.google.co.kr https://www.google.com.kw https://www.google.kz https://www.google.la https://www.google.com.lb https://www.google.li https://www.google.lk https://www.google.co.ls https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.com.ly https://www.google.co.ma https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.com.mm https://www.google.mn https://www.google.ms https://www.google.com.mt https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.com.mx https://www.google.com.my https://www.google.co.mz https://www.google.com.na https://www.google.com.nf https://www.google.com.ng https://www.google.com.ni https://www.google.ne https://www.google.nl https://www.google.no https://www.google.com.np https://www.google.nr https://www.google.nu https://www.google.co.nz https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.pl https://www.google.pn https://www.google.com.pr https://www.google.ps https://www.google.pt https://www.google.com.py https://www.google.com.qa https://www.google.ro https://www.google.ru https://www.google.rw https://www.google.com.sa https://www.google.com.sb https://www.google.sc https://www.google.se https://www.google.com.sg https://www.google.sh https://www.google.si https://www.google.sk https://www.google.com.sl https://www.google.sn https://www.google.so https://www.google.sm https://www.google.sr https://www.google.st https://www.google.com.sv https://www.google.td https://www.google.tg https://www.google.co.th https://www.google.com.tj https://www.google.tk https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.to https://www.google.com.tr https://www.google.tt https://www.google.com.tw https://www.google.co.tz https://www.google.com.ua https://www.google.co.ug https://www.google.co.uk https://www.google.com.uy https://www.google.co.uz https://www.google.com.vc https://www.google.co.ve https://www.google.vg https://www.google.co.vi https://www.google.com.vn https://www.google.vu https://www.google.ws https://www.google.rs https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.cat; font-src 'self' https://fonts.gstatic.com data:;; base-uri 'none'; media-src 'self'; frame-src 'self' https://*.ada.support https://*.digicelgroup.com https://*.doubleclick.net https://*.mypurecloud.com https://bid.g.doubleclick.net https://digicel.bigidprivacy.cloud https://service.digiceltt.com https://www.facebook.com; form-action https://www.facebook.com; frame-ancestors 'none' 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; worker-src 'self'; frame-ancestors 'self'; img-src 'self' data: https: 1
font-src https://www.gstatic.com https://fonts.gstatic.com *.fontawesome.com *.gstatic.com 'self' data: *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://secure.networkmerchants.com *.google.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.iubenda.com *.facebook.net *.facebook.com *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://secure.networkmerchants.com *.google.com https://*.gstatic.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.gstatic.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://secure.networkmerchants.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com *.fontawesome.com unsafe-inline *.googleapis.com *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.tidiochat.com *.stackadapt.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://secure.networkmerchants.com https://ipinfo.io https://*.google.com https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.google-analytics.com *.google.com *.doubleclick.net *.iubenda.com *.facebook.net *.bing.com *.clarity.ms *.tidio.co wss://socket.tidio.co *.tidiochat.com *.stackadapt.com *.onesignal.com onesignal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';, upgrade-insecure-requests; 1
default-src 'self';connect-src 'self' https://plausible.io;script-src 'self' https://plausible.io https://d3js.org https://assets.calendly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/;img-src 'self' data: https://assets.calendly.com;frame-src https://calendly.com https://www.youtube-nocookie.com https://5e794280.sibforms.com https://www.google.com/recaptcha/;form-action 'self' http://localhost:3000 https://masteringthezodiac.com;base-uri 'self';font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
base-uri 'self'; object-src 'none'; script-src-elem 'self' https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gooogle.com https://snap.licdn.com https://www.google.com 'nonce-b08fac6588'; script-src 'self' https://*.google-analytics.com https://*.googleapis.com https://*.googletagmanager.com https://*.gooogle.com https://snap.licdn.com https://www.google.com 'strict-dynamic' 'nonce-b08fac6588'; 1
default-src 'self' *.wellupages.eu via.placeholder.com www.placeholder.com placehold.it *.fbcdn.net *.google.pl *.google.com; connect-src 'self' *.analytics.google.com *.doubleclick.net www.google-analytics.com *.nr-data.net; frame-src 'self' *.wellu.eu wellu.eu www.youtube.com docs.google.com static.wellupages.eu *.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net *.facebook.com *.nr-data.net www.gstatic.com www.google-analytics.com *.googleapis.com *.google.pl *.google.com www.googletagmanager.com js-agent.newrelic.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' data: https: fonts.gstatic.com *.googleapis.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googleapis.com; img-src 'self' data: https: vim.placeholder.com www.placeholder.com placehold.it static.wellupages.eu; object-src 'self'; 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.com.pe/report-uri/enforce 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-yGkvPFOZc1j9ligwUm194oCwQ7d8oakmWCYzOIwlN3y0hKsM' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://maps.googleapis.com https://docs.google.com/spreadsheets/ https://doc-10-1s-sheets.googleusercontent.com/ https://stats.g.doubleclick.net https://www.coloradohistoricnewspapers.org; default-src 'none'; font-src 'self' https://fonts.gstatic.com; form-action 'self' https://dp.la/search; frame-ancestors 'none'; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com https://maps.gstatic.com/ https://maps.google.com/maps/ https://maps.googleapis.com/maps/ https://www.coloradovirtuallibrary.org/ https://www.coloradohistoricnewspapers.org/chnc/ https://secure.gravatar.com/avatar/; manifest-src 'none'; media-src 'self'; object-src 'none'; script-src 'self' https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://maps.google.com https://maps.googleapis.com/maps/ https://cdnjs.cloudflare.com/ajax/libs/PapaParse/ https://cdnjs.cloudflare.com/ajax/libs/OverlappingMarkerSpiderfier/ 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; worker-src 'none' 1
default-src * 'unsafe-eval'; font-src 'self' fonts.gstatic.com data:; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' 1
default-src: https: 'unsafe-inline'; frame-ancestors 'self' *.facebook.com 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://www.seva.org/site/XFrameViolation 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mefi.social; img-src 'self' https: data: blob: https://mefi.social; style-src 'self' https://mefi.social 'nonce-A6shAd7QlfCuyTCXMGea+w=='; media-src 'self' https: data: https://mefi.social; frame-src 'self' https:; manifest-src 'self' https://mefi.social; connect-src 'self' data: blob: https://mefi.social https://mefisocial.files.fedi.monster wss://mefi.social; script-src 'self' https://mefi.social 'wasm-unsafe-eval'; child-src 'self' blob: https://mefi.social; worker-src 'self' blob: https://mefi.social 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; frame-ancestors https://*:*; 1
upgrade-insecure-requests;frame-ancestors 'self' https:; object-src 'self' icims.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
base-uri 'self'; default-src 'self'; img-src 'self' data: https://api.ingmarkets.com; script-src 'self' 'unsafe-inline' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'self' 'unsafe-inline'; font-src 'self'; connect-src 'self' ws: https://api.ingmarkets.com; frame-ancestors 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; report-to https://vicompany.report-uri.com/r/d/csp/enforce; report-uri https://vicompany.report-uri.com/r/d/csp/enforce; report-uri https://vicompany.report-uri.com/r/d/csp/enforce; 1
font-src 'self' data: https://app.cobrowser.com/ http://mifiles.archieven.nl/; connect-src 'self' https://www.google-analytics.com/ https://rijnland.api.connexys.nl/ https://rijnland.api-a.connexys.nl/ https://app.cobrowser.com/ wss://app.cobrowser.com https://services1.acc.enable-u.cloud/ https://services1.prd.enable-u.cloud/ https://rijnland.piwik.pro/ https://region1.google-analytics.com/ https://srv.archieven.nl https://releases.wagtail.io/; style-src 'self' 'unsafe-inline' http://hello.myfonts.net/ https://rijnland.api-a.connexys.nl/ https://rijnland.api.connexys.nl/ http://mifiles.archieven.nl/ http://srv.archieven.nl/ https://app.cobrowser.com/ https://unpkg.com/; media-src 'self' https://app.cobrowser.com/; frame-src 'self' https://www.youtube.com/ https://www.google.com/ https://app.hellodialog.com/ https://vars.hotjar.com/ https://rijnland.net/ http://www.rijnland.net/ https://hhr-website-acc.fourdigits.nl/ http://hhr-website-acc.fourdigits.nl/ http://127.0.0.1:8000/ https://preserve.archieven.nl/ https://rijnland.maps.arcgis.com/; object-src 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/ https://www.gstatic.com/ https://rijnland.api-a.connexys.nl/ https://rijnland.api.connexys.nl/ https://www.googletagmanager.com https://siteimproveanalytics.com https://static.hotjar.com/ https://script.hotjar.com/ https://www.google-analytics.com/ http://srv.archieven.nl/ http://mifiles.archieven.nl https://app.hellodialog.com/ https://app.cobrowser.com/ http://siteimproveanalytics.com/ https://unpkg.com/ https://services1.acc.enable-u.cloud/ https://services1.prd.enable-u.cloud/ https://rijnland.containers.piwik.pro/; img-src 'self' data: http://mifiles.archieven.nl/ https://preserve.archieven.nl/ https://files.archieven.nl/l https://files.archieven.nl/ https://www.google-analytics.com/ https://6259186.global.siteimproveanalytics.io/ https://app.cobrowser.com https://unpkg.com/ https://a.tile.osm.org/ https://b.tile.osm.org/ https://c.tile.osm.org/ https://www.toegankelijkheidsverklaring.nl/ http://files.archieven.nl/ https://www.gravatar.com/; default-src none 1
base-uri 'self';block-all-mixed-content; frame-ancestors 'self';worker-src 'none' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: 1
default-src 'self' data: *.rhc.ac.ir http://gsia.tums.ac.ir http://streaming.ut.ac.ir https://cdn.jsdelivr.net https://app.raychat.io http://app.raychat.io https://cdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://cdn77.api.userway.org; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://map.ir https://conf.isc.ac https://www.gstatic.com https://www.googletagmanager.com https://www.google-analytics.com https://kangoro.ir/matomo/matomo.js http://tools.1abzar.com http://1abzar.ir http://google.com https://google.com https://www.google.com http://www.google.com http://cse.google.com https://cse.google.com https://www.googleapis.com http://www.googleapis.com https://www.aparat.com http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://app.raychat.io http://app.raychat.io https://se3.raychat.io http://se3.raychat.io https://sapiba.ir/rajaie-pamfelets https://sapiba.ir/rhc https://sapiba.ir/* https://sapiba.ir https://sapiba.ir/rajaie140/ https://edu.sapiba.ir/* https://isid.research.ac.ir/* https://edu.sapiba.ir/ https://cdn.userway.org https://api.userway.org https://media.userway.org https://www.goftino.com https://cdn.goftino.com https://widget-react.raychat.io; style-src 'self' 'unsafe-inline' https://app.raychat.io http://app.raychat.io https://cdn.jsdelivr.net https://cse.google.com http://cse.google.com http://www.google.com http://google.com https://google.com https://www.google.com https://www.aparat.com https://cdn.fontcdn.ir https://fdn.fontcdn.ir https://cdn.goftino.com https://cdn.userway.org https://widget-react.raychat.io; img-src 'self' blob: data: https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com data: *; connect-src 'self' https://map.ir https://conf.isc.ac https://www.google-analytics.com www.google-analytics.com https://samta.samt.ac.ir https://pooya.kashanu.ac.ir https://se3.raychat.io http://se3.raychat.io wss://se3.raychat.io https://cdn.fontcdn.ir wss://api.raychat.io wss://ws.goftino.com wss://ws2.goftino.com wss://ws5.goftino.com wss://cdn.goftino.com https://api.userway.org https://cdn.userway.org https://cdn77.api.userway.org https://widget-service.raychat.io wss://ws10.goftino.com; child-src 'self' https://auth4.ut.ac.ir:8443/ https://auth.ut.ac.ir:8443/ http://tools.1abzar.com http://1abzar.ir https://cse.google.com https://www.aparat.com https://google.com https://www.google.com https://cdn.userway.org https://edu.sapiba.ir https://sapiba.ir/rajaie-pamfelets https://sapiba.ir/rhc https://sapiba.ir/* https://sapiba.ir https://sapiba.ir/rajaie140/ https://edu.sapiba.ir/* https://isid.research.ac.ir/* https://edu.sapiba.ir/; frame-ancestors 'self' https://trustseal.enamad.ir; 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: 1
frame-ancestors 'self' *.tsc.k12.in.us tsck12inus.finalsite.com; 1
default-src 'self' https://disqus.com/ https://*.disquscdn.com 'unsafe-eval';img-src * data: 'unsafe-eval';style-src 'unsafe-inline'  *.typekit.net;font-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.driftt.com https://*.disqus.com https://*.disquscdn.com https://*.twitter.com *.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.washingtonfrank.com *.nigelfrank.com *.frgconsulting.com https://*.googletagmanager.com https://www.google-analytics.com https://snap.licdn.com https://*.hotjar.com https://*.hotjar.io http://www.googleadservices.com https://connect.facebook.net http://static.ads-twitter.com https://googleads.g.doubleclick.net *.google.com *.hotjar.com http://*.6sc.co https://jscloud.net/x/11306/inlinks.js https://jscloud.net/x/11310/inlinks.js https://jscloud.net/lze/11308/inlinks.js https://jscloud.net/x/11309/inlinks.js https://jscloud.net/x/11289/inlinks.js https://jscloud.net/lze/11311/inlinks.js https://jscloud.net/x/11307/inlinks.js *.reactful.com http://widget.trustpilot.com blob:;frame-src https://*.driftt.com https://disqus.com https://*.twitter.com https://*.youtube.com  https://*.youtube-nocookie.com/ https://*.vimeo.com https://*.instagram.com https://*.googleapis.com https://*.gstatic.com https://*.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.nigelfrank.com *.washingtonfrank.com *.frgconsulting.com https://www.facebook.com https://vars.hotjar.com *.reactful.com https://widget.trustpilot.com;connect-src 'self' https://*.amazonaws.com https://*.amazoncognito.com *.pardot.com https://*.onetrust.com *.jeffersonfrank.com *.nelsonfrank.com *.andersonfrank.com *.frankgroup.com *.masonfrank.com *.nigelfrank.com *.washingtonfrank.com *.frgconsulting.com https://*.disqus.com *.facebook.com http://*.6sc.co http://ib.adnxs.com/getuidj https://epsilon.6sense.com http://secure.adnxs.com/getuidj http://visitor.reactful.com https://visitor.reactful.com https://jscloud.net/x/11306/ https://jscloud.net/x/11310/ https://jscloud.net/x/11309/ https://jscloud.net/x/11289/ https://jscloud.net/x/11307/ https://*.doubleclick.net *.hotjar.com *.hotjar.io *.hotjar.is *.reactful.com *.google-analytics.com *.analytics.google.com https://px.ads.linkedin.com/wa/ 1
default-src wss: *.momento360.com momento360.com *.sienatech.com *.antigena.com *.sciremc.com *.googleusercontent.com *.bamboohr.com *.fortawesome.com *.sharpencx.com *.fonticons.com *.sharpen.cx *.fathomvoice.com *.cloudflare.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.flippingbook.com *.azgt.coop; 1
default-src https: 'unsafe-inline' script-src: 'unsafe-eval' 1
default-src 'self' ; worker-src 'self' https://www.google.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://www.google.com https://www.gstatic.com https://maps.googleapis.com https://nmas.nowmedia.co.za https://*.effectivemeasure.net https://tourismupdate1.disqus.com ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.disquscdn.com ; connect-src 'self' https://maps.googleapis.com https://nmas.nowmedia.co.za https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com https://stats.g.doubleclick.net https://*.effectivemeasure.net ; img-src 'self' 'unsafe-inline' blob: data: https://ssl.google-analytics.com https://*.openstreetmap.org https://nmas.nowmedia.co.za https://*.effectivemeasure.net https://*.disquscdn.com https://*.ytimg.com https://*.disqus.com/ https://www.google-analytics.com https://www.googletagmanager.com https://www.googletagservices.com ; font-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.gstatic.com https://themes.googleusercontent.com data: ; media-src 'self' data: ; frame-src 'self' https://datastudio.google.com https://ad.doubleclick.net https://www.google.com https://nmas.nowmedia.co.za https://disqus.com https://www.youtube.com/ data: ; prefetch-src 'self' https://disqus.com https://*.disquscdn.com data:  1
upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self'; form-action 'self'; object-src 'none';  worker-src 'none'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net;script-src-elem 'self' 'unsafe-inline' https://connect.facebook.net https://7003465.collect.igodigital.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://fonts.googleapis.com https://remote.captcha.com/include.js 1
default-src 'none'; connect-src https://fundingchoicesmessages.google.com http://pagead2.googlesyndication.com *.yandex.ru  https://csi.gstatic.com  https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.ua https://mc.yandex.uz https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://www.google-analytics.com yandex.ru https://ymetrica1.com *.google.com 'report-sample'; font-src https://fonts.gstatic.com https://yastatic.net 'report-sample'; frame-src https://ad.mail.ru https://googleads.g.doubleclick.net https://mc.yandex.md https://player.vimeo.com https://tpc.googlesyndication.com *.google.com https://www.youtube.com https://yastatic.net *.yandex.ru 'report-sample'; img-src 'self' data: an.yandex.ru *.mds.yandex.net counter.yadro.ru https://*.verify.yandex.ru https://amc.yandex.ru https://csi.gstatic.com https://favicon.yandex.net https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kg https://mc.yandex.kz https://mc.yandex.ua https://mc.yandex.uz https://verify.yandex.ru https://www.google-analytics.com https://www.google.ru https://www.googletagmanager.com https://www.gstatic.com https://yastatic.net imagecache.worldwide-ad-network.biz mc.yandex.ru pagead2.googlesyndication.com *.googleusercontent.com *.google.com 'report-sample'; script-src 'self' 'unsafe-inline' an.yandex.ru https://fundingchoicesmessages.google.com  http://pagead2.googlesyndication.com https://ad.mail.ru https://adservice.google.ae https://adservice.google.at https://adservice.google.az https://adservice.google.be https://adservice.google.bg https://adservice.google.bj https://adservice.google.by https://adservice.google.ca https://adservice.google.ch https://adservice.google.cl https://adservice.google.co.id https://adservice.google.co.il https://adservice.google.co.kr https://adservice.google.co.uk https://adservice.google.co.uz https://adservice.google.co.za https://adservice.google.com https://adservice.google.com.ar https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.cy https://adservice.google.com.eg https://adservice.google.com.hk https://adservice.google.com.lb https://adservice.google.com.mx https://adservice.google.com.ng https://adservice.google.com.pa https://adservice.google.com.pk https://adservice.google.com.sg https://adservice.google.com.tj https://adservice.google.com.tr https://adservice.google.com.tw https://adservice.google.com.ua https://adservice.google.com.vn https://adservice.google.cz https://adservice.google.de https://adservice.google.ee https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ge https://adservice.google.gl https://adservice.google.gr https://adservice.google.hu https://adservice.google.ie https://adservice.google.iq https://adservice.google.it https://adservice.google.jo https://adservice.google.kg https://adservice.google.kz https://adservice.google.lt https://adservice.google.lu https://adservice.google.lv https://adservice.google.md https://adservice.google.mn https://adservice.google.mv https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.ps https://adservice.google.pt https://adservice.google.ro https://adservice.google.ru https://adservice.google.sc https://adservice.google.se https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://mc.yandex.by https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.uz https://pagead2.googlesyndication.com https://partner.googleadservices.com https://r.mradx.net https://tpc.googlesyndication.com https://www.google-analytics.com https://www.googletagservices.com https://yandex.ru https://yastatic.net mc.yandex.ru www.googletagmanager.com 'report-sample'; style-src 'self' 'unsafe-inline' https://cda.worldwide-ad-network.biz https://cdb.worldwide-ad-network.biz https://fonts.googleapis.com; media-src data: strm.yandex.ru *.strm.yandex.net; report-uri /csp-report.php 1
default-src 'self';script-src 'self' 'nonce-xjC6ghL/LdT0jtGsCVQjDH7FZ1ag48+lHbRPjyN/TqE=' 'unsafe-eval' 'strict-dynamic' https://*.cookiebot.com https://*.vimeocdn.com https://*.googletagmanager.com https://tagmanager.google.com;img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com data: ;connect-src 'self' ws://* wss://* https://*.cookiebot.com https://*.lime-forms.se https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com;frame-src 'self' https://*.cookiebot.com https://*.vimeo.com https://*.googletagmanager.com;style-src 'self' 'unsafe-inline' https://tagmanager.google.com https://fonts.googleapis.com; 1
connect-src 'self' https://cdn.linkedin.oribi.io https://stats.g.doubleclick.net https://*.fullstory.com https://www.chatbase.co https://analytics.google.com https://googleads.g.doubleclick.net https://consentcdn.cookiebot.com https://*.analytics.google.com https://www.google.com https://*.strakertranslations.com https://www.google-analytics.com https://api.hubspot.com https://forms.hubspot.com https://api.hubapi.com https://*.hsforms.com https://*.hscollectedforms.net https://*.mux.com https://*.fastly.mux.com https://*.cfcdn.mux.com https://inferred.litix.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.usemessages.com https://connect.facebook.net http://d1l6p2sc9645hc.cloudfront.net/gosquared.js https://snap.licdn.com https://*.fullstory.com https://www.chatbase.co/embed.min.js https://*.gosquared.com https://*.cloudfront.net/gosquared.js https://*.cookiebot.com https://*.strakertranslations.com https://*.g.doubleclick.net https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://www.google-analytics.com https://*.hs-scripts.com http://*.hs-scripts.com https://*.hsforms.net https://*.hsforms.com https://*.hscollectedforms.net https://*.hs-banner.com https://*.hsleadflows.net https://*.hsadspixel.net https://*.hs-analytics.net; frame-src 'self' https://www.chatbase.co https://www.google.com https://cdn.sanity.io https://consentcdn.cookiebot.com https://*.hsappstatic.net https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net; img-src 'self' data: https://*.facebook.com https://*.ads.linkedin.com https://cdn.sanity.io https://*.hsforms.com https://*.hubspot.com https://*.fastly.mux.com https://image.mux.com https://www.google.com https://www.googletagmanager.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; media-src 'self' blob: https://*.mux.com https://*.fastly.mux.com https://www.google.com; object-src 'self' https://cdn.sanity.io; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.nserc-crsng.gc.ca *.sshrc-crsh.gc.ca implicit.harvard.edu app.powerbi.com www.gstatic.com fonts.googleapis.com ajax.googleapis.com ssl.google-analytics.com www.google-analytics.com apis.google.com www.googletagmanager.com www.google.com platform.twitter.com syndication.twitter.com www.youtube.com www.sciod.ca data:; style-src 'self' https://use.fontawesome.com https://cloud.typenetwork.com https://netdna.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com 'unsafe-inline'; font-src 'self' https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com https://netdna.bootstrapcdn.com 'unsafe-inline'; img-src 'self' stats.g.doubleclick.net thumbs.gfycat.com *.nserc-crsng.gc.ca *.sshrc-crsh.gc.ca fonts.googleapis.com ssl.google-analytics.com  data: 1
frame-ancestors 'self' https://*.getinge.com:*; 1
default-src 'self' 'unsafe-inline' data: payment.maksekeskus.ee auth.praamid.ee fonts.googleapis.com fonts.gstatic.com stats.g.doubleclick.net static.cloudflareinsights.com www.googletagmanager.com *.google-analytics.com g2.ipcamlive.com s5.ipcamlive.com googleads.g.doubleclick.net www.google.com www.gstatic.com www.youtube.com static.doubleclick.net i.ytimg.com yt3.ggpht.com jnn-pa.googleapis.com play.google.com secure.gravatar.com fast.wistia.com beacon-v2.helpscout.net wp-rocket.me d3hb14vkzrxvla.cloudfront.net pipedream.wistia.com distillery.wistia.com embed-ssl.wistia.com fg8vvsvnieiv3ej16jby.litix.io translate.google.com translate.googleapis.com 'unsafe-eval' static.maksekeskus.ee s.w.org praamid.prominion.net beaconapi.helpscout.net chatapi.helpscout.net cdn.mxpnl.com static.cc.maksekeskus.ee cc.maksekeskus.ee *.analytics.google.com www.google.ee www.google.fi www.google.cz www.google.nl www.google.be www.google.fr www.google.lv www.google.lt www.google.se www.google.de www.google.at www.google.ch www.google.ie www.google.co.uk www.google.pl www.google.dk www.google.no td.doubleclick.net www.google.com.cy www.google.lu www.google.it www.google.gr analytics.google.com www.google-analytics.com www.google.by www.google.com.bz www.google.com.tr www.google.com.ar www.google.co.jp www.google.bg www.google.co.in www.google.ca www.google.ru www.google.com.ua www.google.com.hr www.google.com.au www.google.es www.google.com.ng translate-pa.googleapis.com www.google.ro www.google.rs www.google.si www.google.sk www.google.ba www.google.is www.google.pt www.google.hu www.google.me www.google.mk www.google.com.eg www.google.com.om www.google.co.th www.google.co.nz www.google.co.ke www.google.al www.google.ge www.google.com.bd www.google.co.il cdn.gravity.com www.google.gg www.google.com.vn www.google.je www.google.ad www.google.com.mx www.google.com.mt www.google.im www.google.ae www.google.com.sg www.google.kz cloudflareinsights.com challenges.cloudflare.com www.google.hr www.google.kg www.google.com.my www.google.com.qa www.google.gl www.google.com.ph www.google.md *.hotjar.com *.hotjar.io wss://*.hotjar.com www.google.co.id www.google.lk www.google.ml www.google.com.hk www.google.cv www.google.co.cr www.google.com.sa www.google.com.pk www.google.com.gi www.google.co.tz www.google.vu www.google.com.fj www.google.com.pa www.google.tn www.google.co.ve www.google.cl www.google.co.uz www.google.co.kr region1.analytics.google.com www.google.com.bo www.google.co.zw www.google.sm www.google.co.za www.google.am www.google.com.br www.google.tt www.google.co.ma www.google.az www.google.com.np www.google.com.et www.google.dm www.google.com.do www.google.com.ec www.google.com.kh www.google.la www.google.tg www.google.sc praamidvisitor.prominion.net www.google.ci www.google.com.co www.google.mu www.google.jo www.google.com.bh www.google.com.pr www.google.gm www.google.co.vi www.google.iq ps.w.org www.google.mv www.google.co.ug www.google.com.lb www.google.com.tw www.google.mg; report-uri /d5bcc29e34d8b6210cbfbc3acd7be0a65652590b064c60598822381e01ae1708 1
frame-ancestors ‘self’� 1
default-src * data: blob: 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.sodonsolution.org *.sodonsolution.com www.google-analytics.com www.googletagmanager.com www.gstatic.com maps.gstatic.com maps.googleapis.com cse.google.com www.google.com www.youtube.com connect.facebook.net staticxx.facebook.com graph.facebook.com platform.twitter.com  s.ytimg.com static.whatshelp.io certify-js.alexametrics.com cdnjs.cloudflare.com static.getbutton.io js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.usemessages.com js.hscollectedforms.net geo.erxes.io;style-src 'self' 'unsafe-inline' *.sodonsolution.org  *.sodonsolution.com www.gstatic.com cse.google.com www.google.com static.whatshelp.io geo.erxes.io;connect-src 'self' *.sodonsolution.org *.sodonsolution.com www.google-analytics.com www.googletagmanager.com analytics.google.com stats.g.doubleclick.net connect.facebook.net staticxx.facebook.com graph.facebook.com api.hubspot.com forms.hubspot.com whatshelp.io geo.erxes.io www.membership.mn:8080 *.trademongolia.mn; 1
block-all-mixed-content; frame-ancestors *.andaraki.com.br 1
script-src 'report-sample' 'nonce-7c--aGYpHWilMKSS3rSOXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.hr https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.hr; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.hr https://m.myprotein.hr https://checkout.myprotein.hr https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.hr; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
Content-Security-Policy: default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
frame-ancestors 'self' tallyeducation.com *.tallyeducation.com 1
frame-ancestors https://passport.tutorjr.com https://www.tutorjr.com https://omsorder.tutorabc.com https://consultant.tutorabc.com https://homework.tutorjr.com 1
default-src blob: https: data: 'unsafe-inline' 'unsafe-eval' ; 1
upgrade-insecure-requests;, frame-ancestors https://www.campusiesrfa.com https://drive.google.com 1
default-src 'self' * script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src 'self' * 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://*; font-src * data:; frame-src https://www.facebook.com https://youtube.com https://www.youtube.com http://www.youtube.com http://www.google.com  ;img-src * 'self' data: https: ; child-src 'none';   connect-src 'self' https://* wss: ws:; 1
script-src  'unsafe-inline' 'unsafe-eval' http: https:;worker-src blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.google.co.in *.herokuapp.com *.ravepay.co ajax.cloudflare.com chimeratool.com *.chimeratool.com *.elfsight.com data.chimeratool.com *.flutterwave.com *.stripe.com *.atfawry.com *.google.com  *.facebook.net *.callbell.eu *.jsdelivr.net *.polyfill.io wss://*.polyfill.io:* wss://*.tidio.co:* *.tidio.co *.tidiochat.com  wss://*.citruspay.com:* wss://*.google.co:* *.citruspay.com wss://*.fawrystaging.com wss://*.atfawry.com wss://*.fawry.com wss://*.youtube.com:* *.youtube.com wss://*.tawk.to:* *.tawk.to *.facebook.com *.fawrystaging.com *.mastercard.com.au *.fawry.com atfawry.fawrystaging.com *.facebook.net *.mastercard.com *.razorpay.com *.google-analytics.com *.securecode.com  *.google.com *.dhru.com *.paypal.com *.googletagmanager.com ; img-src * data:; font-src * data: 1
default-src 'self' *.vimeo.com *.facebook.com *.monetate.net www.google.com *.worldpay.com *.criteo.com *.qualaroo.com www.youtube.com *.issuu.com www.instagram.com *.google.com *.emarsys.net *.onetrust.com *.criteo.net;  script-src 'self' www.googleadservices.com *.colissimo.fr *.mapbox.com *.jquery.com *.googleapis.com *.googletagmanager.com *.cquotient.com *.cloudflare.com unpkg.com *.monetate.net *.zdassets.com *.bing.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ecommerce.js www.google-analytics.com/plugins/ua/ec.js maps.googleapis.com *.mondialrelay.com *.feefo.com *.worldpay.com *.px-cloud.net *.scarabresearch.com www.google.com www.gstatic.com *.criteo.net *.criteo.com *.crazyegg.com *.amazonaws.com *.facebook.net *.trustedshops.com *.qualaroo.com *.webgains.com *.webgains.io *.emarsys.net www.staging.pro-duo.fr www.pro-duo.fr polyfill.io www.instagram.com *.onetrust.com *.google.com *.clarity.ms *.cdn-apple.com 'unsafe-inline' 'unsafe-eval' blob:;  img-src 'self' * data:;  font-src 'self' *.googleapis.com *.gstatic.com *.monetate.net *.cdn-apple.com data:;  style-src 'self' 'unsafe-inline' *.colissimo.fr *.mapbox.com *.googleapis.com unpkg.com *.mondialrelay.com *.monetate.net *.worldpay.com;  connect-src 'self' *.onyourmap.com *.google.com *.colissimo.fr *.mapbox.com *.google.com *.monetate.net *.zendesk.com *.crazyegg.com *.zdassets.com *.google-analytics.com *.feefo.com *.doubleclick.net *.crazyegg.com *.mondialrelay.com *.scarabresearch.com *.emarsys.net *.px-cdn.net *.px-cloud.net *.edq.com *.bing.com *.onetrust.com *.clarity.ms *.googleapis.com;  media-src 'self' 1
upgrade-insecure-requests; frame-ancestors 'self'; object-src 'none'; manifest-src 'none'; 1
style-src 'self' fonts.googleapis.com idash.ifcshop.net 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval' 'self' blob: data: 1
frame-ancestors https://*.rsca.be https://*.rsca.infosupport.com  https://*.ddev.site; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://static.zdassets.com/ekr/snippet.js https://static.ads-twitter.com/uwt.js https://static.zdassets.com/ekr/sentry-browser.min.js https://script.hotjar.com/ https://static.hotjar.com/ https://static.zdassets.com/ https://widget-mediator.zopim.com/ https://documentcloud.adobe.com/view-sdk/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/releases/ https://www.googletagmanager.com/ https://googleads.g.doubleclick.net https://www.google.com/pagead/ ; style-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: ; img-src * data: ; connect-src 'self' 'unsafe-inline' 'unsafe-eval' filesystem: https://ekr.zdassets.com/compose/ https://synetiq.zendesk.com/ wss://widget-mediator.zopim.com/ https://s3.eu-west-2.amazonaws.com/assets.synetiq-auctions.co.uk/ https://viewlicense.adobe.io/viewsdklicense/jwt https://vc.hotjar.io/sessions/ https://content.hotjar.io/ wss://ws.hotjar.com ; font-src 'self' data: filesystem: ; frame-ancestors 'self'; frame-src *; media-src 'self' filesystem: https://static.zdassets.com/ ; 1
frame-src https://minun.synlab.fi/ https://qaportal.synlab.fi/ https://player.vimeo.com/ https://static.addtoany.com/ https://www.google.com/ https://vars.hotjar.com/ https://www.facebook.com/ https://www.youtube.com/ https://ninchat.com/ https://form.apsis.one; upgrade-insecure-requests; 1
default-src 'self' *.gstatic.com *.google-analytics.com *.google.com *.googleapis.com *.gstatic.com api.webthumbnail.org *.googletagmanager.com *.stats.g.doubleclick.net *.doubleclick.net *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; script-src 'self' 'nonce-ba0a667f7b1cd37ec53d67d816dd0a4d' *.facebook.com *.facebook.net *.connect.facebook.net *.twitter.com *.bannerflow.net *.googleapis.com *.google.com *.gstatic.com *.google-analytics.com/analytics.js code.highcharts.com/highcharts.js *.googletagmanager.com *.stats.g.doubleclick.net *.doubleclick.net *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl *.amcharts.com; style-src 'self' 'unsafe-inline' *.facebook.com *.facebook.net *.connect.facebook.net *.bannerflow.net *.googleapis.com *.google.com *.gstatic.com *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; img-src 'self' data: *.facebook.com *.facebook.net *.connect.facebook.net *.bannerflow.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.pls.pl *.plusliga.pl *.tauronliga.pl *.siatkarskaliga.pl *.oldboysvolleyballcup.pl *.tauron1liga.pl; frame-src 'self' *.google.com *.facebook.com *.facebook.net *.twitter.com *.connect.facebook.net *.bannerflow.net *.yumpu.com youtube.com https://widgets.volleystation.com https://www.openstreetmap.org https://www.vis.ignatowicz.com.pl www.youtube.com; ; report-uri /csp-report.php 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.thefourthnews.in;block-all-mixed-content; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://cdnjs.cloudflare.com; style-src 'self' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://www.gfdrr.org http://www.geonode-gfdrrlab.org https://api.mapbox.com; connect-src 'self' https://www.google-analytics.com 1
frame-ancestors *.cafe24.com *.togle.io *.togle.shop togle.io togle.shop 1
font-src 'self' data: https://ka-f.fontawesome.com/ https://fonts.gstatic.com/ ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://hello.myfonts.net/ https://portal.hipp.ua/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com/  http://www.google-analytics.com/ https://cdn.jsdelivr.net/ http://cdn.jsdelivr.net/ https://static.etracker.com https://code.etracker.com https://www.googleadservices.com https://www.etracker.de https://googleads.g.doubleclick.net https://inv-dmp.admixer.net https://cdn.admixer.net/ https://www.google.com/ https://www.google.com.ua https://maps.googleapis.com https://portal.hipp.ua/ https://telegram.org/js/telegram-widget.js; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/ http://code.jquery.com http://static.etracker.com/code/e.js https://unpkg.com/share-api-polyfill/dist/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://ssl.google-analytics.com/  http://www.google-analytics.com/ https://cdn.jsdelivr.net/ http://cdn.jsdelivr.net/ https://static.etracker.com https://code.etracker.com http://code.etracker.com https://www.googleadservices.com https://www.etracker.de https://googleads.g.doubleclick.net https://inv-dmp.admixer.net/ http://inv-dmp.admixer.net/ https://cdn.admixer.net/ https://analytics.tiktok.com https://www.clarity.ms/ https://www.google.com/ https://www.google.com.ua https://maps.googleapis.com https://tagmanager.google.com/ https://portal.hipp.ua/ https://telegram.org/js/telegram-widget.js ; img-src 'self' data: https://www.facebook.com/ https://ssl.google-analytics.com/ http://www.google-analytics.com/ www.youtube-nocookie.com www.youtube.com https://i.ytimg.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.com.ua https://maps.gstatic.com https://portal.hipp.ua/ https://static.addtoany.com/buttons/; connect-src 'self' https://proxy.my-dev.org/ https://ka-f.fontawesome.com/ https://kit.fontawesome.com https://www.facebook.com/tr/ https://www.etracker.de https://www.google-analytics.com/ https://analytics.google.com/ https://region1.analytics.google.com/ https://stats.g.doubleclick.net https://portal.hipp.ua/ https://inv-nets-eu.admixer.net/ https://analytics.tiktok.com/ https://b.clarity.ms/ wss://portal.hipp.ua/ wss://rtc-cloud-eu1.bitrix.info; form-action 'self' https://connect.facebook.net https://www.facebook.com/tr/ ;  frame-src 'self' https://portal.hipp.ua/ https://www.google.com/recaptcha/ www.youtube.com www.youtube-nocookie.com https://www.facebook.com/ https://bid.g.doubleclick.net/ https://t.me/ https://web.facebook.com/; child-src 'self' https://www.facebook.com/ https://staticxx.facebook.com/ ; object-src 'none' ; 1
frame-ancestors 'self' https://imprumut-acum.ro/ https://credite-imprumut.ro/ http://imprumut.net/ http://imprumut-online.com/ http://kreditta.net/ https://credit-rapid.org/ https://online-credit.ro https://online-imprumut.ro/ https://rapide-imprumuturi.ro/ https://credite-instant.ro https://credite-acum.ro https://credit-rapid.net/ https://hora-credit.ro/ https://imprumut-acum.net/ https://rapid-nebancar.ro/ https://credit-market.ro/ https://credite-nebancare.net/ https://credit-acum.ro/ https://imprumutes.net/ https://imprumutro.net/ https://imprumut-online.ro/ https://onlineimprumut.ro/ https://onlineimprumut.net/ https://onlineimprumut.com/ https://crediteacum.ro/ https://crediteacum.net/ https://informatiidecredit.ro/ https://credite-instant.com/ https://informatii-de-credit.ro/ https://onlineimprumuturi.ro/ https://onlineimprumuturi.net/ https://credit-pusculita.ro/ https://pusculita.net/ https://imprumuttuturor.ro/ https://imprumut-tuturor.ro/ https://online-tuturor.ro/ https://informatii-financiare.ro/ https://pujckavsem.org/ 1
frame-src http://ipso.localdev:8000/; img-src 'self' data: https://maps.google.com/ https://maps.gstatic.com/ https://maps.googleapis.com/ https://matomo.ipso.cx/ https://ipsosante-website-prod-data.s3.amazonaws.com; report-to csp; font-src 'self' https://fonts.gstatic.com/; worker-src 'self' blob:; style-src 'self' https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.datatables.net/ 'sha256-u4zw+EA4PiVCHtUYAVUdqVqH1dSw0eNzH9ygKbl8MvM=' 'sha256-LbOxeTeygTVV9t9RBVtZD1RK+6EhNluxuttKS3SO3EE=' 'sha256-bztL4s6ETJC0Yu3xJor1ChPI44D7xWSfIRlAsA/wezo=' 'sha256-agNaNrqve3B20rk7d2CrcqTp74XS45oefvzdrJOPxi0=' 'sha256-f9TnE/2T+X0U+WxhoMRhitUf3uBcXYC7fhVATzplo/o=' 'sha256-x6v85SqpJ73O57lsqKTheSEtXddTa6pe0SYoGxWoKiA=' 'sha256-GWLOt2Biq8EDutkBHy5YqY9qFehXAjlb1xUGXZPFJSo=' 'sha256-mHRWxebJcb7OH5L8y4EOCDaKVuUZ/bERTwMSKp7dgvc=' 'sha256-MoR1/5pQyU/A3MK6ozmcm2I7JCnWf3zcUdYH8KNZfJA=' 'sha256-aAZlCvcbteG2Dn8K0SdLOZdIuFB0hTmGJ23e44Pf7nA=' 'sha256-f21RqudUd21Hn+tyCwO0y9SOgfmpNPQCdEETa0hQCHc=' 'sha256-0xfjfDrJZPYT6MSCJEcuW/V4rWzmKualFFOBVGrzQ9I=' 'sha256-RIKH+Ud+lXeEIBmWZSZwD3ZmmMiWTY5SBE+nhXdYs3I=' 'sha256-FeOJbnfCzCKyZPfkOCjz+GcAYzzJ/RR7Y2+wvbT/9BU=' 'sha256-N9EDhDoctnenAJ273Wwd2M6Mzrxq1i15n6Q1rRDi+n8=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-mmA4m52ZWPKWAzDvKQbF7Qhx9VHCZ2pcEdC0f9Xn/Po=' 'sha256-vxDh7VAxCA/bCtu0YnWl3bRZqaW9GY9Ms8kSC13F2M0=' 'sha256-/VVOq+Ws/EiUxf2CU6tsqsHdOWqBgHSgwBPqCTjYD3U=' 'sha256-D1M7T0Ub2B2hjk0pBXnzYhEBYbLkzdUhGqi9uiYHmSw=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-APrOy8nIZ3XLBwL5bKYrDEJVnCMh2E4zPqfsUGaCOjg=' 'sha256-Ew+ac64tx/Fslcpkd+9dcL+TCbfjaI7sQvlMq2DO3IA=' 'sha256-vxDh7VAxCA/bCtu0YnWl3bRZqaW9GY9Ms8kSC13F2M0=' 'sha256-8yUmIivg5iGRmZXNOVyxl46RhqlD1zwPvDRfajVQ0Mw=' 'sha256-D1M7T0Ub2B2hjk0pBXnzYhEBYbLkzdUhGqi9uiYHmSw=' 'sha256-QzbuspFx3XWfDfPzTlfR0J2UlRJ1iYhfJ1wQgds/IA0=' 'sha256-APrOy8nIZ3XLBwL5bKYrDEJVnCMh2E4zPqfsUGaCOjg=' 'sha256-Zw1VGffbffMnOY2qIZ55MfMDqBWPR9FTGAlOqx9FpEw=' 'sha256-0GPQKZe0omCsfvFF3XfEc3IlzBdxXjxWObFmZom/Zfk=' 'sha256-PNsPul0zQFUiYu9XLVKzTdD5Cz5ghp1MT4H5/zAeI3Q=' 'sha256-R5Fpm/HKT6Ivur4LmLQK2BF5Iof1Bzx2i9FDSngmtR0=' 'sha256-KDfgL/bZPCyJ+tKBm7oRZgFNjm7ZbTFqE5GDZBeX8ms=' 'sha256-vIpHqmTnOfjQWDk0CZfF3QMo1P1aG7x5U5iJMdDsIrI=' 'nonce-nDwHU4pk5WJ6yYWhY/jG5g=='; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://ipsosante.fr https://*.ipsosante.fr https://secure.payplug.com; script-src 'self' https://maps.google.com/ https://*.googleapis.com/ https://js.sentry-cdn.com/ https://browser.sentry-cdn.com/ https://unpkg.com/ https://cdnjs.cloudflare.com/ajax/libs/select2/ https://cdn.datatables.net/ https://matomo.ipso.cx/ https://sentry.ipso.cx/ 'sha256-VaHOORYaK/VrKFXwMDDI7/OlPERD6wdgieOtntFC+3k=' 'sha256-7l+gZky45slb7FzjS5NrmkV8PDtfhES3o2rPBYuNfqE=' 'sha256-HTl4/SBLajGsEETS3Fari9prPJEVLwrITRVvo9MQwtc=' 'sha256-Glr2W7ltVX8b0yT13U6kugzjdiHTzfqEkDtpfcvCjH0=' 'sha256-1b6I9juF4B8Bz0hLu+UM0MzipegcYhjH8RQy5E7AqMo=' 'sha256-zmyKz2OZF0mgLk5eLo/9OHN7pCPGUmS1/P27opzLSzc=' 'sha256-ghYbLPtuJ68sWKI07jYa2uS4NMJHAOYa43fCb0nDwLM=' 'sha256-kTuB7UP4LEoomhpw+j4wBSxtOVbUsQej9ciqoqptUW4=' 'sha256-N5tif7y/RxRqUBseGkhodD0vcbR+yzdaNnDsKPydNK8=' 'sha256-hwtkdppvx21qzzjhS8cmPZH5r8RMKh5+8uhrDf2r4oI=' 'sha256-+OQ8XS65I6M/bXWPgQDFBiG0XYPcnj1Lyx0vTT07zdc=' 'sha256-bu+cJdHmCTxNscgh+C4IXmRl1OBLUb/JT+AfR3+kqS4=' 'sha256-vctCm+lLWKRRNC8xEevuMTs78ekKeqrx9unwQSXE1xM=' 'sha256-ALGB14xFsf//iiTBdO64nPWarY0rJE4N54YhCkWRf68=' 'sha256-TZ6U37wWF/x8bVD1GQcCTWLFKrlIz7de42Ay+V1hpJQ=' 'sha256-1GKCZtAsXvydQ6jbG+25CN61Zs+YD2aRHRWtNYmZfkI=' 'sha256-i6v0OlX8KMxP9JmWK2iHr4R/px4g6X5h4UV5Q9sFPnk=' 'sha256-QG99t1erGt+BDwyAAsdbxxFD7JvcL5hREsab4/UGq4U=' 'sha256-7yYOdKpeGTTSeF4cCpqEW9X7p96yRO2/Y9pEFGSxTAU=' 'sha256-vNeJn1dWp277ekUfozNLfHSdfQAJl3+blrN9XvUsYwE=' 'sha256-pZpFvAa315bpuQozvBYrH6addZ56NqC8Cx5q69rYe/s=' 'sha256-WjcbePKHrc8+6HxqPmhK+ypFoLOPCnwGn3LztbOW21Y=' 'sha256-UEl8AyPL0LZm/miHIEjF/seV7iQo8pcL4xlZOdrGR7c=' 'sha256-J5exb3CTw8qtxlj7YAZyhclsC6LkylMDjEjELvAQ/RM=' 'sha256-oIbrb5N0QI3gwR/9vB7uqS3zpmmgAGwvjXiplvetBuY=' 'sha256-XyafikdYTPGs2sbQYLtKWHWf5aGKocs9qkaYEks6+Mc=' 'sha256-jypv4N8eW7D4pulaV094A3gyRI2viH+PwXJSLixyXdc=' 'sha256-gq8ckm6A2Y40cl7oSbiCyjl2m9eg7sX49IYE9+GwVyM=' 'sha256-fFMex/5hXP0z+T6azadCDW9MS/9MahIxP+WxQ4RaS9I=' 'sha256-6WiTOalOkrI/df2ET9Kt90IgHYzxAbOnTx65qP8Y+Ag=' 'sha256-/bOY8LSZT2CNkpRkEBrYFmtOtpmJfCV6lAAaK9XIr28=' 'sha256-f8WgD97qN8jbmvTQwdV8dURFyKd80saDH6RgQSoG02Q=' 'sha256-JRCMjU7ro44h2Tqb9IwE5gECkpa7Isr7wLVlCNsdr6M=' 'sha256-0KFEZo23O+OrqBasFTqZvYQat50cHZ2aupPhk33x1A8=' 'sha256-wWXhSgVyqslCNv7QQDp+dc8Js0H/k7rVR7oA/PcI7Tc=' 'sha256-W8KdF65gxTcO0WXuhjjOO5prgK5vh0FdREF3Tn5TW7s=' 'sha256-zGje3AhbkYA0J0EEBUmezpiTNFb5a+mBzXqIgwOi6yI=' 'sha256-g2RGL8oDKE1IXt28FSEPheNO6Ejhv8567H7eq8jH088=' 'sha256-DyFCWtYH1v3xvRdCqx2YehZQ4/y2ZkYFSJAQvA2XFAA=' 'sha256-K3ZHwiIA66mgQ7La57qf+/hdPgBhvlsx+niI/YqvFwc=' 'sha256-3ok8BS5nHTYuciP6a4b3FuzeT+DeEggPkANxWyPmrOA=' 'sha256-C/pdiDGQDBFblXY2C03yjTQgNwjym/oca9Uch7vqrlc=' 'sha256-09kC3G82oU1OJlaXVb58QEh1q0G8FeZ/ZcfioRfuUF8=' 'sha256-mH1eczB2tkYaR7Ctk4cw5ETpdGlJcKUAxiZsem6ulRw=' 'sha256-g8gz1GST39W0vKvoTVYUhWDEE7Ir2E6yXivyvgqw8Yc=' 'sha256-QHzHxf0sU95rOKQ9z+tgMfhzL4oeg5SV3XtiR6VnVHc=' 'sha256-QH+aN7Yh78+mYeSAaxFlTGXE5gxGeJNHEnzTthpuiRg=' 'sha256-1SddtyWQa1fN4/p27xCN4cg0XA8+gzWABTPffDMzOHA=' 'sha256-su2oZ+pF9825ZZL+P/PAeCxC4FiVyCcD9wUom1a8bB8=' 'sha256-oO371im59l4jGsUYWYTmgmNt+f2QWCmPTGr6QeezUU0=' 'sha256-2j3qDuwu+Xa4tZbQDur6tZE+nYjkSJCSnKmbaj3NsuA=' 'sha256-nGs8DR8ot55LkW8Vk/PMRQHydXhP30X9uHeW+YnOLQM=' 'sha256-EvWebyM9TZr0+mOB7N4+8RzzjOnXys9IBUFt1Gcup9k=' 'sha256-J7eb2XZFVIlDZ6AzbZu7i5oFjvxRs9Sq69x8rEJlg+k=' 'sha256-FFga4M+WT9TQW9nRTuCs1LJoArhq3qBfQLy+9pgv2k0=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-cH/J2O6oSbZaIKyGS2fPtnqh4dhlmxz0LqLf/TG3J3Q=' 'sha256-gFcztrdd2gP8VrePkriYfeHMNAJzFgIhdcYpsEbb+CA=' 'sha256-vh6ohPVtItykpCVCcbsEDBb5eL8ZEeH3V/8oNkhoCKo=' 'sha256-57+QLJW9gPRjJm5T0yF0KgFW9UyMvAFGzOvtJPqiooA=' 'sha256-QcLTf5J2Ap4+u3CXDCLdMg6vZ0NgnJlN6cARK6IF9q0=' 'sha256-ebKfCjlVtDnaNuyUz9uMuXmuNbJ6a6GReQ8VGIAqmqU=' 'sha256-sJsY/jfSPzYy/zU6i+vsZ+00vAHf6p5tZgYXD+5mQiw=' 'sha256-oUkvTwwCw3podQ5t8ryDIDWeHH0qKfkUz5AFlcDqDDg=' 'sha256-SXqzghOyguPHJe9V82lzY0u9n9wWo6cQjnwq62qTHdE=' 'sha256-Br51URoteCuDwKXCrz00tmD5ulR4AzWNDtSjw8JVvNE=' 'sha256-/J7CFzWkG7lh+IVdk8oSnmahlbQxAwH0vEVwdomVA20=' 'sha256-7XTHM1fxYx2B9B5/625iOto5ncnFTj0uxbNh6YOB2Rs=' 'sha256-61p7YxYP+ffyEFwJM6FJMysmGfZprh4bChmah/NfE1A=' 'sha256-h2qNgeMSZpqEdxUSzhBvDoUnqerNZ2Za8HwoZ4QrWnQ=' 'sha256-Gu1JphBMD2yAeDHhnk8EkKeY2H7f/QXavkoTwZMa7T8=' 'sha256-8NmwB2nZvUN4VqJYfw5OhLEWhR1lDa/WpzeiDeNoP8Q=' 'sha256-7P88z2sTy4E7Wyyqqpxfds4cV18Vw5Y7g5t3SsKuRiw=' 'sha256-ExLW95iBB4W4A/o8eLIsz2BC7W1aV5atqmKwZgC+7ms=' 'sha256-Lo/XejsdudLVvP98iUHA0C9U5BqbNC/dPy+dred/3L0=' 'sha256-+WWnYdW34zQq7+M5hE4/bOe2qtcz4uzj63ChJ9an5ik=' 'sha256-11KekW6wmQarQKv1o4m/WLYhklqsemkCMQygbfWleWs=' 'sha256-9p2G/nA2WdqV/KvddCbz9xNhqNUd3YoDlBrxw5Gf/XE=' 'sha256-Jmu44za54gdx3x49jj6Nz6oDLGo15LwzYz8mLJZUN/M=' 'sha256-/GAFwXbT6upKD5KkzC/EnJt/2o3cQ7sfIpgJgugz5h8=' 'sha256-A5sA5Ho8W1XKXF8kvcZ1EySblEKvwfEhG3uUJiRm/II=' https://*.ipsosante.fr https://ipsosante.fr 'nonce-nDwHU4pk5WJ6yYWhY/jG5g=='; default-src 'self'; connect-src 'self' *.sentry.io api.jitsi.net maps.googleapis.com matomo.ipso.cx sentry.ipso.cx; media-src 'self' 1
base-uri 'self'; object-src 'self' https://katasulsel.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.dpd.com.pl https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.dpd.com.pl https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self' https://*.dpd.com.pl https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.dpd.com.pl https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
upgrade-insecure-requests; default-src 'self' *.openbank.com *.openbank.es; script-src *.openbank.pt *.openbank.com 'unsafe-inline' 'unsafe-eval' snap.licdn.com https://js.hcaptcha.com/ https://maps.googleapis.com https://browseranalytic.com https://www.google.com *.gstatic.com tags.tiqcdn.com *.google-analytics.com https://*.g.doubleclick.net *.youtube.com *.googleadservices.com *.facebook.net *.ytimg.com api-ob.nd.nudatasecurity.com https://cdnjs.cloudflare.com *.googletagmanager.com *.we-stats.com static.browseranalytic.com bat.bing.com blob: unpkg.com; connect-src 'self' *.openbank.pt *.openbank.es *.openbank.com *.google-analytics.com *.we-stats.com *.biocatch.com lib-eu-1.brilliantcollector.com op.browseranalytic.com *.google.com *.googleapis.com *.googlesyndication.com https://*.g.doubleclick.net bat.bing.com cdn.linkedin.oribi.io https://hcaptcha.com https://*.hcaptcha.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.openbank.com https://maxcdn.bootstrapcdn.com; img-src 'self' *.openbank.pt px.ads.linkedin.com www.financeads.net data: 'unsafe-inline' *.googletagmanager.com https://maps.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.openbank.com *.google.ie *.google.com https://aax-eu.amazon-adsystem.com bat.bing.com www.linkedin.com tbl.tradedoubler.com *.googlesyndication.com www.facebook.com; media-src 'self' *.openbank.com *.youtube.com; child-src 'self' https://www.google.com *.gstatic.com *.youtube.com blob: https://newassets.hcaptcha.com  *.doubleclick.net ;frame-ancestors 'self' https://openbank.campaign.adobe.com; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob: mediastream: wss:; 1
frame-ancestors 'self' www.oxworks.com.au 1
default-src 'self' https://*.userlane.com; script-src 'self' https://*.azureedge.net https://*.dynamics.com https://www.googleanalytics.com https://optimize.google.com https://*.mailplus.nl https://connect.facebook.net https://*.clickdimensions.com https://www.gstatic.com https://www.google.com https://www.paypal.com https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://script.hotjar.com https://tag.static.eu.context.cloud.sap https://www.google-analytics.com https://*.hotjar.com 'unsafe-inline' https://www.googletagmanager.com https://ssl.google-analytics.com https://*.vo.msecnd.net https://*.userlane.com https://www.googleoptimize.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.hotjar.com 'unsafe-inline' https://optimize.google.com https://*.clickdimensions.com https://*.vo.msecnd.net https://checkoutshopper-live.adyen.com https://checkoutshopper-test.adyen.com https://cdn-images.mailchimp.com https://fonts.googleapis.com https://*.userlane.com 'unsafe-inline'; connect-src 'self' https://*.westeurope.logic.azure.com https://*.azureedge.net https://*.dynamics.com https://o1121245.ingest.sentry.io https://*.google-analytics.com https://*.analytics.google.com wss://*.hotjar.com https://*.hotjar.com https://*.hotjar.io https://htp741805396-hamiplant.api.eu.context.cloud.sap/ https://htp741805397-hamiplant.api.eu.context.cloud.sap/ https://htp741805396.api.eu.context.cloud.sap/ https://htp741805397.api.eu.context.cloud.sap/ https://tag.static.eu.context.cloud.sap/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://www.sandbox.paypal.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.userlane.com; img-src 'self' https://*.1ps.nl https://*.florinet.nl https://*.azureedge.net https://*.dynamics.com https://freshandeasy.nl https://image.floriday.io https://shop.florashopping.nl https://www.flowersplantsandmore.com https://AlfaPro-Online.com https://www.terhaarornamental.nl https://zentoo.florinet.nl https://mijoflowers.com https://pictures.flowerwebshop.net https://023.kbt-pro.nl https://images.easyflor.nl https://webshop3.florashopping.nl https://pictures.flowersales.nl https://vmp.starflor.nl https://img.greenmaster.nl https://webshop.welyflor.com https://webshop3.wbe.nl https://4att.uniware.nl https://services.sdf.nl https://groenenmeer.sdfcloud.nl https://webshop.gdekoning.nl https://webshop.rotoflowers.nl  https://img.img20.match-online.nl https://img20.match-online.nl https://winco.florisoftcloud.nl https://summit.florinet.nl https://webshop.freshcap.eu https://webshop.eijkpotplanten.nl https://www.tgca.nl https://webshop.hpvannieuwkerk.nl https://webshop.floraunited.nl https://*.hotjar.com https://floralwebshop.com https://img.floraplaza.nl https://optimize.google.com https://test-pictures.flowerwebshop.com https://www.google-analytics.com https://*.analytics.google.com https://webshop.mdk.nl https://website.pfitzer.nl https://www.duif.nl https://www.facebook.com https://webshop.fsq.nl/ https://webshop.demooij-import.com/ https://www.ccpictures.net/ https://res.cloudinary.com/ https://*.userlane.com http://83.98.232.238/ https://webshop.frescoflowers.nl/ http://zentoo.florinet.nl/ https://webshop.arendroses.nl/ https://webshop.decofresh.com/ http://summit.florinet.nl/ http://winco.florisoftcloud.nl/ https://www.paypalobjects.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://p7.1ps.nl/ https://hus.1ps.nl/ https://api.floriday.io/ http://images.duif.nl/ http://213.125.32.122:81/ https://image.freshportal.com/ http://85.17.33.195/ http://img.logicab.nl/ http://lw-fps-img-01.freshportal.nl/ http://img20.match-online.nl/ https://images.connectwebshop.nl/ https://*.ozplanten.nl https://shop.floraplaza.nl/ data: https://*.google-analytics.com http://webshop.hamifleurs.nl http://webshop.flowertrading.nl https://ssl.google-analytics.com https://www.googletagmanager.com https://floraxchange.blob.core.windows.net http://shop.flowertrading.nl http://accp.flowertrading.nl https://dutchplantshop.nl https://img20.match-online.nl http://www.gasagroup.com https://img.ozexport.nl https://images.connectwebshop.nl http://webshop.flowertrading.nl https://services.sdf.nl/ https://ozplanten.nl https://garden-line.nl https://plantsplaza.com https://alfapro-online.com https://*.freshportal.nl https://img.logicab.nl https://beeldbankfotos.royalfloraholland.com https://api.floriday.com https://images.duif.nl https://023.kbt-pro.nl https://img.greenmaster.nl https://cms.pt-creations.nl; font-src 'self' https://*.hotjar.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.userlane.com data:; frame-src 'self' https://optimize.google.com https://*.hotjar.com https://player.cloudinary.com https://login.microsoftonline.com https://login.windows.net https://forms.office.com https://e.issuu.com https://www.sandbox.paypal.com/ https://checkoutshopper-live.adyen.com/ https://checkoutshopper-test.adyen.com/ https://*.vimeo.com/ https://*.youtube.com/ https://*.twitter.com https://*.facebook.com/ https://*.pinterest.com/ https://issuu.com/ https://*.google.com; frame-ancestors 'self' https://accstorefront.cuyu7qqhig-dutchflow1-p2-public.model-t.cc.commerce.ondemand.com/; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org *.google-analytics.com *.googletagmanager.com www.youtube.com *.adsrvr.org connect.facebook.net form.lidl.com; img-src 'self' data: cdn.cookielaw.org www.lidl.de www.lidl.nl www.lidl.be www.lidl.fr www.lidl.hu www.lidl.pl www.lidl.es www.lidl.sk www.lidl.cz www.lidl.si *.google-analytics.com *.object.storage.eu01.onstackit.cloud assets.parkside-diy.com *.google.com www.google.de www.facebook.com form.lidl.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.fonts.net form.lidl.com; font-src 'self' 'unsafe-inline' data: fonts.gstatic.com form.lidl.com; frame-src 'self' 'unsafe-inline' *.youtube-nocookie.com *.adsrvr.org form.lidl.com; connect-src 'self' cdn.cookielaw.org *.google-analytics.com *.analytics.google.com *.onetrust.com stats.g.doubleclick.net live.api.schwarz form.lidl.com *.facebook.com; frame-ancestors 'self' *.googletagmanager.com *.google-analytics.com form.lidl.com; 1
img-src 'self' data: ajax.aspnetcdn.com pwddelhi.gov.in www.google.com www.gstatic.com openweathermap.org www.googleapis.com clients1.google.com translate.googleapis.com translate.google.com maps.gstatic.com maps.googleapis.com;               font-src 'self' data: fonts.gstatic.com maxcdn.bootstrapcdn.com;            script-src 'self' 'unsafe-inline' 'unsafe-eval' use.fontawesome.com maps.googleapis.com cse.google.com translate.google.com www.google.com translate.googleapis.com translate-pa.googleapis.com cdnjs.cloudflare.com;            style-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.datatables.net www.google.com translate.googleapis.com fonts.googleapis.com; 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.ar/report-uri/enforce 1
frame-ancestors 'self'; report-uri https://www.recetasnestle.com.pe/report-uri/enforce 1
default-src 'self' data: blob: https://service.studio9.cz https://www.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com https://*.google.com https://*.google.cz https://*.googlesyndication.com https://*.gstatic.com https://*.youtube.com https://*.googleadservices.com https://*.doubleclick.net https://connect.facebook.net https://*.facebook.com https://c.imedia.cz https://*.seznam.cz https://*.cdninstagram.com https://*.pinterest.com https://*.pinimg.com https://*.targito.com https://*.targito.sykora.eu https://*.typekit.net 'unsafe-inline' 'unsafe-eval' 1
default-src  'self' *.youmecard.jp *.digicert.com *.yjtag.jp *.google.com *.gstatic.com *.googletagmanager.com *.googleapis.com *.google-analytics.com *.google.co.jp yjtag.yahoo.co.jp seal.verisign.com ogp.me ad.atown.jp *.trendmicro.com *.yimg.jp *.googleadservices.com *.userlocal.jp 'unsafe-inline' 'unsafe-eval' ; frame-ancestors 'self' *.youmecard.jp *.digicert.com *.google.com *.google-analytics.com *.google.co.jp *.yjtag.jp yjtag.yahoo.co.jp seal.verisign.com ogp.me ad.atown.jp *.trendmicro.com *.yimg.jp *.googleadservices.com *.userlocal.jp 1
base-uri 'self'; object-src 'self'; frame-ancestors 'self' 1
default-src https: data: 'unsafe-inline' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://js-agent.newrelic.com https://bam.nr-data.net https://bam-cell.nr-data.net *.google-analytics.com https://www.googleanalytics.com https://www.google.com/recaptcha/ https://www.recaptcha.net https://www.gstatic.com/recaptcha/ https://api.maptiler.com https://cdn.maptiler.com https://connect.facebook.com https://connect.facebook.net https://bat.bing.com https://js.stripe.com https://*.googletagmanager.com/ https://pagead2.googlesyndication.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ https://beacon-v2.helpscout.net/ https://kit.fontawesome.com/ https://api.mapbox.com/ https://*.hotjar.com https://*.hotjar.io https://widget.surveymonkey.com/ https://ajax.googleapis.com/ https://js.sentry-cdn.com https://browser.sentry-cdn.com https://o4507096105549824.ingest.de.sentry.io https://*.visualwebsiteoptimizer.com https://app.vwo.com; img-src 'self'  https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://*.babysits.com https://*.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://bat.bing.com https://www.facebook.com https://www.facebook.net https://ade.googlesyndication.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://*.googleusercontent.com https://*.hotjar.com https://*.hotjar.io https://*.visualwebsiteoptimizer.com https://chart.googleapis.com https://wingify-assets.s3.amazonaws.com https://app.vwo.com data: blob: ; connect-src 'self' https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://cdn.babysits.com https://events.babysits.com https://events.staging.babysits.net https://events.babysits.com.development.babysits.net https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://pagead2.googlesyndication.com/ https://*.g.doubleclick.net https://www.googleadservices.com/ https://www.facebook.com https://api.stripe.com https://api.maptiler.com https://beaconapi.helpscout.net https://chatapi.helpscout.net https://d3hb14vkzrxvla.cloudfront.net https://bam.nr-data.net https://bam-cell.nr-data.net wss://*.pusher.com https://ka-p.fontawesome.com/ https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://o4507096105549824.ingest.de.sentry.io https://cdn.liveness.rekognition.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com wss://streaming-rekognition.eu-west-1.amazonaws.com/start-face-liveness-session-websocket https://*.visualwebsiteoptimizer.com https://app.vwo.com; frame-src 'self'  https://www.google.com https://td.doubleclick.net/ https://bid.g.doubleclick.net https://www.facebook.com https://js.stripe.com https://hooks.stripe.com https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.recaptcha.net https://*.hotjar.com https://*.hotjar.io https://*.surveymonkey.com/ https://app.vwo.com https://*.visualwebsiteoptimizer.com; worker-src blob: ; child-src blob: ; font-src https://cdn.babysits.com https://*.hotjar.com https://*.hotjar.io https://app.vwo.com https://*.visualwebsiteoptimizer.com; frame-ancestors 'self'; object-src 'none' ; base-uri 'none'; style-src 'self' 'unsafe-inline' https://*.visualwebsiteoptimizer.com https://app.vwo.com https://s3.amazonaws.com https://cdn.maptiler.com; 1
frame-ancestors 'self' www.batteriesexpert.com 1
block-all-mixed-content; frame-ancestors *.casamattos.com.br 1
frame-ancestors caso-design.de 'self' *.etracker.com http://192.168.0.3; 1
frame-ancestors 'self' https://curucuru.jp https://www.curucuru.jp https://prod-apnortheast-a.online.tableau.com; form-action 'self' https://www.facebook.com https://pt01.mul-pay.jp https://p01.mul-pay.jp https://sentry.io; 1
frame-ancestors 'self' deportelibre.live tuich.live; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.digiensacademy.com 1
frame-ancestors 'self' https://at-ut-static.oopocket-dev.com https://at-uat-static.oopocket-dev.com https://static.oopocket.com 1
worker-src blob:; font-src *.gstatic.com *.embed.tawk.to *.fontawesome.com *.agora.io *.edge.agora.io maxcdn.bootstrapcdn.com https://www.forevernew.co.in/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://www.facebook.com https://www.googletagmanager.com/ 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ sandbox.cashfree.com https://td.doubleclick.net *.aax-eu.amazon-adsystem.com *.meetanshi.com *.weltpixel.com  https://cdn.truefitcorp.com https://www.googletagmanager.com/ https://api.cashfree.com/ https://www.youtube.com/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io cashfreelogo.cashfree.com *.va.tawk.to *.tawk.to *.google.com *.google.co.in *.facebook.com *.googleadservices.com *.google-analytics.com *.paypalobjects.com *.vimeo.com *.paypal.com *.sandbox.paypal.com *.googletagmanager.com *.ade.clmbtech.com https://cdn4.fireworktv.com https://cdn1.fireworkn.com *.agora.io *.edge.agora.io * *.meetanshi.com https://cdn.getsimpl.com *.gstatic.com https://asset.fwcdn3.com https://www.forevernew.co.in data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ sdk.cashfree.com *.facebook.com *.ajax.cloudflare.com *.cloudflare.com *.embed.tawk.to *.tawk.to *.google.com *.connect.facebook.net *.bing.com *.amplify.outbrain.com *.cdn.jsdelivr.net *.jsdelivr.net https://www.googletagmanager.com/ *.facebook.net *.googleads.g.doubleclick.net *.tr.outbrain.com *.googleadservices.com *.google-analytics.com *.vimeo.com *.paypal.com *.sandbox.paypal.com *.paypalobjects.com https://connect.facebook.net/ https://fireworkadservices1.com/ https://asset.fwcdn3.com https://asset.fireworktv.com https://asset.fwcdn1.com https://asset.fwcdn2.com https://asset.fwadcdn1.com *.agora.io *.edge.agora.io s7.addthis.com *.avada.io * *.meetanshi.com https://www.googletagmanager.com tagmanager.google.com https://sdk.cashfree.com https://maps.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.gstatic.com *.embed.tawk.to *.fontawesome.com *.getfirebug.com *.agora.io *.edge.agora.io maxcdn.bootstrapcdn.com tagmanager.google.com https://www.forevernew.co.in 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com https://www.forevernew.co.in *.edge.sd-rtn.com blob: *.fireworkanalytics.com  *.embed.tawk.to  https://fireworkanalytics.com https://cdn4.fireworktv.com https://cdn1.fireworkn.com https://*.global-contribute.live-video.net https://*.us-east-1.playback.live-video.net https://*.us-west-2.playback.live-video.net *.agora.io *.edge.agora.io 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://www.google.co.in *.va.tawk.to *.tawk.to https://www.google-analytics.com *.facebook.com *.vsb46.tawk.to https://c.clarity.ms/ https://asset.fwcdn3.com https://cdn4.fireworktv.co https://api.firework.com https://fireworkapi1.com https://image-resizing-cdn-prod.fireworktv.com https://fireworkadservices1.com https://fireworkanalytics.com https://p2.fwpixel.com wss://fireworkapi1.com https://*.agora.io *.agora.io *.edge.agora.io *.sd-rtn.com https://*.edge.sd-rtn.com *.global-contribute.live-video.net *.us-east-1.playback.live-video.net *.us-west-2.playback.live-video.net https://cdn4.fireworktv.com https://web-2.statscollector.sd-rtn.com wss://*.edge.sd-rtn.com:* wss://*.edge.agora.io:* wss://*.agora.io:* ekr.zdassets.com/ https://get.geojs.io *.avada.io *.meetanshi.com *.wizzy.ai wss://sockets.wizzy.ai *.wizsearch.in wss://sockets.wizsearch.in *.google-analytics.com https://analytics.google.com/ https://maps.googleapis.com https://s.clarity.ms https://stats.g.doubleclick.net https://i.clarity.ms/collect https://use.typekit.net https://o330525.ingest.sentry.io 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' ;script-src 'unsafe-inline' https://www.youtube.com https://cdn.matomo.cloud/ https://www.ipeca.fr/ https://*.go-mpulse.net https://unpkg.com https://cdnjs.cloudflare.com;style-src 'unsafe-inline' https://www.ipeca.fr/;font-src 'self' ;img-src 'self' data: https://*.akstat.io;frame-src 'unsafe-inline' https://www.youtube.com;connect-src 'self' wss://localhost:* https://ipeca.matomo.cloud/ https://*.akstat.io https://*.go-mpulse.net https://*.akamaihd.net; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.id.coach.com/ *.coach.com/ *.katespade.co.id/ *.mothercare.co.id/ *.kanmocircle.com/ *.eversince.co.id/ *.colehaan.co.id/ *.elc.co.id/ *.googleapis.com/ *.gstatic.com/ *.styla.com/ *.bootstrapcdn.com/ *.qr-code-generator.com/ *.hotjar.com/ *.pingdom.net *.klevu.com *.ksearchnet.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.id.coach.com *.coach.com *.katespade.co.id/ *.mothercare.co.id/ *.kanmocircle.com/ *.eversince.co.id/ *.colehaan.co.id/ *.elc.co.id/ *.paypal.com/ *.xendit.co/ *.facebook.com/ *.styla.com/ *.verloop.io/ *.mozilla.org/ wss://ws.hotjar.com/api/v2/client/ws/  https://checkout.xendit.co/web/  *.hotjar.io/ *.akstat.io/ *.go-mpulse.net/ *.seekxr.com/ https://checkout-staging.xendit.co/web/ *.pingdom.net 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.twitter.com/ *.facebook.com/ *.akstat.io/ *.go-mpulse.net/ *.ocavu.com/ *.seekxr.com/ *.verloop.io/ https://kanmogroup.verloop.io/ *.sharethis.com/ *.doubleclick.net/ *.googlesyndication.com/ *.imgix.net *.pingdom.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.coach.com/ *.katespade.co.id/ *.mothercare.co.id/ *.kanmocircle.com/ *.eversince.co.id/ *.colehaan.co.id/ *.elc.co.id/ *.google.com *.google.co.in/ *.facebook.com/ *.gstatic.com *.imgix.net *.google.co.id/ *.facebook.net/ *.doubleclick.net *.verloop.io googleadservices.com analytics.com pagead2.googlesyndication.com *.pingdom.net *.klevu.com *.ksearchnet.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://unpkg.com/web-vitals@3/dist/web-vitals.iife.js *.fontawesome.com *.googleapis.com *.gstatic.com *.coach.com/ *.id.coach.com/ *.katespade.co.id/ *.mothercare.co.id/ *.kanmocircle.com/ *.eversince.co.id/ *.colehaan.co.id/ *.elc.co.id/ *.klevu.com/ *.tiktok.com/ *.googleapis.com/ *.cloudflare.com/ *.google.com/ js-agent.newrelic.com/ *.googletagmanager.com *.facebook.net *.g.doubleclick.net *.sharethis.com *.styla.com *.verloop.io *.xendit.co/ *.twitter.com/ google-analytics.com gstatic.com *.mozilla.org/ *.cloudfront.net *.hotjar.com *.googleoptimize.com/ googleadservices.com *.github.io *.gbqofs.com pagead2.googlesyndication.com *.pingdom.net js.klevu.com *.ksearchnet.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.coach.com/ *.id.coach.com/ *.katespade.co.id/ *.mothercare.co.id/ *.kanmocircle.com/ *.eversince.co.id/ *.colehaan.co.id/ *.elc.co.id/ *.twitter.com *.googleapis.com/ *.fontawesome.com/ *.bootstrapcdn.com/ *.styla.com/ *.pingdom.net *.klevu.com *.ksearchnet.com unsafe-inline 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com *.coach.com/ *.id.coach.com/ *.katespade.co.id/ *.mothercare.co.id/ *.kanmocircle.com/ *.eversince.co.id/ *.colehaan.co.id/ *.elc.co.id/ *.verloop.io/ *.cdninstagram.com/ *.katespade.com/ *.imgix.net *.pingdom.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://cwarmer-dev.codilar.in/api/matrix https://dashboard.cwarmer.io/api/matrix *.googleapis.com/ *.google.co.id/ pagead2.googlesyndication.com/ *.verloop.io/ *.styla.com/ *.g.doubleclick.net/ *.sharethis.com/ *.hotjar.com/ *.google.co.in/ *.hotjar.io/ *.crwdcntrl.net/ wss://ws.hotjar.com/api/v2/client/ws *.tiktok.com/ *.nr-data.net/ *.pangle-ads.com/ *.pingdom.net *.klevu.com *.ksearchnet.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com landofcoder.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.co.il https://www.myheritage.co.il  'nonce-41db6f2a34f9b1f32fcf7a268e274d56' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.co.il;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
default-src 'self'; script-src * cdn.cookielaw.org cdn.jsdelivr.net cdn.smartrep.gr js.monitor.azure.com www.google.gr www.googletagmanager.com data: blob: 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://app-kentico-portal-dcx-uat-001.azurewebsites.net https://app-kentico-portal-dcx-prod-001.azurewebsites.net https://app-kentico-portal-dcx-dev-001.azurewebsites.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdn.smartrep.gr; img-src 'self' cdn.smartrep.gr cdn.cookielaw.org www.google.gr data:; font-src 'self' fonts.gstatic.com data:; connect-src 'self' integrations.smartrep.gr cdn.cookielaw.org stats.g.doubleclick.net westeurope-5.in.applicationinsights.azure.com region1.analytics.google.com ws:; object-src 'none'; frame-ancestors https://app-kentico-admin-dcx-uat-001.azurewebsites.net https://app-kentico-admin-dcx-prod-001.azurewebsites.net https://app-kentico-admin-dcx-dev-001.azurewebsites.net https://app-kentico-portal-dcx-uat-001.azurewebsites.net https://app-kentico-portal-dcx-prod-001.azurewebsites.net https://app-kentico-portal-dcx-dev-001.azurewebsites.net 1
script-src 'self' www.youtube.com www.google.com/maps/ hcaptcha.com *.hcaptcha.com maps.googleapis.com *.seznam.cz c.imedia.cz www.zbozi.cz www.googletagmanager.com www.youtube-nocookie.com pixel.biano.cz bianopixel.com cz.bianopixel.com im9.cz connect.facebook.net *.google.com *.gstatic.com *.ppl.cz *.mapy.cz https://postback.affiliateport.eu/track.js https://tracking.affiliateport.eu/ https://tracking.affiliateclub.cz/ 'nonce-8365bec872b923cc5b95b8cc9dfba5f8' www.roomvo.com cdn.roomvo.com partner-events.favicdn.net 'nonce-30407ecc7f1f73e36bb8d4995e8860ae' https://*.smartsuppchat.com https://*.smartsuppcdn.com googletagmanager.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net matomo.reklalink.cz 'nonce-a43b6662c186fe0c2d636cc9cded9ac4' 'nonce-9e4dab379127fbbdcdeef31573afb741';connect-src 'self' hcaptcha.com *.hcaptcha.com maps.googleapis.com *.facebook.com stats.g.doubleclick.net pagead2.googlesyndication.com google.com *.google.com *.google.cz googleads.g.doubleclick.net p.biano.cz cz.bianopixel.com im9.cz *.dhl.com *.mapy.cz affiliateport.scaletrk.com www.roomvo.com partner-events.favi.cz partner-events.favi.sk *.packeta.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://*.smartsupp.com wss://*.smartsupp.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.sk *.google.at *.google.de *.google.fr *.google.pl matomo.reklalink.cz;img-src 'self' data: maps.gstatic.com *.seznam.cz *.googletagmanager.com *.google.com *.google.cz *.google.sk *.google.at *.google.de *.google.hu *.google.com.tr www.google-analytics.com pagead2.googlesyndication.com googleads.g.doubleclick.net *.youtube.com *.googleapis.com www.facebook.com *.mapy.cz *.ppl.cz *.heureka.cz *.heureka.sk www.roomvo.com https://*.smartsuppcdn.com cdn.jsdelivr.net googletagmanager.com *.gstatic.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net google.com *.google.fr *.google.pl matomo.reklalink.cz;style-src 'self' 'unsafe-inline' fonts.googleapis.com hcaptcha.com *.hcaptcha.com *.mapy.cz *.ppl.cz https://*.smartsuppcdn.com https://*.smartsuppchat.com data: googletagmanager.com *.googletagmanager.com tagmanager.google.com;font-src 'self' data: fonts.gstatic.com *.mapy.cz *.ppl.cz;frame-ancestors hcaptcha.com *.hcaptcha.com *.facebook.com www.roomvo.com *.g.doubleclick.net;base-uri 'self';form-action 'self' *.csob.cz *.facebook.com *.paypal.com;report-uri https://www.vavex.cz/?action=report-to;report-to default;default-src 'none';child-src www.youtube.com www.google.com/maps/ hcaptcha.com *.hcaptcha.com *.packeta.com www.zbozi.cz *.facebook.com maps.gls-czech.cz www.youtube-nocookie.com *.google.com b2c.cpost.cz kolekce.vavex.cz seznam.cz www.roomvo.com;media-src 'self' https://*.smartsuppcdn.com; 1
style-src 'self' 'unsafe-inline' https:; script-src 'self' 'unsafe-inline' https: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://maps.googleapis.com https://*.googletagmanager.com https://*.analytics.google.com https://*.google-analytics.com https://walls.io https://*.walls.io https://api.swiftype.com https://*.google.com https://*.youtube.com https://*.onetrust.com https://static.cloudflareinsights.com https://*.walter-leasing.com https://*.lkw-walter.com https://www.gstatic.com https://*.bing.com https://*.hotjar.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://unpkg.com https://*.cloudflare.com https://*.momento360.com https://momento360.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://*.smartsuppcdn.com https://*.googleapis.com ; frame-src 'self' https://*.youtube.com https://*.google.com https://walls.io https://*.walls.io https://*.youtube-nocookie.com https://*.cloudflare.com https://*.momento360.com https://momento360.com; font-src 'self' data: https://*.gstatic.com https://*.hotjar.com ; form-action 'self'  ; connect-src 'self' https://cdn.cookielaw.org https://maps.googleapis.com https://*.onetrust.com https://*.google.com https://*.googletagmanager.com https://*.google-analytics.com https://*.walter-leasing.com https://*.lkw-walter.com https://*.g.doubleclick.net https://*.googlesyndication.com https://*.bing.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.smartsuppchat.com https://*.smartsuppcdn.com wss://*.smartsupp.com https://ipmeta.io https://*.cloudflare.com https://*.momento360.com https://momento360.com; img-src 'self' https: data: https://*.hotjar.com ; object-src 'none'; upgrade-insecure-requests 1
form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com https://plumrocket.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com *.klarna.com *.playground.klarna.com cdn.klarna.com js.klarna.com youtube.com www.youtube.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com https://plumrocket.com *.issuu.com *.cookiebot.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com *.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com *.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.klarna.com *.clerk.io *.algolia.net *.algolianet.com cdn.klarna.com x.klarnacdn.net *.playground.klarna.com tagmanager.google.com www.google-analytics.com ssl.google-analytics.com www.google.com www.gstatic.com *.googleapis.com vjs.zencdn.net player.vimeo.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com https://widget.postenlabs.no/ use.typekit.net cdn.clerk.io api.clerk.io js.playground.klarna maps.googleapis.com *.hotjar.com *.emailplatform.com *.sleeknote.com *.cookiebot.com *.klarnaservices.com s.zavanna.no bat.bing.com *.googleadservices.com *.paypal.com 1eafapi.cardinalcommerce.com.com widget.postenlabs.no cdn.clerk api.clerk *.gstatic.com *.paypalobjects.com *.youtube.com 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com *.algolia.net *.algolia.com *.google-analytics.com *.facebook.com *.facebook.net *.klarnaevt.com *.algolianet.com *.playground.klarnaevt.com www.googletagmanager.com *.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com https://widget.postenlabs.no/ https://widget.bring.services/api/ *.klarnauserservices.com *.klarnaservices.com *.google.com *.cookiebot.com *.klarna.com s.zavanna.no stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; font-src https://pim.zavanna.no/ *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com x.klarnacdn.net fonts.gstatic.com data: maxcdn.bootstrapcdn.com s.zavanna.no use.typekit.net data: 'self' 'unsafe-inline'; style-src https://pim.zavanna.no/ *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com tagmanager.google.com fonts.googleapis.com vjs.zencdn.net maxcdn.bootstrapcdn.com unsafe-inline https://widget.postenlabs.no/assets/ x.klarnacdn.net s.zavanna.no 'self' 'unsafe-inline'; img-src https://pim.zavanna.no/ assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com 'self' data: *.google.nl *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.klarna.com *.klarnaevt.com *.clerk.io cdn.klarna.com *.playground.klarnaevt.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com googleads.g.doubleclick.net www.google.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com p.typekit.net eu.playground.klarnaevt.com maps.gstatic.com maps.googleapis.com *.klarnaservices.com s.zavanna.no bat.bing.com *.google.com *.google.pl data: 'self' 'unsafe-inline'; 1
default-src 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com https://*.klaviyo.com; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com http://assets.tigerchef.netdna-cdn.com https://*.intellimize.co https://*.google.com https://ajax.googleapis.com https://*.cloudfront.net https://*.tawk.to https://*.hotjar.com https://*.shopperapproved.com https://*.google-analytics.com https://*.facebook.net https://secure.trust-provider.com https://iprecon.iglobalstores.com https://bat.bing.com https://www.googleadservices.com https://*.g.doubleclick.net https://*.sessioncam.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://platform.twitter.com https://maps.googleapis.com https://*.googlesyndication.com https://cdn.cardknox.com https://apis.google.com https://*.klaviyo.com https://*.clarity.ms https://www.googleanalytics.com https://www.googleoptimize.com https://optimize.google.com https://seal.digicert.com https://static-na.payments-amazon.com https://cdn.equalweb.com; script-src-elem 'unsafe-inline' 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com http://assets.tigerchef.netdna-cdn.com https://connect.facebook.net https://secure.trust-provider.com https://bat.bing.com https://*.google-analytics.com https://www.googletagmanager.com https://*.shopperapproved.com https://*.google.com https://iprecon.iglobalstores.com https://*.hotjar.com https://*.tawk.to https://*.cloudfront.net https://ajax.googleapis.com https://maps.googleapis.com https://*.intellimize.co https://www.googleadservices.com https://*.sessioncam.com https://cdn.jsdelivr.net https://googleads.g.doubleclick.net https://platform.twitter.com https://cdn.cardknox.com https://tpc.googlesyndication.com https://*.klaviyo.com https://*.clarity.ms https://www.googleoptimize.com https://optimize.google.com https://seal.digicert.com/seals/cascade/seal.min.js https://static-na.payments-amazon.com https://cdnjs.cloudflare.com https://cdn.usefathom.com https://cdn.equalweb.com https://access.equalweb.com; style-src 'unsafe-inline' 'self' https://*.tigerchef.com  https://assets-tigerchef.netdna-ssl.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://use.fontawesome.com https://ajax.googleapis.com https://*.klaviyo.com https://*.tawk.to https://*.google.com https://*.typekit.net; style-src-elem 'unsafe-inline' 'self' https://*.tigerchef.com https://assets-tigerchef.netdna-ssl.com https://fonts.googleapis.com https://cdn.jsdelivr.net https://use.fontawesome.com https://ajax.googleapis.com https://*.klaviyo.com https://*.tawk.to https://*.typekit.css https://*.typekit.net https://optimize.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://access.equalweb.com https://www.shopperapproved.com; connect-src 'self' https://*.tigerchef.com https://bat.bing.com https://*.tawk.to wss://*.tawk.to https://*.intellimize.co https://*.hotjar.com https://*.hotjar.io https://*.sessioncam.com https://*.g.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://*.google.com https://ajax.googleapis.com https://*.klaviyo.com https://*.clarity.ms https://maps.googleapis.com https://apay-us.amazon.com https://*.equalweb.com/; img-src 'self' data: blob: https:; font-src 'self' data: https:; frame-src 'self' https://*.hotjar.com https://*.google.com https://secure.trust-provider.com https://www.youtube.com https://*.facebook.com https://www.googletagmanager.com https://*.g.doubleclick.net https://*.tawk.to https://platform.twitter.com https://www.googleadservices.com https://api.intellimize.co https://*.googlesyndication.com https://cdn.cardknox.com https://td.doubleclick.net; media-src https://*.tawk.to; child-src 'self' https://*.hotjar.com https://*.google.com https://secure.trust-provider.com https://www.youtube.com https://*.facebook.com https://www.googletagmanager.com https://*.g.doubleclick.net https://*.tawk.to https://platform.twitter.com https://www.googleadservices.com https://api.intellimize.co https://*.googlesyndication.com https://cdn.cardknox.com https://accessibe.com;  report-uri /csp_reporting.php?type=enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss: mediastream: android-webview-video-poster: ms-appx-web: gsa: endlesspic: ms-browser-extension chrome-extension asset * ; frame-ancestors 'self' https://*.trendmicro.com 1
frame-ancestors 'self' policy.saintmartinschools.org; 1
frame-ancestors 'self' https://geografias.stqry.app 1
frame-ancestors 'self'; report-to csp-endpoint; report-uri https://ardsandnorthdown.gov.uk/csp-reports; 1
base-uri 'none'; font-src 'self' https: data:; frame-ancestors 'self'; object-src 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-PgjK6JrvnUtewO2xrO9Nsq8a' 'unsafe-eval' https://*.umbraco.com https://collect.mopinion.com https://cdn.iubenda.com https://cs.iubenda.com https://www.iubenda.com https://deploy.mopinion.com https://stsdsumbnonproddev.blob.core.windows.net https://stsdsumbnonprodqa.blob.core.windows.net https://stsdsumbprodstage.blob.core.windows.net https://stsdsumbprod.blob.core.windows.net https://stappsnonproddev.blob.core.windows.net https://stappsnonprodqa.blob.core.windows.net https://stsdsappsprodstaging.blob.core.windows.net https://stsdsappsprod.blob.core.windows.net https://cdn.tiny.cloud https://js.monitor.azure.com https://answers.ourskillsforce.co.uk.pagescdn.com https://*.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://js.createsend1.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.typekit.net https://fonts.mopinion.com https://stsdsumbnonproddev.blob.core.windows.net https://stsdsumbnonprodqa.blob.core.windows.net https://stsdsumbprodstage.blob.core.windows.net https://stsdsumbprod.blob.core.windows.net https://stappsnonproddev.blob.core.windows.net https://stappsnonprodqa.blob.core.windows.net https://stsdsappsprodstaging.blob.core.windows.net https://stsdsappsprod.blob.core.windows.net https://cdn.tiny.cloud https://maxcdn.bootstrapcdn.com;img-src 'self' https://*.umbraco.com data: https://sp.tinymce.com https://stappsnonproddev.blob.core.windows.net https://stappsnonprodqa.blob.core.windows.net https://stsdsappsprodstaging.blob.core.windows.net https://stsdsappsprod.blob.core.windows.net https://stappsnonprodstage.blob.core.windows.net https://stsdsumbnonprodqa.blob.core.windows.net https://ourskillsforce-umbraco-staging.azurewebsites.net/images/ https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com;media-src 'self' https://app.gotomeeting.com;frame-src 'self' https://app.gotomeeting.com https://answers.ourskillsforce.co.uk.pagescdn.com https://sdsnonprod.b2clogin.com https://sdsdigitalaccount.b2clogin.com https://www.youtube.com https://player.vimeo.com https://marketplace.umbraco.com https://bid.g.doubleclick.net https://www.google.com https://app.powerbi.com;font-src 'self' https://fonts.gstatic.com https://*.typekit.net https://gstatic.mopinion.com https://stsdsumbnonproddev.blob.core.windows.net https://stsdsumbnonprodqa.blob.core.windows.net https://stsdsumbprodstage.blob.core.windows.net https://stsdsumbprod.blob.core.windows.net https://stappsnonproddev.blob.core.windows.net https://stappsnonprodqa.blob.core.windows.net https://stsdsappsprodstaging.blob.core.windows.net https://stsdsappsprod.blob.core.windows.net https://maxcdn.bootstrapcdn.com;connect-src 'self' https://app.gotomeeting.com ws: https://cacheorcheck.mopinion.com https://deploy.mopinion.com https://metrics.mopinion.com https://skillsdevelopment.azure-api.net https://sdsnonprod.b2clogin.com https://dc.services.visualstudio.com https://adult-iag-dev.azurewebsites.net https://webservices.data-8.co.uk https://adult-iag-stg.azurewebsites.net https://adult-iag.azurewebsites.net https://webservices.data-8.co.uk https://hits-i.iubenda.com https://login.microsoftonline.com https://sdsdigitalaccount.b2clogin.com https://createsend.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.mopinion.com;report-uri /report-uri 1
frame-ancestors 'self'            https://*.iprox.nl https://*.hhdelfland.nl 1
default-src 'self' cteh.com *.cteh.com; script-src 'self' 'unsafe-inline'  *.google-analytics.com *.s3.amazonaws.com *.google.com *.googletagmanager.com unpkg.com *.googleapis.com *.gstatic.com *.olark.com *.typekit.net *.customsearch.ai *.loopanalytics.com *.calltrk.com; object-src 'self'; img-src 'self' data: *.google-analytics.com *.googleapis.com *.cloudinary.com *.olark.com *.s3.amazonaws.com *.mapbox.com maps.gstatic.com *.loopanalytics.com *.calltrk.com js.calltrk.com www.google-analytics.com ssl.google-analytics.com www.google.com *.googletagmanager.com tagmanager.google.com bat.bing.com googleadservices.com www.googleadservices.com stats.g.doubleclick.net googleads.g.doubleclick.net youtube.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.fls.doubleclick.net ad.doubleclick.net ade.googlesyndication.com bat.bing.com; style-src 'self' 'unsafe-inline' *.googleapis.com unpkg.com *.s3.amazonaws.com *.cloudflare.com *.google.com *.olark.com *.windows.net; frame-src *.google.com *.googletagmanager.com *.olark.com *.mapbox.com bid.g.doubleclick.net *.fls.doubleclick.net;font-src  *.gstatic.com *.s3.amazonaws.com *.cloudflare.com *.olark.com; connect-src *.doubleclick.net *.google-analytics.com *.google.com *.olark.com *.googleapis.com *.customsearch.ai *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com; media-src *.olark.com *.google.com; 1
default-src *; font-src *;img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com; child-src 'self' *.youtube.com blob: *.youtube-nocookie.com *.vimeo.com; connect-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com api.scribit.pro websitestatistiek.oude-ijsselstreek.nl https://websitestatistiek.oude-ijsselstreek.nl/; font-src 'self' data: *.googleusercontent.com *.readspeaker.com *.ionicframework.com; frame-src 'self' *.youtube.com https://*.issuu.com/ *.youtube-nocookie.com *.vimeo.com *.readspeaker.com; img-src 'self' data: https://www.toegankelijkheidsverklaring.nl i.ytimg.com *.readspeaker.com websitestatistiek.oude-ijsselstreek.nl; object-src 'none'; script-src 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.scribit.pro www.youtube.com websitestatistiek.oude-ijsselstreek.nl 'nonce-TlRjd016VTRPV0k1TWpGaU0yVmo=' 'unsafe-inline' https://websitestatistiek.oude-ijsselstreek.nl/; script-src-attr 'self'; script-src-elem 'self' scribit-pro-hosting.storage.googleapis.com *.readspeaker.com *.scribit.pro www.youtube.com websitestatistiek.oude-ijsselstreek.nl 'nonce-TlRjd016VTRPV0k1TWpGaU0yVmo='; style-src 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-8vjC9QBQz6rvG5Jj9atIX3HLa53XEsgQBSVeCeNGFPE=' ; style-src-attr 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' 'sha256-8vjC9QBQz6rvG5Jj9atIX3HLa53XEsgQBSVeCeNGFPE='; style-src-elem 'self' 'unsafe-hashes' 'sha256-3juv2Ft1FaY3xWYNGXExi9oTqA3RQ4gtgCqyf3mxGhU=' 'sha256-r9fU88Cagg8b+V94/rFP54XitU/RzBQ83sVNeltVs/c=' 'sha256-SHje5LaT9E6BShlkQpjWVSpKDI2FEtd137m8hy4rmKM=' 'sha256-2ipsMCEEsAbnsH2T1Fg2pv63AdMLzQW/NYec3X6XzWw=' 'sha256-3lLjvpn0hfmuulQYNSUWKiNpmIiMg70GweVDtUWv7zA=' 'sha256-7xqMqDOfWqvgvujBp1NXgw9yq9uWja1UZbZbBoSphjU=' 'sha256-5uIP+HBVRu0WW8ep6d6+YVfhgkl0AcIabZrBS5JJAzs=' *.readspeaker.com 'sha256-8vjC9QBQz6rvG5Jj9atIX3HLa53XEsgQBSVeCeNGFPE=' ; base-uri 'self'; frame-ancestors 'self' websitestatistiek.oude-ijsselstreek.nl 1
script-src 'self' 'nonce-9c231e33b512' https://browser.sentry-cdn.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://maps.googleapis.com;connect-src 'self' ws: *.sentry.io maps.googleapis.com *.google-analytics.com;font-src https://fonts.gstatic.com/;img-src 'self' data: maps.gstatic.com *.googleapis.com *.ggpht.com goodgym-uploads.s3.eu-west-1.amazonaws.com d2tfd645274ffx.cloudfront.net;style-src 'self' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/cookieconsent@3/ 'unsafe-inline';style-src-elem self https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/cookieconsent@3/ 'unsafe-inline';default-src 'self';base-uri 'self';block-all-mixed-content;form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests 1
default-src 'none'; base-uri 'self'; font-src 'self' *.gstatic.com data:; style-src 'self' 'unsafe-inline' *.rkwbayern.de *.rkw-bw.de *.rkw-bremen.de *.rkw-kompetenzzentrum.de *.rkw-sachsenanhalt.de *.rkw-thueringen.de *.googleapis.com *.gstatic.com; img-src 'self' *.rkwbayern.de *.rkw-bw.de *.rkw-bremen.de *.rkw-kompetenzzentrum.de *.rkw-sachsenanhalt.de *.rkw-thueringen.de *.googleapis.com *.google-analytics.com *.gstatic.com data:; script-src 'self' 'unsafe-inline' *.rkwbayern.de *.rkw-bw.de *.rkw-bremen.de *.rkw-kompetenzzentrum.de *.rkw-sachsenanhalt.de *.rkw-thueringen.de *.etracker.com *.etracker.de unpkg.com *.gstatic.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.youtube.com *.youtube-nocookie.com *.podcaster.de; frame-src 'self' *.rkw-bw.net *.youtube.com *.youtube-nocookie.com *.podcaster.de tweedback.de forms.office.com; connect-src 'self' *.etracker.de *.googleapis.com *.google-analytics.com; media-src 'self' *.rkwbayern.de *.rkw-bw.de *.rkw-bremen.de *.rkw-kompetenzzentrum.de *.rkw-sachsenanhalt.de *.rkw-thueringen.de; frame-ancestors 'self'; manifest-src 'self'; form-action 'self'; object-src 'none' 1
frame-ancestors 'self' *.gaoding.com http://tongji.baidu.com 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; font-src * data:; frame-src *; connect-src *; 1
default-src 'self'; font-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com https://*.govmetric.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-MzhjODI0ZmItMjExMC00MWE5LTkzYTUtMjQwMDdiYTg2YzFk' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com https://meldingen.zeelandveilig.nl https://include.timeblockr.com https://*.timeblockr.com https://*.govmetric.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io https://meldingen.zeelandveilig.nl https://include.timeblockr.com https://*.timeblockr.com https://*.govmetric.com; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-MzhjODI0ZmItMjExMC00MWE5LTkzYTUtMjQwMDdiYTg2YzFk' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://include.timeblockr.com https://*.timeblockr.com https://meldingen.zeelandveilig.nl; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com https://include.timeblockr.com https://meldingen.zeelandveilig.nl;  1
default-src=self; www.blackhillsinfosec.com; fonts.googleapis.com 1
default-src https://*.storied.co; style-src 'report-sample' 'self' 'unsafe-inline' https:; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' https:; object-src 'self' https://*.storied.co https://*.youtube.com https://*.podbean.com/ https://*.instagram.com; base-uri 'self'; connect-src 'self' blob: https: wss://*.storied.co; font-src 'self' blob: data: https:; frame-ancestors 'self'; frame-src 'self' blob: data: https:; img-src 'self' blob: data: https:; manifest-src 'self'; media-src 'self' https://*.storied.co; worker-src 'none'; 1
base-uri 'self'; child-src 'self'; connect-src 'self' trc.karakok.net; default-src 'self'; font-src 'self' wui.karakok.net; form-action 'self'; frame-ancestors 'self'; frame-src 'none'; img-src 'self' cdn.karakok.net; manifest-src 'self'; media-src 'self' cdn.karakok.net; object-src 'self'; script-src 'self' wui.karakok.net trc.karakok.net 'nonce-gAMVvP6IYHlj5OuaCXEg4pevR6KA7jM3mzZZiP8gDpupIi'; style-src 'self' wui.karakok.net 'nonce-gAMVvP6IYHlj5OuaCXEg4pevR6KA7jM3mzZZiP8gDpupIi'; worker-src 'self' 1
script-src 'self'; style-src 'self' 'unsafe-inline'; report-uri https://nchm.gov.in/report-uri/enforce 1
frame-ancestors 'self' http://www.1001games.com 1
default-src 'self' data: https: wss: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: cdn.ampproject.org www.google.com sale.sulpak.kz www.googletagmanager.com tags.creativecdn.com recommender.scarabresearch.com cdn.retailrocket.ru app.blinger.io sulpak.api.useinsider.com eitri.api.useinsider.com connect.facebook.net content.mql5.com www.google-analytics.com www.googleadservices.com mc.yandex.ru static.hotjar.com script.hotjar.com googleads.g.doubleclick.net kaspi.kz static.demoup.com analytics.tiktok.com maps.googleapis.com code.jquery.com www.gstatic.com export.sulpak.kz media.flixfacts.com media.flixcar.com content.24ttl.stream button.loadbee.com assets.api.useinsider.com api-maps.yandex.ru yastatic.net suggest-maps.yandex.ru widget.devino.chat core-renderer-tiles.maps.yandex.net plerdy.com a.plerdy.com c.plerdy.com cdn.loadbee.com prod.flixgvid.flix360.io my.devino.chat widget-chat.devinotele.com epay.homebank.kz epay-oauth.homebank.kz creativecdn.com abt.s3.yandex.net;style-src 'self' 'unsafe-inline' data: blob: www.google.com fonts.googleapis.com assets.api.useinsider.com media.flixcar.com media.flixfacts.com widget.devino.chat cdn.loadbee.com widget-chat.devinotele.com 1
frame-ancestors 'self' https://*.forsikringsforbundet.dk 1
default-src 'none'; base-uri 'self';  manifest-src 'self'; script-src 'self' 'nonce-de855a70-1197-11ef-8b37-a752131d4135' 'unsafe-eval' *.rekai.se blob: https://www.vastsverige.com https://docs.netpublicator.com; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self'; frame-src 'self' *.arcgis.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com kartor.mark.se; connect-src 'self' *.rekai.se eu-api.friendlycaptcha.eu https://www.vastsverige.com; 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://www.lightsonline.com; style-src 'self' blob: https: 'unsafe-inline' https://www.lightsonline.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self' blob: https:; worker-src 'self' blob: https:; font-src 'self' data: fonts.gstatic.com *.livechatinc.com members.cj.com use.typekit.net cdnjs.cloudflare.com *.affirm.com; frame-src *.instagram.com *.paypal.com *.paypalobjects.com td.doubleclick.net assets.braintreegateway.com *.google.com *.livechatinc.com members.cj.com *.youtube.com *.youtu.be *.vimeo.com lightsonline.ladesk.com *.affirm.com 1-vbus-us-tx.ladesk.com secure.safewebservices.com *.facebook.com *.facebook.net www.emjcd.com cj.dotomi.com *.pinterest.com 1
frame-ancestors 'self' https://ddbarry.com.au https://wmdev.livetest.com.au https://www.rcsproducts.com.au https://rcsproducts.com.au https://stamel.ro 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.torus.gr www.google-analytics.com www.googletagmanager.com *.googleapis.com platform.twitter.com unpkg.com connect.facebook.net; 1
default-src 'self' 'unsafe-inline' *.gosuslugi.ru *.sputnik.ru *.yandex.ru *.моифинан�ы.рф *.liveinternet.ru *.yadro.ru blob: data: gap:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gosuslugi.ru *.sputnik.ru *.yandex.ru *.моифинан�ы.рф *.liveinternet.ru *.yadro.ru blob:data: gap:; 1
frame-ancestors 'self' *.facebook.com *.salesforce.com *.convio.net *.google.com *.force.com facebook.com salesforce.com convio.net google.com force.com; report-uri https://www.swimacrossamerica.org/site/XFrameViolation 1
default-src 'self'; connect-src 'self' http://ad.doubleclick.net https://*.analytics.google.com https://*.api.userway.org https://*.clarity.ms https://*.demdex.net https://*.eset.com https://*.googlesyndication.com https://*.hotjar.com https://*.hotjar.io https://*.tt.omtrdc.net https://adservice.google.com https://analytics.google.com https://analytics.twitter.com https://api.company-target.com https://api.userway.org https://bat.bing.com https://c.go-mpulse.net https://cdn.acsbapp.com https://cdn.linkedin.oribi.io https://cdn.userway.org https://cdn1.esetstatic.com https://cookies-data.onetrust.io https://ep.smct.co https://eset.tt.omtrdc.net https://geolocation.onetrust.com https://googleads.g.doubleclick.net https://ipb.smct.co https://ipb.smct.io https://js.smct.co https://js.smct.io https://maps.googleapis.com https://privacyportal.onetrust.com https://px.ads.linkedin.com https://region1.google-analytics.com https://replay.uxtweak.com https://s.yimg.com https://script.crazyegg.com https://smct.co https://stats.g.doubleclick.net https://tag-logger.demandbase.com https://tracker.clickguard.com https://www.facebook.com https://www.g2.com https://www.google-analytics.com https://www.google.by https://www.google.ch https://www.google.co.uk https://www.google.co.uz https://www.google.com https://www.google.com.tj https://www.google.com.tr https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lt https://www.google.lv https://www.google.pl https://www.google.ru https://www.googletagmanager.com wss://*.hotjar.com; font-src 'self' data: https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com; frame-src 'self' http://int.form.eset.com https://*.fls.doubleclick.net https://8117415.fls.doubleclick.net https://bid.g.doubleclick.net https://cdn.userway.org https://download.eset.com https://eset.demdex.net https://hemsync.clickagy.com https://int.form.eset.com https://js.smct.io https://ls.smct.co https://protectdemo.eset.com https://s.company-target.com https://smct.co https://support.eset.com https://td.doubleclick.net https://tpc.googlesyndication.com https://unity.survey-solutions.cloud https://vars.hotjar.com https://widget.trustpilot.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://www.riddle.com https://www.youtube-nocookie.com https://www.youtube.com; img-src 'self' data: http://ad.doubleclick.net https://*.adform.net https://*.ads.linkedin.com https://*.gstatic.com https://*.gstatic.com https://*.gstatic.com https://*.gstatic.com https://*.yahoo.co.jp https://ad.doubleclick.net https://ade.googlesyndication.com https://adservice.google.at https://adservice.google.ch https://adservice.google.co.jp https://adservice.google.com https://adservice.google.de https://analytics.google.com https://analytics.twitter.com https://bat.bing.com https://c.bing.com https://c.clarity.ms https://captcha.eset.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.smct.co https://cdn.smct.io https://cdn.userway.org https://cdn1.esetstatic.com https://cm.everesttech.net https://cm.g.doubleclick.net https://connect.facebook.net https://dc.ads.linkedin.com https://dpm.demdex.net https://events.smct.co https://googleads.g.doubleclick.net https://i.ytimg.com https://images.g2crowd.com https://maps.googleapis.com https://pagead2.googlesyndication.com https://pubads.g.doubleclick.net https://px.ads.linkedin.com https://region1.analytics.google.com https://region1.google-analytics.com https://script.hotjar.com https://sgtm.eset.com https://ssitecat.eset.com https://ssl.google-analytics.com https://static.hotjar.com https://stats.g.doubleclick.net https://t.co https://tribl.io https://www.facebook.com https://www.google-analytics.com https://www.google.ad https://www.google.ae https://www.google.al https://www.google.am https://www.google.at https://www.google.az https://www.google.ba https://www.google.be https://www.google.bf https://www.google.bg https://www.google.bi https://www.google.bj https://www.google.bs https://www.google.bt https://www.google.by https://www.google.ca https://www.google.cd https://www.google.cf https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.cn https://www.google.co.ao https://www.google.co.bw https://www.google.co.cr https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.kr https://www.google.co.ls https://www.google.co.ma https://www.google.co.mz https://www.google.co.nz https://www.google.co.th https://www.google.co.tz https://www.google.co.ug https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.vi https://www.google.co.za https://www.google.co.zm https://www.google.co.zw https://www.google.com https://www.google.com.af https://www.google.com.ag https://www.google.com.ar https://www.google.com.au https://www.google.com.bd https://www.google.com.bh https://www.google.com.bn https://www.google.com.bo https://www.google.com.br https://www.google.com.bz https://www.google.com.co https://www.google.com.cu https://www.google.com.cy https://www.google.com.do https://www.google.com.ec https://www.google.com.eg https://www.google.com.et https://www.google.com.fj https://www.google.com.gh https://www.google.com.gi https://www.google.com.gt https://www.google.com.hk https://www.google.com.jm https://www.google.com.kh https://www.google.com.kw https://www.google.com.lb https://www.google.com.ly https://www.google.com.mm https://www.google.com.mt https://www.google.com.mx https://www.google.com.my https://www.google.com.na https://www.google.com.ng https://www.google.com.ni https://www.google.com.np https://www.google.com.om https://www.google.com.pa https://www.google.com.pe https://www.google.com.pg https://www.google.com.ph https://www.google.com.pk https://www.google.com.pr https://www.google.com.py https://www.google.com.qa https://www.google.com.sa https://www.google.com.sb https://www.google.com.sg https://www.google.com.sl https://www.google.com.sv https://www.google.com.tj https://www.google.com.tr https://www.google.com.tw https://www.google.com.ua https://www.google.com.uy https://www.google.com.vc https://www.google.com.vn https://www.google.cv https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dk https://www.google.dm https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ga https://www.google.ge https://www.google.gg https://www.google.gl https://www.google.gm https://www.google.gr https://www.google.gy https://www.google.hn https://www.google.hr https://www.google.ht https://www.google.hu https://www.google.ie https://www.google.im https://www.google.iq https://www.google.is https://www.google.it https://www.google.je https://www.google.jo https://www.google.kg https://www.google.ki https://www.google.kz https://www.google.la https://www.google.li https://www.google.lk https://www.google.lt https://www.google.lu https://www.google.lv https://www.google.md https://www.google.me https://www.google.mg https://www.google.mk https://www.google.ml https://www.google.mn https://www.google.mu https://www.google.mv https://www.google.mw https://www.google.ne https://www.google.nl https://www.google.no https://www.google.nr https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.rs https://www.google.ru https://www.google.rw https://www.google.sc https://www.google.se https://www.google.si https://www.google.sk https://www.google.sm https://www.google.sn https://www.google.so https://www.google.sr https://www.google.td https://www.google.tg https://www.google.tl https://www.google.tm https://www.google.tn https://www.google.tt https://www.google.vg https://www.google.vu https://www.googleadservices.com https://www.googletagmanager.com https://www.hotjar.com https://www.linkedin.com; manifest-src 'self'; media-src 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.replay.uxtweak.com https://*.salesforceliveagent.com https://acsbap.com https://acsbapp.com https://assets.esetstatic.com https://bat.bing.com https://cdn.esetstatic.com https://cdn.jsdelivr.net https://cdn.linkedin.oribi.io https://cdn.userway.org https://cdn1.esetstatic.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.la1-c2-cdg.salesforceliveagent.com https://embed.tawk.to https://googleads.g.doubleclick.net https://img06.en25.com https://invitejs.trustpilot.com https://js.smct.co https://js.smct.io https://maps.googleapis.com https://nowexttype.com https://pagead2.googlesyndication.com https://platform.twitter.com https://s786665.t.eloqua.com https://script.hotjar.com https://sgtm.eset.com https://smct.co https://snap.licdn.com https://ssl.google-analytics.com https://static.ads-twitter.com https://static.hotjar.com https://store.eset.com https://tag.demandbase.com https://tpc.googlesyndication.com https://tribl.io https://widget.trustpilot.com https://www.clarity.ms https://www.google-analytics.com https://www.google.ae https://www.google.am https://www.google.at https://www.google.be https://www.google.bg https://www.google.bs https://www.google.by https://www.google.ca https://www.google.cg https://www.google.ch https://www.google.ci https://www.google.cl https://www.google.cm https://www.google.co.id https://www.google.co.il https://www.google.co.in https://www.google.co.jp https://www.google.co.ke https://www.google.co.ma https://www.google.co.nz https://www.google.co.th https://www.google.co.uk https://www.google.co.uz https://www.google.co.ve https://www.google.co.za https://www.google.co.zw https://www.google.com https://www.google.cz https://www.google.de https://www.google.dj https://www.google.dz https://www.google.ee https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ge https://www.google.gr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.kg https://www.google.kz https://www.google.lk https://www.google.lt https://www.google.md https://www.google.me https://www.google.mk https://www.google.nl https://www.google.pl https://www.google.ps https://www.google.pt https://www.google.ro https://www.google.ru https://www.google.se https://www.google.si https://www.google.sk https://www.google.tn https://www.googleadservices.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.riddle.com https://www.youtube.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdn.userway.org https://fonts.smct.co https://fonts.smct.io https://script.hotjar.com https://static.hotjar.com; worker-src 'self'; report-uri https://www-eset-com.api.cspconsole.com/v1/csp/report; report-to default; 1
default-src     'self'; frame-ancestors 'self'; style-src       'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com; script-src      'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com; style-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com; font-src        'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com; connect-src     'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com; frame-src       'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com; form-action     'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com; img-src         'self' 'unsafe-inline' 'unsafe-eval' *.pendo.io *.okta.com *.oktapreview.com *.oktacdn.com *.evergage.com *.googleapis.com *.wexhosted.com *.wexdrive.com *.gstatic.com *.google-analytics.com *.evgnet.com *.wexglobal.com data:; upgrade-insecure-requests 1
script-src 'unsafe-inline' 'self'; default-src 'self'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-BOGE4YZf6QyFpuvJszHnKgkzaAD4kE0ufG1YTI0CXa+7oTIN' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-wnJwXsqUOyHmgA36EA57gg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
object-src 'none'; script-src 'nonce-xdDCxqtFAqhynIyU6Rt757dhZRFF1NIi' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https: http:;  base-uri 'none'; report-uri /api/csp-report/ 1
frame-ancestors 'self' https://www.fl3xx.com https://paxtax.eu 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' blob: data: https://www.googletagmanager.com https://cdn.uzumavto.uz https://uzumavto.uz; connect-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.uzumavto.uz https://uzumavto.uz https://o1431866.ingest.sentry.io; font-src 'self' data:; object-src 'self'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; report-uri https://o1431866.ingest.us.sentry.io/api/4505001267232768/security/?sentry_key=53f43ceef5da4b4e880bfc4a5bfcef8d; 1
script-src 'self' https://www.telkomsigma.co.id/ 'unsafe-inline' 'unsafe-eval';  1
default-src 'self' https: *.webtrekk.net; img-src 'self' data: https: *.t-systems-mms.com *.telekom-mms.com *.webtrekk.net www.facebook.com *.rexx-systems.com *.landbot.io storage.googleapis.com *.webtrekk.net; media-src 'self'; style-src 'self' 'unsafe-inline' blob: https:; font-src 'self' https: player.podigee-cdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *.t-systems-mms.com *.telekom-mms.com platform.twitter.com connect.facebook.net *.webtrekk.net *.rexx-systems.com static.landbot.io *.yumpu.com *.facebook.net cdn.podigee.com; connect-src 'self' https: *.t-systems-mms.com *.telekom-mms.com *.webtrekk.net landbot.io; object-src https: 'self'; frame-ancestors https: 'self' *.t-systems-mms.com *.telekom-mms.com customer.360-grad-sachsen.de; frame-src https: 'self' *.t-systems-mms.com *.telekom-mms.com customer.360-grad-sachsen.de platform.twitter.com *.mmsupgradework.dmkdev *.mms-plattform.de player.vimeo.com landbot.io www.yumpu.com; 1
default-src * 'unsafe-eval' 'unsafe-inline' data: filesystem: about: blob: ws: wss:; base-uri 'self'; frame-ancestors https://www.asvz.nl/ https://werkenbijasvz.nl/ 1
default-src 'self';script-src  'report-sample' 'self'  'unsafe-inline' 'unsafe-eval' https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://tagmanager.google.com cookie-cdn.cookiepro.com  geolocation.onetrust.com https://www.google-analytics.com/ https://cdn.jsdelivr.net/ https://bam.nr-data.net/ https://bam-cell.nr-data.net/1/75e26b1af6 https://cdnjs.cloudflare.com/ajax/libs/svg.js/2.6.3/svg.min.js https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.js https://js-agent.newrelic.com/ http://static.hotjar.com/c/hotjar-1304386.js https://script.hotjar.com/ https://static.hotjar.com/c/hotjar-1304386.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://*.googletagmanager.com/ https://www.gstatic.com/;style-src 'report-sample' 'unsafe-inline' 'self' https://tagmanager.google.com https://fonts.googleapis.com https://cdn.jsdelivr.net/;object-src 'none';base-uri 'self';connect-src 'self' wss://*.hotjar.com/ https://*.hotjar.io/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://*.google.dz cookie-cdn.cookiepro.com privacyportal.cookiepro.com geolocation.onetrust.com https://bam.nr-data.net https://bam-cell.nr-data.net https://in.hotjar.com https://stats.g.doubleclick.net https://vc.hotjar.io https://www.google-analytics.com;font-src 'self' https://fonts.gstatic.com data: https://cdn.jsdelivr.net  https://themes.googleusercontent.com;frame-src 'self' https://vars.hotjar.com https://www.google.com;img-src 'self' data: https://ssl.gstatic.com https://www.gstatic.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.fr https://*.google.dz cookie-cdn.cookiepro.com https://www.google-analytics.com/ ;manifest-src 'self';media-src 'self';report-uri https://621367c35ba895d32b8a7882.endpoint.csper.io/?v=2;worker-src 'none'; 1
default-src 'self' 'unsafe-inline' at.alicdn.com www.googletagmanager.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com static.geetest.com api.geetest.com monitor.geetest.com res.wx.qq.com www.googletagmanager.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; style-src 'unsafe-inline' at.alicdn.com static.geetest.com dn-staticdown.qbox.me unpkg.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; img-src www.google-analytics.com www.google.com www.google.de data: stats.g.doubleclick.net static.geetest.com data: https://viawallet-static.oss-cn-hongkong.aliyuncs.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; font-src 'unsafe-inline' at.alicdn.com data: unpkg.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; connect-src www.google-analytics.com https://analytics.google.com/g/collect stats.g.doubleclick.net false *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com https://api.avax.network/ext/bc/C/rpc https://bsc-dataseed.binance.org https://rpc.coinex.net https://etc.rivet.link https://eth.llamarpc.com/ https://rpcapi.fantom.network https://polygon-rpc.com/; frame-src player.bilibili.com player.vimeo.com www.youtube.com www.ixigua.com *.viawallet.com:* viawallet.com:* *.viawallet.com viawallet.com *.viabtc.com:* viabtc.com:* *.viabtc.com viabtc.com *.viadeploy.com:* viadeploy.com:* *.viadeploy.com viadeploy.com *.wallet.coinex.com:* wallet.coinex.com:* *.wallet.coinex.com wallet.coinex.com; frame-ancestors none 1
default-src 'self'; object-src 'none'; frame-src 'self' https://videos.sproutvideo.com; img-src 'self' https://i.imgur.com https://cdn.olrd.org; style-src 'self' 'unsafe-inline'; script-src 'self' https://c.sproutvideo.com https://browser.sentry-cdn.com https://js.sentry-cdn.com; connect-src 'self' *.sentry.io; worker-src 'self' blob: 1
default-src https: data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com 'unsafe-inline' 'unsafe-eval' 1
default-src *.crazyegg.com https:; script-src 'unsafe-inline' blob: https: 'unsafe-eval' *.crazyegg.com https://crossway.my.salesforce.com; style-src 'unsafe-inline' https: *.crazyegg.com; font-src https: data:; media-src http: https:; img-src http: https: data: *.crazyegg.com 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js translate.google.com https://commtrans-production-redesign-preview.azurewebsites.net https://commtrans-production.azurewebsites.net https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com https://unpkg.com/ https://z.moatads.com https://*.mouseflow.com https://*.vimeo.com https://*.doubleclick.net https://*.brazenconnect.com https://*.google-analytics.com https://analytics.google.com https://*.googletagmanager.com https://*.govdelivery.com https://*.tvsquared.com https://api.mapbox.com https://*.formstack.com https://js.stripe.com 'self' cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.jsdelivr.net https://commtrans-production-redesign-preview.azurewebsites.net https://commtrans-production.azurewebsites.net https://unpkg.com *.typekit.net https://*.brazenconnect.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://commtrans-production-redesign-preview.azurewebsites.net https://commtrans-production.azurewebsites.net *.eloqua.com track.hubspot.com *.fastly.net https://unpkg.com https://news.trimet.org *.mouseflow.com https://*.vimeocdn.com https://*.google-analytics.com https://analytics.google.com https://*.tvsquared.com https://api.mapbox.com https://*.soundtransit.org https://www.communitytransit.org/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net *.mouseflow.com *.formstack.com; frame-src https://*.mouseflow.com https://player.vimeo.com/ https://www.google.com/ https://*.youtube.com https://www.facebook.com https://*.brazenconnect.com https://*.doubleclick.net https://www.adzuna.com https://js.stripe.com 'self' web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com translate.google.com *.googleapis.com *.amazonaws.com *.ibi-transit.com *.commtrans.org commtrans-gtfs.azurewebsites.net commtrans-gtfs-qa.azurewebsites.net *.search.hereapi.com *.mouseflow.com commtrans-data.azurewebsites.net commtrans-data-qa.azurewebsites.net https://*.doubleclick.net https://*.brazenconnect.com https://*.google-analytics.com https://analytics.google.com https://api.mapbox.com https://*.cartocdn.com https://api.maptiler.com https://www.facebook.com/tr/ https://browser-intake-datadoghq.com https://commtrans.formstack.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.mouseflow.com https://www.google.com blob: 'self' web-chat.nativechat.com 1
default-src 'self'; img-src 'self' https: data: blob:; connect-src 'self' www.google-analytics.com blob:; frame-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com data:; 1
frame-ancestors 'self' https://media.sakky.fi/; report-uri /report-csp-violation 1
frame-ancestors bitrix24.kz bitrix24.ru *.bitrix24.kz *.bitrix24.ru sendapi.net app.botcorp.io royalflowersadmin.flutterflow.app *.royalflowersadmin.flutterflow.app 1
default-src *; img-src * 'self' data: https: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src  'self' 'unsafe-inline' *; font-src * 'self' data:; worker-src blob: 1
default-src 'self' sixthman.net *.sixthman.net cdn.sixthman.net cdn1.sixthman.net tradablebits.com *.amazonaws.com; img-src 'self' 'unsafe-inline' *.cloudfront.net *.cloudflare.com cdn1.sixthman.net cdn.sixthman.net d2z4nov6ck0fcb.cloudfront.net s3.amazonaws.com *.googletagmanager.com *.google-analytics.com *.google.com *.gstatic.com *.googleapis.com *.vimeocdn.com *.datasteam.io *.turn.com *.liadm.com adadvisor.net ask-assets.com *.dtstmio.com *.agkn.com *.wp.com *.slaask.com slaask.com *.slack-edge.com *.pusher.com *.pusherapp.com ucarecdn.com xenoapp.com *.gravatar.com *.facebook.com *.facebook.net *.twimg.com *.twitter.com *.adroll.com *.doubleclick.net *.spotify.com data:; font-src 'self' *.typekit.net cdn.xeno.app fonts.gstatic.com; style-src 'self' 'unsafe-inline' *.typekit.net *.googleapis.com *.twitter.com cdn.xeno.app *.fonts.net *.twimg.com *.facebook.com *.facebook.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cloudflare.com tradablebits.com *.dstillery.com *.media6degrees.com *.datasteam.io sixthman.net *.sixthman.net cdn1.sixthman.net cdn.sixthman.net d2z4nov6ck0fcb.cloudfront.net *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net *.doubleclick.net *.mountain.com *.agkn.com *.consensu.org *.adsrvr.org *.rfihub.net *.tiktok.com *.snapchat.com sc-static.net *.facebook.net *.vimeo.com *.twitter.com *.adroll.com *.segment.com cdn.xeno.app *.slaask.com slaask.com *.pusher.com *.twimg.com; frame-src 'self' *.google.com *.vimeo.com *.facebook.com *.youtube.com *.spotify.com *.twitter.com *.twimg.com *.snapchat.com *.adsrvr.org *.doubleclick.net; connect-src 'self' sixthman.net *.sixthman.net tradablebits.com *.googlesyndication.com *.segment.com *.segment.io slaask.com *.tiktok.com *.snapchat.com *.pusher.com *.pusherapp.com wss://ws.pusherapp.com *.mountain.com 44.238.122.172 100.20.58.101 35.85.84.151 44.228.85.26 34.215.155.61 35.160.46.251 52.71.121.170 18.210.229.244 44.212.189.233 3.212.39.155 52.22.50.55 54.156.2.105 *.facebook.com stats.g.doubleclick.net *.doubleclick.net *.adroll.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.google.com *.spotify.com data:; media-src 'self' 'unsafe-inline' sixthman.net *.sixthman.net *.slaask.com slaask.com *.pusher.com; object-src 'none'; base-uri 'none'; form-action 'self' *.facebook.com *.twitter.com; frame-ancestors 'self' *.sixthman.net; upgrade-insecure-requests 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.os.uk *.silktide.com *.cloudflare.com *.jsdelivr.net unpkg.com *.googleapis.com *.google.com siteimproveanalytics.com www.googletagmanager.com www.google-analytics.com cdn.siteimprove.net *.recruitmentplatform.com wbb-chat-plugin.webuildbots.ai *.gstatic.com *.livechatinc.com *.somerset.gov.uk *.euw2.pure.cloud *.astuntechnology.com uicdn.toast.com; style-src 'self' 'unsafe-inline' *.os.uk *.cloudflare.com *.jsdelivr.net unpkg.com *.googleapis.com *.google.com use.fontawesome.com wbb-chat-plugin.webuildbots.ai *.gstatic.com *.livechatinc.com *.somerset.gov.uk *.euw2.pure.cloud *.astuntechnology.com uicdn.toast.com; media-src 'self' *.somerset.gov.uk *.euw2.pure.cloud; frame-ancestors *.euw2.pure.cloud; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors https://*.datapaylive.co.nz https://datapaylive.co.nz https://*.easipaylive.co.nz https://easipaylive.co.nz https://*.easipay.co.nz https://*.datapay.co.nz https://*.datacomdirectaccess.co.nz https://datacomdirectaccess.co.nz; 1
frame-ancestors sccld.org *.sccld.org sccl.bibliocms.com *.sccl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src sccld.org *.sccld.org sccl.bibliocms.com *.sccl.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors 'self' *.bpindex.co.uk *.bpindex.com http://localhost:19193; 1
default-src 'self'; script-src 'self' 'unsafe-inline' data: app.usercentrics.eu www.googletagmanager.com maps.googleapis.com matomo.mecklenburgische.de cdn.cookiebox.pro stage.cookiebox.pro svrdntfctn.com; frame-src app.usercentrics.eu; font-src 'self' data: fonts.gstatic.com; connect-src 'self' api.usercentrics.eu aggregator.service.usercentrics.eu consent-api.service.consent.usercentrics.eu graphql.usercentrics.eu *.google-analytics.com *.analytics.google.com maps.googleapis.com matomo.mecklenburgische.de svrdntfctn.com; img-src 'self' data: app.usercentrics.eu www.googletagmanager.com maps.googleapis.com maps.gstatic.com khms0.googleapis.com khms1.googleapis.com fonts.gstatic.com *.google-analytics.com *.analytics.google.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com; base-uri 'self'; form-action 'self'; object-src 'none'; media-src 'self'; frame-ancestors 'none'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://api-maps.yandex.ru yastatic.net 1
connect-src 'self' https://js.monitor.azure.com https://cdnjs.cloudflare.com https://cloudflareinsights.com https://*.hankintailmoitukset.fi/ https://hankintailmoitukset.cdn.prismic.io/ https://dc.services.visualstudio.com/;font-src * data:;img-src * data:;style-src * 'unsafe-inline';manifest-src 'self'; frame-ancestors 'self' https://tunnistautuminen.suomi.fi; 1
default-src 'none'; img-src 'self' https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com https://strapiweb-s3-prod-01.s3.amazonaws.com https://c212.net https://www.googletagmanager.com data:; media-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src https://fonts.gstatic.com; object-src 'none'; frame-src *.google.com; worker-src blob:; connect-src 'self' https://*.algolia.net https://*.algolianet.com https://*.algolia.io https://triumphgroup2020index.q4web.com https://www.google-analytics.com https://*.googleapis.com *.google.com https://*.gstatic.com  data: blob:; frame-ancestors 'none'; base-uri 'self'; form-action 'self' 1
default-src 'self'; font-src *; img-src *; script-src 'unsafe-eval' 'unsafe-inline' *; style-src 'unsafe-inline' *; connect-src *; form-action *; frame-ancestors 'self'; child-src *;object-src 'self' data: https://marketplace.phi-production.cloud; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' www.youtube.com embed.typeform.com form.typeform.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com embed.typeform.com www.google-analytics.com; media-src 'self' www.google-analytics.com; font-src 'self'; connect-src 'self' www.google-analytics.com; img-src 'self' www.google-analytics.com; style-src 'self' 'unsafe-inline' embed.typeform.com; base-uri 'self' 1
frame-ancestors 'self'; report-uri https://linnrecords.com/report-uri/enforce 1
default-src 'self'; script-src 'self' https://ystweb.cantarusdev.co.uk/ https://ajax.cloudflare.com/ blob: https://tools.luckyorange.com/ https://platform.twitter.com/ https://www.googletagmanager.com/ https://connect.facebook.net/ https://cc.cdn.civiccomputing.com/ 'unsafe-eval' 'unsafe-inline'; style-src 'self' https://tools.luckyorange.com/ 'unsafe-inline'; img-src * data:; frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://anchor.fm/ https://podcasters.spotify.com/; font-src 'self' https://storage.googleapis.com/ https://fonts.gstatic.com/ data: ;connect-src 'self' https://tools.luckyorange.com/  https://settings.luckyorange.com/ https://apikeys.civiccomputing.com/ https://region1.google-analytics.com/ https://pubsub.googleapis.com/ wss://in.visitors.live/ wss://realtime.luckyorange.com/ https://api-preview.luckyorange.com/ https://in.visitors.live/ https://our.umbraco.com/ 1
default-src 'self' blob:; style-src 'self' 'unsafe-inline' https://cse.google.com https://www.google.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cse.google.com https://www.google.com; font-src 'self'; img-src 'self' data: blob: https://www.google-analytics.com https://logo.samandehi.ir https://www.googletagmanager.com https://clients1.google.com https://www.google.com https://trustseal.enamad.ir; connect-src 'self' wss://localhost:* https://www.google-analytics.com https://region1.google-analytics.com; media-src 'self'; object-src 'self' blob:; report-uri /api/CspReport/Log 1
base-uri 'none'; style-src 'self' *.cassiecloud.com *.googleapis.com 'unsafe-inline' https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.css https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.css https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.css; script-src 'nonce-9XhhXnLdbZCgpeEySd7bSA=='  'sha256-8eLN3Ng4yngy2BD+hVdxRQug87+PAhC1HZZfTCkoFbY='  'self' 'strict-dynamic' 'unsafe-eval' *.kaltura.com/ *.cassiecloud.com *.googletagmanager.com https://google-analytics.com *.google-analytics.com *.bing.com https://connect.facebook.net https://lilly-customerconnect.secure.force.com https://customerconnect.my.salesforce-sites.com https://ispot.tv *.turn.com *.myadvocado.com *.doubleclick.net *.analytics.yahoo.com *.google.com https://facebook.com *.salesforceliveagent.com *.youtube.com *.ytimg.com *.gstatic.com *.googlevideo.com blob: http://d22xmn10vbouk4.cloudfront.net *.googleapis.com assets.adobedtm.com assets.ctfassets.net 'nonce-Q+3SsP/nT1Qb9DtwRm8EbA==' *.soundcloud.com *.recaptcha.net 'sha256-uMkuBZ4FQVVBqzs6NHOoGr/1vOLA1h9acPURz3E39HA=' 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' 'sha256-tempUn1btibnrWwQxEk37lMGV1Nf8FO/GXxNhLEsPdg=' 'sha256-YvYJ5WVzt8kOVVuSB9YcyVJLN4a6HcbOgQpzrg0BLUI=' https://clientapi.gcs-web.com https://d22xmn10vbouk4.cloudfront.net https://servicesplatform.partneringplace.com https://forms.office.com bugcrowd.com *.lilly.com https://d1ltrl2zzo6l3e.cloudfront.net/public/syrenis-cookie-management.js https://d3gnk5748ud580.cloudfront.net/public/syrenis-cookie-management.js https://dscrutpyu4zff.cloudfront.net/public/syrenis-cookie-management.js; object-src 'none'; frame-src *.doubleclick.net/ *.myadvocado.com/ *.youtube.com *.soundcloud.com *.google.com *.facebook.com *.spotify.com *.simplecast.com *.recaptcha.net https://servicesplatform.partneringplace.com https://forms.office.com *.kaltura.com/ bugcrowd.com di.rlcdn.com 1
default-src 'none'; script-src 'self' www.googletagmanager.com platform.twitter.com syndication.twitter.com static.ads-twitter.com 'sha256-ewTm8QMx/IkmbIFAIapvCHoCrGgIIHhn8qKC7/5Y2Ro=' 'unsafe-hashes' 'sha256-mplq9U9bn5xLaFQjbIOde0Eu7cXsI2xaTPex2jLztp0='; style-src 'self' cdnjs.cloudflare.com fonts.googleapis.com 'sha256-akbuxUDobAg86+TiT5p8TENoFqlhtGWtEqHedhVNujw='; font-src fonts.gstatic.com cdnjs.cloudflare.com; img-src 'self' syndication.twitter.com t.co analytics.twitter.com; frame-src platform.twitter.com; connect-src *.google-analytics.com 1
frame-ancestors 'self' https://www.chasepaymentechhostedpay.com 1
default-src *; font-src * data:;img-src * data:;frame-src * data:; script-src * 'unsafe-inline'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' *.aboundcu.com *.zagclients.net 1
default-src 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net polyfill.io *.newrelic.com *.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cookiehub.net *.cookiehub.net *.google.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.licdn.com *.facebook.net *.doubleclick.net polyfill.io *.facebook.com *.facebook.net *.plyr.io *.vimeo.com *.youtube.com *.hsforms.net *.hsforms.com js.hs-scripts.com js.hs-banner.com js.hs-analytics.net js.hscollectedforms.net  unpkg.com  *.usercentrics.eu *.newrelic.com *.linkedin.com *.googleapis.com; style-src 'self' 'unsafe-inline' cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.com *.youtube.com projects.codeaware.at *.linkedin.com *.googleapis.com; img-src * 'self' data: https:; frame-src 'self' *.youtube.com *.youtu.be *.youtube-nocookie.com *.vimeo.com *.doubleclick.net *.facebook.com *.facebook.net forms.hsforms.com *.usercentrics.eu *.newrelic.com *.linkedin.com; font-src 'self' data: *.gstatic.com *.googleusercontent.com projects.codeaware.at; connect-src 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.io *.youtube.com noembed.com forms.hsforms.com forms.hubspot.com polyfill.io  *.usercentrics.eu 'self' *.google.com *.google-analytics.com *.doubleclick.net cookiehub.net *.cookiehub.net *.facebook.com *.facebook.net *.plyr.io *.vimeo.io *.youtube.com noembed.com forms.hsforms.com forms.hubspot.com polyfill.io  *.usercentrics.eu *.hscollectedforms.net *.newrelic.com *.nr-data.net *.linkedin.com *.googleapis.com; report-uri /report-csp-violation 1
default-src 'self'; base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-src 'self' https://tol-app-prod.firebaseapp.com/ https://tol-app-82e72.firebaseapp.com/ https://googleads.g.doubleclick.net/ https://*.google.com/ https://*.googlesyndication.com/ https://www.youtube.com/ https://api.pay.jp/ https://js.pay.jp/ https://js.stripe.com/; frame-ancestors 'self'; img-src 'self' data: https:; object-src 'none'; script-src 'self' https://*.googlesyndication.com/ https://*.googleadservices.com/ https://adservice.google.co.in/ https://adservice.google.co.jp/ https://adservice.google.com/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://apis.google.com/ https://*.pay.jp/ https://*.stripe.com/ 'unsafe-eval' 'unsafe-inline'; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' https://*.google.com/ https://*.google.co.jp/ https://*.googleadservices.com/ https://www.googletagmanager.com/ https://*.googlesyndication.com/ https://www.google-analytics.com/ https://vercel.live/ https://*.pay.jp/ https://*.stripe.com/ https://cdnjs.cloudflare.com/ 'unsafe-inline' 'unsafe-eval'; worker-src blob:; child-src blob:; connect-src 'self' https://*.tol-app.jp https://*.googleapis.com/ https://*.gstatic.com/ https://*.googlesyndication.com/ https://www.google-analytics.com/ https://*.sentry.io/ https://*.pay.jp/; style-src 'self' https: 'unsafe-inline'; style-src-elem 'self' http://fonts.googleapis.com https: 'unsafe-inline'; upgrade-insecure-requests ; 1
default-src 'self' wss://s-usc1c-nss-254.firebaseio.com wss://daisho.firebaseio.com wss://*.daisho.firebaseio.com wss://*.s-usc1c-nss-254.firebaseio.com *.albacross.com *.doubleclick.net *.s-usc1c-nss-254.firebaseio.com *.daisho.firebaseio.com *.firebaseio.com *.googleapis.com *.landbot.io *.gstatic.com *.searchiq.co *.facebook.com *.hotjar.com vc.hotjar.io vendorlist.consensu.org l.sharethis.com c.sharethis.mgr.consensu.org *.hotjar.com *.partteams.com *.partteams.com/sales/* https://forms.monday.com/ *.forms.monday.com/* *.monday.com/* *.oemkiosks.com/sales/* *.tawk.to *.cloudflare.com *.licdn.com *.leadboxer.com *.addthis.com partteam-59hvecv.netdna-ssl.com *.google-analytics.com wss://*.tawk.to wss://*.hotjar.com https://snid.snitcher.com/verify; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://time.is *.time.is https://widget.time.is/t.js *.widget.time.is/t.js https://snid.snitcher.com/8422734.js *.snid.snitcher.com *.lfeeder.com *.leadfeeder.com sc.lfeeder.com lftracker.leadfeeder.com *.landbot.io https://www.googletagmanager.com/gtag/js *.firebaseio.com *.cookiebot.com *.gstatic.com *.list-manage.com *.amazonaws.com graph.facebook.com widgets.pinterest.com *.ytimg.com *.searchiq.co *.facebook.com *.youtube.com m.addthisedge.com v1.addthisedge.com *.google.com *.linkedin.com lead.watch c.sharethis.mgr.consensu.org partteam-59hvecv.netdna-ssl.com *.tawk.to *.licdn.com *.adroll.com *.lead.watch *.marinsm.com *.facebook.net *.sharethis.com *.addthis.com *.albacross.com *.leadboxer.com *.hotjar.com *.googleadservices.com *.cloudflare.com *.google-analytics.com wss://*.tawk.to https://cjshare.com *.cjshare.com *.cleverjump.org *.jsdelivr.net https://sharebutton.net *.sharebutton.net *.partteams.com *.partteams.com/sales/ *.oemkiosks.com/sales/  *.unpkg.com; style-src 'self' 'unsafe-inline' *.tawk.to *.googleapis.com *.searchiq.co *.jsdelivr.net partteam-59hvecv.netdna-ssl.com optimize.google.com *.partteams.com  *.partteams.com/sales/* *.oemkiosks.com/sales/* *.mailchimp.com *.amazonaws.com s3.amazonaws.com; img-src data: * blob:; object-src *.tawk.to *.partteams.com *.partteams.com/sales/* *.oemkiosks.com/sales/* ; frame-src https://forms.monday.com/ *.forms.monday.com/* *.monday.com/* *.firebaseio.com *.partteams.com *.partteams.com/sales/* *.oemkiosks.com/sales/* *.facebook.com *.youtube.com *.vimeo.com *.google.com partteam-59hvecv.netdna-ssl.com c.sharethis.mgr.consensu.org t.sharethis.com s7.addthis.com vars.hotjar.com static-v.tawk.to va.tawk.to disqus.com; worker-src blob:;font-src 'self' data: fonts.gstatic.com embed.tawk.to; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cyberark.sc.omtrdc.net sc.omtrdc.net *.everesttech.net everesttech.net *.demdex.net demdex.net *.adobedtm.com adobedtm.com cyberark.tt.omtrdc.net tt.omtrdc.net *.typekit.net typekit.net *.akamaihd.net akamaihd.net s3.amazonaws.com *.amazonaws.com amazonaws.com s3.eu-central-1.amazonaws.com *.adnxs.com adnxs.com *.baidu.com baidu.com *.btttag.com btttag.com *.bluekai.com bluekai.com *.bootstrapcdn.com bootstrapcdn.com *.cdntwrk.com cdntwrk.com *.choozle.com choozle.com *.cloudflare.com cloudflare.com *.cloudfront.net cloudfront.net *.cyberark.com cyberark.com g.doubleclick.net *.doubleclick.net doubleclick.net fls.doubleclick.net *.driftt.com driftt.com *.ensighten.com ensighten.com *.facebook.com *.facebook.net facebook.com facebook.net *.fontawesome.com fontawesome.com *.google.ae *.google.al *.google.am *.google.at *.google.az *.google.ba *.google.be *.google.bg *.google.bj *.google.bs *.google.by *.google.ca *.google.cd *.google.ch *.google.ci *.google.cl *.google.cm *.google.cn *.google.com *.google.cz *.google.de *.google.dk *.google.dz *.google.ee *.google.es *.google.fi *.google.fr *.google.ge *.google.gr *.google.hn *.google.hr *.google.hu *.google.ie *.google.im *.google.iq *.google.is *.google.it *.google.je *.google.jo *.google.kz *.google.lk *.google.lt *.google.lu *.google.lv *.google.mg *.google.mk *.google.ml *.google.mn *.google.mu *.google.nl *.google.no *.google.pl *.google.pt *.google.ro *.google.rs *.google.ru *.google.sc *.google.se *.google.sk *.google.sn *.google.sr *.google.tg *.google.tn *.google.tt *.gstatic.com *.translate.goog google.ae google.al google.am google.at google.az google.ba google.be google.bg google.bj google.bs google.by google.ca google.cd google.ch google.ci google.cl google.cm google.cn google.co.ao google.co.bw google.co.cr google.co.id google.co.il google.co.in google.co.jp google.co.ke google.co.kr google.co.ls google.co.ma google.co.mz google.co.nz google.co.th google.co.ug google.co.uk google.co.uz google.co.ve google.co.za google.co.zw google.com google.com.ar google.com.au google.com.bd google.com.bh google.com.bn google.com.bo google.com.br google.com.bz google.com.co google.com.cy google.com.do google.com.ec google.com.eg google.com.et google.com.fj google.com.gh google.com.gt google.com.hk google.com.jm google.com.kh google.com.kw google.com.lb google.com.ly google.com.mm google.com.mt google.com.mx google.com.my google.com.ng google.com.ni google.com.np google.com.om google.com.pa google.com.pe google.com.ph google.com.pk google.com.pr google.com.py google.com.qa google.com.sa google.com.sg google.com.sl google.com.sv google.com.tr google.com.tw google.com.ua google.com.uy google.com.vc google.com.vn google.cz google.de google.dk google.dz google.ee google.es google.fi google.fr google.ge google.gr google.hn google.hr google.hu google.ie google.im google.iq google.is google.it google.je google.jo google.kz google.lk google.lt google.lu google.lv google.mg google.mk google.ml google.mn google.mu google.nl google.no google.pl google.pt google.ro google.rs google.ru google.sc google.se google.sk google.sn google.sr google.tg google.tn google.tt gstatic.com translate.goog googleadservices.com *.googleapis.com googleapis.com *.cloudfunctions.net cloudfunctions.net *.googletagmanager.com googletagmanager.com *.google-analytics.com google-analytics.com *.herokuapp.com herokuapp.com *.hotjar.com *.hotjar.io hotjar.com hotjar.io *.jquery.com jquery.com *.jsdelivr.net jsdelivr.net *.linkedin.com ads.linkedin.com cdn.linkedin.oribi.io linkedin.com linkedin.oribi.io *.licdn.com licdn.com *.marketo.com *.marketo.net *.mktoresp.com marketo.com marketo.net mktoresp.com cognitive.microsofttranslator.com *.microsoft.com microsoft.com *.moz.com moz.com *.myfonts.net myfonts.net *.newrelic.com *.nr-data.net newrelic.com nr-data.net *.openx.net openx.net *.rlcdn.com rlcdn.com *.reddit.com *.redditstatic.com reddit.com redditstatic.com *.rubiconproject.com rubiconproject.com *.krxd.net krxd.net *.stackadapt.com srv.stackadapt.com stackadapt.com *.adsrvr.org adsrvr.org *.trustarc.com trustarc.com *.twitter.com twitter.com *.6sc.co *.litix.io 6sc.co litix.io *.unpkg.com unpkg.com *.wistia.com wistia.com *.wpengine.com wpengine.com analytics.yahoo.com *.googleadservices.com *.duosecurity.com duosecurity.com yoast.com *.ceros.com ceros.com *.transistor.fm transistor.fm segreencolumn.com *.segreencolumn.com cnv.event.prod.bidr.io simpli.fi *.simpli.fi dpmsrv.com *.dpmsrv.com adnxs.com *.adnxs.com *.cloudflareinsights.com cloudflareinsights.com data: blob:; upgrade-insecure-requests; 1
frame-ancestors miyazaki-city.sakura.ne.jp 1
frame-ancestors 'self' https://training.simons-voss.com 1
frame-ancestors 'none'; base-uri 'self'; 1
default-src 'self' https://tn.fromoldbooks.org https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google.ca/ads https://www.google-analytics.com https://analytics.google.com https://tpc.googlesyndication.com https://cdnjs.buymeacoffee.com https://stats.g.doubleclick.net; img-src 'self' data: https://tn.fromoldbooks.org https://www.google.ca/ads https://www.google-analytics.com https://analytics.google.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.paypalobjects.com; style-src 'self' 'unsafe-inline'; font-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.buymeacoffee.com https://www.google.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google.ca/ads https://www.google-analytics.com https://analytics.google.com *.doubleclick.net https://www.googletagervices.com https://ssl.google-analytics.com https://cdn.ampproject.org https://cdn.taboola.com https://adservice.google.com https://adservice.google.ca https://partner.googleadservices.com  https://www.googletagservices.com https://tpc.googlesyndication.com https://www.googletagmanager.com; frame-src 'self' 'unsafe-inline' https://cdnjs.buymeacoffee.com https://www.google.com https://pagead2.googlesyndication.com https://fundingchoicesmessages.google.com https://www.google.ca/ads https://www.google-analytics.com https://analytics.google.com *.doubleclick.net https://www.googletagervices.com https://ssl.google-analytics.com https://cdn.ampproject.org https://cdn.taboola.com https://adservice.google.com https://adservice.google.ca https://partner.googleadservices.com  https://www.googletagservices.com https://tpc.googlesyndication.com; base-uri 'self'; object-src 'none' 1
connect-src 'self' https://maps.googleapis.com https://www.google-analytics.com; 1
default-src data: 'self' 'unsafe-eval' 'unsafe-inline'  zap-mag.ru *.zap-mag.ru  *.jivo.ru wss://*.jivo.ru *.jivosite.com wss://*.jivosite.com  https://*.cdek.ru  https://*.parts-catalogs.com  https://partkomru.webim.ru  https://mod.calltouch.ru wss://ws.calltouch.ru *.calltouch.ru  https://*.gstatic.com https://www.google-analytics.com https://www.googletagmanager.com https://tagmanager.google.com https://www.google.com https://www.google.ru  https://mc.yandex.ru https://api-maps.yandex.ru https://geocode-maps.yandex.ru *.maps.yandex.net  https://yastatic.net  https://counter.yadro.ru  https://stats.g.doubleclick.net;  object-src 'none';  upgrade-insecure-requests;  report-to zapmag-csp;  report-uri https://zap-mag.ru/_/csp-reports; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-Yk1ihPHqlALDibPrmvibBg' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' blob: ;font-src 'self' data: https://*.typekit.net https://*.bugherd.com https://*.jsdelivr.net https://*.hormelstaging.com https://*.cloudfront.net https://use.fontawesome.com https://*.bootstrapcdn.com https://fonts.gstatic.com ;img-src 'self' data: blob: https://res.cloudinary.com https://ps.w.org https://s.w.org https://*.hormel.com https://aep.mxptint.net https://secure.gravatar.com https://*.salsify.com https://*.justins.com https://justins.com https://*.gstatic.com https://*.googleapis.com https://dpm.demdex.net https://*.doubleclick.net https://aa.agkn.com https://ups.analytics.yahoo.com https://*.bugherd.com https://beacon.krxd.net https://www.googletagmanager.com https://*.powerreviews.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com wss://*.pricespider.com https://cdnjs.cloudflare.com https://*.pricespider.com https://*.cloudfront.net https://r.turn.com https://mpp.mxptint.net https://www.google-analytics.com https://*.hormel.com https://bugherd-attachments.s3.amazonaws.com https://*.google.com https://*.bing.com https://www.facebook.com https://*.pinterest.com https://*.iriworldwide.com ;script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://mpsnare.iesnare.com https://s0.wp.com https://ws.sharethis.com https://script.hotjar.com https://hormel.my.salesforce-sites.com https://hormel.my.salesforce.com https://code.jquery.com https://*.bugherd.com https://*.googletagmanager.com https://*.force.com https://*.salesforceliveagent.com https://*.cloudfront.net https://*.powerreviews.com https://static.hotjar.com https://*.facebook.net https://*.amazonaws.com https://s.pinimg.com https://*.crazyegg.com https://www.google-analytics.com wss://*.pricespider.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://cdnjs.cloudflare.com https://*.doubleclick.net https://*.bing.com https://www.googleadservices.com https://*.pricespider.com https://*.googleapis.com https://*.google.com https://*.hormel.com https://*.hormelfoods.com https://www.googletagmanager.com https://*.youtube.com https://*.pinterest.com ;style-src 'self' 'unsafe-inline' https://*.myfonts.net https://*.bootstrapcdn.com https://s0.wp.com https://www.justins.com https://*.jsdelivr.net https://cloud.typography.com https://*.salesforce-sites.com https://*.force.com https://hormel.my.salesforce-sites.com https://*.typekit.net https://hormelchat.secure.force.com https://*.bugherd.com https://*.googletagmanager.com https://*.hormel.com https://*.hormelfoods.com https://*.cloudfront.net https://use.fontawesome.com https://*.powerreviews.com https://*.googleapis.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://*.salesforce.com https://*.salesforceliveagent.com https://cdnjs.cloudflare.com https://*.pricespider.com ;connect-src 'self' https://justinsbrand.zendesk.com wss://ws-mt1.pusher.com https://analytics.google.com https://*.hotjar.io https://l.sharethis.com https://sockjs.pusher.com https://yoast.com https://*.googleapis.com https://hormel.my.salesforce-sites.com https://*.bugherd.com https://hormelchat.secure.force.com https://*.salesforce-sites.com https://*.force.com https://*.pusher.com wss://*.pusherapp.com https://*.bugsnag.com https://*.amazonaws.com https://cdnjs.cloudflare.com https://api.mapbox.com https://*.tiles.mapbox.com https://events.mapbox.com https://*.pricespider.com wss://*.pricespider.com https://productlocator.iriworldwide.com https://*.powerreviews.com https://www.facebook.com https://*.doubleclick.net https://*.crazyegg.com https://www.google-analytics.com https://*.pinterest.com https://www.googletagmanager.com ;frame-src 'self' https://widgets.wp.com https://*.vimeo.com https://*.google.com https://*.bugherd.com https://www.youtube.com https://*.pinterest.com https://www.facebook.com https://*.doubleclick.net https://*.force.com 1
block-all-mixed-content; frame-src 'self' https://*.uber.com https://*.ubereats.com http://*.cdn-net.com https://tr.snapchat.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://www.google.com/recaptcha/ https://auth.uberinternal.com https://gumi.criteo.com/ https://mug.criteo.com https://gum.criteo.com https://catalogs.uberinternal.com/ bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net *.optimizely.com; worker-src 'self' blob:; child-src 'self' blob: bs.serving-sys.com click.appcast.io analytics.recruitics.com ci.iasds01.com cdn.krxd.net www.facebook.com *.doubleclick.net *.tealiumiq.com *.demdex.net; connect-src 'self' 'self' https://*.uber.com https://duyt4h9nfnj50.cloudfront.net https://d3fa76b550dpw9.cloudfront.net https://d4p17acsd5wyj.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://dkl8of78aprwd.cloudfront.net https://cn-geo1.uber.com https://d1goeicueq33a8.cloudfront.net https://siteintercept.qualtrics.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://analytics.tiktok.com https://analytics.google.com https://dynamic.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://sslwidget.criteo.com https://tr.snapchat.com https://app.paypay.ne.jp https://stg.paypay-corp.co.jp https://image.paypay.ne.jp https://d1g1f25tn8m2e6.cloudfront.net https://www.google.com/pagead/landing https://googleads.g.doubleclick.net/pagead/landing https://dyguxp1m9tbrw.cloudfront.net https://u-vsm.tmobiapi.com https://*.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com https://maps.googleapis.com https://www.gstatic.com events.uber.com api.mixpanel.com d3i4yxtzktqr9n.cloudfront.net *.optimizely.com *.google-analytics.com *.tealiumiq.com *.demdex.net https://api-js.mixpanel.com; manifest-src 'self' https://*.uber.com; form-action 'self' https://tr.snapchat.com https://www.facebook.com/tr/ https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com; frame-ancestors 'self' https://www.nimblerx.com https://static-team-ops.nimbleandsimple.com https://pharma.uber.com http://local.shakeshack.com https://shakeshack.prod.acquia-sites.com https://www.shakeshack.com https://dev.shakeshack.com https://stg.shakeshack.com https://shakeshack.com https://pre-prod.shakeshack.com https://stg-green.shakeshack.com https://stg-alt.shakeshack.com https://front-hml-delivery.azurewebsites.net https://front-dev-delivery.azurewebsites.net https://front-prd-delivery.azurewebsites.net https://deliverycontrol.grupomadero.com.br https://delivery.grupomadero.com.br https://staging-shop.mccolls.co.uk https://shop.mccolls.co.uk https://stoq.shop https://staging.stoq.shop https://admin.stoq.shop https://admin-staging.stoq.shop https://www.gcom.com.br https://www.spoleto.com.br https://www.koni.com.br https://www.lebonton.com.br https://www.gokoni.com https://www.cutthecrap.com.br https://www.risierisoteria.com.br https://www.giustoculinaria.com.br https://www.roomservicedelivery.com.br https://www.strogonosso.com.br https://voalzira.online/ https://voalzira.online/minhaloja https://medmate.com.au https://order.manoosh.com.au https://test.expresskfc.com/ https://expresskfc.com/ https://www.test.expresskfc.com/ https://www.expresskfc.com/ https://kfccostarica.cr/ https://www.kfccostarica.cr/ https://express.dospinos.com/ https://mcstaging.dospinos.com/ https://shopuat.pxpay.com.tw/ https://shop.pxpay.com.tw/ https://app.cocinasocultas.com https://app.foodstarsuk.com https://app.pruebehubster.com https://app.pruebehubster.com.mx https://app.tryhubster.co.uk https://app.tryhubster.com https://app.tryhubster.com.au https://app.tryotter.com https://catalogs.uberinternal.com https://catalogs-staging.uberinternal.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://health-staging.uber.com https://health.uber.com https://admin.restoplus.com https://admin.staging.restoplus.com https://admin.qa1.restoplus.com https://admin.qa2.restoplus.com https://admin.qa3.restoplus.com https://admin.qa4.restoplus.com https://admin.qa5.restoplus.com https://admin.qa6.restoplus.com https://orders.restoplus.com https://orders.staging.restoplus.com https://orders.qa1.restoplus.com https://orders.qa2.restoplus.com https://orders.qa3.restoplus.com https://orders.qa4.restoplus.com https://orders.qa5.restoplus.com https://orders.qa6.restoplus.com https://pos.restoplus.com https://pos.staging.restoplus.com https://pos.qa1.restoplus.com https://pos.qa2.restoplus.com https://pos.qa3.restoplus.com https://pos.qa4.restoplus.com https://pos.qa5.restoplus.com https://pos.qa6.restoplus.com https://beta-shop.cashier.tw https://shop.cashier.tw https://indev-webapp.cashier.tw https://indev-beta-shop.cashier.tw https://indev-shop.cashier.tw https://us-int-office.tabit-int.com https://us-office.tabit-stage.com/auth/login https://us-demo-office.tabit-stage.com https://us-office.tabit.cloud https://foxtrotco.com/tracking https://foxtrotco.com/orderconfirmation https://foxtrotco.com/home https://foxtrotco.com https://app.onhere.com.br https://beta.inline.app https://staging.inline.app https://inline.app https://shane.machinat.dev/ https://app.topcaisse.fr https://ordering.ritas.com http://ordering.ritas.com https://ordering.ritas.stage.demotesturl.net http://ordering.ritas.stage.demotesturl.net https://*.cookiedelivery.com ee.magento.test 245.magento.test uber.improntus.dev https://dev.kfc.co.uk https://qa.kfc.co.uk https://brand.preprod.platform.kfcapi.com/ https://www.kfc.co.uk/ https://qa-kfc-za.eu.cognizantorderservnxtgen.com/ https://dev-kfc-za.eu.cognizantorderservnxtgen.com/ https://uat-kfc-za.eu.cognizantorderservnxtgen.com/ https://perf-kfc-za.eu.cognizantorderservnxtgen.com/ https://pen-kfc-za.eu.cognizantorderservnxtgen.com/ https://betatest.kfc.co.za/ https://order.kfc.co.za/ https://shop.pxgo.com.tw/ https://shopuat.pxpay.com.tw/ https://delivery.jimmybrings.com.au/ https://staging.jimmybrings.com.au/ https://beta.jimmybrings.com.au/ https://49171584-9e6d-4979-ab61-27a301a7e33e-production.au.prd.c.deity.cloud/ https://42d9d738-3eab-441f-91de-1afcd88b770f-acceptance.au.prd.c.deity.cloud/ https://1b8d2377-9260-4384-bc9f-aa1086543c69-test.au.prd.c.deity.cloud/ https://jimmybrings.com.au/ https://www.kfccostarica.cr https://www.kfccostarica.com https://kfccostarica.cr https://kfccostarica.com https://edb-staging.uber.com https://edb.uber.com 'self' quiznos.co.cr https://quiznos.co.cr https://pos.mymealsy.com https://stage.mymealsy.com https://dev.mymealsy.com https://fast.tk3c.com https://fdtest.tk3c.com https://panda-express.wallia.dev https://127.0.0.1:5173/ https://test.tacobellpr.com/ https://test.arcoprueba.com/ https://www.tacobellpr.com/ https://tacobellpr.com/ https://www.kfcpuertorico.com/ https://kfcpuertorico.com/ https://boba.rbteawalnut.com/ https://qjmpdemo.altaineapps.com/ https://stinkerapi.altaineapps.com/ https://mapcoapi.altaineapps.com/ https://loyalty.ritasice.com https://loyalty.stage.demotesturl.net https://loyalty.training.demotesturl.net https://loyalty.dev.demotesturl.net https://web-ordering.test.apps.gyg.com.au/ https://web-ordering.staging.apps.gyg.com.au/ https://order.guzmanygomez.com.au/ https://*.order.staging.apps.gyg.com.au/ https://*.order.test.apps.gyg.com.au/ https://*.order.prod.apps.gyg.com.au https://test-store.deliclever.com/ https://vicio.menu/ https://*.homeriabktest.com https://*.burgerkingemcasa.com https://*.burgerkingencasa.es https://*.windelivery-alsea.com https://*.windelivery.es https://*.windelivery.io https://uboard.ueat.io https://uboard-beta.ueat.io https://uboard-staging.ueat.io https://uboard.ueat.dev *.appspaces.ca *.paidshipping.com *.shiptime.com https://darwinnow.io/ https://darwinfood.com https://ewpf-staging.uber.com/ https://ewpf.uber.com/ https://yurinowqa.azurewebsites.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com 'nonce-f6e6c8a0-45ce-469b-a892-101659267cb3' https://bat.bing.com https://*.qualtrics.com https://analytics.twitter.com http://www.googletagservices.com http://*.cdn-net.com https://sc-static.net https://tr.snapchat.com https://*.yjtag.jp https://yjtag.yahoo.co.jp https://b92.yahoo.co.jp https://*.yimg.jp https://*.outbrain.com https://www.redditstatic.com https://analytics.tiktok.com https://dynamic.criteo.com https://static.criteo.net https://sslwidget.criteo.com https://widget.us.criteo.com https://widget.as.criteo.com https://widget.eu.criteo.com https://payments.uber.com https://payments.ubereats.com https://payments.postmates.com https://payments.order.store https://wpe-breeze.uberinternal.com https://payments-orchid.uber.com https://payments-staging.uberinternal.com https://payments-staging.uber.com https://d4p17acsd5wyj.cloudfront.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://dca.ubereats.com https://phx.ubereats.com https://ln-rules.rewardstyle.com/bookmarklet.js 'unsafe-eval' script.crazyegg.com www.google-analytics.com www.googletagmanager.com maps.googleapis.com maps.google.com tags.tiqcdn.com beacon.krxd.net cdn.krxd.net cdn.mxpnl.com www.googleadservices.com www.ziprecruiter.com analytics.recruitics.com edge.quantserve.com secure.quantserve.com connect.facebook.net cdn.nanigans.com api.nanigans.com *.adroll.com s.yimg.com sp.analytics.yahoo.com click.app-cast.com i.l.inmobicdn.net *.optimizely.com *.tealiumiq.com *.doubleclick.net static.ads-twitter.com https://www.google-analytics.com https://ssl.google-analytics.com maps.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' https://d1a3f4spazzrp4.cloudfront.net https://d3i4yxtzktqr9n.cloudfront.net https://tb-static.uber.com https://tbs-static.uber.com https://api.tiles.mapbox.com https://fonts.googleapis.com; report-uri https://csp.uber.com/csp?a=web-eats-v2&ro=false 1
font-src fonts.gstatic.com/ static.unzer.com data: https://static.unzer.com *.fontawesome.com *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com test.frankana.tdintern.de amc.demdex.net *.vimeo.com payment.unzer.com *.heidelpay.com https://payment.unzer.com/ https://payment.heidelpay.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.hsforms.net *.hsforms.com *.googletagmanager.com *.google-analytics.com blob: *.google.com *.googleapis.com *.google.de *.gstatic.com *.googleusercontent.com *.doubleclick.net static.unzer.com *.magentocommerce.com *.ytimg.com cdn.cookielaw.org https://static.unzer.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: cdn.frankana.tdintern.de ff.cdn.bloodstream.cloud b2b.frankana.de data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.hsforms.net *.hsforms.com *.google.com maps.google.com maps.googleapis.com tagmanager.google.com www.gstatic.com static.unzer.com cdn.cookielaw.org *.onetrust.com *.googleapis.com https://static.unzer.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.google.com *.google.de *.gstatic.com cdn.cookielaw.org *.fontawesome.com unsafe-inline assets.braintreegateway.com *.googleapis.com www.googletagmanager.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com * 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com *.doubleclick.net payment.unzer.com api.unzer.com *.heidelpay.com *.demdex.net *.omtrdc.net cdn.cookielaw.org maps.googleapis.com https://payment.unzer.com https://payment.heidelpay.com https://api.unzer.com https://api.heidelpay.com api.friendlycaptcha.com eu-api.friendlycaptcha.eu api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com geolocation.onetrust.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src api.unzer.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
img-src 'self' blob: data: https://www.google.com/ https://fonts.gstatic.com/ https://www.nbrb.by/ https://api.nbrb.by/ https://www.google-analytics.com/ https://api-maps.yandex.ru/ https://yastatic.net/ https://fonts.googleapis.com/ https://core-renderer-tiles.maps.yandex.net/ https://www.gstatic.com/ https://www.googLetagmanager.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://stats.g.doubleclick.net/ https://yandex.ru/ https://www.youtube.com/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net/ https://speller.yandex.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://analytics.google.com/ https://www.google.by/ https://play.google.com/ https://unpkg.com/ https://fingramota.by https://teacher.fingramota.by https://young.fingramota.by;default-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/ https://fonts.gstatic.com/ https://www.nbrb.by/ https://api.nbrb.by/ https://www.google-analytics.com/ https://api-maps.yandex.ru/ https://yastatic.net/ https://fonts.googleapis.com/ https://core-renderer-tiles.maps.yandex.net/ https://www.gstatic.com/ https://www.googLetagmanager.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://stats.g.doubleclick.net/ https://yandex.ru/ https://www.youtube.com/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net/ https://speller.yandex.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://analytics.google.com/ https://www.google.by/ https://play.google.com/ https://unpkg.com/ https://fingramota.by https://teacher.fingramota.by https://young.fingramota.by; worker-src blob:;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com/ https://fonts.gstatic.com/ https://www.nbrb.by/ https://api.nbrb.by/ https://www.google-analytics.com/ https://api-maps.yandex.ru/ https://yastatic.net/ https://fonts.googleapis.com/ https://core-renderer-tiles.maps.yandex.net/ https://www.gstatic.com/ https://www.googLetagmanager.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://stats.g.doubleclick.net/ https://yandex.ru/ https://www.youtube.com/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net/ https://speller.yandex.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://analytics.google.com/ https://www.google.by/ https://play.google.com/ https://unpkg.com/ https://fingramota.by https://teacher.fingramota.by https://young.fingramota.by;style-src 'self' 'unsafe-inline' https://www.google.com/ https://fonts.gstatic.com/ https://www.nbrb.by/ https://api.nbrb.by/ https://www.google-analytics.com/ https://api-maps.yandex.ru/ https://yastatic.net/ https://fonts.googleapis.com/ https://core-renderer-tiles.maps.yandex.net/ https://www.gstatic.com/ https://www.googLetagmanager.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://stats.g.doubleclick.net/ https://yandex.ru/ https://www.youtube.com/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net/ https://speller.yandex.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://analytics.google.com/ https://www.google.by/ https://play.google.com/ https://unpkg.com/ https://fingramota.by https://teacher.fingramota.by https://young.fingramota.by;font-src 'self' 'unsafe-inline' data: https://www.google.com/ https://fonts.gstatic.com/ https://www.nbrb.by/ https://api.nbrb.by/ https://www.google-analytics.com/ https://api-maps.yandex.ru/ https://yastatic.net/ https://fonts.googleapis.com/ https://core-renderer-tiles.maps.yandex.net/ https://www.gstatic.com/ https://www.googLetagmanager.com/ https://mc.yandex.ru/ https://mc.yandex.md/ https://stats.g.doubleclick.net/ https://yandex.ru/ https://www.youtube.com/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net/ https://speller.yandex.net/ https://img.youtube.com/ https://www.youtube-nocookie.com/ https://analytics.google.com/ https://www.google.by/ https://play.google.com/ https://unpkg.com/ https://fingramota.by https://teacher.fingramota.by https://young.fingramota.by; 1
frame-ancestors https://cors-test.codehappy.dev http://cms.y12fcu.org https://staging-cms.y12fcu.org https://psa.digitalinsight.com https://digital.y12fcu.org https://staging.y12fcu.org https://www.cusgcms.com http://y12fcu.org https://uat-internetloanapplication.cudl.com https://internetloanapplication.cudl.com http://y12cms.inetsolution.dev http://inetsolution.dev 1
default-src https://www.gn.go.kr; child-src https://www.gn.go.kr https://postcode.map.daum.net *.epeople.go.kr https://eminwon.gangneung.go.kr https://xpay.uplus.co.kr https://xpay.lgdacom.net https://xpay.lgdacom.net:7443 https://www.data.go.kr https://www.youtube.com https://service.hanshinit.co.kr *.tosspayments.com https://spi.maps.daum.net; style-src 'self' 'unsafe-inline' https://t1.daumcdn.net fonts.googleapis.com; img-src 'self' https://i1.ytimg.com https://stlog1-local.kakao.com *.googleapis.com *.gstatic.com *.google-analytics.com data: *.daumcdn.net *.moonhwain.net:451; script-src 'unsafe-inline' 'unsafe-eval' *; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com https://dapi.kakao.com *.tosspayments.com 1
default-src 'self' *.klauke.com https://*.ridgidapps.com https://*.cybersource.com https://*.bazaarvoice.com *.google-analytics.com www.facebook.com www.google.com data: *.pricespider.com *.googleapis.com https://cdn.cookielaw.org *.onetrust.com https://static.cloudflareinsights.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.chasepaymentechhostedpay.com *.klauke.com maps.google.com *.googleapis.com www.googletagmanager.com *.pricespider.com cdnjs.cloudflare.com www.googleadservices.com https://*.bootstrapcdn.com https://*.bazaarvoice.com connect.facebook.net *.google-analytics.com https://googleads.g.doubleclick.net www.youtube.com https://s.ytimg.com https://*.ridgidapps.com www.google.com https://www.gstatic.com https://tagmanager.google.com https://tpc.googlesyndication.com https://img.en25.com blob: https://cdn.cookielaw.org *.onetrust.com https://static.cloudflareinsights.com;style-src 'self' 'unsafe-inline' *.klauke.com *.googleapis.com https://*.bazaarvoice.com https://*.bootstrapcdn.com https://*.pricespider.com https://*.ridgid.com https://tagmanager.google.com https://cdn.cookielaw.org *.onetrust.com;img-src 'self' *.klauke.com *.google-analytics.com *.youtube.com www.googletagmanager.com https: data: blob: https://cdn.cookielaw.org *.onetrust.com;frame-src 'self' https://www.chasepaymentechhostedpay.com *.klauke.com www.youtube.com https://bid.g.doubleclick.net https://*.bazaarvoice.com https://www.facebook.com https://orchardproject.net https://www.orchardproject.net https://www.orchardcore.net https://*.cybersource.com www.google.com www.googletagmanager.com https://*.fls.doubleclick.net https://tpc.googlesyndication.com data: mailto: https://cdn.cookielaw.org *.onetrust.com;font-src 'self' *.klauke.com fonts.gstatic.com https://fonts.googleapis.com https://*.bootstrapcdn.com greenlee.com data: https://cdn.cookielaw.org *.onetrust.com 1
default-src 'self' https://france-volontaires.org https://*.france-volontaires.org https://cartevsi.gogocarto.fr https://ssl.google-analytics.com https://*.googleapis.com; frame-src 'self' https://france-volontaires.org https://france-volontaires.org https://*.france-volontaires.org https://preprod.france-volontaires.org/ https://netdna.bootstrapcdn.com https://code.jquery.com https://www.facebook.com https://cartevsi.gogocarto.fr https://static.cloudflareinsights.com https://*.france-volontaires.org https://static.addtoany.com https://www.google.com https://www.youtube.com https://embed.acast.com https://connect.facebook.net https://www.instagram.com https://www.facebook.com https://www.linkedin.com https://platform.twitter.com https://3e5d3d20.sibforms.com https://www.youtube-nocookie.com https://open.spotify.com https://*.googleapis.com; style-src 'unsafe-inline' https://france-volontaires.org https://netdna.bootstrapcdn.com https://code.jquery.com https://*.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' https://france-volontaires.org https://maps.googleapis.com https://ajax.cloudflare.com/ https://www.instagram.com https://www.facebook.com https://www.linkedin.com https://platform.twitter.com https://www.clarity.ms https://connect.facebook.net https://analytics.tiktok.com https://cdn.jsdelivr.net https://code.highcharts.com https://ajax.googleapis.com https://www.googletagmanager.com https://code.jquery.com https://static.cloudflareinsights.com https://www.google-analytics.com https://static.addtoany.com https://ssl.google-analytics.com https://www.gstatic.com https://www.google.com https://cdnjs.cloudflare.com https://*.googleapis.com; font-src https://france-volontaires.org https://fonts.gstatic.com https://*.googleapis.com data:; connect-src https://france-volontaires.org https://www.facebook.com/tr/ https://maps.googleapis.com https://*.clarity.ms https://s.clarity.ms https://connect.facebook.net https://analytics.tiktok.com https://*.google-analytics.com https://*.googleapis.com; img-src 'self' https://france-volontaires.org https://*.france-volontaires.org https://c.clarity.ms https://c.bing.com https://ajax.googleapis.com https://www.facebook.com https://france-volontaires.org https://maps.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://ssl.google-analytics.com https://*.googleapis.com data:;object-src 'none'; base-uri 'self' https://france-volontaires.org https://*.france-volontaires.org; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' https://www.labor28.de *.labor28.de https://event.labor-dpl.de *.cloudfront.net app.10to8.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.aspnetcdn.com *.matomo.cloud *.vimeocdn.com https://youtube.com *.google.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.gstatic.com https://hcaptcha.com *.surveymonkey.com *.googleoptimize.com *.cookiebot.com *.vimeo.com *.facebook.net *.laborpublisher.de 'unsafe-inline' 'unsafe-eval'; style-src data: 'self' *.googleapis.com *.sonichealthcare.com *.gstatic.com *.laborpublisher.de 'unsafe-inline' 'unsafe-eval'; connect-src data: 'self'  *.labor28.de https://event.labor-dpl.de *.googleapis.com *.google-analytics.com *.matomo.cloud https://youtube.com https://stats.g.doubleclick.net *.google.com *.linkedin.com *.laborpublisher.de; font-src 'self' data: *.googleapis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *.google-analytics.com *.gstatic.com *.googleapis.com *.amazonaws.com *.o3n.io *.google.com *.googletagmanager.com *.bing.com *.facebook.com *.linkedin.com *.sonichealthcare.co.uk *.laborpublisher.de https://www.labor28.de *.labor28.de https://www.teamviewer.com 'unsafe-inline'; frame-src 'self' https://app.10to8.com *.google.com *.youtube.com https://www.zeemaps.com *.surveymonkey.com *.hcaptcha.com *.vimeo.com *.facebook.com https://www.youtube-nocookie.com https://scnem3.com *.softgarden.io; object-src 'none'; 1
object-src 'none'; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content 1
block-all-mixed-content; frame-ancestors 'self'; base-uri 'self'; default-src 'self'; font-src 'self' data:; child-src 'self' https://www.youtube.com/; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://*.google.com/ https://player.vimeo.com/; img-src 'self' data: https://*.ytimg.com/ https://*.youtube.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://toegankelijkheidsverklaring.nl/; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'sha256-cJc93onTFGyKyVoxUKBNAwTAMCvUjSfESBJdzLrjgWw=' 'sha256-JWt1m28kNFB/rFjtbJEOx3yqSxZv6OjgwNLclp75rQ0=' 'sha256-B7X35g/IfDxD2XCLBNOI+NAYfU+A5Ebd8LTXLMAMCes=' https://*.youtube.com/ https://*.readspeaker.com/ https://*.google-analytics.com/; style-src 'self' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ORkecA2WcB8bx8a079Dsi7E7kdb6ynqr885H8h4Wp/M=' 'sha256-7Wj4JppQPW/r0fhp+Y3lFnfwMGJjSJYaErRdXi/jGxw=' 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=' 'sha256-ORkecA2WcB8bx8a079Dsi7E7kdb6ynqr885H8h4Wp/M=' https://*.readspeaker.com/; connect-src 'self' https://*.readspeaker.com/ https://*.google-analytics.com/ https://*.doubleclick.net/; worker-src 'none'; form-action 'self' https://app-eu.readspeaker.com/ https://vttts-eu.readspeaker.com/; 1
default-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.jsdelivr.net https://rasawebchatcdnstaticapi.gsan.com.br/cdn/rasa-webchat.js https://botoinject.gsan.com.br/5209390111079/channel-inject.js https://botoinject.gsan.com.br/3349976796317/channel-inject.js https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.google.com https://*.ima.sp.gov.br ima.sp.gov.br https://*.campinas.sp.gov.br https://campinas.sp.gov.br https://*.youtube.com https://hosted.muses.org https://*.addthis.com https://*.addthisedge.com https://app.powerbi.com https://cdn.userway.org https://api.userway.org https://vlibras.gov.br https://*.vlibras.gov.br https://cdp.cloud.unity3d.com https://*.hotjar.com webpack: blob:; img-src 'self' https://cdn.jsdelivr.net https://*.vlibras.gov.br https://vlibras.gov.br https://script.hotjar.com http://*.ima.sp.gov.br https://campinas.sp.gov.br https://*.campinas.sp.gov.br https://*.ytimg.com https://www.google.com https://www.googLeapis.com https://clients1.googLe.com https://*.gstatic.com data:; style-src 'self' 'unsafe-inline' https: ; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com https://vlibras.gov.br https://*.vlibras.gov.br https://script.hotjar.com; connect-src 'self' https://cdn.jsdelivr.net https://botobucketrestapi.gsan.com.br wss://webchatsocketapi.gsan.com.br/socket.io/?EIO=4&transport=websocket https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://config.uca.cloud.unity3d.com https://cdp.cloud.unity3d.com https://vlibras.gov.br https://*.vlibras.gov.br https://in.hotjar.com https://*.ima.sp.gov.br https://campinas.sp.gov.br https://*.campinas.sp.gov.br https://streaming.ima.sp.gov.br/educativa.mp3; frame-src https://*.monday.com https://www.youtube.com https://app.powerbi.com https://vars.hotjar.com https://cse.googLe.com https://*.ima.sp.gov.br https://campinas.sp.gov.br https://*.campinas.sp.gov.br https://docs.google.com; frame-ancestors 'self' https://*.ima.sp.gov.br https://campinas.sp.gov.br https://*.campinas.sp.gov.br https://docs.google.com; media-src 'self' https://streaming.ima.sp.gov.br/educativa.mp3 1
connect-src 'self' https: *.jotun.com *.jotunprofessionals.com localhost:* *.visualstudio.com *.google-analytics.com *.googleapis.com *.cloudfront.net *.azure.com *.snapchat.com *.doubleclick.net *.qbrick.com *.dna.ip-only.net .hotjar.com *.hotjar.io wss: *.hotjar.com; default-src 'self' *.jotun.com *.jotunprofessionals.com * localhost:*; frame-src 'self' https: *.jotun.com *.jotunprofessionals.com localhost:* *.hcaptcha.com *.snapchat.com *.youtube.com *.issuu.com; media-src 'self' data: https: blob: *.jotun.com *.jotunprofessionals.com *.dna.ip-only.net; img-src 'self' data: https: *.jotun.com *.jotunprofessionals.com *.googletagmanager.com *.google.com *.google.nl *.cloudfront.net *.sharethis.com *.azure.com *.zaius.eu *.facebook.com *.dna.ip-only.net localhost:* *.hotjar.com; style-src 'self' *.jotun.com *.jotunprofessionals.com localhost:* *.jsdelivr.net *.googleapis.com 'unsafe-inline' *.hotjar.com 'unsafe-inline'; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' *.hotjar.com; script-src 'self' data: https: blob: localhost:* *.jotun.com *.jotunprofessionals.com  *.hcaptcha.com *.azure.com *.qbrick.com *.jsdelivr.net *.googletagmanager.com *.cloudfront.net *.sharethis.com *.azure.com 'unsafe-inline' 'unsafe-eval' *.hotjar.com 'unsafe-inline'; script-src-elem 'self' https: localhost:* *.jotun.com *.jotunprofessionals.com  *.googletagmanager.com *.cloudfront.net *.sharethis.com *.azure.com *.spinnaker-js.com sc-static.net *.snapchat.com *.google-analytics.com *.googleapis.com *.facebook.net *.youtube.com *.qbrick.com  'unsafe-inline' *.hotjar.com 'unsafe-inline' 1
block-all-mixed-content; connect-src 'self' services.thelist.tas.gov.au *.googleapis.com *.google-analytics.com *.hotjar.com *.hotjar.io stats.g.doubleclick.net *.sproutlabs.com.au wss: *.hotjar.com cdnjs.cloudflare.com cdn.jsdelivr.net; default-src 'none'; font-src 'self' data: application/font-woff *.gstatic.com *.bootstrapcdn.com cdnjs.cloudflare.com; frame-src 'self' *.hotjar.com *.google.com *.youtube.com youtube.com *.youtube-nocookie.com *.facebook.com *.surveymonkey.com *.createsend1.com *.tas.gov.au *.vimeo.com zingtree.com nre.snapforms.com.au; img-src 'self' *.tas.gov.au *.openstreetmap.org i.ytimg.com prod.smassets.net data: www.google-analytics.com *.google.com *.gstatic.com *.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net; manifest-src 'self'; media-src 'self'; object-src 'self' zingtree.com; script-src 'self' *.tas.gov.au *.google.com *.googleapis.com *.surveymonkey.com www.google-analytics.com www.googletagmanager.com *.gstatic.com *.facebook.net *.createsend1.com *.hotjar.com *.jwpcdn.com *.ravenjs.com code.jquery.com cdnjs.cloudflare.com *.bootstrapcdn.com zingtree.com cdn.jsdelivr.net cdn.jsdelivr.net nre.snapforms.com.au 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com code.jquery.com *.jwpcdn.com *.bootstrapcdn.com *.gstatic.com cdn.jsdelivr.net cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; 1
https://*; img-src * data:; 1
default-src data: 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net *.facebook.net *.facebook.com *.google.com *.googletagmanager.com *.google.com.tr *.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.youtube.com *.ytimg.com *.soundcloud.com *.spotify.com *.deezer.com *.vimeo.com *.vimeocdn.com *.41-29.com *.akbanksanat.com *.apple.com bundles.efilli.com cdn.efilli.com; 1
default-src * 'unsafe-inline' 'unsafe-eval';child-src 'self' brj-prod.hosted.positive.co.uk *.linkedin.com brownejacobson-updates.com brj-cms-prod.hosted.positive.co.uk admin.bj.local *.bj.local *.azurewebsites.net *.brownejacobson.com www.brownejacobson.com brownejacobson.com cms.brownejacobson.com brj-cms-uat.hosted.positive.co.uk brj-uat.hosted.positive.co.uk;font-src 'self' fonts.gstatic.com use.typekit.net;form-action 'self';frame-ancestors 'self' admin.bj.local cms.brownejacobson.com brj-cms-uat.hosted.positive.co.uk brj-cms-uat2.hosted.positive.co.uk;frame-src 'self' *.buzzsprout.com *.linkedin.com bj.local admin.bj.local *.youtube.com cdn.yoshki.com brj-prod.hosted.positive.co.uk brj-cms-prod.hosted.positive.co.uk *.vimeo.com brownejacobson-updates.com *.brownejacobson-updates.com brownejacobson.com www.brownejacobson.com cms.brownejacobson.com forms.brownejacobson.com brj-cms-uat.hosted.positive.co.uk brj-uat.hosted.positive.co.uk;img-src 'self' data:  admin.bj.local *.buzzsprout.com bj.local brj-cms-prod.hosted.positive.co.uk brj-prod.hosted.positive.co.uk *.brownejacobson.com brownejacobson.com www.brownejacobson.com *.www.brownejacobson.com brj-cms-uat.hosted.positive.co.uk cms.brownejacobson.com brj-uat.hosted.positive.co.uk brj-cms-uat2.hosted.positive.co.uk brj-uat2.hosted.positive.co.uk *.cookielaw.org *.google-analytics.com *.doubleclick.net *.youtube-nocookie.com *.google.com *.google.ch *.facebook.com *.pinterest.com pinterest.com *.vimeo.com *.addthis.com *.youtube.com *.webspellchecker.net *.cookiebot.com *.twitter.com *.googletagmanager.com *.ggpht.com *.googleapis.com *.gstatic.com *.bing.com *.ytimg.com *.twimg.com *.mouseflow.com *.facebook.net *.gaconnector.com *.crazyegg.com *.responsetap.com *.onetrust.com snap.licdn.com use.typekit.net *.use.typekit.net cdn.jsdelivr.net *.typekit.net *.jsdelivr.net *.pixabay.com vimeo.com jquery.unobtrusive-ajax.js cdn.yoshki.com brownejacobson-updates.com *.linkedin.com;manifest-src 'self';media-src 'self' data:  admin.bj.local *.buzzsprout.com bj.local brj-cms-prod.hosted.positive.co.uk brj-prod.hosted.positive.co.uk *.brownejacobson.com brownejacobson.com www.brownejacobson.com *.www.brownejacobson.com brj-cms-uat.hosted.positive.co.uk cms.brownejacobson.com brj-uat.hosted.positive.co.uk brj-cms-uat2.hosted.positive.co.uk brj-uat2.hosted.positive.co.uk *.cookielaw.org *.google-analytics.com *.doubleclick.net *.youtube-nocookie.com *.google.com *.google.ch *.facebook.com *.pinterest.com pinterest.com *.vimeo.com *.addthis.com *.youtube.com *.webspellchecker.net *.cookiebot.com *.twitter.com *.googletagmanager.com *.ggpht.com *.googleapis.com *.gstatic.com *.bing.com *.ytimg.com *.twimg.com *.mouseflow.com *.facebook.net *.gaconnector.com *.crazyegg.com *.responsetap.com *.onetrust.com snap.licdn.com use.typekit.net *.use.typekit.net cdn.jsdelivr.net *.typekit.net *.jsdelivr.net *.pixabay.com vimeo.com jquery.unobtrusive-ajax.js cdn.yoshki.com brownejacobson-updates.com *.linkedin.com;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' admin.bj.local *.buzzsprout.com bj.local brj-cms-prod.hosted.positive.co.uk brj-prod.hosted.positive.co.uk *.brownejacobson.com brownejacobson.com www.brownejacobson.com *.www.brownejacobson.com brj-cms-uat.hosted.positive.co.uk cms.brownejacobson.com brj-uat.hosted.positive.co.uk brj-cms-uat2.hosted.positive.co.uk brj-uat2.hosted.positive.co.uk *.cookielaw.org *.google-analytics.com *.doubleclick.net *.youtube-nocookie.com *.google.com *.google.ch *.facebook.com *.pinterest.com pinterest.com *.vimeo.com *.addthis.com *.youtube.com *.webspellchecker.net *.cookiebot.com *.twitter.com *.googletagmanager.com *.ggpht.com *.googleapis.com *.gstatic.com *.bing.com *.ytimg.com *.twimg.com *.mouseflow.com *.facebook.net *.gaconnector.com *.crazyegg.com *.responsetap.com *.onetrust.com snap.licdn.com use.typekit.net *.use.typekit.net cdn.jsdelivr.net *.typekit.net *.jsdelivr.net *.pixabay.com vimeo.com jquery.unobtrusive-ajax.js cdn.yoshki.com brownejacobson-updates.com *.linkedin.com;style-src 'self' 'unsafe-inline' admin.bj.local *.buzzsprout.com bj.local brj-cms-prod.hosted.positive.co.uk brj-prod.hosted.positive.co.uk *.brownejacobson.com brownejacobson.com www.brownejacobson.com *.www.brownejacobson.com brj-cms-uat.hosted.positive.co.uk cms.brownejacobson.com brj-uat.hosted.positive.co.uk brj-cms-uat2.hosted.positive.co.uk brj-uat2.hosted.positive.co.uk *.cookielaw.org *.google-analytics.com *.doubleclick.net *.youtube-nocookie.com *.google.com *.google.ch *.facebook.com *.pinterest.com pinterest.com *.vimeo.com *.addthis.com *.youtube.com *.webspellchecker.net *.cookiebot.com *.twitter.com *.googletagmanager.com *.ggpht.com *.googleapis.com *.gstatic.com *.bing.com *.ytimg.com *.twimg.com *.mouseflow.com *.facebook.net *.gaconnector.com *.crazyegg.com *.responsetap.com *.onetrust.com snap.licdn.com use.typekit.net *.use.typekit.net cdn.jsdelivr.net *.typekit.net *.jsdelivr.net *.pixabay.com vimeo.com jquery.unobtrusive-ajax.js cdn.yoshki.com brownejacobson-updates.com *.linkedin.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  https://www.googletagmanager.com https://ajax.googleapis.com  https://www.google-analytics.com https://ssl.google-analytics.com https://*.googleapis.com; img-src 'self' https://access.equalweb.com https://www.google-analytics.com https://fonts.googleapis.com https://ssl.google-analytics.com https://code.jquery.com https://s-static.ak.facebook.com https://assets.zendesk.com https://maps.gstatic.com https://*.googleapis.com data: ; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com  https://themes.googleusercontent.com; frame-src 'self' https://www.youtube.com https://www.google.com https://player.vimeo.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://weatherwidget.io; connect-src 'self' https://*.googleapis.com https://*.googleapis.com https://access.equalweb.com https://www.google-analytics.com https://va.tawk.to https://cdn.equalweb.com; object-src 'none' 1
default-src 'self'; base-uri 'self'; connect-src 'self' *.itzbund.de *.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com piwik.itzbund.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com piwik.itzbund.de *.youtube.com;object-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de piwik.itzbund.de; media-src 'self' multimedia.gsb.bund.de medien10.gsb.bund.de *.youtube.com www.quirksmode.org *.googleapis.com piwik.itzbund.de; child-src *.facebook.com *.twitter.com *.google.com *.gstatic.com *.youtube.com *.googleapis.com piwik.itzbund.de; img-src 'self' data: *.google.com *.gstatic.com *.youtube.com *.openstreetmap.org *.googleapis.com piwik.itzbund.de *.geodatenzentrum.de; font-src 'self' data: *.googleapis.com *.gstatic.com piwik.itzbund.de; frame-ancestors 'self' zfa-editor.preview.kkn.zd.intranet.bund.de piwik.itzbund.de zfa-zfa-editor.preview.kkn.zd.intranet.bund.de *.facebook.com 1
frame-ancestors 'self' https://secure.xsolla.com 1
default-src 'self' mta-sts.babai.ru www.babai.ru babai.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' mta-sts.babai.ru www.babai.ru babai.ru *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st https://*.yandex.ru https://www.googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com *.googleapis.com *.gstatic.com gstatic.com *.googlesyndication.com *.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com https://cdn.ampproject.org cdn.ampproject.org; frame-src 'self' mta-sts.babai.ru www.babai.ru babai.ru https://*.youtube-nocookie.com https://youtube-nocookie.com *.yandex.ru yandex.ru *.yandex.net yandex.st *.yandex.st https://*.yandex.ru *.googleapis.com *.gstatic.com gstatic.com https://www.googletagmanager.com https://*.googletagmanager.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net youtube.ru youtube.com *.youtube.ru *.youtube.com https://youtube.ru https://youtube.com https://*.youtube.ru https://*.youtube.com apis.google.com https://*.googleapis.com https://*.gstatic.com https://gstatic.com https://*.googlesyndication.com https://*.doubleclick.net https://apis.google.com https://cdn.ampproject.org cdn.ampproject.org; object-src 'self' *; img-src 'self' * data: * blob:; font-src 'self' * data:; connect-src 'self' *; media-src 'self' * data: * blob:; style-src 'unsafe-inline' 'unsafe-eval' 'self' *; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src 'self' data: https: http:; font-src 'self' data:; frame-ancestors 'self' https://www.cncdh.fr; 1
frame-src *.google.com *.googleadservices.com *.googlesyndication.com ad.doubleclick.net adclick.g.doubleclick.net bid.g.doubleclick.net cm.g.doubleclick.net googleads.g.doubleclick.net securepubads.g.doubleclick.net; 1
default-src 'self'  cdn.infiniteobjects.com fonts.gstatic.com; frame-src 'self' ipfs.io arweave.net *.arweave.net generator.artblocks.io generator-staging-goerli.artblocks.io generator-staging-sepolia.artblocks.io www.youtube.com www.youtube-nocookie.com verify.walletconnect.com proofxyz.mypinata.cloud *.crossmint.com; connect-src 'self' wss: nft-metadata.proof.art *.ingest.sentry.io wss://*.infura.io wss://*.walletlink.org wss://mainnet.era.zksync.io/ws wss://*.bridge.walletconnect.org registry.walletconnect.com wss://*.walletconnect.com *.walletconnect.com cloudflare-eth.com *.wallet.coinbase.com api.wallet.coinbase.com mainnet-infura.wallet.coinbase.com *.algolia.net *.algolianet.com generator.artblocks.io generator-staging-goerli.artblocks.io generator-staging-sepolia.artblocks.io media-proxy-staging.artblocks.io www.googletagmanager.com www.google-analytics.com storage.googleapis.com birdwatching.moonbirds.xyz *.infura.io *.g.alchemy.com *.alchemyapi.io *.infiniteobjects.com *.sandbox.infiniteobjects.com *.myshopify.com graphql.contentful.com goerli---entropyserver-prod-r6hwrvi3xa-uc.a.run.app mainnet---entropyserver-prod-r6hwrvi3xa-uc.a.run.app api.proof.xyz api.proofof.dev birdwatching.moonbirds.xyz api.proof.xyz *.mux.com inferred.litix.io ipfs.io studio.plasmic.app cdn.contentful.com *.crossmint.com arweave.net *.arweave.net; script-src 'self' 'unsafe-eval' www.googletagmanager.com 'unsafe-inline' *.infiniteobjects.com *.sandbox.infiniteobjects.com studio.plasmic.app; script-src-elem 'self' www.googletagmanager.com 'unsafe-inline' *.infiniteobjects.com *.sandbox.infiniteobjects.com studio.plasmic.app codegen.plasmic.app cdnjs.cloudflare.com/ajax/libs/p5.js/1.0.0/p5.min.js cdnjs.cloudflare.com/ajax/libs/babylonjs/5.0.0/babylon.js; style-src 'self' 'unsafe-inline' cdn.infiniteobjects.com fonts.googleapis.com studio.plasmic.app; img-src 'self' data: *.proof.xyz pbs.twimg.com live---metadata-5covpqijaa-uc.a.run.app lh3.googleusercontent.com cdn.infiniteobjects.com *.walletconnect.com www.googletagmanager.com cdn.discordapp.com proof-nft-image.imgix.net proof-nft-image-dev.imgix.net proof-xyz.imgix.net moonbirds.imgix.net moonbirds-oddities.imgix.net proof-collective.imgix.net lunar-society.imgix.net mythics-assets.imgix.net mythics-purchase.imgix.net mythics-purchase-dev.imgix.net images.ctfassets.net downloads.ctfassets.net *.mux.com i.ytimg.com placehold.co storage.googleapis.com studio.plasmic.app img.plasmic.app site-assets.plasmic.app www.crossmint.io www.crossmint.com arweave.net *.arweave.net; media-src 'self' data: cdn.infiniteobjects.com storage.googleapis.com proof-nft-image.imgix.net proof-nft-image-dev.imgix.net proof-xyz.imgix.net moonbirds.imgix.net moonbirds-oddities.imgix.net proof-collective.imgix.net lunar-society.imgix.net mythics-assets.imgix.net mythics-purchase.imgix.net mythics-purchase-dev.imgix.net proof.infura-ipfs.io assets.ctfassets.net videos.ctfassets.net *.mux.com blob: arweave.net *.arweave.net; worker-src 'self' blob:; form-action 'self'; frame-ancestors studio.plasmic.app 1
script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' *.google-analytics.com www.googletagmanager.com cdn.datatables.net browser-update.org; 1
frame-ancestors 'self' intranet.uniqa.hr www.24sata.hr m.24sata.hr showcase.24sata.hr www.index.hr index.hr www.telegram.hr telegram.hr 1
base-uri 'none'; default-src 'self'; style-src 'self' 'nonce-bf7c3baf017cfaf79a15697e1fe96a4e' static.sooqr.com cdn1.readspeaker.com fonts.googleapis.com f1-eu.readspeaker.com platform.hireserve.nl; font-src 'self' data: fonts.gstatic.com platform.hireserve.nl; img-src 'self' data: pixel.sooqr.com f1-eu.readspeaker.com i.ytimg.com maps.googleapis.com maps.gstatic.com 6006214.global.siteimproveanalytics.io platform.hireserve.nl; media-src 'self' app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com; script-src 'self' 'nonce-bf7c3baf017cfaf79a15697e1fe96a4e' static.sooqr.com dynamic.sooqr.com cdn1.readspeaker.com f1-eu.readspeaker.com platform.hireserve.nl; connect-src 'self' data: blob: app-eu.readspeaker.com rstts-eu.readspeaker.com docreader.readspeaker.com media-eu.readspeaker.com f1-eu.readspeaker.com www.youtube-nocookie.com cognito-identity.eu-central-1.amazonaws.com vttts-eu.readspeaker.com firehose.eu-central-1.amazonaws.com platform.hireserve.nl api.ats-platform.com maps.googleapis.com wrapi-eu.readspeaker.com; frame-src 'self' app-eu.readspeaker.com rstts-eu.readspeaker.com media-eu.readspeaker.com www.youtube-nocookie.com www.youtube.com www.google.com platform.hireserve.nl; frame-ancestors 'self'; form-action 'self' platform.hireserve.nl; 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data:; worker-src blob: 1
default-src 'self'; frame-ancestors 'self' *.10pearls.com 10pearls.applytojob.com *.greenhouse.io; font-src 'self' data: fonts.gstatic.com *.10pearls.com; img-src * data:; child-src 'self' 10pearls.applytojob.com *.greenhouse.io player.vimeo.com *.vimeo.com bid.g.doubleclick.net *.youtube.com; connect-src *;  style-src 'self' 'unsafe-inline' tagmanager.google.com *.googleapis.com *.cookiepro.com  *.cookielaw.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.greenhouse.io ajax.cloudflare.com *.cookiepro.com  *.cookielaw.org *.jquery.com *.hs-scripts.com *.workable.com *.10pearls.com *.10pearls.workable.com *.hs-banner.com *.hs-analytics.net *.hscollectedforms.net  *.hubspot.com *.onetrust.com tagmanager.google.com  www.googletagmanager.com cdn.addevent.com youtube.com *.youtube.com www.youtube.com player.vimeo.com *.vimeo.com *.vimeocdn.com *.google-analytics.com *.googleadservices.com googleads.g.doubleclick.net www.google.com *.mouseflow.com *.licdn.com *.leady.com *.clarity.ms *.leady.com *.inspectlet.com *.lfeeder.com *.cloudflareinsights.com https://cdnjs.cloudflare.com; 1
frame-ancestors 'self' https://*.stage-plus.com 1
default-src 'none'; script-src 'self' cdn.tremendous.com *.loginwithamazon.com api.digitaltorana.com 'unsafe-inline' *.go-mpulse.net; connect-src 'self' cdn.tremendous.com *.loginwithamazon.com api.digitaltorana.com *.go-mpulse.net *.akstat.io *.akamaihd.net *.browser-intake-datadoghq.com *.amazonaws.com; img-src * 'self' data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; base-uri 'self'; form-action 'self' cdn.tremendous.com; frame-ancestors *.tremendous.com *.digitaltorana.com *.choicepay.com; frame-src *.tremendous.com *.digitaltorana.com *.choicepay.com docs.google.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com data; 1
default-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' https://*; object-src 'self' data: blob: https://*; font-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline' 'self' https:; frame-src *; style-src * 'unsafe-inline'; 1
require-trusted-types-for 'script' 1
default-src 'self'; script-src 'self'  'nonce-og4on08wDt4XxhueXv0Eum/ja9730imuA258YCWJjWg=' id.gobugfree.com media.gobugfree.com gobugfree.cloudflareaccess.com ajax.cloudflare.com plausible.io; connect-src 'self' id.gobugfree.com media.gobugfree.com gobugfree.cloudflareaccess.com ajax.cloudflare.com plausible.io; manifest-src 'self' id.gobugfree.com media.gobugfree.com gobugfree.cloudflareaccess.com ajax.cloudflare.com plausible.io; img-src 'self' data: id.gobugfree.com media.gobugfree.com gobugfree.cloudflareaccess.com ajax.cloudflare.com plausible.io; style-src 'self' 'unsafe-inline'; font-src 'self' data:; object-src 'self'; form-action 'self' id.gobugfree.com media.gobugfree.com gobugfree.cloudflareaccess.com ajax.cloudflare.com plausible.io; base-uri 'none'; frame-src 'self' id.gobugfree.com media.gobugfree.com gobugfree.cloudflareaccess.com ajax.cloudflare.com plausible.io; frame-ancestors 'none'; 1
default-src https:; script-src https: 'unsafe-inline'; img-src https: data: 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-src 'self' www.openstreetmap.org; 1
default-src 'self' https://api.altrulabs.com https://c.talentplatform.us https://cdn.altrulabs.com https://cdn-us.altrulabs.com https://cdn.usefathom.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google-analytics.com https://www.googletagmanager.com https://*.juicer.io https://in.hotjar.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://kit.fontawesome.com https://stats.g.doubleclick.net https://usage.altrulabs.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io; font-src 'self' data: https://cdn.altrulabs.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://ka-f.fontawesome.com https://ka-p.fontawesome.com https://*.juicer.io https://use.fontawesome.com https://intellia.wpenginepowered.com; form-action 'self'; img-src * data:; frame-src 'self' https://app.altrulabs.com https://consentcdn.cookiebot.com https://www.google.com https://intellia-therapeutics.culturehq.com https://intelliatherapeutics.phenompeople.net https://player.vimeo.com https://snazzymaps.com https://vars.hotjar.com; media-src 'self' https://anchor.fm https://cdn.altrulabs.com https://d3ctxlq1ktw2nl.cloudfront.net https://download-video.akamaized.net https://player.vimeo.com https://vod-progressive.akamaized.net https://intellia.wpenginepowered.com; object-src 'none'; script-src 'unsafe-eval' 'unsafe-inline' blob: https://ajax.googleapis.com https://analytics.jibecdn.com https://*.juicer.io https://cdn.jsdelivr.net https://cdn.usefathom.com/script.js https://cdnjs.cloudflare.com https://cdn-bot.phenompeople.com https://code.jquery.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://d7pkvxpsevxsc.cloudfront.net https://dp3rlkyi9q6ww.cloudfront.net https://www.google-analytics.com https://kit.fontawesome.com https://script.hotjar.com https://static.hotjar.com https://widget.altrulabs.com https://intellia.wpenginepowered.com https://*.intelliatx.com https://intelliatx.com https://www.googletagmanager.com; style-src 'unsafe-inline' https://*.juicer.io https://cdn.jsdelivr.net https://cdn-bot.phenompeople.com https://fonts.googleapis.com https://kit.fontawesome.com https://use.fontawesome.com https://intellia.wpenginepowered.com https://*.intelliatx.com https://intelliatx.com; 1
default-src cdn.cookie-script.com 'self'; script-src cdn.polyfill.io cdn.cookie-script.com *.google-analytics.com *.googletagmanager.com cdnjs.cloudflare.com *.twitter.com *.twimg.com *.hubspot.com *.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com unpkg.com 'unsafe-eval' 'self' 'unsafe-inline'; style-src cdnjs.cloudflare.com fonts.googleapis.com 'self' 'unsafe-inline' ; font-src data: cdnjs.cloudflare.com fonts.gstatic.com 'self'; frame-src www.youtube.com *.twitter.com *.googletagmanager.com 'self'; img-src data: *.twimg.com *.twitter.com *.google-analytics.com *.googletagmanager.com www.gstatic.com *.hsforms.com *.hubspot.com 'self'; style-src-elem cdnjs.cloudflare.com hello.myfonts.net *.twitter.com *.twimg.com unpkg.com 'self' 'unsafe-inline'; connect-src consent.cookie-script.com *.google-analytics.com *.hubspot.com *.hubapi.com *.hscollectedforms.net 'self'; script-src-elem cdn.polyfill.io cdn.cookie-script.com *.googletagmanager.com cdnjs.cloudflare.com *.google-analytics.com *.twimg.com *.twitter.com *.hubspot.com *.hscollectedforms.net js.hsadspixel.net *.hs-scripts.com js.hs-banner.com js.hs-analytics.net forms.hsforms.com *.usemessages.com unpkg.com 'self' 'unsafe-inline'; report-uri https://dcvc.report-uri.com/r/d/csp/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.google.com fast.fonts.net az416426.vo.msecnd.net uksouth-1.in.applicationinsights.azure.com *.civiccomputing.com *.hotjar.com *.hotjar.io *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.vimeo.com *.youtube.com *.eurolandir.com *.euroland.com *.umbraco.com *.cloudflare.com *.azurewebsites.net *.comprend-test.com *.licdn.com *.linkedin.oribi.io *.linkedin.com *.azure.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: dbwas.service.deutschebahn.com flinkster.omq.de app.usercentrics.eu tags.tiqcdn.com tags.tiqcdn.cn tags-eu.tiqcdn.com assets.bahn-x.de www.gstatic.com https://www.gstatic.com www.google.com https://www.google.com *.payengine.de webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net; style-src 'self' 'unsafe-inline' webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net flinkster.omq.de; img-src 'self' data: *.tile.openstreetmap.org https://*.usercentrics.eu webstorage.frontend.dbconnect.net webstorage-prod.frontend.dbconnect.net flinkster.omq.de i.ytimg.com; 1
font-src 'self' https://static.qmsystems.de;frame-src 'self' ;frame-ancestors 'self';object-src 'none';style-src 'self' https://static.qmsystems.de 'unsafe-inline' https://www.openstreetmap.org;script-src 'self' https://static.qmsystems.de 'unsafe-inline' https://www.openstreetmap.org;worker-src 'self' https://static.qmsystems.de 'unsafe-inline' blob: data: 1
default-src *.smartsupp.com; style-src 'self' 'unsafe-inline' *.foxentry.cz *.foxentry.com *.typekit.net *.googleapis.com *.googletagmanager.com *.cloudflare.com *.luigisbox.com *.smartsuppcdn.com; img-src 'self' data: *.expedo.cz cdnjs.cloudflare.com *.googletagmanager.com *.pinterest.com *.maxcdn.com www.shopalike.hu *.privacysandbox.googleadservices.com www.heureka.cz www.googleadservices.com *.gstatic.com *.g.doubleclick.net *.heureka.sk www.google.com www.google.cz *.smartsuppcdn.com c.seznam.cz www.cis.cz maps.gstatic.com www.facebook.com *.googleapis.com *.typekit.net *.google-analytics.com *.googletagmanager.com im9.cz *.foxentry.cz *.foxentry.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.heureka.sk *.pinimg.com *.daktela.com *.clarity.ms *.google.com *.luigisbox.com *.favicdn.net *.cloudflare.com *.criteo.com *.gopay.com *.zbozi.cz im9.cz *.seznam.cz *.smartsuppchat.com *.smartsuppcdn.com login.dognet.sk *.g.doubleclick.net connect.facebook.net *.google-analytics.com *.googletagmanager.com www.googleadservices.com *.googleapis.com bianopixel.com pixel.biano.hu bianopixel.com www.shopalike.hu c.imedia.cz *.smartlook.com *.smartlook.cloud *.targito.expedo.hu *.targito.com *.cloudflare.com *.foxentry.cz *.foxentry.com; connect-src 'self' *.luigisbox.com *.daktela.com *.pinterest.com *.clarity.ms *.analytics.google.com *.google-analytics.com *.googleapis.com www.facebook.com *.bianopixel.com p.biano.hu partner-events.favi.hu *.g.doubleclick.net wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.smartlook.com *.smartlook.cloud *.targito.expedo.hu *.targito.com *.foxentry.cz *.foxentry.com *.cloudflare.com; font-src 'self' data: *.cloudflare.com *.gstatic.com *.smartsuppcdn.com *.luigisbox.com *.foxentry.cz *.foxentry.com; object-src 'self'; frame-ancestors 'self'; form-action 'self' maildemon.cis.cz gate.gopay.cz www.facebook.com/tr/ *.foxentry.cz *.foxentry.com; base-uri 'self'; frame-src 'self' *.gopay.cz *.gopay.com *.pinterest.com *.zbozi.cz *.google.com  maildemon.cis.cz *.youtube.com *.facebook.com *.heureka.sk *.foxentry.cz *.foxentry.com *.targito.com *.bubbleapps.io; worker-src blob: *.foxentry.cz *.foxentry.com 1
default-src 'self' *.msgfocus.com *.fontawesome.com https://placeimg.com https://digital.autocare.org https://autocarevip.com https://api.mapbox.com https://unpkg.com/ *.autocareadvocacy.org *apps.autocare.org *.hotjar.com *.addevent.com *.acsbapp.com https://cdn.acsbapp.com https://acsbapp.com https://static.elfsight.com*; script-src 'self' *.msgfocus.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net *.linkedin.com *.feathr.co apis.google.com https://snap.licdn.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://kit.fontawesome.com *.fontawesome.com https://placeimg.com *.youtube.com https://www.youtube-nocookie.com https://ka-p.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://unpkg.com https://creativecommons.org https://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js *.apps.autocare.org https://public.flourish.studio *.hotjar.com https://acsbapp.com https://extend.vimeocdn.com https://apps.autocare.org/iFrameResizer/iframeResizer.min.js https://apps.autocare.org/iFrameResizer/main.js *.autocareadvocacy.org *.addevent.com *acsbapp.com https://api.sessionboard.com https://2317e561535c460184fdf91c93698493.elf.site static.elfsight.com* https://events.rdmobile.com/Sessions/Remote/16207?speakerclickoption=None&version=2&token=kCEYmRGhEHZqBEUptu9QZHEHVjej4QpEdNGM1HQ5eCQ%3d; style-src 'self' *.msgfocus.com 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://placeimg.com https://www.autocare.org https://api.mapbox.com https://creativecommons.org https://unpkg.com https://apps.autocare.org/iFrameResizer/style.css https://kit.fontawesome.com/4c9f09c5bb.js *.autocareadvocacy.org *.hotjar.com *.acsbapp.com https://cdn.acsbapp.com https://acsbapp.com; font-src 'self' *.msgfocus.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com https://placeimg.com *.hotjar.com https://acsbapp.com https://cdn.acsbapp.com; img-src 'self' *.msgfocus.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com *.googletagmanager.com *.linkedin.com *.feathr.co *.adsrvr.org *.adsymptotic.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.fontawesome.com https://kit.fontawesome.com https://ka-p.fontawesome.com *.eloqua.com track.hubspot.com https://api.mapbox.com https://public.flourish.studio/resources/made_with_flourish.svg *.hotjar.com *.acsbapp.com https://acsbapp.com https://cdn.acsbapp.com picsum.photos *.picsum.photos; media-src 'self' *.msgfocus.com data: blob: *.fontawesome.com *.youtube.com https://kit.fontawesome.com/4c9f09c5bb.js; frame-src 'self' *.msgfocus.com *.vimeo.com *.youtube.com https://www.youtube-nocookie.com https://autocare.guerrillaeconomics.net https://autocare-test.guerrillaeconomics.net https://www.autocare.org https://www.google.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com https://www.autocare.org/externalapps/map/autocarecountries.js https://cdn.knightlab.com/libs/timeline3/latest/embed/index.html https://apps.autocare.org/DataTables/dataTable.html *apps.autocare.org *.autocareadvocacy.org https://sit.autocarevip.com/RepMatch https://kuula.co https://www.autocarevip.com/RepMatch https://flo.uri.sh https://survey.alchemer.com https://public.flourish.studio/resources/embed.js https://apps.autocare.org/DataTables/dataDictionary.html *.hotjar.com *.rdmobile.com https://apps.autocare.org/DataTables/persona.html *.hotjar.com *.addevent.com https://acsbapp.com https://13bae2c7b7ce4384818a2c0b74e79696.elf.site https://b784d8c6c9d04975b69af935906341fd.elf.site https://b784d8c6c9d04975b69af935906341fd.elf.site https://559000824b98482e97fae8f9e9caeba4.elf.site https://8267ded260854c8fbe7f4a29531d08f1.elf.site https://b77d2ad65b9b41a6b725b5f20db03ba1.elf.site https://6a4bebc2f9bb4eb2913883e440c0dce2.elf.site https://api.sessionboard.com https://*static.elfsight.com https://2317e561535c460184fdf91c93698493.elf.site https://events.rdmobile.com/Sessions/Remote/16207?speakerclickoption=None&version=2&token=kCEYmRGhEHZqBEUptu9QZHEHVjej4QpEdNGM1HQ5eCQ%3d; child-src 'self' *.msgfocus.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.fontawesome.com https://placeimg.com *.youtube.com https://www.youtube-nocookie.com https://ka-p.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com *.autocareadvocacy.org *.addevent.com https://acsbapp.com ; connect-src 'self' *.msgfocus.com accounts.google.com *.feathr.co *.doubleclick.net https://*.insight.sitefinity.com https://www.youtube-nocookie.com https://*.dec.sitefinity.com *.mktoresp.com *.fontawesome.com https://www.openstreetmap.org https://api.mapbox.com https://creativecommons.org https://unpkg.com *.autocareadvocacy.org https://autocarevip.com https://cdn.acsbapp.com *.hotjar.com *.addevent.com *.acsbapp.com https://acsbapp.com; 1
default-src 'self' 'unsafe-inline' *.ocbc.com *.iocbc.com; script-src 'self' 'unsafe-inline' *.iocbc.com *.ocbc.com  src.litix.io fast.wistia.net ssl.google-analytics.com *.google-analytics.com *.googletagmanager.com fast.wistia.com src.litix.io fast.wistia.net pipedream.wistia.com distillery.wistia.com fg8vvsvnieiv3ej16jby.litix.io embed.wistia.com cdn.flipsnack.com embedwistia-a.akamaihd.net *.adobedtm.com *.licdn.com *.googleadservices.com *.facebook.net *.outbrain.com *.youtube.com *.googleapis.com *.doubleclick.net *.sqreemtech.com  *.qualtrics.com *.adobedc.net *.api.marketanalyst.co https://api.marketanalyst.co data:;font-src * data:; connect-src 'self' *.google-analytics.com *.doubleclick.net *.demdex.net *.sqreemtech.com  *.qualtrics.com *.adobedc.net *.api.marketanalyst.co https://api.marketanalyst.co; media-src * blob:; img-src * data:; frame-src 'self' cdn.flipsnack.com *.iocbc.com *.ocbc.com fast.wistia.com cdn.flipsnack.com *.doubleclick.net *.sqreemtech.com  *.qualtrics.com *.youtube.com; 1
font-src fonts.gstatic.com fonts.googleapis.com data: cdn.jotform.ms cdn.jotfor.ms *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.jotform.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.bolt.com self inline *.barstooldesigns.com *.brandsourcetest.ca stoolscanada.com *.stoolscanada.com stoolscanada.ca *.stoolscanada.ca *.rwsgateway.com *.myfamilyfurniture.net *.sitesfix8media.com sitesfix8media.com *.mooradians.com mooradians.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net www.googletagmanager.com *.youtube.com *.youtube-nocookie.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ *.google.com esqa.moneris.com www3.moneris.com lead-widget.gtrsuite.io data: youtube.com www.youtube.com vimeo.com api.amisco.pixistudio.com prod2.amisco.pixistudio.com staging.amisco.pixistudio.com google.com www.google.com www.gstatic.com *.jotform.com *.facebook.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.gstatic.com *.google.com *.googleusercontent.com maps.googleapis.com https://*.cookielaw.org maps.gstatic.com www.maps.gstatic.com developers.google.com ssl.gstatic.com www.davinci.tools cdn.jotfor.ms *.jotform.com facebook.com *.facebook.com *.hsforms.net *.hsforms.com 'self' data: data: 'self' 'unsafe-inline'; script-src geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.gstatic.com *.google.com *.ggpht.com *.googleusercontent.com esqa.moneris.com www3.moneris.com maps.googleapis.com developers.google.com lead-widget.gtrsuite.io https://*.cookielaw.org data: js-agent.newrelic.com youtube.com www.youtube.com google.com www.google.com https://ajax.googleapis.com www.gstatic.com bam.nr-data.net tagmanager.google.com *.jotform.com *.jotform.ms *.jotfor.ms cdnjs.cloudflare.com bam-cell.nr-data.net *.facebook.net *.facebook.com *.hsforms.net *.hsforms.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src fonts.googleapis.com tagmanager.google.com *.jotfor.ms *.jotform.ms *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com *.bolt.com *.googleapis.com *.gstatic.com *.google.com https://*.cookielaw.org https://*.onetrust.com bam.nr-data.net *.jotform.com bam-cell.nr-data.net *.facebook.com t.elasticsuite.io *.hsforms.net *.hsforms.com *.google-analytics.com 'self' 'unsafe-inline'; child-src blob: http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors https://app.safe.global https://*.blockscout.com 1
default-src *; connect-src  *; font-src 'self'; frame-src https://* http://* *; img-src https://* http://* * data:; object-src 'self'; script-src 'nonce-IC4ia5gXqjNasKB2Pbv/Iu5T' 'self' https://* http://* * 'unsafe-inline' 'report-sample'; style-src * https://* http://* * 'unsafe-inline'; 1
default-src https://maps.googleapis.com/ https://m.clarity.ms https://www.clarity.ms https://analytics.google.com/ https://stats.g.doubleclick.net/ www.google-analytics.com 'self' https://apify-private.epayco.co https://secure.epayco.co; img-src https://maps.googleapis.com/ https://maps.gstatic.com/ https://www.google.com.co/ https://www.google.com/ https://googleads.g.doubleclick.net/ www.google-analytics.com www.gstatic.com 'self' data: https://a.tile.openstreetmap.org/ https://b.tile.openstreetmap.org/ https://c.tile.openstreetmap.org/; script-src 'self' https://maps.googleapis.com/ https://ajax.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.clarity.ms https://www.googletagmanager.com http://www.google.com https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googleadservices.com/ https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/ https://checkout.epayco.co 'unsafe-inline' 'unsafe-eval' https://unpkg.com/; style-src 'self' https://stackpath.bootstrapcdn.com/ https://fonts.googleapis.com/ 'unsafe-inline' fonts.googleapis.com https://unpkg.com/; frame-src https://www.google.com/recaptcha/ 'self' https://www.youtube.com/ https://checkout.epayco.co https://apify-private.epayco.co https://secure.epayco.co; frame-ancestors 'self' https://www.google.com/recaptcha/; base-uri 'self'; form-action 'self'; font-src 'self' https://fonts.gstatic.com/; object-src 'self' blob:; 1
frame-ancestors 'self' *.userway.org 1
frame-ancestors 'self' https://flschat.eastus.cloudapp.azure.com;block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.clarity.ms https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.cloudapp.azure.com https://*.google.com https://ajax.googleapis.com https://content.linkedin.com https://connect.facebook.net https://code.jquery.com https://cdn.jsdelivr.net https://f.vimeocdn.com https://forms.hsforms.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://js.hsforms.net https://js.hscollectedforms.net https://js.hs-analytics.net https://js.usemessages.com https://js.hubspotfeedback.com https://js.hsadspixel.net https://js.hs-banner.com https://js.hsleadflows.net https://js-na1.hs-scripts.com https://js.hs-scripts.com https://ml314.com https://platform.linkedin.com https://player.vimeo.com https://static-exp1.licdn.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://tagmanager.google.com https://www.vimeo.com https://www.googleoptimize.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com *.licdn.com ajax.googleapis.com code.jquery.com cdn.jsdelivr.net fonts.googleapis.com www.googletagmanager.com;object-src *.googlesyndication.com;child-src 'self' blob: *.vimeo.com *.google.com *.doubleclick.net *.googlesyndication.com www.youtube.com *.facebook.com flschat.eastus.cloudapp.azure.com app.hubspot.com connect.facebook.net forms.hsforms.com js.usemessages.com js.hscollectedforms.net js.hsadspixel.net vimeo.com www.googletagmanager.com;base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net forms.hubspot.com forms.hsforms.com;worker-src 'self' blob: www.google.com 1
default-src https: 'unsafe-eval' 'unsafe-inline' wss://*.hotjar.com *.hotjar.com data:;img-src * data: blob:; connect-src 'self' wss://*.hotjar.com *.hotjar.com *.hotjar.io *.addthis.com  lydia-app.com *.lydia-app.com *.openstreetmap.org maps.googleapis.com *.analytics.google.com *.google-analytics.com *.gstatic.com *.hcaptcha.com *.facebook.com *.raygun.io wss://*.crisp.chat *.cometchat.io *.api-eu.cometchat.io *.widget-eu.cometchat.io wss://*.websocket-eu.cometchat.io https://app   ; object-src 'self' https://www.youtube.com https://www.dailymotion.com; frame-ancestors 'self' ; base-uri https://aege.fr/; form-action 'self' https://login.microsoftonline.com/ https://aege.rpxnow.com https://preprod-tpeweb.e-transactions.fr/ https://tpeweb.e-transactions.fr/ https://paiement.creditmutuel.fr https://systempay.cyberpluspaiement.com https://payment-webinit-mercanet.test.sips-atos.com/paymentInit https://payment-webinit-mercanet.test.sips-services.com/paymentInit https://payment-webinit.mercanet.bnpparibas.net/paymentInit https://old.pta.netanswer.fr https://www.paristech-alumni.org https://www.wats4u.com https://wats4u.com https://wats4u.com.alumnforce.org http://manageurs.mjb.lan https://manageurs.mjr1108.com https://www.xmp-consult.org https://tpeweb.paybox.com   https://dev.oauth2-tester.netanswer.fr/ https://keycloak.aege.fr/ https://*.aege.fr/ https://*.aege.info/ 1
upgrade-insecure-requests; script-src 'strict-dynamic' 'nonce-+2EsnhmFEdq9BVMHHjLzfA=='; 1
default-src             'self' aj-mm.de *.aj-mm.de *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net *.google-analytics.com *.analytics.google.com             www.facebook.com https://stats.g.doubleclick.net https://pi.pardot.com https://a.visitorqueue.com;         style-src             'self' 'unsafe-inline' aj-mm.de *.aj-mm.de aj-matomo-int1.mm-df1.net *.mm-rh3.net *.googleapis.com *.google.com             https://analytik-jena.ladesk.com             *.ytimg.com *.analytik-jena.com *.analytik-jena.de;         img-src             'self' data: *.ytimg.com *.google-analytics.com *.gstatic.com yt3.ggpht.com *.googletagmanager.com             www.facebook.com *.mm-df1.net *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de *.aj.local aj.local             aj-mm.de *.aj-mm.de https://a.visitorqueue.com https://px.ads.linkedin.com https://www.linkedin.com             https://analytik-jena.ladesk.com https://www.google.com https://www.google.de https://googleads.g.doubleclick.net             userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com userlike-store-media-files.s3.amazonaws.com i.ytimg.com;         script-src             'self' 'unsafe-inline' 'unsafe-eval' aj-mm.de *.aj-mm.de *.youtube.com *.ytimg.com *.google.com             *.google-analytics.com *.googletagmanager.com connect.facebook.net *.mm-df1.net *.mm-rh3.net             *.analytik-jena.com *.analytik-jena.de *.aj.local aj.local aj-upgrade.local https://pi.pardot.com             https://tracker.analytik-jena.com https://analytik-jena.ladesk.com             api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net             https://t.visitorqueue.com https://snap.licdn.com https://www.googleadservices.com;         font-src             'self' aj-matomo-int1.mm-df1.net *.gstatic.com *.mm-rh3.net *.analytik-jena.com *.analytik-jena.de             https://analytik-jena.ladesk.com userlike-cdn-umm.b-cdn.net fonts.gstatic.com;         frame-src             'self' *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net www.youtube-nocookie.com player.vimeo.com www.facebook.com www.youtube.com player.vimeo.com             api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-umm.b-cdn.net;         connect-src             'self' data: blob: *.analytik-jena.com *.analytik-jena.de *.mm-rh3.net             https://www.facebook.com *.google-analytics.com *.analytics.google.com https://cdn.linkedin.oribi.io             https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com https://userlike-cdn-umm.b-cdn.net https://api.userlike.com             https://www.userlike.com https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com wss://umd.userlike.com             umd.userlike.com api.userlike.com userlike-cdn-web.b-cdn.net www.userlike.com             https://tracker.analytik-jena.com https://analytik-jena.ladesk.com             https://stats.g.doubleclick.net https://pi.pardot.com https://a.visitorqueue.com;         worker-src             blob: 1
frame-ancestors 'self'; script-src 'unsafe-inline' https://www.klinikumdo.de https://statistik.klinikumdo.de; object-src 'none'; img-src 'self' data:; 1
font-src *.klarnacdn.net *.fontawesome.com *.mt66.de *.gstatic.com 'self' data: https://widgets.trustedshops.com https://integrations.etrusted.com *.typekit.net *.twimg.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.cleverreach.com *.mt66.de *.twitter.com www.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com player.vimeo.com https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com https://www.googletagmanager.com/ *.meetanshi.com *.cloudflare.com *.mt66.de 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.vimeocdn.com i.ytimg.com *.youtube.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.cloudfront.net https://cdn.consentmanager.net https://delivery.consentmanager.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnaevt.com *.klarnacdn.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com *.cloudflare.com *.mt66.de *.cloudflare.net *.optimonk.com *.koongo.com www.google.com.ua https://widgets.trustedshops.com https://integrations.etrusted.com *.googleadservices.com *.twimg.com *.ytimg.com *.usercentrics.eu *.bing.com *.google.com *.google.com.vn *.google.com.de data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com *.sharethis.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.googleapis.com *.gstatic.com https://cdn.consentmanager.net https://delivery.consentmanager.net jquery.sellxed.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarna.com *.klarnacdn.net *.klarnaservices.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.meetanshi.com *.cloudflare.com *.mt66.de *.optimonk.com https://widgets.trustedshops.com https://integrations.etrusted.com *.usercentrics.eu *.fontawesome.com *.bing.com *.googlesyndication.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.sharethis.com *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.mt66.de cdnjs.cloudflare.com/ajax/libs/highlight.js/9.3.0/styles/darkula.min.css *.googleapis.com *.gstatic.com https://widgets.trustedshops.com https://integrations.etrusted.com *.twimg.com *.typekit.net *.usercentrics.eu 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src https://cdn.consentmanager.net https://delivery.consentmanager.net http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de https://cdn.consentmanager.net https://delivery.consentmanager.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.meetanshi.com *.cloudflare.com *.mt66.de *.optimonk.com *.koongo.com t.elasticsuite.io *.google-analytics.com *.trustedshops.com *.etrusted.com *.twimg.com *.usercentrics.eu www.google.com googleads.g.doubleclick.net *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.mt66.de/; report-to report-endpoint; 1
default-src 'self' statics.banksampoerna.com storage.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com statics.banksampoerna.com storage.googleapis.com; connect-src 'self' www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' storage.googleapis.com statics.banksampoerna.com www.google.com www.googletagmanager.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com storage.googleapis.com statics.banksampoerna.com; frame-src 'self' www.google.com www.youtube.com; img-src 'self' data: storage.googleapis.com statics.banksampoerna.com www.googletagmanager.com; 1
default-src 'self'; script-src 'unsafe-inline' 'self' 'unsafe-eval' www.googletagmanager.com cdnjs.cloudflare.com *.googleadservices.com googleads.g.doubleclick.net  *.google.com *.gstatic.com js-agent.newrelic.com bam.nr-data.net *.googleapis.com msig.zumata.com https://cdn.rawgit.com http://tagmanager.google.com www.recaptcha.net d16fk4ms6rqz1v.cloudfront.net s.salecycle.com connect.facebook.net msig-web-chat-plugin.zumata.com cdn.polyfill.io *.sqreem.com *.adsrvr.org cdn-akamai.mookie1.com tags.tiqcdn.com embed.typeform.com *.addthis.com *.zalo.me *.addthisedge.com *.moatads.com *.zaloapp.com *.amgdgt.com *.jsdelivr.net *.google-analytics.com *.fontawesome.com chat.msig.pand.ai *.accesstra.de *.mookie1.com *.facebook.net https://javascript.browser.wasscan.tenable/dom_monitor.js *.api.here.com *.moobidesk.com *.manychat.com *.zdn.vn mccdn.me sp.zalo.me *.tiktok.com *.outbrain.com *.stackadapt.com *.hotjar.com *.google.com.my *.quantcount.com *.quantserve.com *.turn.com https://cdn.dedoco.com/sentinel/sentinel-browser.sdk.min.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com msig.zumata.com https://cdn.rawgit.com staging-msig.zumata.com http://tagmanager.google.com s.salecycle.com *.turn.com *.sqreemtech.com *.sqreem.com *.xerevo.com *.adsrvr.org *.fontawesome.com *.msig.pand.ai chat.msig.pand.ai *.moobidesk.com https://tags.srv.stackadapt.com/sa.css *.google.com *.google.com.my; img-src 'unsafe-inline' 'self' data: www.google-analytics.com *.doubleclick.net www.google.co.in maps.gstatic.com maps.googleapis.com msig.zumata.com http://tagmanager.google.com s.salecycle.com *.cloudfront.net www.facebook.com msig-web-chat-plugin.zumata.com *.turn.com *.google.com *.google.com.sg *.amgdgt.com *.zalo.me *.appspot.com *.gstatic.com msig-mae-dev.s3-ap-southeast-1.amazonaws.com msig-mae-poc.s3-ap-southeast-1.amazonaws.com *.msig.pand.ai *.adsrvr.org *.googletagmanager.com https://chat.msig.pand.ai/msig-logo.png https://chat.msig.pand.ai/msigbrandcurve.png https://chat.msig.pand.ai/msig.gif https://chat.msig.pand.ai/header_icon_fit.png *.google.com.ph *.moobidesk.com *.google.com.my *.quantcount.com *.quantserve.com; frame-src 'self' *.youtube.com *.zalo.me www.google.com bid.g.doubleclick.net http://tagmanager.google.com s.salecycle.com *.fls.doubleclick.net tags.tiqcdn.com  form.typeform.com *.addthis.com *.zscaler.net *.cloudfront.net *.moobidesk.com *.typeform.com https://googleads.g.doubleclick.net/ https://www.facebook.com/ https://td.doubleclick.net/ *.google.com.my; font-src 'self' cdnjs.cloudflare.com data: fonts.gstatic.com *.cloudfront.net *.fontawesome.com chat.msig.pand.ai *.google.com.my; connect-src 'self' browser.pipe.aria.microsoft.com *.zalo.me www.google-analytics.com www.google.co.in http://tagmanager.google.com staging-msig.zumata.com msig.zumata.com *.salecycle.com *.doubleclick.net wss://msig-web-chat-plugin.zumata.com msig-web-chat-plugin.zumata.com console.turn.com *.sqreemtech.com *.sqreem.com *.xerevo.com *.adsrvr.org *.addthis.com *.nr-data.net *.fontawesome.com wss://gw.msig.pand.ai/msig/ws *.google.com *.google.com.sg *.search.hereapi.com *.moobidesk.com *.googleapis.com manychat.com maps.googleapis.com https://analytics.tiktok.com/api/v2/pixel/act https://analytics.tiktok.com/api/v2/pixel  *.outbrain.com *.tiktok.com *.stackadapt.com *.googlesyndication.com *.google.com.my *.quantcount.com *.quantserve.com demail-api.stage.dedoco.com; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' https://sdk.privacy-center.org/ https://popups.landingi.com https://scripts.assets-landingi.com https://www.gstatic.com https://www.googletagmanager.com https://use.typekit.net/ https://www.google.com/recaptcha/api.js https://region1.google-analytics.com/ https://grupoanaya.es/; script-src 'self' https://sdk.privacy-center.org/ https://popups.landingi.com https://scripts.assets-landingi.com https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://region1.google-analytics.com/ https://grupoanaya.es/; style-src 'self' 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; img-src * data: 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; connect-src * 'unsafe-inline'; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 1
script-src 'unsafe-eval' sf16-website-login.neutral.ttwstatic.com s20.tiktokcdn.com *.tiktokcdn-us.com www.google.com recaptcha.google.com js.hcaptcha.com client-api.arkoselabs.com www.gstatic.com connect.facebook.net; frame-src *.tiktok.com accounts.google.com www.google.com recaptcha.google.com www.facebook.com *.kakao.com lf16-web.tiktokcdn.com assets.braintreegateway.com appleid.apple.com access.line.me api.twitter.com h.online-metrix.net bytedance: newassets.hcaptcha.com client-api.arkoselabs.com; worker-src https: blob:; frame-ancestors tea-va.bytedance.net www.tiktok.com; report-uri https://mon.us.tiktokv.com/monitor_browser/collect/batch/security/?bid=tiktok_pns&revision=7cd91960-f12e-43d1-a796-2bf5555f66fe; default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: bytedance: data: wss://*.tiktok.com wss://*.tiktokv.com wss://*.tiktokv.eu wss://tiktok.com wss://tiktokv.com *.adsintegrity.net *.akamaized.net *.amazonaws.com *.bing.com *.bitssec.com *.braintree-api.com *.braintreegateway.com *.bytedapm.com *.bytedgame.com *.bytehwm-row.com *.byteicdn.com *.byteintl.com *.byteintl.net *.byteintlapi.com *.byteintlstatic.com *.bytelemon.com *.byteoversea.com *.byteoversea.net *.bytevcloudapi.com *.capcut.com *.cloudflare.com *.ctfassets.net *.doubleclick.net *.evbuc.com *.eventim.de *.facebook.com *.facebook.net *.fbsbx.com *.fcdnstatic-intl.com *.fdmstatic.com *.g-p-static.com *.gauthmath.com *.goofy-cdn.com *.goofy.app *.google-analytics.com *.google.ae *.google.ca *.google.ci *.google.co.bw *.google.co.id *.google.co.il *.google.co.jp *.google.co.kr *.google.co.ma *.google.co.nz *.google.co.uk *.google.co.ve *.google.com *.google.com.br *.google.com.co *.google.com.eg *.google.com.kh *.google.com.mt *.google.com.ng *.google.com.pe *.google.com.ph *.google.com.pk *.google.com.pr *.google.com.sa *.google.com.tr *.google.com.vn *.google.de *.google.dz *.google.fr *.google.ge *.google.ht *.google.it *.google.me *.google.nl *.google.pl *.google.pt *.google.ru *.google.se *.googleadservices.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.hsforms.com *.hsforms.net *.ibytedtos.com *.ibyteimg.com *.isnssdk.com *.jumio.ai *.kakao.com *.lemon8-app.com *.lemon8cdn.com *.licdn.com *.linkedin.com *.midtrans.com *.muscdn.com *.musical.ly *.oecstatic.com *.omise.co *.pangle-ads.com *.paypal.com *.pipopay.com *.pipopayment.us *.redditstatic.com *.resso.me *.sgsnssdk.com *.soundon.global *.tableau.com *.tiktok-row.net *.tiktok.com *.tiktok.ru *.tiktok.vn *.tiktokapis.com *.tiktokcdn-eu.com *.tiktokcdn-in.com *.tiktokcdn-us.com *.tiktokcdn.com *.tiktokcreativeone.com *.tiktokforbusinessoutbound.com *.tiktokglobalshop.com *.tiktokmusic.me *.tiktokshop.com *.tiktokstaticb.com *.tiktokus.info *.tiktokv.com *.tiktokv.eu *.tiktokv.us *.tiktokw.eu *.tiktokw.us *.topbuzzcdn.com *.ttlivecdn.com *.ttlstatic.com *.ttwstatic.com *.vimeo.com *.vodupload.com *.yahoo.co.jp *.yhgfb-static.com *.youtube-nocookie.com *.zhiliaoapp.com code.jquery.com facebook.com google.com i.ticketweb.com images.universe.com media.ticketmaster.eu res.cloudinary.com s1.ticketm.net static-label.frontgatetickets.com t.co tikitoks.com tiktok.com tiktok.ua tiktok.vn tiktokfollowersfree.com tiktokv.com unpkg.com vimeo.com; upgrade-insecure-requests ; report-to csp-endpoint 1
frame-ancestors 'self' viewer.ipaper.io https://*.eva.ua; 1
default-src 'self'; script-src 'self' https://apis.google.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src * data: blob:; frame-src https://www.google.com/recaptcha/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: data: blob: wss:; worker-src * blob:; frame-ancestors 'self' localhost:* *.gotakanal.se gotakanal.se; report-uri https://www.gotakanal.se/sv/report-uri/enforce 1
frame-ancestors https://*.builder.io https://builder.io http://localhost:3000 http://localhost:9009 https://*.brunnerworks.com https://*.vercel.app 1
frame-ancestors 'Self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.clarity.ms https://cc.cdn.civiccomputing.com https://www.gstatic.com https://www.googleadservices.com https://www.google.com https://cdn.cookielaw.org/scripttemplates/ https://maps.googleapis.com https://maps.google.com https://www.google-analytics.com https://cdn.syndication.twimg.com https://*.twitter.com https://*.facebook.net https://static.cloudflareinsights.com https://www.googletagmanager.com; default-src https: 'unsafe-inline' 'self' data: https://www.googletagmanager.com https://*.typekit.net https://*.cloudfront.net  https://stats.g.doubleclick.net https://*.cloudflareinsights.com ; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://www.google.com/recaptcha/api.js https://www.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com code.jquery.com analytics.clickdimensions.com use.typekit.net *.clarity.ms d1l6p2sc9645hc.cloudfront.net https://www.clarity.ms/tag/55etgeiru6 data2.gosquared.com chat.gosquared.com data.gosquared.com maps.googleapis.com https://www.googletagmanager.com/gtm.js https://ws.zoominfo.com/pixel/626321488a50a40012f52f07 http://web.valin.com https://secure.east2pony.com/js/263140.js https://secure.east2pony.com/Track/Capture.aspx https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.google.com/recaptcha/api.js https://www.googletagmanager.com https://www.google-analytics.com/analytics.js; style-src 'self' 'unsafe-inline' 'unsafe-eval' *; img-src 'self' data: *; report-uri /report-csp-violation 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://vercel.live https://www.google-analytics.com/analytics.js https://www.googletagmanager.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com; connect-src 'self' https://content.sunrice.com.au https://vitals.vercel-analytics.com https://vercel.live https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com; font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; img-src 'self' data: blob: https://sunrice-strapi4-images.s3.ap-southeast-2.amazonaws.com https://analytics.google.com https://www.google-analytics.com https://www.googletagmanager.com; media-src 'self' https://sunrice-strapi4-images.s3.ap-southeast-2.amazonaws.com; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; frame-src 'self' https://www.youtube-nocookie.com https://player.vimeo.com https://form.formcan.com https://vercel.live; 1
default-src 'self';script-src 'self' 'unsafe-eval' *.gralmedical.ro https://assets.privy.com www.oncofort.ro www.gstatic.com www.google.com cdn.ckeditor.com https://cdn.cookie-script.com googleads.g.doubleclick.net maps.googleapis.com www.googleadservices.com region1.google-analytics.com td.doubleclick.net pagead2.googlesyndication.com www.googletagmanager.com connect.facebook.net www.google-analytics.com code.jquery.com cdn.jsdelivr.net cdnjs.cloudflare.com https://intl-tel-input.com/node_modules/intl-tel-input/build/js/intlTelInput.js https://intl-tel-input.com/node_modules/intl-tel-input/build/js/utils.js assets.privy.com/packs/js/* static.hotjar.com script.hotjar.com widget.privy.com/assets/widget.js data: 'unsafe-inline'; style-src 'self' *.gralmedical.ro www.oncofort.ro cdn.ckeditor.com cdnjs.cloudflare.com https://assets.privy.com fonts.googleapis.com https://intl-tel-input.com/node_modules/intl-tel-input/build/css/intlTelInput.css cdn.jsdelivr.net code.jquery.com pro.fontawesome.com data: 'unsafe-inline'; font-src 'self' *.gralmedical.ro www.oncofort.ro fonts.gstatic.com pro.fontawesome.com cdnjs.cloudflare.com data: 'unsafe-inline'; frame-src 'self' *.gralmedical.ro www.oncofort.ro td.doubleclick.net  www.google.com vars.hotjar.com www.facebook.com https://youtu.be www.youtube.com data: 'unsafe-inline'; connect-src 'self' *.gralmedical.ro www.oncofort.ro https://googleads.g.doubleclick.net https://events.privy.com https://www.google.com stats.g.doubleclick.net www.googletagmanager.com pagead2.googlesyndication.com region1.google-analytics.com https://api.privy.com region1.analytics.google.com *.hotjar.io api.privy.com/businesses/73AF5C0EF75716E12208D320/campaigns.json wss://*.hotjar.com wss://ws23.hotjar.com/api/v2/client/ws ws23.hotjar.com wss://ws28.hotjar.com *.hotjar.com maps.googleapis.com www.google-analytics.com in.hotjar.com data: 'unsafe-inline'; img-src 'self' *.gralmedical.ro https://gralmedical.ro www.oncofort.ro https://assets.privy.com https://events.privy.com cdnjs.cloudflare.com www.facebook.com www.google.com https://intl-tel-input.com/node_modules/intl-tel-input/build/img/flags.png www.google.ro cdn.ckeditor.com www.gralmedical.ro www.google-analytics.com maps.googleapis.com code.jquery.com maps.gstatic.com img.youtube.com i.ytimg.com www.googletagmanager.com googleads.g.doubleclick.net via.placeholder.com lh3.ggpht.com cbks0.googleapis.com geo0.ggpht.com khms1.googleapis.com khms0.googleapis.com *.ggpht.com stage.gral.develop.eiddew.com blob: 'self' data: 'unsafe-inline';object-src blob: ; 1
default-src 'self' *.dev-vynetrellis.com dev-vynetrellis.com *.dev-rpractice.com dev-rpractice.com; child-src 'self' blob: *.pendo.io dev-vynetrellis.com *.dev-vynetrellis.com; worker-src 'self' blob:; connect-src 'self' blob: wss://*.dev-vynetrellis.com wss://dev-vynetrellis.com *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com *.dev-vynetrellis.com dev-vynetrellis.com *.hellopearl.com *.mouseflow.com; font-src 'self' data: *.gstatic.com *.typekit.net; form-action 'self'; frame-ancestors 'self' *.dev-vynetrellis.com dev-vynetrellis.com *.dev-rpractice.com dev-rpractice.com *.pendo.io; frame-src 'self' *.dev-vynetrellis.com dev-vynetrellis.com previewapp.dev-vynetrellis.com *.pendo.io; img-src 'self' *.vynetrellis.com blob: data: *.dev-vynetrellis.com dev-vynetrellis.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.g.doubleclick.net *.google.com *.gstatic.com *.googletagmanager.com *.amazonaws.com *.typekit.net *.transnox.com *.cloudflare.com *.nsit-pass.com *.transit-pass.com *.nea-fast.com *.sentry.io *.launchdarkly.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com pendo-io-static.storage.googleapis.com *.hellopearl.com *.mouseflow.com; style-src 'self' 'unsafe-inline' *.dev-vynetrellis.com dev-vynetrellis.com *.pendo.io pendo-static-5718982910148608.storage.googleapis.com fonts.googleapis.com *.typekit.net; 1
script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; frame-ancestors 'self'; base-uri 'self'; object-src 'none'; form-action 'self' https://crm.zoho.eu/crm/WebToLeadForm 1
report-uri https://exium.net 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://douchi.space; img-src 'self' https: data: blob: https://douchi.space; style-src 'self' https://douchi.space 'nonce-SGA69Ff2qbzqJyLW/66QKw=='; media-src 'self' https: data: https://douchi.space; frame-src 'self' https:; manifest-src 'self' https://douchi.space; form-action 'self'; child-src 'self' blob: https://douchi.space; worker-src 'self' blob: https://douchi.space; connect-src 'self' data: blob: https://douchi.space https://media.douchi.space wss://douchi.space; script-src 'self' https://douchi.space 'wasm-unsafe-eval' 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; img-src * data: 'self' https:; frame-ancestors *; 1
default-src https: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: https:; object-src 'none'; connect-src https: wss:; script-src 'unsafe-inline' https: 'unsafe-eval'; worker-src 'self' blob:; upgrade-insecure-requests; block-all-mixed-content; media-src 'self' blob: data: https:; font-src 'self' data: https://use.typekit.net https://cdnjs.cloudflare.com https://fonts.gstatic.com; base-uri 'none'; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-NmVjYzE3NjJlNDBmNGZjNGI3OTU3ODBjZjQ0NzAzYjE=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rdi.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.rdi.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rdi.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' https://epjmj2023blob-dbg3a9bra3dhdpe6.z01.azurefd.net https://epjmj2023qablob-gmehapawbmdqb2cb.z01.azurefd.net 'nonce-/cPGyQy7FlWiSBKOdK63tIzKBMhsAnBpL8+rQYNm3Qg='; img-src 'self' data: https://i.ytimg.com https://img.youtube.com https://*.googletagmanager.com https://www.google-analytics.com https://epjmj2023blob-dbg3a9bra3dhdpe6.z01.azurefd.net https://epjmj2023qablob-gmehapawbmdqb2cb.z01.azurefd.net https://tile.openstreetmap.org/ https://rd3.videos.sapo.pt https://cache09.stormap.sapo.pt https://i.vimeocdn.com 'nonce-/cPGyQy7FlWiSBKOdK63tIzKBMhsAnBpL8+rQYNm3Qg='; script-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.googletagmanager.com https://player.vimeo.com 'nonce-/cPGyQy7FlWiSBKOdK63tIzKBMhsAnBpL8+rQYNm3Qg='; script-src-elem 'self' https://www.youtube.com https://www.youtube-nocookie.com https://*.googletagmanager.com https://*.google-analytics.com https://player.vimeo.com 'nonce-/cPGyQy7FlWiSBKOdK63tIzKBMhsAnBpL8+rQYNm3Qg='; style-src 'self' 'unsafe-inline' data:; frame-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://w.soundcloud.com https://player.vimeo.com https://rd3.videos.sapo.pt https://players.brightcove.net 'nonce-/cPGyQy7FlWiSBKOdK63tIzKBMhsAnBpL8+rQYNm3Qg='; font-src 'self' data: 'nonce-/cPGyQy7FlWiSBKOdK63tIzKBMhsAnBpL8+rQYNm3Qg='; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://qa-jmj-dotnet-api.jollysea-557f070c.westeurope.azurecontainerapps.io https://jmj2023.meoempresas.pt 'nonce-/cPGyQy7FlWiSBKOdK63tIzKBMhsAnBpL8+rQYNm3Qg='; upgrade-insecure-requests; 1
default-src 'none';base-uri 'none';manifest-src 'self';script-src 'nonce-c0RrMDZZRWVJMHJYdmVPU2pSQ3FsbVo5OGhHWFJ3NVY5aVRzMGNieUFhcz06ZzNGeXB0WkdUUTZpOXBQUTdHVHMrRjRJdm5uRUUyME13MTZ0NDZtblZPST0=';style-src 'self' 'unsafe-inline';img-src 'self' data: blob: https://janian.de;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self' nc: https://janian.de;frame-ancestors 'self' https://janian.de;form-action 'self' https://janian.de 1
frame-ancestors *.bcn.gob.ar 1
default-src 'self' https://*.readspeaker.com ; connect-src 'self' https://*.readspeaker.com ; font-src 'self' data: ; script-src 'self' https://*.readspeaker.com http://siteimproveanalytics.com  http://docs.netpublicator.com  'unsafe-inline' 'unsafe-eval' ; style-src 'self' data: https://*.readspeaker.com  'unsafe-inline'; frame-src 'self' https://*.readspeaker.com  http://www.youtube.com  regionkalmar.imagevault.app sts.regionkalmar.se 'unsafe-inline'; img-src 'self' data: https://*.readspeaker.com regionkalmar.imagevault.app 7535.global.siteimproveanalytics.io cdn.varbi.com data:; 1
frame-ancestors http://www.acda.com http://www.acdagents.com https://dev.acdagents.com/ https://staging.acdagents.com/ https://www.callswithoutwalls.com/ https://dev.acddirect.com/ 1
default-src 'none'; style-src 'self'; media-src 'self'; img-src 'self'; font-src 'self';frame-ancestors 'none';base-uri 'none';form-action 'none'; 1
default-src 'self' data: 'unsafe-inline' cdn2.viosys.de maps.googleapis.com fonts.googleapis.com fonts.gstatic.com maps.gstatic.com secure.gravatar.com stats.g.doubleclick.net www.google-analytics.com www.google.com www.google.de www.googletagmanager.com www.kununu.com https://static.newsletter2go.com https://api.newsletter2go.com s.w.org https://www.newsletter2go.com https://files.newsletter2go.com; frame-src self https://www.google.com/ https://www.youtube-nocookie.com/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://wetshaving.social; img-src 'self' https: data: blob: https://wetshaving.social; style-src 'self' https://wetshaving.social 'nonce-hBkQRvrjV2pb9o0A+OiT2w=='; media-src 'self' https: data: https://wetshaving.social; frame-src 'self' https:; manifest-src 'self' https://wetshaving.social; form-action 'self'; child-src 'self' blob: https://wetshaving.social; worker-src 'self' blob: https://wetshaving.social; connect-src 'self' data: blob: https://wetshaving.social https://wetshaving.social/system/ wss://wetshaving.social; script-src 'self' https://wetshaving.social 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://maps.googleapis.com https://fonts.googleapis.com https://www.gstatic.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://mitsweb.iitech.dk https://www.googletagmanager.com https://googleads.g.doubleclick.net https://snap.licdn.com 1
default-src https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src blob: https: data: 1
default-src 'self'; form-action 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' https://cdn-apac.onetrust.com https://www.google.com https://assets.adobedtm.com https://www.googletagmanager.com https://www.gstatic.com https://www.youtube.com https://*.callrail.com 'nonce-3947263940126385629'; style-src 'self' 'unsafe-inline' https://*.onetrust.com https://*.myfonts.net; frame-src 'self' https://*.olamagri.com https://*.google.com https://*.youtube.com https://*.youtube-nocookie.com https://*.euroland.com https://player.vimeo.com 'nonce-3947263940126385629'; img-src 'self' https://media.licdn.com http://pbs.twimg.com https://pbs.twimg.com https://olaminformationservices.sc.omtrdc.net https://cdn-apac.onetrust.com; connect-src 'self' *; object-src 'none'; base-uri 'self'; 1
frame-ancestors 'self' https://*.shedul.com 1
default-src 'self' data: https://api.regionaalenergieloket.nl; script-src 'self' https://*.widget.trengo.eu https://polyfill.io https://*.hotjar.com https://*.google-analytics.com https://static.cloudflareinsights.com ajax.cloudflare.com https://*.storelocatorwidgets.com https://*.survicate.com https://scripts.simpleanalyticscdn.com; script-src-elem 'self' 'unsafe-hashes' data: https://*.widget.trengo.eu https://polyfill.io https://*.hotjar.com https://*.google-analytics.com/ https://www.googletagmanager.com/ https://static.cloudflareinsights.com https://*.storelocatorwidgets.com https://*.survicate.com 'sha256-9VDmhXS8/iybLLyD3tql7v7NU5hn5+qvu9RRG41mugM=' scripts.simpleanalyticscdn.com 'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM='; script-src-attr 'self' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://*.survicate.com; style-src-elem 'self' 'unsafe-inline' data: https://*.hotjar.com https://maxcdn.bootstrapcdn.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://*.survicate.com; style-src-attr 'self' 'unsafe-hashes' data: 'sha256-MRwka0/4j4rDIhqWHKzHVgYCKfmEnNH0AT3nVR928O0=' 'sha256-TbrjG17MSiO8IKSlX/5IHYPweVR4+mHPUuUwZ7a5a2Y=' 'sha256-LZDbS/CUwn+BjQYT2qJ1p7VkcOLJrL0M6KyT1EUYfI4='; img-src 'self' data: https://res.cloudinary.com https://images.ctfassets.net https://*.google-analytics.com https://*.regionaalenergieloket.nl https://queue.simpleanalyticscdn.com https://simpleanalyticsbadges.com https://*.mux.com; font-src 'self' data: https://fonts.gstatic.com https://*.survicate.com; connect-src 'self' https://*.widget.trengo.eu https://sessions.bugsnag.com https://cdn.contentful.com https://notify.bugsnag.com/ https://*.regionaalenergieloket.nl https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io/ https://*.google-analytics.com https://*.mapbox.com/ https://*.storelocatorwidgets.com https://cloudflareinsights.com https://*.survicate.com https://queue.simpleanalyticscdn.com https://*.mux.com https://*.a1.typesense.net https://cdn.plyr.io; media-src 'self' https://res.cloudinary.com https://*.survicate.com https://*.mux.com https://assets.ctfassets.net blob:; object-src 'none'; child-src 'self' https://*.regionaalenergieloket.nl blob:; frame-src 'self' https://*.hotjar.com https://*.regionaalenergieloket.nl; frame-ancestors 'self' https://*.regionaalenergieloket.nl; form-action 'self' https://*.regionaalenergieloket.nl; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri https://bleeve.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; font-src *; img-src https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://www.browsealoud.com/ 'self' https://www.googletagmanager.com/ https://www.facebook.com/ https://www.google-analytics.com/ https://track.hubspot.com/ https://plus.browsealoud.com/ https://upload.wikimedia.org/ https://stats.g.doubleclick.net/  https://c.clarity.ms/ https://c.bing.com/ https://www.google.co.uk https://www.google.com https://cdn.acsbapp.com data:; child-src 'self' https://content.googleapis.com/ https://www.googletagmanager.com/ns.html; script-src https://plus.browsealoud.com/ https://www.browsealoud.com/ https://*.speechstream.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://apis.google.com/ https://wikisum.texthelp.com/ 'self' 'unsafe-inline' 'unsafe-eval' https://pay.google.com https://ajax.googleapis.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://js.hs-scripts.com/ https://home-e32.niceincontact.com/ https://js.hs-analytics.net/ https://js.hs-banner.com/ https://js.hsforms.net/ https://forms.hsforms.com/ https://unpkg.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://www.clarity.ms https://acsbapp.com https://cdn.appdynamics.com; style-src * 'unsafe-inline' https://www.browsealoud.com/ https://plus.browsealoud.com/; connect-src 'self' https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://plus.browsealoud.com/ https://www.browsealoud.com/ https://js.hs-banner.com/ https://in.hotjar.com/ https://vc.hotjar.io/ https://ws14.hotjar.com/ https://forms.hsforms.com/ https://f.clarity.ms https://u.clarity.ms https://v.clarity.ms https://k.clarity.ms https://consentcdn.cookiebot.com https://speech.speechstream.net/ wss://ws14.hotjar.com/ https://region1.google-analytics.com https://region1.analytics.google.com blob: https://plus.browsealoud.com/ https://www.browsealoud.com/ https://en.wikipedia.org/ https://wikisum.texthelp.com/ https://wiki-summarizer-eu.texthelp.com/ https://simplify-us.texthelp.com/ https://browsealoud-webservices-8.texthelp.com/ https://browsealoud-webservices-eu.texthelp.com/ https://babm.texthelp.com/ https://*.speechstream.net/ https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://cdn.acsbapp.com https://process.acsbapp.com https://acsbapp.com; frame-src 'self' https://home-e32.niceincontact.com/ https://vars.hotjar.com/ https://accounts.bristowsutor.co.uk/ https://www.youtube.com/ https://forms.hsforms.com/ https://pp.eshapay.net/ https://pa.eshapay.net/ https://pp.ephapay.net/ https://pa.ephapay.net/ https://content.googleapis.com/ https://consentcdn.cookiebot.com/; media-src 'self' blob: https://*.speechstream.net/; 1
default-src 'self';img-src 'self' https: data: blob:;media-src 'self' https: blob:;script-src 'self' https: 'unsafe-inline' 'unsafe-eval';script-src-attr 'unsafe-inline';connect-src 'self' https: wss:;frame-src 'self' https:;worker-src 'self' https: blob:;base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
frame-ancestors 'self' https://www.visitaarhus.dk https://*.www.visitaarhus.dk https://api.www.www.visitaarhus.dk 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' camchatx.com:9080 camchatx.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://camchatx.com wss://camchatx.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715653966 1
default-src 'self' 'unsafe-inline';style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' 'unsafe-inline' fonts.gstatic.com;script-src 'self' 'unsafe-inline' www.googletagmanager.com www.google-analytics.com *.hotjar.com www.hotjar.com maps.googleapis.com www.google.com *.google.com www.gstatic.com *.gstatic.com public.tableau.com;img-src 'self' data: www.google-analytics.com *.twtest.nl maps.googleapis.com maps.gstatic.com public.tableau.com;frame-src 'self' *.hotjar.com *.frisbee.nl *.google.com *.vimeo.com *.youtube.com public.tableau.com app.powerbi.com;connect-src 'self' *.hotjar.com *.google-analytics.com maps.googleapis.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' localhost:* local.host local.host:* dev.host:* bankai-revolution.test *.immofinanz.test 192.168.40.155:* *.immofinanz.test *.immofinanz.com *.equitystory.com *.immofinanz.test *.eqs.com *.cms-eqs.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.de *.google.at *.bing.com *.doubleclick.net *.youtube.com *.youtube-nocookie.com *.googleadservices.com cookiepro.com *.cookiepro.com my.matterport.com *.matterport.com *.archilogic.com cdn.polyfill.io cdnjs.cloudflare.com data: *.activehosted.com *.cloudfront.net; frame-ancestors 'self' *.immofinanz.com local.host localhost *.immofinanz.test *.immofinanz.test; 1
default-src 'self' *.google.com *.doubleclick.net *.facebook.net *.cookiebot.com *.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ajax.googleapis.com www.youtube.com maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' v1.addthisedge.com z.moatads.com *.marker.io *.addthis.com ajax.aspnetcdn.com  *.google.com *.doubleclick.net *.facebook.net *.google.com *.cookiebot.com *.googletagmanager.com *.google-analytics.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ ajax.googleapis.com www.youtube.com maps.googleapis.com; style-src 'self' 'unsafe-inline' *.googletagmanager.com fonts.googleapis.com fonts.gstatic.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; img-src 'self' *.google.com *.google.co.uk *.facebook.com *.linkedin.com *.google-analytics.com data: dashboard.umbraco.org umbraco.tv csi.gstatic.com maps.gstatic.com maps.googleapis.com mt.google.com; frame-src 'self' *.marker.io *.addthis.com *.cookiebot.com *.vimeo.com *.google.com www.gstatic.com/recaptcha/ www.youtube.com 1
default-src 'none'; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https: 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.doubleclick.net *.googletagmanager.com *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com; connect-src 'self'  *.doubleclick.net *.googleapis.com *.google-analytics.com; img-src data: *; style-src 'self' 'unsafe-inline' *.googleapis.com; form-action 'self'; frame-ancestors 'self' ; base-uri 'self'; frame-src 'self' *.gstatic.com *.google.com; media-src *; font-src * data:; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' 'self' *.sleeknote.com https://matomojs.trackify.info https://matomo.pernod-ricard.io fls.doubleclick.net; frame-ancestors 'self' *.sleeknote.com https://matomojs.trackify.info https://matomo.pernod-ricard.io; frame-src blob: 'self' *.sleeknote.com https://www.google.com https://www.youtube.com https://saprwwindnkmaps.z8.web.core.windows.net/ https://mc9r0b9qpsrtt0j17w1666dz6j81.pub.sfmc-content.com/ https://stags.bluekai.com/ https://l3.evidon.com/site/4141/27823/47?lang=en-us https://matomojs.trackify.info https://matomo.pernod-ricard.io wss://ws.hotjar.com/api/v2/client/ws?v=5 https://www.winning-drinks.com/; worker-src blob: 'self' 1
default-src 'self'; script-src 'self' * 'unsafe-inline'; style-src 'self' * 'unsafe-inline'; connect-src 'self' *; img-src 'self' * data:; font-src 'self' *; media-src 'self' *; frame-src 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com/; frame-ancestors 'none' 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/; connect-src 'self' https://*.readspeaker.com https://api.service-digitale-verwaltung.de https://buergerservice.ionas.de/ https://nominatim.openstreetmap.org/ https://tracking-nc.chamaeleon.de; font-src 'self' data: http://www.minden.de; frame-ancestors 'self'; frame-src 'self' https://*.readspeaker.com https://buergerservice.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://www.google.com; img-src 'self' blob: data: https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://tiles.chamaeleon.de https://tracking-nc.chamaeleon.de https://www.dwd.de https://www.minden.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.readspeaker.com https://tracking-nc.chamaeleon.de; script-src-elem 'self' 'unsafe-inline' https://*.readspeaker.com https://api.service-digitale-verwaltung.de https://tracking-nc.chamaeleon.de; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.readspeaker.com; style-src-elem 'self' 'unsafe-inline' https://*.readspeaker.com https://api.service-digitale-verwaltung.de; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
script-src 'self' 'unsafe-eval' https://cdn.ckeditor.com https://maps.googleapis.com  https://www.googletagmanager.com/gtag/js  https://www.google-analytics.com/analytics.js  https://code.jquery.com/jquery-3.6.0.min.js  https://code.jquery.com/ui/1.10.0/jquery-ui.js 'unsafe-inline'; object-src 'self' ; img-src 'self' https://cdn.ckeditor.com 1
default-src   'self'   apis.google.com   app.clearbit.com   connect.facebook.net   firestore.googleapis.com   fonts.googleapis.com   fonts.gstatic.com   form.smileweb.net   dev-form.smileweb.net   identitytoolkit.googleapis.com   prod-api.smileweb.net   securetoken.googleapis.com   smileweb-app.firebaseapp.com   static.smileweb.net   testing-form.smileweb.net   stats.g.doubleclick.net   tag.clearbitscripts.com   www.google-analytics.com   www.googletagmanager.com   x.clearbitjs.com   'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='   'sha256-KJxnsNT0gtdqJuu4ax26lLQPfNPovAIoDwH4Ql0esmA='   'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='   'sha256-WVkNUdWP0lukQtTjeNmSOhLNStVYP/Ho92RLxHVM2M0='   'sha256-9DoVum3m8JKsIY3DTlnlYUaZmF0qX8+iPcNp2w20t90=' ;img-src   'self'   data:   s3.sa-east-1.amazonaws.com   static.smileweb.net   www.facebook.com   www.google-analytics.com ;script-src   'self'   'sha256-HDP6PPmUSTygOms82GqatyknRdPtGrQf2Mx7gI07ywE='   'sha256-hnD7loh8ISm5RQ4QgaNwq9T5Y4AY7Pi6zSDaGXASjGA='   'sha256-NYiv/TuY+idwGDsdFmxOvluUANrfoPumXWnuSO/nqts='   'sha256-TEo0NHqqdmiDKkdbi6ouHBr+IOO4iEd3Pe5LNS05Cv8='   'sha256-FDyPg8CqqIpPAfGVKx1YeKduyLs0ghNYWII21wL+7HM='   apis.google.com   app.clearbit.com   connect.facebook.net   fonts.gstatic.com   form.smileweb.net   testing-form.smileweb.net   static.smileweb.net   stats.g.doubleclick.net   tag.clearbitscripts.com   www.google-analytics.com   www.googletagmanager.com   www.smileweb.net   x.clearbitjs.com ;object-src   'none';form-action ;frame-ancestors   form.smileweb.net   prod-api.smileweb.net   static.smileweb.net ; 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-76352bb4c4184381852211dff20ed345' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-6RW/EVNDlvFImiC3zl6/YQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' https://app.kontent.ai https://*.azrielimalls.co.il https://azrielimalls.co.il https://azrieli.inmanage.com https://*.azrieli.xyz http://localhost:* http://127.0.0.1:* 1
child-src 'self'; default-src 'self' https://*.google.com https://*.googleapis.com https://*.stripe.com https://sc-static.net https://tr.snapchat.com; frame-src 'self' https://*.crazyegg.com https://*.stripe.com https://*.google.com https://consentcdn.cookiebot.com https://*.sj.se https://td.doubleclick.net/ https://tr.snapchat.com https://*.thehotelsnetwork.com; worker-src 'self' blob:; connect-src 'self' ws://localhost:* http://localhost:4000/graphql https://*.bestwestern.se/graphql https://*.bestwestern.com https://*.crazyegg.com https://content.web.bwhhotelgroup.com/stripe-pk.json https://*.doubleclick.net/ https://*.g.doubleclick.net https://*.google.com https://*.google.no https://*.google.dk https://*.google.se https://*.analytics.google.com https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://consentcdn.cookiebot.com https://*.clarity.ms/ https://*.bing.com https://api.maptiler.com https://sc-static.net https://tr6.snapchat.com/ https://tr.snapchat.com https://facebook.com/ https://www.facebook.com/ https://*.thehotelsnetwork.com https://*.sentry.io; font-src 'self' data: https://*.typekit.net https://*.gstatic.com; img-src 'self' data: https://*.bestwestern.se https://*.bestwestern.no https://*.bestwestern.dk https://*.crazyegg.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.gstatic.com https://maps.googleapis.com https://images.ctfassets.net https://imgsct.cookiebot.com/ https://*.google.no https://*.google.dk https://*.google.se https://*.google.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.bing.com https://www.facebook.com https://*.clarity.ms https://api.maptiler.com https://tr.snapchat.com; manifest-src 'self'; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-eval' https://*.thehotelsnetwork.com 'sha256-4CtKi7L2SSfaLijorO+Mu0qhcYzi/V3MKqNCEgf1Tpo='; script-src-elem 'self' 'unsafe-inline' https://*.google.com https://*.google.no https://*.google.dk https://*.google.se https://*.googleadservices.com https://connect.facebook.net https://bat.bing.com https://*.clarity.ms https://*.gstatic.com https://*.googleapis.com https://*.googletagmanager.com https://*.stripe.com https://*.cookiebot.com https://*.sj.se https://sc-static.net https://tr.snapchat.com https://*.thehotelsnetwork.com https://*.sentry-cdn.com http://script.crazyegg.com 'sha256-4CtKi7L2SSfaLijorO+Mu0qhcYzi/V3MKqNCEgf1Tpo='; style-src 'self' 'unsafe-inline' https://*.crazyegg.com https://*.googleapis.com https://*.googletagmanager.com https://*.typekit.net; base-uri 'self'; form-action 'self'; frame-ancestors 'self' 1
frame-src https:; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors 'self'; connect-src 'self' https://maps.googleapis.com data: ; img-src * data: ; font-src * data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ikea.com v4.ai.ingka.ikea.net api.addressy.com google.com *.google.com *.gstatic.com translate.googleapis.com translate-pa.googleapis.com www.youtube-nocookie.com www.youtube.com www.paypal.com blob: data: https://storage.googleapis.com/learnwithikeavideos/ unicorn-rainbow-flower.edgecompute.app ikea-listings.edgecompute.app *.ingka.com *.cdtapps.com *.ctfassets.net *.ipex-insights.com *.criteo.net *.criteo.com *.doubleclick.net *.facebook.com *.facebook.net www.googleadservices.com *.googlesyndication.com *.google.kr t1.daumcdn.net *.teads.tv *.cookielaw.org *.onetrust.com *.akamaihd.net *.akstat.io *.contentsquare.net app.contentsquare.com *.google-analytics.com www.googletagmanager.com *.go-mpulse.net *.optimizely.com sentry.io *.sentry.io *.avo.app oppwa.com *.oppwa.com mpsnare.iesnare.com *.iesnare.com *.bambuser.com firestore.googleapis.com liveshopping-widgets.firebaseapp.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com www.googleapis.com *.syndeo.cx *.production.syndeo.cx wss://web.production.syndeo.cx icsp.ingka.ikea.com wss://icsp.ingka.ikea.com wss://web-api.ikea.com/cschatbot/; img-src * blob: data:; frame-src *; frame-ancestors *.ikea.com; object-src 'self'; report-uri https://csp.ikea.com 1
form-action 'self' *.paypal.com; 1
default-src data: 'self' https://mycredit.ua https://media.mycredit.ua https://www.google-analytics.com https://*.google.com https://*.google.com.ua https://*.googletagmanager.com https://*.googleusercontent.com https://asky.guru https://sc02.sfcserv.eu https://*.googleadservices.com *.doubleclick.net *.hotjar.com https://analytics.tiktok.com px.adhigh.net https://mycreditua.push.world https://fonts.gstatic.com *.youtube.com https://*.gravitec.net https://*.gravitec.media https://push.esputnik.com https://esputnik.com https://*.facebook.com https://*.facebook.net *.firebaseapp.com *.firebaseio.com *.appspot.com *.iesnare.com wss://mpsnare.iesnare.com https://mpsnare.iesnare.com *.gov.ua https://rabota.ua https://*.rabota.ua https://*.ex.co https://*.playbuzz.com https://*.cloudfunctions.net ;script-src 'unsafe-inline' 'unsafe-eval' 'self' https://mycredit.ua *.mycredit.ua http://*.mycredit.ua *.google-analytics.com https://*.googletagmanager.com https://*.googleoptimize.com https://*.googleadservices.com https://*.google.com https://*.google.com.ua https://*.googleapis.com https://*.gravitec.net https://*.gravitec.media https://push.esputnik.com https://esputnik.com https://widget.asky.guru https://sc02.sfcserv.eu https://*.facebook.com https://*.facebook.net https://gdeua.hit.gemius.pl https://*.hotjar.com https://analytics.tiktok.com px.adhigh.net https://mycreditua.push.world *.cloudflare.com https://static.addtoany.com *.doubleclick.net *.irebaseapp.com *.firebaseio.com *.appspot.com *.youtube.com *.iesnare.com https://rabota.ua https://*.rabota.ua https://*.ex.co https://*.playbuzz.com  ;style-src 'unsafe-inline' * ;frame-ancestors 'self' ; 1
frame-ancestors 'self' https://vculungscan.com https://www.vculungscan.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-kQJtBWFXQbk6pog7XIZ6vw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
-Report-Only block-all-mixed-content; report-uri /_/csp-reports 1
frame-src *; script-src 'unsafe-eval' 'unsafe-inline' 'self'  www.balbooa.com cdn.jsdelivr.net; script-src-elem 'self' gspeech.io storage.googleapis.com js.hcaptcha.com www.balbooa.com cdn.ckeditor.com cdn.jsdelivr.net www.google.com www.gstatic.com hcaptcha.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; img-src blob: 'self' 'https://cm-portimao.pt' storage.googleapis.com www.cm-portimao.pt cm-portimao.pt data: www.balbooa.com ; default-src 'self' cdn.ckeditor.com gspeech.io storage.googleapis.com cdn.jsdelivr.net www.gstatic.com cm-portimao.pt www.cm-portimao.pt api.joomlatools.com code.jquery.com tile.osm.org www.google.com appscdn.joomla.org *.hcaptcha.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval';  1
default-src 'self'; object-src 'self' https://pts.deutschlandsim.de/p.swf; base-uri 'self'; media-src 'self' https://imagepool.deutschlandsim.de; img-src https: data: http://files.deutschlandsim.de; font-src https:; form-action 'self' https://www.facebook.com https://connect.facebook.net https://hilfe-center.1und1.de https://var.uicdn.net https://www.tuev-saar.de https://www.trustedshops.de https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://umfrage.deutschlandsim.de https://pts.deutschlandsim.de; connect-src 'self' https://widgets.trustedshops.com https://gw1.api.trustedshops.com https://cdn1.api.trustedshops.com https://cdn2.spatialbuzz.com https://cdn.spatialbuzz.com https://o2-de.spatialbuzz.net https://tags.tiqcdn.com https://collect.tealiumiq.com/event https://collect-eu-central-1.tealiumiq.com https://www.google.com https://www.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://cts.communicationads.net https://www.bing.com https://bat.bing.com https://connect.facebook.net https://www.facebook.com https://trck.spoteffects.net https://tracking.drillisch.de https://www.dwin1.com https://www.awin1.com https://www7.smartadserver.com https://1and1internetag.demdex.net https://dpm.demdex.net https://the.sciencebehindecommerce.com https://o2.mouseflow.com https://cdn.mouseflow.com https://cm.everesttech.net https://assets.adobedtm.com https://livechat.deutschlandsim.de https://chat.deutschlandsim.de https://stats.deutschlandsim.de https://imagepool.deutschlandsim.de https://pts.deutschlandsim.de https://analytics.tiktok.com https://umfrage.deutschlandsim.de; script-src 'strict-dynamic' 'nonce-3d00bf317d98949f8122d14222263128' 'nonce-f3f18d6a399761fef83f1553e496bd27' 'nonce-edb0a857333df7964163b2257994c393' 'nonce-a3ac4fda8bed93cec00cbddf372e56ea' 'nonce-52fbfbcf8913e9df3e2a28aaacecb6d7' 'nonce-b5d2c15b415feab9f3fa6d4a3f9ed023' 'self' 'unsafe-inline' https: 'report-sample'; style-src 'self' 'unsafe-inline' https: data:; frame-ancestors 'self' https://paketshop.myhermes.de; frame-src https://1and1internetag.demdex.net https://bid.g.doubleclick.net https://cdn2.spatialbuzz.com https://connect.facebook.net https://dpm.demdex.net https://paketshop.myhermes.de https://tags.tiqcdn.com https://tpc.googlesyndication.com https://www.awin1.com https://www.facebook.com https://www.youtube-nocookie.com https://pts.deutschlandsim.de https://umfrage.deutschlandsim.de; child-src https://1and1internetag.demdex.net https://ad13.adfarm1.adition.com https://cdn2.spatialbuzz.com https://dpm.demdex.net https://tags.tiqcdn.com https://trck.spoteffects.net https://www.facebook.com https://www.googleadservices.com https://www.youtube.com; upgrade-insecure-requests; block-all-mixed-content; report-uri /csp-reports; script-src-elem 'strict-dynamic' 'nonce-3d00bf317d98949f8122d14222263128' 'nonce-f3f18d6a399761fef83f1553e496bd27' 'nonce-edb0a857333df7964163b2257994c393' 'nonce-a3ac4fda8bed93cec00cbddf372e56ea' 'nonce-52fbfbcf8913e9df3e2a28aaacecb6d7' 'nonce-b5d2c15b415feab9f3fa6d4a3f9ed023' 'self' 'unsafe-inline' https: 'report-sample' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-u0SULK1wn_Q7FOb3g3dk3g' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
base-uri 'none'; form-action 'none'; default-src 'self'; media-src https://images.buildon.aws; img-src 'self' blob: data: https://* https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.everesttech.net https://ga0.awsstatic.com/ https://a0.awsstatic.com/ https://d2c.aws.amazon.com; child-src 'none'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; connect-src 'self' https://prod-site-buildonimagesbucket110194ec-1dl1gdauw066s.s3.us-east-1.amazonaws.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://amazonwebservices.d2.sc.omtrdc.net https://aws.demdex.net https://dpm.demdex.net https://cm.everesttech.net https://ga0.awsstatic.com/ https://a0.awsstatic.com/ https://d2c.aws.amazon.com https://vs.aws.amazon.com https://aws.amazon.com https://api-v2.builderprofile.aws.dev https://token.builderprofile.aws.dev https://avatars.builderprofile.aws.dev https://dataplane.rum.us-east-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://sts.us-east-1.amazonaws.com/ https://prod-api.cosmic.aws.dev; script-src 'self' 'sha256-pD1IvxrgXgKrAhNJmdMwtplCR1BZCy9ekf7LyKljrWI=' https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js https://d2c.aws.amazon.com/client/loader/v1/d2c-load.js https://ga0.awsstatic.com/ https://a0.awsstatic.com/ https://d2c.aws.amazon.com https://cdn.builderprofile.aws.dev/bp.min.js https://platform.twitter.com/ https://prod.cosmic.aws.dev; object-src 'none'; frame-src https://www.youtube-nocookie.com/ https://www.youtube.com/ https://platform.twitter.com/ https://aws.demdex.net https://dpm.demdex.net https://player.twitch.tv/ 1
frame-ancestors 'none'; default-src 'self' https://*.yahoo.com https://*.yimg.com; script-src 'self' 'unsafe-inline' 'nonce-Mck6HN4iWh/Icu/dunjm1g==' 'unsafe-eval' https://*.yahoo.net https://*.yahoo.com https://*.yimg.com https://*.uservoice.com *.oath.com https://*.hereapi.com https://*.youtube.com *.yahooapis.com blob:; style-src 'self' 'unsafe-inline' https://assets.video.yahoo.net https://*.yimg.com; img-src 'self' data: blob: https://*.aol.com https://s.aolcdn.com https://*.bing.net https://*.yimg.com https://s.ytimg.com yahoo.com https://*.yahoo.com https://*.bing.com *.here.com *.wc.yahoodns.net https://*.doubleclick.net https://sb.scorecardresearch.com https://*.adaptv.advertising.com https://*.vidible.tv https://*.yahoo.net https://*.footprint.net https://*.akamaized.net https://*.cloudfront.net https://*.llnwd.net; frame-src 'self' https://*.yahoo.net https://*.youtube.com https://s.yimg.com https://*.yahoo.com https://yahoo.uservoice.com https://*.vidible.tv https://*.advertising.com https://fun.games.com/ https://interactives.ap.org; media-src * blob:; object-src *; connect-src * blob:; font-src * data:; child-src blob:; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://gameliberty.club; img-src 'self' https: data: blob: https://gameliberty.club; style-src 'self' https://gameliberty.club 'nonce-klNDGaaJHTHTiUCT+5yq8g=='; media-src 'self' https: data: https://gameliberty.club; frame-src 'self' https:; manifest-src 'self' https://gameliberty.club; form-action 'self'; connect-src 'self' data: blob: https://gameliberty.club https://media.gameliberty.club/media/ wss://gameliberty.club; script-src 'self' https://gameliberty.club; child-src 'self' blob: https://gameliberty.club; worker-src 'self' blob: https://gameliberty.club 1
font-src 'self' https://script.hotjar.com; 1
default-src 'self' www.google-analytics.com www.youtube.com; child-src 'self' www.youtube.com www.youtube-nocookie.com player.vimeo.com www.google.com; frame-src 'self' www.youtube.com forms.zohopublic.eu zfrmz.eu www.google.com https://recaptcha.google.com/recaptcha/ player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.perplex.nl s.ytimg.com *.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.youtube.com player.vimeo.com www.googletagmanager.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: rating.pegi.info *.google-analytics.com *.analytics.google.com www.perplex.nl i.ytimg.com www.gravatar.com img.youtube.com i.vimeocdn.com vumbnail.com; font-src 'self' data:; connect-src 'self' *.google-analytics.com *.analytics.google.com; form-action 'self' forms.zohopublic.eu; report-uri https://perplex.report-uri.com/r/default/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' *.dlgsc.wa.gov.au *.facebook.com *.facebook.net www.youtube.com *.google.com *.google.com/maps *.facebook.com *.monsido.com *.fbcdn.net *.b-cdn.net *.service.wa.gov.au https://platform.twitter.com anchor.fm *.soundcloud.com https://www.google-analytics.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.dlgsc.wa.gov.au *.googleapis.com *.gstatic.com *.googletagmanager.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org 35.189.0.46 *.monsido.com *.tracking.monsido.com *.google.com https://cdnjs.cloudflare.com https://www.feedrapp.info 127.0.0.1 *.hotjar.com *.monsido.com *.curator.io *.visualwebsiteoptimizer.com *.googleapis.com; style-src 'self' 'unsafe-inline' *.dlgsc.wa.gov.au *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.dlgsc.wa.gov.au *.curator.io; img-src 'self' *.dlgsc.wa.gov.au *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.monsido.com *.curator.io *.fbcdn.net *.b-cdn.net *.visualwebsiteoptimizer.com; media-src 'self' data: blob: cdn.dlgsc.wa.gov.au *.dlgsc.wa.gov.au; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com outlook.office365.com anchor.fm google.com; connect-src 'self' accounts.google.com *.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://www.feedrapp.info *.hotjar.com *.curator.io *.wa.gov.au *.service.wa.gov.au https://platform.twitter.com anchor.fm https://www.google-analytics.com *.googleapis.com; 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://seal.cafe wss://seal.cafe https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;media-src 'self' https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;img-src 'self' data: blob: https://s3.us-east-1.wasabisys.com https://proxy.seal.cafe;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self';frame-src 'self' https:; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.ridleyacademy.com 1
default-src * data: blob:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 'unsafe-inline'; connect-src * data: blob: 'unsafe-inline'; frame-src *;font-src * data: blob:; 1
script-src https://cdn.insight.sitefinity.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api 'self' https://www.googletagmanager.com 'unsafe-inline' https://cdn.moengage.com/ https://www.gstatic.com https://static.hotjar.com https://www.google-analytics.com https://script.hotjar.com https://js.monitor.azure.com 'unsafe-eval' https://www.google.com/ data: https://connect.facebook.net/ https://googleads.g.doubleclick.net/ https://cse.google.com/ ; style-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://www.google.com/ ; img-src https://cdn.insight.sitefinity.com https://dec.azureedge.net 'self' data: https://www.google.com.my https://gleneagles.com.my/ https://www.googletagmanager.com/ https://www.facebook.com/ https://www.google.com/ https://www.google.com.sg https://clients1.google.com/ https://script.hotjar.com/; connect-src https://*.insight.sitefinity.com https://*.dec.sitefinity.com 'self' https://analytics.google.com https://sdk-01.moengage.com wss://localhost:44355/IHHHealthcare https://www.google-analytics.com wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://dc.services.visualstudio.com https://stats.g.doubleclick.net https://vc.hotjar.io/ https://gleneagles.com.my/ https://customsearch.googleapis.com/ https://surveystats.hotjar.io/; default-src 'self'; font-src  data: 'self' https://cdnjs.cloudflare.com/ https://script.hotjar.com/; frame-src  https://td.doubleclick.net https://hms.gleneagles.hk https://www.google.com/ https://www.facebook.com/ https://m.facebook.com/ https://www.youtube.com/ https://ghk-pilot.hms.local/ https://testserver-2364b.web.app/ https://pantaiproject-db504.web.app/ https://pantai-3d---orthopaedic.web.app/ https://pantai-3d---paediatrics.web.app/ https://pantai-3d---obgyn.web.app https://asiapano.com/vr/hospitals/pcmc/ https://www.insage.com.my/ https://player.vimeo.com/ 1
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.culturaldistrict.org *.hotjar.io *.hotjar.com https://embed.typeform.com *.googleapis.com https://www.googletagmanager.com https://static.formstack.com *.pittsburghsymphony.org https://cdnjs.cloudflare.com https://unpkg.com *.typekit.net https://static.geetest.com *.gbox.me; connect-src 'self' *.amazonaws.com *.googlesyndication.com/ https://pct.formstack.com https://api.addressy.com https://trustarts.queue-it.net https://analytics.tiktok.com *.purechat.com https://adservice.google.com https://analytics.google.com https://services.postcodeanywhere.co.uk https://stats.g.doubleclick.net https://www.facebook.com https://www.google-analytics.com https://maps.googleapis.com https://online.anyflip.com https://checkoutshopper-live-us.adyen.com/ *.typeform.com *.datadome.co ct.captcha-delivery.com https://rum.browser-intake-datadoghq.com; img-src https: data:; font-src 'self' https://fonts.gstatic.com https://script.hotjar.com *.formstack.com https://use.typekit.net; object-src 'none'; media-src 'self' *.culturaldistrict.org; frame-src 'self' https://widgets.resy.com *.approveforgood.com/ https://geo.captcha-delivery.com *.applytojob.com/ *.doubleclick.net *.culturaldistrict.org *.formstack.com *.googlesyndication.com/ *.pittsburghsymphony.org https://form.typeform.com/ *.youtube.com https://www.youtube-nocookie.com/ https://w.soundcloud.com/ https://e.issuu.com https://insight.adsrvr.org https://player.vimeo.com https://vars.hotjar.com https://www.facebook.com *.google.com https://www.recaptcha.net https://online.anyflip.com https://albumizr.com/ https://checkoutshopper-live-us.adyen.com/; frame-ancestors 'self'; 1
frame-ancestors 'self' https://apps.bernina.com https://bernina.at https://www.bernina.at https://www.bernette.com/ https://bernette.com/ https://*.bernina-wien.at https://bernina-wien.at 1
frame-ancestors *.sudameapteek.ee 1
img-src 'self' maps.googleapis.com maps.gstatic.com data:; script-src 'unsafe-eval' 'sha256-VUF8uwjnO8Kpo3kvs6UA6UEAThNOLjcsORs1kvqaT+U=' 'self' maps.googleapis.com www.google.com www.gstatic.com; frame-src 'self' www.google.com www.gstatic.com; 1
connect-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com  https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;default-src 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com;frame-ancestors 'self'  ;frame-src https://www.google.com https://js.stripe.com https://staticxx.facebook.com https://www.facebook.com/ https://www.youtube.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com ;img-src 'self' data: blob: https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io ;media-src 'none';object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io;font-src data: 'self' https://www.timecenter.se https://www.timecenter.dk https://www.timecenter.com https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io https://*.klarna.net https://*.klarnacdn.net https://*.klarna.com https://*.klarnaevt.com;style-src 'self' 'unsafe-inline' https://*.analytics.google.com https://*.google-analytics.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://www.googleadservices.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://*.g.doubleclick.net https://www.google.com https://www.google.se https://js.stripe.com https://maps.googleapis.com https://fonts.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://api.instagram.com https://scontent.cdninstagram.com https://cdn.materialdesignicons.com https://cdn.jsdelivr.net https://polyfill.io; 1
default-src blob: 'self' *.mgm.mo; script-src *.mgm.mo *.google.com *.gstatic.com *.recaptcha.net *.google-analytics.com *.googleadservices.com *.aliyuncs.com *.tiqcdn.com *.googletagmanager.com hm.baidu.com *.facebook.net *.bing.com *.doubleclick.net blob: 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' *.mgm.mo fonts.googleapis.com data:; font-src data: *.gstatic.com *.mgm.mo 'self'; img-src *.googletagmanager.com *.mgm.mo *.aliyuncs.com *.bing.com *.google-analytics.com *.google.com *.google.co.jp *.baidu.com *.facebook.com data: blob: 'self';media-src 'self' *.mgm.mo *.oss-cn-hongkong.aliyuncs.com;frame-src 'self' *.youku.com *.youtube-nocookie.com *.youtube.com *.ytimg.com *.recaptcha.net *.facebook.com *.google.com; connect-src 'self' *.mgm.mo *.google-analytics.com *.doubleclick.net *.google.com *.facebook.com; frame-ancestors 'self'; 1
default-src 'self' telligen.okta.com *.oktacdn.com; connect-src 'self' telligen.okta.com telligen-admin.okta.com *.oktacdn.com *.mixpanel.com *.mapbox.com *.mtls.okta.com telligen.kerberos.okta.com *.authenticatorlocalprod.com:8769 http://localhost:8769 http://127.0.0.1:8769 *.authenticatorlocalprod.com:65111 http://localhost:65111 http://127.0.0.1:65111 *.authenticatorlocalprod.com:65121 http://localhost:65121 http://127.0.0.1:65121 *.authenticatorlocalprod.com:65131 http://localhost:65131 http://127.0.0.1:65131 *.authenticatorlocalprod.com:65141 http://localhost:65141 http://127.0.0.1:65141 *.authenticatorlocalprod.com:65151 http://localhost:65151 http://127.0.0.1:65151 https://oinmanager.okta.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; script-src 'unsafe-inline' 'unsafe-eval' 'self' telligen.okta.com *.oktacdn.com; style-src 'unsafe-inline' 'self' telligen.okta.com *.oktacdn.com; frame-src 'self' telligen.okta.com telligen-admin.okta.com login.okta.com com-okta-authenticator:; img-src 'self' telligen.okta.com *.oktacdn.com *.tiles.mapbox.com *.mapbox.com data: data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com blob:; font-src 'self' telligen.okta.com data: *.oktacdn.com fonts.gstatic.com 1
default-src 'self' https://matomo.wojak-studio.com https://wojakparadise.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.coffee-france.fr https://matomo.wojak-studio.com;img-src 'self' 'self' data: 'self' blob: https://matomo.wojak-studio.com https://www.coffee-france.fr;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://partner.googleadservices.com ajax.googleapis.com cse.google.com *.moviead55.ru mc.yandex.ru https://mc.yandex.ru https://mc.webvisor.org https://connect.ok.ru https://cse.google.com vk.com mail.ru https://cdn.jsdelivr.net youtube.com googlevideo.com googleapis.com gstatic.com googleusercontent.com google.com  https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* yandex.ru:* https://yandex.st:* yandex.st:* yandex.kz yandex.ua https://*.yandex.net:* *.yandex.net:* https://yastatic.net  *.ok.ru *.vk.com *.mail.ru *.twitter.com *.webvisor.com *.youtube.com *.googlevideo.com *.googleapis.com https://*.googleapis.com *.gstatic.com advertserve.com *.advertserve.com bannersvideo.com *.bannersvideo.com adbetnet.com *.adbetnet.com *.braun634.com *.trafficbass.com n161adserv.com *.n161adserv.com *.rekvid1.ru rekvid1.ru vak345.com *.vak345.com https://sync.dmp.otm-r.com *.adriver.ru https://user91471.clients-cdnnow.ru https://videoroll.net videoroll.net *.videoroll.net playep.pro https://servicer.traffic-media.co.uk https://jsc.traffic-media.co.uk https://cs377.hotkabachok.com https://cs377.vsesvets.com https://vidroll.ru *.vidroll.ru https://pub-eu.p.otm-r.com https://cdn.serianta.com https://cse.google.com videosmor.com datalock.ru *.videosmor.com push-centr.net push-plus.net https://farteniuson.com https://*.newsforall.biz fonts.gstatic.com *.googleusercontent.com *.google-analytics.com *.google.com https://cse.google.com *.yandex.st *.yandex.kz *.yandex.ua *.yandex.net ymetrica.com *.yastatic.net block.s2blosh.com http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: trafmag.com js.hotlog.ru openstat.net mytopf.com fonts.googleapis.com http://cas.criteo.com data; connect-src 'self' https://www.google-analytics.com https://passport.yandex.ua https://play.google.com https://yourbestbro1s.site https://track.analitycs.net https://*.yandex.net:* *.yandex.net:* https://*.yandex.ru:* *.yandex.ru:* https://yandex.ru:* mc.yandex.fr yandex.ru:* https://yandex.st:* yandex.st:* https://mc.webvisor.org https://yandex.ua https://mc.yandex.ua https://yandex.fr ymetrica.com datalock.ru https://farteniuson.com https://syndication.twitter.com https://videoroll.net http://piguiqproxy.com/ *.piguiqproxy.com http://smcheck.org http://amgload.net *.smcheck.org *.amgload.net https://loadercdn.com blob: etcodes.com:8040 etcodes.com:8040 ws://etcodes.com:8040/4684 ws://etcodes.com:8040/4684; img-src * data: blob:; font-src 'self' data: fonts.gstatic.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://fonts.googleapis.com *.google.com https://code.moviead55.ru vak345.com etcodes.com https://yastatic.net; child-src 'self' *; object-src 'self' *; frame-src 'self' *; form-action 'self'; media-src blob: *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://localhost:44399 https://apis.google.com https://www.googletagmanager.com https://www.google-analytics.com https://ajax.googleapis.com https://www.googleadservices.com https://tagmanager.google.com https://quotespeed.morningstar.com https://qsstage.morningstar.com https://d3c3cq33003psk.cloudfront.net static.goqubit.com daira55y1kubs.cloudfront.net d3mhw2pbijpnft.cloudfront.net dd6zx4ibq538k.cloudfront.net d22rutvoghj3db.cloudfront.net d1m54pdnjzjnhe.cloudfront.net d3c3cq33003psk.cloudfront.net d2r7uc8e08s26x.cloudfront.net messages.qubit.com https://static.ads-twitter.com https://analytics.twitter.com https://connect.facebook.net https://bat.bing.com https://sjs.bizographics.com https://snap.licdn.com https://px.ads.linkedin.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://payments.worldpay.com https://hpp.worldpay.com https://ece.equiniti.co.uk; style-src 'self' 'unsafe-inline' https://quotespeed.morningstar.com https://ece.equiniti.co.uk; img-src 'self' data: https://www.equiniti.com https://sso.ops.equiniti.com https://www.google.com https://www.google-analytics.com https://quotespeed.morningstar.com https://qsstage.morningstar.com https://rtqimg.morningstar.com https://stats.g.doubleclick.net https://t.co https://www.facebook.com https://bat.bing.com https://ece.equiniti.co.uk; connect-src 'self' https://localhost:44399 wss://localhost:44399 *.qubit.com *.qubitproducts.com https://quotespeed.morningstar.com https://qsstage.morningstar.com https://pullqs.morningstar.com https://lt.morningstar.com https://www.google-analytics.com https://*.decibelinsight.net https://*.decibelinsight.com wss://*.decibelinsight.net wss://*.decibelinsight.com https://ece.equiniti.co.uk; child-src 'self' https://sso.ops.equiniti.com https://www.equiniti.com https://apis.google.com https://accounts.google.com https://lt.morningstar.com https://www.facebook.com https://www.youtube.com https://ece.equiniti.co.uk; frame-src 'self' https://sso.ops.equiniti.com https://www.equiniti.com https://apis.google.com https://accounts.google.com https://lt.morningstar.com https://www.facebook.com https://www.youtube.com https://payments.worldpay.com https://hpp.worldpay.com https://hpp-sandbox.worldpay.com https://payments-test.worldpay.com https://ece.equiniti.co.uk; 1
default-src https://usainteanne.ca https://*.usainteanne.ca https://www.youtube-nocookie.com https://font.googleapis.com https://fonts.gstatic.com https://newassets.hcaptcha.com https://player.vimeo.com https://platform.twitter.com https://cdn.syndication.twimg.com https://pbs.twimg.com https://syndication.twitter.com https://*.google.com https://www.buzzsprout.com https://www.facebook.com https://*.cdninstagram.com https://feeds.buzzsprout.com https://www.googletagmanager.com https://www.google-analytics.com; style-src https://fonts.googleapis.com 'self' 'unsafe-inline' https://platform.twitter.com; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://cdn.syndication.twimg.com https://platform.twitter.com https://www.google.com https://www.gstatic.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://www.google-analytics.com; img-src https://usainteanne.ca https://*.usainteanne.ca https://pbs.twimg.com https://*.tile.openstreetmap.org https://platform.twitter.com https://syndication.twitter.com https://*.ytimg.com *.cdninstagram.com; frame-ancestors 'self' 1
frame-ancestors 'self' facebook.com *.facebook.com 1
default-src https:; font-src https: data:; img-src https: data: blob:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; worker-src blob: 1
upgrade-insecure-requests; default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://sciencemastodon.com; img-src 'self' https: data: blob: https://sciencemastodon.com; style-src 'self' https://sciencemastodon.com 'nonce-eDCQ6zjv0uO4LpeQjgL57A=='; media-src 'self' https: data: https://sciencemastodon.com; frame-src 'self' https:; manifest-src 'self' https://sciencemastodon.com; form-action 'self'; child-src 'self' blob: https://sciencemastodon.com; worker-src 'self' blob: https://sciencemastodon.com; connect-src 'self' data: blob: https://sciencemastodon.com https://cdn.masto.host wss://sciencemastodon.com; script-src 'self' https://sciencemastodon.com 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://next.adabra.com https://my.adabra.com 1
default-src *.cloudflare.com *.youtube.com *.powerfulreveal.com *.semoelectric.coop *.cdn.js *.jsdelivr.net *.commentportal.com commentportal.com *.google.com bootstrapcdn.com  googleadservices.com *.cloudfront.net *.portlandwebdesign.com *.electric.coop adsrvr.org *.analytics.yahoo.com *.maps.arcgis.com xx.fbcdn.net rvwinc.com maps.arcgis.com vimeo.com *.googleadservices.com publicpurchase.com gravatar.com *.arcgis.com *.eventbrite.com cooperative.com *.gstatic.com *.youtube-nocookie.com *.crowdfiber.io data: *.googletagmanager.com luckyorange.net btstatic.com portlandwebdesign.com simpli.fi *.providesupport.com typekit.net mitel.io trumpia.com *.timetap.com five9.com powermag.com *.rvwinc.com *.verisign.com linkedin.com *.nr-data.net *.btstatic.com azgt.coop ebill.coop *.mapbox.com googleapis.com analytics.yahoo.com *.licdn.com *.mcusercontent.com *.bootstrapcdn.com apogee.net marketingautomation.services suppose.tv adnxs.com twimg.com *.olark.com youtube-nocookie.com *.trumpia.com xad.com mailchimp.com *.ads.linkedin.com directefficiency.com *.mailchimp.com newrelic.com *.vimeo.com *.plumassierratelecommunicationsmap.com 'unsafe-eval' *.upgrade.guide epa.gov transistor.fm google.com hirebridge.com *.simpli.fi *.yimg.com envivabiomass.com *.roanokeconnect.com e2ma.net bonnerboundary811.org *.powerfulweb.com *.elfsight.com *.libsyn.com doubleclick.net *.nwwsd.org facebook.net google-analytics.com ads.linkedin.com *.e2ma.net gstatic.com smarthub.coop *.s3.amazonaws.com mcusercontent.com s.w.org *.doubleclick.net facebook.com youtube.com *.linkedin.com nice-incontact.com fontawesome.com *.newrelic.com *.apogee.net *.googleapis.com libsyn.com eventbrite.com upgrade.guide *.basis.net *.twimg.com glassdoor.com cencoast.com *.mitel.io powerfulweb.com luckyorange.com *.five9.com *.typekit.net *.transistor.fm yimg.com 'self' *.luckyorange.com jazz.co roanokeconnect.com *.publicpurchase.com myfonts.net issuu.com *.directefficiency.com *.websupport.expert spreaker.com *.ebill.coop crowdfiber.io *.xad.com *.nice-incontact.com *.xx.fbcdn.net *.suppose.tv *.myfonts.net *.icua.coop southcentralpower.com *.bonnerboundary811.org arcgis.com mapbox.com providesupport.com *.facebook.net *.smeco.coop electric.coop googletagmanager.com *.adnxs.com smeco.coop *.issuu.com *.powermag.com *.adsymptotic.com olark.com s3.amazonaws.com 'unsafe-inline' billing.nwwsd.org elfsight.com icua.coop timetap.com *.fontawesome.com *.envivabiomass.com nr-data.net adsymptotic.com *.epa.gov *.adsrvr.org *.cencoast.com *.spreaker.com *.gravatar.com plumassierratelecommunicationsmap.com verisign.com *.glassdoor.com *.facebook.com ctctcdn.com *.jazz.co *.cooperative.com *.google-analytics.com gmpg.org cloudfront.net *.ctctcdn.com *.marketingautomation.services *.southcentralpower.com licdn.com *.hirebridge.com websupport.expert *.luckyorange.net *.smarthub.coop basis.net *.youtube.com *.azgt.coop; 1
script-src 'self' 'unsafe-inline' www.googletagmanager.com connect.facebook.net www.google-analytics.com www.googleadservices.com resources.xg4ken.com cdn.krxd.net up.pixel.ad googleads.g.doubleclick.net consumer.krxd.net beacon.krxd.net facebook.com ajax.googleapis.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.segment.com https://cdn.mxpnl.com; img-src 'self' data: https://api.adorable.io https://chart.googleapis.com https://cdn.mxpnl.com; connect-src 'self' https://services.hawkeye.care https://triggers.hawkeye.care https://metrics.hawkeye.care https://api.segment.io https://sentry.io https://api.mixpanel.com https://api-js.mixpanel.com wss://triggers.hawkeye.care https://cdn.segment.com wss://triggers.hawkeye.care; font-src 'self' 'unsafe-inline' https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net https://p.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; 1
frame-ancestors 'self' https://lojaonline.nos.pt 1
frame-ancestors https://zakupy.auchan.pl 1
default-src 'self' data: wss://chatbot.nis.rs/socket.io https://chatbot.nis.rs https://www.youtube.com https://www.airserbia.com https://www.google-analytics.com https://analytics.google.com https://secure.gravatar.com https://img.youtube.com https://yoast.com https://maps.googleapis.com https://maps.gstatic.com https://www.google.com https://www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://www.googletagmanager.com https://connect.facebook.net https://chatbot.nis.rs; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chatbot.nis.rs; font-src 'self' data: wss://chatbot.nis.rs/socket.io https://fonts.gstatic.com; connect-src 'self' wss://chatbot.nis.rs/socket.io https://chatbot.nis.rs https://maps.googleapis.com/ https://analytics.google.com; 1
default-src 'self'  'unsafe-inline' 'unsafe-eval' ;script-src 'self' https://www.paypal.com https://www.paypalobjects.com https://www.paypalobjects.com/webstatic/ppplus/ppplus.min.js https://connect.facebook.net  'unsafe-inline' 'unsafe-eval' ;img-src 'self' https://www.facebook.com *.fbcdn.net  data:;connect-src 'self' https://www.paypalobjects.com/webstatic/ppplus/ppplus.min.js https://www.facebook.com https://graph.facebook.com *.googleapis.com  data:;worker-src *;frame-src *; 1
base-uri 'self'; connect-src 'self' https://consentcdn.cookiebot.com https://*.google.com https://*.google-analytics.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.hotjar.com https://*.in.applicationinsights.azure.com https://*.svc.dynamics.com https://cdn.linkedin.oribi.io wss://*.hotjar.com https://content.hotjar.io https://maps.googleapis.com https://pagead2.googlesyndication.com https://vc.hotjar.io wss://localhost:44398 https://px.ads.linkedin.com; default-src 'none'; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; form-action 'self' https://*.worldpay.com; frame-ancestors 'self' https://ricardo.saleshood.com; frame-src 'self' https://*.cookiebot.com/ https://*.google.com https://vars.hotjar.com https://www.youtube-nocookie.com https://*.svc.dynamics.com https://player.vimeo.com https://irs.tools.investis.com https://otp.tools.investis.com https://calendly.com https://outlook.office365.com https://embed.mindstamp.com; img-src 'self' data: https://bat.bing.com https://px.ads.linkedin.com https://*.doubleclick.net https://*.google.com https://www.google.co.uk https://*.svc.dynamics.com https://*.google-analytics.com https://i.vimeocdn.com https://maps.googleapis.com https://www.googletagmanager.com https://maps.gstatic.com https://*.tile.openstreetmap.org https://*.basemaps.cartocdn.com https://unpkg.com https://imgsct.cookiebot.com; media-src 'self' https://player.vimeo.com http://vod-progressive.akamaized.net https://vod-progressive.akamaized.net https://download-video.akamaized.net; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://*.google.com https://www.googleadservices.com https://www.googleanalytics.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://www.gstatic.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://googleads.g.doubleclick.net https://mktdplp102cdn.azureedge.net https://js.monitor.azure.com https://maps.googleapis.com https://mathjax.rstudio.com https://*.vimeo.com https://*.calendly.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://optimize.google.com; 1
frame-ancestors 'self' https://missiveapp.com https://mail.missiveapp.com https://www.vapeloft.com https://webchat.missiveapp.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googleadservices.com/pagead/ maps.googleapis.com ajax.googleapis.com https://www.googletagmanager.com/gtm.js http://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.13/jquery.mousewheel.min.js https://embed.tawk.to/ *.google-analytics.com connect.facebook.net https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://kendo.cdn.telerik.com/; connect-src *; img-src 'self' https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ web.facebook.com www.facebook.com maps.googleapis.com *.google-analytics.com https://maps.gstatic.com/mapfiles/ https://core.subwaycostarica.com/ecommerce/Images/Upload/ https://www.subwaycostarica.com/ResourcePackages/ https://azcore.subwaycostarica.com/ecommerce/Images/Upload/ https://www.googletagmanager.com/ data: blob:; font-src 'self' fonts.gstatic.com https://embed.tawk.to/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://embed.tawk.to/ www.google.com; frame-src 'self' https://www.google.com/; base-uri 'self'; form-action 'self' https://credomatic.compassmerchantsolutions.com/ https://www.facebook.com/tr/; media-src 'self' data: blob:; child-src 'self'; https://www.google.com/ https://maps.google.com/ https://www.facebook.com/; object-src 'self'; 1
script-src 'nonce-aWdWpd72QeBxsoiVYGbp6w==' 'self' mc.webvisor.com mc.webvisor.org an.yandex.ru yastatic.net storage.mds.yandex.net 'unsafe-eval' 'unsafe-inline' *.analytics.google.com analytics.google.com www.google-analytics.com *.doubleclick.net fundingchoicesmessages.google.com *.hippoobox.com sdk.crazygames.com *.yandex.com *.yandex.net http://*.yandex.net *.yandex.ru ya.ru yandex.com yandex.ru yandex.st yastat.net *.yandex.ru yandex.ru; style-src 'unsafe-inline' yastatic.net 'self' 'unsafe-eval' yandex.st yastat.net *.yandex.net; img-src data: *.games.s3.yandex.net blob: 'self' mc.webvisor.com mc.webvisor.org mc.admetrica.ru android-webview-video-poster: avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru yastat.net avatars.mds.yandex.net mc.yandex.ru *.tns-counter.ru *.verify.yandex.ru verify.yandex.ru ads.adfox.ru bs.serving-sys.com bs.serving-sys.ru ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr wcm.weborama-tech.ru ad.doubleclick.net rgi.io track.rutarget.ru ssl.hurra.com amc.yandex.ru gdeby.hit.gemius.pl tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru *.cpmstar.com cookie.lmgssp.com *.analytics.google.com analytics.google.com www.google-analytics.com *.doubleclick.net fundingchoicesmessages.google.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru yandex.com yandex.ru yandex.st yastatic.net *.yandex.ru; connect-src 'self' blob: yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.admetrica.ru http://127.0.0.1:29009 http://127.0.0.1:30102 yandexmetrica.com:29010 yandexmetrica.com:30103 mc.yandex.md an.yandex.ru strm.yandex.ru *.strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru tps.doubleverify.com pixel.adsafeprotected.com amc.yandex.ru ad.360yield.com balancer.lmgssp.com cpm.programattik.com server.cpmstar.com *.analytics.google.com analytics.google.com www.google-analytics.com *.doubleclick.net fundingchoicesmessages.google.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru ya.ru yandex.com http://*.yandex.net *.yandex.ru yandex.ru api.passport.yandex.ru yandexgames:; worker-src 'self' blob:; child-src 'self' blob: mc.yandex.ru; frame-src 'self' blob: mc.yandex.md data: yastatic.net *.lmgssp.com *.doubleclick.net https://secure.xsolla.com *.ya.ru *.yandex.com *.yandex.net *.yandex.ru *.yandexadexchange.net ya.ru yandex.ru yandexadexchange.net yastat.net *.yandex.ru yandex.ru; report-to default-group; manifest-src 'self' yandex.com; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com 'self' yastatic.net zenadservices.net *.ya.ru *.yandex.ru ya.ru yandex.ru; font-src yastatic.net 'self' data: cdn.megabonus.com an.yandex.ru yastat.net; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yastat.net data: blob: *.yandex.ru ya.ru yandex.ru yandex.st yastatic.net yandex.ru; default-src 'none'; report-uri https://csp.yandex.net/csp?yandexuid=5481513051715652753&from=games-catalog&project=games&slots=914391%2C0%2C-1%3B804273%2C0%2C-1%3B922794%2C0%2C-1%3B930288%2C0%2C-1%3B985371%2C0%2C-1%3B1015154%2C0%2C-1%3B1005388%2C0%2C21%3B697940%2C0%2C79%3B485537%2C0%2C3%3B805197%2C0%2C49%3B1010038%2C0%2C36; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-Y2JmODAyY2QwY2ZmNGMxNDk3ODI5ZDY4OWY4MTdkYmM=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.rijksoverheid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self' danq.me *.danq.me *.wp.com public-api.wordpress.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' danq.me *.danq.me *.wp.com; style-src 'self' 'unsafe-inline' *.wp.com; img-src * 'self' data: *.wp.com; font-src 'self' data:; frame-src 'self' danq.me *.danq.me www.youtube-nocookie.com w.soundcloud.com embed.ted.com *.wp.com videopress.com map.geohashing.site; worker-src 'self' danq.me; report-uri https://danq.report-uri.com/r/d/csp/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://diaspodon.fr; img-src 'self' https: data: blob: https://diaspodon.fr; style-src 'self' https://diaspodon.fr 'nonce-Pe3t5Xe57FdjagpTdlKyqA=='; media-src 'self' https: data: https://diaspodon.fr; frame-src 'self' https:; manifest-src 'self' https://diaspodon.fr; form-action 'self'; child-src 'self' blob: https://diaspodon.fr; worker-src 'self' blob: https://diaspodon.fr; connect-src 'self' data: blob: https://diaspodon.fr https://diaspodon.fr wss://diaspodon.fr; script-src 'self' https://diaspodon.fr 'wasm-unsafe-eval' 1
font-src *.adobe.com *.bootstrapcdn.com *.fontawesome.com https://fonts.gstatic.com *.assets.adobedtm.com *.addtoany.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com https://via.pagosbanorte.com/ https://via.banorte.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com https://via.banorte.com/ https://mcstaging.mueblesplacencia.com/ https://mueblesplacencia.com/ eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com www.google.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://via.banorte.com/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com maps.gstatic.com maps.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.bootstrapcdn.com *.fontawesome.com *.assets.adobedtm.com eu-gateway.mastercard.com ap-gateway.mastercard.com na-gateway.mastercard.com *.gateway.mastercard.com http://dpm.demdex.net *.googleapis.com *.addtoany.com https://assets.pinterest.com/js/* *.cloudflare.com *.twitter.com *.google-analytics.com *.google.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu js-agent.newrelic.com https://js-agent.newrelic.com/lazy-loader.67423d16-1.231.0.min.js https://static.hotjar.com https://static.hotjar.com/* https://js-agent.newrelic.com/async-api.8f89c105-1.231.0.min.js https://code.jquery.com/jquery-3.6.1.min.js https://via.banorte.com/ www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com s.pinimg.com player.vimeo.com maps.googleapis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.bootstrapcdn.com *.fontawesome.com https://fonts.googleapis.com *.assets.adobedtm.com *.googleapis.com *.addtoany.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.us-east-1.amazonaws.com/prod/log https://writer.cardinalcommerce.com/prod/log www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com pinterest.com www.pinterest.com ct.pinterest.com maps.googleapis.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://via.banorte.com/secure3d/ 'self' 'unsafe-inline'; 1
default-src 'self' data: geochang.go.kr *.geochang.go.kr; connect-src 'self' http: https:; frame-src 'self' geochang.go.kr *.geochang.go.kr eminwon.geochang.go.kr www.google.com accounts.google.com youtube.com www.youtube.com www.data.go.kr www.epeople.go.kr www.g2b.go.kr:8101 www.g2b.go.kr:8341 newsky2.kma.go.kr openapi.airkorea.or.kr postcode.map.daum.net payment-gateway.tosspayments.com xpay.uplus.co.kr *.naver.com *.iacts.co.kr; style-src 'self' cdn.rawgit.com fonts.googleapis.com t1.daumcdn.net *.daumcdn.net cdnjs.cloudflare.com cdn.jsdelivr.net 'unsafe-inline'; img-src 'self' *.geochang.go.kr *.googleapis.com *.gstatic.com *.google-analytics.com *.google.com *.google.co.kr *.googletagmanager.com *.daumcdn.net *.kakao.com wcs.naver.com *.map.naver.com i.ytimg.com scontent-nrt1-1.cdninstagram.com www.gccf.or.kr 'unsafe-inline'; script-src 'self' spi.maps.daum.net s1.daumcdn.net t1.daumcdn.net ssl.daumcdn.net dmaps.daum.net www.google-analytics.com apis.google.com www.google.com www.gstatic.com www.googletagmanager.com maps.googleapis.com api.rss2json.com code.jquery.com youtube.com www.youtube.com graph.facebook.com dapi.kakao.com cdn.jsdelivr.net wcs.naver.net js.tosspayments.com xpay.uplus.co.kr scontent-nrt1-1.cdninstagram.com developers.kakao.com t1.kakaocdn.net *.naver.com *.iacts.co.kr d-collect.jennifersoft.com 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com kit.fontawesome.com cdn.jsdelivr.net ka-f.fontawesome.com fonts.gstatic.com cdn.rawgit.com; object-src 'none'; 1
default-src 'self'; connect-src 'self' https://api.stripe.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://api.maptiler.com *.sentry.io; frame-src https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https://*.openstreetmap.org *.google-analytics.com *.googletagmanager.com https://api.maptiler.com https://*.tiles.virtualearth.net ; script-src 'self' https://polyfill.io/v3/polyfill.min.js https://*.virtualearth.net https://js.stripe.com *.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; base-uri 'none'; form-action 'self'; frame-ancestors 'none'; report-uri https://o130063.ingest.sentry.io/api/5212905/security/?sentry_key=026cfa5e26e24b0abb114f70a0d30e64 1
font-src fonts.gstatic.com use.typekit.net *.googleapis.com *.gstatic.com data: *.fontawesome.com https://fonts.gstatic.com/ https://fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * testsecureacceptance.cybersource.com secureacceptance.cybersource.com 0merchantacsstag.cardinalcommerce.com merchantacs.cardinalcommerce.com *.azul.com.do https://authentication.cardinalcommerce.com/ https://songbird.cardinalcommerce.com/ 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.online-metrix.net testflex.cybersource.com flex.cybersource.com testsecureacceptance.cybersource.com secureacceptance.cybersource.com sandbox.secure.checkout.visa.com secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com merchantacs.cardinalcommerce.com 0merchantacsstag.cardinalcommerce.com *.onesignal.com https://aliss.os.tc/  https://aliss-test.os.tc/ https://*.cardinalcommerce.com/ *.userway.org 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com p.typekit.net *.ftcdn.net *.behance.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com www.gstatic.com sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com *.cdninstagram.com *.fbcdn.net *.onesignal.com https://img.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://*.cardinalcommerce.com/ https://cdn.jsdelivr.net https://purecatamphetamine.github.io *.userway.org data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com amcglobal.sc.omtrdc.net *.magento-ds.com use.typekit.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.online-metrix.net testflex.cybersource.com flex.cybersource.com x.klarnacdn.net sandbox.secure.checkout.visa.com secure.checkout.visa.com sandbox-assets.secure.checkout.visa.com assets.secure.checkout.visa.com thm.visa.com sandbox.src.mastercard.com s7.addthis.com *.js-agent.newrelic.com *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://bam.nr-data.net/ https://*.cardinalcommerce.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net accounts.google.com connect.facebook.net *.userway.org https://assets-cdn.woowup.com https://js.pusher.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com *.fontawesome.com https://onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ https://fonts.googleapis.com https://cdn.jsdelivr.net *.userway.org 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.cdninstagram.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.snplow.net commerce.adobedc.net *.adobe.io performance.typekit.net *.sentry.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com thm.visa.com ekr.zdassets.com/ *.bam.nr-data.net https://bam.nr-data.net *.onesignal.com https://onesignal.com/ https://cdn.onesignal.com/ https://h.online-metrix.net/ *.online-metrix.net https://js-agent.newrelic.com/ https://maps.googleapis.com/ https://*.cardinalcommerce.com/ https://*.amazonaws.com/ *.facebook.com *.userway.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.onesignal.com https://cdn.onesignal.com/ https://h.online-metrix.net/ https://js-agent.newrelic.com/ https://*.cardinalcommerce.com/ *.userway.org http: https: blob: 'self' 'unsafe-inline'; default-src https://fonts.gstatic.com/ https://fonts.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri *.integration2-hohc4oi-c2g6g5sgc4xo6.us-5.magentosite.cloud https://*.cardinalcommerce.com/ 'self' 'unsafe-inline'; 1
font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.gstatic.com; 1
default-src 'self' data: 'unsafe-inline' blob: https://*.lpsnmedia.net; 		child-src 'self' 'unsafe-inline' 'unsafe-eval'; 		connect-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://*.curator.io wss://*.liveperson.net https://*.visualwebsiteoptimizer.com https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com wss://api.livechatinc.com  https://bs.serving-sys.com https://pixel.mathtag.com https://insight.adsrvr.org https://convertiumitp.lexus.com.my https://visitor-service-convertium.lexus.com.my https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; 		font-src 'self' data: https://static.lexusasia.com; 		frame-src 'self' https://*.fls.doubleclick.net https://*.google.com https://*.liveperson.net https://*.lpsnmedia.net https://tags.tiqcdn.com https://vk.com https://www.dailymotion.com https://player.vimeo.com https://www.youtube.com https://www.facebook.com https://my.matterport.com https://*.livechatinc.com app.vwo.com *.visualwebsiteoptimizer.com ; 		frame-ancestors https://www.messenger.com https://www.facebook.com; 		img-src 'self' data: https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://ad.doubleclick.net https://*.google.com https://liveperson-assets.lexusasia.com https://*.lpsnmedia.net https://curator-assets.b-cdn.net https://dam.lexusasia.com https://static.lexusasia.com https://www.facebook.com https://connect.facebook.net https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://convertiumitp.lexus.com.vn https://cdn.livechat-files.com https://cdn.chatbot.com https://*.livechatinc.com *.visualwebsiteoptimizer.com cdn.pushcrew.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat; 		media-src 'self' https://dam.lexusasia.com https://*.lpsnmedia.net https://curator-assets.b-cdn.net; 		script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.googleadservices.com https://*.liveperson.net https://*.lpsnmedia.net https://*.curator.io https://solutions.tealium.net https://tealium-tools.s3.amazonaws.com https://deploytealium.com https://*.tealiumiq.com https://tags.tiqcdn.com https://visitor-service-ap-northeast-1.tealiumiq.com https://www.facebook.com https://connect.facebook.net https://maps.googleapis.com https://www.gstatic.com https://gstatic.com https://u.heatmap.it https://static.lexusasia.com https://webservice.lexusasia.com https://ws.lexusasia.com https://www.youtube.com https://*.livechatinc.com https://*.salesforceliveagent.com wss://api.livechatinc.com  https://bs.serving-sys.com https://pixel.mathtag.com https://insight.adsrvr.org https://convertiumitp.lexus.com.my https://visitor-service-convertium.lexus.com.my *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com; 		style-src 'self' data: 'unsafe-inline' https://*.liveperson.net https://*.lpsnmedia.net https://*.curator.io https://static.lexusasia.com *.visualwebsiteoptimizer.com app.vwo.com cdn.pushcrew.com s3.amazonaws.com; 		worker-src 'self' blob:; 1
frame-ancestors 'none'; base-uri 'none'; object-src 'none'; default-src 'self' https: wss: data: blob: 'unsafe-inline' 1
default-src 'self'; block-all-mixed-content ; base-uri 'self'; object-src 'none'; script-src  'nonce-5fa97090258b462fa131a954cde094cc' 'self' 'unsafe-eval' 'unsafe-inline' https://www.clarity.ms https://flo.uri.sh/ https://view.ceros.com/ https://s-usc1a-nss-2018.firebaseio.com/ https://s-usc1a-nss-2024.firebaseio.com/ https://daisho.firebaseio.com/ https://static.landbot.io https://www.gstatic.com https://www.google.com https://st.getsitecontrol.com/ https://widgets.getsitecontrol.com https://region1.google-analytics.com/ https://tagmanager.google.com/ https://www.googletagmanager.com/ https://polyfill.io https://optimize.google.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://*.googletagmanager.com https://*.onetrust.com; img-src 'self' data: https://c.clarity.ms https://static3.avast.com/ https://translate.google.com https://ssl.google-analytics.com/ https://gjtrack.ucweb.com/ https://www.facebook.com/ https://c.bing.com/ https://www.gstatic.com/ https://c.clarity.ms/ https://mb.com.ph https://wtf2.forkcdn.com/ https://static.landbot.io https://storage.googleapis.com https://www.grantthornton.global/ https://photos.smugmug.com/ https://www.sunstar.com.ph/ https://chats.landbot.io http://s14255.pcdn.co/ http://ialaddin.genieesspv.jp/ http://bworldonline.com/ http://www.bworldonline.com/ http://mindanaotimes.net/ http://media.philstar.com/ http://www.mb.com.ph/ http://businessmirror.com.ph/ http://tribune.net.ph/ http://cdn.manilatimes.net/ http://www.malaya.com.ph/ http://cdn2-img.pressreader.com/ http://farm5.staticflickr.com/ http://business.mb.com.ph/ http://oxfordbusinessgroup.com/ http://assets.rappler.com/ http://www.gti.org/ https://ssl.gstatic.com/ https://syndication.twitter.com https://optimize.google.com https://platform.twitter.com https://pbs.twimg.com https://maps.gstatic.com https://maps.googleapis.com https://*.google-analytics.com/ https://*.analytics.google.com/ https://www.googletagmanager.com https://i.ytimg.com https://img.youtube.com https://*.googletagmanager.com https://*.onetrust.com https://www.google.com.vn; style-src 'self' 'unsafe-inline' data: https://cdn.landbot.io/ blob: https://tagmanager.google.com/ https://fonts.googleapis.com/ https://optimize.google.com https://chats.landbot.io https://platform.twitter.com https://cdnjs.cloudflare.com https://fonts.googleapis.com; font-src 'self' data: https://cdn.landbot.io/ https://static3.avast.com/ https://fonts.gstatic.com; frame-src https://s-usc1a-nss-2018.firebaseio.com/ https://flo.uri.sh/ https://view.ceros.com/ https://www.grantthornton.com.ph/ https://s-usc1a-nss-2024.firebaseio.com/ https://www.googletagmanager.com https://chats.landbot.io https://view.ceros.com https://social-plugins.line.me/ https://www.google.com/ https://platform.twitter.com https://www.youtube.com https://optimize.google.com https://w.soundcloud.com https://player.vimeo.com https://www.gstatic.com https://cdn.optimizely.com https://td.doubleclick.net; connect-src 'self' https://a.clarity.ms https://b.clarity.ms https://c.clarity.ms https://d.clarity.ms https://e.clarity.ms https://f.clarity.ms https://g.clarity.ms https://h.clarity.ms https://i.clarity.ms https://j.clarity.ms https://k.clarity.ms https://l.clarity.ms https://m.clarity.ms https://n.clarity.ms https://o.clarity.ms https://p.clarity.ms https://q.clarity.ms https://r.clarity.ms https://s.clarity.ms https://t.clarity.ms https://u.clarity.ms https://v.clarity.ms https://w.clarity.ms https://x.clarity.ms https://y.clarity.ms https://z.clarity.ms https://maps.googleapis.com/ wss://s-usc1a-nss-2018.firebaseio.com/ wss://daisho.firebaseio.com/ wss://s-usc1a-nss-2024.firebaseio.com/ https://www.googleapis.com/ https://analytics.google.com/ https://messages.landbot.io/ https://welcome.landbot.io/ https://storage.googleapis.com/ https://*.google-analytics.com/ https://*.analytics.google.com/ https://static3.avast.com/ https://gjtrack.ucweb.com/ https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://stats.g.doubleclick.net/ https://extreme-ip-lookup.com/ https://chats.landbot.io https://642-sde-924.mktoresp.com https://www.clarity.ms/ https://*.googletagmanager.com https://identitytoolkit.googleapis.com/ https://firestore.googleapis.com/ https://*.onetrust.com https://pagead2.googlesyndication.com https://www.google.com https://googleads.g.doubleclick.net;  report-uri /ContentSecurityPolicy/Report/; report-to csp-endpoint; 1
frame-src https://alcina.com https://*.alcina.com https://cdn-eu.pagesense.io https://paypal.com https://*.paypal.com https://docusign.net https://*.docusign.net https://*.youtube.com https://*.vimeo.com https://vimeo.com https://youtube.com https://*.drwolffgroup.com https://*.nervtdichdeinschwitzen.de; 1
frame-ancestors 'self' https://*.ethicasigorta.com.tr; 1
block-all-mixed-content; upgrade-insecure-requests; frame-ancestors 'self' https://myhub.premiersir.com; 1
base-uri 'self'; default-src https: wss://*.hotjar.com 'self'; font-src https://*.bootstrapcdn.com https://*.googleapis.com https://*.gstatic.com https://*.hotjar.com 'self'; form-action https://*.amazon.co.uk https://*.amazon.com https://*.payments-amazon.com https://*.sagepay.com 'self'; frame-ancestors 'self'; frame-src https: 'self'; img-src data: https: 'self'; media-src 'none'; object-src 'none'; script-src https://*.algolia.net https://*.algolianet.com https://*.amazon.co.uk https://*.amazon.com https://*.payments-amazon.com https://*.amazonaws.com https://*.facebook.com https://*.facebook.net https://*.freshdesk.com https://*.freshworks.com https://*.google.com https://*.google-analytics.com https://*.googleapis.com https://*.googlecommerce.com https://*.googletagmanager.com https://*.gstatic.com https://*.hotjar.com https://*.ideal-postcodes.co.uk https://*.jquery.com https://*.onetrust.com https://*.snapengage.com https://*.stripe.com https://*.tiny.cloud https://*.tinymce.com https://*.trustpilot.com 'self' 'unsafe-eval' 'unsafe-inline'; style-src https: 'self' 'unsafe-inline'; upgrade-insecure-requests; block-all-mixed-content; report-uri https://dhsspares.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://www.tapestrymarket.com; 1
frame-ancestors *.screenhubb.com 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-vk/rBHx0naVm7P8Drf8VSw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://muenster.im; img-src 'self' https: data: blob: https://muenster.im; style-src 'self' https://muenster.im 'nonce-H+IqnptfImasKG5NQ3IpbQ=='; media-src 'self' https: data: https://muenster.im; frame-src 'self' https:; manifest-src 'self' https://muenster.im; form-action 'self'; child-src 'self' blob: https://muenster.im; worker-src 'self' blob: https://muenster.im; connect-src 'self' data: blob: https://muenster.im https://muenster.im wss://muenster.im; script-src 'self' https://muenster.im 'wasm-unsafe-eval' 1
default-src 'self'; connect-src 'self' https://api.ready.mobi; font-src 'self'; frame-src https://api.ready.mobi; img-src 'self'; script-src 'self' 'unsafe-inline' https://www.google-analytics.com; style-src 'self' 'unsafe-inline' 1
base-uri 'self';frame-ancestors 'self' vivendo.co *.vivendo.co 1
default-src * data:; script-src * 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline'; img-src * data: 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'unsafe-dynamic'; frame-ancestors 'none'; font-src * 'self' data: https://fonts.gstatic.com; script-src * data: blob: 'unsafe-inline' 'unsafe-eval' https://plugins.flockler.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ https://www.googleadservices.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.googletagmanager.com; style-src * 'self' 'unsafe-inline' https://fonts.googleapis.com https://sdk.privacy-center.org/ https://api.privacy-center.org/ 1
frame-ancestors 'self' https://mycollection.stanleygibbons.com/ 1
form-action https:; upgrade-insecure-requests 1
script-src https: 'unsafe-inline' 'unsafe-eval'; worker-src blob: 'self' 1
frame-ancestors 'self'; report-uri https://www.seattlesbest.com/report-uri/enforce 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; 1
frame-ancestors bnpb.go.id 1
frame-ancestors *.speedtest.net:* localhost 1
default-src 'none' ; style-src 'self' 'sha256-Avl+ScT4jGeaW8pHTDv8KcMb1I0qxEWb3YqO3l3VQ2g='; object-src 'self'; script-src 'self' https://feedback-ws.guichet-entreprises.fr; form-action 'self'; base-uri 'self'; connect-src 'self'; img-src 'self'; font-src 'self'; frame-ancestors 'none' 1
frame-ancestors https://*.dsw.nl https://*.dsw.lan 1
content-src 'self'; 1
frame-ancestors 'self' powerapps.com *.powerapps.com *.azureedge.net *.windows.net 1
frame-ancestors 'self' https://ryzeo.com; 1
frame-ancestors 'self' *.egovcdn.com 1
default-src 'none'; img-src 'self' 1
default-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com https://stats.g.doubleclick.net https://www.facebook.com https://adservice.google.com https://www.google.com; base-uri 'self'; connect-src 'self' https://adservice.google.com https://www.google.com data: https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://translate.google.com; font-src 'self' https://*.hotjar.com https://fonts.gstatic.com https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com; form-action 'self' https://www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com; frame-ancestors 'self'  https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com https://*.kaingaora-kiosk.co.nz; frame-src 'self' blob: https://*.hotjar.com https://staticcdn.co.nz https://www.google.com https://*.doubleclick.net https://player.vimeo.com https://www.youtube.com https://app.powerbi.com https://www.facebook.com https://bid.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com https://vimeo.com; img-src 'self' https://staticcdn.co.nz https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com https://*.doubleclick.net https://googleads.g.doubleclick.net https://www.google.com https://www.google.co.nz https://*.outbrain.com https://www.facebook.com https://connect.facebook.net https://i.ytimg.com https://i.vimeocdn.com https://www.gstatic.com https://adservice.google.com https://*.hotjar.com data:; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.hotjar.com https://code.jquery.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://*.google-analytics.com https://*.googletagmanager.com https://www.gstatic.com https://*.outbrain.com https://connect.facebook.net https://www.youtube.com https://s.ytimg.com https://www.vimeo.com https://vimeo.com https://ssl.google-analytics.com https://translate.google.com; style-src 'self' 'unsafe-inline' https://*.hotjar.com https://fonts.googleapis.com https://*.google-analytics.com https://*.googletagmanager.com https://translate.google.com; block-all-mixed-content 1
frame-ancestors 'self' http://teams.microsoft.com https://teams.microsoft.com http://authsvc.teams.microsoft.com https://authsvc.teams.microsoft.com http://chatsvcagg.teams.microsoft.com https://chatsvcagg.teams.microsoft.com http://dev.teams.microsoft.com https://dev.teams.microsoft.com http://msg.teams.microsoft.com https://msg.teams.microsoft.com http://noam.presence.teams.microsoft.com https://noam.presence.teams.microsoft.com http://notifications.teams.microsoft.com https://notifications.teams.microsoft.com http://presence.teams.microsoft.com https://presence.teams.microsoft.com http://uis.teams.microsoft.com https://uis.teams.microsoft.com; 1
base-uri 'self';connect-src 'self' ka-f.fontawesome.com www.google-analytics.com stats.g.doubleclick.net;default-src 'self' ka-f.fontawesome.com www.google.com cdn.linearicons.com fonts.gstatic.com www.youtube.com;form-action 'self';img-src 'self' www.google-analytics.com sltda.gov.lk sltda-web-uat.arimac.digital;media-src 'self';object-src 'none';script-src 'self' kit.fontawesome.com ajax.googleapis.com rawgit.com code.jquery.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com 'unsafe-eval' 'unsafe-inline';style-src 'self' cdn.linearicons.com fonts.googleapis.com rawgit.com code.jquery.com 'unsafe-inline' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src 'nonce-wR49b83jIJFMFDPnaJh8FhNXs' 'strict-dynamic' 'report-sample'; report-uri https://troypointinsider.com/csp_reports; frame-ancestors 'self'; manifest-src 'self' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.at https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.at; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.at https://m.myprotein.at https://checkout.myprotein.at https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://*.google-analytics.com https://google.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.at; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'nonce-6642bf4006fa0' https://fonts.gstatic.com 1
script-src * 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:;object-src * 'self' https:; frame-ancestors * 'self' https:; 1
default-src 'self' https://127.0.0.1:* wss://127.0.0.1:*/ https://localhost:* ws://localhost:*;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://player.vimeo.com https://localhost:*;object-src 'self';style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;img-src 'self' https://127.0.0.1:* data:;frame-src 'self' https://player.vimeo.com;font-src 'self' https://127.0.0.1:* https://fonts.gstatic.com data:;connect-src 'self' https://127.0.0.1:* wss://127.0.0.1:*/ https://localhost:* ws://localhost:*;base-uri 'self';form-action 'self';frame-ancestors 'self' 1
object-src *.calgary.ca:*; frame-ancestors *.calgary.ca:* *.coc.ca thecityofcalgary.maps.arcgis.com 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * blob: data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.norengros.getadigital.cloud https://*.norengros.no https://*.google-analytics.com https://*.googletagmanager.com https://*.youtube.com https://*.vimeocdn.com https://*.vimeo.com https://*.hotjar.com https://*.visualwebsiteoptimizer.com https://*.tawk.to https://*.jsdelivr.net https://*.mapbox.com https://*.matomo.cloud; style-src 'self' 'unsafe-inline' https://*.norengros.getadigital.cloud https://*.norengros.no https://*.googleapis.com https://*.mapbox.com https://*.typekit.net https://*.tawk.to; img-src 'self' data: https://*.norengros.getadigital.cloud https://*.norengros.no https://*.ytimg.com https://*.vimeocdn.com https://*.google-analytics.com https://*.sanity.io https://*.tawk.to; font-src 'self' data: https://*.norengros.getadigital.cloud https://*.norengros.no https://*.gstatic.com https://*.typekit.net https://*.tawk.to; connect-src 'self' https://*.norengros.getadigital.cloud https://*.norengros.no https://*.google-analytics.com https://vimeo.com https://*.mapbox.com https://*.sanity.io https://*.algolia.net https://*.algolia.io https://*.algolianet.com https://*.tawk.to wss://*.tawk.to https://*.matomo.cloud https://*.googleapis.com; base-uri 'self'; frame-ancestors 'self' https://*.norengros.getadigital.cloud https://*.norengros.no https://*.omnium.no https://*.felles.firma.no:8200 https://*.felles.firma.no:8080 https://*.cloudservices.no https://*.ariba.com https://punchoutcommerce.com; frame-src 'self' https://*.youtube.com https://*.vimeo.com https://*.hotjar.com https://*.issuu.com https://punchoutcommerce.com https://app.ecoonline.com https://*.architonic.com; form-action * data: blob: 'unsafe-inline'; manifest-src 'self'; media-src 'self' https://*.youtube.com; object-src 'self'; child-src 'self'; worker-src 'self' blob:; 1
report-uri https://apps.netbit.com.br/csp-report/parser.php;       default-src 'self';       base-uri 'self';       connect-src 'self' https://www.google-analytics.com;       font-src 'self' https://cdnjs.cloudflare.com;       form-action 'self';       frame-ancestors 'self';       frame-src 'self' https://challenges.cloudflare.com https://www.google.com;       img-src 'self' data: https://cdnjs.cloudflare.com;       media-src 'self';       script-src 'report-sample' 'unsafe-inline' 'self' https://cdnjs.cloudflare.com/ https://challenges.cloudflare.com/ https://www.google-analytics.com/ https://www.google.com/ https://www.gstatic.com/ https://*.googletagmanager.com;       style-src 'report-sample' 'unsafe-inline' 'self' https://cdnjs.cloudflare.com;       object-src 'none'; manifest-src 'self'; worker-src 'none'; 1
default-src 'none'; media-src 'self'; connect-src 'self' *.rekai.se/ https://svanalytics.containers.piwik.pro/ https://svanalytics.piwik.pro/; img-src 'self' data: https://bolle.sporthallen.nu/ https://im11.inviewer.se/; base-uri 'self'; form-action 'self' https://bollnas.uc.standout.se/; font-src 'self'; frame-src 'self' https://bollnas.varbi.com https://play.mediaflowpro.com https://www.temperatur.nu https://bollnas.uc.standout.se/; frame-ancestors 'self' https://mediaflow.com/sv-SE/; script-src-elem 'unsafe-eval' 'self' 'unsafe-inline' https://static.rekai.se/ https://svanalytics.containers.piwik.pro/; script-src-attr 'self' 'unsafe-inline'; script-src 'unsafe-eval'; style-src 'self' 'unsafe-inline'; 1
default-src 'none'; block-all-mixed-content; script-src 'self' vimeo.com www.googletagmanager.com 'sha256-dnrBbfBeAHejZKU3WHnJyTCKO/sHwHFJXAogExZmFkE='; script-src-elem 'self' 'sha256-VVprJ7SpNifcwga2AZwyS5cTEwNF0xfuAU2O+SZVeZQ=' 'sha256-ka3xBp9kPEdafj6sE97HFhpJY8ZN+Aj6Fv/z1KyWvBQ=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' www.googletagmanager.com cdn.cookielaw.org www.google-analytics.com; style-src 'self' 'unsafe-inline'; img-src 'self' i.vimeocdn.com cdn.cookielaw.org; font-src 'self' fonts.gstatic.com; manifest-src 'self'; connect-src 'self' immunity-twitter.herokuapp.com cdn.cookielaw.org geolocation.onetrust.com www.google-analytics.com 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-HQ4r01f7qGEiG8UIczumoLFxNUsvPb2wDeoNk7QFiG1PbbUG' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://www.google.com.sg/ads/ https://tr.line.me/ https://www.facebook.com/tr/ https://www.google-analytics.com https://www.google.com/ads/ https://stats.g.doubleclick.net https://cm.g.doubleclick.net https://www.google.co.th/ https://ssl.google-analytics.com https://*.onetrust.com/ https://www.google.com/ https://www.google.com.sg/; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.google.com https://*.google.<TLD> https://api.amplitude.com/ https://browser-http-intake.logs.datadoghq.com wss://*.hotjar.com https://*.hotjar.com:* https://sentry.hotjar.com https://vc.hotjar.io https://*.onetrust.com https://www.facebook.com/; font-src 'self' data: https://script.hotjar.com; worker-src 'self' 'unsafe-inline'; frame-src https://www.facebook.com/ https://connect.facebook.net/ https://www.google.com/recaptcha/ https://www.youtube.com https://vars.hotjar.com/ https://insight.adsrvr.org/ https://bid.g.doubleclick.net/; script-src 'self' 'self' 'unsafe-inline' 'unsafe-eval' js.adsrvr.org tr.line.me d.line-scdn.net d.line-cdn.net connect.facebook.net *.google-analytics.com/analytics.js *.datadoghq-browser-agent.com *.hotjar.com *.onetrust.com *.googleadservices.com/pagead/conversion_async.js *.googletagmanager.com/gtag/js *.doubleclick.net:* *.google.com:* *.gstatic.com:* https://www.googletagmanager.com; object-src 'none'; report-uri /report-csp-violations 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval'; frame-src 'self' https://www.trustedsite.com/; connect-src 'self' https://graphql.contentful.com https://cdn.ywxi.net https://vercel.live s3-us-west-2.amazonaws.com trustedsite.com https://rum-collector-2.pingdom.net; style-src 'self' 'unsafe-inline'; img-src 'self' https://images.ctfassets.net data: https://cdn.ywxi.net; script-src 'self' https://cdn.ywxi.net 'unsafe-eval' https://vercel.live s3-us-west-2.amazonaws.com trustedsite.com https://rum-static.pingdom.net 1
base-uri 'none'; font-src 'self' https: data:; form-action 'self'; frame-ancestors https://app.storyblok.com; img-src 'self' data: https:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'strict-dynamic' 'nonce-gHUYRfrk/Ch0eG+QFdBq/Q=='; 1
frame-ancestors https://*.facebook.com http://*.facebook.com 1
base-uri; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://paragonie.com https://maxcdn.bootstrapcdn.com https://stats.g.doubleclick.net https://www.google-analytics.com data:; media-src 'none'; object-src 'none'; script-src 'self' https://cdn.mathjax.org https://oss.maxcdn.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://code.jquery.com https://ajax.googleapis.com https://www.google-analytics.com https://paragonie.com paragonie.com 'sha384-dxxWaTrUP7CVAQSJSlq8y30xnLv+kbg0q/esjcstpj7BeSQcTR1kyuzuU8NtP0Qd' 'nonce-eq1UH/IHC8iFYZk4J+9Wdnkf' 'nonce-SjKbwzKYxhrH7DXAMaYlL8mY' 'nonce-neW+Ei2qyc3/dYb3YoLghH3r' 'nonce-tFSgJzpeM/E/pkV0oo0HMty3' 'nonce-pnDANUU6WfLH4IRwaVift4Dr' 'nonce-KOv7WfSJh9kTBDbNxnkSYYZ0' 'nonce-6OgA5U/UEMHstfd2F5k9j9VW' 'unsafe-eval' data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://use.fontawesome.com https://fonts.googleapis.com 'unsafe-inline'; report-uri https://f038192cab4afafaacee34d22ed2e1dd.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests 1
policy-uri /'none' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://cdn.jsdelivr.net; style-src 'self' data: 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.teamxlink.co.uk https://cdn.teamxlink.co.uk https://pbs.twimg.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' https://discordapp.com https://discord.com; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net 1
script-src 'self' *.googletagmanager.com 'unsafe-eval' *.analytics.google.com *.google-analytics.com stadtmuseum-berlin.matomo.cloud; connect-src 'self' *.algolia.net *.analytics.google.com *.google-analytics.com stats.g.doubleclick.net stadtmuseum-berlin.matomo.cloud; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://atal.pl/ https://*.atal.pl/ https://googletagmanager.com https://*.googletagmanager.com; img-src 'self' data: https://atal.pl/ https://*.atal.pl/; object-src 'self' data: https://atal.pl/ https://*.atal.pl/ https://resimo.io/ https://*.resimo.io/; frame-src 'self' data: https://atal.pl/ https://*.atal.pl/ https://resimo.io/ https://*.resimo.io/; 1
script-src 'unsafe-inline' http: https: www.bouwkampioen.be:443 *.newrelic.com *.nr-data.net; style-src 'self' blob: https: 'unsafe-inline' www.bouwkampioen.be:443; img-src data: http: https:; object-src 'self' data: http: https:; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com; frame-src *.doubleclick.net assets.braintreegateway.com *.youtube.com *.kiyoh.com *.youtu.be *.vimeo.com widget.trustpilot.com *.google.com disqus.com eucs24.ksearchnet.com zendesk.com *.zendesk.com mailerlite.com *.cybersource.com notfound-static.fwebservices.be *.cookiebot.com *.adyen.com *.bouwkampioen.be; connect-src wss: http: https: bam-cell.nr-data.net; 1
frame-ancestors 'self' https://www.topcc.ch; 1
default-src https: 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval';              img-src 'self' data: www.googletagmanager.com via.placeholder.com cloudfront.net *.cloudfront.net hsforms.com *.hsforms.com sitesearch360.com *.sitesearch360.com hubspot.com *.hubspot.com google.com *.google.com *.google-analytics.com bugherd.com *.bugherd.com *.s3.amazonaws.com;              script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' js.hscollectedforms.net gstatic.com *.gstatic.com google.com *.google.com bugsnag.com *.bugsnag.com cloudfront.net *.cloudfront.net bugherd.com *.bugherd.com pusher.com *.pusher.com pusherapp.com *.pusherapp.com *.s3.amazonaws.com sproutvideo.com *.sproutvideo.com cpwebassets.codepen.io code.jquery.com hsforms.net *.hsforms.net hsforms.com *.hsforms.com cdn.jsdelivr.net cdnjs.cloudflare.com stackpath.bootstrapcdn.com sitesearch360.com *.sitesearch360.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net api.hubapi.com fontawesome.com *.fontawesome.com fonts.googleapis.com www.w3.org hubspot.com *.hubspot.com googleads.g.doubleclick.net forms.hsforms.com cms.analytics.yahoo.com www.googletagmanager.com www.googleadservices.com code.highcharts.com newton.newtonsoftware.com recruitingbypaycor.com www.google-analytics.com;               style-src https: 'self' 'unsafe-hashes' 'unsafe-inline' fonts.googleapis.com;               frame-src https: 'self' *.hs-sites.com recruitingbypaycor.com recruitingbypaycor.com c.sharethis.mgr.consensu.org; 1
upgrade-insecure-requests; connect-src 'self' https:; default-src 'self' data: *.w.org *.sharespine.com *.shopify.com *.licdn.com https://celladapta.com *.celladapta.com *.ucs.se *.openstreetmap.org https://ucs.ar2.se https://cv.ucs.se https://maps.gstatic.com https://maps.googleapis.com https://www.facebook.com https://tr-rc.lfeeder.com https://secure.gravatar.com https://fonts.googleapis.com  https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://www.google.com https://www.youtube.com/iframe_api https://www.gstatic.com https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se; font-src 'self' data: https://cdn.jsdelivr.net *.fontawesome.com https://fonts.googleapis.com  https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://www.google.com https://www.youtube.com/iframe_api https://www.gstatic.com https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se; script-src 'self' unsafe-inline 'unsafe-inline' 'unsafe-eval' 'unsafe-hashes' https://connect.facebook.net https://matomo.mindbite.cloud https://sc.lfeeder.com https://fonts.googleapis.com  https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://www.google.com https://www.youtube.com/iframe_api https://www.gstatic.com https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se; script-src-attr 'self' 'unsafe-hashes' 'unsafe-inline' https://fonts.googleapis.com  https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://www.google.com https://www.youtube.com/iframe_api https://www.gstatic.com https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se; script-src-elem 'self' *.ucs.se *.googleapis.com https://cdnjs.cloudflare.com https://player.vimeo.com https://maps.googleapis.com https://kit.fontawesome.com https://connect.facebook.net https://matomo.mindbite.cloud https://sc.lfeeder.com https://fonts.googleapis.com  https://www.googletagmanager.com https://fonts.gstatic.com https://www.google-analytics.com https://www.google.com https://www.youtube.com/iframe_api https://www.gstatic.com https://www.youtube.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.se 'unsafe-inline'; style-src https: 'unsafe-inline'; 1
frame-ancestors 'self' https://*.toyota.si https://*.yandex.com https://*.yandex.tld https://*.yandex.net https://*.yandex.com.tr https://*.yandex.ru https://*.yandex.by https://webvisor.com https://lexus-dxp.dobit.com https://lexustest.dobit.com http://localhost:88; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' * tag.wknd.ai assets.bounceexchange.com api.bounceexchange.com dev.bounceexchange.com dash-staging.bounceexchange.com https://cdn.gbqofs.com/ https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.youtube.com;  style-src * 'self' 'unsafe-inline' assets.bounceexchange.com;  img-src * 'self' blob: data: assets.bounceexchange.com events.bouncex.net;  font-src * 'self' data: assets.bounceexchange.com;   child-src assets.bounceexchange.com;   worker-src * 'self' blob: assets.bounceexchange.com;   frame-src * 'self' assets.bounceexchange.com dash-staging.bounceexchange.com;  form-action * 'self' api.bounceexchange.com dev.bounceexchange.com;  connect-src * 'self' events.bouncex.net coupons.bounceexchange.com *.cdnwidget.com *.cdnbasket.net; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.btps.co.uk btps.co.uk player.vimeo.com api.addressy.com *.google.co.uk *.google.com *.g.doubleclick.net *.googletagmanager.com apikeys.civiccomputing.com cc.cdn.civiccomputing.com *.google-analytics.com ajax.googleapis.com fonts.googleapis.com i.s-microsoft.com  fonts.gstatic.com www.gstatic.com online.swagger.io services.postcodeanywhere.co.uk; frame-ancestors 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.quipugroup.net *.googleapis.com apis.google.com *.browsealoud.com *.googletagmanager.com translate.google.com *.gstatic.com ask.fvrl.org *.libanswers.com api.flickr.com *.google-analytics.com cdn.jsdelivr.net *.google.com/recaptcha/api.js unpkg.com; frame-src 'self' flickrembed.com *.google.com *.googleapis.com; child-src 'self' flickrembed.com *.google.com *.googleapis.com; report-uri /report-csp-violation 1
default-src 'self'; script-src https://cdn.leadinfo.net https://collector.leadinfo.net 'self' 'unsafe-inline' www.google.com www.gstatic.com; style-src 'self' fonts.googleapis.com https://cdn.leadinfo.net 'unsafe-inline'; img-src https://collector.leadinfo.net 'self' https://cdn.leadinfo.net; font-src 'self' fonts.gstatic.com https://cdn.leadinfo.net; frame-src 'self' https://www.google.com; connect-src https://api.leadinfo.com https://collector.leadinfo.net http://contact.creds.nl; frame-ancestors 'none'; script-src-elem https://cdn.leadinfo.net 'unsafe-inline' https://www.google.com https://www.gstatic.com 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com *.zopim.com *.fontawesome.com data: static.oct8ne.com sw-assets.ekomiapps.de maxcdn.bootstrapcdn.com www.jabonariumshop.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.salesmanagoconversions.com sis.redsys.es www.jabonariumshop.com 'self' 'unsafe-inline'; frame-ancestors www.jabonariumshop.com 'self'; frame-src fast.amc.demdex.net secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://static.addtoany.com/ *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net www.facebook.com cdn.dnky.co *.youtube.com *.hotjar.com *.facebook.com *.trustpilot.com *.criteo.com connect.facebook.net graph.facebook.com business.facebook.com https://extranet.gls-spain.es/ *.trbo.com www.youtube.com 1-vbus-de.ladesk.com collect.trbo.com backoffice.oct8ne.com app.jabonariumshop.com rktapps.reskyt.com app.reskyt.com www.salesmanago.pl www.jabonariumshop.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de 'self' data: *.google.com *.google.bg www.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.google.nl connect.onlinesucces.nl px.ads.linkedin.com stats.g.doubleclick.net *.googleapis.com *.linkedin.com gallery.mailchimp.com *.trustedshops.com *.facebook.com *.zopim.com cdn.jsdelivr.net *.jmango360.com *.datatrics.com *.smaato.net connect.facebook.net graph.facebook.com business.facebook.com *.trbo.com www.google.es jabonarium.boost.propelbon.com static.oct8ne.com sw-assets.ekomiapps.de collect.trbo.com cdn.reskyt.com app.reskyt.com static.trbo.com c.clarity.ms sis.redsys.es jabonariumshop.com www.xevitools.com www.jabonariumshop.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com www.youtube.com https://static.addtoany.com/ *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.google.bg *.googletagmanager.com www.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com cdn.doofinder.com *.paypal.com *.googleapis.com *.googleadservices.com cdn.dnky.co api.comapi.com *.trackedlink.net snap.licdn.com chimpstatic.com checkout.buckaroo.nl *.adyen.com *.zopim.com *.hotjar.com *.zdassets.com *.sendcloud.sc *.mailchimp.com *.trustedshops.com *.fontawesome.com *.feedbackcompany.com *.trustpilot.com *.newrelic.com *.nr-data.net cdn.jsdelivr.net *.googleoptimize.com *.clarity.ms *.datatrics.com *.criteo.net *.criteo.com *.youtube.com cdn.mouseflow.com connect.facebook.net graph.facebook.com business.facebook.com *.trbo.com *.avada.io jabonarium.ladesk.com cdn.cookie-script.com static.oct8ne.com static.trbo.com api-v4.trbo.com sw-assets.ekomiapps.de smart-widget-assets.ekomiapps.de cdn.reskyt.com www.jabonariumshop.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.doofinder.com cdn.dnky.co checkout.buckaroo.nl *.fontawesome.com *.mailchimp.com *.trustpilot.com cdn.jsdelivr.net cdn.reskyt.com sw-assets.ekomiapps.de maxcdn.bootstrapcdn.com www.jabonariumshop.com 'self' 'unsafe-inline'; object-src www.jabonariumshop.com 'self' 'unsafe-inline'; media-src *.zopim.com www.jabonariumshop.com 'self' 'unsafe-inline'; manifest-src www.jabonariumshop.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com https://stats.addtoany.com/menu *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com www.facebook.com *.facebook.net *.google.com *.salesmanago.pl *.salesmanago.es *.salesmanago.com *.doofinder.com wss://*.doofinder.com *.paypal.com commerce.adobedc.net api.comapi.com stats.g.doubleclick.net *.zdassets.com *.hotjar.com *.hotjar.io *.zopim.com wss://*.zopim.com *.feedbackcompany.com *.zendesk.com *.nr-data.net *.clarity.ms connect.facebook.net *.datatrics.com graph.facebook.com business.facebook.com wss://*.hotjar.com *.trbo.com *.jabonariumshop.com frontal-usa.oct8ne.com www.google.es consent.cookie-script.com notifications.api.reskyt.com api.ipify.org app.reskyt.com smart-widget-assets.ekomiapps.de rktstats.reskyt.com google.com backoffice.oct8ne.com www.jabonariumshop.com administrator.oct8ne.com www.google.com 'self' 'unsafe-inline'; child-src www.jabonariumshop.com http: https: blob: 'self' 'unsafe-inline'; default-src *.salesmanago.pl *.salesmanago.es *.salesmanago.com www.jabonariumshop.com *.trbo.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri www.jabonariumshop.com 'self' 'unsafe-inline'; report-uri /csp_reporter.php; 1
default-src 'self' *.cloudinary.com https://cloudinary.com https://siebertnxt.w2.wadev.com/Portfolio/GetMonteCarloExample; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.salesforceliveagent.com https://cloudinary.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org *.cloudinary.com *.googletagmanager.com qmod.quotemedia.com unpkg.com cdnjs.cloudflare.com https://confirmsubscription.com https://js.createsend1.com *.bootstrapcdn.com code.jquery.com https://js.hsforms.net //js.hsforms.net https://js-na1.hs-scripts.com https://js.hscollectedforms.net https://js.hs-banner.com; style-src 'self' 'unsafe-inline' use.typekit.net p.typekit.net *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com *.cloudinary.com https://cloudinary.com unpkg.com *.bootstrapcdn.com *.quotemedia.com; font-src 'self' use.typekit.net fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.quotemedia.com *.cloudflare.com *.bootstrapcdn.com; img-src 'self' res.cloudinary.com placeunicorn.com via.placeholder.com *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com *.cloudinary.com https://cloudinary.com data: https://forms.hsforms.com; media-src 'self' data: blob: *.cloudinary.com; frame-src 'self' *.cloudinary.com https://cloudinary.com *.youtube.com *.google.com *.salesforce.com https://confirmsubscription.com https://www.createsend.com siebert.com https://forms.hsforms.com/; child-src 'self' blob: https://www.google.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.cloudinary.com https://cloudinary.com; connect-src 'self' *.doubleclick.net *.google-analytics.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.cloudinary.com https://cloudinary.com *.quotemedia.com *.siebertnet.com https://siebertnxt.w2.wadev.com/Portfolio/GetMonteCarloExample https://createsend.com https://forms.hsforms.com https://forms.hubspot.com https://prod-api.siebert.com https://privapi.siebert.com; object-src https://www.siebert.com/blog/wp-content/uploads/ https://siebertnxt.w2.wadev.com/Portfolio/GetMonteCarloExample; 1
frame-ancestors 'self' *.holidayemotions.com *.tawk.to/* *.3cx.gr/*; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ad4m.at *.ad4mat.net *.adscale.de *.adserver01.de *.adc-serv.net *.adform.net *.adition.com *.adfarm1.adition.com *.adnxs.com *.belboon.de *.billwerk.com *.casalemedia.com *.cookiefirst.com *.dhl.de *.df-srv.de *.doubleclick.net *.googletagmanager.com *.klarna.com *.kupona.de *.trustedshops.com *.media-dealer.de cdn.lightwidget.com *.paypalobjects.com *.pubmatic.com *.smartadserver.com *.taboola.com *.twiago.com ajax.googleapis.com maps.googleapis.com cdnjs.cloudflare.com cdn.jsdelivr.net tagmanager.google.com *.dwin1.com *.bing.com *.google-analytics.com *.facebook.net player.vimeo.com s.ytimg.com googleads.g.doubleclick.net *.youtube.com *.googleadservices.com apis.google.com *.usercentrics.eu *.yieldlab.net zenloop-website-overlay-production.s3.amazonaws.com; 1
default-src 'none'; manifest-src 'self'; script-src 'nonce-m3tL4b0+thnt2WnUJyKHpzzbBdZ28r0Z0S/61Bp0DAo=' 'sha256-NPxtanrGj3/JuYjJOsgA0mEkXCCEoEO9Sr64MVsFil8=' 'strict-dynamic' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com; img-src 'self' data: https://a.apac01.idio.episerver.net https://forms.hsforms.com https://forms-na1.hsforms.com https://jumbe.zaius.com.au https://maps.googleapis.com https://maps.gstatic.com https://p2.aprimocdn.net https://track.hubspot.com https://www.facebook.com https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://*.google.com.my https://*.google.co.in https://*.google.it https://*.google.co.jp https://*.google-analytics.com https://www.googletagmanager.com https://ad.doubleclick.net https://fonts.gstatic.com https://site1.lldxp.com https://jumbe.au1.odp.optimizely.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'self' https://a.apac01.idio.episerver.net https://analytics.google.com https://*.analytics.google.com https://*.google.com https://*.google.com.au https://*.google.co.uk https://*.google.com.sg https://*.google.com.my https://*.google.co.in https://*.google.it https://*.google.co.jp https://api.hubapi.com https://consent.api.osano.com https://dc.services.visualstudio.com https://forms.hsforms.com https://ka-p.fontawesome.com https://kit-uploads.fontawesome.com https://maps.googleapis.com https://tattle.api.osano.com https://*.google-analytics.com https://pagead2.googlesyndication.com https://*.doubleclick.net; media-src 'self' https://p2.aprimocdn.net; object-src 'none'; frame-src 'self' https://forms.hsforms.com https://www.facebook.com https://p2.aprimocdn.net https://www.google.com https://*.doubleclick.net https://map.abuzz.tech; frame-ancestors 'self'; form-action 'self' https://forms.hsforms.com https://www.facebook.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com cdn.wootric.com js-eu1.hsforms.net fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; media-src *; connect-src 'self' eligibility.wootric.eu app.wootric.eu forms-eu1.hsforms.com; frame-src 'self' view.officeapps.live.com forms-eu1.hsforms.com; img-src 'self' *.visma.com chart.googleapis.com forms-eu1.hsforms.com forms.hsforms.com data:; 1
script-src 'unsafe-inline' 'unsafe-eval' https: 1
font-src *.klarnacdn.net *.fontawesome.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.worldpay.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.klarna.com *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.twitter.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.analytics.google.com stats.g.doubleclick.net www.google.co.uk *.facebook.com *.meetanshi.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com *.cloudflare.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cloudfront.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ chimpstatic.com downloads.mailchimp.com *.list-manage.com *.onetrust.com *.klarna.com *.klarnacdn.net *.klarnaservices.com *.googletagmanager.com *.facebook.net *.avada.io *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.klarnacdn.net *.fontawesome.com unsafe-inline *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.onetrust.com *.klarnaevt.com *.analytics.google.com stats.g.doubleclick.net *.klarnacdn.net *.klarna.com *.klarnaservices.com *.google-analytics.com https://get.geojs.io *.avada.io *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.twitter.com *.twimg.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
'self' default-src data: blob: about:; script-src 'unsafe-inline' 'unsafe-eval' 'nonce-gDMuVR690mLXvfhA7pKq'; frame-src www.google.com www.gstatic.com; font-src 'self' data: fonts.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
frame-ancestors 'self' https://jionews.com https://jionewsdev1.jio.ril.com 1
object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.googletagmanager.com *.googleadservices.com *.googleapis.com *.google-analytics.com *.gstatic.com *.doubleclick.net *.facebook.net *.googlecommerce.com *.moatads.com *.paypal.com *.postcodeanywhere.co.uk *.stripe.com *.ampproject.org *.afterpay.com *.sagepay.com *.elavon.com *.vimeo.com chimpstatic.com sibautomation.com *.dekopay.com *.payments-amazon.com *.chatify.com *.pubble.io *.trustpilot.com *.webgains.io *.googleoptimize.com d16fk4ms6rqz1v.cloudfront.net *.flockr.co *.flixfacts.com *.flix360.io *.flixcar.com *.impactcdn.com *.hotjar.com *.livechatinc.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://prodcdnuaenorthamcscc.azureedge.net/ https://cfimage.moengage.com/ https://image.moengage.com/ https://www.youtube.com/ https://resources.digital-cloud-jed1.medallia.com/ https://eu-prod.oppwa.com/ https://cdnjs.cloudflare.com/ https://stats.g.doubleclick.net/ https://tr6.snapchat.com/ https://apps.mypurecloud.ie/ https://www.google-analytics.com/ https://www.googletagmanager.com/ https://sdk-01.moengage.com/ https://www.google-analytics.com/ https://analytics.tiktok.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com/ https://tr.snapchat.com/ https://tr.snapchat.com/p/ https://analytics.twitter.com/ https://t.co/ https://cnx-amc-cinemas.widget.custhelp.com/ https://www.googletagmanager.com https://static.ads-twitter.com https://sc-static.net/ https://connect.facebook.net https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://linkprotect.cudasvc.com/ https://cdn.moengage.com/webpush/ https://analytics.google.com/ https://api-cdn.mypurecloud.ie/ https://alahligatway.gateway.mastercard.com;  frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://prodcdnuaenorthamcscc.azureedge.net/ https://cfimage.moengage.com/ https://image.moengage.com/ https://www.youtube.com/ https://resources.digital-cloud-jed1.medallia.com/ https://eu-prod.oppwa.com/ https://cdnjs.cloudflare.com/ https://api-cdn.mypurecloud.ie/ https://analytics.google.com/ https://sdk-01.moengage.com/ https://www.google-analytics.com/ https://analytics.tiktok.com https://www.googleadservices.com https://td.doubleclick.net/ https://www.facebook.com/ https://tr.snapchat.com/ https://tr.snapchat.com/p/ https://analytics.twitter.com/ https://t.co/ https://cnx-amc-cinemas.widget.custhelp.com/ https://www.googletagmanager.com https://static.ads-twitter.com https://sc-static.net/ https://connect.facebook.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/  https://www.gstatic.com/recaptcha/ https://linkprotect.cudasvc.com/ https://cdn.moengage.com/webpush/ https://stats.g.doubleclick.net/ https://apps.mypurecloud.ie/  https://alahligatway.gateway.mastercard.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://prodcdnuaenorthamcscc.azureedge.net/ https://cfimage.moengage.com/ https://image.moengage.com/ https://www.youtube.com/ https://resources.digital-cloud-jed1.medallia.com/ https://eu-prod.oppwa.com/  https://cdnjs.cloudflare.com/ https://stats.g.doubleclick.net/ https://analytics.google.com/ https://sdk-01.moengage.com/ https://apps.mypurecloud.ie/ https://www.google-analytics.com/ https://www.googletagmanager.com/  https://www.google-analytics.com/ https://analytics.tiktok.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.facebook.com/ https://tr.snapchat.com/ https://tr.snapchat.com/p/ https://analytics.twitter.com/ https://t.co/ https://cnx-amc-cinemas.widget.custhelp.com/ https://www.googletagmanager.com https://static.ads-twitter.com https://sc-static.net/ https://connect.facebook.net https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://linkprotect.cudasvc.com/  https://www.gstatic.com/recaptcha/ https://cdn.moengage.com/webpush/ https://api-cdn.mypurecloud.ie/ https://tr6.snapchat.com/p https://alahligatway.gateway.mastercard.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://prodcdnuaenorthamcscc.azureedge.net/ https://cfimage.moengage.com/ https://eu-prod.oppwa.com/ https://image.moengage.com/ https://www.youtube.com/ https://cdnjs.cloudflare.com/ https://t.co/ https://analytics.twitter.com/ https://www.google.com/ https://www.google.co.in/ https://www.facebook.com/ https://www.google-analytics.com/ https://prodamcscclimages.blob.core.windows.net/ https://googleads.g.doubleclick.net/ https://connect.facebook.net/ https://www.googletagmanager.com/ https://devamcscclimages.blob.core.windows.net/ https://prodcdnuaenorthamcscc.azureedge.net/ https://apiprodv2.amccinemas.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.map.baidu.com *.baidu.com *.bdimg.com bdimg.share.baidu.com res.wx.qq.com pucha.kaipuyun.cn dcs.conac.cn webservice.coolwei.com *.gov.cn *.cnzz.com voice.yunmd.net *.govwza.cn *.cnslh.cn http://api.map.baidu.com; object-src 'self';frame-ancestors 'self'; 1
frame-ancestors 'self' acquia.lookbookhq.com acquia.docebosaas.com www.acquiaacademy.com acquia.seismic.com app.veertly.com widen--servcom.sandbox.my.site.com widen--sitepreview.na135.force.com community.widen.com acquia.atlassian.net rise.articulate.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://cms-website.shinhanfinance.com.vn 1
default-src data: blob: https: wss://*.viverse.com 'self'; script-src data: 'unsafe-inline' 'unsafe-eval' https:; style-src data: 'unsafe-inline' https:; child-src data: https: tel: blob:; frame-src data: https: tel: https://*.marketo.net https://*.marketo.com; worker-src https://*.viverse.com blob:; upgrade-insecure-requests; frame-ancestors https://*.viverse.com; 1
base-uri 'self'; child-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; frame-src 'self' https://micromain.global https://*.micromain.global https://*.firebaseio.com https://*.request.services/ data: gap:; connect-src 'self' wss://micromain-global.firebaseio.com wss://*.firebaseio.com https://*.micromain.global https://micromain.global https://translate.googleapis.com https://api.awesomeblocker.com wss://127.0.0.1 https://fonts.googleapis.com https://translate.google.com https://cdnmd.global-cache.online/ wss://127.0.0.1:*/; default-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' gap: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: fonts.gstatic.com *; img-src 'self' data: micromain.global * blob:; media-src 'self' https://*.micromain.global; script-src 'self' data: 'unsafe-inline' unsafe-hashes 'unsafe-eval' https://micromain.atlassian.net https://cdnjs.cloudflare.com https://s3-us-west-2.amazonaws.com https://micromain-global.firebaseio.com https://*.firebaseio.com * 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: 'unsafe-inline' unsafe-hashes fonts.googleapis.com * 'unsafe-inline'; frame-ancestors 'self' https://*.firebaseio.com https://micromain.global https://*.micromain.global https://*.request.services/ gap:; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=a6bR99Qia62qLhK1s7Zhd6RnJT5MzhFoIcw3J6nqiSDqL6LwIAMp2TrdyOIjlivGCwNmbAUrB80rcAjB92z4Ig%3D%3D; 1
frame-ancestors 'self' *.bite.lt *.manabite.lv manabite.lv *.exacttarget.com 1
script-src 'self' https://*.email-provider.nl https://cdn-eu.readspeaker.com https://piwik.swis.nl https://stats.pusher.com/timeline/ https://js.pusher.com/4.1/ https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com/api/ https://youtu.be https://youtube.com https://www.youtube.com https://player.vimeo.com/api/player.js https://siteimproveanalytics.com 'unsafe-eval' 'unsafe-inline' data: 'report-sample'; connect-src https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://media-eu.readspeaker.com https://vttts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://geodata.nationaalgeoregister.nl https://app.obi4wan.ai/api/ https://cloudstatic.obi4wan.com/api/ https://chatapi.obi4wan.com/api/ https://*.pusher.com/pusher/ https://sockjs-eu.pusher.com/pusher/ wss://ws-eu.pusher.com/app/ https://obipubvideo.s3.eu-central-1.amazonaws.com https://youtu.be https://youtube.com https://www.youtube.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com 'self'; form-action 'self' https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://*.global.siteimproveanalytics.io https://id.opengemeenten.nl https://users.opengemeenten.nl https://login.microsoftonline.com; frame-src 'self' blob: https://app-eu.readspeaker.com https://cdn-eu.readspeaker.com https://vttts-eu.readspeaker.com https://*.mappibyswis.nl https://*.geostart.nl https://youtu.be https://youtube.com https://www.youtube-nocookie.com https://www.youtube.com https://player.vimeo.com https://kaart.barneveld.nl; img-src 'self' https://cdn-eu.readspeaker.com https://piwik.swis.nl https://service.pdok.nl https://geodata.nationaalgeoregister.nl https://www.toegankelijkheidsverklaring.nl https://cloudstatic.obi4wan.com https://s3-eu-west-1.amazonaws.com/obipub/ https://youtube.com https://www.youtube.com https://youtu.be https://i.ytimg.com https://*.global.siteimproveanalytics.io https://siteimproveanalytics.com https://eu2.siteimprove.com https://szsurvey.siteimprove.com https://ssl.siteimprove.com data:; media-src 'self' https://cdn-eu.readspeaker.com https://youtu.be https://youtube.com https://www.youtube.com https://vimeo.com; style-src 'self' https://cdn-eu.readspeaker.com https://fonts.googleapis.com https://youtube.com https://www.youtube.com 'unsafe-inline' data: 'report-sample'; font-src 'self' https://fonts.gstatic.com data:; object-src 'self' https://youtube.com https://www.youtube.com; report-to csp; child-src 'self' blob:; default-src 'self'; frame-ancestors 'self' https://www.rkvalleienveluwerand.nl https://www.barneveld.nl/ https://www.taalhuisbarneveld.nl https://app.polly.help https://kennisbank.barneveld.nl; report-uri https://monitoring.opengemeenten.nl/api/5/security/?sentry_key=8ecd0d6b2ab6432782fe7a6a5c01c534 1
script-src 'self' cdnpt.com *.cdnpt.com *.priceres.com.mx *.priceres.com *.priceres.co *.googleapis.com *.googletagmanager.com *.onesignal.com *.google-analytics.com *.hotjar.com *.ladesk.com 'unsafe-inline' 'unsafe-eval' connect.facebook.net api.beyond-experience.com www.thehotelsnetwork.com js.hs-scripts.com services.xg4ken.com static.sojern.com snap.licdn.com svht.tradedoubler.com cdn.mouseflow.com tracker.metricool.com assets.anytrack.io cdnjs.cloudflare.com cdn.jsdelivr.net cdn.sift.com *.bing.com *.us.mouseflow.com *.googleadservices.com *.doubleclick.net 1
default-src *; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; 1
default-src *; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src 'unsafe-inline' *; 1
default-src 'self'; script-src 'strict-dynamic'; script-src-elem 'self' 'nonce-KtzZn8/F4VAZYx6neZFYo4eoR0o/r/f2SJudi6pwAug=' https://www.googleoptimize.com/ https://static.elfsight.com/ https://static-stage.elfsight.com/ https://ipinfo.io/ https://appscdn.joomla.org/webapps/ https://geolocation.onetrust.com/ https://cdn.cookielaw.org/ https://ajax.googleapis.com/ajax/libs/jquery/ https://cdn.datatables.net/ https://onesignal.com/ https://cdn.onesignal.com/ https://maps.googleapis.com/ https://s3.amazonaws.com/downloads.mailchimp.com https://www.google-analytics.com/ https://code.jquery.com/ https://connect.facebook.net https://www.googletagmanager.com/ https://pi.pardot.com/ https://cdn.pardot.com/ https://go.machadomeyer.com.br/ https://www.google.com/recaptcha/ https://www.gstatic.com/cv/ https://www.gstatic.com/recaptcha/ https://netdna.bootstrapcdn.com/ https://s3-sa-east-1.amazonaws.com/; style-src 'self' 'unsafe-inline' https://cdn.datatables.net/ https://onesignal.com/ https://fonts.googleapis.com/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ https://hello.myfonts.net/ https://netdna.bootstrapcdn.com/font-awesome/4.2.0/css/; img-src * 'self' data:; font-src 'self' data: https://fonts.gstatic.com/ https://intranetmmso.intercode.com.br/ https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://netdna.bootstrapcdn.com/ https://open.scdn.co/cdn/fonts/ https://use.typekit.net/; connect-src 'self' https://geolocation.onetrust.com/ https://privacyportal-br.onetrust.com/ https://cdn.cookielaw.org/ https://maps.googleapis.com/ https://core.service.elfsight.com/ https://static.elfsight.com/ https://storage.elfsight.com/ https://pi.pardot.com/ https://cdn.pardot.com/ https://go.machadomeyer.com.br/ https://machadomeyer.my.salesforce.com/ https://login.salesforce.com/ https://onesignal.com/ https://www.google-analytics.com/ https://stats.g.doubleclick.net/ https://s3-sa-east-1.amazonaws.com/; media-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://go.machadomeyer.com.br/ https://www.youtube.com/ https://anchor.fm/ https://open.spotify.com https://s3-sa-east-1.amazonaws.com/; worker-src 'self'; frame-ancestors 'self'; form-action 'self' https://go.machadomeyer.com.br/ https://login.microsoftonline.com/; object-src 'none'; base-uri 'self' 1
default-src 'self' *.travelcheck.de *.snowtrex.de *.snowtrex.com *.ypsilon.net *.ferienwohnung-be.de *.meine-landausfluege.de *.facebook.net fonts.gstatic.com *.ameropa.de *.google-analytics.com *.google.com planetandyou.de *.planetandyou.de ibe-staging.traffics.de ibe.traffics.de *.amadeus-leisure-it.com travelcheck.visa-gate.com *.visa-gate.com *.auswaertiges-amt.de auswaertiges-amt.de profewo.de *.profewo.de *.trendtours.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.travelcheck.de *.amazonaws.com *.snowtrex.de *.snowtrex.com *.ypsilon.net *.ferienwohnung-be.de *.meine-landausfluege.de *.facebook.net *.googletagmanager.com *.google-analytics.com *.planetandyou.de profewo.de *.profewo.de *.trendtours.de; style-src 'self' 'unsafe-inline' *.travelcheck.de fonts.googleapis.com fonts.gstatic.com *.trendtours.de; img-src 'self' data: *; frame-ancestors 'self' fmo.de *.fmo.de airport-pad.com *.airport-pad.com *.planetandyou.de 1
default-src 'self' blob: data: media.tenor.com *.facebook.com *.doubleclick.net *.googlesyndication.com *.youtube.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.gstatic.com *.google.com; child-src 'self' *.braintreegateway.com *.paypal.com *.facebook.com *.doubleclick.net *.youtube.com *.google.com *.cardinalcommerce.com; frame-src *; font-src 'self' fiilrcdn.com *.gstatic.com http://fonts.gstatic.com; object-src 'self' *.googlesyndication.com; manifest-src 'self' fiilrcdn.com; img-src 'self' data: blob: paratlan.hu fiilrcdn.com media.tenor.com www.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.doubleclick.net *.facebook.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.ytimg.com *.gstatic.com *.googleapis.com maps.google.com *.fbcdn.net android-webview data:; connect-src 'self' wss://paratlan.hu api.tenor.com *.facebook.com *.cardinalcommerce.com www.google-analytics.com *.googleapis.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.braintreegateway.com *.braintree-api.com *.paypal.com *.paypalobjects.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: fiilrcdn.com *.cardinalcommerce.com *.ccdc02.com *.facebook.com *.facebook.net *.googleadservices.com *.googlesyndication.com *.google-analytics.com *.googletagservices.com *.googletagmanager.com *.ampproject.org *.googlesyndication.com *.google.dz *.google.me *.google.tg *.google.sc *.google.com.sa *.google.iq *.google.dk *.google.ee *.google.com.mx *.google.es *.google.co.nz *.google.com.lb *.google.com.qa *.google.com.gh *.google.com.tr *.google.com.vn *.google.com.eg *.google.si *.google.no *.google.ru *.google.ie *.google.co.il *.google.com.ng *.google.hr *.google.bg *.google.ca *.google.hu *.google.sn *.google.pl *.google.gr *.google.nl *.google.com.au *.google.be *.google.cz *.google.fr *.google.se *.google.it *.google.de *.google.at *.google.ch *.google.rs *.google.co.uk *.google.ro *.google.sk *.google.ci *.google.com.ua *.doubleclick.net *.gstatic.com *.googleapis.com *.braintreegateway.com *.paypal.com *.paypalobjects.com *.google.com *.youtube.com *.ytimg.com; style-src 'self' 'unsafe-inline' fiilrcdn.com *.googleapis.com *.braintreegateway.com; worker-src 'self' blob: data:; report-uri https://paratlan.hu/csp_report.php; 1
frame-ancestors http://fninc.co.za/ * 1
default-src 'self' ws: *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com;font-src 'self' data: fonts.gstatic.com fonts.googleapis.com cdn.reactandshare.com;style-src 'self' 'unsafe-inline' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.reactandshare.com;img-src 'self' data: *.magnolia-platform.com *.cloudinary.net *.cloudfront.net *.facebook.com *.google.com *.google-analytics.com *.linkedin.com *.mapbox.com *.reactandshare.com *.siteimproveanalytics.io https://staeuwvisitfinlandp.file.core.windows.net https://stasustainabletravelp.file.core.windows.net https://saeuwstfpublicp.blob.core.windows.net *.twimg.com *.visitfinland.com vk.com;connect-src 'self' ws: *.addsearch.com *.magnolia-platform.com *.businessfinland.fi *.cookiebot.com *.doubleclick.net *.google-analytics.com *.mapbox.com *.met.no *.oribi.io *.tiktok.com;script-src 'self' blob: 'unsafe-eval';script-src-elem 'self' 'nonce-Jrj1UcBNfzkkxHNiENwTyQ==' 'nonce-WFxuMoUAQPjLcBhm8pR9ng==' *.visitfinland.com *.goodnewsfinland.com *.magnolia-platform.com *.twitter.com *.google.com *.google-analytics.com googletagmanager.com *.googletagmanager.com *.doubleclick.net *.youtube.com *.youtu.be *.facebook.com *.facebook.net *.snapchat.com *.tiktok.com *.microsoft.com *.office.com *.windows.net *.addsearch.com *.adform.net *.cookiebot.com *.hotjar.com *.licdn.com *.mapbox.com *.met.no *.oribi.io *.reactandshare.com siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.vimeo.com;frame-src https://* *.youtube.com *.tr.snapchat.com; 1
frame-ancestors 'self' https://www.fleetx.io 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: *; style-src 'self' 'unsafe-inline' * 1
frame-ancestors gkk-ng-ibe-test.mein-reiseportal.de gkk-ng-ibe-stage.mein-reiseportal.de buchen.galeria-reisen.de; 1
frame-ancestors https://*.etracker.com; 1
default-src 'self' www.googletagmanager.com analytics.google.com cdn.aframe.io s3.amazonaws.com cimscloudbeta.s3.amazonaws.com cimscloud.s3.amazonaws.com raw.githack.com aframe.io www.google.com orthos.cimscloud.com; font-src * data:; img-src * blob: data: cimscloudbeta.s3.amazonaws.com cimscloud.s3.amazonaws.com s3.amazonaws.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' dev.virtualearth.net code.jquery.com raw.githack.com aframe.io www.google.com kit.fontawesome.com cdn.tiny.cloud unpkg.com stats.g.doubleclick.net analytics.google.com www.googletagmanager.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net www.gstatic.com www.google-analytics.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' www.gstatic.com raw.githack.com aframe.io ajax.googleapis.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com cdn.tiny.cloud www.tiny.cloud www.tinymce.com; connect-src 'self' data: blob: *.virtualearth.net *.cimscloud.com *.googleapis.com s3.amazonaws.com cimscloudbeta.s3.amazonaws.com cimscloud.s3.amazonaws.com cdn.aframe.io cimscloud.s3.amazonaws.com  raw.githack.com aframe.io www.googletagmanager.com ajax.googleapis.com maps.googleapis.com cdn.jsdelivr.net www.gstatic.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net cdn.tiny.cloud unpkg.com kit.fontawesome.com ka-p.fontawesome.com www.tinymce.com; child-src 'self' blob: *.cimscloud.com; worker-src 'self' *.cimscloud.com cdn.jsdelivr.net blob:; frame-src 'self' *.cimscloud.com cimscloud.s3.amazonaws.com 1
default-src 'self' *.lex4web.app *.jquery.com *.googletagmanager.com *.hs-sites.com *.google-analytics.com *.google.com *.googleapis.com *.bootstrapcdn.com *.cloudflare.com *.youtube.com *.ironchip.com *.googleapis.com *.jsdelivr.net *.gstatic.com *.w3.org *.unpkg.com *.licdn.com *.hsforms.net *.hsforms.com *.hscta.net *.hubapi.com *.hsadspixel.net *.usemessages.com *.hs-scripts.com *.hubspot.com *.hs-banner.com *.hs-analytics.net *.hsleadflows.net *.hubspotusercontent00.net *.hubspotusercontent01.net *.hubspotusercontent02.net *.hubspotusercontent03.net *.hubspotusercontent04.net *.hubspotusercontent05.net *.hubspotusercontent06.net *.hubspotusercontent07.net *.hubspotusercontent08.net *.hubspotusercontent09.net *.hubspotusercontent10.net *.hubspotusercontent11.net *.hubspotusercontent12.net *.hubspotusercontent13.net *.hubspotusercontent15.net *.hubspotusercontent16.net *.hubspotusercontent17.net *.hubspotusercontent18.net *.hubspotusercontent19.net *.hubspotusercontent20.net *.hscollectedforms.net *.ipinfo.io *.s3.amazonaws.com *.snap.licdn.com 'unsafe-inline';  img-src 'self' *.lex4web.app *.hsforms.com *.hsappstatic.net *.hubspot.com *.linkedin.com data: *.ironchip.com; connect-src 'self' *.geoplugin.net *.lex4web.app *.hscollectedforms.net *.allorigins.win *.hsforms.com *.hubspot.com *.hs-banner.com *.hubapi.com hubspot-forms-static-embed.s3.amazonaws.com *.google-analytics.com *.oribi.io *.linkedin.com *.ironchip.com; frame-ancestors 'self' *; form-action *.ironchip.com *.hsforms.com *.unpkg.com 1
frame-ancestors 'self' https://www.jobs.ch https://ictjobs.ch https://itjobs.ch https://www.pharmapro.ch https://medienjobs.ch https://www.jobbern.ch https://www.jobmittelland.ch https://software-job.ch https://versicherungsjobs-schweiz.ch https://emploi-bancassurance.ch/ https://finews.jobportal.jobchannel.ch/ https://investrends.jobportal.jobchannel.ch/ https://vfcmschweiz.jobportal.jobchannel.ch/ https://kv-stelle.ch/ https://verwaltungs-jobs.ch/ https://emploi-administration.ch/ https://emploi-commercial.ch/ https://buchhalter-jobs.ch/ https://controller-job.ch/ https://finanz-job.ch/ https://data-jobs.ch/ https://crypto-jobs.ch/ https://it-jobs-switzerland.ch/ https://it-security-jobs.ch/ https://java-jobs.ch/ https://software-job.ch/ https://systemingenieur-jobs.ch/ https://emploi-it.ch/ https://projektmanager-jobs.ch/ https://marketing-job.ch/ https://onlinemarketing-stellen.ch/ https://aerzte-jobs.ch/ https://mpa-jobs.ch/ https://pflege-berufe.ch/ https://therapie-jobs.ch/ https://emploi-infirmier.ch/ https://emploi-medecine.ch/ https://business-analyst-jobs.ch/ https://juristen-jobs.ch/ https://treuhand-job.ch/ https://call-center-jobs.ch/ https://kundenberater-jobs.ch/ https://zuercher-jobs.ch/ https://zentralschweiz-jobs.ch/ https://emplois-fribourg.ch/ https://emplois-neuchatel.ch/ https://emplois-vaud.ch/ https://jura-emplois.ch/ https://solothurn-jobs.ch/ https://www.100000jobs.ch/ https://home-office-stellen.ch/ https://www.teilzeitkarriere.ch/ https://www.jobup.ch/ https://www.medicjobs.ch/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://aipi.social; img-src 'self' https: data: blob: https://aipi.social; style-src 'self' https://aipi.social 'nonce-eebElWGtLonnD50g8LbZUg=='; media-src 'self' https: data: https://aipi.social; frame-src 'self' https:; manifest-src 'self' https://aipi.social; form-action 'self'; child-src 'self' blob: https://aipi.social; worker-src 'self' blob: https://aipi.social; connect-src 'self' data: blob: https://aipi.social https://aipi.social wss://aipi.social; script-src 'self' https://aipi.social 'wasm-unsafe-eval' 1
script-src 'self' 'unsafe-inline' 'strict-dynamic' https://use.typekit.net cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://polyfill-fastly.io https://polyfill.io https://unpkg.com https://use.fontawesome.com; script-src-attr 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://script.hotjar.com https://*.azureedge.net https://*.googleadservices.com https://cdn-ukwest.onetrust.com cdn.jsdelivr.net cdn.rawgit.com cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://kit.fontawesome.com https://polyfill-fastly.io https://polyfill.io https://unpkg.com https://use.fontawesome.com; style-src 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://js-agent.newrelic.com https://fonts.googleapis.com https://www.googletagmanager.com https://snap.licdn.com https://static.hotjar.com https://www.google-analytics.com https://bat.bing.com https://connect.facebook.net https://www.clarity.ms https://script.hotjar.com blob: https://cdn-ukwest.onetrust.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://use.typekit.net/lmn7yno.css https://fonts.googleapis.com https://p.typekit.net cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cycling-uk-d9.cycle.travel https://unpkg.com; frame-ancestors 'self' 1
img-src https: data: ; object-src 'self' https:; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://analytics.tiktok.com https://*.ads-twitter.com https://www.google-analytics.com https://sensoriumgalaxy.com https://connect.facebook.net https://*.facebook.net https://facebook.net https://www.googletagmanager.com https://api.amplitude.com https://*.googleapis.com https://*.sensoriumgalaxy.com https://*.youtube.com https://fonts.gstatic.com https://i.ytimg.com https://*.ggpht.com https://static.doubleclick.net; style-src 'unsafe-inline' https://fonts.googleapis.com https://*.googleapis.com;  default-src 'self' https:; base-uri 'self' https://sensoriumgalaxy.com https://dev.sensoriumgalaxy.com; connect-src https:; font-src https: data: 1
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com *.google-analytics.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com cdnjs.cloudflare.com *.evergage.com https://cdn.evgnet.com https://*.qualtrics.com https://unpkg.com https://healthbenefitinsight.com https://cdn.insight.sitefinity.com https://dec.azureedge.net/ http://customer.cludo.com/ http://siteimproveanalytics.com/ https://bookeo.com/ https://bat.bing.com/ https://up.pixel.ad/ https://hub.arkansasbluecross.com/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://*.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.dstillery.com *.facebook.com *.adnxs.com/ https://*.dynatrace-managed.com 'unsafe-inline' 'unsafe-eval' *.vimeo.com https://collector-26040.us.tvsquared.com https://players.yumpu.com/ web-chat.nativechat.com https://dec.azureedge.net https://player.vimeo.com/api/player.js https://www.youtube.com/iframe_api; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline' use.typekit.net https://hub.arkansasbluecross.com https://*.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.adnxs.com/ *.typekit.net https://*.qualtrics.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://collector-26040.us.tvsquared.com web-chat.nativechat.com; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.ib-ibi.com *.myspace.com https://www.arkansasbluecross.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com track.hubspot.com https://*.cludo.com https://*.vindicosuite.com https://bat.bing.com/ *.pixel.ad *.dstillery.com *.us.tvsquared.com *.vindicosuite.com *.ipredictive.com *.sitescout.com *.facebook.com *.adnxs.com/ https://*.qualtrics.com *.zales.com *.addthis.com *.krxd.net *.rlcdn.com *.doubleclick.net *.google-analytics.com *.eloqua.com https://*.global.siteimproveanalytics.io *.tvsquared.com web-chat.nativechat.com https://cdn.insight.sitefinity.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: use.typekit.net https://*.qualtrics.com *.typekit.net; frame-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.google.com/ https://*.bookeo.com/ https://*.doubleclick.net https://*.fls.doubleclick.net/ https://hub.arkansasbluecross.com/ https://www.yumpu.com/ web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.google-analytics.com *.gstatic.com https://*.googletagmanager.com *.evergage.com https://*.qualtrics.com https://hub.arkansasbluecross.com https://stats.g.doubleclick.net/ *.mktoresp.com *.dstillery.com *.vindicosuite.com *.ipredictive.com *.sitescout.com *.facebook.com https://*.dynatrace-managed.com https://healthbenefitinsight.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://*.cludo.com *.pixel.ad *.tvsquared.com *.us.tvsquared.com; media-src 'self' data: blob: *.arkansasbluecross.com arkansasbluecross.com; child-src 'self' https://player.vimeo.com/ https://w.soundcloud.com/ https://*.dentaltotalhealth.com/ https://hub.arkansasbluecross.com/ https://*.bookeo.com/ https://*.fls.doubleclick.net/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://*.tvsquared.com https://collector-26040.us.tvsquared.com https://*.us.tvsquared.com https://*.doubleclick.net *.pixel.ad *.sitescout.com *.facebook.com *.google.com https://*.qualtrics.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com www.yumpu.com web-chat.nativechat.com 1
default-src 'self' data: https://framacarte.org https://umap.openstreetmap.fr; script-src 'self' 'unsafe-inline' https://framacarte.org https://umap.openstreetmap.fr; object-src 'self'; base-uri 'self'; form-action 'self'; style-src 'self' 'unsafe-inline' 1
upgrade-insecure-requests, 1
default-src 'self' https://*.idex-hs.com https://idex-hs.com https://external-idex.premierway.com:543 https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; script-src 'self' https://*.idex-hs.com https://idex-hs.com 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org https://cdn.jsdelivr.net https://kit.fontawesome.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://kendo.cdn.telerik.com/2021.1.119/js/kendo.all.min.js https://kendo.cdn.telerik.com/2021.1.119/js/kendo.aspnetmvc.min.js https://www.googletagmanager.com https://mktdplp102cdn.azureedge.net https://95169040225c478583336ffa5c0ef2b3.svc.dynamics.com https://code.jquery.com https://cdn.cookielaw.org https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com https://*.brightcove.net/ https://players.brightcove.net/ https://static.hotjar.com/ https://script.hotjar.com/ https://*.hotjar.com/; style-src 'self' https://*.idex-hs.com https://idex-hs.com 'unsafe-inline' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.twimg.com https://cdnjs.cloudflare.com https://ka-p.fontawesome.com https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; font-src 'self' https://*.idex-hs.com https://idex-hs.com 'unsafe-inline' *.googleapis.com fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com https://cdnjs.cloudflare.com https://ka-p.fontawesome.com https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com data:; img-src 'self' https://*.idex-hs.com https://idex-hs.com *.gstatic.com *.google.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com *.twimg.com data: blob: *.eloqua.com track.hubspot.com https://cdnjs.cloudflare.com https://www.paypalobjects.com https://*.doubleclick.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com https://cdn.cookielaw.org https://*.photonics.com; media-src 'self' https://*.idex-hs.com https://idex-hs.com data: blob: https://*.brightcove.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; form-action 'self' https://*.idex-hs.com https://idex-hs.com https://*.avr-optics.com https://dev.avr-optics.link https://staging.avr-optics.link https://*.brightcove.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; frame-src 'self' https://*.idex-hs.com https://idex-hs.com https://*.avr-optics.com https://dev.avr-optics.link https://staging.avr-optics.link https://95169040225c478583336ffa5c0ef2b3.svc.dynamics.com https://*.brightcove.net *.youtube.com *.avr-optics.com https://lt-pd.idex-hs.com https://*.smartercommercecloud.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; frame-ancestors 'self' https://*.idex-hs.com https://idex-hs.com https://*.avr-optics.com https://dev.avr-optics.link https://staging.avr-optics.link https://*.brightcove.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; child-src 'self' https://*.idex-hs.com https://idex-hs.com https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com https://www.sandbox.paypal.com https://pilot-payflowlink.paypal.com https://www.computop-paygate.com https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; connect-src 'self' https://*.idex-hs.com https://idex-hs.com accounts.google.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com *.google-analytics.com *.gstatic.com https://ka-p.fontawesome.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cookielaw.org https://*.onetrust.com https://95169040225c478583336ffa5c0ef2b3.svc.dynamics.com https://lt-pd.idex-hs.com https://maps.googleapis.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com wss://ws.hotjar.com/ https://metrics.hotjar.io https://content.hotjar.io/; object-src 'self' https://*.idex-hs.com https://idex-hs.com https://*.avr-optics.com https://dev.avr-optics.link https://staging.avr-optics.link https://*.brightcove.net https://mktdplp102cdn.azureedge.net https://lt-pd.idex-hs.com https://pd-searchlight.idex-hs.com https://searchlight.idex-hs.com https://searchlight.semrock.com; 1
object-src 'self' www.google.com transac.telebec.com google-analytics.com api.google-analytics.com; frame-ancestors 'self'; 1
frame-ancestors 'self' viewsonic.com viewsonic.com.tw viewsonic.com.au viewsonic.com.sg viewsoniceurope.com viewsonic.com.cn ap.viewsonic.com hk.viewsonic.com ifppartners.viewsonic.com youtube.com dev-viewsonic.mojostratus.io customercare.viewsonic.com.tw dev.ap.viewsonic.com; 1
default-src 'self'; font-src 'self' https://fonts.gstatic.com https://use.typekit.net; img-src 'self' blob: data: imgsct.cookiebot.com https://www.facebook.com/ https://www.google-analytics.com/ https://dashboard.umbraco.com *.cdninstagram.com secure.adnxs.com *.blob.core.windows.net www.google.com www.google.nl *.figpii.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' trnl-azure-net-sva-ajaxlifeapi-prod.azurewebsites.net https://www.universe.com/embed2.js https://www.google-analytics.com/ www.googletagmanager.com https://www.ajaxlife.nl/ admin.ajaxlife.nl https://www.sporcle.com/ https://platform.twitter.com/ https://www.googletagmanager.com/gtag/ https://connect.facebook.net https://consentcdn.cookiebot.com/ facebook.net/en_US/fbevents.js https://consent.cookiebot.com/ https://consentcdn.cookiebot.com/consentconfig/8b29846d-67c8-46d4-b6a2-4fb5bd0dd7b4/ajaxlife.nl/configuration.js https://googleads.g.doubleclick.net/pagead/viewthroughconversion/962220290/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js *.figpii.com; style-src 'self' 'unsafe-inline' admin.ajaxlife.nl https://fonts.googleapis.com https://p.typekit.net https://use.typekit.net *.figpii.com; frame-src ajaxlife.nl admin.ajaxlife.nl *.tresprojecten.nl https://www.sporcle.com/ https://embed.podcasts.apple.com https://platform.twitter.com/  consentcdn.cookiebot.com www.google.com www.youtube.com www.youtube-nocookie.com vars.hotjar.com www.facebook.com https://www.universe.com/ https://universe.queue-it.net; connect-src 'self' https://www.facebook.com/tr https://admin.ajaxlife.nl *.azurewebsites.net *.bugsnag.com consentcdn.cookiebot.com ajaxlife.nl *.tresprojecten.nl *.google-analytics.com *.google.com *.google.nl *.googlesyndication.com *.doubleclick.net  *.hotjar.com *.hotjar.io wss://*.hotjar.com *.umbraco.com *.figpii.com; worker-src 'self' blob:; media-src 'self' blob: 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-T7RUh0O5fbVwlCuNsv4vlH6i3B08XuTSwQHlFRrEEzZS6Rhb' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-srd 'self'; 1
frame-ancestors 'self'; frame-src 'self' https://vimeo.com https://player.vimeo.com https://www.youtube.com https://youtube.com https://cdn.embedly.com https://vars.hotjar.com; 1
frame-ancestors 'self'; font-src 'self' data:; img-src 'self' data:; object-src 'none'; base-uri 'self'; script-src 'strict-dynamic' 'nonce-f28ikmehtz'; 1
default-src 'self' 'unsafe-inline' https://dc.services.visualstudio.com https://az416426.vo.msecnd.net https://js.monitor.azure.com; img-src 'self' data:; 1
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'  1
default-src 'none'; style-src 'self' 'unsafe-inline'; img-src *; form-action 'self'; 1
default-src 'self' https://www.googletagmanager.com https://c.disquscdn.com/ https://disqus.com  ; connect-src 'self' *.doubleclick.net *.googleapis.com *.trustedshops.com *.google.com *.wordpress.com *.crazyegg.com *.lr-ingest.io *.retailads.net cognito-idp.eu-west-1.amazonaws.com cognito-identity.eu-west-1.amazonaws.com mymoria.bamboohr.co.uk trustbadge.api.etrusted.com www.google.com www.google-analytics.com www.cadsuta.net https://bat.bing.com https://www.googleadservices.com https://links.services.disqus.com https://n.clarity.ms *.mymoria.at *.mymoria.com *.mymoria.de  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.doubleclick.net *.googleadservices.com *.googleapis.com *.google-analytics.com *.googleoptimize.com https://cdnjs.cloudflare.com/ajax/libs/animejs/2.0.2/anime.min.js https//catamphetamine.github.io/ *.google.com *.trustedshops.com *.youtube.com *.wordpress.com *.crazyegg.com amplify.outbrain.com bat.bing.com cdn.lr-ingest.io embed.presseportal.de www.googletagmanager.com www.cadsuta.net www.awin1.com www.zenaps.com www.retailerweb.net *.retailads.net mymoria.disqus.com mymoria-1.disqus.com https://c.disquscdn.com https://www.clarity.ms https://n.clarity.ms *.mymoria.at *.mymoria.com *.mymoria.de  ; manifest-src 'self'  ; frame-src data: *.google.com *.youtube.com *.vimeo.com *.retailads.net embed.presseportal.de www.googletagmanager.com www.cadsuta.net https://disqus.com  ; img-src 'self' https: * data: *.doubleclick.net *.google.com *.google.de *.google.pl *.googleapis.com *.gstatic.com *.outbrain.com *.trustedshops.com *.youtube.com *.wordpress.com https//catamphetamine.github.io/ bat.bing.com embed.presseportal.de s3-eu-west-1.amazonaws.com www.awin1.com www.bamboohr.com www.google-analytics.com www.googletagmanager.com https://referrer.disqus.com/ https://cdn.viglink.com/ https://c.disquscdn.com/ https://c.clarity.ms https://c.bing.com *.mymoria.at *.mymoria.com *.mymoria.de  ; font-src 'self'  *.trustedshops.com fonts.gstatic.com themes.googleusercontent.com *.mymoria.at *.mymoria.com *.mymoria.de  ; worker-src blob: *.mymoria.at *.mymoria.com *.mymoria.de  ; style-src 'unsafe-inline' *.google.com *.googleapis.com *.trustedshops.com embed.presseportal.de mymoria.bamboohr.co.uk https://c.disquscdn.com/ *.mymoria.at *.mymoria.com *.mymoria.de  ; media-src 'none'  ; object-src 'none'  ;  1
default-src 'self'; script-src 'self' 1
default-src 'self' *.tuono.org *.peoplelinkonline.com https://wiki.peoplelink.it; connect-src 'self' *.tuono.org *.peoplelinkonline.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://accounts.google.com/gsi/ *.hereapi.com *.here.com blob:; script-src 'self' *.tuono.org *.peoplelinkonline.com *.googleapis.com *.google-analytics.com https://apis.google.com https://accounts.google.com *.googletagmanager.com *.hereapi.com *.here.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' *.tuono.org *.googleapis.com *.api.here.com 'unsafe-inline'; img-src 'self' https://* http://* data: blob: *.tuono.org *.peoplelinkonline.com https://*.google-analytics.com https://*.googletagmanager.com; font-src 'self' data: https://fonts.gstatic.com *.api.here.com; object-src 'self'; frame-src 'self' *.tuono.org *.peoplelinkonline.com https://accounts.google.com; report-uri /csp/logit 1
default-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data: blob:; object-src https 'self'; media-src 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob: resource:; frame-ancestors https: 'self' *.facebook.net; base-uri 'self' https: 1
default-src 'self' dragonetwork.pl *.dragonetwork.pl; script-src 'self' 'unsafe-inline' 'unsafe-eval' dragonetwork.pl *.dragonetwork.pl; script-src-elem 'unsafe-inline'; style-src 'self' 'unsafe-inline' dragonetwork.pl *.dragonetwork.pl; style-src-elem 'unsafe-inline'; object-src 'self' dragonetwork.pl *.dragonetwork.pl; base-uri 'self' dragonetwork.pl *.dragonetwork.pl; frame-src 'self' dragonetwork.pl *.dragonetwork.pl; 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com data: *.fontawesome.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com *.cart-guru.io *.carts.guru *.cartsguru.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.adyen.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.adyen.com www.google.com https://www.googletagmanager.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.trustpilot.com *.bati-avenue.com *.cart-guru.io *.carts.guru *.cartsguru.io blob: 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.adyen.com *.gstatic.com *.googleapis.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com https://redchamps.com media.bati-avenue.com media-preprod.bati-avenue.com medias.dubreuil.dev-003.internetrama.net i.calameoassets.com media.topaz.pro ressources.bati-avenue.com *.google.fr *.facebook.com bat.bing.com *.zendesk.com *.cart-guru.io *.carts.guru *.cartsguru.io *.google.es data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.adyen.com polyfill.io *.googleapis.com *.gstatic.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.trustpilot.com unpkg.com widget.trustpilot.com static.zdassets.com groupedubreuiln2.matomo.cloud sdk.privacy-center.org topazpro.zendesk.com cdn.cartsguru.io bat.bing.com connect.facebook.net try.abtasty.com via.batch.com *.zopim.com *.cart-guru.io *.carts.guru *.cartsguru.io *.air360tracker.net *.mastercard.com *.leadplace.fr *.batch.com *.bati-avenue.com *.jsdelivr.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com unsafe-inline assets.braintreegateway.com *.trustpilot.com *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline'; object-src *.cart-guru.io *.carts.guru *.cartsguru.io *.bati-avenue.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ *.zdassets.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.adyen.com *.algolia.net *.algolia.com *.algolianet.com *.insights.algolia.io *.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ payment.payline.com payment-2.payline.com homologation-payment.payline.com homologation-payment-2.payline.com payment.cdn.payline.com homologation-payment.cdn.payline.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com maps.googleapis.com ekr.zdassets.com groupedubreuiln2.matomo.cloud topazpro.zendesk.com *.google.com *.googlesyndication.com googleads.g.doubleclick.net *.abtasty.com bati-avenue.zendesk.com *.zopim.com *.openfpcdn.io *.trustpilot.com *.cart-guru.io *.carts.guru *.cartsguru.io *.air360tracker.net *.batch.com *.bootstrapcdn.com *.algolia.io *.privacy-center.org 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com *.cart-guru.io *.carts.guru *.cartsguru.io http: https: blob: 'self' 'unsafe-inline'; default-src *.cart-guru.io *.carts.guru *.cartsguru.io 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; block-all-mixed-content; form-action 'self'; base-uri 'none'; object-src 'none'; worker-src 'none'; font-src 'self' use.typekit.net fonts.gstatic.com; img-src 'self' www.facebook.com data: www.google-analytics.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' connect.facebook.net www.google-analytics.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com use.typekit.net p.typekit.net; frame-ancestors 'self'; child-src corpreports.bcmea.com; frame-src corpreports.bcmea.com www.youtube.com; connect-src www.facebook.com www.google-analytics.com www.bcmea.com stats.g.doubleclick.net; report-uri https://qgnz1x2w.uriports.com/reports/report; report-to default 1
frame-ancestors 'self' consorcio.cl ccbolsa.cl emma.cl bolsadesantiago.com compliance-tracker.cl salesforce.com 1
frame-ancestors 'self' https://www.credmudra.com; 1
default-src 'unsafe-inline' 'unsafe-eval' 'self'  blob: data:   consent.cookiebot.com *.streamingvideoprovider.com *.ravenjs.com *.webvideocore.net ajax.googleapis.com secure.surveymonkey.com surveymonkey.com widget.surveymonkey.com www.gstatic.com cdn.heapanalytics.com static.hotjar.com dc.ads.linkedin.com connect.facebook.net wss://cengine1.hermesonline.com:443/lightstreamer  https://cengine1.hermesonline.com:443 wss://iengine138.hermesonline.com:443/lightstreamer  https://iengine138.hermesonline.com:443 wss://iengine22.hermesonline.com:443 https://iengine22.hermesonline.com:443 wss://iengine23.hermesonline.com:443 https://iengine23.hermesonline.com:443 wss://drengine1.hermesonline.com.hermesonline.com:443/lightstreamer  https://drengine1.hermesonline.com.hermesonline.com:443 wss://drengine2.hermesonline.com.hermesonline.com:443/lightstreamer  https://drengine2.hermesonline.com.hermesonline.com:443  wss://iengine1.hermesonline.com/lightstreamer  https://iengine1.hermesonline.com wss://iengine2.hermesonline.com/lightstreamer  https://iengine2.hermesonline.com wss://iengine3.hermesonline.com/lightstreamer  https://iengine3.hermesonline.com wss://engine.hermesonline.com/lightstreamer  https://engine.hermesonline.com  https://www.google-analytics.com/ http://img.youtube.com/ https://www.youtube.com/embed/ fonts.gstatic.com fonts.googleapis.com maps.gstatic.com maps.gstatic.com maps.googleapis.com maps.googleapis.com www.google.com/maps/embed wss://mobtestwaf.hermesonline.com https://mobtestwaf.hermesonline.com https://172.16.200.159 wss://172.16.200.159/ https://mobtest.hermesonline.com wss://mobtest.hermesonline.com  https://maps.googleapis.com/ https://maps.gstatic.com/ https://csi.gstatic.com/ https://fonts.googleapis.com https://fonts.gstatic.com/ https://maps.googleapis.com https://maps.gstatic.com https://fonts.gstatic.com https://www.google.com/maps/ http://192.168.1.115/ http://w.sharethis.com  http://edge.sharethis.com http://seg.sharethis.com http://l.sharethis.com http://google-maps-utility-library-v3.googlecode.com/ https://fonts.googleapis.com https://maps.google.com/ http://csi.gstatic.com/ https://maps.google.com/maps-api-v3/ http://maps.gstatic.com/mapfiles/api-3/ https://developers.google.com/maps/ consentcdn.cookiebot.com 1
default-src https: wss://*.smartsupp.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://smartsupp-widget-161959.c.cdn77.org  data: 'unsafe-inline' 'unsafe-eval' blob: ; base-uri 'self' ; frame-ancestors 'self' ; form-action https://www.facebook.com 'self' 1
frame-ancestors 'self' https://ntb-centrum.mironet.cz/ https://totem.apps.mironet.cz/ 1
default-src 'none'; img-src 'self' https://www.google-analytics.com; style-src 'self'; font-src 'self'; script-src 'self' https://maps-api-ssl.google.com https://www.google-analytics.com https://www.googletagmanager.com; connect-src 'self'; base-uri 'none'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'none'; block-all-mixed-content; connect-src 'self' https://api.getaddress.io https://*.google-analytics.com https://*.googletagmanager.com; font-src https://assets.nurserymilk.co.uk; frame-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; img-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/ data:; object-src https://nmru-production.s3.amazonaws.com https://uploads.nurserymilk.co.uk/; script-src https://assets.nurserymilk.co.uk https://*.google-analytics.com https://*.googletagmanager.com 'unsafe-inline' 'sha256-//t8DN+5PHt8HhW5JH2ig7gM5SCiAAJ19Gba5fqlebw='; style-src https://assets.nurserymilk.co.uk; report-uri /_csp/report 1
default-src 'unsafe-inline' 'self'; connect-src 'self' https://maps.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'; script-src-elem 'unsafe-inline' 'self' https://jquery.com maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com; img-src data: maps.gstatic.com *.googleapis.com *.ggpht.com 'self' data:; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com https://fonts.gstatic.com; font-src 'self' data: ; 1
base-uri 'self'; default-src https: data: wss: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src 'self' *.pieddebiche-paris.com fonts.gstatic.com; frame-ancestors 'self' pieddebiche.zendesk.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 	        https://svc3cdn.minwise.co.kr 	        https://svc3cdn.hectoinnovation.co.kr 	        https://www.google.com 	        https://ajax.googleapis.com 	        https://www.google-analytics.com 	        https://www.googletagmanager.com 		https://www.googleadservices.com 	        https://use.fontawesome.com/ 	        https://cdnjs.cloudflare.com/                 https://googleads.g.doubleclick.net 		https://public-common-sdk.s3.ap-northeast-2.amazonaws.com 		https://script.beusable.net 		https://rum.beusable.net 		https://tpc.googlesyndication.com 	        https://maxcdn.bootstrapcdn.com ; 	    frame-ancestors 'self' 1
connect-src 'self' www.bugherd.com bugherd-attachments.s3.amazonaws.com *.omappapi.com *.grupotriples.com *.hotjar.com *.google.com *.google-analytics.com www.chatbase.co maps.googleapis.com 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https: blob:; font-src 'unsafe-inline' data: https:; object-src 'none' 1
default-src 'self' ; connect-src *; font-src 'self'  data:; frame-src *; img-src * data: blob:; media-src * data:; script-src 'self' 'unsafe-eval' 'sha256-jqxtvDkBbRAl9Hpqv68WdNOieepg8tJSYu1xIy7zT34='  ; style-src 'self' 'unsafe-inline' 1
default-src 'self' data: acsbapp.com *.acsbapp.com *.googletagmanager.com *.google-analytics.com *.gstatic.com; script-src 'self' 'unsafe-inline' acsbapp.com *.iubenda.com  *.webanalytics.italia.it *.googletagmanager.com *.google-analytics.com *.googleapis.com; connect-src 'self' acsbapp.com *.acsbapp.com *.iubenda.com *.webanalytics.italia.it *.googleapis.com *.google-analytics.com; style-src 'self' 'unsafe-inline' *.iubenda.com *.googleapis.com; frame-src 'self' *.iubenda.com *.youtube.com tua.mycicero.it; img-src 'self' *.iubenda.com *.webanalytics.italia.it *.openstreetmap.org *.google-analytics.com *.gstatic.com *.googleapis.com data: 1
base-uri 'self'; child-src https://www.youtube-nocookie.com/embed/; connect-src 'self' https://turkseed.com:8443/socket.io/ wss://turkseed.com:8443/socket.io/ https://api.themoviedb.org/; default-src 'none'; font-src 'self' data: https: fonts.gstatic.com; form-action 'self'; frame-ancestors 'self'; img-src 'self' data: https: image.tmdb.org via.placeholder.com/400x600; object-src 'none'; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https: gitcdn.xyz github.io *.github.io raw.githubusercontent.com github.com; block-all-mixed-content; upgrade-insecure-requests 1
default-src 'none'; manifest-src 'self'; img-src 'self' region1.analytics.google.com region1.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com https://www.google.com https://www.google.com.br https://img.youtube.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com; script-src 'self' static.cloudflareinsights.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google.com google.com  https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com; font-src 'self' https://fonts.gstatic.com/; style-src 'self' https://tagmanager.google.com https://fonts.googleapis.com/; form-action 'self' pagseguro.uol.com.br ws.pagseguro.uol.com.br pagamento.pagseguro.uol.com.br https://pagamento.pagseguro.uol.com.br https://pagseguro.uol.com.br/ https://ws.pagseguro.uol.com.br/ https://pag.ae/ https://pagamento.pagbank.com.br/; media-src 'none'; frame-src https://www.youtube.com; frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests; connect-src 'self' cloudflareinsights.com region1.google-analytics.com region1.analytics.google.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com; worker-src 'none'; report-uri 'none'; base-uri 'none'; 1
default-src https://api.callpage.io https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://*.callpage.io 'self'; font-src fonts.googleapis.com https://themes.googleusercontent.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com themes.googleusercontent.com https://boxideagetin-prod.ext.e-point.pl xxx.xxx.xx https://admin-boxideagetin-test.ext.e-point.pl https://admin-boxideagetin-prod.ext.e-point.pl 'self'; style-src www.googletagmanager.com https://*.callpage.io www.google.com www.googleapis.com tagmanager.google.com https://www.s.ytimg.com https://www.ytimg.com https://fonts.googleapis.com 'self' 'unsafe-inline'; img-src myao.adocean.pl ssl.gstatic.com www.s-passets.pinimg.com https://www.facebook.com https://*.googleapis.com stats.g.doubleclick.net https://googleads.g.doubleclick.net https://*.google.com https://*.g.doubleclick.net www.googletagmanager.com https://*.callpage.io www.gstatic.com www.google-analytics.com www.0.s-nk.pl clients1.google.com https://www.google.com https://analytics.google.com www.linkedin.com https://www.i1.ytimg.com https://www.googleapis.com *.ggpht.com https://www.google.pl www.ghmpl.hit.gemius.pl https://region1.analytics.google.com https://maps.gstatic.com https://*.googletagmanager.com www.passets.pinterest.com ghmpl.hit.gemius.pl https://*.google-analytics.com www.s3.cdn03.imgwykop.pl https://www.google-analytics.com https://www.twitter.com www.passets.pinimg.com www.s.c.lnkd.licdn.com https://*.analytics.google.com 'self' data:; frame-src https://consentcdn.cookiebot.com www.wykop.pl www.facebook.com https://signin.kontomatik.com https://ls.hit.gemius.pl https://s-static.ak.facebook.com https://bid.g.doubleclick.net https://www.s-static.ak.facebook.com ls.hit.gemius.pl https://www.facebook.com www.google.com https://www.google-analytics.com static.ak.facebook.com www.youtube.com https://e.ingbank.pl https://www.wykop.pl https://www.youtube.com 'self'; script-src myao.adocean.pl https://signin.kontomatik.com www.widgets.pinterest.com https://consent.cookiebot.com https://www.ssl.gstatic.com https://*.googleapis.com stats.g.doubleclick.net pro.hit.gemius.pl www.google.com https://www.ghmpl.hit.gemius.pl www.gstatic.com https://www.fbstatic-a.akamaihd.net www.assets.pinterest.com www.myao.adocean.pl www.google-analytics.com www.0.s-nk.pl https://www.google.com www.cdn.api.twitter.com connect.facebook.net *.gstatic.com https://www.googleapis.com www.platform.linkedin.com www.static.ak.facebook.com https://*.googletagmanager.com https://cdnjs.cloudflare.com https://api.callpage.io adocean-pl.hit.gemius.pl https://api-cdn6.callpage.io https://pro.hit.gemius.pl/ https://www.googleadservices.com https://www.s-static.ak.facebook.com https://core.callpage.io https://www.oauth.googleusercontent.com https://callpage.io tagmanager.google.com https://www.s.ytimg.com https://*.gstatic.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net www.googletagmanager.com https://ghmpl.hit.gemius.pl https://consentcdn.cookiebot.com www.linkedin.com https://www.google.pl https://maps.gstatic.com https://cdn-widget.callpage.io https://www.google-analytics.com www.pro.hit.gemius.pl www.platform.twitter.com https://www.apis.google.com 'self' 'unsafe-eval' 'unsafe-inline'; object-src https://googleads.g.doubleclick.net 'self'; connect-src https://consentcdn.cookiebot.com www.facebook.com https://analytics.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://region1.analytics.google.com https://googleads.g.doubleclick.net https://*.googletagmanager.com https://*.google.com https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://*.callpage.io https://*.google-analytics.com https://api.callpage.io https://www.google-analytics.com https://*.analytics.google.com 'self' 1
default-src 'self' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *;style-src 'self' 'unsafe-inline' *;frame-src 'self' *; img-src 'self' *;connect-src *;media-src 'self' *;font-src * 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.angularjs.org https://siscrm.blob.core.windows.net/ https://cdn.atendimen.to/ https://cdnjs.cloudflare.com/ajax/libs/angular-ui/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://connect.facebook.net/pt_BR/sdk.js; frame-ancestors 'self' http://seguroslasa.com.br https://seguroslasa.com.br; 1
block-all-mixed-content; frame-ancestors *.azureembalagens.com.br 1
frame-ancestors https://app.reskyt.com https://app.deporvillage.pl 1
frame-ancestors http://docplanner-front-test.docplanner.com https://docplanner-front-test.docplanner.com *.doctoralia.com.pt doctoraliaone-pt2-candidate.azurewebsites.net 1
frame-ancestors 'self' *.doppelherz.de *.dppim.gfeserver.de *.doppelherz.ae *.doppelherz.at *.doppelherz.bg *.doppelherz.com *.doppelherz.co.ao *.doppelherz.co.id *.doppelherz.co.kr *.doppelherz.co.uk *.doppelherz-algeria.com *.doppelherz.com.kw *.doppelherz-iraq.com *.doppelherz.dj *.doppelherz.eg *.doppelherz.es *.doppelherz.fr *.doppelherz.gr *.doppelherz.hr *.doppelherz.hu *.doppelherz.it *.doppelherz.me *.doppelherz.mk *.doppelherz.ng *.doppelherz.pl *.doppelherz.pt *.doppelherz.ro *.doppelherz.rs *.doppelherz.sg *.doppelherz.tn *.doppelherz.ug *.doppelherz.ru *.doppelherz.com.tr *.doppelherz.com.gh *.doppelherz.cm *.doppelherz.ge *.doppelherz.qa *.doppelherz.cz *.doppelherz.si *.doppelherz-southkorea.com *.doppelherz.ua *.doppelherz.ee *.doppelherz-lithuania.com *.doppelherz.lv *.doppelherz.ch *.doppelherz.tw *.queisser.de *.queisser.com *.doppelherz.ma *.doppelherz.ba 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.whatsapp.com cl.avis-verifies.com *.facebook.com *.mrstitchservice.com mrstitchservice.com 58surf.com despomar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.despomar.com *.google-analytics.com *.google.com *.googleapis.com *.billabong.com.pt billabong.com.pt *.gstatic.com *.ericeirasurfskate.pt ericeirasurfskate.pt *.58surf.com https://*.zopim.com wss://*.zopim.com https://*.zopim.io *.zendesk.com *.zdassets.com *.doubleclick.net *.instagram.com *.cdninstagram.com *.cloudflare.com *.collect.igodigital.com *.igodigital.com *.ytimg.com 58surf.com despomar.com *.youtube.com *.doubleclick.net vimeo.com *.vimeocdn.com *.cookiebot.com *.newrelic.com *.adservice.google.com *.googlesyndication.com *.nr-data.net static.hotjar.com cdn.commoninja.com *.commoninja.com upload.commoninja.com script.hotjar.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.com *.klarnacdn.net *.klarna.com *.playground.klarna.com *.klarnaevt.com *.playground.klarnaevt.com osm.klarnaservices.com content.cavewire.com code.jquery.com *.cavewire.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.mrstitchservice.com mrstitchservice.com 58surf.com despomar.com *.youtube.com *.facebook.net *.googleadservices.com *.googletagmanager.com *.despomar.com *.google-analytics.com *.google.com *.googleapis.com *.billabong.com.pt billabong.com.pt *.gstatic.com *.ericeirasurfskate.pt ericeirasurfskate.pt *.58surf.com *.vimeo.com *.google.pt *.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.doubleclick.net *.instagram.com *.cdninstagram.com *.whatsapp.com cl.avis-verifies.com *.facebook.com *.cloudflare.com *.collect.igodigital.com *.igodigital.com *.ytimg.com 58surf.com despomar.com *.youtube.com *.doubleclick.net vimeo.com *.vimeocdn.com *.cookiebot.com *.newrelic.com *.adservice.google.com *.googlesyndication.com *.nr-data.net static.hotjar.com cdn.commoninja.com *.commoninja.com upload.commoninja.com script.hotjar.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.com *.klarnacdn.net *.klarna.com *.playground.klarna.com *.klarnaevt.com *.playground.klarnaevt.com osm.klarnaservices.com content.cavewire.com code.jquery.com *.cavewire.com; style-src 'self' 'unsafe-eval' 'unsafe-inline' *.mrstitchservice.com mrstitchservice.com  *.googletagmanager.com *.despomar.com *.google-analytics.com *.google.com *.googleapis.com *.billabong.com.pt billabong.com.pt *.gstatic.com *.ericeirasurfskate.pt ericeirasurfskate.pt *.58surf.com *.vimeo.com *.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.doubleclick.net *.instagram.com *.cdninstagram.com *.whatsapp.com cl.avis-verifies.com *.facebook.com *.cloudflare.com *.collect.igodigital.com *.igodigital.com *.ytimg.com 58surf.com despomar.com *.youtube.com *.doubleclick.net vimeo.com *.vimeocdn.com *.cookiebot.com *.adservice.google.com *.googlesyndication.com *.nr-data.net static.hotjar.com cdn.commoninja.com *.commoninja.com upload.commoninja.com script.hotjar.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.com *.klarnacdn.net *.klarna.com *.playground.klarna.com *.klarnaevt.com *.playground.klarnaevt.com osm.klarnaservices.com content.cavewire.com code.jquery.com *.cavewire.com; img-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.mrstitchservice.com mrstitchservice.com *.whatsapp.com cl.avis-verifies.com *.facebook.com *.google.pt *.ericeirasurfskate.pt ericeirasurfskate.pt *.vimeo.com *.googletagmanager.com *.despomar.com *.google-analytics.com *.google.com *.googleapis.com *.billabong.com.pt billabong.com.pt *.gstatic.com *.ericeirasurfskate.pt ericeirasurfskate.pt blob: *.58surf.com *.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.doubleclick.net *.instagram.com *.cdninstagram.com *.whatsapp.com cl.avis-verifies.com *.facebook.com *.cloudflare.com *.collect.igodigital.com *.igodigital.com *.ytimg.com 58surf.com despomar.com *.youtube.com *.doubleclick.net vimeo.com *.vimeocdn.com *.cookiebot.com *.adservice.google.com *.googlesyndication.com *.nr-data.net static.hotjar.com cdn.commoninja.com *.commoninja.com upload.commoninja.com script.hotjar.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.com *.klarnacdn.net *.klarna.com *.playground.klarna.com *.klarnaevt.com *.playground.klarnaevt.com osm.klarnaservices.com content.cavewire.com code.jquery.com *.cavewire.com; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.58surf.com *.googletagmanager.com *.despomar.com *.google-analytics.com *.google.com *.googleapis.com *.billabong.com.pt billabong.com.pt *.gstatic.com  *.mrstitchservice.com mrstitchservice.com  *.ericeirasurfskate.pt ericeirasurfskate.pt data: font-family: *.ericeirasurfskate.pt ericeirasurfskate.pt  *.mrstitchservice.com mrstitchservice.com *.58surf.com *.zopim.com *.zopim.io *.zendesk.com *.zdassets.com *.doubleclick.net *.instagram.com *.cdninstagram.com *.whatsapp.com cl.avis-verifies.com *.facebook.com *.cloudflare.com *.collect.igodigital.com *.igodigital.com *.ytimg.com 58surf.com despomar.com *.youtube.com *.doubleclick.net vimeo.com *.vimeocdn.com *.cookiebot.com *.adservice.google.com *.googlesyndication.com *.nr-data.net static.hotjar.com cdn.commoninja.com *.commoninja.com upload.commoninja.com script.hotjar.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.com *.klarnacdn.net *.klarna.com *.playground.klarna.com *.klarnaevt.com *.playground.klarnaevt.com osm.klarnaservices.com content.cavewire.com code.jquery.com *.cavewire.com; 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com *.kleecks-cdn.com *.kleecks-stats.com 'self' data: *.doubleclick.net *.facebook.com *.fontawesome.com *.fonts.googleapis.com data: *.cloudflare.com data: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; frame-ancestors *.kleecks-cdn.com *.kleecks-stats.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.pinterest.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de static-eu.payments-amazon.com *.kleecks-cdn.com *.kleecks-stats.com 'self' data: *.google.it *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.googlesyndication.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.addthis.com *.pinterest.com *.cdninstagram.com data: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; script-src https://assets.adobedtm.com/ *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com assets.adobedtm.com amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de *.google.it *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.iubenda.com *.newrelic.com *.googlesyndication.com s7.addthis.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com https://unpkg.com/ http://unpkg.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.fontawesome.com unsafe-inline assets.braintreegateway.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; object-src https://assets.adobedtm.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; media-src *.adobe.com *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; manifest-src *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de *.google-analytics.com *.facebook.com *.facebook.net https://google.com/ https://*.iubenda.com/ https://*.doubleclick.net/ ekr.zdassets.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://*.cloudflare.com/ https://*.paypal.com/ https://*.googleapis.com/ https://*.addthis.com/ https://*.cardinalcommerce.com/ *.graph.instagram.com https://*.google-analytics.com/ https://assets.adobedtm.com/ https://dpm.demdex.net/ https://amcglobal.sc.omtrdc.net/ https://geostag.cardinalcommerce.com/ https://geo.cardinalcommerce.com/ https://1eafstag.cardinalcommerce.com/ https://1eaf.cardinalcommerce.com/ https://centinelapistag.cardinalcommerce.com/ https://centinelapi.cardinalcommerce.com/ https://www.google-analytics.com/ https://www.googleadservices.com/ https://analytics.google.com/ https://www.googletagmanager.com/ https://*.snplow.net/ https://commerce.adobedc.net/ https://vimeo.com/ https://api.magento.com/ https://*.adobe.io/ https://performance.typekit.net/ https://www.sandbox.paypal.com/ https://www.paypalobjects.com/ https://www.paypal.com/ https://pilot-payflowlink.paypal.com/ https://commerce.adobe.io/ https://commerce.adobe.net/ https://qa-api.magedevteam.com/ https://*.sentry.io/ https://*.amazon.com/ https://*.amazon.co.uk/ https://*.amazon.co.jp/ https://*.amazon.jp/ https://*.amazon.it/ https://*.amazon.fr/ https://*.amazon.es/ https://*.amazon.de/ https://*.amazonpay.com/ https://*.amazonpay.co.uk/ https://*.amazonpay.co.jp/ https://*.amazonpay.jp/ https://*.amazonpay.it/ https://*.amazonpay.fr/ https://*.amazonpay.es/ https://*.amazonpay.de/ https://mws.amazonservices.com/ https://mws.amazonservices.co.uk/ https://mws.amazonservices.co.jp/ https://mws.amazonservices.jp/ https://mws.amazonservices.it/ https://mws.amazonservices.fr/ https://mws.amazonservices.es/ https://mws.amazonservices.de/ https://*.facebook.com/ https://*.facebook.net/ https://*.google.com/ https://ekr.zdassets.com/ https://api.braintreegateway.com/ https://api.sandbox.braintreegateway.com/ https://client-analytics.braintreegateway.com/ https://client-analytics.sandbox.braintreegateway.com/ https://*.braintree-api.com/ https://*.graph.instagram.com/ https://*.kleecks-cdn.com/ https://*.kleecks-stats.com/ https://akoctmvv.euh.stape.net/ https://unpkg.com/ https://ss.gabel1957.com/ https://ss.somma1867.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; default-src https://assets.adobedtm.com/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri https://akoctmvv.euh.stape.net/ http://akoctmvv.euh.stape.net/ *.kleecks-cdn.com *.kleecks-stats.com 'self' 'unsafe-inline'; 1
default-src 'self'; frame-src 'self' 'unsafe-inline' www.facebook.com platform.twitter.com googleads.g.doubleclick.net *.google.com; connect-src 'self' *:888 google-analytics.com trustzonevpn.info googletagmanager.com; font-src 'self' data: fonts.gstatic.com googletagmanager.com; form-action 'self'; img-src 'self' data: *.google.com trustzoneurl.com trustzonepost.xyz trustzonevpn.info get-trust-vpn.info trust.zone stats.g.doubleclick.net google-analytics.com syndication.twitter.com *.basemaps.cartocdn.com googletagmanager.com; manifest-src 'self'; style-src 'self' 'unsafe-inline' get-trust-vpn.info; script-src 'self' 'unsafe-eval' 'nonce-45fd301e82ae05a24076652df154a50d' google.com gstatic.com googletagmanager.com trustzonevpn.info get-trust-vpn.info trustzoneurl.com platform.twitter.com connect.facebook.net; report-uri http://get-trust-vpn.info/_csp_log 1
child-src 'self' https://*.hotjar.com; report-uri /csp-report; default-src 'self'; worker-src 'self'; style-src 'self' 'unsafe-inline' https://static.ex4.pl https://cdnjs.cloudflare.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com; script-src 'self' 'report-sample' https://static.ex4.pl https://cdnjs.cloudflare.com https://*.googleapis.com https://cdn.jsdelivr.net https://www.googletagmanager.com https://maxcdn.bootstrapcdn.com https://www.googleadservices.com https://ssl.google-analytics.com https://googleads.g.doubleclick.net https://www.google.pl/ 'nonce-ESP_NONCE-iEA0EiNNg3BhYXHppOoidEofQKKDvcuD4s7OUfDwh9GJKTEjNqokrelkDrLBZ1ou' https://*.hotjar.com https://www.google.com/ https://www.googletagmanager.com/; object-src 'self'; media-src 'self'; manifest-src 'self'; img-src 'self' https://imge.pl https://static.ex4.pl https://www.google-analytics.com https://www.google.pl https://www.google.com/ads https://leclercbielany.sellasist.pl https://www.google.de https://www.googletagmanager.com/ https://leclerc.com.pl/ https://www.gstatic.com/ https://www.google.com.tr/ https://www.google.com.do/ https://www.google.com https://www.google.be/ https://www.google.lt/ https://www.google.it/ https://www.google.se/ https://www.google.co.uk/ https://www.google.com.ua/ https://www.google.no/ https://www.google.cz/; frame-src 'self' https://*.hotjar.com https://www.google.com https://vars.hotjar.com https://www.youtube.com *.doubleclick.net; font-src 'self' data: https://cdnjs.cloudflare.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://static3.avast.com; connect-src 'self' https://stats.g.doubleclick.net https://*.hotjar.io https://*.hotjar.com https://www.google-analytics.com https://analytics.google.com https://www.google.pl https://www.google.pl/ads/ https://analytics.google.com/g/ https://www.youtube.com/ https://www.googletagmanager.com https://www.google.com.ua https://www.google.be https://www.google.com.ua https://www.google.co.uk https://www.google.de https://*.google.com *.doubleclick.net *.googlesyndication.com *.google-analytics.com https://google.com 1
default-src  'self' https://www.googleadservices.com https://*.google-analytics.com; connect-src 'self' https://*.doubleclick.net https://dyq8iclefrofd.cloudfront.net https://*.googleadservices.com https://www.googleadservices.com https://www.google-analytics.com wss://ws-eu.pusher.com https://*.pusher.com https://www.googletagmanager.com https://*.googlesyndication.com https://www.googletagservices.com https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://*.google.es https://*.google.com https://consent.cookiefirst.com https://edge.cookiefirst.com about:; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://dyq8iclefrofd.cloudfront.net https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://static3.avast.com data:; frame-ancestors 'none'; frame-src 'self' https://dyq8iclefrofd.cloudfront.net https://*.google.com https://*.youtube.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagmanager.com https://www.mensatek.com:3333 https://mensatek.com:3333 https://smscertificado.es.com:3333 https://www.smscertificado.es:3333 https://lofirmo.com:3333 https://www.lofirmo.com:3333 https://lofirmo.es:3333 https://www.lofirmo.es:3333 https://www.facebook.com; child-src 'self' blob: https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com; img-src 'self' https://dyq8iclefrofd.cloudfront.net https://*.google.es https://*.google.com https://*.google.cl https://*.google.com.pe https://*.google.com.bo https://*.google.com.do https://*.google.com.uy https://*.google.com.co https://*.google.co.uk https://*.google.pt https://*.google.co.ve https://*.google.com.ar https://*.google.com.pa https://*.google.nl https://*.google.be https://*.google.com.mx https://*.google.de https://*.google.fr https://*.google.fi https://www.google.com.ng https://www.google.com.pr https://www.google.com.ec https://www.google.co.id https://www.google.com.hk https://www.google.co.kr https://www.google.at https://www.google.se https://www.google.hn https://*.google-analytics.com https://www.google-analytics.com https://*.gstatic.com https://www.googletagmanager.com https://*.googlesyndication.com https://www.googleadservices.com https://cdn.jsdelivr.net https://*.doubleclick.net https://googleads.g.doubleclick.net https://*.avast.com https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://*.googleapis.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-725270125460' https://code.jquery.com https://dyq8iclefrofd.cloudfront.net https://cdnjs.cloudflare.com https://*.g.doubleclick.net https://*.pusher.com https://www.mensatek.com https://mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://cdn.jsdelivr.net https://*.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.googlesyndication.com https://*.googletagservices.com https://*.googletagmanager.com https://*.google.es https://ssl.google-analytics.com https://www.google-analytics.com *.google-analytics.com https://*.googleapis.com https://www.gstatic.com https://*.google-analytics.com https://*.scr.kaspersky-labs.com https://maxcdn.bootstrapcdn.com https://*.facebook.net https://*.asetecgroup.es https://consent.cookiefirst.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://dyq8iclefrofd.cloudfront.net https://*.googleapis.com https://*.google.com https://www.gstatic.com https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://*.google-analytics.com https://consent.cookiefirst.com; object-src 'self' https://*.googlesyndication.com; media-src 'self' https://dyq8iclefrofd.cloudfront.net https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com https://dai.google.com; form-action 'self' https://*.google.com;  worker-src 'self' blob: https://www.google.com https://mensatek.com https://www.mensatek.com https://smscertificado.es.com https://www.smscertificado.es https://lofirmo.com https://www.lofirmo.com; upgrade-insecure-requests; report-to recibecsp;; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com analytics.google.com ajax.googleapis.com www.googletagmanager.com www.google.co.in *.popt.in konverse.ai app.konverse.ai cdn.webpushr.com static.addtoany.com cdn.jsdelivr.net cdnjs.cloudflare.com *.doubleclick.net connect.facebook.net *.criteo.com evt.paytm.com www.googleadservices.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com konverse.ai app.konverse.ai cdn.webpushr.com data:; img-src 'self' *.amazonaws.com *.cloudfront.net konverse.ai app.konverse.ai cdn.webpushr.com www.google.co.in www.google.com click.onatrack.in clicks.polyvalent.co.in www.facebook.com googleads.g.doubleclick.net data:; style-src 'self' 'unsafe-inline' fonts.googleapis.com github.com konverse.ai app.konverse.ai cdn.webpushr.com data:; connect-src 'self' 'unsafe-inline' analytics.google.com *.doubleclick.net *.popt.in google.com data:; frame-src 'self' www.google.com www.youtube.com *.cloudfront.net konverse.ai app.konverse.ai cdn.webpushr.com www.googletagmanager.com static.addtoany.com *.doubleclick.net adgebra.co.in paytm43.gotrackier.com link.velocityplus.in evt.paytm.com *.criteo.com data:; media-src 'self' 'unsafe-inline' *.cloudfront.net konverse.ai app.konverse.ai cdn.webpushr.com; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.pablovazquezkunz.com https://www.carlosantonioromano.com 1
object-src 'none';base-uri 'self';script-src 'nonce-WiJHCfXYI2sKp8suHdYXmw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src 'self' gateway.zscloud.net blob:; frame-src 'self' gateway.zscloud.net www.google.com app.eu.pendo.io; child-src 'self' gateway.zscloud.net app.eu.pendo.io; frame-ancestors 'self' gateway.zscloud.net app.eu.pendo.io *.datadoghq.com; font-src 'self' data: https://*; media-src 'self' blob: https://* data:; style-src 'self' gateway.zscloud.net *.googleapis.com landingpad.me *.landingpad.me 'unsafe-inline' app.eu.pendo.io cdn.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com; script-src 'self' landingpad.me *.landingpad.me gateway.zscloud.net 'unsafe-inline' 'unsafe-eval' app.eu.pendo.io pendo-eu-static.storage.googleapis.com cdn.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com data.eu.pendo.io *.amazonaws.com snap.licdn.com static.zdassets.com *.zendesk.com cdn2l.ink www.google.com www.gstatic.com www.google-analytics.com www.googletagmanager.com pi.pardot.com tag.clearbitscripts.com blob: resource:; connect-src 'self' https://* blob: wss: ws: app.eu.pendo.io data.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com; img-src 'self' blob: https://* data: landingpad.me *.landingpad.me cdn.eu.pendo.io app.eu.pendo.io pendo-eu-static-5878461311811584.storage.googleapis.com data.eu.pendo.io; object-src 'none' 1
default-src 'self' wss://pod-29.zendesk.com/sc/faye wss://widget-mediator.zopim.com maps.googleapis.com api.tumblr.com code.jquery.com *.google-analytics.com https://www.googletagmanager.com ajax.googleapis.com fonts.gstatic.com https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net/ https://*.mailchimp.com/; script-src 'self' wss://pod-29.zendesk.com/sc/faye wss://widget-mediator.zopim.com maps.googleapis.com api.tumblr.com code.jquery.com assets.calendly.com calendly.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ *.google-analytics.com https://www.googletagmanager.com ajax.googleapis.com 'unsafe-inline' https://*.fontawesome.com/ http://*.trustpilot.com/ https://*.cookiebot.com/ https://*.zendesk.com/ https://*.zdassets.com/ https://*.doubleclick.net https://*.agilecrm.com https://*.cloudflare.com/ https://*.mailchimp.com/; style-src 'self' 'unsafe-inline' fonts.googleapis.com https://*.fontawesome.com/; frame-src 'self' assets.calendly.com calendly.com https://*.cookiebot.com/ https://*.youtube.com/ http://*.trustpilot.com/ https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' imgsct.cookiebot.com https://static.zdassets.com/ 64.media.tumblr.com maps.gstatic.com maps.googleapis.com data: *.google-analytics.com https://www.googletagmanager.com; frame-ancestors 'self' 1
default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https: data: blob:; img-src 'self' https: data: mediastream: blob:; font-src 'self' https: data: blob:; media-src *; upgrade-insecure-requests 1
default-src 'self'; img-src 'self' *.alphabet.com 10.0.20.57 *.linkedin.com *.adition.com *.vivocha.com https://vivocha-csm.s3.eu-central-1.amazonaws.com/alphabet/* *.facebook.net *.facebook.com *.eloqua.com *.doubleclick.net *.googletagmanager.com *.google.com *.google.de *.google.co.uk *.googleapis.com *.gstatic.com https://cdn.jsdelivr.net/npm/react-client-captcha/dist/retry.svg data:; font-src 'self' *.alphabet.com *.gstatic.com *.vivocha.com; script-src 'self' *.alphabet.com *.bmw.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net *.licdn.com *.facebook.net *.vivocha.com *.en25.com *.adition.com *.hotjar.com 10.0.20.57 *.googleapis.com *.epaas.api.bmw *.criteo.com *.adform.net 'unsafe-eval' 'unsafe-inline'; style-src 'self' *.alphabet.com 10.0.20.57 *.vivocha.com *.googleapis.com 'unsafe-inline'; connect-src 'self' *.alphabet.com 10.0.20.57 *.bmw.com bmwag.d3.sc.omtrdc.net *.vivocha.com *.hotjar.com *.epaas.api.bmw *.googleapis.com *.aladin.azure.bmw.cloud *.linkedin.oribi.io *.ads.linkedin.com *.google.com *.doubleclick.net; frame-src 'self' *; frame-ancestors 'self' *.alphabet.com 10.0.20.57 *.bmw.com; object-src 'none'; base-uri 'self' alpha.alphabet.com 10.0.20.57; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' * 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' 'nonce-YQP4ESDcuAOjkWN5xSIj+A==' yastatic.net yastat.net mc.yandex.ru mc.webvisor.com mc.webvisor.org mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz api-maps.yandex.ru suggest-maps.yandex.ru *.maps.yandex.net yandex.ru *.adfox.ru *.yandex.ru yandex.com an.yandex.ru storage.mds.yandex.net; style-src 'self' 'unsafe-inline' yastatic.net yastat.net 'unsafe-eval' blob: *.adfox.ru; font-src 'self' yastatic.net yastat.net data:; img-src 'self' data: yastatic.net yastat.net mc.webvisor.com mc.webvisor.org mc.yandex.ru mc.admetrica.ru avatars.mds.yandex.net mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz *.maps.yandex.net api-maps.yandex.ru yandex.ru *.adfox.ru *.yandex.ru *.yandex.net yandex.com avatars-fast.yandex.net favicon.yandex.net banners.adfox.ru content.adfox.ru ads6.adfox.ru *.tns-counter.ru *.verify.yandex.ru verify.yandex.ru ads.adfox.ru bs.serving-sys.com bs.serving-sys.ru ad.adriver.ru wcm.solution.weborama.fr wcm-ru.frontend.weborama.fr wcm.weborama-tech.ru ad.doubleclick.net rgi.io track.rutarget.ru ssl.hurra.com amc.yandex.ru gdeby.hit.gemius.pl tps.doubleverify.com pixel.adsafeprotected.com impression.appsflyer.com pixel.adlooxtracking.com pixel.adlooxtracking.ru media.izi.travel blob: reservationsteps.ru/files/ www.qatl.ru www.travelline.ru secure.travelline.pro secure.travelline.ru bronevik.com storage.hotelstar.ru cdn.ostrovok.ru i.travelapi.com; frame-src 'self' blob: mc.yandex.ru mc.yandex.md api-maps.yandex.ru forms.yandex.ru forms.yandex.ru passport.yandex.ru *.yandex.ru *.yandexadexchange.net *.adfox.ru yandexadexchange.net yastatic.net my.matterport.com forms.yandex-team.ru yandex.ru trust.yandex.ru travel.yandex.net https://3ds.travel.yandex-net.ru marketing.trvl.yandex.net split.yandex.ru; child-src 'self' blob: mc.yandex.ru api-maps.yandex.ru forms.yandex.ru forms.yandex.ru passport.yandex.ru forms.yandex-team.ru; connect-src 'self' yandexmetrica.com:* mc.webvisor.com mc.webvisor.org mc.yandex.ru mc.admetrica.ru https://yandex.ru mc.yandex.com mc.yandex.by mc.yandex.com.tr mc.yandex.kz mc.yandex.ua mc.yandex.az mc.yandex.co.il mc.yandex.com.am mc.yandex.com.ge mc.yandex.ee mc.yandex.fr mc.yandex.kg mc.yandex.lt mc.yandex.lv mc.yandex.md mc.yandex.tj mc.yandex.tm mc.yandex.uz api-maps.yandex.ru api-maps.tst.c.maps.yandex.ru *.yandex.net *.yandex.ru *.adfox.ru yastatic.net yandex.ru yandex.com blob: an.yandex.ru strm.yandex.ru *.strm.yandex.net verify.yandex.ru *.verify.yandex.ru yandex.st matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net tps.doubleverify.com pixel.adsafeprotected.com amc.yandex.ru yandex.ru taxi-routeinfo.taxi.yandex.net https://api.stat.yandex-team.ru trust.yandex.ru; media-src yastatic.net yastat.net data: blob: *.yandex.ru *.yandex.net *.adfox.ru yandex.ru yandex.com strm.yandex.ru *.strm.yandex.ru; frame-ancestors webvisor.com *.webvisor.com http://webvisor.com http://*.webvisor.com 'self' yandex.ru *.yandex.ru:* *.yandex.com iframe-toloka.com sandbox.iframe-toloka.com https://3ds.travel.yandex-net.ru; worker-src blob: data:; report-uri https://csp.yandex.net/csp?yandexuid=9762034021715651559&from=ya-travel&project=ya-travel; 1
object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https: http: https://www.googletagmanager.com https://www.google-analytics.com *.google.com.sg *.google.com *.googlesyndication.com *.googleadservices.com; base-uri 'none'; frame-ancestors 'none' 1
default-src 'self' *.valspar.com  *.youtube.com *.google-analytics.com *.doubleclick.net hosted.meetsoci.com                 nexus.ensighten.com *.google.com cdn.hypemarks.com *.mktoresp.com;         script-src 'unsafe-inline' 'unsafe-eval' *.houseofkolor.com *.google.com www.gstatic.com *.cloudflare.com *.cloudfront.net *.bootstrapcdn.com                 nexus.ensighten.com code.jquery.com *.googleapis.com *.google-analytics.com *.adobedtm.com *.doubleclick.net *.fontawesome.com                 www.tintup.com cdn.hypemarks.com *.marketo.net *.googletagmanager.com filesystem:;         img-src * data:;         font-src 'self' *.typekit.net *.bootstrapcdn.com *.fontawesome.com ;         style-src 'self' 'unsafe-inline' *.typekit.net *.bootstrapcdn.com *.fontawesome.com *.googleapis.com ;  1
default-src 'self' 'unsafe-inline' data: blob: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.facebook.net *.facebook.com *.fbcdn.net *.atdmt.com *.top.ge *.youtube.com *.ytimg.com 1
default-src 'self' blob: https://*.summize.com *.google-analytics.com https://*.linkedin.com https://assets-global.website-files.com https://stats.g.doubleclick.net https://uploads-ssl.webflow.com https://www.facebook.com https://www.google.com https://www.googletagmanager.com; script-src 'unsafe-inline' 'self' https://*.summize.com https://*.clarity.ms https://*.hotjar.com https://*.leadoo.com https://ajax.googleapis.com https://assets-global.website-files.com https://bat.bing.com https://cdn.calconic.com https://code.jquery.com https://connect.facebook.net https://cdn.finsweet.com https://cdn.jsdelivr.net https://cdn.leadinfo.net https://cdnjs.cloudflare.com https://d3e54v103j8qbb.cloudfront.net https://forms.hsforms.com https://global-uploads.webflow.com https://googleads.g.doubleclick.net https://hubspotonwebflow.com https://js.hs-analytics.net https://js.hs-banner.com https://js.hs-scripts.com https://js.hsadspixel.net https://js.hscollectedforms.net https://js.hsforms.net https://js.usemessages.com https://js.zi-scripts.com https://tools.refokus.com https://tracking.g2crowd.com https://sc.lfeeder.com https://snap.licdn.com https://ssl.google-analytics.com https://static.hsappstatic.net https://summize.bamboohr.com https://tagmanager.google.com https://tools.refokus.io https://uploads-ssl.webflow.com https://widgets.sociablekit.com https://ws.zoominfo.com https://www.clarity.ms https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.gstatic.com https://www.youtube.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://*.summize.com https://*.leadoo.com https://*.sociablekit.com https://assets-global.website-files.com https://fonts.googleapis.com https://global-uploads.webflow.com https://maxcdn.bootstrapcdn.com https://uploads-ssl.webflow.com https://tagmanager.google.com; font-src 'self' data: https://*.summize.com https://*.leadoo.com https://fonts.gstatic.com https://js.hs-banner.com https://maxcdn.bootstrapcdn.com https://uploads-ssl.webflow.com; img-src 'self' data: https://*.summize.com https://googleads.g.doubleclick.net https://www.linkedin.com https://px.ads.linkedin.com/collect https://ssl.gstatic.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.gstatic.com www.googletagmanager.com *; frame-src https://*.summize.com https://*.doubleclick.net/ https://*.hotjar.com/ https://*.leadoo.com https://app.hubspot.com https://bid.g.doubleclick.net https://cdn.embedly.com https://dev-938782.oktapreview.com https://embed.podcasts.apple.com https://forms.hsforms.com https://iframe.videodelivery.net https://meetings.hubspot.com https://open.spotify.com https://webflow.com https://w.soundcloud.com https://www.facebook.com https://www.google.com https://www.youtube.com; connect-src https://*.summize.com https://*.analytics.google.com https://*.clarity.ms https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.leadoo.com https://*.ads.linkedin.com https://analytics.google.com https://api.hubapi.com https://api.hubspot.com https://api.leadinfo.com https://app.calconic.com https://bat.bing.com https://bot.leadoo.com https://cdn.linkedin.oribi.io https://collector.leadinfo.net https://editor-api.webflow.com https://forms.hscollectedforms.net https://forms.hsforms.com https://forms.hubspot.com https://global-uploads.webflow.com https://google.com https://hubspotonwebflow.com https://hubspot-forms-static-embed.s3.amazonaws.com https://js.hs-banner.com https://js.zi-scripts.com https://notify.bugsnag.com https://sessions.bugsnag.com/ https://statistics-dot-calconic-app.appspot.com https://stats.g.doubleclick.net https://summize.bamboohr.com https://webflow.com https://ws.zoominfo.com https://www.facebook.com https://www.google-analytics.com https://www.google.co.uk; report-uri https://summize.report-uri.com/r/d/csp/reportOnly; report-to csp-report 1
upgrade-insecure-requests; default-src 'self' https:; frame-ancestors 'self'; font-src 'self' data: https:; img-src 'self' data: https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline';form-action 'self'; 1
script-src 'self' https://maxcdn.bootstrapcdn.com/ https://ajax.googleapis.com/ https://www.google-analytics.com/ https://www.facebook.com https://connect.facebook.net/ https://twitter.com/ https://platform.twitter.com/ https://cdn.syndication.twimg.com/ http://free.timeanddate.com/ https://www.youtube.com/ http://translate.google.com/ https://translate.googleapis.com/ https://code.jquery.com/ http://code.jquery.com/ http://widget.supercounters.com/ http://www.supercounters.com/ https://www.googletagmanager.com/ https://cdnjs.cloudflare.com/ http://crypto-js.googlecode.com/ https://translate-pa.googleapis.com/ https://assets.calendly.com/ https://assets.calendly.com/assets/external/ 'unsafe-inline' 'unsafe-eval'; 1
style-src 'self' 'unsafe-inline' https://cdn.yellowmap.de https://privacy.trustcommander.net https://cdn.trustcommander.net https://cdn.consentmanager.mgr.consensu.org https://fonts.googleapis.com; worker-src 'self'; connect-src 'self' https://maps.googleapis.com https://*.commander1.com https://*.trustcommander.net https://*.tagcommander.com https://cdn.consentmanager.mgr.consensu.org https://consentmanager.mgr.consensu.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;font-src 'self' http://www.sparkassen-kundenportal.de https://cdn.yellowmap.de https://fonts.gstatic.com; frame-src 'self' https://*.vkb.de https://*.ukv.de https://www.etermin.net https://cdn.trustcommander.net https://cdn.tagcommander.com; manifest-src 'self';media-src 'self' https://*.youtube.com https://*.youtube-nocookie.com; img-src * data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://cdn.yellowmap.de https://www.yellowmap.de https://cdn.tagcommander.com:* https://cdn.trustcommander.net:* https://maps.gstatic.com/:* https://*.gstatic.com:* https://*.googletagmanager.com:* https://www.google-analytics.com:* https://*.googleapis.com:* https://tagmanager.google.com:* https://*.mgr.consensu.org 1
frame-ancestors 'self' *.psplugin 1
default-src 'self'; style-src 'self'  'nonce-VIqXSBmndO9L7CxaLAOXKg=='; script-src 'self' www.googletagmanager.com www.google.com *.clarity.ms *.flickr.com  'nonce-VIqXSBmndO9L7CxaLAOXKg=='; frame-src 'self' www.youtube.com www.google.com; img-src 'self' www.google.com.br www.googletagmanager.com via.placeholder.com *.clarity.ms c.bing.com live.staticflickr.com; font-src 'self' data:; connect-src 'self' analytics.google.com stats.g.doubleclick.net www.google-analytics.com *.clarity.ms cloudflareinsights.com *.flickr.com 1
frame-ancestors 'self' webforce.com new.webforce.com webforce1111.c45stagehostopia.com wfsites-to.websitecreatorprotool.com wfsites.websitecreatorprotool.com wfsites-ie.websitecreatorprotool.com wf.mktgsuite.deluxe.com fl.sitekreator.com portal.mktgsuite.deluxe.com dex.wfsites.websitecreatorprotool.com sites2.freelogoservices.com cpaneltest.sitekreator.com stage.sitekreator.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-lvhhCZwJR4PzHm7nLNWH7A' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data: http://fonts.googleapis.com http://fonts.gstatic.com http://www.google-analytics.com http://s7.addthis.com http://m.addthisedge.com http://m.addthis.com http://graph.facebook.com http://widgets.pinterest.com http://maps.google.com http://csi.gstatic.com http://maps.gstatic.com http://maps.googleapis.com http://www.linkedin.com http://api-public.addthis.com http://localhost http://player.vimeo.com/; 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' *.builds.gg *.blendbyte.com cdn.onesignal.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.usefathom.com; style-src 'report-sample' 'self' 'unsafe-inline' *.builds.gg; object-src 'none'; base-uri 'self'; connect-src 'self' wss://*.builds.gg *.builds.gg *.blendbyte.com; font-src 'self' data: *.builds.gg fonts.gstatic.com; frame-src 'self' www.google.com www.youtube-nocookie.com iframe.mediadelivery.net; img-src 'self' data: *.builds.gg  *.blendbyte.com www.gstatic.com translate.google.com *.usefathom.com; manifest-src 'self'; media-src 'self'; frame-ancestors 'self'; worker-src 'none'; report-uri https://blendbyte.uriports.com/reports/report; report-to default 1
default-src 'none'; base-uri 'self'; connect-src 'self' *.google-analytics.com googletagmanager.com maps.googleapis.com stats.g.doubleclick.net; font-src 'self'; form-action 'self'; frame-ancestors 'self'; frame-src 'self' *.youtube.com *.youtube-nocookie.com *.google.com *.googletagmanager.com; img-src 'self' *.google-analytics.com maps.gstatic.com *.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com *.youtube.com *.youtube-no-cookie.com *.ytimg.com *.googleapis.com; 1
frame-ancestors 'self'; script-src 'self' https://camaradirecta.test https://camaradirecta.com https://www.googletagmanager.com https://connect.facebook.net https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://cdn.pannellum.org https://connect.facebook.net https://www.google-analytics.com https://static.olark.com https://googleads.g.doubleclick.net https://nrpc.olark.com https://code.jquery.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://*.googleapis.com/ https://*.google.com/ https://*.irplus.in.th/ https://*.jsdelivr.net/ *.thaicreditbank.com https://*.onetrust.com/ https://*.facebook.com/ https://*.facebook.net/ https://*.cloudflare.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googleadservices.com https://d.line-scdn.net/; font-src 'self' 'unsafe-inline' https://*.cloudflare.com/ https://*.googleapis.com/ https://*.gstatic.com; style-src-elem 'self' 'unsafe-inline' https://*.jsdelivr.net/ https://*.googleapis.com/ https://*.gstatic.com https://*.cloudflare.com https://*.googletagmanager.com; object-src 'none'; img-src * 'self' data: https:; 1
font-src *.gstatic.com *.googleapis.com *.bootstrapcdn.com *.fontawesome.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com web.facebook.com *.klaviyo.com *.maybank2u.com.my content.hotjar.io *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.facebook.com web.facebook.com *.gstatic.com *.klaviyo.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com web.facebook.com *.google.com *.klaviyo.com *.hotjar.com *.doubleclick.net connect.facebook.net graph.facebook.com business.facebook.com platform.twitter.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com api.razorpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io gateway.apaylater.com gateway.atome.sg *.googleadservices.com *.google-analytics.com *.paypal.com *.google.com *.google.com.vn *.google.com.sg *.google.com.my *.googleusercontent.com *.googletagmanager.com *.googleoptimize.com *.klaviyo.com qeryz.net *.qeryz.net *.stackpathcdn.com.net *.onesignal.com *.gstatic.com *.googleapis.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ pinterest.com assets.pinterest.com syndication.twitter.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com cdn.razorpay.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ gateway.apaylater.com gateway.atome.sg *.cloudflare.com *.twitter.com *.google-analytics.com *.gstatic.com *.fontawesome.com *.bootstrapcdn.com www.facebook.com *.googletagmanager.com *.onesignal.com onesignal.com *.google.com *.chimpstatic.com chimpstatic.com *.klaviyo.com *.mouseflow.com *.cfjump.com *.babydash.com.my *.babydash.sg qeryz.net *.qeryz.net *.googleoptimize.com *.hotjar.com *.smartlook.com *.googleapis.com *.clarity.ms *.tiktok.com *.stripe.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ twitter.com platform.twitter.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com checkout.razorpay.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com gateway.apaylater.com gateway.atome.sg *.googleapis.com *.gstatic.com *.fontawesome.com *.bootstrapcdn.com *.onesignal.com onesignal.com *.stackpathcdn.com.net *.smartlook.com https://static.klaviyo.com maxcdn.bootstrapcdn.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.paypal.com *.google-analytics.com *.doubleclick.net *.klaviyo.com a.klaviyo.com qeryz.net *.qeryz.net www.facebook.com web.facebook.com *.onesignal.com onesignal.com *.hotjar.io content.hotjar.io wss://*.hotjar.com *.googleapis.com *.clarity.ms *.tiktok.com *.smartlook.cloud *.razer.com connect.facebook.net graph.facebook.com business.facebook.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com lumberjack.razorpay.com lumberjack-metrics.razorpay.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' https://super-monitoring.com https://cdnjs.cloudflare.com https://www.facebook.com https://connect.facebook.net https://*.twitter.com https://*.ads-twitter.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://www.google.com https://www.google.pl/ https://www.google.nl/ https://www.gstatic.com https://www.googleadservices.com https://*.doubleclick.net https://*.onboardflow.com https://*.tawk.to wss://*.tawk.to https://cdn.jsdelivr.net https://api-js.mixpanel.com https://*.mxpnl.com https://*.hotjar.com wss://*.hotjar.com https://*.getreditus.com https://*.getreditus.net https://*.capterra.com https://snap.licdn.com https://*.bing.com https://*.clarity.ms https://cdn.linkedin.oribi.io https://siteimpulse.piwik.pro https://siteimpulse.containers.piwik.pro; font-src 'self' https://super-monitoring.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://*.tawk.to https://siteimpulse.piwik.pro https://siteimpulse.containers.piwik.pro; img-src 'self' https://super-monitoring.com https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://analytics.google.com https://*.doubleclick.net https://www.google.com https://www.google.pl https://www.google.nl https://www.facebook.com https://connect.facebook.net https://*.twitter.com https://t.co https://*.onboardflow.com https://*.tawk.to https://cdn.jsdelivr.net https://tawk.link https://*.getreditus.com https://*.getreditus.net https://*.capterra.com https://*.bing.com https://*.clarity.ms https://*.linkedin.com https://siteimpulse.piwik.pro https://siteimpulse.containers.piwik.pro data:; style-src 'self' 'unsafe-inline' https://super-monitoring.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://fonts.gstatic.com https://www.facebook.com https://connect.facebook.net https://*.onboardflow.com https://*.tawk.to https://cdn.jsdelivr.net https://siteimpulse.piwik.pro https://siteimpulse.containers.piwik.pro; frame-src * 1
default-src 'self' segurosargos.com *.segurosargos.com; script-src https://www.amcharts.com/  https://www.paypal.com/ https://http2.mlstatic.com/ https://sdk.mercadopago.com/ https://api.mercadopago.com/  https://www.gstatic.com https://www.google.com https://code.highcharts.com/ segurosargos.com *.segurosargos.com https://code.jquery.com/ https://maps.googleapis.com/ https://www.youtube.com https://ajax.googleapis.com  'unsafe-inline' https://cdn.ckeditor.com 'unsafe-eval' saludargos.com *.saludargos.com http://maps.google.com https://sealserver.trustwave.com/; style-src https://cdnjs.cloudflare.com/ segurosargos.com *.segurosargos.com https://fonts.googleapis.com 'unsafe-inline' saludargos.com *.saludargos.com *.argoscapacita.com; style-src-elem https://cdnjs.cloudflare.com/  https://fonts.googleapis.com 'unsafe-inline' segurosargos.com *.segurosargos.com saludargos.com *.saludargos.com http://www.saludargos.com *.argoscapacita.com ;font-src segurosargos.com *.segurosargos.com https://fonts.gstatic.com/ saludargos.com *.saludargos.com; connect-src https://www.sandbox.paypal.com/ https://maps.googleapis.com/ segurosargos.com *.segurosargos.com http://www.segurosargos.com https://api.mercadopago.com/ https://www.mercadolibre.com/ https://events.mercadopago.com/ https://api.mercadolibre.com; img-src * data:; frame-src https://www.youtube.com segurosargos.com *.segurosargos.com saludargos.com *.saludargos.com https://www.google.com/ https://www.mercadopago.com/ https://mercadopago.com.mx/ https://www.mercadolibre.com/ https://www.mercadopago.com.mx/ https://www.sandbox.paypal.com https://www.vidago.mx/ https://www.argoscapacita.com ; frame-ancestors 'self' https://www.vidago.mx/ https://www.argoscapacita.com;  media-src https://www.argoscapacita.com 1
default-src 'self';  script-src 'report-sample' 'unsafe-inline' 'self' 'unsafe-eval' https://snap.licdn.com https://sidebar.bugherd.com https://www.googletagmanager.com https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js https://cdn.cookielaw.org https://www.google-analytics.com https://use.typekit.net https://www.bugherd.com/sidebarv2.js https://sidebar.bugherd.com/embed.js https://player.vimeo.com https://www.youtube.com https://carlisle-embedded.partcommunity.com; style-src 'report-sample' 'unsafe-inline' 'self' https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net;  object-src 'none';  base-uri 'self';  connect-src 'self'  wss://ws-mt1.pusher.com https://sidebar.bugherd.com https://sessions.bugsnag.com https://sockjs.pusher.com https://cdn.cookielaw.org https://stats.g.doubleclick.net https://geolocation.onetrust.com https://privacyportal.onetrust.com https://analytics.google.com https://www.google-analytics.com;  font-src 'self' data: https://carlisleitstg.wpengine.com https://fonts.gstatic.com https://use.typekit.net;  frame-src 'self'  https://www.googletagmanager.com https://td.doubleclick.net https://9575053.fls.doubleclick.net https://sidebar.bugherd.com https://player.vimeo.com https://www.youtube.com https://carlisle-embedded.partcommunity.com;  form-action 'self' http://analytics.clickdimensions.com/;  img-src 'self' https://px.ads.linkedin.com https://bugherd-attachments.s3.amazonaws.com https://d2iiunr5ws5ch1.cloudfront.net/ https://www.googletagmanager.com https://www.google-analytics.com https://www.google.com data: https://ad.doubleclick.net https://cdn.cookielaw.org https://p.typekit.net https://i.vimeocdn.com https://secure.gravatar.com https://www.google.co.in;  manifest-src 'self';  media-src 'self' https://player.vimeo.com https://www.youtube.com;  worker-src 'none'; 1
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://pfrest.mobile.wozutesten.de https://translate.googleapis.com https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://tools.petafuel.de https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://maytrics.marvellousmachine.net https://news.global-konto.com https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ; 1
upgrade-insecure-requests; base-uri 'none'; font-src 'self' data: fonts.gstatic.com *.trustarc.com; form-action 'self'; frame-ancestors 'self'; object-src 'self'; default-src 'self' *.trustarc.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com ; img-src 'self' *.trustarc.com *.truste.com ; script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.trustarc.com; style-src 'unsafe-inline' 'self' fonts.googleapis.com *.trustarc.com  ; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' dpm.demdex.net *.telus.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: telus.122.2o7.net 1
script-src http: https: https://www.various-brands.ro/ 'unsafe-inline' https://www.googletagmanager.com https://www.google.com/ https://lockerplugin.sameday.ro https://event.2performant.com https://consentcdn.cookiebot.com; style-src 'self' blob: https: 'unsafe-inline' https://www.various-brands.ro/; img-src data: http: https: www.googletagmanager.com https://event.2performant.com https: consentcdn.cookiebot.com https: lockerplugin.sameday.ro; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.fontawesome.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.hotjar.com *.google.com *.2performant.com lockerplugin.sameday.ro consentcdn.cookiebot.com; 1
frame-ancestors 'self' *.edpenergia.es  ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com googleads.g.doubleclick.net *.google.com *.googleoptimize.com *.google-analytics.com *.youtube.com track.adform.net s2.adform.net *.facebook.net *.googleapis.com *.captcha.com *.google.com *.edp.pt *.facebook.com *.googletagmanager.com *.linkedin.com *.gstatic.com *.static.hotjar.com *.hotjar.com *.hotjar.io bywe2.byside.com bat.bing.com cdn.cookielaw.org *.onetrust.com *.glancecdn.net s3.amazonaws.com/glancecdn/* *.teads.tv *.licdn.com embed.typeform.com t.helion.exchange secure.adnxs.com ads-engagement.presage.io s.richmediastudio.com *.taboola.com *.clarity.ms c.bing.com *.visualwebsiteoptimizer.com *.vwo.com widget.trustpilot.com cdn.trustindex.io 1
default-src 'self';script-src * https: 'unsafe-inline' 'unsafe-eval';frame-src *;style-src https: 'unsafe-inline';font-src *;img-src * data:;connect-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleadservices.com *.gstatic.com *.hotjar.com *.doubleclick.net *.arabbank.com *.google.com *.facebook.net *.facebook.com *.googleapis.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google-analytics.com google-analytics.com www.googletagmanager.com www.youtube.com www.linkedin.com linkedin.com instagram.com  twitter.com *.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.readspeaker.com data:;                      frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.google.com 10.1.228.170 10.1.228.172 www.youtube-nocookie.com youtube-nocookie.com www.youtube.com platform.twitter.com *.arabbank.com embed.typeform.com bid.g.doubleclick.net geo-tracker.ads.memob.com *.readspeaker.com 10.1.30.170 10.1.30.170:15871 tools.eurolandir.com tools.euroland.com;               script-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.readspeaker.com *.doubleclick.net *.google.com *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.googletagmanager.com *.google-analytics.com google-analytics.com *.googleadservices.com ajax.googleapis.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com 10.1.30.170 *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat;                       connect-src 'self' 'unsafe-inline' 'unsafe-eval' wss://anaarabi.arabbank.com *.hotjar.com *.doubleclick.net *.google.com *.readspeaker.com www.google-analytics.com google-analytics.com *.googleapis.com *.gstatic.com *.arabbank.com embed.typeform.com geo-tracker.ads.memob.com  www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa;                       img-src 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.doubleclick.net *.facebook.net *.facebook.com *.googletagmanager.com www.google.jo *.googleapis.com *.google-analytics.com google-analytics.com syndication.twitter.com *.gstatic.com *.abwebadmin.com *.arabbank.com geo-tracker.ads.memob.com embed.typeform.com www.arabbank.ae arabbank.ae arabbank.com.lb www.arabbank.com.lb arabbank.dz www.arabbank.dz www.arabbank.bh arabbank.bh  www.arabbank.com arabbank.com arabbank.com.eg www.arabbank.com.eg www.arabbank.jo arabbank.com.jo arabbank.jo www.arabbank.com.jo www.arabbank.com.lb arabbank.com.lb arabbank.ma arabbank.ma www.arabbank.ps arabbank.ps www.arabbank.com.qa arabbank.com.qa *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat       data:;                       script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.hotjar.com *.googleadservices.com *.doubleclick.net *.google.com *.googleapis.com  *.readspeaker.com *.facebook.com *.facebook.net script.crazyegg.com 10.1.228.170 10.1.228.172 *.google-analytics.com *.gstatic.com *.googletagmanager.com *.arabbank.com *.typeform.com  geo-tracker.ads.memob.com 10.1.30.170 10.1.30.170:15871 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://f1-eu.readspeaker.com https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://static.addtoany.com https://unpkg.com https://webchat.wheatleygroupservices.com https://www.google.com; script-src-elem 'self' 'unsafe-inline' https://translate.google.com/translate_a/element.js https://translate.googleapis.com/ https://translate-pa.googleapis.com/ https://ajax.googleapis.com https://maxcdn.bootstrapcdn.com/ https://cdn.gtranslate.net/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://f1-eu.readspeaker.com https://maps.googleapis.com https://platform.twitter.com https://polyfill-fastly.io https://polyfill.io https://static.addtoany.com https://unpkg.com https://webchat.wheatleygroupservices.com https://www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com; style-src-elem 'self' 'unsafe-inline' https://www.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://unpkg.com https://use.fontawesome.com; frame-ancestors 'self' 1
script-src  'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.sagepay.com *.paypal.com *.paypalobjects.com *.googleadservices.com *.doubleclick.net static.zdassets.com *.google.com *.gstatic.com 1
default-src 'self' lakareutangranser.se *.lakareutangranser.se; script-src 'self' 'unsafe-inline' 'unsafe-eval' lakareutangranser.se *.lakareutangranser.se *.cookielaw.org *.dibspayment.eu connect.facebook.net snap.licdn.com acdn.adnxs.com 510004988.collect.igodigital.com cdn.linkedin.oribi.io polyfill.io cdn.jsdelivr.net cdnjs.cloudflare.com *.lawly.app *.adoveo.com *.prezicdn.net *.bing.com *.mynewsdesk.com *.instagram.com https://lakareutangranser.confetti.events/common/scripts/embed.js https://d3p7p6awqnheqh.cloudfront.net/build/assets/embed-6735a149.js *.google.com *.gstatic.com *.youtube.com *.facebook.net *.adnxs.com *.mookie1.com *.googletagmanager.com *.doubleclick.net https://charityplugin.waytobill.com/lakareutangranser *.payex.com applepay.cdn-apple.com; object-src 'self' https://charityplugin.waytobill.com/lakareutangranser; style-src 'self' 'unsafe-inline' lakareutangranser.se *.lakareutangranser.se *.typekit.net *.myfonts.net *.dibspayment.eu *.jsdelivr.net *.cloudflare.com *.mynewsdesk.com *.googleapis.com https://d3p7p6awqnheqh.cloudfront.net/build/assets/embed-b2c9b244.css https://lakareutangranser.confetti.events/common/style/embed.css; img-src 'self' lakareutangranser.se *.lakareutangranser.se data: *.cookielaw.org *.facebook.com *.bing.com *.mookie1.com *.adnxs.com *.linkedin.com *.igodigital.com *.openstreetmap.org via.tt.se *.confetticdn.com *.dibs.se *.ytimg.com *.googleapis.com *.gstatic.com; media-src 'self'; frame-src 'self' *.soundcloud.com *.doubleclick.net *.dibspayment.eu *.youtube.com *.facebook.com *.adoveo.com *.mynewsdesk.com *.lawly.app *.instagram.com *.google.com https://charityplugin.waytobill.com/lakareutangranser https://open.spotify.com/ *.payex.com *.trustly.com; child-src 'self' *.soundcloud.com *.doubleclick.net *.dibspayment.eu *.youtube.com *.facebook.com *.adoveo.com *.payex.com; font-src 'self' data: *.typekit.net fonts.gstatic.com; connect-src 'self' lakareutangranser.se *.lakareutangranser.se *.cookielaw.org *.onetrust.com cdn.linkedin.oribi.io stats.g.doubleclick.net *.confetti.events *.googleapis.com https://px.ads.linkedin.com/wa/ *.payex.com pay.google.com google.com/pay *.google.com/pay 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.cloudflare.com https://github.com https://static.cloudflareinsights.com https://cdn.jsdelivr.net https://cosmetics.lk https://www.googletagmanager.com https://stats.wp.com https://www.paypalobjects.com https://s3.amazonaws.com https://*.stripe.com https://*.list-manage.com https://*.ggpht.com https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; img-src 'self' data: https://sw-themes.com https://www.paypalobjects.com https://cosmetics.lk https://yt3.ggpht.com/ https://pixel.wp.com/ https://www.google.lk/ https://secure.gravatar.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; object-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; frame-src 'self' data: https://*.paypal.com/ https://*.stripe.com/ https://www.google.com/ https://test-seylan.mtf.gateway.mastercard.com/ https://seylan.gateway.mastercard.com/ https://www.youtube.com/ https://*.ytimg.com/ https://cosmetics.lk/ https://omnisnippet1.com/ https://*.soundestlink.com/ https://fedpg-onus.pc.enstage-sas.com/ https://www.paystage.com/; 1
frame-ancestors 'self' *.siv-ams.servebolt.cloud; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googlesyndication.com *.magicline.com *.googleapis.com *.woosmap.com *.cookiebot.com *.radiosphere.io connect.getflowbox.com widgets.trustedshops.com www.googletagmanager.com tagmanager.google.com www.youtube.com www.google.com www.gstatic.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net vercel.live connect.facebook.net cdn.vercel-insights.com https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com sc-static.net *.adform.net metrics.rsggroup.com tr.snapchat.com tr.snapchat.com/config facebook.com *.cloudflare.com analytics.tiktok.com hal9000.redintelligence.net *.zdassets.com https://static.hotjar.com; connect-src 'self' data: *.bing.com https://facebook.com https://www.facebook.com *.typekit.net *.magicline.com *.googleapis.com *.woosmap.com *.radiosphere.io *.sentry.io www.google-analytics.com stats.g.doubleclick.net www.google.com googleads.g.doubleclick.net vitals.vercel-insights.com vercel.live *.adyen.com googletagmanager.com google-analytics.com region1.google-analytics.com region1.analytics.google.com ws://127.0.0.1:53911 https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com consentcdn.cookiebot.com tr.snapchat.com tr.snapchat.com/config facebook.com sc-static.net *.adform.net metrics.rsggroup.com analytics.tiktok.com hal9000.redintelligence.net rsg-group.course-api.mysports.com facebook.com *.zdassets.com *.pinimg.com *.bing.com *.zendesk.com *.pangle-ads.com *.pinterest.com *.siv-ams.servebolt.cloud; style-src 'self' 'unsafe-inline' *.googleapis.com tagmanager.google.com *.typekit.net; font-src 'self' data: assets.vercel.com fonts.gstatic.com *.typekit.net; img-src 'self' blob: data: golds-gym.de *.gstatic.com *.googleapis.com *.woosmap.com *.radiosphere.io *.rsggroup.com ssl.gstatic.com www.gstatic.com *.adyen.com googleads.g.doubleclick.net www.google.com www.google.de www.google-analytics.com assets.vercel.com vercel.com vercel.live www.facebook.com https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://www.google-analytics.com tr.snapchat.com analytics.tiktok.com hal9000.redintelligence.net assets.magicline.com googleadservices.com *.googleadservices.com *.pinterest.com *.bing.com *.cookiebot.com; media-src 'self' *.rsggroup.com *.radiosphere.io *.fluxfm.de *.streamabc.net *.typekit.net; manifest-src 'self' 1
default-src 'self' data: 'unsafe-inline' testfrontend.grupocdv.com media.grupocdv.com cdnjs.cloudflare.com code.jquery.com *.tripadvisor.com *.google.com *.google.es *.googleapis.com *.googletagmanager.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.amazonaws.com *.prismic.io *.youtube.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' data: 'unsafe-inline' 'unsafe-eval' *.jquery.com *.gstatic.com *.prismic.io *.googleapis.com *.google.com *.google.es *.jsdelivr.net *.googletagmanager.com *.google-analytics.com *.doubleclick.net; script-src-attr 'self' data: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' testfrontend.grupocdv.com *.grupocdv.com *.gac.travel *.prismic.io *.googleapis.com *.googleapis.com *.google.com *.google.es google.com google.es *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.googlesyndication.com 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://selectra.com.co/report-uri/enforce 1
frame-ancestors *.megabrands.com *.megabloks.com *.megaunboxed.com; frame-src 'self' *.megabrands.com *.megabloks.com *.megaunboxed.com *.brightcove.net *.evidon.com *.truste.com *.trustarc.com *.privo.com *.opinionstage.com 1
frame-ancestors 'self' https://franklin.instructure.com; 1
frame-ancestors 'self' *.velocihost.net; 1
default-src 'self';  frame-src *;  connect-src *; img-src * data: ; style-src * 'unsafe-inline';  script-src-elem * 'unsafe-inline'; font-src * data: 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' wcs.naver.net rum.beusable.net script.beusable.net mgxauaxkqisl514632.cdn.ntruss.com *.beusably.net 'unsafe-eval' sas.nsm-corp.com teralog.techhub.co.kr www.googletagmanager.com;object-src 'self' xv-ncloud.pstatic.net *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com;media-src 'self' *.ncloud.com xv-ncloud.pstatic.net blob:;style-src 'self' 'unsafe-inline' *.beusably.net www.googletagmanager.com fonts.googleapis.com;img-src 'self' data: ssl.pstatic.net *.ncloud.com xv-ncloud.pstatic.net ncloud-cs.static.naver.com i.ytimg.com *.apigw.ntruss.com wcs.naver.com ngc1.nsm-corp.com teralog.techhub.co.kr sync.admixer.co.kr:4450 www.googletagmanager.com fonts.gstatic.com;frame-src nid.naver.com *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com www.youtube.com xv-ncloud.pstatic.net;connect-src 'self' *.ncloud.com *.gov-ncloud.com *.fin-ncloud.com xv-ncloud.pstatic.net *.naver.com blob: *.google.com wss://rum.beusable.net *.beusably.net ba.beusable.net www.google-analytics.com;font-src 'self' ssl.pstatic.net fonts.gstatic.com 1
object-src 'none'; form-action 'self'; frame-ancestors https://www.maybank-kimeng.com.vn/ 'self' 1
frame-ancestors 'self' https://librairie-bayard.com https://app.bayam.tv https://preprod.sso.bayard-jeunesse.com; 1
font-src *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.cloudflare.com *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com *.sharethis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.google.com *.google.co.nz *.doubleclick.net *.demdex.net c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.sharethis.com www.facebook.com www.google.co.in *.littlefarms.com *.emarsys.net *.gstatic.com *.googleapis.com 'self' data: *.google.com *.google.co.nz *.shopify.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.sharethis.com www.googleoptimize.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.scarabresearch.com *.emarsys.net *.googleapis.com *.newrelic.com *.google.com *.google.co.nz *.gstatic.com *.facebook.net *.nr-data.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.sharethis.com *.fontawesome.com *.googleapis.com *.cloudflare.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.sharethis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.scarabresearch.com *.emarsys.net *.googleapis.com *.doubleclick.net *.nr-data.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: data: 'unsafe-inline' 'unsafe-eval' wss: 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.luqueacademy.com 1
script-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ 'unsafe-inline' 'unsafe-eval' blob:;connect-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/;frame-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ mailto:;frame-ancestors https://mytest.efrei.fr https://www.efrei.fr https://*.myefrei.fr/ 'self';worker-src https://*.myefrei.fr/ blob: 'self';img-src 'self' https://*.google-analytics.com/ https://www.googletagmanager.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://login.microsoftonline.com/ https://*.cdninstagram.com/ https://pbs.twimg.com/ https://www.youtube.com/ https://i.ytimg.com/ https://*.myefrei.fr/ https://www.recaptcha.net/recaptcha/ https://recaptcha.net/recaptcha/ https://*.gstatic.cn/recaptcha/ https://*.tile.openstreetmap.org/ data: blob:;object-src 'self';default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.com.hr https://www.myheritage.com.hr  'nonce-3f28d0887016717f238153d28d2a00d4' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.com.hr;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
frame-ancestors 'self' https://nationalbroadbandireland.lightning.force.com/ 1
frame-ancestors 'self' superapp-courier.vercel.app 1
frame-ancestors 'self' youtube.com; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com https://embed.tawk.to https://cdn.jsdelivr.net https://cdn.cookielaw.org/ https://open.spotify.com/ https://resources.digital-cloud-west.medallia.com https://tawk.to/chat/5e9845ff69e9320caac42d5b/default http://resources.digital-cloud-west.medallia.com https://cdn.equalweb.com/ https://access.equalweb.com/ https://privacyportal-br-cdn.onetrust.com https://plugin.handtalk.me/ https://translation-v3.handtalk.me/ https://md-scp.kampyle.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googletagmanager.com *.google.com *.gstatic.com *.googleapis.com *.ytimg.com *.youtube.com *.gravatar.com *.yoast.com yoast.com cdnjs.cloudflare.com github.com brainstormforce.github.io googleads.g.doubleclick.net google-analytics.com *.google-analytics.com *.google.com.br *.twillio.com *.cloudfront.net *.rdstation.com.br 1
frame-ancestors https://*.ariba.com https://*.jaggaer.com https://*.linde.grp:* https://*.onninen.com 1
default-src 'self' 'unsafe-inline' *.googleadservices.com webcdn.quicktalk.com; img-src 'self' data: *.linkedin.com *.licdn.com *.linkedin.com *.adsymptotic.com *.oribi.io *.bizographics.com *.facebook.com *.googletagmanager.com *.tiktok.com webcdn.quicktalk.com google-analytics.com *.google-analytics.com *.facebook.com *.imgur.com *.ytimg.com ytimg.com; script-src 'unsafe-inline' 'self' *.googleadservices.com *.licdn.com *.algolianet.com *.algolia.net *.googlesyndication.com quicktalk.postaffiliatepro.com *.g.doubleclick.net facebook.com storage.googleapis.com ct.capterra.com google.com google.fr  youtube.com *.google-analytics.com *.googleadservices.com *.googletagmanager.com gstatic.com *.g.doubleclick.net *.gstatic.com *.facebook.net *.google.com *.tiktok.com; style-src 'self' *.quicktalk.com https://fonts.googleapis.com fonts.gstatic.com 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.googletagmanager.com *.tiktok.com; connect-src 'self' *.googleusercontent.com *.algolia.net *.algolianet.com *.oribi.io *.googlesyndication.com *.quicktalk.com *.googleadservices.com *.google.com *.google-analytics.com *.google.fr *.g.doubleclick.net *.googletagmanager.com *.tiktok.com; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; media-src 'self' *.quicktalk.com; frame-src 'self' *.quicktalk.com *.youtube-nocookie.com *.google.com *.youtube.com youtube-nocookie.com *.facebook.com *.doubleclick.net *.tiktok.com; child-src 'self' *.quicktalk.com; form-action 'self' *.facebook.com; frame-ancestors 'self' *.quicktalk.com; object-src 'none'; base-uri 'self'; worker-src 'self' *.quicktalk.com; manifest-src 'self'; navigate-to 'self' *.quicktalk.com; upgrade-insecure-requests 1
script-src 'report-sample' 'nonce-2RADDZfBcEUqi0eAtxJZag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self',script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/DurableDeepLinkUi/cspreport/allowlist,require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport 1
object-src 'none'; report-uri https://www.tangoenergy.com/report-uri/enforce 1
font-src 'self' *.gstatic.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.visioncu.ca data:; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.visioncu.ca; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cdic.ca *.gstatic.com *.google.com googleads.g.doubleclick.net www.googleadservices.com connect.facebook.net www.googletagmanager.com www.google-analytics.com *.googleapis.com *.youtube.com s.ytimg.com tagmanager.google.com *.bing.com *.unblu.com *.unblu-env.com *.unblu.com *.opentok.com *.tokbox.com *.celeroxpress.ca *.visioncu.ca; img-src * data:; worker-src 'self' blob:; ; 1
frame-ancestors 'self' https://*.visiondirect.it https://*.luxottica.com https://*.essilorluxottica.com; 1
script-src http: https: https://m2.weylandts.co.za/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline' https://m2.weylandts.co.za/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com staticw2.yotpo.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com *.publitas.com 1
base-uri 'none';child-src 'none';connect-src 'self' api-js.mixpanel.com client.axept.io api.axept.io vitals.vercel-insights.com back.whentocop.fr backend.whentocop.fr whentocop-backend-staging.herokuapp.com wtc-comparator-api.herokuapp.com https://wtc-comparator-api-staging.herokuapp.com www.google-analytics.com www.dwin1.com r.skimresources.com t.skimresources.com stockx.pvxt.net electric-vibrant.whentocop.fr backend-staging.whentocop.fr https://region1.google-analytics.com;default-src 'self';font-src 'self' data:;form-action 'self';frame-ancestors 'none';frame-src 'none';img-src 'self' statics.whentocop.fr static.axept.io client.axept.io axeptio.imgix.net s3.eu-west-3.amazonaws.com www.google.com www.google-analytics.com www.awin1.com t.skimresources.com p.skimresources.com t0.gstatic.com t1.gstatic.com t2.gstatic.com t3.gstatic.com logs-01.loggly.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr data:;manifest-src 'self';media-src 'self';object-src 'none';prefetch-src 'self';script-src 'self' static.axept.io client.axept.io vitals.vercel-insights.com api-js.mixpanel.com www.googletagmanager.com www.google-analytics.com www.dwin1.com www.dwin2.com d.impactradius-event.com s.skimresources.com cdn.usefathom.com electric-vibrant.whentocop.fr backend-staging.whentocop.fr 'unsafe-inline';style-src 'self' 'unsafe-inline';worker-src 'self'; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://thinkgrowth.org https://*.thinkgrowth.org https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src https: http: data: wss: blob: 'unsafe-inline'; object-src 'none'; script-src 'self' https: http: 'unsafe-eval' 'unsafe-inline'; worker-src 'self' https: http: data: blob: 1
script-src http: https: https://zhik.com/ 'unsafe-inline' *.flowpaper.com flowpaper.com *.yotpo.com *.weglot.com *.adyen.com *.instant.one *.googletagmanager.com; style-src 'self' blob: https: 'unsafe-inline' https://zhik.com/ *.weglot.com *.ubembed.com *.unbounce.com; img-src data: http: https: *.adyen.com *.ubembed.com; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' fonts.gstatic.com *.gozayaan.com *.yotpo.com *.paypal.com *.instant.one *.ubembed.com; frame-src assets.braintreegateway.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.googletagmanager.com *.flowpaper.com flowpaper.com *.facebook.com *.adyen.com *.paypal.com *.instant.one mail.zhik.com *.ubembed.com; 1
require-trusted-types-for 'script'; report-uri https://grepular.report-uri.com/r/d/csp/enforce; default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 1
default-src 'self' www.wcu.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net use.fontawesome.com *.wave2.io *.poshdevelopment.com *.timevaluecalculators.com *.vimeocdn.com *.cloudfront.net/ www.digindemo.com/ app-wcu-eastus-prod.azurewebsites.net app-wcu-eastus-prod-green.azurewebsites.net *.googletagmanager.com *.licdn.com ws.rightonin.com *.hotjar.com rw1.calls.net s.pinimg.com *.googleadservices.com *.g.doubleclick.net *.wcu.com nexus.ensighten.com tags.srv.stackadapt.com *.vimeo.com *.callrail.com *.stackadapt.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net web-chat.nativechat.com *.eloqua.com *.en25.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.timevaluecalculators.com cdn.datatables.net *.typekit.net/ *.typography.com/ localhost *.cloudfront.net/ www.wcu.com tags.srv.stackadapt.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.kargo.com *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.timevaluecalculators.com https://localhost/ localhost *.amazonaws.com/ *.cloudfront.net/ www.wcu.com *.ads.linkedin.com *.google.com px.marchex.io ct.pinterest.com p.adsymptotic.com cs.choozle.com tags.bluekai.com idsync.rlcdn.com odr.mookie1.com dp-sync.dotomi.com pixel.prfct.co trc.taboola.com p.truefitcorp.com aorta.clickagy.com fzlnk.com ums.acuityplatform.com synchroscript.deliveryengine.adswizz.com sync.smartadserver.com mmtro.com live.rezync.com *.typixel.com img.webmd.com sync.1rx.io cm.ctnsnet.com wam.solution.weborama.fr b1sync.zemanta.com ag.innovid.com cm.adgrx.com *.skimresources.com pippio.com segments.company-target.com cmi.netseer.com https://c.us1.dyntrk.com *.insightexpressai.com *.narrative.co *.ispot.tv *.mmsho.com *.postrelase.com *.media6degrees.com *.mediawallahscript.com magnetic.t.domdex.com www.totaljobs.com ardrone.swoop.com tag.crsspxl.com soundwave.bnmla.com *.acxiomapac.com prod.v-medialink.com google.com ad.mrtnsvr.com *.adstir.com *.socdm.com *.doubleclick.net tags.srv.stackadapt.com https://secure.adnxs.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.typekit.net/ *.bugherd.com/ *.cloudfront.net/ app-wcu-eastus-prod.azurewebsites.net app-wcu-eastus-prod-green.azurewebsites.net; frame-src *.vimeo.com vimeo.com *.youtube.com *.cusonet.com *.wave2.io *.bostonsoftware.com *.singlepointrating.com collegeroadmap.communityamerica.com/ *.poshdevelopment.com www.digindemo.com/ vars.hotjar.com www.pinterest.com *.g.doubleclick.net *.google.com insight.adsrvr.org *.cloudfront.net *.doubleclick.net ct.pinterest.com 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.g.doubleclick.net *.mktoresp.com *.google-analytics.com collegeroadmap.communityamerica.com *.pusherapp.com *.pusher.com/ *.poshdevelopment.com wss://ws.pusherapp.com ct.pinterest.com *.hotjar.com wss://*.hotjar.com tags.srv.stackadapt.com *.facebook.com js.callrail.com analytics.google.com *.oribi.io https://px.ads.linkedin.com https://content.hotjar.io 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 'self' web-chat.nativechat.com 1
frame-ancestors https://api.alnafi.com https://portal.alnafi.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' *.cinema.com.hk http://www2.lb-swireproperties.com *.apple.com placehold.it remote.captcha.com *.tekcent.com *.google.com *.maps.google.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.facebook.com *.facebook.net *.akamaihd.net *.fbcdn.net *.google-analytics.com *.pinterest.com *.twitter.com *.youtube.com  *.twitch.com *.themiddlehousehotel.com cdnjs.cloudflare.com api.userinfo.io *.google.com *.sinaimg.cn *.doubleclick.net *.typekit.net data: *.cdninstagram.com *.typography.com browser-update.org *.swireproperties.com *.linkedin.com www.irasia.com *.addthis.com *.addthisedge.com aspen.refineryclub.com *.msecnd.net *.corporateshowcase.com *.windows.net maps.gstatic.cn jsonip.com *.google.cn freegeoip.net *.gstatic.com stackpath.bootstrapcdn.com code.jquery.com placehold.it code.createjs.com *.tekcent.com *.azure.net *.addthisedge.com *.msecnd.net *.baidu.com *.windows.net http://*.sinaimg.cn https://j02.optimix.asia https://s3-ap-southeast-1.amazonaws.com http://swireproperties.blob.core.windows.net https://e02.optimix.asia https://www.tripadvisor.com https://www.jscache.com https://www.tripadvisor.com https://en.tripadvisor.com.hk https://www.jscache.com files.chinafy.com *.tekcent.com https://static.tacdn.com https://p.travelsmarter.net https://tag.yieldoptimizer.com https://pixel.sojern.com https://ib.adnxs.com http://spl.blob.core.windows.net *.map.bdimg.com j02.optimix.asia e02.optimix.asia tag.adaraanalytics.com dsum-sec.casalemedia.com us-u.openx.net sd.turn.com pixel.advertising.com ad.yieldlab.net i.liadm.com idsync.rlcdn.com tag.yieldoptimizer.com tapestry.tapad.com ib.adnxs.com pixel.rubiconproject.com dsum.casalemedia.com rtb.gumgum.com www.google.com.vn dpm.demdex.net beacon.krxd.net *.triptease.io  addtocalendar.com *.tripadvisor.co.uk *.tripadvisor.com *.tripadvisor.com.hk theta360.com http://api.sharerails.com s3.amazonaws.com https://sdn.sitecore.net http://api.map.baidu.com api.stathat.com z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.io api.ipstack.com s3.amazonaws.com www.pacificplace.com.hk *.cloudfront.net blob: z.moatads.com *.sharerails.com *.hotjar.com *.hotjar.ioapi.ipstack.com s3.amazonaws.com www.pacificplace.com.hk *.cloudfront.net *.adsrvr.org *.google.com.hk *.moatads.com *.bidswitch.net *.pubmatic.com *.yahoo.com js-agent.newrelic.com bam.eu01.nr-data.net https://bam.eu01.nr-data.net https://js-agent.newrelic.com *.newrelic.com *.nr-data.net *.cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io http://cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io https://cp2-idd.129b09a9628041de96fa.eastasia.aksapp.io *.cityplaza.com *.elfsightcdn.com *.elfsight.com https://uat-hk1crm.pacificplace.com.hk https://e.issuu.com/ http://www.pacificplace.com.hk https://www.pacificplace.com.hk https://above.pacificplace.com.hk https://cdn.mouseflow.com *.geo0.ggpht.com https://geo0.ggpht.com *.ggpht.com *.sharethis.com; 1
report-uri *; child-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample' http: https: data: mediastream: blob: filesystem:; frame-ancestors *; object-src *; frame-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' 'report-sample' http: https: data: mediastream: blob: filesystem:; worker-src *; manifest-src *; upgrade-insecure-requests 1
frame-ancestors 'self' https://devportalpy.mitic.gov.py https://devpagos.mitic.gov.py https://www.paraguay.gov.py https://pagos.paraguay.gov.py https://centinelapistag.cardinalcommerce.com https://testflex.cybersource.com 1
frame-ancestors 'self' storymaps.arcgis.com 1
frame-ancestors 'self' *.umww.com *.youtube.com *.vimeo.com *.google.com *.facebook.com *.twitter.com *.linkedin.com; 1
default-src https: 'self' 'unsafe-inline' 'unsafe-eval' *.odmsoft.com *.cloudflare.com *.googleapis.com *.gstatic.com; img-src https: data:; media-src https:; font-src https: data: 1
object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' static.hsappstatic.net mcprod.hookah-shisha.com www.googletagmanager.com cdn.statstrk01.com js-eu1.hs-scripts.com cdn-widgetsrepository.yotpo.com *.yotpo.com js-eu1.usemessages.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net www.youtube.com static.doubleclick.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net *.ryzeo.com www.google-analytics.com *.signifyd.com *.spreedly.com *.privy.com www.hookah-shisha.com pop1.screenpopper.com www.googleoptimize.com *.surfside.io *.mczbf.com growth-hit.s3.us-west-2.amazonaws.com smct.co js.smct.io js.alocdn.com *.shop.pe d3rr3d0n31t48m.cloudfront.net static.bouncepilot.com addshoppers.s3.amazonaws.com static.addtoany.com imgs.cdn-btsg.com js-eu1.hsforms.net www.google.com/recaptcha/ *.klarnacdn.net *.vr-pay-ecommerce.de *.hotjar.com *.hotjar.io *.klaviyo.com connect.facebook.net cdn01.basis.net www.google.com *.pagesense.io *.zohopublic.com *.zohocdn.com *.zohostatic.com track.omguk.com addshoppers.com d2mjzob2nc713b.cloudfront.net *.traversedlp.com voltn.com wt.rqtrk.eu *.criteo.com shop.pe/widget/conv shop.pe/widget/conv/* shop.pe/widget/main/init/params shop.pe/widget/widget_async.js https://shop.pe/widget/conv https://shop.pe/widget/conv/params https://shop.pe/widget/conv/params* *.hookah-shisha.com *.southsmoke.com; report-uri /.webscale/csp-report 1
default-src 'self' data: 'unsafe-eval' 'unsafe-inline' blob: *.brightcove.com *.cloudfront.net *.doubleclick.net *.google.com *.facebook.com forms.hsforms.com app.hubspot.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud house-fastly-signed-eu-west-1-prod.brightcovecdn.com https://forms.hubspot.com www.connectidfeed.com otp.tools.investis.com irs.tools.investis.com https://www.youtube.com/ https://youtu.be/ https://www.youtube.com/iframe_api *.investisapi.com investisapi.com *.posthog.com wec-assets.terminus.services player.vimeo.com players.brightcove.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.convertexperiments.com *.hsforms.net *.jsdelivr.net *.googletagmanager.com *.connectid.cloud *.investis.com *.jquery.com *.cloudflare.com *.googleusercontent.com *.cloudfront.net *.hsforms.com *.facebook.net *.licdn.com *.google-analytics.com *.googleadservices.com *.investisdigital.com *.doubleclick.net *.lfeeder.com *.investis.com blob: data: *.hs-scripts.com *.google.com *.gstatic.com *.googleapis.com *.hsleadflows.net *.hsadspixel.net *.usemessages.com *.hs-analytics.net *.hs-banner.com brightcove.hs.llnwd.net matomo-prod.connectid.cloud unpkg.com tools.luckyorange.com *.investisapi.com investisapi.com *.posthog.com wec-assets.terminus.services; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.cloudflare.com *.googleusercontent.com *.investis.com *.cloudfront.net ; img-src 'self' data: 'unsafe-inline' 'unsafe-eval' *.investisdigital.com *.connectid.cloud *.investis.com *.facebook.com *.linkedin.com *.google.com *.google.co.in *.cloudfront.net *.brightcove.com *.lfeeder.com *.adsymptotic.com *.google-analytics.com *.hsforms.com *.gstatic.com *.googleapis.com *.googletagmanager.com *.hubspot.com  brightcove.hs.llnwd.net cf-images.eu-west-1.prod.boltdns.net *.wpengine.com https://exceptions.hs-embed-reporting.com wec-assets.terminus.services match.adsrvr.org; font-src 'self' *.cloudfront.net *.googleusercontent.com *.gstatic.com; connect-src 'self' *.amazonaws.com *.brightcove.com *.luckyorange.net *.linkedin.com *.google-analytics.com *.investis.com *.doubleclick.net *.googleapis.com wss://*.visitors.live wss://visitors.live *.investisdigital.com *.hubspot.com *.hubapi.com forms.hsforms.com www.facebook.com api.luckyorange.com matomo-prod.connectid.cloud settings.luckyorange.com wss://mqtt.luckyorange.com/mqtt public-auth-dot-lucky-orange.appspot-preview.com api-preview.luckyorange.com wss://realtime.luckyorange.com app.posthog.com cdn.linkedin.oribi.io analytics.google.com *.visitors.live *.live; report-uri /report-csp-violation 1
default-src https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; img-src https: data: 'self'; frame-ancestors 'self' http: https:; base-uri 'self'; form-action 'self' https://*.paybox.com 1
default-src https: data: 'self' style-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.serc.ac.uk *.cloudflare.com *.cloudfront.net surveyjs.azureedge.net *.licdn.com newsapi.org *.doubleclick.net *.youtube.com *.microsoft.com *.clarity.ms *.bing.com *.microsoftonline.com *.google-analytics.com *.googleadservices.com *.google.com *.google.co.uk *.googletagmanager.com themes.googleusercontent.com *.linkedin.com *.facebook.com *.facebook.net *.aspnetcdn.com *.jquery.com *.fontawesome.com *.bootstrapcdn.com *.jsdelivr.net *.googleapis.com *.gstatic.com *.telerik.com *.typekit.net *.typekit.com *.visualstudio.com *.msecnd.net vjs.zencdn.net unpkg.com *.ally.ac *.gravatar.com *.linkedin.oribi.io *.stackadapt.com *.cdn.office.net *.dotdigital-pages.com; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.livecamgirls247.com:9080 www.livecamgirls247.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.livecamgirls247.com wss://www.livecamgirls247.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715653201 1
frame-ancestors 'self' http://www.philips.ie *.philips.com *.philips.ie https://philipsigtdpv.com 1
frame-ancestors 'self' https://discovery.wip.rockpapercoin.com https://demo.rockpapercoin.com https://staging.rockpapercoin.com https://app.rockpapercoin.com https://www.cwpsociety.com/ https://www.certifiedweddingplannersociety.com/ https://www.thebridalsociety.com/ https://learn.weddingtimelinecertification.com/ 1
default-src https: data: blob 'unsafe-inline' 'unsafe-eval'; connect-src wss: ws: https:; 1
default-src 'self' data: https://st.yandexadexchange.net https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://*.yandex.ru https://yandex.ru https://yastatic.net https://vk.com googleads.g.doubleclick.net pagead2.googlesyndication.com vk.com *.yandex.ru yandex.ru *.yandex.kz *.yandex.ua *.google-analytics.com yandexadexchange.net *.yandexadexchange.net *.gstatic.com yastatic.net https://kraken.rambler.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.yandex.ru https://mc.yandex.ru https://pagead2.googlesyndication.com https://*.google-analytics.com pagead2.googlesyndication.com counter.yadro.ru vk.com yandex.ru yandex.ua yandex.kz *.yandex.ru *.yandex.ua *.yandex.kz *.top.mail.ru *.rambler.ru *.google-analytics.com yastatic.net *.gstatic.com *.googletagmanager.com  st.top100.ru; style-src 'self' 'unsafe-inline'  *.gstatic.com; img-src 'self' data: https://*.yandex.ru https://*.yandex.net yastatic.net *.yandex.ru *.yandex.ua *.yandex.kz counter.yadro.ru *.yandex.net vk.com *.mail.ru *.rambler.ru *.google.ru *.google-analytics.com pagead2.googlesyndication.com *.admitad.com *.gstatic.com; child-src 'self' data: vk.com yandexadexchange.net *.yandexadexchange.net *.yandex.ru *.yandex.ua *.yandex.kz googleads.g.doubleclick.net yastatic.net; 1
default-src 'self'; font-src 'self';img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.typekit.net *.webtype.com *.google.com *.gstatic.com *.googleapis.com *.onenorth.com *.oniqa.com *.s3.amazonaws.com ajax.cloudflare.com *.googletagmanager.com *.google-analytics.com *.google.com *.doubleclick.net *.agg.com *.blob.core.windows.net *.cookielaw.org *.jquery.com *.onetrust.com *.youtube.com *.siteimprove.com *.buzzsprout.com *.vimeo.com siteimproveanalytics.com *.cookielaw.org *.onetrust.com ; img-src * data:; 1
default-src 'self' ajax.cloudflare.com teams.microsoft.com  app.sli.do www.youtube.com www.google.fr www.google.at www.google-analytics.com www.google.com region1.analytics.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com 'unsafe-inline'; font-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; img-src 'self' data: www.unjspf.org www.google.fr www.google-analytics.com stats.g.doubleclick.net via.placeholder.com elements.oxy.host www.google.co.in www.google.com www.google-analytics.com www.google.ch 'unsafe-inline' ; media-src 'self' www.unjspf.org 'unsafe-inline' ; script-src 'self' www.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' 'unsafe-eval'; script-src-attr 'self' www.google.com www.unjspf.org www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com 'unsafe-inline'; script-src-elem 'self' www.google.com www.unjspf.org ajax.cloudflare.com www.googletagmanager.com analytics.google.com stats.g.doubleclick.net www.google-analytics.com www.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com 'unsafe-inline'; style-src 'self' www.unjspf.org fonts.googleapis.com www.gstatic.com cdnjs.cloudflare.com 'unsafe-inline' ; style-src-attr 'self' www.unjspf.org fonts.googleapis.com www.gstatic.com 'unsafe-inline' ; style-src-elem 'self' www.unjspf.org maxcdn.bootstrapcdn.com fonts.googleapis.com www.gstatic.com cdnjs.cloudflare.com maxcdn.bootstrapcdn.com 'unsafe-inline'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://apps.mypurecloud.de https://login.mypurecloud.de 1
default-src 'none'; form-action 'self' *.wellsfargo.com *.wellsfargo.com:*; connect-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.schemaapp.com https://*.rlcdn.com https://*.medallia.com https://*.kampyle.com https://*.adobedc.net https://www.google-analytics.com https://*.doubleclick.net https://*.eum-appdynamics.com https://*.demdex.net https://www.sjwoe.com https://www.mczbf.com https://s.yimg.com https://*.nuance.com https://*.wf.com https://*.google.com; img-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.analytics.yahoo.com https://*.everesttech.net https://*.linkedin.com https://*.g.doubleclick.net https://*.google.com https://*.demdex.net https://*.nuance.com https://*.eum-appdynamics.com https://*.virtualearth.net https://www.facebook.com https://cx.atdmt.com https://track.linksynergy.com https://s.amazon-adsystem.com https://ct.pinterest.com https://trc.taboola.com https://p.adsymptotic.com https://products.gobankingrates.com https://bttrack.com https://b.videoamp.com https://fcmatch.youtube.com https://www.googleadservices.com https://2549153.fls.doubleclick.net https://ad.doubleclick.net https://www.google-analytics.com https://idsync.rlcdn.com https://s.amazon-adsystem.com https://resources.digital-cloud-prem.medallia.com https://udc-neb.kampyle.com https://wellsfargoprod.prod.fire.glass https://*.mworld.com https://*.postrelease.com; object-src 'self' https://*.wellsfargo.com https://*.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:*; child-src 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://*.demdex.net https://*.nuance.com https://2549153.fls.doubleclick.net https://*.advanced-web-analytics.com https://iframe.arkoselabs.com; font-src 'self' data: https://*.wellsfargomedia.com https://*.wellsfargo.com https://*.wellsfargo.com:*; style-src 'self' 'unsafe-inline' *.wellsfargo.com *.wellsfargo.com:* https://*.wfinterface.com https://*.wfinterface.com:* https://*.nuance.com; script-src 'nonce-c212cbce-aba9-4753-8439-78605386f906' 'self' *.wellsfargo.com *.wellsfargo.com:* *.wfinterface.com *.wfinterface.com:* https://cdn.schemaapp.com https://*.nuance.com;media-src 'self' *.wellsfargo.com *.wellsfargomedia.com; frame-ancestors 'self' *.wellsfargo.com; base-uri 'none'; report-uri https://ort.wellsfargo.com/securereporting/reporting/v1/csp 1
upgrade-insecure-requests;script-src 'self' 'wasm-unsafe-eval';connect-src 'self' blob: https://crabsin.space wss://crabsin.space https:;media-src 'self' https:;img-src 'self' data: blob: https:;default-src 'none';base-uri 'self';frame-ancestors 'none';style-src 'self' 'unsafe-inline';font-src 'self';manifest-src 'self'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' s3-us-west-2.amazonaws.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; img-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.animaapp.com; frame-src data: https://www.youtube-nocookie.com ; frame-ancestors 'none' ; connect-src 'self' https://lliam-test.lostlemon.nl https://lliam.lostlemon.nl https://www.google-analytics.com 1
frame-ancestors 'self' *.authorize.net *.centraldispatch.com; 1
object-src 'none'; frame-ancestors 'self'; form-action 'self'; block-all-mixed-content; 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' ; script-src * 'self' 'unsafe-inline' 'unsafe-eval' ; style-src * 'self' 'unsafe-inline' ; img-src * 'self' data: ; frame-src * ; 1
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * blob: api.mapbox.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' *.api.here.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://polyfill.io https://*.googleapis.com https://*.gstatic.com *.google.com https://*.ggpht.com *.googleusercontent.com *.api.here.com api.payway.com.au https://www.google.com/recaptcha/api.js https://www.gstatic.com/ https://code.jquery.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://script.crazyegg.com/ https://snap.licdn.com/li.lms-analytics/insight.min.js https://unpkg.com/location-picker/dist/location-picker.min.js https://unpkg.com/htmx.org@1.9.2; connect-src 'self' https://script.crazyegg.com/ https://www.google-analytics.com wss://*.365servicehub.com https://*.here.com https://*.googleapis.com *.google.com https://*.gstatic.com; img-src 'self' data: blob: https://*.googleapis.com https://*.gstatic.com *.google.com  *.googleusercontent.com *.sendgrid.net *.365roadsideassistance.com.au https://www.google-analytics.com; style-src 'self' 'unsafe-inline' *.api.here.com fonts.googleapis.com cdnjs.cloudflare.com; frame-src 'self' api.payway.com.au https://www.google.com https://www.plugshare.com *.google.com; font-src 'self' fonts.gstatic.com https://365-public-assets.s3-ap-southeast-2.amazonaws.com/  https://365group.cloud/; frame-ancestors 'self' https://*.365roadsideassist.com.au https://*.365roadsideassistance.com.au https://*.365servicehub.com; 1
script-src 'nonce-A69LEhXYs/6N0appB3LAWx1Obd8=' 'unsafe-eval' 'strict-dynamic'; object-src 'none'; 1
default-src 'self' cdn.datatables.net amediatest www.amediatest.com www.sidepro.es sidepro.com sidepro.com.ar www.google-analytics.com stats.g.doubleclick.net blob: ;font-src 'self' 'unsafe-inline' fonts.gstatic.com https://cdnjs.cloudflare.com; frame-src 'self' www.google.com www.mercadopago.com.ar www.mercadolibre.com sitiosprod.blob.core.windows.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com code.jquery.com cdn.datatables.net cdn.jsdelivr.net stackpath.bootstrapcdn.com www.google.com cdnjs.cloudflare www.gstatic.com https://cdnjs.cloudflare.com fonts.googleapis.com cdn.datatables.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; style-src-elem data: 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdnjs.cloudflare.com; img-src 'self' blob: www.google-analytics.com sitiosprod.blob.core.windows.net; media-src 'self' blob: sitiosprod.blob.core.windows.net; 1
frame-src https://www.google.com/ 'self'; frame-ancestors 'self' localhost *.sa.gov.au 1
default-src 'none'; script-src 'self' *.acev.fi ssl.google-analytics.com 'unsafe-inline'; connect-src 'self'; img-src 'self' *.acev.fi data: ssl.google-analytics.com *.openstreetmap.org; style-src 'self' *.acev.fi 'unsafe-inline'; frame-src 'self' *.acev.fi; child-src 'self' *.acev.fi; frame-ancestors 'self' *.acev.fi; object-src 'self' *.acev.fi; manifest-src 'self' *.acev.fi; font-src 'self' *.acev.fi; 1
default-src 'self' https://prod.dsarsa.com https://fra1.digitaloceanspaces.com https://ikfasw.com https://livechat-window.ssg-testing.workers.dev;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://plausible.io   https://cdnjs.cloudflare.com https://fpjscdn.net https://fpnpmcdn.net https://cdnjs.com https://cdn.jsdelivr.net;font-src fonts.gstatic.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net fonts.googleapis.com;img-src 'self' https://fra1.digitaloceanspaces.com data: blob:;connect-src 'self' plausible.io https://*.fptls.com https://*.fptls2.com https://*.fptls3.com https://fp.acoin.co.za https://*.fptls.com https://*.fptls2.com https://api.fpjs.io https://*.api.fpjs.io wss: 1
default-src *; script-src 'unsafe-eval' 'self' 'unsafe-inline'  https:; object-src 'self' *.ytimg.com ytimg.com *.youtube.com youtube.com; style-src * 'unsafe-inline'; img-src * data:; frame-src *; font-src * data:; connect-src *; media-src * blob:; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://mc.prontoavenue.biz/ https://code.jquery.com https://www.vision6.com.au https://s7.addthis.com https://v1.addthisedge.com https://ajax.googleapis.com https://api-public.addthis.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://ssl.google-analytics.com http://code.jquery.com https://m.addthis.com http://maxcdn.bootstrapcdn.com https://z.moatads.com https://test.payment.securepay.com.au https://advancetraders.cloud https://www.youtube.com https://advancetradershelp.zendesk.com https://static.zdassets.com https://vimeo.com https://erk.zdassets.com https://app-sandbox.paydock.com https://www.bugherd.com https://documentation.prontoavenue.biz https://secure.ewaypayments.com https://secure-au.sandbox.ewaypayments.com https://www.gstatic.com https://www.google.com https://encrypted-tbn0.gstatic.com https://fonts.gstatic.com https://t.labs.au.edge.zip.co https://maps.google.com https://maps.googleapis.com https://assets.pinterest.com https://wpp-test.wirecard.com https://api.sandbox.zipmoney.com.au https://js.datadome.co https://zip-indigo-api.prod.au.edge.zip.co https://static.zipmoney.com.au https://my.sandbox.zipmoney.com.au https://account.sandbox.zipmoney.com.au https://api.zipmoney.com.au https://payment.securepay.com.au https://www.googletagmanager.com https://analytics.google.com https://ekr.zdassets.com https://connect.facebook.net; img-src * data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.agidra.com kx1.co *.google.fr *.google.com *.googletagmanager.com *.jquery.com *.jsdelivr.net *.cloudflare.com *.youtube.com *.googleapis.com *.gstatic.com *.google-analytics.com *.facebook.com *.fbcdn.net *.googleadservices.com *.bootstrapcdn.com *.ytimg.com *.youtube-nocookie.com *.github.com *.sendinblue.com *.doofinder.com *.linkedin.com *.fontawesome.com *.crazyegg.com *.doubleclick.net *.datatables.net unpkg.com ajax.googleapis.com *.licdn.com cdn.linkedin.oribi.io *.facebook.net  tarteaucitron.io *.tarteaucitron.io *.privacy-center.org 1
default-src 'unsafe-inline' https://*.sitescout.com *.sitescout.com  http://pixel.mathtag.com *.mathtag.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu *.globalldse.com *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com http://*.feebbo-adserver.com *.weborama.fr *.cloudfront.net *.amazonaws.com https://code.jivosite.com https://node-ya-8.jivosite.com  https://futureistech.io;     style-src 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com  https://t.womtp.com *.womtp.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com http://*.feebbo-adserver.com unpkg.com *.uinterbox.com *.clinicabaviera.com *.adeslas.es *.cesce.es *.housell.com ofertasexclusivas.es *.ahorraconrepsol.com *.cloudfront.net *.amazonaws.com *.googleapis.com *.cloudfront.net *.amazonaws.com *.t2omedia.com ahorraluzconviesgo.com *.walmeric.com *.repsol.com ahorraconrepsol.com *.google.com *.fontawesome.com *.jsdelivr.net *.bootstrapcdn.com *.thyngster.com *.analytics-debugger.com https://code.jivosite.com  https://widget.trustpilot.com https://node-ya-8.jivosite.com  https://futureistech.io;     script-src 'unsafe-inline' https://consent.cookiebot.com https://consentcdn.cookiebot.com https://consent.cookiebot.com/uc.js https://*.cookiebot.com/uc.js https://consent.cookiebot.com/32ef1922-c658-40a5-b5f4-19b7f8d381bb/cd.js https://*.sitescout.com *.sitescout.com   https://optimize.google.com http://bs.serving-sys.com *.serving-sys.com  http://pixel.mathtag.com *.mathtag.com http://tpc.googlesyndication.com *.googlesyndication.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org *.ip-api.com/ https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com 'unsafe-eval' https://*.uinterbox.com http://*.uinterbox.com  http://*.feebbo-adserver.com *.uinterbox.com baztrack.com buypremierleads.com *.adform.net *.exelator.com *.teads.tv *.citiservi.es *.rfihub.com *.clinicabaviera.com *.claud-ia.com *.rfihub.net *.google.es *.adeslas.es *.ahorraconrepsol.com *.housell.com *.criteo.com *.cesce.es *.pardot.com unpkg.com *.hotjar.com *.taboola.com *.outbrain.com *.quora.com *.criteo.net *.yahoo.com *.linkedin.com *.usemessages.com *.hs-analytics.net ofertasexclusivas.es *.cloudflare.com *.adrcdn.com *.jquery.com *.googleapis.com *.gstatic.com *.weborama.fr *.googletagmanager.com *.google-analytics.com *.t2omedia.com *.womtp.com *.walmeric.com *.apigurus.com *.tiqcdn.com *.hs-scripts.com *.licdn.com *.yimg.com *.repsol.com *.googleadservices.com *.doubleclick.net ahorraconrepsol.com *.facebook.net *.bing.com *.serving-sys.com *.google.com *.cloudfront.net *.jsdelivr.net *.bootstrapcdn.com *.ads-twitter.com *.twitter.com *.sunmedia.tv *.adnxs.com *.hs-banner.com ofertas.adamo.es www.energiaathleticpetronor.com *.cloudflareinsights.com *.infinity-tracking.net *.krxd.net *.cookielaw.org *.aklamio.com *.thyngster.com *.analytics-debugger.com *.pinimg.com *.distribuidoresfiatchrysler.com *.ditalbots.info *.tiktok.com *.seguroaxa.com.mx seguroaxa.com.mx *.presage.io *.clarity.ms *.googleoptimize.com *.cookielaw.org *.krxd.net *.tibolario *.pixel.ad *.repsol.pt *.aklamio.com *.cdn.cookielaw.org https://www.googleoptimize.com http://www.repsol.pt/PT/scripts/scripts/cookiebot/* https://dynamic.cempeducation.com/ https://www.youtube.com https://code.jivosite.com https://c.amazon-adsystem.com/aat/  https://widget.trustpilot.com https://node-ya-8.jivosite.com https://assets.adobedtm.com https://s.kmtx.io https://tr.outbrain.com https://futureistech.io https://repsol.atbnd.com https://app.smootcdn.com;     frame-src data: 'self' https://www.google.com http://www.google.com https://*.sitescout.com *.sitescout.com   https://optimize.google.com http://pixel.mathtag.com *.mathtag.com http://tpc.googlesyndication.com *.googlesyndication.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com https://www.googletagmanager.com/ https://antevenio-es.com/ *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com  http://*.feebbo-adserver.com *.uinterbox.com baztrack.com buypremierleads.com *.facebook.com *.exelator.com *.criteo.net *.uinterbox.com *.go2cloud.org *.adstrategysites.com *.youtube.com ofertasexclusivas.es *.tradedoubler.com *.rfihub.com *.criteo.com *.hotjar.com *.amazon-adsystem.com *.cloudfront.net *.amazonaws.com *.weborama.fr *.womtp.com *.doubleclick.net z0euw1csapp002.azurewebsites.net ahorraconrepsol.com *.cookiebot.com *.adform.net *.krxd.net *.aklamio.com *.tibolario.com *.twitter.com https://widget.trustpilot.com  https://futureistech.io https://forms-eu1.hsforms.com;     connect-src 'self' *.yimg.com https://s.yimg.com https://*.sitescout.com *.sitescout.com   wss://ws4.hotjar.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org *.hotjar.io 35.181.92.51:8555 *.repsol.com *.t2omedia.com https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com http://*.feebbo-adserver.com *.uinterbox.com baztrack.com buypremierleads.com *.claud-ia.com *.hotjar.com *.promocionesexclusivas.es *.housell.com *.doubleclick.net *.taboola.com *.hubspot.com *.cloudfront.net *.amazonaws.com *.t2omedia.com *.google-analytics.com *.indigitall.com *.googlesyndication.com *.google.com secure-ds.serving-sys.com cdn.cookielaw.org ofertas.adamo.es *.infinity-tracking.net *.d1skycrvs9ubse.cloudfront.net *.pinterest.com http://pre.connectors.service.t2omedia.com *.cookiebot.com *.teads.tv *.ditalbots.info *.tiktok.com *.clarity.ms *.onetrust.com *.tibolario.com *.bing.com *.krxd.net *.serving-sys.com *.google-analytics.com *.analytics.google.com repsol.tt.omtrdc.net mboxedge37.tt.omtrdc.net https://code.jivosite.com  https://node-ya17.jivosite.com wss://vi-ya-6.jivosite.com https://telemetry.jivosite.com https://maps.googleapis.com/maps/api/ https://node-ya-8.jivosite.com https://adobedc.demdex.net https://dc.repsol.es https://t.kmtx.io https://tr.outbrain.com https://dc.luzygas.ahorraconrepsol.com https://futureistech.io https://forms-eu1.hsforms.com https://ads-engagement.presage.io *.criteo.com;     img-src https://*.across.it https://*.neatpowr.com https://*.sitescout.com *.sitescout.com https://*.paisajellanero.com http://*.paisajellanero.com *.paisajellanero.com https://optimize.google.com http://pixel.mathtag.com *.mathtag.com http://affiliation.datawork.fr *.datawork.fr *.afilead.com  https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org *.antevenio-es.com https://antevenio-es.com http://antevenio-es.com *.ofertasexclusivas.es http://ofertasexclusivas.es https://ofertasexclusivas.es http://ofertasexclusivas.es *.tradedoubler.com *.atdmt.com *.coproit.com 'self'     blob: data: https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com https://*.uinterbox.com http://*.uinterbox.com http://*.feebbo-adserver.com *.uinterbox.com baztrack.com buypremierleads.com *.adnxs.com *.exelator.com *.teads.tv *.googletagmanager.com  *.googleapis.com *.claud-ia.com *.taboola.com *.quora.com *.outbrain.com *.housell.com *.hubspot.com *.omtrdc.net *.cloudfront.net *.amazonaws.com *.weborama.fr *.google-analytics.com *.doubleclick.net *.google.com *.google.es *.womtp.com *.walmeric.com *.weborama.com *.t2omedia.com ahorraconrepsol.com  *.yahoo.com *.facebook.com *.bing.com *.gstatic.com https://t.co https://indigitall-cdn.com *.indigitall-cdn.com *.googleusercontent.com *.googlesyndication.com *.smartadserver.com t.co *.addoor.net *.krxd.net *.aklamio.com *.pinterest.com *.clarity.ms *.presage.io *.cookielaw.org *.tibolario.com *.zemanta.com *.fabricadepremios.com *.google-analytics.com *.analytics.google.com *.linkedin.com *.inlsuccess.com *.twitter.com https://code.jivosite.com https://node-ya-8.jivosite.com https://futureistech.io https://forms-eu1.hsforms.com https://imgsct.cookiebot.com https://repsol.atbnd.com;     font-src data: https://*.sitescout.com *.sitescout.com    https://fonts.gstatic.com https://tracking.adstrategysites.com https://*.adstrategysites.com *.adstrategysites.com https://kumleads.go2cloud.org https://*.go2cloud.org *.go2cloud.org https://forms.hsforms.com *.hsform.com *.forms.hsforms.com *.hsforms.net *.calinetall21.eu http://calinetall21.eu https://calinetall21.eu  *.globalldse.com *.antevenio-es.com http://*.feebbo-adserver.com  *.uinterbox.com *.cloudfront.net *.amazonaws.com *.gstatic.com *.t2omedia.com *.cloudflare.com *.repsol.com ahorraconrepsol.com *.fontawesome.com *.bootstrapcdn.com https://futureistech.io; 1
default-src 'self'; frame-src 'self' www.google.com www.gstatic.com; form-action 'self'; object-src 'none'; base-uri 'self'; style-src 'self'; connect-src 'self'; script-src 'nonce-TLeEqN7X1TtW' 1
frame-ancestors 'self' http://tomotabi.net http://121.95.18.24 121.95.18.24 pico7.net *.pico7.net 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google.com https://www.gstatic.com;style-src 'self' 'unsafe-inline' 1
default-src=self; fonts.googleapis.com 1
object-src 'self' blob; 1
connect-src 'self' *.chatplus.jp *.google.com *.googletagmanager.com *.facebook.com *.facebook.net *.google-analytics.com *.clarity.ms stats.g.doubleclick.net *.creativecdn.com *.clarity.ms *.yahoo.co.jp measurement-api.criteo.com 1
'self' www.aksandik.org 1
upgrade-insecure-requests; 	report-uri /cspreport; 	default-src 'self'; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.cloudflare.com https://js.hcaptcha.com https://kit.fontawesome.com https://www.googletagmanager.com https://www.google-analytics.com; 	script-src-elem 'self' 'unsafe-inline' https://ajax.cloudflare.com https://js.hcaptcha.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com https://region1.google-analytics.com https://www.googletagmanager.com http://ajax.googleapis.com https://kit.fontawesome.com; 	style-src 'self' 'unsafe-inline' ; 	style-src-elem 'self' 'unsafe-inline' http://fonts.googleapis.com https://www.gstatic.com; 	object-src 'none'; 	base-uri 'self'; 	connect-src 'self' https://newassets.hcaptcha.com https://translate.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://region1.google-analytics.com https://ka-p.fontawesome.com; 	font-src 'self' data: https://ka-p.fontawesome.com; 	frame-src 'self' https://player.vimeo.com https://www.googletagmanager.com https://newassets.hcaptcha.com https://www.google.com; 	img-src 'self' data: https://fonts.gstatic.com https://translate.google.com https://www.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com; 	manifest-src 'self'; 	media-src 'self'; 	worker-src 'none'; 1
unsafe-inline 'self' 1
default-src 'self' data: *;style-src 'self' 'unsafe-inline' fonts.googleapis.com code.ionicframework.com blueimp.github.io cdnjs.cloudflare.com maxcdn.bootstrapcdn.com ajax.googleapis.com cdn.jsdelivr.net embed.tawk.to tagmanager.google.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.google.com www.gstatic.com www.googletagmanager.com maps.googleapis.com ssl.google-analytics.com www.googleadservices.com connect.facebook.net googleads.g.doubleclick.net ajax.googleapis.com snap.licdn.com *.linkedin.com cdnjs.cloudflare.com cdn.ckeditor.com static.doubleclick.net maxcdn.bootstrapcdn.com storage.trafic.ro secure.trafic.ro cdn.jsdelivr.net embed.tawk.to static.hotjar.com script.hotjar.com *.googlesyndication.com *.google.ro *.google.com *.googleadservices.com *.twitter.com *.linkedin.com tagmanager.google.com *.googletagmanager.com consent.cookiebot.com consentcdn.cookiebot.com *.matomo.cloud *.mouseflow.com *.pinimg.com *.trackify.info www.youtube.com *.pinterest.com;font-src 'self' data: cdnjs.cloudflare.com fonts.gstatic.com maxcdn.bootstrapcdn.com code.ionicframework.com embed.tawk.to;img-src 'self' blob: data: http: https: www.google-analytics.com stats.g.doubleclick.net www.google.com maps.googleapis.com maps.gstatic.com www.google.ro *.facebook.com img.youtube.com i.ytimg.com cdn.ckeditor.com ajax.googleapis.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com *.google-analytics.com *.googletagmanager.com *.analytics.google.com *.g.doubleclick.net *.google.com googleads.g.doubleclick.net ad.doubleclick.net ade.googlesyndication.com www.alphega-farmacie.ro;frame-src 'self' www.google.com www.youtube.com www.youtube-nocookie.com youtube.com youtu.be *.facebook.com *.facebook.net cdnjs.cloudflare.com cdn.ckeditor.com vars.hotjar.com googleads.g.doubleclick.net tpc.googlesyndication.com *.twitter.com bid.g.doubleclick.net club.alphega-farmacie.ro consentcdn.cookiebot.com *.pinterest.com *.issuu.com *.doubleclick.net;connect-src 'self' www.google.com *.google.com google.com www.google.ro *.google.ro www.google-analytics.com *.google-analytics.com stats.g.doubleclick.net www.facebook.com *.facebook.com *.facebook.net www.youtube.com *.youtube.com *.cloudflare.com *.tawk.to hotjar.com *.hotjar.com wss://*.hotjar.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net myaccount.xptsuite.com maps.googleapis.com consentcdn.cookiebot.com *.pinterest.com *.matomo.cloud *.googleapis.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;script-src 'self' 1
default-src 'self' https://maxcdn.bootstrapcdn.com/ https://www.youtube.com/; form-action 'self'; script-src 'self' https://maxcdn.bootstrapcdn.com/ https://code.jquery.com/ 'unsafe-inline'; img-src 'self'; font-src 'self' https://maxcdn.bootstrapcdn.com/; object-src 'self'; frame-src 'self' https://rajadvt.rajasthan.gov.in/#/; media-src 'self'; style-src 'self' https://maxcdn.bootstrapcdn.com/ 'unsafe-inline'; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.vimeo.com vimeo.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net virtualearth.net *.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com *.virtualearth.net virtualearth.net; frame-ancestors 'self'; connect-src 'self' vimeo.com *.vimeo.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com *.bing.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com google.com *.google.com *.bing.com bing.com 1
object-src 'none';base-uri 'self';script-src 'nonce-4l51tnZ-vte-rEhyjUKb5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
frame-ancestors 'self' *.narvar.com narvar.com *.integrations-narvar.com; base-uri 'self'; 1
object-src 'self'; frame-ancestors 'none' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' youtube.com *.paysera.com paysera.com *.doubleclick.net doubleclick.net *.googleadservices.com googleadservices.com *.bing.com *.tawk.to *.youtube.com *.ytimg.com *.jsdelivr.net t.ssl.ak.dynamic.tiles.virtualearth.net dev.virtualearth.net placeimg.com data: www.googletagmanager.com maps.googleapis.com www.youtube-nocookie.com www.youtube.com t0-flt.ssl.ak.dynamic.tiles.virtualearth.net fonts.gstatic.com connect.facebook.net www.facebook.com www.google-analytics.com cdnjs.cloudflare.com www.googleapis.com www.gstatic.com maps.gstatic.com www.google.com www.google.lt stats.g.doubleclick.net; style-src 'self' 'unsafe-inline' data: *.jsdelivr.net maps.gstatic.com www.googleapis.com fonts.googleapis.com *.bing.com dev.virtualearth.net; frame-ancestors 'self'; connect-src 'self' *.bing.com virtualearth.net *.virtualearth.net facebook.com *.facebook.com google-analytics.com *.google-analytics.com wss://*.tawk.to *.tawk.to; form-action 'self' bank.paysera.com facebook.com *.facebook.com epaslaugos.lt *.epaslaugos.lt 1
frame-ancestors https://aovivohd.net/ https://detran-br.com/ https://onlinetvhd.net/ https://fotodicas.com/ https://tvdicas.com/ https://search.google.com/ https://apis.google.com 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: *.aquariomedia.org *.googleapis.com apis.google.com *.google.com *.google.fr *.googlesyndication.com *.googleadservices.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googletagservices.com *.doubleclick.net *.youtube.com www.youtube-nocookie.com *.paypalobjects.com *.paypal.com *.rawgit.com connect.facebook.net www.facebook.com staticxx.facebook.com platform.twitter.com syndication.twitter.com *.aquas.be *.maisondespoissons.net *.zoanthus.fr *.aquariogest.com *.spreadshirt.fr *.spreadshirt.net cdn.jsdelivr.net cdn.ampproject.org *.w3.org *.servimg.com *.lightpics.net *.lght.pics www.apercite.fr *.robothumb.com *.imageshack.us *.hostingpics.net *.noelshack.com *.casimages.com *.imgbb.com *.zupimages.net *.postimage.org *.postimages.org *.postimg.cc *.oneall.com *.googleusercontent.com *.unpkg.com *.osm.org *.openstreetmap.fr *.openstreetmap.org *.cloudflare.com *.floraquatic.com *.data.gouv.fr; base-uri 'self'; 1
frame-src 'self' 'unsafe-inline' https://my.matterport.com https://player.vimeo.com https://app.retino.com *.mapy.cz *.dhl.com *.ppl.cz *.dpd.cz *.cpost.cz *.zasilkovna.cz *.cloudflare.com *.dratene-kosiky.cz *.heureka.sk *.youtube.com *.youtu.be *.foxentry.cz *.packeta.com *.geoapify.net *.heureka.cz *.facebook.com *.imedia.cz *.zbozi.cz *.google.com *.n1ed.com *.doubleclick.net *.googlesyndication.com 1
default-src 'none'; base-uri 'self'; form-action 'self'; frame-ancestors https://*.algo.website; manifest-src 'self'; img-src 'self' data: https://www.asastats.com/; script-src 'self' 'unsafe-inline'; font-src fonts.gstatic.com; style-src 'self' fonts.googleapis.com; frame-src https://www.youtube.com/; object-src 'none'  1
default-src 'self';connect-src 'self' www.asearningsite.pk:9000 https://api.ycloud.com https://www.google.com;script-src 'self' 'unsafe-inline';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self' *.asst-pavia.it; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com cdn.ckeditor.com *.asst-pavia.it; object-src 'none' ; style-src 'self' 'unsafe-inline' cdn.ckeditor.com *.asst-pavia.it; img-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.ckeditor.com *.asst-pavia.it; frame-ancestors 'self'; font-src 'self' fonts.gstatic.com; connect-src 'self' 'unsafe-inline' www.google-analytics.com *.asst-pavia.it; report-uri /report-csp-violation 1
frame-ancestors 'self' *.asokodit.fi; upgrade-insecure-requests 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; form-action 'self' https://*.paysera.com; base-uri 'none'; frame-ancestors https://athletics.lv; object-src https://athletics.lv https://i.athletics.lv https://test.athletics.lv 1
object-s    rc 'none'; base-uri 'none'; frame-ancestors 'self'; 1
default-src 'self' data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.facebook.net www.facebook.com www.google-analytics.com www.youtube.com *.paytrail.com ajax.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.goodleadservices.com *.handshake.fi *.tiktok.com *.stripe.com *.getresponse360.pl *.getresponse.com *.gr-cdn.com *.gr-cdn-e.eu *.gr-wcon.com *.bing.com handshakemarketing.fi *.handshakemarketing.fi *.paypal.com *.googleadservices.com *.doubleclick.net autodude.fi autodude.fi www.autodude.fi autodude.fi valostore.fi www.valostore.fi valostore.se www.valostore.se valostore.no www.valostore.no autodude.se www.autodude.se autodude.no www.autodude.no metrics.autodude.fi avdonl-s-checkout-fe.azureedge.net *.freshchat.com *.freshworks.com https://checkout-cdn.avarda.com/cdn/static/js/main.js *.avarda.com *.avarda.org *.klarna.com *.klarnaservices.com *.klarnacdn.net *.klarna.net static.criteo.net *.criteo.com *.getblue.io sc.lfeeder.com;connect-src 'self' *.google.fi *.google.se *.google-analytics.com *.analytics.google.com www.facebook.com *.g.doubleclick.net *.tiktok.com *.ingest.sentry.io *.getresponse360.pl *.getresponse.com *.getresponse.pl *.pangle-ads.com *.googlesyndication.com properties *.paypal.com https://proxy.handshake.fi metrics.autodude.fi *.freshworks.com *.freshdesk.com *.avarda.com *.avarda.org *.klarnaevt.com *.klarna.com *.klarnaservices.com *.klarnacdn.net *.klarna.net *.criteo.com *.getblue.io;img-src https: data: http: blob:;style-src 'self' https: 'unsafe-inline' fonts.gstatic.com 'unsafe-inline' *.dinox.fi;font-src 'self' https: data: fonts.gstatic.com;frame-src *.facebook.com *.youtube.com *.google.com *.stripe.com *.getresponse360.pl *.getresponse.com *.doubleclick.net *.paypal.com *.vimeo.com metrics.autodude.fi  wchat.eu.freshchat.com *.freshchat.com *.klarna.com *.klarna.net *.klarnaservices.com *.criteo.com *.criteo.net *.getblue.io;script-src-attr 'unsafe-inline';form-action *.facebook.com;report-uri https://o643929.ingest.sentry.io/api/6318034/security/?sentry_key=161b845227284238b6e4b4969c9d79fe;base-uri 'self';frame-ancestors 'self';object-src 'none';upgrade-insecure-requests 1
default-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co;script-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org d2yyd1h5u9mauk.cloudfront.net http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com bat.bing.com https://www.googleoptimize.com optimize.google.com analytics.google.com user-event-tracker.crazyegg.com https://s3.amazonaws.com/trk.cetrk.com/* browser.sentry-cdn.com *.mkt.autofact.cl mkt.autofact.qa *.mkt.autofact.qa mautic.autofact.qa mautic.autofact.cl optimize.google.com analytics.google.com apis.google.com script.crazyegg.com cdn.ampproject.org *.pagoefectivo.pe pagoefectivo.pe *.sii.cl tagmanager.google.com *.autofactpro.com *.autofact.cl www.google.com www.google-analytics.com ssl.google-analytics.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net ajax.googleapis.com www.gstatic.com www.youtube.com www.youtube-nocookie.com s.ytimg.com connect.facebook.net *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com dnn506yrbagrg.cloudfront.net static.zdassets.com *.culqi.com blob: embed.typeform.com *.sibautomation.com sibautomation.com analytics.tiktok.com;style-src 'self' 'unsafe-inline' 'unsafe-eval' d3js.org optimize.google.com analytics.google.com tagmanager.google.com *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net cdn.jsdelivr.net cdn.optimizely.com cdn.carbonads.com;img-src 'self' script.hotjar.com bat.bing.com cdnjs.cloudflare.com img.youtube.com csi.gstatic.com *.gstatic.com *.autofactpro.com *.autofactpro.cl *.autofact.cl *.autofact.qa www.google.com www.google.cl www.googleadservices.com www.googletagmanager.com img.youtube.com i.ytimg.com stats.g.doubleclick.net www.facebook.com disqus.com *.disquscdn.com *.g.doubleclick.net *.match.autofact.qa *.match.autofact.cl data: www.google-analytics.com web.facebook.com;font-src 'self' *.autofactpro.com fonts.googleapis.com fonts.gstatic.com *.hotjar.com:* *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.datatables.net data: ;frame-ancestors 'self' *.autofactpro.com facebook.com;frame-src 'self' docs.google.com stage-autopress-buckets.s3.us-west-1.amazonaws.com https://vars.hotjar.com *.autofact.cl form.typeform.com accounts.google.com optimize.google.com analytics.google.com  *.ampproject.net pagoefectivo.pe *.pagoefectivo.pe *.sii.cl *.autofactpro.com *.match.autofact.qa *.match.autofact.cl www.google.com www.youtube.com www.youtube-nocookie.com www.facebook.com web.facebook.com staticxx.facebook.com bid.g.doubleclick.net *.culqi.com sibautomation.com *.sibautomation.com *.doubleclick.net;object-src 'self' *.autofactpro.com *.autofact.cl;prefetch-src 'self' *.autofactpro.com *.autofact.cl *.autofact.mx *.autofact.pe *.autofact.com.co *.googleapis.com;connect-src 'self' *.delighted.com *.hotjar.com:* *.hotjar.io:* wss://*.hotjar.com sentry.io *.google.cl 54.242.242.218 *.ampproject.org *.ampproject.net *.autofactpro.com *.autofact.com *.autofact.cl *.autofact.com.co *.autofact.com.mx *.autofact.pe *.autofact.cr *.autofact.com.ar *.g.doubleclick.net cdn.ampproject.org www.googletagmanager.com stats.g.doubleclick.net connect.facebook.net ekr.zdassets.com autofact.zendesk.com plugin.autentia.mb:7777 *.googleapis.com *.ytimg.com *.google.com *.bootstrapcdn.com thrk5e664g.execute-api.us-east-1.amazonaws.com wpoxlbs3w6.execute-api.us-east-1.amazonaws.com *.google-analytics.com ofbern64r9.execute-api.us-east-1.amazonaws.com *.api.retail.autofact.com dnn506yrbagrg.cloudfront.net m21ndjph2i.execute-api.us-east-1.amazonaws.com q6x8glddsl.execute-api.us-east-1.amazonaws.com www.googleadservices.com *.bing.com *.fontawesome.com *.gstatic.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.facebook.net *.doubleclick.net *.sendinblue.com 7ep5bxwwl6.execute-api.us-east-1.amazonaws.com analytics.tiktok.com *.brevo.com; 1
default-src 'self'; connect-src *; font-src * data:; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';worker-src 'self' blob:; 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; img-src https: data:; media-src https: data:; 1
connect-src 'self' *.google-analytics.com 1
font-src *.fontawesome.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com https://www.facebook.com https://ipg.monri.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com landofcoder.com https://www.facebook.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com *.gstatic.com https://stats.g.doubleclick.net https://www.google.com https://www.google.rs https://www.facebook.com https://www.googletagmanager.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com landofcoder.com *.avada.io *.googleapis.com *.gstatic.com *.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://googleads.g.doubleclick.net https://stats.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src landofcoder.com 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com landofcoder.com https://get.geojs.io *.avada.io *.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src ‘self’; script-src ‘self’ https://barodagurukul.co.in; style-src ‘self’ https://barodagurukul.co.in; img-src ‘self’ data:; object-src ‘none’; upgrade-insecure-requests; block-all-mixed-content; 1
frame-ancestors 'self' https://www.google.com/maps/embed/v1/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro data:;style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro data:;img-src 'self' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro data:;font-src 'self' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com https://fonts.googleapis.com https://fonts.gstatic.com https://fonts.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://maps.googleapis.com https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://cdnjs.cloudflare.com https://connect.facebook.net https://static.hotjar.com https://script.hotjar.com https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro data:;form-action 'self' https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro;frame-ancestors 'self' https://*.bookerjim.ro/ https://*.berariah.ro/ https://trilete.ro https://facebook.com https://www.facebook.com https://google.com https://www.google.com https://google.ro https://www.google.ro 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' * data: ; 1
default-src 'self' 'unsafe-inline' api.berdedd.com  www.google.co.th googleads.g.doubleclick.net tr.line.me www.google.com  stats.g.doubleclick.net  ajax.googleapis.com  www.trustmarkthai.com gateway.autodigi.net d.line-scdn.net www.googleadservices.com fonts.gstatic.com cdn.jsdelivr.net berhoro.com  www.berhoro.com fonts.googleapis.com fonts.static.com www.googletagmanager.com www.google-analytics.com www.gstatic.com; 1
default-src 'self' *.besteloverzicht.nl; script-src 'self' 'nonce-oWDaEj5B+98z/L1bsV8uOsBOG8i9wb8XlZN1+wZXqUo=' 'unsafe-eval' https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms; style-src 'self' 'unsafe-inline'; frame-src 'self' *.besteloverzicht.nl *.elektramat.nl *.elektramat.dev *.groepenkastbestellen.nl; img-src 'self' *.besteloverzicht.nl *.elektramat.nl *.elektramat.dev *.groepenkastbestellen.nl data: blob: https://*.googletagmanager.com https://*.google-analytics.com https://www.clarity.ms https://*.clarity.ms https://c.bing.com; frame-ancestors 'self'; connect-src 'self' *.besteloverzicht.nl *.besteloverzicht.dv https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.clarity.ms https://*.clarity.ms 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu *.livechatinc.com https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' fp.bets4.org socket.bets4.info https://fpcdn.io twitch.tv steamcommunity.com connect.facebook.net cdn.onesignal.com onesignal.com ajax.googleapis.com steampowered.com liveinternet.ru counter.yadro.ru Login4PRO.com steamcommunity.com player.twitch.tv cdnjs.cloudflare.com rawgit.com cdn.datatables.net *.yandex.ru yandex.ru yastatic.net *.vk.com vk.com *.facebook.com facebook.com *.rawgit.com rawgit.com *.google.com google.com *.gstatic.com gstatic.com zurb.com cdn.jsdelivr.net unpkg.com code-sb1.jivosite.com code.jivo.ru www.googletagmanager.com crypto.paydaq.com; frame-src 'self' fp.bets4.org socket.bets4.info twitch.tv connect.facebook.net cdn.onesignal.com onesignal.com ajax.googleapis.com steampowered.com liveinternet.ru counter.yadro.ru Login4PRO.com steamcommunity.com player.twitch.tv cdnjs.cloudflare.com rawgit.com cdn.datatables.net *.yandex.ru yandex.ru yastatic.net *.vk.com vk.com *.facebook.com facebook.com *.rawgit.com rawgit.com *.google.com google.com *.gstatic.com gstatic.com zurb.com cdn.jsdelivr.net unpkg.com code-sb1.jivosite.com steamcommunity.com code.jivo.ru www.googletagmanager.com crypto.paydaq.com; report-uri /scripts/csp.php; 1
img-src * data: 'unsafe-inline'; script-src * data: 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline' 'unsafe-eval'; default-src * data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors https://builder-dev.com http://builder-dev.com  https://builder-tst.com http://builder-tst.com  https://builder-stg.com http://builder-stg.com  https://dgbuilder.io http://dgbuilder.io https://agbuilder.io http://agbuilder.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' *.domino.bg teams.microsoft.com *.teams.microsoft.com *.skype.com cmit.bg *.cmit.bg 1
script-src: 'self' 1
default-src 'self' *.nic.in; img-src * data: blob:; font-src 'self' data:; media-src * 'self' blob:; style-src 'self' 'unsafe-inline' *.nic.in; script-src 'self' blob: 'unsafe-eval' 'unsafe-inline' *.nic.in *.youtube.com; connect-src 'self' blob: https://*.nic.in wss://*.nic.in https://*.cloudfront.net; frame-src 'self' *.nic.in *.youtube.com emantrimandal.uk.gov.in gopan.uk.gov.in staging.ua.nic.in doptonline.nic.in ecabinet.arunachal.gov.in; frame-ancestors 'self' https://*.nic.in emantrimandal.uk.gov.in gopan.uk.gov.in staging.ua.nic.in doptonline.nic.in ecabinet.arunachal.gov.in ecabinet.tripura.gov.in; 1
frame-ancestors 'https://bhavishya.nic.in/' style-src 'self' 1
frame-ancestors 'self' https://bibliometro.cl; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com https://cdnjs.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.stackpathdns.com *.trustpilot.com widget.trustpilot.com *.google.it *.ngrok.io data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.twitter.com *.stackpathdns.com widget.trustpilot.com *.google.it 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.google.com *.addthis.com *.pinterest.com *.iubenda.com *.revolut.com *.twitter.com *.paypal.com *.hotjar.com *.stackpathdns.com *.trustpilot.com widget.trustpilot.com *.google.it *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io *.cloudflare.com *.klarna.com *.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.iubenda.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.lightemporium.com *.usercentrics.eu *.doubleclick.net *.paypalobjects.com *.google.lk *.google.com *.google.it *.payhere.lk *.stackpathdns.com *.scalapay.com *.trustpilot.com *.ebay.com *.ebayimg.com widget.trustpilot.com *.ngrok.io *.pentagonhosting.co.uk *.miticadesign.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com *.vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.iubenda.com https://cdnjs.cloudflare.com *.revolut.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.googleadservices.com *.paypalobjects.com *.paypal.com *.googletagmanager.com *.cloudflareinsights.com *.hotjar.com *.stackpathdns.com *.scalapay.com *.trustpilot.com widget.trustpilot.com *.google.it https://cdn.scalapay.com translate.google.com *.ngrok.io https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.fontawesome.com https://fonts.googleapis.com https://cdnjs.cloudflare.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.stackpathdns.com *.scalapay.com *.iubenda.com *.addthis.com *.trustpilot.com widget.trustpilot.com *.google.it *.pentagonhosting.co.uk *.miticadesign.com *.ngrok.io tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.iubenda.com *.twitter.com *.twimg.com *.doubleclick.net *.hotjar.com wss://ws15.hotjar.com/ *.stackpathdns.com *.trustpilot.com widget.trustpilot.com *.google.it *.ngrok.io https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://www.bicasbia.it/; report-to report-endpoint; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com https://www.bancobic.ao data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com data:; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com https://www.bicnet.ao https://bicnet.ao; object-src 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://help.bikester.it https://back-office-redesign.kameleoon.com https://app.kameleoon.com/ 1
block-all-mixed-content;default-src  'self';script-src  'self'  'unsafe-inline'  'unsafe-eval'  https://*.bimago.com  https://*.bimago.cz  https://*.bimago.es  https://*.bimago.at  https://*.bimago.art  https://consent.cookiebot.com  https://api.exponea.com  https://googleads.g.doubleclick.net  https://www.gstatic.com  https://www.googletagmanager.com  https://www.google.com/recaptcha/api.js  https://www.googleadservices.com  https://www.google.com  https://pagead2.googlesyndication.com  https://connect.facebook.net  https://s.pinimg.com  https://ct.pinterest.com  https://pixel.biano.cz  https://cz.bianopixel.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.cookiebot.com  https://*.hotjar.com  https://*.clarity.ms  https://c.bing.com  https://*.inteliwise.com  https://s3-eu-west-1.amazonaws.com/static.inteliwise.com/  https://inteliwise-eu.s3.amazonaws.com  https://*.inteliwi.se;font-src  'self'  data:  https://*.bimago.com  https://fonts.gstatic.com  https://script.hotjar.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.inteliwise.com;style-src  'self'  'unsafe-inline'  https://*.bimago.com  https://fonts.googleapis.com  https://www.googletagmanager.com  https://www.gstatic.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.inteliwise.com;img-src  'self'  data:  blob:  https://*.bimago.com  https://*.bimago.media  https://*.bimago.cz  https://*.bimago.pl  https://*.bimago.es  https://*.bimago.at  https://*.bimago.art  https://www.googletagmanager.com  https://www.google.pl  https://www.google.cz  https://www.google.com  https://www.google.ie  https://www.google.de  https://www.google.sk  https://www.google.com.eg  https://www.google.fr  https://www.google.es  https://imgsct.cookiebot.com  https://fonts.gstatic.com  https://googleads.g.doubleclick.net  https://adservice.google.com  https://ad.doubleclick.net  https://stats.g.doubleclick.net  https://www.facebook.com  https://www.googleadservices.com  https://translate.google.com  https://connect.facebook.net  https://www.google.ad  https://*.inteliwise.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.analytics.google.com  https://*.google-analytics.com  https://*.googlesyndication.com  https://*.clarity.ms  https://c.bing.com;media-src  'self'  data:  blob:  https://*.bimago.com;connect-src  'self'  https://*.bimago.com  https://*.bimago.com/  https://*.bimago.cz  https://*.bimago.cz/  https://*.bimago.es  https://*.bimago.es/  https://*.bimago.at  https://*.bimago.at/  https://*.bimago.art  https://*.bimago.art/  https://www.gstatic.com  https://www.googletagmanager.com  https://www.google.com  https://pagead2.googlesyndication.com  https://consent.cookiebot.com  https://consentcdn.cookiebot.com  https://api.exponea.com  https://adservice.google.com  https://adservice.google.com/  https://connect.facebook.net  https://capig.stape.host  https://www.facebook.com  https://analytics.google.com  https://ct.pinterest.com  https://p.biano.cz  https://cz.bianopixel.com  https://*.trustedshops.com  https://*.etrusted.com  https://*.googleapis.com  https://*.analytics.google.com  https://*.google-analytics.com  https://*.g.doubleclick.net  https://*.sentry.io  https://*.hotjar.io  https://*.hotjar.com  wss://*.hotjar.com  https://*.clarity.ms  https://c.bing.com  https://*.inteliwise.com  https://s3-eu-west-1.amazonaws.com/static.inteliwise.com/  https://inteliwise-eu.s3.amazonaws.com  https://*.inteliwi.se  wss://*.inteliwi.se;frame-src  'self'  https://*.bimago.com  https://consentcdn.cookiebot.com  https://www.google.com  https://td.doubleclick.net  https://www.facebook.com  https://ct.pinterest.com  https://s3-eu-west-1.amazonaws.com/static.inteliwise.com/  https://inteliwise-eu.s3.amazonaws.com;manifest-src  'self';frame-ancestors  https://acss-cms.prod.artgeist.co;object-src  'self';worker-src  'self';base-uri  'self'  https://*;navigate-to  'self'  https://*;report-uri  https://sentry.shr.artgeist.co/api/27/security/?sentry_key=4cd3c5f877de62b7c077095912e32cf8&sentry_environment=prod;report-to sentry; 1
default-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; img-src 'self' * data: blob:; font-src 'self' data: https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.newrelic.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://maps.googleapis.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://www.youtube.com; frame-src 'self' https://www.google.com https://www.facebook.com https://www.youtube.com https://blackmores.chakrarewards.com https://*.a.run.app; connect-src 'self' https://analytics.google.com https://www.google-analytics.com  https://*.nr-data.net https://stats.g.doubleclick.net; block-all-mixed-content; upgrade-insecure-requests 1
frame-ancestors https://anyatalk.blitz.ro 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data: blob: 1
base-uri 'self';connect-src 'self';default-src 'self' fonts.gstatic.com www.google.com;font-src 'self' * data:;form-action 'self';img-src * data: blob:;media-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline' fonts.googleapis.com 1
default-src 'self' maxcdn.bootstrapcdn.com www.google.com ajax.googleapis.com fonts.googleapis.com use.fontawesome.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' *.tile.openstreetmap.org; 1
default-src 'self' 'unsafe-eval' https://storage.googleapis.com https://google.com https://youtube.com https://facebook.com https://fonts.google.com https://fonts.googleapis.com https://ajax.googleapis.com https://www.google-analytics.com https://cdnjs.cloudflare.com https://code.jquery.com https://connect.facebook.net https://s.imgur.com https://imgur.com https://i.imgur.com https://500px.com https://drscdn.500px.org https://www.reddit.com https://www.flickr.com https://c1.staticflickr.com https://maxcdn.bootstrapcdn.com http://code.ionicframework.com https://cdn.fontawesome.com/; script-src 'self' https://storage.googleapis.com https://api.bniservicerating.com https://api-dashboard.bniservicerating.com 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-hashes'; img-src 'self' https://api.squsp-datacenter.com https://api.bniservicerating.com https://api-dashboard.bniservicerating.com data:; connect-src 'self' https://api.bniservicerating.com https://api-dashboard.bniservicerating.com; font-src 'self'; object-src 'none'; media-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
frame-ancestors 'self' https://kisanuat.bankofbaroda.co.in https://kisan.bankofbaroda.com https://ams.techmahindra.com;upgrade-insecure-requests; block-all-mixed-content; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com data:; form-action 'self'  https://facebook.com https://mapa.ecommerce.poczta-polska.pl https://www.paypal.com https://www.paypalobjects.com https://*.easypack24.net https://*.openstreetmap.org https://*.inpost.pl https://*.allegrostatic.com https://allegro.pl https://*.allegro.pl https://*.allegroimg.com https://*.allegrosandbox.pl https://*.sote.pl https://*.googletagmanager.com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.google.pl https://unpkg.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://cdn.jsdelivr.net https://stats.g.doubleclick.net https://stats.g.doubleclick.net *.gstatic.com *.googleapis.com *.youtube.com *.vimeo.com *.ytimg.com *.soundcloud.com *.vimeocdn.com *.smartsupp.com *.smartsuppcdn.com wss://*.smartsupp.com *.cdn77.org smartsupp-widget-161959.c.cdn77.org *.smartlook.com *.smartlook.cloud *.smartsuppchat.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net *.fbcdn.net *.instagram.com *.cdninstagram.com *.googletagmanager.com *.google-analytics.com *.paypalobjects.com *.paypal.com *.autopay.eu https://googleads.g.doubleclick.net https://www.googleadservices.com *.googlesyndication.com https://*.cashbill.pl https://*.ceneo.pl https://*.secure.eservice.com.pl *.credit-agricole.pl *.paybynet.com.pl *.polcard.com.pl *.przelewy24.pl *.eraty.pl static.hotjar.com https://disqus.com; frame-ancestors 'self' 1
frame-ancestors https://*.dtac.co.th 1
default-src 'none'; connect-src 'self' https://*.bonarea-agrupa.com http://*.bonarea-foodservice.com https://*.onetrust.com https://*.cookielaw.org https://*.windows.net https://*.google.com https://*.doubleclick.net https://*.facebook.com http://*.google-analytics.com https://*.googleapis.com; font-src 'self' *; frame-src https://*.facebook.com http://*.bonarea-foodservice.com https://www.google.com https://*.youtube.com; img-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.bonarea-foodservice.com http://*.booking.com https://*.tacdn.com http://*.jscache.com https://*.tripadvisor.es https://*.tripadvisor.com http://*.google-analytics.com https://*.googleapis.com https://*.cookielaw.org https://*.cloudflare.com https://*.google-analytics.com https://*.google.com https://*.googletagmanager.com https://*.gstatic.com https://*.facebook.net https://*.bonarea-agrupa.com; style-src 'self' 'unsafe-inline' * 1
default-src 'self'; script-src 'self'  https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://google.com https://www.google-analytics.com https://c.seznam.cz/js/rc.js https://connect.facebook.net https://maps.googleapis.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://bat.bing.com https://*.clarity.ms https://bisko.gjirafa.net https://static.hotjar.com https://script.hotjar.com https://static.ads-twitter.com https://*.ladesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' https: data: http://c.seznam.cz; connect-src 'self' https: wss:; frame-src 'self' https:; object-src 'none'; 1
base-uri 'self'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com https://maps.googleapis.com https://mts0.googleapis.com https://mts1.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://connect.facebook.net https://apis.google.com https://www.gstatic.com http://192.168.1.25:35729 https://cdn.ampproject.org https://cdn.agenceici.com/ https://tarteaucitron.io https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.tarteaucitron.io https://js-eu1.hs-scripts.com https://js-eu1.hscollectedforms.net https://js-eu1.hs-banner.com https://js-eu1.hs-analytics.net https://js-eu1.hsadspixel.net 1
default-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' https://www.youtube.com https://hai.kemenkeu.go.id https://docs.google.com https://maps.google.com https://www.google.com https://survey.zohopublic.com https://survey.zoho.com;style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://fonts.googleapis.com data:;font-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.gstatic.com data:;img-src 'self' 'unsafe-inline' https://www.bpdp.or.id https://i0.wp.com https://radarsemarang.jawapos.com https://www.infosawit.com data:; connect-src 'self' 'unsafe-inline' https://analytics.google.com;script-src 'self' 'unsafe-inline' https://hai.kemenkeu.go.id https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://code.jquery.com https://www.googletagmanager.com https://survey.zohopublic.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com/ https://policy.privacyandcookies.eu/ https://players.brightcove.net https: blob:; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube-nocookie.com https://player.quadia.net https://players.brightcove.net; frame-ancestors 'self'; img-src 'self' https://www.facebook.com/tr/ https://www.msd-animal-health.com https://secure.gravatar.com https://www.google-analytics.com/ https://*.brightcove.com https://cdn.cookielaw.org https://assets.msd-animal-health.com https://assets.merck-animal-health.com https://policy.privacyandcookies.eu data: ; media-src 'self' blob:; style-src 'self' 'unsafe-inline' fonts.googleapis.com; upgrade-insecure-requests; default-src https: data: 'self' ; trusted-types forceInner default goog#html connect.facebook.net/fbevents facebook.com/signals/iwl; 1
img-src 'self' blob: data: https://azsbrglocdnepdnbvoa.azureedge.net https://*.facebook.net/ https://*.facebook.com/; script-src 'self' 'unsafe-inline' blob: https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-eval' https://fonts.googleapis.com https://ajax.googleapis.com https://*.facebook.net https://*.facebook.com https://googleads.g.doubleclick.net https://js.monitor.azure.com https://*.site24x7rum.com/; 1
default-src 'self';                     script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.cloudfront.net *.googletagmanager.com *.google-analytics.com  googleads.g.doubleclick.net https://u.heatmap.it https://code.jquery.com/ https://brconsorcios.com.br https://connect.facebook.net https://ajax.googleapis.com https://seal.godaddy.com;                                                 style-src 'self' 'unsafe-inline' *.googleapis.com https://maxcdn.bootstrapcdn.com  https://cdnjs.cloudflare.com;                                                  img-src 'self'  https://www.googletagmanager.com https://www.google.com https://www.google.com.br  https://www.facebook.com data: https://seal.godaddy.com;                                                  connect-src 'self' *.brconsorcios.com.br popups.rdstation.com.br pageview-notify.rdstation.com.br https://www.google-analytics.com  https://analytics.google.com/  https://stats.g.doubleclick.net/ https://ipinfo.io/json;                                                  font-src 'self'  https://fonts.gstatic.com data: https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com;                                                  media-src 'self' ;                                                  object-src 'none';                                                  frame-src https://www.youtube.com  googleads.g.doubleclick.net https://td.doubleclick.net/ https://brconsorcios.com.br https://app.brconsorcios.lecom.com.br/;                                                  manifest-src 'self';                                                  worker-src 'self' blob:;                                                  base-uri 'self';                                                  form-action 'self'; 1
default-src *; img-src * data:; script-src *.hypernode.io *.breiwebshop.nl *.google-analytics.com *.googleadservices.com *.google.com *.googletagmanager.com *.googleapis.com *.facebook.net *.facebook.com *.bing.com *.pinterest.com *.mailchimp.com *.list-manage.com connectio.s3.amazonaws.com *.upviral.com *.clarity.ms *.tradetracker.net 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; connect-src *; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data:; font-src 'self' use.typekit.net 'unsafe-inline' data:; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
script-src 'self' https://js.brickowl.com/ https://platform.twitter.com/ https://www.googletagmanager.com/ https://js.stripe.com/v3/ https://forum.brickowl.com/plugins/embedvanilla/remote.js https://maps.googleapis.com https://www.gstatic.com https://widget.packeta.com/ https://www.paypalobjects.com/ https://www.paypal.com/  https://connect.facebook.net/en_US/fbevents.js;style-src 'self' https://css.brickowl.com/ https://js.brickowl.com/ https://www.gstatic.com https://fonts.googleapis.com 'unsafe-inline'; 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data: ;frame-ancestors 'self' 1
default-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com  *.google.com *.gstatic.com.com *.google-analytics.com *.googletagmanager.com *.doubleclick.net;   script-src 'self' 'unsafe-inline' 'unsafe-eval' *.zohostatic.com  *.zohocdn.com *.zoho.com  *.google-analytics.com *.googletagmanager.com *.paynet.com.tr *.bkmexpress.com.tr *.masterpassturkiye.com *.ecozum.com *.google.com *.gstatic.com;    style-src 'self' 'unsafe-inline' *.zohocdn.com *.zohostatic.com *.ecozum.com;    img-src 'self' data: *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.google.com *.google.com.tr *.masterpassturkiye.com *.ecozum.com *.ecozum.com.tr ecozum.com.tr;    font-src 'self' *.zohocdn.com *.zohostatic.com *.zoho.com *.zohopublic.com *.ecozum.com *.gstatic.com;    connect-src 'self' *.zoho.com wss://*.zohopublic.com *.zohopublic.com  *.google-analytics.com *.googletagmanager.com stats.g.doubleclick.net *.masterpassturkiye.com *.ecozum.com ;    frame-src 'self' *.zohopublic.com *.bkmexpress.com.tr *.ecozum.com *.google.com; frame-ancestors 'self' *.bkmexpress.com.tr *.ecozum.com;    child-src 'self' *.ecozum.com; 1
frame-ancestors 'self' https://brita-int.ff360.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://broomees.org https://www.googleadservices.com https://www.googletagmanager.com https://www.facebook.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://www.youtube.com https://checkout.razorpay.com https://unpkg.com https://www.facebook.net https://www.connect.facebook.net https://connect.facebook.net https://facebook.net https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://clarity.ms https://www.clarity.ms/ https://doubleclick.net https://pdfmake.js https://formbuilder.online https://cdn.socket.io https://cdn.getsimpl.com https://maps.googleapis.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.socket.io https://use.fontawesome.com https://fontawesome.com https://cdn.datatables.net https://www.google-analytics.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://cdn.datatables.net https://fonts.googleapis.com https://use.fontawesome.com https://code.jquery.com https://fontawesome.com; img-src * data: https://www.facebook.com https://cdn.imgbin.com; font-src 'self' https://fontawesome.com https://use.fontawesome.com https://fonts.googleapis.com https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://txn.getsimpl.com https://razorpay.com  https://api.razorpay.com https://td.doubleclick.net; connect-src 'self' https://www.google-analytics.com https://broomees.org wss://ws.hotjar.com https://content.hotjar.io https://metrics.hotjar.io https://z.clarity.ms https://analytics.google.com https://stats.g.doubleclick.net https://maps.googleapis.com https://googleapis.com https://translation.googleapis.com; 1
default-src 'none'; img-src 'self' https: data:; style-src 'self' 'unsafe-inline' *.paypal.com *.openpay.mx *.googleapis.com *.google.com *.gstatic.com *.googleapis.com *.botlers.io; font-src 'self' fonts.gstatic.com data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.hotjar.com *.google.com *.gstatic.com *.paypal.com *.rappi.com *.facebook.com *.facebook.net *.optad360.io *.googletagmanager.com *.googleapis.com *.googlesyndication.com *.googleadservices.com *.doubleclick.net *.cloudfront.net *.botlers.io *.coppelay.com *.gigya.com *.coppelpay.com *.emarsys.net *.newrelic.com cdn.jsdelivr.net *.scarabresearch.com *.nr-data.net *.4dex.io *.paypalobjects.com *.busolinea.com.mx *.openxcdn.net *.criteo.com *.id5-sync.com cdn.ampproject.org *.mercadopago.com *.ipify.org *.openpay.mx *.tiktok.com; connect-src 'self' *.amazoncognito.com *.amazonlightsail.com *.amazonaws.com *.optad360.io *.doubleclick.net *.hotjar.com *.paypal.com *.google.com.mx *.google.com *.google-analytics.com *.googleadservices.com *.googlesyndication.com *.facebook.com *.facebook.net *.botlers.io *.coppelpay.com *.doubleclick.net *.gigya.com *.emarsys.net *.newrelic.com cdn.jsdelivr.net *.scarabresearch.com *.adsrvr.org *.criteo.com *.nr-data.net *.4dex.io *.paypalobjects.com *.busolinea.com.mx *.openxcdn.net *.mercadopago.com *.ipify.org ipapi.co *.openpay.mx *.tiktok.com; base-uri 'self'; form-action 'self' *.facebook.com; frame-src 'self' *.kaptcha.com *.paypal.com *.optad360.io *.doubleclick.net *.coppelpay.com *.googletagmanager.com *.facebook.com *.facebook.net *.google.com *.emarsys.net *.gigya.com *.googlesyndication.com *.botlers.io *.paypalobjects.com; frame-ancestors *.optad360.io *.botlers.io *.paypal.com *.doubleclick.net 1
default-src:self; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: hyundai.azureedge.net denzel.piwik.pro denzel.containers.piwik.pro *.ytimg.com *.google.com *.gstatic.com *.googleapis.com *.youtube.com *.youtu.be *.youtube-nocookie.com *.siteimprove.net *.siteimprove.com *.bydauto.at *.denzel.at siteimproveanalytics.com *.siteimproveanalytics.com *.siteimproveanalytics.io *.adform.net waf.movec.services apis.observer.at 1
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src 'self' 'unsafe-inline'; media-src *; img-src * 'self' filesystem: data: blob:; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://assets.fairandsmart.com https://cdn.jsdelivr.net https://core.fairandsmart.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://code.jquery.com/ https://cdnjs.cloudflare.com https://maps.googleapis.com https://carsatse.containers.piwik.pro https://chat.vizir.co https://europassistancefr.containers.piwik.pro; style-src 'self' 'unsafe-inline' https://assets.fairandsmart.com https://cdn.jsdelivr.net https://core.fairandsmart.com https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com https://www.gstatic.com https://fonts.googleapis.com; img-src 'self' 'unsafe-inline' https://eafrpfil001app.blob.core.windows.net https://eafrpfil002app.blob.core.windows.net https://maps.gstatic.com https://www.googletagmanager.com https://upload-image-vizir.s3.amazonaws.com; font-src 'self' https://eafrpfil001app.blob.core.windows.net https://fonts.gstatic.com; frame-src 'self' data: https://www.google.com https://maps.googleapis.com https://chat.vizir.co; connect-src *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http:; object-src 'none' 1
default-src 'unsafe-inline' 'self' data: cakalnedobe.si www.cakalnedobe.si cdn.cakalnedobe.si ads.cakalnedobe.si narocanje.cakalnedobe.si widget.cakalnedobe.si www.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net ma.medifit.si data.medifit.si cdn.jsdelivr.net static.hotjar.com fonts.googleapis.com booking.eambulanta.si twemoji.maxcdn.com widget-v4.tidiochat.com code.tidio.co widget-v4.tidiochat.com s3.eu-west-1.amazonaws.com static.mailerlite.com cdn.medifit.si track.mailerlite.com tidio-images-messenger.s3.amazonaws.com cdn-cookieyes.com; font-src 'self' fonts.googleapis.com cdn.cakalnedobe.si fonts.gstatic.com widget-v4.tidiochat.com; connect-src sentry-new.tidio.co socket.tidio.co api-v2.tidio.co https: wss:; frame-src ads.cakalnedobe.si narocanje.cakalnedobe.si enarocanje.cakalnedobe.si booking.eambulanta.si booking.medifit.si ma.medifit.si www.google.com; 1
upgrade-insecure-requests; report-uri https://canal-tv.com/il_reporturi.php?from=csp; report-to csp_endpoint 1
frame-ancestors 'self' http://power.careserve.fr http://power.careserve.localdev; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.facebook.com/ https://www.youtube.com/ *.criteo.com/ *.criteo.net/; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.googletagmanager.com/ https://www.google-analytics.com/  https://connect.facebook.net/ https://www.facebook.com/ https://www.youtube.com/ *.criteo.com/ *.criteo.net/; 1
frame-ancestors 'https://carovnapolicka.sk' 'https://pagead2.googlesyndication.com/' 'https://static.xx.fbcdn.net/' 'https://googleads.g.doubleclick.net/' 'https://googleads.g.doubleclick.net/' 'https://www.facebook.com/'  ; 1
child-src 'self'; connect-src 'self' *.googletagmanager.com wss://station.softmarketing.com.br *.softmarketing.com.br *.google-analytics.com; font-src 'self' data: *.softmarketing.com.br *.gstatic.com; form-action 'self';  frame-src 'self' *.youtube.com *.google.com *.spotify.com *.youtube-nocookie.com; frame-ancestors 'self'; img-src 'self' about: data: *.cartaometrocard.com.br cartaometrocard.com.br *.google-analytics.com *.softmarketing.com.br *.openstreetmap.org *.jav.com.br *.youtube.com *.ytimg.com; manifest-src 'self'; media-src 'self'; navigate-to 'self'; object-src 'self'; prefetch-src 'self'; script-src 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.softmarketing.com.br *.gstatic.com *.jquery.com *.cloudflare.com 'unsafe-eval'; script-src-elem 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.softmarketing.com.br *.gstatic.com *.jquery.com *.cloudflare.com 'unsafe-inline'; script-src-attr 'self' *.googletagmanager.com *.google.com *.google-analytics.com *.softmarketing.com.br *.gstatic.com *.jquery.com *.cloudflare.com 'unsafe-inline'; style-src 'self' *.softmarketing.com.br *.googleapis.com; style-src-elem 'self' *.softmarketing.com.br *.googleapis.com 'unsafe-inline';  style-src-attr 'self' *.softmarketing.com.br *.googleapis.com 'unsafe-inline'; 1
block-all-mixed-content; frame-ancestors *.casaegaragem.com.br 1
frame-ancestors 'self' https://metrika.yandex.ru http://metrika.yandex.ru https://metrika.yandex.by http://metrika.yandex.by https://metrica.yandex.com http://metrica.yandex.com https://metrica.yandex.com.tr http://metrica.yandex.com.tr https://webvisor.com http://webvisor.com; 1
frame-ancestors 'self' https://trustseal.enamad.ir/; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; default-src 'self' 'unsafe-inline' *; img-src 'self' data: * 1
default-src 'self' ; base-uri 'self'; form-action 'self';script-src  'nonce-fJb03JYlUgpchPHkhLQS2p+IKlE=' 'self'; img-src  'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; 1
script-src 'self' https://www.googletagmanager.com https://cdnjs.cloudflare.com https://code.jquery.com https://maxcdn.bootstrapcdn.com https://static.hotjar.com https://script.hotjar.com https://googleads.g.doubleclick.net https://maps.googleapis.com 'unsafe-inline' 1
frame-ancestors 'self 1
style-src 'self' 'unsafe-inline' cgda.nic.in 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'; connect-src 'self'; form-action 'self'; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-jK-dWhmVDP475bF4RFWL2A' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self';connect-src 'self' wss://*.firebaseio.com https: *.amazonaws.com ipinfo.io;font-src 'self';child-src 'self' https: www.youtube-nocookie.com *.firebaseio.com;frame-src 'self' https: www.youtube-nocookie.com *.firebaseio.com;img-src 'self' https: bam.nr-data.net *.small.chat data: bam.nr-data.net;media-src 'self';object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.newrelic.com bam.nr-data.net *.small.chat *.firebaseio.com;style-src 'self' 'unsafe-inline' https: *.small.chat 1
default-src * blob: data: 'unsafe-eval' 'unsafe-inline' 1
font-src *.bootstrapcdn.com fonts.googleapis.com fonts.gstatic.com *.gstatic.com data: *.fontawesome.com data: 'self' 'unsafe-inline'; form-action 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self'; frame-src *.packeta.com www.google.com *.chantallonline.com 'self' 'unsafe-inline'; img-src *.mailchimp.com *.facebook.com *.google-analytics.com widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com *.gstatic.com *.googleapis.com *.google.com data: 'self' 'unsafe-inline'; script-src chimpstatic.com *.packeta.com *.facebook.net *.list-manage.com *.mailchimp.com www.googleapis.com googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com *.googleapis.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ *.google.com *.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.mailchimp.com *.bootstrapcdn.com fonts.googleapis.com *.fontawesome.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.packeta.com *.facebook.com *.doubleclick.net *.google-analytics.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com maps.googleapis.com maps.gstatic.com fonts.googleapis.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline';; report-uri https://chantall.report-uri.com/r/d/csp/enforce 1
default-src * 'unsafe-eval'; style-src * 'unsafe-inline'; frame-src *; font-src * data:; img-src * data:; script-src * 'unsafe-inline' 'unsafe-eval'; frame-ancestors *; 1
frame-ancestors *.civicinfo.bc.ca *.assetmanagementbc.ca *.ubcm.ca  *.fnps.ca  *.google-analytics.com *.analytics.google.com  *.civicstats.ca  'self'; 1
font-src data: *.gstatic.com oct8necdneu.azureedge.net *.zopim.com *.retargeted.co *.eficads.net *.adensemble.com *.paypal.com *.vimeocdn.com *.ytimg.com *.adyen.com *.googleapis.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.doubleclick.com *.azureedge.com *.xtento.com *.eficads.com *.demoup.com *.cookiebot.com sw-assets.ekomiapps.de *.fontawesome.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com sis-t.redsys.es:* sis.redsys.es sis-t.sermepa.es:* sis.sermepa.es *.cetelem.es *.facebook.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.googleapis.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.youtube.com *.vimeo.com *.oct8ne.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com live.sequrapi.com *.sequrapi.com *.google.com *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net oct8necdneu.azureedge.net *.clickelectrodomesticos.com *.zopim.com *.eficads.net *.adensemble.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com *.rawgit.com *.jsdelivr.net smart-widget-assets.ekomiapps.de sw-assets.ekomiapps.de connect.ekomi.de rrstatic.retailrocket.net google.nl s.kelkoogroup.net *.facebook.com cdn.doofinder.com https://images.unsplash.com *.ggpht www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ polyfill.io *.googleapis.com *.google.com *.google.es *.google.com.br *.gstatic.com *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.cookiebot.com *.oct8ne.com *.adyen.com chimpstatic.com *.zopim.com *.doofinder.com *.zdassets.com *.aplazame.com *.tradedoubler.com *.retargeted.co *.eficads.net *.adensemble.com *.paypal.com *.ytimg.com *.doubleclick.com *.azureedge.com *.xtento.com *.eficads.com *.cetelem.es *.demoup.com youtube.com https://sandbox.sequracdn.com https://live.sequracdn.com live.sequrapi.com *.sequrapi.com sw-assets.ekomiapps.de connect.ekomi.de smart-widget-assets.ekomiapps.de connect.facebook.net s.kk-resources.com *.newrelic.com bam.eu01.nr-data.net cdn.doofinder.com *.retailrocket.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com sw-assets.ekomiapps.de rrstatic.retailrocket.net smart-widget-assets.ekomiapps.de *.doofinder.com *.fontawesome.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.demoup.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google.com *.google.es *.google.com.br *.googletagmanager.com *.google-analytics.com *.g.doubleclick.net *.oct8ne.com *.adyen.com *.googleapis.com wss://widget-mediator.zopim.com *.doofinder.com *.zdassets.com *.adensemble.com *.demoup.com youtube.com *.cookiebot.com https://sandbox.sequracdn.com https://live.sequracdn.com smart-widget-assets.ekomiapps.de s.kelkoogroup.net google.com bam.eu01.nr-data.net wss://*.doofinder.com *.retailrocket.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
style-src 'self' 'unsafe-inline' https://clujammu.ac.in https://fonts.googleapis.com/; 1
default-src 'self' https://int.apisbcp.com https://apisux.viabcp.com https://authserverdesa.viabcp.com https://authservercert.viabcp.com https://authserver.viabcp.com https://bcp.tt.omtrdc.net https://*.tt.omtrdc.net http://*.tt.omtrdc.net https://adservice.google.com https://snap.licdn.com https://analytics.tiktok.com; script-src 'self' https://apisux.viabcp.com https://authserverdesa.viabcp.com https://smetrics.viabcp.com https://assets.adobedtm.com https://analytics.tiktok.com  https://snap.licdn.com https://www.googleanalytics.com https://www.google-analytics.com  https://www.googleoptimize.com  *.cookiebot.com https://optimize.google.com 'unsafe-inline' 'unsafe-eval' *.cookiebot.com *.hotjar.com *.hotjar.io https://googleapis.com https://www.googletagmanager.com tagmanager.google.com https://www.googleoptimize.com https://optimize.google.com https://www.google-analytics.com https://connect.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://maps.googleapis.com https://ajax.googleapis.com https://js-cdn.dynatrace.com https://p.teads.tv; img-src 'self' *.ads.linkedin.com https://www.linkedin.com/ https://p.adsymptotic.com/ https://t.teads.tv/ https://l.teads.tv/ https://cm.teads.tv/ https://px.ads.linkedin.com https://www.google-analytics.com https://www.googletagmanager.com https://us-central1-viabcp-212519.cloudfunctions.net https://www.viabcp.com *.hotjar.com *.hotjar.io https://www.google.com  *.doubleclick.net www.googletagmanager.com https://optimize.google.com www.gstatic.com ssl.gstatic.com  www.google-analytics.com www.google.com www.facebook.com maps.googleapis.com  www.google.com.pe cx.atdmt.com data:; style-src 'self' 'unsafe-inline' *.typekit.net https://www.googleoptimize.com  https://fonts.googleapis.com  https://optimize.google.com fonts.googleapis.com tagmanager.google.com; frame-src https://optimize.google.com https://td.doubleclick.net https://vars.hotjar.com https://fledge.teads.tv https://consentcdn.cookiebot.com *.fls.doubleclick.net https://www.facebook.com; font-src 'self' *.hotjar.com *.hotjar.io https://use.typekit.net fonts.gstatic.com https://fonts.gstatic.com  data:; child-src  https://hotjar.com  https://consentcdn.cookiebot.com   https://hotjar.io https://www.googleoptimize.com https://optimize.google.com  *.doubleclick.net https://www.google.com https://www.facebook.com/ https://maps.googleapis.com; object-src 'none'; connect-src 'self' https://metrics.hotjar.io https://t.teads.tv/track https://vc.hotjar.io https://analytics.pangle-ads.com https://px.ads.linkedin.com https://fledge.teads.tv https://analytics.google.com https://smetrics.viabcp.com https://in.hotjar.com/ https://content.hotjar.io/ https://ws41.hotjar.com/ https://ws2.hotjar.com/ https://*.hotjar.com https://cdn.linkedin.oribi.io https://analytics.tiktok.com/ https://googleads.g.doubleclick.net https://www.facebook.com https://cm.teads.tv https://www.google.com/ https://us-central1-viabcp-212519.cloudfunctions.net https://www.viabcp.com  https://consentcdn.cookiebot.com https://consentcdn.cookiebot.com https://apisux.viabcp.com https://authserverdesa.viabcp.com https://authservercert.viabcp.com https://authserver.viabcp.com wss://*.hotjar.com https://hotjar.com  https://hotjar.io www.google-analytics.com https://stats.g.doubleclick.net ; 1
object-src 'none'; script-src 'self' 'unsafe-inline' https:; base-uri 'self'; form-action 'self'; frame-ancestors *; report-uri https://www.cof.fr/report-uri/enforce 1
default-src 'self' blob: *.cokebuddy.in *.cokebuddy.my *.coca-cola.com.mm *.bnl.com.np *.sellina.io *.salescode.ai *.sellinademo.io *.segment.io https://d141vg64q1vo2f.cloudfront.net https://d19olq767v5jsz.cloudfront.net https://d38zogo6ivxrxf.cloudfront.net https://login.microsoftonline.com https://api-dev.hccbpl.in https://analytics.cokebuddy.in https://analytics.cokebuddy.my https://fonts.gstatic.com https://analytics.kbuddy.in https://cdn.segment.com https://cdn.moengage.com https://www.youtube.com lubechat-server.prod.aze.shell.io https://sdk-03.moengage.com https://dev.andromeda-lc.com https://api-dev.hccbpl.in/cre/v1/reco https://login.microsoftonline.com https://d141vg64q1vo2f.cloudfront.net https://maps.gstatic.com https://cdn.segment.com https://api.segment.io/v1 https://www.andromeda-lc.com https://andromeda-lc.com https://maps.gstatic.com https://cdn.optimizely.com https://lubechat-server.preprod.aze.shell.io https://www.slideshare.net https://lubechat-server.preprod.aze.shell.io https://fcm.googleapis.com https://fonts.gstatic.com https://use.fontawesome.com  https://api.api.ai https://api.cognitive.microsofttranslator.com  https://apptech.blob.core.windows.net https://www.gstatic.com https://www.google-analytics.com https://fonts.googleapis.com https://browser.sentry-cdn.com https://o1280144.ingest.sentry.io https://maps.googleapis.com; img-src 'self' https://d2nvw4ekms3xzy.cloudfront.net https://d141vg64q1vo2f.cloudfront.net https://d19olq767v5jsz.cloudfront.net https://d38zogo6ivxrxf.cloudfront.net https://dev.andromeda-lc.com https://mdmuploads.s3.ap-south-1.amazonaws.com https://maps.gstatic.com https://sdk-03.moengage.com https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com https://image.moengage.com https://moe-email-campaigns.s3.amazonaws.com https://www.google-analytics.com/collect https://www.andromeda-lc.com lubechat-server.prod.aze.shell.io https://dev.andromeda-lc.com https://andromeda-lc.com https://maps.googleapis.com https://image.flaticon.com https://apptech.blob.core.windows.net  https://api-dox.s3.ap-south-1.amazonaws.com https://docs.sellina.io https://o1042875.ingest.sentry.io blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.segment.io https://cdn.jsdelivr.net/ https://unpkg.com https://cdn.jsdelivr.net/ https://unpkg.com/canvaskit-wasm@0.37.1/bin/profiling/canvaskit.js https://cdn.moengage.com https://cdn.quilljs.com/1.3.6/quill.js https://www.googletagmanager.com https://www.google-analytics.com https://o1042875.ingest.sentry.io https://cdn.moengage.com/webpush/moe_webSdk.min.latest.js https://cdn.moengage.com/webpush/modules/inapp.js https://cdn.moengage.com/webpush/beta/sdk.inapp.cdnHelper.js https://cdn.moengage.com/webpush/releases/serviceworker_cdn.min.latest.js lubechat-server.prod.aze.shell.io https://sdk-03.moengage.com https://cdn.moengage.com https://dev.andromeda-lc.com https://cdnjs.cloudflare.com https://dev.andromeda-lc.co https://api.linkpreview.net https://cdn.segment.com  https://cdn.segment.com https://www.andromeda-lc.com https://andromeda-lc.com https://browser.sentry-cdn.com https://browser.sentry-cdn.com/7.9.0/bundle.min.js https://browser.sentry-cdn.com/7.9.0/bundle.tracing.min.js https://fcm.googleapis.com https://www.gstatic.com https://www.youtube.com https://www.google-analytics.com http://maps.googleapis.com https://cdn.firebase.com https://*.firebaseio.com https://*.firebaseio.com;style-src 'self' https://cdn.quilljs.com/1.3.6/quill.snow.css https://use.fontawesome.com https://cdnjs.cloudflare.com https://sdk-03.moengage.com https://www.andromeda-lc.com  https://fonts.googleapis.com 'unsafe-inline';font-src 'self' https://fonts.gstatic.com; object-src 'self'; manifest-src 'self' blob:;form-action 'self';frame-ancestors 'self' https://config.sellina.io https://kbuddy.salescode.ai *.cokebuddy.in *.cokebuddy.my *.coca-cola.com.mm *.bnl.com.np *.salescode.ai *.sellina.io *.sellindemo.io;connect-src 'self' blob: *.sellina.io *.sellinademo.io *.salescode.ai *.coca-cola.com.mm *.bnl.com.np https://worldtimeapi.org/api/ip https://www.gstatic.com https://i3.ytimg.com https://api.codemagic.io https://hooks.slack.com https://d141vg64q1vo2f.cloudfront.net https://d19olq767v5jsz.cloudfront.net https://d38zogo6ivxrxf.cloudfront.net https://login.microsoftonline.com https://api-dev.hccbpl.in https://unpkg.com https://fonts.gstatic.com https://apptech.blob.core.windows.net https://uat.sellina.io https://unnati.sellina.io https://kpi.sellina.io https://prod.sellina.io https://api.sellinademo.io https://demo.salescode.ai https://lubechat-server.preprod.aze.shell.io https://lubechat-server.prod.aze.shell.io https://api.segment.io/v1/m https://api.segment.io/v1/t https://cdn.moengage.com https://sdk-01.moengage.com https://sdk-02.moengage.com https://sdk-03.moengage.com https://o1280144.ingest.sentry.io https://www.youtube.com https://cdn.segment.com https://fcm.googleapis.com https://www.google-analytics.com https://browser.sentry-cdn.com https://fcm.googleapis.com/fcm/connect/subscribe https://www.googletagmanager.com https://www.google-analytics.com https://mdmuploads.s3.ap-south-1.amazonaws.com https://analytics.cokebuddy.in https://d2nvw4ekms3xzy.cloudfront.net https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://firebaseremoteconfig.googleapis.com https://firebaselogging-pa.googleapis.com https://firebase.googleapis.com https://cdn.optimizely.com https://andromeda-lc.com https://api.cokebuddy.in 1
frame-ancestors 'self' *.google.com *.amp.colgate.pl amp.colgate.pl *.pricespider.com *.mapbox.com cdnjs.cloudflare.com; 1
default-src * 'unsafe-inline' 'unsafe-eval';script-src * 'unsafe-inline' 'unsafe-eval';img-src 'self' data:; frame-src 'self' data:; object-src 'self' data: 1
frame-ancestors 'self' collectionb.cc *.collectionb.cc 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval' http://localhost:3000 ws://localhost:3000 1
default-src 'none';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.pinimg.com *.teads.tv https://region1.analytics.google.com https://tpc.googlesyndication.com https://skroutza.skroutz.gr https://sslwidget.criteo.com https://www.columbiasportswear.gr https://ping.contactpigeon.com https://static.criteo.net https://ajax.cloudflare.com https://skroutza.skroutz.gr https://www.contactpigeon.com *.skroutz.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr *.zopim.com *.zdassets.com/ *.hotjar.com *.hotjar.io https://static.adman.gr/adman.js *.adman.gr *.ubembed.com https://360.bestprice.gr https://www.bestprice.gr wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr https://use.typekit.net https://collection.e-satisfaction.com *.cdninstagram.com https://v2.zopim.com https://static.zdassets.com;style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://www.contactpigeon.com https://ping.contactpigeon.com https://fonts.googleapis.com https://use.typekit.net https://collection.e-satisfaction.com https://p.typekit.net;object-src 'self';img-src 'self' data: https://cdn.e-satisfaction.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://widget.eu.criteo.com https://www.google.co.uk https://s.thebrighttag.com https://beacon.krxd.net https://dpm.demdex.net https://dis.criteo.com https://ct.pinterest.com *.teads.tv https://dimages.contactpigeon.com https://googleads.g.doubleclick.net https://gum.criteo.com https://sync-criteo.ads.yieldmo.com https://ad.yieldlab.net https://criteo-partners.tremorhub.com https://simage2.pubmatic.com https://sync.outbrain.com https://exchange.mediavine.com https://matching.ivitrack.com https://ad.360yield.com https://id5-sync.com https://gum.criteo.com https://r.casalemedia.com https://visitor.omnitagjs.com https://cm.adform.net https://ups.analytics.yahoo.com https://eb2.3lift.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://rtb-csync.smartadserver.com https://match.sharethrough.com https://pixel.rubiconproject.com https://contextual.media.net https://secure.adnxs.com https://ib.adnxs.com https://cm.g.doubleclick.net https://x.bidswitch.net https://googleads.g.doubleclick.net https://ping.contactpigeon.com https://collection.e-satisfaction.com https://collection.e-satisfaction.com https://columbia.staginglh.com https://columbia.test.devlh.com https://static.columbiasportswear.gr https://www.columbiasportswear.gr *.skroutz.gr https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://fonts.gstatic.com  https://www.google.com.tr https://trustmark.gr *.facebook.com *.facebook.net *.analytics.google.com https://img.youtube.com;font-src 'self' data: https://use.typekit.net https://fonts.gstatic.com; connect-src 'self' https://adservice.google.com https://ct.pinterest.com *.teads.tv https://region1.analytics.google.com https://ping.contactpigeon.com https://collection.e-satisfaction.com https://ekscapig.sleed.com https://web.facebook.com https://www.facebook.com https://socialplugin.facebook.net https://cdn.e-satisfaction.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app https://ekr.zdassets.com;frame-src *;media-src 'self'; manifest-src 'self' https://www.columbiasportswear.gr 1
default-src 'self' site.webmanifest; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js https://unpkg.com/aos@2.3.1/dist/aos.js https://www.google-analytics.com https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/npm/bootstrap-icons@1.5.0/font/bootstrap-icons.css https://fonts.googleapis.com/css https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css https://fonts.googleapis.com/css2; img-src 'self' assets/favicon.ico; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdn.jsdelivr.net ; media-src 'self' https://www.youtube.com/; frame-src 'self' https://www.youtube.com/; 1
default-src 'self'  https://*.cryptorg.net https://cryptorg.net:* https://*.cryptorg.io https://cryptorg.io:* https://cryptorg.net https://*.cryptorg.io https://cryptorg.io http://*.cloudflare.com https://*.cloudflare.com http://monitorings.local:8038 https://api.bybit.com ; script-src blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://*.tradingview.com http://cdn.datatables.net https://cdn.datatables.net http://*.cloudflare.com https://*.cloudflare.com https://*.tradingview.com https://tradingview.com https://unpkg.com https://*.googleapis.com https://*.sumsub.com https://api.bybit.com ; script-src-elem  blob: data: 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://*.tradingview.com http://cdn.datatables.net https://cdn.datatables.net http://*.cloudflare.com https://*.cloudflare.com https://*.tradingview.com https://tradingview.com https://unpkg.com https://*.sumsub.com https://api.bybit.com ; style-src 'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://fonts.gstatic.com http://cdn.datatables.net http://*.cloudflare.com https://*.cloudflare.com https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://unpkg.com https://*.sumsub.com https://api.bybit.com ; style-src-elem  'self' 'unsafe-inline' blob: https://fonts.googleapis.com https://fonts.gstatic.com http://cdn.datatables.net http://*.cloudflare.com https://*.cloudflare.com https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://*.sumsub.com https://api.bybit.com ; font-src  'self' 'unsafe-eval' data: https://fonts.googleapis.com http://cdn.datatables.net https://fonts.gstatic.com https://cdn.jsdelivr.net ; img-src 'self' data:  blob: https://tradingbeep.com https://www.google-analytics.com https://*.google-analytics.com http://*.cloudflare.com https://*.cloudflare.com https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://www.googletagmanager.com https://www.google-analytics.com https://*.google-analytics.com https://www.google.com https://*.googleapis.com https://*.sumsub.com https://api.bybit.com ; media-src 'self' blob: data: https://*.cryptorg.net https://cryptorg.net https://*.cryptorg.io https://cryptorg.io https://youtu.be https://www.youtube.com ; frame-src 'self' blob: data: https://youtu.be https://www.youtube.com https://*.tradingview.com https://*.sumsub.com https://api.bybit.com ; connect-src 'self' https://api.coingecko.com https://*.tradingview.com   https://www.google-analytics.com  https://*.google-analytics.com https://fonts.googleapis.com https://www.googletagmanager.com  http://monitorings.local:8038 http://cdn.datatables.net https://binance.com  https://*.binance.com  wss://binancefuture.com  wss://*.binancefuture.com  wss://stream.binance.com:9443 https://*.cryptorg.net https://cryptorg.net:* https://*.cryptorg.io https://cryptorg.io:* wss://cryptorg.net wss://*.cryptorg.net https://*.sumsub.com wss://stream.bybit.com wss://ws2.bybit.com https://api.bybit.com wss: ws: ; object-src 'none' ; base-uri 'self' ;  1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.gstatic.com https://*.thequin.ai https://*.alo-tech.com https://*.nr-data.net https://*.newrelic.com https://*.mobildev.in https://*.criteo.com https://*.googletagservices.com https://*.googlesyndication.com https://*.dynatrace.com https://*.matomo.cloud https://daikin.matomo.cloud https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://analytics.tiktok.com https://cdn-asset.optimonk.com https://content.linkedin.com https://*.facebook.net https://cdn.onesignal.com https://cdnjs.cloudflare.com https://daikin.sortext.com https://daikin-core.cbot.ai https://gs-cdn.optimonk.com https://*.facebook.com https://google-analytics.com https://googletagmanager.com https://matomojs.trackify.info https://maps.googleapis.com https://my.sortext.com https://mc.yandex.ru https://onesignal.com https://pi.pardot.com https://platform.linkedin.com https://static.criteo.net https://sslwidget.criteo.com https://static-exp1.licdn.com https://snap.licdn.com https://script.hotjar.com https://static.hotjar.com https://ssl.google-analytics.com https://st-daikin.mncdn.com https://unpkg.com https://*.youtube.com https://www.clarity.ms https://www.google-analytics.com https://www.googletagmanager.com https://*.jquery.com https://instant.page http://instant.page https://go.pardot.com htttps://go.daikin.eu https://denv-virtualshowroom-b2c-web.azureedge.net/ https://cdn.usefathom.com/ https://cdn.quinengine.com;                      frame-src 'self' 'unsafe-inline' https://*.google.com https://*.alo-tech.com https://*.yandex.com st-daikin.mncdn.com https://*.youtube.com https://*.youtube-nocookie.com https://st-daikin.mncdn.com https://go.daikin.eu https://*.youtube.com https://*.criteo.com/ https://*.doubleclick.net https://*.facebook.net https://*.facebook.com https://*.force.com/ https://*.force.com https://*.salesforce-sites.com;       style-src 'self' 'unsafe-inline' https://*.google.com https://*.alo-tech.com https://*.thequin.ai *.google.com *.licdn.com cdnjs.cloudflare.com daikin-core.cbot.ai fonts.googleapis.com onesignal.com st-daikin.mncdn.com unpkg.com www.googletagmanager.com https://go.pardot.com https://go.daikin.eu https://denv-virtualshowroom-b2c-web.azurewebsites.net/;                      child-src 'self' blob: *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.criteo.com *.criteo.net *.facebook.net vars.hotjar.com www.youtube.com www.googletagmanager.com https://*.youtube-nocookie.com https://go.pardot.com https://go.daikin.eu https://*.force.com/;                      base-uri 'self';       font-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.alo-tech.com https://*.mncdn.com https://*.cbot.ai data:;                      worker-src 'self' blob: www.google.com;       report-uri /WebResource.axd?cspReport=true;       upgrade-insecure-requests; 1
default-src https://www.googletagmanager.com 'self' ka-f.fontawesome.com dakotacargo.co.id 'unsafe-inline';script-src https://www.googletagmanager.com 'self' www.dakotacargo.co.id https://ajax.googleapis.com https://ssl.google-analytics.com https://www.gstatic.com kit.fontawesome.com cdn.syncfusion.com cdnjs.cloudflare.com pagead2.googlesyndication.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com 'unsafe-inline'; style-src 'self' dakotacargo.co.id www.gstatic.com cdnjs.cloudflare.com ajax.googleapis.com fonts.googleapis.com www.w3schools.com cdn.syncfusion.com cdn.jsdelivr.net pagead2.googlesyndication.com https://use.fontawesome.com 'unsafe-inline'; object-src 'self' https://dakotacargo.co.id pagead2.googlesyndication.com 'unsafe-inline';img-src www.googletagmanager.com https://www.google.com 'self' www.w3.org pagead2.googlesyndication.com 'unsafe-inline';base-uri 'self' pagead2.googlesyndication.com;form-action 'self'; font-src 'self' cdnjs.cloudflare.com fonts.gstatic.com use.fontawesome.com 'unsafe-inline'; frame-src 'self' maps.google.com www.google.com www.youtube.com pagead2.googlesyndication.com https://bid.g.doubleclick.net 'unsafe-inline'; connect-src 'self' dakotacargo.co.id https://www.google-analytics.com 'unsafe-inline'; 1
default-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'report-sample' 'self' cdnjs.cloudflare.com code.jquery.com d3js.org https://*.licdn.com/ https://*.zoominfo.com/ https://*.google-analytics.com/ https://tracking.g2crowd.com/ https://unpkg.com/jspdf@latest/dist/jspdf.umd.min.js https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.usemessages.com/ https://js.hs-analytics.net/ https://js.hscollectedforms.net/ https://cdn.mxpnl.com/ https://www.amcharts.com/ https://www.googletagmanager.com/ *.dasboot.in *.sisense.com dataweave.sisense.com *.google.com *.googleapis.com *.mixpanel.com *.amcharts.com *.dataweave.com; style-src 'unsafe-inline' 'report-sample' 'self' https://fonts.googleapis.com/; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.dataweave.com/ https://dataweave.com/ https://*.google-analytics.com/ https://forms.hscollectedforms.net/ https://*.hubspot.com/ https://*.zoominfo.com/ https://cdn.linkedin.oribi.io/ https://*.mixpanel.com/ https://*.sentry.io/; font-src 'self' data: https://fonts.gstatic.com/; frame-src 'self' https://auth.dataweave.com/ https://dataweave.sisense.com/ https://app.hubspot.com/ https://*.vimeo.com/ https://*.spotify.com/ https://*.youtube.com/ https://*.zoom.com/ https://*.buzzsprout.com/; img-src * 'self' data: https:; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src https://*.bigdavi.com https://*.davicloud.com https://*.davidocs.com https://davidocs.com https://*.davisign.com https://*.validate.digital https://*.notificacion.digital http://127.0.0.1:1853 http://127.0.0.1:1854 https://www.googletagmanager.com https://www.google-analytics.com https://sandbox-web-plugins.s3.amazonaws.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://sandbox-api.7oc.cl https://sandbox-liveness.tocws.com https://sandbox-capture.toc.ai https://sandbox-webplugins.s3.amazonaws.com https://sibautomation.com https://in-automate.brevo.com https://api.pushowl.com https://cdn.pushowl.com 'unsafe-eval' 'unsafe-inline' data:; object-src 'none'; 1
default-src 'self';              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://translate.googleapis.com/translate_static/js/element/main.js https://translate.googleapis.com/element/TE_20210503_00/e/js/element/element_main.js https://translate.googleapis.com/translate_a/l;              style-src 'self' 'unsafe-inline' https://translate.googleapis.com/translate_static/css/translateelement.css;              img-src 'self' 'unsafe-inline' https://www.gstatic.com/images/branding/product/1x/translate_24dp.png https://www.gstatic.com/images/branding/product/2x/translate_24dp.png;              connect-src 'self';              font-src 'self';               frame-src https://www.google.com/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://bat.bing.com https://www.clarity.ms https://connect.facebook.net https://www.facebook.com https://securegw.paytm.in https://staticpg.paytm.in https://www.paynimo.com https://cdnjs.cloudflare.com https://unpkg.com https://cdn.polyfill.io https://www.googletagmanager.com https://maps.googleapis.com https://apis.google.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com https://www.google-analytics.com; object-src https://myreports.agilus.in https://api.ddrcsrl.com https://api.ddrcagilus.com https://cmsapi.ddrcsrl.com https://cmsapi.ddrcagilus.com https://www.mysrl.in https://srlcare.srl.in:86; img-src 'self' blob: data: https://bat.bing.com https://ddrcsrl.com https://ddrcagilus.com https://ddrcbackend.indusnettechnologies.com/ https://newcmsapi.srlworld.com https://cmsapi.srlworld.com https://srlcare.srl.in:92 https://api.ddrcsrl.com https://api.ddrcagilus.com https://cmsapi.ddrcsrl.com https://cmsapi.ddrcagilus.com https://srlworldstorage.blob.core.windows.net https://staticgw1.paytm.in https://staticgw2.paytm.in https://staticgw3.paytm.in https://staticgw4.paytm.in https://staticpg.paytm.in https://staticgw5.paytm.in https://staticpg.paytm.in https://www.paynimo.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com/ https://maps.gstatic.com https://maps.googleapis.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com googleads.g.doubleclick.net https://www.google.co.in https://srlclientsit.ochumanoid.ai; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://staticpg.paytm.in https://www.paynimo.com https://www.googletagmanager.com; worker-src blob: https://ddrcsrl.com https://ddrcagilus.com; 1
script-src 'self' 'unsafe-inline' https: https://code.jquery.com https://www.youtube.com http://www.google-analytics.com 'unsafe-eval' https: 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.decisioni.de; img-src 'self' data: *.decisioni.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.decisioni.de; style-src 'self' 'unsafe-inline' *.decisioni.de *.addthis.com *.googleapis.com *.facebook.com www.xing-share.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.decisioni.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.stripe.com *.googletagmanager.com platform.twitter.com platform.linkedin.com www.xing-share.com social.xingassets.com; font-src 'self' data: *.decisioni.de; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.deepakchopra-meditationer.com https://www.deepakchopra-meditace.com 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.hiperformanceacademy.com https://www.deepakchoprameditation.de https://www.deepakchopra.it https://www.omsaracom.com https://www.deepakchoprameditation.fr 1
font-src *.googleapis.com https://www.gstatic.com *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com 'self' 'unsafe-inline'; frame-ancestors view.publitas.com publish.folders.eu www.defrancq.be 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.google.com/ *.doubleclick.net https://www.facebook.com/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.list-manage.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.googleapis.com https://*.gstatic.com 'self' data: https://*.google.com *.google.bg *.facebook.com *.facebook.net https://stats.g.doubleclick.net/ *.googletagmanager.com *.gstatic.com ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com https://*.googleapis.com https://*.googleusercontent.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com blob: http://www.defrancq.be/ http://media.defrancq.be/ https://www.defrancq.be/ https://media.defrancq.be/ http://www.defrancq.docker/ https://www.defrancq.docker/ http://next.www.defrancq.be.cs242.studioemma.com/ https://next.www.defrancq.be.cs242.studioemma.com/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com https://www.gstatic.com/ https://*.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com chimpstatic.com downloads.mailchimp.com *.list-manage.com https://*.googleapis.com https://*.ggpht.com https://*.googleusercontent.com https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com maps.googleapis.com *.addthis.com http://www.defrancq.be/ http://media.defrancq.be/ https://www.defrancq.be/ https://media.defrancq.be/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com downloads.mailchimp.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.googleapis.com *.google-analytics.com *.facebook.com *.facebook.net https://*.google.com https://ipinfo.io https://*.gstatic.com https://*.googleapis.com https://hcaptcha.com https://*.hcaptcha.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com https://pagead2.googlesyndication.com/ http://dpm.demdex.net/ https://*.g.doubleclick.net/ https://maps.googleapis.com/ *.google.com *.google.be https://api.spott.ai/ 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri http://www.defrancq.be/ http://media.defrancq.be/ https://www.defrancq.be/ https://media.defrancq.be/ 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval' data: blob:; worker-src 'self' blob: 1
frame-ancestors 'self' https://backoffice.gigantisch.nl 1
style-src 'self' https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css 'unsafe-inline';           script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://connect.facebook.net/en_GB/sdk.js;           img-src 'self' data: www.w3.org/2000/svg https://www.google-analytics.com;           font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com;           connect-src https://www.google-analytics.com https://www.dhangarvadhuvar.com;           frame-src https://www.facebook.com;           object-src 'none';            default-src 'self'; 1
default-src 'self' 'unsafe-inline' https://sdk.privacy-center.org/ https://fonts.gstatic.com/ https://fonts.googleapis.com/ https://www.gstatic.com https://www.googletagmanager.com https://use.typekit.net/ https://www.google.com/recaptcha/api.js https://cdn.jsdelivr.net/; script-src 'self' https://sdk.privacy-center.org/ https://fonts.googleapis.com/ https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/ https://region1.google-analytics.com/ https://grupoanaya.es/; style-src 'self' 'unsafe-inline' https://sdk.privacy-center.org/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://use.typekit.net/ https://www.gstatic.com https://www.googletagmanager.com https://www.google.com/recaptcha/api.js https://www.google-analytics.com/ https://fonts.gstatic.com/ https://cdn.jsdelivr.net/ https://region1.google-analytics.com/ https://grupoanaya.es/; img-src * data: 'unsafe-inline' https://region1.google-analytics.com/ https://grupoanaya.es/; connect-src * 'unsafe-inline'; frame-src *; form-action 'self'; base-uri 'self'; frame-ancestors 'none'; 1
default-src https: 'self'; script-src https: https://lugeja.e-tervis.ee/piwik/piwik.js 'self' 'unsafe-inline' 'unsafe-eval'; img-src https: data: 'self'; frame-ancestors https: 'self'; font-src https: data: 'self' ; style-src https: 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self' 1
script-src 'self' 'unsafe-inline';  style-src 'self' 'unsafe-inline'; 1
frame-ancestors 'self' dollar.dimbuy.com; 1
default-src 'self' 'unsafe-inline' media.distantrace.com *.google-analytics.com www.google-analytics.com www.facebook.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.tiktok.com unpkg.com omnisnippet1.com forms.soundestlink.com sentry.creativeit.biz challenges.cloudflare.com  www.googletagmanager.com connect.facebook.net hcaptcha.com *.hcaptcha.com scout.distantrace.com platform.linkedin.com platform.twitter.com cdn.polyfill.io cdn.jsdelivr.net *.tawk.to cal.distantrace.com www.google-analytics.com cdnjs.cloudflare.com code.jquery.com; style-src 'self' 'unsafe-inline' fonts.bunny.net fonts.googleapis.com cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com *.tawk.to cdnjs.cloudflare.com; img-src 'self' data: media.giphy.com tile.openstreetmap.org media-typebot-bcpra-u13048.vm.elestio.app:39533 media.distantrace.com public.montonio.com storage.googleapis.com cdn-logos.gocardless.com http://*.tile.osm.org *.tile.osm.org *.basemaps.cartocdn.com *.tile.openstreetmap.org www.facebook.com *.tawk.to cdn.jsdelivr.net tawk.link www.googletagmanager.com *.twitter.com *.vis.earthdata.nasa.gov; font-src 'self' fonts.bunny.net fonts.gstatic.com *.tawk.to; connect-src 'self' tb.distantrace.com formbricks.distantrace.com cke4.ckeditor.com hcaptcha.com *.hcaptcha.com *.google-analytics.com *.tawk.to wss://*.tawk.to *.facebook.com forms.soundestlink.com; frame-src 'self' www.youtube-nocookie.com challenges.cloudflare.com cal.distantrace.com youtube.com www.youtube.com www.googletagmanager.com www.facebook.com hcaptcha.com *.hcaptcha.com *.tawk.to scout.distantrace.com *.twitter.com *.facebook.com; frame-ancestors 'self' liepajaspusmaratons.lv jelgavaspusmaratons.lv valmieraspusmaratons.lv velo.lv www.velo.lv mtb-maratons.lv www.mtb-maratons.lv; form-action 'self' *.tawk.to gogoemail.org www.facebook.com www.swedbank.lv login.swedbank.lv ibanka.seb.lv payment.ecommerce.sebgroup.com banklink.swedbank.com checkout.stripe.com bankaccountdata.gocardless.com gateway.montonio.com; report-uri https://sentry.creativeit.biz/api/2/security/?sentry_key=77fc5e48c72a40de8b07254a90832548; report-to default 1
default-src *.kundo.se; frame-ancestors 'self'; form-action 'self'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data:; style-src *.kundo.se 'self' 'unsafe-inline'; connect-src *; font-src 'self' data:; object-src 'self'; child-src *; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https:; frame-src 'self' https:; img-src 'self' https:; connect-src 'self' https:; 1
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.dreasyfly.com; img-src 'self' data:; 1
frame-ancestors 'self' https://*.store https://store; 1
script-src 'self' www.google.com cdnjs.cloudflare.com www.gstatic.com 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' *.parom.hu *.ducitars.hu *.googleapis.com *.fontawesome.com *.bootstrapcdn.com *.googleadservices.com *.gstatic.com *.doubleclick.net cdn.speedcurve.com creativecdn.com *.gemius.pl *.google-analytics.com *.hotjar.com *.google.com *.cloudflare.com *.cloudflareinsights.com *.googletagmanager.com *.google.hu *.googlesyndication.com *.googletagservices.com fonts.gstatic.com cdn.ampproject.org *.clarity.ms connect.facebook.net *.quantcount.com *.quantserve.com *.inmobi.com 'unsafe-inline' 'unsafe-eval'; img-src * data: 1
default-src 'self'; 	style-src 'self' *.scene7.com/ *.adobeaemcloud.com/ *.digital4danone.com/ *.live2support.com/ *.bootstrapcdn.com/ *.zencdn.net/ *.sharethis.com/ *.googleapis.com/ *.google.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ 'unsafe-inline'; 	script-src 'self' https://analytics.tiktok.com/ *.teads.tv/ https://js-agent.newrelic.com/ *.usercentrics.eu/ *.scene7.com/ https://live2support.com/ *.adobeaemcloud.com/ *.trustcommander.net/ *.tagcommander.com/ *.facebook.net/ *.googleadservices.com/ *.google-analytics.com/ *.sharethis.com *.addthis.com/ *.live2support.com/ *.doubleclick.net/ *.googleapis.com/ *.google.com/ *.digital4danone.com/ *.addthisedge.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ blob: 'unsafe-inline' 'unsafe-eval'; 	img-src 'self' data: *.usercentrics.eu/ *.scene7.com/ *.digital4danone.com/ *.adobeaemcloud.com/ *.assetsadobe.com/ *.live2support.com/ *.doubleclick.net/ *.google-analytics.com/ *.danone.com/ *.google.com.ph/ *.google.com/ *.sharethis.com/ *.gstatic.com/ *.googleapis.com/ *.w3.org/ *.facebook.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.youtube.com; 	frame-src 'self' *.teads.tv/ *.tohklom.com/ *.live2support.com/ *.proprofs.com/ *.facebook.com/ *.doubleclick.net/ *.sharethis.com/ *.addthis.com *.youtube.com *.adsrvr.org/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.cloudfront.net/; 	connect-src 'self' https://analytics.tiktok.com/ *.teads.tv/ https://bam.eu01.nr-data.net/ *.usercentrics.eu/ *.scene7.com/ *.digital4danone.com/ *.commander1.com/ *.trustcommander.net/ *.live2support.com/ *.addthis.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.sharethis.com/ *.doubleclick.net/; 	font-src 'self' data:  *.scene7.com/ *.adobeaemcloud.com/ *.live2support.com/ *.gstatic.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ https://vjs.zencdn.net/; 	media-src 'self'  *.scene7.com/ *.danone.com/ *.google-analytics.com/ *.analytics.google.com/ *.googletagmanager.com/ *.digital4danone.com/ blob: 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: pay.google.com merchant.revolut.com sandbox-merchant.revolut.com cdn.jsdelivr.net www.paypalobjects.com www.paypal.com hcaptcha.com *.hcaptcha.com cdn.sift.com ajax.googleapis.com maps.google.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net hcaptcha.com *.hcaptcha.com fonts.googleapis.com use.fontawesome.com maxcdn.bootstrapcdn.com; img-src 'self' 'unsafe-inline' data: www.gstatic.com d3lc5axmv1xq7g.cloudfront.net www.paypalobjects.com t.paypal.com hexagon-analytics.com ps.w.org s.w.org secure.gravatar.com; connect-src * api.stripe.com; font-src 'self' data: fonts.gstatic.com use.fontawesome.com maxcdn.bootstrapcdn.com; form-action 'self'; frame-ancestors 'self'; object-src 'none'; frame-src 'self' pay.google.com merchant.revolut.com sandbox-merchant.revolut.com www.sandbox.paypal.com www.paypal.com hcaptcha.com *.hcaptcha.com www.youtube-nocookie.com; base-uri 'self' 1
font-src fonts.gstatic.com use.typekit.net *.fontawesome.com *.bootstrapcdn.com data: *.gstatic.com 'self' data: *.moosend.com script.hotjar.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ www.googletagmanager.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com cdn.dnky.co amc.demdex.net www.google.com youtube.com *.vnforapps.com h.online-metrix.net *.loginextsolutions.com widget.botlers.io 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.designer-images.net maps.gstatic.com maps.googleapis.com accounts.google.com 'self' data: cdn.cookielaw.org google.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com polyfill.io *.moosend.com cdn.dnky.co r1-t.trackedlink.net www.gstatic.com js-agent.newrelic.com bam.nr-data.net maps.googleapis.com player.vimeo.com https://www.google.com *.gstatic.com https://maps.googleapis.com cdn.cookielaw.org cdn.onesignal.com *.hotjar.com widget.botlers.io onesignal.com *.vnforapps.com h.online-metrix.net *.cdn.stat-track.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com *.fontawesome.com *.moosend.com *.bootstrapcdn.com cdn.dnky.co *.googleapis.com *.gstatic.com *.googletagmanager.com *.cookielaw.org widget.botlers.io 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net commerce.adobe.io commerce.adobe.net qa-api.magedevteam.com *.sentry.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.stat-track.com *.m-pages.com *.m-operations.com maps.googleapis.com api.comapi.com bam.nr-data.net *.google-analytics.com *.cookielaw.org *.moosend.com region1.analytics.google.com *.hotjar.io oldenterprise.botlers.io vc.hotjar.io *.hotjar.com wss://*.hotjar.com *.doubleclick.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/widgets.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.gstatic.com/; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/recaptcha/ https://www.facebook.com/plugins/; img-src 'self' https://emarketing.dxn2u.com/ https://eworld.dxn2u.com/; img-src 'self' data: 1
default-src 'none'; form-action 'self'; frame-ancestors 'self'; style-src 'self' 'nonce-XzEYRcced8H2PHd0uxTUQRB6wZVfhIeYxMBxnOxgoCjvpe2oL3x6Zo2zSx8pY6Zj4DMoUTPN2FR025mDiBxDOA==' https://dms5yp4uuu488.cloudfront.net/; script-src 'self' 'nonce-XzEYRcced8H2PHd0uxTUQRB6wZVfhIeYxMBxnOxgoCjvpe2oL3x6Zo2zSx8pY6Zj4DMoUTPN2FR025mDiBxDOA==' https://www.google-analytics.com https://www.googletagmanager.com https://static.line-scdn.net https://dms5yp4uuu488.cloudfront.net/; frame-src 'self' https://dms5yp4uuu488.cloudfront.net/; img-src 'self' data: https://www.google-analytics.com https://dms5yp4uuu488.cloudfront.net/; font-src 'self' https://dms5yp4uuu488.cloudfront.net/; connect-src 'self' https://www.google-analytics.com https://dms5yp4uuu488.cloudfront.net/ https://stats.g.doubleclick.net/; media-src 'self' https://dms5yp4uuu488.cloudfront.net/; block-all-mixed-content; 1
default-src 'self' www.googletagmanager.com *.thomasgreg.com.br *.e-detran.com.br script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * 'self' data: https:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://libraires-hachette.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; style-src 'self' 'unsafe-inline' https://libraires-hachette.com https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com https://fonts.googleapis.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; script-src 'unsafe-eval' 'self' 'unsafe-inline' https://stats.wp.com/w.js https://boldair.works https://www.youtube.com https://player.vimeo.com/api/ https://libraires-hachette.com https://sdk.privacy-center.org https://prnt.sc/126aahe https://www.gstatic.com https://www.google.com https://cdn.jsdelivr.net https://assets.pinterest.com https://maps.googleapis.com https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://www.didierfle.fr https://ws-pne.kiosque-edu.com https://api.privacy-center.org https://tpeweb.paybox.com https://ssl.google-analytics.com https://tag.aticdn.net; img-src data: 'self' https://pixel.wp.com https://logs1412.xiti.com/hit.xiti https://region1.google-analytics.com/g/collect https://s.w.org https://scontent-sea1-1.cdninstagram.com *.cdninstagram.com https://log.pinterest.com https://www.google-analytics.com https://www.images.hachette-livre.fr https://maps.gstatic.com https://maps.googleapis.com https://www.google.com https://secure.gravatar.com https://www.didierfle.fr https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; frame-ancestors 'self' https://player.tactileo.fr https://internal.dev.player.tactileo.fr/ https://external.dev.player.tactileo.fr/ https://edu.tactileo.fr https://tactileo.africa;frame-src 'self' https://libraires-hachette.com https://www.google.com https://player.vimeo.com https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://www.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com https://3dsecure.com https://aacsw.3ds.verifiedbyvisa.com;media-src 'self' https://player.vimeo.com https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://www.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; form-action 'self' https://wwww.didierfle.fr https://tpeweb.paybox.com https://www.didierfle.fr/creation.php https://www.didierfle.fr/creation_en.php https://www.didierfle.fr/modification.php https://www.didierfle.fr/modification_en.php; connect-src 'self' https://maps.googleapis.com/$rpc/google.internal.maps.mapsjs.v1.MapsJsInternalService/GetViewportInfo https://stats.g.doubleclick.net https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://region1.google-analytics.com/g/collect https://region1.google-analytics.com/g/collect https://www.google-analytics.com https://cdn.jsdelivr.net https://ws-pne.kiosque-edu.com https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com https://educadhoc.hachette-livre.fr https://logc412.xiti.com; child-src 'self' https://ws-pne.kiosque-edu.com/ https://www.youtube.com https://www.youtube-nocookie.com https://wwww.didierfle.fr https://cdn.jsdelivr.net https://sdk.privacy-center.org https://api.privacy-center.org https://tpeweb.paybox.com; object-src 'self'; 1
default-src 'self' *  www.googletagmanager.com  *   e-ttkf.edu.az data: 'unsafe-inline' 1
default-src 'self' https:  ; object-src 'self' https: data: blob:; img-src 'self' https: data: blob:; style-src 'self' blob: ; worker-src 'self' blob:; font-src 'self' https: data: blob:;  child-src 'self' https: data: blob:; frame-src 'self' https: data: blob:; script-src 'self'; frame-ancestors 'self'; form-action 'self' https:  ; 1
default-src *  data: blob: 'unsafe-inline' 'unsafe-eval' ; 1
frame-ancestors 'self' toledofastfood.ro www.toledofastfood.ro; 1
font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; 1
base-uri 'self'; default-src 'self'; script-src 'self' https: 'unsafe-eval' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com *.googleapis.com *.gstatic.com www.google-analytics.com; img-src 'self' www.google-analytics.com *.googleapis.com *.gstatic.com maps.google.com *.ggpht.com data: maps.gstatic.com *.googleapis.com *.ggpht.com;  style-src 'self' 'unsafe-inline' *.bootstrapcdn.com *.cloudflare.com fonts.googleapis.com; font-src 'self' maxcdn.bootstrapcdn.com cdnjs.cloudflare.com fonts.gstatic.com; form-action *; frame-src *; connect-src *; object-src 'none' 1
frame-ancestors 'self'; default-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.efpa.cz wss://efpa.cz www.googletagmanager.com app.mluvii.com *.google-analytics.com connect.facebook.net stats.g.doubleclick.net www.facebook.com www.google.com www.google.cz gogo.xcc.cz gogo-devel.xcc.cz www.thepay.cz player.vimeo.com *.vimeocdn.com wss://app.mluvii.com cdnjs.cloudflare.com *.youtube.com *.analytics.google.com *.thepay.cz 1
default-src 'self'; connect-src *; frame-ancestors 'self' service.eg.be service-acc.eg.be *.youtube.com *.youtube-nocookie.com; font-src 'self' d3e05cea90z4a3.cloudfront.net fonts.googleapis.com netdna.bootstrapcdn.com use.typekit.net fonts.gstatic.com data:; frame-src 'self' *.hotjar.com analytics-eu.clickdimensions.com *.youtube.com *.fls.doubleclick.net *.doubleclick.net *.youtube-nocookie.com *.facebook.com *.google.com *.googletagmanager.com; img-src 'self' d3e05cea90z4a3.cloudfront.net *.juicer.io dashboard.umbraco.org app.usercentrics.eu *.google-analytics.com *.google.co.uk *.google.com maps.gstatic.com maps.googleapis.com *.facebook.com *.xx.fbcdn.net i.ytimg.com img.youtube.com *.googletagmanager.com *.cookiepro.com *.doubleclick.net *.elfsight.com data:; media-src *; object-src *; script-src 'self' d3e05cea90z4a3.cloudfront.net ajax.aspnetcdn.com app.usercentrics.eu maps.googleapis.com *.googletagmanager.com *.google-analytics.com *.hotjar.com *.facebook.net *.youtube.com cookie-cdn.cookiepro.com secure.adnxs.com *.google.com *.gstatic.com *.elfsight.com *.googleadservices.com *.doubleclick.net *.cookielaw.org *.intuition-agile-7.com *.leadforensics.com 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; manifest-src 'self' d3e05cea90z4a3.cloudfront.net; 1
frame-ancestors 'self' http://10.249.115.99/ https://10.249.115.99/  http://10.249.115.101:8080/ReportServer/; default-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src 'self' data: blob: 'unsafe-inline'; img-src 'self' data: blob: 'unsafe-inline'; frame-src 'self' https://www.youtube.com/; style-src 'self' data: blob: 'unsafe-inline'; 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com *.googleapis.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.stripe.com stripe.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de cdn.dnky.co webchat.dotdigital.com *.google.com *.addthis.com *.pinterest.com *.youtube.com *.elfbar.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.weltpixel.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net d23yuld0pofhhw.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.youtube.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com js.authorize.net jstest.authorize.net js.braintreegateway.com cdn-scripts.signifyd.com www.youtube.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com s7.addthis.com *.alterspruefung365.de *.avada.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.youtube.com *.cloudflare.com *.google.com *.gstatic.com *.googletagmanager.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com cdn.dnky.co webchat.dotdigital.com *.googleapis.com *.youtube.com *.yotpo.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.cloudfront.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com payments.sandbox.braintree-api.com origin-analytics-sand.sandbox.braintree-api.com assets.braintreegateway.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com ekr.zdassets.com/ *.alterspruefung365.de https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com *.youtube.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src https://www.google.com https://maps.gstatic.com https://maps.googleapis.com https://maps.google.com https://portal.counciladvertising.net https://ads.counciladvertising.net https://intads.counciladvertising.net https://ibar.counciladvertising.net https://assets.counciladvertising.net https://securepubads.g.doubleclick.net https://adclick.g.doubleclick.net https://pubads.g.doubleclick.net https://ad-emea.doubleclick.net https://pagead2.googlesyndication.com https://ads.doubleclick.net https://ad.doubleclick.net https://googleads.g.doubleclick.net https://partner.googleadservices.com https://googletagservices.com https://cm.g.doubleclick.net https://static.quantcast.mgr.consensu.org; frame-ancestors 'none' ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
frame-src 'self'; img-src 'self' https://matomo.koumbit.net; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.rollbar.com https://matomo.koumbit.net https://matomo.koumbit.net/; style-src 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'self'; form-action 'self'; frame-ancestors 'self'; report-uri https://elportalmigrante.org/en/report-uri/enforce 1
font-src fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.fontawesome.com *.klarnacdn.net *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarna.com *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com *.stripe.com stripe.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.google.com accounts.google.com *.facebook.com statistiche.emlineamoto.com ecomm.sella.it td.doubleclick.net *.klarna.com *.multisafepay.com https://pay.google.com *.stripe.com klarna.com *.klarnacdn.net *.klarnaevt.com www.xtento.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io blob: www.facebook.com www.google.it *.gstatic.com pagead2.googlesyndication.com ecommerce.nexi.it x.klarnacdn.net *.klarna.com *.klarnaevt.com *.klarnacdn.net *.multisafepay.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com www.xtento.com cdn.xtento.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.google.com www.gstatic.com connect.facebook.net apis.google.com pagead2.googlesyndication.com statistiche.emlineamoto.com s.kk-resources.com ecomm.sella.it *.klarna.com *.klarnacdn.net *.klarnaservices.com *.multisafepay.com https://pay.google.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com *.stripe.com klarna.com *.klarnaevt.com www.xtento.com cdn.xtento.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com www.googletagmanager.com *.fontawesome.com *.klarnacdn.net *.multisafepay.com *.development.scalapay.com *.staging.scalapay.com *.scalapay.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com statistiche.emlineamoto.com pagead2.googlesyndication.com *.google.com google.com googleads.g.doubleclick.net eu.klarnaevt.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com *.multisafepay.com *.stripe.com klarna.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src https://fonts.gstatic.com/ fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com maps.gstatic.com https://accounts.google.com/ https://www.google.com/ https://www.mercadopago.com.br/ https://img.youtube.com *.googletagmanager.com *.google-analytics.com www.googletagmanager.com ssl.gstatic.com www.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://analytics.tiktok.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com maps.googleapis.com https://www.youtube.com/ https://www.youtube.com/iframe_api https://accounts.google.com/ https://www.google.com/ https://www.mercadopago.com.br/ https://mcprod.emcompre.com.br/ https://*.newrelic.com/ *.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com unsafe-inline https://fonts.googleapis.com/ tagmanager.google.com fonts.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://analytics.tiktok.com/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.mercadopago.com *.mercadolivre.com *.mercadolibre.com *.mercadolibre.com.br https://mercadopago.com.br *.mercadopago.com.br *.mlstatic.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com https://viacep.com.br *.google-analytics.com *.analytics.google.com *.googletagmanager.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self'; font-src 'self' 'unsafe-inline' *;img-src 'self' 'unsafe-inline' * data:; script-src 'self' 'unsafe-inline' https://cdn.datatables.net https://maxcdn.bootstrapcdn.com https://connect.facebook.net https://platform.twitter.com/ https://cdn.jsdelivr.net https://www.googleadservices.com https://www.emeds.pk https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://code.jquery.com https://ajax.googleapis.com https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' *;connect-src 'self' 'unsafe-inline' https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://analytics.google.com;frame-src 'self' https://platform.twitter.com https://td.doubleclick.net https://www.facebook.com 1
base-uri 'self';connect-src 'self' *;default-src 'self';form-action 'self' *;img-src 'self' * data:;media-src 'self';object-src 'none';frame-src 'self' *;frame-ancestors 'self' https://wavetest.co.uk/ https://dev-wavesystem.co.uk/ https://wavesystem.co.uk/;font-src 'self' * data:;script-src 'self' * 'unsafe-inline' 'unsafe-eval';style-src 'self' * 'unsafe-inline' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.emprendedores100k.com 1
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'report-sample' 'self' https://googleads.g.doubleclick.net https://www.googleadservices.com https://asistenciawebv2.grupokonecta.co:8443 https://asistenciawebv2-dev.grupokonecta.co:5005 https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.youtube.com https://ajax.googleapis.com https://fast.appcues.com https://code.jquery.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://cdn.datagran.io https://static.hotjar.com https://script.hotjar.com https://api.ipify.org; style-src 'unsafe-hashes' 'unsafe-inline' 'report-sample' 'self' https://asistenciawebv2.grupokonecta.co:8443 https://cdnjs.cloudflare.com https://fonts.googleapis.com https://use.fontawesome.com https://asistenciawebv2-dev.grupokonecta.co:5005; object-src 'none'; base-uri 'self'; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://csmetrics.hotjar.com wss://wsp17.hotjar.com https://content.hotjar.io https://asistenciawebv2-dev.grupokonecta.co:5005 https://asistenciawebv2.grupokonecta.co:8443 https://widget.grupokonecta.co wss://ws.hotjar.com/api/v2/client/ws https://analytics.google.com; font-src 'self' https://fonts.gstatic.com https://use.fontawesome.com; frame-src data: 'self' https://www.google.com https://www.youtube-nocookie.com https://www.youtube.com https://9865914.fls.doubleclick.net https://9919689.fls.doubleclick.net https://98659149865914.fls.doubleclick.net https://td.doubleclick.net; img-src 'self' https://googleads.g.doubleclick.net https://ad.doubleclick.net https://asistenciawebv2.grupokonecta.co:8443 https://i.ytimg.com https://conecta.fidely.net https://tools.fidelitymkt.com https://bidagent.xad.com https://www.facebook.com https://cdn.datagran.io https://www.google.com https://www.google.com.mx https://www.google-analytics.com https://www.googletagmanager.com; manifest-src 'self'; media-src 'self'; worker-src 'none';frame-ancestors 'self' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.energiahtg.com 1
default-src 'self' https:; font-src 'self' https: data: fonts.googleapis.com fonts.gstatic.com; img-src 'self' https: data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com https://*.googletagmanager.com pay.google.com www.recaptcha.net www.gstatic.com/recaptcha/; connect-src 'self' www.google.com.ua adservice.google.com analytics.google.com region1.analytics.google.com www.google-analytics.com www.googletagmanager.com pay.google.com google.com/pay; style-src 'self' 'unsafe-inline' 'report-sample' fonts.googleapis.com; report-uri /home/errors/csp; base-uri 'self'; frame-ancestors 'none'; frame-src *.xpay.com.ua pay.google.com acs4.privatbank.ua www.youtube.com www.recaptcha.net; child-src 'self'; form-action 'self' www.privat24.ua www.liqpay.ua www.liqpay.ua/api/3/checkout *.privatbank.ua acs-idcheck.acdcproc.com acs.upc.ua 3ds2.ukrsibbank.com easypay.ua www.portmone.com.ua 3ds-test.oschadbank.ua 3ds.oschadbank.ua 3dsecure.ukrsibbank.com energo.volyn.ua www.energo.volyn.ua; upgrade-insecure-requests; worker-src 'none' 1
default-src 'self' 'unsafe-inline' https://*; script-src 'self' http://*.facebook.net/ http://*.facebook.com/ http://in.fw-cdn.com/ 'unsafe-inline' 'unsafe-eval' https://*; style-src 'self' http://*.googleapis.com/  'unsafe-inline' http://* https://*; font-src 'self' data: 'unsafe-inline' https://*; frame-src https://*; img-src * 'self' data: http://* https:; connect-src http://* https://* 1
default-src 'none'; script-src 'unsafe-hashes' 'self' 'sha256-MhtPZXr7+LpJUY5qtMutB+qWfQtMaPccfe7QXtCcEYc='; connect-src 'self'; img-src 'self'; font-src 'self' fonts.gstatic.com; style-src 'unsafe-inline'  'self' fonts.googleapis.com; frame-ancestors 'none'; form-action 'self' https://*.epaslaugos.lt; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://www.youtube.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://privacyportal-eu.onetrust.com https://analytics.tiktok.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://fonts.smct.co https://fonts.smct.io https://fonts.gstatic.com; form-action 'self' https://www.facebook.com https://www.erborian.es https://checkout.erborian.es https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://geolocation.onetrust.com https://analytics.tiktok.com https://*.ibytedtos.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://fonts.smct.co https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src * data: 'unsafe-eval' 'unsafe-inline'; img-src * data: blob:; media-src * data: blob: 1
default-src 'self' naturaprende.net *.naturaprende.net escuelanaturayavon.net *.escuelanaturayavon.net *.jsdelivr.net unpkg.com cdnjs.cloudflare.com cdn.datatables.net *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com.ar *.google.com *.youtube.com *.ytimg.com naturamediaawsbucket.s3.sa-east-1.amazonaws.com 'unsafe-inline' data:; frame-src * 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.esophia.de; img-src 'self' data: *.esophia.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.esophia.de; style-src 'self' 'unsafe-inline' *.esophia.de *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.esophia.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com *.bing.com *.googletagmanager.com; font-src 'self' data: *.esophia.de; 1
block-all-mixed-content; upgrade-insecure-requests; default-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org; connect-src 'self' https://o318158.ingest.sentry.io https://api.digitransit.fi; object-src 'none'; report-uri /api/csp; report-to csp-endpoint; script-src 'self' 'sha256-z1vaAvxob9VDuw7klCB049Y2Xr6lf7KjhDrsLvsvcPU='; frame-ancestors 'none'; form-action 'self'; 1
frame-ancestors 'self' essasofa.co.kr *.essasofa.co.kr 1
frame-ancestors https://estado.sc.gov.br 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.estudiodecafe.com 1
connect-src 'self' https://localhost:29739/ https://merchant.onlinesbi.sbi/; script-src 'nonce-a1U2S0lyaFhxelc1SVpFOA==' 'unsafe-inline' 'strict-dynamic' https: http: ; img-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'none'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src 'self';font-src 'self'; media-src 'none'; manifest-src 'self'; 1
frame-ancestors 'self' https://ettansmopeder.se https://shop.ettansmopeder.se https://ettansmopeder.nu https://mopedersaljes.se https://xn--mopedersljes-ncb.se https://ettansmopeder.starwebserver.se 1
default-src 'none'; script-src 'self' 'unsafe-inline' ajax.googleapis.com cdn.cookie-script.com *.livechatinc.com *.livechat-static.com *.googletagmanager.com *.hotjar.com *.google-analytics.com *.google.com connect.facebook.net *.hotjar.io system3secure.pl *.googleadservices.com *.doubleclick.net *.adform.net; connect-src 'self' wss: *.eultimo.pl *.hotjar.com *.hotjar.io *.doubleclick.net *.cookie-script.com *.google-analytics.com *.analytics.google.com *.google.com *.googletagmanager.com *.gstatic.com *.livechatinc.com *.livechat-static.com *.googleapis.com *.googleadservices.com *.facebook.net *.revhunter.tech *.inistrack.net *.google.pl *.googlesyndication.com *.facebook.com *.adform.net system3secure.pl *.onaudience.com *.bm.pl https://google.com/pay blik.com *.autopay.eu; img-src 'self' blob: data: app.revhunter.tech system360.inistrack.net *.facebook.com ade.googlesyndication.com pixel.onaudience.com platnosci.bm.pl blik.com *.doubleclick.net *.google.com *.google.pl *.gstatic.com *.google-analytics.com *.analytics.google.com *.adform.net *.autopay.eu *.livechat-static.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com app.revhunter.tech system360.inistrack.net fonts.gstatic.com; base-uri 'self'; form-action 'self' *.mojeid.pl; font-src 'self' *.eultimo.pl fonts.gstatic.com *.livechatinc.com *.livechat-static.com; frame-src 'self' vars.hotjar.com *.doubleclick.net *.livechatinc.com *.livechat-static.com *.google.com system3secure.pl *.adform.net; manifest-src 'self'; 1
default-src www.fachkraefte-erzgebirge.de https://www.pitcom.de  https://www.if-6.de https://counter.pitmodule.de/ http://ajax.googleapis.com/ http://fonts.googleapis.com/ http://fonts.gstatic.com/ https://maps.googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ www.fachkraefte-dresden.local www.fachkraefte-leipzig.local www.fachkraft.berlin.local fachkraefte.portal.local dev.fachkraefte-leipzig.de dev.fachkraft.berlin dev.fachkraefte-dresden.de dev.fachkraefte-portal.com dev.unternehmensatlas.de www.unternehmensatlas.de www.unternehmensatlas.local laminas.fachkraefte-dresden.local laminas.fachkraefte-leipzig.local fachkraefte.portal.local laminas.ausbildungsboerse24.local laminas.vogtlandjob.local www.vogtlandjob.local www.fachkraefte-erzgebirge.local laminas.fachkraefte-erzgebirge.local fachkraft.berlin.local laminas.jobportal-region-zwickau.local laminas.unternehmensatlas.local laminas.jobportal-wachstumsregion-dresden.local laminas.jobmanager-cronjob.local dev.fachkraefte-dresden.de dev.jobportal-wachstumsregion-dresden.de dev.fachkraefte-leipzig.de dev.ausbildungsboerse24.de dev.vogtlandjob.de dev.fachkraefte-erzgebirge.de dev.jobportal-region-zwickau.de dev.fachkraft.berlin test.fachkraefte-portal.com test.fachkraefte-dresden.de test.jobportal-wachstumsregion-dresden.de test.fachkraefte-leipzig.de test.ausbildungsboerse24.de test.vogtlandjob.de test.fachkraefte-erzgebirge.de test.jobportal-region-zwickau.de test.fachkraft.berlin test.unternehmensatlas.de www.odbornipracovnici-krusnohori.cz www.specialists-erzgebirge.com googleads.g.doubleclick.net dev-upgrade.vogtlandjob.de www.fachkraefte-portal.com www.fachkraefte-dresden.de www.jobportal-wachstumsregion-dresden.de www.fachkraefte-leipzig.de www.ausbildungsboerse24.de www.vogtlandjob.de www.fachkraefte-erzgebirge.de *.fachkraefte-erzgebirge.de www.jobportal-region-zwickau.de www.fachkraft.berlin www.fachkraefte-portal.com www.touvia.de *.google-analytics.com www.google-analytics.com www.googletagmanager.com tagmanager.google.com connect.facebook.net www.facebook.com www.youtube-nocookie.com player.vimeo.com www.pitcom-webanalyse.de stats.g.doubleclick.net *.doubleclick.net wfe-2023.piwik.pro www.landkreis-bautzen.de cookiehub.net ds.cookiehub.net www.google.* userlike-cdn-widgets.s3-eu-west-1.amazonaws.com d3dc1lgancj6l0.cloudfront.net api.userlike.com www.userlike.com umd.userlike.com userlike-cdn-operators.userlike.com wss://umd.userlike.com www.youtube.com lytcs.fachkraefte-erzgebirge.de *.google-analytics.de *.analytics.google.com *.wfe-erzgebirge.de *.b-cdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' www.fachkraefte-erzgebirge.de https://www.pitcom.de https://www.if-6.de https://counter.pitmodule.de/ https://maps.googleapis.com/ https://csi.gstatic.com/ https://maps.gstatic.com/ http://ajax.googleapis.com/ www.unternehmensatlas.de www.erzgebirge-gedachtgemacht.de www.wfe-erzgebirge.de www.facebook.com *.pitmodule.de www.google.com maps.google.com www.google.* www.google-analytics.com stats.g.doubleclick.net *.doubleclick.net www.pitcom-webanalyse.de www.googletagmanager.com ssl.gstatic.com www.gstatic.com lh3.googleusercontent.com lytcs.fachkraefte-erzgebirge.de userlike-cdn-operators.s3-eu-west-1.amazonaws.com userlike-cdn-operators.userlike.com data: blob:; frame-src 'self' www.fachkraefte-erzgebirge.de https://www.pitcom.de www.google.com www.youtube.com www.touvia.de connect.facebook.net www.facebook.com player.vimeo.com www.googletagmanager.com www.youtube-nocookie.com lytcs.fachkraefte-erzgebirge.de *.doubleclick.net; 1
script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://ajax.googleapis.com 1
default-src 'self'; object-src 'none' 1
default-src 'none'; base-uri 'none'; child-src 'none'; connect-src 'self' *.paytsoftware.com https://api.stripe.com https://appsignal-endpoint.net https://js.stripe.com; font-src 'self' https://fonts.gstatic.com; form-action 'none'; frame-src https://b.stripecdn.com https://hooks.stripe.com https://js.stripe.com; frame-ancestors 'self'; img-src 'self' *.paytsoftware.com data: https://ideal.pay.nl; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' https://b.stripecdn.com https://js.stripe.com; style-src 'self' 'sha256-Ds1HqcTMEIMCslhLbJq1kKQdEJlYZ5VGqBf9uVkGMnA=' 'unsafe-inline' https://fonts.googleapis.com; upgrade-insecure-requests; report-uri https://payt.report-uri.com/r/d/csp/reportOnly; report-to csp-report-endpoint 1
default-src 'self' http: wss: https: data: blob: 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self'; connect-src * wss:; img-src * data:; 1
default-src 'self' *.googlesyndication.com; connect-src *.fallimenti.it *.itauction.it *.amazoncognito.com *.amazonaws.com *.freshmarketer.com *.algolianet.com *.algolia.net *.googleapis.com *.googletagmanager.com *.googlesyndication.com *.google.com *.gstatic.com *.doubleclick.net *.google-analytics.com *.facebook.com *.ubembed.com *.typesense.net *.iovox.com pagesense-collect.zoho.eu *.ads.linkedin.com *.typesense.net *.livechatinc.com *.iovox.com *.cookiebot.com; script-src 'unsafe-inline' 'unsafe-eval' *.fallimenti.it *.recaptcha.net *.freshmarketer.com snap.licdn.com *.jsdelivr.net *.google.it *.google-analytics.com *.google.com *.googletagservices.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.doubleclick.net *.facebook.net *.facebook.com *.cookiebot.com *.smartlook.com *.ampproject.org *.ubembed.com *.pagesense.io api.livechatinc.com *.licdn.com *.hotjar.com *.googleoptimize.com *.zohocdn.com; style-src 'unsafe-inline' *.fallimenti.it *.googleapis.com *.google.com *.googletagmanager.com; img-src data: *.fallimenti.it *.quimmo.it *.realestatediscount.it *.itauction.it *.giustizia.it fallimenti-static-assets.s3.eu-west-1.amazonaws.com s3.eu-west-1.amazonaws.com s3-eu-west-1.amazonaws.com *.doubleclick.net *.unsplash.com *.linkedin.com *.google.com *.google.it *.google-analytics.com *.googlesyndication.com *.googletagmanager.com *.facebook.com *.gstatic.com *.ctfassets.net *.livechat-files.com *.cookiebot.com; frame-src *.recaptcha.net *.google.com *.google-analytics.com *.googlesyndication.com *.googletagservices.com *.facebook.com *.cookiebot.com *.ubembed.com *.criteo.com *.youtube.com *.doubleclick.net; worker-src 'self' blob: 1
default-src 'self' *.nrw.de;    script-src  'self' 'unsafe-inline' 'unsafe-eval' *.nrw.de map.nrw *.google.com *.youtube.com *.youtu.be *.twimg.com *.twitter.com twitter.com *.jwpcdn.com *.gstatic.com *.googleapis.com *.googlesyndication.com *.openstreetmap.org *.mozilla.org *.vimeo.com *.vimeocdn.com *.flickr.com *.staticflickr.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    style-src   'self' 'unsafe-inline' *.nrw.de *.twitter.com twitter.com *.facebook.com *.googleapis.com *.twimg.com *.cloudflare.com cdn.jsdelivr.net svc.webspellchecker.net;    font-src data: *;    img-src  data: *;    frame-ancestors 'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com;    worker-src  'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    frame-src   'self' *.nrw.de *.facebook.com *.facebook.de *.twitter.com twitter.com *.google.com *.youtube.com *.youtu.be ytchannelembed.com *.openstreetmap.org broschueren.nordrheinwestfalendirekt.de;    object-src  'self';    connect-src 'self' *.nrw.de svc.webspellchecker.net *.vsm.nrw;    media-src *; upgrade-insecure-requests; 1
script-src https://res.mobbex.com https://www.gstatic.com https://maps.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://connect.facebook.net https://widgets-static.embluemail.com https://widgets-api.embluemail.com https://pixeltracking.embluemail.com track.embluemail.com 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-bmV0c3BhcmtlciBydWxlcyA7KQ==' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.ampproject.net *.ampproject.org opensharecount.com chimpstatic.com *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.byteoversea.com *.doubleclick.net  *.hypstarcdn.com *.sgpstatp.com *.ibyteimg.com *.ytimg.com *.ipstatp.com *.ggpht.com *.akamaized.net *.googleadservices.com *.googleapis.com  *.syndication.twimg.com *.google.com *.google.co.kr  *.twitter.com *.facebook.com *.facebook.net *.instagram.com *.google-analytics.com *.cloudflare.com *.googletagmanager.com *.googletagservices.com *.googlesyndication.com  *.daumcdn.net *.daum.net  *.naver.net *.naver.com *.inicis.com ; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.ampproject.net *.ampproject.org opensharecount.com chimpstatic.com  *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.byteoversea.com *.doubleclick.net  *.hypstarcdn.com *.sgpstatp.com *.ibyteimg.com *.ytimg.com *.ipstatp.com *.ggpht.com *.akamaized.net *.googleadservices.com *.googleapis.com  *.syndication.twimg.com *.google.com *.google.co.kr  *.twitter.com *.facebook.com *.facebook.net *.instagram.com *.google-analytics.com *.cloudflare.com *.googletagmanager.com *.googletagservices.com *.googlesyndication.com  *.daumcdn.net *.daum.net  *.naver.net *.naver.com *.inicis.com ; connect-src 'self' *.ampproject.net *.gstatic.com *.ampproject.org opensharecount.com chimpstatic.com  *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.byteoversea.com *.doubleclick.net  *.hypstarcdn.com *.sgpstatp.com *.ibyteimg.com *.ytimg.com *.ipstatp.com *.ggpht.com *.akamaized.net *.googleadservices.com *.googleapis.com  *.syndication.twimg.com *.google.com *.google.co.kr  *.twitter.com *.facebook.com *.facebook.net *.instagram.com *.google-analytics.com *.cloudflare.com *.googletagmanager.com *.googletagservices.com *.googlesyndication.com  *.daumcdn.net *.daum.net  *.naver.net *.naver.com *.inicis.com *.fontawesome.com *.lockerdomecdn.com ;   font-src 'self' *.fontawesome.com *.gstatic.com data:;   object-src 'none';   media-src 'self'; form-action 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com *.ampproject.net *.ampproject.org opensharecount.com  chimpstatic.com  *.tiktok.com *.tiktokcdn.com *.ibytedtos.com *.byteoversea.com *.doubleclick.net  *.hypstarcdn.com *.sgpstatp.com *.ibyteimg.com *.ytimg.com *.ipstatp.com *.ggpht.com *.akamaized.net *.googleadservices.com *.googleapis.com  *.syndication.twimg.com *.google.com *.google.co.kr  *.twitter.com *.facebook.com *.facebook.net *.instagram.com *.google-analytics.com *.cloudflare.com *.googletagmanager.com *.googletagservices.com *.googlesyndication.com *.daumcdn.net *.daum.net *.naver.net *.naver.com *.inicis.com ; frame-ancestors 'self'; worker-src 'self' blob: ;  1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-MjM2LDEzNiwyMzIsOTksMzksMywxMzUsOTg=' blob: https://cdn.discordapp.com/animations/ https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://js.braintreegateway.com https://assets.braintreegateway.com https://www.paypalobjects.com https://checkout.paypal.com https://c.paypal.com https://kit.cash.app; style-src 'self' 'unsafe-inline' https://cdn.discordapp.com https://*.hcaptcha.com https://hcaptcha.com https://kit.cash.app; img-src 'self' blob: data: https://*.discordapp.net https://*.discordapp.com https://*.discord.com https://i.scdn.co https://i.ytimg.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com https://*.youtube.com https://*.giphy.com https://static-cdn.jtvnw.net https://pbs.twimg.com https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com https://b.stats.paypal.com https://slc.stats.paypal.com https://hnd.stats.paypal.com https://api.cash.app; font-src 'self' https://fonts.gstatic.com https://cash-f.squarecdn.com; connect-src 'self' https://status.discordapp.com https://status.discord.com https://support.discordapp.com https://support.discord.com https://discordapp.com https://discord.com https://discord-attachments-uploads-prd.storage.googleapis.com https://cdn.discordapp.com https://media.discordapp.net https://images-ext-1.discordapp.net https://images-ext-2.discordapp.net https://router.discordapp.net wss://*.discord.gg https://best.discord.media https://latency.discord.media wss://*.discord.media wss://dealer.spotify.com https://api.spotify.com https://music.amazon.com/embed/oembed https://sentry.io https://api.twitch.tv https://api.stripe.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com https://*.braintree-api.com https://www.googleapis.com https://*.algolianet.com https://*.hcaptcha.com https://hcaptcha.com https://*.algolia.net ws://127.0.0.1:* http://127.0.0.1:*; media-src 'self' blob: disclip: https://*.discordapp.net https://*.discord.com https://*.discordapp.com https://*.youtube.com https://streamable.com https://vid.me https://twitter.com https://oddshot.akamaized.net https://*.giphy.com https://i.imgur.com https://media.tenor.co https://media.tenor.com https://c.tenor.com; frame-src https://discordapp.com/domain-migration discord: https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://js.stripe.com https://hooks.stripe.com https://checkout.paypal.com https://c.paypal.com https://assets.braintreegateway.com https://checkoutshopper-live.adyen.com https://kit.cash.app https://player.twitch.tv https://clips.twitch.tv/embed https://player.vimeo.com https://www.youtube.com/embed/ https://www.tiktok.com/embed/ https://music.amazon.com/embed/ https://music.amazon.co.uk/embed/ https://music.amazon.de/embed/ https://music.amazon.co.jp/embed/ https://music.amazon.es/embed/ https://music.amazon.fr/embed/ https://music.amazon.it/embed/ https://music.amazon.com.au/embed/ https://music.amazon.in/embed/ https://music.amazon.ca/embed/ https://music.amazon.com.mx/embed/ https://music.amazon.com.br/embed/ https://www.youtube.com/s/player/ https://twitter.com/i/videos/ https://www.funimation.com/player/ https://www.redditmedia.com/mediaembed/ https://open.spotify.com/embed/ https://w.soundcloud.com/player/ https://audius.co/embed/ https://*.watchanimeattheoffice.com https://sessionshare.sp-int.playstation.com/embed/ https://localhost:* https://*.discordsays.com https://discordappcom.cloudflareaccess.com/; child-src 'self' blob: https://assets.braintreegateway.com https://checkout.paypal.com https://c.paypal.com; prefetch-src 'self' https://cdn.discordapp.com/assets/; 1
upgrade-insecure-requests; base-uri 'self' md-scp.kampyle.com; default-src 'self'; worker-src 'self' blob: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com cdn.polyfill.io coverage.ddc.teliasonera.net cdn.decibelinsight.net collection.decibelinsight.net resources.digital-cloud.medallia.eu *.qelpcare.com wds.ace.teliacompany.com static.customersaas.com fello.humany.net cdn.cookielaw.org *.zopim.com *.zendesk.com md-scp.kampyle.com *.trustpilot.com *.google-analytics.com *.googletagmanager.com tagmanager.google.com *.googleadservices.com *.doubleclick.net collect.fello.se *.facebook.net valuesportal.com cdn.adt357.net gtm.adt313.net cnv.adt644.net *.adtr.io adtr.io *.adform.net *.adt357.net *.adii.io *.adii.se optimizely.teliacompany.com cdn.cookielaw.org/scripttemplates cdf6519016.cdn.adyen.com; style-src 'self' 'unsafe-inline' wds.ace.teliacompany.com fello.humany.net static.customersaas.com md-scp.kampyle.com resources.digital-cloud.medallia.eu tagmanager.google.com *.gstatic.com chat.ace.teliacompany.net; object-src 'self' data: ; font-src 'self' data: static.customersaas.com ace-knowledge-cdn.teliacompany.net fonts.gstatic.com fello.humany.net resources.digital-cloud.medallia.eu; connect-src 'self' 'unsafe-inline' ws: wss: websocket.domain collect.fello.se optimizely.teliacompany.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com fello.humany.net *.zopim.com *.zendesk.com *.qelpcare.com static.customersaas.com collection.decibelinsight.net se.trustpilot.com widget.trustpilot.com geolocation.onetrust.com privacyportal-de.onetrust.com cdn.cookielaw.org resources.digital-cloud.medallia.eu chat.ace.teliacompany.net chat2.ace.teliacompany.net api.ace.teliacompany.net udc-neb.kampyle.com md-scp.kampyle.com stats.g.doubleclick.net *.google-analytics.com pagead2.googlesyndication.com rum.browser-intake-datadoghq.eu session-replay.browser-intake-datadoghq.eu www.facebook.com connect.facebook.net api.adtraction.net cnv.adt644.net log.adtraction.fail *.adt644.net *.adtr.io adtr.io *.adform.net *.adt357.net *.adii.io *.adii.se; img-src 'self' data: blob: 'unsafe-inline' *.fello.se esim.teliacompany.com fello.humany.net geolocation.onetrust.com cdn.cookielaw.org checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com cdf6519016.cdn.adyen.com i.ytimg.com s.ytimg.com udc-neb.kampyle.com md-scp.kampyle.com d35v9wsdymy32b.cloudfront.net resources.digital-cloud.medallia.eu *.googletagmanager.com www.google.com www.google.se translate.google.com www.gstatic.com maps.gstatic.com *.google-analytics.com *.doubleclick.net www.facebook.com log.adtraction.fail cdn.valuesportal.com horizon-cms.s3.eu-central-1.amazonaws.com adservice.google.com; frame-src 'self' *.youtube.com *.youtube-nocookie.com checkoutshopper-test.adyen.com checkoutshopper-live.adyen.com coverage.ddc.teliasonera.net wds.ace.teliacompany.com resources.digital-cloud.medallia.eu se.trustpilot.com widget.trustpilot.com www.google.com *.googletagmanager.com tagmanager.google.com *.google-analytics.com www.facebook.com *.doubleclick.net optimizely.teliacompany.com; media-src 'self' wds.ace.teliacompany.com data: ; child-src blob: ; report-uri /csp-report/v1/report?teamId=97fa7202-c461a51c-805d1e24 1
script-src 'self' 'sha512-SYfDUYPg5xspsG6OOpXU366G8SZsdHOhqk/icdrYJ2E/WKZxPxze7d2HD3AyXpT7U22PZ5y74xRpqZ6A2bJ+kQ==' https://code.jquery.com/jquery-3.3.1.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://cdnjs.cloudflare.com/ajax/libs/chartist/0.11.4/chartist.min.js; frame-src 'self' https://discordapp.com/widget https://kiwiirc.com/client/irc.synirc.net/ https://www.google.com/recaptcha/; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/chartist/0.11.4/chartist.min.css 1
script-src: https://www.google-analytics.com 1
frame-ancestors 'self' https://www.fifecountry.co.uk/ 1
img-src 'self' https: data:;frame-src 'self' https: data: 1
default-src * 'unsafe-inline' 'unsafe-eval' blob: data:; script-src * 'unsafe-inline' 'unsafe-eval' blob: data:; connect-src * 'unsafe-inline' blob: data:; img-src * 'unsafe-inline' blob: data:; frame-src * ; style-src * 'unsafe-inline'; font-src * 'unsafe-inline'; frame-ancestors *; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' api-public.addthis.com m.addthis.com s7.addthis.com v1.addthisedge.com bat.bing.com c.bing.com scontent-iad3-1.cdninstagram.com video-iad3-1.cdninstagram.com *.clarity.ms vimeo.com www.facebook.com connect.facebook.net *.g.doubleclick.net www.google-analytics.com fonts.googleapis.com maps.googleapis.com adservice.google.com www.google.com www.googletagmanager.com *.googleusercontent.com fonts.gstatic.com maps.gstatic.com www.gstatic.com www.instagram.com z.moatads.com widgets.pinterest.com player.vimeo.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' wasm-eval edge.addthis.com m.addthis.com s7.addthis.com v1.addthisedge.com bat.bing.com www.clarity.ms connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com maps.googleapis.com www.google.com tpc.googlesyndication.com www.googletagmanager.com www.gstatic.com app.jazz.co z.moatads.com assets.pinterest.com widgets.pinterest.com player.vimeo.com; script-src-elem 'self' data: 'unsafe-inline' 'report-sample' edge.addthis.com m.addthis.com s7.addthis.com v1.addthisedge.com bat.bing.com www.clarity.ms get663.com connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com ssl.google-analytics.com www.google-analytics.com maps.googleapis.com www.google.com tpc.googlesyndication.com www.googletagmanager.com www.gstatic.com app.jazz.co z.moatads.com appslinker.net www.pagespeed-mod.com assets.pinterest.com widgets.pinterest.com player.vimeo.com; script-src-attr 'unsafe-inline' 'report-sample'; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com translate.googleapis.com; style-src-elem 'self' 'unsafe-inline' 'report-sample' maxcdn.bootstrapcdn.com fonts.googleapis.com www.googletagmanager.com www.gstatic.com pwm-image.trendmicro.com; style-src-attr 'unsafe-inline' 'report-sample';; img-src 'self' data: www.addthis.com bat.bing.com c.bing.com *.cdninstagram.com c.clarity.ms www.facebook.com connect.facebook.net googleads.g.doubleclick.net www.google.ae www.google.al www.google.am ssl.google-analytics.com www.google-analytics.com maps.googleapis.com www.google.at www.google.ba www.google.be www.google.bg www.google.bs www.google.by www.google.ca www.google.ch www.google.cl www.google.cn www.google.co.ao www.google.co.bw www.google.co.cr www.google.co.id www.google.co.il www.google.co.in www.google.co.jp www.google.co.ke www.google.co.kr adservice.google.com translate.google.com www.google.com www.google.co.ma www.google.com.ar www.google.com.au www.google.com.bd www.google.com.bh www.google.com.bo www.google.com.br www.google.com.co www.google.com.cy www.google.com.do www.google.com.ec www.google.com.eg www.google.com.gt www.google.com.hk www.google.com.jm www.google.com.kh www.google.com.kw www.google.com.lb www.google.com.mm www.google.com.mt www.google.com.mx www.google.com.my www.google.com.na www.google.com.ng www.google.com.om www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.pr www.google.com.qa www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.com.vc www.google.com.vn www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.ve www.google.co.vi www.google.co.za www.google.cz www.google.de www.google.dk www.google.dm www.google.ee www.google.es www.google.fi www.google.fr www.google.ge www.google.gr www.google.gy www.google.hn www.google.hr www.google.hu www.google.ie www.google.iq www.google.it www.google.jo www.google.kz www.google.lk www.google.lt www.google.lu www.google.lv www.google.md www.google.me www.google.mk www.google.mu www.google.mv www.google.nl www.google.no www.google.pl www.google.ps www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.si www.google.sk www.google.sr pagead2.googlesyndication.com www.googletagmanager.com www.google.tn www.google.tt www.google.vg fonts.gstatic.com maps.gstatic.com www.gstatic.com app.jazz.co log-papago.naver.com log.pinterest.com source.unsplash.com i.vimeocdn.com;; font-src 'self' data: moz-extension at.alicdn.com static3.avast.com maxcdn.bootstrapcdn.com fonts.gstatic.com cdn.megabonus.com assets.tailwindapp.com svcs.tql.com use.typekit.net; connect-src 'self' api-public.addthis.com m.addthis.com s7.addthis.com bat.bing.com *.clarity.ms fcgt742.com get663.com vimeo.com w88p9x.com www.facebook.com stats.g.doubleclick.net region1.google-analytics.com www.google-analytics.com maps.googleapis.com translate.googleapis.com adservice.google.com analytics.google.com www.google.com pagead2.googlesyndication.com www.googletagmanager.com *.googleusercontent.com www.instagram.com; media-src 'self' data:; object-src 'self'; child-src s7.addthis.com www.facebook.com bid.g.doubleclick.net www.google.com tpc.googlesyndication.com player.vimeo.com; frame-src 'self' edge.addthis.com s7.addthis.com heyzine.com vimeo.com td.doubleclick.net www.facebook.com bid.g.doubleclick.net googleads.g.doubleclick.net www.google.com tpc.googlesyndication.com www.googletagmanager.com *.id.opendns.com safe.menlosecurity.com mozbar.moz.com block.opendns.com assets.pinterest.com lsrelay-config-production.s3.amazonaws.com pwm-image.trendmicro.com player.vimeo.com www.youtube.com; worker-src 'none'; frame-ancestors 'self'; form-action 'self' www.facebook.com www.usaepay.com; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self'; report-uri https://darwinapps.report-uri.com/r/d/csp/enforce 1
upgrade-insecure-requests; script-src 'self' 'unsafe-inline' consentcdn.cookiebot.com consent.cookiebot.com data: www.googletagmanager.com www.google-analytics.com unpkg.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net www.google.com snap.licdn.com bat.bing.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; img-src 'self' https: data:; connect-src 'self' https:; frame-src 'self' https:; object-src 'none'; media-src 'self' https: blob:; child-src 'self' https: blob:; form-action 'self' https:; frame-ancestors 'none'; block-all-mixed-content; upgrade-insecure-requests; 1
default-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; img-src 'self' data: *; base-uri 'self'; 1
default-src 'self'; connect-src 'self' https://cmp-api-staging.hyvesdp.com https://cmp-api.hyvesdp.com https://i.ytimg.com https://www.youtube.com https://hyve-fantasy5.s3.eu-west-1.amazonaws.com https://www.googletagmanager.com https://fonts.gstatic.com http://fantasy5-api-micro-svc.fantasy5-staging.svc.cluster.local/ https://fantasy6-api-staging.hyvesdp.com/ http://fantasy5-api-micro-svc.portals-production.svc.cluster.local/ https://noembed.com https://www.google-analytics.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.youtube.com https://www.googletagmanager.com https://cmp-api-staging.hyvesdp.com https://cmp-api.hyvesdp.com; style-src 'self' 'unsafe-inline' https://cmp-api-staging.hyvesdp.com https://cmp-api.hyvesdp.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: https://hyve-fantasy5.s3.eu-west-1.amazonaws.com https://i.ytimg.com; manifest-src 'self'; frame-src https://www.youtube.com; 1
default-src 'self' 'unsafe-inline' blob: https://stats.g.doubleclick.net https://www.google-analytics.com https://www.sandbox.paypal.com https://www.paypal.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://connect.facebook.net https://www.google-analytics.com https://www.googletagmanager.com https://login.totara.community https://js.stripe.com https://polyfill.io https://www.paypal.com https://www.gstatic.com https://www.recaptcha.net https://cdn.jsdelivr.net https://f.vimeocdn.com https://www.youtube.com https://s.ytimg.com; worker-src 'self' blob:; font-src 'self' data: https://fonts.googleapis.com https://cdn.jsdelivr.net https://fonts.gstatic.com; img-src 'self' data: https://www.facebook.com https://www.google-analytics.com https://www.microsoft.com https://t.paypal.com https://libapps-eu.s3.amazonaws.com https://accounts.google.com https://www.google.com https://i.ytimg.com https://i.vimeocdn.com https://img.youtube.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com; child-src 'self' https://www.recaptcha.net https://drive.google.com https://docs.google.com https://api.turnitinuk.com https://www.paypal.com https://www.sandbox.paypal.com https://js.stripe.com https://campaign.moodle.org https://enovation.ie https://www.google.com https://player.vimeo.com https://www.youtube.com; media-src 'self' blob: https://iulineacli.r1-it.storage.cloud.it https://www.youtube.com https://vod-progressive.akamaized.net https://player.vimeo.com 1
frame-ancestors 'self' https://formulapesca.com 1
default-src 'self'; connect-src 'self' https://analytics.google.com https://*.analytics.google.com https://*.google-analytics.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal.onetrust.com https://m.addthis.com https://stats.g.doubleclick.net https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://www.google.com https://s7.addthis.com https://player.vimeo.com https://vimeo.com https://td.doubleclick.net https://challenges.cloudflare.com; img-src 'self' https://cdn.cookielaw.org https://www.facebook.com https://www.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net data:; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://www.googletagmanager.com https://s7.addthis.com https://z.moatads.com https://v1.addthisedge.com https://m.addthis.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.googleadservices.com https://challenges.cloudflare.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com 1
default-src 'self'; connect-src 'self' cdn.cookielaw.org www.google-analytics.com stats.g.doubleclick.net geolocation.onetrust.com maps.googleapis.com 5tyiep8ui4.execute-api.eu-central-1.amazonaws.com region1.google-analytics.com event.analytics-helper.com region1.analytics.google.com privacyportal-eu.onetrust.com google.com pagead2.googlesyndication.com wss://ws.hotjar.com content.hotjar.io; font-src 'self' data: fonts.gstatic.com; frame-src 'self'  https://www.google.com https://www.youtube.com www.youtube-nocookie.com td.doubleclick.net www.facebook.com; img-src 'report-sample' 'self' data: www.google-analytics.com cdn.cookielaw.org i.ytimg.com maps.gstatic.com maps.googleapis.com fonts.gstatic.com www.googletagmanager.com region1.analytics.google.com www.google.fr www.google.com www.facebook.com googleads.g.doubleclick.net; media-src 'self'; object-src 'none'; script-src 'report-sample' 'self' google.com www.google.com www.gstatic.com www.googletagmanager.com cdn.cookielaw.org www.google-analytics.com 'unsafe-hashes' www.googleadservices.com www.google.com; script-src-elem 'report-sample' 'self' google.com www.google.com www.gstatic.com www.googletagmanager.com cdn.cookielaw.org www.google-analytics.com maps.googleapis.com cdn.freespee.com analytics.freespee.com www.youtube.com 'unsafe-hashes' tag.analytics-helper.com next-dexem.netdna-ssl.com 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' static.hotjar.com googleads.g.doubleclick.net 'sha256-2iC+olKv75CW2QYZsE9BS3AAPlE1BvIupf/kPzB77Po=' 'sha256-hGRTq6+FYBBUC3YgiRg7ndsDhH7mcrmge9D4PKSaWGM=' connect.facebook.net script.hotjar.com www.googleadservices.com; style-src 'report-sample' 'self' fonts.googleapis.com www.googletagmanager.com 'unsafe-inline'; report-uri /; upgrade-insecure-requests 1
default-src 'self' *.gstatic.com *.googleapis.com *.jquery.com *.jsdelivr.net; script-src 'self' 'unsafe-inline' *.jquery.com *.jsdelivr.net https://ssl.google-analytics.com; connect-src 'self'; img-src 'self'; object-src 'self'; style-src 'self' *.gstatic.com *.googleapis.com 'unsafe-inline' data:;base-uri 'self';form-action 'self';font-src 'self' *.gstatic.com *.googleapis.com data:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss: sonicwall.com *.sonicwall.com; 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-5Rgnz0mi79ozM5ExQGlT8Q' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'  blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; object-src 'none'; connect-src 'self' ; style-src 'self' 'unsafe-inline' ; frame-ancestors 'self'; base-uri 'self'; font-src 'self' 1
base-uri 'self'; default-src 'self' https://*.cookie-script.com https://*.googletagmanager.com https://*.google-analytics.com https://ajax.googleapis.com https://stats.g.doubleclick.net https://www.gstatic.com https://www.google.lt https://www.google.com 'unsafe-inline'; 1
object-src 'none';base-uri 'self';script-src 'nonce--MuT69vY9b09jt75M6CIKA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
object-src 'none';base-uri 'self';script-src 'nonce-6v57QeyAgSdupdPJY3yx1w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
frame-ancestors 'self' *.tstatic.net fonts.google.com *.tribunjualbeli.com *.tribunnews.com *.bolasport.com *.grid.id *.gridoto.com *.motorplus-online.com *.kompas.com *.kompasgramedia.com www.kompasiana.com www.kontan.co.id *.ampproject.org *.dailymotion.com *.youtube.com *.ytimg.com *.tawk.io *.fontawesome.com www.tribunnewswiki.com 1
object-src 'none';base-uri 'self';script-src 'nonce-ovAYxPN-spXE9br086EPdg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
img-src 'self' 1
frame-ancestors 'self' https://www.gioiacombo.it; 1
default-src 'self'; style-src 'self' * 'unsafe-inline'; media-src *; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; img-src * data:; connect-src *; frame-src *; font-src * data:; manifest-src *; worker-src *; 1
frame-ancestors 'self' https://mim01.dyndevice.com/ 1
frame-ancestors 'self' oricohxr.works ricoh.oricohxr.works; 1
font-src use.fontawesome.com maxcdn.bootstrapcdn.com fonts.gstatic.com https://fonts.gstatic.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.yotpo.com staticw2.yotpo.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com *.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com https://plumrocket.com *.twitter.com 'self' 'unsafe-inline'; frame-ancestors *.authorize.net cdn-swell-assets.yotpo.com 'self'; frame-src bid.g.doubleclick.net www.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.yotpo.com swellrewards.com *.swellrewards.com *.authorize.net www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://plumrocket.com *.twitter.com *.weltpixel.com grandwesternsteaks.attn.tv creatives.attn.tv 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com store.paradoxlabs.com *.yotpo.com swellrewards.com *.swellrewards.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b0e8.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.gstatic.com yt3.ggpht.com grandwesternsteaks.com yotpo-editor-production.s3.amazonaws.com cdn-yotpo-images-production.yotpo.com maps.gstatic.com maps.googleapis.com *.pinterest.com bat.bing.com *.clarity.ms *.google.com data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.yotpo.com swellrewards.com *.swellrewards.com *.authorize.net sandbox-assets.secure.checkout.visa.com polyfill.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.b0e8.com *.bc0a.com https://www.googletagmanager.com https://gtm-krz25q3-yzi5n.uc.r.appspot.com https://gtm-m2bq7fp-oduwm.uc.r.appspot.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com *.mouseflow.com *.callrail.com bat.bing.com unpkg.com maps.googleapis.com cdn.attn.tv s.pinimg.com static-tracking.klaviyo.com *.clarity.ms 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.yotpo.com swellrewards.com *.swellrewards.com fonts.googleapis.com maxcdn.bootstrapcdn.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com https://fonts.googleapis.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com tagmanager.google.com unpkg.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.yotpo.com swellrewards.com *.swellrewards.com *.authorize.net *.algolia.net *.algolia.com *.algolianet.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com https://www.googletagmanager.com https://gtm-krz25q3-yzi5n.uc.r.appspot.com https://gtm-m2bq7fp-oduwm.uc.r.appspot.com https://googleads.g.doubleclick.net https://*.grandwesternsteaks.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ telemetrics.klaviyo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com https://www.google-analytics.com a.klaviyo.com api.yotpo.com stats.g.doubleclick.net events.attentivemobile.com *.pinterest.com grandwesternsteaks.attn.tv *.mouseflow.com maps.googleapis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' https://www.guatevalley.com https://www.coquetisima.com https://unpkg.com *.hotjar.com https://cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.guatevalley.com https://www.coquetisima.com https://www.googletagservices.com https://tpc.googlesyndication.com https://script.hotjar.com https://adservice.google.com.gt https://partner.googleadservices.com https://connect.facebook.net https://apis.google.com https://www.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://unpkg.com https://static.hotjar.com http://schema.org *.google.com https://www.google.com *.openweathermap.org https://www.openweathermap.org https://openstreetmap.org *.openstreetmap.org https://pagead2.googlesyndication.com https://googleapis.com *.googleapis.com https://ipinfo.io https://test.ibexmercado.com https://translation.googleapis.com https://cdnjs.cloudflare.com; connect-src 'self' https://www.guatevalley.com https://www.coquetisima.com https://vc.hotjar.io https://csi.gstatic.com https://in.hotjar.com https://pagead2.googlesyndication.com https://stats.g.doubleclick.net https://app.pagalocard.com https://www.google-analytics.com https://ipinfo.io https://api.cognitive.microsofttranslator.com https://translation.googleapis.com https://api.us-south.language-translator.watson.cloud.ibm.com; img-src 'self' data: https://www.guatevalley.com https://www.coquetisima.com https://www.okvoyager.com https://www.volcanacatenango.com.gt https://pagead2.googlesyndication.com *.google.com https://unpkg.com https://www.google.com *.openweathermap.org https://www.openweathermap.org https://openstreetmap.org *.openstreetmap.org https://googleapis.com *.googleapis.com https://test.ibexmercado.com; style-src 'self' 'unsafe-inline' https://www.guatevalley.com https://www.coquetisima.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://unpkg.com *.google.com https://www.google.com *.openweathermap.org https://www.openweathermap.org https://openstreetmap.org *.openstreetmap.org https://pagead2.googlesyndication.com https://googleapis.com *.googleapis.com http://fonts.cdnfonts.com; base-uri 'self' https://www.guatevalley.com; font-src 'self' https://www.guatevalley.com https://cdnjs.cloudflare.com https://script.hotjar.com https://fonts.gstatic.com https://themes.googleusercontent.com https://openstreetmap.org *.openstreetmap.org; object-src 'self'; child-src 'self' https://www.guatevalley.com https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://www.google.com https://vars.hotjar.com https://www.youtube.com *.openweathermap.org https://www.openweathermap.org https://openstreetmap.org *.openstreetmap.org https://googleapis.com *.googleapis.com https://pagead2.googlesyndication.com; media-src 'self' https://www.guatevalley.com https://www.youtube.com; frame-ancestors 'self'; 1
default-src 'self'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self'; font-src 'self'  https://fonts.gstatic.com/; object-src 'none'; frame-src 'none'; worker-src 'none'; frame-ancestors 'self'; media-src 'self' 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.vedanta.life https://www.gurukulam.org.br https://www.capitanesintrepidos.org https://cursos.vedanta.academy https://cursos.practicoyoga.com 1
default-src 'self'; script-src 'self' https://*.fontawesome.com/ https://www.google.com https://www.gstatic.com https://*.google-analytics.com https://www.googletagmanager.com https://*.cloudflare.com https://unpkg.com https://*.jsdelivr.net https://hcaptcha.com 'unsafe-inline'; object-src 'self' https://www.youtube.com/; style-src 'self' https://fonts.googleapis.com/ https://modernizr.com https://*.cloudflare.com https://*.jsdelivr.net  https://www.youtube.com 'unsafe-inline'; img-src 'self' https://*.google-analytics.com; media-src 'self'; frame-src 'self' https://www.youtube.com/ https://www.google.com https://www.googletagmanager.com https://*.hcaptcha.com; frame-ancestors 'self'; child-src 'self'; font-src 'self' data: https://fonts.gstatic.com/ https://themes.googleusercontent.com/; connect-src 'self' https://*.fontawesome.com/ https://*.google-analytics.com https://*.hcaptcha.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'unsafe-inline' 'unsafe-eval' http: https: data: mediastream: blob: filesystem:; script-src 'unsafe-inline' 'unsafe-eval' https: data: mediastream: blob: filesystem: embed.typeform.com; style-src 'unsafe-inline' 'unsafe-eval' https: filesystem:; img-src https: data: blob: filesystem:; connect-src https: filesystem:; font-src 'unsafe-inline' 'unsafe-eval' http: https: data: mediastream: blob: filesystem:; media-src https: data: mediastream: blob: filesystem:; child-src https: filesystem:; form-action https: filesystem:; frame-ancestors https: data: mediastream: blob: filesystem: embed.typeform.com; object-src https: data: blob: filesystem:; frame-src http: https: data: blob: filesystem: embed.typeform.com; worker-src https: filesystem:; manifest-src https: filesystem:; navigate-to https:; base-uri https:; upgrade-insecure-requests 1
object-src 'none';base-uri 'self';script-src 'nonce-eyH2iyTyIILyAvCJlgjdqA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
font-src https://kit-pro.fontawesome.com https://use.fontawesome.com https://ka-p.fontawesome.com *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action https://www.facebook.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors *.multisafepay.com https://pay.google.com 'self'; frame-src *.youtube.com *.youtube-nocookie.com player.vimeo.com https://www.google.com/recaptcha/ bid.g.doubleclick.net wm-livechat-2-prod-dot-watermelonmessenger.appspot.com *.multisafepay.com https://pay.google.com https://www.google.com https://www.gstatic.com https://vars.hotjar.com https://borduurpakkettenwinkel.nl https://ct.pinterest.com https://www.facebook.com *.weltpixel.com *.google.com *.addthis.com *.pinterest.com *.trustpilot.com *.wesupply.xyz https://wesupplylabs.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: *.vimeocdn.com i.ytimg.com *.youtube.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com *.google.co.in *.google.com google.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com static.spotlersearch.com happycrafts.nl ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com *.multisafepay.com https://widgets.magentocommerce.com https://www.googleadservices.com https://www.google.com https://www.google.nl https://www.paypal.com https://www.paypalobjects.com https://fpdbs.paypal.com https://fpdbs.sandbox.paypal.com https://*.vimeocdn.com https://s.ytimg.com blob: https://borduurpakkettenwinkel.nl https://www.facebook.com https://www.google-analytics.com https://www.google.ro https://www.google.de https://www.google.be https://bat.bing.com https://beacon.krxd.net https://secure.adnxs.com *.pinterest.com https://c.clarity.ms https://mcusercontent.com *.sooqr.com https://meetanshi.com/media/logo.png *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.cdninstagram.com *.facebook.com data: 'self' 'unsafe-inline'; script-src s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com wm-livechat-2-prod-dot-watermelonmessenger.appspot.com spotlersearchanalytics.com static.spotlersearch.com dynamic.spotlersearch.com app.termly.io chimpstatic.com downloads.mailchimp.com *.list-manage.com *.multisafepay.com https://pay.google.com https://www.clarity.ms https://googleads.g.doubleclick.net https://www.googleadservices.com https://chimpstatic.com https://s.pinimg.com https://bat.bing.com https://static.hotjar.com https://devdocs.magento.com https://magento.com https://www.google.com https://www.gstatic.com https://kit.fontawesome.com https://use.fontawesome.com https://cdnjs.cloudflare.com   https://www.google-analytics.com https://script.hotjar.com https://vars.hotjar.com https://borduurpakkettenwinkel.nl *.facebook.com *.trustpilot.com https://www.googleoptimize.com *.sooqr.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.pinterest.com *.instagram.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src wm-livechat-2-prod-dot-watermelonmessenger.appspot.com static.spotlersearch.com downloads.mailchimp.com *.multisafepay.com https://kit-pro.fontawesome.com https://use.fontawesome.com https://ka-p.fontawesome.com https://cdnjs.cloudflare.com https://borduurpakkettenwinkel.nl *.sooqr.com *.googleapis.com *.trustpilot.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src vimeo.com www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com wm-backend-prod-dot-watermelonmessenger.appspot.com wss://ws.hotjar.com content.hotjar.io metrics.hotjar.io vc.hotjar.io *.google.com google.com region1.analytics.google.com cognito-identity.eu-central-1.amazonaws.com firehose.eu-central-1.amazonaws.com *.multisafepay.com https://bat.bing.com https://ct.pinterest.com https://ka-p.fontawesome.com *.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://in.hotjar.com https://vc.hotjar.com wss://ws4.hotjar.com https://ws8.hotjar.com wss://ws8.hotjar.com https://ws32.hotjar.com wss://ws32.hotjar.com wss://ws46.hotjar.com wss://ws31.hotjar.com https://ws4.hotjar.com https://ws46.hotjar.com https://ws31.hotjar.com https://borduurpakkettenwinkel.nl wss://ws23.hotjar.com https://ws23.hotjar.com https://m.clarity.ms https://f.clarity.ms *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com https://www.google-analytics.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
connect-src 'self' ;frame-ancestors 'self' ;child-src 'self';media-src 'self' ;object-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
policy-uri /'unsafe-inline' 1
default-src 'self' https://* ; script-src 'self' 'unsafe-hashes' 'unsafe-inline' 'unsafe-eval' https://*  http://www.googleadservices.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.googleapis.com https://use.typekit.net https://*; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.typekit.net  https://*; 1
script-src 'self' https://www.googletagmanager.com https://www.recaptcha.net/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval'; 1
report-uri https://healthblocks360.report-uri.com/r/d/csp/enforce;base-uri 'self';connect-src 'self' https://cdn.datatables.net/plug-ins/1.10.19/i18n/English.json https://hlg.tokbox.com/prod/logging/ClientEvent https://config.opentok.com/project/47234334/config.json https://anvil.opentok.com https://api-standard.opentok.com https://hlg.tokbox.com wss://*.tokbox.com wss://tokbox.com;default-src 'self';form-action 'self';img-src 'self' https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js data:;media-src 'self';object-src 'none';script-src 'self' 'nonce-pnqwqH3eIYlhIg02pMA0DX7EMRDVMX9V' https://cdn.datatables.net https://use.fontawesome.com https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.0/jquery.min.js https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.gstatic.com/releases/*/recaptcha/api.js https://www.gstatic.com/recaptcha/api.js https://stackpath.bootstrapcdn.com https://cdn.rawgit.com/bpampuch/pdfmake https://cdn.ckeditor.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases https://cdn.jsdelivr.net/gh/bpampuch/pdfmake@0.1.18/build/vfs_fonts.js https://cdn.jsdelivr.net/gh/bpampuch/pdfmake@0.1.18/build/pdfmake.min.js https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.2/dropzone.min.js https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/moment.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/js/bootstrap-datetimepicker.min.js https://cdnjs.cloudflare.com/ajax/libs/jszip/2.5.0/jszip.min.js https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/js/select2.full.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js https://cdnjs.cloudflare.com/ajax/libs/fullcalendar/3.10.2/fullcalendar.js https://cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.js https://static.opentok.com/v2/js/opentok.min.js https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js https://cdn.datatables.net/rowgroup/1.1.3/js/dataTables.rowGroup.min.js https://cdnjs.cloudflare.com/ajax/libs/bootstrap-slider/11.0.2/bootstrap-slider.min.js;style-src 'self' https://fonts.googleapis.com https://stackpath.bootstrapcdn.com https://cdn.datatables.net https://use.fontawesome.com https://google.com/recaptcha https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.13/css/select2.min.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/css/bootstrap-datetimepicker.min.css https://cdnjs.cloudflare.com/ajax/libs/dropzone/5.9.2/dropzone.min.css 'unsafe-inline' https://healthblocks360.com/css/adminltev3.css https://healthblocks360.com/css/custom.css https://healthblocks360.com/css/mobile.css https://healthblocks360.com/css/select2.min.css https://healthblocks360.com/css/errors.css https://cdnjs.cloudflare.com/ajax/libs/fullcalendar/3.10.2/fullcalendar.min.css https://cdn.jsdelivr.net/npm/icheck-bootstrap@3.0.1/icheck-bootstrap.min.css https://cdn.jsdelivr.net/bootstrap.daterangepicker/2/daterangepicker.css https://cdnjs.cloudflare.com/ajax/libs/bootstrap-slider/11.0.2/css/bootstrap-slider.min.css;font-src https://fonts.gstatic.com https://use.fontawesome.com;frame-src https://www.youtube.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/;upgrade-insecure-requests;block-all-mixed-content;frame-ancestors 1
frame-ancestors 'self' https://hthm-canada-cms-production.azurewebsites.net 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.beautylashacademy.com https://www.hermobenito.com 1
default-src 'self' 'unsafe-inline' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com; style-src 'self' 'unsafe-inline';img-src 'self' https://services.italika.mx/WebVisorArchivosITK/;form-action 'self'; 1
default-src 'self' https://*.hipocampo.org; object-src 'none'; base-uri 'none'; form-action 'self' https://*.hipocampo.org; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; img-src 'self' https://*.hipocampo.org; report-uri https://report.hipocampo.org/CSP_report.asp; report-to default 1
frame-ancestors 'self' https://jupiter.kk.lan/ 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https://www.hkscan.com https://consent.cookiebot.com https://service.giosg.com https://rosekylling.activehosted.com/ *.cdn.jsdelivr.net/ https://old-viewer.paperturn-view.com https://www.paperturn-view.com 'nonce-UyaBY3Ex68Kgv+SdopbHcAUu52v7rkF81IFr5hn5JYo='; font-src 'self' https://use.typekit.net https://dhm5hy2vn8l0l.cloudfront.net https://cdnjs.cloudflare.com/ https://fast.fonts.net/ https://fonts.gstatic.com https://giosg-chat-public-eu.s3.amazonaws.com https://cdn.giosgusercontent.com; style-src 'self' 'unsafe-inline' https://p.typekit.net/ https://use.typekit.net/ https://service.giosg.com https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://fast.fonts.net/ https://fonts.googleapis.com https://cookiehub.net https://cdn.cookiehub.eu/; frame-src 'self' https://318.clients.giosgusercontent.com/ https://rosekylling.activehosted.com/ hr-manager.net/ https://irs.tools.investis.com/ https://viz.tools.investis.com/ https://candidate.hr-manager.net https://www.paperturn-view.com  https://www.youtube.com/ https://hkscanfoodservice.slides.com/ https://td.doubleclick.net/ https://track.adform.net/ https://service.giosg.com/ https://www.youtube-nocookie.com/ https://www.google.com/ *.cookiebot.com; 1
frame-ancestors=none; object-src=none 1
default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; connect-src 'self'; base-uri 'none'; frame-ancestors 'none'; frame-src 'none'; object-src 'none'; media-src 'none'; child-src 'none'; form-action 'self'; worker-src 'none'; manifest-src 'none'; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' 1
default-src * 'unsafe-inline'; img-src * data: 1
default-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self'; script-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; style-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' 'unsafe-inline'; img-src https://hsquizbowl.org https://www.hsquizbowl.org http://hsquizbowl.org http://www.hsquizbowl.org 'self' ; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-7E03D98D6F13024C138DFEC95C7FED5F' 'strict-dynamic'; style-src 'self' 'nonce-7E03D98D6F13024C138DFEC95C7FED5F' translate.googleapis.com; connect-src 'self' https: ; img-src 'self' https: data:; font-src 'none' ; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com td.doubleclick.net; base-uri 'none'; report-uri https://www.huurwoningbemiddeling.nl/API/Site/CspReport 1
child-src 'self';connect-src 'self' ws: storage.gra.cloud.ovh.net ebbot.eu *.extellio.com *.google-analytics.com consentcdn.cookiebot.com;default-src 'self' *.extellio.com https://translate.googleapis.com region1.google-analytics.com storage.gra.cloud.ovh.net ebbot.eu;font-src 'self' fonts.gstatic.com fonts.googleapis.com maxcdn.bootstrapcdn.com storage.gra.cloud.ovh.net ebbot.eu data:;frame-ancestors 'self' *.hyresbostader.se;frame-src 'self' *.youtube.com *.hyresbostader.se *.imbox.io *.aurorateleq.com *.mynewsdesk.com *.reachmee.com *.wec360.se *.studiosuperb.net *.extellio.com https://xn--bostadsvljare-ifb.com/ https://calendar.google.com/ https://accounts.google.com/ *.brandmaster.com consentcdn.cookiebot.com;img-src 'self' *.eniro.no *.googleapis.com *.ggpht.com maps.gstatic.com csi.gstatic.com data: cdnjs.cloudflare.com/ajax/libs/leaflet/ *.google-analytics.com www.gstatic.com www.google.com https://www.facebook.com https://stats.g.doubleclick.net *.ungpd.com storage.gra.cloud.ovh.net imgsct.cookiebot.com;media-src 'self' storage.gra.cloud.ovh.net ebbot.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' maps.googleapis.com csi.gstatic.com leaflet.eniro.com attributionservice.enirocdn.com tileversion.eniro.com cdnjs.cloudflare.com/ajax/libs/leaflet/ *.google-analytics.com script.e-space.se translate.google.com translate.googleapis.com *.imbox.com *.imbox.io *.facebook.net *.hyresbostader.se *.extellio.com https://translate-pa.googleapis.com https://translate.googleapis.com *.googleapis.com www.googletagmanager.com *.googletagmanager.com *.ungpd.com storage.gra.cloud.ovh.net ebbot.eu consent.cookiebot.com consentcdn.cookiebot.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com/ajax/libs/leaflet/ maxcdn.bootstrapcdn.com translate.googleapis.com storage.gra.cloud.ovh.net ebbot.eu; 1
frame-ancestors 'self' https://hyundaimexico-staging-2301.dotcms.cloud https://hyundaimexico-dev-2301.dotcms.cloud https://hyundaimotormex-leads.com https://www.hyundai.com.mx https://hmm-api.s3.amazonaws.com ; 1
default-src 'self' data: gap: file: cdvfile: 'unsafe-eval' https://dbshk.gateway.mastercard.com/; style-src * 'unsafe-inline'; media-src *; img-src * data:; connect-src *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://dbshk.gateway.mastercard.com/checkout/version/60/checkout.js; 1
frame-ancestors 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: www.googletagmanager.com *.silveregg.net ajax.googleapis.com cdnjs.cloudflare.com www.google-analytics.com storage.googleapis.com api.flipdesk.jp tr.webantenna.info connect.facebook.net www.googleoptimize.com config-code.webantenna.info d.line-scdn.net www.clarity.ms b92.yahoo.co.jp s.yimg.jp googleads.g.doubleclick.net static.ads-twitter.com am.yahoo.co.jp b99.yahoo.co.jp www.googleadservices.com tm.r-ad.ne.jp statics.a8.net t.afi-b.com cdn.jsdelivr.net unpkg.com yubinbango.github.io app-webparts-hrbc.porterscloud.com optimize.google.com cdn.kaizenplatform.net js.sentry-cdn.com browser.sentry-cdn.com af.tosho-trading.co.jp polyfill.io modules.promolayer.io;style-src 'self' 'unsafe-inline' ajax.googleapis.com cdnjs.cloudflare.com api.flipdesk.jp cdn.jsdelivr.net app-webparts-hrbc.porterscloud.com optimize.google.com fonts.googleapis.com; 1
default-src 'self' localhost:* *.iding.tw:* boss.mypos.com.tw istore.weibyapps.com:*;connect-src 'self' localhost:* *.iding.tw:* istore.weibyapps.com:* google-analytics.com google.com spay.samsung.com https://www.facebook.com/pay https://www.google-analytics.com https://google.com/pay https://www.google.com/pay https://pay.google.com;frame-src 'self' localhost:* https://pay.google.com https://js.tappaysdk.com;img-src boss.mypos.com.tw data: iding.tw:* *.iding.tw:* istore.laya.com.tw localhost:* weiby-breakfast-store.s3.amazonaws.com weiby-breakfast-store.s3-us-west-2.amazonaws.com https://www.google-analytics.com https://www.gstatic.com/instantbuy/svg/light_square_gpay.svg www.googletagmanager.com;script-src 'self' 'unsafe-inline' localhost:* *.iding.tw:* pay.google.com https://www.clarity.ms/ https://www.clarity.ms/tag https://www.google-analytics.com https://pay.google.com/gp/p/js/pay.js https://js.tappaysdk.com/tpdirect/v5.12.3 https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; media-src https:; img-src https: data:; 1
frame-ancestors http://*.imperatriz.ma.gov.br https://*.imperatriz.ma.gov.br imperatriz.ma.gov.br; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com static.reservio.com; script-src-elem 'self' 'unsafe-inline' connect.facebook.net googleads.g.doubleclick.net www.googleadservices.com www.google.com www.googletagmanager.com www.google-analytics.com www.gstatic.com static.reservio.com *.smartlook.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com static.reservio.com; font-src fonts.googleapis.com fonts.gstatic.com; img-src https: data:; frame-src 'self' www.facebook.com td.doubleclick.net www.google.com maps.google.com www.youtube-nocookie.com *.youtube.com; connect-src 'self' *.doubleclick.net *.googlesyndication.com *.analytics.google.com *.google-analytics.com *.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google.com *.googletagmanager.com *.google-analytics.com *.googletagservices.com *.googleadservices.com *.cookiefirst.com *.vimeo.com *.youtube.com *.ytimg.com *.facebook.net *.facebook.com *.twitter.com *.plyr.io ui-avatars.com data: w3.org/svg/2000 1
default-src *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;script-src 'unsafe-inline' 'unsafe-eval' maps.googleapis.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;object-src *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;style-src 'unsafe-inline' maps.googleapis.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;img-src data: maps.googleapis.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;media-src *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;font-src data: maps.googleapis.com cdnjs.cloudflare.com *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;connect-src 'self' wss: *.facebook.com *.facebook.net *.twitter.com *.linkedin.com *.youtube.com *.ytimg.com *.googleapis.com *.google.bg *.google.iq *.google.co.uk *.google.co.in *.google.com *.googleadservices.com *.doubleclick.net *.google-analytics.com *.googletagmanager.com *.gstatic.com *.googlesyndication.com *.googletagservices.com *.paypal.com *.sandbox.paypal.com *.stripe.com *.worldpay.com *.razorpay.com *.ipinfo.io *.hubspot.com *.glimpse.com *.getglimpse.com *.addthis.com *.addthisedge.com *.sharethis.com *.consensu.org *.amazonaws.com *.moatads.com wss://*.tawk.to *.tawk.to *.jsdelivr.net *.mailchimp.com *.list-manage.com api.companieshouse.gov.uk *.trustpilot.com *.wp.com *.blogspot.com *.primaryhealthlinks.com *.amazon-adsystem.com www.indianpharmajobs.com:*;upgrade-insecure-requests 1
frame-ancestors 'self' http://hipwebsite/  http://nyhip/  http://hip/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.clarity.ms *.google.com *.lineforbusiness.com *.tiktok.com *.line.biz *.googleadservices.com *.doubleclick.net *.twitter.com *.linkedin.com *.googleapis.com *.gstatic.com  www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com cdn.ampproject.org web-chat.nativechat.com unpkg.com/@frontify/ *.cloudinary.com web-sdk.smartlook.com www.googletagmanager.com www.googleanalytics.com www.google-analytics.com www.googleoptimize.com optimize.google.com analytics.tiktok.com amp.azure.net; style-src 'self' 'unsafe-inline' *.google.com *.lineforbusiness.com *.tiktok.com *.line.biz *.googleadservices.com *.doubleclick.net *.twitter.com *.linkedin.com *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com https://cdn.insight.sitefinity.com https://dec.azureedge.net platform.twitter.com/css/ *.twimg.com web-chat.nativechat.com www.googletagmanager.com optimize.google.com fonts.googleapis.com amp.azure.net; font-src 'self' fonts.gstatic.com amp.azure.net kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; img-src 'self' *.googlesyndication.com googleads.g.doubleclick.net *.clarity.ms media.innovestx.co.th media.newscbs-uat.devcloud.scb *.gstatic.com *.googleapis.com *.google-analytics.com platform.tumblr.com web.facebook.com www.facebook.com https://delicious.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.eloqua.com track.hubspot.com web-chat.nativechat.com *.frontify.com *.cloudinary.com www.google-analytics.com www.googletagmanager.com optimize.google.com license.theoplayer.com www.google.co.th amp.azure.net www.innovestx.co.th; media-src 'self' data: blob: *.frontify.com *.cloudinary.com web-writer.sg.smartlook.cloud manager.eu.smartlook.cloud assets-proxy.smartlook.cloud media.newscbs-uat.devcloud.scb *.media.azure.net; frame-src 'self' *.google.com *.lineforbusiness.com *.tiktok.com *.line.biz *.googleadservices.com *.doubleclick.net *.twitter.com *.linkedin.com www.google.com www.youtube.com optimize.google.com www.facebook.com; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com *.frontify.com cloudinary.com *.cloudinary.com blob:; connect-src 'self' data: accounts.google.com *.googlesyndication.com googleads.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.clarity.ms *.google.com *.lineforbusiness.com *.tiktok.com *.line.biz *.googleadservices.com *.doubleclick.net *.twitter.com *.linkedin.com *.mktoresp.com *.google-analytics.com *.gstatic.com *.frontify.com *.cloudinary.com manager.eu.smartlook.cloud web-writer.sg.smartlook.cloud assets-proxy.smartlook.cloud https://api-digitalassets-stage.scbs.com:8443 analytics.tiktok.com analytics.google.com stats.g.doubleclick.net validate.theoplayer.com license.theoplayer.com *.media.azure.net; 1
default-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr *.youtube.com *.youtu.be ; font-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com  www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com 'unsafe-inline' ; style-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr  *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com cdnjs.cloudflare.com *.botnation.ai unpkg.com   www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com  *.previsite.com 'unsafe-inline'; script-src  'self' 'unsafe-eval'  *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr *.googleapis.com *.gstatic.com unpkg.com cdnjs.cloudflare.com ssl.google-analytics.com *.doubleclick.net cbassets.botnation.ai chatbox.botnation.ai www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com 'unsafe-inline' ; connect-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr chatbox.botnation.ai  www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com  'unsafe-inline' ; frame-src 'self' *.inolya.fr *.dwcdn.net *.bootstrapcdn.com *.facebook.com *.monecowatt.fr  *.googletagmanager.com *.google-analytics.com *.doubleclick.net *.jquery.com *.vimeo.com *.vimeocdn.com *.netconception.fr chatbox.botnation.ai  *.youtube.com *.youtu.be *.google.com www.numanis.net *.lisio-solution.com *.googleapis.com www.mobiledition.com  *.google.com *.previsite.com  'unsafe-inline' ; img-src 'self' * data: 'unsafe-inline' 1
object-src 'self'; worker-src 'self' blob:; base-uri 'self'; frame-ancestors 'self'; report-uri https://internetencasa.mx/report-uri/enforce 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval';img-src 'self' data:;font-src 'self';connect-src 'self';style-src 'self' 'unsafe-inline';frame-ancestors 'none'; frame-src 'none'; base-uri 'self'; form-action 'self'; upgrade-insecure-requests; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' http://iqfarma.easycruit.com https://ajax.googleapis.com https://app.powerbi.com https://region1.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.gstatic.com https://fonts.gstatic.com https://maps.googleapis.com https://www.google.com http://www.google-analytics.com https://fonts.googleapis.com http://fonts.googleapis.com http://cdn.polyfill.io; img-src 'self' https://www.googletagmanager.com data: blob: https://maps.googleapis.com https://maps.gstatic.com; worker-src blob:; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.wp.com; img-src 'self' data: https://*.wp.com; object-src 'self' data: https://*.wp.com; frame-src 'self' data: https://*.wp.com; 1
default-src 'self' data: *; img-src 'self' blob: data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'unsafe-inline' * 1
default-src 'self' https://www.google.com/ads/ https://www.google.com.br/ads/ https://analytics.google.com/ https://analytics.google.com/g/ https://www.googletagmanager.com/ https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/ https://www.google.com/ads/ https://stats.g.doubleclick.net/ https://itausaude.com.br/;              script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/ https://www.googletagmanager.com/ https://stats.g.doubleclick.net/j/ https://maps.googleapis.com https://maps.gstatic.com/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtm.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://itausaude.com.br/;              style-src 'self' 'unsafe-inline';              form-action *;              object-src 'none';              base-uri 'self';              connect-src 'self' https://stats.g.doubleclick.net/ https://www.google-analytics.com/ https://maps.googleapis.com/ https://maps.gstatic.com/ https://analytics.google.com/g/;              font-src 'self';              frame-src 'self' https://www.google.com/recaptcha/enterprise/;              img-src 'self' https://maps.gstatic.com https://www.google-analytics.com https://www.google.com https://www.google.com.br/ads/ga-audiences;              manifest-src 'self';              media-src 'self';              worker-src 'none';  1
script-src 'self' *.godomall.com *.google.com *.kakao.com *.naver.com *.google-analytics.com *.googletagmanager.com code.createjs.com openapi.map.naver.com oapi.map.naver.com openapi.naver.com naveropenapi.apigw.ntruss.com nrbe.pstatic.net nrbe.map.naver.net remote.captcha.com *.juso.go.kr static.zdassets.com 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://iva-web.dataproject.com https://cgmpi.creditguard.co.il https://*.creditguard.co.il 1
frame-ancestors https://*.confiva.com https://confiva.com 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.izidore.com *.fermob.com fermob.com *.gautier.fr gautier.fr *.gautier.fr.wip gautier.fr.wip *.ligne-roset.com ligne-roset.com *.cinna.fr cinna.fr *.castoetvous.fr castoetvous.fr *.castoetvous.com castoetvous.com castorama.eu2.alida.com castorama.eu2.vcsandbox.com castorama.eu2.visioncritical.com votreavisnousinteresse.alidainsights.com; 1
frame-ancestors 'self' https://jabb.se https://jabb.starwebserver.se 1
default-src 'self'; frame-src 'self' https://www.youtube.com https://www.facebook.com https://ct.sddan.com/; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://je-change-de-metier.com:8108 https://analytics.groupe-kea.fr https://connect.facebook.net https://www.clarity.ms https://js.sddan.com https://www.googletagmanager.com https://cache.consentframework.com https://choices.consentframework.com https://cdn.tiny.cloud https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.jsdelivr.net https://ct.sddan.com; style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://fontawesome.com https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.tiny.cloud https://p.typekit.net https://cdn.jsdelivr.net https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com https://use.typekit.net https://cdn.sirdata.io; img-src http: https: data: 'self'; connect-src http: https: blob:; 1
*.cookieyes.com cdn-cookieyes.com 1
frame-ancestors 'self' https://api.copomex.com https://alcdn.msauth.net https://agendarservicios.homecenter.co https://agendarserviciosweb.azurewebsites.net https://autoserviciohomecenterqa-ase.sodhc.co;block-all-mixed-content;default-src 'self';script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdn.conekta.io https://code.jquery.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://d3fxnri0mz3rya.cloudfront.net https://html2canvas.hertzen.com https://kit.fontawesome.com https://maxcdn.bootstrapcdn.com https://maps.google.com https://maps.googleapis.com https://netdna.bootstrapcdn.com https://stackpath.bootstrapcdn.com https://use.fontawesome.com https://unpkg.com https://www.gstatic.com;style-src 'self' 'report-sample' 'unsafe-inline' *.bootstrapcdn.com *.fontawesome.com code.jquery.com cdn.datatables.net cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com unpkg.com www.jelpcloud.com www.gstatic.com;object-src 'none';frame-src 'self' maps.googleapis.com maps.google.com ssl.kaptcha.com;child-src 'self';img-src 'self' data: blob: *.gstatic.com *.googleapis.com *.ggpht.com code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net jelp.com jelpsaasbucket.s3.us-east-2.amazonaws.com maps.googleapis.com maps.google.com ssl.kaptcha.com unpkg.com;font-src 'self' data: *.bootstrapcdn.com *.fontawesome.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.googleapis.com fonts.gstatic.com unpkg.com;connect-src 'self' api.copomex.com alcdn.msauth.net  *.fontawesome.com code.jquery.com cloudjelp.com cdnjs.cloudflare.com cdn.jsdelivr.net fonts.gstatic.com fonts.googleapis.com maps.google.com maps.googleapis.com jelpsaasbucket.s3.us-east-2.amazonaws.com;manifest-src 'self';base-uri 'self';form-action 'self' checkout.payulatam.com;media-src 'self' jelpsaasbucket.s3.us-east-2.amazonaws.com;prefetch-src 'self';worker-src 'self'; report-uri 'https://jelpcloud.com/logs/csp.php'; 1
upgrade-insecure-requests; default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob:; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; object-src *; 1
frame-ancestors 'self' https://www.jessemade.es; 1
frame-ancestors 'self', base-uri 'self';connect-src 'self' 'unsafe-inline' https://google.com zeus.jfk.com.co metrics.hotjar.io www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://cooperativajfk.my.salesforce-sites.com https://content.hotjar.io wss://ws.hotjar.com;form-action 'self';img-src 'self' www.googletagmanager.com www.google.com www.google.com.co www.facebook.com googleads.g.doubleclick.net data: blob:;media-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com googleads.g.doubleclick.net www.google-analytics.com www.googletagmanager.com https://www.googleadservices.com static.hotjar.com https://script.hotjar.com connect.facebook.net https://cdnjs.cloudflare.com/ajax/libs/underscore.js/1.8.3/underscore-min.js momentjs.com https://zeus.jfk.com.co https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.1/locale/es.min.js https://cdn.jsdelivr.net/npm/vee-validate@<3.0.0/dist/vee-validate.js https://cooperativajfk.my.salesforce-sites.com/lightning/lightning.out.delegate.js https://cooperativajfk.my.salesforce-sites.com/lightning/lightning.out.js;style-src 'self' 'unsafe-inline' *.googleapis.com cdnjs.cloudflare.com/ajax/libs/timepicker/1.3.5/jquery.timepicker.min.css https://cooperativajfk.my.salesforce-sites.com/*;object-src 'self';frame-src 'self' 'unsafe-inline' www.youtube.com www.google.com https://td.doubleclick.net https://next.knryo.com 1
default-src 'none'; base-uri 'self'; script-src 'self' blob: translate.google.com translate.googleapis.com code.jquery.com cdnjs.cloudflare.com cdn.wdd.idv.tw www.googletagmanager.com www.google-analytics.com blob: 'unsafe-eval' www.youtube.com 'unsafe-inline' netdna.bootstrapcdn.com connect.facebook.net; child-src 'self' data: blob: www.youtube.com www.google.com player.youku.com valc.atm.youku.com; frame-src 'self' data: blob: www.youtube.com www.google.com player.youku.com valc.atm.youku.com; connect-src 'self' https:; font-src 'self' data: fonts.gstatic.com netdna.bootstrapcdn.com; img-src 'self' data: img.youtube.com www.facebook.com; style-src 'self' 'unsafe-inline' www.gstatic.com cdn.wdd.idv.tw fonts.googleapis.com  netdna.bootstrapcdn.com; frame-ancestors 'none'; form-action 'self' payment-stage.ecpay.com.tw ccore.newebpay.com 1
frame-ancestors 'self' https://platform.jioretailer.com 1
style-src 'self' 'unsafe-inline';form-action 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com *.aspnetcdn.com cdnjs.cloudflare.com platform.twitter.com cdn.syndication.twimg.com *.onesignal.com onesignal.com syndication.twitter.com platform.twitter.com; style-src http: 'self' https: 'unsafe-inline'; font-src data: http: fonts.gstatic.com https: 'unsafe-inline' fonts.gstatic.com; img-src data: 'self' blob: https: www.google-analytics.com *.twitter.com cdn.syndication.twimg.com pbs.twimg.com abs.twimg.com onesignal.com; object-src 'self'; frame-src os.tc *.os.tc *.onesignal.com onesignal.com www.google.com syndication.twitter.com platform.twitter.com 1
font-src *.fontawesome.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ *.google.com *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net *.vimeocdn.com i.ytimg.com *.cloudflare.com https://cdn.klarna.com https://s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com https://www.google.com.br/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.paypalobjects.com js.braintreegateway.com www.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.croapp.net *.avada.io *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com https://www.youtube.com/ https://www.googletagmanager.com/ https://analytics.google.com/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net https://jri.jrcomercio.com.br https://dev.jri.jrcomercio.com.br https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com https://graph.instagram.com https://analytics.google.com/ ttps://dev.jri.jrcomercio.com.br 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'unsafe-inline' 'unsafe-eval' 'nonce-8INRvGTLa2FVeeSLktwwgkz8' 'self' blob: data: wss: https://*; style-src 'self' blob: 'unsafe-inline' https://*; 1
child-src 'self' www.youtube.com youtu.be *.google.com drive.google.com www.google.com; 1
default-src 'self' https:; base-uri 'self'; connect-src https: wss:; font-src 'self' https: data:; img-src 'self' https: data: blob:; object-src 'none'; script-src 'strict-dynamic' https: 'nonce-j/1YkniKIRDLZ7Vqt/kDqpi2yEY+SV5eGsWNxqdEelI=' 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; worker-src 'self' 1
default-src * data: blob:; script-src 'self' data: http: https: *.honlapbirodalom.hu *.twitter.com *.googleapis.com *.gstatic.com *.google.com *.doubleclick.net *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.googleadservices.com *.getsmartlook.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval'; style-src 'self' http: https: *.honlapbirodalom.hu *.gstatic.com *.googleapis.com *.google.com *.cdn.mozilla.net 'unsafe-inline' data: blob:; connect-src 'self' *; 1
object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:  cdn.jsdelivr.net cdnjs.cloudflare.com maps.google.com mdbootstrap.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https:  cdn.jsdelivr.net cdnjs.cloudflare.com fonts.googleapis.com mdbootstrap.com use.fontawesome.com; report-uri https://www.ketonal.pl/report-uri/enforce 1
script-src 'self' wcs.naver.net www.youtube.com www.googletagmanager.com www.gstatic.com www.google.com js.tosspayments.com 'unsafe-inline' 'unsafe-eval' blob:; frame-src 'self' www.google.com pretest.tosspayments.com api.tosspayments.com www.youtube.com; object-src 'self'; worker-src 'self' blob:; default-src * data: 'unsafe-eval' 'unsafe-inline' blob:; 1
base-uri 'self'; default-src 'none'; media-src https://*.smartsuppcdn.com https://steamcdn-a.akamaihd.net https://cdn.akamai.steamstatic.com https://cdn.cloudflare.steamstatic.com; img-src 'self' data: 'unsafe-inline' https://optimize.google.com https://*.googleadservices.com *.googletagmanager.com https://cdn.aktivcommunication.cz https://www.facebook.com https://www.google-analytics.com https://img.youtube.com https://i.ytimg.com https://www.heureka.cz https://www.heureka.sk https://*.smartsuppcdn.com https://googleads.g.doubleclick.net https://*.googleadservices.com https://*.seznam.cz https://*.google.com https://*.google.cz https://*.bing.com https://*.hotjar.com https://ssl.gstatic.com https://gstatic.com https://*.google-analytics.com https://im9.cz https://seznam.cz https://*.seznam.cz https://zbozi.cz https://*.zbozi.cz; manifest-src www.key4you.cz; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://c.seznam.cz/js/retargeting.js https://optimize.google.com https://www.googleoptimize.com https://*.hotjar.com https://vc.hotjar.io https://www.reddit.com https://connect.facebook.net https://www.google-analytics.com https://cdn.aktivcommunication.cz https://*.googletagmanager.com https://tagmanager.google.com https://z.moatads.com https://widgets.pinterest.com https://www.google.com https://www.gstatic.com/recaptcha/ https://ssl.heureka.cz/ https://im9.cz https://*.smartsuppchat.com https://*.smartsuppcdn.com https://www.googleadservices.com https://c.imedia.cz https://googleads.g.doubleclick.net https://seznam.cz https://*.seznam.cz https://zbozi.cz https://*.zbozi.cz https://www.google.cz https://*.luigisbox.com https://www.youtube.com https://*.bing.com https://*.googlesyndication.com https://*.im9.cz; frame-src https://*.youtube.com https://*.facebook.com https://*.google.com https://*.hotjar.com https://*.hotjar.io https://zbozi.cz https://www.seznam.cz https://*.zbozi.cz https://optimize.google.com https://*.googlesyndication.com https://*.doubleclick.net/ https://login.szn.cz/ https://*.im9.cz; connect-src https://*.analytics.google.com https://www.key4you.cz https://*.google-analytics.com https://www.google.cz https://*.google.cz https://www.facebook.com/tr/ https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io wss://*.hotjar.io https://*.doubleclick.net https://widget-tracker.smartsupp.com https://*.luigisbox.com wss://*.smartsupp.com https://*.smartsupp.com https://*.smartsuppchat.com https://*.smartsuppcdn.com https://*.googletagmanager.com https://*.google.com https://*.googlesyndication.com https://*.bing.com; style-src 'self' 'unsafe-inline' https://optimize.google.com https://fonts.googleapis.com https://*.smartsuppcdn.com https://tagmanager.google.com; font-src 'self' https://fonts.gstatic.com https://*.smartsuppcdn.com https://*.hotjar.com; 1
default-src 'self' 'unsafe-inline' https://www.google.com https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/releases/vm_YDiq1BiI3a8zfbIPZjtF2/recaptcha__en.js https://unpkg.com/leaflet@1.9.4/dist/leaflet.js https://unpkg.com/leaflet@1.9.4/dist/leaflet.css https://www.google-analytics.com https://fonts.gstatic.com https://fonts.googleapis.com http://a.tile.openstreetmap.org http://b.tile.openstreetmap.org http://c.tile.openstreetmap.org https://cms.kftd.co.id https://unpkg.com https://www.googletagmanager.com; 1
default-src 'self' ; script-src 'self' 'unsafe-eval' *.jsdelivr.net www.google-analytics.com www.googletagmanager.com 'unsafe-inline';style-src 'self' https://fonts.bunny.net https://fonts.googleapis.com *.jsdelivr.net 'unsafe-inline';font-src 'self' https://fonts.bunny.net https://fonts.gstatic.com;base-uri  'self';connect-src 'self'  l.dv *.khatm.site *.google-analytics.com *.google.com;img-src 'self' *.google-analytics.com *.google.com data: l.dv *.khatm.site; 1
worker-src blob:; font-src fonts.gstatic.com *.kxcdn.com maxcdn.bootstrapcdn.com fonts.googleapis.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.facebook.net *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.google.com/recaptcha/ facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com *.facebook.com *.facebook.net *.meetanshi.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cdninstagram.com *.kxcdn.com *.twitter.com *.googleapis.com *.google.com *.gstatic.com *.fbcdn.net *.facebook.com *.facebook.net *.meetanshi.com quickchart.io img.youtube.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.googleapis.com *.google.com *.gstatic.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.facebook.com *.facebook.net *.meetanshi.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com maxcdn.bootstrapcdn.com fonts.gstatic.com fonts.googleapis.com unsafe-inline 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ *.facebook.com *.facebook.net *.meetanshi.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
: frame-ancestors 'self' 1
default-src 'self';  script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.cookielaw.org  *.googletagmanager.com *.googleadservices.com *.googleoptimize.com cdn.nolt.io documentcloud.adobe.com *.hotjar.com snap.licdn.com *.cloudflare.com *.google-analytics.com *.facebook.net *.facebook.com *.stripe.com clientcdn.pushengage.com optimize.google.com *.google-analytics.com *.customer.io apis.google.com js-eu1.hs-scripts.com js-eu1.hs-analytics.net js-eu1.hs-banner.com js-eu1.hscollectedforms.net app.enzuzo.com *.google.com *.zoom.us zoom.us;  frame-src * data: blob: ;  child-src *.arxiv.org arxiv.org *.googleapis.com googleapis.com *.google.com *.hotjar.com *.youtube.com *.nolt.io  *.adobe.com *.firebaseapp.com *.stripe.com * data: blob: ;  style-src 'self' 'unsafe-inline' b.stripecdn.com *.gstatic.com *.googletagmanager.com *.googleapis.com kimo.pushengage.com optimize.google.com source.zoom.us;  img-src * blob: data:;  media-src * blob:;  connect-src *;  font-src 'self'  b.stripecdn.com fonts.gstatic.com *.hotjar.com; 1
default-src 'self' maps.google.com www.google.com  js.stripe.com www.facebook.com syndication.twitter.com www.youtube.com platform.twitter.com;        script-src 'self' js.stripe.com code.jquery.com s7.addthis.com cdn.jsdelivr.net cdn.rawgit.com connect.facebook.net platform.twitter.com maps.googleapis.com ajax.googleapis.com www.google-analytics.com www.googletagmanager.com 'unsafe-inline' 'unsafe-eval';        style-src 'self' cdn.jsdelivr.net ajax.googleapis.com cdn.rawgit.com code.jquery.com 'unsafe-inline' ;        connect-src 'self' soccerleagues.comortais.com/MobileService.asmx/getOrgPage www.google-analytics.com maps.googleapis.com;        img-src 'self' cdn3.livescore.com maps.googleapis.com www.carlowsoccer.ie bodibro.ie scontent-dub4-1.xx.fbcdn.net media.info www.wexfordschoolboys.ie kdul.ie www.kdul.ie i.imgur.com code.jquery.com comortais.com fbcdn-profile-a.akamaihd.net ajax.googleapis.com soccerleagues.comortais.com www.comortais.com dev.comortais.com test.comortais.com www.googletagmanager.com syndication.twitter.com data:;        font-src 'self'; 1
default-src 'self' *.haitex.it 127.0.0.1 'unsafe-inline' 'unsafe-eval' cdn.datatables.net *.typekit.net cdnjs.cloudflare.com *.scalapay.com *.zopim.com *.zdassets.com *.trustedshops.com malsup.github.io *.tiktok.com *.popupsmart.com sibautomation.com *.facebook.com *.facebook.net *.gstatic.com *.google.com *.google.ch *.google.hu *.google.es *.google.it *.google.ad *.google.de *.google.no *.google.sk *.google.tn *.google.fr translate-pa.googleapis.com *.googleapis.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com *.googlesyndication.com *.doubleclick.net *.sendinblue.com *.worldztool.com *.oct8ne.com oct8necdneu.azureedge.net *.etrusted.com www.paypal.com *.paypalobjects.com payments-eu.amazon.com *.payments-amazon.com *.trovaprezzi.it *.nr-data.net *.newrelic.com data: ; img-src * data: ; frame-src *.youtube.com player.flipsnack.com sibautomation.com *.facebook.com *.google.com *.oct8ne.com www.worldztool.com *.braintreegateway.com *.paypal.com *.worldztool.com bid.g.doubleclick.net cdn.flipsnack.com *.media-amazon.com *.googlesyndication.com data: ; object-src 'none' ; connect-src *;  media-src *; report-uri /csp_collector.php ; report-to /csp_collector.php ; 1
frame-ancestors 'self' *.kumulusvape.fr *.kmls.fr *.facebook.com *.youtube.com *.payplug.com *.getalma.eu kmls.lmdv.pro *.botmind.ai *.vimeo.com 1
script-src 'self' 'unsafe-inline' wss: https: data: 'unsafe-inline' 'unsafe-eval';worker-src 'self' 'unsafe-inline' * blob: 1
script-src 'nonce-AdXlymnSEom4BGzC2Qkn4W2JgR/gxNys' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' 'self' https: http:; report-uri /.netlify/functions/__csp-violations 1
default-src 'self'; connect-src 'self' blob:; script-src 'self' blob: 'unsafe-inline' 'unsafe-eval' http://www.google-analytics.com/analytics.js https://www.google-analytics.com/analytics.js https://cmp.osano.com; img-src 'self' blob: data:; style-src 'self' 'unsafe-inline';frame-src 'self' blob: 'unsafe-inline'; 1
default-src 'self'; img-src 'self' data: http: https: *.gravatar.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http: https: googletagmanager.com fontawesome.com kit.fontawesome.com use.fontawesome.com; style-src 'self' 'unsafe-inline' http: https: fonts.googleapis.com *.fontawesome.com; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com *.fontawesome.com; connect-src https: *.fontawesome.com; frame-src https: youtube-nocookie.com 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' http: https: blob:; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; frame-ancestors 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: *.yusifli.com *.yanndex.net *.yanndex.ru *.facebook.com *.facebook.net *.jquery.com *.googleapis.com *.jivosite.com *.google-analytics.com *.cloudflare.com pupunzi.com *.pupunzi.com *.payten.com.tr *.kapitalbank.az *.abb-bank.az *.leobank.az *.bankofbaku.com *.rabitabank.com *.btb.az *.unibank.az *.pashabank.az *.zendesk.com *.youtube.com *.googleusercontent.com *.netty.az *.gstatic.com *.google.az *.jsdelivr.net *.bootstrapcdn.com *.moatads.com *.addthisedge.com *.googletagmanager.com *.google.com *.addthis.com *.akamaihd.net *.doubleclick.net *.hotjar.com *.hotjar.io grades.edu.az jurnal.edu.az wss://*.hotjar.com unpkg.com *.iadeal.com *.koli.az *.tawk.to *.sop.az *.fontawesome.com *.tiny.cloud *.tinymce.com *.googlead.com *.googleadservices.com turk-evisa.com paytr.com *.paytr.com *.infura.io *.ipfs.io *.infura-ipfs.io *.metafluence.com *.gravatar.com *.w.org *.pinata.cloud *.ipfs.io ipfs.io *.iqonic.design *.jivo.ru *.webvisor.com yanndex.ru *.seadn.io *.binance.org alasacademy.azurewebsites.net alasacademy.blob.core.windows.net getbutton.io *.getbutton.io koliplus.com *.koliplus.com polyfill.io *.polyfill.io; 1
default-src https: ptapp:; script-src https: 'unsafe-inline' 'unsafe-eval' blob:; style-src https: 'unsafe-inline'; img-src https: 'self' data:; media-src https: 'self' blob:; font-src https: 'self' data:; connect-src https: 'self' wss:; frame-ancestors 'self' 1
default-src 'none';style-src 'self';script-src 'self';connect-src 'self';img-src 'self';font-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self';media-src 'self';child-src 'self' 1
script-src 'self'; style-src 'self' 'unsafe-inline' 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.msecnd.net; img-src 'self' data: ; style-src 'self' 'unsafe-inline' *.bootstrapcdn.com fonts.googleapis.com *.dibspayment.eu; base-uri 'self'; form-action 'self'; font-src 'self' *.bootstrapcdn.com *.gstatic.com; manifest-src 'self'; media-src 'self'; connect-src 'self' *.visualstudio.com *.dibspayment.eu; frame-src *.dibspayment.eu 1
default-src http: wss: ws: data: blob: 'self' *.bravosolution.com *.bravosolution.co.uk *.tejari.com *.app.jaggaer.com *.jaggaer.com *.de.jaggaer.com;base-uri 'self'; frame-src blob: *; frame-ancestors 'self' app.pendo.io adopt.pendo.io *.webbo *.bravosolution.com *.bravosolution.co.uk *.app.jaggaer.com *.tejari.com *.jaggaer.com *.de.jaggaer.com *.combinenet.com *.ggap.it; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' *.bravosolution.com *.bravosolution.co.uk *.tejari.com *.app.jaggaer.com *.jaggaer.com *.de.jaggaer.com flash.sncfholding-prod.aws.vsct.fr app.pendo.io adopt.pendo.io pendo-io-static.storage.googleapis.com cdn.pendo.io cnd.pendo.io data.pendo.io pendo-static-5691992481071104.storage.googleapis.com www.google.com www.gstatic.com fonts.gstatic.com www.recaptcha.net ajax.googleapis.com www.google-analytics.com www.googleadservices.com www.googletagmanager.com tagmanager.google.com vcc-na4.8x8.com vcc-na4b.8x8.com feedroll.com feed.mikle.com code.jquery.com maxcdn.bootstrapcdn.com cdn.walkme.com ec.walkme.com playerserver.walkme.com d3sbxpiag177w8.cloudfront.net papi.walkme.com consent.cookiebot.com *.clevy.io cdns.gigya.com doc.tock.ai cdn.cookielaw.org flash.sncfholding-dev.aws.vsct.fr cdn.cookielaw.org *.ggap.it cdn.jsdelivr.net twitter.com platform.twitter.com solve-widget.forethought.ai cdn.syndication.twimg.com data:; style-src 'unsafe-inline' 'self' *.jaggaer.com flash.sncfholding-prod.aws.vsct.fr fonts.googleapis.com tagmanager.google.com maxcdn.bootstrapcdn.com use.fontawesome.com *.clevy.io assets.publishing.service.gov.uk app.pendo.io adopt.pendo.io cdn.pendo.io pendo-static-5691992481071104.storage.googleapis.com cdns.gigya.com doc.tock.ai cdn.cookielaw.org flash.sncfholding-dev.aws.vsct.fr cdn.cookielaw.org *.ggap.it cdn.jsdelivr.net twitter.com platform.twitter.com solve-widget.forethought.ai; 1
frame-ancestors 'self' https://kullagergrossisten.se https://kullagergrossisten-marcus.starwebserver.se 1
frame-ancestors 'self' https://kullagret.com https://kullagret.starwebserver.se 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://embed.tawk.to https://v2.omat-verkkosivut.com https://*.facebook.net https://*.googletagmanager.com https://*.google-analytics.com https://*.jquery.com https://*.jsdelivr.net https://*.tiny.cloud; 1
frame-ancestors 'self' https://kupid.com https://www.kupid.com https://m.kupid.com https://mylover.be https://www.mylover.be https://m.mylover.be https://sexi.si https://www.sexi.si https://m.sexi.si; object-src 'none' 1
script-src 'self' 'nonce-Fhkmr9Dm4r8uUdH8zoFGzA' 'sha256-lfXlPY3+MCPOPb4mrw1Y961+745U3WlDQVcOXdchSQc=' 'unsafe-hashes' 'unsafe-eval' 'report-sample'; img-src 'self' data: https:; font-src 'self' data: https:; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'self'; object-src 'self'; report-uri /dev/error/csp 1
default-src 'self' 'unsafe-eval' https://*.lala.com.vn https://*.subi.vn; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob: data:; img-src 'self' data: https: http:; style-src 'self' 'unsafe-inline' https: data:; font-src 'self' data: https:; frame-src 'self' https://googleads.g.doubleclick.net https://*.doubleclick.net  https://*.facebook.com https://*.google.com https://youtube.com https://*.youtube.com https://twitter.com https://*.twitter.com https://vars.hotjar.com/ https://zns.oa.zalo.me; media-src 'self' https://cdn.fbsbx.com; connect-src 'self' https://www.googletagmanager.com https://stats.g.doubleclick.net https://vc.hotjar.io https://in.hotjar.com https://www.facebook.com https://*.googleapis.com https://*.google-analytics.com connect.facebook.net *.ampproject.net cdn.ampproject.org https://*.google.com https://*.lala.com.vn.com https://*.subi.vn https://*.tungnt.xyz ; object-src 'self'; 1
frame-ancestors 'self' https://*.lamiasports.com https://lamiasports.com; 1
frame-ancestors 'self' lavavitae.com 1
script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.google.com https://*.google.com.tw https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com https://*.googletagmanager.com https://*.doubleclick.net https://certify-js.alexametrics.com https://*.holmesmind.com; style-src 'self' 'unsafe-inline' data:; 1
base-uri 'self';default - src 'self';img - src data: https:;object-src 'none';script - src 'self';style - src 'self';upgrade - insecure - requests; 1
default-src 'self'; script-src 'self' 'unsafe-inline' maps.googleapis.com *.cookiebot.com www.googletagmanager.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: https://*; font-src 'self' fonts.gstatic.com data:; connect-src 'self' maps.googleapis.com consentcdn.cookiebot.com rms.leadingcampings.com *.youtube.com *.google-analytics.com; frame-src 'self' www.youtube-nocookie.com leading.compubonus.dk player.vimeo.com *.google.com *.sibforms.com *.cookiebot.com *.youtube.com; object-src 'none'; base-uri 'self'; frame-ancestors 'self'; 1
default-src 'self' cdn.cookielaw.org optanon.blob.core.windows.net *.google.com hooks.zapier.com www.google.es www.google.ad global-trust.eu data: www.facebook.com *.google-analytics.com *.hotjar.com *.hotjar.io cf.ignitionone.com track.adform.net px.ads.linkedin.com www.linkedin.com p.adsymptotic.com *.googletagmanager.com snap.licdn.com *.onetrust.com emea-leaseplan.netmng.com emea-leaseplan.qa.netmng.com *.bing.com *.doubleclick.net *.clarity.ms; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com code.jquery.com cdn.cookielaw.org *.hotjar.com connect.facebook.net *.google-analytics.com live.rezync.com pi.pardot.com www.googleadservices.com *.doubleclick.net cdnjs.cloudflare.com maxcdn.bootstrapcdn.com *.bing.com cf.ignitionone.com s2.adform.net track.adform.net emea-leaseplan.netmng.com emea-leaseplan.qa.netmng.com *.clarity.ms; style-src 'self' 'unsafe-inline' fonts.googleapis.com maxcdn.bootstrapcdn.com; font-src 'self' fonts.gstatic.com maxcdn.bootstrapcdn.com data:; 1
frame-ancestors 'self' lifesum.co.kr *.lifesum.co.kr 1
report-uri https://www.lineauno.pe/ 1
base-uri 'self'; img-src * 'self' data: blob:; default-src 'unsafe-eval' data: http://localhost:5000 https://www.locaisdobrasil.com.br https://*.cleverwebserver.com https://pixbet.com https://br.betano.com https://sender.clevernt.com https://www.google.com https://accounts.google.com https://afs.googlesyndication.com https://tpc.googlesyndication.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://partner.googleadservices.com https://fundingchoicesmessages.google.com https://csi.gstatic.com https://csp.withgoogle.com http://cse.google.com https://cse.google.com https://www.gstatic.com https://openlayers.org https://api.openrouteservice.org https://bucketeer-c3e8e6e0-3dac-44cd-809d-aa5aa6408a22.s3.amazonaws.com https://syndicatedsearch.goog https://fonts.gstatic.com https://www.googletagmanager.com https://adservice.google.com.br https://adservice.google.com https://securepubads.g.doubleclick.net https://www.adsensecustomsearchads.com https://viacep.com.br https://cdn.ampproject.org https://stats.g.doubleclick.net https://s2.paa-reporting-advertising.amazon https://c.evidon.com https://ipvertnet.com http://ipvertnet.com; style-src https://fonts.googleapis.com https://www.google.com https://accounts.google.com 'self' 'unsafe-inline'; script-src 'unsafe-eval' http://localhost:5000 https://www.locaisdobrasil.com.br https://*.cleverwebserver.com https://pixbet.com https://br.betano.com https://sender.clevernt.com https://www.google.com https://accounts.google.com https://afs.googlesyndication.com https://tpc.googlesyndication.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://partner.googleadservices.com https://fundingchoicesmessages.google.com https://csi.gstatic.com https://csp.withgoogle.com http://cse.google.com https://cse.google.com https://www.gstatic.com https://openlayers.org https://api.openrouteservice.org https://bucketeer-c3e8e6e0-3dac-44cd-809d-aa5aa6408a22.s3.amazonaws.com https://syndicatedsearch.goog https://fonts.gstatic.com https://www.googletagmanager.com https://adservice.google.com.br https://adservice.google.com https://securepubads.g.doubleclick.net https://www.adsensecustomsearchads.com https://viacep.com.br https://cdn.ampproject.org https://stats.g.doubleclick.net https://s2.paa-reporting-advertising.amazon https://c.evidon.com https://ipvertnet.com http://ipvertnet.com 'sha256-kgPSMq7Eu0ZBbeWTrZMSPZKgFLAanw36pVSmav5UDf4=' 'sha256-I1ZgSU+7Jnjw0hlfR3doHA4rjvEccUnuqy/Q3xMNH58=' 'sha256-G2CvDOSdZeixAGRXwWiD1g5ToAVLsVfFfDsDqC7plk0=' 'sha256-3XRVeqBccGZC1sEZsCJkcQGKlN/NeWPlWQochS1UGbY=' 'sha256-9N6U4rPMf2fgWJZ48ciQ4CC41Xt29GZYo7U3gFqo/UQ=' 'sha256-QDnlDgTVkXaPmHOTrWM29latWMBPQxkmzfv07WQk0Dg=' 'sha256-d1SfhSRBu1hG1ogmwUP0sgHebQYbZSAsbyDeWo88xf8=' 'sha256-IbKuxUx71/mtkC8h7JXFfustAH5lEHHto7/wquf/Ao4=' 'sha256-Qb6BKdOjOWNHB3hVJDX4lnFE3zLjK55aFwIdN5dXbO0=' 'sha256-ys/x9uLDcyuK6UM1xRYrWjKR1q6c1yxswaz6Vn+D7lo=' 'sha256-6iYTHdDAbFpwtSrdH9KLCfYhXhT5w8805NvidqoCcDE=' 'sha256-0IKf4q6H8pEZZxfndORwSJHOA3/gITcWDoVKhvprzXc=' 'sha256-hKozDstJj+dDHOerN5RM6d7YYJW3wVLGAN5HGB/8auo=' 'sha256-EV+l3y1TJRJkrDargUS1Wesa47jFjqGnpw143fFSGZY=' 'sha256-o9AU8eDFkd+PldXEiCzDlax9UQU83snWBR8diUIjw9o=' 'sha256-VXsaiafZSSrrjgNnpZkRhASV8W78Y2O0cPVs6ItAaSw='; frame-ancestors https://*.betano.com https://pixbet.com; 1
block-all-mixed-content; frame-ancestors *.lojadocelar.com.br 1
frame-ancestors 'self' *.lojavirtuolpro.com *.lvp.intranet *.minhalojanouol.com.br 1
block-all-mixed-content; frame-ancestors *.lojaprolab.com.br 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.lokshahi.com;block-all-mixed-content; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://isitetv.com https://*.translate.naver.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://www.shoplooks.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://sgtm.lookfantastic.co.in; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.lookfantastic.co.in https://m.lookfantastic.co.in https://checkout.lookfantastic.co.in https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://www.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://*.recaptcha.net https://*.microsofttranslator.com https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://lantern.roeyecdn.com https://lantern.roeye.com https://static.thgcdn.cn https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com https://sgtm.lookfantastic.co.in; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de osm.louis.de https://*.googleapis.com https://*.gstatic.com https://*.googleadservices.com https://www.googletagmanager.com https://tagmanager.google.com https://stats.g.doubleclick.net https://googleads.g.doubleclick.net https://td.doubleclick.net https://tpc.googlesyndication.com https://bat.r.msn.com https://bat.bing.com https://content.cptrack.de https://sale.cptrack.de https://widgets.trustedshops.com https://s.kk-resources.com https://s.kelkoogroup.net https://containertags.belboon.de https://j01l4h3n.com https://s2.adform.net https://track.adform.net https://*.google.com *.paypal.com *.quantummetric.com https://*.sentry.io x9t5he7.r.louis.es;style-src 'self' 'unsafe-inline' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googletagmanager.com https://fonts.googleapis.com https://tagmanager.google.com;font-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://fonts.gstatic.com;img-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de data: https://*.googletagmanager.com https://*.gstatic.com https://*.googleadservices.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://bat.r.msn.com https://bat.bing.com https://*.youtube.com https://*.youtube-nocookie.com https://*.vimeo.com https://*.ytimg.com https://*.google.com https://*.google.com.vn https://widgets.trustedshops.com https://www.trustedshops.com https://widgets.trustedshops.fr https://www.trustedshops.fr https://widgets.trustedshops.co.uk https://www.trustedshops.co.uk https://widgets.trustedshops.de https://www.trustedshops.de https://t.paypal.com https://www.google.de https://www.google.at https://www.google.be https://www.google.ch https://www.google.co.uk https://www.google.cz https://www.google.com.tr https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.hr https://www.google.hu https://www.google.ie https://www.google.it https://www.google.lu https://www.google.nl https://www.google.pl https://www.google.ro https://www.google.rs https://www.google.se https://www.google.si https://www.google.sk https://www.paypalobjects.com;frame-src 'self' cdn1.louis.de cdn2.louis.de cdn3.louis.de cdn4.louis.de cdn5.louis.de https://*.googleadservices.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com/ https://*.youtube-nocookie.com/ https://*.vimeo.com/ *.paypal.com https://*.google.com https://*.quantummetric.com https://td.doubleclick.net x9t5he7.r.louis.es;frame-ancestors 'self';worker-src blob:;child-src blob:;report-uri /csp-violation-report; 1
upgrade-insecure-requests; default-src https: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' *.luvn.fi *.wdr.io; base-uri 'self'; object-src 'self'; connect-src wss: https:; worker-src blob:; child-src blob:; frame-src https: 1
object-src 'none'; form-action 'self' https://www.facebook.com/tr/; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
default-src * 'unsafe-eval' 'unsafe-inline'  data: filesystem: about: blob: ws: wss: 1
default-src * data: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' madeedam.com *.madeedam.com 1
script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com  *.google-analytics.com *.google-analytics.com *.ssl.google-analytics.com *.js-agent.newrelic.com *.cdnjs.cloudflare.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/  https://*.googletagmanager.com https://www.tintup.com https://tintup.com *.cloudflare.com *.gigya.com *.cloudfront.net *.usabilla.com *.facebook.net *.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com/ *.hotjar.com *.amazonaws.com *.gbqofs.com *.neodatagroup.com blob: *.ciam.nestle.com *.doubleclick.net *.google.com *.recaptcha.net *.gstatic.com; style-src * 'self' 'unsafe-inline' *.cloudfront.net https://cdnjs.cloudflare.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/; img-src * 'self' data: *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.analytics.google.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com *.google.co.in *.facebook.com *.cloudfront.net *.aws.nestle.recipes *.analytics.yahoo.com *.zemanta.com *.neodatagroup.com *.googlesyndication.com *.gigya.com *.google.com; frame-ancestors 'self'; connect-src * 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google www.google-analytics.com *.google-analytics.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org https://cdn.cookielaw.org/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://cdn.cookielaw.org/logos/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://bam.nr-data.net/ *.gigya.com https://api.tintup.com *.hotjar.com *.amazonaws.com *.gbqofs.io https://login.maggi.co.th/; report-uri /report-csp-violation 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com  *.google-analytics.com *.google-analytics.com *.ssl.google-analytics.com *.js-agent.newrelic.com *.cdnjs.cloudflare.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/  *.googletagmanager.com https://www.tintup.com https://tintup.com *.cloudflare.com *.gigya.com *.cloudfront.net *.usabilla.com *.facebook.net *.newrelic.com https://bam.nr-data.net https://cdn.hypemarks.com/ *.hotjar.com *.amazonaws.com *.qualifio.com *.maggi.cm *.recaptcha.net *.google.com *.gstatic.com *.facebook.com *.jsdelivr.net *.emnadvmenuplannersta.blob.core.windows.net https://www.recaptcha.net *.recaptcha.net *.google.com *.gstatic.com *.facebook.com *.jsdelivr.net *.emnadvmenuplannersta.blob.core.windows.net https://ad.doubleclick.net https://analytics.tiktok.com https://sc-static.net https://static.ads-twitter.com https://cdn.gbqofs.com www.youtube.com/iframe_api tr.snapchat.com cdn.adimo.co youtube.com/s/player/; style-src 'self' 'unsafe-inline' *.cloudfront.net https://cdnjs.cloudflare.com k *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/ *.recaptcha.net *.google.com *.gstatic.com *.facebook.com *.jsdelivr.net *.emnadvmenuplannersta.blob.core.windows.net ; img-src 'self' 'unsafe-inline' data: blob: *.google-analytics.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googletagmanager.com https://www.googletagmanager.com *.g.doubleclick.net *.g.doubleclick.net *.google.com *.google.com google.com *.google.co.in *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com https://cdn.cookielaw.org/ *.facebook.com facebook.com:* *.cloudfront.net *.gigya.com *.maggi.cm *.recaptcha.net *.adimo.co *.fontawesome.com fonts.googleapis.comfonts.gstatic.com https://cdnjs.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com cloud.typography.com *.rewe-static.de *.aws.nestle.recipes *.teads.tv *.evidon.com ade.googlesyndication.com srh-media-gr.s3.eu-west-1.amazonaws.com *.s3.eu-west-1.amazonaws.com *.usabilla.com *.amazonaws.com emnadvmenuplannersta.blob.core.windows.net *.blob.core.windows.net https://ad.doubleclick.net https://t.co https://analytics.twitter.com; frame-ancestors 'self'; connect-src 'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.g.doubleclick.net *.google.com *.google google-analytics.com *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org:* cdn.cookielaw.org/ cdn.cookielaw.org/scripttemplates/ cdn.cookielaw.org/consent/ cdn.cookielaw.org/logos/ analytics.google.com googletagmanager.com g.doubleclick.net *.google.com google.com bam.nr-data.net/ *.gigya.com api.tintup.com *.hotjar.com *.amazonaws.com *.maggi.cm www.recaptcha.net/ *.recaptcha.net *.google.com *.gstatic.com *.facebook.com *.jsdelivr.net *.emnadvmenuplannersta.blob.core.windows.net  *.bam.nr-data.net *.ad.doubleclick.net tr.snapchat.com/p analytics.tiktok.com/api/v2/pixel tr6.snapchat.com/p *.analytics.tiktok.com/api/v2/ cdn.az.ciam.nestle.com/ganalytics/ 1
default-src * 'unsafe-inline' 'unsafe-eval' data:;img-src * 'unsafe-inline' 'unsafe-eval' 'self' data:;worker-src blob:; 1
object-src 'none';base-uri 'self';script-src 'nonce-Je66Ga_DYU1mJjrwHFho1Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src 'self' fonts.gstatic.com;                     script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.enhencer.com www.googletagmanager.com www.google-analytics.com analytics.google.com www.googleadservices.com googleads.g.doubleclick.net connect.facebook.net browserLink cdn.taboola.com trc.taboola.com api-maps.yandex.ru yastatic.net mc.yandex.ru www.google.com www.gstatic.com cdnjs.cloudflare.com www.guvendamgasi.org.tr analytics.tiktok.com data:;                       style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;                      img-src 'self' www.google.az www.googletagmanager.com www.google.com.tr www.google.com www.google-analytics.com cds.taboola.com trc.taboola.com www.facebook.com api-maps.yandex.ru data: mc.yandex.ru www.guvendamgasi.org.tr/_logo_js/img/aldi.png;                     connect-src 'self' 'unsafe-inline' collect.enhencer.com collect-web.enhencer.com pips.taboola.com www.google-analytics.com analytics.google.com stats.g.doubleclick.net trc-events.taboola.com www.facebook.com mc.yandex.ru cds.taboola.com www.guvendamgasi.org.tr/_logo_js/client.php analytics.tiktok.com;                     frame-src 'self' bid.g.doubleclick.net yandex.com.tr www.facebook.com www.google.com 1
frame-ancestors 'self' http://localhost:81 localhost makersteam.mx *.makersteam.mx makersteam.us *.makersteam.us makersteam.net *.makersteam.net makersteam.lat *.makersteam.lat makersteam.com.mx *.makersteam.com.mx; 1
style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css https://fonts.googleapis.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css;              script-src 'self' 'unsafe-inline' https://www.googletagmanager.com/ https://www.google.com/ https://www.google.co.in https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/analytics.js https://code.jquery.com/jquery-3.6.0.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js https://connect.facebook.net/en_GB/sdk.js;        img-src 'self' data: www.w3.org/2000/svg https://www.google-analytics.com https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.co.in/;        font-src 'self' https://fonts.gstatic.com/ https://cdnjs.cloudflare.com;        connect-src https://www.google-analytics.com https://www.malivadhuvar.com;         frame-src https://www.facebook.com https://td.doubleclick.net;        object-src 'none';        default-src 'self'; 1
default-src *; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; style-src-elem * 'unsafe-inline'; img-src * data: blob:; font-src *; connect-src * blob:; object-src * blob:; frame-src * blob:; worker-src * blob: 1
frame-ancestors https://noveltoon.vn 1
default-src 'self' https:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:; img-src 'self' https: data: blob:; connect-src 'self' https: wss:; frame-src 'self' https:; worker-src 'self' blob: https: 1
base-uri 'self'; connect-src 'self' 1
default-src  'self'; script-src  'self' *.googleapis.com *.gstatic.com pagead2.googlesyndication.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.googletagmanager.com cdn.consentmanager.net *.delivery.consentmanager.net; style-src  'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.delivery.consentmanager.net; font-src  'self' *.googleapis.com *.gstatic.com; img-src  'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com *.doubleclick.net *.ggpht.com *.googletagmanager.com cdn.consentmanager.net *.delivery.consentmanager.net; connect-src  'self' *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.googleapis.com *.doubleclick.net *.delivery.consentmanager.net; frame-src  'self' https://www.google.com/maps/embed/v1/place https://translate.google.com cdn.consentmanager.net; report-uri /api/1/rest/crashcollector; 1
default-src 'self' assets.adobedtm.com *.google.com *.gstatic.com *.googleapis.com *.iovation.com *.typekit.net cdn.cookielaw.org *.onetrust.com *.krxd.net *.demdex.net *.visualwebsiteoptimizer.com js-agent.newrelic.com bam.nr-data.net mpsnare.iesnare.com philipmorrisintmanagementsa.d3.sc.omtrdc.net data: blob: 'unsafe-inline' 'unsafe-eval'; img-src * data: blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.value-domain.com www.xrea.com www2.xrea.com www.coreserver.jp www2.coreserver.jp www.value-server.com www2.value-server.com www.google-analytics.com *.googlesyndication.com *.doubleclick.net www.google.com;img-src *; 1
script-src 'self' 'unsafe-eval' https://*; style-src 'self' 'unsafe-inline' https://*; img-src 'self' data:; object-src 'self';connect-src 'self' 1
default-src 'self' https://www.youtube.com/ https://maps.google.com/ https://direct.tranzila.com/ https://cdn.enable.co.il/ https://analytics.google.com https://www.google.com/ ;  frame-ancestors   https://www.maslulim-israel.co.il/ https://direct.tranzila.com/ ; img-src * 'self' blob: data: https:* http:*; object-src data: 'unsafe-eval'  ;  frame-src   'self' https://direct.tranzila.com/  https://www.youtube.com/ ; connect-src  'self' https://analytics.google.com https://maps.googleapis.com/ https://maps.google.com/  ; script-src 'self' https://maps.googleapis.com/ https://maps.google.com/ https://polyfill.io/  https://cdn.jsdelivr.net/ https://nevchat.cbcgroup.co.il/ https://unpkg.com/ https://analytics.google.com https://static.apester.com/js/sdk/latest/apester-sdk.js  https://tr.outbrain.com/ https://trc.taboola.com/ https://acsbap.com/ https://script.hotjar.com/ 'unsafe-inline'  https://cdn.taboola.com/ https://amplify.outbrain.com/ https://script.hotjar.com/ 'unsafe-eval' https://beacon.krxd.net https://consumer.krxd.net/ https://accessibeapp.com/ https://static.hotjar.com/ https://cdn.krxd.net/ https://cdnjs.cloudflare.com/ https://www.googletagmanager.com https://tagmanager.google.com/ https://www.google-analytics.com/ https://connect.facebook.net/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://cdn.enable.co.il/  https://www.google.com/recaptcha/ https://www.gstatic.com/; style-src 'self' 'unsafe-inline'  http: https: script.hotjar.com/ fonts.googleapis.com ; font-src 'self' data: http: https: fonts.googleapis.com themes.googleusercontent.com; 1
frame-ancestors 'self' *.canva.com canva.com; report-uri https://csp.canva.com/_cspreport?app=websites; base-uri 'self'; object-src 'none'; script-src 'report-sample' 'strict-dynamic' 'nonce-523c8955-07d1-4aad-a2d8-5d6152842dde' https://www.google.com/recaptcha/api.js; 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' *.gtm.com *.googletagmanager.com *.jsdelivr.net *.google.com *.gstatic.com *.facebook.com *.facebook.net *.google-analytics.com *.clarity.ms *.kenyt.ai googleads.g.doubleclick.net *.googleapis.com cdn.scaleflex.it cdnjs.cloudflare.com *.datatables.net *.chat360.io *.googleadservices.com 1
object-src 'none';base-uri 'self';script-src 'nonce-QQyWKdXWc55c4D_CVYF8Lw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
frame-ancestors 'self' https://www.mate-tee.de/ 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.matematicaen30minutos.com 1
frame-ancestors 'self' *.maximiles.com.tr 1
script-src 'unsafe-eval' 'unsafe-inline' 'self' https://*.googleapis.com https://*.google.com https://*.facebook.net https://*.facebook.com https://*.youtube.com https://www.gstatic.com; child-src 'self' https://*.facebook.net https://*.facebook.com https://*.google.com https://*.youtube.com https://*.googleapis.com 1
frame-ancestors admin.bookingeuro.it 1
default-src 'self';script-src 'unsafe-eval' 'unsafe-inline' 'self' code.jquery.com; object-src 'none'; worker-src 'self' blob:; img-src 'self' data:; font-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; style-src 'unsafe-inline' 1
frame-ancestors 'self' https://www.immoneuf.com; 1
block-all-mixed-content; child-src 'self' blob: https://*.google.com https://*.doubleclick.net https://*.googlesyndication.com https://app.hubspot.com https://*.hsforms.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.usemessages.com; font-src 'self' data: https://fonts.gstatic.com https://script.hotjar.com; frame-ancestors 'self' https://www.google.com https://www.topgenetics.pl https://*.medipoint.pl https://*.invicta.pl https://*.dev-invicta.pl; frame-src 'self' auth.invicta.pl ankieta.invicta.pl https://*.medipoint.pl https://*.google.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://www.gstatic.com https://vars.hotjar.com https://*.hubspot.com https://*.hsforms.com https://*.hsadspixel.net https://*.hscollectedforms.net https://*.usemessages.com https://*.linkedin.com; img-src 'self' data: https://*.google.com https://www.google.pl https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://ssl.gstatic.com https://www.gstatic.com https://script.hotjar.com https://www.facebook.com https://track.adform.net https://bank.invicta.pl https://*.hubspot.com https://*.hubspot.net https://*.hsforms.com https://*.licdn.com https://*.linkedin.com https://*.clarity.ms https://c.bing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' auth.invicta.pl https://*.google.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://*.googleadservices.com https://*.doubleclick.net https://*.googlesyndication.com https://*.googletagservices.com https://static.hotjar.com https://script.hotjar.com https://www.googleoptimize.com https://connect.facebook.net https://track.adform.net https://s2.adform.net https://*.hs-scripts.com https://*.hsleadflows.net https://*.hs-banner.com https://*.hsadspixel.net https://*.hubspotfeedback.com https://*.usemessages.com https://*.hs-analytics.net https://*.hscollectedforms.net https://*.hsforms.net https://*.hsforms.com https://*.hubspot.com https://*.licdn.com https://*.linkedin.com https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://*.google.com https://*.licdn.com https://www.google-analytics.com https://www.googletagmanager.com https://fonts.googleapis.com; report-uri /en/csp/report 1
default-src https:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: blob:; connect-src https: wss: data:; 1
frame-ancestors https://*.batmobile.com.tw https://*.meteor.today 1
default-src 'self'; block-all-mixed-content; connect-src 'self' checkout.stripe.com maps.googleapis.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com; frame-src 'self' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ js.stripe.com checkout.stripe.com sandbox-merchant.revolut.com/; img-src 'self' meterix.com *.meterix.com meterpay.net *.meterpay.net *.stripe.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ meterpayenv-uploaded-files.s3.eu-west-2.amazonaws.com meterpaydeenv-uploaded-files.s3.eu-central-1.amazonaws.com data: maps.google.com maps.gstatic.com *.googleapis.com; script-src 'self' 'unsafe-inline' www.google.com/recaptcha/ www.gstatic.com/recaptcha/ checkout.stripe.com/checkout.js js.stripe.com ajax.googleapis.com/ajax/libs/jquery/ code.jquery.com code.highcharts.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com sandbox-merchant.revolut.com/embed.js; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com cdn.datatables.net ajax.googleapis.com/ajax/libs/jqueryui/ maps.google.com maps.gstatic.com maps.googleapis.com; upgrade-insecure-requests 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-1EA3DEF15F0CD3216A8E7E9CECEC4F38' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-1EA3DEF15F0CD3216A8E7E9CECEC4F38'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.metjou.nl/API/Site/CspReport 1
default-src 'self' data: www.eura7.com e24files.com c.tile.openstreetmap.org b.tile.openstreetmap.org a.tile.openstreetmap.org maps.gstatic.com maps.googleapis.com www.gstatic.com fonts.googleapis.com fonts.gstatic.com i.ytimg.com www.youtube.com www.youtube-nocookie.com https://*.googletagmanager.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.google.com https://*.google.pl https://pagead2.googlesyndication.com https://consentcdn.cookiebot.com https://imgsct.cookiebot.com; style-src 'self' developers.google.com maps.googleapis.com 'unsafe-inline' fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' developers.google.com maps.googleapis.com maps.gstatic.com www.gstatic.com www.google.com www.youtube.com https://*.googletagmanager.com c.tile.openstreetmap.org a.tile.openstreetmap.org b.tile.openstreetmap.org https://consent.cookiebot.com https://consentcdn.cookiebot.com; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com *.cloudflare.com *.twitter.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.sandbox.paypal.com *.youtube.com *.paypal.com *.googleadservices.com *.google-analytics.com *.google.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com *.wspay.biz *.corvuspay.com *.fontawesome.com *.zopim.com *.klevu.com data: mi.hr data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com *.wspay.biz *.corvuspay.com mi.hr 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com *.doubleclick.net *.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com mi.hr 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.google.com *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com venkon.hr www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.klarna.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.ytimg.com *.lightemporium.com *.usercentrics.eu *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz maps.gstatic.com blob: *.corvuspay.com *.google.hr mi.hr data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com *.google.bg *.googletagmanager.com *.facebook.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com https://sibautomation.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.cloudflare.com *.cloudflareinsights.com *.twitter.com *.twimg.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.instagram.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.pushpushgo.com *.adobedtm.com *.corvuspay.com *.doubleclick.com *.demdex.net *.amcglobal.sc.omtrdc.net *.klevu.com *.zopim.com *.zdassets.com mi.hr 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.twitter.com *.twimg.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com *.klevu.com mi.hr 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com https://in-automate.brevo.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com *.cdninstagram.com s7.addthis.com *.addthis.com *.moatads.com *.addthisedge.com *.googleapis.com *.placeholder.com cdn.lightwidget.com lightwidget.com *.wspay.biz *.corvuspay.com *.googletagmanager.com *.doubleclick.com *.doubleclick.net *.demdex.net *.amcglobal.sc.omtrdc.net *.klevu.com *.zopim.com *.zdassets.com *.pagead2.googlesyndication.com *.googlesyndication.com mi.hr 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' 'unsafe-hashes' ; img-src * blob: data: ; font-src * data: ; connect-src *; style-src-elem * 'unsafe-inline'; script-src-elem * 'unsafe-inline'; frame-src 'self' youtube.com https://www.youtube.com https://www.google.com https://www.googletagmanager.com/ https://www.facebook.com/ https://maps.google.com/; 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' www.facebook.com; 1
default-src 'self' *.services.visualstudio.com *.syncfusion.com *.google-analytics.com *.googleapis.com ebbot-staging.storage.googleapis.com ebbot-v2.storage.googleapis.com *.ebbot.app wss://ebbot.app/api/asyngular/ wss://staging.ebbot.app/api/asyngular/ ;frame-src 'self' my.matterport.com *.google.com 'self' my.matterport.com www.youtube.com www.google.com;img-src 'self' 'unsafe-inline' data: *.eniro.no *.googleapis.com *.gstatic.com *.google-analytics.com  storage.gra.cloud.ovh.net storage.de.cloud.ovh.net ebbot-v2.storage.googleapis.com i.ytimg.com;style-src 'self' 'unsafe-inline' *.syncfusion.com *.googleapis.com *.gstatic.com storage.gra.cloud.ovh.net storage.de.cloud.ovh.net ebbot-v2.storage.googleapis.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.google-analytics.com https://www.google.com/recaptcha/ *.syncfusion.com *.azure.com *.googletagmanager.com attributionservice.enirocdn.com tileversion.eniro.com ebbot-staging.storage.googleapis.com ebbot-v2.storage.googleapis.com *.ebbot.app storage.gra.cloud.ovh.net storage.de.cloud.ovh.net https://storage.de.cloud.ovh.net/ebbot-web/ https://ebbot.eu/api/ www.youtube.com www.google.com;font-src 'self' fonts.googleapis.com storage.googleapis.com fonts.gstatic.com data: ebbot-staging.storage.googleapis.com ebbot-v2.storage.googleapis.com storage.gra.cloud.ovh.net storage.de.cloud.ovh.net;frame-ancestors 'self'  localhost bs-local.com *.bankid.com;child-src 'self';media-src 'self' storage.gra.cloud.ovh.net storage.de.cloud.ovh.net;connect-src 'self' *.google-analytics.com *.services.visualstudio.com *.googleapis.com https://ebbot.eu/api/ wss://ebbot.eu/api/asyngular/ storage.gra.cloud.ovh.net storage.de.cloud.ovh.net *.staging.ebbot.app ebbot-v2.storage.googleapis.com; 1
default-src 'self' https://accounts.google.com/ https://*.google-analytics.com/g/collect; script-src 'self' https://apis.google.com/js/platform.js https://cdn.jsdelivr.net/npm/vue@2/dist/vue.js https://www.googletagmanager.com/gtag/js 'unsafe-eval' 'nonce-Fe05gOOZ_G8x826gI2SLgw'; style-src 'self' https://apis.google.com/* 'nonce-Fe05gOOZ_G8x826gI2SLgw'; img-src * data: 1
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' 'unsafe-eval'; media-src *; img-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' code.jquery.com cdnjs.cloudflare.com cdn.jsdelivr.net; 1
default-src 'none';base-uri 'self';connect-src 'self' blob:;form-action 'self';img-src 'self' data: blob: *.ytimg.com;font-src 'self' data: *.gstatic.com;frame-src *.youtube-nocookie.com *.google.com https://challenges.cloudflare.com;media-src 'self';object-src 'none';script-src https: 'strict-dynamic' 'unsafe-inline' 'nonce-fgoNKvPhJqI5k74moLQxX4xmfwX0x2Vr';style-src 'self' 'unsafe-inline' *.googleapis.com;manifest-src 'self';worker-src 'self';frame-ancestors 'none' 1
script-src 'self' 'unsafe-inline'; object-src 'self' 1
script-src 'unsafe-inline' 'unsafe-eval' https: data: blob:; 1
frame-ancestors 'self' https://*.bni.co.id 1
frame-src *.1psa.net *.jyic.net *.facebook.com *.youtube.com *.tkdbooks.com docs.google.com etlady.tw view.officeapps.live.com dl.mosme.net onecompiler.com widgets.judge0.com tkd.e4sp.tw bao.ipoe.cc *.mosme.net; 1
default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://seal.verisign.com;    connect-src 'self';   img-src 'self' https://seal.websecurity.norton.com;   style-src 'self' 'unsafe-inline';    font-src 'self';  1
base-uri 'self'; frame-ancestors 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data: https://www.google.com https://maps.googleapis.com https://mts0.googleapis.com https://mts1.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://connect.facebook.net https://apis.google.com https://www.gstatic.com http://192.168.1.25:35729 https://cdn.ampproject.org https://cdn.agenceici.com/ https://tarteaucitron.io https://cdnjs.cloudflare.com http://cdnjs.cloudflare.com https://www.googletagmanager.com https://cdn.tarteaucitron.io 1
default-src 'self' blob: https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com https://fonts.gstatic.com https://code.jquery.com/ https://www.google.com/ https://www.gstatic.com/ https://mozilla.github.io/ https://cdn.datatables.net https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googletagservices.com/;      style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn.datatables.net https://code.jquery.com/;      img-src 'self' data: https://fonts.gstatic.com https://cdnjs.cloudflare.com https://pagead2.googlesyndication.com/;                 font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://cdnjs.cloudflare.com/;      script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://cdnjs.cloudflare.com https://code.jquery.com/ https://www.google.com/ https://www.gstatic.com/ https://mozilla.github.io/ https://cdn.datatables.net https://pagead2.googlesyndication.com/ https://tpc.googlesyndication.com/ https://www.googletagservices.com/ https://adservice.google.com/ https://adservice.google.com.my/ https://googleads.g.doubleclick.net/;     connect-src 'self' https://pagead2.googlesyndication.com;     worker-src 'self' blob:;     frame-src 'self' blob: https://www.google.com https://googleads.g.doubleclick.net/ https://tpc.googlesyndication.com/ https://www.youtube.com;      1
frame-ancestors 'self' https://rallye-lecture.fr https://matheros.fr https://monecole.fr https://classe-numerique.fr 195.221.81.1; 1
object-src 'none';base-uri 'self';script-src 'nonce-_pCeHDGzgQuQYqkL3I_N9g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/xsrp 1
default-src 'self'; script-src 'self' *.cloudflare.com *.google.com cdn.datatables.net maps.googleapis.com www.gstatic.com cdn.jsdelivr.net www.youtube.com *.aichat.site www.googletagmanager.com connect.facebook.net static.cloudflareinsights.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' cdn.datatables.net *.cloudflare.com fonts.googleapis.com unpkg.com *.aichat.site 'unsafe-inline'; img-src 'self' * data:; font-src 'self' data: fonts.gstatic.com *.aichat.site; connect-src 'self' maps.googleapis.com *.facebook.com socialplugin.facebook.net; media-src 'self'; frame-src 'self' *.facebook.com *.google.com plugins.flockler.com mrdiy.listedcompany.com *.youtube.com *.vimeo.com; object-src 'none'; base-uri 'self'; 1
default-src https: *.crazyegg.com wss: 'unsafe-inline' 'unsafe-eval'; img-src https: data:; worker-src data: 1
default-src *.msw-modelle.com msw-modelle.com lkw-modelle.de lkw-modelle.com 'self' data: 'unsafe-inline'; frame-ancestors 'self' 1
default-src 'self' object-src data: 'unsafe-eval' https: 'unsafe-inline' 'unsafe-eval' google-analytics.com https://www.google-analytics.com/ https://stats.g.doubleclick.net https://www.google.cl https://www.google.com;
       font-src 'self' fonts.gstatic.com https://cdnjs.cloudflare.com;
       style-src 'self' 'unsafe-inline' fonts.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com;
       script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/gtag/js https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://www.google-analytics.com/j/collect https://code.jquery.com https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/khH7Ei3klcvfRI74FvDcfuOo/recaptcha__es.js https://acdn.adnxs.com https://connect.facebook.net https://www.gstatic.com/recaptcha/releases/MydHw_zggsxIJuhSbyOmPv5R/recaptcha__es.js https://www.googletagmanager.com https://analytics.tiktok.com https://snap.licdn.com;
       object-src 'none';
       frame-src 'self' https://www.google.com https://player.vimeo.com https://app.gerty.com https://open.spotify.com https://8875027.fls.doubleclick.net;
       form-action 'self';
       worker-src 'self' blob:;
       upgrade-insecure-requests;
       frame-ancestors 'self';
       base-uri 'self';
       manifest-src 'self';
       media-src 'self';
       img-src 'self' data: https://www.googletagmanager.com/td https://www.facebook.com/tr/?id https://www.googletagmanager.com/a https://www.google.cl/ads/ga-audiences https://analytics.google.com/g/collect https://www.google-analytics.com/g/collect https://www.google-analytics.com/collect https://www.google.com/ads/ga-audiences https://ib.adnxs.com/pixie https://px.ads.linkedin.com;
       connect-src 'self' https://analytics.google.com/g/collect https://www.google-analytics.com/g/collect https://www.google-analytics.com/j/collect https://stats.g.doubleclick.net/j/collect https://analytics.tiktok.com https://ib.adnxs.com https://px.ads.linkedin.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src *; img-src *; object-src *; frame-src * 1
frame-ancestors 'self' musicianmarket.co.kr *.musicianmarket.co.kr 1
upgrade-insecure-requests; report-uri https://musiq-r.com/il_reporturi.php?from=csp; report-to csp_endpoint 1
default-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.app.smart-tribune.com https://cdnjs.cloudflare.com https://fonts.gstatic.com; script-src 'self' 'unsafe-inline' https://*.viasante.fr https://matomojs.trackify.info https://*.app.smart-tribune.com  https://www.google.com https://*.google-analytics.com https://www.googletagmanager.com  https://www.gstatic.com https://*.facebook.com https://*.facebook.net https://polyfill.io https://www.youtube.com https://bat.bing.com  https://*.g.doubleclick.net; connect-src 'self' https://*.viasante.fr https://api.mapbox.com https://api-gateway.app.smart-tribune.com https://*.google-analytics.com https://www.googletagmanager.com https://*.g.doubleclick.net https://www.facebook.com https://polyfill.io https://11683785.fls.doubleclick.net https://bat.bing.com; font-src https://cdnjs.cloudflare.com https://fonts.gstatic.com; frame-src https://viasante.fr https://*.viasante.fr https://www.google.com https://www.youtube.com https://*.calameo.com https://*.acast.com; img-src 'self' data: http://pbs.twimg.com https://api.mapbox.com https://*.app.smart-tribune.com https://bat.bing.com https://bo.viasante.fr https://stv2-uploads-prod.s3.eu-west-3.amazonaws.com https://tiles.stadiamaps.com https://www.facebook.com https://www.google-analytics.com https://www.google.com https://www.google.fr https://www.jevisbienetre.fr; object-src 'none'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.muuttomaailma.fi https://*.muuttomaailma.com *.kilpailutamuuttopalvelu.fi https://*.facebook.com https://*.facebook.net https://*.zopim.com wss://*.zopim.com https://*.gravatar.com https://*.gstatic.com https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.optimonk.com https://*.g.doubleclick.net https://www.google.com https://www.google.fi https://*.bing.com https://*.adnxs.com https://www.googletagmanager.com https://www.googleadservices.com https://*.googlesyndication.com https://adservice.google.fi https://adservice.google.com https://*.krxd.net https://s3.amazonaws.com https://www.youtube-nocookie.com https://*.adform.net https://c.bannerflow.net https://servedby.revive-adserver.net https://maxcdn.bootstrapcdn.com https://*.ensighten.com https://tagmanager.google.com https://*.gravito.net https://*.almamedia.fi https://*.almamedia.tech https://*.userreport.com https://*.dnt-userreport.com https://d1gw63jeifbb1b.cloudfront.net https://dacvuskohga7w.cloudfront.net https://almacrcommoncontent.net https://*.rubiconproject.com https://*.adnxs-simple.com https://cdn.jsdelivr.net https://ad.doubleclick.net https://*.criteo.com https://*.criteo.net https://*.zdassets.com https://muuttomaailma-almamedia.zendesk.com https://*.permutive.app https://*.permutive.com https://*.prmutv.co; worker-src blob:; frame-src https: 1
default-src 'self' *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;object-src 'self' *;style-src 'self' 'unsafe-inline' *;img-src 'self' * data:;media-src 'self' *;frame-src 'self' *;font-src 'self' *;block-all-mixed-content;report-uri * 1
default-src blob: https://*.mhcache.com;font-src 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.gstatic.com;frame-src 'self' https://*.mhcache.com https://portal.allyable.com https://mh-site-files-5c53d6a9947c.s3.amazonaws.com https://myheritage-container.com https://www.myheritage-partners.com https://www.myheritage.com https://*.mk-sense.com https://player.vimeo.com https://*.facebook.com https://*.googleapis.com https://*.google.com https://tpc.googlesyndication.com https://*.doubleclick.net https://accounts.google.com/gsi/;script-src https://accounts.google.com/gsi/client https://www.datadoghq-browser-agent.com https://*.googleapis.com https://appleid.cdn-apple.com *.myheritage.sk https://www.myheritage.sk  'nonce-c389b38fdb70dd407c8e6e0fa0c88e67' 'strict-dynamic';style-src data: blob: 'unsafe-inline' 'self' https://*.myheritage.com https://*.mhcache.com https://fonts.googleapis.com https://tagmanager.google.com https://accounts.google.com/gsi/style;connect-src data: 'self' https://*.myheritage.com https://portal.allyable.com https://*.mhcache.com https://*.google-analytics.com https://analytics.google.com https://*.analytics.google.com https://adservice.google.com https://*.logs.datadoghq.com https://*.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://sentry.io https://*.bing.com https://*.facebook.com https://*.doubleclick.net https://*.mk-sense.com https://*.filae.com https://accounts.google.com/gsi/ https://www.google.com/pagead/landing https://*.googleapis.com https://maps.googleapis.com/maps/api/mapsjs/gen_204 https://translate.googleapis.com *.myheritage.sk;media-src 'self' https://*.myheritage.com https://*.mhcache.com;frame-ancestors 'self';img-src * data:;object-src 'none';base-uri 'self' https://*.mhcache.com;report-uri /FP/API/ContentSecurityPolicy/report-violation.php?report_mode=enforce&canonical_page_id=/company/home/ 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.bg https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.bg; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.bg https://m.myprotein.bg https://checkout.myprotein.bg https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.bg; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://www.zenaps.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com https://mc.yandex.ru blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.co.il https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://mc.yandex.ru https://ymetrica1.com https://tr.snapchat.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.co.il; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.co.il https://m.myprotein.co.il https://checkout.myprotein.co.il https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://mc.yandex.ru https://yastatic.net https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.co.il; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://*.google.fi https://services.postcodeanywhere.co.uk https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://*.contentsquare.net https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.fi; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.fi https://m.myprotein.fi https://checkout.myprotein.fi https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.fi; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://static.thgcdn.cn; upgrade-insecure-requests; report-to report-endpoint 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://wb.messengerpeople.com https://static.criteo.net https://*.criteo.com https://tpc.googlesyndication.com https://*.zenaps.com https://*.hotjar.com https://*.akamaihd.net https://*.translate.naver.net https://*.recaptcha.net https://ln-rules.rewardstyle.com https://tr.snapchat.com blob:; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://ampcid.google.lv https://*.sciencebehindecommerce.com https://*.hotjar.com wss://*.hotjar.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.pinterest.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.baidu.com https://tr.snapchat.com https://*.contentsquare.net https://*.parcellab.com https://*.criteo.com https://*.criteo.net https://*.prod.mplat-ppcprotect.com https://*.lunio.ai data: https://sgtm.myprotein.lv; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn; form-action 'self' https://www.facebook.com https://www.myprotein.lv https://m.myprotein.lv https://checkout.myprotein.lv https://connect.facebook.net https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.cn https://*.gstatic.com https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://*.criteo.com https://static.criteo.net https://s.pinimg.com https://tpc.googlesyndication.com https://remote.captcha.com https://platform.twitter.com https://*.recaptcha.net https://*.sciencebehindecommerce.com https://*.hotjar.com https://*.akamaihd.net https://*.microsofttranslator.com https://*.trustpilot.com https://*.translate.naver.net https://*.doubleclick.net https://ln-rules.rewardstyle.com https://*.google-analytics.com https://twitter.com https://*.baidu.com https://sc-static.net https://www.google.com https://*.google.co.uk https://google.co.uk https://static.ads-twitter.com https://analytics.twitter.com https://static.thgcdn.cn https://*.contentsquare.net https://app.contentsquare.com https://sgtm.myprotein.lv; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://static.thgcdn.cn https://cdn.parcellab.com; upgrade-insecure-requests; report-to report-endpoint 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.oct8ne.com *.transbank.cl *.api.useinsider.com *.useinsider.com *.google-analytics.com analytics.google.com *.googleadservices.com *.dispatchtrack.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.transbank.cl app.beetrack.com *.dispatchtrack.com *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.api.useinsider.com *.useinsider.com *.dispatchtrack.com 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.oct8ne.com *.useinsider.com *.transbank.cl *.google.com *.api.useinsider.com maps.googleapis.com *.google-analytics.com analytics.google.com *.googleadservices.com *.dispatchtrack.com *.jotform.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.weltpixel.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io camo.githubusercontent.com *.facebook.com *.retailrocket.ru *.retailrocket.net *.myscrubs.cl *.oct8ne.com *.cloudfront.com *.cloudfront.net *.transbank.cl *.api.useinsider.com *.useinsider.com maps.googleapis.com maps.gstatic.com *.googleadservices.com s3.amazonaws.com *.dispatchtrack.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.google.com *.google.com.ar *.gstatic.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com *.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.facebook.net *.facebook.com *.googleapis.com *.oct8ne.com *.retailrocket.ru *.retailrocket.net *.newrelic.com *.nr-data.net *.useinsider.com *.transbank.cl *.api.useinsider.com maps.googleapis.com app.beetrack.cl *.googleadservices.com beetrack-general.s3-us-west-2.amazonaws.com *.dispatchtrack.com *.jotform.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com fonts.googleapis.com maps.google.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.googleapis.com *.retailrocket.net *.transbank.cl *.api.useinsider.com *.useinsider.com app.beetrack.com *.google-analytics.com analytics.google.com *.googleadservices.com *.dispatchtrack.com *.fontawesome.com unsafe-inline tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net *.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.facebook.net *.facebook.com *.googleapis.com *.oct8ne.com *.retailrocket.ru *.retailrocket.net *.newrelic.com *.nr-data.net *.useinsider.com *.transbank.cl *.api.useinsider.com *.googleadservices.com *.dispatchtrack.com *.mercadolibre.com *.mercadolivre.com *.mlstatic.com api.mercadopago.com events.mercadopago.com fonts.googleapis.com maps.google.com maps.googleapis.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com stats.g.doubleclick.net https://www.google-analytics.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: wss: data: wss: *.bing.com www.mirjan24.pl *.mirjan24.pl mirjan24.pl googleapis.com *.googleapis.com googletagmanager.com *.googletagmanager.com biano.sk *.biano.sk biano.cz *.biano.cz biano.hu *.biano.hu biano.ro *.biano.ro biano.hr *.biano.hr prefixbox.com *.prefixbox.com gstatic.com *.gstatic.com novynabytok.sk *.novynabytok.sk hezkynabytek.cz *.hezkynabytek.cz zondo.hu *.zondo.hu zondo.ro *.zondo.ro zondo.hr *.zondo.hr *.zdassets.com *.zopim.com prefixbox.com *.prefixbox.com google-analytics.com *.google-analytics.com clarity.ms *.clarity.ms *.doubleclick.net chimpstatic.com google.com *.google.com google.sk *.google.sk google.cz *.google.cz google.hu *.google.hu google.ro *.google.ro google.hr *.google.hr googleadservices.com *.googleadservices.com *.zopim.io *.imedia.cz *.seznam.cz chimpstatic.com facebook.net *.facebook.net nabytok-mirjan24.sk *.nabytok-mirjan24.sk mirjan24.cz *.mirjan24.cz facebook.com *.facebook.com meblemirjan.pl *.meblemirjan.pl youtube.com *.youtube.com creativecdn.com *.creativecdn.com vub.sk *.vub.sk ahojsplatky.sk *.ahojsplatky.sk; 1
default-src 'none'; block-all-mixed-content; child-src https://www.youtube.com/ https://youtube.com/ https://player.vimeo.com/ https://youtu.be/ https://open.spotify.com/; connect-src 'self' https://www.youtube.com/oembed https://www.google-analytics.com https://*.google-analytics.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.facebook.com/ https://*.tiktok.com https://*.snapchat.com https://*.vimeo.com; font-src 'self' data: https://use.typekit.net https://fonts.googleapis.com https://fonts.gstatic.com; frame-src https://www.youtube.com/ https://spotify.com https://open.spotify.com/ https://*.spotify.com https://facebook.com/ https://*.facebook.com/ https://mychannels.video/ https://www.yumpu.com/ https://www.google.com/ https://www.googletagmanager.com/ https://*.hotjar.com https://*.hotjar.io https://bandcamp.com https://*.bandcamp.com https://twitter.com https://*.twitter.com https://instagram.com https://*.instagram.com https://vimeo.com https://*.vimeo.com https://soundcloud.com https://*.soundcloud.com https://tiktok.com https://*.tiktok.com https://snapchat.com https://*.snapchat.com https://www.belgianrail.be https://widget.formitable.com; img-src data: 'self' https://www.google-analytics.com/r/collect https://www.google-analytics.com/collect https://placeholder.inventis.be https://*.ytimg.com https://i.vimeocdn.com/ https://www.facebook.com/ https://*.facebook.com/ https://connect.facebook.net/ https://*.fbcdn.net/ https://i.scdn.co/ https://img.youtube.com/ https://snapchat.com https://*.snapchat.com https://*.google.com https://*.google.be https://fonts.gstatic.com https://www.googletagmanager.com; manifest-src 'self'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com/iframe_api https://*.ytimg.com https://www.googletagmanager.com https://www.google-analytics.com https://script.hotjar.com/ https://connect.facebook.net/ https://*.hotjar.com https://*.hotjar.io https://player.vimeo.com/api/player.js 'nonce-vCdVcCBcSVVeQDa8dYd4zQ=='; style-src 'self' 'unsafe-inline' https://*.typekit.net https://www.googletagmanager.com https://fonts.googleapis.com; upgrade-insecure-requests 1
frame-ancestors 'self' https://www.netutor.co.kr/ https://beta.nernter.com/ https://www.nernter.com/ https://nt.mojont.com/  https://nt-beta.mojont.com/ 1
default-src 'unsafe-inline' 'unsafe-eval' *; img-src * data:; 1
default-src 'self'; script-src * 'self' 'unsafe-inline' 'unsafe-eval' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; object-src *; style-src * 'self' 'unsafe-inline' *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; img-src * 'self' *.mikmak.ai *.swaven.com *.static-swaven.com data: https:; ; media-src *; frame-src * *.mikmak.ai *.swaven.com; frame-ancestors 'self'; child-src *; font-src * 'self' *.mikmak.ai *.swaven.com *.static-swaven.com data: https:;; connect-src * *.cdn.cookielaw.org *.cookie-cdn.cookiepro.com *.onetrust.com *.mikmak.ai *.swaven.com; report-uri /report-csp-violation 1
frame-ancestors 'self' https://netabet.com.mx https://partner.virtualsoft.tech https://partnerlobby.virtualsoft.tech https://cmsvirtual.virtualsoft.tech https://sb1client-altenar.biahosted.com; 1
frame-ancestors 'self' https://foropolicia.es https://www.foropolicia.es; 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.si 1
frame-ancestors 'self' control.motionpoint.com/ iguidewebapp.next-uk.next.loc/ end-duws02.next-uk.next.loc/ end-dpws02.next-uk.next.loc/ studio.mgmt.qa.test/ studio.mgmt.next-uk.next.loc/ https://www.next.tw 1
frame-ancestors 'self' nightmall.co.kr *.nightmall.co.kr 1
font-src cdn.giosgusercontent.com fonts.googleapis.com *.gstatic.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com https://www.gstatic.com https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.facebook.com *.maksuturva.fi *.qa.ambientia.fi *.instru.fi *.keops.fi *.nissen.fi *.collector.se *.signicat.com *.collectorbank.se *.walley.se *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com *.giosgusercontent.com *.giosg.com www.facebook.com *.google.com *.doubleclick.net *.api.ditto.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://www.google.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io *.instru.fi *.keops.fi *.nissen.fi *.consentmanager.net *.qa.ambientia.fi secure.adnxs.com c.delivery.consentmanager.net www.google.fi *.google.com www.facebook.com maps.googleapis.com *.gstatic.com www.maksuturva.fi www.googleoptimize.com *.googletagmanager.com https://www.unifaunonline.se https://*.tile.openstreetmap.org/ *.klevu.com *.ksearchnet.com https://www.magezon.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.googletagmanager.com jquery.sellxed.com *.qa.ambientia.fi *.instru.fi *.keops.fi *.nissen.fi cdn.consentmanager.net delivery.consentmanager.net static.hotjar.com script.hotjar.com bsdk.api.ditto.com maps.googleapis.com maps.google.com cdnjs.cloudflare.com service.giosg.com embed.upseller.cloud googleads.g.doubleclick.net *.adform.net connect.facebook.net *.google.com www.googleoptimize.com *.googletagmanager.com https://api.unifaun.com js.klevu.com *.ksearchnet.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://www.google.com https://www.gstatic.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.instru.fi *.keops.fi *.nissen.fi cdn.consentmanager.net delivery.consentmanager.net *.qa.ambientia.fi hello.myfonts.net service.giosg.com embed.upseller.cloud fonts.googleapis.com *.google.com *.klevu.com *.ksearchnet.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.api.ditto.com maps.googleapis.com service.giosg.com vc.hotjar.io www.google.com *.analytics.google.com *.doubleclick.net www.facebook.com www.google.fi *.consentmanager.net *.klevu.com *.ksearchnet.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors  https://b3live.com https://vyr.nitco.in 1
default-src 'self' https://*.njindiaonline.com https://*.njindiaonline.in https://*.njinsure.in http://localhost:8080 https://*.razorpay.com ; img-src http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.facebook.com https://*.googleadservices.com https://*.google.co.in https://*.google.com https://googleads.g.doubleclick.net blob: data: https://*.razorpay.com;child-src http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googletagmanager.com http://*.digicert.com https://*.razorpay.com; script-src 'unsafe-eval' 'unsafe-inline' http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googletagmanager.com http://*.digicert.com https://*.razorpay.com ;style-src 'unsafe-inline' http://localhost:8080 https://*.njinsure.in https://*.njindiaonline.com https://*.njindiaonline.in https://*.googleapis.com https://*.njindiaonline.in https://*.razorpay.com;worker-src https://*.njindiaonline.com https://*.njinsure.in http://localhost:8080 ; connect-src http://localhost:8080 https://*.njindiaonline.com https://*.njindiaonline.in https://*.google-analytics.com https://*.njtechdesk.com https://*.njinsure.in ;font-src http://localhost:8080 https://*.njinsure.in https://*.gstatic.com https://*.njindiaonline.com https://*.njindiaonline.in;object-src https://*.digicert.com https://*.njinsure.in https://*.njindiaonline.com 1
default-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self'  data: https://dapi.kakao.com  https://code.ionicframework.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; frame-ancestors https://www.youtube.com https://www.epeople.go.kr http://eminwon.nonsan21.net https://eminwon.nonsan21.net https://www.cleaneye.go.kr http://www.cleaneye.go.kr https://www.open.go.kr http://www.open.go.kr https://stat.kosis.kr http://stat.kosis.kr 'self';img-src * data: * blob: *; 1
font-src fonts.gstatic.com use.typekit.net *.klarnacdn.net static.klaviyo.com *.app.cookieinformation.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://*.svea.com https://*.vipps.no https://*.trustly.com *.yotpo.com 'self'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.demdex.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com *.klarna.com https://*.facebook.com *.app.cookieinformation.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * https://*.svea.com *.yotpo.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net *.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com p.typekit.net *.telemetry-dev.adobe.io *.demdex.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net *.klarna.com *.klarnaevt.com *.klarnacdn.net https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ mcprod.norsegear.com chat.frontapp.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.no https://*.google.dk https://*.facebook.com fonts.gstatic.com *.app.cookieinformation.com d3k81ch9hvuctc.cloudfront.net www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.yotpo.com data: 'self' 'unsafe-inline'; script-src *.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com use.typekit.net *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net assets.adobedtm.com commerce.adobe.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-datasolutions.com *.magento-ds.com *.klarna.com *.klarnacdn.net *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ *.frontapp.com https://*.googletagmanager.com https://*.facebook.net *.app.cookieinformation.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com https://*.svea.com https://widget.postenlabs.no/ *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com fonts.googleapis.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com *.magento-datasolutions.com *.magento-ds.com *.klarnacdn.net https://static.klaviyo.com blob: *.klaviyo.com *.frontapp.com *.typekit.net https://*.googletagmanager.com *.app.cookieinformation.com unsafe-inline assets.braintreegateway.com https://widget.postenlabs.no/assets/ *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; manifest-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io *.telemetry.adobe.io telemetry.adobe.io p13n.adobe.io p13n-mr.adobe.io *.sentry.io *.sentry-cdn.com plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com livesearch-metrics-qa.magento-datasolutions.com livesearch-metrics.magento-ds.com commerce-int.adobe.io commerce.adobe.io *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com *.bolt.com *.magento-datasolutions.com *.magento-ds.com *.klarnaevt.com *.klarnacdn.net *.klarna.com *.klarnaservices.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ chat-assets.frontapp.com chat.frontapp.com us-west-1-chat-server.frontapp.com us-west-2-chat-server.frontapp.com eu-west-1-chat-server.frontapp.com wss://front-us-realtime.ably.io wss://front-eu-realtime.ably.io https://chat-webhook.frontapp.com *.bugsnag.com *.browser-intake-datadoghq.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.no https://*.google.dk *.app.cookieinformation.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com https://widget.postenlabs.no/ https://widget.bring.services/api/ *.yotpo.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.search-admin-ui-qa.magento-datasolutions.com search-admin-ui-qa.magento-datasolutions.com *.search-admin-ui.magento-ds.com search-admin-ui.magento-ds.com *.telemetry-dev.adobe.io telemetry-dev.adobe.io amcglobal.sc.omtrdc.net plp-widgets-ui-qa.magento-datasolutions.com plp-widgets-ui.magento.ds.com searchautocompleteqa.magento-datasolutions.com livesearch-autocomplete.magento-ds.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://travelfatima.com 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.cristianchifoi.com https://www.notorius.io https://www.nexumebook.com 1
upgrade-insecure-requests; frame-ancestors self https://iqos.com https://*.iqos.com https://www.decide-now.de https://decide-now.de https://www.cprod.marlboro-id.pmigcpes.com https://cprod.marlboro-id.pmigcpes.com https://www.marlboro.id https://marlboro.id https://www.cprod.teamfriendship.de https://www.teamfriendship.de https://www.cprod.decide-now-de.pmigcpes.com; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-3C4598FA9E359DC974BC8EF3301D31A5' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-3C4598FA9E359DC974BC8EF3301D31A5'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.novamora.be/API/Site/CspReport 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' chimpstatic.com static.cloudflareinsights.com *.doubleclick.net *.google.co.nz *.google.com *.googleapis.com *.googletagmanager.com *.google-analytics.com *.gstatic.com cdn.jsdelivr.net *.list-manage.com *.mailchimp.com *.pagesense.io *.sharethis.com data.stbuttons.click *.youtube.com i.ytimg.com *.zoho.com *.zohocdn.com *.zohopublic.com; img-src * blob: data:; object-src 'none'; report-uri /Content-Security-Policy-Report.php; report-to default; 1
frame-ancestors 'self' odbike.co.kr *.odbike.co.kr 1
img-src 'self' data: https://www.google-analytics.com https://oeadstudenthousing-public-production.s3.amazonaws.com; font-src 'self'; default-src 'self' https://oeadstudenthousing-public-production.s3.amazonaws.com; connect-src 'self' https://www.google-analytics.com https://o46874.ingest.sentry.io https://neptune.wunderweiss.at; style-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://ssl.google-analytics.com https://neptune.wunderweiss.at 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' *.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com/gtm.js https://www.gstatic.com https://bat.bing.com https://www.clarity.ms https://i.clarity.ms/collect https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net ; img-src 'self' *.google.com www.googletagmanager.com https://www.google.es/ https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://fonts.gstatic.com/ data: https: ; style-src 'unsafe-inline' 'self' https://tagmanager.google.com https://fonts.googleapis.com https://www.googletagmanager.com/ ; font-src 'self' https://fonts.gstatic.com ; connect-src 'self' *.google.com https://www.google-analytics.com https://www.googleadservices.com https://i.clarity.ms/collect https://q.clarity.ms https://www.google.es/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net/ https://region1.google-analytics.com/ ; frame-src 'none' ; object-src  'self' 1
frame-ancestors 'self'; block-all-mixed-content; default-src 'self'; script-src  'self' cdn.tailwindcss.com 'nonce-UyRNfFtIJ0ptn4iaUyXC7WiRDcBTM9X0GJjcvcFU'  'report-sample' https://googletagmanager.com https://tagmanager.google.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' 'report-sample' fonts.googleapis.com fonts.gstatic.com tagmanager.google.com www.googletagmanager.com; object-src  'none'; frame-src  'self' www.googletagmanager.com; child-src  'self' www.googletagmanager.com; img-src  'self' data:; font-src  'self' fonts.googleapis.com fonts.gstatic.com www.googletagmanager.com; connect-src  'self' www.googletagmanager.com *.google-analytics.com; manifest-src  'self'; base-uri  'self'; form-action  'self'; media-src  'self'; worker-src  'self' 1
connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://accounts.google.com; img-src * 'self' data: blob: https://*.google-analytics.com https://*.googletagmanager.com https://secure.gravatar.com; script-src 'self' https://www.google.com https://accounts.google.com https://www.gstatic.com https://js-agent.newrelic.com https://bam.nr-data.net https://*.googletagmanager.com https://ssl.google-analytics.com https://www.google-analytics.com https://connect.facebook.net https://platform.twitter.com 'sha256-cueLIjf7+saT+qlPuHeFx6d9eEbuC4uiq1aRQOb3VGU='; frame-src 'self' https://www.facebook.com https://web.facebook.com https://www.youtube.com https://platform.twitter.com https://www.google.com https://accounts.google.com https://docs.google.com https://staticxx.facebook.com https://syndication.twitter.com blob:; report-uri /cspreport.php 1
connect-src *; font-src * data:; frame-src *; img-src * blob: data:; media-src *; object-src *; frame-ancestors 'self' https://www.youtube.com https://player.vimeo.com 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-2AEDEBD523AEEEA5B6625581E9EF7B8C' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-2AEDEBD523AEEEA5B6625581E9EF7B8C'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.ondeugend-daten.be/API/Site/CspReport 1
base-uri 'self'; default-src 'self' https://midtrans.com https://*.midtrans.com https://accounts.google.com https://*.klikdokter-stg.com https://*.klikdokter.com ; img-src 'self' https://klikdokter-media-buckets.s3-ap-southeast-1.amazonaws.com https://www.googletagmanager.com https://www.facebook.com https://oneonco.co.id https://www.google.co.id blob: data: gap:; object-src 'self' blob: data: gap:; script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: https://midtrans.com https://*.midtrans.com https://stackpath.bootstrapcdn.com https://cdnjs.cloudflare.com https://accounts.google.com/gsi/client https://www.googletagmanager.com https://dashboard.heatmap.com https://connect.facebook.net; style-src 'self' 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com/; upgrade-insecure-requests; connect-src 'self' https://midtrans.com https://*.midtrans.com https://fonts.gstatic.com https://secure.gravatar.com https://www.google.com https://www.google.co.id https://www.facebook.com https://connect.facebook.net https://stackpath.bootstrapcdn.com https://stats.g.doubleclick.net https://accounts.google.com https://www.googletagmanager.com https://www.google-analytics.com https://kns.heatmap.com wss://vst.heatmap.com wss://service.heatmap.com wss://ylghsmo5pb.execute-api.us-west-2.amazonaws.com https://*.aws https://*.amazonaws.com https://cdnjs.cloudflare.com https://fonts.googleapis.com https://c.heatmap.com https://oneonco.co.id https://analytics.google.com https://dashboard.heatmap.com blob: data: gap: 1
default-src 'none' ; connect-src 'self' data: https://ajax.googleapis.com https://de.api4load.biz https://pfrest.pboss.de https://pfrest.petafuel.net https://pfrest.wozutesten.de https://pfrest.mobile.wozutesten.de https://translate.googleapis.com https://www.fndsda.net https://www.paypal.com ; font-src 'self' data: * ; frame-src 'self' data: https://ad.ad-srv.net https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://client.comprigo.com https://hal9000.redintelligence.net https://optimize.google.com https://pixel.bsmartdata.com/ https://r.adc-srv.net https://tools.petafuel.de https://www.fndsda.net https://www.googletagmanager.com https://www.paypal.com https://www.sandbox.paypal.com ; img-src 'self' data: * ; manifest-src 'self' data: * ; media-src 'self' data: * ; object-src 'self' data: * ; script-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://ad4mat.de https://bid.g.doubleclick.net https://blog.onlinekonto.de https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://containertags.belboon.de https://data1.eurosty.com https://data1.mein-bmi.com https://data1.routenplaner-karten.com https://data1.ubersetzung-app.com https://eu5.heatmap.it https://googleads.g.doubleclick.net https://imgsrv.io https://maytrics.marvellousmachine.net https://online.adservicemedia.dk https://optimize.google.com https://orangebuddies.go2cloud.org https://pstatic.davebestdeals.com https://s3.eu-central-1.amazonaws.com https://ssl.google-analytics.com https://static.donation-tools.org https://tagmanager.google.com https://tpc.googlesyndication.com https://translate.googleapis.com https://www.financeads.net https://www.fndsda.net https://www.google-analytics.com https://www.google.com/ads/user-list https://www.googleadservices.com https://www.googletagmanager.com https://www.paypal.com https://www.paypalobjects.com https://www.performancehero.de ; style-src 'self' data: 'unsafe-inline' https://cdn.pboss.de https://cdn.petafuel.net https://cdn.wozutesten.de https://cdn.mobile.wozutesten.de https://fonts.googleapis.com https://optimize.google.com https://translate.googleapis.com https://u.heatmap.it https://www.fndsda.net ; worker-src 'self' data: * ;  1
base-uri 'self'; object-src 'none'; script-src https://* 'unsafe-inline' 'nonce-ZkLQMrFrEw7MkA7vJeesjAADER8' 'strict-dynamic' 1
default-src https://opaportal.org:443 https://www.opaportal.org:443 https://static.zdassets.com https://*.wepay.com https://*.youtube.com https://*.google.com https://*.paypal.com https://*.gstatic.com https://*.googleapis.com https://maxcdn.bootstrapcdn.com https://www.google-analytics.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cdn.rawgit.com https://*.twitter.com http://*.twitter.com; style-src 'unsafe-inline' https://opaportal.org:443 https://www.opaportal.org:443 https://ajax.googleapis.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://platform.twitter.com http://fonts.googleapis.com https://fonts.googleapis.com https://cdn.datatables.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://maxcdn.bootstrapcdn.com; script-src https://opaportal.org https://www.opaportal.org https://*.stripe.com https://player.vimeo.com https://cdn.syndication.twimg.com https://*.zopim.com https://*.zdassets.com https://*.wepay.com https://*.googleadservices.com https://*.facebook.net https://downloads.mailchimp.com https://*.twitter.com http://*.twitter.com https://cdn.datatables.net https://cdnjs.cloudflare.com https://cdn.rawgit.com https://*.google.com https://www.google-analytics.com https://*.gstatic.com https://*.googleapis.com https://malsup.github.io http://malsup.github.io 'unsafe-inline' 'unsafe-eval' blob:; frame-src https://opaportal.org:443 https://www.opaportal.org:443 https://*.stripe.com https://*.wepayapi.com https://*.twitter.com https://*.cincopa.com/ http://*.twitter.com http://*.wepay.com https://*.wepay.com https://*.facebook.net https://*.facebook.com https://*.google.com https://*.youtube.com https://*.vimeo.com https://*.loom.com; img-src * data:; connect-src https://opaportal.org:443 https://www.opaportal.org:443 https://*.stripe.com wss://*.zopim.com https://*.zopim.com https://*.zipim.com https://*.zdassets.com https://*.zendesk.com https://*.google-analytics.com https://*.doubleclick.net https://*.intercom.io wss://*.intercom.io wss:; font-src https://opaportal.org:443 https://www.opaportal.org:443 https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://*.zopim.com https://*.gstatic.com http://*.gstatic.com https://maxcdn.bootstrapcdn.com data:; report-uri /cspreport.php 1
default-src 'none'; script-src 'self' seal.digicert.com ajax.googleapis.com googletagmanager.com static.hotjar.com; object-src 'self'; img-src 'self' data: seal.digicert.com *.dvtel.cl; style-src 'self' 'unsafe-inline'; font-src 'self' data:; base-uri 'self';  frame-ancestors 'none'; form-action 'self' *.dvtel.cl *.devetel.net; connect-src 'self'; frame-src 'self' https://www.recargaenlinea.cl 1
default-src blob: https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' https://www.cv.ee https://cv.ee; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'          kit.fontawesome.com www.googletagmanager.com placehold.it maps.googleapis.com cdn.jsdelivr.net          analytics.silktide.com www.google-analytics.com; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * *.twitter.com *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; frame-ancestors *.meetanshi.com 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ https://www.googletagmanager.com/ *.meetanshi.com https://lpsolar.ourolux.com.br http://lpsolar.ourolux.com.br https://controled.ourolux.com.br https://meufinanciamentosolar.com.br http://cdn.mcauto-images-production.sendgrid.net https://app.powerbi.com https://homolog.meiosdepagamentobradesco.com.br/ https://meiosdepagamentobradesco.com.br/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.twitter.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com 'self' data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.cloudflare.com *.klarna.com *.paypal.com *.ytimg.com *.usercentrics.eu https://*.g.doubleclick.net https://*.google.com https://*.google.com.br http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ *.meetanshi.com https://*.gstatic.com https://*.googleapis.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.googleadservices.com *.google-analytics.com *.twitter.com *.twimg.com *.lightemporium.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com data: 'self' 'unsafe-inline'; script-src www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://www.googletagmanager.com https://cdn.dnky.co http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.avada.io *.meetanshi.com https://unpkg.com/html5-qrcode https://go.botmaker.com https://storage.googleapis.com https://polyfill.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com songbird.cardinalcommerce.com https://d335luupugsy2.cloudfront.net/js/ *.cloudflare.com *.twitter.com *.google-analytics.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.google.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline assets.braintreegateway.com *.cloudflare.com *.googleapis.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.soundjay.com/buttons/beep-01a.mp3 https://storage.googleapis.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.comapi.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://get.geojs.io *.avada.io *.paypal.com *.meetanshi.com https://go.botmaker.com wss://ws.botmaker.com https://stats.g.doubleclick.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.cardinalcommerce.com *.google.com google.com https://pageview-notify.rdstation.com.br/ https://popups.rdstation.com.br/ https://event-api.rdstation.com.br/v2/form_integrations *.cloudflare.com *.twitter.com *.twimg.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src *;script-src 'self' 'unsafe-inline' 'unsafe-eval' *.daum.net *.daumcdn.net *.google-analytics.com https://*.akamaihd.net http://*.akamaihd.net http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com http://*.goorm.io https://*.goorm.io;object-src 'self';img-src * data:;media-src 'self';frame-src 'self' http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com;connect-src 'self' https://*.daum.net http://*.daum.net http://www.googleapis.com https://www.googleapis.com http://*.facebook.net https://*.facebook.net http://*.facebook.com https://*.facebook.com;style-src 'self' 'unsafe-inline' 1
default-src * data: blob:;script-src 'self' 'unsafe-inline' 'unsafe-eval' *;object-src 'self';style-src 'unsafe-inline' * data:;form-action 'self' *.twitter.com va.tawk.to https://cp.payguru.com https://www.testgpay.com https://www.gpay.com.tr https://gpay.com.tr https://demo.gpay.com.tr https://www.paytr.com https://www.playanka.com https://test.papara.com https://www.papara.com https://papara.com https://payment.paybrothers.com https://stg.paybrothers.com https://api.paym.es https://checkout.test.pay.g2a.com https://checkout.pay.g2a.com https://www.vallet.com.tr;frame-ancestors 'self' http://*.livechatinc.com https://*.livechatinc.com http://*.tawk.to https://*.tawk.to https://chat.utechsoft.com.tr;worker-src 'self' blob: 1
worker-src blob:; font-src *.googleapis.com *.gstatic.com fonts.gstatic.com *.kxcdn.com *.fontawesome.com data: https://fonts.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * https://www.facebook.com *.addthis.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * facebook.com www.facebook.com *.kxcdn.com youtube.com www.youtube.com platform.twitter.com *.google.com *.addthis.com data: https://e.issuu.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.googleapis.com https://www.gstatic.com *.cdninstagram.com *.kxcdn.com *.twitter.com https://www.google.com *.gstatic.com *.fbcdn.net https://ads.paolinestore.it  https://ebizmarts-website.s3.amazonaws.com/ https://www.facebook.com *.addthis.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.google.it https://pagead2.googlesyndication.com https://stats.g.doubleclick.net data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.googleapis.com *.gstatic.com *.google.com cdn.ampproject.org connect.facebook.net googletagmanager.com *.kxcdn.com platform.twitter.com *.addthis.com *.addthisedge.com *.moatads.com s7.addthis.com *.avada.io 'self' data: https://ads.paolinestore.it https://*.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://*.paolinestore.it https://chimpstatic.com https://*.addthis.com https://googleads.g.doubleclick.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com unsafe-inline assets.braintreegateway.com fonts.googleapis.com *.googleapis.com *.google.com *.kxcdn.com *.gstatic.com *.fontawesome.com https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com *.googleapis.com https://www.paypal.com/xoplatform/logger/api/logger cdn.ampproject.org *.kxcdn.com *.instagram.com ekr.zdassets.com/ https://get.geojs.io *.avada.io data: https://ads.paolinestore.it https://*.addthis.com https://api-public.addthis.com https://*.analytics.google.com https://*.google-analytics.com https://*.googletagmanager.com https://*.paolinestore.it https://www.facebook.com/tr/ https://pagead2.googlesyndication.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://csp-reporting-service.com/my-project/endpoint; report-to report-endpoint; 1
default-src https:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' https://*.cookiebot.com https://cdn.jsdelivr.net https://*.lr-ingest.com https://*.clarity.ms https://*.newrelic.com https://*.emerchantpay.com https://*.ckotech.co https://*.checkout.com https://fpnpmcdn.net https://*.prismic.io https://ipinfo.io https://*.stripe.com  https://*.bing.com https://*.cardinalcommerce.com https://*.cloudflareinsights.com https://*.securetrading.net https://www.gstatic.com https://connect.facebook.net https://www.google.com https://www.google.com.mt https://optimize.google.com https://*.chatra.io https://cdnjs.cloudflare.com https://*.hotjar.com https://*.hotjar.io https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net blob:; style-src 'self' data: 'unsafe-inline' https://unpkg.com/ https://optimize.google.com https://googleads.g.doubleclick.net https://tagmanager.google.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://*.chatra.io; img-src 'self' https: data:; media-src 'self' data: https://call.chatra.io; font-src 'self' data: https://fonts.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.chatra.io; connect-src 'self' data: https://*.cookiebot.com https://*.nr-data.net https://*.google.com https://ipapi.co https://*.lr-ingest.com https://*.clarity.ms https://*.browser-intake-datadoghq.com https://*.ckotech.co https://*.checkout.com https://*.google-analytics.com https://ipinfo.io https://*.sentry.io https://www.facebook.com https://*.chatra.io https://*.hotjar.com:* https://*.hotjar.io wss://*.hotjar.com https://*.g.doubleclick.net https://*.cardinalcommerce.com https://*.amazonaws.com https://*.cloudflarestorage.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net cdn.sucuri.net maxcdn.bootstrapcdn.com; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: javascript: https://cdn.siftscience.com alcaldiapereira.agenti.com.co https://checkout.wompi.co/widget.js wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net app.sitp.gov.co *.firebaseio.com *.aldeamo.com *.bootstrapcdn.com *.cloudflare.com https://chat1-cls27.i6.inconcertcc.com https://webchat-cls27.i6.inconcertcc.com *.facebook.net *.fontawesome.com https://mas-spn.inconcertcc.com *.googleapis.com *.google-analytics.com *.google.com *.googletagmanager.com *.gstatic.com *.hippochat.io *.hotjar.com *.jquery.com *.jsdelivr.net *.livechatinc.com *.snapengage.com *.twimg.com *.twitter.com *.uniquindio.edu.co unpkg.com *.ytimg.com *.youtube.com *.zendesk.com ; img-src 'self' blob: data: javascript: static.placetopay.com/placetopay-logo.svg https://govco.sedeelectronica.com.co *.aldeamo.com *.amazonaws.com *.bluemessaging.net *.cool especiales.presidencia.gov.co *.facebook.com fuguchat.s3.ap-south-1.amazonaws.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com *.gstatic.com *.hippochat.io *.hotjar.com *.livechatinc.com sedeelectronica.com.co sellodeexcelencia.gov.co *.snapengage.com s-static.ak.facebook.com stats.g.doubleclick.net synersis.co:8442 smartlink.cool *.twimg.com *.twitter.com *.uniquindio.edu.co vozme.com *.youtube.com *.zendesk.com ; style-src 'self' 'unsafe-inline' alcaldiapereira.agenti.com.co wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app widget02.wolkvox.com d335luupugsy2.cloudfront.net wolkvox-cobrowsing-agent-fd5zvw7swa-ue.a.run.app https://platform.bluemessaging.net *.aldeamo.com *.bootstrapcdn.com govco.sedeelectronica.com.co ton.twimg.com *.cali.gov.co https://mas-spn.inconcertcc.com https://cdn.jsdelivr.net  *.cloudflare.com *.fontawesome.com *.hippochat.io *.hotjar.com *.jquery.com *.nexura.com *.gstatic.com *.google.com *.googleapis.com sedeelectronica.com.co *.twitter.com *.uniquindio.edu.co *.zendesk.com ; font-src 'self' data: alcaldiapereira.agenti.com.co *.cali.gov.co https://mas-spn.inconcertcc.com govco.sedeelectronica.com.co sedeelectronica.com.co *.fontawesome.com *.hotjar.com *.bootstrapcdn.com *.googleapis.com *.googleusercontent.com *.gstatic.com *.nexura.com sedeelectronica.com.co *.uniquindio.edu.co ; object-src 'self' data: ; frame-ancestors 'self' *.nexura.com *.uniquindio.edu.co ; media-src 'self' blob: https://c11.radioboss.fm:18054/stream  *.radioboss.fm:18054/stream  *.uniquindio.edu.co vozme.com smartlink.cool *.smartlink.cool ; 1
base-uri 'self' https://passeport-voyance.com https://*.google.com https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.news-voyance.com https://*.addtoany.com; child-src 'self' https://passeport-voyance.com https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.voyance.fr https://*.news-voyance.com http://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://lesfameusesvideos.com https://*.amazon-adsystem.com https://*.amazon.com https://*.goracash.com https://*.addtoany.com; object-src 'self' https://passeport-voyance.com https://*.google.com http://e.tlmq.fr https://*.tlmq.fr https://*.voyance.fr https://*.news-voyance.com http://*.addthis.com https://*.addthisedge.com https://www.google-analytics.com https://lesfameusesvideos.com https://*.amazon-adsystem.com https://*.amazon.com https://*.goracash.com https://*.addtoany.com; form-action https://passeport-voyance.com https://*.google.com https://*.news-voyance.com https://*.addtoany.com; style-src 'self' 'unsafe-inline'; font-src 'self'; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.pasteleraemprendedora.com https://excel.analytika.mx https://alumnos.epicbusiness.online https://www.moneypro.academy https://www.academiaparamamas.com https://www.supervendedor.lat https://www.manuelromo.com https://www.brickup.academy https://www.formarhoy.com https://www.aportacionesgdl.com https://www.institutodeinversion.org 1
default-src 'self'; style-src 'self' fonts.googleapis.com;connect-src 'self' *.google-analytics.com *.analytics.google.com; font-src 'self' fonts.gstatic.com;script-src www.googletagmanager.com 'self' 'unsafe-hashes' 'sha256-CVnWUJnIQer8+8rvXe/A06wfINuig8T1rU+YL2O3yXE=' 'sha256-nNExX8dGhf3ce7nlLMW210YbT1+ATSaoMpg5lf/l+Ng=' 'sha256-2NFxeQtuY6aHqwG89JOCTZxsk+Ot4hJfyz76XUuVp4A=' 'sha256-ys3k0lFIaNOl48X5ACWobmbJyY9se3jhKcFx6hBc60I=' 'sha256-1jAmyYXcRq6zFldLe/GCgIDJBiOONdXjTLgEFMDnDSM=' 'sha256-duEuDgO6dofRmdKFscJEDOUc5CQs7gp/g3RqAdaW0A8=';frame-ancestors 'self'; img-src 'self' *.google-analytics.com *.analytics.google.com; 1
upgrade-insecure-requests; report-uri https://peak-workout.com/il_reporturi.php?from=csp; report-to csp_endpoint 1
default-src 'unsafe-inline' 'unsafe-eval' https:;img-src * data:; 1
img-src 'self' data: blob: http://www.google-analytics.com/ https://www.google-analytics.com https://ssl.gstatic.com/ http://ssl.gstatic.com/ https://stats.g.doubleclick.net https://syndication.twitter.com https://abs.twimg.com https://pbs.twimg.com https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com https://ik.imagekit.io/ https://cdn.snipcart.com https://q.stripe.com https://via.placeholder.com https://img.youtube.com https://i.ytimg.com/ https://placeimg.com/ https://img.thedesignfactory.co.uk/ https://maps.gstatic.com https://embed.widgetpack.com https://*.ggpht.com https://www.facebook.com/ https://cdn.pixabay.com https://*.giphy.com/ https://*.unsplash.com https://*.pexels.com https://ucarecdn.com https://cdn.datatables.net https://cdn-7.com https://loremflickr.com/ http://static.filestackapi.com https://static.filestackapi.com https://cdn.filestackcontent.com/ https://f004.backblazeb2.com/ https://caffe-concerto.s3.us-west-004.backblazeb2.com/ https://2.donedone.com/ https://s3.amazonaws.com/ https://track.mailerlite.com/ https://www.filepicker.io https://maps.googleapis.com/ https://cajjhieqsa.cloudimg.io/ CloudImage https://f004.backblazeb2.com/ https://cdn.scaleflex.it https://*.elfsightcdn.com https://picsum.photos https://*.picsum.photos http://www.pepes.co.uk/ https://www.google.com https://www.google.co.uk https://www.google.com.pk https://cdn2.fouita.com https://cdn.fouita.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.fontawesome.com/ https://apis.google.com http://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google-analytics.com http://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ http://code.jquery.com/ https://code.jquery.com/ http://graph.facebook.com/ http://m.addthis.com/ http://s7.addthis.com/ http://m.addthisedge.com/ http://api-public.addthis.com/ https://www.islonline.net/ https://unpkg.com/ https://www.googletagmanager.com/ https://platform.twitter.com/ http://platform.twitter.com/ https://cdn.syndication.twimg.com https://donorbox.org https://www.paypalobjects.com https://www.paypal.com https://cdnjs.cloudflare.com https://js.stripe.com/v2/ https://stackpath.bootstrapcdn.com https://kit.fontawesome.com https://cdn.jsdelivr.net https://embed.widgetpack.com https://app.widgetpack.com https://connect.facebook.net http://www.dynamicnumbers.mediahawk.co.uk https://www.dynamicnumbers.mediahawk.co.uk https://postcodes.io https://pi-test.sagepay.com https://ucarecdn.com/ https://cdn.datatables.net https://www.google-analytics.com https://maps.googleapis.com http://static.filestackapi.com https://static.filestackapi.com https://js.stripe.com http://cdn.jsdelivr.net/ https://js.stripe.com/v3/ https://svc.webspellchecker.net https://static.mailerlite.com https://www.gstatic.com https://cdn.snipcart.com https://cdn.scaleflex.it https://www.youtube.com https://*.livechatinc.com https://www.sevenrooms.com https://videos.sproutvideo.com https://maps.google.co.uk https://*.instacloud.io/ https://*.elfsight.com/ https://*.sproutvideo.com/ https://*.cloudfront.net/ http://www.pepes.co.uk/ https://googleads.g.doubleclick.net/ https://cdn.fouita.com https://platform.illow.io; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://use.fontawesome.com/227a7ea25a.css https://use.fontawesome.com/releases/v4.6.3/css/font-awesome-css.min.css https://platform.twitter.com https://ton.twimg.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://pro.fontawesome.com https://cdn.jsdelivr.net https://kit-pro.fontawesome.com https://use.typekit.net/ https://p.typekit.net https://embed.widgetpack.com/ https://cdn.datatables.net https://static.filestackapi.com http://cdn.jsdelivr.net https://static.mailerlite.com/ https://fonts.mailerlite.com/ https://www.gstatic.com https://cdn.snipcart.com https://cdn.scaleflex.it https://www.sevenrooms.com http://www.pepes.co.uk/ https://cdn.fouita.com https://cdn2.fouita.com https://platform.illow.io/banner.css; frame-src 'self' https://www.google.com https://www.google.com/recaptcha/ http://www.youtube.com/ https://www.youtube.com/ https://www.youtube-nocookie.com/ http://player.vimeo.com/ http://s7.addthis.com/ http://m.addthisedge.com/ https://platform.twitter.com/ https://syndication.twitter.com/ https://donorbox.org/ https://js.stripe.com/ https://widgets.reputation.com/ https://js.stripe.com/ https://social.uploadcare.com https://cdn.filestackcontent.com/ https://f004.backblazeb2.com https://f004.backblazeb2.com https://www.google.co.uk/ https://*.livechatinc.com/ https://*.snipcart.com/ https://www.sevenrooms.com https://videos.sproutvideo.com/ https://maps.google.co.uk/ https://snazzymaps.com/ http://www.pepes.co.uk/ https://td.doubleclick.net; connect-src 'self' blob: https://api.github.com https://app.snipcart.com https://widgets.reputation.com/ http://www.dynamicnumbers.mediahawk.co.uk https://www.dynamicnumbers.mediahawk.co.uk https://pixabay.com/ https://api.giphy.com/ https://api.unsplash.com https://api.pexels.com https://images.weserv.nl https://api.microlink.io/ https://ws.postcoder.com/ https://postcodes.io https://upload.uploadcare.com ws://ws.pusherapp.com/ https://www.google-analytics.com https://maps.googleapis.com https://ka-p.fontawesome.com https://uploadcare.s3-accelerate.amazonaws.com/ https://upload.filestackapi.com https://cloud.filestackapi.com https://upload-eu-west-1.filestackapi.com/ https://filestack-uploads-persist-production.s3.amazonaws.com https://svc.webspellchecker.net https://*.filestackapi.com/ https://f004.backblazeb2.com/ https://greencocalab1.s3.us-west-000.backblazeb2.com/ https://www.filepicker.io https://api.livechatinc.com/ https://*.snipcart.com/ https://www.sevenrooms.com https://*.instacloud.io/ https://*.elfsight.com/ https://*.sproutvideo.com/ http://www.pepes.co.uk/ https://googleads.g.doubleclick.net/ https://stats.g.doubleclick.net https://api.fouita.com https://apps.elfsight.com https://region1.google-analytics.com https://platform.illow.io/ https://api.platform.illow.io; font-src 'self' data: https://fonts.gstatic.com https://use.fontawesome.com/ https://maxcdn.bootstrapcdn.com/ http://maxcdn.bootstrapcdn.com/ https://pro.fontawesome.com https://kit-free.fontawesome.com/ https://kit-pro.fontawesome.com https://use.typekit.net/ https://cdn.jsdelivr.net https://ka-p.fontawesome.com http://www.emmabigfestiverest.co.uk/ https://cdnjs.cloudflare.com/ http://static.filestackapi.com https://static.filestackapi.com https://fonts.mailerlite.com/ https://cdn.snipcart.com http://www.pepes.co.uk/ https://platform.illow.io/; media-src 'self' http://www.printset.co.uk.php73-40.lan3-1.websitetestlink.com/ https://f004.backblazeb2.com https://digimax-x01xo61.vids.io https://*.instacloud.io/ https://*.elfsight.com/ https://*.sproutvideo.com/ http://www.pepes.co.uk/; object-src 'self' 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://www.google.com/recaptcha/api.js https://www.gstatic.com https://www.googletagmanager.com https://code.jquery.com https://connect.facebook.net https://www.google-analytics.com https://unpkg.com https://cdn.datatables.net https://cdn.jsdelivr.net https://ajax.googleapis.com https://www.google.com kit.fontawesome.com; 1
frame-ancestors 'self' https://www.percentil.fr; 1
frame-ancestors 'self';         default-src 'self';         script-src  'self'         http://*.googleapis.com         https://*.googleapis.com         https://www.google-analytics.com         https://www.google.com         https://www.googletagmanager.com         https://cdnjs.cloudflare.com         http://www.gstatic.com         https://www.gstatic.com         https://www.youtube.com/iframe_api         https://s.ytimg.com         https://cdn.mathjax.org         https://www.recaptcha.net         https://cdn.rawgit.com         https://analytics.roundcubeplus.com         https://cdn.jsdelivr.net         https://unpkg.com         https://connect.facebook.net         https://www.youtube.com         https://cdn.sheetjs.com         'unsafe-inline'         'unsafe-eval'; object-src  'self'; style-src   'self'         https://www.google.com         http://ajax.googleapis.com         https://fonts.googleapis.com         https://cdn.rawgit.com         https://cdnjs.cloudflare.com         'unsafe-inline'; img-src     'self'         data:         http://*.perfmed.ro         http://maps.gstatic.com         https://maps.gstatic.com         http://csi.gstatic.com         https://csi.gstatic.com         http://*.googleapis.com         http://*.ggpht.com         http://maps.googleapis.com         https://maps.googleapis.com         https://*.google.com         https://*.google.ro         https://ssl.gstatic.com         https://*.googleusercontent.com         https://h5p.org         https://cdnjs.cloudflare.com; media-src 'self'         data:; worker-src  'self'         blob:         https://www.google.com         https://www.youtube.com; frame-src   'self'         https://*.moodle.org         https://www.google.com         https://www.recaptcha.net         https://player.vimeo.com         https://www.youtube.com         https://*.zoom.us         http://docs.roundcube.net         https://web.facebook.com         https://www.facebook.com; font-src    'self'         data:         https://fonts.gstatic.com         http://fonts.googleapis.com         https://fonts.googleapis.com; connect-src https://metrics.articulate.com         https://*.googleapis.com         https://cloud.poodll.com         'self'; upgrade-insecure-requests; base-uri    'self'; 1
frame-src 'none' 1
default-src 'self' https://*.dcube.cloud/ https://*.demdex.net/ https://cm.everesttech.net/ ;
  script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.mathjax.org/ *.dcube.cloud assets.adobedtm.com embed.tawk.to cdn.jsdelivr.net/emojione/;
  object-src 'self';style-src 'self' 'unsafe-inline' assets.dcube.cloud/fonts/ ;
  frame-src 'self' *.youtube.com *.demdex.net phet.colorado.edu quizizz.com *.quizizz.com h5p.org *.h5p.org kemdikbud.go.id *.kemdikbud.go.id google.com *.google.com live.com *.live.com dropbox.com *.dropbox.com wps.com *.wps.com pesonaedu.id *.pesonaedu.id pesonaedu.com *.pesonaedu.com data:;
  frame-ancestors 'self' ;
  connect-src 'self' wss://pesonaedu.commontown.net *.dcube.cloud dpm.demdex.ne/ blob: wss://*.tawk.to embed.tawk.to;
  img-src 'self' data: cm.everesttech.net img.youtube.com dpm.demdex.net pesona.ready.sg pesonaeduaclass.id *.pesonaeduaclass.id embed.tawk.to tawk.link ;
  media-src 'self' data: blob:;
  font-src 'self' data: assets.dcube.cloud;worker-src 'self' data: blob: fonts.gstatic.com embed.tawk.to;  1
img-src 'self' blob: *.googlesyndication.com 'unsafe-inline' data: 1
Add 'default-src `self`' 1
default-src 'none';form-action 'self';frame-ancestors *.cookiebot.com https://consentcdn.cookiebot.com;frame-src 'self' *.youtube.com *.cookiebot.com https://consentcdn.cookiebot.com;connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.cookiebot.com https://consentcdn.cookiebot.com;style-src 'self' 'unsafe-inline';script-src 'self' 'nonce-NjsB8XS6dJ4g0S1JvkmhaGkzVt4=' https://*.googletagmanager.com *.google-analytics.com *.googletagmanager.com *.facebook.com *.cookiebot.com 'unsafe-eval' 'unsafe-inline' 'strict-dynamic';img-src 'self' data: *.ytimg.com https://*.google-analytics.com https://*.googletagmanager.com *.googleapis.com *.piearsta.lv;font-src 'self'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.yapaytech.com   *.helorobo.com *.iyzipay.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.yapaytech.com   *.helorobo.com *.iyzipay.com ; frame-ancestors *; 1
connect-src 'self' https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com https://*.useinsider.com https://*.api.useinsider.com wss://*.useinsider.com *; font-src 'self' 'unsafe-eval' 'unsafe-inline' *.hotjar.com https://testrio.pinaronline.com *.useinsider.com *.api.useinsider.com https://fonts.gstatic.com font.static.useinsider.com data:; frame-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com *; img-src 'self' 'unsafe-eval' 'unsafe-inline' *.yahoo.net https://e1.emxdgt.com https://api.b2b.retter.io https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com https://api.pinar.retter.io https://*.cloudfront.net *.mircate.com *.api.mircate.com https://api.b2btest.retter.io https://matching.ivitrack.com https://optimize.google.com https://us-u.openx.net https://beacon.krxd.net https://s.thebrighttag.com https://*.smartclip.net https://*.yieldmo.com https://dpm.demdex.net public-prod-dspcookiematching.dmxleo.com exchange.mediavine.com rtb.mfadsrvr.com https://grand-eye-340909.ue.r.appspot.com log.api.useinsider.com pixel-sync.sitescout.com assets.api.useinsider.com eitri.api.useinsider.com pinar.inone.useinsider.com www.facebook.com https://www.googleadservices.com https://googleads.g.doubleclick.net www.googletagmanager.com www.google.com www.google.com.tr https://www.google-analytics.com *.doubleclick.net doubleclick.net https://www.googletagmanager.com https://core-internal.rtbs.io https://core.rtbs.io https://sync.outbrain.com https://pixel.rubiconproject.com https://cw.addthis.com https://pixel.tapad.com https://trends.revcontent.com https://criteo-sync.teads.tv https://sync-t1.taboola.com https://ads.yahoo.com https://ups.analytics.yahoo.com https://simage2.pubmatic.com https://s.ad.smaato.net https://gum.criteo.com https://adx.dable.io https://x.bidswitch.net https://cm.meba.kr https://secure.adnxs.com https://ib.adnxs.com https://rtb-csync.smartadserver.com https://sp.analytics.yahoo.com https://ad.tpmn.co.kr https://tg.socdm.com https://adgen.socdm.com https://cs.adingo.jp https://eb2.3lift.com https://contextual.media.net https://sync.ad-stir.com https://secure.adnxs.com https://secure.adnxs.com https://r.casalemedia.com https://ad.as.amanad.adtdp.com https://ad.360yield.com https://ih.adscale.de https://match.sharethrough.com https://match.sharethrough.com https://idsync.rlcdn.com https://dis.criteo.com https://dis.criteo.com https://d.turn.com https://partner.mediawallahscript.com https://i.liadm.com https://pixel.advertising.com https://i6.liadm.com https://jadserve.postrelease.com https://sbm.nate.com https://cotads.adscale.de https://sync.taboola.com https://idsync.admixer.co.kr https://cm.adform.net https://t.adx.opera.com https://aax-eu.amazon-adsystem.com https://sync.1rx.io https://ums.acuityplatform.com https://cm-exchange.toast.com https://id5-sync.com https://sync.srv.stackadapt.com https://smaatocm.digitaleast.mobi https://sync.crwdcntrl.net https://token.rubiconproject.com https://sync.aralego.com https://pr-bh.ybp.yahoo.com https://match.adsrvr.org https://criteo-partners.tremorhub.com https://visitor.omnitagjs.com https://fksnk.com https://gu.dyntrk.com https://s.c.appier.net https://ad.yieldlab.net https://ad.yieldlab.net https://image8.pubmatic.com https://c1.adform.net https://www.google.nl region1.google-analytics.com region1.analytics.google.com data: blob:; style-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com *; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com https://*.masterpassturkiye.com https://test.masterpassturkiye.com/MasterpassJsonServerHandler/v2 https://js.go2sdk.com *.enhencer.com https://optimize.google.com https://www.googleanalytics.com https://www.googleoptimize.com https://grand-eye-340909.ue.r.appspot.com www.gstatic.com *.cloudflare.com http://www.googleadservices.com facebook.net *.facebook.net https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com *.jquery.com https://unpkg.com *.doubleclick.net doubleclick.net useinsider.com assets.api.useinsider.com eitri.api.useinsider.com pinar.inone.useinsider.com api.pinar.retter.io https://facebook.com www.googletagmanager.com *.criteo.net *.criteo.com *.hotjar.com 'nonce-YTJiYzU0YmYtNTRiNS00ZDkyLTkxMDktNjg3OWI2ZmJhYWIz'; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://cdn.enhencer.com *.criteo.com *.criteo.net https://vercel.live https://apis.google.com https://testrio.pinaronline.com https://mp-test-sdk.masterpassturkiye.com *.useinsider.com *.api.useinsider.com www.gstatic.com www.google.com fonts.gstatic.com cdnjs.cloudflare.com www.googleoptimize.com www.googletagmanager.com www.google-analytics.com js.go2sdk.com static.hotjar.com connect.facebook.net googleads.g.doubleclick.net unpkg.com script.hotjar.com; worker-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com *.useinsider.com *.api.useinsider.com * blob:; object-src 'self' 'unsafe-eval' 'unsafe-inline' https://testrio.pinaronline.com *.useinsider.com *.api.useinsider.com; default-src 'unsafe-eval' https://mp-test-sdk.masterpassturkiye.com https://testrio.pinaronline.com https://web-pinar-online.vercel.app https://*.googleapis.com *.cloudflare.com *.cloudfront.net *.criteo.net *.criteo.com *.hotjar.com http://www.googleadservices.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com *.doubleclick.net doubleclick.net https://facebook.com https://www.google-analytics.com https://stats.g.doubleclick.net 'self' https://*.api.useinsider.com https://*.useinsider.com assets.api.useinsider.com eitri.api.useinsider.com pinar.inone.useinsider.com api.pinar.retter.io https://core-internal.rtbs.io https://core.rtbs.io https://*.masterpassturkiye.com 'nonce-YTJiYzU0YmYtNTRiNS00ZDkyLTkxMDktNjg3OWI2ZmJhYWIz' https://www.googletagmanager.com; base-uri 'self'; form-action 'self' https://sanalposprovtest.garantibbva.com.tr https://sanalposprov.garanti.com.tr; block-all-mixed-content; upgrade-insecure-requests; 1
frame-ancestors 'self' d2n7f4cdbqb93g.cloudfront.net 1
default-src 'self' https: *.piscineco.fr *.avis-verifies.com *.google-analytics.com *.criteo.net *.criteo.com *.avis-verifies.com *.skeepers.io *.youtube.com *.doubleclick.net *.googleapis.com *.gstatic.com *.youtu.be *.googleusercontent.com *.google.com *.doofinder.com *.consentframework.com; font-src https: 'self' data:; img-src 'self' https: *.piscineco.fr data:; media-src 'self' https: *.piscineco.fr; frame-src 'self' https: *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: *.googletagmanager.com; style-src 'self' 'unsafe-inline' https: *.piscineco.fr *.googleapis.com *.cloudflare.com *.jsdelivr.net; 1
default-src 'self' analysts.pangle-ads.com ad.doubleclick.net *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *pizzahut.com.bo *.local.com:8080 *.local.com dev.local.com *.kaptcha.com *.smartlook.cloud *.facebook.net *.kvantum-app.com wss://*.visitors.live *.luckyorange.com *.google.co.il *.tictuk-qa.com *.googleoptimize.com wss://collection.decibelinsight.net collection.decibelinsight.net tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx analytics.tiktok.com voices.s1gateway.com *.webeyez.com *.crwdcntrl.net *.braze.com wss://*.hotjar.com *.googleadservices.com *.indigitall.com consentcdn.cookiebot.com *.browser-intake-datadoghq.eu *.g.doubleclick.net *.bringg.com *.ubereats.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.browser-intake-datadoghq.com *.googleapis.com wss://ws.inspectlet.com *.inspectlet.com *.google-analytics.com *.datadoghq.com *.datadoghq.eu *.browser-intake-datadoghq.eu *.hotjar.com *.googletagmanager.com *.googleusercontent.com *.lr-ingest.io *.lji.li *.tictuk.com *.facebook.com *.google.com pay.payphonetodoesposible.com data:;frame-src 'self' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.tictuk.com telegram.me wa.me m.me powertranztestframeworkdsacssimulator.azurewebsites.net *.kaptcha.com *.ptranz.com *.google.com *.arcot.com *.nutritionix.com *.lji.li lili.ly *.webeyez.com voices.s1gateway.com *.amazon-adsystem.com *.crwdcntrl.net *.mathtag.com *.doubleclick.net docs.google.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.prb.com.mx:* consentcdn.cookiebot.com *.tracker.dragontail.com *.youtube.com *.bringg.com *.ubereats.com *.uber.com *.adyen.com *.oppwa.com *.payeezy.com authentication.cardinalcommerce.com aacsw.3ds.verifiedbyvisa.com ecom.eglobal.com.mx *.modirum.com *.ipg-online.com pay.payphonetodoesposible.com *.mercadopago.com.co *.hotjar.com *.facebook.com *.cardnet.com.do; object-src 'self' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *pizzahut.com.bo *.local.com:8080 *.local.com kfc.com.mx *.kfc.com.mx *.tictuk.com tacobell.ca *.tacobell.ca *.tictuk.com;style-src 'self' 'unsafe-inline' analysts.pangle-ads.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *pizzahut.com.bo *.google.com voices.s1gateway.com use.fontawesome.com www.googletagmanager.com *.adyen.com *.oppwa.com *.lji.li *.tictuk.com fonts.googleapis.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com *.kaptcha.com web-sdk.smartlook.com *.kfcbotswana.com *.luckyorange.com *.googleoptimize.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx cdn.decibelinsight.net voices.s1gateway.com analytics.tiktok.com *.webeyez.com *.pizzahut.com.ec *.crwdcntrl.net *.mathtag.com  *.gstatic.com *.g.doubleclick.net *.googleadservices.com *.cookiebot.com *.appboycdn.com *.adyen.com *.oppwa.com *.onetrust.com cdn.cookielaw.org *.maps.yandex.net yastatic.net *.yandex.ru yandex.ru *.payeezy.com polyfill.io cdn.inspectlet.com cdn.polyfill.io lab.cardnet.com.do servicios.cardnet.com.do *.google-analytics.com *.hotjar.com *.googletagmanager.com cdn.lr-ingest.io cdn.logrocket.io cdnjs.cloudflare.com *.lji.li *.tictuk.com *.google.com *.facebook.net *.googleapis.com *.facebook.com pay.payphonetodoesposible.com;img-src 'self' analysts.pangle-ads.com ad.doubleclick.net bat.bing.com *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *pizzahut.com.bo media.api-kfc.com xilnexblobs.b-cdn.net www.telepizza.cl *.googletagmanager.com telepizza.cl *.telepizza.cl *.kfcbotswana.com *.xilnex.com *.kfc.co.za *.amazon-adsystem.com *.ofisistemas.com:8096 *.kfc-panama.com habit-images.s3.us-east-2.amazonaws.com tacobell.ca *.tacobell.ca *.kfc.com.mx kfc.com.mx *.pizzahut.cl pizzahut.cl *.google.co.uk *.s1gateway.com *.pizzahut.com.mx *.mathtag.com *.ofisistemas.com pizzahut.com.co *.pizzahut.com.co nolocdnmsftaznua.azureedge.net *.indigitall-cdn.com *.g.doubleclick.net *.pizzahut.com.br *.pizzahut.com.ec *.google.com.mx *.google.ca *.google.co.il *.google.es *.google.com.do *.google.com *.google.com.ec *.google.com.br *.pizzahut-tt.com *.tacobell.co.nz *.pizzahut.fi  pizzahut.fi nolocdnmsftus.azureedge.net ros-prd.s3.amazonaws.com *.adyen.com *.cookielaw.org *.maps.yandex.net *.yandex.ru yandex.ru *.kfc.tt *.cognizantorderserv.com connect.facebook.net *.inspectlet.com *.google-analytics.com ph-web-bucket.s3.us-east-2.amazonaws.com *.mobstorm.com images-rest.wixmp.com *.googleusercontent.com *.lji.li *.tictuk.com *.googleapis.com *.cloudfront.net/phws/ *.gstatic.com *.wixstatic.com *.facebook.com test.ipg-online.com data:;font-src 'self' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.local.com voices.s1gateway.com use.fontawesome.com *.tictuk.com fonts.gstatic.com data:;worker-src 'self' 'unsafe-eval' 'unsafe-inline' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com *.lji.li *.tictuk.com blob: data:;frame-ancestors 'self' *.kfcbrasil.com.br kfcbrasil.com.br *.tictuk-demo.com *.arcoprueba.com kfc.com.mx *.kfc.com.mx *.ipg-online.com  pay.payphonetodoesposible.com *.lji.li http://local.tictuk.com:8080 *.tictuk.com *.facebook.com *.messenger.com facebook.com messenger.com *.telegram.org telegram.org kfc.cw pizzahut.cw kfc.mystagingwebsite.com ; 1
default-src 'self'; img-src 'self' 'unsafe-inline' data: *.fbcdn.net https://*.cdninstagram.com https://*.chitika.net https://www.google.com.ua https://www.googletagmanager.com https://mc.yandex.ru https://cdn.jsdelivr.net https://www.google.com https://*.wlmediahub.com https://*.imlmediahub.com https://cdn.wdrimg.com https://*.twitter.com https://*.facebook.com https://*.imgur.com https://pixel.wp.com  https://*.sharethis.com https://*.giphy.com https://*.gravatar.com https://*.google-analytics.com https://*.doubleclick.net https://s.w.org https://wordpress.org https://ps.w.org data:; font-src data: 'self' https://s0.wp.com https://cdn.wdrimg.com https://*.bootstrapcdn.com wordpress.com https://*.gstatic.com; object-src 'none'; script-src 'self' https://*.chitika.net https://cdn.taboola.com https://mc.yandex.ru https://cdn.ampproject.org https://cdn.jsdelivr.net https://*.pinterest.com https://*.googletagmanager.com https://*.cloudflare.com https://cdn.wdrimg.com https://*.facebook.com https://*.addthis.com  https://*.addthisedge.com https://*.wp.com https://*.gravatar.com https://*.googleapis.com https://*.facebook.net https://*.pinterest.com https://*.twitter.com https://www.google-analytics.com https://*.google.com https://*.sharethis.com *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'  https://s0.wp.com https://cdn.jsdelivr.net https://cdn.wdrimg.com https://*.gravatar.com https://*.bootstrapcdn.com https://cdn-images.mailchimp.com https://fonts.googleapis.com https://ws.sharethis.com; connect-src 'self'  https://www.instagram.com/ https://*.addthisedge.com https://*.addthis.com https://*.facebook.com https://l.sharethis.com wss://kittpress.com https://mc.yandex.ru; child-src 'self'; frame-src https: gstatic.com 1
frame-ancestors https://www.pngbet.com https://preprod.pngbet.com 1
default-src 'self' https://www.google-analytics.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com https://counter.top.ge https://connect.facebook.net; img-src https://* data:; style-src 'self' 'unsafe-inline'; child-src https://*.facebook.com; base-uri 'none'; form-action 'self' https://cse.google.com; frame-ancestors 'none'; report-uri /csp-report.php; 1
font-src *.google-analytics.com *.google.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.facebook.com *.googleadservices.com https://connect.facebook.net *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ https://paywall.imoje.pl *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.gstatic.com *.typekit.net *.twimg.com *.trustedshops.com *.googleapis.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net *.twitter.com *.facebook.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://paywall.imoje.pl *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com 'self' 'unsafe-inline'; frame-src secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google.com pay.google.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.google.com *.paypal.com https://paywall.imoje.pl www.facebook.com platform.twitter.com *.twitter.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com *.google-analytics.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.googletagmanager.com *.facebook.com *.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.pl *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net data: *.vimeocdn.com s.ytimg.com platnosci.bm.pl www.gstatic.com *.paypal.com https://paywall.imoje.pl https://img.youtube.com www.facebook.com pinterest.com assets.pinterest.com syndication.twitter.com *.cloudflare.com *.klarna.com *.twitter.com *.twimg.com *.ytimg.com 'self' data: *.lightemporium.com *.usercentrics.eu *.google.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com *.gstatic.com 'self' 'unsafe-inline'; script-src secure.authorize.net test.authorize.net *.google-analytics.com *.google.com *.googletagmanager.com *.facebook.com *.googleadservices.com https://connect.facebook.net https://googleads.g.doubleclick.net https://www.google.pl *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ cards-accept.bm.pl cards.bm.pl pay.google.com https://paywall.imoje.pl *.avada.io connect.facebook.net twitter.com platform.twitter.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.trustedshops.com *.usercentrics.eu *.fontawesome.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com https://www.googletagmanager.com tagmanager.google.com analytics.google.com *.facebook.net unpkg.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.google-analytics.com *.google.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.facebook.com *.googleadservices.com https://connect.facebook.net *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ getfirebug.com pay-accept.bm.pl pay.bm.pl cards-accept.bm.pl cards.bm.pl *.googleapis.com https://paywall.imoje.pl *.fontawesome.com maxcdn.bootstrapcdn.com *.cloudflare.com *.twitter.com *.twimg.com *.gstatic.com *.typekit.net *.trustedshops.com *.usercentrics.eu *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com tagmanager.google.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src *.google-analytics.com *.google.com *.googletagmanager.com https://www.googletagmanager.com/gtm.js?id=GTM-TQNBRLC *.facebook.com *.googleadservices.com https://connect.facebook.net https://stats.g.doubleclick.net *.doubleclick.net *.saleago.com https://googleads.g.doubleclick.net/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com https://paywall.imoje.pl https://get.geojs.io *.avada.io *.cloudflare.com *.twitter.com *.paypal.com *.twimg.com *.youtube.com maps.googleapis.com scontent.cdninstagram.com cdn.lightwidget.com lightwidget.com analytics.google.com *.facebook.net 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google.com *.facebook.com *.youtube.com *.google-analytics.com *.ampproject.org *.cloudflare.com *.googlesyndication.com *.googletagmanager.com *.google.com.br *.googletagservices.com cdn.iframe.ly *.facebook.net *.googleadservices.com *.doubleclick.net 1
font-src 'self' data: *.presente.com.co *.wpmucdn.com *.gstatic.com *.hotjar.com *.bootstrapcdn.com *.fontawesome.com *.ipapi.co *.googletagmanager.com; frame-src *.sharethis.com *.gabbyparrot.com *.presente.com.co *.youtube.com *.google.com *.wolkvox.com *.ipdialbox.com *.sharethis.mgr.consensu.org *.hotjar.com *.ipapi.co *.googletagmanager.com; default-src 'self' *.google.com *.presente.com.co *.hotjar.com *.w3.org *.wolkvox.com *.youtube.com *.mathtag.com *.facebook.com *.bootstrapcdn.com *.gstatic.com *.wpmucdn.com *.sharethis.mgr.consensu.org *.viajesexito.com *.fontawesome.com *.ipapi.co *.googletagmanager.com; script-src https: 'unsafe-inline' 'unsafe-eval' *.wpmucdn.com *.presente.com.co *.wolkvox.com *.ipdialbox.com *.hotjar.com *.sharethis.com *.googletagmanager.com *.google.com *.ipapi.com; connect-src https: *.presente.com.co http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com; img-src https: 'unsafe-inline' data: *.presente.com.co *.ipapi.co *.googletagmanager.com; style-src https: 'unsafe-inline' *.presente.com.co; 1
default-src 'self';frame-src 'self' https://*.cookiebot.com https://streamio.com;font-src 'self' https://fonts.gstatic.com;script-src 'self' 'nonce-vN6B6H+1Lp2S+XQBCDCIYS15zMVeh4Gxs8aVWvKq/0Y=' 'strict-dynamic';connect-src 'self' https://*.optimizely.com https://*.cookiebot.com https://matomo.analys.cloud;img-src 'self' data: https://app.optimizely.com https://cdn.optimizely.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; 1
default-src 'self' *.vimeo.com *.facebook.com *.monetate.net www.google.com *.worldpay.com *.criteo.com *.qualaroo.com www.youtube.com *.issuu.com www.instagram.com *.google.com *.emarsys.net *.onetrust.com *.criteo.net;  script-src 'self' www.googleadservices.com *.googletagmanager.com *.cquotient.com *.monetate.net *.cloudflare.com unpkg.com *.zdassets.com *.bing.com www.google-analytics.com/analytics.js www.google-analytics.com/plugins/ua/ecommerce.js www.google-analytics.com/plugins/ua/ec.js maps.googleapis.com *.mondialrelay.com *.feefo.com *.worldpay.com *.px-cloud.net *.scarabresearch.com www.google.com www.gstatic.com *.criteo.net *.criteo.com *.crazyegg.com *.amazonaws.com *.facebook.net *.trustedshops.com *.qualaroo.com *.webgains.com *.webgains.io *.emarsys.net www.staging.pro-duo.be www.pro-duo.be polyfill.io www.instagram.com *.onetrust.com *.google.com *.clarity.ms *.cdn-apple.com 'unsafe-inline' 'unsafe-eval' blob:;  img-src 'self' *.salesforce.com www.paypalobjects.com *.monetate.net *.demandware.net *.bing.com www.google.com www.google.com.ua www.google-analytics.com maps.gstatic.com maps.googleapis.com *.salon-services.com *.feefo.com *.cloudfront.net *.trustedshops.com *.mondialrelay.com *.tapad.com *.criteo.com *.smaato.net *.yieldmo.com *.rubiconproject.com *.advertising.com *.mgid.com *.liadm.com *.yahoo.com *.openx.net *.addthis.com *.doubleclick.net *.outbrain.com *.yieldlab.net *.bidswitch.net *.smartadserver.com *.3lift.com *.taboola.com *.360yield.com *.teads.tv *.pubmatic.com *.casalemedia.com *.mgid.com *.media.net *.omnitagjs.com *.adform.net *.twiago.com *.adnxs.com *.adscale.de *.socdm.com *.sharethrough.com *.stickyadstv.com *.rlcdn.com *.ivitrack.com *.e-planning.net *.smartclip.net *.ad-stir.com *.clmbtech.com *.tremorhub.com *.demdex.net *.postrelease.com *.facebook.com *.google.com *.openstreetmap.org *.emarsys.net *.crazyegg.com *.bluekai.com www.staging.pro-duo.be www.pro-duo.be *.gstatic.com *.clarity.ms id5-sync.com *.dmxleo.com *.thebrighttag.com *.crwdcntrl.net data:;  font-src 'self' *.googleapis.com *.monetate.net *.gstatic.com *.cdn-apple.com data:;  style-src 'self' 'unsafe-inline' *.googleapis.com unpkg.com *.monetate.net *.mondialrelay.com *.worldpay.com;  connect-src 'self' *.google.com *.monetate.net *.zendesk.com *.crazyegg.com *.zdassets.com *.google-analytics.com *.feefo.com *.doubleclick.net *.crazyegg.com *.mondialrelay.com *.scarabresearch.com *.emarsys.net *.px-cdn.net *.px-cloud.net *.edq.com *.bing.com *.onetrust.com *.clarity.ms *.googleapis.com;  media-src 'self' 1
img-src * 'self' data: https:; font-src * 'self' data: https:; media-src * 'self' data: https:; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.fonts-gstatic.com *.cloudflare.com  *.googletagmanager.com *.fontawesome.com *.gstatic.com *.jquery.com *.googleapis.com *.google.com *.youtube.com *.vimeo.com *.datatables.net *.openstreetmap.org *.hotjar.com *.jsdelivr.net *.doubleclick.net gitcdn.github.io oss.maxcdn.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://psality.com/ https://libs.hipay.com/ https://secure-gateway.hipay-tpp.com/ https://cdnjs.cloudflare.com/ https://mpsnare.iesnare.com/ https://embed.tawk.to/ https://cdn.jsdelivr.net/; img-src 'self' data: https://psality.com/ https://libs.hipay.com/ https://secure-gateway.hipay-tpp.com/ https://cdnjs.cloudflare.com/ https://mpsnare.iesnare.com/ https://embed.tawk.to/ https://cdn.jsdelivr.net/; object-src 'self' data: https://psality.com/ https://libs.hipay.com/ https://secure-gateway.hipay-tpp.com/ https://cdnjs.cloudflare.com/ https://mpsnare.iesnare.com/ https://embed.tawk.to/ https://cdn.jsdelivr.net/; frame-src 'self' data: https://psality.com/ https://libs.hipay.com/ https://secure-gateway.hipay-tpp.com/ https://cdnjs.cloudflare.com/ https://mpsnare.iesnare.com/ https://embed.tawk.to/ https://cdn.jsdelivr.net/; 1
default-src 'self' https://td.doubleclick.net https://bid.g.doubleclick.net https://www.youtube.com https://maps.google.com https://www.google.com https://www.facebook.com https://platform.twitter.com; font-src 'self' https://fonts.gstatic.com https://cdn.jsdelivr.net https://i.icomoon.io;img-src 'self' https://www.google.com.ec https://www.googletagmanager.com https://www.google-analytics.com https://www.google.co.cr https://www.google.com https://googleads.g.doubleclick.net https://res.cloudinary.com https://www.facebook.com/ https://www.google.co.cr/ads/ga-audiences https://www.google.com/ads/ga-audiences https://maps.gstatic.com https://maps.googleapis.com data:; script-src 'self' 'unsafe-inline' https://connect.facebook.net/en_US/fbevents.js https://www.gstatic.com/recaptcha https://code.jquery.com/jquery-1.12.4.min.js https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://platform.twitter.com/widgets.js https://www.googletagmanager.com https://connect.facebook.net https://maps.googleapis.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.materialdesignicons.com https://i.icomoon.io https://cdn.jsdelivr.net; connect-src 'self' https://www.facebook.com/tr/ https://capig.entravision.com https://pagead2.googlesyndication.com https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://maps.googleapis.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; script-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-elem 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; style-src-attr 'self' 'unsafe-inline' 'unsafe-hashes' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; img-src 'self' data: putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; font-src 'self' data: putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; connect-src 'self' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; media-src 'self' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; object-src 'self' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net; frame-src * 'self' putasvipmexico.mx *.putasvipmexico.mx putasvipmexico.com *.putasvipmexico.com googletagmanager.com *.googletagmanager.com google-analytics.com *.google-analytics.com yandex.ru *.yandex.ru clarity.ms *.clarity.ms bing.com *.bing.com fontawesome.com *.fontawesome.com gstatic.com *.gstatic.com canvasjs.com *.canvasjs.com plot.ly *.plot.ly realsrv.com *.realsrv.com afcdn.net *.afcdn.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.consentmanager.net *.pw-tools.net; frame-ancestors 'none'; connect-src 'self' https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com chat.mepaddons.pw-tools.net wss://chat.mepaddons.pw-tools.net; img-src 'self' 'unsafe-inline' *.pw-tools.net *.consentmanager.net data:; report-uri https://sentry.stier-le.de/api/3/security/?sentry_key=14377e563ede9e47bad7211f2714fd9e; report-to csp-endpoint; 1
default-src 'self'  www.googletagmanager.com www.googletagservices.com 'unsafe-inline' 'unsafe-eval' data:; 1
style-src 'self' fonts.googleapis.com www.google-analytics.com www.googletagmanager.com connect.facebook.net 'unsafe-inline' 'unsafe-eval'; font-src 'self' fonts.googleapis.com fonts.gstatic.com; media-src *; img-src * data: blob:; 1
default-src 'self' *.google-analytics.com https://surveystats.hotjar.io https://*.hotjar.io gateway.zscloud.net https://plausible.io/ cdn-cookieyes.com *.cookieyes.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.googletagmanager.com *.google-analytics.com https://surveystats.hotjar.io https://www.youtube.com/iframe_api https://cdn.insight.sitefinity.com https://dec.azureedge.net/ munchkin.marketo.net *.eloqua.com js.hs-scripts.com js.hs-analytics.net *.en25.com http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://extend.vimeocdn.com https://player.vimeo.com google.com/recaptcha/ cdn.userway.org/ gateway.zscloud.net https://kit.fontawesome.com/656696535d.js https://plausible.io/ cdn-cookieyes.com *.cookieyes.com 'self' cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net https://use.fontawesome.com cdn.userway.org/ gateway.zscloud.net https://plausible.io/ 'self' 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://dec.azureedge.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.eloqua.com track.hubspot.com https://services.postcodeanywhere.co.uk https://stsukmpcdnprod001.blob.core.windows.net https://CDN-SUK-MemberPortal-Prod-001.azureedge.net https://cdn.rpmi.co.uk https://script.hotjar.com http://script.hotjar.com cdn.userway.org/ gateway.zscloud.net cdn-cookieyes.com *.cookieyes.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://use.fontawesome.com http://script.hotjar.com https://script.hotjar.com cdn.userway.org/ https://ka-f.fontawesome.com/ cdn-cookieyes.com *.cookieyes.com; frame-src 'self' https://platform.twitter.com https://player.vimeo.com https://vars.hotjar.com https://www.google.com/recaptcha/ https://www.youtube.com/ cdn.userway.org/ https://forms.office.com/; connect-src 'self' accounts.google.com *.google-analytics.com *.googletagmanager.com https://stats.g.doubleclick.net https://*.insight.sitefinity.com https://*.dec.sitefinity.com *.mktoresp.com https://services.postcodeanywhere.co.uk https://*.hotjar.io http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com https://directline.botframework.com wss://directline.botframework.com https://api.pwnedpasswords.com api.userway.org/ cdn.userway.org/ https://ka-f.fontawesome.com https://plausible.io/ https://cdn77.api.userway.org/ cdn-cookieyes.com *.cookieyes.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 1
default-src data: 'unsafe-inline' 'unsafe-eval' https: http:;script-src data: 'unsafe-inline' 'unsafe-eval' https: http: blob:;style-src data: 'unsafe-inline' https: http: blob:;img-src data: https: http: blob:;font-src data: https: http:;connect-src https: wss: ws: http: blob:;media-src https: blob: http:;object-src https: http:;child-src https: data: blob: http:;form-action https: http:;frame-ancestors 'self' https://*.quintype.com https://www.rajexpress.com;block-all-mixed-content; 1
frame-ancestors 'self' *.ralleventas.com; frame-src *.bemovil.net https://djd0pa4618dvj.cloudfront.net https://d2mgpv1wbroq76.cloudfront.net 1
default-src 'self' https://download-video.akamaized.net *.ramat-gan.muni.il *.ramatgan-prod.com https://webchat.eladsoftware.com; connect-src 'self' https://www.google-analytics.com https://usersync.tiqcdn.net https://depart.trinitymedia.ai *.ramatgan-prod.com *.ramat-gan.muni.il wss://webchat.eladsoftware.com wss://api-m.ramat-gan.muni.il/file-status-ws; img-src data: blob: *.ramatgan-prod.com *.ramat-gan.muni.il 'self' https://webchat.eladsoftware.com www.googletagmanager.com; script-src 'self' 'unsafe-inline' www.googletagmanager.com 'unsafe-eval' https://webchat.eladsoftware.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://webchat.eladsoftware.com https://trinitymedia.ai https://vd.trinitymedia.ai; font-src https://fonts.googleapis.com https://fonts.gstatic.com 'self' https://webchat.eladsoftware.com; style-src 'self' https://webchat.eladsoftware.com 'unsafe-inline' https://fonts.googleapis.com; frame-src https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://trinitymedia.ai *.ramat-gan.muni.il; object-src 'none'; 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.gstatic.com 'self' data: *.gstatic.com https://use.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * test.saferpay.com www.saferpay.com saferpay.com *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube-nocookie.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * test.saferpay.com www.saferpay.com saferpay.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com www.xtento.com https://*.hotjar.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io ebizmarts-website.s3.amazonaws.com downloads.mailchimp.com gallery.mailchimp.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com blob: https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools https://dev.sliderrevolution.com https://revolution.themepunch.com http://revolution5.themepunch.com http://pbs.twimg.com https://pbs.twimg.com http://scontent.cdninstagram.com https://img.youtube.com http://live.staticflickr.com https://live.staticflickr.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com test.saferpay.com www.saferpay.com saferpay.com 'self' data: *.gstatic.com *.facebook.com www.xtento.com cdn.xtento.com https://www.glami.hu https://www.glami.cz https://maps.googleapis.com https://www.google.hu https://admin.fogyasztobarat.hu data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ jquery.sellxed.com chimpstatic.com downloads.mailchimp.com *.list-manage.com *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://player.vimeo.com https://www.youtube.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com test.saferpay.com www.saferpay.com saferpay.com *.google.com *.gstatic.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com *.facebook.net unpkg.com www.xtento.com cdn.xtento.com https://*.optimonk.com https://*.hotjar.com https://*.hotjar.io https://www.glami.cz https://analytics.tiktok.com https://maps.googleapis.com https://rum.uptime.com https://ajax.googleapis.com https://admin.fogyasztobarat.hu https://*.mailerlite.com https://vjs.zencdn.net 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com downloads.mailchimp.com *.fontawesome.com maxcdn.bootstrapcdn.com https://fonts.googleapis.com http://fonts.googleapis.com assets.braintreegateway.com *.googleapis.com *.gstatic.com tagmanager.google.com https://p.typekit.net https://vjs.zencdn.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com blob: 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://get.geojs.io *.avada.io www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://fonts.googleapis.com https://fonts.gstatic.com https://api.weatherbit.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com test.saferpay.com www.saferpay.com saferpay.com t.elasticsuite.io *.google-analytics.com *.facebook.net https://*.optimonk.com https://analytics.tiktok.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://maps.googleapis.com https://rum.uptime.com https://analytics.google.com https://*.analytics.google.com https://*.google.com https://admin.fogyasztobarat.hu 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src test.saferpay.com www.saferpay.com saferpay.com *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com https://ln-rules.rewardstyle.com https://s1.thcdn.com https://www.awin1.com https://d2d7do8qaecbru.cloudfront.net https://smct.co https://*.smct.co https://smct.io https://*.smct.io; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://analytics.tiktok.com https://smct.co https://*.smct.co https://cognito-identity.eu-west-1.amazonaws.com https://firehose.eu-west-1.amazonaws.com https://smct.io https://*.smct.io; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com data: https://fonts.smct.co https://fonts.smct.io https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; form-action 'self' https://www.facebook.com https://checkout.revolutionbeauty.com.au https://connect.facebook.net https://tr.snapchat.com; frame-ancestors; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://analytics.tiktok.com https://*.ibytedtos.com https://ln-rules.rewardstyle.com https://smct.co https://*.smct.co https://smct.io https://*.smct.io; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://fonts.smct.co https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://fonts.smct.io; upgrade-insecure-requests; report-to report-endpoint 1
default-src * gap://ready file:; worker-src blob:; child-src blob: gap:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * 'self' data: blob: cdvfile:; connect-src * 'unsafe-inline'; font-src 'self' data: *; frame-src *;media-src * blob:; 1
script-src kit.fontawesome.com/3c00800568.js assets.rishum.app ajax.cloudflare.com 'nonce-ID65DqD4RJReryjK' 'self'; default-src   rishum-app.s3.eu-west-1.amazonaws.com  assets.rishum.app 'self'; style-src kit-pro.fontawesome.com kit-free.fontawesome.com fonts.googleapis.com maxcdn.bootstrapcdn.com 'self' 'unsafe-inline' assets.rishum.app use.fontawesome.com; img-src get.anydesk.com  rishum-app.s3.eu-west-1.amazonaws.com  blob: 'self' *.rishum.app data:; media-src  rishum-app.s3.eu-west-1.amazonaws.com   assets.rishum.app 'self' archive.org *.youtube.com *.youtube-nocookie.com dailymotion.com; object-src  rishum-app.s3.eu-west-1.amazonaws.com   'self' archive.org *.googlevideo.com *.ytimg.com *.youtube.com *.youtube-nocookie.com dailymotion.com; worker-src 'self' blob: archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com; font-src 'self' assets.rishum.app use.fontawesome.com kit-pro.fontawesome.com fonts.googleapis.com kit-free.fontawesome.com data: fonts.gstatic.com maxcdn.bootstrapcdn.com; frame-src blob: accounts.google.com drive.google.com assets.rishum.app www.rishumon.co.il cgmpiuat.creditguard.co.il  rishum-app.s3.eu-west-1.amazonaws.com   'self' archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com data: ; frame-ancestors accounts.google.com drive.google.com assets.rishum.app www.rishumon.co.il cgmpiuat.creditguard.co.il  rishum-app.s3.eu-west-1.amazonaws.com   'self' archive.org *.youtube.com *.youtube-nocookie.com *.dailymotion.com data: ; connect-src data: 'self' assets.rishum.app blob:  rishum-app.s3.eu-west-1.amazonaws.com     ; 1
default-src 'unsafe-inline' 'unsafe-eval' *.riw-touristik.de *.trbo.com www.cruiseportal.de *.consensu.org *.consentmanager.net *.doubleclick.net cloud1.tgtptw.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.g.doubleclick.net *.google.com *.youtube-nocookie.com snap.licdn.com *.facebook.net *.facebook.com *.linkedin.com *.chatwerk.de *.ioam.de; font-src * data:; img-src * 'self' data: https:; frame-ancestors 'self' *.riw-touristik.de https://www.cruiseportal.de https://www.mein-schoener-garten.de https://www.netto-reisen24.de *.my-dream-holidays.com *.wherethetrailbegins.com; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.iyzipay.com *.youtube-nocookie.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.robo90.com *.gstatic.com *.paytr.com *.bkm.com.tr ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.iyzipay.com *.youtube-nocookie.com *.youtube.com *.googletagmanager.com *.doubleclick.net *.robo90.com *.gstatic.com *.paytr.com *.bkm.com.tr ; frame-ancestors *; 1
frame-ancestors 'self' https://www.rococity.com; 1
script-src 'unsafe-eval' 'unsafe-inline' tagmanager.google.com www.googletagmanager.com  www.google-analytics.com rojat.com; 1
default-src 'self';  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.rowingnsw.asn.au *.rowingvictoria.asn.au rowingmanager.com *.rowingmanager.com https://regattas.rowingact.org.au https://*.google.com https://*.gstatic.com https://*.googleapis.com https://cdn.pin.net.au https://test-api.pin.net.au https://api.pin.net.au https://cdn.pinpayments.com https://test-api.pinpayments.com https://api.pinpayments.com https://js.stripe.com https://api.payway.com.au https://payments-stest.npe.auspost.zone https://payments.auspost.net.au; style-src 'self' 'unsafe-inline' *.rowingnsw.asn.au *.rowingvictoria.asn.au fonts.googleapis.com  rowingmanager.com *.rowingmanager.com https://regattas.rowingact.org.au; font-src *;  img-src * ; media-src 'self'; frame-src 'self'  *.rowingnsw.asn.au *.rowingvictoria.asn.au *.rowingact.org.au *.google.com *.pin.net.au *.pinpayments.com *.stripe.com *.payway.com.au *.auspost.net.au *.auspost.zone; connect-src 'self' https://*.googleapis.com *.google.com https://*.gstatic.com data: blob: 1
default-src 'none'; style-src 'unsafe-inline' 'self' ; script-src 'self'; connect-src 'self'; img-src * data: blob: 'unsafe-inline'; form-action 'self'; frame-src www.youtube.com youtube.com; object-src 'none'; manifest-src 'self'; font-src 'self'; frame-ancestors 'none'; base-uri 'self' 1
default-src 'self' ;frame-src 11973408.fls.doubleclick.net youtube.com www.youtube.com td.doubleclick.net googleads.g.doubleclick.net; script-src 'self' 'unsafe-inline' www.googletagmanager.com akamai.tiqcdn.com collect.tealiumiq.com visitor-service.tealiumiq.com tags.tiqcdn.com data:; style-src 'self' 'unsafe-inline' use.fontawesome.com fonts.googleapis.com; font-src 'self' use.fontawesome.com fonts.gstatic.com; connect-src 'self' id5-sync.com lb.eu-1-id5-sync.com akamai.tiqcdn.com collect.tealiumiq.com glaxosmithklinebeech.tt.omtrdc.net; frame-ancestors 'none'; form-action 'self'; upgrade-insecure-requests; object-src 'none'; base-uri 'self'; img-src 'self' aw.dw.impact-ad.jp www.facebook.com b97.yahoo.co.jp www.google.com www.google.co.jp data:; script-src-elem 'self' 'sha256-k/8PNdgpd2hBs6idRYwKT52Piq+lZBYm8b/tA0wrYD8=' 'sha256-72lNR16CAh9z1onSoJ4kLZOAhgXMc5cNndHx4YwcLU8=' 'sha256-PIFGs1vlo/ssAvzRj7v50yq0b5ungH7Z3bWpn7A1Nh8=' 'sha256-I4nPHjBQiEasYOKTrRm5xM9MT4Sd7DhTvMjwIB84Nw4=' 'sha256-Qu+tY3dOOINTwl0Wr6m6Mc1MG9M1vYyMk13Uu9jH4f0=' 'sha256-O49VoxqJ7jyDfqaBjjI7r6b7PAM36V6cFhWsuxXLuxI=' 'sha256-1fewxGV9y2lMzQrWXs5pGOS6jPBtKI5ChRKX90M20LQ=' 'sha256-oqnileiLnwIGTXyUWCe7Ao57jLMB5QQj/WBCWAFseGs=' penta.a.one.impact-ad.jp connect.facebook.net img.ak.impact-ad.jp tags.tiqcdn.com www.googletagmanager.com www.googleadservices.com visitor-service.tealiumiq.com googleads.g.doubleclick.net 1
default-src 'self' https://cdnjs.cloudflare.com; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self'; 1
object-src 'none';base-uri 'self';frame-ancestors 'self';script-src 'nonce-96bbc3ef3d83ebc8e531d4c28d25bad4' 'unsafe-eval' 'unsafe-inline' 'self' https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://mc.yandex.com  https://mc.yandex.uz https://www.google.com https://pagead2.googlesyndication.com https://www.google.cz https://www.gstatic.com https://antisovetnic.ru;script-src-elem 'nonce-96bbc3ef3d83ebc8e531d4c28d25bad4' 'unsafe-inline' 'self' https://trikotazh.by https://2898722151.mc.yandex.ru https://cloudparser.ru https://mc.yandex.by https://www.google-analytics.com https://www.googletagmanager.com https://mc.yandex.ru https://vk.com https://connect.facebook.net https://browser.sentry-cdn.com https://polyfill.io https://ausi.github.io https://cdn.carrotquest.app https://www.google.com https://www.gstatic.com https://antisovetnic.ru;connect-src 'self' https://*.mc.yandex.ru https://mc.yandex.com https://mc.yandex.kz https://mc.yandex.md https://mc.yandex.by https://ymetrica1.com https://yandexmetrica.com:*  https://adservice.google.com https://connect.facebook.net https://www.google.com https://*.google.com https://www.google.kz https://www.google.by https://www.google.ru https://www.google.fr https://www.google.com.cy https://www.google.com.ua https://www.google.pl https://www.google.de https://www.google.ge https://www.google.co.il https://www.google.com.tr https://www.google.com.hk https://www.google.co.uk https://www.google.nl https://www.google.ee https://region1.analytics.google.com https://vk.com https://ymetrica1.com https://top-fwz1.mail.ru https://www.facebook.com https://www.google-analytics.com https://analytics.google.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://mc.yandex.ru https://api.carrotquest.app https://api.carrottrack.app https://o4504796596404224.ingest.sentry.io https://*.trikotazh.by https://region1.google-analytics.com https://googleads.g.doubleclick.net http://327.0.0.1:* https://translate.googleapis.com https://www.google.am https://www.google.ch https://www.google.se https://www.google.fi https://www.google.co.uz https://www.google.no https://www.google.md https://www.google.com.mx https://antisovetnic.ru;report-uri /csp.php 1
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' 1
frame-ancestors 'self' sabart.it portal.sabart.it www.sabart.it www.google.com fonts.googleapis.com www.google-analytics.com ogs.google.com www.gstatic.com ssl.gstatic.com developers.google.com www.googletagmanager.com www.google-analytics.com maps.googleapis.com graph.facebook.com https://app.sabart.it capacitor://app.sabart.it api.telegram.org infocenter.oregonproducts.eu 1
script-src https: 'unsafe-inline' 'unsafe-eval';               style-src https: 'unsafe-inline' 'unsafe-eval';               img-src https: data:;               font-src https: data:; 1
frame-src https://youtube.com/ https://www.youtube.com/ https://safety-record.com/ https://www.safety-record.com/ https://www.google.com/ https://v1chirho.safety-record.com/ https://*.safety-record.com/ https://*.safety-record.com https://*.safety-record.com/* http://localhost:8070; child-src https://youtube.com/ https://www.youtube.com/ https://safety-record.com/ https://www.safety-record.com/ https://www.google.com/ https://v1chirho.safety-record.com/ https://*.safety-record.com/ https://*.safety-record.com https://*.safety-record.com/* http://localhost:8070; frame-ancestors 'self'; default-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net/ https://cdnjs.cloudflare.com/ https://bootswatch.com/ https://fonts.googleapis.com/ https://fonts.gstatic.com/ https://fra1.digitaloceanspaces.com/ https://m1-chirho.praind.media/ https://nyc3.digitaloceanspaces.com https://safetyrecordchirho.nyc3.cdn.digitaloceanspaces.com https://devsafetyrecordchirho.nyc3.cdn.digitaloceanspaces.com https://main-safetyrecordchirho.fra1.cdn.digitaloceanspaces.com https://main-safetyrecordchirho.fra1.digitaloceanspaces.com https://dev-safetyrecordchirho.fra1.cdn.digitaloceanspaces.com https://m1dev-chirho.praind.media/ https://www.paypalobjects.com/ https://www.paypal.com/ https://www.coinpayments.net/ https://safety-record.com/ https://www.safety-record.com/ https://www.google.com/ https://www.gstatic.com/ https://*.safety-record.com/ https://*.safety-record.com https://*.safety-record.com/* https://v1chirho.safety-record.com/ data: 1
upgrade-insecure-requests; font-src 'self' 1
base-uri 'self' 'unsafe-inline'; connect-src 'self'; default-src 'self'; form-action 'self'; img-src samuha-indiannavy.org https://*.samuha-indiannavy.org www.gravatar.com www.w3.org i.ibb.co data:; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-BPOOYn9CfSLaSL5wtrhr4Y4G4neBz9Vp' ajax.googleapis.com ssif1.globalsign.com malsup.github.io seal.globalsign.com www.googletagmanager.com www.google.com www.gstatic.com assets.zendesk.com chimpstatic.com cdn.ywxi.net static.hotjar.com maxcdn.bootstrapcdn.com www.google-analytics.com static.zdassets.com connect.facebook.net script.hotjar.com https://*.livechatinc.com cdn.jsdelivr.net cdnjs.cloudflare.com 'unsafe-inline'; style-src 'self' 'nonce-BPOOYn9CfSLaSL5wtrhr4Y4G4neBz9Vp' maxcdn.bootstrapcdn.com use.fontawesome.com ajax.googleapis.com stackpath.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net 'unsafe-inline'; script-src-elem 'self' code.jquery.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.datatables.net 'unsafe-inline'; script-src-attr 'self' cdnjs.cloudflare.com 'unsafe-inline'; style-src-elem samuha-indiannavy.org https://*.samuha-indiannavy.org maxcdn.bootstrapcdn.com use.fontawesome.com stackpath.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com cdn.datatables.net 'unsafe-inline'; style-src-attr 'self' stackpath.bootstrapcdn.com fonts.googleapis.com cdnjs.cloudflare.com 'unsafe-inline'; font-src samuha-indiannavy.org https://*.samuha-indiannavy.org data: stackpath.bootstrapcdn.com use.fontawesome.com fonts.gstatic.com fonts.googleapis.com; frame-src 'self' youtube.com https://www.youtube.com; frame-ancestors youtube.com 1
frame-ancestors 'self' sanbadasports.co.kr *.sanbadasports.co.kr 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.kerio.com; img-src * http: https: data: *.kerio.com; 1
base-uri 'self' 'unsafe-inline'; default-src 'self';script-src 'self' 'unsafe-inline' *.sanitaire.fr https://polyfill.io https://pledg-assets.s3.amazonaws.com https://api-m.sandbox.paypal.com https://cdnjs.cloudflare.com https://www.paypalobjects.com https://s.pinimg.com  *.pinterest.com *.appconsent.io *.google-analytics.com *.tagmanager.google.com *.googlesyndication.com *.googletagmanager.com *.googleadservices.com *.g.doubleclick.net https://connect.facebook.net https://bat.bing.com https://pagead2.googlesyndication.com https://adservice.google.fr https://adservice.google.com https://www.googletagservices.com https://cl.avis-verifies.com https://www.paypal.com https://www.sandbox.paypal.com https://s.kk-resources.com *.clarity.ms; img-src 'self' https://pledg-assets.s3.amazonaws.com https://c.paypal.com https://dub.stats.paypal.com https://b.stats.paypal.com *.appconsent.io *.bing.com fonts.gstatic.com https://www.finlog.fr https://ct.pinterest.com https://www.google.nl https://www.google.be https://t.paypal.com https://www.google-analytics.com https://google-analytics.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://ssl.gstatic.com https://www.gstatic.com https://www.googletagmanager.com https://googletagmanager.com https://stats.g.doubleclick.net https://www.google.com https://www.google.fr https://www.facebook.com https://affiliation.touslesprix.com https://bat.bing.com https://googleads.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://img.sanitaire.fr https://cl.avis-verifies.com https://www.netreviews.eu https://www.paypalobjects.com *.clarity.ms data:; font-src 'self' https://www.paypalobjects.com https://fonts.googleapis.com https://fonts.gstatic.com https://cl.avis-verifies.com https://www.paypal.com; style-src 'self' 'unsafe-inline' https://pledg-assets.s3.amazonaws.com https://www.paypalobjects.com https://www.tagmanager.google.com https://tagmanager.google.com https://fonts.googleapis.com https://www.paypal.com ; frame-src https://ct.pinterest.com/ https://c.paypal.com/ https://staging.front.ecard.pledg.co/ https://assets.braintreegateway.com https://www.pinterest.com https://www.pinterest.fr https://www.google.com https://www.youtube.com https://www.facebook.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://cl.avis-verifies.com https://www.sandbox.paypal.com https://www.paypal.com ;connect-src sanitaire.fr www.sanitaire.fr https://region1.analytics.google.com https://region1.google-analytics.com https://ct.pinterest.com https://www.facebook.com/ https://www.sandbox.paypal.com https://cors.api.sandbox.paypal.com https://www.paypal.com https://s.kk-resources.com https://pagead2.googlesyndication.com https://bat.bing.com https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com *.appconsent.io *.clarity.ms; object-src 'self' https://www.youtube.com; 1
default-src 'self' www.sanskrit.nic.in; script-src-elem 'self' 'unsafe-inline' www.sanskrit.nic.in; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.sanskrit.nic.in https://www.google.com https://www.youtube.com; style-src 'self' 'unsafe-inline' www.sanskrit.nic.in; style-src-elem 'self' 'unsafe-inline' www.sanskrit.nic.in; connect-src 'self' www.sanskrit.nic.in; media-src www.sanskrit.nic.in 'self' blob:; worker-src www.sanskrit.nic.in 'self' blob:; img-src www.sanskrit.nic.in 'self'; frame-src www.sanskrit.nic.in https://www.google.com https://www.youtube.com 'self'; font-src www.sanskrit.nic.in 'self' data:; 1
frame-ancestors 'self' *.bancosantander.es; 1
base-uri 'self' 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.synbird.com *.google-analytics.com *.googletagmanager.com  *.clarity.ms stats.2vcreation.com  https://www.google.com https://maps.google.com https://apis.google.com https://*.googleapis.com https://*.gstatic.com https://connect.facebook.net https://platform.twitter.com; object-src 'self'; style-src 'self' 'unsafe-inline' *.synbird.com https://fonts.googleapis.com https://www.google.com; img-src * data: blob:; media-src * data: blob:; frame-src * blob:; child-src * blob:; font-src 'self' https://fonts.gstatic.com; connect-src 'self' *.gouv.fr *.synbird.com *.google-analytics.com *.googletagmanager.com *.clarity.ms stats.2vcreation.com https://sarralbe.live-kd.com 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; img-src *; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com *.doubleclick.net googleadservices.com *.googleadservices.com googlesyndication.com aax-eu.amazon-adsystem.com sw-assets.ekomiapps.de connect.ekomi.de smart-widget-assets.ekomiapps.de smartforms.ekomi.com stats.schulte.de widget.trustpilot.com connect.facebook.net static-eu.payments-amazon.com www.paypal.com widgets.trustedshops.com s.kk-resources.com bat.bing.com g.microsoft.com https://t.adcell.com cdn.jsdelivr.net player.vimeo.com/api/ https://static.unzer.com https://maps.googleapis.com https://tracking.paqato.com https://schulte-home.zammad.com/ https://code.jquery.com/; img-src 'self' *.ggpht.com *.googleusercontent.com data: www.facebook.com connect.facebook.net img.youtube.com i.ytimg.com sw-assets.ekomiapps.de connect.ekomi.de www.google.com www.gstatic.com www.googletagmanager.com d23yuld0pofhhw.cloudfront.net images-na.ssl-images-amazon.com m.media-amazon.com t.paypal.com widgets.trustedshops.com s.kelkoogroup.net bat.bing.com stats.schulte.de https://maps.gstatic.com https://t.adcell.com images.provenexpert.com https://schulte-home.zammad.com/ www.google.be www.google.fr www.google.nl www.google.de www.google.lu www.google.at; frame-ancestors 'self' https://hellweg-os4-stg-de.twt.hosting https://hellweg.de https://hellweg.at https://baywa-baumarkt.de https://www.banemo.de; default-src 'self'; frame-src 'self' www.google.com drive.google.com accounts.google.com widget.trustpilot.com aax-eu.amazon-adsystem.com www.facebook.com www.googletagmanager.com www.youtube-nocookie.com www.youtube.com player.vimeo.com static-eu.payments-amazon.com payments.amazon.de payments.amazon.fr www.paypal.com t.paypal.com www.sandbox.paypal.com smartforms.ekomi.com stats.schulte.de https://payment.heidelpay.com https://payment.unzer.com https://sbx-payment.heidelpay.com *.doubleclick.net; style-src 'self' 'unsafe-inline' data: sw-assets.ekomiapps.de widgets.trustedshops.com https://static.unzer.com googletagmanager.com https://tracking.paqato.com https://schulte-home.zammad.com/; connect-src 'self' data: smart-widget-assets.ekomiapps.de www.google-analytics.com stats.g.doubleclick.net payments-de.amazon.com payments-de-sandbox.amazon.com payments.amazon.de payments.amazon.fr www.paypal.com www.sandbox.paypal.com s.kelkoogroup.net shops-si.trustedshops.com api.trustedshops.com api.trustbadge.etrusted.com trustbadge.api.etrusted.com gw1.api.trustedshops.com www.facebook.com smartforms.ekomi.com stats.schulte.de bat.bing.com https://t.adcell.com https://maps.googleapis.com https://tracking.paqato.com wss://schulte-home.zammad.com/; media-src 'self'; font-src 'self' fonts.gstatic.com widgets.trustedshops.com https://static.unzer.com https://tracking.paqato.com; 1
default-src  'self' data: ;font-src  'self' data: fonts.gstatic.com *.zbozi.cz *.smartsuppcdn.com ;connect-src  'self' data: application/octet-stream blob: *.google.com *.google.cz *.googleapis.com *.google-analytics.com www.googletagmanager.com *.zbozi.cz *.pingdom.net *.doubleclick.net *.facebook.com *.biano.cz *.gstatic.com *.googlesyndication.com *.clarity.ms wss://*.smartsupp.com *.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;script-src-elem  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.seznam.cz *.googleapis.com www.googletagmanager.com *.google-analytics.com *.imedia.cz *.googleadservices.com *.doubleclick.net *.adform.net *.facebook.net https://im9.cz *.zbozi.cz *.pingdom.net *.biano.cz *.gstatic.com www.youtube.com www.youtube-nocookie.com *.clarity.ms https://unpkg.com *.smartsuppchat.com *.smartsuppcdn.com *.foxentry.cz *.leady.com *.leady.com;form-action  'self' *.facebook.com *.facebook.net ;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz *.imedia.cz *.facebook.com *.facebook.net *.zbozi.cz *.google.com *.doubleclick.net *.seznam.cz *.foxentry.cz ;frame-ancestors  'self' ;img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.senesi.cz *.doubleclick.net *.googlesyndication.com *.google.com *.google.co.uk *.google.cz *.google.sk *.google.de *.google.at *.google.fr *.google.it *.google.sk *.google.pl *.google.nl *.google.ie iplatba.cz *.imedia.cz *.heureka.cz *.facebook.com *.facebook.net *.zbozi.cz *.seznam.cz *.biano.cz *.clarity.ms c.bing.com *.instagram.com *.smartsuppcdn.com https://files.packeta.com *.foxentry.cz *.leady.com ;style-src  'self' 'unsafe-inline' *.googleapis.com *.google.com *.zbozi.cz *.gstatic.com *.smartsuppcdn.com *.foxentry.cz www.googletagmanager.com ;object-src  'self' blob: 1
default-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://*.gstatic.com https://www.gstatic.com/recaptcha https://www.gstatic.com/recaptcha/releases/6OAif-f8nYV0qSFmq-D6Qssr/  ; script-src  'self' 'unsafe-inline' 'unsafe-eval' https://kit.fontawesome.com/ https://unpkg.com/ https://translate.google.com/ https://translate.googleapis.com/ https://www.google-analytics.com https://www.googletagmanager.com https://*.facebook.net *.googleapis.com *.gstatic.com www.google.com *.google-analytics.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com/iframe_api platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://cdn.insight.sitefinity.com https://dec.azureedge.net/  https://www.googletagmanager.com https://platform.twitter.com https://connect.facebook.net https://bat.bing.com https://www.google-analytics.com  https://fonts.googleapis.com; style-src 'self' 'unsafe-inline' *.googleapis.com https://fonts.googleapis.com; img-src 'self' https://www.gstatic.com/ https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net https://www.google.co.in www.facebook.com www.google.com *.google.com https://www.google.com ; connect-src 'self' https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; media-src 'self' data: blob:; frame-src https://www.google.com ; font-src 'self' https://fonts.gstatic.com; object-src 'none' 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-rexona.com https://shop-id-rexona.com/; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-id-wipol.com https://shop-id-wipol.com/; 1
frame-ancestors https://*.shortlyst.com https://*.shopalyst.com https://shop-in-3roses.com https://shop-in-3roses.com/; 1
block-all-mixed-content; frame-ancestors *.shopdoscristais.com.br 1
default-src 'self'; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content; form-action 'self'; frame-ancestors 'none'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; style-src 'self' https://db.onlinewebfonts.com https://fonts.googleapis.com https://use.fontawesome.com https://tagmanager.google.com; script-src 'self' https://db.onlinewebfonts.com https://fonts.googleapis.com https://fonts.gstatic.com https://js-agent.newrelic.com https://bam-cell.nr-data.net https://cdn.jsdelivr.net https://www.google-analytics.com https://ssl.google-analytics.com https://tagmanager.google.com https://*.googletagmanager.com; font-src 'self' https://fonts.gstatic.com https://db.onlinewebfonts.com https://use.fontawesome.com; img-src 'self' https://www.gravatar.com https://*.google-analytics.com https://*.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-M8rd3j3ciznw1YQJW8T94Q' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
frame-ancestors 'self' https://player.vimeo.com https://www.youtube.com 1
base-uri 'none'; script-src 'self' https://liturgia.silvestrini.org https://apis.google.com https://www.google.com https://cse.google.com/ https://www.google-analytics.com https://oss.maxcdn.com/ https://www.shinystat.it https://www.shinystat.com https://download.skype.com;  object-src 'none'; child-src 'self' https://liturgia.silvestrini.org https://www.google.it https://cse.google.it https://youtube.com; connect-src 'self' https://www.google-analytics.com https://www.shinystat.it https://www.shinystat.com; img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://www.google.com https://download.skype.com; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content; 1
frame-src 'self' www.youtube.com youtube.com 1
default-src 'self' ; img-src 'self' data: ; style-src 'self' 'unsafe-inline' ; connect-src 'self' https://sisseastumine.s3.amazonaws.com https://sisseastumine-video.s3.pilw.io https://inaadress.maaamet.ee; font-src https: 1
default-src 'self' script-src 'self' 'unsafe-inline'; img-src 'self' https://sjvnindia.com/ https://fonts.gstatic.com/ frame-src 'self' frame-src youtube.com https://www.youtube.com https://youtube.com 1
report-uri https://csp.uel.wildapricot.com/report; default-src 'self' 'unsafe-inline' 'unsafe-eval' *.appointlet.com *.appointletcdn.com *.aptrinsic.com *.cloudflare.com *.cloudfront.net *.doubleclick.net *.ecomm.events *.ecwid.com *.elev.io *.facebook.com *.facebook.net *.google.com *.googleadservices.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.linkedin.com *.mcjobboard.net *.mybillsystem.com *.newrelic.com *.nr-data.net *.pagespeed-mod.com *.paypal.com *.termly.io *.twitter.com *.typekit.net *.uservoice.com *.wildapricot.com *.youtube.com *.zdassets.com *.zendesk.com *.zopim.com caas-sf.wildapricot.org live-sf.wildapricot.org maps.googleapis.com onlinestore-prod-digital-products.s3.amazonaws.com sf.wildapricot.org vimeo.com widget-mediator.zopim.com wss://widget-mediator.zopim.com/ connect.facebook.net facebook.com google.com maralo.ru platform.twitter.com syndication.twitter.com;   img-src * data: blob:;   media-src * blob:;   font-src * https://*.aptrinsic.com data:;  1
default-src 'self' https://cdn.etrias.nl ; connect-src 'self' https://cdn.etrias.nl  https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://*.googlesyndication.com https://*.google.nl https://*.google.be https://*.bing.com https://*.doubleclick.net https://bam.nr-data.net https://api01.shoppingminds.net https://trkr.shoppingminds.net https://script.shoppingminds.com https://squeezely.tech https://ct.beslist.nl https://consent.cookie-script.com; font-src 'self' https://cdn.etrias.nl  https://fonts.gstatic.com https://fonts.googleapis.com; frame-src 'self' https://cdn.etrias.nl  https://www.youtube-nocookie.com https://www.facebook.com https://tpc.googlesyndication.com https://bid.g.doubleclick.net https://td.doubleclick.net https://optimize.google.com; img-src https: data:; script-src 'self' https://cdn.etrias.nl  'unsafe-eval' https://*.google.com https://www.googletagmanager.com https://maps.googleapis.com https://*.google-analytics.com https://www.googleadservices.com https://www.youtube.com https://bat.bing.com https://connect.facebook.net https://js-agent.newrelic.com https://bam.nr-data.net https://script.shoppingminds.com https://api01.shoppingminds.net https://squeezely.tech https://*.sneakerdistrict.nl 'nonce-2hVuF9RSFvX1RpkuFcuGeSF4YHMPHLdW'; style-src 'self' https://cdn.etrias.nl  'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com; report-uri /_csp/report 1
default-src 'self' https://api.vspagy.com https://vspagy.com https://dashboard.vspagy.com https://vmediadatav2.s3.ap-south-1.amazonaws.com https://www.google-analytics.com file: data: blob: filesystem:;media-src 'self' * file: data: blob: filesystem:;object-src 'self' 'unsafe-inline' file: data: blob: filesystem:; img-src * blob: data:; script-src 'self' * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';font-src * https://pro.fontawesome.com; 1
script-src 'self' filesystem: 'unsafe-eval' 'unsafe-inline' *.spaggiari.eu https://ajax.googleapis.com/ https://apis.google.com/js/platform.js https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://code.highcharts.com/ https://code.jquery.com/ https://connect.facebook.net/it_IT/sdk.js https://d31qbv1cthcecs.cloudfront.net/atrk.js https://fonts.googleapis.com/ https://f.vimeocdn.com/js/ https://ianlunn.co.uk/plugins/jquery-parallax/scripts/ https://livestream.com/assets/plugins/ https://maps.googleapis.com/ https://maxcdn.bootstrapcdn.com/bootstrap/ https://player.vimeo.com/api/ https://rawgit.com/tyrasd/osmtogeojson/ https://stackpath.bootstrapcdn.com/bootstrap/ https://s.ytimg.com/yts/jsbin/ https://unpkg.com/ https://use.fontawesome.com/ https://www.google-analytics.com/ https://www.google.com/recaptcha/ https://www.gstatic.com/charts/ https://www.gstatic.com/recaptcha/;frame-ancestors 'self' file: *.spaggiari.eu; 1
default-src 'self' *.speisekarte24.de fonts.gstatic.com; img-src 'self' seal.website-check.de *.google.com *.google.de *.gstatic.com maps.googleapis.com googleads.g.doubleclick.net www.googletagmanager.com pagead2.googlesyndication.com *.speisekarte24.de data:; connect-src www.google.com googleads.g.doubleclick.net pagead2.googlesyndication.com *.speisekarte24.de www.speisekarte24.de maps.googleapis.com; style-src 'unsafe-inline' www.speisekarte24.de fonts.googleapis.com wwww.gstatic.com; script-src 'self' 'unsafe-inline' www.gstatic.com *.google.de *.google.com maps.googleapis.com googleads.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com www.speisekarte24.de analytics.speisekarte24.de; frame-ancestors 'self'; object-src 'none' 1
worker-src 'self' data: blob:; default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline'; 1
default-src 'self' blob: *.paypal.com *.stripe.com wss://flexcom.de:9001 *.spiritane.de; img-src 'self' data: *.spiritane.de; connect-src 'self' blob: *.stripe.com wss://flexcom.de:9001 *.spiritane.de; style-src 'self' 'unsafe-inline' *.spiritane.de *.addthis.com *.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.stripe.com *.spiritane.de *.analytics.google.com *.google-analytics.com *.pinterest.com *.googleadservices.com *.facebook.com *.facebook.net *.myfonts.net *.addthis.com *.googleapis.com  *.paypalobjects.com piwik.flexcom.de; font-src 'self' data: *.spiritane.de; 1
frame-ancestors 'self' *.df-automotive.de 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-UZpgkxRn2QjDAn8IT3ukow' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
script-src 'self' *.openx.net *.bidswitch.net *.adsrvr.org *.smaato.net *.pubmatic.com *.1rx.io *.zemanta.com *.contextweb.com *.admanmedia.com *.ravenjs.com *.adition.com *.bidr.io polyfill.io *.everesttech.net *.loopme.me *.adotmob.com *.company-target.com *.viralize.tv *.adnxs.com *.smartadserver.com *.criteo.com *.omnitagjs.com *.sharethrough.com *.turn.com *.doubleclick.net *.crwdcntrl.net *.lijit.com *.travelaudience.com *.teads.tv portal.babylonvid.com fidaf.tv visivamente.cloud smartvisiontv.com *.amazon-adsystem.com *.evolutionadv.it *.brid.tv test.babylonvid.com origin.babylonvid.com babylonportalfiledd.akamaized.net cdn.id5-sync.com oa.openxcdn.net cdn.prod.uidapi.com static.criteo.net cmp.inmobi.com fundingchoicesmessages.google.com securepubads.g.doubleclick.net *.histats.com donnatv.com z.moatads.com id5-sync.com aniview.com *.stickyadstv.com thumbsvideo.babyloncloud.com videoupload.babyloncloud.com dt.adsafeprotected.com cdn.plyr.io static.adsafeprotected.com googleads.g.doubleclick.net ade.googlesyndication.com tps.doubleverify.com pubads.g.doubleclick.net cdn.doubleverify.com www.googletagservices.com fw.adsafeprotected.com *.adform.net *.audrte.com *.rqtrk.eu track.adform.net s2.adform.net aax-eu.amazon-adsystem.com partner.googleadservices.com adservice.google.it adservice.google.com adservice.google.be tpc.googlesyndication.com telelombardia.video cdnjs.cloudflare.com cdn.jsdelivr.net pagead2.googlesyndication.com s0.2mdn.net imasdk.googleapis.com www.googletagmanager.com cmp.quantcast.com *.quantserve.com rules.quantcount.com *.babyloncloud.com italiasette.it almatv.tv *.akamaized.net webtv.babyloncloud.com italianwebtv.it sportitalialive.com letlive.it *.go-mpulse.net *.360yield.com *.creativecdn.com *.cloudfront.net *.eyeota.net *.mediarithmics.com *.everesttech.net *.avct.cloud ecommercetv.it 'unsafe-inline' 'unsafe-eval' blob: data:; style-src 'self' *.openx.net *.bidswitch.net *.adsrvr.org *.smaato.net *.pubmatic.com *.1rx.io *.zemanta.com *.contextweb.com *.admanmedia.com *.ravenjs.com *.adition.com *.bidr.io polyfill.io *.everesttech.net *.loopme.me *.adotmob.com *.company-target.com *.viralize.tv *.adnxs.com *.smartadserver.com *.criteo.com *.omnitagjs.com *.sharethrough.com *.turn.com *.doubleclick.net *.crwdcntrl.net *.lijit.com *.travelaudience.com *.teads.tv portal.babylonvid.com fidaf.tv visivamente.cloud smartvisiontv.com *.amazon-adsystem.com *.evolutionadv.it *.brid.tv test.babylonvid.com origin.babylonvid.com babylonportalfiledd.akamaized.net cdn.id5-sync.com oa.openxcdn.net cdn.prod.uidapi.com static.criteo.net cmp.inmobi.com fundingchoicesmessages.google.com securepubads.g.doubleclick.net *.histats.com donnatv.com z.moatads.com id5-sync.com aniview.com *.stickyadstv.com thumbsvideo.babyloncloud.com videoupload.babyloncloud.com dt.adsafeprotected.com cdn.plyr.io static.adsafeprotected.com googleads.g.doubleclick.net ade.googlesyndication.com tps.doubleverify.com pubads.g.doubleclick.net cdn.doubleverify.com www.googletagservices.com fw.adsafeprotected.com *.adform.net *.audrte.com *.rqtrk.eu track.adform.net s2.adform.net aax-eu.amazon-adsystem.com partner.googleadservices.com adservice.google.it adservice.google.com adservice.google.be tpc.googlesyndication.com telelombardia.video cdnjs.cloudflare.com cdn.jsdelivr.net pagead2.googlesyndication.com s0.2mdn.net imasdk.googleapis.com www.googletagmanager.com cmp.quantcast.com *.quantserve.com rules.quantcount.com *.babyloncloud.com italiasette.it almatv.tv *.akamaized.net webtv.babyloncloud.com italianwebtv.it sportitalialive.com letlive.it *.go-mpulse.net *.360yield.com *.creativecdn.com *.cloudfront.net *.eyeota.net *.mediarithmics.com *.everesttech.net *.avct.cloud ecommercetv.it 'unsafe-inline'; img-src 'self' *.openx.net *.bidswitch.net *.adsrvr.org *.smaato.net *.pubmatic.com *.1rx.io *.zemanta.com *.contextweb.com *.admanmedia.com *.ravenjs.com *.adition.com *.bidr.io polyfill.io *.everesttech.net *.loopme.me *.adotmob.com *.company-target.com *.viralize.tv *.adnxs.com *.smartadserver.com *.criteo.com *.omnitagjs.com *.sharethrough.com *.turn.com *.doubleclick.net *.crwdcntrl.net *.lijit.com *.travelaudience.com *.teads.tv portal.babylonvid.com fidaf.tv visivamente.cloud smartvisiontv.com *.amazon-adsystem.com *.evolutionadv.it *.brid.tv test.babylonvid.com origin.babylonvid.com babylonportalfiledd.akamaized.net cdn.id5-sync.com oa.openxcdn.net cdn.prod.uidapi.com static.criteo.net cmp.inmobi.com fundingchoicesmessages.google.com securepubads.g.doubleclick.net *.histats.com donnatv.com z.moatads.com id5-sync.com aniview.com *.stickyadstv.com thumbsvideo.babyloncloud.com videoupload.babyloncloud.com dt.adsafeprotected.com cdn.plyr.io static.adsafeprotected.com googleads.g.doubleclick.net ade.googlesyndication.com tps.doubleverify.com pubads.g.doubleclick.net cdn.doubleverify.com www.googletagservices.com fw.adsafeprotected.com *.adform.net *.audrte.com *.rqtrk.eu track.adform.net s2.adform.net aax-eu.amazon-adsystem.com partner.googleadservices.com adservice.google.it adservice.google.com adservice.google.be tpc.googlesyndication.com telelombardia.video cdnjs.cloudflare.com cdn.jsdelivr.net pagead2.googlesyndication.com s0.2mdn.net imasdk.googleapis.com www.googletagmanager.com cmp.quantcast.com *.quantserve.com rules.quantcount.com *.babyloncloud.com italiasette.it almatv.tv *.akamaized.net webtv.babyloncloud.com italianwebtv.it sportitalialive.com letlive.it *.go-mpulse.net *.360yield.com *.creativecdn.com *.cloudfront.net *.eyeota.net *.mediarithmics.com *.everesttech.net *.avct.cloud ecommercetv.it data: 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-FB54D14D4AC9BE4AE1B422012720D4CB' 'strict-dynamic'; style-src 'self' fonts.googleapis.com translate.googleapis.com 'nonce-FB54D14D4AC9BE4AE1B422012720D4CB'; connect-src 'self' https: wss://dnpush.nl; img-src 'self' https: data:; font-src 'self' fonts.gstatic.com; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com; base-uri 'none'; media-src 'self'; report-uri https://www.stedendating.nl/API/Site/CspReport 1
default-src 'self' https://www.googleapis.com https://firebasestorage.googleapis.com; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://unpkg.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com; script-src-elem 'self' 'unsafe-inline' data: https://unpkg.com https://www.gstatic.com; style-src-elem 'self' 'unsafe-inline' data: https://fonts.googleapis.com 1
default-src 'none';connect-src 'self' ingesteer.services-prod.nsvcs.net vimeo.com *.google-analytics.com *.stock-ath.be;font-src 'self' fonts.gstatic.com;frame-src player.vimeo.com www.google.com www.youtube.com static.addtoany.com https://challenges.cloudflare.com;img-src 'self' data: *.google-analytics.com i.ytimg.com www.googletagmanager.com https://ik.imagekit.io/stockath/;script-src 'self' 'unsafe-inline' https://ik.imagekit.io/stockath/ www.gstatic.com www.googletagmanager.com *.google-analytics.com www.google.com www.youtube.com s.ytimg.com https://static.addtoany.com https://challenges.cloudflare.com;style-src 'self' 'unsafe-inline' fonts.googleapis.com; 1
default-src 'self' *.stockitymob.com *.stockity.id; child-src *; frame-ancestors 'self'; connect-src 'self' *.ada.support analytics.tiktok.com my.rtmark.net *.clarity.ms *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com static.ads-twitter.com bat.bing.com sc-static.net tr.snapchat.com *.hotjar.io *.hotjar.com wss://*.hotjar.com stats.g.doubleclick.net *.zopim.com *.launchdarkly.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com ekr.zdassets.com pixel.mathtag.com analytics.google.com accounts.google.com fcm.googleapis.com www.googleapis.com www.google-analytics.com wss://*.zopim.com app.getsentry.com *.stockitymob.com *.stockity.id wss://as.stockitymob.com:* wss://as.stockity.id:* wss://ws.stockitymob.com:* wss://ws.stockity.id:* s.yimg.com; font-src data: 'self' *.zopim.com *.gstatic.com themes.googleusercontent.com *.stockitymob.com *.stockity.id; img-src * data:; media-src 'self' *.stockitymob.com *.stockity.id; script-src 'self' *.ada.support static.ads-twitter.com sc-static.net tr.snapchat.com *.clarity.ms *.hotjar.io *.hotjar.com www.redditstatic.com *.doubleclick.net *.google.com assets.zendesk.com static.zdassets.com *.zopim.com wss://*.zopim.com *.zopim.io stockity.id my.rtmark.net *.criteo.net *.criteo.com snap.licdn.com px.ads.linkedin.com r.remarketingpixel.com *.getsitecontrol.com *.googletagmanager.com *.google-analytics.com echo.ecortb.com connect.facebook.net vk.com *.youtube.com s.yimg.com s.ytimg.com bat.bing.com *.gstatic.com www.googleadservices.com api.exponea.com api.api-cis.exponea.com api-cis.exponea.com *.adnetwork.vn storage.googleapis.com sp.analytics.yahoo.com 'unsafe-eval' 'unsafe-inline' *.stockitymob.com *.stockity.id https://unpkg.com/@lottiefiles/lottie-player@0.2.0/dist/lottie-player.js https://unpkg.com/simplex-noise@2.4.0/simplex-noise.js; style-src 'self' *.google.com fonts.googleapis.com 'unsafe-inline' *.stockitymob.com *.stockity.id 1
default-src 'self' *.paypal.com *.stripe.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.youtube.com *.google.com *.vimeo.com *.googletagmanager.com *.doubleclick.net *.google-analytics.com *.gstatic.com; img-src 'self'  data: *.gstatic.com *.google.com *.google.de *.google-analytics.com; style-src 'self' *.googleapis.com *.gstatic.com; font-src 'self' *.googleapis.com *.gstatic.com; script-src 'self' *.paypal.com *.stripe.com *.klarna.com *.klarnaevt.com *.klarnacdn.net *.googletagmanager.com *.google-analytics.com *.gstatic.com 'nonce-Fjo8nyvLPLUJByo4l0G9Vw==' 1
child-src 'self' https://www.googletagmanager.com https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://player.vimeo.com https://*.recaptcha.net; default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.cloudflareinsights.com https://*.calendly.com https://maps.googleapis.com https://js.monitor.azure.com https://www.googletagmanager.com https://services.postcodeanywhere.co.uk https://*.google.com https://google.com https://*.google.co.uk https://google.co.uk  https://www.googletagservices.com https://*.googleapis.com https://*.doubleclick.net https://*.gstatic.com https://*.googleadservices.com https://*.pingdom.net https://bat.bing.com https://*.bing.com https://*.clarity.ms https://connect.facebook.net https://*.google-analytics.com https://widget.trustpilot.com https://*.trustpilot.com https://www.facebook.com https://*.onetrust.com https://*.webtrends-optimize.com; style-src 'self' 'unsafe-inline' https://services.postcodeanywhere.co.uk https://*.googleapis.com https://*.google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://*.gstatic.com https://*.jsdelivr.net; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.azure.com https://*.google-analytics.com https://www.facebook.com https://*.google.com https://google.com https://services.postcodeanywhere.co.uk https://*.googleapis.com  https://*.pingdom.net https://*.clarity.ms https://*.doubleclick.net https://*.trustpilot.com https://*.bing.com https://connect.facebook.net https://www.google.co.uk https://*.onetrust.com https://*.webtrends-optimize.com; font-src 'self' data: application/font-woff https://fonts.gstatic.com; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://calendly.com https://www.google.com/recaptcha/api2/anchor https://pay.realexpayments.com https://www.facebook.com https://*.doubleclick.net https://cld.bz; img-src 'self' data: https://google-analytics.com https://*.postcodeanywhere.co.uk https://*.materialo.com https://*.gstatic.com https://*.googleapis.com https://www.googletagmanager.com https://www.google.co.uk https://*.google.com https://*.doubleclick.net https://*.googleadservices.com https://www.facebook.com https://dashboard.umbraco.com https://*.clarity.ms https://*.bing.com https://*.onetrust.com https://*.vimeocdn.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:; 1
src 'self' 'unsafe-inline' https://opusconsulting.stratemis.com fonts.googleapis.com;� 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.superoffertamirabilandia.it *.atlanticmoon.it *.superoffertamirabilandia.atlanticmoon.it local.pqr-it data: ws: wss: blob: *.paypal.com *.sandbox.paypal.com *.paypal.cn *.paypalobjects.com *.facebook.com *.facebook.net *.google.com *.googlesyndication.com *.googleadservices.com *.google.it *.analytics.google.com *.google-analytics.com *.clients.google.com googleads.g.doubleclick.net *.googletagmanager.com *.googleusercontent.com *.googleapis.com *.gstatic.com polyfill.io *.datatables.net *.cloudflare.com *.tiny.cloud *.tinymce.com *.jquery.com *.w3.org *.youtube.com *.scalapay.com *.sentry.io *.sentry-cdn.com *.servicebus.windows.net *.muchoviaje.com *.triple-ip.com *.tripadvisor.it *.sella.it *.gestpay.net *.mirabilandia.it *.webflow.com *.hertz.it *.sfmc-content.com *.pub.sfmc-content.com *.marinsm.com *.go2cloud.org *.livechatinc.com *.w55c.net *.npmjs.org *.cookielaw.org *.onetrust.com *.bing.com *.taboola.com *.tiktok.com *.doubleclick.net *.google.es stats.g.doubleclick.net *.g.doubleclick.net *.salecycle.com *.cloudfront.net *.clarity.ms 1
frame-ancestors prepaidfiber.s2s.ph 1
default-src 'self' www.synlab.pe https://cta-service-cms2.hubspot.com/ https://www.googletagmanager.com/ https://synlab.pe/ https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ js.hsforms.net track.hubspot.com *.hubspot.com *.hotjar.com *.google-analytics.com *.hscollectedforms.net secure.gravatar.com player.vimeo.com *.g.doubleclick.net *.hubapi.com *.googletagmanager.com  *.fontawesome.com *.jsdelivr.net *.hs-scripts.com  *.jquery.com *.api.hsforms.com *.whatsapp.com *.messenger.com; connect-src 'self' www.synlab.pe ws.hotjar.com https://fonts.gstatic.com https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ https://cta-service-cms2.hubspot.com/ https://www.googletagmanager.com/ https://synlab.pe/ *.js.hsforms.net *.hotjar.com *.s.w.org *.wordpress.org track.hubspot.com secure.gravatar.com player.vimeo.com *.hubspot.com *.api.hsforms.com *.hsforms.com api.hsforms.com *.fontawesome.com *.hubapi.com *.google-analytics.com *.hscollectedforms.net *.g.doubleclick.net *.hotjar.io *.api.hsforms.com *.whatsapp.com *.messenger.com https:; script-src 'self' 'Unsafe-Inline' ws.hotjar.com www.synlab.pe https://ajax.googleapis.com/ *.cta-service-cms2.hubspot.com https://js.hubspot.com https://www.google-analytics.com https://*.googletagmanager.com https://tagmanager.google.com https://ssl.google-analytics.com https://cta-service-cms2.hubspot.com/ https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ https://www.googletagmanager.com/ https://synlab.pe/ *.js.hsforms.net *.wordpress.com *.s.w.org www.youtube.com track.hubspot.com *.hubspot.com connect.facebook.net *.googleoptimize.com *.hs-analytics.net js.hs-analytics.net js.hsadspixel.net googleoptimize.com js.hs-banner.com *.hotjar.com *.google-analytics.com secure.gravatar.com player.vimeo.com *.api.forms.com  *.hscollectedforms.net *.g.doubleclick.net *.hubapi.com *.googletagmanager.com *.fontawesome.com *.jsdelivr.net *.hs-scripts.com  *.jquery.com *.whatsapp.com *.messenger.com ;object-src 'self' https://www.googletagmanager.com/ https://www.synlab.pe/ https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ *.api.hsforms.com secure.gravatar.com player.vimeo.com *.messenger.com *.api.whatsapp.com *.hsforms.com *.whatsapp.com *.hs-scripts.com *.google.com *.facebook.com *.instangram.com *.googleapis.com *.fontawesome.com *.jsdelivr.net *.jquery.com *.googletagmanager.com *.api.hsforms.com ;img-src 'self' https://*.googletagmanager.com https://tagmanager.google.com https://googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.synlab.pe/ https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ *.google.com secure.gravatar.com player.vimeo.com googleads.g.doubleclick.net *.google.com.pe forms.hsforms.com track.hubspot.com www.facebook.com www.google-analytics.com *.hsforms.com *.hubspot.com  data:;style-src 'self' https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ https://www.synlab.pe/ https://www.googletagmanager.com/ cdn.jsdelivr.net fonts.googleapis.com *.jsdelivr.net ; font-src 'self' https://ka-p.fontawesome.com https://script.hotjar.com https://fonts.gstatic.com https://www.synlab.pe/ https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ data:; form-action 'self' https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ https://www.synlab.pe/ *.api.hsforms.com *.hsforms.com www.facebook.com www.googletagmanager.com *.whatsapp.com *.messenger.com; frame-src *.www.synlab.pe https://www.synlab.pe/ https://www.facebook.com/ https://www.google.com/ https://td.doubleclick.net/ static.hsappstatic.net js.stripe.com www.google.com www.facebook.com www.googletagmanager.com; report-to default; 1
frame-ancestors https://rebako.io/ 1
default-src 'self' https://fonts.gstatic.com data:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://sc-static.net https://www.googletagmanager.com https://www.gstatic.com https://www.google.com https://ajax.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://ajax.googleapis.com https://googleads.g.doubleclick.net https://connect.facebook.net https://snap.licdn.com https://sc-static.net https://www.googleadservices.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com; connect-src 'self'  https://yoast.com https://www.facebook.com https://haccms.ibex.co https://www.google-analytics.com https://tr.snapchat.com; img-src 'self' https://*.googleusercontent.com https://*.ytimg.com https://drive.google.com https://secure.gravatar.com https://www.google.com.pk https://px.ads.linkedin.com https://www.facebook.com https://p.adsymptotic.com https://www.google.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; base-uri 'self'; form-action 'self' https://www.facebook.com https://tr.snapchat.com; frame-src 'self' https://www.youtube.com https://www.google.com https://tr.snapchat.com https://bid.g.doubleclick.net https://www.facebook.com; object-src 'none'; media-src 'self' https://www.youtube.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://www.googletagmanager.com https://*.twitter.com https://apis.google.com/js/plusone.js https://platform.linkedin.com/in.js https://assets.pinterest.com/js/pinit.js https://static.ak.fbcdn.net https://cdn.syndication.twimg.com connect-src; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; img-src * data: ; media-src 'self' ; object-src 'self' ;  1
base-uri 'self';connect-src 'self';default-src 'self';form-action 'self';img-src 'self' data: *;media-src 'self';object-src 'none';script-src 'self' 'nonce-wvZAnoEOKnbksp9MBo41tZOGuVULXf4B' https://www.gstatic.com/ https://www.google.com/;style-src 'self' 'nonce-wvZAnoEOKnbksp9MBo41tZOGuVULXf4B';script-src-elem 'self' https://www.gstatic.com/ https://www.google.com/ 'nonce-wvZAnoEOKnbksp9MBo41tZOGuVULXf4B';script-src-attr 'self' https://www.gstatic.com/ https://www.google.com/ 'nonce-wvZAnoEOKnbksp9MBo41tZOGuVULXf4B';style-src-elem 'self' https://fonts.googleapis.com https://fonts.gstatic.com 'nonce-wvZAnoEOKnbksp9MBo41tZOGuVULXf4B';style-src-attr 'self' 'nonce-wvZAnoEOKnbksp9MBo41tZOGuVULXf4B';font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.google.com/ https://www.gstatic.com/;manifest-src 'self';worker-src 'self' 1
base-uri 'self'; connect-src 'self' https://u.clarity.ms https://analytics.tiktok.com *.google-analytics.com  *.yandex.md *.yandex.ru *.taboola.com *.doubleclick.net https://d2941uvtj8higz.cloudfront.net *.tarfin.com https://www.facebook.com https://mc.yandex.com; default-src 'self' https:; font-src 'self' data: *.gstatic.com; frame-src 'self' *.yandex.md *.youtube.com *.google.com; img-src * 'self' data: https://mc.yandex.com https://tarfinprod.s3.eu-central-1.amazonaws.com https://tarfinprod-public.s3.eu-central-1.amazonaws.com https://d2941uvtj8higz.cloudfront.net *.tarfin.com *.gstatic.com *.yandex.md *.googleapis.com *.facebook.com *.taboola.com *.google-analytics.com *.google.com *.google.com.tr; manifest-src 'self' https://d2941uvtj8higz.cloudfront.net *.tarfin.com; media-src 'self'; object-src 'none'; script-src 'self' https://www.clarity.ms https://yastatic.net *.yandex.md *.yandex.ru *.jsdelivr.net *.taboola.com *.facebook.net *.googletagmanager.com https://unpkg.com *.cloudflare.com *.googleapis.com *.google-analytics.com *.google.com *.googleadservices.com https://d2941uvtj8higz.cloudfront.net *.tarfin.com https://analytics.tiktok.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.jsdelivr.net https://d2941uvtj8higz.cloudfront.net *.tarfin.com 'unsafe-inline'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval'  www.gstatic.com www.google-analytics.com ajax.googleapis.com www.googletagmanager.com captcha.com remote.captcha.com maps.googleapis.com  www.google.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com ajax.googleapis.com www.googletagmanager.com captcha.com remote.captcha.com maps.googleapis.com fonts.googleapis.com www.google.com www.gstatic.com;  1
default-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://skroutza.skroutz.gr *.livehelperchat.com *.zopim.com *.ubembed.com *.skroutz.gr *.zdassets.com/ *.hotjar.com https://apis.google.com https://www.gstatic.com https://z.moatads.com https://analytics.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://skroutza.skroutz.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr; style-src 'self' 'unsafe-inline' *.livehelperchat.com https://cdn.jsdelivr.net https://fonts.googleapis.com; object-src 'self'; img-src 'self' data: https://www.taxiarchis.com https://taxiarchis2020.staginglh.com https://local.taxiarchis2020.gr https://taxiarchis2020.test.devlh.com https://taxiarchis.com *.cdninstagram.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr; font-src 'self' data: https://taxshop.livehelperchat.com https://fonts.gstatic.com; connect-src 'self' https://taxshop.livehelperchat.com wss://ws1.hotjar.com wss://ws2.hotjar.com wss://ws3.hotjar.com wss://ws4.hotjar.com wss://ws5.hotjar.com wss://ws6.hotjar.com wss://ws7.hotjar.com wss://ws8.hotjar.com wss://ws9.hotjar.com wss://ws10.hotjar.com wss://ws11.hotjar.com wss://ws12.hotjar.com wss://ws13.hotjar.com wss://ws14.hotjar.com wss://ws15.hotjar.com wss://ws16.hotjar.com wss://ws17.hotjar.com wss://ws18.hotjar.com wss://ws19.hotjar.com wss://ws20.hotjar.com wss://ws21.hotjar.com wss://ws22.hotjar.com wss://ws23.hotjar.com wss://ws24.hotjar.com wss://ws25.hotjar.com wss://ws26.hotjar.com wss://ws27.hotjar.com wss://ws28.hotjar.com wss://ws29.hotjar.com wss://ws30.hotjar.com wss://ws31.hotjar.com wss://ws32.hotjar.com wss://ws33.hotjar.com wss://ws34.hotjar.com wss://ws35.hotjar.com wss://ws36.hotjar.com wss://ws37.hotjar.com wss://ws38.hotjar.com wss://ws39.hotjar.com wss://ws40.hotjar.com wss://ws41.hotjar.com wss://ws42.hotjar.com wss://ws43.hotjar.com wss://ws44.hotjar.com wss://ws45.hotjar.com wss://ws46.hotjar.com wss://ws47.hotjar.com wss://ws48.hotjar.com wss://ws49.hotjar.com wss://ws50.hotjar.com wss://ws51.hotjar.com wss://ws52.hotjar.com wss://ws53.hotjar.com wss://ws54.hotjar.com wss://ws55.hotjar.com wss://ws56.hotjar.com wss://ws57.hotjar.com wss://ws58.hotjar.com wss://ws59.hotjar.com wss://ws60.hotjar.com wss://ws61.hotjar.com wss://ws62.hotjar.com wss://ws63.hotjar.com wss://ws64.hotjar.com wss://ws65.hotjar.com wss://ws66.hotjar.com wss://ws67.hotjar.com wss://ws68.hotjar.com wss://ws69.hotjar.com wss://ws70.hotjar.com wss://ws71.hotjar.com wss://ws72.hotjar.com wss://ws73.hotjar.com wss://ws74.hotjar.com wss://ws75.hotjar.com wss://ws76.hotjar.com wss://ws77.hotjar.com wss://ws78.hotjar.com wss://ws79.hotjar.com wss://ws80.hotjar.com wss://ws81.hotjar.com wss://ws82.hotjar.com wss://ws83.hotjar.com wss://ws84.hotjar.com wss://ws85.hotjar.com wss://ws86.hotjar.com wss://ws87.hotjar.com wss://ws88.hotjar.com wss://ws89.hotjar.com wss://ws90.hotjar.com wss://ws91.hotjar.com wss://ws92.hotjar.com wss://ws93.hotjar.com wss://ws94.hotjar.com wss://ws95.hotjar.com wss://ws96.hotjar.com wss://ws97.hotjar.com wss://ws98.hotjar.com wss://ws99.hotjar.com *.hotjar.io  *.hotjar.com *.zdassets.com https://www.youtube.com https://www.bestprice.gr https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app; frame-src *; media-src 'self' 1
default-src https: 'unsafe-eval' 'unsafe-inline'; img-src * data:; object-src 'none'; report-uri /security/csp-report 1
manifest-src 'self'; upgrade-insecure-requests; block-all-mixed-content;, report-uri https://sentry.diemayrei.de/api/9/security/?sentry_key=ee7352f1fa3f42b59178fe6bcb4855f7;, frame-ancestors 'self'; 1
default-src 'self' https: blob: data: 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.iyzipay.com  *.youtube.com ; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.google-analytics.com *.googleapis.com *.facebook.com *.facebook.net *.google.com *.twitter.com *.instagram.com *.pinterest.com *.addthis.com *.jivochat.com *.jivosite.com *.zendesk.com *.googletagmanager.com *.googleadservices.com *.doubleclick.net *.tools.tsoftapps.com *.tsoftapps.com *.iyzipay.com  *.youtube.com ; frame-ancestors *; 1
frame-ancestors 'self' https://mydrive.univ-st-etienne.fr https://mydrive-ng.univ-st-etienne.fr https://laboratoirehubertcurien.univ-st-etienne.fr 1
default-src 'self' 'unsafe-inline' data: cvu.com.uy www.telepeaje.com.uy googletagmanager.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com *.google-analytics.com google-analytics.com cdn.mcauto-images-production.sendgrid.net;script-src 'self' 'unsafe-inline' *.google-analytics.com google-analytics.com googletagmanager.com *.googletagmanager.com *.google.com *.googleapis.com *.gstatic.com goo.gle 1
object-src * data:;default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://seal.godaddy.com/*; font-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://telerad.biz/RemotEye/neologica.utils.js https://seal.godaddy.com/getSeal; frame-src * data: 'self' https://telerad.biz https://telerad.biz:4006; connect-src 'self' https://api.ipify.org https://telerad.biz/TeleRadService/ServiceTWP.svc https://telerad.biz/DeleteFolderService/DeleteFolderService.svc https://telerad.biz:401/MailService.svc/SendMail https://telerad.biz:400/SMSService.svc/SendSms https://ka-f.fontawesome.com https://127.0.0.1:*  ws://localhost:8181/ 1
frame-ancestors https://*.usemaisstore.com.br https://*.clubeusemais.com.br https://cemecard.com.br https://*.cemecard.com.br https://servidor.scc-consig.com.br; default-src 'self' 'unsafe-inline' https://apiv4.marktclub.net.br https://apiv4.markt.club https://imgs.via.com.br https://*.google.com https://*.googleapis.com https://*.gstatic.com https://js.driftt.com https://*.marktclub.com.br https://*.youhuul.com https://*.googleusercontent.com https://ui.zanox.com https://viacep.com.br https://www.lomadee.com https://www.youtube.com https://*.facebook.net https://*.facebook.com https://ajax.cloudflare.com invisible.js data: https://js.driftqa.com https://www.awin.com https://ui.awin.com https://via.placeholder.com https://alfaclub.com.br https://ajax.cloudflare.com invisible.js 1
img-src 'self' data: *.google.com *.google.it *.googleadservices.com https://www.google-analytics.com https://*.doubleclick.net https://www.googleapis.com https://*.appgrade34.it/ https://www.googletagmanager.com https://*.googleapis.com *.gstatic.com *.iubenda.com *.zopim.com *.zdassets.com *.linkedin.com *.bing.com *.clarity.ms *.facebook.com https://light.appgrade34.it/ https://www.termesangiovanni.it/ https://www.termesangiovanni.it/;script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.iubenda.com https://*.googletagmanager.com https://*.google-analytics.com https://*.googleapis.com *.google.com *.google.it *.googleadservices.com https://stats.g.doubleclick.net *.licdn.com *.bing.com *.facebook.net *.doubleclick.net *.zopim.com *.zdassets.com *.clarity.ms *.facebook.com;script-src-elem 'self' 'unsafe-inline' *.google.com *.google.it *.googleadservices.com https://www.google-analytics.com https://stats.g.doubleclick.net *.licdn.com *.bing.com *.facebook.net *.doubleclick.net *.iubenda.com https://www.googletagmanager.com https://*.googleapis.com https://*.stripe.com *.zopim.com *.zdassets.com *.clarity.ms *.facebook.com https://*.addthis.com https://*.addthisedge.com https://*.moatads.com;script-src-attr 'self' 'unsafe-inline' https://www.googletagmanager.com *.iubenda.com;connect-src 'self' https://*.google.com https://*.googleapis.com https://*.google-analytics.com https://*.googleadservices.com https://*.doubleclick.net https://light.appgrade34.it/ https://*.zendesk.com https://*.iubenda.com https://*.zdassets.com https://*.clarity.ms https://*.addthis.com ws:;frame-src 'self' https://*.google.com https://*.google.it https://*.stripe.com https://*.facebook.com https://*.youtube.com https://*.youtube-nocookie.com/ https://*.addthis.com;frame-ancestors 'self' https://light.appgrade34.it/;media-src 'self' https://light.appgrade34.it/;form-action 'self' https://*.facebook.com/;default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;object-src 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src * data: blob: http: https: 'self' https://*.durable.co 'unsafe-inline' *.durable.co 'unsafe-eval'; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' 1
worker-src blob:; font-src maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.yieldify-production.com fonts.gstatic.com *.serving-sys.com *.fontawesome.com https://fonts.gstatic.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com *.facebook.com *.serving-sys.com *.localhost.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors *.googletagmanager.com 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.cardinalcommerce.com *.authorize.net *.sharethis.mgr.consensu.org *.sharethis.com *.doubleclick.net *.gateway.mastercard.com data: 'self' *.yieldify.com *.facebook.com *.google.com *.googletagmanager.com *.pinterest.com *.serving-sys.com cdn.dnky.co webchat.dotdigital.com https://player.vimeo.com *.localhost.com *.paymentexpress.com *.windcave.com *.yotpo.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com validator.swagger.io *.magentocommerce.com *.googleadservices.com *.google-analytics.com *.paypal.com *.cake.nz *.doubleclick.net *.pinterest.com *.topbuzz.com *.facebook.com *.cloudfront.net *.google.com *.google.com.au *.google.com.bd *.adroll.com *.yieldify.com *.yieldify-production.com *.googletagmanager.com *.serving-sys.com https://a.klaviyo.com https://updates.themepunch.tools http://updates.themepunch.tools https://updates.themepunch-ext-a.tools http://updates.themepunch-ext-a.tools https://updates.themepunch-ext-b.tools http://updates.themepunch-ext-b.tools *.yotpo.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com *.vimeocdn.com cdn-scripts.signifyd.com www.youtube.com *.paypal.com *.assets.adobedtm.com *.sharethis.com *.googleadservices.com *.google.com *.gstatic.com *.bronto.com *.googleapis.com *.googletagmanager.com *.brontops.com *.cardinalcommerce.com *.signifyd.com *.adform.net *.pinimg.com *.tiktok.com *.yieldify.com *.ibytedtos.com *.ipstatp.com *.facebook.com *.facebook.net googleads.g.doubleclick.net *.adroll.com *.google-analytics.com *.adroll.mgr.consensu.org *.mastercard.com *.klaviyo.com *.serving-sys.com *.pingdom.net r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net cdn.dnky.co api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com *.avada.io https://player.vimeo.com https://www.youtube.com *.yotpo.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com *.sharethis.com *.klaviyo.com *.serving-sys.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com https://fonts.googleapis.com http://fonts.googleapis.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com *.sharethis.com *.cardinalcommerce.com *.bronto.com *.brontops.com *.doubleclick.net *.pinterest.com *.tiktok.com *.google-analytics.com *.adform.net *.facebook.net *.klaviyo.com *.yieldify.com *.yieldify-production.com *.google.com *.googleapis.com *.connectorengine.com *.facebook.com wss://stranger.yieldify-production.com/ *.serving-sys.com r1-t.trackedlink.net r2-t.trackedlink.net r3-t.trackedlink.net r1.trackedweb.net r2.trackedweb.net r3.trackedweb.net static.trackedweb.net api.comapi.com webchat.dotdigital.com https://static.klaviyo.com https://fast.a.klaviyo.com https://get.geojs.io *.avada.io https://fonts.googleapis.com https://fonts.gstatic.com *.yotpo.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; report-uri https://thecheesecakeshop.co.nz/; report-to report-endpoint; 1
frame-ancestors 'self' *.venditan.com *.venditan.io 1
'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 1
frame-ancestors 'self' *.masterpassturkiye.com;                      script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jsdelivr.net https://*.tiktok.com https://*.criteo.com https://*.amazonaws.com https://*.yandex.ru https://*.nr-data.net https://*.googletagservices.com https://*.googlesyndication.com https://*.googleadservices.com https://*.doubleclick.net https://*.google.com https://as-sec.casalemedia.com https://cdn.scarabresearch.com https://cdnjs.cloudflare.com https://connect.facebook.net https://cdn.cookielaw.org https://google-analytics.com https://googleads.g.doubleclick.net https://graph.facebook.com https://googletagmanager.com https://*.newrelic.com https://js.facebook.com https://maps.googleapis.com https://maps.google.com https://static.criteo.net https://sslwidget.criteo.com https://ssl.google-analytics.com https://script.hotjar.com https://static.hotjar.com https://st-thenorthface.mncdn.com https://tags.creativecdn.com https://tagmanager.google.com https://www.google-analytics.com https://www.googleoptimize.com https://www.googletagmanager.com https://js.bkmexpress.com.tr https://*.youtube.com https://www.gstatic.com https://www.clarity.ms https://*.bing.com;                      style-src 'self' 'unsafe-inline' *.jsdelivr.net https://*.tiktok.com https://*.amazonaws.com *.google.com cdnjs.cloudflare.com st-thenorthface.mncdn.com www.googletagmanager.com;                      child-src 'self' blob: *.masterpassturkiye.com *.facebook.com *.google.com https://*.yandex.com *.doubleclick.net https://*.creativecdn.com https://*.blivenyc.com *.googlesyndication.com *.criteo.com *.criteo.net connect.facebook.net fledge-eu.creativecdn.com vars.hotjar.com www.googletagmanager.com https://*.youtube.com https://js.bkmexpress.com.tr;                      base-uri 'self' *.casalemedia.com;                      worker-src 'self' blob: www.google.com;       report-uri /WebResource.axd?cspReport=true 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.stargatebulgaria.com https://www.stargateportugues.com https://www.stargate.world https://www.stargateitalia.com https://www.stargatecestina.com https://www.stargateisrael.com https://www.laexperienciastargate.com https://www.stargatemagyar.com https://www.stargategreek.com https://www.stargateslovenija.com https://www.thestargateexperienceacademy.com 1
frame-ancestors 'self' https://megastudyacademy.co.kr https://megastudy-computer.com https://megaitacademy.com https://megagameacademy.com https://megastudy-beauty.com https://www.tjoeun.co.kr http://www.tjoeunit.co.kr 1
default-src 'self' *.gstatic.com *.juicer.io *.gigya.com *.flashtalking.com *.google.com *.gstatic.com; script-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gigya.com *.cookielaw.org *.juicer.io *.maxmind.com *.youtube.com *.onetrust.com *.ytimg.com *.facebook.net *.ckeditor.com *.cookielaw.org qa1-loyalty.stage.hogarth.homesense.ie *.google.com *.gstatic.com *.googletagmanager.com unpkg.com cdn.jsdelivr.net cdnjs.cloudflare.com *.js-agent.newrelic.com *.juicer.io; object-src 'self'; style-src  'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.google-analytics.com *.gigya.com *.cookielaw.org *.juicer.io *.onetrust.com *.ckeditor.com *.cookielaw.org cdn.jsdelivr.net cdnjs.cloudflare.com; img-src 'self' 'unsafe-eval' data: *.adnxs.com *.mookie1.com *.fbcdn.net *.imgur.com *.google-analytics.com *.doubleclick.net *.ipredictive.com *.gstatic.com *.googleapis.com *.gigya.com *.facebook.com *.ckeditor.com *.cookielaw.org *.js-agent.newrelic.com *.juicer.io  *.cdninstagram.com *.googletagmanager.com; frame-src 'self' *.mkt6608.com *.gigya.com *.youtube.com *.google.com *.pages03.net *.pages06.net; frame-ancestors 'self'; child-src 'self' *.gigya.com *.flashtalking.com *.youtube.com *.pages03.net *.pages06.net *.google.com *.gstatic.com; connect-src 'self' *.cookielaw.org *.juicer.io *.gigya.com *.facebook.com geoip-js.com *.onetrust.com *.google-analytics.com *.googleapis.com stats.g.doubleclick.net; report-uri /report-csp-violation 1
connect-src 'self' http://tkrec.in/; report-url http://tkrec.in/report 1
default-src 'self' 'unsafe-inline' ;img-src 'self' data:; object-src 'none'; report-uri /cspreport 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://www.gstatic.com https://yastatic.net https://www.youtube.com https://s.ytimg.com https://platform.instagram.com https://www.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://mc.yandex.ru https://top-fwz1.mail.ru https://js.sentry-cdn.com https://browser.sentry-cdn.com https://qaz.top-news.wiki https://push.top-news.wiki https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data: https://fonts.googleapis.com https://platform.twitter.com ; img-src 'self' data: https://* http://* ; font-src 'self' data: https://fonts.gstatic.com ; frame-src 'self' data: https://yastatic.net https://www.youtube.com https://www.instagram.com/ https://platform.twitter.com ; connect-src 'self' data: https://yastatic.net https://mc.yandex.ru https://mc.webvisor.com https://mc.webvisor.org https://fcm.googleapis.com https://firebaseinstallations.googleapis.com https://fcmregistrations.googleapis.com https://push.newsdaily.biz https://top-fwz1.mail.ru https://o4505939965509632.ingest.sentry.io https://push.top-news.wiki https://biposerfl.shop https://*.google-analytics.com; worker-src 'self' data: https://fcm.googleapis.com https://push.newsdaily.biz https://push.top-news.wiki ; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://forms.hsforms.com https://js.hsforms.net forms.hsforms.com js.hsforms.net https://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com http://js.hs-scripts.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://stats.g.doubleclick.net https://static.hotjar.com https://script.hotjar.com load.sumo.com https://alpunto.activehosted.com https://fonts.googleapis.com https://js.hsleadflows.net/leadflows.js https://cdn.mouseflow.com/projects/20ab6ab6-6978-43ee-bdae-75a6900e2588.js; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://unpkg.com/intl-tel-input@17.0.18/build/css/intlTelInput.min.css https://googleads.g.doubleclick.net https://stats.g.doubleclick.net 1
img-src 'self' data: https://www.google.com https://www.google.com.co https://www.google.com/* https://www.google.com.co/* https://img.inchcapedigital.com https://img.inchcapedigital.com/* https://static.inchcapedigital.com https://static.inchcapedigital.com/* https://static-preprod.inchcapedigital.com https://static-preprod.inchcapedigital.com/* https://maps.googleapis.com https://maps.gstatic.com https://maps.gstatic.com/* https://maps.googleapis.com/* https://maps.gstatic.com/* https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google-analytics.com https://sp.analytics.yahoo.com; script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com 'unsafe-eval' https://fonts.googleapis.com/ https://ajax.googleapis.com/ https://code.jquery.com/ https://ajax.aspnetcdn.com https://www.googletagmanager.com https://js.monitor.azure.com https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js https://maps.googleapis.com https://maps.googleapis.com/* https://static.site24x7rum.com https://www.google.com https://www.gstatic.com https://static.inchcapedigital.com https://static.inchcapedigital.com/* https://au-ecom-gr-hk.inchcapedigital.com https://au-ecom-gr-hk.inchcapedigital.com/* https://connect.facebook.net https://connect.facebook.net/* https://static.hotjar.com https://static.hotjar.com/* https://script.hotjar.com https://script.hotjar.com/* https://googleads.g.doubleclick.net https://www.googleadservices.com https://s.yimg.com/wi/ytc.js https://static-preprod.inchcapedigital.com https://au-ecom-preprod-hk.inchcapedigital.com https://au-ecom-preprod-hk.inchcapedigital.com/*; default-src 'self' data: 'unsafe-eval' 'unsafe-inline' https://static.inchcapedigital.com https://static.inchcapedigital.com/* https://au-ecom-gr-hk.inchcapedigital.com https://s.yimg.com/wi/config/10195109.json https://www.google-analytics.com https://stats.g.doubleclick.net https://*.doubleclick.net/* https://maps.googleapis.com https://fonts.googleapis.com https://static-preprod.inchcapedigital.com https://au-ecom-preprod-hk.inchcapedigital.com; frame-src 'self' https://*.doubleclick.net https://*.doubleclick.net/* https://www.google.com https://www.youtube.com https://www.youtube.com/* https://pgw-ui.2c2p.com https://static-preprod.inchcapedigital.com https://t.2c2p.com https://authentication.cardinalcommerce.com https://paymentauthenticationchallenge.apac.citibank.com https://*.citibank.com https://paymentauthenticationchallenge2.apac.citibank.com https://*.2c2p.com https://pgw.2c2p.com https://*.inchcapedigital.com https://*.inchcapedigital.com/x15-platform/graphql/; 1
default-src 'self' 'unsafe-inline' data: *.toyota.com.mk *.bootstrapcdn.com *.googletagmanager.com googleads.g.doubleclick.net *.google.mk *.google.com *.googleapis.com *.google-analytics.com *.gstatic.com *.fbcdn.net *.facebook.com *.facebook.net *.pinterest.com *.youtube.com 1
default-src https: wss://widget-mediator.zopim.com 'unsafe-inline'; img-src http: data: 'unsafe-inline' blob: https://www.toyota.com.ar ; script-src https://www.toyota.com.ar https://www.google.com https://www.googleadservices.com https://tagmanager.google.com https://api.retargetly.com https://urldefense.proofpoint.com https://connect.facebook.net https://www.googletagmanager.com https://googleads.g.doubleclick.net https://p.teads.tv/ https://www.google-analytics.com https://www.google.com/pagead/1p-conversion/ https://ssl.google-analytics.com https://maps.googleapis.com https://static.zdassets.com https://widget-mediator.zopim.com 'self' 'unsafe-inline' 'unsafe-eval'; worker-src blob: ; style-src https: 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' http://cloud.toyotadobrasil.com.br/ https://cloud.toyotadobrasil.com.br/ 1
frame-ancestors 'self' toyotarp.com www.toyotarp.com; 1
default-src 'self'; script-src 'self' ssl.google-analytics.com maxcdn.bootstrapcdn.com code.jquery.com stackpath.bootstrapcdn.com cdnjs.cloudflare.com ajax.googleapis.com framework-gb.cdn.gob.mx www.google-analytics.com 'unsafe-inline' 'unsafe-eval';  style-src 'self' maxcdn.bootstrapcdn.com fonts.googleapis.com framework-gb.cdn.gob.mx 'unsafe-inline'; font-src 'self' framework-gb.cdn.gob.mx fonts.gstatic.com maxcdn.bootstrapcdn.com; worker-src 'self' blob:; connect-src 'self' www.google-analytics.com;  frame-src 'self' www.youtube.com; img-src 'self' ssl.google-analytics.com framework-gb.cdn.gob.mx data: 1
default-src 'self' ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://www.google-analytics.com:* https://pagead2.googlesyndication.com:* https://www.youtube.com:* https://adservice.google.com.au:* https://s.ytimg.com:* about; style-src 'self' https://cdn.rawgit.com/michalsnik/aos/2.1.1/dist/aos.cs https://tickets.4talent.cl:* data: 'unsafe-inline' https://fearby.com:* https://fearby-com.exactdn.com:* https://fonts.googleapis.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:*; img-src 'self' data: https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://secure.gravatar.com:* https://maps.gstatic.com:* https://maps.googleapis.com:* https://www.google-analytics.com:* https://a.impactradius-go.com:* https://www.paypalobjects.com:* https://namecheap.pxf.io:* https://www.paypalobjects.com:* https://stats.g.doubleclick.net:* https://*.doubleclick.net:* https://stats.g.doubleclick.net:* https://www.ojrq.net:* https://ak1s.abmr.net:* https://*.abmr.net:*; font-src 'self' data: https://ka-f.fontawesome.com:* https://fearby.com:* https://fearby-com.exactdn.com:* https://fonts.googleapis.com:* https://fonts.gstatic.com:* https://cdn.joinhoney.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://googleads.g.doubleclick.net:*; connect-src 'self' https://tickets.4talent.cl:* https://ka-f.fontawesome.com/ https://video.4talent.cl/ https://fearby.com:* https://fearby-com.exactdn.com:* https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://www.google-analytics.com:*; media-src 'self' blob: https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com:* https://secure.gravatar.com:* https://www.google-analytics.com:*; object-src 'self' ; child-src 'self' https://player.vimeo.com https://fearby-com.exactdn.com:* https://www.youtube.com https://www.googletagmanager.com:* https://www.google-analytics.com:*; frame-src 'self' https://www.youtube.com:* https://googleads.g.doubleclick.net:* ; worker-src 'self' https://sqm.hiringup.com/* https://video.4talent.cl/* blob: mediastream: ; frame-ancestors 'self' ; form-action 'self' https://fearby.com:* https://fearby-com.exactdn.com:* https://fearby-com.exactdn.com:* https://www.googletagmanager.com:* https://www.google-analytics.com:* https://www.google-analytics.com:*; upgrade-insecure-requests; block-all-mixed-content; base-uri https://fearby.com:*; manifest-src 'self' 'self' 'self'; report-uri https://fearby.report-uri.com/r/d/csp/enforce; 1
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://use.fontawesome.com; img-src 'self' https://media.licdn.com www.trabajito.com.bo data: blob: 1
frame-ancestors https://www.trackandtrail.in https://tii.in/; 1
base-uri 'none';connect-src 'self' https://adservice.google.com https://www.google.com https://*.doubleclick.net https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;default-src 'none';form-action 'self';img-src 'self' *.ytimg.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com data: https: https://*.google-analytics.com https://*.googletagmanager.com;media-src 'none';object-src 'none';font-src 'self' https://fonts.gstatic.com data:;upgrade-insecure-requests;script-src *.youtube.com s.ytimg.com *.youtube-no-cookie.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ https://www.googletagmanager.com 'unsafe-eval' https://tagmanager.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net https://*.google-analytics.com https://*.googletagmanager.com 'self' 'unsafe-inline' https://www.gstatic.com;frame-src *.youtube.com *.youtube-no-cookie.com *.ytimg.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ https://*.doubleclick.net https://stats.g.doubleclick.net https://www.googletagmanager.com https://bid.g.doubleclick.net 'self' https://www.google.com;style-src https://tagmanager.google.com https://fonts.googleapis.com 'self' 'unsafe-inline';frame-ancestors 'self';manifest-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.trenino-rosso-bernina.it/ *.gstatic.com *.google-analytics.com *.googletagmanager.com *.googleapis.com *.google.com *.google.it *.facebook.net *.facebook.com *.doubleclick.net *.trenino-rosso-bernina.it cdnjs.cloudflare.com *.iubenda.com maxcdn.bootstrapcdn.com *.googlesyndication.com *.ytimg.com *.doubleclick.net *.youtu.be youtu.be *.trenino-rosso-bernina.it *.youtube.com *.hotjar.com *.hotjar.io *.spreaker.com *.doubleclick.net *.youtu.be youtu.be *.optinly.net *.optinly.com *.wisernotify.com *.cloudfunctions.net *.wisermapp.com *.amazonaws.com data: blob: wss:; 1
script-src http: https: 'unsafe-inline' trikart.com; style-src 'self' blob: https: 'unsafe-inline' trikart.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' data: fonts.gstatic.com cdnjs.cloudflare.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com; 1
default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.ckeditor.com *.bootstrapcdn.com *.googleapis.com *.gstatic.com youtube.com *.youtube.com google.com *.google.com fontawesome.com *.fontawesome.com jquery.com *.jquery.com cloudflare.com *.cloudflare.com briskflowplatform.co.za *.briskflowplatform.co.za userguiding.com *.userguiding.com data: ; 1
frame-ancestors 'self' https://*.datocms.com; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.tyson4d.com 1
"default-src 'self' 'unsafe-inline' *.fontawesome.com  *.googleapis.com  uala.com.co *.google-analytics.com ;" 1
default-src 'self' ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://ssl.google-analytics.com/ga.js https://ajax.cloudflare.com https://amp.cloudflare.com https://static.cloudflareinsights.com https://www.google.com https://www.gstatic.com https://www.instagram.com https://platform.instagram.com https://www.redditstatic.com https://stats.g.doubleclick.net https://js-agent.newrelic.com https://bam.nr-data.net https://cdn.syndication.twimg.com https://connect.facebook.net https://platform.twitter.com https://syndication.twitter.com; style-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.google.com https://ajax.googleapis.com https://amp.cloudflare.com https://ton.twimg.com https://platform.twitter.com; img-src * data: ; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' cloudflareinsights.com *.amp.cloudflare.com https://platform.twitter.com https://syndication.twitter.com https://stats.g.doubleclick.net https://bam.nr-data.net; frame-src 'self' data: blob: https://open.spotify.com https://www.google.com https://twitter.com https://platform.twitter.com https://syndication.twitter.com https://mobile.twitter.com https://t.co https://www.facebook.com https://web.facebook.com https://staticxx.facebook.com https://m.facebook.com https://static.xx.fbcdn.net https://www.instagram.com https://www.redditmedia.com https://w.soundcloud.com https://youtube.com https://www.youtube.com https://youtube-nocookie.com https://www.youtube-nocookie.com https://player.vimeo.com https://dailymotion.com https://www.dailymotion.com *.amp.cloudflare.com; upgrade-insecure-requests; block-all-mixed-content; report-uri https://ukff.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; connect-src 'self' https: wss:; img-src 'self' 'unsafe-inline' https: http: data: blob:; script-src 'self' https://apis.mapmyindia.com https://*.firebaseio.com; script-src-attr 'self' 'unsafe-inline' ; frame-src https: http: https://*.firebaseio.com; style-src 'self' 'unsafe-inline' https://apis.mapmyindia.com; font-src 'self' https://fonts.gstatic.com; object-src 'none' 1
upgrade-insecure-requests; report-uri https://unlimitedvids.es/il_reporturi.php?from=csp; report-to csp_endpoint 1
frame-ancestors 'self' https://apps.swisslifeselect.cz https://apps.lifenet.swisslifeselect.cz https://nove.e-srovnani.cz 1
default-src *; img-src * data:; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://fonts.googleapis.com http://translate.google.com https://translate.googleapis.com https://code.ionicframework.com; script-src 'self' 'unsafe-inline' http://translate.google.com https://translate.googleapis.com localhost:*/* https://facebook.com *.facebook.com http://translate.google.com *.translate.google.com http://indiannetwork.in/ https://indiannetwork.in/ http://www.googletagmanager.com https://www.googletagmanager.com http://www.google-analytics.com https://www.google-analytics.com http://upsdmabas.auashreetron.com https://upsdmabas.auashreetron.com http://202.65.131.96 https://202.65.131.96 http://auakua.auashreetron.com https://auakua.auashreetron.com http://www.googleadservices.com https://www.googleadservices.com  1
script-src 'self' 'unsafe-eval' *.googleapis.com analytics.skroutz.gr vivapayments.com www.google-analytics.com www.googletagmanager.com connect.facebook.net 'nonce-YkrSEOZwDmdMMu3wWetOgUM6h8mOCBRs' 1
frame-ancestors 'self' https://www.urbenie.com; 1
default-src 'none'; script-src https: 'unsafe-inline' 'nonce-A6DA86A2755D4B918CDC7FA9C093CC97' 'strict-dynamic'; style-src 'self' 'nonce-A6DA86A2755D4B918CDC7FA9C093CC97' translate.googleapis.com; connect-src 'self' https: ; img-src 'self' https: data:; font-src 'none' ; object-src 'none'; frame-ancestors 'self'; frame-src 'self' www.google.com tpc.googlesyndication.com td.doubleclick.net; base-uri 'none'; report-uri https://www.urgento.nl/API/Site/CspReport 1
frame-src 'self' https://8865438.fls.doubleclick.net https://td.doubleclick.net https://www.youtube.com https://www.google.com;     object-src 'self' https://www.youtube.com https://www.google.com;     script-src 'self' https://www.youtube.com 'unsafe-inline' 'unsafe-eval';     script-src-elem 'self' https://googleads.g.doubleclick.net/ https://cdnjs.cloudflare.com/ https://maps.googleapis.com/ https://www.youtube.com https://www.googletagmanager.com https://www.google-analytics.com https://www.googleadservices.com 'unsafe-inline';     frame-ancestors 'self' ; 1
default-src 'self' 'unsafe-inline'; img-src 'self' https: data: https://postofficeplacement.s3.us-east-2.amazonaws.com https://secure.gravatar.com https://www.googleadservices.com; font-src 'self' data:; script-src 'self' 'unsafe-inline' data: https://www.googleadservices.com https://js.adsrvr.org https://www.google.com https://messenger.dixa.io https://www.googletagmanager.com https://www.gstatic.com https://www.statcounter.com https://messenger-edge.dixa.io; connect-src 'self' https://c.statcounter.com https://www.google-analytics.com https://messenger-edge.dixa.io; frame-src 'self' https://td.doubleclick.net https://www.google.com https://messenger.dixa.io https://messenger.dixia.io https://insight.adsrvr.org https://match.adsrvr.org; worker-src 'self' blob:; 1
default-src 'none'; script-src 'self' 'nonce-t4chF4dBS98aT7LUuycfD9M0' www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' https://*.kevin.eu www.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://www.google.com/ https://www.google.fi/; connect-src https://*.google-analytics.com https://*.analytics.google.com https://stats.g.doubleclick.net/; style-src 'self'; frame-src 'self' https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; frame-ancestors 'self'; base-uri 'self'; form-action 'self' https://*.kevin.eu; 1
base-uri 'self'; child-src 'self'; connect-src 'self' https://*.meo.pt https://*.uzo.pt wss://api.botschool.ai https://api.botschool.ai wss://*.byside.com https://*.byside.com https://cdn-api-weglot.com https://api.conveythis.com https://www.facebook.com https://*.google-analytics.com https://adservice.google.com https://www.google.com https://pagead2.googlesyndication.com https://www.googletagmanager.com https://*.inmobi.com https://cmp.quantcast.com https://*.cmp.quantcast.com https://pixel.quantcount.com https://*.weglot.com https://*.clarity.ms https://*.doubleclick.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org https://services.sapo.pt https://signet-spot.telecom.pt; default-src 'self'; font-src 'self' data: https://*.meo.pt https://*.uzo.pt https://fonts.gstatic.com https://gateway.zscaler.net; form-action 'self' https://*.meo.pt https://*.uzo.pt https://*.byside.com https://www.facebook.com https://gateway.zscaler.net; frame-ancestors 'self' https://en.uzo.pt; frame-src 'self' https://*.meo.pt https://*.uzo.pt https://s1.byside.com https://www.facebook.com https://www.google.com https://tpc.googlesyndication.com https://www.googletagmanager.com https://*.doubleclick.net https://gateway.zscaler.net https://signet-spot.telecom.pt; img-src 'self' data: https:; media-src 'self' data: https://*.uzo.pt https://gateway.zscaler.net; report-to cspenforce; report-uri https://cspreport.apps.meo.pt/Services/Rest.svc/CSP/1kqJ23iNdD/Enforce; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.meo.pt https://*.uzo.pt https://img.botschool.ai https://*.byside.com https://cdn.conveythis.com https://www.datadoghq-browser-agent.com https://*.google-analytics.com https://www.google.com https://www.googleadservices.com https://*.googlesyndication.com https://www.googletagmanager.com https://www.gstatic.com https://*.inmobi.com https://cmp.quantcast.com https://rules.quantcount.com https://secure.quantserve.com https://*.serving-sys.com https://*.weglot.com https://www.clarity.ms https://mstat.acestream.net https://*.doubleclick.net https://connect.facebook.net https://gateway.zscaler.net https://quantcast.mgr.consensu.org; style-src 'self' 'unsafe-inline' https://*.meo.pt https://*.uzo.pt https://img.botschool.ai https://*.byside.com https://fonts.googleapis.com https://www.gstatic.com https://cdn.weglot.com https://gateway.zscaler.net; worker-src 'self'; object-src 'none' 1
frame-ancestors 'self'; object-src 'none';img-src self data: https: ; script-src 'self' https://client.crisp.chat https://static.userguiding.com https://public.produktly.com https://matomo.fabrique.social.gouv.fr 'unsafe-inline' 1
frame-ancestors 'self' vapemonster.co.kr *.vapemonster.co.kr 1
font-src *.fontawesome.com maxcdn.bootstrapcdn.com *.fonts.googleapis.com *.gstatic.com data: *.cloudflare.com *.doubleclick.net *.googlesyndication.com *.bootstrapcdn.com *.facebook.com *.facebook.net *.google-analytics.com *.salesmanago.pl *.googletagmanager.com *.addthis.com data: 'self' 'unsafe-inline'; form-action secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.epay.bg *.datamax.bg *.kbcbank.bg *.cardinalcommerce.com *.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.googletagmanager.com *.google.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com *.addthis.com *.pinterest.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.facebook.net *.google-analytics.com *.salesmanago.pl *.googletagmanager.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com validator.swagger.io www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.tbibank.support *.unicreditconsumerfinancing.info https://www.magezon.com *.facebook.com *.google.com *.googleadservices.com *.google-analytics.com *.googletagmanager.com newpay.bg www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com *.doubleclick.net *.googlesyndication.com *.facebook.net *.salesmanago.pl *.google.bg data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.tbibank.support *.unicreditconsumerfinancing.info *.googletagmanager.com *.googleadservices.com *.google-analytics.com *.google.com *.avada.io assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com *.googleapis.com *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com *.doubleclick.net *.googlesyndication.com *.gstatic.com *.facebook.net *.fontawesome.com *.cloudflare.com *.salesmanago.pl 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com maxcdn.bootstrapcdn.com unsafe-inline *.googleapis.com *.googlesyndication.com *.cloudflare.com *.bootstrapcdn.com *.facebook.com *.facebook.net *.google-analytics.com *.salesmanago.pl *.googletagmanager.com *.addthis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com stats.g.doubleclick.net https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cloudflare.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.doubleclick.net *.googlesyndication.com *.facebook.com *.facebook.net *.salesmanago.pl 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src https: 'unsafe-inline' 'unsafe-eval'; img-src https: 1
frame-ancestors 'self' https://verktygsvaruhuset.se https://verktygsvaruhuset.starwebserver.se 1
frame-ancestors www.viajeseroski.es www.facebook.com raw2.statichtmlapp.com 1
default-src 'self' unpkg.com chimpstatic.com *.cloudflare.com *.unsplash.com *.us5.list-manage.com mcusercontent.com *.ytimg.com *.youtube.com *.vimeo.com *.mailchimp.com *.jsdelivr.net *.googleusercontent.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.googleapis.com *.gstatic.com *.google.com *.google.de *.google.ch empathy-portal.de *.doubleclick.net *.m-pathy.com fast.fonts.net *.facebook.net *.facebook.com *.adform.net bat.bing.com 'unsafe-eval'  'unsafe-inline' data:; 1
font-src *.fontawesome.com *.alothemes.com *.magepow.com *.googleapis.com *.gstatic.com *.azureedge.net data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.redsys.es *.facebook.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.cookiebot.com *.oct8ne.com *.hotjar.com *.google.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.alothemes.com *.magepow.com *.cdninstagram.com *.oct8ne.com *.azureedge.net grwapi.net *.google.com *.google.es *.doubleclick.net *.twitter.com *.pinterest.com t.co *.linkedin.com *.cookiebot.com *.metricool.com *.clarity.ms data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.avada.io *.alothemes.com *.magepow.com *.googletagmanager.com https://www.googletagmanager.com tagmanager.google.com *.google.com *.gstatic.com *.cookiebot.com *.oct8ne.com grwapi.net *.jquery.com *.doubleclick.net *.ads-twitter.com *.pinimg.com *.hotjar.com *.licdn.com *.clarity.ms *.tiktok.com *.pinterest.com *.metricool.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.alothemes.com *.magepow.com *.googleapis.com grwapi.net 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com https://get.geojs.io *.avada.io *.alothemes.com *.magepow.com *.google-analytics.com https://www.google-analytics.com *.oct8ne.com grwapi.net *.cookiebot.com *.doubleclick.net *.pinterest.com *.hotjar.com *.hotjar.io wss://*.hotjar.com cdn.linkedin.oribi.io *.clarity.ms *.tiktok.com *.google.com *.linkedin.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
block-all-mixed-content; frame-ancestors 'self' vincishoes.activehosted.com; upgrade-insecure-requests 1
frame-ancestors 'none'; report-to rt 1
font-src *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com https://www.google.com/recaptcha/ secure-gateway.hipay-tpp.com *.hipay.com *.doubleclick.net 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com data: googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.bing.com *.google.com *.google.fr *.googleapis.com maps.gstatic.com *.visseriefixations.fr blob: data: 'self' 'unsafe-inline'; script-src googleads.g.doubleclick.net www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://sibautomation.com secure-gateway.hipay-tpp.com *.hipay.com mpsnare.iesnare.com *.bing.com *.axept.io *.doofinder.com *.googleapis.com *.cloudflare.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hipay.com *.googleapis.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src data: mpsnare.iesnare.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.googleadservices.com www.google-analytics.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://in-automate.brevo.com *.hipay.com wss://mpsnare.iesnare.com *.bing.com *.axept.io *.doofinder.com *.googleapis.com *.google.com *.doubleclick.net *.google-analytics.com *.hipay-tpp.com *.googlesyndication.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
font-src *.gstatic.com 'self' data: *.doubleclick.net *.facebook.com fonts.gstatic.com smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.cloudfront.net *.prelive.vitamincenter.it *.vitamincenter.it *.adbr.io *.bootstrapcdn.com *.fontawesome.com 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.facebook.com *.nexi.it 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com *.google.com *.doubleclick.net *.facebook.com *.iubenda.com *.livechatinc.com *.online-metrix.net *.tracead.com tracead.com *.signifyd.com img.signifyd.com *.addthis.com *.jrs5.com pubxtag1.com amc.demdex.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.adbr.io *.youtube-nocookie.com webapprestapi.vitamincenter.com sendtric.com gen.sendtric.com 'self' 'unsafe-inline'; img-src widgets.magentocommerce.com t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com s.ytimg.com 'self' data: *.google.it *.google.bg *.facebook.com *.facebook.net *.doubleclick.net *.googletagmanager.com *.gstatic.com *.payments-amazon.com *.linksynergy.com *.nxtck.com *.mediaforge.com *.jrs5.com *.dc-storm.com *.rd.linksynergy.com *.ra.linksynergy.com *.google.com www.google.com *.signifyd.com *.e.aa.online-metrix.net *.googleapis.com data: amcglobal.sc.omtrdc.net cm.everesttech.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.demdex.net *.cloudfront.net *.prelive.vitamincenter.it *.vitamincenter.it *.adabra.com *.adroll.com *.google-analytics.com *.bing.com *.adbr.io d.adroll.com *.advertising.com *.rubiconproject.com *.outbrain.com *.pubmatic.com *.yahoo.com *.taboola.com *.bidswitch.net *.3lift.net *.3lift.com *.adnxs.com *.openx.com *.openx.net *.casalemedia.com *.nexi.it masterpass.com *.vitamincenter.com *.g.doubleclick.net cm.g.doubleclick.net cm.g.dou sendtric.com gen.sendtric.com *.niftyimages.com 'self' 'unsafe-inline'; script-src assets.adobedtm.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com js.authorize.net jstest.authorize.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com video.google.com vimeo.com www.vimeo.com www.youtube.com polyfill.io *.google.com *.google.bg *.googletagmanager.com *.facebook.net *.doubleclick.net *.google-analytics.com *.gstatic.com *.iubenda.com *.chimpstatic.com chimpstatic.com *.doofinder.com *.signifyd.com *.livechatinc.com *.rmtag.com *.tracead.com tracead.com *.addthis.com *.amazon.com *.amazonaws.com *.googleapis.com *.jsdelivr.net *.moatads.com *.addthisedge.com widget.pinterest.com smct.co *.smct.co smct.io *.smct.io *.cloudfront.net *.prelive.vitamincenter.it *.vitamincenter.it *.adbr.io *.newrelic.com *.nr-data.net *.bing.com *.adroll.com d.adroll.mgr.consensu.org vitamincenter.disqus.com *.disqus.com *.nexi.it *.googleadservices.com *.kk-resources.com 'self' data: *.p-a.io localhost 'unsafe-eval' data: webapprestapi.vitamincenter.com sendtric.com gen.sendtric.com *.niftyimages.com *.aptrinsic.com *.dwin1.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src getfirebug.com *.googleapis.com *.doubleclick.net *.facebook.com *.gstatic.com *.googletagmanager.com *.cloudflare.com *.cloudfront.net *.prelive.vitamincenter.it *.vitamincenter.it *.jsdelivr.net *.adbr.io *.bootstrapcdn.com *.adroll.com vitamincenter.disqus.com *.disqus.com *.niftyimages.com *.fontawesome.com *.aptrinsic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.algolia.net *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.iubenda.com *.doofinder.com *.g.doubleclick.net *.doubleclick.net *.signifyd.com *.signifyd.com:11103 *.signifyd.com:11103/onload https://bt.signifyd.com:11103 https://bt.signifyd.com:11103/onload bt.signifyd.com *.livechatinc.com *.addthis.com dpm.demdex.net smct.co *.smct.co smct.io *.smct.io *.amazonaws.com *.cloudfront.net *.prelive.vitamincenter.it *.vitamincenter.it *.adbr.io *.nr-data.net *.adroll.com *.bing.com *.nexi.it webapprestapi.vitamincenter.com sendtric.com gen.sendtric.com *.aptrinsic.com *.paypal.com *.dwin1.com 'self' 'unsafe-inline'; child-src 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' https://app.kajabi.com https://app.vibely.io https://communities.kajabi.com *.mykajabi.com https://communities.newkajabi-staging.com https://www.wavesstrategy.com 1
base-uri 'self';connect-src 'self';form-action 'self';img-src 'self' data:;media-src 'self';object-src 'none' 1
default-src 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://fonts.gstatic.com; img-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.aspnetcdn.com *.googleapis.com *.google-analytics.com data: ; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com data:; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com; connect-src 'self'; form-action 'self'; frame-ancestors 'self'; 1
default-src 'self'; connect-src 'self' telmac.co.in drstech.co.in *.googleapis.com; style-src 'self' 'unsafe-inline' telmac.co.in drstech.co.in *.googleapis.com *.cloudflare.com code.jquery.com *.bootstrapcdn.com; font-src 'self' *.googleapis.com *.gstatic.com ; script-src 'self' 'unsafe-eval' 'unsafe-inline' telmac.co.in drstech.co.in *.googleapis.com *.google.com *.cloudflare.com code.jquery.com *.bootstrapcdn.com; img-src 'self' telmac.co.in drstech.co.in *.google.com *.googleapis.com code.jquery.com data: *.gstatic.com *.histats.com; object-src *.histats.com; frame-src 'self' www.youtube.com *.google.com maps.googleapis.com; 1
object-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' 'unsafe-eval'; font-src 'self' 'unsafe-inline' 'unsafe-eval'; 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' tms.containers.piwik.pro d2iki0eau781c.cloudfront.net www.google-analytics.com www.google.com www.googletagmanager.com www.gstatic.com s3.amazonaws.com apis.google.com; object-src 'none'; frame-ancestors 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typeform.com fonts.bunny.net *.tiktok.com ct.pinterest.com *.pinimg.com *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se *.wd40.es *.tiktok.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: fonts.bunny.net *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.googleadservices.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se 1
script-src 'unsafe-eval' 'unsafe-inline' https: 1
frame-ancestors 'self' https://*.sanook.com/ 1
default-src 'self'; img-src 'self' https://www.google.com https://www.google.ie https://www.google-analytics.com data: 'self'; style-src 'self' https://fonts.googleapis.com  https://fonts.gstatic.com https://*.vo.msecnd.net/ http://*.vo.msecnd.net/ 'unsafe-inline'; script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com http://www.google-analytics.com  https://*.vo.msecnd.net/ http://*.vo.msecnd.net/ https://www.gstatic.com https://www.google.com/recaptcha/ https://js.monitor.azure.com/ https://*.hotjar.com/ 'unsafe-eval' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; connect-src 'self' https://dc.services.visualstudio.com/v2/track https://www.google-analytics.com https://*.google-analytics.com/ https://stats.g.doubleclick.net https://*.in.applicationinsights.azure.com/; frame-src https://www.google.com https://auth.mywelfare-nonprod.ie/ https://www.ros.ie/ https://*.ros.ie/  1
default-src c.wgr.de 'self'; script-src c.wgr.de connect.facebook.net www.googleadservices.com www.googletagmanager.com www.google.com googleads.g.doubleclick.net www.google.de maps.googleapis.com 'self' 'unsafe-eval' 'unsafe-inline' https://l.ecn-ldr.de; style-src c.wgr.de 'self' 'unsafe-inline'; object-src 'self'; img-src c.wgr.de d32wqyuo10o653.cloudfront.net www.facebook.com googleads.g.doubleclick.net www.google.com www.google.de maps.googleapis.com *.gstatic.com 'self' data: *.econda-monitor.de; frame-src newsletter.schulbuchzentrum-online.de www.facebook.com 'self'; child-src newsletter.schulbuchzentrum-online.de www.facebook.com 'self'; font-src c.wgr.de 'self' data:; connect-src https://mein.westermann.de/ www.facebook.com 'self' *.crosssell.info *.econda-monitor.de 1
default-src 'self' *.whatthemovie.net; script-src 'self' *.whatthemovie.net *.google-analytics.com *.recaptcha.net *.gstatic.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.whatthemovie.net fonts.googleapis.com 'unsafe-inline'; img-src 'self' *.whatthemovie.net s3-eu-west-3.amazonaws.com gravatar.com *.wp.com *.google-analytics.com data:; font-src fonts.gstatic.com *.whatthemovie.net; child-src *.recaptcha.net; frame-src *.youtube.com youtube.com *.recaptcha.net 'self'; connect-src 'self' youtube.com; 1
default-src 'self'; img-src https://*; child-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline';script-src-elem 'self' https://* 'unsafe-eval' 'unsafe-inline';style-src 'self' https://* 'unsafe-inline';connect-src 'self' https://*;font-src https://*; 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.cloudflare.com *.typekit.net *.trustedshops.com fonts.gstatic.com https://fonts.gstatic.com/ https://widgets.trustedshops.com maxcdn.bootstrapcdn.com data: *.hotjar.com fonts.bunny.net cdn.jsdelivr.net *.zopim.com data: 'self' 'unsafe-inline'; form-action pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com secure.ogone.com ogone.test.v-psp.com sis.redsys.es https://sis-t.redsys.es:25443/sis/realizarPago/utf-8 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com *.youtube-nocookie.com landofcoder.com maps.googleapis.com chart.googleapis.com *.addthis.com www.google.com youtu.be *.vimeo.com js.mollie.com td.doubleclick.net/ vars.hotjar.com tpc.googlesyndication.com/ *.shortstack.com/ *.pinterest.com/ *.facebook.com/ content.widget.thuiswinkel.org/ www.youtube.com 'self' 'unsafe-inline'; img-src data: t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com https://images.unsplash.com *.sooqr.com *.cloudflare.com https://cdn.klarna.com *.paypal.com img.youtube.com *.usercentrics.eu blob: https://www.mollie.com https://img.youtube.com https://maps.gstatic.com/ https://*.googleapis.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com bat.bing.com googleads.g.doubleclick.net/ fonts.gstatic.com *.analytics.google.com *.facebook.com/ *.google-analytics.com www.google.be/ www.google.de/ www.google.nl/ www.google.es/ www.google.com/ *.ggpht.com *.hotjar.com x.klarnacdn.net *.maxcdn.com *.pinterest.com *.smartsuppcdn.com static.sooqr.com pixel.sooqr.com *.trustedshops.com integrations.etrusted.com static.widget.trengo.eu/assets/ s3.eu-central-1.amazonaws.com/trengo/media/ widget.thuiswinkel-cdn.org/ v2assets.zopim.io v2.zopim.com data: 'self' 'unsafe-inline'; script-src www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com landofcoder.com *.googleapis.com chart.googleapis.com s7.addthis.com *.fontawesome.com *.gstatic.com *.avada.io *.sooqr.com *.addthis.com *.moatads.com *.addthisedge.com https://cdn.jsdelivr.net *.cloudflare.com *.google-analytics.com *.google.com *.googleadservices.com *.trustedshops.com *.usercentrics.eu js.mollie.com https://maps.googleapis.com/ https://widgets.trustedshops.com https://widgets-qa.trustedshops.com https://integrations.etrusted.com https://integrations.etrusted.site https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com www.googletagmanager.com bat.bing.com ajax.cloudflare.com/cdn-cgi/ *.cloudfront.net *.analytics.google.com connect.facebook.net www.googleadservices.com googleads.g.doubleclick.net tpc.googlesyndication.com *.hotjar.com *.pinimg.com *.smartsuppchat.com *.smartsuppcdn.com widget.thuiswinkel.org/ widget.thuiswinkel-cdn.org/ static.widget.trengo.eu/ widgets.trustedshops.com/ www.googleapis.com/youtube/ www.youtube.com *.zendesk.com *.zopim.com static.zdassets.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.fontawesome.com *.sooqr.com https://cdn.jsdelivr.net *.cloudflare.com *.typekit.net *.trustedshops.com *.usercentrics.eu fonts.googleapis.com https://fonts.googleapis.com/css https://widgets.trustedshops.com https://static-app.connect.trustedshops.com https://static-app.connect-qa.trustedshops.com maxcdn.bootstrapcdn.com static.sooqr.com integrations.etrusted.com widget.thuiswinkel-cdn.org/ fonts.bunny.net widgets.trustedshops.com/ 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src static.widget.trengo.eu/assets/ v2.zopim.com 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com vimeo.com landofcoder.com maps.googleapis.com chart.googleapis.com ekr.zdassets.com/ https://get.geojs.io *.avada.io *.cloudflare.com *.paypal.com *.googleapis.com *.trustedshops.com *.etrusted.com https://integrations.etrusted.site *.bing.com/ analytics.google.com *.analytics.google.com googleads.g.doubleclick.net connect.facebook.net www.facebook.com/tr/ *.google-analytics.com stats.g.doubleclick.net *.googlesyndication.com/ www.google.com/ *.hotjar.com *.hotjar.io wss://*.hotjar.com *.amazonaws.com *.pinterest.com sockjs-eu.pusher.com/pusher/ wss://*.smartsupp.com *.smartsuppchat.com *.smartsuppcdn.com collect.sooqr.com widgetcontent.thuiswinkel-cdn.org api.widget.trengo.eu/web-widget-api/ ekr.zendesk.com ekr.zdassets.com wss://widget-mediator.zopim.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' zinus.co.kr *.zinus.co.kr 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.yandex.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com remote.captcha.com *.googletagmanager.com;style-src 'self' 'unsafe-inline' *.yandex.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com;img-src 'self' data: *.yandex.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com;media-src 'self';frame-src 'self' *.yandex.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com *.youtube.com;font-src 'self' *.yandex.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com;connect-src 'self' *.yandex.ru *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com *.googletagmanager.com;frame-ancestors 'self' 1
base-uri 'none' ;frame-ancestors 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz ;default-src 'unsafe-inline' 'self' data: ;style-src 'unsafe-inline' 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://fonts.googleapis.com ;font-src 'self' data: https://fonts.gstatic.com ;connect-src 'self' https://www.easy-prace.cz https://www.zivotopisy.cz https://pdf.zivotopisy.cz https://www.personalniagentury.cz https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.googleadservices.com https://adservice.google.com https://stats.g.doubleclick.net https://www.google.com https://maps.googleapis.com https://www.youtube.com/ https://h.seznam.cz ;script-src 'unsafe-inline' 'unsafe-eval' 'self' data: https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://www.google.com https://www.gstatic.com https://www.googleadservices.com https://*.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://www.seznam.cz https://c.seznam.cz ;img-src 'self' data: https://www.easy-prace.cz https://www.zivotopisy.cz https://www.personalniagentury.cz https://www.google.com https://www.google.cz https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://maps.gstatic.com https://maps.googleapis.com https://c.seznam.cz https://*.youtube.com https://i.ytimg.com https://conv.indeed.com https://*.tile.osm.org ;frame-src https://www.easy-prace.cz https://www.zivotopisy.cz https://pdf.zivotopisy.cz https://www.personalniagentury.cz https://*.youtube.com https://www.google.com https://td.doubleclick.net ;object-src 'none' ;upgrade-insecure-requests ;report-uri https://www.zivotopisy.cz/report_content_security_policy ;report-to csp 1
frame-ancestors 'self' http://www.zoetispets.com/ 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' 'report-sample' *.wp.com *.saleago.com *.doubleclick.net *.clarity.ms *.google.pl *.klaviyo.com *.wp.com *.gravatar.com *.facebook.com *.facebook.net *.google.com *.googleapis.com *.jquery.com *.salesmanago.pl *.googletagmanager.com *.google-analytics.com *.gdpsystem.eu *.gstatic.com *.googlesyndication.com trafficscanner.pl *.trafficscanner.pl *.rzetelnyregulamin.pl cdnjs.cloudflare.com d3k81ch9hvuctc.cloudfront.net *.jsdelivr.net *.tally.so data: wss://trafficscanner.pl blob:; block-all-mixed-content; 1
default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.zpratnagiri.org; 1
frame-ancestors 'self' https://btbonline.balancetobuy.com 1
default-src 'self'; script-src 'self' *.gorilla-cannabis-seeds.co.uk *.doubleclick.net maxcdn.bootstrapcdn.com *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.gstatic.com 'unsafe-inline' 'unsafe-eval' ; style-src 'self' *.gorilla-cannabis-seeds.co.uk maxcdn.bootstrapcdn.com *.googleapis.com *.google.com *.gstatic.com 'unsafe-inline'; img-src * gorilla-cannabis-seeds.co.uk data: ; font-src * *.gorilla-cannabis-seeds.co.uk maxcdn.bootstrapcdn.com *.gstatic.com data: ; connect-src 'self' *.gorilla-cannabis-seeds.co.uk *.doubleclick.net maxcdn.bootstrapcdn.com *.google-analytics.com; media-src 'self'; frame-src 'self' *.youtube.com *.vimeo.com *.paddle.com *.googleapis.com *.google.com *.gstatic.com ; object-src 'none'; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' *.segurosbolivar.com https://*.segurosbolivar.com.co:* ws://*.amazonaws.com:* wss://*.amazonaws.com:* https://*.cloudfront.net:* https://*.google-analytics.com:* https://*.survevs-static.survicate.com:*  https://fonts.googleapis.com:* *.gstatic.com *.fontawesome.com data: blob: *.s3.amazonaws.com *.amazonaws.com *.bootstrapcdn.com *.amazoncognito.com; script-src 'self' 'unsafe-eval' https://*.s3.amazonaws.com https://www.googletagmanager.com  https://cdnjs.cloudflare.com:* *.crazyegg.com *.datatables.net data: blob: https://*.execute-api.us-east-1.amazonaws.com *.gstatic.com *.guardiandelaproductividad.com:* *.survicate.com https://www.google-analytics.com  https://www.google.com *.cloudfront.net *.fontawesome.com *.clarity.ms:* https://cdnjs.cloudflare.com:* 'unsafe-inline'; img-src 'self' * https://www.google-analytics.com https://surveys-static.survicate.com https://assets.survicate.com data: ; style-src 'self' *.fontawesome.com *.s3.amazonaws.com *.amazonaws.com *.bootstrapcdn.com *.datatables.net https://surveys-static.survicate.com  https://fonts.googleapis.com:* https://unpkg.com:* 'unsafe-inline'; font-src * https://surveys-static.survicate.com; object-src 'none'; connect-src 'self' https://*.s3.amazonaws.com *.guardiandelaproductividad.com:* https://cdnjs.cloudflare.com:* *.datatables.net *.crazyegg.com wss://*.execute-api.us-east-1.amazonaws.com https://www.google-analytics.com  https://*.execute-api.us-east-1.amazonaws.com *.gstatic.com https://*.auth.us-east-1.amazoncognito.com https://www.google.com https://respondent.survicate.com *.fontawesome.com *.clarity.ms:* https://unpkg.com:* *.survicate.com:* 'unsafe-inline' 1
frame-ancestors 'self' app-script.monsido.com monsido.com; 1
default-src 'self' https: wss: data: blob: 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://chart.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self'; object-src 'none'; 1
frame-ancestors 'self'; frame-src bartsboekje.com *.bartsboekje.com *.facebook.com *.google.com *.cookiebot.com *.hotjar.com *.youtube.com *.vimeo.com *.googletagmanager.com *.instagram.com *.pinterest.com bartsboekje.stuurlui.nl 1
frame-ancestors https://portal.lendingusa.com/ https://www.personifyfinancial.com/ 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.getbeamer.com https://*.cloudfront.net https://*.amazonaws.com https://*.google.com https://*.gstatic.com https://www.google-analytics.com https://tagmanager.google.com https://www.googletagmanager.com https://*.hotjar.com https://fullstory.com https://www.google.com https://www.gstatic.com https://cdn.embedly.com https://svc.webspellchecker.net https://cdn.candu.ai/ https://app.posthog.com/ https://eu.posthog.com/ https://*.hireful.app https://acsbapp.com https://widget.happyfoxchat.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.getbeamer.com https://tagmanager.google.com https://*.localapp.cyou https://*.hireful.app https://*.candu.ai https://use.typekit.net https://p.typekit.net; font-src 'self' https://*.gstatic.com data: https://use.typekit.net https://acsbapp.com https://cdn.acsbapp.com https://*.getbeamer.com; img-src 'self' data: https://*.iconfinder.com https://*.getbeamer.com https://*.cloudfront.net https://*.amazonaws.com https://www.google-analytics.com https://www.googletagmanager.com/ https://c0.froala.com https://cdnjs.cloudflare.com https://*.hireful.app https://*.acsbapp.com https://media.candulabs.com; media-src 'self' https://*.amazonaws.com; report-uri /report-violation; object-src 'self'; connect-src 'self' https://*.getbeamer.com https://*.hotjar.com https://*.fullstory.com wss://ws8.hotjar.com https://www.google-analytics.com wss://push-notifications.core-easywebats.com https://repo-v2.localplugins.cyou https://reporting-v2.dev-core-easywebats.name/ https://reporting-v2.core.staging.yetiats.com/ https://reporting-v2.core-easywebats.com/ https://svc.webspellchecker.net https://app.posthog.com/ https://eu.posthog.com/ https://*.amazonaws.com https://*.candu.ai https://*.localapp.cyou https://*.hireful.app https://*.acsbapp.com https://acsbapp.com https://widget.happyfoxchat.com https://happyfoxchat.com https://api.cumul.io https://*.cloudfront.net https://media.candulabs.com; frame-src 'self' blob: https://d3sceclfig3wjk.cloudfront.net https://*.getbeamer.com https://www.google.com https://vars.hotjar.com https://media.candulabs.com https://reports.hireful.co.uk https://widget.happyfoxchat.com https://happyfoxchat.com https://app.cumul.io https://integrations-dev-rtw-inte-trustidreportsbucket32b2-bqyw8cfkyozp.s3.eu-west-1.amazonaws.com/ https://integrations-staging-rtw--trustidreportsbucket32b2-sefc1dpa97dg.s3.eu-west-1.amazonaws.com https://integrations-prod-rtw-int-trustidreportsbucket32b2-ijpvpsni2ph0.s3.eu-west-1.amazonaws.com/; upgrade-insecure-requests 1
frame-ancestors 'self' https://3dprint.com 1
default-src 'none'; base-uri 'self'; child-src 'self' data: www.google.com; connect-src 'self' https://api.chilipiper.com https://tracking.chilipiper.com https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com https://yoast.com https://www.facebook.com https://forms.hubspot.com https://api.hubapi.com api.segment.io cdn.segment.com fonts.gstatic.com stats.g.doubleclick.net use.fontawesome.com www.google-analytics.com wss://*.talentwall.io ekr.zdassets.com static.zdassets.com talentwall.zendesk.com api.smooch.io api.intercom.io api-iam.intercom.io api-ping.intercom.io nexus-websocket-a.intercom.io nexus-websocket-b.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io uploads.intercomcdn.com js.intercomcdn.com uploads.intercomusercontent.com app.getsentry.com api.rollbar.com; font-src 'self' fonts.gstatic.com use.fontawesome.com cdn.loom.com js.intercomcdn.com data:; form-action 'self' https://forms.hsforms.com https://webto.salesforce.com https://www.facebook.com https://api.hubapi.com talentwall.zendesk.com/; frame-ancestors 'self'; frame-src 'self' https://crosschq.chilipiper.com https://forms.hsforms.com https://bid.g.doubleclick.net https://www.loom.com https://www.facebook.com https://static.addtoany.com; img-src 'self' https: data:; manifest-src 'self'; object-src 'none'; script-src 'self' js.chilipiper.com js.hsforms.net https://ajax.googleapis.com https://www.google.com https://cdnjs.cloudflare.com https://connect.facebook.net https://a.omappapi.com https://js.hscollectedforms.net https://js.hsadspixel.net https://js.hs-banner.com https://js-na1.hs-scripts.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://www.googletagmanager.com https://static.addtoany.com https://js.hs-analytics.net https://widget.intercom.io https://js.intercomcdn.com https://connet.facebook.net https://loom.com https://facebook.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https:; report-uri https://dd9f802741e18703836ab782ffca54be.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' https://*.acdagents.com/ https://vpm.org/ https://www.wgbh.org/ https://www.wqed.org/ https://pledgecart.org/ https://*.kqed.org/ https://www.kqed.org/ https://www.acddirect.com/ https://*.callswithoutwalls.com/ https://reports.callswithoutwalls.com/ https://www.rmpbs.org/ https://www.district5united.org/ https://teamup.com/ https://*.whut.org/ https://*.pbs.org https://*.vpr.org https://primerica-sandbox.atlassian.net https://primerica-acd.atlassian.net 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://www.google-analytics.com https://maps.google.com https://maps.googleapis.com https://cl.avis-verifies.com https://www.googletagmanager.com https://www.gstatic.com https://apps.elfsight.com https://static.elfsight.com https://universe-static.elfsightcdn.com 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com 'nonce-FvwTkOzkh6nnSjPjfUAN7BYTrUFvRvMB2PZO0ZK5adQ=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
default-src * 'self' 'unsafe-inline' 'unsafe-eval' data:; frame-ancestors 'self' 'unsafe-inline' 'unsafe-eval' https://musiciansaustralia.org 1
default-src https: wss: 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; frame-ancestors 'self' 1
connect-src 'self' https:;img-src 'self' data: blob: https://market-assets.strapi.io;media-src 'self' data: blob:;default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline' 1
frame-ancestors 'self' https://*.adaptavist.com 1
report-uri ; 1
default-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch; script-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'self' 'unsafe-inline' 'unsafe-eval' blob: data: http://static.hotjar.com https://static.hotjar.com https://script.hotjar.com https://google.com http://www.googleadservices.com https://googleads.g.doubleclick.net https://static.ads-twitter.com http://static.ads-twitter.com https://www.google-analytics.com https://www.googletagmanager.com https://connect.facebook.net https://www.google.com https://tagmanager.google.com https://www.gstatic.com https://www.linkedin.com https://analytics.twitter.com https://px.ads.linkedin.com https://maps.googleapis.com https://platform.twitter.com https://cdn.checkout.com https://static-resource.com https://sjs.bizographics.com https://snap.licdn.com http://bat.bing.com https://bat.bing.com https://www.dwin1.com http://www.dwin1.com https://*.intercom.io http://*.intercom.io https://*.intercomcdn.com http://*.intercomcdn.com https://p.teads.tv; font-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' chrome-extension 'self' data: http://script.hotjar.com https://script.hotjar.com http://*.gstatic.com https://*.gstatic.com https://*.intercomcdn.com https://github.com/google/fonts; style-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' https://fonts.googleapis.com http://fonts.googleapis.com https://tagmanager.google.com; img-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch 'unsafe-inline' 'self' data: blob: android-webview-video-poster https://* http://*; object-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://vjs.zencdn.net; connect-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch ws://*.infomaniak.ch:* ws://*.infomaniak.com:* wss://*.infomaniak.ch:* wss://*.infomaniak.com:* http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* https://surveystats.hotjar.io wss://*.hotjar.com https://www.google.com https://maps.googleapis.com https://nexus-long-poller-a.intercom.io https://*.bugsnag.com https://bat.bing.com http://bat.bing.com https://*.g.doubleclick.net https://*.google-analytics.com https://analytics.google.com https://www.google.ch https://www.google.fr https://www.google.de https://www.google.be https://*.facebook.com https://*.facebook.net https://*.linkedin.com https://*.checkout.com https://*.intercom.io http://*.intercom.io wss://*.intercom.io https://cm.teads.tv https://t.teads.tv; child-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://www.google.com https://google.com https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://bid.g.doubleclick.net https://cdn.checkout.com https://js.checkout.com; frame-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://www.google.com https://google.com https://vars.hotjar.com https://www.facebook.com https://www.youtube.com https://www.googletagmanager.com https://player.vimeo.com https://bid.g.doubleclick.net https://cdn.checkout.com https://js.checkout.com; media-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch https://js.intercomcdn.com; worker-src http://infomaniak.com http://*.infomaniak.com https://infomaniak.com https://*.infomaniak.com https://*.infomaniak.ch http://*.infomaniak.ch data: blob:; report-uri /api/csp-report; 1
default-src https:; 1
frame-ancestors 'self' *.ign.com *.ampproject.org *.zdbb.net *.disqus.com widgets.ign.com; 1
script-src 'self' *.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com https://d5nxst8fruw4z.cloudfront.net https://d31qbv1cthcecs.cloudfront.net  'unsafe-inline' 'unsafe-eval' www.google-analytics.com www.googletagmanager.com *.analytics.google.com *.doubleclick.net https://*.google-analytics.com/ gstatic.com www.google.com www.googleoptimize.com optimize.google.com www.gstatic.com https://bat.bing.com https://*.clarity.ms ; connect-src 'self' www.livenooky.com:9080 www.livenooky.com:9443 *.wlresources.com wss://*.wlresources.com *.acwebconnecting.com https://mpsnare.iesnare.com wss://mpsnare.iesnare.com ws://stt01.wlresources.com wss://stt01.wlresources.com ws://www.livenooky.com wss://www.livenooky.com *.campoints.net *.google-analytics.com *.googletagmanager.com *.analytics.google.com analytics.google.com *.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://bat.bing.com https://*.clarity.ms ; frame-src 'self' https://*.allopass.com http://*.allopass.com https://*.acwebconnecting.com https://www.google.com https://go.cam; worker-src 'self' blob:; frame-ancestors *.xlovecam.com *.backend.cam; report-uri /en/jserror/?ts=1715650237 1
default-src 'self'; font-src 'self' data: fonts.gstatic.com; img-src 'self' data:; script-src 'self'; style-src 'self' https://fonts.googleapis.com; frame-src 'self' https://www.google.com 1
font-src fonts.gstatic.com *.fontawesome.com *.googleapis.com *.gstatic.com static.zipmoney.com.au *.zipmoney.com.au *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com intercom.help https://seo.mageplaza.com 'self' 'unsafe-inline'; frame-ancestors www.gstatic.com *.meetanshi.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net https://www.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ www.googletagmanager.com widgets.sandbox.afterpay.com widgets.sandbox.clearpay.co.uk c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com *.google.com/ www.google.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com bytedance: sslocal: *.dotdigital-pages.com *.dotdigital.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.meetanshi.com *.wesupply.xyz https://wesupplylabs.com *.weltpixel.com zip.co static.zip.co sandbox.zip.co zipmoney.com.au sandbox.zipmoney.com.au checkout.gb.zip.co checkout.quadpay.com checkout-sandbox.quadpay.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://static.afterpay.com https://site-assets.afterpay.com/ www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com https://www.magezon.com *.meetanshi.com *.gstatic.com t.zip.co static.zipmoney.com.au static.zip.co *.unbxdapi.com *.beanbagsrus.com.au *.magentosite.cloud *.google.com.au meetanshi.com bam.nr-data.net *.getgobot.com *.stamped.io twemoji.maxcdn.com cdn.jsdelivr.net *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://api.addressfinder.io https://portal.sandbox.clearpay.co.uk https://portal.clearpay.co.uk https://portal.sandbox.afterpay.com https://portal.afterpay.com https://static.afterpay.com *.squarecdn.com https://hbiq.net cdn.ampproject.org raw.githubusercontent.com js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com maps.googleapis.com apis.google.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.ddlnk.net *.dotdigital-pages.com debug-tracking.dotdigital.internal cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com data: static.alliai.com *.segmetrics.io *.fontawesome.com *.googleapis.com *.gstatic.com *.google.com/ *.meetanshi.com *.cloudflare.com https://www.googletagmanager.com tagmanager.google.com static.zipmoney.com.au static.zip.co zip.co js-agent.newrelic.com bam.nr-data.net *.cloudfront.net *.unbxdapi.com *.tiktok.com *.getgobot.com *.zip.co *.stripe.com *.gorgias.chat config.gorgias.chat assets.gorgias.chat *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com https://api.addressfinder.io static.afterpay.com/ *.squarecdn.com fonts.googleapis.com unsafe-inline assets.braintreegateway.com cdn.dnky.co webchat.dotdigital.com webchat.staging.dotdigital.com *.fontawesome.com tagmanager.google.com *.unbxdapi.com *.getgobot.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ 'self' 'unsafe-inline'; object-src *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ 'self' 'unsafe-inline'; media-src *.adobe.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com vimeo.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://api.addressfinder.io static.afterpay.com static.sandbox.afterpay.com *.squarecdn.com https://hbiq.net https://iq.afterpay-beta.com https://iq.afterpay.com *.clearpay.co.uk cdn.ampproject.org api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com www.facebook.com connect.facebook.net graph.facebook.com business.facebook.com www.apptrian.com tiktok.com www.tiktok.com connect.tiktok.net graph.tiktok.com analytics.tiktok.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com webchat.dotdigital.com webchat.staging.dotdigital.com *.meetanshi.com https://www.google-analytics.com bam.nr-data.net *.unbxd.io *.tiktok.com *.doubleclick.net *.getgobot.com *.zipmoney.com.au *.cloudfront.net assets.gorgias.chat *.gorgias.chat chatsvc.getgobot.com maps.googleapis.com *.googleapis.com portal.sandbox.afterpay.com portal.afterpay.com *.afterpay.com wss://chatsvc.getgobot.com trx.sandbox.zip.co *.sandbox.zip.co s3.ap-southeast-2.amazonaws.com *.amazonaws.com *.beanbagsrus.com.au trx.zip.co *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ *.stape.biz 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src assets.gorgias.chat *.gorgias.chat *.intercom.io *.intercomcdn.com wss://nexus-websocket-a.intercom.io/ 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
upgrade-insecure-requests; frame-ancestors 'self'; default-src 'none'; connect-src 'self' https://api.isic.org https://consentcdn.cookiebot.com https://ct.pinterest.com https://maps.googleapis.com https://stats.g.doubleclick.net https://t.leady.com https://www.facebook.com https://www.google-analytics.com https://yoast.com https://my.yoast.com https://*.smartlook.com https://*.google-analytics.com https://*.analytics.google.com https://*.smartlook.cloud; font-src data: 'self' https://fonts.gstatic.com; frame-src 'self' https://consentcdn.cookiebot.com https://open.spotify.com https://embed-standalone.spotify.com https://www.facebook.com https://www.google.com https://www.pinterest.com https://www.youtube-nocookie.com; img-src data: 'self' https://c.seznam.cz https://cdn.isic.cz https://ct.pinterest.com https://dm.aliveplatform.com https://dmp.adform.net https://i.ytimg.com https://maps.googleapis.com https://maps.gstatic.com https://purecatamphetamine.github.io https://s3-eu-west-1.amazonaws.com https://s.w.org https://secure.gravatar.com https://t.leady.com https://widgets.isic.org https://www.google-analytics.com https://www.google.com https://www.google.cz https://www.facebook.com https://*.amazonaws.com https://*.tile.osm.org; media-src data: 'self' https://cdn.isic.cz; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://c.imedia.cz https://c.seznam.cz https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://maps.googleapis.com https://s.pinimg.com https://t.leady.com https://unpkg.com https://widgets.isic.org https://www.geoplugin.net https://www.google.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.gstatic.com https://*.smartlook.cloud https://*.amazonaws.com https://code.jquery.com https://*.datatables.net https://*.google-analytics.com https://*.smartlook.com; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://fonts.googleapis.com https://*.datatables.net https://unpkg.com; worker-src 'self' blob: 1
default-src 'self' *.wirth-horn.de https://www.youtube-nocookie.com https://cdn.privacy-mgmt.com https://assets.adobedtm.com 'unsafe-eval' 'unsafe-inline'; img-src data: *; media-src data: *; style-src 'self' data: 'unsafe-inline' *.wirth-horn.de  https://fonts.googleapis.com; font-src data: 'self' https://fonts.gstatic.com https://fonts.googleapis.com; 1
default-src 'self' fonts.gstatic.com use.typekit.net cdnjs.cloudflare.com data: maxcdn.bootstrapcdn.com *.fontawesome.com fonts.bunny.net;connect-src *;media-src *;object-src *;script-src * 'self' 'unsafe-inline' 'unsafe-eval' blob:;style-src * 'unsafe-inline';frame-src 'self' *.cloudflare.com *.google.com *.facebook.com *.youtube-nocookie.com platform.twitter.com syndication.twitter.com player.vimeo.com static.addtoany.com;img-src 'self' data: *.google-analytics.com cdn.cookielaw.org *.doubleclick.net googletagmanager.com *.facebook.com *.gstatic.com *.googleapis.com *.google.co.uk *.google.com *.ytimg.com *.fbcdn.net *.googleapis.com *.gravatar.com *.googletagmanager.com *.twimg.com syndication.twitter.com platform.twitter.com vetspecialists.co.uk *.w.org *.webdesi9.com;report-uri https://csp.clickingmad.com/report.php 1
default-src 'unsafe-inline' https: https://www.kaiser-elektro.de; script-src 'unsafe-inline' 'unsafe-eval' https: https://www.kaiser-elektro.de; style-src 'unsafe-inline' https:; img-src 'self' data: https:; font-src data: https:; frame-src https://www.kaiser-elektro.de https://*.google.com https://player.podigee-cdn.net https://scnem3.com https://*.youtube.com https://www.youtube-nocookie.com https://*.kaiser-elektro.de https://*.agro.ch https://*.helia-elektro.be https://*.attema.com https://*.partcommunity.com https://*.etim-deutschland.de 1
frame-ancestors 'none'; default-src 'none'; img-src 'self' data:; script-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self' https://*.pacts.cloud wss://*.pacts.cloud https://pacts-eng-svc-temporary-blob-production.s3.eu-central-1.amazonaws.com; font-src 'self'; manifest-src 'self'; child-src https://*.siemens-energy.io https://*.siemens-energy.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-SPEYQvxfM7eMHz3sCyoEBw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; font-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; 1
frame-ancestors 'self' kozbeszerzes.hu *.kozbeszerzes.hu kt.hu *.kt.hu 1
frame-ancestors 'self' *.risevision.com 1
default-src 'self' https://tpc.googlesyndication.com;                script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org https://www.brighttalk.com https://cdn.wisepops.com https://cdn.inspectlet.com https://platform.twitter.com https://s.ytimg.com https://www.youtube.com https://secure.cave9tape.com https://cdnjs.cloudflare.com https://connect.facebook.net https://d.adroll.mgr.consensu.org https://*.adroll.com https://munchkin.marketo.net https://www.google.com https://optimize.google.com https://cdn.ampproject.org https://www.googletagmanager.com https://tagmanager.google.com https://securepubads.g.doubleclick.net https://cdn.euromoneyapi.com https://js.revsci.net https://www.gstatic.com https://adservice.google.com https://adservice.google.rs https://www.google-analytics.com https://loader.wisepops.com https://sjs.bizographics.com https://cdn.subscribers.com https://www.googletagservices.com https://cdn.mouseflow.com https://*.ubembed.com https://z.moatads.com https://tpc.googlesyndication.com https://*.serving-sys.com https://ssl.google-analytics.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://cdn.syndication.twimg.com;                font-src 'self' data: https://www.google.com https://fonts.googleapis.com https://fonts.gstatic.com;                style-src 'self' 'unsafe-inline' https://ton.twimg.com https://code.jquery.com https://optimize.google.com https://fonts.googleapis.com https://cdn.euromoneyapi.com https://tagmanager.google.com https://platform.twitter.com;                style-src-elem 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://*.twimg.com https://*.jquery.com https://*.twitter.com https://tagmanager.google.com https://fonts.googleapis.com https://cdn.euromoneyapi.com;               connect-src 'self' https://cdn.cookielaw.org https://*.inspectlet.com https://*.doubleclick.net https://securepubads.g.doubleclick.net https://*.googlesyndication.com https://www.google-analytics.com https://popup.wisepops.com https://cdn.subscribers.com https://googleads4.g.doubleclick.net https://csi.gstatic.com/ https://*.mktoresp.com https://*.serving-sys.com;                img-src * data: https://www.google-analytics.com https://optimize.google.com https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com https://googleads.g.doubleclick.net;                frame-src 'self' 'unsafe-inline' https://*.net https://*.com https://*.twitter.com https://*.googlesyndication.com;               object-src 'self';                prefetch-src 'self' https://*.googlesyndication.com 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-5lCtzYdQhDXJuODkrXVF5g==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
upgrade-insecure-requests; frame-ancestors 'self' https://app.ramp.com https://cohere-voice.ramp.com; report-uri https://ramp.report-uri.com/r/d/csp/enforce 1
default-src 'self';base-uri 'self';script-src 'nonce-yoKY5KAboXDQd4MWHV2gSw==' 'strict-dynamic' 'report-sample' https:;report-to csp-endpoint;upgrade-insecure-requests;style-src 'self' *.cdn.office.net *.microsoft.com res-dev.cdn.officeppe.net 'unsafe-inline' https://www.microsoft.com/;font-src 'self' data: *.cdn.office.net res-dev.cdn.officeppe.net data c.s-microsoft.com *.microsoft.com;connect-src 'self' https://browser.pipe.aria.microsoft.com https://browser.events.data.microsoft.com *.office.com *.cdn.office.net res-dev.cdn.officeppe.net https://consentreceiverfd-prod.azurefd.net data:;frame-src https://login.microsoftonline.com https://login.live.com mem.gfx.ms amcdn.msftauth.net amcdn.msauth.net;img-src * data: blob:;worker-src 'self' blob:;child-src 'self' blob:;report-uri https://csp.microsoft.com/report/Harmony-App-PROD; 1
script-src  * 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' analytics.google.com *.google-analytics.com *.google.com *.facebook.net *.facebook.com *.youtube.com *.hotjar.com *.hotjar.io challenges.cloudflare.com 7000partners.com promo7k.com sat.yxicee3.net; script-src 'unsafe-inline' 'self' 'unsafe-eval' analytics.google.com *.google-analytics.com *.google.com *.googleapis.com www.googletagmanager.com *.gstatic.com *.facebook.net *.facebook.com *.datatables.net *.jquery.com certify.gpwa.org *.hotjar.com *.hotjar.io *.amplitude.com challenges.cloudflare.com *.jsdelivr.net promo7k.com sat.yxicee3.net; style-src 'unsafe-inline' 'self' analytics.google.com *.google-analytics.com *.googleapis.com *.facebook.net *.datatables.net; font-src 'unsafe-inline' 'self' data: analytics.google.com *.google-analytics.com *.gstatic.com *.facebook.net *.facebook.com; img-src * data: blob: sat.yxicee3.net; connect-src 'unsafe-inline' 'self' *.facebook.com *.hotjar.com *.hotjar.io analytics.google.com *.google-analytics.com *.doubleclick.net *.amplitude.com api.lb.casinosgamblingreviews.com sat.yxicee3.net 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.com.hk *.googleusercontent.com www.google.com.qa www.google.lv cylanceconsumershop.sjv.io www.advantage.nz *.doubleclick.net www.google.at www.google.co.uk advantage.nz www.google.com.my *.cloudfront.net www.google.co.in *.x.clearbitjs.com apis.google.com *.googleapis.com googleapi.com img.youtube.com www.avanan.com app.formbricks.com cdn.scite.ai cdn.jsdelivr.net gjtrack.ucweb.com consentlog.cookieyes.com www.google.se www.google.bg grow.clearbitjs.com www.google.hu static.olark.com www.google.com yoa.st *.linkedin.com account.crocoblock.com www.google.com.kh *.licdn.com www.google.com.br www.google.by events.mapbox.com www.google.ro maps.google.com img.scoop.co.nz x.clearbitjs.com yoast.com region1.google-analytics.com www.google.com.mx www.google.fr www.google.com.vn *.pipedream.wistia.com www.google.es *.googleapi.com *.cookieyes.com use.fontawesome.com clearbit.com www.google.com.pe cookieyes.com www.google.pl www.google-analytics.com api.mapbox.com *.ampproject.org www.google.ge secure.gravatar.com nrpc.olark.com www.google.co.th www.google.co.ke www.google.co.kr www.google.az www.google.com.bz www.google.com.ua www.google.com.sg www.google.com.eg www.google.com.et *.gstatic.com code.jquery.com www.google.com.tw www.google.ae www.google.im *.googleadservices.com www.google.com.om log.cookieyes.com www.google.com.fj www.google.co.zw www.google.co.il www.google.com.ph www.google.com.bh www.google.lk *.alicdn.com s.w.org www.google.co.uz *.cdn-cookieyes.com adservice.google.com www.google.co.nz translate.google.com www.google.co.za static3.avast.com region1.analytics.google.com www.google.hn www.google.com.do fast.wistia.com cdnjs.cloudflare.com www.google.no fonts.gstatic.com google.com *.embedwistia-a.akamaihd.net www.google.be static2.sharepointonline.com *.clearbitjs.com www.google.co.tz www.google.ie *.fast.wistia.com *.googlesyndication.com s2-prod.manchestereveningnews.co.uk cdn-cookieyes.com tag.clearbitscripts.com test.advantage.nz gstatic.com *.akamaihd.net *.google.com analytics.google.com beacon-v2.helpscout.net www.google.com.au cdn.honey.io static.hsappstatic.net www.google.dz ml4zwwsoydfd.i.optimole.com my.yoast.com www.google.ca feedback-pa.clients6.google.com static.zohocdn.com www.google.co.id *.azureedge.net ps.w.org cdn.mxpnl.com maxcdn.bootstrapcdn.com *.facebook.net www.google.de www.googletagmanager.com app.clearbit.com www.google.com.pk www.google.co.jp api.crocoblock.com clearbitjs.com *.wistia.com; frame-ancestors 'self' socmonitor.advantage.co.nz *.amazon.com www.confiant-qa.com www.amazon.co.jp ;  1
default-src https:; script-src 'unsafe-inline' 'unsafe-eval' https: blob:; style-src 'unsafe-inline' https:; img-src https: data: blob:; font-src https: data:; frame-ancestors https://*.sphere.uk https://*.cozmos.com https://*.sphere.co.uk https://*.toysphere.co.uk https://*.toysphere.com https://*.shortstackapp.com https://*.figma.com; worker-src blob:; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  https: data:; 1
script-src http: https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://editorajbc.com.br https://*.editorajbc.com.br https://jbchost.com.br https://*.jbchost.com.br https://*.jbcnet.com.br https://www.google-analytics.com https://cdnjs.cloudflare.com; script-src 'nonce-WmtLN25MNnJGa0JvZTA0YjlPWVp5d0FBQUJJ' 'unsafe-inline'; img-src * data:; media-src 'self'; style-src * 'unsafe-inline' data:; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com data:; frame-src *; connect-src 'self' https://*.doubleclick.net https://*.googlesyndication.com https://*.google-analytics.com https://*.gstatic.com https://*.google.com https://*.googleapis.com https://*.clarity.ms; object-src 'none'; frame-ancestors 'self' https://editorajbc.com.br https://*.jbcnet.com.br https://*.jbchost.com.br https://*.ohmina.com.br https://*.madeinjapan.com.br; base-uri 'self'; 1
default-src 'self'; base-uri 'none'; img-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com assets.digital.cabinet-office.gov.uk https://img.youtube.com https://i.ytimg.com; script-src 'self' www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com www.gstatic.com *.ytimg.com www.youtube.com www.youtube-nocookie.com 'nonce-qdpJZSjDNkV70zM1xuFQEg=='; style-src 'self' www.gstatic.com; font-src 'self'; connect-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net www.googletagmanager.com www.region1.google-analytics.com region1.google-analytics.com lux.speedcurve.com gds-single-consent-staging.app gds-single-consent.app; object-src 'none'; frame-src 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk www.youtube.com www.youtube-nocookie.com; frame-ancestors 'self' *.publishing.service.gov.uk www.gov.uk *.dev.gov.uk; report-uri https://csp-reporter.publishing.service.gov.uk/report 1
default-src https: *; script-src https: 'unsafe-inline' 'unsafe-eval' *;img-src data: https:;font-src data: https:;style-src https: 'unsafe-inline' *;upgrade-insecure-requests;frame-ancestors 'self'; base-uri 'none'; frame-src mailto: *; worker-src blob: * ; child-src blob: ; 1
frame-ancestors 'none'; object-src 'none'; upgrade-insecure-requests 1
frame-ancestors https://tc1.us https://oc.tc1.us https://hcareers.com https://hcareers-dev.com:3000 https://www.hcareers.com https://iframetester.com https://web-dev.hcdev001.com https://web-qa.hcdev001.com https://web-stg.hcdev001.com https://jsv3.recruitics.com/ 1
default-src 'self' 'unsafe-eval' data: *.gstatic.com *.visualwebsiteoptimizer.com *.google-analytics.com *.hotjar.com *.pixelg.adswizz.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: http://www.googleadservices.com https://*.trackduck.com http://*.googletagmanager.com http://*.doubleclick.net http://*.visualwebsiteoptimizer.com http://www.gstatic.com http://bat.bing.com https://pixelg.adswizz.com http://*.gigg.com; style-src 'self' 'unsafe-inline' https http://fonts.googleapis.com https: http://hello.myfonts.net; img-src 'self' blob: data: https: *.gravatar.com http://*.visualwebsiteoptimizer.com http://bat.bing.com; font-src 'self' data: https:; connect-src 'self' https://app.trackduck.com wss://app.trackduck.com https://stats.g.doubleclick.net https://cdnjs.cloudflare.com http://*.visualwebsiteoptimizer.com *.hotjar.com *.google-analytics.com https://pixelg.adswizz.com https://loadus.exelator.com http://*.gigg.com https://cdn.linkedin.oribi.io https://script.crazyegg.com https://analytics.google.com https://www.google.ca https://adservices.google.com; media-src 'self' https:; object-src 'self'; frame-src 'self' https://app.five9.com/ https://trios.lifecyclesystems.com/ https://mobials.com https://www.youtube.com https://player.vimeo.com https://vimeo.com https://pr.easypromosapp.com/ https://www.google.com https://www.eventbrite.ca https://www.eventbrite.com https://www.googletagmanager.com https://connect.facebook.net https://www.facebook.com https://bid.g.doubleclick.net https://*.visualwebsiteoptimizer.com *.hotjar.com https://sketchfab.com/ https://12089624.fls.doubleclick.net https://td.doubleclick.net; form-action 'self' https:; report-uri https://df20e771691f9b03eab387e2cb951226.report-uri.com/r/d/csp/enforce; 1
default-src 'self'; img-src https: *.google-analytics.com; worker-src 'self'; style-src 'self' 'unsafe-inline' *.quoteandapply.io *.calendly.com; script-src 'sha256-+s5+VTj0t75atf3mkUaZZMMlfs4pc+zeJdjcmBMRncg=' 'self' 'self' *.google-analytics.com *.quoteandapply.io *.back9ins.com *.vimeo.com *.calendly.com; frame-src *.vimeo.com *.quoteandapply.io https://calendly.com *.back9ins.com blob:; connect-src *.rollbar.com *.google-analytics.com *.vimeo.com https://api.back9ins.com; form-action 'self'; frame-ancestors 'none'; object-src 'none'; base-uri self 1
frame-ancestors 'self' flughafen-saarbruecken.de app-content 1
default-src 'none'; block-all-mixed-content; frame-ancestors 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud https://*.googletagmanager.com https://*.google.com https://*.hubspot.com https://*.vimeo.com https://*.facebook.com https://nordcloud.my.canva.site; base-uri 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud; object-src 'none'; manifest-src 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud; media-src 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud; connect-src 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://*.doubleclick.net https://www.googleadservices.com https://ade.googlesyndication.com https://*.googletagmanager.com https://*.nr-data.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://*.facebook.com https://*.oribi.io https://*.hscollectedforms.net https://*.breezy.hr https://*.zoominfo.com https://*.vimeo.com https://*.googlesyndication.com https://*.openfpcdn.io https://*.clickcease.com https://*.cdn-cookieyes.com https://cdn-cookieyes.com https://*.cookieyes.com https://cookieyes.com https://*.linkedin.com https://*.zi-scripts.com https://*.clickagy.com https://cdn.dreamdata.cloud https://*.redditstatic.com https://*.reddit.com https://google.com https://*.stackadapt.com https://*.ipstack.com; frame-src 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://*.doubleclick.net https://www.googleadservices.com https://ade.googlesyndication.com https://*.googletagmanager.com https://*.nr-data.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://*.facebook.com https://*.oribi.io https://*.hscollectedforms.net https://*.breezy.hr https://*.zoominfo.com https://*.vimeo.com https://*.googlesyndication.com https://*.youtube.com https://*.spotify.com https://*.canva.com/ https://*.clickagy.com https://calendly.com https://*.adsrvr.org https://nordcloud.my.canva.site; img-src 'self' data: https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud https://nordcloud.local https://*.hotjar.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://*.hubspot.com https://*.doubleclick.net https://*.google.pl https://*.google.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://*.googletagmanager.com https://*.gstatic.com https://*.facebook.com https://*.linkedin.com https://*.cartocdn.com https://*.breezy.hr https://*.vimeo.com https://*.vimeocdn.com https://s.w.org https://t.co https://*.twitter.com https://*.facebook.net https://*.google.be https://*.google.nl https://*.tickettailor.com https://*.cdninstagram.com https://*.hubspotusercontent-eu1.net https://*.ytimg.com https://*.cdn-cookieyes.com https://cdn-cookieyes.com https://*.cookieyes.com https://cookieyes.com https://*.fbcdn.net https://*.clickagy.com https://*.demdex.net https://*.openx.net https://*.rlcdn.com https://*.sitescout.com https://*.agkn.com https://*.googleadservices.com https://*.crwdcntrl.net https://*.reddit.com blob:; script-src 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud https://*.hotjar.com https://*.google.com https://*.googletagmanager.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://www.googleadservices.com https://*.doubleclick.net https://*.gstatic.com https://*.pardot.com https://*.hsadspixel.net https://*.zoominfo.com https://*.clickcease.com https://*.licdn.com https://*.linkedin.com https://*.facebook.net https://*.nr-data.net https://*.hs-banner.com https://*.hs-analytics.net https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://*.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://unpkg.com https://*.breezy.hr https://*.vimeo.com https://*.googlesyndication.com https://*.ads-twitter.com https://*.hsleadflows.net https://*.youtube.com https://*.cdn-cookieyes.com https://cdn-cookieyes.com https://*.cookieyes.com https://cookieyes.com https://*.zi-scripts.com https://*.clickagy.com https://*.calendly.com https://*.adsrvr.org https://cdn.dreamdata.cloud https://*.redditstatic.com https://*.stackadapt.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud https://*.hotjar.com https://*.google.com https://*.googletagmanager.com https://*.googleanalytics.com https://*.google-analytics.com https://*.googleoptimize.com https://www.googleadservices.com https://*.doubleclick.net https://*.googleapis.com https://*.hubspot.com https://*.hubapi.com https://*.hsforms.com https://*.hsforms.net https://*.hsappstatic.net https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://*.usemessages.com https://unpkg.com https://*.breezy.hr https://*.stackadapt.com 'unsafe-inline'; font-src 'self' data: https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud https://*.hotjar.com https://*.gstatic.com https://*.google.com; form-action 'self' https://nordcloud.com https://*.nordcloud.com https://nordcl-23471.siv-ams.servebolt.cloud https://*.hubspot.com https://*.hsforms.com https://*.hsforms.net https://*.facebook.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.advantshop.net *.advantshop.by *.advantshop.com *.advantshop.kz *.advstatic.ru  *.advant.shop www.google-analytics.com ssl.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net apis.google.com vk.com www.facebook.com connect.facebook.net platform.twitter.com cdn.syndication.twimg.com counter.rambler.ru cdn.jsdelivr.net ymetrica.com mc.yandex.ru yastatic.net api-maps.yandex.ru top-fwz1.mail.ru counter.yadro.ru top-abd.mail.ru *.jivosite.com *.chat2desk.com static.woopra.com www.woopra.com dadata.ru advantshop.disqus.com www.googletagmanager.com tagmanager.google.com ajax.googleapis.com advantschool.ru data:; 1
img-src 'self' *.arcgis.com *.mcusercontent.com *.cartocdn.com *.miadi.net *.ecmaps.de *.destination.one *.twimg.com *.instagram.com *.cdninstagram.com *.fbcdn.net *.fliphtml5.com *.cloudfront.net *.kiel.de https://baumgardt-maps.de http://t1.openseamap.org *.livespotting.com  *.et4.de *.eye-able.com; child-src youtube.com *.youtube.com *.mcusercontent.com *.et4.de *.kiel.de *.thinglink.com *.ecmaps.de *.destination.one *.thinglink.me *.youtube-nocookie.com *.youtu.be *.vimeo.com vimeo.com *.manage2sail.com *.eye-able.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.destination.one *.et4.de *.thinglink.me *.thinglink.com *.kiel.de *.cloudfront.net https://baumgardt-maps.de http://t1.openseamap.org *.livespotting.com *.arcgis.com *.eye-able.com; style-src 'self' 'unsafe-inline' *.kiel.de *.cloudfront.net https://fonts.googleapis.com  *.twimg.com *.instagram.com *.cdninstagram.com *.livespotting.com *.arcgis.com *.eye-able.com; object-src 'none' 1
frame-ancestors 'self' https://www.testmyspeed.com/ https://stagetmspeed.wpengine.com/ https://devtmspeed.wpengine.com/ 1
frame-ancestors https://fleetmatics.com 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-tUJCi5AJQ0fjLbVLBM6GHw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src * data: blob: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; style-src * data: blob: 'unsafe-inline'; img-src * data: blob:; report-uri https://www.mfgsoft.de/report.php; 1
default-src 'none'; connect-src 'self' https://*.dequest.io https://*.digitaloceanspaces.com https://*.base.org https://*.immutable.com https://*.walletconnect.com wss://*.walletconnect.com https://*.sequence.app https://*.doubleclick.net https://*.fractal.is https://*.google.com https://threejs.org https://*.googleapis.com  https://*.google-analytics.com https://*.binance.org https://*.amplitude.com wss://*.walletconnect.org wss://*.bridge.walletconnect.org https://*.walletconnect.com data:; script-src 'self' https://*.googletagmanager.com https://*.ads-twitter.com https://*.facebook.net 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.digitaloceanspaces.com data:; img-src 'self' https://*.steamstatic.com https://*.digitaloceanspaces.com https://*.google.nl https://*.moralisipfs.com https://*.walletconnect.com https://*.google-analytics.com https://t.co https://*.twitter.com https://*.google.com https://*.google.ru https://*.google.am data:; style-src 'self' 'unsafe-inline'; frame-src https://*.magic.link; media-src 'self' https://dequest.fra1.cdn.digitaloceanspaces.com; frame-ancestors 'self' https://auth.magic.link; frame-src 'self' https://auth.magic.link; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://freeatlantis.com; img-src 'self' https: data: blob: https://freeatlantis.com; style-src 'self' https://freeatlantis.com 'nonce-utkJmTrfDuyVQW+qw0ekyw=='; media-src 'self' https: data: https://freeatlantis.com; frame-src 'self' https:; manifest-src 'self' https://freeatlantis.com; form-action 'self'; child-src 'self' blob: https://freeatlantis.com; worker-src 'self' blob: https://freeatlantis.com; connect-src 'self' data: blob: https://freeatlantis.com https://files.freeatlantis.com wss://freeatlantis.com; script-src 'self' https://freeatlantis.com 'wasm-unsafe-eval' 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com 'nonce-YkQVKT8fQayxKB/XKf37gVZPis983k8Ps0EfxDr5Klg=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/47/csp-report/?sentry_key=a7dcff6da4704fcf9dbecd647d997b1b 1
object-src 'none';base-uri 'self';script-src 'nonce-1z61av0xdA5gs8s6p_OrPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-n6pQnpwObgTrHn3JB8yn7Xl5GSpa6EqFbIkrYndJ0ZEb1Laj' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-NynwJDDkRIO11f9HTPfZwDE2+daaIWszfbZ/W44oRm9kag/8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-SXmaebasHD1C8qFCnyMzd2suXlB0X1vsdA6sjhWqQr8FiIZq' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-ttTFdTUhh6ENetUCi9U3/tVPgsa9Pf8dVliq2qQJhVuM0wCS' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self'; script-src 'self' https://api.theoriego.nl https://www.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.googletagmanager.com https://www.googleadservices.com https://www.google.com https://googleads.g.doubleclick.net 'sha256-Zli3eA/mwf+wctCbOGGzog7Xy6nTA+BRd4AXxaqHT+M=' 'nonce-172e6351-7612-40e6-90c9-2ac47d7e14a3'; style-src 'self' 'unsafe-inline'; img-src 'self' https://assets.theoriego.nl data: https://www.google-analytics.com https://*.google-analytics.com https://*.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com; font-src 'self' data:; connect-src 'self' https://api.theoriego.nl https://assets.theoriego.nl https://www.google-analytics.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com; media-src 'self' https://assets.theoriego.nl; object-src 'none'; child-src 'none'; frame-src 'none'; worker-src 'self'; form-action 'none'; upgrade-insecure-requests ; block-all-mixed-content ; manifest-src 'none'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://transfur.social; img-src 'self' https: data: blob: https://transfur.social; style-src 'self' https://transfur.social 'nonce-bivGk3iJdLIKthAufKTSvg=='; media-src 'self' https: data: https://transfur.social; frame-src 'self' https:; manifest-src 'self' https://transfur.social; form-action 'self'; child-src 'self' blob: https://transfur.social; worker-src 'self' blob: https://transfur.social; connect-src 'self' data: blob: https://transfur.social https://r2.transfur.social wss://transfur.social; script-src 'self' https://transfur.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.virginmoney.com; report-uri https://cyburi.report-uri.com/r/t/csp/enforce; 1
connect-src 'self' blob: https://api.x.ai https://api.x.com https://*.pscp.tv https://*.video.pscp.tv https://*.twimg.com https://api.twitter.com https://api.x.com https://api-stream.twitter.com https://api-stream.x.com https://ads-api.twitter.com https://ads-api.x.com https://aa.twitter.com https://aa.x.com https://caps.twitter.com https://caps.x.com https://pay.twitter.com https://pay.x.com https://sentry.io https://ton.twitter.com https://ton.x.com https://ton-staging.atla.twitter.com https://ton-staging.atla.x.com https://ton-staging.pdxa.twitter.com https://ton-staging.pdxa.x.com https://twitter.com https://x.com https://upload.twitter.com https://upload.x.com https://www.google-analytics.com https://accounts.google.com/gsi/status https://accounts.google.com/gsi/log https://checkoutshopper-live.adyen.com wss://*.pscp.tv https://vmap.snappytv.com https://vmapstage.snappytv.com https://vmaprel.snappytv.com https://vmap.grabyo.com https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://ads-twitter.com https://analytics.twitter.com https://analytics.x.com  ; default-src 'self'; form-action 'self' https://twitter.com https://*.twitter.com https://x.com https://*.x.com https://localhost.twitter.com:3443 https://localhost.x.com:3443; font-src 'self' https://*.twimg.com; frame-src 'self' https://twitter.com https://x.com https://mobile.twitter.com https://mobile.x.com https://pay.twitter.com https://pay.x.com https://cards-frame.twitter.com https://accounts.google.com/ https://client-api.arkoselabs.com/ https://iframe.arkoselabs.com/ https://vaultjs.apideck.com/  https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; img-src 'self' blob: data: https://*.cdn.twitter.com https://*.cdn.x.com https://ton.twitter.com https://ton.x.com https://*.twimg.com https://analytics.twitter.com https://analytics.x.com https://cm.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://www.periscope.tv https://www.pscp.tv https://ads-twitter.com https://ads-api.twitter.com https://ads-api.x.com https://media.riffsy.com https://*.giphy.com https://media.tenor.com https://c.tenor.com https://*.pscp.tv https://*.periscope.tv https://prod-periscope-profile.s3-us-west-2.amazonaws.com https://platform-lookaside.fbsbx.com https://scontent.xx.fbcdn.net https://scontent-sea1-1.xx.fbcdn.net https://*.googleusercontent.com https://t.co/1/i/adsct; manifest-src 'self'; media-src 'self' blob: https://twitter.com https://x.com https://*.twimg.com https://*.vine.co https://*.pscp.tv https://*.video.pscp.tv https://dhdsnappytv-vh.akamaihd.net https://pdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://mdhdsnappytv-vh.akamaihd.net https://mpdhdsnappytv-vh.akamaihd.net https://mmdhdsnappytv-vh.akamaihd.net https://dwo3ckksxlb0v.cloudfront.net; object-src 'none'; script-src 'self' 'unsafe-inline' https://*.twimg.com https://recaptcha.net/recaptcha/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://client-api.arkoselabs.com/ https://www.google-analytics.com https://twitter.com https://x.com https://accounts.google.com/gsi/client https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js https://www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js https://static.ads-twitter.com  'nonce-YTZjMzllYWQtMDg0OC00YTQ3LTk1YjYtMGUwOTVlNjVmN2Yz'; style-src 'self' 'unsafe-inline' https://accounts.google.com/gsi/style https://*.twimg.com; worker-src 'self' blob:; report-uri https://twitter.com/i/csp_report?a=O5RXE%3D%3D%3D&ro=false 1
default-src 'self' 'unsafe-eval' script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline' vv1a3ga23f.execute-api.us-east-1.amazonaws.com *.google.com fonts.gstatic.com  www.google-analytics.com ajax.googleapis.com www.googletagmanager.com webelb-1005694512.us-east-1.elb.amazonaws.com fe.sitedataprocessing.com *.competiscan.com assets.calendly.com fonts.googleapis.com; 1
default-src 'self'; child-src 'self' https://*.facebook.com https://*.green-connector.com https://*.tellja.de https://*.tellja.eu https://*.trustcommander.net *.kameleoon.com https://*.kameleoon.eu/ https://cdn.tagcommander.com https://evm.viewer.cit-fusion.com https://kb.ionas.de/ https://privacy.commander1.com https://wb.messengerpeople.com/ https://widget.msgp.pl https://www.evm.de; connect-src 'self' blob: https://*.amazonaws.com https://*.analytics.google.com https://*.azurewebsites.net https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.evm.de https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.gstatic.com https://*.outbrain.com https://*.plusportal.de https://*.purpleview.de https://*.trustcommander.net https://*.vlink.com https://*.webinargeek.com https://*.zenloop.com *.kameleoon.com https://*.kameleoon.eu/ https://directline.botframework.com wss://directline.botframework.com https://maps.googleapis.com https://o445690.ingest.sentry.io https://plausible.io https://privacy.commander1.com https://wb.messengerpeople.com/ https://www.google.com https://www.google.de; font-src 'self' data: https://*.amazonaws.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.google-analytics.com https://*.googleadservices.com https://*.googlesyndication.com https://*.gstatic.com https://*.plusportal.de https://*.vlink.com https://directline.botframework.com https://privacy.commander1.com; frame-ancestors 'self' https://8pia.evm.de https://db-test.evm.de https://messecom-sued.expo-ip.com https://pia.evm.de https://www.bdew.de; frame-src 'self' https://*.amazonaws.com https://*.azurewebsites.net https://*.doubleclick.net https://*.epilot.io https://*.evm.de https://*.facebook.com https://*.green-connector.com https://*.purpleview.de https://*.surveymonkey.com https://*.tellja.de https://*.tellja.eu https://*.trio-service.de https://*.trustcommander.net https://*.vlink.com https://cdn.tagcommander.com https://energieausweis.de https://evm-dia.innoloft.com https://evm-gruppe.softgarden.io https://evm.viewer.cit-fusion.com https://gebaeudeenergiegesetz.bm1.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://infoportal.smartmacher.com https://kb.ionas.de https://lademap.ladenetz.de https://survey.lamapoll.de https://widget.msgp.pl https://www.energieausweis-online-erstellen.de https://www.evm.de https://www.google.com https://www.google.de https://www.youtube-nocookie.com https://www.youtube.com mailto:; img-src 'self' blob: data: https://*.adition.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.evm.de https://*.facebook.com https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.gstatic.com https://*.surveymonkey.com https://*.t-systems.com https://*.tellja.de https://*.tellja.eu https://*.trustcommander.net https://*.vlink.com https://*.webinargeek.com https://*.ytimg.com https://*.zenloop.com https://evm.247grad.de https://privacy.commander1.com https://tagmanager.google.com https://www.evm.de https://www.google.com https://www.google.de https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.adition.com https://*.amazonaws.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.epilot.io https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.green-connector.com https://*.gstatic.com https://*.outbrain.com https://*.purpleview.de https://*.surveymonkey.com https://*.tellja.de https://*.tellja.eu https://*.trustcommander.net https://*.vlink.com https://*.webinargeek.com https://*.ytimg.com https://cdn.tagcommander.com https://energieausweis.de https://plausible.io https://privacy.commander1.com https://tagmanager.google.com https://www.energieausweis-online-erstellen.de https://www.google.com https://www.google.de https://www.googletagmanager.com https://www.youtube.com; script-src-elem 'self' 'unsafe-inline' https://*.adition.com https://*.amazonaws.com https://*.analytics.google.com https://*.bing.com https://*.clarity.ms https://*.doubleclick.net https://*.epilot.io https://*.facebook.net https://*.google-analytics.com https://*.googleadservices.com https://*.googleapis.com https://*.googlesyndication.com https://*.green-connector.com https://*.gstatic.com https://*.outbrain.com https://*.plusportal.de https://*.purpleview.de https://*.surveymonkey.com https://*.tellja.de https://*.tellja.eu https://*.trustcommander.net https://*.vlink.com https://*.webinargeek.com https://*.ytimg.com https://cdn.tagcommander.com https://energieausweis.de https://gebaeudeenergiegesetz.bm1.de https://plausible.io https://privacy.commander1.com https://survey.lamapoll.de https://tagmanager.google.com https://www.energieausweis-online-erstellen.de https://www.google.com https://www.google.de https://www.googletagmanager.com https://www.youtube.com; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://evm.247grad.de https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://*.green-connector.com https://*.plusportal.de https://evm.247grad.de https://fonts.googleapis.com https://tagmanager.google.com https://www.googletagmanager.com; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
default-src 'none'; frame-ancestors 'none'; script-src 'self' 'nonce-somethingrandom' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com; connect-src 'self' wss://rustchance.com/feed; img-src 'self' https://rcases.b-cdn.net/ *.akamaihd.net https://static-cdn.jtvnw.net/emoticons/ https://cdn.frankerfacez.com/emoticon/ https://*.steamstatic.com/ data:; media-src 'self' https://rcases.b-cdn.net/; style-src 'self' 'unsafe-hashes' 'sha256-Hvl1IVaaiGDCWfXN/NYs7XJk9w0KIdrZ3SuF/ZyziH4=' 'sha256-yUOnKCENzSdKikR9gEEAu8IogIBNlifamnNNH1E31SE=' fonts.googleapis.com;base-uri 'self';form-action 'self';font-src fonts.gstatic.com; frame-src 'self' https://www.google.com/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://challenges.cloudflare.com 1
default-src 'self'; script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' *.plezi.co *.privacy-center.org *.gstatic.com *.clarity.ms *.upela.com *.google.com *.google.fr *.doubleclick.com *.doubleclick.net *.ubembed.com *.bing.com *.facebook.net *.fontawesome.com *.zoho.eu *.hotjar.com *.privacy-center.org *.licdn.com *.trustedshops.com *.google-analytics.com *.googletagmanager.com *.googleadservices.com https://maillist-manage.eu https://chat-window.kmblabs.com *.sharethis.com; style-src 'report-sample' 'self' 'unsafe-inline' *.privacy-center.org *.gstatic.com *.upela.com *.google.com *.google.fr *.bing.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' *.privacy-center.org *.gstatic.com *.doubleclick.net *.hotjar.com *.upela.com https://www.google-analytics.com https://google.com *.google.fr *.google.com *.bing.com https://analytics.google.com *.clarity.ms https://ka-f.fontawesome.com *.userpilot.io *.kmblabs.com *.sharethis.com *.trustedshops.com https://cdn.linkedin.oribi.io wss:; font-src 'self' *.privacy-center.org *.gstatic.com *.upela.com *.google.com https://fonts.gstatic.com https://ka-f.fontawesome.com *.kmblabs.com; frame-src 'self' *.privacy-center.org *.gstatic.com *.upela.com *.google.com *.doubleclick.net *.ubembed.com *.hotjar.com https://www.youtube.com https://app.livestorm.co; img-src 'self' data: *.plezi.co *.adsymptotic.com *.bing.com *.linkedin.com *.facebook.com *.upela.com *.googletagmanager.com https://www.google-analytics.com *.clarity.ms https://widgets.trustedshops.com *.google.com *.google.fr *.kmblabs.com *.sharethis.com *.doubleclick.net *.googleadservices.com; manifest-src 'self'; media-src 'self'; worker-src 'none'; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.typography.com *.youtube.com *.ytimg.com *.cloudflare.com unpkg.com *.addthis.com *.addthisedge.com *.facebook.com *.facebook.net https://z.moatads.com/addthismoatframe568911941483/moatframe.js *.gstatic.com *.flockler.app *.flockler.com *.raxcdn.com ipinfo.io *.newrelic.com *.nr-data.net *.googleapis.com *.googleads.g.doubleclick.net googleads.g.doubleclick.net *.googleads.g.doubleclick.net/* googleads.g.doubleclick.net/* *.googleadservices.com *.clarity.ms *.addtoany.com js.hs-scripts.com js.hscollectedforms.net js.hs-analytics.net js.hs-banner.com; object-src 'none'; style-src 'self' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.google.com *.typography.com *.cloudflare.com *.flockler.app *.flockler.com *.visionpersonaltraining.com *.cdn.jsdelivr.net; img-src 'self' data: https: *.gstatic.com *.googleapis.com *.google-analytics.com *.visionpt.com.au *.youtube.com *.flockler.app *.flockler.com *.instagram.com *.fbcdn.net *.rackcdn.com *.cdninstagram.com; media-src *.cdninstagram.com; frame-src 'self' *.youtube.com *.addthis.com *.google.com  *.facebook.com *.facebook.net *.googleapis.com *.addtoany.com td.doubleclick.net; frame-ancestors 'self' *.visionpersonaltraining.com *.visionpt.com.au; child-src 'self' data: blob:; font-src 'self' *.gstatic.com *.typography.com data:; connect-src 'self' *.addthis.com *.google-analytics.com  *.doubleclick.net *.nr-data.net *.facebook.com *.facebook.net *.flockler.app *.flockler.com *.googleapis.com *.analytics.google.com analytics.google.com *.clarity.ms google.com forms.hscollectedforms.net https://o376659.ingest.sentry.io/api/6117577/store/ https://o376659.ingest.sentry.io/api/6117577/envelope/; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src https: 'unsafe-inline' 'unsafe-eval'; connect-src https: wss://*.tawk.to:* 1
script-src 'report-sample' 'nonce-zi9GPZ1Z_OTQquA2LZpoTQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /cspreport 1
default-src data: 'unsafe-inline' 'unsafe-eval' blob: https: 1
default-src * 'self'; font-src * 'self' data:; img-src * 'self' data:; script-src * 'self' 'unsafe-inline' 'unsafe-eval'; style-src * 'self' 'unsafe-inline'; connect-src *; frame-src * 'self'; base-uri 'self'; frame-ancestors *; form-action 'self' https://login.microsoftonline.com/ https://kvk.bibliothek.kit.edu/; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://snabelen.no; img-src 'self' https: data: blob: https://snabelen.no; style-src 'self' https://snabelen.no 'nonce-q/dalgi+6qPoGbsC9IeQ6w=='; media-src 'self' https: data: https://snabelen.no; frame-src 'self' https:; manifest-src 'self' https://snabelen.no; form-action 'self'; child-src 'self' blob: https://snabelen.no; worker-src 'self' blob: https://snabelen.no; connect-src 'self' data: blob: https://snabelen.no https://cdn.masto.host wss://snabelen.no; script-src 'self' https://snabelen.no 'wasm-unsafe-eval' 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://js.stripe.com/v3 blob: https://*.intercom.io https://*.intercomcdn.com https://cdn.polyfill.io/v2/polyfill.min.js https://fullstory.com https://*.fullstory.com https://static.cloudflareinsights.com https://secure.quantserve.com https://snap.licdn.com https://js.hs-scripts.com https://connect.facebook.net https://js.hscollectedforms.net https://js.hs-banner.com https://js.hs-analytics.net https://*.quantcount.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src 'self' data: https://*.intercomcdn.com https://static.intercomassets.com https://uploads.intercomusercontent.com https://www.google-analytics.com https://q.quora.com https://pixel.quantserve.com https://www.facebook.com https://*.linkedin.com https://www.google.com https://forms.hsforms.com https://track.hubspot.com https://www.linkedin.com https://p.adsymptotic.com; font-src https://js.intercomcdn.com https://cdn.virgilsecurity.com https://fonts.gstatic.com; connect-src 'self' https://virgilsecurity.com https://*.virgilsecurity.com https://*.intercom.io wss://*.intercom.io https://*.intercomcdn.com https://*.intercomusercontent.com https://app.getsentry.com https://rs.fullstory.com https://static.cloudflareinsights.com https://www.google-analytics.com https://forms.hubspot.com https://stats.g.doubleclick.net; media-src data: https://js.intercomcdn.com; child-src https://www.googletagmanager.com https://share.intercom.io https://intercom-sheets.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net https://js.stripe.com/ blob:; worker-src 'self' blob: 'unsafe-eval'; frame-src https://bid.g.doubleclick.net;object-src 'none'; frame-ancestors 'none'; 1
default-src 'none'; manifest-src *.rejail.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google-analytics.com *.googleapis.com translate.google.com static.cloudflareinsights.com static.rejail.ru; connect-src rejail.ru translate.googleapis.com; img-src 'self' data: translate.googleapis.com *.gstatic.com *.google.com static.rejail.ru discordapp.com; style-src 'self' 'unsafe-inline' *.googleapis.com static.rejail.ru; font-src 'self' fonts.gstatic.com static.rejail.ru; child-src *.youtube.com ads.rejail.ru 1
default-src 'self'; script-src 'self' http: 'unsafe-inline' https: 'nonce-26910700-4ef7-4170-9d64-b5712122ab37' 'strict-dynamic'; child-src 'self'; worker-src 'self' 'unsafe-inline' * blob:; connect-src 'self' *.waggel.co.uk *.linkedin.com *.sentry.io ws: *.petinsurance.tech *.pusher.com *.google-analytics.com analytics.google.com *.googlesyndication.com *.analytics.google.com *.googleadservices.com adservice.google.com www.google.co.uk https://google.com www.google.com https://www.google-analytics.com https://googleads.g.doubleclick.net analytics.tiktok.com smct.co *.smct.co smct.io *.smct.io cognito-identity.eu-west-1.amazonaws.com firehose.eu-west-1.amazonaws.com rs.fullstory.com stats.g.doubleclick.net s3.eu-west-2.amazonaws.com https://edge.fullstory.com/ bat.bing.com https://cdn.linkedin.oribi.io *.clarity.ms analytics.pangle-ads.com; media-src 'self' *.waggel.co.uk; style-src-elem 'self' fonts.smct.io 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' *.waggel.co.uk www.googletagmanager.com *.analytics.google.com *.google-analytics.com *.g.doubleclick.net https://imagedelivery.net/_oAwqhhSlLiLRNppESPDbQ/ https://6za75opzlh.execute-api.eu-west-1.amazonaws.com/ www.facebook.com bat.bing.com www.google.com www.google.co.uk *.googleadservices.com mywebconect.com ts.tradetracker.net quote-link.net smct.co *.smct.co smct.io *.smct.io www.jadpo.co.uk *.amazonaws.com *.linkedin.com *.clarity.ms c.bing.com https://images-static.trustpilot.com/ https://googleads.g.doubleclick.net; font-src 'self' *.waggel.co.uk data: smct.co *.smct.co smct.io *.smct.io; frame-src 'self' tpc.googlesyndication.com calendly.com js.stripe.com www.googletagmanager.com smct.co *.smct.co smct.io *.smct.io d2d7do8qaecbru.cloudfront.net td.doubleclick.net https://bid.g.doubleclick.net; frame-ancestors 'none'; manifest-src 'self' *.waggel.co.uk; base-uri 'self' about:; 1
upgrade-insecure-requests; default-src 'self'; connect-src 'self' *.ethicalads.io; font-src 'self' data:; img-src 'self' *.amazon.com web.archive.org d1y62r8iqkdmlm.cloudfront.net d3rdtowr0c5lpf.cloudfront.net mirrors.creativecommons.org *.ethicalads.io *.eyeem.com moma-teams-photos.corp.google.com www.google.com *.media-amazon.com mirrors.meiert.org images-na.ssl-images-amazon.com stevesouders.com *.tumblr.com pbs.twimg.com junkcharts.typepad.com *.met.vgwort.de www.w3.org upload.wikimedia.org data:; script-src 'self' 'unsafe-inline' d3rdtowr0c5lpf.cloudfront.net *.ethicalads.io; style-src 'self' 'unsafe-inline' d3rdtowr0c5lpf.cloudfront.net www.w3.org; frame-ancestors 'self'; report-uri https://o212391.ingest.sentry.io/api/1338998/security/?sentry_key=424557097cd84e638da53eb57ebc79ac 1
connect-src sync.datamind.ru dpm.demdex.net tinkoffcreditsystems.d3.sc.omtrdc.net assets.adobedtm.com *.omniture.com *.g.doubleclick.net geocode-maps.yandex.ru/1.x/ *.google-analytics.com *.datamind.ru *.cdn-tinkoff.ru www.google.com analytics.google.com www.google.ru www.facebook.com connect.facebook.net google-analytics.bi.owox.com vk.com mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr px.adhigh.net eye.targetads.io ad.adriver.ru top-fwz1.mail.ru dss.hybrid.ai tag.rutarget.ru tms.dmp.wi-fi.ru ads.adlook.me dmg.digitaltarget.ru dsum-sec.casalemedia.com id.uma.media prodmp.ru track-us.bidease.com ads.betweendigital.com a.utraff.com rtb.viadata.store reichelcormier.bid x01.aidata.io ssp.bidvol.com cs.gssprt.jp ssp.adriver.ru secure.adnxs.com exchange.buzzoola.com cs-0.moevideo.biz sync.republer.com redirect.frontend.weborama.fr sync.dmp.otm-r.com sync.mediatoday.iae.one an.yandex.ru sync.1dmp.io cm.lentainform.com mitdmp.whiteboxdigital.ru acint.net sync.viadata.store sync.adkernel.com sync.videonow.ru code.moviead55.ru api.imotech.video widget-api.uxfeedback.ru pixel.gooroo.works 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru wss://*.tinkoff.ru wss://*.tcsbank.ru https://qa2-mma.payminfra.tcsbank.ru https://www.googleapis.com/ cfg.tinkoff.ru acdn.tinkoff.ru www.tinkoff.ru api.tinkoff.ru business.tinkoff.ru www.cdn-tinkoff.ru fallback.cdn-tinkoff.ru; script-src sync.datamind.ru www.google.com www.google.ru connect.ok.ru vk.com *.datamind.ru s.ytimg.com *.tinkoff.ru *.tcsbank.ru *.cdn-tinkoff.ru mc.yandex.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr yastatic.net mc.webvisor.com mc.webvisor.org 'self' 'unsafe-eval' 'unsafe-inline' *.tbank-online.com tbank.ru *.tbank.ru blob: https://tinkoff.ru https://www.tinkoff.ru https://www.youtube.com; img-src *.datamind.ru dpm.demdex.net www.google-analytics.com tinkoffcreditsystems.d3.sc.omtrdc.net cm.everesttech.net dp.adsdata.ru www.google.com www.google.ru vk.com login.vk.com mc.yandex.ru ad.mail.ru adfocus.ru www.facebook.com connect.facebook.net ad.doubleclick.net *.google.com *.yandex.ru *.yandex.net *.2o7.net *.demdex.net cx.atdmt.com analytics.twitter.com t.co eu-sonar.sociomantic.com *.sravni.ru www.banki.ru *.pool.datamind.ru statad.ru www.googletagmanager.com *.g.doubleclick.net *.googleadservices.com *.privacysandbox.googleadservices.com *.cdn-tinkoff.ru *.tinkoff.ru p.formobil.net rupertino.ru adservice.google.com adservice.google.ru google-analytics.bi.owox.com dc.ads.linkedin.com *.mail.ru dp.tinkoffinsurance.ru *.fls.doubleclick.net tms.dmp.wi-fi.ru cdn3.caltat.com sonar.semantiqo.com www.cdn-tinkoff.ru ad.adriver.ru mc.yandex.com mc.yandex.md mc.yandex.fr mc.yandex.kz mc.yandex.by mc.yandex.uz mc.yandex.com.tr eye.targetads.io tag.rutarget.ru top-fwz1.mail.ru dss.hybrid.ai track-us.bidease.com tech.rtb.mts.ru sync.gonet-ads.com ad.new-programmatic.com mssg.su rap.skcrtxr.com cdn3.uxfeedback.ru widget.uxfeedback.ru  sm.rtb.mts.ru exchange.buzzoola.com dmp.one sync.bumlam.com wf-ru-frontend.weborama-tech.ru 'self' data: *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru https://tinkoff.ru https://www.tinkoff.ru http://img.youtube.com; frame-src *.tinkoff.demdex.net *.omniture.com bid.g.doubleclick.net www.facebook.com *.demdex.net vk.com static.datamind.ru platform.twitter.com connect.ok.ru *.datamind.ru *.cdn-tinkoff.ru *.fls.doubleclick.net www.cdn-tinkoff.ru mc.yandex.ru yastatic.net mc.webvisor.org metrika.yandex.ru metrika.yandex.by metrica.yandex.com metrica.yandex.com.tr webvisor.com *.webvisor.com 'self' blob: data: *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru https://otp.tools.investis.com/ https://secure.flife.de/ https://qfx.tools.investis.com/ https://www.youtube.com/ https://irpages2.eqs.com/ https://irs.tools.investis.com/ https://rutube.ru/; font-src *.cdn-tinkoff.ru 'self' *.tbank-online.com tbank.ru *.tbank.ru *.tinkoff.ru data:; report-uri https://www.tinkoff.ru/api/front/log/csp-error?appName=pfpcommon&sentryDsnKey=b7cae0fa7dd74b4489cd05596a20df38&sentryApiId=142; default-src 'self' *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru *.tinkoff.ru data:; style-src 'unsafe-inline' 'self' *.tinkoff.ru *.tcsbank.ru *.tbank-online.com tbank.ru *.tbank.ru *.cdn-tinkoff.ru; media-src https://static.tcsbank.ru https://acdn.tinkoff.ru 1
default-src 'self' https://kuluttaja.fi https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://kuluttaja.fi https://production.kuluttaja.fi https://*.kuluttaja.fi https://*.stellate.sh https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org/;connect-src 'self' https://kuluttaja.fi https://production.kuluttaja.fi https://*.kuluttaja.fi https://*.stellate.sh https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.schibsted.com https://*.kxcdn.com https://*.stellate.sh https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal-de.onetrust.com/;img-src 'self' https://kuluttaja.fi https://production.kuluttaja.fi https://*.kuluttaja.fi https://*.stellate.sh https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://*.schibsted.com https://*.kxcdn.com https://*.gravatar.com https://cdn.cookielaw.org/;frame-src 'self' https://kuluttaja.fi https://production.kuluttaja.fi https://*.kuluttaja.fi https://*.stellate.sh https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://cdn.cookielaw.org/;form-action 'self' https://kuluttaja.fi https://production.kuluttaja.fi https://*.kuluttaja.fi https://*.stellate.sh https://*.google.com https://*.gstatic.com/ https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.googleadservices.com https://*.google.fi https://*.googleapis.com https://*.g.doubleclick.net https://*.doubleclick.net https://*.googlesyndication.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://*.fbcdn.com https://*.salesforce.com https://*.force.com https://*.visualforce.com https://*.igodigital.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io;font-src 'self' https://fonts.gstatic.com;base-uri 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests 1
default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'nonce-c26e5e3b25695aabe37cd4fc61b85141'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src data: blob: 'unsafe-inline' 'unsafe-eval' frame-ancestors 'self' https://*.cdsreg.com https://xpressreg.net https://*.xpressreg.net https://xpressleadpro.com https://*.xpressleadpro.com https://xpressleadpro.net https://*.xpressleadpro.net https://xpresspaymentservice.com https://*.xpresspaymentservice.com https://exhibitoremails.com https://*.exhibitoremails.com https://cdsdatasense.Com https://*.cdsdatasense.Com https://*.facebook.net https://*.facebook.com https://*.google-analytics.com https://*.googleapis.com https://*.ads-twitter.com https://*.google.com https://*.twitter.com https://*.googleadservices.com https://*.googletagservices.com https://*.googlesyndication.com https://*.googletagmanager.com/ https://*.youtube.com https://cloud.typography.com https://*.linkedin.co https://*.linkedin.com https://*.sharethis.com https://*.sharethis.mgr.consensu.org https://*.sharethis.com https://*.dayforcehcm.com https://*.gstatic.com; img-src * data: blob:; 1
default-src 'self' *.licdn.com *.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.pusher.com *.moyosaspaces.com www.recaptcha.net www.google.com *.scdn.co *.marinetraffic.com *.earthcam.net *.spotify.com *.force.com *.youtube.com *.polyfill.io *.plyr.io *.vimeo.com; connect-src 'self' api.craftcms.com *.tiles.mapbox.com api.mapbox.com px.ads.linkedin.com events.mapbox.com *.algolia.net *.cdninstagram.com *.licdn.com *.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.pusher.com *.feadship.nl *.secure.force.com *.algolianet.com *.cookiefirst.com *.spotify.com dbj7896sklvdk.cloudfront.net d2adoy6vr915pu.cloudfront.net s3-eu-west-1.amazonaws.com vimeo.com *.vimeo.com *.openstreetmap.org *.googleapis.com *.google-analytics.com *.plyr.io *.analytics.google.com cdn.linkedin.oribi.io devlijt.my.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: devlijt.my.salesforce-sites.com www.recaptcha.net npmcdn.com *.licdn.com *.facebook.net *.facebook.com *.googleadservices.com *.g.doubleclick.net *.cookiefirst.com unpkg.com *.scdn.co *.jsdelivr.net *.googleapis.com www.gstatic.com www.google.com tagmanager.google.com *.stmp.nl *.marinetraffic.com *.vimeo.com *.googletagmanager.com *.earthcam.net *.force.com *.crmservice.eu *.cloudflare.com *.fortawesome.com *.google-analytics.com *.youtube.com *.ytimg.com; img-src * data: blob:; media-src 'self' blob: dbj7896sklvdk.cloudfront.net *.akamaized.net *.plyr.io *.vimeo.com *.amazonaws.com; style-src 'self' 'unsafe-inline' data: *.cookiefirst.com *.jsdelivr.net *.googleapis.com www.googletagmanager.com tagmanager.google.com *.force.com *.fortawesome.com *.cloudflare.com; font-src 'self' data: *.gstatic.com; object-src 'none'; worker-src 'self' blob: ; child-src 'self' blob: www.marinetraffic.com devlijt.my.salesforce-sites.com www.recaptcha.net www.youtube.com *.vimeo.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https: data:; connect-src 'self' https: data: wss:; script-src 'self' 'unsafe-inline' 'unsafe-eval' ajax.googleapis.com cdn.cookielaw.org static.cloudflareinsights.com www.googletagmanager.com hotjar.com static.hotjar.com script.hotjar.com ajax.cloudflare.com static.amondo.com embed.tawk.to mediacentre.eurovision.tv mcs-va.tiktok.com sf16-website-login.neutral.ttwstatic.com https://cdn.iframe.ly https://cdnjs.cloudflare.com 1
frame-ancestors 'self' view.ceros.com; 1
: frame-src 'self' 'https://iframe.punchh.com', : frame-ancestors 'self' 'https://iframe.punchh.com' 1
default-src 'self' www.googleadservices.com googleads.g.doubleclick.net www.google.com www.google.co.in adservice.google.com *.fls.doubleclick.net insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com *.onetrust.com; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js *.hotjar.com *.moengage.com *.adnxs.com *.googleoptimize.com *.mookie1.com *.fls.doubleclick.net *.doubleclick.net *.outbrain.com *.google-analytics.com https://dec.azureedge.net/ munchkin.marketo.net cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://platform-api.sharethis.com https://buttons-config.sharethis.com unpkg.com/@frontify/ brandportal.ihhhealthcare.com assets.gathercontent.com www.googletagmanager.com media.istockphoto.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg http://admin-beta-mountelizabeth.com.sg insight.adsrvr.org quantserve.com googletagmanager.com secure.quantserve.com js.adsrvr.org rules.quantcount.com www.googleadservices.com adservice.google.com googleads.g.doubleclick.net admin-gleneagles.parkwayhealth.local admin-parkwayeast.parkwayhealth.local bat.bing.com staticcdn.enzymic.co cdn.polyfill.io https://unpkg.com/web-vitals/dist static.site24x7rum.com www.google.co.in s.yimg.com www.instagram.com www.sc.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com https://rawgit.com https://cdnjs.cloudflare.com https://cdn.tailwindcss.com 'self' js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com *.en25.com web-chat.nativechat.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com beta.mountelizabeth.com.sg http://fonts.cdnfonts.com https://cdnjs.cloudflare.com googletagmanager.com *.googletagmanager.com *.bunny.net *.moengage.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: *.google-analytics.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com https://www.mountelizabeth.com.sg https://cdn-assets-eu.frontify.com simsys.ent.ap-southeast-1.aws.found.io www.gleneagles.com.sg https://www.parkwayhospitals.com.cn *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com i.vimeocdn.com www.googletagmanager.com *.hotjar.com https://moe-email-campaigns.s3.amazonaws.com https://image.moengage.com countryflagsapi.com mountelizabeth.com *.mookie1.com *.google.com *.google.com.sg *.adnxs.com *.quantserve.com flagcdn.com ad.doubleclick.net google.co.in sdms-country-flag.s3.ap-southeast-1.amazonaws.com http://sitefinityprodpp.blob.core.windows.net googleads.g.doubleclick.net www.google.com/pagead bat.bing.com *.outbrain.com www.googleadservices.com www.google.co.in adservice.google.com fls.doubleclick.net insight.adsrvr.org quantserve.com s.yimg.com www.pages07.net sp.analytics.yahoo.com https://cdn-apac.onetrust.com *.onetrust.com *.amazonaws.com s3-ihhsg-sdms-prod.sg.ihhhealthcare.com 'self' track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: *.hotjar.com cdnjs.cloudflare.com https://fonts.cdnfonts.com; frame-src https://www.google.com/ https://www.youtube.com https://vimeo.com https://player.vimeo.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com brandportal.ihhhealthcare.com https://vars.hotjar.com https://*.moengage.com https://www.facebook.com https://m.facebook.com *.fls.doubleclick.net insight.adsrvr.org www.instagram.com adservice.google.com td.doubleclick.net https://my.matterport.com/ 'self' forms.hsforms.com web-chat.nativechat.com; connect-src accounts.google.com *.gstatic.com *.mktoresp.com *.google-analytics.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io https://l.sharethis.com *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg http://beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://parkway-elastic-production.ent.ap-southeast-1.aws.found.io http://admin-beta-mountelizabeth.com.sg wss://*.hotjar.com *.hotjar.com *.hotjar.io *.moengage.com stats.g.doubleclick.net admin-parkwayeast.parkwayhealth.local admin-gleneagles.parkwayhealth.local analytics.google.com static.enzymic.co www.facebook.com metrics.mountelizabeth.com.sg insight.adsrvr.org quantserve.com *.adnxs.com s.yimg.com sp.analytics.yahoo.com https://cdn-apac.onetrust.com https://geolocation.onetrust.com *.onetrust.com tr.outbrain.com 'self' forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob: *.frontify.com brandportal.ihhhealthcare.com assets.gathercontent.com media.istockphoto.com; child-src https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com cdn.jsdelivr.net simsys.ent.ap-southeast-1.aws.found.io *.frontify.com brandportal.ihhhealthcare.com beta.mountelizabeth.com.sg assets.gathercontent.com media.istockphoto.com https://*.moengage.com countryflagsapi.com 'self' web-chat.nativechat.com 1
upgrade-insecure-requests; default-src 'self' https: 'unsafe-inline' data: blob: *.sia.education; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MGQyOGVjY2Q2YTQ4NGZjNmE2NjYzOTVjMjNkYjY3YTQ=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.dggf.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.dggf.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.dggf.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
script-src 'nonce-a4777ac7d4' https: 1
frame-ancestors https://nnumbers.com.br 1
frame-ancestors 'self' https://*.linnovate.net https://*.elementor.cloud https://haretzion.org 1
default-src 'self'; object-src 'none'; style-src 'self' 'nonce-zDnXSMmU2nwxRn2VFJFTC0hVpszXrlfC' 1
frame-ancestors 'self';default-src 'self' nrcm.s3.amazonaws.com fonts.gstatic.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' nrcm.s3.amazonaws.com data.newsroom.co *.schema.org *.weblication.de iway.ch *.google-analytics.com *.googletagmanager.com maps.googleapis.com *.google.com *.google.ch *.newsroom.com *.move.ch *.ewb.ch *.issuu.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-umm.b-cdn.net api.userlike.com *.runmyprocess.com *.facebook.com *.facebook.net;img-src data: 'self' *.fbcdn.net *.xx.fbcdn.net cdn.jsdelivr.net pbs.twimg.com nrcm.amazonaws.com nrcm.s3.amazonaws.com swisspower.ch *.google.com *.google.ch googleads.g.doubleclick.net px.ads.linkedin.com *.linkedin.com *.facebook.com *.weblication.de *.iway.ch maps.gstatic.com *.googleapis.com *.ggpht.com *.google-analytics.com *.googletagmanager.com;frame-src 'self' *.move.ch *.runmyprocess.com *.iway.ch *.weblication.de *.ewb.ch *.issuu.com *.google.com *.google.ch *.vimeo.com *.youtube-nocookie.com *.youtube.com *.facebook.com; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/css/intlTelInput.css *.weblication.de fonts.googleapis.com e.issu.com;script-src-elem 'self' cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/intlTelInput.min.js cdn.jsdelivr.net/npm/intl-tel-input@18.1.1/build/js/utils.js *.hotjar.com snap.licdn.com *.b-cdn.net *.cloudfront.net data.newsroom.co *.amazonaws.com *.google.com *.google.ch *.googletagmanager.com *.google-analytics.com *.googleadservices.com maps.googleapis.com *.facebook.net 'unsafe-inline' iway.ch *.weblication.de; connect-src 'self' *.hotjar.com *.hotjar.io wss://ws.hotjar.com/api/v2/client/ws *.userlike.com *.userlike-cdn-umm.b-cdn.net *.amazonaws.com api.newsroom.co cdn.linkedin.oribi.io *.facebook.com iway.ch ewb-integra.ch *.weblication.de *.analytics.google.com *.analytics.com *.google-analytics.com maps.googleapis.com stats.g.doubleclick.net 1
object-src 'self' https://media.pressfreedomtracker.us/; connect-src 'self' https://analytics.freedom.press https://releases.wagtail.io/latest.txt https://cdn.jsdelivr.net https://static.observableusercontent.com/ https://media.pressfreedomtracker.us/; media-src 'self' https://media.pressfreedomtracker.us/; base-uri 'self'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net; img-src 'self' https://analytics.freedom.press https://platform.twitter.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com data: https://cdn.jsdelivr.net https://media.pressfreedomtracker.us/; default-src 'self'; script-src 'self' https://analytics.freedom.press https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline' 'unsafe-eval' https://platform.twitter.com https://cdn.jsdelivr.net https://api.observablehq.com https://bundle.run; form-action 'self'; frame-src 'self' https://platform.twitter.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://www.youtube.com; frame-ancestors 'self'; report-uri https://freedomofpress.report-uri.com/r/d/csp/enforce 1
default-src https://ifap.ru; base-uri https://ifap.ru; font-src 'none'; frame-ancestors 'none'; frame-src 'none'; manifest-src 'none'; object-src 'none'; worker-src 'none'; form-action https://ifap.ru; script-src 'unsafe-inline'; upgrade-insecure-requests 1
block-all-mixed-content; base-uri 'self'; frame-ancestors 'self'; object-src 'none'; 1
frame-ancestors https://*.kennesaw.edu; 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; base-uri 'self'; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: mediastream: blob: https://dynamics365.wordpress.com/ *.dm.files.1drv.com pointerpro.com *.pointerpro.com www.facebook.com connect.facebook.net *.velosio.com unpkg.com *.linkedin.com *.licdn.com assets.calendly.com calendly.com google.com *.google.com google.ca *.google.ca  *.googleapis.com *.google-analytics.com *.gstatic.com *.googletagmanager.com *.doubleclick.net  stats.g.doubleclick.net *.googleadservices.com youtube.com *.youtube.com *.youtube-nocookie.com *.ytimg.com *.ggpht.com *.typekit.net cdn.jsdelivr.net unpkg.com *.cloudflare.com *.clickdimensions.com secure.gravatar.com *.socialintents.com *.clarity.ms *.wp.com *.omappapi.com c35a98.velosio.com https://sandeepchaudhury.files.wordpress.com https://sandeepchaudhuryd365.com https://sbsgroupusa.files.wordpress.com docs.microsoft.com app.powerbi.com *.azureedge.net muse.ai *.muse.ai *.akamaized.net cdn-uicons.flaticon.com https://dynamics365.files.wordpress.com  https://sbsgroupusa.wordpress.com https://629f7d7168bd63-11639392.castos.com https://my.visme.co https://campfire365.castos.com ; report-to main-endpoint 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.2bay.club 2bay.club *.mail.ru *.hotlog.ru js.hotlog.ru *.yandex.ru *.yandex.az *.yandex.by *.yandex.co.il *.yandex.com *.yandex.com.am *.yandex.com.ge *.yandex.com.tr *.yandex.ee *.yandex.fr *.yandex.kg *.yandex.kz *.yandex.ru *.yandex.lt *.yandex.lv *.yandex.md *.yandex.tj *.yandex.tm *.yandex.ua *.yandex.uz *.mc.webvisor.com *.mc.webvisor.org *.yastatic.net mc.yandex.ru *.google-analytics.com adservice.google.com *.googlesyndication.com *.doubleclick.net *.googletagservices.com *.googleadservices.com *.ampproject.org *.google.com *.googleapis.com *.google.co.uk *.google.co.il *.google.ru *.google.at *.google.fr *.google.ch *.google.nl *.google.sc *.google.ae *.google.de *.google.ca *.google.se *.google.hu *.google.no *.google.es *.google.md *.google.fi *.google.ro *.google.sk *.google.is *.google.com.ua *.google.com.bd *.google.com.sg *.google.pl *.google.cz *.google.lv *.google.bg *.google.co.in *.google.lt *.google.dj *.google.gr *.google.co.jp *.google.rs *.google.com.tr *.google.ie *.google.pt *.google.com.pe *.google.com.mx *.google.kz *.google.dz *.google.co.th *.google.com.mx *.google.com.hk *.google.com.sa *.google.com.tj *.google.co.uz *.google.com.vn *.google.com.tw *.google.ee *.google.kg *.google.co.za *.google.hr *.google.it *.google.tn *.google.mk *.google.com.bo *.google.co.kr *.google.com.mm *.google.co.id *.google.az *.google.com.br *.google.tm *.google.ge *.google.dk *.google.com.my *.google.co.ve *.google.co.ve *.google.iq *.google.cl *.google.com.au *.google.tt *.google.com.ar *.google.be *.google.com.cy *.google.co.nz *.google.mn *.google.com.pk *.google.lu *.google.com.ng *.google.com.ph *.google.mu *.google.co.tz *.google.com.uy *.google.com.co *.google.com.eg *.google.me *.google.com.np *.google.com.pg *.google.com.mt *.google.com.sv *.google.com.pr *.google.si *.google.com.gt *.google.co.ke *.google.com.bz *.google.cd *.google.ps *.google.la *.google.com.bn *.google.gg *.google.com.py *.google.com.et *.google.com.lb *.google.com.cu *.google.com.ec *.google.co.cr *.google.co.zw *.google.co.ug *.google.com.pa *.google.ci *.google.co.ao *.google.al *.google.com.om *.google.com.ly *.google.com.gh *.google.bj *.google.lk *.google.cg *.google.jo *.google.com.bh *.google.cm *.google.com.kh *.google.sm *.google.ad *.google.co.bw *.google.ne *.google.gy *.google.mv *.google.bf *.google.com.qa *.google.com.na *.google.com.kw *.google.com.ni *.google.hn *.google.vu *.google.co.mz *.google.com.jm *.google.im *.google.com.ag *.google.sn *.google.mg *.google.com.fj *.google.bs *.google.co.zm *.google.so *.google.com.gi *.sckxppzdm.com catcut.net cache.betweendigital.com pixel.yabidos.com yandex.ru iwe.ktvgv.com yastatic.net; img-src * data: ; font-src * data: ; style-src 'self' 'unsafe-inline' *.google.com *.googleapis.com *.google.cm; frame-src *; connect-src *; media-src * data: ; object-src *; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-Hu9FcRRx4xd92N0ZWaTKB8bqvWo3fZ88GMsXiP6/POLsoxuk' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' fonts.googleapis.com fonts.gstatic.com www.google.com www.gstatic.com www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com 1
frame-ancestors 'self' https://backend.dnr.de *.gooddev.de 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-TZmyV1CAh0RoO0mv18Orig==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self' ooona.net; frame-src 'self' blob: https://view.officeapps.live.com/ https://docs.google.com/ https://vars.hotjar.com/ https://www.youtube.com/ https://*.hubspot.com https://*.ooona.net/; font-src 'self' data: https://fonts.googleapis.com/ https://fonts.gstatic.com/; img-src 'self' data:  https://www.google.com/pagead/ https://www.google.co.il/pagead/ https://ooona.net/ https://*.ooonatools.tv/ https://chart.googleapis.com/ https://*.hsforms.com https://*.hubspot.com; default-src 'self' file: data: blob: filesystem:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com/ https://www.dropbox.com/static/api/ https://www.youtube.com/ https://www.googleadservices.com/ https://static.hotjar.com/ https://script.hotjar.com/ https://googleads.g.doubleclick.net/ https://www.google-analytics.com/analytics.js https://*.hubspot.com https://*.hsadspixel.net https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://forms.hsforms.com https://*.usemessages.com; connect-src * blob: data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; object-src 'none'; media-src * file: data: blob: filesystem: 1
default-src https:;script-src https: 'unsafe-inline' 'unsafe-eval';frame-src 'self' inquisit65: inquisit66: inquisit70: https://*.millisecond.com https://*.millisecond.eu https://*.googletagmanager.com https://*.google.com https://*.youtube.com https://*.facebook.com https://*.facebook.net https://*.doubleclick.net/;img-src 'unsafe-inline' data: https:;style-src https: 'unsafe-inline';font-src https: data:; 1
default-src 'self' https://zammad.matomo.cloud; script-src 'self' 'unsafe-inline' https://cdn.matomo.cloud https://zammad.matomo.cloud; img-src 'self' https://zammad.matomo.cloud; style-src 'self' 'unsafe-inline';base-uri 'self';form-action 'self'; frame-src 'none'; 1
default-src 'self' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru; connect-src 'self' ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru https://translate.googleapis.com an.yandex.ru strm.yandex.ru mc.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru adfox.yandex.ru ads.adfox.ru ads6.adfox.ru jstracer.yandex.ru yastat.net yandex.ru top.mail.ru https://top.mail.ru *.top.mail.ru https://*.top.mail.ru top-fwz1.mail.ru https://top-fwz1.mail.ru *.top-fwz1.mail.ru https://*.top-fwz1.mail.ru; font-src 'self' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com an.yandex.ru yastatic.net yastat.net; frame-src 'self' youtube.com www.youtube.com *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.doubleclick.net https://*.doubleclick.net *.googleadservices.com https://*.googleadservices.com *.googlesyndication.com https://*.googlesyndication.com *.google.com https://*.google.com https://apis.google.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net *.yandex.ru banners.adfox.ru yastat.net; img-src 'self' blob: *.1c-bitrix.ru *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.2mdn.net https://*.2mdn.net data: *.doubleclick.net https://*.doubleclick.net *.googleapis.com https://*.googleapis.com *.googlesyndication.com https://*.googlesyndication.com *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com yadro.ru https://yadro.ru *.yadro.ru https://*.yadro.ru top.mail.ru https://top.mail.ru *.top.mail.ru https://*.top.mail.ru top-fwz1.mail.ru https://top-fwz1.mail.ru *.top-fwz1.mail.ru https://*.top-fwz1.mail.ru *.yandex.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yastatic.net https://yastatic.net avatars-fast.yandex.net avatars-fast.yandex.net favicon.yandex.net an.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net; media-src *.yandex.net strm.yandex.ru *.strm.yandex.ru yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; object-src 'self' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.doubleclick.net https://*.doubleclick.net *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com *.yandex.ru https://*.yandex.ru *.yandex.net https://*.yandex.net yastatic.net https://yastatic.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.doubleclick.net https://*.doubleclick.net *.googlesyndication.com https://*.googlesyndication.com *.gstatic.com https://*.gstatic.com *.googleapis.com https://*.googleapis.com *.google.com https://*.google.com yadro.ru https://yadro.ru *.yadro.ru https://*.yadro.ru https://apis.google.com top.mail.ru https://top.mail.ru *.top.mail.ru https://*.top.mail.ru top-fwz1.mail.ru https://top-fwz1.mail.ru *.top-fwz1.mail.ru https://*.top-fwz1.mail.ru an.yandex.ru yandex.st yastatic.net mc.yandex.ru banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru; style-src 'self' 'unsafe-inline' *.ok.ru ladybee.ru *.ladybee.ru saechka.ru *.saechka.ru saychata.ru *.saychata.ru *.googleapis.com https://*.googleapis.com *.gstatic.com https://*.gstatic.com *.google.com https://*.google.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; 1
default-src https: wss: data: 'self' 'unsafe-eval' 'unsafe-inline' blob: www.livgolfplus.com https://appcms.prod-livgolfplus.viewlift.com;font-src https: data: 'self'; img-src https: data: blob: ;media-src https: blob: ;worker-src https: blob:; 1
default-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-elem * 'self' data: blob: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; script-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes' 'unsafe-eval'; style-src * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-elem * 'self' data: 'unsafe-inline' 'unsafe-hashes'; style-src-attr * 'self' data: 'unsafe-inline' 'unsafe-hashes'; img-src * 'self' data:; font-src * 'self' data:; connect-src * 'self'; media-src * 'self'; object-src * 'self'; child-src * 'self'; frame-src * 'self'; frame-ancestors * 'self'; form-action * 'self' 1
frame-ancestors 'self' *.elplanteo.com 1
frame-src 'none'; script-src 'self' 'nonce-PlAUvrGBmQrpvKFKKATgfw=='; frame-ancestors 'none' 1
default-src https://piwik.bzga.de/piwik.js 'self' 'unsafe-inline'; img-src https://piwik.bzga.de/ https://i.ytimg.com/ 'self' data:; connect-src https://piwik.bzga.de/ 'self'; font-src 'self' data:; frame-src https://www.drugcom.de/ https://www.youtube-nocookie.com/ 1
base-uri 'self'; child-src 'self' https://test2-beroesite.beroeinc.com https://www.beroeinc.com https://www.google.com https://sniff.visistat.com https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://stats.g.doubleclick.net https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://www.googletagmanager.com/gtm.js https://platform.twitter.com/ https://abi.beroelive.ai/ https://abi-dev.beroelive.ai/ https://staging.beroelive.ai/ https://cdn.linkedin.oribi.io/ https://local.beroeinc.com/; connect-src 'self' https://test2-beroesite.beroeinc.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://sniff.visistat.com https://www.facebook.com https://www.linkedin.com https://forms.hubspot.com/ https://api.hubapi.com https://www.beroeinc.com https://api.omappapi.com/ https://www.google.com https://www.googletagmanager.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://stats.g.doubleclick.net https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://ws.sitespeaker.link/ https://www.googleapis.com/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.beroeinc.com https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://consentlog.cookieyes.com/api/v1/log https://cdn.linkedin.oribi.io/ https://local.beroeinc.com/ https://api-js.mixpanel.com/ https://s.clarity.ms/ https://beroeinc.piwik.pro/ https://ipv6.6sc.co/ https://cta-service-cms2.hubspot.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://forms.hsforms.com/ https://p.clarity.ms/; default-src 'self' https://test2-beroesite.beroeinc.com https://fonts.gstatic.com https://support2.lsdsoftware.com/ https://platform.twitter.com/ https://www.buzzsprout.com https://local.beroeinc.com/; frame-ancestors 'self' https://*.beroelive.ai/; frame-src 'self' https://www.google.com https://cdnjs.cloudflare.com https://www.facebook.com https://www.linkedin.com https://www.gstatic.com https://i.ytimg.com/ https://www.buzzsprout.com https://www.youtube.com/ https://vars.hotjar.com https://*.hotjar.com https://calendly.com https://www.beroeinc.com https://drive.google.com https://js.chargebee.com https://beroeinccorporatewebsite.chargebee.com/ https://abi.beroelive.ai/ https://abi-dev.beroelive.ai/ https://staging.beroelive.ai/ https://www.loom.com/ https://local.beroeinc.com/ https://accounts.google.com/ https://forms.hsforms.com/; img-src 'self' https://test2-beroesite.beroeinc.com https://px.ads.linkedin.com/ https://sniff.visistat.com https://track.hubspot.com https://api.hubapi.com https://forms.hsforms.com https://www.beroeinc.com https://www.google.com https://ws-na.amazon-adsystem.com https://ir-na.amazon-adsystem.com https://images-na.ssl-images-amazon.com https://www.google-analytics.com https://analytics.google.com/ https://stats.g.doubleclick.net https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://i.ytimg.com https://www.facebook.com/ https://js.chargebee.com/ https://www.google.co.in/ https://ipinfo.io/ https://js.stripe.com/ https://assets.sitespeaker.link/ https://optimize.google.com https://www.beroeinc.com data: https://local.beroeinc.com/ https://b.6sc.co/ https://perf-na1.hsforms.com/ https://forms-na1.hsforms.com/; object-src 'none'; script-src 'self' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.beroeinc.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://static.woopra.com https://code.jquery.com https://s.adroll.com https://d.adroll.com/ https://a.opmnstr.com/ https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://i.ytimg.com/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ 'nonce-8bf20104a2ae981fdeaaff57'; script-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.google.com https://www.beroeinc.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://www.google.com https://www.google.co.in/ https://static.woopra.com https://code.jquery.com https://s.adroll.com https://www.gstatic.com https://d.adroll.com/ https://a.opmnstr.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ https://www.clarity.ms/ https://beroeinc.containers.piwik.pro/ https://j.6sc.co/ https://js.hubspot.com/ https://js.hsforms.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://js.hs-scripts.com https://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js https://js.hscollectedforms.net/ https://js.hs-analytics.net/ https://js.hsadspixel.net/ https://sniff.visistat.com https://js.hs-banner.com https://test2-beroesite.beroeinc.com https://stats.g.doubleclick.net https://www.google.com https://www.beroeinc.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com https://cdn.rawgit.com https://www.google.com https://www.google.co.in/ https://static.woopra.com https://code.jquery.com https://s.adroll.com https://www.gstatic.com https://d.adroll.com/ https://a.opmnstr.com/ https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com/recaptcha/ https://js.chargebee.com/ https://ipinfo.io/ https://beroeinccorporatewebsite.chargebee.com/ https://js.stripe.com/ https://www.youtube.com/ https://i.ytimg.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.woopra.com/ https://optimize.google.com https://www.buzzsprout.com https://platform.twitter.com/ https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.14/dist/js/bootstrap-select.min.js https://snap.licdn.com/ https://px.ads.linkedin.com/ https://local.beroeinc.com/ https://cdn.mxpnl.com/ https://www.clarity.ms/ https://beroeinc.containers.piwik.pro/ https://j.6sc.co/ https://js.hubspot.com/ https://js.hsforms.net; style-src 'self' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://local.beroeinc.com/ 'nonce-332d812936a024d9208d131a'; style-src-attr 'self' 'unsafe-inline' 'unsafe-eval' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://local.beroeinc.com/; style-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://test2-beroesite.beroeinc.com https://www.beroeinc.com/ https://i.ytimg.com/ https://sniff.visistat.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://www.googletagmanager.com https://connect.facebook.net https://static.hotjar.com/ https://www.hotjar.com/ https://vars.hotjar.com https://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://analytics.google.com/ https://cdn-cookieyes.com/ https://directory.cookieyes.com/ https://log.cookieyes.com/ https://api.omappapi.com/ https://pi.pardot.com/ https://www.googletagmanager.com/gtm.js https://script.hotjar.com/ https://www.google.com https://www.google.com/recaptcha/ https://www.google.co.in/ https://js.chargebee.com/ https://js.stripe.com/ https://ipinfo.io/ https://assets.sitespeaker.link/ https://api.customfit.ai https://sdk.customfit.ai https://drive.google.com/ https://calendly.com https://www.buzzsprout.com https://optimize.google.com https://fonts.googleapis.com https://unpkg.com https://cdn.jsdelivr.net/npm/bootstrap-select@1.13.14/dist/css/bootstrap-select.min.css https://local.beroeinc.com/; 1
default-src 'self' https://td.doubleclick.net/ https://cdn.jwplayer.com/ https://apps.usw2.pure.cloud/;worker-src adelmantravel.com; connect-src 'self' https://api.usw2.pure.cloud/ wss://webmessaging.usw2.pure.cloud https://display.popt.in/ https://api-cdn.usw2.pure.cloud/ https://analytics.google.com/ https://stats.g.doubleclick.net/ https://px.ads.linkedin.com/ https://settings.luckyorange.net/ https://www.google-analytics.com; img-src https: data:;font-src https: data:; script-src 'unsafe-eval' 'self' https://adelmantravel.com https://use.fontawesome.com https://www.googletagmanager.com/ https://cdn.popt.in/ https://formalyzer.com/ https://www.google-analytics.com/ https://cdnjs.cloudflare.com/ https://apps.usw2.pure.cloud/ https://secure.leadforensics.com/ https://connect.facebook.net/ https://snap.licdn.com/ https://d10lpsik1i8c69.cloudfront.net/ https://t.sf14g.com/ 'unsafe-inline'; style-src 'self' https://adelmantravel.com https://use.fontawesome.com/ https://fonts.googleapis.com/ 'unsafe-inline' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://chilemasto.casa; img-src 'self' https: data: blob: https://chilemasto.casa; style-src 'self' https://chilemasto.casa 'nonce-7PRq6CpqipWeLLBiQ/vVrA=='; media-src 'self' https: data: https://chilemasto.casa; frame-src 'self' https:; manifest-src 'self' https://chilemasto.casa; form-action 'self'; child-src 'self' blob: https://chilemasto.casa; worker-src 'self' blob: https://chilemasto.casa; connect-src 'self' data: blob: https://chilemasto.casa https://pool.jortage.com/chilemastocasa/ wss://chilemasto.casa; script-src 'self' https://chilemasto.casa 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.hearty.me *.hearty.app; object-src 'none'; upgrade-insecure-requests; block-all-mixed-content 1
script-src 'self' 'unsafe-eval' https://*.usajobs.gov/ https://*.googletagmanager.com https://www.google-analytics.com https://ssl.google-analytics.com https://gateway.answerscloud.com https://dap.digitalgov.gov https://*.bing.com https://*.virtualearth.net https://cdn.ampproject.org https://go.usa.gov https://*.foresee.com https://device.4seeresults.com https://survey.answerscloud.com https://survey.foreseeresults.com https://*.fr011.ttecfed.com https://*.azure.com https://touchpoints.app.cloud.gov https://www.ssa.gov 'nonce-ePR49dOOvOQ0ulMZMuCFzrd/k7t6hH848sm3Me0gUHQ='; form-action 'self' * https://*.usajobs.gov/; object-src 'none'; frame-ancestors 'self'; frame-src 'self' *; img-src 'self' data: https://*.usajobs.gov/ https://*.usajobs.gov https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.bing.com https://*.virtualearth.net https://*.foresee.com https://touchpoints.app.cloud.gov https://*.fr011.ttecfed.com; connect-src https://*.usajobs.gov/ https://*.bing.com https://*.dev.virtualearth.net https://*.google-analytics.com https://*.googletagmanager.com https://*.analytics.google.com https://*.foresee.com https://device.4seeresults.com https://survey.answerscloud.com https://survey.foreseeresults.com wss://hoover.foresee.com https://*.fr011.ttecfed.com https://dap.digitalgov.gov https://*.intelligencecareers.gov https://*.azure.com https://touchpoints.app.cloud.gov; font-src 'self' data: https://*.usajobs.gov/ https://cxsurvey.foresee.com2 https://gateway.foresee.com https://*.fr011.ttecfed.com https://touchpoints.app.cloud.gov; upgrade-insecure-requests 1
default-src http: https: 'self' 'unsafe-eval' 'unsafe-inline'; object-src 'self' http://www.podcastics.com; img-src data: http: https: 'self' ; media-src blob: data: http: https: 'self'; 1
base-uri 'self' *; default-src 'self' 'unsafe-inline' 'unsafe-eval' www.clarity.ms www.googleadservices.com bat.bing.com connect.facebook.net s.pinimg.com swb-spree-west.s3.us-west-1.amazonaws.com www.googletagmanager.com static.cloudflareinsights.com cdn.callrail.com js.callrail.com widget.gleamjs.io app.termly.io localhost:3000 *.googleapis.com *.azureedge.net *.southwestboulder.com ws://localhost:3035 localhost:3035 *.stamped.io *.google.com analytics.google.com *.akamai.net *.doubleclick.net *.google-analytics.com *.googlesyndication.com *.gstatic.com ct.pinterest.com; font-src 'self' https: data: fonts.gstatic.com; img-src 'self' data: c.bing.com c.clarity.ms googleads.g.doubleclick.net cdn.stamped.io *.gleam.io *.facebook.com *.pinterest.com s.pinimg.com bat.bing.com *.southwestboulder.com https://*.googleapis.com https://*.gstatic.com *.google.com *.googleusercontent.com pagead2.googlesyndication.com www.googletagmanager.com; object-src 'none'; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.stamped.io cdn.stamped.io fonts.googleapis.com; connect-src 'self' www.googleadservices.com googleads.g.doubleclick.net bat.bing.com addressvalidation.googleapis.com *.clarity.ms www.google-analytics.com sentry.southwestboulder.com cdn.callrail.com js.callrail.com *.pinterest.com www.southwestboulder.com www.facebook.com maps.googleapis.com stamped.io beta.southwestboulder.com localhost:3035 ws://localhost:3035 chat.southwestboulder.com app.termly.io pagead2.googlesyndication.com *.doubleclick.net *.google.com; frame-src www.facebook.com www.googletagmanager.com *.youtube.com app.termly.io gleam.io www.southwestboulder.com *.pinterest.com *.google.com beta.southwestboulder.com challenges.cloudflare.com googletagmanager.com localhost:3000 chat.southwestboulder.com *.doubleclick.net tpc.googlesyndication.com; worker-src 'self' 'unsafe-inline' blob: *.southwestboulder.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; media-src 'self' *.gds-services.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-E_LZZ1a4aS_FwPRK1_5rXw' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-003eb7367a7d04c15e3f7aa05103a01d'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' https://player.vimeo.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://www.google.com https://code.jquery.com https://geolocation.onetrust.com https://f.vimeocdn.com https://t.sharethis.com https://ws.sharethis.com https://connect.facebook.net https://platform.twitter.com https://cdnjs.cloudflare.com https://*.googleapis.com https://*.google-analytics.com https://translate.google.com https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com https://player.vimeo.com https://cdn.jsdelivr.net https://cdn.cookielaw.org https://js.monitor.azure.com https://polyfill.io https://unpkg.com https://*.googletagmanager.com;img-src 'self' data: *.bunge.com *.bunge.com.br *.azurewebsites.net https://bmsi-p-001.sitecorecontenthub.cloud https://vumbnail.com https://l.sharethis.com https://i.vimeocdn.com https://maps.gstatic.com https://fonts.gstatic.com https://www.gstatic.com https://www.google.com https://api.mapbox.com https://cdn.cookielaw.org https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://ws.sharethis.com https://hello.myfonts.net http://netdna.bootstrapcdn.com https://*.googleapis.com https://fast.fonts.net https://api.mapbox.com https://maxcdn.bootstrapcdn.com https://www.gstatic.com; font-src 'self' http://netdna.bootstrapcdn.com https://hello.myfonts.net https://fast.fonts.net https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://themes.googleusercontent.com; connect-src 'self' https://l.sharethis.com https://stats.g.doubleclick.net https://api.mapbox.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://dc.services.visualstudio.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.googleapis.com; media-src 'self' https://vod-progressive.akamaized.net https://player.vimeo.com; frame-src 'self' https://www.google.com https://bungeloders.maps.arcgis.com https://bungeloders.com *.bungeloders.com https://t.sharethis.com https://ws.sharethis.com https://player.vimeo.com https://platform.twitter.com https://otp.tools.investis.com http://www.investis.com; object-src 'none'; frame-ancestors 'self'; 1
default-src *.equisolve.net *.gstatic.com *.vimeocdn.com s3.amazonaws.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com browser-update.org platform-api.sharethis.com buttons-config.sharethis.com maps.googleapis.com l.sharethis.com t.sharethis.com website-search.ent.us-east-1.aws.found.io hcaptcha.com bcp.crwdcntrl.net *.juicer.io *.vimeo.com *.vimeocdn.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com *.googletagmanager.com browser-update.org platform-api.sharethis.com buttons-config.sharethis.com maps.googleapis.com l.sharethis.com t.sharethis.com website-search.ent.us-east-1.aws.found.io hcaptcha.com bcp.crwdcntrl.net *.juicer.io *.vimeo.com *.vimeocdn.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net 'unsafe-inline' 'unsafe-eval'; style-src *.equisolve.net fonts.googleapis.com *.gstatic.com *.typekit.net *.juicer.io ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com use.typekit.net *.juicer.io data: ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; img-src *.equisolve.net *.vimeocdn.com maps.gstatic.com chart.apis.google.com maps.googleapis.com *.googleapis.com *.cloudfront.net sync.sharethis.com juicer.io *.juicer.io data: *.businesswire.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net 'unsafe-inline'; frame-src *.google.com youtube.com youtube-nocookie.com *.vimeo.com vimeo.com c.sharethis.mgr.consensu.org t.sharethis.com *.hcaptcha.com *.vimeocdn.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; object-src *.equisolve.net *.gstatic.com *.vimeocdn.com s3.amazonaws.com ir.stockpr.com www.kontoorbrands.com d1io3yog0oux5.cloudfront.net; 1
default-src *; style-src 'self' http://* 'unsafe-inline'; script-src 'self' http://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' http://* data:; font-src 'self' * http://* data: https://*; object-src 'self' blob: 1
frame-ancestors 'none'; upgrade-insecure-requests ; report-uri https://sentry.services.dkms.org/api/6/security/?sentry_key=5746df48c2bc47349567ad881277c754; default-src 'self' https:; style-src 'self' 'unsafe-inline' *.googleapis.com *.piwik.pro; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.dkmscdn.net *.piwik.pro *.googleapis.com https://app.addsearch.com https://connect.facebook.net https://www.facebook.com/signals/iwl.js https://www.googletagmanager.com https://googleads.g.doubleclick.net https://apis.google.com https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.googleadservices.com https://pagead2.googlesyndication.com; connect-src 'self' *.kc-usercontent.com *.addsearch.com https://d20vwa69zln1wj.cloudfront.net *.piwik.pro *.googleapis.com *.ingest.sentry.io https://sentry.services.dkms.org https://graph.facebook.com https://www.facebook.com/tr www.google.com https://www.google.com https://google.com https://adservice.google.com https://www.googletagmanager.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com *.dkms.org; img-src 'self' data: *.dkmscdn.net https://d20vwa69zln1wj.cloudfront.net *.kc-usercontent.com *.piwik.pro *.gstatic.com *.googleapis.com *.ytimg.com https://www.facebook.com https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://adservice.google.com/pagead/ https://www.googleadservices.com https://www.googletagmanager.com https://www.google.com/pagead/ https://www.google.de/pagead/ https://www.google.co.in/pagead/ https://www.google.pl/pagead/ https://www.google.co.uk/pagead/ https://www.google.co.za/pagead/ https://www.google.cl/pagead/; font-src 'self' data: *.gstatic.com *.piwik.pro; frame-src 'self' *.dkmscdn.net *.youtube-nocookie.com *.piwik.pro https://player.vimeo.com https://e.issuu.com https://open.spotify.com https://www.facebook.com https://td.doubleclick.net; object-src 'none'; form-action 'self' https://www.facebook.com/tr; 1
frame-ancestors 'self' https://api.opentlv.com https://borne-leclerc.opentlv.com 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' matomo.siinergy.net themes.googleusercontent.com *.typekit.net www.googletagmanager.com www.google-analytics.com www.googleadservices.com googleads.g.doubleclick.net tagmanager.google.com www.google.com linkedin.com px.ads.linkedin.com snap.licdn.com https://api.mapbox.com https://api.tiles.mapbox.com https://cdnjs.cloudflare.com https://js.hsforms.net; worker-src blob:; report-uri https://sii-group.com/fr-FR/report-uri/enforce 1
frame-ancestors 'self' *.volusion.com 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-qrJSlr3BZcXGdRgDBlXI2Q' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src https: 'unsafe-inline' data:; frame-ancestors 'self' https://web.wysa.io https://staging-web.wysa.io https://dev-web.wysa.io https://dev.bot.touchkin.com https://staging.bot.touchkin.com https://bot.touchkin.com https://bot.wysa.io; 1
default-src 'self' www.google.com www.youtube.com player.vimeo.com maps.googleapis.com www.googletagmanager.com www.google-analytics.com; font-src 'self' data: fonts.gstatic.com; frame-src 'self' www.google.com; img-src 'self' data: secure.gravatar.com www.gstatic.com maps.gstatic.com maps.googleapis.com; manifest-src 'self'; script-src 'nonce-ad5b326d03' 'self' 'strict-dynamic' 'unsafe-inline' www.googletagmanager.com maps.googleapis.com maps.gstatic.com unpkg.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com; object-src 'none'; base-uri 'none' 1
default-src https: *.theturkey.dev 'unsafe-inline' 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' data:; img-src 'self' data:; frame-ancestors 'none'; frame-src 'none'; font-src 'self' data:; object-src 'none'; media-src 'self'; manifest-src 'self'; upgrade-insecure-requests; connect-src 'self' https://www.google-analytics.com/; 1
default-src 'self';         base-uri 'none';         connect-src 'self' *.googlesyndication.com csb-virtual-factory.ddev.site *.virtual-meat-factory.de *.virtual-meat-factory.com vmf.csb-staging.jwied.de *.hubapi.com *.hubspot.com *.google.com *.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net *.analytics.google.com *.cookiebot.com *.linkedin.oribi.io *.wistia.com *.litix.io *.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com *.linkedin.com;         font-src 'self' *.gstatic.com *.typekit.net *.wistia.com data:;         frame-src 'self' *.doubleclick.net *.cookiebot.com *.youtube.com *.youtube-nocookie.com *.hsforms.com *.hubspot.com;         img-src * 'self' data:;         manifest-src 'none';         media-src 'self' *.wistia.com blob: data:;         object-src 'none';         script-src 'self' *.cloudflare.com *.googletagmanager.com *.google-analytics.com *.googleoptimize.com googleads.g.doubleclick.net *.usemessages.com *.hsadspixel.net *.cookiebot.com *.hs-scripts.com *.hsforms.net *.hs-analytics.net *.hs-banner.com *.hsleadflows.net *.licdn.com *.wistia.com *.youtube.com *.microsoft.com data: blob: 'unsafe-inline' 'unsafe-eval';         style-src 'self' *.googleapis.com *.typekit.net data: 'unsafe-inline' 'unsafe-eval';         worker-src 'self' blob:;      1
default-src 'self'; script-src-elem 'self' 'sha256-Laf3624d494HEBVtsy2eIn13R2SqcYtJ5H9ULXk4pdk=' 'sha256-dV/DZaiCXBsv1mujhnM42wGh0ydz9IYjblSRa+MzAu0=' 'sha256-0MYbXZMQqSt5a0AKyFdtCqq/d6+N94aP7KG2Bkcv18E=' 'sha256-41rQfQhABFXeAFzImdXsY4wzhFtKnu9TE1aMED3p/9s=' 'sha256-ennXcgWrgCeWSzcF+/FBfrAM4RwzscBvKfE9qqP7ui0=' 'sha256-vZRvt3cwDMaltTRDmoIX/GR9qOfmibiFgGiqv1zuwJ4=' 'sha256-mjAPvJKRBATPwtDkDe1t+tw2mbmVjgXVfYImJfeAdz8=' 'sha256-+78Fc/CBZqTMcK+hHMWbyHYQbPg8Z6jDKP9rPrg3DJU=' https://googleads.g.doubleclick.net https://sc.lfeeder.com/ https://*.pagesense.io/ https://snap.licdn.com/ https://*.google-analytics.com/ https://www.googletagmanager.com/ https://*.cookiebot.com/ https://js.hsadspixel.net/ https://*.hs-scripts.com/ https://*.hubspot.com/ https://*.hscollectedforms.net/ https://*.hs-banner.com/ https://*.hs-analytics.net/ https://*.hsforms.com/ https://*.revenuehero.io/ https://*.schedulehero.io/ https://static.hotjar.com/ https://script.hotjar.com/ ;img-src 'self' https://tr.lfeeder.com/ https://px.ads.linkedin.com/ https://www.linkedin.com/ https://www.google.co.uk/ https://www.google.com/ https://*.googletagmanager.com/ https://*.vimeocdn.com/ https://logo.clearbit.com/ https://*.hubspot.com/ https://*.hsforms.com/ https://*.cookiebot.com/ data: ; connect-src 'self' https://pagesense-collect.zoho.eu/ https://cdn.linkedin.oribi.io/ https://px.ads.linkedin.com/ https://*.doubleclick.net/ https://*.revenuehero.io/ https://*.hscollectedforms.net/ https://*.cookiebot.com/ https://*.google-analytics.com/ https://*.google.com/ https://*.analytics.google.com/ https://api.hubapi.com/ wss://ws.hotjar.com/ https://content.hotjar.io/ ; style-src 'self' 'unsafe-inline'; frame-src 'self' https://player.vimeo.com/ https://consentcdn.cookiebot.com/ https://popup.schedulehero.io/ https://cdn-eu.pagesense.io/ https://td.doubleclick.net/; base-uri 'none'; report-uri https://report-to-api.raygun.com/reports-csp?apikey=MtpX5h8IivBL0jYQly2w; report-to csp-endpoint 1
default-src 'self' ; connect-src 'self' https://l.sharethis.com;media-src 'self'  https://www.gstatic.com/ https://2sfgwebdev.blob.core.windows.net https://2sfgweblive.blob.core.windows.net;script-src 'self' https://www.googletagmanager.com https://www.gstatic.com/ https://www.google.com http://cdnjs.cloudflare.com https://buttons-config.sharethis.com https://platform-api.sharethis.com https://unpkg.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.jsdelivr.net/ 'unsafe-inline' ; style-src 'self' 'unsafe-inline' http://cdnjs.cloudflare.com https://use.typekit.net https://cdn.jsdelivr.net https://use.fontawesome.com/ https://fonts.googleapis.com/; style-src-elem 'self' 'unsafe-inline' http://cdnjs.cloudflare.com https://p.typekit.net https://use.typekit.net https://unpkg.com https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.fontawesome.com/ https://fonts.googleapis.com/ ; font-src 'self' https://use.typekit.net https://cdnjs.cloudflare.com https://cdn.jsdelivr.net https://use.fontawesome.com https://fonts.gstatic.com; img-src 'self' https://www.gstatic.com/ https://2sfgwebdev.blob.core.windows.net https://2sfgweblive.blob.core.windows.net data:; frame-src 'self' https://www.google.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' * data:; frame-ancestors 'self'; frame-src 'self' * 1
upgrade-insecure-requests; default-src 'self'; style-src 'self' *.fernao.com player.podigee-cdn.net https://tagmanager.google.com https://fonts.googleapis.com 'unsafe-inline'; script-src 'self' blob: player.podigee-cdn.net https://www.googletagmanager.com *.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com http://www.googleadservices.com https://www.google.com https://www.google.cde https://www.gstatic.com https://tagmanager.google.com https://c.bing.com *.clarity.ms i.ytimg.com www.youtube-nocookie.com m.youtube.com player.vimeo.com *.leadlab.click *.azureedge.net *.deepl.com *.openai.com *.licdn.com *.linkedin.com 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: *.fernao.com images.podigee-cdn.net main.podigee-cdn.net *.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.googletagmanager.com https://ssl.gstatic.com https://www.gstatic.com *.clarity.ms https://c.bing.com *.licdn.com *.linkedin.com; connect-src 'self' *.fernao.com *.clarity.ms https://c.bing.com *.google-analytics.com *.dynamics.com *.licdn.com *.linkedin.com; base-uri 'self' *.fernao.com; form-action 'self' *.fernao.com *.dynamics.com; frame-src 'self' player.podigee-cdn.net *.openstreetmap.org *.dynamics.com https://www.google.com https://www.google.de https://www.youtube-nocookie.com https://player.vimeo.com; font-src 'self' *.fernao.com player.podigee-cdn.net https://fonts.gstatic.com data:; object-src 'self' blob: 1
child-src 'self' https://app.powerbi.com https://www.youtube.com https://www.facebook.com https://www.google.com https://stacc.ee https://public.tableau.com https://tableauapp.tehik.ee; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.reactandshare.com https://maxcdn.bootstrapcdn.com https://embed.tawk.to; object-src 'none'; script-src 'self' 'unsafe-inline' 'report-sample' https://connect.facebook.net https://www.google-analytics.com https://maxcdn.bootstrapcdn.com https://www.googletagmanager.com https://embed.tawk.to https://siteimproveanalytics.com https://www.gstatic.com https://cdn.reactandshare.com https://data.reactandshare.com https://unpkg.com https://static-v.tawk.to https://public.tableau.com https://tableauapp.tehik.ee https://s3.eu-north-1.amazonaws.com https://ajax.googleapis.com https://www.google.com cdn.jsdelivr.net https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://polyfill.io npmcdn.com; style-src 'self' 'unsafe-inline' 'report-sample' https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com https://cdn.reactandshare.com https://unpkg.com https://embed.tawk.to https://s3.eu-north-1.amazonaws.com https://translate.googleapis.com https://fonts.googleapis.com cdn.jsdelivr.net https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com npmcdn.com; worker-src 'self'; base-uri 'self'; form-action 'self' https://www.digilugu.ee/login https://www.facebook.com; frame-ancestors 'self'; report-uri https://www.tervisekassa.ee/report-uri/enforce; block-all-mixed-content 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' http://*.qq.com https://*.qq.com http://*.weishi.com https://*.weishi.com http://*.m.tencent.com https://*.m.tencent.com http://*.weixin.qq.com https://*.weixin.qq.com https://midas.gtimg.cn http://vm.gtimg.cn https://vm.gtimg.cn 'nonce-2030625292';style-src 'self' 'unsafe-inline' http://*.qq.com https://*.qq.com http://*.qpic.cn https://*.qpic.cn;object-src 'self' http://*.qq.com https://*.qq.com http://*.qpic.cn https://*.qpic.cn http://*.qlogo.cn https://*.qlogo.cn;font-src 'self' data: http://*.qq.com https://*.qq.com http://fonts.gstatic.com https://fonts.gstatic.com;frame-ancestors 'self' http://wx.qq.com https://wx.qq.com http://wx2.qq.com https://wx2.qq.com https://test-tonghang.woa.com https://tonghang.woa.com http://wx8.qq.com https://wx8.qq.com http://web.wechat.com https://web.wechat.com http://web1.wechat.com https://web1.wechat.com http://web2.wechat.com https://web2.wechat.com http://sticker.weixin.qq.com https://sticker.weixin.qq.com http://bang.qq.com https://bang.qq.com http://app.work.weixin.qq.com https://app.work.weixin.qq.com http://work.weixin.qq.com https://work.weixin.qq.com http://finance.qq.com https://finance.qq.com http://gu.qq.com https://gu.qq.com http://wzq.tenpay.com https://wzq.tenpay.com http://www.tentrees.cn https://www.tentrees.cn http://test.tcp.tencent.com https://test.tcp.tencent.com http://dev.tcp.tencent.com https://dev.tcp.tencent.com http://tcp.tencent.com https://tcp.tencent.com http://mail.qq.com https://mail.qq.com http://wx.mail.qq.com https://wx.mail.qq.com http://iwx.mail.qq.com https://iwx.mail.qq.com http://dev.mail.qq.com https://dev.mail.qq.com http://*.woa.com https://*.woa.com http://file.daihuo.qq.com https://file.daihuo.qq.com http://huxuan.qq.com https://huxuan.qq.com http://test-huxuan.qq.com https://test-huxuan.qq.com http://pre-huxuan.qq.com https://pre-huxuan.qq.com https://ilabel.weixin.qq.com https://search.weixin.qq.com https://mp.weixin.qq.com http://dev.mp.weixin.qq.com:8003; worker-src 'self' blob:;report-uri https://mp.weixin.qq.com/mp/fereport?action=csp_report 1
base-uri 'self'; default-src https://www.dnshome.de; font-src 'self' data: https:; form-action 'self'; frame-ancestors 'none'; frame-src 'self'; img-src 'self' https://www.paypalobjects.com; script-src 'self' 'unsafe-inline'; style-src 'self'; 1
default-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' data: blob: www.google.co.nz hcaptcha.com www.google.com.ni www.google.cl www.google.so js.hsadspixel.net region1.analytics.google.com www.google.co.uz www.google.iq www.google.com.py *.omtrdc.net www.google.mw www.google.co.za www.google.lk www.google.com.om twitter.github.io js.hs-banner.com www.google.com.ph *.gstatic.com www.google.ch www.google.sk js.hcaptcha.com www.google.com.bh forms-na1.hsforms.com sentry.hcaptcha.com *.googleadservices.com www.google.co.jp js-na1.hs-scripts.com www.google.pl etaconic.com www.google.es www.google.com.bd www.google.co.ma dev.day.com www.google.by www.google.com.cy www.google.com.lb www.googletagmanager.com www.google.com.tw www.google.ad *.licdn.com www.google.ro *.taconic.com www.google.com.ar www.google.az www.google.co.il www.google.am www.google.com.bz www.google.gr app.jazz.co www.google.ge www.google.com.cu www.google.com.ua www.google.dk www.google.tn www.google.mn *.salesforceliveagent.com static.hsappstatic.net www.google.co.zw www.google.com.gh assets.taconic.com *.facebook.net www.google.com.pk www.google.mv www.google.co.vi content.jwplatform.com www.google.la analytics.google.com www.google-analytics.com www.google.co.id www.google.pt www.google.fi region1.google-analytics.com www.google.com.uy *.googlesyndication.com www.google.fr www.google.com.co www.google.com.kw www.youtube.com www.google.rs www.google.com.mm *.salesforce-sites.com www.google.hu js.hsleadflows.net *.etaconic.com www.google.com.sa www.google.com translate.google.com www.google.lv www.google.si www.google.li code.jquery.com www.google.se www.google.com.tr www.google.tm www.google.al www.google.it www.google.jo www.google.bg www.google.co.ve www.google.fm cdn.datatables.net js.hs-analytics.net adservice.google.com newassets.hcaptcha.com www.google.com.au www.google.ee use.typekit.net www.google.co.in www.google.mu www.google.is *.googleapis.com www.google.ps *.linkedin.com *.termly.io www.google.nl hubspot-forms-static-embed.s3.amazonaws.com www.google.com.my www.google.com.ng www.google.de www.google.at www.google.com.gt js.hs-scripts.com www.google.kz assets.adobedtm.com js.hsforms.net www.google.lu *.demdex.net *.doubleclick.net www.google.com.np www.google.co.ug www.google.bj www.google.com.hk www.google.com.qa cdn.jsdelivr.net www.google.dz apis.google.com cdn.cookielaw.org www.google.ml www.google.co.uk *.hubspot.com www.google.co.bw www.google.ca www.google.co.cr *.everesttech.net www.google.ie www.google.com.eg www.google.com.et www.google.cz www.google.co.th exceptions.hs-embed-reporting.com www.google.cm www.google.ru www.google.be www.google.co.ke www.google.sc www.google.co.kr www.google.ba www.google.com.ec www.google.com.mx www.google.com.vn forms.hsforms.com *.facebook.com www.google.no www.google.com.sg www.google.tt errors.adobeaemcloud.com ssl.google-analytics.com www.google.co.tz www.google.com.pe www.google.com.pr www.google.lt www.google.hr api.hubapi.com www.google.com.jm www.google.com.br www.google.ae www.google.com.kh www.google.co.mz www.google.com.pa app.termly.io termly.io www.google.com.af *.force.com www.google.mk www.google.com.bn www.google.bi *.onetrust.com www.google.com.ly www.google.hn www.google.com.mt *.site.com; frame-ancestors 'self' *.adobe.com *.taconic.com *.etaconic.com taconic.com www.taconic.com ;  1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.analytics.google.com https://*.clarity.ms https://*.convertexperiments.com https://*.cookiebot.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.be https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://analytics-eu.clickdimensions.com https://api.uk.exponea.com https://assets-eu-01.kc-usercontent.com https://c.bing.com https://cdn-eu.clickdimensions.com https://connect.facebook.net https://dc.services.visualstudio.com https://discoverireland.azureedge.net https://fonts.gstatic.com https://googleapis.com https://maps.gstatic.com https://preview-assets-eu-01.kc-usercontent.com https://www.facebook.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com wss://*.hotjar.com/api/v2/client/ws wws://*.hotjar.com/api/v2/client/ws; img-src 'self' data: blob: https://*.cloudfront.net https://*.amazonaws.com https://img.youtube.com https://i.ytimg.com https://i.vimeocdn.com https://*.analytics.google.com https://*.clarity.ms https://*.convertexperiments.com https://*.cookiebot.com https://*.doubleclick.net https://*.g.doubleclick.net https://*.google.be https://*.google.co.uk https://*.google.com https://*.google.de https://*.google.es https://*.google.fr https://*.google.ie https://*.google.it https://*.google-analytics.com https://*.googleapis.com https://*.googlesyndication.com https://*.googletagmanager.com https://*.hotjar.com https://*.hotjar.io https://*.vimeo.com https://analytics-eu.clickdimensions.com https://api.uk.exponea.com https://assets-eu-01.kc-usercontent.com https://c.bing.com https://cdn-eu.clickdimensions.com https://connect.facebook.net https://dc.services.visualstudio.com https://discoverireland.azureedge.net https://fonts.gstatic.com https://googleapis.com https://maps.gstatic.com https://preview-assets-eu-01.kc-usercontent.com https://www.facebook.com https://www.googleadservices.com https://www.googleoptimize.com https://www.youtube.com wss://*.hotjar.com/api/v2/client/ws wws://*.hotjar.com/api/v2/client/ws; frame-ancestors 'none'; form-action 'self' https://analytics-eu.clickdimensions.com https://www.facebook.com; 1
frame-ancestors 'self' https://*.cle-international.com; 1
default-src 'self' 'unsafe-inline' bitzer.de *.bitzer.de www.bitzer-compact.de fonts.googleapis.com hello.myfonts.net *.fliphtml5.com www.youtube.com; media-src 'self' *.bitzer.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.baidu.com *.bdimg.com blob: app.usercentrics.eu cdn-eu.dynamicyield.com www.googletagmanager.com maps.googleapis.com www.google-analytics.com st-eu.dynamicyield.com *.bing.com www.googleadservices.com googleads.g.doubleclick.net static.hotjar.com *.clarity.ms; object-src application/font-woff application/x-font-ttf image/svg+xml; font-src 'self' data: fonts.gstatic.com hello.myfonts.net; img-src 'self' *.baidu.com *.bdimg.com data: app.usercentrics.eu www.bitzer-compact.de maps.googleapis.com maps.gstatic.com www.google-analytics.com *.bing.com www.google.com www.google.de c.clarity.ms; connect-src 'self' www.bitzer-compact.de api.usercentrics.eu aggregator.service.usercentrics.eu maps.googleapis.com www.google-analytics.com async-px-eu.dynamicyield.com *.clarity.ms cdn-eu.dynamicyield.com *.baidu.com region1.google-analytics.com 1
default-src * 'unsafe-inline' 'unsafe-eval' blob:; img-src * data: blob: 'unsafe-inline'; font-src * data:; media-src * blob:; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; 1
child-src self; connect-src 'self' *.google-analytics.com *.analytics.google.com https://cdn-cookieyes.com https://log.cookieyes.com; default-src 'self'; font-src 'self' data: https://maxcdn.bootstrapcdn.com; frame-src 'self' *.google.com *.youtube.com; img-src 'self' data: https://i.ytimg.com https://secure.gravatar.com *.google-analytics.com *.analytics.google.com https://cdn-cookieyes.com; manifest-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' *.google.com *.googletagmanager.com *.gstatic.com https://cdn-cookieyes.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; worker-src 'self'; form-action self *.tetratecheurope.com; frame-ancestors 'self'; 1
frame-ancestors 'self' *.icewarp.com 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-55444e84d65f40d0aafcaebe2e5abe92' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' https: data:; font-src 'self' data:; connect-src 'self' https://js.hs-analytics.net https://googleads.g.doubleclick.net https://*.crazyegg.com https://www.googleadservices.com https://px.ads.linkedin.com https://www.google-analytics.com https://forms.hscollectedforms.net https://forms.hsforms.com https://hubspot-forms-static-embed.s3.amazonaws.com; worker-src 'self' blob:; form-action 'self' https://forms.hsforms.com; frame-src 'self' https://qualtricsxm6l72c3mqh.qualtrics.com/ https://td.doubleclick.net/ https://ennovi-staging.mytapplent.com/ https://13836766.fls.doubleclick.net/ www.google.com forms.hsforms.com; frame-ancestors 'self' scanners.acunetix.com online.acunetix.com sca.acunetix.com 54.208.242.36 34.194.143.46 54.201.8.20 54.166.41.175; 1
font-src *.fontawesome.com http://fonts.googleapis.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com https://fonts.gstatic.com *.typekit.net data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.facebook.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ landofcoder.com maps.googleapis.com chart.googleapis.com https://www.googletagmanager.com/ http://www.youtube.com https://vars.hotjar.com *.facebook.com *.pinterest.com *.google.com *.addthis.com c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://images.unsplash.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ https://stats.g.doubleclick.net https://www.google.com http://www.google.com https://www.google.nl http://www.google.nl https://dev.visualwebsiteoptimizer.com http://www.w3.org *.facebook.com *.pinterest.com *.typekit.net *.haveverwarming.nl maps.gstatic.com maps.google.com maps.googleapis.com https://c.clarity.ms *.bing.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com data: 'self'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ s7.addthis.com landofcoder.com maps.googleapis.com chart.googleapis.com http://www.googletagmanager.com/ https://www.googletagmanager.com/ https://static.hotjar.com https://script.hotjar.com https://in.hotjar.com https://polyfill.io http://assets.pinterest.com https://log.pinterest.com https://connect.facebook.net https://googleads.g.doubleclick.net http://www.googletagmanager.com http://dev.visualwebsiteoptimizer.com https://www.google.com https://www.gstatic.com *.pinimg.com *.vimeo.com *.tawk.to *.typekit.net maps.google.com *.moatads.com *.addthis.com *.addthisedge.com https://www.clarity.ms *.avada.io js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com https://maxcdn.bootstrapcdn.com http://maxcdn.bootstrapcdn.com http://fonts.googleapis.com unsafe-inline assets.braintreegateway.com 'self' 'unsafe-inline'; object-src landofcoder.com maps.googleapis.com chart.googleapis.com 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com ekr.zdassets.com/ landofcoder.com maps.googleapis.com chart.googleapis.com http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ https://in.hotjar.com https://vc.hotjar.io *.tawk.to *.pinterest.com *.addthis.com *.google-analytics.com *.googleapis.com https://pagead2.googlesyndication.com https://t.clarity.ms https://get.geojs.io *.avada.io api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
default-src 'none'; form-action 'self' 'report-sample' https://phpmyadmin.adm.tools https://phpmyadmin.mysql.network https://ua.team; child-src 'self'; frame-src 'self' 'report-sample' https://www.facebook.com https://connect.facebook.net https://www.youtube.com https://www.youtube-nocookie.com https://player.vimeo.com https://apis.google.com https://accounts.google.com https://www.google.com https://js.stripe.com https://play.google.com https://pay.google.com; script-src-attr 'report-sample' 'unsafe-inline'; script-src 'self' 'report-sample' https://www.googleadservices.com https://connect.facebook.net https://www.googletagmanager.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://code.highcharts.com https://apis.google.com https://ssl.google-analytics.com https://www.google.com https://www.gstatic.com https://googletagmanager.com https://maps.google.com https://maps.googleapis.com https://translate.google.com https://accounts.google.com https://js.stripe.com https://play.google.com https://pay.google.com 'unsafe-inline'; img-src 'self' 'report-sample' blob: data: https://www.facebook.com https://m.facebook.com https://connect.facebook.net https://*.gstatic.com https://*.google.com https://*.google.ru https://*.google.es https://*.google.fr https://*.google.nl https://*.google.kz https://*.google.by https://*.google.de https://*.google.pl https://*.google.ae https://*.google.md https://*.google.ca https://*.google.hu https://*.google.com.ua https://*.google.com.tr https://*.google.co.uk https://*.google.at https://*.google.az https://*.google.jo https://*.google.be https://*.google.it https://*.google.com.cy https://*.google.com.ph https://*.google.kz https://*.google.co.uz https://*.google.dk https://*.google.se https://*.googleapis.com https://analytics.google.com https://www.google-analytics.com https://cdn.adm.tools/ https://storage.adm.tools/ https://billing.adm.tools/ https://cdn.webmail.online/ https://opendata.cdn.express/ https://staff.cdn.express/ https://www.gravatar.com; connect-src 'self' 'report-sample' http://localhost:3000 ws://localhost:3000 https://socket.ua.team wss://socket.ua.team https://emi.webmail.online wss://emi.webmail.online wss://ctl.adm.tools https://tools.adm.tools wss://tools.adm.tools wss://staff.adm.tools wss://emi.adm.tools wss://cmd.adm.tools https://cmd.adm.tools wss://ssh.adm.tools https://ssh.adm.tools wss://chat.adm.tools https://chat.adm.tools https://cam.ukraine.com.ua https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://sentry.adm.tools https://www.facebook.com https://accounts.google.com https://*.stripe.com https://play.google.com https://pay.google.com https://google.com https://cdn.jsdelivr.net https://*.default-host.net https://sentry.adm.tools https://cdn.adm.tools/; font-src 'self' data: https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://accounts.google.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com; media-src 'self' 'report-sample' 'unsafe-inline' blob: https://cam.ukraine.com.ua https://staff.cdn.express/ https://storage.adm.tools/; manifest-src 'self'; worker-src 'self' blob:; report-uri https://sentry.adm.tools/api/8/security/?sentry_key=05c167ddbc674f3da4da07b891f0bdec; 1
default-src 'self' 'unsafe-inline' data: gap: https://ssl.gstatic.com ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; script-src-elem * https://fonts.googleapis.com httpfs://static.addtoany.com/https://cdn.cookielaw.org https://www.googletagmanager.com/  https://www.google-analytics.com/ https://www.googleadservices.com https://static.hotjar.com https://script.hotjar.com/ https://www.google-analytics.com https://googleads.g.doubleclick.net 'unsafe-inline'; style-src 'self' 'unsafe-inline' http://fonts.googleapis.com https://widget.moin.ai https://css.zohocdn.com https://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://jquery.app https://www.jqueryscript.net https://stackpath.bootstrapcdn.com; img-src * 'self' 'unsafe-inline' data:; font-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://widget.moin.ai https://se-content-b.psplugin.com https://content.psplugin.com https://css.zohocdn.com; connect-src * 'self' 'unsafe-inline' https://unilabs.com https://maps.googleapis.com https://api.moin.ai https://cdn.cookielaw.org https://region1.google-analytics.com https://pagead2.googlesyndication.com https://h.clarity.ms/collect https://stats.g.doubleclick.net https://in.hotjar.com; frame-src 'self' 'unsafe-inline' https://www.facebook.com https://static.addtoany.com https://player.vimeo.com/ https://www.youtube.com/ https://vars.hotjar.com/ https://www.google.com/; 1
default-src 'self';connect-src 'self' https://analytics.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.smartlook.com https://*.smartlook.cloud;font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com;frame-src 'self' https://www.google.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://platform.twitter.com https://www.youtube.com https://m.youtube.com;media-src 'self';img-src 'self' data: https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://syndication.twitter.com https://seal.godaddy.com https://i.ytimg.com https://img.youtube.com;script-src 'self' 'unsafe-inline' https://www.google-analytics.com https://www.googletagmanager.com http://www.googletagmanager.com https://www.google.com https://www.gstatic.com https://*.facebook.com https://*.facebook.net https://*.fbcdn.net https://platform.twitter.com https://seal.godaddy.com https://*.smartlook.com https://*.smartlook.cloud 'unsafe-eval';style-src 'self' 'unsafe-inline';object-src 'none';form-action 'self' https://weldersupply.us15.list-manage.com;frame-ancestors 'self';worker-src blob:;manifest-src 'self';upgrade-insecure-requests ; 1
default-src 'self' https://*.afi.es;			worker-src blob:;			script-src 'self' https://*.afi.es https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.js https://cdnjs.cloudflare.com/ajax/libs/iframe-resizer/4.3.2/iframeResizer.contentWindow.min.js https://media.afi.es 'unsafe-inline' 'unsafe-eval' https://*.msecnd.net\ https://www.google-analytics.com https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com data:;			style-src 'self' 'unsafe-inline' https://*.afi.es https://*.googleapis.com https://cdn.jsdelivr.net/npm/bootstrap-icons@1.9.1/font/bootstrap-icons.css;			img-src 'self' data: https:;			font-src 'self' https://*.gstatic.com data: https://*.afi.es;			connect-src 'self' https://*.googleapis.com https://*.google-analytics.com https://dc.services.visualstudio.com;			frame-src 'self' https://*.afi.es https://*.youtube.com https://*.vimeo.com https://www.google.com https://open.spotify.com;			object-src 'none';			base-uri 'self';			form-action 'self';			frame-ancestors 'self' *.afi.es; 1
upgrade-insecure-requests; frame-ancestors 'self' live.sagepay.com live.opayo.eu.elavon.com www1.beautybase.com; base-uri 'self' 1
default-src 'self'; script-src 'self' ; style-src 'self' 'unsafe-inline' ; img-src *;  report-uri https://idsrv.conveyweb.co.uk/identity/csp/report 1
script-src customer-bff-api-canais.pottencial.com.br pottencial.com.br hefesto.pottencial.com.br empresas.pottencial.com.br paravoce.pottencial.com.br pottencial.chat.blip.ai static.pottencial.com.br seguroresidencial.pottencial.com.br onboarding-biometry-bff-shared.pottencial.com.br customer-app.pottencial.com.br vida-app.pottencial.com.br cdn.jsdelivr.net fonts.googleapis.com unpkg.com www.clarity.ms www.googletagmanager.com s3.amazonaws.com cdn.cookielaw.org privacyportal-br.cdn.onetrust.com connect.facebook.net d335luupugsy2.cloudfront.net cdnjs.cloudflare.com popups.rdstation.com.br geolocation.onetrust.com p.clarity.ms pageview-notify.rdstation.com.br privacyportal-br-cdn.onetrust.com www.google.com www.gstatic.com google-analytics.com 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tabletop.social; img-src 'self' data: blob: https://tabletop.social https://storage.gra.cloud.ovh.net; style-src 'self' https://tabletop.social 'nonce-UegdRlRO6qTbS5zeizq1bA=='; media-src 'self' data: https://tabletop.social https://storage.gra.cloud.ovh.net; frame-src 'self' https:; manifest-src 'self' https://tabletop.social; form-action 'self'; child-src 'self' blob: https://tabletop.social; worker-src 'self' blob: https://tabletop.social; connect-src 'self' data: blob: https://tabletop.social https://storage.gra.cloud.ovh.net wss://tabletop.social; script-src 'self' https://tabletop.social 'wasm-unsafe-eval' 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval'  ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ; 1
report-uri https://soloski.net 1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com www.g.doubleclick.net maps.gstatic.com maps.googleapis.com www.youtube.com cdn.cookielaw.org www.securitasmedia.com securitasmedia.com  www.googletagmanager.com i.ytimg.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat px.ads.linkedin.com;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com https://*.googletagmanager.com munchkin.marketo.net static.hotjar.com script.hotjar.com snap.licdn.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src www.youtube.com tools.euroland.com www.google.com open.spotify.com embed-standalone.spotify.com tools.eurolandir.com www.euroland.com;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com geolocation.onetrust.com ds-onetrust.securitas.com analytics.google.com region1.analytics.google.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat8  836-kbj-029.mktoresp.com  450-xcn-168.mktoresp.com/ ws.hotjar.com wss://ws.hotjar.com/ content.hotjar.io px.ads.linkedin.com;frame-ancestors 'self'; 1
frame-ancestors 'self' goqubit.net ; 1
script-src 'self' 'unsafe-eval'  ; report-uri /api/csp; base-uri 'self'; object-src 'none' 1
base-uri *.dcement.com *.dcement.cn;child-src *.dcement.com *.dcement.cn *.weixin.qq.com https://sugar.aipage.com/ http://quote.eastmoney.com/qihuo/FG406.html;upgrade-insecure-requests 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-VMdkq1WBCvKsF3gNUraABQ==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
default-src 'self' packages.umbraco.org our.umbraco.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ajax.aspnetcdn.com https://cdn.iubenda.com https://player.vimeo.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com; script-src-elem 'self' 'unsafe-inline' https://ajax.aspnetcdn.com https://cdn.iubenda.com https://www.iubenda.com https://player.vimeo.com https://www.google-analytics.com https://www.google.com/recaptcha/ https://www.googletagmanager.com https://www.gstatic.com https://maps.googleapis.com https://snap.licdn.com/li.lms-analytics/ https://www.googleadservices.com; script-src-attr 'unsafe-hashes' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.iubenda.com; object-src 'none'; connect-src 'self' https://www.google-analytics.com https://maps.googleapis.com https://stats.g.doubleclick.net; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://player.vimeo.com https://www.youtube.com https://www.youtube-nocookie.com https://www.slideshare.net https://www.google.com/recaptcha/ https://www.google.com/maps/ https://www.gstatic.com/recaptcha/ https://www.iubenda.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.google.com/ads/ https://googleads.g.doubleclick.net https://px.ads.linkedin.com https://p.adsymptotic.com https://dashboard.umbraco.org data: www.gravatar.com umbraco.tv umbraco.org; media-src 'self' https://player.vimeo.com; worker-src 'none'; 1
frame-ancestors 'self' https://apotheek.nl 1
default-src 'self' https: data: 'unsafe-inline'; connect-src 'self' https: wss: 'unsafe-eval' 1
default-src 'self' 'unsafe-inline' https: 1
frame-ancestors 'self' https://copeland.pathfactory.com 1
frame-ancestors 'self' https://*.eqs.com 1
script-src 'self' 'unsafe-eval' 'unsafe-inline' https://widget.freshworks.com; object-src 'none'; frame-src https://www.corecommissions.net:* https://www.corecommissions.net/ https://widget.freshworks.com/ 1
default-src 'none'; base-uri 'none'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; media-src 'self'; frame-src 'none'; font-src 'none'; connect-src 'none'; frame-ancestors https://www.worldmaster.fr/js/; form-action 'self'; 1
prefetch-src 'none' 1
default-src 'self' * https://app-scl.five9.com https: data: 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors 'self' https://*.plugshare.com *.google-analytics.com *.analytics.google.com 1
default-src 'self' 'unsafe-inline'; img-src 'self' * data: 'unsafe-inline'; object-src 'none'; base-uri 'self'; frame-src 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; media-src 'self' 'unsafe-inline'; worker-src 'none'; script-src 'self' https://www.google-analytics.com https://edge.fullstory.com https://widget.intercom.io https://ok1static.oktacdn.com https://az416426.vo.msecnd.net https://maps.google.com https://static.zdassets.com https://assets.zendesk.com https://maps.googleapis.com 'unsafe-inline' 'unsafe-eval' ; font-src 'self' https://ok1static.oktacdn.com https://fonts.gstatic.com data: 'unsafe-inline'; style-src 'report-sample' 'self' https://newtaxi-login.corcoran.com https://ok1static.oktacdn.com https://cloud.typography.com https://fonts.googleapis.com 'unsafe-inline' ; report-uri https://620eef3a8fbf6d96ac8e965b.endpoint.csper.io/?v=1 'unsafe-inline'; connect-src 'self' https://mediaapp.vestahub.com https://securityapi.vestahub.com https://api-my.citihabitats.com https://corcoranit.zendesk.com https://ekr.zdassets.com https://maps.googleapis.com https://api-act.vestahub.com https://newtaxi-dataapi.corcoran.com https://newtaxi-login.corcoran.com https://newtaxi.corcoran.com https://newtaxi-searchapi.corcoran.com https://presentationsservice.corcoranlabs.com *.visualstudio.com 'unsafe-inline'; frame-ancestors 'self' *; 1
default-src 'self' blob: http://auction.hermann-historica.de/api/ http://auction.local.hermann-historica.de:81/api/ http://auction.hermann-historica.de.adherhi.dev.arrabiata.de/api/ https://*.tokbox.com https://*.opentok.com wss://*.tokbox.com https://cdn.polyfill.io/v2/polyfill.min.js https://maxcdn.bootstrapcdn.com/font-awesome/ https://stackpath.bootstrapcdn.com/font-awesome/ wss://*.bidjs.com *.bidjs.com *.shopware.de  *.shopware.com secure.pay1.de www.googletagmanager.com tagmanager.google.com www.google-analytics.com *.analytics.google.com cdnjs.cloudflare.com analytics.google.com stats.g.doubleclick.net code.jquery.com www.youtube.com www.youtube-nocookie.com https://connect.facebook.net/ https://www.facebook.com/ 'unsafe-inline' 'unsafe-eval'; img-src 'self' blob: data: img.youtube.com https://sbp-plugin-images.s3.amazonaws.com/ https://sbp-plugin-images.s3.eu-west-1.amazonaws.com/ https://*.amazonaws.com/sbp-plugin-images/ https://res.cloudinary.com/bidlogix/ https://res.cloudinary.com/bidlogix-test/ https://res.cloudinary.com/bidlogix-staging/ https://brighton-staging.eu-central-1.bidjs.com/ https://media.bidjs.com/ https://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.googletagmanager.com/ https://www.google.com/ads/ https://www.google.de/ads/ https://ssl.gstatic.com/ https://www.gstatic.com/ https://www.facebook.com/tr/ 1
frame-ancestors 'self' http://localhost:* https://localhost:* https://celo-development.sanity.studio https://hello.celohealth.com/* https://app.hubspot.com/* *.hubspotpreview-na1.com/* 1
script-src 'self' 'unsafe-inline' 'unsafe-eval' iongroup.wpengine.com * www.googletagmanager.com maps.googleapis.com www.google.com ajax.googleapis.com en25.com d10lpsik1i8c69.cloudfront.net google-analytics.com analytics.google.com www.google-analytics.com; 1
default-src 'self' *.msxi.com *.vimeo.com i.vimeocdn.com *.vimeocdn.com *.youtube.com *.google.com *.youtube-nocookie.com *.licdn.com i.ytimg.com *.buzzsprout.com *.google-analytics.com *.googletagmanager.com *.ads.linkedin.com stats.g.doubleclick.net msxi.us12.list-manage.com cdn-images.mailchimp.com *.sliderrevolution.com; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 'unsafe-eval' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-pTla4nQVcVAeVJFBelFQ4pTEUDXTPzofVHpYmlVudXO5PYQT' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self' *.hsforms.net;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://popupmaker.com https://*.googletagmanager.com https://*.bronto.com wss://*.hotjar.com https://snapwidget.com https://*.nr-data.net https://*.newrelic.com https://*.calendly.com https://*.flodesk.com https://*.getsitecontrol.com https://*.sharethis.com https://*.vistag.com https://*.privy.com https://*.zopim.com https://*.zdassets.com *.mailchimp.com *.hotjar.com http://localhost:* https://*.powr.io https://*.tawk.to https://*.pinterest.com https://cdn.lightwidget.com js.hs-scripts.com https://unpkg.com https://www.google.com *.google.com *.google-analytics.com http://js.hs-analytics.net https://cdn.firebase.com https://cdnjs.cloudflare.com https://d2zah9y47r7bi2.cloudfront.net https://*.firebaseio.com https://*.vo.msecnd.net https://browser-update.org https://api.instagram.com *.fonts.net/ http://browser-update.org http://cdn.datatables.net http://cdn.heapanalytics.com *.googleapis.com/ https://www.googletagmanager.com https://use.typekit.net https://chat.milittisales.com https://crm.imaxcorp.com *.list-manage.com https://ct.capterra.com http://lightwidget.com https://cdn.jsdelivr.net *.googleadservices.com https://www.gstatic.com https://chimpstatic.com https://*.facebook.net/ *.segment.com/ https://api.segment.io https://s.yimg.com http://sp.analytics.yahoo.com *.driftt.com *.tokenex.com https://browser.sentry-cdn.com https://js.sentry-cdn.com *.smartlook.cloud *.hsadspixel.net https://*.hsforms.net https://*.hsforms.com https://*.hs-scripts.com https://*.hs-banner.com https://*.doubleclick.net https://*.localizecdn.com https://s.pinimg.com/ct/core.js https://s.pinimg.com;object-src 'self' https://repzio-azurefunctions-pdfgenerator.azurewebsites.net;style-src 'self' 'unsafe-inline' https://popupmaker.com https://*.privy.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com *.fonts.net https://fonts.googleapis.com http://cdn.datatables.net https://cdn-images.mailchimp.com https://use.fontawesome.com https://translate.googleapis.com;img-src 'self' https://snapwidget.com https://popupmaker.com https://google-analytics.com https://*.sharethis.com https://*.privy.com https://privymktg.com https://*.zdassets.com *.mailchimp.com data: https://*.jsdelivr.net https://*.tawk.to track.hubspot.com https://studiowebware.secure.force.com https://heapanalytics.com https://images.unsplash.com http://via.placeholder.com https://www.google.com *.google.com https://www.google-analytics.com *.google-analytics.com *.gstatic.com https://maps.googleapis.com *.googleapis.com https://usage.trackjs.com *.global.ssl.fastly.net *.repzio.com https://b2bbucket.s3.amazonaws.com https://s3.amazonaws.com https://scontent.cdninstagram.com http://cdn.datatables.net https://tradegecko-images.s3.amazonaws.com https://stats.g.doubleclick.net https://cdn.b2bdirect.io https://assets.bwconnect.com https://googleads.g.doubleclick.net https://www.facebook.com https://salesrepimages.s3.amazonaws.com *.fonts.net/ https://p.typekit.net https://*.localizecdn.com https://*.junipercdn.com https://ct.pinterest.com;media-src 'self' https://*.privy.com https://*.zdassets.com https://b2bbucket.s3.amazonaws.com https://player.vimeo.com http://www.greenhillaudio.com https://images.junipercdn.com;frame-src 'self' https://*.captur3d.io/ https://*.matterport.com/ https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://snapwidget.com https://*.aftermkt.com https://popupmaker.com https://momento360.com https://calendly.com https://kuula.co https://*.activemerchandiser.com https://*.hotjar.com https://c.sharethis.mgr.consensu.org https://*.sharethis.com https://*.privy.com *.list-manage.com/ *.driftt.com https://*.tawk.to https://*.powr.io https://*.facebook.com https://cdn.lightwidget.com https://studiowebware.secure.force.com https://player.vimeo.com https://www.youtube.com https://*.firebaseio.com https://www.google.com https://showroom.gso360.com https://*.issuu.com https://*.repzio.com https://crm.imaxcorp.com http://lightwidget.com https://repzio-azurefunctions-pdfgenerator.azurewebsites.net *.tokenex.com/;font-src 'self' https://b2bbucket.s3.amazonaws.com https://*.vistag.com https://*.privy.com https://*.zdassets.com https://*.tawk.to https://cdn.lightwidget.com https://cdn.joinhoney.com data: *.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://fonts.gstatic.com https://use.typekit.net https://use.fontawesome.com;connect-src 'self' https://*.googletagmanager.com https://*.bronto.com https://*.nr-data.net wss://*.hotjar.com https://popupmaker.com https://*.popupmaker.com https://*.flodesk.com https://*.getsitecontrol.com *.hotjar.com https://*.sharethis.com https://*.vistag.com https://*.privy.com ws://*.zopim.com https://*.zopim.com https://*.zendesk.com https://*.zdassets.com ws://*.tawk.to https://*.tawk.to https://*.powr.io ws://192.168.1.124:* ws://10.0.0.133:* ws://localhost:* http://localhost:* https://b2bbucket.s3.amazonaws.com https://repziowebapizipcodes.azurewebsites.net https://maps.googleapis.com wss://*.firebaseio.com https://capture.trackjs.com https://clconnect.coltonlane.com https://dc.services.visualstudio.com https://repziotest.azurewebsites.net https://crm.imaxcorp.com https://*.repzio.com https://api.segment.io https://www.google-analytics.com *.google-analytics.com *.azurewebsites.net https://repzio.azure-api.net https://performance.typekit.net https://tearsheetsgeneration.blob.core.windows.net *.sentry.io *.smartlook.cloud *.hsadspixel.net https://*.amazonaws.com https://*.localizecdn.com *.segment.com/ https://ct.pinterest.com;report-uri /WebResource.axd?cspReport=true 1
default-src 'self' edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com cdn.jsdelivr.net geoid.investisdigital.com cookiemanager.investisdigital.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com qaotp.tools.investisdigital.com www.google-analytics.com stats.g.doubleclick.net cdn.linkedin.oribi.io region1.google-analytics.com bcove.video assets.investisdigital.com *.linkedin.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdnjs.cloudflare.com ict.infinity-tracking.net www.gstatic.com viz.tools.investis.com www.google.com maps.googleapis.com maps.google.com www.linkedin.com ajax.googleapis.com pi.pardot.com bam.nr-data.net *.googletagmanager.com *.google-analytics.com sjs.bizographics.com connect.facebook.net *.jquery.com irs.tools.investis.com *.hotjar.com px.ads.linkedin.com d2wy8f7a9ursnm.cloudfront.net ssl.p.jwpcdn.com js-agent.newrelic.com cdn.jsdelivr.net edge.api.brightcove.com *.googleapis.com www.youtube.com youtube.com s.ytimg.com unpkg.com *.investis-live.com *.investisdigital.com player.vimeo.com geoid.investisdigital.com cookiemanager.investisdigital.com house-fastly-signed-eu-west-1-prod.brightcovecdn.com www.recaptcha.net  otp.tools.investis.com www.recaptcha.net players.brightcove.net https://snap.licdn.com  *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; style-src 'self' 'unsafe-inline' 'unsafe-eval' viz.tools.investis.com fonts.googleapis.com fonts.gstatic.com maxcdn.bootstrapcdn.com cdnjs.cloudflare.com cdn.jsdelivr.net *.investis-live.com *.investisdigital.com fast.fonts.net www.googletagmanager.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; img-src 'self' 'unsafe-inline' * data:; media-src 'self' 'unsafe-inline' * data: edge.api.brightcove.com viz.tools.investis.com *.media.brightcove.com *.youtube.com player.vimeo.com brightcove.hs.llnwd.net  house-fastly-signed-eu-west-1-prod.brightcovecdn.com; frame-src 'self' *.investis.com www.google.com ir.tools.investis.com staticxx.facebook.com www.youtube.com player.vimeo.com players.brightcove.net house-fastly-signed-eu-west-1-prod.brightcovecdn.com *.zscaler.net *.zscalerone.net *.zscalertwo.net *.zscalerthree.net *.zscloud.net; font-src 'self' 'unsafe-inline' data: fonts.googleapis.com fonts.gstatic.com viz.tools.investis.com themes.googleusercontent.com maxcdn.bootstrapcdn.com api2.fonts.com https://cdnjs.cloudflare.com 1
default-src * 'self' https://pic.yeshiva.org.il *.yeshiva.org.il *.yeshiva.co https://securepubads.g.doubleclick.net *.safeframe.googlesyndication.com *.googlesyndication.com https://www.googletagmanager.com https://cdn.rtlcss.com https://www.gstatic.com https://accessibility.f-static.com https://adservice.google.co.il https://fonts.gstatic.com *.gstatic.com https://yeshiv.activetrail.biz *.youtube.com https://closeapp.co.il *.googleapis.com *.google.com https://www.charidy.com *.facebook.com https://www.youtube-nocookie.com https://youtu.be https://trailer.web-view.net *.hotjar.com *.crwdcntrl.net *.doubleclick.net *.sekindo.com https://console.googletagservices.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://www.googleadservices.com https://browser-update.org https://ssl.google-analytics.com *.google-analytics.com https://www.google.co.il *.google.co.il https://cdnjs.cloudflare.com https://www.googletagservices.com *.cloudflare.com https://angular-ui.github.io https://maxcdn.bootstrapcdn.com https://csp.withgoogle.com data: blob: 'unsafe-inline'; font-src *; style-src * 'unsafe-inline'; frame-ancestors *; 1
default-src https:; object-src https:; media-src https:; img-src https: data:; frame-ancestors https:; frame-src https:; font-src https: data:; connect-src https:; script-src 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; 1
frame-ancestors 'self' https://*.storyblok.com 1
default-src 'self' https://uploads-ssl.webflow.com; script-src 'self' 'nonce-NjBmYjFkODctMmNhOC00YmVlLTg4YmItZmY4ZmZhNTQzMWQw' 'strict-dynamic' '' ; style-src 'self' 'unsafe-hashes'; img-src 'self' blob: data: 'nonce-NjBmYjFkODctMmNhOC00YmVlLTg4YmItZmY4ZmZhNTQzMWQw' https://uploads-ssl.webflow.com; font-src 'self' 'nonce-NjBmYjFkODctMmNhOC00YmVlLTg4YmItZmY4ZmZhNTQzMWQw'; frame-src https://www.youtube.com https://www.youtube-nocookie.com 'nonce-NjBmYjFkODctMmNhOC00YmVlLTg4YmItZmY4ZmZhNTQzMWQw'; object-src 'none'; base-uri 'self' 'nonce-NjBmYjFkODctMmNhOC00YmVlLTg4YmItZmY4ZmZhNTQzMWQw'; form-action 'self' 'nonce-NjBmYjFkODctMmNhOC00YmVlLTg4YmItZmY4ZmZhNTQzMWQw'; frame-ancestors 'none' ; block-all-mixed-content; upgrade-insecure-requests; connect-src 'self' https://www.formica.ai; 1
base-uri 'self';           font-src * data:;           frame-ancestors 'self';           object-src 'none'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-P8rcp6t6KF9BxI3908BQ6jt3r168vf03n+RWj77FFpLdn8UL' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'none'; script-src https://cdn.matomo.cloud https://*.usercentrics.eu 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com https://netlify-cdp-loader.netlify.app; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://*.ctfassets.net https://res.cloudinary.com https://*.usercentrics.eu; font-src 'self'; connect-src 'self' https://*.usercentrics.eu https://jvm.matomo.cloud https://jvm.matomo.cloudmatomo.php; media-src 'self' https://*.ctfassets.net https://res.cloudinary.com; object-src 'none'; frame-src 'self' https://app.netlify.com; worker-src 'self'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'self'; manifest-src 'self' 1
default-src *  data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline'; 1
frame-ancestors 'self' https://www.trade.gov 1
default-src 'self'; connect-src 'self' *.gstatic.com *.googlesyndication.com *.googleapis.com *.facebook.com *.amazon.com *.doubleclick.net googleads.g.doubleclick.net *.android.com *.google-analytics.com *.google.ca; script-src 'self' *.google-analytics.com *.googleapis.com *.google.com google.com *.googlesyndication.com gstatic.com *.gstatic.com *.googleadservices.com *.googletagservices.com connect.facebook.net *.facebook.com *.typekit.net *.typekit.com *.twitter.com *.loginwithamazon.com *.doubleclick.net *.android.com *.webglearth.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' use.typekit.net *.gstatic.com *.doubleclick.net googleads.g.doubleclick.net; img-src 'self' * blob: data:; child-src 'none'; frame-src 'self' *.gstatic.com *.facebook.net *.facebook.com *.twitter.com *.google.com *.googlesyndication.com *.amazon.com *.doubleclick.net googleads.g.doubleclick.net; worker-src 'self' blob:; font-src 'self' *.typekit.net; 1
default-src  'self' blob:; media-src  'self'; script-src  'unsafe-inline' 'unsafe-eval' https 'self' blob: https://www.google.com https://*.linkedin.com https://*.googletagmanager.com https://*.google-analytics.com https://code.jquery.com/ https://*.facebook.net https://static.ctctcdn.com/ https://cdnjs.cloudflare.com/ https://www.gstatic.com/ https://unpkg.com/; connect-src  https 'self' https://*.google-analytics.com https://*.google.com; style-src  https 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.cdnfonts.com https://unpkg.com; font-src  https 'self' data: https://fonts.gstatic.com https://fonts.cdnfonts.com; img-src  https 'self' data: https://*.linkedin.com https://*.google-analytics.com https://*.google.com https://www.googletagmanager.com/ https://*.basemaps.cartocdn.com/ https://*.tile.openstreetmap.org/; frame-src  https 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://patterson2023rd.q4web.com; frame-ancestors   https 'self'; object-src   'none'; 1
default-src 'self' blob: https://*.akamaihd.net; img-src 'self' data: https://images.ctfassets.net/ https://*.azure.net https://americanspecialtyhealth.nanorep.co https://*.hubspot.com https://*.hsforms.com https://*.fod247.io https://*.amazonaws.com http://*.boldchat.com https://*.boldchat.com http://via.placeholder.com/ https://seal.websecurity.norton.com https://*.internal.ashfitness.net/ https://*.ashconnect.com http://*.gstatic.com http://*.googleapis.com https://app.validic.com https://*.typekit.net https://*.ashcompanies.com https://*.api.ashcompanies.com https://*.googleapis.com  https://csi.gstatic.com https://www.google-analytics.com http://www.google-analytics.com https://stats.g.doubleclick.net/ https://www.facebook.com/ https://www.google.com/ https://dev.api.healthyroads.com https://stg.api.healthyroads.com/ https://preprod.api.healthyroads.com https://api.healthyroads.com/ https://www.googletagmanager.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://cdn.fod247.com https://*.ooyala.com https://*.brightcove.com https://*.boltdns.net https://*.choosehealthy.com https://*.akamaihd.net https://*.googleadservices.com https://*.doubleclick.net https://assets.prod.validic.com; media-src 'self' blob: https://*.silverandfit.com/ http://*.boldchat.com https://*.boldchat.com https://*.internal.ashfitness.net https://dev.api.healthyroads.com  https://preprod.api.healthyroads.com  https://api.healthyroads.com/ https://stg.api.healthyroads.com/ https://*.api.ashcompanies.com https://*.ooyala.com https://*.akamaized.net https://*.choosehealthy.com https://*.boltdns.net https://*.akamaihd.net https://*.azure.net https://*.ptrx.org https://*.amazonaws.com; frame-src 'self' data: application/pdf 'unsafe-inline' https://*.api.ashcompanies.com https://vimeo.com/ http://*.boldchat.com https://*.boldchat.com https://www.youtube.com/  https://www.facebook.com/ https://connect.facebook.net/ https://*.vimeo.com https://api.recurly.com/ https://*.networksearch.api.ashcompanies.com https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.choosehealthy.com https://youtu.be/ https://*.usw2.pure.cloud; font-src 'self' 'unsafe-inline' data: http://*.boldchat.com https://*.boldchat.com https://*.api.ashcompanies.com/ https://*.ashconnect.com http://*.gstatic.com https://*.typekit.net https://*.ui.api.ashcompanies.com https://fonts.gstatic.com http://fonts.gstatic.com https://*.ooyala.com https://*.choosehealthy.com; connect-src 'self' blob: wss://*.bold360.com https://*.applicationinsights.azure.com https://www.google-analytics.com https://ak-use.akamaized.net/ https://metrics-api.librato.com http://americanspecialtyhealth.nanorep.co https://visitor-services.nanorep.com http://*.boldchat.com https://*.boldchat.com https://*.silverandfit.com https://silverandfit.com http://dc.services.visualstudio.com/v2/track https://dc.services.visualstudio.com/v2/track https://api.healthyroads.com/ https://*.api.healthyroads.com https://*.ashconnect.com https://*.activeandfit.com https://activeandfit.com https://*.exerciserewards.com https://*.typekit.net/ https://*.api.ashcompanies.com https://api.recurly.com https://connect.facebook.net https://dc.services.visualstudio.com/ https://*.choosehealthynext.com https://*.ooyala.com https://*.bitmovin.com https://*.brightcove.com https://*.boltdns.net https://stats.g.doubleclick.net https://*.akamaihd.net https://*.choosehealthy.com https://*.azure.net https://*.ashcompanies.com https://*.azurefd.net https://*.azure-api.net https://*.hubspot.com https://*.ashcompanies.com https://*.googleapis.com https://*.facebook.com https://syncmydevice.com https://www.google.com https://googleads.g.doubleclick.net https://*.amazonaws.com https://*.usw2.pure.cloud wss://*.usw2.pure.cloud; worker-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.ssqt.io https://*.hs-scripts.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://www.googleoptimize.com http://americanspecialtyhealth.nanorep.co http://*.boldchat.com https://*.boldchat.com https://seal.verisign.com/ https://*.typekit.net http://noembed.com/ https://noembed.com/ https://api.healthyroads.com https://*.ui.api.ashcompanies.com/ https://*.api.ashcompanies.com https://*.api.healthyroads.com https://*.exerciserewards.com http://tagmanager.google.com https://tagmanager.google.com http://*.googleapis.com https://js.recurly.com/v4/recurly.js  https://www.googletagmanager.com http://www.google-analytics.com/ https://www.google-analytics.com/ https://analytics.clickdimensions.com https://az416426.vo.msecnd.net/ https://connect.facebook.net/ http://analytics.clickdimensions.com/ https://optimize.google.com http://optimize.google.com https://*.choosehealthynext.com https://*.ooyala.com https://*.brightcove.net https://*.gstatic.com https://*.choosehealthy.com https://*.ashcompanies.com https://*.googleadservices.com https://*.hsadspixel.net https://js.monitor.azure.com https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js https://googleads.g.doubleclick.net https://apps.usw2.pure.cloud; style-src 'self' http://*.boldchat.com https://*.boldchat.com https://js.recurly.com/ http://tagmanager.google.com https://tagmanager.google.com https://*.googleapis.com http://*.googleapis.com https://api.healthyroads.com/ https://*.api.ashcompanies.com/ https://*.api.healthyroads.com https://*.choosehealthynext.com 'unsafe-inline' https://optimize.google.com https://seal.websecurity.norton.com http://optimize.google.com https://*.ooyala.com https://*.googletagmanager.com https://*.typekit.net; child-src 'self' 'unsafe-inline' blob: data:; frame-ancestors 'self' https://vimeo.com/ https://*.choosehealthy.com; object-src 'self' data: application/pdf  blob: filesystem:; 1
default-src 'self';script-src 'report-sample' 'self' 'unsafe-inline'  https://*.google-analytics.com/ https://*.googleapis.com/ https://*.doubleclick.net/ https://*.hs-analytics.net/ https://*.hsforms.net/ https://*.hs-banner.com/ https://*.hs-scripts.com/ https://*.storyblok.com/ https://*.bing.com/ https://*.facebook.net/ https://cookiehub.net/ https://js.monitor.azure.com/ https://*.hotjar.com/ https://snap.licdn.com/ https://*.clarity.ms/ https://*.googletagmanager.com/ https://*.redditstatic.com/ https://*.leadinfo.net https://*.hsadspixel.net;style-src 'report-sample' 'self' 'unsafe-inline' https://cookiehub.net/ https://*.googleapis.com/;object-src 'none';base-uri 'self';connect-src 'self' wss://*.hotjar.com/ https://*.hsforms.com/ https://*.s3.amazonaws.com https://*.facebook.com/ https://*.hotjar.io/ https://*.hotjar.com/ https://*.oribi.io/ https://*.doubleclick.net/ https://www.google-analytics.com/ https://*.google.com/ https://*.google.nl/ https://*.googleapis.com https://*.cookiehub.net/ https://*.azure-api.net/ https://*.azurefd.net/ https://*.storyblok.com https://*.bing.com/ https://*.visualstudio.com/ https://*.google-analytics.com/ https://*.clarity.ms/ https://*.leadinfo.net/ https://*.leadinfo.com/ https://*.hubapi.com/ https://*.ordina.com/;font-src 'self' https://*.googleapis.com/ https://*.gstatic.com/;frame-src 'self' https://www.youtube.com/ https://*.vimeo.com/ https://*.hsforms.com/ https://*.companywebcast.com/ https://*.doubleclick.net/;img-src 'self' 'unsafe-inline' https://www.google-analytics.com/ https://googletagmanager.com/ https://*.hubspot.com/ https://*.clarity.ms/ https://www.google.com/ https://www.google.nl/ https://*.hsforms.com/ data: https://*.googleapis.com/ https://*.gstatic.com/ https://a.storyblok.com/ https://*.reddit.com/ https://*.bing.com/ https://*.linkedin.com/ https://www.facebook.com/;manifest-src 'self';media-src 'self' https://a.storyblok.com/;worker-src 'none';frame-ancestors https://*.storyblok.com/; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' hyperion-project.org www.gstatic.com/recaptcha/ www.google.com/recaptcha/ ;img-src https: data: ; object-src 'none' 1
frame-ancestors 'self' localhost http://localhost:1802 https://localhost:44331 *.serviceinfo.se *.netonnet.se *.netonnet.no *.scandinavianphoto.se *.scandinavianphoto.no *.scandinavianphoto.fi *.scandinavianphoto.dk; frame-src 'self' https://localhost:444 https://localhost:446 *.serviceinfo.se *.netonnet.se; form-action 'self' https://localhost:446 https://localhost:444 *.serviceinfo.se *.dibspayment.eu; default-src data: blob: 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net *.fontawesome.com *.google-analytics.com fonts.gstatic.com *.scandinavianphoto.se; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com cdn.jsdelivr.net *.fontawesome.com https://nosir.github.io; script-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' *.fontawesome.com fonts.googleapis.com; style-src-attr 'self' 'unsafe-inline'; img-src data: blob: 'self' *.google-analytics.com; 1
default-src 'self' www.google-analytics.com www.youtube.com stats.g.doubleclick.net https://*.guidingtube.com *.readspeaker.com betabovenijnl.perplex.eu bovenij.nl bovenijnl.prod.perplex.eu;              child-src 'self' www.youtube.com player.vimeo.com www.google.com https://*.guidingtube.com;              script-src 'self' 'unsafe-inline' 'unsafe-eval' s.ytimg.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com  www.perplex.nl ajax.aspnetcdn.com player.vimeo.com www.googletagmanager.com *.readspeaker.com;              style-src 'self' 'unsafe-inline' *.readspeaker.com https://fonts.googleapis.com;              img-src 'self' data: services.perplex.eu www.google-analytics.com www.perplex.nl www.google.com www.google.nl stats.g.doubleclick.net betabovenijnl.perplex.eu bovenij.nl bovenijnl.prod.perplex.eu https://www.github.com https://www.bing.com https://our.umbraco.com;              font-src 'self' data: https://fonts.gstatic.com;              form-action 'self' secure.ogone.com;              upgrade-insecure-requests; block-all-mixed-content; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://darkfriend.social; img-src 'self' https: data: blob: https://darkfriend.social; style-src 'self' https://darkfriend.social 'nonce-ko/OViAPqYye05MHC8/CDg=='; media-src 'self' https: data: https://darkfriend.social; frame-src 'self' https:; manifest-src 'self' https://darkfriend.social; form-action 'self'; child-src 'self' blob: https://darkfriend.social; worker-src 'self' blob: https://darkfriend.social; connect-src 'self' data: blob: https://darkfriend.social https://cdn.masto.host wss://darkfriend.social; script-src 'self' https://darkfriend.social 'wasm-unsafe-eval' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'nonce-XCA2q0kTCoN1BddSqjQ715OA' 'strict-dynamic';object-src 'none';style-src 'self' 'unsafe-inline' 'nonce-Ve9JATqIhTuXJDXYUQerWq9u' *.google.com https://fonts.googleapis.com/css;img-src 'self' https://www.trustmarksolutions.com https://i.vimeocdn.com *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com www.google-analytics.com www.googletagmanager.com *.linkedin.com *.cloudfront.net *.adsymptotic.com *.bc0a.com *.b0e8.com *.ytimg.com;media-src 'self' dai.google.com;frame-src 'self' https://www.trustmarkins.com *.trustmarkbenefits.com *.pegacloud.net *.doubleclick.net *.google.com *.googlesyndication.com *.vimeo.com *.youtube.com;font-src 'self' https://fonts.googleapis.com/css https://fonts.gstatic.com;connect-src 'self' *.trustmarkbenefits.com *.doubleclick.net *.google.com *.googlesyndication.com *.googleapis.com www.googleadservices.com wss://*.visitors.live wss://*.luckyorange.com *.luckyorange.com *.luckyorange.net *.paradox.ai wss://*.paradox.ai wss://*.lottiefiles.com *.lottiefiles.com *.lottiefiles.net https://www.google-analytics.com https://public-auth-dot-lucky-orange.appspot-preview.com https://in.visitors.live https://cdn.linkedin.oribi.io;base-uri 'self';child-src *.doubleclick.net *.google.com *.googlesyndication.com;form-action 'self' *.google.com webto.salesforce.com;frame-ancestors 'self' https://www.trustmarkins.com *.trustmarkbenefits-qa.com.bizstreamdev03.com/ *.trustmarkbenefits.com;worker-src blob: www.google.com 1
default-src 'self' 'unsafe-eval' *.odigo.com; style-src 'self' 'unsafe-inline' *.jsdelivr.net *.wp.com *.odigo.com *.googleapis.com *.sociablekit.com *.bootstrapcdn.com *.azureedge.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com *.vimeo.com *.player.vimeo.com *.jsdelivr.net *.soundcloud.com *.licdn.com *.parsely.com *.youtube.com *.sociabble.com *.sociablekit.com *.wp.com *.matomo.cloud *.hotjar.com *.odigo.com *.licdn.com *.azureedge.net *.google.com *.google-analytics.com *.googletagmanager.com *.cloudflare.com *.gaconnector.com *.googleapis.com *.googleadservices.com www.gstatic.com *.cookiebot.com *.doubleclick.net; img-src * data:; connect-src 'self' *.oribi.io *.accentapi.com *.linkedin.oribi.io *.doubleclick.net *.parsely.com *.matomo.cloud *.google.com *.googleapis.com *.google-analytics.com wss://*.wordpress.com wss://*.hotjar.com *.hotjar.com *.hotjar.io *.azureedge.net *.cookiebot.com *.dynamics.com; font-src 'self' *.jsdelivr.net *.googleapis.com *.wp.com *.odigo.com data:; frame-src 'self' calendly.com *.calendly.com *.cloudflare.com *.soundcloud.com *.google.com *.googlesyndication.com *.wp.com *.dynamics.com *.hotjar.com *.cookiebot.com *.youtube.com *.vimeo.com *.DoubleClick.net; upgrade-insecure-requests; report-uri https://odigo.mabronet.pl/report.php 1
default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval' *.infotechexpress.com infotechinc.zendesk.com *.zdassets.com *.google-analytics.com *.stripe.com *.cloudflare.com *.hotjar.com wss://*.hotjar.com; frame-ancestors 'self' https: *.appia.net *.bidexpress.com *.docexpress.com *.infotechinc.com 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.addtoany.com  https://*.ads-twitter.com https://*.adsymptotic.com  https://*.advancedcustomfields.com https://*.akamaihd.net https://*.altmetric.com https://*.baidu.com https://*.bizographics.com https://*.bootstrapcdn.com https://*.buzzsprout.com https://*.cloudflare.com https://*.cloudflareinsights.com https://*.cloudfront.net https://*.cnzz.com https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.fontawesome.com https://*.formstack.com https://*.fullstory.com https://*.github.io https://*.google-analytics.com https://*.google.be https://*.google.co.uk https://*.google.com https://*.googleadservices.com https://*.googleadservices.com https://*.googleapis.com https://*.googletagmanager.com  https://*.gravatar.com https://*.gravityforms.com  https://*.gravityforms.local https://*.gstatic.com https://*.hotjar.com https://*.hotjar.io https://*.imagify.io https://*.jquery.com https://*.jsdelivr.net https://*.licdn.com https://*.linkedin.com https://*.netdna-ssl.com https://*.newrelic.com https://*.pardot.com https://*.paypalobjects.com https://*.ravenjs.com https://*.sharethis.com https://*.soundcloud.com  https://*.tablepress.org https://*.tablepress.org https://*.tandf.co.uk https://*.tandfonline.com  https://*.taylorandfrancis.com https://*.twimg.com https://*.twitter.com https://*.typekit.net https://*.vimeo.com https://*.w.org https://*.wistia.com https://*.wp.com https://*.wpengine.co.uk https://*.wpengine.com https://*.wpengineapi.com https://*.wpmudev.org https://*.yoast.com https://*.youku.com https://*.youtube.com https://*.yumpu.com https://abc123-wpengine.netdna-ssl.com https://bam.eu01.nr-data.net https://cnzz.mmstat.com https://i.ytimg.com https://imagify.io https://placehold.it https://t.co https://tandfapi.co.uk https://wpengine.com https://wpmudev.com https://yoast.com https://*.thinglink.com https://*.thinglink.me https://servedbyadbutler.com https://bioethicstoday.org 1
frame-ancestors 'self' https://*.freakyaces.com https://*.decta.com; 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://connect.facebook.net https://google-analytics.com https://graph.facebook.com https://googletagmanager.com https://js.facebook.com https://kit.fontawesome.com https://ssl.google-analytics.com https://secure.statcounter.com https://tagmanager.google.com https://use.fontawesome.com https://www.google-analytics.com https://www.gstatic.com https://www.google.com https://www.googletagmanager.com;style-src 'self' 'report-sample' 'unsafe-inline' *.fontawesome.com cdnjs.cloudflare.com fonts.googleapis.com tagmanager.google.com www.googletagmanager.com;object-src 'none';child-src 'self' www.google.com *.facebook.com connect.facebook.net www.googletagmanager.com;base-uri 'self';form-action 'self' *.facebook.com connect.facebook.net webapps.paydq.com;worker-src 'self'; 1
frame-ancestors https://dwpx1.glds.com https://www.glds.com https://glds.com https://mybroadbandaccount.com; 1
script-src 'self' 'unsafe-inline' ajax.cloudflare.com www.google-analytics.com www.googletagmanager.com; 1
default-src 'self';connect-src 'self' https://* https://app.getgrasp.com:9081;img-src 'self' https://* data:;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* http://cdn.jsdelivr.net;script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' https://* http://* https://api.addressnow.co.uk http://cdn.jsdelivr.net;style-src 'self' 'unsafe-inline' https://* data: https://api.addressnow.co.uk;frame-src 'self' https://* http://www.youtube.com/ https://www.youtube.com/;frame-ancestors 'self' https://* http://www.youtube.com/ https://www.youtube.com/;font-src 'self' https://* data: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://www.googletagmanager.com https://www.googleadservices.com https://cdn.optimizely.com https://www.google-analytics.com https://ajax.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://kendo.cdn.telerik.com https://connect.facebook.net https://www.clickcease.com https://www.google.com https://googleads.g.doubleclick.net https://scripts.mymarketingreports.com; style-src-elem 'self' 'unsafe-inline' https://*.googleapis.com https://kendo.cdn.telerik.com https://maxcdn.bootstrapcdn.com https://smartboxmovingandstorage.com; font-src 'self' 'unsafe-inline' https://kendo.cdn.telerik.com https://maxcdn.bootstrapcdn.com https://smartboxmovingandstorage.com https://use.typekit.net; script-src-elem 'self' 'unsafe-inline' https://widgets.reputation.com https://*.googleapis.com https://smartboxmovingandstorage.com https://use.typekit.net https://*.googletagmanager.com https://cdn.optimizely.com https://www.google-analytics.com https://www.googleadservices.com https://scripts.mymarketingreports.com https://connect.facebook.net https://www.clickcease.com https://googleads.g.doubleclick.net; connect-src 'self' 'unsafe-inline' https://*.googleapis.com https://api.ipify.org https://api64.ipify.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://www.facebook.com; img-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googleapis.com https://maps.gstatic.com https://smartboxmovingandstorage.com https://p.typekit.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://widgets.reputation.com https://*.doubleclick.net https://www.youtube.com https://*.g.doubleclick.net https://www.facebook.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com; 1
default-src 'self'; img-src * blob: data:; child-src www.google.com blob:; connect-src 'self' m.addthis.com stats.g.doubleclick.net *.google-analytics.com analytics.google.com *.wistia.com *.litix.io *.akamaihd.net; base-uri 'self'; form-action 'self'; object-src 'self'; media-src 'self' *.wistia.com *.akamaihd.net data: blob:; style-src 'self' 'unsafe-inline'; style-src-attr 'self' 'unsafe-inline'; font-src 'self' data: www.potteranderson.com fonts.gstatic.com; script-src 'self' 'unsafe-inline' *.google-analytics.com www.googletagmanager.com *.wistia.com; script-src-elem 'self' 'unsafe-inline' *.google-analytics.com www.googletagmanager.com *.wistia.com; report-uri https://csp-reports.firmseek.com/potter; 1
frame-ancestors 'self' https://*.builder.io https://builder.io http://localhost:3000 1
connect-src analytics.google.com analytics.propensity.com api.hubspot.com forms.hscollectedforms.net forms.hubspot.com px.ads.linkedin.com scout.salesloft.com stats.g.doubleclick.net www.google-analytics.com 'self' adservice.google.com api.hubapi.com js.hs-banner.com forms.hsforms.com www.google.co.il bat.bing.com d.clarity.ms snid.snitcher.com ws.zoominfo.com content.hotjar.io cta-service-cms2.hubspot.com google.com hubspot-forms-static-embed.s3.amazonaws.com maps.googleapis.com metrics.hotjar.io region1.analytics.google.com translate.googleapis.com vc.hotjar.io wss://ws.hotjar.com www.google.ae www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.in www.google.co.kr www.google.co.nz www.google.co.uk www.google.com www.google.com.ar www.google.com.au www.google.com.bd www.google.com.br www.google.com.co www.google.com.gh www.google.com.my www.google.com.ph www.google.com.sa www.google.com.sg www.google.com.tw www.google.com.ua www.google.de www.google.dk www.google.fr www.google.gr www.google.ie www.google.it www.google.kz www.google.nl www.google.pt www.google.ro www.google.ru www.google.se yoast.com; font-src 'self' fonts.gstatic.com data: at.alicdn.com cdn.scite.ai moz-extension static.zip.co; frame-src app.hubspot.com td.doubleclick.net www.comeet.co 'self' 10.127.40.18:15871 forms.hsforms.com www.google.com www.googletagmanager.com www.youtube.com; img-src 'self' googleads.g.doubleclick.net px.ads.linkedin.com track.hubspot.com www.facebook.com www.google.co.il www.google.com data: forms-na1.hsforms.com forms.hsforms.com secure.gravatar.com www.google-analytics.com www.googletagmanager.com 2034462.fs1.hubspotusercontent-na1.net adservice.google.com aidocdev.wpengine.com analytics.google.com analytics.twitter.com blob: cdn.honey.io connect.facebook.net cyberintdev.wpengine.com fonts.gstatic.com i.ytimg.com maps.googleapis.com perf.hsforms.com region1.analytics.google.com scout.us2.salesloft.com stats.g.doubleclick.net stats.sa-as.com t.co translate.google.com www.google.ae www.google.be www.google.ca www.google.ch www.google.cl www.google.co.id www.google.co.in www.google.co.jp www.google.co.kr www.google.co.nz www.google.co.th www.google.co.uk www.google.co.uz www.google.co.za www.google.com.ar www.google.com.au www.google.com.bd www.google.com.br www.google.com.co www.google.com.ec www.google.com.eg www.google.com.et www.google.com.gh www.google.com.hk www.google.com.lb www.google.com.mx www.google.com.my www.google.com.ng www.google.com.pe www.google.com.ph www.google.com.pk www.google.com.sa www.google.com.sg www.google.com.sv www.google.com.tr www.google.com.tw www.google.com.ua www.google.cz www.google.de www.google.dk www.google.ee www.google.es www.google.fi www.google.fr www.google.gr www.google.hn www.google.ie www.google.iq www.google.it www.google.jo www.google.kz www.google.mn www.google.nl www.google.pl www.google.pt www.google.ro www.google.rs www.google.ru www.google.sc www.google.se www.google.tg www.googleadservices.com www.linkedin.com; script-src-elem static.ads-twitter.com 'self' 'unsafe-inline' cdn.propensity.com googleads.g.doubleclick.net js.hs-banner.com js.hsadspixel.net scout-cdn.salesloft.com script.crazyegg.com snap.licdn.com static.oktopost.com www.google-analytics.com www.googleadservices.com www.googleoptimize.com www.googletagmanager.com cdnjs.cloudflare.com connect.facebook.net js.hs-analytics.net js.hs-scripts.com js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com okt.to www.comeet.co cta-service-cms2.hubspot.com data: js-na1.hs-scripts.com maps.googleapis.com script.hotjar.com static.ads-twitter.com static.hotjar.com www.google.com; style-src-attr 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com 'unsafe-inline' cdn.honey.io www.gstatic.com; script-src 'unsafe-eval' static.ads-twitter.com 'self' 'unsafe-inline' cdn.propensity.com cdnjs.cloudflare.com connect.facebook.net googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net js.usemessages.com okt.to scout-cdn.salesloft.com script.crazyegg.com snap.licdn.com static.oktopost.com wasm-eval www.comeet.co www.google-analytics.com www.googleadservices.com www.googleoptimize.com www.googletagmanager.com; child-src www.comeet.co; default-src 'self' analytics.google.com analytics.propensity.com cdn.propensity.com cdnjs.cloudflare.com data: fonts.googleapis.com fonts.gstatic.com forms-na1.hsforms.com forms.hscollectedforms.net forms.hsforms.com forms.hubspot.com googleads.g.doubleclick.net js.hs-analytics.net js.hs-banner.com js.hs-scripts.com js.hsadspixel.net js.hscollectedforms.net js.hsforms.net js.hsleadflows.net okt.to px.ads.linkedin.com scout-cdn.salesloft.com scout.salesloft.com script.crazyegg.com self snap.licdn.com static.oktopost.com stats.g.doubleclick.net track.hubspot.com www.google-analytics.com www.google.com www.google.de www.googleadservices.com www.googleoptimize.com www.googletagmanager.com www.linkedin.com; form-action 'self' forms.hsforms.com; frame-ancestors 'self'; script-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; worker-src 'self' blob: 1
default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: 'unsafe-inline'; font-src 'self' data: https:; img-src 'self' data: https: 1
font-src 'self' data: d3eoclcmgyjg3v.cloudfront.net *.livechatinc.com *.gstatic.com *.moabadventurecenter.com *.cloudfront.net *.googleapis.com *.typekit.net; 1
default-src 'self' 'unsafe-inline'; object-src 'none'; img-src 'self' https://helpdesk.vodafonekabelforum.de; base-uri 'self'; form-action 'self'; frame-ancestors 'none' 1
default-src 'self';     script-src 'self' https://unpkg.com https://www.googletagmanager.com 'sha256-Uh0jMnIe2atSKwY5LX3uGhHCnx8vCGQRXy6Hc9jvpJI=' *.hs-scripts.com *.hs-analytics.net *.hscollectedforms.net *.hs-banner.com;     frame-src 'self' https://widget.real-time-reserves.ledgerlens.io;     base-uri 'self';     font-src 'self' data:;     img-src * blog.archblock.com www.googletagmanager.com *.google-analytics.com *.analytics.google.com 'self' data:;     object-src 'none';     script-src-attr 'none';     style-src 'self' https: 'unsafe-inline';     upgrade-insecure-requests;     connect-src 'self' blog.archblock.com ipapi.co api.lever.co *.google-analytics.com *.analytics.google.com *.ledgerlens.io api.github.com *.hscollectedforms.net mainnet.infura.io; 1
connect-src 'self' atlas.microsoft.com cdn.allegoportal.com cdn.allego.eu *.google-analytics.com *.analytics.google.com *.doubleclick.net *.facebook.com consentcdn.cookiebot.com cdn.allego.eu https://cdn.allego.eu https://www.google.com https://analytics.google.com https://vimeo.com *.hubapi.com js.hscta.net *.hubspot.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com *.googlesyndication.com https://visithunter.io https://px.ads.linkedin.com;default-src 'self' data: cdn.allegoportal.com cdn.allego.eu tagmanager.google.com *.googleapis.com *.allego.eu *.allegoportal.com cdn.allego.eu https://cdn.allego.eu https://vimeo.com;font-src 'self' cdn.allegoportal.com cdn.allego.eu data: *.allego.eu *.allegoportal.com fonts.gstatic.com cdn.allego.eu https://cdn.allego.eu;frame-ancestors 'self' cdn.allegoportal.com cdn.allego.eu https://laadkeuzebrabant.commteam.nl https://laadkeuzebrabant.nl cdn.allego.eu https://cdn.allego.eu https://vimeo.com/ https://vimeo.com;frame-src www.googletagmanager.com tagmanager.google.com cdn.allegoportal.com cdn.allego.eu www.google.com www.youtube.com *.cookiebot.com/ cdn.allego.eu https://cdn.allego.eu https://vimeo.com *.hubspot.com *.hs-sites.com *.hubspot.net play.hubspotvideo.com allego.eu *.hsforms.net *.hsforms.com *.doubleclick.net;img-src 'self' data: atlas.microsoft.com *.google-analytics.com *.doubleclick.net cdn.allegoportal.com cdn.allego.eu 'unsafe-inline' www.facebook.com *.gstatic.com *.google.com *.linkedin.com *.google.nl cdn.allego.eu https://cdn.allego.eu *.google-analytics.com *.analytics.google.com https://vimeo.com js.hscta.net no-cache.hubspot.com *.hubspot.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net cdn2.hubspot.net *.hsforms.net *.hsforms.com *.cookiebot.com;media-src 'self' https://vimeo.com;script-src 'self' www.googletagmanager.com tagmanager.google.com *.google-analytics.com data: 'unsafe-inline' 'unsafe-eval' cdn.allegoportal.com cdn.allego.eu connect.facebook.net snap.licdn.com *.linkedin.com www.google.com www.gstatic.com *.google-analytics.com *.facebook.com *.allego.eu *.allegoportal.com tagmanager.google.com www.googletagmanager.com *.cookiebot.com *.googleadservices.com diffuser-cdn.app-us1.com prism.app-us1.com trackcmp.net consentcdn.cookiebot.com d3rxaij56vjege.cloudfront.net allego.activehosted.com cdn.allego.eu https://cdn.allego.eu https://api.ipify.org https://vimeo.com *.hsadspixel.net *.hs-analytics.net *.hubspot.com static.hsappstatic.net *.usemessages.com *.hs-banner.com *.hubspotusercontent00.net *.hubspotusercontent10.net *.hubspotusercontent20.net *.hubspotusercontent30.net *.hubspotusercontent40.net *.hubspot.net cdn2.hubspot.net allego.eu *.hscollectedforms.net *.hsleadflows.net *.hsforms.net *.hsforms.com *.hs-scripts.com *.hubspotfeedback.com feedback.hubapi.com js.hscta.net *.kissmetrics.io *.plerdy.com *.doubleclick.net https://visithunter.io;style-src 'self' 'unsafe-inline' cdn.allegoportal.com cdn.allego.eu fonts.gstatic.com ajax.googleapis.com www.googletagmanager.com tagmanager.google.com *.google-analytics.com tagmanager.google.com *.googleapis.com *.allego.eu *.allegoportal.com www.googletagmanager.com fonts.googleapis.com cdn.allego.eu https://cdn.allego.eu *.hubspotusercontent00.net cdn2.hubspot.net; 1
reflected-xss 'filter' 1
default-src 'self'; connect-src * data: *; script-src-elem * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; frame-src * 'unsafe-inline' 'unsafe-eval'; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src-elem * 'unsafe-inline' 'unsafe-eval'; font-src * data: *; img-src * data: * blob: *; report-uri /local/ajax/CSP.php 1
Content-Security-Policy: default-src *; 1
frame-ancestors 'self' https://forresult.eigenwijzereizen.nl 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://tiggi.es; img-src 'self' https: data: blob: https://tiggi.es; style-src 'self' https://tiggi.es 'nonce-w3u5NhzB2UTJSP5Pdgv5SQ=='; media-src 'self' https: data: https://tiggi.es; frame-src 'self' https:; manifest-src 'self' https://tiggi.es; form-action 'self'; child-src 'self' blob: https://tiggi.es; worker-src 'self' blob: https://tiggi.es; connect-src 'self' data: blob: https://tiggi.es https://tiggi.es wss://tiggi.es; script-src 'self' https://tiggi.es 'wasm-unsafe-eval' 1
default-src 'self' *.gstatic.com optanon.blob.core.windows.net jobs.aioinissaydowa.eu cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org *.addthis.com *.addthisedge.com *.moatads.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.lexus.ru *.toyota.ru *.twimg.com *.twitter.com *.youtube.com cdnjs.cloudflare.com code.jquery.com fast.fonts.net maxcdn.bootstrapcdn.com *.doubleclick.net storage.googleapis.com use.fontawesome.com *.umantis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.gstatic.com optanon.blob.core.windows.net jobs.aioinissaydowa.eu cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org *.addthis.com *.addthisedge.com *.moatads.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.lexus.ru *.toyota.ru *.twimg.com *.twitter.com *.youtube.com cdnjs.cloudflare.com code.jquery.com fast.fonts.net maxcdn.bootstrapcdn.com *.doubleclick.net storage.googleapis.com use.fontawesome.com *.umantis.com; style-src 'self' 'unsafe-inline' *.gstatic.com optanon.blob.core.windows.net jobs.aioinissaydowa.eu cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org *.addthis.com *.addthisedge.com *.moatads.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.lexus.ru *.toyota.ru *.twimg.com *.twitter.com *.youtube.com cdnjs.cloudflare.com code.jquery.com fast.fonts.net maxcdn.bootstrapcdn.com *.doubleclick.net storage.googleapis.com use.fontawesome.com *.umantis.com; img-src 'self' data: *.gstatic.com optanon.blob.core.windows.net jobs.aioinissaydowa.eu cookie-cdn.cookiepro.com *.onetrust.com cdn.cookielaw.org *.addthis.com *.addthisedge.com *.moatads.com *.google.com *.google-analytics.com *.googleapis.com *.googletagmanager.com *.lexus.ru *.toyota.ru *.twimg.com *.twitter.com *.youtube.com cdnjs.cloudflare.com code.jquery.com fast.fonts.net maxcdn.bootstrapcdn.com *.doubleclick.net storage.googleapis.com use.fontawesome.com *.umantis.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://norcal.social; img-src 'self' https: data: blob: https://norcal.social; style-src 'self' https://norcal.social 'nonce-8R79/czvWUjWaWMiJlFyCQ=='; media-src 'self' https: data: https://norcal.social; frame-src 'self' https:; manifest-src 'self' https://norcal.social; form-action 'self'; child-src 'self' blob: https://norcal.social; worker-src 'self' blob: https://norcal.social; connect-src 'self' data: blob: https://norcal.social https://files.mastodon.norcal.social wss://norcal.social; script-src 'self' https://norcal.social 'wasm-unsafe-eval' 1
default-src 'self' https://secure.gravatar.com https://static.addtoany.com http://platform.twitter.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://pbs.twimg.com https://ton.twimg.com http://www.google-analytics.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com http://connect.facebook.net https://connect.facebook.net https://www.google.com https://staticxx.facebook.com/ https://www.facebook.com/ https://stats.g.doubleclick.net http://netdna.bootstrapcdn.com https://netdna.bootstrapcdn.com https://difl3vniyrx1b.cloudfront.net https://www.gstatic.com https://www.youtube.com https://learntolivecom.mpeasylink.com https://es.learntolive.com https://estest.learntolive.com https://www.learntolive.com http://www.learntolive.com https://analytics.convertlanguage.com https://fonts.googleapis.com https://fonts.gstatic.com https://resources.learntolive.com https://pi.pardot.com 'unsafe-inline' 'unsafe-eval' data: 1
default-src 'self' https://infonotary.com https://*.infonotary.com  https://www.google-analytics.com:* https://ssl.google-analytics.com:* http://repository.infonotary.com https://repository.infonotary.com https://cdn.jsdelivr.net https://fonts.googleapis.com https://www.google.com:*  https://fonts.gstatic.com 'unsafe-inline' img-src 'self' data: 1
default-src 'self'; 	style-src 'self' 'unsafe-inline' www.adt.com.mx fonts.googleapis.com cdn.jsdelivr.net; 	script-src 'self' 'unsafe-inline' 'unsafe-eval' www.adt.com.mx consent.trustarc.com tags.tiqcdn.com widget.trustpilot.com cdn.jsdelivr.net www.googletagmanager.com *.marketingautomation.services www.youtube.com tag.perfectaudience.com pixel-geo.prfct.co; 	font-src 'self' data: fonts.gstatic.com www.adt.com.mx consent.trustarc.com use.typekit.net; 	connect-src 'self' www.google.com.br www.google.co.in consent-reporting.trustarc.com consent.trustarc.com collect.tealiumiq.com analytics.google.com stats.g.doubleclick.net region1.analytics.google.com www.google.ie www.google.com.ar; 	frame-src 'self' td.doubleclick.net www.youtube.com www.alarm.com consent-pref.trustarc.com www.googletagmanager.com; 	img-src 'self' data: www.google.co.in stats.g.doubleclick.net analytics.google.com www.googletagmanager.com i.ytimg.com www.adt.com.mx consent.trustarc.com consent-pref.trustarc.com consent.truste.com www.google.com.br www.google.es secure.adnxs.com pixel-geo.prfct.co; 1
default-src 'self';style-src 'self'  'unsafe-inline';frame-ancestors 'self' 1
frame-ancestors 'self' https://dashboard.shared.smtp.dk 1
default-src 'self' https: 'unsafe-inline'; script-src 'self' https: 'unsafe-inline'; object-src 'none'; img-src 'self' https: data: ; 1
frame-ancestors 'self' https://www.facebook.com X-Frame-Options: ALLOW-FROM https://www.facebook.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' *.gstatic.com *.googletagmanager.com *.amplitude.com *.adrifund.com *.funde.no *.tinymce.com *.karolinafund.com *.crowdfarm.dk *.lemonway.fr *.payxpert.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me *.mailerlite.com *.karolina.io *.slize.me;img-src * blob: data:;font-src data: d2tnn0p1wwhikn.cloudfront.net *.tinymce.com fonts.gstatic.com 'self' *.bootstrapcdn.com;style-src *.tinymce.com www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' cse.google.com *.bootstrapcdn.com *.googleapis.com; frame-src 'self' *.vimeo.com *.facebook.com *.youtube.com *.soundcloud.com *.google.com 1
frame-ancestors: self 1
default-src 'self';        frame-ancestors 'self';        img-src 'self' 'unsafe-inline' *.ytimg.com *.gravatar.com  *.googleapis.com  *.linkedin.com  *.smushcdn.com *.facebook.com  *.google.com *.google-analytics.com  *.gstatic.com data: ;        frame-src 'self' 'unsafe-inline' *.hdn.nl *.facebook.com *.vimeo.com *.youtube.com *.youtube-nocookie.com  *.google.com *.hotjar.com  data: ;        script-src 'self' 'unsafe-inline' *.youtube.com  *.gstatic.com *.wisernotify.com *.facebook.net  *.licdn.com *.jsdelivr.net *.googleapis.com *.google.com  *.googletagmanager.com  *.getclicky.com  *.google-analytics.com *.getclicky.com  *.hotjar.com *.wpmucdn.com ;        connect-src 'self' 'unsafe-inline' *.azurewebsites.net *.hotjar.com *.wisermapp.com *.googleapis.com  *.googletagmanager.com  *.getclicky.com  *.google-analytics.com   wss: *.hotjar.com ;        style-src 'self' 'unsafe-inline' *.gstatic.com *.wisernotify.com *.googleapis.com  *.wpmucdn.com  *.cloudflare.com *.jsdelivr.net ;        font-src 'self' 'unsafe-inline' data: *.hdn.nl *.gstatic.com *.cloudflare.com ;        media-src 'self' 'unsafe-inline' data: *.hdn.nl hdn.nl ;        object-src 'none' 1
default-src 'unsafe-inline' 'unsafe-eval' 'self';    frame-src 'self' https://www.buzzsprout.com:443 https://consentcdn.cookiebot.com:443 https://www.youtube.com:443 https://player.vimeo.com:443 https://www.google.com:443 https://8875882.fls.doubleclick.net:443;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://consent.cookiebot.com:443 https://consentcdn.cookiebot.com:443 https://s3.amazonaws.com:443  https://www.googletagmanager.com:443 https://www.linkedin.com:443  https://www.google.com:443 https://www.buzzsprout.com:443 https://www.gstatic.com:443 https://www.google-analytics.com:443 https://embedr.flickr.com:443 https://widgets.flickr.com:443 https://maps.googleapis.com:443;    connect-src 'self' https://consentcdn.cookiebot.com:443  https://region1.google-analytics.com:443 https://region1.google-analytics.com:443 https://yoast.com:443 https://www.google-analytics.com:443 https://embedr.flickr.com:443 https://stats.g.doubleclick.net:443;    font-src 'self' data: https://fonts.gstatic.com:443;    img-src 'self' data: https://region1.google-analytics.com:443 https://adservice.google.com:443 https://ad.doubleclick.net:443 https://maps.googleapis.com:443 https://secure.gravatar.com:443 https://www.google-analytics.com:443 https://8875882.fls.doubleclick.net:443 https://ps.w.org:443 https://maps.gstatic.com:443 https://live.staticflickr.com:443 https://maps.gstatic.com:443;    style-src 'self' 'unsafe-inline' https://fonts.googleapis.com:443 https://www.gstatic.com:443 https://ajax.googleapis.com:443; 1
default-src 'self' blob: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: https://www.myfirstskool.com/ https://mc.yandex.ru/ https://js-na1.hs-scripts.com/ https://use.fontawesome.com/ https://www.googleadservices.com/ https://www.clarity.ms/ https://analytics.tiktok.com/ https://googleads.g.doubleclick.net/ https://www.redditstatic.com/  https://forms-na1.hsforms.com/ https://bat.bing.com/ https://www.youtube.com/ https://www.google.com/ https://www.gstatic.com/ https://maps.googleapis.com/ https://www.googletagmanager.com/ https://www.google-analytics.com/ https://js.hs-scripts.com/ https://js.hs-banner.com/ https://js.hs-analytics.net/ https://js.hsforms.net/ https://js.hscta.net/ https://js.hscollectedforms.net/ https://cta-service-cms2.hubspot.com/ https://connect.facebook.net/; img-src 'self' data: https://www.myfirstskool.com/ https://pixel.rubiconproject.com/ https://match.adsrvr.org/ https://cm.g.doubleclick.net/ https://insight.adsrvr.org/ https://secure.adnxs.com/ https://mc.yandex.ru/ https://demo.creativethemes.com/ https://ps.w.org/ https://ps.w.org/smart-slider-3/ https://adservice.google.com/ https://ad.doubleclick.net/ https://www.googletagmanager.com/ https://c.clarity.ms/ https://alb.reddit.com/ https://www.google.com/ https://www.google.com.sg/ https://*.bing.com/ https://forms-na1.hsforms.com/ https://www.google.com/ads/ga-audiences https://s3.ap-southeast-1.amazonaws.com/ https://secure.gravatar.com/ https://i.ytimg.com/ https://placehold.jp/ https://maps.gstatic.com/ https://www.google-analytics.com/ https://lh3.googleusercontent.com/ https://s.w.org/ https://forms.hsforms.com/ https://track.hubspot.com/ https://perf.hsforms.com/ https://www.facebook.com/; style-src 'self' 'unsafe-inline' https://www.myfirstskool.com/ https://p.typekit.net/ https://use.typekit.net/ https://code.jquery.com/ https://fonts.googleapis.com/; connect-src 'self' https://q.clarity.ms/ https://p.clarity.ms/ https://analytics.pangle-ads.com/ https://s.clarity.ms/ https://conversions-config.reddit.com/ https://www.redditstatic.com/ https://mc.yandex.ru/ https://forms.hscollectedforms.net/ https://yoast.com/ https://google.com/ https://z.clarity.ms/ https://analytics.tiktok.com/ https://bat.bing.com/ https://maps.googleapis.com/ https://capig.myfirstskool.com/ https://www.google-analytics.com/ https://forms.hubspot.com/ https://js.hs-banner.com/ https://stats.g.doubleclick.net/ https://forms.hsforms.com/ https://hubspot-forms-static-embed.s3.amazonaws.com/ https://cta-service-cms2.hubspot.com/; font-src 'self' data: https://use.typekit.net/ https://fonts.gstatic.com/; frame-src 'self' https://mc.yandex.ru/ https://www.facebook.com/ https://td.doubleclick.net/ https://www.youtube.com/ https://www.google.com/ https://js.hsforms.net/ https://forms.hsforms.com/ https://*.fls.doubleclick.net/; manifest-src 'self'; object-src 'none'; base-uri 'self';form-action 'self' https://www.facebook.com/ https://forms.hsforms.com/; 1
base-uri 'self';connect-src 'self' https://*.tawk.to https://*.google-analytics.com wss://*.tawk.to https://*.planetfootball.com https://*.doubleclick.net https://*.googlesyndication.com https://*.kismasport.com;default-src 'self';form-action 'self';img-src 'self' https://*.tawk.to https://cdn.jsdelivr.net/ https://*.doubleclick.net https://*.googlesyndication.com;media-src 'self';object-src 'none';script-src 'self' https://code.jquery.com/jquery-3.7.1.min.js https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js https://*.tawk.to/ https://www.googletagmanager.com/gtag/js https://www.google-analytics.com https://*.planetfootball.com https://*.doubleclick.net https://*.googlesyndication.com https://*.kismasport.com 'nonce-CN34gnsDNS4MAH9vcJexnRFSMneUqCDd';style-src 'self' 'unsafe-inline' https://*.tawk.to https://fonts.googleapis.com https://*.typekit.net;font-src 'self' https://*.tawk.to https://fonts.gstatic.com https://*.typekit.net;frame-src https://*.tawk.to https://*.doubleclick.net https://*.googlesyndication.com https://*.googleadservices.com https://*.google.com https://*.planetsport.com https://*.kismasport.com 1
frame-ancestors 'self' https://mizadmin.de 1
default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'; font-src 'self' data:; img-src https: data:; 1
frame-ancestors arapahoelibraries.org *.arapahoelibraries.org arapahoe.bibliocms.com *.arapahoe.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com 'self'; object-src 'none'; script-src arapahoelibraries.org *.arapahoelibraries.org arapahoe.bibliocms.com *.arapahoe.bibliocms.com d4804za1f1gw.cloudfront.net *.bibliocms.com *.bibliocommons.com *.libanswers.com *.libcal.com *.quipugroup.net *.nicheacademy.com *.buzzsprout.com refchatter.net *.refchatter.net *.freshchat.com chat.uniqueic.com chat.mosio.com libraryh3lp.com *.libraryh3lp.com script.crazyegg.com dev.visualwebsiteoptimizer.com cdn.optimizely.com storage.googleapis.com translate.googleapis.com www.google-analytics.com www.googletagmanager.com www.gstatic.com/recaptcha/ www.google.com/recaptcha/ translate-pa.googleapis.com translate.google.com www.googleadservices.com googleads.g.doubleclick.net *.patronpoint.com cdnjs.cloudflare.com/ajax/libs/es6-shim/ www.volunteermatch.org ds-aksb-a.akamaihd.net connect.facebook.net embedr.flickr.com widgets.flickr.com platform.twitter.com platform.instagram.com www.instagram.com e.issuu.com www.tiktok.com *.tiktokcdn-us.com embed.reddit.com cdn.gtranslate.net 'self' 'unsafe-eval' 'unsafe-inline'; worker-src 'self' blob: 1
frame-ancestors www.helixstudios.com www.spankthishookups.com www.spankthis.com 1
frame-ancestors 'self'; default-src 'none'; script-src 'self' 'unsafe-inline' https://prismic.io/ https://code.etracker.com https://static.cdn.prismic.io/prismic.js https://www.etracker.de https://edge.marker.io https://api.marker.io; style-src 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' https://wicker.cdn.prismic.io https://europe-west3-wicker-378411.cloudfunctions.net https://exportarts-mail-api.ey.r.appspot.com https://www.etracker.de https://api.marker.io/widget/ping https://app.marker.io https://ssr.marker.io; font-src 'self'; frame-src 'self' https://wicker.prismic.io https://app.marker.io/; img-src 'self' data: https://images.prismic.io https://wicker.cdn.prismic.io; manifest-src 'self'; media-src 'self' https://wicker.cdn.prismic.io; worker-src 'none'; form-action 'self'; 1
default-src 'self' https:; img-src 'self' https: data:; media-src 'self' https: data:; style-src 'self' 'unsafe-inline' https:; font-src 'self' https: data:; script-src 'self' 'unsafe-inline' https: 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'; frame-ancestors https://volkswagen-admin.porsche-holding.com; 1
default-src 'self'; script-src 'self' 'nonce-ekOsCBxx9aNA0mdx-O9dPQmSBlAED-r8z8TV9qR-GIthT5bLTW13WA' 'unsafe-inline' 'unsafe-eval' data: https://*.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.youtube.com https://*.ytimg.com cdnjs.cloudflare.com code.jquery.com libs.personalwerk.de binder.homepagerecruiter.de maps.googleapis.com https://*.cookiebot.com https://*.crazyegg.com www.facebook.com connect.facebook.net https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsleadflows.net https://static.hotjar.com https://script.hotjar.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.cloudflareinsights.com https://js.hubspotfeedback.com 'report-sample'; style-src-attr 'unsafe-inline' 'report-sample'; img-src 'self' data: *.ytimg.com *.vimeocdn.com https://*.hsforms.com https://*.hubspot.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.youtube.com https://*.ytimg.com binder.homepagerecruiter.de *.googleusercontent.com maps.gstatic.com https://*.googleapis.com https://*.gstatic.com *.ggpht.com *.googletagmanager.com https://www.binder-world.com https://www.binder-world.cn https://stage.binder-world.cn https://stage.binder-world.com https://*.facebook.com *.crazyegg.com https://*.youku.com https://*.wistia.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.googleadservices.com https://*.cookiebot.com https://www.google.com https://www.google.de; base-uri 'self'; frame-src 'self' *.youtube-nocookie.com *.youtube.com *.vimeo.com data: https://*.hubspot.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.youtube.com binder.homepagerecruiter.de *.google.com https://*.cookiebot.com www.facebook.com https://consentcdn.cookiebot.com https://*.youku.com https://*.wistia.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://*.doubleclick.net; script-src-elem 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.google-analytics.com https://*.googletagmanager.com https://ssl.google-analytics.com https://www.googleadservices.com https://*.g.doubleclick.net https://www.google.com https://www.gstatic.com https://*.youtube.com https://*.ytimg.com cdnjs.cloudflare.com code.jquery.com libs.personalwerk.de binder.homepagerecruiter.de maps.googleapis.com https://*.cookiebot.com https://*.crazyegg.com www.facebook.com connect.facebook.net https://*.hubspot.com https://js.hscollectedforms.net https://js.hsadspixel.net https://*.hs-scripts.com https://js.hs-banner.com https://js.hs-analytics.net https://forms.hsforms.com https://*.usemessages.com https://js.hsleadflows.net https://static.hotjar.com https://script.hotjar.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://*.cloudflareinsights.com 'report-sample'; style-src 'self' 'unsafe-inline' data: fonts.googleapis.com https://binder.homepagerecruiter.de https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com 'report-sample'; style-src-elem 'self' 'unsafe-inline' data: fonts.googleapis.com https://binder.homepagerecruiter.de https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com binder.homepagerecruiter.de 'report-sample'; connect-src 'self' data: https://*.hubspot.com https://*.hubapi.com https://*.googleapis.com *.google.com https://google.com https://*.gstatic.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://*.g.doubleclick.net https://*.cookiebot.com https://consentcdn.cookiebot.com https://*.crazyegg.com https://js.hs-banner.com https://*.hscollectedforms.net https://*.hotjar.io *.hotjar.com https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com https://sgtm.binder-world.com https://*.googlesyndication.com wss: wsp12.hotjar.com blob:; font-src 'self' data: fonts.googleapis.com https://fonts.gstatic.com apis.google.com binder.homepagerecruiter.de; media-src 'self' data: https://*.baidu.com https://bcebos.com https://*.bcebos.com https://*.bdstatic.com https://lxp-api.binder-world.com https://lxp-matomo.binder-world.com; manifest-src blob:; child-src blob:; object-src 'none'; report-to https://sentry.711media.de/api/15/security/?sentry_key=dc79941bfda884d4ccbd02d347b626ce; report-uri https://www.binder-world.com/us-en/@http-reporting?csp=report&requestTime=1715651626672068 1
frame-src 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; frame-ancestors 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; object-src 'self' https://player.vimeo.com https://*.youtube.com https://*.google.com; 1
frame-ancestors 'self' *.teamww.com:443 *.teamair.org:443; 1
frame-ancestors 'self' *.classlink.com *.classlink.io 1
default-src 'none'; navigate-to 'none'; form-action 'none' 1
script-src 'nonce-YTNDaZ06m/WwkBLHc5MFqvyIMtj6b9DNilbx6cwJwFg=' 'strict-dynamic' www.youtube.com js.hs-scripts.com js.hsforms.net js.hs-banner.com js.hscollectedforms.net js.hs-analytics.net js.hsadspixel.net js.usemessages.com static.hsappstatic.net; img-src 'self' envasetechnologies.com www.envasetechnologies.com data: i.ytimg.com; child-src 'self' blob: *.hubspot.com forms.hsforms.com envasetechnologies.tourial.com tours.envasetechnologies.com www.youtube.com www.google.com video.wisetechglobal.com forms.wisetechglobal.com; object-src 'self'; base-uri 'self'; 1
base-uri 'self' 'unsafe-inline' https://www.google-analytics.com https://maps.googleapis.com https://www.google.com 1
default-src *.drk-rlp.de *.drk.de *.emailsys1a.net; script-src 'self' data: blob: 'unsafe-inline' 'unsafe-eval' *.drk-rlp.de *.drk.de; style-src 'self' *.emailsys1a.net 'unsafe-inline'; img-src 'self' *.drk-rlp.de *.drk.de data:; font-src 'self' data:; report-uri https://www.drk-rlp.de/typo3/ 1
report-uri https://reports.werft22.net/default; report-to default; default-src 'self'; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' data: fonts.googleapis.com fonts.gstatic.com; frame-src nanoo.tv www.nanoo.tv widgets.sociablekit.com; script-src 'self' 'unsafe-inline' code.jquery.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self' www.nanoo.tv mailings.nanoo.tv; img-src 'self' data:  1
base-uri 'none'; script-src 'self' 'nonce-f4f52e962a97477c99dec71a162d39b9' https://www.google-analytics.com/ https://maps.googleapis.com/ https://static.getclicky.com/ https://in.getclicky.com/ https://cdn.carbonads.com/ http://srv.carbonads.net/ https://adn.fusionads.net/ https://m.servedby-buysellads.com/ https://srv.buysellads.com/ https://platform.twitter.com/ https://static.ads-twitter.com/ https://analytics.twitter.com/ https://codepen.io/ https://assets.codepen.io/ https://cdn.syndication.twimg.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://platform.twitter.com/ https://ton.twimg.com/; font-src 'self' https://fonts.gstatic.com/; child-src 'self' https://www.youtube.com/ https://speakerdeck.com/ https://player.vimeo.com/ https://syndication.twitter.com/ https://platform.twitter.com/ https://codepen.io/ https://glitch.com/embed/; connect-src 'self' https://www.gravatar.com/ https://i.imgur.com/ https://api.github.com/ https://maps.googleapis.com/ https://www.google-analytics.com/; img-src 'self' http://assets.servedby-buysellads.com/ http://abs.twimg.com/ http://platform.twitter.com/ http://t.co/i/ https: data:; upgrade-insecure-requests; report-uri /api/csp/report; report-to /api/csp/report 1
frame-ancestors 'self' *.theatrebythelake.com; 1
default-src 'self' 'unsafe-inline' *.circlys.com *.google.com unpkg.com cdn.jsdelivr.net static.cloudflareinsights.com www.youtube.com www.googletagmanager.com code.jquery.com *.gstatic.com googleads.g.doubleclick.net static.doubleclick.net *.googleapis.com seal.digicert.com cybercube.co.in ajax.cloudflare.com cdn.leantech.me static.cloudflareinsights.com www.google-analytics.com cdn.growthbook.io www.googletagmanager.com; form-action 'self'; frame-ancestors 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-NTADGKvzqlDs+DmvWRj1LWDopA6u44rmVfXqFcNFt74X/NA8' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src https:; worker-src blob:; img-src data: https://www.google-analytics.com/analytics.js http://www.google-analytics.com/ga.js https://ssl.google-analytics.com 'self'; script-src https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com/analytics.js https://ssl.google-analytics.com https://mailworx.marketingsuite.info 'self' 'unsafe-inline' https://cdnjs.cloudflare.com 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://mailworx.marketingsuite.info; font-src 'self'; connect-src https://www.googletagmanager.com https://region1.google-analytics.com https://www.google-analytics.com https://eu-api.friendlycaptcha.eu 'self'; frame-src 'self' https://www.youtube.com/ 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; object-src 'none';frame-ancestors 'none' 1
default-src https: blob: data: 'unsafe-eval' 'unsafe-inline'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' ; report-uri /common/csp-report.php 1
default-src 'none'; connect-src 'self'; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.neuland.technology; style-src 'self' 'unsafe-inline'; img-src 'self' data:; frame-src 'self'; frame-ancestors 'none' 1
default-src 'self' https://*.nhs.uk; frame-src 'self' https://heyzine.com/ https://www.youtube-nocookie.com https://*.webspellchecker.net https://*.nhs.uk https://*.facebook.com https://*.youtube.com https://*.vimeo.com https://*.google.com https://*.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com https://*.google-analytics.com https://*.googletagmanager.com https://connect.facebook.net https://feeds.trac.jobs https://*.webspellchecker.net https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk; font-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://*.webspellchecker.net; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://feeds.trac.jobs https://*.googleapis.com https://*.gstatic.com https://*.cqc.org.uk https://*.webspellchecker.net; img-src * data:; object-src 'self' blob: https://*.nhs.uk; connect-src 'self' https://feeds.trac.jobs stats.g.doubleclick.net https://*.googleapis.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.co.uk https://*.google.ie  https://*.google.nl https://*.webspellchecker.net 1
object-src 'none'; script-src 'self' 'unsafe-inline' https://media.autobooks.co https://js.hs-scripts.com https://www.googletagmanager.com https://cdn.cookielaw.org https://snap.licdn.com https://www.google-analytics.com https://siteimproveanalytics.com https://cdn.userway.org https://maps.googleapis.com/maps/api/js https://unpkg.com/@googlemaps/markerclusterer https://maps.googleapis.com https://www.google.com https://www.gstatic.com https://platform-staging.pacwest.com/_Incapsula_Resource https://pacwest.com/_Incapsula_Resource https://js.hs-analytics.net http://js.hs-scripts.com https://js.hs-banner.com https://www.googleadservices.com/ https://js.hsforms.net 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' blob: data:   https://use.fontawesome.com  https://i.ytimg.com https://client.crisp.chat https://image.crisp.chat https://cdn.jsdelivr.net https://polyfill.io cdnjs.cloudflare.com fonts.googleapis.com fonts.gstatic.com https://unpkg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdnjs.cloudflare.com ; frame-src 'self' ws: wss: blob: data: https://www.google.com https://arcg.is https://portailaute.maps.arcgis.com https://aut.gov.ma https://www.youtube.com https://youtu.be https://www.arcgis.com; connect-src 'self' ws: wss: blob: data: https://client.crisp.chat https://www.youtube.com https://youtu.be https://www.google-analytics.com https://arcg.is 1
base-uri 'self';  connect-src data: ws: wss: http: https:; default-src 'self' 'unsafe-eval' data: blob: https://*.synology.com https://www.synology.cn/ https://help.synology.cn/; font-src 'self' data: https://*.googleapis.com https://*.gstatic.com https://fonts.gstatic.com https://*.gstatic.com; form-action 'self'; frame-ancestors 'self'; frame-src 'self' data: blob: https://*.synology.com https://*.synology.cn https://www.youtube.com http://www.youtube.com http://*.synology.com http://*.synology.cn http://global.synologydownload.com https://global.synologydownload.com; img-src 'self' data: blob: https://*.google.com https://*.googleapis.com http://*.googlecode.com https://*.gstatic.com https://global.download.synology.com https://maps.gstatic.com https://*.googleapis.com https://*.google.com https://i.ytimg.com https://*.ggpht.com https://*.gstatic.com https://*.googleapis.com https://*.google.com http://*.baidu.com https://*.bdstatic.com https://*.bdimg.com; media-src 'self' data: about: https://*.synology.com https://help.synology.cn;  script-src 'self' 'unsafe-eval' data: blob: https://maps.google.com https://maps.googleapis.com https://ajax.googleapis.com https://help.synology.com https://help.synology.cn https://maps.google.com https://maps.googleapis.com https://*.google.com https://*.googleapis.com https://*.baidu.com https://*.bdstatic.com https://*.bdimg.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://fonts.googleapis.com https://*.googleapis.com https://api.map.baidu.com; 1
default-src 'self' *.shengpay.com 'unsafe-inline' *.globalsign.com *.globalsign.net 1
frame-ancestors 'self' https://*.nexon.com:*; 1
script-src 'unsafe-eval' 'strict-dynamic' 'nonce-Z8z0xywCPHt/PG/eDE77XKV2s/U=' 'nonce-aXlfD4Xng1WQXUegMOUVQcgZj+A=' ; report-uri https://www.dropbox.com/csp_log?policy_name=metaserver-dynamic 1
frame-src https://hcaptcha.com https://*.hcaptcha.com https://*.twitter.com https://*.google.com https://*.youtube.com 'self'; frame-ancestors 'self'; base-uri 'self'; form-action 'self' 1
frame-ancestors 'self' https://onlinexperiences.com https://content.onlinexperiences.com https://*.onlinexperiences.com 1
frame-ancestors 'self' *.mainemorsels.com *.freshiesdeli.com *.rhfoster.com *.tricitypizza.com *.tricitypizzabangor.com *.minitstop.com minitstop.com http://*.gowesco.com http://gowesco.com kelleysmarket.com *.kelleysmarket.com http://kelleysmarket.com http://*.kelleysmarket.com *.valleyliquorsky.com valleyliquorsky.com *.vaultliquorsky.com vaultliquorsky.com *.lucillesroadhouse.com lucillesroadhouse.com *.command-center.com command-center.com rebelorder.wpengine.com neonmkts.com *.neonmkts.com orderrebel.store *.rebelstores.com *.gasngostores.com gasngostores.com *.tootntotum.com tootntotum.com tootntotum.preview.octanesites.com *.hucks.com hucks.com millbrook.squarespace.com d2drali5pfunp5.amplifyapp.com *.d2drali5pfunp5.amplifyapp.com *.holidayoil.com holidayoil.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com/ https://tagmanager.google.com/ https://*.googletagmanager.com/ https://www.googleadservices.com/ https://www.google.com/ https://*.googlesyndication.com/ https://apis.google.com/ https://connect.facebook.net/ https://*.outbrain.com/ https://analytics.tiktok.com/ https://snap.licdn.com/ https://px.ads.linkedin.com/ https://bat.bing.com/ https://cdn.mxpnl.com/ https://survey.survicate.com/ https://surveys-static.survicate.com/ https://widget.trustpilot.com/ https://cdn.cookielaw.org/ https://*.ingest.sentry.io/ https://sentry.io https://*.hotjar.com/ https://accounts.google.com https://accounts.google.com/gsi/client; style-src 'self' 'unsafe-inline' https://tagmanager.google.com/ https://fonts.googleapis.com/ https://www.googletagmanager.com/ https://*.hotjar.com/ https://surveys-static.survicate.com/ https://accounts.google.com/gsi/style; img-src * https://*.hotjar.com/ data: blob:; media-src 'self' https://powerus-latest.fra1.digitaloceanspaces.com https://powerus-staging.fra1.digitaloceanspaces.com https://powerus-testing.fra1.digitaloceanspaces.com https://powerus-dev.fra1.digitaloceanspaces.com https://powerus-demo.fra1.digitaloceanspaces.com https://powerus.fra1.digitaloceanspaces.com data: blob:; font-src 'self' https://fonts.gstatic.com/ https://*.hotjar.com/ https://surveys-static.survicate.com/ data:; connect-src * https://accounts.google.com/gsi/; base-uri 'self'; worker-src 'self' blob:; frame-ancestors 'self' https://connect.kombo.dev; frame-src 'self' https://widget.trustpilot.com/ https://www.youtube.com/ https://content.googleapis.com/ https://connect.kombo.dev https://www.facebook.com/ https://accounts.google.com/gsi/; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; frame-ancestors: 'self' www.jackjaffa.com *.jackjaffa.com 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'nonce-OTIsMjA4LDI0NiwxNjUsMTgwLDU5LDIzMCwxMzM=' https://discord.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://ssl.google-analytics.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://hcaptcha.com https://*.hcaptcha.com https://s.ytimg.com/yts/jsbin/ https://www.youtube.com/iframe_api https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location https://script.crazyegg.com https://*.website-files.com https://global.localizecdn.com https://d3e54v103j8qbb.cloudfront.net https://gist.github.com https://unpkg.com/@splinetool/runtime/build/runtime.js https://*.twitter.com https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js https://boards-api.greenhouse.io https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js https://cdn.finsweet.com/files/fscalendar/calendar-invite-v1.0.min.js 'sha256-mjdgHR9aXy-6OwAGlNS_XgNcYG1Uhd2U4pl8vi7-XCY=' 'sha256-gqG2LEZaHDwOL3S_CXJTuk_f3LimTEyruhOc_U0_QUY=' 'sha256-y0oGiuXZdmX7xRABTnY5cbHkfghDqbfX6JoerXLgVJc=' 'sha256-gBzDBwsujjXjXk6GLgdSlLIrvt5h0s3F_qF7Qt8TYwY=' 'sha256-TrY3AqlyKfZdsI3LYsy6u8GAhckLEXeyLcFK2gOe18U=' 'sha256-lVOL-gH47X0Li5QriWNZ69Hcr-71DsXFvGmQxN9TpBw=' 'sha256-j11ZNhk91nmUjPCBAIRcvJeEgnkbdJ9qNqoEMekilec=' 'sha256-1sQ9sTbc6Lumd2Frwf7IBwGG02gPTreTI8QBBW5kibM=' 'sha256-uh1p-Vy3_Cn66Ugk4Hak-gGr2Udg7yiI_5u5E_BdCRM=' 'sha256-7JHgDILwD7i_kvnHwJFF5WsHHmIc98tkBqDqbv47iFE=' 'sha256-KvstP_RIj6GGaE25Mqo-kIO0_WVEls1n5tnNhm8zmPA=' 'sha256-6xIDOlx5P0LKHv8fkot5ULOnB8ySdhjJi5r_ZP5EDPY=' 'sha256-jY_7jWrddtNUb-Y4CFKWaH-R2lrqgm_LAX72E8SLqKw=' 'sha256-MdICB9cW7ILT3ZeSxhN2YlpFxEsn5WHr03Ix-WVpHsw=' 'sha256-fUfByJGhChEFu7PE5HJfFwiYKySnP1H0iXvAxkauLNU=' 'sha256-xjkCDxBOM2TlIn5DpGQM4aJldb4AiHMKlRjfW46l-x0=' 'sha256-VOPfGBY-XgTDMwhG41S5eZyMKlu3gN60suwCPDWZ8MY=' 'sha256-tVeTMYknRG_IAdCHRGlDd9S2bX2_rX0e4HpaP9lgKWY=' 'sha256-kprfDg8ElCpUCFQAX5shnAPf3i59vVTSy02AjZXV3k0=' 'sha256-llLws8TR-U3nNRCIvJNVc-SGscqwyeO1IPgpbnWuZdc=' 'sha256-h9lm4cvrD7egZu1GTAE1h2IDy1K4fXgD-q_O7aEosuw=' 'sha256-_cdQbTQzcfSt2_aCceUvkUmLh1WMdvlKbi1BBG7u8Jg=' 'sha256-U0jHWhsvIpjnwYKeJS_-2pe9ROsYnck5ZB2aXNyKWq8=' 'sha256-rB4G_-e_bAPU7rKI_9HC1lBZ0XEa_nHDH6hXFz4GIh4=' 'sha256-N02bP-slnHB-OYEN6imRqCHcHLN5DvBouRmyO2qcQYU=' 'sha256-QHiY6i8ql9SJTaFXzUhm08ZWuNz0QarKruf0Omd9-OQ=' 'sha256-s4OBHcHJnkGxjEyNJhU5BQt4qlt6MH07rG/j/hFOUnE=' 'sha256-s4OBHcHJnkGxjEyNJhU5BQt4qlt6MH07rG_j_hFOUnE=' 'sha256-mjdgHR9aXy+6OwAGlNS/XgNcYG1Uhd2U4pl8vi7+XCY=' 'sha256-jY/7jWrddtNUb+Y4CFKWaH+R2lrqgm/LAX72E8SLqKw=' 'sha256-lVOL+gH47X0Li5QriWNZ69Hcr+71DsXFvGmQxN9TpBw=' 'sha256-/cdQbTQzcfSt2/aCceUvkUmLh1WMdvlKbi1BBG7u8Jg=' 'sha256-N02bP+slnHB+OYEN6imRqCHcHLN5DvBouRmyO2qcQYU=' 'sha256-gqG2LEZaHDwOL3S/CXJTuk/f3LimTEyruhOc/U0/QUY=' 'sha256-llLws8TR+U3nNRCIvJNVc+SGscqwyeO1IPgpbnWuZdc=' 'sha256-gBzDBwsujjXjXk6GLgdSlLIrvt5h0s3F/qF7Qt8TYwY=' 'sha256-6xIDOlx5P0LKHv8fkot5ULOnB8ySdhjJi5r/ZP5EDPY=' 'sha256-7JHgDILwD7i/kvnHwJFF5WsHHmIc98tkBqDqbv47iFE=' 'sha256-VOPfGBY+XgTDMwhG41S5eZyMKlu3gN60suwCPDWZ8MY='; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.hcaptcha.com https://hcaptcha.com https://*.website-files.com https://*.githubassets.com; img-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://www.facebook.com https://cdn.discordapp.com https://hackerone-api.discord.workers.dev/user-avatars/ https://safety.discord.com https://discordmoderatoracademy.zendesk.com https://assets-global.website-files.com data: https://*.website-files.com https://global.localizecdn.com https://*.ytimg.com https://uploads-ssl.webflow.com; font-src 'self' https://fonts.gstatic.com https://fonts.gstatic.com https://*.website-files.com; connect-src 'self' https://discordapp.com https://discord.com https://connect.facebook.net https://api.greenhouse.io https://api.github.com https://sentry.io https://www.google-analytics.com https://hackerone-api.discord.workers.dev https://*.hcaptcha.com https://hcaptcha.com https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location ws://127.0.0.1:* http://127.0.0.1:* https://global.localizecdn.com https://*.website-files.com https://webflow.com/api/ https://script.crazyegg.com https://assets-tracking.crazyegg.com https://pagestates-tracking.crazyegg.com https://tracking.crazyegg.com; media-src 'self' https://cdn.discordapp.com/assets/; frame-src https://discordapp.com/domain-migration https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/ https://*.hcaptcha.com https://hcaptcha.com https://www.youtube.com/embed/ https://hackerone.com/631fba12-9388-43c3-8b48-348f11a883c0/ https://10851314.fls.doubleclick.net/ https://*.twitter.com https://*.vimeo.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; font-src 'self' data: ; media-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; worker-src * 'unsafe-inline' 'unsafe-eval' blob: 1
frame-ancestors 'self'; object-src http://quick.andestech.com/; 1
default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'report-sample' https://*.google.ca https://stats.g.doubleclick.net https://www.google-analytics.com https://www.gstatic.com https://cdn.cookielaw.org https://go.efi.com https://www.googletagmanager.com https://*.google.com https://*.youtube.com; style-src 'self' 'unsafe-inline' 'report-sample' https://*.google.ca https://stats.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com https://cdn.cookielaw.org https://go.efi.com https://www.googletagmanager.com https://*.youtube.com https://fonts.googleapis.com; img-src 'self' data: https://*.google.ca https://stats.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com https://cdn.cookielaw.org https://go.efi.com https://www.googletagmanager.com https://*.youtube.com; font-src 'self' https://*.google.ca https://stats.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com https://cdn.cookielaw.org https://go.efi.com https://www.googletagmanager.com https://fonts.gstatic.com https://*.youtube.com; connect-src 'self' https://*.google.ca https://stats.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com https://cdn.cookielaw.org https://go.efi.com https://www.googletagmanager.com https://*.youtube.com; media-src 'self'; object-src 'none'; frame-src 'self' https://*.google.ca https://stats.g.doubleclick.net https://*.google.com https://www.google-analytics.com https://www.gstatic.com https://cdn.cookielaw.org https://go.efi.com https://www.googletagmanager.com https://*.google.com https://*.gstatic.com https://*.youtube.com; worker-src 'none'; base-uri 'self'; manifest-src 'self' 1
script-src 'self' https://www.gstatic.com https://www.recaptcha.net https://www.googletagmanager.com 'sha256-EbTN0dyaKxIwFTnV4Sjx5BPoymK1iuuzqBf0A00pqV8=' 'nonce-FhCE3xN3Q2jt//lP/LDToQ==' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://syzito.xyz; img-src 'self' https: data: blob: https://syzito.xyz; style-src 'self' https://syzito.xyz 'nonce-9d7ifS25rffCJLljPY0S8w=='; media-src 'self' https: data: https://syzito.xyz; frame-src 'self' https:; manifest-src 'self' https://syzito.xyz; form-action 'self'; child-src 'self' blob: https://syzito.xyz; worker-src 'self' blob: https://syzito.xyz; connect-src 'self' data: blob: https://syzito.xyz https://syzito.files.fedi.monster wss://syzito.xyz; script-src 'self' https://syzito.xyz 'wasm-unsafe-eval' 1
base-uri 'self';object-src 'none';report-uri /_/view/cspreport;script-src 'report-sample' 'nonce-nUBVymw6EGkygUZeSRFlrA' 'unsafe-inline' 'unsafe-eval';worker-src 'self';frame-ancestors https://google-admin.corp.google.com/ 1
default-src 'self' 'unsafe-eval' 'sha256-v7nzrjvPdsyHF2LFWiAcj7/YRFQq5XyZuhATblCzFko='; script-src 'self' 'nonce-u0TPp28JXmGz6CKEISe0eWv6S1eByWvRDSNNAutX0u8=' 'unsafe-eval' 'report-sample' 'sha256-v7nzrjvPdsyHF2LFWiAcj7/YRFQq5XyZuhATblCzFko=' 'sha256-tfVQFSh/CHQqIUP+WFD3FvddcZPCOSbiaJJjSQksH84=' 'sha256-FAcIJr1v6tNl+U7NN5ZPW5ZZ7nnG1gzBFhkEZM4RzGI=' https://www.google.com https://maps.google.com https://maps.googleapis.com https://www.googletagmanager.com *.google-analytics.com https://tagmanager.google.com *.googletagmanager.com https://www.googleadservices.com https://platform.twitter.com https://services.postcodeanywhere.co.uk *.hotjar.com https://bat.bing.com *.cloudfront.net *.facebook.com *.facebook.net *.cookiepro.com *.microsoft.com https://scripts.your.coop https://COOPE11148.pcapredict.com 'sha256-jJ/0q8+LSdDOoS6XABIm7UWe0pMR1qO30CCwVCzdFEU=' 'sha256-lcyqkKYL+vAntkog684M2t15FX41ZlAitYwygbCNeeE=' 'sha256-e30+1rEXLc1CXS1uaOIgobIAI2bFaoGS6vc4fkwczQw=' https://COOPE11148.pcapredict.com; style-src 'self' 'unsafe-inline' https://services.postcodeanywhere.co.uk https://maps.google.com https://tagmanager.google.com https://fonts.googleapis.com https://scripts.your.coop; img-src 'self' data: https://wwww.gravatar.com https://www.google-analytics.com https://googleads.g.doubleclick.net https://www.google.com https://ssl.gstatic.com https://www.gstatic.com *.google-analytics.com https://bat.bing.com *.googletagmanager.com https://www.google.co.uk https://services.postcodeanywhere.co.uk https://www.facebook.com https://maps.gstatic.com https://syndication.twitter.com https://maps.google.com https://maps.googleapis.com; font-src 'self' https://fonts.gstatic.com data:; frame-src 'self' https://www.youtube.com https://player.vimeo.com https://www.googletagmanager.com https://www.google.com https://platform.twitter.com https://vars.hotjar.com https://syndication.twitter.com https://scripts.your.coop https://accounts.midcounties.coop; connect-src 'self' https://maps.googleapis.com *.onetrust.com *.cookiepro.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com https://www.google.co.uk https://stats.g.doubleclick.net https://services.postcodeanywhere.co.uk https://*.hotjar.com wss://*.hotjar.com https://api.pwnedpasswords.com *.hotjar.io; frame-ancestors 'self' *.cit.coop https://www.cooptravel.co.uk; media-src 'self' ; form-action 'self'; upgrade-insecure-requests; report-uri ; report-to default 1
base-uri 'self' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.adobe.com *.adobe.io *.wp.com *.cloudflare.com *.vimeocdn.com *.vimeo.com *.youtube.com *.facebook.com *.twitter.com *.twimg.com *.t.co *.google.com *.gstatic.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.googletagmanager.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com *.amcharts.com; script-src blob: 'self' 'unsafe-inline' 'unsafe-eval' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.google.com *.gstatic.com *.facebook.net *.facebook.com *.linkedin.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.google.com *.google-analytics.com *.ads-twitter.com *.youtube.com *.vimeo.com *.vimeocdn.com *.adobe.com *.adobe.io *.wp.com *.cloudflare.com *.fontawesome.com *.twitter.com *.twimg.com *.t.co t.co *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com cdn.jsdelivr.net *.jsdelivr.net *.googletagmanager.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.gstatic.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com *.amcharts.com; style-src 'self' 'unsafe-inline' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.twitter.com *.twimg.com *.addsearch.com addsearch.com *.cloudfront.net *.searchcdn.com *.google.com *.gstatic.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.fonts.net *.osano.com *.amcharts.com; default-src blob: 'self' 'unsafe-inline' *.global-aero.com *.aeroinsure.com *.aero.insure *.flywheelstaging.com *.adobe.com *.adobe.io *.wp.com *.youtube.com *.vimeo.com *.vimeocdn.com *.cloudflare.com *.fontawesome.com *.facebook.com *.twitter.com *.twimg.com *.t.co t.co *.linkedin.com linkedin.com *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com google.com *.gstatic.com *.googleapis.com *.cloudflare.com *.fontawesome.com *.gravatar.com *.doubleclick.net *.addsearch.com addsearch.com *.cloudfront.net *.w.org *.searchcdn.com *.adroll.com *.osano.com *.doubleclick.net *.googleadservices.com *.amcharts.com data: 1
frame-ancestors 'self' https://flexcard.cards; 1
default-src 'self' https://www.osmo.com; style-src 'self' 'unsafe-inline' https://www.osmo.com  https://*.googleapis.com; script-src 'self' 'unsafe-inline' https://www.osmo.com https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.youtube.com https://*.google.com https://*.gstatic.com https://*.googleapis.com; frame-src 'self' https://www.osmo.com https://*.cookiebot.com https://*.youtube.com; connect-src 'self' https://www.osmo.com https://*.cookiebot.com https://*.google-analytics.com https://*.doubleclick.net https://*.googleapis.com https://*.youtube.com https://*.googlevideo.com; img-src 'self' data: https://www.osmo.com https://*.google-analytics.com https://*.googletagmanager.com https://*.youtube.com https://*.gstatic.com https://*.ggpht.com https://*.googleapis.com; font-src 'self' https://www.osmo.com https://*.gstatic.com https://*.googleapis.com 1
default-src  'self' 'unsafe-inline'; font-src https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://autochat.s3.eu-west-2.amazonaws.com/ https://*.sirv.com https://fonts.gstatic.com/ data: 'self'; child-src https://*.mouseflow.com 'self'; connect-src https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://*.ingest.sentry.io/ https://*.hotjar.com https://*.hotjar.io https://console.autochat.ai/ wss://*.hotjar.com https://cdn.linkedin.oribi.io/ https://region1.google-analytics.com https://ct.pinterest.com/ https://region1.google-analytics.com/  https://*.sirv.com https://c200.a-point.nl https://maps.googleapis.com/ https://api.salesfeed.com https://a-point.blueconic.net https://in.hotjar.com/ https://stats.g.doubleclick.net/ https://www.a-point.nl https://api.salesfeed.com/ https://www.google-analytics.com https://*.analytics.google.com https://a-point.gxcloud.net/ https://www.a-point.com https://a-point.blueconic.net/ 'self'; frame-src https://*.mouseflow.com https://ct.pinterest.com/ https://c200.a-point.nl https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://t.svtrd.com/ https://vars.hotjar.com/ https://consentcdn.cookiebot.com/ https://www.plan-it-online.nl/ https://www.youtube.com/ 'self'; frame-ancestors  'self'; img-src https://*.mouseflow.com https://autochat.s3.eu-west-2.amazonaws.com/ https://www.googletagmanager.com/ https://ct.pinterest.com/ https://region1.google-analytics.com/ https://*.sirv.com https://c200.a-point.nl https://www.linkedin.com/ https://www.facebook.com/ https://www.google.com https://www.google.nl https://px.ads.linkedin.com/ https://www.google-analytics.com https://maps.gstatic.com/ https://maps.googleapis.com/ blob: 'self' data:; media-src https://download-video.akamaized.net/ https://player.vimeo.com 'self'; object-src  'self'; script-src https://*.mouseflow.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'self' 'unsafe-inline' 'unsafe-eval' data: https: wss:; style-src https://*.mouseflow.com https://static.chatclient.autochat.ai/ https://autochat.s3.eu-west-2.amazonaws.com/ https://c200.a-point.nl/ https://*.sirv.com https://fonts.googleapis.com/ https://plugins.blueconic.net/ 'self' 'unsafe-inline';  worker-src  'self' blob: 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.jsdelivr.net fonts.googleapis.com ajax.googleapis.com code.jquery.com fonts.gstatic.com  *.githubusercontent.com api.github.com www.googletagmanager.com tagmanager.google.com www.google-analytics.com cdnjs.cloudflare.com data: buttons.github.io www.youtube.com video.ibm.com https://start.openliberty.io/ gitlab.com starter-staging.rh9j6zz75er.us-east.codeengine.appdomain.cloud https://docs.oracle.com/javase/8/docs/api/ 1
script-src 'unsafe-inline' 'unsafe-eval' 'self' http://cdnjs.cloudflare.com https://cdnjs.cloudflare.com https://www.google.com http://www.google-analytics.com https://ssl.google-analytics.com https://www.google-analytics.com http://linkhelp.clients.google.com https://linkhelp.clients.google.com http://connect.facebook.net https://connect.facebook.net https://graph.facebook.com http://platform.twitter.com https://platform.twitter.com https://syndication.twitter.com http://syndication.twitter.com https://d2zah9y47r7bi2.cloudfront.net https://www.googletagmanager.com https://www.google.com http://www.gstatic.com https://static.aclj.org/ https://apm.thesmg.cloud https://aclj.org; connect-src 'self' https://stats.g.doubleclick.net https://www.google-analytics.com https://static.aclj.org/ https://apm.thesmg.cloud https://fonts.googleapis.com 1
default-src https://*.weglot.com/ https://*.adform.net wss://*.hotjar.com/ https://vc.hotjar.io/ https://www.facebook.com/ https://www.bancatransilvania.ro/ https://37.251.255.208/ https://px.ads.linkedin.com https://connect.facebook.net/ https://www.youtube.com/ https://dc.services.visualstudio.com  https://html5-player.libsyn.com/ https://hwcdn.libsyn.com/ https://traffic.libsyn.com/ https://directline.botframework.com https://maps.gstatic.com/ https://maps.googleapis.com/ https://*.btassetmanagement.ro/ https://config1.veinteractive.com/ https://*.typekit.net/ https://*.veinteractive.com/ https://sessionapi.veinteractive.com/ https://*.creativecdn.com/ https://*.google.com/ https://*.google-analytics.com/ https://*.doubleclick.net/ https://*.google.ro https://*.bidswitch.net/ https://*.hotjar.com https://*.twitter.com/ https://*.oberthur.com https://bt4.druidplatform.com/ blob: data:; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; font-src 'self' https://*.veinteractive.com https://*.typekit.net/ https://*.gstatic.com https://*.bt4.druidplatform.com data:; object-src 'none' 1
default-src 'self';object-src 'self';frame-src 'self' *.youtube.com *.youtube-nocookie.com *.twitter.com https://player.vimeo.com https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://matomo.z-u-g.org/matomo.js https://platform.twitter.com https://consentcdn.cookiebot.com https://consent.cookiebot.com https://consentcdn.cookiebot.eu https://consent.cookiebot.eu ;style-src 'self' data: 'unsafe-inline' ;img-src 'self' data: https://img.sct.eu1.usercentrics.eu https://syndication.twitter.com *.tile.openstreetmap.org ;font-src 'self' data: 'unsafe-inline' ;connect-src 'self' https://matomo.z-u-g.org https://consentcdn.cookiebot.com https://consentcdn.cookiebot.eu;manifest-src 'self';media-src 'self' *.akamaihd.net 1
default-src 'self' https:; script-src 'self' https:; style-src 'self' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net https://cdn.jsdelivr.net https://cdn.bootcss.com 'unsafe-inline'; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net; img-src 'self' data:; connect-src 'self' https://www.googletagmanager.com; 1
base-uri 'self';connect-src 'self' ws: https://*.westtoer.be https://vimeo.com https://*.vlaanderen.be https://tris.westtoer.be https://geoserver.westtoer.be https://*.google-analytics.com https://bam.nr-data.net https://westtoer-winrecommender-prod.ausy.solutions https://*.analytics.google.com https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://adservice.google.com https://*.elfsight.com https://pagead2.googlesyndication.com;default-src 'self' https://*.ausy.solutions https://*.westtoer.be https://*.vimeo.com;form-action 'self' https://*.list-manage.com;img-src 'self' data: https://*.ausy.solutions https://*.westtoer.be https://*.openstreetmap.org https://*.openstreetmap.be https://tris.westtoer.be https://ad.doubleclick.net https://adservice.google.com https://www.googletagmanager.com https://www.facebook.com https://www.google.be https://fonts.gstatic.com https://googleads.g.doubleclick.net https://www.google.com https://*.elfsightcdn.com https://segments.optinadserving.com;media-src 'self';object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.ausy.solutions https://*.westtoer.be https://*.fontawesome.com https://*.googletagmanager.com https://*.juicer.io https://*.jsdelivr.net https://connect.facebook.net https://*.newrelic.com https://*.cumul.io https://*.elfsight.com https://s3.amazonaws.com/downloads.mailchimp.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://segments.optinadserving.com;style-src 'self' 'unsafe-inline' https://*.ausy.solutions https://*.westtoer.be https://*.mailchimp.com https://www.googletagmanager.com https://fonts.googleapis.com;font-src 'self' data: https://www.dekust.be https://fonts.gstatic.com;frame-src https://*.ausy.solutions https://www.youtube.com https://proximusanalytics.cumul.io https://player.vimeo.com https://*.spotify.com https://*.issuu.com https://www.google.com https://cms.westtoer.be https://*.nodemapp.com https://www.routechirurg.be https://westtoer.virtualtour.poppr.be https://td.doubleclick.net;frame-ancestors 'self' 1
frame-ancestors 'self' https://www.mediaservices.com 1
default-src 'self'; base-uri 'self'; form-action 'self' https://customer.hostedoffice.ag;connect-src 'self' wss://aipi.support/ws https://piwik.aipi.de; font-src www.aipi.de www.aipi.de 'self';style-src-attr 'unsafe-hashes' 'sha256-nCtYqZm0TNQQ+U6cXsAjRWjgKgAcAC5EQGqtKUxK3vw=' 'sha256-1v7EUPO3OEib7RRCnrE1wWyo0L+fVMBtrmF4zWnylBU=' 'sha256-4XmUnq7c5BOpcWChA7Pvfme8wZKLmbdYoGyK+cJW1Xk=';style-src www.aipi.de www.aipi.de 'self' 'sha256-3Z4vOLO0y0TFvZJVkPgZ4r6ZqA/xPlfeyDWgxhqKyRE=' 'sha256-QXYcyzpBG1Dk1TNxlL6Wx5OzhyiENrLRDOMIxnGc0m4=' 'sha256-4XmUnq7c5BOpcWChA7Pvfme8wZKLmbdYoGyK+cJW1Xk=' aipi.support aipi.video data:;img-src 'self' piwik.aipi.de aipi.support data:;script-src 'self' 'sha256-MXlRNlxiJENqTbNNighIGA8h1e1roYzHpYTzsQ/3Ig8=' 'sha256-V1jfgpWg4LJj7uEoGS+1IGGJKY0yJutd21MasuP8vrs=' piwik.aipi.de aipi.support aipi.video;frame-src 'self' piwik.aipi.de aipi.video; frame-ancestors 'self' piwik.aipi.de; object-src 'none'; report-uri https://aipi.report/csp-violation-report 1
default-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.trustcommander.net *.commander1.com td.doubleclick.net; connect-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com *.trustcommander.net *.commander1.com pagead2.googlesyndication.com cdn.linkedin.oribi.io; font-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com; img-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com px.ads.linkedin.com; media-src 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com cdn.tagcommander.com cdn.trustcommander.net snap.licdn.com googleads.g.doubleclick.net; style-src 'self' 'unsafe-inline' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com snap.licdn.com *.tagcommander.com cdn.trustcommander.net; form-action 'self' *.webnet.fr *.socotec.com socotec.com *.socotec.fr socotec.fr *.cfasocotec.fr cfasocotec.fr *.socotecbuildingcontrol.co.uk socotecbuildingcontrol.co.uk socotecsmartsolutions.fr *.socotecsmartsolutions.fr storage.gra.cloud.ovh.net *.socotec.co.uk socotec.co.uk *.vimeo.com *.google.com *.google.fr *.googletagmanager.com *.google-analytics.com munchkin.marketo.net 081-xet-510.mktoresp.com stats.g.doubleclick.net *.youtube-nocookie.com *.youtube.com youtu.be cdnjs.cloudflare.com cdn.rawgit.com raw.githubusercontent.com cdn.jsdelivr.net www.gstatic.com *.googleapis.com *.gstatic.com data: *.marketo.com; frame-ancestors 'self'; report-uri https://www.socotec.com/report-uri/enforce 1
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.googletagmanager.com *.google-analytics.com *.googleapis.com *.vimeocdn.com *.youtube.com; connect-src 'self' *.craftcms.com *.presscloud.com *.google-analytics.com *.doubleclick.net; media-src 'self' *.vimeo.com *.akamaized.net; style-src 'self' 'unsafe-inline' *.googleapis.com *.gstatic.com *.typekit.net; img-src 'self' *.imgix.net *.google-analytics.com *.googletagmanager.com *.ytimg.com *.craft-cdn.com data:; frame-src 'self' *.vimeo.com *.youtube.com *.youtube-nocookie.com; font-src 'self' *.googleapis.com *.gstatic.com *.typekit.net data:; 1
default-src 'self' https://dyinglightgame.com https://*.dyinglightgame.com https://techland.pl https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com; script-src 'self' https://techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://www.googletagmanager.com https://connect.facebook.net https://www.google-analytics.com https://www.google.com/pagead/ https://static.ads-twitter.com https://analytics.twitter.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.youtube.com/iframe_api https://www.youtube.com/s/player/ https://s.ytimg.com/yts/jsbin/ https://www.redditstatic.com https://consent.cookiebot.com https://consentcdn.cookiebot.com https://platform.twitter.com/widgets.js https://platform.twitter.com/widgets/ https://platform.twitter.com/js/ https://www.gstatic.com/firebasejs/ https://bat.bing.com/p/action/142000372.js 'nonce-80a7sgbdfg' 'nonce-a098bfgaf' 'nonce-9a8sdbgfvb' 'nonce-981bdfhda' 'sha256-5EJ/AVN7tkeRkeM1cpSLQfWrFAcc4l5hcn6hn3tgc60=' 'sha256-vaidju6iPAqrzAKHHTJ7WgrOWFUrGPmQaly1j3t1DY8=' 'sha256-uh667NeereZvBOYau+jJp/Viq4Hwe4sCK0Xj5u3oztg='; style-src 'self' 'unsafe-inline' https://techland.net https://fonts.googleapis.com https://use.typekit.net https://p.typekit.net/p.css; font-src 'self' 'unsafe-inline' https://techland.net https://fonts.gstatic.com https://use.typekit.net; img-src 'self' data: https://*.techland.pl https://techland.net https://*.techland.net https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://dyinglightgame.com https://*.dyinglightgame.com https://*.facebook.com https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com/ads/ https://www.google.com/ads/ga-audiences/ https://www.google.pl/ads/ga-audiences/ https://www.google.com/pagead https://www.google.com/pagead/1p-user-list/918877113/ https://www.google.pl/pagead/1p-user-list/918877113/ https://region1.google-analytics.com https://region1.analytics.google.com https://t.co/i/adsct https://i.ytimg.com https://alb.reddit.com/ https://www.google.pl/ads/ga-audiences https://analytics.twitter.com/i/adsct https://bat.bing.com/action/0; frame-src 'self' https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://*.facebook.com https://*.hotjar.com https://www.youtube.com/embed/ https://player.twitch.tv/ https://accounts.google.com https://consentcdn.cookiebot.com/ https://consentcdn.cookiebot.com/sdk https://platform.twitter.com/ https://platform.twitter.com/widgets/; frame-ancestors 'self'; connect-src 'self' https://techland.gg https://*.techland.gg https://techlandgg.com https://*.techlandgg.com https://consentcdn.cookiebot.com/consentconfig/ https://analytics.google.com/g/collect https://stats.g.doubleclick.net/g/collect https://stats.g.doubleclick.net/j/collect https://region1.google-analytics.com https://region1.analytics.google.com https://www.google.com/pagead/landing https://www.google-analytics.com/j/collect https://googleads.g.doubleclick.net/pagead https://www.facebook.com/tr/ https://pagead2.googlesyndication.com/pagead/landing 1
frame-ancestors 'self' shop.eriks.be *.shop.eriks.be; upgrade-insecure-requests; script-src eriks.be *.eriks.be *.shop.eriks.be *.vimeo.com *.cookiebot.com unpkg.com blueconic.net *.blueconic.net *.marketo.net pages.eriks.com visualwebsiteoptimizer.com *.visualwebsiteoptimizer.com apeagle.io *.youtube.com *.adobedtm.com *.azure.com *.azureedge.net *.googleapis.com *.googletagmanager.com *.adservice.google.com *.googleadservices.com googleads.g.doubleclick.net *.google-analytics.com dqm.crownpeak.com *.twimg.com *.twitter.com twitter.com *.facebook.net *.cobrowser.com *.google.com *.gstatic.com *.hsforms.net *.hsforms.com *.elfsight.com snap.licdn.com static.hotjar.com script.hotjar.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com ubembed.com *.ubembed.com js.ubembed.com *.js.ubembed.com c.leadlab.click 'self' 'unsafe-eval' 'unsafe-inline'; 1
default-src *; img-src * 'self' data: https:; script-src 'self' 'unsafe-inline' blob: https: *; style-src 'self' 'unsafe-inline' * 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.com.pl; img-src 'self' https: data: blob: https://mastodon.com.pl; style-src 'self' https://mastodon.com.pl 'nonce-o3WG6zNxAHKAPILfmqBx+w=='; media-src 'self' https: data: https://mastodon.com.pl; frame-src 'self' https:; manifest-src 'self' https://mastodon.com.pl; form-action 'self'; child-src 'self' blob: https://mastodon.com.pl; worker-src 'self' blob: https://mastodon.com.pl; connect-src 'self' data: blob: https://mastodon.com.pl https://pcdn.mastodon.com.pl wss://mastodon.com.pl; script-src 'self' https://mastodon.com.pl 'wasm-unsafe-eval' 1
default-src 'self' maps.googleapis.com adamtotal.co.il *.adamtotal.co.il webcand.com *.webcand.com *.sisense.com googleapis.com *.googleapis.com *.bootstrapcdn.com facebook.com *.facebook.com google.com *.google.com *.matav.org.il *.paldi.solutions *.admweb.co.il admweb.co.il tinyurl.com *.tinyurl.com self blob: data: gap:; style-src 'self' https://* 'unsafe-inline'; script-src 'self' https://* 'unsafe-inline' 'unsafe-eval'; img-src 'self' https://* data:; font-src 'self' https://* 1
default-src 'none'; script-src 'self' 'nonce-whEMsWY4xQ91nrxlX9BTVrwzBV1th6Ny1MljGFEz8fE=' https://static.addtoany.com/menu/ https://maps.googleapis.com/maps-api-v3/ https://maps.googleapis.com/maps/api/js https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate https://maps.googleapis.com/maps/api/place/js/AutocompletionService.GetPredictions https://maps.googleapis.com/maps/api/place/js/PlaceService.GetPlaceDetails https://nodejs.youtropolis.com:8080/socket.io/socket.io.js https://www.google.com/jsapi https://www.gstatic.com/charts/ https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://platform.twitter.com/widgets.js https://platform.twitter.com/js/; object-src 'none'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/ https://www.gstatic.com/charts/; img-src 'self' data: https://maps.gstatic.com https://chart.googleapis.com/chart https://help.yahoo.com https://support.content.office.net https://syndication.twitter.com/i/jot/embeds; form-action 'self' https://www.paypal.com/cgi-bin/webscr; frame-src 'self' https://player.vimeo.com https://static.addtoany.com/menu/ https://www.youtube.com https://www.google.com https://w.soundcloud.com https://platform.twitter.com; frame-ancestors 'self'; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://stats.addtoany.com/menu https://maps.googleapis.com/maps/api/mapsjs/ https://nodejs.youtropolis.com:8080/socket.io/ wss://nodejs.youtropolis.com:8080/socket.io/; worker-src blob:; base-uri 'self'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; report-uri /example-reporting-endpoint 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://bne.social; img-src 'self' https: data: blob: https://bne.social; style-src 'self' https://bne.social 'nonce-UClwrgeXkPSgtgE+uVhGpA=='; media-src 'self' https: data: https://bne.social; frame-src 'self' https:; manifest-src 'self' https://bne.social; form-action 'self'; child-src 'self' blob: https://bne.social; worker-src 'self' blob: https://bne.social; connect-src 'self' data: blob: https://bne.social https://assets.bne.social wss://bne.social; script-src 'self' https://bne.social 'wasm-unsafe-eval' 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-WQPg4bkcBCxRUC92nziZJILzCWg='; style-src 'nonce-WQPg4bkcBCxRUC92nziZJILzCWg=' 1
default-src https:; img-src 'self' https: data: blob: https://vercel.live/ https://vercel.com https://*.pusher.com/; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.encore.dev *.segment.com *.googletagmanager.com https://assets.calendly.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://vercel.live/ https://vercel.com; style-src 'self' 'unsafe-inline' https://assets.calendly.com; connect-src 'self' https://*.encore.dev wss://*.encore.dev https://google.com https://pagead2.googlesyndication.com https://api.segment.io https://cdn.segment.com https://*.algolia.net https://*.algolianet.com http://localhost:7000 ws://localhost:7000 https://vercel.live/ https://vercel.com https://*.pusher.com/ wss://*.pusher.com/; font-src 'self'; frame-src https://streamyard.com https://calendly.com https://*.youtube.com https://*.doubleclick.net/ https://vercel.live/ https://vercel.com 1
connect-src 'self' 1
frame-ancestors https://endesax.com 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://use.typekit.net https://player.vimeo.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://www.googletagmanager.com https://www.google-analytics.com https://*.hotjar.com https://*.hotjar.io https://snap.licdn.com; img-src 'self' data: *.bilzin.com https://www.linkedin.com https://bilzin.vuturevx.com https://p.typekit.net https://www.google-analytics.com  https://*.hotjar.com https://*.hotjar.io https://px.ads.linkedin.com https://p.adsymptotic.com; style-src 'self' 'unsafe-inline' https://use.typekit.net; font-src 'self' 'unsafe-inline' https://use.typekit.net; frame-src 'self' 'unsafe-inline' *.bilzin.com https://player.vimeo.com https://www.youtube.com https://w.soundcloud.com https://cdn.flipsnack.com https://legaltalknetwork.com https://*.hotjar.com https://*.hotjar.io https://player.flipsnack.com; connect-src 'self' 'unsafe-inline' https://analytics.google.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://privacyportal-eu.onetrust.com https://www.google-analytics.com https://*.hotjar.com wss://*.hotjar.com https://*.hotjar.io https://stats.g.doubleclick.net; upgrade-insecure-requests; block-all-mixed-content; 1
style-src https: 'unsafe-inline'; font-src https: 'unsafe-inline' data:; img-src https: data: 1
default-src 'self' 'unsafe-inline' data: 'unsafe-eval' www.googletagmanager.com *.userway.org *.addthis.com www.google-analytics.com apps.phfewic.org stats.g.doubleclick.net *.googleapis.com *.gstatic.com *.google.com z.moatads.com player.vimeo.com i.vimeocdn.com www.youtube.com *.facebook.net *.facebook.com *.twitter.com *.pinterest.com 1
default-src 'self'; child-src 'self' blob: https://client.rlpdirekt.de/ https://kb.ionas.de/ https://www.youtube-nocookie.com/ https://www.youtube.com/; connect-src 'self' https://*.b-ite.com https://*.readspeaker.com/ https://buergerservice.ionas.de/ https://kevelaer.matomo.cloud; font-src 'self' data:; frame-ancestors 'self'; frame-src 'self' https://*.readspeaker.com/ https://buergerservice.ionas.de https://iam.chamaeleon.de https://iam.chamaeleon.de/ https://kb.ionas.de https://www.youtube-nocookie.com/ https://www.youtube.com/; img-src 'self' blob: data: https://buergerservice.ionas.de/ https://client.rlpdirekt.de/ https://i.ytimg.com/ https://img.youtube.com/ https://kevelaer.matomo.cloud https://s.ytimg.com/ https://tiles.chamaeleon.de https://www.kevelaer.de; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.readspeaker.com/ https://kevelaer.matomo.cloud https://s.ytimg.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-elem 'self' 'unsafe-inline' https://*.b-ite.com https://*.readspeaker.com/ https://kevelaer.matomo.cloud https://s.ytimg.com/ https://www.youtube-nocookie.com/ https://www.youtube.com/; script-src-attr 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.readspeaker.com/; style-src-elem 'self' 'unsafe-inline' https://*.readspeaker.com/; style-src-attr 'self' 'unsafe-inline'; worker-src 'self' blob:; report-to main 1
default-src  'self' data:;font-src  'self' data: fonts.gstatic.com kariera.rako.cz www.kariera.rako.cz;connect-src  'self' *.google.com *.google.cz *.googleapis.com *.google-analytics.com *.hotjar.com wss://ws6.hotjar.com *.hotjar.io *.doubleclick.net *.leady.com *.gstatic.com *.pinterest.com;script-src  'self' 'unsafe-inline' 'unsafe-eval' *.google.com *.google.cz *.googleapis.com *.gstatic.com *.hotjar.com static.hotjar.com www.googletagmanager.com *.google-analytics.com connect.facebook.net kariera.rako.cz www.kariera.rako.cz c.imedia.cz *.googleadservices.com *.adform.net *.seznam.cz *.doubleclick.net *.leady.com www.youtube-nocookie.com www.youtube.com *.pinterest.com *.pinimg.com;form-action  'self' *.facebook.com *.facebook.net *.pinterest.com;frame-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;worker-src  'self' blob: www.youtube.com www.youtube-nocookie.com *.iplatba.cz www.tvbydleni.cz *.facebook.com *.facebook.net *.hotjar.com *.google.com *.pinterest.com *.doubleclick.net;frame-ancestors  'self';img-src  'self' data: blob: *.gstatic.com *.googleapis.com *.googlecode.com www.googletagmanager.com *.google-analytics.com *.doubleclick.net www.facebook.com *.rako.cz c.imedia.cz *.seznam.cz *.pinterest.com *.pinimg.com i.ytimg.com *.google.com *.google.cz *.google.de *.google.fr *.google.pl *.google.ru *.google.sk;style-src  'self' 'unsafe-inline' fonts.googleapis.com *.gstatic.com *.google.com kariera.rako.cz www.kariera.rako.cz;object-src  'self' 1
default-src 'self' cdn.wcc.heine.de https://cdn.wcc.heine.de/graphql;    base-uri 'self';    font-src 'self' cdn.wcc.heine.de https://fonts.gstatic.com data: https://d3dc1lgancj6l0.cloudfront.net https://dq4irj27fs462.cloudfront.net;    img-src * data:;    connect-src 'self' https://cdn.wcc.heine.de/graphql cdn.wcc.heine.de cdn.witt.info/ https://images.ctfassets.net te.heine.de tp.heine.de wasp.heine.de wst.heine.de https://*.analytics.google.com https://*.facebook.com https://*.contentsquare.net https://*.my.onetrust.eu https://*.google-analytics.com https://bat.bing.com eu-witt-gruppe-prod1.mini.snplow.net https://www.google-analytics.com https://www.jsctool.com https://adservice.google.com/pagead/ https://graphql.contentful.com https://privacyportal-eu.onetrust.com https://stats.g.doubleclick.net https://geolocation.onetrust.com https://www.google.com/pagead/ https://googleads.g.doubleclick.net/pagead/ https://*.creativecdn.com https://*.googlesyndication.com https://*.optimizely.com ct.pinterest.com https://jsctool.com checkout-cdn.aboutyou.cloud checkout-v3.wcc.heine.de https://*.ingest.sentry.io wss://chat.userlike.com chat.userlike.com api.userlike.com www.userlike.com https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com wss://umd.userlike.com/umd/ https://maps.googleapis.com;    object-src 'none';    child-src blob: userlike-cdn-widgets.userlike.com;    script-src * 'unsafe-inline' 'unsafe-eval' https://*.adyen.com https://*.paypal.com userlike-cdn-widgets.userlike.com;    style-src 'self' cdn.wcc.heine.de https://www.googletagmanager.com https://fonts.googleapis.com 'unsafe-inline' d.heine.de checkout-cdn.aboutyou.cloud https://*.adyen.com https://*.paypal.com;    frame-src 'self' checkout-v3.wcc.heine.de https://*.awin1.com https://*.criteo.net https://*.criteo.com https://*.adrtx.net https://*.contentsquare.net https://www.googletagmanager.com https://www.facebook.com https://www.youtube.com https://dmp.theadex.com https://5127363.fls.doubleclick.net https://12769738.fls.doubleclick.net https://www.jsctool.com https://creativecdn.com/ https://fledge-eu.creativecdn.com/ https://tbs.tradedoubler.com/ https://survey2.quantilope.com/ https://*.adyen.com https://*.paypal.com https://*.computop-paygate.com userlike-cdn-widgets.userlike.com;    media-src 'self' cdn.wcc.heine.de cdn.witt.info/ https://images.ctfassets.net https://videos.ctfassets.net https://www.youtube.com https://witt-gruppe-res.cloudinary.com;    manifest-src 'self' cdn.wcc.heine.de;    worker-src 'self' cdn.wcc.heine.de blob:;    form-action 'self' www.facebook.com;    block-all-mixed-content;    frame-ancestors 'self' https://app.contentful.com;    sandbox allow-scripts allow-forms allow-same-origin allow-top-navigation allow-popups allow-popups-to-escape-sandbox allow-modals; 1
frame-ancestors 'self'; report-uri https://wobenzym.ru/report-uri/enforce 1
default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self' https: wss: data: 'unsafe-eval' 'unsafe-inline';frame-ancestors 'self';img-src 'self' data: https: 'unsafe-inline';object-src 'none';script-src 'self' https: wss: data: 'unsafe-eval' 'unsafe-inline';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests;connect-src 'self' https: wss: data: 'unsafe-eval' 'unsafe-inline';frame-src 'self' https: 'unsafe-eval' 'unsafe-inline';media-src 'self' data: https: 'unsafe-inline' 1
frame-ancestors 'none'; default-src https://*.116117-termine.de https://*.116117termine.de https://116117-termine.de https://116117termine.de https://*.116117.app https://116117.app https://www.eterminservice.de https://eterminservice.de https://*.googleapis.com https://*.gstatic.com https://photon.komoot.de 'unsafe-inline' 'unsafe-eval' data:; 1
frame-ancestors https://mng.gdtv.cn/ http://test-mp-gdtv.itouchtv.cn/ 1
media-src www.maga.gob.gt *.w.org; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fandom.ink; img-src 'self' https: data: blob: https://fandom.ink; style-src 'self' https://fandom.ink 'nonce-r77VC7vU7CihmigyS6OuwQ=='; media-src 'self' https: data: https://fandom.ink; frame-src 'self' https:; manifest-src 'self' https://fandom.ink; form-action 'self'; child-src 'self' blob: https://fandom.ink; worker-src 'self' blob: https://fandom.ink; connect-src 'self' data: blob: https://fandom.ink https://cdn.masto.host wss://fandom.ink; script-src 'self' https://fandom.ink 'wasm-unsafe-eval' 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://*.akamaihd.net https://*.translate.naver.net https://www.recaptcha.net https://www.google.com https://www.zenaps.com https://tr.snapchat.com https://tr6.snapchat.com https://www.youtube.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.googleapis.com https://*.trustpilot.com https://*.doubleclick.net https://*.bing.com https://connect.facebook.net https://*.parcellab.com https://dmp.email.creedfragrance.com; default-src 'none'; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com; form-action 'self' https://www.facebook.com https://checkout.creedfragrance.com https://connect.facebook.net https://tr.snapchat.com; frame-ancestors 'self'; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://the.sciencebehindecommerce.com https://*.akamaihd.net https://*.microsofttranslator.com https://google.com https://*.googleapis.com https://www.recaptcha.net https://connect.facebook.net https://*.trustpilot.com https://www.googleadservices.com https://*.translate.naver.net https://*.doubleclick.net https://*.google.com https://*.google-analytics.com https://fp.zenaps.com https://www.gstatic.com https://bat.bing.com https://www.googletagmanager.com https://www.youtube.com https://s.ytimg.com https://www.dwin1.com https://sc-static.net https://dmp.email.creedfragrance.com; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://cdn.parcellab.com https://s1.thcdn.com/; upgrade-insecure-requests; report-to report-endpoint 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-U+MkkMyiSV3KVjBZIG7J39DDm3U='; style-src 'nonce-U+MkkMyiSV3KVjBZIG7J39DDm3U=' 1
frame-ancestors 'self' agree2sign.com www.agree2sign.com greenlineloans.com greenarrowloans.com clearlineloans.com evergreen-cash.com redwaterlending.com integrios.com www.greenlineloans.com www.greenarrowloans.com www.clearlineloans.com www.evergreen-cash.com www.redwaterlending.com www.integrios.com 1
report-uri https://www.barmer.de/report; frame-ancestors 'self' https://lernen.barmer.de 1
frame-ancestors 'self' https://www.justflutes.com 1
default-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; media-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; prefetch-src 'self' https://www.phonepe.com https://phonepe.com https://website.phonepe.com; script-src https://www.phonepe.com https://www.googletagmanager.com https://phonepe.com https://website.phonepe.com https://www.gstatic.com https://www.google.com http://api.recaptcha.net https://cdn.jotfor.ms https://form.jotform.me https://code.jquery.com https://www.google-analytics.com https://platform.twitter.com/ https://www.googleadservices.com https://static.ads-twitter.com https://googleads.g.doubleclick.net https://connect.facebook.net 'self' 'unsafe-inline'; style-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com  https://cdn.jotfor.ms https://fonts.googleapis.com http://api.recaptcha.net 'self' 'unsafe-inline'; img-src data: https://website.phonepe.com data: https://www.phonepe.com https://phonepe.com https://imgstatic.phonepe.com http://images.phonepe.com http://api.recaptcha.net https://cdn.jotfor.ms www.googletagmanager.com 'self' https://www.google-analytics.com https://*.doubleclick.net https://adservice.google.com https://css.page-source.com https://www.google.com https://www.google.co.in https://www.facebook.com https://analytics.twitter.com https://t.co; font-src https://www.phonepe.com https://phonepe.com https://website.phonepe.com https://cdn.jotfor.ms https://fonts.gstatic.com/ 'self'; connect-src https://www.google-analytics.com https://boards-api.greenhouse.io https://api.phonepe.com https://www.phonepe.com https://phon.pe https://phonepe.com https://website.phonepe.com https://insights-api.phonepe.com https://sentry.phonepe.com https://page-source.com https://css.page-source.com https://logo.page-source.com https://cdn.page-source.com 'self'; frame-src http://www.greenhouse.io https://script.google.com/a/macros/phonepe.com/ https://boards.greenhouse.io https://boards-api.greenhouse.io http://api.recaptcha.net https://form.jotform.me https://docs.google.com https://qr.phonepe.com https://www.google.com https://phonepe.helpshift.com https://phonepe.freshdesk.com *.phonepe.com https://www.sisainfosec.com https://website.phonepe.com https://www.youtube.com https://platform.twitter.com/ https://*.doubleclick.net; frame-ancestors https://mercury.phonepe.com https://mercury-t1.phonepe.com https://mercury-t2.phonepe.com; report-uri https://csp.phonepe.com/log 1
script-src 'self' code.jquery.com 'unsafe-inline' 'unsafe-eval' https://selectpath.com www.google.com cdnjs.cloudflare.com www.gstatic.com selectpath.com 1
frame-ancestors 'none'; default-src 'self' https://*.aol.com https://*.yahoo.com https://*.yimg.com; img-src * data:; script-src 'self' 'unsafe-inline' 'nonce-jr8/cXigNNvQm9CmUsXBDw==' 'unsafe-eval' https://*.yahoo.com https://*.yimg.com https://*.aol.com https://*.aolcdn.com *.oath.com *.google.com www.googletagmanager.com www.googleadservices.com googleads.g.doubleclick.net *.googlesyndication.com https://sb.scorecardresearch.com bat.bing.com *.demdex.net https://msadsscale.azureedge.net/bingads/telemetryJS.js https://www.clarity.ms https://www.clarity.ms/s/0.7.10/clarity.js; style-src 'self' 'unsafe-inline' https://*.yimg.com; object-src *; connect-src *; font-src * data:; frame-src 'self' https://*.youtube.com https://s.yimg.com https://*.yahoo.com *.g.doubleclick.net *.googlesyndication.com; 1
frame-ancestors 'self'; style-src 'self' 'unsafe-inline' 1
script-src 'self' 'unsafe-inline' https://cdn.prod.website-files.com https://code.jquery.com https://js.sentry-cdn.com https://unpkg.com https://cdnjs.cloudflare.com https://ajax.googleapis.com https://www.googletagmanager.com https://browser.sentry-cdn.com https://assets-global.website-files.com https://js.adsrvr.org https://use.typekit.net https://static.hotjar.com https://script.hotjar.com https://widget.reviews.io https://www.google-analytics.com https://connect.facebook.net https://cdn.mxpnl.com https://cdn.pdst.fm https://browser-update.org https://googleads.g.doubleclick.net https://www.googleadservices.com https://api-js.mixpanel.com https://ssl.google-analytics.com https://www.google.com https://bat.bing.com https://cdn.segment.com https://analytics.tiktok.com https://d3e54v103j8qbb.cloudfront.net https://www.clarity.ms https://*.clarity.ms https://c.bing.com https://plugins.policyme.com https://cdn.heapanalytics.com https://heapanalytics.com https://plugins.prod.policyme.com  https://js.hs-analytics.net https://js-na1.hs-scripts.com https://js.hs-banner.com https://*.visualwebsiteoptimizer.com https://app.vwo.com; style-src 'self' 'unsafe-inline' https://cdn.prod.website-files.com https://global-uploads.webflow.com https://fonts.googleapis.com https://connect.facebook.net https://assets-global.website-files.com https://assets.reviews.io https://static.hotjar.com https://script.hotjar.com https://heapanalytics.com https://*.visualwebsiteoptimizer.com https://app.vwo.com data:; worker-src 'self' blob:; connect-src 'self' https://cdn.prod.website-files.com https://adservice.google.com https://www.google-analytics.com https://collect.caaquebec.com https://pagead2.googlesyndication.com https://www.google-analytics.com https://api-js.mixpanel.com https://api.ipify.org https://stats.g.doubleclick.net https://assets-global.website-files.com https://us-central1-adaptive-growth.cloudfunctions.net https://*.ingest.sentry.io https://cdn.segment.com https://api.segment.io https://api.ipregistry.co https://analytics.google.com https://analytics.tiktok.com https://api.reviews.io https://*.clarity.ms https://c.bing.com https://bat.bing.com https://www.google.ca https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://heapanalytics.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://www.google.com https://google.com https://analytics.pangle-ads.com https://www.googleadservices.com https://region1.analytics.google.com https://connect.facebook.net https://o183124.ingest.us.sentry.io; img-src 'self' https://cdn.prod.website-files.com https://assets-global.website-files.com https://www.facebook.com https://googleads.g.doubleclick.net https://ad.doubleclick.net https://11047780.fls.doubleclick.net https://ade.googlesyndication.com https://www.google.com https://www.google-analytics.com https://p.typekit.net https://www.google.ca https://bat.bing.com https://assets.reviews.io https://*.clarity.ms https://static.hotjar.com https://script.hotjar.com https://survey-images.hotjar.com https://c.bing.com https://d3e54v103j8qbb.cloudfront.net https://heapanalytics.com https://www.googletagmanager.com https://*.cloudfront.net https://*.hubspot.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://browser-update.org https://chart.googleapis.com https://analytics.tiktok.com https://analytics.pangle-ads.com https://www.googleadservices.com https://analytics.google.com https://connect.facebook.net https://stats.g.doubleclick.net https://marketingplatform.google.com blob:; font-src 'self' https://cdn.prod.website-files.com https://assets.website-files.com https://use.typekit.net https://p.typekit.net https://assets.reviews.io https://script.hotjar.com https://fonts.gstatic.com https://heapanalytics.com data:; frame-src 'self' https://11047780.fls.doubleclick.net https://*.doubleclick.net https://insight.adsrvr.org https://bid.g.doubleclick.net https://match.adsrvr.org https://www.youtube-nocookie.com https://widget.reviews.io https://*.visualwebsiteoptimizer.com https://app.vwo.com; frame-ancestors 'self' https://11047780.fls.doubleclick.net; object-src 'self'; media-src 'self'; child-src 'self' https://11047780.fls.doubleclick.net https://match.adsrvr.org; report-uri https://o183124.ingest.sentry.io/api/1289049/security/?sentry_key=6a21ec362e6e4fdab94145b3491a3ce0&sentry_environment=prod 1
default-src * 'unsafe-eval' 'unsafe-inline' blob: data:; 1
default-src 'self' blob: *.onlineumfragen.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.onlineumfragen.com www13.onlineumfragen.com:85 https://www.googletagmanager.com https://www.google-analytics.com ajax.googleapis.com www.googleadservices.com platform.twitter.com translate.google.com translate.googleapis.com www.google.com www.gstatic.com code.highcharts.com *.cloudflare.com extreme-ip-lookup.com https://embed.tawk.to https://cdn.jsdelivr.net https://salenti.de global.localizecdn.com https://polyfill.io https://cdn.jsdelivr.net/npm/mathjax@3/ https://cdn.mathjax.org https://cdn.datatables.net https://assets.adobedtm.com cdn.3cx.com; connect-src 'self' www.onlineumfragen.com cust.onlineumfragen.com https://www5.onlineumfragen.com http://*.amazonaws.com https://*.amazonaws.com translate.googleapis.com translate.google.com extreme-ip-lookup.com https://salenti.de global.localizecdn.com https://*.tawk.to wss://*.tawk.to seal.beyondsecurity.com *.twitter.com www13.onlineumfragen.com:85 *.onlineumfragen.com https://www.googletagmanager.com https://www.google-analytics.com maps.google.ch www.googleadservices.com http://92.42.184.213 *.cloudflare.com ups.xplosion.de *.doubleclick.net *.googlesyndication.com www.gstatic.com www.google.com www.evu-benchmarking.ch chart.googleapis.com api.qrserver.com https://bildungsplan-bw-ext.pirobase.de https://cdn.datatables.net; img-src 'self' data: blob: http://localhost www.onlineumfragen.com cust.onlineumfragen.com http://*.amazonaws.com https://*.amazonaws.com seal.beyondsecurity.com *.twitter.com www13.onlineumfragen.com:85 *.onlineumfragen.com https://www.googletagmanager.com https://www.google-analytics.com maps.google.ch www.googleadservices.com http://92.42.184.213 *.cloudflare.com ups.xplosion.de *.doubleclick.net *.googlesyndication.com salenti.de translate.googleapis.com translate.google.com www.gstatic.com www.google.com www.evu-benchmarking.ch chart.googleapis.com api.qrserver.com global.localizecdn.com https://bildungsplan-bw-ext.pirobase.de https://cdn.datatables.net https://embed.tawk.to https://privacy-seal.heydata.eu; media-src 'self' blob: www.onlineumfragen.com cust.onlineumfragen.com *.sensiqol.ch; style-src 'self' 'unsafe-inline' www.onlineumfragen.com cust.onlineumfragen.com fonts.googleapis.com translate.googleapis.com https://cdn.datatables.net https://embed.tawk.to; frame-src 'self' www.onlineumfragen.com cust.onlineumfragen.com *.twitter.com www.youtube.com maps.google.ch www.google.com *.onlineumfragen.com www.facebook.com https://salenti.de; font-src 'self' data: blob: www.onlineumfragen.com cust.onlineumfragen.com fonts.gstatic.com https://cdn.jsdelivr.net/npm/mathjax@3/ https://cdnjs.cloudflare.com/ajax/libs/mathjax/ https://cdn.mathjax.org https://embed.tawk.to; object-src 'self' blob: www.onlineumfragen.com cust.onlineumfragen.com www.youtube.com; 1
script-src 'self' ajax.googleapis.com stats.hsk.de maps.googleapis.com maps.google.de maps.gstatic.de maps.gstatic.com userlike-cdn-umm.b-cdn.net userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com userlike-cdn-operators.userlike.com userlike-cdn-widgets.userlike.com www.google.com www.gstatic.com d3dc1lgancj6l0.cloudfront.net; img-src 'self' *.ggpht.com *.googleusercontent.com *.g.doubleclick.net stats.hsk.de www.google.com www.google.de csi.gstatic.com data: userlike-cdn-operators.s3-eu-west-1.amazonaws.com www.userlike.com userlike-store-media-files.s3.amazonaws.com userlike-cdn-operators.userlike.com userlike-cdn-widgets.userlike.com; frame-ancestors 'self' login.duschtec.de duschtecsso-viur.appspot.com hkz.hsk.de; default-src 'self'; frame-src 'self' www.google.com drive.google.com accounts.google.com www.youtube-nocookie.com www.youtube.com docs.google.com maps.google.de my.matterport.com datanorm.hsk.de anfrage.bad-heizung-anfrage.de api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com; style-src 'self' 'unsafe-inline'; media-src 'self' userlike-store-media-files.s3.amazonaws.com; child-src 'self' api.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com userlike-cdn-widgets.userlike.com userlike-cdn-operators.userlike.com; connect-src 'self' *.ggpht.com *.googleusercontent.com stats.hsk.de https://stats.g.doubleclick.net wss://umd.userlike.com umd.userlike.com userlike-cdn-widgets.s3-eu-west-1.amazonaws.com api.userlike.com www.userlike.com; font-src 'self' fonts.gstatic.com d3dc1lgancj6l0.cloudfront.net userlike-cdn-umm.b-cdn.net; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://appdot.net; img-src 'self' https: data: blob: https://appdot.net; style-src 'self' https://appdot.net 'nonce-kviBdTrmSRdIcVv0O9SsZw=='; media-src 'self' https: data: https://appdot.net; frame-src 'self' https:; manifest-src 'self' https://appdot.net; form-action 'self'; child-src 'self' blob: https://appdot.net; worker-src 'self' blob: https://appdot.net; connect-src 'self' data: blob: https://appdot.net https://cdn.masto.host wss://appdot.net; script-src 'self' https://appdot.net 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://manage.electronicdesign.com  https://ebmgen.pathfactory.com https://ebmcem.pathfactory.com   https://ebmdes.pathfactory.com https://ebmmanu.pathfactory.com https://ebmtrans.pathfactory.com; 1
default-src 'self' blob: https: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https: blob:; script-src-elem 'self' 'unsafe-inline' https: cdnjs.cloudflare.com; frame-src 'self' open.spotify.com www.youtube.com *.ingest.us.sentry.io anchor.fm podcasters.spotify.com *.opinionstage.com www.google.com/recaptcha/ recaptcha.google.com/recaptcha/ *.curator.io checkout.play.roller.app checkout.roller.app *.roller.app *.adyen.com td.doubleclick.net tel: mailto: https:; style-src 'self' 'unsafe-inline' *.typekit.net *.beingbui.lt fonts.googleapis.com cloud.typography.com *.curator.io cdnjs.cloudflare.com www.googletagmanager.com www.gstatic.com https:; img-src 'self' https: data:; media-src 'self' curator-assets.b-cdn.net curatorio.s3.amazonaws.com *.beingbui.lt d32uoi6z5t9smp.cloudfront.net *.adyen.com api.global.wayfinder.skyline.beingbui.lt; font-src 'self' 'unsafe-inline' data: *.typekit.net fonts.gstatic.com td.doubleclick.net; object-src 'self' *.beingbui.lt data:; frame-ancestors 'none'; connect-src 'self' stats.g.doubleclick.net api.global.wayfinder.skyline.beingbui.lt https: wss: properties:; report-uri https://o1122331.ingest.us.sentry.io/api/4506261381775360/security/?sentry_key=07e9096f71c983120de6a68b5ee52b27; 1
default-src 'self' https://cdn.onesignal.com https://c.disquscdn.com https://disqus.com https://maxprog.test.onfastspring.com https://maxprog.onfastspring.com; frame-src 'self' https://www.youtube.com https://onesignal.com https://c.sharethis.mgr.consensu.org https://t.sharethis.com https://disqus.com https://platform.twitter.com https://maxprog.test.onfastspring.com https://maxprog.onfastspring.com https://js.stripe.com/ https://checkout.stripe.com/ https://widget.trustpilot.com/ https://www.google.com https://cse.google.es https://secure.trust-provider.com https://www.crowdcast.io https://embed.restream.io https://maxprog.repuso.com https://iframe.videodelivery.net https://cdn.forms-content.sg-form.com https://player.vimeo.com https://vimeo.com https://web.facebook.com https://app.meetedgar.com https://accounts.google.com https://www.videoask.com https://a39a7b1b.sibforms.com https://frn6tt1te6.execute-api.eu-west-1.amazonaws.com https://www.facebook.com https://form.typeform.com https://jmp.sh https://jumpshare.com https://sibautomation.com https://maxprog.thereviewsplace.com https://www.semrush.com https://publer.io https://status.maxprog.com https://www.sandbox.paypal.com https://*.wistia.com https://*.wistia.net https://*.semrush.com https://conversations-widget.sendinblue.com https://conversations-widget.brevo.com https://getbutton.io https://line.me https://googleads.g.doubleclick.net https://tpc.googlesyndication.com https://*.livechatinc.com https://cdn.chatbot.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://onesignal.com https://cdn.onesignal.com https://platform-api.sharethis.com https://maxprog.disqus.com https://ajax.googleapis.com https://www.googletagmanager.com https://www.google-analytics.com https://cse.google.com https://www.google.com https://translate.google.com https://translate.googleapis.com https://buttons-config.sharethis.com https://count-server.sharethis.com https://t.sharethis.com https://platform.twitter.com https://c.disquscdn.com https://*.cloudfront.net https://api.repuso.com https://repuso.com https://js.stripe.com/v3 https://checkout.stripe.com/v2/checkout.js https://widget.trustpilot.com  https://secure.trust-provider.com https://www.gstatic.com https://clients1.google.com https://*.cloudflare.com  https://static.cloudflareinsights.com https://certify-js.alexametrics.com  https://event.webinarjam.com https://cdnjs.cloudflare.com https://www.bigmarker.com https://a.omappapi.com https://a.trstplse.com https://extend.vimeocdn.com https://plugins.eventable.com https://widgets.thereviewsplace.com http://ajax.googleapis.com https://maxprog.qhub.com https://apis.google.com https://accounts.google.com  https://www.videoask.com https://productquestions-clientstaticfiles.trustpilot.com https://connect.facebook.net https://embed.typeform.com https://vimeo.com https://*.github.io https://cdn.provesrc.com https://apps.elfsight.com https://static.elfsight.com https://sibautomation.com https://chat.sendinblue.com https://www.youtube.com https://*.ytimg.com https://storage.elfsight.com https://cdn.headwayapp.co/ https://links.services.disqus.com https://www.clarity.ms https://widget.manychat.com https://mccdn.me https://www.paypal.com https://recaptcha.net https://*.clarity.ms https://translate-pa.googleapis.com https://static.ads-twitter.com https://*.wistia.com https://*.vimeo.com https://*.vimeocdn.com https://yoast.com https://*.semrush.com https://launchpad-wrapper.privacymanager.io https://launchpad.privacymanager.io  https://tag.clearbitscripts.com https://x.clearbitjs.com https://*.providesupport.com https://conversations-widget.brevo.com https://conversations-widget.sendinblue.com https://*.elfsight.com https://*.elfsightcdn.com https://sbl.onfastspring.com https://*.maxmind.com https://*.googlesyndication.com https://cdn.livechatinc.com https://api.livechatinc.com https://cdn.chatbot.com https://client.crisp.chat; connect-src 'self' https://api.thereviewsplace.com wss://widget-mediator.zopim.com https://onesignal.com https://l.sharethis.com https://links.services.disqus.com https://maxprog.test.onfastspring.com https://maxprog.onfastspring.com https://www.google-analytics.com https://stats.g.doubleclick.net https://checkout.stripe.com https://yoast.com https://translate.googleapis.com  https://api.omappapi.com https://*.omappapi.com https://rdp.rhombusads.com https://api.trstplse.com https://app.optmnstr.com https://api-js.mixpanel.com https://api.videoask.com https://cloudflareinsights.com https://www.clarity.ms https://app.omappapi.com https://client-api.provesrc.com https://apps.elfsight.com https://data.elfsight.com https://in-automate.sendinblue.com   https://*.elfsight.com https://chat-operating-back.sendinblue.com wss://chat-messaging.sendinblue.com  https://graph.facebook.com https://www.sandbox.paypal.com https://*.wistia.com https://*.akamaihd.net https://*.litix.io https://api.vimeo.com https://my.yoast.com https://*.semrush.com https://api.amplitude.com wss://www.semrush.com https://fresnel-events.vimeocdn.com  https://geo.privacymanager.io https://bcp.crwdcntrl.net https://secure.archiebot.com  https://app.clearbit.com https://widget.getbutton.io https://in-automate.brevo.com https://*.sharethis.com https://*.mmapiws.com https://*.googlesyndication.com https://cdn.chatbot.com wss://client.relay.crisp.chat https://client.crisp.chat https://storage.crisp.chat; img-src 'self' https://repuso.com https://widgets.thereviewsplace.com https://rc.rlcdn.com https://platform-cdn.sharethis.com https://l.sharethis.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com https://checkout.stripe.com https://www.gstatic.com https://syndication.twitter.com https://www.google.es https://www.googleapis.com https://clients1.google.com https://d1f8f9xcsvx3ha.cloudfront.net https://secure.gravatar.com https://q.stripe.com https://cdn.viglink.com https://links.services.disqus.com data: https://secure.trust-provider.com https://translate.googleapis.com https://translate.google.com https://encrypted-tbn3.gstatic.com https://encrypted-tbn0.gstatic.com https://encrypted-tbn2.gstatic.com https://ssl.gstatic.com https://img.onesignal.com https://img.youtube.com https://referrer.disqus.com https://c.disquscdn.com  https://www.googletagmanager.com https://d5ln38p3754yc.cloudfront.net https://optin-monster.s3.amazonaws.com https://a.omappapi.com  https://lh3.googleusercontent.com https://www.gravatar.com https://i.ytimg.com https://www.videoask.com https://www.facebook.com https://*.digitaloceanspaces.com https://*.provesrc.com https://*.amazonaws.com https://*.googleusercontent.com  https://t.co https://chat-public.sendinblue.com https://*.gstatic.com https://*.ggpht.com https://maxprog.thereviewsplace.com  https://*.capterra-static.com https://*.trustpilot.com https://c.bing.com https://files.elfsight.com https://assets.thereviewsplace.com https://scontent.xx.fbcdn.net https://external.xx.fbcdn.net https://pbs.twimg.com https://graph.facebook.com https://*.xx.fbcdn.net https://stanbusk.files.wordpress.com *; style-src 'self' 'unsafe-inline' https://*.maxprog.com https://onesignal.com https://c.disquscdn.com https://www.google.com https://translate.googleapis.com https://repuso.com https://repuso.com/widgets/modal.css https://repuso.com/widgets/floating.css https://fonts.googleapis.com/ https://cdnjs.cloudflare.com https://maxcdn.bootstrapcdn.com https://*.clarity.ms https://a.omappapi.com https://translate-pa.googleapis.com https://www.gstatic.com https://sbl.onfastspring.com https://client.crisp.chat; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://repuso.com https://stage.repuso.com data:  https://*.github.io https://assets.sendinblue.com https://maxcdn.bootstrapcdn.com https://client.crisp.chat; media-src 'self' blob: https://res.cloudinary.com https://media.videoask.com https://www.youtube.com; object-src 'self' blob: ; 1
frame-ancestors 'self' https://developer-payments.qa.roku.com https://developer-payments.staging.roku.com https://developer.roku.com  https://dev.qa.roku.com https://iframetest.certa.dev 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' connect.facebook.net www.googletagmanager.com;connect-src *;img-src *;style-src 'self' 'unsafe-inline' fonts.googleapis.com;font-src 'self' fonts.gstatic.com cdn.hotdices.net;frame-ancestors https://apps.facebook.com 1
default-src 'self' https://geoip.cookieyes.com/ https://active.cookieyes.com https://cdn-cookieyes.com https://code.jquery.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://api.hsforms.com/submission https://api.hsforms.com  https://ajax.googleapis.com https://cdnjs.cloudflare.com https://api.hsforms.com ; img-src * data:; script-src 'unsafe-inline' 'unsafe-eval' http: https: ; style-src * 'unsafe-inline'; media-src *; frame-src *;font-src *; 1
default-src  'self' blob:; script-src  https 'self' blob: https://secure.hiss3lark.com https://www.google.com https://*.linkedin.com https://*.googletagmanager.com https://*.google-analytics.com https://sjs.bizographics.com https://snap.licdn.com https://code.jquery.com/ https://js-eu1.hs-scripts.com https://js-eu1.hs-analytics.net https://js-eu1.hs-banner.com https://js-eu1.hscollectedforms.net https://js-eu1.hsadspixel.net https://js-eu1.hsforms.net https://forms-eu1.hsforms.com https://fast.wistia.com https://*.6sc.co https://*.6sense.com https://js-eu1.hscta.net https://cta-eu1.hubspot.com https://*.nrich.ai https://*.facebook.net https://js-eu1.usemessages.com https://*.clickcease.com d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net js-eu1.hubspot.com 'nonce-4248801628748184'; connect-src  https 'self' https://*.google-analytics.com https://*.google.com https://forms-eu1.hubspot.com https://js-eu1.hs-scripts.com https://js-eu1.hs-banner.com https://api-eu1.hubapi.com https://forms-eu1.hsforms.com https://pipedream.wistia.com https://distillery.wistia.com https://*.litix.io https://*.akamaihd.net https://*.wistia.com https://cta-eu1.hubspot.com https://*.6sc.co https://*.6sense.com https://secure.adnxs.com https://*.nrich.ai https://*.oribi.io https://*.doubleclick.net https://api-eu1.hubspot.com https://forms-eu1.hscollectedforms.net https://px.ads.linkedin.com; style-src  https 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; font-src  https 'self' data: https://fonts.gstatic.com https://fast.wistia.com; img-src  https 'self' data: https://instanda.com https://*.linkedin.com https://*.google-analytics.com https://*.google.com https://*.google.es https://*.google.ae https://*.google.co.uk https://i.ytimg.com https://*.assets-servd.host https://s3.eu-west-2.amazonaws.com https://track-eu1.hubspot.com https://forms-eu1.hsforms.com https://perf-eu1.hsforms.com https://*.adsymptotic.com https://fast.wistia.com https://via.placeholder.com https://embedwistia-a.akamaihd.net https://hubspot-no-cache-eu1-prod.s3.amazonaws.com https://*.6sc.co https://*.6sense.com https://embed-ssl.wistia.com https://*.nrich.ai https://forms.hsforms.com https://fonts.gstatic.com https://www.googletagmanager.com https://www.google.co.th d.adroll.com s.adroll.com d.adroll.mgr.consensu.org dsum-sec.casalemedia.com eb2.3lift.com googleads.g.doubleclick.net p.adsymptotic.com px.ads.linkedin.com px4.ads.linkedin.com pixel.advertising.com pixel.rubiconproject.com image2.pubmatic.com simage2.pubmatic.com snap.licdn.com sync.outbrain.com sync.taboola.com trc.taboola.com ads.yahoo.com ups.analytics.yahoo.com www.facebook.com connect.facebook.net idsync.rlcdn.com ib.adnxs.com x.bidswitch.net; frame-src  https 'self' https://www.google.com https://www.youtube.com https://player.vimeo.com https://powerforms.docusign.net https://eu.docusign.net https://html5-player.libsyn.com https://forms-eu1.hsforms.com https://www.listennotes.com https://app-eu1.hubspot.com https://*.hs-sites-eu1.com; frame-ancestors  https 'self'; object-src  'none';  report-uri https://darwin.uriports.com/reports/enforce; report-to default 1
script-src * data: https://www.bcdme.com/* 'unsafe-inline' 'unsafe-eval'; worker-src blob:;  object-src 'none' ; upgrade-insecure-requests 1
default-src 'self'; base-uri 'self'; style-src 'self' 'unsafe-inline' ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.youtube.com *.youtube-nocookie.com *.itzbund.de *.bundesbots.de ; object-src 'self' multimedia.gsb.bund.de; connect-src 'self' *.itzbund.de ; media-src 'self' blob: multimedia.gsb.bund.de social.bund.de *.youtube.com *.youtube-nocookie.com medien.bkm.bund.de ; frame-src *.youtube.com *.youtube-nocookie.com *.bundesbots.de ; img-src 'self' blob: social.bund.de *.youtube.com *.youtube-nocookie.com ; frame-ancestors 'self'; upgrade-insecure-requests; 1
default-src * data: ;script-src * 'unsafe-inline' 'unsafe-eval' ;style-src * 'unsafe-inline' data: ;frame-ancestors 'self' ;worker-src * blob: ;report-to csp-endpoint ;report-uri https://csp-report.adami.fr/ 1
default-src data: http://localhost:* https://*.amazonaws.com https://*.eloqua.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.plaid.com https://app.hellosign.com https://gainbridge.ada.support https://gitlab.com https://www.facebook.com https://www.google-analytics.com https://www.googletagmanager.com https://*.agkn.com https://*.analytics.yahoo.com https://*.bing.com https://choosemylo.com https://*.choosemylo.com https://*.doubleclick.net https://*.getletterpress.com https://*.impactcdn.com https://*.reddit.com/ https://*.redditstatic.com https://*.trkn.us/ https://*.typekit.net https://*.videoamp.com/ https://*.yimg.com/ https://scripts.postie.com/ https://trkn.us/ https://*.gainbridge-qa.com https://gainbridge-qa.com https://*.gainbridge-preprod.com https://gainbridge-preprod.com https://*.gainbridge.io https://gainbridge.io https://*.cookielaw.org https://*.loggly.com https://*.ojrq.net https://*.onetrust.com https://*.pxf.io https://*.clarity.ms https://*.xad.com;    script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.facebook.net https://*.plaid.com https://*.zdassets.com https://cloud.typography.com https://edge.fullstory.com https://img.en25.com https://maps.googleapis.com https://static.ada.support https://www.google-analytics.com/analytics.js https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://*.agkn.com https://*.analytics.yahoo.com https://*.bing.com https://choosemylo.com https://*.choosemylo.com https://*.doubleclick.net https://*.getletterpress.com https://*.impactcdn.com https://*.reddit.com/ https://*.redditstatic.com https://*.trkn.us/ https://*.typekit.net https://*.videoamp.com/ https://*.yimg.com/ https://scripts.postie.com/ https://trkn.us/ https://*.gainbridge-qa.com https://gainbridge-qa.com https://*.gainbridge-preprod.com https://gainbridge-preprod.com https://*.gainbridge.io https://gainbridge.io https://*.cookielaw.org https://*.loggly.com https://*.ojrq.net https://*.onetrust.com https://*.pxf.io https://*.clarity.ms https://*.xad.com;    connect-src 'self' http://localhost:* https://*.ada.support https://*.fullstory.com https://*.google.com https://*.googlesyndication.com https://*.launchdarkly.com https://*.zdassets.com https://api-js.mixpanel.com https://api.emailjs.com https://browser-http-intake.logs.datadoghq.com https://csp-exporter.gainbridge-qa.com https://gitlab.com https://maps.googleapis.com https://static.ada.support/embed-manifest.json https://www.facebook.com https://www.google-analytics.com wss://localhost:* https://*.agkn.com https://*.analytics.yahoo.com https://*.bing.com https://choosemylo.com https://*.choosemylo.com https://*.doubleclick.net https://*.getletterpress.com https://*.impactcdn.com https://*.reddit.com/ https://*.redditstatic.com https://*.trkn.us/ https://*.typekit.net https://*.videoamp.com/ https://*.yimg.com/ https://scripts.postie.com/ https://trkn.us/ https://*.gainbridge-qa.com https://gainbridge-qa.com https://*.gainbridge-preprod.com https://gainbridge-preprod.com https://*.gainbridge.io https://gainbridge.io https://*.cookielaw.org https://*.loggly.com https://*.ojrq.net https://*.onetrust.com https://*.pxf.io https://*.clarity.ms https://*.xad.com;    style-src 'self' 'unsafe-inline' http://localhost:* https://*.choosemylo.com https://*.doubleclick.net https://*.googleapis.com https://*.gstatic.com https://*.typekit.net https://cloud.typography.com https://www.googletagmanager.com https://*.gainbridge-qa.com https://gainbridge-qa.com https://*.gainbridge-preprod.com https://gainbridge-preprod.com https://*.gainbridge.io https://gainbridge.io https://*.cookielaw.org https://*.loggly.com https://*.ojrq.net https://*.onetrust.com https://*.pxf.io https://*.clarity.ms https://*.xad.com;    img-src blob: data: 'self' https://*.amazonaws.com https://*.analytics.yahoo.com https://*.bing.com https://*.choosemylo.com https://*.doubleclick.net https://*.eloqua.com https://*.facebook.com https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.impactcdn.com https://*.reddit.com https://*.trkn.us https://*.videoamp.com https://*.yahoo.com https://trkn.us https://www.google-analytics.com https://www.googletagmanager.com https://*.gainbridge-qa.com https://gainbridge-qa.com https://*.gainbridge-preprod.com https://gainbridge-preprod.com https://*.gainbridge.io https://gainbridge.io https://*.cookielaw.org https://*.loggly.com https://*.ojrq.net https://*.onetrust.com https://*.pxf.io https://*.clarity.ms https://*.xad.com; 1
frame-ancestors 'self' *.patcraft.com *.wfdev.net localhost:11862 1
script-src 'self' 'nonce-hPSMdrwhP22jmHdiNXG0NQ=='; default-src 'self' 1
script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' https: 'unsafe-inline' 1
base-uri 'self'; default-src https:; object-src 'none'; frame-src 'self' *.acronis.com *.salesforceliveagent.com *.visualize-roi.com *.doubleclick.net optimize.google.com platform.twitter.com syndication.twitter.com vars.hotjar.com widget.trustpilot.com www.facebook.com www.google.com www.youtube.com www.recaptcha.net *.visualwebsiteoptimizer.com app.vwo.com; frame-ancestors 'none'; font-src 'self' *.acronis.com fonts.googleapis.com fonts.gstatic.com script.hotjar.com; style-src 'unsafe-inline' 'self' *.acronis.com cdn.cookielaw.org fonts.googleapis.com optimize.google.com platform.twitter.com tagmanager.google.com *.visualwebsiteoptimizer.com app.vwo.com s3.amazonaws.com; img-src 'self' data: *.acronis.com *.analytics.google.com *.clarity.ms *.facebook.com *.g.cn *.g.doubleclick.net *.google-analytics.com *.googleapis.com *.googletagmanager.com *.linkedin.com *.twimg.com *.ytimg.com acronis.events b.6sc.co bat.bing.com c.bing.com c212.net cdn.cookielaw.org maps.gstatic.com media.slapfive.com optimize.google.com p.adsymptotic.com pixel.mathtag.com script.hotjar.com ssl.gstatic.com syndication.twitter.com trkn.us www.gstatic.com *.visualwebsiteoptimizer.com chart.googleapis.com wingify-assets.s3.amazonaws.com app.vwo.com www.mczbf.com alb.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; connect-src 'self' ws: *.6sc.co *.6sense.com *.acronis.com *.adnxs.com *.analytics.google.com *.bing.com *.clarity.ms *.fullcircleinsights.com *.g.doubleclick.net *.google-analytics.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.mutinycdn.com *.onetrust.com *.s3.amazonaws.com *.scarabresearch.com *.schemaapp.com *.sentry.io *.visualize-roi.com *.influ2.com *.linkedin.com 929-hvv-335.mktoresp.com api.greenhouse.io cdn.cookielaw.org maps.googleapis.com cdn.linkedin.oribi.io www.mczbf.com *.visualwebsiteoptimizer.com app.vwo.com www.redditstatic.com conversions-config.reddit.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat *.googleapis.com *.gstatic.com; script-src 'unsafe-eval' 'strict-dynamic' 'nonce-a1a9d41ec0a638924dcc83a3ce18c918' *.acronis.com *.googletagmanager.com tagmanager.google.com *.visualize-roi.com optimize.google.com www.google-analytics.com www.googleadservices.com www.googleanalytics.com www.googleoptimize.com *.visualwebsiteoptimizer.com app.vwo.com 1
default-src 'self' https: http: bankid:; connect-src 'self' ws: wss: https://*.fasttrack-solutions.com https://*.ft-crm.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.amazonaws.com *.google-analytics.com *.analytics.google.com https://www.googletagmanager.com https://www.google.com https://www.google.ro https://www.google.se https://www.google.nl https://www.google.de https://www.google.fi https://www.google.ch https://www.google.ee https://www.google.sk https://www.google.dk https://www.google.ru https://www.google.pt https://www.google.ca https://www.google.by https://www.google.bg https://www.gstatic.com https://analytics.google.com https://adservice.google.com https://stats.g.doubleclick.net https://recaptcha.net https://www.facebook.com https://*.bing.com https://*.taboola.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://d5phz18u4wuww.cloudfront.net https://cdn-cn.vwo-analytics.com https://verification.okwork.io https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; font-src 'self' data: https://fonts.gstatic.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://app.vwo.com; frame-src 'self' bankid://* https://livechat24.tech https://*.livechat24.tech https://*.adobe.com https://*.youtube.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://*.zignsec.com https://www.facebook.com https://*.trustly.com https://tpc.googlesyndication.com https://*.regily.com https://*.sumsub.com https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.unetsafe.com https://*.atlantgaming.com https://*.snapchat.com; img-src 'self' https: http: data: blob: *.google-analytics.com *.analytics.google.com *.visualwebsiteoptimizer.com https://app.vwo.com; script-src 'self' 'unsafe-eval' https://*.zignsec.com https://*.biahosted.com https://livechat24.tech https://*.livechat24.tech https://*.fasttrack-solutions.com https://mc.yandex.ru https://ajax.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.curacao-egaming.com https://www.google.com https://www.gstatic.com https://recaptcha.net https://connect.facebook.net https://*.bing.com https://*.cloudflare.com https://*.taboola.com https://static.cloudflareinsights.com https://*.regily.com https://*.pusher.com https://*.workers.dev https://prj-verification-production.s3.amazonaws.com https://cdn-sp.kertn.net https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com *.visualwebsiteoptimizer.com https://cdn-cn.vwo-analytics.com https://app.vwo.com https://*.unetsafe.com https://analytics.twitter.com https://platform.twitter.com https://quantcount.com https://rules.quantcount.com https://quantserve.com https://secure.quantserve.com https://edge.quantserve.com https://*.creative-serving.com https://*.snapchat.com https://snapchat.com https://sc-static.net 'nonce-Q97voGKr1goZL9W6j1uAs4bcLCBRMm7VjxTR5lf3uy0=' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://*.fasttrack-solutions.com https://fonts.googleapis.com https://livechat24.tech https://*.livechat24.tech https://cdn-sp.kertn.net https://*.biahosted.com https://storage.googleapis.com https://*.aitcloud.de https://vsfestaging-vs001.akamaized.net https://vsfelive-vs001.akamaized.net https://vswstaging.betradar.com https://vsw.betradar.com https://*.sir.sportradar.com https://*.fn.sportradar.com https://*.betstream.betgenius.com https://kiron.streamamg.com https://kiron-altenar.streamamg.com https://solaris.leap-gaming.com wss://*.biahosted.com https://*.visualwebsiteoptimizer.com https://app.vwo.com https://*.amazonaws.com https://tagmanager.google.com; worker-src 'self' blob:; report-uri https://sentry.work/sentry/api/45/csp-report/?sentry_key=e5368be6f1e24bce9ce26ca332a1f973 1
default-src 'self' https://*.google.com https://*.googleapis.com https://*.gstatic.com https://*.google-analytics.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://*.piho.ir https://*.google.com https://*.googleapis.com 'unsafe-inline'; img-src 'self' https://*.piho.ir https://*.gstatic.com https://*.google.com https://*.googleapis.com https://trustseal.enamad.ir https://logo.samandehi.ir https://*.google-analytics.com data:; script-src-elem 'self' https://*.getclicky.com https://*.google.com https://*.googleapis.com https://*.googleadservices.com https://*.googletagmanager.com https://*.google-analytics.com 'unsafe-inline'; frame-src 'self' https://www.aparat.com https://www.adsensecustomsearchads.com https://*.google.com; frame-ancestors 'self' https://www.aparat.com; 1
frame-ancestors development-au.sfcc-ralphlauren-as.com https://care60.live800.com 1
font-src *.fontawesome.com *.googleapis.com *.gstatic.com *.fonts.googleapis.com data: *.cloudflare.com data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src fast.amc.demdex.net *.adobe.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.addthis.com *.pinterest.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com *.ftcdn.net *.behance.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io https://cdn.consentmanager.net https://delivery.consentmanager.net https://api.mapbox.com https://redchamps.com *.cloudflare.com *.cdn.klarna.com *.s.ytimg.com *.widgets.magentocommerce.com *.fpdbs.paypal.com *.t.paypal.com *.paypal.com *.fpdbs.sandbox.paypal.com *.googleapis.com *.gstatic.com *.addthis.com *.pinterest.com *.cdninstagram.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.google.com https://cdn.consentmanager.net https://delivery.consentmanager.net *.fontawesome.com *.googleapis.com *.gstatic.com *.avada.io *.addthis.com *.moatads.com *.addthisedge.com *.facebook.com *.pinterest.com *.instagram.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com *.fontawesome.com *.googleapis.com 'self' 'unsafe-inline'; object-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; media-src *.adobe.com https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com https://cdn.consentmanager.net https://delivery.consentmanager.net https://get.geojs.io *.avada.io autocomplete2.postdirekt.de *.cloudflare.com *.paypal.com *.googleapis.com *.addthis.com *.cardinalcommerce.com *.graph.instagram.com *.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline'; default-src https://cdn.consentmanager.net https://delivery.consentmanager.net 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://blahaj.social; img-src 'self' data: blob: https://blahaj.social https://cdn.blahaj.social; style-src 'self' https://blahaj.social 'nonce-4GvZh94p6pmLuE98ZZ5HRw=='; media-src 'self' data: https://blahaj.social https://cdn.blahaj.social; frame-src 'self' https:; manifest-src 'self' https://blahaj.social; form-action 'self'; child-src 'self' blob: https://blahaj.social; worker-src 'self' blob: https://blahaj.social; connect-src 'self' data: blob: https://blahaj.social https://cdn.blahaj.social wss://blahaj.social; script-src 'self' https://blahaj.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' https://statistik.green-zones.eu/ 1
upgrade-insecure-requests; report-uri https://servion.com/ 1
default-src 'self' * 'unsafe-inline' data: blob: 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: www.zakon.org; frame-ancestors 'self' 1
base-uri 'none'; default-src 'self' https://* data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://* https://*; style-src 'self' 'unsafe-inline' http://* https://*; img-src data: *; 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://fivem.impulse99.com/logs/ https://fivem.impulse99.com/sidekiq/ https://fivem.impulse99.com/mini-profiler-resources/ https://fivem.impulse99.com/assets/ https://fivem.impulse99.com/brotli_asset/ https://fivem.impulse99.com/extra-locales/ https://fivem.impulse99.com/highlight-js/ https://fivem.impulse99.com/javascripts/ https://fivem.impulse99.com/plugins/ https://fivem.impulse99.com/theme-javascripts/ https://fivem.impulse99.com/svg-sprite/ https://www.google-analytics.com/analytics.js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0='; worker-src 'self' https://fivem.impulse99.com/assets/ https://fivem.impulse99.com/brotli_asset/ https://fivem.impulse99.com/javascripts/ https://fivem.impulse99.com/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
default-src 'self' *.homemasters.ru homemasters.ru https://homemasters.ru; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://homemasters.ru top-fwz1.mail.ru imgsmail.ru *.imgsmail.ru google.ru *.google.ru  google.com *.google.com *.google-analytics.com *.googletagmanager.com vk.com *.vk.com facebook.net *.facebook.net facebook.com *.facebook.com gstatic.com *.gstatic.com googleads.g.doubleclick.net *.googleadservices.com twitter.com *.twitter.com *.twimg.com *.googleapis.com *.googlesyndication.com *.googletagservices.com ok.ru *.ok.ru *.odnoklassniki.ru counter.rambler.ru st.top100.ru  keycaptcha.com *.keycaptcha.com click-stroy.ru *.click-stroy.ru  pinterest.com *.pinterest.com s3.amazonaws.com mixmarket.biz *.mixmarket.biz *.adriver.ru *.instagram.com yastatic.net banners.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net yandex.ru *.yandex.ru yandex.st site.yandex.net https://*.tiktok.com https://*.tiktokcdn.com https://*.ibytedtos.com https://telegram.org; child-src 'self' https://homemasters.ru *.google.com *.googleadservices.com *.googlesyndication.com twitter.com *.twitter.com  facebook.com *.facebook.com vk.com *.vk.com yandex.ru *.yandex.ru *.yandex.net yandex.st yastatic.net yandexadexchange.net *.yandexadexchange.net gstatic.com *.gstatic.com googleads.g.doubleclick.net youtube.com *.youtube.com *.googleapis.com *.ok.ru *.odnoklassniki.ru keycaptcha.com *.keycaptcha.com player.vimeo.com coub.com *.instagram.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net banners.adfox.ru yastat.net chromenull; frame-src 'self' https://homemasters.ru *.google.com *.googleadservices.com *.googlesyndication.com twitter.com *.twitter.com  facebook.com *.facebook.com vk.com *.vk.com yandex.ru *.yandex.ru *.yandex.net yandex.st yastatic.net yandexadexchange.net *.yandexadexchange.net gstatic.com *.gstatic.com googleads.g.doubleclick.net youtube.com *.youtube.com https://*.youtube-nocookie.com/ *.googleapis.com *.ok.ru *.odnoklassniki.ru keycaptcha.com *.keycaptcha.com player.vimeo.com coub.com *.instagram.com awaps.yandex.net yandexadexchange.net *.yandexadexchange.net yastatic.net banners.adfox.ru yastat.net https://*.tiktok.com/ https://rutube.ru https://oauth.telegram.org/ chromenull; connect-src 'self' https://homemasters.ru translate.googleapis.com adservice.google.com *.googlesyndication.com *.gstatic.com pipe.skype.com google-analytics.com *.google-analytics.com *.googlevideo.com *.youtube.com rutube.ru graph.facebook.com *.twitter.com http://kraken.rambler.ru top-fwz1.mail.ru yandex.ru *.yandex.ru yandex.st yastatic.net matchid.adfox.yandex.ru ads.adfox.ru ads6.adfox.ru yastat.net https://*.ibytedtos.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' data: *.homemasters.ru homemasters.ru https://homemasters.ru *.bootstrapcdn.com *.googleapis.com fonts.googleapis.com *.gstatic.com s3.amazonaws.com *.twitter.com *.twimg.com yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net https://*.tiktokcdn.com/; font-src 'self'  data: https://homemasters.ru *.bootstrapcdn.com  *.googleapis.com  *.gstatic.com yandex.ru *.yandex.ru yastatic.net yastat.net; object-src 'self' https://homemasters.ru googleads.g.doubleclick.net *.googlesyndication.com googlevideo.com *.googlevideo.com ytimg.com *.ytimg.com youtube.com *.youtube.com yandex.ru *.yandex.ru *.gstatic.com *.keycaptcha.com keycaptcha.com video.rutube.ru; media-src 'self' https://homemasters.ru data: mediastream: *.yandex.net yandex.ru *.yandex.ru yandex.st yastatic.net banners.adfox.ru content.adfox.ru yastat.net; img-src 'self' data: https: avatars-fast.yandex.net favicon.yandex.net yandex.ru *.yandex.ru banners.adfox.ru content.adfox.ru ads.adfox.ru ads6.adfox.ru yastat.net; 1
default-src https: data:; connect-src https: wss:;script-src 'nonce-ZLqvtYzZYtJnxe9E/IhQiw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' https:;style-src 'self' *.googleapis.com *.google.com *.cloudfront.net cookies.praguebest.cz 'unsafe-inline'; object-src 'self'; img-src 'self' https: data:; font-src https: data:; 1
default-src 'self'; script-src 'self' 'nonce-cd708384c31b00c5a0a827a1f631c78e' https://*.outbrain.com blob: https://*.visualvest.de https://*.usercentrics.eu https://www.youtube.com https://www.googletagmanager.com https://www.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://connect.facebook.net; img-src 'self' data: https://*.visualvest.de https://images.ctfassets.net https://*.usercentrics.eu https://www.googletagmanager.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.de https://www.facebook.com https://i.ytimg.com; frame-src 'self' https://bid.g.doubleclick.net https://www.youtube.com https://*.usercentrics.eu; connect-src 'self' https://*.outbrain.com https://*.visualvest.de https://images.ctfassets.net  https://*.usercentrics.eu https://www.google.com https://googleads.g.doubleclick.net visualvest.secure.force.com uat-visualvest.cs101.force.com wss://*.visualvest.de/; style-src 'self' 'unsafe-inline' *.visualvest.de 1
default-src 'self'; base-uri 'self'; img-src * data:; frame-src 'self' https://kaartapi.nl https://www.kaartapi.nl https://websurveys2.govmetric.com https://app-eu.readspeaker.com https://www.youtube-nocookie.com https://www.youtube.com https://content.googleapis.com/ https://vars.hotjar.com; frame-ancestors 'self'; manifest-src 'self'; media-src 'self' blob:; script-src 'self' 'nonce-NTEwNjExNzUtNjA3Yi00MWE5LTlmYWItNzk4OGI3M2IzOTBm' https://stats.pusher.com https://www.browsealoud.com https://www.googletagmanager.com https://www.google-analytics.com https://apis.google.com https://maps.googleapis.com https://siteimproveanalytics.com https://cloudstatic.obi4wan.com https://websurveys2.govmetric.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://cdn-eu.readspeaker.com https://virtuele-gemeente-assistent.nl https://static.hotjar.com https://script.hotjar.com https://connect.facebook.net https://snap.licdn.com; connect-src 'self' https://sockjs-eu.pusher.com wss://ws-eu.pusher.com https://vttts-eu.readspeaker.com https://cloudstatic.obi4wan.com https://chatapi.obi4wan.com https://media-eu.readspeaker.com https://rstts-eu.readspeaker.com https://wrapi-eu.readspeaker.com https://www.browsealoud.com https://plus.browsealoud.com https://speech.speechstream.net https://speech-eu.speechstream.net https://www.google-analytics.com https://maps.googleapis.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://app.obi4wan.ai https://app-eu.readspeaker.com/ https://hitcounter.govmetric.com https://platform.hireserve.nl/ https://cdn1.readspeaker.com https://maps.googleapis.com https://virtuele-gemeente-assistent.nl wss://virtuele-gemeente-assistent.nl ws://virtuele-gemeente-assistent.nl https://in.hotjar.com https://www.facebook.com https://cdn.linkedin.oribi.io; object-src 'self' https://kaartapi.nl https://www.kaartapi.nl; style-src 'self' data: 'nonce-NTEwNjExNzUtNjA3Yi00MWE5LTlmYWItNzk4OGI3M2IzOTBm' https://fonts.googleapis.com https://platform.hireserve.nl https://websurveys2.servmetric.com https://cdn1.readspeaker.com https://websurveys2.govmetric.com https://virtuele-gemeente-assistent.nl https://mijn.virtuele-gemeente-assistent.nl https://maps.googleapis.com/ https://siteimproveanalytics.com https://cloudstatic.obi4wan.com; font-src 'self' data: https://fonts.gstatic.com https://cdn1.readspeaker.com https://script.hotjar.com;  1
script-src http: https: 'unsafe-inline' 'unsafe-eval' https://api.marcelle.com/ googletagmanager.com api.yotpo.com staticw2.yotpo.com chimpstatic.com downloads.mailchimp.com; style-src 'self' blob: https: 'unsafe-inline' https://api.marcelle.com/; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; font-src 'self' cdn-widgetsrepository.yotpo.com static.klaviyo.com fonts.gstatic.com staticw2.yotpo.com; frame-src assets.braintreegateway.com *.youtube.com *.youtu.be *.vimeo.com *.google.com *.gstatic.com *; worker-src https: blob: 'unsafe-inline' 'unsafe-eval' https://api.marcelle.com/ *.marcelle.com 1
default-src 'self' https://*.fastpathassure.com wss://*.fastpathassure.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.fastpathassure.com https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/6.26.0/polyfill.js https://cdn.raygun.io/raygun4js/raygun.min.js https://analytics.churnzero.net; style-src 'self' 'unsafe-inline' https://*.fastpathassure.com https://fonts.googleapis.com/css https://*.us1app.churnzero.net; connect-src 'self' https://*.fastpathassure.com https://*.oktapreview.com https://dc.services.visualstudio.com/v2/track wss://*.fastpathassure.com https://*.raygun.io https://*.us1app.churnzero.net https://analytics.churnzero.net; font-src 'self' https://*.fastpathassure.com https://fonts.gstatic.com https://*.us1app.churnzero.net data:; img-src 'self' https://*.churnzero.net https://*.blob.core.windows.net https://*.fastpathassure.com data:; frame-src 'self' https://*.fastpathassure.com https://*.us1app.churnzero.net https://analytics.churnzero.net; report-uri https://fastpathassure.report-uri.com/r/d/csp/enforce 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.me.uk; img-src 'self' https: data: blob: https://mastodon.me.uk; style-src 'self' https://mastodon.me.uk 'nonce-Lu6WGoUHtcKw2PPdwpv1/w=='; media-src 'self' https: data: https://mastodon.me.uk; frame-src 'self' https:; manifest-src 'self' https://mastodon.me.uk; form-action 'self'; child-src 'self' blob: https://mastodon.me.uk; worker-src 'self' blob: https://mastodon.me.uk; connect-src 'self' data: blob: https://mastodon.me.uk https://mastodon.me.uk wss://mastodon.me.uk; script-src 'self' https://mastodon.me.uk 'wasm-unsafe-eval' 1
default-src 'self'; img-src 'self' nfts.vechainstats.com data: 'unsafe-inline'; frame-src www.google.com/recaptcha/; script-src 'self' ajax.cloudflare.com www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ 'unsafe-inline'; connect-src 'self' wss://socket.vechainstats.com; style-src 'self' 'unsafe-inline'; object-src 'none'; form-action 'self'; block-all-mixed-content 1
default-src 'self'  https://connect.facebook.net https://www.facebook.com https://maps.googleapis.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.com https://www.tripadvisor.co.uk https://www.tripadvisor.de https://www.tripadvisor.dk https://www.tripadvisor.se ; frame-src * 'self'  *.vimeo.com *.youtube.com data: blob: ; frame-ancestors 'self' blob: ; ; base-uri 'self' ; ; form-action 'self'  ; script-src * 'unsafe-eval' 'unsafe-inline'  https://tagmanager.google.com/ https://www.googletagmanager.com/ https://cdn.jsdelivr.net/npm/es6-promise@4/dist/es6-promise.auto.js https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.0.0/polyfill.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js https://unpkg.com/preact@latest https://unpkg.com/htm@latest/dist/htm.module.js https://cdn.jsdelivr.net/npm/fuse.js@6.6.2/dist/fuse.esm.js ; object-src * 'self' data: blob: ; img-src * 'unsafe-inline'  https://ssl.gstatic.com/ data: ; style-src * 'unsafe-inline'  https://tagmanager.google.com/ https://fonts.googleapis.com/ ; font-src * data: 1
frame-ancestors 'self' esbroadcom.lookbookhq.com mfbroadcom.lookbookhq.com; script-src 'self' data: blob: https://script.crazyegg.com https://www.google-analytics.com https://www.googletagmanager.com https://cdn.cookielaw.org https://geolocation.onetrust.com https://ajax.googleapis.com https://snap.licdn.com/li.lms-analytics/insight.min.js https://searchunify.com https://searchunify.broadcom.com https://tag.demandbase.com/9a4d64cf696797e4.min.js https://tag.demandbase.com *.adroll.com *.eloqua.com *.en25.com *.bluekai.com *.oraclecloud.com *.brightcove.com *.brightcove.net https://images.sw.broadcom.com 'nonce-YTE2ZGQ1MjRlNA/NjI0OGE1ZGJmOWFmZTY='; object-src 'self'; 1
default-src 'self' https://cdn.wolterskluwer.io https://www.niedersachsen.de; connect-src 'self' https:; frame-src 'self' https:; img-src 'self' data: https://cdn.wolterskluwer.io https://*.wolterskluwer-online.de https://*.wk-onega.com https://www.niedersachsen.de; object-src 'none'; script-src 'self' https:; style-src 'self' 'unsafe-inline' https://cdn.wolterskluwer.io; form-action 'self' https://*.wolterskluwer.eu; report-uri https://wkd0.report-uri.com/r/d/csp/enforce 1
default-src https: data: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.gstatic.com *.crazyegg.com *.hotjar.com *.hotjar.io *.google-analytics.com *.google.com *.google.lk *.addthis.com *.youtube.com/iframe_api *.googletagmanager.com *.googleadservices.com *.facebook.net *.facebook.com *.doubleclick.net *.amazonaws.com  *.youtube-nocookie.com *.youtube.com *.createsend1.com *.createsend.com createsend.com *.cloudflare.com *.addtoany.com data: cmsres.ebeyondsonline.com images1-focus-opensocial.googleusercontent.com scontent-iad3-1.xx.fbcdn.net scontent-atl3-1.xx.fbcdn.net external-atl3-1.xx.fbcdn.net www.bw2020.lk www.clarity.ms *.fbcdn.net *.clarity.ms *.bing.com; frame-ancestors 'self' https://devicetester.smart360web.com; 1
default-src 'self' 'unsafe-inline'; form-action 'self' https://www.google.co.jp; font-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://am.yahoo.co.jp https://www.google-analytics.com https://ajax.googleapis.com https://www.youtube.com https://www.facebook.com/ https://b92.yahoo.co.jp/ https://www.googleadservices.com/ https://c1.rfihub.net/ https://api.triver.jp/ https://s.primead.jp/ https://code.jquery.com https://connect.facebook.net/ https://s.yimg.jp/ https://googleads.g.doubleclick.net/ https://20739018p.rfihub.com/ https://tag.brick.tools/ https://www.googletagmanager.com/; object-src 'none'; connect-src 'self' https://am.yahoo.co.jp https://analytics.google.com https://stats.g.doubleclick.net https://www.google-analytics.com https://www.google.co.jp; frame-src 'self' https://bid.g.doubleclick.net https://s.primead.jp https://a.rfihub.com https://www.youtube.com https://20739018p.rfihub.com; upgrade-insecure-requests; manifest-src 'self'; media-src 'self'; worker-src 'self'; base-uri 'self'; img-src 'self' https://www.facebook.com https://www.google.com https://t.primead.jp https://www.google.co.jp 1
default-src 'self';    script-src 'self' 'unsafe-eval' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://cdn.tagcommander.com https://cdn.trustcommander.net https://tag.aticdn.net https://www.youtube.com https://geo.dailymotion.com https://maps.googleapis.com https://connect.facebook.net https://www.googletagmanager.com https://www.googleadservices.com;    style-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com;    img-src 'self' blob: data: https://hospitable-champion-513b4af9be.media.strapiapp.com https://privacy.trustcommander.net https://nirio.fr https://privacy.commander1.com https://maps.gstatic.com https://www.facebook.com https://googleads.g.doubleclick.net https://www.google.com https://www.google.fr https://maps.googleapis.com;    font-src 'self' https://fonts.gstatic.com;    form-action 'self' https://fdjservices2023--uat.sandbox.my.salesforce.com https://webto.salesforce.com;    frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://cdn.trustcommander.net https://nirio.fr https://www.youtube.com https://geo.dailymotion.com https://www.dailymotion.com;    connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://privacy.trustcommander.net https://privacy.commander1.com https://dqxcjhc.pa-cd.com https://pebed.dm-event.net https://geo.dailymotion.com https://maps.googleapis.com;    object-src 'none';    base-uri 'self';    frame-ancestors 'none';    block-all-mixed-content;    upgrade-insecure-requests; 1
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: www.cbbd.be www.stripmuseum.be www.comicscenter.net csi.gstatic.com code.jquery.com ajax.googleapis.com img.youtube.com www.youtube.com api-public.addthis.com s7.addthis.com m.addthis.com m.addthisedge.com maps.googleapis.com www.google.com reservation.elloha.com cdn.usefathom.com 1
frame-ancestors 'self' http://localhost:3000 http://localhost:8081 https://*.local.com https://*.letsroam.com 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; script-src https://www.boardpc.pl/logs/ https://www.boardpc.pl/sidekiq/ https://www.boardpc.pl/mini-profiler-resources/ https://cdn.boardpc.pl/assets/ https://cdn.boardpc.pl/brotli_asset/ https://www.boardpc.pl/extra-locales/ https://www.boardpc.pl/highlight-js/ https://www.boardpc.pl/javascripts/ https://www.boardpc.pl/plugins/ https://www.boardpc.pl/theme-javascripts/ https://www.boardpc.pl/svg-sprite/ https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js 'sha256-8uAKDaK4QxxCeYZl0Wxad2Nnj2tgKyA14hYBh66pnn0=' https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js https://static.cloudflareinsights.com/beacon.min.js https://platform.twitter.com/ https://cdn.jsdelivr.net/npm/cookieconsent@3/build/cookieconsent.min.js clips.twitch.tv; worker-src 'self' https://cdn.boardpc.pl/assets/ https://cdn.boardpc.pl/brotli_asset/ https://www.boardpc.pl/javascripts/ https://www.boardpc.pl/plugins/; frame-ancestors 'self'; manifest-src 'self' 1
object-src 'self' https://staging-www.dornbirn.at https://app.city-monitor.com https://live.dornbirn.at https://dornbirn.pwa.city-monitor.com https://dornbirn.pwa-staging.city-monitor.com; frame-ancestors 'self' https://app.city-monitor.com https://live.dornbirn.at https://dornbirn.pwa.city-monitor.com https://dornbirn.pwa-staging.city-monitor.com; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://beekeeping.ninja; img-src 'self' https: data: blob: https://beekeeping.ninja; style-src 'self' https://beekeeping.ninja 'nonce-VJsv0yfa6BEvZtmJpuagzQ=='; media-src 'self' https: data: https://beekeeping.ninja; frame-src 'self' https:; manifest-src 'self' https://beekeeping.ninja; form-action 'self'; child-src 'self' blob: https://beekeeping.ninja; worker-src 'self' blob: https://beekeeping.ninja; connect-src 'self' data: blob: https://beekeeping.ninja https://beekeeping-cdn.autonomy.ninja wss://beekeeping.ninja; script-src 'self' https://beekeeping.ninja 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://romancelandia.club; img-src 'self' https: data: blob: https://romancelandia.club; style-src 'self' https://romancelandia.club 'nonce-jBi93dCGXkPMmcXM/fRV8w=='; media-src 'self' https: data: https://romancelandia.club; frame-src 'self' https:; manifest-src 'self' https://romancelandia.club; connect-src 'self' data: blob: https://romancelandia.club https://romancelandia.club wss://romancelandia.club; script-src 'self' https://romancelandia.club 'wasm-unsafe-eval'; child-src 'self' blob: https://romancelandia.club; worker-src 'self' blob: https://romancelandia.club 1
default-src 'none'; script-src 'self' 'unsafe-inline' *.siteimprove.net *.siteimprove.com *.browsealoud.com *.googletagmanager.com *.google.com *.google-analytics.com *.facebook.net unpkg.com *.jsdelivr.net *.cookiebot.com *.leadfamly.com; object-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com https://sverigesradio.se; style-src 'self' 'unsafe-inline'; img-src 'self' data: *.google.com *.google.se *.google-analytics.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.google.se *.cloudnet.cloud *.malmolive.se *.momondo.de *.googletagmanager.com *.cookiebot.com; media-src 'self' blob: https://*.speechstream.net;; frame-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.siteimprove.com *.acast.com *.spotify.com *.soundcloud.com https://vimeo.com *.sverigesradio.se https://sverigesradio.se *.office.com *.cookiebot.com *.playable.com *.sociablekit.com; frame-ancestors 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; child-src 'self' *.google.com *.youtube.com *.youtube-nocookie.com *.facebook.com *.vimeo.com  *.siteimprove.com *.sverigesradio.se https://sverigesradio.se *.sociablekit.com; font-src 'self'; connect-src 'self' blob: https://*.browsealoud.com https://*.siteimprove.com https://*.googletagmanager.com https://*.google.com https://*.google-analytics.com https://*.g.doubleclick.net https://*.speechstream.net *.cookiebot.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
object-src 'none'; frame-ancestors 'self'; report-uri https://www.visitfuerteventura.com/report-uri/enforce 1
default-src 'self' https: ; script-src * 'unsafe-inline' 'unsafe-eval'; script-src-elem * 'unsafe-inline' 'unsafe-eval' ; script-src-attr * 'unsafe-inline' 'unsafe-eval'; style-src * data: 'unsafe-inline'; img-src * data: ; font-src * data: ; connect-src *; media-src *; object-src *; prefetch-src *; child-src *; frame-src *; worker-src *; frame-ancestors *; form-action 'self'; upgrade-insecure-requests; base-uri *; manifest-src * 1
base-uri 'self'; report-uri /csp.php; block-all-mixed-content; script-src https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; img-src https://*.ytimg.com https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.googleadservices.com https://*.google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.co.uk https://*.google.fr https://*.google.pl https://*.google.cz https://*.google.ua https://*.google.dk https://*.google.se https://*.google.no https://*.google.fi https://*.google.sk https://*.google.be https://*.google.nl https://*.google.it https://*.google.sr https://*.google.kr https://*.google.es https://*.google.pt https://*.google.ie https://*.google.lu https://*.google.lv https://*.google.com.hk https://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; media-src 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; object-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; frame-src https://*.crefopay.de https://www.youtube.com https://www.youtube-nocookie.com https://*.cookiebot.com https://*.td.doubleclick.net https://td.doubleclick.net https://*.hotjar.com 'self'; connect-src https://*.cookiebot.com https://*.googletagmanager.com https://*.google-analytics.com https://*.analytics.google.com https://*.g.doubleclick.net https://*.google.com https://*.googlesyndication.com https://google.com https://*.google.de https://*.google.at https://*.google.ch https://*.google.co.uk https://*.google.fr https://*.google.pl https://*.google.cz https://*.google.ua https://*.google.dk https://*.google.se https://*.google.no https://*.google.fi https://*.google.sk https://*.google.be https://*.google.nl https://*.google.it https://*.google.sr https://*.google.kr https://*.google.es https://*.google.pt https://*.google.ie https://*.google.lu https://*.google.lv https://*.google.com.hk https://*.hotjar.com:* https://*.hotjar.io:* wss://*.hotjar.com 'self' 'unsafe-inline' 'unsafe-eval' data: https://*.crefopay.de https://cdn.jfnet.de https://www.gstatic.com; font-src https://*.hotjar.com 'self' 1
default-src 'none'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src *; style-src * 'unsafe-inline'; img-src * data: 'unsafe-eval'; font-src * data: 'unsafe-eval'; frame-src *; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'none'; form-action 'self'; 1
default-src 'self'; script-src 'nonce-LJRQ58Jy+3W5aTG/UcPdkg==' 'strict-dynamic' https: 'self'; style-src 'self' 'unsafe-inline' https:; connect-src 'self' https://consentcdn.cookiebot.com https:; frame-src 'self' https://consentcdn.cookiebot.com https:; font-src 'self' data: https:; img-src 'self' data: https:; base-uri 'self'; object-src 'none'; manifest-src 'self'; media-src 'self'; 1
default-src 'self' *.sessioncam.com *.cloudfront.net; script-src *.cloudfront.net *.sessioncam.com *.hypemarks.com *.krxd.net 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com *.googletagmanager.com *.google-analytics.com *.google.com *.google.co.uk *.newrelic.com *.betrad.com bam.nr-data.net static.addtoany.com *.cloudflare.com brand-ecommerce-assets.fusepump.com *.youtube.com s.ytimg.com *.evidon.com code.jquery.com *.cloudfront.net *.serving-sys.com 7225833.collect.igodigital.com connect.facebook.net stats.g.doubleclick.net https://www.gstatic.com *.cloudfront.net ws://*.sessioncam.com wss://*.sessioncam.com *.gigya.com https://bv.js  *.bazaarvoice.com *.amazonaws.com *.adimo.co *.iesnare.com *.polyfill.io *.cdns.eu1.gigya.com https://cdns.eu1.gigya.com *.gigya.com *.nescafe.com *.sitepreview.ws *.nestle.co.uk *.nestle.com *.pinimg.com *.salesforceliveagent.com *.force.com *.salesforce.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.amazon-adsystem.com *.yimg.com *.salesforce-sites.com *.pinterest.com analytics.tiktok.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com fonts.gstatic.com *.cloudflare.com *.fusepump.com *.youtube.com cloud.typography.com *.google.com *.use.fontawesome.com *.bazaarvoice.com *.fontawesome.com *.adimo.co *.nestle.co.uk *.nestle.com *.fonts.net *.amazonaws.com *.force.com *.salesforce.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.salesforce-sites.com; img-src *.cloudfront.net *.sessioncam.com *.google.co.in *.nestle.co.uk 'self' data: *.googleapis.com *.gstatic.com *.cloudflare.com *.google-analytics.com https://stats.g.doubleclick.net www.google.com www.google.co.uk *.doubleclick.net *.betrad.com *.amazonaws.com px.pump.to brand-ecommerce-assets.fusepump.com *.evidon.com https://nova.collect.igodigital.com https://www.facebook.com *.krxd.net *.nestlebeverages.acsitefactory.com be.factory.nescafe.com belgium.nestlebeverages.acsitefactory.com www.nescafe.com *.ytimg.com *.bazaarvoice.com *.gigya.com *.stage4.factory.nescafe.com *.nescafe.com *.adimo.co *.pinterest.com *.force.com *.smababy.co.uk *.cookielaw.org *.onetrust.com *.cookiepro.com *.googletagmanager.com *.rlcdn.com *.yahoo.com *.google.es; media-src 'self' *.amazonaws.com; frame-src *.cloudfront.net *.sessioncam.com *.doubleclick.net 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net  http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com https://brand-ecommerce-assets.fusepump.com www.google.com *.krxd.net www.facebook.com https://l3.evidon.com/ *.gigya.com *.adimo.co *.bazaarvoice.com *.nestle-brands.co.uk https://login-eu.nescafe.com/ *.force.com *.baby2body.com *.salesforce.com *.amazon-adsystem.com *.pinterest.com; frame-ancestors 'self'; child-src 'self' static.addtoany.com *.youtube.com *.youtu.be youtu.be info.evidon.com https://2275258.fls.doubleclick.net http://2275258.fls.doubleclick.net http://www.youtube-nocookie.com https://www.youtube-nocookie.com https://cdn.hypemarks.com http://cdn.hypemarks.com ; font-src 'self' data: fonts.gstatic.com fonts.googleapis.com *.cloudflare.com *.fontawesome.com *.fonts.net *.sfdcstatic.com; connect-src 'self' brand-ecommerce-api.fusepump.com *.sessioncam.com *.cloudfront.net *.google-analytics.com https://collect.analyze.ly https://secure-ds.serving-sys.com *.amazonaws.com *.bazaarvoice.com *.evidon.com *.g.doubleclick.net *.nestle-brands.co.uk *.nr-data.net https://api.experianmarketingservices.com/sync/queryresult/EmailValidate/1.0/10773728-4c4d-43e6-959a-dd3889366f85  https://login-eu.nescafe.com/ *.edq.com *.pinterest.com *.cs88.force.com *.secure.force.com *.cookielaw.org *.onetrust.com *.cookiepro.com *.google.com *.yimg.com *.facebook.com *.amazon-adsystem.com *.googlesyndication.com analytics.tiktok.com *.adimo.co; report-uri /report-csp-violation 1
frame-src 'self' *.etracker.com *.dev.bosbach.de *.energiedev.de *.energie.de *.smart-production.de *.building-and-automation.de *.adspirit.de *.theadex.com *.enerpedia.info *.enerx.info *.youtube-nocookie.com *.youtube.com *.podcaster.de; frame-ancestors 'self' *.dev.bosbach.de *.energiedev.de *.energie.de *.smart-production.de *.building-and-automation.de; 1
default-src 'self'; script-src 'self' 'unsafe-inline' https://storage.googleapis.com/operas/ https://cdn.jsdelivr.net/npm/mathjax@3/ https://hypothes.is/embed.js https://cdn.hypothes.is/hypothesis/ https://platform.twitter.com/js/ https://platform.twitter.com/widgets.js https://cdn.syndication.twimg.com/timeline/profile https://js.trendmd.com/trendmd.min.js https://www.google-analytics.com/analytics.js https://www.google.com/recaptcha/api.js https://www.googletagmanager.com/gtag/js https://www.gstatic.com/recaptcha/ https://d1bxh8uas1mnw7.cloudfront.net/assets/content.js https://www.altmetric.com/details.php https://plausible.io/js/script.js; style-src 'self' 'unsafe-inline' https://storage.googleapis.com/operas/ https://cdn.hypothes.is/hypothesis/ https://fonts.googleapis.com https://platform.twitter.com/css/ https://*.twimg.com https://css.trendmd.com/trendmd.min.css https://d1bxh8uas1mnw7.cloudfront.net/assets/; font-src 'self' https://cdn.jsdelivr.net/npm/mathjax@3/; img-src 'self' data: https://storage.googleapis.com/jnl-up-j-agh-files/ https://storage.googleapis.com/jnl-up-j-agh-public/ https://storage.googleapis.com/operas/ https://account.annalsofglobalhealth.org/ https://s3-eu-west-1.amazonaws.com/ubiquity-partner-network/ https://s3-eu-west-1.amazonaws.com/service-zipper/ https://ubiquity-partner-network.s3.eu-west-1.amazonaws.com https://jura.ubiquity.press https://i.ytimg.com https://i.vimeocdn.com https://www.scopus.com/static/images/ https://*.twimg.com https://platform.twitter.com/css/ https://syndication.twitter.com https://www.google-analytics.com/collect https://www.googletagmanager.com/ https://api.altmetric.com/ https://assets.altmetric.com/images/ https://badges.altmetric.com/ https://doaj.org/static/doaj/images/ https://www.magcloud.com https://licensebuttons.net https://i.creativecommons.org https://hertz-foto-os1.biblhertz.it/iiif/ https://dlib2.biblhertz.it/iiif/ https://css.trendmd.com https://www.journalquality.info/journalquality/img/; connect-src 'self' https://api.account.up-j-agh.ubiquityjournal.website/api/journal/1/ https://taskmaster.ubiquity.press https://api.central.ubiquity.press https://o630684.ingest.sentry.io https://metrics-api.operas-eu.org https://www.trendmd.com/journals/ https://cc.trendmd.co/journals/ https://academia.trendmd.com/events https://www.google-analytics.com/j/collect https://api.hypothes.is/api/ https://s.trendmd.com/ https://api.altmetric.com/v1/doi/; frame-src 'self' https://hypothes.is https://www.facebook.com https://player.vimeo.com https://w.soundcloud.com https://www.youtube.com https://platform.twitter.com https://syndication.twitter.com https://www.google.com/ https://*.kaltura.com/ https://*.mediaspace.kaltura.com/ https://cafdonatewidget.cafonline.org/; worker-src 'self' blob:; object-src 'none'; frame-ancestors 'self'; base-uri 'none'; form-action 'self' 1
default-src 'self' data:; script-src 'self' 'unsafe-inline' https://gestav.com https://connect.facebook.net https://api.systempay.fr https://api.payzen.eu https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://www.googleadservices.com; connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net; img-src 'self' https://api.systempay.fr https://api.payzen.eu https://stats.g.doubleclick.net https://www.google-analytics.com data:; style-src 'self' 'unsafe-inline' https://gestav.com https://api.systempay.fr https://api.payzen.eu https://fonts.googleapis.com https://fonts.bunny.net https://cdn.materialdesignicons.com; child-src www.youtube.com; frame-src 'self' https://gestav.com https://api.systempay.fr https://api.payzen.eu https://www.facebook.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com/ https://fonts.bunny.net https://cdn.materialdesignicons.com; 1
default-src 'none';  script-src 'self' 'unsafe-inline' 'unsafe-eval' *.addtoany.com https://ajax.cloudflare.com https://euc-widget.freshworks.com *.boxnow.gr https://skroutza.skroutz.gr https://apis.google.com https://www.gstatic.com https://z.moatads.com https://s7.addthis.com https://m.addthis.com https://analytics.skroutz.gr https://360.bestprice.gr https://www.bestprice.gr https://www.glami.gr https://region1.google-analytics.com https://cdn.stat-track.com/ https://assets.citrusad.net https://www.googletagmanager.com https://maps.google.com https://maps.googleapis.com https://www.google-analytics.com https://connect.facebook.net https://stats.g.doubleclick.net https://www.google.com https://googleads.g.doubleclick.net https://www.googleadservices.com https://script.crazyegg.com https://go.linkwi.se https://trustmark.gr https://www.youtube.com https://script.crazyegg.com https://insurance.e-satisfaction.gr https://widget-cdn.boxnow.gr https://tracking.retargeting.biz https://api.retargeting.app https://www.googleoptimize.com https://ibanke-commerce.nbg.gr;  style-src 'self' 'unsafe-inline' https://www.googletagmanager.com https://euc-widget.freshworks.com https://fonts.googleapis.com;  object-src 'self';  img-src 'self' data: https://www.googletagmanager.com https://fonts.gstatic.com https://googleads.g.doubleclick.net/ *.skroutz.gr https://static.mgmanager.gr https://venddeshop.test.devlh.com https://www.glami.gr https://www.facebook.com https://www.google-analytics.com https://maps.gstatic.com https://maps.google.com https://maps.googleapis.com https://www.google.com https://www.google.gr https://www.google.com.tr https://trustmark.gr;  font-src 'self' data: https://fonts.gstatic.com;   connect-src 'self' https://region1.analytics.google.com https://mgmanager.freshdesk.com https://euc-widget.freshworks.com https://www.youtube.com https://www.bestprice.gr https://s7.addthis.com https://m.addthis.com https://forms.m-pages.com https://t.stat-track.com https://region1.google-analytics.com https://stats.g.doubleclick.net https://www.google-analytics.com https://maps.googleapis.com https://tracking.retargeting.app;  frame-src *;  media-src 'self' 1
default-src 'self';connect-src *;media-src * data: blob:;font-src * data: blob:;img-src * data: blob:;script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline' 1
default-src 'self' data: blob: https: wss://ws.hotjar.com; script-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: blob: https: 'unsafe-inline' 'unsafe-eval'; 1
frame-ancestors 'self' https://www.pulsy.fr/covaliaweb/com http://telemedecine.grandest.fr/; 1
default-src 'self'; connect-src https://localhost https://*.instapaper.com https://*.stripe.com https://glyph.medium.com https://*.paypal.com https://*.braintree-api.com https://*.braintreegateway.com https://accounts.google.com https://getpocket.com https://systemweakness.com https://*.systemweakness.com https://*.medium.com https://medium.com https://*.medium.com https://*.algolia.net https://cdn-static-1.medium.com https://dnqgz544uhbo8.cloudfront.net https://cdn-videos-1.medium.com https://cdn-audio-1.medium.com https://lightstep.medium.systems https://*.branch.io 'self'; font-src data: https://*.amazonaws.com https://*.medium.com https://glyph.medium.com https://glyph-sandbox.medium.sh https://medium.com https://*.gstatic.com https://dnqgz544uhbo8.cloudfront.net https://cdn-static-1.medium.com 'self'; frame-src chromenull: https: webviewprogressproxy: blob: medium: 'self'; img-src blob: data: https: 'self'; media-src https://*.cdn.vine.co https://d1fcbxp97j4nb2.cloudfront.net https://d262ilb51hltx0.cloudfront.net https://*.medium.com https://gomiro.medium.com https://miro.medium.com https://pbs.twimg.com 'self' blob:; object-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' about: https: 'self'; style-src 'unsafe-inline' data: https: 'self'; report-uri https://csp.medium.com 1
default-src *.gstatic.com ir.stockpr.com www.redwoodtrust.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; script-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org website-search.ent.us-east-1.aws.found.io *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com unpkg.com/swiper@8/ *.crazyegg.com *.redwoodtrust.com ir.stockpr.com www.redwoodtrust.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; connect-src *.quotemedia.com *.google.com *.google-analytics.com *.gstatic.com browser-update.org website-search.ent.us-east-1.aws.found.io *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com www.youtube.com player.vimeo.com unpkg.com/swiper@8/ *.crazyegg.com *.redwoodtrust.com ir.stockpr.com www.redwoodtrust.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; style-src fonts.googleapis.com *.gstatic.com *.hcaptcha.com hcaptcha.com dev-ir.stockpr.com unpkg.com/swiper@8/ ir.stockpr.com www.redwoodtrust.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net 'unsafe-inline'; font-src cdnjs.cloudflare.com/ajax/libs/font-awesome/ fonts.googleapis.com *.gstatic.com ir.stockpr.com www.redwoodtrust.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; img-src i.ytimg.com c212.net *.prnewswire.com *.mathtag.com ir.stockpr.com www.redwoodtrust.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; frame-src *.google.com youtube.com www.youtube.com youtube-nocookie.com www.youtube-nocookie.com vimeo.com player.vimeo.com *.hcaptcha.com hcaptcha.com ir.stockpr.com www.redwoodtrust.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; object-src *.gstatic.com ir.stockpr.com www.redwoodtrust.com d1io3yog0oux5.cloudfront.net *.equisolve-dev.com *.equisolve.net; 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.youtube.com https://js.stripe.com https://maps.googleapis.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://www.youtube.com; iframe-src https://www.youtube.com; child-src zitadel.com; style-src 'self' 'unsafe-inline' zitadel.com; font-src 'self'; object-src 'none'; frame-src https://www.youtube.com/ https://js.stripe.com https://hooks.stripe.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'self' data: img.shields.io https://*.google-analytics.com https://*.googletagmanager.com 1
frame-ancestors 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://cdn.getsmartcontent.com https://connect.facebook.net https://consent.cookiebot.com https://consentcdn.cookiebot.com https://googleads.g.doubleclick.net https://js.adsrvr.org https://munchkin.marketo.net https://s.getsmartcontent.com https://s.swiftypecdn.com https://snap.licdn.com https://snippet.ramblechat.com https://tracker.mrpfd.com https://vidassets.terminus.services https://opench.bamboohr.com https://www.google-analytics.com https://www.googleadservices.com https://www.googletagmanager.com https://www.youtube.com https://www.gartner.com https://fonts.googleapis.com https://fonts.gstatic.com 1
default-src 'self' https://*.stripe.com http://127.0.0.1:10000 https://*.dmds.com wss://*.dmds.com https://*.google-analytics.com fasp://* https://local.connectme.us:* https://v5media.dmds.com https://proddmdsstorage.blob.core.windows.net https://*.jwpcdn.com https://fonts.googleapis.com https://www.gstatic.com https://www.google.com/ https://app.powerbi.com/ 'unsafe-inline' 'unsafe-eval' blob:; img-src * data:; font-src * data:; 1
object-src 'none'; frame-ancestors 'self'; report-uri https://lagomera.travel/report-uri/enforce 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://qsight.net https://*.qsight.net http://10.96.66.219:7350 http://*.owens-minor.com https://api.jetstreamrfid.com http://172.16.110.120 https://confdevr4-omdevr4.cs19.force.com https://*.azurefd.net https://*.azurewebsites.net; script-src 'unsafe-eval' 'unsafe-inline' https://qsight.net https://*.qsight.net cdnjs.cloudflare.com; script-src-elem 'self' 'unsafe-inline' cdnjs.cloudflare.com www.google.com www.gstatic.com; frame-ancestors 'self' *.epic.com *.epichosted.com *.phhservices.org *.uky.edu *.bwwhealth.org *.virginiahospitalcenter.com *.lha.org *.houstonmethodist.org *.miami.edu *.virginia.edu *.chs-mi.com *.stanfordmed.org *.geisinger.edu *.mountsinai.org *.ahn.org *.wfubmc.edu *.metrohealth.org *.medisys.org *.rush.edu *.jefferson.edu *.tju.edu *.fairview.org *.tuhs.prv *.inovaad.org *.ynhh.org *.piedmonthospital.org *.midmichigan.net *.adventhealth.com *.advent.cloud *.bshsi.com *.pinnaclehealth.org *.osumc.edu *.uhhospitals.org *.gmh.org *.trinity-health.org; frame-src 'self' qsight.net *.qsight.net www.google.com www.gstatic.com; connect-src 'self' qsight.net *.qsight.net *.blob.core.windows.net https://api.zebra.com *.azurefd.net; worker-src 'self' blob:; 1
img-src bryantx.gov www.bryantx.gov docs.bryantx.gov weblink.bryantx.gov fonts.googleapis.com fonts.gstatic.com translate.google.com translate.googleapis.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com i.ytimg.com yt3.gght.com img.youtube.com googleads.g.doubleclick.net secure.gravatar.com public.tockify.com i.vimeocdn.com ssl.google-analytics.com abs.twimg.com platform.twitter.com pbs.twimg.com syndication.twitter.com bryantx.swagit.com live.staticflickr.com embedr.flickr.com widgets.flickr.com www.globalair.com maps.gstatic.com maps.google.com maps.googleapis.com 'nonce-ffb424cb7c' 'blob:https://www.bryantx.gov/3d89ea4c-9d97-4503-807d-f7a61b199ff2' 'blob:https://www.bryantx.gov/5ab62ed3-1a13-41c5-8d11-028d2212f0e4' 'blob:https://www.bryantx.gov/2495bf0f-2bca-4f7b-9ec2-9ea8ea2515b6' 'blob:https://www.bryantx.gov/fdb6a8e3-181d-43c8-b7cd-8cf477bfed63' ; media-src bryantx.gov www.bryantx.gov docs.bryantx.gov weblink.bryantx.gov fonts.googleapis.com fonts.gstatic.com translate.googleapis.com translate.google.com www.google-analytics.com www.google.com www.gstatic.com www.youtube.com i.ytimg.com yt3.gght.com public.tockify.com i.vimeocdn.com ssl.google-analytics.com bryantx.swagit.com live.staticflickr.com embedr.flickr.com widgets.flickr.com 'nonce-ffb424cb7c'; script-src-elem bryantx.gov www.bryantx.gov docs.bryantx.gov weblink.bryantx.gov fonts.googleapis.com fonts.gstatic.com translate.googleapis.com translate.google.com www.google-analytics.com www.googletagmanager.com www.google.com www.gstatic.com www.youtube.com i.ytimg.com yt3.gght.com translate-pa.googleapis.com www.googleadservices.com googleads.g.doubleclick.net public.tockify.com i.vimeocdn.com ssl.google-analytics.com code.jquery.com platform.twitter.com cdn.syndication.twimg.com bryantx.swagit.com live.staticflickr.com embedr.flickr.com widgets.flickr.com maps.google.com maps.googleapis.com www.shelterluv.com/misc/shelterluv_embed.js js.arcgis.com 'sha256-ZPGm/sfK34nlSY2WFtUx8iClrmeMZV/gol9QHmPBrkA=' 'sha256-cSpUCUamh1kifEdO4/So6itS4ixnNFeRJI1Rh7/sa88=' 'sha256-1DpWhyC2JLWjHP17V1qSZ2JkdyZkT67N9zgUrDJpej8=' 'sha256-asEbViksrwPHoejd5D2aGzAEGtmS7TNgHOvvy2a1TzY=' 'sha256-jLH5xKLA1Yp6z9vxVkjpuh3jRStEsMTZlJYH6JBiTdg=' 'sha256-jEqMUOkhQKsKzzY81HGtl6KNLjmIksuTkeeygjTKUa4=' 'sha256-PITLarX3I4Ngpf+YUlN7gfrJWmltttoED8YX64m1Yjg=' 'sha256-k+4tS/q7m8QxWPlQ63wzBP5fUAsrgHv3jrQ/q5MfZeY=' 'sha256-kZGHzhfwD73YAG7HEhQSM/k7H5ORBlk+XfqEjtLG/Lw=' 'sha256-JV0oe+ywF99aflntitIQiYCFEvE+/WaXY/lfK2ZMRlA=' 'sha256-5wvVr0IcXWiYDcV91eI6E1s22Y0/EVtxQctjdUU65ek=' 'sha256-PgfHpUnMxdaWcZKL7K+81n5E1mBQOKvnnayQI+v1CsM=' 'sha256-Q5h2K0CiTitbYAw+aDDB8quD6kJuNceTU0N9NVtxkFM=' 'sha256-F22L9TwA74jghwnCI5PV/FqrNB8FQ4sYoGgJZfilldU=' 'sha256-sHhuFVoi3dcCy80VVQ/qyWEdFvGu0VBZFxeMp75tcfU=' 'sha256-Mfjx+7TUPUWg6+dqsJAChk1LZfxUCrSQ3lgVFAmLbQk=' 'sha256-8//zSBdstORCAlBMo1/Cig3gKc7QlPCh9QfWbRu0OjU=' 'sha256-09DgJekF8D2zC7gbFSrMd4W4EU+04L/LcWSEZHZSwbw=' 'sha256-w65k1oeqcYS7ejRz7pWG6X3uKVFzmotHeiJkjIE7LQY=' 'sha256-u5nuxg5QL0qfjYUSPW88LQpOqCKeQ4nfYCoMEmMIEJc=' 'sha256-hPnbct+H2uwUiwoh3kect6TJt4waDlLPfj47TO58lXc=' 'sha256-80Mr5Xc2f6hVSJwvFRRcNjAI9RMcnuTVAIzr6pIQswI=' 'sha256-UX3UbeyY0+KrnUpv4nN6WFQ16T43tZmf/BU2+poxjlU=' 'sha256-zwGmIUR+Z6gWKbwoJ2Z3yGxI/XLETLqDqCRIV0qt/WA=' 'sha256-hLNw7XF2Q/WfS0B0QukvrNZv8mSBODgfQ1J8axCT5iI=' 'sha256-92xKAR0d2KRVIqFHyKaB5ru8lYe6AepWYBQh4Vp2FhM=' 'sha256-rCMyM+e8r4BgQbJDV4+rCB3O2KBF2agnVkENqeojgqE=' 'sha256-xq1HRmZGS2Weaht48N28AQoQwI4f3EImo4qHZCT1bnI=' 'sha256-92xKAR0d2KRVIqFHyKaB5ru8lYe6AepWYBQh4Vp2FhM=' 'sha256-DpdXeOhpn3CqCdyyOhPiG14Rv//uEfnd3O6AUcTcXos=' 'sha256-aCvRIQ79zbEtvxwsqDbuavE4Sa35jGPLpcm4Y1yIUA0=' 'sha256-q98W2+UAtd5ShNCvaPAvR0Xr5s54z0kZPHbB/wjNI7w=' 'sha256-wTTz957u9bFXy6ZVHbcJpgEqOO2tb2/ntquMrr00jbM=' 'sha256-rP+B3tYFuMv0SfsZavhdRMwfqW86QfTrfRz2RLBAlsk=' 'sha256-h6ZL/lLgoMa5f7G5Z0jj4YvmmCW31weMd1mPyx3gDss=' 'sha256-ENIxLOL5liwAT2xxF5/jYzPbUmE3Nj8w8U672m9gss0=' 'sha256-/SFPWk2mLLrxl1O4uB4CjqR2exQ6wGx2qnyDFxovUqg=' 'sha256-LpzHI/geSt8ytWOMmjwN6RlZoqQaLYUaaiJjKnjolc0=' 'sha256-6Z/2GwvUBUUjOjDY7gYvOhVdC81hbsHHA0OAIHoBK0E=' 'sha256-UfqRkCw0IstVJVKBprZu35F8M/Ni2E9Gt3D0zGHt1QY=' 'sha256-pJ8SpQ9/d+otIGfSXXwYvEA65bqGcatvTAPnFpFmaT4=' 'sha256-s16VcIU53Wvk3xRhVXP3s/dws82g27maBL8+v0r6E3M=' 'sha256-ToGfpbeWU1bIIBcV8LN72yBCPUsnfNLoWEMFIxfWUZM=' 'sha256-INUzgOTMgsSWIdflMgV86e+Y0Mj8B2NDbEFGAC+v5Yk=' 'sha256-rLwxG7PF41BJ6YpRKwMZoeG+rtIq96JdJph67DVUp0E=' 'sha256-B7OhdEOgIVw2X7YHC9bdSr6ED13qqPIJdV5sjklQxBQ=' 'sha256-WBob3D6LajXSIWMn3cIQ8haBg7Kn4JsT1K3hGMB+rIA=' 'sha256-hYNTTS9fNCroSgZXII4y/zbk8y/NCkHjuFNGr+w0KhM=' 'sha256-7NkXpzZWMyGido9QYW4hc+0Bnkliv2B0iqnp+3GYDYk=' 'sha256-7vgnPFxAFvL1Zc9HKT5Vt6yL0wfX2eCG/DeeASzjKnU=' 'sha256-TnaaQFJuNZRPT4Rg2Nj5IsqyexrMISkufPL4ymGxFD0=' 'sha256-VNx4AoDL5EYHclOkdb450E15lxju9+/L4ABmVUSe5ps=' 'sha256-IGWtXrv2CdAVG1xRRAlpV5rW8SQKquOsRW3SIVJe7KE=' 'sha256-ZNL+ZT5I49eRVLLoG13XD4WnW4EWocCsGQ3EvDxT7Bc=' 'nonce-272b6c7rfY2A6nc1T8X71S1ru8f7F1Y19k7W7s8Ph0s' 'sha256-mM5vfp0j/uSPMga1P2i62UgxP1hfenog1KIUWnw8cbo=' 'sha256-MhImpArQUDJOQopPZzQIXcRphqWMq1XtAopxRb+F6HQ=' 'sha256-b1wOomIsqCOZkdS5q93+/NIDstG7LsZR3ZrnNCVa9Gk=' 'sha256-M+mWZqSb2FQL/a9DUKOqDqYfKIwHTD/AH3ATXUMkR/4=' 'sha256-2cjMbskUOlIHRnmdAApzCZ049vbin//TcKUkJdChnVM=' 'sha256-hbfSeUanp09wKIlOUAWeKeSZBDzCHJqz8z4pDJhP3rM=' 'sha256-Zljxkor+exq1m9bwrgjFDNKJ+z2IFNdQwEF8mm8bmHQ=' 'sha256-Pdw+wAQZbjnjp08y7TailYyMvvTtQfRHG4hZvnjDDeY=' 'sha256-Uh4u+o/PtihrG4XsPMeO2pdFq477KHV+U6CSkHAVhmY=' 'sha256-gBXtSG5PtpawbQtJC1jqutX+sWaFVEC/x/cXs7xfoxw=' 'sha256-nWmpkwpTQKtDiVEEetDNeEwu7XNBbDvStLahfYoIttc=' 'sha256-OFxyqIfx7Vyf7S1dIgQedpnkPKAcMSmG/oltxoe47rw=' 'sha256-BgSlIFk6vZmyoAN8+7Frf6YLXnq9IT6U+wDrsAW43AY=' 'sha256-XKx0PCI+BC8iwFOP0ckhSLe97ARXozTm+MZN1qyEdVU=' 'sha256-cahVFXKZetXDT7XnOwAtWxzh2QDJ5UU/H+JN+2i9bBM=' 'sha256-BiTnzhrWNleST4yoMMWpoWxyG1J+obmNLvRx0ENIoH0=' 'sha256-UzU3Y0qvx9lPPKhmMbou6bB8joFPJ3sMmlct1J878qM=' 'sha256-m0oX3bBi+nalcTQXgOX9vmAb/vl5F9qjU0ski3QmChg=' 'sha256-viwvIA3CP2AhJDT4ZteYDvdgRTMiMj7jqjhYBIsZFso=' 'sha256-BNo9QfMWFNEwqHD0KyE3MA6/q8JKlB5x+xA9oNFRnGs=' 'sha256-eB5C6rdxUcXk/oJ2Fy9o54EeLTFFHMCHCQO/AhBVeE8=' 'sha256-Goa/OTHGlzdQZ1mT1t8RgDh5y/KFYaHMX+nRsujmg34=' 'sha256-tOpeTWkjC6a8wSZSWuzi/NSqlp7S+AtJsWx6m/gVllQ=' 'sha256-eVzrNv8f3FKjQhflSMC3+yFtNdThPi+cT+245HpcDV0=' 'sha256-wYKnQADs2o1/poU7ccNqfNFfI22+iEEFuTk+6pvrhRM=' 'sha256-Ij8heVfBh6lAWSDLbfBXQdlem1cz852VYpzM7tSu58g=' 'sha256-+hUKjGlrFzvY6iULG1uaDscCxG0DFGRPhmgZTvKrxlk=' 'sha256-9wIz/KIXi6MsxlAHtPkO6/hrxgCAmu0fVSjBHOMI2bk=' analytics.silktide.com 'sha256-41xBFENExkgX1SlXljow9njvIbjIUYAuYF1f4Y+ZwAg=' 'sha256-6V6MHI3sLBi21nkBHx1Om+96rttOYhQgFpsFndilvBA=' 'sha256-UdVXZS1nLV8YT830494k65evJNqoflLgrI8kfpCa8EQ=' 'sha256-zSgAkcN9pYI0MfiJbwYWPjw4g1hwE/EUsPkNLYJpzlk=' 'sha256-Gc2lbUWuBaH83zlYlB5Hcd+TwQPvqudRMFTGGvdl8mY=' 'sha256-sCZ3Ctd/zDkaGQ9KhvzwO6UK2nxyIgQSK0eA7pzDudg=' 'sha256-UdYxdKzlI0RqL8YI+EB+00vOm9GzXcVPU8yhkSFViVA=' 'sha256-pfdTiE2ndaigZaUZmx7hF5zcumb9LW2Bzn/a7/jEg7Q=' 'sha256-/B0Gzc7r5AKlxgIx9AglKbq/uM8ROcMVWTx+sd2gkLI=' 'sha256-oURU9pK6WjnkP3c4V7W1weTBtvxR3TqzhvX4PUCC7tE=' 'sha256-AHaIbSxIqN+Wh2DqalR9KSL8UqDQb6Mg8nPOQsysCWc=' 'sha256-SMOJ9AQ2XuqkvrDnIQEazCXE/d16Rb5UgG8v2G2ffv4=' 'sha256-yUXrkvbo8KKgAjKQsgseJ6Fchh4UlWKfAZn/rSjxB4k=' 'sha256-vtBAQgaxFxCO7/K5XD1CEHc7i8lxYiPrMLmCAnWwnKI=' 'sha256-+d3ba+/Uim82NrCUvE1IYmGYUVUeTMn9NwroPUpQECU=' 'sha256-fclcDqtLR0CcuImB+/P9IGFMDhE09MNci57bC26y3vU=' 'sha256-WLYGcsb3LlF6UdXDhTpx1ERsQu2SprusQoJssdyWhDw=' 'sha256-gcE3RbdICqv+rgjhtqkP/7Cu1AGo9vcqRYC2TSBuWkg=' 'sha256-IExXEB/ZKr9SkeHpfBM8GDQXBFHOspEwVhqv9T3eXyw=' 'sha256-MaVxIIaPYJzdx8C0mpMa6IVo3TKVxds6P0le0/x23B0=' 'sha256-KRZpHPZm9l2N3/c4tdTCjpGlc6OiafMfmW46uqpG2OE=' 'sha256-um+i/gx7rQkLnJqs4q7Yq0YOTnMMbxBU471KbDpGj5A=' 'sha256-NgRwDfNBdYcYgRH5D1u0GrPdSmzbIhtwgiK9oV+TAsE=' 'sha256-yRPyOOuZCrfwg54PWDIL9WlNXv1tUeIwpDUUzkNsm5E='; 1
style-src 'unsafe-inline' *.registryagency.bg;  script-src 'unsafe-inline' 'unsafe-eval' 'self' portal.registryagency.bg *.registryagency.bg; 1
script-src 'nonce-e97b7cdb49ee950fa14838f797bc356c' 'unsafe-inline' 'self' *.alz.org *.googletagmanager.com https://developers.panopto.com https://embed-cdn.gettyimages.com https://s.imgur.com https://platform.instagram.com https://platform.twitter.com https://cdn.syndication.twimg.com https://www.instagram.com/embed.js https://www.google.com; frame-ancestors 'self' 1
script-src 'nonce-zNexe0DJSA3FY9y3uYrrnA==' 'strict-dynamic' 'unsafe-inline' 'unsafe-eval' https:; object-src 'none'; base-uri 'self'; block-all-mixed-content 1
script-src 'self' 'sha256-OUKhNgbY1fG+R4RQh2q3dBH54nPBtQpn1bFsdjT/2W8=' 'sha256-1c3594OZW4s2WpfYA7BDahQdQkeqXwxOythsJknM6EI=' www.google-analytics.com www.google.com maps.googleapis.com; frame-ancestors 'self' https://cms.webhare.dev 1
upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; object-src 'none';  script-src 'self' https://faraway.com https://static.site24x7rum.eu 'unsafe-eval'  https://reactjs.org/docs/error-decoder.html 'unsafe-inline' https://www.googletagmanager.com 1
default-src https: data: 'unsafe-eval' 'unsafe-inline'; 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.scotlandscensus.gov.uk https://www.googletagmanager.com https://tagmanager.google.com https://www.google-analytics.com https://use.typekit.net https://www.youtube.com https://*.vo.msecnd.net https://atlas.microsoft.com https://code.highcharts.com;style-src 'self' 'unsafe-inline' https://www.scotlandscensus.gov.uk https://nrscensusprodumb.blob.core.windows.net https://fonts.googleapis.com https://fast.fonts.net https://www.googletagmanager.com https://tagmanager.google.com https://atlas.microsoft.com;img-src 'self' https://www.scotlandscensus.gov.uk https://nrscensusprodumb.blob.core.windows.net https://fonts.gstatic.com https://www.google-analytics.com https://p.typekit.net https://atlas.microsoft.com https://stats.g.doubleclick.net https://www.googletagmanager.com https://tagmanager.google.com https://ssl.gstatic.com https://www.gstatic.com data: https://www.gravatar.com https://umbraco.tv;media-src 'self' https://www.scotlandscensus.gov.uk https://nrscensusprodumb.blob.core.windows.net blob:;font-src 'self' https://www.scotlandscensus.gov.uk https://use.typekit.net https://fonts.gstatic.com https://ssl.gstatic.com https://www.gstatic.com;connect-src 'self' https://www.scotlandscensus.gov.uk https://dc.services.visualstudio.com https://www.google-analytics.com https://*.google-analytics.com https://stats.g.doubleclick.net;child-src 'self' https://www.youtube.com https://www.youtube-nocookie.com https://datastudio.google.com;frame-ancestors 'self';report-uri https://stormid.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self'; base-uri 'self' matomo.active-elements.de; default-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' active-elements.de matomo.active-elements.de; connect-src 'self' http://www.active-elements.de matomo.active-elements.de; style-src-elem 'self' 'unsafe-inline' active-elements.de matomo.active-elements.de; font-src 'self' 'unsafe-inline' active-elements.de matomo.active-elements.de; img-src 'self' 'unsafe-inline' data: active-elements.de matomo.active-elements.de 1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' lantern.roeye.com lantern.roeyecdn.com the.sciencebehindecommerce.com lantern.roeyecdn.com ct.pinterest.com platform-api.sharethis.com buttons-config.sharethis.com *.hotjar.com maps.googleapis.com js.stripe.com widget.mondialrelay.com *.gstatic.com *.recaptcha.net *.googletagmanager.com widget.trustpilot.com tagmanager.google.com *.google-analytics.com *.analytics.google.com *.google.com *.googleadservices.com googleads.g.doubleclick.net *.facebook.com *.facebook.net static.noukies.akretion.com *.noukies.com z.moatads.com *.youtube.com  static.klaviyo.com static-tracking.klaviyo.com static.target2sell.com  *.dwin1.com *.zenaps.com widgets.pinterest.com s.pinimg.com *.awin1.com tpc.googlesyndication.com  *.kadolog.com pagead2.googlesyndication.com js.sentry-cdn.com static.noukies.com checkout.stripe.com ajax.googleapis.com; img-src 'self' data: blob: d3k81ch9hvuctc.cloudfront.net *.noukies.com lantern.roeye.com lantern.roeye.com platform-api.sharethis.com l.sharethis.com platform-cdn.sharethis.com widget.mondialrelay.com *.tile.osm.org *.googletagmanager.com ssl.gstatic.com *.gstatic.com *.google-analytics.com *.analytics.google.com googleads.g.doubleclick.net *.google.com strapi.noukies.akretion.com strapi.noukies.com static.noukies.akretion.com cdn.noukies.akretion.com cdn.noukies.com *.awin1.com *.zenaps.com maps.gstatic.com maps.googleapis.com cdnjs.cloudflare.com ct.pinterest.com *.google.be *.google.fr *.google.nl *.google.lu *.google.ch *.google.de *.google.it *.google.at *.google.se noukies.akretion.com adservice.google.com translate.google.com analytics.google.com collect.noukies.com *.googleadservices.com *.facebook.com static.noukies.com; style-src 'self' 'unsafe-inline' platform-api.sharethis.com *.hotjar.com static-tracking.klaviyo.com tagmanager.google.com fonts.googleapis.com static.noukies.akretion.com *.noukies.com static.klaviyo.com translate.googleapis.com *.gstatic.com static.noukies.com *.kadolog.com; font-src 'self' platform-api.sharethis.com *.hotjar.com fonts.gstatic.com data: static.noukies.akretion.com *.noukies.com static.noukies.com; connect-src 'self' eu.posthog.com *.wepowerconnections.com the.sciencebehindecommerce.com noukies-frbe.backend.verbolia.com noukies-nlbe.backend.verbolia.com collect.noukies.com l.sharethis.com *.hotjar.com wss://*.hotjar.com *.hotjar.io gtm-57jqsvx-ogi2z.uc.r.appspot.com *.facebook.com *.google-analytics.com *.analytics.google.com *.google.be *.google.fr *.google.nl *.google.lu *.google.ch *.google.de *.google.it *.google.at *.google.se search.noukies.akretion.com search.noukies.com strapi.noukies.akretion.com strapi.noukies.com api.noukies.akretion.com api.noukies.com fast.a.klaviyo.com static-forms.klaviyo.com serv-api.target2sell.com reco.target2sell.com auth.noukies.akretion.com auth.noukies.com stats.g.doubleclick.net telemetrics.klaviyo.com api.target2sell.com a.klaviyo.com ip2c.org widget.trustpilot.com maps.googleapis.com o57577.ingest.sentry.io ct.pinterest.com *.googletagmanager.com *.google.com googleads.g.doubleclick.net translate.googleapis.com adservice.google.com noukies.babyboom.link static.noukies.com *.ci-akretion.com cdn.noukies.akretion.com; frame-src 'self' *.awin1.com collect.noukies.com *.facebook.com js.stripe.com *.recaptcha.net bid.g.doubleclick.net auth.noukies.akretion.com auth.noukies.com *.youtube.com widget.trustpilot.com *.zenaps.com idp.noukies.akretion.com ct.pinterest.com *.awin1.com *.googletagmanager.com tpc.googlesyndication.com; worker-src 'self'; object-src 'self' data:; base-uri 'self'; manifest-src 'self'; media-src 'self' cdn.noukies.akretion.com cdn.noukies.com *.noukies.com; report-uri https://o57577.ingest.sentry.io/api/6134629/security/?sentry_key=a7c60343cdd54fc3a86d1feb9b8fb0fe 1
frame-ancestors 'self' *.alamode.com *.certmail.com; 1
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://www.googletagmanager.com https://cdn.cookielaw.org https://js-agent.newrelic.com https://bam.nr-data.net https://tag.aticdn.net https://snap.licdn.com https://cdnjs.cloudflare.com https://*.linkedin.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.clarity.ms https://connect.facebook.net https://*.googlesyndication.com; object-src 'self'; style-src 'self' 'unsafe-inline' https://translate.googleapis.com; img-src 'self' data: *; frame-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net https://www.googletagmanager.com; child-src 'self' https://tools.eurolandir.com https://*.youtube.com https://open.spotify.com https://*.doubleclick.net; font-src 'self' data: https://fonts.gstatic.com; connect-src 'self' https://cdn.cookielaw.org https://bam.nr-data.net https://*.google.com https://adservice.google.com https://*.xiti.com https://cdn.linkedin.oribi.io https://*.clarity.ms https://*.onetrust.com https://*.googlesyndication.com https://*.linkedin.com https://googleads.g.doubleclick.net; report-uri /report-csp-violation 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-97835aed02bd49ca82d71f32fd02f20e' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
default-src 'self'; base-uri 'self'; script-src 'self' 'nonce-MWJmNzZkMzY4YjVhNDMzNmFiZjBiMmE1NmI5MjRiMjA=' *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl; style-src 'self' 'unsafe-inline' statistiek.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.justid.nl; font-src 'self' statistiek.rijksoverheid.nl; object-src 'none'; connect-src *.platformrijksoverheid.nl *.rijksoverheid.nl *.contenttoolsrijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.justid.nl; img-src 'self' data: d3oiud1b8fohdw.cloudfront.net statistiek.rijksoverheid.nl *.rovid.nl *.rijksoverheidsvideo.nl *.toegankelijkheidsverklaring.nl; media-src 'self' *.rovid.nl *.rijksoverheidsvideo.nl; form-action 'self' export.highcharts.com *.contenttoolsrijksoverheid.nl *.justid.nl; frame-ancestors 'none'; upgrade-insecure-requests 1
default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; base-uri 'self'; object-src 'none'; form-action 'self'; frame-ancestors 'none'; 1
frame-ancestors 'self' tools.bluecanvas.io accounts.bluecanvas.io cpq.bluecanvas.io *.my.bluecanvas.io 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' *.list-manage.com *.njoyn.com *.digicert.com *.bambora.com *.google-analytics.com *.rollbar.com *.googletagmanager.com *.typekit.net *.twitter.com *.twimg.com *.perfectmind.com *.queue-it.net *.googleapis.com *.gstatic.com *.google.com *.spacelist.ca *.googleadservices.com *.ecdev.org;  img-src * data:; frame-src 'self' *.youtube.com *.bambora.com *.facebook.com *.twitter.com *.perfectmind.com *.isilive.ca *.escribemeetings.com airdrie.maps.arcgis.com *.google.com *.spacelist.ca *.ecdev.org *.queue-it.net; 1
default-src 'self' *.wildentity.com; script-src 'self' 'unsafe-inline' 'unsafe-eval'  *.google-analytics.com *.wildentity.com; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src * 'self' 1
upgrade-insecure-requests; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self'; 1
default-src 'self';   connect-src 'self'     media.deso.org     node.deso.org     amp.deso.org     bithunt.deso.org     bitclout.com:*     api.bitclout.com     bithunt.bitclout.com     https://altumbase.com     localhost:*     explorer.bitclout.com     heroswap.com     https://api.blockchain.com/ticker     https://api.blockchain.com/mempool/fees     https://ka-f.fontawesome.com/     bitcoinfees.earn.com     api.blockcypher.com     amp.bitclout.com     https://videodelivery.net     https://lvpr.tv     https://upload.videodelivery.net;   script-src 'self'     https://kit.fontawesome.com/070ca4195b.js     https://ka-f.fontawesome.com/;   style-src 'self'     'unsafe-inline'     https://fonts.googleapis.com     https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css;   img-src 'self'     data:     i.imgur.com     media.deso.org     images.deso.org     images.bitclout.com     quickchart.io     arweave.net     *.arweave.net     *.pearl.app     *.twimg.com     *.redd.it     cloudflare-ipfs.com     *.mypinata.cloud;   font-src 'self'     https://fonts.googleapis.com     https://fonts.gstatic.com     https://ka-f.fontawesome.com;   frame-src 'self'     localhost:*     identity.deso.org     identity.deso.blue     identity.deso.green     identity.deso.run     identity.bitclout.com     identity.bitclout.blue     identity.bitclout.green     heroswap.com     https://geo.captcha-delivery.com     https://www.youtube.com     https://youtube.com     https://player.vimeo.com     https://www.tiktok.com     https://giphy.com     https://open.spotify.com     https://embed-standalone.spotify.com     https://w.soundcloud.com     https://player.twitch.tv     https://clips.twitch.tv     https://mousai.stream     pay.testwyre.com     pay.sendwyre.com     https://lvpr.tv     https://iframe.videodelivery.net;   frame-ancestors 'self'; 1
frame-ancestors pagead2.googlesyndication.com 
							tpc.googlesyndication.com
							cm.g.doubleclick.net
						        googleads.g.doubleclick.net
							accounts.google.com
							www.google.com
							jobs.ua
							vakansii.ua
							pro-robotu.ua
							training.ua
							resume.ua
							srochno.ua
							profi.ua
							jobsite.com.ua
							jobsite.*.ua
							jobsite.kiev.ua
							ladyjob.com.ua
							zarplata.ua
							personal.ua
							provse.kiev.ua
							uajobs.com.ua
							job4you.com.ua 1
frame-ancestors 'self'; script-src-elem 'unsafe-inline' 'unsafe-eval' 'self' data: https://acsbapp.com https://acsbap.com https://analytics.twitter.com https://bat.bing.com https://cdn.rlets.com https://cdnjs.cloudflare.com https://core.secure.ehc.com https://script.crazyegg.com https://connect.facebook.net https://googleads.g.doubleclick.net https://i.simpli.fi https://s.pinimg.com https://snap.licdn.com https://static.ads-twitter.com https://tag.simpli.fi https://tags.srv.stackadapt.com https://www.google-analytics.com https://www.google.com https://www.googleadservices.com https://www.googletagmanager.com https://cdn.jsdelivr.net https://maps.googleapis.com https://www.gstatic.com https://acsbapp.com https://*.rlets.com https://www.facebook.com https://rum.corewebvitals.io https://ipinfo.io https://www.youtube.com https://core.ehcstaging.com https://core.ehc.com https://cdn-prod.securiti.ai; object-src 'none'; base-uri 'none'; frame-src 'self' https://www.youtube.com https://www.googletagmanager.com https://www.facebook.com https://*.rlets.com https://bid.g.doubleclick.net https://www.google.com https://acsbapp.com https://ct.pinterest.com https://accounts.accessibe.com https://hcahealthcare.formstack.com; 1
default-src 'none'; img-src 'self' blob: data: https:; script-src 'nonce-common1715647828379001' *.pt *.ve *.la *.ga *.sa *.pe *.lc *.ma *.qa *.sb *.ca *.ba *.gb *.bb *.ua *.va *.tl *.za *.ac *.lb *.pa *.ml *.name *.mc *.google.com *.co.in *.googleadservices.com *.google-analytics.com *.doubleclick.net *.bing.com *.data.id *.googleusercontent.com *.rlets.com https://*.linkedin.com https://*.licdn.com https://*.facebook.com 'sha256-dpRN5wXg0YsXnwK77lCEp8q7m97x4vb8lLuG0lEBZ1o=' 'sha256-LN2a4GIUGe4Ra6mMDgHbE0xfL4vuY/3NA8D4bE2yNj8=' 'sha256-aMzyR08pOM+eu29cVHEO0lYHdU3XEUd7Clkim18Np2g=' 'sha256-UEAQMtSbNbCs69PAxDRev/HtpuL5GuBlLnhtQEuE32c=' 'sha256-9mFq8Do02jZYCIJytRmjU4YuzoLYxMvmAyO/iWaiOYA=' 'sha256-urarjhcT7sLfjlqXnrQdNDzLK9XavG0boPuve2xaYVs=' 'sha256-yaNtIbcH0/b8nacvq9Q9mxiYqTGJJbXJDxW9QQpbYok=' 'sha256-aAmy9spd81qfubhI2BmbYjcb43X0/57Xk2jy6bttxHM=' 'sha256-2Pm4atzcG7sS5xpDXxD2B6OzCuRWWA4YlZcspxOrwGw=' 'sha256-QZTtDybMFbW8yKdAi9jWilRnC1bMZb3RlU6NmoTWiKk=' 'sha256-6RVO2SoVtUO2wlt1Becft5RLMguM2zb3ZPCwjPjAYtQ=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-Jc9/AmUp3Qdu+XHSpwBaBor9KXu4SII2eOnNTlldgEc=' 'sha256-Q3gsu546MxEtZrhQ408WLuVXKWrCF8Dh0ozIeOz4t1o=' 'sha256-m5BxL9Zw0qoA5T8wjYblwAPKyyzpmtcDTwXBy/nZ6do=' 'sha256-pIJpf4nTrITcG2uHHMQ8jjn+kWVn0noyC2f/p5r6mvY=' 'sha256-6d1hzb25TU1brqRIbRwKirhRfrWCDVw9XFuzr1aLB6E=' 'sha256-ZC4Ihfl+1sv3E25DQh090ITQKwffxiocyA9C1vaePKU=' 'sha256-aDJ5Bql+RjPsQvM2jhkH/Zsvfio3OzAB4a0aMxemTeY=' 'sha256-2e0AMY+1ycioFIohRms0smnxCryLqnpAB19NGfGqjZY=' 'sha256-4ZicTeZZ8TCZbOVR0PR1gRqRUn/OW9OTuI0SjSJLclo=' 'sha256-NQfc27RODJMCUmaqjMwdfn4W0gAOlXht1ZZm3Yldg8E=' 'sha256-KR2YBWdpxtBBN8qBGh5O/DbZILGzyh8O+P+d0nD2xX0=' 'sha256-jpUYaNb0JTirdko6OeYgaFsE5ol9jcPxkoo9eRa/fv4=' 'sha256-8AD5icVKiYWC8MscX0D+ZcmhbLFkB1ppsaHohjXoGtc=' 'sha256-L7viC3kUpXu9uCOi97VqCR2bLlMwSQlmLmSuuQ93ngU=' 'sha256-m7aOxdCZWzGOtpMd1LNlR2yiipYcMEnjiRIW2JlHMSk=' unsafe-inline 'sha256-sdhxQKCyrgcV4Z6cDgE0W5OLLHodQDbqRtLgXIw1q9A=' 'sha256-yNN3xGMO89r54DJvxAbqicZvaPgG9GOwOGVygxLZL2A=' *.nextdoor.com *.leadportal.com  https://*.jsdelivr.net https://*.jquery.com https://*.cloudflare.com https://*.nblyprod.com https://*.gannettdigital.com https://*.omtrdc.net *.reachlocalservices.com *.rlcdn.com https://www.googletagmanager.com https://www.google-analytics.com *.googleapis.com https://*.typekit.net https://*.pagescdn.com https://unpkg.com https://*.youtube.com https://*.sitescdn.net https://*.addthis.com https://*.moatads.com https://*.addthisedge.com https://*.pinterest.com https://*.hotjar.com https://*.realpropertymgt.com/ https://*.stackadapt.com https://*.cloudflareinsights.com https://*.facebook.net *.tctm.co *.en25.com https://*.google.com https://*.gstatic.com https://*.googletagmanager.com https://*.nblytest.com https://*.nblydev.com *.nblytest.com *.nblydev.com https://*.bing.com https://*.marchex.io https://*.oribi.io https://*.googleoptimize.com 'sha256-TKV0/mdWqsd3xcHSJ4tcsF1ws5ChUUqjFr/X1TJ5dS4=' 'sha256-uaN16cZ4MzjDslkWC8qhwWBF199Y8ruzgrLrZf1viz0=' 'sha256-K8P4tVM0YI4k18HG3/r7FWs37+3qsUxcBHJz/RWXobQ=' https://*.datadoghq-browser-agent.com https://*.browser-intake-datadoghq.com https://*.clarity.ms https://*.neighborlybrands.com https://*.neighborlybrands.com/ bob: 'unsafe-eval' https://*.en25.com *.omtrdc.net 'self' ajax.cloudflare.com https://*.googleadservices.com https://*.doubleclick.net https://*.appfolio.com https://*.adobedtm.com; style-src undefined *.googleapis.com *.gmailapis.com *.jsdelivr.net *.nblydev.com https://*.jsdelivr.net https://cdn.jsdelivr.net https://*.nblydev.com  https://*.stackadapt.com https://*.nblyprod.com https://*.neighborlybrands.com https://*.neighborlybrands.com/ 'unsafe-inline' https://*.typekit.net https://*.sitescdn.net https://*.nblytest.com; object-src 'none'; connect-src *.google.com *.co.in *.googleadservices.com *.google-analytics.com *.doubleclick.net *.bing.com *.data.id *.pt *.ve *.la *.ga *.sa *.pe *.lc *.ma *.qa *.sb *.co *.ca *.ba *.gb *.bb *.ua *.va *.tl *.za *.ac *.lb *.pa *.ml *.name *.mc *.googleusercontent.com *.rlets.com https://*.marchex.io https://*.stackadapt.com https://*.linkedin.com https://*.licdn.com https://*.facebook.net https://*.facebook.com https://*.googleapis.com https://*.mailing.realpropertymgt.com https://*.gannettdigital.com https://*.omtrdc.net *.reachlocalservices.com *.rlcdn.com https://www.google-analytics.com https://*.demdex.net https://*.realpropertymgt.com https://*.pagescdn.com https://*.addthis.com https://*.crownpeak.net https://*.neighborly.com https://realpropertymgt.com https://liveapi-cached.yext.com https://*.hotjar.com https://*.dwyergroup.com *.tctm.co *.en25.com https://*.nblytest.com  https://*.bing.com https://*.oribi.io https://*.browser-intake-datadoghq.com https://*.clarity.ms https://*.neighborlybrands.com https://testrsid123.112.2o7.net https://*.nblyprod.com https://*.neighborlybrands.com/ https://*.en25.com *.omtrdc.net https://*.doubleclick.net https://*.nblydev.com https://*.yext.com; font-src undefined https://*.gstatic.com *.jsdelivr.net https://*.nblydev.com https://*.nblytest.com https://*.neighborlybrands.com https://*.nblyprod.com https://*.neighborlybrands.com/  https://*.typekit.net; frame-src *.google.com *.co.in *.googleadservices.com *.google-analytics.com *.doubleclick.net *.bing.com *.data.id *.pt *.ve *.la *.ga *.sa *.pe *.lc *.ma *.qa *.sb *.co *.ca *.ba *.gb *.bb *.ua *.va *.tl *.za *.ac *.lb *.pa *.ml *.name *.mc *.googleusercontent.com *.rlets.com https://*.marchex.io https://*.stackadapt.com https://*.linkedin.com https://*.licdn.com https://*.facebook.net https://*.facebook.com *.nextdoor.com *.leadportal.com https://*.en25.com https://*.gannettdigital.com https://*.omtrdc.net *.reachlocalservices.com *.rlcdn.com https://*.youtube.com https://*.demdex.net https://*.addthis.com https://answers-embed.realpropertymgt.com.pagescdn.com https://*.hotjar.com/ *.tctm.co *.en25.com https://*.nblyprod.com https://*.neighborlybrands.com/  *.omtrdc.net https://*.appfolio.com/ https://*.google.com/ 1
frame-ancestors self foto-tours.ru 1
frame-ancestors https://*.gettalong.org/ 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-440720731d7a8745015bce2b264ce3b3'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self'; connect-src 'self'  https://api.userback.io/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://api.userlike.com/ https://www.userlike.com/ https://userlike-cdn-umm.b-cdn.net/ https://*.commander1.com/ https://privacy.trustcommander.net https://*.tagcommander.com https://*.commandersact.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.rs; font-src 'self' data: https://static.userback.io/ https://userlike-cdn-umm.b-cdn.net/; frame-ancestors 'self'; frame-src 'self' https://tools.eurolandir.com https://www.youtube.com/ https://www.youtube-nocookie.com/ https://www.google.com/ https://app.23degrees.io/ https://cdn.trustcommander.net/ https://livestream.bevideo.tv/ https://my.walls.io/ https://bevideo.videosync.fi/; img-src 'self' data: https://via.placeholder.com/ https://dashboard.umbraco.com/ https://userlike-cdn-operators.s3-eu-west-1.amazonaws.com/ https://www.google-analytics.com https://app.23degrees.io/ https://manager.tagcommander.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://tools.euroland.com/ https://www.google.com/ https://www.gstatic.com/ https://static.userback.io/ https://app.23degrees.io/ https://userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/ https://userlike-cdn-umm.b-cdn.net/ https://cdn.tagcommander.com/ https://cdn.trustcommander.com/ https://cdn.trustcommander.net/ https://www.googletagmanager.com https://www.google-analytics.com/ https://walls.io/ https://*.googletagmanager.com; style-src 'self' 'unsafe-inline' https://static.userback.io/; worker-src 'self' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval'  *.hanmasoft.cn *.baidu.com *.aliyun.com *.bdimg.com *.qq.com * data: blob: 1
frame-ancestors 'self' http://62.153.150.43 https://www.enycharge.de https://www.mein-kasten.de 1
default-src 'none'; block-all-mixed-content; connect-src 'self' *.googleapis.com *.gstatic.com *.google.com *.cookiebot.eu *.google-analytics.com; font-src 'self' data: *.googleapis.com *.gstatic.com *.google-analytics.com; frame-src *; img-src 'self' data: *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com; manifest-src 'self'; media-src 'self'; script-src 'self' *.google.com 'unsafe-inline' blob: *.googleapis.com *.gstatic.com *.cookiebot.eu *.googletagmanager.com *.google-analytics.com 'sha256-7BR2mzQgegl16OzhYaABCgX+kM/0FnVwstu1v2KgQbw=' 'sha256-wfxJ7YZKDslwby5G8BoAcLOzW1p+E0YMbh6d3MizcsI=' 'sha256-JglQj6PX/c3n1AtXwhS4fkUY+TTFNX3M/x4JjovL2tY=' 'sha256-gRjb7Pg9ekg78sSAQ935jMPX8YulX2dOQYx79CdC2uE=' 'nonce-WbxBWAYvXZzCyoYqwbAfUQ=='; style-src 'self' cdnjs.cloudflare.com 'unsafe-inline' *.googleapis.com *.gstatic.com *.google-analytics.com; report-uri /csp/report 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://blorbo.social; img-src 'self' https: data: blob: https://blorbo.social; style-src 'self' https://blorbo.social 'nonce-LpeHsXN91duGH+BPuZcVOQ=='; media-src 'self' https: data: https://blorbo.social; frame-src 'self' https:; manifest-src 'self' https://blorbo.social; form-action 'self'; child-src 'self' blob: https://blorbo.social; worker-src 'self' blob: https://blorbo.social; connect-src 'self' data: blob: https://blorbo.social https://blorbo.social wss://blorbo.social; script-src 'self' https://blorbo.social 'wasm-unsafe-eval' 1
frame-src blob: https://cinti.ru/ https://mc.yandex.ru https://www.instagram.com https://api-maps.yandex.ru/ https://www.youtube.com/ https://api-maps.yandex.ru/ https://yandex.ru/ https://metrika.yandex.ru/ https://www.google-analytics.com/ https://www.google.com/; 1
frame-ancestors 'self' pagecloud.com www.pagecloud.com; 1
script-src http: https: *.hsforms.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' blob: https: 'unsafe-inline' 'unsafe-eval' *.hsforms.com; img-src data: http: https:; object-src 'none'; base-uri 'none'; child-src 'self'; frame-src assets.braintreegateway.com *.office365.com *.facebook.com *.google.com *.youtube.com *.youtu.be *.vimeo.com *.olark.com *.hubspot.com *.hsforms.com *.googlesyndication.com *.ingredientsonline.com *.doubleclick.net *.hsforms.com 1
frame-ancestors 'self'; report-uri https://www.powerconstruction.net/report-uri/enforce 1
frame-ancestors 'self' my.agentero.com dev.agentero.com outdooradvinsure.com www.fordinsurance.com fordinsurance.com newenglandsaves.com 1
default-src 'none'; script-src 'self'; img-src 'self' data:; style-src 'self' ; font-src 'self' data:; frame-src 'self'; frame-ancestors 'self'; connect-src 'self' https://apis.google.com; object-src 'none'; form-action 'self'  1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-bd5e2e5e16fe72bfaea7460fdc9dd5b1'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src *; font-src *; media-src *; img-src * https://i.postimg.cc data; script-src * https://www.google.com https://www.gstatic.com 'unsafe-eval' ; style-src * 'unsafe-inline' 'unsafe-eval' 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-4wI7YPX7GZkAaChkxcJCmTOl66g='; style-src 'nonce-4wI7YPX7GZkAaChkxcJCmTOl66g=' 1
script-src 'unsafe-eval' 'unsafe-inline' https://www.cscos.com/ https://fonts.googleapis.com/ https://kit.fontawesome.com https://ajax.googleapis.com/ http://www.w3.org/2000/svg https://ssl.google-analytics.com/ https://platform.twitter.com/ https://use.fontawesome.com/ https://cdnjs.cloudflare.com/ https://cdn.jsdelivr.net/ https://www.google.com/ https://www.gstatic.com/ https://www.youtube.com/ https://www.googletagmanager.com/ https://tracker.metricool.com/ https://www.google-analytics.com/ 1
script-src 'self' gateway.tillpayments.com test-gateway.tillpayments.com secure.tillpayments.com cdn.datatables.net fengyuanchen.github.io stackpath.bootstrapcdn.com www.googletagmanager.com www.google-analytics.com code.jquery.com cdnjs.cloudflare.com getbootstrap.com jqueryvalidation.org www.w3.org sortablejs.github.io ajax.googleapis.com 'unsafe-inline'; style-src 'self' cdn.datatables.net stackpath.bootstrapcdn.com cdnjs.cloudflare.com use.fontawesome.com getbootstrap.com fonts.googleapis.com 'unsafe-inline'; font-src 'self' use.fontawesome.com fontawesome.io getbootstrap.com www.w3.org 'unsafe-inline' 1
default-src 'self';script-src 'report-sample' sentry.io 'unsafe-eval' 'self' 'unsafe-inline' tagmanager.google.com/ www.googletagmanager.com storage.googleapis.com maps.googleapis.com www.google-analytics.com widget.taggbox.com static.cdn.prismic.io prismic.io *.hsforms.com *.hsforms.net *.hs-scripts.com *.hs-banner.com track.hubspot.com *.hs-analytics.net *.hscollectedforms.net *.hsadspixel.net *.usemessages.com *.hsleadflows.net *.googleadservices.com snap.licdn.com googleads.g.doubleclick.net;style-src 'report-sample' 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com;object-src 'none';connect-src 'self' sentry.io images.prismic.io fonts.googleapis.com exscientia.cdn.prismic.io tagmanager.google.com/ storage.googleapis.com maps.googleapis.com www.google-analytics.com www.googletagmanager.com maps.gstatic.com api.lever.co forms.hubspot.com hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com api.hubapi.com exscientia.workable.com sandlane.workabledemo.com forms.hscollectedforms.net cdn.linkedin.oribi.io *.google-analytics.com stats.g.doubleclick.net vimeo.com;font-src 'self' fonts.gstatic.com;frame-src 'self' cabinpanda.com widget.taggbox.com player.vimeo.com *.youtube.com vimeo.com exscientia.prismic.io forms.hsforms.com;img-src 'self' maps.gstatic.com images.prismic.io data: blob: 'unsafe-inline' www.googletagmanager.com ssl.gstatic.com/ storage.googleapis.com www.google-analytics.com maps.googleapis.com media-exp1.licdn.com exscientia.cdn.prismic.io forms.hubspot.com track.hubspot.com *.ads.linkedin.com *.google.com *.google.co.uk lite-vimeo-embed.now.sh forms.hsforms.com lite-vimeo-embed.vercel.app;media-src 'self' exscientia.cdn.prismic.io media-exp1.licdn.com;worker-src 'self' www.googletagmanager.com ssl.gstatic.com/ storage.googleapis.com www.google-analytics.com maps.googleapis.com exscientia.cdn.prismic.io images.prismic.io 1
default-src 'self'; style-src 'self' 'unsafe-inline' platform.twitter.com; script-src 'self' 'unsafe-inline' acsbapp.com platform.twitter.com cdn.syndication.twimg.com; form-action 'self'; worker-src 'none'; frame-src 'self' player.vimeo.com www.youtube.com youtu.be www.youtube-nocookie.com/ *.podcaster.de www.german-films.de/ platform.twitter.com syndication.twitter.com; img-src 'self' data: web1.acsbapp.com cdn.acsbapp.com platform.twitter.com abs.twimg.com pbs.twimg.com syndication.twitter.com; object-src 'none'; font-src 'self' acsbapp.com cdn.acsbapp.com; connect-src 'self' cdn.acsbapp.com acsbapp.com 1
frame-ancestors 'self' *.slipcase.com *.marketplace.marsh.com https://www.slipcase.com https://marketplace.marsh.com; 1
default-src 'self' 'unsafe-eval' 'unsafe-inline' data: secure.gravatar.com fonts.gstatic.com d5prod.imgix.net droga5.com *.accenture.com accenture.com *.google-analytics.com *.googleapis.com *.vimeo.com vimeo.com *.vimeocdn.com fast.fonts.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.github.io *.googletagmanager.com *.cloudflare.com *.googleapis.com *.vimeo.com vimeo.com fast.fonts.net; style-src 'self' 'unsafe-eval' 'unsafe-inline' cdn.jsdelivr.net *.vimeo.com vimeo.com fast.fonts.net;  1
frame-ancestors 'self' *.ekz.ch 1
frame-ancestors 'self'; script-src 'self' cdn.rudderlabs.com 1
default-src 'self' 'unsafe-inline' *.cookiebot.eu *.google-analytics.com *.youtube.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.cookiebot.eu *.googletagmanager.com; img-src * data:; 1
frame-ancestors 'self' https://www.itmagazine.ch 1
default-src 'self' data: *.google-analytics.com  analytics.google.com crm.assist.ru *.googletagmanager.com mc.yandex.ru bitrix.info; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google-analytics.com analytics.google.com *.googletagmanager.com mc.yandex.ru bitrix.info; style-src 'self' 'unsafe-inline'; object-src 'none'; frame-ancestors 'self' crm.assist.ru; base-uri 'self'; img-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline' blob: data: mc.yandex.ru; media-src 'self' 'unsafe-eval' 'unsafe-hashes' 'unsafe-inline'; connect-src 'self' bitrix.info mc.yandex.ru *.google-analytics.com analytics.google.com; script-src-elem 'self' 'unsafe-inline' www.googletagmanager.com bitrix.info mc.yandex.ru; 1
default-src 'self'; child-src 'self' connect.facebook.net fast.wistia.com fast.wistia.net googleads.g.doubleclick.net td.doubleclick.net *.hotjar.com *.hotjar.io bid.g.doubleclick.net *.fls.doubleclick.net youtube.com www.youtube.com js.stripe.com www.facebook.com staticxx.facebook.com tpc.googlesyndication.com www.google.com *.googletagmanager.com *.quora.com intercom-sheets.com app-ab27.marketo.com www.intercom-reporting.com d2c7xlmseob604.cloudfront.net js.intercomcdn.com insight.adsrvr.org match.adsrvr.org https://intercom.chilipiper.com app.intercom.com app.intercom.io https://app.getreprise.com; connect-src 'self'   www.intercom.com app.intercom.io app.intercom.com api.intercom.io api-visitor-analytics.intercom.com api-iam.intercom.io api-ping.intercom.io api.smartling.com js.intercomcdn.com munchkin.marketo.net *.mktoutil.com nexus-websocket-a.intercom.io nexus-websocket-test.intercom.io nexus-long-poller-a.intercom.io nexus-long-poller-test.intercom.io store.intercomassets.com widget.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-test.intercom.io marketing.intercomcdn.com uploads.intercomcdn.com uploads.intercomusercontent.com abrtp1.marketo.com abrtp1-cdn.marketo.com app.getsentry.com stats.g.doubleclick.net www.google.com adservice.google.com http://*.hotjar.com:* https://*.hotjar.com:* https://vc.hotjar.io:* wss://*.hotjar.com http://*.hotjar.io:* https://*.hotjar.io:* wss://*.hotjar.io sentry.io www.facebook.com *.akamaihd.net *.wistia.com *.wistia.net 258-clw-344.mktoresp.com bat.bing.com d2c7xlmseob604.cloudfront.net rum-collector-2.pingdom.net https://*.browser-intake-datadoghq.com public-trace-http-intake.logs.datadoghq.com https://assets.ctfassets.net c.6sc.co b.6sc.co j.6sc.co ipv6.6sc.co epsilon.6sense.com epsilon-cloudfront.6sense.com user-data.mutinycdn.com https://api-v2.mutinyhq.io/v2/b https://api.mutinyhq.io/v2 https://client-registry.mutinycdn.com secure.adnxs.com *.googletagmanager.com *.google-analytics.com *.analytics.google.com api.chilipiper.com tracking.chilipiper.com cdn.linkedin.oribi.io gw.linkedin.oribi.io px.ads.linkedin.com https://app.getreprise.com images.ctfassets.net https://cdn.jsdelivr.net *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com; font-src data: https: ; img-src data: blob: https: ; media-src data: blob: https: ; object-src 'none'; script-src 'self' 'unsafe-eval' app.intercom.io app.intercom.com www.intercom.com js.intercomcdn.com store.intercomassets.com marketing.intercomassets.com widget.intercom.io ajax.googleapis.com analytics.twitter.com abrtp1.marketo.com abrtp1-cdn.marketo.com app-sjqe.marketo.com app-sjst.marketo.com app-ab27.marketo.com bat.bing.com cdn-assets-prod.s3.amazonaws.com cdn.ravenjs.com browser.sentry-cdn.com connect.facebook.net distillery.wistia.com distillery-main.wistia.com fast.wistia.com fast.wistia.net googleads.g.doubleclick.net js.stripe.com munchkin.marketo.net platform.twitter.com rtp-static.marketo.com script.hotjar.com script.hotjar.io secure.adnxs.com static.hotjar.com static.hotjar.io stats.g.doubleclick.net store.intercom.io tpc.googlesyndication.com www.datadoghq-browser-agent.com www.google.com www.google-analytics.com www.googleadservices.com/pagead/ www.googletagmanager.com tagmanager.google.com snap.licdn.com px.ads.linkedin.com px4.ads.linkedin.com dc.ads.linkedin.com p.adsymptotic.com sjs.bizographics.com client-registry.mutinycdn.com client.mutinycdn.com https://js.chilipiper.com 'sha256-CIxBMTSsZNOVtN/e53Oinc5o7iS+6GCLATfDTYD9EQk=' https://app.getreprise.com *.litix.io https://o2129.ingest.sentry.io/ cdn.cookielaw.org *.onetrust.com 'strict-dynamic' 'nonce-NDA4MWI0MmEtZjgxZC00ZGM1LTljMTQtYzU0NTBkOWFjZWQw'; style-src 'self' 'unsafe-inline' app-ab27.marketo.com marketing.intercomassets.com maxcdn.bootstrapcdn.com rtp-static.marketo.com fonts.googleapis.com tagmanager.google.com https://www.googletagmanager.com https://js.chilipiper.com; worker-src data: blob:; base-uri 'self'; report-uri https://o2129.ingest.sentry.io/api/1467748/security/?sentry_key=2b3179211aae44189b7651cf09d7b74f 1
default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: *.wpenginepowered.com *.wpengine.com *.google-analytics.com *.gravatar.com *.twimg.com *.jsdelivr.net *.youtube.com *.google.com *.googletagmanager.com *.yt.com *.vimeo.com *.cfmaeroengines.com; object-src 'none'; frame-ancestors 'self'; form-action 'self'; 1
default-src * data:; script-src data: https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline' 1
default-src 'self'; script-src *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com https://www.google-analytics.com https://*.jquery.com https://*.doubleclick.net https://*.licdn.com/ *.youtube.com https://*.adsrvr.org/ https://analytics.illinoismutual.com 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://*.fontawesome.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com https://www.google-analytics.com https://*.linkedin.com https://www.google.com/ 'self' https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data: https://*.fontawesome.com; frame-src 'self' https://www.youtube.com/ https://www.youtube-nocookie.com https://www.illinoismutual.com/ https://widgets.memberedge.io https://td.doubleclick.net/ https://insight.adsrvr.org/ https://www.googletagmanager.com https://*.lifehappens.org/; connect-src data: accounts.google.com *.gstatic.com https://*.googletagmanager.com https://www.google-analytics.com https://*.google.com https://*.doubleclick.net https://*.linkedin.com https://analytics.illinoismutual.com 'self' https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com 1
frame-ancestors *.uhive.com; 1
default-src 'self'; connect-src 'self' *; base-uri 'self' optimize.google.com; frame-src data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' data: * *.googleapis.com *.gstatic.com *.zohocdn.com; img-src 'self' data: * imagedelivery.net *.videodelivery.net *.cloudflarestream.com *.mw.zone; media-src 'self' *.olark.com *.zohocdn.com *.ctfassets.net imagedelivery.net videodelivery.net *.cloudflarestream.com *.mw.zone; 1
frame-ancestors 'self'; img-src data: *; script-src 'unsafe-inline' 'unsafe-eval' https://* ; object-src * 1
default-src 'self' mailto:;     base-uri 'self';     script-src 'nonce-20e2f3df848143b58eb5d72ed720f643' 'strict-dynamic' 'self' *.casinorewards.com cdn.jsdelivr.net https://www.googletagmanager.com/gtm.js https://www.google-analytics.com/analytics.js https://*.amplitude.com ;     connect-src 'self' https://www.google-analytics.com https://stats.g.doubleclick.net https://cdn.trustindex.io https://*.amplitude.com;     frame-src 'self' mailto: *.gameassists.co.uk *.gameassists.dk *.gameassists.se *.gameassists.co.za *.valueactive.eu *.valueactive.dk  ;     style-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com 'unsafe-inline';     font-src 'self' cdn.jsdelivr.net https://fonts.googleapis.com https://fonts.gstatic.com https://www.google-analytics.com;     img-src * data:;     object-src 'none';     frame-ancestors 'self';     media-src 'self' s3.amazonaws.com; 1
img-src * data: blob; upgrade-insecure-requests; 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://fedifriends.social; img-src 'self' https: data: blob: https://fedifriends.social; style-src 'self' https://fedifriends.social 'nonce-4sNw3vHRtSjFEc2++rwpCw=='; media-src 'self' https: data: https://fedifriends.social; frame-src 'self' https:; manifest-src 'self' https://fedifriends.social; form-action 'self'; child-src 'self' blob: https://fedifriends.social; worker-src 'self' blob: https://fedifriends.social; connect-src 'self' data: blob: https://fedifriends.social https://mastomedia.fedifriends.social wss://fedifriends.social; script-src 'self' https://fedifriends.social 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.sprintecommerce.com *.venditan.com *.venditan.io 1
default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https:; img-src data: https:; style-src 'unsafe-inline' https:; child-src https:; connect-src 'self' https://qgy18.imququ.com; frame-src https://disqus.com https://www.slideshare.net; manifest-src 'self'; 1
base-uri 'self'; font-src 'self' https: data:; form-action self https://checkoutshopper-test.adyen.com https://checkoutshopper-live-au.adyen.com; frame-ancestors 'self'; img-src 'self' data: https: blob:; object-src 'none'; script-src-attr 'unsafe-inline'; style-src 'self' https: 'unsafe-inline'; frame-src *.inside-graph.com https://virtualdiamonds.s3.us-east-2.amazonaws.com https://www.google.com https://assets.3dvirtualdiamond.com https://assets.solitaires.info/ https://form.typeform.com https://checkoutshopper-test.adyen.com https://checkoutshopper-live-au.adyen.com https://*.doubleclick.net https://scheduler.powerfront.com https://micheal-hill.3kit.com/ https://preview.threekit.com/ 1
default-src 'self';  script-src 'unsafe-inline' 'unsafe-eval' 'self' *.norton.com *.opendns.com js.hs-scripts.com js.hs-analytics.net js.hsleadflows.net js.hs-banner.com js.hsadspixel.net js.usemessages.com *.usercentrics.eu *.adroll.com *.adroll.mgr.consensu.org *.kampyle.com *.go-mpulse.net *.zscloud.net munchkin.marketo.net *.serving-sys.com *.googleadservices.com googleads.g.doubleclick.net *.akamaihd.net secure.comodo.com www.trustlogo.com seal.verisign.com seal.websecurity.norton.com www.googletagmanager.com optimize.google.com *.google-analytics.com media.richrelevance.com js.hsforms.net forms.hsforms.com *.hubspot.com services.cognitoforms.com www.google.com www.google:* www.gstatic.com *.googleapis.com cloud.github.com code.jquery.com connect.facebook.net static.ak.fbcdn.net *.hscollectedforms.net widgets.twimg.com www.dentapure.com www.google.com tagmanager.google.com volusionchat.appspot.com cloud.github.com vp.dentrek.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk *.youtube.com *.licdn.com *.trustpilot.com service.force.com *.salesforce.com  *.force.com  *.salesforceliveagent.com *.salesforce-sites.com bing.com facebook.net hs-scripts.com hs-banner.com hsadspixel.net hs-analytics.net linkedin.com cdn.linkedin.oribi.io adservice.google.com clarity.ms *.clarity.ms js-eu1.hs-scripts.com js-eu1.hs-banner.com js-eu1.hsadspixel.net js-eu1.hs-analytics.net blob: data:;           connect-src 'self' *.hubapi.com *.hubspot.com *.usercentrics.eu *.akstat.io *.go-mpulse.net *.kampyle.com *.mktoresp.com *.akamaihd.net *.richrelevance.com services.cognitoforms.com optimize.google.com *.google-analytics.com ssl.google-analytics.com *.clarity.ms js.hsforms.net volusionchat.appspot.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk stats.g.doubleclick.net *.trustpilot.com *.googletagmanager.com service.force.com salesforce.com  salesforceliveagent.com *.salesforce-sites.com cdn.linkedin.oribi.io *.hscollectedforms.net *.google.com adservice.google.com;  img-src 'self' *.zscloud.net *.hubspot.com *.usercentrics.eu *.henryschein.com *.adroll.com *.adroll.mgr.consensu.org *.kampyle.com googleads.g.doubleclick.net *.akamaihd.net placeholder.com via.placeholder.com secure.comodo.com www.trustlogo.com seal.websecurity.norton.com www.google:* www55.caligor.com optimize.google.com *.google-analytics.com *.henryschein.co.uk placehold.it www.servertastic.com *.clarity.ms localhost www.gstatic.com media.corporate-ir.net volusionchat.appspot.com *.googleapis.com ssl.gstatic.com www.google.com media.istockphoto.com js.hsforms.net *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk www.googletagmanager.com stats.g.doubleclick.net *.ads.linkedin.com *.adsymptotic.com *.atdmt.com *.commerce-connector.com *.trustpilot.com service.force.com salesforce.com  salesforceliveagent.com salesforce-sites.com linkedin.com *.hscollectedforms.net *.google.it *.hsforms.com *.linkedin.com forms.hsforms.com data:;  style-src *.zscloud.net *.kampyle.com *.google-analytics.com optimize.google.com 'unsafe-inline' 'self' *.googleapis.com services.cognitoforms.com tagmanager.google.com js.hsforms.net volusionchat.appspot.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk *.trustpilot.com fonts.gstatic.com service.force.com salesforce.com  salesforceliveagent.com *.salesforce-sites.com;  font-src 'self' *.kampyle.com sxt.cdn.skype.com *.googleapis.com fonts.gstatic.com themes.googleusercontent.com services.cognitoforms.com js.hsforms.net volusionchat.appspot.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk *.trustpilot.com service.force.com salesforce.com  salesforceliveagent.com salesforce-sites.com *.sfdcstatic.com data:;  frame-src 'self' *.hubspot.com *.kampyle.com *.hs-ecom.com bid.g.doubleclick.net *.google-analytics.com optimize.google.com cdn.pendo.io app.pendo.io www.trustlogo.com secure.comodo.com www.googletagmanager.com cdn.livechatinc.com secure.livechatinc.com app.usercentrics.eu www.youtube.com player.vimeo.com media.corporate-ir.net vimeo.com *.facebook.com www.google.com volusionchat.appspot.com js.hsforms.net *.henryschein.co.uk *.henryschein.com *.bing.com *.kentexpressdentalsupplies.co.uk connect.facebook.net forms.hsforms.com *.trustpilot.com service.force.com salesforce.com  salesforceliveagent.com salesforce-sites.com *.doubleclick.net data:;  media-src 'self' *.kampyle.com media.istockphoto.com js.hsforms.net volusionchat.appspot.com *.henryschein.co.uk *.henryschein.com *.facebook.com *.bing.com *.kentexpressdentalsupplies.co.uk *.trustpilot.com www.dentapure.com; service.force.com salesforce.com  salesforceliveagent.com salesforce-sites.com  report-uri /webservices/JSONRequestHandler.ashx?from=csp;   1
default-src 'self' *.usercentrics.eu; style-src 'self' 'unsafe-inline' *.googleapis.com; script-src 'self' *.googleapis.com *.pluspol-networks.de *.omniplus.com *.usercentrics.eu; font-src 'self' data: *.gstatic.com; object-src 'self'; img-src 'self' data: *.googleapis.com *.gstatic.com *.usercentrics.eu; frame-src 'self' *.omniplus.com *.pluspol-networks.de *.vimeo.com *.vimeocdn.com scnem2.com youtube.com youtube-nocookie.com busdoc.i.daimler.com; connect-src 'self' *.googleapis.com *.pluspol-networks.de *.omniplus.com *.usercentrics.eu; 1
frame-ancestors 'self' '*.gravatar.com' 'app.mluvii.com' 'fonts.googleapis.com' 'themes.googleusercontent.com' 'www.google-analytics.com' 'ajax.googleapis.com' 'www.googletagmanager.com' 'cdn.harvest.graindata.com' ; 1
form-action secure.authorize.net test.authorize.net pilot-payflowlink.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com *.iterable.com *.brilliantcollector.com *.yotpo.com 'self' 'unsafe-inline'; frame-ancestors 'self' 'self'; object-src 'self' 'unsafe-inline';manifest-src 'self' 'unsafe-inline'; child-src http: https: blob: 'self' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic'; default-src 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; media-src data: *.adobe.com www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com 'self' 'unsafe-inline'; font-src consent.trustarc.com cdn.loom.com www.honeywellpluggedin.com s3.lightboxcdn.com chrome-extension: moz-extension: fonts.gstatic.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com *.gstatic.com data: 'self' 'unsafe-inline'; style-src consent.trustarc.com helenoftroy--tst3.widget.custhelp.com www.lightboxcdn.com www.honeywellpluggedin.com s3.lightboxcdn.com www.googletagmanager.com optimize.google.com www.pollenapps.com *.adobe.com *.sharethis.com fonts.googleapis.com cdn.dnky.co webchat.dotdigital.com *.fontawesome.com maxcdn.bootstrapcdn.com *.yotpo.com *.googleapis.com 'self' 'unsafe-inline'; frame-src public.cobrowse.oraclecloud.com vars.hotjar.com 10164223.fls.doubleclick.net vice01.pur.com insight.adsrvr.org services.sdiapi.com vice01.honeywellpluggedin.com d1eoo1tco6rr5e.cloudfront.net bid.g.doubleclick.net vice01.vickshumidifiers.com helenoftroy.custhelp.com helenoftroy--tst3.custhelp.com share.hsforms.com www.youtube-nocookie.com tpc.googlesyndication.com optimize.google.com *.trustarc.com ct.pinterest.com www.pollenapps.com fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.youtube.com https://www.google.com/recaptcha/ geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.googletagmanager.com *.sharethis.com *.dotdigital-pages.com *.dotdigital.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.brilliantcollector.com *.paymetric.com *.weltpixel.com www.xtento.com *.yotpo.com https://*.online-metrix.net https://imgs.signifyd.com 'self' 'unsafe-inline'; img-src gethatch.com *.gethatch.com consent.trustarc.com *.trustarc.com www.rnengage.com crrecommendedmark.org www.google.com www.googletagmanager.com googleads.g.doubleclick.net www.vickshumidifiers.com blob: www.honeywellpluggedin.com www.pur.com www.google.co.uk *.trustarc.com www.google.nl www.google.co.za www.google.co.in prod-phoenix-hh.heledigital.com www.lightboxcdn.com s3.lightboxcdn.com ct.pinterest.com www.google.com.hk www.google.com.vn actv.at cdn.jsdelivr.net t.co analytics.twitter.com www.google.ca fonts.gstatic.com www.magentocommerce.com bam.nr-data.net mageside.com www.gstatic.com www.google.de www.activate.social submitcus.lightboxcdn.com submit.lightboxcdn.com stats.g.doubleclick.net d2axdqolvqmdvx.cloudfront.net www.google.ch www.pollenapps.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.sharethis.com d3sbl0c71oxeok.cloudfront.net dhkkzdfmpzvap.cloudfront.net d2bpzs5y44q6e0.cloudfront.net d37shgu97oizpd.cloudfront.net d1zlqll3enr74n.cloudfront.net d1jynp0fpwn93a.cloudfront.net d2cb3tokgpwh3v.cloudfront.net d1re8bfxx3pw6e.cloudfront.net d35u8xwkxs8vpe.cloudfront.net d13s9xffygp5o.cloudfront.net d388nbw0dwi1jm.cloudfront.net d11p2vtu3dppaw.cloudfront.net d3r89hiip86hka.cloudfront.net dc7snq0c8ipyk.cloudfront.net d5c7kvljggzso.cloudfront.net d2h8yg3ypfzua1.cloudfront.net d1b556x7apj5fb.cloudfront.net draz1ib3z71v2.cloudfront.net dr6hdp4s5yzfc.cloudfront.net d2bomicxw8p7ii.cloudfront.net d3aypcdgvjnnam.cloudfront.net d2a3iuf10348gy.cloudfront.net *.ssl-images-amazon.com *.ssl-images-amazon.co.uk *.ssl-images-amazon.co.jp *.ssl-images-amazon.jp *.ssl-images-amazon.it *.ssl-images-amazon.fr *.ssl-images-amazon.es *.ssl-images-amazon.de *.media-amazon.com *.media-amazon.co.uk *.media-amazon.co.jp *.media-amazon.jp *.media-amazon.it *.media-amazon.fr *.media-amazon.es *.media-amazon.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com www.xtento.com cdn.xtento.com *.yotpo.com https://imgs.signifyd.com https://*.online-metrix.net data: 'self' 'unsafe-inline'; connect-src gethatch.com *.gethatch.com maps.googleapis.com consent.trustarc.com rules.ee.channels.ocs.oraclecloud.com vice-prod.sdiapi.com rules.atgsvcs.com in.hotjar.com ct.pinterest.com rum-0ea7c26e-a032-4889-89d5-7e0c48a6fb85.rapidspike.com reports.sdiapi.com bam-cell.nr-data.net analytics.google.com crrecommendedmark.org stats.g.doubleclick.net bt.signifyd.com *.trustarc.com data-ejma.app.daas.us-phoenix-1.ocs.oraclecloud.com vc.hotjar.io region1.analytics.google.com www.google.co.in adservice.google.com www.google.com www.honeywellpluggedin.com bam.nr-data.net ws39.hotjar.com ws28.hotjar.com www.google.com.pk ws26.hotjar.com ws5.hotjar.com www.googletagmanager.com ws36.hotjar.com ws23.hotjar.com ws20.hotjar.com ws12.hotjar.com api.addressy.com ws11.hotjar.com ws18.hotjar.com www.google.co.uk ws3.hotjar.com ws2.hotjar.com www.google.ch ws37.hotjar.com ws10.hotjar.com ws24.hotjar.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com *.sharethis.com cdn.ampproject.org *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.amazon.com *.amazon.co.uk *.amazon.co.jp *.amazon.jp *.amazon.it *.amazon.fr *.amazon.es *.amazon.de *.amazonpay.com *.amazonpay.co.uk *.amazonpay.co.jp *.amazonpay.jp *.amazonpay.it *.amazonpay.fr *.amazonpay.es *.amazonpay.de mws.amazonservices.com mws.amazonservices.co.uk mws.amazonservices.co.jp mws.amazonservices.jp mws.amazonservices.it mws.amazonservices.fr mws.amazonservices.es mws.amazonservices.de www.apptrian.com facebook.com www.facebook.com connect.facebook.net graph.facebook.com webchat.dotdigital.com *.iterable.com *.brilliantcollector.com *.yotpo.com https://imgs.signifyd.com 'self' 'unsafe-inline'; script-src consent.trustarc.com gethatch.com *.gethatch.com maps.googleapis.com js.adsrvr.org ee.channels.ocs.oraclecloud.com rules.ee.channels.ocs.oraclecloud.com services.sdiapi.com vice-prod.sdiapi.com static.hotjar.com sc97923419us4.cobrowse.oraclecloud.com cdn-assets.rapidspike.com static.atgsvcs.com public.cobrowse.oraclecloud.com *.trustarc.com helenoftroy--tst3.custhelp.com www.googleoptimize.com script.hotjar.com www.google.com sc-static.net helenoftroy--tst3.widget.custhelp.com js-agent.newrelic.com www.rnengage.com bam-cell.nr-data.net ygscdn.azureedge.net static.ads-twitter.com s.pinimg.com rules.atgsvcs.com ajax.cloudflare.com www.youtube.com www.lightboxcdn.com lightboxapi.azurewebsites.net googleads.g.doubleclick.net connect.facebook.net www.googletagmanager.com tpc.googlesyndication.com www.honeywellpluggedin.com bam.nr-data.net optimize.google.com api.keen.io jsapi.lightboxcdn.com www.pollenapps.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com www.paypalobjects.com js.braintreegateway.com www.paypal.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com *.sharethis.com cdn.ampproject.org raw.githubusercontent.com *.trackedlink.net *.trackedweb.net *.dotdigital-pages.com *.payments-amazon.com *.payments-amazon.co.uk *.payments-amazon.co.jp *.payments-amazon.jp *.payments-amazon.it *.payments-amazon.fr *.payments-amazon.es *.payments-amazon.de www.apptrian.com facebook.com www.facebook.com graph.facebook.com cdn.dnky.co webchat.dotdigital.com *.iterable.com *.brilliantcollector.com www.xtento.com cdn.xtento.com *.yotpo.com https://cdn-scripts.signifyd.com https://imgs.signifyd.com 'self' 'unsafe-inline' 'unsafe-eval'; 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-/BF633hVlN0bMPVK8XlD1m90XmjCONeNgkS2T9RbFTTzfGPV' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
default-src 'self';connect-src 'self' www.google-analytics.com https://ampcid.google.com https://stats.g.doubleclick.net/j/collect;font-src 'self' data:;frame-src 'self' https://static.addtoany.com/ www.googletagmanager.com;img-src 'self' www.google-analytics.com https://www.google.fr/ads/ga-audiences https://www.google.com/ads/ga-audiences www.googletagmanager.com ssl.gstatic.com www.gstatic.com stats.g.doubleclick.net/r/ https://stats.g.doubleclick.net/r/collect data: https://*.tile.openstreetmap.fr/osmfr/;script-src 'self' 'unsafe-inline' https://static.addtoany.com/ google-analytics.com https://ssl.google-analytics.com www.google-analytics.com tagmanager.google.com googletagmanager.com www.googletagmanager.com stats.g.doubleclick.net;style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com; 1
default-src * 'unsafe-eval' 'unsafe-inline' gap://ready file:; style-src * 'unsafe-inline' *.easy-myshop.jp; media-src *; img-src * 'self' filesystem: data: blob:; 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-86fb9f00dca242e774e6977d07bbd438'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
default-src 'self' * ws: wss: data: blob:; frame-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; style-src 'self' 'unsafe-inline' *; font-src 'self' * data:; connect-src 'self' * ws: wss:; img-src 'self' data: * http: https:; child-src 'self' * blob:; 1
default-src 'none'; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'; base-uri 'self'; form-action 'none'; frame-ancestors 'none' 1
default-src 'self';script-src 'self' 'unsafe-inline' www.google.com www.gstatic.com www.googletagmanager.com bat.bing.com www.clarity.ms;style-src 'self' 'unsafe-inline' fonts.googleapis.com;img-src 'self' data: www.gstatic.com/recaptcha www.google-analytics.com;frame-src 'self' www.google.com fonts.google.com www.googletagmanager.com *.officemaps.net *.officemaps.com;font-src 'self' fonts.gstatic.com;connect-src 'self' analytics.google.com stats.g.doubleclick.net;base-uri 'self';frame-ancestors 'self' www.google.com www.gstatic.com *.officemaps.net teams.microsoft.com *.officemaps.com kcc.8av.co.uk *.teams.microsoft.com;sandbox allow-forms allow-modals allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts 1
default-src 'self' https://hahita.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' www.google.com www.gstatic.com www.youtube.com yastatic.net https://hahita.com; style-src 'self' 'unsafe-inline' https://hahita.com; img-src 'self' counter.yadro.ru data: https://hahita.com; font-src 'self' data: https://hahita.com; frame-src 'self' *.youtube.com api.insertunit.ws api.lessornot.ws api.linktodo.ws mc.yandex.ru www.google.com mcdonell-as.allarknow.online:9443 mcdonell-as.newplayjj.com:9443 https://hahita.com; child-src 'self' *.youtube.com api.insertunit.ws api.lessornot.ws api.linktodo.ws mc.yandex.ru www.google.com mcdonell-as.allarknow.online:9443 mcdonell-as.newplayjj.com:9443 https://hahita.com; object-src 'self' https://hahita.com; connect-src 'self' https://hahita.com; 1
default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; style-src * 'unsafe-inline'; form-action 'self'; 1
default-src 'self' data: blob: www.dordrecht.nl *.vimeo.com *.youtube.com *.google.com *.google-analytics.com www.googletagmanager.com *.siteimproveanalytics.io *.twimg.com fonts.gstatic.com *.drechtsteden.nl cdn.vanadcloud.com chatapi.eu3.quandago.app *.browsealoud.com speech-eu.speechstream.net drechtsteden.enl-mcs.nl *.arcgis.com *.arcgisonline.com geodata.rivm.nl chat.socialedienstdrechtsteden.nl api.eu3.quandago.app embed.email-provider.nl www.toegankelijkheidsverklaring.nl; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.dordrecht.nl www.google.com www.gstatic.com *.google-analytics.com www.googletagmanager.com siteimproveanalytics.com *.drechtsteden.nl cdn.vanadcloud.com *.browsealoud.com drechtsteden.enl-mcs.nl *.arcgis.com *.arcgisonline.com chat.socialedienstdrechtsteden.nl api.eu3.quandago.app embed.email-provider.nl blob:; style-src 'self' 'unsafe-inline' www.dordrecht.nl fonts.googleapis.com www.connexys.nl cdn.vanadcloud.com *.browsealoud.com drechtsteden.enl-mcs.nl *.arcgis.com *.arcgisonline.com chat.socialedienstdrechtsteden.nl embed.email-provider.nl;  1
connect-src 'self' https://forms.hubspot.com/ https://api.hubapi.com/ https://nrpc.olark.com/ https://connect.facebook.net/ https://vimeo.com/ https://www.googleadservices.com/ https://www.google.co.uk/ https://www.google-analytics.com https://googleadserices.com https://bat.bing.com/; 1
frame-ancestors 'self';block-all-mixed-content;script-src 'self' 'report-sample' 'unsafe-inline' 'unsafe-eval' https://*.doubleclick.net https://*.google.com https://*.googleadservices.com https://*.googlesyndication.com https://*.googletagservices.com https://adservice.google.co.il https://adservice.google.com https://bravo.israelinfo.co.il https://google-analytics.com https://partner.googleadservices.com https://pagead2.googlesyndication.com https://*.googletagmanager.com https://ssl.google-analytics.com https://tpc.googlesyndication.com https://www.google-analytics.com;style-src 'self' 'report-sample' 'unsafe-inline' *.google.com fonts.googleapis.com;object-src *.googlesyndication.com;child-src 'self' blob: *.googlesyndication.com *.google.com *.doubleclick.net;base-uri 'self';form-action 'self' *.google.com;worker-src 'self' blob: www.google.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://api.wafrn.net https://wafrncache.b-cdn.net https://media.wafrn.net; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://api.wafrn.net; img-src 'self' https://media.wafrn.net wafrncache.b-cdn.net; font-src 'self' https://wafrncache.b-cdn.net https://media.wafrn.net; object-src 'none'; frame-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content 1
frame-ancestors 'self' https://lp.bridgerpay.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://cathode.church; img-src 'self' data: blob: https://cathode.church https://deflector.cathode.church; style-src 'self' https://cathode.church 'nonce-hxDQ0fK+uSuLgU/guitfpg=='; media-src 'self' data: https://cathode.church https://deflector.cathode.church; frame-src 'self' https:; manifest-src 'self' https://cathode.church; form-action 'self'; child-src 'self' blob: https://cathode.church; worker-src 'self' blob: https://cathode.church; connect-src 'self' data: blob: https://cathode.church https://deflector.cathode.church wss://cathode.church; script-src 'self' https://cathode.church 'wasm-unsafe-eval' 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://autistics.life; img-src 'self' https: data: blob: https://autistics.life; style-src 'self' https://autistics.life 'nonce-O2C+QFaVRz1GCSqq9xBo4A=='; media-src 'self' https: data: https://autistics.life; frame-src 'self' https:; manifest-src 'self' https://autistics.life; form-action 'self'; child-src 'self' blob: https://autistics.life; worker-src 'self' blob: https://autistics.life; connect-src 'self' data: blob: https://autistics.life https://autistics.life wss://autistics.life; script-src 'self' https://autistics.life 'wasm-unsafe-eval' 1
frame-ancestors 'self' *.digidor.de *.homepagesysteme.de *.ehdev.team 1
frame-ancestors 'self' https://sneffr0.sharepoint.com; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://static.hotjar.com https://js.qualified.com https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://www.google.com https://tag.hushly.com https://script.hotjar.com https://www.gstatic.com https://cta-service-cms2.hubspot.com https://*.wistia.net https://js.hscta.net https://code.jquery.com https://js.hsforms.net https://hubfront.hushly.com https://js.hs-scripts.com https://fast.wistia.com https://js.hsadspixel.net https://js.hs-analytics.net https://js.hs-banner.com https://js.hscollectedforms.net https://js.hubspot.com https://js.chilipiper.com https://cdn.foxycart.com https://snap.licdn.com https://app.hushly.com https://track.gaconnector.com https://j.6sc.co https://ws-assets.zoominfo.com https://arbinger.foxycart.com https://js.zi-scripts.com www.googletagservices.com *.googlesyndication.com *.googleadservices.com googleads.g.doubleclick.net adservice.google.com adservice.google.ae adservice.google.al adservice.google.at adservice.google.be adservice.google.bg adservice.google.bs adservice.google.ca adservice.google.ch adservice.google.ci adservice.google.cl adservice.google.co.bw adservice.google.co.cr adservice.google.co.id adservice.google.co.il adservice.google.co.in adservice.google.co.jp adservice.google.co.ke adservice.google.co.kr adservice.google.co.mz adservice.google.co.nz adservice.google.co.th adservice.google.co.tz adservice.google.co.uk adservice.google.co.uz adservice.google.co.ve adservice.google.co.za adservice.google.co.zm adservice.google.co.zw adservice.google.com.ai adservice.google.com.ar adservice.google.com.au adservice.google.com.bd adservice.google.com.bh adservice.google.com.bn adservice.google.com.bo adservice.google.com.br adservice.google.com.co adservice.google.com.cy adservice.google.com.ec adservice.google.com.eg adservice.google.com.et adservice.google.com.fj adservice.google.com.gh adservice.google.com.gi adservice.google.com.gt adservice.google.com.hk adservice.google.com.jm adservice.google.com.kh adservice.google.com.kw adservice.google.com.lb adservice.google.com.mm adservice.google.com.mt adservice.google.com.mx adservice.google.com.my adservice.google.com.ng adservice.google.com.ni adservice.google.com.np adservice.google.com.om adservice.google.com.pa adservice.google.com.pe adservice.google.com.ph adservice.google.com.pk adservice.google.com.pr adservice.google.com.py adservice.google.com.qa adservice.google.com.sa adservice.google.com.sg adservice.google.com.sv adservice.google.com.tr adservice.google.com.tw adservice.google.com.ua adservice.google.com.uy adservice.google.com.vn adservice.google.cz adservice.google.de adservice.google.dk adservice.google.dz adservice.google.ee adservice.google.es adservice.google.fi adservice.google.fr adservice.google.ge adservice.google.gr adservice.google.gy adservice.google.hn adservice.google.hr adservice.google.hu adservice.google.ie adservice.google.im adservice.google.iq adservice.google.is adservice.google.it adservice.google.jo adservice.google.kz adservice.google.li adservice.google.lk adservice.google.lt adservice.google.lu adservice.google.lv adservice.google.md adservice.google.mk adservice.google.mu adservice.google.nl adservice.google.no adservice.google.pl adservice.google.pt adservice.google.ro adservice.google.rs adservice.google.ru adservice.google.se adservice.google.si adservice.google.sk adservice.google.so adservice.google.sr adservice.google.tl adservice.google.tn adservice.google.tt google-analytics.com www.google-analytics.com ssl.google-analytics.com stats.g.doubleclick.net ajax.googleapis.com www.googletagmanager.com googletagmanager.com tagmanager.google.com; style-src 'self' 'unsafe-inline' data: https://cdnjs.cloudflare.com https://*.hushly.com https://cdn3.devexpress.com https://hubfront.hushly.com https://use.fontawesome.com https://cdn.foxycart.com fonts.googleapis.com www.googletagmanager.com tagmanager.google.com; img-src 'self' data: https://static.hsappstatic.net https://images.typeform.com https://imgproxy.hushly.com https://www.google.hu https://googleads.g.doubleclick.net https://*.chilipiper.com https://23346030.fs1.hubspotusercontent-na1.net https://perf.hsforms.com https://cdn.foxycart.com https://www.paypalobjects.com https://hushly.s3.amazonaws.com https://forms.hsforms.com https://no-cache.hubspot.com https://static.hubspot.com https://cta-service-cms2.hubspot.com https://forms-na1.hsforms.com https://embed-ssl.wistia.com https://px.ads.linkedin.com https://perf-na1.hsforms.com https://fast.wistia.com https://b.6sc.co https://track.hubspot.com secure.gravatar.com www.gravatar.com *.googlesyndication.com stats.g.doubleclick.net data: blob: google-analytics.com www.google-analytics.com ssl.google-analytics.com www.google.com i.ytimg.com www.googletagmanager.com; connect-src 'self' https://c.6sc.co https://*.chilipiper.com wss://ws.qualified.com https://arbingerinstitute.com https://hub-api.hushly.com https://epsilon-globalaccelerator.6sense.com https://px.ads.linkedin.com https://metrics.hotjar.io https://vc.hotjar.io wss://ws.hotjar.com https://content.hotjar.io https://app.hushly.com https://cdn.linkedin.oribi.io https://forms.hsforms.com https://forms.hscollectedforms.net https://fast.wistia.com https://fast.wistia.net https://api.hubapi.com https://cta-service-cms2.hubspot.com https://region1.google-analytics.com https://track.gaconnector.com https://secure.adnxs.com https://ipv6.6sc.co https://embed-cloudfront.wistia.com https://epsilon.6sense.com https://pipedream.wistia.com https://distillery.wistia.com https://js.zi-scripts.com https://ws.zoominfo.com https://epsilon-cloudfront.6sense.com https://fg8vvsvnieiv3ej16jby.litix.io https://js.hs-banner.com *.hs-banner.com *.googlesyndication.com googleads.g.doubleclick.net stats.g.doubleclick.net www.google-analytics.com ampcid.google.com analytics.google.com about: www.googletagmanager.com; font-src 'self' data: https://cdnjs.cloudflare.com https://use.fontawesome.com https://*.hushly.com https://cdn3.devexpress.com https://fast.wistia.com https://js.hs-banner.com data: fonts.gstatic.com fonts.googleapis.com; frame-src 'self' *.google.com https://app.qualified.com *.googlesyndication.com https://td.doubleclick.net https://forms.hsforms.com https://*.wistia.net https://*.chilipiper.com googleads.g.doubleclick.net www.youtube.com www.googletagmanager.com https://23346030.hs-sites.com; child-src 'self' www.youtube.com www.googletagmanager.com; media-src 'self' data: blob: *; report-uri https://arbinger.com?gdsih-csp-report; 1
base-uri 'self'; default-src 'self' omni.eckoh.uk bat.bing.com dn.mediahawk.co.uk; script-src 'self' gstatic.com google.com google.co.uk www.google.co.uk google.recaptcha.net/* www.google.com/recaptcha/api.js cookiehub.net/c2/25caf4d9.js 'unsafe-eval' 'unsafe-inline' www.googletagmanager.com https://www.google.com/recaptcha https://www.gstatic.com/recaptcha/ snap.licdn.com www.dynamicnumbers.mediahawk.co.uk dynamicnumbers.mediahawk.co.uk dn.mediahawk.co.uk unpkg.com/web-vitals bat.bing.com j.6sc.co omni.eckoh.uk pi.pardot.com js.zi-scripts.com px.ads.linkedin.com ipv6.6sc.co www2.eckoh.com www.youtube.com cdn.jsdelivr.net *.cookiebot.com cookiebot.com googleads.g.doubleclick.net td.doubleclick.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com/ajax/libs/aos/2.3.4/aos.css omni.eckoh.uk; img-src 'self' data: www.gstatic.com b.6sc.co bat.bing.com www.google.co.uk google.co.uk www.google.com google.com px.ads.linkedin.com i.ytimg.com www.googletagmanager.com googletagmanager.com omni.eckoh.uk www.adservice.google.com adservice.google.com stats.g.doubleclick.net www.linkedin.com linkedin.com https://imgsct.cookiebot.com imgsct.cookiebot.com; connect-src 'self' google-analytics.com file: ipv6.6sc.co dn.mediahawk.co.uk px.ads.linkedin.com bat.bing.com omni.eckoh.uk *.analytics.google.com analytics.google.com *.google-analytics.com google-analytics.com c.6sc.co js.zi-scripts.com ws.zoominfo.com www.youtube.com play.google.com doubleclick.net www.google.co.uk google.co.uk www.google.com google.com www.googletagmanager.com googletagmanager.com adservice.google.com stats.g.doubleclick.net *.cookiebot.com googleads.g.doubleclick.net consentcdn.cookiebot.com; font-src 'self' fonts.gstatic.com data: fonts.googleapis.com omni.eckoh.uk; object-src 'self'; media-src 'self' data:; frame-src www.googletagmanager.com www.youtube.com youtube.com www.google.com omni.eckoh.uk https://consentcdn.cookiebot.com; frame-ancestors 'self'; 1
default-src 'self' ireland-guide.com *.ireland-guide.com;img-src * data:;script-src * 'unsafe-inline' 'unsafe-eval';frame-src 'self' *;media-src *; object-src *;style-src * 'unsafe-inline';style-src-elem * 'unsafe-inline';connect-src *;font-src * 1
default-src 'none'; frame-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https: 'self' https://secure.gravatar.com; object-src 'self'; connect-src 'self'; img-src 'self' https://secure.gravatar.com data:; font-src 'self' https://fonts.gstatic.com data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'self'; base-uri 'self'; form-action 'self'  1
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' pagead2.googlesyndication.com *.adform.net js.hs-analytics.net js.hubspot.com js.usemessages.com connect.facebook.net maps.googleapis.com www.gstatic.com www.google.com js.hsforms.net www.googleadservices.com cookie-cdn.cookiepro.com www.googleoptimize.com js.hs-scripts.com js.hsadspixel.net js.hsleadflows.net js.hs-banner.com js.hs-analytics.net static.ads-twitter.com beacon.krxd.net googleads.g.doubleclick.net www.google-analytics.com connect.facebook.net script.hotjar.com static.hotjar.com snap.licdn.com googleads.g.doubleclick.net www.googletagmanager.com cdn.krxd.net consumer.krxd.net bam.nr-data.net js-agent.newrelic.com fast.wistia.com fast.wistia.net beacon.krxd.net; style-src 'self' 'unsafe-inline' *.gstatic.com *.cookiepro.com *.google.com *.googleapis.com *.hotjar.com *.hs-scripts.com *.krxd.net *.wistia.net; img-src 'self' blob: data: *.googlesyndication.com *.adform.net *.google.com.sg *.google.at connect.facebook.net embedwistia-a.akamaihd.net *.googleapis.com *.google.ch *.google.es *.google.com.pe *.google.com.ua *.google.it *.google.co.jp *.google.ie *.google.com.ng *.google.iq *.google.be *.google.co.cr *.google.com.tr aa.agkn.com *.adsymptotic.com *.businesswire.com *.cloudfront.net *.cluep.com *.cookiepro.com *.doubleclick.net googleads.g.doubleclick.net embed-ssl.wistia.com *.facebook.com *.google.tn *.google.com.ph *.google.cz *.google.com.hk *.google.com.pk *.google.ca *.google.de *.google.gr *.google.com.au *.google.com.mx *.google.com.pr *.google.co.in *.google.co.uk *.google.com *.google.fr *.google.nl *.google.pt *.googletagmanager.com *.google-analytics.com *.gstatic.com *.hubspot.com *.hsforms.com *.krxd.net *.linkedin.com *.nr-data.net t.co *.twitter.com *.wistia.com *.wistia.net; media-src blob: *.akamaihd.net *.wistia.com; frame-src 'self' *.adform.net fast.wistia.net *.doubleclick.net *.facebook.com *.google.com *.googlesyndication.com *.googletagmanager.com *.hotjar.com *.hsforms.net *.hsforms.com *.krxd.net; frame-ancestors 'self'; child-src 'self' blob:; font-src 'self' data: fonts.gstatic.com *.wistia.com *.wistia.net; connect-src 'self' 'unsafe-inline' 'unsafe-eval' adservice.google.com *.googlesyndication.com px.ads.linkedin.com *.google.be *.adform.net *.google.nl *.google.de connect.facebook.net cdn.linkedin.oribi.io *.googleapis.com *.ads-twitter.com *.cookiepro.com *.doubleclick.net embedwistia-a.akamaihd.net *.facebook.com *.facebook.net connect.facebook.net *.google.com *.google-analytics.com *.googletagmanager.com *.hotjar.com  *.hotjar.io *.hsleadflows.net *.hsforms.com *.hubapi.com *.hubspot.com *.krxd.net *.litix.io *.nr-data.net *.onetrust.com *.twitter.com *.wistia.com wss://*.hotjar.com; report-uri /report-csp-violation; upgrade-insecure-requests 1
default-src 'self'; object-src 'none'; frame-src 'self' https://highradiuseu.thoughtspot.cloud/   https://radiusone.com/ blob: 'self' https://*.highradius.com/ data: https://app.pendo.io/ ; media-src 'self' blob: 'self' https://*.highradius.com/; connect-src  https://bam.nr-data.net/   'self' https://highradiuseu.thoughtspot.cloud/  wss://*.highradius.com/ https://*.highradius.com/ https://www.google-analytics.com/; img-src 'self' blob: https://*.highradius.com/  data: https://www.google-analytics.com https://data.pendo.io https://*.highradius.com/; script-src  'self' 'unsafe-eval' 'unsafe-inline' http://www.google-analytics.com https://*.highradius.com/; script-src-elem   https://js-agent.newrelic.com/  https://bam-cell.nr-data.net/ https://bam.nr-data.net/   'self' 'unsafe-inline' https://cdn.pendo.io/  https://data.pendo.io/ https://app.pendo.io/ https://www.google-analytics.com/ https://*.highradius.com/;style-src  'self' 'unsafe-inline' https://fonts.googleapis.com; font-src 'self' data: https://fonts.gstatic.com;worker-src 'self' https://*.highradius.com/ blob:; 1
frame-ancestors 'self' piwik.betaalvereniging.nl matomo.betaalvereniging.nl; 1
sandbox allow-scripts allow-same-origin allow-forms; img-src 'self' data: www.gstatic.com; frame-src www.google.com; object-src 'none'; base-uri 'none'; script-src www.google.com www.gstatic.com 'nonce-plK3BcYmP0exZiDG2oZAzuwKhBk='; style-src 'nonce-plK3BcYmP0exZiDG2oZAzuwKhBk=' 1
default-src 'self' ;  script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://www.google-analytics.com/ga.js https://matomo.rennes.eu/matomo.php https://matomo.rennes.eu/* https://matomo.rennes.eu/matomo.js https://rennesmetropole.matomo.cloud/matomo.php https://rennesmetropole.matomo.cloud/* https://rennesmetropole.matomo.cloud/matomo.js https://cdn.matomo.cloud/rennesmetropole.matomo.cloud/matomo.js https://framaforms.org/questionnaire-de-satisfaction-1560862412 https://leschampslibres.us15.list-manage.com/* https://osm.org/ https://openagenda.com/agendas/253926/ https://openagenda.com/agendas/13227241/ https://openagenda.com/agendas/60332170/ https://leschampslibres.us15.list-manage.com https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google.com https://*.soundcloud.com https://*.openstreetmap.fr https://wxs.ign.fr/ https://giphy.com https://www.youtube.com https://player.vimeo.com https://*.amazonaws.com https://www.calameo.com https://www.premierchapitre.fr https://www.facebook.com https://twitter.com https://*.twitter.com  https://www.openstreetmap.org https://*.instagram.com https://*.vine.co https://*.pscp.tv https://*.pinterest.com https://*.tumblr.com https://*.tripadvisor.com https://*.tripadvisor.fr https://*.slideshare.net;   frame-src 'self'  https://*.ausha.co https://*.calameo.com https://framaforms.org/ https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google.com https://*.soundcloud.com https://*.openstreetmap.fr https://giphy.com https://www.youtube.com https://player.vimeo.com https://*.amazonaws.com http://www.calameo.com https://www.premierchapitre.fr https://www.facebook.com https://twitter.com https://*.twitter.com  https://www.openstreetmap.org https://*.instagram.com https://*.vine.co https://*.pscp.tv https://*.pinterest.com https://*.tumblr.com https://*.tripadvisor.com https://*.tripadvisor.fr https://*.slideshare.net;   style-src 'self' 'unsafe-inline' https://cdn-images.mailchimp.com https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google.com https://*.soundcloud.com https://*.openstreetmap.fr https://giphy.com https://www.youtube.com https://player.vimeo.com https://*.amazonaws.com http://www.calameo.com https://www.premierchapitre.fr https://www.facebook.com https://twitter.com https://*.twitter.com  https://www.openstreetmap.org https://*.instagram.com https://*.vine.co https://*.pscp.tv https://*.pinterest.com https://*.tumblr.com https://*.tripadvisor.com https://*.tripadvisor.fr https://*.slideshare.net;   font-src 'self' https://fonts.gstatic.com https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google.com https://*.soundcloud.com https://*.openstreetmap.fr https://giphy.com https://www.youtube.com https://player.vimeo.com https://*.amazonaws.com http://www.calameo.com https://www.premierchapitre.fr https://www.facebook.com https://twitter.com https://*.twitter.com  https://www.openstreetmap.org https://*.instagram.com https://*.vine.co https://*.pscp.tv https://*.pinterest.com https://*.tumblr.com https://*.tripadvisor.com https://*.tripadvisor.fr https://*.slideshare.net;   child-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://*.google.com https://*.soundcloud.com https://*.openstreetmap.fr https://giphy.com https://www.youtube.com https://player.vimeo.com https://*.amazonaws.com http://www.calameo.com https://www.premierchapitre.fr https://www.facebook.com https://twitter.com https://*.twitter.com  https://www.openstreetmap.org https://*.instagram.com https://*.vine.co https://*.pscp.tv https://*.pinterest.com https://*.tumblr.com https://*.tripadvisor.com https://*.tripadvisor.fr https://*.slideshare.net;   img-src 'self' data:  https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google.com https://*.soundcloud.com https://*.openstreetmap.fr https://giphy.com https://www.youtube.com https://player.vimeo.com https://*.amazonaws.com http://www.calameo.com https://www.premierchapitre.fr https://www.facebook.com https://twitter.com https://*.twitter.com  https://www.openstreetmap.org https://*.instagram.com https://*.vine.co https://*.pscp.tv https://*.pinterest.com https://*.tumblr.com https://*.tripadvisor.com https://*.tripadvisor.fr https://*.slideshare.net;   connect-src 'self' https://rennesmetropole.matomo.cloud/matomo.php  https://matomo.rennes.eu/matomo.php https://*.googleapis.com https://www.google-analytics.com https://ssl.google-analytics.com https://*.google.com https://*.soundcloud.com https://*.openstreetmap.fr https://giphy.com https://www.youtube.com https://player.vimeo.com https://*.amazonaws.com http://www.calameo.com https://www.premierchapitre.fr https://openagenda.com/lcl-test https://www.facebook.com https://twitter.com https://*.twitter.com  https://www.openstreetmap.org 1
default-src 'self' http: https: data: blob: 'unsafe-inline' 'unsafe-eval';upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self'; 1
default-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com 1868565294.rsc.cdn77.org static.cloudflareinsights.com www.google.com www.gstatic.com fonts.gstatic.com fonts.googleapis.com ajax.googleapis.com fcm.googleapis.com accounts.google.com *.cdn77.org  *.nk-img.com  *.segpay.com  *.online-metrix.net *.vscdns.com *.vsmvideo.com www.tjk-njk.com *.orbsrv.com *.opoxv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.tf4srv.com *.aacdn.net *.adglare.net www.flirt4free.com www.ohmybutt.com www.secretpartners.com *.asf4f.us *.livejasmin.com *.jsmcrptjmp.com *.awemwh.com etahub.com ctrack.trafficjunky.net tracking.sexcash.com *.gtflixtv.com;img-src 'self' 'unsafe-inline' data: blob: *.xvideos.com *.xnxx.com *.red-cdn.com *.gold-cdn.com *.xvideos-cdn.com *.xnxx-cdn.com *.others-cdn.com *.cdn77.org www.google.com www.google-analytics.com ssl.gstatic.com *.nk-img.com *.camster.com data-cdn.pornbiz.com *.vscdns.com *.vsmvideo.com *.doubleclick.net *.google.fr *.google.com *.segpay.com *.online-metrix.net cdn.asf4f.us *.gtflixtv.com *.orbsrv.com *.exdynsrv.com *.afcdn.net *.aucdn.net *.justservingfiles.net *.tf4srv.com *.aacdn.net *.rtbsuperhub.com; report-uri https://www.porn.sc/csp-reports; report-to csp-endpoint 1
default-src 'none';style-src 'self' 'unsafe-inline';img-src 'self';frame-ancestors 'none';script-src 'none' 'strict-dynamic' 'sha256-afCUXKNRfwVC+2CHQaJMQg214RC4InQIr3+AL+aZqCg=' 'unsafe-inline';object-src 'none';base-uri 'none';require-trusted-types-for 'script'; 1
script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://maps.googleapis.com https://payments.google.com https://payments.sandbox.google.com https://clients2.google.com https://www.googleapis.com/appsmarket/v2/installedApps/;report-uri /_/ShoppingUi/cspreport/allowlist 1
frame-ancestors 'self'; object-src 'none'; base-uri 'self'; form-action 'self' https://syndication.twitter.com/ https://platform.twitter.com/ https://connect.facebook.net/; default-src * 'unsafe-inline' 'unsafe-eval' data: blob:; report-uri https://6fd0808b3c82be7fae4b5dba95198421.report-uri.com/r/d/csp/enforce 1
frame-ancestors 'self' *.contentstack.com; 1
frame-ancestors 'self'; report-uri https://ecmdi.report-uri.com/r/t/csp/enforce 1
default-src https: blob: data: 'unsafe-inline' 1
font-src fonts.gstatic.com use.typekit.net *.gstatic.com 'self' data: data: 'self' 'unsafe-inline'; form-action geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com *.cardinalcommerce.com *.paypal.com 3ds-secure.cardcomplete.com www.clicksafe.lloydstsb.com pay.activa-card.com *.wirecard.com acs.sia.eu *.touchtechpayments.com www.securesuite.co.uk rsa3dsauth.com *.monzo.com *.arcot.com *.wlp-acs.com * 'self' 'unsafe-inline'; frame-ancestors *.bolt.com 'self'; frame-src fast.amc.demdex.net *.adobe.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com *.bolt.com https://www.google.com/recaptcha/ www.googletagmanager.com https://www.googletagmanager.com/ *.google.com/ c.paypal.com checkout.paypal.com assets.braintreegateway.com pay.google.com *.cardinalcommerce.com *.paypal.com * *.addthis.com *.sharethis.com 'self' 'unsafe-inline'; img-src assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com p.typekit.net t.paypal.com www.paypal.com www.paypalobjects.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io *.ftcdn.net *.behance.net https://www.magezon.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ https://www.google.com/ store.paradoxlabs.com www.sandbox.paypal.com b.stats.paypal.com dub.stats.paypal.com assets.braintreegateway.com c.paypal.com checkout.paypal.com *.paypal.com 'self' data: *.google.com *.sharethis.com data: 'self' 'unsafe-inline'; script-src assets.adobedtm.com *.adobe.com geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com unpkg.com/@adobe/ cdn.jsdelivr.net/npm/@adobe/ commerce.adobedtm.com js.magento-datasolutions.com *.newrelic.com *.nr-data.net amcglobal.sc.omtrdc.net commerce.adobe.net use.typekit.net www.paypal.com www.sandbox.paypal.com www.paypalobjects.com t.paypal.com magento-recs-sdk.adobe.net s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com *.bolt.com *.commerce-quick-checkout.com http://localhost:8082 https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.magento-ds.com *.addthis.com js-agent.newrelic.com z.moatads.com v1.addthisedge.com bam.nr-data.net widgets.pinterest.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://www.googletagmanager.com/ https://www.googletagmanager.com/ *.google.com *.authorize.net js.braintreegateway.com assets.braintreegateway.com c.paypal.com pay.google.com api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.paypal.com songbirdstag.cardinalcommerce.com *.gstatic.com *.sharethis.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.adobe.com fonts.googleapis.com unpkg.com https://static.klaviyo.com unsafe-inline assets.braintreegateway.com *.googleapis.com *.gstatic.com 'self' 'unsafe-inline'; object-src 'self' 'unsafe-inline'; media-src *.adobe.com http://www.googleadservices.com/ http://www.google-analytics.com/ https://www.googleadservices.com/ https://www.google-analytics.com/ 'self' 'unsafe-inline'; manifest-src 'self' 'unsafe-inline'; connect-src dpm.demdex.net amcglobal.sc.omtrdc.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.snplow.net commerce.adobedc.net *.newrelic.com *.nr-data.net vimeo.com api.magento.com *.adobe.io performance.typekit.net www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com commerce.adobe.io commerce.adobe.net *.bolt.com qa-api.magedevteam.com *.sentry.io bam.nr-data.net *.addthis.com https://static.klaviyo.com https://static-forms.klaviyo.com https://fast.a.klaviyo.com https://static-tracking.klaviyo.com/ https://a.klaviyo.com/ https://telemetrics.klaviyo.com/ http://stats.g.doubleclick.net/ https://stats.g.doubleclick.net/ http://www.google-analytics.com/ https://www.google-analytics.com/ *.authorize.net api.braintreegateway.com api.sandbox.braintreegateway.com client-analytics.braintreegateway.com client-analytics.sandbox.braintreegateway.com *.braintree-api.com *.paypal.com *.cardinalcommerce.com *.google.com google.com t.elasticsuite.io *.google-analytics.com stats.g.doubleclick.net *.sharethis.com 'self' 'unsafe-inline'; child-src assets.braintreegateway.com c.paypal.com *.paypal.com http: https: blob: 'self' 'unsafe-inline'; default-src *.googleapis.com 'self' 'unsafe-inline' 'unsafe-eval'; base-uri 'self' 'unsafe-inline'; 1
frame-ancestors 'self' *.test.bauverlag.de *.bauverlag.de; 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.typeform.com *.wistia.com *.wpmudev.org https://wpmudev.com fonts.bunny.net *.algolianet.com *.algolia.net *.wd40.info *.bootstrapcdn.com *.googleapis.com *.gstatic.com *.googletagmanager.com *.google-analytics.com *.facebook.com *.facebook.net *.google.com *.google.co.uk *.doubleclick.net *.ampproject.org *.gravatar.com https://youtube.com/ https://youtu.be/ *.youtube.com *.youtube-nocookie.com *.ytimg.com *.instagram.com *.vimeo.com yoast.com *.wd40.co.uk *.wd40.fr *.wd40company.eu unpkg.com *.jquery.com *.jsdelivr.net *.amazon-adsystem.com *.media-amazon.com *.amazonaws.com *.wd40.com *.wtbidev.uk *.wd40.ro *.wd40.pl *.e2ma.net *.cloudfront.net *.wd40.no *.wd40.sk *.wd40.lat *.wd40.se *.wd40.cz *.cloudflare.com *.wd40.gr *.wd40.se *.wd40.de *.vimeocdn.com *.wistia.com where-to-buy.co 1
base-uri 'none'; connect-src 'self' https://www.google-analytics.com; default-src 'none'; frame-ancestors 'none'; frame-src https://www.google.com; font-src 'self' https://fonts.gstatic.com data:; form-action 'self'; img-src 'self' https://www.google-analytics.com data:; media-src 'self' data:; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com https://www.gstatic.com https://www.google.com https://www.google-analytics.com/analytics.js data:; style-src 'self' 'unsafe-inline' 1
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://openbiblio.social https://www.youtube.com 1
frame-ancestors 'self' https://*.norton.com https://*.nortonlifelock.com; 1
default-src https:; font-src https: data:; img-src https: data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; worker-src blob:; 1
default-src 'none'; connect-src ds.cookiehub.net consent.cookiehub.net cookiehub.net region-eu.cookiehub.net consent-eu.cookiehub.net cdn.cookiehub.eu *.team-w.ch *.laborteam.ch *.moin.ai wss://bot.moin.ai *.friendlycaptcha.com 'self' *.opsone-analytics.ch; font-src 'self' data: *.moin.ai; style-src 'self' 'unsafe-inline' *.moin.ai cookiehub.net static.cookiehub.com cdn.cookiehub.eu; frame-src bewerberltw.abacuscity.ch team-w.nytu.app 'self'; img-src 'self' data: *.openstreetmap.org *.moin.ai; media-src 'self' *.moin.ai; script-src 'self' 'unsafe-eval' 'unsafe-inline' cookiehub.net static.cookiehub.com cdn.cookiehub.eu *.moin.ai *.team-w.ch team-w.ch team-w.nytu.app *.opsone-analytics.ch; object-src 'self' data: 'unsafe-eval'; manifest-src 'self'; worker-src 'self' blob: 1
default-src 'self' https://*.wistia.com https://*.wistia.net;          child-src blob:;           script-src 'self' 'unsafe-inline' 'unsafe-eval' https://app-sj31.marketo.com/ https://www.juicer.io/ http://go.craneware.com https://*.wistia.com https://*.wistia.net https://src.litix.io https://cc.cdn.civiccomputing.com/ https://region1.google-analytics.com/ https://www.google-analytics.com/  https://tools.eurolandir.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://player.vimeo.com/api/player.js http://tools.euroland.com/tools/common/eurolandiframeautoheight/eurolandtoolsintegrationobject.js https://assets.calendly.com/ https://*.googletagmanager.com https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/;           media-src 'self' blob: data: https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net;           font-src 'self' data: https://fast.wistia.net/ https://static.juicer.io/fonts/ https://*.wistia.com https://fonts.googleapis.com/ https://fonts.gstatic.com/ ;           style-src 'self' 'unsafe-inline' blob: https://app-sj31.marketo.com/ https://www.juicer.io/ http://go.craneware.com https://fast.wistia.com https://fonts.googleapis.com/ https://assets.calendly.com/ https://tags.srv.stackadapt.com/;           connect-src 'self' https://fast.wistia.net/ https://craneware-prelive.emperordev.com/ https://www.thecranewaregroup.com/ https://*.litix.io https://*.wistia.com https://embedwistia-a.akamaihd.net https://clapi.civiccomputing.com/ https://apikeys.civiccomputing.com/ https://our.umbraco.com/  https://maps.googleapis.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat https://tags.srv.stackadapt.com https://srv.stackadapt.com https://east.srv.stackadapt.com https://uw.srv.stackadapt.com https://eu.srv.stackadapt.com https://qvdt3feo.com/;           frame-src 'self' data: https://twitter.com/ https://www.linkedin.com/ https://www.facebook.com/ https://td.doubleclick.net/ https://craneware.my.salesforce-sites.com/ https://craneware.secure.force.com/ https://www.juicer.io/ http://go.craneware.com https://fast.wistia.com https://fast.wistia.net https://craneware.wistia.com/ https://tools.eurolandir.com/ https://fast.wistia.net/ https://player.vimeo.com/ https://www.youtube.com/ https://www.google.com/ https://calendly.com/;          img-src 'self' data:  https://media.licdn.com/dms/ http://go.craneware.com https://*.wistia.com https://*.wistia.net https://embedwistia-a.akamaihd.net  https://dashboard.umbraco.org/ https://public.craneware.com/  https://assets.calendly.com/ https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;           worker-src 'self' blob:; frame-ancestors 'self' 1
default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jobylon.com ajax.aspnetcdn.com connect.facebook.net *.hotjar.com *.g.doubleclick.net s.yimg.com bat.bing.com snap.licdn.com www.youtube.com www.gstatic.com cdn.cookielaw.org dl.episerver.net hello.myfonts.net www.google.com www.google.se *.google-analytics.com ajax.googleapis.com *.googletagmanager.com *.outlook.com adtr.io cdn.feedbackify.com *.webserviceaward.com *.matomo.cloud  *.rekai.se s3.amazonaws.com code.jquery.com netdna.bootstrapcdn.com ledsf.my.site.com podbean.com *.feedbackify.com; connect-src 'self' *.facebook.com cnv.adt659.com *.onetrust.com bat.bing.com *.hotjar.io *.hotjar.com cdn.linkedin.oribi.io s.yimg.com cdn.cookielaw.org *.google-analytics.com googleads.g.doubleclick.net stats.g.doubleclick.net ledarnas.matomo.cloud  view.rekai.se predict.rekai.se ledsf.my.salesforce-scrt.com podbean.com px.ads.linkedin.com www.google.com;img-src 'self' www.ledarna.se *.ledarnaweb.kundtest.se ledarna.se *.facebook.com *.cloudfront.net *.ytimg.com *.vimeocdn.com bat.bing.com px.ads.linkedin.com sp.analytics.yahoo.com cdn.cookielaw.org *.google-analytics.com www.google.com www.google.se resources.mynewsdesk.com cdn.feedbackify.com www.w3.org/2000/svg data: podbean.com;style-src 'self' 'unsafe-inline' custom-joblist.s3.amazonaws.com netdna.bootstrapcdn.com ledsf.my.site.com;base-uri 'self';form-action 'self' ledarna.se *.facebook.com *.ledarna.se login.grandid.com; frame-ancestors 'self'; frame-src 'self' dreambroker.com *.soundcloud.com *.facebook.com embed.acast.com www.google.com www.youtube.com vars.hotjar.com player.vimeo.com ledsf.my.site.com podbean.com www.podbean.com 1
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; script-src 'self' https://cutie.city 'wasm-unsafe-eval'; font-src 'self' https://cutie.city; img-src 'self' data: blob: https://cutie.city https://media.cutie.city; style-src 'self' https://cutie.city 'nonce-Q5NPJCstlskTmMLyN0qixQ=='; media-src 'self' data: https://cutie.city https://media.cutie.city; frame-src 'self' https:; child-src 'self' blob: https://cutie.city; worker-src 'self' blob: https://cutie.city; connect-src 'self' blob: data: wss://cutie.city https://cutie.city https://media.cutie.city; manifest-src 'self' https://cutie.city; form-action 'self' 1
default-src 'self' https://*.paypal.com https://*.paypalobjects.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://www.youtube-nocookie.com https://www.xoom.com https://*.paypal-mktg.com https://*.qualtrics.com; script-src 'nonce-WVAUXaftak4+cfD1utr+9CfKMfN36BWR05Bvqa4Y3x6X4UiK' 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com https://pypd.paypal-mktg.com 'unsafe-inline'; connect-src 'self' https://nominatim.openstreetmap.org https://*.paypal.com https://*.paypalobjects.com https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com https://*.salesforce.com https://*.force.com https://nexus.ensighten.com https://api.paypal-retaillocator.com https://paypal.us-4.evergage.com https://*.qualtrics.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com https://assets-cdn.s-xoom.com data:; img-src 'self' https: data: https://www.google-analytics.com https://www.analytics.google.com https://region1.google-analytics.com https://region1.analytics.google.com; form-action 'self' https://*.paypal.com https://*.salesforce.com https://secure.opinionlab.com https://*.paypal-mktg.com https://*.paypal-corp.com https://signup.partnerize.com; base-uri 'self' https://*.paypal.com; object-src 'none'; frame-ancestors 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp 1
script-src 'strict-dynamic' https: 'self' 'nonce-2nr7ZLBV+wX+ksR5YY4qjSir5FhKYQV/HcQSAn0nnjM='; object-src 'none'; form-action 'self'; frame-ancestors 'none' 1
default-src 'self';font-src 'self' data: fonts.gstatic.com;img-src 'self' data: www.google-analytics.com *.g.doubleclick.net maps.gstatic.com maps.googleapis.com *.youtube.com cdn.cookielaw.org www.securitasmedia.com securitasmedia.com  www.googletagmanager.com  i.ytimg.com www.google.co.in https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;script-src www.youtube.com  az416426.vo.msecnd.net  'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org www.google-analytics.com maps.googleapis.com www.googletagmanager.com  dl.episerver.net www.youtube.com www.google.com www.gstatic.com static.hotjar.com script.hotjar.com https://*.googletagmanager.com;style-src 'self'  'unsafe-inline' fonts.googleapis.com dl.episerver.net;frame-src  www.youtube.com vars.hotjar.com www.youtube-nocookie.com;media-src 'self';connect-src 'self'  cdn.cookielaw.org dc.services.visualstudio.com www.google-analytics.com stats.g.doubleclick.net maps.googleapis.com in.hotjar.com wss://ws17.hotjar.com analytics.google.com region1.analytics.google.com analytics.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.com https://*.google.ad https://*.google.ae https://*.google.com.af https://*.google.com.ag https://*.google.com.ai https://*.google.al https://*.google.am https://*.google.co.ao https://*.google.com.ar https://*.google.as https://*.google.at https://*.google.com.au https://*.google.az https://*.google.ba https://*.google.com.bd https://*.google.be https://*.google.bf https://*.google.bg https://*.google.com.bh https://*.google.bi https://*.google.bj https://*.google.com.bn https://*.google.com.bo https://*.google.com.br https://*.google.bs https://*.google.bt https://*.google.co.bw https://*.google.by https://*.google.com.bz https://*.google.ca https://*.google.cd https://*.google.cf https://*.google.cg https://*.google.ch https://*.google.ci https://*.google.co.ck https://*.google.cl https://*.google.cm https://*.google.cn https://*.google.com.co https://*.google.co.cr https://*.google.com.cu https://*.google.cv https://*.google.com.cy https://*.google.cz https://*.google.de https://*.google.dj https://*.google.dk https://*.google.dm https://*.google.com.do https://*.google.dz https://*.google.com.ec https://*.google.ee https://*.google.com.eg https://*.google.es https://*.google.com.et https://*.google.fi https://*.google.com.fj https://*.google.fm https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.com.gt https://*.google.gy https://*.google.com.hk https://*.google.hn https://*.google.hr https://*.google.ht https://*.google.hu https://*.google.co.id https://*.google.ie https://*.google.co.il https://*.google.im https://*.google.co.in https://*.google.iq https://*.google.is https://*.google.it https://*.google.je https://*.google.com.jm https://*.google.jo https://*.google.co.jp https://*.google.co.ke https://*.google.com.kh https://*.google.ki https://*.google.kg https://*.google.co.kr https://*.google.com.kw https://*.google.kz https://*.google.la https://*.google.com.lb https://*.google.li https://*.google.lk https://*.google.co.ls https://*.google.lt https://*.google.lu https://*.google.lv https://*.google.com.ly https://*.google.co.ma https://*.google.md https://*.google.me https://*.google.mg https://*.google.mk https://*.google.ml https://*.google.com.mm https://*.google.mn https://*.google.ms https://*.google.com.mt https://*.google.mu https://*.google.mv https://*.google.mw https://*.google.com.mx https://*.google.com.my https://*.google.co.mz https://*.google.com.na https://*.google.com.ng https://*.google.com.ni https://*.google.ne https://*.google.nl https://*.google.no https://*.google.com.np https://*.google.nr https://*.google.nu https://*.google.co.nz https://*.google.com.om https://*.google.com.pa https://*.google.com.pe https://*.google.com.pg https://*.google.com.ph https://*.google.com.pk https://*.google.pl https://*.google.pn https://*.google.com.pr https://*.google.ps https://*.google.pt https://*.google.com.py https://*.google.com.qa https://*.google.ro https://*.google.ru https://*.google.rw https://*.google.com.sa https://*.google.com.sb https://*.google.sc https://*.google.se https://*.google.com.sg https://*.google.sh https://*.google.si https://*.google.sk https://*.google.com.sl https://*.google.sn https://*.google.so https://*.google.sm https://*.google.sr https://*.google.st https://*.google.com.sv https://*.google.td https://*.google.tg https://*.google.co.th https://*.google.com.tj https://*.google.tl https://*.google.tm https://*.google.tn https://*.google.to https://*.google.com.tr https://*.google.tt https://*.google.com.tw https://*.google.co.tz https://*.google.com.ua https://*.google.co.ug https://*.google.co.uk https://*.google.com.uy https://*.google.co.uz https://*.google.com.vc https://*.google.co.ve https://*.google.vg https://*.google.co.vi https://*.google.com.vn https://*.google.vu https://*.google.ws https://*.google.rs https://*.google.co.za https://*.google.co.zm https://*.google.co.zw https://*.google.cat;frame-ancestors 'none' 'self'; 1
frame-ancestors 'self' *.cms.snakeware.nl *.snakeware.nl *.snakeware.cloud *.snakeware.test *.snakeware.local 1
default-src 'self' blob: data: 'unsafe-inline' 'unsafe-eval' *.analytics.google.com *.doubleclick.net *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss *.facebook.net *.galenica.com *.google-analytics.com *.googleapis.com *.gstatic.com *.hs-scripts.com *.hs-sites.com *.hsforms.com *.hsforms.net *.hubspot.com *.licdn.com *.linkedin.com *.linkedin.oribi.io *.px.ads.linkedin.com *.solique.ch *.vimeo.com *.weblication.de *.youtube.com *.ytimg.com analytics.google.com api.hubapi.com bat.bing.com bt.fraud0.com charts3.equitystory.com forms-na1.hsforms.com hubspot-forms-static-embed.s3.amazonaws.com ir.tools.investis.com js.hs-analytics.net js.hs-banner.com js.hsadspixel.net js.hsleadflows.net static.hotjar.com vimeo.com weblics.de www.facebook.com www.google.ch www.google.com www.googletagmanager.com www.youtu.be www.youtube-nocookie.com www.youtube.com youtu.be; frame-ancestors 'self' *.e-alloga.ch *.e-galexis.com *.e-ufd.swiss; report-uri https://cms1.app.e-galexis.com/csp-report.php; 1
frame-ancestors 'none'; report-uri https://612d04a5404dc57901db4f2e.endpoint.csper.io 1
connect-src 'self' stats.g.doubleclick.net *.g.doubleclick.net *.google-analytics.com *.analytics.google.com *.googletagmanager.com *.google.com pagead2.googlesyndication.com connect.facebook.net www.facebook.com  www.buzzsprout.com audiostory.buzzsprout.com t.leady.com ct.leady.com px.ads.linkedin.com; default-src 'self' aricoma.com; font-src 'self' fonts.gstatic.com; frame-ancestors 'self' cms.aricoma.local; frame-src 'self' www.google.com www.gstatic.com td.doubleclick.net www.youtube-nocookie.com www.youtube.com; img-src 'self' aricoma.com www.gstatic.com fonts.gstatic.com  *.g.doubleclick.net *.google.com www.google.cz *.google-analytics.com *.googletagmanager.com googleads.g.doubleclick.net www.facebook.com px.ads.linkedin.com data:; media-src 'self' www.buzzsprout.com audio.buzzsprout.com; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' www.google.com www.google-analytics.com www.gstatic.com *.googletagmanager.com *.google-analytics.com www.googleadservices.com connect.facebook.net cms.aricoma.local ct.leady.com snap.licdn.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com www.googletagmanager.com;  1
frame-ancestors https://*.enjoy4fun.com https://*.beesads.com 1
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval' 1
frame-ancestors http://*.controlvm.com https://*.controlvm.com https://*.controlvm.com http://controlvm.com https://controlvm.com http://status.controlvm.com https://status.controlvm.com; font-src https: data:; img-src https: data:; 1
child-src 'self' https://www.googletagmanager.com https://*.liveperson.net https://cdn.appdynamics.com https://*.lpsnmedia.net https://www.facebook.com https://connect.facebook.net https://*.google.com https://widget.trustpilot.com https://*.doubleclick.net https://www.youtube.com https://static.criteo.net https://*.criteo.com https://wb.messengerpeople.com https://player.vimeo.com https://isitetv.com https://ln-rules.rewardstyle.com https://*.hotjar.com https://*.akamaihd.net https://*.attn.tv https://*.recaptcha.net https://*.translate.naver.net https://tr.snapchat.com https://www.shoplooks.com https://lantern.roeyecdn.com https://lantern.roeye.com blob: https://*.abtasty.com; connect-src 'self' https://*.thcdn.com https://*.ingest.sentry.io https://*.pingdom.net https://*.doubleclick.net https://*.google-analytics.com https://capture.trackjs.com https://fp.zenaps.com https://www.facebook.com https://*.google.com https://*.thehut.net https://privacyportal-eu.onetrust.com  https://geolocation.onetrust.com https://cdn.cookielaw.org wss://*.liveperson.net https://ct.pinterest.com https://services.postcodeanywhere.co.uk https://*.akamaihd.net https://*.sciencebehindecommerce.com https://*.googleapis.com https://translate.yandex.net https://*.hotjar.com wss://*.hotjar.com https://*.trustpilot.com https://*.pinterest.com https://*.bing.com https://*.doubleclick.net https://connect.facebook.net https://*.baidu.com https://*.parcellab.com https://ampcid.google.com.tw https://tr.snapchat.com https://privacyportal-eu.onetrust.com https://*.contentsquare.net https://*.criteo.com https://*.abtasty.com https://sgtm.lookfantastic.com.tw; font-src 'self' data: https://*.thcdn.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://fonts.gstatic.com https://fonts.googleapis.com https://static.thgcdn.cn blob: data: https://*.abtasty.com https://*.gstatic.com https://*.googleapis.com; form-action 'self' https://www.facebook.com https://www.lookfantastic.com.tw https://m.lookfantastic.com.tw https://checkout.lookfantastic.com.tw https://connect.facebook.net https://www.glossybox.at https://www.glossybox.ch https://www.glossybox.co.uk https://www.glossybox.com https://www.glossybox.de https://www.glossybox.fi https://www.glossybox.fr https://www.glossybox.ie https://www.glossybox.no https://www.glossybox.se https://www.glossybox.dk https://tr.snapchat.com; img-src 'self' data: https://*.thcdn.com https://col.eum-appdynamics.com https://usage.trackjs.com https://*.lpsnmedia.net https://*.doubleclick.net https://www.google-analytics.com https://*.google.com https://cx.atdmt.com https://www.zenaps.com https: blob:; media-src 'self' https://*.thcdn.com https://*.lpsnmedia.net https://static.thgcdn.cn; object-src 'self' https://*.thcdn.com https://www.youtube.com; report-uri https://csp.thehut.net/cspReport.txt; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: https://*.thcdn.com https://*.thehut.net https://rum-static.pingdom.net https://*.liveperson.net https://*.lpsnmedia.net https://*.doubleclick.net https://static.cdn-apple.com https://*.liveperson.com https://geolocation.onetrust.com https://cdn.cookielaw.org https://cdn.parcellab.com https://google.com https://www.googletagmanager.com https://cdnjs.cloudflare.com https://fp.zenaps.com https://www.youtube.com https://www.google-analytics.com https://*.google.com https://connect.facebook.net https://bat.bing.com https://widget.trustpilot.com https://s.ytimg.com https://www.googletagservices.com https://*.googleapis.com https://www.facebook.com https://www.googleadservices.com https://*.gstatic.com https://*.gstatic.cn https://www.dwin1.com https://cdn.trackjs.com https://seal.digicert.com https://static.criteo.net https://*.criteo.com https://ln-rules.rewardstyle.com https://*.recaptcha.net https://*.microsofttranslator.com https://*.hotjar.com https://*.sciencebehindecommerce.com https://*.akamaihd.net https://*.attn.tv https://*.trustpilot.com https://*.translate.naver.net https://*.bing.com https://*.doubleclick.net https://*.google-analytics.com https://static.ads-twitter.com https://*.baidu.com https://sc-static.net https://*.google.co.uk https://google.co.uk https://*.shoplooks.com https://slooks.top https://slooks.me https://static.thgcdn.cn https://*.googlesyndication.com https://geolocation.onetrust.com https://*.contentsquare.net https://app.contentsquare.com blob: https://*.abtasty.com https://sgtm.lookfantastic.com.tw; style-src 'self' 'unsafe-inline' https://*.thcdn.com https://*.google.com https://*.googleapis.com https://fp.zenaps.com https://cdnjs.cloudflare.com https://www.googletagmanager.com https://*.googleapis.com https://*.translate.naver.net https://*.microsofttranslator.com https://www.shoplooks.com https://static.shoplooks.com https://cdn.parcellab.com https://static.thgcdn.cn https://*.abtasty.com https://*.gstatic.com; upgrade-insecure-requests; report-to report-endpoint 1
default-src 'self'; manifest-src *; connect-src *; img-src * data: blob:; script-src 'self' 'nonce-ff9a5e0957988560401a7c1e2a8388ba'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src * data: 1
frame-ancestors 'self' *.atrevia.com 1
frame-ancestors *.magnet-shop.net *.magnet-shop.com *.calamite.org *.aimant-boutique.fr *.tienda-de-iman.es; report-uri https://o541344.ingest.sentry.io/api/5826772/security/?sentry_key=985f0132e4384c6da0a0c708b0f4b8fa 1
default-src: 'self'; script-src: https://apis.google.com; 1